From 406f3aae9c981f96f64762343440912e2682c4a3 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Tue, 5 Apr 2022 22:49:43 +0200
Subject: [PATCH 0001/2268] feat: add sha256 check sums

---
 .github/workflows/build-and-release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index b97ccaa55..a316d08ac 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -89,6 +89,7 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl kluctl-linux-amd64
+          sha256sum -z kluctl-linux-amd64 > kluctl-linux-amd64.sha256
           mv e2e.test e2e.test-linux-amd64
       - name: Build kluctl (darwin)
         run: |
@@ -98,6 +99,7 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl kluctl-darwin-amd64
+          sha256sum -z kluctl-darwin-amd64 > kluctl-darwin-amd64.sha256
           mv e2e.test e2e.test-darwin-amd64
       - name: Build kluctl (windows)
         run: |
@@ -107,6 +109,7 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
+          sha256sum -z kluctl-windows-amd64.exe > kluctl-windows-amd64.exe.sha256
           mv e2e.test.exe e2e.test-windows-amd64.exe
       - name: Upload dist artifact
         uses: actions/upload-artifact@v2
@@ -328,3 +331,4 @@ jobs:
             dist/kluctl-linux-*
             dist/kluctl-darwin-*
             dist/kluctl-windows-*
+            dist/*.sha256

From 7d7d206d007589040949fcd862c821fa1dc51fc7 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Tue, 5 Apr 2022 23:24:37 +0200
Subject: [PATCH 0002/2268] fix: add upload-artifact

---
 .github/workflows/build-and-release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index a316d08ac..5d44fe6d7 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -117,8 +117,11 @@ jobs:
           name: dist
           path: |
             kluctl-linux-amd64
+            kluctl-linux-amd64.sha256
             kluctl-darwin-amd64
+            kluctl-darwin-amd64.sha256
             kluctl-windows-amd64.exe
+            kluctl-windows-amd64.exe.sha256
             e2e.test-linux-amd64
             e2e.test-darwin-amd64
             e2e.test-windows-amd64.exe

From aeaa324bb86797e809e1e7111bb6fddbb34eba80 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Thu, 7 Apr 2022 08:09:37 +0200
Subject: [PATCH 0003/2268] feat: modify to have only one checksum.txt

---
 .github/workflows/build-and-release.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 5d44fe6d7..5e6c0024d 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -89,7 +89,6 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl kluctl-linux-amd64
-          sha256sum -z kluctl-linux-amd64 > kluctl-linux-amd64.sha256
           mv e2e.test e2e.test-linux-amd64
       - name: Build kluctl (darwin)
         run: |
@@ -99,7 +98,6 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl kluctl-darwin-amd64
-          sha256sum -z kluctl-darwin-amd64 > kluctl-darwin-amd64.sha256
           mv e2e.test e2e.test-darwin-amd64
       - name: Build kluctl (windows)
         run: |
@@ -109,22 +107,23 @@ jobs:
           go build ./cmd/kluctl
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
-          sha256sum -z kluctl-windows-amd64.exe > kluctl-windows-amd64.exe.sha256
           mv e2e.test.exe e2e.test-windows-amd64.exe
       - name: Upload dist artifact
         uses: actions/upload-artifact@v2
+        run: |
+          sha256sum kluctl-linux-amd64 > checksums.txt
+          sha256sum kluctl-darwin-amd64 >> checksums.txt
+          sha256sum kluctl-windows-amd64.exe >> checksums.txt
         with:
           name: dist
           path: |
             kluctl-linux-amd64
-            kluctl-linux-amd64.sha256
             kluctl-darwin-amd64
-            kluctl-darwin-amd64.sha256
             kluctl-windows-amd64.exe
-            kluctl-windows-amd64.exe.sha256
             e2e.test-linux-amd64
             e2e.test-darwin-amd64
             e2e.test-windows-amd64.exe
+            checksums.txt
 
   docker-host:
     if: "!startsWith(github.ref, 'refs/tags/')"
@@ -334,4 +333,4 @@ jobs:
             dist/kluctl-linux-*
             dist/kluctl-darwin-*
             dist/kluctl-windows-*
-            dist/*.sha256
+            dist/checksums.txt
\ No newline at end of file

From d0bb15bd017398e422f2657cace6994846bbbdc0 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mgebbe@hellmann.com>
Date: Thu, 7 Apr 2022 08:55:50 +0200
Subject: [PATCH 0004/2268] fix: run and uses not allowed, missing line break

---
 .github/workflows/build-and-release.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 5e6c0024d..63afba934 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -108,12 +108,13 @@ jobs:
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
           mv e2e.test.exe e2e.test-windows-amd64.exe
-      - name: Upload dist artifact
-        uses: actions/upload-artifact@v2
+      - name: Build checksums.txt
         run: |
           sha256sum kluctl-linux-amd64 > checksums.txt
           sha256sum kluctl-darwin-amd64 >> checksums.txt
           sha256sum kluctl-windows-amd64.exe >> checksums.txt
+      - name: Upload dist artifact
+        uses: actions/upload-artifact@v2
         with:
           name: dist
           path: |
@@ -333,4 +334,5 @@ jobs:
             dist/kluctl-linux-*
             dist/kluctl-darwin-*
             dist/kluctl-windows-*
-            dist/checksums.txt
\ No newline at end of file
+            dist/checksums.txt
+

From 31933fb14efc4ff2fc26d5eaf3f34d0be927398d Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mgebbe@hellmann.com>
Date: Thu, 7 Apr 2022 09:02:50 +0200
Subject: [PATCH 0005/2268] fix: try to build checksums in the release job

---
 .github/workflows/build-and-release.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 63afba934..795a2a1b7 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -108,11 +108,6 @@ jobs:
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
           mv e2e.test.exe e2e.test-windows-amd64.exe
-      - name: Build checksums.txt
-        run: |
-          sha256sum kluctl-linux-amd64 > checksums.txt
-          sha256sum kluctl-darwin-amd64 >> checksums.txt
-          sha256sum kluctl-windows-amd64.exe >> checksums.txt
       - name: Upload dist artifact
         uses: actions/upload-artifact@v2
         with:
@@ -124,7 +119,6 @@ jobs:
             e2e.test-linux-amd64
             e2e.test-darwin-amd64
             e2e.test-windows-amd64.exe
-            checksums.txt
 
   docker-host:
     if: "!startsWith(github.ref, 'refs/tags/')"
@@ -325,6 +319,11 @@ jobs:
         uses: actions/checkout@v2
       - name: Download artifacts
         uses: actions/download-artifact@v2
+      - name: Build checksums.txt
+        run: |
+          sha256sum kluctl-linux-amd64 > checksums.txt
+          sha256sum kluctl-darwin-amd64 >> checksums.txt
+          sha256sum kluctl-windows-amd64.exe >> checksums.txt
       - name: Release
         uses: softprops/action-gh-release@v1
         with:
@@ -334,5 +333,5 @@ jobs:
             dist/kluctl-linux-*
             dist/kluctl-darwin-*
             dist/kluctl-windows-*
-            dist/checksums.txt
+            checksums.txt
 

From 1021c0745f37e1af975419b5d72107bc21fdf53d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Fri, 15 Apr 2022 16:01:56 +0200
Subject: [PATCH 0006/2268] build: add Makefile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 Makefile | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 113 insertions(+)
 create mode 100644 Makefile

diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000..7444c30f0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,113 @@
+# Based on the work of Thomas Poignant (thomaspoignant)
+# https://gist.github.com/thomaspoignant/5b72d579bd5f311904d973652180c705
+GOCMD=go
+GOTEST=$(GOCMD) test
+GOVET=$(GOCMD) vet
+BINARY_NAME=kluctl
+TEST_BINARY_NAME=kluctl-e2e
+REQUIRED_ENV_VARS=GOOS GOARCH
+EXPORT_RESULT?=false
+
+GREEN  := $(shell tput -Txterm setaf 2)
+YELLOW := $(shell tput -Txterm setaf 3)
+WHITE  := $(shell tput -Txterm setaf 7)
+CYAN   := $(shell tput -Txterm setaf 6)
+RESET  := $(shell tput -Txterm sgr0)
+
+.PHONY: all test build vendor check-env check-kubectl check-helm check-kind
+
+all: help
+
+## Check:
+check-env: ## Checks if required environment variables are set
+	 @test $${GOOS?Please set environment variable GOOS}
+	 @test $${GOARCH?Please set environment variable GOARCH}
+
+check-kubectl: ## Checks if kubectl is installed
+	kubectl version --client=true
+
+check-helm: ## Checks if helm is installed
+	helm version
+
+check-kind: ## Checks if kind is installed
+	kind version
+
+## Build:
+build: vendor python generate build-go ## Run the complete build pipeline
+
+build-go: check-env ## Build your project and put the output binary in out/bin/
+	mkdir -p out/bin
+	CGO_ENBALED=0 GO111MODULE=on GOARCH=$(GOARCH) GOOS=$(GOOS) $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME) ./cmd/kluctl
+
+clean: ## Remove build related file
+	rm -fr ./bin
+	rm -fr ./out
+	rm -f ./junit-report.xml checkstyle-report.xml ./coverage.xml ./profile.cov yamllint-checkstyle.xml
+
+vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
+	$(GOCMD) mod vendor
+
+python: check-env ## Download python for Jinja2 support
+	./hack/download-python.sh $(GOARCH)
+
+generate: ## Generating Jinja2 support
+	$(GOCMD) generate ./...
+	$(GOCMD) generate -tags $(GOOS) ./pkg/python
+
+## Test:
+test: test-unit test-e2e ## Runs the complete test suite
+
+test-e2e: check-env check-kubectl check-helm check-kind ## Runs the end to end tests
+	CGO_ENBALED=0 GO111MODULE=on GOARCH=$(GOARCH) GOOS=$(GOOS) $(GOCMD) test -o out/bin/$(TEST_BINARY_NAME) ./e2e
+
+test-unit: ## Run the unit tests of the project
+ifeq ($(EXPORT_RESULT), true)
+	mkdir -p reports/test-unit
+	GO111MODULE=off $(GOCMD) get -u github.com/jstemmer/go-junit-report
+	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > reports/test-unit/junit-report.xml)
+endif
+	$(GOTEST) -v -race $(shell go list ./... | grep -v /e2e/ | grep -v /vendor/) $(OUTPUT_OPTIONS)
+
+coverage-unit: ## Run the unit tests of the project and export the coverage
+	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/ | grep -v /vendor/)
+	$(GOCMD) tool cover -func profile.cov
+ifeq ($(EXPORT_RESULT), true)
+	mkdir -p reports/coverage-unit
+	GO111MODULE=off $(GOCMD) get -u github.com/AlekSi/gocov-xml
+	GO111MODULE=off $(GOCMD) get -u github.com/axw/gocov/gocov
+	gocov convert  reports/coverage-unit/profile.cov | gocov-xml > reports/coverage-unit/coverage.xml
+endif
+
+## Lint:
+lint: lint-go ## Run all available linters
+
+lint-go: ## Use golintci-lint on your project
+ifeq ($(EXPORT_RESULT), true)
+	mkdir -p reports/lint-go
+	$(eval OUTPUT_OPTIONS = $(shell echo "--out-format checkstyle ./... | tee /dev/tty > reports/lint-go/checkstyle-report.xml" ))
+else
+	$(eval OUTPUT_OPTIONS = $(shell echo ""))
+endif
+	docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:latest-alpine golangci-lint run $(OUTPUT_OPTIONS)
+
+
+## Release:
+version: ## Write next version into version file
+	$(GOCMD) install github.com/bvieira/sv4git/v2/cmd/git-sv@v2.7.0
+	$(eval KLUCTL_VERSION:=$(shell git sv next-version))
+	sed -ibak "s/0.0.0/$(KLUCTL_VERSION)/g" pkg/version/version.go
+
+changelog: ## Generating changelog
+	git sv changelog -n 1 > CHANGELOG.md
+
+## Help:
+help: ## Show this help.
+	@echo ''
+	@echo 'Usage:'
+	@echo '  ${YELLOW}make${RESET} ${GREEN}<target>${RESET}'
+	@echo ''
+	@echo 'Targets:'
+	@awk 'BEGIN {FS = ":.*?## "} { \
+		if (/^[0-9a-zA-Z_-]+:.*?##.*$$/) {printf "    ${YELLOW}%-20s${GREEN}%s${RESET}\n", $$1, $$2} \
+		else if (/^## .*$$/) {printf "  ${CYAN}%s${RESET}\n", substr($$1,4)} \
+		}' $(MAKEFILE_LIST)
\ No newline at end of file

From 004098af65d97302537e44c3d5b58cf49f5a5388 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Fri, 15 Apr 2022 16:08:27 +0200
Subject: [PATCH 0007/2268] build: add configuration for golangci
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 .golangci.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .golangci.yml

diff --git a/.golangci.yml b/.golangci.yml
new file mode 100644
index 000000000..990178f1b
--- /dev/null
+++ b/.golangci.yml
@@ -0,0 +1,26 @@
+run:
+  concurrency: 4
+  timeout: 5m
+  issues-exit-code: 2
+output:
+  format: "colored-line-number"
+linters:
+  disable-all: true
+  enable:
+    - deadcode
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - structcheck
+    - typecheck
+    - unused
+    - varcheck
+    - goconst
+    - gofmt
+    - goheader
+    - goimports
+    - gomnd
+    - gosec
+    - wsl
\ No newline at end of file

From cf386fa5a1a70c96bcb767e43a9682528c4b7041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Fri, 15 Apr 2022 16:08:52 +0200
Subject: [PATCH 0008/2268] chore: add /out and /reports to gitignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 .gitignore | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 1c81eae77..ac7a47bd5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,6 @@
 /download-python
 /kluctl
 /kluctl.exe
-/e2e.test*
\ No newline at end of file
+/e2e.test*
+/out
+/reports
\ No newline at end of file

From ef2c32ed56818f50d674208e3c45137f4d4e7640 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Fri, 15 Apr 2022 16:16:50 +0200
Subject: [PATCH 0009/2268] build: add reports and download-python to clean
 target
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 7444c30f0..6be0074e8 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,8 @@ build-go: check-env ## Build your project and put the output binary in out/bin/
 clean: ## Remove build related file
 	rm -fr ./bin
 	rm -fr ./out
-	rm -f ./junit-report.xml checkstyle-report.xml ./coverage.xml ./profile.cov yamllint-checkstyle.xml
+	rm -fr ./reports
+	rm -fr ./download-python
 
 vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
 	$(GOCMD) mod vendor

From ec2f521bd2c71b4c277bd2fc0c8e38bfebeedbd0 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 16 Apr 2022 02:48:02 +0800
Subject: [PATCH 0010/2268] fix README typo

"CI/CI" should be "CI/CD"
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e76e01268..8a798176c 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Use kluctl to:
 * Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration
 * Manage multiple target clusters (in multiple clouds or bare-metal if you want)
 * Manage encrypted secrets for multiple target environments and clusters (based on [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets))
-* Integrate it into your CI/CI pipelines and avoid putting too much logic into your shell scripts
+* Integrate it into your CI/CD pipelines and avoid putting too much logic into your shell scripts
 
 kluctl tries to be as flexible as possible, while keeping it as simple as possible. It reuses established
 tools (e.g. kustomize and Helm), making it possible to re-use a large set of available third-party deployments.

From 1f08f7c96835756935898aefecd6ca3e5adcf249 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 16 Apr 2022 02:56:58 +0800
Subject: [PATCH 0011/2268] improve README

I feel like having the info about tools compatibility and no cluster-side components should be placed above the list of features, especially given the length of the features list.
---
 README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 8a798176c..627ac52d1 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,13 @@ kluctl is the missing glue that puts together your (and any third-party) deploym
 Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
 line interface.
 
+kluctl tries to be as flexible as possible, while remaining as simple as possible. It reuses established
+tools (e.g. kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
+
+kluctl works completely locally, on the same machines that `kubectl` runs on. kluctl does not rely on any operators or other cluster-side components.
+As long as the target cluster's kubeconfig is present locally, you are able to execute it from everywhere, including your
+CI/CD pipelines or your laptop.
+
 Use kluctl to:
 * Organize large and complex deployments, consisting of many Helm charts and kustomize deployments
 * Do the same for small and simple deployments, as the overhead is small
@@ -17,13 +24,6 @@ Use kluctl to:
 * Manage encrypted secrets for multiple target environments and clusters (based on [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets))
 * Integrate it into your CI/CD pipelines and avoid putting too much logic into your shell scripts
 
-kluctl tries to be as flexible as possible, while keeping it as simple as possible. It reuses established
-tools (e.g. kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
-
-kluctl works completely local. In its simplest form, there is no need for any operators or other server-side components.
-As long as the target cluster kubeconfig is present locally, you are able to execute it from everywhere, including your
-CI/CD pipelines or your laptop.
-
 ![](https://kluctl.io/asciinema/kluctl.gif)
 
 ## Documentation

From d26eb9651259ae84a67fb621e187bfe3662116d5 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Sun, 17 Apr 2022 13:25:17 +0200
Subject: [PATCH 0012/2268] fix: add missing change dir

---
 .github/workflows/build-and-release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 795a2a1b7..41790a262 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -321,6 +321,7 @@ jobs:
         uses: actions/download-artifact@v2
       - name: Build checksums.txt
         run: |
+          cd dist
           sha256sum kluctl-linux-amd64 > checksums.txt
           sha256sum kluctl-darwin-amd64 >> checksums.txt
           sha256sum kluctl-windows-amd64.exe >> checksums.txt
@@ -333,5 +334,4 @@ jobs:
             dist/kluctl-linux-*
             dist/kluctl-darwin-*
             dist/kluctl-windows-*
-            checksums.txt
-
+            dist/checksums.txt

From 140579f3cbe91c8de3c51ddefcb03fdfe7d66d39 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 19 Apr 2022 15:04:38 +0200
Subject: [PATCH 0013/2268] refactor: Modify LoadKluctlProject to not be
 callback based anymore

---
 cmd/kluctl/commands/utils.go  | 16 +++++++++++--
 pkg/kluctl_project/load.go    | 45 +++++++++++++++--------------------
 pkg/kluctl_project/project.go |  6 ++---
 3 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0be2ed76d..0db35e851 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/pkg/k8s"
 	"github.com/kluctl/kluctl/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/pkg/utils"
 	"github.com/kluctl/kluctl/pkg/utils/uo"
 	"io/ioutil"
 	"os"
@@ -24,6 +25,13 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 			return err
 		}
 	}
+
+	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "project-")
+	if err != nil {
+		return fmt.Errorf("creating temporary project directory failed: %w", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
 	j2, err := jinja2.NewJinja2()
 	if err != nil {
 		return err
@@ -39,9 +47,13 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		LocalSealedSecrets:  projectFlags.LocalSealedSecrets,
 		FromArchive:         projectFlags.FromArchive,
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata,
-		J2:                  j2,
 	}
-	return kluctl_project.LoadKluctlProject(loadArgs, cb)
+
+	p, err := kluctl_project.LoadKluctlProject(loadArgs, tmpDir, j2)
+	if err != nil {
+		return err
+	}
+	return cb(p)
 }
 
 type projectTargetCommandArgs struct {
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index eb187b3ad..238932081 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -5,6 +5,7 @@ import (
 	"compress/gzip"
 	"fmt"
 	"github.com/kluctl/kluctl/pkg/git"
+	"github.com/kluctl/kluctl/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/pkg/types"
 	"github.com/kluctl/kluctl/pkg/utils"
 	"github.com/kluctl/kluctl/pkg/yaml"
@@ -158,41 +159,35 @@ func (c *KluctlProjectContext) load(allowGit bool) error {
 	return nil
 }
 
-func LoadKluctlProject(args LoadKluctlProjectArgs, cb func(ctx *KluctlProjectContext) error) error {
-	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "project-")
-	if err != nil {
-		return fmt.Errorf("creating temporary project directory failed: %w", err)
-	}
-	defer os.RemoveAll(tmpDir)
-
+func LoadKluctlProject(args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
 	if args.FromArchive != "" {
 		if args.ProjectUrl != nil || args.ProjectRef != "" || args.ProjectConfig != "" || args.LocalClusters != "" || args.LocalDeployment != "" || args.LocalSealedSecrets != "" {
-			return fmt.Errorf("--from-archive can not be combined with any other project related option")
+			return nil, fmt.Errorf("--from-archive can not be combined with any other project related option")
 		}
-		project, err := loadKluctlProjectFromArchive(args, tmpDir)
+		project, err := loadKluctlProjectFromArchive(args, tmpDir, j2)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		err = project.load(false)
 		if err != nil {
-			return err
+			return nil, err
 		}
-		return cb(project)
+		return project, nil
 	} else {
-		p := NewKluctlProjectContext(args, tmpDir)
-		err = p.load(true)
+		p := NewKluctlProjectContext(args, tmpDir, j2)
+		err := p.load(true)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		err = p.loadTargets()
 		if err != nil {
-			return err
+			return nil, err
 		}
-		return cb(p)
+		return p, nil
 	}
 }
 
-func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string) (*KluctlProjectContext, error) {
+func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
 	var dir string
 	if utils.IsFile(args.FromArchive) {
 		err := utils.ExtractTarGzFile(args.FromArchive, tmpDir)
@@ -217,14 +212,12 @@ func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string) (*K
 		return nil, err
 	}
 
-	p := NewKluctlProjectContext(
-		LoadKluctlProjectArgs{
-			ProjectConfig:      yaml.FixPathExt(filepath.Join(dir, ".kluctl.yml")),
-			LocalClusters:      filepath.Join(dir, "clusters"),
-			LocalDeployment:    filepath.Join(dir, "deployment"),
-			LocalSealedSecrets: filepath.Join(dir, "sealed-secrets"),
-			J2:                 args.J2,
-		}, dir)
+	p := NewKluctlProjectContext(LoadKluctlProjectArgs{
+		ProjectConfig:      yaml.FixPathExt(filepath.Join(dir, ".kluctl.yml")),
+		LocalClusters:      filepath.Join(dir, "clusters"),
+		LocalDeployment:    filepath.Join(dir, "deployment"),
+		LocalSealedSecrets: filepath.Join(dir, "sealed-secrets"),
+	}, dir, j2)
 	p.involvedRepos = metadata.InvolvedRepos
 	p.DynamicTargets = metadata.Targets
 	return p, nil
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0a73a2ece..8f44afee7 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -19,8 +19,6 @@ type LoadKluctlProjectArgs struct {
 	LocalSealedSecrets  string
 	FromArchive         string
 	FromArchiveMetadata string
-
-	J2 *jinja2.Jinja2
 }
 
 type KluctlProjectContext struct {
@@ -43,14 +41,14 @@ type KluctlProjectContext struct {
 	J2 *jinja2.Jinja2
 }
 
-func NewKluctlProjectContext(loadArgs LoadKluctlProjectArgs, tmpDir string) *KluctlProjectContext {
+func NewKluctlProjectContext(loadArgs LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) *KluctlProjectContext {
 	o := &KluctlProjectContext{
 		loadArgs:         loadArgs,
 		TmpDir:           tmpDir,
 		gitAuthProviders: auth2.NewDefaultAuthProviders(),
 		involvedRepos:    make(map[string][]types.InvolvedRepo),
 		mirroredRepos:    make(map[string]*git.MirroredGitRepo),
-		J2:               loadArgs.J2,
+		J2:               j2,
 	}
 	return o
 }

From a792dfbb27c60931f10568d5b530aed6186c684a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 19 Apr 2022 15:57:32 +0200
Subject: [PATCH 0014/2268] refactor: Split withProjectTargetCommandContext
 into withProjectTargetCommandContext and NewTargetContext

---
 cmd/kluctl/args/images.go                     |   4 +-
 .../commands/cmd_check_image_updates.go       |   2 +-
 cmd/kluctl/commands/cmd_delete.go             |   6 +-
 cmd/kluctl/commands/cmd_deploy.go             |   4 +-
 cmd/kluctl/commands/cmd_diff.go               |   4 +-
 cmd/kluctl/commands/cmd_downscale.go          |   6 +-
 cmd/kluctl/commands/cmd_poke_images.go        |   6 +-
 cmd/kluctl/commands/cmd_prune.go              |   6 +-
 cmd/kluctl/commands/cmd_render.go             |   2 +-
 cmd/kluctl/commands/cmd_seal.go               |  27 ++--
 cmd/kluctl/commands/cmd_validate.go           |   4 +-
 cmd/kluctl/commands/utils.go                  | 126 +++---------------
 pkg/kluctl_project/target_context.go          | 119 +++++++++++++++++
 13 files changed, 172 insertions(+), 144 deletions(-)
 create mode 100644 pkg/kluctl_project/target_context.go

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 6aabbeac2..f53ec2c58 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -13,7 +13,7 @@ type ImageFlags struct {
 	UpdateImages    bool     `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
 }
 
-func (args *ImageFlags) LoadFixedImagesFromArgs() (*types.FixedImagesConfig, error) {
+func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
 	var ret types.FixedImagesConfig
 
 	if args.FixedImagesFile != "" {
@@ -31,7 +31,7 @@ func (args *ImageFlags) LoadFixedImagesFromArgs() (*types.FixedImagesConfig, err
 		ret.Images = append(ret.Images, *e)
 	}
 
-	return &ret, nil
+	return ret.Images, nil
 }
 
 func buildFixedImageEntryFromArg(arg string) (*types.FixedImage, error) {
diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 85ecfce71..74538ce07 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -30,7 +30,7 @@ func (cmd *checkImageUpdatesCmd) Run() error {
 		targetFlags:  cmd.TargetFlags,
 	}
 	err := withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		renderedImages = ctx.deploymentCollection.FindRenderedImages()
+		renderedImages = ctx.targetCtx.DeploymentCollection.FindRenderedImages()
 		return nil
 	})
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 8374968cf..ae16159b6 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -44,7 +44,7 @@ func (cmd *deleteCmd) Run() error {
 		dryRunArgs:     &cmd.DryRunFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewDeleteCommand(ctx.targetCtx.DeploymentCollection)
 
 		deleteByLabels, err := deployment.ParseArgs(cmd.DeleteByLabel)
 		if err != nil {
@@ -53,11 +53,11 @@ func (cmd *deleteCmd) Run() error {
 
 		cmd2.OverrideDeleteByLabels = deleteByLabels
 
-		objects, err := cmd2.Run(ctx.k)
+		objects, err := cmd2.Run(ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
-		result, err := confirmedDeleteObjects(ctx.k, objects, cmd.DryRun, cmd.Yes)
+		result, err := confirmedDeleteObjects(ctx.targetCtx.K, objects, cmd.DryRun, cmd.Yes)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index fabd1952b..0f4d22915 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -49,7 +49,7 @@ func (cmd *deployCmd) Run() error {
 }
 
 func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
-	cmd2 := commands.NewDeployCommand(ctx.deploymentCollection)
+	cmd2 := commands.NewDeployCommand(ctx.targetCtx.DeploymentCollection)
 	cmd2.ForceApply = cmd.ForceApply
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
 	cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
@@ -62,7 +62,7 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 		cb = nil
 	}
 
-	result, err := cmd2.Run(ctx.k, cb)
+	result, err := cmd2.Run(ctx.targetCtx.K, cb)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 840617dd9..374926510 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -36,14 +36,14 @@ func (cmd *diffCmd) Run() error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		cmd2 := commands.NewDiffCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewDiffCommand(ctx.targetCtx.DeploymentCollection)
 		cmd2.ForceApply = cmd.ForceApply
 		cmd2.ReplaceOnError = cmd.ReplaceOnError
 		cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run(ctx.k)
+		result, err := cmd2.Run(ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index 184533519..d4afda0e6 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -37,14 +37,14 @@ func (cmd *downscaleCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.k.Context())) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.K.Context())) {
 				return fmt.Errorf("aborted")
 			}
 		}
 
-		cmd2 := commands.NewDownscaleCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewDownscaleCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.k)
+		result, err := cmd2.Run(ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 641713e45..0857ab8c0 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -37,14 +37,14 @@ func (cmd *pokeImagesCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.k.Context())) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.K.Context())) {
 				return fmt.Errorf("aborted")
 			}
 		}
 
-		cmd2 := commands.NewPokeImagesCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewPokeImagesCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.k)
+		result, err := cmd2.Run(ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 5881089ac..3712b8b3d 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -40,12 +40,12 @@ func (cmd *pruneCmd) Run() error {
 }
 
 func (cmd *pruneCmd) runCmdPrune(ctx *commandCtx) error {
-	cmd2 := commands.NewPruneCommand(ctx.deploymentCollection)
-	objects, err := cmd2.Run(ctx.k)
+	cmd2 := commands.NewPruneCommand(ctx.targetCtx.DeploymentCollection)
+	objects, err := cmd2.Run(ctx.targetCtx.K)
 	if err != nil {
 		return err
 	}
-	result, err := confirmedDeleteObjects(ctx.k, objects, cmd.DryRun, cmd.Yes)
+	result, err := confirmedDeleteObjects(ctx.targetCtx.K, objects, cmd.DryRun, cmd.Yes)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 96c3093e4..abd550b00 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -37,7 +37,7 @@ func (cmd *renderCmd) Run() error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		log.Infof("Rendered into %s", ctx.deploymentCollection.RenderDir)
+		log.Infof("Rendered into %s", ctx.targetCtx.DeploymentCollection.RenderDir)
 		return nil
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 08b89809e..d48510ab2 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -29,7 +29,7 @@ If no '--target' is specified, sealing is performed for all targets.`
 }
 
 func findSecretsEntry(ctx *commandCtx, name string) (*types.SecretSet, error) {
-	for _, e := range ctx.kluctlProject.Config.SecretsConfig.SecretSets {
+	for _, e := range ctx.targetCtx.KluctlProject.Config.SecretsConfig.SecretSets {
 		if e.Name == name {
 			return &e, nil
 		}
@@ -46,7 +46,7 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 		}
 		for _, source := range secretEntry.Sources {
 			var renderedSource types.SecretSource
-			err = ctx.kluctlProject.J2.RenderStruct(&renderedSource, &source, ctx.deploymentProject.VarsCtx.Vars)
+			err = ctx.targetCtx.KluctlProject.J2.RenderStruct(&renderedSource, &source, ctx.targetCtx.DeploymentProject.VarsCtx.Vars)
 			if err != nil {
 				return err
 			}
@@ -57,25 +57,26 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 			secrets.Merge(s)
 		}
 	}
-	ctx.deploymentProject.MergeSecretsIntoAllChildren(secrets)
+	ctx.targetCtx.DeploymentProject.MergeSecretsIntoAllChildren(secrets)
 	return nil
 }
 
-func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext, target *types.Target, secretsLoader *seal.SecretsLoader) error {
-	log.Infof("Sealing for target %s", target.Name)
+func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext, targetName string, secretsLoader *seal.SecretsLoader) error {
+	log.Infof("Sealing for target %s", targetName)
 
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,
 	}
+	ptArgs.targetFlags.Target = targetName
 
 	// pass forSeal=True so that .sealme files are rendered as well
-	return withProjectTargetCommandContext(ptArgs, p, target, true, func(ctx *commandCtx) error {
-		err := loadSecrets(ctx, target, secretsLoader)
+	return withProjectTargetCommandContext(ptArgs, p, true, func(ctx *commandCtx) error {
+		err := loadSecrets(ctx, ctx.targetCtx.Target, secretsLoader)
 		if err != nil {
 			return err
 		}
-		err = ctx.deploymentCollection.RenderDeployments(ctx.k)
+		err = ctx.targetCtx.DeploymentCollection.RenderDeployments(ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
@@ -91,22 +92,22 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext,
 			}
 		}
 		if p.Config.SecretsConfig == nil || p.Config.SecretsConfig.SealedSecrets == nil || p.Config.SecretsConfig.SealedSecrets.Bootstrap == nil || *p.Config.SecretsConfig.SealedSecrets.Bootstrap {
-			err = seal.BootstrapSealedSecrets(ctx.k, sealedSecretsNamespace)
+			err = seal.BootstrapSealedSecrets(ctx.targetCtx.K, sealedSecretsNamespace)
 			if err != nil {
 				return err
 			}
 		}
 
-		clusterConfig, err := p.LoadClusterConfig(target.Cluster)
+		clusterConfig, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster)
 		if err != nil {
 			return err
 		}
-		sealer, err := seal.NewSealer(ctx.k, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
+		sealer, err := seal.NewSealer(ctx.targetCtx.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
 		if err != nil {
 			return err
 		}
 
-		cmd2 := commands.NewSealCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection)
 		err = cmd2.Run(sealer)
 
 		if err != nil {
@@ -153,7 +154,7 @@ func (cmd *sealCmd) Run() error {
 				sealTarget = baseTarget
 			}
 
-			err := cmd.runCmdSealForTarget(p, sealTarget, secretsLoader)
+			err := cmd.runCmdSealForTarget(p, sealTarget.Name, secretsLoader)
 			if err != nil {
 				log.Warningf("Sealing for target %s failed: %v", sealTarget.Name, err)
 				hadError = true
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index f97c00f20..6008a4269 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -37,9 +37,9 @@ func (cmd *validateCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		startTime := time.Now()
-		cmd2 := commands.NewValidateCommand(ctx.deploymentCollection)
+		cmd2 := commands.NewValidateCommand(ctx.targetCtx.DeploymentCollection)
 		for true {
-			result, err := cmd2.Run(ctx.k)
+			result, err := cmd2.Run(ctx.targetCtx.K)
 			if err != nil {
 				return err
 			}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0db35e851..27fa9a832 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -6,14 +6,10 @@ import (
 	"github.com/kluctl/kluctl/pkg/deployment"
 	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
 	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/k8s"
 	"github.com/kluctl/kluctl/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/pkg/types"
 	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 )
 
 func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
@@ -67,62 +63,27 @@ type projectTargetCommandArgs struct {
 }
 
 type commandCtx struct {
-	kluctlProject        *kluctl_project.KluctlProjectContext
-	target               *types.Target
-	clusterConfig        *types.ClusterConfig
-	k                    *k8s.K8sCluster
-	images               *deployment.Images
-	deploymentProject    *deployment.DeploymentProject
-	deploymentCollection *deployment.DeploymentCollection
+	targetCtx *kluctl_project.TargetContext
+	images    *deployment.Images
 }
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
 	return withKluctlProjectFromArgs(args.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
-		var target *types.Target
-		if args.targetFlags.Target != "" {
-			t, err := p.FindDynamicTarget(args.targetFlags.Target)
-			if err != nil {
-				return err
-			}
-			target = t.Target
-		}
-		return withProjectTargetCommandContext(args, p, target, false, cb)
+		return withProjectTargetCommandContext(args, p, false, cb)
 	})
 }
 
-func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, target *types.Target, forSeal bool, cb func(ctx *commandCtx) error) error {
-	deploymentDir, err := filepath.Abs(p.DeploymentDir)
-	if err != nil {
-		return err
-	}
-
-	clusterName := args.projectFlags.Cluster
-	if clusterName == "" {
-		if target == nil {
-			return fmt.Errorf("you must specify an existing --cluster when not providing a --target")
-		}
-		clusterName = target.Cluster
-	}
-
-	clusterConfig, err := p.LoadClusterConfig(clusterName)
-	if err != nil {
-		return err
-	}
-
-	k, err := k8s.NewK8sCluster(clusterConfig.Cluster.Context, args.dryRunArgs == nil || args.dryRunArgs.DryRun)
+func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, forSeal bool, cb func(ctx *commandCtx) error) error {
+	images, err := deployment.NewImages(args.imageFlags.UpdateImages)
 	if err != nil {
 		return err
 	}
-
-	varsCtx := jinja2.NewVarsCtx(p.J2)
-	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
+	fixedImages, err := args.imageFlags.LoadFixedImagesFromArgs()
 	if err != nil {
 		return err
 	}
-
-	images, err := deployment.NewImages(args.imageFlags.UpdateImages)
-	if err != nil {
-		return err
+	for _, fi := range fixedImages {
+		images.AddFixedImage(fi)
 	}
 
 	inclusion, err := args.inclusionFlags.ParseInclusionFromArgs()
@@ -130,44 +91,10 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 		return err
 	}
 
-	allArgs := uo.New()
-
 	optionArgs, err := deployment.ParseArgs(args.argsFlags.Arg)
 	if err != nil {
 		return err
 	}
-	if target != nil {
-		for argName, argValue := range optionArgs {
-			err = p.CheckDynamicArg(target, argName, argValue)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	allArgs.Merge(deployment.ConvertArgsToVars(optionArgs))
-	if target != nil {
-		if target.Args != nil {
-			allArgs.Merge(target.Args)
-		}
-		if forSeal {
-			if target.SealingConfig.Args != nil {
-				allArgs.Merge(target.SealingConfig.Args)
-			}
-		}
-	}
-
-	err = deployment.CheckRequiredDeployArgs(deploymentDir, varsCtx, allArgs)
-	if err != nil {
-		return err
-	}
-
-	varsCtx.UpdateChild("args", allArgs)
-
-	targetVars, err := uo.FromStruct(target)
-	if err != nil {
-		return err
-	}
-	varsCtx.UpdateChild("target", targetVars)
 
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
@@ -179,44 +106,25 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 		renderOutputDir = tmpDir
 	}
 
-	d, err := deployment.NewDeploymentProject(k, varsCtx, deploymentDir, p.SealedSecretsDir, nil)
+	ctx, err := p.NewTargetContext(args.targetFlags.Target, args.projectFlags.Cluster,
+		args.dryRunArgs == nil || args.dryRunArgs.DryRun,
+		optionArgs, forSeal, images, inclusion,
+		renderOutputDir)
 	if err != nil {
 		return err
 	}
-	c, err := deployment.NewDeploymentCollection(d, images, inclusion, renderOutputDir, forSeal)
-	if err != nil {
-		return err
-	}
-
-	fixedImages, err := args.imageFlags.LoadFixedImagesFromArgs()
-	if err != nil {
-		return err
-	}
-	if target != nil {
-		for _, fi := range target.Images {
-			images.AddFixedImage(fi)
-		}
-	}
-	for _, fi := range fixedImages.Images {
-		images.AddFixedImage(fi)
-	}
 
 	if !forSeal {
-		err = c.Prepare(k)
+		err = ctx.DeploymentCollection.Prepare(ctx.K)
 		if err != nil {
 			return err
 		}
 	}
 
-	ctx := &commandCtx{
-		kluctlProject:        p,
-		target:               target,
-		clusterConfig:        clusterConfig,
-		k:                    k,
-		images:               images,
-		deploymentProject:    d,
-		deploymentCollection: c,
+	cmdCtx := &commandCtx{
+		targetCtx: ctx,
+		images:    images,
 	}
 
-	return cb(ctx)
+	return cb(cmdCtx)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
new file mode 100644
index 000000000..d863fe8c2
--- /dev/null
+++ b/pkg/kluctl_project/target_context.go
@@ -0,0 +1,119 @@
+package kluctl_project
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/pkg/deployment"
+	"github.com/kluctl/kluctl/pkg/jinja2"
+	"github.com/kluctl/kluctl/pkg/k8s"
+	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"path/filepath"
+)
+
+type TargetContext struct {
+	KluctlProject        *KluctlProjectContext
+	Target               *types.Target
+	ClusterConfig        *types.ClusterConfig
+	K                    *k8s.K8sCluster
+	DeploymentProject    *deployment.DeploymentProject
+	DeploymentCollection *deployment.DeploymentCollection
+}
+
+func (p *KluctlProjectContext) NewTargetContext(targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+	deploymentDir, err := filepath.Abs(p.DeploymentDir)
+	if err != nil {
+		return nil, err
+	}
+
+	var target *types.Target
+	if targetName != "" {
+		t, err := p.FindDynamicTarget(targetName)
+		if err != nil {
+			return nil, err
+		}
+		target = t.Target
+
+		for _, fi := range target.Images {
+			images.AddFixedImage(fi)
+		}
+	}
+
+	if clusterName == "" {
+		if target == nil {
+			return nil, fmt.Errorf("you must specify an existing --cluster when not providing a --target")
+		}
+		clusterName = target.Cluster
+	}
+
+	clusterConfig, err := p.LoadClusterConfig(clusterName)
+	if err != nil {
+		return nil, err
+	}
+
+	k, err := k8s.NewK8sCluster(clusterConfig.Cluster.Context, dryRun)
+	if err != nil {
+		return nil, err
+	}
+
+	varsCtx := jinja2.NewVarsCtx(p.J2)
+	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
+	if err != nil {
+		return nil, err
+	}
+
+	allArgs := uo.New()
+
+	if target != nil {
+		for argName, argValue := range args {
+			err = p.CheckDynamicArg(target, argName, argValue)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	allArgs.Merge(deployment.ConvertArgsToVars(args))
+	if target != nil {
+		if target.Args != nil {
+			allArgs.Merge(target.Args)
+		}
+		if forSeal {
+			if target.SealingConfig.Args != nil {
+				allArgs.Merge(target.SealingConfig.Args)
+			}
+		}
+	}
+
+	err = deployment.CheckRequiredDeployArgs(deploymentDir, varsCtx, allArgs)
+	if err != nil {
+		return nil, err
+	}
+
+	varsCtx.UpdateChild("args", allArgs)
+
+	targetVars, err := uo.FromStruct(target)
+	if err != nil {
+		return nil, err
+	}
+	varsCtx.UpdateChild("target", targetVars)
+
+	d, err := deployment.NewDeploymentProject(k, varsCtx, deploymentDir, p.SealedSecretsDir, nil)
+	if err != nil {
+		return nil, err
+	}
+	c, err := deployment.NewDeploymentCollection(d, images, inclusion, renderOutputDir, forSeal)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx := &TargetContext{
+		KluctlProject:        p,
+		Target:               target,
+		ClusterConfig:        clusterConfig,
+		K:                    k,
+		DeploymentProject:    d,
+		DeploymentCollection: c,
+	}
+
+	return ctx, nil
+}

From a45494f36c9931da7fc048b9b429235665fdb5c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Tue, 19 Apr 2022 20:51:07 +0200
Subject: [PATCH 0015/2268] refactor: remove envs and download python for each
 arch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 Makefile | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 6be0074e8..b74eb7b59 100644
--- a/Makefile
+++ b/Makefile
@@ -14,14 +14,11 @@ WHITE  := $(shell tput -Txterm setaf 7)
 CYAN   := $(shell tput -Txterm setaf 6)
 RESET  := $(shell tput -Txterm sgr0)
 
-.PHONY: all test build vendor check-env check-kubectl check-helm check-kind
+.PHONY: all test build vendor check-kubectl check-helm check-kind
 
 all: help
 
 ## Check:
-check-env: ## Checks if required environment variables are set
-	 @test $${GOOS?Please set environment variable GOOS}
-	 @test $${GOARCH?Please set environment variable GOARCH}
 
 check-kubectl: ## Checks if kubectl is installed
 	kubectl version --client=true
@@ -35,9 +32,9 @@ check-kind: ## Checks if kind is installed
 ## Build:
 build: vendor python generate build-go ## Run the complete build pipeline
 
-build-go: check-env ## Build your project and put the output binary in out/bin/
+build-go:  ## Build your project and put the output binary in out/bin/
 	mkdir -p out/bin
-	CGO_ENBALED=0 GO111MODULE=on GOARCH=$(GOARCH) GOOS=$(GOOS) $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME) ./cmd/kluctl
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME) ./cmd/kluctl
 
 clean: ## Remove build related file
 	rm -fr ./bin
@@ -48,18 +45,20 @@ clean: ## Remove build related file
 vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
 	$(GOCMD) mod vendor
 
-python: check-env ## Download python for Jinja2 support
-	./hack/download-python.sh $(GOARCH)
+python:  ## Download python for Jinja2 support
+	./hack/download-python.sh linux
+	./hack/download-python.sh windows
+	./hack/download-python.sh darwin
 
 generate: ## Generating Jinja2 support
 	$(GOCMD) generate ./...
-	$(GOCMD) generate -tags $(GOOS) ./pkg/python
+	$(GOCMD) generate ./pkg/python
 
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite
 
-test-e2e: check-env check-kubectl check-helm check-kind ## Runs the end to end tests
-	CGO_ENBALED=0 GO111MODULE=on GOARCH=$(GOARCH) GOOS=$(GOOS) $(GOCMD) test -o out/bin/$(TEST_BINARY_NAME) ./e2e
+test-e2e: check-kubectl check-helm check-kind ## Runs the end to end tests
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o out/bin/$(TEST_BINARY_NAME) ./e2e
 
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)

From d878db43a5a6efae966367601783e85995b54627 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 19 Apr 2022 22:56:25 +0200
Subject: [PATCH 0016/2268] fix: Fix module to include v2

---
 cmd/kluctl/args/images.go                      |  4 ++--
 cmd/kluctl/args/inclusion.go                   |  2 +-
 cmd/kluctl/commands/cmd_archive.go             |  4 ++--
 cmd/kluctl/commands/cmd_check_image_updates.go | 10 +++++-----
 cmd/kluctl/commands/cmd_delete.go              | 16 ++++++++--------
 cmd/kluctl/commands/cmd_deploy.go              |  8 ++++----
 cmd/kluctl/commands/cmd_diff.go                |  4 ++--
 cmd/kluctl/commands/cmd_downscale.go           |  6 +++---
 cmd/kluctl/commands/cmd_helm_pull.go           |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go         |  4 ++--
 cmd/kluctl/commands/cmd_list_images.go         |  4 ++--
 cmd/kluctl/commands/cmd_list_targets.go        |  6 +++---
 cmd/kluctl/commands/cmd_poke_images.go         |  6 +++---
 cmd/kluctl/commands/cmd_prune.go               |  4 ++--
 cmd/kluctl/commands/cmd_render.go              |  4 ++--
 cmd/kluctl/commands/cmd_seal.go                | 12 ++++++------
 cmd/kluctl/commands/cmd_validate.go            |  4 ++--
 cmd/kluctl/commands/cmd_version.go             |  2 +-
 cmd/kluctl/commands/command_result.go          |  8 ++++----
 cmd/kluctl/commands/root.go                    | 10 +++++-----
 cmd/kluctl/commands/utils.go                   | 12 ++++++------
 cmd/kluctl/main.go                             |  2 +-
 e2e/external_projects_test.go                  |  2 +-
 e2e/hooks_test.go                              |  2 +-
 e2e/kind_cluster.go                            |  6 +++---
 e2e/project.go                                 |  8 ++++----
 e2e/utils.go                                   |  4 ++--
 e2e/utils_resources.go                         |  2 +-
 go.mod                                         |  2 +-
 pkg/deployment/commands/delete.go              |  8 ++++----
 pkg/deployment/commands/deploy.go              |  8 ++++----
 pkg/deployment/commands/diff.go                |  8 ++++----
 pkg/deployment/commands/downscale.go           | 12 ++++++------
 pkg/deployment/commands/poke_images.go         | 12 ++++++------
 pkg/deployment/commands/prune.go               |  8 ++++----
 pkg/deployment/commands/seal.go                |  4 ++--
 pkg/deployment/commands/validate.go            | 12 ++++++------
 pkg/deployment/deployment_collection.go        |  8 ++++----
 pkg/deployment/deployment_item.go              | 10 +++++-----
 pkg/deployment/deployment_project.go           | 12 ++++++------
 pkg/deployment/external_args.go                |  8 ++++----
 pkg/deployment/helm_chart.go                   | 12 ++++++------
 pkg/deployment/images.go                       | 16 ++++++++--------
 pkg/deployment/utils/apply_utils.go            | 16 ++++++++--------
 pkg/deployment/utils/delete_utils.go           |  8 ++++----
 pkg/deployment/utils/diff_utils.go             | 10 +++++-----
 pkg/deployment/utils/diff_utils_test.go        |  8 ++++----
 pkg/deployment/utils/downscale_utils.go        |  4 ++--
 pkg/deployment/utils/errors_holder.go          |  8 ++++----
 pkg/deployment/utils/hooks_util.go             |  8 ++++----
 pkg/deployment/utils/remote_objects_utils.go   |  8 ++++----
 pkg/diff/diff.go                               |  6 +++---
 pkg/diff/managed_fields.go                     |  2 +-
 pkg/diff/normalize.go                          |  4 ++--
 pkg/git/auth/auth_provider.go                  |  2 +-
 pkg/git/auth/env_auth_provider.go              |  4 ++--
 pkg/git/auth/git_credentials_file.go           |  4 ++--
 pkg/git/auth/ssh_auth_provider.go              |  4 ++--
 pkg/git/auth/ssh_known_hosts.go                |  4 ++--
 pkg/git/http-server/http.go                    |  2 +-
 pkg/git/http-server/utils.go                   |  2 +-
 pkg/git/mirrored_repo.go                       |  6 +++---
 pkg/git/poor_mans_clone.go                     |  2 +-
 pkg/git/utils.go                               |  2 +-
 pkg/jinja2/jinja2.go                           |  4 ++--
 pkg/jinja2/jinja2_renderer.go                  |  4 ++--
 pkg/jinja2/source.go                           |  4 ++--
 pkg/jinja2/vars.go                             | 10 +++++-----
 pkg/k8s/k8s_cluster.go                         |  8 ++++----
 pkg/k8s/utils.go                               |  2 +-
 pkg/kluctl_project/git.go                      |  8 ++++----
 pkg/kluctl_project/load.go                     | 10 +++++-----
 pkg/kluctl_project/load_targets.go             | 12 ++++++------
 pkg/kluctl_project/project.go                  | 10 +++++-----
 pkg/kluctl_project/target_context.go           | 12 ++++++------
 pkg/python/embed.go                            |  4 ++--
 pkg/registries/registries.go                   |  4 ++--
 pkg/seal/bootstrap.go                          |  6 +++---
 pkg/seal/fetch_cert.go                         |  2 +-
 pkg/seal/sealer.go                             | 12 ++++++------
 pkg/seal/secrets_loader.go                     | 10 +++++-----
 pkg/types/cluster_config.go                    |  6 +++---
 pkg/types/command_result.go                    |  4 ++--
 pkg/types/deployment.go                        |  4 ++--
 pkg/types/git_project.go                       |  4 ++--
 pkg/types/kluctl_project.go                    |  4 ++--
 pkg/types/secrets_source.go                    |  2 +-
 pkg/types/target_config.go                     |  4 ++--
 pkg/utils/embed_util/extract.go                |  2 +-
 pkg/utils/embed_util/packer/main.go            |  2 +-
 pkg/utils/uo/k8s_fields.go                     |  2 +-
 pkg/utils/uo/unstructured.go                   |  2 +-
 pkg/utils/uo/uo.go                             |  2 +-
 pkg/utils/versions/latest_version.go           |  2 +-
 pkg/utils/versions/latest_version_parse.go     |  2 +-
 pkg/utils/versions/looseversion.go             |  2 +-
 pkg/validation/validation.go                   |  6 +++---
 pkg/yaml/yaml.go                               |  2 +-
 98 files changed, 293 insertions(+), 293 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index f53ec2c58..bb9de4568 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -2,8 +2,8 @@ package args
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"strings"
 )
 
diff --git a/cmd/kluctl/args/inclusion.go b/cmd/kluctl/args/inclusion.go
index 85670f009..060a6af97 100644
--- a/cmd/kluctl/args/inclusion.go
+++ b/cmd/kluctl/args/inclusion.go
@@ -2,7 +2,7 @@ package args
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path/filepath"
 	"strings"
diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index dbe3bb83c..90977ace4 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -1,8 +1,8 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 )
 
 type archiveCmd struct {
diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 74538ce07..8d65ee305 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -1,11 +1,11 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/registries"
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/versions"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	log "github.com/sirupsen/logrus"
 	"os"
 	"regexp"
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index ae16159b6..c078332de 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -2,14 +2,14 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	utils2 "github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 )
 
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 0f4d22915..15dcea2f2 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -2,10 +2,10 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type deployCmd struct {
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 374926510..0f7f70b63 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -2,8 +2,8 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 )
 
 type diffCmd struct {
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index d4afda0e6..e5383e3b2 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type downscaleCmd struct {
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index b2dcc01b8..38aec11c5 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -1,7 +1,7 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	log "github.com/sirupsen/logrus"
 	"io/fs"
 	"path/filepath"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index daa48b4c7..f74b41aaa 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	git2 "github.com/kluctl/kluctl/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	log "github.com/sirupsen/logrus"
 	"io/fs"
 	"path/filepath"
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index eeeb58986..80bd70382 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -1,8 +1,8 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 type listImagesCmd struct {
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 93984dbe0..29f9036f3 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -1,9 +1,9 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 type listTargetsCmd struct {
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 0857ab8c0..a6898ea11 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type pokeImagesCmd struct {
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 3712b8b3d..2ef240e88 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -2,8 +2,8 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 )
 
 type pruneCmd struct {
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index abd550b00..a686da313 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -1,8 +1,8 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 )
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index d48510ab2..185c07f44 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -2,12 +2,12 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/pkg/seal"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/seal"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	log "github.com/sirupsen/logrus"
 )
 
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 6008a4269..4a9bf23e4 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -2,8 +2,8 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"os"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index 734083a64..de05a2d49 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -1,7 +1,7 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/version"
+	"github.com/kluctl/kluctl/v2/pkg/version"
 	"os"
 )
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 12dc4f46d..bd2e8cd59 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -3,10 +3,10 @@ package commands
 import (
 	"bytes"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"os"
 	"strings"
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index e1efc9e0e..0b20a914b 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -17,11 +17,11 @@ package commands
 
 import (
 	"github.com/alecthomas/kong"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/utils/versions"
-	"github.com/kluctl/kluctl/pkg/version"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
+	"github.com/kluctl/kluctl/v2/pkg/version"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"net/http"
 	"os"
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 27fa9a832..bfcbf341e 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -2,12 +2,12 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
 )
diff --git a/cmd/kluctl/main.go b/cmd/kluctl/main.go
index fbc4cdde9..e95adcccb 100644
--- a/cmd/kluctl/main.go
+++ b/cmd/kluctl/main.go
@@ -15,7 +15,7 @@ limitations under the License.
 */
 package main
 
-import "github.com/kluctl/kluctl/cmd/kluctl/commands"
+import "github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
 
 func main() {
 	commands.Execute()
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index 9429aa372..87a972634 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 	"time"
 )
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index d5cf16b6f..7e6b4557e 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -3,7 +3,7 @@ package e2e
 import (
 	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 )
 
diff --git a/e2e/kind_cluster.go b/e2e/kind_cluster.go
index 9bbfd0e43..f420001a2 100644
--- a/e2e/kind_cluster.go
+++ b/e2e/kind_cluster.go
@@ -2,9 +2,9 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/client-go/rest"
diff --git a/e2e/project.go b/e2e/project.go
index bde8aa916..c19bd3b67 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
-	http_server "github.com/kluctl/kluctl/pkg/git/http-server"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net"
diff --git a/e2e/utils.go b/e2e/utils.go
index ad2c8930e..1a1abc672 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -3,8 +3,8 @@ package e2e
 import (
 	"bufio"
 	"bytes"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/validation"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/validation"
 	"io"
 	"os/exec"
 	"reflect"
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index aaff14756..255e07476 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"bytes"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"text/template"
 )
 
diff --git a/go.mod b/go.mod
index 30c91dca7..7b7f6a544 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/kluctl/kluctl
+module github.com/kluctl/kluctl/v2
 
 go 1.17
 
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index aaa60c889..872e8a7ad 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -1,10 +1,10 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
 type DeleteCommand struct {
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index e90591635..ed762c0e1 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -1,10 +1,10 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"time"
 )
 
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 106c98048..c7e35a3d5 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -1,10 +1,10 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 type DiffCommand struct {
diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index 5bede4036..edd25944e 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -1,12 +1,12 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sync"
 )
 
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 91ecf397e..9e2fc9173 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -2,12 +2,12 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sync"
 )
 
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index c434551df..873dc3a11 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -1,10 +1,10 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
 type PruneCommand struct {
diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index 2d3b2f6df..3a91f8b87 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -2,8 +2,8 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/seal"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"io/fs"
 	"path/filepath"
 	"strings"
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index a067d7832..3a94cc032 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -1,12 +1,12 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/validation"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/validation"
 )
 
 type ValidateCommand struct {
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index b84c9e11e..887e903bf 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -3,10 +3,10 @@ package deployment
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/semaphore"
 	"path/filepath"
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 4eb16cd43..e723c480e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -2,11 +2,11 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"io/ioutil"
 	"os"
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 1b82a17e5..8193ff13d 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -2,12 +2,12 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"path/filepath"
 	"reflect"
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 70e203353..b6db19f41 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -2,10 +2,10 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 	"regexp"
 	"strings"
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 3b0dbaac6..0b26b404c 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -2,12 +2,12 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/utils/versions"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
 	"os/exec"
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 25c04a7c9..654c72025 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -4,14 +4,14 @@ import (
 	"bytes"
 	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/registries"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/utils/versions"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"strings"
 	"sync"
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index a9aafc2b3..ebbca95c1 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -4,14 +4,14 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/diff"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/validation"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/diff"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/validation"
 	log "github.com/sirupsen/logrus"
 	"github.com/vbauerster/mpb/v7"
 	"golang.org/x/sync/semaphore"
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index f83cce908..655f4a1ca 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -2,10 +2,10 @@ package utils
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"golang.org/x/sync/semaphore"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strconv"
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 611523ed4..3690ecdd8 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -1,11 +1,11 @@
 package utils
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/diff"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/diff"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sort"
 	"sync"
 	"time"
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 2e245c5eb..bb494fcb4 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -1,10 +1,10 @@
 package utils
 
 import (
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/pkg/deployment/utils/downscale_utils.go b/pkg/deployment/utils/downscale_utils.go
index 64dd5e87d..aed46dd92 100644
--- a/pkg/deployment/utils/downscale_utils.go
+++ b/pkg/deployment/utils/downscale_utils.go
@@ -3,8 +3,8 @@ package utils
 import (
 	"fmt"
 	jsonpatch "github.com/evanphx/json-patch"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"regexp"
 	"strconv"
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index 5a6ef2ccd..92c184dda 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -3,10 +3,10 @@ package utils
 import (
 	"errors"
 	"fmt"
-	k8s2 "github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"sync"
 )
 
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 23426ab5a..bee3b6811 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -2,10 +2,10 @@ package utils
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sort"
 	"strconv"
 	"strings"
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 262a5baba..71df19fbe 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -1,10 +1,10 @@
 package utils
 
 import (
-	"github.com/kluctl/kluctl/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 1ae783d7a..e490578a5 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -5,9 +5,9 @@ import (
 	"github.com/hexops/gotextdiff"
 	"github.com/hexops/gotextdiff/myers"
 	"github.com/hexops/gotextdiff/span"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	diff2 "github.com/r3labs/diff/v2"
 	"log"
 	"reflect"
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 294c3bbb3..5ac3f6261 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -3,7 +3,7 @@ package diff
 import (
 	"bytes"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index 53a4b57f8..f2599dc97 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -2,8 +2,8 @@ package diff
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"regexp"
 	"strconv"
 	"strings"
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 99a7ba4e5..6c8872bd6 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -2,7 +2,7 @@ package auth
 
 import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 )
 
 type GitAuthProvider interface {
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 902b65212..2755ab710 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -4,8 +4,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/utils"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"strings"
 )
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index e2a497bee..49fbe894e 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -4,8 +4,8 @@ import (
 	"bufio"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/utils"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	giturls "github.com/whilp/git-urls"
 	"os"
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index d195fe85c..6da3e0e98 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/kevinburke/ssh_config"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/utils"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 8e6891aec..2ad01941d 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -2,8 +2,8 @@ package auth
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/git/auth/goph"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/crypto/ssh"
 	"net"
 	"os"
diff --git a/pkg/git/http-server/http.go b/pkg/git/http-server/http.go
index 8bc76c64a..c9da65ee0 100644
--- a/pkg/git/http-server/http.go
+++ b/pkg/git/http-server/http.go
@@ -4,7 +4,7 @@ package http_server
 import (
 	"compress/gzip"
 	"fmt"
-	process2 "github.com/kluctl/kluctl/pkg/utils/process"
+	process2 "github.com/kluctl/kluctl/v2/pkg/utils/process"
 	log "github.com/sirupsen/logrus"
 	"io"
 	"net/http"
diff --git a/pkg/git/http-server/utils.go b/pkg/git/http-server/utils.go
index 5edd5b027..4b1ee02f4 100644
--- a/pkg/git/http-server/utils.go
+++ b/pkg/git/http-server/utils.go
@@ -2,7 +2,7 @@ package http_server
 
 import (
 	"fmt"
-	process2 "github.com/kluctl/kluctl/pkg/utils/process"
+	process2 "github.com/kluctl/kluctl/v2/pkg/utils/process"
 	"io"
 	"log"
 	"net/http"
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 8288c5198..82b822ee2 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -5,9 +5,9 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
-	auth2 "github.com/kluctl/kluctl/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/utils"
+	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"os"
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index 53c6d41e4..851b6ae04 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -5,7 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
 	"path/filepath"
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index 11e9f8cf2..d3826b03d 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -3,7 +3,7 @@ package git
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"path/filepath"
 )
 
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index eae023375..431619904 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -3,8 +3,8 @@ package jinja2
 import (
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io/fs"
 	"io/ioutil"
 	"os"
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index 7db691279..e3299137f 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -5,8 +5,8 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/python"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/python"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io"
 	"io/ioutil"
 	"os"
diff --git a/pkg/jinja2/source.go b/pkg/jinja2/source.go
index 7bae0a194..78321257f 100644
--- a/pkg/jinja2/source.go
+++ b/pkg/jinja2/source.go
@@ -2,8 +2,8 @@ package jinja2
 
 import (
 	"embed"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/embed_util"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
 	log "github.com/sirupsen/logrus"
 	"path/filepath"
 )
diff --git a/pkg/jinja2/vars.go b/pkg/jinja2/vars.go
index 9d81e61e3..b130cafb3 100644
--- a/pkg/jinja2/vars.go
+++ b/pkg/jinja2/vars.go
@@ -2,11 +2,11 @@ package jinja2
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type VarsCtx struct {
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index bb28c94d7..fec67980f 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -5,10 +5,10 @@ import (
 	"encoding/json"
 	"fmt"
 	goversion "github.com/hashicorp/go-version"
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index f70e14fa2..bd0c74dcd 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -1,7 +1,7 @@
 package k8s
 
 import (
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index e54e25e95..e7cdcf650 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -2,10 +2,10 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/git"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	types2 "github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"os"
 	"path/filepath"
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 238932081..82e3eb165 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -4,11 +4,11 @@ import (
 	"archive/tar"
 	"compress/gzip"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/git"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	types2 "github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"os"
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index 5dfdd8f3f..6cfcd76c2 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -2,12 +2,12 @@ package kluctl_project
 
 import (
 	"fmt"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"path/filepath"
 	"reflect"
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 8f44afee7..552240a22 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -2,11 +2,11 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/git"
-	auth2 "github.com/kluctl/kluctl/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"regexp"
 )
 
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index d863fe8c2..257967bad 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -2,12 +2,12 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/deployment"
-	"github.com/kluctl/kluctl/pkg/jinja2"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"path/filepath"
 )
 
diff --git a/pkg/python/embed.go b/pkg/python/embed.go
index c9310de48..b4dd1e637 100644
--- a/pkg/python/embed.go
+++ b/pkg/python/embed.go
@@ -2,8 +2,8 @@ package python
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/embed_util"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
 	"log"
 	"path/filepath"
 	"runtime"
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index e886010a5..86ccb63e4 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -10,8 +10,8 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net/http"
diff --git a/pkg/seal/bootstrap.go b/pkg/seal/bootstrap.go
index ca1807a16..02865c4e9 100644
--- a/pkg/seal/bootstrap.go
+++ b/pkg/seal/bootstrap.go
@@ -6,9 +6,9 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index ef341ba4a..4e5e27d5a 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -5,7 +5,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	v12 "k8s.io/api/core/v1"
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 9c715006a..75f8bb187 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -7,12 +7,12 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/scrypt"
 	"k8s.io/apimachinery/pkg/runtime/schema"
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index d8eccb47a..ca4a0ac21 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -2,11 +2,11 @@ package seal
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/aws"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"path/filepath"
 	"strings"
diff --git a/pkg/types/cluster_config.go b/pkg/types/cluster_config.go
index 6b1f33b3b..0c22be6b1 100644
--- a/pkg/types/cluster_config.go
+++ b/pkg/types/cluster_config.go
@@ -2,9 +2,9 @@ package types
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 )
 
diff --git a/pkg/types/command_result.go b/pkg/types/command_result.go
index ed3c97f21..5142d73c0 100644
--- a/pkg/types/command_result.go
+++ b/pkg/types/command_result.go
@@ -1,8 +1,8 @@
 package types
 
 import (
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type Change struct {
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 08fc2fa3c..e2069d00f 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DeploymentItemConfig struct {
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index db60413da..6d6cbc4a3 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	git_url "github.com/kluctl/kluctl/pkg/git/git-url"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"strings"
 )
 
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 917f1570b..b0ea0257f 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -1,8 +1,8 @@
 package types
 
 import (
-	"github.com/kluctl/kluctl/pkg/utils/uo"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DynamicArg struct {
diff --git a/pkg/types/secrets_source.go b/pkg/types/secrets_source.go
index 5490926f0..c29f63615 100644
--- a/pkg/types/secrets_source.go
+++ b/pkg/types/secrets_source.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type SecretSourceAwsSecretsManager struct {
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index 1b439f532..4f27a0cf6 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -1,8 +1,8 @@
 package types
 
 import (
-	"github.com/kluctl/kluctl/pkg/types/k8s"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type FixedImage struct {
diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
index 21b5deda2..dc38f75f4 100644
--- a/pkg/utils/embed_util/extract.go
+++ b/pkg/utils/embed_util/extract.go
@@ -3,7 +3,7 @@ package embed_util
 import (
 	"fmt"
 	"github.com/gofrs/flock"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io"
 	"io/fs"
 	"io/ioutil"
diff --git a/pkg/utils/embed_util/packer/main.go b/pkg/utils/embed_util/packer/main.go
index 60bf426cc..f4d4ba5e3 100644
--- a/pkg/utils/embed_util/packer/main.go
+++ b/pkg/utils/embed_util/packer/main.go
@@ -8,7 +8,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"io/fs"
 	"io/ioutil"
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index 68d07dc61..be195b0f1 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -1,7 +1,7 @@
 package uo
 
 import (
-	"github.com/kluctl/kluctl/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
diff --git a/pkg/utils/uo/unstructured.go b/pkg/utils/uo/unstructured.go
index 1dd8c4adf..118b76df1 100644
--- a/pkg/utils/uo/unstructured.go
+++ b/pkg/utils/uo/unstructured.go
@@ -2,7 +2,7 @@ package uo
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index cae1b10be..ffb513110 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -3,7 +3,7 @@ package uo
 import (
 	"fmt"
 	"github.com/jinzhu/copier"
-	"github.com/kluctl/kluctl/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"reflect"
diff --git a/pkg/utils/versions/latest_version.go b/pkg/utils/versions/latest_version.go
index 654928f6c..7cd524a9c 100644
--- a/pkg/utils/versions/latest_version.go
+++ b/pkg/utils/versions/latest_version.go
@@ -2,7 +2,7 @@ package versions
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"log"
 	"regexp"
 	"strconv"
diff --git a/pkg/utils/versions/latest_version_parse.go b/pkg/utils/versions/latest_version_parse.go
index 220bb08f0..6fe06ed23 100644
--- a/pkg/utils/versions/latest_version_parse.go
+++ b/pkg/utils/versions/latest_version_parse.go
@@ -2,7 +2,7 @@ package versions
 
 import (
 	"fmt"
-	scanner "github.com/kluctl/kluctl/pkg/utils/python_scanner"
+	scanner "github.com/kluctl/kluctl/v2/pkg/utils/python_scanner"
 	log "github.com/sirupsen/logrus"
 	"strconv"
 	"strings"
diff --git a/pkg/utils/versions/looseversion.go b/pkg/utils/versions/looseversion.go
index c0fb8c169..11101ea03 100644
--- a/pkg/utils/versions/looseversion.go
+++ b/pkg/utils/versions/looseversion.go
@@ -1,7 +1,7 @@
 package versions
 
 import (
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"regexp"
 	"sort"
 	"strconv"
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index de1e18d4e..52584cedf 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -2,9 +2,9 @@ package validation
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/pkg/k8s"
-	"github.com/kluctl/kluctl/pkg/types"
-	"github.com/kluctl/kluctl/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"regexp"
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index adc37aac6..271c761fe 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/goccy/go-yaml"
-	"github.com/kluctl/kluctl/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	yaml3 "gopkg.in/yaml.v3"
 	"io"
 	"os"

From 6e6f65928562079cd2d8d16acd030654bf2ed7cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Apr 2022 10:02:41 +0200
Subject: [PATCH 0017/2268] fix: Properly use --output-format for deploy and
 poke-images

---
 cmd/kluctl/commands/cmd_deploy.go      | 4 ++--
 cmd/kluctl/commands/cmd_poke_images.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 15dcea2f2..e234d8b49 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -20,7 +20,7 @@ type deployCmd struct {
 	args.ReplaceOnErrorFlags
 	args.AbortOnErrorFlags
 	args.HookFlags
-	args.OutputFlags
+	args.OutputFormatFlags
 	args.RenderOutputDirFlags
 
 	NoWait bool `group:"misc" help:"Don't wait for objects readiness'"`
@@ -66,7 +66,7 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmd.Output, result)
+	err = outputCommandResult(cmd.OutputFormat, result)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index a6898ea11..33c62ced3 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -15,7 +15,7 @@ type pokeImagesCmd struct {
 	args.InclusionFlags
 	args.YesFlags
 	args.DryRunFlags
-	args.OutputFlags
+	args.OutputFormatFlags
 	args.RenderOutputDirFlags
 }
 
@@ -48,7 +48,7 @@ func (cmd *pokeImagesCmd) Run() error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmd.Output, result)
+		err = outputCommandResult(cmd.OutputFormat, result)
 		if err != nil {
 			return err
 		}

From b2ad31c19c0fc74f7522d56bb5c9d58fd2d99122 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Apr 2022 10:07:57 +0200
Subject: [PATCH 0018/2268] fix: Add missing --render-output-dir flag to
 delete/list-images and prune

---
 cmd/kluctl/commands/cmd_delete.go      | 14 ++++++++------
 cmd/kluctl/commands/cmd_list_images.go | 12 +++++++-----
 cmd/kluctl/commands/cmd_prune.go       | 14 ++++++++------
 3 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index c078332de..ebb02bfea 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -22,6 +22,7 @@ type deleteCmd struct {
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
+	args.RenderOutputDirFlags
 
 	DeleteByLabel []string `group:"misc" short:"l" help:"Override the labels used to find objects for deletion."`
 }
@@ -36,12 +37,13 @@ take the local target/state into account!`
 
 func (cmd *deleteCmd) Run() error {
 	ptArgs := projectTargetCommandArgs{
-		projectFlags:   cmd.ProjectFlags,
-		targetFlags:    cmd.TargetFlags,
-		argsFlags:      cmd.ArgsFlags,
-		imageFlags:     cmd.ImageFlags,
-		inclusionFlags: cmd.InclusionFlags,
-		dryRunArgs:     &cmd.DryRunFlags,
+		projectFlags:         cmd.ProjectFlags,
+		targetFlags:          cmd.TargetFlags,
+		argsFlags:            cmd.ArgsFlags,
+		imageFlags:           cmd.ImageFlags,
+		inclusionFlags:       cmd.InclusionFlags,
+		dryRunArgs:           &cmd.DryRunFlags,
+		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		cmd2 := commands.NewDeleteCommand(ctx.targetCtx.DeploymentCollection)
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 80bd70382..cfd9ef56f 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -12,6 +12,7 @@ type listImagesCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.OutputFlags
+	args.RenderOutputDirFlags
 
 	Simple bool `group:"misc" help:"Output a simplified version of the images list"`
 }
@@ -25,11 +26,12 @@ as described in for the deploy command.`
 
 func (cmd *listImagesCmd) Run() error {
 	ptArgs := projectTargetCommandArgs{
-		projectFlags:   cmd.ProjectFlags,
-		targetFlags:    cmd.TargetFlags,
-		argsFlags:      cmd.ArgsFlags,
-		imageFlags:     cmd.ImageFlags,
-		inclusionFlags: cmd.InclusionFlags,
+		projectFlags:         cmd.ProjectFlags,
+		targetFlags:          cmd.TargetFlags,
+		argsFlags:            cmd.ArgsFlags,
+		imageFlags:           cmd.ImageFlags,
+		inclusionFlags:       cmd.InclusionFlags,
+		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		result := types.FixedImagesConfig{
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 2ef240e88..e24578871 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -15,6 +15,7 @@ type pruneCmd struct {
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
+	args.RenderOutputDirFlags
 }
 
 func (cmd *pruneCmd) Help() string {
@@ -27,12 +28,13 @@ func (cmd *pruneCmd) Help() string {
 
 func (cmd *pruneCmd) Run() error {
 	ptArgs := projectTargetCommandArgs{
-		projectFlags:   cmd.ProjectFlags,
-		targetFlags:    cmd.TargetFlags,
-		argsFlags:      cmd.ArgsFlags,
-		imageFlags:     cmd.ImageFlags,
-		inclusionFlags: cmd.InclusionFlags,
-		dryRunArgs:     &cmd.DryRunFlags,
+		projectFlags:         cmd.ProjectFlags,
+		targetFlags:          cmd.TargetFlags,
+		argsFlags:            cmd.ArgsFlags,
+		imageFlags:           cmd.ImageFlags,
+		inclusionFlags:       cmd.InclusionFlags,
+		dryRunArgs:           &cmd.DryRunFlags,
+		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		return cmd.runCmdPrune(ctx)

From ffc0f8295530928701464b753fdda7dd311558e9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Apr 2022 17:20:46 +0200
Subject: [PATCH 0019/2268] chore: Update kluctl logo

---
 README.md       |   2 +-
 logo/kluctl.png | Bin 12230 -> 0 bytes
 logo/kluctl.svg |   1 +
 3 files changed, 2 insertions(+), 1 deletion(-)
 delete mode 100644 logo/kluctl.png
 create mode 100644 logo/kluctl.svg

diff --git a/README.md b/README.md
index 627ac52d1..6f71b363c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # kluctl
 
-![kluctl](logo/kluctl.png)
+<img alt="kluctl" src="logo/kluctl.svg" width="200"/>
 
 kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
 Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
diff --git a/logo/kluctl.png b/logo/kluctl.png
deleted file mode 100644
index 8e3ad6e30a2d15febde0b1663c11a341f312a9e2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12230
zcmcgyg<n(e+aBE=0xBqe=~B8u*-$~cBm@McrMp9kp@M)Q(nF-AyFoe>Mu<o^lkSH1
z+4T1>yw^t`ww<$`bMEJk>yAiu)rVxnOvDffgzWJns3ru0#SLC(QsRU4Rz80l_=D^E
z;ITF#fFGen1b9#6^hn<o0>S%*{*Oh(#N7x!WORc)b<=XRbn|@f@&e-N>B(>7VCQQ7
z-020sql;DYrZf}yJ;-C|eQmFljVW)pk)?6jZM#FZ9*d-})E2IfpTg+Hpo963qH_7>
zjrVmXuQ}Pkz7o*!=u{XKyd2FBr+;Z@H(Gbo*C<Ah@?LO^yzYYs)ZMcBmL^Tja%o2=
zWZ2H^Pb_;DPg929^?F*Sk@oa|u&Q<Zup1~31?Ym_+`^)yqM{=6B-KWLKxLM}3IM0X
zp#z_4ykf|W0AOvGhk=8%xAD2bK?LDFb#Rah77+{w2RR@7zkQXhHWm%)*~X)3->t@@
zplJ-eqHR|tQdM(?i5d=m8ag%}=x(na_%s?9i%n<UQF1Wx+v&Jw;)iAbtK@lG7+Fhe
zC;<htG{cq#RmaB%k5N4w>3+LC9CWZtzP^c4^R9O{rF1oZPoS|N)7u@{@|iOyJ>V1t
zmc=nCs~;&6uFIV8u7w>h=^bW14VROH;=qeFldIG2^!l%8@WQxw(1<$Xj5G@k=I%N6
zlT9DU;j}Ctw-;qOQRHwOD>i8kxH$ES7IoQb*!v;1)gZJz#^osHFj?cg(CHPOz$sBP
z<xo9Q$f=lxv=$~mcdfSQiDgqxX!osvmbS7r|7VW=t?RQ+;y1{<TE;3X&}ersLTVbK
zA>}qk#TM(>bh4c6*o5^%?&^GRK#t|3jPK$4czLkcwAaF0vFV7Jnok%&68n~1YVn(j
zzM#SGvA_!Fc-cT8Pa7$Ji;@ucfeA-IV8o?YMA!o>G&o9}=DxiqxrY4=gH}0{D*N%W
z7kxp<tcTIeGECw}ldc0YN0YzaM$4%|AI_7~QE7yrPe|Z1d`GGo?t67{G!uAr@#}3=
z1b!z_ta#H?3?7(RRZnbq`0jTpKr_)Q#`e)EaYUQ@gHkpeT%J=HXdeQ%O&%tEeiwa|
z0iPQ&7Y=lgvlYB2lS8W^QCKkC`uKSUq9&&C5V}U3(SU~Zbe2*8;+y;NK|QA|Q0Xuh
z`oqs3V^}Er5(P|}{3Nz}d5Rl$dwIaKlv{rPBw`nG;Q2)@UDp3}|M;!vExWOzXZ0R@
z+x<cV(tG_vLDr2}5z~<^m1D-f8<k_7zVY`3#is(!HmYX=q_+PQ6gQpzDG2JZ5KMZ~
zf{}#l03Hd9otW`l_F{inP40sBcri{*_GFPJ1G8_!Pfv_R&wkog8WhrZ_n<*U-ypsA
zwfu+V+E>%LzLUL`fpj?*^@34bchbPr^R2+Evze>QYscGd6msX=ZG%hX`2}bw$Q9Wu
z`R#odn*qyQv=v61-r_hk>~vmtY@q7?fd={2CDe@;xnZwR`V)x;RbBPeKYQwQFyhfG
zGOBfXvFcp-wA8EvPB$mFS?9j?v(WI`sWZ$}>ToCUe5Z>AEG^N+!zee&R78aC^{z{4
zg_ppzu8Z0;cuk@$Z;VID9E0;tF5;)$y$TdE`-2J;TyR3g%qwF8U!IUx2<gAls6dFL
zZI`jJc&)H{+6OFQmun396LG4NsLye#nzYD#?(<@0+~0%IfxTQgDK5QSNMHX*YNEt*
z&V2H8BvA)iaz9t2?Mg&n{;seY{t|pOiLw9Lwc_T>)3suAu_E=wH#73m%+Xy7SXGWQ
zP5x(xzuqeQfZYRIC}R5U6%h^l6T*PzifS|{F7`&p(7-vG@|^KMnj(0TB>18?o~t#f
zB=az_`Fu$r@T6~0Zd3ie&~w9Thp9SuyM~7f!VUM-HMAR!=c5Fgj#*254*rZ5=!G{m
zm7qac^Vc<j`*bXMAQF6Y-My4G)R@yHlJ9r>8%n384|>MlOCMUu#3r5E$iyI17$5^L
z+j_FwNCX<TzmW*wrg_ara-?~gt@@0<zyNkBj!ejH?xrN;Ak`NBEQ)a;inC~s0^Ev%
ziNKLVw~S!h5>5pE!z#@aWOTrO7Rv=8rSkI~W}O&Pb+ev(H7mTDyVr<ob9j)G&RsV>
zC!GoIy8ju;)5_`e6^6E57t0=wIi3xrkOj-^^0InP_Yejl$!;8~DdNua?H|cJ2fwA3
zG8E+$h1n`DJGq3}@62~ZT@#Q!WJ8XZTMeYiT(3Fb?GtD|cge^_gOEYUvj5{f^N?a+
zI}DtN*8WP`Gx+6175K+@zT%6@PBivGWzVvEdRv>7s7mj&)2K<`tEte{K?4utRmHY1
zEQS}<2Y5`P37EZRg9(@k1C3l1ZP$OHJvrG`095!cJ~zBu&&2;=RL=xUIe}Nd%;NDX
z8+&N0>0O4PzovB59ITHqd>)U5>|b?jMfIC?Yy7joX`(%6Tl36ht?SB<R1(ZCG;BX`
zD%RqRV^{ekY@@lYJ(I6fpj&7_H>u3tMYEY!+Qsa<4i=mrXkRfPEmR{c{&ZJ(6|I;m
z$@HhEz?E$LuH@Nwuf?F{4I@Sv$Iev9!MRwLn>5~j{zwEYik^>n^DScpCIYkoKaO_h
z_;TA}Q5NZ$OtvnayA*-PZ7i4D;e%s+ThS}&ftM#M=@bb#gkq0gyL2*Ir8svowkGj7
z{}JB5Se&V!Tx07KhF));0p1Uvn~7F~9`dxrv^4~eBq$Ao;NnEbW3Wf)jUqJyf(O#K
zS?^SyW6WohtK~A;{7wXmPbN$Yi}T$=(9v2r8KPs@!CG)QOTh75I19Oda{>n2Y6aBD
zZs4b%zh~ie>B%ZYgKz&L&F4>EPMQyK4caDwVXj6C8Hk%xGE3a4{A-f0n~dq9jq`Ax
zqMCVlF2xpMwCw3>R<tZrz+m9vxK+CU;rMF$^5W5T<Tm(qxo&hot(tuk|8;?;_pgFd
zU?YO8_q!Nho(G*h4``m*IwIgH4rgsnhu$7rjTWF~#O0%p>M&zGmaJXW(?^4`euqk9
z-aG@573+&wWX^LE>*=LuD3iZKM)98i1Y8k)S^d={uJK(Me=3_2<U?}(R`b>6*;aGl
z?3y43A+H}rM*N4*eab8`T;hfr%2rOqP8M^VZt!+pJ?mMRXui6@_-u|J1WW33q@xtR
zm{@VPF*x?jWBf(pGY>{}BQ$PYIFlvt$~g_Ih)uZ-tF+1(mq~|yO=s&1fRbP~E<q(@
ztM+WOeyizh)AVMF`eGV4Qi#6>m8h8D)W`at0nKt-<aAg|`sIF(+yzRl)kpihi5;OX
zt^k9CB)?oD)#BV`IF-9P83?@GOK+t>SadLkX2tQDFQNv5yHCycmcN7hHtr9*R_cYv
z70`?cs&`U&OSqCd!UX@a6TCIj?9XUG15;?9b=8F{9eyKO8qrddIT+D8xp)BWi3+xT
z#m$8VRuMWB7B@+{6)@ysz_tGdS~mBl6?s$IYkRgeG_#n86Ai#GV)6d!W<HhDrnfU7
zHsN>9&w73e>OFHG)zN!KSKo__|G4f^KjlE-|I8QzG*h4zAk}u$b{XiC|ARru3+mWs
zWdjU1)?(9jLC9<q|4qH|;3E{e1GvUa`CsmWpWGGpdyh5x{XbD$-Kcl&G^lC4J()fH
zlxXy;q-G}Zb0v)879y`dEPH$iQHy`WkV`0E;!-JHDdxSq*b~Qr(|obv7<e`@6V`O~
z%yY_p?3pJPhGJQ%?RQ<b`}@S1#mW^)4EiWpgHFIKJ=T8>j`c9AumaJ`i+oGP7;T{J
z_CJpu1lS(a+g7<|OvK*lG`-&$+}$W##$kxSi+c3>dhY2N8d-8_PVN}Mwsw~C)Z)-&
z0}!};G>EP3(RecrBx;4`I`}}MKi~WOi)D90N9HUt+cdHi-!h5V&aU-h5StU89-o8;
z<7wS82CLB=v?swv8fZ{m9)z;-L=FII^z*BJX7Lr;EP-vd%Bg)lzyRwyhP~d|UP?3x
zI9W>EVWy*E69kw3^N%$t4Ddce??)xJ<3B#K-Xj_VcsZJ!lm74{^Zd)h({G&CsW+~h
z!F~|Bd!V6sb+Q=i%=y<B%cXnye*cd#BIj>JHr1!nkJ(Q!bf{fQFht0`d*sVQt+9Sj
z9hs5hIqkiY>d9Q<vef&5M=z|&n4gjSC_62Z1|7BT?YqzXC2ZF(c3!bsF`L5<T}Uf&
zD}9ePr|La%u1?3AF9EObaPXV+*={9Z@!P(ik%`7!x7^hN%hhq0+~vLVkT1wiHaSFl
zt30gB0yuR*6!HG?#^B;OU#~^SQ^5RJ_BtF=6ktC!dI!*8IhK@YqbmNEv#V`V!}sd*
zBP%HTlaF_we|u%>*rjeU(0z!3dEj&=Yv?w}D=@c`S-gcpBl5B)!ur@W17XhUd(=a5
z3!Mif6Ep?<HC=qLJLo|6>#b|<GdCpc+A}we)ivY5i-R$fK$$;n65oKs2H6M2`b=}+
z)#XKLV1Ps$jgm4NBu<#KE)If#+dR8Kvdqj`+^swOZCBiQ_<K<Ky?G}(Qjz{62a1kH
zb3de=ZDKf`@2YD+;ZbOWvMgr)4bwZ&63sKGaxV-K2yaq#nBQ7OBjU2=uS+;3J{~O&
zI4Cf=;65D?i^0TKscSWhvC90li?JZ2rNt;G@;|F{<C+DD7Bes?E}rwNMGm=>9<>1K
zNmu&bJJHg+-FKpK#TFha8(^@ywz%xg3YP=njoPJr6P@${<)ZLQO~Hy0!Y(Dgp#V!r
z`pd9E1UPY@LX*vDAG>`^)62tZj4_k&SHkLJtZIzC=3ZYj_PTvO{J!im$<IHl(t=w}
zrdNT{Wmz~LL(I#6U}I=PQN6=zmwU}R27_Z8Kz+8R8<8v&RIh=<QTX$h*XcbFYy05)
z7NkJvWNEJ4?RKK*7RHU&3+x{_HeVc0I5v}^xe3Vg-lx}LNYKlP5Fwtj%|r~(Ze3f9
zT?gqKpi?(box@KL5|>22$<T5CrMxPwY?UULyBKcTmVRH-2;&_@oPY_S?VwdAa4sP(
z=EJNQCJDxuN2isaTBFTN04G7SX5f@u$jfX_<QD}5UD)?Lo6n}U0*<8qmuQCpwbfuH
z$x6c4I9}}kj!_A_V!WdpWcy)!iGFFmo3$%xzT`DvLBIMH?OWpT_nBmBM#g`lA-a7~
z=GXqu#&Oj;dS;#e@y%B3JeM%#H2B$i`G71~27R*@r<4D>5fglFOfDUIpZ6y{pFxE+
z5;410flf?#bYC^4^ODx1+4tH{JV!N&rFbn>3AUOMX`lU7kc$$8zMD*DYo0bQoD^6q
z>uDC#ZxPmAyd8nSV0LC<Zt=}$-nCm+(53zi(swTSP8q{dF3T$TrmT|q#B6js_j$AW
zTB;G-mit|Iur*hAA}ssiyZ>nFoLtj!2HC~2nb7%Qp#MCMo(43ANamgO4174Tbw}p#
zmwB|z;nUT#NQm@)@xWZ#Um~Ha(f&r~+@!e85w@iS^Zu6zuQoGhzB;>*(XKWly0>2g
z9gi4{=D>E^H{n1)TiE2_`TvAQ>d)P~fsTKsqZrBwpE_n`6El&+aHLb~^>h>dY#9va
z-0Oc|Y?8bDGuBHgVp^O{0*7nO;&r_q=kG<7Ol^)5e_rRr%jzi)uwY?wxh@u#ixpQ)
z$UPlUKnJ?mH|G$t$}xpavPjW;d$jg*R1O2xPOrJgZoz!F`p}6@vGGlN_M018rY?^k
z@h6d2#3#H*gX(nW8=0{J3_oEPgV|WE8s9=zwyS_eV{r-c+Rq<3EhrwJ?9n)=^|Zz&
zZ!T%ta?V{&cKq2A(g1m&)h)>S?@FuaDRTR1Bi*0FIKW!$^wcOyUK+w+jsofibyjL7
zEb7L_&!%Q5wDrcuCN|_16tv=oi7Ki+-MpmdX>$fR5<F;1%ON+}n`kU(`Q*;V2LcYu
z({D=P35fFWz>gu37d24jPr-?V?bDyPS=0h<8We)S#C+oA!nKJ`-9Y|^IC8&Pgh|e|
zHTY|0LrC~*ZtZ3>?A&KEdO(M#r4X%vI}&WdveTN&IUggxZ<46qp2h;B5)y*5T9&W|
zUbNpP0`I)wtlURkX9YJK3Ncxtjs|q;(mYURF?J0Q8Z@inQUVo0PtT*-E}_4ag5q2n
z5wtegOdi>}vUh@wg()Su*3-S1s46R)HiiLPE^c;sDRVgCIWtw3U8te~^0H*d-xG98
z!)ncEMdex=vR4fi6$Q!~z^rS_>kTzT9j9xDEw$qL3_Ui=#%W)i9m3&h%&_rN^MSM`
zSy*0fZXRk&FaGy$|Fd-u*m!eu?Kp~d>yAS;0<93BZUuNW3t{`&=#3`rT^9MrF#gOQ
z__&Ku`PZkiuFL&NLROuQewcu`6CDWoUqVHYi2IKw%ej>=xAlB)i<Y}QUWk?>{{;fp
zcl`7DYt6?U0s&aOpa65SyM#RRdGKDyaaVivaATs{afbQa_kEyA+2!Ez&O%o-3(KTE
zZ=c31sRcK2ZzUDonnWSeGXAGEjmKsx3CWbcYe5)lReI+szdUa6?3*~F2k|+iE9jg1
zk+N-N97a;hc=3<-vdsQ1n^1%<v0M1(?_)3<JNGxiu)<+oB@jDc;TaEk_#>vbnMJ=-
zfmt;2fYkb{j<&XTjgcAqq&4p8nSaw|Kt^6(v7<O|X8!2>-6-SY(frXM<6>m)XzNvx
zZj@lTLE$k+q3(ITDn}8`6~*d-WU2uf!`u0v_M%Lqwk@WEYaI)4LqOf&9X8`n&CzvN
zNqi9i{zSq{#Vk&>OwN`sDuz{l7a}q5-zO(05k2Kaq3B6W1+%|=dSXVdR*3H>yMtOg
zIK2p#-xeLW7G{m;$@ntbdy5@Anbg9z(o0608%Bf+`Ov%KS|7X+Ex>t~p<O^p*RG-Y
zQ*fz0HWd}}mav$ZSp5|1BSunrS65|aJDw7=j(i;o8Qk^XI?pb?i_QPeQqjvD<^G_{
zW9jxrvBg4=NlPoZ|4CGbE#5mRhmqWKKhu%ig?Bu>xWpt6qxpGpU0hvV3w3WvNr{O`
zUGMJh?(gr0yittnvBo9EzgNC>6lJ9npTSN~jg=!rNs0HaaoUOark${Dr7FS4CmS37
z{*f%XAYB2)=CIApO^0+fT<#CVUI(L~w&Z{d$^n4Lcwsr!HyYQ=1T4g1wF5DJw*<Gv
z09Ehn?(W4VCh5?u;cegzHFR)LRrL@xEsY3Dcz-(quBFA7FrqDAFpApuIU#LrS>B7x
zpfAL|EoJbI(Og*a#{6LSuTrFUQDzIe*1eCjh-w7BV7D)U-gK!K_`5=EZl0q}KCZ~4
zRfJl>s5L2mi}lEwmL?<%X?iy~cw{7=Hj0g5keGOPZ*MR7+|QX<LZCR~mYCl991zaX
zP&>*cwAEs04J%c(cnr08k4T<(56^03k^1@lVAZji0rXXg5Lp1#*S1gmn#{e&Jb|w-
z*1K^UVZr_-Cnu*1g<Dte>-(&zb?kne?+5Z5)^=+fc-UB_E6Yy&iCr{=xK^6vV`Em;
z^;2e+JzEr2_Cu)lH&2{*YMi~j<vpr8ViWM~e{C-(vjmd<vTtmhnlhUV4yrNErY<g+
z5pZ}>i<2&Jd~kAsz>Dcx*z;}-YRwq^;}(P_?ZWe-v4S+{!X7dr8+uYBr`-fA)XfuS
zx|j9hZiL`9?hoR$ZmSoIPu?S~@1CoVU+=N~-dpyxeePN))*vdt>qe~KG_W(ba(!NR
zgTfXfjwc^ul6fQ{|LxA<<8x!*QpKw^LL5X++#FvJPesU^{uh0xYYr5*nFrnnZaPJX
zdF&htZ(pEG;wvPVo-nGbxFd=VP<?DPZUJ?8zouDZ$O--pIH(?<UCdtw1a6B7q&sH3
zXG!%lubN0zO;_^^dKI`ed%baL(*-spJw8Wi5`AvUz<c8E+c=N&EZ}aKvTTmuO@gy&
zw&Ek74)J#fQv+*s3$j0t(BGvbAR#5)bY5J$)yzVmeB&*_`K7r@5mj<t^u`IzhspmM
zO<PCuIMN8eKJz`ABB6(XLQg7_YMdj}c&w$?DJYNZBRyxZK&>`;rs0G==KXWQ7Zwoi
z4~pic5YgnWJF<k)P0MRXQDWjJig#va7Y#}qWKzz*cW=p^8qQ~4=~$fKN!Rl$Io~$S
zUq^b>%o4P<99`Vry$q#8UEj?tKAPQ9feO31xWX9U&zvuB)(bS>_;@d?MqGg6qqO&Y
zduzO7=6gOHY#ncJ9Ub#K>Y78pe*NOSG&Ii=|CFzZm6vB$D9Q%29~!njINf(^*&0Lf
z(#zY6;HIcHUkx&nv9c=hyRiT1l9N3cnKuKaMNo;#k;Ch^eA~H2z^=m0|IRW8M@jWD
zO|CR^>3=Tb628L|Yk;!PR~0Cq>+6kW+O^qMD&j0I!$r(ef0%Z6Lug?I-@75}9?t!h
z)p}q3U6bM?ti5{rlpo(q4$et$I-0gC!qU_tAt51#wkkEVfM>~lltmQ4Pf4aYgqz>G
z*%4!L*F_Qrv&<QuTiqgnc#{Z=U`eKmzm7@b65V2aiyzv7ovUs3rEf#G0642nhvKmX
zMlYh6hzK)<0-d}O+gUiz@{d&6n>Cwtc18L%lqKWXSQ@2<g}St+r~A$ew6J|<l}_Sm
z+Ut*La}n1~7mc%u_!Ik3xZp|^RrrbY!$bQ%h4gom_I;x825rg0_T50Agr5(NZDnNe
zA1gfU+XLh`)VP&i;pxc$*4s`{o`%I>Lu0Umdg5GN8;zawpN#0UN_qg1LAAP$Wtxo)
z)=@iN4aUwB<3x~)i_}zB`^be{L{aB^<tWM2rv|t+6_22_vb7;j8<i_*Qof=k7Cl4R
z*Nh<h2YA?slwdEG4>GH&;<rUcH|RfflZ73>OO1Uvgv;%HLsp|_=e2=Bd~l!b=$gux
z*&zg}k!p^?OJTTH6vAHKEN}`6MG8I-8U6Gg3zXyYb;e96aItM{=%WZV!;LwT&zJ)n
zjJI|mFc?Q#_br$LT8$d4a>L+#Y)#}qB($&h7WtfJ<+sJ|MZsttgpxak5Q=v~61%cS
zzhq;HCJ$UAj1Z)n8&L*Y<c1##YMBtRsr?0(fg~IwH&EnUNx}KGVa9HoVIr`%C&E;G
zP5fZwaa>KsLu9OQu<d8ww>^zUqRGIlqb3eLAggP3j&c=GUa97cV(S(lKgP25LT~uk
zmR9RE7|X~QJO1~YIWhvV@j1@L<*V*&UJj_rR*`Od^)HWTQ+*Ct4HzFcczFxbpVBkz
zOY0A$|A;UllJb6D_1IeFczgP|{X-s_%(3fl5r*DAl8{xmq@<uWECy0}y+ls2)@&Fn
zoGweF9}4;+Zm5$L9IKRjj?*?dSp0fkTMy`?K)`Ov%XxPlJn*ouLBMZ~_#H$0R}y7U
z+QBCB@ddTsN}w+<gC-HiJ?7=I6*i-3?90|o{tkXT_iAb9hGB<0E33`W=a7&F>DeBR
z4wQ7F@;V!t*dxZb^Vd2b#{uFV^;+4FmIqzza;PSJ<Zy)SgRZ)nC0qH_saoBIFfv-Y
zD&l7hCp{S-mk(_II9E0frKoL^<>#YD9wmJT6qn?y!NFd-fC284B$rc^Rt~o6%4~oP
zN!qlsGN1?F9;8iY{W8yBy1mGC?X4nhoe)F2&4coB(-<Ljd>qqCOG`@&h=hc$orh>l
zTH5>Pr4Vm#35k;vc?Sn$V+a12IDljlG($n5f)wu<oOK&=Q94Pcs%BJH*48%O1oil_
zqTdFlUGM(<`ND2G)AWu!nQV3Q(94Mb@bC^3k>vohT)@8d?E8nHy7|ct60VSiT<Z{U
z3H82Fd&hR)+S#YL=3~wgX8=Pk^&4Ft4~ZVeTcP(;mdl^^TgDNUJk``19t!I3fAgmQ
z$t?~JsR>)Wvht3?(N9T9AMh5JmseJnu=MqH?Hu?`g};1ec#F`l&?U*$o)=R9!Gt^_
z2=7K?q-)JPKPlRSs@+{d!LqU-5`h$9)M8vPi2$wgJMIq?8!lL?Ip2RykgShu>5mUW
z?5FC?AG(XEg9{HKu_~$#k0v&P#&|w)(;&Cs$09)JZ22ToJ?S$3qU9BlRt`NKmWQuJ
zv;5MMO{FZ$U2}Z3EsgVg>SVDgC?sm}NwjWANSQALLLr8p1t>s56th4V4JR)Tp{MOp
zMJTFkr<*X!l!EH%2l#;xa;rU8SF8e^eq7K90$o`g$y5+}Z!meaFFVVx+c0tOq!Uml
ztI~DYt3Jkhqv$N<f9l*tM++Iw8AuQOZ4+d$u~Rb@G-d}nt{{Q(zX-;Wx3SUJf5}(k
zYV~sC@&eF7HIQi~(nnGUOP>o`scImPcUo{LCf&#A^dcmEBvX$&IAgo24MaZ4L&P^K
z=FObTlED64#<Hv1fEuQf`zop0_6#7p)+2y%wU|)_cbPp_QBfiLv2I}%Wg3^t_in|Y
zaD2SBcD~uLP+n0{S64TIP}=Ov!~Pq2+N=x^@Jb_W`JvQhFvoQJ8UrB%sbbbIQb%Fz
zg|4U|$$;}WjGzK5cab;1VQ?IgR8&;-^XCs$Oux5@`B&MCl^=g>ftnp2ZaM%PfN9z0
zdzl#3AHI`H;Kx&p=I2kli{&I4zP!RGqO(7pEa7^7EDsr6gB1uMpc$H%Y7GR`dFZmm
zro(LD)zMn9p#da)z@p3m_;a)O2Z>E`3vDwtiugNIg_@B`{NY*khP-^bIvW!NetRl5
zHtr%NR%+%8t)cP{!-r8$5LuQx*EBeHW%dzKmOoO2i9j<DbY%B6TTt40VP!oft+$p}
ztopkLj(mbOvWSVvrwSg&69P$+eXc!e!3xLW6euom6^ANghhnMI#&NOXG5pCEW-4k=
z<8PjsE13w!AvoM}w4+gu5)o<nSt#ZCa|H7Jdt;-&e^A?PtIi0;wEib(1`gV|wY#6}
zg1&xTh-MM_W9`d%=gv>Yph%kG;VFlVT<dSR4w5<05BtHkw+ahiz9c75*VQ##bArgo
z$g+gelRdEyOH5v^uOnw(|AXzZRaE3)4XLs}*{sj!&iJz25?m#Uv_oz%OVFKj)%G-I
z$zARMQ^~>ZOPq0Po9_r3=Bg7S6_MBz@%V~d-GK;MxeQCNHBnv9#WyQI*sqzAw?U=J
zTwEYDYgDh18nm)0Ahu}aU=Gz?I3Vka^K*AsQ8CYYYVb85+hZfYz|H~x_XG$xGXv?e
zN=Dw^=zc?sW58Yu&e$`8&z~dOgpsl~$>{>BTi=s}-1Egh^pi2gA2Z~B8v%{ol^w{8
zzn%ti7{|?{&WP1I>AQ^$;v5o6|C&9K9_C-Pyc`x5N)SAxsgZ7XcKEE`);6e9v2?5t
zwSQJy@u(Dmj94vmLp6ApTVm-MIWK)6p^s2nDvc1<*Pq{?o~(^yk8FcU-pryUyGE)_
z<s$ivKb?Y;Z>q7r`kJ^`NioRWu(9H}L=FZe)u5Sq+VeRY8tp@7p4HNoHNHnp{w-B6
z=SR$RbX;8xldT=TXT#tlxf&>xjZI6PJB9T2UOEnbsQAT=g01{`T4$fFujTAdw$EUF
z3{8$hPHpmZY=9<j9O1CBnJE@zXIJZGQ!9tFT1P(cgmx(k7kbpTv!B!fT$}|vHcypi
zRnc>D<$ay3rm(g{mw-g8zih?54t1<~-Wnp|8uXe(pw{BjuVv%i_b2h6#{#eRji29E
z+d^)4$kUkv54CoLBjvd{K0E<P*tk7pb`N!67M+lr2%{zXz)iV*hLt|x;3*z-adw@F
z{02lxseNc(Y$oDc?)UGahH4bahS9XZoPB)OeuDXcvKNq;1okT4_Cq0g2bXklq?vPl
z@ccZD>MTlzX%jep=&f6Sm^Xgw=!_2IjEq%R;$es5^EIY9iVM3fsx<<dfRmbPW>bnV
z8%R6#L7wL16X)jJ+S=OD(5=d(c||AT_nA`qq6zGL)PMv57*vVkmprp?S%@6)ZA!Ud
z5>iZ=P8Nv*Ud;QhI-59SMQ>k0zP)HhQ&Z*W7D0n?qcQJIIPp9bd0P}&ZzLnr*eLIR
zG2N)5(sH-~Z0;xaOn{+=h8{shWn|J_em?fF`T2&1b^F;!4rV{6aY2pMr{`w$GtNuP
zw!*S3PCq1aQohM(#@jRGhSh%hbb8t(n^ER+6%b9}R4>95N2E@hg|wg^+m0uNMJciU
zaXs-P@5;=f@9X8}KHS6uW#rPVGHPq<)jwt9H5Ckeidi2c>yD-iij8Y1KT5d%NYPSz
z+h8@V-qTH)bF}<@0VShkOsf4jzsO-m7HO7Uid>^pc?@e2OzL0uihif~j>XvE{LoM%
zxG6tB4>fz=*%rAlm)GH>lC1mmV>-oG{X42F-qMjG<}XE~hJ8U(^czutoN4LjY-dY&
zEFI1$VR>MnYxxwpw)V(ay^*|0IwC^Ml(FLJgXsC&4cQ%s9?rJTpXs3@$uP!*(Soa$
zKzaduI2<@bX~yjn>b23BJ+*SHXr`qD?5>-MiCx3K@#~m&+sbo&{b#AeM87szt+|Lp
z>DjPLwO9AXH$0>UNB&Eo_uS+Ku8{^$!_E$NUprZa7J6{DAhX=vlU@rZZRTFxGY<mY
z`L8v9xLZ&owlvN{)%FTP&Sr{X;*DL?zQQhd)sYmjG8CTcxkXhIFjpJKieGy%)RCMK
ze_U#(g1&<QFp3Atj6X$1uneo><F$3M>pjJUg~d27htNMVdbXNXJym5vr2Z64LcAi1
z6r*vkS%?;6XfU3w7-m;nenb0K7*Mt+AaVCG;s^6SWkYk2I*`|=s%l4A4I<i?z@Qp%
z(gtTE0K&q!M=l$a`p>3*5xTk8PN{Ot9>BG#kY7ggwQWV5kg(yLYu9kZW*YoXvJ<h%
z!<9sC7#J)q0>-(wytB{z)(AZW;^SlCit6nJ+EhLao;kG83sRWiSQB5<uKD~HV4+KS
z9kH=xWuKUkCmBu5;!YXG#l-@<Nkt*p<q~XoPwNlUe2Z$ZAE~iORh6i(Q(ga4%*!-1
z+<|I5+4J^^1~Y$V4-TbyxyBpoiz%#MZmenL1<AKq(;hhgf`^CUlqM=`Kwa&URZ<Kl
z8$mZM48Jt8sg5bP*wJz854NNvR83Kz|3QLS&AE%l&)MC+;wGO~?3Ow8_&MP$JHg0d
zU)Po0edhOI;Lv%=rDu6)X=!SzB^al%5m8%#<RnRS(c&RvX%(d6zc%aU;eN0WsjM6w
zJv+jo;Yjn_T}1||>Z!-13lL|LbGTgEEcb_CA5PynmBr^)dQ?`s|09*vy0T(_9}+ZR
zbvJ^MFZBM%=sY$K8B0=<ZRHGwn<oKw+jGZww^fu(^uv^C<#w$w=nlA*Hn@F9xv!^=
zj;C0O=T<O|Y&xek=cfiiYmIp(hhTW)QN*_{dD!Fo_=RwIuTnBuZh_rPGF(WpUcWV#
zPa~&kZw72fXcAk;p-7j<XG<lyQ$`ai_a+#wh&v9?DJ#ot-N3&=UTHwfE0X+zhgp#i
zUNuLZ%S&G=NeTHO<GE{*HhqVf0*CIcb!%EU85uLhtcy*hrBJf6mfL?m8L^E=%Rgkm
zZ9*O?E32rqJ5#f<g2}k7U-f!FtT$!^i0|iXBOWv$yLF}AzEX>*qYmcly?^ooxk&1Q
zk-1Q(SuhdlA@w)Zm(Wp=sUq;WD-Ce-(6j*TIHw>uOJR1lwMw-9Sp~ndBy3QS0Rp4?
zP=bXtc%@hcCDLvk_GOO~ZxnN84W-qv00VZ2-1-Si8X1a${B@6v`iZ5}fB^*!iDbnv
zaI&{ICPqp(J`~mlr_Q%nk{n8}ZxPhhF;pmqcoF39yMdtAu=hn(C$HU;@d%rmj0`*v
z?$E>pI&MpO!k33OHps&jagHw#bQH<T6plN@+PnMH5-TZgnztaIzkK<8w}gg_4}9sl
zeAPS`AD=+=cu+#ZwDAYx?K71x6~gk`#PB0duK1?}+>OTTlTsTM-yRfS>mC^BnL8rV
za6?ZMnhRQgh}YHzx<Wv4c#t;=Bu{D($;P9Mn_pD4iqGxs<G8!n|0J3~{AAI2p$3)0
zSqB~_HU=n)o!*NVY82`wGt)(!2)gK}k`{yTaO(l}o<G*+UGQmNAuFKa8ehRx-rf?l
z-k9VH(N$3JtzY%d1zpc@e1(RGNeu`Yg%622qdtxE`^-2(8unlu5_v^oprhmN4x-Mp
zDWHQavo3j~2)t<Pjx5fvlq`|f-_>7OSPLVLrsKJQaA{e<w$W-TD43grn=x+kEVkw^
z95dvVcT$YH&vQdTM&X5Eo;Do2Kix!|mJq_lWhtb#Mb$w727hms`=2o}k-y}BSsj%Y
z9+aEY!C1IeZlJ^6%(A+!9sejKTDnopw`#Q!*jjQQn=IlOObsJ$j}5uZwq(jsoSnTG
zP#A|>SsY5gaSK!8Uj+F!M{4`9FEla)Olz8bDOA~)o-9?Um`80KoOQg>Rf2y+Y8J$K
z_w?G*1?QK$It9aXjv}a8z^!yV1MQLOKDLkq>y8DFwS%59_{!77b1$HlJ3uBH-~OOb
z8+5>dZ*6YiNlL*66kzv~hle0AM&tWDQifSOXTk5to8?lR_x72Q+n`SmZF{%wU1Q#r
zCWBbX9L^iX4h}+cT2@e(uRQmtdb+!|dOXJ_SFR6;fLJuRi7*l{bgIM@IlXsRJ428G
zq~XABm>j@XbE0le?`^kWQB`2L9GyCCp(uST8^=T3{KLa70`8N6I1Z~9z$+uS(bLm+
z624NJ=&~E^tWR+GGUFTWkiIDC`95mxC!10DeM`>m@$M@cO-*TLP=P|Q;&UP9B7vw@
z?*c7M)YJWKFYoVfm^>p8lJF4;O5L^Ltv!8O1^%)bl_Hdbw&-fJ&(?Z5FjngtbR&Uy
z80o_d;>vKIW@K787?a{HlKE}ZaPD_cVaX#(E?q9Lm$vc~c)VCFAY&wDUcp55)}XF5
zf1<9PXcQw~91(+*ZlOng@Z&f*+)a|I87*%K^w2F#|K-MXql}EaVpxZnF!neAB2So#
u4J{`0Wcb^b!_Qz+9I6oY|2rFgAt&0kpJc<S;}2%;A&+6I(4q&XA^!)xWrXqo

diff --git a/logo/kluctl.svg b/logo/kluctl.svg
new file mode 100644
index 000000000..d61023e05
--- /dev/null
+++ b/logo/kluctl.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg id="a" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2139.382 599.108"><defs><style>.b{fill:#fff;}.c{fill:#3f4443;}.d{fill:#51a684;}</style></defs><g><polygon class="c" points="1013.888 211.273 943.794 211.273 820.298 348.297 820.298 116.407 764.435 116.407 764.174 495.861 820.298 495.861 820.298 358.837 939.408 495.861 1014.245 495.861 884.07 353.567 1013.888 211.273"/><rect class="c" x="1066.445" y="115.736" width="55.073" height="380.124"/><path class="c" d="M1948.135,115.341h-55.338v95.932h-54.542v44.27h54.542v128.328c0,15.46,.221,29.293,.66,41.501,.436,12.214,3.732,24.201,9.88,35.972,6.856,13.174,17.042,22.836,30.573,28.984,13.524,6.148,28.892,9.486,46.115,10.01,17.209,.531,34.778-.966,52.702-4.477v-46.639c-18.628,2.637-34.833,3.209-48.623,1.712-13.793-1.487-23.843-7.679-30.168-18.577-3.341-5.801-5.144-12.912-5.407-21.343-.261-8.434-.394-18.359-.394-29.777v-125.694h84.592v-44.27h-84.592V115.341Z"/><rect class="c" x="2084.312" y="115.736" width="55.07" height="380.124"/><path class="c" d="M1643.317,268.059c11.591-8.523,26.432-12.785,44.529-12.785,15.984,0,30.175,4.443,42.556,13.313,12.388,8.873,21.302,21.302,26.749,37.286l54.811-15.81c-7.03-26.882-21.571-48.044-43.611-63.504-22.05-15.463-48.619-23.19-79.715-23.19-28.811,0-53.491,6.41-74.044,19.237-16.498,10.295-29.794,23.881-40.178,40.453l-.156-.193s-6.753,12.861-26.657,17.45c-24.37,3.3-46.407,3.33-65.198,1.885-43.219-6.529-50.418-43.825-51.354-61.541v-9.386h-58.543v148.088c0,16.868-1.888,31.193-5.665,42.957-3.777,11.768-8.961,21.254-15.549,28.46-6.587,7.206-14.272,12.429-23.057,15.678-8.785,3.249-18.097,4.872-27.933,4.872-15.11,0-27.361-3.072-36.755-9.224-9.404-6.144-16.695-14.229-21.874-24.238-5.182-10.016-8.699-20.862-10.54-32.542-1.844-11.684-2.77-23.058-2.77-34.128V211.272h-55.862v158.104c0,8.788,.793,18.972,2.372,30.566,1.582,11.598,4.566,23.455,8.961,35.575,4.386,12.119,10.754,23.319,19.104,33.598,8.339,10.278,19.186,18.579,32.543,24.904,13.343,6.322,29.862,9.486,49.538,9.486,25.65,0,47.52-5.533,65.616-16.603,11.15-6.822,20.506-15.501,28.46-25.629v34.591h51.953v-44.781c.908-3.477,5.917-15.151,31.591-20.461,19.417-3.427,44.274-3.987,74.187,2.643,15.511,3.437,29.94,10.411,41.913,20.849,4.056,3.535,8.455,7.329,13.139,12.299,6.55,6.628,13.623,12.728,21.659,17.852,20.376,13,45.148,19.502,74.309,19.502,30.569,0,56.566-7.42,78.001-22.264,21.431-14.841,36.798-36.143,46.115-63.899l-55.866-13.177c-5.794,15.28-14.191,27.011-25.163,35.176-10.983,8.169-25.341,12.255-43.087,12.255-26,0-45.631-9.046-58.893-27.143-13.265-18.09-19.985-41.808-20.162-71.149,.177-18.967,3.072-35.837,8.699-50.592,5.62-14.759,14.232-26.392,25.827-34.914Zm-192.318,37.367c14.797,2.671,33.227,4.808,54.505,4.808,10.976,0,22.717-.592,35.071-1.943,.347-.004,.697-.007,.84,.038,.626,.184,1.834,1.82-4.181,4.59-10.414,3.409-24.653,5.719-44.632,5.719-19.427,0-32.696-3.81-41.814-9.074-1.306-.963-2.436-2.096-2.307-3.246,.088-.816,1.31-.956,2.517-.892Zm80.75,27.354c-6.999,4.532-16.835,8.125-31.002,9.577-13.776,1.412-23.619-1.851-30.682-7.019-1.034-.976-1.963-2.15-2.004-3.433-.027-.915,.824-1.157,1.684-1.173,10.799,1.888,24.109,2.919,39.198,1.375,7.785-.796,16.045-2.303,24.649-4.699,.249-.03,.497-.058,.599-.02,.466,.156,1.507,1.885-2.443,5.392Zm1.987,67.516c-29.838-5.552-55.382-4.661-76.171-.905-3.708,.088-7.247-.977-7.247-3.117,0-1.3,1.296-2.647,2.667-3.759,16.12-10.289,36.201-11.221,44.029-11.221,17.042,0,30.155,3.631,40.287,9.067l-.024,.034s5.699,3.603,4.78,6.26c-.877,2.538-2.708,4.311-8.322,3.641Z"/></g><path class="d" d="M571.593,316.392c-8.727-2.476-17.504-2.709-25.758-1.089-54.422,10.683-108.39,3.741-135.825-1.374-10.448-1.948-18.316-10.12-20.628-20.494-.047-.213-.096-.426-.145-.638-2.389-10.345,1.056-21.148,9.617-27.427,21.392-15.688,64.618-43.451,121.836-60.157,13.114-3.829,25.688-11.424,33.96-26.243,9.591-17.182,9.61-38.682-.614-55.496-17.636-29.003-55.949-35.146-81.607-14.678-6.389,5.097-11.387,11.303-14.804,18.171-24.26,48.756-64.065,86.797-85.497,105.04-8.064,6.864-19.299,7.853-28.818,3.213-.219-.107-.438-.213-.658-.317-9.578-4.568-15.778-14.035-15.381-24.639,1.059-28.284,6.205-83.429,28.9-132.762,3.466-7.534,5.093-16.051,4.685-24.97-1.239-27.077-21.056-48.732-47.953-52.089-33.6-4.193-62.201,21.895-62.201,54.662,0,7.152,1.331,13.997,3.843,20.254,24.153,60.159,29.356,109.21,30.187,134.75,.344,10.591-5.796,20.098-15.383,24.612-.269,.127-.537,.254-.804,.384-9.631,4.658-20.983,3.6-29.055-3.42-21.761-18.927-62.404-58.175-85.782-105.183-3.673-7.385-9.311-13.919-16.485-19.147-21.817-15.9-51.012-14.075-70.456,4.653-24.532,23.63-22.048,62.479,3.672,82.989,6.39,5.096,13.541,8.637,21.008,10.392,52.608,12.368,98.8,43.003,121.433,59.964,8.461,6.34,11.914,17.053,9.523,27.352-.063,.27-.124,.541-.184,.812-2.296,10.35-10.141,18.503-20.556,20.485-27.642,5.26-82.171,12.469-135.877,1.343-8.142-1.687-16.828-1.391-25.456,1.009-26.17,7.28-42.836,31.511-40.022,58.529,3.498,33.576,35.233,55.549,67.115,48.271,6.973-1.592,13.388-4.361,18.892-8.255,51.592-36.507,99.72-52.772,124.95-59.402,10.167-2.672,20.687,1.349,27.174,9.622,.188,.24,.377,.479,.568,.716,6.659,8.308,8.139,19.561,3.143,28.963-13.417,25.252-42.326,73.24-83.534,107.028-6.384,5.234-11.507,12.189-15.008,20.355-10.643,24.83-2.335,52.895,20.283,67.667,28.49,18.607,65.773,7.533,80.034-22.087,3.546-7.364,5.456-15.123,5.456-22.794,0-52.077,19.989-105.228,31.562-131.637,4.206-9.598,13.749-15.564,24.227-15.436,.608,.007,1.217,.01,1.827,.007,10.32-.051,19.642,6.027,23.778,15.482,11.145,25.477,29.986,76.37,31.514,132.131,.23,8.378,2.425,16.849,6.751,24.78,13.093,24.003,40.677,34.691,66.462,25.597,31.537-11.123,45.63-46.69,31.527-75.968-3.104-6.443-7.236-12.074-12.251-16.579-47.763-42.902-73.997-85.72-85.849-108.606-4.811-9.291-3.216-20.394,3.374-28.52,.291-.359,.579-.72,.865-1.084,6.496-8.281,17.034-12.306,27.209-9.616,25.153,6.65,73.095,22.92,124.943,59.344,5.517,3.876,11.92,6.661,18.893,8.252,30.183,6.885,60.23-12.446,66.311-43.013,5.513-27.718-11.746-55.991-38.934-63.706Z"/><path class="b" d="M581.392,337.87c-2.696-1.955-6.605-4.242-9.18-5.403,0,0-10.865-5.984-29.506-1.554,0,0-18.892,3.472-33.01,4.11,0,0,1.405,6.542,17.976,7.057,15.273,.475,26.975-5.935,41.02,3.802,.49,.362,.952,.713,1.462,1.083,.191,.139,.373,.293,.561,.436,.471,.374,.938,.722,1.415,1.134,7.851,6.678,12.874,16.641,15.904,13.878,4.647-4.237,2.357-18.017-6.643-24.543Z"/><path class="b" d="M544.736,138.609c-1.894-4.674-3.642-8.048-6.09-11.079,0,0-8.412-14.335-29.328-15.642-21.663-1.354-33.236,14.063-33.236,14.063,0,0,12.009-4.987,24.894-4.666,14.756,.368,26.593,12.207,28.378,26.86,1.192,9.787,1.665,18.269,7.599,18.269,10.665,0,12.392-16.437,7.783-27.805Z"/><path class="b" d="M336.667,29.013c-1.564-1.657-13.864-17.164-37.979-13.461-2.21,.339-4.385,.949-6.479,1.733-2.592,.971-6.056,2.519-9.222,4.751,0,0,30.886-3.756,40.193,17.658,0,0,7.852,21.643,17.385,18.788,.304-.015,.609-.085,.916-.275,5.818-3.587,3.48-20.406-4.815-29.195Z"/><path class="b" d="M110.314,129.318c-9.788-5.176-2.627-19.844,7.512-15.395,1.926,.845,7.488,3.231,9.337,4.56,18.592,13.363,7.088,14.06,41.217,59.228,0,0-16.177-4.929-41.275-34.79-4.599-5.472-10.104-10.069-16.423-13.409l-.367-.194Z"/><path class="b" d="M457.24,541.329c-.117-3.196,1.095-16.089-17.835-31.753,0,0-13.808-12.864-21.959-21.655,0,0-4.803,4.056,4.615,16.893,8.681,11.833,20.454,16.888,21.402,33.273,.016,.585,.024,1.144,.046,1.748,.009,.229,0,.459,.002,.688-.004,.576,.01,1.134-.02,1.737-.404,9.89-4.966,19.586-1.083,20.242,5.954,1.006,15.222-10.504,14.831-21.174Z"/></svg>
\ No newline at end of file

From 520e096056b04b844bc33424aa526f6e7307a1c9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Apr 2022 17:24:51 +0200
Subject: [PATCH 0020/2268] fix: Actually allow directories with --from-archive

---
 cmd/kluctl/args/project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 2dc50b9ae..9153d27f8 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -8,7 +8,7 @@ type ProjectFlags struct {
 	LocalClusters       string `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yml" type:"existingdir"`
 	LocalDeployment     string `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yml" type:"existingdir"`
 	LocalSealedSecrets  string `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" type:"existingdir"`
-	FromArchive         string `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." type:"existingfile"`
+	FromArchive         string `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." type:"existing"`
 	FromArchiveMetadata string `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." type:"existingfile"`
 	Cluster             string `group:"project" help:"Specify/Override cluster"`
 }

From 239d99624024a22a10f0f6ad6a666728b63abd35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Thu, 21 Apr 2022 06:47:18 +0200
Subject: [PATCH 0021/2268] build: rely on python download script for detection
 of arch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aljoscha Pörtner <aljoscha.poertner@posteo.de>
---
 Makefile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index b74eb7b59..c17bb50b0 100644
--- a/Makefile
+++ b/Makefile
@@ -46,9 +46,7 @@ vendor: ## Copy of all packages needed to support builds and tests in the vendor
 	$(GOCMD) mod vendor
 
 python:  ## Download python for Jinja2 support
-	./hack/download-python.sh linux
-	./hack/download-python.sh windows
-	./hack/download-python.sh darwin
+	./hack/download-python.sh
 
 generate: ## Generating Jinja2 support
 	$(GOCMD) generate ./...

From 49b466bcc14b4f97bb08e427f72541e71e9a3609 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 12:12:52 +0200
Subject: [PATCH 0022/2268] fix: Make metadata.yml sorting stable

---
 pkg/kluctl_project/git.go          | 5 +++++
 pkg/kluctl_project/load_targets.go | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index e7cdcf650..4fd28013e 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
+	"sort"
 	"strings"
 	"sync"
 )
@@ -223,5 +224,9 @@ func (c *KluctlProjectContext) addInvolvedRepo(u git_url.GitUrl, refPattern stri
 	}
 	if !found {
 		c.involvedRepos[repoKey] = append(c.involvedRepos[repoKey], *e)
+		s := c.involvedRepos[repoKey]
+		sort.SliceStable(s, func(i, j int) bool {
+			return s[i].RefPattern < s[j].RefPattern
+		})
 	}
 }
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index 6cfcd76c2..1d86d5d5e 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -12,6 +12,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"regexp"
+	"sort"
 	"strings"
 	"sync"
 )
@@ -69,6 +70,9 @@ func (c *KluctlProjectContext) loadTargets() error {
 			})
 		}
 	}
+	sort.SliceStable(c.DynamicTargets, func(i, j int) bool {
+		return c.DynamicTargets[i].Target.Name < c.DynamicTargets[j].Target.Name
+	})
 	return nil
 }
 

From 9efae3d847f4fc4c78f4cd13f0ab3b78e8720e1e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 18:14:01 +0200
Subject: [PATCH 0023/2268] build: Move downloading of python into generate
 stage and via go

---
 .github/workflows/build-and-release.yml |   8 +-
 Makefile                                |   7 +-
 go.mod                                  |   1 +
 hack/download-python.sh                 |  43 --------
 pkg/python/download/main.go             | 132 ++++++++++++++++++++++++
 pkg/python/embed_darwin.go              |   8 --
 pkg/python/embed_darwin_amd64.go        |   9 ++
 pkg/python/embed_darwin_arm64.go        |   9 ++
 pkg/python/embed_linux.go               |   8 --
 pkg/python/embed_linux_amd64.go         |   9 ++
 pkg/python/embed_linux_arm64.go         |   9 ++
 pkg/python/embed_windows.go             |   8 --
 pkg/python/embed_windows_amd64.go       |   9 ++
 pkg/utils/embed_util/packer/main.go     |   1 +
 pkg/utils/tar.go                        |  20 ++--
 15 files changed, 194 insertions(+), 87 deletions(-)
 delete mode 100755 hack/download-python.sh
 create mode 100644 pkg/python/download/main.go
 delete mode 100644 pkg/python/embed_darwin.go
 create mode 100644 pkg/python/embed_darwin_amd64.go
 create mode 100644 pkg/python/embed_darwin_arm64.go
 delete mode 100644 pkg/python/embed_linux.go
 create mode 100644 pkg/python/embed_linux_amd64.go
 create mode 100644 pkg/python/embed_linux_arm64.go
 delete mode 100644 pkg/python/embed_windows.go
 create mode 100644 pkg/python/embed_windows_amd64.go

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 4cd3c7c64..26e3bcfc7 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -32,11 +32,6 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - name: Download python
-        run: |
-          ./hack/download-python.sh linux
-          ./hack/download-python.sh darwin
-          ./hack/download-python.sh windows
       - name: Get Version
         id: get_version
         run: |
@@ -68,8 +63,7 @@ jobs:
       - name: Go Generate
         run: |
           go generate ./...
-          go generate -tags darwin ./pkg/python
-          go generate -tags windows ./pkg/python
+          go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v
diff --git a/Makefile b/Makefile
index c17bb50b0..f73aa2b4c 100644
--- a/Makefile
+++ b/Makefile
@@ -45,12 +45,9 @@ clean: ## Remove build related file
 vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
 	$(GOCMD) mod vendor
 
-python:  ## Download python for Jinja2 support
-	./hack/download-python.sh
-
-generate: ## Generating Jinja2 support
+generate: ## Generating Python and Jinja2 support
 	$(GOCMD) generate ./...
-	$(GOCMD) generate ./pkg/python
+	$(GOCMD) generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
 
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite
diff --git a/go.mod b/go.mod
index 7b7f6a544..56cc82387 100644
--- a/go.mod
+++ b/go.mod
@@ -20,6 +20,7 @@ require (
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
+	github.com/klauspost/compress v1.13.6
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/ohler55/ojg v1.14.0
diff --git a/hack/download-python.sh b/hack/download-python.sh
deleted file mode 100755
index d78a9040a..000000000
--- a/hack/download-python.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-DIR=$(cd $(dirname $0) && pwd)
-cd $DIR/..
-
-if [ "$1" != "" ]; then
-  os=$1
-else
-  case "$(uname -s)" in
-      Linux*)     os=linux;;
-      Darwin*)    os=darwin;;
-      MINGW*)     os=windows;;
-      *)          echo "unknown os"; exit 1;
-  esac
-fi
-
-arch=x86_64
-
-case "$os" in
-    linux*)     python_dist=unknown-linux-gnu-pgo-full;;
-    darwin*)    python_dist=apple-darwin-pgo-full;;
-    windows*)   python_dist=pc-windows-msvc-shared-pgo-full;;
-esac
-
-mkdir -p download-python/$os
-cd download-python/$os
-
-PYTHON_STANDALONE_VERSION=20220227
-PYTHON_VERSION=3.10.2
-
-if [ ! -d python ]; then
-  curl -L -o python.tar.zst https://github.com/indygreg/python-build-standalone/releases/download/$PYTHON_STANDALONE_VERSION/cpython-$PYTHON_VERSION+$PYTHON_STANDALONE_VERSION-$arch-$python_dist.tar.zst
-  tar -xf python.tar.zst
-fi
-
-cd python/install
-
-for i in test site-packages venv ensurepip idlelib distutils pydoc_data asyncio email tkinter lib2to3 xml multiprocessing unittest; do
-  rm -rf lib/python3.*/$i
-  rm -rf Lib/$i
-done
diff --git a/pkg/python/download/main.go b/pkg/python/download/main.go
new file mode 100644
index 000000000..0987a2015
--- /dev/null
+++ b/pkg/python/download/main.go
@@ -0,0 +1,132 @@
+package main
+
+import (
+	"fmt"
+	"github.com/klauspost/compress/zstd"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	log "github.com/sirupsen/logrus"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+const (
+	pythonVersionBase       = "3.10"
+	pythonVersionFull       = "3.10.3"
+	pythonStandaloneVersion = "20220318"
+)
+
+var pythonDists = map[string]string{
+	"linux": "unknown-linux-gnu-lto-full",
+	"darwin": "apple-darwin-lto-full",
+	"windows": "pc-windows-msvc-shared-pgo-full",
+}
+
+var archMapping = map[string]string{
+	"amd64": "x86_64",
+	"386": "i686",
+	"arm64": "aarch64",
+}
+
+var removeLibs = []string{
+	"site-packages",
+	"venv",
+	"ensurepip",
+	"idlelib",
+	"distutils",
+	"pydoc_data",
+	"asyncio",
+	"email",
+	"tkinter",
+	"lib2to3",
+	"xml",
+	"multiprocessing",
+	"unittest",
+}
+
+func main() {
+	osName := os.Args[1]
+	arch := os.Args[2]
+	extractPath := os.Args[3]
+
+	dist, ok := pythonDists[osName]
+	if !ok {
+		log.Panicf("no dist for %s", osName)
+	}
+
+	downloadPath := download(osName, arch, dist)
+
+	os.RemoveAll(extractPath)
+	decompress(downloadPath, extractPath)
+
+	for _, lib := range removeLibs {
+		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "lib", fmt.Sprintf("python%s", pythonVersionBase), lib))
+		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "Lib", lib))
+	}
+}
+
+func download(osName, arch, dist string) string {
+	pythonArch, ok := archMapping[arch]
+	if !ok {
+		log.Errorf("arch %s not supported", arch)
+		os.Exit(1)
+	}
+	fname := fmt.Sprintf("cpython-%s+%s-%s-%s.tar.zst", pythonVersionFull, pythonStandaloneVersion, pythonArch, dist)
+	downloadPath := filepath.Join(os.TempDir(), fname)
+	downloadUrl := fmt.Sprintf("https://github.com/indygreg/python-build-standalone/releases/download/%s/%s", pythonStandaloneVersion, fname)
+
+	if _, err := os.Stat(downloadPath); err == nil {
+		log.Infof("skipping download of %s", downloadUrl)
+		return downloadPath
+	}
+
+	log.Infof("downloading %s", downloadUrl)
+
+	r, err := http.Get(downloadUrl)
+	if err != nil {
+		log.Errorf("download failed: %v", err)
+		os.Exit(1)
+	}
+	if r.StatusCode == http.StatusNotFound {
+		log.Errorf("404 not found")
+		os.Exit(1)
+	}
+	defer r.Body.Close()
+
+	fileData, err := ioutil.ReadAll(r.Body)
+
+	err = ioutil.WriteFile(downloadPath, fileData, 0o640)
+	if err != nil {
+		log.Errorf("writing file failed: %v", err)
+		os.Remove(downloadPath)
+		os.Exit(1)
+	}
+
+	return downloadPath
+}
+
+func decompress(archivePath string, targetPath string) string {
+	f, err := os.Open(archivePath)
+	if err != nil {
+		log.Errorf("opening file failed: %v", err)
+		os.Exit(1)
+	}
+	defer f.Close()
+
+	z, err := zstd.NewReader(f)
+	if err != nil {
+		log.Errorf("decompression failed: %v", err)
+		os.Exit(1)
+	}
+	defer z.Close()
+
+	log.Infof("decompressing %s", archivePath)
+	err = utils.ExtractTarStream(z, targetPath)
+	if err != nil {
+		log.Errorf("decompression failed: %v", err)
+		os.Exit(1)
+	}
+
+	return targetPath
+}
\ No newline at end of file
diff --git a/pkg/python/embed_darwin.go b/pkg/python/embed_darwin.go
deleted file mode 100644
index ee5252620..000000000
--- a/pkg/python/embed_darwin.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package python
-
-import "embed"
-
-//go:generate go run ../utils/embed_util/packer python-darwin.tar.gz ../../download-python/darwin/python/install bin lib/*.dylib lib/python3.*
-
-//go:embed python-darwin.tar.gz python-darwin.tar.gz.files
-var pythonLib embed.FS
diff --git a/pkg/python/embed_darwin_amd64.go b/pkg/python/embed_darwin_amd64.go
new file mode 100644
index 000000000..4fb6ecf9a
--- /dev/null
+++ b/pkg/python/embed_darwin_amd64.go
@@ -0,0 +1,9 @@
+package python
+
+import "embed"
+
+//go:generate go run ./download darwin amd64 ../../download-python/darwin/amd64
+//go:generate go run ../utils/embed_util/packer python-darwin-amd64.tar.gz ../../download-python/darwin/amd64/python/install bin lib/*.dylib lib/python3.*
+
+//go:embed python-darwin-amd64.tar.gz python-darwin-amd64.tar.gz.files
+var pythonLib embed.FS
diff --git a/pkg/python/embed_darwin_arm64.go b/pkg/python/embed_darwin_arm64.go
new file mode 100644
index 000000000..18aa21233
--- /dev/null
+++ b/pkg/python/embed_darwin_arm64.go
@@ -0,0 +1,9 @@
+package python
+
+import "embed"
+
+//go:generate go run ./download darwin arm64 ../../download-python/darwin/arm64
+//go:generate go run ../utils/embed_util/packer python-darwin-arm64.tar.gz ../../download-python/darwin/arm64/python/install bin lib/*.dylib lib/python3.*
+
+//go:embed python-darwin-arm64.tar.gz python-darwin-arm64.tar.gz.files
+var pythonLib embed.FS
diff --git a/pkg/python/embed_linux.go b/pkg/python/embed_linux.go
deleted file mode 100644
index db8d55096..000000000
--- a/pkg/python/embed_linux.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package python
-
-import "embed"
-
-//go:generate go run ../utils/embed_util/packer python-linux.tar.gz ../../download-python/linux/python/install bin lib/*.so* lib/python3.*
-
-//go:embed python-linux.tar.gz python-linux.tar.gz.files
-var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_amd64.go b/pkg/python/embed_linux_amd64.go
new file mode 100644
index 000000000..5961a767d
--- /dev/null
+++ b/pkg/python/embed_linux_amd64.go
@@ -0,0 +1,9 @@
+package python
+
+import "embed"
+
+//go:generate go run ./download linux amd64 ../../download-python/linux/amd64
+//go:generate go run ../utils/embed_util/packer python-linux-amd64.tar.gz ../../download-python/linux/amd64/python/install bin lib/*.so* lib/python3.*
+
+//go:embed python-linux-amd64.tar.gz python-linux-amd64.tar.gz.files
+var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_arm64.go b/pkg/python/embed_linux_arm64.go
new file mode 100644
index 000000000..40be4e8b0
--- /dev/null
+++ b/pkg/python/embed_linux_arm64.go
@@ -0,0 +1,9 @@
+package python
+
+import "embed"
+
+//go:generate go run ./download linux arm64 ../../download-python/linux/arm64
+//go:generate go run ../utils/embed_util/packer python-linux-arm64.tar.gz ../../download-python/linux/arm64/python/install bin lib/*.so* lib/python3.*
+
+//go:embed python-linux-arm64.tar.gz python-linux-arm64.tar.gz.files
+var pythonLib embed.FS
diff --git a/pkg/python/embed_windows.go b/pkg/python/embed_windows.go
deleted file mode 100644
index 09a5af595..000000000
--- a/pkg/python/embed_windows.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package python
-
-import "embed"
-
-//go:generate go run ../utils/embed_util/packer python-windows.tar.gz ../../download-python/windows/python/install Lib DLLs *.dll *.exe
-
-//go:embed python-windows.tar.gz python-windows.tar.gz.files
-var pythonLib embed.FS
diff --git a/pkg/python/embed_windows_amd64.go b/pkg/python/embed_windows_amd64.go
new file mode 100644
index 000000000..dfa2a12a3
--- /dev/null
+++ b/pkg/python/embed_windows_amd64.go
@@ -0,0 +1,9 @@
+package python
+
+import "embed"
+
+//go:generate go run ./download windows amd64 ../../download-python/windows/amd64
+//go:generate go run ../utils/embed_util/packer python-windows-amd64.tar.gz ../../download-python/windows/amd64/python/install Lib DLLs *.dll *.exe
+
+//go:embed python-windows-amd64.tar.gz python-windows-amd64.tar.gz.files
+var pythonLib embed.FS
diff --git a/pkg/utils/embed_util/packer/main.go b/pkg/utils/embed_util/packer/main.go
index f4d4ba5e3..39cb9e2cf 100644
--- a/pkg/utils/embed_util/packer/main.go
+++ b/pkg/utils/embed_util/packer/main.go
@@ -23,6 +23,7 @@ func main() {
 	dir := os.Args[2]
 	patterns := os.Args[3:]
 
+	log.Infof("writing tar %s", out)
 	fileList, tgz := writeTar(dir, patterns)
 
 	hash := sha256.Sum256(tgz)
diff --git a/pkg/utils/tar.go b/pkg/utils/tar.go
index 7fa7761b8..0cd6807ed 100644
--- a/pkg/utils/tar.go
+++ b/pkg/utils/tar.go
@@ -33,7 +33,11 @@ func ExtractTarGzStream(r io.Reader, targetPath string) error {
 	}
 	defer gz.Close()
 
-	tarReader := tar.NewReader(gz)
+	return ExtractTarStream(gz, targetPath)
+}
+
+func ExtractTarStream(r io.Reader, targetPath string) error {
+	tarReader := tar.NewReader(r)
 	for true {
 		header, err := tarReader.Next()
 		if err == io.EOF {
@@ -41,7 +45,7 @@ func ExtractTarGzStream(r io.Reader, targetPath string) error {
 		}
 
 		if err != nil {
-			return fmt.Errorf("ExtractTarGz: Next() failed: %w", err)
+			return fmt.Errorf("ExtractTarStream: Next() failed: %w", err)
 		}
 
 		header.Name = strings.ReplaceAll(header.Name, "/", string(os.PathSeparator))
@@ -55,28 +59,28 @@ func ExtractTarGzStream(r io.Reader, targetPath string) error {
 		switch header.Typeflag {
 		case tar.TypeDir:
 			if err := os.MkdirAll(p, 0755); err != nil {
-				return fmt.Errorf("ExtractTarGz: Mkdir() failed: %w", err)
+				return fmt.Errorf("ExtractTarStream: Mkdir() failed: %w", err)
 			}
 		case tar.TypeReg:
 			outFile, err := os.Create(p)
 			if err != nil {
-				return fmt.Errorf("ExtractTarGz: Create() failed: %w", err)
+				return fmt.Errorf("ExtractTarStream: Create() failed: %w", err)
 			}
 			_, err = io.Copy(outFile, tarReader)
 			_ = outFile.Close()
 			if err != nil {
-				return fmt.Errorf("ExtractTarGz: Copy() failed: %w", err)
+				return fmt.Errorf("ExtractTarStream: Copy() failed: %w", err)
 			}
 			err = os.Chmod(p, header.FileInfo().Mode())
 			if err != nil {
-				return fmt.Errorf("ExtractTarGz: Chmod() failed: %w", err)
+				return fmt.Errorf("ExtractTarStream: Chmod() failed: %w", err)
 			}
 		case tar.TypeSymlink:
 			if err := os.Symlink(header.Linkname, p); err != nil {
-				return fmt.Errorf("ExtractTarGz: Symlink() failed: %w", err)
+				return fmt.Errorf("ExtractTarStream: Symlink() failed: %w", err)
 			}
 		default:
-			return fmt.Errorf("ExtractTarGz: uknown type %v in %v", header.Typeflag, header.Name)
+			return fmt.Errorf("ExtractTarStream: uknown type %v in %v", header.Typeflag, header.Name)
 		}
 	}
 	return nil

From cd56bbfdfe514475133a0c5e4411917fcb1ad2cf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 18:25:41 +0200
Subject: [PATCH 0024/2268] fix: Fix extracting of python

---
 pkg/python/embed.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/python/embed.go b/pkg/python/embed.go
index b4dd1e637..e2654a685 100644
--- a/pkg/python/embed.go
+++ b/pkg/python/embed.go
@@ -16,7 +16,7 @@ func init() {
 }
 
 func decompressPython() string {
-	tarName := fmt.Sprintf("python-%s.tar.gz", runtime.GOOS)
+	tarName := fmt.Sprintf("python-%s-%s.tar.gz", runtime.GOOS, runtime.GOARCH)
 	tgz, err := pythonLib.Open(tarName)
 	if err != nil {
 		log.Panic(err)

From fc0a8c9cec75ceaf4486bb65098303235e394585 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 21:50:22 +0200
Subject: [PATCH 0025/2268] build: Use goreleaser for releases

---
 .github/workflows/release.yml                 | 34 ++++++++++
 .../{build-and-release.yml => tests.yml}      | 26 -------
 .gitignore                                    |  3 +-
 .goreleaser.yaml                              | 67 +++++++++++++++++++
 Dockerfile                                    |  3 +
 5 files changed, 106 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/release.yml
 rename .github/workflows/{build-and-release.yml => tests.yml} (92%)
 create mode 100644 .goreleaser.yaml
 create mode 100644 Dockerfile

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 000000000..da7b6fba8
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,34 @@
+name: goreleaser
+
+on:
+  push:
+    # run only against tags
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Fetch all tags
+        run: git fetch --force --tags
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17.9
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/tests.yml
similarity index 92%
rename from .github/workflows/build-and-release.yml
rename to .github/workflows/tests.yml
index 26e3bcfc7..7b23d3510 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/tests.yml
@@ -295,29 +295,3 @@ jobs:
           export KLUCTL_EXE=./dist/kluctl-${{ matrix.binary-suffix }}$TOOLS_EXE
           ./dist/e2e.test-${{ matrix.binary-suffix }}$TOOLS_EXE -test.v
 
-  release:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
-    needs:
-      - build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Download artifacts
-        uses: actions/download-artifact@v2
-      - name: Build checksums.txt
-        run: |
-          cd dist
-          sha256sum kluctl-linux-amd64 > checksums.txt
-          sha256sum kluctl-darwin-amd64 >> checksums.txt
-          sha256sum kluctl-windows-amd64.exe >> checksums.txt
-      - name: Release
-        uses: softprops/action-gh-release@v1
-        with:
-          draft: true
-          body_path: changelog/CHANGELOG.md
-          files: |
-            dist/kluctl-linux-*
-            dist/kluctl-darwin-*
-            dist/kluctl-windows-*
-            dist/checksums.txt
diff --git a/.gitignore b/.gitignore
index ac7a47bd5..6cebf73ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,4 +13,5 @@
 /kluctl.exe
 /e2e.test*
 /out
-/reports
\ No newline at end of file
+/reports
+dist/
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
new file mode 100644
index 000000000..2fde674b2
--- /dev/null
+++ b/.goreleaser.yaml
@@ -0,0 +1,67 @@
+before:
+  hooks:
+    - go mod tidy
+    - go generate ./...
+    - go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
+builds:
+  - id: kluctl-unix
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+  - id: kluctl-windows
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - windows
+    goarch:
+      - amd64
+archives:
+  - replacements:
+      darwin: Darwin
+      linux: Linux
+      windows: Windows
+      386: i386
+      amd64: x86_64
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+      - '^chore:'
+
+release:
+  draft: true
+  prerelease: auto
+  name_template: "{{.ProjectName}}-v{{.Version}}"
+
+dockers:
+  - id: linux-amd64
+    goos: linux
+    goarch: amd64
+    build_flag_templates:
+      - "--platform=linux/amd64"
+    image_templates:
+      - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
+  - id: linux-arm64
+    goos: linux
+    goarch: arm64
+    build_flag_templates:
+      - "--platform=linux/arm64"
+    image_templates:
+      - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"
+
+docker_manifests:
+  - name_template: ghcr.io/kluctl/kluctl:{{ .Version }}
+    image_templates:
+      - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
+      - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..8e44c42ff
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,3 @@
+FROM alpine
+COPY kluctl /
+ENTRYPOINT ["/kluctl"]

From 424c9334447ea1bd39a10ac4ed0a7f6424afe875 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 21:51:29 +0200
Subject: [PATCH 0026/2268] build: Move main.go to root dir

---
 .github/workflows/tests.yml   | 6 +++---
 cmd/kluctl/main.go => main.go | 0
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename cmd/kluctl/main.go => main.go (100%)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7b23d3510..076c4276c 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -72,7 +72,7 @@ jobs:
           export CGO_ENABLED=0
           export GOARCH=amd64
           export GOOS=linux
-          go build ./cmd/kluctl
+          go build
           go test -c ./e2e
           mv kluctl kluctl-linux-amd64
           mv e2e.test e2e.test-linux-amd64
@@ -81,7 +81,7 @@ jobs:
           export CGO_ENABLED=0
           export GOARCH=amd64
           export GOOS=darwin
-          go build ./cmd/kluctl
+          go build
           go test -c ./e2e
           mv kluctl kluctl-darwin-amd64
           mv e2e.test e2e.test-darwin-amd64
@@ -90,7 +90,7 @@ jobs:
           export CGO_ENABLED=0
           export GOARCH=amd64
           export GOOS=windows
-          go build ./cmd/kluctl
+          go build
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
           mv e2e.test.exe e2e.test-windows-amd64.exe
diff --git a/cmd/kluctl/main.go b/main.go
similarity index 100%
rename from cmd/kluctl/main.go
rename to main.go

From 912ee942c02ee1ef83e8f0be4e2e297134b53615 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 22:17:21 +0200
Subject: [PATCH 0027/2268] build: Use version provided by goreleaser

---
 .github/workflows/tests.yml        | 27 ---------------------------
 cmd/kluctl/commands/cmd_version.go |  2 +-
 cmd/kluctl/commands/root.go        |  4 ++--
 main.go                            |  8 +++++++-
 pkg/version/version.go             | 10 +++++++++-
 5 files changed, 19 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 076c4276c..c22bbadb3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -10,8 +10,6 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.get_version.outputs.version }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -32,31 +30,6 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - name: Get Version
-        id: get_version
-        run: |
-          go install github.com/bvieira/sv4git/v2/cmd/git-sv@v2.7.0
-          KLUCTL_VERSION="$(git sv next-version)"
-          if [[ "${{ github.ref }}" != refs/tags/* ]]; then
-            KLUCTL_VERSION="$KLUCTL_VERSION-dev-$(git rev-parse --short HEAD)"
-          fi
-          echo "KLUCTL_VERSION=$KLUCTL_VERSION"
-          echo "KLUCTL_VERSION=$KLUCTL_VERSION" >> $GITHUB_ENV
-          echo "::set-output name=version::$VERSION"
-      - name: Generate Changelog
-        id: gen_changelog
-        run: |
-          git sv changelog -n 1 > CHANGELOG.md
-      - name: Upload Changelog
-        uses: actions/upload-artifact@v2
-        with:
-          name: changelog
-          path: |
-            CHANGELOG.md
-      - name: Write Version to version.go
-        run: |
-          sed -ibak "s/0.0.0/$KLUCTL_VERSION/g" pkg/version/version.go
-          cat pkg/version/version.go
       - name: Go Mod Vendor
         run: |
           go mod vendor
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index de05a2d49..98da1b398 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -9,6 +9,6 @@ type versionCmd struct {
 }
 
 func (cmd *versionCmd) Run() error {
-	_, err := os.Stdout.WriteString(version.Version + "\n")
+	_, err := os.Stdout.WriteString(version.GetVersion() + "\n")
 	return err
 }
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 0b20a914b..4027e612c 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -81,7 +81,7 @@ func (c *cli) checkNewVersion() {
 	if c.NoUpdateCheck {
 		return
 	}
-	if version.Version == "0.0.0" {
+	if version.GetVersion() == "(devel)" {
 		return
 	}
 
@@ -119,7 +119,7 @@ func (c *cli) checkNewVersion() {
 		latestVersionStr = latestVersionStr[1:]
 	}
 	latestVersion := versions.LooseVersion(latestVersionStr)
-	localVersion := versions.LooseVersion(version.Version)
+	localVersion := versions.LooseVersion(version.GetVersion())
 	if localVersion.Less(latestVersion, true) {
 		log.Warningf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion, latestVersion)
 	}
diff --git a/main.go b/main.go
index e95adcccb..fb256f4c4 100644
--- a/main.go
+++ b/main.go
@@ -15,8 +15,14 @@ limitations under the License.
 */
 package main
 
-import "github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+import (
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+	version2 "github.com/kluctl/kluctl/v2/pkg/version"
+)
+
+var version = "0.0.0"
 
 func main() {
+	version2.SetVersion(version)
 	commands.Execute()
 }
diff --git a/pkg/version/version.go b/pkg/version/version.go
index 415100dcc..f948678a6 100644
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -1,3 +1,11 @@
 package version
 
-var Version = "0.0.0"
+var version = "0.0.0"
+
+func SetVersion(v string) {
+	version = v
+}
+
+func GetVersion() string {
+	return version
+}

From b80c289402cf635f592aac48afe2336b4fa40ac0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 22:18:07 +0200
Subject: [PATCH 0028/2268] build: Fix "make build" to not depend on
 non-existing target

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f73aa2b4c..dc4f6521c 100644
--- a/Makefile
+++ b/Makefile
@@ -30,7 +30,7 @@ check-kind: ## Checks if kind is installed
 	kind version
 
 ## Build:
-build: vendor python generate build-go ## Run the complete build pipeline
+build: vendor generate build-go ## Run the complete build pipeline
 
 build-go:  ## Build your project and put the output binary in out/bin/
 	mkdir -p out/bin

From 1792931295772a4ce3f95f1980f3402a605fdcde Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 22:18:25 +0200
Subject: [PATCH 0029/2268] build: Install python in release job

---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index da7b6fba8..681f86b49 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,6 +24,10 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.17.9
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.10.2
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

From 76297c2d4a631d97536bd686228d3cc190e0bd03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 22:18:41 +0200
Subject: [PATCH 0030/2268] build: Rename dist artifact to binaries

---
 .github/workflows/tests.yml | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c22bbadb3..d0d67de68 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -1,11 +1,9 @@
-name: build
+name: tests
 
 on:
   push:
     branches:
       - '*'
-    tags:
-      - 'v*'
 
 jobs:
   build:
@@ -67,10 +65,10 @@ jobs:
           go test -c ./e2e
           mv kluctl.exe kluctl-windows-amd64.exe
           mv e2e.test.exe e2e.test-windows-amd64.exe
-      - name: Upload dist artifact
+      - name: Upload binaries
         uses: actions/upload-artifact@v2
         with:
-          name: dist
+          name: binaries
           path: |
             kluctl-linux-amd64
             kluctl-darwin-amd64
@@ -259,12 +257,11 @@ jobs:
           echo "KIND_KUBECONFIG=$(pwd)/kind-kubeconfig" >> $GITHUB_ENV
 
           ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME" "$DOCKER_IP" "$PORT"
-      - name: Download dist artifacts
+      - name: Download artifacts
         uses: actions/download-artifact@v2
       - name: Run e2e tests
         shell: bash
         run: |
-          chmod +x ./dist/*
-          export KLUCTL_EXE=./dist/kluctl-${{ matrix.binary-suffix }}$TOOLS_EXE
-          ./dist/e2e.test-${{ matrix.binary-suffix }}$TOOLS_EXE -test.v
-
+          chmod +x ./binaries/*
+          export KLUCTL_EXE=./binaries/kluctl-${{ matrix.binary-suffix }}$TOOLS_EXE
+          ./binaries/e2e.test-${{ matrix.binary-suffix }}$TOOLS_EXE -test.v

From 6dac10ce6fc82cb3a6bc63c550baf89b65c0c5f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 23:03:44 +0200
Subject: [PATCH 0031/2268] build: Skip extraction to speed up generate

---
 pkg/python/download/main.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/pkg/python/download/main.go b/pkg/python/download/main.go
index 0987a2015..b61e93840 100644
--- a/pkg/python/download/main.go
+++ b/pkg/python/download/main.go
@@ -56,14 +56,23 @@ func main() {
 	}
 
 	downloadPath := download(osName, arch, dist)
+	archiveBytes, _ := ioutil.ReadFile(downloadPath)
+	hash := utils.Sha256Bytes(archiveBytes)
 
-	os.RemoveAll(extractPath)
-	decompress(downloadPath, extractPath)
+	if utils.Exists(filepath.Join(extractPath, hash)) {
+		log.Infof("skipping extract")
+		return
+	}
+
+	_ = os.RemoveAll(extractPath)
+	extract(downloadPath, extractPath)
 
 	for _, lib := range removeLibs {
 		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "lib", fmt.Sprintf("python%s", pythonVersionBase), lib))
 		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "Lib", lib))
 	}
+
+	_ = utils.Touch(filepath.Join(extractPath, hash))
 }
 
 func download(osName, arch, dist string) string {
@@ -106,7 +115,7 @@ func download(osName, arch, dist string) string {
 	return downloadPath
 }
 
-func decompress(archivePath string, targetPath string) string {
+func extract(archivePath string, targetPath string) string {
 	f, err := os.Open(archivePath)
 	if err != nil {
 		log.Errorf("opening file failed: %v", err)

From 888ccd053ddb97f4d727abf208a9252a21b6aaf0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 23:04:09 +0200
Subject: [PATCH 0032/2268] build: No need to duplicate builds (we can use
 ignore)

---
 .goreleaser.yaml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 2fde674b2..94593898d 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -4,22 +4,19 @@ before:
     - go generate ./...
     - go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
 builds:
-  - id: kluctl-unix
+  - id: kluctl
     env:
       - CGO_ENABLED=0
     goos:
       - linux
       - darwin
-    goarch:
-      - amd64
-      - arm64
-  - id: kluctl-windows
-    env:
-      - CGO_ENABLED=0
-    goos:
       - windows
     goarch:
       - amd64
+      - arm64
+    ignore:
+      - goos: windows
+        goarch: arm64
 archives:
   - replacements:
       darwin: Darwin

From 3c27643a0c621476bc4ac5340ed550ccc049f4f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 23:08:56 +0200
Subject: [PATCH 0033/2268] build: No need to generate for arm64 for tests

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index d0d67de68..e0d2548be 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Go Generate
         run: |
           go generate ./...
-          go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
+          go generate -tags linux,darwin,windows,amd64 ./pkg/python
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v

From 0afaa38a450068c748794b4967d781bace5b9d86 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 23:13:34 +0200
Subject: [PATCH 0034/2268] build: Fix make build

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index dc4f6521c..386304320 100644
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@ build: vendor generate build-go ## Run the complete build pipeline
 
 build-go:  ## Build your project and put the output binary in out/bin/
 	mkdir -p out/bin
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME) ./cmd/kluctl
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME)
 
 clean: ## Remove build related file
 	rm -fr ./bin

From b54f008c15d5805205f5ccc535323384c14035bc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Apr 2022 23:58:22 +0200
Subject: [PATCH 0035/2268] build: Add homebrew release

---
 .github/workflows/release.yml |  1 +
 .goreleaser.yaml              | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 681f86b49..d58ed932d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,3 +36,4 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 94593898d..31e60d0e1 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -62,3 +62,17 @@ docker_manifests:
     image_templates:
       - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
       - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"
+
+brews:
+  - name: kluctl
+    tap:
+      owner: kluctl
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+    folder: Formula
+    homepage: "https://kluctl.io/"
+    description: "kluctl"
+    install: |
+      bin.install "kluctl"
+    test: |
+      system "#{bin}/kluctl version"

From ad816f20e47569f58789616ab193f8f06b68563e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:04:19 +0200
Subject: [PATCH 0036/2268] build: Immediately release instead of creating a
 draft

---
 .goreleaser.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 31e60d0e1..14d80e4f5 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -37,7 +37,6 @@ changelog:
       - '^chore:'
 
 release:
-  draft: true
   prerelease: auto
   name_template: "{{.ProjectName}}-v{{.Version}}"
 

From 27e8bb305998e377c51e7fe93b1b1c83e71e9070 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:20:37 +0200
Subject: [PATCH 0037/2268] build: Add go cache to goreleaser workflow

---
 .github/workflows/release.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d58ed932d..a5a72b116 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,6 +28,14 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: 3.10.2
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

From ad14a743c72408c9869b599819bee75d30665997 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:22:36 +0200
Subject: [PATCH 0038/2268] build: Use own cache key for goreleaser

---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a5a72b116..3bff60fef 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,9 +33,9 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-goreleaser-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go-
+            ${{ runner.os }}-goreleaser-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

From 803a6fd8e607e593f95eb6695eaa785e88ad251d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:31:51 +0200
Subject: [PATCH 0039/2268] build: Add opencontainers labels to docker images

---
 .goreleaser.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 14d80e4f5..5bba04646 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -45,6 +45,13 @@ dockers:
     goos: linux
     goarch: amd64
     build_flag_templates:
+      - "--pull"
+      - "--build-arg=ARCH=linux/amd64"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.name={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/amd64"
     image_templates:
       - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
@@ -52,6 +59,13 @@ dockers:
     goos: linux
     goarch: arm64
     build_flag_templates:
+      - "--pull"
+      - "--build-arg=ARCH=linux/arm64"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.name={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.version={{ .Version }}"
+      - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/arm64"
     image_templates:
       - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"

From 0cd6851b5ff377a0abfa6ef122927d2aa513ce73 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:33:58 +0200
Subject: [PATCH 0040/2268] build: Setup docker and login to ghcr

---
 .github/workflows/release.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3bff60fef..a304b20d6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,6 +28,17 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: 3.10.2
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: fluxcdbot
+          password: ${{ secrets.GHCR_TOKEN }}
       - uses: actions/cache@v2
         with:
           path: |

From 9316fe4370a3bd7e5b5fc326d984fdf7d19b8d29 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:36:03 +0200
Subject: [PATCH 0041/2268] build: Use correct username for ghcr login

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a304b20d6..1f423ea0d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
         uses: docker/login-action@v1
         with:
           registry: ghcr.io
-          username: fluxcdbot
+          username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
       - uses: actions/cache@v2
         with:

From 8e6cb2651eb4eaad751d6ee33ae189d47bd98e92 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 00:59:19 +0200
Subject: [PATCH 0042/2268] build: Fix HOMEBREW_TAP_GITHUB_TOKEN

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1f423ea0d..0f2953895 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -55,4 +55,4 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}

From dc218a424e2f4da3833e04acb56b9dc4a1453677 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 09:34:22 +0200
Subject: [PATCH 0043/2268] build: Use tag instead of version in release
 names/tags

---
 .goreleaser.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 5bba04646..851a78bfc 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -38,7 +38,7 @@ changelog:
 
 release:
   prerelease: auto
-  name_template: "{{.ProjectName}}-v{{.Version}}"
+  name_template: "{{.ProjectName}}-{{.Tag}}"
 
 dockers:
   - id: linux-amd64
@@ -54,7 +54,7 @@ dockers:
       - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/amd64"
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
+      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-amd64"
   - id: linux-arm64
     goos: linux
     goarch: arm64
@@ -68,13 +68,13 @@ dockers:
       - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/arm64"
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"
+      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-arm64"
 
 docker_manifests:
-  - name_template: ghcr.io/kluctl/kluctl:{{ .Version }}
+  - name_template: ghcr.io/kluctl/kluctl:{{ .Tag }}
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Version }}-amd64"
-      - "ghcr.io/kluctl/kluctl:{{ .Version }}-arm64"
+      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-amd64"
+      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-arm64"
 
 brews:
   - name: kluctl

From d3ebe24ac3faa8968af03f1e30d74f3fea8d7fb4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 09:39:23 +0200
Subject: [PATCH 0044/2268] fix: Use $TMPDIR/kluctl-workdir as base for
 temporary files

This avoids clashes in case someone has put a file into /tmp/ with the name
kluctl, which is not that unlikely to happen.
---
 pkg/utils/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index aa5433d9e..ae338d920 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -14,7 +14,7 @@ import (
 var createTmpBaseDirOnce sync.Once
 
 func GetTmpBaseDir() string {
-	dir := filepath.Join(os.TempDir(), "kluctl")
+	dir := filepath.Join(os.TempDir(), "kluctl-workdir")
 	createTmpBaseDirOnce.Do(func() {
 		err := os.MkdirAll(dir, 0o700)
 		if err != nil {

From c7847ae653352b373f18f7c51e666a288a9eee1f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 10:04:13 +0200
Subject: [PATCH 0045/2268] build: Add SBOM to releases

---
 .github/workflows/release.yml | 2 ++
 .goreleaser.yaml              | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0f2953895..b91fdad0a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,6 +33,8 @@ jobs:
       - name: Setup Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v1
+      - name: Setup Syft
+        uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v1
         with:
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 851a78bfc..3fd73cc23 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -24,6 +24,11 @@ archives:
       windows: Windows
       386: i386
       amd64: x86_64
+sboms:
+  - id: source
+    artifacts: source
+    documents:
+      - "{{ .ProjectName }}_v{{ .Version }}_sbom.spdx.json"
 checksum:
   name_template: 'checksums.txt'
 snapshot:

From cb3bed6b7414ad8cf53ddd28f29c15aab743c071 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 10:05:31 +0200
Subject: [PATCH 0046/2268] build: Fix versions in release artifacts and stop
 replacing os/arch

---
 .goreleaser.yaml | 52 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 35 insertions(+), 17 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3fd73cc23..6fb8940d7 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -4,26 +4,44 @@ before:
     - go generate ./...
     - go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
 builds:
-  - id: kluctl
-    env:
-      - CGO_ENABLED=0
+  - <<: &build_defaults
+      binary: kluctl
+      env:
+        - CGO_ENABLED=0
+    id: linux
     goos:
       - linux
+    goarch:
+      - amd64
+      - arm64
+    goarm:
+      - 7
+  - <<: *build_defaults
+    id: darwin
+    goos:
       - darwin
-      - windows
     goarch:
       - amd64
       - arm64
-    ignore:
-      - goos: windows
-        goarch: arm64
+  - <<: *build_defaults
+    id: windows
+    goos:
+      - windows
+    goarch:
+      - amd64
 archives:
-  - replacements:
-      darwin: Darwin
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
+  - name_template: "{{ .Binary }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    id: nix
+    builds: [linux, darwin]
+    format: tar.gz
+    files:
+      - none*
+  - name_template: "{{ .Binary }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    id: windows
+    builds: [windows]
+    format: zip
+    files:
+      - none*
 sboms:
   - id: source
     artifacts: source
@@ -59,7 +77,7 @@ dockers:
       - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/amd64"
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-amd64"
+      - "ghcr.io/kluctl/kluctl:v{{ .Version }}-amd64"
   - id: linux-arm64
     goos: linux
     goarch: arm64
@@ -73,13 +91,13 @@ dockers:
       - "--label=org.opencontainers.image.source={{ .GitURL }}"
       - "--platform=linux/arm64"
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-arm64"
+      - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"
 
 docker_manifests:
   - name_template: ghcr.io/kluctl/kluctl:{{ .Tag }}
     image_templates:
-      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-amd64"
-      - "ghcr.io/kluctl/kluctl:{{ .Tag }}-arm64"
+      - "ghcr.io/kluctl/kluctl:v{{ .Version }}-amd64"
+      - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"
 
 brews:
   - name: kluctl

From cf56e5a8afaadbd83c121439a6276bde9863eb16 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 10:05:41 +0200
Subject: [PATCH 0047/2268] build: Add source to releases

---
 .goreleaser.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 6fb8940d7..c29d0d594 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -42,6 +42,9 @@ archives:
     format: zip
     files:
       - none*
+source:
+  enabled: true
+  name_template: '{{ .ProjectName }}_v{{ .Version }}_source_code'
 sboms:
   - id: source
     artifacts: source

From e0157fcb8548b66d5e03f8640ee9c912fbc13104 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 10:51:35 +0200
Subject: [PATCH 0048/2268] build: Put binaries below ./bin when using make
 build

---
 .gitignore | 2 +-
 Makefile   | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6cebf73ac..3158e3eb0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,6 @@
 /kluctl
 /kluctl.exe
 /e2e.test*
-/out
+/bin
 /reports
 dist/
diff --git a/Makefile b/Makefile
index 386304320..6372eb9d5 100644
--- a/Makefile
+++ b/Makefile
@@ -32,9 +32,9 @@ check-kind: ## Checks if kind is installed
 ## Build:
 build: vendor generate build-go ## Run the complete build pipeline
 
-build-go:  ## Build your project and put the output binary in out/bin/
-	mkdir -p out/bin
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o out/bin/$(BINARY_NAME)
+build-go:  ## Build your project and put the output binary in ./bin/
+	mkdir -p ./bin
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o ./bin/$(BINARY_NAME)
 
 clean: ## Remove build related file
 	rm -fr ./bin
@@ -53,7 +53,7 @@ generate: ## Generating Python and Jinja2 support
 test: test-unit test-e2e ## Runs the complete test suite
 
 test-e2e: check-kubectl check-helm check-kind ## Runs the end to end tests
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o out/bin/$(TEST_BINARY_NAME) ./e2e
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e
 
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)

From 144310b777a36f033cc3d0f4a601e5f74d9cf9bd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 10:53:46 +0200
Subject: [PATCH 0049/2268] build: Change checksums.txt to {{ .ProjectName
 }}_v{{ .Version }}_checksums.txt

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index c29d0d594..e526c43db 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -51,7 +51,7 @@ sboms:
     documents:
       - "{{ .ProjectName }}_v{{ .Version }}_sbom.spdx.json"
 checksum:
-  name_template: 'checksums.txt'
+  name_template: '{{ .ProjectName }}_v{{ .Version }}_checksums.txt'
 snapshot:
   name_template: "{{ incpatch .Version }}-next"
 changelog:

From c0d0fe7e9ff4e4a097d2cc09cfcc4320c46ad549 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 11:06:25 +0200
Subject: [PATCH 0050/2268] docs: Add install script

---
 install/README.md |  41 ++++++++++
 install/kluctl.sh | 193 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)
 create mode 100644 install/README.md
 create mode 100755 install/kluctl.sh

diff --git a/install/README.md b/install/README.md
new file mode 100644
index 000000000..cf80366eb
--- /dev/null
+++ b/install/README.md
@@ -0,0 +1,41 @@
+# kluctl Installation
+
+Binaries for macOS and Linux AMD64 are available for download on the
+[release page](https://github.com/kluctl/kluctl/releases).
+
+To install the latest release run:
+
+```bash
+curl -s https://raw.githubusercontent.com/kluctl/kluctl/main/install/kluctl.sh | sudo bash
+```
+
+The install script does the following:
+* attempts to detect your OS
+* downloads and unpacks the release tar file in a temporary directory
+* copies the kluctl binary to `/usr/local/bin`
+* removes the temporary directory
+
+## Alternative installation methods
+
+See https://kluctl.io/getting-started/installation for alternative installation methods.
+
+## Build from source
+
+Clone the repository:
+
+```bash
+git clone https://github.com/kluctl/kluctl
+cd kluctl
+```
+
+Build the `kluctl` binary (requires go >= 1.17 and python >= 3.10):
+
+```bash
+make build
+```
+
+Run the binary:
+
+```bash
+./bin/kluctl -h
+```
diff --git a/install/kluctl.sh b/install/kluctl.sh
new file mode 100755
index 000000000..b8a34066b
--- /dev/null
+++ b/install/kluctl.sh
@@ -0,0 +1,193 @@
+#!/usr/bin/env bash
+set -e
+
+DEFAULT_BIN_DIR="/usr/local/bin"
+BIN_DIR=${1:-"${DEFAULT_BIN_DIR}"}
+GITHUB_REPO="kluctl/kluctl"
+
+# Helper functions for logs
+info() {
+    echo '[INFO] ' "$@"
+}
+
+warn() {
+    echo '[WARN] ' "$@" >&2
+}
+
+fatal() {
+    echo '[ERROR] ' "$@" >&2
+    exit 1
+}
+
+# Set os, fatal if operating system not supported
+setup_verify_os() {
+    if [[ -z "${OS}" ]]; then
+        OS=$(uname)
+    fi
+    case ${OS} in
+        Darwin)
+            OS=darwin
+            ;;
+        Linux)
+            OS=linux
+            ;;
+        *)
+            fatal "Unsupported operating system ${OS}"
+    esac
+}
+
+# Set arch, fatal if architecture not supported
+setup_verify_arch() {
+    if [[ -z "${ARCH}" ]]; then
+        ARCH=$(uname -m)
+    fi
+    case ${ARCH} in
+        arm64|aarch64|armv8l)
+            ARCH=arm64
+            ;;
+        amd64)
+            ARCH=amd64
+            ;;
+        x86_64)
+            ARCH=amd64
+            ;;
+        *)
+            fatal "Unsupported architecture ${ARCH}"
+    esac
+}
+
+# Verify existence of downloader executable
+verify_downloader() {
+    # Return failure if it doesn't exist or is no executable
+    [[ -x "$(which "$1")" ]] || return 1
+
+    # Set verified executable as our downloader program and return success
+    DOWNLOADER=$1
+    return 0
+}
+
+# Create tempory directory and cleanup when done
+setup_tmp() {
+    TMP_DIR=$(mktemp -d -t kluctl-install.XXXXXXXXXX)
+    TMP_METADATA="${TMP_DIR}/kluctl.json"
+    TMP_HASH="${TMP_DIR}/kluctl.hash"
+    TMP_BIN="${TMP_DIR}/kluctl.tar.gz"
+    cleanup() {
+        local code=$?
+        set +e
+        trap - EXIT
+        rm -rf "${TMP_DIR}"
+        exit ${code}
+    }
+    trap cleanup INT EXIT
+}
+
+# Find version from Github metadata
+get_release_version() {
+    if [[ -n "${kluctl_VERSION}" ]]; then
+      SUFFIX_URL="tags/v${kluctl_VERSION}"
+    else
+      SUFFIX_URL="latest"
+    fi
+
+    METADATA_URL="https://api.github.com/repos/${GITHUB_REPO}/releases/${SUFFIX_URL}"
+
+    info "Downloading metadata ${METADATA_URL}"
+    download "${TMP_METADATA}" "${METADATA_URL}"
+
+    VERSION_KLUCTL=$(grep '"tag_name":' "${TMP_METADATA}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+    if [[ -n "${VERSION_KLUCTL}" ]]; then
+        info "Using ${VERSION_KLUCTL} as release"
+    else
+        fatal "Unable to determine release version"
+    fi
+}
+
+# Download from file from URL
+download() {
+    [[ $# -eq 2 ]] || fatal 'download needs exactly 2 arguments'
+
+    case $DOWNLOADER in
+        curl)
+            curl -o "$1" -sfL "$2"
+            ;;
+        wget)
+            wget -qO "$1" "$2"
+            ;;
+        *)
+            fatal "Incorrect executable '${DOWNLOADER}'"
+            ;;
+    esac
+
+    # Abort if download command failed
+    [[ $? -eq 0 ]] || fatal 'Download failed'
+}
+
+# Download hash from Github URL
+download_hash() {
+    HASH_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_KLUCTL}/kluctl_v${VERSION_KLUCTL}_checksums.txt"
+
+    info "Downloading hash ${HASH_URL}"
+    download "${TMP_HASH}" "${HASH_URL}"
+    HASH_EXPECTED=$(grep " kluctl_v${VERSION_KLUCTL}_${OS}_${ARCH}.tar.gz$" "${TMP_HASH}")
+    HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*}
+}
+
+# Download binary from Github URL
+download_binary() {
+    BIN_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_KLUCTL}/kluctl_v${VERSION_KLUCTL}_${OS}_${ARCH}.tar.gz"
+    info "Downloading binary ${BIN_URL}"
+    download "${TMP_BIN}" "${BIN_URL}"
+}
+
+compute_sha256sum() {
+  cmd=$(which sha256sum shasum | head -n 1)
+  case $(basename "$cmd") in
+    sha256sum)
+      sha256sum "$1" | cut -f 1 -d ' '
+      ;;
+    shasum)
+      shasum -a 256 "$1" | cut -f 1 -d ' '
+      ;;
+    *)
+      fatal "Can not find sha256sum or shasum to compute checksum"
+      ;;
+  esac
+}
+
+# Verify downloaded binary hash
+verify_binary() {
+    info "Verifying binary download"
+    HASH_BIN=$(compute_sha256sum "${TMP_BIN}")
+    HASH_BIN=${HASH_BIN%%[[:blank:]]*}
+    if [[ "${HASH_EXPECTED}" != "${HASH_BIN}" ]]; then
+        fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}"
+    fi
+}
+
+# Setup permissions and move binary
+setup_binary() {
+    chmod 755 "${TMP_BIN}"
+    info "Installing kluctl to ${BIN_DIR}/kluctl"
+    tar -xzof "${TMP_BIN}" -C "${TMP_DIR}"
+
+    local CMD_MOVE="mv -f \"${TMP_DIR}/kluctl\" \"${BIN_DIR}\""
+    if [[ -w "${BIN_DIR}" ]]; then
+        eval "${CMD_MOVE}"
+    else
+        eval "sudo ${CMD_MOVE}"
+    fi
+}
+
+# Run the install process
+{
+    setup_verify_os
+    setup_verify_arch
+    verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
+    setup_tmp
+    get_release_version
+    download_hash
+    download_binary
+    verify_binary
+    setup_binary
+}
\ No newline at end of file

From 1539b364c05fcd1ef106f947919fe6c19393ae5a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 11:30:59 +0200
Subject: [PATCH 0051/2268] build: Add helm to docker image

---
 .goreleaser.yaml |  4 ++--
 Dockerfile       | 16 ++++++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index e526c43db..7ec26ccc2 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -72,7 +72,7 @@ dockers:
     goarch: amd64
     build_flag_templates:
       - "--pull"
-      - "--build-arg=ARCH=linux/amd64"
+      - "--build-arg=ARCH=linux-amd64"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -86,7 +86,7 @@ dockers:
     goarch: arm64
     build_flag_templates:
       - "--pull"
-      - "--build-arg=ARCH=linux/arm64"
+      - "--build-arg=ARCH=linux-arm64"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
diff --git a/Dockerfile b/Dockerfile
index 8e44c42ff..991b24a50 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,3 +1,15 @@
+FROM alpine:3.15 as builder
+
+RUN apk add --no-cache ca-certificates curl
+
+ARG ARCH=linux-amd64
+
+ENV HELM_VERSION=v3.8.2
+RUN wget -O helm.tar.gz https://get.helm.sh/helm-$HELM_VERSION-$ARCH.tar.gz && \
+    tar xzf helm.tar.gz && \
+    mv $ARCH/helm /
+
 FROM alpine
-COPY kluctl /
-ENTRYPOINT ["/kluctl"]
+COPY --from=builder /helm /usr/bin
+COPY kluctl /usr/bin/
+ENTRYPOINT ["/usr/bin/kluctl"]

From 32d92d7c887c60ae1bc2e54edfa01b67f12fa26a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 12:22:56 +0200
Subject: [PATCH 0052/2268] docs: No need to use sudo when running installer
 script

It does this internally when needed.
---
 install/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/README.md b/install/README.md
index cf80366eb..422e42d38 100644
--- a/install/README.md
+++ b/install/README.md
@@ -6,7 +6,7 @@ Binaries for macOS and Linux AMD64 are available for download on the
 To install the latest release run:
 
 ```bash
-curl -s https://raw.githubusercontent.com/kluctl/kluctl/main/install/kluctl.sh | sudo bash
+curl -s https://raw.githubusercontent.com/kluctl/kluctl/main/install/kluctl.sh | bash
 ```
 
 The install script does the following:

From f1e4f643c98b3c11dc75884480a26dd8f0763729 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Apr 2022 16:54:11 +0200
Subject: [PATCH 0053/2268] Update README.md with text from
 https://kluctl.io/docs

---
 README.md         | 58 ++++++++++++++++++++++++++++++++---------------
 install/README.md |  2 +-
 2 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 6f71b363c..099728ed9 100644
--- a/README.md
+++ b/README.md
@@ -2,30 +2,52 @@
 
 <img alt="kluctl" src="logo/kluctl.svg" width="200"/>
 
-kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
+<!-- copied from https://kluctl.io/docs -->
+
+Kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
 Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
 line interface.
 
-kluctl tries to be as flexible as possible, while remaining as simple as possible. It reuses established
-tools (e.g. kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
+Kluctl tries to be as flexible as possible, while remaining as simple as possible. It reuses established
+tools (e.g. Kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
 
-kluctl works completely locally, on the same machines that `kubectl` runs on. kluctl does not rely on any operators or other cluster-side components.
-As long as the target cluster's kubeconfig is present locally, you are able to execute it from everywhere, including your
-CI/CD pipelines or your laptop.
+Kluctl is centered around "targets", which can be a cluster or a specific environment (e.g. test, dev, prod, ...) on one
+or multiple clusters. Targets can be deployed, diffed, pruned, deleted, and so on. The idea is to have the same set of
+operations for every target, no matter how simple or complex the deployment and/or target is.
 
-Use kluctl to:
-* Organize large and complex deployments, consisting of many Helm charts and kustomize deployments
-* Do the same for small and simple deployments, as the overhead is small
-* Always know what the state of your deployments is by being able to run diffs on the whole deployment
-* Always know what you actually changed after performing a deployment
-* Keep your clusters clean by issuing regular prune calls
-* Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration
-* Manage multiple target clusters (in multiple clouds or bare-metal if you want)
-* Manage encrypted secrets for multiple target environments and clusters (based on [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets))
-* Integrate it into your CI/CD pipelines and avoid putting too much logic into your shell scripts
+Kluctl does not depend on external operators/controllers and allows to use the same deployment wherever you want,
+as long as access to the kluctl project and clusters is available. This means, that you can use it from your
+local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
 
-![](https://kluctl.io/asciinema/kluctl.gif)
+Flux support is in development and will come soon.
+
+## Installation
+
+See [installation](./install).
 
 ## Documentation
 
-Documentation can be found here: https://kluctl.io
+Documentation can be found here: https://kluctl.io/docs
+
+## Kluctl in Short
+
+<!-- copied from https://kluctl.io/docs -->
+
+|     |     |
+| --- | --- |
+| 💪 Kluctl handles all your deployments | You can manage all your deployments with Kluctl, including infrastructure related and your applications. |
+| 🪶 Complex or simple, all the same | You can manage complex and simple deployments with Kluctl. Simple deployments are lightweight while complex deployment are easily manageable. |
+| 🤖 Native git support | Kluctl has native Git support integrated, meaning that it can easily deploy remote Kluctl projects or externalize parts (e.g. cluster configs) of your Kluctl project. |
+| 🪐 Multiple environments | Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration. |
+| 🌌 Multiple clusters | Manage multiple target clusters (in multiple clouds or bare-metal if you want). |
+| 🔩 Configuration and Templating | Kluctl allows to use templating in nearly all places, making it easy to have dynamic configuration. |
+| ⎈ Helm and Kustomize | The Helm and Kustomize integrations allow you to reuse plenty of third-party charts and kustomizations. |
+| 🔍 See what's different | Always know what the state of your deployments is by being able to run diffs on the whole deployment. |
+| 🔎 See what happened | Always know what you actually changed after performing a deployment. |
+| 💥 Know what went wrong | Kluctl will show you what part of your deployment failed and why. |
+| 👐 Live and let live | Kluctl tries to not interfere with any other tools or operators. This is possible due to it's use of server-side-apply. |
+| 🧹 Keep it clean | Keep your clusters clean by issuing regular prune calls. |
+| 🔐 Encrypted Secrets | Manage encrypted secrets for multiple target environments and clusters. |
+
+## Demo
+![](https://kluctl.io/asciinema/kluctl.gif)
diff --git a/install/README.md b/install/README.md
index 422e42d38..09f38f6e3 100644
--- a/install/README.md
+++ b/install/README.md
@@ -17,7 +17,7 @@ The install script does the following:
 
 ## Alternative installation methods
 
-See https://kluctl.io/getting-started/installation for alternative installation methods.
+See https://kluctl.io/docs/installation for alternative installation methods.
 
 ## Build from source
 

From f8823bc0abda98dfb25d1171137613a368fc80de Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Sun, 24 Apr 2022 00:33:05 +0200
Subject: [PATCH 0054/2268] fix: runtime error on seal command when missing
 SealedSecret (nil)

---
 pkg/deployment/commands/seal.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index 3a91f8b87..cc255a91c 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -20,7 +20,7 @@ func NewSealCommand(c *deployment.DeploymentCollection) *SealCommand {
 }
 
 func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
-	if cmd.c.Project.Config.SealedSecrets.OutputPattern == nil {
+	if cmd.c.Project.Config.SealedSecrets == nil || cmd.c.Project.Config.SealedSecrets.OutputPattern == nil {
 		return fmt.Errorf("sealedSecrets.outputPattern is not defined")
 	}
 

From 6a723d1e5fe0ab667065124bf1fcdaf1f743466a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 11:36:21 +0200
Subject: [PATCH 0055/2268] fix: Allow to save metadata externally for all
 commands

---
 cmd/kluctl/args/project.go         |  1 +
 cmd/kluctl/commands/cmd_archive.go |  5 ++---
 cmd/kluctl/commands/utils.go       | 12 ++++++++++++
 pkg/kluctl_project/load.go         | 30 +++++++++++++++---------------
 pkg/types/metadata.go              |  2 +-
 5 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 9153d27f8..8b6f0d583 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -10,6 +10,7 @@ type ProjectFlags struct {
 	LocalSealedSecrets  string `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" type:"existingdir"`
 	FromArchive         string `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." type:"existing"`
 	FromArchiveMetadata string `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." type:"existingfile"`
+	OutputMetadata      string `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file." type:"file"`
 	Cluster             string `group:"project" help:"Specify/Override cluster"`
 }
 
diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index 90977ace4..bcbeb9f42 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -8,8 +8,7 @@ import (
 type archiveCmd struct {
 	args.ProjectFlags
 
-	OutputArchive  string `group:"misc" help:"Path to .tgz to write project to." type:"path"`
-	OutputMetadata string `group:"misc" help:"Path to .yml to write metadata to. If not specified, metadata is written into the archive."`
+	OutputArchive string `group:"misc" help:"Path to .tgz to write project to." type:"path"`
 }
 
 func (cmd *archiveCmd) Help() string {
@@ -18,6 +17,6 @@ func (cmd *archiveCmd) Help() string {
 
 func (cmd *archiveCmd) Run() error {
 	return withKluctlProjectFromArgs(cmd.ProjectFlags, func(p *kluctl_project.KluctlProjectContext) error {
-		return p.CreateTGZArchive(cmd.OutputArchive, cmd.OutputMetadata)
+		return p.CreateTGZArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index bfcbf341e..829ab5bbb 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
 )
@@ -49,6 +50,17 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 	if err != nil {
 		return err
 	}
+	if projectFlags.OutputMetadata != "" {
+		md := p.GetMetadata()
+		b, err := yaml.WriteYamlBytes(md)
+		if err != nil {
+			return err
+		}
+		err = ioutil.WriteFile(projectFlags.OutputMetadata, b, 0o640)
+		if err != nil {
+			return err
+		}
+	}
 	return cb(p)
 }
 
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 82e3eb165..48dffe726 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -206,7 +206,7 @@ func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string, j2
 		metdataPath = yaml.FixPathExt(filepath.Join(dir, "metadata.yml"))
 	}
 
-	var metadata types2.ArchiveMetadata
+	var metadata types2.ProjectMetadata
 	err := yaml.ReadYamlFile(metdataPath, &metadata)
 	if err != nil {
 		return nil, err
@@ -223,7 +223,15 @@ func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string, j2
 	return p, nil
 }
 
-func (c *KluctlProjectContext) CreateTGZArchive(archivePath string, metadataPath string) error {
+func (c *KluctlProjectContext) GetMetadata() *types2.ProjectMetadata {
+	md := &types2.ProjectMetadata{
+		InvolvedRepos: c.involvedRepos,
+		Targets:       c.DynamicTargets,
+	}
+	return md
+}
+
+func (c *KluctlProjectContext) CreateTGZArchive(archivePath string, embedMetadata bool) error {
 	f, err := os.Create(archivePath)
 	if err != nil {
 		return err
@@ -248,23 +256,15 @@ func (c *KluctlProjectContext) CreateTGZArchive(archivePath string, metadataPath
 		return h, nil
 	}
 
-	md := types2.ArchiveMetadata{
-		InvolvedRepos: c.involvedRepos,
-		Targets:       c.DynamicTargets,
-	}
-	mdStr, err := yaml.WriteYamlBytes(md)
-	if err != nil {
-		return err
-	}
-
-	if metadataPath != "" {
-		err = ioutil.WriteFile(metadataPath, mdStr, 0o666)
+	if embedMetadata {
+		md := c.GetMetadata()
+		mdStr, err := yaml.WriteYamlBytes(md)
 		if err != nil {
 			return err
 		}
-	} else {
+
 		err = tw.WriteHeader(&tar.Header{
-			Name: "metadata.yml",
+			Name: "metadata.yaml",
 			Size: int64(len(mdStr)),
 			Mode: 0o666 | tar.TypeReg,
 		})
diff --git a/pkg/types/metadata.go b/pkg/types/metadata.go
index f17fcde5f..638f4bca9 100644
--- a/pkg/types/metadata.go
+++ b/pkg/types/metadata.go
@@ -5,7 +5,7 @@ type InvolvedRepo struct {
 	Refs       map[string]string `yaml:"refs"`
 }
 
-type ArchiveMetadata struct {
+type ProjectMetadata struct {
 	InvolvedRepos map[string][]InvolvedRepo `yaml:"involvedRepos"`
 	Targets       []*DynamicTarget          `yaml:"targets"`
 }

From e29239fbabba3753e1adc0e693c216a7476fe5aa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 16:19:35 +0200
Subject: [PATCH 0056/2268] fix: Use $TMPDIR/kluctl-workdir as tmp base dir for
 jinja2 renderer

---
 pkg/jinja2/python_src/jinja2_cache.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/jinja2/python_src/jinja2_cache.py b/pkg/jinja2/python_src/jinja2_cache.py
index 669c0a2dc..8d37ec2d4 100644
--- a/pkg/jinja2/python_src/jinja2_cache.py
+++ b/pkg/jinja2/python_src/jinja2_cache.py
@@ -11,7 +11,7 @@
 from jinja2.bccache import Bucket
 
 def get_tmp_base_dir():
-    dir = os.path.join(tempfile.gettempdir(), "kluctl")
+    dir = os.path.join(tempfile.gettempdir(), "kluctl-workdir")
     os.makedirs(dir, exist_ok=True)
     return dir
 

From 7f31f3d156b3e8cb4aa824851350d30cf8cf0c07 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 11:44:28 +0200
Subject: [PATCH 0057/2268] build: Put generate logic into go program instead
 of fully relying on go:generate

This is needed to allow other applications depend on kluctl. These would
still have to run the generate programs, but at least it's possible then.
---
 pkg/jinja2/embed/python_src.dummy           |   0
 pkg/jinja2/generate/main.go                 |  56 ++++++++
 pkg/jinja2/jinja2.go                        |   3 -
 pkg/jinja2/python_src/dummy.go              |   1 +
 pkg/jinja2/python_src/pip-wheel.sh          |  14 --
 pkg/jinja2/source.go                        |   8 +-
 pkg/jinja2/tools.go                         |   9 ++
 pkg/python/embed.go                         |   4 +-
 pkg/python/embed/python-darwin-amd64.dummy  |   0
 pkg/python/embed/python-darwin-arm64.dummy  |   0
 pkg/python/embed/python-linux-amd64.dummy   |   0
 pkg/python/embed/python-linux-arm64.dummy   |   0
 pkg/python/embed/python-windows-amd64.dummy |   0
 pkg/python/embed_darwin_amd64.go            |   5 +-
 pkg/python/embed_darwin_arm64.go            |   5 +-
 pkg/python/embed_linux_amd64.go             |   5 +-
 pkg/python/embed_linux_arm64.go             |   5 +-
 pkg/python/embed_windows_amd64.go           |   5 +-
 pkg/python/{download => generate}/main.go   |  70 ++++++++--
 pkg/python/tools.go                         |   8 ++
 pkg/utils/embed_util/extract.go             |  42 ++++--
 pkg/utils/embed_util/packer/main.go         | 113 ---------------
 pkg/utils/embed_util/packer/packer.go       | 146 ++++++++++++++++++++
 23 files changed, 324 insertions(+), 175 deletions(-)
 create mode 100644 pkg/jinja2/embed/python_src.dummy
 create mode 100644 pkg/jinja2/generate/main.go
 create mode 100644 pkg/jinja2/python_src/dummy.go
 delete mode 100755 pkg/jinja2/python_src/pip-wheel.sh
 create mode 100644 pkg/jinja2/tools.go
 create mode 100644 pkg/python/embed/python-darwin-amd64.dummy
 create mode 100644 pkg/python/embed/python-darwin-arm64.dummy
 create mode 100644 pkg/python/embed/python-linux-amd64.dummy
 create mode 100644 pkg/python/embed/python-linux-arm64.dummy
 create mode 100644 pkg/python/embed/python-windows-amd64.dummy
 rename pkg/python/{download => generate}/main.go (64%)
 create mode 100644 pkg/python/tools.go
 delete mode 100644 pkg/utils/embed_util/packer/main.go
 create mode 100644 pkg/utils/embed_util/packer/packer.go

diff --git a/pkg/jinja2/embed/python_src.dummy b/pkg/jinja2/embed/python_src.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/jinja2/generate/main.go b/pkg/jinja2/generate/main.go
new file mode 100644
index 000000000..a767884b3
--- /dev/null
+++ b/pkg/jinja2/generate/main.go
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util/packer"
+	log "github.com/sirupsen/logrus"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+func main() {
+	pipWheel()
+}
+
+func pipWheel() {
+	_ = os.RemoveAll("python_src/wheel")
+	_ = os.MkdirAll("python_src/wheel", 0o700)
+
+	cmd := exec.Command("pip3", "wheel", "-r", "../requirements.txt")
+	cmd.Dir = "python_src/wheel"
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	if err != nil {
+		log.Panic(err)
+	}
+
+	wheels, err := os.ReadDir("python_src/wheel")
+	if err != nil {
+		log.Panic(err)
+	}
+	for _, w := range wheels {
+		if !strings.HasSuffix(w.Name(), ".whl") {
+			continue
+		}
+
+		cmd = exec.Command("unzip", w.Name())
+		cmd.Dir = "python_src/wheel"
+
+		err = cmd.Run()
+		if err != nil {
+			log.Panic(err)
+		}
+
+		err = os.Remove(filepath.Join("python_src/wheel", w.Name()))
+		if err != nil {
+			log.Panic(err)
+		}
+	}
+
+	err = packer.Pack("embed/python_src.tar.gz", "python_src", "*")
+	if err != nil {
+		log.Panic(err)
+	}
+}
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 431619904..58f115727 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -13,9 +13,6 @@ import (
 	"sync"
 )
 
-//go:generate bash ./python_src/pip-wheel.sh
-//go:generate go run ../utils/embed_util/packer python_src.tar.gz python_src *
-
 var paralellism = 4
 
 type Jinja2 struct {
diff --git a/pkg/jinja2/python_src/dummy.go b/pkg/jinja2/python_src/dummy.go
new file mode 100644
index 000000000..60d276519
--- /dev/null
+++ b/pkg/jinja2/python_src/dummy.go
@@ -0,0 +1 @@
+package python_src
diff --git a/pkg/jinja2/python_src/pip-wheel.sh b/pkg/jinja2/python_src/pip-wheel.sh
deleted file mode 100755
index 4dfe7d70a..000000000
--- a/pkg/jinja2/python_src/pip-wheel.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-DIR=$(cd $(dirname $0) && pwd)
-
-rm -rf $DIR/wheel
-mkdir -p $DIR/wheel
-cd $DIR/wheel
-
-pip3 wheel -r ../requirements.txt
-
-for f in *.whl; do
-  unzip $f
-  rm $f
-done
diff --git a/pkg/jinja2/source.go b/pkg/jinja2/source.go
index 78321257f..f07623b74 100644
--- a/pkg/jinja2/source.go
+++ b/pkg/jinja2/source.go
@@ -8,7 +8,9 @@ import (
 	"path/filepath"
 )
 
-//go:embed python_src.tar.gz python_src.tar.gz.files
+//go:generate go run ./generate
+
+//go:embed embed/python_src.*
 var pythonSrc embed.FS
 var pythonSrcExtracted string
 
@@ -21,13 +23,13 @@ func init() {
 }
 
 func extractSource() (string, error) {
-	tgz, err := pythonSrc.Open("python_src.tar.gz")
+	tgz, err := pythonSrc.Open("embed/python_src.tar.gz")
 	if err != nil {
 		return "", err
 	}
 	defer tgz.Close()
 
-	fileList, err := pythonSrc.Open("python_src.tar.gz.files")
+	fileList, err := pythonSrc.Open("embed/python_src.tar.gz.files")
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/jinja2/tools.go b/pkg/jinja2/tools.go
new file mode 100644
index 000000000..839cd9103
--- /dev/null
+++ b/pkg/jinja2/tools.go
@@ -0,0 +1,9 @@
+//go:build tools
+// +build tools
+
+package tools
+
+import (
+	_ "github.com/kluctl/kluctl/v2/pkg/jinja2/generate"
+	_ "github.com/kluctl/kluctl/v2/pkg/jinja2/python_src"
+)
diff --git a/pkg/python/embed.go b/pkg/python/embed.go
index e2654a685..4a67eee0d 100644
--- a/pkg/python/embed.go
+++ b/pkg/python/embed.go
@@ -9,6 +9,8 @@ import (
 	"runtime"
 )
 
+//go:generate go run ./generate
+
 var embeddedPythonPath string
 
 func init() {
@@ -16,7 +18,7 @@ func init() {
 }
 
 func decompressPython() string {
-	tarName := fmt.Sprintf("python-%s-%s.tar.gz", runtime.GOOS, runtime.GOARCH)
+	tarName := fmt.Sprintf("embed/python-%s-%s.tar.gz", runtime.GOOS, runtime.GOARCH)
 	tgz, err := pythonLib.Open(tarName)
 	if err != nil {
 		log.Panic(err)
diff --git a/pkg/python/embed/python-darwin-amd64.dummy b/pkg/python/embed/python-darwin-amd64.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/python/embed/python-darwin-arm64.dummy b/pkg/python/embed/python-darwin-arm64.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/python/embed/python-linux-amd64.dummy b/pkg/python/embed/python-linux-amd64.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/python/embed/python-linux-arm64.dummy b/pkg/python/embed/python-linux-arm64.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/python/embed/python-windows-amd64.dummy b/pkg/python/embed/python-windows-amd64.dummy
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/python/embed_darwin_amd64.go b/pkg/python/embed_darwin_amd64.go
index 4fb6ecf9a..110c5af57 100644
--- a/pkg/python/embed_darwin_amd64.go
+++ b/pkg/python/embed_darwin_amd64.go
@@ -2,8 +2,5 @@ package python
 
 import "embed"
 
-//go:generate go run ./download darwin amd64 ../../download-python/darwin/amd64
-//go:generate go run ../utils/embed_util/packer python-darwin-amd64.tar.gz ../../download-python/darwin/amd64/python/install bin lib/*.dylib lib/python3.*
-
-//go:embed python-darwin-amd64.tar.gz python-darwin-amd64.tar.gz.files
+//go:embed embed/python-darwin-amd64.*
 var pythonLib embed.FS
diff --git a/pkg/python/embed_darwin_arm64.go b/pkg/python/embed_darwin_arm64.go
index 18aa21233..f14b56a5f 100644
--- a/pkg/python/embed_darwin_arm64.go
+++ b/pkg/python/embed_darwin_arm64.go
@@ -2,8 +2,5 @@ package python
 
 import "embed"
 
-//go:generate go run ./download darwin arm64 ../../download-python/darwin/arm64
-//go:generate go run ../utils/embed_util/packer python-darwin-arm64.tar.gz ../../download-python/darwin/arm64/python/install bin lib/*.dylib lib/python3.*
-
-//go:embed python-darwin-arm64.tar.gz python-darwin-arm64.tar.gz.files
+//go:embed embed/python-darwin-arm64.*
 var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_amd64.go b/pkg/python/embed_linux_amd64.go
index 5961a767d..99838aee9 100644
--- a/pkg/python/embed_linux_amd64.go
+++ b/pkg/python/embed_linux_amd64.go
@@ -2,8 +2,5 @@ package python
 
 import "embed"
 
-//go:generate go run ./download linux amd64 ../../download-python/linux/amd64
-//go:generate go run ../utils/embed_util/packer python-linux-amd64.tar.gz ../../download-python/linux/amd64/python/install bin lib/*.so* lib/python3.*
-
-//go:embed python-linux-amd64.tar.gz python-linux-amd64.tar.gz.files
+//go:embed embed/python-linux-amd64.*
 var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_arm64.go b/pkg/python/embed_linux_arm64.go
index 40be4e8b0..158c5087e 100644
--- a/pkg/python/embed_linux_arm64.go
+++ b/pkg/python/embed_linux_arm64.go
@@ -2,8 +2,5 @@ package python
 
 import "embed"
 
-//go:generate go run ./download linux arm64 ../../download-python/linux/arm64
-//go:generate go run ../utils/embed_util/packer python-linux-arm64.tar.gz ../../download-python/linux/arm64/python/install bin lib/*.so* lib/python3.*
-
-//go:embed python-linux-arm64.tar.gz python-linux-arm64.tar.gz.files
+//go:embed embed/python-linux-arm64.*
 var pythonLib embed.FS
diff --git a/pkg/python/embed_windows_amd64.go b/pkg/python/embed_windows_amd64.go
index dfa2a12a3..65e5e2c9c 100644
--- a/pkg/python/embed_windows_amd64.go
+++ b/pkg/python/embed_windows_amd64.go
@@ -2,8 +2,5 @@ package python
 
 import "embed"
 
-//go:generate go run ./download windows amd64 ../../download-python/windows/amd64
-//go:generate go run ../utils/embed_util/packer python-windows-amd64.tar.gz ../../download-python/windows/amd64/python/install Lib DLLs *.dll *.exe
-
-//go:embed python-windows-amd64.tar.gz python-windows-amd64.tar.gz.files
+//go:embed embed/python-windows-amd64.*
 var pythonLib embed.FS
diff --git a/pkg/python/download/main.go b/pkg/python/generate/main.go
similarity index 64%
rename from pkg/python/download/main.go
rename to pkg/python/generate/main.go
index b61e93840..6c2ef6085 100644
--- a/pkg/python/download/main.go
+++ b/pkg/python/generate/main.go
@@ -4,11 +4,13 @@ import (
 	"fmt"
 	"github.com/klauspost/compress/zstd"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util/packer"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
+	"sync"
 )
 
 const (
@@ -18,14 +20,14 @@ const (
 )
 
 var pythonDists = map[string]string{
-	"linux": "unknown-linux-gnu-lto-full",
-	"darwin": "apple-darwin-lto-full",
+	"linux":   "unknown-linux-gnu-lto-full",
+	"darwin":  "apple-darwin-lto-full",
 	"windows": "pc-windows-msvc-shared-pgo-full",
 }
 
 var archMapping = map[string]string{
 	"amd64": "x86_64",
-	"386": "i686",
+	"386":   "i686",
 	"arm64": "aarch64",
 }
 
@@ -45,11 +47,49 @@ var removeLibs = []string{
 	"unittest",
 }
 
+var downloadLock sync.Mutex
+
 func main() {
-	osName := os.Args[1]
-	arch := os.Args[2]
-	extractPath := os.Args[3]
+	var wg sync.WaitGroup
+
+	nixPatterns := []string{
+		"bin",
+		"lib/*.so*",
+		"lib/*.dylib",
+		"lib/python3.*",
+	}
+	winPatterns := []string{
+		"Lib",
+		"DLLs",
+		"*.dll",
+		"*.exe",
+	}
+	type job struct {
+		os         string
+		arch       string
+		packSubDir string
+		out        string
+		patterns   []string
+	}
+	jobs := []job{
+		{"linux", "amd64", "python/install", "embed/python-linux-amd64.tar.gz", nixPatterns},
+		{"linux", "arm64", "python/install", "embed/python-linux-arm64.tar.gz", nixPatterns},
+		{"darwin", "amd64", "python/install", "embed/python-darwin-amd64.tar.gz", nixPatterns},
+		{"darwin", "arm64", "python/install", "embed/python-darwin-arm64.tar.gz", nixPatterns},
+		{"windows", "amd64", "python/install", "embed/python-windows-amd64.tar.gz", winPatterns},
+	}
+	for _, j := range jobs {
+		j := j
+		wg.Add(1)
+		go func() {
+			downloadAndPack(j.os, j.arch, j.packSubDir, j.out, j.patterns)
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+}
 
+func downloadAndPack(osName string, arch string, packSubdir string, out string, patterns []string) {
 	dist, ok := pythonDists[osName]
 	if !ok {
 		log.Panicf("no dist for %s", osName)
@@ -59,8 +99,10 @@ func main() {
 	archiveBytes, _ := ioutil.ReadFile(downloadPath)
 	hash := utils.Sha256Bytes(archiveBytes)
 
+	extractPath := downloadPath + ".extracted"
 	if utils.Exists(filepath.Join(extractPath, hash)) {
-		log.Infof("skipping extract")
+		log.Infof("skipping extract of %s", extractPath)
+		pack(out, filepath.Join(extractPath, packSubdir), patterns)
 		return
 	}
 
@@ -73,9 +115,21 @@ func main() {
 	}
 
 	_ = utils.Touch(filepath.Join(extractPath, hash))
+
+	pack(out, filepath.Join(extractPath, packSubdir), patterns)
+}
+
+func pack(out string, dir string, patterns []string) {
+	err := packer.Pack(out, dir, patterns...)
+	if err != nil {
+		log.Panic(err)
+	}
 }
 
 func download(osName, arch, dist string) string {
+	downloadLock.Lock()
+	defer downloadLock.Unlock()
+
 	pythonArch, ok := archMapping[arch]
 	if !ok {
 		log.Errorf("arch %s not supported", arch)
@@ -138,4 +192,4 @@ func extract(archivePath string, targetPath string) string {
 	}
 
 	return targetPath
-}
\ No newline at end of file
+}
diff --git a/pkg/python/tools.go b/pkg/python/tools.go
new file mode 100644
index 000000000..48d6d8a70
--- /dev/null
+++ b/pkg/python/tools.go
@@ -0,0 +1,8 @@
+//go:build tools
+// +build tools
+
+package tools
+
+import (
+	_ "github.com/kluctl/kluctl/v2/pkg/python/generate"
+)
diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
index dc38f75f4..020f28596 100644
--- a/pkg/utils/embed_util/extract.go
+++ b/pkg/utils/embed_util/extract.go
@@ -60,9 +60,10 @@ func ExtractTarToTmp(r io.Reader, fileListR io.Reader, targetPrefix string) (str
 }
 
 func checkExtractNeeded(targetPath string, fileListStr string) (bool, string, error) {
-	fileList := strings.Split(fileListStr, "\n")
-	expectedHash := fileList[0]
-	fileList = fileList[1:]
+	expectedHash, tarFilesMap, err := ReadFileList(fileListStr)
+	if err != nil {
+		return false, "", err
+	}
 
 	if !utils.Exists(targetPath) {
 		return true, expectedHash, nil
@@ -77,6 +78,24 @@ func checkExtractNeeded(targetPath string, fileListStr string) (bool, string, er
 		return true, expectedHash, nil
 	}
 
+	existingFiles, err := BuildFileList(targetPath)
+	if err != nil {
+		return false, "", err
+	}
+
+	for fname, size := range tarFilesMap {
+		if s, ok := existingFiles[fname]; !ok || s != size {
+			return true, expectedHash, nil
+		}
+	}
+	return false, expectedHash, nil
+}
+
+func ReadFileList(fileListStr string) (string, map[string]int64, error) {
+	fileList := strings.Split(fileListStr, "\n")
+	expectedHash := fileList[0]
+	fileList = fileList[1:]
+
 	tarFilesMap := make(map[string]int64)
 	for _, l := range fileList {
 		s := strings.SplitN(l, ":", 2)
@@ -84,13 +103,16 @@ func checkExtractNeeded(targetPath string, fileListStr string) (bool, string, er
 		sh := strings.SplitN(strings.TrimSpace(s[1]), " ", 2)
 		size, err := strconv.ParseInt(strings.TrimSpace(sh[0]), 10, 64)
 		if err != nil {
-			return false, expectedHash, err
+			return expectedHash, tarFilesMap, err
 		}
 		tarFilesMap[fname] = size
 	}
+	return "", tarFilesMap, nil
+}
 
+func BuildFileList(targetPath string) (map[string]int64, error) {
 	existingFiles := make(map[string]int64)
-	err = filepath.Walk(targetPath, func(path string, info fs.FileInfo, err error) error {
+	err := filepath.Walk(targetPath, func(path string, info fs.FileInfo, err error) error {
 		if !info.Mode().IsRegular() && info.Mode().Type() != fs.ModeSymlink && info.Mode().Type() != fs.ModeDir {
 			return nil
 		}
@@ -107,13 +129,7 @@ func checkExtractNeeded(targetPath string, fileListStr string) (bool, string, er
 		return nil
 	})
 	if err != nil {
-		return false, "", err
+		return nil, err
 	}
-
-	for fname, size := range tarFilesMap {
-		if s, ok := existingFiles[fname]; !ok || s != size {
-			return true, expectedHash, nil
-		}
-	}
-	return false, expectedHash, nil
+	return existingFiles, nil
 }
diff --git a/pkg/utils/embed_util/packer/main.go b/pkg/utils/embed_util/packer/main.go
deleted file mode 100644
index 39cb9e2cf..000000000
--- a/pkg/utils/embed_util/packer/main.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package main
-
-import (
-	"archive/tar"
-	"bytes"
-	"compress/gzip"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
-	"io/fs"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sort"
-	"strings"
-)
-
-func main() {
-	out := os.Args[1]
-	dir := os.Args[2]
-	patterns := os.Args[3:]
-
-	log.Infof("writing tar %s", out)
-	fileList, tgz := writeTar(dir, patterns)
-
-	hash := sha256.Sum256(tgz)
-	err := ioutil.WriteFile(out, tgz, 0o600)
-	if err != nil {
-		log.Panic(err)
-	}
-
-	fileListStr := strings.Join(fileList, "\n")
-	fileListStr = hex.EncodeToString(hash[:]) + "\n" + fileListStr
-	err = ioutil.WriteFile(out+".files", []byte(fileListStr), 0o600)
-	if err != nil {
-		log.Panic(err)
-	}
-}
-
-func writeTar(dir string, patterns []string) ([]string, []byte) {
-	b := bytes.NewBuffer(nil)
-	gz := gzip.NewWriter(b)
-	t := tar.NewWriter(gz)
-
-	var globs []glob.Glob
-	for _, p := range patterns {
-		globs = append(globs, glob.MustCompile(p, '/'))
-	}
-
-	var rootNames []string
-	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
-		rel, err := filepath.Rel(dir, path)
-		if err != nil {
-			return err
-		}
-		match := false
-		for _, p := range globs {
-			if p.Match(rel) {
-				match = true
-				break
-			}
-		}
-		if match {
-			rootNames = append(rootNames, rel)
-		}
-		return nil
-	})
-	sort.Strings(rootNames)
-
-	excludes := []glob.Glob{
-		glob.MustCompile("__pycache__"),
-		glob.MustCompile("**/__pycache__"),
-		glob.MustCompile("**.a"),
-		glob.MustCompile("**.pdb"),
-	}
-
-	var fileList []string
-
-	for _, d := range rootNames {
-		err := utils.AddToTar(t, filepath.Join(dir, d), d, func(h *tar.Header, size int64) (*tar.Header, error) {
-			for _, e := range excludes {
-				if e.Match(h.Name) {
-					return nil, nil
-				}
-			}
-
-			hashStr, err := utils.HashTarEntry(dir, h.Name)
-			if err != nil {
-				return nil, err
-			}
-
-			fileList = append(fileList, fmt.Sprintf("%s: %d %s", h.Name, size, hashStr))
-			return h, nil
-		})
-		if err != nil {
-			log.Panic(err)
-		}
-	}
-
-	err = t.Close()
-	if err != nil {
-		log.Panic(err)
-	}
-	err = gz.Close()
-	if err != nil {
-		log.Panic(err)
-	}
-
-	return fileList, b.Bytes()
-}
diff --git a/pkg/utils/embed_util/packer/packer.go b/pkg/utils/embed_util/packer/packer.go
new file mode 100644
index 000000000..38846957a
--- /dev/null
+++ b/pkg/utils/embed_util/packer/packer.go
@@ -0,0 +1,146 @@
+package packer
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
+	log "github.com/sirupsen/logrus"
+	"io/fs"
+	"io/ioutil"
+	"path/filepath"
+	"reflect"
+	"strings"
+)
+
+func Pack(out string, dir string, patterns ...string) error {
+	fileList, err := findFiles(dir, patterns)
+	if err != nil {
+		return err
+	}
+
+	if utils.Exists(out) && utils.Exists(out+".files") {
+		existingFileListStr, err := ioutil.ReadFile(out + ".files")
+		if err == nil {
+			_, existingFileList, err := embed_util.ReadFileList(string(existingFileListStr))
+			if err == nil {
+				if reflect.DeepEqual(existingFileList, fileList) {
+					log.Infof("Skipping packing of %s", out)
+					return nil
+				}
+			}
+		}
+	}
+
+	log.Infof("writing tar %s with %d files", out, len(fileList))
+	tgz, err := writeTar(dir, fileList)
+	if err != nil {
+		return err
+	}
+
+	hash := sha256.Sum256(tgz)
+	err = ioutil.WriteFile(out, tgz, 0o600)
+	if err != nil {
+		return err
+	}
+
+	var fileList2 []string
+	for f, l := range fileList {
+		fileList2 = append(fileList2, fmt.Sprintf("%s: %d", f, l))
+	}
+
+	fileListStr := strings.Join(fileList2, "\n")
+	fileListStr = hex.EncodeToString(hash[:]) + "\n" + fileListStr
+	err = ioutil.WriteFile(out+".files", []byte(fileListStr), 0o600)
+	return err
+}
+
+func findFiles(dir string, patterns []string) (map[string]int64, error) {
+	var globs []glob.Glob
+	for _, p := range patterns {
+		globs = append(globs, glob.MustCompile(p, '/'))
+	}
+
+	var rootNames []string
+	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
+		rel, err := filepath.Rel(dir, path)
+		if err != nil {
+			return err
+		}
+		match := false
+		for _, p := range globs {
+			if p.Match(rel) {
+				match = true
+				break
+			}
+		}
+		if match {
+			rootNames = append(rootNames, rel)
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	excludes := []glob.Glob{
+		glob.MustCompile("__pycache__"),
+		glob.MustCompile("**/__pycache__"),
+		glob.MustCompile("**.a"),
+		glob.MustCompile("**.pdb"),
+	}
+
+	fileList := make(map[string]int64)
+	for _, d := range rootNames {
+		err = filepath.Walk(filepath.Join(dir, d), func(path string, info fs.FileInfo, err error) error {
+			if !info.Mode().IsRegular() && info.Mode().Type() != fs.ModeSymlink {
+				return nil
+			}
+
+			relPath, err := filepath.Rel(dir, path)
+			if err != nil {
+				return err
+			}
+			for _, e := range excludes {
+				if e.Match(relPath) {
+					return nil
+				}
+			}
+			fileList[relPath] = info.Size()
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
+	return fileList, err
+}
+
+func writeTar(dir string, fileList map[string]int64) ([]byte, error) {
+	b := bytes.NewBuffer(nil)
+	gz := gzip.NewWriter(b)
+	t := tar.NewWriter(gz)
+
+	for f, _ := range fileList {
+		err := utils.AddToTar(t, filepath.Join(dir, f), f, nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err := t.Close()
+	if err != nil {
+		return nil, err
+	}
+	err = gz.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	return b.Bytes(), nil
+}

From ce1d53acdd3b532ac9775219fd4c538abf170d71 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 16:24:39 +0200
Subject: [PATCH 0058/2268] fix: Check for version 0.0.0 in checkNewVersion

---
 cmd/kluctl/commands/root.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 4027e612c..9cfa4bf32 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -81,7 +81,7 @@ func (c *cli) checkNewVersion() {
 	if c.NoUpdateCheck {
 		return
 	}
-	if version.GetVersion() == "(devel)" {
+	if version.GetVersion() == "0.0.0" {
 		return
 	}
 

From ed6af42e74b6f511d5cb513982020e857a14c4e7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 16:34:48 +0200
Subject: [PATCH 0059/2268] build: No need to run go generate with other tags

---
 .github/workflows/tests.yml | 1 -
 .goreleaser.yaml            | 1 -
 2 files changed, 2 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e0d2548be..f1e9db9ee 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -34,7 +34,6 @@ jobs:
       - name: Go Generate
         run: |
           go generate ./...
-          go generate -tags linux,darwin,windows,amd64 ./pkg/python
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 7ec26ccc2..8967d7158 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -2,7 +2,6 @@ before:
   hooks:
     - go mod tidy
     - go generate ./...
-    - go generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
 builds:
   - <<: &build_defaults
       binary: kluctl

From f39ad505f91f1da4f282c10cd23c31e204a55aaa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 18:08:35 +0200
Subject: [PATCH 0060/2268] build: Use utils.GetTmpBaseDir() for
 generation/downloads

---
 pkg/python/generate/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/python/generate/main.go b/pkg/python/generate/main.go
index 6c2ef6085..f3ffc0816 100644
--- a/pkg/python/generate/main.go
+++ b/pkg/python/generate/main.go
@@ -136,7 +136,7 @@ func download(osName, arch, dist string) string {
 		os.Exit(1)
 	}
 	fname := fmt.Sprintf("cpython-%s+%s-%s-%s.tar.zst", pythonVersionFull, pythonStandaloneVersion, pythonArch, dist)
-	downloadPath := filepath.Join(os.TempDir(), fname)
+	downloadPath := filepath.Join(utils.GetTmpBaseDir(), fname)
 	downloadUrl := fmt.Sprintf("https://github.com/indygreg/python-build-standalone/releases/download/%s/%s", pythonStandaloneVersion, fname)
 
 	if _, err := os.Stat(downloadPath); err == nil {

From 2377430e02941cf565efcf3bed0fc0ced8149719 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Apr 2022 18:08:59 +0200
Subject: [PATCH 0061/2268] fix: Fix embed_util false positive extracts

---
 pkg/utils/embed_util/extract.go       | 2 +-
 pkg/utils/embed_util/packer/packer.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
index 020f28596..16ed318ba 100644
--- a/pkg/utils/embed_util/extract.go
+++ b/pkg/utils/embed_util/extract.go
@@ -107,7 +107,7 @@ func ReadFileList(fileListStr string) (string, map[string]int64, error) {
 		}
 		tarFilesMap[fname] = size
 	}
-	return "", tarFilesMap, nil
+	return expectedHash, tarFilesMap, nil
 }
 
 func BuildFileList(targetPath string) (map[string]int64, error) {
diff --git a/pkg/utils/embed_util/packer/packer.go b/pkg/utils/embed_util/packer/packer.go
index 38846957a..9714cedda 100644
--- a/pkg/utils/embed_util/packer/packer.go
+++ b/pkg/utils/embed_util/packer/packer.go
@@ -93,6 +93,7 @@ func findFiles(dir string, patterns []string) (map[string]int64, error) {
 		glob.MustCompile("**/__pycache__"),
 		glob.MustCompile("**.a"),
 		glob.MustCompile("**.pdb"),
+		glob.MustCompile("**.pyc"),
 	}
 
 	fileList := make(map[string]int64)

From 6933396b9e84b37a33927af82be919bb336f550f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 10:57:59 +0200
Subject: [PATCH 0062/2268] build: Upgrade to go 1.18.1

---
 .github/workflows/release.yml | 2 +-
 .github/workflows/tests.yml   | 2 +-
 go.mod                        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b91fdad0a..11588e3a3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.9
+          go-version: 1.18.1
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index f1e9db9ee..932808d7f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -15,7 +15,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.17.9'
+          go-version: '1.18.1'
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
diff --git a/go.mod b/go.mod
index 56cc82387..0ff894db8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.17
+go 1.18
 
 require (
 	github.com/alecthomas/kong v0.5.0

From 528baa96ae4552ef02670e0302fce61030898ae4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 10:58:31 +0200
Subject: [PATCH 0063/2268] build: Upgrade vendor packages

---
 go.mod |  26 +++----
 go.sum | 225 +++++++++++++--------------------------------------------
 2 files changed, 62 insertions(+), 189 deletions(-)

diff --git a/go.mod b/go.mod
index 0ff894db8..73da526f4 100644
--- a/go.mod
+++ b/go.mod
@@ -4,8 +4,8 @@ go 1.18
 
 require (
 	github.com/alecthomas/kong v0.5.0
-	github.com/aws/aws-sdk-go v1.43.39
-	github.com/bitnami-labs/sealed-secrets v0.17.4
+	github.com/aws/aws-sdk-go v1.44.1
+	github.com/bitnami-labs/sealed-secrets v0.17.5
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/gammazero/workerpool v1.1.2
@@ -20,7 +20,7 @@ require (
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/klauspost/compress v1.13.6
+	github.com/klauspost/compress v1.15.2
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/ohler55/ojg v1.14.0
@@ -33,12 +33,12 @@ require (
 	github.com/xanzy/ssh-agent v0.3.1
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
 	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
-	k8s.io/api v0.24.0-beta.0
-	k8s.io/apimachinery v0.24.0-beta.0
-	k8s.io/client-go v0.24.0-beta.0
+	k8s.io/api v0.25.0-alpha.0
+	k8s.io/apimachinery v0.25.0-alpha.0
+	k8s.io/client-go v0.25.0-alpha.0
 	sigs.k8s.io/kind v0.12.0
 	sigs.k8s.io/kustomize/api v0.11.4
 	sigs.k8s.io/kustomize/kyaml v0.13.6
@@ -46,9 +46,9 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.5.0 // indirect
+	cloud.google.com/go/compute v1.6.1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.25 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
@@ -65,7 +65,7 @@ require (
 	github.com/docker/docker v20.10.14+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/emicklei/go-restful v2.15.0+incompatible // indirect
-	github.com/emirpasic/gods v1.17.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/gammazero/deque v0.1.1 // indirect
@@ -81,7 +81,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.6.8 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -102,7 +102,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 // indirect
-	github.com/pelletier/go-toml v1.9.4 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
@@ -112,7 +112,7 @@ require (
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
-	golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
+	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
diff --git a/go.sum b/go.sum
index 2acb29ed5..fe612bf11 100644
--- a/go.sum
+++ b/go.sum
@@ -28,7 +28,6 @@ cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
@@ -38,8 +37,10 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
 cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
-cloud.google.com/go/compute v1.5.0 h1:b1zWmYuuHz7gO9kDcM/EpHGr06UgsYNRpNJzI2kFiLM=
 cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
+cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
+cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc=
+cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
@@ -61,8 +62,8 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest v0.11.25 h1:yp+V8DGur2aIUE87ebP8twPLz6k68jtJTlg61mEoByA=
-github.com/Azure/go-autorest/autorest v0.11.25/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
+github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
+github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
@@ -85,7 +86,6 @@ github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -116,16 +116,12 @@ github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5/go.mod h1:z4/
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
-github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
-github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/alecthomas/kong v0.5.0 h1:u8Kdw+eeml93qtMZ04iei0CFYve/WPcA5IFh+9wSskE=
 github.com/alecthomas/kong v0.5.0/go.mod h1:uzxf/HUh0tj43x1AyJROl3JT7SgsZ5m+icOv1csRhc0=
 github.com/alecthomas/repr v0.0.0-20210801044451-80ca428c5142 h1:8Uy0oSf5co/NZXje7U1z8Mpep++QJOldL2hs/sBQf48=
@@ -134,15 +130,12 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -151,24 +144,18 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.43.39 h1:5W8pton/8OuS5hpbAkzfr7e+meAAFkK7LsUehB39L3I=
-github.com/aws/aws-sdk-go v1.43.39/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
+github.com/aws/aws-sdk-go v1.44.1 h1:w34ZmPT6K4NTd7Yap1P7SLXPTii0ABmBz3KEh4KJdKc=
+github.com/aws/aws-sdk-go v1.44.1/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/flagenv v0.0.0-20190607135054-a87af7a1d6fc/go.mod h1:OeW4NPgFPO7+t8q1Vn2Yv+rkO+4kEQzlDskwm7C7PXs=
-github.com/bitnami-labs/pflagenv v0.0.0-20190702160147-b4d9f048d98f/go.mod h1:Lw3ejf6HTt4DqBIAXlkOIvFjnpj8Zq+zD/UtH29ILFA=
-github.com/bitnami-labs/sealed-secrets v0.17.4 h1:DFZCyR8ntNKINRaneKPBrnEXnejWz48fE8htx83w0yQ=
-github.com/bitnami-labs/sealed-secrets v0.17.4/go.mod h1:xL3ifFPr9lIS6QoCfqj8shGgLriGjQke5o/X4NFUZfE=
+github.com/bitnami-labs/sealed-secrets v0.17.5 h1:v5ENZRSrgog3GnFr8fWfVtrUTPlZlNlbsjaro9mn6YY=
+github.com/bitnami-labs/sealed-secrets v0.17.5/go.mod h1:ZgGUqKixr/SRpsG8LVXnuneyZG7DOX/+eCRvXi8SVjo=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -180,8 +167,6 @@ github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx2
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
-github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -200,7 +185,6 @@ github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ
 github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
-github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -213,7 +197,6 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
 github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
@@ -358,19 +341,14 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.15.0+incompatible h1:8KpYO/Xl/ZudZs5RNOEhWMBY4hmzlZhhRd9cu+jrZP4=
 github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/emirpasic/gods v1.17.0 h1:qOswSAaPBdCkBIAXmvwe0V9mv4UtNQHN3zxRHmw3sKQ=
-github.com/emirpasic/gods v1.17.0/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
+github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -398,8 +376,6 @@ github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
-github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -435,10 +411,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -453,7 +427,6 @@ github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL9
 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
@@ -471,7 +444,6 @@ github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX91eVn1JYXMWt7ig=
 github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
@@ -484,11 +456,9 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
@@ -533,16 +503,14 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
-github.com/google/gnostic v0.6.8 h1:bT56GPYBWh1tvBuBEd94qcS3+60b+y0HQur0ITkGuCk=
-github.com/google/gnostic v0.6.8/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
+github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
+github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -592,15 +560,13 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@@ -615,10 +581,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
 github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
 github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -640,7 +604,6 @@ github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerX
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
 github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
@@ -661,7 +624,6 @@ github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpT
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -673,7 +635,6 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
@@ -683,7 +644,6 @@ github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -691,10 +651,8 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -704,7 +662,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -714,8 +671,9 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.15.2 h1:3WH+AG7s2+T8o3nrM/8u2rdqUEcQhmga7smjrT41nAw=
+github.com/klauspost/compress v1.15.2/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -734,10 +692,7 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
-github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -790,7 +745,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
-github.com/mkmik/multierror v0.3.0/go.mod h1:wjBYXRpDhh+8mIp+iLBOq0kZ3Y4ICTncojwvP8LUYLQ=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
@@ -813,44 +767,31 @@ github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8m
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
-github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
-github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
-github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
-github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/ohler55/ojg v1.14.0 h1:DyHomsCwofNswmKj7BLMdx51xnKbXxgIo1rVWCaBcNk=
 github.com/ohler55/ojg v1.14.0/go.mod h1:3+GH+0PggMKocQtbZCrFifal3yRpHiBT4QUkxFJI6e8=
-github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
+github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -877,35 +818,22 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
-github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
-github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
+github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
+github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -914,34 +842,25 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -954,8 +873,6 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -969,7 +886,6 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
-github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
@@ -990,7 +906,6 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
@@ -1009,7 +924,6 @@ github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v0.0.0-20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -1020,9 +934,6 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH
 github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
 github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1042,7 +953,6 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
-github.com/throttled/throttled v2.2.2+incompatible/go.mod h1:0BjlrEGQmvxps+HuXLsyRdqpSRvJpq0PNIsOtqP9Nos=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
@@ -1085,7 +995,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
@@ -1093,7 +1002,6 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
@@ -1102,8 +1010,6 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1117,14 +1023,10 @@ go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcj
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1152,9 +1054,7 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
@@ -1199,7 +1099,6 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1248,11 +1147,13 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1271,6 +1172,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1292,7 +1195,6 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1325,7 +1227,6 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1347,7 +1248,6 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1362,7 +1262,6 @@ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1384,10 +1283,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1398,10 +1295,12 @@ golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
+golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1421,16 +1320,13 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -1448,8 +1344,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1458,7 +1352,6 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -1491,7 +1384,6 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1499,11 +1391,7 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
-gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
-gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1540,8 +1428,10 @@ google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFd
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
 google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
 google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
+google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
@@ -1556,7 +1446,6 @@ google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
-google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
@@ -1624,14 +1513,18 @@ google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
 google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
@@ -1660,6 +1553,7 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1688,7 +1582,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -1722,7 +1615,6 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1733,25 +1625,21 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
 k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
 k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
-k8s.io/api v0.24.0-beta.0 h1:7knNqNYI1Az5hWcebdyUff4ETyCZkvmUT1N2hi/qS/Y=
-k8s.io/api v0.24.0-beta.0/go.mod h1:D7w5dDA57yCeRJnl0vPuRj6KBAwWYxea4Dwo5kgJGIY=
+k8s.io/api v0.25.0-alpha.0 h1:BiYeMLWoLcGGWE46gdnlwluFa23+Hr3I2Qp8U6c2wYY=
+k8s.io/api v0.25.0-alpha.0/go.mod h1:sOibYBePcsE/DBjbbi+Z+FCG9lFPR7xuKSR2r6RTCNs=
 k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
 k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
-k8s.io/apimachinery v0.24.0-beta.0 h1:69KiS/m3i2oi3FaCVX6whePxOelsJkhIfO0J5fGDYv8=
-k8s.io/apimachinery v0.24.0-beta.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apimachinery v0.25.0-alpha.0 h1:gAzcXIp+FkB3w8+m34na2qxSScwQWKtryRU8JfkS/NU=
+k8s.io/apimachinery v0.25.0-alpha.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
 k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
 k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
 k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
 k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
 k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0=
-k8s.io/client-go v0.24.0-beta.0 h1:ISWwVXNtOr2f1O5afJGi66vxAzC6Gb/3+VWlz4WseFc=
-k8s.io/client-go v0.24.0-beta.0/go.mod h1:D4rgRqnNPdFCFMMrcCqCOAouzIwJkPuKXr3zWThEExM=
-k8s.io/code-generator v0.23.4/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
+k8s.io/client-go v0.25.0-alpha.0 h1:IwIWODi6Uz7QlOU8J2tv8APdDtytoowveKF9IoKpHa4=
+k8s.io/client-go v0.25.0-alpha.0/go.mod h1:V7vCXDCdD8Goobi4oQhsSNXtlWfyBJi+LHFaiYWpR5s=
 k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
 k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
 k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
@@ -1761,38 +1649,26 @@ k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
 k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 h1:nBQrWPlrNIiw0BsX6a6MKr1itkm0ZS0Nl97kNLitFfI=
 k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
-modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
-modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
-modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
-modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/kind v0.12.0 h1:LFynXwQkH1MrWI8pM1FQty0oUwEKjU5EkMaVZaPld8E=
@@ -1801,8 +1677,6 @@ sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo
 sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
 sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs=
 sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
@@ -1811,4 +1685,3 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
-sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=

From f2fa88ff1fc50e1931e0329a49c5f724fe911f68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 10:59:11 +0200
Subject: [PATCH 0064/2268] refactor: Allow to pass GitAuthProviders to
 NewKluctlProjectContext

---
 cmd/kluctl/commands/utils.go  |  2 ++
 pkg/kluctl_project/git.go     |  4 ++--
 pkg/kluctl_project/project.go | 18 +++++++++---------
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 829ab5bbb..b8181e29c 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
@@ -44,6 +45,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		LocalSealedSecrets:  projectFlags.LocalSealedSecrets,
 		FromArchive:         projectFlags.FromArchive,
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata,
+		GitAuthProviders:    auth.NewDefaultAuthProviders(),
 	}
 
 	p, err := kluctl_project.LoadKluctlProject(loadArgs, tmpDir, j2)
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 4fd28013e..93abdfc9b 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -31,7 +31,7 @@ func (c *KluctlProjectContext) updateGitCaches() error {
 	doUpdateRepo := func(repo *git.MirroredGitRepo) error {
 		return repo.WithLock(func() error {
 			if !repo.HasUpdated() {
-				return repo.Update(c.gitAuthProviders)
+				return repo.Update(c.loadArgs.GitAuthProviders)
 			}
 			return nil
 		})
@@ -156,7 +156,7 @@ func (c *KluctlProjectContext) cloneGitProject(gitProject types2.ExternalProject
 
 	err = mr.MaybeWithLock(doLock, func() error {
 		if !mr.HasUpdated() {
-			err = mr.Update(c.gitAuthProviders)
+			err = mr.Update(c.loadArgs.GitAuthProviders)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 552240a22..c44c64555 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -19,6 +19,8 @@ type LoadKluctlProjectArgs struct {
 	LocalSealedSecrets  string
 	FromArchive         string
 	FromArchiveMetadata string
+
+	GitAuthProviders *auth2.GitAuthProviders
 }
 
 type KluctlProjectContext struct {
@@ -32,9 +34,8 @@ type KluctlProjectContext struct {
 	ClustersDir      string
 	SealedSecretsDir string
 
-	gitAuthProviders *auth2.GitAuthProviders
-	involvedRepos    map[string][]types.InvolvedRepo
-	DynamicTargets   []*types.DynamicTarget
+	involvedRepos  map[string][]types.InvolvedRepo
+	DynamicTargets []*types.DynamicTarget
 
 	mirroredRepos map[string]*git.MirroredGitRepo
 
@@ -43,12 +44,11 @@ type KluctlProjectContext struct {
 
 func NewKluctlProjectContext(loadArgs LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) *KluctlProjectContext {
 	o := &KluctlProjectContext{
-		loadArgs:         loadArgs,
-		TmpDir:           tmpDir,
-		gitAuthProviders: auth2.NewDefaultAuthProviders(),
-		involvedRepos:    make(map[string][]types.InvolvedRepo),
-		mirroredRepos:    make(map[string]*git.MirroredGitRepo),
-		J2:               j2,
+		loadArgs:      loadArgs,
+		TmpDir:        tmpDir,
+		involvedRepos: make(map[string][]types.InvolvedRepo),
+		mirroredRepos: make(map[string]*git.MirroredGitRepo),
+		J2:            j2,
 	}
 	return o
 }

From 4af3416e0484b6f9586c645b03757fc89fd4bf9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 11:24:02 +0200
Subject: [PATCH 0065/2268] refactor: Introduce ListAuthProvider and use it in
 GitEnvAuthProvider

---
 pkg/git/auth/env_auth_provider.go  | 47 ++++++-----------
 pkg/git/auth/list_auth_provider.go | 81 ++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 31 deletions(-)
 create mode 100644 pkg/git/auth/list_auth_provider.go

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 2755ab710..908d525f7 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -2,52 +2,37 @@ package auth
 
 import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
-	"strings"
+	"io/ioutil"
 )
 
 type GitEnvAuthProvider struct {
 }
 
 func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
-	for _, m := range utils.ParseEnvConfigSets("KLUCTL_GIT") {
-		host, _ := m["HOST"]
-		pathPrefix, _ := m["PATH_PREFIX"]
-		username, _ := m["USERNAME"]
-		password, _ := m["PASSWORD"]
-		ssh_key, _ := m["SSH_KEY"]
+	var la ListAuthProvider
 
-		if host != gitUrl.Hostname() {
-			continue
-		}
-		if !strings.HasPrefix(gitUrl.Path, pathPrefix) {
-			continue
-		}
-		if username == "" {
-			continue
-		}
-		if gitUrl.User != nil && gitUrl.User.Username() != "" && gitUrl.User.Username() != username {
-			continue
+	for _, m := range utils.ParseEnvConfigSets("KLUCTL_GIT") {
+		e := AuthEntry{
+			Host:       m["HOST"],
+			PathPrefix: m["PATH_PREFIX"],
+			Username:   m["USERNAME"],
+			Password:   m["PASSWORD"],
 		}
 
-		if !gitUrl.IsSsh() && password != "" {
-			return &http.BasicAuth{
-				Username: username,
-				Password: password,
-			}
-		} else if gitUrl.IsSsh() && ssh_key != "" {
-			a, err := ssh.NewPublicKeysFromFile(username, ssh_key, "")
+		ssh_key_path, _ := m["SSH_KEY"]
+		if ssh_key_path != "" {
+			ssh_key_path = utils.ExpandPath(ssh_key_path)
+			b, err := ioutil.ReadFile(ssh_key_path)
 			if err != nil {
-				log.Debugf("Failed to parse private key %s: %v", ssh_key, err)
+				log.Debugf("Failed to read key %s: %w", ssh_key_path, err)
 			} else {
-				a.HostKeyCallback = verifyHost
-				return a
+				e.SshKey = b
 			}
 		}
+		la.AddEntry(e)
 	}
-	return nil
+	return la.BuildAuth(gitUrl)
 }
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
new file mode 100644
index 000000000..7360afb9e
--- /dev/null
+++ b/pkg/git/auth/list_auth_provider.go
@@ -0,0 +1,81 @@
+package auth
+
+import (
+	"github.com/go-git/go-git/v5/plumbing/transport"
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	log "github.com/sirupsen/logrus"
+	"strings"
+)
+
+type ListAuthProvider struct {
+	entries []AuthEntry
+}
+
+type AuthEntry struct {
+	Host       string
+	PathPrefix string
+	Username   string
+	Password   string
+	SshKey     []byte
+}
+
+func (a *ListAuthProvider) AddEntry(e AuthEntry) {
+	a.entries = append(a.entries, e)
+}
+
+func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+	for _, e := range a.entries {
+		if e.Host != "*" && e.Host != gitUrl.Hostname() {
+			continue
+		}
+		if !strings.HasPrefix(gitUrl.Path, e.PathPrefix) {
+			continue
+		}
+		if e.Username == "" {
+			continue
+		}
+
+		username := ""
+		if gitUrl.User != nil {
+			username = gitUrl.User.Username()
+		}
+
+		if username != "" && e.Username != "*" && username != e.Username {
+			continue
+		}
+
+		if username == "" {
+			username = e.Username
+		}
+
+		if e.Username == "*" {
+			// can't use "*" as username
+			continue
+		}
+
+		if gitUrl.IsSsh() {
+			if e.SshKey == nil {
+				continue
+			}
+			a, err := ssh.NewPublicKeys(username, e.SshKey, "")
+			if err != nil {
+				log.Debugf("Failed to parse private key: %v", err)
+			} else {
+				a.HostKeyCallback = verifyHost
+				return a
+			}
+		} else {
+			if e.Password == "" {
+				// empty password is not accepted
+				continue
+			}
+			return &http.BasicAuth{
+				Username: username,
+				Password: e.Password,
+			}
+		}
+	}
+	return nil
+}

From 2556344fa80982bfc25afad5e90d4c05def1d420 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 11:29:33 +0200
Subject: [PATCH 0066/2268] refactor: Allow to add auth providers to the front
 of the list

---
 pkg/git/auth/auth_provider.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 6c8872bd6..c8a5baacf 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -13,8 +13,12 @@ type GitAuthProviders struct {
 	authProviders []GitAuthProvider
 }
 
-func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider) {
-	a.authProviders = append(a.authProviders, p)
+func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider, last bool) {
+	if last {
+		a.authProviders = append(a.authProviders, p)
+	} else {
+		a.authProviders = append([]GitAuthProvider{p}, a.authProviders...)
+	}
 }
 
 func (a *GitAuthProviders) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
@@ -29,8 +33,8 @@ func (a *GitAuthProviders) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod
 
 func NewDefaultAuthProviders() *GitAuthProviders {
 	a := &GitAuthProviders{}
-	a.RegisterAuthProvider(&GitEnvAuthProvider{})
-	a.RegisterAuthProvider(&GitCredentialsFileAuthProvider{})
-	a.RegisterAuthProvider(&GitSshAuthProvider{})
+	a.RegisterAuthProvider(&GitEnvAuthProvider{}, true)
+	a.RegisterAuthProvider(&GitCredentialsFileAuthProvider{}, true)
+	a.RegisterAuthProvider(&GitSshAuthProvider{}, true)
 	return a
 }

From faa19d22f3c6b587366f900b6bed96f3f88c47ea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 11:33:45 +0200
Subject: [PATCH 0067/2268] fix: log.Debugf does not support %w

---
 pkg/git/auth/env_auth_provider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 908d525f7..362a506bc 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -27,7 +27,7 @@ func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMeth
 			ssh_key_path = utils.ExpandPath(ssh_key_path)
 			b, err := ioutil.ReadFile(ssh_key_path)
 			if err != nil {
-				log.Debugf("Failed to read key %s: %w", ssh_key_path, err)
+				log.Debugf("Failed to read key %s: %v", ssh_key_path, err)
 			} else {
 				e.SshKey = b
 			}

From c637cb73b2ec99cdbad128e62a063fffec2de762 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 11:59:58 +0200
Subject: [PATCH 0068/2268] feat: Support passing CA bundle and known_hosts for
 git

---
 pkg/git/auth/auth_provider.go        | 13 +++++---
 pkg/git/auth/env_auth_provider.go    | 13 ++++++--
 pkg/git/auth/git_credentials_file.go | 27 ++++++++--------
 pkg/git/auth/list_auth_provider.go   | 24 +++++++++-----
 pkg/git/auth/ssh_auth_provider.go    | 13 ++++----
 pkg/git/auth/ssh_known_hosts.go      | 47 +++++++++++++++++++---------
 pkg/git/mirrored_repo.go             |  6 ++--
 7 files changed, 94 insertions(+), 49 deletions(-)

diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index c8a5baacf..677f4df07 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -5,8 +5,13 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 )
 
+type AuthMethodAndCA struct {
+	AuthMethod transport.AuthMethod
+	CABundle   []byte
+}
+
 type GitAuthProvider interface {
-	BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod
+	BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA
 }
 
 type GitAuthProviders struct {
@@ -21,14 +26,14 @@ func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider, last bool) {
 	}
 }
 
-func (a *GitAuthProviders) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+func (a *GitAuthProviders) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	for _, p := range a.authProviders {
 		auth := p.BuildAuth(gitUrl)
-		if auth != nil {
+		if auth.AuthMethod != nil {
 			return auth
 		}
 	}
-	return nil
+	return AuthMethodAndCA{}
 }
 
 func NewDefaultAuthProviders() *GitAuthProviders {
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 362a506bc..a57fa44f3 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"github.com/go-git/go-git/v5/plumbing/transport"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	log "github.com/sirupsen/logrus"
@@ -11,7 +10,7 @@ import (
 type GitEnvAuthProvider struct {
 }
 
-func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	var la ListAuthProvider
 
 	for _, m := range utils.ParseEnvConfigSets("KLUCTL_GIT") {
@@ -32,6 +31,16 @@ func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMeth
 				e.SshKey = b
 			}
 		}
+		ca_bundle_path := m["CA_BUNDLE"]
+		if ca_bundle_path != "" {
+			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
+			b, err := ioutil.ReadFile(ca_bundle_path)
+			if err != nil {
+				log.Debugf("Failed to read ca bundle %s: %v", ca_bundle_path, err)
+			} else {
+				e.CABundle = b
+			}
+		}
 		la.AddEntry(e)
 	}
 	return la.BuildAuth(gitUrl)
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 49fbe894e..ea665c16f 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"bufio"
-	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -15,36 +14,36 @@ import (
 type GitCredentialsFileAuthProvider struct {
 }
 
-func (a *GitCredentialsFileAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+func (a *GitCredentialsFileAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	if gitUrl.Scheme != "http" && gitUrl.Scheme != "https" {
-		return nil
+		return AuthMethodAndCA{}
 	}
 
 	home, err := os.UserHomeDir()
 	if err != nil {
 		log.Warningf("Could not determine home directory: %v", err)
-		return nil
+		return AuthMethodAndCA{}
 	}
 	auth := a.tryBuildAuth(gitUrl, filepath.Join(home, ".git-credentials"))
-	if auth != nil {
-		return auth
+	if auth.AuthMethod != nil {
+		return *auth
 	}
 
 	if xdgHome, ok := os.LookupEnv("XDG_CONFIG_HOME"); ok && xdgHome != "" {
 		auth = a.tryBuildAuth(gitUrl, filepath.Join(xdgHome, ".git-credentials"))
 		if auth != nil {
-			return auth
+			return *auth
 		}
 	} else {
 		auth = a.tryBuildAuth(gitUrl, filepath.Join(home, ".config/.git-credentials"))
 		if auth != nil {
-			return auth
+			return *auth
 		}
 	}
-	return nil
+	return AuthMethodAndCA{}
 }
 
-func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) transport.AuthMethod {
+func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
 	if !utils.IsFile(gitCredentialsPath) {
 		return nil
 	}
@@ -70,9 +69,11 @@ func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, git
 		}
 		if password, ok := u.User.Password(); ok {
 			if u.User.Username() != "" {
-				return &http.BasicAuth{
-					Username: u.User.Username(),
-					Password: password,
+				return &AuthMethodAndCA{
+					AuthMethod: &http.BasicAuth{
+						Username: u.User.Username(),
+						Password: password,
+					},
 				}
 			}
 		}
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 7360afb9e..d469e500f 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -18,14 +17,18 @@ type AuthEntry struct {
 	PathPrefix string
 	Username   string
 	Password   string
+
 	SshKey     []byte
+	KnownHosts []byte
+
+	CABundle []byte
 }
 
 func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	for _, e := range a.entries {
 		if e.Host != "*" && e.Host != gitUrl.Hostname() {
 			continue
@@ -63,19 +66,24 @@ func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod
 			if err != nil {
 				log.Debugf("Failed to parse private key: %v", err)
 			} else {
-				a.HostKeyCallback = verifyHost
-				return a
+				a.HostKeyCallback = buildVerifyHostCallback(e.KnownHosts)
+				return AuthMethodAndCA{
+					AuthMethod: a,
+				}
 			}
 		} else {
 			if e.Password == "" {
 				// empty password is not accepted
 				continue
 			}
-			return &http.BasicAuth{
-				Username: username,
-				Password: e.Password,
+			return AuthMethodAndCA{
+				AuthMethod: &http.BasicAuth{
+					Username: username,
+					Password: e.Password,
+				},
+				CABundle: e.CABundle,
 			}
 		}
 	}
-	return nil
+	return AuthMethodAndCA{}
 }
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 6da3e0e98..d3c2a64ca 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"fmt"
-	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/kevinburke/ssh_config"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -42,7 +41,7 @@ func (a *sshDefaultIdentityAndAgent) ClientConfig() (*ssh.ClientConfig, error) {
 		User: a.user,
 		Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Signers)},
 	}
-	cc.HostKeyCallback = verifyHost
+	cc.HostKeyCallback = buildVerifyHostCallback(nil)
 	return cc, nil
 }
 
@@ -90,12 +89,12 @@ func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
 	}
 }
 
-func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMethod {
+func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	if !gitUrl.IsSsh() {
-		return nil
+		return AuthMethodAndCA{}
 	}
 	if gitUrl.User == nil {
-		return nil
+		return AuthMethodAndCA{}
 	}
 
 	auth := &sshDefaultIdentityAndAgent{
@@ -109,7 +108,9 @@ func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) transport.AuthMeth
 	auth.addDefaultIdentity(gitUrl)
 	auth.addConfigIdentities(gitUrl)
 
-	return auth
+	return AuthMethodAndCA{
+		AuthMethod: auth,
+	}
 }
 
 // we defer asking for passphrase so that we don't unnecessarily ask for passphrases for keys that are already provided
diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 2ad01941d..2e0b06785 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -11,7 +11,13 @@ import (
 	"strconv"
 )
 
-func verifyHost(host string, remote net.Addr, key ssh.PublicKey) error {
+func buildVerifyHostCallback(knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+	return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+		return verifyHost(hostname, remote, key, knownHosts)
+	}
+}
+
+func verifyHost(host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
 	hostKeyChecking := true
 	if x, ok := os.LookupEnv("KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING"); ok {
 		if b, err := strconv.ParseBool(x); err == nil && b {
@@ -23,23 +29,36 @@ func verifyHost(host string, remote net.Addr, key ssh.PublicKey) error {
 	}
 
 	allowAdd := false
-	files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS"))
-	if len(files) == 0 {
-		home, err := os.UserHomeDir()
-		if err != nil {
-			return err
-		}
-
-		f := filepath.Join(home, ".ssh", "known_hosts")
-		if !utils.Exists(filepath.Dir(f)) {
-			err = os.MkdirAll(filepath.Dir(f), 0o700)
+	var files []string
+	if knownHosts == nil {
+		files = filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS"))
+		if len(files) == 0 {
+			home, err := os.UserHomeDir()
 			if err != nil {
 				return err
 			}
-		}
 
-		files = append(files, f)
-		allowAdd = true
+			f := filepath.Join(home, ".ssh", "known_hosts")
+			if !utils.Exists(filepath.Dir(f)) {
+				err = os.MkdirAll(filepath.Dir(f), 0o700)
+				if err != nil {
+					return err
+				}
+			}
+
+			files = append(files, f)
+			allowAdd = true
+		}
+	} else {
+		tmpFile, err := os.CreateTemp(utils.GetTmpBaseDir(), "known_hosts-")
+		if err != nil {
+			return err
+		}
+		defer func() {
+			_ = tmpFile.Close()
+			_ = os.Remove(tmpFile.Name())
+		}()
+		files = append(files, tmpFile.Name())
 	}
 
 	for _, f := range files {
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 82b822ee2..bd7fe5672 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -139,7 +139,8 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 	}
 
 	g.remoteRefs, err = remote.List(&git.ListOptions{
-		Auth: auth,
+		Auth:     auth.AuthMethod,
+		CABundle: auth.CABundle,
 	})
 	if err != nil {
 		return err
@@ -150,7 +151,8 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 	}
 
 	err = remote.Fetch(&git.FetchOptions{
-		Auth:     auth,
+		Auth:     auth.AuthMethod,
+		CABundle: auth.CABundle,
 		Progress: os.Stdout,
 		Tags:     git.AllTags,
 		Force:    true,

From 2838933fa4a32373e7e98da355e795faf50da9dd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 15:29:58 +0200
Subject: [PATCH 0069/2268] feat: Use vendored Helm dependency instead of
 relying on an installed helm binary

---
 go.mod                       |  77 +++++-
 go.sum                       | 464 +++++++++++++++++++++++++++++++----
 pkg/deployment/helm_chart.go | 305 +++++++++++++----------
 3 files changed, 664 insertions(+), 182 deletions(-)

diff --git a/go.mod b/go.mod
index 73da526f4..6aec263c0 100644
--- a/go.mod
+++ b/go.mod
@@ -36,17 +36,27 @@ require (
 	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
 	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
-	k8s.io/api v0.25.0-alpha.0
-	k8s.io/apimachinery v0.25.0-alpha.0
-	k8s.io/client-go v0.25.0-alpha.0
+	helm.sh/helm/v3 v3.8.2
+	k8s.io/api v0.24.0-rc.1
+	k8s.io/apimachinery v0.24.0-rc.1
+	k8s.io/client-go v0.24.0-rc.1
 	sigs.k8s.io/kind v0.12.0
 	sigs.k8s.io/kustomize/api v0.11.4
 	sigs.k8s.io/kustomize/kyaml v0.13.6
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1
 )
 
+replace (
+	k8s.io/api => k8s.io/api v0.23.5
+	k8s.io/apimachinery => k8s.io/apimachinery v0.23.5
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.5
+	k8s.io/client-go => k8s.io/client-go v0.23.5
+	k8s.io/component-base => k8s.io/component-base v0.23.5
+)
+
 require (
 	cloud.google.com/go/compute v1.6.1 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
@@ -54,24 +64,39 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v1.1.0 // indirect
+	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Masterminds/squirrel v1.5.2 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
+	github.com/containerd/containerd v1.6.3 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.14+incompatible // indirect
 	github.com/docker/docker v20.10.14+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
-	github.com/emicklei/go-restful v2.15.0+incompatible // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-metrics v0.0.1 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/gammazero/deque v0.1.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/go-gorp/gorp/v3 v3.0.2 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
@@ -81,35 +106,63 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/lib/pq v1.10.5 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moby/locker v1.0.1 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 // indirect
+	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.34.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rubenv/sql-migrate v1.1.1 // indirect
+	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/cobra v1.4.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
 	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
@@ -118,13 +171,21 @@ require (
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46 // indirect
+	google.golang.org/grpc v1.46.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/apiextensions-apiserver v0.23.6 // indirect
+	k8s.io/apiserver v0.23.6 // indirect
+	k8s.io/cli-runtime v0.24.0-rc.1 // indirect
+	k8s.io/component-base v0.24.0-rc.1 // indirect
 	k8s.io/klog/v2 v2.60.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 // indirect
+	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
+	k8s.io/kubectl v0.23.5 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	oras.land/oras-go v1.1.1 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index fe612bf11..800475ba0 100644
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,5 @@
 bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
+bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -55,27 +56,30 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
+github.com/Azure/go-autorest/autorest v0.11.20/go.mod h1:o3tqFY+QR40VOlk+pV4d77mORO64jOXSgEnPQgLK6JY=
 github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
 github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
-github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
-github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
+github.com/Azure/go-autorest/autorest/adal v0.9.15/go.mod h1:tGMin8I49Yij6AQ+rvV+Xa/zwxYQB5hmsd6DkfAx2+A=
 github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
@@ -85,7 +89,24 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
+github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
+github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
+github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
+github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/squirrel v1.5.2 h1:UiOEi2ZX4RCSkpiNDQN5kro/XIBpSRk9iTqdIRPzUXE=
+github.com/Masterminds/squirrel v1.5.2/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
+github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -105,16 +126,24 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3
 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
 github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
 github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
+github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
+github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
 github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
+github.com/Microsoft/hcsshim v0.9.2 h1:wB06W5aYFfUB3IvootYAY2WnOmIdgPGfqSI6tufQNnY=
+github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
 github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
 github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 h1:cSHEbLj0GZeHM1mWG84qEnGFojNEQ83W7cwaPRjcwXU=
 github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
@@ -130,12 +159,15 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
+github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -145,36 +177,56 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
+github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
+github.com/aws/aws-sdk-go v1.34.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.44.1 h1:w34ZmPT6K4NTd7Yap1P7SLXPTii0ABmBz3KEh4KJdKc=
 github.com/aws/aws-sdk-go v1.44.1/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bitnami-labs/sealed-secrets v0.17.5 h1:v5ENZRSrgog3GnFr8fWfVtrUTPlZlNlbsjaro9mn6YY=
 github.com/bitnami-labs/sealed-secrets v0.17.5/go.mod h1:ZgGUqKixr/SRpsG8LVXnuneyZG7DOX/+eCRvXi8SVjo=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
+github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
+github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
+github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
+github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
 github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
+github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -183,6 +235,7 @@ github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLI
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -197,6 +250,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
+github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
+github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
 github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
@@ -211,11 +267,14 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S
 github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
 github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
 github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
+github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
+github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
 github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
 github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
 github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
@@ -229,7 +288,12 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7
 github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
 github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
 github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
+github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
+github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
+github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
+github.com/containerd/containerd v1.6.3 h1:JfgUEIAH07xDWk6kqz0P3ArZt+KJ9YeihSC9uyFtSKg=
+github.com/containerd/containerd v1.6.3/go.mod h1:gCVGrYRYFm2E8GmuUIbj/NGD7DLZQLzSJQazjVKDOig=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -237,6 +301,7 @@ github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cE
 github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
 github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
 github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
+github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
 github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
@@ -245,6 +310,8 @@ github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1S
 github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
 github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
 github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
+github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
+github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
 github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
 github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
@@ -254,9 +321,11 @@ github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak
 github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
 github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
 github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
+github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
 github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
 github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
 github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
+github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
 github.com/containerd/stargz-snapshotter/estargz v0.10.1 h1:hd1EoVjI2Ax8Cr64tdYqnJ4i4pZU49FkEf5kU8KxQng=
 github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
@@ -277,15 +346,20 @@ github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNR
 github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
+github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
 github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
 github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
+github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -302,8 +376,11 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
+github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
+github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
@@ -312,11 +389,17 @@ github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7h
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
+github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
+github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684/go.mod h1:UfCu3YXJJCI+IdnqGgYP82dk2+Joxmv+mUTVBES6wac=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
+github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v20.10.12+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v20.10.14+incompatible h1:dSBKJOVesDgHo7rbxlYjYsXe7gPzrTT+/cKQgpDAazg=
 github.com/docker/cli v20.10.14+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -325,27 +408,33 @@ github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w=
 github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
+github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
+github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
+github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.15.0+incompatible h1:8KpYO/Xl/ZudZs5RNOEhWMBY4hmzlZhhRd9cu+jrZP4=
-github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -358,6 +447,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -367,12 +457,17 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
+github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
+github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
+github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
+github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
+github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -382,6 +477,7 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
+github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/gammazero/deque v0.1.0/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
 github.com/gammazero/deque v0.1.1 h1:xRVkDuSvDmFuMGf3IquHuRc2jlL0+v/WpFCWaauzwbE=
 github.com/gammazero/deque v0.1.1/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
@@ -389,6 +485,7 @@ github.com/gammazero/workerpool v1.1.2 h1:vuioDQbgrz4HoaCi2q1HLlOXdpbap5AET7xu5/
 github.com/gammazero/workerpool v1.1.2/go.mod h1:UelbXcO0zCIGFcufcirHhq2/xtLXJdQ29qZNlXG9OjQ=
 github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
+github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
@@ -408,26 +505,42 @@ github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gorp/gorp/v3 v3.0.2 h1:ULqJXIekoqMx29FI5ekXXFoH1dT2Vc8UhnRzBg+Emz4=
+github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro=
+github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
 github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
@@ -444,7 +557,21 @@ github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX91eVn1JYXMWt7ig=
 github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
+github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
+github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
+github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
+github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
+github.com/gobuffalo/packr/v2 v2.8.1/go.mod h1:c/PLlOuTU+p3SybaJATW3H6lX/iK7xEz5OeMf+NnJpg=
+github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=
+github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-yaml v1.9.5 h1:Eh/+3uk9kLxG4koCX6lRMAPS1OaMSAi+FJcya0INdB0=
@@ -454,8 +581,11 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -469,12 +599,15 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
 github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -504,13 +637,17 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
+github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
+github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
+github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
+github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
 github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -523,8 +660,10 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
 github.com/google/go-containerregistry v0.8.0 h1:mtR24eN6rapCN+shds82qFEIWWmg64NPMuyCNT7/Ogc=
 github.com/google/go-containerregistry v0.8.0/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -556,6 +695,8 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
@@ -564,18 +705,27 @@ github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/Oth
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
+github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=
+github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
+github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
+github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
@@ -586,6 +736,7 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
 github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@@ -597,6 +748,7 @@ github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iP
 github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
@@ -624,6 +776,9 @@ github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpT
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
+github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -635,7 +790,9 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ=
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
+github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -644,13 +801,20 @@ github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
+github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
+github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
+github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -662,6 +826,10 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/karrick/godirwalk v1.15.8/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
+github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -677,6 +845,7 @@ github.com/klauspost/compress v1.15.2/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHU
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -689,18 +858,39 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
+github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
+github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
+github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ=
+github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
+github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
+github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
+github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
+github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
+github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
+github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
@@ -719,12 +909,22 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
+github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
+github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
+github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
+github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
@@ -732,12 +932,19 @@ github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@@ -745,13 +952,24 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
+github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
 github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
+github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
+github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
 github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
+github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
 github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
+github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A=
+github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
+github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -761,36 +979,46 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/ohler55/ojg v1.14.0 h1:DyHomsCwofNswmKj7BLMdx51xnKbXxgIo1rVWCaBcNk=
 github.com/ohler55/ojg v1.14.0/go.mod h1:3+GH+0PggMKocQtbZCrFifal3yRpHiBT4QUkxFJI6e8=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
+github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
 github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -800,14 +1028,17 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 h1:q37d91F6BO4Jp1UqWiun0dUFYaqv6WsKTLTCaWv+8LY=
 github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec=
+github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
 github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
+github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -818,6 +1049,8 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
+github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@@ -828,6 +1061,8 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
+github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -839,6 +1074,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
+github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -847,10 +1084,14 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
@@ -859,6 +1100,12 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE=
+github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -868,8 +1115,9 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
@@ -878,20 +1126,34 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rubenv/sql-migrate v0.0.0-20210614095031-55d5740dbbcc/go.mod h1:HFLT6i9iR4QBOF5rdCyjddC9t59ArqWJV2xx+jwcCMo=
+github.com/rubenv/sql-migrate v1.1.1 h1:haR5Hn8hbW9/SpAICrXoZqXnywS7Q5WijwkQENPeNWY=
+github.com/rubenv/sql-migrate v1.1.1/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
+github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
+github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
+github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
+github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
@@ -906,6 +1168,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
@@ -913,10 +1176,13 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
 github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
@@ -930,6 +1196,7 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
@@ -955,7 +1222,9 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG
 github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@@ -969,9 +1238,11 @@ github.com/vbauerster/mpb/v7 v7.4.1/go.mod h1:Ygg2mV9Vj9sQBWqsK2m2pidcf9H3s6bNKt
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
+github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
@@ -982,8 +1253,12 @@ github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6e
 github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo=
 github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
@@ -995,13 +1270,20 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
+github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
+github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
+github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
+github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
@@ -1009,6 +1291,10 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3
 go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
+go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
+go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
+go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
+go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -1016,24 +1302,49 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
+go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
+go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
+go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
+go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
+go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
+go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
+go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
+go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
+go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
+go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
+go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1041,16 +1352,20 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1134,6 +1449,7 @@ golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -1142,12 +1458,17 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -1209,6 +1530,7 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1248,6 +1570,7 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1256,6 +1579,7 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1263,6 +1587,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1274,25 +1599,34 @@ golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1300,7 +1634,9 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1318,13 +1654,14 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1340,10 +1677,12 @@ golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1361,21 +1700,25 @@ golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200308013534-11ec41452d41/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
@@ -1384,6 +1727,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM=
+golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1463,17 +1808,20 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1520,6 +1868,8 @@ google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46 h1:G1IeWbjrqEq9ChWxEuRPJu6laA67+XgTFHVSAvepr38=
+google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1554,6 +1904,8 @@ google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5
 google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1583,8 +1935,10 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+gopkg.in/gorp.v1 v1.7.2/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
@@ -1615,6 +1969,8 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
+helm.sh/helm/v3 v3.8.2 h1:HDhe2nKek976VLMPZlIgJbNqwcqvHYBp1qy+sXQ4jiY=
+helm.sh/helm/v3 v3.8.2/go.mod h1:NxtE2KObf2PrzDl6SIamPFPKyAqWi10iWuvKlQn/Yao=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1622,63 +1978,89 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
-k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
-k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
-k8s.io/api v0.25.0-alpha.0 h1:BiYeMLWoLcGGWE46gdnlwluFa23+Hr3I2Qp8U6c2wYY=
-k8s.io/api v0.25.0-alpha.0/go.mod h1:sOibYBePcsE/DBjbbi+Z+FCG9lFPR7xuKSR2r6RTCNs=
-k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
-k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
-k8s.io/apimachinery v0.25.0-alpha.0 h1:gAzcXIp+FkB3w8+m34na2qxSScwQWKtryRU8JfkS/NU=
-k8s.io/apimachinery v0.25.0-alpha.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
+k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8=
+k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ=
+k8s.io/apiextensions-apiserver v0.23.6 h1:v58cQ6Z0/GK1IXYr+oW0fnYl52o9LTY0WgoWvI8uv5Q=
+k8s.io/apiextensions-apiserver v0.23.6/go.mod h1:YVh17Mphv183THQJA5spNFp9XfoidFyL3WoDgZxQIZU=
+k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
+k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
 k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
 k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
 k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
-k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
-k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
-k8s.io/client-go v0.25.0-alpha.0 h1:IwIWODi6Uz7QlOU8J2tv8APdDtytoowveKF9IoKpHa4=
-k8s.io/client-go v0.25.0-alpha.0/go.mod h1:V7vCXDCdD8Goobi4oQhsSNXtlWfyBJi+LHFaiYWpR5s=
-k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk=
-k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI=
-k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM=
+k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ=
+k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw=
+k8s.io/apiserver v0.23.6 h1:p94LiXcsSnpSDIl4cv98liBuFKcaygSCNopFNfMg/Ac=
+k8s.io/apiserver v0.23.6/go.mod h1:5PU32F82tfErXPmf7FXhd/UcuLfh97tGepjKUgJ2atg=
+k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY=
+k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4=
+k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8=
+k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4=
+k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
+k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
+k8s.io/code-generator v0.23.6/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
+k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE=
+k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0=
+k8s.io/component-helpers v0.23.5/go.mod h1:5riXJgjTIs+ZB8xnf5M2anZ8iQuq37a0B/0BgoPQuSM=
 k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
 k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
 k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
 k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
+k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
+k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
-k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 h1:nBQrWPlrNIiw0BsX6a6MKr1itkm0ZS0Nl97kNLitFfI=
-k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
+k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
+k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4=
+k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
+k8s.io/kubectl v0.23.5 h1:DmDULqCaF4qstj0Im143XmncvqWtJxHzK8IrW2BzlU0=
+k8s.io/kubectl v0.23.5/go.mod h1:lLgw7cVY8xbd7o637vOXPca/w6HC205KsPCRDYRCxwE=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
+k8s.io/metrics v0.23.5/go.mod h1:WNAtV2a5BYbmDS8+7jSqYYV6E3efuGTpIwJ8PTD1wgs=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+oras.land/oras-go v1.1.1 h1:gI00ftziRivKXaw1BdMeEoIA4uBgga33iVlOsEwefFs=
+oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
+sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/kind v0.12.0 h1:LFynXwQkH1MrWI8pM1FQty0oUwEKjU5EkMaVZaPld8E=
 sigs.k8s.io/kind v0.12.0/go.mod h1:EcgDSBVxz8Bvm19fx8xkioFrf9dC30fMJdOTXBSGNoM=
+sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8=
 sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo=
 sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
+sigs.k8s.io/kustomize/cmd/config v0.10.2/go.mod h1:K2aW7nXJ0AaT+VA/eO0/dzFLxmpFcTzudmAgDwPY1HQ=
+sigs.k8s.io/kustomize/kustomize/v4 v4.4.1/go.mod h1:qOKJMMz2mBP+vcS7vK+mNz4HBLjaQSWRY22EF6Tb7Io=
+sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E=
 sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs=
 sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 0b26b404c..e080d8075 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -4,13 +4,23 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/pkg/errors"
+	log "github.com/sirupsen/logrus"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	"helm.sh/helm/v3/pkg/chartutil"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/cli/values"
+	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/registry"
+	"helm.sh/helm/v3/pkg/release"
+	"helm.sh/helm/v3/pkg/repo"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"regexp"
 	"sort"
@@ -36,35 +46,8 @@ func NewHelmChart(configFile string) (*helmChart, error) {
 	return hc, nil
 }
 
-func (c *helmChart) withRepoContext(cb func(repoName string) error) error {
-	needRepo := false
-	repoName := "stable"
-
-	if c.Config.Repo != nil && *c.Config.Repo != "stable" {
-		needRepo = true
-		repoName = fmt.Sprintf("kluctl-%s", utils.Sha256String(*c.Config.Repo))[:16]
-	}
-
-	if needRepo {
-		_, _ = c.doHelm([]string{"repo", "remove", repoName}, true)
-		_, err := c.doHelm([]string{"repo", "add", repoName, *c.Config.Repo}, false)
-		if err != nil {
-			return err
-		}
-		defer func() {
-			_, _ = c.doHelm([]string{"repo", "remove", repoName}, true)
-		}()
-	} else {
-		_, err := c.doHelm([]string{"repo", "update"}, false)
-		if err != nil {
-			return err
-		}
-	}
-	return cb(repoName)
-}
-
 func (c *helmChart) GetChartName() (string, error) {
-	if c.Config.Repo != nil && strings.HasPrefix(*c.Config.Repo, "oci://") {
+	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
 		s := strings.Split(*c.Config.Repo, "/")
 		chartName := s[len(s)-1]
 		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
@@ -78,6 +61,16 @@ func (c *helmChart) GetChartName() (string, error) {
 	return *c.Config.ChartName, nil
 }
 
+func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
+	rc, err := registry.NewClient()
+	if err != nil {
+		return nil, err
+	}
+	return &action.Configuration{
+		RegistryClient: rc,
+	}, nil
+}
+
 func (c *helmChart) Pull() error {
 	chartName, err := c.GetChartName()
 	if err != nil {
@@ -89,25 +82,37 @@ func (c *helmChart) Pull() error {
 	rmDir := filepath.Join(targetDir, chartName)
 	_ = os.RemoveAll(rmDir)
 
-	var args []string
-	if c.Config.Repo != nil && strings.HasPrefix(*c.Config.Repo, "oci://") {
-		args = []string{"pull", *c.Config.Repo, "--destination", targetDir, "--untar"}
-		args = append(args, "--version")
-		args = append(args, *c.Config.ChartVersion)
-		_, err = c.doHelm(args, false)
+	cfg, err := c.buildHelmConfig()
+	if err != nil {
 		return err
+	}
+	a := action.NewPullWithOpts(action.WithConfig(cfg))
+	a.Settings = cli.New()
+	a.Untar = true
+	a.DestDir = targetDir
+	a.Version = *c.Config.ChartVersion
+
+	var out string
+	if registry.IsOCI(*c.Config.Repo) {
+		out, err = a.Run(*c.Config.Repo)
 	} else {
-		return c.withRepoContext(func(repoName string) error {
-			args = []string{"pull", fmt.Sprintf("%s/%s", repoName, chartName), "--destination", targetDir, "--untar"}
-			args = append(args, "--version", *c.Config.ChartVersion)
-			_, err = c.doHelm(args, false)
-			return err
-		})
+		a.RepoURL = *c.Config.Repo
+		out, err = a.Run(chartName)
 	}
+	// a bug in the Pull command causes this directory to be created by accident
+	_ = os.RemoveAll(rmDir + fmt.Sprintf("-%s.tar.gz", a.Version))
+	_ = os.RemoveAll(rmDir + fmt.Sprintf("-%s.tgz", a.Version))
+	if out != "" {
+		log.Info(out)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
 func (c *helmChart) CheckUpdate() (string, bool, error) {
-	if c.Config.Repo != nil && strings.HasPrefix(*c.Config.Repo, "oci://") {
+	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
 		return "", false, nil
 	}
 	chartName, err := c.GetChartName()
@@ -115,37 +120,39 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 		return "", false, err
 	}
 	var latestVersion string
-	err = c.withRepoContext(func(repoName string) error {
-		chartName := fmt.Sprintf("%s/%s", repoName, chartName)
-		args := []string{"search", "repo", chartName, "-oyaml", "-l"}
-		stdout, err := c.doHelm(args, false)
-		if err != nil {
-			return err
-		}
-		// ensure we didn't get partial matches
-		var lm []map[string]string
-		var ls versions.LooseVersionSlice
-		err = yaml.ReadYamlBytes(stdout, &lm)
-		if err != nil {
-			return err
-		}
-		for _, x := range lm {
-			if n, ok := x["name"]; ok && n == chartName {
-				if v, ok := x["version"]; ok {
-					ls = append(ls, versions.LooseVersion(v))
-				}
-			}
-		}
-		if len(ls) == 0 {
-			return fmt.Errorf("helm chart %s not found in repository", chartName)
-		}
-		sort.Sort(ls)
-		latestVersion = string(ls[len(ls)-1])
-		return nil
-	})
+
+	settings := cli.New()
+	e := repo.Entry{
+		URL:  *c.Config.Repo,
+		Name: chartName,
+	}
+	r, err := repo.NewChartRepository(&e, getter.All(settings))
+	if err != nil {
+		return "", false, err
+	}
+
+	indexFile, err := r.DownloadIndexFile()
+	if err != nil {
+		return "", false, err
+	}
+
+	index, err := repo.LoadIndexFile(indexFile)
 	if err != nil {
 		return "", false, err
 	}
+
+	indexEntry, ok := index.Entries[*c.Config.ChartName]
+	if !ok || len(indexEntry) == 0 {
+		return "", false, fmt.Errorf("helm chart %s not found in repo index", *c.Config.ChartName)
+	}
+
+	var ls versions.LooseVersionSlice
+	for _, x := range indexEntry {
+		ls = append(ls, versions.LooseVersion(x.Version))
+	}
+	sort.Stable(ls)
+	latestVersion = string(ls[len(ls)-1])
+
 	updated := latestVersion != *c.Config.ChartVersion
 	return latestVersion, updated, nil
 }
@@ -160,48 +167,109 @@ func (c *helmChart) Render(k *k8s.K8sCluster) error {
 	valuesPath := yaml.FixPathExt(filepath.Join(dir, "helm-values.yml"))
 	outputPath := filepath.Join(dir, c.Config.Output)
 
-	args := []string{"template", c.Config.ReleaseName, chartDir}
+	gvs, err := k.GetAllGroupVersions()
+	if err != nil {
+		return err
+	}
+
+	cfg, err := c.buildHelmConfig()
+	if err != nil {
+		return err
+	}
+
+	settings := cli.New()
+	valueOpts := values.Options{
+		ValueFiles: []string{valuesPath},
+	}
+
+	kubeVersion, err := chartutil.ParseKubeVersion(k.ServerVersion.String())
+	if err != nil {
+		return err
+	}
 
 	namespace := "default"
 	if c.Config.Namespace != nil {
 		namespace = *c.Config.Namespace
 	}
 
-	if utils.Exists(valuesPath) {
-		args = append(args, "-f", valuesPath)
-	}
-	args = append(args, "-n", namespace)
+	client := action.NewInstall(cfg)
+	client.DryRun = true
+	client.Namespace = namespace
+	client.ReleaseName = c.Config.ReleaseName
+	client.Replace = true
+	client.ClientOnly = true
+	client.KubeVersion = kubeVersion
 
 	if c.Config.SkipCRDs != nil && *c.Config.SkipCRDs {
-		args = append(args, "--skip-crds")
+		client.SkipCRDs = true
 	} else {
-		args = append(args, "--include-crds")
+		client.IncludeCRDs = true
+	}
+	for _, gv := range gvs {
+		client.APIVersions = append(client.APIVersions, gv)
 	}
-	args = append(args, "--skip-tests")
 
-	gvs, err := k.GetAllGroupVersions()
+	p := getter.All(settings)
+	vals, err := valueOpts.MergeValues(p)
 	if err != nil {
 		return err
 	}
-	for _, gv := range gvs {
-		args = append(args, fmt.Sprintf("--api-versions=%s", gv))
+
+	// Check chart dependencies to make sure all are present in /charts
+	chartRequested, err := loader.Load(chartDir)
+	if err != nil {
+		return err
 	}
-	args = append(args, fmt.Sprintf("--kube-version=%s", k.ServerVersion.String()))
 
-	rendered, err := c.doHelm(args, false)
+	if err := checkIfInstallable(chartRequested); err != nil {
+		return err
+	}
+
+	if chartRequested.Metadata.Deprecated {
+		log.Warningf("Chart %s is deprecated", *c.Config.ChartName)
+	}
+
+	rel, err := client.Run(chartRequested, vals)
 	if err != nil {
 		return err
 	}
 
-	parsed, err := yaml.ReadYamlAllBytes(rendered)
+	var parsed []*uo.UnstructuredObject
 
-	for _, o := range parsed {
-		m, ok := o.(map[string]interface{})
-		if !ok {
-			return fmt.Errorf("object is not a map")
+	doParse := func(s string) error {
+		m, err := yaml.ReadYamlAllString(s)
+		if err != nil {
+			return err
 		}
-		o := uo.FromMap(m)
+		for _, x := range m {
+			x2, ok := x.(map[string]interface{})
+			if !ok {
+				return fmt.Errorf("yaml object is not a map")
+			}
+			parsed = append(parsed, uo.FromMap(x2))
+		}
+		return nil
+	}
 
+	err = doParse(rel.Manifest)
+	if err != nil {
+		return err
+	}
+
+	if !client.DisableHooks {
+		for _, m := range rel.Hooks {
+			if isTestHook(m) {
+				continue
+			}
+			err = doParse(m.Manifest)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var fixed []interface{}
+	for _, o := range parsed {
 		// "helm install" will deploy resources to the given namespace automatically, but "helm template" does not
 		// add the necessary namespace in the rendered resources
 		err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
@@ -211,8 +279,9 @@ func (c *helmChart) Render(k *k8s.K8sCluster) error {
 		if err != nil {
 			return err
 		}
+		fixed = append(fixed, o)
 	}
-	rendered, err = yaml.WriteYamlAllBytes(parsed)
+	rendered, err := yaml.WriteYamlAllBytes(fixed)
 	if err != nil {
 		return err
 	}
@@ -224,51 +293,21 @@ func (c *helmChart) Render(k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (c *helmChart) doHelm(args []string, ignoreStdErr bool) ([]byte, error) {
-	cmd := exec.Command("helm", args...)
-	cmd.Env = append(os.Environ(), "HELM_EXPERIMENTAL_OCI=true")
-
-	if ignoreStdErr {
-		stderrPipe, err := cmd.StderrPipe()
-		if err != nil {
-			return nil, err
-		}
-		go func() {
-			buf := make([]byte, 1024)
-			for true {
-				n, err := stderrPipe.Read(buf)
-				if err != nil || n == 0 {
-					return
-				}
-			}
-		}()
-	} else {
-		cmd.Stderr = os.Stderr
-	}
-
-	stdoutPipe, err := cmd.StdoutPipe()
-	if err != nil {
-		return nil, err
-	}
-
-	err = cmd.Start()
-	if err != nil {
-		return nil, err
+func checkIfInstallable(ch *chart.Chart) error {
+	switch ch.Metadata.Type {
+	case "", "application":
+		return nil
 	}
-	defer cmd.Process.Kill()
+	return errors.Errorf("%s charts are not installable", ch.Metadata.Type)
+}
 
-	stdout, err := ioutil.ReadAll(stdoutPipe)
-	if err != nil {
-		return nil, err
-	}
-	ps, err := cmd.Process.Wait()
-	if err != nil {
-		return nil, err
-	}
-	if ps.ExitCode() != 0 {
-		return nil, fmt.Errorf("helm returned non-zero exit code %d", ps.ExitCode())
+func isTestHook(h *release.Hook) bool {
+	for _, e := range h.Events {
+		if e == release.HookTest {
+			return true
+		}
 	}
-	return stdout, nil
+	return false
 }
 
 func (c *helmChart) Save() error {

From ffa66e02529d312bdee4f1d7739a66f6166dae80 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 17:16:35 +0200
Subject: [PATCH 0070/2268] build: Remove traces of helm installation

---
 .github/ISSUE_TEMPLATE/BUG.yml | 8 --------
 .github/workflows/tests.yml    | 5 -----
 2 files changed, 13 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG.yml b/.github/ISSUE_TEMPLATE/BUG.yml
index 1dd5cccc3..be2370e3a 100644
--- a/.github/ISSUE_TEMPLATE/BUG.yml
+++ b/.github/ISSUE_TEMPLATE/BUG.yml
@@ -41,14 +41,6 @@ body:
       placeholder: "v1.22.0"
     validations:
       required: true
-  - type: input
-    id: helm
-    attributes:
-      label: Helm Version
-      description: "Please provide the full Helm version. (Output of `helm version`)"
-      placeholder: "v3.6.3"
-    validations:
-      required: true
   - type: textarea
     id: bug-description
     attributes:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 932808d7f..1ad4ff67a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -211,7 +211,6 @@ jobs:
         run: |
           echo "KUBECTL_VERSION=1.21.5" >> $GITHUB_ENV
           echo "KIND_VERSION=0.11.1" >> $GITHUB_ENV
-          echo "HELM_VERSION=3.6.3" >> $GITHUB_ENV
           echo "DOCKER_VERSION=20.10.9" >> $GITHUB_ENV
       - name: Download required tools
         shell: bash
@@ -220,9 +219,6 @@ jobs:
               $SUDO mv kubectl$TOOLS_EXE "$TOOLS_TARGET_DIR/"
           curl -L -o kind$TOOLS_EXE https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-${TOOLS_OS}-amd64 && \
               $SUDO mv kind$TOOLS_EXE "$TOOLS_TARGET_DIR/"
-          curl -L -o helm.tar.gz https://get.helm.sh/helm-v$HELM_VERSION-${TOOLS_OS}-amd64.tar.gz && \
-              tar xzf helm.tar.gz && \
-              $SUDO mv ${TOOLS_OS}-amd64/helm$TOOLS_EXE "$TOOLS_TARGET_DIR/"
           if [ "${{ runner.os }}" == "macOS" ]; then
             curl -L -o docker.tar.gz https://download.docker.com/mac/static/stable/x86_64/docker-$DOCKER_VERSION.tgz
             tar xzf docker.tar.gz
@@ -240,7 +236,6 @@ jobs:
         run: |
           kubectl version || true
           kind version || true
-          helm version || true
       - name: Start kind cluster
         shell: bash
         run: |

From 98f296647e8617d15990d5719d129109c0401218 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 17:16:44 +0200
Subject: [PATCH 0071/2268] fix: Fix crash in GitCredentialsFileAuthProvider

---
 pkg/git/auth/git_credentials_file.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index ea665c16f..b3a3b9f97 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -25,7 +25,7 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMe
 		return AuthMethodAndCA{}
 	}
 	auth := a.tryBuildAuth(gitUrl, filepath.Join(home, ".git-credentials"))
-	if auth.AuthMethod != nil {
+	if auth != nil {
 		return *auth
 	}
 

From d3ad0d0344e9b8e0e27cf6df4fbe3aa973c6df29 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Apr 2022 15:23:58 +0200
Subject: [PATCH 0072/2268] fix: Allow better debugging of ssh auth errors

---
 pkg/git/auth/ssh_auth_provider.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index d3c2a64ca..b37d242f1 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -50,32 +50,39 @@ func (a *sshDefaultIdentityAndAgent) Signers() ([]ssh.Signer, error) {
 }
 
 func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
+	log.Debugf("trying to add default identity")
 	u, err := user.Current()
 	if err != nil {
 		log.Debugf("No current user: %v", err)
 	} else {
-		signer, err := a.authProvider.readKey(filepath.Join(u.HomeDir, ".ssh", "id_rsa"))
+		path := filepath.Join(u.HomeDir, ".ssh", "id_rsa")
+		signer, err := a.authProvider.readKey(path)
 		if err != nil && !os.IsNotExist(err) {
 			log.Warningf("Failed to read default identity file for url %s: %v", gitUrl.String(), err)
 		} else if signer != nil {
+			log.Debugf("...added '%s' as default identity", path)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
+	log.Debugf("trying to add identities from ssh config")
 	for _, id := range ssh_config.GetAll(gitUrl.Hostname(), "IdentityFile") {
-		id = utils.ExpandPath(id)
-		signer, err := a.authProvider.readKey(id)
+		expanded := utils.ExpandPath(id)
+		log.Debugf("...trying '%s' (expanded: '%s')", id, expanded)
+		signer, err := a.authProvider.readKey(expanded)
 		if err != nil && !os.IsNotExist(err) {
 			log.Warningf("Failed to read key %s for url %s: %v", id, gitUrl.String(), err)
 		} else if err == nil {
+			log.Debugf("...added '%s' from ssh config", expanded)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
+	log.Debugf("trying to add agent keys")
 	agent, _, err := sshagent.New()
 	if err != nil {
 		log.Warningf("Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
@@ -85,6 +92,7 @@ func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
 			log.Warningf("Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)
 			return
 		}
+		log.Debugf("...added %d agent keys", len(signers))
 		a.signers = append(a.signers, signers...)
 	}
 }

From cc1be2ab170aeed08757bfabdd1a68d8b61e38ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 18:00:52 +0200
Subject: [PATCH 0073/2268] fix: Fix matching of patterns on windows

---
 pkg/utils/embed_util/packer/packer.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/utils/embed_util/packer/packer.go b/pkg/utils/embed_util/packer/packer.go
index 9714cedda..d02da2d7f 100644
--- a/pkg/utils/embed_util/packer/packer.go
+++ b/pkg/utils/embed_util/packer/packer.go
@@ -13,6 +13,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"io/fs"
 	"io/ioutil"
+	"os"
 	"path/filepath"
 	"reflect"
 	"strings"
@@ -74,7 +75,7 @@ func findFiles(dir string, patterns []string) (map[string]int64, error) {
 		}
 		match := false
 		for _, p := range globs {
-			if p.Match(rel) {
+			if p.Match(strings.ReplaceAll(rel, string(os.PathSeparator), "/")) {
 				match = true
 				break
 			}

From 36366c4071c511980c56984197ab0515c7db899b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 22:54:06 +0200
Subject: [PATCH 0074/2268] fix: Support BOMs in yaml files

---
 pkg/yaml/yaml.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 271c761fe..1726b4dae 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"github.com/goccy/go-yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"golang.org/x/text/encoding/unicode"
+	"golang.org/x/text/transform"
 	yaml3 "gopkg.in/yaml.v3"
 	"io"
 	"os"
@@ -18,8 +20,9 @@ func newYamlDecoder(r io.Reader) *yaml.Decoder {
 	return yaml.NewDecoder(r, yaml.Strict(), yaml.Validator(Validator))
 }
 
-func newYamlEncoder(w io.Writer) *yaml.Encoder {
-	return yaml.NewEncoder(w)
+func newUnicodeReader(r io.Reader) io.Reader {
+	utf16bom := unicode.BOMOverride(unicode.UTF8.NewDecoder())
+	return transform.NewReader(r, utf16bom)
 }
 
 func ReadYamlFile(p string, o interface{}) error {
@@ -45,6 +48,8 @@ func ReadYamlBytes(b []byte, o interface{}) error {
 }
 
 func ReadYamlStream(r io.Reader, o interface{}) error {
+	r = newUnicodeReader(r)
+
 	var err error
 	if _, ok := o.(*map[string]interface{}); ok {
 		// much faster
@@ -80,6 +85,8 @@ func ReadYamlAllBytes(b []byte) ([]interface{}, error) {
 }
 
 func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
+	r = newUnicodeReader(r)
+
 	// yaml.v3 is much faster then go-yaml
 	d := yaml3.NewDecoder(r)
 

From 9f5365d7f7d0d21715186b86fb10105a45ec16b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Apr 2022 23:24:55 +0200
Subject: [PATCH 0075/2268] fix: Show which chart failed

---
 pkg/deployment/helm_chart.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index e080d8075..343c87b19 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -158,6 +158,18 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 }
 
 func (c *helmChart) Render(k *k8s.K8sCluster) error {
+	chartName, err := c.GetChartName()
+	if err != nil {
+		return err
+	}
+	err = c.doRender(k)
+	if err != nil {
+		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", chartName, c.Config.ReleaseName, err)
+	}
+	return nil
+}
+
+func (c *helmChart) doRender(k *k8s.K8sCluster) error {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return err

From c701aeda77082125e7d28cce837caed5f7fe7a22 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 09:04:30 +0200
Subject: [PATCH 0076/2268] fix: Fallback to kubeconfig CA when
 kube-root-ca.crt is unavailable

---
 pkg/k8s/k8s_cluster.go |  6 ++++++
 pkg/seal/sealer.go     | 26 +++++++++++++++++++-------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index fec67980f..d9d9aa93b 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -40,6 +40,7 @@ type K8sCluster struct {
 	context string
 	DryRun  bool
 
+	restConfig *rest.Config
 	discovery  *disk.CachedDiscoveryClient
 	clientPool chan *parallelClientEntry
 
@@ -92,6 +93,7 @@ func NewK8sCluster(context string, dryRun bool) (*K8sCluster, error) {
 	}
 	config.QPS = 10
 	config.Burst = 20
+	k.restConfig = config
 
 	apiHost, err := url.Parse(config.Host)
 	if err != nil {
@@ -162,6 +164,10 @@ func (k *K8sCluster) Context() string {
 	return k.context
 }
 
+func (k *K8sCluster) GetCA() []byte {
+	return k.restConfig.CAData
+}
+
 func (k *K8sCluster) updateResources(doLock bool) error {
 	if doLock {
 		k.mutex.Lock()
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 75f8bb187..92dd6953d 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/scrypt"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
@@ -61,15 +62,26 @@ func getClusterId(k *k8s.K8sCluster) (string, error) {
 		Name:      "kube-root-ca.crt",
 		Namespace: "kube-system",
 	})
-	if err != nil {
+	if err != nil && !errors.IsNotFound(err) {
 		return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: %w", err)
 	}
-	kubeRootCA, ok, err := o.GetNestedString("data", "ca.crt")
-	if err != nil {
-		return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: %w", err)
-	}
-	if !ok {
-		return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: ca.crt key is missing")
+
+	var kubeRootCA string
+	if o != nil {
+		x, ok, err := o.GetNestedString("data", "ca.crt")
+		if err != nil {
+			return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: %w", err)
+		}
+		if !ok {
+			return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: ca.crt key is missing")
+		}
+		kubeRootCA = x
+	} else {
+		// fall-back to CA from kubeconfig
+		ca := k.GetCA()
+		if ca != nil {
+			kubeRootCA = string(ca)
+		}
 	}
 	return utils.Sha256String(kubeRootCA), nil
 }

From f02fc7c234b372762676e850d82a4f4364cc1cb4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 24 Mar 2022 08:14:15 +0100
Subject: [PATCH 0077/2268] fix: Ensure only one "accept host" prompts is shown
 at a time

---
 pkg/git/auth/ssh_known_hosts.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 2e0b06785..6a4225e5e 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -9,8 +9,11 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"sync"
 )
 
+var askHostMutex sync.Mutex
+
 func buildVerifyHostCallback(knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 	return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 		return verifyHost(hostname, remote, key, knownHosts)
@@ -18,6 +21,10 @@ func buildVerifyHostCallback(knownHosts []byte) func(hostname string, remote net
 }
 
 func verifyHost(host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
+	// Ensure only one prompt happens at a time
+	askHostMutex.Lock()
+	defer askHostMutex.Unlock()
+
 	hostKeyChecking := true
 	if x, ok := os.LookupEnv("KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING"); ok {
 		if b, err := strconv.ParseBool(x); err == nil && b {

From f9da55be0f76c10380cfdb4598a8369a2b6979a4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 10:16:43 +0200
Subject: [PATCH 0078/2268] feat: Implememt http based secrets source

---
 pkg/seal/secrets_loader.go      |  10 +++
 pkg/seal/secrets_loader_http.go | 138 ++++++++++++++++++++++++++++++++
 pkg/types/secrets_source.go     |  12 +++
 pkg/types/url.go                |  27 +++++++
 pkg/utils/prompts.go            |  29 +++++++
 5 files changed, 216 insertions(+)
 create mode 100644 pkg/seal/secrets_loader_http.go
 create mode 100644 pkg/types/url.go

diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index ca4a0ac21..8241d9547 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -12,15 +12,23 @@ import (
 	"strings"
 )
 
+type usernamePassword struct {
+	username string
+	password string
+}
+
 type SecretsLoader struct {
 	project    *kluctl_project.KluctlProjectContext
 	secretsDir string
+
+	credentialsCache map[string]usernamePassword
 }
 
 func NewSecretsLoader(p *kluctl_project.KluctlProjectContext, secretsDir string) *SecretsLoader {
 	return &SecretsLoader{
 		project:    p,
 		secretsDir: secretsDir,
+		credentialsCache: map[string]usernamePassword{},
 	}
 }
 
@@ -29,6 +37,8 @@ func (s *SecretsLoader) LoadSecrets(source *types.SecretSource) (*uo.Unstructure
 		return s.loadSecretsFile(source)
 	} else if source.SystemEnvVars != nil {
 		return s.loadSecretsSystemEnvs(source)
+	} else if source.Http != nil {
+		return s.loadSecretsHttp(source)
 	} else if source.AwsSecretsManager != nil {
 		return s.loadSecretsAwsSecretsManager(source)
 	} else {
diff --git a/pkg/seal/secrets_loader_http.go b/pkg/seal/secrets_loader_http.go
new file mode 100644
index 000000000..5678d8e2d
--- /dev/null
+++ b/pkg/seal/secrets_loader_http.go
@@ -0,0 +1,138 @@
+package seal
+
+import (
+	"fmt"
+	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+func (s *SecretsLoader) doHttp(httpSource *types.SecretSourceHttp, username string, password string) (*http.Response, string, error) {
+	client := &http.Client{}
+
+	method := "GET"
+	if httpSource.Method != nil {
+		method = *httpSource.Method
+	}
+
+	var reqBody io.Reader
+	if httpSource.Body != nil {
+		reqBody = strings.NewReader(*httpSource.Body)
+	}
+
+	req, err := http.NewRequest(method, httpSource.Url.String(), reqBody)
+	if err != nil {
+		return nil, "", err
+	}
+
+	if username != "" || password != "" {
+		req.SetBasicAuth(username, password)
+	}
+
+	for k, v := range httpSource.Headers {
+		req.Header.Set(k, v)
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, "", err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return resp, string(respBody), fmt.Errorf("http request to %s failed with status code %d", httpSource.Url.String(), resp.StatusCode)
+	}
+
+	return resp, string(respBody), nil
+}
+
+func (s *SecretsLoader) loadSecretsHttp(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+	resp, respBody, err := s.doHttp(source.Http, "", "")
+	if err != nil {
+		chgs := challenge.ResponseChallenges(resp)
+		if len(chgs) == 0 {
+			return nil, err
+		}
+
+		var realms []string
+		for _, chg := range chgs {
+			if x, ok := chg.Parameters["realm"]; ok {
+				if x != "" {
+					realms = append(realms, x)
+				}
+			}
+		}
+
+		credsKey := fmt.Sprintf("%s|%s", source.Http.Url.Host, strings.Join(realms, "+"))
+		creds, ok := s.credentialsCache[credsKey]
+		if !ok {
+			username, password, err := utils.AskForCredentials(fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
+			if err != nil {
+				return nil, err
+			}
+			creds = usernamePassword{
+				username: username,
+				password: password,
+			}
+			s.credentialsCache[credsKey] = creds
+		}
+
+		resp, respBody, err = s.doHttp(source.Http, creds.username, creds.password)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var respObj interface{}
+	var secrets *uo.UnstructuredObject
+
+	err = yaml.ReadYamlString(respBody, &respObj)
+	if err != nil {
+		return nil, err
+	}
+	if err != nil {
+		return nil, err
+	}
+	if source.Http.JsonPath != nil {
+		p, err := uo.NewMyJsonPath(*source.Http.JsonPath)
+		if err != nil {
+			return nil, err
+		}
+		x, ok := p.GetFirst(respObj)
+		if !ok {
+			return nil, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
+		}
+		s, ok := x.(string)
+		if !ok {
+			return nil, fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
+		}
+		secrets, err = uo.FromString(s)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		x, ok := respObj.(map[string]interface{})
+		if !ok {
+			return nil, fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
+		}
+		secrets = uo.FromMap(x)
+	}
+	secrets, ok, err := secrets.GetNestedObject("secrets")
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return uo.New(), nil
+	}
+	return secrets, nil
+}
diff --git a/pkg/types/secrets_source.go b/pkg/types/secrets_source.go
index c29f63615..2575ecbde 100644
--- a/pkg/types/secrets_source.go
+++ b/pkg/types/secrets_source.go
@@ -5,6 +5,14 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
+type SecretSourceHttp struct {
+	Url      YamlUrl           `yaml:"url,omitempty" validate:"required"`
+	Method   *string           `yaml:"method,omitempty"`
+	Body     *string           `yaml:"body,omitempty"`
+	Headers  map[string]string `yaml:"headers,omitempty"`
+	JsonPath *string           `yaml:"jsonPath,omitempty"`
+}
+
 type SecretSourceAwsSecretsManager struct {
 	// Name or ARN of the secret. In case a name is given, the region must be specified as well
 	SecretName string `yaml:"secretName" validate:"required"`
@@ -17,6 +25,7 @@ type SecretSourceAwsSecretsManager struct {
 type SecretSource struct {
 	Path              *string                        `yaml:"path,omitempty"`
 	SystemEnvVars     *uo.UnstructuredObject         `yaml:"systemEnvVars,omitempty"`
+	Http              *SecretSourceHttp              `yaml:"http,omitempty"`
 	AwsSecretsManager *SecretSourceAwsSecretsManager `yaml:"awsSecretsManager,omitempty"`
 }
 
@@ -29,6 +38,9 @@ func ValidateSecretSource(sl validator.StructLevel) {
 	if s.SystemEnvVars != nil {
 		count += 1
 	}
+	if s.Http != nil {
+		count += 1
+	}
 	if s.AwsSecretsManager != nil {
 		count += 1
 	}
diff --git a/pkg/types/url.go b/pkg/types/url.go
new file mode 100644
index 000000000..703f8dfba
--- /dev/null
+++ b/pkg/types/url.go
@@ -0,0 +1,27 @@
+package types
+
+import (
+	"net/url"
+)
+
+type YamlUrl struct {
+	url.URL
+}
+
+func (u *YamlUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var s string
+	err := unmarshal(&s)
+	if err != nil {
+		return err
+	}
+	u2, err := url.Parse(s)
+	if err != nil {
+		return err
+	}
+	u.URL = *u2
+	return err
+}
+
+func (u YamlUrl) MarshalYAML() (interface{}, error) {
+	return u.String(), nil
+}
diff --git a/pkg/utils/prompts.go b/pkg/utils/prompts.go
index 5662fe1aa..06cecf885 100644
--- a/pkg/utils/prompts.go
+++ b/pkg/utils/prompts.go
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"bufio"
 	"fmt"
 	"github.com/mattn/go-isatty"
 	log "github.com/sirupsen/logrus"
@@ -64,3 +65,31 @@ func AskForPassword(prompt string) (string, error) {
 	password := string(bytePassword)
 	return strings.TrimSpace(password), nil
 }
+
+func AskForCredentials(prompt string) (string, string, error) {
+	if !isatty.IsTerminal(os.Stderr.Fd()) {
+		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
+		log.Warning(err)
+		return "", "", err
+	}
+
+	reader := bufio.NewReader(os.Stdin)
+
+	_, err := fmt.Fprintf(os.Stderr, prompt+"\n")
+	if err != nil {
+		return "", "", err
+	}
+
+	fmt.Fprint(os.Stderr, "Enter Username: ")
+	username, err := reader.ReadString('\n')
+	if err != nil {
+		return "", "", err
+	}
+
+	password, err := AskForPassword("Enter Password")
+	if err != nil {
+		return "", "", err
+	}
+
+	return strings.TrimSpace(username), strings.TrimSpace(password), nil
+}

From 5db07dc5688fdab1ea6f44711ac4b15096b56bdc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 10:17:24 +0200
Subject: [PATCH 0079/2268] feat: Add NTLM support for http secrets

---
 go.mod                          |  1 +
 go.sum                          |  2 ++
 pkg/seal/secrets_loader_http.go | 11 ++++++++++-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 6aec263c0..ab56a0893 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module github.com/kluctl/kluctl/v2
 go 1.18
 
 require (
+	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
 	github.com/alecthomas/kong v0.5.0
 	github.com/aws/aws-sdk-go v1.44.1
 	github.com/bitnami-labs/sealed-secrets v0.17.5
diff --git a/go.sum b/go.sum
index 800475ba0..492559201 100644
--- a/go.sum
+++ b/go.sum
@@ -84,6 +84,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
+github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ=
+github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
diff --git a/pkg/seal/secrets_loader_http.go b/pkg/seal/secrets_loader_http.go
index 5678d8e2d..25454a746 100644
--- a/pkg/seal/secrets_loader_http.go
+++ b/pkg/seal/secrets_loader_http.go
@@ -1,7 +1,9 @@
 package seal
 
 import (
+	"crypto/tls"
 	"fmt"
+	"github.com/Azure/go-ntlmssp"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -14,7 +16,14 @@ import (
 )
 
 func (s *SecretsLoader) doHttp(httpSource *types.SecretSourceHttp, username string, password string) (*http.Response, string, error) {
-	client := &http.Client{}
+	client := &http.Client{
+		Transport: ntlmssp.Negotiator{
+			RoundTripper: &http.Transport{
+				// This disables HTTP2.0 support, as it does not play well together with NTLM
+				TLSNextProto: make(map[string]func(string, *tls.Conn) http.RoundTripper),
+			},
+		},
+	}
 
 	method := "GET"
 	if httpSource.Method != nil {

From 2f2dfcb553a7e7f8b0fdbfddf80406de19485a48 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 10:54:29 +0200
Subject: [PATCH 0080/2268] tests: Log validation errors in e2e tests

---
 e2e/utils.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/e2e/utils.go b/e2e/utils.go
index 1a1abc672..622ac374f 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -3,8 +3,10 @@ package e2e
 import (
 	"bufio"
 	"bytes"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
+	log "github.com/sirupsen/logrus"
 	"io"
 	"os/exec"
 	"reflect"
@@ -37,6 +39,18 @@ func waitForReadiness(t *testing.T, k *KindCluster, namespace string, resource s
 		if v.Ready {
 			return true
 		}
+
+		if log.IsLevelEnabled(log.DebugLevel) {
+			errTxt := ""
+			for _, e := range v.Errors {
+				if errTxt != "" {
+					errTxt += "\n"
+				}
+				errTxt += fmt.Sprintf("%s: %s", e.Ref.String(), e.Error)
+			}
+			log.Debugf("validation failed. errors:\n%s", errTxt)
+		}
+		time.Sleep(1 * time.Second)
 	}
 	return false
 }

From 074a253b67fb9dc53a8b1c569e0ab4bccb5d6b56 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 11:50:56 +0200
Subject: [PATCH 0081/2268] fix: Add timeout to git/load operations

---
 cmd/kluctl/args/project.go         |  4 +++
 cmd/kluctl/commands/utils.go       |  6 ++++-
 pkg/git/mirrored_repo.go           | 43 ++++++++++++++++--------------
 pkg/kluctl_project/git.go          | 21 ++++++++-------
 pkg/kluctl_project/load.go         | 17 ++++++------
 pkg/kluctl_project/load_targets.go | 11 ++++----
 6 files changed, 58 insertions(+), 44 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 8b6f0d583..d6f555799 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -1,5 +1,7 @@
 package args
 
+import "time"
+
 type ProjectFlags struct {
 	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
@@ -12,6 +14,8 @@ type ProjectFlags struct {
 	FromArchiveMetadata string `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." type:"existingfile"`
 	OutputMetadata      string `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file." type:"file"`
 	Cluster             string `group:"project" help:"Specify/Override cluster"`
+
+	LoadTimeout time.Duration `group:"project" help:"Specify timeout for project loading. This will especially limit the time spent in git operations." default:"1m"`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index b8181e29c..3275ae470 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
@@ -12,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
+	"time"
 )
 
 func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
@@ -48,7 +50,9 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		GitAuthProviders:    auth.NewDefaultAuthProviders(),
 	}
 
-	p, err := kluctl_project.LoadKluctlProject(loadArgs, tmpDir, j2)
+	loadCtx, cancel := context.WithDeadline(context.Background(), time.Now().Add(projectFlags.LoadTimeout))
+	defer cancel()
+	p, err := kluctl_project.LoadKluctlProject(loadCtx, loadArgs, tmpDir, j2)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index bd7fe5672..b6db9ed33 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -1,6 +1,7 @@
 package git
 
 import (
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@@ -13,6 +14,7 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
 )
 import "github.com/gofrs/flock"
 
@@ -22,7 +24,6 @@ type MirroredGitRepo struct {
 	url       git_url.GitUrl
 	mirrorDir string
 
-	hasLock    bool
 	hasUpdated bool
 	fileLock   *flock.Flock
 
@@ -50,26 +51,28 @@ func (g *MirroredGitRepo) HasUpdated() bool {
 	return g.hasUpdated
 }
 
-func (g *MirroredGitRepo) Lock() error {
-	err := g.fileLock.Lock()
+func (g *MirroredGitRepo) Lock(ctx context.Context) error {
+	ok, err := g.fileLock.TryLockContext(ctx, time.Millisecond*100)
 	if err != nil {
-		return err
+		return fmt.Errorf("locking of %s failed: %w", g.fileLock.Path(), err)
+	}
+	if !ok {
+		return fmt.Errorf("locking of %s failed: unkown reason", g.fileLock.Path())
 	}
-	g.hasLock = true
 	return nil
 }
 
 func (g *MirroredGitRepo) Unlock() error {
 	err := g.fileLock.Unlock()
 	if err != nil {
+		log.Warningf("Unlock of %s failed: %v", g.fileLock.Path(), err)
 		return err
 	}
-	g.hasLock = false
 	return nil
 }
 
-func (g *MirroredGitRepo) WithLock(cb func() error) error {
-	err := g.Lock()
+func (g *MirroredGitRepo) WithLock(ctx context.Context, cb func() error) error {
+	err := g.Lock(ctx)
 	if err != nil {
 		return err
 	}
@@ -77,9 +80,9 @@ func (g *MirroredGitRepo) WithLock(cb func() error) error {
 	return cb()
 }
 
-func (g *MirroredGitRepo) MaybeWithLock(lock bool, cb func() error) error {
+func (g *MirroredGitRepo) MaybeWithLock(ctx context.Context, lock bool, cb func() error) error {
 	if lock {
-		return g.WithLock(cb)
+		return g.WithLock(ctx, cb)
 	}
 	return cb()
 }
@@ -124,7 +127,7 @@ func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProviders *auth2.GitAuthProviders) error {
 	log.Infof("Updating mirror repo: url='%v'", g.url.String())
 	r, err := git.PlainOpen(repoDir)
 	if err != nil {
@@ -138,7 +141,7 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 		return err
 	}
 
-	g.remoteRefs, err = remote.List(&git.ListOptions{
+	g.remoteRefs, err = remote.ListContext(ctx, &git.ListOptions{
 		Auth:     auth.AuthMethod,
 		CABundle: auth.CABundle,
 	})
@@ -150,7 +153,7 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 		remoteRefsMap[reference.Name()] = true
 	}
 
-	err = remote.Fetch(&git.FetchOptions{
+	err = remote.FetchContext(ctx, &git.FetchOptions{
 		Auth:     auth.AuthMethod,
 		CABundle: auth.CABundle,
 		Progress: os.Stdout,
@@ -197,10 +200,10 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 	return nil
 }
 
-func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) cloneOrUpdate(ctx context.Context, authProviders *auth2.GitAuthProviders) error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	if utils.IsFile(initMarker) {
-		return g.update(g.mirrorDir, authProviders)
+		return g.update(ctx, g.mirrorDir, authProviders)
 	}
 	err := g.cleanupMirrorDir()
 	if err != nil {
@@ -232,7 +235,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) e
 		return err
 	}
 
-	err = g.update(tmpMirrorDir, authProviders)
+	err = g.update(ctx, tmpMirrorDir, authProviders)
 	if err != nil {
 		return err
 	}
@@ -254,8 +257,8 @@ func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) e
 	return nil
 }
 
-func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
-	err := g.cloneOrUpdate(authProviders)
+func (g *MirroredGitRepo) Update(ctx context.Context, authProviders *auth2.GitAuthProviders) error {
+	err := g.cloneOrUpdate(ctx, authProviders)
 	if err != nil {
 		return err
 	}
@@ -263,8 +266,8 @@ func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
 	return nil
 }
 
-func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
-	if !g.hasLock || !g.hasUpdated {
+func (g *MirroredGitRepo) CloneProject(ctx context.Context, ref string, targetDir string) error {
+	if !g.fileLock.Locked() || !g.hasUpdated {
 		log.Fatalf("tried to clone from a project that is not locked/updated")
 	}
 
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 93abdfc9b..acd7f2a7f 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -1,6 +1,7 @@
 package kluctl_project
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -15,7 +16,7 @@ import (
 	"sync"
 )
 
-func (c *KluctlProjectContext) updateGitCaches() error {
+func (c *KluctlProjectContext) updateGitCaches(ctx context.Context) error {
 	var waitGroup sync.WaitGroup
 	var firstError error
 	var firstErrorLock sync.Mutex
@@ -29,9 +30,9 @@ func (c *KluctlProjectContext) updateGitCaches() error {
 	}
 
 	doUpdateRepo := func(repo *git.MirroredGitRepo) error {
-		return repo.WithLock(func() error {
+		return repo.WithLock(ctx, func() error {
 			if !repo.HasUpdated() {
-				return repo.Update(c.loadArgs.GitAuthProviders)
+				return repo.Update(ctx, c.loadArgs.GitAuthProviders)
 			}
 			return nil
 		})
@@ -120,7 +121,7 @@ func (c *KluctlProjectContext) buildCloneDir(u git_url.GitUrl, ref string) (stri
 	return cloneDir, nil
 }
 
-func (c *KluctlProjectContext) cloneGitProject(gitProject types2.ExternalProject, defaultGitSubDir string, doAddInvolvedRepo bool, doLock bool) (result gitProjectInfo, err error) {
+func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject types2.ExternalProject, defaultGitSubDir string, doAddInvolvedRepo bool, doLock bool) (result gitProjectInfo, err error) {
 	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
 	if err != nil {
 		return
@@ -147,21 +148,21 @@ func (c *KluctlProjectContext) cloneGitProject(gitProject types2.ExternalProject
 			return
 		}
 		c.mirroredRepos[gitProject.Project.Url.NormalizedRepoKey()] = mr
-		err = mr.Lock()
+		err = mr.Lock(ctx)
 		if err != nil {
 			return
 		}
 		defer mr.Unlock()
 	}
 
-	err = mr.MaybeWithLock(doLock, func() error {
+	err = mr.MaybeWithLock(ctx, doLock, func() error {
 		if !mr.HasUpdated() {
-			err = mr.Update(c.loadArgs.GitAuthProviders)
+			err = mr.Update(ctx, c.loadArgs.GitAuthProviders)
 			if err != nil {
 				return err
 			}
 		}
-		return mr.CloneProject(gitProject.Project.Ref, targetDir)
+		return mr.CloneProject(ctx, gitProject.Project.Ref, targetDir)
 	})
 	if err != nil {
 		return
@@ -192,7 +193,7 @@ func (c *KluctlProjectContext) localProject(dir string) gitProjectInfo {
 	}
 }
 
-func (c *KluctlProjectContext) cloneKluctlProject() (gitProjectInfo, error) {
+func (c *KluctlProjectContext) cloneKluctlProject(ctx context.Context) (gitProjectInfo, error) {
 	if c.loadArgs.ProjectUrl == nil {
 		p, err := os.Getwd()
 		if err != nil {
@@ -200,7 +201,7 @@ func (c *KluctlProjectContext) cloneKluctlProject() (gitProjectInfo, error) {
 		}
 		return c.localProject(p), err
 	}
-	return c.cloneGitProject(types2.ExternalProject{
+	return c.cloneGitProject(ctx, types2.ExternalProject{
 		Project: &types2.GitProject{
 			Url: *c.loadArgs.ProjectUrl,
 			Ref: c.loadArgs.ProjectRef,
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 48dffe726..1db05eb24 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,6 +3,7 @@ package kluctl_project
 import (
 	"archive/tar"
 	"compress/gzip"
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
@@ -56,8 +57,8 @@ func (c *KluctlProjectContext) getConfigPath(projectDir string) string {
 	return configPath
 }
 
-func (c *KluctlProjectContext) load(allowGit bool) error {
-	kluctlProjectInfo, err := c.cloneKluctlProject()
+func (c *KluctlProjectContext) load(ctx context.Context, allowGit bool) error {
+	kluctlProjectInfo, err := c.cloneKluctlProject(ctx)
 	if err != nil {
 		return err
 	}
@@ -72,7 +73,7 @@ func (c *KluctlProjectContext) load(allowGit bool) error {
 	}
 
 	if allowGit {
-		err = c.updateGitCaches()
+		err = c.updateGitCaches(ctx)
 		if err != nil {
 			return err
 		}
@@ -115,7 +116,7 @@ func (c *KluctlProjectContext) load(allowGit bool) error {
 			return gitProjectInfo{}, fmt.Errorf("tried to load something from git while it was not allowed")
 		}
 
-		return c.cloneGitProject(*ep, defaultGitSubDir, true, true)
+		return c.cloneGitProject(ctx, *ep, defaultGitSubDir, true, true)
 	}
 
 	deploymentInfo, err := doClone(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
@@ -159,7 +160,7 @@ func (c *KluctlProjectContext) load(allowGit bool) error {
 	return nil
 }
 
-func LoadKluctlProject(args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
+func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
 	if args.FromArchive != "" {
 		if args.ProjectUrl != nil || args.ProjectRef != "" || args.ProjectConfig != "" || args.LocalClusters != "" || args.LocalDeployment != "" || args.LocalSealedSecrets != "" {
 			return nil, fmt.Errorf("--from-archive can not be combined with any other project related option")
@@ -168,18 +169,18 @@ func LoadKluctlProject(args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jin
 		if err != nil {
 			return nil, err
 		}
-		err = project.load(false)
+		err = project.load(ctx, false)
 		if err != nil {
 			return nil, err
 		}
 		return project, nil
 	} else {
 		p := NewKluctlProjectContext(args, tmpDir, j2)
-		err := p.load(true)
+		err := p.load(ctx, true)
 		if err != nil {
 			return nil, err
 		}
-		err = p.loadTargets()
+		err = p.loadTargets(ctx)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index 1d86d5d5e..bfafa94d5 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -1,6 +1,7 @@
 package kluctl_project
 
 import (
+	"context"
 	"fmt"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
@@ -26,7 +27,7 @@ type dynamicTargetInfo struct {
 	defaultBranch string
 }
 
-func (c *KluctlProjectContext) loadTargets() error {
+func (c *KluctlProjectContext) loadTargets(ctx context.Context) error {
 	targetNames := make(map[string]bool)
 	c.DynamicTargets = nil
 
@@ -39,7 +40,7 @@ func (c *KluctlProjectContext) loadTargets() error {
 		targetInfos = append(targetInfos, l...)
 	}
 
-	err := c.cloneDynamicTargets(targetInfos)
+	err := c.cloneDynamicTargets(ctx, targetInfos)
 	if err != nil {
 		return err
 	}
@@ -217,13 +218,13 @@ func (c *KluctlProjectContext) matchRef(s string, pattern string) (bool, string,
 	}
 }
 
-func (c *KluctlProjectContext) cloneDynamicTargets(dynamicTargets []*dynamicTargetInfo) error {
+func (c *KluctlProjectContext) cloneDynamicTargets(ctx context.Context, dynamicTargets []*dynamicTargetInfo) error {
 	wp := utils.NewDebuggerAwareWorkerPool(8)
 	defer wp.StopWait(false)
 
 	// lock all involved repos first
 	for _, mr := range c.mirroredRepos {
-		err := mr.Lock()
+		err := mr.Lock(ctx)
 		if err != nil {
 			return err
 		}
@@ -249,7 +250,7 @@ func (c *KluctlProjectContext) cloneDynamicTargets(dynamicTargets []*dynamicTarg
 			gitProject.Ref = *targetInfo.ref
 			ep := types.ExternalProject{Project: &gitProject}
 
-			gi, err := c.cloneGitProject(ep, "", false, false)
+			gi, err := c.cloneGitProject(ctx, ep, "", false, false)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {

From 9f81fa8fd3b7ddd70540bfebf9b1596ebaa1a1e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 12:00:53 +0200
Subject: [PATCH 0082/2268] tests: Show which resource failed in
 waitForReadiness

---
 e2e/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index 622ac374f..e52c131ac 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -48,7 +48,7 @@ func waitForReadiness(t *testing.T, k *KindCluster, namespace string, resource s
 				}
 				errTxt += fmt.Sprintf("%s: %s", e.Ref.String(), e.Error)
 			}
-			log.Debugf("validation failed. errors:\n%s", errTxt)
+			log.Debugf("validation failed for %s/%s. errors:\n%s", namespace, resource, errTxt)
 		}
 		time.Sleep(1 * time.Second)
 	}

From 75c514a8be6fd4f487300dd1bb9a366380154780 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 12:22:25 +0200
Subject: [PATCH 0083/2268] build: Less verbose CHANGELOGs

---
 .goreleaser.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 8967d7158..20c4e885e 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -57,9 +57,11 @@ changelog:
   sort: asc
   filters:
     exclude:
-      - '^docs:'
-      - '^test:'
+      - '^doc.*:'
+      - '^test.*:'
       - '^chore:'
+      - '^build:'
+      - '^refactor:'
 
 release:
   prerelease: auto

From f99211ba0cce0e269f0813dc0df15bdeb228ecb5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 15:43:11 +0200
Subject: [PATCH 0084/2268] fix: Make working/project dir configurable while
 loading projects

---
 cmd/kluctl/commands/utils.go  | 6 ++++++
 pkg/kluctl_project/git.go     | 6 +-----
 pkg/kluctl_project/project.go | 1 +
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3275ae470..8ad5e6ad0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -38,7 +38,13 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 	}
 	defer j2.Close()
 
+	cwd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
+		ProjectDir:          cwd,
 		ProjectUrl:          url,
 		ProjectRef:          projectFlags.ProjectRef,
 		ProjectConfig:       projectFlags.ProjectConfig,
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index acd7f2a7f..3a6b56a00 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -195,11 +195,7 @@ func (c *KluctlProjectContext) localProject(dir string) gitProjectInfo {
 
 func (c *KluctlProjectContext) cloneKluctlProject(ctx context.Context) (gitProjectInfo, error) {
 	if c.loadArgs.ProjectUrl == nil {
-		p, err := os.Getwd()
-		if err != nil {
-			return gitProjectInfo{}, err
-		}
-		return c.localProject(p), err
+		return c.localProject(c.loadArgs.ProjectDir), nil
 	}
 	return c.cloneGitProject(ctx, types2.ExternalProject{
 		Project: &types2.GitProject{
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index c44c64555..bacb21ae2 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -11,6 +11,7 @@ import (
 )
 
 type LoadKluctlProjectArgs struct {
+	ProjectDir          string
 	ProjectUrl          *git_url.GitUrl
 	ProjectRef          string
 	ProjectConfig       string

From 798a13e2a792338c2e346311795ce3693889207e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 17:31:22 +0200
Subject: [PATCH 0085/2268] refactor: Allow to pass clientConfig from outside

---
 cmd/kluctl/commands/cmd_downscale.go   |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  2 +-
 cmd/kluctl/commands/utils.go           | 10 ++++++++-
 pkg/jinja2/vars.go                     |  2 +-
 pkg/k8s/k8s_cluster.go                 | 31 ++++++++------------------
 pkg/kluctl_project/target_context.go   | 10 +++++++--
 6 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index e5383e3b2..7df0a744b 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -37,7 +37,7 @@ func (cmd *downscaleCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.K.Context())) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterConfig.Cluster.Context)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 33c62ced3..a65f2e079 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -37,7 +37,7 @@ func (cmd *pokeImagesCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.K.Context())) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterConfig.Cluster.Context)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 8ad5e6ad0..9c449aa91 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -12,6 +12,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 	"os"
 	"time"
 )
@@ -130,7 +132,13 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 		renderOutputDir = tmpDir
 	}
 
-	ctx, err := p.NewTargetContext(args.targetFlags.Target, args.projectFlags.Cluster,
+	clientConfigGetter := func(context string) (*rest.Config, error) {
+		configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+		configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
+		return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
+	}
+
+	ctx, err := p.NewTargetContext(clientConfigGetter, args.targetFlags.Target, args.projectFlags.Cluster,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun,
 		optionArgs, forSeal, images, inclusion,
 		renderOutputDir)
diff --git a/pkg/jinja2/vars.go b/pkg/jinja2/vars.go
index b130cafb3..1c42f4c38 100644
--- a/pkg/jinja2/vars.go
+++ b/pkg/jinja2/vars.go
@@ -97,7 +97,7 @@ func (vc *VarsCtx) loadVarsFromK8sObject(k *k8s.K8sCluster, ref k8s2.ObjectRef,
 		return err
 	}
 	if !found {
-		return fmt.Errorf("key %s not found in %s on cluster %s", key, ref.String(), k.Context())
+		return fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
 	}
 
 	err = vc.loadVarsFromString(value)
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index d9d9aa93b..59871f052 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -21,7 +21,6 @@ import (
 	"k8s.io/client-go/metadata"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
 	"net/http"
 	"net/url"
 	"path/filepath"
@@ -37,8 +36,7 @@ var (
 )
 
 type K8sCluster struct {
-	context string
-	DryRun  bool
+	DryRun bool
 
 	restConfig *rest.Config
 	discovery  *disk.CachedDiscoveryClient
@@ -78,30 +76,22 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 	})
 }
 
-func NewK8sCluster(context string, dryRun bool) (*K8sCluster, error) {
+func NewK8sCluster(configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 	k := &K8sCluster{
-		context: context,
-		DryRun:  dryRun,
+		DryRun: dryRun,
 	}
 
-	configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
-	configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
+	k.restConfig = rest.CopyConfig(configIn)
+	k.restConfig.QPS = 10
+	k.restConfig.Burst = 20
 
-	config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-	config.QPS = 10
-	config.Burst = 20
-	k.restConfig = config
-
-	apiHost, err := url.Parse(config.Host)
+	apiHost, err := url.Parse(k.restConfig.Host)
 	if err != nil {
 		return nil, err
 	}
 	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
 	httpCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/http", apiHost.Hostname())
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, httpCacheDir, time.Hour*24)
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(k.restConfig), discoveryCacheDir, httpCacheDir, time.Hour*24)
 	if err != nil {
 		return nil, err
 	}
@@ -111,6 +101,7 @@ func NewK8sCluster(context string, dryRun bool) (*K8sCluster, error) {
 	k.clientPool = make(chan *parallelClientEntry, parallelClients)
 	for i := 0; i < parallelClients; i++ {
 		p := &parallelClientEntry{}
+		config := rest.CopyConfig(k.restConfig)
 		config.WarningHandler = p
 
 		p.http, err = rest.HTTPClientFor(config)
@@ -160,10 +151,6 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 	return &k2
 }
 
-func (k *K8sCluster) Context() string {
-	return k.context
-}
-
 func (k *K8sCluster) GetCA() []byte {
 	return k.restConfig.CAData
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 257967bad..29b662338 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/client-go/rest"
 	"path/filepath"
 )
 
@@ -20,7 +21,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *KluctlProjectContext) NewTargetContext(targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *KluctlProjectContext) NewTargetContext(clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -51,7 +52,12 @@ func (p *KluctlProjectContext) NewTargetContext(targetName string, clusterName s
 		return nil, err
 	}
 
-	k, err := k8s.NewK8sCluster(clusterConfig.Cluster.Context, dryRun)
+	clientConfig, err := clientConfigGetter(clusterConfig.Cluster.Context)
+	if err != nil {
+		return nil, err
+	}
+
+	k, err := k8s.NewK8sCluster(clientConfig, dryRun)
 	if err != nil {
 		return nil, err
 	}

From ce2ff99362aba95a3c1e87969b71cc16e18d86b6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Apr 2022 17:31:39 +0200
Subject: [PATCH 0086/2268] fix: Ignore missing clusters/sealedSecrets dirs
 when creating an archive

---
 pkg/kluctl_project/load.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 1db05eb24..511a514fd 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -287,11 +287,15 @@ func (c *KluctlProjectContext) CreateTGZArchive(archivePath string, embedMetadat
 	if err = utils.AddToTar(tw, c.DeploymentDir, "deployment", filter); err != nil {
 		return err
 	}
-	if err = utils.AddToTar(tw, c.ClustersDir, "clusters", filter); err != nil {
-		return err
+	if utils.Exists(c.ClustersDir) {
+		if err = utils.AddToTar(tw, c.ClustersDir, "clusters", filter); err != nil {
+			return err
+		}
 	}
-	if err = utils.AddToTar(tw, c.SealedSecretsDir, "sealed-secrets", filter); err != nil {
-		return err
+	if utils.Exists(c.SealedSecretsDir) {
+		if err = utils.AddToTar(tw, c.SealedSecretsDir, "sealed-secrets", filter); err != nil {
+			return err
+		}
 	}
 
 	return nil

From 1c97e464d4ce137532634d1588d58e3190c887bb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 08:03:56 +0200
Subject: [PATCH 0087/2268] fix: Check for username instead of e.Username in
 BuildAuth

---
 pkg/git/auth/list_auth_provider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index d469e500f..b929675af 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -53,7 +53,7 @@ func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 			username = e.Username
 		}
 
-		if e.Username == "*" {
+		if username == "*" {
 			// can't use "*" as username
 			continue
 		}

From 6d874e4ec742b6287331a0c67953a16597b54654 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 08:29:09 +0200
Subject: [PATCH 0088/2268] fix: Actually write known_hosts file when given

---
 pkg/git/auth/ssh_known_hosts.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 6a4225e5e..e5d522d6e 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -65,6 +65,10 @@ func verifyHost(host string, remote net.Addr, key ssh.PublicKey, knownHosts []by
 			_ = tmpFile.Close()
 			_ = os.Remove(tmpFile.Name())
 		}()
+		_, err = tmpFile.Write(knownHosts)
+		if err != nil {
+			return err
+		}
 		files = append(files, tmpFile.Name())
 	}
 

From c6987e0affe47feabe0be34def470ef917fd1152 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 13:32:14 +0200
Subject: [PATCH 0089/2268] refactor: Wrap ListImageTags into RegistryHelper

---
 .../commands/cmd_check_image_updates.go       |   4 +-
 cmd/kluctl/commands/utils.go                  |   4 +-
 pkg/deployment/images.go                      |   6 +-
 pkg/registries/registries.go                  | 104 +++++++++---------
 4 files changed, 63 insertions(+), 55 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 8d65ee305..6fd22dfd7 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -37,6 +37,8 @@ func (cmd *checkImageUpdatesCmd) Run() error {
 		return err
 	}
 
+	rh := registries.NewRegistryHelper()
+
 	wg := utils.NewWorkerPoolWithErrors(8)
 	defer wg.StopWait(false)
 
@@ -52,7 +54,7 @@ func (cmd *checkImageUpdatesCmd) Run() error {
 			repo := s[0]
 			if _, ok := imageTags[repo]; !ok {
 				wg.Submit(func() error {
-					tags, err := registries.ListImageTags(repo)
+					tags, err := rh.ListImageTags(repo)
 					mutex.Lock()
 					defer mutex.Unlock()
 					if err != nil {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 9c449aa91..7b0af0754 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,6 +9,7 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
@@ -100,7 +101,8 @@ func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *comma
 }
 
 func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, forSeal bool, cb func(ctx *commandCtx) error) error {
-	images, err := deployment.NewImages(args.imageFlags.UpdateImages)
+	rh := registries.NewRegistryHelper()
+	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 654c72025..076a211a6 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -18,6 +18,7 @@ import (
 )
 
 type Images struct {
+	rh           *registries.RegistryHelper
 	updateImages bool
 	fixedImages  []types.FixedImage
 	seenImages   []types.FixedImage
@@ -26,8 +27,9 @@ type Images struct {
 	registryCache utils.ThreadSafeMultiCache
 }
 
-func NewImages(updateImages bool) (*Images, error) {
+func NewImages(rh *registries.RegistryHelper, updateImages bool) (*Images, error) {
 	return &Images{
+		rh:           rh,
 		updateImages: updateImages,
 	}, nil
 }
@@ -73,7 +75,7 @@ func (images *Images) GetFixedImage(image string, namespace string, deployment s
 
 func (images *Images) GetLatestImageFromRegistry(image string, latestVersion string) (*string, error) {
 	ret, err := images.registryCache.Get(image, "tag", func() (interface{}, error) {
-		return registries.ListImageTags(image)
+		return images.rh.ListImageTags(image)
 	})
 	if err != nil {
 		return nil, err
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 86ccb63e4..727453199 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -33,11 +33,24 @@ func (e *noAuthRetryError) Error() string {
 	return e.msg
 }
 
-func ListImageTags(image string) ([]string, error) {
+type RegistryHelper struct {
+	cachedAuth      utils.ThreadSafeCache
+	cachedResponses utils.ThreadSafeMultiCache
+	authRealms      map[string]bool
+	authErrors      map[string]bool
+	init            sync.Once
+	mutex           sync.Mutex
+}
+
+func NewRegistryHelper() *RegistryHelper {
+	return &RegistryHelper{}
+}
+
+func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 	var nameOpts []name.Option
 	remoteOpts := []remote.Option{
-		remote.WithAuthFromKeychain(&globalMyKeychain),
-		remote.WithTransport(&globalMyKeychain),
+		remote.WithAuthFromKeychain(rh),
+		remote.WithTransport(rh),
 	}
 
 	repo, err := name.NewRepository(image, nameOpts...)
@@ -64,18 +77,7 @@ func ListImageTags(image string) ([]string, error) {
 	return ret, err
 }
 
-var globalMyKeychain myKeychain
-
-type myKeychain struct {
-	cachedAuth      utils.ThreadSafeCache
-	cachedResponses utils.ThreadSafeMultiCache
-	authRealms      map[string]bool
-	authErrors      map[string]bool
-	init            sync.Once
-	mutex           sync.Mutex
-}
-
-func (kc *myKeychain) doResolve(resource authn.Resource) (authn.Authenticator, error) {
+func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
 	registry := resource.RegistryStr()
 
 	for _, m := range utils.ParseEnvConfigSets("KLUCTL_REGISTRY") {
@@ -93,11 +95,11 @@ func (kc *myKeychain) doResolve(resource authn.Resource) (authn.Authenticator, e
 	return authn.DefaultKeychain.Resolve(resource)
 }
 
-func (kc *myKeychain) Resolve(resource authn.Resource) (authn.Authenticator, error) {
+func (rh *RegistryHelper) Resolve(resource authn.Resource) (authn.Authenticator, error) {
 	registry := resource.RegistryStr()
 
-	ret, err := kc.cachedAuth.Get(registry, func() (interface{}, error) {
-		return kc.doResolve(resource)
+	ret, err := rh.cachedAuth.Get(registry, func() (interface{}, error) {
+		return rh.doResolve(resource)
 	})
 	if err != nil {
 		return nil, err
@@ -105,15 +107,15 @@ func (kc *myKeychain) Resolve(resource authn.Resource) (authn.Authenticator, err
 	return ret.(authn.Authenticator), nil
 }
 
-func (kc *myKeychain) realmFromRequest(req *http.Request) string {
+func (rh *RegistryHelper) realmFromRequest(req *http.Request) string {
 	return fmt.Sprintf("%s://%s%s", req.URL.Scheme, req.URL.Host, req.URL.Path)
 }
 
-func (kc *myKeychain) getCachePath(key string) string {
+func (rh *RegistryHelper) getCachePath(key string) string {
 	return filepath.Join(utils.GetTmpBaseDir(), "registries-cache", key[0:2], key[2:4], key)
 }
 
-func (kc *myKeychain) checkInvalidToken(resBody []byte) bool {
+func (rh *RegistryHelper) checkInvalidToken(resBody []byte) bool {
 	j, err := uo.FromString(string(resBody))
 	if err != nil {
 		return false
@@ -139,8 +141,8 @@ func (kc *myKeychain) checkInvalidToken(resBody []byte) bool {
 	return false
 }
 
-func (kc *myKeychain) readCachedResponse(key string) []byte {
-	cachePath := kc.getCachePath(key)
+func (rh *RegistryHelper) readCachedResponse(key string) []byte {
+	cachePath := rh.getCachePath(key)
 	st, err := os.Stat(cachePath)
 
 	if err != nil {
@@ -163,7 +165,7 @@ func (kc *myKeychain) readCachedResponse(key string) []byte {
 		if err != nil {
 			return nil
 		}
-		if kc.checkInvalidToken(jb) {
+		if rh.checkInvalidToken(jb) {
 			return nil
 		}
 	}
@@ -171,8 +173,8 @@ func (kc *myKeychain) readCachedResponse(key string) []byte {
 	return b
 }
 
-func (kc *myKeychain) writeCachedResponse(key string, data []byte) {
-	cachePath := kc.getCachePath(key)
+func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
+	cachePath := rh.getCachePath(key)
 	if !utils.Exists(filepath.Dir(cachePath)) {
 		err := os.MkdirAll(filepath.Dir(cachePath), 0o700)
 		if err != nil {
@@ -193,15 +195,15 @@ func (kc *myKeychain) writeCachedResponse(key string, data []byte) {
 	}
 }
 
-func (kc *myKeychain) RoundTripCached(req *http.Request, extraKey string, onNew func(res *http.Response) error) (*http.Response, error) {
+func (rh *RegistryHelper) RoundTripCached(req *http.Request, extraKey string, onNew func(res *http.Response) error) (*http.Response, error) {
 	key := fmt.Sprintf("%s\n%s\n%s\n", req.Host, req.URL.Path, extraKey)
 	key = utils.Sha256String(key)
 
 	isNew := false
-	resI, err := kc.cachedResponses.Get(req.Host, key, func() (interface{}, error) {
+	resI, err := rh.cachedResponses.Get(req.Host, key, func() (interface{}, error) {
 		isNew = true
 
-		b := kc.readCachedResponse(key)
+		b := rh.readCachedResponse(key)
 		if b == nil {
 			res, err := remote.DefaultTransport.RoundTrip(req)
 			if err != nil {
@@ -213,7 +215,7 @@ func (kc *myKeychain) RoundTripCached(req *http.Request, extraKey string, onNew
 			}
 
 			if res.StatusCode < 500 {
-				kc.writeCachedResponse(key, b)
+				rh.writeCachedResponse(key, b)
 			}
 		}
 
@@ -240,22 +242,22 @@ func (kc *myKeychain) RoundTripCached(req *http.Request, extraKey string, onNew
 	return res, err
 }
 
-func (kc *myKeychain) RoundTripInfoReq(req *http.Request) (*http.Response, error) {
-	return kc.RoundTripCached(req, "info", func(res *http.Response) error {
-		kc.mutex.Lock()
-		defer kc.mutex.Unlock()
+func (rh *RegistryHelper) RoundTripInfoReq(req *http.Request) (*http.Response, error) {
+	return rh.RoundTripCached(req, "info", func(res *http.Response) error {
+		rh.mutex.Lock()
+		defer rh.mutex.Unlock()
 
 		chgs := challenge.ResponseChallenges(res)
 		for _, chg := range chgs {
 			if realm, ok := chg.Parameters["realm"]; ok {
-				kc.authRealms[realm] = true
+				rh.authRealms[realm] = true
 			}
 		}
 		return nil
 	})
 }
 
-func (kc *myKeychain) RoundTripAuth(req *http.Request) (*http.Response, error) {
+func (rh *RegistryHelper) RoundTripAuth(req *http.Request) (*http.Response, error) {
 	b := bytes.NewBuffer(nil)
 	err := req.Header.Write(b)
 	if err != nil {
@@ -266,42 +268,42 @@ func (kc *myKeychain) RoundTripAuth(req *http.Request) (*http.Response, error) {
 
 	hash := utils.Sha256String(b.String())
 
-	return kc.RoundTripCached(req, hash, func(res *http.Response) error {
-		kc.mutex.Lock()
-		defer kc.mutex.Unlock()
+	return rh.RoundTripCached(req, hash, func(res *http.Response) error {
+		rh.mutex.Lock()
+		defer rh.mutex.Unlock()
 
 		if res.StatusCode == http.StatusUnauthorized || res.StatusCode == http.StatusForbidden {
 			// if auth fails once for a registry, we must not retry any auth on that registry as we could easily run
 			// into an IP block
-			kc.authErrors[kc.realmFromRequest(req)] = true
+			rh.authErrors[rh.realmFromRequest(req)] = true
 		}
 
 		return nil
 	})
 }
 
-func (kc *myKeychain) RoundTrip(req *http.Request) (*http.Response, error) {
-	kc.init.Do(func() {
-		kc.authRealms = make(map[string]bool)
-		kc.authErrors = make(map[string]bool)
+func (rh *RegistryHelper) RoundTrip(req *http.Request) (*http.Response, error) {
+	rh.init.Do(func() {
+		rh.authRealms = make(map[string]bool)
+		rh.authErrors = make(map[string]bool)
 	})
 
 	if req.URL.Path == "/v2/" {
-		return kc.RoundTripInfoReq(req)
+		return rh.RoundTripInfoReq(req)
 	}
 
-	kc.mutex.Lock()
-	realm := kc.realmFromRequest(req)
-	_, isAuthRealm := kc.authRealms[realm]
-	_, isAuthError := kc.authErrors[realm]
-	kc.mutex.Unlock()
+	rh.mutex.Lock()
+	realm := rh.realmFromRequest(req)
+	_, isAuthRealm := rh.authRealms[realm]
+	_, isAuthError := rh.authErrors[realm]
+	rh.mutex.Unlock()
 
 	if isAuthError {
 		return nil, &noAuthRetryError{fmt.Sprintf("previous auth request for %s gave an error, we won't retry", realm)}
 	}
 
 	if isAuthRealm {
-		return kc.RoundTripAuth(req)
+		return rh.RoundTripAuth(req)
 	}
 
 	resp, err := remote.DefaultTransport.RoundTrip(req)

From 6a4a6b435e86ebaa1718a20ddfa3fa9a6dec923e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 13:55:23 +0200
Subject: [PATCH 0090/2268] refactor: Allow passing credentials to
 RegistryHelper

---
 cmd/kluctl/commands/utils.go |  4 ++
 pkg/registries/registries.go | 92 +++++++++++++++++++++++-------------
 2 files changed, 63 insertions(+), 33 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 7b0af0754..ac4944473 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -102,6 +102,10 @@ func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *comma
 
 func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, forSeal bool, cb func(ctx *commandCtx) error) error {
 	rh := registries.NewRegistryHelper()
+	err := rh.ParseAuthEntriesFromEnv()
+	if err != nil {
+		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
+	}
 	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages)
 	if err != nil {
 		return err
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 727453199..2dca60875 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -34,6 +34,8 @@ func (e *noAuthRetryError) Error() string {
 }
 
 type RegistryHelper struct {
+	authEntries []AuthEntry
+
 	cachedAuth      utils.ThreadSafeCache
 	cachedResponses utils.ThreadSafeMultiCache
 	authRealms      map[string]bool
@@ -42,6 +44,13 @@ type RegistryHelper struct {
 	mutex           sync.Mutex
 }
 
+type AuthEntry struct {
+	Registry string
+	Username string
+	Password string
+	Insecure bool
+}
+
 func NewRegistryHelper() *RegistryHelper {
 	return &RegistryHelper{}
 }
@@ -58,7 +67,8 @@ func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 		return nil, err
 	}
 
-	if isRegistryInsecure(repo.RegistryStr()) {
+	e := rh.findAuthEntry(repo.RegistryStr())
+	if e != nil && e.Insecure {
 		nameOpts = append(nameOpts, name.Insecure)
 		repo, err = name.NewRepository(image, nameOpts...)
 	}
@@ -77,20 +87,58 @@ func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 	return ret, err
 }
 
-func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
-	registry := resource.RegistryStr()
+func (rh *RegistryHelper) AddAuthEntry(e AuthEntry) {
+	rh.authEntries = append(rh.authEntries, e)
+}
+
+func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
+	defaultTlsVerify := true
+	if x, ok := os.LookupEnv("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY"); ok {
+		b, err := strconv.ParseBool(x)
+		if err != nil {
+			return fmt.Errorf("failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %w", err)
+		}
+		defaultTlsVerify = b
+	}
 
 	for _, m := range utils.ParseEnvConfigSets("KLUCTL_REGISTRY") {
-		host, _ := m["HOST"]
-		if host == registry {
-			username, _ := m["USERNAME"]
-			password, _ := m["PASSWORD"]
-			return authn.FromConfig(authn.AuthConfig{
-				Username: username,
-				Password: password,
-			}), nil
+		e := AuthEntry{
+			Registry: m["HOST"],
+			Username: m["USERNAME"],
+			Password: m["PASSWORD"],
+			Insecure: !defaultTlsVerify,
+		}
+		tlsverifyStr, ok := m["TLSVERIFY"]
+		if ok {
+			tlsverify, err := strconv.ParseBool(tlsverifyStr)
+			if err != nil {
+				return fmt.Errorf("failed to parse TLSVERIFY from env: %w", err)
+			}
+			e.Insecure = !tlsverify
+		}
+
+		rh.AddAuthEntry(e)
+	}
+	return nil
+}
+
+func (rh *RegistryHelper) findAuthEntry(registry string) *AuthEntry {
+	for _, e := range rh.authEntries {
+		if e.Registry == "*" || e.Registry == registry {
+			return &e
 		}
 	}
+	return nil
+}
+
+func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
+	e := rh.findAuthEntry(resource.RegistryStr())
+	if e != nil {
+		return authn.FromConfig(authn.AuthConfig{
+			Username: e.Username,
+			Password: e.Password,
+		}), nil
+	}
 
 	return authn.DefaultKeychain.Resolve(resource)
 }
@@ -309,25 +357,3 @@ func (rh *RegistryHelper) RoundTrip(req *http.Request) (*http.Response, error) {
 	resp, err := remote.DefaultTransport.RoundTrip(req)
 	return resp, err
 }
-
-func isRegistryInsecure(registry string) bool {
-	for _, m := range utils.ParseEnvConfigSets("KLUCTL_REGISTRY") {
-		host, _ := m["HOST"]
-		if host == registry {
-			tlsverifyStr, ok := m["TLSVERIFY"]
-			if ok {
-				tlsverify, err := strconv.ParseBool(tlsverifyStr)
-				if err == nil {
-					return !tlsverify
-				}
-			}
-		}
-	}
-
-	if x, ok := os.LookupEnv("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY"); ok {
-		if b, err := strconv.ParseBool(x); err == nil {
-			return !b
-		}
-	}
-	return false
-}

From fb064e9ca8411908d556a78705d9b01c36bc68ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 14:57:12 +0200
Subject: [PATCH 0091/2268] fix: Allow to configure CA bundles for registries

---
 pkg/registries/registries.go | 89 ++++++++++++++++++++++++++++++------
 1 file changed, 76 insertions(+), 13 deletions(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 2dca60875..b8123fd25 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -3,6 +3,8 @@ package registries
 import (
 	"bufio"
 	"bytes"
+	"context"
+	"crypto/x509"
 	"fmt"
 	"github.com/docker/distribution/registry/client/auth/challenge"
 	"github.com/golang-jwt/jwt/v4"
@@ -33,21 +35,27 @@ func (e *noAuthRetryError) Error() string {
 	return e.msg
 }
 
+type transportKeyType int
+
+var transportKey transportKeyType
+
 type RegistryHelper struct {
 	authEntries []AuthEntry
 
-	cachedAuth      utils.ThreadSafeCache
-	cachedResponses utils.ThreadSafeMultiCache
-	authRealms      map[string]bool
-	authErrors      map[string]bool
-	init            sync.Once
-	mutex           sync.Mutex
+	cachedTransports utils.ThreadSafeCache
+	cachedAuth       utils.ThreadSafeCache
+	cachedResponses  utils.ThreadSafeMultiCache
+	authRealms       map[string]bool
+	authErrors       map[string]bool
+	init             sync.Once
+	mutex            sync.Mutex
 }
 
 type AuthEntry struct {
 	Registry string
 	Username string
 	Password string
+	CABundle []byte
 	Insecure bool
 }
 
@@ -57,16 +65,22 @@ func NewRegistryHelper() *RegistryHelper {
 
 func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 	var nameOpts []name.Option
-	remoteOpts := []remote.Option{
-		remote.WithAuthFromKeychain(rh),
-		remote.WithTransport(rh),
+	repo, err := name.NewRepository(image, nameOpts...)
+	if err != nil {
+		return nil, err
 	}
 
-	repo, err := name.NewRepository(image, nameOpts...)
+	t, err := rh.buildTransport(repo.RegistryStr())
 	if err != nil {
 		return nil, err
 	}
 
+	remoteOpts := []remote.Option{
+		remote.WithAuthFromKeychain(rh),
+		remote.WithTransport(rh),
+		remote.WithContext(context.WithValue(context.Background(), transportKey, t)),
+	}
+
 	e := rh.findAuthEntry(repo.RegistryStr())
 	if e != nil && e.Insecure {
 		nameOpts = append(nameOpts, name.Insecure)
@@ -117,6 +131,17 @@ func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
 			e.Insecure = !tlsverify
 		}
 
+		ca_bundle_path := m["CA_BUNDLE"]
+		if ca_bundle_path != "" {
+			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
+			b, err := ioutil.ReadFile(ca_bundle_path)
+			if err != nil {
+				return fmt.Errorf("failed to read ca bundle %s: %w", ca_bundle_path, err)
+			} else {
+				e.CABundle = b
+			}
+		}
+
 		rh.AddAuthEntry(e)
 	}
 	return nil
@@ -131,6 +156,45 @@ func (rh *RegistryHelper) findAuthEntry(registry string) *AuthEntry {
 	return nil
 }
 
+func (rh *RegistryHelper) loadCA(registry string) (*x509.CertPool, error) {
+	e := rh.findAuthEntry(registry)
+	if e == nil || e.CABundle == nil {
+		return nil, nil
+	}
+
+	p := x509.NewCertPool()
+	if !p.AppendCertsFromPEM(e.CABundle) {
+		return nil, fmt.Errorf("failed to load CA for %s", registry)
+	}
+
+	return p, nil
+}
+
+func (rh *RegistryHelper) buildTransport(registry string) (http.RoundTripper, error) {
+	ret, err := rh.cachedTransports.Get(registry, func() (interface{}, error) {
+		ca, err := rh.loadCA(registry)
+		if err != nil {
+			return nil, err
+		}
+		if ca == nil {
+			return remote.DefaultTransport, nil
+		}
+
+		t := remote.DefaultTransport.Clone()
+		t.TLSClientConfig.RootCAs = ca
+		return t, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return ret.(http.RoundTripper), nil
+}
+
+func (rh *RegistryHelper) getTransport(req *http.Request) http.RoundTripper {
+	t := req.Context().Value(transportKey).(http.RoundTripper)
+	return t
+}
+
 func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
 	e := rh.findAuthEntry(resource.RegistryStr())
 	if e != nil {
@@ -253,7 +317,7 @@ func (rh *RegistryHelper) RoundTripCached(req *http.Request, extraKey string, on
 
 		b := rh.readCachedResponse(key)
 		if b == nil {
-			res, err := remote.DefaultTransport.RoundTrip(req)
+			res, err := rh.getTransport(req).RoundTrip(req)
 			if err != nil {
 				return nil, err
 			}
@@ -354,6 +418,5 @@ func (rh *RegistryHelper) RoundTrip(req *http.Request) (*http.Response, error) {
 		return rh.RoundTripAuth(req)
 	}
 
-	resp, err := remote.DefaultTransport.RoundTrip(req)
-	return resp, err
+	return rh.getTransport(req).RoundTrip(req)
 }

From df53812fcb12d9c5e873524d0b934f957556c9de Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Apr 2022 18:31:14 +0200
Subject: [PATCH 0092/2268] fix: Also support "auth" field in registry auth

---
 pkg/registries/registries.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index b8123fd25..da1c32496 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -55,6 +55,7 @@ type AuthEntry struct {
 	Registry string
 	Username string
 	Password string
+	Auth     string
 	CABundle []byte
 	Insecure bool
 }
@@ -120,6 +121,7 @@ func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
 			Registry: m["HOST"],
 			Username: m["USERNAME"],
 			Password: m["PASSWORD"],
+			Auth:     m["AUTH"],
 			Insecure: !defaultTlsVerify,
 		}
 		tlsverifyStr, ok := m["TLSVERIFY"]
@@ -201,6 +203,7 @@ func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticato
 		return authn.FromConfig(authn.AuthConfig{
 			Username: e.Username,
 			Password: e.Password,
+			Auth:     e.Auth,
 		}), nil
 	}
 

From 5cee2a141b3d7020bff55914e242f4bb806e7f0a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 May 2022 16:43:18 +0200
Subject: [PATCH 0093/2268] feat: Switch from kong to cobra

---
 cmd/kluctl/args/cobra_types.go          |  87 +++++++
 cmd/kluctl/args/images.go               |   8 +-
 cmd/kluctl/args/misc.go                 |   2 +-
 cmd/kluctl/args/project.go              |  16 +-
 cmd/kluctl/commands/cmd_render.go       |   2 +-
 cmd/kluctl/commands/cobra_utils.go      | 305 ++++++++++++++++++++++++
 cmd/kluctl/commands/root.go             |  85 +++----
 cmd/kluctl/commands/utils.go            |  16 +-
 go.mod                                  |  16 +-
 go.sum                                  |  12 +-
 pkg/deployment/deployment_collection.go |   5 +-
 pkg/deployment/utils/errors_holder.go   |   5 +-
 pkg/jinja2/jinja2.go                    |   8 +-
 pkg/utils/errorlist.go                  |   5 +-
 pkg/utils/workerpool.go                 |   2 +-
 15 files changed, 486 insertions(+), 88 deletions(-)
 create mode 100644 cmd/kluctl/args/cobra_types.go
 create mode 100644 cmd/kluctl/commands/cobra_utils.go

diff --git a/cmd/kluctl/args/cobra_types.go b/cmd/kluctl/args/cobra_types.go
new file mode 100644
index 000000000..7989383a1
--- /dev/null
+++ b/cmd/kluctl/args/cobra_types.go
@@ -0,0 +1,87 @@
+package args
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+)
+
+type existingPathType string
+
+func (s *existingPathType) Set(val string) error {
+	if val != "-" {
+		val = utils.ExpandPath(val)
+	}
+	if !utils.Exists(val) {
+		return fmt.Errorf("%s does not exist", val)
+	}
+	*s = existingPathType(val)
+	return nil
+}
+func (s *existingPathType) Type() string {
+	return "existingpath"
+}
+
+func (s *existingPathType) String() string { return string(*s) }
+
+type existingFileType string
+
+func (s *existingFileType) Set(val string) error {
+	if val != "-" {
+		val = utils.ExpandPath(val)
+	}
+	if !utils.Exists(val) {
+		return fmt.Errorf("%s does not exist", val)
+	}
+	if utils.IsDirectory(val) {
+		return fmt.Errorf("%s exists but is a directory", val)
+	}
+	*s = existingFileType(val)
+	return nil
+}
+func (s *existingFileType) Type() string {
+	return "existingfile"
+}
+
+func (s *existingFileType) String() string { return string(*s) }
+
+type existingDirType string
+
+func (s *existingDirType) Set(val string) error {
+	if val != "-" {
+		val = utils.ExpandPath(val)
+	}
+	if !utils.Exists(val) {
+		return fmt.Errorf("%s does not exist", val)
+	}
+	if !utils.IsDirectory(val) {
+		return fmt.Errorf("%s exists but is not a directory", val)
+	}
+	*s = existingDirType(val)
+	return nil
+}
+func (s *existingDirType) Type() string {
+	return "existingdir"
+}
+
+func (s *existingDirType) String() string { return string(*s) }
+
+type pathType string
+
+func (s *pathType) Set(val string) error {
+	if val != "-" {
+		val = utils.ExpandPath(val)
+	}
+	if !utils.Exists(val) {
+		return fmt.Errorf("%s does not exist", val)
+	}
+	if !utils.IsDirectory(val) {
+		return fmt.Errorf("%s exists but is not a directory", val)
+	}
+	*s = pathType(val)
+	return nil
+}
+func (s *pathType) Type() string {
+	return "path"
+}
+
+func (s *pathType) String() string { return string(*s) }
diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index bb9de4568..3cdcdb9f7 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -8,16 +8,16 @@ import (
 )
 
 type ImageFlags struct {
-	FixedImage      []string `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
-	FixedImagesFile string   `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" type:"existingfile"`
-	UpdateImages    bool     `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
+	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
+	FixedImagesFile existingFileType `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format"`
+	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
 }
 
 func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
 	var ret types.FixedImagesConfig
 
 	if args.FixedImagesFile != "" {
-		err := yaml.ReadYamlFile(args.FixedImagesFile, &ret)
+		err := yaml.ReadYamlFile(args.FixedImagesFile.String(), &ret)
 		if err != nil {
 			return nil, err
 		}
diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index a9fc026a8..c4972ca44 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -44,5 +44,5 @@ type OutputFlags struct {
 }
 
 type RenderOutputDirFlags struct {
-	RenderOutputDir string `group:"misc" help:"Specifies the target directory to render the project into. If omitted, a temporary directory is used." type:"path"`
+	RenderOutputDir pathType `group:"misc" help:"Specifies the target directory to render the project into. If omitted, a temporary directory is used."`
 }
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index d6f555799..167f04ea7 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -6,14 +6,14 @@ type ProjectFlags struct {
 	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
 
-	ProjectConfig       string `group:"project" short:"c" help:"Location of the .kluctl.yml config file. Defaults to $PROJECT/.kluctl.yml" type:"existingfile"`
-	LocalClusters       string `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yml" type:"existingdir"`
-	LocalDeployment     string `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yml" type:"existingdir"`
-	LocalSealedSecrets  string `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" type:"existingdir"`
-	FromArchive         string `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." type:"existing"`
-	FromArchiveMetadata string `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." type:"existingfile"`
-	OutputMetadata      string `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file." type:"file"`
-	Cluster             string `group:"project" help:"Specify/Override cluster"`
+	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yml config file. Defaults to $PROJECT/.kluctl.yml"`
+	LocalClusters       existingDirType  `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yml"`
+	LocalDeployment     existingDirType  `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yml"`
+	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" `
+	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents."`
+	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." `
+	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
+	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
 	LoadTimeout time.Duration `group:"project" help:"Specify timeout for project loading. This will especially limit the time spent in git operations." default:"1m"`
 }
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index a686da313..849175838 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -26,7 +26,7 @@ func (cmd *renderCmd) Run() error {
 		if err != nil {
 			return err
 		}
-		cmd.RenderOutputDir = p
+		_ = cmd.RenderOutputDir.Set(p)
 	}
 
 	ptArgs := projectTargetCommandArgs{
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
new file mode 100644
index 000000000..083e07693
--- /dev/null
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -0,0 +1,305 @@
+package commands
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+	"unicode"
+)
+
+type helpProvider interface {
+	Help() string
+}
+
+type runProvider interface {
+	Run() error
+}
+
+type rootCommand struct {
+	rootCmd    *commandAndGroups
+	groupInfos []groupInfo
+}
+
+type commandAndGroups struct {
+	parent *commandAndGroups
+	cmd    *cobra.Command
+	groups map[string]string
+}
+
+type groupInfo struct {
+	group       string
+	title       string
+	description string
+}
+
+func buildRootCobraCmd(cmdStruct interface{}, name string, short string, long string, groupInfos []groupInfo) (*cobra.Command, error) {
+	c := &rootCommand{
+		groupInfos: groupInfos,
+	}
+
+	cmd, err := c.buildCobraCmd(nil, cmdStruct, name, short, long)
+	if err != nil {
+		return nil, err
+	}
+	c.rootCmd = cmd
+
+	return cmd.cmd, nil
+}
+
+func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interface{}, name string, short string, long string) (*commandAndGroups, error) {
+	cg := &commandAndGroups{
+		parent: parent,
+		groups: map[string]string{},
+		cmd: &cobra.Command{
+			Use:   name,
+			Short: short,
+			Long:  long,
+		},
+	}
+
+	runP, ok := cmdStruct.(runProvider)
+	if ok {
+		cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
+			return runP.Run()
+		}
+	}
+
+	err := c.buildCobraSubCommands(cg, cmdStruct)
+	if err != nil {
+		return nil, err
+	}
+	err = c.buildCobraArgs(cg, cmdStruct)
+	if err != nil {
+		return nil, err
+	}
+
+	cg.cmd.SetHelpFunc(func(command *cobra.Command, i []string) {
+		c.helpFunc(cg)
+	})
+
+	return cg, nil
+}
+
+func (c *rootCommand) buildCobraSubCommands(cg *commandAndGroups, cmdStruct interface{}) error {
+	v := reflect.ValueOf(cmdStruct).Elem()
+	t := v.Type()
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		v2 := v.Field(i).Addr().Interface()
+		name := buildCobraName(f.Name)
+
+		if _, ok := f.Tag.Lookup("cmd"); ok {
+			// subcommand
+			shortHelp := f.Tag.Get("help")
+			longHelp := ""
+			if hp, ok := v2.(helpProvider); ok {
+				longHelp = hp.Help()
+			}
+
+			c2, err := c.buildCobraCmd(cg, v2, name, shortHelp, longHelp)
+			if err != nil {
+				return err
+			}
+			cg.cmd.AddCommand(c2.cmd)
+		}
+	}
+	return nil
+}
+
+func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}) error {
+	v := reflect.ValueOf(cmdStruct).Elem()
+	t := v.Type()
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		if _, ok := f.Tag.Lookup("cmd"); ok {
+			continue
+		}
+
+		err := c.buildCobraArg(cg, f, v.Field(i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField, v reflect.Value) error {
+	v2 := v.Addr().Interface()
+	name := buildCobraName(f.Name)
+
+	help := f.Tag.Get("help")
+	shortFlag := f.Tag.Get("short")
+	defaultValue := f.Tag.Get("default")
+
+	group := f.Tag.Get("group")
+	if group != "" {
+		cg.groups[name] = group
+	}
+
+	switch v2.(type) {
+	case pflag.Value:
+		cg.cmd.PersistentFlags().VarPF(v2.(pflag.Value), name, shortFlag, help)
+	case *string:
+		cg.cmd.PersistentFlags().StringVarP(v2.(*string), name, shortFlag, defaultValue, help)
+	case *[]string:
+		if defaultValue != "" {
+			return fmt.Errorf("default not supported for slices")
+		}
+		cg.cmd.PersistentFlags().StringSliceVarP(v2.(*[]string), name, shortFlag, nil, help)
+	case *bool:
+		parsedDefault := false
+		if defaultValue != "" {
+			x, err := strconv.ParseBool(defaultValue)
+			if err != nil {
+				return err
+			}
+			parsedDefault = x
+		}
+		cg.cmd.PersistentFlags().BoolVarP(v2.(*bool), name, shortFlag, parsedDefault, help)
+	case *time.Duration:
+		var parsedDefault time.Duration
+		if defaultValue != "" {
+			x, err := time.ParseDuration(defaultValue)
+			if err != nil {
+				return err
+			}
+			parsedDefault = x
+		}
+		cg.cmd.PersistentFlags().DurationVarP(v2.(*time.Duration), name, shortFlag, parsedDefault, help)
+	default:
+		if f.Anonymous {
+			return c.buildCobraArgs(cg, v2)
+		}
+		return fmt.Errorf("unknown type %s", f.Type.Name())
+	}
+
+	return nil
+}
+
+func copyViperValuesToCobraCmd(cmd *cobra.Command) error {
+	for cmd != nil {
+		err := copyViperValuesToCobraFlags(cmd.PersistentFlags())
+		if err != nil {
+			return err
+		}
+		cmd = cmd.Parent()
+	}
+	return nil
+}
+
+func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
+	var retErr []error
+	flags.VisitAll(func(flag *pflag.Flag) {
+		if flag.Changed {
+			return
+		}
+		v := viper.Get(flag.Name)
+		if v != nil {
+			s, ok := v.(string)
+			if !ok {
+				retErr = append(retErr, fmt.Errorf("viper flag %s is not a string", flag.Name))
+				return
+			}
+			err := flag.Value.Set(s)
+			if err != nil {
+				retErr = append(retErr, err)
+			}
+		}
+	})
+	return utils.NewErrorListOrNil(retErr)
+}
+
+func (c *rootCommand) helpFunc(cg *commandAndGroups) {
+	cmd := cg.cmd
+
+	termWidth := utils.GetTermWidth()
+
+	h := "Usage: "
+	if cmd.Runnable() {
+		h += cmd.UseLine()
+	}
+	if cmd.HasAvailableSubCommands() {
+		h += fmt.Sprintf("%s [command]", cmd.CommandPath())
+	}
+
+	h += "\n\n"
+	if cmd.Short != "" {
+		h += strings.TrimRightFunc(cmd.Short, unicode.IsSpace) + "\n"
+	}
+	if cmd.Long != "" {
+		h += strings.TrimRightFunc(cmd.Long, unicode.IsSpace) + "\n"
+	}
+
+	flagsByGroups := c.buildGroupedFlagSets(cg)
+
+	for _, g := range c.groupInfos {
+		fl, ok := flagsByGroups[g.group]
+		if !ok {
+			continue
+		}
+		h += "\n"
+		h += g.title + "\n"
+		if g.description != "" {
+			h += "  " + g.description + "\n\n"
+		}
+		usages := fl.FlagUsagesWrapped(termWidth)
+		usages = strings.TrimRightFunc(usages, unicode.IsSpace)
+		usages += "\n"
+		h += usages
+	}
+
+	if cmd.HasAvailableSubCommands() {
+		h += "\nCommands:\n"
+		for _, subCmd := range cmd.Commands() {
+			h += "  " + rpad(subCmd.Name(), subCmd.NamePadding()) + " " + subCmd.Short + "\n"
+		}
+		h += fmt.Sprintf("\nUse \"%s [command] --help\" for more information about a command.\n", cmd.CommandPath())
+	}
+
+	_, _ = cmd.OutOrStdout().Write([]byte(h))
+}
+
+func (c *rootCommand) buildGroupedFlagSets(cg *commandAndGroups) map[string]*pflag.FlagSet {
+	flagsByGroups := make(map[string]*pflag.FlagSet)
+
+	x := cg
+	for x != nil {
+		x.cmd.PersistentFlags().VisitAll(func(flag *pflag.Flag) {
+			group, ok := x.groups[flag.Name]
+			if !ok {
+				log.Panicf("group for %s not found", flag.Name)
+			}
+			fl, ok := flagsByGroups[group]
+			if !ok {
+				fl = pflag.NewFlagSet(group, pflag.PanicOnError)
+				flagsByGroups[group] = fl
+			}
+			fl.AddFlag(flag)
+		})
+		x = x.parent
+	}
+
+	return flagsByGroups
+}
+
+func rpad(s string, padding int) string {
+	template := fmt.Sprintf("%%-%ds", padding)
+	return fmt.Sprintf(template, s)
+}
+
+var matchFirstCap = regexp.MustCompile("(.)([A-Z][a-z]+)")
+var matchAllCap = regexp.MustCompile("([a-z0-9])([A-Z])")
+
+func buildCobraName(fieldName string) string {
+	n := matchFirstCap.ReplaceAllString(fieldName, "${1}-${2}")
+	n = matchAllCap.ReplaceAllString(n, "${1}-${2}")
+	return strings.ToLower(n)
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 9cfa4bf32..68a8fbb2a 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -16,13 +16,14 @@ limitations under the License.
 package commands
 
 import (
-	"github.com/alecthomas/kong"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -55,12 +56,12 @@ type cli struct {
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
 
-var flagGroups = []kong.Group{
-	{Key: "project", Title: "Project arguments:", Description: "Define where and how to load the kluctl project and its components from."},
-	{Key: "images", Title: "Image arguments:", Description: "Control fixed images and update behaviour."},
-	{Key: "inclusion", Title: "Inclusion/Exclusion arguments:", Description: "Control inclusion/exclusion."},
-	{Key: "misc", Title: "Misc arguments:", Description: "Command specific arguments."},
-	{Key: "global", Title: "Global arguments:"},
+var flagGroups = []groupInfo{
+	{group: "global", title: "Global arguments:"},
+	{group: "project", title: "Project arguments:", description: "Define where and how to load the kluctl project and its components from."},
+	{group: "images", title: "Image arguments:", description: "Control fixed images and update behaviour."},
+	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
+	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 }
 var globalFlagGroup = &flagGroups[len(flagGroups)-1]
 
@@ -125,7 +126,7 @@ func (c *cli) checkNewVersion() {
 	}
 }
 
-func (c *cli) AfterApply() error {
+func (c *cli) preRun() error {
 	if err := c.setupLogs(); err != nil {
 		return err
 	}
@@ -133,50 +134,50 @@ func (c *cli) AfterApply() error {
 	return nil
 }
 
-func (c *cli) Help() string {
-	return `
-Deploy and manage complex deployments on Kubernetes
+func initViper() {
+	viper.SetConfigName("config")
+	viper.SetConfigType("yaml")
+	viper.AddConfigPath("/etc/kluctl/")
+	viper.AddConfigPath("$HOME/.kluctl")
+	if err := viper.ReadInConfig(); err != nil {
+		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
+			log.Error(err)
+			os.Exit(1)
+		}
+	}
 
-The missing glue to put together large Kubernetes deployments,
-composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unified way.`
+	viper.SetEnvPrefix("kluctl")
+	viper.AutomaticEnv()
 }
 
-func ParseArgs(args []string, options ...kong.Option) (*kong.Kong, *kong.Context, error) {
-	var cli cli
+func Execute() {
+	root := cli{}
+	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
+		"Deploy and manage complex deployments on Kubernetes",
+		`The missing glue to put together large Kubernetes deployments,
+composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unified way.`,
+		flagGroups)
 
-	helpOption := kong.HelpOptions{
-		Compact:        true,
-		Summary:        true,
-		WrapUpperBound: 120,
+	if err != nil {
+		log.Fatal(err)
 	}
 
-	var options2 []kong.Option
-	options2 = append(options2, helpOption)
-	options2 = append(options2, kong.ExplicitGroups(flagGroups))
-	options2 = append(options2, kong.ShortUsageOnError())
-	options2 = append(options2, kong.Name("kluctl"))
-	options2 = append(options2, options...)
+	rootCmd.Version = version.GetVersion()
+	rootCmd.SilenceUsage = true
 
-	parser, err := kong.New(&cli, options2...)
-	if err != nil {
-		panic(err)
+	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
+		err := copyViperValuesToCobraCmd(cmd)
+		if err != nil {
+			return err
+		}
+		return root.preRun()
 	}
-	parser.Model.HelpFlag.Group = globalFlagGroup
-	ctx, err := parser.Parse(args)
-	return parser, ctx, err
-}
 
-func Execute() {
-	confOption := kong.Configuration(kong.JSON, "/etc/kluctl.json", "~/.kluctl/config.json")
-	envOption := kong.DefaultEnvars("KLUCTL")
-	parser, _, err := ExecuteWithArgs(os.Args[1:], confOption, envOption)
-	parser.FatalIfErrorf(err)
-}
+	initViper()
 
-func ExecuteWithArgs(args []string, options ...kong.Option) (*kong.Kong, *kong.Context, error) {
-	parser, ctx, err := ParseArgs(args, options...)
+	err = rootCmd.Execute()
 	if err != nil {
-		return parser, ctx, err
+		log.Errorf("%v", err)
+		os.Exit(1)
 	}
-	return parser, ctx, ctx.Run()
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ac4944473..ddbcc2b21 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -50,12 +50,12 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		ProjectDir:          cwd,
 		ProjectUrl:          url,
 		ProjectRef:          projectFlags.ProjectRef,
-		ProjectConfig:       projectFlags.ProjectConfig,
-		LocalClusters:       projectFlags.LocalClusters,
-		LocalDeployment:     projectFlags.LocalDeployment,
-		LocalSealedSecrets:  projectFlags.LocalSealedSecrets,
-		FromArchive:         projectFlags.FromArchive,
-		FromArchiveMetadata: projectFlags.FromArchiveMetadata,
+		ProjectConfig:       projectFlags.ProjectConfig.String(),
+		LocalClusters:       projectFlags.LocalClusters.String(),
+		LocalDeployment:     projectFlags.LocalDeployment.String(),
+		LocalSealedSecrets:  projectFlags.LocalSealedSecrets.String(),
+		FromArchive:         projectFlags.FromArchive.String(),
+		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
 		GitAuthProviders:    auth.NewDefaultAuthProviders(),
 	}
 
@@ -71,7 +71,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		if err != nil {
 			return err
 		}
-		err = ioutil.WriteFile(projectFlags.OutputMetadata, b, 0o640)
+		err = ioutil.WriteFile(projectFlags.OutputMetadata.String(), b, 0o640)
 		if err != nil {
 			return err
 		}
@@ -128,7 +128,7 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 		return err
 	}
 
-	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
+	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir.String()
 	if renderOutputDir == "" {
 		tmpDir, err := ioutil.TempDir(p.TmpDir, "rendered")
 		if err != nil {
diff --git a/go.mod b/go.mod
index ab56a0893..f432a9b25 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,6 @@ go 1.18
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
-	github.com/alecthomas/kong v0.5.0
 	github.com/aws/aws-sdk-go v1.44.1
 	github.com/bitnami-labs/sealed-secrets v0.17.5
 	github.com/docker/distribution v2.8.1+incompatible
@@ -28,6 +27,9 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/sirupsen/logrus v1.8.1
+	github.com/spf13/cobra v1.4.0
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.10.0
 	github.com/stretchr/testify v1.7.1
 	github.com/vbauerster/mpb/v7 v7.4.1
 	github.com/whilp/git-urls v1.0.0
@@ -36,6 +38,7 @@ require (
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
 	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
+	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	helm.sh/helm/v3 v3.8.2
 	k8s.io/api v0.24.0-rc.1
@@ -93,6 +96,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/gammazero/deque v0.1.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
@@ -115,6 +119,7 @@ require (
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
@@ -128,6 +133,7 @@ require (
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/lib/pq v1.10.5 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
@@ -135,6 +141,7 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.4.3 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -157,9 +164,10 @@ require (
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
-	github.com/spf13/cobra v1.4.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -168,7 +176,6 @@ require (
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
 	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -176,6 +183,7 @@ require (
 	google.golang.org/grpc v1.46.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiextensions-apiserver v0.23.6 // indirect
diff --git a/go.sum b/go.sum
index 492559201..3c91b81d5 100644
--- a/go.sum
+++ b/go.sum
@@ -153,10 +153,6 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpH
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
-github.com/alecthomas/kong v0.5.0 h1:u8Kdw+eeml93qtMZ04iei0CFYve/WPcA5IFh+9wSskE=
-github.com/alecthomas/kong v0.5.0/go.mod h1:uzxf/HUh0tj43x1AyJROl3JT7SgsZ5m+icOv1csRhc0=
-github.com/alecthomas/repr v0.0.0-20210801044451-80ca428c5142 h1:8Uy0oSf5co/NZXje7U1z8Mpep++QJOldL2hs/sBQf48=
-github.com/alecthomas/repr v0.0.0-20210801044451-80ca428c5142/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -764,6 +760,7 @@ github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
@@ -879,6 +876,7 @@ github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -952,6 +950,7 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
@@ -1175,6 +1174,7 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -1190,6 +1190,7 @@ github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi
 github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -1200,6 +1201,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
+github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk=
 github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
@@ -1217,6 +1219,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -1942,6 +1945,7 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 887e903bf..2d9333612 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -190,10 +190,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 	}
 	wg.Wait()
 
-	if len(errs) != 0 {
-		return utils.NewErrorList(errs)
-	}
-	return nil
+	return utils.NewErrorListOrNil(errs)
 }
 
 func (c *DeploymentCollection) LocalObjectsByRef() map[k8s2.ObjectRef]bool {
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index 92c184dda..9b702a378 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -106,8 +106,5 @@ func (dew *DeploymentErrorsAndWarnings) getPlainErrorsList() []error {
 
 func (dew *DeploymentErrorsAndWarnings) GetMultiError() error {
 	l := dew.getPlainErrorsList()
-	if len(l) == 0 {
-		return nil
-	}
-	return utils.NewErrorList(l)
+	return utils.NewErrorListOrNil(l)
 }
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 58f115727..bcdd6d4b3 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -161,7 +161,7 @@ func (j *Jinja2) RenderStruct(dst interface{}, src interface{}, vars *uo.Unstruc
 		}
 	}
 	if len(errors) != 0 {
-		return utils.NewErrorList(errors)
+		return utils.NewErrorListOrNil(errors)
 	}
 
 	err = m.ToStruct(dst)
@@ -277,9 +277,5 @@ func (j *Jinja2) RenderDirectory(rootDir string, searchDirs []string, relSourceD
 			return err
 		}
 	}
-	if len(errors) != 0 {
-		return utils.NewErrorList(errors)
-	}
-
-	return nil
+	return utils.NewErrorListOrNil(errors)
 }
diff --git a/pkg/utils/errorlist.go b/pkg/utils/errorlist.go
index 374564cc5..0191aa7d1 100644
--- a/pkg/utils/errorlist.go
+++ b/pkg/utils/errorlist.go
@@ -4,7 +4,10 @@ type errorList struct {
 	errors []error
 }
 
-func NewErrorList(errors []error) *errorList {
+func NewErrorListOrNil(errors []error) error {
+	if len(errors) == 0 {
+		return nil
+	}
 	return &errorList{errors: errors}
 }
 
diff --git a/pkg/utils/workerpool.go b/pkg/utils/workerpool.go
index 5621723e6..fe71e32b9 100644
--- a/pkg/utils/workerpool.go
+++ b/pkg/utils/workerpool.go
@@ -70,7 +70,7 @@ func (wp *WorkerPoolWithErrors) StopWait(restart bool) error {
 	if len(wp.errors) == 0 {
 		return nil
 	}
-	err := NewErrorList(wp.errors)
+	err := NewErrorListOrNil(wp.errors)
 	wp.errors = nil
 	return err
 }

From 5866bbfd209d13da3970888dfc4138eb3214457a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 10:58:27 +0200
Subject: [PATCH 0094/2268] fix: Only fetch when refs have changed

---
 pkg/git/mirrored_repo.go | 58 ++++++++++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 20 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index b6db9ed33..a5ec3a3ba 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -148,36 +148,54 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 	if err != nil {
 		return err
 	}
-	remoteRefsMap := make(map[plumbing.ReferenceName]bool)
+	remoteRefsMap := make(map[plumbing.ReferenceName]*plumbing.Reference)
 	for _, reference := range g.remoteRefs {
-		remoteRefsMap[reference.Name()] = true
-	}
-
-	err = remote.FetchContext(ctx, &git.FetchOptions{
-		Auth:     auth.AuthMethod,
-		CABundle: auth.CABundle,
-		Progress: os.Stdout,
-		Tags:     git.AllTags,
-		Force:    true,
-	})
-	if err != nil && err != git.NoErrAlreadyUpToDate {
-		return err
+		remoteRefsMap[reference.Name()] = reference
 	}
 
 	localRemoteRefs, err := r.References()
 	if err != nil {
 		return err
 	}
-	var toDelete []plumbing.Reference
-	err = localRemoteRefs.ForEach(func(reference *plumbing.Reference) error {
-		if _, ok := remoteRefsMap[reference.Name()]; !ok {
-			toDelete = append(toDelete, *reference)
-		}
+
+	localRemoteRefsMap := make(map[plumbing.ReferenceName]*plumbing.Reference)
+	_ = localRemoteRefs.ForEach(func(reference *plumbing.Reference) error {
+		localRemoteRefsMap[reference.Name()] = reference
 		return nil
 	})
-	if err != nil {
-		return err
+
+	var toDelete []*plumbing.Reference
+	changed := false
+	for name, ref := range remoteRefsMap {
+		if name.String() != "HEAD" && !strings.HasPrefix(name.String(), "refs/heads/") && !strings.HasPrefix(name.String(), "refs/tags/") {
+			// we only fetch branches and tags
+			continue
+		}
+		if x, ok := localRemoteRefsMap[name]; !ok {
+			changed = true
+		} else if *x != *ref {
+			changed = true
+		}
+	}
+	for name, ref := range localRemoteRefsMap {
+		if _, ok := remoteRefsMap[name]; !ok {
+			toDelete = append(toDelete, ref)
+		}
 	}
+
+	if changed {
+		err = remote.FetchContext(ctx, &git.FetchOptions{
+			Auth:     auth.AuthMethod,
+			CABundle: auth.CABundle,
+			Progress: os.Stdout,
+			Tags:     git.AllTags,
+			Force:    true,
+		})
+		if err != nil && err != git.NoErrAlreadyUpToDate {
+			return err
+		}
+	}
+
 	for _, ref := range toDelete {
 		err = r.Storer.RemoveReference(ref.Name())
 		if err != nil {

From 2cb9d8970e0349a25d6b43097c1b6c91ed4284dd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 11:35:21 +0200
Subject: [PATCH 0095/2268] feat: Allow to specify git cache update interval

---
 cmd/kluctl/args/project.go         |  3 +-
 cmd/kluctl/commands/utils.go       |  1 +
 pkg/git/mirrored_repo.go           | 76 +++++++++++++++++++++++-------
 pkg/kluctl_project/git.go          | 25 ++++++----
 pkg/kluctl_project/load_targets.go |  5 +-
 pkg/kluctl_project/project.go      |  3 ++
 6 files changed, 85 insertions(+), 28 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 167f04ea7..67da88a05 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -15,7 +15,8 @@ type ProjectFlags struct {
 	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
-	LoadTimeout time.Duration `group:"project" help:"Specify timeout for project loading. This will especially limit the time spent in git operations." default:"1m"`
+	LoadTimeout            time.Duration `group:"project" help:"Specify timeout for project loading. This will especially limit the time spent in git operations." default:"1m"`
+	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ddbcc2b21..39516c6f8 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -57,6 +57,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 		FromArchive:         projectFlags.FromArchive.String(),
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
 		GitAuthProviders:    auth.NewDefaultAuthProviders(),
+		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
 	}
 
 	loadCtx, cancel := context.WithDeadline(context.Background(), time.Now().Add(projectFlags.LoadTimeout))
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index a5ec3a3ba..0afba2cd9 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -26,8 +26,6 @@ type MirroredGitRepo struct {
 
 	hasUpdated bool
 	fileLock   *flock.Flock
-
-	remoteRefs []*plumbing.Reference
 }
 
 func NewMirroredGitRepo(u git_url.GitUrl) (*MirroredGitRepo, error) {
@@ -51,6 +49,10 @@ func (g *MirroredGitRepo) HasUpdated() bool {
 	return g.hasUpdated
 }
 
+func (g *MirroredGitRepo) SetUpdated(u bool) {
+	g.hasUpdated = u
+}
+
 func (g *MirroredGitRepo) Lock(ctx context.Context) error {
 	ok, err := g.fileLock.TryLockContext(ctx, time.Millisecond*100)
 	if err != nil {
@@ -87,24 +89,62 @@ func (g *MirroredGitRepo) MaybeWithLock(ctx context.Context, lock bool, cb func(
 	return cb()
 }
 
-func (g *MirroredGitRepo) RemoteRefHashesMap() map[string]string {
-	refs := make(map[string]string)
-	for _, r := range g.remoteRefs {
-		refs[r.Name().String()] = r.Hash().String()
+func (g *MirroredGitRepo) LastUpdateTime() time.Time {
+	s, err := ioutil.ReadFile(filepath.Join(g.mirrorDir, ".update-time"))
+	if err != nil {
+		return time.Time{}
 	}
-	return refs
+	t, err := time.Parse(time.RFC3339Nano, string(s))
+	if err != nil {
+		return time.Time{}
+	}
+	return t
 }
 
-func (g *MirroredGitRepo) DefaultRef() *string {
-	for _, ref := range g.remoteRefs {
-		if ref.Name() == "HEAD" {
-			if ref.Type() == plumbing.SymbolicReference {
-				s := string(ref.Target())
-				return &s
+func (g *MirroredGitRepo) RemoteRefHashesMap() (map[string]string, error) {
+	r, err := git.PlainOpen(g.mirrorDir)
+	if err != nil {
+		return nil, err
+	}
+
+	localRemoteRefs, err := r.References()
+	if err != nil {
+		return nil, err
+	}
+
+	refs := make(map[string]string)
+	err = localRemoteRefs.ForEach(func(reference *plumbing.Reference) error {
+		name := reference.Name().String()
+		hash := reference.Hash().String()
+		if reference.Hash().IsZero() {
+			reference, err = r.Reference(reference.Name(), true)
+			if err != nil {
+				return err
 			}
+			hash = reference.Hash().String()
 		}
+		refs[name] = hash
+		return nil
+	})
+	if err != nil {
+		return nil, err
 	}
-	return nil
+	return refs, nil
+}
+
+func (g *MirroredGitRepo) DefaultRef() *string {
+	r, err := git.PlainOpen(g.mirrorDir)
+	if err != nil {
+		return nil
+	}
+
+	ref, err := r.Reference("HEAD", false)
+	if err != nil {
+		return nil
+	}
+
+	s := ref.Target().String()
+	return &s
 }
 
 func (g *MirroredGitRepo) buildRepositoryObject() (*git.Repository, error) {
@@ -141,7 +181,7 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 		return err
 	}
 
-	g.remoteRefs, err = remote.ListContext(ctx, &git.ListOptions{
+	remoteRefs, err := remote.ListContext(ctx, &git.ListOptions{
 		Auth:     auth.AuthMethod,
 		CABundle: auth.CABundle,
 	})
@@ -149,7 +189,7 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 		return err
 	}
 	remoteRefsMap := make(map[plumbing.ReferenceName]*plumbing.Reference)
-	for _, reference := range g.remoteRefs {
+	for _, reference := range remoteRefs {
 		remoteRefsMap[reference.Name()] = reference
 	}
 
@@ -205,7 +245,7 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 
 	// update default branch, referenced via HEAD
 	// we assume that HEAD is a symbolic ref and don't care about old git versions
-	for _, ref := range g.remoteRefs {
+	for _, ref := range remoteRefs {
 		if ref.Name() == "HEAD" {
 			err = r.Storer.SetReference(ref)
 			if err != nil {
@@ -215,6 +255,8 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 		}
 	}
 
+	_ = ioutil.WriteFile(filepath.Join(g.mirrorDir, ".update-time"), []byte(time.Now().Format(time.RFC3339Nano)), 0644)
+
 	return nil
 }
 
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 3a6b56a00..23072f103 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -14,8 +14,20 @@ import (
 	"sort"
 	"strings"
 	"sync"
+	"time"
 )
 
+func (c *KluctlProjectContext) updateGitCache(ctx context.Context, mr *git.MirroredGitRepo) error {
+	if mr.HasUpdated() {
+		return nil
+	}
+	if time.Now().Sub(mr.LastUpdateTime()) <= c.loadArgs.GitUpdateInterval {
+		mr.SetUpdated(true)
+		return nil
+	}
+	return mr.Update(ctx, c.loadArgs.GitAuthProviders)
+}
+
 func (c *KluctlProjectContext) updateGitCaches(ctx context.Context) error {
 	var waitGroup sync.WaitGroup
 	var firstError error
@@ -31,10 +43,7 @@ func (c *KluctlProjectContext) updateGitCaches(ctx context.Context) error {
 
 	doUpdateRepo := func(repo *git.MirroredGitRepo) error {
 		return repo.WithLock(ctx, func() error {
-			if !repo.HasUpdated() {
-				return repo.Update(ctx, c.loadArgs.GitAuthProviders)
-			}
-			return nil
+			return c.updateGitCache(ctx, repo)
 		})
 	}
 	doUpdateGitProject := func(u git_url.GitUrl) error {
@@ -156,11 +165,9 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject t
 	}
 
 	err = mr.MaybeWithLock(ctx, doLock, func() error {
-		if !mr.HasUpdated() {
-			err = mr.Update(ctx, c.loadArgs.GitAuthProviders)
-			if err != nil {
-				return err
-			}
+		err := c.updateGitCache(ctx, mr)
+		if err != nil {
+			return err
 		}
 		return mr.CloneProject(ctx, gitProject.Project.Ref, targetDir)
 	})
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index bfafa94d5..ec20c2f0f 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -157,7 +157,10 @@ func (c *KluctlProjectContext) prepareDynamicTargetsExternal(baseTarget *types.T
 		targetConfigRef = defaultBranch
 	}
 
-	refs := mr.RemoteRefHashesMap()
+	refs, err := mr.RemoteRefHashesMap()
+	if err != nil {
+		return nil, err
+	}
 
 	if targetConfigRef != nil {
 		if _, ok := refs[fmt.Sprintf("refs/heads/%s", *targetConfigRef)]; !ok {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index bacb21ae2..dce44c7fc 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"regexp"
+	"time"
 )
 
 type LoadKluctlProjectArgs struct {
@@ -22,6 +23,8 @@ type LoadKluctlProjectArgs struct {
 	FromArchiveMetadata string
 
 	GitAuthProviders *auth2.GitAuthProviders
+
+	GitUpdateInterval time.Duration
 }
 
 type KluctlProjectContext struct {

From ec4dd0966b0a991fb9c42d6ee14461e6a968d5fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 11:42:36 +0200
Subject: [PATCH 0096/2268] feat: Implement completion for target names

---
 cmd/kluctl/commands/cobra_utils.go |  5 ++++
 cmd/kluctl/commands/completion.go  | 41 ++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 cmd/kluctl/commands/completion.go

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 083e07693..a339e2485 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -81,6 +81,11 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 		return nil, err
 	}
 
+	err = RegisterFlagCompletionFuncs(cmdStruct, cg.cmd)
+	if err != nil {
+		return nil, err
+	}
+
 	cg.cmd.SetHelpFunc(func(command *cobra.Command, i []string) {
 		c.helpFunc(cg)
 	})
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
new file mode 100644
index 000000000..971d33293
--- /dev/null
+++ b/cmd/kluctl/commands/completion.go
@@ -0,0 +1,41 @@
+package commands
+
+import (
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"reflect"
+	"time"
+)
+
+func RegisterFlagCompletionFuncs(cmd interface{}, ccmd *cobra.Command) error {
+	v := reflect.ValueOf(cmd).Elem()
+	projectFlags := v.FieldByName("ProjectFlags")
+	targetFlags := v.FieldByName("TargetFlags")
+
+	if projectFlags.IsValid() && targetFlags.IsValid() {
+		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
+	}
+
+	return nil
+}
+
+func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		var ret []string
+		// let's not update git caches too often
+		projectArgs.GitCacheUpdateInterval = time.Second * 60
+		err := withKluctlProjectFromArgs(*projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+			for _, t := range p.DynamicTargets {
+				ret = append(ret, t.Target.Name)
+			}
+			return nil
+		})
+		if err != nil {
+			log.Error(err)
+			return nil, cobra.ShellCompDirectiveError
+		}
+		return ret, cobra.ShellCompDirectiveDefault
+	}
+}

From 6fbd652f95383fde0d48fb4a4a0eb43dd87e2d1f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 11:45:14 +0200
Subject: [PATCH 0097/2268] build: Install shell completion via homebrew
 packages

---
 .goreleaser.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 20c4e885e..ea3c4cf97 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -116,3 +116,12 @@ brews:
       bin.install "kluctl"
     test: |
       system "#{bin}/kluctl version"
+
+      bash_output = Utils.safe_popen_read(bin/"kluctl", "completion", "bash")
+      (bash_completion/"kluctl").write bash_output
+
+      zsh_output = Utils.safe_popen_read(bin/"kluctl", "completion", "zsh")
+      (zsh_completion/"_kluctl").write zsh_output
+
+      fish_output = Utils.safe_popen_read(bin/"kluctl", "completion", "fish")
+      (fish_completion/"kluctl.fish").write fish_output

From 9cca84ea32492b35f6e22b35bb466d0270aaf147 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 11:56:56 +0200
Subject: [PATCH 0098/2268] feat: Implement autocompletion for file/dir based
 args

---
 cmd/kluctl/args/images.go          |  2 +-
 cmd/kluctl/args/project.go         |  6 +++---
 cmd/kluctl/commands/cobra_utils.go | 14 +++++++++++++-
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 3cdcdb9f7..70c681705 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -9,7 +9,7 @@ import (
 
 type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
-	FixedImagesFile existingFileType `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format"`
+	FixedImagesFile existingFileType `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
 	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
 }
 
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 67da88a05..81ea403fa 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -6,12 +6,12 @@ type ProjectFlags struct {
 	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
 
-	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yml config file. Defaults to $PROJECT/.kluctl.yml"`
+	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yml config file. Defaults to $PROJECT/.kluctl.yml" exts:"yml,yaml"`
 	LocalClusters       existingDirType  `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yml"`
 	LocalDeployment     existingDirType  `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yml"`
 	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" `
-	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents."`
-	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." `
+	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
+	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." exts:"yml,yaml"`
 	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index a339e2485..17ed89eee 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -151,7 +151,19 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 
 	switch v2.(type) {
 	case pflag.Value:
-		cg.cmd.PersistentFlags().VarPF(v2.(pflag.Value), name, shortFlag, help)
+		v3 := v2.(pflag.Value)
+		cg.cmd.PersistentFlags().VarP(v3, name, shortFlag, help)
+		switch v3.Type() {
+		case "existingfile":
+			exts := strings.Split(f.Tag.Get("exts"), ",")
+			_ = cg.cmd.MarkPersistentFlagFilename(name, exts...)
+		case "existingdir":
+			_ = cg.cmd.MarkPersistentFlagDirname(name)
+		case "existingpath":
+			exts := strings.Split(f.Tag.Get("exts"), ",")
+			_ = cg.cmd.MarkPersistentFlagFilename(name, exts...)
+			_ = cg.cmd.MarkPersistentFlagDirname(name)
+		}
 	case *string:
 		cg.cmd.PersistentFlags().StringVarP(v2.(*string), name, shortFlag, defaultValue, help)
 	case *[]string:

From 7e5136fc6f6b5e9cc6dd9b1e60df4d5405580931 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 12:23:45 +0200
Subject: [PATCH 0099/2268] feat: Implement autocompletion for --cluster

---
 cmd/kluctl/commands/completion.go | 48 +++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 971d33293..80bffe0c5 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -3,8 +3,12 @@ package commands
 import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"os"
+	"path/filepath"
 	"reflect"
 	"time"
 )
@@ -14,6 +18,10 @@ func RegisterFlagCompletionFuncs(cmd interface{}, ccmd *cobra.Command) error {
 	projectFlags := v.FieldByName("ProjectFlags")
 	targetFlags := v.FieldByName("TargetFlags")
 
+	if projectFlags.IsValid() {
+		_ = ccmd.RegisterFlagCompletionFunc("cluster", buildClusterCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
+	}
+
 	if projectFlags.IsValid() && targetFlags.IsValid() {
 		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
 	}
@@ -21,12 +29,46 @@ func RegisterFlagCompletionFuncs(cmd interface{}, ccmd *cobra.Command) error {
 	return nil
 }
 
+func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
+	// let's not update git caches too often
+	projectArgs.GitCacheUpdateInterval = time.Second * 60
+	return withKluctlProjectFromArgs(*projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+		return cb(p)
+	})
+}
+
+func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		var ret []string
+		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+			dents, err := os.ReadDir(p.ClustersDir)
+			if err != nil {
+				return err
+			}
+			for _, de := range dents {
+				var config types.ClusterConfig
+				err = yaml.ReadYamlFile(filepath.Join(p.ClustersDir, de.Name()), &config)
+				if err != nil {
+					continue
+				}
+				if config.Cluster.Name != "" {
+					ret = append(ret, config.Cluster.Name)
+				}
+			}
+			return nil
+		})
+		if err != nil {
+			log.Error(err)
+			return nil, cobra.ShellCompDirectiveError
+		}
+		return ret, cobra.ShellCompDirectiveDefault
+	}
+}
+
 func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		// let's not update git caches too often
-		projectArgs.GitCacheUpdateInterval = time.Second * 60
-		err := withKluctlProjectFromArgs(*projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
 			for _, t := range p.DynamicTargets {
 				ret = append(ret, t.Target.Name)
 			}

From 99f76680c55ecaffd7efb7c801cfa533e3c2fef7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 14:20:44 +0200
Subject: [PATCH 0100/2268] feat: Implement autocompletion for inclusion flags

---
 cmd/kluctl/commands/cmd_seal.go      |  3 +-
 cmd/kluctl/commands/completion.go    | 91 +++++++++++++++++++++++++++-
 cmd/kluctl/commands/utils.go         | 16 +++--
 pkg/deployment/deployment_item.go    | 31 +++++-----
 pkg/deployment/deployment_project.go |  8 +--
 pkg/jinja2/vars.go                   |  4 ++
 pkg/kluctl_project/target_context.go |  9 ++-
 pkg/utils/ordered_map.go             | 12 ++++
 8 files changed, 140 insertions(+), 34 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 185c07f44..ce918cf90 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -67,11 +67,12 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext,
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,
+		forSeal:      true,
 	}
 	ptArgs.targetFlags.Target = targetName
 
 	// pass forSeal=True so that .sealme files are rendered as well
-	return withProjectTargetCommandContext(ptArgs, p, true, func(ctx *commandCtx) error {
+	return withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
 		err := loadSecrets(ctx, ctx.targetCtx.Target, secretsLoader)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 80bffe0c5..fcc341c2c 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -4,19 +4,22 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"os"
 	"path/filepath"
 	"reflect"
+	"sync"
 	"time"
 )
 
-func RegisterFlagCompletionFuncs(cmd interface{}, ccmd *cobra.Command) error {
-	v := reflect.ValueOf(cmd).Elem()
+func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) error {
+	v := reflect.ValueOf(cmdStruct).Elem()
 	projectFlags := v.FieldByName("ProjectFlags")
 	targetFlags := v.FieldByName("TargetFlags")
+	inclusionFlags := v.FieldByName("InclusionFlags")
 
 	if projectFlags.IsValid() {
 		_ = ccmd.RegisterFlagCompletionFunc("cluster", buildClusterCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
@@ -26,6 +29,15 @@ func RegisterFlagCompletionFuncs(cmd interface{}, ccmd *cobra.Command) error {
 		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
 	}
 
+	if projectFlags.IsValid() && inclusionFlags.IsValid() {
+		tagsFunc := buildInclusionCompletionFunc(cmdStruct, false)
+		dirsFunc := buildInclusionCompletionFunc(cmdStruct, true)
+		_ = ccmd.RegisterFlagCompletionFunc("include-tag", tagsFunc)
+		_ = ccmd.RegisterFlagCompletionFunc("exclude-tag", tagsFunc)
+		_ = ccmd.RegisterFlagCompletionFunc("include-deployment-dir", dirsFunc)
+		_ = ccmd.RegisterFlagCompletionFunc("exclude-deployment-dir", dirsFunc)
+	}
+
 	return nil
 }
 
@@ -81,3 +93,78 @@ func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.C
 		return ret, cobra.ShellCompDirectiveDefault
 	}
 }
+
+func buildAutocompleteProjectTargetCommandArgs(cmdStruct interface{}) projectTargetCommandArgs {
+	ptArgs := projectTargetCommandArgs{}
+
+	cmdV := reflect.ValueOf(cmdStruct).Elem()
+	if cmdV.FieldByName("ProjectFlags").IsValid() {
+		ptArgs.projectFlags = cmdV.FieldByName("ProjectFlags").Interface().(args.ProjectFlags)
+	}
+	if cmdV.FieldByName("TargetFlags").IsValid() {
+		ptArgs.targetFlags = cmdV.FieldByName("TargetFlags").Interface().(args.TargetFlags)
+	}
+	if cmdV.FieldByName("ArgsFlags").IsValid() {
+		ptArgs.argsFlags = cmdV.FieldByName("ArgsFlags").Interface().(args.ArgsFlags)
+	}
+	if cmdV.FieldByName("ImageFlags").IsValid() {
+		ptArgs.imageFlags = cmdV.FieldByName("ImageFlags").Interface().(args.ImageFlags)
+	}
+	if cmdV.FieldByName("InclusionFlags").IsValid() {
+		ptArgs.inclusionFlags = cmdV.FieldByName("InclusionFlags").Interface().(args.InclusionFlags)
+	}
+
+	ptArgs.forCompletion = true
+	return ptArgs
+}
+
+func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
+
+		var tags utils.OrderedMap
+		var deploymentItemDirs utils.OrderedMap
+		var mutex sync.Mutex
+
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+			var targets []string
+			if ptArgs.targetFlags.Target == "" {
+				for _, t := range p.DynamicTargets {
+					targets = append(targets, t.Target.Name)
+				}
+			} else {
+				targets = append(targets, ptArgs.targetFlags.Target)
+			}
+
+			var wg sync.WaitGroup
+			for _, t := range targets {
+				ptArgs := ptArgs
+				ptArgs.targetFlags.Target = t
+				wg.Add(1)
+				go func() {
+					_ = withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
+						mutex.Lock()
+						defer mutex.Unlock()
+						for _, di := range ctx.targetCtx.DeploymentCollection.Deployments {
+							tags.Merge(di.Tags)
+							deploymentItemDirs.Set(di.RelToRootItemDir, true)
+						}
+						return nil
+					})
+					wg.Done()
+				}()
+			}
+			wg.Wait()
+			return nil
+		})
+		if err != nil {
+			log.Error(err)
+			return nil, cobra.ShellCompDirectiveError
+		}
+		if forDirs {
+			return deploymentItemDirs.ListKeys(), cobra.ShellCompDirectiveDefault
+		} else {
+			return tags.ListKeys(), cobra.ShellCompDirectiveDefault
+		}
+	}
+}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 39516c6f8..a3ba20d4c 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -88,6 +88,9 @@ type projectTargetCommandArgs struct {
 	inclusionFlags       args.InclusionFlags
 	dryRunArgs           *args.DryRunFlags
 	renderOutputDirFlags args.RenderOutputDirFlags
+
+	forSeal       bool
+	forCompletion bool
 }
 
 type commandCtx struct {
@@ -97,11 +100,11 @@ type commandCtx struct {
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
 	return withKluctlProjectFromArgs(args.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
-		return withProjectTargetCommandContext(args, p, false, cb)
+		return withProjectTargetCommandContext(args, p, cb)
 	})
 }
 
-func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, forSeal bool, cb func(ctx *commandCtx) error) error {
+func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, cb func(ctx *commandCtx) error) error {
 	rh := registries.NewRegistryHelper()
 	err := rh.ParseAuthEntriesFromEnv()
 	if err != nil {
@@ -140,20 +143,23 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 	}
 
 	clientConfigGetter := func(context string) (*rest.Config, error) {
+		if args.forCompletion {
+			return nil, nil
+		}
 		configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
 		configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
 		return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
 	}
 
 	ctx, err := p.NewTargetContext(clientConfigGetter, args.targetFlags.Target, args.projectFlags.Cluster,
-		args.dryRunArgs == nil || args.dryRunArgs.DryRun,
-		optionArgs, forSeal, images, inclusion,
+		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
+		optionArgs, args.forSeal, images, inclusion,
 		renderOutputDir)
 	if err != nil {
 		return err
 	}
 
-	if !forSeal {
+	if !args.forSeal && !args.forCompletion {
 		err = ctx.DeploymentCollection.Prepare(ctx.K)
 		if err != nil {
 			return err
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index e723c480e..57e9eea52 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -33,9 +33,10 @@ type DeploymentItem struct {
 	WaitReadiness bool
 
 	Objects []*uo.UnstructuredObject
+	Tags    *utils.OrderedMap
 
 	relProjectDir       string
-	relToRootItemDir    string
+	RelToRootItemDir    string
 	RelToProjectItemDir string
 	relRenderedDir      string
 	renderedDir         string
@@ -53,6 +54,10 @@ func NewDeploymentItem(project *DeploymentProject, collection *DeploymentCollect
 
 	var err error
 
+	// collect tags
+	di.Tags = di.Project.getTags()
+	di.Tags.SetMultiple(di.Config.Tags, true)
+
 	rootProject := di.Project.getRootProject()
 
 	di.relProjectDir, err = filepath.Rel(rootProject.dir, di.Project.dir)
@@ -61,17 +66,17 @@ func NewDeploymentItem(project *DeploymentProject, collection *DeploymentCollect
 	}
 
 	if di.dir != nil {
-		di.relToRootItemDir, err = filepath.Rel(rootProject.dir, *di.dir)
+		di.RelToRootItemDir, err = filepath.Rel(rootProject.dir, *di.dir)
 		if err != nil {
 			return nil, err
 		}
 
-		di.RelToProjectItemDir, err = filepath.Rel(di.relProjectDir, di.relToRootItemDir)
+		di.RelToProjectItemDir, err = filepath.Rel(di.relProjectDir, di.RelToRootItemDir)
 		if err != nil {
 			return nil, err
 		}
 
-		di.relRenderedDir = di.relToRootItemDir
+		di.relRenderedDir = di.RelToRootItemDir
 		if di.index != 0 {
 			di.relRenderedDir = fmt.Sprintf("%s-%d", di.relRenderedDir, di.index)
 		}
@@ -85,7 +90,7 @@ func NewDeploymentItem(project *DeploymentProject, collection *DeploymentCollect
 func (di *DeploymentItem) getCommonLabels() map[string]string {
 	l := di.Project.GetCommonLabels()
 	i := 0
-	for _, t := range di.getTags().ListKeys() {
+	for _, t := range di.Tags.ListKeys() {
 		l[fmt.Sprintf("kluctl.io/tag-%d", i)] = t
 		i += 1
 	}
@@ -95,7 +100,7 @@ func (di *DeploymentItem) getCommonLabels() map[string]string {
 func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	// TODO change it to kluctl.io/deployment_dir
 	a := map[string]string{
-		"kluctl.io/kustomize_dir": strings.ReplaceAll(di.relToRootItemDir, string(os.PathSeparator), "/"),
+		"kluctl.io/kustomize_dir": strings.ReplaceAll(di.RelToRootItemDir, string(os.PathSeparator), "/"),
 	}
 	if di.Config.SkipDeleteIfTags != nil && *di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
@@ -239,21 +244,13 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 	return nil
 }
 
-func (di *DeploymentItem) getTags() *utils.OrderedMap {
-	tags := di.Project.getTags()
-	for _, t := range di.Config.Tags {
-		tags.Set(t, true)
-	}
-	return tags
-}
-
 func (di *DeploymentItem) buildInclusionEntries() []utils.InclusionEntry {
 	var values []utils.InclusionEntry
-	for _, t := range di.getTags().ListKeys() {
+	for _, t := range di.Tags.ListKeys() {
 		values = append(values, utils.InclusionEntry{Type: "tag", Value: t})
 	}
 	if di.dir != nil {
-		dir := strings.ReplaceAll(di.relToRootItemDir, string(os.PathSeparator), "/")
+		dir := strings.ReplaceAll(di.RelToRootItemDir, string(os.PathSeparator), "/")
 		values = append(values, utils.InclusionEntry{Type: "deploymentItemDir", Value: dir})
 	}
 	return values
@@ -388,7 +385,7 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 			o.SetK8sAnnotations(uo.CopyMergeStrMap(o.GetK8sAnnotations(), commonAnnotations))
 
 			// Resolve image placeholders
-			err = images.ResolvePlaceholders(k, o, di.relRenderedDir, di.getTags().ListKeys())
+			err = images.ResolvePlaceholders(k, o, di.relRenderedDir, di.Tags.ListKeys())
 			if err != nil {
 				return err
 			}
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 8193ff13d..fe093ab20 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -284,13 +284,9 @@ func (p *DeploymentProject) getTags() *utils.OrderedMap {
 	var tags utils.OrderedMap
 	for _, e := range p.getParents() {
 		if e.inc != nil {
-			for _, t := range e.inc.Tags {
-				tags.Set(t, true)
-			}
-		}
-		for _, t := range e.p.Config.Tags {
-			tags.Set(t, true)
+			tags.SetMultiple(e.inc.Tags, true)
 		}
+		tags.SetMultiple(e.p.Config.Tags, true)
 	}
 	return &tags
 }
diff --git a/pkg/jinja2/vars.go b/pkg/jinja2/vars.go
index 1c42f4c38..75dc2af49 100644
--- a/pkg/jinja2/vars.go
+++ b/pkg/jinja2/vars.go
@@ -87,6 +87,10 @@ func (vc *VarsCtx) loadVarsFile(p string, searchDirs []string) error {
 }
 
 func (vc *VarsCtx) loadVarsFromK8sObject(k *k8s.K8sCluster, ref k8s2.ObjectRef, key string) error {
+	if k == nil {
+		return nil
+	}
+
 	o, _, err := k.GetSingleObject(ref)
 	if err != nil {
 		return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 29b662338..745b55131 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -57,9 +57,12 @@ func (p *KluctlProjectContext) NewTargetContext(clientConfigGetter func(context
 		return nil, err
 	}
 
-	k, err := k8s.NewK8sCluster(clientConfig, dryRun)
-	if err != nil {
-		return nil, err
+	var k *k8s.K8sCluster
+	if clientConfig != nil {
+		k, err = k8s.NewK8sCluster(clientConfig, dryRun)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	varsCtx := jinja2.NewVarsCtx(p.J2)
diff --git a/pkg/utils/ordered_map.go b/pkg/utils/ordered_map.go
index ab845989e..b19de7aff 100644
--- a/pkg/utils/ordered_map.go
+++ b/pkg/utils/ordered_map.go
@@ -23,6 +23,12 @@ func (s *OrderedMap) Set(k string, v interface{}) bool {
 	return true
 }
 
+func (s *OrderedMap) SetMultiple(k []string, v interface{}) {
+	for _, x := range k {
+		s.Set(x, v)
+	}
+}
+
 func (s *OrderedMap) Has(v string) bool {
 	_, ok := s.m[v]
 	return ok
@@ -51,3 +57,9 @@ func (s *OrderedMap) ListValues() []interface{} {
 	}
 	return l
 }
+
+func (s *OrderedMap) Merge(other *OrderedMap) {
+	for _, e := range other.l {
+		s.Set(e.k, e.v)
+	}
+}

From 15fa6405d70c1ac182d77d775326859ef99bb997 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 15:50:26 +0200
Subject: [PATCH 0101/2268] fix: Fix crash when parsing --fixed-image

---
 cmd/kluctl/args/images.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 70c681705..f9eb511be 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -49,13 +49,13 @@ func buildFixedImageEntryFromArg(arg string) (*types.FixedImage, error) {
 	}
 
 	if len(s) >= 2 {
-		e.Namespace = &s[2]
+		e.Namespace = &s[1]
 	}
 	if len(s) >= 3 {
-		e.Deployment = &s[3]
+		e.Deployment = &s[2]
 	}
 	if len(s) >= 4 {
-		e.Container = &s[4]
+		e.Container = &s[3]
 	}
 	if len(s) >= 5 {
 		return nil, fmt.Errorf("--fixed-image expects 'image<:namespace:deployment:container>=result'")

From 37ee758723c0d207bfd81fb03cbd1db7c1dc73ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 15:51:12 +0200
Subject: [PATCH 0102/2268] feat: Allow non-strict template rendering

---
 pkg/jinja2/jinja2.go                     | 10 +++++--
 pkg/jinja2/jinja2_renderer.go            |  4 ++-
 pkg/jinja2/python_src/jinja2_renderer.py | 34 +++++++++++++++++-------
 pkg/jinja2/python_src/main.py            |  4 +--
 4 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index bcdd6d4b3..fa04d3cd7 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -17,6 +17,7 @@ var paralellism = 4
 
 type Jinja2 struct {
 	pj        chan *pythonJinja2Renderer
+	strict    bool
 	globCache map[string]interface{}
 	mutex     sync.Mutex
 }
@@ -44,6 +45,7 @@ func NewJinja2() (*Jinja2, error) {
 
 	j := &Jinja2{
 		pj:        make(chan *pythonJinja2Renderer, paralellism),
+		strict:    true,
 		globCache: map[string]interface{}{},
 	}
 
@@ -76,16 +78,20 @@ func (j *Jinja2) Close() {
 	}
 }
 
+func (j *Jinja2) SetStrict(strict bool) {
+	j.strict = strict
+}
+
 func (j *Jinja2) RenderStrings(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject) error {
 	pj := <-j.pj
 	defer func() { j.pj <- pj }()
-	return pj.renderHelper(jobs, searchDirs, vars, true)
+	return pj.renderHelper(jobs, searchDirs, vars, true, j.strict)
 }
 
 func (j *Jinja2) RenderFiles(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject) error {
 	pj := <-j.pj
 	defer func() { j.pj <- pj }()
-	return pj.renderHelper(jobs, searchDirs, vars, false)
+	return pj.renderHelper(jobs, searchDirs, vars, false, j.strict)
 }
 
 func (j *Jinja2) RenderString(template string, searchDirs []string, vars *uo.UnstructuredObject) (string, error) {
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index e3299137f..f52869396 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -108,6 +108,7 @@ type jinja2Args struct {
 	Templates  []string `json:"templates"`
 	SearchDirs []string `json:"searchDirs"`
 	Vars       string   `json:"vars"`
+	Strict     bool     `json:"strict"`
 }
 
 type jinja2Result struct {
@@ -115,7 +116,7 @@ type jinja2Result struct {
 	Error  *string `json:"error,omitempty"`
 }
 
-func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject, isString bool) error {
+func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject, isString bool, strict bool) error {
 	varsStr, err := json.Marshal(vars.Object)
 	if err != nil {
 		return err
@@ -131,6 +132,7 @@ func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []stri
 	}
 	jargs.Vars = string(varsStr)
 	jargs.SearchDirs = searchDirs
+	jargs.Strict = strict
 
 	for _, job := range jobs {
 		if ist, r := j.isMaybeTemplate(job.Template, searchDirs, isString); !ist {
diff --git a/pkg/jinja2/python_src/jinja2_renderer.py b/pkg/jinja2/python_src/jinja2_renderer.py
index b5ca3411e..735379917 100644
--- a/pkg/jinja2/python_src/jinja2_renderer.py
+++ b/pkg/jinja2/python_src/jinja2_renderer.py
@@ -1,7 +1,7 @@
 import base64
 import json
 
-from jinja2 import StrictUndefined, FileSystemLoader
+from jinja2 import StrictUndefined, FileSystemLoader, ChainableUndefined
 
 from dict_utils import merge_dict
 from jinja2_cache import KluctlBytecodeCache
@@ -13,6 +13,21 @@
 end_placeholder = "_end_get_imageXXXXX"
 
 
+class NullUndefined(ChainableUndefined):
+    def _return_self(self, other):
+        return self
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _return_self
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _return_self
+    __truediv__ = __rtruediv__ = _return_self
+    __floordiv__ = __rfloordiv__ = _return_self
+    __mod__ = __rmod__ = _return_self
+    __pos__ = __neg__ = _return_self
+    __call__ = __getitem__ = _return_self
+    __lt__ = __le__ = __gt__ = __ge__ = _return_self
+    __int__ = __float__ = __complex__ = _return_self
+    __pow__ = __rpow__ = _return_self
+
 class Jinja2Renderer:
 
     def get_image_wrapper(self, image, latest_version=None):
@@ -53,12 +68,13 @@ def regex(r):
         }
         return vars
 
-    def build_env(self, vars_str, search_dirs):
+    def build_env(self, vars_str, search_dirs, strict):
         vars = json.loads(vars_str)
         image_vars = self.build_images_vars()
         merge_dict(vars, image_vars, clone=False)
 
-        environment = KluctlJinja2Environment(loader=FileSystemLoader(search_dirs), undefined=StrictUndefined,
+        environment = KluctlJinja2Environment(loader=FileSystemLoader(search_dirs),
+                                              undefined=StrictUndefined if strict else NullUndefined,
                                               cache_size=10000,
                                               bytecode_cache=jinja2_cache, auto_reload=False)
         merge_dict(environment.globals, vars, clone=False)
@@ -66,8 +82,8 @@ def build_env(self, vars_str, search_dirs):
         add_jinja2_filters(environment)
         return environment
 
-    def render_helper(self, templates, search_dirs, vars, is_string):
-        env = self.build_env(vars, search_dirs)
+    def render_helper(self, templates, search_dirs, vars, is_string, strict):
+        env = self.build_env(vars, search_dirs, strict)
 
         result = []
 
@@ -87,17 +103,17 @@ def render_helper(self, templates, search_dirs, vars, is_string):
 
         return result
 
-    def RenderStrings(self, templates, search_dirs, vars):
+    def RenderStrings(self, templates, search_dirs, vars, strict):
         try:
-            return self.render_helper(templates, search_dirs, vars, True)
+            return self.render_helper(templates, search_dirs, vars, True, strict)
         except Exception as e:
             return [{
                 "error": str(e)
             }] * len(templates)
 
-    def RenderFiles(self, templates, search_dirs, vars):
+    def RenderFiles(self, templates, search_dirs, vars, strict):
         try:
-            return self.render_helper(templates, search_dirs, vars, False)
+            return self.render_helper(templates, search_dirs, vars, False, strict)
         except Exception as e:
             return [{
                 "error": str(e)
diff --git a/pkg/jinja2/python_src/main.py b/pkg/jinja2/python_src/main.py
index c1d7e54be..4f35ec9b7 100644
--- a/pkg/jinja2/python_src/main.py
+++ b/pkg/jinja2/python_src/main.py
@@ -14,9 +14,9 @@ def main():
         args = json.loads(args)
 
         if args["cmd"] == "render-strings":
-            result = r.RenderStrings(args["templates"], args["searchDirs"] or [], args["vars"])
+            result = r.RenderStrings(args["templates"], args["searchDirs"] or [], args["vars"], args["strict"])
         elif args["cmd"] == "render-files":
-            result = r.RenderFiles(args["templates"], args["searchDirs"] or [], args["vars"])
+            result = r.RenderFiles(args["templates"], args["searchDirs"] or [], args["vars"], args["strict"])
         elif args["cmd"] == "exit":
             break
         else:

From cf96fef8afecc6c551ee788eba208d1fc80bb764 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:01:15 +0200
Subject: [PATCH 0103/2268] fix: Allow offline rendering (images and k8s)

---
 cmd/kluctl/commands/utils.go |  2 +-
 pkg/deployment/helm_chart.go | 33 ++++++++++++++++++++-------------
 pkg/deployment/images.go     |  8 +++++++-
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a3ba20d4c..9ac8ac5f5 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -110,7 +110,7 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 	if err != nil {
 		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
 	}
-	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages)
+	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.forCompletion)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 343c87b19..23a89200f 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -179,11 +179,13 @@ func (c *helmChart) doRender(k *k8s.K8sCluster) error {
 	valuesPath := yaml.FixPathExt(filepath.Join(dir, "helm-values.yml"))
 	outputPath := filepath.Join(dir, c.Config.Output)
 
-	gvs, err := k.GetAllGroupVersions()
-	if err != nil {
-		return err
+	var gvs []string
+	if k != nil {
+		gvs, err = k.GetAllGroupVersions()
+		if err != nil {
+			return err
+		}
 	}
-
 	cfg, err := c.buildHelmConfig()
 	if err != nil {
 		return err
@@ -194,9 +196,12 @@ func (c *helmChart) doRender(k *k8s.K8sCluster) error {
 		ValueFiles: []string{valuesPath},
 	}
 
-	kubeVersion, err := chartutil.ParseKubeVersion(k.ServerVersion.String())
-	if err != nil {
-		return err
+	var kubeVersion *chartutil.KubeVersion
+	if k != nil {
+		kubeVersion, err = chartutil.ParseKubeVersion(k.ServerVersion.String())
+		if err != nil {
+			return err
+		}
 	}
 
 	namespace := "default"
@@ -284,12 +289,14 @@ func (c *helmChart) doRender(k *k8s.K8sCluster) error {
 	for _, o := range parsed {
 		// "helm install" will deploy resources to the given namespace automatically, but "helm template" does not
 		// add the necessary namespace in the rendered resources
-		err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-			k.FixNamespace(o, namespace)
-			return nil
-		})
-		if err != nil {
-			return err
+		if k != nil {
+			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
+				k.FixNamespace(o, namespace)
+				return nil
+			})
+			if err != nil {
+				return err
+			}
 		}
 		fixed = append(fixed, o)
 	}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 076a211a6..38d663216 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -20,6 +20,7 @@ import (
 type Images struct {
 	rh           *registries.RegistryHelper
 	updateImages bool
+	offline      bool
 	fixedImages  []types.FixedImage
 	seenImages   []types.FixedImage
 	mutex        sync.Mutex
@@ -27,10 +28,11 @@ type Images struct {
 	registryCache utils.ThreadSafeMultiCache
 }
 
-func NewImages(rh *registries.RegistryHelper, updateImages bool) (*Images, error) {
+func NewImages(rh *registries.RegistryHelper, updateImages bool, offline bool) (*Images, error) {
 	return &Images{
 		rh:           rh,
 		updateImages: updateImages,
+		offline:      offline,
 	}, nil
 }
 
@@ -74,6 +76,10 @@ func (images *Images) GetFixedImage(image string, namespace string, deployment s
 }
 
 func (images *Images) GetLatestImageFromRegistry(image string, latestVersion string) (*string, error) {
+	if images.offline {
+		return nil, nil
+	}
+
 	ret, err := images.registryCache.Get(image, "tag", func() (interface{}, error) {
 		return images.rh.ListImageTags(image)
 	})

From 54be2a55275e848dcb0c83941d5f08af9383945e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:01:37 +0200
Subject: [PATCH 0104/2268] f strict

---
 cmd/kluctl/commands/cmd_archive.go      | 2 +-
 cmd/kluctl/commands/cmd_list_targets.go | 2 +-
 cmd/kluctl/commands/cmd_seal.go         | 2 +-
 cmd/kluctl/commands/utils.go            | 6 ++++--
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index bcbeb9f42..5c5325613 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -16,7 +16,7 @@ func (cmd *archiveCmd) Help() string {
 }
 
 func (cmd *archiveCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
 		return p.CreateTGZArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 29f9036f3..ba4493622 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -16,7 +16,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index ce918cf90..d840403d0 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -119,7 +119,7 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext,
 }
 
 func (cmd *sealCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
 		hadError := false
 
 		secretsLoader := seal.NewSecretsLoader(p, cmd.SecretsDir)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 9ac8ac5f5..3d0d860de 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -19,7 +19,7 @@ import (
 	"time"
 )
 
-func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
+func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(p *kluctl_project.KluctlProjectContext) error) error {
 	var url *git_url.GitUrl
 	if projectFlags.ProjectUrl != "" {
 		var err error
@@ -41,6 +41,8 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, cb func(p *kluctl
 	}
 	defer j2.Close()
 
+	j2.SetStrict(strictTemplates)
+
 	cwd, err := os.Getwd()
 	if err != nil {
 		return err
@@ -99,7 +101,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(args.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(args.projectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
 		return withProjectTargetCommandContext(args, p, cb)
 	})
 }

From fd49ddb0545a9d4ac6271191fb06bd2c3c438fc2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:01:58 +0200
Subject: [PATCH 0105/2268] fix: Continue on errors in
 postprocessAndLoadObjects

---
 pkg/deployment/deployment_item.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 57e9eea52..336dff69c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -373,12 +373,15 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 		di.Objects = append(di.Objects, uo.FromMap(m))
 	}
 
+	var errList []error
 	for _, o := range di.Objects {
 		commonLabels := di.getCommonLabels()
 		commonAnnotations := di.getCommonAnnotations()
 
-		err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-			k.FixNamespace(o, "default")
+		_ = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
+			if k != nil {
+				k.FixNamespace(o, "default")
+			}
 
 			// Set common labels/annotations
 			o.SetK8sLabels(uo.CopyMergeStrMap(o.GetK8sLabels(), commonLabels))
@@ -387,13 +390,14 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 			// Resolve image placeholders
 			err = images.ResolvePlaceholders(k, o, di.relRenderedDir, di.Tags.ListKeys())
 			if err != nil {
-				return err
+				errList = append(errList, err)
 			}
 			return nil
 		})
-		if err != nil {
-			return err
-		}
+	}
+
+	if len(errList) != 0 {
+		return utils.NewErrorListOrNil(errList)
 	}
 
 	// Need to write it back to disk in case it is needed externally

From bdb95ddc6ee02393baa6de6b134f0e59e9d975ae Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:02:24 +0200
Subject: [PATCH 0106/2268] fix: Record seenImages even if resolving failed

---
 pkg/deployment/images.go | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 38d663216..1becba949 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -239,23 +239,23 @@ func (images *Images) resolveImage(ph *placeHolder, ref k8s2.ObjectRef, deployme
 		result = fixed
 	}
 
+	si := types.FixedImage{
+		Image:         ph.Image,
+		DeployedImage: deployed,
+		RegistryImage: registry,
+		Namespace:     &ref.Namespace,
+		Object:        &ref,
+		Deployment:    &deployment,
+		Container:     &ph.Container,
+		VersionFilter: &ph.LatestVersion,
+		DeployTags:    tags,
+		DeploymentDir: &deploymentDir,
+	}
 	if result != nil {
-		si := types.FixedImage{
-			Image:         ph.Image,
-			ResultImage:   *result,
-			DeployedImage: deployed,
-			RegistryImage: registry,
-			Namespace:     &ref.Namespace,
-			Object:        &ref,
-			Deployment:    &deployment,
-			Container:     &container,
-			VersionFilter: &ph.LatestVersion,
-			DeployTags:    tags,
-			DeploymentDir: &deploymentDir,
-		}
-		images.mutex.Lock()
-		images.seenImages = append(images.seenImages, si)
-		images.mutex.Unlock()
+		si.ResultImage = *result
 	}
+	images.mutex.Lock()
+	images.seenImages = append(images.seenImages, si)
+	images.mutex.Unlock()
 	return result, nil
 }

From 286fa24d032bfd3b8ef44b80b67491f3b5672ec5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:02:47 +0200
Subject: [PATCH 0107/2268] refactor: Split ResolvePlaceholders into
 ResolvePlaceholders and FindPlaceholders

---
 pkg/deployment/images.go        | 105 +++++++++++++++++++-------------
 pkg/utils/uo/object_iterator.go |   6 ++
 2 files changed, 70 insertions(+), 41 deletions(-)

diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 1becba949..517087561 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -114,8 +114,12 @@ type placeHolder struct {
 	Image         string `yaml:"image"`
 	LatestVersion string `yaml:"latestVersion"`
 
-	startOffset int
-	endOffset   int
+	Container string
+
+	FieldPath   []interface{}
+	FieldValue  string
+	StartOffset int
+	EndOffset   int
 }
 
 func (images *Images) parsePlaceholder(s string, offset int) (*placeHolder, error) {
@@ -137,8 +141,9 @@ func (images *Images) parsePlaceholder(s string, offset int) (*placeHolder, erro
 	if err != nil {
 		return nil, err
 	}
-	ph.startOffset = start
-	ph.endOffset = end + len(endPlaceholder)
+	ph.FieldValue = s
+	ph.StartOffset = start
+	ph.EndOffset = end + len(endPlaceholder)
 
 	return &ph, nil
 }
@@ -155,19 +160,15 @@ func (images *Images) extractContainerName(parent interface{}) string {
 	return ""
 }
 
-func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string) error {
-	ref := o.GetK8sRef()
-	deployment := fmt.Sprintf("%s/%s", ref.GVK.Kind, ref.Name)
-
-	var remoteObject *uo.UnstructuredObject
-	triedRemoteObject := false
+func (images *Images) FindPlaceholders(o *uo.UnstructuredObject) ([]placeHolder, error) {
+	var ret []placeHolder
 
 	err := uo.NewObjectIterator(o.Object).IterateLeafs(func(it *uo.ObjectIterator) error {
 		s, ok := it.Value().(string)
 		if !ok {
 			return nil
 		}
-		newS := ""
+
 		container := images.extractContainerName(it.Parent())
 
 		offset := 0
@@ -177,54 +178,76 @@ func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredO
 				return err
 			}
 			if ph == nil {
-				newS += s[offset:]
 				break
-			} else {
-				newS += s[offset:ph.startOffset]
 			}
+			ph.FieldPath = it.KeyPathCopy()
+			ph.Container = container
+			ret = append(ret, *ph)
+			offset = ph.EndOffset
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
+func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string) error {
+	placeholders, err := images.FindPlaceholders(o)
+	if err != nil {
+		return err
+	}
 
-			if !triedRemoteObject {
-				triedRemoteObject = true
+	ref := o.GetK8sRef()
+	deployment := fmt.Sprintf("%s/%s", ref.GVK.Kind, ref.Name)
+
+	var remoteObject *uo.UnstructuredObject
+	triedRemoteObject := false
+
+	// iterate backwards so that replacements are easy
+	for i := len(placeholders) - 1; i >= 0; i-- {
+		ph := placeholders[i]
+
+		if !triedRemoteObject {
+			triedRemoteObject = true
+			if k != nil {
 				remoteObject, _, err = k.GetSingleObject(o.GetK8sRef())
 				if err != nil && !errors.IsNotFound(err) {
 					return err
 				}
 			}
+		}
 
-			var deployed *string
-			if remoteObject != nil && ph.startOffset == 0 && ph.endOffset == len(s) {
-				x, found, _ := remoteObject.GetNestedField(it.KeyPath()...)
-				if found {
-					if y, ok := x.(string); ok {
-						deployed = &y
-					}
+		var deployed *string
+		if remoteObject != nil && ph.StartOffset == 0 && ph.EndOffset == len(ph.FieldValue) {
+			x, found, _ := remoteObject.GetNestedField(ph.FieldPath...)
+			if found {
+				if y, ok := x.(string); ok {
+					deployed = &y
 				}
 			}
+		}
 
-			resultImage, err := images.resolveImage(ph, ref, deployment, container, deployed, deploymentDir, tags)
-			if err != nil {
-				return err
-			}
-			if resultImage == nil {
-				return fmt.Errorf("failed to find image for %s and latest version %s", ph.Image, ph.LatestVersion)
-			}
-			newS += *resultImage
+		resultImage, err := images.resolveImage(ph, ref, deployment, deployed, deploymentDir, tags)
+		if err != nil {
+			return err
+		}
+		if resultImage == nil {
+			return fmt.Errorf("failed to find image for %s and latest version %s", ph.Image, ph.LatestVersion)
+		}
 
-			offset = ph.endOffset
-			if offset >= len(s) {
-				break
-			}
+		ph.FieldValue = ph.FieldValue[:ph.StartOffset] + *resultImage + ph.FieldValue[ph.EndOffset:]
+		err = o.SetNestedField(ph.FieldValue, ph.FieldPath...)
+		if err != nil {
+			return err
 		}
-		return it.SetValue(newS)
-	})
-	if err != nil {
-		return err
 	}
 	return nil
 }
 
-func (images *Images) resolveImage(ph *placeHolder, ref k8s2.ObjectRef, deployment string, container string, deployed *string, deploymentDir string, tags []string) (*string, error) {
-	fixed := images.GetFixedImage(ph.Image, ref.Namespace, deployment, container)
+func (images *Images) resolveImage(ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string) (*string, error) {
+	fixed := images.GetFixedImage(ph.Image, ref.Namespace, deployment, ph.Container)
 
 	registry, err := images.GetLatestImageFromRegistry(ph.Image, ph.LatestVersion)
 	if err != nil {
diff --git a/pkg/utils/uo/object_iterator.go b/pkg/utils/uo/object_iterator.go
index 7c127af98..be922ee93 100644
--- a/pkg/utils/uo/object_iterator.go
+++ b/pkg/utils/uo/object_iterator.go
@@ -21,6 +21,12 @@ func (it *ObjectIterator) KeyPath() []interface{} {
 	return it.keys
 }
 
+func (it *ObjectIterator) KeyPathCopy() []interface{} {
+	ret := make([]interface{}, len(it.keys))
+	copy(ret, it.keys)
+	return ret
+}
+
 func (it *ObjectIterator) Key() interface{} {
 	if len(it.keys) == 0 {
 		return nil

From 06d1cf2e881b3d97ce9e1c75b0cf5e1937bf70a9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 3 May 2022 16:03:03 +0200
Subject: [PATCH 0108/2268] feat: Implement --fixed-image completion

---
 cmd/kluctl/commands/completion.go | 72 ++++++++++++++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index fcc341c2c..48c5f8afb 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -11,6 +11,7 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
+	"strings"
 	"sync"
 	"time"
 )
@@ -20,6 +21,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	projectFlags := v.FieldByName("ProjectFlags")
 	targetFlags := v.FieldByName("TargetFlags")
 	inclusionFlags := v.FieldByName("InclusionFlags")
+	imageFlags := v.FieldByName("ImageFlags")
 
 	if projectFlags.IsValid() {
 		_ = ccmd.RegisterFlagCompletionFunc("cluster", buildClusterCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
@@ -38,13 +40,17 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 		_ = ccmd.RegisterFlagCompletionFunc("exclude-deployment-dir", dirsFunc)
 	}
 
+	if imageFlags.IsValid() {
+		_ = ccmd.RegisterFlagCompletionFunc("fixed-image", buildImagesCompletionFunc(cmdStruct))
+	}
+
 	return nil
 }
 
 func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(*projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(*projectArgs, false, func(p *kluctl_project.KluctlProjectContext) error {
 		return cb(p)
 	})
 }
@@ -168,3 +174,67 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 		}
 	}
 }
+
+func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
+
+		if strings.Index(toComplete, "=") != -1 {
+			return nil, cobra.ShellCompDirectiveDefault
+		}
+
+		var images utils.OrderedMap
+		var mutex sync.Mutex
+
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+			var targets []string
+			if ptArgs.targetFlags.Target == "" {
+				for _, t := range p.DynamicTargets {
+					targets = append(targets, t.Target.Name)
+				}
+			} else {
+				targets = append(targets, ptArgs.targetFlags.Target)
+			}
+
+			var wg sync.WaitGroup
+			for _, t := range targets {
+				ptArgs := ptArgs
+				ptArgs.targetFlags.Target = t
+				wg.Add(1)
+				go func() {
+					_ = withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
+						err := ctx.targetCtx.DeploymentCollection.Prepare(nil)
+						if err != nil {
+							log.Error(err)
+						}
+
+						mutex.Lock()
+						defer mutex.Unlock()
+						for _, si := range ctx.images.SeenImages(false) {
+							str := si.Image
+							if si.Namespace != nil {
+								str += ":" + *si.Namespace
+							}
+							if si.Deployment != nil {
+								str += ":" + *si.Deployment
+							}
+							if si.Container != nil {
+								str += ":" + *si.Container
+							}
+							images.Set(str, true)
+						}
+						return nil
+					})
+					wg.Done()
+				}()
+			}
+			wg.Wait()
+			return nil
+		})
+		if err != nil {
+			log.Error(err)
+			return nil, cobra.ShellCompDirectiveError
+		}
+		return images.ListKeys(), cobra.ShellCompDirectiveNoSpace
+	}
+}

From c7ed62bf0aa7397b14249788170c3db45b0f8dc4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 May 2022 09:05:04 +0200
Subject: [PATCH 0109/2268] fix: Properly handle args via env vars with dashes

---
 cmd/kluctl/commands/root.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 68a8fbb2a..a4f1c35bc 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -147,6 +147,7 @@ func initViper() {
 	}
 
 	viper.SetEnvPrefix("kluctl")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
 	viper.AutomaticEnv()
 }
 

From 2df3e9cb4f10555850e8d5dbe7ec0ae0df5095df Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 May 2022 09:31:19 +0200
Subject: [PATCH 0110/2268] fix: Fix unexpected log line when skipping
 deployment items

---
 pkg/deployment/commands/downscale.go   |  2 +-
 pkg/deployment/commands/poke_images.go |  2 +-
 pkg/deployment/commands/validate.go    |  2 +-
 pkg/deployment/utils/apply_utils.go    | 28 ++++++++++++++++++++++----
 pkg/deployment/utils/progress.go       |  8 +++++---
 5 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index edd25944e..f12d86d6b 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -39,7 +39,7 @@ func (cmd *DownscaleCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0))
+		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
 		for _, o := range d.Objects {
 			o := o
 			ref := o.GetK8sRef()
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 9e2fc9173..d325da3b2 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -75,7 +75,7 @@ func (cmd *PokeImagesCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, erro
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, ref.String(), 0))
+			au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, ref.String(), 0, true))
 			au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 				return doPokeImage(containers, o)
 			})
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 3a94cc032..5fa33f251 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -39,7 +39,7 @@ func (cmd *ValidateCommand) Run(k *k8s.K8sCluster) (*types.ValidateResult, error
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0))
+		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
 		h := utils2.NewHooksUtil(au)
 		for _, o := range d.Objects {
 			hook := h.GetHook(o)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index ebbca95c1..3f69a8416 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -529,6 +529,17 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	a.pctx.Finish()
 }
 
+func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *string {
+	if d.RelToProjectItemDir != "" {
+		return &d.RelToProjectItemDir
+	}
+	if len(d.Config.DeleteObjects) != 0 {
+		s := "<delete>"
+		return &s
+	}
+	return nil
+}
+
 func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 	log.Infof("Running server-side apply for all objects")
 
@@ -542,8 +553,11 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 
 	maxNameLen := 0
 	for _, d := range a.deployments {
-		if len(d.RelToProjectItemDir) > maxNameLen {
-			maxNameLen = len(d.RelToProjectItemDir)
+		name := a.buildProgressName(d)
+		if name != nil {
+			if len(*name) > maxNameLen {
+				maxNameLen = len(*name)
+			}
 		}
 	}
 
@@ -555,7 +569,13 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 
 		_ = sem.Acquire(context.Background(), 1)
 
-		pctx := NewProgressCtx(p, d.RelToProjectItemDir, maxNameLen)
+		progressName := a.buildProgressName(d)
+		var pctx *progressCtx
+		if progressName != nil {
+			pctx = NewProgressCtx(p, *progressName, maxNameLen, true)
+		} else {
+			pctx = NewProgressCtx(nil, "", 0, false)
+		}
 		a2 := a.NewApplyUtil(pctx)
 
 		wg.Add(1)
@@ -568,7 +588,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 
 		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
 		if barrier {
-			bpctx := NewProgressCtx(p, "<barrier>", maxNameLen)
+			bpctx := NewProgressCtx(p, "<barrier>", maxNameLen, true)
 			bpctx.SetTotal(1)
 
 			bpctx.InfofAndStatus("Waiting on barrier...")
diff --git a/pkg/deployment/utils/progress.go b/pkg/deployment/utils/progress.go
index 8ac3a0f81..c5eadbbfc 100644
--- a/pkg/deployment/utils/progress.go
+++ b/pkg/deployment/utils/progress.go
@@ -15,6 +15,7 @@ import (
 
 type progressCtx struct {
 	bar       *mpb.Bar
+	doLog     bool
 	total     int64
 	name      string
 	status    string
@@ -22,14 +23,15 @@ type progressCtx struct {
 	mutex     sync.Mutex
 }
 
-func NewProgressCtx(p *mpb.Progress, name string, maxNameWidth int) *progressCtx {
+func NewProgressCtx(p *mpb.Progress, name string, maxNameWidth int, doLog bool) *progressCtx {
 	pctx := &progressCtx{
 		status:    "Initializing...",
 		total:     -1,
 		name:      name,
 		startTime: time.Now(),
 	}
-	if !isatty.IsTerminal(os.Stderr.Fd()) || name == "" {
+	if !isatty.IsTerminal(os.Stderr.Fd()) || p == nil {
+		pctx.doLog = doLog
 		return pctx
 	}
 
@@ -51,7 +53,7 @@ func NewProgressCtx(p *mpb.Progress, name string, maxNameWidth int) *progressCtx
 }
 
 func (ctx *progressCtx) Logf(level log.Level, s string, args ...interface{}) {
-	if ctx.bar == nil {
+	if ctx.doLog {
 		s = fmt.Sprintf("%s: %s", ctx.name, s)
 		log.StandardLogger().Logf(level, s, args...)
 	}

From 2b74f16874771d294706db6f5a11412cfb803220 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 5 May 2022 10:46:19 +0200
Subject: [PATCH 0111/2268] build: Upgrade python to 3.10.4

---
 pkg/python/generate/main.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/python/generate/main.go b/pkg/python/generate/main.go
index f3ffc0816..dc68cc409 100644
--- a/pkg/python/generate/main.go
+++ b/pkg/python/generate/main.go
@@ -15,8 +15,8 @@ import (
 
 const (
 	pythonVersionBase       = "3.10"
-	pythonVersionFull       = "3.10.3"
-	pythonStandaloneVersion = "20220318"
+	pythonVersionFull       = "3.10.4"
+	pythonStandaloneVersion = "20220502"
 )
 
 var pythonDists = map[string]string{

From 6c3830b6e820559017659b4c7cc3cbf5a6ccaa01 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 5 May 2022 10:52:06 +0200
Subject: [PATCH 0112/2268] fix: Use debian:bullseye-slim for docker images

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 991b24a50..cd4912bac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,8 @@ RUN wget -O helm.tar.gz https://get.helm.sh/helm-$HELM_VERSION-$ARCH.tar.gz && \
     tar xzf helm.tar.gz && \
     mv $ARCH/helm /
 
-FROM alpine
+# We must use a glibc based distro due to embedded python not supporting musl libc for aarch64
+FROM debian:bullseye-slim
 COPY --from=builder /helm /usr/bin
 COPY kluctl /usr/bin/
 ENTRYPOINT ["/usr/bin/kluctl"]

From a34a20a06c3529bf696549d4146b9c429b43ec86 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 5 May 2022 16:04:59 +0200
Subject: [PATCH 0113/2268] docs: Mention that go 1.18 is the minimum go
 version now

---
 install/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/README.md b/install/README.md
index 09f38f6e3..a02fc9390 100644
--- a/install/README.md
+++ b/install/README.md
@@ -28,7 +28,7 @@ git clone https://github.com/kluctl/kluctl
 cd kluctl
 ```
 
-Build the `kluctl` binary (requires go >= 1.17 and python >= 3.10):
+Build the `kluctl` binary (requires go >= 1.18 and python >= 3.10):
 
 ```bash
 make build

From 861c75fd209e4b2702f30c882eb1f9ca19d778f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 10:04:39 +0200
Subject: [PATCH 0114/2268] refactor: Use filepath.ToSlash and
 filepath.FromSlash whenever possible

---
 cmd/kluctl/args/inclusion.go          | 6 ++----
 pkg/deployment/deployment_item.go     | 6 +++---
 pkg/jinja2/jinja2.go                  | 2 +-
 pkg/kluctl_project/git.go             | 2 +-
 pkg/utils/embed_util/extract.go       | 2 +-
 pkg/utils/embed_util/packer/packer.go | 3 +--
 pkg/utils/fs.go                       | 4 ++--
 pkg/utils/tar.go                      | 9 ++++-----
 8 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/args/inclusion.go b/cmd/kluctl/args/inclusion.go
index 060a6af97..1a63195c2 100644
--- a/cmd/kluctl/args/inclusion.go
+++ b/cmd/kluctl/args/inclusion.go
@@ -3,9 +3,7 @@ package args
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"os"
 	"path/filepath"
-	"strings"
 )
 
 type InclusionFlags struct {
@@ -27,13 +25,13 @@ func (args *InclusionFlags) ParseInclusionFromArgs() (*utils.Inclusion, error) {
 		if filepath.IsAbs(dir) {
 			return nil, fmt.Errorf("--include-deployment-dir path must be relative")
 		}
-		inclusion.AddInclude("deploymentItemDir", strings.ReplaceAll(dir, string(os.PathSeparator), "/"))
+		inclusion.AddInclude("deploymentItemDir", filepath.ToSlash(dir))
 	}
 	for _, dir := range args.ExcludeDeploymentDir {
 		if filepath.IsAbs(dir) {
 			return nil, fmt.Errorf("--exclude-deployment-dir path must be relative")
 		}
-		inclusion.AddExclude("deploymentItemDir", strings.ReplaceAll(dir, string(os.PathSeparator), "/"))
+		inclusion.AddExclude("deploymentItemDir", filepath.ToSlash(dir))
 	}
 	return inclusion, nil
 }
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 336dff69c..17f6f746c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -100,7 +100,7 @@ func (di *DeploymentItem) getCommonLabels() map[string]string {
 func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	// TODO change it to kluctl.io/deployment_dir
 	a := map[string]string{
-		"kluctl.io/kustomize_dir": strings.ReplaceAll(di.RelToRootItemDir, string(os.PathSeparator), "/"),
+		"kluctl.io/kustomize_dir": filepath.ToSlash(di.RelToRootItemDir),
 	}
 	if di.Config.SkipDeleteIfTags != nil && *di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
@@ -137,7 +137,7 @@ func (di *DeploymentItem) render(k *k8s.K8sCluster, forSeal bool, wp *utils.Work
 			if yaml.Exists(filepath.Join(p, "helm-chart.yml")) {
 				// never try to render helm charts
 				ep := filepath.Join(di.RelToProjectItemDir, relDir, "charts/**")
-				ep = strings.ReplaceAll(ep, string(os.PathSeparator), "/")
+				ep = filepath.ToSlash(ep)
 				excludePatterns = append(excludePatterns, ep)
 				return filepath.SkipDir
 			}
@@ -250,7 +250,7 @@ func (di *DeploymentItem) buildInclusionEntries() []utils.InclusionEntry {
 		values = append(values, utils.InclusionEntry{Type: "tag", Value: t})
 	}
 	if di.dir != nil {
-		dir := strings.ReplaceAll(di.RelToRootItemDir, string(os.PathSeparator), "/")
+		dir := filepath.ToSlash(di.RelToRootItemDir)
 		values = append(values, utils.InclusionEntry{Type: "deploymentItemDir", Value: dir})
 	}
 	return values
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index fa04d3cd7..023e89c08 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -198,7 +198,7 @@ func (j *Jinja2) getGlob(pattern string) (glob.Glob, error) {
 	return g.(glob.Glob), nil
 }
 func (j *Jinja2) needsRender(path string, excludedPatterns []string) bool {
-	path = strings.ReplaceAll(path, string(os.PathSeparator), "/")
+	path = filepath.ToSlash(path)
 
 	for _, p := range excludedPatterns {
 		g, err := j.getGlob(p)
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 23072f103..255dcb7cf 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -122,7 +122,7 @@ func (c *KluctlProjectContext) buildCloneDir(u git_url.GitUrl, ref string) (stri
 	}
 	ref = strings.ReplaceAll(ref, "/", "-")
 	ref = strings.ReplaceAll(ref, "\\", "-")
-	urlPath := strings.ReplaceAll(u.Path, "/", string(os.PathSeparator))
+	urlPath := filepath.FromSlash(u.Path)
 	baseName := filepath.Base(urlPath)
 	urlHash := utils.Sha256String(fmt.Sprintf("%s:%s", u.Host, u.Path))[:16]
 	cloneDir := filepath.Join(c.TmpDir, fmt.Sprintf("%s-%s", baseName, urlHash), ref)
diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
index 16ed318ba..22267376c 100644
--- a/pkg/utils/embed_util/extract.go
+++ b/pkg/utils/embed_util/extract.go
@@ -120,7 +120,7 @@ func BuildFileList(targetPath string) (map[string]int64, error) {
 		if err != nil {
 			return err
 		}
-		relPath = strings.ReplaceAll(relPath, string(os.PathSeparator), "/")
+		relPath = filepath.ToSlash(relPath)
 		if info.IsDir() {
 			existingFiles[relPath] = 0
 		} else {
diff --git a/pkg/utils/embed_util/packer/packer.go b/pkg/utils/embed_util/packer/packer.go
index d02da2d7f..fd6fdd077 100644
--- a/pkg/utils/embed_util/packer/packer.go
+++ b/pkg/utils/embed_util/packer/packer.go
@@ -13,7 +13,6 @@ import (
 	log "github.com/sirupsen/logrus"
 	"io/fs"
 	"io/ioutil"
-	"os"
 	"path/filepath"
 	"reflect"
 	"strings"
@@ -75,7 +74,7 @@ func findFiles(dir string, patterns []string) (map[string]int64, error) {
 		}
 		match := false
 		for _, p := range globs {
-			if p.Match(strings.ReplaceAll(rel, string(os.PathSeparator), "/")) {
+			if p.Match(filepath.ToSlash(rel)) {
 				match = true
 				break
 			}
diff --git a/pkg/utils/fs.go b/pkg/utils/fs.go
index 30dbcfc1c..aa776b51c 100644
--- a/pkg/utils/fs.go
+++ b/pkg/utils/fs.go
@@ -58,7 +58,7 @@ func CopyFile(src string, dst string) error {
 }
 
 func FsCopyFile(srcFs fs.FS, src, dst string) error {
-	src = strings.ReplaceAll(src, string(os.PathSeparator), "/")
+	src = filepath.ToSlash(src)
 	source, err := srcFs.Open(src)
 	if err != nil {
 		return err
@@ -92,7 +92,7 @@ func FsCopyDir(srcFs fs.FS, src string, dst string) error {
 	var err error
 	var fds []fs.DirEntry
 
-	src = strings.ReplaceAll(src, string(os.PathSeparator), "/")
+	src = filepath.ToSlash(src)
 
 	if fds, err = fs.ReadDir(srcFs, src); err != nil {
 		return err
diff --git a/pkg/utils/tar.go b/pkg/utils/tar.go
index 0cd6807ed..627f531bf 100644
--- a/pkg/utils/tar.go
+++ b/pkg/utils/tar.go
@@ -9,7 +9,6 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 )
 
 func ExtractTarGzFile(tarGzPath string, targetPath string) error {
@@ -48,7 +47,7 @@ func ExtractTarStream(r io.Reader, targetPath string) error {
 			return fmt.Errorf("ExtractTarStream: Next() failed: %w", err)
 		}
 
-		header.Name = strings.ReplaceAll(header.Name, "/", string(os.PathSeparator))
+		header.Name = filepath.FromSlash(header.Name)
 
 		p := filepath.Join(targetPath, header.Name)
 		err = os.MkdirAll(filepath.Dir(p), 0755)
@@ -105,7 +104,7 @@ func AddToTar(tw *tar.Writer, pth string, name string, filter func(h *tar.Header
 	if err != nil {
 		return err
 	}
-	h.Name = strings.ReplaceAll(name, string(os.PathSeparator), "/")
+	h.Name = filepath.ToSlash(name)
 
 	if filter != nil {
 		s := fi.Size()
@@ -159,14 +158,14 @@ func AddToTar(tw *tar.Writer, pth string, name string, filter func(h *tar.Header
 }
 
 func HashTarEntry(dir string, name string) (string, error) {
-	p := filepath.Join(dir, strings.ReplaceAll(name, "/", string(os.PathSeparator)))
+	p := filepath.Join(dir, filepath.FromSlash(name))
 	st, err := os.Lstat(p)
 	if err != nil {
 		return "", err
 	}
 	var hashData []byte
 	if st.Mode().Type() == fs.ModeDir {
-		hashData = []byte(strings.ReplaceAll(name, string(os.PathSeparator), "/"))
+		hashData = []byte(filepath.ToSlash(name))
 	} else if st.Mode().Type() == fs.ModeSymlink {
 		l, err := os.Readlink(p)
 		if err != nil {

From 1a0a4f926c29ae8c63fd82b86ad1f6ef420151af Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 10:06:09 +0200
Subject: [PATCH 0115/2268] fix: Use SecureJoin in places where user-provided
 paths are joined

---
 pkg/deployment/commands/seal.go    |  8 ++++--
 pkg/deployment/deployment_item.go  | 16 ++++++++---
 pkg/deployment/helm_chart.go       | 43 ++++++++++++++++++++++--------
 pkg/git/mirrored_repo.go           |  2 ++
 pkg/jinja2/jinja2.go               |  8 ++++--
 pkg/kluctl_project/git.go          | 11 ++++++--
 pkg/kluctl_project/load.go         | 10 ++++---
 pkg/kluctl_project/load_targets.go |  7 +++--
 pkg/seal/secrets_loader.go         | 27 ++++++++++---------
 pkg/types/cluster_config.go        |  7 ++++-
 pkg/utils/fs.go                    | 30 +++++++++++++++++++++
 pkg/utils/tar.go                   |  6 ++++-
 12 files changed, 136 insertions(+), 39 deletions(-)

diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index cc255a91c..69110cf0d 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"io/fs"
@@ -33,8 +34,11 @@ func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
 		if err != nil {
 			return err
 		}
-		targetDir := filepath.Join(cmd.c.Project.SealedSecretsDir, filepath.Dir(relPath))
-		targetFile := filepath.Join(targetDir, *cmd.c.Project.Config.SealedSecrets.OutputPattern, filepath.Base(p))
+		relTargetFile := filepath.Join(filepath.Dir(relPath), *cmd.c.Project.Config.SealedSecrets.OutputPattern, filepath.Base(p))
+		targetFile, err := securejoin.SecureJoin(cmd.c.Project.SealedSecretsDir, relTargetFile)
+		if err != nil {
+			return err
+		}
 		targetFile = targetFile[:len(targetFile)-len(deployment.SealmeExt)]
 		err = sealer.SealFile(p, targetFile)
 		if err != nil {
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 17f6f746c..acb5e7aa3 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -190,13 +191,17 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 		return nil
 	}
 
-	// TODO check for bootstrap
-
 	sealedSecretsDir := di.Project.getSealedSecretsDir()
 	baseSourcePath := di.Project.SealedSecretsDir
 
 	renderedDir := filepath.Join(di.renderedDir, subdir)
 
+	// ensure we're not leaving the project
+	_, err := securejoin.SecureJoin(di.Project.getRootProject().dir, subdir)
+	if err != nil {
+		return err
+	}
+
 	y, err := uo.FromFile(yaml.FixPathExt(filepath.Join(renderedDir, "kustomization.yml")))
 	if err != nil {
 		return err
@@ -227,7 +232,12 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 		if sealedSecretsDir == nil {
 			return fmt.Errorf("%s. Sealed secrets dir could not be determined", baseError)
 		}
-		sourcePath := filepath.Clean(filepath.Join(baseSourcePath, filepath.Join(di.relRenderedDir, subdir), relDir, *sealedSecretsDir, fname))
+		// ensure we're not leaving the .sealed-secrets dir
+		sourcePath, err := securejoin.SecureJoin(baseSourcePath, filepath.Join(di.relRenderedDir, subdir, relDir, *sealedSecretsDir, fname))
+		if err != nil {
+			return err
+		}
+		sourcePath = filepath.Clean(sourcePath)
 		targetPath := filepath.Join(renderedDir, relDir, fname)
 		if !utils.IsFile(sourcePath) {
 			return fmt.Errorf("%s. %s not found. You might need to seal it first", baseError, sourcePath)
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 23a89200f..8c719c2a2 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -61,6 +62,22 @@ func (c *helmChart) GetChartName() (string, error) {
 	return *c.Config.ChartName, nil
 }
 
+func (c *helmChart) GetChartDir() (string, error) {
+	chartName, err := c.GetChartName()
+	if err != nil {
+		return "", err
+	}
+
+	dir := filepath.Dir(c.configFile)
+	targetDir := filepath.Join(dir, "charts")
+	return securejoin.SecureJoin(targetDir, chartName)
+}
+
+func (c *helmChart) GetOutputPath() (string, error) {
+	dir := filepath.Dir(c.configFile)
+	return securejoin.SecureJoin(dir, c.Config.Output)
+}
+
 func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
 	rc, err := registry.NewClient()
 	if err != nil {
@@ -77,10 +94,13 @@ func (c *helmChart) Pull() error {
 		return err
 	}
 
-	dir := filepath.Dir(c.configFile)
-	targetDir := filepath.Join(dir, "charts")
-	rmDir := filepath.Join(targetDir, chartName)
-	_ = os.RemoveAll(rmDir)
+	chartDir, err := c.GetChartDir()
+	if err != nil {
+		return err
+	}
+
+	targetDir := filepath.Join(filepath.Dir(c.configFile), "charts")
+	_ = os.RemoveAll(chartDir)
 
 	cfg, err := c.buildHelmConfig()
 	if err != nil {
@@ -100,8 +120,8 @@ func (c *helmChart) Pull() error {
 		out, err = a.Run(chartName)
 	}
 	// a bug in the Pull command causes this directory to be created by accident
-	_ = os.RemoveAll(rmDir + fmt.Sprintf("-%s.tar.gz", a.Version))
-	_ = os.RemoveAll(rmDir + fmt.Sprintf("-%s.tgz", a.Version))
+	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tar.gz", a.Version))
+	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tgz", a.Version))
 	if out != "" {
 		log.Info(out)
 	}
@@ -170,14 +190,15 @@ func (c *helmChart) Render(k *k8s.K8sCluster) error {
 }
 
 func (c *helmChart) doRender(k *k8s.K8sCluster) error {
-	chartName, err := c.GetChartName()
+	chartDir, err := c.GetChartDir()
 	if err != nil {
 		return err
 	}
-	dir := filepath.Dir(c.configFile)
-	chartDir := filepath.Join(dir, "charts", chartName)
-	valuesPath := yaml.FixPathExt(filepath.Join(dir, "helm-values.yml"))
-	outputPath := filepath.Join(dir, c.Config.Output)
+	outputPath, err := c.GetOutputPath()
+	if err != nil {
+		return err
+	}
+	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(c.configFile), "helm-values.yml"))
 
 	var gvs []string
 	if k != nil {
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 0afba2cd9..fc8d40fdc 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -342,6 +342,8 @@ func (g *MirroredGitRepo) CloneProject(ctx context.Context, ref string, targetDi
 
 func buildMirrorRepoName(u git_url.GitUrl) string {
 	r := filepath.Base(u.Path)
+	r = strings.ReplaceAll(r, "/", "-")
+	r = strings.ReplaceAll(r, "\\", "-")
 	if strings.HasSuffix(r, ".git") {
 		r = r[:len(r)-len(".git")]
 	}
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 023e89c08..83e176870 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -2,6 +2,7 @@ package jinja2
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -213,11 +214,14 @@ func (j *Jinja2) needsRender(path string, excludedPatterns []string) bool {
 }
 
 func (j *Jinja2) RenderDirectory(rootDir string, searchDirs []string, relSourceDir string, excludePatterns []string, subdir string, targetDir string, vars *uo.UnstructuredObject) error {
-	walkDir := filepath.Join(rootDir, relSourceDir, subdir)
+	walkDir, err := securejoin.SecureJoin(rootDir, filepath.Join(relSourceDir, subdir))
+	if err != nil {
+		return err
+	}
 
 	var jobs []*RenderJob
 
-	err := filepath.WalkDir(walkDir, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(walkDir, func(p string, d fs.DirEntry, err error) error {
 		relPath, err := filepath.Rel(walkDir, p)
 		if err != nil {
 			return err
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 255dcb7cf..edf405701 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -3,6 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
@@ -125,7 +126,10 @@ func (c *KluctlProjectContext) buildCloneDir(u git_url.GitUrl, ref string) (stri
 	urlPath := filepath.FromSlash(u.Path)
 	baseName := filepath.Base(urlPath)
 	urlHash := utils.Sha256String(fmt.Sprintf("%s:%s", u.Host, u.Path))[:16]
-	cloneDir := filepath.Join(c.TmpDir, fmt.Sprintf("%s-%s", baseName, urlHash), ref)
+	cloneDir, err := securejoin.SecureJoin(c.TmpDir, filepath.Join(fmt.Sprintf("%s-%s", baseName, urlHash), ref))
+	if err != nil {
+		return "", err
+	}
 	log.Tracef("buildCloneDir: ref=%s, urlPath=%s, baseName=%s, urlHash=%s, cloneDir=%s", ref, urlPath, baseName, urlHash, cloneDir)
 	return cloneDir, nil
 }
@@ -147,7 +151,10 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject t
 	}
 	dir := targetDir
 	if subDir != "" {
-		dir = filepath.Join(dir, subDir)
+		dir, err = securejoin.SecureJoin(dir, subDir)
+		if err != nil {
+			return gitProjectInfo{}, err
+		}
 	}
 
 	mr, ok := c.mirroredRepos[gitProject.Project.Url.NormalizedRepoKey()]
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 511a514fd..26efa5dd0 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -5,6 +5,7 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
@@ -84,6 +85,7 @@ func (c *KluctlProjectContext) load(ctx context.Context, allowGit bool) error {
 			return c.localProject(localDir), nil
 		}
 		if ep == nil || ep.Project == nil {
+			// the ExternalProject is pointing to the same repo that the root project is located in
 			p := kluctlProjectInfo.dir
 			if ep != nil {
 				if filepath.IsAbs(*ep.Path) {
@@ -98,12 +100,14 @@ func (c *KluctlProjectContext) load(ctx context.Context, allowGit bool) error {
 				if err != nil {
 					return gitProjectInfo{}, err
 				}
-				p, err = filepath.Abs(filepath.Join(p, *ep.Path))
+				relToGitRoot, err := filepath.Rel(gitRoot, p)
 				if err != nil {
 					return gitProjectInfo{}, err
 				}
-				if !strings.HasPrefix(p, gitRoot) {
-					return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s'", *ep.Path, gitRoot)
+				relToGitRoot = filepath.Join(relToGitRoot, *ep.Path)
+				p, err = securejoin.SecureJoin(gitRoot, relToGitRoot)
+				if err != nil {
+					return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", relToGitRoot, gitRoot, err)
 				}
 			} else {
 				if defaultGitSubDir != "" {
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index ec20c2f0f..0148e6785 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -3,6 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -10,7 +11,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
-	"path/filepath"
 	"reflect"
 	"regexp"
 	"sort"
@@ -320,7 +320,10 @@ func (c *KluctlProjectContext) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 	if targetInfo.baseTarget.TargetConfig.File != nil {
 		configFile = *targetInfo.baseTarget.TargetConfig.File
 	}
-	configPath := filepath.Join(targetInfo.dir, configFile)
+	configPath, err := securejoin.SecureJoin(targetInfo.dir, configFile)
+	if err != nil {
+		return nil, err
+	}
 	if !utils.IsFile(configPath) {
 		return nil, fmt.Errorf("no target config file with name %s found in target", configFile)
 	}
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index 8241d9547..ef0e37fe9 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -2,6 +2,7 @@ package seal
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -9,7 +10,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"path/filepath"
-	"strings"
 )
 
 type usernamePassword struct {
@@ -26,8 +26,8 @@ type SecretsLoader struct {
 
 func NewSecretsLoader(p *kluctl_project.KluctlProjectContext, secretsDir string) *SecretsLoader {
 	return &SecretsLoader{
-		project:    p,
-		secretsDir: secretsDir,
+		project:          p,
+		secretsDir:       secretsDir,
 		credentialsCache: map[string]usernamePassword{},
 	}
 }
@@ -48,21 +48,24 @@ func (s *SecretsLoader) LoadSecrets(source *types.SecretSource) (*uo.Unstructure
 
 func (s *SecretsLoader) loadSecretsFile(source *types.SecretSource) (*uo.UnstructuredObject, error) {
 	var p string
+	var err error
 	if utils.Exists(filepath.Join(s.project.DeploymentDir, *source.Path)) {
-		p = filepath.Join(s.project.DeploymentDir, *source.Path)
+		p, err = securejoin.SecureJoin(s.project.DeploymentDir, *source.Path)
+		if err != nil {
+			return nil, err
+		}
 	} else if utils.Exists(filepath.Join(s.secretsDir, *source.Path)) {
-		p = filepath.Join(s.secretsDir, *source.Path)
-	}
-	if p == "" || !utils.Exists(p) {
+		p, err = securejoin.SecureJoin(s.secretsDir, *source.Path)
+		if err != nil {
+			return nil, err
+		}
+	} else {
 		return nil, fmt.Errorf("secrets file %s does not exist", *source.Path)
 	}
 
-	abs, err := filepath.Abs(p)
+	err = utils.CheckInDir(s.project.DeploymentDir, p)
 	if err != nil {
-		return nil, err
-	}
-	if !strings.HasPrefix(abs, s.project.DeploymentDir) {
-		return nil, fmt.Errorf("secrets file %s is not part of the deployment project", *source.Path)
+		return nil, fmt.Errorf("secrets file %s is not part of the deployment project: %w", *source.Path, err)
 	}
 
 	secrets, err := uo.FromFile(p)
diff --git a/pkg/types/cluster_config.go b/pkg/types/cluster_config.go
index 0c22be6b1..fe8ef11b2 100644
--- a/pkg/types/cluster_config.go
+++ b/pkg/types/cluster_config.go
@@ -64,8 +64,13 @@ func LoadClusterConfig(clusterDir string, clusterName string) (*ClusterConfig, e
 		return nil, fmt.Errorf("cluster config for %s not found", clusterName)
 	}
 
+	err := utils.CheckInDir(clusterDir, p)
+	if err != nil {
+		return nil, fmt.Errorf("cluster config for %s is not in cluster dir", clusterName)
+	}
+
 	var config ClusterConfig
-	err := yaml.ReadYamlFile(p, &config)
+	err = yaml.ReadYamlFile(p, &config)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/utils/fs.go b/pkg/utils/fs.go
index aa776b51c..422538a73 100644
--- a/pkg/utils/fs.go
+++ b/pkg/utils/fs.go
@@ -37,6 +37,36 @@ func IsDirectory(path string) bool {
 	return fileInfo.IsDir()
 }
 
+func CheckInDir(root string, path string) error {
+	absRoot, err := filepath.Abs(filepath.Clean(root))
+	if err != nil {
+		return err
+	}
+	absPath, err := filepath.Abs(filepath.Clean(path))
+	if err != nil {
+		return err
+	}
+
+	absRoot, err = filepath.EvalSymlinks(absRoot)
+	if err != nil {
+		return err
+	}
+
+	absPath, err = filepath.EvalSymlinks(absPath)
+	if err != nil {
+		return err
+	}
+
+	if absRoot == absPath {
+		return nil
+	}
+
+	if !strings.HasPrefix(absPath, absRoot+string(os.PathSeparator)) {
+		return fmt.Errorf("path %s is not inside directory %s", path, root)
+	}
+	return nil
+}
+
 func Touch(path string) error {
 	f, err := os.Create(path)
 	if err != nil {
diff --git a/pkg/utils/tar.go b/pkg/utils/tar.go
index 627f531bf..0425dc6e6 100644
--- a/pkg/utils/tar.go
+++ b/pkg/utils/tar.go
@@ -4,6 +4,7 @@ import (
 	"archive/tar"
 	"compress/gzip"
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"io"
 	"io/fs"
 	"io/ioutil"
@@ -49,7 +50,10 @@ func ExtractTarStream(r io.Reader, targetPath string) error {
 
 		header.Name = filepath.FromSlash(header.Name)
 
-		p := filepath.Join(targetPath, header.Name)
+		p, err := securejoin.SecureJoin(targetPath, header.Name)
+		if err != nil {
+			return err
+		}
 		err = os.MkdirAll(filepath.Dir(p), 0755)
 		if err != nil {
 			return err

From 51c6b4fd037c3f1b100d06bd62d376b85e179c8b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 10:06:21 +0200
Subject: [PATCH 0116/2268] fix: Stop using http caching for k8s clients

This caused errors to be cached which should have been resolved after
CRDs got deployed.
---
 pkg/k8s/k8s_cluster.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 59871f052..33265da1d 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -90,8 +90,7 @@ func NewK8sCluster(configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 		return nil, err
 	}
 	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
-	httpCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/http", apiHost.Hostname())
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(k.restConfig), discoveryCacheDir, httpCacheDir, time.Hour*24)
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(k.restConfig), discoveryCacheDir, "", time.Hour*24)
 	if err != nil {
 		return nil, err
 	}

From 22ff5ecf437c7e9102f311238e5e256d83f6d39e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 10:52:00 +0200
Subject: [PATCH 0117/2268] refactor: Allow to pass RepoRoot from outside

---
 cmd/kluctl/commands/utils.go       |  8 ++++
 pkg/kluctl_project/git.go          | 24 +++++------
 pkg/kluctl_project/load.go         | 64 +++++++++++++++---------------
 pkg/kluctl_project/load_targets.go |  3 +-
 pkg/kluctl_project/project.go      |  1 +
 5 files changed, 52 insertions(+), 48 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3d0d860de..5e90ea31a 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
@@ -12,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -48,7 +50,13 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		return err
 	}
 
+	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
+	if err != nil {
+		log.Warning("Failed to detect git project root. This might cause follow-up errors")
+	}
+
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
+		RepoRoot:            repoRoot,
 		ProjectDir:          cwd,
 		ProjectUrl:          url,
 		ProjectRef:          projectFlags.ProjectRef,
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index edf405701..0c5a641fd 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -134,18 +134,18 @@ func (c *KluctlProjectContext) buildCloneDir(u git_url.GitUrl, ref string) (stri
 	return cloneDir, nil
 }
 
-func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject types2.ExternalProject, defaultGitSubDir string, doAddInvolvedRepo bool, doLock bool) (result gitProjectInfo, err error) {
+func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject *types2.GitProject, defaultGitSubDir string, doAddInvolvedRepo bool, doLock bool) (result gitProjectInfo, err error) {
 	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
 	if err != nil {
 		return
 	}
 
-	targetDir, err := c.buildCloneDir(gitProject.Project.Url, gitProject.Project.Ref)
+	targetDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
 	if err != nil {
 		return
 	}
 
-	subDir := gitProject.Project.SubDir
+	subDir := gitProject.SubDir
 	if subDir == "" {
 		subDir = defaultGitSubDir
 	}
@@ -157,13 +157,13 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject t
 		}
 	}
 
-	mr, ok := c.mirroredRepos[gitProject.Project.Url.NormalizedRepoKey()]
+	mr, ok := c.mirroredRepos[gitProject.Url.NormalizedRepoKey()]
 	if !ok {
-		mr, err = git.NewMirroredGitRepo(gitProject.Project.Url)
+		mr, err = git.NewMirroredGitRepo(gitProject.Url)
 		if err != nil {
 			return
 		}
-		c.mirroredRepos[gitProject.Project.Url.NormalizedRepoKey()] = mr
+		c.mirroredRepos[gitProject.Url.NormalizedRepoKey()] = mr
 		err = mr.Lock(ctx)
 		if err != nil {
 			return
@@ -176,7 +176,7 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject t
 		if err != nil {
 			return err
 		}
-		return mr.CloneProject(ctx, gitProject.Project.Ref, targetDir)
+		return mr.CloneProject(ctx, gitProject.Ref, targetDir)
 	})
 	if err != nil {
 		return
@@ -187,7 +187,7 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject t
 		return
 	}
 
-	result.url = gitProject.Project.Url
+	result.url = gitProject.Url
 	result.ref = ri.CheckedOutRef
 	result.commit = ri.CheckedOutCommit
 	result.dir = dir
@@ -211,11 +211,9 @@ func (c *KluctlProjectContext) cloneKluctlProject(ctx context.Context) (gitProje
 	if c.loadArgs.ProjectUrl == nil {
 		return c.localProject(c.loadArgs.ProjectDir), nil
 	}
-	return c.cloneGitProject(ctx, types2.ExternalProject{
-		Project: &types2.GitProject{
-			Url: *c.loadArgs.ProjectUrl,
-			Ref: c.loadArgs.ProjectRef,
-		},
+	return c.cloneGitProject(ctx, &types2.GitProject{
+		Url: *c.loadArgs.ProjectUrl,
+		Ref: c.loadArgs.ProjectRef,
 	}, "", true, true)
 }
 
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 26efa5dd0..aa40f45fb 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -5,8 +5,6 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -84,43 +82,43 @@ func (c *KluctlProjectContext) load(ctx context.Context, allowGit bool) error {
 		if localDir != "" {
 			return c.localProject(localDir), nil
 		}
-		if ep == nil || ep.Project == nil {
-			// the ExternalProject is pointing to the same repo that the root project is located in
+
+		if ep == nil {
+			// no ExternalProject provided, so we point into the kluctl project + defaultGitSubDir
 			p := kluctlProjectInfo.dir
-			if ep != nil {
-				if filepath.IsAbs(*ep.Path) {
-					return gitProjectInfo{}, fmt.Errorf("only paths relative to the git project root are allowed")
-				}
-				// we only allow relative paths pointing into the root git project
-				gitRoot, err := git.DetectGitRepositoryRoot(p)
-				if err != nil {
-					return gitProjectInfo{}, fmt.Errorf("could not determine git project root: %w", err)
-				}
-				gitRoot, err = filepath.Abs(gitRoot)
-				if err != nil {
-					return gitProjectInfo{}, err
-				}
-				relToGitRoot, err := filepath.Rel(gitRoot, p)
-				if err != nil {
-					return gitProjectInfo{}, err
-				}
-				relToGitRoot = filepath.Join(relToGitRoot, *ep.Path)
-				p, err = securejoin.SecureJoin(gitRoot, relToGitRoot)
-				if err != nil {
-					return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", relToGitRoot, gitRoot, err)
-				}
-			} else {
-				if defaultGitSubDir != "" {
-					p = filepath.Join(p, defaultGitSubDir)
-				}
+			if defaultGitSubDir != "" {
+				p = filepath.Join(p, defaultGitSubDir)
 			}
 			return c.localProject(p), nil
 		}
-		if !allowGit {
-			return gitProjectInfo{}, fmt.Errorf("tried to load something from git while it was not allowed")
+
+		if ep.Project != nil {
+			// pointing to an actual external project, so let's try to clone it
+			if !allowGit {
+				return gitProjectInfo{}, fmt.Errorf("tried to load something from git while it was not allowed")
+			}
+			return c.cloneGitProject(ctx, ep.Project, defaultGitSubDir, true, true)
 		}
 
-		return c.cloneGitProject(ctx, *ep, defaultGitSubDir, true, true)
+		// ExternalProject was provided but without an external repo url, so point into the kluctl project.
+		// We also allow to leave the kluctl project dir in case RepoRoot is provided via loadArgs, as long as
+		// the pointed to directory does not leave the RepoRoot
+
+		repoRoot := c.loadArgs.RepoRoot
+		if repoRoot == "" {
+			// don't allow to leave the project dir
+			repoRoot = kluctlProjectInfo.dir
+		}
+
+		p := filepath.Join(kluctlProjectInfo.dir, *ep.Path)
+		err = utils.CheckInDir(repoRoot, p)
+		if err != nil {
+			if c.loadArgs.RepoRoot == "" {
+				return gitProjectInfo{}, fmt.Errorf("it looks like your kluctl project is not part of a Git repository, which means you are not allowed to use paths that leave your kluctl project")
+			}
+			return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", p, repoRoot, err)
+		}
+		return c.localProject(p), nil
 	}
 
 	deploymentInfo, err := doClone(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/load_targets.go
index 0148e6785..1d48ed529 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/load_targets.go
@@ -251,9 +251,8 @@ func (c *KluctlProjectContext) cloneDynamicTargets(ctx context.Context, dynamicT
 		wp.Submit(func() error {
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
-			ep := types.ExternalProject{Project: &gitProject}
 
-			gi, err := c.cloneGitProject(ctx, ep, "", false, false)
+			gi, err := c.cloneGitProject(ctx, &gitProject, "", false, false)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index dce44c7fc..0357f5d34 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -12,6 +12,7 @@ import (
 )
 
 type LoadKluctlProjectArgs struct {
+	RepoRoot            string
 	ProjectDir          string
 	ProjectUrl          *git_url.GitUrl
 	ProjectRef          string

From be7594c0c95c9ff9044c447587e8b9be3f7441c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 10:53:22 +0200
Subject: [PATCH 0118/2268] fix: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index f432a9b25..4c81d771f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
 	github.com/aws/aws-sdk-go v1.44.1
 	github.com/bitnami-labs/sealed-secrets v0.17.5
+	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/gammazero/workerpool v1.1.2
@@ -84,7 +85,6 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
 	github.com/containerd/containerd v1.6.3 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.14+incompatible // indirect
 	github.com/docker/docker v20.10.14+incompatible // indirect

From 45b5d7e163f60975895f9c1eb13c916fe6d79d74 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 16:16:47 +0200
Subject: [PATCH 0119/2268] fix: Don't try to evaluate symlinks in CheckInDir

---
 pkg/utils/fs.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/pkg/utils/fs.go b/pkg/utils/fs.go
index 422538a73..ac567cdb8 100644
--- a/pkg/utils/fs.go
+++ b/pkg/utils/fs.go
@@ -47,16 +47,6 @@ func CheckInDir(root string, path string) error {
 		return err
 	}
 
-	absRoot, err = filepath.EvalSymlinks(absRoot)
-	if err != nil {
-		return err
-	}
-
-	absPath, err = filepath.EvalSymlinks(absPath)
-	if err != nil {
-		return err
-	}
-
 	if absRoot == absPath {
 		return nil
 	}

From c865e82d54306e3acd52879f1c162f74256ea00d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 21:57:33 +0200
Subject: [PATCH 0120/2268] feat: Rewrite kluctl project loading and archive
 handling

This fixes external projects pointing to the root repo via relative
sub pathes.
---
 cmd/kluctl/commands/cmd_archive.go            |   4 +-
 cmd/kluctl/commands/cmd_list_targets.go       |   2 +-
 cmd/kluctl/commands/cmd_seal.go               |   4 +-
 cmd/kluctl/commands/completion.go             |  12 +-
 cmd/kluctl/commands/utils.go                  |   9 +-
 pkg/kluctl_project/git.go                     |  98 ++----
 pkg/kluctl_project/load.go                    | 287 +-----------------
 pkg/kluctl_project/project.go                 |  66 ++--
 pkg/kluctl_project/project_archive.go         | 129 ++++++++
 pkg/kluctl_project/project_load.go            | 259 ++++++++++++++++
 pkg/kluctl_project/target_context.go          |   6 +-
 .../{load_targets.go => targets.go}           |  18 +-
 pkg/seal/secrets_loader.go                    |   4 +-
 pkg/types/metadata.go                         |  10 +
 pkg/yaml/yaml.go                              |  22 ++
 15 files changed, 509 insertions(+), 421 deletions(-)
 create mode 100644 pkg/kluctl_project/project_archive.go
 create mode 100644 pkg/kluctl_project/project_load.go
 rename pkg/kluctl_project/{load_targets.go => targets.go} (90%)

diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index 5c5325613..250571c51 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -16,7 +16,7 @@ func (cmd *archiveCmd) Help() string {
 }
 
 func (cmd *archiveCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
-		return p.CreateTGZArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
+		return p.WriteArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index ba4493622..c54241e94 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -16,7 +16,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index d840403d0..bdabda126 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -61,7 +61,7 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 	return nil
 }
 
-func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext, targetName string, secretsLoader *seal.SecretsLoader) error {
+func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.LoadedKluctlProject, targetName string, secretsLoader *seal.SecretsLoader) error {
 	log.Infof("Sealing for target %s", targetName)
 
 	ptArgs := projectTargetCommandArgs{
@@ -119,7 +119,7 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.KluctlProjectContext,
 }
 
 func (cmd *sealCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		secretsLoader := seal.NewSecretsLoader(p, cmd.SecretsDir)
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 48c5f8afb..a316051bb 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -47,10 +47,10 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	return nil
 }
 
-func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_project.KluctlProjectContext) error) error {
+func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(*projectArgs, false, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(*projectArgs, false, func(p *kluctl_project.LoadedKluctlProject) error {
 		return cb(p)
 	})
 }
@@ -58,7 +58,7 @@ func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_
 func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.LoadedKluctlProject) error {
 			dents, err := os.ReadDir(p.ClustersDir)
 			if err != nil {
 				return err
@@ -86,7 +86,7 @@ func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.
 func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.KluctlProjectContext) error {
+		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.LoadedKluctlProject) error {
 			for _, t := range p.DynamicTargets {
 				ret = append(ret, t.Target.Name)
 			}
@@ -132,7 +132,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 		var deploymentItemDirs utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -186,7 +186,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 		var images utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.KluctlProjectContext) error {
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 5e90ea31a..e1adddebb 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -21,7 +21,7 @@ import (
 	"time"
 )
 
-func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(p *kluctl_project.KluctlProjectContext) error) error {
+func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
 	var url *git_url.GitUrl
 	if projectFlags.ProjectUrl != "" {
 		var err error
@@ -51,7 +51,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	}
 
 	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
-	if err != nil {
+	if err != nil && projectFlags.FromArchive == "" {
 		log.Warning("Failed to detect git project root. This might cause follow-up errors")
 	}
 
@@ -66,6 +66,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		LocalSealedSecrets:  projectFlags.LocalSealedSecrets.String(),
 		FromArchive:         projectFlags.FromArchive.String(),
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
+		AllowGitClone:       projectFlags.FromArchive == "",
 		GitAuthProviders:    auth.NewDefaultAuthProviders(),
 		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
 	}
@@ -109,12 +110,12 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(args.projectFlags, true, func(p *kluctl_project.KluctlProjectContext) error {
+	return withKluctlProjectFromArgs(args.projectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(args, p, cb)
 	})
 }
 
-func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.KluctlProjectContext, cb func(ctx *commandCtx) error) error {
+func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(ctx *commandCtx) error) error {
 	rh := registries.NewRegistryHelper()
 	err := rh.ParseAuthEntriesFromEnv()
 	if err != nil {
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 0c5a641fd..ee8ba490c 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -3,12 +3,10 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -18,7 +16,7 @@ import (
 	"time"
 )
 
-func (c *KluctlProjectContext) updateGitCache(ctx context.Context, mr *git.MirroredGitRepo) error {
+func (c *LoadedKluctlProject) updateGitCache(ctx context.Context, mr *git.MirroredGitRepo) error {
 	if mr.HasUpdated() {
 		return nil
 	}
@@ -29,7 +27,7 @@ func (c *KluctlProjectContext) updateGitCache(ctx context.Context, mr *git.Mirro
 	return mr.Update(ctx, c.loadArgs.GitAuthProviders)
 }
 
-func (c *KluctlProjectContext) updateGitCaches(ctx context.Context) error {
+func (c *LoadedKluctlProject) updateGitCaches(ctx context.Context) error {
 	var waitGroup sync.WaitGroup
 	var firstError error
 	var firstErrorLock sync.Mutex
@@ -110,53 +108,12 @@ func (c *KluctlProjectContext) updateGitCaches(ctx context.Context) error {
 	return firstError
 }
 
-type gitProjectInfo struct {
-	url    git_url.GitUrl
-	ref    string
-	commit string
-	dir    string
-}
-
-func (c *KluctlProjectContext) buildCloneDir(u git_url.GitUrl, ref string) (string, error) {
-	if ref == "" {
-		ref = "HEAD"
-	}
-	ref = strings.ReplaceAll(ref, "/", "-")
-	ref = strings.ReplaceAll(ref, "\\", "-")
-	urlPath := filepath.FromSlash(u.Path)
-	baseName := filepath.Base(urlPath)
-	urlHash := utils.Sha256String(fmt.Sprintf("%s:%s", u.Host, u.Path))[:16]
-	cloneDir, err := securejoin.SecureJoin(c.TmpDir, filepath.Join(fmt.Sprintf("%s-%s", baseName, urlHash), ref))
-	if err != nil {
-		return "", err
-	}
-	log.Tracef("buildCloneDir: ref=%s, urlPath=%s, baseName=%s, urlHash=%s, cloneDir=%s", ref, urlPath, baseName, urlHash, cloneDir)
-	return cloneDir, nil
-}
-
-func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject *types2.GitProject, defaultGitSubDir string, doAddInvolvedRepo bool, doLock bool) (result gitProjectInfo, err error) {
+func (c *LoadedKluctlProject) cloneGitProject(ctx context.Context, gitProject *types2.GitProject, targetDir string, doLock bool) (info git.GitRepoInfo, err error) {
 	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
 	if err != nil {
 		return
 	}
 
-	targetDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
-	if err != nil {
-		return
-	}
-
-	subDir := gitProject.SubDir
-	if subDir == "" {
-		subDir = defaultGitSubDir
-	}
-	dir := targetDir
-	if subDir != "" {
-		dir, err = securejoin.SecureJoin(dir, subDir)
-		if err != nil {
-			return gitProjectInfo{}, err
-		}
-	}
-
 	mr, ok := c.mirroredRepos[gitProject.Url.NormalizedRepoKey()]
 	if !ok {
 		mr, err = git.NewMirroredGitRepo(gitProject.Url)
@@ -182,42 +139,35 @@ func (c *KluctlProjectContext) cloneGitProject(ctx context.Context, gitProject *
 		return
 	}
 
-	ri, err := git.GetGitRepoInfo(targetDir)
-	if err != nil {
-		return
-	}
-
-	result.url = gitProject.Url
-	result.ref = ri.CheckedOutRef
-	result.commit = ri.CheckedOutCommit
-	result.dir = dir
-
-	if doAddInvolvedRepo {
-		c.addInvolvedRepo(result.url, result.ref, map[string]string{
-			result.ref: result.commit,
-		})
-	}
-
+	info, err = git.GetGitRepoInfo(targetDir)
 	return
 }
 
-func (c *KluctlProjectContext) localProject(dir string) gitProjectInfo {
-	return gitProjectInfo{
-		dir: dir,
+func (c *LoadedKluctlProject) buildCloneDir(u git_url.GitUrl, ref string) (string, error) {
+	baseDir := c.TmpDir
+	if c.archiveDir != "" {
+		baseDir = c.archiveDir
 	}
-}
+	baseDir = filepath.Join(baseDir, "git")
 
-func (c *KluctlProjectContext) cloneKluctlProject(ctx context.Context) (gitProjectInfo, error) {
-	if c.loadArgs.ProjectUrl == nil {
-		return c.localProject(c.loadArgs.ProjectDir), nil
+	if ref == "" {
+		ref = "HEAD"
 	}
-	return c.cloneGitProject(ctx, &types2.GitProject{
-		Url: *c.loadArgs.ProjectUrl,
-		Ref: c.loadArgs.ProjectRef,
-	}, "", true, true)
+	ref = strings.ReplaceAll(ref, "/", "-")
+	ref = strings.ReplaceAll(ref, "\\", "-")
+	urlPath := filepath.FromSlash(u.Path)
+	baseName := filepath.Base(urlPath)
+	urlHash := utils.Sha256String(fmt.Sprintf("%s:%s", u.Host, u.Path))[:16]
+	cloneDir := filepath.Join(fmt.Sprintf("%s-%s", baseName, urlHash), ref)
+	cloneDir = filepath.Join(baseDir, cloneDir)
+	err := utils.CheckInDir(baseDir, cloneDir)
+	if err != nil {
+		return "", err
+	}
+	return cloneDir, nil
 }
 
-func (c *KluctlProjectContext) addInvolvedRepo(u git_url.GitUrl, refPattern string, refs map[string]string) {
+func (c *LoadedKluctlProject) addInvolvedRepo(u git_url.GitUrl, refPattern string, refs map[string]string) {
 	repoKey := u.NormalizedRepoKey()
 	irs, _ := c.involvedRepos[repoKey]
 	e := &types2.InvolvedRepo{
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index aa40f45fb..56a1da171 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -1,184 +1,34 @@
 package kluctl_project
 
 import (
-	"archive/tar"
-	"compress/gzip"
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
-func (c *KluctlProjectContext) mergeClustersDirs(mergedClustersDir string, clustersInfos []gitProjectInfo) error {
-	err := os.MkdirAll(mergedClustersDir, 0o700)
-	if err != nil {
-		return err
-	}
-
-	for _, ci := range clustersInfos {
-		if !utils.IsDirectory(ci.dir) {
-			log.Warningf("Cluster dir '%s' does not exist", ci.dir)
-			continue
-		}
-		files, err := ioutil.ReadDir(ci.dir)
-		if err != nil {
-			return err
-		}
-		for _, fi := range files {
-			p := filepath.Join(ci.dir, fi.Name())
-			if utils.IsFile(p) {
-				err = utils.CopyFile(p, filepath.Join(mergedClustersDir, fi.Name()))
-				if err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func (c *KluctlProjectContext) getConfigPath(projectDir string) string {
-	configPath := c.loadArgs.ProjectConfig
-	if configPath == "" {
-		p := yaml.FixPathExt(filepath.Join(projectDir, ".kluctl.yml"))
-		if utils.IsFile(p) {
-			configPath = p
-		}
-	}
-	return configPath
-}
+func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
+	p := &LoadedKluctlProject{
+		loadArgs: args,
+		TmpDir:   tmpDir,
+		J2:       j2,
 
-func (c *KluctlProjectContext) load(ctx context.Context, allowGit bool) error {
-	kluctlProjectInfo, err := c.cloneKluctlProject(ctx)
-	if err != nil {
-		return err
+		involvedRepos: map[string][]types.InvolvedRepo{},
+		mirroredRepos: map[string]*git.MirroredGitRepo{},
 	}
 
-	configPath := c.getConfigPath(kluctlProjectInfo.dir)
-
-	if configPath != "" {
-		err = yaml.ReadYamlFile(configPath, &c.Config)
-		if err != nil {
-			return err
-		}
-	}
-
-	if allowGit {
-		err = c.updateGitCaches(ctx)
-		if err != nil {
-			return err
-		}
-	}
-
-	doClone := func(ep *types2.ExternalProject, defaultGitSubDir string, localDir string) (gitProjectInfo, error) {
-		if localDir != "" {
-			return c.localProject(localDir), nil
-		}
-
-		if ep == nil {
-			// no ExternalProject provided, so we point into the kluctl project + defaultGitSubDir
-			p := kluctlProjectInfo.dir
-			if defaultGitSubDir != "" {
-				p = filepath.Join(p, defaultGitSubDir)
-			}
-			return c.localProject(p), nil
-		}
-
-		if ep.Project != nil {
-			// pointing to an actual external project, so let's try to clone it
-			if !allowGit {
-				return gitProjectInfo{}, fmt.Errorf("tried to load something from git while it was not allowed")
-			}
-			return c.cloneGitProject(ctx, ep.Project, defaultGitSubDir, true, true)
-		}
-
-		// ExternalProject was provided but without an external repo url, so point into the kluctl project.
-		// We also allow to leave the kluctl project dir in case RepoRoot is provided via loadArgs, as long as
-		// the pointed to directory does not leave the RepoRoot
-
-		repoRoot := c.loadArgs.RepoRoot
-		if repoRoot == "" {
-			// don't allow to leave the project dir
-			repoRoot = kluctlProjectInfo.dir
-		}
-
-		p := filepath.Join(kluctlProjectInfo.dir, *ep.Path)
-		err = utils.CheckInDir(repoRoot, p)
-		if err != nil {
-			if c.loadArgs.RepoRoot == "" {
-				return gitProjectInfo{}, fmt.Errorf("it looks like your kluctl project is not part of a Git repository, which means you are not allowed to use paths that leave your kluctl project")
-			}
-			return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", p, repoRoot, err)
-		}
-		return c.localProject(p), nil
-	}
-
-	deploymentInfo, err := doClone(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
-	if err != nil {
-		return err
-	}
-	sealedSecretsInfo, err := doClone(c.Config.SealedSecrets, ".sealed-secrets", c.loadArgs.LocalSealedSecrets)
-	if err != nil {
-		return err
-	}
-	var clustersInfos []gitProjectInfo
-	if c.loadArgs.LocalClusters != "" {
-		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
-	} else if len(c.Config.Clusters.Projects) != 0 {
-		for _, ep := range c.Config.Clusters.Projects {
-			info, err := doClone(&ep, "clusters", "")
-			if err != nil {
-				return err
-			}
-			clustersInfos = append(clustersInfos, info)
-		}
-	} else {
-		ci, err := doClone(nil, "clusters", "")
-		if err != nil {
-			return err
-		}
-		clustersInfos = append(clustersInfos, ci)
-	}
-
-	mergedClustersDir := filepath.Join(c.TmpDir, "merged-clusters")
-	err = c.mergeClustersDirs(mergedClustersDir, clustersInfos)
-	if err != nil {
-		return err
-	}
-
-	c.ProjectDir = kluctlProjectInfo.dir
-	c.DeploymentDir = deploymentInfo.dir
-	c.ClustersDir = mergedClustersDir
-	c.SealedSecretsDir = sealedSecretsInfo.dir
-
-	return nil
-}
-
-func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
 	if args.FromArchive != "" {
 		if args.ProjectUrl != nil || args.ProjectRef != "" || args.ProjectConfig != "" || args.LocalClusters != "" || args.LocalDeployment != "" || args.LocalSealedSecrets != "" {
 			return nil, fmt.Errorf("--from-archive can not be combined with any other project related option")
 		}
-		project, err := loadKluctlProjectFromArchive(args, tmpDir, j2)
-		if err != nil {
-			return nil, err
-		}
-		err = project.load(ctx, false)
+		err := p.loadFromArchive(ctx)
 		if err != nil {
 			return nil, err
 		}
-		return project, nil
+		return p, nil
 	} else {
-		p := NewKluctlProjectContext(args, tmpDir, j2)
-		err := p.load(ctx, true)
+		err := p.loadKluctlProject(ctx)
 		if err != nil {
 			return nil, err
 		}
@@ -189,116 +39,3 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		return p, nil
 	}
 }
-
-func loadKluctlProjectFromArchive(args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*KluctlProjectContext, error) {
-	var dir string
-	if utils.IsFile(args.FromArchive) {
-		err := utils.ExtractTarGzFile(args.FromArchive, tmpDir)
-		if err != nil {
-			return nil, fmt.Errorf("failed to extract archive %v: %w", args.FromArchive, err)
-		}
-		dir = tmpDir
-	} else {
-		dir = args.FromArchive
-	}
-
-	var metdataPath string
-	if args.FromArchiveMetadata != "" {
-		metdataPath = args.FromArchiveMetadata
-	} else {
-		metdataPath = yaml.FixPathExt(filepath.Join(dir, "metadata.yml"))
-	}
-
-	var metadata types2.ProjectMetadata
-	err := yaml.ReadYamlFile(metdataPath, &metadata)
-	if err != nil {
-		return nil, err
-	}
-
-	p := NewKluctlProjectContext(LoadKluctlProjectArgs{
-		ProjectConfig:      yaml.FixPathExt(filepath.Join(dir, ".kluctl.yml")),
-		LocalClusters:      filepath.Join(dir, "clusters"),
-		LocalDeployment:    filepath.Join(dir, "deployment"),
-		LocalSealedSecrets: filepath.Join(dir, "sealed-secrets"),
-	}, dir, j2)
-	p.involvedRepos = metadata.InvolvedRepos
-	p.DynamicTargets = metadata.Targets
-	return p, nil
-}
-
-func (c *KluctlProjectContext) GetMetadata() *types2.ProjectMetadata {
-	md := &types2.ProjectMetadata{
-		InvolvedRepos: c.involvedRepos,
-		Targets:       c.DynamicTargets,
-	}
-	return md
-}
-
-func (c *KluctlProjectContext) CreateTGZArchive(archivePath string, embedMetadata bool) error {
-	f, err := os.Create(archivePath)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	gz := gzip.NewWriter(f)
-	defer gz.Close()
-	tw := tar.NewWriter(gz)
-	defer tw.Close()
-
-	filter := func(h *tar.Header, size int64) (*tar.Header, error) {
-		if strings.HasSuffix(strings.ToLower(h.Name), ".git") {
-			return nil, nil
-		}
-		h.Uid = 0
-		h.Gid = 0
-		h.Uname = ""
-		h.Gname = ""
-		h.ModTime = time.Time{}
-		h.ChangeTime = time.Time{}
-		h.AccessTime = time.Time{}
-		return h, nil
-	}
-
-	if embedMetadata {
-		md := c.GetMetadata()
-		mdStr, err := yaml.WriteYamlBytes(md)
-		if err != nil {
-			return err
-		}
-
-		err = tw.WriteHeader(&tar.Header{
-			Name: "metadata.yaml",
-			Size: int64(len(mdStr)),
-			Mode: 0o666 | tar.TypeReg,
-		})
-		if err != nil {
-			return err
-		}
-		_, err = tw.Write(mdStr)
-		if err != nil {
-			return err
-		}
-	}
-
-	if err = utils.AddToTar(tw, c.getConfigPath(c.ProjectDir), yaml.FixNameExt(c.ProjectDir, ".kluctl.yml"), filter); err != nil {
-		return err
-	}
-	if err = utils.AddToTar(tw, c.ProjectDir, "kluctl-project", filter); err != nil {
-		return err
-	}
-	if err = utils.AddToTar(tw, c.DeploymentDir, "deployment", filter); err != nil {
-		return err
-	}
-	if utils.Exists(c.ClustersDir) {
-		if err = utils.AddToTar(tw, c.ClustersDir, "clusters", filter); err != nil {
-			return err
-		}
-	}
-	if utils.Exists(c.SealedSecretsDir) {
-		if err = utils.AddToTar(tw, c.SealedSecretsDir, "sealed-secrets", filter); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0357f5d34..06d555e00 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -3,62 +3,42 @@ package kluctl_project
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
-	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"regexp"
-	"time"
 )
 
-type LoadKluctlProjectArgs struct {
-	RepoRoot            string
-	ProjectDir          string
-	ProjectUrl          *git_url.GitUrl
-	ProjectRef          string
-	ProjectConfig       string
-	LocalClusters       string
-	LocalDeployment     string
-	LocalSealedSecrets  string
-	FromArchive         string
-	FromArchiveMetadata string
-
-	GitAuthProviders *auth2.GitAuthProviders
-
-	GitUpdateInterval time.Duration
-}
-
-type KluctlProjectContext struct {
+type LoadedKluctlProject struct {
 	loadArgs LoadKluctlProjectArgs
 
-	TmpDir string
-	Config types.KluctlProject
+	TmpDir     string
+	archiveDir string
+
+	projectRootDir string
+	ProjectDir     string
 
-	ProjectDir       string
 	DeploymentDir    string
 	ClustersDir      string
-	SealedSecretsDir string
-
-	involvedRepos  map[string][]types.InvolvedRepo
-	DynamicTargets []*types.DynamicTarget
+	sealedSecretsDir string
 
+	involvedRepos map[string][]types2.InvolvedRepo
 	mirroredRepos map[string]*git.MirroredGitRepo
 
+	Config         types2.KluctlProject
+	DynamicTargets []*types2.DynamicTarget
+
 	J2 *jinja2.Jinja2
 }
 
-func NewKluctlProjectContext(loadArgs LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) *KluctlProjectContext {
-	o := &KluctlProjectContext{
-		loadArgs:      loadArgs,
-		TmpDir:        tmpDir,
-		involvedRepos: make(map[string][]types.InvolvedRepo),
-		mirroredRepos: make(map[string]*git.MirroredGitRepo),
-		J2:            j2,
+func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
+	md := &types2.ProjectMetadata{
+		InvolvedRepos: c.involvedRepos,
+		Targets:       c.DynamicTargets,
 	}
-	return o
+	return md
 }
 
-func (c *KluctlProjectContext) FindBaseTarget(name string) (*types.Target, error) {
+func (c *LoadedKluctlProject) FindBaseTarget(name string) (*types2.Target, error) {
 	for _, target := range c.Config.Targets {
 		if target.Name == name {
 			return target, nil
@@ -67,7 +47,7 @@ func (c *KluctlProjectContext) FindBaseTarget(name string) (*types.Target, error
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
 
-func (c *KluctlProjectContext) FindDynamicTarget(name string) (*types.DynamicTarget, error) {
+func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTarget, error) {
 	for _, target := range c.DynamicTargets {
 		if target.Target.Name == name {
 			return target, nil
@@ -76,12 +56,12 @@ func (c *KluctlProjectContext) FindDynamicTarget(name string) (*types.DynamicTar
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
 
-func (c *KluctlProjectContext) LoadClusterConfig(clusterName string) (*types.ClusterConfig, error) {
-	return types.LoadClusterConfig(c.ClustersDir, clusterName)
+func (c *LoadedKluctlProject) LoadClusterConfig(clusterName string) (*types2.ClusterConfig, error) {
+	return types2.LoadClusterConfig(c.ClustersDir, clusterName)
 }
 
-func (c *KluctlProjectContext) CheckDynamicArg(target *types.Target, argName string, argValue string) error {
-	var dynArg *types.DynamicArg
+func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue string) error {
+	var dynArg *types2.DynamicArg
 	for _, x := range target.DynamicArgs {
 		if x.Name == argName {
 			dynArg = &x
diff --git a/pkg/kluctl_project/project_archive.go b/pkg/kluctl_project/project_archive.go
new file mode 100644
index 000000000..864e6a9c2
--- /dev/null
+++ b/pkg/kluctl_project/project_archive.go
@@ -0,0 +1,129 @@
+package kluctl_project
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"context"
+	"fmt"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func (c *LoadedKluctlProject) loadFromArchive(ctx context.Context) error {
+	var dir string
+	if utils.IsFile(c.loadArgs.FromArchive) {
+		dir = filepath.Join(c.TmpDir, "archive")
+		err := utils.ExtractTarGzFile(c.loadArgs.FromArchive, dir)
+		if err != nil {
+			return fmt.Errorf("failed to extract archive %v: %w", c.loadArgs.FromArchive, err)
+		}
+	} else {
+		dir = c.loadArgs.FromArchive
+	}
+
+	var pmdPath string
+	if c.loadArgs.FromArchiveMetadata != "" {
+		pmdPath = c.loadArgs.FromArchiveMetadata
+	} else {
+		pmdPath = yaml.FixPathExt(filepath.Join(dir, "project-metadata.yml"))
+	}
+
+	var pmd types2.ProjectMetadata
+	err := yaml.ReadYamlFile(pmdPath, &pmd)
+	if err != nil {
+		return err
+	}
+
+	var amd types2.ArchiveMetadata
+	err = yaml.ReadYamlFile(yaml.FixPathExt(filepath.Join(dir, "archive-metadata.yml")), &amd)
+	if err != nil {
+		return err
+	}
+
+	c.loadArgs.RepoRoot = filepath.Join(dir, amd.ProjectRootDir)
+	c.loadArgs.ProjectDir = filepath.Join(dir, amd.ProjectRootDir, amd.ProjectSubDir)
+
+	err = utils.CheckInDir(dir, c.loadArgs.RepoRoot)
+	if err != nil {
+		return err
+	}
+	err = utils.CheckInDir(dir, c.loadArgs.ProjectDir)
+	if err != nil {
+		return err
+	}
+
+	c.archiveDir = dir
+	c.involvedRepos = pmd.InvolvedRepos
+	c.DynamicTargets = pmd.Targets
+
+	err = c.loadKluctlProject(ctx)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *LoadedKluctlProject) WriteArchive(archivePath string, embedProjectMetadata bool) error {
+	f, err := os.Create(archivePath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	gz := gzip.NewWriter(f)
+	defer gz.Close()
+	tw := tar.NewWriter(gz)
+	defer tw.Close()
+
+	filter := func(h *tar.Header, size int64) (*tar.Header, error) {
+		if strings.HasSuffix(strings.ToLower(h.Name), ".git") {
+			return nil, nil
+		}
+		h.Uid = 0
+		h.Gid = 0
+		h.Uname = ""
+		h.Gname = ""
+		h.ModTime = time.Time{}
+		h.ChangeTime = time.Time{}
+		h.AccessTime = time.Time{}
+		return h, nil
+	}
+
+	if embedProjectMetadata {
+		err = yaml.WriteYamlToTar(tw, c.GetMetadata(), "project-metadata.yaml")
+		if err != nil {
+			return nil
+		}
+	}
+
+	amd := types2.ArchiveMetadata{
+		ProjectRootDir: "kluctl-project",
+	}
+
+	amd.ProjectSubDir, err = filepath.Rel(c.projectRootDir, c.ProjectDir)
+	if err != nil {
+		return err
+	}
+
+	err = yaml.WriteYamlToTar(tw, &amd, "archive-metadata.yaml")
+	if err != nil {
+		return nil
+	}
+
+	if err = utils.AddToTar(tw, c.projectRootDir, "kluctl-project", filter); err != nil {
+		return err
+	}
+	gitReposBaseDir := filepath.Join(c.TmpDir, "git")
+	if utils.Exists(gitReposBaseDir) {
+		err = utils.AddToTar(tw, gitReposBaseDir, "git", filter)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
new file mode 100644
index 000000000..75f24ac15
--- /dev/null
+++ b/pkg/kluctl_project/project_load.go
@@ -0,0 +1,259 @@
+package kluctl_project
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	log "github.com/sirupsen/logrus"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+type LoadKluctlProjectArgs struct {
+	RepoRoot            string
+	ProjectDir          string
+	ProjectUrl          *git_url.GitUrl
+	ProjectRef          string
+	ProjectConfig       string
+	LocalClusters       string
+	LocalDeployment     string
+	LocalSealedSecrets  string
+	FromArchive         string
+	FromArchiveMetadata string
+
+	AllowGitClone    bool
+	GitAuthProviders *auth2.GitAuthProviders
+
+	GitUpdateInterval time.Duration
+}
+
+type gitProjectInfo struct {
+	url      git_url.GitUrl
+	ref      string
+	commit   string
+	repoRoot string
+	dir      string
+}
+
+func (c *LoadedKluctlProject) getConfigPath() string {
+	configPath := c.loadArgs.ProjectConfig
+	if configPath == "" {
+		p := yaml.FixPathExt(filepath.Join(c.ProjectDir, ".kluctl.yml"))
+		if utils.IsFile(p) {
+			configPath = p
+		}
+	}
+	return configPath
+}
+
+func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
+	return gitProjectInfo{
+		dir: dir,
+	}
+}
+
+func (c *LoadedKluctlProject) loadGitProject(ctx context.Context, gitProject *types2.GitProject, defaultSubDir string, doLock bool, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
+	cloneDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
+	if err != nil {
+		return
+	}
+
+	if c.archiveDir != "" {
+		var md types2.GitRepoMetadata
+		err = yaml.ReadYamlFile(filepath.Join(cloneDir, ".git-metadata.yaml"), &md)
+		if err != nil {
+			return
+		}
+		ret.url = gitProject.Url
+		ret.ref = gitProject.Ref
+		ret.commit = md.Commit
+		ret.repoRoot = cloneDir
+	} else {
+		if !c.loadArgs.AllowGitClone {
+			err = fmt.Errorf("tried to load an external project from git, which is not allowed")
+			return
+		}
+
+		var ri git.GitRepoInfo
+		ri, err = c.cloneGitProject(ctx, gitProject, cloneDir, doLock)
+		if err != nil {
+			return
+		}
+
+		var md types2.GitRepoMetadata
+		md.Ref = ri.CheckedOutRef
+		md.Commit = ri.CheckedOutCommit
+		err = yaml.WriteYamlFile(filepath.Join(cloneDir, ".git-metadata.yaml"), &md)
+		if err != nil {
+			return gitProjectInfo{}, err
+		}
+
+		ret.url = gitProject.Url
+		ret.ref = ri.CheckedOutRef
+		ret.commit = ri.CheckedOutCommit
+		ret.repoRoot = cloneDir
+
+		if doAddInvolvedRepo {
+			c.addInvolvedRepo(ret.url, ret.ref, map[string]string{
+				ret.ref: ret.commit,
+			})
+		}
+	}
+
+	subDir := gitProject.SubDir
+	if subDir == "" {
+		subDir = defaultSubDir
+	}
+	ret.dir = filepath.Join(ret.repoRoot, subDir)
+	err = utils.CheckInDir(ret.repoRoot, ret.dir)
+	if err != nil {
+		return
+	}
+
+	return
+}
+
+func (c *LoadedKluctlProject) loadExternalProject(ctx context.Context, ep *types2.ExternalProject, defaultGitSubDir string, localDir string) (gitProjectInfo, error) {
+	if localDir != "" {
+		return c.localProject(localDir), nil
+	}
+
+	if ep == nil {
+		// no ExternalProject provided, so we point into the kluctl project + defaultGitSubDir
+		p := filepath.Join(c.ProjectDir, defaultGitSubDir)
+		return c.localProject(p), nil
+	}
+
+	if ep.Project != nil {
+		// pointing to an actual external project, so let's try to clone it
+		return c.loadGitProject(ctx, ep.Project, defaultGitSubDir, true, true)
+	}
+
+	// ExternalProject was provided but without an external repo url, so point into the kluctl project.
+	// We also allow to leave the kluctl project dir but limit it to the git project
+
+	p := filepath.Join(c.ProjectDir, *ep.Path)
+	err := utils.CheckInDir(c.projectRootDir, p)
+	if err != nil {
+		return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", p, c.projectRootDir, err)
+	}
+	return c.localProject(p), nil
+}
+
+func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
+	var err error
+
+	if c.loadArgs.ProjectUrl == nil {
+		c.projectRootDir = c.loadArgs.RepoRoot
+		c.ProjectDir = c.loadArgs.ProjectDir
+		err = utils.CheckInDir(c.projectRootDir, c.ProjectDir)
+		if err != nil {
+			return err
+		}
+	} else {
+		gi, err := c.loadGitProject(ctx, &types2.GitProject{
+			Url: *c.loadArgs.ProjectUrl,
+			Ref: c.loadArgs.ProjectRef,
+		}, "", true, true)
+		if err != nil {
+			return err
+		}
+		c.projectRootDir = gi.repoRoot
+		c.ProjectDir = gi.dir
+	}
+
+	configPath := c.getConfigPath()
+
+	if configPath != "" {
+		err = yaml.ReadYamlFile(configPath, &c.Config)
+		if err != nil {
+			return err
+		}
+	}
+
+	if c.loadArgs.AllowGitClone {
+		err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o755)
+		if err != nil {
+			return err
+		}
+
+		err = c.updateGitCaches(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	deploymentInfo, err := c.loadExternalProject(ctx, c.Config.Deployment, "", c.loadArgs.LocalDeployment)
+	if err != nil {
+		return err
+	}
+	sealedSecretsInfo, err := c.loadExternalProject(ctx, c.Config.SealedSecrets, ".sealed-secrets", c.loadArgs.LocalSealedSecrets)
+	if err != nil {
+		return err
+	}
+	var clustersInfos []gitProjectInfo
+	if c.loadArgs.LocalClusters != "" {
+		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
+	} else if len(c.Config.Clusters.Projects) != 0 {
+		for _, ep := range c.Config.Clusters.Projects {
+			info, err := c.loadExternalProject(ctx, &ep, "clusters", "")
+			if err != nil {
+				return err
+			}
+			clustersInfos = append(clustersInfos, info)
+		}
+	} else {
+		ci, err := c.loadExternalProject(ctx, nil, "clusters", "")
+		if err != nil {
+			return err
+		}
+		clustersInfos = append(clustersInfos, ci)
+	}
+
+	mergedClustersDir := filepath.Join(c.TmpDir, "merged-clusters")
+	err = c.mergeClustersDirs(mergedClustersDir, clustersInfos)
+	if err != nil {
+		return err
+	}
+
+	c.DeploymentDir = deploymentInfo.dir
+	c.ClustersDir = mergedClustersDir
+	c.sealedSecretsDir = sealedSecretsInfo.dir
+
+	return nil
+}
+
+func (c *LoadedKluctlProject) mergeClustersDirs(mergedClustersDir string, clustersInfos []gitProjectInfo) error {
+	err := os.MkdirAll(mergedClustersDir, 0o700)
+	if err != nil {
+		return err
+	}
+
+	for _, ci := range clustersInfos {
+		if !utils.IsDirectory(ci.dir) {
+			log.Warningf("Cluster dir '%s' does not exist", ci.dir)
+			continue
+		}
+		files, err := ioutil.ReadDir(ci.dir)
+		if err != nil {
+			return err
+		}
+		for _, fi := range files {
+			p := filepath.Join(ci.dir, fi.Name())
+			if utils.IsFile(p) {
+				err = utils.CopyFile(p, filepath.Join(mergedClustersDir, fi.Name()))
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 745b55131..e2038eb75 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -13,7 +13,7 @@ import (
 )
 
 type TargetContext struct {
-	KluctlProject        *KluctlProjectContext
+	KluctlProject        *LoadedKluctlProject
 	Target               *types.Target
 	ClusterConfig        *types.ClusterConfig
 	K                    *k8s.K8sCluster
@@ -21,7 +21,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *KluctlProjectContext) NewTargetContext(clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -106,7 +106,7 @@ func (p *KluctlProjectContext) NewTargetContext(clientConfigGetter func(context
 	}
 	varsCtx.UpdateChild("target", targetVars)
 
-	d, err := deployment.NewDeploymentProject(k, varsCtx, deploymentDir, p.SealedSecretsDir, nil)
+	d, err := deployment.NewDeploymentProject(k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/load_targets.go b/pkg/kluctl_project/targets.go
similarity index 90%
rename from pkg/kluctl_project/load_targets.go
rename to pkg/kluctl_project/targets.go
index 1d48ed529..426560204 100644
--- a/pkg/kluctl_project/load_targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -27,7 +27,7 @@ type dynamicTargetInfo struct {
 	defaultBranch string
 }
 
-func (c *KluctlProjectContext) loadTargets(ctx context.Context) error {
+func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 	targetNames := make(map[string]bool)
 	c.DynamicTargets = nil
 
@@ -77,7 +77,7 @@ func (c *KluctlProjectContext) loadTargets(ctx context.Context) error {
 	return nil
 }
 
-func (c *KluctlProjectContext) renderTarget(target *types.Target) (*types.Target, error) {
+func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target, error) {
 	// Try rendering the target multiple times, until all values can be rendered successfully. This allows the target
 	// to reference itself in complex ways. We'll also try loading the cluster vars in each iteration.
 
@@ -111,7 +111,7 @@ func (c *KluctlProjectContext) renderTarget(target *types.Target) (*types.Target
 	return curTarget, nil
 }
 
-func (c *KluctlProjectContext) prepareDynamicTargets(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
+func (c *LoadedKluctlProject) prepareDynamicTargets(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
 	if baseTarget.TargetConfig != nil && baseTarget.TargetConfig.Project != nil {
 		return c.prepareDynamicTargetsExternal(baseTarget)
 	} else {
@@ -119,7 +119,7 @@ func (c *KluctlProjectContext) prepareDynamicTargets(baseTarget *types.Target) (
 	}
 }
 
-func (c *KluctlProjectContext) prepareDynamicTargetsSimple(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
+func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
 	if baseTarget.TargetConfig != nil {
 		if baseTarget.TargetConfig.Ref != nil || baseTarget.TargetConfig.RefPattern != nil {
 			return nil, fmt.Errorf("'ref' and/or 'refPattern' are not allowed for non-external dynamic targets")
@@ -134,7 +134,7 @@ func (c *KluctlProjectContext) prepareDynamicTargetsSimple(baseTarget *types.Tar
 	return dynamicTargets, nil
 }
 
-func (c *KluctlProjectContext) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
+func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
 	mr, ok := c.mirroredRepos[baseTarget.TargetConfig.Project.Url.NormalizedRepoKey()]
 	if !ok {
 		return nil, fmt.Errorf("repo not found in mirroredRepos, this is unexpected and probably a bug")
@@ -196,7 +196,7 @@ func (c *KluctlProjectContext) prepareDynamicTargetsExternal(baseTarget *types.T
 	return dynamicTargets, nil
 }
 
-func (c *KluctlProjectContext) matchRef(s string, pattern string) (bool, string, error) {
+func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string, error) {
 	if strings.HasPrefix(pattern, "refs/") {
 		p, err := regexp.Compile(fmt.Sprintf("^%s$", pattern))
 		if err != nil {
@@ -221,7 +221,7 @@ func (c *KluctlProjectContext) matchRef(s string, pattern string) (bool, string,
 	}
 }
 
-func (c *KluctlProjectContext) cloneDynamicTargets(ctx context.Context, dynamicTargets []*dynamicTargetInfo) error {
+func (c *LoadedKluctlProject) cloneDynamicTargets(ctx context.Context, dynamicTargets []*dynamicTargetInfo) error {
 	wp := utils.NewDebuggerAwareWorkerPool(8)
 	defer wp.StopWait(false)
 
@@ -252,7 +252,7 @@ func (c *KluctlProjectContext) cloneDynamicTargets(ctx context.Context, dynamicT
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
 
-			gi, err := c.cloneGitProject(ctx, &gitProject, "", false, false)
+			gi, err := c.loadGitProject(ctx, &gitProject, "", false, false)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {
@@ -305,7 +305,7 @@ func (c *KluctlProjectContext) cloneDynamicTargets(ctx context.Context, dynamicT
 	return nil
 }
 
-func (c *KluctlProjectContext) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
+func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
 	var target types.Target
 	err := utils.DeepCopy(&target, targetInfo.baseTarget)
 	if err != nil {
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index ef0e37fe9..fb863224c 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -18,13 +18,13 @@ type usernamePassword struct {
 }
 
 type SecretsLoader struct {
-	project    *kluctl_project.KluctlProjectContext
+	project    *kluctl_project.LoadedKluctlProject
 	secretsDir string
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewSecretsLoader(p *kluctl_project.KluctlProjectContext, secretsDir string) *SecretsLoader {
+func NewSecretsLoader(p *kluctl_project.LoadedKluctlProject, secretsDir string) *SecretsLoader {
 	return &SecretsLoader{
 		project:          p,
 		secretsDir:       secretsDir,
diff --git a/pkg/types/metadata.go b/pkg/types/metadata.go
index 638f4bca9..0742a92ad 100644
--- a/pkg/types/metadata.go
+++ b/pkg/types/metadata.go
@@ -9,3 +9,13 @@ type ProjectMetadata struct {
 	InvolvedRepos map[string][]InvolvedRepo `yaml:"involvedRepos"`
 	Targets       []*DynamicTarget          `yaml:"targets"`
 }
+
+type GitRepoMetadata struct {
+	Ref    string `yaml:"ref"`
+	Commit string `yaml:"commit"`
+}
+
+type ArchiveMetadata struct {
+	ProjectRootDir string `yaml:"projectRootDir"`
+	ProjectSubDir  string `yaml:"projectSubDir"`
+}
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 1726b4dae..2c24f990a 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -1,6 +1,7 @@
 package yaml
 
 import (
+	"archive/tar"
 	"bytes"
 	"encoding/json"
 	"errors"
@@ -163,6 +164,27 @@ func WriteYamlAllStream(w io.Writer, l []interface{}) error {
 	return nil
 }
 
+func WriteYamlToTar(tw *tar.Writer, o interface{}, name string) error {
+	str, err := WriteYamlBytes(o)
+	if err != nil {
+		return err
+	}
+
+	err = tw.WriteHeader(&tar.Header{
+		Name: name,
+		Size: int64(len(str)),
+		Mode: 0o666 | tar.TypeReg,
+	})
+	if err != nil {
+		return err
+	}
+	_, err = tw.Write(str)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func ConvertYamlToJson(b []byte) ([]byte, error) {
 	var x interface{}
 	err := ReadYamlBytes(b, &x)

From e524b81e4848277e78d5e6c3b0323ec9dc47ae3c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 May 2022 23:35:24 +0200
Subject: [PATCH 0121/2268] fix: Ignore GroupDiscoveryFailedError from
 discovery client

Orphan apirources cause discovery errors that must be ignored. Luckily
the returned list is still complete and valid.
---
 pkg/k8s/k8s_cluster.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 33265da1d..5c901aafa 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -15,6 +15,7 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -168,7 +169,7 @@ func (k *K8sCluster) updateResources(doLock bool) error {
 	}{}
 
 	_, arls, err := k.discovery.ServerGroupsAndResources()
-	if err != nil {
+	if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
 		return err
 	}
 	for _, arl := range arls {
@@ -202,6 +203,9 @@ func (k *K8sCluster) updateResources(doLock bool) error {
 	}
 
 	arls, err = k.discovery.ServerPreferredResources()
+	if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
+		return err
+	}
 	for _, arl := range arls {
 		for _, ar := range arl.APIResources {
 			if strings.Index(ar.Name, "/") != -1 {

From d8b92b9e35b772312ed8e9eb6f8bcefb4e09d79f Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Mon, 9 May 2022 09:46:30 +0200
Subject: [PATCH 0122/2268] feat: add sorted output for list images (#27)

* feat: add sorted output for list images

* refactor: remove empty line

* feat: always sort image-list output but only if we have more than 1 image

* refactor: remove null and len check

No need to check for nil or > 1 as a nil slice is by definition an empty slice.

* refactor: move sort image to SeenImages
---
 pkg/deployment/images.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 517087561..f7ef098e7 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -13,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"sort"
 	"strings"
 	"sync"
 )
@@ -52,6 +53,9 @@ func (images *Images) SeenImages(simple bool) []types.FixedImage {
 			ret = append(ret, fi)
 		}
 	}
+	sort.Slice(ret, func(i, j int) bool {
+		return ret[i].Image < ret[j].Image
+	})
 	return ret
 }
 

From a29832737e9e9e24691f06f91c431dd05872e837 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 7 May 2022 17:18:40 +0200
Subject: [PATCH 0123/2268] refactor: Use dynamic client for fetchCert and
 friends

---
 pkg/seal/fetch_cert.go | 74 ++++++++++++++++++++++--------------------
 1 file changed, 38 insertions(+), 36 deletions(-)

diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 4e5e27d5a..5af09d342 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -1,60 +1,52 @@
 package seal
 
 import (
-	"context"
 	"crypto/rsa"
 	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	v12 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/util/cert"
 )
 
 func fetchCert(k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
-	var certData []byte
-
-	err := k.WithCoreV1(func(client *v1.CoreV1Client) error {
-		s, err := openCertFromController(client, namespace, controllerName)
-		if err != nil {
-			if controllerName == "sealed-secrets-controller" {
-				s2, err2 := openCertFromController(client, namespace, "sealed-secrets")
-				if err2 == nil {
-					log.Warningf("Looks like you have sealed-secrets controller installed with name 'sealed-secrets', which comes from a legacy kluctl version that deployed it with a non-default name. Please consider re-deploying sealed-secrets operator manually.")
-					err = nil
-					s = s2
-				}
+	certData, err := openCertFromController(k, namespace, controllerName)
+	if err != nil {
+		if controllerName == "sealed-secrets-controller" {
+			s2, err2 := openCertFromController(k, namespace, "sealed-secrets")
+			if err2 == nil {
+				log.Warningf("Looks like you have sealed-secrets controller installed with name 'sealed-secrets', which comes from a legacy kluctl version that deployed it with a non-default name. Please consider re-deploying sealed-secrets operator manually.")
+				err = nil
+				certData = s2
 			}
+		}
 
+		if err != nil {
+			log.Warningf("Failed to retrieve public certificate from sealed-secrets-controller, re-trying with bootstrap secret")
+			certData, err = openCertFromBootstrap(k, namespace)
 			if err != nil {
-				log.Warningf("Failed to retrieve public certificate from sealed-secrets-controller, re-trying with bootstrap secret")
-				s, err = openCertFromBootstrap(client, namespace)
-				if err != nil {
-					return fmt.Errorf("failed to retrieve sealed secrets public key: %w", err)
-				}
+				return nil, fmt.Errorf("failed to retrieve sealed secrets public key: %w", err)
 			}
 		}
-		certData = s
-		return nil
-	})
-	if err != nil {
-		return nil, err
 	}
 
-	cert, err := parseKey(certData)
-	return cert, err
+	return parseKey(certData)
 }
 
-func openCertFromBootstrap(c *v1.CoreV1Client, namespace string) ([]byte, error) {
-	cm, err := c.ConfigMaps(namespace).Get(context.Background(), configMapName, metav1.GetOptions{})
+func openCertFromBootstrap(k *k8s.K8sCluster, namespace string) ([]byte, error) {
+	ref := k8s2.NewObjectRef("", "v1", "ConfigMap", configMapName, namespace)
+	cm, _, err := k.GetSingleObject(ref)
 	if err != nil {
 		return nil, err
 	}
 
-	v, ok := cm.Data[v12.TLSCertKey]
+	v, ok, err := cm.GetNestedString("data", v12.TLSCertKey)
+	if err != nil {
+		return nil, err
+	}
 	if !ok {
 		return nil, fmt.Errorf("%s key not found in ConfigMap %s", v12.TLSCertKey, configMapName)
 	}
@@ -62,12 +54,12 @@ func openCertFromBootstrap(c *v1.CoreV1Client, namespace string) ([]byte, error)
 	return []byte(v), nil
 }
 
-func openCertFromController(c v1.CoreV1Interface, namespace, name string) ([]byte, error) {
-	portName, err := getServicePortName(c, namespace, name)
+func openCertFromController(k *k8s.K8sCluster, namespace, name string) ([]byte, error) {
+	portName, err := getServicePortName(k, namespace, name)
 	if err != nil {
 		return nil, err
 	}
-	r, err := c.Services(namespace).ProxyGet("http", name, portName, "/v1/cert.pem", nil).Stream(context.Background())
+	r, err := k.ProxyGet("http", namespace, name, portName, "/v1/cert.pem", nil)
 	if err != nil {
 		return nil, fmt.Errorf("cannot fetch certificate: %v", err)
 	}
@@ -81,12 +73,22 @@ func openCertFromController(c v1.CoreV1Interface, namespace, name string) ([]byt
 	return cert, nil
 }
 
-func getServicePortName(client v1.CoreV1Interface, namespace, serviceName string) (string, error) {
-	service, err := client.Services(namespace).Get(context.Background(), serviceName, metav1.GetOptions{})
+func getServicePortName(k *k8s.K8sCluster, namespace, serviceName string) (string, error) {
+	ref := k8s2.NewObjectRef("", "v1", "Service", serviceName, namespace)
+	service, _, err := k.GetSingleObject(ref)
 	if err != nil {
 		return "", fmt.Errorf("cannot get sealed secret service: %v", err)
 	}
-	return service.Spec.Ports[0].Name, nil
+
+	n, ok, err := service.GetNestedString("spec", "ports", 0, "name")
+	if err != nil {
+		return "", err
+	}
+	if !ok {
+		return "", fmt.Errorf("spec.ports[0].name not in service object %s", serviceName)
+	}
+
+	return n, nil
 }
 
 func parseKey(data []byte) (*rsa.PublicKey, error) {

From e6435625df446edd53151f29ed3a38ebe16da267 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 7 May 2022 17:20:37 +0200
Subject: [PATCH 0124/2268] fix: Properly pass around and use context

---
 cmd/kluctl/args/project.go                    |   2 +-
 cmd/kluctl/commands/cmd_archive.go            |   3 +-
 .../commands/cmd_check_image_updates.go       |  18 +--
 cmd/kluctl/commands/cmd_deploy.go             |   2 +-
 cmd/kluctl/commands/cmd_diff.go               |   2 +-
 cmd/kluctl/commands/cmd_downscale.go          |   2 +-
 cmd/kluctl/commands/cmd_list_targets.go       |   3 +-
 cmd/kluctl/commands/cmd_poke_images.go        |   2 +-
 cmd/kluctl/commands/cmd_seal.go               |   9 +-
 cmd/kluctl/commands/cmd_validate.go           |   2 +-
 cmd/kluctl/commands/completion.go             |  19 +--
 cmd/kluctl/commands/utils.go                  |  26 ++--
 pkg/deployment/commands/deploy.go             |   7 +-
 pkg/deployment/commands/diff.go               |   5 +-
 pkg/deployment/commands/downscale.go          |   5 +-
 pkg/deployment/commands/poke_images.go        |   5 +-
 pkg/deployment/commands/validate.go           |   5 +-
 pkg/deployment/deployment_collection.go       |   5 +-
 pkg/deployment/utils/apply_utils.go           |   5 +-
 pkg/git/mirrored_repo.go                      |  35 +++--
 pkg/k8s/k8s_cluster.go                        | 141 +++++++++++-------
 pkg/kluctl_project/git.go                     |  25 ++--
 pkg/kluctl_project/load.go                    |   7 +-
 pkg/kluctl_project/project.go                 |   3 +
 pkg/kluctl_project/project_archive.go         |   5 +-
 pkg/kluctl_project/project_load.go            |  23 ++-
 pkg/kluctl_project/target_context.go          |  11 +-
 pkg/kluctl_project/targets.go                 |  11 +-
 pkg/registries/registries.go                  |  10 +-
 29 files changed, 229 insertions(+), 169 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 81ea403fa..120e1fabd 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -15,7 +15,7 @@ type ProjectFlags struct {
 	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
-	LoadTimeout            time.Duration `group:"project" help:"Specify timeout for project loading. This will especially limit the time spent in git operations." default:"1m"`
+	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"5m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
 }
 
diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index 250571c51..a6a2f349d 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 )
@@ -16,7 +17,7 @@ func (cmd *archiveCmd) Help() string {
 }
 
 func (cmd *archiveCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return p.WriteArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 6fd22dfd7..c8956e026 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
-	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	log "github.com/sirupsen/logrus"
@@ -24,20 +23,19 @@ func (cmd *checkImageUpdatesCmd) Help() string {
 }
 
 func (cmd *checkImageUpdatesCmd) Run() error {
-	var renderedImages map[k8s.ObjectRef][]string
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,
 	}
-	err := withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		renderedImages = ctx.targetCtx.DeploymentCollection.FindRenderedImages()
-		return nil
+	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
+		return runCheckImageUpdates(ctx)
 	})
-	if err != nil {
-		return err
-	}
+}
+
+func runCheckImageUpdates(ctx *commandCtx) error {
+	renderedImages := ctx.targetCtx.DeploymentCollection.FindRenderedImages()
 
-	rh := registries.NewRegistryHelper()
+	rh := registries.NewRegistryHelper(ctx.ctx)
 
 	wg := utils.NewWorkerPoolWithErrors(8)
 	defer wg.StopWait(false)
@@ -67,7 +65,7 @@ func (cmd *checkImageUpdatesCmd) Run() error {
 			}
 		}
 	}
-	err = wg.StopWait(false)
+	err := wg.StopWait(false)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index e234d8b49..c99d69319 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -62,7 +62,7 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 		cb = nil
 	}
 
-	result, err := cmd2.Run(ctx.targetCtx.K, cb)
+	result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K, cb)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 0f7f70b63..7b2efec67 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -43,7 +43,7 @@ func (cmd *diffCmd) Run() error {
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run(ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index 7df0a744b..78523c4b9 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -44,7 +44,7 @@ func (cmd *downscaleCmd) Run() error {
 
 		cmd2 := commands.NewDownscaleCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index c54241e94..64921e6f7 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -16,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index a65f2e079..88c2ab7ff 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -44,7 +44,7 @@ func (cmd *pokeImagesCmd) Run() error {
 
 		cmd2 := commands.NewPokeImagesCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index bdabda126..5df4a45f1 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -61,7 +62,7 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 	return nil
 }
 
-func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.LoadedKluctlProject, targetName string, secretsLoader *seal.SecretsLoader) error {
+func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string, secretsLoader *seal.SecretsLoader) error {
 	log.Infof("Sealing for target %s", targetName)
 
 	ptArgs := projectTargetCommandArgs{
@@ -72,7 +73,7 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.LoadedKluctlProject, t
 	ptArgs.targetFlags.Target = targetName
 
 	// pass forSeal=True so that .sealme files are rendered as well
-	return withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
+	return withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
 		err := loadSecrets(ctx, ctx.targetCtx.Target, secretsLoader)
 		if err != nil {
 			return err
@@ -119,7 +120,7 @@ func (cmd *sealCmd) runCmdSealForTarget(p *kluctl_project.LoadedKluctlProject, t
 }
 
 func (cmd *sealCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		secretsLoader := seal.NewSecretsLoader(p, cmd.SecretsDir)
@@ -155,7 +156,7 @@ func (cmd *sealCmd) Run() error {
 				sealTarget = baseTarget
 			}
 
-			err := cmd.runCmdSealForTarget(p, sealTarget.Name, secretsLoader)
+			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name, secretsLoader)
 			if err != nil {
 				log.Warningf("Sealing for target %s failed: %v", sealTarget.Name, err)
 				hadError = true
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 4a9bf23e4..6f59906e2 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -39,7 +39,7 @@ func (cmd *validateCmd) Run() error {
 		startTime := time.Now()
 		cmd2 := commands.NewValidateCommand(ctx.targetCtx.DeploymentCollection)
 		for true {
-			result, err := cmd2.Run(ctx.targetCtx.K)
+			result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 			if err != nil {
 				return err
 			}
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index a316051bb..99cfdd5b1 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -47,18 +48,18 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	return nil
 }
 
-func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
+func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(*projectArgs, false, func(p *kluctl_project.LoadedKluctlProject) error {
-		return cb(p)
+	return withKluctlProjectFromArgs(*projectArgs, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		return cb(ctx, p)
 	})
 }
 
 func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			dents, err := os.ReadDir(p.ClustersDir)
 			if err != nil {
 				return err
@@ -86,7 +87,7 @@ func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.
 func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(projectArgs, func(p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			for _, t := range p.DynamicTargets {
 				ret = append(ret, t.Target.Name)
 			}
@@ -132,7 +133,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 		var deploymentItemDirs utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -148,7 +149,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 				ptArgs.targetFlags.Target = t
 				wg.Add(1)
 				go func() {
-					_ = withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
+					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
 						mutex.Lock()
 						defer mutex.Unlock()
 						for _, di := range ctx.targetCtx.DeploymentCollection.Deployments {
@@ -186,7 +187,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 		var images utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(&ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -202,7 +203,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 				ptArgs.targetFlags.Target = t
 				wg.Add(1)
 				go func() {
-					_ = withProjectTargetCommandContext(ptArgs, p, func(ctx *commandCtx) error {
+					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
 						err := ctx.targetCtx.DeploymentCollection.Prepare(nil)
 						if err != nil {
 							log.Error(err)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index e1adddebb..a599aad54 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -18,10 +18,9 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"os"
-	"time"
 )
 
-func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	var url *git_url.GitUrl
 	if projectFlags.ProjectUrl != "" {
 		var err error
@@ -71,9 +70,10 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
 	}
 
-	loadCtx, cancel := context.WithDeadline(context.Background(), time.Now().Add(projectFlags.LoadTimeout))
+	ctx := context.Background()
+	ctx, cancel := context.WithTimeout(ctx, projectFlags.Timeout)
 	defer cancel()
-	p, err := kluctl_project.LoadKluctlProject(loadCtx, loadArgs, tmpDir, j2)
+	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
 	if err != nil {
 		return err
 	}
@@ -88,7 +88,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 			return err
 		}
 	}
-	return cb(p)
+	return cb(ctx, p)
 }
 
 type projectTargetCommandArgs struct {
@@ -105,18 +105,19 @@ type projectTargetCommandArgs struct {
 }
 
 type commandCtx struct {
+	ctx       context.Context
 	targetCtx *kluctl_project.TargetContext
 	images    *deployment.Images
 }
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(args.projectFlags, true, func(p *kluctl_project.LoadedKluctlProject) error {
-		return withProjectTargetCommandContext(args, p, cb)
+	return withKluctlProjectFromArgs(args.projectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
 
-func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(ctx *commandCtx) error) error {
-	rh := registries.NewRegistryHelper()
+func withProjectTargetCommandContext(ctx context.Context, args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(ctx *commandCtx) error) error {
+	rh := registries.NewRegistryHelper(ctx)
 	err := rh.ParseAuthEntriesFromEnv()
 	if err != nil {
 		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
@@ -162,7 +163,7 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 		return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
 	}
 
-	ctx, err := p.NewTargetContext(clientConfigGetter, args.targetFlags.Target, args.projectFlags.Cluster,
+	targetCtx, err := p.NewTargetContext(ctx, clientConfigGetter, args.targetFlags.Target, args.projectFlags.Cluster,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
 		optionArgs, args.forSeal, images, inclusion,
 		renderOutputDir)
@@ -171,14 +172,15 @@ func withProjectTargetCommandContext(args projectTargetCommandArgs, p *kluctl_pr
 	}
 
 	if !args.forSeal && !args.forCompletion {
-		err = ctx.DeploymentCollection.Prepare(ctx.K)
+		err = targetCtx.DeploymentCollection.Prepare(targetCtx.K)
 		if err != nil {
 			return err
 		}
 	}
 
 	cmdCtx := &commandCtx{
-		targetCtx: ctx,
+		ctx:       ctx,
+		targetCtx: targetCtx,
 		images:    images,
 	}
 
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index ed762c0e1..d61461d70 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -25,7 +26,7 @@ func NewDeployCommand(c *deployment.DeploymentCollection) *DeployCommand {
 	}
 }
 
-func (cmd *DeployCommand) Run(k *k8s.K8sCluster, diffResultCb func(diffResult *types.CommandResult) error) (*types.CommandResult, error) {
+func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *types.CommandResult) error) (*types.CommandResult, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(dew)
@@ -46,7 +47,7 @@ func (cmd *DeployCommand) Run(k *k8s.K8sCluster, diffResultCb func(diffResult *t
 	}
 
 	if diffResultCb != nil {
-		au := utils2.NewApplyDeploymentsUtil(dew, cmd.c.Deployments, ru, k, o)
+		au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
 		au.ApplyDeployments()
 
 		du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
@@ -75,7 +76,7 @@ func (cmd *DeployCommand) Run(k *k8s.K8sCluster, diffResultCb func(diffResult *t
 	o.DryRun = k.DryRun
 	o.AbortOnError = cmd.AbortOnError
 
-	au := utils2.NewApplyDeploymentsUtil(dew, cmd.c.Deployments, ru, k, o)
+	au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
 	au.ApplyDeployments()
 
 	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index c7e35a3d5..5dafbe374 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -24,7 +25,7 @@ func NewDiffCommand(c *deployment.DeploymentCollection) *DiffCommand {
 	}
 }
 
-func (cmd *DiffCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error) {
+func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
 	ru := utils.NewRemoteObjectsUtil(dew)
@@ -41,7 +42,7 @@ func (cmd *DiffCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error) {
 		AbortOnError:        false,
 		WaitObjectTimeout:   0,
 	}
-	au := utils.NewApplyDeploymentsUtil(dew, cmd.c.Deployments, ru, k, o)
+	au := utils.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
 	au.ApplyDeployments()
 
 	du := utils.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index f12d86d6b..3f0ee568d 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -20,7 +21,7 @@ func NewDownscaleCommand(c *deployment.DeploymentCollection) *DownscaleCommand {
 	}
 }
 
-func (cmd *DownscaleCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error) {
+func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
 	var wg sync.WaitGroup
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
@@ -31,7 +32,7 @@ func (cmd *DownscaleCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error
 		return nil, err
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
+	ad := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
 
 	appliedObjects := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index d325da3b2..9c8a50ad6 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
@@ -21,7 +22,7 @@ func NewPokeImagesCommand(c *deployment.DeploymentCollection) *PokeImagesCommand
 	}
 }
 
-func (cmd *PokeImagesCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, error) {
+func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
 	var wg sync.WaitGroup
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
@@ -67,7 +68,7 @@ func (cmd *PokeImagesCommand) Run(k *k8s.K8sCluster) (*types.CommandResult, erro
 		return o, nil
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
+	ad := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
 
 	for ref, containers := range containersAndImages {
 		ref := ref
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 5fa33f251..8e35d5e54 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -24,7 +25,7 @@ func NewValidateCommand(c *deployment.DeploymentCollection) *ValidateCommand {
 	return cmd
 }
 
-func (cmd *ValidateCommand) Run(k *k8s.K8sCluster) (*types.ValidateResult, error) {
+func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.ValidateResult, error) {
 	var result types.ValidateResult
 
 	cmd.dew.Init()
@@ -34,7 +35,7 @@ func (cmd *ValidateCommand) Run(k *k8s.K8sCluster) (*types.ValidateResult, error
 		return nil, err
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(cmd.dew, cmd.c.Deployments, cmd.ru, k, &utils2.ApplyUtilOptions{})
+	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.c.Deployments, cmd.ru, k, &utils2.ApplyUtilOptions{})
 	for _, d := range cmd.c.Deployments {
 		if !d.CheckInclusionForDeploy() {
 			continue
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 2d9333612..80ea9ac7e 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -14,6 +14,8 @@ import (
 )
 
 type DeploymentCollection struct {
+	ctx context.Context
+
 	Project   *DeploymentProject
 	Images    *Images
 	Inclusion *utils.Inclusion
@@ -24,8 +26,9 @@ type DeploymentCollection struct {
 	mutex       sync.Mutex
 }
 
-func NewDeploymentCollection(project *DeploymentProject, images *Images, inclusion *utils.Inclusion, renderDir string, forSeal bool) (*DeploymentCollection, error) {
+func NewDeploymentCollection(ctx context.Context, project *DeploymentProject, images *Images, inclusion *utils.Inclusion, renderDir string, forSeal bool) (*DeploymentCollection, error) {
 	dc := &DeploymentCollection{
+		ctx:       ctx,
 		Project:   project,
 		Images:    images,
 		Inclusion: inclusion,
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 3f69a8416..ce8c0b31e 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -55,6 +55,8 @@ type ApplyUtil struct {
 }
 
 type ApplyDeploymentsUtil struct {
+	ctx context.Context
+
 	dew         *DeploymentErrorsAndWarnings
 	deployments []*deployment.DeploymentItem
 	ru          *RemoteObjectUtils
@@ -67,8 +69,9 @@ type ApplyDeploymentsUtil struct {
 	results []*ApplyUtil
 }
 
-func NewApplyDeploymentsUtil(dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, k *k8s.K8sCluster, o *ApplyUtilOptions) *ApplyDeploymentsUtil {
+func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, k *k8s.K8sCluster, o *ApplyUtilOptions) *ApplyDeploymentsUtil {
 	ret := &ApplyDeploymentsUtil{
+		ctx:         ctx,
 		dew:         dew,
 		deployments: deployments,
 		ru:          ru,
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index fc8d40fdc..8940c6047 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -21,6 +21,8 @@ import "github.com/gofrs/flock"
 var cacheBaseDir = filepath.Join(utils.GetTmpBaseDir(), "git-cache")
 
 type MirroredGitRepo struct {
+	ctx context.Context
+
 	url       git_url.GitUrl
 	mirrorDir string
 
@@ -28,9 +30,10 @@ type MirroredGitRepo struct {
 	fileLock   *flock.Flock
 }
 
-func NewMirroredGitRepo(u git_url.GitUrl) (*MirroredGitRepo, error) {
+func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl) (*MirroredGitRepo, error) {
 	mirrorRepoName := buildMirrorRepoName(u)
 	o := &MirroredGitRepo{
+		ctx:       ctx,
 		url:       u,
 		mirrorDir: filepath.Join(cacheBaseDir, mirrorRepoName),
 	}
@@ -53,8 +56,8 @@ func (g *MirroredGitRepo) SetUpdated(u bool) {
 	g.hasUpdated = u
 }
 
-func (g *MirroredGitRepo) Lock(ctx context.Context) error {
-	ok, err := g.fileLock.TryLockContext(ctx, time.Millisecond*100)
+func (g *MirroredGitRepo) Lock() error {
+	ok, err := g.fileLock.TryLockContext(g.ctx, time.Millisecond*100)
 	if err != nil {
 		return fmt.Errorf("locking of %s failed: %w", g.fileLock.Path(), err)
 	}
@@ -73,8 +76,8 @@ func (g *MirroredGitRepo) Unlock() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) WithLock(ctx context.Context, cb func() error) error {
-	err := g.Lock(ctx)
+func (g *MirroredGitRepo) WithLock(cb func() error) error {
+	err := g.Lock()
 	if err != nil {
 		return err
 	}
@@ -82,9 +85,9 @@ func (g *MirroredGitRepo) WithLock(ctx context.Context, cb func() error) error {
 	return cb()
 }
 
-func (g *MirroredGitRepo) MaybeWithLock(ctx context.Context, lock bool, cb func() error) error {
+func (g *MirroredGitRepo) MaybeWithLock(lock bool, cb func() error) error {
 	if lock {
-		return g.WithLock(ctx, cb)
+		return g.WithLock(cb)
 	}
 	return cb()
 }
@@ -167,7 +170,7 @@ func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthProviders) error {
 	log.Infof("Updating mirror repo: url='%v'", g.url.String())
 	r, err := git.PlainOpen(repoDir)
 	if err != nil {
@@ -181,7 +184,7 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 		return err
 	}
 
-	remoteRefs, err := remote.ListContext(ctx, &git.ListOptions{
+	remoteRefs, err := remote.ListContext(g.ctx, &git.ListOptions{
 		Auth:     auth.AuthMethod,
 		CABundle: auth.CABundle,
 	})
@@ -224,7 +227,7 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 	}
 
 	if changed {
-		err = remote.FetchContext(ctx, &git.FetchOptions{
+		err = remote.FetchContext(g.ctx, &git.FetchOptions{
 			Auth:     auth.AuthMethod,
 			CABundle: auth.CABundle,
 			Progress: os.Stdout,
@@ -260,10 +263,10 @@ func (g *MirroredGitRepo) update(ctx context.Context, repoDir string, authProvid
 	return nil
 }
 
-func (g *MirroredGitRepo) cloneOrUpdate(ctx context.Context, authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	if utils.IsFile(initMarker) {
-		return g.update(ctx, g.mirrorDir, authProviders)
+		return g.update(g.mirrorDir, authProviders)
 	}
 	err := g.cleanupMirrorDir()
 	if err != nil {
@@ -295,7 +298,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(ctx context.Context, authProviders *auth
 		return err
 	}
 
-	err = g.update(ctx, tmpMirrorDir, authProviders)
+	err = g.update(tmpMirrorDir, authProviders)
 	if err != nil {
 		return err
 	}
@@ -317,8 +320,8 @@ func (g *MirroredGitRepo) cloneOrUpdate(ctx context.Context, authProviders *auth
 	return nil
 }
 
-func (g *MirroredGitRepo) Update(ctx context.Context, authProviders *auth2.GitAuthProviders) error {
-	err := g.cloneOrUpdate(ctx, authProviders)
+func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
+	err := g.cloneOrUpdate(authProviders)
 	if err != nil {
 		return err
 	}
@@ -326,7 +329,7 @@ func (g *MirroredGitRepo) Update(ctx context.Context, authProviders *auth2.GitAu
 	return nil
 }
 
-func (g *MirroredGitRepo) CloneProject(ctx context.Context, ref string, targetDir string) error {
+func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
 	if !g.fileLock.Locked() || !g.hasUpdated {
 		log.Fatalf("tried to clone from a project that is not locked/updated")
 	}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 5c901aafa..ea633652a 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
+	"io"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -37,6 +38,8 @@ var (
 )
 
 type K8sCluster struct {
+	ctx context.Context
+
 	DryRun bool
 
 	restConfig *rest.Config
@@ -77,8 +80,9 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 	})
 }
 
-func NewK8sCluster(configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
+func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 	k := &K8sCluster{
+		ctx:    ctx,
 		DryRun: dryRun,
 	}
 
@@ -168,10 +172,34 @@ func (k *K8sCluster) updateResources(doLock bool) error {
 		err error
 	}{}
 
-	_, arls, err := k.discovery.ServerGroupsAndResources()
-	if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
-		return err
+	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
+	var arls []*v1.APIResourceList
+	var preferredArls []*v1.APIResourceList
+	finished := make(chan error)
+	go func() {
+		var err error
+		_, arls, err = k.discovery.ServerGroupsAndResources()
+		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
+			finished <- err
+			return
+		}
+		preferredArls, err = k.discovery.ServerPreferredResources()
+		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
+			finished <- err
+			return
+		}
+		finished <- nil
+	}()
+
+	select {
+	case err := <-finished:
+		if err != nil {
+			return err
+		}
+	case <-k.ctx.Done():
+		return fmt.Errorf("failed listing api resources: %w", k.ctx.Err())
 	}
+
 	for _, arl := range arls {
 		for _, ar := range arl.APIResources {
 			if strings.Index(ar.Name, "/") != -1 {
@@ -202,11 +230,7 @@ func (k *K8sCluster) updateResources(doLock bool) error {
 		}
 	}
 
-	arls, err = k.discovery.ServerPreferredResources()
-	if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
-		return err
-	}
-	for _, arl := range arls {
+	for _, arl := range preferredArls {
 		for _, ar := range arl.APIResources {
 			if strings.Index(ar.Name, "/") != -1 {
 				// skip subresources
@@ -420,50 +444,46 @@ func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.Unstructu
 	return nil, fmt.Errorf("schema for %s not found", gvk.String())
 }
 
-func (k *K8sCluster) WithCoreV1(cb func(client *corev1.CoreV1Client) error) error {
-	p := <-k.clientPool
-	defer func() { k.clientPool <- p }()
-	return cb(p.corev1)
+func (k *K8sCluster) withClientFromPool(cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
+	select {
+	case p := <-k.clientPool:
+		defer func() { k.clientPool <- p }()
+		p.warnings = nil
+		err := cb(p)
+		return append([]ApiWarning(nil), p.warnings...), err
+	case <-k.ctx.Done():
+		return nil, fmt.Errorf("failed waiting for free client: %w", k.ctx.Err())
+	}
 }
 
 func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
-	gvr, namespaced, err := k.getGVRForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-
-	p := <-k.clientPool
-	defer func() { k.clientPool <- p }()
-
-	p.warnings = nil
+	return k.withClientFromPool(func(p *parallelClientEntry) error {
+		gvr, namespaced, err := k.getGVRForGVK(gvk)
+		if err != nil {
+			return err
+		}
 
-	if namespaced && namespace != "" {
-		err = cb(p.dynamicClient.Resource(*gvr).Namespace(namespace))
-		return append([]ApiWarning(nil), p.warnings...), err
-	} else {
-		err = cb(p.dynamicClient.Resource(*gvr))
-		return append([]ApiWarning(nil), p.warnings...), err
-	}
+		if namespaced && namespace != "" {
+			return cb(p.dynamicClient.Resource(*gvr).Namespace(namespace))
+		} else {
+			return cb(p.dynamicClient.Resource(*gvr))
+		}
+	})
 }
 
 func (k *K8sCluster) withMetadataClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
-	gvr, namespaced, err := k.getGVRForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-
-	p := <-k.clientPool
-	defer func() { k.clientPool <- p }()
-
-	p.warnings = nil
+	return k.withClientFromPool(func(p *parallelClientEntry) error {
+		gvr, namespaced, err := k.getGVRForGVK(gvk)
+		if err != nil {
+			return err
+		}
 
-	if namespaced && namespace != "" {
-		err = cb(p.metadataClient.Resource(*gvr).Namespace(namespace))
-		return append([]ApiWarning(nil), p.warnings...), err
-	} else {
-		err = cb(p.metadataClient.Resource(*gvr))
-		return append([]ApiWarning(nil), p.warnings...), err
-	}
+		if namespaced && namespace != "" {
+			return cb(p.metadataClient.Resource(*gvr).Namespace(namespace))
+		} else {
+			return cb(p.metadataClient.Resource(*gvr))
+		}
+	})
 }
 
 func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
@@ -485,7 +505,7 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 		o := v1.ListOptions{
 			LabelSelector: k.buildLabelSelector(labels),
 		}
-		x, err := r.List(context.Background(), o)
+		x, err := r.List(k.ctx, o)
 		if err != nil {
 			return err
 		}
@@ -504,7 +524,7 @@ func (k *K8sCluster) ListObjectsMetadata(gvk schema.GroupVersionKind, namespace
 		o := v1.ListOptions{
 			LabelSelector: k.buildLabelSelector(labels),
 		}
-		x, err := r.List(context.Background(), o)
+		x, err := r.List(k.ctx, o)
 		if err != nil {
 			return err
 		}
@@ -585,7 +605,7 @@ func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject,
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		o := v1.GetOptions{}
-		x, err := r.Get(context.Background(), ref.Name, o)
+		x, err := r.Get(k.ctx, ref.Name, o)
 		if err != nil {
 			return err
 		}
@@ -648,7 +668,7 @@ func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions
 	}
 
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
-		err := r.Delete(context.Background(), ref.Name, o)
+		err := r.Delete(k.ctx, ref.Name, o)
 		if err != nil {
 			if options.IgnoreNotFoundError && errors.IsNotFound(err) {
 				return nil
@@ -681,7 +701,12 @@ func (k *K8sCluster) waitForDeletedObject(ref k8s.ObjectRef) error {
 			return err
 		}
 
-		time.Sleep(time.Millisecond * 100)
+		select {
+		case <-time.After(500 * time.Millisecond):
+			continue
+		case <-k.ctx.Done():
+			return fmt.Errorf("failed waiting for deletion of %s: %w", ref.String(), k.ctx.Err())
+		}
 	}
 	return nil
 }
@@ -800,7 +825,7 @@ func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions)
 	log2.Debugf("patching")
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
-		x, err := r.Patch(context.Background(), ref.Name, types.ApplyPatchType, data, po)
+		x, err := r.Patch(k.ctx, ref.Name, types.ApplyPatchType, data, po)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
 		}
@@ -829,7 +854,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	log2.Debugf("updating")
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
-		x, err := r.Update(context.Background(), o.ToUnstructured(), updateOpts)
+		x, err := r.Update(k.ctx, o.ToUnstructured(), updateOpts)
 		if err != nil {
 			return err
 		}
@@ -838,3 +863,15 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	})
 	return result, apiWarnings, err
 }
+
+func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
+	var ret rest.ResponseWrapper
+	_, err := k.withClientFromPool(func(p *parallelClientEntry) error {
+		ret = p.corev1.Services(namespace).ProxyGet(scheme, name, port, path, params)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return ret.Stream(k.ctx)
+}
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index ee8ba490c..1be037384 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -1,7 +1,6 @@
 package kluctl_project
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -16,7 +15,7 @@ import (
 	"time"
 )
 
-func (c *LoadedKluctlProject) updateGitCache(ctx context.Context, mr *git.MirroredGitRepo) error {
+func (c *LoadedKluctlProject) updateGitCache(mr *git.MirroredGitRepo) error {
 	if mr.HasUpdated() {
 		return nil
 	}
@@ -24,10 +23,10 @@ func (c *LoadedKluctlProject) updateGitCache(ctx context.Context, mr *git.Mirror
 		mr.SetUpdated(true)
 		return nil
 	}
-	return mr.Update(ctx, c.loadArgs.GitAuthProviders)
+	return mr.Update(c.loadArgs.GitAuthProviders)
 }
 
-func (c *LoadedKluctlProject) updateGitCaches(ctx context.Context) error {
+func (c *LoadedKluctlProject) updateGitCaches() error {
 	var waitGroup sync.WaitGroup
 	var firstError error
 	var firstErrorLock sync.Mutex
@@ -41,8 +40,8 @@ func (c *LoadedKluctlProject) updateGitCaches(ctx context.Context) error {
 	}
 
 	doUpdateRepo := func(repo *git.MirroredGitRepo) error {
-		return repo.WithLock(ctx, func() error {
-			return c.updateGitCache(ctx, repo)
+		return repo.WithLock(func() error {
+			return c.updateGitCache(repo)
 		})
 	}
 	doUpdateGitProject := func(u git_url.GitUrl) error {
@@ -50,7 +49,7 @@ func (c *LoadedKluctlProject) updateGitCaches(ctx context.Context) error {
 		if ok {
 			return nil
 		}
-		mr, err := git.NewMirroredGitRepo(u)
+		mr, err := git.NewMirroredGitRepo(c.ctx, u)
 		if err != nil {
 			return err
 		}
@@ -108,7 +107,7 @@ func (c *LoadedKluctlProject) updateGitCaches(ctx context.Context) error {
 	return firstError
 }
 
-func (c *LoadedKluctlProject) cloneGitProject(ctx context.Context, gitProject *types2.GitProject, targetDir string, doLock bool) (info git.GitRepoInfo, err error) {
+func (c *LoadedKluctlProject) cloneGitProject(gitProject *types2.GitProject, targetDir string, doLock bool) (info git.GitRepoInfo, err error) {
 	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
 	if err != nil {
 		return
@@ -116,24 +115,24 @@ func (c *LoadedKluctlProject) cloneGitProject(ctx context.Context, gitProject *t
 
 	mr, ok := c.mirroredRepos[gitProject.Url.NormalizedRepoKey()]
 	if !ok {
-		mr, err = git.NewMirroredGitRepo(gitProject.Url)
+		mr, err = git.NewMirroredGitRepo(c.ctx, gitProject.Url)
 		if err != nil {
 			return
 		}
 		c.mirroredRepos[gitProject.Url.NormalizedRepoKey()] = mr
-		err = mr.Lock(ctx)
+		err = mr.Lock()
 		if err != nil {
 			return
 		}
 		defer mr.Unlock()
 	}
 
-	err = mr.MaybeWithLock(ctx, doLock, func() error {
-		err := c.updateGitCache(ctx, mr)
+	err = mr.MaybeWithLock(doLock, func() error {
+		err := c.updateGitCache(mr)
 		if err != nil {
 			return err
 		}
-		return mr.CloneProject(ctx, gitProject.Ref, targetDir)
+		return mr.CloneProject(gitProject.Ref, targetDir)
 	})
 	if err != nil {
 		return
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 56a1da171..398a6c958 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -10,6 +10,7 @@ import (
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
 	p := &LoadedKluctlProject{
+		ctx:      ctx,
 		loadArgs: args,
 		TmpDir:   tmpDir,
 		J2:       j2,
@@ -22,17 +23,17 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		if args.ProjectUrl != nil || args.ProjectRef != "" || args.ProjectConfig != "" || args.LocalClusters != "" || args.LocalDeployment != "" || args.LocalSealedSecrets != "" {
 			return nil, fmt.Errorf("--from-archive can not be combined with any other project related option")
 		}
-		err := p.loadFromArchive(ctx)
+		err := p.loadFromArchive()
 		if err != nil {
 			return nil, err
 		}
 		return p, nil
 	} else {
-		err := p.loadKluctlProject(ctx)
+		err := p.loadKluctlProject()
 		if err != nil {
 			return nil, err
 		}
-		err = p.loadTargets(ctx)
+		err = p.loadTargets()
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 06d555e00..3b0d0efff 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -1,6 +1,7 @@
 package kluctl_project
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
@@ -9,6 +10,8 @@ import (
 )
 
 type LoadedKluctlProject struct {
+	ctx context.Context
+
 	loadArgs LoadKluctlProjectArgs
 
 	TmpDir     string
diff --git a/pkg/kluctl_project/project_archive.go b/pkg/kluctl_project/project_archive.go
index 864e6a9c2..d9e94f053 100644
--- a/pkg/kluctl_project/project_archive.go
+++ b/pkg/kluctl_project/project_archive.go
@@ -3,7 +3,6 @@ package kluctl_project
 import (
 	"archive/tar"
 	"compress/gzip"
-	"context"
 	"fmt"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -14,7 +13,7 @@ import (
 	"time"
 )
 
-func (c *LoadedKluctlProject) loadFromArchive(ctx context.Context) error {
+func (c *LoadedKluctlProject) loadFromArchive() error {
 	var dir string
 	if utils.IsFile(c.loadArgs.FromArchive) {
 		dir = filepath.Join(c.TmpDir, "archive")
@@ -61,7 +60,7 @@ func (c *LoadedKluctlProject) loadFromArchive(ctx context.Context) error {
 	c.involvedRepos = pmd.InvolvedRepos
 	c.DynamicTargets = pmd.Targets
 
-	err = c.loadKluctlProject(ctx)
+	err = c.loadKluctlProject()
 	if err != nil {
 		return err
 	}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 75f24ac15..c4d8b9527 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -1,7 +1,6 @@
 package kluctl_project
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
@@ -59,7 +58,7 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 	}
 }
 
-func (c *LoadedKluctlProject) loadGitProject(ctx context.Context, gitProject *types2.GitProject, defaultSubDir string, doLock bool, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
+func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string, doLock bool, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
 	cloneDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
 	if err != nil {
 		return
@@ -82,7 +81,7 @@ func (c *LoadedKluctlProject) loadGitProject(ctx context.Context, gitProject *ty
 		}
 
 		var ri git.GitRepoInfo
-		ri, err = c.cloneGitProject(ctx, gitProject, cloneDir, doLock)
+		ri, err = c.cloneGitProject(gitProject, cloneDir, doLock)
 		if err != nil {
 			return
 		}
@@ -120,7 +119,7 @@ func (c *LoadedKluctlProject) loadGitProject(ctx context.Context, gitProject *ty
 	return
 }
 
-func (c *LoadedKluctlProject) loadExternalProject(ctx context.Context, ep *types2.ExternalProject, defaultGitSubDir string, localDir string) (gitProjectInfo, error) {
+func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, defaultGitSubDir string, localDir string) (gitProjectInfo, error) {
 	if localDir != "" {
 		return c.localProject(localDir), nil
 	}
@@ -133,7 +132,7 @@ func (c *LoadedKluctlProject) loadExternalProject(ctx context.Context, ep *types
 
 	if ep.Project != nil {
 		// pointing to an actual external project, so let's try to clone it
-		return c.loadGitProject(ctx, ep.Project, defaultGitSubDir, true, true)
+		return c.loadGitProject(ep.Project, defaultGitSubDir, true, true)
 	}
 
 	// ExternalProject was provided but without an external repo url, so point into the kluctl project.
@@ -147,7 +146,7 @@ func (c *LoadedKluctlProject) loadExternalProject(ctx context.Context, ep *types
 	return c.localProject(p), nil
 }
 
-func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
+func (c *LoadedKluctlProject) loadKluctlProject() error {
 	var err error
 
 	if c.loadArgs.ProjectUrl == nil {
@@ -158,7 +157,7 @@ func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 			return err
 		}
 	} else {
-		gi, err := c.loadGitProject(ctx, &types2.GitProject{
+		gi, err := c.loadGitProject(&types2.GitProject{
 			Url: *c.loadArgs.ProjectUrl,
 			Ref: c.loadArgs.ProjectRef,
 		}, "", true, true)
@@ -184,17 +183,17 @@ func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 			return err
 		}
 
-		err = c.updateGitCaches(ctx)
+		err = c.updateGitCaches()
 		if err != nil {
 			return err
 		}
 	}
 
-	deploymentInfo, err := c.loadExternalProject(ctx, c.Config.Deployment, "", c.loadArgs.LocalDeployment)
+	deploymentInfo, err := c.loadExternalProject(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
 	if err != nil {
 		return err
 	}
-	sealedSecretsInfo, err := c.loadExternalProject(ctx, c.Config.SealedSecrets, ".sealed-secrets", c.loadArgs.LocalSealedSecrets)
+	sealedSecretsInfo, err := c.loadExternalProject(c.Config.SealedSecrets, ".sealed-secrets", c.loadArgs.LocalSealedSecrets)
 	if err != nil {
 		return err
 	}
@@ -203,14 +202,14 @@ func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
 	} else if len(c.Config.Clusters.Projects) != 0 {
 		for _, ep := range c.Config.Clusters.Projects {
-			info, err := c.loadExternalProject(ctx, &ep, "clusters", "")
+			info, err := c.loadExternalProject(&ep, "clusters", "")
 			if err != nil {
 				return err
 			}
 			clustersInfos = append(clustersInfos, info)
 		}
 	} else {
-		ci, err := c.loadExternalProject(ctx, nil, "clusters", "")
+		ci, err := c.loadExternalProject(nil, "clusters", "")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index e2038eb75..50d8a7f27 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -1,6 +1,7 @@
 package kluctl_project
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
@@ -21,7 +22,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -59,7 +60,7 @@ func (p *LoadedKluctlProject) NewTargetContext(clientConfigGetter func(context s
 
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
-		k, err = k8s.NewK8sCluster(clientConfig, dryRun)
+		k, err = k8s.NewK8sCluster(ctx, clientConfig, dryRun)
 		if err != nil {
 			return nil, err
 		}
@@ -110,12 +111,12 @@ func (p *LoadedKluctlProject) NewTargetContext(clientConfigGetter func(context s
 	if err != nil {
 		return nil, err
 	}
-	c, err := deployment.NewDeploymentCollection(d, images, inclusion, renderOutputDir, forSeal)
+	c, err := deployment.NewDeploymentCollection(ctx, d, images, inclusion, renderOutputDir, forSeal)
 	if err != nil {
 		return nil, err
 	}
 
-	ctx := &TargetContext{
+	targetCtx := &TargetContext{
 		KluctlProject:        p,
 		Target:               target,
 		ClusterConfig:        clusterConfig,
@@ -124,5 +125,5 @@ func (p *LoadedKluctlProject) NewTargetContext(clientConfigGetter func(context s
 		DeploymentCollection: c,
 	}
 
-	return ctx, nil
+	return targetCtx, nil
 }
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 426560204..baaff34d2 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -1,7 +1,6 @@
 package kluctl_project
 
 import (
-	"context"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -27,7 +26,7 @@ type dynamicTargetInfo struct {
 	defaultBranch string
 }
 
-func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
+func (c *LoadedKluctlProject) loadTargets() error {
 	targetNames := make(map[string]bool)
 	c.DynamicTargets = nil
 
@@ -40,7 +39,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 		targetInfos = append(targetInfos, l...)
 	}
 
-	err := c.cloneDynamicTargets(ctx, targetInfos)
+	err := c.cloneDynamicTargets(targetInfos)
 	if err != nil {
 		return err
 	}
@@ -221,13 +220,13 @@ func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string,
 	}
 }
 
-func (c *LoadedKluctlProject) cloneDynamicTargets(ctx context.Context, dynamicTargets []*dynamicTargetInfo) error {
+func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTargetInfo) error {
 	wp := utils.NewDebuggerAwareWorkerPool(8)
 	defer wp.StopWait(false)
 
 	// lock all involved repos first
 	for _, mr := range c.mirroredRepos {
-		err := mr.Lock(ctx)
+		err := mr.Lock()
 		if err != nil {
 			return err
 		}
@@ -252,7 +251,7 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(ctx context.Context, dynamicTa
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
 
-			gi, err := c.loadGitProject(ctx, &gitProject, "", false, false)
+			gi, err := c.loadGitProject(&gitProject, "", false, false)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index da1c32496..93f11f95b 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -40,6 +40,8 @@ type transportKeyType int
 var transportKey transportKeyType
 
 type RegistryHelper struct {
+	ctx context.Context
+
 	authEntries []AuthEntry
 
 	cachedTransports utils.ThreadSafeCache
@@ -60,8 +62,10 @@ type AuthEntry struct {
 	Insecure bool
 }
 
-func NewRegistryHelper() *RegistryHelper {
-	return &RegistryHelper{}
+func NewRegistryHelper(ctx context.Context) *RegistryHelper {
+	return &RegistryHelper{
+		ctx: ctx,
+	}
 }
 
 func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
@@ -79,7 +83,7 @@ func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 	remoteOpts := []remote.Option{
 		remote.WithAuthFromKeychain(rh),
 		remote.WithTransport(rh),
-		remote.WithContext(context.WithValue(context.Background(), transportKey, t)),
+		remote.WithContext(context.WithValue(rh.ctx, transportKey, t)),
 	}
 
 	e := rh.findAuthEntry(repo.RegistryStr())

From 132b0833058848fc58edbeab7c781f6f5adf3778 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 7 May 2022 18:14:20 +0200
Subject: [PATCH 0125/2268] fix: Proper timeout/deadline handling in ApplyUtil

---
 cmd/kluctl/args/misc.go                |  2 +-
 cmd/kluctl/args/project.go             |  2 +-
 cmd/kluctl/commands/cmd_deploy.go      |  2 +-
 pkg/deployment/commands/deploy.go      |  4 +--
 pkg/deployment/commands/diff.go        |  2 +-
 pkg/deployment/commands/downscale.go   |  2 +-
 pkg/deployment/commands/poke_images.go |  2 +-
 pkg/deployment/commands/validate.go    |  2 +-
 pkg/deployment/utils/apply_utils.go    | 47 +++++++++++++++++++-------
 9 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index c4972ca44..86ef05ae5 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -22,7 +22,7 @@ type ReplaceOnErrorFlags struct {
 }
 
 type HookFlags struct {
-	HookTimeout time.Duration `group:"misc" help:"Maximum time to wait for hook readiness. The timeout is meant per-hook. Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a default timeout of 5m is used." default:"5m"`
+	ReadinessTimeout time.Duration `group:"misc" help:"Maximum time to wait for object readiness. The timeout is meant per-object. Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a default timeout of 5m is used." default:"5m"`
 }
 
 type IgnoreFlags struct {
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 120e1fabd..ab9da298f 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -15,7 +15,7 @@ type ProjectFlags struct {
 	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
-	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"5m"`
+	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
 }
 
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index c99d69319..a0db7c000 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -54,7 +54,7 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
 	cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
 	cmd2.AbortOnError = cmd.AbortOnError
-	cmd2.HookTimeout = cmd.HookTimeout
+	cmd2.ReadinessTimeout = cmd.ReadinessTimeout
 	cmd2.NoWait = cmd.NoWait
 
 	cb := cmd.diffResultCb
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index d61461d70..575fb26a0 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -16,7 +16,7 @@ type DeployCommand struct {
 	ReplaceOnError      bool
 	ForceReplaceOnError bool
 	AbortOnError        bool
-	HookTimeout         time.Duration
+	ReadinessTimeout    time.Duration
 	NoWait              bool
 }
 
@@ -42,7 +42,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		ForceReplaceOnError: cmd.ForceReplaceOnError,
 		DryRun:              true,
 		AbortOnError:        false,
-		WaitObjectTimeout:   cmd.HookTimeout,
+		ReadinessTimeout:    cmd.ReadinessTimeout,
 		NoWait:              cmd.NoWait,
 	}
 
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 5dafbe374..0bdd5b9e1 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -40,7 +40,7 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.Comm
 		ForceReplaceOnError: cmd.ForceReplaceOnError,
 		DryRun:              true,
 		AbortOnError:        false,
-		WaitObjectTimeout:   0,
+		ReadinessTimeout:    0,
 	}
 	au := utils.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
 	au.ApplyDeployments()
diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index 3f0ee568d..ce51e6e35 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -40,7 +40,7 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
 		for _, o := range d.Objects {
 			o := o
 			ref := o.GetK8sRef()
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 9c8a50ad6..e2dc24b23 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -76,7 +76,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, ref.String(), 0, true))
+			au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, ref.String(), 0, true))
 			au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 				return doPokeImage(containers, o)
 			})
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 8e35d5e54..11716e66d 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -40,7 +40,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
 		h := utils2.NewHooksUtil(au)
 		for _, o := range d.Objects {
 			hook := h.GetHook(o)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index ce8c0b31e..b14afa455 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -31,11 +31,13 @@ type ApplyUtilOptions struct {
 	ForceReplaceOnError bool
 	DryRun              bool
 	AbortOnError        bool
-	WaitObjectTimeout   time.Duration
+	ReadinessTimeout    time.Duration
 	NoWait              bool
 }
 
 type ApplyUtil struct {
+	ctx context.Context
+
 	dew                *DeploymentErrorsAndWarnings
 	errorCount         int
 	warningCount       int
@@ -83,8 +85,9 @@ func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnin
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) NewApplyUtil(pctx *progressCtx) *ApplyUtil {
+func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, pctx *progressCtx) *ApplyUtil {
 	ret := &ApplyUtil{
+		ctx:                ctx,
 		dew:                ad.dew,
 		appliedObjects:     map[k8s2.ObjectRef]*uo.UnstructuredObject{},
 		appliedHookObjects: map[k8s2.ObjectRef]*uo.UnstructuredObject{},
@@ -132,6 +135,10 @@ func (a *ApplyUtil) HandleError(ref k8s2.ObjectRef, err error) {
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 
+	if errors2.Is(err, context.DeadlineExceeded) || errors2.Is(err, context.Canceled) {
+		a.abortSignal.Store(true)
+	}
+
 	if a.o.AbortOnError && a.abortSignal != nil {
 		a.abortSignal.Store(true)
 	}
@@ -356,8 +363,9 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 	}
 
 	if timeout == 0 {
-		timeout = a.o.WaitObjectTimeout
+		timeout = a.o.ReadinessTimeout
 	}
+	timeoutTimer := time.NewTimer(timeout)
 
 	a.pctx.Debugf("Waiting for %s to get ready", ref.String())
 
@@ -397,13 +405,6 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			return false
 		}
 
-		if timeout > 0 && time.Now().Sub(startTime) >= timeout {
-			err := fmt.Errorf("timed out while waiting for %s", ref.String())
-			a.pctx.Warningf("%s (%ds elapsed)", err.Error(), elapsed)
-			a.HandleError(ref, err)
-			return false
-		}
-
 		a.pctx.SetStatus(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
 
 		if !didLog {
@@ -415,7 +416,20 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			lastLogTime = time.Now()
 		}
 
-		time.Sleep(500 * time.Millisecond)
+		select {
+		case <-time.After(500 * time.Millisecond):
+			continue
+		case <-timeoutTimer.C:
+			err := fmt.Errorf("timed out while waiting for readiness of %s", ref.String())
+			a.pctx.Warningf("%s (%ds elapsed)", err.Error(), elapsed)
+			a.HandleError(ref, err)
+			return false
+		case <-a.ctx.Done():
+			err := fmt.Errorf("failed waiting for readiness of %s: %w", ref.String(), err)
+			a.pctx.Warningf("%s (%ds elapsed)", err.Error(), elapsed)
+			a.HandleError(ref, err)
+			return false
+		}
 	}
 	return false
 }
@@ -505,6 +519,9 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			a.WaitReadiness(o.GetK8sRef(), 0)
 		}
 	}
+	if a.abortSignal.Load().(bool) {
+		return
+	}
 
 	h.RunHooks(postHooks)
 
@@ -579,7 +596,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 		} else {
 			pctx = NewProgressCtx(nil, "", 0, false)
 		}
-		a2 := a.NewApplyUtil(pctx)
+		a2 := a.NewApplyUtil(a.ctx, pctx)
 
 		wg.Add(1)
 		go func() {
@@ -587,6 +604,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 			defer sem.Release(1)
 
 			a2.applyDeploymentItem(d)
+			pctx.Finish()
 		}()
 
 		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
@@ -622,6 +640,11 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.UnstructuredObject, callback func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error)) {
 	firstCall := true
 	for true {
+		if a.ctx.Err() != nil {
+			a.HandleError(ref, fmt.Errorf("failed replacing %s: %w", ref.String(), a.ctx.Err()))
+			return
+		}
+
 		var remote *uo.UnstructuredObject
 		if firstCall && firstVersion != nil {
 			remote = firstVersion

From 5b5d61e709aef30957e44329387db3f6e4e4ac6e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 May 2022 14:19:53 +0200
Subject: [PATCH 0126/2268] fix: Support int flags in buildCobraArg

---
 cmd/kluctl/commands/cobra_utils.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 17ed89eee..77260d052 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -181,6 +181,16 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 			parsedDefault = x
 		}
 		cg.cmd.PersistentFlags().BoolVarP(v2.(*bool), name, shortFlag, parsedDefault, help)
+	case *int:
+		parsedDefault := 0
+		if defaultValue != "" {
+			x, err := strconv.ParseInt(defaultValue, 0, 32)
+			if err != nil {
+				return err
+			}
+			parsedDefault = int(x)
+		}
+		cg.cmd.PersistentFlags().IntVarP(v2.(*int), name, shortFlag, parsedDefault, help)
 	case *time.Duration:
 		var parsedDefault time.Duration
 		if defaultValue != "" {

From 7c367052712dda93fe391aea25ac35bdf9c58375 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 May 2022 14:20:05 +0200
Subject: [PATCH 0127/2268] refactor: Remove unused code

---
 pkg/utils/uo/unstructured.go | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/pkg/utils/uo/unstructured.go b/pkg/utils/uo/unstructured.go
index 118b76df1..f0793e843 100644
--- a/pkg/utils/uo/unstructured.go
+++ b/pkg/utils/uo/unstructured.go
@@ -2,20 +2,8 @@ package uo
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
-func CopyUnstructured(u *unstructured.Unstructured) *unstructured.Unstructured {
-	var ret unstructured.Unstructured
-	err := utils.DeepCopy(&ret.Object, &u.Object)
-	if err != nil {
-		log.Fatal(err)
-	}
-	return &ret
-}
-
 func MergeStrMap(a map[string]string, b map[string]string) {
 	for k, v := range b {
 		a[k] = v

From 11cfc884212210df903a0fd8debb32d3e0de7d75 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 May 2022 14:19:32 +0200
Subject: [PATCH 0128/2268] refactor: Use custom status handling instead of
 logrus for user facing status

---
 .../commands/cmd_check_image_updates.go       |   6 +-
 cmd/kluctl/commands/cmd_delete.go             |   2 +-
 cmd/kluctl/commands/cmd_helm_pull.go          |  12 +-
 cmd/kluctl/commands/cmd_helm_update.go        |  30 +++--
 cmd/kluctl/commands/cmd_prune.go              |   2 +-
 cmd/kluctl/commands/cmd_render.go             |   4 +-
 cmd/kluctl/commands/cmd_seal.go               |  32 +++---
 cmd/kluctl/commands/cmd_validate.go           |   2 +-
 cmd/kluctl/commands/cobra_utils.go            |   3 +-
 cmd/kluctl/commands/completion.go             |  12 +-
 cmd/kluctl/commands/root.go                   |  36 +++---
 cmd/kluctl/commands/utils.go                  |   7 +-
 pkg/deployment/commands/delete.go             |   5 +-
 pkg/deployment/commands/deploy.go             |   2 +-
 pkg/deployment/commands/diff.go               |   2 +-
 pkg/deployment/commands/downscale.go          |   4 +-
 pkg/deployment/commands/poke_images.go        |   4 +-
 pkg/deployment/commands/prune.go              |   5 +-
 pkg/deployment/commands/validate.go           |   6 +-
 pkg/deployment/deployment_collection.go       |  23 +++-
 pkg/deployment/deployment_item.go             |   2 +-
 pkg/deployment/deployment_project.go          |  16 ++-
 pkg/deployment/helm_chart.go                  |  15 +--
 pkg/deployment/utils/apply_utils.go           |  12 +-
 pkg/deployment/utils/progress.go              |  24 ++--
 pkg/deployment/utils/remote_objects_utils.go  |  14 ++-
 pkg/diff/diff.go                              |   3 +-
 pkg/diff/managed_fields.go                    |   3 +-
 pkg/git/auth/auth_provider.go                 |   7 +-
 pkg/git/auth/env_auth_provider.go             |  11 +-
 pkg/git/auth/git_credentials_file.go          |  17 +--
 pkg/git/auth/list_auth_provider.go            |   7 +-
 pkg/git/auth/ssh_auth_provider.go             |  45 ++++----
 pkg/git/mirrored_repo.go                      |  27 ++---
 pkg/jinja2/generate/main.go                   |  11 +-
 pkg/jinja2/source.go                          |   3 +-
 pkg/k8s/k8s_cluster.go                        |  14 +--
 pkg/kluctl_project/project_load.go            |   4 +-
 pkg/kluctl_project/target_context.go          |   2 +-
 pkg/kluctl_project/targets.go                 |   6 +-
 pkg/python/embed.go                           |   7 +-
 pkg/registries/registries.go                  |   8 +-
 pkg/seal/bootstrap.go                         |   7 +-
 pkg/seal/fetch_cert.go                        |   9 +-
 pkg/seal/sealer.go                            |  23 ++--
 pkg/status/status.go                          | 107 ++++++++++++++++++
 pkg/status/status_handler.go                  |  67 +++++++++++
 pkg/utils/env.go                              |   3 +-
 pkg/utils/prompts.go                          |  13 ++-
 pkg/utils/uo/jsonpath.go                      |   3 +-
 pkg/utils/uo/k8s_fields.go                    |  38 +++----
 pkg/utils/uo/object_iterator.go               |   8 +-
 pkg/utils/uo/uo.go                            |   5 +-
 pkg/utils/utils.go                            |   3 +-
 pkg/utils/versions/latest_version.go          |   5 +-
 pkg/utils/versions/latest_version_parse.go    |   3 +-
 56 files changed, 488 insertions(+), 263 deletions(-)
 create mode 100644 pkg/status/status.go
 create mode 100644 pkg/status/status_handler.go

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index c8956e026..1da6883a3 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"regexp"
 	"sort"
@@ -80,7 +80,7 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 		for _, image := range images {
 			s := strings.SplitN(image, ":", 2)
 			if len(s) == 1 {
-				log.Warningf("%s: Ignoring image %s as it doesn't specify a tag", ref.String(), image)
+				status.Warning(ctx.ctx, "%s: Ignoring image %s as it doesn't specify a tag", ref.String(), image)
 				continue
 			}
 			repo := s[0]
@@ -88,7 +88,7 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 			repoTags, _ := imageTags[repo].([]string)
 			err, _ := imageTags[repo].(error)
 			if err != nil {
-				log.Warningf("%s: Failed to list tags for %s. %v", ref.String(), repo, err)
+				status.Warning(ctx.ctx, "%s: Failed to list tags for %s. %v", ref.String(), repo, err)
 				continue
 			}
 
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index ebb02bfea..2cd7607fa 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -55,7 +55,7 @@ func (cmd *deleteCmd) Run() error {
 
 		cmd2.OverrideDeleteByLabels = deleteByLabels
 
-		objects, err := cmd2.Run(ctx.targetCtx.K)
+		objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 38aec11c5..6d5d5b6fe 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -1,8 +1,9 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	log "github.com/sirupsen/logrus"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
 	"path/filepath"
 )
@@ -17,7 +18,7 @@ func (cmd *helmPullCmd) Help() string {
 pulling is only needed when really required (e.g. when the chart version changes).`
 }
 
-func (cmd *helmPullCmd) Run() error {
+func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	rootPath := "."
 	if cmd.LocalDeployment != "" {
 		rootPath = cmd.LocalDeployment
@@ -25,15 +26,18 @@ func (cmd *helmPullCmd) Run() error {
 	err := filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			log.Infof("Pulling for %s", p)
+			s := status.Start(ctx, "Pulling for %s", p)
 			chart, err := deployment.NewHelmChart(p)
 			if err != nil {
+				s.FailedWithMessage(err.Error())
 				return err
 			}
-			err = chart.Pull()
+			err = chart.Pull(ctx)
 			if err != nil {
+				s.FailedWithMessage(err.Error())
 				return err
 			}
+			s.Success()
 		}
 		return nil
 	})
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index f74b41aaa..b9f9d8caf 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -1,11 +1,12 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
-	log "github.com/sirupsen/logrus"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
 	"path/filepath"
 )
@@ -20,7 +21,7 @@ func (cmd *helmUpdateCmd) Help() string {
 	return `Optionally performs the actual upgrade and/or add a commit to version control.`
 }
 
-func (cmd *helmUpdateCmd) Run() error {
+func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	rootPath := "."
 	if cmd.LocalDeployment != "" {
 		rootPath = cmd.LocalDeployment
@@ -37,6 +38,11 @@ func (cmd *helmUpdateCmd) Run() error {
 			if err != nil {
 				return err
 			}
+
+			statusPrefix := filepath.Base(p)
+			s := status.Start(ctx, "%s: Checking for updates", statusPrefix)
+			defer s.Failed()
+
 			newVersion, updated, err := chart.CheckUpdate()
 			if err != nil {
 				return err
@@ -44,11 +50,12 @@ func (cmd *helmUpdateCmd) Run() error {
 			if !updated {
 				return nil
 			}
-			log.Infof("Chart %s has new version %s available. Old version is %s.", p, newVersion, *chart.Config.ChartVersion)
+			s.Update(fmt.Sprintf("Chart has new version %s available. Old version is %s.", newVersion, *chart.Config.ChartVersion))
 
 			if cmd.Upgrade {
 				if chart.Config.SkipUpdate != nil && *chart.Config.SkipUpdate {
-					log.Infof("NOT upgrading chart %s as skipUpdate was set to true", p)
+					s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
+					s.Success()
 					return nil
 				}
 
@@ -75,8 +82,10 @@ func (cmd *helmUpdateCmd) Run() error {
 					return err
 				}
 
-				log.Infof("Pulling for %s", p)
-				err = chart.Pull()
+				s.Update("%s: Pulling new version", statusPrefix)
+				defer s.Failed()
+
+				err = chart.Pull(ctx)
 				if err != nil {
 					return err
 				}
@@ -93,8 +102,10 @@ func (cmd *helmUpdateCmd) Run() error {
 				}
 
 				if cmd.Commit {
-					msg := fmt.Sprintf("Updated helm chart %s from %s to %s", filepath.Dir(p), oldVersion, newVersion)
-					log.Infof("Committing: %s", msg)
+					commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", filepath.Dir(p), oldVersion, newVersion)
+
+					s.Update(fmt.Sprintf("%s: Updating chart from %s to %s", statusPrefix, oldVersion, newVersion))
+
 					r, err := git.PlainOpen(gitRootPath)
 					if err != nil {
 						return err
@@ -117,11 +128,12 @@ func (cmd *helmUpdateCmd) Run() error {
 							return err
 						}
 					}
-					_, err = wt.Commit(msg, &git.CommitOptions{})
+					_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 					if err != nil {
 						return err
 					}
 				}
+				s.Success()
 			}
 		}
 		return nil
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index e24578871..602d3f3a2 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -43,7 +43,7 @@ func (cmd *pruneCmd) Run() error {
 
 func (cmd *pruneCmd) runCmdPrune(ctx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(ctx.targetCtx.DeploymentCollection)
-	objects, err := cmd2.Run(ctx.targetCtx.K)
+	objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 849175838..c22b242af 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -2,8 +2,8 @@ package commands
 
 import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 )
 
@@ -37,7 +37,7 @@ func (cmd *renderCmd) Run() error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		log.Infof("Rendered into %s", ctx.targetCtx.DeploymentCollection.RenderDir)
+		status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.DeploymentCollection.RenderDir)
 		return nil
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 5df4a45f1..b7a4c01f4 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -7,9 +7,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	log "github.com/sirupsen/logrus"
 )
 
 type sealCmd struct {
@@ -63,7 +63,13 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 }
 
 func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string, secretsLoader *seal.SecretsLoader) error {
-	log.Infof("Sealing for target %s", targetName)
+	s := status.Start(ctx, "%s: Sealing for target", targetName)
+	defer s.FailedWithMessage("%s: Sealing failed", targetName)
+
+	doFail := func(err error) error {
+		s.FailedWithMessage(fmt.Sprintf("Sealing failed: %v", err))
+		return err
+	}
 
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
@@ -76,11 +82,11 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	return withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
 		err := loadSecrets(ctx, ctx.targetCtx.Target, secretsLoader)
 		if err != nil {
-			return err
+			return doFail(err)
 		}
 		err = ctx.targetCtx.DeploymentCollection.RenderDeployments(ctx.targetCtx.K)
 		if err != nil {
-			return err
+			return doFail(err)
 		}
 
 		sealedSecretsNamespace := "kube-system"
@@ -94,28 +100,29 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 		if p.Config.SecretsConfig == nil || p.Config.SecretsConfig.SealedSecrets == nil || p.Config.SecretsConfig.SealedSecrets.Bootstrap == nil || *p.Config.SecretsConfig.SealedSecrets.Bootstrap {
-			err = seal.BootstrapSealedSecrets(ctx.targetCtx.K, sealedSecretsNamespace)
+			err = seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.K, sealedSecretsNamespace)
 			if err != nil {
-				return err
+				return doFail(err)
 			}
 		}
 
 		clusterConfig, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster)
 		if err != nil {
-			return err
+			return doFail(err)
 		}
-		sealer, err := seal.NewSealer(ctx.targetCtx.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
+		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
 		if err != nil {
-			return err
+			return doFail(err)
 		}
 
 		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection)
 		err = cmd2.Run(sealer)
 
 		if err != nil {
-			return err
+			return doFail(err)
 		}
-		return err
+		s.Success()
+		return nil
 	})
 }
 
@@ -135,7 +142,7 @@ func (cmd *sealCmd) Run() error {
 				continue
 			}
 			if target.Target.SealingConfig == nil {
-				log.Infof("Target %s has no sealingConfig", target.Target.Name)
+				status.Info(ctx, "Target %s has no sealingConfig", target.Target.Name)
 				continue
 			}
 			noTargetMatch = false
@@ -158,7 +165,6 @@ func (cmd *sealCmd) Run() error {
 
 			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name, secretsLoader)
 			if err != nil {
-				log.Warningf("Sealing for target %s failed: %v", sealTarget.Name, err)
 				hadError = true
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 6f59906e2..308f1abfb 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -37,7 +37,7 @@ func (cmd *validateCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		startTime := time.Now()
-		cmd2 := commands.NewValidateCommand(ctx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewValidateCommand(ctx.ctx, ctx.targetCtx.DeploymentCollection)
 		for true {
 			result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
 			if err != nil {
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 77260d052..c45c33f14 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
@@ -302,7 +301,7 @@ func (c *rootCommand) buildGroupedFlagSets(cg *commandAndGroups) map[string]*pfl
 		x.cmd.PersistentFlags().VisitAll(func(flag *pflag.Flag) {
 			group, ok := x.groups[flag.Name]
 			if !ok {
-				log.Panicf("group for %s not found", flag.Name)
+				panic(fmt.Sprintf("group for %s not found", flag.Name))
 			}
 			fl, ok := flagsByGroups[group]
 			if !ok {
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 99cfdd5b1..1e2b383a4 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"os"
 	"path/filepath"
@@ -77,7 +77,7 @@ func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.
 			return nil
 		})
 		if err != nil {
-			log.Error(err)
+			status.Error(cliCtx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		return ret, cobra.ShellCompDirectiveDefault
@@ -94,7 +94,7 @@ func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.C
 			return nil
 		})
 		if err != nil {
-			log.Error(err)
+			status.Error(cliCtx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		return ret, cobra.ShellCompDirectiveDefault
@@ -165,7 +165,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 			return nil
 		})
 		if err != nil {
-			log.Error(err)
+			status.Error(cliCtx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		if forDirs {
@@ -206,7 +206,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
 						err := ctx.targetCtx.DeploymentCollection.Prepare(nil)
 						if err != nil {
-							log.Error(err)
+							status.Error(cliCtx, err.Error())
 						}
 
 						mutex.Lock()
@@ -233,7 +233,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 			return nil
 		})
 		if err != nil {
-			log.Error(err)
+			status.Error(cliCtx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		return images.ListKeys(), cobra.ShellCompDirectiveNoSpace
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index a4f1c35bc..44e4ef541 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -16,12 +16,14 @@ limitations under the License.
 package commands
 
 import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"net/http"
@@ -34,8 +36,8 @@ import (
 const latestReleaseUrl = "https://api.github.com/repos/kluctl/kluctl/releases/latest"
 
 type cli struct {
-	Verbosity     string `group:"global" short:"v" help:"Log level (debug, info, warn, error, fatal, panic)." default:"info"`
-	NoUpdateCheck bool   `group:"global" help:"Disable update check on startup"`
+	Debug         bool `group:"global" help:"Enable debug logging"`
+	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
 
 	Archive           archiveCmd           `cmd:"" help:"Write project and all related components into single tgz"`
 	CheckImageUpdates checkImageUpdatesCmd `cmd:"" help:"Render deployment and check if any images have new tags available"`
@@ -63,14 +65,12 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 }
-var globalFlagGroup = &flagGroups[len(flagGroups)-1]
 
-func (c *cli) setupLogs() error {
-	lvl, err := log.ParseLevel(c.Verbosity)
-	if err != nil {
-		return err
-	}
-	log.SetLevel(lvl)
+var cliCtx = context.Background()
+
+func (c *cli) setupStatusHandler() error {
+	sh := status.NewMultiLineStatusHandler(os.Stderr, c.Debug)
+	cliCtx = status.NewContext(cliCtx, sh)
 	return nil
 }
 
@@ -98,7 +98,8 @@ func (c *cli) checkNewVersion() {
 	versionCheckState.LastVersionCheck = time.Now()
 	_ = yaml.WriteYamlFile(versionCheckPath, &versionCheckState)
 
-	log.Debugf("Checking for new kluctl version")
+	s := status.Start(cliCtx, "Checking for new kluctl version")
+	defer s.Failed()
 
 	r, err := http.Get(latestReleaseUrl)
 	if err != nil {
@@ -122,12 +123,15 @@ func (c *cli) checkNewVersion() {
 	latestVersion := versions.LooseVersion(latestVersionStr)
 	localVersion := versions.LooseVersion(version.GetVersion())
 	if localVersion.Less(latestVersion, true) {
-		log.Warningf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion, latestVersion)
+		s.Update(fmt.Sprintf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion, latestVersion))
+	} else {
+		s.Update("Your kluctl version is up-to-date")
 	}
+	s.Success()
 }
 
 func (c *cli) preRun() error {
-	if err := c.setupLogs(); err != nil {
+	if err := c.setupStatusHandler(); err != nil {
 		return err
 	}
 	c.checkNewVersion()
@@ -141,7 +145,7 @@ func initViper() {
 	viper.AddConfigPath("$HOME/.kluctl")
 	if err := viper.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
-			log.Error(err)
+			status.Error(cliCtx, err.Error())
 			os.Exit(1)
 		}
 	}
@@ -160,7 +164,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		flagGroups)
 
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 
 	rootCmd.Version = version.GetVersion()
@@ -178,7 +182,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	err = rootCmd.Execute()
 	if err != nil {
-		log.Errorf("%v", err)
+		status.Error(cliCtx, err.Error())
 		os.Exit(1)
 	}
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a599aad54..f0ee358a7 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -11,9 +11,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -51,7 +51,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 
 	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
 	if err != nil && projectFlags.FromArchive == "" {
-		log.Warning("Failed to detect git project root. This might cause follow-up errors")
+		status.Warning(cliCtx, "", "Failed to detect git project root. This might cause follow-up errors")
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
@@ -70,8 +70,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
 	}
 
-	ctx := context.Background()
-	ctx, cancel := context.WithTimeout(ctx, projectFlags.Timeout)
+	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
 	defer cancel()
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
 	if err != nil {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 872e8a7ad..d794d355e 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -18,10 +19,10 @@ func NewDeleteCommand(c *deployment.DeploymentCollection) *DeleteCommand {
 	}
 }
 
-func (cmd *DeleteCommand) Run(k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
+func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(dew)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 
 	var labels map[string]string
 	if len(cmd.OverrideDeleteByLabels) != 0 {
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 575fb26a0..0fd1823ca 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -29,7 +29,7 @@ func NewDeployCommand(c *deployment.DeploymentCollection) *DeployCommand {
 func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *types.CommandResult) error) (*types.CommandResult, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(dew)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
 	if err != nil {
 		return nil, err
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 0bdd5b9e1..dd811a84a 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -28,7 +28,7 @@ func NewDiffCommand(c *deployment.DeploymentCollection) *DiffCommand {
 func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
-	ru := utils.NewRemoteObjectsUtil(dew)
+	ru := utils.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
 	if err != nil {
 		return nil, err
diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index ce51e6e35..60cadd857 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -26,7 +26,7 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(dew)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
 	if err != nil {
 		return nil, err
@@ -40,7 +40,7 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, d.RelToProjectItemDir, 0, true))
 		for _, o := range d.Objects {
 			o := o
 			ref := o.GetK8sRef()
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index e2dc24b23..c794e8a8a 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -27,7 +27,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(dew)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
 	if err != nil {
 		return nil, err
@@ -76,7 +76,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, ref.String(), 0, true))
+			au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, ref.String(), 0, true))
 			au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 				return doPokeImage(containers, o)
 			})
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 873dc3a11..bc2336e74 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -17,10 +18,10 @@ func NewPruneCommand(c *deployment.DeploymentCollection) *PruneCommand {
 	}
 }
 
-func (cmd *PruneCommand) Run(k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
+func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(dew)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), nil)
 	if err != nil {
 		return nil, err
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 11716e66d..fbe9102ec 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -16,12 +16,12 @@ type ValidateCommand struct {
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(c *deployment.DeploymentCollection) *ValidateCommand {
+func NewValidateCommand(ctx context.Context, c *deployment.DeploymentCollection) *ValidateCommand {
 	cmd := &ValidateCommand{
 		c:   c,
 		dew: utils2.NewDeploymentErrorsAndWarnings(),
 	}
-	cmd.ru = utils2.NewRemoteObjectsUtil(cmd.dew)
+	cmd.ru = utils2.NewRemoteObjectsUtil(ctx, cmd.dew)
 	return cmd
 }
 
@@ -40,7 +40,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, d.RelToProjectItemDir, 0, true))
 		h := utils2.NewHooksUtil(au)
 		for _, o := range d.Objects {
 			hook := h.GetHook(o)
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 80ea9ac7e..9c26fa86e 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/semaphore"
 	"path/filepath"
 	"sync"
@@ -52,7 +52,7 @@ func (c *DeploymentCollection) createBarrierDummy(project *DeploymentProject) *D
 	}
 	di, err := NewDeploymentItem(project, c, tmpDiConfig, nil, 0)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return di
 }
@@ -67,7 +67,7 @@ func findDeploymentItemIndex(project *DeploymentProject, pth *string, indexes ma
 	absDir, err := filepath.Abs(dir)
 	if err != nil {
 		// we pre-checked directories, so this should not happen
-		log.Fatal(err)
+		panic(err)
 	}
 
 	if _, ok := indexes[absDir]; !ok {
@@ -86,7 +86,7 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 		if diConfig.Include != nil {
 			includedProject, ok := project.includes[i]
 			if !ok {
-				log.Fatalf("Did not find find index %d in project.includes", i)
+				panic(fmt.Sprintf("Did not find find index %d in project.includes", i))
 			}
 			ret2, err := c.collectDeployments(includedProject, indexes)
 			if err != nil {
@@ -110,7 +110,8 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 }
 
 func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
-	log.Infof("Rendering templates and Helm charts")
+	s := status.Start(c.ctx, "Rendering templates")
+	defer s.Failed()
 
 	wp := utils.NewDebuggerAwareWorkerPool(16)
 	defer wp.StopWait(false)
@@ -125,6 +126,10 @@ func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
 	if err != nil {
 		return err
 	}
+	s.Success()
+
+	s = status.Start(c.ctx, "Rendering Helm Charts")
+	defer s.Failed()
 
 	for _, d := range c.Deployments {
 		err := d.renderHelmCharts(k, wp)
@@ -137,6 +142,7 @@ func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
 		return err
 	}
 
+	s.Success()
 	return nil
 }
 
@@ -155,7 +161,8 @@ func (c *DeploymentCollection) resolveSealedSecrets() error {
 }
 
 func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
-	log.Infof("Building kustomize objects")
+	s := status.Start(c.ctx, "Building kustomize objects")
+	defer s.Failed()
 
 	var wg sync.WaitGroup
 	var errs []error
@@ -193,6 +200,10 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 	}
 	wg.Wait()
 
+	if len(errs) == 0 {
+		s.Success()
+	}
+
 	return utils.NewErrorListOrNil(errs)
 }
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index acb5e7aa3..1904a8842 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -176,7 +176,7 @@ func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPo
 			if err != nil {
 				return err
 			}
-			return chart.Render(k)
+			return chart.Render(di.Project.ctx, k)
 		})
 		return nil
 	})
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index fe093ab20..f0c0cedd3 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -1,14 +1,15 @@
 package deployment
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"path/filepath"
 	"reflect"
 	"strings"
@@ -17,6 +18,8 @@ import (
 var warnOnce utils.OnceByKey
 
 type DeploymentProject struct {
+	ctx context.Context
+
 	VarsCtx          *jinja2.VarsCtx
 	dir              string
 	SealedSecretsDir string
@@ -29,8 +32,9 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(k *k8s.K8sCluster, varsCtx *jinja2.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *jinja2.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
+		ctx:              ctx,
 		VarsCtx:          varsCtx.Copy(),
 		dir:              dir,
 		SealedSecretsDir: sealedSecretsDir,
@@ -86,14 +90,14 @@ func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
 	}
 	if len(p.Config.KustomizeDirs) != 0 {
 		warnOnce.Do("kustomizeDirs", func() {
-			log.Warningf("'kustomizeDirs' is deprecated, use 'deployments' instead")
+			status.Warning(p.ctx, "'kustomizeDirs' is deprecated, use 'deployments' instead")
 		})
 		p.Config.Deployments = p.Config.KustomizeDirs
 		p.Config.KustomizeDirs = nil
 	}
 	if len(p.Config.Includes) != 0 {
 		warnOnce.Do("includes", func() {
-			log.Warningf("'includes' is deprecated, use 'deployments' instead")
+			status.Warning(p.ctx, "'includes' is deprecated, use 'deployments' instead")
 		})
 		for _, inc := range p.Config.Includes {
 			c := *inc
@@ -127,7 +131,7 @@ func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
 	}
 	if len(p.Config.DeleteByLabels) != 0 {
 		warnOnce.Do("deleteByLabels", func() {
-			log.Warningf("'deleteByLabels' is deprecated and ignored from now on")
+			status.Warning(p.ctx, "'deleteByLabels' is deprecated and ignored from now on")
 		})
 		if !reflect.DeepEqual(p.Config.CommonLabels, p.Config.DeleteByLabels) {
 			return fmt.Errorf("commonLabels and deleteByLabels do not match")
@@ -196,7 +200,7 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 			return err
 		}
 
-		newProject, err := NewDeploymentProject(k, varsCtx, incDir, p.SealedSecretsDir, p)
+		newProject, err := NewDeploymentProject(p.ctx, k, varsCtx, incDir, p.SealedSecretsDir, p)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 8c719c2a2..eb97d66b1 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -1,15 +1,16 @@
 package deployment
 
 import (
+	"context"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
-	log "github.com/sirupsen/logrus"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/chart"
 	"helm.sh/helm/v3/pkg/chart/loader"
@@ -88,7 +89,7 @@ func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
 	}, nil
 }
 
-func (c *helmChart) Pull() error {
+func (c *helmChart) Pull(ctx context.Context) error {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return err
@@ -123,7 +124,7 @@ func (c *helmChart) Pull() error {
 	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tar.gz", a.Version))
 	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tgz", a.Version))
 	if out != "" {
-		log.Info(out)
+		status.PlainText(ctx, out)
 	}
 	if err != nil {
 		return err
@@ -177,19 +178,19 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 	return latestVersion, updated, nil
 }
 
-func (c *helmChart) Render(k *k8s.K8sCluster) error {
+func (c *helmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return err
 	}
-	err = c.doRender(k)
+	err = c.doRender(ctx, k)
 	if err != nil {
 		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", chartName, c.Config.ReleaseName, err)
 	}
 	return nil
 }
 
-func (c *helmChart) doRender(k *k8s.K8sCluster) error {
+func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	chartDir, err := c.GetChartDir()
 	if err != nil {
 		return err
@@ -264,7 +265,7 @@ func (c *helmChart) doRender(k *k8s.K8sCluster) error {
 	}
 
 	if chartRequested.Metadata.Deprecated {
-		log.Warningf("Chart %s is deprecated", *c.Config.ChartName)
+		status.Warning(ctx, "Chart %s is deprecated", *c.Config.ChartName)
 	}
 
 	rel, err := client.Run(chartRequested, vals)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index b14afa455..b8c78acbb 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -7,12 +7,12 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	log "github.com/sirupsen/logrus"
 	"github.com/vbauerster/mpb/v7"
 	"golang.org/x/sync/semaphore"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -561,7 +561,7 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 }
 
 func (a *ApplyDeploymentsUtil) ApplyDeployments() {
-	log.Infof("Running server-side apply for all objects")
+	status.Info(a.ctx, "Running server-side apply for all objects")
 
 	var wg sync.WaitGroup
 	sem := semaphore.NewWeighted(8)
@@ -592,9 +592,9 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 		progressName := a.buildProgressName(d)
 		var pctx *progressCtx
 		if progressName != nil {
-			pctx = NewProgressCtx(p, *progressName, maxNameLen, true)
+			pctx = NewProgressCtx(a.ctx, p, *progressName, maxNameLen, true)
 		} else {
-			pctx = NewProgressCtx(nil, "", 0, false)
+			pctx = NewProgressCtx(a.ctx, nil, "", 0, false)
 		}
 		a2 := a.NewApplyUtil(a.ctx, pctx)
 
@@ -609,7 +609,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 
 		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
 		if barrier {
-			bpctx := NewProgressCtx(p, "<barrier>", maxNameLen, true)
+			bpctx := NewProgressCtx(a.ctx, p, "<barrier>", maxNameLen, true)
 			bpctx.SetTotal(1)
 
 			bpctx.InfofAndStatus("Waiting on barrier...")
@@ -678,7 +678,7 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 		a.dew.AddApiWarnings(ref, apiWarnings)
 		if err != nil {
 			if errors.IsConflict(err) {
-				log.Debugf("Conflict while patching %s. Retrying...", ref.String())
+				status.Trace(a.ctx, "Conflict while patching %s. Retrying...", ref.String())
 				continue
 			} else {
 				a.HandleError(ref, err)
diff --git a/pkg/deployment/utils/progress.go b/pkg/deployment/utils/progress.go
index c5eadbbfc..34d03a61c 100644
--- a/pkg/deployment/utils/progress.go
+++ b/pkg/deployment/utils/progress.go
@@ -1,9 +1,10 @@
 package utils
 
 import (
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/mattn/go-isatty"
-	log "github.com/sirupsen/logrus"
 	"github.com/vbauerster/mpb/v7"
 	"github.com/vbauerster/mpb/v7/decor"
 	"math"
@@ -14,6 +15,7 @@ import (
 )
 
 type progressCtx struct {
+	ctx       context.Context
 	bar       *mpb.Bar
 	doLog     bool
 	total     int64
@@ -23,8 +25,9 @@ type progressCtx struct {
 	mutex     sync.Mutex
 }
 
-func NewProgressCtx(p *mpb.Progress, name string, maxNameWidth int, doLog bool) *progressCtx {
+func NewProgressCtx(ctx context.Context, p *mpb.Progress, name string, maxNameWidth int, doLog bool) *progressCtx {
 	pctx := &progressCtx{
+		ctx:       ctx,
 		status:    "Initializing...",
 		total:     -1,
 		name:      name,
@@ -52,23 +55,22 @@ func NewProgressCtx(p *mpb.Progress, name string, maxNameWidth int, doLog bool)
 	return pctx
 }
 
-func (ctx *progressCtx) Logf(level log.Level, s string, args ...interface{}) {
+func (ctx *progressCtx) Infof(s string, args ...interface{}) {
 	if ctx.doLog {
-		s = fmt.Sprintf("%s: %s", ctx.name, s)
-		log.StandardLogger().Logf(level, s, args...)
+		status.Info(ctx.ctx, s, args...)
 	}
 }
 
-func (ctx *progressCtx) Infof(s string, args ...interface{}) {
-	ctx.Logf(log.InfoLevel, s, args...)
-}
-
 func (ctx *progressCtx) Warningf(s string, args ...interface{}) {
-	ctx.Logf(log.WarnLevel, s, args...)
+	if ctx.doLog {
+		status.Warning(ctx.ctx, s, args...)
+	}
 }
 
 func (ctx *progressCtx) Debugf(s string, args ...interface{}) {
-	ctx.Logf(log.DebugLevel, s, args...)
+	if ctx.doLog {
+		status.Trace(ctx.ctx, s, args...)
+	}
 }
 
 func (ctx *progressCtx) InfofAndStatus(s string, args ...interface{}) {
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 71df19fbe..65ddf867e 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -1,24 +1,27 @@
 package utils
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
 )
 
 type RemoteObjectUtils struct {
+	ctx              context.Context
 	dew              *DeploymentErrorsAndWarnings
 	remoteObjects    map[k8s2.ObjectRef]*uo.UnstructuredObject
 	remoteNamespaces map[string]*uo.UnstructuredObject
 	mutex            sync.Mutex
 }
 
-func NewRemoteObjectsUtil(dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
+func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
 	return &RemoteObjectUtils{
+		ctx:              ctx,
 		dew:              dew,
 		remoteObjects:    map[k8s2.ObjectRef]*uo.UnstructuredObject{},
 		remoteNamespaces: map[string]*uo.UnstructuredObject{},
@@ -30,7 +33,8 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		return nil
 	}
 
-	log.Infof("Getting remote objects by commonLabels")
+	status.Info(u.ctx, "Getting remote objects by commonLabels")
+
 	allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels, false)
 	for gvk, aw := range apiWarnings {
 		u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, aw)
@@ -57,7 +61,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 	u.mutex.Unlock()
 
 	if len(notFoundRefsList) != 0 {
-		log.Infof("Getting %d additional remote objects", len(notFoundRefsList))
+		status.Info(u.ctx, "Getting %d additional remote objects", len(notFoundRefsList))
 		r, apiWarnings, err := k.GetObjectsByRefs(notFoundRefsList)
 		for ref, aw := range apiWarnings {
 			u.dew.AddApiWarnings(ref, aw)
@@ -72,7 +76,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		u.mutex.Unlock()
 	}
 
-	log.Infof("Getting namespaces")
+	status.Info(u.ctx, "Getting namespaces")
 	r, _, err := k.ListObjects(schema.GroupVersionKind{
 		Group:   "",
 		Version: "v1",
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index e490578a5..99eb13188 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -9,7 +9,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	diff2 "github.com/r3labs/diff/v2"
-	"log"
 	"reflect"
 	"sort"
 	"strconv"
@@ -125,7 +124,7 @@ func stableSortChanges(changes []types.Change) {
 	for i, _ := range changes {
 		y, err := yaml.WriteYamlString(changes[i])
 		if err != nil {
-			log.Panic(err)
+			panic(err)
 		}
 		changesStrs[i] = y
 		changesIndexes[i] = i
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 5ac3f6261..3a0772165 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
 	"regexp"
@@ -192,7 +191,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 		}
 		remoteValue, found, err := remote.GetNestedField(p...)
 		if !found {
-			log.Fatalf("field '%s' not found in remote object...which can't be!", cause.Field)
+			panic(fmt.Sprintf("field '%s' not found in remote object...which can't be!", cause.Field))
 		}
 
 		overwrite := true
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 677f4df07..2a3f91757 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -1,6 +1,7 @@
 package auth
 
 import (
+	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 )
@@ -11,7 +12,7 @@ type AuthMethodAndCA struct {
 }
 
 type GitAuthProvider interface {
-	BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA
+	BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA
 }
 
 type GitAuthProviders struct {
@@ -26,9 +27,9 @@ func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider, last bool) {
 	}
 }
 
-func (a *GitAuthProviders) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	for _, p := range a.authProviders {
-		auth := p.BuildAuth(gitUrl)
+		auth := p.BuildAuth(ctx, gitUrl)
 		if auth.AuthMethod != nil {
 			return auth
 		}
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index a57fa44f3..f05516e00 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -1,16 +1,17 @@
 package auth
 
 import (
+	"context"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 )
 
 type GitEnvAuthProvider struct {
 }
 
-func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	var la ListAuthProvider
 
 	for _, m := range utils.ParseEnvConfigSets("KLUCTL_GIT") {
@@ -26,7 +27,7 @@ func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 			ssh_key_path = utils.ExpandPath(ssh_key_path)
 			b, err := ioutil.ReadFile(ssh_key_path)
 			if err != nil {
-				log.Debugf("Failed to read key %s: %v", ssh_key_path, err)
+				status.Trace(ctx, "Failed to read key %s: %v", ssh_key_path, err)
 			} else {
 				e.SshKey = b
 			}
@@ -36,12 +37,12 @@ func (a *GitEnvAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
 			b, err := ioutil.ReadFile(ca_bundle_path)
 			if err != nil {
-				log.Debugf("Failed to read ca bundle %s: %v", ca_bundle_path, err)
+				status.Trace(ctx, "Failed to read ca bundle %s: %v", ca_bundle_path, err)
 			} else {
 				e.CABundle = b
 			}
 		}
 		la.AddEntry(e)
 	}
-	return la.BuildAuth(gitUrl)
+	return la.BuildAuth(ctx, gitUrl)
 }
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index b3a3b9f97..7ee6775c3 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -2,10 +2,11 @@ package auth
 
 import (
 	"bufio"
+	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	giturls "github.com/whilp/git-urls"
 	"os"
 	"path/filepath"
@@ -14,28 +15,28 @@ import (
 type GitCredentialsFileAuthProvider struct {
 }
 
-func (a *GitCredentialsFileAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	if gitUrl.Scheme != "http" && gitUrl.Scheme != "https" {
 		return AuthMethodAndCA{}
 	}
 
 	home, err := os.UserHomeDir()
 	if err != nil {
-		log.Warningf("Could not determine home directory: %v", err)
+		status.Warning(ctx, "Could not determine home directory: %v", err)
 		return AuthMethodAndCA{}
 	}
-	auth := a.tryBuildAuth(gitUrl, filepath.Join(home, ".git-credentials"))
+	auth := a.tryBuildAuth(ctx, gitUrl, filepath.Join(home, ".git-credentials"))
 	if auth != nil {
 		return *auth
 	}
 
 	if xdgHome, ok := os.LookupEnv("XDG_CONFIG_HOME"); ok && xdgHome != "" {
-		auth = a.tryBuildAuth(gitUrl, filepath.Join(xdgHome, ".git-credentials"))
+		auth = a.tryBuildAuth(ctx, gitUrl, filepath.Join(xdgHome, ".git-credentials"))
 		if auth != nil {
 			return *auth
 		}
 	} else {
-		auth = a.tryBuildAuth(gitUrl, filepath.Join(home, ".config/.git-credentials"))
+		auth = a.tryBuildAuth(ctx, gitUrl, filepath.Join(home, ".config/.git-credentials"))
 		if auth != nil {
 			return *auth
 		}
@@ -43,14 +44,14 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMe
 	return AuthMethodAndCA{}
 }
 
-func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) tryBuildAuth(ctx context.Context, gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
 	if !utils.IsFile(gitCredentialsPath) {
 		return nil
 	}
 
 	f, err := os.Open(gitCredentialsPath)
 	if err != nil {
-		log.Warningf("Failed to open %s: %v", gitCredentialsPath, err)
+		status.Warning(ctx, "Failed to open %s: %v", gitCredentialsPath, err)
 		return nil
 	}
 	defer f.Close()
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index b929675af..241a8d5b2 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -1,10 +1,11 @@
 package auth
 
 import (
+	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	log "github.com/sirupsen/logrus"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"strings"
 )
 
@@ -28,7 +29,7 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	for _, e := range a.entries {
 		if e.Host != "*" && e.Host != gitUrl.Hostname() {
 			continue
@@ -64,7 +65,7 @@ func (a *ListAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 			}
 			a, err := ssh.NewPublicKeys(username, e.SshKey, "")
 			if err != nil {
-				log.Debugf("Failed to parse private key: %v", err)
+				status.Trace(ctx, "Failed to parse private key: %v", err)
 			} else {
 				a.HostKeyCallback = buildVerifyHostCallback(e.KnownHosts)
 				return AuthMethodAndCA{
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index b37d242f1..686e90b47 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -1,11 +1,12 @@
 package auth
 
 import (
+	"context"
 	"fmt"
 	"github.com/kevinburke/ssh_config"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"io"
@@ -22,6 +23,7 @@ type GitSshAuthProvider struct {
 }
 
 type sshDefaultIdentityAndAgent struct {
+	ctx          context.Context
 	authProvider *GitSshAuthProvider
 	hostname     string
 	user         string
@@ -50,54 +52,54 @@ func (a *sshDefaultIdentityAndAgent) Signers() ([]ssh.Signer, error) {
 }
 
 func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
-	log.Debugf("trying to add default identity")
+	status.Trace(a.ctx, "trying to add default identity")
 	u, err := user.Current()
 	if err != nil {
-		log.Debugf("No current user: %v", err)
+		status.Trace(a.ctx, "No current user: %v", err)
 	} else {
 		path := filepath.Join(u.HomeDir, ".ssh", "id_rsa")
-		signer, err := a.authProvider.readKey(path)
+		signer, err := a.authProvider.readKey(a.ctx, path)
 		if err != nil && !os.IsNotExist(err) {
-			log.Warningf("Failed to read default identity file for url %s: %v", gitUrl.String(), err)
+			status.Warning(a.ctx, "Failed to read default identity file for url %s: %v", gitUrl.String(), err)
 		} else if signer != nil {
-			log.Debugf("...added '%s' as default identity", path)
+			status.Trace(a.ctx, "...added '%s' as default identity", path)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
-	log.Debugf("trying to add identities from ssh config")
+	status.Trace(a.ctx, "trying to add identities from ssh config")
 	for _, id := range ssh_config.GetAll(gitUrl.Hostname(), "IdentityFile") {
 		expanded := utils.ExpandPath(id)
-		log.Debugf("...trying '%s' (expanded: '%s')", id, expanded)
-		signer, err := a.authProvider.readKey(expanded)
+		status.Trace(a.ctx, "...trying '%s' (expanded: '%s')", id, expanded)
+		signer, err := a.authProvider.readKey(a.ctx, expanded)
 		if err != nil && !os.IsNotExist(err) {
-			log.Warningf("Failed to read key %s for url %s: %v", id, gitUrl.String(), err)
+			status.Warning(a.ctx, "Failed to read key %s for url %s: %v", id, gitUrl.String(), err)
 		} else if err == nil {
-			log.Debugf("...added '%s' from ssh config", expanded)
+			status.Trace(a.ctx, "...added '%s' from ssh config", expanded)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
-	log.Debugf("trying to add agent keys")
+	status.Trace(a.ctx, "trying to add agent keys")
 	agent, _, err := sshagent.New()
 	if err != nil {
-		log.Warningf("Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
+		status.Warning(a.ctx, "Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
 	} else {
 		signers, err := agent.Signers()
 		if err != nil {
-			log.Warningf("Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)
+			status.Warning(a.ctx, "Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)
 			return
 		}
-		log.Debugf("...added %d agent keys", len(signers))
+		status.Trace(a.ctx, "...added %d agent keys", len(signers))
 		a.signers = append(a.signers, signers...)
 	}
 }
 
-func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	if !gitUrl.IsSsh() {
 		return AuthMethodAndCA{}
 	}
@@ -106,6 +108,7 @@ func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 	}
 
 	auth := &sshDefaultIdentityAndAgent{
+		ctx:          ctx,
 		authProvider: a,
 		hostname:     gitUrl.Hostname(),
 		user:         gitUrl.User.Username(),
@@ -124,6 +127,7 @@ func (a *GitSshAuthProvider) BuildAuth(gitUrl git_url.GitUrl) AuthMethodAndCA {
 // we defer asking for passphrase so that we don't unnecessarily ask for passphrases for keys that are already provided
 // by ssh-agent
 type deferredPassphraseKey struct {
+	ctx    context.Context
 	a      *GitSshAuthProvider
 	path   string
 	err    error
@@ -157,21 +161,21 @@ func (k *deferredPassphraseKey) parse() {
 	passphrase, err := k.getPassphrase()
 	if err != nil {
 		k.err = err
-		log.Warningf("Failed to parse key %s: %v", k.path, err)
+		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
 		return
 	}
 
 	pemBytes, err := ioutil.ReadFile(k.path)
 	if err != nil {
 		k.err = err
-		log.Warningf("Failed to parse key %s: %v", k.path, err)
+		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
 		return
 	}
 
 	s, err := ssh.ParsePrivateKeyWithPassphrase(pemBytes, passphrase)
 	if err != nil {
 		k.err = err
-		log.Warningf("Failed to parse key %s: %v", k.path, err)
+		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
 		return
 	}
 	k.parsed = s
@@ -223,7 +227,7 @@ func (k *deferredPassphraseKey) Sign(rand io.Reader, data []byte) (*ssh.Signatur
 	return k.parsed.Sign(rand, data)
 }
 
-func (a *GitSshAuthProvider) readKey(path string) (ssh.Signer, error) {
+func (a *GitSshAuthProvider) readKey(ctx context.Context, path string) (ssh.Signer, error) {
 	pemBytes, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, err
@@ -235,6 +239,7 @@ func (a *GitSshAuthProvider) readKey(path string) (ssh.Signer, error) {
 
 		if _, ok := err.(*ssh.PassphraseMissingError); ok {
 			signer = &deferredPassphraseKey{
+				ctx:  ctx,
 				a:    a,
 				path: path,
 			}
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 8940c6047..2eeb19bfd 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -8,8 +8,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -70,7 +70,7 @@ func (g *MirroredGitRepo) Lock() error {
 func (g *MirroredGitRepo) Unlock() error {
 	err := g.fileLock.Unlock()
 	if err != nil {
-		log.Warningf("Unlock of %s failed: %v", g.fileLock.Path(), err)
+		status.Warning(g.ctx, "Unlock of %s failed: %v", g.fileLock.Path(), err)
 		return err
 	}
 	return nil
@@ -170,14 +170,13 @@ func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthProviders) error {
-	log.Infof("Updating mirror repo: url='%v'", g.url.String())
+func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authProviders *auth2.GitAuthProviders) error {
 	r, err := git.PlainOpen(repoDir)
 	if err != nil {
 		return err
 	}
 
-	auth := authProviders.BuildAuth(g.url)
+	auth := authProviders.BuildAuth(g.ctx, g.url)
 
 	remote, err := r.Remote("origin")
 	if err != nil {
@@ -260,21 +259,20 @@ func (g *MirroredGitRepo) update(repoDir string, authProviders *auth2.GitAuthPro
 
 	_ = ioutil.WriteFile(filepath.Join(g.mirrorDir, ".update-time"), []byte(time.Now().Format(time.RFC3339Nano)), 0644)
 
+	s.Success()
 	return nil
 }
 
-func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext, authProviders *auth2.GitAuthProviders) error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	if utils.IsFile(initMarker) {
-		return g.update(g.mirrorDir, authProviders)
+		return g.update(s, g.mirrorDir, authProviders)
 	}
 	err := g.cleanupMirrorDir()
 	if err != nil {
 		return err
 	}
 
-	log.Infof("Cloning mirror repo at %v", g.mirrorDir)
-
 	tmpMirrorDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "mirror-")
 	if err != nil {
 		return err
@@ -298,7 +296,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) e
 		return err
 	}
 
-	err = g.update(tmpMirrorDir, authProviders)
+	err = g.update(s, tmpMirrorDir, authProviders)
 	if err != nil {
 		return err
 	}
@@ -321,20 +319,23 @@ func (g *MirroredGitRepo) cloneOrUpdate(authProviders *auth2.GitAuthProviders) e
 }
 
 func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
-	err := g.cloneOrUpdate(authProviders)
+	s := status.Start(g.ctx, "Updating git cache for %s", g.url.String())
+	err := g.cloneOrUpdate(s, authProviders)
 	if err != nil {
+		s.FailedWithMessage(err.Error())
 		return err
 	}
 	g.hasUpdated = true
+	s.Success()
 	return nil
 }
 
 func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
 	if !g.fileLock.Locked() || !g.hasUpdated {
-		log.Fatalf("tried to clone from a project that is not locked/updated")
+		panic("tried to clone from a project that is not locked/updated")
 	}
 
-	log.Debugf("Cloning git project: url='%s', ref='%s', target='%s'", g.url.String(), ref, targetDir)
+	status.Trace(g.ctx, "Cloning git project: url='%s', ref='%s', target='%s'", g.url.String(), ref, targetDir)
 
 	err := PoorMansClone(g.mirrorDir, targetDir, ref)
 	if err != nil {
diff --git a/pkg/jinja2/generate/main.go b/pkg/jinja2/generate/main.go
index a767884b3..9da3d4f4e 100644
--- a/pkg/jinja2/generate/main.go
+++ b/pkg/jinja2/generate/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util/packer"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -23,12 +22,12 @@ func pipWheel() {
 	cmd.Stderr = os.Stderr
 	err := cmd.Run()
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 
 	wheels, err := os.ReadDir("python_src/wheel")
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 	for _, w := range wheels {
 		if !strings.HasSuffix(w.Name(), ".whl") {
@@ -40,17 +39,17 @@ func pipWheel() {
 
 		err = cmd.Run()
 		if err != nil {
-			log.Panic(err)
+			panic(err)
 		}
 
 		err = os.Remove(filepath.Join("python_src/wheel", w.Name()))
 		if err != nil {
-			log.Panic(err)
+			panic(err)
 		}
 	}
 
 	err = packer.Pack("embed/python_src.tar.gz", "python_src", "*")
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 }
diff --git a/pkg/jinja2/source.go b/pkg/jinja2/source.go
index f07623b74..d9ab49bb4 100644
--- a/pkg/jinja2/source.go
+++ b/pkg/jinja2/source.go
@@ -4,7 +4,6 @@ import (
 	"embed"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
-	log "github.com/sirupsen/logrus"
 	"path/filepath"
 )
 
@@ -17,7 +16,7 @@ var pythonSrcExtracted string
 func init() {
 	srcDir, err := extractSource()
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 	pythonSrcExtracted = srcDir
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index ea633652a..b6f4939b6 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -5,11 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 	goversion "github.com/hashicorp/go-version"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"io"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -531,11 +531,11 @@ func (k *K8sCluster) ListObjectsMetadata(gvk schema.GroupVersionKind, namespace
 		for _, o := range x.Items {
 			b, err := json.Marshal(o)
 			if err != nil {
-				log.Panic(err)
+				panic(err)
 			}
 			u, err := uo.FromString(string(b))
 			if err != nil {
-				log.Panic(err)
+				panic(err)
 			}
 			u.SetK8sGVK(gvk)
 			result = append(result, u)
@@ -805,7 +805,6 @@ type PatchOptions struct {
 func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
 	ref := o.GetK8sRef()
-	log2 := log.WithField("ref", ref)
 
 	data, err := yaml.WriteYamlBytes(o)
 	if err != nil {
@@ -822,7 +821,8 @@ func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions)
 		po.Force = &options.ForceApply
 	}
 
-	log2.Debugf("patching")
+	status.Trace(k.ctx, "patching %s", ref.String())
+
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Patch(k.ctx, ref.Name, types.ApplyPatchType, data, po)
@@ -842,7 +842,6 @@ type UpdateOptions struct {
 func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
 	ref := o.GetK8sRef()
-	log2 := log.WithField("ref", ref)
 
 	updateOpts := v1.UpdateOptions{
 		FieldManager: "kluctl",
@@ -851,7 +850,8 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 		updateOpts.DryRun = []string{"All"}
 	}
 
-	log2.Debugf("updating")
+	status.Trace(k.ctx, "updating %s", ref.String())
+
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Update(k.ctx, o.ToUnstructured(), updateOpts)
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index c4d8b9527..4c5b74fb6 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -5,10 +5,10 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -237,7 +237,7 @@ func (c *LoadedKluctlProject) mergeClustersDirs(mergedClustersDir string, cluste
 
 	for _, ci := range clustersInfos {
 		if !utils.IsDirectory(ci.dir) {
-			log.Warningf("Cluster dir '%s' does not exist", ci.dir)
+			status.Warning(c.ctx, "Cluster dir '%s' does not exist", ci.dir)
 			continue
 		}
 		files, err := ioutil.ReadDir(ci.dir)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 50d8a7f27..bf4d1b369 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -107,7 +107,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfig
 	}
 	varsCtx.UpdateChild("target", targetVars)
 
-	d, err := deployment.NewDeploymentProject(k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
+	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index baaff34d2..8492422b2 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -5,11 +5,11 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"reflect"
 	"regexp"
 	"sort"
@@ -51,7 +51,7 @@ func (c *LoadedKluctlProject) loadTargets() error {
 			if targetInfo.refPattern == nil {
 				return err
 			}
-			log.Warningf("Failed to load dynamic target config for project: %v", err)
+			status.Warning(c.ctx, "Failed to load dynamic target config for project: %v", err)
 			continue
 		}
 
@@ -61,7 +61,7 @@ func (c *LoadedKluctlProject) loadTargets() error {
 		}
 
 		if _, ok := targetNames[target.Name]; ok {
-			log.Warningf("Duplicate target %s", target.Name)
+			status.Warning(c.ctx, "Duplicate target %s", target.Name)
 		} else {
 			targetNames[target.Name] = true
 			c.DynamicTargets = append(c.DynamicTargets, &types.DynamicTarget{
diff --git a/pkg/python/embed.go b/pkg/python/embed.go
index 4a67eee0d..500e68ed8 100644
--- a/pkg/python/embed.go
+++ b/pkg/python/embed.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
-	"log"
 	"path/filepath"
 	"runtime"
 )
@@ -21,20 +20,20 @@ func decompressPython() string {
 	tarName := fmt.Sprintf("embed/python-%s-%s.tar.gz", runtime.GOOS, runtime.GOARCH)
 	tgz, err := pythonLib.Open(tarName)
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 	defer tgz.Close()
 
 	fileList, err := pythonLib.Open(tarName + ".files")
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 	defer fileList.Close()
 
 	path := filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("python-%s", runtime.GOOS))
 	path, err = embed_util.ExtractTarToTmp(tgz, fileList, path)
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 
 	return path
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 93f11f95b..9f2171d83 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -12,9 +12,9 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"net/http"
 	"net/http/httputil"
@@ -297,19 +297,19 @@ func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
 	if !utils.Exists(filepath.Dir(cachePath)) {
 		err := os.MkdirAll(filepath.Dir(cachePath), 0o700)
 		if err != nil {
-			log.Warningf("writeCachedResponse failed: %v", err)
+			status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 			return
 		}
 	}
 
 	err := ioutil.WriteFile(cachePath+".tmp", data, 0o600)
 	if err != nil {
-		log.Warningf("writeCachedResponse failed: %v", err)
+		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
 	}
 	err = os.Rename(cachePath+".tmp", cachePath)
 	if err != nil {
-		log.Warningf("writeCachedResponse failed: %v", err)
+		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
 	}
 }
diff --git a/pkg/seal/bootstrap.go b/pkg/seal/bootstrap.go
index 02865c4e9..84761159d 100644
--- a/pkg/seal/bootstrap.go
+++ b/pkg/seal/bootstrap.go
@@ -1,15 +1,16 @@
 package seal
 
 import (
+	"context"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	certUtil "k8s.io/client-go/util/cert"
@@ -21,7 +22,7 @@ const sealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"
 const secretName = "sealed-secrets-key-kluctl-bootstrap"
 const configMapName = "sealed-secrets-key-kluctl-bootstrap"
 
-func BootstrapSealedSecrets(k *k8s.K8sCluster, namespace string) error {
+func BootstrapSealedSecrets(ctx context.Context, k *k8s.K8sCluster, namespace string) error {
 	existing, _, err := k.GetSingleObject(k8s2.ObjectRef{
 		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
 		Name: "sealedsecrets.bitnami.com",
@@ -41,7 +42,7 @@ func BootstrapSealedSecrets(k *k8s.K8sCluster, namespace string) error {
 		return nil
 	}
 
-	log.Infof("Bootstrapping sealed-secrets with a self-generated key")
+	status.Info(ctx, "Bootstrapping sealed-secrets with a self-generated key")
 
 	key, cert, err := crypto.GeneratePrivateKeyAndCert(2048, 10*365*24*time.Hour, "bootstrap.kluctl.io")
 	if err != nil {
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 5af09d342..95b1c154a 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -1,31 +1,32 @@
 package seal
 
 import (
+	"context"
 	"crypto/rsa"
 	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	v12 "k8s.io/api/core/v1"
 	"k8s.io/client-go/util/cert"
 )
 
-func fetchCert(k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
+func fetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
 	certData, err := openCertFromController(k, namespace, controllerName)
 	if err != nil {
 		if controllerName == "sealed-secrets-controller" {
 			s2, err2 := openCertFromController(k, namespace, "sealed-secrets")
 			if err2 == nil {
-				log.Warningf("Looks like you have sealed-secrets controller installed with name 'sealed-secrets', which comes from a legacy kluctl version that deployed it with a non-default name. Please consider re-deploying sealed-secrets operator manually.")
+				status.Warning(ctx, "Looks like you have sealed-secrets controller installed with name 'sealed-secrets', which comes from a legacy kluctl version that deployed it with a non-default name. Please consider re-deploying sealed-secrets operator manually.")
 				err = nil
 				certData = s2
 			}
 		}
 
 		if err != nil {
-			log.Warningf("Failed to retrieve public certificate from sealed-secrets-controller, re-trying with bootstrap secret")
+			status.Warning(ctx, "Failed to retrieve public certificate from sealed-secrets-controller, re-trying with bootstrap secret")
 			certData, err = openCertFromBootstrap(k, namespace)
 			if err != nil {
 				return nil, fmt.Errorf("failed to retrieve sealed secrets public key: %w", err)
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 92dd6953d..93d1af66f 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -1,6 +1,7 @@
 package seal
 
 import (
+	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/base64"
@@ -8,12 +9,12 @@ import (
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/scrypt"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -27,18 +28,20 @@ const hashAnnotation = "kluctl.io/sealedsecret-hashes"
 const clusterIdAnnotation = "kluctl.io/sealedsecret-cluster-id"
 
 type Sealer struct {
+	ctx           context.Context
 	clusterConfig *types.ClusterConfig2
 	forceReseal   bool
 	cert          *rsa.PublicKey
 	clusterId     string
 }
 
-func NewSealer(k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, clusterConfig *types.ClusterConfig2, forceReseal bool) (*Sealer, error) {
+func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, clusterConfig *types.ClusterConfig2, forceReseal bool) (*Sealer, error) {
 	s := &Sealer{
+		ctx:           ctx,
 		clusterConfig: clusterConfig,
 		forceReseal:   forceReseal,
 	}
-	cert, err := fetchCert(k, sealedSecretsNamespace, sealedSecretsControllerName)
+	cert, err := fetchCert(ctx, k, sealedSecretsNamespace, sealedSecretsControllerName)
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +99,7 @@ func (s *Sealer) doHash(key string, secret []byte, secretName string, secretName
 	}
 	h, err := scrypt.Key(secret, []byte(salt), 1<<14, 8, 1, 64)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return hex.EncodeToString(h)
 }
@@ -242,10 +245,10 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	resealAll := false
 	if s.forceReseal {
 		resealAll = true
-		log.Infof("Forcing reseal of secrets in %s", secretName)
+		status.Info(s.ctx, "Forcing reseal of secrets in %s", secretName)
 	} else if existingClusterId != s.clusterId {
 		resealAll = true
-		log.Infof("Target cluster for secret %s has changed, forcing reseal", secretName)
+		status.Info(s.ctx, "Target cluster for secret %s has changed, forcing reseal", secretName)
 	}
 
 	for k, v := range secrets {
@@ -254,19 +257,19 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 
 		doEncrypt := resealAll
 		if !doEncrypt && hash != existingHash {
-			log.Infof("Secret %s and key %s has changed, resealing", secretName, k)
+			status.Info(s.ctx, "Secret %s and key %s has changed, resealing", secretName, k)
 			doEncrypt = true
 		}
 
 		if !doEncrypt {
 			e, ok, _ := existingContent.GetNestedString("spec", "encryptedData", k)
 			if ok {
-				log.Debugf("Secret %s and key %s is unchanged", secretName, k)
+				status.Trace(s.ctx, "Secret %s and key %s is unchanged", secretName, k)
 				result.SetNestedField(e, "spec", "encryptedData", k)
 				resultSecretHashes[k] = hash
 				continue
 			} else {
-				log.Infof("Old encrypted secret %s and key %s not found", secretName, k)
+				status.Info(s.ctx, "Old encrypted secret %s and key %s not found", secretName, k)
 				doEncrypt = true
 			}
 		}
@@ -287,7 +290,7 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	result.SetK8sAnnotation(clusterIdAnnotation, s.clusterId)
 
 	if reflect.DeepEqual(existingContent, result) {
-		log.Infof("Skipped %s as it did not change", baseName)
+		status.Info(s.ctx, "Skipped %s as it did not change", baseName)
 		return nil
 	}
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
new file mode 100644
index 000000000..a9b8b4df6
--- /dev/null
+++ b/pkg/status/status.go
@@ -0,0 +1,107 @@
+package status
+
+import (
+	"context"
+	"fmt"
+)
+
+// StatusContext is used to report user-facing status/progress
+type StatusContext struct {
+	ctx      context.Context
+	sh       StatusHandler
+	sl       StatusLine
+	finished bool
+	failed   bool
+}
+
+type StatusLine interface {
+	Update(message string)
+	End(success bool)
+}
+
+type StatusHandler interface {
+	StartStatus(message string) StatusLine
+
+	Info(message string)
+	Warning(message string)
+	Error(message string)
+	Trace(message string)
+
+	PlainText(text string)
+}
+
+type contextKey struct{}
+
+func NewContext(ctx context.Context, slh StatusHandler) context.Context {
+	return context.WithValue(ctx, contextKey{}, slh)
+}
+
+func FromContext(ctx context.Context) StatusHandler {
+	v := ctx.Value(contextKey{})
+	if v == nil {
+		return nil
+	}
+	return v.(StatusHandler)
+}
+
+func Start(ctx context.Context, status string, args ...any) *StatusContext {
+	sh := FromContext(ctx)
+	s := &StatusContext{
+		ctx: ctx,
+		sh:  sh,
+	}
+
+	s.sl = sh.StartStatus(fmt.Sprintf(status, args...))
+
+	return s
+}
+
+func (s *StatusContext) Update(message string, args ...any) {
+	s.sl.Update(fmt.Sprintf(message, args...))
+}
+
+func (s *StatusContext) Failed() {
+	if s.finished {
+		return
+	}
+	s.sl.End(false)
+	s.failed = true
+}
+
+func (s *StatusContext) FailedWithMessage(msg string, args ...any) {
+	if s.finished {
+		return
+	}
+	s.Update(msg, args...)
+	s.Failed()
+}
+
+func (s *StatusContext) Success() {
+	s.sl.End(true)
+	s.finished = true
+}
+
+func PlainText(ctx context.Context, text string) {
+	slh := FromContext(ctx)
+	slh.PlainText(text)
+}
+
+func Info(ctx context.Context, status string, args ...any) {
+	slh := FromContext(ctx)
+	slh.Info(fmt.Sprintf(status, args...))
+}
+
+func Warning(ctx context.Context, status string, args ...any) {
+	slh := FromContext(ctx)
+	slh.Warning(fmt.Sprintf(status, args...))
+}
+
+func Trace(ctx context.Context, status string, args ...any) {
+	slh := FromContext(ctx)
+	slh.Trace(fmt.Sprintf(status, args...))
+}
+
+func Error(ctx context.Context, status string, args ...any) {
+	slh := FromContext(ctx)
+	slh.Error(fmt.Sprintf(status, args...))
+}
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
new file mode 100644
index 000000000..15b08848c
--- /dev/null
+++ b/pkg/status/status_handler.go
@@ -0,0 +1,67 @@
+package status
+
+import (
+	"fmt"
+	"io"
+)
+
+type MultiLineStatusHandler struct {
+	out   io.Writer
+	trace bool
+}
+
+type statusLine struct {
+	slh     *MultiLineStatusHandler
+	message string
+}
+
+func NewMultiLineStatusHandler(out io.Writer, trace bool) *MultiLineStatusHandler {
+	sh := &MultiLineStatusHandler{
+		out:   out,
+		trace: trace,
+	}
+	return sh
+}
+
+func (s *MultiLineStatusHandler) StartStatus(message string) StatusLine {
+	sl := &statusLine{
+		slh:     s,
+		message: message,
+	}
+	s.writeOut(sl.message)
+	return sl
+}
+
+func (s *MultiLineStatusHandler) writeOut(message string) {
+	_, _ = fmt.Fprintf(s.out, "%s\n", message)
+}
+
+func (s *MultiLineStatusHandler) Info(message string) {
+	s.writeOut(message)
+}
+
+func (s *MultiLineStatusHandler) Warning(message string) {
+	s.writeOut(message)
+}
+
+func (s *MultiLineStatusHandler) Error(message string) {
+	s.writeOut(message)
+}
+
+func (s *MultiLineStatusHandler) Trace(message string) {
+	if s.trace {
+		s.writeOut(message)
+	}
+}
+
+func (s *MultiLineStatusHandler) PlainText(text string) {
+	s.writeOut(text)
+}
+
+func (sl *statusLine) Update(message string) {
+	sl.message = message
+	sl.slh.writeOut(sl.message)
+}
+
+func (sl *statusLine) End(success bool) {
+}
diff --git a/pkg/utils/env.go b/pkg/utils/env.go
index 91def48c2..5dbca1e69 100644
--- a/pkg/utils/env.go
+++ b/pkg/utils/env.go
@@ -2,7 +2,6 @@ package utils
 
 import (
 	"fmt"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"regexp"
 	"strconv"
@@ -18,7 +17,7 @@ func ParseEnvConfigSets(prefix string) map[int]map[string]string {
 	for _, e := range os.Environ() {
 		eq := strings.Index(e, "=")
 		if eq == -1 {
-			log.Panicf("unexpected env var %s", e)
+			panic(fmt.Sprintf("unexpected env var %s", e))
 		}
 		n := e[:eq]
 		v := e[eq+1:]
diff --git a/pkg/utils/prompts.go b/pkg/utils/prompts.go
index 06cecf885..f95098796 100644
--- a/pkg/utils/prompts.go
+++ b/pkg/utils/prompts.go
@@ -4,13 +4,16 @@ import (
 	"bufio"
 	"fmt"
 	"github.com/mattn/go-isatty"
-	log "github.com/sirupsen/logrus"
 	"golang.org/x/term"
 	"os"
 	"strings"
 	"syscall"
 )
 
+func doWarn(f string, args ...any) {
+	_, _ = fmt.Fprintf(os.Stderr, f, args...)
+}
+
 // AskForConfirmation uses Scanln to parse user input. A user must type in "yes" or "no" and
 // then press enter. It has fuzzy matching, so "y", "Y", "yes", "YES", and "Yes" all count as
 // confirmations. If the input is not recognized, it will ask again. The function does not return
@@ -18,13 +21,13 @@ import (
 // before calling askForConfirmation. E.g. fmt.Println("WARNING: Are you sure? (yes/no)")
 func AskForConfirmation(prompt string) bool {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
-		log.Warningf("Not a terminal, suppressed prompt: %s", prompt)
+		doWarn("Not a terminal, suppressed prompt: %s", prompt)
 		return false
 	}
 
 	_, err := os.Stderr.WriteString(prompt + " (y/N) ")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 
 	var response string
@@ -47,7 +50,7 @@ func AskForConfirmation(prompt string) bool {
 func AskForPassword(prompt string) (string, error) {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		log.Warning(err)
+		doWarn(err.Error())
 		return "", err
 	}
 
@@ -69,7 +72,7 @@ func AskForPassword(prompt string) (string, error) {
 func AskForCredentials(prompt string) (string, string, error) {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		log.Warning(err)
+		doWarn(err.Error())
 		return "", "", err
 	}
 
diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index a7bdbb760..b375aca7e 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -3,7 +3,6 @@ package uo
 import (
 	"fmt"
 	"github.com/ohler55/ojg/jp"
-	log "github.com/sirupsen/logrus"
 	"regexp"
 	"strings"
 )
@@ -58,7 +57,7 @@ func NewMyJsonPath(p string) (*MyJsonPath, error) {
 func NewMyJsonPathMust(p string) *MyJsonPath {
 	j, err := NewMyJsonPath(p)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return j
 }
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index be195b0f1..69c295757 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -1,8 +1,8 @@
 package uo
 
 import (
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
@@ -13,15 +13,15 @@ import (
 func (uo *UnstructuredObject) GetK8sGVK() schema.GroupVersionKind {
 	kind, _, err := uo.GetNestedString("kind")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	apiVersion, _, err := uo.GetNestedString("apiVersion")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	gv, err := schema.ParseGroupVersion(apiVersion)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return schema.GroupVersionKind{
 		Group:   gv.Group,
@@ -33,11 +33,11 @@ func (uo *UnstructuredObject) GetK8sGVK() schema.GroupVersionKind {
 func (uo *UnstructuredObject) SetK8sGVK(gvk schema.GroupVersionKind) {
 	err := uo.SetNestedField(gvk.GroupVersion().String(), "apiVersion")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	err = uo.SetNestedField(gvk.Kind, "kind")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 }
 
@@ -48,7 +48,7 @@ func (uo *UnstructuredObject) SetK8sGVKs(g string, v string, k string) {
 func (uo *UnstructuredObject) GetK8sName() string {
 	s, _, err := uo.GetNestedString("metadata", "name")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return s
 }
@@ -56,14 +56,14 @@ func (uo *UnstructuredObject) GetK8sName() string {
 func (uo *UnstructuredObject) SetK8sName(name string) {
 	err := uo.SetNestedField(name, "metadata", "name")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 }
 
 func (uo *UnstructuredObject) GetK8sNamespace() string {
 	s, _, err := uo.GetNestedString("metadata", "namespace")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return s
 }
@@ -72,12 +72,12 @@ func (uo *UnstructuredObject) SetK8sNamespace(namespace string) {
 	if namespace != "" {
 		err := uo.SetNestedField(namespace, "metadata", "namespace")
 		if err != nil {
-			log.Fatal(err)
+			panic(err)
 		}
 	} else {
 		err := uo.RemoveNestedField("metadata", "namespace")
 		if err != nil {
-			log.Fatal(err)
+			panic(err)
 		}
 	}
 
@@ -94,7 +94,7 @@ func (uo *UnstructuredObject) GetK8sRef() k8s.ObjectRef {
 func (uo *UnstructuredObject) GetK8sLabels() map[string]string {
 	ret, ok, err := uo.GetNestedStringMapCopy("metadata", "labels")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	if !ok {
 		return map[string]string{}
@@ -112,7 +112,7 @@ func (uo *UnstructuredObject) SetK8sLabels(labels map[string]string) {
 func (uo *UnstructuredObject) GetK8sLabel(name string) *string {
 	ret, ok, err := uo.GetNestedString("metadata", "labels", name)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	if !ok {
 		return nil
@@ -123,7 +123,7 @@ func (uo *UnstructuredObject) GetK8sLabel(name string) *string {
 func (uo *UnstructuredObject) SetK8sLabel(name string, value string) {
 	err := uo.SetNestedField(value, "metadata", "labels", name)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 }
 
@@ -142,7 +142,7 @@ func (uo *UnstructuredObject) GetK8sLabelsWithRegex(r interface{}) map[string]st
 func (uo *UnstructuredObject) GetK8sAnnotations() map[string]string {
 	ret, ok, err := uo.GetNestedStringMapCopy("metadata", "annotations")
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	if !ok {
 		return map[string]string{}
@@ -153,7 +153,7 @@ func (uo *UnstructuredObject) GetK8sAnnotations() map[string]string {
 func (uo *UnstructuredObject) GetK8sAnnotation(name string) *string {
 	ret, ok, err := uo.GetNestedString("metadata", "annotations", name)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	if !ok {
 		return nil
@@ -171,7 +171,7 @@ func (uo *UnstructuredObject) SetK8sAnnotations(annotations map[string]string) {
 func (uo *UnstructuredObject) SetK8sAnnotation(name string, value string) {
 	err := uo.SetNestedField(value, "metadata", "annotations", name)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 }
 
@@ -198,7 +198,7 @@ func (uo *UnstructuredObject) SetK8sResourceVersion(rv string) {
 	} else {
 		err := uo.SetNestedField(rv, "metadata", "resourceVersion")
 		if err != nil {
-			log.Fatal(err)
+			panic(err)
 		}
 	}
 }
@@ -232,6 +232,6 @@ func (ui *UnstructuredObject) getRegexp(r interface{}) *regexp.Regexp {
 			return regexp.MustCompile(x)
 		}
 	}
-	log.Panicf("unknown type %s", reflect.TypeOf(r).String())
+	panic(fmt.Sprintf("unknown type %s", reflect.TypeOf(r).String()))
 	return nil
 }
diff --git a/pkg/utils/uo/object_iterator.go b/pkg/utils/uo/object_iterator.go
index be922ee93..debb5c227 100644
--- a/pkg/utils/uo/object_iterator.go
+++ b/pkg/utils/uo/object_iterator.go
@@ -1,9 +1,5 @@
 package uo
 
-import (
-	log "github.com/sirupsen/logrus"
-)
-
 type ObjectIteratorFunc func(it *ObjectIterator) error
 type ObjectIterator struct {
 	path []interface{}
@@ -72,7 +68,7 @@ func (it *ObjectIterator) iterateInterface() error {
 func (it *ObjectIterator) iterateMap() error {
 	m, ok := it.Value().(map[string]interface{})
 	if !ok {
-		log.Fatalf("!ok")
+		panic("!ok")
 	}
 
 	for k, v := range m {
@@ -92,7 +88,7 @@ func (it *ObjectIterator) iterateMap() error {
 func (it *ObjectIterator) iterateList() error {
 	l, ok := it.Value().([]interface{})
 	if !ok {
-		log.Fatalf("!ok")
+		panic("!ok")
 	}
 
 	for i, e := range l {
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index ffb513110..0356a98ac 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/jinzhu/copier"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"reflect"
 )
@@ -76,7 +75,7 @@ func FromString(s string) (*UnstructuredObject, error) {
 func FromStringMust(s string) *UnstructuredObject {
 	o, err := FromString(s)
 	if err != nil {
-		log.Panic(err)
+		panic(err)
 	}
 	return o
 }
@@ -112,7 +111,7 @@ func (uo *UnstructuredObject) Clone() *UnstructuredObject {
 		DeepCopy: true,
 	})
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return FromMap(c)
 }
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index ae338d920..4bcd0bf70 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -4,7 +4,6 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"github.com/jinzhu/copier"
-	"log"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -18,7 +17,7 @@ func GetTmpBaseDir() string {
 	createTmpBaseDirOnce.Do(func() {
 		err := os.MkdirAll(dir, 0o700)
 		if err != nil {
-			log.Fatal(err)
+			panic(err)
 		}
 	})
 	return dir
diff --git a/pkg/utils/versions/latest_version.go b/pkg/utils/versions/latest_version.go
index 7cd524a9c..24edbc5b2 100644
--- a/pkg/utils/versions/latest_version.go
+++ b/pkg/utils/versions/latest_version.go
@@ -3,7 +3,6 @@ package versions
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"log"
 	"regexp"
 	"strconv"
 )
@@ -43,7 +42,7 @@ func NewRegexVersionFilter(pattern string) (LatestVersionFilter, error) {
 func NewRegexVersionFilterMust(pattern string) LatestVersionFilter {
 	ret, err := NewRegexVersionFilter(pattern)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return ret
 }
@@ -114,7 +113,7 @@ func NewPrefixVersionFilter(prefix string, suffix LatestVersionFilter) (LatestVe
 func NewPrefixVersionFilterMust(prefix string, suffix LatestVersionFilter) LatestVersionFilter {
 	ret, err := NewPrefixVersionFilter(prefix, suffix)
 	if err != nil {
-		log.Fatal(err)
+		panic(err)
 	}
 	return ret
 }
diff --git a/pkg/utils/versions/latest_version_parse.go b/pkg/utils/versions/latest_version_parse.go
index 6fe06ed23..8317e46e6 100644
--- a/pkg/utils/versions/latest_version_parse.go
+++ b/pkg/utils/versions/latest_version_parse.go
@@ -3,7 +3,6 @@ package versions
 import (
 	"fmt"
 	scanner "github.com/kluctl/kluctl/v2/pkg/utils/python_scanner"
-	log "github.com/sirupsen/logrus"
 	"strconv"
 	"strings"
 )
@@ -27,7 +26,7 @@ func (p *preparsed) CurToken() rune {
 
 func (p *preparsed) CurTokenText() string {
 	if p.nextPos > len(p.tokens) {
-		log.Panicf("CurTokenText at EOF")
+		panic("CurTokenText at EOF")
 	}
 	return p.tokens[p.nextPos-1].text
 }

From 65db7632a10789ad8f7bcff6888c42d5e7443748 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 11:45:12 +0200
Subject: [PATCH 0129/2268] refactor: Use mpb library for status reporting

---
 cmd/kluctl/commands/root.go  |  2 +-
 pkg/status/status_handler.go | 70 +++++++++++++++++++++++++++++-------
 2 files changed, 59 insertions(+), 13 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 44e4ef541..a35f2c063 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -69,7 +69,7 @@ var flagGroups = []groupInfo{
 var cliCtx = context.Background()
 
 func (c *cli) setupStatusHandler() error {
-	sh := status.NewMultiLineStatusHandler(os.Stderr, c.Debug)
+	sh := status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
 	cliCtx = status.NewContext(cliCtx, sh)
 	return nil
 }
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 15b08848c..7f6bd0c39 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -1,25 +1,46 @@
 package status
 
 import (
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/vbauerster/mpb/v7"
+	"github.com/vbauerster/mpb/v7/decor"
 	"io"
+	"math"
 )
 
 type MultiLineStatusHandler struct {
-	out   io.Writer
-	trace bool
+	out      io.Writer
+	progress *mpb.Progress
+	stop     chan any
+	trace    bool
 }
 
 type statusLine struct {
 	slh     *MultiLineStatusHandler
+	bar     *mpb.Bar
+	filler  mpb.BarFiller
 	message string
+
+	finished bool
+	success  bool
 }
 
-func NewMultiLineStatusHandler(out io.Writer, trace bool) *MultiLineStatusHandler {
+func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *MultiLineStatusHandler {
 	sh := &MultiLineStatusHandler{
 		out:   out,
 		trace: trace,
+		stop:  make(chan any),
 	}
+
+	sh.progress = mpb.NewWithContext(
+		ctx,
+		mpb.WithWidth(utils.GetTermWidth()),
+		mpb.WithOutput(out),
+		mpb.PopCompletedMode(),
+	)
+
 	return sh
 }
 
@@ -28,40 +49,65 @@ func (s *MultiLineStatusHandler) StartStatus(message string) StatusLine {
 		slh:     s,
 		message: message,
 	}
-	s.writeOut(sl.message)
+	sl.filler = mpb.SpinnerStyle().PositionLeft().Build()
+	sl.bar = s.progress.Add(1, sl,
+		mpb.BarWidth(1),
+		mpb.AppendDecorators(decor.Any(sl.DecorMessage, decor.WCSyncWidthR)),
+	)
+
+	s.writeLog(sl.message)
 	return sl
 }
 
-func (s *MultiLineStatusHandler) writeOut(message string) {
-	_, _ = fmt.Fprintf(s.out, "%s\n", message)
+func (sl *statusLine) DecorMessage(s decor.Statistics) string {
+	return sl.message
+}
+
+func (sl *statusLine) Fill(w io.Writer, reqWidth int, stat decor.Statistics) {
+	if !sl.finished {
+		sl.filler.Fill(w, reqWidth, stat)
+	} else if sl.success {
+		fmt.Fprintf(w, "✓")
+	} else {
+		fmt.Fprintf(w, "✗")
+	}
+}
+
+func (s *MultiLineStatusHandler) writeLog(message string) {
+	//_, _ = fmt.Fprintf(s.out, "%s\n", message)
 }
 
 func (s *MultiLineStatusHandler) Info(message string) {
-	s.writeOut(message)
+	s.writeLog(message)
 }
 
 func (s *MultiLineStatusHandler) Warning(message string) {
-	s.writeOut(message)
+	s.writeLog(message)
 }
 
 func (s *MultiLineStatusHandler) Error(message string) {
-	s.writeOut(message)
+	s.writeLog(message)
 }
 
 func (s *MultiLineStatusHandler) Trace(message string) {
 	if s.trace {
-		s.writeOut(message)
+		s.writeLog(message)
 	}
 }
 
 func (s *MultiLineStatusHandler) PlainText(text string) {
-	s.writeOut(text)
+	s.writeLog(text)
 }
 
 func (sl *statusLine) Update(message string) {
 	sl.message = message
-	sl.slh.writeOut(sl.message)
+	sl.slh.writeLog(sl.message)
 }
 
 func (sl *statusLine) End(success bool) {
+	sl.finished = true
+	sl.success = success
+	// make sure that the bar es rendered on top so that it can be properly popped
+	sl.bar.SetPriority(math.MinInt)
+	sl.bar.Increment()
 }

From 46d44006be9b591ba4c24eb4e7f6b97d9eafc57c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 14:43:23 +0200
Subject: [PATCH 0130/2268] fix: Few status reporting improvements

---
 pkg/deployment/deployment_collection.go | 44 +++++++++++++++----------
 pkg/kluctl_project/project_load.go      |  5 +++
 pkg/kluctl_project/target_context.go    |  4 +++
 3 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 9c26fa86e..fc6d76ef8 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -161,14 +161,12 @@ func (c *DeploymentCollection) resolveSealedSecrets() error {
 }
 
 func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
-	s := status.Start(c.ctx, "Building kustomize objects")
-	defer s.Failed()
-
 	var wg sync.WaitGroup
 	var errs []error
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(16)
 
+	s := status.Start(c.ctx, "Building kustomize objects")
 	for _, d_ := range c.Deployments {
 		d := d_
 
@@ -179,20 +177,32 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 				mutex.Lock()
 				errs = append(errs, fmt.Errorf("building kustomize objects for %s failed. %w", *d.dir, err))
 				mutex.Unlock()
-			} else {
-				wg.Add(1)
-				go func() {
-					_ = sem.Acquire(context.Background(), 1)
-					defer sem.Release(1)
-
-					err := d.postprocessAndLoadObjects(k, c.Images)
-					if err != nil {
-						mutex.Lock()
-						errs = append(errs, fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err))
-						mutex.Unlock()
-					}
-					wg.Done()
-				}()
+			}
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+
+	if len(errs) != 0 {
+		s.Failed()
+		return utils.NewErrorListOrNil(errs)
+	}
+	s.Success()
+
+	s = status.Start(c.ctx, "Postprocessing objects")
+	for _, d_ := range c.Deployments {
+		d := d_
+
+		wg.Add(1)
+		go func() {
+			_ = sem.Acquire(context.Background(), 1)
+			defer sem.Release(1)
+
+			err := d.postprocessAndLoadObjects(k, c.Images)
+			if err != nil {
+				mutex.Lock()
+				errs = append(errs, fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err))
+				mutex.Unlock()
 			}
 
 			wg.Done()
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 4c5b74fb6..bd99e8291 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -189,6 +189,9 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		}
 	}
 
+	s := status.Start(c.ctx, "Loading kluctl project")
+	defer s.Failed()
+
 	deploymentInfo, err := c.loadExternalProject(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
 	if err != nil {
 		return err
@@ -226,6 +229,8 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	c.ClustersDir = mergedClustersDir
 	c.sealedSecretsDir = sealedSecretsInfo.dir
 
+	s.Success()
+
 	return nil
 }
 
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index bf4d1b369..1d6398ae0 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -60,10 +61,13 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfig
 
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
+		s := status.Start(ctx, "Initializing k8s client")
 		k, err = k8s.NewK8sCluster(ctx, clientConfig, dryRun)
 		if err != nil {
+			s.Failed()
 			return nil, err
 		}
+		s.Success()
 	}
 
 	varsCtx := jinja2.NewVarsCtx(p.J2)

From 0949a6ba0a1b0d9ce81d92cb0b74312beea72e3f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 14:44:03 +0200
Subject: [PATCH 0131/2268] fix: Stop printing git progress

---
 pkg/git/mirrored_repo.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 2eeb19bfd..874942200 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -229,7 +229,6 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authPr
 		err = remote.FetchContext(g.ctx, &git.FetchOptions{
 			Auth:     auth.AuthMethod,
 			CABundle: auth.CABundle,
-			Progress: os.Stdout,
 			Tags:     git.AllTags,
 			Force:    true,
 		})
@@ -259,7 +258,6 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authPr
 
 	_ = ioutil.WriteFile(filepath.Join(g.mirrorDir, ".update-time"), []byte(time.Now().Format(time.RFC3339Nano)), 0644)
 
-	s.Success()
 	return nil
 }
 

From 4873a78afdf3aeafd1d411b143300fba82da06d7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 14:45:52 +0200
Subject: [PATCH 0132/2268] fix: Redirect klog output to status handler

---
 cmd/kluctl/commands/root.go |  5 +++
 pkg/status/utils.go         | 65 +++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 pkg/status/utils.go

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index a35f2c063..795c5451c 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -26,6 +26,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+	"k8s.io/klog/v2"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -71,6 +72,10 @@ var cliCtx = context.Background()
 func (c *cli) setupStatusHandler() error {
 	sh := status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
 	cliCtx = status.NewContext(cliCtx, sh)
+
+	klog.LogToStderr(false)
+	klog.SetOutput(status.NewLineRedirector(sh.Info))
+
 	return nil
 }
 
diff --git a/pkg/status/utils.go b/pkg/status/utils.go
new file mode 100644
index 000000000..b6d6fbb64
--- /dev/null
+++ b/pkg/status/utils.go
@@ -0,0 +1,65 @@
+package status
+
+import (
+	"bufio"
+	"io"
+)
+
+func NewLineRedirector(cb func(line string)) io.WriteCloser {
+	r, w := io.Pipe()
+
+	go func() {
+		br := bufio.NewReader(r)
+		scanner := bufio.NewScanner(&replaceRReader{reader: br})
+		for scanner.Scan() {
+			msg := scanner.Text()
+			if msg == "" {
+				continue
+			}
+			cb(msg)
+		}
+	}()
+
+	return w
+}
+
+type replaceRReader struct {
+	reader *bufio.Reader
+	lastR  bool
+}
+
+func (r *replaceRReader) Read(p []byte) (int, error) {
+	written := 0
+	for true {
+		b, err := r.reader.ReadByte()
+		if err != nil {
+			if err == io.EOF {
+				if written == 0 {
+					return 0, err
+				}
+				return written, nil
+			}
+			return 0, err
+		}
+
+		if b == '\r' {
+			p[written] = '\n'
+			written++
+			r.lastR = true
+			break
+		} else if b == '\n' {
+			if r.lastR {
+				continue
+			}
+			p[written] = '\n'
+			written++
+			r.lastR = false
+			break
+		} else {
+			p[written] = b
+			written++
+			r.lastR = false
+		}
+	}
+	return written, nil
+}

From ccb8ad8b7fa0190f42eb80f8db472b1da9c67529 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 16:16:33 +0200
Subject: [PATCH 0133/2268] feat: Use status handler for deployment progress
 reporting

---
 pkg/deployment/commands/downscale.go         |   2 +-
 pkg/deployment/commands/poke_images.go       |   2 +-
 pkg/deployment/commands/validate.go          |   2 +-
 pkg/deployment/utils/apply_utils.go          | 110 +++++++---------
 pkg/deployment/utils/hooks_util.go           |  12 +-
 pkg/deployment/utils/progress.go             | 126 -------------------
 pkg/deployment/utils/remote_objects_utils.go |  10 +-
 pkg/status/status.go                         | 115 ++++++++++++++++-
 pkg/status/status_handler.go                 |  81 +++++++-----
 9 files changed, 228 insertions(+), 232 deletions(-)
 delete mode 100644 pkg/deployment/utils/progress.go

diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index 60cadd857..82e89b2cc 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -40,7 +40,7 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, nil)
 		for _, o := range d.Objects {
 			o := o
 			ref := o.GetK8sRef()
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index c794e8a8a..03ae6dbc3 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -76,7 +76,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, ref.String(), 0, true))
+			au := ad.NewApplyUtil(ctx, nil)
 			au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 				return doPokeImage(containers, o)
 			})
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index fbe9102ec..d9a63720d 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -40,7 +40,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 		if !d.CheckInclusionForDeploy() {
 			continue
 		}
-		au := ad.NewApplyUtil(ctx, utils2.NewProgressCtx(ctx, nil, d.RelToProjectItemDir, 0, true))
+		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
 		for _, o := range d.Objects {
 			hook := h.GetHook(o)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index b8c78acbb..a93028eae 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -13,11 +13,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	"github.com/vbauerster/mpb/v7"
 	"golang.org/x/sync/semaphore"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
-	"os"
 	"reflect"
 	"strings"
 	"sync"
@@ -53,7 +51,7 @@ type ApplyUtil struct {
 	ru   *RemoteObjectUtils
 	k    *k8s.K8sCluster
 	o    *ApplyUtilOptions
-	pctx *progressCtx
+	sctx *status.StatusContext
 }
 
 type ApplyDeploymentsUtil struct {
@@ -85,7 +83,7 @@ func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnin
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, pctx *progressCtx) *ApplyUtil {
+func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *status.StatusContext) *ApplyUtil {
 	ret := &ApplyUtil{
 		ctx:                ctx,
 		dew:                ad.dew,
@@ -98,7 +96,7 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, pctx *progress
 		ru:                 ad.ru,
 		k:                  ad.k,
 		o:                  ad.o,
-		pctx:               pctx,
+		sctx:               statusCtx,
 	}
 	ad.results = append(ad.results, ret)
 	return ret
@@ -184,7 +182,7 @@ func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool,
 
 	warn := fmt.Errorf("patching %s failed, retrying by deleting and re-applying", ref.String())
 	a.HandleWarning(ref, warn)
-	a.pctx.Warningf(warn.Error())
+	status.Warning(a.ctx, warn.Error())
 
 	if !a.DeleteObject(ref, hook) {
 		return
@@ -216,7 +214,7 @@ func (a *ApplyUtil) retryApplyWithReplace(x *uo.UnstructuredObject, hook bool, r
 
 	warn := fmt.Errorf("patching %s failed, retrying with replace instead of patch", ref.String())
 	a.HandleWarning(ref, warn)
-	a.pctx.Warningf(warn.Error())
+	status.Warning(a.ctx, warn.Error())
 
 	rv := remoteObject.GetK8sResourceVersion()
 	x2 := x.Clone()
@@ -367,7 +365,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 	}
 	timeoutTimer := time.NewTimer(timeout)
 
-	a.pctx.Debugf("Waiting for %s to get ready", ref.String())
+	status.Trace(a.ctx, "Waiting for %s to get ready", ref.String())
 
 	lastLogTime := time.Now()
 	didLog := false
@@ -380,7 +378,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		if err != nil {
 			if errors.IsNotFound(err) {
 				if didLog {
-					a.pctx.Warningf("Cancelled waiting for %s as it disappeared while waiting for it (%ds elapsed)", ref.String(), elapsed)
+					status.Warning(a.ctx, "Cancelled waiting for %s as it disappeared while waiting for it (%ds elapsed)", ref.String(), elapsed)
 				}
 				a.HandleError(ref, fmt.Errorf("%s disappeared while waiting for it to become ready", ref.String()))
 				return false
@@ -391,13 +389,13 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		v := validation.ValidateObject(a.k, o, false)
 		if v.Ready {
 			if didLog {
-				a.pctx.Infof("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
+				a.sctx.InfoFallback("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
 			}
 			return true
 		}
 		if len(v.Errors) != 0 {
 			if didLog {
-				a.pctx.Warningf("Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
+				status.Warning(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
 			}
 			for _, e := range v.Errors {
 				a.HandleError(ref, fmt.Errorf(e.Error))
@@ -405,14 +403,14 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			return false
 		}
 
-		a.pctx.SetStatus(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
+		a.sctx.Update(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
 
 		if !didLog {
-			a.pctx.Infof("Waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
+			a.sctx.InfoFallback("Waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			didLog = true
 			lastLogTime = time.Now()
 		} else if didLog && time.Now().Sub(lastLogTime) >= 10*time.Second {
-			a.pctx.Infof("Still waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
+			a.sctx.InfoFallback("Still waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			lastLogTime = time.Now()
 		}
 
@@ -421,12 +419,12 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			continue
 		case <-timeoutTimer.C:
 			err := fmt.Errorf("timed out while waiting for readiness of %s", ref.String())
-			a.pctx.Warningf("%s (%ds elapsed)", err.Error(), elapsed)
+			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
 			a.HandleError(ref, err)
 			return false
 		case <-a.ctx.Done():
 			err := fmt.Errorf("failed waiting for readiness of %s: %w", ref.String(), err)
-			a.pctx.Warningf("%s (%ds elapsed)", err.Error(), elapsed)
+			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
 			a.HandleError(ref, err)
 			return false
 		}
@@ -476,26 +474,26 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 
 	// +1 to ensure that we don't prematurely complete the bar (which would happen as we don't count for waiting)
 	total := len(applyObjects) + len(preHooks) + len(postHooks) + 1
-	a.pctx.SetTotal(int64(total))
+	a.sctx.SetTotal(total)
 	if !d.CheckInclusionForDeploy() {
-		a.pctx.InfofAndStatus("Skipped")
-		a.pctx.Finish()
+		a.sctx.UpdateAndInfoFallback("Skipped")
+		a.sctx.Success()
 		return
 	}
 
 	if len(toDelete) != 0 {
-		a.pctx.Infof("Deleting %d objects", len(toDelete))
+		a.sctx.InfoFallback("Deleting %d objects", len(toDelete))
 		for i, ref := range toDelete {
-			a.pctx.SetStatus(fmt.Sprintf("Deleting object %s (%d of %d)", ref.String(), i+1, len(toDelete)))
+			a.sctx.Update(fmt.Sprintf("Deleting object %s (%d of %d)", ref.String(), i+1, len(toDelete)))
 			a.DeleteObject(ref, false)
-			a.pctx.Increment()
+			a.sctx.Increment()
 		}
 	}
 
 	h.RunHooks(preHooks)
 
 	if len(applyObjects) != 0 {
-		a.pctx.Infof("Applying %d objects", len(applyObjects))
+		a.sctx.InfoFallback("Applying %d objects", len(applyObjects))
 	}
 	startTime := time.Now()
 	didLog := false
@@ -505,11 +503,11 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		}
 
 		ref := o.GetK8sRef()
-		a.pctx.SetStatus(fmt.Sprintf("Applying object %s (%d of %d)", ref.String(), i+1, len(applyObjects)))
+		a.sctx.Update(fmt.Sprintf("Applying object %s (%d of %d)", ref.String(), i+1, len(applyObjects)))
 		a.ApplyObject(o, false, false)
-		a.pctx.Increment()
+		a.sctx.Increment()
 		if time.Now().Sub(startTime) >= 10*time.Second || (didLog && i == len(applyObjects)-1) {
-			a.pctx.Infof("...applied %d of %d objects", i+1, len(applyObjects))
+			a.sctx.InfoFallback("...applied %d of %d objects", i+1, len(applyObjects))
 			startTime = time.Now()
 			didLog = true
 		}
@@ -545,8 +543,13 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		finalStatus += fmt.Sprintf(" Encountered %d warnings.", a.warningCount)
 	}
 
-	a.pctx.SetStatus(strings.TrimSpace(finalStatus))
-	a.pctx.Finish()
+	a.sctx.Update(strings.TrimSpace(finalStatus))
+
+	if a.errorCount == 0 {
+		a.sctx.Success()
+	} else {
+		a.sctx.Failed()
+	}
 }
 
 func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *string {
@@ -561,15 +564,11 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 }
 
 func (a *ApplyDeploymentsUtil) ApplyDeployments() {
-	status.Info(a.ctx, "Running server-side apply for all objects")
+	s := status.Start(a.ctx, "Running server-side apply for all objects")
+	defer s.Failed()
 
 	var wg sync.WaitGroup
 	sem := semaphore.NewWeighted(8)
-	p := mpb.New(
-		mpb.WithWidth(utils.GetTermWidth()),
-		mpb.WithOutput(os.Stderr),
-		mpb.PopCompletedMode(),
-	)
 
 	maxNameLen := 0
 	for _, d := range a.deployments {
@@ -590,13 +589,15 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 		_ = sem.Acquire(context.Background(), 1)
 
 		progressName := a.buildProgressName(d)
-		var pctx *progressCtx
+		var sctx *status.StatusContext
 		if progressName != nil {
-			pctx = NewProgressCtx(a.ctx, p, *progressName, maxNameLen, true)
-		} else {
-			pctx = NewProgressCtx(a.ctx, nil, "", 0, false)
+			sctx = status.StartWithOptions(a.ctx,
+				status.WithTotal(-1),
+				status.WithPrefix(*progressName),
+				status.WithStatus("Initializing..."),
+			)
 		}
-		a2 := a.NewApplyUtil(a.ctx, pctx)
+		a2 := a.NewApplyUtil(a.ctx, sctx)
 
 		wg.Add(1)
 		go func() {
@@ -604,37 +605,22 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 			defer sem.Release(1)
 
 			a2.applyDeploymentItem(d)
-			pctx.Finish()
+
+			// if success was not signalled, get into failed status
+			sctx.Failed()
 		}()
 
 		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
 		if barrier {
-			bpctx := NewProgressCtx(a.ctx, p, "<barrier>", maxNameLen, true)
-			bpctx.SetTotal(1)
-
-			bpctx.InfofAndStatus("Waiting on barrier...")
-			stopCh := make(chan int)
-			doneCh := make(chan int)
-			go func() {
-				for {
-					select {
-					case <-stopCh:
-						bpctx.SetStatus(fmt.Sprintf("Finished waiting"))
-						bpctx.Finish()
-						doneCh <- 1
-						return
-					case <-time.After(time.Second):
-						bpctx.SetStatus(fmt.Sprintf("Waiting on barrier..."))
-					}
-				}
-			}()
+			sctx := status.Start(a.ctx, "", status.WithTotal(1))
+			sctx.UpdateAndInfoFallback("Waiting on barrier...")
 			wg.Wait()
-			stopCh <- 1
-			<-doneCh
+			sctx.UpdateAndInfoFallback(fmt.Sprintf("Finished waiting"))
+			sctx.Success()
 		}
 	}
 	wg.Wait()
-	p.Wait()
+	s.Success()
 }
 
 func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.UnstructuredObject, callback func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error)) {
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index bee3b6811..b811962c7 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -82,12 +82,12 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 		for p := range h.deletePolicies {
 			dpStr = append(dpStr, p)
 		}
-		u.a.pctx.InfofAndStatus("Deleting hook %s due to hook-delete-policy %s (%d of %d)", ref.String(), strings.Join(dpStr, ","), i+1, cnt)
+		u.a.sctx.UpdateAndInfoFallback("Deleting hook %s due to hook-delete-policy %s (%d of %d)", ref.String(), strings.Join(dpStr, ","), i+1, cnt)
 		return u.a.DeleteObject(ref, true)
 	}
 
 	if len(deleteBeforeObjects) != 0 {
-		u.a.pctx.Infof("Deleting %d hooks before hook execution", len(deleteBeforeObjects))
+		u.a.sctx.InfoFallback("Deleting %d hooks before hook execution", len(deleteBeforeObjects))
 	}
 	for i, h := range deleteBeforeObjects {
 		doDeleteForPolicy(h, i, len(deleteBeforeObjects))
@@ -95,14 +95,14 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 
 	waitResults := make(map[k8s.ObjectRef]bool)
 	if len(applyObjects) != 0 {
-		u.a.pctx.Infof("Applying %d hooks", len(applyObjects))
+		u.a.sctx.InfoFallback("Applying %d hooks", len(applyObjects))
 	}
 	for i, h := range applyObjects {
 		ref := h.object.GetK8sRef()
 		_, replaced := h.deletePolicies["before-hook-creation"]
-		u.a.pctx.DebugfAndStatus("Applying hook %s (%d of %d)", ref.String(), i+1, len(applyObjects))
+		u.a.sctx.UpdateAndInfoFallback("Applying hook %s (%d of %d)", ref.String(), i+1, len(applyObjects))
 		u.a.ApplyObject(h.object, replaced, true)
-		u.a.pctx.Increment()
+		u.a.sctx.Increment()
 
 		if u.a.HadError(ref) {
 			continue
@@ -133,7 +133,7 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 	}
 
 	if len(deleteAfterObjects) != 0 {
-		u.a.pctx.Infof("Deleting %d hooks after hook execution", len(deleteAfterObjects))
+		u.a.sctx.InfoFallback("Deleting %d hooks after hook execution", len(deleteAfterObjects))
 	}
 	for i, h := range deleteAfterObjects {
 		doDeleteForPolicy(h, i, len(deleteAfterObjects))
diff --git a/pkg/deployment/utils/progress.go b/pkg/deployment/utils/progress.go
deleted file mode 100644
index 34d03a61c..000000000
--- a/pkg/deployment/utils/progress.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package utils
-
-import (
-	"context"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/mattn/go-isatty"
-	"github.com/vbauerster/mpb/v7"
-	"github.com/vbauerster/mpb/v7/decor"
-	"math"
-	"os"
-	"strings"
-	"sync"
-	"time"
-)
-
-type progressCtx struct {
-	ctx       context.Context
-	bar       *mpb.Bar
-	doLog     bool
-	total     int64
-	name      string
-	status    string
-	startTime time.Time
-	mutex     sync.Mutex
-}
-
-func NewProgressCtx(ctx context.Context, p *mpb.Progress, name string, maxNameWidth int, doLog bool) *progressCtx {
-	pctx := &progressCtx{
-		ctx:       ctx,
-		status:    "Initializing...",
-		total:     -1,
-		name:      name,
-		startTime: time.Now(),
-	}
-	if !isatty.IsTerminal(os.Stderr.Fd()) || p == nil {
-		pctx.doLog = doLog
-		return pctx
-	}
-
-	name += ":"
-	if len(name) < maxNameWidth+1 {
-		name += strings.Repeat(" ", maxNameWidth-len(name)+1)
-	}
-	name += " "
-
-	if p != nil {
-		pctx.bar = p.AddBar(-1,
-			mpb.BarWidth(40),
-			mpb.PrependDecorators(decor.Name(name)),
-			mpb.PrependDecorators(decor.Any(pctx.ElapsedDecorFunc)),
-			mpb.AppendDecorators(decor.Any(pctx.StatusDecorFunc)),
-		)
-	}
-	return pctx
-}
-
-func (ctx *progressCtx) Infof(s string, args ...interface{}) {
-	if ctx.doLog {
-		status.Info(ctx.ctx, s, args...)
-	}
-}
-
-func (ctx *progressCtx) Warningf(s string, args ...interface{}) {
-	if ctx.doLog {
-		status.Warning(ctx.ctx, s, args...)
-	}
-}
-
-func (ctx *progressCtx) Debugf(s string, args ...interface{}) {
-	if ctx.doLog {
-		status.Trace(ctx.ctx, s, args...)
-	}
-}
-
-func (ctx *progressCtx) InfofAndStatus(s string, args ...interface{}) {
-	ctx.Infof(s, args...)
-	ctx.SetStatus(fmt.Sprintf(s, args...))
-}
-
-func (ctx *progressCtx) DebugfAndStatus(s string, args ...interface{}) {
-	ctx.Debugf(s, args...)
-	ctx.SetStatus(fmt.Sprintf(s, args...))
-}
-
-func (ctx *progressCtx) SetStatus(s string) {
-	ctx.mutex.Lock()
-	defer ctx.mutex.Unlock()
-	ctx.status = s
-}
-
-func (ctx *progressCtx) StatusDecorFunc(st decor.Statistics) string {
-	ctx.mutex.Lock()
-	defer ctx.mutex.Unlock()
-	return ctx.status
-}
-
-func (ctx *progressCtx) ElapsedDecorFunc(st decor.Statistics) string {
-	s := fmt.Sprintf("%.3fs", time.Now().Sub(ctx.startTime).Seconds())
-	if len(s) < 8 {
-		s = strings.Repeat(" ", 8-len(s)) + s
-	}
-	return s
-}
-
-func (ctx *progressCtx) SetTotal(total int64) {
-	ctx.total = total
-	if ctx.bar != nil {
-		ctx.bar.SetTotal(total, false)
-		ctx.bar.EnableTriggerComplete()
-	}
-}
-
-func (ctx *progressCtx) Increment() {
-	if ctx.bar != nil {
-		ctx.bar.Increment()
-	}
-}
-
-func (ctx *progressCtx) Finish() {
-	if ctx.bar != nil {
-		// make sure that the bar es rendered on top so that it can be properly popped
-		ctx.bar.SetPriority(math.MinInt)
-		ctx.bar.SetCurrent(ctx.total)
-	}
-}
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 65ddf867e..ea2c3339a 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -33,7 +33,8 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		return nil
 	}
 
-	status.Info(u.ctx, "Getting remote objects by commonLabels")
+	s := status.Start(u.ctx, "Getting remote objects by commonLabels")
+	defer s.Failed()
 
 	allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels, false)
 	for gvk, aw := range apiWarnings {
@@ -61,7 +62,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 	u.mutex.Unlock()
 
 	if len(notFoundRefsList) != 0 {
-		status.Info(u.ctx, "Getting %d additional remote objects", len(notFoundRefsList))
+		s.UpdateAndInfoFallback("Getting %d additional remote objects", len(notFoundRefsList))
 		r, apiWarnings, err := k.GetObjectsByRefs(notFoundRefsList)
 		for ref, aw := range apiWarnings {
 			u.dew.AddApiWarnings(ref, aw)
@@ -76,7 +77,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		u.mutex.Unlock()
 	}
 
-	status.Info(u.ctx, "Getting namespaces")
+	s.UpdateAndInfoFallback("Getting namespaces")
 	r, _, err := k.ListObjects(schema.GroupVersionKind{
 		Group:   "",
 		Version: "v1",
@@ -88,6 +89,9 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 	for _, o := range r {
 		u.remoteNamespaces[o.GetK8sName()] = o
 	}
+
+	s.Success()
+
 	return nil
 }
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index a9b8b4df6..41914412b 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -12,15 +12,24 @@ type StatusContext struct {
 	sl       StatusLine
 	finished bool
 	failed   bool
+
+	prefix        string
+	startMessage  string
+	startPriority int
+	startTotal    int
+	disableLogs   bool
 }
 
 type StatusLine interface {
+	SetTotal(total int)
+	Increment()
+
 	Update(message string)
 	End(success bool)
 }
 
 type StatusHandler interface {
-	StartStatus(message string) StatusLine
+	StartStatus(total int, message string) StatusLine
 
 	Info(message string)
 	Warning(message string)
@@ -28,6 +37,7 @@ type StatusHandler interface {
 	Trace(message string)
 
 	PlainText(text string)
+	InfoFallback(sprintf string)
 }
 
 type contextKey struct{}
@@ -44,23 +54,109 @@ func FromContext(ctx context.Context) StatusHandler {
 	return v.(StatusHandler)
 }
 
-func Start(ctx context.Context, status string, args ...any) *StatusContext {
+type Option func(s *StatusContext)
+
+func WithPrefix(prefix string) Option {
+	return func(s *StatusContext) {
+		s.prefix = prefix
+	}
+}
+
+func WithStatus(message string, args ...any) Option {
+	return func(s *StatusContext) {
+		s.startMessage = fmt.Sprintf(message, args...)
+	}
+}
+
+func WithPriority(p int) Option {
+	return func(s *StatusContext) {
+		s.startPriority = p
+	}
+}
+
+func WithTotal(t int) Option {
+	return func(s *StatusContext) {
+		s.startTotal = t
+	}
+}
+
+func WithDisableLogs() Option {
+	return func(s *StatusContext) {
+		s.disableLogs = true
+	}
+}
+
+func StartWithOptions(ctx context.Context, opts ...Option) *StatusContext {
 	sh := FromContext(ctx)
 	s := &StatusContext{
 		ctx: ctx,
 		sh:  sh,
 	}
 
-	s.sl = sh.StartStatus(fmt.Sprintf(status, args...))
+	for _, o := range opts {
+		o(s)
+	}
+
+	s.sl = sh.StartStatus(s.startTotal, s.buildMessage(s.startMessage))
 
 	return s
 }
 
+func Start(ctx context.Context, status string, args ...any) *StatusContext {
+	return StartWithOptions(ctx,
+		WithTotal(1),
+		WithStatus(status, args...),
+	)
+}
+
+func (s *StatusContext) buildMessage(message string, args ...any) string {
+	m := fmt.Sprintf(message, args...)
+	if s.prefix == "" {
+		return m
+	}
+	return fmt.Sprintf("%s: %s", s.prefix, m)
+}
+
+func (s *StatusContext) SetTotal(total int) {
+	if s == nil {
+		return
+	}
+	s.sl.SetTotal(total)
+}
+
+func (s *StatusContext) Increment() {
+	if s == nil {
+		return
+	}
+	s.sl.Increment()
+}
+
 func (s *StatusContext) Update(message string, args ...any) {
-	s.sl.Update(fmt.Sprintf(message, args...))
+	if s == nil {
+		return
+	}
+	s.sl.Update(s.buildMessage(message, args...))
+}
+
+func (s *StatusContext) InfoFallback(message string, args ...any) {
+	if s == nil {
+		return
+	}
+	InfoFallback(s.ctx, s.buildMessage(message, args...))
+}
+
+func (s *StatusContext) UpdateAndInfoFallback(message string, args ...any) {
+	if s == nil {
+		return
+	}
+	s.Update(message, args...)
+	s.InfoFallback(message, args...)
 }
 
 func (s *StatusContext) Failed() {
+	if s == nil {
+		return
+	}
 	if s.finished {
 		return
 	}
@@ -69,6 +165,9 @@ func (s *StatusContext) Failed() {
 }
 
 func (s *StatusContext) FailedWithMessage(msg string, args ...any) {
+	if s == nil {
+		return
+	}
 	if s.finished {
 		return
 	}
@@ -77,6 +176,9 @@ func (s *StatusContext) FailedWithMessage(msg string, args ...any) {
 }
 
 func (s *StatusContext) Success() {
+	if s == nil {
+		return
+	}
 	s.sl.End(true)
 	s.finished = true
 }
@@ -91,6 +193,11 @@ func Info(ctx context.Context, status string, args ...any) {
 	slh.Info(fmt.Sprintf(status, args...))
 }
 
+func InfoFallback(ctx context.Context, status string, args ...any) {
+	slh := FromContext(ctx)
+	slh.InfoFallback(fmt.Sprintf(status, args...))
+}
+
 func Warning(ctx context.Context, status string, args ...any) {
 	slh := FromContext(ctx)
 	slh.Warning(fmt.Sprintf(status, args...))
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 7f6bd0c39..0443aeec4 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -2,7 +2,6 @@ package status
 
 import (
 	"context"
-	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/vbauerster/mpb/v7"
 	"github.com/vbauerster/mpb/v7/decor"
@@ -19,12 +18,12 @@ type MultiLineStatusHandler struct {
 
 type statusLine struct {
 	slh     *MultiLineStatusHandler
+	total   int
 	bar     *mpb.Bar
 	filler  mpb.BarFiller
 	message string
 
-	finished bool
-	success  bool
+	barOverride string
 }
 
 func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *MultiLineStatusHandler {
@@ -44,18 +43,29 @@ func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *
 	return sh
 }
 
-func (s *MultiLineStatusHandler) StartStatus(message string) StatusLine {
+func (s *MultiLineStatusHandler) StartStatus(total int, message string) StatusLine {
+	return s.startStatus(total, message, 0, "")
+}
+
+func (s *MultiLineStatusHandler) startStatus(total int, message string, priority int, barOverride string) *statusLine {
 	sl := &statusLine{
-		slh:     s,
-		message: message,
+		slh:         s,
+		total:       total,
+		message:     message,
+		barOverride: barOverride,
 	}
 	sl.filler = mpb.SpinnerStyle().PositionLeft().Build()
-	sl.bar = s.progress.Add(1, sl,
+
+	opts := []mpb.BarOption{
 		mpb.BarWidth(1),
 		mpb.AppendDecorators(decor.Any(sl.DecorMessage, decor.WCSyncWidthR)),
-	)
+	}
+	if priority != 0 {
+		opts = append(opts, mpb.BarPriority(priority))
+	}
+
+	sl.bar = s.progress.Add(int64(total), sl, opts...)
 
-	s.writeLog(sl.message)
 	return sl
 }
 
@@ -64,50 +74,65 @@ func (sl *statusLine) DecorMessage(s decor.Statistics) string {
 }
 
 func (sl *statusLine) Fill(w io.Writer, reqWidth int, stat decor.Statistics) {
-	if !sl.finished {
-		sl.filler.Fill(w, reqWidth, stat)
-	} else if sl.success {
-		fmt.Fprintf(w, "✓")
-	} else {
-		fmt.Fprintf(w, "✗")
+	if sl.barOverride != "" {
+		_, _ = io.WriteString(w, sl.barOverride)
+		return
 	}
-}
 
-func (s *MultiLineStatusHandler) writeLog(message string) {
-	//_, _ = fmt.Fprintf(s.out, "%s\n", message)
+	sl.filler.Fill(w, reqWidth, stat)
 }
 
 func (s *MultiLineStatusHandler) Info(message string) {
-	s.writeLog(message)
+	s.startStatus(1, message, math.MinInt, "ⓘ").end("ⓘ")
+}
+
+func (s *MultiLineStatusHandler) InfoFallback(message string) {
+	// no fallback needed
 }
 
 func (s *MultiLineStatusHandler) Warning(message string) {
-	s.writeLog(message)
+	s.startStatus(1, message, math.MinInt, "⚠").end("⚠")
 }
 
 func (s *MultiLineStatusHandler) Error(message string) {
-	s.writeLog(message)
+	s.startStatus(1, message, math.MinInt, "✗").end("✗")
 }
 
 func (s *MultiLineStatusHandler) Trace(message string) {
 	if s.trace {
-		s.writeLog(message)
+		s.Info(message)
 	}
 }
 
 func (s *MultiLineStatusHandler) PlainText(text string) {
-	s.writeLog(text)
+	s.Info(text)
+}
+
+func (sl *statusLine) SetTotal(total int) {
+	sl.total = total
+	sl.bar.SetTotal(int64(total), false)
+	sl.bar.EnableTriggerComplete()
+}
+
+func (sl *statusLine) Increment() {
+	sl.bar.Increment()
 }
 
 func (sl *statusLine) Update(message string) {
 	sl.message = message
-	sl.slh.writeLog(sl.message)
 }
 
-func (sl *statusLine) End(success bool) {
-	sl.finished = true
-	sl.success = success
+func (sl *statusLine) end(barOverride string) {
+	sl.barOverride = barOverride
 	// make sure that the bar es rendered on top so that it can be properly popped
 	sl.bar.SetPriority(math.MinInt)
-	sl.bar.Increment()
+	sl.bar.SetCurrent(int64(sl.total))
+}
+
+func (sl *statusLine) End(success bool) {
+	if success {
+		sl.end("✓")
+	} else {
+		sl.end("✗")
+	}
 }

From cbe9e577718e6d22b24353de08a582ccafe5b288 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 16:39:09 +0200
Subject: [PATCH 0134/2268] fix: Propery stop status reporting before exit

---
 cmd/kluctl/commands/root.go  | 4 ++++
 pkg/status/status.go         | 1 +
 pkg/status/status_handler.go | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 795c5451c..da3ab1d28 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -186,6 +186,10 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 	initViper()
 
 	err = rootCmd.Execute()
+
+	sh := status.FromContext(cliCtx)
+	sh.Stop()
+
 	if err != nil {
 		status.Error(cliCtx, err.Error())
 		os.Exit(1)
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 41914412b..734e233d0 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -29,6 +29,7 @@ type StatusLine interface {
 }
 
 type StatusHandler interface {
+	Stop()
 	StartStatus(total int, message string) StatusLine
 
 	Info(message string)
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 0443aeec4..1f8c89bdc 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -43,6 +43,10 @@ func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *
 	return sh
 }
 
+func (s *MultiLineStatusHandler) Stop() {
+	s.progress.Wait()
+}
+
 func (s *MultiLineStatusHandler) StartStatus(total int, message string) StatusLine {
 	return s.startStatus(total, message, 0, "")
 }

From dce7349822c44be68fcc0dc2879bd96b16873211 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 16:40:03 +0200
Subject: [PATCH 0135/2268] feat: Support colors in status reports

---
 pkg/deployment/utils/apply_utils.go |  2 +-
 pkg/status/status.go                | 22 +++++++++++++++++++---
 pkg/status/status_handler.go        | 22 ++++++++++++++--------
 pkg/status/utils.go                 | 13 +++++++++++++
 4 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index a93028eae..581245aef 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -477,7 +477,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	a.sctx.SetTotal(total)
 	if !d.CheckInclusionForDeploy() {
 		a.sctx.UpdateAndInfoFallback("Skipped")
-		a.sctx.Success()
+		a.sctx.Warning()
 		return
 	}
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 734e233d0..4a49fa72c 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -20,12 +20,20 @@ type StatusContext struct {
 	disableLogs   bool
 }
 
+type EndResult int
+
+const (
+	EndSuccess EndResult = iota
+	EndWarning
+	EndError
+)
+
 type StatusLine interface {
 	SetTotal(total int)
 	Increment()
 
 	Update(message string)
-	End(success bool)
+	End(result EndResult)
 }
 
 type StatusHandler interface {
@@ -161,7 +169,7 @@ func (s *StatusContext) Failed() {
 	if s.finished {
 		return
 	}
-	s.sl.End(false)
+	s.sl.End(EndError)
 	s.failed = true
 }
 
@@ -180,7 +188,15 @@ func (s *StatusContext) Success() {
 	if s == nil {
 		return
 	}
-	s.sl.End(true)
+	s.sl.End(EndSuccess)
+	s.finished = true
+}
+
+func (s *StatusContext) Warning() {
+	if s == nil {
+		return
+	}
+	s.sl.End(EndWarning)
 	s.finished = true
 }
 
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 1f8c89bdc..a1bd50036 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -87,7 +87,8 @@ func (sl *statusLine) Fill(w io.Writer, reqWidth int, stat decor.Statistics) {
 }
 
 func (s *MultiLineStatusHandler) Info(message string) {
-	s.startStatus(1, message, math.MinInt, "ⓘ").end("ⓘ")
+	o := withColor("green", "ⓘ")
+	s.startStatus(1, message, math.MinInt, o).end(o)
 }
 
 func (s *MultiLineStatusHandler) InfoFallback(message string) {
@@ -95,11 +96,13 @@ func (s *MultiLineStatusHandler) InfoFallback(message string) {
 }
 
 func (s *MultiLineStatusHandler) Warning(message string) {
-	s.startStatus(1, message, math.MinInt, "⚠").end("⚠")
+	o := withColor("yellow", "⚠")
+	s.startStatus(1, message, math.MinInt, o).end(o)
 }
 
 func (s *MultiLineStatusHandler) Error(message string) {
-	s.startStatus(1, message, math.MinInt, "✗").end("✗")
+	o := withColor("red", "✗")
+	s.startStatus(1, message, math.MinInt, o).end(o)
 }
 
 func (s *MultiLineStatusHandler) Trace(message string) {
@@ -133,10 +136,13 @@ func (sl *statusLine) end(barOverride string) {
 	sl.bar.SetCurrent(int64(sl.total))
 }
 
-func (sl *statusLine) End(success bool) {
-	if success {
-		sl.end("✓")
-	} else {
-		sl.end("✗")
+func (sl *statusLine) End(result EndResult) {
+	switch result {
+	case EndSuccess:
+		sl.end(withColor("green", "✓"))
+	case EndWarning:
+		sl.end(withColor("yellow", "⚠"))
+	case EndError:
+		sl.end(withColor("red", "✗"))
 	}
 }
diff --git a/pkg/status/utils.go b/pkg/status/utils.go
index b6d6fbb64..0a2edfc82 100644
--- a/pkg/status/utils.go
+++ b/pkg/status/utils.go
@@ -2,6 +2,7 @@ package status
 
 import (
 	"bufio"
+	"fmt"
 	"io"
 )
 
@@ -63,3 +64,15 @@ func (r *replaceRReader) Read(p []byte) (int, error) {
 	}
 	return written, nil
 }
+
+func withColor(c string, s string) string {
+	switch c {
+	case "red":
+		c = "\x1b[31m"
+	case "green":
+		c = "\x1b[32m"
+	case "yellow":
+		c = "\x1b[33m"
+	}
+	return fmt.Sprintf("%s%s\x1b[0m", c, s)
+}

From b7f22b91800b5262a3205362eae0da6634caefdf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 17:03:49 +0200
Subject: [PATCH 0136/2268] feat: Implement simple status reporter for
 non-terminal sessions

---
 cmd/kluctl/commands/root.go             |  8 ++-
 pkg/deployment/utils/apply_utils.go     |  4 +-
 pkg/deployment/utils/diff_utils_test.go |  3 +-
 pkg/status/simple_status_handler.go     | 75 +++++++++++++++++++++++++
 pkg/status/status.go                    |  5 +-
 5 files changed, 89 insertions(+), 6 deletions(-)
 create mode 100644 pkg/status/simple_status_handler.go

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index da3ab1d28..306ad2f4d 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -24,6 +24,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/klog/v2"
@@ -70,7 +71,12 @@ var flagGroups = []groupInfo{
 var cliCtx = context.Background()
 
 func (c *cli) setupStatusHandler() error {
-	sh := status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
+	var sh status.StatusHandler
+	if isatty.IsTerminal(os.Stderr.Fd()) {
+		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
+	} else {
+		sh = status.NewSimpleStatusHandler(os.Stderr, c.Debug, "")
+	}
 	cliCtx = status.NewContext(cliCtx, sh)
 
 	klog.LogToStderr(false)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 581245aef..e72211935 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -594,7 +594,6 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 			sctx = status.StartWithOptions(a.ctx,
 				status.WithTotal(-1),
 				status.WithPrefix(*progressName),
-				status.WithStatus("Initializing..."),
 			)
 		}
 		a2 := a.NewApplyUtil(a.ctx, sctx)
@@ -612,8 +611,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 
 		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
 		if barrier {
-			sctx := status.Start(a.ctx, "", status.WithTotal(1))
-			sctx.UpdateAndInfoFallback("Waiting on barrier...")
+			sctx := status.StartWithOptions(a.ctx, status.WithStatus("Waiting on barrier..."), status.WithTotal(1))
 			wg.Wait()
 			sctx.UpdateAndInfoFallback(fmt.Sprintf("Finished waiting"))
 			sctx.Success()
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index bb494fcb4..0e1aa9d81 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -22,7 +23,7 @@ type diffTestConfig struct {
 }
 
 func (dtc *diffTestConfig) newRemoteObjects(dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
-	ru := NewRemoteObjectsUtil(dew)
+	ru := NewRemoteObjectsUtil(context.TODO(), dew)
 	for _, ro := range dtc.ro {
 		ru.remoteObjects[ro.GetK8sRef()] = ro
 	}
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
new file mode 100644
index 000000000..9cd40fa59
--- /dev/null
+++ b/pkg/status/simple_status_handler.go
@@ -0,0 +1,75 @@
+package status
+
+import (
+	"fmt"
+	"io"
+)
+
+type simpleStatusHandler struct {
+	out    io.Writer
+	trace  bool
+	prefix string
+}
+
+type simpleStatusLine struct {
+}
+
+func NewSimpleStatusHandler(out io.Writer, trace bool, prefix string) StatusHandler {
+	return &simpleStatusHandler{
+		out:    out,
+		trace:  trace,
+		prefix: prefix,
+	}
+}
+
+func (s *simpleStatusHandler) Stop() {
+}
+
+func (s *simpleStatusHandler) StartStatus(total int, message string) StatusLine {
+	if message != "" {
+		s.Info(message)
+	}
+	return &simpleStatusLine{}
+}
+
+func (s *simpleStatusHandler) Info(message string) {
+	if s.prefix == "" {
+		fmt.Fprintf(s.out, "%s\n", message)
+	} else {
+		fmt.Fprintf(s.out, "%s: %s\n", s.prefix, message)
+	}
+}
+
+func (s *simpleStatusHandler) Warning(message string) {
+	s.InfoFallback(message)
+}
+
+func (s *simpleStatusHandler) Error(message string) {
+	s.InfoFallback(message)
+}
+
+func (s *simpleStatusHandler) Trace(message string) {
+	if s.trace {
+		s.Info(message)
+	}
+}
+
+func (s *simpleStatusHandler) PlainText(text string) {
+	_, _ = io.WriteString(s.out, text)
+}
+
+func (s *simpleStatusHandler) InfoFallback(message string) {
+	s.Info(message)
+}
+
+func (sl *simpleStatusLine) SetTotal(total int) {
+}
+
+func (sl *simpleStatusLine) Increment() {
+}
+
+func (sl *simpleStatusLine) Update(message string) {
+}
+
+func (sl *simpleStatusLine) End(result EndResult) {
+}
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 4a49fa72c..5219a8fc9 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -46,7 +46,7 @@ type StatusHandler interface {
 	Trace(message string)
 
 	PlainText(text string)
-	InfoFallback(sprintf string)
+	InfoFallback(message string)
 }
 
 type contextKey struct{}
@@ -119,6 +119,9 @@ func Start(ctx context.Context, status string, args ...any) *StatusContext {
 }
 
 func (s *StatusContext) buildMessage(message string, args ...any) string {
+	if message == "" {
+		return ""
+	}
 	m := fmt.Sprintf(message, args...)
 	if s.prefix == "" {
 		return m

From e45a8191f96cd442684a8dd3e5c4e4e18b94c5f4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 17:25:35 +0200
Subject: [PATCH 0137/2268] fix: Fix invalid call to status.Warning

---
 cmd/kluctl/commands/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index f0ee358a7..30395bc61 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -51,7 +51,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 
 	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
 	if err != nil && projectFlags.FromArchive == "" {
-		status.Warning(cliCtx, "", "Failed to detect git project root. This might cause follow-up errors")
+		status.Warning(cliCtx, "Failed to detect git project root. This might cause follow-up errors")
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{

From f29b38f53817381644e9d94e7399531b361ec689 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 17:34:03 +0200
Subject: [PATCH 0138/2268] refactor: Pass callback instead of io.Writer to
 simpleStatusHandler

---
 cmd/kluctl/commands/root.go         |  4 +++-
 pkg/status/simple_status_handler.go | 25 +++++++------------------
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 306ad2f4d..be41c6de7 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -75,7 +75,9 @@ func (c *cli) setupStatusHandler() error {
 	if isatty.IsTerminal(os.Stderr.Fd()) {
 		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
 	} else {
-		sh = status.NewSimpleStatusHandler(os.Stderr, c.Debug, "")
+		sh = status.NewSimpleStatusHandler(func(message string) {
+			_, _ = fmt.Fprintf(os.Stderr, "%s\n", message)
+		}, c.Debug)
 	}
 	cliCtx = status.NewContext(cliCtx, sh)
 
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 9cd40fa59..8c15e1626 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -1,24 +1,17 @@
 package status
 
-import (
-	"fmt"
-	"io"
-)
-
 type simpleStatusHandler struct {
-	out    io.Writer
-	trace  bool
-	prefix string
+	cb    func(message string)
+	trace bool
 }
 
 type simpleStatusLine struct {
 }
 
-func NewSimpleStatusHandler(out io.Writer, trace bool, prefix string) StatusHandler {
+func NewSimpleStatusHandler(cb func(message string), trace bool) StatusHandler {
 	return &simpleStatusHandler{
-		out:    out,
-		trace:  trace,
-		prefix: prefix,
+		cb:    cb,
+		trace: trace,
 	}
 }
 
@@ -33,11 +26,7 @@ func (s *simpleStatusHandler) StartStatus(total int, message string) StatusLine
 }
 
 func (s *simpleStatusHandler) Info(message string) {
-	if s.prefix == "" {
-		fmt.Fprintf(s.out, "%s\n", message)
-	} else {
-		fmt.Fprintf(s.out, "%s: %s\n", s.prefix, message)
-	}
+	s.cb(message)
 }
 
 func (s *simpleStatusHandler) Warning(message string) {
@@ -55,7 +44,7 @@ func (s *simpleStatusHandler) Trace(message string) {
 }
 
 func (s *simpleStatusHandler) PlainText(text string) {
-	_, _ = io.WriteString(s.out, text)
+	s.Info(text)
 }
 
 func (s *simpleStatusHandler) InfoFallback(message string) {

From 380548c8daf6e8457acac27f14afaf64b98f9b36 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 17:40:13 +0200
Subject: [PATCH 0139/2268] tests: Fix windows tests

---
 e2e/project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/project.go b/e2e/project.go
index c19bd3b67..6068a7ceb 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -520,7 +520,7 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 	sep := ":"
 	if runtime.GOOS == "windows" {
 		sep = ";"
-		args = append(args, "-vdebug")
+		args = append(args, "--debug")
 	}
 	env := os.Environ()
 	env = append(env, fmt.Sprintf("KUBECONFIG=%s", strings.Join(p.kubeconfigs, sep)))

From 35f752cdd46a5a908096b2ab1ff8be7b0e2532f5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 May 2022 17:54:19 +0200
Subject: [PATCH 0140/2268] fix: Fix crash due to reuse of status handler

---
 cmd/kluctl/commands/root.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index be41c6de7..491bff9fa 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -196,10 +196,11 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 	err = rootCmd.Execute()
 
 	sh := status.FromContext(cliCtx)
-	sh.Stop()
 
 	if err != nil {
 		status.Error(cliCtx, err.Error())
+		sh.Stop()
 		os.Exit(1)
 	}
+	sh.Stop()
 }

From e21c0b78e58b1b21264e16e2a3c4a4b96da7b0b1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 11:43:16 +0200
Subject: [PATCH 0141/2268] fix: Fix and enforce Run() implementation in
 commands

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 7 +++----
 cmd/kluctl/commands/cmd_helm_update.go | 7 +++----
 cmd/kluctl/commands/cobra_utils.go     | 9 +++++----
 cmd/kluctl/commands/root.go            | 4 ++++
 4 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 6d5d5b6fe..5739b54ed 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
@@ -18,7 +17,7 @@ func (cmd *helmPullCmd) Help() string {
 pulling is only needed when really required (e.g. when the chart version changes).`
 }
 
-func (cmd *helmPullCmd) Run(ctx context.Context) error {
+func (cmd *helmPullCmd) Run() error {
 	rootPath := "."
 	if cmd.LocalDeployment != "" {
 		rootPath = cmd.LocalDeployment
@@ -26,13 +25,13 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	err := filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			s := status.Start(ctx, "Pulling for %s", p)
+			s := status.Start(cliCtx, "Pulling for %s", p)
 			chart, err := deployment.NewHelmChart(p)
 			if err != nil {
 				s.FailedWithMessage(err.Error())
 				return err
 			}
-			err = chart.Pull(ctx)
+			err = chart.Pull(cliCtx)
 			if err != nil {
 				s.FailedWithMessage(err.Error())
 				return err
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index b9f9d8caf..2d9f7e5f6 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
@@ -21,7 +20,7 @@ func (cmd *helmUpdateCmd) Help() string {
 	return `Optionally performs the actual upgrade and/or add a commit to version control.`
 }
 
-func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
+func (cmd *helmUpdateCmd) Run() error {
 	rootPath := "."
 	if cmd.LocalDeployment != "" {
 		rootPath = cmd.LocalDeployment
@@ -40,7 +39,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			}
 
 			statusPrefix := filepath.Base(p)
-			s := status.Start(ctx, "%s: Checking for updates", statusPrefix)
+			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
 			defer s.Failed()
 
 			newVersion, updated, err := chart.CheckUpdate()
@@ -85,7 +84,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 				s.Update("%s: Pulling new version", statusPrefix)
 				defer s.Failed()
 
-				err = chart.Pull(ctx)
+				err = chart.Pull(cliCtx)
 				if err != nil {
 					return err
 				}
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index c45c33f14..493b15605 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -65,10 +65,11 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 	}
 
 	runP, ok := cmdStruct.(runProvider)
-	if ok {
-		cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
-			return runP.Run()
-		}
+	if !ok {
+		panic(fmt.Sprintf("%s does not implement runProvider", name))
+	}
+	cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
+		return runP.Run()
 	}
 
 	err := c.buildCobraSubCommands(cg, cmdStruct)
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 491bff9fa..f5c40918b 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -151,6 +151,10 @@ func (c *cli) preRun() error {
 	return nil
 }
 
+func (c *cli) Run() error {
+	return nil
+}
+
 func initViper() {
 	viper.SetConfigName("config")
 	viper.SetConfigType("yaml")

From 930a64a4e6cac108d85496491ffd5fac1fbd18df Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 11:43:51 +0200
Subject: [PATCH 0142/2268] fix: Always initialize status handler even if no
 command is run

---
 cmd/kluctl/commands/root.go         | 15 ++++++---------
 pkg/status/simple_status_handler.go |  4 ++++
 pkg/status/status.go                |  1 +
 pkg/status/status_handler.go        |  4 ++++
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f5c40918b..dad3ae8bf 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -70,21 +70,19 @@ var flagGroups = []groupInfo{
 
 var cliCtx = context.Background()
 
-func (c *cli) setupStatusHandler() error {
+func setupStatusHandler() {
 	var sh status.StatusHandler
 	if isatty.IsTerminal(os.Stderr.Fd()) {
-		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, c.Debug)
+		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
 			_, _ = fmt.Fprintf(os.Stderr, "%s\n", message)
-		}, c.Debug)
+		}, false)
 	}
 	cliCtx = status.NewContext(cliCtx, sh)
 
 	klog.LogToStderr(false)
 	klog.SetOutput(status.NewLineRedirector(sh.Info))
-
-	return nil
 }
 
 type VersionCheckState struct {
@@ -144,9 +142,7 @@ func (c *cli) checkNewVersion() {
 }
 
 func (c *cli) preRun() error {
-	if err := c.setupStatusHandler(); err != nil {
-		return err
-	}
+	status.FromContext(cliCtx).SetTrace(c.Debug)
 	c.checkNewVersion()
 	return nil
 }
@@ -195,9 +191,10 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		return root.preRun()
 	}
 
+	setupStatusHandler()
 	initViper()
 
-	err = rootCmd.Execute()
+	err = rootCmd.ExecuteContext(cliCtx)
 
 	sh := status.FromContext(cliCtx)
 
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 8c15e1626..21a55a6ba 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -15,6 +15,10 @@ func NewSimpleStatusHandler(cb func(message string), trace bool) StatusHandler {
 	}
 }
 
+func (s *simpleStatusHandler) SetTrace(trace bool) {
+	s.trace = trace
+}
+
 func (s *simpleStatusHandler) Stop() {
 }
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 5219a8fc9..d58c774f2 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -37,6 +37,7 @@ type StatusLine interface {
 }
 
 type StatusHandler interface {
+	SetTrace(trace bool)
 	Stop()
 	StartStatus(total int, message string) StatusLine
 
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index a1bd50036..c0205333a 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -43,6 +43,10 @@ func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *
 	return sh
 }
 
+func (s *MultiLineStatusHandler) SetTrace(trace bool) {
+	s.trace = trace
+}
+
 func (s *MultiLineStatusHandler) Stop() {
 	s.progress.Wait()
 }

From 64a316a81213c0502c82890e8c162660bc5ab1f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 13:41:13 +0200
Subject: [PATCH 0143/2268] refactor: Move clientPool initialization into own
 function

---
 pkg/k8s/k8s_cluster.go | 62 +++++++++++++++++++++++++++---------------
 1 file changed, 40 insertions(+), 22 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b6f4939b6..b0b40d311 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -80,6 +80,8 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 	})
 }
 
+const parallelClients = 16
+
 func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 	k := &K8sCluster{
 		ctx:    ctx,
@@ -101,7 +103,39 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	}
 	k.discovery = discovery2
 
-	parallelClients := 16
+	err = k.initClientPool()
+	if err != nil {
+		return nil, err
+	}
+
+	v, err := k.discovery.ServerVersion()
+	if err != nil {
+		return nil, err
+	}
+	v2, err := goversion.NewVersion(v.String())
+	if err != nil {
+		return nil, err
+	}
+	k.ServerVersion = v2
+
+	err = k.updateResources(true)
+	if err != nil {
+		return nil, err
+	}
+
+	return k, nil
+}
+
+func (k *K8sCluster) initClientPool() error {
+	var err error
+
+	if k.clientPool != nil {
+		for i := 0; i < parallelClients; i++ {
+			p := <-k.clientPool
+			p.http.CloseIdleConnections()
+		}
+	}
+
 	k.clientPool = make(chan *parallelClientEntry, parallelClients)
 	for i := 0; i < parallelClients; i++ {
 		p := &parallelClientEntry{}
@@ -110,43 +144,27 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 
 		p.http, err = rest.HTTPClientFor(config)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		p.corev1, err = corev1.NewForConfigAndClient(config, p.http)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		p.dynamicClient, err = dynamic.NewForConfigAndClient(config, p.http)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		p.metadataClient, err = metadata.NewForConfigAndClient(config, p.http)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		k.clientPool <- p
 	}
-
-	v, err := k.discovery.ServerVersion()
-	if err != nil {
-		return nil, err
-	}
-	v2, err := goversion.NewVersion(v.String())
-	if err != nil {
-		return nil, err
-	}
-	k.ServerVersion = v2
-
-	err = k.updateResources(true)
-	if err != nil {
-		return nil, err
-	}
-
-	return k, nil
+	return nil
 }
 
 func (k *K8sCluster) ReadWrite() *K8sCluster {

From 393fa8f934ea3a40a9855f3749c0309cfeb8442f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 13:42:33 +0200
Subject: [PATCH 0144/2268] fix: Take CRDs into account when checking wether an
 object is namespaced

---
 pkg/deployment/deployment_collection.go | 31 +++++++++++++--
 pkg/deployment/deployment_item.go       | 52 +++++++++++++++++++++++--
 pkg/k8s/k8s_cluster.go                  | 30 +++++++++-----
 3 files changed, 96 insertions(+), 17 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index fc6d76ef8..def63872c 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -166,6 +166,12 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(16)
 
+	handleError := func(err error) {
+		mutex.Lock()
+		errs = append(errs, err)
+		mutex.Unlock()
+	}
+
 	s := status.Start(c.ctx, "Building kustomize objects")
 	for _, d_ := range c.Deployments {
 		d := d_
@@ -174,9 +180,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 		go func() {
 			err := d.buildKustomize()
 			if err != nil {
-				mutex.Lock()
-				errs = append(errs, fmt.Errorf("building kustomize objects for %s failed. %w", *d.dir, err))
-				mutex.Unlock()
+				handleError(fmt.Errorf("building kustomize objects for %s failed. %w", *d.dir, err))
 			}
 			wg.Done()
 		}()
@@ -190,6 +194,25 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 	s.Success()
 
 	s = status.Start(c.ctx, "Postprocessing objects")
+	for _, d_ := range c.Deployments {
+		d := d_
+
+		wg.Add(1)
+		go func() {
+			err := d.loadObjects()
+			if err != nil {
+				handleError(fmt.Errorf("loading objects failed: %w", err))
+			} else {
+				err = d.postprocessCRDs(k)
+				if err != nil {
+					handleError(fmt.Errorf("postprocessing CRDs failed: %w", err))
+				}
+			}
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+
 	for _, d_ := range c.Deployments {
 		d := d_
 
@@ -198,7 +221,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 			_ = sem.Acquire(context.Background(), 1)
 			defer sem.Release(1)
 
-			err := d.postprocessAndLoadObjects(k, c.Images)
+			err := d.postprocessObjects(k, c.Images)
 			if err != nil {
 				mutex.Lock()
 				errs = append(errs, fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err))
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 1904a8842..c3f41e749 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"io/ioutil"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
 	"sigs.k8s.io/kustomize/api/filesys"
@@ -364,7 +365,7 @@ func (di *DeploymentItem) buildKustomize() error {
 	return nil
 }
 
-func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *Images) error {
+func (di *DeploymentItem) loadObjects() error {
 	if di.dir == nil {
 		return nil
 	}
@@ -382,6 +383,49 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 		}
 		di.Objects = append(di.Objects, uo.FromMap(m))
 	}
+	return nil
+}
+
+var crdGV = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
+
+// postprocessCRDs will set namespace overrides into the K8sCluster so that future IsNamespaced return the correct
+// value even if the CRD is not deployed yet.
+func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
+	if di.dir == nil {
+		return nil
+	}
+
+	for _, o := range di.Objects {
+		gvk := o.GetK8sGVK()
+		if gvk.GroupKind() != crdGV {
+			continue
+		}
+
+		scope, _, err := o.GetNestedString("spec", "scope")
+		if err != nil {
+			return err
+		}
+		namespaced := strings.ToLower(scope) == "namespaced"
+		group, _, err := o.GetNestedString("spec", "group")
+		if err != nil {
+			return err
+		}
+		kind, _, err := o.GetNestedString("spec", "names", "kind")
+		if err != nil {
+			return err
+		}
+
+		k.SetNamespaced(schema.GroupKind{Group: group, Kind: kind}, namespaced)
+	}
+	return nil
+}
+
+func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images) error {
+	if di.dir == nil {
+		return nil
+	}
+
+	var objects []interface{}
 
 	var errList []error
 	for _, o := range di.Objects {
@@ -398,12 +442,14 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 			o.SetK8sAnnotations(uo.CopyMergeStrMap(o.GetK8sAnnotations(), commonAnnotations))
 
 			// Resolve image placeholders
-			err = images.ResolvePlaceholders(k, o, di.relRenderedDir, di.Tags.ListKeys())
+			err := images.ResolvePlaceholders(k, o, di.relRenderedDir, di.Tags.ListKeys())
 			if err != nil {
 				errList = append(errList, err)
 			}
 			return nil
 		})
+
+		objects = append(objects, o.Object)
 	}
 
 	if len(errList) != 0 {
@@ -411,7 +457,7 @@ func (di *DeploymentItem) postprocessAndLoadObjects(k *k8s.K8sCluster, images *I
 	}
 
 	// Need to write it back to disk in case it is needed externally
-	err = yaml.WriteYamlAllFile(di.renderedYamlPath, objects)
+	err := yaml.WriteYamlAllFile(di.renderedYamlPath, objects)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b0b40d311..f7a6a8596 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -48,9 +48,10 @@ type K8sCluster struct {
 
 	ServerVersion *goversion.Version
 
-	allResources       map[schema.GroupVersionKind]*v1.APIResource
-	preferredResources map[schema.GroupKind]*v1.APIResource
-	crdCache           map[k8s.ObjectRef]struct {
+	allResources        map[schema.GroupVersionKind]*v1.APIResource
+	preferredResources  map[schema.GroupKind]*v1.APIResource
+	namespacedResources map[schema.GroupKind]bool
+	crdCache            map[k8s.ObjectRef]struct {
 		crd *uo.UnstructuredObject
 		err error
 	}
@@ -84,8 +85,9 @@ const parallelClients = 16
 
 func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 	k := &K8sCluster{
-		ctx:    ctx,
-		DryRun: dryRun,
+		ctx:                 ctx,
+		DryRun:              dryRun,
+		namespacedResources: map[schema.GroupKind]bool{},
 	}
 
 	k.restConfig = rest.CopyConfig(configIn)
@@ -284,19 +286,27 @@ func (k *K8sCluster) RediscoverResources() error {
 	return k.updateResources(false)
 }
 
-func (k *K8sCluster) IsNamespaced(gvk schema.GroupVersionKind) bool {
+func (k *K8sCluster) SetNamespaced(gv schema.GroupKind, namespaced bool) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
-	r, ok := k.allResources[gvk]
+	k.namespacedResources[gv] = namespaced
+}
+
+func (k *K8sCluster) IsNamespaced(gv schema.GroupKind) bool {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	r, ok := k.preferredResources[gv]
 	if !ok {
-		return false
+		n, _ := k.namespacedResources[gv]
+		return n
 	}
 	return r.Namespaced
 }
 
 func (k *K8sCluster) FixNamespace(o *uo.UnstructuredObject, def string) {
 	ref := o.GetK8sRef()
-	namespaced := k.IsNamespaced(ref.GVK)
+	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
 	if !namespaced && ref.Namespace != "" {
 		o.SetK8sNamespace("")
 	} else if namespaced && ref.Namespace == "" {
@@ -305,7 +315,7 @@ func (k *K8sCluster) FixNamespace(o *uo.UnstructuredObject, def string) {
 }
 
 func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
-	namespaced := k.IsNamespaced(ref.GVK)
+	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
 	if !namespaced && ref.Namespace != "" {
 		ref.Namespace = ""
 	} else if namespaced && ref.Namespace == "" {

From 5051001787d076b624c202ea4db2f71420ba0f9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 14:00:31 +0200
Subject: [PATCH 0145/2268] fix: Redirect log output to status handler

---
 cmd/kluctl/commands/root.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index dad3ae8bf..56f91a2d6 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -28,6 +28,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/klog/v2"
+	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -83,6 +84,7 @@ func setupStatusHandler() {
 
 	klog.LogToStderr(false)
 	klog.SetOutput(status.NewLineRedirector(sh.Info))
+	log.SetOutput(status.NewLineRedirector(sh.Info))
 }
 
 type VersionCheckState struct {

From e84c83f7024636cd1dc6c1d0ad993c3f33361589 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 14:00:47 +0200
Subject: [PATCH 0146/2268] fix: Fix crash when diffing empty slices

---
 pkg/diff/diff.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 99eb13188..3746c3c5f 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -173,14 +173,18 @@ func objectToDiffableString(o interface{}, showType bool) (string, error) {
 		return "", err
 	}
 	if showType {
-		s += fmt.Sprintf(" (type: %s)", reflect.TypeOf(o).Name())
+		t := "<nil>"
+		if o != nil {
+			t = reflect.TypeOf(o).Name()
+		}
+		s += fmt.Sprintf(" (type: %s)", t)
 	}
 	return s, nil
 }
 
 func objectToDiffableStringNoType(o interface{}) (string, error) {
 	if o == nil {
-		return "null", nil
+		return "<nil>", nil
 	}
 	if o == notPresent {
 		return "", nil

From 6a29d878aa0da3094cff1fa4857ed7ba5d98ae60 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:07:55 +0200
Subject: [PATCH 0147/2268] refactor: Move out resources related code into own
 class

---
 pkg/deployment/deployment_item.go    |   4 +-
 pkg/deployment/helm_chart.go         |   4 +-
 pkg/deployment/utils/apply_utils.go  |   4 +-
 pkg/deployment/utils/delete_utils.go |   4 +-
 pkg/k8s/k8s_cluster.go               | 358 ++------------------------
 pkg/k8s/resources.go                 | 370 +++++++++++++++++++++++++++
 pkg/validation/validation.go         |   2 +-
 7 files changed, 399 insertions(+), 347 deletions(-)
 create mode 100644 pkg/k8s/resources.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index c3f41e749..52c563251 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -415,7 +415,7 @@ func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
 			return err
 		}
 
-		k.SetNamespaced(schema.GroupKind{Group: group, Kind: kind}, namespaced)
+		k.Resources.SetNamespaced(schema.GroupKind{Group: group, Kind: kind}, namespaced)
 	}
 	return nil
 }
@@ -434,7 +434,7 @@ func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images)
 
 		_ = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
 			if k != nil {
-				k.FixNamespace(o, "default")
+				k.Resources.FixNamespace(o, "default")
 			}
 
 			// Set common labels/annotations
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index eb97d66b1..84aac2481 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -203,7 +203,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 
 	var gvs []string
 	if k != nil {
-		gvs, err = k.GetAllGroupVersions()
+		gvs, err = k.Resources.GetAllGroupVersions()
 		if err != nil {
 			return err
 		}
@@ -313,7 +313,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 		// add the necessary namespace in the rendered resources
 		if k != nil {
 			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-				k.FixNamespace(o, namespace)
+				k.Resources.FixNamespace(o, namespace)
 				return nil
 			})
 			if err != nil {
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index e72211935..af13ea6d9 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -337,7 +337,7 @@ func (a *ApplyUtil) handleNewCRDs(x *uo.UnstructuredObject, err error) (bool, er
 		// retry the patch
 		if a.deployedNewCRD.Load().(bool) {
 			a.deployedNewCRD.Store(false)
-			err = a.k.RediscoverResources()
+			err = a.k.Resources.RediscoverResources()
 			if err != nil {
 				return false, err
 			}
@@ -435,7 +435,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	var toDelete []k8s2.ObjectRef
 	for _, x := range d.Config.DeleteObjects {
-		for _, gvk := range a.k.GetGVKs(x.Group, x.Version, x.Kind) {
+		for _, gvk := range a.k.Resources.GetGVKs(x.Group, x.Version, x.Kind) {
 			ref := k8s2.ObjectRef{
 				GVK:       gvk,
 				Name:      x.Name,
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 655f4a1ca..803b050f1 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -41,14 +41,14 @@ var deleteOrder = [][]string{
 }
 
 func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef {
-	ref = k.FixNamespaceInRef(ref)
+	ref = k.Resources.FixNamespaceInRef(ref)
 	ref.GVK.Version = ""
 	return ref
 }
 
 func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject, apiFilter []string, inclusionHasTags bool, excludedObjects map[k8s2.ObjectRef]bool) ([]*uo.UnstructuredObject, error) {
 	filteredResources := make(map[schema.GroupKind]bool)
-	for _, gk := range k.GetFilteredGKs(apiFilter) {
+	for _, gk := range k.Resources.GetFilteredGKs(apiFilter) {
 		filteredResources[gk] = true
 	}
 
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index f7a6a8596..06b4d6615 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -16,17 +16,12 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"net/http"
-	"net/url"
-	"path/filepath"
-	"strings"
 	"sync"
 	"time"
 )
@@ -43,19 +38,11 @@ type K8sCluster struct {
 	DryRun bool
 
 	restConfig *rest.Config
-	discovery  *disk.CachedDiscoveryClient
 	clientPool chan *parallelClientEntry
 
 	ServerVersion *goversion.Version
 
-	allResources        map[schema.GroupVersionKind]*v1.APIResource
-	preferredResources  map[schema.GroupKind]*v1.APIResource
-	namespacedResources map[schema.GroupKind]bool
-	crdCache            map[k8s.ObjectRef]struct {
-		crd *uo.UnstructuredObject
-		err error
-	}
-	mutex sync.Mutex
+	Resources *k8sResources
 }
 
 type parallelClientEntry struct {
@@ -84,33 +71,28 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 const parallelClients = 16
 
 func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
-	k := &K8sCluster{
-		ctx:                 ctx,
-		DryRun:              dryRun,
-		namespacedResources: map[schema.GroupKind]bool{},
-	}
-
-	k.restConfig = rest.CopyConfig(configIn)
-	k.restConfig.QPS = 10
-	k.restConfig.Burst = 20
+	restConfig := rest.CopyConfig(configIn)
+	restConfig.QPS = 10
+	restConfig.Burst = 20
 
-	apiHost, err := url.Parse(k.restConfig.Host)
+	resources, err := newK8sResources(ctx, restConfig)
 	if err != nil {
 		return nil, err
 	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(k.restConfig), discoveryCacheDir, "", time.Hour*24)
-	if err != nil {
-		return nil, err
+
+	k := &K8sCluster{
+		ctx:        ctx,
+		DryRun:     dryRun,
+		restConfig: restConfig,
+		Resources:  resources,
 	}
-	k.discovery = discovery2
 
 	err = k.initClientPool()
 	if err != nil {
 		return nil, err
 	}
 
-	v, err := k.discovery.ServerVersion()
+	v, err := k.Resources.discovery.ServerVersion()
 	if err != nil {
 		return nil, err
 	}
@@ -120,7 +102,7 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	}
 	k.ServerVersion = v2
 
-	err = k.updateResources(true)
+	err = k.Resources.updateResources(true)
 	if err != nil {
 		return nil, err
 	}
@@ -179,299 +161,6 @@ func (k *K8sCluster) GetCA() []byte {
 	return k.restConfig.CAData
 }
 
-func (k *K8sCluster) updateResources(doLock bool) error {
-	if doLock {
-		k.mutex.Lock()
-		defer k.mutex.Unlock()
-	}
-
-	k.allResources = map[schema.GroupVersionKind]*v1.APIResource{}
-	k.preferredResources = map[schema.GroupKind]*v1.APIResource{}
-	k.crdCache = map[k8s.ObjectRef]struct {
-		crd *uo.UnstructuredObject
-		err error
-	}{}
-
-	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
-	var arls []*v1.APIResourceList
-	var preferredArls []*v1.APIResourceList
-	finished := make(chan error)
-	go func() {
-		var err error
-		_, arls, err = k.discovery.ServerGroupsAndResources()
-		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
-			finished <- err
-			return
-		}
-		preferredArls, err = k.discovery.ServerPreferredResources()
-		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
-			finished <- err
-			return
-		}
-		finished <- nil
-	}()
-
-	select {
-	case err := <-finished:
-		if err != nil {
-			return err
-		}
-	case <-k.ctx.Done():
-		return fmt.Errorf("failed listing api resources: %w", k.ctx.Err())
-	}
-
-	for _, arl := range arls {
-		for _, ar := range arl.APIResources {
-			if strings.Index(ar.Name, "/") != -1 {
-				// skip subresources
-				continue
-			}
-			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
-			if err != nil {
-				continue
-			}
-
-			ar := ar
-			ar.Group = gv.Group
-			ar.Version = gv.Version
-
-			gvk := schema.GroupVersionKind{
-				Group:   ar.Group,
-				Version: ar.Version,
-				Kind:    ar.Kind,
-			}
-			if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
-				continue
-			}
-			if _, ok := k.allResources[gvk]; ok {
-				ok = false
-			}
-			k.allResources[gvk] = &ar
-		}
-	}
-
-	for _, arl := range preferredArls {
-		for _, ar := range arl.APIResources {
-			if strings.Index(ar.Name, "/") != -1 {
-				// skip subresources
-				continue
-			}
-			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
-			if err != nil {
-				continue
-			}
-
-			ar := ar
-			ar.Group = gv.Group
-			ar.Version = gv.Version
-
-			gk := schema.GroupKind{
-				Group: ar.Group,
-				Kind:  ar.Kind,
-			}
-			if _, ok := deprecatedResources[gk]; ok {
-				continue
-			}
-			k.preferredResources[gk] = &ar
-		}
-	}
-	return nil
-}
-
-func (k *K8sCluster) RediscoverResources() error {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	k.discovery.Invalidate()
-	return k.updateResources(false)
-}
-
-func (k *K8sCluster) SetNamespaced(gv schema.GroupKind, namespaced bool) {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-	k.namespacedResources[gv] = namespaced
-}
-
-func (k *K8sCluster) IsNamespaced(gv schema.GroupKind) bool {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	r, ok := k.preferredResources[gv]
-	if !ok {
-		n, _ := k.namespacedResources[gv]
-		return n
-	}
-	return r.Namespaced
-}
-
-func (k *K8sCluster) FixNamespace(o *uo.UnstructuredObject, def string) {
-	ref := o.GetK8sRef()
-	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
-	if !namespaced && ref.Namespace != "" {
-		o.SetK8sNamespace("")
-	} else if namespaced && ref.Namespace == "" {
-		o.SetK8sNamespace(def)
-	}
-}
-
-func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
-	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
-	if !namespaced && ref.Namespace != "" {
-		ref.Namespace = ""
-	} else if namespaced && ref.Namespace == "" {
-		ref.Namespace = "default"
-	}
-	return ref
-}
-
-func (k *K8sCluster) GetAllGroupVersions() ([]string, error) {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	m := make(map[string]bool)
-	var l []string
-
-	for gvk, _ := range k.allResources {
-		gv := gvk.GroupVersion().String()
-		if _, ok := m[gv]; !ok {
-			m[gv] = true
-			l = append(l, gv)
-		}
-	}
-	return l, nil
-}
-
-func (k *K8sCluster) GetFilteredGKs(filters []string) []schema.GroupKind {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	m := make(map[schema.GroupKind]bool)
-	var l []schema.GroupKind
-	for gk, ar := range k.preferredResources {
-		found := len(filters) == 0
-		for _, f := range filters {
-			if ar.Name == f || ar.Group == f || ar.Kind == f {
-				found = true
-				break
-			}
-		}
-		if found {
-			if _, ok := m[gk]; !ok {
-				m[gk] = true
-				l = append(l, gk)
-			}
-		}
-	}
-	return l
-}
-
-func (k *K8sCluster) GetGVKs(group *string, version *string, kind *string) []schema.GroupVersionKind {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	var ret []schema.GroupVersionKind
-	for gvk := range k.allResources {
-		if group != nil && *group != gvk.Group {
-			continue
-		}
-		if version != nil && *version != gvk.Version {
-			continue
-		}
-		if kind != nil && *kind != gvk.Kind {
-			continue
-		}
-		ret = append(ret, gvk)
-	}
-	return ret
-}
-
-func (k *K8sCluster) getGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	ar, ok := k.allResources[gvk]
-	if !ok {
-		return nil, false, &meta.NoKindMatchError{
-			GroupKind:        gvk.GroupKind(),
-			SearchedVersions: []string{gvk.Version},
-		}
-	}
-
-	return &schema.GroupVersionResource{
-		Group:    ar.Group,
-		Version:  ar.Version,
-		Resource: ar.Name,
-	}, ar.Namespaced, nil
-}
-
-func (k *K8sCluster) GetApiResourceForGVK(gvk schema.GroupVersionKind) *v1.APIResource {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	ar, _ := k.allResources[gvk]
-	return ar
-}
-
-func (k *K8sCluster) GetCRDForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	ar := k.GetApiResourceForGVK(gvk)
-	if ar == nil {
-		return nil, fmt.Errorf("APIResource for %s not found", gvk.String())
-	}
-
-	crdRef := k8s.ObjectRef{
-		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
-		Name: fmt.Sprintf("%s.%s", ar.Name, ar.Group),
-	}
-
-	k.mutex.Lock()
-	x, ok := k.crdCache[crdRef]
-	k.mutex.Unlock()
-	if ok {
-		return x.crd, x.err
-	}
-
-	crd, _, err := k.GetSingleObject(crdRef)
-
-	k.mutex.Lock()
-	x.crd = crd
-	x.err = err
-	k.crdCache[crdRef] = x
-	k.mutex.Unlock()
-
-	return crd, err
-}
-
-func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	crd, err := k.GetCRDForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-
-	versions, ok, err := crd.GetNestedObjectList("spec", "versions")
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return nil, fmt.Errorf("versions not found in CRD")
-	}
-
-	for _, version := range versions {
-		name, _, _ := version.GetNestedString("name")
-		if name != gvk.Version {
-			continue
-		}
-		s, ok, err := version.GetNestedObject("schema", "openAPIV3Schema")
-		if err != nil {
-			return nil, err
-		}
-		if !ok {
-			return nil, fmt.Errorf("version %s has no schema", name)
-		}
-		return s, nil
-	}
-	return nil, fmt.Errorf("schema for %s not found", gvk.String())
-}
-
 func (k *K8sCluster) withClientFromPool(cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
 	select {
 	case p := <-k.clientPool:
@@ -486,7 +175,7 @@ func (k *K8sCluster) withClientFromPool(cb func(p *parallelClientEntry) error) (
 
 func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
 	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.getGVRForGVK(gvk)
+		gvr, namespaced, err := k.Resources.getGVRForGVK(gvk)
 		if err != nil {
 			return err
 		}
@@ -501,7 +190,7 @@ func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namesp
 
 func (k *K8sCluster) withMetadataClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
 	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.getGVRForGVK(gvk)
+		gvr, namespaced, err := k.Resources.getGVRForGVK(gvk)
 		if err != nil {
 			return err
 		}
@@ -581,8 +270,7 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 	retApiWarnings := make(map[schema.GroupVersionKind][]ApiWarning)
 	var mutex sync.Mutex
 
-	k.mutex.Lock()
-	for _, ar := range k.preferredResources {
+	filter := func(ar *v1.APIResource) bool {
 		foundVerb := false
 		for _, v := range verbs {
 			if utils.FindStrInSlice(ar.Verbs, v) != -1 {
@@ -590,14 +278,10 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 				break
 			}
 		}
-		if !foundVerb {
-			continue
-		}
-		gvk := schema.GroupVersionKind{
-			Group:   ar.Group,
-			Version: ar.Version,
-			Kind:    ar.Kind,
-		}
+		return foundVerb
+	}
+
+	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filter) {
 		wp.Submit(func() error {
 			var l []*uo.UnstructuredObject
 			var apiWarnings []ApiWarning
@@ -619,8 +303,6 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 			return nil
 		})
 	}
-	// release it early and let the goroutines finish (deadlocking otherwise)
-	k.mutex.Unlock()
 
 	err := wp.StopWait(false)
 	if err != nil {
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
new file mode 100644
index 000000000..d671e2048
--- /dev/null
+++ b/pkg/k8s/resources.go
@@ -0,0 +1,370 @@
+package k8s
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/apimachinery/pkg/api/meta"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/discovery/cached/disk"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/rest"
+	"net/url"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+)
+
+type crdCacheEntry struct {
+	crd *uo.UnstructuredObject
+	err error
+}
+
+type k8sResources struct {
+	ctx       context.Context
+	discovery *disk.CachedDiscoveryClient
+
+	allResources        map[schema.GroupVersionKind]*v1.APIResource
+	preferredResources  map[schema.GroupKind]*v1.APIResource
+	namespacedResources map[schema.GroupKind]bool
+	crdCache            map[k8s.ObjectRef]crdCacheEntry
+	mutex               sync.Mutex
+}
+
+func newK8sResources(ctx context.Context, config *rest.Config) (*k8sResources, error) {
+	k := &k8sResources{
+		ctx:                 ctx,
+		allResources:        map[schema.GroupVersionKind]*v1.APIResource{},
+		preferredResources:  map[schema.GroupKind]*v1.APIResource{},
+		namespacedResources: map[schema.GroupKind]bool{},
+		crdCache:            map[k8s.ObjectRef]crdCacheEntry{},
+		mutex:               sync.Mutex{},
+	}
+
+	apiHost, err := url.Parse(config.Host)
+	if err != nil {
+		return nil, err
+	}
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
+	if err != nil {
+		return nil, err
+	}
+	k.discovery = discovery2
+
+	return k, nil
+}
+
+func (k *k8sResources) updateResources(doLock bool) error {
+	if doLock {
+		k.mutex.Lock()
+		defer k.mutex.Unlock()
+	}
+
+	k.allResources = map[schema.GroupVersionKind]*v1.APIResource{}
+	k.preferredResources = map[schema.GroupKind]*v1.APIResource{}
+	k.crdCache = map[k8s.ObjectRef]crdCacheEntry{}
+
+	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
+	var arls []*v1.APIResourceList
+	var preferredArls []*v1.APIResourceList
+	finished := make(chan error)
+	go func() {
+		var err error
+		_, arls, err = k.discovery.ServerGroupsAndResources()
+		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
+			finished <- err
+			return
+		}
+		preferredArls, err = k.discovery.ServerPreferredResources()
+		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
+			finished <- err
+			return
+		}
+		finished <- nil
+	}()
+
+	select {
+	case err := <-finished:
+		if err != nil {
+			return err
+		}
+	case <-k.ctx.Done():
+		return fmt.Errorf("failed listing api resources: %w", k.ctx.Err())
+	}
+
+	for _, arl := range arls {
+		for _, ar := range arl.APIResources {
+			if strings.Index(ar.Name, "/") != -1 {
+				// skip subresources
+				continue
+			}
+			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
+			if err != nil {
+				continue
+			}
+
+			ar := ar
+			ar.Group = gv.Group
+			ar.Version = gv.Version
+
+			gvk := schema.GroupVersionKind{
+				Group:   ar.Group,
+				Version: ar.Version,
+				Kind:    ar.Kind,
+			}
+			if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
+				continue
+			}
+			if _, ok := k.allResources[gvk]; ok {
+				ok = false
+			}
+			k.allResources[gvk] = &ar
+		}
+	}
+
+	for _, arl := range preferredArls {
+		for _, ar := range arl.APIResources {
+			if strings.Index(ar.Name, "/") != -1 {
+				// skip subresources
+				continue
+			}
+			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
+			if err != nil {
+				continue
+			}
+
+			ar := ar
+			ar.Group = gv.Group
+			ar.Version = gv.Version
+
+			gk := schema.GroupKind{
+				Group: ar.Group,
+				Kind:  ar.Kind,
+			}
+			if _, ok := deprecatedResources[gk]; ok {
+				continue
+			}
+			k.preferredResources[gk] = &ar
+		}
+	}
+	return nil
+}
+
+func (k *k8sResources) RediscoverResources() error {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	k.discovery.Invalidate()
+	return k.updateResources(false)
+}
+
+func (k *k8sResources) SetNamespaced(gv schema.GroupKind, namespaced bool) {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+	k.namespacedResources[gv] = namespaced
+}
+
+func (k *k8sResources) IsNamespaced(gv schema.GroupKind) bool {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	r, ok := k.preferredResources[gv]
+	if !ok {
+		n, _ := k.namespacedResources[gv]
+		return n
+	}
+	return r.Namespaced
+}
+
+func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
+	ref := o.GetK8sRef()
+	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
+	if !namespaced && ref.Namespace != "" {
+		o.SetK8sNamespace("")
+	} else if namespaced && ref.Namespace == "" {
+		o.SetK8sNamespace(def)
+	}
+}
+
+func (k *k8sResources) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
+	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
+	if !namespaced && ref.Namespace != "" {
+		ref.Namespace = ""
+	} else if namespaced && ref.Namespace == "" {
+		ref.Namespace = "default"
+	}
+	return ref
+}
+
+func (k *k8sResources) GetAllGroupVersions() ([]string, error) {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	m := make(map[string]bool)
+	var l []string
+
+	for gvk, _ := range k.allResources {
+		gv := gvk.GroupVersion().String()
+		if _, ok := m[gv]; !ok {
+			m[gv] = true
+			l = append(l, gv)
+		}
+	}
+	return l, nil
+}
+
+func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	var ret []schema.GroupVersionKind
+	for _, ar := range k.preferredResources {
+		if !filter(ar) {
+			continue
+		}
+		gvk := schema.GroupVersionKind{
+			Group:   ar.Group,
+			Version: ar.Version,
+			Kind:    ar.Kind,
+		}
+		ret = append(ret, gvk)
+	}
+	return ret
+}
+
+func (k *k8sResources) GetFilteredGKs(filters []string) []schema.GroupKind {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	m := make(map[schema.GroupKind]bool)
+	var l []schema.GroupKind
+	for gk, ar := range k.preferredResources {
+		found := len(filters) == 0
+		for _, f := range filters {
+			if ar.Name == f || ar.Group == f || ar.Kind == f {
+				found = true
+				break
+			}
+		}
+		if found {
+			if _, ok := m[gk]; !ok {
+				m[gk] = true
+				l = append(l, gk)
+			}
+		}
+	}
+	return l
+}
+
+func (k *k8sResources) GetGVKs(group *string, version *string, kind *string) []schema.GroupVersionKind {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	var ret []schema.GroupVersionKind
+	for gvk := range k.allResources {
+		if group != nil && *group != gvk.Group {
+			continue
+		}
+		if version != nil && *version != gvk.Version {
+			continue
+		}
+		if kind != nil && *kind != gvk.Kind {
+			continue
+		}
+		ret = append(ret, gvk)
+	}
+	return ret
+}
+
+func (k *k8sResources) getGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	ar, ok := k.allResources[gvk]
+	if !ok {
+		return nil, false, &meta.NoKindMatchError{
+			GroupKind:        gvk.GroupKind(),
+			SearchedVersions: []string{gvk.Version},
+		}
+	}
+
+	return &schema.GroupVersionResource{
+		Group:    ar.Group,
+		Version:  ar.Version,
+		Resource: ar.Name,
+	}, ar.Namespaced, nil
+}
+
+func (k *k8sResources) GetApiResourceForGVK(gvk schema.GroupVersionKind) *v1.APIResource {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	ar, _ := k.allResources[gvk]
+	return ar
+}
+
+func (k *k8sResources) GetCRDForGVK(k2 *K8sCluster, gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
+	ar := k.GetApiResourceForGVK(gvk)
+	if ar == nil {
+		return nil, fmt.Errorf("APIResource for %s not found", gvk.String())
+	}
+
+	crdRef := k8s.ObjectRef{
+		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
+		Name: fmt.Sprintf("%s.%s", ar.Name, ar.Group),
+	}
+
+	k.mutex.Lock()
+	x, ok := k.crdCache[crdRef]
+	k.mutex.Unlock()
+	if ok {
+		return x.crd, x.err
+	}
+
+	crd, _, err := k2.GetSingleObject(crdRef)
+
+	k.mutex.Lock()
+	x.crd = crd
+	x.err = err
+	k.crdCache[crdRef] = x
+	k.mutex.Unlock()
+
+	return crd, err
+}
+
+func (k *k8sResources) GetSchemaForGVK(k2 *K8sCluster, gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
+	crd, err := k.GetCRDForGVK(k2, gvk)
+	if err != nil {
+		return nil, err
+	}
+
+	versions, ok, err := crd.GetNestedObjectList("spec", "versions")
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, fmt.Errorf("versions not found in CRD")
+	}
+
+	for _, version := range versions {
+		name, _, _ := version.GetNestedString("name")
+		if name != gvk.Version {
+			continue
+		}
+		s, ok, err := version.GetNestedObject("schema", "openAPIV3Schema")
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			return nil, fmt.Errorf("version %s has no schema", name)
+		}
+		return s, nil
+	}
+	return nil, fmt.Errorf("schema for %s not found", gvk.String())
+}
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 52584cedf..0331074bc 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -117,7 +117,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			// can't really say anything...
 			return
 		}
-		s, err := k.GetSchemaForGVK(ref.GVK)
+		s, err := k.Resources.GetSchemaForGVK(k, ref.GVK)
 		if err != nil && !errors.IsNotFound(err) {
 			addError(err.Error())
 			return

From 735e2f99d6d0cff8debf44af2e6e28c943acce0e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:10:30 +0200
Subject: [PATCH 0148/2268] refactor: Return GroupVersion from
 GetAllGroupVersions

---
 pkg/deployment/helm_chart.go | 5 +++--
 pkg/k8s/resources.go         | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 84aac2481..2e2727fb8 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -22,6 +22,7 @@ import (
 	"helm.sh/helm/v3/pkg/release"
 	"helm.sh/helm/v3/pkg/repo"
 	"io/ioutil"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -201,7 +202,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	}
 	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(c.configFile), "helm-values.yml"))
 
-	var gvs []string
+	var gvs []schema.GroupVersion
 	if k != nil {
 		gvs, err = k.Resources.GetAllGroupVersions()
 		if err != nil {
@@ -245,7 +246,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 		client.IncludeCRDs = true
 	}
 	for _, gv := range gvs {
-		client.APIVersions = append(client.APIVersions, gv)
+		client.APIVersions = append(client.APIVersions, gv.String())
 	}
 
 	p := getter.All(settings)
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index d671e2048..69e9e33ff 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -202,15 +202,15 @@ func (k *k8sResources) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 	return ref
 }
 
-func (k *k8sResources) GetAllGroupVersions() ([]string, error) {
+func (k *k8sResources) GetAllGroupVersions() ([]schema.GroupVersion, error) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
 
-	m := make(map[string]bool)
-	var l []string
+	m := make(map[schema.GroupVersion]bool)
+	var l []schema.GroupVersion
 
 	for gvk, _ := range k.allResources {
-		gv := gvk.GroupVersion().String()
+		gv := gvk.GroupVersion()
 		if _, ok := m[gv]; !ok {
 			m[gv] = true
 			l = append(l, gv)

From 0cde1a7bf521e06f558d3e7ed0d8a0b9ca065d62 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:13:48 +0200
Subject: [PATCH 0149/2268] refactor: Get rid of GetFilteredGKs and use
 GetFilteredPreferredGVKs instead

---
 pkg/deployment/utils/delete_utils.go | 17 +++++++++++++++--
 pkg/k8s/resources.go                 | 24 ------------------------
 2 files changed, 15 insertions(+), 26 deletions(-)

diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 803b050f1..b79f93d5f 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -7,6 +7,7 @@ import (
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"golang.org/x/sync/semaphore"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strconv"
 	"sync"
@@ -47,9 +48,21 @@ func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef
 }
 
 func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject, apiFilter []string, inclusionHasTags bool, excludedObjects map[k8s2.ObjectRef]bool) ([]*uo.UnstructuredObject, error) {
+	filterFunc := func(ar *v1.APIResource) bool {
+		if len(apiFilter) == 0 {
+			return true
+		}
+		for _, f := range apiFilter {
+			if ar.Name == f || ar.Group == f || ar.Kind == f {
+				return true
+			}
+		}
+		return false
+	}
+
 	filteredResources := make(map[schema.GroupKind]bool)
-	for _, gk := range k.Resources.GetFilteredGKs(apiFilter) {
-		filteredResources[gk] = true
+	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filterFunc) {
+		filteredResources[gvk.GroupKind()] = true
 	}
 
 	var ret []*uo.UnstructuredObject
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 69e9e33ff..39f537f48 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -238,30 +238,6 @@ func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource)
 	return ret
 }
 
-func (k *k8sResources) GetFilteredGKs(filters []string) []schema.GroupKind {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	m := make(map[schema.GroupKind]bool)
-	var l []schema.GroupKind
-	for gk, ar := range k.preferredResources {
-		found := len(filters) == 0
-		for _, f := range filters {
-			if ar.Name == f || ar.Group == f || ar.Kind == f {
-				found = true
-				break
-			}
-		}
-		if found {
-			if _, ok := m[gk]; !ok {
-				m[gk] = true
-				l = append(l, gk)
-			}
-		}
-	}
-	return l
-}
-
 func (k *k8sResources) GetGVKs(group *string, version *string, kind *string) []schema.GroupVersionKind {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()

From 3c096381c7996702a9e0f950d8c42e86f721d4cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:18:55 +0200
Subject: [PATCH 0150/2268] refactor: Get rid of GetGVKs and use
 GetFilteredGVKs instead

---
 pkg/deployment/utils/apply_utils.go |  2 +-
 pkg/k8s/resources.go                | 34 ++++++++++++++++++++---------
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index af13ea6d9..12274398d 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -435,7 +435,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	var toDelete []k8s2.ObjectRef
 	for _, x := range d.Config.DeleteObjects {
-		for _, gvk := range a.k.Resources.GetGVKs(x.Group, x.Version, x.Kind) {
+		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, x.Version, x.Kind)) {
 			ref := k8s2.ObjectRef{
 				GVK:       gvk,
 				Name:      x.Name,
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 39f537f48..739c18aae 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -219,12 +219,12 @@ func (k *k8sResources) GetAllGroupVersions() ([]schema.GroupVersion, error) {
 	return l, nil
 }
 
-func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
+func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
 
 	var ret []schema.GroupVersionKind
-	for _, ar := range k.preferredResources {
+	for _, ar := range k.allResources {
 		if !filter(ar) {
 			continue
 		}
@@ -238,26 +238,40 @@ func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource)
 	return ret
 }
 
-func (k *k8sResources) GetGVKs(group *string, version *string, kind *string) []schema.GroupVersionKind {
+func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
 
 	var ret []schema.GroupVersionKind
-	for gvk := range k.allResources {
-		if group != nil && *group != gvk.Group {
-			continue
-		}
-		if version != nil && *version != gvk.Version {
+	for _, ar := range k.preferredResources {
+		if !filter(ar) {
 			continue
 		}
-		if kind != nil && *kind != gvk.Kind {
-			continue
+		gvk := schema.GroupVersionKind{
+			Group:   ar.Group,
+			Version: ar.Version,
+			Kind:    ar.Kind,
 		}
 		ret = append(ret, gvk)
 	}
 	return ret
 }
 
+func BuildGVKFilter(group *string, version *string, kind *string) func(ar *v1.APIResource) bool {
+	return func(ar *v1.APIResource) bool {
+		if group != nil && *group != ar.Group {
+			return false
+		}
+		if version != nil && *version != ar.Version {
+			return false
+		}
+		if kind != nil && *kind != ar.Kind {
+			return false
+		}
+		return true
+	}
+}
+
 func (k *k8sResources) getGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()

From 75d39cee9700d8642e1e0c7667da0645f8aef7b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:26:00 +0200
Subject: [PATCH 0151/2268] refactor: Get rid of GetApiResourceForGVK and use
 GetGVRForGVK instead

---
 pkg/k8s/k8s_cluster.go |  4 ++--
 pkg/k8s/resources.go   | 18 +++++-------------
 2 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 06b4d6615..b5fa4a81a 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -175,7 +175,7 @@ func (k *K8sCluster) withClientFromPool(cb func(p *parallelClientEntry) error) (
 
 func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
 	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.Resources.getGVRForGVK(gvk)
+		gvr, namespaced, err := k.Resources.GetGVRForGVK(gvk)
 		if err != nil {
 			return err
 		}
@@ -190,7 +190,7 @@ func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namesp
 
 func (k *K8sCluster) withMetadataClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
 	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.Resources.getGVRForGVK(gvk)
+		gvr, namespaced, err := k.Resources.GetGVRForGVK(gvk)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 739c18aae..67b98505f 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -272,7 +272,7 @@ func BuildGVKFilter(group *string, version *string, kind *string) func(ar *v1.AP
 	}
 }
 
-func (k *k8sResources) getGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
+func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
 
@@ -291,23 +291,15 @@ func (k *k8sResources) getGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupV
 	}, ar.Namespaced, nil
 }
 
-func (k *k8sResources) GetApiResourceForGVK(gvk schema.GroupVersionKind) *v1.APIResource {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	ar, _ := k.allResources[gvk]
-	return ar
-}
-
 func (k *k8sResources) GetCRDForGVK(k2 *K8sCluster, gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	ar := k.GetApiResourceForGVK(gvk)
-	if ar == nil {
-		return nil, fmt.Errorf("APIResource for %s not found", gvk.String())
+	gvr, _, err := k.GetGVRForGVK(gvk)
+	if err != nil {
+		return nil, err
 	}
 
 	crdRef := k8s.ObjectRef{
 		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
-		Name: fmt.Sprintf("%s.%s", ar.Name, ar.Group),
+		Name: fmt.Sprintf("%s.%s", gvr.Resource, gvr.Group),
 	}
 
 	k.mutex.Lock()

From e22509b7bf11a5c0759c0d578023bbca01781114 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 15:30:55 +0200
Subject: [PATCH 0152/2268] refactor: Implement and use GetPreferredResource

---
 pkg/k8s/resources.go | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 67b98505f..6100ad0a8 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -171,15 +171,15 @@ func (k *k8sResources) SetNamespaced(gv schema.GroupKind, namespaced bool) {
 }
 
 func (k *k8sResources) IsNamespaced(gv schema.GroupKind) bool {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
+	ar := k.GetPreferredResource(gv)
+	if ar == nil {
+		k.mutex.Lock()
+		defer k.mutex.Unlock()
 
-	r, ok := k.preferredResources[gv]
-	if !ok {
 		n, _ := k.namespacedResources[gv]
 		return n
 	}
-	return r.Namespaced
+	return ar.Namespaced
 }
 
 func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
@@ -219,6 +219,17 @@ func (k *k8sResources) GetAllGroupVersions() ([]schema.GroupVersion, error) {
 	return l, nil
 }
 
+func (k *k8sResources) GetPreferredResource(gk schema.GroupKind) *v1.APIResource {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
+
+	ar, ok := k.preferredResources[gk]
+	if !ok {
+		return nil
+	}
+	return ar
+}
+
 func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()

From 5a7d27dc18ea68cf51cbb92d8d7f0d3142a196b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 23:04:06 +0200
Subject: [PATCH 0153/2268] fix: Update api resources from CRDs, including not
 deployed ones

---
 pkg/deployment/deployment_item.go   |  15 +-
 pkg/deployment/utils/apply_utils.go |  36 +----
 pkg/k8s/k8s_cluster.go              |  19 ++-
 pkg/k8s/resources.go                | 241 +++++++++++++++++++---------
 pkg/validation/validation.go        |   2 +-
 5 files changed, 179 insertions(+), 134 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 52c563251..7f4912747 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -388,7 +388,7 @@ func (di *DeploymentItem) loadObjects() error {
 
 var crdGV = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
 
-// postprocessCRDs will set namespace overrides into the K8sCluster so that future IsNamespaced return the correct
+// postprocessCRDs will update api resources from freshly deployed CRDs
 // value even if the CRD is not deployed yet.
 func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
 	if di.dir == nil {
@@ -401,21 +401,10 @@ func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
 			continue
 		}
 
-		scope, _, err := o.GetNestedString("spec", "scope")
+		err := k.Resources.UpdateResourcesFromCRD(o)
 		if err != nil {
 			return err
 		}
-		namespaced := strings.ToLower(scope) == "namespaced"
-		group, _, err := o.GetNestedString("spec", "group")
-		if err != nil {
-			return err
-		}
-		kind, _, err := o.GetNestedString("spec", "names", "kind")
-		if err != nil {
-			return err
-		}
-
-		k.Resources.SetNamespaced(schema.GroupKind{Group: group, Kind: kind}, namespaced)
 	}
 	return nil
 }
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 12274398d..ff10287a5 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -45,8 +45,7 @@ type ApplyUtil struct {
 	deletedHookObjects map[k8s2.ObjectRef]bool
 	mutex              sync.Mutex
 
-	abortSignal    *atomic.Value
-	deployedNewCRD *atomic.Value
+	abortSignal *atomic.Value
 
 	ru   *RemoteObjectUtils
 	k    *k8s.K8sCluster
@@ -63,8 +62,7 @@ type ApplyDeploymentsUtil struct {
 	k           *k8s.K8sCluster
 	o           *ApplyUtilOptions
 
-	abortSignal    atomic.Value
-	deployedNewCRD atomic.Value
+	abortSignal atomic.Value
 
 	results []*ApplyUtil
 }
@@ -79,7 +77,6 @@ func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnin
 		o:           o,
 	}
 	ret.abortSignal.Store(false)
-	ret.deployedNewCRD.Store(false)
 	return ret
 }
 
@@ -92,7 +89,6 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *sta
 		deletedObjects:     map[k8s2.ObjectRef]bool{},
 		deletedHookObjects: map[k8s2.ObjectRef]bool{},
 		abortSignal:        &ad.abortSignal,
-		deployedNewCRD:     &ad.deployedNewCRD,
 		ru:                 ad.ru,
 		k:                  ad.k,
 		o:                  ad.o,
@@ -307,10 +303,6 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		ForceDryRun: a.o.DryRun,
 	}
 	r, apiWarnings, err := a.k.PatchObject(x, options)
-	retry, err := a.handleNewCRDs(r, err)
-	if retry {
-		r, apiWarnings, err = a.k.PatchObject(x, options)
-	}
 	if r != nil && usesDummyName {
 		tmpName := r.GetK8sName()
 		_ = r.ReplaceKeys(tmpName, ref.Name)
@@ -331,30 +323,6 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 	}
 }
 
-func (a *ApplyUtil) handleNewCRDs(x *uo.UnstructuredObject, err error) (bool, error) {
-	if err != nil && meta.IsNoMatchError(err) {
-		// maybe this was a resource for which the CRD was only deployed recently, so we should do rediscovery and then
-		// retry the patch
-		if a.deployedNewCRD.Load().(bool) {
-			a.deployedNewCRD.Store(false)
-			err = a.k.Resources.RediscoverResources()
-			if err != nil {
-				return false, err
-			}
-			return true, nil
-		}
-	} else if err == nil {
-		ref := x.GetK8sRef()
-		if ref.GVK.Group == "apiextensions.k8s.io" && ref.GVK.Kind == "CustomResourceDefinition" {
-			// this is a freshly deployed CRD, so we must perform rediscovery in case an api resource can't be found
-			a.deployedNewCRD.Store(true)
-			return true, nil
-		}
-		return false, nil
-	}
-	return false, err
-}
-
 func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) bool {
 	if a.o.DryRun {
 		return true
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b5fa4a81a..b34e828dc 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -71,20 +71,21 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 const parallelClients = 16
 
 func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
+	var err error
+
 	restConfig := rest.CopyConfig(configIn)
 	restConfig.QPS = 10
 	restConfig.Burst = 20
 
-	resources, err := newK8sResources(ctx, restConfig)
-	if err != nil {
-		return nil, err
-	}
-
 	k := &K8sCluster{
 		ctx:        ctx,
 		DryRun:     dryRun,
 		restConfig: restConfig,
-		Resources:  resources,
+	}
+
+	k.Resources, err = newK8sResources(ctx, restConfig, k)
+	if err != nil {
+		return nil, err
 	}
 
 	err = k.initClientPool()
@@ -102,7 +103,11 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	}
 	k.ServerVersion = v2
 
-	err = k.Resources.updateResources(true)
+	err = k.Resources.updateResources()
+	if err != nil {
+		return nil, err
+	}
+	err = k.Resources.updateResourcesFromCRDs()
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 6100ad0a8..266b7d090 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -8,42 +8,40 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
 	"net/url"
 	"path/filepath"
+	"sort"
 	"strings"
 	"sync"
 	"time"
 )
 
-type crdCacheEntry struct {
-	crd *uo.UnstructuredObject
-	err error
-}
-
 type k8sResources struct {
 	ctx       context.Context
+	k         *K8sCluster
 	discovery *disk.CachedDiscoveryClient
 
-	allResources        map[schema.GroupVersionKind]*v1.APIResource
-	preferredResources  map[schema.GroupKind]*v1.APIResource
-	namespacedResources map[schema.GroupKind]bool
-	crdCache            map[k8s.ObjectRef]crdCacheEntry
-	mutex               sync.Mutex
+	allResources       map[schema.GroupVersionKind]v1.APIResource
+	preferredResources map[schema.GroupKind]v1.APIResource
+	crds               map[schema.GroupKind]*uo.UnstructuredObject
+	mutex              sync.Mutex
 }
 
-func newK8sResources(ctx context.Context, config *rest.Config) (*k8sResources, error) {
+func newK8sResources(ctx context.Context, config *rest.Config, k2 *K8sCluster) (*k8sResources, error) {
 	k := &k8sResources{
-		ctx:                 ctx,
-		allResources:        map[schema.GroupVersionKind]*v1.APIResource{},
-		preferredResources:  map[schema.GroupKind]*v1.APIResource{},
-		namespacedResources: map[schema.GroupKind]bool{},
-		crdCache:            map[k8s.ObjectRef]crdCacheEntry{},
-		mutex:               sync.Mutex{},
+		ctx:                ctx,
+		k:                  k2,
+		allResources:       map[schema.GroupVersionKind]v1.APIResource{},
+		preferredResources: map[schema.GroupKind]v1.APIResource{},
+		crds:               map[schema.GroupKind]*uo.UnstructuredObject{},
+		mutex:              sync.Mutex{},
 	}
 
 	apiHost, err := url.Parse(config.Host)
@@ -60,15 +58,13 @@ func newK8sResources(ctx context.Context, config *rest.Config) (*k8sResources, e
 	return k, nil
 }
 
-func (k *k8sResources) updateResources(doLock bool) error {
-	if doLock {
-		k.mutex.Lock()
-		defer k.mutex.Unlock()
-	}
+func (k *k8sResources) updateResources() error {
+	k.mutex.Lock()
+	defer k.mutex.Unlock()
 
-	k.allResources = map[schema.GroupVersionKind]*v1.APIResource{}
-	k.preferredResources = map[schema.GroupKind]*v1.APIResource{}
-	k.crdCache = map[k8s.ObjectRef]crdCacheEntry{}
+	k.allResources = map[schema.GroupVersionKind]v1.APIResource{}
+	k.preferredResources = map[schema.GroupKind]v1.APIResource{}
+	k.crds = map[schema.GroupKind]*uo.UnstructuredObject{}
 
 	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
 	var arls []*v1.APIResourceList
@@ -124,7 +120,7 @@ func (k *k8sResources) updateResources(doLock bool) error {
 			if _, ok := k.allResources[gvk]; ok {
 				ok = false
 			}
-			k.allResources[gvk] = &ar
+			k.allResources[gvk] = ar
 		}
 	}
 
@@ -150,53 +146,160 @@ func (k *k8sResources) updateResources(doLock bool) error {
 			if _, ok := deprecatedResources[gk]; ok {
 				continue
 			}
-			k.preferredResources[gk] = &ar
+			k.preferredResources[gk] = ar
 		}
 	}
 	return nil
 }
 
-func (k *k8sResources) RediscoverResources() error {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
+var crdGK = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
 
-	k.discovery.Invalidate()
-	return k.updateResources(false)
+func (k *k8sResources) updateResourcesFromCRDs() error {
+	ar := k.GetPreferredResource(crdGK)
+	if ar == nil {
+		return fmt.Errorf("api resource for CRDs not found")
+	}
+	gvr, _, err := k.GetGVRForGVK(schema.GroupVersionKind{
+		Group:   ar.Group,
+		Version: ar.Version,
+		Kind:    ar.Kind,
+	})
+	if err != nil {
+		return err
+	}
+
+	var crds *unstructured.UnstructuredList
+	_, err = k.k.withClientFromPool(func(p *parallelClientEntry) error {
+		var err error
+		crds, err = p.dynamicClient.Resource(*gvr).List(k.ctx, v1.ListOptions{})
+		return err
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, x := range crds.Items {
+		x2 := x
+		crd := uo.FromUnstructured(&x2)
+		err = k.UpdateResourcesFromCRD(crd)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
 }
 
-func (k *k8sResources) SetNamespaced(gv schema.GroupKind, namespaced bool) {
+func (k *k8sResources) UpdateResourcesFromCRD(crd *uo.UnstructuredObject) error {
+	var err error
+	var ar v1.APIResource
+	ar.Group, _, err = crd.GetNestedString("spec", "group")
+	if err != nil {
+		return err
+	}
+	ar.Name, _, err = crd.GetNestedString("spec", "names", "plural")
+	if err != nil {
+		return err
+	}
+	ar.Kind, _, err = crd.GetNestedString("spec", "names", "kind")
+	if err != nil {
+		return err
+	}
+	ar.SingularName, _, err = crd.GetNestedString("spec", "names", "singular")
+	if err != nil {
+		return err
+	}
+	scope, _, err := crd.GetNestedString("spec", "scope")
+	if err != nil {
+		return err
+	}
+	ar.Namespaced = strings.ToLower(scope) == "namespaced"
+	ar.ShortNames, _, err = crd.GetNestedStringList("spec", "names", "shortNames")
+	if err != nil {
+		return err
+	}
+	ar.Categories, _, err = crd.GetNestedStringList("spec", "names", "categories")
+	if err != nil {
+		return err
+	}
+	versions, _, err := crd.GetNestedObjectList("spec", "versions")
+	if err != nil {
+		return err
+	}
+
+	ar.Verbs = []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}
+
+	gk := schema.GroupKind{
+		Group: ar.Group,
+		Kind:  ar.Kind,
+	}
+
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
-	k.namespacedResources[gv] = namespaced
+
+	k.crds[gk] = crd
+
+	var versionStrs []string
+	for _, v := range versions {
+		name, _, err := v.GetNestedString("name")
+		if err != nil {
+			return err
+		}
+		versionStrs = append(versionStrs, name)
+	}
+
+	// Sort the same way as api discovery does it. The first entry is then the preferred version
+	sort.Slice(versionStrs, func(i, j int) bool {
+		return version.CompareKubeAwareVersionStrings(versionStrs[i], versionStrs[j]) > 0
+	})
+
+	for i, v := range versionStrs {
+		ar2 := ar
+		ar2.Version = v
+		gvk := schema.GroupVersionKind{
+			Group:   gk.Group,
+			Version: ar2.Version,
+			Kind:    gk.Kind,
+		}
+		k.allResources[gvk] = ar2
+
+		if i == 0 {
+			k.preferredResources[gk] = ar2
+		}
+	}
+
+	return nil
 }
 
-func (k *k8sResources) IsNamespaced(gv schema.GroupKind) bool {
+func (k *k8sResources) IsNamespaced(gv schema.GroupKind) *bool {
 	ar := k.GetPreferredResource(gv)
 	if ar == nil {
-		k.mutex.Lock()
-		defer k.mutex.Unlock()
-
-		n, _ := k.namespacedResources[gv]
-		return n
+		return nil
 	}
-	return ar.Namespaced
+	return &ar.Namespaced
 }
 
 func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
 	ref := o.GetK8sRef()
 	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
-	if !namespaced && ref.Namespace != "" {
+	if namespaced == nil {
+		return
+	}
+	if !*namespaced && ref.Namespace != "" {
 		o.SetK8sNamespace("")
-	} else if namespaced && ref.Namespace == "" {
+	} else if *namespaced && ref.Namespace == "" {
 		o.SetK8sNamespace(def)
 	}
 }
 
 func (k *k8sResources) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
-	if !namespaced && ref.Namespace != "" {
+	if namespaced == nil {
+		return ref
+	}
+	if !*namespaced && ref.Namespace != "" {
 		ref.Namespace = ""
-	} else if namespaced && ref.Namespace == "" {
+	} else if *namespaced && ref.Namespace == "" {
 		ref.Namespace = "default"
 	}
 	return ref
@@ -227,7 +330,7 @@ func (k *k8sResources) GetPreferredResource(gk schema.GroupKind) *v1.APIResource
 	if !ok {
 		return nil
 	}
-	return ar
+	return &ar
 }
 
 func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
@@ -236,7 +339,7 @@ func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []s
 
 	var ret []schema.GroupVersionKind
 	for _, ar := range k.allResources {
-		if !filter(ar) {
+		if !filter(&ar) {
 			continue
 		}
 		gvk := schema.GroupVersionKind{
@@ -255,7 +358,7 @@ func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource)
 
 	var ret []schema.GroupVersionKind
 	for _, ar := range k.preferredResources {
-		if !filter(ar) {
+		if !filter(&ar) {
 			continue
 		}
 		gvk := schema.GroupVersionKind{
@@ -302,39 +405,19 @@ func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupV
 	}, ar.Namespaced, nil
 }
 
-func (k *k8sResources) GetCRDForGVK(k2 *K8sCluster, gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	gvr, _, err := k.GetGVRForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-
-	crdRef := k8s.ObjectRef{
-		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
-		Name: fmt.Sprintf("%s.%s", gvr.Resource, gvr.Group),
-	}
-
+func (k *k8sResources) GetCRDForGK(gk schema.GroupKind) *uo.UnstructuredObject {
 	k.mutex.Lock()
-	x, ok := k.crdCache[crdRef]
-	k.mutex.Unlock()
-	if ok {
-		return x.crd, x.err
-	}
-
-	crd, _, err := k2.GetSingleObject(crdRef)
+	defer k.mutex.Unlock()
 
-	k.mutex.Lock()
-	x.crd = crd
-	x.err = err
-	k.crdCache[crdRef] = x
-	k.mutex.Unlock()
+	crd, _ := k.crds[gk]
 
-	return crd, err
+	return crd
 }
 
-func (k *k8sResources) GetSchemaForGVK(k2 *K8sCluster, gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	crd, err := k.GetCRDForGVK(k2, gvk)
-	if err != nil {
-		return nil, err
+func (k *k8sResources) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
+	crd := k.GetCRDForGK(gvk.GroupKind())
+	if crd == nil {
+		return nil, nil
 	}
 
 	versions, ok, err := crd.GetNestedObjectList("spec", "versions")
@@ -345,12 +428,12 @@ func (k *k8sResources) GetSchemaForGVK(k2 *K8sCluster, gvk schema.GroupVersionKi
 		return nil, fmt.Errorf("versions not found in CRD")
 	}
 
-	for _, version := range versions {
-		name, _, _ := version.GetNestedString("name")
+	for _, v := range versions {
+		name, _, _ := v.GetNestedString("name")
 		if name != gvk.Version {
 			continue
 		}
-		s, ok, err := version.GetNestedObject("schema", "openAPIV3Schema")
+		s, ok, err := v.GetNestedObject("schema", "openAPIV3Schema")
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 0331074bc..6e631470f 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -117,7 +117,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			// can't really say anything...
 			return
 		}
-		s, err := k.Resources.GetSchemaForGVK(k, ref.GVK)
+		s, err := k.Resources.GetSchemaForGVK(ref.GVK)
 		if err != nil && !errors.IsNotFound(err) {
 			addError(err.Error())
 			return

From 2e9a7c47cac94e9d702e0abc3fa0f1dcfdd6c9bb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 23:22:59 +0200
Subject: [PATCH 0154/2268] refactor: Move client pool handling into own class

---
 pkg/k8s/client.go      | 141 +++++++++++++++++++++++++++++++++++++++++
 pkg/k8s/k8s_cluster.go | 130 +++----------------------------------
 pkg/k8s/resources.go   |  12 ++--
 3 files changed, 157 insertions(+), 126 deletions(-)
 create mode 100644 pkg/k8s/client.go

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
new file mode 100644
index 000000000..fbda2dbd5
--- /dev/null
+++ b/pkg/k8s/client.go
@@ -0,0 +1,141 @@
+package k8s
+
+import (
+	"context"
+	"fmt"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
+	"k8s.io/client-go/rest"
+	"net/http"
+)
+
+type k8sClients struct {
+	ctx        context.Context
+	restConfig *rest.Config
+	clientPool chan *parallelClientEntry
+	count      int
+}
+
+type parallelClientEntry struct {
+	http           *http.Client
+	corev1         *corev1.CoreV1Client
+	dynamicClient  dynamic.Interface
+	metadataClient metadata.Interface
+
+	warnings []ApiWarning
+}
+
+type ApiWarning struct {
+	Code  int
+	Agent string
+	Text  string
+}
+
+func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text string) {
+	p.warnings = append(p.warnings, ApiWarning{
+		Code:  code,
+		Agent: agent,
+		Text:  text,
+	})
+}
+
+func newK8sClients(ctx context.Context, restConfig *rest.Config, count int) (*k8sClients, error) {
+	var err error
+
+	k := &k8sClients{
+		ctx:        ctx,
+		restConfig: restConfig,
+		clientPool: make(chan *parallelClientEntry, count),
+		count:      count,
+	}
+
+	for i := 0; i < count; i++ {
+		p := &parallelClientEntry{}
+		config := rest.CopyConfig(k.restConfig)
+		config.WarningHandler = p
+
+		p.http, err = rest.HTTPClientFor(config)
+		if err != nil {
+			return nil, err
+		}
+
+		p.corev1, err = corev1.NewForConfigAndClient(config, p.http)
+		if err != nil {
+			return nil, err
+		}
+
+		p.dynamicClient, err = dynamic.NewForConfigAndClient(config, p.http)
+		if err != nil {
+			return nil, err
+		}
+
+		p.metadataClient, err = metadata.NewForConfigAndClient(config, p.http)
+		if err != nil {
+			return nil, err
+		}
+
+		k.clientPool <- p
+	}
+	return k, nil
+}
+
+func (k *k8sClients) close() {
+	if k.clientPool != nil {
+		for i := 0; i < k.count; i++ {
+			p := <-k.clientPool
+			p.http.CloseIdleConnections()
+		}
+	}
+	k.clientPool = nil
+	k.count = 0
+}
+
+func (k *k8sClients) withClientFromPool(cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
+	select {
+	case p := <-k.clientPool:
+		defer func() { k.clientPool <- p }()
+		p.warnings = nil
+		err := cb(p)
+		return append([]ApiWarning(nil), p.warnings...), err
+	case <-k.ctx.Done():
+		return nil, fmt.Errorf("failed waiting for free client: %w", k.ctx.Err())
+	}
+}
+
+func (k *k8sClients) withDynamicClientForGVR(gvr *schema.GroupVersionResource, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
+	return k.withClientFromPool(func(p *parallelClientEntry) error {
+		if namespace != "" {
+			return cb(p.dynamicClient.Resource(*gvr).Namespace(namespace))
+		} else {
+			return cb(p.dynamicClient.Resource(*gvr))
+		}
+	})
+}
+
+func (k *k8sClients) withMetadataClientForGVR(gvr *schema.GroupVersionResource, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
+	return k.withClientFromPool(func(p *parallelClientEntry) error {
+		if namespace != "" {
+			return cb(p.metadataClient.Resource(*gvr).Namespace(namespace))
+		} else {
+			return cb(p.metadataClient.Resource(*gvr))
+		}
+	})
+}
+
+func (k *k8sClients) withDynamicClientForGVK(resources *k8sResources, gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
+	gvr, err := resources.GetGVRForGVK(gvk)
+	if err != nil {
+		return nil, err
+	}
+	return k.withDynamicClientForGVR(gvr, namespace, cb)
+}
+
+func (k *k8sClients) withMetadataClientForGVK(resources *k8sResources, gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
+	gvr, err := resources.GetGVRForGVK(gvk)
+	if err != nil {
+		return nil, err
+	}
+	return k.withMetadataClientForGVR(gvr, namespace, cb)
+}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b34e828dc..3a7993f2f 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -17,11 +17,9 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/dynamic"
-	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
-	"net/http"
 	"sync"
 	"time"
 )
@@ -38,38 +36,13 @@ type K8sCluster struct {
 	DryRun bool
 
 	restConfig *rest.Config
-	clientPool chan *parallelClientEntry
+	clients    *k8sClients
 
 	ServerVersion *goversion.Version
 
 	Resources *k8sResources
 }
 
-type parallelClientEntry struct {
-	http           *http.Client
-	corev1         *corev1.CoreV1Client
-	dynamicClient  dynamic.Interface
-	metadataClient metadata.Interface
-
-	warnings []ApiWarning
-}
-
-type ApiWarning struct {
-	Code  int
-	Agent string
-	Text  string
-}
-
-func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text string) {
-	p.warnings = append(p.warnings, ApiWarning{
-		Code:  code,
-		Agent: agent,
-		Text:  text,
-	})
-}
-
-const parallelClients = 16
-
 func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
 	var err error
 
@@ -88,7 +61,7 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 		return nil, err
 	}
 
-	err = k.initClientPool()
+	k.clients, err = newK8sClients(ctx, restConfig, 16)
 	if err != nil {
 		return nil, err
 	}
@@ -107,7 +80,7 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	if err != nil {
 		return nil, err
 	}
-	err = k.Resources.updateResourcesFromCRDs()
+	err = k.Resources.updateResourcesFromCRDs(k.clients)
 	if err != nil {
 		return nil, err
 	}
@@ -115,47 +88,6 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	return k, nil
 }
 
-func (k *K8sCluster) initClientPool() error {
-	var err error
-
-	if k.clientPool != nil {
-		for i := 0; i < parallelClients; i++ {
-			p := <-k.clientPool
-			p.http.CloseIdleConnections()
-		}
-	}
-
-	k.clientPool = make(chan *parallelClientEntry, parallelClients)
-	for i := 0; i < parallelClients; i++ {
-		p := &parallelClientEntry{}
-		config := rest.CopyConfig(k.restConfig)
-		config.WarningHandler = p
-
-		p.http, err = rest.HTTPClientFor(config)
-		if err != nil {
-			return err
-		}
-
-		p.corev1, err = corev1.NewForConfigAndClient(config, p.http)
-		if err != nil {
-			return err
-		}
-
-		p.dynamicClient, err = dynamic.NewForConfigAndClient(config, p.http)
-		if err != nil {
-			return err
-		}
-
-		p.metadataClient, err = metadata.NewForConfigAndClient(config, p.http)
-		if err != nil {
-			return err
-		}
-
-		k.clientPool <- p
-	}
-	return nil
-}
-
 func (k *K8sCluster) ReadWrite() *K8sCluster {
 	k2 := *k
 	k2.DryRun = false
@@ -166,48 +98,6 @@ func (k *K8sCluster) GetCA() []byte {
 	return k.restConfig.CAData
 }
 
-func (k *K8sCluster) withClientFromPool(cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
-	select {
-	case p := <-k.clientPool:
-		defer func() { k.clientPool <- p }()
-		p.warnings = nil
-		err := cb(p)
-		return append([]ApiWarning(nil), p.warnings...), err
-	case <-k.ctx.Done():
-		return nil, fmt.Errorf("failed waiting for free client: %w", k.ctx.Err())
-	}
-}
-
-func (k *K8sCluster) withDynamicClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
-	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.Resources.GetGVRForGVK(gvk)
-		if err != nil {
-			return err
-		}
-
-		if namespaced && namespace != "" {
-			return cb(p.dynamicClient.Resource(*gvr).Namespace(namespace))
-		} else {
-			return cb(p.dynamicClient.Resource(*gvr))
-		}
-	})
-}
-
-func (k *K8sCluster) withMetadataClientForGVK(gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
-	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		gvr, namespaced, err := k.Resources.GetGVRForGVK(gvk)
-		if err != nil {
-			return err
-		}
-
-		if namespaced && namespace != "" {
-			return cb(p.metadataClient.Resource(*gvr).Namespace(namespace))
-		} else {
-			return cb(p.metadataClient.Resource(*gvr))
-		}
-	})
-}
-
 func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
 	ret := ""
 
@@ -223,7 +113,7 @@ func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
 func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	var result []*uo.UnstructuredObject
 
-	apiWarnings, err := k.withDynamicClientForGVK(gvk, namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, gvk, namespace, func(r dynamic.ResourceInterface) error {
 		o := v1.ListOptions{
 			LabelSelector: k.buildLabelSelector(labels),
 		}
@@ -242,7 +132,7 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 func (k *K8sCluster) ListObjectsMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	var result []*uo.UnstructuredObject
 
-	apiWarnings, err := k.withMetadataClientForGVK(gvk, namespace, func(r metadata.ResourceInterface) error {
+	apiWarnings, err := k.clients.withMetadataClientForGVK(k.Resources, gvk, namespace, func(r metadata.ResourceInterface) error {
 		o := v1.ListOptions{
 			LabelSelector: k.buildLabelSelector(labels),
 		}
@@ -318,7 +208,7 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 
 func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		o := v1.GetOptions{}
 		x, err := r.Get(k.ctx, ref.Name, o)
 		if err != nil {
@@ -382,7 +272,7 @@ func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions
 		o.DryRun = []string{"All"}
 	}
 
-	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		err := r.Delete(k.ctx, ref.Name, o)
 		if err != nil {
 			if options.IgnoreNotFoundError && errors.IsNotFound(err) {
@@ -539,7 +429,7 @@ func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions)
 	status.Trace(k.ctx, "patching %s", ref.String())
 
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Patch(k.ctx, ref.Name, types.ApplyPatchType, data, po)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
@@ -568,7 +458,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	status.Trace(k.ctx, "updating %s", ref.String())
 
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.withDynamicClientForGVK(ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Update(k.ctx, o.ToUnstructured(), updateOpts)
 		if err != nil {
 			return err
@@ -581,7 +471,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 
 func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
 	var ret rest.ResponseWrapper
-	_, err := k.withClientFromPool(func(p *parallelClientEntry) error {
+	_, err := k.clients.withClientFromPool(func(p *parallelClientEntry) error {
 		ret = p.corev1.Services(namespace).ProxyGet(scheme, name, port, path, params)
 		return nil
 	})
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 266b7d090..359b9451b 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -154,12 +154,12 @@ func (k *k8sResources) updateResources() error {
 
 var crdGK = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
 
-func (k *k8sResources) updateResourcesFromCRDs() error {
+func (k *k8sResources) updateResourcesFromCRDs(clients *k8sClients) error {
 	ar := k.GetPreferredResource(crdGK)
 	if ar == nil {
 		return fmt.Errorf("api resource for CRDs not found")
 	}
-	gvr, _, err := k.GetGVRForGVK(schema.GroupVersionKind{
+	gvr, err := k.GetGVRForGVK(schema.GroupVersionKind{
 		Group:   ar.Group,
 		Version: ar.Version,
 		Kind:    ar.Kind,
@@ -169,7 +169,7 @@ func (k *k8sResources) updateResourcesFromCRDs() error {
 	}
 
 	var crds *unstructured.UnstructuredList
-	_, err = k.k.withClientFromPool(func(p *parallelClientEntry) error {
+	_, err = clients.withClientFromPool(func(p *parallelClientEntry) error {
 		var err error
 		crds, err = p.dynamicClient.Resource(*gvr).List(k.ctx, v1.ListOptions{})
 		return err
@@ -386,13 +386,13 @@ func BuildGVKFilter(group *string, version *string, kind *string) func(ar *v1.AP
 	}
 }
 
-func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, bool, error) {
+func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, error) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
 
 	ar, ok := k.allResources[gvk]
 	if !ok {
-		return nil, false, &meta.NoKindMatchError{
+		return nil, &meta.NoKindMatchError{
 			GroupKind:        gvk.GroupKind(),
 			SearchedVersions: []string{gvk.Version},
 		}
@@ -402,7 +402,7 @@ func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupV
 		Group:    ar.Group,
 		Version:  ar.Version,
 		Resource: ar.Name,
-	}, ar.Namespaced, nil
+	}, nil
 }
 
 func (k *k8sResources) GetCRDForGK(gk schema.GroupKind) *uo.UnstructuredObject {

From a61cdf06046228bb3af3f964e823b42e369d1890 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 23:50:31 +0200
Subject: [PATCH 0155/2268] refactor: Don't rely on dynamic client for CRD
 retrieval

---
 pkg/k8s/resources.go | 47 +++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 359b9451b..3010d295a 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -6,9 +6,10 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
@@ -21,12 +22,14 @@ import (
 	"strings"
 	"sync"
 	"time"
+
+	apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 )
 
 type k8sResources struct {
-	ctx       context.Context
-	k         *K8sCluster
-	discovery *disk.CachedDiscoveryClient
+	ctx        context.Context
+	restConfig *rest.Config
+	discovery  *disk.CachedDiscoveryClient
 
 	allResources       map[schema.GroupVersionKind]v1.APIResource
 	preferredResources map[schema.GroupKind]v1.APIResource
@@ -34,10 +37,10 @@ type k8sResources struct {
 	mutex              sync.Mutex
 }
 
-func newK8sResources(ctx context.Context, config *rest.Config, k2 *K8sCluster) (*k8sResources, error) {
+func newK8sResources(ctx context.Context, config *rest.Config) (*k8sResources, error) {
 	k := &k8sResources{
 		ctx:                ctx,
-		k:                  k2,
+		restConfig:         config,
 		allResources:       map[schema.GroupVersionKind]v1.APIResource{},
 		preferredResources: map[schema.GroupKind]v1.APIResource{},
 		crds:               map[schema.GroupKind]*uo.UnstructuredObject{},
@@ -155,32 +158,26 @@ func (k *k8sResources) updateResources() error {
 var crdGK = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
 
 func (k *k8sResources) updateResourcesFromCRDs(clients *k8sClients) error {
-	ar := k.GetPreferredResource(crdGK)
-	if ar == nil {
-		return fmt.Errorf("api resource for CRDs not found")
-	}
-	gvr, err := k.GetGVRForGVK(schema.GroupVersionKind{
-		Group:   ar.Group,
-		Version: ar.Version,
-		Kind:    ar.Kind,
-	})
-	if err != nil {
-		return err
-	}
+	var crdList *apiextensionsv1.CustomResourceDefinitionList
+	_, err := clients.withClientFromPool(func(p *parallelClientEntry) error {
+		c, err := apiextensionsclient.NewForConfigAndClient(k.restConfig, p.http)
+		if err != nil {
+			return err
+		}
 
-	var crds *unstructured.UnstructuredList
-	_, err = clients.withClientFromPool(func(p *parallelClientEntry) error {
-		var err error
-		crds, err = p.dynamicClient.Resource(*gvr).List(k.ctx, v1.ListOptions{})
+		crdList, err = c.CustomResourceDefinitions().List(k.ctx, v1.ListOptions{})
 		return err
 	})
 	if err != nil {
 		return err
 	}
 
-	for _, x := range crds.Items {
-		x2 := x
-		crd := uo.FromUnstructured(&x2)
+	for _, x := range crdList.Items {
+		u, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&x)
+		if err != nil {
+			return err
+		}
+		crd := uo.FromMap(u)
 		err = k.UpdateResourcesFromCRD(crd)
 		if err != nil {
 			return err

From 919e5ee2c3376bf5b662a7d156755e3d3c530950 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 23:51:16 +0200
Subject: [PATCH 0156/2268] refactor: Run updateResources and
 updateResourcesFromCRDs in parallel

---
 pkg/k8s/k8s_cluster.go | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 3a7993f2f..ecf422fc3 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -56,7 +56,7 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 		restConfig: restConfig,
 	}
 
-	k.Resources, err = newK8sResources(ctx, restConfig, k)
+	k.Resources, err = newK8sResources(ctx, restConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -76,13 +76,26 @@ func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8
 	}
 	k.ServerVersion = v2
 
-	err = k.Resources.updateResources()
-	if err != nil {
-		return nil, err
-	}
-	err = k.Resources.updateResourcesFromCRDs(k.clients)
-	if err != nil {
-		return nil, err
+	var wg sync.WaitGroup
+	wg.Add(2)
+
+	var err1 error
+	var err2 error
+	go func() {
+		err1 = k.Resources.updateResources()
+		wg.Done()
+	}()
+	go func() {
+		err2 = k.Resources.updateResourcesFromCRDs(k.clients)
+		wg.Done()
+	}()
+	wg.Wait()
+
+	if err1 != nil {
+		return nil, err1
+	}
+	if err2 != nil {
+		return nil, err2
 	}
 
 	return k, nil

From 828e0265d354dafa68fab8ab43e9e73f4d6ba990 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 May 2022 23:57:02 +0200
Subject: [PATCH 0157/2268] fix: Fix loop variable capture

---
 pkg/k8s/k8s_cluster.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index ecf422fc3..3813ac550 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -190,6 +190,7 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 	}
 
 	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filter) {
+		gvk := gvk
 		wp.Submit(func() error {
 			var l []*uo.UnstructuredObject
 			var apiWarnings []ApiWarning

From 25253f767132b9a6727b01c50ed75fe82e075c74 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 13:22:55 +0200
Subject: [PATCH 0158/2268] fix: Fix hang after failed postprocessing stage

---
 pkg/deployment/deployment_collection.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index def63872c..4b845757b 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -235,6 +235,8 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 
 	if len(errs) == 0 {
 		s.Success()
+	} else {
+		s.Failed()
 	}
 
 	return utils.NewErrorListOrNil(errs)

From c88700b6e9c907b89f8e784816c955ccae21fb54 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 14:55:28 +0200
Subject: [PATCH 0159/2268] fix: Add --offline-images flag to allow disabling
 registry queries

---
 cmd/kluctl/args/images.go    | 1 +
 cmd/kluctl/commands/utils.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index f9eb511be..f11fba0a4 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -11,6 +11,7 @@ type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
 	FixedImagesFile existingFileType `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
 	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
+	OfflineImages   bool             `group:"images" help:"Omit contacting image registries and do not query for latest image tags."`
 }
 
 func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 30395bc61..c6f69df50 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -121,7 +121,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
 	}
-	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.forCompletion)
+	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.imageFlags.OfflineImages || args.forCompletion)
 	if err != nil {
 		return err
 	}

From b6ea0929119b406957201b1c3006f85be803cf20 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 14:56:01 +0200
Subject: [PATCH 0160/2268] refactor: Introduce KeyPath type

---
 pkg/diff/diff.go                |  4 ++--
 pkg/diff/managed_fields.go      |  8 ++++----
 pkg/k8s/k8s_cluster.go          |  8 ++++----
 pkg/kluctl_project/targets.go   |  2 +-
 pkg/seal/secrets_loader.go      |  6 +++---
 pkg/utils/uo/jsonpath.go        | 10 ++++++----
 pkg/utils/uo/nested_fields.go   | 12 ++++++------
 pkg/utils/uo/object_iterator.go | 12 ++++--------
 8 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 3746c3c5f..5781b9312 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -18,7 +18,7 @@ import (
 var notPresent = struct{}{}
 
 func convertPath(path []string, o interface{}) (string, error) {
-	var ret []interface{}
+	var ret uo.KeyPath
 	for _, p := range path {
 		if i, err := strconv.ParseInt(p, 10, 32); err == nil {
 			x, found, _ := uo.GetChild(o, int(i))
@@ -35,7 +35,7 @@ func convertPath(path []string, o interface{}) (string, error) {
 		ret = append(ret, p)
 		o = x
 	}
-	return uo.KeyListToJsonPath(ret), nil
+	return ret.ToJsonPath(), nil
 }
 
 func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([]types.Change, error) {
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 3a0772165..36200458d 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -59,7 +59,7 @@ func checkListItemMatch(o interface{}, pathElement fieldpath.PathElement, index
 	}
 }
 
-func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) ([]interface{}, bool, error) {
+func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) (uo.KeyPath, bool, error) {
 	var ret []interface{}
 	var o interface{} = remote.Object
 	for _, e := range path {
@@ -157,7 +157,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			return nil, nil, err
 		}
 		for _, f := range fields {
-			forceApplyFields[uo.KeyListToJsonPath(f)] = true
+			forceApplyFields[f.ToJsonPath()] = true
 		}
 	}
 
@@ -209,13 +209,13 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 					break
 				}
 			}
-			if _, ok := forceApplyFields[uo.KeyListToJsonPath(p)]; ok {
+			if _, ok := forceApplyFields[p.ToJsonPath()]; ok {
 				overwrite = true
 			}
 		}
 
 		if !overwrite {
-			j, err := uo.NewMyJsonPath(uo.KeyListToJsonPath(p))
+			j, err := uo.NewMyJsonPath(p.ToJsonPath())
 			if err != nil {
 				return nil, nil, err
 			}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 3813ac550..160a0ad8b 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -352,7 +352,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 			return
 		}
 
-		ports, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o)
+		ports, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
 		if !found {
 			return
 		}
@@ -368,7 +368,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 		if !needsTypeConversionFix {
 			return
 		}
-		d, found, _ := uo.NewMyJsonPathMust(p).GetFirstMap(o)
+		d, found, _ := uo.NewMyJsonPathMust(p).GetFirstMap(o.Object)
 		if !found {
 			return
 		}
@@ -389,7 +389,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 	}
 
 	fixContainers := func(p string) {
-		containers, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o)
+		containers, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
 		if !found {
 			return
 		}
@@ -399,7 +399,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 	}
 
 	fixLimits := func(p string) {
-		limits, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o)
+		limits, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
 		if !found {
 			return
 		}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 8492422b2..8e139fa64 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -336,7 +336,7 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 	if targetConfig.Args != nil {
 		err = targetConfig.Args.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 			strValue := fmt.Sprintf("%v", it.Value())
-			err := c.CheckDynamicArg(&target, it.JsonPath(), strValue)
+			err := c.CheckDynamicArg(&target, it.KeyPath().ToJsonPath(), strValue)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index fb863224c..ff0a13431 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -87,15 +87,15 @@ func (s *SecretsLoader) loadSecretsSystemEnvs(source *types.SecretSource) (*uo.U
 	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 		envName, ok := it.Value().(string)
 		if !ok {
-			return fmt.Errorf("value at %s is not a string", it.JsonPath())
+			return fmt.Errorf("value at %s is not a string", it.KeyPath().ToJsonPath())
 		}
 		envValue, ok := os.LookupEnv(envName)
 		if !ok {
-			return fmt.Errorf("environment variable %s not found for secret %s", envName, it.JsonPath())
+			return fmt.Errorf("environment variable %s not found for secret %s", envName, it.KeyPath().ToJsonPath())
 		}
 		err := secrets.SetNestedField(envValue, it.KeyPath()...)
 		if err != nil {
-			return fmt.Errorf("failed to set secret %s: %w", it.JsonPath(), err)
+			return fmt.Errorf("failed to set secret %s: %w", it.KeyPath().ToJsonPath(), err)
 		}
 		return nil
 	})
diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index b375aca7e..3843259f2 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -9,9 +9,11 @@ import (
 
 var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]+$`)
 
-func KeyListToJsonPath(keys []interface{}) string {
+type KeyPath []interface{}
+
+func (kl KeyPath) ToJsonPath() string {
 	p := ""
-	for _, k := range keys {
+	for _, k := range kl {
 		if i, ok := k.(int); ok {
 			p = fmt.Sprintf("%s[%d]", p, i)
 		} else if s, ok := k.(string); ok {
@@ -62,8 +64,8 @@ func NewMyJsonPathMust(p string) *MyJsonPath {
 	return j
 }
 
-func (j *MyJsonPath) ListMatchingFields(o *UnstructuredObject) ([][]interface{}, error) {
-	var ret [][]interface{}
+func (j *MyJsonPath) ListMatchingFields(o *UnstructuredObject) ([]KeyPath, error) {
+	var ret []KeyPath
 
 	o = o.Clone()
 	magic := struct{}{}
diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 0de90bab6..325c581f3 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -84,7 +84,7 @@ func (uo *UnstructuredObject) GetNestedString(keys ...interface{}) (string, bool
 	}
 	s, ok := v.(string)
 	if !ok {
-		return "", false, fmt.Errorf("value at %s is not a string", KeyListToJsonPath(keys))
+		return "", false, fmt.Errorf("value at %s is not a string", KeyPath(keys).ToJsonPath())
 	}
 	return s, true, nil
 }
@@ -102,7 +102,7 @@ func (uo *UnstructuredObject) GetNestedInt(keys ...interface{}) (int64, bool, er
 		if i2, ok := v.(int); ok {
 			i = int64(i2)
 		} else {
-			return 0, false, fmt.Errorf("value at %s is not an int", KeyListToJsonPath(keys))
+			return 0, false, fmt.Errorf("value at %s is not an int", KeyPath(keys).ToJsonPath())
 		}
 	}
 	return i, true, nil
@@ -118,7 +118,7 @@ func (uo *UnstructuredObject) GetNestedList(keys ...interface{}) ([]interface{},
 	}
 	l, ok := v.([]interface{})
 	if !ok {
-		return nil, false, fmt.Errorf("value at %s is not a slice", KeyListToJsonPath(keys))
+		return nil, false, fmt.Errorf("value at %s is not a slice", KeyPath(keys).ToJsonPath())
 	}
 	return l, true, nil
 }
@@ -135,7 +135,7 @@ func (uo *UnstructuredObject) GetNestedStringList(keys ...interface{}) ([]string
 	for i, x := range l {
 		s, ok := x.(string)
 		if !ok {
-			return nil, false, fmt.Errorf("value at index %s is not a slice of strings", KeyListToJsonPath(keys))
+			return nil, false, fmt.Errorf("value at index %s is not a slice of strings", KeyPath(keys).ToJsonPath())
 		}
 		ret[i] = s
 	}
@@ -209,13 +209,13 @@ func (uo *UnstructuredObject) GetNestedStringMapCopy(keys ...interface{}) (map[s
 	}
 	m, ok := v.(map[string]interface{})
 	if !ok {
-		return nil, false, fmt.Errorf("value at %s is not a map", KeyListToJsonPath(keys))
+		return nil, false, fmt.Errorf("value at %s is not a map", KeyPath(keys).ToJsonPath())
 	}
 	ret := make(map[string]string)
 	for k, v := range m {
 		s, ok := v.(string)
 		if !ok {
-			return nil, false, fmt.Errorf("value at %s.%s is not a string", KeyListToJsonPath(keys), k)
+			return nil, false, fmt.Errorf("value at %s.%s is not a string", KeyPath(keys).ToJsonPath(), k)
 		}
 		ret[k] = s
 	}
diff --git a/pkg/utils/uo/object_iterator.go b/pkg/utils/uo/object_iterator.go
index debb5c227..f1859aa95 100644
--- a/pkg/utils/uo/object_iterator.go
+++ b/pkg/utils/uo/object_iterator.go
@@ -3,7 +3,7 @@ package uo
 type ObjectIteratorFunc func(it *ObjectIterator) error
 type ObjectIterator struct {
 	path []interface{}
-	keys []interface{}
+	keys KeyPath
 	cb   ObjectIteratorFunc
 }
 
@@ -13,12 +13,12 @@ func NewObjectIterator(o map[string]interface{}) *ObjectIterator {
 	}
 }
 
-func (it *ObjectIterator) KeyPath() []interface{} {
+func (it *ObjectIterator) KeyPath() KeyPath {
 	return it.keys
 }
 
-func (it *ObjectIterator) KeyPathCopy() []interface{} {
-	ret := make([]interface{}, len(it.keys))
+func (it *ObjectIterator) KeyPathCopy() KeyPath {
+	ret := make(KeyPath, len(it.keys))
 	copy(ret, it.keys)
 	return ret
 }
@@ -45,10 +45,6 @@ func (it *ObjectIterator) SetValue(v interface{}) error {
 	return SetChild(it.Parent(), it.Key(), v)
 }
 
-func (it *ObjectIterator) JsonPath() string {
-	return KeyListToJsonPath(it.keys)
-}
-
 func (it *ObjectIterator) IterateLeafs(cb ObjectIteratorFunc) error {
 	it.cb = cb
 	return it.iterateInterface()

From ad4316a37cad9d6a0b62124e5b97def115508d21 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 15:09:48 +0200
Subject: [PATCH 0161/2268] fix: Add missing dot in concatenated json path

---
 pkg/k8s/k8s_cluster.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 160a0ad8b..3bbfe7a0c 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -384,8 +384,8 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 
 	fixContainer := func(p string) {
 		fixPorts(p + ".ports")
-		fixStringType(p+"resources.limits", "cpu")
-		fixStringType(p+"resources.requests", "cpu")
+		fixStringType(p+".resources.limits", "cpu")
+		fixStringType(p+".resources.requests", "cpu")
 	}
 
 	fixContainers := func(p string) {

From 487974f47eee61bb79e58cc23c5486b32e740818 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 15:10:18 +0200
Subject: [PATCH 0162/2268] fix: Make MyJsonPath work with UnstructuredObject

---
 pkg/diff/managed_fields.go      |  2 +-
 pkg/diff/normalize.go           |  4 +--
 pkg/k8s/k8s_cluster.go          | 17 ++++++------
 pkg/seal/secrets_loader_http.go |  2 +-
 pkg/utils/uo/jsonpath.go        | 48 +++++++++++++++++++++++----------
 5 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 36200458d..8dd6ce197 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -219,7 +219,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			if err != nil {
 				return nil, nil, err
 			}
-			err = j.Del(ret.Object)
+			err = j.Del(ret)
 			if err != nil {
 				return nil, nil, err
 			}
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index f2599dc97..dd69cf073 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -164,7 +164,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 			if err != nil {
 				continue
 			}
-			_ = jp.Del(o.Object)
+			_ = jp.Del(o)
 		}
 	}
 
@@ -179,7 +179,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		if err != nil {
 			continue
 		}
-		_ = j.Del(o.Object)
+		_ = j.Del(o)
 	}
 
 	return o
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 3bbfe7a0c..51fb487b9 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -352,14 +352,15 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 			return
 		}
 
-		ports, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
+		ports, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfObjects(o)
 		if !found {
 			return
 		}
 
 		for _, port := range ports {
-			if _, ok := port["protocol"]; !ok {
-				port["protocol"] = "TCP"
+			_, ok, _ := port.GetNestedField("protocol")
+			if !ok {
+				_ = port.SetNestedField("TCP", "protocol")
 			}
 		}
 	}
@@ -368,17 +369,17 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 		if !needsTypeConversionFix {
 			return
 		}
-		d, found, _ := uo.NewMyJsonPathMust(p).GetFirstMap(o.Object)
+		d, found, _ := uo.NewMyJsonPathMust(p).GetFirstObject(o)
 		if !found {
 			return
 		}
-		v, ok := d[k]
+		v, ok, _ := d.GetNestedField(k)
 		if !ok {
 			return
 		}
 		_, ok = v.(string)
 		if !ok {
-			d[k] = fmt.Sprintf("%v", v)
+			_ = d.SetNestedField(fmt.Sprintf("%v", v), k)
 		}
 	}
 
@@ -389,7 +390,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 	}
 
 	fixContainers := func(p string) {
-		containers, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
+		containers, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfObjects(o)
 		if !found {
 			return
 		}
@@ -399,7 +400,7 @@ func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.Unstructure
 	}
 
 	fixLimits := func(p string) {
-		limits, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfMaps(o.Object)
+		limits, found, _ := uo.NewMyJsonPathMust(p).GetFirstListOfObjects(o)
 		if !found {
 			return
 		}
diff --git a/pkg/seal/secrets_loader_http.go b/pkg/seal/secrets_loader_http.go
index 25454a746..da0bba85d 100644
--- a/pkg/seal/secrets_loader_http.go
+++ b/pkg/seal/secrets_loader_http.go
@@ -117,7 +117,7 @@ func (s *SecretsLoader) loadSecretsHttp(source *types.SecretSource) (*uo.Unstruc
 		if err != nil {
 			return nil, err
 		}
-		x, ok := p.GetFirst(respObj)
+		x, ok := p.GetFirstFromAny(respObj)
 		if !ok {
 			return nil, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
 		}
diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 3843259f2..5263f8639 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -87,11 +87,11 @@ func (j *MyJsonPath) ListMatchingFields(o *UnstructuredObject) ([]KeyPath, error
 	return ret, nil
 }
 
-func (j *MyJsonPath) Get(o interface{}) []interface{} {
-	return j.exp.Get(o)
+func (j *MyJsonPath) Get(o *UnstructuredObject) []interface{} {
+	return j.exp.Get(o.Object)
 }
 
-func (j *MyJsonPath) GetFirst(o interface{}) (interface{}, bool) {
+func (j *MyJsonPath) GetFirst(o *UnstructuredObject) (interface{}, bool) {
 	l := j.Get(o)
 	if len(l) == 0 {
 		return nil, false
@@ -99,30 +99,50 @@ func (j *MyJsonPath) GetFirst(o interface{}) (interface{}, bool) {
 	return l[0], true
 }
 
-func (j *MyJsonPath) GetFirstMap(o interface{}) (map[string]interface{}, bool, error) {
-	o, found := j.GetFirst(o)
+func (j *MyJsonPath) GetFromAny(o any) []interface{} {
+	return j.exp.Get(o)
+}
+
+func (j *MyJsonPath) GetFirstFromAny(o any) (interface{}, bool) {
+	l := j.GetFromAny(o)
+	if len(l) == 0 {
+		return nil, false
+	}
+	return l[0], true
+}
+
+func (j *MyJsonPath) GetFirstObject(o *UnstructuredObject) (*UnstructuredObject, bool, error) {
+	x, found := j.GetFirst(o)
 	if !found {
 		return nil, false, nil
 	}
-	m, ok := o.(map[string]interface{})
+	m, ok := x.(map[string]interface{})
 	if !ok {
 		return nil, false, fmt.Errorf("child is not a map")
 	}
-	return m, true, nil
+	return FromMap(m), true, nil
 }
 
-func (j *MyJsonPath) GetFirstListOfMaps(o interface{}) ([]map[string]interface{}, bool, error) {
-	o, found := j.GetFirst(o)
+func (j *MyJsonPath) GetFirstListOfObjects(o *UnstructuredObject) ([]*UnstructuredObject, bool, error) {
+	x, found := j.GetFirst(o)
 	if !found {
 		return nil, false, nil
 	}
-	m, ok := o.([]map[string]interface{})
+	l, ok := x.([]interface{})
 	if !ok {
-		return nil, false, fmt.Errorf("child is not a list of maps")
+		return nil, false, fmt.Errorf("child is not a list")
+	}
+	var ret []*UnstructuredObject
+	for _, x := range l {
+		m, ok := x.(map[string]interface{})
+		if !ok {
+			return nil, false, fmt.Errorf("child is not a list of maps")
+		}
+		ret = append(ret, FromMap(m))
 	}
-	return m, true, nil
+	return ret, true, nil
 }
 
-func (j *MyJsonPath) Del(o interface{}) error {
-	return j.exp.Del(o)
+func (j *MyJsonPath) Del(o *UnstructuredObject) error {
+	return j.exp.Del(o.Object)
 }

From a50be74a1a484cd1f4bfca175f3d805b6af16b72 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 15:18:08 +0200
Subject: [PATCH 0163/2268] fix: Fix crash in loadSecretsHttp in case host is
 not reachable

---
 pkg/seal/secrets_loader_http.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/seal/secrets_loader_http.go b/pkg/seal/secrets_loader_http.go
index da0bba85d..01582a9d1 100644
--- a/pkg/seal/secrets_loader_http.go
+++ b/pkg/seal/secrets_loader_http.go
@@ -67,7 +67,7 @@ func (s *SecretsLoader) doHttp(httpSource *types.SecretSourceHttp, username stri
 
 func (s *SecretsLoader) loadSecretsHttp(source *types.SecretSource) (*uo.UnstructuredObject, error) {
 	resp, respBody, err := s.doHttp(source.Http, "", "")
-	if err != nil {
+	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
 			return nil, err
@@ -100,6 +100,8 @@ func (s *SecretsLoader) loadSecretsHttp(source *types.SecretSource) (*uo.Unstruc
 		if err != nil {
 			return nil, err
 		}
+	} else if err != nil {
+		return nil, err
 	}
 
 	var respObj interface{}

From e814c6fa86f8bf27d4b698c9e4d813ca308558b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 16:48:17 +0200
Subject: [PATCH 0164/2268] fix: Add workaround to fix progress printing when
 asking for continuation

---
 cmd/kluctl/commands/cmd_deploy.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index a0db7c000..1e514ca9b 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"time"
 )
 
 type deployCmd struct {
@@ -77,6 +78,9 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 }
 
 func (cmd *deployCmd) diffResultCb(diffResult *types.CommandResult) error {
+	// workaround to ensure that progress has been completely written/updated
+	time.Sleep(130 * time.Millisecond)
+
 	err := outputCommandResult(nil, diffResult)
 	if err != nil {
 		return err

From 5b7949b2246b25340822126d6d61b7649167d660 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 16:48:43 +0200
Subject: [PATCH 0165/2268] feat: Make target.name the default output pattern
 for sealed secrets

---
 cmd/kluctl/commands/cmd_seal.go      |  9 ++++++++-
 pkg/deployment/commands/seal.go      | 14 ++++++--------
 pkg/deployment/deployment_item.go    |  6 ++----
 pkg/deployment/deployment_project.go | 19 +++++++++++--------
 pkg/kluctl_project/target_context.go |  3 +++
 5 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index b7a4c01f4..5cd3d78d3 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -115,7 +115,14 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			return doFail(err)
 		}
 
-		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection)
+		outputPattern := targetName
+		if ctx.targetCtx.DeploymentProject.Config.SealedSecrets != nil && ctx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern != nil {
+			// the outputPattern is rendered already at this point, meaning that for example
+			// '{{ cluster.name }}/{{ target.name }}' will already be rendered to 'my-cluster/my-target'
+			outputPattern = *ctx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern
+		}
+
+		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection, outputPattern)
 		err = cmd2.Run(sealer)
 
 		if err != nil {
diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index 69110cf0d..0397133ca 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -11,20 +11,18 @@ import (
 )
 
 type SealCommand struct {
-	c *deployment.DeploymentCollection
+	c             *deployment.DeploymentCollection
+	outputPattern string
 }
 
-func NewSealCommand(c *deployment.DeploymentCollection) *SealCommand {
+func NewSealCommand(c *deployment.DeploymentCollection, outputPattern string) *SealCommand {
 	return &SealCommand{
-		c: c,
+		c:             c,
+		outputPattern: outputPattern,
 	}
 }
 
 func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
-	if cmd.c.Project.Config.SealedSecrets == nil || cmd.c.Project.Config.SealedSecrets.OutputPattern == nil {
-		return fmt.Errorf("sealedSecrets.outputPattern is not defined")
-	}
-
 	err := filepath.WalkDir(cmd.c.RenderDir, func(p string, d fs.DirEntry, err error) error {
 		if !strings.HasSuffix(p, deployment.SealmeExt) {
 			return nil
@@ -34,7 +32,7 @@ func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
 		if err != nil {
 			return err
 		}
-		relTargetFile := filepath.Join(filepath.Dir(relPath), *cmd.c.Project.Config.SealedSecrets.OutputPattern, filepath.Base(p))
+		relTargetFile := filepath.Join(filepath.Dir(relPath), cmd.outputPattern, filepath.Base(p))
 		targetFile, err := securejoin.SecureJoin(cmd.c.Project.SealedSecretsDir, relTargetFile)
 		if err != nil {
 			return err
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 7f4912747..e4ccacd3a 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -230,11 +230,9 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 		fname := filepath.Base(p)
 
 		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", filepath.Clean(filepath.Join(di.Project.dir, resource)))
-		if sealedSecretsDir == nil {
-			return fmt.Errorf("%s. Sealed secrets dir could not be determined", baseError)
-		}
+
 		// ensure we're not leaving the .sealed-secrets dir
-		sourcePath, err := securejoin.SecureJoin(baseSourcePath, filepath.Join(di.relRenderedDir, subdir, relDir, *sealedSecretsDir, fname))
+		sourcePath, err := securejoin.SecureJoin(baseSourcePath, filepath.Join(di.relRenderedDir, subdir, relDir, sealedSecretsDir, fname))
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index f0c0cedd3..3446c5ca4 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -20,9 +20,11 @@ var warnOnce utils.OnceByKey
 type DeploymentProject struct {
 	ctx context.Context
 
-	VarsCtx          *jinja2.VarsCtx
-	dir              string
-	SealedSecretsDir string
+	VarsCtx *jinja2.VarsCtx
+	dir     string
+
+	SealedSecretsDir                  string
+	DefaultSealedSecretsOutputPattern string
 
 	Config types.DeploymentProjectConfig
 
@@ -200,7 +202,8 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 			return err
 		}
 
-		newProject, err := NewDeploymentProject(p.ctx, k, varsCtx, incDir, p.SealedSecretsDir, p)
+		newProject, err := NewDeploymentProject(p.ctx, k, varsCtx, incDir,
+			p.SealedSecretsDir, p)
 		if err != nil {
 			return err
 		}
@@ -211,12 +214,12 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (p *DeploymentProject) getSealedSecretsDir() *string {
+func (p *DeploymentProject) getSealedSecretsDir() string {
 	root := p.getRootProject()
-	if root.Config.SealedSecrets == nil {
-		return nil
+	if root.Config.SealedSecrets == nil || root.Config.SealedSecrets.OutputPattern == nil {
+		return root.DefaultSealedSecretsOutputPattern
 	}
-	return root.Config.SealedSecrets.OutputPattern
+	return *root.Config.SealedSecrets.OutputPattern
 }
 
 func (p *DeploymentProject) getRootProject() *DeploymentProject {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 1d6398ae0..3d3bd22f4 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -115,6 +115,9 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfig
 	if err != nil {
 		return nil, err
 	}
+
+	d.DefaultSealedSecretsOutputPattern = targetName
+
 	c, err := deployment.NewDeploymentCollection(ctx, d, images, inclusion, renderOutputDir, forSeal)
 	if err != nil {
 		return nil, err

From 41260f4e8d5f5ec98002fc934bacd3139d4afe60 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 May 2022 16:48:55 +0200
Subject: [PATCH 0166/2268] tests: Fix e2e tests compilation

---
 e2e/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index e52c131ac..97df8657c 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -96,7 +96,7 @@ func assertNestedFieldEquals(t *testing.T, o *uo.UnstructuredObject, expected in
 		t.Fatal(err)
 	}
 	if !ok {
-		t.Fatalf("field %s not found in object", uo.KeyListToJsonPath(keys))
+		t.Fatalf("field %s not found in object", uo.KeyPath(keys).ToJsonPath())
 	}
 	if !reflect.DeepEqual(v, expected) {
 		t.Fatalf("%v != %v", v, expected)

From 04d547f67eb60712036303fc69388eaa82b092d8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 May 2022 18:21:02 +0200
Subject: [PATCH 0167/2268] feat: Make cluster per target optional and default
 to the current context

---
 cmd/kluctl/commands/cmd_archive.go      |  2 +-
 cmd/kluctl/commands/cmd_list_targets.go |  2 +-
 cmd/kluctl/commands/cmd_seal.go         |  6 +--
 cmd/kluctl/commands/completion.go       |  2 +-
 cmd/kluctl/commands/utils.go            | 42 ++++++++++++++-----
 pkg/kluctl_project/project.go           |  4 --
 pkg/kluctl_project/project_load.go      |  4 ++
 pkg/kluctl_project/target_context.go    | 56 +++++++++++++++++++------
 pkg/kluctl_project/targets.go           |  2 +-
 pkg/types/kluctl_project.go             |  2 +-
 10 files changed, 88 insertions(+), 34 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index a6a2f349d..d5c22af07 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -17,7 +17,7 @@ func (cmd *archiveCmd) Help() string {
 }
 
 func (cmd *archiveCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return p.WriteArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 64921e6f7..f8a6b5626 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 5cd3d78d3..ca2a93981 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -106,7 +106,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 
-		clusterConfig, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster)
+		clusterConfig, _, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster)
 		if err != nil {
 			return doFail(err)
 		}
@@ -134,7 +134,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 }
 
 func (cmd *sealCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		secretsLoader := seal.NewSecretsLoader(p, cmd.SecretsDir)
@@ -145,7 +145,7 @@ func (cmd *sealCmd) Run() error {
 			if cmd.Target != "" && cmd.Target != target.Target.Name {
 				continue
 			}
-			if cmd.Cluster != "" && cmd.Cluster != target.Target.Cluster {
+			if cmd.Cluster != "" && target.Target.Cluster != nil && cmd.Cluster != *target.Target.Cluster {
 				continue
 			}
 			if target.Target.SealingConfig == nil {
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 1e2b383a4..a541ab565 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -51,7 +51,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(*projectArgs, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(*projectArgs, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index c6f69df50..c283ea0de 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -17,10 +17,11 @@ import (
 	"io/ioutil"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
 )
 
-func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	var url *git_url.GitUrl
 	if projectFlags.ProjectUrl != "" {
 		var err error
@@ -68,6 +69,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		AllowGitClone:       projectFlags.FromArchive == "",
 		GitAuthProviders:    auth.NewDefaultAuthProviders(),
 		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
+		ClientConfigGetter:  clientConfigGetter(forCompletion),
 	}
 
 	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
@@ -110,7 +112,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(args.projectFlags, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(args.projectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
@@ -153,16 +155,12 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		renderOutputDir = tmpDir
 	}
 
-	clientConfigGetter := func(context string) (*rest.Config, error) {
-		if args.forCompletion {
-			return nil, nil
-		}
-		configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
-		configOverrides := &clientcmd.ConfigOverrides{CurrentContext: context}
-		return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides).ClientConfig()
+	var clusterName *string
+	if args.projectFlags.Cluster != "" {
+		clusterName = &args.projectFlags.Cluster
 	}
 
-	targetCtx, err := p.NewTargetContext(ctx, clientConfigGetter, args.targetFlags.Target, args.projectFlags.Cluster,
+	targetCtx, err := p.NewTargetContext(ctx, args.targetFlags.Target, clusterName,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
 		optionArgs, args.forSeal, images, inclusion,
 		renderOutputDir)
@@ -185,3 +183,27 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	return cb(cmdCtx)
 }
+
+func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
+	return func(context *string) (*rest.Config, *api.Config, error) {
+		if forCompletion {
+			return nil, nil, nil
+		}
+
+		configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+		configOverrides := &clientcmd.ConfigOverrides{}
+		if context != nil {
+			configOverrides.CurrentContext = *context
+		}
+		clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(configLoadingRules, configOverrides)
+		rawConfig, err := clientConfig.RawConfig()
+		if err != nil {
+			return nil, nil, err
+		}
+		restConfig, err := clientConfig.ClientConfig()
+		if err != nil {
+			return nil, nil, err
+		}
+		return restConfig, &rawConfig, nil
+	}
+}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 3b0d0efff..6592651d2 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -59,10 +59,6 @@ func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTar
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
 
-func (c *LoadedKluctlProject) LoadClusterConfig(clusterName string) (*types2.ClusterConfig, error) {
-	return types2.LoadClusterConfig(c.ClustersDir, clusterName)
-}
-
 func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue string) error {
 	var dynArg *types2.DynamicArg
 	for _, x := range target.DynamicArgs {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index bd99e8291..a5b9ca83e 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -10,6 +10,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	"path/filepath"
 	"time"
@@ -31,6 +33,8 @@ type LoadKluctlProjectArgs struct {
 	GitAuthProviders *auth2.GitAuthProviders
 
 	GitUpdateInterval time.Duration
+
+	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
 
 type gitProjectInfo struct {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 3d3bd22f4..7e647c2d2 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
 )
 
@@ -23,7 +24,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfigGetter func(context string) (*rest.Config, error), targetName string, clusterName string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -42,26 +43,18 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfig
 		}
 	}
 
-	if clusterName == "" {
-		if target == nil {
-			return nil, fmt.Errorf("you must specify an existing --cluster when not providing a --target")
-		}
+	if clusterName == nil && target != nil {
 		clusterName = target.Cluster
 	}
 
-	clusterConfig, err := p.LoadClusterConfig(clusterName)
-	if err != nil {
-		return nil, err
-	}
-
-	clientConfig, err := clientConfigGetter(clusterConfig.Cluster.Context)
+	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName)
 	if err != nil {
 		return nil, err
 	}
 
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
-		s := status.Start(ctx, "Initializing k8s client")
+		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client for context %s", clusterConfig.Cluster.Context))
 		k, err = k8s.NewK8sCluster(ctx, clientConfig, dryRun)
 		if err != nil {
 			s.Failed()
@@ -134,3 +127,42 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, clientConfig
 
 	return targetCtx, nil
 }
+
+func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string) (*types.ClusterConfig, *rest.Config, error) {
+	var err error
+	var clusterConfig *types.ClusterConfig
+
+	if clusterName != nil {
+		clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, *clusterName)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	var clientConfig *rest.Config
+	if clusterConfig != nil {
+		clientConfig, _, err = p.loadArgs.ClientConfigGetter(&clusterConfig.Cluster.Context)
+		if err != nil {
+			return nil, nil, err
+		}
+	} else {
+		var rawConfig *api.Config
+		clientConfig, rawConfig, err = p.loadArgs.ClientConfigGetter(nil)
+		if err != nil {
+			return nil, nil, err
+		}
+		ctx, ok := rawConfig.Contexts[rawConfig.CurrentContext]
+		if !ok {
+			return nil, nil, fmt.Errorf("context %s not found", rawConfig.CurrentContext)
+		}
+		clusterConfig = &types.ClusterConfig{
+			Cluster: &types.ClusterConfig2{
+				Name:    ctx.Cluster,
+				Context: rawConfig.CurrentContext,
+				Vars:    uo.New(),
+			},
+		}
+	}
+
+	return clusterConfig, clientConfig, nil
+}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 8e139fa64..c911cb5a8 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -89,7 +89,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 			return nil, err
 		}
 
-		cc, err := types.LoadClusterConfig(c.ClustersDir, target.Cluster)
+		cc, _, err := c.LoadClusterConfig(target.Cluster)
 		if err == nil {
 			err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
 			if err != nil {
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index b0ea0257f..ad2982be6 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -29,7 +29,7 @@ type SealingConfig struct {
 
 type Target struct {
 	Name          string                 `yaml:"name" validate:"required"`
-	Cluster       string                 `yaml:"cluster" validate:"required"`
+	Cluster       *string                `yaml:"cluster,omitempty"`
 	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
 	DynamicArgs   []DynamicArg           `yaml:"dynamicArgs,omitempty"`
 	TargetConfig  *ExternalTargetConfig  `yaml:"targetConfig,omitempty"`

From 1389ac304319da892b1a0580669feba1d937d4be Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 May 2022 18:27:54 +0200
Subject: [PATCH 0168/2268] fix: Don't swallow sealing errors

---
 cmd/kluctl/commands/cmd_seal.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index ca2a93981..45446a91a 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -173,6 +173,7 @@ func (cmd *sealCmd) Run() error {
 			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name, secretsLoader)
 			if err != nil {
 				hadError = true
+				status.Error(ctx, err.Error())
 			}
 		}
 		if hadError {

From 1ca9f460ca4a00c5b8022e6eea0621da71f0dd9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 10:26:55 +0200
Subject: [PATCH 0169/2268] refactor: Introduce MirroredGitRepoCollection for
 git cache handling

---
 pkg/git/repo_collection.go         | 90 ++++++++++++++++++++++++++++++
 pkg/kluctl_project/git.go          | 55 +++---------------
 pkg/kluctl_project/load.go         |  5 +-
 pkg/kluctl_project/project.go      |  4 +-
 pkg/kluctl_project/project_load.go |  8 +--
 pkg/kluctl_project/targets.go      | 17 ++----
 6 files changed, 111 insertions(+), 68 deletions(-)
 create mode 100644 pkg/git/repo_collection.go

diff --git a/pkg/git/repo_collection.go b/pkg/git/repo_collection.go
new file mode 100644
index 000000000..fbdf14ed6
--- /dev/null
+++ b/pkg/git/repo_collection.go
@@ -0,0 +1,90 @@
+package git
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"sync"
+	"time"
+)
+
+type MirroredGitRepoCollection struct {
+	ctx            context.Context
+	authProviders  *auth.GitAuthProviders
+	updateInterval time.Duration
+	repos          map[string]*entry
+	mutex          sync.Mutex
+}
+
+type entry struct {
+	mr          *MirroredGitRepo
+	updateMutex sync.Mutex
+}
+
+func NewMirroredGitRepoCollection(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *MirroredGitRepoCollection {
+	return &MirroredGitRepoCollection{
+		ctx:            ctx,
+		authProviders:  authProviders,
+		updateInterval: updateInterval,
+		repos:          map[string]*entry{},
+	}
+}
+
+func (g *MirroredGitRepoCollection) UnlockAll() {
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+
+	for _, e := range g.repos {
+		_ = e.mr.Unlock()
+	}
+}
+
+func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*MirroredGitRepo, error) {
+	e, err := func() (*entry, error) {
+		g.mutex.Lock()
+		defer g.mutex.Unlock()
+
+		e, ok := g.repos[url.NormalizedRepoKey()]
+		if !ok {
+			if !allowCreate {
+				return nil, fmt.Errorf("git repo %s not found", url.NormalizedRepoKey())
+			}
+			mr, err := NewMirroredGitRepo(g.ctx, url)
+			if err != nil {
+				return nil, err
+			}
+			e = &entry{
+				mr: mr,
+			}
+			g.repos[url.NormalizedRepoKey()] = e
+
+			if lockRepo {
+				err = e.mr.Lock()
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+		return e, nil
+	}()
+	if err != nil {
+		return nil, err
+	}
+
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	if update && !e.mr.HasUpdated() {
+		if time.Now().Sub(e.mr.LastUpdateTime()) <= g.updateInterval {
+			e.mr.SetUpdated(true)
+		} else {
+			err = e.mr.Update(g.authProviders)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return e.mr, nil
+}
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 1be037384..b64c6ebb7 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -12,20 +12,8 @@ import (
 	"sort"
 	"strings"
 	"sync"
-	"time"
 )
 
-func (c *LoadedKluctlProject) updateGitCache(mr *git.MirroredGitRepo) error {
-	if mr.HasUpdated() {
-		return nil
-	}
-	if time.Now().Sub(mr.LastUpdateTime()) <= c.loadArgs.GitUpdateInterval {
-		mr.SetUpdated(true)
-		return nil
-	}
-	return mr.Update(c.loadArgs.GitAuthProviders)
-}
-
 func (c *LoadedKluctlProject) updateGitCaches() error {
 	var waitGroup sync.WaitGroup
 	var firstError error
@@ -39,26 +27,12 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 		}
 	}
 
-	doUpdateRepo := func(repo *git.MirroredGitRepo) error {
-		return repo.WithLock(func() error {
-			return c.updateGitCache(repo)
-		})
-	}
 	doUpdateGitProject := func(u git_url.GitUrl) error {
-		mr, ok := c.mirroredRepos[u.NormalizedRepoKey()]
-		if ok {
-			return nil
-		}
-		mr, err := git.NewMirroredGitRepo(c.ctx, u)
-		if err != nil {
-			return err
-		}
-		c.mirroredRepos[u.NormalizedRepoKey()] = mr
-
 		waitGroup.Add(1)
 		go func() {
 			defer waitGroup.Done()
-			err := doUpdateRepo(mr)
+
+			_, err := c.grc.GetMirroredGitRepo(u, true, true, true)
 			if err != nil {
 				doError(fmt.Errorf("failed to update git project %v: %v", u.String(), err))
 			}
@@ -107,33 +81,18 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 	return firstError
 }
 
-func (c *LoadedKluctlProject) cloneGitProject(gitProject *types2.GitProject, targetDir string, doLock bool) (info git.GitRepoInfo, err error) {
+func (c *LoadedKluctlProject) cloneGitProject(gitProject *types2.GitProject, targetDir string) (info git.GitRepoInfo, err error) {
 	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
 	if err != nil {
 		return
 	}
 
-	mr, ok := c.mirroredRepos[gitProject.Url.NormalizedRepoKey()]
-	if !ok {
-		mr, err = git.NewMirroredGitRepo(c.ctx, gitProject.Url)
-		if err != nil {
-			return
-		}
-		c.mirroredRepos[gitProject.Url.NormalizedRepoKey()] = mr
-		err = mr.Lock()
-		if err != nil {
-			return
-		}
-		defer mr.Unlock()
+	mr, err := c.grc.GetMirroredGitRepo(gitProject.Url, true, true, true)
+	if err != nil {
+		return git.GitRepoInfo{}, err
 	}
 
-	err = mr.MaybeWithLock(doLock, func() error {
-		err := c.updateGitCache(mr)
-		if err != nil {
-			return err
-		}
-		return mr.CloneProject(gitProject.Ref, targetDir)
-	})
+	err = mr.CloneProject(gitProject.Ref, targetDir)
 	if err != nil {
 		return
 	}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 398a6c958..5938483bd 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -9,14 +9,17 @@ import (
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
+	grc := git.NewMirroredGitRepoCollection(ctx, args.GitAuthProviders, args.GitUpdateInterval)
+	defer grc.UnlockAll()
+
 	p := &LoadedKluctlProject{
 		ctx:      ctx,
 		loadArgs: args,
 		TmpDir:   tmpDir,
 		J2:       j2,
+		grc:      grc,
 
 		involvedRepos: map[string][]types.InvolvedRepo{},
-		mirroredRepos: map[string]*git.MirroredGitRepo{},
 	}
 
 	if args.FromArchive != "" {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 6592651d2..5196cc387 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -25,12 +25,12 @@ type LoadedKluctlProject struct {
 	sealedSecretsDir string
 
 	involvedRepos map[string][]types2.InvolvedRepo
-	mirroredRepos map[string]*git.MirroredGitRepo
 
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
 
-	J2 *jinja2.Jinja2
+	J2  *jinja2.Jinja2
+	grc *git.MirroredGitRepoCollection
 }
 
 func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index a5b9ca83e..c1d9e3be9 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -62,7 +62,7 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 	}
 }
 
-func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string, doLock bool, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
+func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
 	cloneDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
 	if err != nil {
 		return
@@ -85,7 +85,7 @@ func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defa
 		}
 
 		var ri git.GitRepoInfo
-		ri, err = c.cloneGitProject(gitProject, cloneDir, doLock)
+		ri, err = c.cloneGitProject(gitProject, cloneDir)
 		if err != nil {
 			return
 		}
@@ -136,7 +136,7 @@ func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, de
 
 	if ep.Project != nil {
 		// pointing to an actual external project, so let's try to clone it
-		return c.loadGitProject(ep.Project, defaultGitSubDir, true, true)
+		return c.loadGitProject(ep.Project, defaultGitSubDir, true)
 	}
 
 	// ExternalProject was provided but without an external repo url, so point into the kluctl project.
@@ -164,7 +164,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		gi, err := c.loadGitProject(&types2.GitProject{
 			Url: *c.loadArgs.ProjectUrl,
 			Ref: c.loadArgs.ProjectRef,
-		}, "", true, true)
+		}, "", true)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index c911cb5a8..bf43b50b9 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -134,9 +134,9 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Targ
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	mr, ok := c.mirroredRepos[baseTarget.TargetConfig.Project.Url.NormalizedRepoKey()]
-	if !ok {
-		return nil, fmt.Errorf("repo not found in mirroredRepos, this is unexpected and probably a bug")
+	mr, err := c.grc.GetMirroredGitRepo(baseTarget.TargetConfig.Project.Url, true, true, true)
+	if err != nil {
+		return nil, err
 	}
 
 	if baseTarget.TargetConfig.Ref != nil && baseTarget.TargetConfig.RefPattern != nil {
@@ -224,15 +224,6 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 	wp := utils.NewDebuggerAwareWorkerPool(8)
 	defer wp.StopWait(false)
 
-	// lock all involved repos first
-	for _, mr := range c.mirroredRepos {
-		err := mr.Lock()
-		if err != nil {
-			return err
-		}
-		defer mr.Unlock()
-	}
-
 	uniqueClones := make(map[string]interface{})
 	var mutex sync.Mutex
 
@@ -251,7 +242,7 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
 
-			gi, err := c.loadGitProject(&gitProject, "", false, false)
+			gi, err := c.loadGitProject(&gitProject, "", false)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {

From 2c2eb04d22306915586e9530aaa743e08f59d8ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 11:36:50 +0200
Subject: [PATCH 0170/2268] fix: Override CurrentContext in api.Config as it is
 not done by RawConfig()

---
 cmd/kluctl/commands/utils.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index c283ea0de..a7ad73631 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -200,6 +200,9 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 		if err != nil {
 			return nil, nil, err
 		}
+		if context != nil {
+			rawConfig.CurrentContext = *context
+		}
 		restConfig, err := clientConfig.ClientConfig()
 		if err != nil {
 			return nil, nil, err

From d5f79f7ff004e2ecce7064fb265902d57fb04ae6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 11:38:39 +0200
Subject: [PATCH 0171/2268] feat: Allow to set target cluster via
 target.context

---
 cmd/kluctl/commands/cmd_seal.go      | 2 +-
 pkg/kluctl_project/target_context.go | 8 +++++---
 pkg/kluctl_project/targets.go        | 2 +-
 pkg/types/kluctl_project.go          | 1 +
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 45446a91a..a25d36236 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -106,7 +106,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 
-		clusterConfig, _, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster)
+		clusterConfig, _, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster, ctx.targetCtx.Target.Context)
 		if err != nil {
 			return doFail(err)
 		}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 7e647c2d2..7900fc972 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -43,11 +43,13 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		}
 	}
 
+	var contextName *string
 	if clusterName == nil && target != nil {
 		clusterName = target.Cluster
+		contextName = target.Context
 	}
 
-	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName)
+	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName, contextName)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +130,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string) (*types.ClusterConfig, *rest.Config, error) {
+func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName *string) (*types.ClusterConfig, *rest.Config, error) {
 	var err error
 	var clusterConfig *types.ClusterConfig
 
@@ -147,7 +149,7 @@ func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string) (*types.Clu
 		}
 	} else {
 		var rawConfig *api.Config
-		clientConfig, rawConfig, err = p.loadArgs.ClientConfigGetter(nil)
+		clientConfig, rawConfig, err = p.loadArgs.ClientConfigGetter(contextName)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index bf43b50b9..0eca76935 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -89,7 +89,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 			return nil, err
 		}
 
-		cc, _, err := c.LoadClusterConfig(target.Cluster)
+		cc, _, err := c.LoadClusterConfig(target.Cluster, target.Context)
 		if err == nil {
 			err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
 			if err != nil {
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index ad2982be6..dc1276557 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -30,6 +30,7 @@ type SealingConfig struct {
 type Target struct {
 	Name          string                 `yaml:"name" validate:"required"`
 	Cluster       *string                `yaml:"cluster,omitempty"`
+	Context       *string                `yaml:"context,omitempty"`
 	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
 	DynamicArgs   []DynamicArg           `yaml:"dynamicArgs,omitempty"`
 	TargetConfig  *ExternalTargetConfig  `yaml:"targetConfig,omitempty"`

From 0acb6fddfdaeabdc913d5bafce0882a89be82bdf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 11:39:17 +0200
Subject: [PATCH 0172/2268] fix: Merge target vars into varsCtx before checking
 required args

---
 pkg/kluctl_project/target_context.go | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 7900fc972..156b3ed12 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -70,6 +70,11 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	if err != nil {
 		return nil, err
 	}
+	targetVars, err := uo.FromStruct(target)
+	if err != nil {
+		return nil, err
+	}
+	varsCtx.UpdateChild("target", targetVars)
 
 	allArgs := uo.New()
 
@@ -100,12 +105,6 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 
 	varsCtx.UpdateChild("args", allArgs)
 
-	targetVars, err := uo.FromStruct(target)
-	if err != nil {
-		return nil, err
-	}
-	varsCtx.UpdateChild("target", targetVars)
-
 	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
 	if err != nil {
 		return nil, err

From 911faab7bf0a91da6e6b9d65edfc9a5cb8f42ad6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 11:42:06 +0200
Subject: [PATCH 0173/2268] feat: Allow to load vars from git

---
 pkg/git/mirrored_repo.go             | 46 ++++++++++++++++++++++++++++
 pkg/jinja2/vars.go                   | 34 +++++++++++++++++++-
 pkg/kluctl_project/target_context.go |  2 +-
 pkg/kluctl_project/targets.go        |  2 +-
 pkg/types/deployment.go              | 11 +++++++
 5 files changed, 92 insertions(+), 3 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 874942200..a18128a5b 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -342,6 +343,51 @@ func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
 	return nil
 }
 
+func (g *MirroredGitRepo) ReadFile(ref string, path string) ([]byte, error) {
+	if !g.fileLock.Locked() || !g.hasUpdated {
+		panic("tried to read a file from a project that is not locked/updated")
+	}
+
+	doError := func(err error) ([]byte, error) {
+		return nil, fmt.Errorf("failed to read file from git repostory: %w", err)
+	}
+
+	r, err := git.PlainOpen(g.mirrorDir)
+	if err != nil {
+		return nil, err
+	}
+
+	if ref == "" {
+		ref = "HEAD"
+	}
+
+	h, err := r.ResolveRevision(plumbing.Revision(ref))
+	if err != nil {
+		return doError(err)
+	}
+
+	commit, err := object.GetCommit(r.Storer, *h)
+	if err != nil {
+		return doError(err)
+	}
+	tree, err := commit.Tree()
+	if err != nil {
+		return doError(err)
+	}
+
+	f, err := tree.File(path)
+	if err != nil {
+		return doError(err)
+	}
+	reader, err := f.Reader()
+	if err != nil {
+		return doError(err)
+	}
+	defer reader.Close()
+
+	return ioutil.ReadAll(reader)
+}
+
 func buildMirrorRepoName(u git_url.GitUrl) string {
 	r := filepath.Base(u.Path)
 	r = strings.ReplaceAll(r, "/", "-")
diff --git a/pkg/jinja2/vars.go b/pkg/jinja2/vars.go
index 75dc2af49..c1d97103b 100644
--- a/pkg/jinja2/vars.go
+++ b/pkg/jinja2/vars.go
@@ -2,21 +2,27 @@ package jinja2
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io/ioutil"
+	"os"
 )
 
 type VarsCtx struct {
 	J2   *Jinja2
+	grc  *git.MirroredGitRepoCollection
 	Vars *uo.UnstructuredObject
 }
 
-func NewVarsCtx(j2 *Jinja2) *VarsCtx {
+func NewVarsCtx(j2 *Jinja2, grc *git.MirroredGitRepoCollection) *VarsCtx {
 	vc := &VarsCtx{
 		J2:   j2,
+		grc:  grc,
 		Vars: uo.New(),
 	}
 	return vc
@@ -25,6 +31,7 @@ func NewVarsCtx(j2 *Jinja2) *VarsCtx {
 func (vc *VarsCtx) Copy() *VarsCtx {
 	cp := &VarsCtx{
 		J2:   vc.J2,
+		grc:  vc.grc,
 		Vars: vc.Vars.Clone(),
 	}
 	return cp
@@ -56,6 +63,11 @@ func (vc *VarsCtx) LoadVarsList(k *k8s.K8sCluster, searchDirs []string, varsList
 			if err != nil {
 				return err
 			}
+		} else if v.Git != nil {
+			err := vc.loadVarsGitFile(v.Git)
+			if err != nil {
+				return err
+			}
 		} else if v.ClusterConfigMap != nil {
 			ref := k8s2.NewObjectRef("", "v1", "ConfigMap", v.ClusterConfigMap.Name, v.ClusterConfigMap.Namespace)
 			err := vc.loadVarsFromK8sObject(k, ref, v.ClusterConfigMap.Key)
@@ -86,6 +98,26 @@ func (vc *VarsCtx) loadVarsFile(p string, searchDirs []string) error {
 	return nil
 }
 
+func (vc *VarsCtx) loadVarsGitFile(gitFile *types.VarsListItemGit) error {
+	mr, err := vc.grc.GetMirroredGitRepo(gitFile.Url, true, true, true)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
+	}
+
+	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "git-vars")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	file, err := mr.ReadFile(gitFile.Ref, gitFile.Path)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from git repository %s and path %s: %w", gitFile.Url.String(), gitFile.Path, err)
+	}
+
+	return vc.loadVarsFromString(string(file))
+}
+
 func (vc *VarsCtx) loadVarsFromK8sObject(k *k8s.K8sCluster, ref k8s2.ObjectRef, key string) error {
 	if k == nil {
 		return nil
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 156b3ed12..ba4fcf7f2 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -65,7 +65,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
-	varsCtx := jinja2.NewVarsCtx(p.J2)
+	varsCtx := jinja2.NewVarsCtx(p.J2, p.grc)
 	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
 	if err != nil {
 		return nil, err
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 0eca76935..4224a0c09 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -83,7 +83,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 	var errors []error
 	curTarget := target
 	for i := 0; i < 10; i++ {
-		varsCtx := jinja2.NewVarsCtx(c.J2)
+		varsCtx := jinja2.NewVarsCtx(c.J2, c.grc)
 		err := varsCtx.UpdateChildFromStruct("target", curTarget)
 		if err != nil {
 			return nil, err
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index e2069d00f..8a84675b3 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
@@ -49,6 +50,12 @@ type DeploymentArg struct {
 	Default interface{} `yaml:"default,omitempty"`
 }
 
+type VarsListItemGit struct {
+	Url  git_url.GitUrl `yaml:"url" validate:"required"`
+	Ref  string         `yaml:"ref,omitempty"`
+	Path string         `yaml:"path" validate:"required"`
+}
+
 type VarsListItemClusterConfigMapOrSecret struct {
 	Name      string `yaml:"name" validate:"required"`
 	Namespace string `yaml:"namespace,omitempty"`
@@ -58,6 +65,7 @@ type VarsListItemClusterConfigMapOrSecret struct {
 type VarsListItem struct {
 	Values           *uo.UnstructuredObject                `yaml:"values,omitempty"`
 	File             *string                               `yaml:"file,omitempty"`
+	Git              *VarsListItemGit                      `yaml:"git,omitempty"`
 	ClusterConfigMap *VarsListItemClusterConfigMapOrSecret `yaml:"clusterConfigMap,omitempty"`
 	ClusterSecret    *VarsListItemClusterConfigMapOrSecret `yaml:"clusterSecret,omitempty"`
 }
@@ -71,6 +79,9 @@ func ValidateVarsListItem(sl validator.StructLevel) {
 	if s.File != nil {
 		count += 1
 	}
+	if s.Git != nil {
+		count += 1
+	}
 	if s.ClusterConfigMap != nil {
 		count += 1
 	}

From 45af6d4d9a0c9ca5f95df55a80fc6e13b79b13ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 11:44:36 +0200
Subject: [PATCH 0174/2268] refactor: Move VarsCtx into own package

---
 pkg/deployment/deployment_project.go | 6 +++---
 pkg/deployment/external_args.go      | 4 ++--
 pkg/kluctl_project/target_context.go | 4 ++--
 pkg/kluctl_project/targets.go        | 4 ++--
 pkg/{jinja2 => vars}/vars.go         | 7 ++++---
 5 files changed, 13 insertions(+), 12 deletions(-)
 rename pkg/{jinja2 => vars}/vars.go (96%)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 3446c5ca4..5004917fb 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,12 +3,12 @@ package deployment
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 	"reflect"
@@ -20,7 +20,7 @@ var warnOnce utils.OnceByKey
 type DeploymentProject struct {
 	ctx context.Context
 
-	VarsCtx *jinja2.VarsCtx
+	VarsCtx *vars.VarsCtx
 	dir     string
 
 	SealedSecretsDir                  string
@@ -34,7 +34,7 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *jinja2.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *vars.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
 		ctx:              ctx,
 		VarsCtx:          varsCtx.Copy(),
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index b6db19f41..e3c6600ed 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -2,9 +2,9 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 	"regexp"
@@ -40,7 +40,7 @@ func ConvertArgsToVars(args map[string]string) *uo.UnstructuredObject {
 	return vars
 }
 
-func CheckRequiredDeployArgs(dir string, varsCtx *jinja2.VarsCtx, deployArgs *uo.UnstructuredObject) error {
+func CheckRequiredDeployArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) error {
 	// First try to load the config without templating to avoid getting errors while rendering because required
 	// args were not set. Otherwise we won't be able to iterator through the 'args' array in the deployment.yml
 	// when the rendering error is actually args related.
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index ba4fcf7f2..29dbc2278 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
@@ -65,7 +65,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
-	varsCtx := jinja2.NewVarsCtx(p.J2, p.grc)
+	varsCtx := vars.NewVarsCtx(p.J2, p.grc)
 	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
 	if err != nil {
 		return nil, err
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 4224a0c09..d5bbdb66b 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -4,11 +4,11 @@ import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"reflect"
 	"regexp"
@@ -83,7 +83,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 	var errors []error
 	curTarget := target
 	for i := 0; i < 10; i++ {
-		varsCtx := jinja2.NewVarsCtx(c.J2, c.grc)
+		varsCtx := vars.NewVarsCtx(c.J2, c.grc)
 		err := varsCtx.UpdateChildFromStruct("target", curTarget)
 		if err != nil {
 			return nil, err
diff --git a/pkg/jinja2/vars.go b/pkg/vars/vars.go
similarity index 96%
rename from pkg/jinja2/vars.go
rename to pkg/vars/vars.go
index c1d97103b..67f818de5 100644
--- a/pkg/jinja2/vars.go
+++ b/pkg/vars/vars.go
@@ -1,8 +1,9 @@
-package jinja2
+package vars
 
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -14,12 +15,12 @@ import (
 )
 
 type VarsCtx struct {
-	J2   *Jinja2
+	J2   *jinja2.Jinja2
 	grc  *git.MirroredGitRepoCollection
 	Vars *uo.UnstructuredObject
 }
 
-func NewVarsCtx(j2 *Jinja2, grc *git.MirroredGitRepoCollection) *VarsCtx {
+func NewVarsCtx(j2 *jinja2.Jinja2, grc *git.MirroredGitRepoCollection) *VarsCtx {
 	vc := &VarsCtx{
 		J2:   j2,
 		grc:  grc,

From af1b74f921c145841f71f9f0d6b2497b4b76c17f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 12:21:42 +0200
Subject: [PATCH 0175/2268] feat: Remove deprecated fields from deployment
 config

---
 pkg/deployment/deployment_project.go | 37 +---------------------------
 pkg/types/deployment.go              |  5 ----
 2 files changed, 1 insertion(+), 41 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 5004917fb..5b6638843 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -4,19 +4,15 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
-	"reflect"
 	"strings"
 )
 
-var warnOnce utils.OnceByKey
-
 type DeploymentProject struct {
 	ctx context.Context
 
@@ -86,30 +82,6 @@ func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
 		return fmt.Errorf("failed to load deployment.yml vars: %w", err)
 	}
 
-	// TODO remove obsolete code
-	if len(p.Config.Deployments) != 0 && (len(p.Config.KustomizeDirs) != 0 || len(p.Config.Includes) != 0) {
-		return fmt.Errorf("using 'deployments' and 'kustomizeDirs' at the same time is not allowed")
-	}
-	if len(p.Config.KustomizeDirs) != 0 {
-		warnOnce.Do("kustomizeDirs", func() {
-			status.Warning(p.ctx, "'kustomizeDirs' is deprecated, use 'deployments' instead")
-		})
-		p.Config.Deployments = p.Config.KustomizeDirs
-		p.Config.KustomizeDirs = nil
-	}
-	if len(p.Config.Includes) != 0 {
-		warnOnce.Do("includes", func() {
-			status.Warning(p.ctx, "'includes' is deprecated, use 'deployments' instead")
-		})
-		for _, inc := range p.Config.Includes {
-			c := *inc
-			c.Include = c.Path
-			c.Path = nil
-			p.Config.Deployments = append(p.Config.Deployments, &c)
-		}
-		p.Config.Includes = nil
-	}
-
 	// If there are no explicit tags set, interpret the path as a tag, which allows to
 	// enable/disable single deployments via included/excluded tags
 	for _, item := range p.Config.Deployments {
@@ -131,14 +103,7 @@ func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
 	if len(p.GetCommonLabels()) == 0 {
 		return fmt.Errorf("no commonLabels in root deployment. This is not allowed")
 	}
-	if len(p.Config.DeleteByLabels) != 0 {
-		warnOnce.Do("deleteByLabels", func() {
-			status.Warning(p.ctx, "'deleteByLabels' is deprecated and ignored from now on")
-		})
-		if !reflect.DeepEqual(p.Config.CommonLabels, p.Config.DeleteByLabels) {
-			return fmt.Errorf("commonLabels and deleteByLabels do not match")
-		}
-	}
+
 	if len(p.Config.Args) != 0 && p.parentProject != nil {
 		return fmt.Errorf("only the root deployment.yml can define args")
 	}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 8a84675b3..754f54080 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -132,12 +132,7 @@ type DeploymentProjectConfig struct {
 
 	Deployments []*DeploymentItemConfig `yaml:"deployments,omitempty"`
 
-	// Obsolete
-	KustomizeDirs []*DeploymentItemConfig `yaml:"kustomizeDirs,omitempty"`
-	Includes      []*DeploymentItemConfig `yaml:"includes,omitempty"`
-
 	CommonLabels      map[string]string `yaml:"commonLabels,omitempty"`
-	DeleteByLabels    map[string]string `yaml:"deleteByLabels,omitempty"`
 	OverrideNamespace *string           `yaml:"overrideNamespace,omitempty"`
 	Tags              []string          `yaml:"tags,omitempty"`
 

From b939b8ab019eaa8d66120d4be65a2e1ddc0cffd6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 12:22:13 +0200
Subject: [PATCH 0176/2268] feat: Deprecate cluster configuration and warn
 about removal in the future

---
 pkg/kluctl_project/project_load.go   | 3 ++-
 pkg/kluctl_project/target_context.go | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index c1d9e3be9..b3811864e 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -206,8 +206,10 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	}
 	var clustersInfos []gitProjectInfo
 	if c.loadArgs.LocalClusters != "" {
+		status.Warning(c.ctx, "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
 		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
 	} else if len(c.Config.Clusters.Projects) != 0 {
+		status.Warning(c.ctx, "'clusters' is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
 		for _, ep := range c.Config.Clusters.Projects {
 			info, err := c.loadExternalProject(&ep, "clusters", "")
 			if err != nil {
@@ -246,7 +248,6 @@ func (c *LoadedKluctlProject) mergeClustersDirs(mergedClustersDir string, cluste
 
 	for _, ci := range clustersInfos {
 		if !utils.IsDirectory(ci.dir) {
-			status.Warning(c.ctx, "Cluster dir '%s' does not exist", ci.dir)
 			continue
 		}
 		files, err := ioutil.ReadDir(ci.dir)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 29dbc2278..dbcf672f6 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -134,6 +134,8 @@ func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName
 	var clusterConfig *types.ClusterConfig
 
 	if clusterName != nil {
+		status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
+
 		clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, *clusterName)
 		if err != nil {
 			return nil, nil, err

From 021ee097f76f4f7ef9c8d3117b1eccad5ff6ec68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 12:41:41 +0200
Subject: [PATCH 0177/2268] refactor: Rename SecretsSource to VarsSource

---
 cmd/kluctl/commands/cmd_seal.go                 |  2 +-
 pkg/seal/secrets_loader.go                      |  8 ++++----
 pkg/seal/secrets_loader_http.go                 |  4 ++--
 pkg/types/kluctl_project.go                     |  6 +++---
 pkg/types/{secrets_source.go => vars_source.go} | 16 ++++++++--------
 5 files changed, 18 insertions(+), 18 deletions(-)
 rename pkg/types/{secrets_source.go => vars_source.go} (72%)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index a25d36236..85d8518f3 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -46,7 +46,7 @@ func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.Secr
 			return err
 		}
 		for _, source := range secretEntry.Sources {
-			var renderedSource types.SecretSource
+			var renderedSource types.VarsSource
 			err = ctx.targetCtx.KluctlProject.J2.RenderStruct(&renderedSource, &source, ctx.targetCtx.DeploymentProject.VarsCtx.Vars)
 			if err != nil {
 				return err
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index ff0a13431..e49537647 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -32,7 +32,7 @@ func NewSecretsLoader(p *kluctl_project.LoadedKluctlProject, secretsDir string)
 	}
 }
 
-func (s *SecretsLoader) LoadSecrets(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+func (s *SecretsLoader) LoadSecrets(source *types.VarsSource) (*uo.UnstructuredObject, error) {
 	if source.Path != nil {
 		return s.loadSecretsFile(source)
 	} else if source.SystemEnvVars != nil {
@@ -46,7 +46,7 @@ func (s *SecretsLoader) LoadSecrets(source *types.SecretSource) (*uo.Unstructure
 	}
 }
 
-func (s *SecretsLoader) loadSecretsFile(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+func (s *SecretsLoader) loadSecretsFile(source *types.VarsSource) (*uo.UnstructuredObject, error) {
 	var p string
 	var err error
 	if utils.Exists(filepath.Join(s.project.DeploymentDir, *source.Path)) {
@@ -82,7 +82,7 @@ func (s *SecretsLoader) loadSecretsFile(source *types.SecretSource) (*uo.Unstruc
 	return secrets, nil
 }
 
-func (s *SecretsLoader) loadSecretsSystemEnvs(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+func (s *SecretsLoader) loadSecretsSystemEnvs(source *types.VarsSource) (*uo.UnstructuredObject, error) {
 	secrets := uo.New()
 	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 		envName, ok := it.Value().(string)
@@ -105,7 +105,7 @@ func (s *SecretsLoader) loadSecretsSystemEnvs(source *types.SecretSource) (*uo.U
 	return secrets, nil
 }
 
-func (s *SecretsLoader) loadSecretsAwsSecretsManager(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+func (s *SecretsLoader) loadSecretsAwsSecretsManager(source *types.VarsSource) (*uo.UnstructuredObject, error) {
 	secret, err := aws.GetAwsSecretsManagerSecret(source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
 	if err != nil {
 		return nil, err
diff --git a/pkg/seal/secrets_loader_http.go b/pkg/seal/secrets_loader_http.go
index 01582a9d1..a4fb00e23 100644
--- a/pkg/seal/secrets_loader_http.go
+++ b/pkg/seal/secrets_loader_http.go
@@ -15,7 +15,7 @@ import (
 	"strings"
 )
 
-func (s *SecretsLoader) doHttp(httpSource *types.SecretSourceHttp, username string, password string) (*http.Response, string, error) {
+func (s *SecretsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
 	client := &http.Client{
 		Transport: ntlmssp.Negotiator{
 			RoundTripper: &http.Transport{
@@ -65,7 +65,7 @@ func (s *SecretsLoader) doHttp(httpSource *types.SecretSourceHttp, username stri
 	return resp, string(respBody), nil
 }
 
-func (s *SecretsLoader) loadSecretsHttp(source *types.SecretSource) (*uo.UnstructuredObject, error) {
+func (s *SecretsLoader) loadSecretsHttp(source *types.VarsSource) (*uo.UnstructuredObject, error) {
 	resp, respBody, err := s.doHttp(source.Http, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index dc1276557..b51b500c2 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -44,8 +44,8 @@ type DynamicTarget struct {
 }
 
 type SecretSet struct {
-	Name    string         `yaml:"name" validate:"required"`
-	Sources []SecretSource `yaml:"sources" validate:"required,gt=0"`
+	Name    string       `yaml:"name" validate:"required"`
+	Sources []VarsSource `yaml:"sources" validate:"required,gt=0"`
 }
 
 type GlobalSealedSecretsConfig struct {
@@ -68,5 +68,5 @@ type KluctlProject struct {
 }
 
 func init() {
-	yaml.Validator.RegisterStructValidation(ValidateSecretSource, SecretSource{})
+	yaml.Validator.RegisterStructValidation(ValidateSecretSource, VarsSource{})
 }
diff --git a/pkg/types/secrets_source.go b/pkg/types/vars_source.go
similarity index 72%
rename from pkg/types/secrets_source.go
rename to pkg/types/vars_source.go
index 2575ecbde..dec89ddd3 100644
--- a/pkg/types/secrets_source.go
+++ b/pkg/types/vars_source.go
@@ -5,7 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
-type SecretSourceHttp struct {
+type VarsSourceHttp struct {
 	Url      YamlUrl           `yaml:"url,omitempty" validate:"required"`
 	Method   *string           `yaml:"method,omitempty"`
 	Body     *string           `yaml:"body,omitempty"`
@@ -13,7 +13,7 @@ type SecretSourceHttp struct {
 	JsonPath *string           `yaml:"jsonPath,omitempty"`
 }
 
-type SecretSourceAwsSecretsManager struct {
+type VarsSourceAwsSecretsManager struct {
 	// Name or ARN of the secret. In case a name is given, the region must be specified as well
 	SecretName string `yaml:"secretName" validate:"required"`
 	// The aws region
@@ -22,15 +22,15 @@ type SecretSourceAwsSecretsManager struct {
 	Profile *string `yaml:"profile,omitempty"`
 }
 
-type SecretSource struct {
-	Path              *string                        `yaml:"path,omitempty"`
-	SystemEnvVars     *uo.UnstructuredObject         `yaml:"systemEnvVars,omitempty"`
-	Http              *SecretSourceHttp              `yaml:"http,omitempty"`
-	AwsSecretsManager *SecretSourceAwsSecretsManager `yaml:"awsSecretsManager,omitempty"`
+type VarsSource struct {
+	Path              *string                      `yaml:"path,omitempty"`
+	SystemEnvVars     *uo.UnstructuredObject       `yaml:"systemEnvVars,omitempty"`
+	Http              *VarsSourceHttp              `yaml:"http,omitempty"`
+	AwsSecretsManager *VarsSourceAwsSecretsManager `yaml:"awsSecretsManager,omitempty"`
 }
 
 func ValidateSecretSource(sl validator.StructLevel) {
-	s := sl.Current().Interface().(SecretSource)
+	s := sl.Current().Interface().(VarsSource)
 	count := 0
 	if s.Path != nil {
 		count += 1

From 9334eb4046b5d393e8011b95a30c3d7d79e048c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 14:36:40 +0200
Subject: [PATCH 0178/2268] refactor: Move varsCtx building into buildVars

---
 cmd/kluctl/commands/cmd_downscale.go   |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  2 +-
 pkg/kluctl_project/target_context.go   | 85 +++++++++++++++-----------
 3 files changed, 51 insertions(+), 38 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index 78523c4b9..d3a0ffc10 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -37,7 +37,7 @@ func (cmd *downscaleCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterConfig.Cluster.Context)) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 88c2ab7ff..c7121e515 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -37,7 +37,7 @@ func (cmd *pokeImagesCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterConfig.Cluster.Context)) {
+			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index dbcf672f6..038452a3d 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -18,7 +18,7 @@ import (
 type TargetContext struct {
 	KluctlProject        *LoadedKluctlProject
 	Target               *types.Target
-	ClusterConfig        *types.ClusterConfig
+	ClusterContext       string
 	K                    *k8s.K8sCluster
 	DeploymentProject    *deployment.DeploymentProject
 	DeploymentCollection *deployment.DeploymentCollection
@@ -43,20 +43,14 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		}
 	}
 
-	var contextName *string
-	if clusterName == nil && target != nil {
-		clusterName = target.Cluster
-		contextName = target.Context
-	}
-
-	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName, contextName)
+	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, args, forSeal)
 	if err != nil {
 		return nil, err
 	}
 
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
-		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client for context %s", clusterConfig.Cluster.Context))
+		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
 		k, err = k8s.NewK8sCluster(ctx, clientConfig, dryRun)
 		if err != nil {
 			s.Failed()
@@ -65,14 +59,54 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
+	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	d.DefaultSealedSecretsOutputPattern = targetName
+
+	c, err := deployment.NewDeploymentCollection(ctx, d, images, inclusion, renderOutputDir, forSeal)
+	if err != nil {
+		return nil, err
+	}
+
+	targetCtx := &TargetContext{
+		KluctlProject:        p,
+		Target:               target,
+		ClusterContext:       clusterContext,
+		K:                    k,
+		DeploymentProject:    d,
+		DeploymentCollection: c,
+	}
+
+	return targetCtx, nil
+}
+
+func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, args map[string]string, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
+	doError := func(err error) (*vars.VarsCtx, *rest.Config, string, error) {
+		return nil, nil, "", err
+	}
+
+	var contextName *string
+	if clusterName == nil && target != nil {
+		clusterName = target.Cluster
+		contextName = target.Context
+	}
+
+	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName, contextName)
+	if err != nil {
+		return doError(err)
+	}
+
 	varsCtx := vars.NewVarsCtx(p.J2, p.grc)
 	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
 	if err != nil {
-		return nil, err
+		return doError(err)
 	}
 	targetVars, err := uo.FromStruct(target)
 	if err != nil {
-		return nil, err
+		return doError(err)
 	}
 	varsCtx.UpdateChild("target", targetVars)
 
@@ -82,7 +116,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		for argName, argValue := range args {
 			err = p.CheckDynamicArg(target, argName, argValue)
 			if err != nil {
-				return nil, err
+				return doError(err)
 			}
 		}
 	}
@@ -98,35 +132,14 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		}
 	}
 
-	err = deployment.CheckRequiredDeployArgs(deploymentDir, varsCtx, allArgs)
+	err = deployment.CheckRequiredDeployArgs(p.DeploymentDir, varsCtx, allArgs)
 	if err != nil {
-		return nil, err
+		return doError(err)
 	}
 
 	varsCtx.UpdateChild("args", allArgs)
 
-	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	d.DefaultSealedSecretsOutputPattern = targetName
-
-	c, err := deployment.NewDeploymentCollection(ctx, d, images, inclusion, renderOutputDir, forSeal)
-	if err != nil {
-		return nil, err
-	}
-
-	targetCtx := &TargetContext{
-		KluctlProject:        p,
-		Target:               target,
-		ClusterConfig:        clusterConfig,
-		K:                    k,
-		DeploymentProject:    d,
-		DeploymentCollection: c,
-	}
-
-	return targetCtx, nil
+	return varsCtx, clientConfig, clusterConfig.Cluster.Context, nil
 }
 
 func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName *string) (*types.ClusterConfig, *rest.Config, error) {

From 07785dd3d89f28df12838eae720ad049b8917e58 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 14:43:46 +0200
Subject: [PATCH 0179/2268] feat: Remove --secrets-dir in seal command

---
 cmd/kluctl/commands/cmd_seal.go |  5 ++---
 pkg/seal/secrets_loader.go      | 11 ++---------
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 85d8518f3..b2ae41aee 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -16,8 +16,7 @@ type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
 
-	SecretsDir  string `group:"misc" help:"Specifies where to find unencrypted secret files. The given directory is NOT meant to be part of your source repository! The given path only matters for secrets of type 'path'. Defaults to the current working directory."`
-	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
+	ForceReseal bool `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
 }
 
 func (cmd *sealCmd) Help() string {
@@ -137,7 +136,7 @@ func (cmd *sealCmd) Run() error {
 	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
-		secretsLoader := seal.NewSecretsLoader(p, cmd.SecretsDir)
+		secretsLoader := seal.NewSecretsLoader(p)
 
 		baseTargets := make(map[string]bool)
 		noTargetMatch := true
diff --git a/pkg/seal/secrets_loader.go b/pkg/seal/secrets_loader.go
index e49537647..f1bb1b1cc 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/seal/secrets_loader.go
@@ -18,16 +18,14 @@ type usernamePassword struct {
 }
 
 type SecretsLoader struct {
-	project    *kluctl_project.LoadedKluctlProject
-	secretsDir string
+	project *kluctl_project.LoadedKluctlProject
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewSecretsLoader(p *kluctl_project.LoadedKluctlProject, secretsDir string) *SecretsLoader {
+func NewSecretsLoader(p *kluctl_project.LoadedKluctlProject) *SecretsLoader {
 	return &SecretsLoader{
 		project:          p,
-		secretsDir:       secretsDir,
 		credentialsCache: map[string]usernamePassword{},
 	}
 }
@@ -54,11 +52,6 @@ func (s *SecretsLoader) loadSecretsFile(source *types.VarsSource) (*uo.Unstructu
 		if err != nil {
 			return nil, err
 		}
-	} else if utils.Exists(filepath.Join(s.secretsDir, *source.Path)) {
-		p, err = securejoin.SecureJoin(s.secretsDir, *source.Path)
-		if err != nil {
-			return nil, err
-		}
 	} else {
 		return nil, fmt.Errorf("secrets file %s does not exist", *source.Path)
 	}

From 409b86e9c417cd8f9250b8dbca4cd7287d4a9e27 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 14:55:49 +0200
Subject: [PATCH 0180/2268] refactor: Move loading of secrets into kluctl
 project loading code

---
 cmd/kluctl/commands/cmd_seal.go               | 47 ++-----------------
 .../secrets_loader.go                         |  7 ++-
 .../secrets_loader_http.go                    |  2 +-
 pkg/kluctl_project/target_context.go          | 40 ++++++++++++++++
 4 files changed, 47 insertions(+), 49 deletions(-)
 rename pkg/{seal => kluctl_project}/secrets_loader.go (94%)
 rename pkg/{seal => kluctl_project}/secrets_loader_http.go (99%)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index b2ae41aee..6749b559d 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -8,8 +8,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type sealCmd struct {
@@ -28,40 +26,7 @@ kubeseal on each '.sealme' file and stores secrets in the directory specified by
 If no '--target' is specified, sealing is performed for all targets.`
 }
 
-func findSecretsEntry(ctx *commandCtx, name string) (*types.SecretSet, error) {
-	for _, e := range ctx.targetCtx.KluctlProject.Config.SecretsConfig.SecretSets {
-		if e.Name == name {
-			return &e, nil
-		}
-	}
-	return nil, fmt.Errorf("secret Set with name %s was not found", name)
-}
-
-func loadSecrets(ctx *commandCtx, target *types.Target, secretsLoader *seal.SecretsLoader) error {
-	secrets := uo.New()
-	for _, secretSetName := range target.SealingConfig.SecretSets {
-		secretEntry, err := findSecretsEntry(ctx, secretSetName)
-		if err != nil {
-			return err
-		}
-		for _, source := range secretEntry.Sources {
-			var renderedSource types.VarsSource
-			err = ctx.targetCtx.KluctlProject.J2.RenderStruct(&renderedSource, &source, ctx.targetCtx.DeploymentProject.VarsCtx.Vars)
-			if err != nil {
-				return err
-			}
-			s, err := secretsLoader.LoadSecrets(&renderedSource)
-			if err != nil {
-				return err
-			}
-			secrets.Merge(s)
-		}
-	}
-	ctx.targetCtx.DeploymentProject.MergeSecretsIntoAllChildren(secrets)
-	return nil
-}
-
-func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string, secretsLoader *seal.SecretsLoader) error {
+func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string) error {
 	s := status.Start(ctx, "%s: Sealing for target", targetName)
 	defer s.FailedWithMessage("%s: Sealing failed", targetName)
 
@@ -79,11 +44,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 
 	// pass forSeal=True so that .sealme files are rendered as well
 	return withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
-		err := loadSecrets(ctx, ctx.targetCtx.Target, secretsLoader)
-		if err != nil {
-			return doFail(err)
-		}
-		err = ctx.targetCtx.DeploymentCollection.RenderDeployments(ctx.targetCtx.K)
+		err := ctx.targetCtx.DeploymentCollection.RenderDeployments(ctx.targetCtx.K)
 		if err != nil {
 			return doFail(err)
 		}
@@ -136,8 +97,6 @@ func (cmd *sealCmd) Run() error {
 	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
-		secretsLoader := seal.NewSecretsLoader(p)
-
 		baseTargets := make(map[string]bool)
 		noTargetMatch := true
 		for _, target := range p.DynamicTargets {
@@ -169,7 +128,7 @@ func (cmd *sealCmd) Run() error {
 				sealTarget = baseTarget
 			}
 
-			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name, secretsLoader)
+			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name)
 			if err != nil {
 				hadError = true
 				status.Error(ctx, err.Error())
diff --git a/pkg/seal/secrets_loader.go b/pkg/kluctl_project/secrets_loader.go
similarity index 94%
rename from pkg/seal/secrets_loader.go
rename to pkg/kluctl_project/secrets_loader.go
index f1bb1b1cc..091f13476 100644
--- a/pkg/seal/secrets_loader.go
+++ b/pkg/kluctl_project/secrets_loader.go
@@ -1,9 +1,8 @@
-package seal
+package kluctl_project
 
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
@@ -18,12 +17,12 @@ type usernamePassword struct {
 }
 
 type SecretsLoader struct {
-	project *kluctl_project.LoadedKluctlProject
+	project *LoadedKluctlProject
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewSecretsLoader(p *kluctl_project.LoadedKluctlProject) *SecretsLoader {
+func NewSecretsLoader(p *LoadedKluctlProject) *SecretsLoader {
 	return &SecretsLoader{
 		project:          p,
 		credentialsCache: map[string]usernamePassword{},
diff --git a/pkg/seal/secrets_loader_http.go b/pkg/kluctl_project/secrets_loader_http.go
similarity index 99%
rename from pkg/seal/secrets_loader_http.go
rename to pkg/kluctl_project/secrets_loader_http.go
index a4fb00e23..07b225c88 100644
--- a/pkg/seal/secrets_loader_http.go
+++ b/pkg/kluctl_project/secrets_loader_http.go
@@ -1,4 +1,4 @@
-package seal
+package kluctl_project
 
 import (
 	"crypto/tls"
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 038452a3d..611acdb88 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -59,6 +59,13 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
+	if forSeal {
+		err = p.loadSecrets(target, varsCtx)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
 	if err != nil {
 		return nil, err
@@ -142,6 +149,39 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 	return varsCtx, clientConfig, clusterConfig.Cluster.Context, nil
 }
 
+func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, error) {
+	for _, e := range p.Config.SecretsConfig.SecretSets {
+		if e.Name == name {
+			return &e, nil
+		}
+	}
+	return nil, fmt.Errorf("secret Set with name %s was not found", name)
+}
+
+func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx) error {
+	secretsLoader := NewSecretsLoader(p)
+
+	for _, secretSetName := range target.SealingConfig.SecretSets {
+		secretEntry, err := p.findSecretsEntry(secretSetName)
+		if err != nil {
+			return err
+		}
+		for _, source := range secretEntry.Sources {
+			var renderedSource types.VarsSource
+			err = p.J2.RenderStruct(&renderedSource, &source, varsCtx.Vars)
+			if err != nil {
+				return err
+			}
+			s, err := secretsLoader.LoadSecrets(&renderedSource)
+			if err != nil {
+				return err
+			}
+			varsCtx.Vars.MergeChild("secrets", s)
+		}
+	}
+	return nil
+}
+
 func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName *string) (*types.ClusterConfig, *rest.Config, error) {
 	var err error
 	var clusterConfig *types.ClusterConfig

From 08c4b8d66a449747dcfd0225a8f2424ef63ace98 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 15:47:48 +0200
Subject: [PATCH 0181/2268] refactor: Start unifying secrets and vars loading

---
 pkg/kluctl_project/secrets_loader.go          | 118 ----------------
 pkg/kluctl_project/target_context.go          |  21 +--
 pkg/types/kluctl_project.go                   |   4 +-
 pkg/vars/vars_loader.go                       | 126 ++++++++++++++++++
 .../vars_loader_http.go}                      |  50 +++----
 5 files changed, 162 insertions(+), 157 deletions(-)
 delete mode 100644 pkg/kluctl_project/secrets_loader.go
 create mode 100644 pkg/vars/vars_loader.go
 rename pkg/{kluctl_project/secrets_loader_http.go => vars/vars_loader_http.go} (73%)

diff --git a/pkg/kluctl_project/secrets_loader.go b/pkg/kluctl_project/secrets_loader.go
deleted file mode 100644
index 091f13476..000000000
--- a/pkg/kluctl_project/secrets_loader.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package kluctl_project
-
-import (
-	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"os"
-	"path/filepath"
-)
-
-type usernamePassword struct {
-	username string
-	password string
-}
-
-type SecretsLoader struct {
-	project *LoadedKluctlProject
-
-	credentialsCache map[string]usernamePassword
-}
-
-func NewSecretsLoader(p *LoadedKluctlProject) *SecretsLoader {
-	return &SecretsLoader{
-		project:          p,
-		credentialsCache: map[string]usernamePassword{},
-	}
-}
-
-func (s *SecretsLoader) LoadSecrets(source *types.VarsSource) (*uo.UnstructuredObject, error) {
-	if source.Path != nil {
-		return s.loadSecretsFile(source)
-	} else if source.SystemEnvVars != nil {
-		return s.loadSecretsSystemEnvs(source)
-	} else if source.Http != nil {
-		return s.loadSecretsHttp(source)
-	} else if source.AwsSecretsManager != nil {
-		return s.loadSecretsAwsSecretsManager(source)
-	} else {
-		return nil, fmt.Errorf("invalid secrets entry")
-	}
-}
-
-func (s *SecretsLoader) loadSecretsFile(source *types.VarsSource) (*uo.UnstructuredObject, error) {
-	var p string
-	var err error
-	if utils.Exists(filepath.Join(s.project.DeploymentDir, *source.Path)) {
-		p, err = securejoin.SecureJoin(s.project.DeploymentDir, *source.Path)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		return nil, fmt.Errorf("secrets file %s does not exist", *source.Path)
-	}
-
-	err = utils.CheckInDir(s.project.DeploymentDir, p)
-	if err != nil {
-		return nil, fmt.Errorf("secrets file %s is not part of the deployment project: %w", *source.Path, err)
-	}
-
-	secrets, err := uo.FromFile(p)
-	if err != nil {
-		return nil, err
-	}
-	secrets, ok, err := secrets.GetNestedObject("secrets")
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return uo.New(), nil
-	}
-	return secrets, nil
-}
-
-func (s *SecretsLoader) loadSecretsSystemEnvs(source *types.VarsSource) (*uo.UnstructuredObject, error) {
-	secrets := uo.New()
-	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
-		envName, ok := it.Value().(string)
-		if !ok {
-			return fmt.Errorf("value at %s is not a string", it.KeyPath().ToJsonPath())
-		}
-		envValue, ok := os.LookupEnv(envName)
-		if !ok {
-			return fmt.Errorf("environment variable %s not found for secret %s", envName, it.KeyPath().ToJsonPath())
-		}
-		err := secrets.SetNestedField(envValue, it.KeyPath()...)
-		if err != nil {
-			return fmt.Errorf("failed to set secret %s: %w", it.KeyPath().ToJsonPath(), err)
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	return secrets, nil
-}
-
-func (s *SecretsLoader) loadSecretsAwsSecretsManager(source *types.VarsSource) (*uo.UnstructuredObject, error) {
-	secret, err := aws.GetAwsSecretsManagerSecret(source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
-	if err != nil {
-		return nil, err
-	}
-
-	secrets, err := uo.FromString(secret)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse yaml from AWS Secrets Manager (secretName=%s): %w", source.AwsSecretsManager.SecretName, err)
-	}
-	secrets, ok, err := secrets.GetNestedObject("secrets")
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return uo.New(), nil
-	}
-	return secrets, nil
-}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 611acdb88..d3e86dc44 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -60,7 +60,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	}
 
 	if forSeal {
-		err = p.loadSecrets(target, varsCtx)
+		err = p.loadSecrets(k, target, varsCtx)
 		if err != nil {
 			return nil, err
 		}
@@ -158,25 +158,18 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 	return nil, fmt.Errorf("secret Set with name %s was not found", name)
 }
 
-func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx) error {
-	secretsLoader := NewSecretsLoader(p)
+func (p *LoadedKluctlProject) loadSecrets(k *k8s.K8sCluster, target *types.Target, varsCtx *vars.VarsCtx) error {
+	searchDirs := []string{p.DeploymentDir}
+	secretsLoader := vars.NewVarsLoader(k, varsCtx, searchDirs, "secrets")
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
 		secretEntry, err := p.findSecretsEntry(secretSetName)
 		if err != nil {
 			return err
 		}
-		for _, source := range secretEntry.Sources {
-			var renderedSource types.VarsSource
-			err = p.J2.RenderStruct(&renderedSource, &source, varsCtx.Vars)
-			if err != nil {
-				return err
-			}
-			s, err := secretsLoader.LoadSecrets(&renderedSource)
-			if err != nil {
-				return err
-			}
-			varsCtx.Vars.MergeChild("secrets", s)
+		err = secretsLoader.LoadVarsList(secretEntry.Sources)
+		if err != nil {
+			return err
 		}
 	}
 	return nil
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index b51b500c2..c3084e7f3 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -44,8 +44,8 @@ type DynamicTarget struct {
 }
 
 type SecretSet struct {
-	Name    string       `yaml:"name" validate:"required"`
-	Sources []VarsSource `yaml:"sources" validate:"required,gt=0"`
+	Name    string        `yaml:"name" validate:"required"`
+	Sources []*VarsSource `yaml:"sources" validate:"required,gt=0"`
 }
 
 type GlobalSealedSecretsConfig struct {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
new file mode 100644
index 000000000..87bd01764
--- /dev/null
+++ b/pkg/vars/vars_loader.go
@@ -0,0 +1,126 @@
+package vars
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"os"
+)
+
+type usernamePassword struct {
+	username string
+	password string
+}
+
+type VarsLoader struct {
+	k          *k8s.K8sCluster
+	varsCtx    *VarsCtx
+	searchDirs []string
+	rootKey    string
+
+	credentialsCache map[string]usernamePassword
+}
+
+func NewVarsLoader(k *k8s.K8sCluster, varsCtx *VarsCtx, searchDirs []string, rootKey string) *VarsLoader {
+	return &VarsLoader{
+		k:                k,
+		varsCtx:          varsCtx,
+		searchDirs:       searchDirs,
+		rootKey:          rootKey,
+		credentialsCache: map[string]usernamePassword{},
+	}
+}
+
+func (s *VarsLoader) LoadVarsList(varsList []*types.VarsSource) error {
+	for _, source := range varsList {
+		err := s.LoadVars(source)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *VarsLoader) LoadVars(sourceIn *types.VarsSource) error {
+	var source types.VarsSource
+
+	err := s.varsCtx.J2.RenderStruct(&source, sourceIn, s.varsCtx.Vars)
+	if err != nil {
+		return err
+	}
+
+	if source.Path != nil {
+		return s.loadFile(&source)
+	} else if source.SystemEnvVars != nil {
+		return s.loadSystemEnvs(&source)
+	} else if source.Http != nil {
+		return s.loadHttp(&source)
+	} else if source.AwsSecretsManager != nil {
+		return s.loadAwsSecretsManager(&source)
+	} else {
+		return fmt.Errorf("invalid vars source")
+	}
+}
+
+func (s *VarsLoader) mergeVars(newVars *uo.UnstructuredObject) {
+	if s.rootKey == "" {
+		s.varsCtx.Update(newVars)
+	} else {
+		s.varsCtx.UpdateChild(s.rootKey, newVars)
+	}
+}
+
+func (s *VarsLoader) loadFile(source *types.VarsSource) error {
+	var newVars uo.UnstructuredObject
+	err := s.varsCtx.RenderYamlFile(*source.Path, s.searchDirs, &newVars)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from %s: %w", *source.Path, err)
+	}
+	s.mergeVars(&newVars)
+	return nil
+}
+
+func (s *VarsLoader) loadSystemEnvs(source *types.VarsSource) error {
+	newVars := uo.New()
+	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
+		envName, ok := it.Value().(string)
+		if !ok {
+			return fmt.Errorf("value at %s is not a string", it.KeyPath().ToJsonPath())
+		}
+		envValue, ok := os.LookupEnv(envName)
+		if !ok {
+			return fmt.Errorf("environment variable %s not found for %s", envName, it.KeyPath().ToJsonPath())
+		}
+		err := newVars.SetNestedField(envValue, it.KeyPath()...)
+		if err != nil {
+			return fmt.Errorf("failed to set value for %s: %w", it.KeyPath().ToJsonPath(), err)
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	s.mergeVars(newVars)
+	return nil
+}
+
+func (s *VarsLoader) loadAwsSecretsManager(source *types.VarsSource) error {
+	secret, err := aws.GetAwsSecretsManagerSecret(source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
+	if err != nil {
+		return err
+	}
+
+	newVars, err := uo.FromString(secret)
+	if err != nil {
+		return fmt.Errorf("failed to parse yaml from AWS Secrets Manager (secretName=%s): %w", source.AwsSecretsManager.SecretName, err)
+	}
+	if s.rootKey != "" {
+		newVars, _, err = newVars.GetNestedObject(s.rootKey)
+	}
+	if newVars != nil {
+		s.mergeVars(newVars)
+	}
+	return nil
+}
diff --git a/pkg/kluctl_project/secrets_loader_http.go b/pkg/vars/vars_loader_http.go
similarity index 73%
rename from pkg/kluctl_project/secrets_loader_http.go
rename to pkg/vars/vars_loader_http.go
index 07b225c88..2d6b5fb1a 100644
--- a/pkg/kluctl_project/secrets_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -1,4 +1,4 @@
-package kluctl_project
+package vars
 
 import (
 	"crypto/tls"
@@ -15,7 +15,7 @@ import (
 	"strings"
 )
 
-func (s *SecretsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
+func (s *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
 	client := &http.Client{
 		Transport: ntlmssp.Negotiator{
 			RoundTripper: &http.Transport{
@@ -65,12 +65,12 @@ func (s *SecretsLoader) doHttp(httpSource *types.VarsSourceHttp, username string
 	return resp, string(respBody), nil
 }
 
-func (s *SecretsLoader) loadSecretsHttp(source *types.VarsSource) (*uo.UnstructuredObject, error) {
+func (s *VarsLoader) loadHttp(source *types.VarsSource) error {
 	resp, respBody, err := s.doHttp(source.Http, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
-			return nil, err
+			return err
 		}
 
 		var realms []string
@@ -87,7 +87,7 @@ func (s *SecretsLoader) loadSecretsHttp(source *types.VarsSource) (*uo.Unstructu
 		if !ok {
 			username, password, err := utils.AskForCredentials(fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
-				return nil, err
+				return err
 			}
 			creds = usernamePassword{
 				username: username,
@@ -98,52 +98,56 @@ func (s *SecretsLoader) loadSecretsHttp(source *types.VarsSource) (*uo.Unstructu
 
 		resp, respBody, err = s.doHttp(source.Http, creds.username, creds.password)
 		if err != nil {
-			return nil, err
+			return err
 		}
 	} else if err != nil {
-		return nil, err
+		return err
 	}
 
 	var respObj interface{}
-	var secrets *uo.UnstructuredObject
+	var newVars *uo.UnstructuredObject
 
 	err = yaml.ReadYamlString(respBody, &respObj)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if source.Http.JsonPath != nil {
 		p, err := uo.NewMyJsonPath(*source.Http.JsonPath)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		x, ok := p.GetFirstFromAny(respObj)
 		if !ok {
-			return nil, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
+			return fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
 		}
 		s, ok := x.(string)
 		if !ok {
-			return nil, fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
+			return fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
 		}
-		secrets, err = uo.FromString(s)
+		newVars, err = uo.FromString(s)
 		if err != nil {
-			return nil, err
+			return err
 		}
 	} else {
 		x, ok := respObj.(map[string]interface{})
 		if !ok {
-			return nil, fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
+			return fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
 		}
-		secrets = uo.FromMap(x)
+		newVars = uo.FromMap(x)
 	}
-	secrets, ok, err := secrets.GetNestedObject("secrets")
-	if err != nil {
-		return nil, err
+
+	if s.rootKey != "" {
+		newVars, _, err = newVars.GetNestedObject(s.rootKey)
+		if err != nil {
+			return err
+		}
 	}
-	if !ok {
-		return uo.New(), nil
+
+	if newVars != nil {
+		s.mergeVars(newVars)
 	}
-	return secrets, nil
+	return nil
 }

From 0fe611a7b5aa499d40ff19a4274a23fee4d94eb2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 18:04:53 +0200
Subject: [PATCH 0182/2268] feat: Unify loading of vars and secrets

---
 pkg/deployment/deployment_collection.go |   2 +-
 pkg/deployment/deployment_item.go       |   5 +-
 pkg/deployment/deployment_project.go    |  25 ++--
 pkg/kluctl_project/target_context.go    |  11 +-
 pkg/types/deployment.go                 |  52 +-------
 pkg/types/kluctl_project.go             |   5 -
 pkg/types/vars_source.go                |  49 ++++++--
 pkg/vars/vars.go                        | 120 -------------------
 pkg/vars/vars_loader.go                 | 152 ++++++++++++++++++------
 pkg/vars/vars_loader_http.go            |  18 +--
 10 files changed, 192 insertions(+), 247 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 4b845757b..64b100788 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -117,7 +117,7 @@ func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
 	defer wp.StopWait(false)
 
 	for _, d := range c.Deployments {
-		err := d.render(k, c.forSeal, wp)
+		err := d.render(c.forSeal, wp)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index e4ccacd3a..15463a61a 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -110,7 +110,7 @@ func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	return a
 }
 
-func (di *DeploymentItem) render(k *k8s.K8sCluster, forSeal bool, wp *utils.WorkerPoolWithErrors) error {
+func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) error {
 	if di.dir == nil {
 		return nil
 	}
@@ -123,7 +123,8 @@ func (di *DeploymentItem) render(k *k8s.K8sCluster, forSeal bool, wp *utils.Work
 	}
 
 	varsCtx := di.Project.VarsCtx.Copy()
-	err = varsCtx.LoadVarsList(k, di.Project.getRenderSearchDirs(), di.Config.Vars)
+
+	err = di.Project.loadVarsList(varsCtx, di.Config.Vars)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 5b6638843..6ac7de718 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -16,8 +16,10 @@ import (
 type DeploymentProject struct {
 	ctx context.Context
 
-	VarsCtx *vars.VarsCtx
-	dir     string
+	varsLoader *vars.VarsLoader
+	VarsCtx    *vars.VarsCtx
+
+	dir string
 
 	SealedSecretsDir                  string
 	DefaultSealedSecretsOutputPattern string
@@ -30,9 +32,10 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *vars.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsLoader *vars.VarsLoader, varsCtx *vars.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
 		ctx:              ctx,
+		varsLoader:       varsLoader,
 		VarsCtx:          varsCtx.Copy(),
 		dir:              dir,
 		SealedSecretsDir: sealedSecretsDir,
@@ -44,7 +47,7 @@ func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *vars.
 		return nil, fmt.Errorf("%s does not exist or is not a directory", dir)
 	}
 
-	err := dp.loadConfig(k)
+	err := dp.loadConfig()
 	if err != nil {
 		return nil, fmt.Errorf("failed to load deployment config for %s: %w", dir, err)
 	}
@@ -57,13 +60,11 @@ func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsCtx *vars.
 	return dp, nil
 }
 
-func (p *DeploymentProject) MergeSecretsIntoAllChildren(vars *uo.UnstructuredObject) {
-	for _, c := range p.getChildren(true, true) {
-		c.VarsCtx.UpdateChild("secrets", vars)
-	}
+func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*types.VarsSource) error {
+	return p.varsLoader.LoadVarsList(varsCtx, varsList, p.getRenderSearchDirs(), "")
 }
 
-func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
+func (p *DeploymentProject) loadConfig() error {
 	configPath := filepath.Join(p.dir, "deployment.yml")
 	if !yaml.Exists(configPath) {
 		if yaml.Exists(filepath.Join(p.dir, "kustomization.yml")) {
@@ -77,7 +78,7 @@ func (p *DeploymentProject) loadConfig(k *k8s.K8sCluster) error {
 		return fmt.Errorf("failed to load deployment.yml: %w", err)
 	}
 
-	err = p.VarsCtx.LoadVarsList(k, p.getRenderSearchDirs(), p.Config.Vars)
+	err = p.loadVarsList(p.VarsCtx, p.Config.Vars)
 	if err != nil {
 		return fmt.Errorf("failed to load deployment.yml vars: %w", err)
 	}
@@ -162,12 +163,12 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 		incDir := filepath.Join(p.dir, *inc.Include)
 
 		varsCtx := p.VarsCtx.Copy()
-		err := varsCtx.LoadVarsList(k, p.getRenderSearchDirs(), inc.Vars)
+		err := p.loadVarsList(varsCtx, inc.Vars)
 		if err != nil {
 			return err
 		}
 
-		newProject, err := NewDeploymentProject(p.ctx, k, varsCtx, incDir,
+		newProject, err := NewDeploymentProject(p.ctx, k, p.varsLoader, varsCtx, incDir,
 			p.SealedSecretsDir, p)
 		if err != nil {
 			return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index d3e86dc44..e8a5def9a 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -59,14 +59,16 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
+	varsLoader := vars.NewVarsLoader(ctx, k, p.grc)
+
 	if forSeal {
-		err = p.loadSecrets(k, target, varsCtx)
+		err = p.loadSecrets(target, varsCtx, varsLoader)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	d, err := deployment.NewDeploymentProject(ctx, k, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
+	d, err := deployment.NewDeploymentProject(ctx, k, varsLoader, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -158,16 +160,15 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 	return nil, fmt.Errorf("secret Set with name %s was not found", name)
 }
 
-func (p *LoadedKluctlProject) loadSecrets(k *k8s.K8sCluster, target *types.Target, varsCtx *vars.VarsCtx) error {
+func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
 	searchDirs := []string{p.DeploymentDir}
-	secretsLoader := vars.NewVarsLoader(k, varsCtx, searchDirs, "secrets")
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
 		secretEntry, err := p.findSecretsEntry(secretSetName)
 		if err != nil {
 			return err
 		}
-		err = secretsLoader.LoadVarsList(secretEntry.Sources)
+		err = varsLoader.LoadVarsList(varsCtx, secretEntry.Sources, searchDirs, "secrets")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 754f54080..c9e3dce4b 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -2,8 +2,6 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
@@ -13,7 +11,7 @@ type DeploymentItemConfig struct {
 	Tags             []string                 `yaml:"tags,omitempty"`
 	Barrier          *bool                    `yaml:"barrier,omitempty"`
 	WaitReadiness    *bool                    `yaml:"waitReadiness,omitempty"`
-	Vars             []*VarsListItem          `yaml:"vars,omitempty"`
+	Vars             []*VarsSource            `yaml:"vars,omitempty"`
 	SkipDeleteIfTags *bool                    `yaml:"skipDeleteIfTags,omitempty"`
 	OnlyRender       *bool                    `yaml:"onlyRender,omitempty"`
 	AlwaysDeploy     *bool                    `yaml:"alwaysDeploy,omitempty"`
@@ -50,51 +48,6 @@ type DeploymentArg struct {
 	Default interface{} `yaml:"default,omitempty"`
 }
 
-type VarsListItemGit struct {
-	Url  git_url.GitUrl `yaml:"url" validate:"required"`
-	Ref  string         `yaml:"ref,omitempty"`
-	Path string         `yaml:"path" validate:"required"`
-}
-
-type VarsListItemClusterConfigMapOrSecret struct {
-	Name      string `yaml:"name" validate:"required"`
-	Namespace string `yaml:"namespace,omitempty"`
-	Key       string `yaml:"key" validate:"required"`
-}
-
-type VarsListItem struct {
-	Values           *uo.UnstructuredObject                `yaml:"values,omitempty"`
-	File             *string                               `yaml:"file,omitempty"`
-	Git              *VarsListItemGit                      `yaml:"git,omitempty"`
-	ClusterConfigMap *VarsListItemClusterConfigMapOrSecret `yaml:"clusterConfigMap,omitempty"`
-	ClusterSecret    *VarsListItemClusterConfigMapOrSecret `yaml:"clusterSecret,omitempty"`
-}
-
-func ValidateVarsListItem(sl validator.StructLevel) {
-	s := sl.Current().Interface().(VarsListItem)
-	count := 0
-	if s.Values != nil {
-		count += 1
-	}
-	if s.File != nil {
-		count += 1
-	}
-	if s.Git != nil {
-		count += 1
-	}
-	if s.ClusterConfigMap != nil {
-		count += 1
-	}
-	if s.ClusterSecret != nil {
-		count += 1
-	}
-	if count == 0 {
-		sl.ReportError(s, "self", "self", "invalidvars", "unknown vars type")
-	} else if count != 1 {
-		sl.ReportError(s, "self", "self", "invalidvars", "more then one vars type")
-	}
-}
-
 type SealedSecretsConfig struct {
 	OutputPattern *string `yaml:"outputPattern,omitempty"`
 }
@@ -127,7 +80,7 @@ type IgnoreForDiffItemConfig struct {
 
 type DeploymentProjectConfig struct {
 	Args          []*DeploymentArg     `yaml:"args,omitempty"`
-	Vars          []*VarsListItem      `yaml:"vars,omitempty"`
+	Vars          []*VarsSource        `yaml:"vars,omitempty"`
 	SealedSecrets *SealedSecretsConfig `yaml:"sealedSecrets,omitempty"`
 
 	Deployments []*DeploymentItemConfig `yaml:"deployments,omitempty"`
@@ -141,7 +94,6 @@ type DeploymentProjectConfig struct {
 }
 
 func init() {
-	yaml.Validator.RegisterStructValidation(ValidateVarsListItem, VarsListItem{})
 	yaml.Validator.RegisterStructValidation(ValidateDeploymentItemConfig, DeploymentItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index c3084e7f3..12420ca83 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -2,7 +2,6 @@ package types
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DynamicArg struct {
@@ -66,7 +65,3 @@ type KluctlProject struct {
 	Targets       []*Target        `yaml:"targets,omitempty"`
 	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
 }
-
-func init() {
-	yaml.Validator.RegisterStructValidation(ValidateSecretSource, VarsSource{})
-}
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index dec89ddd3..1dfa61beb 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -2,9 +2,23 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
+type VarsSourceGit struct {
+	Url  git_url.GitUrl `yaml:"url" validate:"required"`
+	Ref  string         `yaml:"ref,omitempty"`
+	Path string         `yaml:"path" validate:"required"`
+}
+
+type VarsSourceClusterConfigMapOrSecret struct {
+	Name      string `yaml:"name" validate:"required"`
+	Namespace string `yaml:"namespace,omitempty"`
+	Key       string `yaml:"key" validate:"required"`
+}
+
 type VarsSourceHttp struct {
 	Url      YamlUrl           `yaml:"url,omitempty" validate:"required"`
 	Method   *string           `yaml:"method,omitempty"`
@@ -23,18 +37,35 @@ type VarsSourceAwsSecretsManager struct {
 }
 
 type VarsSource struct {
-	Path              *string                      `yaml:"path,omitempty"`
-	SystemEnvVars     *uo.UnstructuredObject       `yaml:"systemEnvVars,omitempty"`
-	Http              *VarsSourceHttp              `yaml:"http,omitempty"`
-	AwsSecretsManager *VarsSourceAwsSecretsManager `yaml:"awsSecretsManager,omitempty"`
+	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
+	File              *string                             `yaml:"file,omitempty"`
+	Path              *string                             `yaml:"path,omitempty"`
+	Git               *VarsSourceGit                      `yaml:"git,omitempty"`
+	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `yaml:"clusterConfigMap,omitempty"`
+	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `yaml:"clusterSecret,omitempty"`
+	SystemEnvVars     *uo.UnstructuredObject              `yaml:"systemEnvVars,omitempty"`
+	Http              *VarsSourceHttp                     `yaml:"http,omitempty"`
+	AwsSecretsManager *VarsSourceAwsSecretsManager        `yaml:"awsSecretsManager,omitempty"`
 }
 
-func ValidateSecretSource(sl validator.StructLevel) {
+func ValidateVarsSource(sl validator.StructLevel) {
 	s := sl.Current().Interface().(VarsSource)
 	count := 0
 	if s.Path != nil {
 		count += 1
 	}
+	if s.File != nil {
+		count += 1
+	}
+	if s.Git != nil {
+		count += 1
+	}
+	if s.ClusterConfigMap != nil {
+		count += 1
+	}
+	if s.ClusterSecret != nil {
+		count += 1
+	}
 	if s.SystemEnvVars != nil {
 		count += 1
 	}
@@ -45,8 +76,12 @@ func ValidateSecretSource(sl validator.StructLevel) {
 		count += 1
 	}
 	if count == 0 {
-		sl.ReportError(s, "self", "self", "invalidsource", "unknown secret source type")
+		sl.ReportError(s, "self", "self", "invalidsource", "unknown vars source type")
 	} else if count != 1 {
-		sl.ReportError(s, "self", "self", "invalidsource", "more then one secret source type")
+		sl.ReportError(s, "self", "self", "invalidsource", "more then one vars source type")
 	}
 }
+
+func init() {
+	yaml.Validator.RegisterStructValidation(ValidateVarsSource, VarsSource{})
+}
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index 67f818de5..b94ccff98 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -1,17 +1,10 @@
 package vars
 
 import (
-	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io/ioutil"
-	"os"
 )
 
 type VarsCtx struct {
@@ -55,119 +48,6 @@ func (vc *VarsCtx) UpdateChildFromStruct(child string, o interface{}) error {
 	return nil
 }
 
-func (vc *VarsCtx) LoadVarsList(k *k8s.K8sCluster, searchDirs []string, varsList []*types.VarsListItem) error {
-	for _, v := range varsList {
-		if v.Values != nil {
-			vc.Update(v.Values)
-		} else if v.File != nil {
-			err := vc.loadVarsFile(*v.File, searchDirs)
-			if err != nil {
-				return err
-			}
-		} else if v.Git != nil {
-			err := vc.loadVarsGitFile(v.Git)
-			if err != nil {
-				return err
-			}
-		} else if v.ClusterConfigMap != nil {
-			ref := k8s2.NewObjectRef("", "v1", "ConfigMap", v.ClusterConfigMap.Name, v.ClusterConfigMap.Namespace)
-			err := vc.loadVarsFromK8sObject(k, ref, v.ClusterConfigMap.Key)
-			if err != nil {
-				return err
-			}
-		} else if v.ClusterSecret != nil {
-			ref := k8s2.NewObjectRef("", "v1", "Secret", v.ClusterSecret.Name, v.ClusterSecret.Namespace)
-			err := vc.loadVarsFromK8sObject(k, ref, v.ClusterSecret.Key)
-			if err != nil {
-				return err
-			}
-		} else {
-			return fmt.Errorf("invalid vars entry: %v", v)
-		}
-	}
-
-	return nil
-}
-
-func (vc *VarsCtx) loadVarsFile(p string, searchDirs []string) error {
-	var newVars uo.UnstructuredObject
-	err := vc.RenderYamlFile(p, searchDirs, &newVars)
-	if err != nil {
-		return fmt.Errorf("failed to load vars from %s: %w", p, err)
-	}
-	vc.Update(&newVars)
-	return nil
-}
-
-func (vc *VarsCtx) loadVarsGitFile(gitFile *types.VarsListItemGit) error {
-	mr, err := vc.grc.GetMirroredGitRepo(gitFile.Url, true, true, true)
-	if err != nil {
-		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
-	}
-
-	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "git-vars")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	file, err := mr.ReadFile(gitFile.Ref, gitFile.Path)
-	if err != nil {
-		return fmt.Errorf("failed to load vars from git repository %s and path %s: %w", gitFile.Url.String(), gitFile.Path, err)
-	}
-
-	return vc.loadVarsFromString(string(file))
-}
-
-func (vc *VarsCtx) loadVarsFromK8sObject(k *k8s.K8sCluster, ref k8s2.ObjectRef, key string) error {
-	if k == nil {
-		return nil
-	}
-
-	o, _, err := k.GetSingleObject(ref)
-	if err != nil {
-		return err
-	}
-
-	value, found, err := o.GetNestedString("data", key)
-	if err != nil {
-		return err
-	}
-	if !found {
-		return fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
-	}
-
-	err = vc.loadVarsFromString(value)
-	if err != nil {
-		return fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
-	}
-	return nil
-}
-
-func (vc *VarsCtx) loadVarsFromString(s string) error {
-	var newVars uo.UnstructuredObject
-	err := vc.renderYamlString(s, &newVars)
-	if err != nil {
-		return err
-	}
-	vc.Update(&newVars)
-	return nil
-}
-
-func (vc *VarsCtx) renderYamlString(s string, out interface{}) error {
-	ret, err := vc.J2.RenderString(s, nil, vc.Vars)
-	if err != nil {
-		return err
-	}
-
-	err = yaml.ReadYamlString(ret, out)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}) error {
 	ret, err := vc.J2.RenderFile(p, searchDirs, vc.Vars)
 	if err != nil {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 87bd01764..df011336f 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -1,11 +1,18 @@
 package vars
 
 import (
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io/ioutil"
 	"os"
 )
 
@@ -15,27 +22,25 @@ type usernamePassword struct {
 }
 
 type VarsLoader struct {
-	k          *k8s.K8sCluster
-	varsCtx    *VarsCtx
-	searchDirs []string
-	rootKey    string
+	ctx context.Context
+	k   *k8s.K8sCluster
+	grc *git.MirroredGitRepoCollection
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(k *k8s.K8sCluster, varsCtx *VarsCtx, searchDirs []string, rootKey string) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, grc *git.MirroredGitRepoCollection) *VarsLoader {
 	return &VarsLoader{
+		ctx:              ctx,
 		k:                k,
-		varsCtx:          varsCtx,
-		searchDirs:       searchDirs,
-		rootKey:          rootKey,
+		grc:              grc,
 		credentialsCache: map[string]usernamePassword{},
 	}
 }
 
-func (s *VarsLoader) LoadVarsList(varsList []*types.VarsSource) error {
+func (v *VarsLoader) LoadVarsList(varsCtx *VarsCtx, varsList []*types.VarsSource, searchDirs []string, rootKey string) error {
 	for _, source := range varsList {
-		err := s.LoadVars(source)
+		err := v.LoadVars(varsCtx, source, searchDirs, rootKey)
 		if err != nil {
 			return err
 		}
@@ -43,46 +48,58 @@ func (s *VarsLoader) LoadVarsList(varsList []*types.VarsSource) error {
 	return nil
 }
 
-func (s *VarsLoader) LoadVars(sourceIn *types.VarsSource) error {
+func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, searchDirs []string, rootKey string) error {
 	var source types.VarsSource
 
-	err := s.varsCtx.J2.RenderStruct(&source, sourceIn, s.varsCtx.Vars)
+	err := varsCtx.J2.RenderStruct(&source, sourceIn, varsCtx.Vars)
 	if err != nil {
 		return err
 	}
 
-	if source.Path != nil {
-		return s.loadFile(&source)
+	if source.Values != nil {
+		v.mergeVars(varsCtx, source.Values, rootKey)
+	} else if source.Path != nil {
+		status.Warning(v.ctx, "'path' is deprecated as vars source, use 'file' instead")
+		return v.loadFile(varsCtx, *source.Path, searchDirs, rootKey)
+	} else if source.File != nil {
+		return v.loadFile(varsCtx, *source.File, searchDirs, rootKey)
+	} else if source.Git != nil {
+		return v.loadGit(varsCtx, source.Git, rootKey)
+	} else if source.ClusterConfigMap != nil {
+		ref := k8s2.NewObjectRef("", "v1", "ConfigMap", source.ClusterConfigMap.Name, source.ClusterConfigMap.Namespace)
+		return v.loadFromK8sObject(varsCtx, ref, source.ClusterConfigMap.Key, rootKey)
+	} else if source.ClusterSecret != nil {
+		ref := k8s2.NewObjectRef("", "v1", "Secret", source.ClusterSecret.Name, source.ClusterSecret.Namespace)
+		return v.loadFromK8sObject(varsCtx, ref, source.ClusterSecret.Key, rootKey)
 	} else if source.SystemEnvVars != nil {
-		return s.loadSystemEnvs(&source)
+		return v.loadSystemEnvs(varsCtx, &source, rootKey)
 	} else if source.Http != nil {
-		return s.loadHttp(&source)
+		return v.loadHttp(varsCtx, &source, rootKey)
 	} else if source.AwsSecretsManager != nil {
-		return s.loadAwsSecretsManager(&source)
-	} else {
-		return fmt.Errorf("invalid vars source")
+		return v.loadAwsSecretsManager(varsCtx, &source, rootKey)
 	}
+	return fmt.Errorf("invalid vars source")
 }
 
-func (s *VarsLoader) mergeVars(newVars *uo.UnstructuredObject) {
-	if s.rootKey == "" {
-		s.varsCtx.Update(newVars)
+func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject, rootKey string) {
+	if rootKey == "" {
+		varsCtx.Update(newVars)
 	} else {
-		s.varsCtx.UpdateChild(s.rootKey, newVars)
+		varsCtx.UpdateChild(rootKey, newVars)
 	}
 }
 
-func (s *VarsLoader) loadFile(source *types.VarsSource) error {
+func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string, rootKey string) error {
 	var newVars uo.UnstructuredObject
-	err := s.varsCtx.RenderYamlFile(*source.Path, s.searchDirs, &newVars)
+	err := varsCtx.RenderYamlFile(path, searchDirs, &newVars)
 	if err != nil {
-		return fmt.Errorf("failed to load vars from %s: %w", *source.Path, err)
+		return fmt.Errorf("failed to load vars from %s: %w", path, err)
 	}
-	s.mergeVars(&newVars)
+	v.mergeVars(varsCtx, &newVars, rootKey)
 	return nil
 }
 
-func (s *VarsLoader) loadSystemEnvs(source *types.VarsSource) error {
+func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
 	newVars := uo.New()
 	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 		envName, ok := it.Value().(string)
@@ -102,25 +119,88 @@ func (s *VarsLoader) loadSystemEnvs(source *types.VarsSource) error {
 	if err != nil {
 		return err
 	}
-	s.mergeVars(newVars)
+	v.mergeVars(varsCtx, newVars, rootKey)
 	return nil
 }
 
-func (s *VarsLoader) loadAwsSecretsManager(source *types.VarsSource) error {
+func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
 	secret, err := aws.GetAwsSecretsManagerSecret(source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
 	if err != nil {
 		return err
 	}
+	return v.loadFromString(varsCtx, secret, rootKey)
+}
+
+func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
+	mr, err := v.grc.GetMirroredGitRepo(gitFile.Url, true, true, true)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
+	}
 
-	newVars, err := uo.FromString(secret)
+	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "git-vars")
 	if err != nil {
-		return fmt.Errorf("failed to parse yaml from AWS Secrets Manager (secretName=%s): %w", source.AwsSecretsManager.SecretName, err)
+		return err
 	}
-	if s.rootKey != "" {
-		newVars, _, err = newVars.GetNestedObject(s.rootKey)
+	defer os.RemoveAll(tmpDir)
+
+	file, err := mr.ReadFile(gitFile.Ref, gitFile.Path)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from git repository %s and path %s: %w", gitFile.Url.String(), gitFile.Path, err)
 	}
-	if newVars != nil {
-		s.mergeVars(newVars)
+
+	return v.loadFromString(varsCtx, string(file), rootKey)
+}
+
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key string, rootKey string) error {
+	if v.k == nil {
+		return nil
 	}
+
+	o, _, err := v.k.GetSingleObject(ref)
+	if err != nil {
+		return err
+	}
+
+	value, found, err := o.GetNestedString("data", key)
+	if err != nil {
+		return err
+	}
+	if !found {
+		return fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
+	}
+
+	err = v.loadFromString(varsCtx, value, rootKey)
+	if err != nil {
+		return fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
+	}
+	return nil
+}
+
+func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, rootKey string) error {
+	newVars := uo.New()
+	err := v.renderYamlString(varsCtx, s, newVars)
+	if err != nil {
+		return err
+	}
+
+	if rootKey != "" {
+		newVars, _, err = newVars.GetNestedObject(rootKey)
+	}
+
+	v.mergeVars(varsCtx, newVars, rootKey)
+	return nil
+}
+
+func (v *VarsLoader) renderYamlString(varsCtx *VarsCtx, s string, out interface{}) error {
+	ret, err := varsCtx.J2.RenderString(s, nil, varsCtx.Vars)
+	if err != nil {
+		return err
+	}
+
+	err = yaml.ReadYamlString(ret, out)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 2d6b5fb1a..18cd60695 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -15,7 +15,7 @@ import (
 	"strings"
 )
 
-func (s *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
+func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
 	client := &http.Client{
 		Transport: ntlmssp.Negotiator{
 			RoundTripper: &http.Transport{
@@ -65,8 +65,8 @@ func (s *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, p
 	return resp, string(respBody), nil
 }
 
-func (s *VarsLoader) loadHttp(source *types.VarsSource) error {
-	resp, respBody, err := s.doHttp(source.Http, "", "")
+func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
+	resp, respBody, err := v.doHttp(source.Http, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
@@ -83,7 +83,7 @@ func (s *VarsLoader) loadHttp(source *types.VarsSource) error {
 		}
 
 		credsKey := fmt.Sprintf("%s|%s", source.Http.Url.Host, strings.Join(realms, "+"))
-		creds, ok := s.credentialsCache[credsKey]
+		creds, ok := v.credentialsCache[credsKey]
 		if !ok {
 			username, password, err := utils.AskForCredentials(fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
@@ -93,10 +93,10 @@ func (s *VarsLoader) loadHttp(source *types.VarsSource) error {
 				username: username,
 				password: password,
 			}
-			s.credentialsCache[credsKey] = creds
+			v.credentialsCache[credsKey] = creds
 		}
 
-		resp, respBody, err = s.doHttp(source.Http, creds.username, creds.password)
+		resp, respBody, err = v.doHttp(source.Http, creds.username, creds.password)
 		if err != nil {
 			return err
 		}
@@ -139,15 +139,15 @@ func (s *VarsLoader) loadHttp(source *types.VarsSource) error {
 		newVars = uo.FromMap(x)
 	}
 
-	if s.rootKey != "" {
-		newVars, _, err = newVars.GetNestedObject(s.rootKey)
+	if rootKey != "" {
+		newVars, _, err = newVars.GetNestedObject(rootKey)
 		if err != nil {
 			return err
 		}
 	}
 
 	if newVars != nil {
-		s.mergeVars(newVars)
+		v.mergeVars(varsCtx, newVars, rootKey)
 	}
 	return nil
 }

From b5a746eb7616ec08accebd3e00ef3394a81824c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 May 2022 18:22:29 +0200
Subject: [PATCH 0183/2268] feat: Rename sources to vars in secretSets

---
 pkg/kluctl_project/target_context.go |  7 ++++++-
 pkg/types/kluctl_project.go          | 20 ++++++++++++++++++--
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index e8a5def9a..f8d73fce4 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -168,7 +168,12 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 		if err != nil {
 			return err
 		}
-		err = varsLoader.LoadVarsList(varsCtx, secretEntry.Sources, searchDirs, "secrets")
+		if len(secretEntry.Sources) != 0 {
+			status.Warning(p.ctx, "'sources' in secretSets is deprecated, use 'vars' instead")
+			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Sources, searchDirs, "secrets")
+		} else {
+			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Vars, searchDirs, "secrets")
+		}
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 12420ca83..e25426570 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -1,7 +1,9 @@
 package types
 
 import (
+	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DynamicArg struct {
@@ -43,8 +45,18 @@ type DynamicTarget struct {
 }
 
 type SecretSet struct {
-	Name    string        `yaml:"name" validate:"required"`
-	Sources []*VarsSource `yaml:"sources" validate:"required,gt=0"`
+	Name string `yaml:"name" validate:"required"`
+	// TODO deprecated, use vars instead
+	Sources []*VarsSource `yaml:"sources,omitempty"`
+	Vars    []*VarsSource `yaml:"vars,omitempty"`
+}
+
+func ValidateSecretSet(sl validator.StructLevel) {
+	s := sl.Current().Interface().(SecretSet)
+
+	if len(s.Sources) != 0 && len(s.Vars) != 0 {
+		sl.ReportError(s, "vars", "vars", "invalidsource", "sources and vars can't be set at the same time")
+	}
 }
 
 type GlobalSealedSecretsConfig struct {
@@ -65,3 +77,7 @@ type KluctlProject struct {
 	Targets       []*Target        `yaml:"targets,omitempty"`
 	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
 }
+
+func init() {
+	yaml.Validator.RegisterStructValidation(ValidateSecretSet, SecretSet{})
+}

From 3e8b4fd7a590ad60f4339e18f72bb4f9565a679e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 10:00:45 +0200
Subject: [PATCH 0184/2268] fix: Fix status reporting in helm-update

1. Add missing prefix when new versions are detected
2. Use proper prefix (dirName instead of baseName)
3. Properly report success when no new version is detected
4. Show skipUpdate info when new versions are detected
---
 cmd/kluctl/commands/cmd_helm_update.go | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 2d9f7e5f6..59e3df5d9 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -38,21 +38,31 @@ func (cmd *helmUpdateCmd) Run() error {
 				return err
 			}
 
-			statusPrefix := filepath.Base(p)
+			statusPrefix := filepath.Base(filepath.Dir(p))
 			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
 			defer s.Failed()
 
+			skipUpdate := chart.Config.SkipUpdate != nil && *chart.Config.SkipUpdate
+
 			newVersion, updated, err := chart.CheckUpdate()
 			if err != nil {
 				return err
 			}
 			if !updated {
+				s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
+				s.Success()
 				return nil
 			}
-			s.Update(fmt.Sprintf("Chart has new version %s available. Old version is %s.", newVersion, *chart.Config.ChartVersion))
+			msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
+			if skipUpdate {
+				msg += " skipUpdate is set to true."
+			}
+			s.Update(msg)
 
-			if cmd.Upgrade {
-				if chart.Config.SkipUpdate != nil && *chart.Config.SkipUpdate {
+			if !cmd.Upgrade {
+				s.Success()
+			} else {
+				if skipUpdate {
 					s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
 					s.Success()
 					return nil

From c203138f652ae0fe73430555f273eb93357a569f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 10:43:57 +0200
Subject: [PATCH 0185/2268] docs: Add a few badges to README.md

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 099728ed9..ba92599c6 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,9 @@
 # kluctl
 
+[![tests](https://github.com/kluctl/kluctl/workflows/tests/badge.svg)](https://github.com/kluctl/kluctl/actions)
+[![license](https://img.shields.io/github/license/kluctl/kluctl.svg)](https://github.com/kluctl/kluctl/blob/main/LICENSE)
+[![release](https://img.shields.io/github/release/kluctl/kluctl/all.svg)](https://github.com/kluctl/kluctl/releases)
+
 <img alt="kluctl" src="logo/kluctl.svg" width="200"/>
 
 <!-- copied from https://kluctl.io/docs -->

From 94e2cb275b9b0deb306ed0aa0e3df31bb2e2104e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 10:46:38 +0200
Subject: [PATCH 0186/2268] docs: Update README.md with contents from
 kluctl.io/docs

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ba92599c6..6cd3ba354 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Kluctl does not depend on external operators/controllers and allows to use the s
 as long as access to the kluctl project and clusters is available. This means, that you can use it from your
 local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
 
-Flux support is in development and will come soon.
+Flux support is in alpha statium and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
 
 ## Installation
 
@@ -41,7 +41,7 @@ Documentation can be found here: https://kluctl.io/docs
 | --- | --- |
 | 💪 Kluctl handles all your deployments | You can manage all your deployments with Kluctl, including infrastructure related and your applications. |
 | 🪶 Complex or simple, all the same | You can manage complex and simple deployments with Kluctl. Simple deployments are lightweight while complex deployment are easily manageable. |
-| 🤖 Native git support | Kluctl has native Git support integrated, meaning that it can easily deploy remote Kluctl projects or externalize parts (e.g. cluster configs) of your Kluctl project. |
+| 🤖 Native git support | Kluctl has native Git support integrated, meaning that it can easily deploy remote Kluctl projects or externalize parts (e.g. configuration) of your Kluctl project. |
 | 🪐 Multiple environments | Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration. |
 | 🌌 Multiple clusters | Manage multiple target clusters (in multiple clouds or bare-metal if you want). |
 | 🔩 Configuration and Templating | Kluctl allows to use templating in nearly all places, making it easy to have dynamic configuration. |

From b4b4969b122001219001bb1ef03e92ed8a86584a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 11:41:03 +0200
Subject: [PATCH 0187/2268] fix: Switch go go-internal based lockedfile

This will hopefull fix the deadlocking tests seen on Windows.
---
 go.mod                          |  6 ++--
 go.sum                          |  1 -
 pkg/git/mirrored_repo.go        | 60 +++++++++++++++++++--------------
 pkg/utils/embed_util/extract.go |  7 ++--
 4 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/go.mod b/go.mod
index 4c81d771f..4958074bb 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,6 @@ require (
 	github.com/go-playground/validator/v10 v10.10.1
 	github.com/gobwas/glob v0.2.3
 	github.com/goccy/go-yaml v1.9.5
-	github.com/gofrs/flock v0.8.1
 	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/google/go-containerregistry v0.8.0
 	github.com/hashicorp/go-version v1.4.0
@@ -27,6 +26,7 @@ require (
 	github.com/ohler55/ojg v1.14.0
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
+	github.com/rogpeppe/go-internal v1.8.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
@@ -43,8 +43,10 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	helm.sh/helm/v3 v3.8.2
 	k8s.io/api v0.24.0-rc.1
+	k8s.io/apiextensions-apiserver v0.23.6
 	k8s.io/apimachinery v0.24.0-rc.1
 	k8s.io/client-go v0.24.0-rc.1
+	k8s.io/klog/v2 v2.60.1
 	sigs.k8s.io/kind v0.12.0
 	sigs.k8s.io/kustomize/api v0.11.4
 	sigs.k8s.io/kustomize/kyaml v0.13.6
@@ -186,11 +188,9 @@ require (
 	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiextensions-apiserver v0.23.6 // indirect
 	k8s.io/apiserver v0.23.6 // indirect
 	k8s.io/cli-runtime v0.24.0-rc.1 // indirect
 	k8s.io/component-base v0.24.0-rc.1 // indirect
-	k8s.io/klog/v2 v2.60.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
 	k8s.io/kubectl v0.23.5 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
diff --git a/go.sum b/go.sum
index 3c91b81d5..dc7ef08f9 100644
--- a/go.sum
+++ b/go.sum
@@ -581,7 +581,6 @@ github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
-github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index a18128a5b..60abfe25e 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -11,13 +11,14 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/rogpeppe/go-internal/lockedfile"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
+	"sync"
 	"time"
 )
-import "github.com/gofrs/flock"
 
 var cacheBaseDir = filepath.Join(utils.GetTmpBaseDir(), "git-cache")
 
@@ -28,7 +29,11 @@ type MirroredGitRepo struct {
 	mirrorDir string
 
 	hasUpdated bool
-	fileLock   *flock.Flock
+
+	fileLock     *lockedfile.File
+	fileLockPath string
+
+	mutex sync.Mutex
 }
 
 func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl) (*MirroredGitRepo, error) {
@@ -45,7 +50,8 @@ func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl) (*MirroredGitRepo
 			return nil, fmt.Errorf("failed to create mirror repo for %v: %w", u.String(), err)
 		}
 	}
-	o.fileLock = flock.New(filepath.Join(o.mirrorDir, ".cache.lock"))
+
+	o.fileLockPath = filepath.Join(o.mirrorDir, ".cache.lock")
 	return o, nil
 }
 
@@ -58,39 +64,43 @@ func (g *MirroredGitRepo) SetUpdated(u bool) {
 }
 
 func (g *MirroredGitRepo) Lock() error {
-	ok, err := g.fileLock.TryLockContext(g.ctx, time.Millisecond*100)
-	if err != nil {
-		return fmt.Errorf("locking of %s failed: %w", g.fileLock.Path(), err)
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+
+	if g.fileLock != nil {
+		return fmt.Errorf("file %s already locked", g.fileLockPath)
 	}
-	if !ok {
-		return fmt.Errorf("locking of %s failed: unkown reason", g.fileLock.Path())
+
+	var err error
+	g.fileLock, err = lockedfile.Create(g.fileLockPath)
+	if err != nil {
+		return fmt.Errorf("locking of %s failed: %w", g.fileLockPath, err)
 	}
+
 	return nil
 }
 
 func (g *MirroredGitRepo) Unlock() error {
-	err := g.fileLock.Unlock()
-	if err != nil {
-		status.Warning(g.ctx, "Unlock of %s failed: %v", g.fileLock.Path(), err)
-		return err
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+
+	if g.fileLock == nil {
+		return fmt.Errorf("file %s is not locked", g.fileLockPath)
 	}
-	return nil
-}
 
-func (g *MirroredGitRepo) WithLock(cb func() error) error {
-	err := g.Lock()
+	err := g.fileLock.Close()
 	if err != nil {
+		status.Warning(g.ctx, "Unlock of %s failed: %v", g.fileLockPath, err)
 		return err
 	}
-	defer g.Unlock()
-	return cb()
+	g.fileLock = nil
+	return nil
 }
 
-func (g *MirroredGitRepo) MaybeWithLock(lock bool, cb func() error) error {
-	if lock {
-		return g.WithLock(cb)
-	}
-	return cb()
+func (g *MirroredGitRepo) IsLocked() bool {
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+	return g.fileLock != nil
 }
 
 func (g *MirroredGitRepo) LastUpdateTime() time.Time {
@@ -330,7 +340,7 @@ func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
 }
 
 func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
-	if !g.fileLock.Locked() || !g.hasUpdated {
+	if !g.IsLocked() || !g.hasUpdated {
 		panic("tried to clone from a project that is not locked/updated")
 	}
 
@@ -344,7 +354,7 @@ func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
 }
 
 func (g *MirroredGitRepo) ReadFile(ref string, path string) ([]byte, error) {
-	if !g.fileLock.Locked() || !g.hasUpdated {
+	if !g.IsLocked() || !g.hasUpdated {
 		panic("tried to read a file from a project that is not locked/updated")
 	}
 
diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
index 22267376c..e3c5dc0d4 100644
--- a/pkg/utils/embed_util/extract.go
+++ b/pkg/utils/embed_util/extract.go
@@ -2,8 +2,8 @@ package embed_util
 
 import (
 	"fmt"
-	"github.com/gofrs/flock"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/rogpeppe/go-internal/lockedfile"
 	"io"
 	"io/fs"
 	"io/ioutil"
@@ -21,12 +21,11 @@ func ExtractTarToTmp(r io.Reader, fileListR io.Reader, targetPrefix string) (str
 
 	targetPath := fmt.Sprintf("%s-%s", targetPrefix, utils.Sha256Bytes(fileList)[:16])
 
-	fl := flock.New(targetPath + ".lock")
-	err = fl.Lock()
+	fl, err := lockedfile.Create(targetPath + ".lock")
 	if err != nil {
 		return "", err
 	}
-	defer fl.Unlock()
+	defer fl.Close()
 
 	needsExtract, expectedTarGzHash, err := checkExtractNeeded(targetPath, string(fileList))
 	if err != nil {

From 5e605e3140a52743724be06cf9751b10e3fe4227 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 11:41:26 +0200
Subject: [PATCH 0188/2268] fix: Hold git locks for the whole time git is
 accessed and then release all locks

---
 cmd/kluctl/commands/utils.go         | 14 ++++++++++----
 pkg/git/repo_collection.go           |  8 ++++++--
 pkg/kluctl_project/git.go            |  4 ++--
 pkg/kluctl_project/load.go           |  6 +-----
 pkg/kluctl_project/project.go        |  2 +-
 pkg/kluctl_project/project_load.go   |  8 ++------
 pkg/kluctl_project/target_context.go |  4 ++--
 pkg/kluctl_project/targets.go        |  4 ++--
 8 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a7ad73631..8dab17d0d 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -55,6 +55,12 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		status.Warning(cliCtx, "Failed to detect git project root. This might cause follow-up errors")
 	}
 
+	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
+	defer cancel()
+
+	grc := git.NewMirroredGitRepoCollection(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
+	defer grc.Clear()
+
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
 		RepoRoot:            repoRoot,
 		ProjectDir:          cwd,
@@ -67,13 +73,10 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		FromArchive:         projectFlags.FromArchive.String(),
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
 		AllowGitClone:       projectFlags.FromArchive == "",
-		GitAuthProviders:    auth.NewDefaultAuthProviders(),
-		GitUpdateInterval:   projectFlags.GitCacheUpdateInterval,
+		GRC:                 grc,
 		ClientConfigGetter:  clientConfigGetter(forCompletion),
 	}
 
-	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
-	defer cancel()
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
 	if err != nil {
 		return err
@@ -181,6 +184,9 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		images:    images,
 	}
 
+	// we can assume that all git access is done at this point, so we can clear grc and thus unlock all repos
+	p.GRC.Clear()
+
 	return cb(cmdCtx)
 }
 
diff --git a/pkg/git/repo_collection.go b/pkg/git/repo_collection.go
index fbdf14ed6..0269bf69f 100644
--- a/pkg/git/repo_collection.go
+++ b/pkg/git/repo_collection.go
@@ -31,13 +31,17 @@ func NewMirroredGitRepoCollection(ctx context.Context, authProviders *auth.GitAu
 	}
 }
 
-func (g *MirroredGitRepoCollection) UnlockAll() {
+func (g *MirroredGitRepoCollection) Clear() {
 	g.mutex.Lock()
 	defer g.mutex.Unlock()
 
 	for _, e := range g.repos {
-		_ = e.mr.Unlock()
+		if e.mr.IsLocked() {
+			_ = e.mr.Unlock()
+		}
 	}
+
+	g.repos = map[string]*entry{}
 }
 
 func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*MirroredGitRepo, error) {
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index b64c6ebb7..3d3a2584a 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -32,7 +32,7 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 		go func() {
 			defer waitGroup.Done()
 
-			_, err := c.grc.GetMirroredGitRepo(u, true, true, true)
+			_, err := c.GRC.GetMirroredGitRepo(u, true, true, true)
 			if err != nil {
 				doError(fmt.Errorf("failed to update git project %v: %v", u.String(), err))
 			}
@@ -87,7 +87,7 @@ func (c *LoadedKluctlProject) cloneGitProject(gitProject *types2.GitProject, tar
 		return
 	}
 
-	mr, err := c.grc.GetMirroredGitRepo(gitProject.Url, true, true, true)
+	mr, err := c.GRC.GetMirroredGitRepo(gitProject.Url, true, true, true)
 	if err != nil {
 		return git.GitRepoInfo{}, err
 	}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 5938483bd..801d66f6d 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,21 +3,17 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
-	grc := git.NewMirroredGitRepoCollection(ctx, args.GitAuthProviders, args.GitUpdateInterval)
-	defer grc.UnlockAll()
-
 	p := &LoadedKluctlProject{
 		ctx:      ctx,
 		loadArgs: args,
 		TmpDir:   tmpDir,
 		J2:       j2,
-		grc:      grc,
+		GRC:      args.GRC,
 
 		involvedRepos: map[string][]types.InvolvedRepo{},
 	}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 5196cc387..98a460568 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -30,7 +30,7 @@ type LoadedKluctlProject struct {
 	DynamicTargets []*types2.DynamicTarget
 
 	J2  *jinja2.Jinja2
-	grc *git.MirroredGitRepoCollection
+	GRC *git.MirroredGitRepoCollection
 }
 
 func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index b3811864e..f241a485d 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -3,7 +3,6 @@ package kluctl_project
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
-	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
@@ -14,7 +13,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	"path/filepath"
-	"time"
 )
 
 type LoadKluctlProjectArgs struct {
@@ -29,10 +27,8 @@ type LoadKluctlProjectArgs struct {
 	FromArchive         string
 	FromArchiveMetadata string
 
-	AllowGitClone    bool
-	GitAuthProviders *auth2.GitAuthProviders
-
-	GitUpdateInterval time.Duration
+	AllowGitClone bool
+	GRC           *git.MirroredGitRepoCollection
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f8d73fce4..27a0b163e 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -59,7 +59,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.grc)
+	varsLoader := vars.NewVarsLoader(ctx, k, p.GRC)
 
 	if forSeal {
 		err = p.loadSecrets(target, varsCtx, varsLoader)
@@ -108,7 +108,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		return doError(err)
 	}
 
-	varsCtx := vars.NewVarsCtx(p.J2, p.grc)
+	varsCtx := vars.NewVarsCtx(p.J2, p.GRC)
 	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
 	if err != nil {
 		return doError(err)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index d5bbdb66b..f7c18262f 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -83,7 +83,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 	var errors []error
 	curTarget := target
 	for i := 0; i < 10; i++ {
-		varsCtx := vars.NewVarsCtx(c.J2, c.grc)
+		varsCtx := vars.NewVarsCtx(c.J2, c.GRC)
 		err := varsCtx.UpdateChildFromStruct("target", curTarget)
 		if err != nil {
 			return nil, err
@@ -134,7 +134,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Targ
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	mr, err := c.grc.GetMirroredGitRepo(baseTarget.TargetConfig.Project.Url, true, true, true)
+	mr, err := c.GRC.GetMirroredGitRepo(baseTarget.TargetConfig.Project.Url, true, true, true)
 	if err != nil {
 		return nil, err
 	}

From 79bec8bd6a0361743ccce384b91986e12cfec1fc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 12:23:01 +0200
Subject: [PATCH 0189/2268] build: Create draft releases instead of directly
 publishing them

---
 .goreleaser.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index ea3c4cf97..029ace461 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -64,6 +64,7 @@ changelog:
       - '^refactor:'
 
 release:
+  draft: true
   prerelease: auto
   name_template: "{{.ProjectName}}-{{.Tag}}"
 

From 52720402e8cbd5c2a312fa7a74dcffee4fe62c6a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 13:56:53 +0200
Subject: [PATCH 0190/2268] fix: Remove KluctlBytecodeCache from jinja2
 renderer

This cache implementation caused errors when the same file was present
in two different projects. Turns out rendering is actually so fast that
we really don't need that cache.
---
 pkg/jinja2/python_src/jinja2_cache.py    | 170 -----------------------
 pkg/jinja2/python_src/jinja2_renderer.py |   4 +-
 2 files changed, 1 insertion(+), 173 deletions(-)
 delete mode 100644 pkg/jinja2/python_src/jinja2_cache.py

diff --git a/pkg/jinja2/python_src/jinja2_cache.py b/pkg/jinja2/python_src/jinja2_cache.py
deleted file mode 100644
index 8d37ec2d4..000000000
--- a/pkg/jinja2/python_src/jinja2_cache.py
+++ /dev/null
@@ -1,170 +0,0 @@
-import errno
-import fnmatch
-import os
-import stat
-import tempfile
-import typing
-from datetime import datetime
-from types import CodeType
-
-from jinja2 import BytecodeCache
-from jinja2.bccache import Bucket
-
-def get_tmp_base_dir():
-    dir = os.path.join(tempfile.gettempdir(), "kluctl-workdir")
-    os.makedirs(dir, exist_ok=True)
-    return dir
-
-"""
-A bytecode cache that is able to share bytecode between different directories. It does this by removing filenames
-from dumped code and then later re-adding them after loading.
-
-This cache is also thread and multi-process safe.
-"""
-class KluctlBytecodeCache(BytecodeCache):
-    def __init__(self, max_cache_files):
-        self.cache_dir = self._get_cache_dir()
-        self.max_cache_files = max_cache_files
-        self.did_touch = set()
-        self.clear_old_entries()
-
-    def _get_cache_dir(self) -> str:
-        def _unsafe_dir() -> "te.NoReturn":
-            raise RuntimeError(
-                "Cannot determine safe temp directory.  You "
-                "need to explicitly provide one."
-            )
-
-        tmpdir = os.path.join(get_tmp_base_dir(), "jinja2-cache")
-
-        # On windows the temporary directory is used specific unless
-        # explicitly forced otherwise.  We can just use that.
-        if os.name == "nt":
-            os.makedirs(tmpdir, exist_ok=True)
-            return tmpdir
-        if not hasattr(os, "getuid"):
-            _unsafe_dir()
-
-        tmpdir = os.path.join(tmpdir, str(os.getuid()))
-
-        try:
-            os.makedirs(tmpdir, exist_ok=True, mode=stat.S_IRWXU)
-        except OSError as e:
-            if e.errno != errno.EEXIST:
-                raise
-        try:
-            os.chmod(tmpdir, stat.S_IRWXU)
-            actual_dir_stat = os.lstat(tmpdir)
-            if (
-                actual_dir_stat.st_uid != os.getuid()
-                or not stat.S_ISDIR(actual_dir_stat.st_mode)
-                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
-            ):
-                _unsafe_dir()
-        except OSError as e:
-            if e.errno != errno.EEXIST:
-                raise
-
-        actual_dir_stat = os.lstat(tmpdir)
-        if (
-            actual_dir_stat.st_uid != os.getuid()
-            or not stat.S_ISDIR(actual_dir_stat.st_mode)
-            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
-        ):
-            _unsafe_dir()
-
-        return tmpdir
-
-    def get_cache_key(self, name: str, filename: typing.Optional[typing.Union[str]] = None):
-        return (name, filename)
-
-    def _get_cache_filename(self, bucket: Bucket) -> str:
-        return os.path.join(self.cache_dir, bucket.checksum[:2], bucket.checksum) + ".cache"
-
-    def touch_loaded_marker(self, bucket):
-        filename = self._get_cache_filename(bucket) + ".loaded"
-        if filename in self.did_touch:
-            return
-        try:
-            with open(filename + ".tmp", mode="wt") as f:
-                f.write(str(datetime.utcnow()))
-            os.rename(filename + ".tmp", filename)
-        except:
-            # Failure here it "ok" and is mostly happening on Windows here (permission denied for opened files...ugh..)
-            pass
-        self.did_touch.add(filename)
-
-    def replace_code_filenames(self, code, old, new):
-        co_filename = code.co_filename
-        co_consts = []
-        if co_filename == old:
-            co_filename = new
-
-        for c in code.co_consts:
-            if isinstance(c, CodeType):
-                co_consts.append(self.replace_code_filenames(c, old, new))
-            else:
-                co_consts.append(c)
-
-        return code.replace(co_filename=co_filename, co_consts=tuple(co_consts))
-
-    def load_bytecode(self, bucket: Bucket) -> None:
-        filename = self._get_cache_filename(bucket)
-
-        if os.path.exists(filename):
-            for i in range(4):
-                try:
-                    with open(filename, "rb") as f:
-                        bucket.load_bytecode(f)
-                        if bucket.code is not None:
-                            bucket.code = self.replace_code_filenames(bucket.code, "<dummy>", bucket.key[1])
-                except PermissionError:
-                    # Retry. Windows is still failing from time to time...
-                    continue
-            self.touch_loaded_marker(bucket)
-
-    def dump_bytecode(self, bucket: Bucket) -> None:
-        # thread/multi-process safe version of super().dump_bytecode()
-
-        try:
-            filename = self._get_cache_filename(bucket)
-            os.makedirs(os.path.dirname(filename), exist_ok=True)
-
-            with open(filename + ".tmp", "wb") as f:
-                orig_code = bucket.code
-                bucket.code = self.replace_code_filenames(bucket.code, bucket.key[1], "<dummy>")
-                bucket.write_bytecode(f)
-                bucket.code = orig_code
-            os.rename(filename + ".tmp", filename)
-            self.touch_loaded_marker(bucket)
-        except:
-            # Failure here it "ok" and is mostly happening on Windows here (permission denied for opened files...ugh..)
-            pass
-
-    def clear_old_entries(self):
-        files = []
-        for d in os.listdir(self.cache_dir):
-            path = os.path.join(self.cache_dir, d)
-            if not os.path.isdir(path):
-                continue
-            for n in os.listdir(path):
-                if not fnmatch.fnmatch(n, "*.cache"):
-                    continue
-                files.append(os.path.join(path, n))
-
-        if len(files) <= self.max_cache_files:
-            return
-        times = {}
-        for f in files:
-            try:
-                with open(f + ".loaded", mode="rt") as f2:
-                    times[f] = datetime.fromisoformat(f2.read())
-            except:
-                times[f] = datetime.min
-        files.sort(key=lambda f: times[f], reverse=True)
-        for f in files[self.max_cache_files:]:
-            try:
-                os.remove(f)
-                os.remove(f + ".loaded")
-            except:
-                pass
diff --git a/pkg/jinja2/python_src/jinja2_renderer.py b/pkg/jinja2/python_src/jinja2_renderer.py
index 735379917..52e868b30 100644
--- a/pkg/jinja2/python_src/jinja2_renderer.py
+++ b/pkg/jinja2/python_src/jinja2_renderer.py
@@ -4,10 +4,8 @@
 from jinja2 import StrictUndefined, FileSystemLoader, ChainableUndefined
 
 from dict_utils import merge_dict
-from jinja2_cache import KluctlBytecodeCache
 from jinja2_utils import KluctlJinja2Environment, add_jinja2_filters, extract_template_error
 
-jinja2_cache = KluctlBytecodeCache(max_cache_files=10000)
 
 begin_placeholder = "XXXXXbegin_get_image_"
 end_placeholder = "_end_get_imageXXXXX"
@@ -76,7 +74,7 @@ def build_env(self, vars_str, search_dirs, strict):
         environment = KluctlJinja2Environment(loader=FileSystemLoader(search_dirs),
                                               undefined=StrictUndefined if strict else NullUndefined,
                                               cache_size=10000,
-                                              bytecode_cache=jinja2_cache, auto_reload=False)
+                                              auto_reload=False)
         merge_dict(environment.globals, vars, clone=False)
 
         add_jinja2_filters(environment)

From 3d960f6247dec5c8816b900f9bb25e4474de9e04 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 13:58:16 +0200
Subject: [PATCH 0191/2268] fix: Report struct validation errors as tags

The "param" of ReportError is ignored later when the error is printed, so
we can't use it for custom error messages. The output looks a little bit
strange now, but better this way than having it omitted completely.
---
 pkg/types/deployment.go     | 6 +++---
 pkg/types/git_project.go    | 6 +++---
 pkg/types/kluctl_project.go | 2 +-
 pkg/types/vars_source.go    | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index c9e3dce4b..b129aa8b8 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -21,10 +21,10 @@ type DeploymentItemConfig struct {
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeploymentItemConfig)
 	if s.Path != nil && s.Include != nil {
-		sl.ReportError(s, "path", "Path", "pathinclude", "path and include can not be set at the same time")
+		sl.ReportError(s, "path", "Path", "path and include can not be set at the same time", "")
 	}
 	if s.Path == nil && s.WaitReadiness != nil {
-		sl.ReportError(s, "waitReadiness", "WaitReadiness", "waitreadiness", "only kustomize deployments are allowed to have waitReadiness set")
+		sl.ReportError(s, "waitReadiness", "WaitReadiness", "only kustomize deployments are allowed to have waitReadiness set", "")
 	}
 }
 
@@ -39,7 +39,7 @@ type DeleteObjectItemConfig struct {
 func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeleteObjectItemConfig)
 	if s.Group == nil && s.Version == nil && s.Kind == nil {
-		sl.ReportError(s, "self", "self", "missingfield", "at least one of group/version/kind must be set")
+		sl.ReportError(s, "self", "self", "at least one of group/version/kind must be set", "")
 	}
 }
 
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 6d6cbc4a3..efa7c6dc8 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -25,7 +25,7 @@ func (gp *GitProject) UnmarshalYAML(unmarshal func(interface{}) error) error {
 func ValidateGitProject(sl validator.StructLevel) {
 	gp := sl.Current().Interface().(GitProject)
 	if strings.Index(gp.SubDir, "/") != -1 {
-		sl.ReportError(gp.SubDir, "subDir", "SubDir", "subdirinvalid", "/ is not allowed in subdir")
+		sl.ReportError(gp.SubDir, "subDir", "SubDir", "/ is not allowed in subDir", "")
 	}
 }
 
@@ -37,9 +37,9 @@ type ExternalProject struct {
 func ValidateExternalProject(sl validator.StructLevel) {
 	p := sl.Current().Interface().(ExternalProject)
 	if p.Project == nil && p.Path == nil {
-		sl.ReportError(p, ".", ".", "empty", "either project or path must be set")
+		sl.ReportError(p, ".", ".", "either project or path must be set", "")
 	} else if p.Project != nil && p.Path != nil {
-		sl.ReportError(p, ".", ".", "empty", "only one of project or path can be set")
+		sl.ReportError(p, ".", ".", "only one of project or path can be set", "")
 	}
 }
 
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index e25426570..9ecb1fcdd 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -55,7 +55,7 @@ func ValidateSecretSet(sl validator.StructLevel) {
 	s := sl.Current().Interface().(SecretSet)
 
 	if len(s.Sources) != 0 && len(s.Vars) != 0 {
-		sl.ReportError(s, "vars", "vars", "invalidsource", "sources and vars can't be set at the same time")
+		sl.ReportError(s, "vars", "vars", "sources and vars can't be set at the same time", "")
 	}
 }
 
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 1dfa61beb..60fee3214 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -76,9 +76,9 @@ func ValidateVarsSource(sl validator.StructLevel) {
 		count += 1
 	}
 	if count == 0 {
-		sl.ReportError(s, "self", "self", "invalidsource", "unknown vars source type")
+		sl.ReportError(s, "self", "self", "unknown vars source type", "")
 	} else if count != 1 {
-		sl.ReportError(s, "self", "self", "invalidsource", "more then one vars source type")
+		sl.ReportError(s, "self", "self", "more then one vars source type", "")
 	}
 }
 

From 6d47b4ce6916e1c15e8969bc9a11a222825c31fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 13:59:07 +0200
Subject: [PATCH 0192/2268] fix: Fix validation of VarsSource

Use reflection for counting the number of set fields, as otherwise we'll
miss fields again in the future (e.g. as happened with Values).
---
 pkg/types/vars_source.go | 31 ++++++++-----------------------
 pkg/vars/vars_loader.go  |  1 +
 2 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 60fee3214..84e15f393 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -5,6 +5,7 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"reflect"
 )
 
 type VarsSourceGit struct {
@@ -50,31 +51,15 @@ type VarsSource struct {
 
 func ValidateVarsSource(sl validator.StructLevel) {
 	s := sl.Current().Interface().(VarsSource)
+
 	count := 0
-	if s.Path != nil {
-		count += 1
-	}
-	if s.File != nil {
-		count += 1
-	}
-	if s.Git != nil {
-		count += 1
-	}
-	if s.ClusterConfigMap != nil {
-		count += 1
-	}
-	if s.ClusterSecret != nil {
-		count += 1
-	}
-	if s.SystemEnvVars != nil {
-		count += 1
-	}
-	if s.Http != nil {
-		count += 1
-	}
-	if s.AwsSecretsManager != nil {
-		count += 1
+	v := reflect.ValueOf(s)
+	for i := 0; i < v.NumField(); i++ {
+		if !v.Field(i).IsNil() {
+			count += 1
+		}
 	}
+
 	if count == 0 {
 		sl.ReportError(s, "self", "self", "unknown vars source type", "")
 	} else if count != 1 {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index df011336f..e6f912b29 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -58,6 +58,7 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 
 	if source.Values != nil {
 		v.mergeVars(varsCtx, source.Values, rootKey)
+		return nil
 	} else if source.Path != nil {
 		status.Warning(v.ctx, "'path' is deprecated as vars source, use 'file' instead")
 		return v.loadFile(varsCtx, *source.Path, searchDirs, rootKey)

From 3d5319f915a9752b09c0796c95e4f567bcde1c75 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 14:26:38 +0200
Subject: [PATCH 0193/2268] refactor: No need to pass grc to VarsCtx

---
 pkg/kluctl_project/target_context.go | 2 +-
 pkg/kluctl_project/targets.go        | 2 +-
 pkg/vars/vars.go                     | 6 +-----
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 27a0b163e..f18b0a880 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -108,7 +108,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		return doError(err)
 	}
 
-	varsCtx := vars.NewVarsCtx(p.J2, p.GRC)
+	varsCtx := vars.NewVarsCtx(p.J2)
 	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
 	if err != nil {
 		return doError(err)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index f7c18262f..d8a20bcef 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -83,7 +83,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 	var errors []error
 	curTarget := target
 	for i := 0; i < 10; i++ {
-		varsCtx := vars.NewVarsCtx(c.J2, c.GRC)
+		varsCtx := vars.NewVarsCtx(c.J2)
 		err := varsCtx.UpdateChildFromStruct("target", curTarget)
 		if err != nil {
 			return nil, err
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index b94ccff98..c29d4ba18 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -1,7 +1,6 @@
 package vars
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -9,14 +8,12 @@ import (
 
 type VarsCtx struct {
 	J2   *jinja2.Jinja2
-	grc  *git.MirroredGitRepoCollection
 	Vars *uo.UnstructuredObject
 }
 
-func NewVarsCtx(j2 *jinja2.Jinja2, grc *git.MirroredGitRepoCollection) *VarsCtx {
+func NewVarsCtx(j2 *jinja2.Jinja2) *VarsCtx {
 	vc := &VarsCtx{
 		J2:   j2,
-		grc:  grc,
 		Vars: uo.New(),
 	}
 	return vc
@@ -25,7 +22,6 @@ func NewVarsCtx(j2 *jinja2.Jinja2, grc *git.MirroredGitRepoCollection) *VarsCtx
 func (vc *VarsCtx) Copy() *VarsCtx {
 	cp := &VarsCtx{
 		J2:   vc.J2,
-		grc:  vc.grc,
 		Vars: vc.Vars.Clone(),
 	}
 	return cp

From 5cec077190d5dbc3ba6cab1b723a0f0c2b0e1067 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 14:26:45 +0200
Subject: [PATCH 0194/2268] tests: Add vars_test.go

---
 pkg/vars/vars_test.go | 66 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 pkg/vars/vars_test.go

diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
new file mode 100644
index 000000000..b922b7279
--- /dev/null
+++ b/pkg/vars/vars_test.go
@@ -0,0 +1,66 @@
+package vars
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestVarsCtx(t *testing.T) {
+	j2, err := jinja2.NewJinja2()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer j2.Close()
+
+	varsCtx := NewVarsCtx(j2)
+	varsCtx.Update(uo.FromMap(map[string]interface{}{
+		"test1": map[string]interface{}{
+			"test2": 42,
+		},
+	}))
+	v, _, _ := varsCtx.Vars.GetNestedInt("test1", "test2")
+	assert.Equal(t, int64(42), v)
+}
+
+func TestVarsCtxChild(t *testing.T) {
+	j2, err := jinja2.NewJinja2()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer j2.Close()
+
+	varsCtx := NewVarsCtx(j2)
+	varsCtx.UpdateChild("child", uo.FromMap(map[string]interface{}{
+		"test1": map[string]interface{}{
+			"test2": 42,
+		},
+	}))
+	v, _, _ := varsCtx.Vars.GetNestedInt("child", "test1", "test2")
+	assert.Equal(t, int64(42), v)
+}
+
+func TestVarsCtxStruct(t *testing.T) {
+	j2, err := jinja2.NewJinja2()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer j2.Close()
+
+	varsCtx := NewVarsCtx(j2)
+
+	s := struct {
+		Test1 struct {
+			Test2 int
+		}
+	}{
+		Test1: struct{ Test2 int }{Test2: 42},
+	}
+
+	err = varsCtx.UpdateChildFromStruct("child", s)
+	assert.NoError(t, err)
+
+	v, _, _ := varsCtx.Vars.GetNestedInt("child", "test1", "test2")
+	assert.Equal(t, int64(42), v)
+}

From a3fcd851255bbb9d43643e2dcb687b55f34a6203 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 16:09:41 +0200
Subject: [PATCH 0195/2268] refactor: Move test git server code into own
 package to make it reusable

---
 e2e/project.go                    | 235 +++++-------------------------
 internal/test-utils/git_server.go | 223 ++++++++++++++++++++++++++++
 2 files changed, 259 insertions(+), 199 deletions(-)
 create mode 100644 internal/test-utils/git_server.go

diff --git a/e2e/project.go b/e2e/project.go
index 6068a7ceb..fa5f18e8c 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -1,17 +1,12 @@
 package e2e
 
 import (
-	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
-	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
-	"io/ioutil"
-	"net"
-	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -36,49 +31,37 @@ type testProject struct {
 
 	kubeconfigs []string
 
-	baseDir string
-
-	gitServer     *http_server.Server
-	gitHttpServer *http.Server
-	gitServerPort int
+	gitServer *test_utils.GitServer
 }
 
 func (p *testProject) init(t *testing.T, projectName string) {
 	p.t = t
+	p.gitServer = test_utils.NewGitServer(t)
 	p.projectName = projectName
-	baseDir, err := ioutil.TempDir(os.TempDir(), "kluctl-e2e-")
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	p.baseDir = baseDir
-
-	_ = os.MkdirAll(p.getKluctlProjectDir(), 0o700)
-	_ = os.MkdirAll(filepath.Join(p.getClustersDir(), "clusters"), 0o700)
-	_ = os.MkdirAll(filepath.Join(p.getSealedSecretsDir(), ".sealed-secrets"), 0o700)
-	_ = os.MkdirAll(p.getDeploymentDir(), 0o700)
-
-	p.initGitServer()
 
-	p.gitInit(p.getKluctlProjectDir())
+	p.gitServer.GitInit(p.getKluctlProjectRepo())
 	if p.clustersExternal {
-		p.gitInit(p.getClustersDir())
+		p.gitServer.GitInit(p.getClustersRepo())
 	}
 	if p.deploymentExternal {
-		p.gitInit(p.getDeploymentDir())
+		p.gitServer.GitInit(p.getDeploymentRepo())
 	}
 	if p.sealedSecretsExternal {
-		p.gitInit(p.getSealedSecretsDir())
+		p.gitServer.GitInit(p.getSealedSecretsRepo())
 	}
 
+	_ = os.MkdirAll(filepath.Join(p.gitServer.LocalRepoDir(p.getClustersRepo()), "clusters"), 0o700)
+	_ = os.MkdirAll(filepath.Join(p.gitServer.LocalRepoDir(p.getSealedSecretsRepo()), ".sealed-secrets"), 0o700)
+
 	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		if p.clustersExternal {
-			o.SetNestedField(p.buildLocalGitUrl(p.getClustersDir()), "clusters", "project")
+			o.SetNestedField(p.gitServer.LocalGitUrl(p.getClustersRepo()), "clusters", "project")
 		}
 		if p.deploymentExternal {
-			o.SetNestedField(p.buildLocalGitUrl(p.getDeploymentDir()), "deployment", "project")
+			o.SetNestedField(p.gitServer.LocalGitUrl(p.getDeploymentRepo()), "deployment", "project")
 		}
 		if p.sealedSecretsExternal {
-			o.SetNestedField(p.buildLocalGitUrl(p.getSealedSecretsDir()), "sealedSecrets", "project")
+			o.SetNestedField(p.gitServer.LocalGitUrl(p.getSealedSecretsRepo()), "sealedSecrets", "project")
 		}
 		return nil
 	})
@@ -87,147 +70,19 @@ func (p *testProject) init(t *testing.T, projectName string) {
 	})
 }
 
-func (p *testProject) initGitServer() {
-	p.gitServer = http_server.New(p.baseDir)
-
-	p.gitHttpServer = &http.Server{
-		Addr:    "127.0.0.1:0",
-		Handler: p.gitServer,
-	}
-
-	ln, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		log.Fatal(err)
-	}
-	a := ln.Addr().(*net.TCPAddr)
-	p.gitServerPort = a.Port
-
-	go func() {
-		_ = p.gitHttpServer.Serve(ln)
-	}()
-}
-
 func (p *testProject) cleanup() {
-	if p.gitHttpServer != nil {
-		_ = p.gitHttpServer.Shutdown(context.Background())
-		p.gitHttpServer = nil
+	if p.gitServer != nil {
+		p.gitServer.Cleanup()
 		p.gitServer = nil
 	}
-
-	if p.baseDir == "" {
-		return
-	}
-	_ = os.RemoveAll(p.baseDir)
-	p.baseDir = ""
-}
-
-func (p *testProject) gitInit(dir string) {
-	err := os.MkdirAll(dir, 0o700)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-
-	r, err := git.PlainInit(dir, false)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	config, err := r.Config()
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	wt, err := r.Worktree()
-	if err != nil {
-		p.t.Fatal(err)
-	}
-
-	config.User.Name = "Test User"
-	config.User.Email = "no@mail.com"
-	config.Author = config.User
-	config.Committer = config.User
-	err = r.SetConfig(config)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	err = utils.Touch(filepath.Join(dir, ".dummy"))
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	_, err = wt.Add(".dummy")
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	_, err = wt.Commit("initial", &git.CommitOptions{})
-	if err != nil {
-		p.t.Fatal(err)
-	}
-}
-
-func (p *testProject) commitFiles(repo string, add []string, all bool, message string) {
-	r, err := git.PlainOpen(repo)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	wt, err := r.Worktree()
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	for _, a := range add {
-		_, err = wt.Add(a)
-		if err != nil {
-			p.t.Fatal(err)
-		}
-	}
-	_, err = wt.Commit(message, &git.CommitOptions{
-		All: all,
-	})
-	if err != nil {
-		p.t.Fatal(err)
-	}
-}
-
-func (p *testProject) commitYaml(y *uo.UnstructuredObject, repo string, pth string, message string) {
-	err := yaml.WriteYamlFile(filepath.Join(repo, pth), y)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	if message == "" {
-		relPath, err := filepath.Rel(p.baseDir, repo)
-		if err != nil {
-			p.t.Fatal(err)
-		}
-		message = fmt.Sprintf("update %s", filepath.Join(relPath, pth))
-	}
-	p.commitFiles(repo, []string{pth}, false, message)
-}
-
-func (p *testProject) updateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
-	if !strings.HasPrefix(repo, p.baseDir) {
-		p.t.Fatal()
-	}
-	o := uo.New()
-	if utils.Exists(filepath.Join(repo, pth)) {
-		err := yaml.ReadYamlFile(filepath.Join(repo, pth), o)
-		if err != nil {
-			p.t.Fatal(err)
-		}
-	}
-	orig := o.Clone()
-	err := update(o)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	if reflect.DeepEqual(o, orig) {
-		return
-	}
-	p.commitYaml(o, repo, pth, message)
 }
 
 func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
-	p.updateYaml(p.getKluctlProjectDir(), ".kluctl.yml", update, "")
+	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), ".kluctl.yml", update, "")
 }
 
 func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
-	p.updateYaml(p.getDeploymentDir(), filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml(p.getDeploymentRepo(), filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
 			o.SetNestedField(p.projectName, "commonLabels", "project_name")
 		}
@@ -236,7 +91,7 @@ func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.Unstruc
 }
 
 func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
-	o, err := uo.FromFile(filepath.Join(p.getDeploymentDir(), dir, "deployment.yml"))
+	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, "deployment.yml"))
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -268,24 +123,17 @@ func (p *testProject) listDeploymentItemPathes(dir string, fullPath bool) []stri
 }
 
 func (p *testProject) updateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
-	r, err := git.PlainOpen(p.getDeploymentDir())
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	wt, err := r.Worktree()
-	if err != nil {
-		p.t.Fatal(err)
-	}
+	wt := p.gitServer.GetWorktree(p.getDeploymentRepo())
 
 	pth := filepath.Join(dir, "kustomization.yml")
-	p.updateYaml(p.getDeploymentDir(), pth, func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml(p.getDeploymentRepo(), pth, func(o *uo.UnstructuredObject) error {
 		return update(o, wt)
 	}, fmt.Sprintf("Update kustomization.yml for %s", dir))
 }
 
 func (p *testProject) updateCluster(name string, context string, vars *uo.UnstructuredObject) {
 	pth := filepath.Join("clusters", fmt.Sprintf("%s.yml", name))
-	p.updateYaml(p.getClustersDir(), pth, func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml(p.getClustersRepo(), pth, func(o *uo.UnstructuredObject) error {
 		o.Clear()
 		o.SetNestedField(name, "cluster", "name")
 		o.SetNestedField(context, "cluster", "context")
@@ -379,7 +227,7 @@ func (p *testProject) addKustomizeDeployment(dir string, resources []kustomizeRe
 		p.addDeploymentIncludes(deploymentDir)
 	}
 
-	absKustomizeDir := filepath.Join(p.getDeploymentDir(), dir)
+	absKustomizeDir := filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir)
 
 	err := os.MkdirAll(absKustomizeDir, 0o700)
 	if err != nil {
@@ -438,7 +286,7 @@ func (p *testProject) addKustomizeResources(dir string, resources []kustomizeRes
 		for _, r := range resources {
 			l = append(l, r.name)
 			x := p.convertInterfaceToList(r.content)
-			err := yaml.WriteYamlAllFile(filepath.Join(p.getDeploymentDir(), dir, r.name), x)
+			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, r.name), x)
 			if err != nil {
 				return err
 			}
@@ -467,34 +315,31 @@ func (p *testProject) deleteKustomizeDeployment(dir string) {
 	})
 }
 
-func (p *testProject) getKluctlProjectDir() string {
-	return filepath.Join(p.baseDir, "kluctl-project")
+func (p *testProject) getKluctlProjectRepo() string {
+	return "kluctl-project"
 }
 
-func (p *testProject) getClustersDir() string {
+func (p *testProject) getClustersRepo() string {
 	if p.clustersExternal {
-		return filepath.Join(p.baseDir, "external-clusters")
+		return "external-clusters"
 	}
-	return p.getKluctlProjectDir()
+	return p.getKluctlProjectRepo()
 }
 
-func (p *testProject) getDeploymentDir() string {
+func (p *testProject) getDeploymentRepo() string {
 	if p.deploymentExternal {
-		return filepath.Join(p.baseDir, "external-deployment")
+		return "external-deployment"
 	}
-	return p.getKluctlProjectDir()
+	return p.getKluctlProjectRepo()
 }
 
-func (p *testProject) getSealedSecretsDir() string {
+func (p *testProject) getSealedSecretsRepo() string {
 	if p.sealedSecretsExternal {
-		return filepath.Join(p.baseDir, "external-sealed-secrets")
+		return "external-sealed-secrets"
 	}
-	return p.getKluctlProjectDir()
+	return p.getKluctlProjectRepo()
 }
 
-const stdoutStartMarker = "========= stdout start ========="
-const stdoutEndMarker = "========= stdout end ========="
-
 func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)
@@ -502,9 +347,9 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 
 	cwd := ""
 	if p.kluctlProjectExternal {
-		args = append(args, "--project-url", p.buildLocalGitUrl(p.getKluctlProjectDir()))
+		args = append(args, "--project-url", p.gitServer.LocalGitUrl(p.getKluctlProjectRepo()))
 	} else {
-		cwd = p.getKluctlProjectDir()
+		cwd = p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	}
 
 	if p.localClusters != nil {
@@ -561,11 +406,3 @@ func (p *testProject) KluctlMust(argsIn ...string) (string, string) {
 	}
 	return stdout, stderr
 }
-
-func (p *testProject) buildLocalGitUrl(repo string) string {
-	relPth, err := filepath.Rel(p.baseDir, repo)
-	if err != nil {
-		log.Panic(err)
-	}
-	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, relPth)
-}
diff --git a/internal/test-utils/git_server.go b/internal/test-utils/git_server.go
new file mode 100644
index 000000000..29727fdeb
--- /dev/null
+++ b/internal/test-utils/git_server.go
@@ -0,0 +1,223 @@
+package test_utils
+
+import (
+	"context"
+	"fmt"
+	"github.com/go-git/go-git/v5"
+	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io/ioutil"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+)
+
+type GitServer struct {
+	t *testing.T
+
+	baseDir string
+
+	gitServer     *http_server.Server
+	gitHttpServer *http.Server
+	gitServerPort int
+}
+
+func NewGitServer(t *testing.T) *GitServer {
+	p := &GitServer{
+		t: t,
+	}
+
+	baseDir, err := ioutil.TempDir(os.TempDir(), "kluctl-tests-")
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	p.baseDir = baseDir
+
+	p.initGitServer()
+
+	t.Cleanup(func() {
+		p.Cleanup()
+	})
+
+	return p
+}
+
+func (p *GitServer) initGitServer() {
+	p.gitServer = http_server.New(p.baseDir)
+
+	p.gitHttpServer = &http.Server{
+		Addr:    "127.0.0.1:0",
+		Handler: p.gitServer,
+	}
+
+	ln, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		log.Fatal(err)
+	}
+	a := ln.Addr().(*net.TCPAddr)
+	p.gitServerPort = a.Port
+
+	go func() {
+		_ = p.gitHttpServer.Serve(ln)
+	}()
+}
+
+func (p *GitServer) Cleanup() {
+	if p.gitHttpServer != nil {
+		_ = p.gitHttpServer.Shutdown(context.Background())
+		p.gitHttpServer = nil
+		p.gitServer = nil
+	}
+
+	if p.baseDir == "" {
+		return
+	}
+	_ = os.RemoveAll(p.baseDir)
+	p.baseDir = ""
+}
+
+func (p *GitServer) GitInit(repo string) {
+	dir := p.LocalRepoDir(repo)
+
+	err := os.MkdirAll(dir, 0o700)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
+	r, err := git.PlainInit(dir, false)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	config, err := r.Config()
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	wt, err := r.Worktree()
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
+	config.User.Name = "Test User"
+	config.User.Email = "no@mail.com"
+	config.Author = config.User
+	config.Committer = config.User
+	err = r.SetConfig(config)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	err = utils.Touch(filepath.Join(dir, ".dummy"))
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	_, err = wt.Add(".dummy")
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	_, err = wt.Commit("initial", &git.CommitOptions{})
+	if err != nil {
+		p.t.Fatal(err)
+	}
+}
+
+func (p *GitServer) CommitFiles(repo string, add []string, all bool, message string) {
+	r, err := git.PlainOpen(p.LocalRepoDir(repo))
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	wt, err := r.Worktree()
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	for _, a := range add {
+		_, err = wt.Add(a)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+	}
+	_, err = wt.Commit(message, &git.CommitOptions{
+		All: all,
+	})
+	if err != nil {
+		p.t.Fatal(err)
+	}
+}
+
+func (p *GitServer) CommitYaml(repo string, pth string, message string, y *uo.UnstructuredObject) {
+	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+
+	err := yaml.WriteYamlFile(fullPath, y)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	if message == "" {
+		message = fmt.Sprintf("update %s", filepath.Join(repo, pth))
+	}
+	p.CommitFiles(repo, []string{pth}, false, message)
+}
+
+func (p *GitServer) UpdateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
+	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+
+	o := uo.New()
+	if utils.Exists(fullPath) {
+		err := yaml.ReadYamlFile(fullPath, o)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+	}
+	orig := o.Clone()
+	err := update(o)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	if reflect.DeepEqual(o, orig) {
+		return
+	}
+	p.CommitYaml(repo, pth, message, o)
+}
+
+func (p *GitServer) convertInterfaceToList(x interface{}) []interface{} {
+	var ret []interface{}
+	if l, ok := x.([]interface{}); ok {
+		return l
+	}
+	if l, ok := x.([]*uo.UnstructuredObject); ok {
+		for _, y := range l {
+			ret = append(ret, y)
+		}
+		return ret
+	}
+	if l, ok := x.([]map[string]interface{}); ok {
+		for _, y := range l {
+			ret = append(ret, y)
+		}
+		return ret
+	}
+	return []interface{}{x}
+}
+
+func (p *GitServer) LocalGitUrl(repo string) string {
+	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, repo)
+}
+
+func (p *GitServer) LocalRepoDir(repo string) string {
+	return filepath.Join(p.baseDir, repo)
+}
+
+func (p *GitServer) GetWorktree(repo string) *git.Worktree {
+	r, err := git.PlainOpen(p.LocalRepoDir(repo))
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	wt, err := r.Worktree()
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	return wt
+}

From 7a9102fb841247c5643b8e5667919fb1e2689ddb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 17:21:30 +0200
Subject: [PATCH 0196/2268] refactor: Use dynamic client for CRD discovery

---
 pkg/k8s/resources.go | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 3010d295a..6cdf84ec6 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -155,17 +155,13 @@ func (k *k8sResources) updateResources() error {
 	return nil
 }
 
-var crdGK = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
+var crdGVR = schema.GroupVersionResource{Group: "apiextensions.k8s.io", Version: "v1", Resource: "customresourcedefinitions"}
 
 func (k *k8sResources) updateResourcesFromCRDs(clients *k8sClients) error {
-	var crdList *apiextensionsv1.CustomResourceDefinitionList
-	_, err := clients.withClientFromPool(func(p *parallelClientEntry) error {
-		c, err := apiextensionsclient.NewForConfigAndClient(k.restConfig, p.http)
-		if err != nil {
-			return err
-		}
-
-		crdList, err = c.CustomResourceDefinitions().List(k.ctx, v1.ListOptions{})
+	var crdList *unstructured.UnstructuredList
+	_, err := clients.withDynamicClientForGVR(&crdGVR, "", func(r dynamic.ResourceInterface) error {
+		var err error
+		crdList, err = r.List(k.ctx, v1.ListOptions{})
 		return err
 	})
 	if err != nil {
@@ -173,11 +169,8 @@ func (k *k8sResources) updateResourcesFromCRDs(clients *k8sClients) error {
 	}
 
 	for _, x := range crdList.Items {
-		u, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&x)
-		if err != nil {
-			return err
-		}
-		crd := uo.FromMap(u)
+		x := x
+		crd := uo.FromUnstructured(&x)
 		err = k.UpdateResourcesFromCRD(crd)
 		if err != nil {
 			return err

From a2209cb2687cc6056bbae600e0a2fe5a42a106a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 17:45:15 +0200
Subject: [PATCH 0197/2268] refactor: Split out k8s client creation to allow
 fake clients

---
 pkg/k8s/client.go                    | 40 +++++--------
 pkg/k8s/client_factory.go            | 87 ++++++++++++++++++++++++++++
 pkg/k8s/k8s_cluster.go               | 22 +++----
 pkg/k8s/resources.go                 | 28 ++-------
 pkg/kluctl_project/target_context.go |  6 +-
 5 files changed, 122 insertions(+), 61 deletions(-)
 create mode 100644 pkg/k8s/client_factory.go

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index fbda2dbd5..76f01135e 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -7,20 +7,17 @@ import (
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
-	"k8s.io/client-go/rest"
-	"net/http"
 )
 
 type k8sClients struct {
-	ctx        context.Context
-	restConfig *rest.Config
-	clientPool chan *parallelClientEntry
-	count      int
+	ctx           context.Context
+	clientFactory ClientFactory
+	clientPool    chan *parallelClientEntry
+	count         int
 }
 
 type parallelClientEntry struct {
-	http           *http.Client
-	corev1         *corev1.CoreV1Client
+	corev1         corev1.CoreV1Interface
 	dynamicClient  dynamic.Interface
 	metadataClient metadata.Interface
 
@@ -41,37 +38,30 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 	})
 }
 
-func newK8sClients(ctx context.Context, restConfig *rest.Config, count int) (*k8sClients, error) {
+func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int) (*k8sClients, error) {
 	var err error
 
 	k := &k8sClients{
-		ctx:        ctx,
-		restConfig: restConfig,
-		clientPool: make(chan *parallelClientEntry, count),
-		count:      count,
+		ctx:           ctx,
+		clientFactory: clientFactory,
+		clientPool:    make(chan *parallelClientEntry, count),
+		count:         count,
 	}
 
 	for i := 0; i < count; i++ {
 		p := &parallelClientEntry{}
-		config := rest.CopyConfig(k.restConfig)
-		config.WarningHandler = p
 
-		p.http, err = rest.HTTPClientFor(config)
+		p.corev1, err = clientFactory.CoreV1Client(p)
 		if err != nil {
 			return nil, err
 		}
 
-		p.corev1, err = corev1.NewForConfigAndClient(config, p.http)
+		p.dynamicClient, err = clientFactory.DynamicClient(p)
 		if err != nil {
 			return nil, err
 		}
 
-		p.dynamicClient, err = dynamic.NewForConfigAndClient(config, p.http)
-		if err != nil {
-			return nil, err
-		}
-
-		p.metadataClient, err = metadata.NewForConfigAndClient(config, p.http)
+		p.metadataClient, err = clientFactory.MetadataClient(p)
 		if err != nil {
 			return nil, err
 		}
@@ -82,10 +72,10 @@ func newK8sClients(ctx context.Context, restConfig *rest.Config, count int) (*k8
 }
 
 func (k *k8sClients) close() {
+	k.clientFactory.CloseIdleConnections()
 	if k.clientPool != nil {
 		for i := 0; i < k.count; i++ {
-			p := <-k.clientPool
-			p.http.CloseIdleConnections()
+			_ = <-k.clientPool
 		}
 	}
 	k.clientPool = nil
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
new file mode 100644
index 000000000..0205c475c
--- /dev/null
+++ b/pkg/k8s/client_factory.go
@@ -0,0 +1,87 @@
+package k8s
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/discovery/cached/disk"
+	"k8s.io/client-go/dynamic"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
+	"k8s.io/client-go/rest"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"time"
+)
+
+type ClientFactory interface {
+	GetCA() []byte
+
+	CloseIdleConnections()
+
+	DiscoveryClient() (discovery.DiscoveryInterface, error)
+	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
+	DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error)
+	MetadataClient(wh rest.WarningHandler) (metadata.Interface, error)
+}
+
+type realClientFactory struct {
+	config     *rest.Config
+	httpClient *http.Client
+}
+
+func (r *realClientFactory) GetCA() []byte {
+	return r.config.CAData
+}
+
+func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
+
+	apiHost, err := url.Parse(r.config.Host)
+	if err != nil {
+		return nil, err
+	}
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(r.config), discoveryCacheDir, "", time.Hour*24)
+	if err != nil {
+		return nil, err
+	}
+	return discovery2, nil
+}
+
+func (r *realClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
+	config := rest.CopyConfig(r.config)
+	config.WarningHandler = wh
+	return corev1.NewForConfigAndClient(config, r.httpClient)
+}
+
+func (r *realClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error) {
+	config := rest.CopyConfig(r.config)
+	config.WarningHandler = wh
+	return dynamic.NewForConfigAndClient(config, r.httpClient)
+}
+
+func (r *realClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
+	config := rest.CopyConfig(r.config)
+	config.WarningHandler = wh
+	return metadata.NewForConfigAndClient(config, r.httpClient)
+}
+
+func (r *realClientFactory) CloseIdleConnections() {
+	r.httpClient.CloseIdleConnections()
+}
+
+func NewClientFactory(configIn *rest.Config) (ClientFactory, error) {
+	restConfig := rest.CopyConfig(configIn)
+	restConfig.QPS = 10
+	restConfig.Burst = 20
+
+	httpClient, err := rest.HTTPClientFor(restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return &realClientFactory{
+		config:     restConfig,
+		httpClient: httpClient,
+	}, nil
+}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 51fb487b9..5e30e45c6 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -35,33 +35,29 @@ type K8sCluster struct {
 
 	DryRun bool
 
-	restConfig *rest.Config
-	clients    *k8sClients
+	clientFactory ClientFactory
+	clients       *k8sClients
 
 	ServerVersion *goversion.Version
 
 	Resources *k8sResources
 }
 
-func NewK8sCluster(ctx context.Context, configIn *rest.Config, dryRun bool) (*K8sCluster, error) {
+func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool) (*K8sCluster, error) {
 	var err error
 
-	restConfig := rest.CopyConfig(configIn)
-	restConfig.QPS = 10
-	restConfig.Burst = 20
-
 	k := &K8sCluster{
-		ctx:        ctx,
-		DryRun:     dryRun,
-		restConfig: restConfig,
+		ctx:           ctx,
+		DryRun:        dryRun,
+		clientFactory: clientFactory,
 	}
 
-	k.Resources, err = newK8sResources(ctx, restConfig)
+	k.Resources, err = newK8sResources(ctx, clientFactory)
 	if err != nil {
 		return nil, err
 	}
 
-	k.clients, err = newK8sClients(ctx, restConfig, 16)
+	k.clients, err = newK8sClients(ctx, clientFactory, 16)
 	if err != nil {
 		return nil, err
 	}
@@ -108,7 +104,7 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 }
 
 func (k *K8sCluster) GetCA() []byte {
-	return k.restConfig.CAData
+	return k.clientFactory.GetCA()
 }
 
 func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 6cdf84ec6..c1338ecee 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -4,32 +4,22 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
-	"k8s.io/client-go/rest"
-	"net/url"
-	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
-	"time"
-
-	apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 )
 
 type k8sResources struct {
-	ctx        context.Context
-	restConfig *rest.Config
-	discovery  *disk.CachedDiscoveryClient
+	ctx       context.Context
+	discovery discovery.DiscoveryInterface
 
 	allResources       map[schema.GroupVersionKind]v1.APIResource
 	preferredResources map[schema.GroupKind]v1.APIResource
@@ -37,26 +27,20 @@ type k8sResources struct {
 	mutex              sync.Mutex
 }
 
-func newK8sResources(ctx context.Context, config *rest.Config) (*k8sResources, error) {
+func newK8sResources(ctx context.Context, clientFactory ClientFactory) (*k8sResources, error) {
 	k := &k8sResources{
 		ctx:                ctx,
-		restConfig:         config,
 		allResources:       map[schema.GroupVersionKind]v1.APIResource{},
 		preferredResources: map[schema.GroupKind]v1.APIResource{},
 		crds:               map[schema.GroupKind]*uo.UnstructuredObject{},
 		mutex:              sync.Mutex{},
 	}
 
-	apiHost, err := url.Parse(config.Host)
-	if err != nil {
-		return nil, err
-	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
+	var err error
+	k.discovery, err = clientFactory.DiscoveryClient()
 	if err != nil {
 		return nil, err
 	}
-	k.discovery = discovery2
 
 	return k, nil
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f18b0a880..eae3b64e5 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -51,7 +51,11 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
 		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
-		k, err = k8s.NewK8sCluster(ctx, clientConfig, dryRun)
+		clientFactory, err := k8s.NewClientFactory(clientConfig)
+		if err != nil {
+			return nil, err
+		}
+		k, err = k8s.NewK8sCluster(ctx, clientFactory, dryRun)
 		if err != nil {
 			s.Failed()
 			return nil, err

From fa80323c466ae123e0fa273d0362795c5b3b6f82 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 17:45:38 +0200
Subject: [PATCH 0198/2268] fix: Allow uint as well in GetNestedInt

---
 pkg/utils/uo/nested_fields.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 325c581f3..b3927dc9d 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -1,6 +1,9 @@
 package uo
 
-import "fmt"
+import (
+	"fmt"
+	"reflect"
+)
 
 func (uo *UnstructuredObject) GetNestedField(keys ...interface{}) (interface{}, bool, error) {
 	var o interface{} = uo.Object
@@ -97,15 +100,14 @@ func (uo *UnstructuredObject) GetNestedInt(keys ...interface{}) (int64, bool, er
 	if !found {
 		return 0, false, nil
 	}
-	i, ok := v.(int64)
-	if !ok {
-		if i2, ok := v.(int); ok {
-			i = int64(i2)
-		} else {
-			return 0, false, fmt.Errorf("value at %s is not an int", KeyPath(keys).ToJsonPath())
-		}
+	vv := reflect.ValueOf(v)
+	if vv.CanInt() {
+		return vv.Int(), true, nil
+	} else if vv.CanUint() {
+		return int64(vv.Uint()), true, nil
+	} else {
+		return 0, false, fmt.Errorf("value at %s is not an int", KeyPath(keys).ToJsonPath())
 	}
-	return i, true, nil
 }
 
 func (uo *UnstructuredObject) GetNestedList(keys ...interface{}) ([]interface{}, bool, error) {

From 603dd593fbf3f14eee82623df06db0175acde1ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 May 2022 17:46:18 +0200
Subject: [PATCH 0199/2268] fix: Add NoopStatusHandler so that status handling
 is ignored while testing

---
 pkg/status/noop.go   | 49 ++++++++++++++++++++++++++++++++++++++++++++
 pkg/status/status.go |  2 +-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 pkg/status/noop.go

diff --git a/pkg/status/noop.go b/pkg/status/noop.go
new file mode 100644
index 000000000..1f30341a0
--- /dev/null
+++ b/pkg/status/noop.go
@@ -0,0 +1,49 @@
+package status
+
+type NoopStatusHandler struct {
+}
+
+type NoopStatusLine struct {
+}
+
+func (n NoopStatusHandler) SetTrace(trace bool) {
+}
+
+func (n NoopStatusHandler) Stop() {
+}
+
+func (n NoopStatusHandler) StartStatus(total int, message string) StatusLine {
+	return &NoopStatusLine{}
+}
+
+func (n NoopStatusHandler) Info(message string) {
+}
+
+func (n NoopStatusHandler) Warning(message string) {
+}
+
+func (n NoopStatusHandler) Error(message string) {
+}
+
+func (n NoopStatusHandler) Trace(message string) {
+}
+
+func (n NoopStatusHandler) PlainText(text string) {
+}
+
+func (n NoopStatusHandler) InfoFallback(message string) {
+}
+
+var _ StatusHandler = &NoopStatusHandler{}
+
+func (n NoopStatusLine) SetTotal(total int) {
+}
+
+func (n NoopStatusLine) Increment() {
+}
+
+func (n NoopStatusLine) Update(message string) {
+}
+
+func (n NoopStatusLine) End(result EndResult) {
+}
diff --git a/pkg/status/status.go b/pkg/status/status.go
index d58c774f2..f1f60395c 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -59,7 +59,7 @@ func NewContext(ctx context.Context, slh StatusHandler) context.Context {
 func FromContext(ctx context.Context) StatusHandler {
 	v := ctx.Value(contextKey{})
 	if v == nil {
-		return nil
+		return &NoopStatusHandler{}
 	}
 	return v.(StatusHandler)
 }

From f7ee0228cefd95566f50786122225a1586a8cdea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 May 2022 14:51:15 +0200
Subject: [PATCH 0200/2268] refactor: Use semver to compare kubernetes versions

This fixes issues with k8s versions while testing.
---
 go.mod                 |  3 +--
 go.sum                 |  2 --
 pkg/k8s/k8s_cluster.go | 22 ++++++++++------------
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index 4958074bb..8ba0c8880 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@ go 1.18
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
+	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/aws/aws-sdk-go v1.44.1
 	github.com/bitnami-labs/sealed-secrets v0.17.5
 	github.com/cyphar/filepath-securejoin v0.2.3
@@ -16,7 +17,6 @@ require (
 	github.com/goccy/go-yaml v1.9.5
 	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/google/go-containerregistry v0.8.0
-	github.com/hashicorp/go-version v1.4.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
@@ -73,7 +73,6 @@ require (
 	github.com/BurntSushi/toml v1.1.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.2 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
diff --git a/go.sum b/go.sum
index dc7ef08f9..fe9ab20ed 100644
--- a/go.sum
+++ b/go.sum
@@ -753,8 +753,6 @@ github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerX
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
-github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 5e30e45c6..289e3d53a 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	goversion "github.com/hashicorp/go-version"
+	"github.com/Masterminds/semver/v3"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -16,6 +16,7 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/metadata"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
@@ -38,7 +39,7 @@ type K8sCluster struct {
 	clientFactory ClientFactory
 	clients       *k8sClients
 
-	ServerVersion *goversion.Version
+	ServerVersion *version.Info
 
 	Resources *k8sResources
 }
@@ -66,11 +67,7 @@ func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool
 	if err != nil {
 		return nil, err
 	}
-	v2, err := goversion.NewVersion(v.String())
-	if err != nil {
-		return nil, err
-	}
-	k.ServerVersion = v2
+	k.ServerVersion = v
 
 	var wg sync.WaitGroup
 	wg.Add(2)
@@ -326,17 +323,18 @@ func (k *K8sCluster) waitForDeletedObject(ref k8s.ObjectRef) error {
 	return nil
 }
 
-var v1_21, _ = goversion.NewVersion("1.21")
-var v1_1000, _ = goversion.NewVersion("1.1000")
-
 func (k *K8sCluster) FixObjectForPatch(o *uo.UnstructuredObject) *uo.UnstructuredObject {
 	// A bug in versions < 1.20 cause errors when applying resources that have some fields omitted which have
 	// default values. We need to fix these resources.
 	// UPDATE even though https://github.com/kubernetes-sigs/structured-merge-diff/issues/130 says it's fixed, the
 	// issue is still present.
-	needsDefaultsFix := k.ServerVersion.LessThan(v1_21) || true
+	k8sVersion, err := semver.NewVersion(k.ServerVersion.String())
+	if err != nil {
+		return o
+	}
+	needsDefaultsFix := k8sVersion.LessThan(semver.MustParse("1.21")) || true
 	// TODO check when this is actually fixed (see https://github.com/kubernetes/kubernetes/issues/94275)
-	needsTypeConversionFix := k.ServerVersion.LessThan(v1_1000)
+	needsTypeConversionFix := k8sVersion.LessThan(semver.MustParse("1.100"))
 	if !needsDefaultsFix && !needsTypeConversionFix {
 		return o
 	}

From 3ed29312d874368ab02ea4d426b33c8178afad85 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 May 2022 14:52:35 +0200
Subject: [PATCH 0201/2268] fix: Stop using ServerPreferredResources() from
 discovery client

Instead, use a custom implementation of the preferred version detection.
ServerPreferredResources() is not implemented in the fake discovery client,
making it unusable while testing.
---
 pkg/k8s/resources.go | 51 +++++++++++++++-----------------------------
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index c1338ecee..e8a3d843e 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -54,17 +54,12 @@ func (k *k8sResources) updateResources() error {
 	k.crds = map[schema.GroupKind]*uo.UnstructuredObject{}
 
 	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
+	var ags []*v1.APIGroup
 	var arls []*v1.APIResourceList
-	var preferredArls []*v1.APIResourceList
 	finished := make(chan error)
 	go func() {
 		var err error
-		_, arls, err = k.discovery.ServerGroupsAndResources()
-		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
-			finished <- err
-			return
-		}
-		preferredArls, err = k.discovery.ServerPreferredResources()
+		ags, arls, err = k.discovery.ServerGroupsAndResources()
 		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
 			finished <- err
 			return
@@ -82,6 +77,17 @@ func (k *k8sResources) updateResources() error {
 	}
 
 	for _, arl := range arls {
+		var ag *v1.APIGroup
+		for _, x := range ags {
+			if x.Name == arl.GroupVersionKind().Group {
+				ag = x
+				break
+			}
+		}
+		if ag == nil {
+			continue
+		}
+
 		for _, ar := range arl.APIResources {
 			if strings.Index(ar.Name, "/") != -1 {
 				// skip subresources
@@ -104,38 +110,15 @@ func (k *k8sResources) updateResources() error {
 			if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
 				continue
 			}
-			if _, ok := k.allResources[gvk]; ok {
-				ok = false
-			}
-			k.allResources[gvk] = ar
-		}
-	}
-
-	for _, arl := range preferredArls {
-		for _, ar := range arl.APIResources {
-			if strings.Index(ar.Name, "/") != -1 {
-				// skip subresources
-				continue
-			}
-			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
-			if err != nil {
-				continue
-			}
 
-			ar := ar
-			ar.Group = gv.Group
-			ar.Version = gv.Version
+			k.allResources[gvk] = ar
 
-			gk := schema.GroupKind{
-				Group: ar.Group,
-				Kind:  ar.Kind,
+			if gvk.Version == ag.PreferredVersion.Version {
+				k.preferredResources[gvk.GroupKind()] = ar
 			}
-			if _, ok := deprecatedResources[gk]; ok {
-				continue
-			}
-			k.preferredResources[gk] = ar
 		}
 	}
+
 	return nil
 }
 

From b2b7d0d0f4c5139d7e0b43b7db92b3cb5d5f61c1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 May 2022 14:53:07 +0200
Subject: [PATCH 0202/2268] refactor: Move kyaml background init into utils
 package

---
 pkg/deployment/deployment_item.go | 28 +---------------------------
 pkg/utils/init_kyaml.go           | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 27 deletions(-)
 create mode 100644 pkg/utils/init_kyaml.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 15463a61a..7051ce9c3 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -15,10 +15,7 @@ import (
 	"path/filepath"
 	"sigs.k8s.io/kustomize/api/filesys"
 	"sigs.k8s.io/kustomize/api/krusty"
-	"sigs.k8s.io/kustomize/kyaml/openapi"
-	yaml2 "sigs.k8s.io/kustomize/kyaml/yaml"
 	"strings"
-	"sync"
 )
 
 const SealmeExt = ".sealme"
@@ -336,7 +333,7 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
-	waitForOpenapiInitDone()
+	utils.WaitForOpenapiInitDone()
 
 	ko := krusty.MakeDefaultOptions()
 	k := krusty.MakeKustomizer(ko)
@@ -452,26 +449,3 @@ func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images)
 
 	return nil
 }
-
-var openapiInitDoneMutex sync.Mutex
-var openapiInitDoneOnce sync.Once
-
-func waitForOpenapiInitDone() {
-	openapiInitDoneOnce.Do(func() {
-		openapiInitDoneMutex.Lock()
-		openapiInitDoneMutex.Unlock()
-	})
-}
-
-func init() {
-	openapiInitDoneMutex.Lock()
-	go func() {
-		// we do a single call to IsNamespaceScoped to enforce openapi schema initialization
-		// this is required here to ensure that it is later not done in parallel which would cause race conditions
-		openapi.IsNamespaceScoped(yaml2.TypeMeta{
-			APIVersion: "",
-			Kind:       "ConfigMap",
-		})
-		openapiInitDoneMutex.Unlock()
-	}()
-}
diff --git a/pkg/utils/init_kyaml.go b/pkg/utils/init_kyaml.go
new file mode 100644
index 000000000..a25bddbb0
--- /dev/null
+++ b/pkg/utils/init_kyaml.go
@@ -0,0 +1,30 @@
+package utils
+
+import (
+	"sigs.k8s.io/kustomize/kyaml/openapi"
+	yaml2 "sigs.k8s.io/kustomize/kyaml/yaml"
+	"sync"
+)
+
+var openapiInitDoneMutex sync.Mutex
+var openapiInitDoneOnce sync.Once
+
+func WaitForOpenapiInitDone() {
+	openapiInitDoneOnce.Do(func() {
+		openapiInitDoneMutex.Lock()
+		openapiInitDoneMutex.Unlock()
+	})
+}
+
+func init() {
+	openapiInitDoneMutex.Lock()
+	go func() {
+		// we do a single call to IsNamespaceScoped to enforce openapi schema initialization
+		// this is required here to ensure that it is later not done in parallel which would cause race conditions
+		openapi.IsNamespaceScoped(yaml2.TypeMeta{
+			APIVersion: "",
+			Kind:       "ConfigMap",
+		})
+		openapiInitDoneMutex.Unlock()
+	}()
+}

From d6f236c6c579ce3c1efff8e0618bb1200b80fff4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 16:44:07 +0200
Subject: [PATCH 0203/2268] fix: Fix broken ARN parsing

---
 pkg/utils/aws/arn.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/utils/aws/arn.go b/pkg/utils/aws/arn.go
index a8f88ee45..3b7141e99 100644
--- a/pkg/utils/aws/arn.go
+++ b/pkg/utils/aws/arn.go
@@ -17,7 +17,7 @@ type Arn struct {
 
 func ParseArn(arn string) (Arn, error) {
 	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
-	elements := strings.SplitN(arn, ":", 5)
+	elements := strings.SplitN(arn, ":", 6)
 	if len(elements) < 6 {
 		return Arn{}, fmt.Errorf("%s is not a valid arn", arn)
 	}
@@ -29,11 +29,11 @@ func ParseArn(arn string) (Arn, error) {
 	result.Account = elements[4]
 	result.Resource = elements[5]
 
-	if strings.Index(result.Resource, "/") != 0 {
+	if strings.Index(result.Resource, "/") != -1 {
 		s := strings.SplitN(result.Resource, "/", 2)
 		result.ResourceType = s[0]
 		result.Resource = s[1]
-	} else if strings.Index(result.Resource, ":") != 0 {
+	} else if strings.Index(result.Resource, ":") != -1 {
 		s := strings.SplitN(result.Resource, ":", 2)
 		result.ResourceType = s[0]
 		result.Resource = s[1]

From a79d1722816e8548af6b2aa1baf25314ca77e3b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 16:45:39 +0200
Subject: [PATCH 0204/2268] refactor: Introduce AWS client factory for
 VarsLoader

This allows mocking of AWS clients.
---
 pkg/kluctl_project/target_context.go       |  3 +-
 pkg/{utils => vars}/aws/arn.go             |  0
 pkg/vars/aws/clientfactory.go              | 44 ++++++++++++++++++++++
 pkg/{utils => vars}/aws/secrets_manager.go | 23 +++--------
 pkg/vars/vars_loader.go                    | 12 ++++--
 5 files changed, 61 insertions(+), 21 deletions(-)
 rename pkg/{utils => vars}/aws/arn.go (100%)
 create mode 100644 pkg/vars/aws/clientfactory.go
 rename pkg/{utils => vars}/aws/secrets_manager.go (55%)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index eae3b64e5..400d9a118 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
+	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
@@ -63,7 +64,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.GRC)
+	varsLoader := vars.NewVarsLoader(ctx, k, p.GRC, aws.NewClientFactory())
 
 	if forSeal {
 		err = p.loadSecrets(target, varsCtx, varsLoader)
diff --git a/pkg/utils/aws/arn.go b/pkg/vars/aws/arn.go
similarity index 100%
rename from pkg/utils/aws/arn.go
rename to pkg/vars/aws/arn.go
diff --git a/pkg/vars/aws/clientfactory.go b/pkg/vars/aws/clientfactory.go
new file mode 100644
index 000000000..db7e43d0e
--- /dev/null
+++ b/pkg/vars/aws/clientfactory.go
@@ -0,0 +1,44 @@
+package aws
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/secretsmanager"
+	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
+	"os"
+)
+
+type AwsClientFactory interface {
+	SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error)
+}
+
+type awsClientFactory struct {
+}
+
+func (a *awsClientFactory) getSession(profile *string) (*session.Session, error) {
+	var opts session.Options
+	opts.SharedConfigState = session.SharedConfigEnable
+	// Environment variable always takes precedence
+	if _, ok := os.LookupEnv("AWS_PROFILE"); !ok && profile != nil {
+		opts.Profile = *profile
+	}
+	s, err := session.NewSessionWithOptions(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return s, nil
+}
+
+func (a *awsClientFactory) SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error) {
+	s, err := a.getSession(profile)
+	if err != nil {
+		return nil, err
+	}
+
+	return secretsmanager.New(s, &aws.Config{Region: region}), nil
+}
+
+func NewClientFactory() AwsClientFactory {
+	return &awsClientFactory{}
+}
diff --git a/pkg/utils/aws/secrets_manager.go b/pkg/vars/aws/secrets_manager.go
similarity index 55%
rename from pkg/utils/aws/secrets_manager.go
rename to pkg/vars/aws/secrets_manager.go
index bd440439b..1a57bd5ae 100644
--- a/pkg/utils/aws/secrets_manager.go
+++ b/pkg/vars/aws/secrets_manager.go
@@ -2,25 +2,10 @@ package aws
 
 import (
 	"fmt"
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
-
-	"os"
 )
 
-func GetAwsSecretsManagerSecret(profile *string, region *string, secretName string) (string, error) {
-	var opts session.Options
-	opts.SharedConfigState = session.SharedConfigEnable
-	// Environment variable always takes precedence
-	if _, ok := os.LookupEnv("AWS_PROFILE"); !ok && region != nil {
-		opts.Profile = *profile
-	}
-	s, err := session.NewSessionWithOptions(opts)
-	if err != nil {
-		return "", err
-	}
-
+func GetAwsSecretsManagerSecret(aws AwsClientFactory, profile *string, region *string, secretName string) (string, error) {
 	if region == nil {
 		arn, err := ParseArn(secretName)
 		if err != nil {
@@ -29,7 +14,11 @@ func GetAwsSecretsManagerSecret(profile *string, region *string, secretName stri
 		region = &arn.Region
 	}
 
-	smClient := secretsmanager.New(s, &aws.Config{Region: region})
+	smClient, err := aws.SecretsManagerClient(profile, region)
+	if err != nil {
+		return "", fmt.Errorf("getting secret %s from AWS secrets manager failed: %w", secretName, err)
+	}
+
 	r, err := smClient.GetSecretValue(&secretsmanager.GetSecretValueInput{
 		SecretId: &secretName,
 	})
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index e6f912b29..9900ce36b 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -9,8 +9,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/aws"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
@@ -25,15 +25,17 @@ type VarsLoader struct {
 	ctx context.Context
 	k   *k8s.K8sCluster
 	grc *git.MirroredGitRepoCollection
+	aws aws.AwsClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, grc *git.MirroredGitRepoCollection) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, grc *git.MirroredGitRepoCollection, aws aws.AwsClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
 		grc:              grc,
+		aws:              aws,
 		credentialsCache: map[string]usernamePassword{},
 	}
 }
@@ -125,7 +127,11 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 }
 
 func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
-	secret, err := aws.GetAwsSecretsManagerSecret(source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
+	if v.aws == nil {
+		return fmt.Errorf("no AWS client factory provided")
+	}
+
+	secret, err := aws.GetAwsSecretsManagerSecret(v.aws, source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
 	if err != nil {
 		return err
 	}

From 5a9b84ad8fc091a570a97a141ba406edc8786caa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 16:46:03 +0200
Subject: [PATCH 0205/2268] fix: Fix base64 decooding of vars loaded from k8s
 secrets

---
 pkg/vars/vars_loader.go | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 9900ce36b..6e1310bee 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -2,6 +2,7 @@ package vars
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -70,10 +71,10 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return v.loadGit(varsCtx, source.Git, rootKey)
 	} else if source.ClusterConfigMap != nil {
 		ref := k8s2.NewObjectRef("", "v1", "ConfigMap", source.ClusterConfigMap.Name, source.ClusterConfigMap.Namespace)
-		return v.loadFromK8sObject(varsCtx, ref, source.ClusterConfigMap.Key, rootKey)
+		return v.loadFromK8sObject(varsCtx, ref, source.ClusterConfigMap.Key, rootKey, false)
 	} else if source.ClusterSecret != nil {
 		ref := k8s2.NewObjectRef("", "v1", "Secret", source.ClusterSecret.Name, source.ClusterSecret.Namespace)
-		return v.loadFromK8sObject(varsCtx, ref, source.ClusterSecret.Key, rootKey)
+		return v.loadFromK8sObject(varsCtx, ref, source.ClusterSecret.Key, rootKey, true)
 	} else if source.SystemEnvVars != nil {
 		return v.loadSystemEnvs(varsCtx, &source, rootKey)
 	} else if source.Http != nil {
@@ -158,7 +159,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 	return v.loadFromString(varsCtx, string(file), rootKey)
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key string, rootKey string) error {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key string, rootKey string, base64Decode bool) error {
 	if v.k == nil {
 		return nil
 	}
@@ -168,7 +169,7 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key
 		return err
 	}
 
-	value, found, err := o.GetNestedString("data", key)
+	f, found, err := o.GetNestedField("data", key)
 	if err != nil {
 		return err
 	}
@@ -176,6 +177,21 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key
 		return fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
 	}
 
+	var value string
+	if b, ok := f.([]byte); ok {
+		value = string(b)
+	} else if s, ok := f.(string); ok {
+		if base64Decode {
+			b, err := base64.StdEncoding.DecodeString(s)
+			if err != nil {
+				return err
+			}
+			value = string(b)
+		} else {
+			value = s
+		}
+	}
+
 	err = v.loadFromString(varsCtx, value, rootKey)
 	if err != nil {
 		return fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)

From 4782041c2094dae9f5bdac4c7055362b140a2b1c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 16:46:24 +0200
Subject: [PATCH 0206/2268] tests: Implement VarsLoader tests

---
 pkg/k8s/fake_client_factory.go     | 106 +++++++
 pkg/vars/aws/fake_clientfactory.go |  39 +++
 pkg/vars/vars_loader_test.go       | 460 +++++++++++++++++++++++++++++
 pkg/vars/vars_test.go              |  25 +-
 4 files changed, 617 insertions(+), 13 deletions(-)
 create mode 100644 pkg/k8s/fake_client_factory.go
 create mode 100644 pkg/vars/aws/fake_clientfactory.go
 create mode 100644 pkg/vars/vars_loader_test.go

diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
new file mode 100644
index 000000000..8af606ad5
--- /dev/null
+++ b/pkg/k8s/fake_client_factory.go
@@ -0,0 +1,106 @@
+package k8s
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	v1 "k8s.io/api/core/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/dynamic"
+	fake_dynamic "k8s.io/client-go/dynamic/fake"
+	"k8s.io/client-go/kubernetes/fake"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
+	metadata_fake "k8s.io/client-go/metadata/fake"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/kustomize/kyaml/openapi"
+	"sigs.k8s.io/kustomize/kyaml/yaml"
+	"strings"
+)
+
+type fakeClientFactory struct {
+	clientSet *fake.Clientset
+	objects   []runtime.Object
+	scheme    *runtime.Scheme
+}
+
+func (f *fakeClientFactory) GetCA() []byte {
+	return []byte{}
+}
+
+func (f *fakeClientFactory) CloseIdleConnections() {
+}
+
+func (f *fakeClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
+	return f.clientSet.Discovery(), nil
+}
+
+func (f *fakeClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
+	return f.clientSet.CoreV1(), nil
+}
+
+func (f *fakeClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error) {
+	return fake_dynamic.NewSimpleDynamicClient(f.scheme, f.objects...), nil
+}
+
+func (f *fakeClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
+	return metadata_fake.NewSimpleMetadataClient(f.scheme, f.objects...), nil
+}
+
+func NewFakeClientFactory(objects ...runtime.Object) ClientFactory {
+	scheme := runtime.NewScheme()
+	_ = v1.AddToScheme(scheme)
+	_ = apiextensionsv1.AddToScheme(scheme)
+	clientSet := fake.NewSimpleClientset(objects...)
+
+	clientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
+
+	return &fakeClientFactory{
+		clientSet: clientSet,
+		objects:   objects,
+		scheme:    scheme,
+	}
+}
+
+func ConvertSchemeToAPIResources(s *runtime.Scheme) []*metav1.APIResourceList {
+	utils.WaitForOpenapiInitDone()
+
+	m := map[schema.GroupVersion][]metav1.APIResource{}
+
+	for gvk, _ := range s.AllKnownTypes() {
+		// we misuse kyaml here
+		n, _ := openapi.IsNamespaceScoped(yaml.TypeMeta{
+			APIVersion: gvk.GroupVersion().String(),
+			Kind:       gvk.Kind,
+		})
+
+		ar := metav1.APIResource{
+			Name:       buildPluralName(gvk.Kind),
+			Namespaced: n,
+			Group:      gvk.Group,
+			Version:    gvk.Version,
+			Kind:       gvk.Kind,
+			Verbs:      []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
+		}
+
+		l, _ := m[gvk.GroupVersion()]
+		l = append(l, ar)
+		m[gvk.GroupVersion()] = l
+	}
+
+	var ret []*metav1.APIResourceList
+	for gv, arl := range m {
+		ret = append(ret, &metav1.APIResourceList{
+			GroupVersion: gv.String(),
+			APIResources: arl,
+		})
+	}
+
+	return ret
+}
+
+func buildPluralName(n string) string {
+	return strings.ToLower(n) + "s"
+}
diff --git a/pkg/vars/aws/fake_clientfactory.go b/pkg/vars/aws/fake_clientfactory.go
new file mode 100644
index 000000000..219dc1259
--- /dev/null
+++ b/pkg/vars/aws/fake_clientfactory.go
@@ -0,0 +1,39 @@
+package aws
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/service/secretsmanager"
+	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
+)
+
+type FakeAwsClientFactory struct {
+	secretsmanageriface.SecretsManagerAPI
+
+	Secrets map[string]string
+}
+
+func (f *FakeAwsClientFactory) GetSecretValue(in *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) {
+	name := *in.SecretId
+	arn, err := ParseArn(*in.SecretId)
+	if err == nil {
+		name = arn.Resource
+	}
+
+	s, ok := f.Secrets[name]
+	if ok {
+		return &secretsmanager.GetSecretValueOutput{
+			Name:         &name,
+			SecretString: &s,
+		}, nil
+	}
+
+	return nil, fmt.Errorf("secret %s not found", *in.SecretId)
+}
+
+func (f *FakeAwsClientFactory) SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error) {
+	return f, nil
+}
+
+func NewFakeClientFactory() *FakeAwsClientFactory {
+	return &FakeAwsClientFactory{}
+}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
new file mode 100644
index 000000000..763b6c1ae
--- /dev/null
+++ b/pkg/vars/vars_loader_test.go
@@ -0,0 +1,460 @@
+package vars
+
+import (
+	"context"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func newTestDir(t *testing.T) string {
+	tmp, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		_ = os.RemoveAll(tmp)
+	})
+	return tmp
+}
+
+func newGRC(t *testing.T) *git.MirroredGitRepoCollection {
+	grc := git.NewMirroredGitRepoCollection(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+	t.Cleanup(func() {
+		grc.Clear()
+	})
+	return grc
+}
+
+func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory), objects ...runtime.Object) {
+	k, err := k8s.NewK8sCluster(context.TODO(), k8s.NewFakeClientFactory(objects...), false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	grc := newGRC(t)
+	fakeAws := aws.NewFakeClientFactory()
+
+	vl := NewVarsLoader(context.TODO(), k, grc, fakeAws)
+	vc := NewVarsCtx(newJinja2Must(t))
+
+	test(vl, vc, fakeAws)
+}
+
+func TestVarsLoader_Values(t *testing.T) {
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_File(t *testing.T) {
+	d := newTestDir(t)
+	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			File: utils.StrPtr("test.yaml"),
+		}, []string{d}, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_FileWithLoad(t *testing.T) {
+	d := newTestDir(t)
+	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
+	_ = ioutil.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			File: utils.StrPtr("test.yaml"),
+		}, []string{d}, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
+	d := newTestDir(t)
+	_ = os.Mkdir(filepath.Join(d, "subdir"), 0o700)
+	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
+	_ = ioutil.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			File: utils.StrPtr("test.yaml"),
+		}, []string{d, filepath.Join(d, "subdir")}, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
+	d := newTestDir(t)
+	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			File: utils.StrPtr("test.yaml"),
+		}, []string{d}, "")
+		assert.EqualError(t, err, "failed to load vars from test.yaml: template test3.txt not found")
+	})
+}
+
+func TestVarsLoader_Git(t *testing.T) {
+	gs := test_utils.NewGitServer(t)
+	gs.GitInit("repo")
+	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
+		return nil
+	}, "")
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		url, _ := git_url.Parse(gs.LocalGitUrl("repo"))
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Git: &types.VarsSourceGit{
+				Url:  *url,
+				Path: "test.yaml",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_GitBranch(t *testing.T) {
+	gs := test_utils.NewGitServer(t)
+	gs.GitInit("repo")
+
+	wt := gs.GetWorktree("repo")
+	err := wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("testbranch"),
+		Create: true,
+	})
+	assert.NoError(t, err)
+
+	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
+		return nil
+	}, "")
+
+	err = wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.Master,
+	})
+	assert.NoError(t, err)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		url, _ := git_url.Parse(gs.LocalGitUrl("repo"))
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Git: &types.VarsSourceGit{
+				Url:  *url,
+				Path: "test.yaml",
+				Ref:  "testbranch",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_ClusterConfigMap(t *testing.T) {
+	cm := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "cm", Namespace: "ns"},
+		Data: map[string]string{
+			"vars": `{"test1": {"test2": 42}}`,
+		},
+	}
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "cm",
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	}, &cm)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "cm1",
+				Namespace: "ns",
+				Key:       "vars1",
+			},
+		}, nil, "")
+		assert.EqualError(t, err, "configmaps \"cm1\" not found")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "cm",
+				Namespace: "ns",
+				Key:       "vars1",
+			},
+		}, nil, "")
+		assert.EqualError(t, err, "key vars1 not found in ns/ConfigMap/cm on cluster")
+	}, &cm)
+}
+
+func TestVarsLoader_ClusterSecret(t *testing.T) {
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{Name: "s", Namespace: "ns"},
+		Data: map[string][]byte{
+			"vars": []byte(`{"test1": {"test2": 42}}`),
+		},
+	}
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "s",
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	}, &secret)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "s1",
+				Namespace: "ns",
+				Key:       "vars1",
+			},
+		}, nil, "")
+		assert.EqualError(t, err, "secrets \"s1\" not found")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "s",
+				Namespace: "ns",
+				Key:       "vars1",
+			},
+		}, nil, "")
+		assert.EqualError(t, err, "key vars1 not found in ns/Secret/s on cluster")
+	}, &secret)
+}
+
+func TestVarsLoader_SystemEnv(t *testing.T) {
+	t.Setenv("TEST1", "42")
+	t.Setenv("TEST2", "43")
+	t.Setenv("TEST4", "44")
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			SystemEnvVars: uo.FromMap(map[string]interface{}{
+				"test1": "TEST1",
+				"test2": "TEST2",
+				"test3": map[string]interface{}{
+					"test4": "TEST4",
+				},
+			}),
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedString("test1")
+		assert.Equal(t, "42", v)
+
+		v, _, _ = vc.Vars.GetNestedString("test2")
+		assert.Equal(t, "43", v)
+
+		v, _, _ = vc.Vars.GetNestedString("test3", "test4")
+		assert.Equal(t, "44", v)
+	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			SystemEnvVars: uo.FromMap(map[string]interface{}{
+				"test5": "TEST5",
+			}),
+		}, nil, "")
+		assert.EqualError(t, err, "environment variable TEST5 not found for test5")
+	})
+}
+
+func TestVarsLoader_Http_GET(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(`{"test1": {"test2": 42}}`))
+	}))
+	defer ts.Close()
+
+	u, _ := url.Parse(ts.URL)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url: types.YamlUrl{URL: *u},
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_Http_POST(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			w.WriteHeader(542)
+			return
+		}
+		body, _ := ioutil.ReadAll(r.Body)
+		if string(body) != "body" {
+			w.WriteHeader(543)
+			return
+		}
+		if r.Header.Get("h") != "h" {
+			w.WriteHeader(544)
+			return
+		}
+		_, _ = w.Write([]byte(`{"test1": {"test2": 42}}`))
+	}))
+	defer ts.Close()
+
+	u, _ := url.Parse(ts.URL)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url: types.YamlUrl{URL: *u},
+			},
+		}, nil, "")
+		assert.ErrorContains(t, err, "failed with status code 542")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url:    types.YamlUrl{URL: *u},
+				Method: utils.StrPtr("POST"),
+			},
+		}, nil, "")
+		assert.ErrorContains(t, err, "failed with status code 543")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url:    types.YamlUrl{URL: *u},
+				Method: utils.StrPtr("POST"),
+				Body:   utils.StrPtr("body"),
+			},
+		}, nil, "")
+		assert.ErrorContains(t, err, "failed with status code 544")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url:     types.YamlUrl{URL: *u},
+				Method:  utils.StrPtr("POST"),
+				Body:    utils.StrPtr("body"),
+				Headers: map[string]string{"h": "h"},
+			},
+		}, nil, "")
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_Http_JsonPath(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(`{"test1": "{\"test2\": 42}"}`))
+	}))
+	defer ts.Close()
+
+	u, _ := url.Parse(ts.URL)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Http: &types.VarsSourceHttp{
+				Url:      types.YamlUrl{URL: *u},
+				JsonPath: utils.StrPtr("test1"),
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
+func TestVarsLoader_AwsSecretsManager(t *testing.T) {
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		aws.Secrets = map[string]string{
+			"secret": `{"test1": {"test2": 42}}`,
+		}
+
+		err := vl.LoadVars(vc, &types.VarsSource{
+			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
+				SecretName: "secret",
+			},
+		}, nil, "")
+		assert.EqualError(t, err, "when omitting the AWS region, the secret name must be a valid ARN")
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
+				SecretName: "secret",
+				Region:     utils.StrPtr("eu-central1"),
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		aws.Secrets = map[string]string{
+			"secret": `{"test1": {"test2": 42}}`,
+		}
+
+		err := vl.LoadVars(vc, &types.VarsSource{
+			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
+				SecretName: "arn:aws:secretsmanager:eu-central-1:12345:secret:secret",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index b922b7279..66e7bb092 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -7,12 +7,19 @@ import (
 	"testing"
 )
 
-func TestVarsCtx(t *testing.T) {
+func newJinja2Must(t *testing.T) *jinja2.Jinja2 {
 	j2, err := jinja2.NewJinja2()
 	if err != nil {
 		t.Fatal(err)
 	}
-	defer j2.Close()
+	t.Cleanup(func() {
+		j2.Close()
+	})
+	return j2
+}
+
+func TestVarsCtx(t *testing.T) {
+	j2 := newJinja2Must(t)
 
 	varsCtx := NewVarsCtx(j2)
 	varsCtx.Update(uo.FromMap(map[string]interface{}{
@@ -25,11 +32,7 @@ func TestVarsCtx(t *testing.T) {
 }
 
 func TestVarsCtxChild(t *testing.T) {
-	j2, err := jinja2.NewJinja2()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer j2.Close()
+	j2 := newJinja2Must(t)
 
 	varsCtx := NewVarsCtx(j2)
 	varsCtx.UpdateChild("child", uo.FromMap(map[string]interface{}{
@@ -42,11 +45,7 @@ func TestVarsCtxChild(t *testing.T) {
 }
 
 func TestVarsCtxStruct(t *testing.T) {
-	j2, err := jinja2.NewJinja2()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer j2.Close()
+	j2 := newJinja2Must(t)
 
 	varsCtx := NewVarsCtx(j2)
 
@@ -58,7 +57,7 @@ func TestVarsCtxStruct(t *testing.T) {
 		Test1: struct{ Test2 int }{Test2: 42},
 	}
 
-	err = varsCtx.UpdateChildFromStruct("child", s)
+	err := varsCtx.UpdateChildFromStruct("child", s)
 	assert.NoError(t, err)
 
 	v, _, _ := varsCtx.Vars.GetNestedInt("child", "test1", "test2")

From b992f22ff89b3226e8648b6e45c30c5707897e9d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 16:55:40 +0200
Subject: [PATCH 0207/2268] feat: Make helm-values.yml optional

This removes the need to provide an empty helm-values.yml in case no
values need to be overridden.

Fixes #30
---
 pkg/deployment/helm_chart.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 2e2727fb8..509773443 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -215,8 +216,10 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	}
 
 	settings := cli.New()
-	valueOpts := values.Options{
-		ValueFiles: []string{valuesPath},
+	valueOpts := values.Options{}
+
+	if utils.Exists(valuesPath) {
+		valueOpts.ValueFiles = append(valueOpts.ValueFiles, valuesPath)
 	}
 
 	var kubeVersion *chartutil.KubeVersion

From 3b1297d98152983ab8d2d0535dc7315b42af853d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 17:51:42 +0200
Subject: [PATCH 0208/2268] feat: Load Helm credentials from repositories
 config

---
 pkg/deployment/helm_chart.go | 51 +++++++++++++++++++++++++++++++-----
 1 file changed, 45 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 509773443..cc6d43776 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -115,6 +115,17 @@ func (c *helmChart) Pull(ctx context.Context) error {
 	a.DestDir = targetDir
 	a.Version = *c.Config.ChartVersion
 
+	s := c.getRepoSettings(a.Settings, *c.Config.Repo)
+	if s != nil {
+		a.Username = s.Username
+		a.Password = s.Password
+		a.CertFile = s.CertFile
+		a.CaFile = s.CAFile
+		a.KeyFile = s.KeyFile
+		a.InsecureSkipTLSverify = s.InsecureSkipTLSverify
+		a.PassCredentialsAll = s.PassCredentialsAll
+	}
+
 	var out string
 	if registry.IsOCI(*c.Config.Repo) {
 		out, err = a.Run(*c.Config.Repo)
@@ -145,11 +156,14 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 	var latestVersion string
 
 	settings := cli.New()
-	e := repo.Entry{
-		URL:  *c.Config.Repo,
-		Name: chartName,
+	e := c.getRepoSettings(settings, *c.Config.Repo)
+	if e == nil {
+		e = &repo.Entry{
+			URL: *c.Config.Repo,
+		}
 	}
-	r, err := repo.NewChartRepository(&e, getter.All(settings))
+
+	r, err := repo.NewChartRepository(e, getter.All(settings))
 	if err != nil {
 		return "", false, err
 	}
@@ -164,9 +178,9 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 		return "", false, err
 	}
 
-	indexEntry, ok := index.Entries[*c.Config.ChartName]
+	indexEntry, ok := index.Entries[chartName]
 	if !ok || len(indexEntry) == 0 {
-		return "", false, fmt.Errorf("helm chart %s not found in repo index", *c.Config.ChartName)
+		return "", false, fmt.Errorf("helm chart %s not found in repo index", chartName)
 	}
 
 	var ls versions.LooseVersionSlice
@@ -338,6 +352,31 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	return nil
 }
 
+func (c *helmChart) getRepoSettings(env *cli.EnvSettings, repoUrl string) *repo.Entry {
+	f, err := repo.LoadFile(env.RepositoryConfig)
+	if err != nil {
+		return nil
+	}
+
+	removeTrailingSlash := func(s string) string {
+		if len(s) == 0 {
+			return s
+		}
+		if s[len(s)-1] == '/' {
+			return s[:len(s)-1]
+		}
+		return s
+	}
+	repoUrl = removeTrailingSlash(repoUrl)
+
+	for _, e := range f.Repositories {
+		if removeTrailingSlash(e.URL) == repoUrl {
+			return e
+		}
+	}
+	return nil
+}
+
 func checkIfInstallable(ch *chart.Chart) error {
 	switch ch.Metadata.Type {
 	case "", "application":

From 3acd4a2871fe00af8484eeee4e1309d68faff3fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 22 May 2022 17:55:59 +0200
Subject: [PATCH 0209/2268] refactor: No need to use pointers for booleans with
 default "false" value

---
 cmd/kluctl/commands/cmd_helm_update.go  |  6 ++----
 pkg/deployment/deployment_collection.go |  5 ++---
 pkg/deployment/deployment_item.go       |  9 ++++-----
 pkg/deployment/helm_chart.go            |  2 +-
 pkg/deployment/utils/apply_utils.go     |  4 ++--
 pkg/types/deployment.go                 | 12 ++++++------
 pkg/types/helm_chart.go                 |  4 ++--
 7 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 59e3df5d9..17dc10c71 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -42,8 +42,6 @@ func (cmd *helmUpdateCmd) Run() error {
 			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
 			defer s.Failed()
 
-			skipUpdate := chart.Config.SkipUpdate != nil && *chart.Config.SkipUpdate
-
 			newVersion, updated, err := chart.CheckUpdate()
 			if err != nil {
 				return err
@@ -54,7 +52,7 @@ func (cmd *helmUpdateCmd) Run() error {
 				return nil
 			}
 			msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
-			if skipUpdate {
+			if chart.Config.SkipUpdate {
 				msg += " skipUpdate is set to true."
 			}
 			s.Update(msg)
@@ -62,7 +60,7 @@ func (cmd *helmUpdateCmd) Run() error {
 			if !cmd.Upgrade {
 				s.Success()
 			} else {
-				if skipUpdate {
+				if chart.Config.SkipUpdate {
 					s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
 					s.Success()
 					return nil
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 64b100788..03883a86c 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -46,9 +46,8 @@ func NewDeploymentCollection(ctx context.Context, project *DeploymentProject, im
 }
 
 func (c *DeploymentCollection) createBarrierDummy(project *DeploymentProject) *DeploymentItem {
-	b := true
 	tmpDiConfig := &types.DeploymentItemConfig{
-		Barrier: &b,
+		Barrier: true,
 	}
 	di, err := NewDeploymentItem(project, c, tmpDiConfig, nil, 0)
 	if err != nil {
@@ -93,7 +92,7 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 				return nil, err
 			}
 			ret = append(ret, ret2...)
-			if diConfig.Barrier != nil && *diConfig.Barrier {
+			if diConfig.Barrier {
 				ret = append(ret, c.createBarrierDummy(project))
 			}
 		} else {
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 7051ce9c3..82038c71b 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -101,7 +101,7 @@ func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	a := map[string]string{
 		"kluctl.io/kustomize_dir": filepath.ToSlash(di.RelToRootItemDir),
 	}
-	if di.Config.SkipDeleteIfTags != nil && *di.Config.SkipDeleteIfTags {
+	if di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
 	}
 	return a
@@ -267,10 +267,10 @@ func (di *DeploymentItem) CheckInclusionForDeploy() bool {
 	if di.Inclusion == nil {
 		return true
 	}
-	if di.Config.OnlyRender != nil && *di.Config.OnlyRender {
+	if di.Config.OnlyRender {
 		return true
 	}
-	if di.Config.AlwaysDeploy != nil && *di.Config.AlwaysDeploy {
+	if di.Config.AlwaysDeploy {
 		return true
 	}
 	values := di.buildInclusionEntries()
@@ -281,9 +281,8 @@ func (di *DeploymentItem) checkInclusionForDelete() bool {
 	if di.Inclusion == nil {
 		return true
 	}
-	skipDeleteIfTags := di.Config.SkipDeleteIfTags != nil && *di.Config.SkipDeleteIfTags
 	values := di.buildInclusionEntries()
-	return di.Inclusion.CheckIncluded(values, skipDeleteIfTags)
+	return di.Inclusion.CheckIncluded(values, di.Config.SkipDeleteIfTags)
 }
 
 func (di *DeploymentItem) prepareKustomizationYaml() error {
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index cc6d43776..93ba7e85a 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -257,7 +257,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	client.ClientOnly = true
 	client.KubeVersion = kubeVersion
 
-	if c.Config.SkipCRDs != nil && *c.Config.SkipCRDs {
+	if c.Config.SkipCRDs {
 		client.SkipCRDs = true
 	} else {
 		client.IncludeCRDs = true
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index ff10287a5..46b246351 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -480,7 +480,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			didLog = true
 		}
 
-		waitReadiness := (d.Config.WaitReadiness != nil && *d.Config.WaitReadiness) || d.WaitReadiness || utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/wait-readiness"))
+		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/wait-readiness"))
 		if !a.o.NoWait && waitReadiness {
 			a.WaitReadiness(o.GetK8sRef(), 0)
 		}
@@ -577,7 +577,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 			sctx.Failed()
 		}()
 
-		barrier := (d.Config.Barrier != nil && *d.Config.Barrier) || d.Barrier
+		barrier := d.Config.Barrier || d.Barrier
 		if barrier {
 			sctx := status.StartWithOptions(a.ctx, status.WithStatus("Waiting on barrier..."), status.WithTotal(1))
 			wg.Wait()
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index b129aa8b8..b9db6bb96 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -9,12 +9,12 @@ type DeploymentItemConfig struct {
 	Path             *string                  `yaml:"path,omitempty"`
 	Include          *string                  `yaml:"include,omitempty"`
 	Tags             []string                 `yaml:"tags,omitempty"`
-	Barrier          *bool                    `yaml:"barrier,omitempty"`
-	WaitReadiness    *bool                    `yaml:"waitReadiness,omitempty"`
+	Barrier          bool                     `yaml:"barrier,omitempty"`
+	WaitReadiness    bool                     `yaml:"waitReadiness,omitempty"`
 	Vars             []*VarsSource            `yaml:"vars,omitempty"`
-	SkipDeleteIfTags *bool                    `yaml:"skipDeleteIfTags,omitempty"`
-	OnlyRender       *bool                    `yaml:"onlyRender,omitempty"`
-	AlwaysDeploy     *bool                    `yaml:"alwaysDeploy,omitempty"`
+	SkipDeleteIfTags bool                     `yaml:"skipDeleteIfTags,omitempty"`
+	OnlyRender       bool                     `yaml:"onlyRender,omitempty"`
+	AlwaysDeploy     bool                     `yaml:"alwaysDeploy,omitempty"`
 	DeleteObjects    []DeleteObjectItemConfig `yaml:"deleteObjects,omitempty"`
 }
 
@@ -23,7 +23,7 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	if s.Path != nil && s.Include != nil {
 		sl.ReportError(s, "path", "Path", "path and include can not be set at the same time", "")
 	}
-	if s.Path == nil && s.WaitReadiness != nil {
+	if s.Path == nil && s.WaitReadiness {
 		sl.ReportError(s, "waitReadiness", "WaitReadiness", "only kustomize deployments are allowed to have waitReadiness set", "")
 	}
 }
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index c8e0e91f3..88a960a12 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -7,8 +7,8 @@ type HelmChartConfig2 struct {
 	ReleaseName  string  `yaml:"releaseName" validate:"required"`
 	Namespace    *string `yaml:"namespace,omitempty"`
 	Output       string  `yaml:"output" validate:"required"`
-	SkipCRDs     *bool   `yaml:"skipCRDs,omitempty"`
-	SkipUpdate   *bool   `yaml:"skipUpdate,omitempty"`
+	SkipCRDs     bool    `yaml:"skipCRDs,omitempty"`
+	SkipUpdate   bool    `yaml:"skipUpdate,omitempty"`
 }
 
 type HelmChartConfig struct {

From 754bae1bd4bf309ebb75ec4cc70b22c108b4d55c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 09:29:52 +0200
Subject: [PATCH 0210/2268] feat: Allow to specify helm repository credentials
 via CLI

Fixes: #31
---
 cmd/kluctl/args/helm_credentials.go    | 81 ++++++++++++++++++++++++++
 cmd/kluctl/commands/cmd_helm_pull.go   | 19 ++++++
 cmd/kluctl/commands/cmd_helm_update.go | 18 +++++-
 pkg/deployment/helm_chart.go           | 49 +++++-----------
 pkg/types/helm_chart.go                | 17 +++---
 5 files changed, 138 insertions(+), 46 deletions(-)
 create mode 100644 cmd/kluctl/args/helm_credentials.go

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
new file mode 100644
index 000000000..23db78c6d
--- /dev/null
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -0,0 +1,81 @@
+package args
+
+import (
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/repo"
+	"strings"
+)
+
+type HelmCredentials struct {
+	Username              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	Password              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	KeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --key-file=<credentialsId>:<path>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	InsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+}
+
+func (c *HelmCredentials) FindCredentials(repoUrl string, credentialsId *string) *repo.Entry {
+	if credentialsId != nil {
+		splitIdAndValue := func(s string) (string, bool) {
+			x := strings.SplitN(s, ":", 2)
+			if len(x) < 0 {
+				return "", false
+			}
+			if x[0] != *credentialsId {
+				return "", false
+			}
+			return x[1], true
+		}
+
+		var e repo.Entry
+		for _, x := range c.Username {
+			if v, ok := splitIdAndValue(x); ok {
+				e.Username = v
+			}
+		}
+		for _, x := range c.Password {
+			if v, ok := splitIdAndValue(x); ok {
+				e.Password = v
+			}
+		}
+		for _, x := range c.KeyFile {
+			if v, ok := splitIdAndValue(x); ok {
+				e.KeyFile = v
+			}
+		}
+		for _, x := range c.InsecureSkipTlsVerify {
+			if x == *credentialsId {
+				e.InsecureSkipTLSverify = true
+			}
+		}
+
+		if e != (repo.Entry{}) {
+			return &e
+		}
+	}
+
+	env := cli.New()
+
+	f, err := repo.LoadFile(env.RepositoryConfig)
+	if err != nil {
+		return nil
+	}
+
+	removeTrailingSlash := func(s string) string {
+		if len(s) == 0 {
+			return s
+		}
+		if s[len(s)-1] == '/' {
+			return s[:len(s)-1]
+		}
+		return s
+	}
+	repoUrl = removeTrailingSlash(repoUrl)
+
+	for _, e := range f.Repositories {
+		if removeTrailingSlash(e.URL) == repoUrl {
+			return e
+		}
+	}
+
+	return nil
+}
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 5739b54ed..d727ee594 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -1,6 +1,8 @@
 package commands
 
 import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
@@ -8,6 +10,8 @@ import (
 )
 
 type helmPullCmd struct {
+	args.HelmCredentials
+
 	LocalDeployment string `group:"project" help:"Local deployment directory. Defaults to current directory"`
 }
 
@@ -22,6 +26,7 @@ func (cmd *helmPullCmd) Run() error {
 	if cmd.LocalDeployment != "" {
 		rootPath = cmd.LocalDeployment
 	}
+
 	err := filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
@@ -31,6 +36,15 @@ func (cmd *helmPullCmd) Run() error {
 				s.FailedWithMessage(err.Error())
 				return err
 			}
+
+			creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
+			if chart.Config.CredentialsId != nil && creds == nil {
+				err := fmt.Errorf("no credentials provided for %s", p)
+				s.FailedWithMessage(err.Error())
+				return err
+			}
+			chart.SetCredentials(creds)
+
 			err = chart.Pull(cliCtx)
 			if err != nil {
 				s.FailedWithMessage(err.Error())
@@ -40,5 +54,10 @@ func (cmd *helmPullCmd) Run() error {
 		}
 		return nil
 	})
+
+	if err != nil {
+		return fmt.Errorf("command failed")
+	}
+
 	return err
 }
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 17dc10c71..fb6b35972 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -11,6 +12,8 @@ import (
 )
 
 type helmUpdateCmd struct {
+	args.HelmCredentials
+
 	LocalDeployment string `group:"project" help:"Local deployment directory. Defaults to current directory"`
 	Upgrade         bool   `group:"misc" help:"Write new versions into helm-chart.yml and perform helm-pull afterwards"`
 	Commit          bool   `group:"misc" help:"Create a git commit for every updated chart"`
@@ -33,14 +36,23 @@ func (cmd *helmUpdateCmd) Run() error {
 	err = filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
+			statusPrefix := filepath.Base(filepath.Dir(p))
+			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
+			defer s.Failed()
+
 			chart, err := deployment.NewHelmChart(p)
 			if err != nil {
+				s.Update("%s: Error while loading helm-chart.yaml: %v", statusPrefix, err)
 				return err
 			}
 
-			statusPrefix := filepath.Base(filepath.Dir(p))
-			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
-			defer s.Failed()
+			creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
+			if chart.Config.CredentialsId != nil && creds == nil {
+				err := fmt.Errorf("%s: No credentials provided", statusPrefix)
+				s.FailedWithMessage(err.Error())
+				return err
+			}
+			chart.SetCredentials(creds)
 
 			newVersion, updated, err := chart.CheckUpdate()
 			if err != nil {
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 93ba7e85a..7c42f2f1b 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -32,8 +32,9 @@ import (
 )
 
 type helmChart struct {
-	configFile string
-	Config     *types.HelmChartConfig
+	configFile  string
+	Config      *types.HelmChartConfig
+	credentials *repo.Entry
 }
 
 func NewHelmChart(configFile string) (*helmChart, error) {
@@ -115,15 +116,14 @@ func (c *helmChart) Pull(ctx context.Context) error {
 	a.DestDir = targetDir
 	a.Version = *c.Config.ChartVersion
 
-	s := c.getRepoSettings(a.Settings, *c.Config.Repo)
-	if s != nil {
-		a.Username = s.Username
-		a.Password = s.Password
-		a.CertFile = s.CertFile
-		a.CaFile = s.CAFile
-		a.KeyFile = s.KeyFile
-		a.InsecureSkipTLSverify = s.InsecureSkipTLSverify
-		a.PassCredentialsAll = s.PassCredentialsAll
+	if c.credentials != nil {
+		a.Username = c.credentials.Username
+		a.Password = c.credentials.Password
+		a.CertFile = c.credentials.CertFile
+		a.CaFile = c.credentials.CAFile
+		a.KeyFile = c.credentials.KeyFile
+		a.InsecureSkipTLSverify = c.credentials.InsecureSkipTLSverify
+		a.PassCredentialsAll = c.credentials.PassCredentialsAll
 	}
 
 	var out string
@@ -156,7 +156,7 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 	var latestVersion string
 
 	settings := cli.New()
-	e := c.getRepoSettings(settings, *c.Config.Repo)
+	e := c.credentials
 	if e == nil {
 		e = &repo.Entry{
 			URL: *c.Config.Repo,
@@ -352,29 +352,8 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (c *helmChart) getRepoSettings(env *cli.EnvSettings, repoUrl string) *repo.Entry {
-	f, err := repo.LoadFile(env.RepositoryConfig)
-	if err != nil {
-		return nil
-	}
-
-	removeTrailingSlash := func(s string) string {
-		if len(s) == 0 {
-			return s
-		}
-		if s[len(s)-1] == '/' {
-			return s[:len(s)-1]
-		}
-		return s
-	}
-	repoUrl = removeTrailingSlash(repoUrl)
-
-	for _, e := range f.Repositories {
-		if removeTrailingSlash(e.URL) == repoUrl {
-			return e
-		}
-	}
-	return nil
+func (c *helmChart) SetCredentials(credentials *repo.Entry) {
+	c.credentials = credentials
 }
 
 func checkIfInstallable(ch *chart.Chart) error {
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 88a960a12..3b78cd353 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,14 +1,15 @@
 package types
 
 type HelmChartConfig2 struct {
-	Repo         *string `yaml:"repo" validate:"required"`
-	ChartName    *string `yaml:"chartName,omitempty"`
-	ChartVersion *string `yaml:"chartVersion" validate:"required"`
-	ReleaseName  string  `yaml:"releaseName" validate:"required"`
-	Namespace    *string `yaml:"namespace,omitempty"`
-	Output       string  `yaml:"output" validate:"required"`
-	SkipCRDs     bool    `yaml:"skipCRDs,omitempty"`
-	SkipUpdate   bool    `yaml:"skipUpdate,omitempty"`
+	Repo          *string `yaml:"repo" validate:"required"`
+	CredentialsId *string `yaml:"credentialsId,omitempty"`
+	ChartName     *string `yaml:"chartName,omitempty"`
+	ChartVersion  *string `yaml:"chartVersion" validate:"required"`
+	ReleaseName   string  `yaml:"releaseName" validate:"required"`
+	Namespace     *string `yaml:"namespace,omitempty"`
+	Output        string  `yaml:"output" validate:"required"`
+	SkipCRDs      bool    `yaml:"skipCRDs,omitempty"`
+	SkipUpdate    bool    `yaml:"skipUpdate,omitempty"`
 }
 
 type HelmChartConfig struct {

From 660ccf8e295bd707a5134636afd99f5f0c5d64e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 09:30:45 +0200
Subject: [PATCH 0211/2268] fix: Don't let cobra print errors (rely on status
 reporting instead)

---
 cmd/kluctl/commands/root.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 56f91a2d6..f157d961e 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -184,6 +184,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	rootCmd.Version = version.GetVersion()
 	rootCmd.SilenceUsage = true
+	rootCmd.SilenceErrors = true
 
 	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
 		err := copyViperValuesToCobraCmd(cmd)

From 60f85b3e057d4401f96c984404fc271b958e2f9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 10:25:18 +0200
Subject: [PATCH 0212/2268] docs: Replace .yml with .yaml in help strings

---
 cmd/kluctl/args/images.go              |  2 +-
 cmd/kluctl/args/project.go             | 12 ++++++------
 cmd/kluctl/commands/cmd_delete.go      |  2 +-
 cmd/kluctl/commands/cmd_helm_pull.go   |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 cmd/kluctl/commands/cmd_prune.go       |  2 +-
 cmd/kluctl/commands/root.go            |  6 +++---
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index f11fba0a4..13aaf244d 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -9,7 +9,7 @@ import (
 
 type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
-	FixedImagesFile existingFileType `group:"images" help:"Use .yml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
+	FixedImagesFile existingFileType `group:"images" help:"Use .yaml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
 	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
 	OfflineImages   bool             `group:"images" help:"Omit contacting image registries and do not query for latest image tags."`
 }
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index ab9da298f..c7479b869 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -6,11 +6,11 @@ type ProjectFlags struct {
 	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
 
-	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yml config file. Defaults to $PROJECT/.kluctl.yml" exts:"yml,yaml"`
-	LocalClusters       existingDirType  `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yml"`
-	LocalDeployment     existingDirType  `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yml"`
-	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yml" `
-	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
+	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
+	LocalClusters       existingDirType  `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yaml"`
+	LocalDeployment     existingDirType  `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yaml"`
+	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
+	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yaml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
 	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." exts:"yml,yaml"`
 	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
@@ -24,5 +24,5 @@ type ArgsFlags struct {
 }
 
 type TargetFlags struct {
-	Target string `group:"project" short:"t" help:"Target name to run command for. Target must exist in .kluctl.yml."`
+	Target string `group:"project" short:"t" help:"Target name to run command for. Target must exist in .kluctl.yaml."`
 }
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 2cd7607fa..4bb602290 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -28,7 +28,7 @@ type deleteCmd struct {
 }
 
 func (cmd *deleteCmd) Help() string {
-	return `Objects are located based on 'commonLabels'', configured in 'deployment.yml'
+	return `Objects are located based on 'commonLabels', configured in 'deployment.yaml'
 
 WARNING: This command will also delete objects which are not part of your deployment
 project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index d727ee594..90d8c9fc8 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -17,7 +17,7 @@ type helmPullCmd struct {
 
 func (cmd *helmPullCmd) Help() string {
 	return `The Helm charts are stored under the sub-directory 'charts/<chart-name>' next to the
-'helm-chart.yml'. These Helm charts are meant to be added to version control so that
+'helm-chart.yaml'. These Helm charts are meant to be added to version control so that
 pulling is only needed when really required (e.g. when the chart version changes).`
 }
 
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index fb6b35972..55c30b8e8 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -15,7 +15,7 @@ type helmUpdateCmd struct {
 	args.HelmCredentials
 
 	LocalDeployment string `group:"project" help:"Local deployment directory. Defaults to current directory"`
-	Upgrade         bool   `group:"misc" help:"Write new versions into helm-chart.yml and perform helm-pull afterwards"`
+	Upgrade         bool   `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
 	Commit          bool   `group:"misc" help:"Create a git commit for every updated chart"`
 }
 
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 602d3f3a2..14d4d8790 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -21,7 +21,7 @@ type pruneCmd struct {
 func (cmd *pruneCmd) Help() string {
 	return `"Searching works by:
 
-  1. Search the cluster for all objects match 'commonLabels', as configured in 'deployment.yml''
+  1. Search the cluster for all objects match 'commonLabels', as configured in 'deployment.yaml'
   2. Render the local target and list all objects.
   3. Remove all objects from the list of 1. that are part of the list in 2.`
 }
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f157d961e..9c8e70711 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -48,8 +48,8 @@ type cli struct {
 	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
 	Diff              diffCmd              `cmd:"" help:"Perform a diff between the locally rendered target and the already deployed target"`
 	Downscale         downscaleCmd         `cmd:"" help:"Downscale all deployments"`
-	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yml' files and pulls the specified Helm charts"`
-	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yml'' files and checks for new available versions"`
+	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pulls the specified Helm charts"`
+	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
 	ListImages        listImagesCmd        `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
 	ListTargets       listTargetsCmd       `cmd:"" help:"Outputs a yaml list with all target, including dynamic targets"`
 	PokeImages        pokeImagesCmd        `cmd:"" help:"Replace all images in target"`
@@ -99,7 +99,7 @@ func (c *cli) checkNewVersion() {
 		return
 	}
 
-	versionCheckPath := filepath.Join(utils.GetTmpBaseDir(), "version_check.yml")
+	versionCheckPath := filepath.Join(utils.GetTmpBaseDir(), "version_check.yaml")
 	var versionCheckState VersionCheckState
 	err := yaml.ReadYamlFile(versionCheckPath, &versionCheckState)
 	if err == nil {

From 912ca491b55fe7637fa8827fad6f591feaa5ff74 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 10:25:50 +0200
Subject: [PATCH 0213/2268] feat: Make helm-chart.yaml output field optional

Fixes: #33
---
 pkg/deployment/helm_chart.go | 6 +++++-
 pkg/types/helm_chart.go      | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 7c42f2f1b..6d48b661c 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -79,7 +79,11 @@ func (c *helmChart) GetChartDir() (string, error) {
 
 func (c *helmChart) GetOutputPath() (string, error) {
 	dir := filepath.Dir(c.configFile)
-	return securejoin.SecureJoin(dir, c.Config.Output)
+	output := "helm-rendered.yaml"
+	if c.Config.Output != nil {
+		output = *c.Config.Output
+	}
+	return securejoin.SecureJoin(dir, output)
 }
 
 func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 3b78cd353..d5e9e4445 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -7,7 +7,7 @@ type HelmChartConfig2 struct {
 	ChartVersion  *string `yaml:"chartVersion" validate:"required"`
 	ReleaseName   string  `yaml:"releaseName" validate:"required"`
 	Namespace     *string `yaml:"namespace,omitempty"`
-	Output        string  `yaml:"output" validate:"required"`
+	Output        *string `yaml:"output,omitempty"`
 	SkipCRDs      bool    `yaml:"skipCRDs,omitempty"`
 	SkipUpdate    bool    `yaml:"skipUpdate,omitempty"`
 }

From 545187732c6197346f84f7852f8ad6b1f6ec366c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 10:42:20 +0200
Subject: [PATCH 0214/2268] feat: Show error when output file from
 helm-chart.yaml is not included

---
 pkg/deployment/deployment_item.go | 45 +++++++++++++++++++++++++------
 pkg/deployment/helm_chart.go      | 12 ++++++---
 2 files changed, 45 insertions(+), 12 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 82038c71b..783084673 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -175,6 +175,22 @@ func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPo
 			if err != nil {
 				return err
 			}
+
+			ky, err := di.readKustoimizationYaml()
+			if err == nil && ky != nil {
+				resources, _, _ := ky.GetNestedStringList("resources")
+				found := false
+				for _, r := range resources {
+					if r == chart.GetOutputPath() {
+						found = true
+						break
+					}
+				}
+				if !found {
+					return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.relRenderedDir, chart.GetOutputPath())
+				}
+			}
+
 			return chart.Render(di.Project.ctx, k)
 		})
 		return nil
@@ -285,20 +301,37 @@ func (di *DeploymentItem) checkInclusionForDelete() bool {
 	return di.Inclusion.CheckIncluded(values, di.Config.SkipDeleteIfTags)
 }
 
-func (di *DeploymentItem) prepareKustomizationYaml() error {
+func (di *DeploymentItem) readKustoimizationYaml() (*uo.UnstructuredObject, error) {
 	if di.dir == nil {
-		return nil
+		return nil, nil
 	}
 
 	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, "kustomization.yml"))
 	if !utils.IsFile(kustomizeYamlPath) {
-		return nil
+		return nil, nil
 	}
 
 	ky, err := uo.FromFile(kustomizeYamlPath)
+	if err != nil {
+		return nil, err
+	}
+
+	return ky, err
+}
+
+func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) error {
+	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, "kustomization.yml"))
+	return yaml.WriteYamlFile(kustomizeYamlPath, ky)
+}
+
+func (di *DeploymentItem) prepareKustomizationYaml() error {
+	ky, err := di.readKustoimizationYaml()
 	if err != nil {
 		return err
 	}
+	if ky == nil {
+		return nil
+	}
 
 	overrideNamespace := di.Project.getOverrideNamespace()
 	if overrideNamespace != nil {
@@ -315,11 +348,7 @@ func (di *DeploymentItem) prepareKustomizationYaml() error {
 	di.WaitReadiness = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/wait-readiness"))
 
 	// Save modified kustomize.yml
-	err = yaml.WriteYamlFile(kustomizeYamlPath, ky)
-	if err != nil {
-		return err
-	}
-	return nil
+	return di.writeKustomizationYaml(ky)
 }
 
 func (di *DeploymentItem) buildKustomize() error {
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 6d48b661c..b41313276 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -77,13 +77,17 @@ func (c *helmChart) GetChartDir() (string, error) {
 	return securejoin.SecureJoin(targetDir, chartName)
 }
 
-func (c *helmChart) GetOutputPath() (string, error) {
-	dir := filepath.Dir(c.configFile)
+func (c *helmChart) GetOutputPath() string {
 	output := "helm-rendered.yaml"
 	if c.Config.Output != nil {
 		output = *c.Config.Output
 	}
-	return securejoin.SecureJoin(dir, output)
+	return output
+}
+
+func (c *helmChart) GetFullOutputPath() (string, error) {
+	dir := filepath.Dir(c.configFile)
+	return securejoin.SecureJoin(dir, c.GetOutputPath())
 }
 
 func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
@@ -215,7 +219,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	if err != nil {
 		return err
 	}
-	outputPath, err := c.GetOutputPath()
+	outputPath, err := c.GetFullOutputPath()
 	if err != nil {
 		return err
 	}

From 76a47b0fc19dcef3c5d5ca4fc077aef69feaa1ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 10:42:47 +0200
Subject: [PATCH 0215/2268] fix: Show cluster config warning only once

---
 pkg/kluctl_project/project.go        | 3 +++
 pkg/kluctl_project/target_context.go | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 98a460568..bb59ce9b2 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"regexp"
 )
 
@@ -31,6 +32,8 @@ type LoadedKluctlProject struct {
 
 	J2  *jinja2.Jinja2
 	GRC *git.MirroredGitRepoCollection
+
+	warnOnce utils.OnceByKey
 }
 
 func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 400d9a118..d42151d32 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -191,7 +191,9 @@ func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName
 	var clusterConfig *types.ClusterConfig
 
 	if clusterName != nil {
-		status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
+		p.warnOnce.Do("cluster-config", func() {
+			status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
+		})
 
 		clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, *clusterName)
 		if err != nil {

From 22be586f40e10538f96f82601da232faf327f7a6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 10:51:44 +0200
Subject: [PATCH 0216/2268] build: Upgrade kustomize to 4.5.5

---
 go.mod |  7 ++++---
 go.sum | 11 ++++++-----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 8ba0c8880..81f4d83f7 100644
--- a/go.mod
+++ b/go.mod
@@ -48,8 +48,8 @@ require (
 	k8s.io/client-go v0.24.0-rc.1
 	k8s.io/klog/v2 v2.60.1
 	sigs.k8s.io/kind v0.12.0
-	sigs.k8s.io/kustomize/api v0.11.4
-	sigs.k8s.io/kustomize/kyaml v0.13.6
+	sigs.k8s.io/kustomize/api v0.11.5
+	sigs.k8s.io/kustomize/kyaml v0.13.7
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1
 )
 
@@ -112,6 +112,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -190,7 +191,7 @@ require (
 	k8s.io/apiserver v0.23.6 // indirect
 	k8s.io/cli-runtime v0.24.0-rc.1 // indirect
 	k8s.io/component-base v0.24.0-rc.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
+	k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 // indirect
 	k8s.io/kubectl v0.23.5 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	oras.land/oras-go v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index fe9ab20ed..f79fe67a1 100644
--- a/go.sum
+++ b/go.sum
@@ -2025,8 +2025,9 @@ k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H
 k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 h1:E3J9oCLlaobFUqsjG9DfKbP2BmgwBL2p7pn0A3dG9W4=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
+k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 h1:nqYOUleKLC/0P1zbU29F5q6aoezM6MOAVz+iyfQbZ5M=
+k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
 k8s.io/kubectl v0.23.5 h1:DmDULqCaF4qstj0Im143XmncvqWtJxHzK8IrW2BzlU0=
 k8s.io/kubectl v0.23.5/go.mod h1:lLgw7cVY8xbd7o637vOXPca/w6HC205KsPCRDYRCxwE=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
@@ -2053,13 +2054,13 @@ sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz
 sigs.k8s.io/kind v0.12.0 h1:LFynXwQkH1MrWI8pM1FQty0oUwEKjU5EkMaVZaPld8E=
 sigs.k8s.io/kind v0.12.0/go.mod h1:EcgDSBVxz8Bvm19fx8xkioFrf9dC30fMJdOTXBSGNoM=
 sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8=
-sigs.k8s.io/kustomize/api v0.11.4 h1:/0Mr3kfBBNcNPOW5Qwk/3eb8zkswCwnqQxxKtmrTkRo=
-sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
+sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag=
+sigs.k8s.io/kustomize/api v0.11.5/go.mod h1:2UDpxS6AonWXow2ZbySd4AjUxmdXLeTlvGBC46uSiq8=
 sigs.k8s.io/kustomize/cmd/config v0.10.2/go.mod h1:K2aW7nXJ0AaT+VA/eO0/dzFLxmpFcTzudmAgDwPY1HQ=
 sigs.k8s.io/kustomize/kustomize/v4 v4.4.1/go.mod h1:qOKJMMz2mBP+vcS7vK+mNz4HBLjaQSWRY22EF6Tb7Io=
 sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E=
-sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs=
-sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
+sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3tk=
+sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=

From 3eb682a11f9bc81d1cfac8d86b9b2a9a888ed323 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 11:01:11 +0200
Subject: [PATCH 0217/2268] build: Update all dependencies

---
 go.mod |   94 +++---
 go.sum | 1027 +++++++++++++++++++++++---------------------------------
 2 files changed, 467 insertions(+), 654 deletions(-)

diff --git a/go.mod b/go.mod
index 81f4d83f7..f9447d54d 100644
--- a/go.mod
+++ b/go.mod
@@ -5,68 +5,60 @@ go 1.18
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.1
+	github.com/aws/aws-sdk-go v1.44.19
 	github.com/bitnami-labs/sealed-secrets v0.17.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/gammazero/workerpool v1.1.2
 	github.com/go-git/go-git/v5 v5.4.2
-	github.com/go-playground/validator/v10 v10.10.1
+	github.com/go-playground/validator/v10 v10.11.0
 	github.com/gobwas/glob v0.2.3
 	github.com/goccy/go-yaml v1.9.5
 	github.com/golang-jwt/jwt/v4 v4.4.1
-	github.com/google/go-containerregistry v0.8.0
+	github.com/google/go-containerregistry v0.9.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/klauspost/compress v1.15.2
+	github.com/klauspost/compress v1.15.4
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/ohler55/ojg v1.14.0
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.8.0
+	github.com/rogpeppe/go-internal v1.8.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.10.0
+	github.com/spf13/viper v1.11.0
 	github.com/stretchr/testify v1.7.1
 	github.com/vbauerster/mpb/v7 v7.4.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.1
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
+	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
+	golang.org/x/sync v0.0.0-20220513210516-0976fa681c29
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
 	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
 	golang.org/x/text v0.3.7
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
-	helm.sh/helm/v3 v3.8.2
-	k8s.io/api v0.24.0-rc.1
-	k8s.io/apiextensions-apiserver v0.23.6
-	k8s.io/apimachinery v0.24.0-rc.1
-	k8s.io/client-go v0.24.0-rc.1
+	gopkg.in/yaml.v3 v3.0.0
+	helm.sh/helm/v3 v3.9.0
+	k8s.io/api v0.24.1-rc.0
+	k8s.io/apiextensions-apiserver v0.24.0
+	k8s.io/apimachinery v0.24.1-rc.0
+	k8s.io/client-go v0.24.1-rc.0
 	k8s.io/klog/v2 v2.60.1
-	sigs.k8s.io/kind v0.12.0
+	sigs.k8s.io/kind v0.14.0
 	sigs.k8s.io/kustomize/api v0.11.5
 	sigs.k8s.io/kustomize/kyaml v0.13.7
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1
 )
 
-replace (
-	k8s.io/api => k8s.io/api v0.23.5
-	k8s.io/apimachinery => k8s.io/apimachinery v0.23.5
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.5
-	k8s.io/client-go => k8s.io/client-go v0.23.5
-	k8s.io/component-base => k8s.io/component-base v0.23.5
-)
-
 require (
 	cloud.google.com/go/compute v1.6.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
@@ -74,9 +66,9 @@ require (
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/Masterminds/squirrel v1.5.2 // indirect
+	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
@@ -85,19 +77,20 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
-	github.com/containerd/containerd v1.6.3 // indirect
+	github.com/containerd/containerd v1.6.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.14+incompatible // indirect
-	github.com/docker/docker v20.10.14+incompatible // indirect
+	github.com/docker/cli v20.10.16+incompatible // indirect
+	github.com/docker/docker v20.10.16+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/gammazero/deque v0.1.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
@@ -112,12 +105,11 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -133,9 +125,9 @@ require (
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/lib/pq v1.10.5 // indirect
+	github.com/lib/pq v1.10.6 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
@@ -143,7 +135,7 @@ require (
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.4.3 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
@@ -152,12 +144,14 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
+	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.34.0 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
@@ -166,8 +160,8 @@ require (
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/spf13/afero v1.6.0 // indirect
-	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
@@ -176,23 +170,23 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
-	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
+	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
-	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
+	golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46 // indirect
-	google.golang.org/grpc v1.46.0 // indirect
+	google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect
+	google.golang.org/grpc v1.46.2 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/ini.v1 v1.66.4 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.23.6 // indirect
-	k8s.io/cli-runtime v0.24.0-rc.1 // indirect
-	k8s.io/component-base v0.24.0-rc.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 // indirect
-	k8s.io/kubectl v0.23.5 // indirect
+	k8s.io/apiserver v0.24.0 // indirect
+	k8s.io/cli-runtime v0.24.0 // indirect
+	k8s.io/component-base v0.24.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 // indirect
+	k8s.io/kubectl v0.24.0 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	oras.land/oras-go v1.1.1 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
diff --git a/go.sum b/go.sum
index f79fe67a1..851e2a68e 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,11 @@
-bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
-bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
+4d63.com/gochecknoglobals v0.1.0/go.mod h1:wfdC5ZjKSPr7CybKEcgJhUOgeAQW1+7WcyK8OvUilfo=
+bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
@@ -13,10 +14,12 @@ cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.60.0/go.mod h1:yw2G51M9IfRboUH61Us8GqCeF1PzPblB823Mn2q2eAU=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
@@ -27,7 +30,6 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
@@ -45,41 +47,39 @@ cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLq
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
+cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/pubsub v1.5.0/go.mod h1:ZEwJccE3z93Z2HWvstpri00jOg7oO4UZDtKhwDwqF0w=
+cloud.google.com/go/spanner v1.7.0/go.mod h1:sd3K2gZ9Fd0vMPLXzeCrF6fq4i63Q7aTLW/lBIfBkIk=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
-github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Antonboom/errname v0.1.5/go.mod h1:DugbBstvPFQbv/5uLcRRzfrNqKE9tVdVCqWCLp6Cifo=
+github.com/Antonboom/nilnil v0.1.0/go.mod h1:PhHLvRPSghY5Y7mX4TW+BHZQYo1A8flE5H20D3IPZBo=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest v0.11.20/go.mod h1:o3tqFY+QR40VOlk+pV4d77mORO64jOXSgEnPQgLK6JY=
 github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
 github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
-github.com/Azure/go-autorest/autorest/adal v0.9.15/go.mod h1:tGMin8I49Yij6AQ+rvV+Xa/zwxYQB5hmsd6DkfAx2+A=
-github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
+github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
@@ -88,65 +88,45 @@ github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/
 github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
-github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Masterminds/squirrel v1.5.2 h1:UiOEi2ZX4RCSkpiNDQN5kro/XIBpSRk9iTqdIRPzUXE=
-github.com/Masterminds/squirrel v1.5.2/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
-github.com/Masterminds/vcs v1.13.3/go.mod h1:TiE7xuEjl1N4j016moRd6vezp6e6Lz23gypeXfzXeW8=
-github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
+github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
-github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
-github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
-github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
-github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
 github.com/Microsoft/hcsshim v0.9.2 h1:wB06W5aYFfUB3IvootYAY2WnOmIdgPGfqSI6tufQNnY=
-github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
-github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 h1:cSHEbLj0GZeHM1mWG84qEnGFojNEQ83W7cwaPRjcwXU=
-github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b h1:lcbBNuQhppsc7A5gjdHmdlqUqJfgGMylBdGyDs0j7G8=
+github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
+github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -160,60 +140,55 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
-github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk=
+github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE=
+github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
+github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
+github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.34.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.44.1 h1:w34ZmPT6K4NTd7Yap1P7SLXPTii0ABmBz3KEh4KJdKc=
-github.com/aws/aws-sdk-go v1.44.1/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/ashanbrown/forbidigo v1.2.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI=
+github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9Dnez7/ESBqc4EdrdNlryeo7d0KcW1ftXHm7nU/UU=
+github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go v1.44.19 h1:dhI6p4l6kisnA7gBAM8sP5YIk0bZ9HNAj7yrK7kcfdU=
+github.com/aws/aws-sdk-go v1.44.19/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bitnami-labs/sealed-secrets v0.17.5 h1:v5ENZRSrgog3GnFr8fWfVtrUTPlZlNlbsjaro9mn6YY=
 github.com/bitnami-labs/sealed-secrets v0.17.5/go.mod h1:ZgGUqKixr/SRpsG8LVXnuneyZG7DOX/+eCRvXi8SVjo=
-github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
-github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
-github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
+github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec=
+github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
+github.com/breml/bidichk v0.1.1/go.mod h1:zbfeitpevDUGI7V91Uzzuwrn4Vls8MoBMrwtt78jmso=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
-github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@@ -222,20 +197,11 @@ github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cb
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
-github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
-github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
+github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
+github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -246,129 +212,28 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
-github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
-github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
-github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
-github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E=
-github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss=
-github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
-github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
-github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ=
-github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
-github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
-github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
-github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
-github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
-github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
-github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
-github.com/containerd/containerd v1.6.3 h1:JfgUEIAH07xDWk6kqz0P3ArZt+KJ9YeihSC9uyFtSKg=
-github.com/containerd/containerd v1.6.3/go.mod h1:gCVGrYRYFm2E8GmuUIbj/NGD7DLZQLzSJQazjVKDOig=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo=
-github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
-github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
-github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
-github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
-github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU=
-github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk=
-github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g=
-github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0=
-github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA=
-github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow=
-github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms=
-github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4=
-github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
-github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
-github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
-github.com/containerd/stargz-snapshotter/estargz v0.10.1 h1:hd1EoVjI2Ax8Cr64tdYqnJ4i4pZU49FkEf5kU8KxQng=
-github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
-github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
-github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
-github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw=
-github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y=
-github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY=
-github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y=
-github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE=
-github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
-github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containerd/containerd v1.6.4 h1:SEDZBp10mhCp+hkO3Njz/YhGrI7ah3edNcUlRdUPOgg=
+github.com/containerd/containerd v1.6.4/go.mod h1:oWOqbuJUZmOVafhA0lj2NAXbiO1u7F0K5l1bUgdyo94=
+github.com/containerd/stargz-snapshotter/estargz v0.11.4 h1:LjrYUZpyOhiSaU7hHrdR82/RBoxfGWSaC0VeSSMXqnk=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -376,62 +241,43 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
-github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
-github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
-github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
+github.com/daixiang0/gci v0.2.9/go.mod h1:+4dZ7TISfSmqfAGv59ePaHfNzgGtIkHAhhdKggP1JAc=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
+github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCFFnBUn4RN0nRcs1LJA=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
-github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684/go.mod h1:UfCu3YXJJCI+IdnqGgYP82dk2+Joxmv+mUTVBES6wac=
-github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
-github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v20.10.12+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v20.10.14+incompatible h1:dSBKJOVesDgHo7rbxlYjYsXe7gPzrTT+/cKQgpDAazg=
-github.com/docker/cli v20.10.14+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
-github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/cli v20.10.16+incompatible h1:aLQ8XowgKpR3/IysPj8qZQJBVQ+Qws61icFuZl6iKYs=
+github.com/docker/cli v20.10.16+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w=
-github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
+github.com/docker/docker v20.10.16+incompatible h1:2Db6ZR/+FUR3hqPMwnogOPHFn405crbpxvWzKovETOQ=
+github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
-github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
-github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -444,11 +290,11 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/esimonov/ifshort v1.0.3/go.mod h1:yZqNJUrNn20K8Q9n2CrjTKYyVEmX209Hgu+M1LBpeZE=
+github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
 github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -464,30 +310,33 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
+github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
-github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
 github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
 github.com/gammazero/deque v0.1.0/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
 github.com/gammazero/deque v0.1.1 h1:xRVkDuSvDmFuMGf3IquHuRc2jlL0+v/WpFCWaauzwbE=
 github.com/gammazero/deque v0.1.1/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
 github.com/gammazero/workerpool v1.1.2 h1:vuioDQbgrz4HoaCi2q1HLlOXdpbap5AET7xu5/qj87g=
 github.com/gammazero/workerpool v1.1.2/go.mod h1:UelbXcO0zCIGFcufcirHhq2/xtLXJdQ29qZNlXG9OjQ=
-github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -505,7 +354,6 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gorp/gorp/v3 v3.0.2 h1:ULqJXIekoqMx29FI5ekXXFoH1dT2Vc8UhnRzBg+Emz4=
 github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
-github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
@@ -516,30 +364,19 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU=
@@ -553,41 +390,43 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
-github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX91eVn1JYXMWt7ig=
-github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
+github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
+github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
+github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
+github.com/go-toolsmith/astequal v1.0.1/go.mod h1:4oGA3EZXTVItV/ipGiOx7NWkY5veFfcsOJVS2YxltLw=
+github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
+github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU=
+github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
+github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc=
+github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
+github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
+github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
+github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
-github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
 github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
-github.com/gobuffalo/packr/v2 v2.8.1/go.mod h1:c/PLlOuTU+p3SybaJATW3H6lX/iK7xEz5OeMf+NnJpg=
 github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-yaml v1.9.5 h1:Eh/+3uk9kLxG4koCX6lRMAPS1OaMSAi+FJcya0INdB0=
 github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
-github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
-github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -615,6 +454,7 @@ github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -634,17 +474,29 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
+github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
+github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8=
+github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
+github.com/golangci/golangci-lint v1.43.0/go.mod h1:VIFlUqidx5ggxDfQagdvd9E67UjMXtTHBkBQ7sHoC5Q=
+github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
+github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
+github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
+github.com/golangci/revgrep v0.0.0-20210930125155-c22e5001d4f2/go.mod h1:LK+zW4MpyytAWQRz0M4xnzEk50lSvqDQKfx304apFkY=
+github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
 github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
-github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
-github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
+github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
 github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
-github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
+github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
+github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs=
 github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
+github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
+github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -660,9 +512,8 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
-github.com/google/go-containerregistry v0.8.0 h1:mtR24eN6rapCN+shds82qFEIWWmg64NPMuyCNT7/Ogc=
-github.com/google/go-containerregistry v0.8.0/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI=
+github.com/google/go-containerregistry v0.9.0 h1:5Ths7RjxyFV0huKChQTgY6fLzvHhZMpLTFNja8U0/0w=
+github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVonaJ7yaIOulrKZejMxnQ=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -677,9 +528,11 @@ github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
@@ -688,10 +541,11 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/trillian v1.3.11/go.mod h1:0tPraVHrSDkA3BO6vKX67zgLXs6SsOAbHEivX+9mPgw=
+github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@@ -700,21 +554,31 @@ github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pf
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
-github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=
-github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
+github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
+github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
+github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254/go.mod h1:M9mZEtGIsR1oDaZagNPNG9iq9n2HrhZ17dsXk73V3Lw=
+github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75/go.mod h1:g2644b03hfBX9Ov0ZBDgXXens4rxSxmqFBbhvKv2yVA=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
-github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
-github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
+github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
+github.com/gostaticanalysis/analysisutil v0.1.0/go.mod h1:dMhHRU9KTiDcuLGdy87/2gTR8WruwYZrKdRq9m1O6uw=
+github.com/gostaticanalysis/analysisutil v0.4.1/go.mod h1:18U/DLpRgIUd459wGxVHE0fRgmo1UgHDcbw7F5idXu0=
+github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=
+github.com/gostaticanalysis/comment v1.3.0/go.mod h1:xMicKDx7XRXYdVwY9f9wQpDJVnqWxw9wCauCMKp+IBI=
+github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado=
+github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM=
+github.com/gostaticanalysis/forcetypeassert v0.0.0-20200621232751-01d4955beaa5/go.mod h1:qZEedyP/sY1lTGV1uJ3VhWZ2mqag3IkWsDHVbplHXak=
+github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
+github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
+github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -722,37 +586,32 @@ github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJr
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
+github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
-github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -762,58 +621,55 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
-github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
-github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
-github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
+github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ=
-github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
+github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
+github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
+github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
+github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
-github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/josharian/txtarfs v0.0.0-20210218200122-0702f000015a/go.mod h1:izVPOvVRsHiKkeGCT6tYBNWyDVuzj9wAaBb5R9qamfw=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -821,9 +677,11 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/karrick/godirwalk v1.15.8/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/julz/importas v0.0.0-20210419104244-841f0c0fe66d/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
+github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -832,12 +690,12 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/errcheck v1.6.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.2 h1:3WH+AG7s2+T8o3nrM/8u2rdqUEcQhmga7smjrT41nAw=
-github.com/klauspost/compress v1.15.2/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ=
+github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -850,52 +708,64 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kulti/thelper v0.4.0/go.mod h1:vMu2Cizjy/grP+jmsvOFDx1kYP6+PD1lqg4Yu5exl2U=
+github.com/kunwardeep/paralleltest v1.0.3/go.mod h1:vLydzomDFpk7yu5UX02RmP0H8QfRPOV/oFhWN85Mjb4=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+github.com/ldez/gomoddirectives v0.2.2/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
+github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ=
-github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
+github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
-github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
+github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
+github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
 github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
 github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
 github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
-github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
+github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
+github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -908,25 +778,28 @@ github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
+github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
+github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
+github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
+github.com/mgechev/revive v1.1.2/go.mod h1:bnXsMr+ZTH09V5rssEI+jHAZ4z+ZdyhgO/zsy3EhK+0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4=
@@ -947,25 +820,18 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
-github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
+github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
-github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A=
 github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
-github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
-github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
-github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
-github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -975,18 +841,28 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/moricho/tparallel v0.2.1/go.mod h1:fXEIZxG2vdfl0ZF8b42f5a78EhjjD5mX8qUplsoSU4k=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
+github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8=
+github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo=
+github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
+github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
+github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nishanths/exhaustive v0.2.3/go.mod h1:bhIX678Nx8inLM9PbpvK1yv6oGtoP8BfaIeMzgBNKvc=
+github.com/nishanths/predeclared v0.0.0-20190419143655-18a43bb90ffc/go.mod h1:62PewwiQTlm/7Rj+cxVYqZvDIUc+JjZq6GHAC1fsObQ=
+github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB9sbB1usJ+xjQE=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@@ -994,129 +870,103 @@ github.com/ohler55/ojg v1.14.0 h1:DyHomsCwofNswmKj7BLMdx51xnKbXxgIo1rVWCaBcNk=
 github.com/ohler55/ojg v1.14.0/go.mod h1:3+GH+0PggMKocQtbZCrFifal3yRpHiBT4QUkxFJI6e8=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
 github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
-github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
+github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec=
-github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
-github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc=
-github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
-github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
-github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
+github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198/go.mod h1:j4h1pJW6ZcJTgMZWP3+7RlG3zTaP02aDZ/Qw0sppK7Q=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
+github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
-github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
+github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349/go.mod h1:wi9BfjxjF/bwiZ701TzmfKu6UKC357IOAtNr0Td0Lvw=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
+github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE=
 github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/pseudomuto/protoc-gen-doc v1.3.2/go.mod h1:y5+P6n3iGrbKG+9O04V5ld71in3v/bX88wUwgt+U8EA=
+github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q=
+github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
+github.com/quasilyte/go-ruleguard v0.3.1-0.20210203134552-1b5a410e1cc8/go.mod h1:KsAh3x0e7Fkpgs+Q9pNLS5XpFSvYCEVl5gP9Pp1xp30=
+github.com/quasilyte/go-ruleguard v0.3.13/go.mod h1:Ul8wwdqR6kBVOCt2dipDBkE+T6vAV/iixkrKuRTN1oQ=
+github.com/quasilyte/go-ruleguard/dsl v0.3.0/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
+github.com/quasilyte/go-ruleguard/dsl v0.3.10/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
+github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc=
+github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50=
+github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
@@ -1124,11 +974,12 @@ github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rubenv/sql-migrate v0.0.0-20210614095031-55d5740dbbcc/go.mod h1:HFLT6i9iR4QBOF5rdCyjddC9t59ArqWJV2xx+jwcCMo=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v1.1.1 h1:haR5Hn8hbW9/SpAICrXoZqXnywS7Q5WijwkQENPeNWY=
 github.com/rubenv/sql-migrate v1.1.1/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@@ -1136,25 +987,24 @@ github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3V
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryancurrah/gomodguard v1.2.3/go.mod h1:rYbA/4Tg5c54mV1sv4sQTP5WOPBcoLtnBZ7/TEhXAbg=
+github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
-github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
+github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE=
+github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/securego/gosec/v2 v2.9.1/go.mod h1:oDcDLcatOJxkCGaCaq8lua1jTnYf6Sou4wdiJ1n4iHc=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
+github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
-github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -1162,52 +1012,52 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5NbprB0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
+github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI=
+github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
-github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
+github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
+github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
 github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.10.0 h1:mXH0UwHS4D2HwWZa75im4xIQynLfblmWV7qcWpfv0yk=
-github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
-github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
+github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
+github.com/spf13/viper v1.11.0 h1:7OX/1FS6n7jHD1zGrZTM7WtY13ZELRyosK4k93oPr44=
+github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk=
+github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1218,39 +1068,39 @@ github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMT
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
+github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
+github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
+github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
+github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
+github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
+github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
+github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
+github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/tomarrell/wrapcheck/v2 v2.4.0/go.mod h1:68bQ/eJg55BROaRTbMjC7vuhL2OgfoG8bLp9ZyoBfyY=
+github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
+github.com/tommy-muehle/go-mnd/v2 v2.4.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
+github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/uudashr/gocognit v1.0.5/go.mod h1:wgYz0mitoKOTysqxTDMOUXg+Jb5SvtihkfmugIZYpEA=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
+github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
+github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
 github.com/vbauerster/mpb/v7 v7.4.1 h1:NhLMWQ3gNg2KJR8oeA9lO8Xvq+eNPmixDmB6JEQOUdA=
 github.com/vbauerster/mpb/v7 v7.4.1/go.mod h1:Ygg2mV9Vj9sQBWqsK2m2pidcf9H3s6bNKtqd3/M4gBo=
-github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
-github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
-github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
-github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo=
 github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
@@ -1259,14 +1109,18 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMc
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
 github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
 github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc=
+github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
+github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1275,29 +1129,26 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
+go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6yfWfDmlWd35khcWpUa4L0xI/k=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
-go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
 go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
+go.etcd.io/etcd/client/v3 v3.5.1/go.mod h1:OnjH4M8OnAotwaB2l9bVgZzRFKru7/ZMoS46OtKyd3Q=
 go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
 go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
 go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
-go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
+go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1308,68 +1159,61 @@ go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
 go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs=
 go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
-go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs=
 go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
 go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
-go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ=
 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
-golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
+golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1380,6 +1224,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1406,11 +1251,10 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1421,17 +1265,15 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1439,6 +1281,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -1447,7 +1290,6 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1459,24 +1301,20 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y=
+golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1493,7 +1331,6 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
@@ -1503,14 +1340,16 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 h1:w8s32wxx3sY+OjLlv9qltkLU5yvJzxjjgiHWLjdIcw4=
+golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1518,6 +1357,7 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1525,17 +1365,10 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1545,55 +1378,41 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1602,7 +1421,6 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1613,19 +1431,16 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1634,11 +1449,10 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
 golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1658,32 +1472,40 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190307163923-6a08e3108db3/go.mod h1:25r3+/G6/xytQM8iWZKq3Hn0kr0rgFKPUNVEL/dr3z4=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190321232350-e250d351ecad/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190916130336-e45ffcd953cc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1691,9 +1513,11 @@ golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -1702,47 +1526,72 @@ golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200308013534-11ec41452d41/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200324003944-a576cf524670/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200422022333-3d57cf2e726e/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200624225443-88f3c62a19ff/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200625211823-6506e20df31f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200626171337-aa94e735be7f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200630154851-b2d8b0336632/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200706234117-b22de6825cf7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200831203904-5a2aa26beb65/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201002184944-ecd9fd270d5d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201028025901-8cd080b735b3/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201114224030-61ea331ec02b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201118003311-bd56c0adb394/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201230224404-63754364767c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
+golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM=
+golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df h1:5Pf6pFKu98ODmgnpvkJ3kFUOQGGLIzLIkbzUHp47618=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
@@ -1769,9 +1618,7 @@ google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6
 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
 google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
 google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
 google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
 google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
@@ -1782,26 +1629,27 @@ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9Ywl
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk=
+google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
@@ -1816,8 +1664,9 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200707001353-8e8330bf89df/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1825,11 +1674,12 @@ google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1850,11 +1700,7 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
@@ -1870,12 +1716,11 @@ google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46 h1:G1IeWbjrqEq9ChWxEuRPJu6laA67+XgTFHVSAvepr38=
-google.golang.org/genproto v0.0.0-20220426171045-31bebdecfb46/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd h1:e0TwkXOdbnH/1x5rc5MZ/VYyiZ4v+RdVfrGMqEwT68I=
+google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
@@ -1885,6 +1730,7 @@ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.0/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
@@ -1902,12 +1748,11 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ=
+google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1924,31 +1769,28 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/gorp.v1 v1.7.2/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw=
+gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI=
-gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
+gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
@@ -1959,21 +1801,21 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.6/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-helm.sh/helm/v3 v3.8.2 h1:HDhe2nKek976VLMPZlIgJbNqwcqvHYBp1qy+sXQ4jiY=
-helm.sh/helm/v3 v3.8.2/go.mod h1:NxtE2KObf2PrzDl6SIamPFPKyAqWi10iWuvKlQn/Yao=
+helm.sh/helm/v3 v3.9.0 h1:qDSWViuF6SzZX5s5AB/NVRGWmdao7T5j4S4ebIkMGag=
+helm.sh/helm/v3 v3.9.0/go.mod h1:fzZfyslcPAWwSdkXrXlpKexFeE2Dei8N27FFQWt+PN0=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1981,90 +1823,67 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
-k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8=
-k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ=
-k8s.io/apiextensions-apiserver v0.23.6 h1:v58cQ6Z0/GK1IXYr+oW0fnYl52o9LTY0WgoWvI8uv5Q=
-k8s.io/apiextensions-apiserver v0.23.6/go.mod h1:YVh17Mphv183THQJA5spNFp9XfoidFyL3WoDgZxQIZU=
-k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
-k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
-k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU=
-k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM=
-k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q=
-k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ=
-k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw=
-k8s.io/apiserver v0.23.6 h1:p94LiXcsSnpSDIl4cv98liBuFKcaygSCNopFNfMg/Ac=
-k8s.io/apiserver v0.23.6/go.mod h1:5PU32F82tfErXPmf7FXhd/UcuLfh97tGepjKUgJ2atg=
-k8s.io/cli-runtime v0.23.5 h1:Z7XUpGoJZYZB2uNjQfJjMbyDKyVkoBGye62Ap0sWQHY=
-k8s.io/cli-runtime v0.23.5/go.mod h1:oY6QDF2qo9xndSq32tqcmRp2UyXssdGrLfjAVymgbx4=
-k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8=
-k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4=
-k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0=
-k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
-k8s.io/code-generator v0.23.6/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk=
-k8s.io/component-base v0.23.5 h1:8qgP5R6jG1BBSXmRYW+dsmitIrpk8F/fPEvgDenMCCE=
-k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0=
-k8s.io/component-helpers v0.23.5/go.mod h1:5riXJgjTIs+ZB8xnf5M2anZ8iQuq37a0B/0BgoPQuSM=
-k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI=
-k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc=
-k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4=
+honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
+k8s.io/api v0.24.0/go.mod h1:5Jl90IUrJHUJYEMANRURMiVvJ0g7Ax7r3R1bqO8zx8I=
+k8s.io/api v0.24.1-rc.0 h1:qCZcUZ/YVXVVacShyNgyEHSUGxrWwIlDGAU1XpyMhYs=
+k8s.io/api v0.24.1-rc.0/go.mod h1:IXhQwEOq8wx1Hmtm/YCNjyQ3XaeIUH0NP5Zsc0aF5Js=
+k8s.io/apiextensions-apiserver v0.24.0 h1:JfgFqbA8gKJ/uDT++feAqk9jBIwNnL9YGdQvaI9DLtY=
+k8s.io/apiextensions-apiserver v0.24.0/go.mod h1:iuVe4aEpe6827lvO6yWQVxiPSpPoSKVjkq+MIdg84cM=
+k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apimachinery v0.24.1-rc.0 h1:mjcDse2fEbUbiSZYU83NxdLUXlCSprcMlQVgNWn6tGk=
+k8s.io/apimachinery v0.24.1-rc.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apiserver v0.24.0 h1:GR7kGsjOMfilRvlG3Stxv/3uz/ryvJ/aZXc5pqdsNV0=
+k8s.io/apiserver v0.24.0/go.mod h1:WFx2yiOMawnogNToVvUYT9nn1jaIkMKj41ZYCVycsBA=
+k8s.io/cli-runtime v0.24.0 h1:ot3Qf49T852uEyNApABO1UHHpFIckKK/NqpheZYN2gM=
+k8s.io/cli-runtime v0.24.0/go.mod h1:9XxoZDsEkRFUThnwqNviqzljtT/LdHtNWvcNFrAXl0A=
+k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw=
+k8s.io/client-go v0.24.1-rc.0 h1:FoTsvkV8oz2FTORlpAR6TgRQMcdzGVIGQkjc7VrwZ40=
+k8s.io/client-go v0.24.1-rc.0/go.mod h1:6VdmspONsQ+gV2AsYugsRaVSYOEUm3Trd16aQJgJahU=
+k8s.io/code-generator v0.24.0/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
+k8s.io/component-base v0.24.0 h1:h5jieHZQoHrY/lHG+HyrSbJeyfuitheBvqvKwKHVC0g=
+k8s.io/component-base v0.24.0/go.mod h1:Dgazgon0i7KYUsS8krG8muGiMVtUZxG037l1MKyXgrA=
+k8s.io/component-helpers v0.24.0/go.mod h1:Q2SlLm4h6g6lPTC9GMMfzdywfLSvJT2f1hOnnjaWD8c=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
-k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
-k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
-k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 h1:nqYOUleKLC/0P1zbU29F5q6aoezM6MOAVz+iyfQbZ5M=
+k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
-k8s.io/kubectl v0.23.5 h1:DmDULqCaF4qstj0Im143XmncvqWtJxHzK8IrW2BzlU0=
-k8s.io/kubectl v0.23.5/go.mod h1:lLgw7cVY8xbd7o637vOXPca/w6HC205KsPCRDYRCxwE=
-k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-k8s.io/metrics v0.23.5/go.mod h1:WNAtV2a5BYbmDS8+7jSqYYV6E3efuGTpIwJ8PTD1wgs=
-k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 h1:nBQrWPlrNIiw0BsX6a6MKr1itkm0ZS0Nl97kNLitFfI=
+k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
+k8s.io/kubectl v0.24.0 h1:nA+WtMLVdXUs4wLogGd1mPTAesnLdBpCVgCmz3I7dXo=
+k8s.io/kubectl v0.24.0/go.mod h1:pdXkmCyHiRTqjYfyUJiXtbVNURhv0/Q1TyRhy2d5ic0=
+k8s.io/metrics v0.24.0/go.mod h1:jrLlFGdKl3X+szubOXPG0Lf2aVxuV3QJcbsgVRAM6fI=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
+mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
+mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
+mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE=
 oras.land/oras-go v1.1.1 h1:gI00ftziRivKXaw1BdMeEoIA4uBgga33iVlOsEwefFs=
 oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
-sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
-sigs.k8s.io/kind v0.12.0 h1:LFynXwQkH1MrWI8pM1FQty0oUwEKjU5EkMaVZaPld8E=
-sigs.k8s.io/kind v0.12.0/go.mod h1:EcgDSBVxz8Bvm19fx8xkioFrf9dC30fMJdOTXBSGNoM=
-sigs.k8s.io/kustomize/api v0.10.1/go.mod h1:2FigT1QN6xKdcnGS2Ppp1uIWrtWN28Ms8A3OZUZhwr8=
+sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
+sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
+sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
 sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag=
 sigs.k8s.io/kustomize/api v0.11.5/go.mod h1:2UDpxS6AonWXow2ZbySd4AjUxmdXLeTlvGBC46uSiq8=
-sigs.k8s.io/kustomize/cmd/config v0.10.2/go.mod h1:K2aW7nXJ0AaT+VA/eO0/dzFLxmpFcTzudmAgDwPY1HQ=
-sigs.k8s.io/kustomize/kustomize/v4 v4.4.1/go.mod h1:qOKJMMz2mBP+vcS7vK+mNz4HBLjaQSWRY22EF6Tb7Io=
-sigs.k8s.io/kustomize/kyaml v0.13.0/go.mod h1:FTJxEZ86ScK184NpGSAQcfEqee0nul8oLCK30D47m4E=
+sigs.k8s.io/kustomize/cmd/config v0.10.6/go.mod h1:/S4A4nUANUa4bZJ/Edt7ZQTyKOY9WCER0uBS1SW2Rco=
+sigs.k8s.io/kustomize/kustomize/v4 v4.5.4/go.mod h1:Zo/Xc5FKD6sHl0lilbrieeGeZHVYCA4BzxeAaLI05Bg=
+sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
 sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3tk=
 sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

From 630e7db136b0b02914f9ea94fd4fe8bdbc6dd6d4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 13:41:26 +0200
Subject: [PATCH 0218/2268] fix: Fix false positive error about not included
 rendered helm resource

We must take sub directories into account when checking for inclusion of
rendered helm charts.
---
 pkg/deployment/deployment_item.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 783084673..c8a5d92a2 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -171,12 +171,17 @@ func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPo
 		}
 
 		wp.Submit(func() error {
+			subDir, err := filepath.Rel(di.renderedDir, filepath.Dir(p))
+			if err != nil {
+				return err
+			}
+
 			chart, err := NewHelmChart(p)
 			if err != nil {
 				return err
 			}
 
-			ky, err := di.readKustoimizationYaml()
+			ky, err := di.readKustoimizationYaml(subDir)
 			if err == nil && ky != nil {
 				resources, _, _ := ky.GetNestedStringList("resources")
 				found := false
@@ -301,12 +306,12 @@ func (di *DeploymentItem) checkInclusionForDelete() bool {
 	return di.Inclusion.CheckIncluded(values, di.Config.SkipDeleteIfTags)
 }
 
-func (di *DeploymentItem) readKustoimizationYaml() (*uo.UnstructuredObject, error) {
+func (di *DeploymentItem) readKustoimizationYaml(subDir string) (*uo.UnstructuredObject, error) {
 	if di.dir == nil {
 		return nil, nil
 	}
 
-	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, "kustomization.yml"))
+	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, subDir, "kustomization.yml"))
 	if !utils.IsFile(kustomizeYamlPath) {
 		return nil, nil
 	}
@@ -325,7 +330,7 @@ func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) erro
 }
 
 func (di *DeploymentItem) prepareKustomizationYaml() error {
-	ky, err := di.readKustoimizationYaml()
+	ky, err := di.readKustoimizationYaml("")
 	if err != nil {
 		return err
 	}

From d1904f53b19d84ebf387d13d9fb6feb44f99dca6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 13:43:01 +0200
Subject: [PATCH 0219/2268] chore: Fix typo in readKustomizationYaml

---
 pkg/deployment/deployment_item.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index c8a5d92a2..65d303bfd 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -181,7 +181,7 @@ func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPo
 				return err
 			}
 
-			ky, err := di.readKustoimizationYaml(subDir)
+			ky, err := di.readKustomizationYaml(subDir)
 			if err == nil && ky != nil {
 				resources, _, _ := ky.GetNestedStringList("resources")
 				found := false
@@ -306,7 +306,7 @@ func (di *DeploymentItem) checkInclusionForDelete() bool {
 	return di.Inclusion.CheckIncluded(values, di.Config.SkipDeleteIfTags)
 }
 
-func (di *DeploymentItem) readKustoimizationYaml(subDir string) (*uo.UnstructuredObject, error) {
+func (di *DeploymentItem) readKustomizationYaml(subDir string) (*uo.UnstructuredObject, error) {
 	if di.dir == nil {
 		return nil, nil
 	}
@@ -330,7 +330,7 @@ func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) erro
 }
 
 func (di *DeploymentItem) prepareKustomizationYaml() error {
-	ky, err := di.readKustoimizationYaml("")
+	ky, err := di.readKustomizationYaml("")
 	if err != nil {
 		return err
 	}

From f079878f0a97b510a18f4c2c8a22d5015c03112c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 16:59:04 +0200
Subject: [PATCH 0220/2268] fix: Get rid of pathType

The implementation was broken and it actually doesn't make sense to have it.
---
 cmd/kluctl/args/cobra_types.go    | 21 ---------------------
 cmd/kluctl/args/misc.go           |  2 +-
 cmd/kluctl/args/project.go        |  2 +-
 cmd/kluctl/commands/cmd_render.go |  2 +-
 cmd/kluctl/commands/utils.go      |  4 ++--
 5 files changed, 5 insertions(+), 26 deletions(-)

diff --git a/cmd/kluctl/args/cobra_types.go b/cmd/kluctl/args/cobra_types.go
index 7989383a1..c6907ea51 100644
--- a/cmd/kluctl/args/cobra_types.go
+++ b/cmd/kluctl/args/cobra_types.go
@@ -64,24 +64,3 @@ func (s *existingDirType) Type() string {
 }
 
 func (s *existingDirType) String() string { return string(*s) }
-
-type pathType string
-
-func (s *pathType) Set(val string) error {
-	if val != "-" {
-		val = utils.ExpandPath(val)
-	}
-	if !utils.Exists(val) {
-		return fmt.Errorf("%s does not exist", val)
-	}
-	if !utils.IsDirectory(val) {
-		return fmt.Errorf("%s exists but is not a directory", val)
-	}
-	*s = pathType(val)
-	return nil
-}
-func (s *pathType) Type() string {
-	return "path"
-}
-
-func (s *pathType) String() string { return string(*s) }
diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 86ef05ae5..196f52872 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -44,5 +44,5 @@ type OutputFlags struct {
 }
 
 type RenderOutputDirFlags struct {
-	RenderOutputDir pathType `group:"misc" help:"Specifies the target directory to render the project into. If omitted, a temporary directory is used."`
+	RenderOutputDir string `group:"misc" help:"Specifies the target directory to render the project into. If omitted, a temporary directory is used."`
 }
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index c7479b869..f1b35c3fb 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -12,7 +12,7 @@ type ProjectFlags struct {
 	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
 	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yaml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
 	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." exts:"yml,yaml"`
-	OutputMetadata      pathType         `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
+	OutputMetadata      string           `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
 	Cluster             string           `group:"project" help:"Specify/Override cluster"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index c22b242af..3aabf8cf0 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -26,7 +26,7 @@ func (cmd *renderCmd) Run() error {
 		if err != nil {
 			return err
 		}
-		_ = cmd.RenderOutputDir.Set(p)
+		cmd.RenderOutputDir = p
 	}
 
 	ptArgs := projectTargetCommandArgs{
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 8dab17d0d..388396f30 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -87,7 +87,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		if err != nil {
 			return err
 		}
-		err = ioutil.WriteFile(projectFlags.OutputMetadata.String(), b, 0o640)
+		err = ioutil.WriteFile(projectFlags.OutputMetadata, b, 0o640)
 		if err != nil {
 			return err
 		}
@@ -148,7 +148,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		return err
 	}
 
-	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir.String()
+	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
 		tmpDir, err := ioutil.TempDir(p.TmpDir, "rendered")
 		if err != nil {

From f0f94803256d63453627d2b6e42dae8a83671838 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 May 2022 17:07:25 +0200
Subject: [PATCH 0221/2268] refactor: Move loading of individual include into
 own function

---
 pkg/deployment/deployment_project.go | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 6ac7de718..17e5e306c 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -162,24 +162,32 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 
 		incDir := filepath.Join(p.dir, *inc.Include)
 
-		varsCtx := p.VarsCtx.Copy()
-		err := p.loadVarsList(varsCtx, inc.Vars)
+		newProject, err := p.loadLocalInclude(k, incDir, inc.Vars)
 		if err != nil {
 			return err
 		}
 
-		newProject, err := NewDeploymentProject(p.ctx, k, p.varsLoader, varsCtx, incDir,
-			p.SealedSecretsDir, p)
-		if err != nil {
-			return err
-		}
 		newProject.parentProjectInclude = inc
-
 		p.includes[i] = newProject
 	}
 	return nil
 }
 
+func (p *DeploymentProject) loadLocalInclude(k *k8s.K8sCluster, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
+	varsCtx := p.VarsCtx.Copy()
+	err := p.loadVarsList(varsCtx, vars)
+	if err != nil {
+		return nil, err
+	}
+
+	newProject, err := NewDeploymentProject(p.ctx, k, p.varsLoader, varsCtx, incDir, p.SealedSecretsDir, p)
+	if err != nil {
+		return nil, err
+	}
+
+	return newProject, nil
+}
+
 func (p *DeploymentProject) getSealedSecretsDir() string {
 	root := p.getRootProject()
 	if root.Config.SealedSecrets == nil || root.Config.SealedSecrets.OutputPattern == nil {

From 7b4713fda338d747702f2264a520f88ebb77ebd6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 10:07:01 +0200
Subject: [PATCH 0222/2268] refactor: Introduce SharedContext for deployment
 projects and collections

---
 cmd/kluctl/commands/cmd_delete.go       |  4 +--
 cmd/kluctl/commands/cmd_deploy.go       |  2 +-
 cmd/kluctl/commands/cmd_diff.go         |  2 +-
 cmd/kluctl/commands/cmd_downscale.go    |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go  |  2 +-
 cmd/kluctl/commands/cmd_prune.go        |  4 +--
 cmd/kluctl/commands/cmd_render.go       |  2 +-
 cmd/kluctl/commands/cmd_seal.go         |  8 +++---
 cmd/kluctl/commands/cmd_validate.go     |  2 +-
 cmd/kluctl/commands/completion.go       |  2 +-
 cmd/kluctl/commands/utils.go            |  2 +-
 pkg/deployment/commands/seal.go         | 20 +++++++------
 pkg/deployment/deployment_collection.go | 35 +++++++++++------------
 pkg/deployment/deployment_item.go       | 25 +++++++++-------
 pkg/deployment/deployment_project.go    | 38 ++++++++++---------------
 pkg/deployment/shared_context.go        | 17 +++++++++++
 pkg/kluctl_project/target_context.go    | 20 +++++++++----
 17 files changed, 104 insertions(+), 83 deletions(-)
 create mode 100644 pkg/deployment/shared_context.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 4bb602290..4911d9479 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -55,11 +55,11 @@ func (cmd *deleteCmd) Run() error {
 
 		cmd2.OverrideDeleteByLabels = deleteByLabels
 
-		objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+		objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
-		result, err := confirmedDeleteObjects(ctx.targetCtx.K, objects, cmd.DryRun, cmd.Yes)
+		result, err := confirmedDeleteObjects(ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 1e514ca9b..a2b6d70a9 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -63,7 +63,7 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 		cb = nil
 	}
 
-	result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K, cb)
+	result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K, cb)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 7b2efec67..bc6fcc211 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -43,7 +43,7 @@ func (cmd *diffCmd) Run() error {
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index d3a0ffc10..304b5cb1c 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -44,7 +44,7 @@ func (cmd *downscaleCmd) Run() error {
 
 		cmd2 := commands.NewDownscaleCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index c7121e515..67e7c5d0a 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -44,7 +44,7 @@ func (cmd *pokeImagesCmd) Run() error {
 
 		cmd2 := commands.NewPokeImagesCommand(ctx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 14d4d8790..d9c25852a 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -43,11 +43,11 @@ func (cmd *pruneCmd) Run() error {
 
 func (cmd *pruneCmd) runCmdPrune(ctx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(ctx.targetCtx.DeploymentCollection)
-	objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+	objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 	if err != nil {
 		return err
 	}
-	result, err := confirmedDeleteObjects(ctx.targetCtx.K, objects, cmd.DryRun, cmd.Yes)
+	result, err := confirmedDeleteObjects(ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 3aabf8cf0..190760e8d 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -37,7 +37,7 @@ func (cmd *renderCmd) Run() error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.DeploymentCollection.RenderDir)
+		status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.SharedContext.RenderDir)
 		return nil
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 6749b559d..531fb13b4 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -44,7 +44,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 
 	// pass forSeal=True so that .sealme files are rendered as well
 	return withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
-		err := ctx.targetCtx.DeploymentCollection.RenderDeployments(ctx.targetCtx.K)
+		err := ctx.targetCtx.DeploymentCollection.RenderDeployments()
 		if err != nil {
 			return doFail(err)
 		}
@@ -60,7 +60,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 		if p.Config.SecretsConfig == nil || p.Config.SecretsConfig.SealedSecrets == nil || p.Config.SecretsConfig.SealedSecrets.Bootstrap == nil || *p.Config.SecretsConfig.SealedSecrets.Bootstrap {
-			err = seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.K, sealedSecretsNamespace)
+			err = seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace)
 			if err != nil {
 				return doFail(err)
 			}
@@ -70,7 +70,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 		if err != nil {
 			return doFail(err)
 		}
-		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
+		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
 		if err != nil {
 			return doFail(err)
 		}
@@ -82,7 +82,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			outputPattern = *ctx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern
 		}
 
-		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection, outputPattern)
+		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection, outputPattern, ctx.targetCtx.SharedContext.RenderDir, ctx.targetCtx.SharedContext.SealedSecretsDir)
 		err = cmd2.Run(sealer)
 
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 308f1abfb..b34d90a0d 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -39,7 +39,7 @@ func (cmd *validateCmd) Run() error {
 		startTime := time.Now()
 		cmd2 := commands.NewValidateCommand(ctx.ctx, ctx.targetCtx.DeploymentCollection)
 		for true {
-			result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.K)
+			result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
 			if err != nil {
 				return err
 			}
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index a541ab565..5b94c0964 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -204,7 +204,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 				wg.Add(1)
 				go func() {
 					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
-						err := ctx.targetCtx.DeploymentCollection.Prepare(nil)
+						err := ctx.targetCtx.DeploymentCollection.Prepare()
 						if err != nil {
 							status.Error(cliCtx, err.Error())
 						}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 388396f30..12c89660b 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -172,7 +172,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	if !args.forSeal && !args.forCompletion {
-		err = targetCtx.DeploymentCollection.Prepare(targetCtx.K)
+		err = targetCtx.DeploymentCollection.Prepare()
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index 0397133ca..c8c3e37a5 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -11,29 +11,33 @@ import (
 )
 
 type SealCommand struct {
-	c             *deployment.DeploymentCollection
-	outputPattern string
+	c                *deployment.DeploymentCollection
+	outputPattern    string
+	renderDir        string
+	sealedSecretsDir string
 }
 
-func NewSealCommand(c *deployment.DeploymentCollection, outputPattern string) *SealCommand {
+func NewSealCommand(c *deployment.DeploymentCollection, outputPattern string, renderDir string, sealedSecretsDir string) *SealCommand {
 	return &SealCommand{
-		c:             c,
-		outputPattern: outputPattern,
+		c:                c,
+		outputPattern:    outputPattern,
+		renderDir:        renderDir,
+		sealedSecretsDir: sealedSecretsDir,
 	}
 }
 
 func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
-	err := filepath.WalkDir(cmd.c.RenderDir, func(p string, d fs.DirEntry, err error) error {
+	err := filepath.WalkDir(cmd.renderDir, func(p string, d fs.DirEntry, err error) error {
 		if !strings.HasSuffix(p, deployment.SealmeExt) {
 			return nil
 		}
 
-		relPath, err := filepath.Rel(cmd.c.RenderDir, p)
+		relPath, err := filepath.Rel(cmd.renderDir, p)
 		if err != nil {
 			return err
 		}
 		relTargetFile := filepath.Join(filepath.Dir(relPath), cmd.outputPattern, filepath.Base(p))
-		targetFile, err := securejoin.SecureJoin(cmd.c.Project.SealedSecretsDir, relTargetFile)
+		targetFile, err := securejoin.SecureJoin(cmd.sealedSecretsDir, relTargetFile)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 03883a86c..d25503c77 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -3,7 +3,6 @@ package deployment
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -14,25 +13,23 @@ import (
 )
 
 type DeploymentCollection struct {
-	ctx context.Context
+	ctx SharedContext
 
 	Project   *DeploymentProject
 	Images    *Images
 	Inclusion *utils.Inclusion
-	RenderDir string
 	forSeal   bool
 
 	Deployments []*DeploymentItem
 	mutex       sync.Mutex
 }
 
-func NewDeploymentCollection(ctx context.Context, project *DeploymentProject, images *Images, inclusion *utils.Inclusion, renderDir string, forSeal bool) (*DeploymentCollection, error) {
+func NewDeploymentCollection(ctx SharedContext, project *DeploymentProject, images *Images, inclusion *utils.Inclusion, forSeal bool) (*DeploymentCollection, error) {
 	dc := &DeploymentCollection{
 		ctx:       ctx,
 		Project:   project,
 		Images:    images,
 		Inclusion: inclusion,
-		RenderDir: renderDir,
 		forSeal:   forSeal,
 	}
 
@@ -49,7 +46,7 @@ func (c *DeploymentCollection) createBarrierDummy(project *DeploymentProject) *D
 	tmpDiConfig := &types.DeploymentItemConfig{
 		Barrier: true,
 	}
-	di, err := NewDeploymentItem(project, c, tmpDiConfig, nil, 0)
+	di, err := NewDeploymentItem(c.ctx, project, c, tmpDiConfig, nil, 0)
 	if err != nil {
 		panic(err)
 	}
@@ -97,7 +94,7 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 			}
 		} else {
 			index, dir2 := findDeploymentItemIndex(project, diConfig.Path, indexes)
-			di, err := NewDeploymentItem(project, c, diConfig, dir2, index)
+			di, err := NewDeploymentItem(c.ctx, project, c, diConfig, dir2, index)
 			if err != nil {
 				return nil, err
 			}
@@ -108,8 +105,8 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 	return ret, nil
 }
 
-func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
-	s := status.Start(c.ctx, "Rendering templates")
+func (c *DeploymentCollection) RenderDeployments() error {
+	s := status.Start(c.ctx.Ctx, "Rendering templates")
 	defer s.Failed()
 
 	wp := utils.NewDebuggerAwareWorkerPool(16)
@@ -127,11 +124,11 @@ func (c *DeploymentCollection) RenderDeployments(k *k8s.K8sCluster) error {
 	}
 	s.Success()
 
-	s = status.Start(c.ctx, "Rendering Helm Charts")
+	s = status.Start(c.ctx.Ctx, "Rendering Helm Charts")
 	defer s.Failed()
 
 	for _, d := range c.Deployments {
-		err := d.renderHelmCharts(k, wp)
+		err := d.renderHelmCharts(wp)
 		if err != nil {
 			return err
 		}
@@ -159,7 +156,7 @@ func (c *DeploymentCollection) resolveSealedSecrets() error {
 	return nil
 }
 
-func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
+func (c *DeploymentCollection) buildKustomizeObjects() error {
 	var wg sync.WaitGroup
 	var errs []error
 	var mutex sync.Mutex
@@ -171,7 +168,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 		mutex.Unlock()
 	}
 
-	s := status.Start(c.ctx, "Building kustomize objects")
+	s := status.Start(c.ctx.Ctx, "Building kustomize objects")
 	for _, d_ := range c.Deployments {
 		d := d_
 
@@ -192,7 +189,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 	}
 	s.Success()
 
-	s = status.Start(c.ctx, "Postprocessing objects")
+	s = status.Start(c.ctx.Ctx, "Postprocessing objects")
 	for _, d_ := range c.Deployments {
 		d := d_
 
@@ -202,7 +199,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 			if err != nil {
 				handleError(fmt.Errorf("loading objects failed: %w", err))
 			} else {
-				err = d.postprocessCRDs(k)
+				err = d.postprocessCRDs()
 				if err != nil {
 					handleError(fmt.Errorf("postprocessing CRDs failed: %w", err))
 				}
@@ -220,7 +217,7 @@ func (c *DeploymentCollection) buildKustomizeObjects(k *k8s.K8sCluster) error {
 			_ = sem.Acquire(context.Background(), 1)
 			defer sem.Release(1)
 
-			err := d.postprocessObjects(k, c.Images)
+			err := d.postprocessObjects(c.Images)
 			if err != nil {
 				mutex.Lock()
 				errs = append(errs, fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err))
@@ -259,8 +256,8 @@ func (c *DeploymentCollection) LocalObjectRefs() []k8s2.ObjectRef {
 	return ret
 }
 
-func (c *DeploymentCollection) Prepare(k *k8s.K8sCluster) error {
-	err := c.RenderDeployments(k)
+func (c *DeploymentCollection) Prepare() error {
+	err := c.RenderDeployments()
 	if err != nil {
 		return err
 	}
@@ -268,7 +265,7 @@ func (c *DeploymentCollection) Prepare(k *k8s.K8sCluster) error {
 	if err != nil {
 		return err
 	}
-	err = c.buildKustomizeObjects(k)
+	err = c.buildKustomizeObjects()
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 65d303bfd..b07ff59a9 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -21,6 +21,8 @@ import (
 const SealmeExt = ".sealme"
 
 type DeploymentItem struct {
+	ctx SharedContext
+
 	Project   *DeploymentProject
 	Inclusion *utils.Inclusion
 	Config    *types.DeploymentItemConfig
@@ -42,8 +44,9 @@ type DeploymentItem struct {
 	renderedYamlPath    string
 }
 
-func NewDeploymentItem(project *DeploymentProject, collection *DeploymentCollection, config *types.DeploymentItemConfig, dir *string, index int) (*DeploymentItem, error) {
+func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection *DeploymentCollection, config *types.DeploymentItemConfig, dir *string, index int) (*DeploymentItem, error) {
 	di := &DeploymentItem{
+		ctx:       ctx,
 		Project:   project,
 		Inclusion: collection.Inclusion,
 		Config:    config,
@@ -80,7 +83,7 @@ func NewDeploymentItem(project *DeploymentProject, collection *DeploymentCollect
 			di.relRenderedDir = fmt.Sprintf("%s-%d", di.relRenderedDir, di.index)
 		}
 
-		di.renderedDir = filepath.Join(collection.RenderDir, di.relRenderedDir)
+		di.renderedDir = filepath.Join(collection.ctx.RenderDir, di.relRenderedDir)
 		di.renderedYamlPath = filepath.Join(di.renderedDir, ".rendered.yml")
 	}
 	return di, nil
@@ -160,7 +163,7 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 	return nil
 }
 
-func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPoolWithErrors) error {
+func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error {
 	if di.dir == nil {
 		return nil
 	}
@@ -196,7 +199,7 @@ func (di *DeploymentItem) renderHelmCharts(k *k8s.K8sCluster, wp *utils.WorkerPo
 				}
 			}
 
-			return chart.Render(di.Project.ctx, k)
+			return chart.Render(di.ctx.Ctx, di.ctx.K)
 		})
 		return nil
 	})
@@ -212,7 +215,7 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 	}
 
 	sealedSecretsDir := di.Project.getSealedSecretsDir()
-	baseSourcePath := di.Project.SealedSecretsDir
+	baseSourcePath := di.Project.ctx.SealedSecretsDir
 
 	renderedDir := filepath.Join(di.renderedDir, subdir)
 
@@ -419,7 +422,7 @@ var crdGV = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourc
 
 // postprocessCRDs will update api resources from freshly deployed CRDs
 // value even if the CRD is not deployed yet.
-func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
+func (di *DeploymentItem) postprocessCRDs() error {
 	if di.dir == nil {
 		return nil
 	}
@@ -430,7 +433,7 @@ func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
 			continue
 		}
 
-		err := k.Resources.UpdateResourcesFromCRD(o)
+		err := di.ctx.K.Resources.UpdateResourcesFromCRD(o)
 		if err != nil {
 			return err
 		}
@@ -438,7 +441,7 @@ func (di *DeploymentItem) postprocessCRDs(k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images) error {
+func (di *DeploymentItem) postprocessObjects(images *Images) error {
 	if di.dir == nil {
 		return nil
 	}
@@ -451,8 +454,8 @@ func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images)
 		commonAnnotations := di.getCommonAnnotations()
 
 		_ = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-			if k != nil {
-				k.Resources.FixNamespace(o, "default")
+			if di.ctx.K != nil {
+				di.ctx.K.Resources.FixNamespace(o, "default")
 			}
 
 			// Set common labels/annotations
@@ -460,7 +463,7 @@ func (di *DeploymentItem) postprocessObjects(k *k8s.K8sCluster, images *Images)
 			o.SetK8sAnnotations(uo.CopyMergeStrMap(o.GetK8sAnnotations(), commonAnnotations))
 
 			// Resolve image placeholders
-			err := images.ResolvePlaceholders(k, o, di.relRenderedDir, di.Tags.ListKeys())
+			err := images.ResolvePlaceholders(di.ctx.K, o, di.relRenderedDir, di.Tags.ListKeys())
 			if err != nil {
 				errList = append(errList, err)
 			}
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 17e5e306c..96985f625 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -1,9 +1,7 @@
 package deployment
 
 import (
-	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -14,16 +12,12 @@ import (
 )
 
 type DeploymentProject struct {
-	ctx context.Context
+	ctx SharedContext
 
-	varsLoader *vars.VarsLoader
-	VarsCtx    *vars.VarsCtx
+	VarsCtx *vars.VarsCtx
 
 	dir string
 
-	SealedSecretsDir                  string
-	DefaultSealedSecretsOutputPattern string
-
 	Config types.DeploymentProjectConfig
 
 	includes map[int]*DeploymentProject
@@ -32,15 +26,13 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsLoader *vars.VarsLoader, varsCtx *vars.VarsCtx, dir string, sealedSecretsDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, dir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
-		ctx:              ctx,
-		varsLoader:       varsLoader,
-		VarsCtx:          varsCtx.Copy(),
-		dir:              dir,
-		SealedSecretsDir: sealedSecretsDir,
-		parentProject:    parentProject,
-		includes:         map[int]*DeploymentProject{},
+		ctx:           ctx,
+		VarsCtx:       varsCtx.Copy(),
+		dir:           dir,
+		parentProject: parentProject,
+		includes:      map[int]*DeploymentProject{},
 	}
 
 	if !utils.IsDirectory(dir) {
@@ -52,7 +44,7 @@ func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsLoader *va
 		return nil, fmt.Errorf("failed to load deployment config for %s: %w", dir, err)
 	}
 
-	err = dp.loadIncludes(k)
+	err = dp.loadIncludes()
 	if err != nil {
 		return nil, fmt.Errorf("failed to load includes for %s: %w", dir, err)
 	}
@@ -61,7 +53,7 @@ func NewDeploymentProject(ctx context.Context, k *k8s.K8sCluster, varsLoader *va
 }
 
 func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*types.VarsSource) error {
-	return p.varsLoader.LoadVarsList(varsCtx, varsList, p.getRenderSearchDirs(), "")
+	return p.ctx.VarsLoader.LoadVarsList(varsCtx, varsList, p.getRenderSearchDirs(), "")
 }
 
 func (p *DeploymentProject) loadConfig() error {
@@ -154,7 +146,7 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 	return nil
 }
 
-func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
+func (p *DeploymentProject) loadIncludes() error {
 	for i, inc := range p.Config.Deployments {
 		if inc.Include == nil {
 			continue
@@ -162,7 +154,7 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 
 		incDir := filepath.Join(p.dir, *inc.Include)
 
-		newProject, err := p.loadLocalInclude(k, incDir, inc.Vars)
+		newProject, err := p.loadLocalInclude(incDir, inc.Vars)
 		if err != nil {
 			return err
 		}
@@ -173,14 +165,14 @@ func (p *DeploymentProject) loadIncludes(k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (p *DeploymentProject) loadLocalInclude(k *k8s.K8sCluster, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
+func (p *DeploymentProject) loadLocalInclude(incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
 	varsCtx := p.VarsCtx.Copy()
 	err := p.loadVarsList(varsCtx, vars)
 	if err != nil {
 		return nil, err
 	}
 
-	newProject, err := NewDeploymentProject(p.ctx, k, p.varsLoader, varsCtx, incDir, p.SealedSecretsDir, p)
+	newProject, err := NewDeploymentProject(p.ctx, varsCtx, incDir, p)
 	if err != nil {
 		return nil, err
 	}
@@ -191,7 +183,7 @@ func (p *DeploymentProject) loadLocalInclude(k *k8s.K8sCluster, incDir string, v
 func (p *DeploymentProject) getSealedSecretsDir() string {
 	root := p.getRootProject()
 	if root.Config.SealedSecrets == nil || root.Config.SealedSecrets.OutputPattern == nil {
-		return root.DefaultSealedSecretsOutputPattern
+		return p.ctx.DefaultSealedSecretsOutputPattern
 	}
 	return *root.Config.SealedSecrets.OutputPattern
 }
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
new file mode 100644
index 000000000..9ee8dd233
--- /dev/null
+++ b/pkg/deployment/shared_context.go
@@ -0,0 +1,17 @@
+package deployment
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
+)
+
+type SharedContext struct {
+	Ctx        context.Context
+	K          *k8s.K8sCluster
+	VarsLoader *vars.VarsLoader
+
+	RenderDir                         string
+	SealedSecretsDir                  string
+	DefaultSealedSecretsOutputPattern string
+}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index d42151d32..79fccfc7d 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -17,10 +17,11 @@ import (
 )
 
 type TargetContext struct {
+	SharedContext deployment.SharedContext
+
 	KluctlProject        *LoadedKluctlProject
 	Target               *types.Target
 	ClusterContext       string
-	K                    *k8s.K8sCluster
 	DeploymentProject    *deployment.DeploymentProject
 	DeploymentCollection *deployment.DeploymentCollection
 }
@@ -73,23 +74,30 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		}
 	}
 
-	d, err := deployment.NewDeploymentProject(ctx, k, varsLoader, varsCtx, deploymentDir, p.sealedSecretsDir, nil)
+	dctx := deployment.SharedContext{
+		Ctx:                               ctx,
+		K:                                 k,
+		VarsLoader:                        varsLoader,
+		RenderDir:                         renderOutputDir,
+		SealedSecretsDir:                  p.sealedSecretsDir,
+		DefaultSealedSecretsOutputPattern: targetName,
+	}
+
+	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deploymentDir, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	d.DefaultSealedSecretsOutputPattern = targetName
-
-	c, err := deployment.NewDeploymentCollection(ctx, d, images, inclusion, renderOutputDir, forSeal)
+	c, err := deployment.NewDeploymentCollection(dctx, d, images, inclusion, forSeal)
 	if err != nil {
 		return nil, err
 	}
 
 	targetCtx := &TargetContext{
+		SharedContext:        dctx,
 		KluctlProject:        p,
 		Target:               target,
 		ClusterContext:       clusterContext,
-		K:                    k,
 		DeploymentProject:    d,
 		DeploymentCollection: c,
 	}

From a3efdc0e703384adc665918e966f646ac7313d67 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 10:15:41 +0200
Subject: [PATCH 0223/2268] refactor: Store rootDir, relDir and absDir in
 DeploymentProject

---
 pkg/deployment/deployment_collection.go |  2 +-
 pkg/deployment/deployment_item.go       | 20 ++-----
 pkg/deployment/deployment_project.go    | 75 ++++++++++++-------------
 pkg/kluctl_project/target_context.go    |  2 +-
 4 files changed, 43 insertions(+), 56 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index d25503c77..04b5c77a0 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -59,7 +59,7 @@ func findDeploymentItemIndex(project *DeploymentProject, pth *string, indexes ma
 	}
 	var dir2 *string
 	index := 0
-	dir := filepath.Join(project.dir, *pth)
+	dir := filepath.Join(project.absDir, *pth)
 	absDir, err := filepath.Abs(dir)
 	if err != nil {
 		// we pre-checked directories, so this should not happen
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b07ff59a9..457998d63 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -36,7 +36,6 @@ type DeploymentItem struct {
 	Objects []*uo.UnstructuredObject
 	Tags    *utils.OrderedMap
 
-	relProjectDir       string
 	RelToRootItemDir    string
 	RelToProjectItemDir string
 	relRenderedDir      string
@@ -60,20 +59,13 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 	di.Tags = di.Project.getTags()
 	di.Tags.SetMultiple(di.Config.Tags, true)
 
-	rootProject := di.Project.getRootProject()
-
-	di.relProjectDir, err = filepath.Rel(rootProject.dir, di.Project.dir)
-	if err != nil {
-		return nil, err
-	}
-
 	if di.dir != nil {
-		di.RelToRootItemDir, err = filepath.Rel(rootProject.dir, *di.dir)
+		di.RelToRootItemDir, err = filepath.Rel(di.Project.rootDir, *di.dir)
 		if err != nil {
 			return nil, err
 		}
 
-		di.RelToProjectItemDir, err = filepath.Rel(di.relProjectDir, di.RelToRootItemDir)
+		di.RelToProjectItemDir, err = filepath.Rel(di.Project.relDir, di.RelToRootItemDir)
 		if err != nil {
 			return nil, err
 		}
@@ -115,8 +107,6 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 		return nil
 	}
 
-	rootDir := di.Project.getRootProject().dir
-
 	err := os.MkdirAll(di.renderedDir, 0o700)
 	if err != nil {
 		return err
@@ -157,7 +147,7 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 	}
 
 	wp.Submit(func() error {
-		return varsCtx.RenderDirectory(rootDir, di.Project.getRenderSearchDirs(), di.relProjectDir, excludePatterns, di.RelToProjectItemDir, di.renderedDir)
+		return varsCtx.RenderDirectory(di.Project.rootDir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.renderedDir)
 	})
 
 	return nil
@@ -220,7 +210,7 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 	renderedDir := filepath.Join(di.renderedDir, subdir)
 
 	// ensure we're not leaving the project
-	_, err := securejoin.SecureJoin(di.Project.getRootProject().dir, subdir)
+	_, err := securejoin.SecureJoin(di.Project.rootDir, subdir)
 	if err != nil {
 		return err
 	}
@@ -251,7 +241,7 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 		}
 		fname := filepath.Base(p)
 
-		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", filepath.Clean(filepath.Join(di.Project.dir, resource)))
+		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", filepath.Clean(filepath.Join(di.Project.absDir, resource)))
 
 		// ensure we're not leaving the .sealed-secrets dir
 		sourcePath, err := securejoin.SecureJoin(baseSourcePath, filepath.Join(di.relRenderedDir, subdir, relDir, sealedSecretsDir, fname))
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 96985f625..e125d54b9 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -16,7 +17,9 @@ type DeploymentProject struct {
 
 	VarsCtx *vars.VarsCtx
 
-	dir string
+	rootDir string
+	relDir  string
+	absDir  string
 
 	Config types.DeploymentProjectConfig
 
@@ -26,20 +29,28 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, dir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, rootDir string, relDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
 		ctx:           ctx,
 		VarsCtx:       varsCtx.Copy(),
-		dir:           dir,
+		rootDir:       rootDir,
+		relDir:        relDir,
 		parentProject: parentProject,
 		includes:      map[int]*DeploymentProject{},
 	}
 
+	dir, err := securejoin.SecureJoin(dp.rootDir, dp.relDir)
+	if err != nil {
+		return nil, err
+	}
+
 	if !utils.IsDirectory(dir) {
 		return nil, fmt.Errorf("%s does not exist or is not a directory", dir)
 	}
 
-	err := dp.loadConfig()
+	dp.absDir = dir
+
+	err = dp.loadConfig()
 	if err != nil {
 		return nil, fmt.Errorf("failed to load deployment config for %s: %w", dir, err)
 	}
@@ -57,15 +68,15 @@ func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*type
 }
 
 func (p *DeploymentProject) loadConfig() error {
-	configPath := filepath.Join(p.dir, "deployment.yml")
+	configPath := filepath.Join(p.absDir, "deployment.yml")
 	if !yaml.Exists(configPath) {
-		if yaml.Exists(filepath.Join(p.dir, "kustomization.yml")) {
-			return fmt.Errorf("deployment.yml not found but folder %s contains a kustomization.yml", p.dir)
+		if yaml.Exists(filepath.Join(p.absDir, "kustomization.yml")) {
+			return fmt.Errorf("deployment.yml not found but folder %s contains a kustomization.yml", p.absDir)
 		}
-		return fmt.Errorf("%s not found", p.dir)
+		return fmt.Errorf("%s not found", configPath)
 	}
 
-	err := p.VarsCtx.RenderYamlFile(yaml.FixNameExt(p.dir, "deployment.yml"), p.getRenderSearchDirs(), &p.Config)
+	err := p.VarsCtx.RenderYamlFile(yaml.FixNameExt(p.absDir, "deployment.yml"), p.getRenderSearchDirs(), &p.Config)
 	if err != nil {
 		return fmt.Errorf("failed to load deployment.yml: %w", err)
 	}
@@ -104,41 +115,28 @@ func (p *DeploymentProject) loadConfig() error {
 }
 
 func (p *DeploymentProject) checkDeploymentDirs() error {
-	rootProject := p.getRootProject()
 	for _, di := range p.Config.Deployments {
-		if di.Path == nil && di.Include == nil {
+		if di.Path == nil {
 			continue
 		}
 
-		var pth string
-		if di.Path != nil {
-			pth = *di.Path
-		} else {
-			pth = *di.Include
-		}
-
-		diDir := filepath.Join(p.dir, pth)
-		diDir, err := filepath.Abs(diDir)
+		diDir, err := securejoin.SecureJoin(p.absDir, *di.Path)
 		if err != nil {
 			return err
 		}
 
-		if !strings.HasPrefix(diDir, rootProject.dir) {
-			return fmt.Errorf("path/include is not part of root deployment project: %s", pth)
+		if !strings.HasPrefix(diDir, p.rootDir) {
+			return fmt.Errorf("path/include is not part of the deployment project: %s", *di.Path)
 		}
 
 		if !utils.Exists(diDir) {
-			return fmt.Errorf("deployment directory does not exist: %s", pth)
+			return fmt.Errorf("deployment directory does not exist: %s", *di.Path)
 		}
 		if !utils.IsDirectory(diDir) {
-			return fmt.Errorf("deployment path is not a directory: %s", pth)
+			return fmt.Errorf("deployment path is not a directory: %s", *di.Path)
 		}
 
-		if di.Path != nil {
-			pth = yaml.FixPathExt(filepath.Join(diDir, "kustomization.yml"))
-		} else {
-			pth = yaml.FixPathExt(filepath.Join(diDir, "deployment.yml"))
-		}
+		pth := yaml.FixPathExt(filepath.Join(diDir, "kustomization.yml"))
 		if !utils.IsFile(pth) {
 			return fmt.Errorf("%s not found or not a file", pth)
 		}
@@ -152,9 +150,7 @@ func (p *DeploymentProject) loadIncludes() error {
 			continue
 		}
 
-		incDir := filepath.Join(p.dir, *inc.Include)
-
-		newProject, err := p.loadLocalInclude(incDir, inc.Vars)
+		newProject, err := p.loadLocalInclude(p.rootDir, filepath.Join(p.relDir, *inc.Include), inc.Vars)
 		if err != nil {
 			return err
 		}
@@ -165,14 +161,14 @@ func (p *DeploymentProject) loadIncludes() error {
 	return nil
 }
 
-func (p *DeploymentProject) loadLocalInclude(incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
+func (p *DeploymentProject) loadLocalInclude(rootDir string, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
 	varsCtx := p.VarsCtx.Copy()
 	err := p.loadVarsList(varsCtx, vars)
 	if err != nil {
 		return nil, err
 	}
 
-	newProject, err := NewDeploymentProject(p.ctx, varsCtx, incDir, p)
+	newProject, err := NewDeploymentProject(p.ctx, varsCtx, rootDir, incDir, p)
 	if err != nil {
 		return nil, err
 	}
@@ -181,11 +177,12 @@ func (p *DeploymentProject) loadLocalInclude(incDir string, vars []*types.VarsSo
 }
 
 func (p *DeploymentProject) getSealedSecretsDir() string {
-	root := p.getRootProject()
-	if root.Config.SealedSecrets == nil || root.Config.SealedSecrets.OutputPattern == nil {
-		return p.ctx.DefaultSealedSecretsOutputPattern
+	for _, x := range p.getParents() {
+		if x.p.Config.SealedSecrets != nil && x.p.Config.SealedSecrets.OutputPattern != nil {
+			return *x.p.Config.SealedSecrets.OutputPattern
+		}
 	}
-	return *root.Config.SealedSecrets.OutputPattern
+	return p.ctx.DefaultSealedSecretsOutputPattern
 }
 
 func (p *DeploymentProject) getRootProject() *DeploymentProject {
@@ -229,7 +226,7 @@ func (p *DeploymentProject) getChildren(recursive bool, includeSelf bool) []*Dep
 func (p *DeploymentProject) getRenderSearchDirs() []string {
 	var ret []string
 	for _, d := range p.getParents() {
-		ret = append(ret, d.p.dir)
+		ret = append(ret, d.p.absDir)
 	}
 	return ret
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 79fccfc7d..c04bdd73b 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -83,7 +83,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		DefaultSealedSecretsOutputPattern: targetName,
 	}
 
-	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deploymentDir, nil)
+	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deploymentDir, ".", nil)
 	if err != nil {
 		return nil, err
 	}

From ad0be5ca8b5253f95593e5e834fa1e685ae904f4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 10:41:54 +0200
Subject: [PATCH 0224/2268] refactor: Rename getSealedSecretsDir to
 getRenderedOutputPattern

---
 pkg/deployment/deployment_item.go    | 2 +-
 pkg/deployment/deployment_project.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 457998d63..8f2afbb25 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -204,7 +204,7 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 		return nil
 	}
 
-	sealedSecretsDir := di.Project.getSealedSecretsDir()
+	sealedSecretsDir := di.Project.getRenderedOutputPattern()
 	baseSourcePath := di.Project.ctx.SealedSecretsDir
 
 	renderedDir := filepath.Join(di.renderedDir, subdir)
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index e125d54b9..92a022fac 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -176,7 +176,7 @@ func (p *DeploymentProject) loadLocalInclude(rootDir string, incDir string, vars
 	return newProject, nil
 }
 
-func (p *DeploymentProject) getSealedSecretsDir() string {
+func (p *DeploymentProject) getRenderedOutputPattern() string {
 	for _, x := range p.getParents() {
 		if x.p.Config.SealedSecrets != nil && x.p.Config.SealedSecrets.OutputPattern != nil {
 			return *x.p.Config.SealedSecrets.OutputPattern

From d158b94fb48cc98c360acd060a8bc0abaa99a399 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 11:19:49 +0200
Subject: [PATCH 0225/2268] feat: Support including deployment projects from
 git

---
 pkg/deployment/deployment_collection.go |  2 +-
 pkg/deployment/deployment_project.go    | 25 ++++++++---
 pkg/deployment/shared_context.go        |  2 +
 pkg/git/repo_collection.go              | 58 ++++++++++++++++++++++++-
 pkg/kluctl_project/target_context.go    |  1 +
 pkg/types/deployment.go                 | 15 ++++++-
 6 files changed, 91 insertions(+), 12 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 04b5c77a0..698dba2bf 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -79,7 +79,7 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 	var ret []*DeploymentItem
 
 	for i, diConfig := range project.Config.Deployments {
-		if diConfig.Include != nil {
+		if diConfig.Include != nil || diConfig.Git != nil {
 			includedProject, ok := project.includes[i]
 			if !ok {
 				panic(fmt.Sprintf("Did not find find index %d in project.includes", i))
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 92a022fac..f95deb25d 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -146,15 +146,26 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 
 func (p *DeploymentProject) loadIncludes() error {
 	for i, inc := range p.Config.Deployments {
-		if inc.Include == nil {
+		var err error
+		var newProject *DeploymentProject
+
+		if inc.Include != nil {
+			newProject, err = p.loadLocalInclude(p.rootDir, filepath.Join(p.relDir, *inc.Include), inc.Vars)
+			if err != nil {
+				return err
+			}
+		} else if inc.Git != nil {
+			cloneDir, err := p.ctx.GRC.GetClonedDir(inc.Git.Url, inc.Git.Ref, true, true, true)
+			if err != nil {
+				return err
+			}
+			newProject, err = p.loadLocalInclude(cloneDir, inc.Git.SubDir, inc.Vars)
+			if err != nil {
+				return err
+			}
+		} else {
 			continue
 		}
-
-		newProject, err := p.loadLocalInclude(p.rootDir, filepath.Join(p.relDir, *inc.Include), inc.Vars)
-		if err != nil {
-			return err
-		}
-
 		newProject.parentProjectInclude = inc
 		p.includes[i] = newProject
 	}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 9ee8dd233..59d0ebb07 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
@@ -9,6 +10,7 @@ import (
 type SharedContext struct {
 	Ctx        context.Context
 	K          *k8s.K8sCluster
+	GRC        *git.MirroredGitRepoCollection
 	VarsLoader *vars.VarsLoader
 
 	RenderDir                         string
diff --git a/pkg/git/repo_collection.go b/pkg/git/repo_collection.go
index 0269bf69f..dd31d890f 100644
--- a/pkg/git/repo_collection.go
+++ b/pkg/git/repo_collection.go
@@ -5,6 +5,11 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
 	"sync"
 	"time"
 )
@@ -19,6 +24,7 @@ type MirroredGitRepoCollection struct {
 
 type entry struct {
 	mr          *MirroredGitRepo
+	clonedDirs  map[string]string
 	updateMutex sync.Mutex
 }
 
@@ -36,6 +42,10 @@ func (g *MirroredGitRepoCollection) Clear() {
 	defer g.mutex.Unlock()
 
 	for _, e := range g.repos {
+		for _, path := range e.clonedDirs {
+			_ = os.RemoveAll(path)
+		}
+
 		if e.mr.IsLocked() {
 			_ = e.mr.Unlock()
 		}
@@ -44,7 +54,7 @@ func (g *MirroredGitRepoCollection) Clear() {
 	g.repos = map[string]*entry{}
 }
 
-func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*MirroredGitRepo, error) {
+func (g *MirroredGitRepoCollection) getEntry(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*entry, error) {
 	e, err := func() (*entry, error) {
 		g.mutex.Lock()
 		defer g.mutex.Unlock()
@@ -59,7 +69,8 @@ func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allow
 				return nil, err
 			}
 			e = &entry{
-				mr: mr,
+				mr:         mr,
+				clonedDirs: map[string]string{},
 			}
 			g.repos[url.NormalizedRepoKey()] = e
 
@@ -90,5 +101,48 @@ func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allow
 		}
 	}
 
+	return e, nil
+}
+
+func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*MirroredGitRepo, error) {
+	e, err := g.getEntry(url, allowCreate, lockRepo, update)
+	if err != nil {
+		return nil, err
+	}
 	return e.mr, nil
 }
+
+func (g *MirroredGitRepoCollection) GetClonedDir(url git_url.GitUrl, ref string, allowCreate bool, lockRepo bool, update bool) (string, error) {
+	e, err := g.getEntry(url, allowCreate, lockRepo, update)
+	if err != nil {
+		return "", err
+	}
+
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	p, ok := e.clonedDirs[ref]
+	if ok {
+		return p, nil
+	}
+
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
+	err = os.MkdirAll(tmpDir, 0700)
+	if err != nil {
+		return "", err
+	}
+
+	repoName := path.Base(url.Normalize().Path)
+	p, err = ioutil.TempDir(tmpDir, repoName+"-"+ref+"-")
+	if err != nil {
+		return "", err
+	}
+
+	err = e.mr.CloneProject(ref, p)
+	if err != nil {
+		return "", err
+	}
+
+	e.clonedDirs[ref] = p
+	return p, nil
+}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index c04bdd73b..c0db4b7e9 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -77,6 +77,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	dctx := deployment.SharedContext{
 		Ctx:                               ctx,
 		K:                                 k,
+		GRC:                               p.GRC,
 		VarsLoader:                        varsLoader,
 		RenderDir:                         renderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index b9db6bb96..6f2ccd6fa 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -8,6 +8,7 @@ import (
 type DeploymentItemConfig struct {
 	Path             *string                  `yaml:"path,omitempty"`
 	Include          *string                  `yaml:"include,omitempty"`
+	Git              *GitProject              `yaml:"git,omitempty"`
 	Tags             []string                 `yaml:"tags,omitempty"`
 	Barrier          bool                     `yaml:"barrier,omitempty"`
 	WaitReadiness    bool                     `yaml:"waitReadiness,omitempty"`
@@ -20,8 +21,18 @@ type DeploymentItemConfig struct {
 
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeploymentItemConfig)
-	if s.Path != nil && s.Include != nil {
-		sl.ReportError(s, "path", "Path", "path and include can not be set at the same time", "")
+	cnt := 0
+	if s.Path != nil {
+		cnt += 1
+	}
+	if s.Include != nil {
+		cnt += 1
+	}
+	if s.Git != nil {
+		cnt += 1
+	}
+	if cnt > 1 {
+		sl.ReportError(s, "self", "self", "only one of path, include and git can be set at the same time", "")
 	}
 	if s.Path == nil && s.WaitReadiness {
 		sl.ReportError(s, "waitReadiness", "WaitReadiness", "only kustomize deployments are allowed to have waitReadiness set", "")

From 8b2b600504c54f0c054ae1ad3f1823d850ec12e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 11:41:19 +0200
Subject: [PATCH 0226/2268] fix: Introduce Source object in deployment projects
 and render per source id

This fixes issues where multiple included git projects would render into
the same directory.
---
 cmd/kluctl/commands/completion.go    |  2 +-
 pkg/deployment/deployment_item.go    | 18 ++++++++---------
 pkg/deployment/deployment_project.go | 26 ++++++++++++++-----------
 pkg/deployment/source.go             | 29 ++++++++++++++++++++++++++++
 pkg/kluctl_project/target_context.go |  2 +-
 pkg/utils/fs.go                      |  4 ++++
 6 files changed, 59 insertions(+), 22 deletions(-)
 create mode 100644 pkg/deployment/source.go

diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 5b94c0964..3c8ae9e37 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -154,7 +154,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 						defer mutex.Unlock()
 						for _, di := range ctx.targetCtx.DeploymentCollection.Deployments {
 							tags.Merge(di.Tags)
-							deploymentItemDirs.Set(di.RelToRootItemDir, true)
+							deploymentItemDirs.Set(di.RelToSourceItemDir, true)
 						}
 						return nil
 					})
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 8f2afbb25..f0e89f5ff 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -36,7 +36,7 @@ type DeploymentItem struct {
 	Objects []*uo.UnstructuredObject
 	Tags    *utils.OrderedMap
 
-	RelToRootItemDir    string
+	RelToSourceItemDir  string
 	RelToProjectItemDir string
 	relRenderedDir      string
 	renderedDir         string
@@ -60,22 +60,22 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 	di.Tags.SetMultiple(di.Config.Tags, true)
 
 	if di.dir != nil {
-		di.RelToRootItemDir, err = filepath.Rel(di.Project.rootDir, *di.dir)
+		di.RelToSourceItemDir, err = filepath.Rel(di.Project.source.dir, *di.dir)
 		if err != nil {
 			return nil, err
 		}
 
-		di.RelToProjectItemDir, err = filepath.Rel(di.Project.relDir, di.RelToRootItemDir)
+		di.RelToProjectItemDir, err = filepath.Rel(di.Project.relDir, di.RelToSourceItemDir)
 		if err != nil {
 			return nil, err
 		}
 
-		di.relRenderedDir = di.RelToRootItemDir
+		di.relRenderedDir = di.RelToSourceItemDir
 		if di.index != 0 {
 			di.relRenderedDir = fmt.Sprintf("%s-%d", di.relRenderedDir, di.index)
 		}
 
-		di.renderedDir = filepath.Join(collection.ctx.RenderDir, di.relRenderedDir)
+		di.renderedDir = filepath.Join(collection.ctx.RenderDir, di.Project.source.id, di.relRenderedDir)
 		di.renderedYamlPath = filepath.Join(di.renderedDir, ".rendered.yml")
 	}
 	return di, nil
@@ -94,7 +94,7 @@ func (di *DeploymentItem) getCommonLabels() map[string]string {
 func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	// TODO change it to kluctl.io/deployment_dir
 	a := map[string]string{
-		"kluctl.io/kustomize_dir": filepath.ToSlash(di.RelToRootItemDir),
+		"kluctl.io/kustomize_dir": filepath.ToSlash(di.RelToSourceItemDir),
 	}
 	if di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
@@ -147,7 +147,7 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 	}
 
 	wp.Submit(func() error {
-		return varsCtx.RenderDirectory(di.Project.rootDir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.renderedDir)
+		return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.renderedDir)
 	})
 
 	return nil
@@ -210,7 +210,7 @@ func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
 	renderedDir := filepath.Join(di.renderedDir, subdir)
 
 	// ensure we're not leaving the project
-	_, err := securejoin.SecureJoin(di.Project.rootDir, subdir)
+	err := utils.CheckSubInDir(di.Project.source.dir, subdir)
 	if err != nil {
 		return err
 	}
@@ -271,7 +271,7 @@ func (di *DeploymentItem) buildInclusionEntries() []utils.InclusionEntry {
 		values = append(values, utils.InclusionEntry{Type: "tag", Value: t})
 	}
 	if di.dir != nil {
-		dir := filepath.ToSlash(di.RelToRootItemDir)
+		dir := filepath.ToSlash(di.RelToSourceItemDir)
 		values = append(values, utils.InclusionEntry{Type: "deploymentItemDir", Value: dir})
 	}
 	return values
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index f95deb25d..b814ad864 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -17,9 +17,9 @@ type DeploymentProject struct {
 
 	VarsCtx *vars.VarsCtx
 
-	rootDir string
-	relDir  string
-	absDir  string
+	source Source
+	relDir string
+	absDir string
 
 	Config types.DeploymentProjectConfig
 
@@ -29,17 +29,17 @@ type DeploymentProject struct {
 	parentProjectInclude *types.DeploymentItemConfig
 }
 
-func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, rootDir string, relDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
+func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Source, relDir string, parentProject *DeploymentProject) (*DeploymentProject, error) {
 	dp := &DeploymentProject{
 		ctx:           ctx,
 		VarsCtx:       varsCtx.Copy(),
-		rootDir:       rootDir,
+		source:        source,
 		relDir:        relDir,
 		parentProject: parentProject,
 		includes:      map[int]*DeploymentProject{},
 	}
 
-	dir, err := securejoin.SecureJoin(dp.rootDir, dp.relDir)
+	dir, err := securejoin.SecureJoin(dp.source.dir, dp.relDir)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +125,7 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 			return err
 		}
 
-		if !strings.HasPrefix(diDir, p.rootDir) {
+		if !strings.HasPrefix(diDir, p.source.dir) {
 			return fmt.Errorf("path/include is not part of the deployment project: %s", *di.Path)
 		}
 
@@ -150,7 +150,7 @@ func (p *DeploymentProject) loadIncludes() error {
 		var newProject *DeploymentProject
 
 		if inc.Include != nil {
-			newProject, err = p.loadLocalInclude(p.rootDir, filepath.Join(p.relDir, *inc.Include), inc.Vars)
+			newProject, err = p.loadLocalInclude(p.source, filepath.Join(p.relDir, *inc.Include), inc.Vars)
 			if err != nil {
 				return err
 			}
@@ -159,7 +159,7 @@ func (p *DeploymentProject) loadIncludes() error {
 			if err != nil {
 				return err
 			}
-			newProject, err = p.loadLocalInclude(cloneDir, inc.Git.SubDir, inc.Vars)
+			newProject, err = p.loadLocalInclude(NewSource(cloneDir), inc.Git.SubDir, inc.Vars)
 			if err != nil {
 				return err
 			}
@@ -172,14 +172,14 @@ func (p *DeploymentProject) loadIncludes() error {
 	return nil
 }
 
-func (p *DeploymentProject) loadLocalInclude(rootDir string, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
+func (p *DeploymentProject) loadLocalInclude(source Source, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
 	varsCtx := p.VarsCtx.Copy()
 	err := p.loadVarsList(varsCtx, vars)
 	if err != nil {
 		return nil, err
 	}
 
-	newProject, err := NewDeploymentProject(p.ctx, varsCtx, rootDir, incDir, p)
+	newProject, err := NewDeploymentProject(p.ctx, varsCtx, source, incDir, p)
 	if err != nil {
 		return nil, err
 	}
@@ -237,6 +237,10 @@ func (p *DeploymentProject) getChildren(recursive bool, includeSelf bool) []*Dep
 func (p *DeploymentProject) getRenderSearchDirs() []string {
 	var ret []string
 	for _, d := range p.getParents() {
+		if d.p.source != p.source {
+			// only allow searching inside same source project
+			continue
+		}
 		ret = append(ret, d.p.absDir)
 	}
 	return ret
diff --git a/pkg/deployment/source.go b/pkg/deployment/source.go
new file mode 100644
index 000000000..0792ea8b3
--- /dev/null
+++ b/pkg/deployment/source.go
@@ -0,0 +1,29 @@
+package deployment
+
+import (
+	"fmt"
+	"sync"
+)
+
+type Source struct {
+	id  string
+	dir string
+}
+
+func NewSource(dir string) Source {
+	return Source{
+		id:  getNextSourceId(),
+		dir: dir,
+	}
+}
+
+var nextSourceId int
+var nextSourceIdMutex sync.Mutex
+
+func getNextSourceId() string {
+	nextSourceIdMutex.Lock()
+	defer nextSourceIdMutex.Unlock()
+	id := fmt.Sprintf("%d", nextSourceId)
+	nextSourceId += 1
+	return id
+}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index c0db4b7e9..b8a103e7d 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -84,7 +84,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		DefaultSealedSecretsOutputPattern: targetName,
 	}
 
-	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deploymentDir, ".", nil)
+	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(deploymentDir), ".", nil)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/utils/fs.go b/pkg/utils/fs.go
index ac567cdb8..0b25e1e4b 100644
--- a/pkg/utils/fs.go
+++ b/pkg/utils/fs.go
@@ -57,6 +57,10 @@ func CheckInDir(root string, path string) error {
 	return nil
 }
 
+func CheckSubInDir(root string, subDir string) error {
+	return CheckInDir(root, filepath.Join(root, subDir))
+}
+
 func Touch(path string) error {
 	f, err := os.Create(path)
 	if err != nil {

From cef51fae878e40d2d2e74b66e3a57a8d1ce93009 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 11:47:37 +0200
Subject: [PATCH 0227/2268] feat: Deprecate external projects and warn about
 future removal

---
 cmd/kluctl/args/project.go         |  8 ++++----
 pkg/kluctl_project/project_load.go | 17 +++++++++++++++--
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index f1b35c3fb..c9f9de378 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -7,13 +7,13 @@ type ProjectFlags struct {
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
 
 	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
-	LocalClusters       existingDirType  `group:"project" help:"Local clusters directory. Overrides the project from .kluctl.yaml"`
-	LocalDeployment     existingDirType  `group:"project" help:"Local deployment directory. Overrides the project from .kluctl.yaml"`
-	LocalSealedSecrets  existingDirType  `group:"project" help:"Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
+	LocalClusters       existingDirType  `group:"project" help:"DEPRECATED. Local clusters directory. Overrides the project from .kluctl.yaml"`
+	LocalDeployment     existingDirType  `group:"project" help:"DEPRECATED. Local deployment directory. Overrides the project from .kluctl.yaml"`
+	LocalSealedSecrets  existingDirType  `group:"project" help:"DEPRECATED. Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
 	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yaml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
 	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." exts:"yml,yaml"`
 	OutputMetadata      string           `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
-	Cluster             string           `group:"project" help:"Specify/Override cluster"`
+	Cluster             string           `group:"project" help:"DEPRECATED. Specify/Override cluster"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index f241a485d..bbab0983b 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -131,6 +131,11 @@ func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, de
 	}
 
 	if ep.Project != nil {
+		c.warnOnce.Do("external-projects", func() {
+			status.Warning(c.ctx, "External projects are deprecated and support for them will be removed in the future. "+
+				"Use Git variable sources as replacement for cluster configs and Git includes as replacement for external deployment projects.")
+		})
+
 		// pointing to an actual external project, so let's try to clone it
 		return c.loadGitProject(ep.Project, defaultGitSubDir, true)
 	}
@@ -192,6 +197,16 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	s := status.Start(c.ctx, "Loading kluctl project")
 	defer s.Failed()
 
+	if c.loadArgs.LocalClusters != "" {
+		status.Warning(c.ctx, "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
+	}
+	if c.loadArgs.LocalDeployment != "" {
+		status.Warning(c.ctx, "--local-deployment is deprecated and will be removed in an upcoming version. Use git includes instead.")
+	}
+	if c.loadArgs.LocalSealedSecrets != "" {
+		status.Warning(c.ctx, "--local-sealed-secrets is deprecated and will be removed in an upcoming version.")
+	}
+
 	deploymentInfo, err := c.loadExternalProject(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
 	if err != nil {
 		return err
@@ -202,10 +217,8 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	}
 	var clustersInfos []gitProjectInfo
 	if c.loadArgs.LocalClusters != "" {
-		status.Warning(c.ctx, "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
 		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
 	} else if len(c.Config.Clusters.Projects) != 0 {
-		status.Warning(c.ctx, "'clusters' is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
 		for _, ep := range c.Config.Clusters.Projects {
 			info, err := c.loadExternalProject(&ep, "clusters", "")
 			if err != nil {

From 2e821a272c149dea34461f1130ed2ac89412dc87 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 11:54:10 +0200
Subject: [PATCH 0228/2268] fix: Mark --output-archive as required flag

---
 cmd/kluctl/commands/cmd_archive.go | 2 +-
 cmd/kluctl/commands/cobra_utils.go | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
index d5c22af07..4e8fe72bc 100644
--- a/cmd/kluctl/commands/cmd_archive.go
+++ b/cmd/kluctl/commands/cmd_archive.go
@@ -9,7 +9,7 @@ import (
 type archiveCmd struct {
 	args.ProjectFlags
 
-	OutputArchive string `group:"misc" help:"Path to .tgz to write project to." type:"path"`
+	OutputArchive string `group:"misc" help:"Path to .tgz to write project to." type:"path" required:"true"`
 }
 
 func (cmd *archiveCmd) Help() string {
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 493b15605..b8fae0c44 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -143,6 +143,7 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 	help := f.Tag.Get("help")
 	shortFlag := f.Tag.Get("short")
 	defaultValue := f.Tag.Get("default")
+	required := f.Tag.Get("required") == "true"
 
 	group := f.Tag.Get("group")
 	if group != "" {
@@ -208,6 +209,10 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 		return fmt.Errorf("unknown type %s", f.Type.Name())
 	}
 
+	if required {
+		_ = cg.cmd.MarkPersistentFlagRequired(name)
+	}
+
 	return nil
 }
 

From ba98984e8c9dd9fd7bfb9d85acfe3cf8c1237702 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 12:16:53 +0200
Subject: [PATCH 0229/2268] refactor: Use GRC when cloning kluctl project
 related repos

---
 pkg/deployment/deployment_project.go |  2 +-
 pkg/git/repo_collection.go           | 19 +++++++----
 pkg/kluctl_project/git.go            | 49 ----------------------------
 pkg/kluctl_project/project_load.go   | 49 +++++-----------------------
 pkg/kluctl_project/targets.go        |  4 ++-
 5 files changed, 25 insertions(+), 98 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index b814ad864..93290a708 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -155,7 +155,7 @@ func (p *DeploymentProject) loadIncludes() error {
 				return err
 			}
 		} else if inc.Git != nil {
-			cloneDir, err := p.ctx.GRC.GetClonedDir(inc.Git.Url, inc.Git.Ref, true, true, true)
+			cloneDir, _, err := p.ctx.GRC.GetClonedDir(inc.Git.Url, inc.Git.Ref, true, true, true)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/git/repo_collection.go b/pkg/git/repo_collection.go
index dd31d890f..095b7ffb8 100644
--- a/pkg/git/repo_collection.go
+++ b/pkg/git/repo_collection.go
@@ -112,10 +112,10 @@ func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allow
 	return e.mr, nil
 }
 
-func (g *MirroredGitRepoCollection) GetClonedDir(url git_url.GitUrl, ref string, allowCreate bool, lockRepo bool, update bool) (string, error) {
+func (g *MirroredGitRepoCollection) GetClonedDir(url git_url.GitUrl, ref string, allowCreate bool, lockRepo bool, update bool) (string, GitRepoInfo, error) {
 	e, err := g.getEntry(url, allowCreate, lockRepo, update)
 	if err != nil {
-		return "", err
+		return "", GitRepoInfo{}, err
 	}
 
 	e.updateMutex.Lock()
@@ -123,26 +123,31 @@ func (g *MirroredGitRepoCollection) GetClonedDir(url git_url.GitUrl, ref string,
 
 	p, ok := e.clonedDirs[ref]
 	if ok {
-		return p, nil
+		return p, GitRepoInfo{}, nil
 	}
 
 	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
 	err = os.MkdirAll(tmpDir, 0700)
 	if err != nil {
-		return "", err
+		return "", GitRepoInfo{}, err
 	}
 
 	repoName := path.Base(url.Normalize().Path)
 	p, err = ioutil.TempDir(tmpDir, repoName+"-"+ref+"-")
 	if err != nil {
-		return "", err
+		return "", GitRepoInfo{}, err
 	}
 
 	err = e.mr.CloneProject(ref, p)
 	if err != nil {
-		return "", err
+		return "", GitRepoInfo{}, err
+	}
+
+	repoInfo, err := GetGitRepoInfo(p)
+	if err != nil {
+		return "", GitRepoInfo{}, err
 	}
 
 	e.clonedDirs[ref] = p
-	return p, nil
+	return p, repoInfo, nil
 }
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 3d3a2584a..11c409846 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -2,15 +2,10 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"os"
-	"path/filepath"
 	"reflect"
 	"sort"
-	"strings"
 	"sync"
 )
 
@@ -81,50 +76,6 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 	return firstError
 }
 
-func (c *LoadedKluctlProject) cloneGitProject(gitProject *types2.GitProject, targetDir string) (info git.GitRepoInfo, err error) {
-	err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o700)
-	if err != nil {
-		return
-	}
-
-	mr, err := c.GRC.GetMirroredGitRepo(gitProject.Url, true, true, true)
-	if err != nil {
-		return git.GitRepoInfo{}, err
-	}
-
-	err = mr.CloneProject(gitProject.Ref, targetDir)
-	if err != nil {
-		return
-	}
-
-	info, err = git.GetGitRepoInfo(targetDir)
-	return
-}
-
-func (c *LoadedKluctlProject) buildCloneDir(u git_url.GitUrl, ref string) (string, error) {
-	baseDir := c.TmpDir
-	if c.archiveDir != "" {
-		baseDir = c.archiveDir
-	}
-	baseDir = filepath.Join(baseDir, "git")
-
-	if ref == "" {
-		ref = "HEAD"
-	}
-	ref = strings.ReplaceAll(ref, "/", "-")
-	ref = strings.ReplaceAll(ref, "\\", "-")
-	urlPath := filepath.FromSlash(u.Path)
-	baseName := filepath.Base(urlPath)
-	urlHash := utils.Sha256String(fmt.Sprintf("%s:%s", u.Host, u.Path))[:16]
-	cloneDir := filepath.Join(fmt.Sprintf("%s-%s", baseName, urlHash), ref)
-	cloneDir = filepath.Join(baseDir, cloneDir)
-	err := utils.CheckInDir(baseDir, cloneDir)
-	if err != nil {
-		return "", err
-	}
-	return cloneDir, nil
-}
-
 func (c *LoadedKluctlProject) addInvolvedRepo(u git_url.GitUrl, refPattern string, refs map[string]string) {
 	repoKey := u.NormalizedRepoKey()
 	irs, _ := c.involvedRepos[repoKey]
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index bbab0983b..9a0f231cd 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -59,51 +59,20 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 }
 
 func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
-	cloneDir, err := c.buildCloneDir(gitProject.Url, gitProject.Ref)
+	cloneDir, ri, err := c.GRC.GetClonedDir(gitProject.Url, gitProject.Ref, c.loadArgs.AllowGitClone, true, true)
 	if err != nil {
 		return
 	}
 
-	if c.archiveDir != "" {
-		var md types2.GitRepoMetadata
-		err = yaml.ReadYamlFile(filepath.Join(cloneDir, ".git-metadata.yaml"), &md)
-		if err != nil {
-			return
-		}
-		ret.url = gitProject.Url
-		ret.ref = gitProject.Ref
-		ret.commit = md.Commit
-		ret.repoRoot = cloneDir
-	} else {
-		if !c.loadArgs.AllowGitClone {
-			err = fmt.Errorf("tried to load an external project from git, which is not allowed")
-			return
-		}
-
-		var ri git.GitRepoInfo
-		ri, err = c.cloneGitProject(gitProject, cloneDir)
-		if err != nil {
-			return
-		}
+	ret.url = gitProject.Url
+	ret.ref = ri.CheckedOutRef
+	ret.commit = ri.CheckedOutCommit
+	ret.repoRoot = cloneDir
 
-		var md types2.GitRepoMetadata
-		md.Ref = ri.CheckedOutRef
-		md.Commit = ri.CheckedOutCommit
-		err = yaml.WriteYamlFile(filepath.Join(cloneDir, ".git-metadata.yaml"), &md)
-		if err != nil {
-			return gitProjectInfo{}, err
-		}
-
-		ret.url = gitProject.Url
-		ret.ref = ri.CheckedOutRef
-		ret.commit = ri.CheckedOutCommit
-		ret.repoRoot = cloneDir
-
-		if doAddInvolvedRepo {
-			c.addInvolvedRepo(ret.url, ret.ref, map[string]string{
-				ret.ref: ret.commit,
-			})
-		}
+	if doAddInvolvedRepo {
+		c.addInvolvedRepo(ret.url, ret.ref, map[string]string{
+			ret.ref: ret.commit,
+		})
 	}
 
 	subDir := gitProject.SubDir
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index d8a20bcef..b760c01d1 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -178,7 +178,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			continue
 		}
 
-		cloneDir, err := c.buildCloneDir(baseTarget.TargetConfig.Project.Url, refShortName)
+		cloneDir, _, err := c.GRC.GetClonedDir(baseTarget.TargetConfig.Project.Url, refShortName, false, false, false)
 		if err != nil {
 			return nil, err
 		}
@@ -236,7 +236,9 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 		if _, ok := uniqueClones[targetInfo.dir]; ok {
 			continue
 		}
+		mutex.Lock()
 		uniqueClones[targetInfo.dir] = nil
+		mutex.Unlock()
 
 		wp.Submit(func() error {
 			gitProject := *targetInfo.gitProject

From 99ed27feed0c6b94c616371f74a6e164be528ddf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 13:24:04 +0200
Subject: [PATCH 0230/2268] feat: Get rid of involvedRepos from archive
 metadata

---
 pkg/kluctl_project/git.go             | 25 ------------------
 pkg/kluctl_project/load.go            |  3 ---
 pkg/kluctl_project/project.go         |  5 +---
 pkg/kluctl_project/project_archive.go |  1 -
 pkg/kluctl_project/project_load.go    | 12 +++------
 pkg/kluctl_project/targets.go         | 37 +--------------------------
 pkg/types/metadata.go                 | 13 +---------
 7 files changed, 6 insertions(+), 90 deletions(-)

diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 11c409846..c89e6405c 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -4,8 +4,6 @@ import (
 	"fmt"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"reflect"
-	"sort"
 	"sync"
 )
 
@@ -75,26 +73,3 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 	waitGroup.Wait()
 	return firstError
 }
-
-func (c *LoadedKluctlProject) addInvolvedRepo(u git_url.GitUrl, refPattern string, refs map[string]string) {
-	repoKey := u.NormalizedRepoKey()
-	irs, _ := c.involvedRepos[repoKey]
-	e := &types2.InvolvedRepo{
-		RefPattern: refPattern,
-		Refs:       refs,
-	}
-	found := false
-	for _, ir := range irs {
-		if reflect.DeepEqual(ir, e) {
-			found = true
-			break
-		}
-	}
-	if !found {
-		c.involvedRepos[repoKey] = append(c.involvedRepos[repoKey], *e)
-		s := c.involvedRepos[repoKey]
-		sort.SliceStable(s, func(i, j int) bool {
-			return s[i].RefPattern < s[j].RefPattern
-		})
-	}
-}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 801d66f6d..609d15796 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
@@ -14,8 +13,6 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		TmpDir:   tmpDir,
 		J2:       j2,
 		GRC:      args.GRC,
-
-		involvedRepos: map[string][]types.InvolvedRepo{},
 	}
 
 	if args.FromArchive != "" {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index bb59ce9b2..a3b197dd7 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -25,8 +25,6 @@ type LoadedKluctlProject struct {
 	ClustersDir      string
 	sealedSecretsDir string
 
-	involvedRepos map[string][]types2.InvolvedRepo
-
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
 
@@ -38,8 +36,7 @@ type LoadedKluctlProject struct {
 
 func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
 	md := &types2.ProjectMetadata{
-		InvolvedRepos: c.involvedRepos,
-		Targets:       c.DynamicTargets,
+		Targets: c.DynamicTargets,
 	}
 	return md
 }
diff --git a/pkg/kluctl_project/project_archive.go b/pkg/kluctl_project/project_archive.go
index d9e94f053..dd80a258e 100644
--- a/pkg/kluctl_project/project_archive.go
+++ b/pkg/kluctl_project/project_archive.go
@@ -57,7 +57,6 @@ func (c *LoadedKluctlProject) loadFromArchive() error {
 	}
 
 	c.archiveDir = dir
-	c.involvedRepos = pmd.InvolvedRepos
 	c.DynamicTargets = pmd.Targets
 
 	err = c.loadKluctlProject()
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 9a0f231cd..fba29c43c 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -58,7 +58,7 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 	}
 }
 
-func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string, doAddInvolvedRepo bool) (ret gitProjectInfo, err error) {
+func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string) (ret gitProjectInfo, err error) {
 	cloneDir, ri, err := c.GRC.GetClonedDir(gitProject.Url, gitProject.Ref, c.loadArgs.AllowGitClone, true, true)
 	if err != nil {
 		return
@@ -69,12 +69,6 @@ func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defa
 	ret.commit = ri.CheckedOutCommit
 	ret.repoRoot = cloneDir
 
-	if doAddInvolvedRepo {
-		c.addInvolvedRepo(ret.url, ret.ref, map[string]string{
-			ret.ref: ret.commit,
-		})
-	}
-
 	subDir := gitProject.SubDir
 	if subDir == "" {
 		subDir = defaultSubDir
@@ -106,7 +100,7 @@ func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, de
 		})
 
 		// pointing to an actual external project, so let's try to clone it
-		return c.loadGitProject(ep.Project, defaultGitSubDir, true)
+		return c.loadGitProject(ep.Project, defaultGitSubDir)
 	}
 
 	// ExternalProject was provided but without an external repo url, so point into the kluctl project.
@@ -134,7 +128,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		gi, err := c.loadGitProject(&types2.GitProject{
 			Url: *c.loadArgs.ProjectUrl,
 			Ref: c.loadArgs.ProjectRef,
-		}, "", true)
+		}, "")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index b760c01d1..5a4e0b1f1 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -3,7 +3,6 @@ package kluctl_project
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -244,7 +243,7 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
 
-			gi, err := c.loadGitProject(&gitProject, "", false)
+			gi, err := c.loadGitProject(&gitProject, "")
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {
@@ -260,40 +259,6 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 		return err
 	}
 
-	refsByUrlAndPattern := make(map[string]map[string]map[string]string)
-	for _, targetInfo := range dynamicTargets {
-		if targetInfo.gitProject == nil {
-			continue
-		}
-		o, ok := uniqueClones[targetInfo.dir]
-		if !ok {
-			return fmt.Errorf("%s not in uniqueClones. This is probably a bug", targetInfo.dir)
-		}
-		err, ok := o.(error)
-		if ok {
-			return err
-		}
-		info := o.(*gitProjectInfo)
-		normalizedUrl := info.url.Normalize().String()
-		if _, ok := refsByUrlAndPattern[normalizedUrl]; !ok {
-			refsByUrlAndPattern[normalizedUrl] = make(map[string]map[string]string)
-		}
-		if _, ok := refsByUrlAndPattern[normalizedUrl][*targetInfo.refPattern]; !ok {
-			refsByUrlAndPattern[normalizedUrl][*targetInfo.refPattern] = make(map[string]string)
-		}
-		refsByUrlAndPattern[normalizedUrl][*targetInfo.refPattern][info.ref] = info.commit
-	}
-
-	for url, refPatterns := range refsByUrlAndPattern {
-		for refPattern, refs := range refPatterns {
-			u, err := git_url.Parse(url)
-			if err != nil {
-				return err
-			}
-			c.addInvolvedRepo(*u, refPattern, refs)
-		}
-	}
-
 	return nil
 }
 
diff --git a/pkg/types/metadata.go b/pkg/types/metadata.go
index 0742a92ad..028510789 100644
--- a/pkg/types/metadata.go
+++ b/pkg/types/metadata.go
@@ -1,18 +1,7 @@
 package types
 
-type InvolvedRepo struct {
-	RefPattern string            `yaml:"refPattern"`
-	Refs       map[string]string `yaml:"refs"`
-}
-
 type ProjectMetadata struct {
-	InvolvedRepos map[string][]InvolvedRepo `yaml:"involvedRepos"`
-	Targets       []*DynamicTarget          `yaml:"targets"`
-}
-
-type GitRepoMetadata struct {
-	Ref    string `yaml:"ref"`
-	Commit string `yaml:"commit"`
+	Targets []*DynamicTarget `yaml:"targets"`
 }
 
 type ArchiveMetadata struct {

From aeb26ecdc4088bdd74d31814adf405a143bb8224 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 14:10:24 +0200
Subject: [PATCH 0231/2268] refactor: Introduce RepoProvider interface

---
 cmd/kluctl/commands/utils.go         |   9 +-
 pkg/deployment/deployment_project.go |   2 +-
 pkg/deployment/shared_context.go     |   4 +-
 pkg/git/mirrored_repo.go             |   8 +-
 pkg/git/repo_collection.go           | 153 ----------------------
 pkg/git/repoprovider/live.go         | 184 +++++++++++++++++++++++++++
 pkg/git/repoprovider/repoprovider.go |  18 +++
 pkg/git/utils.go                     |   8 +-
 pkg/kluctl_project/git.go            |   2 +-
 pkg/kluctl_project/load.go           |   2 +-
 pkg/kluctl_project/project.go        |   6 +-
 pkg/kluctl_project/project_load.go   |   6 +-
 pkg/kluctl_project/target_context.go |   4 +-
 pkg/kluctl_project/targets.go        |  18 +--
 pkg/vars/vars_loader.go              |  21 ++-
 pkg/vars/vars_loader_test.go         |   8 +-
 16 files changed, 249 insertions(+), 204 deletions(-)
 delete mode 100644 pkg/git/repo_collection.go
 create mode 100644 pkg/git/repoprovider/live.go
 create mode 100644 pkg/git/repoprovider/repoprovider.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 12c89660b..a752a7b85 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
@@ -58,8 +59,8 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
 	defer cancel()
 
-	grc := git.NewMirroredGitRepoCollection(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
-	defer grc.Clear()
+	rp := repoprovider.NewLiveRepoProvider(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
+	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
 		RepoRoot:            repoRoot,
@@ -73,7 +74,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		FromArchive:         projectFlags.FromArchive.String(),
 		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
 		AllowGitClone:       projectFlags.FromArchive == "",
-		GRC:                 grc,
+		RP:                  rp,
 		ClientConfigGetter:  clientConfigGetter(forCompletion),
 	}
 
@@ -185,7 +186,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	// we can assume that all git access is done at this point, so we can clear grc and thus unlock all repos
-	p.GRC.Clear()
+	p.RP.Clear()
 
 	return cb(cmdCtx)
 }
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 93290a708..14b894813 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -155,7 +155,7 @@ func (p *DeploymentProject) loadIncludes() error {
 				return err
 			}
 		} else if inc.Git != nil {
-			cloneDir, _, err := p.ctx.GRC.GetClonedDir(inc.Git.Url, inc.Git.Ref, true, true, true)
+			cloneDir, _, err := p.ctx.RP.GetClonedDir(inc.Git.Url, inc.Git.Ref)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 59d0ebb07..a659a43e0 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,7 +2,7 @@ package deployment
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
@@ -10,7 +10,7 @@ import (
 type SharedContext struct {
 	Ctx        context.Context
 	K          *k8s.K8sCluster
-	GRC        *git.MirroredGitRepoCollection
+	RP         repoprovider.RepoProvider
 	VarsLoader *vars.VarsLoader
 
 	RenderDir                         string
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 60abfe25e..83fc777e5 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -146,19 +146,19 @@ func (g *MirroredGitRepo) RemoteRefHashesMap() (map[string]string, error) {
 	return refs, nil
 }
 
-func (g *MirroredGitRepo) DefaultRef() *string {
+func (g *MirroredGitRepo) DefaultRef() (string, error) {
 	r, err := git.PlainOpen(g.mirrorDir)
 	if err != nil {
-		return nil
+		return "", err
 	}
 
 	ref, err := r.Reference("HEAD", false)
 	if err != nil {
-		return nil
+		return "", err
 	}
 
 	s := ref.Target().String()
-	return &s
+	return s, nil
 }
 
 func (g *MirroredGitRepo) buildRepositoryObject() (*git.Repository, error) {
diff --git a/pkg/git/repo_collection.go b/pkg/git/repo_collection.go
deleted file mode 100644
index 095b7ffb8..000000000
--- a/pkg/git/repo_collection.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package git
-
-import (
-	"context"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"sync"
-	"time"
-)
-
-type MirroredGitRepoCollection struct {
-	ctx            context.Context
-	authProviders  *auth.GitAuthProviders
-	updateInterval time.Duration
-	repos          map[string]*entry
-	mutex          sync.Mutex
-}
-
-type entry struct {
-	mr          *MirroredGitRepo
-	clonedDirs  map[string]string
-	updateMutex sync.Mutex
-}
-
-func NewMirroredGitRepoCollection(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *MirroredGitRepoCollection {
-	return &MirroredGitRepoCollection{
-		ctx:            ctx,
-		authProviders:  authProviders,
-		updateInterval: updateInterval,
-		repos:          map[string]*entry{},
-	}
-}
-
-func (g *MirroredGitRepoCollection) Clear() {
-	g.mutex.Lock()
-	defer g.mutex.Unlock()
-
-	for _, e := range g.repos {
-		for _, path := range e.clonedDirs {
-			_ = os.RemoveAll(path)
-		}
-
-		if e.mr.IsLocked() {
-			_ = e.mr.Unlock()
-		}
-	}
-
-	g.repos = map[string]*entry{}
-}
-
-func (g *MirroredGitRepoCollection) getEntry(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*entry, error) {
-	e, err := func() (*entry, error) {
-		g.mutex.Lock()
-		defer g.mutex.Unlock()
-
-		e, ok := g.repos[url.NormalizedRepoKey()]
-		if !ok {
-			if !allowCreate {
-				return nil, fmt.Errorf("git repo %s not found", url.NormalizedRepoKey())
-			}
-			mr, err := NewMirroredGitRepo(g.ctx, url)
-			if err != nil {
-				return nil, err
-			}
-			e = &entry{
-				mr:         mr,
-				clonedDirs: map[string]string{},
-			}
-			g.repos[url.NormalizedRepoKey()] = e
-
-			if lockRepo {
-				err = e.mr.Lock()
-				if err != nil {
-					return nil, err
-				}
-			}
-		}
-		return e, nil
-	}()
-	if err != nil {
-		return nil, err
-	}
-
-	e.updateMutex.Lock()
-	defer e.updateMutex.Unlock()
-
-	if update && !e.mr.HasUpdated() {
-		if time.Now().Sub(e.mr.LastUpdateTime()) <= g.updateInterval {
-			e.mr.SetUpdated(true)
-		} else {
-			err = e.mr.Update(g.authProviders)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return e, nil
-}
-
-func (g *MirroredGitRepoCollection) GetMirroredGitRepo(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*MirroredGitRepo, error) {
-	e, err := g.getEntry(url, allowCreate, lockRepo, update)
-	if err != nil {
-		return nil, err
-	}
-	return e.mr, nil
-}
-
-func (g *MirroredGitRepoCollection) GetClonedDir(url git_url.GitUrl, ref string, allowCreate bool, lockRepo bool, update bool) (string, GitRepoInfo, error) {
-	e, err := g.getEntry(url, allowCreate, lockRepo, update)
-	if err != nil {
-		return "", GitRepoInfo{}, err
-	}
-
-	e.updateMutex.Lock()
-	defer e.updateMutex.Unlock()
-
-	p, ok := e.clonedDirs[ref]
-	if ok {
-		return p, GitRepoInfo{}, nil
-	}
-
-	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
-	err = os.MkdirAll(tmpDir, 0700)
-	if err != nil {
-		return "", GitRepoInfo{}, err
-	}
-
-	repoName := path.Base(url.Normalize().Path)
-	p, err = ioutil.TempDir(tmpDir, repoName+"-"+ref+"-")
-	if err != nil {
-		return "", GitRepoInfo{}, err
-	}
-
-	err = e.mr.CloneProject(ref, p)
-	if err != nil {
-		return "", GitRepoInfo{}, err
-	}
-
-	repoInfo, err := GetGitRepoInfo(p)
-	if err != nil {
-		return "", GitRepoInfo{}, err
-	}
-
-	e.clonedDirs[ref] = p
-	return p, repoInfo, nil
-}
diff --git a/pkg/git/repoprovider/live.go b/pkg/git/repoprovider/live.go
new file mode 100644
index 000000000..f1a67b490
--- /dev/null
+++ b/pkg/git/repoprovider/live.go
@@ -0,0 +1,184 @@
+package repoprovider
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"sync"
+	"time"
+)
+
+type LiveRepoProvider struct {
+	ctx            context.Context
+	authProviders  *auth.GitAuthProviders
+	updateInterval time.Duration
+	repos          map[string]*entry
+	mutex          sync.Mutex
+}
+
+type entry struct {
+	mr          *git.MirroredGitRepo
+	clonedDirs  map[string]clonedDir
+	updateMutex sync.Mutex
+}
+
+type clonedDir struct {
+	dir  string
+	info git.CheckoutInfo
+}
+
+func NewLiveRepoProvider(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) RepoProvider {
+	return &LiveRepoProvider{
+		ctx:            ctx,
+		authProviders:  authProviders,
+		updateInterval: updateInterval,
+		repos:          map[string]*entry{},
+	}
+}
+
+func (rp *LiveRepoProvider) Clear() {
+	rp.mutex.Lock()
+	defer rp.mutex.Unlock()
+
+	for _, e := range rp.repos {
+		for _, cd := range e.clonedDirs {
+			_ = os.RemoveAll(cd.dir)
+		}
+
+		if e.mr.IsLocked() {
+			_ = e.mr.Unlock()
+		}
+	}
+
+	rp.repos = map[string]*entry{}
+}
+
+func (rp *LiveRepoProvider) getEntry(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*entry, error) {
+	e, err := func() (*entry, error) {
+		rp.mutex.Lock()
+		defer rp.mutex.Unlock()
+
+		e, ok := rp.repos[url.NormalizedRepoKey()]
+		if !ok {
+			if !allowCreate {
+				return nil, fmt.Errorf("git repo %s not found", url.NormalizedRepoKey())
+			}
+			mr, err := git.NewMirroredGitRepo(rp.ctx, url)
+			if err != nil {
+				return nil, err
+			}
+			e = &entry{
+				mr:         mr,
+				clonedDirs: map[string]clonedDir{},
+			}
+			rp.repos[url.NormalizedRepoKey()] = e
+
+			if lockRepo {
+				err = e.mr.Lock()
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+		return e, nil
+	}()
+	if err != nil {
+		return nil, err
+	}
+
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	if update && !e.mr.HasUpdated() {
+		if time.Now().Sub(e.mr.LastUpdateTime()) <= rp.updateInterval {
+			e.mr.SetUpdated(true)
+		} else {
+			err = e.mr.Update(rp.authProviders)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return e, nil
+}
+
+func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
+	e, err := rp.getEntry(url, true, true, true)
+	if err != nil {
+		return RepoInfo{}, err
+	}
+
+	remoteRefs, err := e.mr.RemoteRefHashesMap()
+	if err != nil {
+		return RepoInfo{}, err
+	}
+
+	defaultRef, err := e.mr.DefaultRef()
+	if err != nil {
+		return RepoInfo{}, err
+	}
+
+	info := RepoInfo{
+		Url:        url,
+		RemoteRefs: remoteRefs,
+		DefaultRef: defaultRef,
+	}
+
+	return info, nil
+}
+
+func (rp *LiveRepoProvider) GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error) {
+	e, err := rp.getEntry(url, true, true, true)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	cd, ok := e.clonedDirs[ref]
+	if ok {
+		return cd.dir, cd.info, nil
+	}
+
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
+	err = os.MkdirAll(tmpDir, 0700)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	repoName := path.Base(url.Normalize().Path) + "-"
+	if ref == "" {
+		repoName += "HEAD-"
+	} else {
+		repoName += ref + "-"
+	}
+	p, err := ioutil.TempDir(tmpDir, repoName)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	err = e.mr.CloneProject(ref, p)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	repoInfo, err := git.GetCheckoutInfo(p)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	e.clonedDirs[ref] = clonedDir{
+		dir:  p,
+		info: repoInfo,
+	}
+	return p, repoInfo, nil
+}
diff --git a/pkg/git/repoprovider/repoprovider.go b/pkg/git/repoprovider/repoprovider.go
new file mode 100644
index 000000000..77495df96
--- /dev/null
+++ b/pkg/git/repoprovider/repoprovider.go
@@ -0,0 +1,18 @@
+package repoprovider
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+)
+
+type RepoInfo struct {
+	Url        git_url.GitUrl    `yaml:"url"`
+	RemoteRefs map[string]string `yaml:"remoteRefs"`
+	DefaultRef string            `yaml:"defaultRef"`
+}
+
+type RepoProvider interface {
+	GetRepoInfo(url git_url.GitUrl) (RepoInfo, error)
+	GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error)
+	Clear()
+}
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index d3826b03d..0c0bb72d0 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -7,12 +7,12 @@ import (
 	"path/filepath"
 )
 
-type GitRepoInfo struct {
-	CheckedOutRef    string
-	CheckedOutCommit string
+type CheckoutInfo struct {
+	CheckedOutRef    string `yaml:"checkedOutRef"`
+	CheckedOutCommit string `yaml:"checkedOutCommit"`
 }
 
-func GetGitRepoInfo(path string) (ri GitRepoInfo, err error) {
+func GetCheckoutInfo(path string) (ri CheckoutInfo, err error) {
 	r, err := git.PlainOpen(path)
 	if err != nil {
 		return
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index c89e6405c..31e5678b8 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -25,7 +25,7 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 		go func() {
 			defer waitGroup.Done()
 
-			_, err := c.GRC.GetMirroredGitRepo(u, true, true, true)
+			_, err := c.RP.GetRepoInfo(u)
 			if err != nil {
 				doError(fmt.Errorf("failed to update git project %v: %v", u.String(), err))
 			}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 609d15796..8ea01b500 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -12,7 +12,7 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		loadArgs: args,
 		TmpDir:   tmpDir,
 		J2:       j2,
-		GRC:      args.GRC,
+		RP:       args.RP,
 	}
 
 	if args.FromArchive != "" {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index a3b197dd7..d19f515e8 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -28,8 +28,8 @@ type LoadedKluctlProject struct {
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
 
-	J2  *jinja2.Jinja2
-	GRC *git.MirroredGitRepoCollection
+	J2 *jinja2.Jinja2
+	RP repoprovider.RepoProvider
 
 	warnOnce utils.OnceByKey
 }
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index fba29c43c..77cba9795 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,8 +2,8 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -28,7 +28,7 @@ type LoadKluctlProjectArgs struct {
 	FromArchiveMetadata string
 
 	AllowGitClone bool
-	GRC           *git.MirroredGitRepoCollection
+	RP            repoprovider.RepoProvider
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
@@ -59,7 +59,7 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 }
 
 func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string) (ret gitProjectInfo, err error) {
-	cloneDir, ri, err := c.GRC.GetClonedDir(gitProject.Url, gitProject.Ref, c.loadArgs.AllowGitClone, true, true)
+	cloneDir, ri, err := c.RP.GetClonedDir(gitProject.Url, gitProject.Ref)
 	if err != nil {
 		return
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index b8a103e7d..9237562fe 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -65,7 +65,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		s.Success()
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.GRC, aws.NewClientFactory())
+	varsLoader := vars.NewVarsLoader(ctx, k, p.RP, aws.NewClientFactory())
 
 	if forSeal {
 		err = p.loadSecrets(target, varsCtx, varsLoader)
@@ -77,7 +77,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	dctx := deployment.SharedContext{
 		Ctx:                               ctx,
 		K:                                 k,
-		GRC:                               p.GRC,
+		RP:                                p.RP,
 		VarsLoader:                        varsLoader,
 		RenderDir:                         renderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 5a4e0b1f1..828e4ec8c 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -133,7 +133,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Targ
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	mr, err := c.GRC.GetMirroredGitRepo(baseTarget.TargetConfig.Project.Url, true, true, true)
+	repoInfo, err := c.RP.GetRepoInfo(baseTarget.TargetConfig.Project.Url)
 	if err != nil {
 		return nil, err
 	}
@@ -145,21 +145,17 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 	targetConfigRef := baseTarget.TargetConfig.Ref
 	refPattern := baseTarget.TargetConfig.RefPattern
 
-	defaultBranch := mr.DefaultRef()
-	if defaultBranch == nil {
+	defaultBranch := repoInfo.DefaultRef
+	if defaultBranch == "" {
 		return nil, fmt.Errorf("git project %v seems to have no default branch", baseTarget.TargetConfig.Project.Url.String())
 	}
 
 	if baseTarget.TargetConfig.Ref == nil && baseTarget.TargetConfig.RefPattern == nil {
 		// use default branch of repo
-		targetConfigRef = defaultBranch
-	}
-
-	refs, err := mr.RemoteRefHashesMap()
-	if err != nil {
-		return nil, err
+		targetConfigRef = &defaultBranch
 	}
 
+	refs := repoInfo.RemoteRefs
 	if targetConfigRef != nil {
 		if _, ok := refs[fmt.Sprintf("refs/heads/%s", *targetConfigRef)]; !ok {
 			return nil, fmt.Errorf("git project %s has no ref %s", baseTarget.TargetConfig.Project.Url.String(), *targetConfigRef)
@@ -177,7 +173,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			continue
 		}
 
-		cloneDir, _, err := c.GRC.GetClonedDir(baseTarget.TargetConfig.Project.Url, refShortName, false, false, false)
+		cloneDir, _, err := c.RP.GetClonedDir(baseTarget.TargetConfig.Project.Url, refShortName)
 		if err != nil {
 			return nil, err
 		}
@@ -188,7 +184,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			gitProject:    baseTarget.TargetConfig.Project,
 			ref:           &refShortName,
 			refPattern:    refPattern,
-			defaultBranch: *defaultBranch,
+			defaultBranch: defaultBranch,
 		})
 	}
 	return dynamicTargets, nil
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 6e1310bee..94a221422 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -25,17 +25,17 @@ type usernamePassword struct {
 type VarsLoader struct {
 	ctx context.Context
 	k   *k8s.K8sCluster
-	grc *git.MirroredGitRepoCollection
+	rp  repoprovider.RepoProvider
 	aws aws.AwsClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, grc *git.MirroredGitRepoCollection, aws aws.AwsClientFactory) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, rp repoprovider.RepoProvider, aws aws.AwsClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
-		grc:              grc,
+		rp:               rp,
 		aws:              aws,
 		credentialsCache: map[string]usernamePassword{},
 	}
@@ -140,23 +140,22 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 }
 
 func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
-	mr, err := v.grc.GetMirroredGitRepo(gitFile.Url, true, true, true)
+	clonedDir, _, err := v.rp.GetClonedDir(gitFile.Url, gitFile.Ref)
 	if err != nil {
 		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
 
-	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "git-vars")
+	path, err := securejoin.SecureJoin(clonedDir, gitFile.Path)
 	if err != nil {
 		return err
 	}
-	defer os.RemoveAll(tmpDir)
 
-	file, err := mr.ReadFile(gitFile.Ref, gitFile.Path)
+	f, err := ioutil.ReadFile(path)
 	if err != nil {
-		return fmt.Errorf("failed to load vars from git repository %s and path %s: %w", gitFile.Url.String(), gitFile.Path, err)
+		return err
 	}
 
-	return v.loadFromString(varsCtx, string(file), rootKey)
+	return v.loadFromString(varsCtx, string(f), rootKey)
 }
 
 func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key string, rootKey string, base64Decode bool) error {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 763b6c1ae..da4f11531 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -5,9 +5,9 @@ import (
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -37,8 +37,8 @@ func newTestDir(t *testing.T) string {
 	return tmp
 }
 
-func newGRC(t *testing.T) *git.MirroredGitRepoCollection {
-	grc := git.NewMirroredGitRepoCollection(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+func newRP(t *testing.T) repoprovider.RepoProvider {
+	grc := repoprovider.NewMirroredGitRepoCollection(context.TODO(), auth.NewDefaultAuthProviders(), 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})
@@ -50,7 +50,7 @@ func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aw
 	if err != nil {
 		t.Fatal(err)
 	}
-	grc := newGRC(t)
+	grc := newRP(t)
 	fakeAws := aws.NewFakeClientFactory()
 
 	vl := NewVarsLoader(context.TODO(), k, grc, fakeAws)

From 990da6d27843e98609ce5476d19a90ae8c3f6ab5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 16:40:00 +0200
Subject: [PATCH 0232/2268] feat: Remove archive support

This turned out to be incompatible to git variables loading and git
includes.
---
 cmd/kluctl/args/project.go            |  14 ++-
 cmd/kluctl/commands/cmd_archive.go    |  23 -----
 cmd/kluctl/commands/root.go           |   1 -
 cmd/kluctl/commands/utils.go          |  29 +++---
 pkg/kluctl_project/load.go            |  29 ++----
 pkg/kluctl_project/project.go         |   3 +-
 pkg/kluctl_project/project_archive.go | 127 --------------------------
 pkg/kluctl_project/project_load.go    |  36 +++-----
 pkg/types/metadata.go                 |   5 -
 pkg/vars/vars_loader_test.go          |   2 +-
 10 files changed, 45 insertions(+), 224 deletions(-)
 delete mode 100644 cmd/kluctl/commands/cmd_archive.go
 delete mode 100644 pkg/kluctl_project/project_archive.go

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index c9f9de378..2639966fb 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -6,14 +6,12 @@ type ProjectFlags struct {
 	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
 	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
 
-	ProjectConfig       existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
-	LocalClusters       existingDirType  `group:"project" help:"DEPRECATED. Local clusters directory. Overrides the project from .kluctl.yaml"`
-	LocalDeployment     existingDirType  `group:"project" help:"DEPRECATED. Local deployment directory. Overrides the project from .kluctl.yaml"`
-	LocalSealedSecrets  existingDirType  `group:"project" help:"DEPRECATED. Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
-	FromArchive         existingPathType `group:"project" help:"Load project (.kluctl.yaml, cluster, ...) from archive. Given path can either be an archive file or a directory with the extracted contents." exts:"tar.gz,tgz"`
-	FromArchiveMetadata existingFileType `group:"project" help:"Specify where to load metadata (targets, ...) from. If not specified, metadata is assumed to be part of the archive." exts:"yml,yaml"`
-	OutputMetadata      string           `group:"project" help:"Specify the output path for the project metadata to be written to. When used with the 'archive' command, it will also cause the archive to not include the metadata.yaml file."`
-	Cluster             string           `group:"project" help:"DEPRECATED. Specify/Override cluster"`
+	ProjectConfig      existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
+	LocalClusters      existingDirType  `group:"project" help:"DEPRECATED. Local clusters directory. Overrides the project from .kluctl.yaml"`
+	LocalDeployment    existingDirType  `group:"project" help:"DEPRECATED. Local deployment directory. Overrides the project from .kluctl.yaml"`
+	LocalSealedSecrets existingDirType  `group:"project" help:"DEPRECATED. Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
+	OutputMetadata     string           `group:"project" help:"Specify the output path for the project metadata to be written to."`
+	Cluster            string           `group:"project" help:"DEPRECATED. Specify/Override cluster"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
diff --git a/cmd/kluctl/commands/cmd_archive.go b/cmd/kluctl/commands/cmd_archive.go
deleted file mode 100644
index 4e8fe72bc..000000000
--- a/cmd/kluctl/commands/cmd_archive.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package commands
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-)
-
-type archiveCmd struct {
-	args.ProjectFlags
-
-	OutputArchive string `group:"misc" help:"Path to .tgz to write project to." type:"path" required:"true"`
-}
-
-func (cmd *archiveCmd) Help() string {
-	return `This archive can then be used with '--from-archive'`
-}
-
-func (cmd *archiveCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
-		return p.WriteArchive(cmd.OutputArchive, cmd.ProjectFlags.OutputMetadata == "")
-	})
-}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 9c8e70711..f71cd8595 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -42,7 +42,6 @@ type cli struct {
 	Debug         bool `group:"global" help:"Enable debug logging"`
 	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
 
-	Archive           archiveCmd           `cmd:"" help:"Write project and all related components into single tgz"`
 	CheckImageUpdates checkImageUpdatesCmd `cmd:"" help:"Render deployment and check if any images have new tags available"`
 	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
 	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a752a7b85..5ff04f003 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -52,7 +52,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	}
 
 	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
-	if err != nil && projectFlags.FromArchive == "" {
+	if err != nil {
 		status.Warning(cliCtx, "Failed to detect git project root. This might cause follow-up errors")
 	}
 
@@ -63,25 +63,26 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
-		RepoRoot:            repoRoot,
-		ProjectDir:          cwd,
-		ProjectUrl:          url,
-		ProjectRef:          projectFlags.ProjectRef,
-		ProjectConfig:       projectFlags.ProjectConfig.String(),
-		LocalClusters:       projectFlags.LocalClusters.String(),
-		LocalDeployment:     projectFlags.LocalDeployment.String(),
-		LocalSealedSecrets:  projectFlags.LocalSealedSecrets.String(),
-		FromArchive:         projectFlags.FromArchive.String(),
-		FromArchiveMetadata: projectFlags.FromArchiveMetadata.String(),
-		AllowGitClone:       projectFlags.FromArchive == "",
-		RP:                  rp,
-		ClientConfigGetter:  clientConfigGetter(forCompletion),
+		RepoRoot:           repoRoot,
+		ProjectDir:         cwd,
+		ProjectUrl:         url,
+		ProjectRef:         projectFlags.ProjectRef,
+		ProjectConfig:      projectFlags.ProjectConfig.String(),
+		LocalClusters:      projectFlags.LocalClusters.String(),
+		LocalDeployment:    projectFlags.LocalDeployment.String(),
+		LocalSealedSecrets: projectFlags.LocalSealedSecrets.String(),
+		RP:                 rp,
+		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
 
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
+	if p != nil && p.RP != nil {
+		defer p.RP.Clear()
+	}
 	if err != nil {
 		return err
 	}
+
 	if projectFlags.OutputMetadata != "" {
 		md := p.GetMetadata()
 		b, err := yaml.WriteYamlBytes(md)
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 8ea01b500..62c4f140d 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -2,11 +2,11 @@ package kluctl_project
 
 import (
 	"context"
-	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
+
 	p := &LoadedKluctlProject{
 		ctx:      ctx,
 		loadArgs: args,
@@ -15,24 +15,13 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		RP:       args.RP,
 	}
 
-	if args.FromArchive != "" {
-		if args.ProjectUrl != nil || args.ProjectRef != "" || args.ProjectConfig != "" || args.LocalClusters != "" || args.LocalDeployment != "" || args.LocalSealedSecrets != "" {
-			return nil, fmt.Errorf("--from-archive can not be combined with any other project related option")
-		}
-		err := p.loadFromArchive()
-		if err != nil {
-			return nil, err
-		}
-		return p, nil
-	} else {
-		err := p.loadKluctlProject()
-		if err != nil {
-			return nil, err
-		}
-		err = p.loadTargets()
-		if err != nil {
-			return nil, err
-		}
-		return p, nil
+	err := p.loadKluctlProject()
+	if err != nil {
+		return nil, err
+	}
+	err = p.loadTargets()
+	if err != nil {
+		return nil, err
 	}
+	return p, nil
 }
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index d19f515e8..ee616243a 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -15,8 +15,7 @@ type LoadedKluctlProject struct {
 
 	loadArgs LoadKluctlProjectArgs
 
-	TmpDir     string
-	archiveDir string
+	TmpDir string
 
 	projectRootDir string
 	ProjectDir     string
diff --git a/pkg/kluctl_project/project_archive.go b/pkg/kluctl_project/project_archive.go
deleted file mode 100644
index dd80a258e..000000000
--- a/pkg/kluctl_project/project_archive.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package kluctl_project
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"fmt"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-)
-
-func (c *LoadedKluctlProject) loadFromArchive() error {
-	var dir string
-	if utils.IsFile(c.loadArgs.FromArchive) {
-		dir = filepath.Join(c.TmpDir, "archive")
-		err := utils.ExtractTarGzFile(c.loadArgs.FromArchive, dir)
-		if err != nil {
-			return fmt.Errorf("failed to extract archive %v: %w", c.loadArgs.FromArchive, err)
-		}
-	} else {
-		dir = c.loadArgs.FromArchive
-	}
-
-	var pmdPath string
-	if c.loadArgs.FromArchiveMetadata != "" {
-		pmdPath = c.loadArgs.FromArchiveMetadata
-	} else {
-		pmdPath = yaml.FixPathExt(filepath.Join(dir, "project-metadata.yml"))
-	}
-
-	var pmd types2.ProjectMetadata
-	err := yaml.ReadYamlFile(pmdPath, &pmd)
-	if err != nil {
-		return err
-	}
-
-	var amd types2.ArchiveMetadata
-	err = yaml.ReadYamlFile(yaml.FixPathExt(filepath.Join(dir, "archive-metadata.yml")), &amd)
-	if err != nil {
-		return err
-	}
-
-	c.loadArgs.RepoRoot = filepath.Join(dir, amd.ProjectRootDir)
-	c.loadArgs.ProjectDir = filepath.Join(dir, amd.ProjectRootDir, amd.ProjectSubDir)
-
-	err = utils.CheckInDir(dir, c.loadArgs.RepoRoot)
-	if err != nil {
-		return err
-	}
-	err = utils.CheckInDir(dir, c.loadArgs.ProjectDir)
-	if err != nil {
-		return err
-	}
-
-	c.archiveDir = dir
-	c.DynamicTargets = pmd.Targets
-
-	err = c.loadKluctlProject()
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *LoadedKluctlProject) WriteArchive(archivePath string, embedProjectMetadata bool) error {
-	f, err := os.Create(archivePath)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	gz := gzip.NewWriter(f)
-	defer gz.Close()
-	tw := tar.NewWriter(gz)
-	defer tw.Close()
-
-	filter := func(h *tar.Header, size int64) (*tar.Header, error) {
-		if strings.HasSuffix(strings.ToLower(h.Name), ".git") {
-			return nil, nil
-		}
-		h.Uid = 0
-		h.Gid = 0
-		h.Uname = ""
-		h.Gname = ""
-		h.ModTime = time.Time{}
-		h.ChangeTime = time.Time{}
-		h.AccessTime = time.Time{}
-		return h, nil
-	}
-
-	if embedProjectMetadata {
-		err = yaml.WriteYamlToTar(tw, c.GetMetadata(), "project-metadata.yaml")
-		if err != nil {
-			return nil
-		}
-	}
-
-	amd := types2.ArchiveMetadata{
-		ProjectRootDir: "kluctl-project",
-	}
-
-	amd.ProjectSubDir, err = filepath.Rel(c.projectRootDir, c.ProjectDir)
-	if err != nil {
-		return err
-	}
-
-	err = yaml.WriteYamlToTar(tw, &amd, "archive-metadata.yaml")
-	if err != nil {
-		return nil
-	}
-
-	if err = utils.AddToTar(tw, c.projectRootDir, "kluctl-project", filter); err != nil {
-		return err
-	}
-	gitReposBaseDir := filepath.Join(c.TmpDir, "git")
-	if utils.Exists(gitReposBaseDir) {
-		err = utils.AddToTar(tw, gitReposBaseDir, "git", filter)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 77cba9795..a409b3de7 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -16,19 +16,16 @@ import (
 )
 
 type LoadKluctlProjectArgs struct {
-	RepoRoot            string
-	ProjectDir          string
-	ProjectUrl          *git_url.GitUrl
-	ProjectRef          string
-	ProjectConfig       string
-	LocalClusters       string
-	LocalDeployment     string
-	LocalSealedSecrets  string
-	FromArchive         string
-	FromArchiveMetadata string
-
-	AllowGitClone bool
-	RP            repoprovider.RepoProvider
+	RepoRoot           string
+	ProjectDir         string
+	ProjectUrl         *git_url.GitUrl
+	ProjectRef         string
+	ProjectConfig      string
+	LocalClusters      string
+	LocalDeployment    string
+	LocalSealedSecrets string
+
+	RP repoprovider.RepoProvider
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
@@ -145,16 +142,9 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		}
 	}
 
-	if c.loadArgs.AllowGitClone {
-		err = os.MkdirAll(filepath.Join(c.TmpDir, "git"), 0o755)
-		if err != nil {
-			return err
-		}
-
-		err = c.updateGitCaches()
-		if err != nil {
-			return err
-		}
+	err = c.updateGitCaches()
+	if err != nil {
+		return err
 	}
 
 	s := status.Start(c.ctx, "Loading kluctl project")
diff --git a/pkg/types/metadata.go b/pkg/types/metadata.go
index 028510789..f734de0ad 100644
--- a/pkg/types/metadata.go
+++ b/pkg/types/metadata.go
@@ -3,8 +3,3 @@ package types
 type ProjectMetadata struct {
 	Targets []*DynamicTarget `yaml:"targets"`
 }
-
-type ArchiveMetadata struct {
-	ProjectRootDir string `yaml:"projectRootDir"`
-	ProjectSubDir  string `yaml:"projectSubDir"`
-}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index da4f11531..03faf654e 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -38,7 +38,7 @@ func newTestDir(t *testing.T) string {
 }
 
 func newRP(t *testing.T) repoprovider.RepoProvider {
-	grc := repoprovider.NewMirroredGitRepoCollection(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+	grc := repoprovider.NewLiveRepoProvider(context.TODO(), auth.NewDefaultAuthProviders(), 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 501b6289d4283b3791db2aa1181aefc602f6b064 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 16:40:18 +0200
Subject: [PATCH 0233/2268] fix: Fix locking of cloneDynamicTargets mutx

---
 pkg/kluctl_project/targets.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 828e4ec8c..827982764 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -228,10 +228,11 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 		if targetInfo.gitProject == nil {
 			continue
 		}
+		mutex.Lock()
 		if _, ok := uniqueClones[targetInfo.dir]; ok {
+			mutex.Unlock()
 			continue
 		}
-		mutex.Lock()
 		uniqueClones[targetInfo.dir] = nil
 		mutex.Unlock()
 

From 8e181c3a0b0fe385a18513b45c2707af071f0b68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 May 2022 16:42:22 +0200
Subject: [PATCH 0234/2268] fix: Fix handling of default refs in
 LiveRepoProvider

---
 pkg/git/mirrored_repo.go     |  4 ++++
 pkg/git/repoprovider/live.go | 26 +++++++++++++++++++-------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 83fc777e5..81525865e 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -55,6 +55,10 @@ func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl) (*MirroredGitRepo
 	return o, nil
 }
 
+func (g *MirroredGitRepo) Url() git_url.GitUrl {
+	return g.url
+}
+
 func (g *MirroredGitRepo) HasUpdated() bool {
 	return g.hasUpdated
 }
diff --git a/pkg/git/repoprovider/live.go b/pkg/git/repoprovider/live.go
index f1a67b490..9d877b6ae 100644
--- a/pkg/git/repoprovider/live.go
+++ b/pkg/git/repoprovider/live.go
@@ -110,12 +110,7 @@ func (rp *LiveRepoProvider) getEntry(url git_url.GitUrl, allowCreate bool, lockR
 	return e, nil
 }
 
-func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
-	e, err := rp.getEntry(url, true, true, true)
-	if err != nil {
-		return RepoInfo{}, err
-	}
-
+func (e *entry) getRepoInfo() (RepoInfo, error) {
 	remoteRefs, err := e.mr.RemoteRefHashesMap()
 	if err != nil {
 		return RepoInfo{}, err
@@ -127,7 +122,7 @@ func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
 	}
 
 	info := RepoInfo{
-		Url:        url,
+		Url:        e.mr.Url(),
 		RemoteRefs: remoteRefs,
 		DefaultRef: defaultRef,
 	}
@@ -135,12 +130,29 @@ func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
 	return info, nil
 }
 
+func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
+	e, err := rp.getEntry(url, true, true, true)
+	if err != nil {
+		return RepoInfo{}, err
+	}
+
+	return e.getRepoInfo()
+}
+
 func (rp *LiveRepoProvider) GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error) {
 	e, err := rp.getEntry(url, true, true, true)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
 
+	if ref == "" {
+		ref, err = e.mr.DefaultRef()
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
+		ref = path.Base(ref)
+	}
+
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 

From c9d9b57954492b4cff5e5d57c35ceed9c8f0bd11 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 May 2022 19:16:33 +0200
Subject: [PATCH 0235/2268] feat: Only load cluster and client config when
 necessary

This commit will also remove the cluster name from the secrets hash
calculation, which will cause resealing of all secrets.
---
 cmd/kluctl/commands/cmd_seal.go      |  6 +--
 pkg/kluctl_project/target_context.go | 60 +++++++++-------------------
 pkg/kluctl_project/targets.go        | 12 +++---
 pkg/seal/sealer.go                   | 19 ++++-----
 4 files changed, 35 insertions(+), 62 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 531fb13b4..65fe92997 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -66,11 +66,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 
-		clusterConfig, _, err := p.LoadClusterConfig(ctx.targetCtx.Target.Cluster, ctx.targetCtx.Target.Context)
-		if err != nil {
-			return doFail(err)
-		}
-		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName, clusterConfig.Cluster, cmd.ForceReseal)
+		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName, cmd.ForceReseal)
 		if err != nil {
 			return doFail(err)
 		}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 9237562fe..2e4ac84bb 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -12,7 +12,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
 )
 
@@ -117,15 +116,21 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		contextName = target.Context
 	}
 
-	clusterConfig, clientConfig, err := p.LoadClusterConfig(clusterName, contextName)
+	clientConfig, restConfig, err := p.loadArgs.ClientConfigGetter(contextName)
 	if err != nil {
 		return doError(err)
 	}
 
 	varsCtx := vars.NewVarsCtx(p.J2)
-	err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
-	if err != nil {
-		return doError(err)
+	if clusterName != nil {
+		clusterConfig, err := p.LoadClusterConfig(*clusterName)
+		if err != nil {
+			return doError(err)
+		}
+		err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
+		if err != nil {
+			return doError(err)
+		}
 	}
 	targetVars, err := uo.FromStruct(target)
 	if err != nil {
@@ -162,7 +167,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 
 	varsCtx.UpdateChild("args", allArgs)
 
-	return varsCtx, clientConfig, clusterConfig.Cluster.Context, nil
+	return varsCtx, clientConfig, restConfig.CurrentContext, nil
 }
 
 func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, error) {
@@ -195,45 +200,18 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 	return nil
 }
 
-func (p *LoadedKluctlProject) LoadClusterConfig(clusterName *string, contextName *string) (*types.ClusterConfig, *rest.Config, error) {
+func (p *LoadedKluctlProject) LoadClusterConfig(clusterName string) (*types.ClusterConfig, error) {
 	var err error
 	var clusterConfig *types.ClusterConfig
 
-	if clusterName != nil {
-		p.warnOnce.Do("cluster-config", func() {
-			status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
-		})
-
-		clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, *clusterName)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
+	p.warnOnce.Do("cluster-config", func() {
+		status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
+	})
 
-	var clientConfig *rest.Config
-	if clusterConfig != nil {
-		clientConfig, _, err = p.loadArgs.ClientConfigGetter(&clusterConfig.Cluster.Context)
-		if err != nil {
-			return nil, nil, err
-		}
-	} else {
-		var rawConfig *api.Config
-		clientConfig, rawConfig, err = p.loadArgs.ClientConfigGetter(contextName)
-		if err != nil {
-			return nil, nil, err
-		}
-		ctx, ok := rawConfig.Contexts[rawConfig.CurrentContext]
-		if !ok {
-			return nil, nil, fmt.Errorf("context %s not found", rawConfig.CurrentContext)
-		}
-		clusterConfig = &types.ClusterConfig{
-			Cluster: &types.ClusterConfig2{
-				Name:    ctx.Cluster,
-				Context: rawConfig.CurrentContext,
-				Vars:    uo.New(),
-			},
-		}
+	clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, clusterName)
+	if err != nil {
+		return nil, err
 	}
 
-	return clusterConfig, clientConfig, nil
+	return clusterConfig, nil
 }
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 827982764..7911a2811 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -88,11 +88,13 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 			return nil, err
 		}
 
-		cc, _, err := c.LoadClusterConfig(target.Cluster, target.Context)
-		if err == nil {
-			err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
-			if err != nil {
-				return nil, err
+		if target.Cluster != nil {
+			cc, err := c.LoadClusterConfig(*target.Cluster)
+			if err == nil {
+				err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
+				if err != nil {
+					return nil, err
+				}
 			}
 		}
 
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 93d1af66f..80309e6a7 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -10,7 +10,6 @@ import (
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -28,18 +27,16 @@ const hashAnnotation = "kluctl.io/sealedsecret-hashes"
 const clusterIdAnnotation = "kluctl.io/sealedsecret-cluster-id"
 
 type Sealer struct {
-	ctx           context.Context
-	clusterConfig *types.ClusterConfig2
-	forceReseal   bool
-	cert          *rsa.PublicKey
-	clusterId     string
+	ctx         context.Context
+	forceReseal bool
+	cert        *rsa.PublicKey
+	clusterId   string
 }
 
-func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, clusterConfig *types.ClusterConfig2, forceReseal bool) (*Sealer, error) {
+func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, forceReseal bool) (*Sealer, error) {
 	s := &Sealer{
-		ctx:           ctx,
-		clusterConfig: clusterConfig,
-		forceReseal:   forceReseal,
+		ctx:         ctx,
+		forceReseal: forceReseal,
 	}
 	cert, err := fetchCert(ctx, k, sealedSecretsNamespace, sealedSecretsControllerName)
 	if err != nil {
@@ -93,7 +90,7 @@ func (s *Sealer) doHash(key string, secret []byte, secretName string, secretName
 	if secretNamespace == "" {
 		secretNamespace = "*"
 	}
-	salt := fmt.Sprintf("%s-%s-%s-%s", s.clusterConfig.Name, secretName, secretNamespace, key)
+	salt := fmt.Sprintf("%s-%s-%s", secretName, secretNamespace, key)
 	if scope != "strict" {
 		salt += "-" + scope
 	}

From f686192104dba5dbdaa6e9b495f58333271278ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 May 2022 19:18:22 +0200
Subject: [PATCH 0236/2268] fix: Reuse sealed secrets gathering code in sealing
 and resolving phases

Before this, the seal command used a different logic to find sealed
secrets then the resolving code, causing some issues.
---
 pkg/deployment/commands/seal.go         |  38 ++++---
 pkg/deployment/deployment_collection.go |   2 +-
 pkg/deployment/deployment_item.go       | 130 ++++++++++++++++--------
 3 files changed, 107 insertions(+), 63 deletions(-)

diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
index c8c3e37a5..bd9eccc2e 100644
--- a/pkg/deployment/commands/seal.go
+++ b/pkg/deployment/commands/seal.go
@@ -2,12 +2,9 @@ package commands
 
 import (
 	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
-	"io/fs"
 	"path/filepath"
-	"strings"
 )
 
 type SealCommand struct {
@@ -27,26 +24,25 @@ func NewSealCommand(c *deployment.DeploymentCollection, outputPattern string, re
 }
 
 func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
-	err := filepath.WalkDir(cmd.renderDir, func(p string, d fs.DirEntry, err error) error {
-		if !strings.HasSuffix(p, deployment.SealmeExt) {
-			return nil
-		}
-
-		relPath, err := filepath.Rel(cmd.renderDir, p)
-		if err != nil {
-			return err
-		}
-		relTargetFile := filepath.Join(filepath.Dir(relPath), cmd.outputPattern, filepath.Base(p))
-		targetFile, err := securejoin.SecureJoin(cmd.sealedSecretsDir, relTargetFile)
+	for _, di := range cmd.c.Deployments {
+		sealedSecrets, err := di.ListSealedSecrets("")
 		if err != nil {
 			return err
 		}
-		targetFile = targetFile[:len(targetFile)-len(deployment.SealmeExt)]
-		err = sealer.SealFile(p, targetFile)
-		if err != nil {
-			return fmt.Errorf("failed sealing %s: %w", filepath.Base(p), err)
+
+		for _, relPath := range sealedSecrets {
+			sealmeFile := filepath.Join(di.RenderedDir, relPath+deployment.SealmeExt)
+			targetFile, err := di.BuildSealedSecretPath(relPath)
+			if err != nil {
+				return err
+			}
+
+			err = sealer.SealFile(sealmeFile, targetFile)
+			if err != nil {
+				return fmt.Errorf("failed sealing %s: %w", filepath.Base(relPath), err)
+			}
 		}
-		return nil
-	})
-	return err
+	}
+
+	return nil
 }
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 698dba2bf..9b1a99789 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -148,7 +148,7 @@ func (c *DeploymentCollection) resolveSealedSecrets() error {
 	}
 
 	for _, d := range c.Deployments {
-		err := d.resolveSealedSecrets("")
+		err := d.resolveSealedSecrets()
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index f0e89f5ff..b9e36c547 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -2,7 +2,6 @@ package deployment
 
 import (
 	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -38,8 +37,8 @@ type DeploymentItem struct {
 
 	RelToSourceItemDir  string
 	RelToProjectItemDir string
-	relRenderedDir      string
-	renderedDir         string
+	RelRenderedDir      string
+	RenderedDir         string
 	renderedYamlPath    string
 }
 
@@ -70,13 +69,13 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 			return nil, err
 		}
 
-		di.relRenderedDir = di.RelToSourceItemDir
+		di.RelRenderedDir = di.RelToSourceItemDir
 		if di.index != 0 {
-			di.relRenderedDir = fmt.Sprintf("%s-%d", di.relRenderedDir, di.index)
+			di.RelRenderedDir = fmt.Sprintf("%s-%d", di.RelRenderedDir, di.index)
 		}
 
-		di.renderedDir = filepath.Join(collection.ctx.RenderDir, di.Project.source.id, di.relRenderedDir)
-		di.renderedYamlPath = filepath.Join(di.renderedDir, ".rendered.yml")
+		di.RenderedDir = filepath.Join(collection.ctx.RenderDir, di.Project.source.id, di.RelRenderedDir)
+		di.renderedYamlPath = filepath.Join(di.RenderedDir, ".rendered.yml")
 	}
 	return di, nil
 }
@@ -107,7 +106,7 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 		return nil
 	}
 
-	err := os.MkdirAll(di.renderedDir, 0o700)
+	err := os.MkdirAll(di.RenderedDir, 0o700)
 	if err != nil {
 		return err
 	}
@@ -147,7 +146,7 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 	}
 
 	wp.Submit(func() error {
-		return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.renderedDir)
+		return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.RenderedDir)
 	})
 
 	return nil
@@ -158,13 +157,13 @@ func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error
 		return nil
 	}
 
-	err := filepath.Walk(di.renderedDir, func(p string, info fs.FileInfo, err error) error {
+	err := filepath.Walk(di.RenderedDir, func(p string, info fs.FileInfo, err error) error {
 		if !strings.HasSuffix(p, "helm-chart.yml") && !strings.HasSuffix(p, "helm-chart.yaml") {
 			return nil
 		}
 
 		wp.Submit(func() error {
-			subDir, err := filepath.Rel(di.renderedDir, filepath.Dir(p))
+			subDir, err := filepath.Rel(di.RenderedDir, filepath.Dir(p))
 			if err != nil {
 				return err
 			}
@@ -185,7 +184,7 @@ func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error
 					}
 				}
 				if !found {
-					return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.relRenderedDir, chart.GetOutputPath())
+					return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.RelRenderedDir, chart.GetOutputPath())
 				}
 			}
 
@@ -199,57 +198,106 @@ func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error
 	return nil
 }
 
-func (di *DeploymentItem) resolveSealedSecrets(subdir string) error {
+func (di *DeploymentItem) ListSealedSecrets(subdir string) ([]string, error) {
+	var ret []string
+
 	if di.dir == nil {
-		return nil
+		return nil, nil
 	}
 
-	sealedSecretsDir := di.Project.getRenderedOutputPattern()
-	baseSourcePath := di.Project.ctx.SealedSecretsDir
-
-	renderedDir := filepath.Join(di.renderedDir, subdir)
+	renderedDir := filepath.Join(di.RenderedDir, subdir)
 
 	// ensure we're not leaving the project
 	err := utils.CheckSubInDir(di.Project.source.dir, subdir)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	y, err := uo.FromFile(yaml.FixPathExt(filepath.Join(renderedDir, "kustomization.yml")))
 	if err != nil {
-		return err
+		return nil, err
 	}
 	l, _, err := y.GetNestedStringList("resources")
 	if err != nil {
-		return err
+		return nil, err
 	}
 	for _, resource := range l {
-		p := filepath.Join(renderedDir, resource)
-		if utils.IsDirectory(p) {
-			err = di.resolveSealedSecrets(filepath.Join(subdir, resource))
-			if err != nil {
-				return err
-			}
+		p := filepath.Clean(filepath.Join(renderedDir, resource))
+
+		isDir := utils.IsDirectory(p)
+		isSealedSecret := !utils.Exists(p) && utils.Exists(p+SealmeExt)
+		if !isDir && !isSealedSecret {
 			continue
 		}
-		if utils.Exists(p) || !utils.Exists(p+SealmeExt) {
-			continue
+
+		relPath, err := filepath.Rel(di.RenderedDir, p)
+		if err != nil {
+			return nil, err
 		}
-		relDir, err := filepath.Rel(renderedDir, filepath.Dir(p))
+
+		relPath = filepath.Clean(relPath)
+
+		// ensure we're not leaving the project
+		err = utils.CheckSubInDir(di.Project.source.dir, relPath)
 		if err != nil {
-			return err
+			return nil, err
+		}
+
+		if isDir {
+			ret2, err := di.ListSealedSecrets(relPath)
+			if err != nil {
+				return nil, err
+			}
+			ret = append(ret, ret2...)
+		} else {
+			ret = append(ret, relPath)
 		}
-		fname := filepath.Base(p)
+	}
+	return ret, nil
+}
 
-		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", filepath.Clean(filepath.Join(di.Project.absDir, resource)))
+func (di *DeploymentItem) BuildSealedSecretPath(relPath string) (string, error) {
+	sealedSecretsDir := di.Project.getRenderedOutputPattern()
+	baseSourcePath := di.Project.ctx.SealedSecretsDir
 
-		// ensure we're not leaving the .sealed-secrets dir
-		sourcePath, err := securejoin.SecureJoin(baseSourcePath, filepath.Join(di.relRenderedDir, subdir, relDir, sealedSecretsDir, fname))
+	relDir := filepath.Dir(relPath)
+	fname := filepath.Base(relPath)
+
+	// ensure we're not leaving the .sealed-secrets dir
+	sourcePath := filepath.Join(baseSourcePath, di.RelRenderedDir, relDir, sealedSecretsDir, fname)
+	err := utils.CheckInDir(baseSourcePath, sourcePath)
+	if err != nil {
+		return "", err
+	}
+	sourcePath = filepath.Clean(sourcePath)
+	return sourcePath, nil
+}
+
+func (di *DeploymentItem) resolveSealedSecrets() error {
+	if di.dir == nil {
+		return nil
+	}
+
+	sealedSecrets, err := di.ListSealedSecrets("")
+	if err != nil {
+		return err
+	}
+
+	for _, relPath := range sealedSecrets {
+		relDir := filepath.Dir(relPath)
 		if err != nil {
 			return err
 		}
-		sourcePath = filepath.Clean(sourcePath)
-		targetPath := filepath.Join(renderedDir, relDir, fname)
+		fname := filepath.Base(relPath)
+
+		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", relPath)
+
+		sourcePath, err := di.BuildSealedSecretPath(relPath)
+		if err != nil {
+			return fmt.Errorf("%s: %w", baseError, err)
+		}
+
+		targetPath := filepath.Join(di.RenderedDir, relDir, fname)
 		if !utils.IsFile(sourcePath) {
 			return fmt.Errorf("%s. %s not found. You might need to seal it first", baseError, sourcePath)
 		}
@@ -304,7 +352,7 @@ func (di *DeploymentItem) readKustomizationYaml(subDir string) (*uo.Unstructured
 		return nil, nil
 	}
 
-	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, subDir, "kustomization.yml"))
+	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, subDir, "kustomization.yml"))
 	if !utils.IsFile(kustomizeYamlPath) {
 		return nil, nil
 	}
@@ -318,7 +366,7 @@ func (di *DeploymentItem) readKustomizationYaml(subDir string) (*uo.Unstructured
 }
 
 func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) error {
-	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.renderedDir, "kustomization.yml"))
+	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, "kustomization.yml"))
 	return yaml.WriteYamlFile(kustomizeYamlPath, ky)
 }
 
@@ -365,7 +413,7 @@ func (di *DeploymentItem) buildKustomize() error {
 	k := krusty.MakeKustomizer(ko)
 
 	fsys := filesys.MakeFsOnDisk()
-	rm, err := k.Run(fsys, di.renderedDir)
+	rm, err := k.Run(fsys, di.RenderedDir)
 	if err != nil {
 		return err
 	}
@@ -453,7 +501,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			o.SetK8sAnnotations(uo.CopyMergeStrMap(o.GetK8sAnnotations(), commonAnnotations))
 
 			// Resolve image placeholders
-			err := images.ResolvePlaceholders(di.ctx.K, o, di.relRenderedDir, di.Tags.ListKeys())
+			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys())
 			if err != nil {
 				errList = append(errList, err)
 			}

From eda52d10077003f4ae046c00cc08740327c289e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 08:58:35 +0200
Subject: [PATCH 0237/2268] fix: Fix zombie jinja2 processes

We missed calling Wait() on the process.
---
 pkg/jinja2/jinja2_renderer.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index f52869396..f29ec2312 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"time"
 )
 
 type pythonJinja2Renderer struct {
@@ -75,7 +76,11 @@ func (j *pythonJinja2Renderer) Close() {
 	}
 	if j.cmd != nil {
 		if j.cmd.Process != nil {
-			_ = j.cmd.Process.Kill()
+			timer := time.AfterFunc(5*time.Second, func() {
+				_ = j.cmd.Process.Kill()
+			})
+			_ = j.cmd.Wait()
+			timer.Stop()
 		}
 		j.cmd = nil
 	}

From bef1faf818ef9a7513d4256777151c59862dd8f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 10:58:13 +0200
Subject: [PATCH 0238/2268] fix: Allow to pass nil DeploymentCollection to
 DeleteCommand

---
 pkg/deployment/commands/delete.go | 8 +++++++-
 pkg/utils/inclusion.go            | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index d794d355e..d4cb32fd8 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -6,6 +6,7 @@ import (
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type DeleteCommand struct {
@@ -31,10 +32,15 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Ob
 		labels = cmd.c.Project.GetCommonLabels()
 	}
 
+	var inclusion *utils.Inclusion
+	if cmd.c != nil {
+		inclusion = cmd.c.Inclusion
+	}
+
 	err := ru.UpdateRemoteObjects(k, labels, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	return utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(cmd.c.Inclusion), cmd.c.Inclusion.HasType("tags"), nil)
+	return utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(inclusion), inclusion.HasType("tags"), nil)
 }
diff --git a/pkg/utils/inclusion.go b/pkg/utils/inclusion.go
index 63990cf7c..5300f269f 100644
--- a/pkg/utils/inclusion.go
+++ b/pkg/utils/inclusion.go
@@ -26,6 +26,9 @@ func (inc *Inclusion) AddExclude(typ string, value string) {
 }
 
 func (inc *Inclusion) HasType(typ string) bool {
+	if inc == nil {
+		return false
+	}
 	for e, _ := range inc.includes {
 		if e.Type == typ {
 			return true
@@ -49,6 +52,9 @@ func (inc *Inclusion) checkList(l []InclusionEntry, m map[InclusionEntry]bool) b
 }
 
 func (inc *Inclusion) CheckIncluded(l []InclusionEntry, excludeIfNotIncluded bool) bool {
+	if inc == nil {
+		return true
+	}
 	if len(inc.includes) == 0 && len(inc.excludes) == 0 {
 		return true
 	}

From aa47679c2306e732c2aed34d89311e6eedc569cc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 11:20:55 +0200
Subject: [PATCH 0239/2268] fix: Remove WaitForOpenapiInitDone as it is not
 needed anymore

Improvements in kustomize resulted in quite some speedup in openapi
loading, so this is not needed anymore.
---
 pkg/deployment/deployment_item.go |  2 --
 pkg/k8s/fake_client_factory.go    |  3 ---
 pkg/utils/init_kyaml.go           | 30 ------------------------------
 3 files changed, 35 deletions(-)
 delete mode 100644 pkg/utils/init_kyaml.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b9e36c547..b7ca38e17 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -407,8 +407,6 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
-	utils.WaitForOpenapiInitDone()
-
 	ko := krusty.MakeDefaultOptions()
 	k := krusty.MakeKustomizer(ko)
 
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 8af606ad5..8bc1169f2 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -1,7 +1,6 @@
 package k8s
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	v1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -65,8 +64,6 @@ func NewFakeClientFactory(objects ...runtime.Object) ClientFactory {
 }
 
 func ConvertSchemeToAPIResources(s *runtime.Scheme) []*metav1.APIResourceList {
-	utils.WaitForOpenapiInitDone()
-
 	m := map[schema.GroupVersion][]metav1.APIResource{}
 
 	for gvk, _ := range s.AllKnownTypes() {
diff --git a/pkg/utils/init_kyaml.go b/pkg/utils/init_kyaml.go
deleted file mode 100644
index a25bddbb0..000000000
--- a/pkg/utils/init_kyaml.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package utils
-
-import (
-	"sigs.k8s.io/kustomize/kyaml/openapi"
-	yaml2 "sigs.k8s.io/kustomize/kyaml/yaml"
-	"sync"
-)
-
-var openapiInitDoneMutex sync.Mutex
-var openapiInitDoneOnce sync.Once
-
-func WaitForOpenapiInitDone() {
-	openapiInitDoneOnce.Do(func() {
-		openapiInitDoneMutex.Lock()
-		openapiInitDoneMutex.Unlock()
-	})
-}
-
-func init() {
-	openapiInitDoneMutex.Lock()
-	go func() {
-		// we do a single call to IsNamespaceScoped to enforce openapi schema initialization
-		// this is required here to ensure that it is later not done in parallel which would cause race conditions
-		openapi.IsNamespaceScoped(yaml2.TypeMeta{
-			APIVersion: "",
-			Kind:       "ConfigMap",
-		})
-		openapiInitDoneMutex.Unlock()
-	}()
-}

From 7270131a4dda803244a8b913c91a8256229c8d42 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 11:21:40 +0200
Subject: [PATCH 0240/2268] fix: Don't write yamls to disk in buildKustomize

And also avoid loading this yaml back into memory. We can simply use the
in-memory result of the kustomize run.
---
 pkg/deployment/deployment_collection.go |  9 ++-----
 pkg/deployment/deployment_item.go       | 31 +++----------------------
 2 files changed, 5 insertions(+), 35 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 9b1a99789..be086ebb2 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -195,14 +195,9 @@ func (c *DeploymentCollection) buildKustomizeObjects() error {
 
 		wg.Add(1)
 		go func() {
-			err := d.loadObjects()
+			err := d.postprocessCRDs()
 			if err != nil {
-				handleError(fmt.Errorf("loading objects failed: %w", err))
-			} else {
-				err = d.postprocessCRDs()
-				if err != nil {
-					handleError(fmt.Errorf("postprocessing CRDs failed: %w", err))
-				}
+				handleError(fmt.Errorf("postprocessing CRDs failed: %w", err))
 			}
 			wg.Done()
 		}()
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b7ca38e17..7afc98470 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -416,41 +416,16 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
-	var yamls []interface{}
+	di.Objects = nil
 	for _, r := range rm.Resources() {
 		y, err := r.Map()
 		if err != nil {
 			return err
 		}
-		yamls = append(yamls, y)
+		o := uo.FromMap(y)
+		di.Objects = append(di.Objects, o)
 	}
 
-	err = yaml.WriteYamlAllFile(di.renderedYamlPath, yamls)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (di *DeploymentItem) loadObjects() error {
-	if di.dir == nil {
-		return nil
-	}
-
-	objects, err := yaml.ReadYamlAllFile(di.renderedYamlPath)
-	if err != nil {
-		return err
-	}
-
-	di.Objects = []*uo.UnstructuredObject{}
-	for _, o := range objects {
-		m, ok := o.(map[string]interface{})
-		if !ok {
-			return fmt.Errorf("object is not a map")
-		}
-		di.Objects = append(di.Objects, uo.FromMap(m))
-	}
 	return nil
 }
 

From 6509923813653c7645ad0924849f9a2140ffb7f7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 11:42:07 +0200
Subject: [PATCH 0241/2268] fix: Use secureBuildKustomization from Flux
 kustomize-controller

This fixes multiple issues at once, see the comment of the function for
details.
---
 go.mod                            |  1 +
 go.sum                            |  4 +-
 pkg/deployment/deployment_item.go | 22 +++++------
 pkg/utils/kustomize.go            | 62 +++++++++++++++++++++++++++++++
 4 files changed, 75 insertions(+), 14 deletions(-)
 create mode 100644 pkg/utils/kustomize.go

diff --git a/go.mod b/go.mod
index f9447d54d..e0968119e 100644
--- a/go.mod
+++ b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
+	github.com/fluxcd/pkg/kustomize v0.5.1
 	github.com/gammazero/workerpool v1.1.2
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
diff --git a/go.sum b/go.sum
index 851e2a68e..ba0bc3d06 100644
--- a/go.sum
+++ b/go.sum
@@ -314,6 +314,8 @@ github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
+github.com/fluxcd/pkg/kustomize v0.5.1 h1:151Ih34ltxN2z1e2mA5AvQONyE6phc4es57oVK3+plU=
+github.com/fluxcd/pkg/kustomize v0.5.1/go.mod h1:58MFITy24bIbGI6cC3JkV/YpFQj648sVvgs0K1kraJw=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -885,7 +887,7 @@ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGV
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
+github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 7afc98470..51957e455 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -12,8 +12,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
-	"sigs.k8s.io/kustomize/api/filesys"
-	"sigs.k8s.io/kustomize/api/krusty"
 	"strings"
 )
 
@@ -35,11 +33,12 @@ type DeploymentItem struct {
 	Objects []*uo.UnstructuredObject
 	Tags    *utils.OrderedMap
 
-	RelToSourceItemDir  string
-	RelToProjectItemDir string
-	RelRenderedDir      string
-	RenderedDir         string
-	renderedYamlPath    string
+	RenderedSourceRootDir string
+	RelToSourceItemDir    string
+	RelToProjectItemDir   string
+	RelRenderedDir        string
+	RenderedDir           string
+	renderedYamlPath      string
 }
 
 func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection *DeploymentCollection, config *types.DeploymentItemConfig, dir *string, index int) (*DeploymentItem, error) {
@@ -74,7 +73,8 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 			di.RelRenderedDir = fmt.Sprintf("%s-%d", di.RelRenderedDir, di.index)
 		}
 
-		di.RenderedDir = filepath.Join(collection.ctx.RenderDir, di.Project.source.id, di.RelRenderedDir)
+		di.RenderedSourceRootDir = filepath.Join(collection.ctx.RenderDir, di.Project.source.id)
+		di.RenderedDir = filepath.Join(di.RenderedSourceRootDir, di.RelRenderedDir)
 		di.renderedYamlPath = filepath.Join(di.RenderedDir, ".rendered.yml")
 	}
 	return di, nil
@@ -407,11 +407,7 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
-	ko := krusty.MakeDefaultOptions()
-	k := krusty.MakeKustomizer(ko)
-
-	fsys := filesys.MakeFsOnDisk()
-	rm, err := k.Run(fsys, di.RenderedDir)
+	rm, err := utils.SecureBuildKustomization(di.RenderedSourceRootDir, di.RenderedDir, true)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/utils/kustomize.go b/pkg/utils/kustomize.go
new file mode 100644
index 000000000..21fbe4fe2
--- /dev/null
+++ b/pkg/utils/kustomize.go
@@ -0,0 +1,62 @@
+/*
+Code in this file is copied from https://github.com/fluxcd/kustomize-controller/blob/main/controllers/kustomization_generator.go
+*/
+
+package utils
+
+import (
+	"fmt"
+	securefs "github.com/fluxcd/pkg/kustomize/filesys"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/api/resmap"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sync"
+)
+
+// TODO: remove mutex when kustomize fixes the concurrent map read/write panic
+var kustomizeBuildMutex sync.Mutex
+
+// SecureBuildKustomization wraps krusty.MakeKustomizer with the following settings:
+//  - secure on-disk FS denying operations outside root
+//  - load files from outside the kustomization dir path
+//    (but not outside root)
+//  - disable plugins except for the builtin ones
+func SecureBuildKustomization(root, dirPath string, allowRemoteBases bool) (_ resmap.ResMap, err error) {
+	var fs filesys.FileSystem
+
+	// Create secure FS for root with or without remote base support
+	if allowRemoteBases {
+		fs, err = securefs.MakeFsOnDiskSecureBuild(root)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		fs, err = securefs.MakeFsOnDiskSecure(root)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Temporary workaround for concurrent map read and map write bug
+	// https://github.com/kubernetes-sigs/kustomize/issues/3659
+	kustomizeBuildMutex.Lock()
+	defer kustomizeBuildMutex.Unlock()
+
+	// Kustomize tends to panic in unpredicted ways due to (accidental)
+	// invalid object data; recover when this happens to ensure continuity of
+	// operations
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("recovered from kustomize build panic: %v", r)
+		}
+	}()
+
+	buildOptions := &krusty.Options{
+		LoadRestrictions: kustypes.LoadRestrictionsNone,
+		PluginConfig:     kustypes.DisabledPluginConfig(),
+	}
+
+	k := krusty.MakeKustomizer(buildOptions)
+	return k.Run(fs, dirPath)
+}

From 8ef86b647c22473c839f1751cdd7390a707e366b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 11:44:33 +0200
Subject: [PATCH 0242/2268] ci: Fix branches pattern in Github workflow

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1ad4ff67a..0f3ffed05 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -3,7 +3,7 @@ name: tests
 on:
   push:
     branches:
-      - '*'
+      - '**'
 
 jobs:
   build:

From 47cb42b0659a107f3cd66d52485bc1dcc3142c34 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Mon, 30 May 2022 13:35:32 +0200
Subject: [PATCH 0243/2268] Feat/add seald secret vault support (token auth)
 (#28)

* feat: reformat new vars style

* feat: modify vault support

* fix: Run go mod tidy

Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 go.mod                    | 28 +++++++++++++
 go.sum                    | 88 +++++++++++++++++++++++++++++++++++++++
 pkg/types/vars_source.go  |  6 +++
 pkg/vars/vars_loader.go   | 11 +++++
 pkg/vars/vault/secrets.go | 31 ++++++++++++++
 5 files changed, 164 insertions(+)
 create mode 100644 pkg/vars/vault/secrets.go

diff --git a/go.mod b/go.mod
index e0968119e..3c936f079 100644
--- a/go.mod
+++ b/go.mod
@@ -18,6 +18,7 @@ require (
 	github.com/goccy/go-yaml v1.9.5
 	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/google/go-containerregistry v0.9.0
+	github.com/hashicorp/vault/api v1.6.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
@@ -74,8 +75,11 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
+	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
 	github.com/containerd/containerd v1.6.4 // indirect
@@ -105,6 +109,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
@@ -114,7 +119,24 @@ require (
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v1.2.0 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.4.3 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-uuid v1.0.2 // indirect
+	github.com/hashicorp/go-version v1.2.1 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/vault/sdk v0.5.0 // indirect
+	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
@@ -135,6 +157,7 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -146,11 +169,13 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/oklog/run v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
@@ -159,6 +184,7 @@ require (
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rubenv/sql-migrate v1.1.1 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/afero v1.8.2 // indirect
@@ -171,6 +197,7 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
+	go.uber.org/atomic v1.9.0 // indirect
 	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
@@ -181,6 +208,7 @@ require (
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.4 // indirect
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiserver v0.24.0 // indirect
diff --git a/go.sum b/go.sum
index ba0bc3d06..c0ed01965 100644
--- a/go.sum
+++ b/go.sum
@@ -93,6 +93,7 @@ github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
@@ -152,7 +153,11 @@ github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo=
+github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
@@ -188,6 +193,8 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
+github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
+github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
@@ -202,6 +209,8 @@ github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3/
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -299,6 +308,7 @@ github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
@@ -310,6 +320,8 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -319,6 +331,8 @@ github.com/fluxcd/pkg/kustomize v0.5.1/go.mod h1:58MFITy24bIbGI6cC3JkV/YpFQj648s
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
+github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -338,6 +352,7 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -360,6 +375,7 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -402,6 +418,8 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
 github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
 github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
@@ -476,6 +494,8 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
 github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
 github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8=
@@ -600,23 +620,61 @@ github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.3 h1:DXmvivbWD5qdiBts9TpBC7BYL1Aia5sxbRgQB+v6UZM=
+github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM=
+github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 h1:MBgwAFPUbfuI0+tmDU/aeM1MARvdbqWmiieXIalKqDE=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
+github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
+github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
+github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
@@ -627,6 +685,12 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
+github.com/hashicorp/vault/api v1.6.0 h1:B8UUYod1y1OoiGHq9GtpiqSnGOUEWHaA26AY8RQEDY4=
+github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc=
+github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ=
+github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -650,6 +714,8 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
+github.com/jhump/protoreflect v1.6.1 h1:4/2yi5LyDPP7nN+Hiird1SAJ6YoxUm13/oxHGRnbPd8=
 github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
 github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
@@ -672,6 +738,7 @@ github.com/josharian/txtarfs v0.0.0-20210218200122-0702f000015a/go.mod h1:izVPOv
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -813,6 +880,8 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
+github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
@@ -870,6 +939,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/ohler55/ojg v1.14.0 h1:DyHomsCwofNswmKj7BLMdx51xnKbXxgIo1rVWCaBcNk=
 github.com/ohler55/ojg v1.14.0/go.mod h1:3+GH+0PggMKocQtbZCrFifal3yRpHiBT4QUkxFJI6e8=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
@@ -899,6 +970,8 @@ github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
@@ -911,6 +984,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
+github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
+github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -931,6 +1006,7 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
+github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
@@ -945,6 +1021,7 @@ github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7q
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
@@ -954,6 +1031,7 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
@@ -992,6 +1070,9 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryancurrah/gomodguard v1.2.3/go.mod h1:rYbA/4Tg5c54mV1sv4sQTP5WOPBcoLtnBZ7/TEhXAbg=
 github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
+github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE=
 github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@@ -1085,6 +1166,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
 github.com/tomarrell/wrapcheck/v2 v2.4.0/go.mod h1:68bQ/eJg55BROaRTbMjC7vuhL2OgfoG8bLp9ZyoBfyY=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
 github.com/tommy-muehle/go-mnd/v2 v2.4.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
 github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
@@ -1178,6 +1260,8 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
@@ -1254,6 +1338,7 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1750,6 +1835,7 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
@@ -1793,6 +1879,8 @@ gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 84e15f393..006b9d2f4 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -37,6 +37,11 @@ type VarsSourceAwsSecretsManager struct {
 	Profile *string `yaml:"profile,omitempty"`
 }
 
+type VarsSourceVault struct {
+	Server string `yaml:"server" validate:"required"`
+	Key    string `yaml:"key" validate:"required"`
+}
+
 type VarsSource struct {
 	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
 	File              *string                             `yaml:"file,omitempty"`
@@ -47,6 +52,7 @@ type VarsSource struct {
 	SystemEnvVars     *uo.UnstructuredObject              `yaml:"systemEnvVars,omitempty"`
 	Http              *VarsSourceHttp                     `yaml:"http,omitempty"`
 	AwsSecretsManager *VarsSourceAwsSecretsManager        `yaml:"awsSecretsManager,omitempty"`
+	Vault             *VarsSourceVault                    `yaml:"vault,omitempty"`
 }
 
 func ValidateVarsSource(sl validator.StructLevel) {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 94a221422..2af7b09af 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -12,6 +12,7 @@ import (
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
@@ -81,6 +82,8 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return v.loadHttp(varsCtx, &source, rootKey)
 	} else if source.AwsSecretsManager != nil {
 		return v.loadAwsSecretsManager(varsCtx, &source, rootKey)
+	} else if source.Vault != nil {
+		return v.loadVault(varsCtx, &source, rootKey)
 	}
 	return fmt.Errorf("invalid vars source")
 }
@@ -139,6 +142,14 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 	return v.loadFromString(varsCtx, secret, rootKey)
 }
 
+func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
+	secret, err := vault.GetSecret(source.Vault.Server, source.Vault.Key)
+	if err != nil {
+		return err
+	}
+	return v.loadFromString(varsCtx, secret, rootKey)
+}
+
 func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
 	clonedDir, _, err := v.rp.GetClonedDir(gitFile.Url, gitFile.Ref)
 	if err != nil {
diff --git a/pkg/vars/vault/secrets.go b/pkg/vars/vault/secrets.go
new file mode 100644
index 000000000..0a05e6579
--- /dev/null
+++ b/pkg/vars/vault/secrets.go
@@ -0,0 +1,31 @@
+package vault
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/hashicorp/vault/api"
+)
+
+var httpClient = &http.Client{
+	Timeout: 15 * time.Second,
+}
+
+func GetSecret(server string, key string) (string, error) {
+	client, err := api.NewClient(&api.Config{Address: server, HttpClient: httpClient})
+	if err != nil {
+		return "", fmt.Errorf("failed to create vault %s client", server)
+	}
+	secret, err := client.Logical().Read(key)
+	if err != nil {
+		return "", fmt.Errorf("connection to vault %s failed", server)
+	}
+	if secret == nil || secret.Data == nil {
+		return "", fmt.Errorf("the specified vault secret was not found")
+	}
+	data, _ := secret.Data["data"].(map[string]interface{})
+	jsonData, _ := json.Marshal(data)
+	return string(jsonData), nil
+}

From 5d5f316f43424b44692666735f4a48e9e4a1159b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 15:58:44 +0200
Subject: [PATCH 0244/2268] fix: Move prompts handling into status handler

This allows to have prompts while there are still status lines being
displayed.

Fixes: #37
---
 cmd/kluctl/commands/cmd_delete.go          |  9 ++--
 cmd/kluctl/commands/cmd_deploy.go          | 10 ++--
 cmd/kluctl/commands/cmd_downscale.go       |  4 +-
 cmd/kluctl/commands/cmd_poke_images.go     |  4 +-
 cmd/kluctl/commands/cmd_prune.go           |  2 +-
 pkg/git/auth/list_auth_provider.go         |  2 +-
 pkg/git/auth/ssh_auth_provider.go          |  7 +--
 pkg/git/auth/ssh_known_hosts.go            | 14 ++---
 pkg/status/noop.go                         |  6 +++
 pkg/{utils/prompts.go => status/promts.go} | 61 +++++++---------------
 pkg/status/simple_status_handler.go        | 27 ++++++++++
 pkg/status/status.go                       |  7 +++
 pkg/status/status_handler.go               | 22 ++++++++
 pkg/utils/term/read_line.go                | 48 +++++++++++++++++
 pkg/utils/term/term_unix.go                | 38 ++++++++++++++
 pkg/utils/term/term_unix_bsd.go            | 13 +++++
 pkg/utils/term/term_unix_other.go          | 13 +++++
 pkg/utils/term/term_windows.go             | 37 +++++++++++++
 pkg/vars/vars_loader_http.go               |  4 +-
 19 files changed, 257 insertions(+), 71 deletions(-)
 rename pkg/{utils/prompts.go => status/promts.go} (51%)
 create mode 100644 pkg/utils/term/read_line.go
 create mode 100644 pkg/utils/term/term_unix.go
 create mode 100644 pkg/utils/term/term_unix_bsd.go
 create mode 100644 pkg/utils/term/term_unix_other.go
 create mode 100644 pkg/utils/term/term_windows.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 4911d9479..368ccd554 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -1,15 +1,16 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	utils2 "github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 )
 
@@ -59,7 +60,7 @@ func (cmd *deleteCmd) Run() error {
 		if err != nil {
 			return err
 		}
-		result, err := confirmedDeleteObjects(ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+		result, err := confirmedDeleteObjects(ctx.ctx, ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 		if err != nil {
 			return err
 		}
@@ -74,14 +75,14 @@ func (cmd *deleteCmd) Run() error {
 	})
 }
 
-func confirmedDeleteObjects(k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*types.CommandResult, error) {
+func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*types.CommandResult, error) {
 	if len(refs) != 0 {
 		_, _ = os.Stderr.WriteString("The following objects will be deleted:\n")
 		for _, ref := range refs {
 			_, _ = os.Stderr.WriteString(fmt.Sprintf("  %s\n", ref.String()))
 		}
 		if !forceYes && !dryRun {
-			if !utils2.AskForConfirmation(fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
+			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
 				return nil, fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index a2b6d70a9..8f2d5a8d4 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -4,9 +4,8 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"time"
 )
 
 type deployCmd struct {
@@ -78,9 +77,6 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 }
 
 func (cmd *deployCmd) diffResultCb(diffResult *types.CommandResult) error {
-	// workaround to ensure that progress has been completely written/updated
-	time.Sleep(130 * time.Millisecond)
-
 	err := outputCommandResult(nil, diffResult)
 	if err != nil {
 		return err
@@ -89,11 +85,11 @@ func (cmd *deployCmd) diffResultCb(diffResult *types.CommandResult) error {
 		return nil
 	}
 	if len(diffResult.Errors) != 0 {
-		if !utils.AskForConfirmation("\nThe diff resulted in errors, do you still want to proceed?") {
+		if !status.AskForConfirmation(cliCtx, "The diff resulted in errors, do you still want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	} else {
-		if !utils.AskForConfirmation("\nThe diff succeeded, do you want to proceed?") {
+		if !status.AskForConfirmation(cliCtx, "The diff succeeded, do you want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
index 304b5cb1c..ac2d0a610 100644
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ b/cmd/kluctl/commands/cmd_downscale.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
 type downscaleCmd struct {
@@ -37,7 +37,7 @@ func (cmd *downscaleCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterContext)) {
+			if !status.AskForConfirmation(cliCtx, fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 67e7c5d0a..e08e152c8 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
 type pokeImagesCmd struct {
@@ -37,7 +37,7 @@ func (cmd *pokeImagesCmd) Run() error {
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !utils.AskForConfirmation(fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterContext)) {
+			if !status.AskForConfirmation(cliCtx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index d9c25852a..3610aed88 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -47,7 +47,7 @@ func (cmd *pruneCmd) runCmdPrune(ctx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	result, err := confirmedDeleteObjects(ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+	result, err := confirmedDeleteObjects(ctx.ctx, ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 241a8d5b2..4faa19b70 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -67,7 +67,7 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 			if err != nil {
 				status.Trace(ctx, "Failed to parse private key: %v", err)
 			} else {
-				a.HostKeyCallback = buildVerifyHostCallback(e.KnownHosts)
+				a.HostKeyCallback = buildVerifyHostCallback(ctx, e.KnownHosts)
 				return AuthMethodAndCA{
 					AuthMethod: a,
 				}
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 686e90b47..0ec025aa1 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -43,7 +43,7 @@ func (a *sshDefaultIdentityAndAgent) ClientConfig() (*ssh.ClientConfig, error) {
 		User: a.user,
 		Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Signers)},
 	}
-	cc.HostKeyCallback = buildVerifyHostCallback(nil)
+	cc.HostKeyCallback = buildVerifyHostCallback(a.ctx, nil)
 	return cc, nil
 }
 
@@ -148,13 +148,14 @@ func (k *deferredPassphraseKey) getPassphrase() ([]byte, error) {
 		return passphrase, nil
 	}
 
-	passphraseStr, err := utils.AskForPassword(fmt.Sprintf("Enter passphrase for key '%s'", k.path))
+	passphraseStr, err := status.AskForPassword(k.ctx, fmt.Sprintf("Enter passphrase for key '%s'", k.path))
 	if err != nil {
 		k.a.passphrases[k.path] = nil
 		return nil, err
 	}
+	passphrase = []byte(passphraseStr)
 	k.a.passphrases[k.path] = passphrase
-	return []byte(passphraseStr), nil
+	return passphrase, nil
 }
 
 func (k *deferredPassphraseKey) parse() {
diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index e5d522d6e..ec5df2966 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -1,8 +1,10 @@
 package auth
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/crypto/ssh"
 	"net"
@@ -14,13 +16,13 @@ import (
 
 var askHostMutex sync.Mutex
 
-func buildVerifyHostCallback(knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+func buildVerifyHostCallback(ctx context.Context, knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 	return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-		return verifyHost(hostname, remote, key, knownHosts)
+		return verifyHost(ctx, hostname, remote, key, knownHosts)
 	}
 }
 
-func verifyHost(host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
+func verifyHost(ctx context.Context, host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
 	// Ensure only one prompt happens at a time
 	askHostMutex.Lock()
 	defer askHostMutex.Unlock()
@@ -85,14 +87,14 @@ func verifyHost(host string, remote net.Addr, key ssh.PublicKey, knownHosts []by
 		return fmt.Errorf("host not found and SSH_KNOWN_HOSTS has been set")
 	}
 
-	if !askIsHostTrusted(host, key) {
+	if !askIsHostTrusted(ctx, host, key) {
 		return fmt.Errorf("aborted")
 	}
 
 	return goph.AddKnownHost(host, remote, key, "")
 }
 
-func askIsHostTrusted(host string, key ssh.PublicKey) bool {
+func askIsHostTrusted(ctx context.Context, host string, key ssh.PublicKey) bool {
 	prompt := fmt.Sprintf("Unknown Host: %s\nFingerprint: %s\nWould you like to add it? ", host, ssh.FingerprintSHA256(key))
-	return utils.AskForConfirmation(prompt)
+	return status.AskForConfirmation(ctx, prompt)
 }
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index 1f30341a0..24c24ed5c 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -1,5 +1,7 @@
 package status
 
+import "fmt"
+
 type NoopStatusHandler struct {
 }
 
@@ -34,6 +36,10 @@ func (n NoopStatusHandler) PlainText(text string) {
 func (n NoopStatusHandler) InfoFallback(message string) {
 }
 
+func (n NoopStatusHandler) Prompt(password bool, message string) (string, error) {
+	return "", fmt.Errorf("Prompt not implemented in NoopStatusHandler")
+}
+
 var _ StatusHandler = &NoopStatusHandler{}
 
 func (n NoopStatusLine) SetTotal(total int) {
diff --git a/pkg/utils/prompts.go b/pkg/status/promts.go
similarity index 51%
rename from pkg/utils/prompts.go
rename to pkg/status/promts.go
index f95098796..8274e8c40 100644
--- a/pkg/utils/prompts.go
+++ b/pkg/status/promts.go
@@ -1,98 +1,73 @@
-package utils
+package status
 
 import (
-	"bufio"
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/mattn/go-isatty"
-	"golang.org/x/term"
 	"os"
 	"strings"
-	"syscall"
 )
 
-func doWarn(f string, args ...any) {
-	_, _ = fmt.Fprintf(os.Stderr, f, args...)
-}
-
 // AskForConfirmation uses Scanln to parse user input. A user must type in "yes" or "no" and
 // then press enter. It has fuzzy matching, so "y", "Y", "yes", "YES", and "Yes" all count as
 // confirmations. If the input is not recognized, it will ask again. The function does not return
 // until it gets a valid response from the user. Typically, you should use fmt to print out a question
 // before calling askForConfirmation. E.g. fmt.Println("WARNING: Are you sure? (yes/no)")
-func AskForConfirmation(prompt string) bool {
+func AskForConfirmation(ctx context.Context, prompt string) bool {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
-		doWarn("Not a terminal, suppressed prompt: %s", prompt)
+		Warning(ctx, "Not a terminal, suppressed prompt: %s", prompt)
 		return false
 	}
 
-	_, err := os.Stderr.WriteString(prompt + " (y/N) ")
-	if err != nil {
-		panic(err)
-	}
-
-	var response string
-	_, err = fmt.Scanln(&response)
+	response, err := Prompt(ctx, false, prompt+" (y/N) ")
 	if err != nil {
 		return false
 	}
 	okayResponses := []string{"y", "Y", "yes", "Yes", "YES"}
 	nokayResponses := []string{"n", "N", "no", "No", "NO"}
-	if FindStrInSlice(okayResponses, response) != -1 {
+	if utils.FindStrInSlice(okayResponses, response) != -1 {
 		return true
-	} else if FindStrInSlice(nokayResponses, response) != -1 || response == "" {
+	} else if utils.FindStrInSlice(nokayResponses, response) != -1 || response == "" {
 		return false
 	} else {
-		fmt.Println("Please type yes or no and then press enter:")
-		return AskForConfirmation(prompt)
+		Warning(ctx, "Please type yes or no and then press enter!")
+		return AskForConfirmation(ctx, prompt)
 	}
 }
 
-func AskForPassword(prompt string) (string, error) {
+func AskForPassword(ctx context.Context, prompt string) (string, error) {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		doWarn(err.Error())
-		return "", err
-	}
-
-	_, err := fmt.Fprintf(os.Stderr, "%s: ", prompt)
-	if err != nil {
+		Warning(ctx, err.Error())
 		return "", err
 	}
 
-	bytePassword, err := term.ReadPassword(int(syscall.Stdin))
-	_, _ = fmt.Fprintf(os.Stderr, "\n")
+	password, err := Prompt(ctx, true, fmt.Sprintf("%s: ", prompt))
 	if err != nil {
 		return "", err
 	}
 
-	password := string(bytePassword)
 	return strings.TrimSpace(password), nil
 }
 
-func AskForCredentials(prompt string) (string, string, error) {
+func AskForCredentials(ctx context.Context, prompt string) (string, string, error) {
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		doWarn(err.Error())
+		Warning(ctx, err.Error())
 		return "", "", err
 	}
 
-	reader := bufio.NewReader(os.Stdin)
+	Info(ctx, prompt)
 
-	_, err := fmt.Fprintf(os.Stderr, prompt+"\n")
+	username, err := Prompt(ctx, false, "Enter Username: ")
 	if err != nil {
 		return "", "", err
 	}
 
-	fmt.Fprint(os.Stderr, "Enter Username: ")
-	username, err := reader.ReadString('\n')
+	password, err := Prompt(ctx, true, "Enter Password: ")
 	if err != nil {
 		return "", "", err
 	}
-
-	password, err := AskForPassword("Enter Password")
-	if err != nil {
-		return "", "", err
-	}
-
 	return strings.TrimSpace(username), strings.TrimSpace(password), nil
 }
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 21a55a6ba..03c2509c8 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -1,5 +1,12 @@
 package status
 
+import (
+	"fmt"
+	"golang.org/x/term"
+	"os"
+	"syscall"
+)
+
 type simpleStatusHandler struct {
 	cb    func(message string)
 	trace bool
@@ -55,6 +62,26 @@ func (s *simpleStatusHandler) InfoFallback(message string) {
 	s.Info(message)
 }
 
+func (s *simpleStatusHandler) Prompt(password bool, message string) (string, error) {
+	s.cb(message)
+
+	if password {
+		bytePassword, err := term.ReadPassword(int(syscall.Stdin))
+		_, _ = fmt.Fprintf(os.Stderr, "\n")
+		if err != nil {
+			return "", err
+		}
+		return string(bytePassword), nil
+	} else {
+		var response string
+		_, err := fmt.Scanln(&response)
+		if err != nil {
+			return "", err
+		}
+		return response, nil
+	}
+}
+
 func (sl *simpleStatusLine) SetTotal(total int) {
 }
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index f1f60395c..52faa225a 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -48,6 +48,8 @@ type StatusHandler interface {
 
 	PlainText(text string)
 	InfoFallback(message string)
+
+	Prompt(password bool, message string) (string, error)
 }
 
 type contextKey struct{}
@@ -233,3 +235,8 @@ func Error(ctx context.Context, status string, args ...any) {
 	slh := FromContext(ctx)
 	slh.Error(fmt.Sprintf(status, args...))
 }
+
+func Prompt(ctx context.Context, password bool, message string, args ...any) (string, error) {
+	slh := FromContext(ctx)
+	return slh.Prompt(password, fmt.Sprintf(message, args...))
+}
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index c0205333a..f5f437acb 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -3,13 +3,17 @@ package status
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/vbauerster/mpb/v7"
 	"github.com/vbauerster/mpb/v7/decor"
 	"io"
 	"math"
+	"strings"
+	"syscall"
 )
 
 type MultiLineStatusHandler struct {
+	ctx      context.Context
 	out      io.Writer
 	progress *mpb.Progress
 	stop     chan any
@@ -119,6 +123,24 @@ func (s *MultiLineStatusHandler) PlainText(text string) {
 	s.Info(text)
 }
 
+func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string, error) {
+	o := withColor("yellow", "?")
+	sl := s.startStatus(1, message, math.MinInt, o)
+	defer sl.end(o)
+
+	doUpdate := func(ret []byte) {
+		if password {
+			sl.Update(message + strings.Repeat("*", len(ret)))
+		} else {
+			sl.Update(message + string(ret))
+		}
+	}
+
+	ret, err := term.ReadLineNoEcho(int(syscall.Stdin), doUpdate)
+
+	return string(ret), err
+}
+
 func (sl *statusLine) SetTotal(total int) {
 	sl.total = total
 	sl.bar.SetTotal(int64(total), false)
diff --git a/pkg/utils/term/read_line.go b/pkg/utils/term/read_line.go
new file mode 100644
index 000000000..910b039e7
--- /dev/null
+++ b/pkg/utils/term/read_line.go
@@ -0,0 +1,48 @@
+package term
+
+import (
+	"io"
+	"runtime"
+)
+
+func ReadLineNoEcho(fd int, cb func(ret []byte)) ([]byte, error) {
+	return readLineNoEcho(fd, cb)
+}
+
+func readLine(reader io.Reader, cb func(ret []byte)) ([]byte, error) {
+	var buf [1]byte
+	var ret []byte
+
+	for {
+		n, err := reader.Read(buf[:])
+		if n > 0 {
+			switch buf[0] {
+			case '', '\b':
+				if len(ret) > 0 {
+					ret = ret[:len(ret)-1]
+				}
+				cb(ret)
+			case '\n':
+				if runtime.GOOS != "windows" {
+					return ret, nil
+				}
+				// otherwise ignore \n
+			case '\r':
+				if runtime.GOOS == "windows" {
+					return ret, nil
+				}
+				// otherwise ignore \r
+			default:
+				ret = append(ret, buf[0])
+				cb(ret)
+			}
+			continue
+		}
+		if err != nil {
+			if err == io.EOF && len(ret) > 0 {
+				return ret, nil
+			}
+			return ret, err
+		}
+	}
+}
diff --git a/pkg/utils/term/term_unix.go b/pkg/utils/term/term_unix.go
new file mode 100644
index 000000000..399785a6a
--- /dev/null
+++ b/pkg/utils/term/term_unix.go
@@ -0,0 +1,38 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+package term
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// passwordReader is an io.Reader that reads from a specific file descriptor.
+type passwordReader int
+
+func (r passwordReader) Read(buf []byte) (int, error) {
+	return unix.Read(int(r), buf)
+}
+
+func readLineNoEcho(fd int, cb func(ret []byte)) ([]byte, error) {
+	termios, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
+	if err != nil {
+		return nil, err
+	}
+
+	newState := *termios
+	newState.Lflag &^= unix.ECHO | unix.ICANON
+	newState.Lflag |= unix.ISIG
+	newState.Iflag |= unix.ICRNL
+	if err := unix.IoctlSetTermios(fd, ioctlWriteTermios, &newState); err != nil {
+		return nil, err
+	}
+
+	defer unix.IoctlSetTermios(fd, ioctlWriteTermios, termios)
+
+	return readLine(passwordReader(fd), cb)
+}
diff --git a/pkg/utils/term/term_unix_bsd.go b/pkg/utils/term/term_unix_bsd.go
new file mode 100644
index 000000000..853b3d698
--- /dev/null
+++ b/pkg/utils/term/term_unix_bsd.go
@@ -0,0 +1,13 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd
+// +build darwin dragonfly freebsd netbsd openbsd
+
+package term
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TIOCGETA
+const ioctlWriteTermios = unix.TIOCSETA
diff --git a/pkg/utils/term/term_unix_other.go b/pkg/utils/term/term_unix_other.go
new file mode 100644
index 000000000..1e8955c93
--- /dev/null
+++ b/pkg/utils/term/term_unix_other.go
@@ -0,0 +1,13 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || linux || solaris || zos
+// +build aix linux solaris zos
+
+package term
+
+import "golang.org/x/sys/unix"
+
+const ioctlReadTermios = unix.TCGETS
+const ioctlWriteTermios = unix.TCSETS
diff --git a/pkg/utils/term/term_windows.go b/pkg/utils/term/term_windows.go
new file mode 100644
index 000000000..82ea4fa81
--- /dev/null
+++ b/pkg/utils/term/term_windows.go
@@ -0,0 +1,37 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package term
+
+import (
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+func readLineNoEcho(fd int, cb func(ret []byte)) ([]byte, error) {
+	var st uint32
+	if err := windows.GetConsoleMode(windows.Handle(fd), &st); err != nil {
+		return nil, err
+	}
+	old := st
+
+	st &^= (windows.ENABLE_ECHO_INPUT | windows.ENABLE_LINE_INPUT)
+	st |= (windows.ENABLE_PROCESSED_OUTPUT | windows.ENABLE_PROCESSED_INPUT)
+	if err := windows.SetConsoleMode(windows.Handle(fd), st); err != nil {
+		return nil, err
+	}
+
+	defer windows.SetConsoleMode(windows.Handle(fd), old)
+
+	var h windows.Handle
+	p, _ := windows.GetCurrentProcess()
+	if err := windows.DuplicateHandle(p, windows.Handle(fd), p, &h, 0, false, windows.DUPLICATE_SAME_ACCESS); err != nil {
+		return nil, err
+	}
+
+	f := os.NewFile(uintptr(h), "stdin")
+	defer f.Close()
+	return readLine(f, cb)
+}
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 18cd60695..379e1730e 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/Azure/go-ntlmssp"
 	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
@@ -85,7 +85,7 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, rootKe
 		credsKey := fmt.Sprintf("%s|%s", source.Http.Url.Host, strings.Join(realms, "+"))
 		creds, ok := v.credentialsCache[credsKey]
 		if !ok {
-			username, password, err := utils.AskForCredentials(fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
+			username, password, err := status.AskForCredentials(v.ctx, fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
 				return err
 			}

From 6f45f60298eefe3a7d7d7c88c59aa460b262b046 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 May 2022 15:59:23 +0200
Subject: [PATCH 0245/2268] fix: Flush status lines before printing results

---
 cmd/kluctl/commands/command_result.go |  7 +++++++
 pkg/status/noop.go                    |  3 +++
 pkg/status/simple_status_handler.go   |  3 +++
 pkg/status/status.go                  |  6 ++++++
 pkg/status/status_handler.go          | 24 ++++++++++++++++--------
 5 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index bd2e8cd59..668e21ec2 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"bytes"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -193,18 +194,24 @@ func outputHelper(output []string, cb func(format string) (string, error)) error
 }
 
 func outputCommandResult(output []string, cr *types.CommandResult) error {
+	status.Flush(cliCtx)
+
 	return outputHelper(output, func(format string) (string, error) {
 		return formatCommandResult(cr, format)
 	})
 }
 
 func outputValidateResult(output []string, vr *types.ValidateResult) error {
+	status.Flush(cliCtx)
+
 	return outputHelper(output, func(format string) (string, error) {
 		return formatValidateResult(vr, format)
 	})
 }
 
 func outputYamlResult(output []string, result interface{}, multiDoc bool) error {
+	status.Flush(cliCtx)
+
 	if len(output) == 0 {
 		output = []string{"-"}
 	}
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index 24c24ed5c..c1ff08a9e 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -14,6 +14,9 @@ func (n NoopStatusHandler) SetTrace(trace bool) {
 func (n NoopStatusHandler) Stop() {
 }
 
+func (n NoopStatusHandler) Flush() {
+}
+
 func (n NoopStatusHandler) StartStatus(total int, message string) StatusLine {
 	return &NoopStatusLine{}
 }
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 03c2509c8..2f7cc9772 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -29,6 +29,9 @@ func (s *simpleStatusHandler) SetTrace(trace bool) {
 func (s *simpleStatusHandler) Stop() {
 }
 
+func (s *simpleStatusHandler) Flush() {
+}
+
 func (s *simpleStatusHandler) StartStatus(total int, message string) StatusLine {
 	if message != "" {
 		s.Info(message)
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 52faa225a..0e0514e41 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -39,6 +39,7 @@ type StatusLine interface {
 type StatusHandler interface {
 	SetTrace(trace bool)
 	Stop()
+	Flush()
 	StartStatus(total int, message string) StatusLine
 
 	Info(message string)
@@ -240,3 +241,8 @@ func Prompt(ctx context.Context, password bool, message string, args ...any) (st
 	slh := FromContext(ctx)
 	return slh.Prompt(password, fmt.Sprintf(message, args...))
 }
+
+func Flush(ctx context.Context) {
+	slh := FromContext(ctx)
+	slh.Flush()
+}
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index f5f437acb..d385afb76 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -16,7 +16,6 @@ type MultiLineStatusHandler struct {
 	ctx      context.Context
 	out      io.Writer
 	progress *mpb.Progress
-	stop     chan any
 	trace    bool
 }
 
@@ -32,25 +31,34 @@ type statusLine struct {
 
 func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *MultiLineStatusHandler {
 	sh := &MultiLineStatusHandler{
+		ctx:   ctx,
 		out:   out,
 		trace: trace,
-		stop:  make(chan any),
 	}
 
-	sh.progress = mpb.NewWithContext(
-		ctx,
-		mpb.WithWidth(utils.GetTermWidth()),
-		mpb.WithOutput(out),
-		mpb.PopCompletedMode(),
-	)
+	sh.start()
 
 	return sh
 }
 
+func (s *MultiLineStatusHandler) Flush() {
+	s.Stop()
+	s.start()
+}
+
 func (s *MultiLineStatusHandler) SetTrace(trace bool) {
 	s.trace = trace
 }
 
+func (s *MultiLineStatusHandler) start() {
+	s.progress = mpb.NewWithContext(
+		s.ctx,
+		mpb.WithWidth(utils.GetTermWidth()),
+		mpb.WithOutput(s.out),
+		mpb.PopCompletedMode(),
+	)
+}
+
 func (s *MultiLineStatusHandler) Stop() {
 	s.progress.Wait()
 }

From f1869534f24843ab97dde650d202151a59356e41 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 08:36:37 +0200
Subject: [PATCH 0246/2268] tests: Stop using cluster config in most tests

Except for external_projecs_tests as these test only deprecated
functionality.
---
 e2e/deploy_test.go            | 13 +++++++----
 e2e/external_projects_test.go |  6 ++---
 e2e/hooks_test.go             |  8 +++----
 e2e/inclusion_test.go         |  8 +++----
 e2e/project.go                | 43 +++++++++++++++++++++++------------
 5 files changed, 46 insertions(+), 32 deletions(-)

diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index 64b57dbd4..918559e2f 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -1,18 +1,21 @@
 package e2e
 
-import "testing"
+import (
+	"testing"
+)
 
 func TestCommandDeploySimple(t *testing.T) {
 	t.Parallel()
+
+	k := defaultKindCluster
+
 	p := &testProject{}
-	p.init(t, "simple")
+	p.init(t, k, "simple")
 	defer p.cleanup()
 
-	k := defaultKindCluster
 	recreateNamespace(t, k, p.projectName)
 
-	p.updateKindCluster(k, nil)
-	p.updateTarget("test", k.Name, nil)
+	p.updateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index 87a972634..11b104d82 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -10,7 +10,7 @@ import (
 func doTestProject(t *testing.T, namespace string, p *testProject) {
 	k := defaultKindCluster
 
-	p.init(t, fmt.Sprintf("project-%s", namespace))
+	p.init(t, k, fmt.Sprintf("project-%s", namespace))
 	defer p.cleanup()
 
 	recreateNamespace(t, k, namespace)
@@ -18,7 +18,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	p.updateKindCluster(k, uo.FromMap(map[string]interface{}{
 		"cluster_var": "cluster_value1",
 	}))
-	p.updateTarget("test", k.Name, uo.FromMap(map[string]interface{}{
+	p.updateTargetDeprecated("test", k.Name, uo.FromMap(map[string]interface{}{
 		"target_var": "target_value1",
 	}))
 	addBusyboxDeployment(p, "busybox", resourceOpts{name: "busybox", namespace: namespace})
@@ -47,7 +47,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
 
-	p.updateTarget("test", k.Name, uo.FromMap(map[string]interface{}{
+	p.updateTargetDeprecated("test", k.Name, uo.FromMap(map[string]interface{}{
 		"target_var": "target_value2",
 	}))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 7e6b4557e..161dd8285 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -109,20 +109,18 @@ func assertHookResultNotCMName(t *testing.T, p *testProject, k *KindCluster, sec
 func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *KindCluster) {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
+	k := defaultKindCluster
 	p := &testProject{}
-	p.init(t, namespace)
+	p.init(t, k, namespace)
 	defer func() {
 		if !isDone {
 			p.cleanup()
 		}
 	}()
 
-	k := defaultKindCluster
-
 	recreateNamespace(t, k, namespace)
 
-	p.updateKindCluster(k, nil)
-	p.updateTarget("test", k.Name, nil)
+	p.updateTarget("test", nil)
 
 	addHookDeployment(p, "hook", resourceOpts{name: "hook", namespace: namespace}, false, hook, hookDeletionPolicy)
 	addConfigMap(p, "hook", resourceOpts{name: "cm1", namespace: namespace})
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index c7502a361..55e7be2ff 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -10,20 +10,18 @@ import (
 func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *KindCluster) {
 	isDone := false
 
+	k := defaultKindCluster
 	p := &testProject{}
-	p.init(t, namespace)
+	p.init(t, k, namespace)
 	defer func() {
 		if !isDone {
 			p.cleanup()
 		}
 	}()
 
-	k := defaultKindCluster
-
 	recreateNamespace(t, k, p.projectName)
 
-	p.updateKindCluster(k, nil)
-	p.updateTarget("test", k.Name, nil)
+	p.updateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.projectName})
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.projectName})
diff --git a/e2e/project.go b/e2e/project.go
index fa5f18e8c..9713265bd 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
@@ -29,13 +28,15 @@ type testProject struct {
 	localDeployment    *string
 	localSealedSecrets *string
 
+	k           *KindCluster
 	kubeconfigs []string
 
 	gitServer *test_utils.GitServer
 }
 
-func (p *testProject) init(t *testing.T, projectName string) {
+func (p *testProject) init(t *testing.T, k *KindCluster, projectName string) {
 	p.t = t
+	p.k = k
 	p.gitServer = test_utils.NewGitServer(t)
 	p.projectName = projectName
 
@@ -68,6 +69,8 @@ func (p *testProject) init(t *testing.T, projectName string) {
 	p.updateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
 		return nil
 	})
+
+	p.kubeconfigs = append(p.kubeconfigs, k.Kubeconfig())
 }
 
 func (p *testProject) cleanup() {
@@ -145,9 +148,6 @@ func (p *testProject) updateCluster(name string, context string, vars *uo.Unstru
 }
 
 func (p *testProject) updateKindCluster(k *KindCluster, vars *uo.UnstructuredObject) {
-	if utils.FindStrInSlice(p.kubeconfigs, k.Kubeconfig()) == -1 {
-		p.kubeconfigs = append(p.kubeconfigs, k.Kubeconfig())
-	}
 	context, err := k.Kubectl("config", "current-context")
 	if err != nil {
 		p.t.Fatal(err)
@@ -156,26 +156,41 @@ func (p *testProject) updateKindCluster(k *KindCluster, vars *uo.UnstructuredObj
 	p.updateCluster(k.Name, context, vars)
 }
 
-func (p *testProject) updateTarget(name string, cluster string, args *uo.UnstructuredObject) {
+func (p *testProject) updateTargetDeprecated(name string, cluster string, args *uo.UnstructuredObject) {
+	p.updateTarget(name, func(target *uo.UnstructuredObject) {
+		if args != nil {
+			target.MergeChild("args", args)
+		}
+		// compatibility
+		_ = target.SetNestedField(cluster, "cluster")
+	})
+}
+
+func (p *testProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
+	if cb == nil {
+		cb = func(target *uo.UnstructuredObject) {}
+	}
+
 	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		targets, _, _ := o.GetNestedObjectList("targets")
 		var newTargets []*uo.UnstructuredObject
+		found := false
 		for _, t := range targets {
 			n, _, _ := t.GetNestedString("name")
 			if n == name {
-				continue
+				cb(t)
+				found = true
 			}
 			newTargets = append(newTargets, t)
 		}
-		n := uo.FromMap(map[string]interface{}{
-			"name":    name,
-			"cluster": cluster,
-		})
-		if args != nil {
-			n.MergeChild("args", args)
+		if !found {
+			n := uo.FromMap(map[string]interface{}{
+				"name": name,
+			})
+			cb(n)
+			newTargets = append(newTargets, n)
 		}
 
-		newTargets = append(newTargets, n)
 		_ = o.SetNestedObjectList(newTargets, "targets")
 		return nil
 	})

From 51d767ea5eb20d4e4fa0fa6d891dd37b2c65af9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 08:45:31 +0200
Subject: [PATCH 0247/2268] ci: Make KIND_KUBECONFIG more configurable

---
 .github/workflows/tests.yml |  7 ++++---
 hack/start-kind-cluster.sh  | 10 +++++-----
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0f3ffed05..327211e28 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -246,11 +246,12 @@ jobs:
           else
             PORT=10002
           fi
-          KIND_CLUSTER_NAME=$(echo "kluctl-${{ runner.os }}" | awk '{{  print tolower($1)}}')
+          KIND_CLUSTER_NAME=$(echo "kluctl-${{ runner.os }}" | awk '{{ print tolower($1) }}')
+          KIND_KUBECONFIG=$(pwd)/kind-kubeconfig
           echo "KIND_CLUSTER_NAME=$KIND_CLUSTER_NAME" >> $GITHUB_ENV
-          echo "KIND_KUBECONFIG=$(pwd)/kind-kubeconfig" >> $GITHUB_ENV
+          echo "KIND_KUBECONFIG=$KIND_KUBECONFIG" >> $GITHUB_ENV
 
-          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME" "$DOCKER_IP" "$PORT"
+          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME" "$DOCKER_IP" "$PORT" "$KIND_KUBECONFIG"
       - name: Download artifacts
         uses: actions/download-artifact@v2
       - name: Run e2e tests
diff --git a/hack/start-kind-cluster.sh b/hack/start-kind-cluster.sh
index 3c7e737ee..315d6887a 100755
--- a/hack/start-kind-cluster.sh
+++ b/hack/start-kind-cluster.sh
@@ -5,8 +5,9 @@ set -e
 NAME=$1
 IP=$2
 PORT=$3
+export KUBECONFIG=$4
 
-cat << EOF > kind-cluster.yml
+cat << EOF > kind-cluster-$NAME.yml
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 networking:
@@ -15,8 +16,7 @@ networking:
 EOF
 
 rm -f $(pwd)/kind-kubeconfig
-export KUBECONFIG=$KIND_KUBECONFIG
-kind create cluster --config kind-cluster.yml --name $NAME
+kind create cluster --config kind-cluster-$NAME.yml --name $NAME
 
 # Rewrite cluster info to point to docker host
 # This also fully disables TLS verification
@@ -24,5 +24,5 @@ kubectl config view -ojson --raw \
   | jq ".clusters[0].cluster.\"insecure-skip-tls-verify\"=true" \
   | jq "del(.clusters[0].cluster.\"certificate-authority-data\")" \
   | jq ".clusters[0].cluster.server=\"https://$IP:$PORT\"" \
-> kind-kubeconfig2
-mv kind-kubeconfig2 kind-kubeconfig
+> $KUBECONFIG-tmp
+mv $KUBECONFIG-tmp $KUBECONFIG

From ac1c0b278e8a6e8f302c08d12705301e4b250ce6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 08:53:13 +0200
Subject: [PATCH 0248/2268] ci: Start 2 kind clusters in parallel

Needed for context tests.
---
 .github/workflows/tests.yml   | 31 +++++++++++++++++++++++--------
 e2e/deploy_test.go            |  2 +-
 e2e/external_projects_test.go |  2 +-
 e2e/hooks_test.go             |  2 +-
 e2e/inclusion_test.go         |  2 +-
 e2e/kind_cluster.go           | 32 ++++++++++++++++++++++++++------
 e2e/utils.go                  |  3 ++-
 7 files changed, 55 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 327211e28..70690c075 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -240,18 +240,33 @@ jobs:
         shell: bash
         run: |
           if [ "${{ runner.os }}" == "Linux" ]; then
-            PORT=10000
+            PORT1=10000
+            PORT2=20000
           elif [ "${{ runner.os }}" == "Windows" ]; then
-            PORT=10001
+            PORT1=10001
+            PORT2=20001
           else
-            PORT=10002
+            PORT1=10002
+            PORT2=20002
           fi
-          KIND_CLUSTER_NAME=$(echo "kluctl-${{ runner.os }}" | awk '{{ print tolower($1) }}')
-          KIND_KUBECONFIG=$(pwd)/kind-kubeconfig
-          echo "KIND_CLUSTER_NAME=$KIND_CLUSTER_NAME" >> $GITHUB_ENV
-          echo "KIND_KUBECONFIG=$KIND_KUBECONFIG" >> $GITHUB_ENV
+          KIND_CLUSTER_NAME_BASE=$(echo "kluctl-${{ runner.os }}" | awk '{{ print tolower($1) }}')
 
-          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME" "$DOCKER_IP" "$PORT" "$KIND_KUBECONFIG"
+          KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME_BASE-1
+          KIND_KUBECONFIG1=$(pwd)/kind-kubeconfig-1
+          echo "KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME1" >> $GITHUB_ENV
+          echo "KIND_KUBECONFIG1=$KIND_KUBECONFIG1" >> $GITHUB_ENV
+          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME1" "$DOCKER_IP" "$PORT1" "$KIND_KUBECONFIG1" &
+          PID1=$!
+
+          KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME_BASE-2
+          KIND_KUBECONFIG2=$(pwd)/kind-kubeconfig-2
+          echo "KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME2" >> $GITHUB_ENV
+          echo "KIND_KUBECONFIG2=$KIND_KUBECONFIG2" >> $GITHUB_ENV
+          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME2" "$DOCKER_IP" "$PORT2" "$KIND_KUBECONFIG2" &
+          PID2=$1
+
+          wait $PID1
+          wait $PID2
       - name: Download artifacts
         uses: actions/download-artifact@v2
       - name: Run e2e tests
diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index 918559e2f..f8d451032 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -7,7 +7,7 @@ import (
 func TestCommandDeploySimple(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster
+	k := defaultKindCluster1
 
 	p := &testProject{}
 	p.init(t, k, "simple")
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index 11b104d82..eefd91b17 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -8,7 +8,7 @@ import (
 )
 
 func doTestProject(t *testing.T, namespace string, p *testProject) {
-	k := defaultKindCluster
+	k := defaultKindCluster1
 
 	p.init(t, k, fmt.Sprintf("project-%s", namespace))
 	defer p.cleanup()
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 161dd8285..5c2af1dae 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -109,7 +109,7 @@ func assertHookResultNotCMName(t *testing.T, p *testProject, k *KindCluster, sec
 func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *KindCluster) {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
-	k := defaultKindCluster
+	k := defaultKindCluster1
 	p := &testProject{}
 	p.init(t, k, namespace)
 	defer func() {
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 55e7be2ff..21a3028eb 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -10,7 +10,7 @@ import (
 func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *KindCluster) {
 	isDone := false
 
-	k := defaultKindCluster
+	k := defaultKindCluster1
 	p := &testProject{}
 	p.init(t, k, namespace)
 	defer func() {
diff --git a/e2e/kind_cluster.go b/e2e/kind_cluster.go
index f420001a2..1096058ea 100644
--- a/e2e/kind_cluster.go
+++ b/e2e/kind_cluster.go
@@ -14,6 +14,7 @@ import (
 	"path/filepath"
 	"sigs.k8s.io/kind/pkg/cluster"
 	kindcmd "sigs.k8s.io/kind/pkg/cmd"
+	"sync"
 	"testing"
 	"time"
 )
@@ -148,16 +149,35 @@ func createKindCluster(name string, kubeconfig string) *KindCluster {
 	return k
 }
 
-func createDefaultKindCluster() *KindCluster {
-	kindClusterName := os.Getenv("KIND_CLUSTER_NAME")
-	kindKubeconfig := os.Getenv("KIND_KUBECONFIG")
+func createDefaultKindCluster(num int) *KindCluster {
+	kindClusterName := os.Getenv(fmt.Sprintf("KIND_CLUSTER_NAME%d", num))
+	kindKubeconfig := os.Getenv(fmt.Sprintf("KIND_KUBECONFIG%d", num))
 	if kindClusterName == "" {
-		kindClusterName = "kluctl-e2e"
+		kindClusterName = fmt.Sprintf("kluctl-e2e-%d", num)
 	}
 	if kindKubeconfig == "" {
-		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), "kluctl-e2e-kubeconfig.yml")
+		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("kluctl-e2e-kubeconfig-%d.yml", num))
 	}
 	return createKindCluster(kindClusterName, kindKubeconfig)
 }
 
-var defaultKindCluster = createDefaultKindCluster()
+func createDefaultKindClusters() (*KindCluster, *KindCluster) {
+	var k1, k2 *KindCluster
+
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		k1 = createDefaultKindCluster(1)
+	}()
+	go func() {
+		defer wg.Done()
+		k2 = createDefaultKindCluster(2)
+	}()
+	wg.Wait()
+	return k1, k2
+}
+
+var (
+	defaultKindCluster1, defaultKindCluster2 = createDefaultKindClusters()
+)
diff --git a/e2e/utils.go b/e2e/utils.go
index 97df8657c..79a80696d 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -134,5 +134,6 @@ func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
 }
 
 func init() {
-	deleteTestNamespaces(defaultKindCluster)
+	deleteTestNamespaces(defaultKindCluster1)
+	deleteTestNamespaces(defaultKindCluster2)
 }

From 064d176408de474e226d55fc0637e6a78042eece Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 09:49:31 +0200
Subject: [PATCH 0249/2268] tests: Use merged kubeconfig instead of multiple

---
 e2e/project.go | 51 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 7 deletions(-)

diff --git a/e2e/project.go b/e2e/project.go
index 9713265bd..c5326febf 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -3,9 +3,12 @@ package e2e
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/imdario/mergo"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -28,15 +31,13 @@ type testProject struct {
 	localDeployment    *string
 	localSealedSecrets *string
 
-	k           *KindCluster
-	kubeconfigs []string
+	mergedKubeconfig string
 
 	gitServer *test_utils.GitServer
 }
 
 func (p *testProject) init(t *testing.T, k *KindCluster, projectName string) {
 	p.t = t
-	p.k = k
 	p.gitServer = test_utils.NewGitServer(t)
 	p.projectName = projectName
 
@@ -70,7 +71,13 @@ func (p *testProject) init(t *testing.T, k *KindCluster, projectName string) {
 		return nil
 	})
 
-	p.kubeconfigs = append(p.kubeconfigs, k.Kubeconfig())
+	tmpFile, err := os.CreateTemp("", projectName+"-kubeconfig-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	_ = tmpFile.Close()
+	p.mergedKubeconfig = tmpFile.Name()
+	p.mergeKubeconfig(k)
 }
 
 func (p *testProject) cleanup() {
@@ -78,6 +85,38 @@ func (p *testProject) cleanup() {
 		p.gitServer.Cleanup()
 		p.gitServer = nil
 	}
+	if p.mergedKubeconfig != "" {
+		_ = os.Remove(p.mergedKubeconfig)
+		p.mergedKubeconfig = ""
+	}
+}
+
+func (p *testProject) mergeKubeconfig(k *KindCluster) {
+	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
+		nkcfg, err := clientcmd.LoadFromFile(k.kubeconfig)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+
+		err = mergo.Merge(config, nkcfg)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+	})
+}
+
+func (p *testProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
+	mkcfg, err := clientcmd.LoadFromFile(p.mergedKubeconfig)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
+	cb(mkcfg)
+
+	err = clientcmd.WriteToFile(*mkcfg, p.mergedKubeconfig)
+	if err != nil {
+		p.t.Fatal(err)
+	}
 }
 
 func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
@@ -377,13 +416,11 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 		args = append(args, "--local-sealed-secrets", *p.localSealedSecrets)
 	}
 
-	sep := ":"
 	if runtime.GOOS == "windows" {
-		sep = ";"
 		args = append(args, "--debug")
 	}
 	env := os.Environ()
-	env = append(env, fmt.Sprintf("KUBECONFIG=%s", strings.Join(p.kubeconfigs, sep)))
+	env = append(env, fmt.Sprintf("KUBECONFIG=%s", p.mergedKubeconfig))
 
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 

From aca1058146d3323b33a8e8c2094813ed6f4ecda8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 09:57:20 +0200
Subject: [PATCH 0250/2268] tests: Add context tests

---
 e2e/contexts_test.go | 128 +++++++++++++++++++++++++++++++++++++++++++
 e2e/kind_cluster.go  |   2 +
 2 files changed, 130 insertions(+)
 create mode 100644 e2e/contexts_test.go

diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
new file mode 100644
index 000000000..b55c5ab6d
--- /dev/null
+++ b/e2e/contexts_test.go
@@ -0,0 +1,128 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/client-go/tools/clientcmd/api"
+	"sync"
+	"testing"
+)
+
+func prepareContextTest(t *testing.T, name string) *testProject {
+	p := &testProject{}
+	p.init(t, defaultKindCluster1, name)
+	p.mergeKubeconfig(defaultKindCluster2)
+
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		recreateNamespace(t, defaultKindCluster1, p.projectName)
+	}()
+	go func() {
+		defer wg.Done()
+		recreateNamespace(t, defaultKindCluster2, p.projectName)
+	}()
+	wg.Wait()
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+
+	return p
+}
+
+func TestContextCurrent(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-current")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		// no context set, assume the current one is used
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+
+	p.updateMergedKubeconfig(func(config *api.Config) {
+		config.CurrentContext = defaultKindCluster2.Context
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+}
+
+func TestContext1(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-1")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+}
+
+func TestContext2(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-2")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+}
+
+func TestContext1And2(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-1-and-2")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+	})
+	p.updateTarget("test2", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test2")
+	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+}
+
+func TestContextSwitch(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-switch")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+}
diff --git a/e2e/kind_cluster.go b/e2e/kind_cluster.go
index 1096058ea..574b55aaa 100644
--- a/e2e/kind_cluster.go
+++ b/e2e/kind_cluster.go
@@ -21,6 +21,7 @@ import (
 
 type KindCluster struct {
 	Name       string
+	Context    string
 	kubeconfig string
 	config     *rest.Config
 }
@@ -30,6 +31,7 @@ func CreateKindCluster(name, kubeconfigPath string) (*KindCluster, error) {
 
 	c := &KindCluster{
 		Name:       name,
+		Context:    fmt.Sprintf("kind-%s", name),
 		kubeconfig: kubeconfigPath,
 	}
 

From 2fcc67d4e7eba465858d4677f6ded7f9b1854b2a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 15:00:07 +0200
Subject: [PATCH 0251/2268] fix: Add some tracing to debug test hangs

---
 cmd/kluctl/commands/cmd_deploy.go | 3 +++
 pkg/kluctl_project/load.go        | 3 +++
 pkg/kluctl_project/targets.go     | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 8f2d5a8d4..0e57f6e75 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -49,6 +49,9 @@ func (cmd *deployCmd) Run() error {
 }
 
 func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
+	status.Trace(ctx.ctx, "enter runCmdDeploy")
+	defer status.Trace(ctx.ctx, "leave runCmdDeploy")
+
 	cmd2 := commands.NewDeployCommand(ctx.targetCtx.DeploymentCollection)
 	cmd2.ForceApply = cmd.ForceApply
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 62c4f140d..78cde9970 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,9 +3,12 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
+	status.Trace(ctx, "enter LoadKluctlProject")
+	defer status.Trace(ctx, "leave LoadKluctlProject")
 
 	p := &LoadedKluctlProject{
 		ctx:      ctx,
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 7911a2811..acd861f13 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -26,6 +26,9 @@ type dynamicTargetInfo struct {
 }
 
 func (c *LoadedKluctlProject) loadTargets() error {
+	status.Trace(c.ctx, "Loading targets")
+	defer status.Trace(c.ctx, "Done loading targets")
+
 	targetNames := make(map[string]bool)
 	c.DynamicTargets = nil
 

From 167590dbb80baeeb01b46bd5751c8ffd07da9bf3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 15:01:07 +0200
Subject: [PATCH 0252/2268] fix: Fix loading of secrets from file

The rootKey must be honored.
---
 pkg/vars/vars_loader.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 2af7b09af..f6f2dfc76 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -97,12 +97,15 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 }
 
 func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string, rootKey string) error {
-	var newVars uo.UnstructuredObject
-	err := varsCtx.RenderYamlFile(path, searchDirs, &newVars)
+	newVars := uo.New()
+	err := varsCtx.RenderYamlFile(path, searchDirs, newVars)
 	if err != nil {
 		return fmt.Errorf("failed to load vars from %s: %w", path, err)
 	}
-	v.mergeVars(varsCtx, &newVars, rootKey)
+	if rootKey != "" {
+		newVars, _, err = newVars.GetNestedObject(rootKey)
+	}
+	v.mergeVars(varsCtx, newVars, rootKey)
 	return nil
 }
 

From 6bc83856316f97c174ef5dbabcf92b2179a268cf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 15:01:39 +0200
Subject: [PATCH 0253/2268] tests: Add sealed secrets tests

---
 e2e/hooks_test.go                      |   2 +-
 e2e/project.go                         |  37 ++-
 e2e/seal_test.go                       | 346 +++++++++++++++++++++++++
 e2e/test_resources/README.md           |   4 +
 e2e/test_resources/resources.go        |   6 +
 e2e/test_resources/sealed-secrets.yaml | 307 ++++++++++++++++++++++
 e2e/utils_resources.go                 |  20 +-
 7 files changed, 706 insertions(+), 16 deletions(-)
 create mode 100644 e2e/seal_test.go
 create mode 100644 e2e/test_resources/README.md
 create mode 100644 e2e/test_resources/resources.go
 create mode 100644 e2e/test_resources/sealed-secrets.yaml

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 5c2af1dae..f1e1f60b1 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -49,7 +49,7 @@ func addConfigMap(p *testProject, dir string, opts resourceOpts) {
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
 	p.addKustomizeResources(dir, []kustomizeResource{
-		{fmt.Sprintf("%s.yml", opts.name), o},
+		{fmt.Sprintf("%s.yml", opts.name), "", o},
 	})
 }
 
diff --git a/e2e/project.go b/e2e/project.go
index c5326febf..6f73c2197 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -206,31 +206,39 @@ func (p *testProject) updateTargetDeprecated(name string, cluster string, args *
 }
 
 func (p *testProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
+	p.updateNamedListItem(uo.KeyPath{"targets"}, name, cb)
+}
+
+func (p *testProject) updateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
+	p.updateNamedListItem(uo.KeyPath{"secretsConfig", "secretSets"}, name, cb)
+}
+
+func (p *testProject) updateNamedListItem(path uo.KeyPath, name string, cb func(item *uo.UnstructuredObject)) {
 	if cb == nil {
 		cb = func(target *uo.UnstructuredObject) {}
 	}
 
 	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
-		targets, _, _ := o.GetNestedObjectList("targets")
-		var newTargets []*uo.UnstructuredObject
+		l, _, _ := o.GetNestedObjectList(path...)
+		var newList []*uo.UnstructuredObject
 		found := false
-		for _, t := range targets {
-			n, _, _ := t.GetNestedString("name")
+		for _, item := range l {
+			n, _, _ := item.GetNestedString("name")
 			if n == name {
-				cb(t)
+				cb(item)
 				found = true
 			}
-			newTargets = append(newTargets, t)
+			newList = append(newList, item)
 		}
 		if !found {
 			n := uo.FromMap(map[string]interface{}{
 				"name": name,
 			})
 			cb(n)
-			newTargets = append(newTargets, n)
+			newList = append(newList, n)
 		}
 
-		_ = o.SetNestedObjectList(newTargets, "targets")
+		_ = o.SetNestedObjectList(newList, path...)
 		return nil
 	})
 }
@@ -330,8 +338,9 @@ func (p *testProject) convertInterfaceToList(x interface{}) []interface{} {
 }
 
 type kustomizeResource struct {
-	name    string
-	content interface{}
+	name     string
+	fileName string
+	content  interface{}
 }
 
 func (p *testProject) addKustomizeResources(dir string, resources []kustomizeResource) {
@@ -340,11 +349,15 @@ func (p *testProject) addKustomizeResources(dir string, resources []kustomizeRes
 		for _, r := range resources {
 			l = append(l, r.name)
 			x := p.convertInterfaceToList(r.content)
-			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, r.name), x)
+			fileName := r.fileName
+			if fileName == "" {
+				fileName = r.name
+			}
+			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, fileName), x)
 			if err != nil {
 				return err
 			}
-			_, err = wt.Add(filepath.Join(dir, r.name))
+			_, err = wt.Add(filepath.Join(dir, fileName))
 			if err != nil {
 				return err
 			}
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
new file mode 100644
index 000000000..00ad70147
--- /dev/null
+++ b/e2e/seal_test.go
@@ -0,0 +1,346 @@
+package e2e
+
+import (
+	"encoding/base64"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+)
+
+func installSealedSecretsOperator(t *testing.T, k *KindCluster) {
+	tmpFile, _ := os.CreateTemp("", "")
+	tmpFile.Close()
+	defer os.Remove(tmpFile.Name())
+
+	_ = utils.FsCopyFile(test_resources.Yamls, "sealed-secrets.yaml", tmpFile.Name())
+
+	_, err := k.Kubectl("apply", "-f", tmpFile.Name())
+	if err != nil {
+		panic(err)
+	}
+
+	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
+}
+
+func deleteSealedSecretsOperator(t *testing.T, k *KindCluster) {
+	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "deployment", "sealed-secrets-controller", "--wait")
+	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
+}
+
+func prepareSealTest(t *testing.T, k *KindCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
+	p := &testProject{}
+	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
+
+	recreateNamespace(t, k, namespace)
+
+	addSecretsSet(p, "test", varsSources)
+	addSecretsSetToTarget(p, "test-target", "test")
+
+	addSecretDeployment(p, "secret-deployment", secrets, true, resourceOpts{name: "secret", namespace: namespace})
+
+	return p
+}
+
+func addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
+	p.updateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
+		_ = secretSet.SetNestedField(varsSources, "vars")
+	})
+}
+
+func addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
+	p.updateTarget(targetName, func(target *uo.UnstructuredObject) {
+		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
+		l = append(l, secretSetName)
+		_ = target.SetNestedField(l, "sealingConfig", "secretSets")
+	})
+}
+
+func assertDecryptedSecrets(t *testing.T, k *KindCluster, namespace string, secretName string, expectedSecrets map[string]string) {
+	s := k.KubectlYamlMust(t, "-n", namespace, "get", "secret", secretName)
+
+	for key, value := range expectedSecrets {
+		x, _, _ := s.GetNestedString("data", key)
+		decoded, _ := base64.StdEncoding.DecodeString(x)
+		assert.Equal(t, value, string(decoded))
+	}
+}
+
+func TestSeal_WithOperator(t *testing.T) {
+	k := defaultKindCluster1
+	namespace := "seal-with-operator"
+
+	deleteSealedSecretsOperator(t, k)
+	installSealedSecretsOperator(t, k)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+					"s2": "v2",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
+
+func TestSeal_WithBootstrap(t *testing.T) {
+	k := defaultKindCluster2
+	namespace := "seal-with-bootstrap"
+
+	deleteSealedSecretsOperator(t, k)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+					"s2": "v2",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	installSealedSecretsOperator(t, k)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
+
+func TestSeal_MultipleVarSources(t *testing.T) {
+	t.Parallel()
+
+	k := defaultKindCluster1
+	namespace := "seal-multiple-vs"
+
+	installSealedSecretsOperator(t, k)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+				},
+			}),
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s2": "v2",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
+
+func TestSeal_MultipleSecretSets(t *testing.T) {
+	t.Parallel()
+
+	k := defaultKindCluster1
+	namespace := "seal-multiple-ss"
+
+	installSealedSecretsOperator(t, k)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+		uo.FromMap(map[string]interface{}{
+			"values": map[string]interface{}{
+				"s2": "v2",
+			},
+		}),
+	})
+	addSecretsSetToTarget(p, "test-target", "test2")
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
+
+func TestSeal_MultipleTargets(t *testing.T) {
+	k := defaultKindCluster1
+	namespace := "seal-multiple-targets"
+
+	installSealedSecretsOperator(t, k)
+	installSealedSecretsOperator(t, defaultKindCluster2)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+				},
+			}),
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s2": "v2",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+		uo.FromMap(map[string]interface{}{
+			"values": map[string]interface{}{
+				"s1": "v3",
+				"s2": "v4",
+			},
+		}),
+	})
+	addSecretsSetToTarget(p, "test-target2", "test2")
+
+	p.mergeKubeconfig(defaultKindCluster2)
+	recreateNamespace(t, defaultKindCluster2, namespace)
+	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+	})
+	p.updateTarget("test-target2", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+	})
+
+	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust("seal", "-t", "test-target2")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+	waitForReadiness(t, defaultKindCluster2, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, defaultKindCluster2, namespace, "secret", map[string]string{
+		"s1": "v3",
+		"s2": "v4",
+	})
+}
+
+func TestSeal_File(t *testing.T) {
+	k := defaultKindCluster1
+	namespace := "seal-file"
+
+	installSealedSecretsOperator(t, k)
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"file": utils.StrPtr("secret-values.yaml"),
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), "secret-values.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"secrets": map[string]interface{}{
+				"s1": "v1",
+				"s2": "v2",
+			},
+		})
+		return nil
+	}, "")
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
new file mode 100644
index 000000000..75d21866f
--- /dev/null
+++ b/e2e/test_resources/README.md
@@ -0,0 +1,4 @@
+# sealed-secrets.yaml
+
+helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds > sealed-secrets.yaml
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
new file mode 100644
index 000000000..0ec6d270c
--- /dev/null
+++ b/e2e/test_resources/resources.go
@@ -0,0 +1,6 @@
+package test_resources
+
+import "embed"
+
+//go:embed *.yaml
+var Yamls embed.FS
diff --git a/e2e/test_resources/sealed-secrets.yaml b/e2e/test_resources/sealed-secrets.yaml
new file mode 100644
index 000000000..b45788937
--- /dev/null
+++ b/e2e/test_resources/sealed-secrets.yaml
@@ -0,0 +1,307 @@
+---
+# Source: crds/sealedsecret-crd.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: sealedsecrets.bitnami.com
+spec:
+  group: bitnami.com
+  names:
+    kind: SealedSecret
+    listKind: SealedSecretList
+    plural: sealedsecrets
+    singular: sealedsecret
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+
+---
+# Source: sealed-secrets/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+---
+# Source: sealed-secrets/templates/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secrets-unsealer
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+rules:
+  - apiGroups:
+      - bitnami.com
+    resources:
+      - sealedsecrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - bitnami.com
+    resources:
+      - sealedsecrets/status
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+---
+# Source: sealed-secrets/templates/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sealed-secrets-controller
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secrets-unsealer
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: sealed-secrets-controller
+    namespace: kube-system
+---
+# Source: sealed-secrets/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: sealed-secrets-controller-key-admin
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+rules:
+  - apiGroups:
+      - ""
+    resourceNames:
+      - sealed-secrets-key
+    resources:
+      - secrets
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - list
+---
+# Source: sealed-secrets/templates/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: sealed-secrets-controller-service-proxier
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+rules:
+  - apiGroups:
+      - ""
+    resourceNames:
+      - sealed-secrets-controller
+    resources:
+      - services
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resourceNames:
+      - 'http:sealed-secrets-controller:'
+      - 'http:sealed-secrets-controller:http'
+      - sealed-secrets-controller
+    resources:
+      - services/proxy
+    verbs:
+      - create
+      - get
+---
+# Source: sealed-secrets/templates/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sealed-secrets-controller-key-admin
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-controller-key-admin
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: sealed-secrets-controller
+    namespace: kube-system
+---
+# Source: sealed-secrets/templates/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sealed-secrets-controller-service-proxier
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-controller-service-proxier
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:authenticated
+---
+# Source: sealed-secrets/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      nodePort: null
+  selector:
+    app.kubernetes.io/name: sealed-secrets
+    app.kubernetes.io/instance: sealed-secrets-controller
+---
+# Source: sealed-secrets/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: sealed-secrets
+    helm.sh/chart: sealed-secrets-2.1.8
+    app.kubernetes.io/instance: sealed-secrets-controller
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/version: v0.17.5
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: sealed-secrets
+      app.kubernetes.io/instance: sealed-secrets-controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: sealed-secrets
+        app.kubernetes.io/instance: sealed-secrets-controller
+    spec:
+      securityContext:
+        fsGroup: 65534
+      serviceAccountName: sealed-secrets-controller
+      containers:
+        - name: controller
+          command:
+            - controller
+          args:
+            - --update-status
+            - --key-prefix
+            - "sealed-secrets-key"
+          image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http
+          livenessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /healthz
+              port: http
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /healthz
+              port: http
+          resources:
+            limits: {}
+            requests: {}
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1001
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp
+      volumes:
+        - name: tmp
+          emptyDir: {}
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 255e07476..0dc063e7f 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"bytes"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"text/template"
 )
@@ -56,7 +57,20 @@ func addConfigMapDeployment(p *testProject, dir string, data map[string]string,
 		o.SetNestedField(data, "data")
 	}
 	p.addKustomizeDeployment(dir, []kustomizeResource{
-		{"configmap.yml", o},
+		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
+	}, opts.tags)
+}
+
+func addSecretDeployment(p *testProject, dir string, data map[string]string, sealedSecret bool, opts resourceOpts) {
+	o := uo.New()
+	o.SetK8sGVKs("", "v1", "Secret")
+	mergeMetadata(o, opts)
+	if data != nil {
+		o.SetNestedField(data, "stringData")
+	}
+	fname := fmt.Sprintf("secret-%s.yml", opts.name)
+	p.addKustomizeDeployment(dir, []kustomizeResource{
+		{fname, fname + ".sealme", o},
 	}, opts.tags)
 }
 
@@ -71,8 +85,8 @@ func addDeploymentHelper(p *testProject, dir string, o *uo.UnstructuredObject, o
 	mergeMetadata(o, opts)
 
 	resources := []kustomizeResource{
-		{"rbac.yml", rbac},
-		{"deploy.yml", o},
+		{"rbac.yml", "", rbac},
+		{"deploy.yml", "", o},
 	}
 
 	p.addKustomizeDeployment(dir, resources, opts.tags)

From b1962eb938ebbec9497191f8b2d2483d9d8e4656 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 15:39:01 +0200
Subject: [PATCH 0254/2268] tests: Ignore NotFound errors when waiting for
 readiness

---
 e2e/utils.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index 79a80696d..f7f3d5f7c 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -32,7 +32,11 @@ func waitForReadiness(t *testing.T, k *KindCluster, namespace string, resource s
 	for time.Now().Sub(startTime) < timeout {
 		y, err := k.KubectlYaml("-n", namespace, "get", resource)
 		if err != nil {
-			t.Fatal(err)
+			if ee, ok := err.(*exec.ExitError); !ok || strings.Index(string(ee.Stderr), "NotFound") == -1 {
+				t.Fatal(err)
+			}
+			time.Sleep(1 * time.Second)
+			continue
 		}
 
 		v := validation.ValidateObject(nil, y, true)

From 9bb46dd7726cc75130ee7ee5349bf8d67170b535 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 16:08:27 +0200
Subject: [PATCH 0255/2268] tests: Move KindCluster into test-utils package

---
 e2e/default_clusters.go                      | 56 ++++++++++++++++++++
 e2e/external_projects_test.go                |  1 +
 e2e/hooks_test.go                            | 15 +++---
 e2e/inclusion_test.go                        |  5 +-
 e2e/project.go                               |  6 +--
 e2e/seal_test.go                             |  9 ++--
 e2e/utils.go                                 | 18 +++----
 {e2e => internal/test-utils}/kind_cluster.go | 47 +---------------
 8 files changed, 84 insertions(+), 73 deletions(-)
 create mode 100644 e2e/default_clusters.go
 rename {e2e => internal/test-utils}/kind_cluster.go (75%)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
new file mode 100644
index 000000000..664cf31cb
--- /dev/null
+++ b/e2e/default_clusters.go
@@ -0,0 +1,56 @@
+package e2e
+
+import (
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
+	"path/filepath"
+	"sync"
+)
+
+func createKindCluster(name string, kubeconfig string) *test_utils.KindCluster {
+	k, err := test_utils.CreateKindCluster(name, kubeconfig)
+	if err != nil {
+		panic(err)
+	}
+	return k
+}
+
+func createDefaultKindCluster(num int) *test_utils.KindCluster {
+	kindClusterName := os.Getenv(fmt.Sprintf("KIND_CLUSTER_NAME%d", num))
+	kindKubeconfig := os.Getenv(fmt.Sprintf("KIND_KUBECONFIG%d", num))
+	if kindClusterName == "" {
+		kindClusterName = fmt.Sprintf("kluctl-e2e-%d", num)
+	}
+	if kindKubeconfig == "" {
+		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("kluctl-e2e-kubeconfig-%d.yml", num))
+	}
+	return createKindCluster(kindClusterName, kindKubeconfig)
+}
+
+func createDefaultKindClusters() (*test_utils.KindCluster, *test_utils.KindCluster) {
+	var k1, k2 *test_utils.KindCluster
+
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		k1 = createDefaultKindCluster(1)
+	}()
+	go func() {
+		defer wg.Done()
+		k2 = createDefaultKindCluster(2)
+	}()
+	wg.Wait()
+	return k1, k2
+}
+
+var (
+	defaultKindCluster1, defaultKindCluster2 = createDefaultKindClusters()
+)
+
+func init() {
+	deleteTestNamespaces(defaultKindCluster1)
+	deleteTestNamespaces(defaultKindCluster2)
+}
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index eefd91b17..bb2f2094e 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 	"time"
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index f1e1f60b1..18149608c 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"encoding/base64"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 )
@@ -53,7 +54,7 @@ func addConfigMap(p *testProject, dir string, opts resourceOpts) {
 	})
 }
 
-func getHookResult(t *testing.T, p *testProject, k *KindCluster, secretName string) *uo.UnstructuredObject {
+func getHookResult(t *testing.T, p *testProject, k *test_utils.KindCluster, secretName string) *uo.UnstructuredObject {
 	o := k.KubectlYamlMust(t, "-n", p.projectName, "get", "secret", secretName)
 	s, ok, err := o.GetNestedString("data", "result")
 	if err != nil {
@@ -73,7 +74,7 @@ func getHookResult(t *testing.T, p *testProject, k *KindCluster, secretName stri
 	return r
 }
 
-func getHookResultCMNames(t *testing.T, p *testProject, k *KindCluster, second bool) []string {
+func getHookResultCMNames(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool) []string {
 	secretName := "hook-result"
 	if second {
 		secretName = "hook-result2"
@@ -87,7 +88,7 @@ func getHookResultCMNames(t *testing.T, p *testProject, k *KindCluster, second b
 	return names
 }
 
-func assertHookResultCMName(t *testing.T, p *testProject, k *KindCluster, second bool, cmName string) {
+func assertHookResultCMName(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool, cmName string) {
 	names := getHookResultCMNames(t, p, k, second)
 	for _, x := range names {
 		if x == cmName {
@@ -97,7 +98,7 @@ func assertHookResultCMName(t *testing.T, p *testProject, k *KindCluster, second
 	t.Fatalf("%s not found in hook result", cmName)
 }
 
-func assertHookResultNotCMName(t *testing.T, p *testProject, k *KindCluster, second bool, cmName string) {
+func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool, cmName string) {
 	names := getHookResultCMNames(t, p, k, second)
 	for _, x := range names {
 		if x == cmName {
@@ -106,7 +107,7 @@ func assertHookResultNotCMName(t *testing.T, p *testProject, k *KindCluster, sec
 	}
 }
 
-func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *KindCluster) {
+func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *test_utils.KindCluster) {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
 	k := defaultKindCluster1
@@ -129,13 +130,13 @@ func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletion
 	return p, k
 }
 
-func ensureHookExecuted(t *testing.T, p *testProject, k *KindCluster) {
+func ensureHookExecuted(t *testing.T, p *testProject, k *test_utils.KindCluster) {
 	_, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertResourceExists(t, k, p.projectName, "ConfigMap/cm1")
 }
 
-func ensureHookNotExecuted(t *testing.T, p *testProject, k *KindCluster) {
+func ensureHookNotExecuted(t *testing.T, p *testProject, k *test_utils.KindCluster) {
 	_, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertResourceNotExists(t, k, p.projectName, "Secret/hook-result")
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 21a3028eb..0395bff9f 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -2,12 +2,13 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"path/filepath"
 	"reflect"
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *KindCluster) {
+func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.KindCluster) {
 	isDone := false
 
 	k := defaultKindCluster1
@@ -48,7 +49,7 @@ func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bo
 	return p, k
 }
 
-func assertExistsHelper(t *testing.T, p *testProject, k *KindCluster, shouldExists map[string]bool, add []string, remove []string) {
+func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.KindCluster, shouldExists map[string]bool, add []string, remove []string) {
 	for _, x := range add {
 		shouldExists[x] = true
 	}
diff --git a/e2e/project.go b/e2e/project.go
index 6f73c2197..3fb63a6fa 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -36,7 +36,7 @@ type testProject struct {
 	gitServer *test_utils.GitServer
 }
 
-func (p *testProject) init(t *testing.T, k *KindCluster, projectName string) {
+func (p *testProject) init(t *testing.T, k *test_utils.KindCluster, projectName string) {
 	p.t = t
 	p.gitServer = test_utils.NewGitServer(t)
 	p.projectName = projectName
@@ -91,7 +91,7 @@ func (p *testProject) cleanup() {
 	}
 }
 
-func (p *testProject) mergeKubeconfig(k *KindCluster) {
+func (p *testProject) mergeKubeconfig(k *test_utils.KindCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.LoadFromFile(k.kubeconfig)
 		if err != nil {
@@ -186,7 +186,7 @@ func (p *testProject) updateCluster(name string, context string, vars *uo.Unstru
 	}, fmt.Sprintf("add/update cluster %s", name))
 }
 
-func (p *testProject) updateKindCluster(k *KindCluster, vars *uo.UnstructuredObject) {
+func (p *testProject) updateKindCluster(k *test_utils.KindCluster, vars *uo.UnstructuredObject) {
 	context, err := k.Kubectl("config", "current-context")
 	if err != nil {
 		p.t.Fatal(err)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 00ad70147..b28cc12e7 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
@@ -13,7 +14,7 @@ import (
 	"time"
 )
 
-func installSealedSecretsOperator(t *testing.T, k *KindCluster) {
+func installSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
 	tmpFile, _ := os.CreateTemp("", "")
 	tmpFile.Close()
 	defer os.Remove(tmpFile.Name())
@@ -28,12 +29,12 @@ func installSealedSecretsOperator(t *testing.T, k *KindCluster) {
 	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
 }
 
-func deleteSealedSecretsOperator(t *testing.T, k *KindCluster) {
+func deleteSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
 	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "deployment", "sealed-secrets-controller", "--wait")
 	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
 }
 
-func prepareSealTest(t *testing.T, k *KindCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
+func prepareSealTest(t *testing.T, k *test_utils.KindCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
 	p := &testProject{}
 	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
 
@@ -61,7 +62,7 @@ func addSecretsSetToTarget(p *testProject, targetName string, secretSetName stri
 	})
 }
 
-func assertDecryptedSecrets(t *testing.T, k *KindCluster, namespace string, secretName string, expectedSecrets map[string]string) {
+func assertDecryptedSecrets(t *testing.T, k *test_utils.KindCluster, namespace string, secretName string, expectedSecrets map[string]string) {
 	s := k.KubectlYamlMust(t, "-n", namespace, "get", "secret", secretName)
 
 	for key, value := range expectedSecrets {
diff --git a/e2e/utils.go b/e2e/utils.go
index f7f3d5f7c..274f5946c 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	log "github.com/sirupsen/logrus"
@@ -15,17 +16,17 @@ import (
 	"time"
 )
 
-func recreateNamespace(t *testing.T, k *KindCluster, namespace string) {
+func recreateNamespace(t *testing.T, k *test_utils.KindCluster, namespace string) {
 	_, _ = k.Kubectl("delete", "ns", namespace)
 	k.KubectlMust(t, "create", "ns", namespace)
 	k.KubectlMust(t, "label", "ns", namespace, "kluctl-e2e=true")
 }
 
-func deleteTestNamespaces(k *KindCluster) {
+func deleteTestNamespaces(k *test_utils.KindCluster) {
 	_, _ = k.Kubectl("delete", "ns", "-l", "kubectl-e2e=true")
 }
 
-func waitForReadiness(t *testing.T, k *KindCluster, namespace string, resource string, timeout time.Duration) bool {
+func waitForReadiness(t *testing.T, k *test_utils.KindCluster, namespace string, resource string, timeout time.Duration) bool {
 	t.Logf("Waiting for readiness: %s/%s", namespace, resource)
 
 	startTime := time.Now()
@@ -59,13 +60,13 @@ func waitForReadiness(t *testing.T, k *KindCluster, namespace string, resource s
 	return false
 }
 
-func assertReadiness(t *testing.T, k *KindCluster, namespace string, resource string, timeout time.Duration) {
+func assertReadiness(t *testing.T, k *test_utils.KindCluster, namespace string, resource string, timeout time.Duration) {
 	if !waitForReadiness(t, k, namespace, resource, timeout) {
 		t.Errorf("%s/%s did not get ready in time", namespace, resource)
 	}
 }
 
-func assertResourceExists(t *testing.T, k *KindCluster, namespace string, resource string) *uo.UnstructuredObject {
+func assertResourceExists(t *testing.T, k *test_utils.KindCluster, namespace string, resource string) *uo.UnstructuredObject {
 	var args []string
 	if namespace != "" {
 		args = append(args, "-n", namespace)
@@ -74,7 +75,7 @@ func assertResourceExists(t *testing.T, k *KindCluster, namespace string, resour
 	return k.KubectlYamlMust(t, args...)
 }
 
-func assertResourceNotExists(t *testing.T, k *KindCluster, namespace string, resource string) {
+func assertResourceNotExists(t *testing.T, k *test_utils.KindCluster, namespace string, resource string) {
 	var args []string
 	if namespace != "" {
 		args = append(args, "-n", namespace)
@@ -136,8 +137,3 @@ func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
 	err = cmd.Run()
 	return stdoutBuf.String(), stderrBuf.String(), err
 }
-
-func init() {
-	deleteTestNamespaces(defaultKindCluster1)
-	deleteTestNamespaces(defaultKindCluster2)
-}
diff --git a/e2e/kind_cluster.go b/internal/test-utils/kind_cluster.go
similarity index 75%
rename from e2e/kind_cluster.go
rename to internal/test-utils/kind_cluster.go
index 574b55aaa..d527f0173 100644
--- a/e2e/kind_cluster.go
+++ b/internal/test-utils/kind_cluster.go
@@ -1,20 +1,16 @@
-package e2e
+package test_utils
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
-	log "github.com/sirupsen/logrus"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"sigs.k8s.io/kind/pkg/cluster"
 	kindcmd "sigs.k8s.io/kind/pkg/cmd"
-	"sync"
 	"testing"
 	"time"
 )
@@ -142,44 +138,3 @@ func kindCreate(name, kubeconfig string) error {
 		}
 	}
 }
-
-func createKindCluster(name string, kubeconfig string) *KindCluster {
-	k, err := CreateKindCluster(name, kubeconfig)
-	if err != nil {
-		log.Fatal(err)
-	}
-	return k
-}
-
-func createDefaultKindCluster(num int) *KindCluster {
-	kindClusterName := os.Getenv(fmt.Sprintf("KIND_CLUSTER_NAME%d", num))
-	kindKubeconfig := os.Getenv(fmt.Sprintf("KIND_KUBECONFIG%d", num))
-	if kindClusterName == "" {
-		kindClusterName = fmt.Sprintf("kluctl-e2e-%d", num)
-	}
-	if kindKubeconfig == "" {
-		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("kluctl-e2e-kubeconfig-%d.yml", num))
-	}
-	return createKindCluster(kindClusterName, kindKubeconfig)
-}
-
-func createDefaultKindClusters() (*KindCluster, *KindCluster) {
-	var k1, k2 *KindCluster
-
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		defer wg.Done()
-		k1 = createDefaultKindCluster(1)
-	}()
-	go func() {
-		defer wg.Done()
-		k2 = createDefaultKindCluster(2)
-	}()
-	wg.Wait()
-	return k1, k2
-}
-
-var (
-	defaultKindCluster1, defaultKindCluster2 = createDefaultKindClusters()
-)

From 9ea226e761915421f31d621ca77ff1279e1a481f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 12:32:05 +0200
Subject: [PATCH 0256/2268] tests: Move starting of kind clusters into go code

And allow to specify extra ports to be exposed.
---
 .github/workflows/tests.yml         | 38 +++++------
 e2e/default_clusters.go             | 68 +++++++++++++-------
 e2e/external_projects_test.go       |  1 -
 e2e/project.go                      |  2 +-
 hack/start-kind-cluster.sh          | 28 ---------
 internal/test-utils/kind_cluster.go | 97 +++++++++++++++++++----------
 6 files changed, 125 insertions(+), 109 deletions(-)
 delete mode 100755 hack/start-kind-cluster.sh

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 70690c075..b966ab2c8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -240,33 +240,27 @@ jobs:
         shell: bash
         run: |
           if [ "${{ runner.os }}" == "Linux" ]; then
-            PORT1=10000
-            PORT2=20000
+            echo "KIND_API_PORT1=10000" >> $GITHUB_ENV
+            echo "KIND_API_PORT2=20000" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET1=30000" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET2=31000" >> $GITHUB_ENV
           elif [ "${{ runner.os }}" == "Windows" ]; then
-            PORT1=10001
-            PORT2=20001
+            echo "KIND_API_PORT1=10001" >> $GITHUB_ENV
+            echo "KIND_API_PORT2=20001" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET1=30100" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET2=31100" >> $GITHUB_ENV
           else
-            PORT1=10002
-            PORT2=20002
+            echo "KIND_API_PORT1=10002" >> $GITHUB_ENV
+            echo "KIND_API_PORT2=20002" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET1=30200" >> $GITHUB_ENV
+            echo "KIND_EXTRA_PORTS_OFFSET2=31200" >> $GITHUB_ENV
           fi
           KIND_CLUSTER_NAME_BASE=$(echo "kluctl-${{ runner.os }}" | awk '{{ print tolower($1) }}')
 
-          KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME_BASE-1
-          KIND_KUBECONFIG1=$(pwd)/kind-kubeconfig-1
-          echo "KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME1" >> $GITHUB_ENV
-          echo "KIND_KUBECONFIG1=$KIND_KUBECONFIG1" >> $GITHUB_ENV
-          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME1" "$DOCKER_IP" "$PORT1" "$KIND_KUBECONFIG1" &
-          PID1=$!
-
-          KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME_BASE-2
-          KIND_KUBECONFIG2=$(pwd)/kind-kubeconfig-2
-          echo "KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME2" >> $GITHUB_ENV
-          echo "KIND_KUBECONFIG2=$KIND_KUBECONFIG2" >> $GITHUB_ENV
-          ./hack/start-kind-cluster.sh "$KIND_CLUSTER_NAME2" "$DOCKER_IP" "$PORT2" "$KIND_KUBECONFIG2" &
-          PID2=$1
-
-          wait $PID1
-          wait $PID2
+          echo "KIND_API_HOST1=$DOCKER_IP" >> $GITHUB_ENV
+          echo "KIND_API_HOST2=$DOCKER_IP" >> $GITHUB_ENV
+          echo "KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME_BASE-1" >> $GITHUB_ENV
+          echo "KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME_BASE-2" >> $GITHUB_ENV
       - name: Download artifacts
         uses: actions/download-artifact@v2
       - name: Run e2e tests
diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 664cf31cb..466df5b4f 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -6,51 +6,71 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path/filepath"
+	"strconv"
 	"sync"
 )
 
-func createKindCluster(name string, kubeconfig string) *test_utils.KindCluster {
-	k, err := test_utils.CreateKindCluster(name, kubeconfig)
-	if err != nil {
-		panic(err)
-	}
-	return k
-}
-
-func createDefaultKindCluster(num int) *test_utils.KindCluster {
+func createDefaultKindCluster(num int) (*test_utils.KindCluster, int) {
 	kindClusterName := os.Getenv(fmt.Sprintf("KIND_CLUSTER_NAME%d", num))
+	kindApiHost := os.Getenv(fmt.Sprintf("KIND_API_HOST%d", num))
+	kindApiPort := os.Getenv(fmt.Sprintf("KIND_API_PORT%d", num))
+	kindExtraPortsOffset := os.Getenv(fmt.Sprintf("KIND_EXTRA_PORTS_OFFSET%d", num))
 	kindKubeconfig := os.Getenv(fmt.Sprintf("KIND_KUBECONFIG%d", num))
 	if kindClusterName == "" {
 		kindClusterName = fmt.Sprintf("kluctl-e2e-%d", num)
 	}
+	if kindApiHost == "" {
+		kindApiHost = "localhost"
+	}
+	if kindExtraPortsOffset == "" {
+		kindExtraPortsOffset = fmt.Sprintf("%d", 30000+num*1000)
+	}
 	if kindKubeconfig == "" {
 		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("kluctl-e2e-kubeconfig-%d.yml", num))
 	}
-	return createKindCluster(kindClusterName, kindKubeconfig)
+
+	var err error
+	var kindApiPortInt, kindExtraPortsOffsetInt int64
+
+	if kindApiPort != "" {
+		kindApiPortInt, err = strconv.ParseInt(kindApiPort, 0, 32)
+		if err != nil {
+			panic(err)
+		}
+	}
+	kindExtraPortsOffsetInt, err = strconv.ParseInt(kindExtraPortsOffset, 0, 32)
+	if err != nil {
+		panic(err)
+	}
+
+	vaultPort := int(kindExtraPortsOffsetInt) + 0
+
+	kindExtraPorts := map[int]int{
+		vaultPort: 30000,
+	}
+
+	k, err := test_utils.CreateKindCluster(kindClusterName, kindApiHost, int(kindApiPortInt), kindExtraPorts, kindKubeconfig)
+	if err != nil {
+		panic(err)
+	}
+	return k, vaultPort
 }
 
-func createDefaultKindClusters() (*test_utils.KindCluster, *test_utils.KindCluster) {
-	var k1, k2 *test_utils.KindCluster
+var defaultKindCluster1, defaultKindCluster2 *test_utils.KindCluster
+var defaultKindCluster1VaultPort, defaultKindCluster2VaultPort int
 
+func init() {
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
 		defer wg.Done()
-		k1 = createDefaultKindCluster(1)
+		defaultKindCluster1, defaultKindCluster1VaultPort = createDefaultKindCluster(1)
+		deleteTestNamespaces(defaultKindCluster1)
 	}()
 	go func() {
 		defer wg.Done()
-		k2 = createDefaultKindCluster(2)
+		defaultKindCluster2, defaultKindCluster2VaultPort = createDefaultKindCluster(2)
+		deleteTestNamespaces(defaultKindCluster2)
 	}()
 	wg.Wait()
-	return k1, k2
-}
-
-var (
-	defaultKindCluster1, defaultKindCluster2 = createDefaultKindClusters()
-)
-
-func init() {
-	deleteTestNamespaces(defaultKindCluster1)
-	deleteTestNamespaces(defaultKindCluster2)
 }
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index bb2f2094e..eefd91b17 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -2,7 +2,6 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 	"time"
diff --git a/e2e/project.go b/e2e/project.go
index 3fb63a6fa..09367ff6c 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -93,7 +93,7 @@ func (p *testProject) cleanup() {
 
 func (p *testProject) mergeKubeconfig(k *test_utils.KindCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
-		nkcfg, err := clientcmd.LoadFromFile(k.kubeconfig)
+		nkcfg, err := clientcmd.LoadFromFile(k.Kubeconfig)
 		if err != nil {
 			p.t.Fatal(err)
 		}
diff --git a/hack/start-kind-cluster.sh b/hack/start-kind-cluster.sh
deleted file mode 100755
index 315d6887a..000000000
--- a/hack/start-kind-cluster.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-NAME=$1
-IP=$2
-PORT=$3
-export KUBECONFIG=$4
-
-cat << EOF > kind-cluster-$NAME.yml
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-networking:
-  apiServerAddress: "0.0.0.0"
-  apiServerPort: $PORT
-EOF
-
-rm -f $(pwd)/kind-kubeconfig
-kind create cluster --config kind-cluster-$NAME.yml --name $NAME
-
-# Rewrite cluster info to point to docker host
-# This also fully disables TLS verification
-kubectl config view -ojson --raw \
-  | jq ".clusters[0].cluster.\"insecure-skip-tls-verify\"=true" \
-  | jq "del(.clusters[0].cluster.\"certificate-authority-data\")" \
-  | jq ".clusters[0].cluster.server=\"https://$IP:$PORT\"" \
-> $KUBECONFIG-tmp
-mv $KUBECONFIG-tmp $KUBECONFIG
diff --git a/internal/test-utils/kind_cluster.go b/internal/test-utils/kind_cluster.go
index d527f0173..eaa7c8dd5 100644
--- a/internal/test-utils/kind_cluster.go
+++ b/internal/test-utils/kind_cluster.go
@@ -4,11 +4,12 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"github.com/pkg/errors"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	"net/url"
 	"os"
 	"os/exec"
+	"sigs.k8s.io/kind/pkg/apis/config/v1alpha4"
 	"sigs.k8s.io/kind/pkg/cluster"
 	kindcmd "sigs.k8s.io/kind/pkg/cmd"
 	"testing"
@@ -18,17 +19,17 @@ import (
 type KindCluster struct {
 	Name       string
 	Context    string
-	kubeconfig string
+	Kubeconfig string
 	config     *rest.Config
 }
 
-func CreateKindCluster(name, kubeconfigPath string) (*KindCluster, error) {
+func CreateKindCluster(name, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfigPath string) (*KindCluster, error) {
 	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
 
 	c := &KindCluster{
 		Name:       name,
 		Context:    fmt.Sprintf("kind-%s", name),
-		kubeconfig: kubeconfigPath,
+		Kubeconfig: kubeconfigPath,
 	}
 
 	n, err := provider.ListNodes(name)
@@ -36,7 +37,7 @@ func CreateKindCluster(name, kubeconfigPath string) (*KindCluster, error) {
 		return nil, err
 	}
 	if len(n) == 0 {
-		if err := kindCreate(name, kubeconfigPath); err != nil {
+		if err := kindCreate(name, apiServerHost, apiServerPort, extraPorts, kubeconfigPath); err != nil {
 			return nil, err
 		}
 	}
@@ -47,19 +48,14 @@ func CreateKindCluster(name, kubeconfigPath string) (*KindCluster, error) {
 // Delete removes the cluster from kind. The cluster may not be deleted straight away - this only issues a delete command
 func (c *KindCluster) Delete() error {
 	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
-	return provider.Delete(c.Name, c.kubeconfig)
-}
-
-// Kubeconfig returns the path to the cluster kubeconfig
-func (c *KindCluster) Kubeconfig() string {
-	return c.kubeconfig
+	return provider.Delete(c.Name, c.Kubeconfig)
 }
 
 // RESTConfig returns K8s client config to pass to clientset objects
 func (c *KindCluster) RESTConfig() *rest.Config {
 	if c.config == nil {
 		var err error
-		c.config, err = clientcmd.BuildConfigFromFlags("", c.Kubeconfig())
+		c.config, err = clientcmd.BuildConfigFromFlags("", c.Kubeconfig)
 		if err != nil {
 			panic(err)
 		}
@@ -70,7 +66,7 @@ func (c *KindCluster) RESTConfig() *rest.Config {
 func (c *KindCluster) Kubectl(args ...string) (string, error) {
 	cmd := exec.Command("kubectl", args...)
 	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, fmt.Sprintf("KUBECONFIG=%s", c.kubeconfig))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("KUBECONFIG=%s", c.Kubeconfig))
 
 	stdout, err := cmd.Output()
 	return string(stdout), err
@@ -112,29 +108,64 @@ func (c *KindCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.Unstruct
 }
 
 // kindCreate creates the kind cluster. It will retry up to 10 times if cluster creation fails.
-func kindCreate(name, kubeconfig string) error {
+func kindCreate(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
 
 	fmt.Printf("🌧️  Creating kind cluster %s...\n", name)
 	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
-	attempts := 0
-	maxAttempts := 10
-	for {
-		err := provider.Create(
-			name,
-			cluster.CreateWithNodeImage(""),
-			cluster.CreateWithRetain(false),
-			cluster.CreateWithWaitForReady(time.Duration(0)),
-			cluster.CreateWithKubeconfigPath(kubeconfig),
-			cluster.CreateWithDisplayUsage(false),
-		)
-		if err == nil {
-			return nil
-		}
+	config := v1alpha4.Cluster{
+		Name: name,
+		Nodes: []v1alpha4.Node{{
+			Role: "control-plane",
+		}},
+		Networking: v1alpha4.Networking{
+			APIServerAddress: "0.0.0.0",
+			APIServerPort:    int32(apiServerPort),
+		},
+	}
+	for hostPort, containerPort := range extraPorts {
+		config.Nodes[0].ExtraPortMappings = append(config.Nodes[0].ExtraPortMappings, v1alpha4.PortMapping{
+			ContainerPort: int32(containerPort),
+			HostPort:      int32(hostPort),
+			ListenAddress: "0.0.0.0",
+			Protocol:      "TCP",
+		})
+	}
 
-		fmt.Printf("Error bringing up cluster, will retry (attempt %d): %v", attempts, err)
-		attempts++
-		if attempts >= maxAttempts {
-			return errors.Wrapf(err, "Error bringing up cluster, exceeded max attempts (%d)", attempts)
-		}
+	err := provider.Create(
+		name,
+		cluster.CreateWithV1Alpha4Config(&config),
+		cluster.CreateWithNodeImage(""),
+		cluster.CreateWithRetain(false),
+		cluster.CreateWithWaitForReady(time.Duration(0)),
+		cluster.CreateWithKubeconfigPath(kubeconfig),
+		cluster.CreateWithDisplayUsage(false),
+	)
+	if err != nil {
+		return err
+	}
+
+	kcfg, err := clientcmd.LoadFromFile(kubeconfig)
+	if err != nil {
+		return err
 	}
+
+	c := kcfg.Clusters[fmt.Sprintf("kind-%s", name)]
+
+	u, err := url.Parse(c.Server)
+	if err != nil {
+		return err
+	}
+
+	// override api server host and disable TLS verification
+	// this is needed to make it work with remote docker hosts
+	c.InsecureSkipTLSVerify = true
+	c.CertificateAuthorityData = nil
+	c.Server = fmt.Sprintf("https://%s:%s", apiServerHost, u.Port())
+
+	err = clientcmd.WriteToFile(*kcfg, kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

From 548cbef7b529ddbc0a55ba6dbe30016fc0d960ee Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 12:32:42 +0200
Subject: [PATCH 0257/2268] feat: Rename vault vars fields to align with go
 client lib

---
 pkg/types/vars_source.go  | 4 ++--
 pkg/vars/vars_loader.go   | 2 +-
 pkg/vars/vault/secrets.go | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 006b9d2f4..68ba14731 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -38,8 +38,8 @@ type VarsSourceAwsSecretsManager struct {
 }
 
 type VarsSourceVault struct {
-	Server string `yaml:"server" validate:"required"`
-	Key    string `yaml:"key" validate:"required"`
+	Address string `yaml:"address" validate:"required"`
+	Path    string `yaml:"path" validate:"required"`
 }
 
 type VarsSource struct {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index f6f2dfc76..bdb586bd8 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -146,7 +146,7 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 }
 
 func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
-	secret, err := vault.GetSecret(source.Vault.Server, source.Vault.Key)
+	secret, err := vault.GetSecret(source.Vault.Address, source.Vault.Path)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/vars/vault/secrets.go b/pkg/vars/vault/secrets.go
index 0a05e6579..49f04618f 100644
--- a/pkg/vars/vault/secrets.go
+++ b/pkg/vars/vault/secrets.go
@@ -13,14 +13,14 @@ var httpClient = &http.Client{
 	Timeout: 15 * time.Second,
 }
 
-func GetSecret(server string, key string) (string, error) {
+func GetSecret(server string, path string) (string, error) {
 	client, err := api.NewClient(&api.Config{Address: server, HttpClient: httpClient})
 	if err != nil {
 		return "", fmt.Errorf("failed to create vault %s client", server)
 	}
-	secret, err := client.Logical().Read(key)
+	secret, err := client.Logical().Read(path)
 	if err != nil {
-		return "", fmt.Errorf("connection to vault %s failed", server)
+		return "", fmt.Errorf("reading from vault failed: %v", err)
 	}
 	if secret == nil || secret.Data == nil {
 		return "", fmt.Errorf("the specified vault secret was not found")

From a3ffe50a8675a62d37afff82682c8aa624fef425 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 May 2022 16:11:28 +0200
Subject: [PATCH 0258/2268] tests: Add vault sealing tests

---
 e2e/project.go                       |   2 +
 e2e/seal_test.go                     | 140 ++++++++++++----
 e2e/test_resources/README.md         |   7 +-
 e2e/test_resources/resources.go      |  32 +++-
 e2e/test_resources/vault-values.yaml |  10 ++
 e2e/test_resources/vault.yaml        | 235 +++++++++++++++++++++++++++
 6 files changed, 396 insertions(+), 30 deletions(-)
 create mode 100644 e2e/test_resources/vault-values.yaml
 create mode 100644 e2e/test_resources/vault.yaml

diff --git a/e2e/project.go b/e2e/project.go
index 09367ff6c..d80c0c3e4 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -20,6 +20,7 @@ import (
 
 type testProject struct {
 	t           *testing.T
+	extraEnv    []string
 	projectName string
 
 	kluctlProjectExternal bool
@@ -433,6 +434,7 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 		args = append(args, "--debug")
 	}
 	env := os.Environ()
+	env = append(env, p.extraEnv...)
 	env = append(env, fmt.Sprintf("KUBECONFIG=%s", p.mergedKubeconfig))
 
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index b28cc12e7..c04c67361 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -8,30 +8,51 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
-	"os"
+	"io/ioutil"
+	"net/http"
+	"net/url"
 	"path/filepath"
+	"strings"
+	"sync"
 	"testing"
 	"time"
 )
 
-func installSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
-	tmpFile, _ := os.CreateTemp("", "")
-	tmpFile.Close()
-	defer os.Remove(tmpFile.Name())
+func installSealedSecretsOperator(k *test_utils.KindCluster) {
+	test_resources.ApplyYaml("sealed-secrets.yaml", k)
+}
 
-	_ = utils.FsCopyFile(test_resources.Yamls, "sealed-secrets.yaml", tmpFile.Name())
+func waitForSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
+	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
+}
 
-	_, err := k.Kubectl("apply", "-f", tmpFile.Name())
-	if err != nil {
-		panic(err)
-	}
+func deleteSealedSecretsOperator(k *test_utils.KindCluster) {
+	_, _ = k.Kubectl("-n", "kube-system", "delete", "deployment", "sealed-secrets-controller", "--wait")
+	_, _ = k.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
+}
 
-	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
+func installVault(k *test_utils.KindCluster) {
+	_, _ = k.Kubectl("create", "ns", "vault")
+	test_resources.ApplyYaml("vault.yaml", k)
 }
 
-func deleteSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
-	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "deployment", "sealed-secrets-controller", "--wait")
-	_, _ = defaultKindCluster1.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
+func waitForVault(t *testing.T, k *test_utils.KindCluster) {
+	waitForReadiness(t, k, "vault", "statefulset/vault", 5*time.Minute)
+}
+
+func init() {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		installSealedSecretsOperator(defaultKindCluster1)
+		installVault(defaultKindCluster1)
+	}()
+	go func() {
+		defer wg.Done()
+		installSealedSecretsOperator(defaultKindCluster2)
+	}()
+	wg.Wait()
 }
 
 func prepareSealTest(t *testing.T, k *test_utils.KindCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
@@ -76,8 +97,7 @@ func TestSeal_WithOperator(t *testing.T) {
 	k := defaultKindCluster1
 	namespace := "seal-with-operator"
 
-	deleteSealedSecretsOperator(t, k)
-	installSealedSecretsOperator(t, k)
+	waitForSealedSecretsOperator(t, k)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -113,7 +133,10 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	k := defaultKindCluster2
 	namespace := "seal-with-bootstrap"
 
-	deleteSealedSecretsOperator(t, k)
+	// we still wait for it to be ready before we then delete it
+	// this way it's pre-pulled and pre-warmed when we later start it
+	waitForSealedSecretsOperator(t, k)
+	deleteSealedSecretsOperator(k)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -136,7 +159,8 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	installSealedSecretsOperator(t, k)
+	installSealedSecretsOperator(k)
+	waitForSealedSecretsOperator(t, k)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
@@ -153,7 +177,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 	k := defaultKindCluster1
 	namespace := "seal-multiple-vs"
 
-	installSealedSecretsOperator(t, k)
+	waitForSealedSecretsOperator(t, k)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -195,7 +219,7 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 	k := defaultKindCluster1
 	namespace := "seal-multiple-ss"
 
-	installSealedSecretsOperator(t, k)
+	waitForSealedSecretsOperator(t, k)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -239,8 +263,8 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	k := defaultKindCluster1
 	namespace := "seal-multiple-targets"
 
-	installSealedSecretsOperator(t, k)
-	installSealedSecretsOperator(t, defaultKindCluster2)
+	waitForSealedSecretsOperator(t, k)
+	waitForSealedSecretsOperator(t, defaultKindCluster2)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -253,11 +277,6 @@ func TestSeal_MultipleTargets(t *testing.T) {
 					"s1": "v1",
 				},
 			}),
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s2": "v2",
-				},
-			}),
 		},
 	)
 	defer p.cleanup()
@@ -304,10 +323,12 @@ func TestSeal_MultipleTargets(t *testing.T) {
 }
 
 func TestSeal_File(t *testing.T) {
+	t.Parallel()
+
 	k := defaultKindCluster1
 	namespace := "seal-file"
 
-	installSealedSecretsOperator(t, k)
+	waitForSealedSecretsOperator(t, k)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -345,3 +366,66 @@ func TestSeal_File(t *testing.T) {
 		"s2": "v2",
 	})
 }
+
+func TestSeal_Vault(t *testing.T) {
+	t.Parallel()
+
+	k := defaultKindCluster1
+	namespace := "seal-vault"
+
+	waitForSealedSecretsOperator(t, k)
+	waitForVault(t, k)
+
+	u, err := url.Parse(defaultKindCluster1.RESTConfig().Host)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	vaultUrl := fmt.Sprintf("http://%s:%d", u.Hostname(), defaultKindCluster1VaultPort)
+
+	req, err := http.NewRequest("POST", fmt.Sprintf("%s/v1/secret/data/secret", vaultUrl), strings.NewReader(`{"data": {"secrets":{"s1":"v1","s2":"v2"}}}`))
+	if err != nil {
+		t.Fatal(err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-Vault-Token", "root")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		body, _ := ioutil.ReadAll(resp.Body)
+		t.Fatalf("vault response status %d, body=%s", resp.StatusCode, string(body))
+	}
+
+	p := prepareSealTest(t, k, namespace,
+		map[string]string{
+			"s1": "{{ secrets.s1 }}",
+			"s2": "{{ secrets.s2 }}",
+		},
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"vault": map[string]interface{}{
+					"address": vaultUrl,
+					"path":    "secret/data/secret",
+				},
+			}),
+		},
+	)
+	defer p.cleanup()
+
+	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+		"s1": "v1",
+		"s2": "v2",
+	})
+}
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
index 75d21866f..e3655fad6 100644
--- a/e2e/test_resources/README.md
+++ b/e2e/test_resources/README.md
@@ -1,4 +1,9 @@
 # sealed-secrets.yaml
 
 helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
-helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds > sealed-secrets.yaml
+helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds --skip-tests > sealed-secrets.yaml
+
+# vault.yaml
+
+helm repo add hashicorp https://helm.releases.hashicorp.com
+helm template vault hashicorp/vault -n vault -f vault-values.yaml --include-crds --skip-tests > vault.yaml
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 0ec6d270c..2645c7488 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -1,6 +1,36 @@
 package test_resources
 
-import "embed"
+import (
+	"embed"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
+)
 
 //go:embed *.yaml
 var Yamls embed.FS
+
+func GetYamlTmpFile(name string) string {
+	tmpFile, err := os.CreateTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	tmpFile.Close()
+
+	err = utils.FsCopyFile(Yamls, name, tmpFile.Name())
+	if err != nil {
+		panic(err)
+	}
+
+	return tmpFile.Name()
+}
+
+func ApplyYaml(name string, k *test_utils.KindCluster) {
+	tmpFile := GetYamlTmpFile(name)
+	defer os.Remove(tmpFile)
+
+	_, err := k.Kubectl("apply", "-f", tmpFile)
+	if err != nil {
+		panic(err)
+	}
+}
\ No newline at end of file
diff --git a/e2e/test_resources/vault-values.yaml b/e2e/test_resources/vault-values.yaml
new file mode 100644
index 000000000..1934c072a
--- /dev/null
+++ b/e2e/test_resources/vault-values.yaml
@@ -0,0 +1,10 @@
+server:
+  # Must be RollingUpdate as otherwise it's reported as ready much too early
+  updateStrategyType: RollingUpdate
+  dev:
+    enabled: true
+  service:
+    type: NodePort
+    nodePort: 30000
+injector:
+  enabled: false
diff --git a/e2e/test_resources/vault.yaml b/e2e/test_resources/vault.yaml
new file mode 100644
index 000000000..13e65b084
--- /dev/null
+++ b/e2e/test_resources/vault.yaml
@@ -0,0 +1,235 @@
+---
+# Source: vault/templates/server-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+  namespace: vault
+  labels:
+    helm.sh/chart: vault-0.20.1
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: vault/templates/server-clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: vault-server-binding
+  labels:
+    helm.sh/chart: vault-0.20.1
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: vault
+  namespace: vault
+---
+# Source: vault/templates/server-headless-service.yaml
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: vault-internal
+  namespace: vault
+  labels:
+    helm.sh/chart: vault-0.20.1
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: "http"
+      port: 8200
+      targetPort: 8200
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    component: server
+---
+# Source: vault/templates/server-service.yaml
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: vault
+  namespace: vault
+  labels:
+    helm.sh/chart: vault-0.20.1
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: true
+  ports:
+    - name: http
+      port: 8200
+      targetPort: 8200
+      nodePort: 30000
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    component: server
+---
+# Source: vault/templates/server-statefulset.yaml
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: vault
+  namespace: vault
+  labels:
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/instance: vault
+    app.kubernetes.io/managed-by: Helm
+spec:
+  serviceName: vault-internal
+  podManagementPolicy: Parallel
+  replicas: 1
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: vault
+      app.kubernetes.io/instance: vault
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: vault-0.20.1
+        app.kubernetes.io/name: vault
+        app.kubernetes.io/instance: vault
+        component: server
+    spec:
+      
+      
+      
+      
+      terminationGracePeriodSeconds: 10
+      serviceAccountName: vault
+      
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 1000
+        runAsUser: 100
+        fsGroup: 1000
+      volumes:
+        
+        - name: home
+          emptyDir: {}
+      containers:
+        - name: vault
+          
+          image: hashicorp/vault:1.10.3
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: 
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev 
+  
+          securityContext:
+            allowPrivilegeEscalation: false
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "http://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              value: "http://$(POD_IP):8200"
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              value: "https://$(HOSTNAME).vault-internal:8201"
+            - name: HOME
+              value: "/home/vault"
+            
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: root
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  
+            
+            
+          volumeMounts:
+          
+  
+  
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: http
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: http-rep
+          readinessProbe:
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            successThreshold: 1
+            timeoutSeconds: 3
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep 5 && kill -SIGTERM $(pidof vault)",
+                ]

From e9ef495487ccc3c48d42f46888c77aae756b3c87 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 13:07:31 +0200
Subject: [PATCH 0259/2268] tests: Fully delete all sealed-secrets resources in
 deleteSealedSecretsOperator

---
 e2e/seal_test.go                |  3 ++-
 e2e/test_resources/resources.go | 12 +++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index c04c67361..d9a6bdce1 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -27,8 +27,9 @@ func waitForSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
 }
 
 func deleteSealedSecretsOperator(k *test_utils.KindCluster) {
-	_, _ = k.Kubectl("-n", "kube-system", "delete", "deployment", "sealed-secrets-controller", "--wait")
+	test_resources.DeleteYaml("sealed-secrets.yaml", k)
 	_, _ = k.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
+	_, _ = k.Kubectl("-n", "kube-system", "delete", "configmap", "sealed-secrets-key-kluctl-bootstrap", "--wait")
 }
 
 func installVault(k *test_utils.KindCluster) {
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 2645c7488..7644d1f09 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -33,4 +33,14 @@ func ApplyYaml(name string, k *test_utils.KindCluster) {
 	if err != nil {
 		panic(err)
 	}
-}
\ No newline at end of file
+}
+
+func DeleteYaml(name string, k *test_utils.KindCluster) {
+	tmpFile := GetYamlTmpFile(name)
+	defer os.Remove(tmpFile)
+
+	_, err := k.Kubectl("delete", "-f", tmpFile)
+	if err != nil {
+		panic(err)
+	}
+}

From 377503949fc7465bff8c6e2c8189173116d5054a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 13:07:41 +0200
Subject: [PATCH 0260/2268] tests: Fix TestSeal_MultipleTargets

---
 e2e/seal_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index d9a6bdce1..28e6b976f 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -276,6 +276,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 			uo.FromMap(map[string]interface{}{
 				"values": map[string]interface{}{
 					"s1": "v1",
+					"s2": "v2",
 				},
 			}),
 		},

From c0f409eabf1368150ac484c43f6cb7189aba17bf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 13:19:55 +0200
Subject: [PATCH 0261/2268] tests: Add some more debug info to kindCreate
 logging

---
 internal/test-utils/kind_cluster.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/test-utils/kind_cluster.go b/internal/test-utils/kind_cluster.go
index eaa7c8dd5..791f8753c 100644
--- a/internal/test-utils/kind_cluster.go
+++ b/internal/test-utils/kind_cluster.go
@@ -110,7 +110,7 @@ func (c *KindCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.Unstruct
 // kindCreate creates the kind cluster. It will retry up to 10 times if cluster creation fails.
 func kindCreate(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
 
-	fmt.Printf("🌧️  Creating kind cluster %s...\n", name)
+	fmt.Printf("🌧️  Creating kind cluster %s with apiServerHost=%s, apiServerPort=%d, extraPorts=%v...\n", name, apiServerHost, apiServerPort, extraPorts)
 	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
 	config := v1alpha4.Cluster{
 		Name: name,

From c0a77304296e05a7928269da0e0bf5f6624b181d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 13:58:09 +0200
Subject: [PATCH 0262/2268] tests: Reintroduce retries when creating kind
 clusters

---
 .github/workflows/tests.yml         |  2 +-
 internal/test-utils/kind_cluster.go | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b966ab2c8..88c84e18e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -236,7 +236,7 @@ jobs:
         run: |
           kubectl version || true
           kind version || true
-      - name: Start kind cluster
+      - name: Prepare kind cluster variables
         shell: bash
         run: |
           if [ "${{ runner.os }}" == "Linux" ]; then
diff --git a/internal/test-utils/kind_cluster.go b/internal/test-utils/kind_cluster.go
index 791f8753c..99ad404d7 100644
--- a/internal/test-utils/kind_cluster.go
+++ b/internal/test-utils/kind_cluster.go
@@ -109,7 +109,17 @@ func (c *KindCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.Unstruct
 
 // kindCreate creates the kind cluster. It will retry up to 10 times if cluster creation fails.
 func kindCreate(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
+	var err error
+	for i := 0; i < 10; i++ {
+		err = kindCreate2(name, apiServerHost, apiServerPort, extraPorts, kubeconfig)
+		if err == nil {
+			return nil
+		}
+	}
+	return err
+}
 
+func kindCreate2(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
 	fmt.Printf("🌧️  Creating kind cluster %s with apiServerHost=%s, apiServerPort=%d, extraPorts=%v...\n", name, apiServerHost, apiServerPort, extraPorts)
 	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
 	config := v1alpha4.Cluster{

From c20d5917abc245164056051317992bb25372139e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 1 Jun 2022 18:54:15 +0200
Subject: [PATCH 0263/2268] ci: Increase inotify limits for docker host

---
 .github/workflows/tests.yml       |  6 +++++-
 hack/setup-docker-port-forward.sh | 20 --------------------
 2 files changed, 5 insertions(+), 21 deletions(-)
 delete mode 100755 hack/setup-docker-port-forward.sh

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 88c84e18e..e6a9124ca 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -85,11 +85,15 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Install zerotier
-        if: runner.os == 'Linux'
         run: |
           sudo apt update
           sudo apt install -y gpg jq
           curl -s https://install.zerotier.com | sudo bash
+      - name: Setup inotify limits
+        run: |
+          # see https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
+          sudo sysctl fs.inotify.max_user_watches=524288
+          sudo sysctl fs.inotify.max_user_instances=512
       - name: Stop docker
         run: |
           # Ensure docker is down and that the test jobs can wait for it to be available again after joining the network.
diff --git a/hack/setup-docker-port-forward.sh b/hack/setup-docker-port-forward.sh
deleted file mode 100755
index 886ed268f..000000000
--- a/hack/setup-docker-port-forward.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-echo "Forwarding ports"
-
-# pre-create this to avoid races in the background ssh calls
-mkdir -p $HOME/.ssh
-
-# docker
-tail -F ssh-log-2375 &
-nohup /usr/bin/ssh -i kluctl-ci.pem -o StrictHostKeyChecking=no -L2375:/run/docker.sock -N kluctl-ci@docker.ci.kluctl.io &> ssh-log-2375 &
-
-while ! curl http://localhost:2375 &> /dev/null; do
-  echo "Waiting for ports to get available..."
-  sleep 5
-done
-
-# keep ports alive
-nohup bash -c "while true; do curl http://localhost:2375 &> /dev/null ; sleep 5; done" &

From 058f619d71298e46cffe17f5633163e7de6b426e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 09:03:07 +0200
Subject: [PATCH 0264/2268] ci: Exclude "ci" commits from changelog

---
 .goreleaser.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 029ace461..2461d3dd0 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -61,6 +61,7 @@ changelog:
       - '^test.*:'
       - '^chore:'
       - '^build:'
+      - '^ci:'
       - '^refactor:'
 
 release:

From 937967b840da9ccda9b215cd12ceaeee030edae2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 09:03:17 +0200
Subject: [PATCH 0265/2268] docs: fix typo in README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6cd3ba354..c19f8f86f 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ Kluctl does not depend on external operators/controllers and allows to use the s
 as long as access to the kluctl project and clusters is available. This means, that you can use it from your
 local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
 
-Flux support is in alpha statium and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
+Flux support is in alpha stadium and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
 
 ## Installation
 

From 56fe43b968fe2e13f9cc5b5fee4be94eebe509ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 09:29:49 +0200
Subject: [PATCH 0266/2268] refactor: Stop using gammazero WorkerPool

---
 .../commands/cmd_check_image_updates.go       | 16 ++--
 pkg/deployment/deployment_collection.go       | 47 +++++++----
 pkg/deployment/deployment_item.go             | 55 ++++++------
 pkg/k8s/k8s_cluster.go                        | 51 +++++------
 pkg/kluctl_project/targets.go                 | 16 ++--
 pkg/utils/workerpool.go                       | 84 -------------------
 6 files changed, 94 insertions(+), 175 deletions(-)
 delete mode 100644 pkg/utils/workerpool.go

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 1da6883a3..14be5ede7 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -37,11 +37,9 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 
 	rh := registries.NewRegistryHelper(ctx.ctx)
 
-	wg := utils.NewWorkerPoolWithErrors(8)
-	defer wg.StopWait(false)
-
 	imageTags := make(map[string]interface{})
 	var mutex sync.Mutex
+	var wg sync.WaitGroup
 
 	for _, images := range renderedImages {
 		for _, image := range images {
@@ -51,7 +49,9 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 			}
 			repo := s[0]
 			if _, ok := imageTags[repo]; !ok {
-				wg.Submit(func() error {
+				wg.Add(1)
+				go func() {
+					defer wg.Done()
 					tags, err := rh.ListImageTags(repo)
 					mutex.Lock()
 					defer mutex.Unlock()
@@ -60,15 +60,11 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 					} else {
 						imageTags[repo] = tags
 					}
-					return nil
-				})
+				}()
 			}
 		}
 	}
-	err := wg.StopWait(false)
-	if err != nil {
-		return err
-	}
+	wg.Wait()
 
 	prefixPattern := regexp.MustCompile("^([a-zA-Z]+[a-zA-Z-_.]*)")
 	suffixPattern := regexp.MustCompile("([-][a-zA-Z]+[a-zA-Z-_.]*)$")
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index be086ebb2..0a379cffa 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -109,18 +109,26 @@ func (c *DeploymentCollection) RenderDeployments() error {
 	s := status.Start(c.ctx.Ctx, "Rendering templates")
 	defer s.Failed()
 
-	wp := utils.NewDebuggerAwareWorkerPool(16)
-	defer wp.StopWait(false)
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	var errors []error
 
 	for _, d := range c.Deployments {
-		err := d.render(c.forSeal, wp)
-		if err != nil {
-			return err
-		}
+		d := d
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			err := d.render(c.forSeal)
+			if err != nil {
+				mutex.Lock()
+				errors = append(errors, err)
+				mutex.Unlock()
+			}
+		}()
 	}
-	err := wp.StopWait(true)
-	if err != nil {
-		return err
+	wg.Wait()
+	if len(errors) != 0 {
+		return utils.NewErrorListOrNil(errors)
 	}
 	s.Success()
 
@@ -128,14 +136,21 @@ func (c *DeploymentCollection) RenderDeployments() error {
 	defer s.Failed()
 
 	for _, d := range c.Deployments {
-		err := d.renderHelmCharts(wp)
-		if err != nil {
-			return err
-		}
+		d := d
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			err := d.renderHelmCharts()
+			if err != nil {
+				mutex.Lock()
+				errors = append(errors, err)
+				mutex.Unlock()
+			}
+		}()
 	}
-	err = wp.StopWait(false)
-	if err != nil {
-		return err
+	wg.Wait()
+	if len(errors) != 0 {
+		return utils.NewErrorListOrNil(errors)
 	}
 
 	s.Success()
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 51957e455..959830915 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -101,7 +101,7 @@ func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	return a
 }
 
-func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) error {
+func (di *DeploymentItem) render(forSeal bool) error {
 	if di.dir == nil {
 		return nil
 	}
@@ -145,14 +145,10 @@ func (di *DeploymentItem) render(forSeal bool, wp *utils.WorkerPoolWithErrors) e
 		excludePatterns = append(excludePatterns, "**.sealme")
 	}
 
-	wp.Submit(func() error {
-		return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.RenderedDir)
-	})
-
-	return nil
+	return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.RenderedDir)
 }
 
-func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error {
+func (di *DeploymentItem) renderHelmCharts() error {
 	if di.dir == nil {
 		return nil
 	}
@@ -162,35 +158,32 @@ func (di *DeploymentItem) renderHelmCharts(wp *utils.WorkerPoolWithErrors) error
 			return nil
 		}
 
-		wp.Submit(func() error {
-			subDir, err := filepath.Rel(di.RenderedDir, filepath.Dir(p))
-			if err != nil {
-				return err
-			}
+		subDir, err := filepath.Rel(di.RenderedDir, filepath.Dir(p))
+		if err != nil {
+			return err
+		}
 
-			chart, err := NewHelmChart(p)
-			if err != nil {
-				return err
-			}
+		chart, err := NewHelmChart(p)
+		if err != nil {
+			return err
+		}
 
-			ky, err := di.readKustomizationYaml(subDir)
-			if err == nil && ky != nil {
-				resources, _, _ := ky.GetNestedStringList("resources")
-				found := false
-				for _, r := range resources {
-					if r == chart.GetOutputPath() {
-						found = true
-						break
-					}
-				}
-				if !found {
-					return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.RelRenderedDir, chart.GetOutputPath())
+		ky, err := di.readKustomizationYaml(subDir)
+		if err == nil && ky != nil {
+			resources, _, _ := ky.GetNestedStringList("resources")
+			found := false
+			for _, r := range resources {
+				if r == chart.GetOutputPath() {
+					found = true
+					break
 				}
 			}
+			if !found {
+				return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.RelRenderedDir, chart.GetOutputPath())
+			}
+		}
 
-			return chart.Render(di.ctx.Ctx, di.ctx.K)
-		})
-		return nil
+		return chart.Render(di.ctx.Ctx, di.ctx.K)
 	})
 	if err != nil {
 		return err
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 289e3d53a..32499284f 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -164,12 +164,11 @@ func (k *K8sCluster) ListObjectsMetadata(gvk schema.GroupVersionKind, namespace
 }
 
 func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map[string]string, onlyMetadata bool) ([]*uo.UnstructuredObject, map[schema.GroupVersionKind][]ApiWarning, error) {
-	wp := utils.NewWorkerPoolWithErrors(8)
-	defer wp.StopWait(false)
-
 	var ret []*uo.UnstructuredObject
+	var errs []error
 	retApiWarnings := make(map[schema.GroupVersionKind][]ApiWarning)
 	var mutex sync.Mutex
+	var wg sync.WaitGroup
 
 	filter := func(ar *v1.APIResource) bool {
 		foundVerb := false
@@ -184,7 +183,10 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 
 	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filter) {
 		gvk := gvk
-		wp.Submit(func() error {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+
 			var l []*uo.UnstructuredObject
 			var apiWarnings []ApiWarning
 			var err error
@@ -193,23 +195,24 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 			} else {
 				l, apiWarnings, err = k.ListObjects(gvk, namespace, labels)
 			}
-			if err != nil && !errors.IsNotFound(err) {
-				return err
-			}
 			mutex.Lock()
 			defer mutex.Unlock()
+			if err != nil && !errors.IsNotFound(err) {
+				errs = append(errs, err)
+				return
+			}
 			ret = append(ret, l...)
 			if len(apiWarnings) != 0 {
 				retApiWarnings[gvk] = apiWarnings
 			}
-			return nil
-		})
+		}()
 	}
+	wg.Wait()
 
-	err := wp.StopWait(false)
-	if err != nil {
-		return nil, retApiWarnings, err
+	if len(errs) != 0 {
+		return nil, retApiWarnings, utils.NewErrorListOrNil(errs)
 	}
+
 	return ret, retApiWarnings, nil
 }
 
@@ -228,16 +231,17 @@ func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject,
 }
 
 func (k *K8sCluster) GetObjectsByRefs(refs []k8s.ObjectRef) ([]*uo.UnstructuredObject, map[k8s.ObjectRef][]ApiWarning, error) {
-	wp := utils.NewWorkerPoolWithErrors(32)
-	defer wp.StopWait(false)
-
 	var ret []*uo.UnstructuredObject
+	var errs []error
 	retApiWarnings := make(map[k8s.ObjectRef][]ApiWarning)
 	var mutex sync.Mutex
+	var wg sync.WaitGroup
 
 	for _, ref_ := range refs {
 		ref := ref_
-		wp.Submit(func() error {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
 			o, apiWarnings, err := k.GetSingleObject(ref)
 			mutex.Lock()
 			defer mutex.Unlock()
@@ -245,18 +249,17 @@ func (k *K8sCluster) GetObjectsByRefs(refs []k8s.ObjectRef) ([]*uo.UnstructuredO
 				retApiWarnings[ref] = apiWarnings
 			}
 			if err != nil {
-				if errors.IsNotFound(err) || meta.IsNoMatchError(err) {
-					return nil
+				if !errors.IsNotFound(err) && !meta.IsNoMatchError(err) {
+					errs = append(errs, err)
 				}
-				return err
+				return
 			}
 			ret = append(ret, o)
-			return nil
-		})
+		}()
 	}
-	err := wp.StopWait(false)
-	if err != nil {
-		return nil, retApiWarnings, err
+	wg.Wait()
+	if len(errs) != 0 {
+		return nil, retApiWarnings, utils.NewErrorListOrNil(errs)
 	}
 
 	return ret, retApiWarnings, nil
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index acd861f13..795424ad4 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -221,11 +221,9 @@ func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string,
 }
 
 func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTargetInfo) error {
-	wp := utils.NewDebuggerAwareWorkerPool(8)
-	defer wp.StopWait(false)
-
 	uniqueClones := make(map[string]interface{})
 	var mutex sync.Mutex
+	var wg sync.WaitGroup
 
 	for _, targetInfo_ := range dynamicTargets {
 		targetInfo := targetInfo_
@@ -241,7 +239,9 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 		uniqueClones[targetInfo.dir] = nil
 		mutex.Unlock()
 
-		wp.Submit(func() error {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
 			gitProject := *targetInfo.gitProject
 			gitProject.Ref = *targetInfo.ref
 
@@ -253,13 +253,9 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 			} else {
 				uniqueClones[targetInfo.dir] = &gi
 			}
-			return nil
-		})
-	}
-	err := wp.StopWait(false)
-	if err != nil {
-		return err
+		}()
 	}
+	wg.Wait()
 
 	return nil
 }
diff --git a/pkg/utils/workerpool.go b/pkg/utils/workerpool.go
deleted file mode 100644
index fe71e32b9..000000000
--- a/pkg/utils/workerpool.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package utils
-
-import (
-	"github.com/gammazero/workerpool"
-	"os"
-	"strconv"
-	"sync"
-)
-
-type WorkerPoolWithErrors struct {
-	maxWorkers int
-	pool       *workerpool.WorkerPool
-	errors     []error
-	results    []interface{}
-	mutex      sync.Mutex
-}
-
-func NewWorkerPoolWithErrors(maxWorkers int) *WorkerPoolWithErrors {
-	return &WorkerPoolWithErrors{
-		maxWorkers: maxWorkers,
-		pool:       workerpool.New(maxWorkers),
-	}
-}
-
-func NewDebuggerAwareWorkerPool(maxWorkers int) *WorkerPoolWithErrors {
-	if IsLaunchedByDebugger() {
-		ignoreDebuggerStr, _ := os.LookupEnv("KLUCTL_IGNORE_DEBUGGER")
-		ignoreDebugger, _ := strconv.ParseBool(ignoreDebuggerStr)
-		if !ignoreDebugger {
-			maxWorkers = 1
-		}
-	}
-	return NewWorkerPoolWithErrors(maxWorkers)
-}
-
-func (wp *WorkerPoolWithErrors) Submit(cb func() error) {
-	wp.SubmitWithResult(func() (interface{}, error) {
-		err := cb()
-		return nil, err
-	})
-}
-
-func (wp *WorkerPoolWithErrors) SubmitWithResult(cb func() (interface{}, error)) {
-	wp.pool.Submit(func() {
-		result, err := cb()
-		wp.mutex.Lock()
-		defer wp.mutex.Unlock()
-		if err != nil {
-			wp.errors = append(wp.errors, err)
-		} else if result != nil {
-			wp.results = append(wp.results, result)
-		}
-	})
-}
-
-func (wp *WorkerPoolWithErrors) StopWait(restart bool) error {
-	if wp.pool == nil {
-		return nil
-	}
-	wp.pool.StopWait()
-	if restart {
-		wp.pool = workerpool.New(wp.maxWorkers)
-	} else {
-		wp.pool = nil
-	}
-
-	wp.mutex.Lock()
-	defer wp.mutex.Unlock()
-
-	if len(wp.errors) == 0 {
-		return nil
-	}
-	err := NewErrorListOrNil(wp.errors)
-	wp.errors = nil
-	return err
-}
-
-func (wp *WorkerPoolWithErrors) Errors() []error {
-	return wp.errors
-}
-
-func (wp *WorkerPoolWithErrors) Results() []interface{} {
-	return wp.results
-}

From a32e7f4e8d584df6f1e6679bed6d93428d6feec6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 10:00:31 +0200
Subject: [PATCH 0267/2268] build: Run go get -u ./...

---
 go.mod |  94 +++++++++++++++--------------
 go.sum | 183 ++++++++++++++++++++++++++++++---------------------------
 2 files changed, 144 insertions(+), 133 deletions(-)

diff --git a/go.mod b/go.mod
index 3c936f079..b4e6c807c 100644
--- a/go.mod
+++ b/go.mod
@@ -5,13 +5,12 @@ go 1.18
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.19
-	github.com/bitnami-labs/sealed-secrets v0.17.5
+	github.com/aws/aws-sdk-go v1.44.28
+	github.com/bitnami-labs/sealed-secrets v0.18.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/fluxcd/pkg/kustomize v0.5.1
-	github.com/gammazero/workerpool v1.1.2
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
 	github.com/gobwas/glob v0.2.3
@@ -20,34 +19,35 @@ require (
 	github.com/google/go-containerregistry v0.9.0
 	github.com/hashicorp/vault/api v1.6.0
 	github.com/hexops/gotextdiff v1.0.3
+	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/klauspost/compress v1.15.4
+	github.com/klauspost/compress v1.15.6
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
-	github.com/ohler55/ojg v1.14.0
+	github.com/ohler55/ojg v1.14.2
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.8.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.11.0
-	github.com/stretchr/testify v1.7.1
-	github.com/vbauerster/mpb/v7 v7.4.1
+	github.com/spf13/viper v1.12.0
+	github.com/stretchr/testify v1.7.2
+	github.com/vbauerster/mpb/v7 v7.4.2
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.1
-	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
-	golang.org/x/sync v0.0.0-20220513210516-0976fa681c29
+	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
+	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
-	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171
+	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
 	golang.org/x/text v0.3.7
-	gopkg.in/yaml.v3 v3.0.0
+	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.9.0
-	k8s.io/api v0.24.1-rc.0
-	k8s.io/apiextensions-apiserver v0.24.0
-	k8s.io/apimachinery v0.24.1-rc.0
-	k8s.io/client-go v0.24.1-rc.0
+	k8s.io/api v0.24.1
+	k8s.io/apiextensions-apiserver v0.24.1
+	k8s.io/apimachinery v0.24.1
+	k8s.io/client-go v0.24.1
 	k8s.io/klog/v2 v2.60.1
 	sigs.k8s.io/kind v0.14.0
 	sigs.k8s.io/kustomize/api v0.11.5
@@ -75,28 +75,27 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
-	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/armon/go-metrics v0.4.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
+	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
-	github.com/containerd/containerd v1.6.4 // indirect
+	github.com/containerd/containerd v1.6.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.16+incompatible // indirect
-	github.com/docker/docker v20.10.16+incompatible // indirect
+	github.com/docker/cli v20.10.17+incompatible // indirect
+	github.com/docker/docker v20.10.17+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
-	github.com/gammazero/deque v0.1.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
@@ -121,24 +120,23 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.2.0 // indirect
+	github.com/hashicorp/go-hclog v1.2.1 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.3 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-plugin v1.4.4 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.2 // indirect
-	github.com/hashicorp/go-version v1.2.1 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.5.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/vault/sdk v0.5.0 // indirect
-	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
+	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -157,7 +155,7 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -169,13 +167,13 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
@@ -190,7 +188,7 @@ require (
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/subosito/gotenv v1.4.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -198,26 +196,26 @@ require (
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
 	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect
-	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
+	golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
+	golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect
-	google.golang.org/grpc v1.46.2 // indirect
+	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
+	google.golang.org/grpc v1.47.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.4 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apiserver v0.24.0 // indirect
-	k8s.io/cli-runtime v0.24.0 // indirect
-	k8s.io/component-base v0.24.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 // indirect
-	k8s.io/kubectl v0.24.0 // indirect
+	k8s.io/apiserver v0.24.1 // indirect
+	k8s.io/cli-runtime v0.24.1 // indirect
+	k8s.io/component-base v0.24.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 // indirect
+	k8s.io/kubectl v0.24.1 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	oras.land/oras-go v1.1.1 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index c0ed01965..739e736a0 100644
--- a/go.sum
+++ b/go.sum
@@ -116,7 +116,7 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.9.2 h1:wB06W5aYFfUB3IvootYAY2WnOmIdgPGfqSI6tufQNnY=
+github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -154,8 +154,8 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
-github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo=
-github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8Q=
+github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -169,8 +169,8 @@ github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9D
 github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.19 h1:dhI6p4l6kisnA7gBAM8sP5YIk0bZ9HNAj7yrK7kcfdU=
-github.com/aws/aws-sdk-go v1.44.19/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.28 h1:h/OAqEqY18wq//v6h4GNPMmCkxuzSDrWuGyrvSiRqf4=
+github.com/aws/aws-sdk-go v1.44.28/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -178,8 +178,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.17.5 h1:v5ENZRSrgog3GnFr8fWfVtrUTPlZlNlbsjaro9mn6YY=
-github.com/bitnami-labs/sealed-secrets v0.17.5/go.mod h1:ZgGUqKixr/SRpsG8LVXnuneyZG7DOX/+eCRvXi8SVjo=
+github.com/bitnami-labs/sealed-secrets v0.18.0 h1:7LdfPRMyx9nGQW9204JM1F+F+s6xmaSBl8oNujlrCuc=
+github.com/bitnami-labs/sealed-secrets v0.18.0/go.mod h1:uV8CUHJQVcDOY9cZ1FdC1rtybC4ath+VGH+/dUQvBu0=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
@@ -193,8 +193,9 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
-github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
+github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
+github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
@@ -226,8 +227,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/containerd v1.6.4 h1:SEDZBp10mhCp+hkO3Njz/YhGrI7ah3edNcUlRdUPOgg=
-github.com/containerd/containerd v1.6.4/go.mod h1:oWOqbuJUZmOVafhA0lj2NAXbiO1u7F0K5l1bUgdyo94=
+github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
+github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
 github.com/containerd/stargz-snapshotter/estargz v0.11.4 h1:LjrYUZpyOhiSaU7hHrdR82/RBoxfGWSaC0VeSSMXqnk=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -264,12 +265,12 @@ github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27N
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
-github.com/docker/cli v20.10.16+incompatible h1:aLQ8XowgKpR3/IysPj8qZQJBVQ+Qws61icFuZl6iKYs=
-github.com/docker/cli v20.10.16+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
+github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.16+incompatible h1:2Db6ZR/+FUR3hqPMwnogOPHFn405crbpxvWzKovETOQ=
-github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
+github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -286,8 +287,10 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful/v3 v3.7.5-0.20220308211933-7c971ca4d0fd/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
+github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -342,11 +345,6 @@ github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmV
 github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
 github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
-github.com/gammazero/deque v0.1.0/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
-github.com/gammazero/deque v0.1.1 h1:xRVkDuSvDmFuMGf3IquHuRc2jlL0+v/WpFCWaauzwbE=
-github.com/gammazero/deque v0.1.1/go.mod h1:KQw7vFau1hHuM8xmI9RbgKFbAsQFWmBpqQ2KenFLk6M=
-github.com/gammazero/workerpool v1.1.2 h1:vuioDQbgrz4HoaCi2q1HLlOXdpbap5AET7xu5/qj87g=
-github.com/gammazero/workerpool v1.1.2/go.mod h1:UelbXcO0zCIGFcufcirHhq2/xtLXJdQ29qZNlXG9OjQ=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -630,8 +628,8 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
-github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw=
+github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -641,20 +639,24 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.3 h1:DXmvivbWD5qdiBts9TpBC7BYL1Aia5sxbRgQB+v6UZM=
 github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
+github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM=
 github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
 github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ=
+github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 h1:MBgwAFPUbfuI0+tmDU/aeM1MARvdbqWmiieXIalKqDE=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
@@ -666,11 +668,13 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.5.0 h1:O293SZ2Eg+AAYijkVK3jR786Am1bhDEh2GHT0tIVE5E=
+github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -689,8 +693,9 @@ github.com/hashicorp/vault/api v1.6.0 h1:B8UUYod1y1OoiGHq9GtpiqSnGOUEWHaA26AY8RQ
 github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc=
 github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ=
 github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
+github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -705,8 +710,9 @@ github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
@@ -763,8 +769,8 @@ github.com/kisielk/errcheck v1.6.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ=
-github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY=
+github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -881,8 +887,9 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
+github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
@@ -937,10 +944,11 @@ github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/ohler55/ojg v1.14.0 h1:DyHomsCwofNswmKj7BLMdx51xnKbXxgIo1rVWCaBcNk=
-github.com/ohler55/ojg v1.14.0/go.mod h1:3+GH+0PggMKocQtbZCrFifal3yRpHiBT4QUkxFJI6e8=
-github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/ohler55/ojg v1.14.2 h1:EHdrwmDrOuTGpj1W2LrT/yKeUOkLMIk1cTYcm42Sjj0=
+github.com/ohler55/ojg v1.14.2/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
+github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
@@ -984,8 +992,9 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
-github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
 github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
+github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1131,8 +1140,8 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
-github.com/spf13/viper v1.11.0 h1:7OX/1FS6n7jHD1zGrZTM7WtY13ZELRyosK4k93oPr44=
-github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk=
+github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
+github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1147,10 +1156,12 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
+github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
+github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
 github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
 github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
@@ -1178,8 +1189,8 @@ github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbauerster/mpb/v7 v7.4.1 h1:NhLMWQ3gNg2KJR8oeA9lO8Xvq+eNPmixDmB6JEQOUdA=
-github.com/vbauerster/mpb/v7 v7.4.1/go.mod h1:Ygg2mV9Vj9sQBWqsK2m2pidcf9H3s6bNKtqd3/M4gBo=
+github.com/vbauerster/mpb/v7 v7.4.2 h1:n917F4d8EWdUKc9c81wFkksyG6P6Mg7IETfKCE1Xqng=
+github.com/vbauerster/mpb/v7 v7.4.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -1298,8 +1309,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
-golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1400,8 +1411,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y=
-golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d h1:4SFsTMi4UahlKoloni7L4eYzhFRifURQLw+yv0QDCx8=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1421,8 +1432,9 @@ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 h1:zwrSfklXn0gxyLRX/aR+q6cgHbV/ItVyzbPlbA+dkAw=
+golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1435,8 +1447,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 h1:w8s32wxx3sY+OjLlv9qltkLU5yvJzxjjgiHWLjdIcw4=
-golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1536,13 +1548,14 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
-golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
+golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1803,8 +1816,8 @@ google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd h1:e0TwkXOdbnH/1x5rc5MZ/VYyiZ4v+RdVfrGMqEwT68I=
-google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 h1:qRu95HZ148xXw+XeZ3dvqe85PxH4X8+jIo0iRPKcEnM=
+google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8/go.mod h1:yKyY4AMRwFiC8yMMNaMi+RkCnjZJt9LoWuvhXjMs+To=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1838,9 +1851,9 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
+google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1874,13 +1887,14 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
-gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
+gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
@@ -1899,8 +1913,9 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
@@ -1914,25 +1929,22 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.24.0/go.mod h1:5Jl90IUrJHUJYEMANRURMiVvJ0g7Ax7r3R1bqO8zx8I=
-k8s.io/api v0.24.1-rc.0 h1:qCZcUZ/YVXVVacShyNgyEHSUGxrWwIlDGAU1XpyMhYs=
-k8s.io/api v0.24.1-rc.0/go.mod h1:IXhQwEOq8wx1Hmtm/YCNjyQ3XaeIUH0NP5Zsc0aF5Js=
-k8s.io/apiextensions-apiserver v0.24.0 h1:JfgFqbA8gKJ/uDT++feAqk9jBIwNnL9YGdQvaI9DLtY=
-k8s.io/apiextensions-apiserver v0.24.0/go.mod h1:iuVe4aEpe6827lvO6yWQVxiPSpPoSKVjkq+MIdg84cM=
-k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
-k8s.io/apimachinery v0.24.1-rc.0 h1:mjcDse2fEbUbiSZYU83NxdLUXlCSprcMlQVgNWn6tGk=
-k8s.io/apimachinery v0.24.1-rc.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
-k8s.io/apiserver v0.24.0 h1:GR7kGsjOMfilRvlG3Stxv/3uz/ryvJ/aZXc5pqdsNV0=
-k8s.io/apiserver v0.24.0/go.mod h1:WFx2yiOMawnogNToVvUYT9nn1jaIkMKj41ZYCVycsBA=
-k8s.io/cli-runtime v0.24.0 h1:ot3Qf49T852uEyNApABO1UHHpFIckKK/NqpheZYN2gM=
-k8s.io/cli-runtime v0.24.0/go.mod h1:9XxoZDsEkRFUThnwqNviqzljtT/LdHtNWvcNFrAXl0A=
-k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw=
-k8s.io/client-go v0.24.1-rc.0 h1:FoTsvkV8oz2FTORlpAR6TgRQMcdzGVIGQkjc7VrwZ40=
-k8s.io/client-go v0.24.1-rc.0/go.mod h1:6VdmspONsQ+gV2AsYugsRaVSYOEUm3Trd16aQJgJahU=
-k8s.io/code-generator v0.24.0/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
-k8s.io/component-base v0.24.0 h1:h5jieHZQoHrY/lHG+HyrSbJeyfuitheBvqvKwKHVC0g=
-k8s.io/component-base v0.24.0/go.mod h1:Dgazgon0i7KYUsS8krG8muGiMVtUZxG037l1MKyXgrA=
-k8s.io/component-helpers v0.24.0/go.mod h1:Q2SlLm4h6g6lPTC9GMMfzdywfLSvJT2f1hOnnjaWD8c=
+k8s.io/api v0.24.1 h1:BjCMRDcyEYz03joa3K1+rbshwh1Ay6oB53+iUx2H8UY=
+k8s.io/api v0.24.1/go.mod h1:JhoOvNiLXKTPQ60zh2g0ewpA+bnEYf5q44Flhquh4vQ=
+k8s.io/apiextensions-apiserver v0.24.1 h1:5yBh9+ueTq/kfnHQZa0MAo6uNcPrtxPMpNQgorBaKS0=
+k8s.io/apiextensions-apiserver v0.24.1/go.mod h1:A6MHfaLDGfjOc/We2nM7uewD5Oa/FnEbZ6cD7g2ca4Q=
+k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I=
+k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apiserver v0.24.1 h1:LAA5UpPOeaREEtFAQRUQOI3eE5So/j5J3zeQJjeLdz4=
+k8s.io/apiserver v0.24.1/go.mod h1:dQWNMx15S8NqJMp0gpYfssyvhYnkilc1LpExd/dkLh0=
+k8s.io/cli-runtime v0.24.1 h1:IW6L8dRBq+pPTzvXcB+m/hOabzbqXy57Bqo4XxmW7DY=
+k8s.io/cli-runtime v0.24.1/go.mod h1:14aVvCTqkA7dNXY51N/6hRY3GUjchyWDOwW84qmR3bs=
+k8s.io/client-go v0.24.1 h1:w1hNdI9PFrzu3OlovVeTnf4oHDt+FJLd9Ndluvnb42E=
+k8s.io/client-go v0.24.1/go.mod h1:f1kIDqcEYmwXS/vTbbhopMUbhKp2JhOeVTfxgaCIlF8=
+k8s.io/code-generator v0.24.1/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
+k8s.io/component-base v0.24.1 h1:APv6W/YmfOWZfo+XJ1mZwep/f7g7Tpwvdbo9CQLDuts=
+k8s.io/component-base v0.24.1/go.mod h1:DW5vQGYVCog8WYpNob3PMmmsY8A3L9QZNg4j/dV3s38=
+k8s.io/component-helpers v0.24.1/go.mod h1:q5Z1pWV/QfX9ThuNeywxasiwkLw9KsR4Q9TAOdb/Y3s=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
@@ -1943,11 +1955,11 @@ k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
-k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6 h1:nBQrWPlrNIiw0BsX6a6MKr1itkm0ZS0Nl97kNLitFfI=
-k8s.io/kube-openapi v0.0.0-20220413171646-5e7f5fdc6da6/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
-k8s.io/kubectl v0.24.0 h1:nA+WtMLVdXUs4wLogGd1mPTAesnLdBpCVgCmz3I7dXo=
-k8s.io/kubectl v0.24.0/go.mod h1:pdXkmCyHiRTqjYfyUJiXtbVNURhv0/Q1TyRhy2d5ic0=
-k8s.io/metrics v0.24.0/go.mod h1:jrLlFGdKl3X+szubOXPG0Lf2aVxuV3QJcbsgVRAM6fI=
+k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 h1:cE/M8rmDQgibspuSm+X1iW16ByTImtEaapgaHoVSLX4=
+k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60/go.mod h1:ouUzE1U2mEv//HRoBwYLFE5pdqjIebvtX361vtEIlBI=
+k8s.io/kubectl v0.24.1 h1:gxcjHrnwntV1c+G/BHWVv4Mtk8CQJ0WTraElLBG+ddk=
+k8s.io/kubectl v0.24.1/go.mod h1:NzFqQ50B004fHYWOfhHTrAm4TY6oGF5FAAL13LEaeUI=
+k8s.io/metrics v0.24.1/go.mod h1:vMs5xpcOyY9D+/XVwlaw8oUHYCo6JTGBCZfyXOOkAhE=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@@ -1961,8 +1973,9 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
-sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
+sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 h1:2sgAQQcY0dEW2SsQwTXhQV4vO6+rSslYx8K3XmM5hqQ=
+sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
 sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
 sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=

From 7d386057f2571ff337efc7f4a3d307abc83374c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 11:17:58 +0200
Subject: [PATCH 0268/2268] ci: Use ubuntu-20.04 in CI

---
 .github/workflows/tests.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e6a9124ca..e0aaa6f29 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -78,7 +78,7 @@ jobs:
 
   docker-host:
     if: "!startsWith(github.ref, 'refs/tags/')"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     needs:
       - build
     steps:
@@ -137,13 +137,13 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-18.04
+          - os: ubuntu-20.04
             binary-suffix: linux-amd64
           - os: macos-10.15
             binary-suffix: darwin-amd64
           - os: windows-2019
             binary-suffix: windows-amd64
-        os: [ubuntu-18.04, macos-10.15, windows-2019]
+        os: [ubuntu-20.04, macos-10.15, windows-2019]
       fail-fast: false
     needs:
       - build

From 5452ca251b98217bc74e2c675ff89def081863f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 16:01:46 +0200
Subject: [PATCH 0269/2268] fix: Ignore ComponentStatus when listing all
 objects

This removes the deprecate warning of ComponentStatus
---
 pkg/k8s/k8s_cluster.go | 6 ------
 pkg/k8s/resources.go   | 7 +++++++
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 32499284f..a810baa31 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -25,12 +25,6 @@ import (
 	"time"
 )
 
-var (
-	deprecatedResources = map[schema.GroupKind]bool{
-		{Group: "extensions", Kind: "Ingress"}: true,
-	}
-)
-
 type K8sCluster struct {
 	ctx context.Context
 
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index e8a3d843e..a6a5aac81 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -17,6 +17,13 @@ import (
 	"sync"
 )
 
+var (
+	deprecatedResources = map[schema.GroupKind]bool{
+		{Group: "extensions", Kind: "Ingress"}: true,
+		{Group: "", Kind: "ComponentStatus"}:   true,
+	}
+)
+
 type k8sResources struct {
 	ctx       context.Context
 	discovery discovery.DiscoveryInterface

From eb0a92ffab90656144338d52d477ae7df76e70d0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Jun 2022 16:44:40 +0200
Subject: [PATCH 0270/2268] fix: Use context name from cluster config

---
 pkg/kluctl_project/target_context.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 2e4ac84bb..b5ed711fd 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -110,18 +110,14 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		return nil, nil, "", err
 	}
 
+	varsCtx := vars.NewVarsCtx(p.J2)
+
 	var contextName *string
 	if clusterName == nil && target != nil {
 		clusterName = target.Cluster
 		contextName = target.Context
 	}
 
-	clientConfig, restConfig, err := p.loadArgs.ClientConfigGetter(contextName)
-	if err != nil {
-		return doError(err)
-	}
-
-	varsCtx := vars.NewVarsCtx(p.J2)
 	if clusterName != nil {
 		clusterConfig, err := p.LoadClusterConfig(*clusterName)
 		if err != nil {
@@ -131,7 +127,16 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		if err != nil {
 			return doError(err)
 		}
+		if contextName == nil {
+			contextName = &clusterConfig.Cluster.Context
+		}
 	}
+
+	clientConfig, restConfig, err := p.loadArgs.ClientConfigGetter(contextName)
+	if err != nil {
+		return doError(err)
+	}
+
 	targetVars, err := uo.FromStruct(target)
 	if err != nil {
 		return doError(err)

From 70157973a597cfa5117a2ba74627a6634d809713 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Jun 2022 14:48:28 +0200
Subject: [PATCH 0271/2268] fix: Skip entries with no host when looking for
 KLUCTL_GIT_XXX variables

---
 pkg/git/auth/env_auth_provider.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index f05516e00..9d4be5eef 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -21,6 +21,9 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 			Username:   m["USERNAME"],
 			Password:   m["PASSWORD"],
 		}
+		if e.Host == "" {
+			continue
+		}
 
 		ssh_key_path, _ := m["SSH_KEY"]
 		if ssh_key_path != "" {

From 21d0fe5ed0f1c592c8dbb44a8f3fbf93f20cb254 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Jun 2022 14:49:14 +0200
Subject: [PATCH 0272/2268] fix: More tracing in ListAuthProvider and
 GitEnvAuthProvider

---
 pkg/git/auth/env_auth_provider.go  |  7 +++++--
 pkg/git/auth/list_auth_provider.go | 11 +++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 9d4be5eef..2c1483811 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -26,11 +26,14 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 		}
 
 		ssh_key_path, _ := m["SSH_KEY"]
+
+		status.Trace(ctx, "GitEnvAuthProvider: adding entry host=%s, pathPrefix=%s, username=%s, ssh_key=%s", e.Host, e.PathPrefix, e.Username, ssh_key_path)
+
 		if ssh_key_path != "" {
 			ssh_key_path = utils.ExpandPath(ssh_key_path)
 			b, err := ioutil.ReadFile(ssh_key_path)
 			if err != nil {
-				status.Trace(ctx, "Failed to read key %s: %v", ssh_key_path, err)
+				status.Trace(ctx, "GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err)
 			} else {
 				e.SshKey = b
 			}
@@ -40,7 +43,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
 			b, err := ioutil.ReadFile(ca_bundle_path)
 			if err != nil {
-				status.Trace(ctx, "Failed to read ca bundle %s: %v", ca_bundle_path, err)
+				status.Trace(ctx, "GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err)
 			} else {
 				e.CABundle = b
 			}
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 4faa19b70..e1ce56525 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -30,7 +30,11 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 }
 
 func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+	status.Trace(ctx, "ListAuthProvider: BuildAuth for %s", gitUrl.String())
+	status.Trace(ctx, "ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
 	for _, e := range a.entries {
+		status.Trace(ctx, "ListAuthProvider: try host=%s, pathPrefix=%s, username=%s", e.Host, e.PathPrefix, e.Username)
+
 		if e.Host != "*" && e.Host != gitUrl.Hostname() {
 			continue
 		}
@@ -61,11 +65,13 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 
 		if gitUrl.IsSsh() {
 			if e.SshKey == nil {
+				status.Trace(ctx, "ListAuthProvider: empty ssh key is not accepted")
 				continue
 			}
+			status.Trace(ctx, "ListAuthProvider: using username+sshKey")
 			a, err := ssh.NewPublicKeys(username, e.SshKey, "")
 			if err != nil {
-				status.Trace(ctx, "Failed to parse private key: %v", err)
+				status.Trace(ctx, "ListAuthProvider: failed to parse private key: %v", err)
 			} else {
 				a.HostKeyCallback = buildVerifyHostCallback(ctx, e.KnownHosts)
 				return AuthMethodAndCA{
@@ -74,9 +80,10 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 			}
 		} else {
 			if e.Password == "" {
-				// empty password is not accepted
+				status.Trace(ctx, "ListAuthProvider: empty password is not accepted")
 				continue
 			}
+			status.Trace(ctx, "ListAuthProvider: using username+password")
 			return AuthMethodAndCA{
 				AuthMethod: &http.BasicAuth{
 					Username: username,

From 0a95b9ac42715ca1d5f63c6fdc82f1668c221cbe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Jun 2022 15:00:50 +0200
Subject: [PATCH 0273/2268] fix: Ignore leading / when checking for git path
 prefix

---
 pkg/git/auth/list_auth_provider.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index e1ce56525..6ea7ba938 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -38,7 +38,11 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 		if e.Host != "*" && e.Host != gitUrl.Hostname() {
 			continue
 		}
-		if !strings.HasPrefix(gitUrl.Path, e.PathPrefix) {
+		urlPath := gitUrl.Path
+		if strings.HasPrefix(urlPath, "/") {
+			urlPath = urlPath[1:]
+		}
+		if !strings.HasPrefix(urlPath, e.PathPrefix) {
 			continue
 		}
 		if e.Username == "" {

From 560adf2d466d934457424ec8c6bd8c5b59726815 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Jun 2022 10:12:03 +0200
Subject: [PATCH 0274/2268] fix: Don't remove cloned dirs too early

---
 cmd/kluctl/commands/utils.go         |  7 ++----
 pkg/git/repoprovider/live.go         | 35 ++++++++++++++++++++--------
 pkg/git/repoprovider/repoprovider.go |  1 +
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 5ff04f003..4fdc5f1a9 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -76,9 +76,6 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	}
 
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
-	if p != nil && p.RP != nil {
-		defer p.RP.Clear()
-	}
 	if err != nil {
 		return err
 	}
@@ -186,8 +183,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		images:    images,
 	}
 
-	// we can assume that all git access is done at this point, so we can clear grc and thus unlock all repos
-	p.RP.Clear()
+	// we can assume that all git access is done at this point, so we can unlock all repos
+	p.RP.UnlockAll()
 
 	return cb(cmdCtx)
 }
diff --git a/pkg/git/repoprovider/live.go b/pkg/git/repoprovider/live.go
index 9d877b6ae..bb0243f9a 100644
--- a/pkg/git/repoprovider/live.go
+++ b/pkg/git/repoprovider/live.go
@@ -20,7 +20,10 @@ type LiveRepoProvider struct {
 	authProviders  *auth.GitAuthProviders
 	updateInterval time.Duration
 	repos          map[string]*entry
-	mutex          sync.Mutex
+	reposMutex     sync.Mutex
+
+	cleanupDirs       []string
+	cleeanupDirsMutex sync.Mutex
 }
 
 type entry struct {
@@ -43,15 +46,11 @@ func NewLiveRepoProvider(ctx context.Context, authProviders *auth.GitAuthProvide
 	}
 }
 
-func (rp *LiveRepoProvider) Clear() {
-	rp.mutex.Lock()
-	defer rp.mutex.Unlock()
+func (rp *LiveRepoProvider) UnlockAll() {
+	rp.reposMutex.Lock()
+	defer rp.reposMutex.Unlock()
 
 	for _, e := range rp.repos {
-		for _, cd := range e.clonedDirs {
-			_ = os.RemoveAll(cd.dir)
-		}
-
 		if e.mr.IsLocked() {
 			_ = e.mr.Unlock()
 		}
@@ -60,10 +59,22 @@ func (rp *LiveRepoProvider) Clear() {
 	rp.repos = map[string]*entry{}
 }
 
+func (rp *LiveRepoProvider) Clear() {
+	rp.UnlockAll()
+
+	rp.cleeanupDirsMutex.Lock()
+	defer rp.cleeanupDirsMutex.Unlock()
+
+	for _, p := range rp.cleanupDirs {
+		_ = os.RemoveAll(p)
+	}
+	rp.cleanupDirs = nil
+}
+
 func (rp *LiveRepoProvider) getEntry(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*entry, error) {
 	e, err := func() (*entry, error) {
-		rp.mutex.Lock()
-		defer rp.mutex.Unlock()
+		rp.reposMutex.Lock()
+		defer rp.reposMutex.Unlock()
 
 		e, ok := rp.repos[url.NormalizedRepoKey()]
 		if !ok {
@@ -178,6 +189,10 @@ func (rp *LiveRepoProvider) GetClonedDir(url git_url.GitUrl, ref string) (string
 		return "", git.CheckoutInfo{}, err
 	}
 
+	rp.cleeanupDirsMutex.Lock()
+	rp.cleanupDirs = append(rp.cleanupDirs, p)
+	rp.cleeanupDirsMutex.Unlock()
+
 	err = e.mr.CloneProject(ref, p)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
diff --git a/pkg/git/repoprovider/repoprovider.go b/pkg/git/repoprovider/repoprovider.go
index 77495df96..a6427551a 100644
--- a/pkg/git/repoprovider/repoprovider.go
+++ b/pkg/git/repoprovider/repoprovider.go
@@ -14,5 +14,6 @@ type RepoInfo struct {
 type RepoProvider interface {
 	GetRepoInfo(url git_url.GitUrl) (RepoInfo, error)
 	GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error)
+	UnlockAll()
 	Clear()
 }

From 11064b7bef932073118db036b27bc49063ea8cef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Jun 2022 16:47:47 +0200
Subject: [PATCH 0275/2268] feat: Allow to select secrets/configmaps vars
 sources via labels

---
 pkg/types/vars_source.go     | 18 ++++++++++++---
 pkg/vars/vars_loader.go      | 38 ++++++++++++++++++++++++-------
 pkg/vars/vars_loader_test.go | 43 ++++++++++++++++++++++++++++++++++++
 3 files changed, 88 insertions(+), 11 deletions(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 68ba14731..89ca64760 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -15,9 +15,20 @@ type VarsSourceGit struct {
 }
 
 type VarsSourceClusterConfigMapOrSecret struct {
-	Name      string `yaml:"name" validate:"required"`
-	Namespace string `yaml:"namespace,omitempty"`
-	Key       string `yaml:"key" validate:"required"`
+	Name      string            `yaml:"name,omitempty"`
+	Labels    map[string]string `yaml:"labels,omitempty"`
+	Namespace string            `yaml:"namespace" validate:"required"`
+	Key       string            `yaml:"key" validate:"required"`
+}
+
+func ValidateVarsSourceClusterConfigMapOrSecret(sl validator.StructLevel) {
+	s := sl.Current().Interface().(VarsSourceClusterConfigMapOrSecret)
+
+	if s.Name == "" && len(s.Labels) == 0 {
+		sl.ReportError(s, "self", "self", "either name or labels must be set", "")
+	} else if s.Name != "" && len(s.Labels) != 0 {
+		sl.ReportError(s, "self", "self", "only one of name or labels can be set", "")
+	}
 }
 
 type VarsSourceHttp struct {
@@ -74,5 +85,6 @@ func ValidateVarsSource(sl validator.StructLevel) {
 }
 
 func init() {
+	yaml.Validator.RegisterStructValidation(ValidateVarsSourceClusterConfigMapOrSecret, VarsSourceClusterConfigMapOrSecret{})
 	yaml.Validator.RegisterStructValidation(ValidateVarsSource, VarsSource{})
 }
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index bdb586bd8..73a0780b1 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 )
 
@@ -71,11 +72,9 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 	} else if source.Git != nil {
 		return v.loadGit(varsCtx, source.Git, rootKey)
 	} else if source.ClusterConfigMap != nil {
-		ref := k8s2.NewObjectRef("", "v1", "ConfigMap", source.ClusterConfigMap.Name, source.ClusterConfigMap.Namespace)
-		return v.loadFromK8sObject(varsCtx, ref, source.ClusterConfigMap.Key, rootKey, false)
+		return v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, rootKey, false)
 	} else if source.ClusterSecret != nil {
-		ref := k8s2.NewObjectRef("", "v1", "Secret", source.ClusterSecret.Name, source.ClusterSecret.Namespace)
-		return v.loadFromK8sObject(varsCtx, ref, source.ClusterSecret.Key, rootKey, true)
+		return v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, rootKey, true)
 	} else if source.SystemEnvVars != nil {
 		return v.loadSystemEnvs(varsCtx, &source, rootKey)
 	} else if source.Http != nil {
@@ -172,16 +171,39 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 	return v.loadFromString(varsCtx, string(f), rootKey)
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, ref k8s2.ObjectRef, key string, rootKey string, base64Decode bool) error {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, base64Decode bool) error {
 	if v.k == nil {
 		return nil
 	}
 
-	o, _, err := v.k.GetSingleObject(ref)
-	if err != nil {
-		return err
+	var err error
+	var o *uo.UnstructuredObject
+
+	if varsSource.Name != "" {
+		o, _, err = v.k.GetSingleObject(k8s2.NewObjectRef("", "v1", kind, varsSource.Name, varsSource.Namespace))
+		if err != nil {
+			return err
+		}
+	} else {
+		objs, _, err := v.k.ListObjects(schema.GroupVersionKind{
+			Group:   "",
+			Version: "v1",
+			Kind:    kind,
+		}, varsSource.Namespace, varsSource.Labels)
+		if err != nil {
+			return err
+		}
+		if len(objs) == 0 {
+			return fmt.Errorf("no object found with labels %v", varsSource.Labels)
+		}
+		if len(objs) > 1 {
+			return fmt.Errorf("found more than one objects with labels %v", varsSource.Labels)
+		}
+		o = objs[0]
 	}
 
+	ref := o.GetK8sRef()
+
 	f, found, err := o.GetNestedField("data", key)
 	if err != nil {
 		return err
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 03faf654e..1dbb14018 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -277,6 +277,49 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 	}, &secret)
 }
 
+func TestVarsLoader_K8sObjectLabels(t *testing.T) {
+	cm1 := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "cm1", Namespace: "ns", Labels: map[string]string{"label1": "value1"}},
+		Data: map[string]string{
+			"vars": `{"test1": {"test2": 42}}`,
+		},
+	}
+	cm2 := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{Name: "cm2", Namespace: "ns", Labels: map[string]string{"label2": "value2"}},
+		Data: map[string]string{
+			"vars": `{"test3": {"test4": 43}}`,
+		},
+	}
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Labels:    map[string]string{"label1": "value1"},
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	}, &cm1, &cm2)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Labels:    map[string]string{"label2": "value2"},
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test3", "test4")
+		assert.Equal(t, int64(43), v)
+	}, &cm1, &cm2)
+}
+
 func TestVarsLoader_SystemEnv(t *testing.T) {
 	t.Setenv("TEST1", "42")
 	t.Setenv("TEST2", "43")

From 57a4eb2d4ca93c89f8435d810b5d6efb44339f70 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 14 Jun 2022 14:01:55 +0200
Subject: [PATCH 0276/2268] fix: Use simple status handler in case of --debug

---
 cmd/kluctl/commands/root.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f71cd8595..c7854cc4a 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -70,15 +70,16 @@ var flagGroups = []groupInfo{
 
 var cliCtx = context.Background()
 
-func setupStatusHandler() {
+func setupStatusHandler(debug bool) {
 	var sh status.StatusHandler
-	if isatty.IsTerminal(os.Stderr.Fd()) {
+	if !debug && isatty.IsTerminal(os.Stderr.Fd()) {
 		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
 			_, _ = fmt.Fprintf(os.Stderr, "%s\n", message)
 		}, false)
 	}
+	sh.SetTrace(debug)
 	cliCtx = status.NewContext(cliCtx, sh)
 
 	klog.LogToStderr(false)
@@ -143,7 +144,7 @@ func (c *cli) checkNewVersion() {
 }
 
 func (c *cli) preRun() error {
-	status.FromContext(cliCtx).SetTrace(c.Debug)
+	setupStatusHandler(c.Debug)
 	c.checkNewVersion()
 	return nil
 }
@@ -193,7 +194,6 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		return root.preRun()
 	}
 
-	setupStatusHandler()
 	initViper()
 
 	err = rootCmd.ExecuteContext(cliCtx)

From fbdd3856ef9f8f12c464b64d0ba26b1b1d28eedd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 14 Jun 2022 14:02:07 +0200
Subject: [PATCH 0277/2268] fix: Redirect stderr lines to status handler

---
 cmd/kluctl/commands/root.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index c7854cc4a..497f18dae 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -27,6 +27,7 @@ import (
 	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+	"io"
 	"k8s.io/klog/v2"
 	"log"
 	"net/http"
@@ -85,6 +86,18 @@ func setupStatusHandler(debug bool) {
 	klog.LogToStderr(false)
 	klog.SetOutput(status.NewLineRedirector(sh.Info))
 	log.SetOutput(status.NewLineRedirector(sh.Info))
+
+	pr, pw, err := os.Pipe()
+	if err != nil {
+		panic(err)
+	}
+
+	go func() {
+		x := status.NewLineRedirector(sh.Info)
+		_, _ = io.Copy(x, pr)
+	}()
+
+	os.Stderr = pw
 }
 
 type VersionCheckState struct {

From a619f0dbea5b1b92ee8bb1e5b587d5faff513439 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 14 Jun 2022 14:03:13 +0200
Subject: [PATCH 0278/2268] fix: Fix check for existing dirs in
 checkDeploymentDirs

This fixes an issue with relatively (e.g. ../../deployment) included sub
deployments.
---
 pkg/deployment/deployment_project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 14b894813..36c005f62 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -120,7 +120,7 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 			continue
 		}
 
-		diDir, err := securejoin.SecureJoin(p.absDir, *di.Path)
+		diDir, err := securejoin.SecureJoin(p.source.dir, filepath.Join(p.relDir, *di.Path))
 		if err != nil {
 			return err
 		}

From a796596b539bd7a465620aa3a1b548b292e7d906 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 15 Jun 2022 10:45:39 +0200
Subject: [PATCH 0279/2268] fix: Determine if stderr is a terminal before
 overriding os.Stderr

---
 cmd/kluctl/commands/root.go         |  6 ++++--
 pkg/status/noop.go                  |  4 ++++
 pkg/status/promts.go                | 15 ++++++++++++---
 pkg/status/simple_status_handler.go | 16 +++++++++++-----
 pkg/status/status.go                |  2 ++
 pkg/status/status_handler.go        | 22 ++++++++++++++--------
 6 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 497f18dae..e0329e7ff 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -72,13 +72,15 @@ var flagGroups = []groupInfo{
 var cliCtx = context.Background()
 
 func setupStatusHandler(debug bool) {
+	// we must determine isTerminal before we override os.Stderr
+	isTerminal := isatty.IsTerminal(os.Stderr.Fd())
 	var sh status.StatusHandler
 	if !debug && isatty.IsTerminal(os.Stderr.Fd()) {
-		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, false)
+		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, isTerminal, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
 			_, _ = fmt.Fprintf(os.Stderr, "%s\n", message)
-		}, false)
+		}, isTerminal, false)
 	}
 	sh.SetTrace(debug)
 	cliCtx = status.NewContext(cliCtx, sh)
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index c1ff08a9e..53f9f7a51 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -8,6 +8,10 @@ type NoopStatusHandler struct {
 type NoopStatusLine struct {
 }
 
+func (n NoopStatusHandler) IsTerminal() bool {
+	return false
+}
+
 func (n NoopStatusHandler) SetTrace(trace bool) {
 }
 
diff --git a/pkg/status/promts.go b/pkg/status/promts.go
index 8274e8c40..3f8276a10 100644
--- a/pkg/status/promts.go
+++ b/pkg/status/promts.go
@@ -9,13 +9,22 @@ import (
 	"strings"
 )
 
+func isTerminal(ctx context.Context) bool {
+	sh := FromContext(ctx)
+	if sh != nil {
+		return sh.IsTerminal()
+	} else {
+		return isatty.IsTerminal(os.Stderr.Fd())
+	}
+}
+
 // AskForConfirmation uses Scanln to parse user input. A user must type in "yes" or "no" and
 // then press enter. It has fuzzy matching, so "y", "Y", "yes", "YES", and "Yes" all count as
 // confirmations. If the input is not recognized, it will ask again. The function does not return
 // until it gets a valid response from the user. Typically, you should use fmt to print out a question
 // before calling askForConfirmation. E.g. fmt.Println("WARNING: Are you sure? (yes/no)")
 func AskForConfirmation(ctx context.Context, prompt string) bool {
-	if !isatty.IsTerminal(os.Stderr.Fd()) {
+	if !isTerminal(ctx) {
 		Warning(ctx, "Not a terminal, suppressed prompt: %s", prompt)
 		return false
 	}
@@ -37,7 +46,7 @@ func AskForConfirmation(ctx context.Context, prompt string) bool {
 }
 
 func AskForPassword(ctx context.Context, prompt string) (string, error) {
-	if !isatty.IsTerminal(os.Stderr.Fd()) {
+	if !isTerminal(ctx) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
 		Warning(ctx, err.Error())
 		return "", err
@@ -52,7 +61,7 @@ func AskForPassword(ctx context.Context, prompt string) (string, error) {
 }
 
 func AskForCredentials(ctx context.Context, prompt string) (string, string, error) {
-	if !isatty.IsTerminal(os.Stderr.Fd()) {
+	if !isTerminal(ctx) {
 		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
 		Warning(ctx, err.Error())
 		return "", "", err
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 2f7cc9772..cdddd374c 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -8,20 +8,26 @@ import (
 )
 
 type simpleStatusHandler struct {
-	cb    func(message string)
-	trace bool
+	cb         func(message string)
+	isTerminal bool
+	trace      bool
 }
 
 type simpleStatusLine struct {
 }
 
-func NewSimpleStatusHandler(cb func(message string), trace bool) StatusHandler {
+func NewSimpleStatusHandler(cb func(message string), isTerminal bool, trace bool) StatusHandler {
 	return &simpleStatusHandler{
-		cb:    cb,
-		trace: trace,
+		cb:         cb,
+		isTerminal: isTerminal,
+		trace:      trace,
 	}
 }
 
+func (s *simpleStatusHandler) IsTerminal() bool {
+	return s.isTerminal
+}
+
 func (s *simpleStatusHandler) SetTrace(trace bool) {
 	s.trace = trace
 }
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 0e0514e41..875e03391 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -37,6 +37,8 @@ type StatusLine interface {
 }
 
 type StatusHandler interface {
+	IsTerminal() bool
+
 	SetTrace(trace bool)
 	Stop()
 	Flush()
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index d385afb76..ad9491bad 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -13,10 +13,11 @@ import (
 )
 
 type MultiLineStatusHandler struct {
-	ctx      context.Context
-	out      io.Writer
-	progress *mpb.Progress
-	trace    bool
+	ctx        context.Context
+	out        io.Writer
+	isTerminal bool
+	progress   *mpb.Progress
+	trace      bool
 }
 
 type statusLine struct {
@@ -29,11 +30,12 @@ type statusLine struct {
 	barOverride string
 }
 
-func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *MultiLineStatusHandler {
+func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bool, trace bool) *MultiLineStatusHandler {
 	sh := &MultiLineStatusHandler{
-		ctx:   ctx,
-		out:   out,
-		trace: trace,
+		ctx:        ctx,
+		out:        out,
+		isTerminal: isTerminal,
+		trace:      trace,
 	}
 
 	sh.start()
@@ -41,6 +43,10 @@ func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, trace bool) *
 	return sh
 }
 
+func (s *MultiLineStatusHandler) IsTerminal() bool {
+	return s.isTerminal
+}
+
 func (s *MultiLineStatusHandler) Flush() {
 	s.Stop()
 	s.start()

From d00efb995c57808f1127d39de77c28818d482574 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 15 Jun 2022 11:06:41 +0200
Subject: [PATCH 0280/2268] tests: No need to deploy a sleeping busybox
 deployment

Deploy a ConfigMap instead
---
 e2e/external_projects_test.go | 15 +++++++--------
 e2e/utils_resources.go        | 15 ---------------
 2 files changed, 7 insertions(+), 23 deletions(-)

diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index eefd91b17..18dbe95ca 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
-	"time"
 )
 
 func doTestProject(t *testing.T, namespace string, p *testProject) {
@@ -21,21 +20,21 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	p.updateTargetDeprecated("test", k.Name, uo.FromMap(map[string]interface{}{
 		"target_var": "target_value1",
 	}))
-	addBusyboxDeployment(p, "busybox", resourceOpts{name: "busybox", namespace: namespace})
+	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{name: "cm1", namespace: namespace})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertReadiness(t, k, namespace, "Deployment/busybox", time.Minute*5)
+	assertResourceExists(t, k, namespace, "ConfigMap/cm1")
 
 	cmData := map[string]string{
 		"cluster_var": "{{ cluster.cluster_var }}",
 		"target_var":  "{{ args.target_var }}",
 	}
 
-	assertResourceNotExists(t, k, namespace, "ConfigMap/cm")
-	addConfigMapDeployment(p, "cm", cmData, resourceOpts{name: "cm", namespace: namespace})
+	assertResourceNotExists(t, k, namespace, "ConfigMap/cm2")
+	addConfigMapDeployment(p, "cm2", cmData, resourceOpts{name: "cm2", namespace: namespace})
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
-	o := assertResourceExists(t, k, namespace, "ConfigMap/cm")
+	o := assertResourceExists(t, k, namespace, "ConfigMap/cm2")
 	assertNestedFieldEquals(t, o, "cluster_value1", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
 
@@ -43,7 +42,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 		"cluster_var": "cluster_value2",
 	}))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	o = assertResourceExists(t, k, namespace, "ConfigMap/cm")
+	o = assertResourceExists(t, k, namespace, "ConfigMap/cm2")
 	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
 
@@ -51,7 +50,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 		"target_var": "target_value2",
 	}))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	o = assertResourceExists(t, k, namespace, "ConfigMap/cm")
+	o = assertResourceExists(t, k, namespace, "ConfigMap/cm2")
 	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value2", "data", "target_var")
 }
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 0dc063e7f..e6f9e4a20 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -92,17 +92,6 @@ func addDeploymentHelper(p *testProject, dir string, o *uo.UnstructuredObject, o
 	p.addKustomizeDeployment(dir, resources, opts.tags)
 }
 
-func addDeploymentDeployment(p *testProject, dir string, opts resourceOpts, image string, command []string, args []string) {
-	o := renderTemplateObjectHelper(deploymentTemplate, map[string]interface{}{
-		"name":      opts.name,
-		"namespace": opts.namespace,
-		"image":     image,
-	})
-	o[0].SetNestedField(command, "spec", "template", "spec", "containers", 0, "command")
-	o[0].SetNestedField(args, "spec", "template", "spec", "containers", 0, "args")
-	addDeploymentHelper(p, dir, o[0], opts)
-}
-
 func addJobDeployment(p *testProject, dir string, opts resourceOpts, image string, command []string, args []string) {
 	o := renderTemplateObjectHelper(jobTemplate, map[string]interface{}{
 		"name":      opts.name,
@@ -114,10 +103,6 @@ func addJobDeployment(p *testProject, dir string, opts resourceOpts, image strin
 	addDeploymentHelper(p, dir, o[0], opts)
 }
 
-func addBusyboxDeployment(p *testProject, dir string, opts resourceOpts) {
-	addDeploymentDeployment(p, dir, opts, "busybox", []string{"sleep"}, []string{"1000"})
-}
-
 const podRbacTemplate = `
 apiVersion: v1
 kind: ServiceAccount

From 4d1e8b019d833e08f43b74ed78f3e16794841c42 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 16 Jun 2022 11:25:22 +0200
Subject: [PATCH 0281/2268] feat: Remove version field from
 DeleteObjectItemConfig

---
 pkg/deployment/utils/apply_utils.go | 2 +-
 pkg/types/deployment.go             | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 46b246351..eb6cded06 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -403,7 +403,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	var toDelete []k8s2.ObjectRef
 	for _, x := range d.Config.DeleteObjects {
-		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, x.Version, x.Kind)) {
+		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind)) {
 			ref := k8s2.ObjectRef{
 				GVK:       gvk,
 				Name:      x.Name,
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 6f2ccd6fa..d331457f2 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -41,7 +41,6 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 
 type DeleteObjectItemConfig struct {
 	Group     *string `yaml:"group,omitempty"`
-	Version   *string `yaml:"version,omitempty"`
 	Kind      *string `yaml:"kind,omitempty"`
 	Name      string  `yaml:"name" validate:"required"`
 	Namespace string  `yaml:"namespace,omitempty"`
@@ -49,7 +48,7 @@ type DeleteObjectItemConfig struct {
 
 func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeleteObjectItemConfig)
-	if s.Group == nil && s.Version == nil && s.Kind == nil {
+	if s.Group == nil && s.Kind == nil {
 		sl.ReportError(s, "self", "self", "at least one of group/version/kind must be set", "")
 	}
 }

From e2092eb29d922403642a8761f198662387874687 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 29 Jun 2022 14:24:50 +0200
Subject: [PATCH 0282/2268] fix: Call setupStatusHandler even for unknown
 commands

---
 cmd/kluctl/commands/root.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index e0329e7ff..435c6e67d 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -70,8 +70,11 @@ var flagGroups = []groupInfo{
 }
 
 var cliCtx = context.Background()
+var didSetupStatusHandler bool
 
 func setupStatusHandler(debug bool) {
+	didSetupStatusHandler = true
+
 	// we must determine isTerminal before we override os.Stderr
 	isTerminal := isatty.IsTerminal(os.Stderr.Fd())
 	var sh status.StatusHandler
@@ -212,6 +215,9 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 	initViper()
 
 	err = rootCmd.ExecuteContext(cliCtx)
+	if !didSetupStatusHandler {
+		setupStatusHandler(false)
+	}
 
 	sh := status.FromContext(cliCtx)
 

From 93e9978117bf738ab56b34640856dc1007d41528 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Jul 2022 14:15:40 +0200
Subject: [PATCH 0283/2268] fix: Fix crash in poke-image in case a remote
 object does not exist yet

---
 pkg/deployment/commands/poke_images.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 03ae6dbc3..cde5280b7 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -77,7 +77,12 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 		go func() {
 			defer wg.Done()
 			au := ad.NewApplyUtil(ctx, nil)
-			au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
+			remote := ru.GetRemoteObject(ref)
+			if remote == nil {
+				dew.AddWarning(ref, fmt.Errorf("remote object not found, skipped image replacement"))
+				return
+			}
+			au.ReplaceObject(ref, remote, func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 				return doPokeImage(containers, o)
 			})
 		}()

From ea50eff19dc2c63480f5da6fef3d974ef929e3a2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Jul 2022 14:31:57 +0200
Subject: [PATCH 0284/2268] fix: Use local object for field manager path
 conversion

This fixes a bug where a key based fieldpath element points to a different
index in the local vs remote objects.
---
 pkg/diff/managed_fields.go | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 8dd6ce197..deaf26f4e 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -175,21 +175,28 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			return nil, nil, fmt.Errorf("field path '%s' is ambiguous", cause.Field)
 		}
 
-		p, found, err := convertToKeyList(remote, mf.pathes[0])
+		localKeyPath, found, err := convertToKeyList(local, mf.pathes[0])
 		if err != nil {
 			return nil, nil, err
 		}
 		if !found {
-			return nil, nil, fmt.Errorf("field '%s' not found in remote object", cause.Field)
+			return nil, nil, fmt.Errorf("field '%s' not found in local object", cause.Field)
 		}
-		localValue, found, err := local.GetNestedField(p...)
+
+		remoteKeyPath, found, err := convertToKeyList(remote, mf.pathes[0])
 		if err != nil {
 			return nil, nil, err
 		}
 		if !found {
-			return nil, nil, fmt.Errorf("field '%s' not found in local object", cause.Field)
+			return nil, nil, fmt.Errorf("field '%s' not found in remote object", cause.Field)
 		}
-		remoteValue, found, err := remote.GetNestedField(p...)
+
+		localValue, found, err := local.GetNestedField(localKeyPath...)
+		if !found {
+			panic(fmt.Sprintf("field '%s' not found in local object...which can't be!", cause.Field))
+		}
+
+		remoteValue, found, err := remote.GetNestedField(remoteKeyPath...)
 		if !found {
 			panic(fmt.Sprintf("field '%s' not found in remote object...which can't be!", cause.Field))
 		}
@@ -209,13 +216,16 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 					break
 				}
 			}
-			if _, ok := forceApplyFields[p.ToJsonPath()]; ok {
+			if _, ok := forceApplyFields[localKeyPath.ToJsonPath()]; ok {
+				overwrite = true
+			}
+			if _, ok := forceApplyFields[remoteKeyPath.ToJsonPath()]; ok {
 				overwrite = true
 			}
 		}
 
 		if !overwrite {
-			j, err := uo.NewMyJsonPath(p.ToJsonPath())
+			j, err := uo.NewMyJsonPath(localKeyPath.ToJsonPath())
 			if err != nil {
 				return nil, nil, err
 			}

From 12c47e8ce6241e5521d4ae02365cd086ea5cee81 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Jul 2022 13:53:57 +0200
Subject: [PATCH 0285/2268] fix: Add original message to conflict error
 messages

---
 pkg/diff/managed_fields.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index deaf26f4e..0e89651fe 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -169,10 +169,10 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 
 		mf, ok := managersByFields[cause.Field]
 		if !ok {
-			return nil, nil, fmt.Errorf("could not find matching field for path '%s'", cause.Field)
+			return nil, nil, fmt.Errorf("%s. Could not find matching field for path '%s'", cause.Message, cause.Field)
 		}
 		if len(mf.pathes) != 1 {
-			return nil, nil, fmt.Errorf("field path '%s' is ambiguous", cause.Field)
+			return nil, nil, fmt.Errorf("%s. Field path '%s' is ambiguous", cause.Message, cause.Field)
 		}
 
 		localKeyPath, found, err := convertToKeyList(local, mf.pathes[0])
@@ -180,7 +180,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			return nil, nil, err
 		}
 		if !found {
-			return nil, nil, fmt.Errorf("field '%s' not found in local object", cause.Field)
+			return nil, nil, fmt.Errorf("%s. Field '%s' not found in local object", cause.Message, cause.Field)
 		}
 
 		remoteKeyPath, found, err := convertToKeyList(remote, mf.pathes[0])
@@ -188,7 +188,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			return nil, nil, err
 		}
 		if !found {
-			return nil, nil, fmt.Errorf("field '%s' not found in remote object", cause.Field)
+			return nil, nil, fmt.Errorf("%s. Field '%s' not found in remote object", cause.Message, cause.Field)
 		}
 
 		localValue, found, err := local.GetNestedField(localKeyPath...)

From ed7c5000e1339d92b01d2b9006e1bbf88690717e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Jul 2022 14:34:57 +0200
Subject: [PATCH 0286/2268] fix: Stop using goccy/go-yaml and fully rely on
 yaml.v3

---
 go.mod                |  4 +---
 go.sum                |  8 --------
 pkg/yaml/validator.go | 26 ++++++++++++++++++++++++-
 pkg/yaml/yaml.go      | 45 ++++++++++++++++++++++++++++---------------
 4 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/go.mod b/go.mod
index b4e6c807c..ca9a9d8ec 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,6 @@ require (
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
 	github.com/gobwas/glob v0.2.3
-	github.com/goccy/go-yaml v1.9.5
 	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/google/go-containerregistry v0.9.0
 	github.com/hashicorp/vault/api v1.6.0
@@ -25,6 +24,7 @@ require (
 	github.com/klauspost/compress v1.15.6
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
+	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.14.2
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
@@ -158,7 +158,6 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
@@ -199,7 +198,6 @@ require (
 	golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
 	golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
-	golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
 	google.golang.org/grpc v1.47.0 // indirect
diff --git a/go.sum b/go.sum
index 739e736a0..af4a31531 100644
--- a/go.sum
+++ b/go.sum
@@ -399,13 +399,10 @@ github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrK
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
 github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
 github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
@@ -438,8 +435,6 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-yaml v1.9.5 h1:Eh/+3uk9kLxG4koCX6lRMAPS1OaMSAi+FJcya0INdB0=
-github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
@@ -796,7 +791,6 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/ldez/gomoddirectives v0.2.2/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
 github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
@@ -1685,8 +1679,6 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df h1:5Pf6pFKu98ODmgnpvkJ3kFUOQGGLIzLIkbzUHp47618=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
diff --git a/pkg/yaml/validator.go b/pkg/yaml/validator.go
index aa2398605..4c3265da2 100644
--- a/pkg/yaml/validator.go
+++ b/pkg/yaml/validator.go
@@ -1,7 +1,31 @@
 package yaml
 
-import "github.com/go-playground/validator/v10"
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/mitchellh/reflectwalk"
+	"reflect"
+)
 
 var (
 	Validator = validator.New()
 )
+
+type structValidationWalker struct {
+}
+
+func (w *structValidationWalker) Struct(v reflect.Value) error {
+	v2 := v.Interface()
+	err := Validator.Struct(v2)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (w *structValidationWalker) StructField(reflect.StructField, reflect.Value) error {
+	return nil
+}
+
+func ValidateStructs(s interface{}) error {
+	return reflectwalk.Walk(s, &structValidationWalker{})
+}
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 2c24f990a..295ce0a46 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/goccy/go-yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
@@ -17,8 +16,32 @@ import (
 	"strings"
 )
 
-func newYamlDecoder(r io.Reader) *yaml.Decoder {
-	return yaml.NewDecoder(r, yaml.Strict(), yaml.Validator(Validator))
+type Decoder interface {
+	Decode(v interface{}) error
+}
+
+type decoderWrapper struct {
+	d *yaml3.Decoder
+}
+
+func (w *decoderWrapper) Decode(v interface{}) error {
+	err := w.d.Decode(v)
+	if err != nil {
+		return err
+	}
+
+	err = ValidateStructs(v)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func newDecoder(r io.Reader, out any) Decoder {
+	d := yaml3.NewDecoder(r)
+	d.KnownFields(true)
+	return &decoderWrapper{d: d}
 }
 
 func newUnicodeReader(r io.Reader) io.Reader {
@@ -51,16 +74,9 @@ func ReadYamlBytes(b []byte, o interface{}) error {
 func ReadYamlStream(r io.Reader, o interface{}) error {
 	r = newUnicodeReader(r)
 
-	var err error
-	if _, ok := o.(*map[string]interface{}); ok {
-		// much faster
-		d := yaml3.NewDecoder(r)
-		err = d.Decode(o)
-	} else {
-		// we need proper working strict mode
-		d := newYamlDecoder(r)
-		err = d.Decode(o)
-	}
+	d := newDecoder(r, o)
+
+	err := d.Decode(o)
 	if err != nil && errors.Is(err, io.EOF) {
 		return nil
 	}
@@ -88,8 +104,7 @@ func ReadYamlAllBytes(b []byte) ([]interface{}, error) {
 func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
 	r = newUnicodeReader(r)
 
-	// yaml.v3 is much faster then go-yaml
-	d := yaml3.NewDecoder(r)
+	d := newDecoder(r, nil)
 
 	var l []interface{}
 	for true {

From b3c0ee6b5fd5deac8722cfc8ef1d341fc9e92bdc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Jul 2022 14:40:33 +0200
Subject: [PATCH 0287/2268] refactor: Move parsing of rendered manifests into
 own func

---
 pkg/deployment/helm_chart.go | 39 ++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index b41313276..87e78ddbf 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -299,24 +299,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 		return err
 	}
 
-	var parsed []*uo.UnstructuredObject
-
-	doParse := func(s string) error {
-		m, err := yaml.ReadYamlAllString(s)
-		if err != nil {
-			return err
-		}
-		for _, x := range m {
-			x2, ok := x.(map[string]interface{})
-			if !ok {
-				return fmt.Errorf("yaml object is not a map")
-			}
-			parsed = append(parsed, uo.FromMap(x2))
-		}
-		return nil
-	}
-
-	err = doParse(rel.Manifest)
+	parsed, err := c.parseRenderedManifests(rel.Manifest)
 	if err != nil {
 		return err
 	}
@@ -326,10 +309,11 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 			if isTestHook(m) {
 				continue
 			}
-			err = doParse(m.Manifest)
+			parsedHooks, err := c.parseRenderedManifests(m.Manifest)
 			if err != nil {
 				return err
 			}
+			parsed = append(parsed, parsedHooks...)
 		}
 	}
 
@@ -360,6 +344,23 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	return nil
 }
 
+func (c *helmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
+	var parsed []*uo.UnstructuredObject
+
+	m, err := yaml.ReadYamlAllString(s)
+	if err != nil {
+		return nil, err
+	}
+	for _, x := range m {
+		x2, ok := x.(map[string]interface{})
+		if !ok {
+			return nil, fmt.Errorf("yaml object is not a map")
+		}
+		parsed = append(parsed, uo.FromMap(x2))
+	}
+	return parsed, nil
+}
+
 func (c *helmChart) SetCredentials(credentials *repo.Entry) {
 	c.credentials = credentials
 }

From 52316f99d0f1e0b683f08e47d1dd93ef1f8e6e0c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Jul 2022 14:57:08 +0200
Subject: [PATCH 0288/2268] fix: Ignore duplicate fields in manifests of
 rendered Helm charts

---
 pkg/deployment/helm_chart.go |  7 ++++++-
 pkg/yaml/yaml.go             | 30 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 87e78ddbf..a533ba8de 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -347,7 +347,12 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 func (c *helmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
 	var parsed []*uo.UnstructuredObject
 
-	m, err := yaml.ReadYamlAllString(s)
+	duplicatesRemoved, err := yaml.RemoveDuplicateFields(strings.NewReader(s))
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := yaml.ReadYamlAllBytes(duplicatesRemoved)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 295ce0a46..6d559b530 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
+	yaml2 "gopkg.in/yaml.v2"
 	yaml3 "gopkg.in/yaml.v3"
 	"io"
 	"os"
@@ -213,6 +214,35 @@ func ConvertYamlToJson(b []byte) ([]byte, error) {
 	return b, nil
 }
 
+// RemoveDuplicateFields is a helper/hack to remove duplicate fields from yaml maps/structs. The yaml spec explicitly
+// forbids duplicate keys, but yaml.v2 ignored those by default, leading to some tools (e.g. Helm) ignoring these. This
+// forces us to also ignore/remove them in some cases. We do this by loading the yaml via yaml.v2 and then writing them
+// back to a string which can then be parsed by yaml.v3
+// TODO Remove this helper method when https://github.com/go-yaml/yaml/issues/751 is implemented
+func RemoveDuplicateFields(r io.Reader) ([]byte, error) {
+	buf := bytes.NewBuffer(nil)
+	d := yaml2.NewDecoder(r)
+	e := yaml2.NewEncoder(buf)
+
+	for {
+		var o interface{}
+		err := d.Decode(&o)
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			return nil, err
+		}
+		if o != nil {
+			err = e.Encode(o)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+	return buf.Bytes(), nil
+}
+
 func FixNameExt(dir string, name string) string {
 	p := filepath.Join(dir, name)
 	p = FixPathExt(p)

From dbf9994d064955c4534907fd6d8f98a824bd3bf9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 8 Jul 2022 18:16:01 +0200
Subject: [PATCH 0289/2268] chore: Remove support for metadata listing

This is not used anymore and thus can be removed.
---
 pkg/deployment/utils/remote_objects_utils.go |  2 +-
 pkg/k8s/client.go                            | 29 +-------------
 pkg/k8s/client_factory.go                    |  8 ----
 pkg/k8s/fake_client_factory.go               |  6 ---
 pkg/k8s/k8s_cluster.go                       | 41 +-------------------
 5 files changed, 5 insertions(+), 81 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index ea2c3339a..442acb1a6 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -36,7 +36,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 	s := status.Start(u.ctx, "Getting remote objects by commonLabels")
 	defer s.Failed()
 
-	allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels, false)
+	allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels)
 	for gvk, aw := range apiWarnings {
 		u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, aw)
 	}
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 76f01135e..829240fc5 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -6,7 +6,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
 )
 
 type k8sClients struct {
@@ -17,9 +16,8 @@ type k8sClients struct {
 }
 
 type parallelClientEntry struct {
-	corev1         corev1.CoreV1Interface
-	dynamicClient  dynamic.Interface
-	metadataClient metadata.Interface
+	corev1        corev1.CoreV1Interface
+	dynamicClient dynamic.Interface
 
 	warnings []ApiWarning
 }
@@ -61,11 +59,6 @@ func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int)
 			return nil, err
 		}
 
-		p.metadataClient, err = clientFactory.MetadataClient(p)
-		if err != nil {
-			return nil, err
-		}
-
 		k.clientPool <- p
 	}
 	return k, nil
@@ -104,16 +97,6 @@ func (k *k8sClients) withDynamicClientForGVR(gvr *schema.GroupVersionResource, n
 	})
 }
 
-func (k *k8sClients) withMetadataClientForGVR(gvr *schema.GroupVersionResource, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
-	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		if namespace != "" {
-			return cb(p.metadataClient.Resource(*gvr).Namespace(namespace))
-		} else {
-			return cb(p.metadataClient.Resource(*gvr))
-		}
-	})
-}
-
 func (k *k8sClients) withDynamicClientForGVK(resources *k8sResources, gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
 	gvr, err := resources.GetGVRForGVK(gvk)
 	if err != nil {
@@ -121,11 +104,3 @@ func (k *k8sClients) withDynamicClientForGVK(resources *k8sResources, gvk schema
 	}
 	return k.withDynamicClientForGVR(gvr, namespace, cb)
 }
-
-func (k *k8sClients) withMetadataClientForGVK(resources *k8sResources, gvk schema.GroupVersionKind, namespace string, cb func(r metadata.ResourceInterface) error) ([]ApiWarning, error) {
-	gvr, err := resources.GetGVRForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-	return k.withMetadataClientForGVR(gvr, namespace, cb)
-}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 0205c475c..6ab49a220 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -6,7 +6,6 @@ import (
 	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
 	"k8s.io/client-go/rest"
 	"net/http"
 	"net/url"
@@ -22,7 +21,6 @@ type ClientFactory interface {
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
 	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
 	DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error)
-	MetadataClient(wh rest.WarningHandler) (metadata.Interface, error)
 }
 
 type realClientFactory struct {
@@ -60,12 +58,6 @@ func (r *realClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Inter
 	return dynamic.NewForConfigAndClient(config, r.httpClient)
 }
 
-func (r *realClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
-	config := rest.CopyConfig(r.config)
-	config.WarningHandler = wh
-	return metadata.NewForConfigAndClient(config, r.httpClient)
-}
-
 func (r *realClientFactory) CloseIdleConnections() {
 	r.httpClient.CloseIdleConnections()
 }
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 8bc1169f2..b01673f27 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -11,8 +11,6 @@ import (
 	fake_dynamic "k8s.io/client-go/dynamic/fake"
 	"k8s.io/client-go/kubernetes/fake"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
-	metadata_fake "k8s.io/client-go/metadata/fake"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/kustomize/kyaml/openapi"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
@@ -44,10 +42,6 @@ func (f *fakeClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Inter
 	return fake_dynamic.NewSimpleDynamicClient(f.scheme, f.objects...), nil
 }
 
-func (f *fakeClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
-	return metadata_fake.NewSimpleMetadataClient(f.scheme, f.objects...), nil
-}
-
 func NewFakeClientFactory(objects ...runtime.Object) ClientFactory {
 	scheme := runtime.NewScheme()
 	_ = v1.AddToScheme(scheme)
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index a810baa31..8b58788c9 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -2,7 +2,6 @@ package k8s
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"github.com/Masterminds/semver/v3"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -18,7 +17,6 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/dynamic"
-	"k8s.io/client-go/metadata"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"sync"
@@ -129,35 +127,7 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 	return result, apiWarnings, err
 }
 
-func (k *K8sCluster) ListObjectsMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
-	var result []*uo.UnstructuredObject
-
-	apiWarnings, err := k.clients.withMetadataClientForGVK(k.Resources, gvk, namespace, func(r metadata.ResourceInterface) error {
-		o := v1.ListOptions{
-			LabelSelector: k.buildLabelSelector(labels),
-		}
-		x, err := r.List(k.ctx, o)
-		if err != nil {
-			return err
-		}
-		for _, o := range x.Items {
-			b, err := json.Marshal(o)
-			if err != nil {
-				panic(err)
-			}
-			u, err := uo.FromString(string(b))
-			if err != nil {
-				panic(err)
-			}
-			u.SetK8sGVK(gvk)
-			result = append(result, u)
-		}
-		return nil
-	})
-	return result, apiWarnings, err
-}
-
-func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map[string]string, onlyMetadata bool) ([]*uo.UnstructuredObject, map[schema.GroupVersionKind][]ApiWarning, error) {
+func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, map[schema.GroupVersionKind][]ApiWarning, error) {
 	var ret []*uo.UnstructuredObject
 	var errs []error
 	retApiWarnings := make(map[schema.GroupVersionKind][]ApiWarning)
@@ -181,14 +151,7 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 		go func() {
 			defer wg.Done()
 
-			var l []*uo.UnstructuredObject
-			var apiWarnings []ApiWarning
-			var err error
-			if onlyMetadata {
-				l, apiWarnings, err = k.ListObjectsMetadata(gvk, namespace, labels)
-			} else {
-				l, apiWarnings, err = k.ListObjects(gvk, namespace, labels)
-			}
+			l, apiWarnings, err := k.ListObjects(gvk, namespace, labels)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil && !errors.IsNotFound(err) {

From 24336636a1dd23cca2a549652774738a824429a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock@Alexanders-MacBook-Pro.local>
Date: Thu, 14 Jul 2022 14:52:04 +0200
Subject: [PATCH 0290/2268] fix: Add rootDir to searchDirs when rendering
 directories

---
 pkg/jinja2/jinja2.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 83e176870..1bc115aa7 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -214,6 +214,8 @@ func (j *Jinja2) needsRender(path string, excludedPatterns []string) bool {
 }
 
 func (j *Jinja2) RenderDirectory(rootDir string, searchDirs []string, relSourceDir string, excludePatterns []string, subdir string, targetDir string, vars *uo.UnstructuredObject) error {
+	searchDirs = append([]string{rootDir}, searchDirs...)
+
 	walkDir, err := securejoin.SecureJoin(rootDir, filepath.Join(relSourceDir, subdir))
 	if err != nil {
 		return err

From 2a32c584b7809d20ce1cb518eb14c215160f7857 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock@Alexanders-MacBook-Pro.local>
Date: Thu, 14 Jul 2022 15:00:04 +0200
Subject: [PATCH 0291/2268] chore: Upgrade python version to 3.10.5

---
 pkg/python/generate/main.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/python/generate/main.go b/pkg/python/generate/main.go
index dc68cc409..9cc24b145 100644
--- a/pkg/python/generate/main.go
+++ b/pkg/python/generate/main.go
@@ -15,8 +15,8 @@ import (
 
 const (
 	pythonVersionBase       = "3.10"
-	pythonVersionFull       = "3.10.4"
-	pythonStandaloneVersion = "20220502"
+	pythonVersionFull       = "3.10.5"
+	pythonStandaloneVersion = "20220630"
 )
 
 var pythonDists = map[string]string{

From d240624113c42cb2c85a78e0fe9fbe8c4b33df07 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock@Alexanders-MacBook-Pro.local>
Date: Thu, 14 Jul 2022 15:00:14 +0200
Subject: [PATCH 0292/2268] chore: Upgrade jinja2 and click

---
 pkg/jinja2/python_src/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/jinja2/python_src/requirements.txt b/pkg/jinja2/python_src/requirements.txt
index 7bc8d801c..9ee2b287d 100644
--- a/pkg/jinja2/python_src/requirements.txt
+++ b/pkg/jinja2/python_src/requirements.txt
@@ -1,4 +1,4 @@
-jinja2===3.0.3
-click==8.0.3
+jinja2===3.1.2
+click==8.1.3
 jsonpath-ng==1.5.3
 pyyaml==6.0

From 3f7a6357e29afd6cdfa4457126da30bd2cc33ec6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Jul 2022 14:15:27 +0200
Subject: [PATCH 0293/2268] fix: Only hold repo locks while actually
 pulling/cloning

And don't hold locks for the whole lifetime of loaded projects. Instead,
get a copy of the refs maps while the lock is held and afterwards use the
commit ids for precise checkouts.
---
 cmd/kluctl/commands/utils.go         |   7 +-
 pkg/deployment/deployment_project.go |   6 +-
 pkg/deployment/shared_context.go     |   4 +-
 pkg/git/mirrored_repo.go             |   8 +-
 pkg/git/poor_mans_clone.go           |  32 +---
 pkg/git/repocache/cache.go           | 223 +++++++++++++++++++++++++++
 pkg/git/repoprovider/live.go         | 211 -------------------------
 pkg/git/repoprovider/repoprovider.go |  19 ---
 pkg/kluctl_project/git.go            |   2 +-
 pkg/kluctl_project/project.go        |   4 +-
 pkg/kluctl_project/project_load.go   |  11 +-
 pkg/kluctl_project/targets.go        |  11 +-
 pkg/vars/vars_loader.go              |  13 +-
 pkg/vars/vars_loader_test.go         |   5 +-
 14 files changed, 271 insertions(+), 285 deletions(-)
 create mode 100644 pkg/git/repocache/cache.go
 delete mode 100644 pkg/git/repoprovider/live.go
 delete mode 100644 pkg/git/repoprovider/repoprovider.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 4fdc5f1a9..8459ae908 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -8,7 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
@@ -59,7 +59,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
 	defer cancel()
 
-	rp := repoprovider.NewLiveRepoProvider(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
+	rp := repocache.NewGitRepoCache(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
@@ -183,9 +183,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		images:    images,
 	}
 
-	// we can assume that all git access is done at this point, so we can unlock all repos
-	p.RP.UnlockAll()
-
 	return cb(cmdCtx)
 }
 
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 36c005f62..a11c1e919 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -155,7 +155,11 @@ func (p *DeploymentProject) loadIncludes() error {
 				return err
 			}
 		} else if inc.Git != nil {
-			cloneDir, _, err := p.ctx.RP.GetClonedDir(inc.Git.Url, inc.Git.Ref)
+			ge, err := p.ctx.RP.GetEntry(inc.Git.Url)
+			if err != nil {
+				return err
+			}
+			cloneDir, _, err := ge.GetClonedDir(inc.Git.Ref)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index a659a43e0..3d4e3ca50 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,7 +2,7 @@ package deployment
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
@@ -10,7 +10,7 @@ import (
 type SharedContext struct {
 	Ctx        context.Context
 	K          *k8s.K8sCluster
-	RP         repoprovider.RepoProvider
+	RP         *repocache.GitRepoCache
 	VarsLoader *vars.VarsLoader
 
 	RenderDir                         string
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 81525865e..5a48414aa 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -343,16 +343,16 @@ func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
 	return nil
 }
 
-func (g *MirroredGitRepo) CloneProject(ref string, targetDir string) error {
+func (g *MirroredGitRepo) CloneProjectByCommit(commit string, targetDir string) error {
 	if !g.IsLocked() || !g.hasUpdated {
 		panic("tried to clone from a project that is not locked/updated")
 	}
 
-	status.Trace(g.ctx, "Cloning git project: url='%s', ref='%s', target='%s'", g.url.String(), ref, targetDir)
+	status.Trace(g.ctx, "Cloning git project: url='%s', commit='%s', target='%s'", g.url.String(), commit, targetDir)
 
-	err := PoorMansClone(g.mirrorDir, targetDir, ref)
+	err := PoorMansClone(g.mirrorDir, targetDir, &git.CheckoutOptions{Hash: plumbing.NewHash(commit)})
 	if err != nil {
-		return fmt.Errorf("failed to clone %s from %s: %w", ref, g.url.String(), err)
+		return fmt.Errorf("failed to clone %s from %s: %w", commit, g.url.String(), err)
 	}
 	return nil
 }
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index 851b6ae04..d5216cb49 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -1,20 +1,17 @@
 package git
 
 import (
-	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
-	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
-	"strings"
 )
 
-// PoorMansClone poor mans clone from a local repo, which does not rely on go-git using git-upload-pack
-func PoorMansClone(sourceDir string, targetDir string, ref string) error {
+// PoorMansCloneCommit poor mans clone from a local repo, which does not rely on go-git using git-upload-pack
+func PoorMansClone(sourceDir string, targetDir string, coOptions *git.CheckoutOptions) error {
 	err := os.MkdirAll(targetDir, 0o700)
 	if err != nil {
 		return err
@@ -80,29 +77,8 @@ func PoorMansClone(sourceDir string, targetDir string, ref string) error {
 	if err != nil {
 		return err
 	}
-	var ref2 plumbing.ReferenceName
-	if ref != "" {
-		if strings.HasPrefix(ref, "refs/heads") {
-			ref2 = plumbing.ReferenceName(ref)
-		} else {
-			if _, err := r.Reference(plumbing.NewBranchReferenceName(ref), true); err == nil {
-				ref2 = plumbing.NewBranchReferenceName(ref)
-			} else if _, err := r.Reference(plumbing.NewTagReferenceName(ref), true); err == nil {
-				ref2 = plumbing.NewTagReferenceName(ref)
-			} else {
-				return fmt.Errorf("ref %s not found", ref)
-			}
-		}
-	} else {
-		x, err := r.Reference("HEAD", true)
-		if err != nil {
-			return err
-		}
-		ref2 = x.Name()
-	}
-	err = wt.Checkout(&git.CheckoutOptions{
-		Branch: ref2,
-	})
+
+	err = wt.Checkout(coOptions)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
new file mode 100644
index 000000000..34d3ebcef
--- /dev/null
+++ b/pkg/git/repocache/cache.go
@@ -0,0 +1,223 @@
+package repocache
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+)
+
+type GitRepoCache struct {
+	ctx            context.Context
+	authProviders  *auth.GitAuthProviders
+	updateInterval time.Duration
+	repos          map[string]*CacheEntry
+	reposMutex     sync.Mutex
+
+	cleanupDirs       []string
+	cleeanupDirsMutex sync.Mutex
+}
+
+type CacheEntry struct {
+	rp         *GitRepoCache
+	mr         *git.MirroredGitRepo
+	defaultRef string
+	refs       map[string]string
+
+	clonedDirs  map[string]clonedDir
+	updateMutex sync.Mutex
+}
+
+type RepoInfo struct {
+	Url        git_url.GitUrl    `yaml:"url"`
+	RemoteRefs map[string]string `yaml:"remoteRefs"`
+	DefaultRef string            `yaml:"defaultRef"`
+}
+
+type clonedDir struct {
+	dir  string
+	info git.CheckoutInfo
+}
+
+func NewGitRepoCache(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *GitRepoCache {
+	return &GitRepoCache{
+		ctx:            ctx,
+		authProviders:  authProviders,
+		updateInterval: updateInterval,
+		repos:          map[string]*CacheEntry{},
+	}
+}
+
+func (rp *GitRepoCache) Clear() {
+	rp.cleeanupDirsMutex.Lock()
+	defer rp.cleeanupDirsMutex.Unlock()
+
+	for _, p := range rp.cleanupDirs {
+		_ = os.RemoveAll(p)
+	}
+	rp.cleanupDirs = nil
+}
+
+func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
+	rp.reposMutex.Lock()
+	defer rp.reposMutex.Unlock()
+
+	e, ok := rp.repos[url.NormalizedRepoKey()]
+	if !ok {
+		mr, err := git.NewMirroredGitRepo(rp.ctx, url)
+		if err != nil {
+			return nil, err
+		}
+		e = &CacheEntry{
+			rp:         rp,
+			mr:         mr,
+			clonedDirs: map[string]clonedDir{},
+		}
+		rp.repos[url.NormalizedRepoKey()] = e
+	}
+	err := e.Update()
+	if err != nil {
+		return nil, err
+	}
+	return e, nil
+}
+
+func (e *CacheEntry) Update() error {
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	err := e.mr.Lock()
+	if err != nil {
+		return err
+	}
+	defer e.mr.Unlock()
+
+	if !e.mr.HasUpdated() {
+		if time.Now().Sub(e.mr.LastUpdateTime()) <= e.rp.updateInterval {
+			e.mr.SetUpdated(true)
+		} else {
+			err := e.mr.Update(e.rp.authProviders)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	e.refs, err = e.mr.RemoteRefHashesMap()
+	if err != nil {
+		return err
+	}
+
+	e.defaultRef, err = e.mr.DefaultRef()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (e *CacheEntry) GetRepoInfo() RepoInfo {
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	info := RepoInfo{
+		Url:        e.mr.Url(),
+		RemoteRefs: e.refs,
+		DefaultRef: e.defaultRef,
+	}
+
+	return info
+}
+
+func (e *CacheEntry) findCommit(ref string) (string, string, error) {
+	if strings.HasPrefix(ref, "refs/heads") {
+		c, ok := e.refs[ref]
+		if !ok {
+			return "", "", fmt.Errorf("ref %s not found", ref)
+		}
+		return ref, c, nil
+	} else {
+		ref2 := "refs/heads/" + ref
+		c, ok := e.refs[ref2]
+		if ok {
+			return ref2, c, nil
+		}
+		ref2 = "refs/tags/" + ref
+		c, ok = e.refs[ref2]
+		if ok {
+			return ref2, c, nil
+		}
+		return "", "", fmt.Errorf("ref %s not found", ref)
+	}
+}
+
+func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error) {
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	err := e.mr.Lock()
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+	defer e.mr.Unlock()
+
+	if ref == "" {
+		ref = e.defaultRef
+	}
+
+	ref2, commit, err := e.findCommit(ref)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
+	err = os.MkdirAll(tmpDir, 0700)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	url := e.mr.Url()
+	repoName := path.Base(url.Normalize().Path) + "-"
+	if ref == "" {
+		repoName += "HEAD-"
+	} else {
+		repoName += ref + "-"
+	}
+	repoName = strings.ReplaceAll(repoName, "/", "-")
+
+	p, err := ioutil.TempDir(tmpDir, repoName)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	e.rp.cleeanupDirsMutex.Lock()
+	e.rp.cleanupDirs = append(e.rp.cleanupDirs, p)
+	e.rp.cleeanupDirsMutex.Unlock()
+
+	err = e.mr.CloneProjectByCommit(commit, p)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	repoInfo, err := git.GetCheckoutInfo(p)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	repoInfo.CheckedOutRef = ref2
+
+	e.clonedDirs[ref] = clonedDir{
+		dir:  p,
+		info: repoInfo,
+	}
+	return p, repoInfo, nil
+}
diff --git a/pkg/git/repoprovider/live.go b/pkg/git/repoprovider/live.go
deleted file mode 100644
index bb0243f9a..000000000
--- a/pkg/git/repoprovider/live.go
+++ /dev/null
@@ -1,211 +0,0 @@
-package repoprovider
-
-import (
-	"context"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"sync"
-	"time"
-)
-
-type LiveRepoProvider struct {
-	ctx            context.Context
-	authProviders  *auth.GitAuthProviders
-	updateInterval time.Duration
-	repos          map[string]*entry
-	reposMutex     sync.Mutex
-
-	cleanupDirs       []string
-	cleeanupDirsMutex sync.Mutex
-}
-
-type entry struct {
-	mr          *git.MirroredGitRepo
-	clonedDirs  map[string]clonedDir
-	updateMutex sync.Mutex
-}
-
-type clonedDir struct {
-	dir  string
-	info git.CheckoutInfo
-}
-
-func NewLiveRepoProvider(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) RepoProvider {
-	return &LiveRepoProvider{
-		ctx:            ctx,
-		authProviders:  authProviders,
-		updateInterval: updateInterval,
-		repos:          map[string]*entry{},
-	}
-}
-
-func (rp *LiveRepoProvider) UnlockAll() {
-	rp.reposMutex.Lock()
-	defer rp.reposMutex.Unlock()
-
-	for _, e := range rp.repos {
-		if e.mr.IsLocked() {
-			_ = e.mr.Unlock()
-		}
-	}
-
-	rp.repos = map[string]*entry{}
-}
-
-func (rp *LiveRepoProvider) Clear() {
-	rp.UnlockAll()
-
-	rp.cleeanupDirsMutex.Lock()
-	defer rp.cleeanupDirsMutex.Unlock()
-
-	for _, p := range rp.cleanupDirs {
-		_ = os.RemoveAll(p)
-	}
-	rp.cleanupDirs = nil
-}
-
-func (rp *LiveRepoProvider) getEntry(url git_url.GitUrl, allowCreate bool, lockRepo bool, update bool) (*entry, error) {
-	e, err := func() (*entry, error) {
-		rp.reposMutex.Lock()
-		defer rp.reposMutex.Unlock()
-
-		e, ok := rp.repos[url.NormalizedRepoKey()]
-		if !ok {
-			if !allowCreate {
-				return nil, fmt.Errorf("git repo %s not found", url.NormalizedRepoKey())
-			}
-			mr, err := git.NewMirroredGitRepo(rp.ctx, url)
-			if err != nil {
-				return nil, err
-			}
-			e = &entry{
-				mr:         mr,
-				clonedDirs: map[string]clonedDir{},
-			}
-			rp.repos[url.NormalizedRepoKey()] = e
-
-			if lockRepo {
-				err = e.mr.Lock()
-				if err != nil {
-					return nil, err
-				}
-			}
-		}
-		return e, nil
-	}()
-	if err != nil {
-		return nil, err
-	}
-
-	e.updateMutex.Lock()
-	defer e.updateMutex.Unlock()
-
-	if update && !e.mr.HasUpdated() {
-		if time.Now().Sub(e.mr.LastUpdateTime()) <= rp.updateInterval {
-			e.mr.SetUpdated(true)
-		} else {
-			err = e.mr.Update(rp.authProviders)
-			if err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	return e, nil
-}
-
-func (e *entry) getRepoInfo() (RepoInfo, error) {
-	remoteRefs, err := e.mr.RemoteRefHashesMap()
-	if err != nil {
-		return RepoInfo{}, err
-	}
-
-	defaultRef, err := e.mr.DefaultRef()
-	if err != nil {
-		return RepoInfo{}, err
-	}
-
-	info := RepoInfo{
-		Url:        e.mr.Url(),
-		RemoteRefs: remoteRefs,
-		DefaultRef: defaultRef,
-	}
-
-	return info, nil
-}
-
-func (rp *LiveRepoProvider) GetRepoInfo(url git_url.GitUrl) (RepoInfo, error) {
-	e, err := rp.getEntry(url, true, true, true)
-	if err != nil {
-		return RepoInfo{}, err
-	}
-
-	return e.getRepoInfo()
-}
-
-func (rp *LiveRepoProvider) GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error) {
-	e, err := rp.getEntry(url, true, true, true)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	if ref == "" {
-		ref, err = e.mr.DefaultRef()
-		if err != nil {
-			return "", git.CheckoutInfo{}, err
-		}
-		ref = path.Base(ref)
-	}
-
-	e.updateMutex.Lock()
-	defer e.updateMutex.Unlock()
-
-	cd, ok := e.clonedDirs[ref]
-	if ok {
-		return cd.dir, cd.info, nil
-	}
-
-	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
-	err = os.MkdirAll(tmpDir, 0700)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	repoName := path.Base(url.Normalize().Path) + "-"
-	if ref == "" {
-		repoName += "HEAD-"
-	} else {
-		repoName += ref + "-"
-	}
-	p, err := ioutil.TempDir(tmpDir, repoName)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	rp.cleeanupDirsMutex.Lock()
-	rp.cleanupDirs = append(rp.cleanupDirs, p)
-	rp.cleeanupDirsMutex.Unlock()
-
-	err = e.mr.CloneProject(ref, p)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	repoInfo, err := git.GetCheckoutInfo(p)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	e.clonedDirs[ref] = clonedDir{
-		dir:  p,
-		info: repoInfo,
-	}
-	return p, repoInfo, nil
-}
diff --git a/pkg/git/repoprovider/repoprovider.go b/pkg/git/repoprovider/repoprovider.go
deleted file mode 100644
index a6427551a..000000000
--- a/pkg/git/repoprovider/repoprovider.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package repoprovider
-
-import (
-	"github.com/kluctl/kluctl/v2/pkg/git"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-)
-
-type RepoInfo struct {
-	Url        git_url.GitUrl    `yaml:"url"`
-	RemoteRefs map[string]string `yaml:"remoteRefs"`
-	DefaultRef string            `yaml:"defaultRef"`
-}
-
-type RepoProvider interface {
-	GetRepoInfo(url git_url.GitUrl) (RepoInfo, error)
-	GetClonedDir(url git_url.GitUrl, ref string) (string, git.CheckoutInfo, error)
-	UnlockAll()
-	Clear()
-}
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 31e5678b8..12e7253e5 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -25,7 +25,7 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 		go func() {
 			defer waitGroup.Done()
 
-			_, err := c.RP.GetRepoInfo(u)
+			_, err := c.RP.GetEntry(u)
 			if err != nil {
 				doError(fmt.Errorf("failed to update git project %v: %v", u.String(), err))
 			}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index ee616243a..da067d70f 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -28,7 +28,7 @@ type LoadedKluctlProject struct {
 	DynamicTargets []*types2.DynamicTarget
 
 	J2 *jinja2.Jinja2
-	RP repoprovider.RepoProvider
+	RP *repocache.GitRepoCache
 
 	warnOnce utils.OnceByKey
 }
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index a409b3de7..3a2d1e730 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"fmt"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -25,7 +25,7 @@ type LoadKluctlProjectArgs struct {
 	LocalDeployment    string
 	LocalSealedSecrets string
 
-	RP repoprovider.RepoProvider
+	RP *repocache.GitRepoCache
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
@@ -56,7 +56,12 @@ func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
 }
 
 func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string) (ret gitProjectInfo, err error) {
-	cloneDir, ri, err := c.RP.GetClonedDir(gitProject.Url, gitProject.Ref)
+	ge, err := c.RP.GetEntry(gitProject.Url)
+	if err != nil {
+		return
+	}
+
+	cloneDir, ri, err := ge.GetClonedDir(gitProject.Ref)
 	if err != nil {
 		return
 	}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 795424ad4..f51688a38 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -138,11 +138,13 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Targ
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	repoInfo, err := c.RP.GetRepoInfo(baseTarget.TargetConfig.Project.Url)
+	ge, err := c.RP.GetEntry(baseTarget.TargetConfig.Project.Url)
 	if err != nil {
 		return nil, err
 	}
 
+	repoInfo := ge.GetRepoInfo()
+
 	if baseTarget.TargetConfig.Ref != nil && baseTarget.TargetConfig.RefPattern != nil {
 		return nil, fmt.Errorf("'refPattern' and 'ref' can't be specified together")
 	}
@@ -178,7 +180,12 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			continue
 		}
 
-		cloneDir, _, err := c.RP.GetClonedDir(baseTarget.TargetConfig.Project.Url, refShortName)
+		ge, err := c.RP.GetEntry(baseTarget.TargetConfig.Project.Url)
+		if err != nil {
+			return nil, err
+		}
+
+		cloneDir, _, err := ge.GetClonedDir(refShortName)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 73a0780b1..022bd895c 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -5,7 +5,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -27,13 +27,13 @@ type usernamePassword struct {
 type VarsLoader struct {
 	ctx context.Context
 	k   *k8s.K8sCluster
-	rp  repoprovider.RepoProvider
+	rp  *repocache.GitRepoCache
 	aws aws.AwsClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, rp repoprovider.RepoProvider, aws aws.AwsClientFactory) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
@@ -153,7 +153,12 @@ func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootK
 }
 
 func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
-	clonedDir, _, err := v.rp.GetClonedDir(gitFile.Url, gitFile.Ref)
+	ge, err := v.rp.GetEntry(gitFile.Url)
+	if err != nil {
+		return err
+	}
+
+	clonedDir, _, err := ge.GetClonedDir(gitFile.Ref)
 	if err != nil {
 		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 1dbb14018..94b95ebeb 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -7,7 +7,6 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/git/repoprovider"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -37,8 +36,8 @@ func newTestDir(t *testing.T) string {
 	return tmp
 }
 
-func newRP(t *testing.T) repoprovider.RepoProvider {
-	grc := repoprovider.NewLiveRepoProvider(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+func newRP(t *testing.T) repocache.RepoProvider {
+	grc := repocache.NewLiveRepoProvider(context.TODO(), auth.NewDefaultAuthProviders(), 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 8dc84490abecdbb0682be983124247f684843e59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Jul 2022 15:20:48 +0200
Subject: [PATCH 0294/2268] fix: Fix compilation errors for tests

---
 pkg/vars/vars_loader_test.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 94b95ebeb..ad7ee5be0 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -7,6 +7,7 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -36,8 +37,8 @@ func newTestDir(t *testing.T) string {
 	return tmp
 }
 
-func newRP(t *testing.T) repocache.RepoProvider {
-	grc := repocache.NewLiveRepoProvider(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+func newRP(t *testing.T) *repocache.GitRepoCache {
+	grc := repocache.NewGitRepoCache(context.TODO(), auth.NewDefaultAuthProviders(), 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From b5bcb45f5ec882b177e0190cf4829f236dff723c Mon Sep 17 00:00:00 2001
From: Christian Neufeld <74351567+CNeufeldCoder@users.noreply.github.com>
Date: Wed, 20 Jul 2022 12:14:32 +0200
Subject: [PATCH 0295/2268] fix: Use original stderr file for simple status
 handler (#44)

Co-authored-by: Christian Neufeld <c.neufeld@comanu.de>
---
 cmd/kluctl/commands/root.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 435c6e67d..06a9321e8 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -75,6 +75,8 @@ var didSetupStatusHandler bool
 func setupStatusHandler(debug bool) {
 	didSetupStatusHandler = true
 
+	origStderr := os.Stderr
+
 	// we must determine isTerminal before we override os.Stderr
 	isTerminal := isatty.IsTerminal(os.Stderr.Fd())
 	var sh status.StatusHandler
@@ -82,7 +84,7 @@ func setupStatusHandler(debug bool) {
 		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, isTerminal, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
-			_, _ = fmt.Fprintf(os.Stderr, "%s\n", message)
+			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
 		}, isTerminal, false)
 	}
 	sh.SetTrace(debug)

From c68720856223536505a5981a14b2fd750efb9808 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Jul 2022 16:06:20 +0200
Subject: [PATCH 0296/2268] tests: Upgrade sealed-secrets operator used in
 tests

---
 e2e/test_resources/sealed-secrets.yaml | 38 +++++++++++++-------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/e2e/test_resources/sealed-secrets.yaml b/e2e/test_resources/sealed-secrets.yaml
index b45788937..8e2262447 100644
--- a/e2e/test_resources/sealed-secrets.yaml
+++ b/e2e/test_resources/sealed-secrets.yaml
@@ -37,10 +37,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 ---
 # Source: sealed-secrets/templates/cluster-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -49,10 +49,10 @@ metadata:
   name: secrets-unsealer
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 rules:
   - apiGroups:
       - bitnami.com
@@ -93,10 +93,10 @@ metadata:
   name: sealed-secrets-controller
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -115,10 +115,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 rules:
   - apiGroups:
       - ""
@@ -144,10 +144,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 rules:
   - apiGroups:
       - ""
@@ -177,10 +177,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -199,10 +199,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -220,10 +220,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 spec:
   type: ClusterIP
   ports:
@@ -243,10 +243,10 @@ metadata:
   namespace: kube-system
   labels:
     app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.1.8
+    helm.sh/chart: sealed-secrets-2.4.0
     app.kubernetes.io/instance: sealed-secrets-controller
     app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.17.5
+    app.kubernetes.io/version: v0.18.1
 spec:
   selector:
     matchLabels:
@@ -269,7 +269,7 @@ spec:
             - --update-status
             - --key-prefix
             - "sealed-secrets-key"
-          image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
+          image: docker.io/bitnami/sealed-secrets-controller:v0.18.1
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

From 8d605c4d1de642ee72f56903d00b20dce965dba1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Jul 2022 19:46:14 +0200
Subject: [PATCH 0297/2268] tests: Always use --debug for e2e tests

---
 e2e/project.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/e2e/project.go b/e2e/project.go
index d80c0c3e4..be0bd2823 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -13,7 +13,6 @@ import (
 	"os/exec"
 	"path/filepath"
 	"reflect"
-	"runtime"
 	"strings"
 	"testing"
 )
@@ -430,9 +429,8 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 		args = append(args, "--local-sealed-secrets", *p.localSealedSecrets)
 	}
 
-	if runtime.GOOS == "windows" {
-		args = append(args, "--debug")
-	}
+	args = append(args, "--debug")
+
 	env := os.Environ()
 	env = append(env, p.extraEnv...)
 	env = append(env, fmt.Sprintf("KUBECONFIG=%s", p.mergedKubeconfig))

From 16e3b6869c21a14fbeef0c626d5c17338374e0f1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Jul 2022 19:46:55 +0200
Subject: [PATCH 0298/2268] chore: Write failing yaml to status handler when
 tracing is enabled

---
 pkg/deployment/utils/apply_utils.go | 7 +++++++
 pkg/status/noop.go                  | 4 ++++
 pkg/status/simple_status_handler.go | 4 ++++
 pkg/status/status.go                | 6 ++++++
 pkg/status/status_handler.go        | 4 ++++
 5 files changed, 25 insertions(+)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index eb6cded06..c241ff6ba 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -13,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -388,6 +389,12 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		case <-timeoutTimer.C:
 			err := fmt.Errorf("timed out while waiting for readiness of %s", ref.String())
 			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
+			if status.IsTraceEnabled(a.ctx) {
+				y, err := yaml.WriteYamlString(o)
+				if err == nil {
+					status.Trace(a.ctx, "yaml:\n"+y)
+				}
+			}
 			a.HandleError(ref, err)
 			return false
 		case <-a.ctx.Done():
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index 53f9f7a51..b33511b8b 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -12,6 +12,10 @@ func (n NoopStatusHandler) IsTerminal() bool {
 	return false
 }
 
+func (n NoopStatusHandler) IsTraceEnabled() bool {
+	return false
+}
+
 func (n NoopStatusHandler) SetTrace(trace bool) {
 }
 
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index cdddd374c..1a330c36b 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -28,6 +28,10 @@ func (s *simpleStatusHandler) IsTerminal() bool {
 	return s.isTerminal
 }
 
+func (s *simpleStatusHandler) IsTraceEnabled() bool {
+	return s.trace
+}
+
 func (s *simpleStatusHandler) SetTrace(trace bool) {
 	s.trace = trace
 }
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 875e03391..c49f64dfc 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -38,6 +38,7 @@ type StatusLine interface {
 
 type StatusHandler interface {
 	IsTerminal() bool
+	IsTraceEnabled() bool
 
 	SetTrace(trace bool)
 	Stop()
@@ -234,6 +235,11 @@ func Trace(ctx context.Context, status string, args ...any) {
 	slh.Trace(fmt.Sprintf(status, args...))
 }
 
+func IsTraceEnabled(ctx context.Context) bool {
+	slh := FromContext(ctx)
+	return slh.IsTraceEnabled()
+}
+
 func Error(ctx context.Context, status string, args ...any) {
 	slh := FromContext(ctx)
 	slh.Error(fmt.Sprintf(status, args...))
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index ad9491bad..7b5a85a82 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -47,6 +47,10 @@ func (s *MultiLineStatusHandler) IsTerminal() bool {
 	return s.isTerminal
 }
 
+func (s *MultiLineStatusHandler) IsTraceEnabled() bool {
+	return s.trace
+}
+
 func (s *MultiLineStatusHandler) Flush() {
 	s.Stop()
 	s.start()

From d61a257271b7eea0ee7aa6829f09d24428245c6e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Jul 2022 12:11:42 +0200
Subject: [PATCH 0299/2268] fix: Fix race condition in ApplyDeploymentsUtil
 when creating new ApplyUtils

---
 pkg/deployment/utils/apply_utils.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index c241ff6ba..a14b1528a 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -65,7 +65,8 @@ type ApplyDeploymentsUtil struct {
 
 	abortSignal atomic.Value
 
-	results []*ApplyUtil
+	resultsMutex sync.Mutex
+	results      []*ApplyUtil
 }
 
 func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, k *k8s.K8sCluster, o *ApplyUtilOptions) *ApplyDeploymentsUtil {
@@ -82,6 +83,9 @@ func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnin
 }
 
 func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *status.StatusContext) *ApplyUtil {
+	ad.resultsMutex.Lock()
+	defer ad.resultsMutex.Unlock()
+
 	ret := &ApplyUtil{
 		ctx:                ctx,
 		dew:                ad.dew,
@@ -651,6 +655,9 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 }
 
 func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*types.RefAndObject {
+	ad.resultsMutex.Lock()
+	defer ad.resultsMutex.Unlock()
+
 	var ret []*types.RefAndObject
 	for _, a := range ad.results {
 		for _, o := range a.appliedObjects {
@@ -672,6 +679,9 @@ func (ad *ApplyDeploymentsUtil) GetAppliedObjectsMap() map[k8s2.ObjectRef]*uo.Un
 }
 
 func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*types.RefAndObject {
+	ad.resultsMutex.Lock()
+	defer ad.resultsMutex.Unlock()
+
 	var ret []*types.RefAndObject
 	for _, a := range ad.results {
 		for _, o := range a.appliedHookObjects {
@@ -685,6 +695,9 @@ func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*types.RefAndObject {
 }
 
 func (ad *ApplyDeploymentsUtil) GetDeletedObjects() []k8s2.ObjectRef {
+	ad.resultsMutex.Lock()
+	defer ad.resultsMutex.Unlock()
+
 	var ret []k8s2.ObjectRef
 	m := make(map[k8s2.ObjectRef]bool)
 	for _, a := range ad.results {

From 7d5c42fbee21cdd8f99b2e15b0d9aad95444a42e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 12:06:25 +0200
Subject: [PATCH 0300/2268] feat: Implement --cpu-profile

---
 cmd/kluctl/commands/root.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 06a9321e8..7e3928ac8 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -33,6 +33,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"runtime/pprof"
 	"strings"
 	"time"
 )
@@ -43,6 +44,8 @@ type cli struct {
 	Debug         bool `group:"global" help:"Enable debug logging"`
 	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
 
+	CpuProfile string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
+
 	CheckImageUpdates checkImageUpdatesCmd `cmd:"" help:"Render deployment and check if any images have new tags available"`
 	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
 	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
@@ -107,6 +110,23 @@ func setupStatusHandler(debug bool) {
 	os.Stderr = pw
 }
 
+var cpuProfileFile *os.File
+
+func setupProfiling(cpuProfile string) error {
+	var err error
+	if cpuProfile != "" {
+		cpuProfileFile, err = os.Create(cpuProfile)
+		if err != nil {
+			return fmt.Errorf("failed to create cpu profile file: %w", err)
+		}
+		err = pprof.StartCPUProfile(cpuProfileFile)
+		if err != nil {
+			return fmt.Errorf("failed to start cpu profiling: %w", err)
+		}
+	}
+	return nil
+}
+
 type VersionCheckState struct {
 	LastVersionCheck time.Time `yaml:"lastVersionCheck"`
 }
@@ -164,6 +184,10 @@ func (c *cli) checkNewVersion() {
 }
 
 func (c *cli) preRun() error {
+	err := setupProfiling(c.CpuProfile)
+	if err != nil {
+		return err
+	}
 	setupStatusHandler(c.Debug)
 	c.checkNewVersion()
 	return nil
@@ -221,6 +245,12 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		setupStatusHandler(false)
 	}
 
+	if cpuProfileFile != nil {
+		pprof.StopCPUProfile()
+		_ = cpuProfileFile.Close()
+		cpuProfileFile = nil
+	}
+
 	sh := status.FromContext(cliCtx)
 
 	if err != nil {

From 81d01d797f64f203eece52e65435ad85222a0d99 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Jul 2022 15:12:36 +0200
Subject: [PATCH 0301/2268] refactor: Move loading of target-config.yml into
 own function

---
 pkg/kluctl_project/targets.go | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index f51688a38..eb09429e5 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"os"
 	"reflect"
 	"regexp"
 	"sort"
@@ -267,6 +268,22 @@ func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTarge
 	return nil
 }
 
+func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
+	configFile := yaml.FixNameExt(targetInfo.dir, "target-config.yml")
+	if targetInfo.baseTarget.TargetConfig.File != nil {
+		configFile = *targetInfo.baseTarget.TargetConfig.File
+	}
+	configPath, err := securejoin.SecureJoin(targetInfo.dir, configFile)
+	if err != nil {
+		return nil, err
+	}
+	if !utils.IsFile(configPath) {
+		return nil, fmt.Errorf("no target config file with name %s found in target", configFile)
+	}
+
+	return os.ReadFile(configPath)
+}
+
 func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
 	var target types.Target
 	err := utils.DeepCopy(&target, targetInfo.baseTarget)
@@ -277,20 +294,13 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 		return &target, nil
 	}
 
-	configFile := yaml.FixNameExt(targetInfo.dir, "target-config.yml")
-	if targetInfo.baseTarget.TargetConfig.File != nil {
-		configFile = *targetInfo.baseTarget.TargetConfig.File
-	}
-	configPath, err := securejoin.SecureJoin(targetInfo.dir, configFile)
+	configFile, err := c.loadTargetConfigFile(targetInfo)
 	if err != nil {
 		return nil, err
 	}
-	if !utils.IsFile(configPath) {
-		return nil, fmt.Errorf("no target config file with name %s found in target", configFile)
-	}
 
 	var targetConfig types.TargetConfig
-	err = yaml.ReadYamlFile(configPath, &targetConfig)
+	err = yaml.ReadYamlBytes(configFile, &targetConfig)
 	if err != nil {
 		return nil, err
 	}

From 6ebef19a621e02c6dc2a0d8d6235b46d3ba0057d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 10:33:23 +0200
Subject: [PATCH 0302/2268] chore: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index ca9a9d8ec..54167b996 100644
--- a/go.mod
+++ b/go.mod
@@ -42,6 +42,7 @@ require (
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
 	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
 	golang.org/x/text v0.3.7
+	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.9.0
 	k8s.io/api v0.24.1
@@ -206,7 +207,6 @@ require (
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiserver v0.24.1 // indirect
 	k8s.io/cli-runtime v0.24.1 // indirect
 	k8s.io/component-base v0.24.1 // indirect

From 10c2380832efb554315b73efca4b635a40ac3537 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 11:35:51 +0200
Subject: [PATCH 0303/2268] fix: Speed up loading of projects with many dynamic
 targets by avoiding clones

So far, kluctl has checked out all branches for all dynamic targets in
parallel just to load the target-config.yaml from that branch. This commit
changes this to only load the file object from the git tree.
---
 pkg/git/mirrored_repo.go      | 28 +++---------
 pkg/git/repocache/cache.go    | 23 ++++++++++
 pkg/kluctl_project/targets.go | 85 +++++++++++++++++------------------
 3 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 5a48414aa..221113f6f 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -357,12 +357,12 @@ func (g *MirroredGitRepo) CloneProjectByCommit(commit string, targetDir string)
 	return nil
 }
 
-func (g *MirroredGitRepo) ReadFile(ref string, path string) ([]byte, error) {
+func (g *MirroredGitRepo) GetGitTreeByCommit(commitHash string) (*object.Tree, error) {
 	if !g.IsLocked() || !g.hasUpdated {
 		panic("tried to read a file from a project that is not locked/updated")
 	}
 
-	doError := func(err error) ([]byte, error) {
+	doError := func(err error) (*object.Tree, error) {
 		return nil, fmt.Errorf("failed to read file from git repostory: %w", err)
 	}
 
@@ -371,16 +371,9 @@ func (g *MirroredGitRepo) ReadFile(ref string, path string) ([]byte, error) {
 		return nil, err
 	}
 
-	if ref == "" {
-		ref = "HEAD"
-	}
+	h := plumbing.NewHash(commitHash)
 
-	h, err := r.ResolveRevision(plumbing.Revision(ref))
-	if err != nil {
-		return doError(err)
-	}
-
-	commit, err := object.GetCommit(r.Storer, *h)
+	commit, err := object.GetCommit(r.Storer, h)
 	if err != nil {
 		return doError(err)
 	}
@@ -388,18 +381,7 @@ func (g *MirroredGitRepo) ReadFile(ref string, path string) ([]byte, error) {
 	if err != nil {
 		return doError(err)
 	}
-
-	f, err := tree.File(path)
-	if err != nil {
-		return doError(err)
-	}
-	reader, err := f.Reader()
-	if err != nil {
-		return doError(err)
-	}
-	defer reader.Close()
-
-	return ioutil.ReadAll(reader)
+	return tree, nil
 }
 
 func buildMirrorRepoName(u git_url.GitUrl) string {
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 34d3ebcef..3d34e2ec8 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -3,6 +3,7 @@ package repocache
 import (
 	"context"
 	"fmt"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -221,3 +222,25 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	}
 	return p, repoInfo, nil
 }
+
+func (e *CacheEntry) GetGitTree(ref string) (*object.Tree, error) {
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	err := e.mr.Lock()
+	if err != nil {
+		return nil, err
+	}
+	defer e.mr.Unlock()
+
+	if ref == "" {
+		ref = e.defaultRef
+	}
+
+	_, commit, err := e.findCommit(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	return e.mr.GetGitTreeByCommit(commit)
+}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index eb09429e5..8579a1d7c 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -3,23 +3,25 @@ package kluctl_project
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io"
 	"os"
 	"reflect"
 	"regexp"
 	"sort"
 	"strings"
-	"sync"
 )
 
 type dynamicTargetInfo struct {
 	baseTarget    *types.Target
 	dir           string
+	gitTree       *object.Tree
 	gitProject    *types.GitProject
 	ref           *string
 	refPattern    *string
@@ -42,11 +44,6 @@ func (c *LoadedKluctlProject) loadTargets() error {
 		targetInfos = append(targetInfos, l...)
 	}
 
-	err := c.cloneDynamicTargets(targetInfos)
-	if err != nil {
-		return err
-	}
-
 	for _, targetInfo := range targetInfos {
 		target, err := c.buildDynamicTarget(targetInfo)
 		if err != nil {
@@ -186,14 +183,11 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			return nil, err
 		}
 
-		cloneDir, _, err := ge.GetClonedDir(refShortName)
-		if err != nil {
-			return nil, err
-		}
+		gitTree, err := ge.GetGitTree(refShortName)
 
 		dynamicTargets = append(dynamicTargets, &dynamicTargetInfo{
 			baseTarget:    baseTarget,
-			dir:           cloneDir,
+			gitTree:       gitTree,
 			gitProject:    baseTarget.TargetConfig.Project,
 			ref:           &refShortName,
 			refPattern:    refPattern,
@@ -228,47 +222,40 @@ func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string,
 	}
 }
 
-func (c *LoadedKluctlProject) cloneDynamicTargets(dynamicTargets []*dynamicTargetInfo) error {
-	uniqueClones := make(map[string]interface{})
-	var mutex sync.Mutex
-	var wg sync.WaitGroup
+func (c *LoadedKluctlProject) loadTargetConfigFileFromGit(targetInfo *dynamicTargetInfo) ([]byte, error) {
+	existsFunc := func(path string) bool {
+		e, err := targetInfo.gitTree.FindEntry(path)
+		if e == nil || err != nil {
+			return false
+		}
+		return true
+	}
 
-	for _, targetInfo_ := range dynamicTargets {
-		targetInfo := targetInfo_
+	var configFile string
 
-		if targetInfo.gitProject == nil {
-			continue
-		}
-		mutex.Lock()
-		if _, ok := uniqueClones[targetInfo.dir]; ok {
-			mutex.Unlock()
-			continue
+	if targetInfo.baseTarget.TargetConfig.File != nil {
+		configFile = *targetInfo.baseTarget.TargetConfig.File
+	} else {
+		configFile = "target-config.yml"
+		if !existsFunc(configFile) {
+			configFile = "target-config.yaml"
 		}
-		uniqueClones[targetInfo.dir] = nil
-		mutex.Unlock()
-
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			gitProject := *targetInfo.gitProject
-			gitProject.Ref = *targetInfo.ref
-
-			gi, err := c.loadGitProject(&gitProject, "")
-			mutex.Lock()
-			defer mutex.Unlock()
-			if err != nil {
-				uniqueClones[targetInfo.dir] = err
-			} else {
-				uniqueClones[targetInfo.dir] = &gi
-			}
-		}()
 	}
-	wg.Wait()
 
-	return nil
+	f, err := targetInfo.gitTree.File(configFile)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load target config: %w", err)
+	}
+	r, err := f.Reader()
+	if err != nil {
+		return nil, fmt.Errorf("failed to load target config: %w", err)
+	}
+	defer r.Close()
+
+	return io.ReadAll(r)
 }
 
-func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
+func (c *LoadedKluctlProject) loadTargetConfigFileFromLocal(targetInfo *dynamicTargetInfo) ([]byte, error) {
 	configFile := yaml.FixNameExt(targetInfo.dir, "target-config.yml")
 	if targetInfo.baseTarget.TargetConfig.File != nil {
 		configFile = *targetInfo.baseTarget.TargetConfig.File
@@ -284,6 +271,14 @@ func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo
 	return os.ReadFile(configPath)
 }
 
+func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
+	if targetInfo.gitTree != nil {
+		return c.loadTargetConfigFileFromGit(targetInfo)
+	} else {
+		return c.loadTargetConfigFileFromLocal(targetInfo)
+	}
+}
+
 func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
 	var target types.Target
 	err := utils.DeepCopy(&target, targetInfo.baseTarget)

From 931274540d593a6dd4534f3cdbcdd21e859a7f3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 11:36:12 +0200
Subject: [PATCH 0304/2268] tests: Add loadTargetConfigFile tests

---
 pkg/kluctl_project/targets_test.go | 65 ++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 pkg/kluctl_project/targets_test.go

diff --git a/pkg/kluctl_project/targets_test.go b/pkg/kluctl_project/targets_test.go
new file mode 100644
index 000000000..852a5f8cd
--- /dev/null
+++ b/pkg/kluctl_project/targets_test.go
@@ -0,0 +1,65 @@
+package kluctl_project
+
+import (
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestLoadTargetConfigFileFromLocal(t *testing.T) {
+	c := LoadedKluctlProject{}
+	ti := &dynamicTargetInfo{
+		baseTarget: &types.Target{
+			TargetConfig: &types.ExternalTargetConfig{},
+		},
+		dir: t.TempDir(),
+	}
+	err := os.WriteFile(filepath.Join(ti.dir, "target-config.yml"), []byte("test"), 0600)
+	assert.NoError(t, err)
+
+	data, err := c.loadTargetConfigFile(ti)
+	assert.NoError(t, err)
+
+	assert.Equal(t, []byte("test"), data)
+}
+
+func TestLoadTargetConfigFileFromGit(t *testing.T) {
+	dir := t.TempDir()
+	r, err := git.PlainInit(dir, false)
+	assert.NoError(t, err)
+
+	wt, err := r.Worktree()
+	assert.NoError(t, err)
+
+	err = os.WriteFile(filepath.Join(dir, "target-config.yml"), []byte("test"), 0600)
+	assert.NoError(t, err)
+
+	_, err = wt.Add("target-config.yml")
+	assert.NoError(t, err)
+
+	h, err := wt.Commit("test", &git.CommitOptions{})
+	assert.NoError(t, err)
+
+	commit, err := object.GetCommit(r.Storer, h)
+	assert.NoError(t, err)
+
+	gitTree, err := commit.Tree()
+	assert.NoError(t, err)
+
+	c := LoadedKluctlProject{}
+	ti := &dynamicTargetInfo{
+		baseTarget: &types.Target{
+			TargetConfig: &types.ExternalTargetConfig{},
+		},
+		gitTree: gitTree,
+	}
+
+	data, err := c.loadTargetConfigFile(ti)
+	assert.NoError(t, err)
+
+	assert.Equal(t, []byte("test"), data)
+}

From ecdf1035cf6e981774f5d5929b0e1dfed0f8a1f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 14:03:38 +0200
Subject: [PATCH 0305/2268] tests: Add LooseVersion tests for 'v' prefixes

---
 pkg/utils/versions/looseversion_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/utils/versions/looseversion_test.go b/pkg/utils/versions/looseversion_test.go
index 5d2bab86f..b25520f8d 100644
--- a/pkg/utils/versions/looseversion_test.go
+++ b/pkg/utils/versions/looseversion_test.go
@@ -79,3 +79,14 @@ func TestLooseVersionNoNums(t *testing.T) {
 	checkLess(t, "-1", "-2")
 	checkLess(t, "-1.1", "-1.2")
 }
+
+func TestLooseVersionVPrefix(t *testing.T) {
+	checkLess(t, "v1.0", "v1.1")
+	checkLess(t, "v2.0", "v2.1")
+	checkLess(t, "v1.0", "v2.0")
+	checkLess(t, "1.0", "v2.0")
+	checkLess(t, "v1.0suffix", "v1.0")
+	checkLess(t, "v1.0-suffix", "v1.0")
+	checkLess(t, "v1.0suffix1", "v1.0suffix2")
+	checkLess(t, "v1.0-suffix1", "v1.0-suffix2")
+}

From 552b22dfebfcd87758716e46d7a8ffbf8eace162 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 14:03:59 +0200
Subject: [PATCH 0306/2268] fix: Also allow 'v' prefixes in semantic versions

---
 pkg/utils/versions/looseversion.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/versions/looseversion.go b/pkg/utils/versions/looseversion.go
index 11101ea03..0c6bbf529 100644
--- a/pkg/utils/versions/looseversion.go
+++ b/pkg/utils/versions/looseversion.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 )
 
-var looseSemverRegex = regexp.MustCompile(`^(([0-9]+)(\.[0-9]+)*)?(.*)$`)
+var looseSemverRegex = regexp.MustCompile(`^v?(([0-9]+)(\.[0-9]+)*)?(.*)$`)
 var suffixComponentRegex = regexp.MustCompile(`\d+|[a-zA-Z]+|\.`)
 
 // Allows to compare ints and strings. Strings are always considered less than ints.

From 342b8bc4da85a9d585bf76c3098285bd7671a2cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 25 Jul 2022 14:09:56 +0200
Subject: [PATCH 0307/2268] tests: Fix TestLoadTargetConfigFileFromGit test

Missed adding a commit author, which was not failing locally due to global
git configs.
---
 pkg/kluctl_project/targets_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/targets_test.go b/pkg/kluctl_project/targets_test.go
index 852a5f8cd..628a69d4b 100644
--- a/pkg/kluctl_project/targets_test.go
+++ b/pkg/kluctl_project/targets_test.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 )
 
 func TestLoadTargetConfigFileFromLocal(t *testing.T) {
@@ -41,7 +42,7 @@ func TestLoadTargetConfigFileFromGit(t *testing.T) {
 	_, err = wt.Add("target-config.yml")
 	assert.NoError(t, err)
 
-	h, err := wt.Commit("test", &git.CommitOptions{})
+	h, err := wt.Commit("test", &git.CommitOptions{Author: &object.Signature{Name: "test", Email: "test@test.com", When: time.Now()}})
 	assert.NoError(t, err)
 
 	commit, err := object.GetCommit(r.Storer, h)

From 0a424702abe2e7b526da8cbdd21f1c6e69ba6747 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Jul 2022 14:26:27 +0200
Subject: [PATCH 0308/2268] fix: Don't rely on yaml marshalling when rendering
 structs

This should speed up rendering of structs as there is no need to
marshal+unmarshal structs anymore.
---
 pkg/jinja2/jinja2.go          |  55 -----------
 pkg/jinja2/jinja2_renderer.go |  16 ++-
 pkg/jinja2/render_struct.go   | 181 ++++++++++++++++++++++++++++++++++
 pkg/kluctl_project/targets.go |  24 ++---
 pkg/vars/vars_loader.go       |   7 +-
 5 files changed, 209 insertions(+), 74 deletions(-)
 create mode 100644 pkg/jinja2/render_struct.go

diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 1bc115aa7..2d433ec1a 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -123,61 +123,6 @@ func (j *Jinja2) RenderFile(template string, searchDirs []string, vars *uo.Unstr
 	return *jobs[0].Result, nil
 }
 
-func (j *Jinja2) RenderStruct(dst interface{}, src interface{}, vars *uo.UnstructuredObject) error {
-	m, err := uo.FromStruct(src)
-	if err != nil {
-		return err
-	}
-
-	type pk struct {
-		parent interface{}
-		key    interface{}
-	}
-
-	var jobs []*RenderJob
-	var fields []pk
-	err = m.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
-		value := it.Value()
-		if s, ok := value.(string); ok {
-			jobs = append(jobs, &RenderJob{Template: s})
-			fields = append(fields, pk{
-				parent: it.Parent(),
-				key:    it.Key(),
-			})
-		}
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	err = j.RenderStrings(jobs, nil, vars)
-	if err != nil {
-		return err
-	}
-
-	var errors []error
-	for i, j := range jobs {
-		if j.Error != nil {
-			errors = append(errors, j.Error)
-		} else {
-			err = uo.SetChild(fields[i].parent, fields[i].key, *j.Result)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	if len(errors) != 0 {
-		return utils.NewErrorListOrNil(errors)
-	}
-
-	err = m.ToStruct(dst)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 func (j *Jinja2) getGlob(pattern string) (glob.Glob, error) {
 	j.mutex.Lock()
 	defer j.mutex.Unlock()
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index f29ec2312..8895f2366 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -86,9 +86,17 @@ func (j *pythonJinja2Renderer) Close() {
 	}
 }
 
-func (j *pythonJinja2Renderer) isMaybeTemplate(template string, searchDirs []string, isString bool) (bool, *string) {
+func isMaybeTemplateString(template string) bool {
+	return strings.IndexRune(template, '{') != -1
+}
+
+func isMaybeTemplateBytes(template []byte) bool {
+	return bytes.IndexRune(template, '{') != -1
+}
+
+func isMaybeTemplate(template string, searchDirs []string, isString bool) (bool, *string) {
 	if isString {
-		if strings.IndexRune(template, '{') == -1 {
+		if !isMaybeTemplateString(template) {
 			return false, &template
 		}
 	} else {
@@ -97,7 +105,7 @@ func (j *pythonJinja2Renderer) isMaybeTemplate(template string, searchDirs []str
 			if err != nil {
 				continue
 			}
-			if bytes.IndexRune(b, '{') == -1 {
+			if !isMaybeTemplateBytes(b) {
 				x := string(b)
 				return false, &x
 			} else {
@@ -140,7 +148,7 @@ func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []stri
 	jargs.Strict = strict
 
 	for _, job := range jobs {
-		if ist, r := j.isMaybeTemplate(job.Template, searchDirs, isString); !ist {
+		if ist, r := isMaybeTemplate(job.Template, searchDirs, isString); !ist {
 			job.Result = r
 			continue
 		}
diff --git a/pkg/jinja2/render_struct.go b/pkg/jinja2/render_struct.go
new file mode 100644
index 000000000..e2f06996b
--- /dev/null
+++ b/pkg/jinja2/render_struct.go
@@ -0,0 +1,181 @@
+package jinja2
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"reflect"
+)
+
+type structStringCollectorEntry struct {
+	s      string
+	setter func(s string)
+}
+
+type structStringCollector struct {
+	j       *Jinja2
+	strings []structStringCollectorEntry
+}
+
+func (w *structStringCollector) extractTemplateString(v reflect.Value) (string, bool) {
+	if v.IsZero() {
+		return "", false
+	}
+
+	t := v.Type()
+	if t.Kind() == reflect.Interface || t.Kind() == reflect.Pointer {
+		v = v.Elem()
+		t = v.Type()
+	}
+	if t.Kind() == reflect.String {
+		s := v.String()
+		if !isMaybeTemplateString(s) {
+			return "", false
+		}
+		return v.String(), true
+	}
+	return "", false
+}
+
+func (w *structStringCollector) addString(s string, setter func(s string)) {
+	w.strings = append(w.strings, structStringCollectorEntry{
+		s:      s,
+		setter: setter,
+	})
+}
+
+func (w *structStringCollector) walkStruct(v reflect.Value) error {
+	t := v.Type()
+	l := t.NumField()
+
+	for i := 0; i < l; i++ {
+		f := v.Field(i)
+		if s, ok := w.extractTemplateString(f); ok {
+			w.addString(s, func(s string) {
+				if f.Type().Kind() == reflect.Pointer {
+					f.Set(reflect.ValueOf(&s))
+				} else {
+					f.Set(reflect.ValueOf(s))
+				}
+			})
+		} else {
+			err := w.walkValue(f)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkList(v reflect.Value) error {
+	l := v.Len()
+	for i := 0; i < l; i++ {
+		e := v.Index(i)
+		if s, ok := w.extractTemplateString(e); ok {
+			w.addString(s, func(s string) {
+				if e.Type().Kind() == reflect.Pointer {
+					e.Set(reflect.ValueOf(&s))
+				} else {
+					e.Set(reflect.ValueOf(s))
+				}
+			})
+		} else {
+			err := w.walkValue(e)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkMap(v reflect.Value) error {
+	it := v.MapRange()
+	for it.Next() {
+		ik := it.Key()
+		iv := it.Value()
+
+		if s, ok := w.extractTemplateString(iv); ok {
+			if isMaybeTemplateString(s) {
+				w.addString(s, func(s string) {
+					if iv.Type().Kind() == reflect.Pointer {
+						v.SetMapIndex(ik, reflect.ValueOf(&s))
+					} else {
+						v.SetMapIndex(ik, reflect.ValueOf(s))
+					}
+				})
+			}
+		} else {
+			err := w.walkValue(iv)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkValue(v reflect.Value) error {
+	if v.IsZero() {
+		return nil
+	}
+
+	v = reflect.Indirect(v)
+	t := v.Type()
+
+	switch t.Kind() {
+	case reflect.Interface, reflect.Pointer:
+		return w.walkValue(v.Elem())
+	case reflect.Slice, reflect.Array:
+		return w.walkList(v)
+	case reflect.Struct:
+		return w.walkStruct(v)
+	case reflect.Map:
+		return w.walkMap(v)
+	}
+	return nil
+}
+
+func (j *Jinja2) RenderStruct(o interface{}, vars *uo.UnstructuredObject) (bool, bool, error) {
+	w := &structStringCollector{j: j}
+	v := reflect.ValueOf(o)
+	err := w.walkValue(v)
+	if err != nil {
+		return false, false, err
+	}
+
+	var jobs []*RenderJob
+
+	for _, sv := range w.strings {
+		jobs = append(jobs, &RenderJob{Template: sv.s})
+	}
+
+	err = j.RenderStrings(jobs, nil, vars)
+	if err != nil {
+		return false, false, err
+	}
+
+	changed := false
+	moreTemplates := false
+
+	var errors []error
+	for i, sv := range w.strings {
+		job := jobs[i]
+		if job.Error != nil {
+			errors = append(errors, job.Error)
+		} else {
+			if sv.s != *job.Result {
+				sv.setter(*job.Result)
+				changed = true
+				if isMaybeTemplateString(*job.Result) {
+					moreTemplates = true
+				}
+			}
+		}
+	}
+	if len(errors) != 0 {
+		return false, false, utils.NewErrorListOrNil(errors)
+	}
+
+	return changed, moreTemplates, nil
+}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 8579a1d7c..18ac0153a 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -12,7 +12,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"os"
-	"reflect"
 	"regexp"
 	"sort"
 	"strings"
@@ -55,7 +54,7 @@ func (c *LoadedKluctlProject) loadTargets() error {
 			continue
 		}
 
-		target, err = c.renderTarget(target)
+		err = c.renderTarget(target)
 		if err != nil {
 			return err
 		}
@@ -76,17 +75,16 @@ func (c *LoadedKluctlProject) loadTargets() error {
 	return nil
 }
 
-func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target, error) {
+func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 	// Try rendering the target multiple times, until all values can be rendered successfully. This allows the target
 	// to reference itself in complex ways. We'll also try loading the cluster vars in each iteration.
 
 	var errors []error
-	curTarget := target
 	for i := 0; i < 10; i++ {
 		varsCtx := vars.NewVarsCtx(c.J2)
-		err := varsCtx.UpdateChildFromStruct("target", curTarget)
+		err := varsCtx.UpdateChildFromStruct("target", target)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		if target.Cluster != nil {
@@ -94,22 +92,20 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) (*types.Target,
 			if err == nil {
 				err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
 				if err != nil {
-					return nil, err
+					return err
 				}
 			}
 		}
 
-		var newTarget types.Target
-		err = c.J2.RenderStruct(&newTarget, curTarget, varsCtx.Vars)
-		if err == nil && reflect.DeepEqual(curTarget, &newTarget) {
-			return curTarget, nil
+		changed, moreTemplates, err := c.J2.RenderStruct(target, varsCtx.Vars)
+		if err == nil && (!changed || !moreTemplates) {
+			return nil
 		}
-		curTarget = &newTarget
 	}
 	if len(errors) != 0 {
-		return nil, errors[0]
+		return errors[0]
 	}
-	return curTarget, nil
+	return nil
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargets(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 022bd895c..5afb09788 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
@@ -55,8 +56,12 @@ func (v *VarsLoader) LoadVarsList(varsCtx *VarsCtx, varsList []*types.VarsSource
 
 func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, searchDirs []string, rootKey string) error {
 	var source types.VarsSource
+	err := utils.DeepCopy(&source, sourceIn)
+	if err != nil {
+		return err
+	}
 
-	err := varsCtx.J2.RenderStruct(&source, sourceIn, varsCtx.Vars)
+	_, _, err = varsCtx.J2.RenderStruct(&source, varsCtx.Vars)
 	if err != nil {
 		return err
 	}

From 2182b5a7d14ee299ea60ad8a8d0c68ea030ec230 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Jul 2022 16:44:43 +0200
Subject: [PATCH 0309/2268] fix: Don't rely on official managed fields parser

Instead, parse managed fields based on the already parsed UnstructuredObject.

This should speed up parsing of managed fields.
---
 pkg/deployment/utils/delete_utils.go |  3 +-
 pkg/diff/fieldpath_utils.go          | 54 ++++++++++++++++++++++++++++
 pkg/diff/managed_fields.go           | 21 ++++++++---
 pkg/utils/uo/k8s_fields.go           |  6 ++--
 4 files changed, 76 insertions(+), 8 deletions(-)
 create mode 100644 pkg/diff/fieldpath_utils.go

diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index b79f93d5f..dabdf569e 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -96,7 +96,8 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 		// check if kluctl is managing this object
 		found := false
 		for _, mf := range managedFields {
-			if mf.Manager == "kluctl" {
+			mgr, _, _ := mf.GetNestedString("manager")
+			if mgr == "kluctl" {
 				found = true
 				break
 			}
diff --git a/pkg/diff/fieldpath_utils.go b/pkg/diff/fieldpath_utils.go
new file mode 100644
index 000000000..c8a2a3b54
--- /dev/null
+++ b/pkg/diff/fieldpath_utils.go
@@ -0,0 +1,54 @@
+package diff
+
+import (
+	"fmt"
+	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
+)
+
+// based on sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize.go:readIterV1
+func convertManagedFields(m map[string]any) (children *fieldpath.Set, isMember bool, retErr error) {
+	for key, v := range m {
+		if key == "." {
+			isMember = true
+			continue
+		}
+		pe, err := fieldpath.DeserializePathElement(key)
+		if err == fieldpath.ErrUnknownPathElementType {
+			// Ignore these-- a future version maybe knows what
+			// they are. We drop these completely rather than try
+			// to preserve things we don't understand.
+			continue
+		} else if err != nil {
+			retErr = fmt.Errorf("parsing key as path element: %w", err)
+			return
+		}
+		m2, ok := v.(map[string]any)
+		if !ok {
+			retErr = fmt.Errorf("value is not a map")
+			return
+		}
+		grandchildren, childIsMember, err := convertManagedFields(m2)
+		if err != nil {
+			retErr = err
+			return
+		}
+		if childIsMember {
+			if children == nil {
+				children = &fieldpath.Set{}
+			}
+
+			children.Members.Insert(pe)
+		}
+		if grandchildren != nil {
+			if children == nil {
+				children = &fieldpath.Set{}
+			}
+			*children.Children.Descend(pe) = *grandchildren
+		}
+	}
+	if children == nil {
+		isMember = true
+	}
+
+	return children, isMember, nil
+}
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 0e89651fe..1a5a36673 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -1,7 +1,6 @@
 package diff
 
 import (
-	"bytes"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -112,11 +111,25 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 	managersByFields := make(map[string]*managersByField)
 
 	for _, mf := range managedFields {
-		fieldSet := fieldpath.NewSet()
-		err := fieldSet.FromJSON(bytes.NewReader(mf.FieldsV1.Raw))
+		fields, ok, err := mf.GetNestedObject("fieldsV1")
 		if err != nil {
 			return nil, nil, err
 		}
+		if !ok {
+			continue
+		}
+		fieldSet, _, err := convertManagedFields(fields.Object)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		mgr, ok, err := mf.GetNestedString("manager")
+		if err != nil {
+			return nil, nil, err
+		}
+		if !ok {
+			return nil, nil, fmt.Errorf("manager field is missing")
+		}
 
 		fieldSet.Iterate(func(path fieldpath.Path) {
 			path = path.Copy()
@@ -135,7 +148,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			if !found {
 				m.pathes = append(m.pathes, path)
 			}
-			m.managers = append(m.managers, mf.Manager)
+			m.managers = append(m.managers, mgr)
 		})
 	}
 
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index 69c295757..2758945b1 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -3,7 +3,6 @@ package uo
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
 	"regexp"
@@ -208,8 +207,9 @@ func (uo *UnstructuredObject) GetK8sOwnerReferences() []*UnstructuredObject {
 	return ret
 }
 
-func (uo *UnstructuredObject) GetK8sManagedFields() []metav1.ManagedFieldsEntry {
-	return uo.ToUnstructured().GetManagedFields()
+func (uo *UnstructuredObject) GetK8sManagedFields() []*UnstructuredObject {
+	ret, _, _ := uo.GetNestedObjectList("metadata", "managedFields")
+	return ret
 }
 
 func (uo *UnstructuredObject) GetK8sCreationTime() time.Time {

From fd4bd0af59d101e001604ffcf5f7f1a1823de134 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Jul 2022 14:07:23 +0200
Subject: [PATCH 0310/2268] fix: Fix empty status lines

---
 pkg/deployment/utils/apply_utils.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index a14b1528a..baca9e10f 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -521,6 +521,9 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	if a.warningCount != 0 {
 		finalStatus += fmt.Sprintf(" Encountered %d warnings.", a.warningCount)
 	}
+	if finalStatus == "" {
+		finalStatus = "Nothing to apply."
+	}
 
 	a.sctx.Update(strings.TrimSpace(finalStatus))
 
@@ -573,6 +576,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 			sctx = status.StartWithOptions(a.ctx,
 				status.WithTotal(-1),
 				status.WithPrefix(*progressName),
+				status.WithStatus("Initializing"),
 			)
 		}
 		a2 := a.NewApplyUtil(a.ctx, sctx)

From 89b2d3b080b0275372efc8d4a1142acdc9bfe022 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Jul 2022 14:15:56 +0200
Subject: [PATCH 0311/2268] fix: Fix validate command to properly report
 readiness

---
 pkg/deployment/commands/validate.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index d9a63720d..0647a3b51 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -27,6 +27,7 @@ func NewValidateCommand(ctx context.Context, c *deployment.DeploymentCollection)
 
 func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.ValidateResult, error) {
 	var result types.ValidateResult
+	result.Ready = true
 
 	cmd.dew.Init()
 
@@ -56,6 +57,9 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 				continue
 			}
 			r := validation.ValidateObject(k, remoteObject, true)
+			if !r.Ready {
+				result.Ready = false
+			}
 			result.Errors = append(result.Errors, r.Errors...)
 			result.Warnings = append(result.Warnings, r.Warnings...)
 			result.Results = append(result.Results, r.Results...)

From 55530775ede773e6a3a23d15f110d43e7598345c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Jul 2022 14:36:31 +0200
Subject: [PATCH 0312/2268] ci: Upgrade macos images in Github actions

---
 .github/workflows/tests.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e0aaa6f29..759044bff 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -139,11 +139,11 @@ jobs:
         include:
           - os: ubuntu-20.04
             binary-suffix: linux-amd64
-          - os: macos-10.15
+          - os: macos-11
             binary-suffix: darwin-amd64
           - os: windows-2019
             binary-suffix: windows-amd64
-        os: [ubuntu-20.04, macos-10.15, windows-2019]
+        os: [ubuntu-20.04, macos-11, windows-2019]
       fail-fast: false
     needs:
       - build

From 3d87d53383edf7bb344d150e3a340b7fa5614fd6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Jul 2022 13:36:43 +0200
Subject: [PATCH 0313/2268] fix: Properly differentiate between "insecure" and
 "tlsNoVerify" registries

"insecure" means http instead of https. TLS verification is independent from
this. This commit properly implements both.
---
 pkg/registries/registries.go | 89 ++++++++++++++++++++++++++----------
 pkg/utils/env.go             | 11 +++++
 2 files changed, 77 insertions(+), 23 deletions(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 9f2171d83..24f169ccb 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -54,12 +54,13 @@ type RegistryHelper struct {
 }
 
 type AuthEntry struct {
-	Registry string
-	Username string
-	Password string
-	Auth     string
-	CABundle []byte
-	Insecure bool
+	Registry      string
+	Username      string
+	Password      string
+	Auth          string
+	CABundle      []byte
+	Insecure      bool
+	SkipTlsVerify bool
 }
 
 func NewRegistryHelper(ctx context.Context) *RegistryHelper {
@@ -86,8 +87,7 @@ func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
 		remote.WithContext(context.WithValue(rh.ctx, transportKey, t)),
 	}
 
-	e := rh.findAuthEntry(repo.RegistryStr())
-	if e != nil && e.Insecure {
+	if rh.isInsecureRegistry(repo.RegistryStr()) {
 		nameOpts = append(nameOpts, name.Insecure)
 		repo, err = name.NewRepository(image, nameOpts...)
 	}
@@ -110,23 +110,63 @@ func (rh *RegistryHelper) AddAuthEntry(e AuthEntry) {
 	rh.authEntries = append(rh.authEntries, e)
 }
 
-func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
-	defaultTlsVerify := true
-	if x, ok := os.LookupEnv("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY"); ok {
-		b, err := strconv.ParseBool(x)
-		if err != nil {
-			return fmt.Errorf("failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %w", err)
-		}
-		defaultTlsVerify = b
+func (rh *RegistryHelper) isDefaultInsecure() bool {
+	defaultInsecure, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_INSECURE", false)
+	if err != nil {
+		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %w", err)
+		return false
+	}
+	return defaultInsecure
+}
+
+func (rh *RegistryHelper) isDefaultSkipTlsVerify() bool {
+	defaultTlsVerify, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY", true)
+	if err != nil {
+		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %w", err)
+		return false
 	}
+	return !defaultTlsVerify
+}
+
+func (rh *RegistryHelper) isInsecureRegistry(registry string) bool {
+	e := rh.findAuthEntry(registry)
+	if e == nil {
+		return rh.isDefaultInsecure()
+	}
+	return e.Insecure
+}
+
+func (rh *RegistryHelper) isSkipTlsVerify(registry string) bool {
+	e := rh.findAuthEntry(registry)
+	if e == nil {
+		return rh.isDefaultSkipTlsVerify()
+	}
+	return e.SkipTlsVerify
+}
+
+func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
+	defaultInsecure := rh.isDefaultInsecure()
+	defaultSkipTlsVerify := rh.isDefaultSkipTlsVerify()
 
 	for _, m := range utils.ParseEnvConfigSets("KLUCTL_REGISTRY") {
 		e := AuthEntry{
-			Registry: m["HOST"],
-			Username: m["USERNAME"],
-			Password: m["PASSWORD"],
-			Auth:     m["AUTH"],
-			Insecure: !defaultTlsVerify,
+			Registry:      m["HOST"],
+			Username:      m["USERNAME"],
+			Password:      m["PASSWORD"],
+			Auth:          m["AUTH"],
+			Insecure:      defaultInsecure,
+			SkipTlsVerify: defaultSkipTlsVerify,
+		}
+		if e.Registry == "" {
+			continue
+		}
+		insecureStr, ok := m["INSECURE"]
+		if ok {
+			insecure, err := strconv.ParseBool(insecureStr)
+			if err != nil {
+				return fmt.Errorf("failed to parse INSECURE from env: %w", err)
+			}
+			e.Insecure = insecure
 		}
 		tlsverifyStr, ok := m["TLSVERIFY"]
 		if ok {
@@ -134,7 +174,7 @@ func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
 			if err != nil {
 				return fmt.Errorf("failed to parse TLSVERIFY from env: %w", err)
 			}
-			e.Insecure = !tlsverify
+			e.SkipTlsVerify = !tlsverify
 		}
 
 		ca_bundle_path := m["CA_BUNDLE"]
@@ -178,16 +218,19 @@ func (rh *RegistryHelper) loadCA(registry string) (*x509.CertPool, error) {
 
 func (rh *RegistryHelper) buildTransport(registry string) (http.RoundTripper, error) {
 	ret, err := rh.cachedTransports.Get(registry, func() (interface{}, error) {
+		skipTls := rh.isSkipTlsVerify(registry)
+
 		ca, err := rh.loadCA(registry)
 		if err != nil {
 			return nil, err
 		}
-		if ca == nil {
+		if ca == nil && !skipTls {
 			return remote.DefaultTransport, nil
 		}
 
 		t := remote.DefaultTransport.Clone()
 		t.TLSClientConfig.RootCAs = ca
+		t.TLSClientConfig.InsecureSkipVerify = skipTls
 		return t, nil
 	})
 	if err != nil {
diff --git a/pkg/utils/env.go b/pkg/utils/env.go
index 5dbca1e69..66ae280f9 100644
--- a/pkg/utils/env.go
+++ b/pkg/utils/env.go
@@ -8,6 +8,17 @@ import (
 	"strings"
 )
 
+func ParseEnvBool(name string, def bool) (bool, error) {
+	if x, ok := os.LookupEnv(name); ok {
+		b, err := strconv.ParseBool(x)
+		if err != nil {
+			return def, err
+		}
+		return b, nil
+	}
+	return def, nil
+}
+
 func ParseEnvConfigSets(prefix string) map[int]map[string]string {
 	ret := make(map[int]map[string]string)
 

From ca65ba160f3d01ce62bc12f8e3e5880a7a5ce054 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 28 Jul 2022 13:37:17 +0200
Subject: [PATCH 0314/2268] fix: Don't use empty credentials when env vars are
 only used to modify TLSVERIFY

---
 pkg/registries/registries.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 24f169ccb..d6c857aa5 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -247,11 +247,15 @@ func (rh *RegistryHelper) getTransport(req *http.Request) http.RoundTripper {
 func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
 	e := rh.findAuthEntry(resource.RegistryStr())
 	if e != nil {
-		return authn.FromConfig(authn.AuthConfig{
-			Username: e.Username,
-			Password: e.Password,
-			Auth:     e.Auth,
-		}), nil
+		// only use credentials from entry if present, otherwise fallback to default keychain
+		// (which will also check ~/.docker/config.json)
+		if e.Username != "" || e.Auth != "" {
+			return authn.FromConfig(authn.AuthConfig{
+				Username: e.Username,
+				Password: e.Password,
+				Auth:     e.Auth,
+			}), nil
+		}
 	}
 
 	return authn.DefaultKeychain.Resolve(resource)

From e7ec72b8d0891010386c9f09c99cd8bdf130fb59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Jul 2022 10:16:41 +0200
Subject: [PATCH 0315/2268] fix: Don's use %w when not supported

---
 pkg/registries/registries.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index d6c857aa5..f51f99913 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -113,7 +113,7 @@ func (rh *RegistryHelper) AddAuthEntry(e AuthEntry) {
 func (rh *RegistryHelper) isDefaultInsecure() bool {
 	defaultInsecure, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_INSECURE", false)
 	if err != nil {
-		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %w", err)
+		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %s", err)
 		return false
 	}
 	return defaultInsecure
@@ -122,7 +122,7 @@ func (rh *RegistryHelper) isDefaultInsecure() bool {
 func (rh *RegistryHelper) isDefaultSkipTlsVerify() bool {
 	defaultTlsVerify, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY", true)
 	if err != nil {
-		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %w", err)
+		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %s", err)
 		return false
 	}
 	return !defaultTlsVerify

From b7827f423bfc552eb3023c85c540185803829201 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Jul 2022 13:37:40 +0200
Subject: [PATCH 0316/2268] refactor: Allow to access ClientConfig and public
 keys via AuthMethodAndCA

---
 pkg/git/auth/auth_provider.go      | 4 ++++
 pkg/git/auth/list_auth_provider.go | 5 +++++
 pkg/git/auth/ssh_auth_provider.go  | 9 +++++++++
 3 files changed, 18 insertions(+)

diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 2a3f91757..314d2536a 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -4,11 +4,15 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"golang.org/x/crypto/ssh"
 )
 
 type AuthMethodAndCA struct {
 	AuthMethod transport.AuthMethod
 	CABundle   []byte
+
+	PublicKeys   func() []ssh.PublicKey
+	ClientConfig func() (*ssh.ClientConfig, error)
 }
 
 type GitAuthProvider interface {
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 6ea7ba938..6e92f345e 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	ssh2 "golang.org/x/crypto/ssh"
 	"strings"
 )
 
@@ -80,6 +81,10 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 				a.HostKeyCallback = buildVerifyHostCallback(ctx, e.KnownHosts)
 				return AuthMethodAndCA{
 					AuthMethod: a,
+					PublicKeys: func() []ssh2.PublicKey {
+						return []ssh2.PublicKey{a.Signer.PublicKey()}
+					},
+					ClientConfig: a.ClientConfig,
 				}
 			}
 		} else {
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 0ec025aa1..d2de0669f 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -121,6 +121,15 @@ func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 
 	return AuthMethodAndCA{
 		AuthMethod: auth,
+		PublicKeys: func() []ssh.PublicKey {
+			signers, _ := auth.Signers()
+			var ret []ssh.PublicKey
+			for _, s := range signers {
+				ret = append(ret, s.PublicKey())
+			}
+			return ret
+		},
+		ClientConfig: auth.ClientConfig,
 	}
 }
 

From 804cbb030ac5998b65a2dbec8e76729beb09b91e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Jul 2022 12:25:14 +0200
Subject: [PATCH 0317/2268] feat: Introduce SSH connection pooling for listing
 of refs

This speeds up updating of git repos from SSH when the git repos have no
updates. For now, pooling is only used when listing remote refs, which
gives enough info to be able to decide if a full fetch is required.
---
 cmd/kluctl/commands/utils.go |   5 +-
 pkg/git/list_refs.go         |  99 ++++++++++++++++++++
 pkg/git/mirrored_repo.go     |  42 +++++----
 pkg/git/repocache/cache.go   |   9 +-
 pkg/git/ssh-pool/hostport.go |  45 +++++++++
 pkg/git/ssh-pool/ssh_pool.go | 177 +++++++++++++++++++++++++++++++++++
 6 files changed, 354 insertions(+), 23 deletions(-)
 create mode 100644 pkg/git/list_refs.go
 create mode 100644 pkg/git/ssh-pool/hostport.go
 create mode 100644 pkg/git/ssh-pool/ssh_pool.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 8459ae908..3ab20e9be 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
@@ -59,7 +60,9 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
 	defer cancel()
 
-	rp := repocache.NewGitRepoCache(ctx, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
+	sshPool := &ssh_pool.SshPool{}
+
+	rp := repocache.NewGitRepoCache(ctx, sshPool, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
new file mode 100644
index 000000000..2bc517fd6
--- /dev/null
+++ b/pkg/git/list_refs.go
@@ -0,0 +1,99 @@
+package git
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
+	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"strconv"
+)
+
+// listRemoteRefsFastSsh will reuse existing ssh connections from a pool
+func (g *MirroredGitRepo) listRemoteRefsFastSsh(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	var portInt int64 = -1
+	if g.url.Port() != "" {
+		var err error
+		portInt, err = strconv.ParseInt(g.url.Port(), 10, 32)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	s, err := g.sshPool.GetSession(g.ctx, g.url.Hostname(), int(portInt), auth)
+	if err != nil {
+		return nil, err
+	}
+	defer s.Close()
+
+	cmd := fmt.Sprintf("git-upload-pack %s", g.url.Path)
+
+	stdout := bytes.NewBuffer(nil)
+	stderr := bytes.NewBuffer(nil)
+	stdin := bytes.NewBuffer([]byte("0000\n"))
+
+	s.Session.Stdout = stdout
+	s.Session.Stderr = stderr
+	s.Session.Stdin = stdin
+
+	err = s.Session.Run(cmd)
+	if err != nil {
+		return nil, fmt.Errorf("git-upload-pack failed: %w\nstderr=%s", err, stderr.String())
+	}
+
+	ar := packp.NewAdvRefs()
+	err = ar.Decode(stdout)
+	if err != nil {
+		return nil, err
+	}
+
+	allRefs, err := ar.AllReferences()
+	if err != nil {
+		return nil, err
+	}
+
+	refs, err := allRefs.IterReferences()
+	if err != nil {
+		return nil, err
+	}
+
+	var resultRefs []*plumbing.Reference
+	err = refs.ForEach(func(ref *plumbing.Reference) error {
+		resultRefs = append(resultRefs, ref)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return resultRefs, nil
+}
+
+func (g *MirroredGitRepo) listRemoteRefsSlow(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	remote, err := r.Remote("origin")
+	if err != nil {
+		return nil, err
+	}
+
+	remoteRefs, err := remote.ListContext(g.ctx, &git.ListOptions{
+		Auth:     auth.AuthMethod,
+		CABundle: auth.CABundle,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return remoteRefs, nil
+}
+
+func (g *MirroredGitRepo) listRemoteRefs(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	if g.url.IsSsh() {
+		refs, err := g.listRemoteRefsFastSsh(r, auth)
+		if err == nil {
+			return refs, nil
+		}
+		status.Warning(g.ctx, "Fast listing of remote refs failed: %s", err.Error())
+	}
+	return g.listRemoteRefsSlow(r, auth)
+}
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 221113f6f..49e571530 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -9,6 +9,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
@@ -25,6 +27,9 @@ var cacheBaseDir = filepath.Join(utils.GetTmpBaseDir(), "git-cache")
 type MirroredGitRepo struct {
 	ctx context.Context
 
+	sshPool       *ssh_pool.SshPool
+	authProviders *auth2.GitAuthProviders
+
 	url       git_url.GitUrl
 	mirrorDir string
 
@@ -36,12 +41,14 @@ type MirroredGitRepo struct {
 	mutex sync.Mutex
 }
 
-func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl) (*MirroredGitRepo, error) {
+func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl, sshPool *ssh_pool.SshPool, authProviders *auth2.GitAuthProviders) (*MirroredGitRepo, error) {
 	mirrorRepoName := buildMirrorRepoName(u)
 	o := &MirroredGitRepo{
-		ctx:       ctx,
-		url:       u,
-		mirrorDir: filepath.Join(cacheBaseDir, mirrorRepoName),
+		ctx:           ctx,
+		sshPool:       sshPool,
+		authProviders: authProviders,
+		url:           u,
+		mirrorDir:     filepath.Join(cacheBaseDir, mirrorRepoName),
 	}
 
 	if !utils.IsDirectory(o.mirrorDir) {
@@ -185,26 +192,19 @@ func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error {
 	r, err := git.PlainOpen(repoDir)
 	if err != nil {
 		return err
 	}
 
-	auth := authProviders.BuildAuth(g.ctx, g.url)
+	auth := g.authProviders.BuildAuth(g.ctx, g.url)
 
-	remote, err := r.Remote("origin")
+	remoteRefs, err := g.listRemoteRefs(r, auth)
 	if err != nil {
 		return err
 	}
 
-	remoteRefs, err := remote.ListContext(g.ctx, &git.ListOptions{
-		Auth:     auth.AuthMethod,
-		CABundle: auth.CABundle,
-	})
-	if err != nil {
-		return err
-	}
 	remoteRefsMap := make(map[plumbing.ReferenceName]*plumbing.Reference)
 	for _, reference := range remoteRefs {
 		remoteRefsMap[reference.Name()] = reference
@@ -241,6 +241,10 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authPr
 	}
 
 	if changed {
+		remote, err := r.Remote("origin")
+		if err != nil {
+			return err
+		}
 		err = remote.FetchContext(g.ctx, &git.FetchOptions{
 			Auth:     auth.AuthMethod,
 			CABundle: auth.CABundle,
@@ -276,10 +280,10 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string, authPr
 	return nil
 }
 
-func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext, authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	if utils.IsFile(initMarker) {
-		return g.update(s, g.mirrorDir, authProviders)
+		return g.update(s, g.mirrorDir)
 	}
 	err := g.cleanupMirrorDir()
 	if err != nil {
@@ -309,7 +313,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext, authProviders *
 		return err
 	}
 
-	err = g.update(s, tmpMirrorDir, authProviders)
+	err = g.update(s, tmpMirrorDir)
 	if err != nil {
 		return err
 	}
@@ -331,9 +335,9 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext, authProviders *
 	return nil
 }
 
-func (g *MirroredGitRepo) Update(authProviders *auth2.GitAuthProviders) error {
+func (g *MirroredGitRepo) Update() error {
 	s := status.Start(g.ctx, "Updating git cache for %s", g.url.String())
-	err := g.cloneOrUpdate(s, authProviders)
+	err := g.cloneOrUpdate(s)
 	if err != nil {
 		s.FailedWithMessage(err.Error())
 		return err
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 3d34e2ec8..76b4aa813 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
@@ -20,6 +21,7 @@ import (
 type GitRepoCache struct {
 	ctx            context.Context
 	authProviders  *auth.GitAuthProviders
+	sshPool        *ssh_pool.SshPool
 	updateInterval time.Duration
 	repos          map[string]*CacheEntry
 	reposMutex     sync.Mutex
@@ -49,9 +51,10 @@ type clonedDir struct {
 	info git.CheckoutInfo
 }
 
-func NewGitRepoCache(ctx context.Context, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *GitRepoCache {
+func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *GitRepoCache {
 	return &GitRepoCache{
 		ctx:            ctx,
+		sshPool:        sshPool,
 		authProviders:  authProviders,
 		updateInterval: updateInterval,
 		repos:          map[string]*CacheEntry{},
@@ -74,7 +77,7 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 
 	e, ok := rp.repos[url.NormalizedRepoKey()]
 	if !ok {
-		mr, err := git.NewMirroredGitRepo(rp.ctx, url)
+		mr, err := git.NewMirroredGitRepo(rp.ctx, url, rp.sshPool, rp.authProviders)
 		if err != nil {
 			return nil, err
 		}
@@ -106,7 +109,7 @@ func (e *CacheEntry) Update() error {
 		if time.Now().Sub(e.mr.LastUpdateTime()) <= e.rp.updateInterval {
 			e.mr.SetUpdated(true)
 		} else {
-			err := e.mr.Update(e.rp.authProviders)
+			err := e.mr.Update()
 			if err != nil {
 				return err
 			}
diff --git a/pkg/git/ssh-pool/hostport.go b/pkg/git/ssh-pool/hostport.go
new file mode 100644
index 000000000..4ca5c5cc7
--- /dev/null
+++ b/pkg/git/ssh-pool/hostport.go
@@ -0,0 +1,45 @@
+package ssh_pool
+
+import (
+	"fmt"
+	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"strconv"
+)
+
+func getHostWithPort(host string, port int) string {
+	if addr, found := doGetHostWithPortFromSSHConfig(host, port); found {
+		return addr
+	}
+
+	if port <= 0 {
+		port = ssh.DefaultPort
+	}
+
+	return fmt.Sprintf("%s:%d", host, port)
+}
+
+func doGetHostWithPortFromSSHConfig(host string, port int) (addr string, found bool) {
+	if ssh.DefaultSSHConfig == nil {
+		return
+	}
+
+	configHost := ssh.DefaultSSHConfig.Get(host, "Hostname")
+	if configHost != "" {
+		host = configHost
+		found = true
+	}
+
+	if !found {
+		return
+	}
+
+	configPort := ssh.DefaultSSHConfig.Get(host, "Port")
+	if configPort != "" {
+		if i, err := strconv.Atoi(configPort); err == nil {
+			port = i
+		}
+	}
+
+	addr = fmt.Sprintf("%s:%d", host, port)
+	return
+}
diff --git a/pkg/git/ssh-pool/ssh_pool.go b/pkg/git/ssh-pool/ssh_pool.go
new file mode 100644
index 000000000..ccc6d46cd
--- /dev/null
+++ b/pkg/git/ssh-pool/ssh_pool.go
@@ -0,0 +1,177 @@
+package ssh_pool
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/net/proxy"
+	"sync"
+	"time"
+)
+
+const maxAge = time.Minute * 1
+
+type SshPool struct {
+	pool sync.Map
+	m    sync.Mutex
+}
+
+type poolEntry struct {
+	hash string
+	pc   *poolClient
+	m    sync.Mutex
+}
+
+type poolClient struct {
+	time         time.Time
+	sessionCount int
+	client       *ssh.Client
+}
+
+type PooledSession struct {
+	Session *ssh.Session
+	pe      *poolEntry
+	pc      *poolClient
+	hash    string
+}
+
+func (p *SshPool) GetSession(ctx context.Context, host string, port int, auth auth.AuthMethodAndCA) (*PooledSession, error) {
+	addr := getHostWithPort(host, port)
+
+	h, err := p.buildHash(addr, auth)
+	if err != nil {
+		return nil, err
+	}
+
+	pe1, _ := p.pool.LoadOrStore(h, &poolEntry{hash: h})
+	pe, _ := pe1.(*poolEntry)
+
+	pe.m.Lock()
+	defer pe.m.Unlock()
+
+	if pe.pc != nil {
+		if time.Now().Sub(pe.pc.time) > maxAge {
+			if pe.pc.sessionCount == 0 {
+				_ = pe.pc.client.Close()
+			}
+			pe.pc = nil
+		}
+	}
+
+	isNew := false
+	if pe.pc == nil {
+		isNew = true
+		client, err := p.newClient(ctx, addr, auth)
+		if err != nil {
+			p.pool.Delete(h)
+			return nil, err
+		}
+		pe.pc = &poolClient{
+			time:   time.Now(),
+			client: client,
+		}
+	}
+
+	s, err := pe.pc.client.NewSession()
+	if err != nil {
+		origErr := err
+		_ = pe.pc.client.Close()
+		pe.pc = nil
+		if isNew {
+			// don't retry with a fresh connection
+			p.pool.Delete(h)
+			return nil, err
+		} else {
+			// retry with a fresh connection
+			client, err := p.newClient(ctx, addr, auth)
+			if err != nil {
+				p.pool.Delete(h)
+				return nil, err
+			}
+			status.Trace(ctx, "Successfully retries failed ssh connection. Old error: %s", origErr)
+			pe.pc = &poolClient{
+				time:   time.Now(),
+				client: client,
+			}
+			s, err = pe.pc.client.NewSession()
+			if err != nil {
+				// something is completely wrong here, forget about the client
+				p.pool.Delete(h)
+				return nil, err
+			}
+		}
+	}
+
+	pe.pc.sessionCount += 1
+
+	ps := &PooledSession{
+		hash:    h,
+		pe:      pe,
+		pc:      pe.pc,
+		Session: s,
+	}
+	return ps, nil
+}
+
+func (ps *PooledSession) Close() error {
+	err := ps.Session.Close()
+
+	ps.pe.m.Lock()
+	defer ps.pe.m.Unlock()
+
+	ps.pc.sessionCount--
+
+	if ps.pe.pc != ps.pc {
+		_ = ps.pc.client.Close()
+	} else if ps.pc.sessionCount == 0 && time.Now().Sub(ps.pc.time) > maxAge {
+		_ = ps.pc.client.Close()
+		ps.pe.pc = nil
+	}
+
+	return err
+}
+
+func (p *SshPool) newClient(ctx context.Context, addr string, auth auth.AuthMethodAndCA) (*ssh.Client, error) {
+	conn, err := proxy.Dial(ctx, "tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+
+	config, err := auth.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	c, chans, reqs, err := ssh.NewClientConn(conn, addr, config)
+	if err != nil {
+		return nil, err
+	}
+	return ssh.NewClient(c, chans, reqs), nil
+}
+
+func (p *SshPool) buildHash(addr string, auth auth.AuthMethodAndCA) (string, error) {
+	if auth.PublicKeys == nil {
+		// this should not happen
+		return "", fmt.Errorf("auth has no PublicKeys")
+	}
+
+	config, err := auth.ClientConfig()
+	if err != nil {
+		return "", err
+	}
+
+	h := sha256.New()
+	_ = binary.Write(h, binary.LittleEndian, addr)
+	_ = binary.Write(h, binary.LittleEndian, config.User)
+
+	for _, pk := range auth.PublicKeys() {
+		_ = binary.Write(h, binary.LittleEndian, pk.Marshal())
+	}
+
+	return hex.EncodeToString(h.Sum(nil)), nil
+}

From 3a075cfb0473ea001b302c21feb367e713307c03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Jul 2022 13:31:17 +0200
Subject: [PATCH 0318/2268] tests: Fix tests compilation

---
 pkg/git/ssh-pool/ssh_pool.go | 1 -
 pkg/vars/vars_loader_test.go | 3 ++-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/git/ssh-pool/ssh_pool.go b/pkg/git/ssh-pool/ssh_pool.go
index ccc6d46cd..bbc84aa7c 100644
--- a/pkg/git/ssh-pool/ssh_pool.go
+++ b/pkg/git/ssh-pool/ssh_pool.go
@@ -18,7 +18,6 @@ const maxAge = time.Minute * 1
 
 type SshPool struct {
 	pool sync.Map
-	m    sync.Mutex
 }
 
 type poolEntry struct {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index ad7ee5be0..6cac07687 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -38,7 +39,7 @@ func newTestDir(t *testing.T) string {
 }
 
 func newRP(t *testing.T) *repocache.GitRepoCache {
-	grc := repocache.NewGitRepoCache(context.TODO(), auth.NewDefaultAuthProviders(), 0)
+	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(), 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 1ba1df71d0715a550e1aebf6e00d4b6bfa8943fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 1 Aug 2022 09:14:27 +0200
Subject: [PATCH 0319/2268] fix: Don't try to decrypt passphrase protected keys
 when calculating hash

Instead, use the encrypted key hash to calculate the auth entry hash.
This prevents passphrase prompts for keys that are already unlocked via
the ssh agent.
---
 pkg/git/auth/auth_provider.go      |  2 +-
 pkg/git/auth/hash.go               | 34 ++++++++++++++++++++++++++++++
 pkg/git/auth/list_auth_provider.go |  5 ++---
 pkg/git/auth/ssh_auth_provider.go  | 26 +++++++++++++++++------
 pkg/git/mirrored_repo.go           |  2 +-
 pkg/git/ssh-pool/ssh_pool.go       | 10 +++++----
 6 files changed, 64 insertions(+), 15 deletions(-)
 create mode 100644 pkg/git/auth/hash.go

diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 314d2536a..0eca67a60 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -11,7 +11,7 @@ type AuthMethodAndCA struct {
 	AuthMethod transport.AuthMethod
 	CABundle   []byte
 
-	PublicKeys   func() []ssh.PublicKey
+	Hash         func() ([]byte, error)
 	ClientConfig func() (*ssh.ClientConfig, error)
 }
 
diff --git a/pkg/git/auth/hash.go b/pkg/git/auth/hash.go
new file mode 100644
index 000000000..5c5ffdf82
--- /dev/null
+++ b/pkg/git/auth/hash.go
@@ -0,0 +1,34 @@
+package auth
+
+import (
+	"crypto/sha256"
+	"encoding/binary"
+	"golang.org/x/crypto/ssh"
+)
+
+type hashProvider interface {
+	Hash() ([]byte, error)
+}
+
+func buildHash(s ssh.Signer) ([]byte, error) {
+	if hp, ok := s.(hashProvider); ok {
+		return hp.Hash()
+	}
+	h := sha256.New()
+	_ = binary.Write(h, binary.LittleEndian, "pk")
+	_ = binary.Write(h, binary.LittleEndian, s.PublicKey().Marshal())
+	return h.Sum(nil), nil
+}
+
+func buildHashForList(signers []ssh.Signer) ([]byte, error) {
+	h := sha256.New()
+	_ = binary.Write(h, binary.LittleEndian, "signers")
+	for _, s := range signers {
+		h2, err := buildHash(s)
+		if err != nil {
+			return nil, err
+		}
+		_ = binary.Write(h, binary.LittleEndian, h2)
+	}
+	return h.Sum(nil), nil
+}
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 6e92f345e..532734c1d 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -6,7 +6,6 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	ssh2 "golang.org/x/crypto/ssh"
 	"strings"
 )
 
@@ -81,8 +80,8 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 				a.HostKeyCallback = buildVerifyHostCallback(ctx, e.KnownHosts)
 				return AuthMethodAndCA{
 					AuthMethod: a,
-					PublicKeys: func() []ssh2.PublicKey {
-						return []ssh2.PublicKey{a.Signer.PublicKey()}
+					Hash: func() ([]byte, error) {
+						return buildHash(a.Signer)
 					},
 					ClientConfig: a.ClientConfig,
 				}
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index d2de0669f..9c347192b 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -2,6 +2,8 @@ package auth
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/binary"
 	"fmt"
 	"github.com/kevinburke/ssh_config"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -121,13 +123,12 @@ func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 
 	return AuthMethodAndCA{
 		AuthMethod: auth,
-		PublicKeys: func() []ssh.PublicKey {
-			signers, _ := auth.Signers()
-			var ret []ssh.PublicKey
-			for _, s := range signers {
-				ret = append(ret, s.PublicKey())
+		Hash: func() ([]byte, error) {
+			signers, err := auth.Signers()
+			if err != nil {
+				return nil, err
 			}
-			return ret
+			return buildHashForList(signers)
 		},
 		ClientConfig: auth.ClientConfig,
 	}
@@ -211,6 +212,19 @@ func (k *dummyPublicKey) Verify(data []byte, sig *ssh.Signature) error {
 	return fmt.Errorf("this is a dummy key")
 }
 
+func (k *deferredPassphraseKey) Hash() ([]byte, error) {
+	pemBytes, err := ioutil.ReadFile(k.path)
+	if err != nil {
+		return nil, err
+	}
+
+	h := sha256.New()
+	_ = binary.Write(h, binary.LittleEndian, "dpk")
+	_ = binary.Write(h, binary.LittleEndian, pemBytes)
+
+	return h.Sum(nil), nil
+}
+
 func (k *deferredPassphraseKey) PublicKey() ssh.PublicKey {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 49e571530..3c3a271c1 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -222,7 +222,7 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error
 	})
 
 	var toDelete []*plumbing.Reference
-	changed := false
+	changed := true
 	for name, ref := range remoteRefsMap {
 		if name.String() != "HEAD" && !strings.HasPrefix(name.String(), "refs/heads/") && !strings.HasPrefix(name.String(), "refs/tags/") {
 			// we only fetch branches and tags
diff --git a/pkg/git/ssh-pool/ssh_pool.go b/pkg/git/ssh-pool/ssh_pool.go
index bbc84aa7c..fb60c220c 100644
--- a/pkg/git/ssh-pool/ssh_pool.go
+++ b/pkg/git/ssh-pool/ssh_pool.go
@@ -154,9 +154,9 @@ func (p *SshPool) newClient(ctx context.Context, addr string, auth auth.AuthMeth
 }
 
 func (p *SshPool) buildHash(addr string, auth auth.AuthMethodAndCA) (string, error) {
-	if auth.PublicKeys == nil {
+	if auth.Hash == nil {
 		// this should not happen
-		return "", fmt.Errorf("auth has no PublicKeys")
+		return "", fmt.Errorf("auth has no Hash")
 	}
 
 	config, err := auth.ClientConfig()
@@ -168,9 +168,11 @@ func (p *SshPool) buildHash(addr string, auth auth.AuthMethodAndCA) (string, err
 	_ = binary.Write(h, binary.LittleEndian, addr)
 	_ = binary.Write(h, binary.LittleEndian, config.User)
 
-	for _, pk := range auth.PublicKeys() {
-		_ = binary.Write(h, binary.LittleEndian, pk.Marshal())
+	h2, err := auth.Hash()
+	if err != nil {
+		return "", err
 	}
+	_ = binary.Write(h, binary.LittleEndian, h2)
 
 	return hex.EncodeToString(h.Sum(nil)), nil
 }

From da21d297560d653fb2d055935bbc7e5ddfd039c1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Aug 2022 09:19:38 +0200
Subject: [PATCH 0320/2268] chore: Run go get -u ./...

---
 go.mod | 113 ++++++++++++++++++++---------------------
 go.sum | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 212 insertions(+), 56 deletions(-)

diff --git a/go.mod b/go.mod
index 54167b996..2e5ea6a5c 100644
--- a/go.mod
+++ b/go.mod
@@ -3,75 +3,76 @@ module github.com/kluctl/kluctl/v2
 go 1.18
 
 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e
+	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.28
-	github.com/bitnami-labs/sealed-secrets v0.18.0
+	github.com/aws/aws-sdk-go v1.44.68
+	github.com/bitnami-labs/sealed-secrets v0.18.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
-	github.com/fluxcd/pkg/kustomize v0.5.1
+	github.com/fluxcd/pkg/kustomize v0.5.3
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
 	github.com/gobwas/glob v0.2.3
-	github.com/golang-jwt/jwt/v4 v4.4.1
-	github.com/google/go-containerregistry v0.9.0
-	github.com/hashicorp/vault/api v1.6.0
+	github.com/golang-jwt/jwt/v4 v4.4.2
+	github.com/google/go-containerregistry v0.11.0
+	github.com/hashicorp/vault/api v1.7.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/klauspost/compress v1.15.6
+	github.com/klauspost/compress v1.15.9
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.14.2
+	github.com/ohler55/ojg v1.14.3
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.8.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.4.0
+	github.com/sirupsen/logrus v1.9.0
+	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.12.0
 	github.com/stretchr/testify v1.7.2
 	github.com/vbauerster/mpb/v7 v7.4.2
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.1
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
+	golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+	golang.org/x/sys v0.0.0-20220731174439-a90be440212d
+	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
 	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.9.0
-	k8s.io/api v0.24.1
-	k8s.io/apiextensions-apiserver v0.24.1
-	k8s.io/apimachinery v0.24.1
-	k8s.io/client-go v0.24.1
-	k8s.io/klog/v2 v2.60.1
+	helm.sh/helm/v3 v3.9.2
+	k8s.io/api v0.24.3
+	k8s.io/apiextensions-apiserver v0.24.3
+	k8s.io/apimachinery v0.24.3
+	k8s.io/client-go v0.24.3
+	k8s.io/klog/v2 v2.70.1
 	sigs.k8s.io/kind v0.14.0
-	sigs.k8s.io/kustomize/api v0.11.5
-	sigs.k8s.io/kustomize/kyaml v0.13.7
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1
+	sigs.k8s.io/kustomize/api v0.12.1
+	sigs.k8s.io/kustomize/kyaml v0.13.9
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
 require (
-	cloud.google.com/go/compute v1.6.1 // indirect
+	cloud.google.com/go/compute v1.7.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/BurntSushi/toml v1.1.0 // indirect
+	github.com/BurntSushi/toml v1.2.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
@@ -83,6 +84,7 @@ require (
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
+	github.com/cloudflare/circl v1.2.0 // indirect
 	github.com/containerd/containerd v1.6.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.17+incompatible // indirect
@@ -91,7 +93,7 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
@@ -110,7 +112,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/btree v1.0.1 // indirect
+	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
@@ -121,7 +123,7 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.2.1 // indirect
+	github.com/hashicorp/go-hclog v1.2.2 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.4 // indirect
@@ -132,11 +134,11 @@ require (
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.5.0 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/sdk v0.5.0 // indirect
-	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
+	github.com/hashicorp/vault/sdk v0.5.3 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -171,21 +173,21 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.34.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/rubenv/sql-migrate v1.1.1 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/rivo/uniseg v0.3.1 // indirect
+	github.com/rubenv/sql-migrate v1.1.2 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.0 // indirect
@@ -194,26 +196,25 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
+	go.starlark.net v0.0.0-20220714194419-4cadf0a12139 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
-	golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 // indirect
-	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
+	golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c // indirect
+	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 // indirect
-	google.golang.org/grpc v1.47.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect
+	google.golang.org/grpc v1.48.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.24.1 // indirect
-	k8s.io/cli-runtime v0.24.1 // indirect
-	k8s.io/component-base v0.24.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 // indirect
-	k8s.io/kubectl v0.24.1 // indirect
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
-	oras.land/oras-go v1.1.1 // indirect
-	sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect
+	k8s.io/apiserver v0.24.3 // indirect
+	k8s.io/cli-runtime v0.24.3 // indirect
+	k8s.io/component-base v0.24.3 // indirect
+	k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
+	k8s.io/kubectl v0.24.3 // indirect
+	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	oras.land/oras-go v1.2.0 // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index af4a31531..a2dc07990 100644
--- a/go.sum
+++ b/go.sum
@@ -32,6 +32,7 @@ cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW
 cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
 cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
 cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
+cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -44,10 +45,13 @@ cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6m
 cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
 cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc=
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
+cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
+cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
+cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -60,6 +64,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Antonboom/errname v0.1.5/go.mod h1:DugbBstvPFQbv/5uLcRRzfrNqKE9tVdVCqWCLp6Cifo=
@@ -71,10 +76,14 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
 github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
+github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
+github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
 github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk=
+github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
@@ -86,11 +95,15 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ=
 github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
+github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
 github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
+github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -102,10 +115,12 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -124,6 +139,8 @@ github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmU
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b h1:lcbBNuQhppsc7A5gjdHmdlqUqJfgGMylBdGyDs0j7G8=
 github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf h1:aFFtnGZ6/2Qlvx80yxA2fFSYDQWTFjtKozQKB36A3/A=
+github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -171,6 +188,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.28 h1:h/OAqEqY18wq//v6h4GNPMmCkxuzSDrWuGyrvSiRqf4=
 github.com/aws/aws-sdk-go v1.44.28/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.68 h1:7zNr5+HLG0TMq+ZcZ8KhT4eT2KyL7v+u7/jANKEIinM=
+github.com/aws/aws-sdk-go v1.44.68/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -180,6 +199,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitnami-labs/sealed-secrets v0.18.0 h1:7LdfPRMyx9nGQW9204JM1F+F+s6xmaSBl8oNujlrCuc=
 github.com/bitnami-labs/sealed-secrets v0.18.0/go.mod h1:uV8CUHJQVcDOY9cZ1FdC1rtybC4ath+VGH+/dUQvBu0=
+github.com/bitnami-labs/sealed-secrets v0.18.1 h1:xXzi0Z6lArTykRGqCOC2rN3zN648zjQtkCzAVjJj9OY=
+github.com/bitnami-labs/sealed-secrets v0.18.1/go.mod h1:pOMGS1imRiIPLm7OpdD/s/OfgQmLkKxTqWruSEiQqCM=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
@@ -193,12 +214,15 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
+github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -213,6 +237,9 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
+github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec=
+github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8M+INXlMk=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -230,6 +257,7 @@ github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBd
 github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
 github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
 github.com/containerd/stargz-snapshotter/estargz v0.11.4 h1:LjrYUZpyOhiSaU7hHrdR82/RBoxfGWSaC0VeSSMXqnk=
+github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -247,6 +275,7 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
@@ -265,6 +294,7 @@ github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27N
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
+github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
 github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
@@ -291,6 +321,8 @@ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT
 github.com/emicklei/go-restful/v3 v3.7.5-0.20220308211933-7c971ca4d0fd/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
 github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
+github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -331,6 +363,8 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/kustomize v0.5.1 h1:151Ih34ltxN2z1e2mA5AvQONyE6phc4es57oVK3+plU=
 github.com/fluxcd/pkg/kustomize v0.5.1/go.mod h1:58MFITy24bIbGI6cC3JkV/YpFQj648sVvgs0K1kraJw=
+github.com/fluxcd/pkg/kustomize v0.5.3 h1:WpxNOV/Yklp0p7Qv85VwBegq9fABuLR9qSWaAVa3+yc=
+github.com/fluxcd/pkg/kustomize v0.5.3/go.mod h1:zy1FLxkEDADUykCnrXqq6rVN48t3uMhAb3ao+zv0rFE=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -448,6 +482,8 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
 github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -505,6 +541,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
+github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
+github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
 github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
 github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
@@ -529,6 +567,8 @@ github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.9.0 h1:5Ths7RjxyFV0huKChQTgY6fLzvHhZMpLTFNja8U0/0w=
 github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVonaJ7yaIOulrKZejMxnQ=
+github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
+github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -563,13 +603,16 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
 github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
+github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
+github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -625,6 +668,8 @@ github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39
 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw=
 github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M=
+github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -670,6 +715,8 @@ github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.5.0 h1:O293SZ2Eg+AAYijkVK3jR786Am1bhDEh2GHT0tIVE5E=
 github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -686,11 +733,17 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/vault/api v1.6.0 h1:B8UUYod1y1OoiGHq9GtpiqSnGOUEWHaA26AY8RQEDY4=
 github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc=
+github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ=
+github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
 github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ=
 github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo=
+github.com/hashicorp/vault/sdk v0.5.3 h1:PWY8sq/9pRrK9vUIy75qCH2Jd8oeENAgkaa/qbhzFrs=
+github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
 github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -766,6 +819,8 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY=
 github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
+github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -940,6 +995,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/ohler55/ojg v1.14.2 h1:EHdrwmDrOuTGpj1W2LrT/yKeUOkLMIk1cTYcm42Sjj0=
 github.com/ohler55/ojg v1.14.2/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
+github.com/ohler55/ojg v1.14.3 h1:kaKNsntZ0PuoXPXCY4kjPDbHOLXqokor6Deq/oVxAR0=
+github.com/ohler55/ojg v1.14.3/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
@@ -982,10 +1039,13 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
+github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw=
+github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
+github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
@@ -1030,6 +1090,8 @@ github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE=
 github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1039,6 +1101,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/pseudomuto/protoc-gen-doc v1.3.2/go.mod h1:y5+P6n3iGrbKG+9O04V5ld71in3v/bX88wUwgt+U8EA=
 github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q=
@@ -1054,6 +1118,8 @@ github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.3.1 h1:SDPP7SHNl1L7KrEFCSJslJ/DM9DT02Nq2C61XrfHMmk=
+github.com/rivo/uniseg v0.3.1/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -1065,6 +1131,8 @@ github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v1.1.1 h1:haR5Hn8hbW9/SpAICrXoZqXnywS7Q5WijwkQENPeNWY=
 github.com/rubenv/sql-migrate v1.1.1/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
+github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ=
+github.com/rubenv/sql-migrate v1.1.2/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
@@ -1098,6 +1166,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5NbprB0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -1111,6 +1181,8 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
 github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
+github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -1122,6 +1194,8 @@ github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSW
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
+github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
+github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -1261,6 +1335,8 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM=
 go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
+go.starlark.net v0.0.0-20220714194419-4cadf0a12139 h1:zMemyQYZSyEdPaUFixYICrXf/0Rfnil7+jiQRf5IBZ0=
+go.starlark.net v0.0.0-20220714194419-4cadf0a12139/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@@ -1303,8 +1379,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1405,8 +1484,11 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d h1:4SFsTMi4UahlKoloni7L4eYzhFRifURQLw+yv0QDCx8=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1429,6 +1511,9 @@ golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 h1:zwrSfklXn0gxyLRX/aR+q6cgHbV/ItVyzbPlbA+dkAw=
 golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c h1:q3gFqPqH7NVofKo3c3yETAP//pPI+G5mvB7qqj1Y5kY=
+golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1443,6 +1528,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1531,6 +1618,7 @@ golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1540,16 +1628,24 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
+golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
+golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1569,6 +1665,8 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
 golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
+golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1679,6 +1777,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1717,6 +1817,9 @@ google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/S
 google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
 google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
 google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
+google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
+google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
+google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1775,6 +1878,7 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
@@ -1808,8 +1912,16 @@ google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
 google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 h1:qRu95HZ148xXw+XeZ3dvqe85PxH4X8+jIo0iRPKcEnM=
 google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8/go.mod h1:yKyY4AMRwFiC8yMMNaMi+RkCnjZJt9LoWuvhXjMs+To=
+google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 h1:QntLWYqZeuBtJkth3m/6DLznnI0AHJr+AgJXvVh/izw=
+google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1843,9 +1955,12 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
+google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1862,6 +1977,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1913,6 +2030,8 @@ gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 helm.sh/helm/v3 v3.9.0 h1:qDSWViuF6SzZX5s5AB/NVRGWmdao7T5j4S4ebIkMGag=
 helm.sh/helm/v3 v3.9.0/go.mod h1:fzZfyslcPAWwSdkXrXlpKexFeE2Dei8N27FFQWt+PN0=
+helm.sh/helm/v3 v3.9.2 h1:bx7kdhr5VAhYoWv9bIdT1C6qWR+/7SIoPCwLx22l78g=
+helm.sh/helm/v3 v3.9.2/go.mod h1:y/dJc/0Lzcn40jgd85KQXnufhFF7sr4v6L/vYMLRaRM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1923,44 +2042,72 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 k8s.io/api v0.24.1 h1:BjCMRDcyEYz03joa3K1+rbshwh1Ay6oB53+iUx2H8UY=
 k8s.io/api v0.24.1/go.mod h1:JhoOvNiLXKTPQ60zh2g0ewpA+bnEYf5q44Flhquh4vQ=
+k8s.io/api v0.24.3 h1:tt55QEmKd6L2k5DP6G/ZzdMQKvG5ro4H4teClqm0sTY=
+k8s.io/api v0.24.3/go.mod h1:elGR/XSZrS7z7cSZPzVWaycpJuGIw57j9b95/1PdJNI=
 k8s.io/apiextensions-apiserver v0.24.1 h1:5yBh9+ueTq/kfnHQZa0MAo6uNcPrtxPMpNQgorBaKS0=
 k8s.io/apiextensions-apiserver v0.24.1/go.mod h1:A6MHfaLDGfjOc/We2nM7uewD5Oa/FnEbZ6cD7g2ca4Q=
+k8s.io/apiextensions-apiserver v0.24.3 h1:kyx+Tmro1qEsTUr07ZGQOfvTsF61yn+AxnxytBWq8As=
+k8s.io/apiextensions-apiserver v0.24.3/go.mod h1:cL0xkmUefpYM4f6IuOau+6NMFEIh6/7wXe/O4vPVJ8A=
 k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I=
 k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apimachinery v0.24.3 h1:hrFiNSA2cBZqllakVYyH/VyEh4B581bQRmqATJSeQTg=
+k8s.io/apimachinery v0.24.3/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
 k8s.io/apiserver v0.24.1 h1:LAA5UpPOeaREEtFAQRUQOI3eE5So/j5J3zeQJjeLdz4=
 k8s.io/apiserver v0.24.1/go.mod h1:dQWNMx15S8NqJMp0gpYfssyvhYnkilc1LpExd/dkLh0=
+k8s.io/apiserver v0.24.3 h1:J8CKjUaZopT0hSgxjzUyp3T1GK78iixxOuFpEC0MI3k=
+k8s.io/apiserver v0.24.3/go.mod h1:aXfwtIn4U27B7lYs5f2BKgz6DRbgWy+HJeYReN1jLJ8=
 k8s.io/cli-runtime v0.24.1 h1:IW6L8dRBq+pPTzvXcB+m/hOabzbqXy57Bqo4XxmW7DY=
 k8s.io/cli-runtime v0.24.1/go.mod h1:14aVvCTqkA7dNXY51N/6hRY3GUjchyWDOwW84qmR3bs=
+k8s.io/cli-runtime v0.24.3 h1:O9YvUHrDSCQUPlsqVmaqDrueqjpJ7IO6Yas9B6xGSoo=
+k8s.io/cli-runtime v0.24.3/go.mod h1:In84wauoMOqa7JDvDSXGbf8lTNlr70fOGpYlYfJtSqA=
 k8s.io/client-go v0.24.1 h1:w1hNdI9PFrzu3OlovVeTnf4oHDt+FJLd9Ndluvnb42E=
 k8s.io/client-go v0.24.1/go.mod h1:f1kIDqcEYmwXS/vTbbhopMUbhKp2JhOeVTfxgaCIlF8=
+k8s.io/client-go v0.24.3 h1:Nl1840+6p4JqkFWEW2LnMKU667BUxw03REfLAVhuKQY=
+k8s.io/client-go v0.24.3/go.mod h1:AAovolf5Z9bY1wIg2FZ8LPQlEdKHjLI7ZD4rw920BJw=
 k8s.io/code-generator v0.24.1/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
+k8s.io/code-generator v0.24.3/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
 k8s.io/component-base v0.24.1 h1:APv6W/YmfOWZfo+XJ1mZwep/f7g7Tpwvdbo9CQLDuts=
 k8s.io/component-base v0.24.1/go.mod h1:DW5vQGYVCog8WYpNob3PMmmsY8A3L9QZNg4j/dV3s38=
+k8s.io/component-base v0.24.3 h1:u99WjuHYCRJjS1xeLOx72DdRaghuDnuMgueiGMFy1ec=
+k8s.io/component-base v0.24.3/go.mod h1:bqom2IWN9Lj+vwAkPNOv2TflsP1PeVDIwIN0lRthxYY=
 k8s.io/component-helpers v0.24.1/go.mod h1:q5Z1pWV/QfX9ThuNeywxasiwkLw9KsR4Q9TAOdb/Y3s=
+k8s.io/component-helpers v0.24.3/go.mod h1:/1WNW8TfBOijQ1ED2uCHb4wtXYWDVNMqUll8h36iNVo=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
+k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
 k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 h1:cE/M8rmDQgibspuSm+X1iW16ByTImtEaapgaHoVSLX4=
 k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60/go.mod h1:ouUzE1U2mEv//HRoBwYLFE5pdqjIebvtX361vtEIlBI=
+k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs=
+k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0=
 k8s.io/kubectl v0.24.1 h1:gxcjHrnwntV1c+G/BHWVv4Mtk8CQJ0WTraElLBG+ddk=
 k8s.io/kubectl v0.24.1/go.mod h1:NzFqQ50B004fHYWOfhHTrAm4TY6oGF5FAAL13LEaeUI=
+k8s.io/kubectl v0.24.3 h1:PqY8ho/S/KuE2/hCC3Iee7X+lOtARYo0LQsNzvV/edE=
+k8s.io/kubectl v0.24.3/go.mod h1:PYLcvw96sC1NLbxZEDbdlOEd6/C76VIWjGmWV5QjSk0=
 k8s.io/metrics v0.24.1/go.mod h1:vMs5xpcOyY9D+/XVwlaw8oUHYCo6JTGBCZfyXOOkAhE=
+k8s.io/metrics v0.24.3/go.mod h1:p1M0lhMySWfhISkSd3HEj8xIgrVnJTK3PPhFq2rA3To=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
+k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
 mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE=
 oras.land/oras-go v1.1.1 h1:gI00ftziRivKXaw1BdMeEoIA4uBgga33iVlOsEwefFs=
 oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ=
+oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
+oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
@@ -1968,19 +2115,27 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lR
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 h1:2sgAQQcY0dEW2SsQwTXhQV4vO6+rSslYx8K3XmM5hqQ=
 sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
+sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
 sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
 sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
 sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag=
 sigs.k8s.io/kustomize/api v0.11.5/go.mod h1:2UDpxS6AonWXow2ZbySd4AjUxmdXLeTlvGBC46uSiq8=
+sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
+sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/cmd/config v0.10.6/go.mod h1:/S4A4nUANUa4bZJ/Edt7ZQTyKOY9WCER0uBS1SW2Rco=
 sigs.k8s.io/kustomize/kustomize/v4 v4.5.4/go.mod h1:Zo/Xc5FKD6sHl0lilbrieeGeZHVYCA4BzxeAaLI05Bg=
 sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
 sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3tk=
 sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU=
+sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
+sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From 9d20bb4a5ee6a82f021b327e801f12fb2033cc97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 Aug 2022 17:43:15 +0200
Subject: [PATCH 0321/2268] refactor: Pull in python dependencies from
 kluctl-python-deps project

Instead of requiring generation of static python archives. This also removes
the need for vendoring and generation.
---
 .github/workflows/tests.yml                 |   6 -
 .gitignore                                  |   2 -
 .goreleaser.yaml                            |   1 -
 Makefile                                    |  17 +-
 go.mod                                      |   3 +-
 go.sum                                      | 144 +--------------
 pkg/jinja2/embed/python_src.dummy           |   0
 pkg/jinja2/generate/main.go                 |  55 ------
 pkg/jinja2/jinja2_renderer.go               |   2 +-
 pkg/jinja2/python_src/dummy.go              |   1 -
 pkg/jinja2/python_src/requirements.txt      |   4 -
 pkg/jinja2/source.go                        |  75 ++++++--
 pkg/jinja2/tools.go                         |   9 -
 pkg/python/.gitignore                       |   2 -
 pkg/python/cmd.go                           |  24 ---
 pkg/python/embed.go                         |  40 ----
 pkg/python/embed/python-darwin-amd64.dummy  |   0
 pkg/python/embed/python-darwin-arm64.dummy  |   0
 pkg/python/embed/python-linux-amd64.dummy   |   0
 pkg/python/embed/python-linux-arm64.dummy   |   0
 pkg/python/embed/python-windows-amd64.dummy |   0
 pkg/python/embed_darwin_amd64.go            |   6 -
 pkg/python/embed_darwin_arm64.go            |   6 -
 pkg/python/embed_linux_amd64.go             |   6 -
 pkg/python/embed_linux_arm64.go             |   6 -
 pkg/python/embed_windows_amd64.go           |   6 -
 pkg/python/generate/main.go                 | 195 --------------------
 pkg/python/tools.go                         |   8 -
 pkg/utils/embed_util/extract.go             | 134 --------------
 pkg/utils/embed_util/packer/packer.go       | 147 ---------------
 pkg/utils/tar.go                            | 190 -------------------
 31 files changed, 73 insertions(+), 1016 deletions(-)
 delete mode 100644 pkg/jinja2/embed/python_src.dummy
 delete mode 100644 pkg/jinja2/generate/main.go
 delete mode 100644 pkg/jinja2/python_src/dummy.go
 delete mode 100644 pkg/jinja2/python_src/requirements.txt
 delete mode 100644 pkg/jinja2/tools.go
 delete mode 100644 pkg/python/.gitignore
 delete mode 100644 pkg/python/cmd.go
 delete mode 100644 pkg/python/embed.go
 delete mode 100644 pkg/python/embed/python-darwin-amd64.dummy
 delete mode 100644 pkg/python/embed/python-darwin-arm64.dummy
 delete mode 100644 pkg/python/embed/python-linux-amd64.dummy
 delete mode 100644 pkg/python/embed/python-linux-arm64.dummy
 delete mode 100644 pkg/python/embed/python-windows-amd64.dummy
 delete mode 100644 pkg/python/embed_darwin_amd64.go
 delete mode 100644 pkg/python/embed_darwin_arm64.go
 delete mode 100644 pkg/python/embed_linux_amd64.go
 delete mode 100644 pkg/python/embed_linux_arm64.go
 delete mode 100644 pkg/python/embed_windows_amd64.go
 delete mode 100644 pkg/python/generate/main.go
 delete mode 100644 pkg/python/tools.go
 delete mode 100644 pkg/utils/embed_util/extract.go
 delete mode 100644 pkg/utils/embed_util/packer/packer.go
 delete mode 100644 pkg/utils/tar.go

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 759044bff..509758756 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -28,12 +28,6 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
-      - name: Go Mod Vendor
-        run: |
-          go mod vendor
-      - name: Go Generate
-        run: |
-          go generate ./...
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v
diff --git a/.gitignore b/.gitignore
index 3158e3eb0..8079ea478 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,8 +7,6 @@
 .secrets.yml
 .sealed-secrets
 
-/vendor
-/download-python
 /kluctl
 /kluctl.exe
 /e2e.test*
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 2461d3dd0..9570d3b69 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,7 +1,6 @@
 before:
   hooks:
     - go mod tidy
-    - go generate ./...
 builds:
   - <<: &build_defaults
       binary: kluctl
diff --git a/Makefile b/Makefile
index 6372eb9d5..631cc08ee 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ WHITE  := $(shell tput -Txterm setaf 7)
 CYAN   := $(shell tput -Txterm setaf 6)
 RESET  := $(shell tput -Txterm sgr0)
 
-.PHONY: all test build vendor check-kubectl check-helm check-kind
+.PHONY: all test build check-kubectl check-helm check-kind
 
 all: help
 
@@ -30,11 +30,11 @@ check-kind: ## Checks if kind is installed
 	kind version
 
 ## Build:
-build: vendor generate build-go ## Run the complete build pipeline
+build: build-go ## Run the complete build pipeline
 
 build-go:  ## Build your project and put the output binary in ./bin/
 	mkdir -p ./bin
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -mod vendor -o ./bin/$(BINARY_NAME)
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -o ./bin/$(BINARY_NAME)
 
 clean: ## Remove build related file
 	rm -fr ./bin
@@ -42,13 +42,6 @@ clean: ## Remove build related file
 	rm -fr ./reports
 	rm -fr ./download-python
 
-vendor: ## Copy of all packages needed to support builds and tests in the vendor directory
-	$(GOCMD) mod vendor
-
-generate: ## Generating Python and Jinja2 support
-	$(GOCMD) generate ./...
-	$(GOCMD) generate -tags linux,darwin,windows,amd64,arm64 ./pkg/python
-
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite
 
@@ -61,10 +54,10 @@ ifeq ($(EXPORT_RESULT), true)
 	GO111MODULE=off $(GOCMD) get -u github.com/jstemmer/go-junit-report
 	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > reports/test-unit/junit-report.xml)
 endif
-	$(GOTEST) -v -race $(shell go list ./... | grep -v /e2e/ | grep -v /vendor/) $(OUTPUT_OPTIONS)
+	$(GOTEST) -v -race $(shell go list ./... | grep -v /e2e/) $(OUTPUT_OPTIONS)
 
 coverage-unit: ## Run the unit tests of the project and export the coverage
-	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/ | grep -v /vendor/)
+	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/)
 	$(GOCMD) tool cover -func profile.cov
 ifeq ($(EXPORT_RESULT), true)
 	mkdir -p reports/coverage-unit
diff --git a/go.mod b/go.mod
index 2e5ea6a5c..4364baad0 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/klauspost/compress v1.15.9
+	github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
@@ -146,6 +146,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.15.9 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
diff --git a/go.sum b/go.sum
index a2dc07990..c55806e56 100644
--- a/go.sum
+++ b/go.sum
@@ -43,7 +43,6 @@ cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTB
 cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
 cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
 cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
-cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc=
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
 cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
@@ -74,14 +73,10 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
-github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
-github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
 github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
 github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
-github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk=
 github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
@@ -93,15 +88,11 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ=
-github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
@@ -115,12 +106,10 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -137,8 +126,6 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b h1:lcbBNuQhppsc7A5gjdHmdlqUqJfgGMylBdGyDs0j7G8=
-github.com/ProtonMail/go-crypto v0.0.0-20220517143526-88bb52951d5b/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf h1:aFFtnGZ6/2Qlvx80yxA2fFSYDQWTFjtKozQKB36A3/A=
 github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -170,7 +157,6 @@ github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8Q=
 github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -186,8 +172,6 @@ github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9D
 github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.28 h1:h/OAqEqY18wq//v6h4GNPMmCkxuzSDrWuGyrvSiRqf4=
-github.com/aws/aws-sdk-go v1.44.28/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.68 h1:7zNr5+HLG0TMq+ZcZ8KhT4eT2KyL7v+u7/jANKEIinM=
 github.com/aws/aws-sdk-go v1.44.68/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
@@ -197,8 +181,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.18.0 h1:7LdfPRMyx9nGQW9204JM1F+F+s6xmaSBl8oNujlrCuc=
-github.com/bitnami-labs/sealed-secrets v0.18.0/go.mod h1:uV8CUHJQVcDOY9cZ1FdC1rtybC4ath+VGH+/dUQvBu0=
 github.com/bitnami-labs/sealed-secrets v0.18.1 h1:xXzi0Z6lArTykRGqCOC2rN3zN648zjQtkCzAVjJj9OY=
 github.com/bitnami-labs/sealed-secrets v0.18.1/go.mod h1:pOMGS1imRiIPLm7OpdD/s/OfgQmLkKxTqWruSEiQqCM=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
@@ -216,13 +198,11 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe
 github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -256,7 +236,6 @@ github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u9
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
 github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
-github.com/containerd/stargz-snapshotter/estargz v0.11.4 h1:LjrYUZpyOhiSaU7hHrdR82/RBoxfGWSaC0VeSSMXqnk=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -293,7 +272,6 @@ github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCF
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
 github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -318,9 +296,6 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7fo
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful/v3 v3.7.5-0.20220308211933-7c971ca4d0fd/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
-github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
@@ -343,7 +318,6 @@ github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQL
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
@@ -356,20 +330,15 @@ github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGE
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
-github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/pkg/kustomize v0.5.1 h1:151Ih34ltxN2z1e2mA5AvQONyE6phc4es57oVK3+plU=
-github.com/fluxcd/pkg/kustomize v0.5.1/go.mod h1:58MFITy24bIbGI6cC3JkV/YpFQj648sVvgs0K1kraJw=
 github.com/fluxcd/pkg/kustomize v0.5.3 h1:WpxNOV/Yklp0p7Qv85VwBegq9fABuLR9qSWaAVa3+yc=
 github.com/fluxcd/pkg/kustomize v0.5.3/go.mod h1:zy1FLxkEDADUykCnrXqq6rVN48t3uMhAb3ao+zv0rFE=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y=
-github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -384,7 +353,6 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -407,7 +375,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -448,7 +415,6 @@ github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
-github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
 github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
 github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
@@ -480,8 +446,6 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
-github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
@@ -539,7 +503,6 @@ github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
@@ -565,8 +528,6 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.9.0 h1:5Ths7RjxyFV0huKChQTgY6fLzvHhZMpLTFNja8U0/0w=
-github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVonaJ7yaIOulrKZejMxnQ=
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
 github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -664,57 +625,40 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw=
-github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M=
 github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
 github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
 github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
 github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
 github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ=
 github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.5.0 h1:O293SZ2Eg+AAYijkVK3jR786Am1bhDEh2GHT0tIVE5E=
-github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
@@ -731,17 +675,10 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
-github.com/hashicorp/vault/api v1.6.0 h1:B8UUYod1y1OoiGHq9GtpiqSnGOUEWHaA26AY8RQEDY4=
-github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc=
 github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ=
 github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
-github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ=
-github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo=
 github.com/hashicorp/vault/sdk v0.5.3 h1:PWY8sq/9pRrK9vUIy75qCH2Jd8oeENAgkaa/qbhzFrs=
 github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
-github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@@ -768,7 +705,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
-github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
 github.com/jhump/protoreflect v1.6.1 h1:4/2yi5LyDPP7nN+Hiird1SAJ6YoxUm13/oxHGRnbPd8=
 github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
 github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
@@ -817,10 +753,10 @@ github.com/kisielk/errcheck v1.6.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY=
-github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd h1:CTUYp06sH7d38kfHY+tysa9jhQuo1C9ssSlVR1hFuDA=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -935,7 +871,6 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
-github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
 github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
@@ -993,11 +928,8 @@ github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/ohler55/ojg v1.14.2 h1:EHdrwmDrOuTGpj1W2LrT/yKeUOkLMIk1cTYcm42Sjj0=
-github.com/ohler55/ojg v1.14.2/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
 github.com/ohler55/ojg v1.14.3 h1:kaKNsntZ0PuoXPXCY4kjPDbHOLXqokor6Deq/oVxAR0=
 github.com/ohler55/ojg v1.14.3/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@@ -1013,6 +945,7 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
@@ -1037,16 +970,12 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
-github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw=
 github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
-github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
-github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -1088,8 +1017,6 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE=
-github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
 github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -1099,7 +1026,6 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
@@ -1116,7 +1042,6 @@ github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mo
 github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.3.1 h1:SDPP7SHNl1L7KrEFCSJslJ/DM9DT02Nq2C61XrfHMmk=
 github.com/rivo/uniseg v0.3.1/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -1129,8 +1054,6 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
-github.com/rubenv/sql-migrate v1.1.1 h1:haR5Hn8hbW9/SpAICrXoZqXnywS7Q5WijwkQENPeNWY=
-github.com/rubenv/sql-migrate v1.1.1/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
 github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ=
 github.com/rubenv/sql-migrate v1.1.2/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@@ -1164,7 +1087,6 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -1179,8 +1101,6 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
-github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
 github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
 github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -1192,7 +1112,6 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
@@ -1224,7 +1143,6 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -1333,8 +1251,6 @@ go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
-go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM=
-go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.starlark.net v0.0.0-20220714194419-4cadf0a12139 h1:zMemyQYZSyEdPaUFixYICrXf/0Rfnil7+jiQRf5IBZ0=
 go.starlark.net v0.0.0-20220714194419-4cadf0a12139/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -1380,8 +1296,6 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1422,7 +1336,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1485,7 +1398,6 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d h1:4SFsTMi4UahlKoloni7L4eYzhFRifURQLw+yv0QDCx8=
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
 golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
@@ -1509,8 +1421,6 @@ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 h1:zwrSfklXn0gxyLRX/aR+q6cgHbV/ItVyzbPlbA+dkAw=
-golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
 golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c h1:q3gFqPqH7NVofKo3c3yETAP//pPI+G5mvB7qqj1Y5kY=
 golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
@@ -1526,7 +1436,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1633,7 +1542,6 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1642,8 +1550,6 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1663,8 +1569,6 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
-golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1916,8 +1820,6 @@ google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX
 google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8 h1:qRu95HZ148xXw+XeZ3dvqe85PxH4X8+jIo0iRPKcEnM=
-google.golang.org/genproto v0.0.0-20220602131408-e326c6e8e9c8/go.mod h1:yKyY4AMRwFiC8yMMNaMi+RkCnjZJt9LoWuvhXjMs+To=
 google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 h1:QntLWYqZeuBtJkth3m/6DLznnI0AHJr+AgJXvVh/izw=
@@ -1952,12 +1854,10 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8=
 google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
 google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
@@ -1975,7 +1875,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
@@ -2001,7 +1900,6 @@ gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -2028,8 +1926,6 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-helm.sh/helm/v3 v3.9.0 h1:qDSWViuF6SzZX5s5AB/NVRGWmdao7T5j4S4ebIkMGag=
-helm.sh/helm/v3 v3.9.0/go.mod h1:fzZfyslcPAWwSdkXrXlpKexFeE2Dei8N27FFQWt+PN0=
 helm.sh/helm/v3 v3.9.2 h1:bx7kdhr5VAhYoWv9bIdT1C6qWR+/7SIoPCwLx22l78g=
 helm.sh/helm/v3 v3.9.2/go.mod h1:y/dJc/0Lzcn40jgd85KQXnufhFF7sr4v6L/vYMLRaRM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2040,63 +1936,38 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.24.1 h1:BjCMRDcyEYz03joa3K1+rbshwh1Ay6oB53+iUx2H8UY=
-k8s.io/api v0.24.1/go.mod h1:JhoOvNiLXKTPQ60zh2g0ewpA+bnEYf5q44Flhquh4vQ=
 k8s.io/api v0.24.3 h1:tt55QEmKd6L2k5DP6G/ZzdMQKvG5ro4H4teClqm0sTY=
 k8s.io/api v0.24.3/go.mod h1:elGR/XSZrS7z7cSZPzVWaycpJuGIw57j9b95/1PdJNI=
-k8s.io/apiextensions-apiserver v0.24.1 h1:5yBh9+ueTq/kfnHQZa0MAo6uNcPrtxPMpNQgorBaKS0=
-k8s.io/apiextensions-apiserver v0.24.1/go.mod h1:A6MHfaLDGfjOc/We2nM7uewD5Oa/FnEbZ6cD7g2ca4Q=
 k8s.io/apiextensions-apiserver v0.24.3 h1:kyx+Tmro1qEsTUr07ZGQOfvTsF61yn+AxnxytBWq8As=
 k8s.io/apiextensions-apiserver v0.24.3/go.mod h1:cL0xkmUefpYM4f6IuOau+6NMFEIh6/7wXe/O4vPVJ8A=
-k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I=
-k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
 k8s.io/apimachinery v0.24.3 h1:hrFiNSA2cBZqllakVYyH/VyEh4B581bQRmqATJSeQTg=
 k8s.io/apimachinery v0.24.3/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
-k8s.io/apiserver v0.24.1 h1:LAA5UpPOeaREEtFAQRUQOI3eE5So/j5J3zeQJjeLdz4=
-k8s.io/apiserver v0.24.1/go.mod h1:dQWNMx15S8NqJMp0gpYfssyvhYnkilc1LpExd/dkLh0=
 k8s.io/apiserver v0.24.3 h1:J8CKjUaZopT0hSgxjzUyp3T1GK78iixxOuFpEC0MI3k=
 k8s.io/apiserver v0.24.3/go.mod h1:aXfwtIn4U27B7lYs5f2BKgz6DRbgWy+HJeYReN1jLJ8=
-k8s.io/cli-runtime v0.24.1 h1:IW6L8dRBq+pPTzvXcB+m/hOabzbqXy57Bqo4XxmW7DY=
-k8s.io/cli-runtime v0.24.1/go.mod h1:14aVvCTqkA7dNXY51N/6hRY3GUjchyWDOwW84qmR3bs=
 k8s.io/cli-runtime v0.24.3 h1:O9YvUHrDSCQUPlsqVmaqDrueqjpJ7IO6Yas9B6xGSoo=
 k8s.io/cli-runtime v0.24.3/go.mod h1:In84wauoMOqa7JDvDSXGbf8lTNlr70fOGpYlYfJtSqA=
-k8s.io/client-go v0.24.1 h1:w1hNdI9PFrzu3OlovVeTnf4oHDt+FJLd9Ndluvnb42E=
-k8s.io/client-go v0.24.1/go.mod h1:f1kIDqcEYmwXS/vTbbhopMUbhKp2JhOeVTfxgaCIlF8=
 k8s.io/client-go v0.24.3 h1:Nl1840+6p4JqkFWEW2LnMKU667BUxw03REfLAVhuKQY=
 k8s.io/client-go v0.24.3/go.mod h1:AAovolf5Z9bY1wIg2FZ8LPQlEdKHjLI7ZD4rw920BJw=
-k8s.io/code-generator v0.24.1/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
 k8s.io/code-generator v0.24.3/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
-k8s.io/component-base v0.24.1 h1:APv6W/YmfOWZfo+XJ1mZwep/f7g7Tpwvdbo9CQLDuts=
-k8s.io/component-base v0.24.1/go.mod h1:DW5vQGYVCog8WYpNob3PMmmsY8A3L9QZNg4j/dV3s38=
 k8s.io/component-base v0.24.3 h1:u99WjuHYCRJjS1xeLOx72DdRaghuDnuMgueiGMFy1ec=
 k8s.io/component-base v0.24.3/go.mod h1:bqom2IWN9Lj+vwAkPNOv2TflsP1PeVDIwIN0lRthxYY=
-k8s.io/component-helpers v0.24.1/go.mod h1:q5Z1pWV/QfX9ThuNeywxasiwkLw9KsR4Q9TAOdb/Y3s=
 k8s.io/component-helpers v0.24.3/go.mod h1:/1WNW8TfBOijQ1ED2uCHb4wtXYWDVNMqUll8h36iNVo=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
-k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
-k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 h1:cE/M8rmDQgibspuSm+X1iW16ByTImtEaapgaHoVSLX4=
-k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60/go.mod h1:ouUzE1U2mEv//HRoBwYLFE5pdqjIebvtX361vtEIlBI=
 k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs=
 k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0=
-k8s.io/kubectl v0.24.1 h1:gxcjHrnwntV1c+G/BHWVv4Mtk8CQJ0WTraElLBG+ddk=
-k8s.io/kubectl v0.24.1/go.mod h1:NzFqQ50B004fHYWOfhHTrAm4TY6oGF5FAAL13LEaeUI=
 k8s.io/kubectl v0.24.3 h1:PqY8ho/S/KuE2/hCC3Iee7X+lOtARYo0LQsNzvV/edE=
 k8s.io/kubectl v0.24.3/go.mod h1:PYLcvw96sC1NLbxZEDbdlOEd6/C76VIWjGmWV5QjSk0=
-k8s.io/metrics v0.24.1/go.mod h1:vMs5xpcOyY9D+/XVwlaw8oUHYCo6JTGBCZfyXOOkAhE=
 k8s.io/metrics v0.24.3/go.mod h1:p1M0lhMySWfhISkSd3HEj8xIgrVnJTK3PPhFq2rA3To=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@@ -2104,8 +1975,6 @@ mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
 mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE=
-oras.land/oras-go v1.1.1 h1:gI00ftziRivKXaw1BdMeEoIA4uBgga33iVlOsEwefFs=
-oras.land/oras-go v1.1.1/go.mod h1:n2TE1ummt9MUyprGhT+Q7kGZUF4kVUpYysPFxeV2IpQ=
 oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
 oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
@@ -2113,26 +1982,19 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
-sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 h1:2sgAQQcY0dEW2SsQwTXhQV4vO6+rSslYx8K3XmM5hqQ=
-sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
 sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
 sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
-sigs.k8s.io/kustomize/api v0.11.5 h1:vLDp++YAX7iy2y2CVPJNy9pk9CY8XaUKgHkjbVtnWag=
-sigs.k8s.io/kustomize/api v0.11.5/go.mod h1:2UDpxS6AonWXow2ZbySd4AjUxmdXLeTlvGBC46uSiq8=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/cmd/config v0.10.6/go.mod h1:/S4A4nUANUa4bZJ/Edt7ZQTyKOY9WCER0uBS1SW2Rco=
 sigs.k8s.io/kustomize/kustomize/v4 v4.5.4/go.mod h1:Zo/Xc5FKD6sHl0lilbrieeGeZHVYCA4BzxeAaLI05Bg=
 sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
-sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3tk=
-sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
 sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
diff --git a/pkg/jinja2/embed/python_src.dummy b/pkg/jinja2/embed/python_src.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/jinja2/generate/main.go b/pkg/jinja2/generate/main.go
deleted file mode 100644
index 9da3d4f4e..000000000
--- a/pkg/jinja2/generate/main.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package main
-
-import (
-	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util/packer"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-)
-
-func main() {
-	pipWheel()
-}
-
-func pipWheel() {
-	_ = os.RemoveAll("python_src/wheel")
-	_ = os.MkdirAll("python_src/wheel", 0o700)
-
-	cmd := exec.Command("pip3", "wheel", "-r", "../requirements.txt")
-	cmd.Dir = "python_src/wheel"
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	err := cmd.Run()
-	if err != nil {
-		panic(err)
-	}
-
-	wheels, err := os.ReadDir("python_src/wheel")
-	if err != nil {
-		panic(err)
-	}
-	for _, w := range wheels {
-		if !strings.HasSuffix(w.Name(), ".whl") {
-			continue
-		}
-
-		cmd = exec.Command("unzip", w.Name())
-		cmd.Dir = "python_src/wheel"
-
-		err = cmd.Run()
-		if err != nil {
-			panic(err)
-		}
-
-		err = os.Remove(filepath.Join("python_src/wheel", w.Name()))
-		if err != nil {
-			panic(err)
-		}
-	}
-
-	err = packer.Pack("embed/python_src.tar.gz", "python_src", "*")
-	if err != nil {
-		panic(err)
-	}
-}
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index 8895f2366..e5b64ef73 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -5,7 +5,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/python"
+	"github.com/kluctl/kluctl-python-deps/pkg/python"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io"
 	"io/ioutil"
diff --git a/pkg/jinja2/python_src/dummy.go b/pkg/jinja2/python_src/dummy.go
deleted file mode 100644
index 60d276519..000000000
--- a/pkg/jinja2/python_src/dummy.go
+++ /dev/null
@@ -1 +0,0 @@
-package python_src
diff --git a/pkg/jinja2/python_src/requirements.txt b/pkg/jinja2/python_src/requirements.txt
deleted file mode 100644
index 9ee2b287d..000000000
--- a/pkg/jinja2/python_src/requirements.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-jinja2===3.1.2
-click==8.1.3
-jsonpath-ng==1.5.3
-pyyaml==6.0
diff --git a/pkg/jinja2/source.go b/pkg/jinja2/source.go
index d9ab49bb4..b80377261 100644
--- a/pkg/jinja2/source.go
+++ b/pkg/jinja2/source.go
@@ -1,16 +1,22 @@
 package jinja2
 
 import (
+	"crypto/sha256"
 	"embed"
+	"encoding/binary"
+	"encoding/hex"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
+	"github.com/rogpeppe/go-internal/lockedfile"
+	"io/fs"
+	"os"
 	"path/filepath"
 )
 
-//go:generate go run ./generate
+//go:embed python_src
+var _pythonSrc embed.FS
+var pythonSrc, _ = fs.Sub(_pythonSrc, "python_src")
 
-//go:embed embed/python_src.*
-var pythonSrc embed.FS
 var pythonSrcExtracted string
 
 func init() {
@@ -22,23 +28,66 @@ func init() {
 }
 
 func extractSource() (string, error) {
-	tgz, err := pythonSrc.Open("embed/python_src.tar.gz")
+	hash := calcEmbeddedHash(pythonSrc)
+
+	targetPath := filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("jinja2-%s", hash[:16]))
+
+	lock, err := lockedfile.Create(targetPath + ".lock")
 	if err != nil {
 		return "", err
 	}
-	defer tgz.Close()
+	defer lock.Close()
 
-	fileList, err := pythonSrc.Open("embed/python_src.tar.gz.files")
+	err = fs.WalkDir(pythonSrc, ".", func(path string, d fs.DirEntry, err error) error {
+		if d == nil || d.IsDir() {
+			return nil
+		}
+		data, err := fs.ReadFile(pythonSrc, path)
+		if err != nil {
+			return err
+		}
+		targetPath2 := filepath.Join(targetPath, path)
+		err = os.MkdirAll(filepath.Dir(targetPath2), 0o755)
+		if err != nil {
+			return err
+		}
+
+		err = os.WriteFile(targetPath2+".tmp", data, 0o644)
+		if err != nil {
+			return err
+		}
+		err = os.Rename(targetPath2+".tmp", targetPath2)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
 	if err != nil {
 		return "", err
 	}
-	defer fileList.Close()
 
-	libPath := filepath.Join(utils.GetTmpBaseDir(), "jinja2-src")
-	libPath, err = embed_util.ExtractTarToTmp(tgz, fileList, libPath)
+	return targetPath, nil
+}
+
+func calcEmbeddedHash(fs1 fs.FS) string {
+	h := sha256.New()
+	err := fs.WalkDir(fs1, ".", func(path string, d fs.DirEntry, err error) error {
+		_ = binary.Write(h, binary.LittleEndian, path)
+		if d.IsDir() {
+			_ = binary.Write(h, binary.LittleEndian, "dir")
+		} else {
+			_ = binary.Write(h, binary.LittleEndian, "regular")
+			data, err := fs.ReadFile(fs1, path)
+			if err != nil {
+				panic(err)
+			}
+			_ = binary.Write(h, binary.LittleEndian, len(data))
+			_ = binary.Write(h, binary.LittleEndian, data)
+		}
+		return nil
+	})
 	if err != nil {
-		return "", err
+		panic(err)
 	}
-
-	return libPath, nil
+	return hex.EncodeToString(h.Sum(nil))
 }
diff --git a/pkg/jinja2/tools.go b/pkg/jinja2/tools.go
deleted file mode 100644
index 839cd9103..000000000
--- a/pkg/jinja2/tools.go
+++ /dev/null
@@ -1,9 +0,0 @@
-//go:build tools
-// +build tools
-
-package tools
-
-import (
-	_ "github.com/kluctl/kluctl/v2/pkg/jinja2/generate"
-	_ "github.com/kluctl/kluctl/v2/pkg/jinja2/python_src"
-)
diff --git a/pkg/python/.gitignore b/pkg/python/.gitignore
deleted file mode 100644
index 01ec3b178..000000000
--- a/pkg/python/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*.tar.gz
-*.files
diff --git a/pkg/python/cmd.go b/pkg/python/cmd.go
deleted file mode 100644
index eea32c554..000000000
--- a/pkg/python/cmd.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package python
-
-import (
-	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"runtime"
-)
-
-func PythonCmd(args []string) *exec.Cmd {
-	var exePath string
-	if runtime.GOOS == "windows" {
-		exePath = filepath.Join(embeddedPythonPath, "python.exe")
-	} else {
-		exePath = filepath.Join(embeddedPythonPath, "bin/python3")
-	}
-
-	cmd := exec.Command(exePath, args...)
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, fmt.Sprintf("PYTHONHOME=%s", embeddedPythonPath))
-
-	return cmd
-}
diff --git a/pkg/python/embed.go b/pkg/python/embed.go
deleted file mode 100644
index 500e68ed8..000000000
--- a/pkg/python/embed.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package python
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
-	"path/filepath"
-	"runtime"
-)
-
-//go:generate go run ./generate
-
-var embeddedPythonPath string
-
-func init() {
-	embeddedPythonPath = decompressPython()
-}
-
-func decompressPython() string {
-	tarName := fmt.Sprintf("embed/python-%s-%s.tar.gz", runtime.GOOS, runtime.GOARCH)
-	tgz, err := pythonLib.Open(tarName)
-	if err != nil {
-		panic(err)
-	}
-	defer tgz.Close()
-
-	fileList, err := pythonLib.Open(tarName + ".files")
-	if err != nil {
-		panic(err)
-	}
-	defer fileList.Close()
-
-	path := filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("python-%s", runtime.GOOS))
-	path, err = embed_util.ExtractTarToTmp(tgz, fileList, path)
-	if err != nil {
-		panic(err)
-	}
-
-	return path
-}
diff --git a/pkg/python/embed/python-darwin-amd64.dummy b/pkg/python/embed/python-darwin-amd64.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/python/embed/python-darwin-arm64.dummy b/pkg/python/embed/python-darwin-arm64.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/python/embed/python-linux-amd64.dummy b/pkg/python/embed/python-linux-amd64.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/python/embed/python-linux-arm64.dummy b/pkg/python/embed/python-linux-arm64.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/python/embed/python-windows-amd64.dummy b/pkg/python/embed/python-windows-amd64.dummy
deleted file mode 100644
index e69de29bb..000000000
diff --git a/pkg/python/embed_darwin_amd64.go b/pkg/python/embed_darwin_amd64.go
deleted file mode 100644
index 110c5af57..000000000
--- a/pkg/python/embed_darwin_amd64.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package python
-
-import "embed"
-
-//go:embed embed/python-darwin-amd64.*
-var pythonLib embed.FS
diff --git a/pkg/python/embed_darwin_arm64.go b/pkg/python/embed_darwin_arm64.go
deleted file mode 100644
index f14b56a5f..000000000
--- a/pkg/python/embed_darwin_arm64.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package python
-
-import "embed"
-
-//go:embed embed/python-darwin-arm64.*
-var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_amd64.go b/pkg/python/embed_linux_amd64.go
deleted file mode 100644
index 99838aee9..000000000
--- a/pkg/python/embed_linux_amd64.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package python
-
-import "embed"
-
-//go:embed embed/python-linux-amd64.*
-var pythonLib embed.FS
diff --git a/pkg/python/embed_linux_arm64.go b/pkg/python/embed_linux_arm64.go
deleted file mode 100644
index 158c5087e..000000000
--- a/pkg/python/embed_linux_arm64.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package python
-
-import "embed"
-
-//go:embed embed/python-linux-arm64.*
-var pythonLib embed.FS
diff --git a/pkg/python/embed_windows_amd64.go b/pkg/python/embed_windows_amd64.go
deleted file mode 100644
index 65e5e2c9c..000000000
--- a/pkg/python/embed_windows_amd64.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package python
-
-import "embed"
-
-//go:embed embed/python-windows-amd64.*
-var pythonLib embed.FS
diff --git a/pkg/python/generate/main.go b/pkg/python/generate/main.go
deleted file mode 100644
index 9cc24b145..000000000
--- a/pkg/python/generate/main.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"github.com/klauspost/compress/zstd"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util/packer"
-	log "github.com/sirupsen/logrus"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"path/filepath"
-	"sync"
-)
-
-const (
-	pythonVersionBase       = "3.10"
-	pythonVersionFull       = "3.10.5"
-	pythonStandaloneVersion = "20220630"
-)
-
-var pythonDists = map[string]string{
-	"linux":   "unknown-linux-gnu-lto-full",
-	"darwin":  "apple-darwin-lto-full",
-	"windows": "pc-windows-msvc-shared-pgo-full",
-}
-
-var archMapping = map[string]string{
-	"amd64": "x86_64",
-	"386":   "i686",
-	"arm64": "aarch64",
-}
-
-var removeLibs = []string{
-	"site-packages",
-	"venv",
-	"ensurepip",
-	"idlelib",
-	"distutils",
-	"pydoc_data",
-	"asyncio",
-	"email",
-	"tkinter",
-	"lib2to3",
-	"xml",
-	"multiprocessing",
-	"unittest",
-}
-
-var downloadLock sync.Mutex
-
-func main() {
-	var wg sync.WaitGroup
-
-	nixPatterns := []string{
-		"bin",
-		"lib/*.so*",
-		"lib/*.dylib",
-		"lib/python3.*",
-	}
-	winPatterns := []string{
-		"Lib",
-		"DLLs",
-		"*.dll",
-		"*.exe",
-	}
-	type job struct {
-		os         string
-		arch       string
-		packSubDir string
-		out        string
-		patterns   []string
-	}
-	jobs := []job{
-		{"linux", "amd64", "python/install", "embed/python-linux-amd64.tar.gz", nixPatterns},
-		{"linux", "arm64", "python/install", "embed/python-linux-arm64.tar.gz", nixPatterns},
-		{"darwin", "amd64", "python/install", "embed/python-darwin-amd64.tar.gz", nixPatterns},
-		{"darwin", "arm64", "python/install", "embed/python-darwin-arm64.tar.gz", nixPatterns},
-		{"windows", "amd64", "python/install", "embed/python-windows-amd64.tar.gz", winPatterns},
-	}
-	for _, j := range jobs {
-		j := j
-		wg.Add(1)
-		go func() {
-			downloadAndPack(j.os, j.arch, j.packSubDir, j.out, j.patterns)
-			wg.Done()
-		}()
-	}
-	wg.Wait()
-}
-
-func downloadAndPack(osName string, arch string, packSubdir string, out string, patterns []string) {
-	dist, ok := pythonDists[osName]
-	if !ok {
-		log.Panicf("no dist for %s", osName)
-	}
-
-	downloadPath := download(osName, arch, dist)
-	archiveBytes, _ := ioutil.ReadFile(downloadPath)
-	hash := utils.Sha256Bytes(archiveBytes)
-
-	extractPath := downloadPath + ".extracted"
-	if utils.Exists(filepath.Join(extractPath, hash)) {
-		log.Infof("skipping extract of %s", extractPath)
-		pack(out, filepath.Join(extractPath, packSubdir), patterns)
-		return
-	}
-
-	_ = os.RemoveAll(extractPath)
-	extract(downloadPath, extractPath)
-
-	for _, lib := range removeLibs {
-		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "lib", fmt.Sprintf("python%s", pythonVersionBase), lib))
-		_ = os.RemoveAll(filepath.Join(extractPath, "python", "install", "Lib", lib))
-	}
-
-	_ = utils.Touch(filepath.Join(extractPath, hash))
-
-	pack(out, filepath.Join(extractPath, packSubdir), patterns)
-}
-
-func pack(out string, dir string, patterns []string) {
-	err := packer.Pack(out, dir, patterns...)
-	if err != nil {
-		log.Panic(err)
-	}
-}
-
-func download(osName, arch, dist string) string {
-	downloadLock.Lock()
-	defer downloadLock.Unlock()
-
-	pythonArch, ok := archMapping[arch]
-	if !ok {
-		log.Errorf("arch %s not supported", arch)
-		os.Exit(1)
-	}
-	fname := fmt.Sprintf("cpython-%s+%s-%s-%s.tar.zst", pythonVersionFull, pythonStandaloneVersion, pythonArch, dist)
-	downloadPath := filepath.Join(utils.GetTmpBaseDir(), fname)
-	downloadUrl := fmt.Sprintf("https://github.com/indygreg/python-build-standalone/releases/download/%s/%s", pythonStandaloneVersion, fname)
-
-	if _, err := os.Stat(downloadPath); err == nil {
-		log.Infof("skipping download of %s", downloadUrl)
-		return downloadPath
-	}
-
-	log.Infof("downloading %s", downloadUrl)
-
-	r, err := http.Get(downloadUrl)
-	if err != nil {
-		log.Errorf("download failed: %v", err)
-		os.Exit(1)
-	}
-	if r.StatusCode == http.StatusNotFound {
-		log.Errorf("404 not found")
-		os.Exit(1)
-	}
-	defer r.Body.Close()
-
-	fileData, err := ioutil.ReadAll(r.Body)
-
-	err = ioutil.WriteFile(downloadPath, fileData, 0o640)
-	if err != nil {
-		log.Errorf("writing file failed: %v", err)
-		os.Remove(downloadPath)
-		os.Exit(1)
-	}
-
-	return downloadPath
-}
-
-func extract(archivePath string, targetPath string) string {
-	f, err := os.Open(archivePath)
-	if err != nil {
-		log.Errorf("opening file failed: %v", err)
-		os.Exit(1)
-	}
-	defer f.Close()
-
-	z, err := zstd.NewReader(f)
-	if err != nil {
-		log.Errorf("decompression failed: %v", err)
-		os.Exit(1)
-	}
-	defer z.Close()
-
-	log.Infof("decompressing %s", archivePath)
-	err = utils.ExtractTarStream(z, targetPath)
-	if err != nil {
-		log.Errorf("decompression failed: %v", err)
-		os.Exit(1)
-	}
-
-	return targetPath
-}
diff --git a/pkg/python/tools.go b/pkg/python/tools.go
deleted file mode 100644
index 48d6d8a70..000000000
--- a/pkg/python/tools.go
+++ /dev/null
@@ -1,8 +0,0 @@
-//go:build tools
-// +build tools
-
-package tools
-
-import (
-	_ "github.com/kluctl/kluctl/v2/pkg/python/generate"
-)
diff --git a/pkg/utils/embed_util/extract.go b/pkg/utils/embed_util/extract.go
deleted file mode 100644
index e3c5dc0d4..000000000
--- a/pkg/utils/embed_util/extract.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package embed_util
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/rogpeppe/go-internal/lockedfile"
-	"io"
-	"io/fs"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-)
-
-func ExtractTarToTmp(r io.Reader, fileListR io.Reader, targetPrefix string) (string, error) {
-	fileList, err := ioutil.ReadAll(fileListR)
-	if err != nil {
-		return "", err
-	}
-
-	targetPath := fmt.Sprintf("%s-%s", targetPrefix, utils.Sha256Bytes(fileList)[:16])
-
-	fl, err := lockedfile.Create(targetPath + ".lock")
-	if err != nil {
-		return "", err
-	}
-	defer fl.Close()
-
-	needsExtract, expectedTarGzHash, err := checkExtractNeeded(targetPath, string(fileList))
-	if err != nil {
-		return "", err
-	}
-	if !needsExtract {
-		return targetPath, nil
-	}
-
-	err = os.RemoveAll(targetPath)
-	if err != nil && !os.IsNotExist(err) {
-		return "", err
-	}
-
-	err = os.MkdirAll(targetPath, 0o700)
-	if err != nil {
-		return "", err
-	}
-
-	err = utils.ExtractTarGzStream(r, targetPath)
-	if err != nil {
-		return "", err
-	}
-
-	err = ioutil.WriteFile(filepath.Join(targetPath, ".tar-gz-hash"), []byte(expectedTarGzHash), 0o600)
-	if err != nil {
-		return "", err
-	}
-
-	return targetPath, nil
-}
-
-func checkExtractNeeded(targetPath string, fileListStr string) (bool, string, error) {
-	expectedHash, tarFilesMap, err := ReadFileList(fileListStr)
-	if err != nil {
-		return false, "", err
-	}
-
-	if !utils.Exists(targetPath) {
-		return true, expectedHash, nil
-	}
-
-	existingHash, err := ioutil.ReadFile(filepath.Join(targetPath, ".tar-gz-hash"))
-	if err != nil {
-		return true, expectedHash, nil
-	}
-
-	if strings.TrimSpace(expectedHash) != strings.TrimSpace(string(existingHash)) {
-		return true, expectedHash, nil
-	}
-
-	existingFiles, err := BuildFileList(targetPath)
-	if err != nil {
-		return false, "", err
-	}
-
-	for fname, size := range tarFilesMap {
-		if s, ok := existingFiles[fname]; !ok || s != size {
-			return true, expectedHash, nil
-		}
-	}
-	return false, expectedHash, nil
-}
-
-func ReadFileList(fileListStr string) (string, map[string]int64, error) {
-	fileList := strings.Split(fileListStr, "\n")
-	expectedHash := fileList[0]
-	fileList = fileList[1:]
-
-	tarFilesMap := make(map[string]int64)
-	for _, l := range fileList {
-		s := strings.SplitN(l, ":", 2)
-		fname := strings.TrimSpace(s[0])
-		sh := strings.SplitN(strings.TrimSpace(s[1]), " ", 2)
-		size, err := strconv.ParseInt(strings.TrimSpace(sh[0]), 10, 64)
-		if err != nil {
-			return expectedHash, tarFilesMap, err
-		}
-		tarFilesMap[fname] = size
-	}
-	return expectedHash, tarFilesMap, nil
-}
-
-func BuildFileList(targetPath string) (map[string]int64, error) {
-	existingFiles := make(map[string]int64)
-	err := filepath.Walk(targetPath, func(path string, info fs.FileInfo, err error) error {
-		if !info.Mode().IsRegular() && info.Mode().Type() != fs.ModeSymlink && info.Mode().Type() != fs.ModeDir {
-			return nil
-		}
-		relPath, err := filepath.Rel(targetPath, path)
-		if err != nil {
-			return err
-		}
-		relPath = filepath.ToSlash(relPath)
-		if info.IsDir() {
-			existingFiles[relPath] = 0
-		} else {
-			existingFiles[relPath] = info.Size()
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	return existingFiles, nil
-}
diff --git a/pkg/utils/embed_util/packer/packer.go b/pkg/utils/embed_util/packer/packer.go
deleted file mode 100644
index fd6fdd077..000000000
--- a/pkg/utils/embed_util/packer/packer.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package packer
-
-import (
-	"archive/tar"
-	"bytes"
-	"compress/gzip"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/embed_util"
-	log "github.com/sirupsen/logrus"
-	"io/fs"
-	"io/ioutil"
-	"path/filepath"
-	"reflect"
-	"strings"
-)
-
-func Pack(out string, dir string, patterns ...string) error {
-	fileList, err := findFiles(dir, patterns)
-	if err != nil {
-		return err
-	}
-
-	if utils.Exists(out) && utils.Exists(out+".files") {
-		existingFileListStr, err := ioutil.ReadFile(out + ".files")
-		if err == nil {
-			_, existingFileList, err := embed_util.ReadFileList(string(existingFileListStr))
-			if err == nil {
-				if reflect.DeepEqual(existingFileList, fileList) {
-					log.Infof("Skipping packing of %s", out)
-					return nil
-				}
-			}
-		}
-	}
-
-	log.Infof("writing tar %s with %d files", out, len(fileList))
-	tgz, err := writeTar(dir, fileList)
-	if err != nil {
-		return err
-	}
-
-	hash := sha256.Sum256(tgz)
-	err = ioutil.WriteFile(out, tgz, 0o600)
-	if err != nil {
-		return err
-	}
-
-	var fileList2 []string
-	for f, l := range fileList {
-		fileList2 = append(fileList2, fmt.Sprintf("%s: %d", f, l))
-	}
-
-	fileListStr := strings.Join(fileList2, "\n")
-	fileListStr = hex.EncodeToString(hash[:]) + "\n" + fileListStr
-	err = ioutil.WriteFile(out+".files", []byte(fileListStr), 0o600)
-	return err
-}
-
-func findFiles(dir string, patterns []string) (map[string]int64, error) {
-	var globs []glob.Glob
-	for _, p := range patterns {
-		globs = append(globs, glob.MustCompile(p, '/'))
-	}
-
-	var rootNames []string
-	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
-		rel, err := filepath.Rel(dir, path)
-		if err != nil {
-			return err
-		}
-		match := false
-		for _, p := range globs {
-			if p.Match(filepath.ToSlash(rel)) {
-				match = true
-				break
-			}
-		}
-		if match {
-			rootNames = append(rootNames, rel)
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	excludes := []glob.Glob{
-		glob.MustCompile("__pycache__"),
-		glob.MustCompile("**/__pycache__"),
-		glob.MustCompile("**.a"),
-		glob.MustCompile("**.pdb"),
-		glob.MustCompile("**.pyc"),
-	}
-
-	fileList := make(map[string]int64)
-	for _, d := range rootNames {
-		err = filepath.Walk(filepath.Join(dir, d), func(path string, info fs.FileInfo, err error) error {
-			if !info.Mode().IsRegular() && info.Mode().Type() != fs.ModeSymlink {
-				return nil
-			}
-
-			relPath, err := filepath.Rel(dir, path)
-			if err != nil {
-				return err
-			}
-			for _, e := range excludes {
-				if e.Match(relPath) {
-					return nil
-				}
-			}
-			fileList[relPath] = info.Size()
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
-	}
-	return fileList, err
-}
-
-func writeTar(dir string, fileList map[string]int64) ([]byte, error) {
-	b := bytes.NewBuffer(nil)
-	gz := gzip.NewWriter(b)
-	t := tar.NewWriter(gz)
-
-	for f, _ := range fileList {
-		err := utils.AddToTar(t, filepath.Join(dir, f), f, nil)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	err := t.Close()
-	if err != nil {
-		return nil, err
-	}
-	err = gz.Close()
-	if err != nil {
-		return nil, err
-	}
-
-	return b.Bytes(), nil
-}
diff --git a/pkg/utils/tar.go b/pkg/utils/tar.go
deleted file mode 100644
index 0425dc6e6..000000000
--- a/pkg/utils/tar.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package utils
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"io"
-	"io/fs"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-)
-
-func ExtractTarGzFile(tarGzPath string, targetPath string) error {
-	f, err := os.Open(tarGzPath)
-	if err != nil {
-		return fmt.Errorf("archive %v could not be opened: %w", tarGzPath, err)
-	}
-	defer f.Close()
-
-	err = ExtractTarGzStream(f, targetPath)
-	if err != nil {
-		return fmt.Errorf("archive %v could not be extracted: %w", tarGzPath, err)
-	}
-	return nil
-}
-
-func ExtractTarGzStream(r io.Reader, targetPath string) error {
-	gz, err := gzip.NewReader(r)
-	if err != nil {
-		return err
-	}
-	defer gz.Close()
-
-	return ExtractTarStream(gz, targetPath)
-}
-
-func ExtractTarStream(r io.Reader, targetPath string) error {
-	tarReader := tar.NewReader(r)
-	for true {
-		header, err := tarReader.Next()
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			return fmt.Errorf("ExtractTarStream: Next() failed: %w", err)
-		}
-
-		header.Name = filepath.FromSlash(header.Name)
-
-		p, err := securejoin.SecureJoin(targetPath, header.Name)
-		if err != nil {
-			return err
-		}
-		err = os.MkdirAll(filepath.Dir(p), 0755)
-		if err != nil {
-			return err
-		}
-
-		switch header.Typeflag {
-		case tar.TypeDir:
-			if err := os.MkdirAll(p, 0755); err != nil {
-				return fmt.Errorf("ExtractTarStream: Mkdir() failed: %w", err)
-			}
-		case tar.TypeReg:
-			outFile, err := os.Create(p)
-			if err != nil {
-				return fmt.Errorf("ExtractTarStream: Create() failed: %w", err)
-			}
-			_, err = io.Copy(outFile, tarReader)
-			_ = outFile.Close()
-			if err != nil {
-				return fmt.Errorf("ExtractTarStream: Copy() failed: %w", err)
-			}
-			err = os.Chmod(p, header.FileInfo().Mode())
-			if err != nil {
-				return fmt.Errorf("ExtractTarStream: Chmod() failed: %w", err)
-			}
-		case tar.TypeSymlink:
-			if err := os.Symlink(header.Linkname, p); err != nil {
-				return fmt.Errorf("ExtractTarStream: Symlink() failed: %w", err)
-			}
-		default:
-			return fmt.Errorf("ExtractTarStream: uknown type %v in %v", header.Typeflag, header.Name)
-		}
-	}
-	return nil
-}
-
-func AddToTar(tw *tar.Writer, pth string, name string, filter func(h *tar.Header, size int64) (*tar.Header, error)) error {
-	fi, err := os.Lstat(pth)
-	if err != nil {
-		return err
-	}
-
-	var linkName string
-	if fi.Mode().Type() == fs.ModeSymlink {
-		x, err := os.Readlink(pth)
-		if err != nil {
-			return err
-		}
-		linkName = x
-	}
-
-	h, err := tar.FileInfoHeader(fi, linkName)
-	if err != nil {
-		return err
-	}
-	h.Name = filepath.ToSlash(name)
-
-	if filter != nil {
-		s := fi.Size()
-		if fi.IsDir() {
-			s = 0
-		}
-		h, err = filter(h, s)
-		if err != nil {
-			return err
-		}
-		if h == nil {
-			return nil
-		}
-	}
-
-	err = tw.WriteHeader(h)
-	if err != nil {
-		return err
-	}
-
-	if fi.Mode().Type() == fs.ModeSymlink {
-		return nil
-	}
-
-	if fi.Mode().IsDir() {
-		des, err := os.ReadDir(pth)
-		if err != nil {
-			return err
-		}
-		for _, d := range des {
-			err = AddToTar(tw, filepath.Join(pth, d.Name()), filepath.Join(name, d.Name()), filter)
-			if err != nil {
-				return err
-			}
-		}
-		return nil
-	} else if fi.Mode().IsRegular() {
-		f, err := os.Open(pth)
-		if err != nil {
-			return err
-		}
-		defer f.Close()
-		_, err = io.Copy(tw, f)
-		if err != nil {
-			return err
-		}
-		return nil
-	} else {
-		return fmt.Errorf("unsupported file type/mode %s", fi.Mode().String())
-	}
-}
-
-func HashTarEntry(dir string, name string) (string, error) {
-	p := filepath.Join(dir, filepath.FromSlash(name))
-	st, err := os.Lstat(p)
-	if err != nil {
-		return "", err
-	}
-	var hashData []byte
-	if st.Mode().Type() == fs.ModeDir {
-		hashData = []byte(filepath.ToSlash(name))
-	} else if st.Mode().Type() == fs.ModeSymlink {
-		l, err := os.Readlink(p)
-		if err != nil {
-			return "", err
-		}
-		hashData = []byte(l)
-	} else if st.Mode().IsRegular() {
-		var err error
-		hashData, err = ioutil.ReadFile(p)
-		if err != nil {
-			return "", err
-		}
-	} else {
-		return "", fmt.Errorf("unknown type %s", st.Mode().Type())
-	}
-	hashStr := Sha256Bytes(hashData)
-	return hashStr, nil
-}

From 7904b73ca9ef92d1bf941fbb11627ea365c17012 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 Aug 2022 17:46:24 +0200
Subject: [PATCH 0322/2268] chore: Upgrade to go 1.19

---
 .github/workflows/release.yml | 2 +-
 .github/workflows/tests.yml   | 2 +-
 go.mod                        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 11588e3a3..9c7982a03 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.18.1
+          go-version: 1.19
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 509758756..26e089c85 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -15,7 +15,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v2
         with:
-          go-version: '1.18.1'
+          go-version: '1.19'
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
diff --git a/go.mod b/go.mod
index 4364baad0..deb6c1c5e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.18
+go 1.19
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e

From 6524f91adee683f02a01e536e9c18a6957523b77 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 Aug 2022 08:59:15 +0200
Subject: [PATCH 0323/2268] chore: Run go get -u ./...

---
 go.mod |  74 +++++++++---------
 go.sum | 239 ++++++++++++++++++++-------------------------------------
 2 files changed, 119 insertions(+), 194 deletions(-)

diff --git a/go.mod b/go.mod
index deb6c1c5e..df2bf20cd 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.68
+	github.com/aws/aws-sdk-go v1.44.80
 	github.com/bitnami-labs/sealed-secrets v0.18.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
@@ -21,11 +21,11 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd
-	github.com/mattn/go-isatty v0.0.14
+	github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a
+	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.14.3
+	github.com/ohler55/ojg v1.14.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.8.1
@@ -33,23 +33,23 @@ require (
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.12.0
-	github.com/stretchr/testify v1.7.2
+	github.com/stretchr/testify v1.8.0
 	github.com/vbauerster/mpb/v7 v7.4.2
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.1
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
-	golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
-	golang.org/x/sys v0.0.0-20220731174439-a90be440212d
+	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/net v0.0.0-20220812174116-3211cb980234
+	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde
+	golang.org/x/sys v0.0.0-20220818161305-2296e01440c6
 	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
 	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.9.2
-	k8s.io/api v0.24.3
-	k8s.io/apiextensions-apiserver v0.24.3
-	k8s.io/apimachinery v0.24.3
-	k8s.io/client-go v0.24.3
+	helm.sh/helm/v3 v3.9.3
+	k8s.io/api v0.24.4
+	k8s.io/apiextensions-apiserver v0.24.4
+	k8s.io/apimachinery v0.24.4
+	k8s.io/client-go v0.24.4
 	k8s.io/klog/v2 v2.70.1
 	sigs.k8s.io/kind v0.14.0
 	sigs.k8s.io/kustomize/api v0.12.1
@@ -58,7 +58,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.7.0 // indirect
+	cloud.google.com/go/compute v1.9.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
@@ -72,7 +72,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
@@ -85,7 +85,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
 	github.com/cloudflare/circl v1.2.0 // indirect
-	github.com/containerd/containerd v1.6.6 // indirect
+	github.com/containerd/containerd v1.6.8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.17+incompatible // indirect
 	github.com/docker/docker v20.10.17+incompatible // indirect
@@ -106,7 +106,7 @@ require (
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/swag v0.21.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -126,11 +126,11 @@ require (
 	github.com/hashicorp/go-hclog v1.2.2 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.4 // indirect
+	github.com/hashicorp/go-plugin v1.4.5 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
@@ -140,7 +140,7 @@ require (
 	github.com/hashicorp/vault/sdk v0.5.3 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
@@ -154,7 +154,7 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -164,7 +164,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -174,15 +174,15 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.3 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.2 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rivo/uniseg v0.3.1 // indirect
+	github.com/rivo/uniseg v0.3.4 // indirect
 	github.com/rubenv/sql-migrate v1.1.2 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -197,24 +197,24 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.starlark.net v0.0.0-20220714194419-4cadf0a12139 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c // indirect
+	go.starlark.net v0.0.0-20220817180228-f738f5508c12 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 // indirect
 	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect
+	google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 // indirect
 	google.golang.org/grpc v1.48.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.24.3 // indirect
-	k8s.io/cli-runtime v0.24.3 // indirect
-	k8s.io/component-base v0.24.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
-	k8s.io/kubectl v0.24.3 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	k8s.io/apiserver v0.24.4 // indirect
+	k8s.io/cli-runtime v0.24.4 // indirect
+	k8s.io/component-base v0.24.4 // indirect
+	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
+	k8s.io/kubectl v0.24.4 // indirect
+	k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 // indirect
 	oras.land/oras-go v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index c55806e56..ed9d54a25 100644
--- a/go.sum
+++ b/go.sum
@@ -28,29 +28,18 @@ cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSU
 cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
 cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
 cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
-cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
-cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
-cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
-cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
-cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
-cloud.google.com/go/compute v1.7.0 h1:v/k9Eueb8aAJ0vZuxKMrgm6kPhCLZU9HxFU+AFDs9Uk=
-cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
+cloud.google.com/go/compute v1.9.0 h1:ED/FP4xv8GJw63v556/ASNc1CeeLUO2Bs8nzaHchkHg=
+cloud.google.com/go/compute v1.9.0/go.mod h1:lWv1h/zUWTm/LozzfTJhBSkd6ShQq8la8VeeuOEGxfY=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
-cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -63,7 +52,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Antonboom/errname v0.1.5/go.mod h1:DugbBstvPFQbv/5uLcRRzfrNqKE9tVdVCqWCLp6Cifo=
@@ -120,14 +108,14 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
+github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf h1:aFFtnGZ6/2Qlvx80yxA2fFSYDQWTFjtKozQKB36A3/A=
-github.com/ProtonMail/go-crypto v0.0.0-20220730123233-d6ffb7692adf/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794 h1:efPD6snIrIBAfmZhcm7GQ72VHlzsQ/3OrghnnGEpJBM=
+github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -172,8 +160,8 @@ github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9D
 github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.68 h1:7zNr5+HLG0TMq+ZcZ8KhT4eT2KyL7v+u7/jANKEIinM=
-github.com/aws/aws-sdk-go v1.44.68/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.80 h1:jEXGecSgPdvM5KnyDsSgFhZSm7WwaTp4h544Im4SfhI=
+github.com/aws/aws-sdk-go v1.44.80/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -225,7 +213,6 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -234,8 +221,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
-github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
+github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
+github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -308,7 +295,6 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
@@ -396,8 +382,8 @@ github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZ
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.21.1 h1:wm0rhTb5z7qpJRHBdPOMuY4QjVUMbF6/kwoYeRAOrKU=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
@@ -525,7 +511,6 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
@@ -564,16 +549,10 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
-github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
-github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -635,8 +614,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ=
-github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
+github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
 github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
@@ -645,8 +624,8 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ=
 github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
@@ -698,8 +677,9 @@ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
+github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -755,8 +735,8 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd h1:CTUYp06sH7d38kfHY+tysa9jhQuo1C9ssSlVR1hFuDA=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220818145819-a2811c3f89fd/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a h1:2W9TlV8b6sqjIKhbp9bgKjusdF3HgQucFNmwGNb1N+Y=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -826,16 +806,18 @@ github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
@@ -894,8 +876,9 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc=
 github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
+github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI=
+github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -928,8 +911,8 @@ github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/ohler55/ojg v1.14.3 h1:kaKNsntZ0PuoXPXCY4kjPDbHOLXqokor6Deq/oVxAR0=
-github.com/ohler55/ojg v1.14.3/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
+github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
+github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@@ -970,8 +953,8 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw=
-github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI=
+github.com/pelletier/go-toml/v2 v2.0.3 h1:h9JoA60e1dVEOpp0PFwJSmt1Htu057NUq9/bUwaO61s=
+github.com/pelletier/go-toml/v2 v2.0.3/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
@@ -1002,8 +985,8 @@ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
-github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
+github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -1043,8 +1026,8 @@ github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:r
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.3.1 h1:SDPP7SHNl1L7KrEFCSJslJ/DM9DT02Nq2C61XrfHMmk=
-github.com/rivo/uniseg v0.3.1/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.3.4 h1:3Z3Eu6FGHZWSfNKJTOUiPatWwfc7DzJRU04jFUqJODw=
+github.com/rivo/uniseg v0.3.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -1133,8 +1116,9 @@ github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRk
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -1143,8 +1127,10 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
 github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
@@ -1251,14 +1237,14 @@ go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4
 go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
-go.starlark.net v0.0.0-20220714194419-4cadf0a12139 h1:zMemyQYZSyEdPaUFixYICrXf/0Rfnil7+jiQRf5IBZ0=
-go.starlark.net v0.0.0-20220714194419-4cadf0a12139/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
+go.starlark.net v0.0.0-20220817180228-f738f5508c12 h1:xOBJXWGEDwU5xSDxH6macxO11Us0AH2fTa9rmsbbF7g=
+go.starlark.net v0.0.0-20220817180228-f738f5508c12/go.mod h1:VZcBMdr3cT3PnBoWunTabuSEXwVAH+ZJ5zxfs3AdASk=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
@@ -1296,8 +1282,9 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
+golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1395,12 +1382,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
-golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
+golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1419,11 +1402,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c h1:q3gFqPqH7NVofKo3c3yETAP//pPI+G5mvB7qqj1Y5kY=
-golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 h1:dtndE8FcEta75/4kHF3AbpuWzV6f1LjnLrM4pe2SZrw=
+golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1436,9 +1416,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde h1:ejfdSekXMDxDLbRrJMwUk6KnSLZ2McaUCVcIKM+N6jc=
+golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1523,30 +1502,23 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
-golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 h1:Sx/u41w+OwrInGdEckYmEuU5gHoGSL4QbDz3S9s6j4U=
+golang.org/x/sys v0.0.0-20220818161305-2296e01440c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1680,9 +1652,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1711,19 +1680,7 @@ google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtuk
 google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
 google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
-google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
-google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
-google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
-google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
-google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
-google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
-google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1782,7 +1739,6 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
@@ -1797,33 +1753,9 @@ google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwy
 google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
-google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 h1:QntLWYqZeuBtJkth3m/6DLznnI0AHJr+AgJXvVh/izw=
-google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc=
+google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 h1:C2UVWqrgLYKrT5nh5oU6hLRm1AeEklCK5eloQA1NtFY=
+google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1853,12 +1785,6 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
 google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
@@ -1875,7 +1801,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -1895,8 +1820,8 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
-gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
@@ -1926,8 +1851,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-helm.sh/helm/v3 v3.9.2 h1:bx7kdhr5VAhYoWv9bIdT1C6qWR+/7SIoPCwLx22l78g=
-helm.sh/helm/v3 v3.9.2/go.mod h1:y/dJc/0Lzcn40jgd85KQXnufhFF7sr4v6L/vYMLRaRM=
+helm.sh/helm/v3 v3.9.3 h1:etd4Qc45/bnIkBofZIRwrAzYuG3bNWR1EdMN4fsfzoE=
+helm.sh/helm/v3 v3.9.3/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1936,22 +1861,22 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.24.3 h1:tt55QEmKd6L2k5DP6G/ZzdMQKvG5ro4H4teClqm0sTY=
-k8s.io/api v0.24.3/go.mod h1:elGR/XSZrS7z7cSZPzVWaycpJuGIw57j9b95/1PdJNI=
-k8s.io/apiextensions-apiserver v0.24.3 h1:kyx+Tmro1qEsTUr07ZGQOfvTsF61yn+AxnxytBWq8As=
-k8s.io/apiextensions-apiserver v0.24.3/go.mod h1:cL0xkmUefpYM4f6IuOau+6NMFEIh6/7wXe/O4vPVJ8A=
-k8s.io/apimachinery v0.24.3 h1:hrFiNSA2cBZqllakVYyH/VyEh4B581bQRmqATJSeQTg=
-k8s.io/apimachinery v0.24.3/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
-k8s.io/apiserver v0.24.3 h1:J8CKjUaZopT0hSgxjzUyp3T1GK78iixxOuFpEC0MI3k=
-k8s.io/apiserver v0.24.3/go.mod h1:aXfwtIn4U27B7lYs5f2BKgz6DRbgWy+HJeYReN1jLJ8=
-k8s.io/cli-runtime v0.24.3 h1:O9YvUHrDSCQUPlsqVmaqDrueqjpJ7IO6Yas9B6xGSoo=
-k8s.io/cli-runtime v0.24.3/go.mod h1:In84wauoMOqa7JDvDSXGbf8lTNlr70fOGpYlYfJtSqA=
-k8s.io/client-go v0.24.3 h1:Nl1840+6p4JqkFWEW2LnMKU667BUxw03REfLAVhuKQY=
-k8s.io/client-go v0.24.3/go.mod h1:AAovolf5Z9bY1wIg2FZ8LPQlEdKHjLI7ZD4rw920BJw=
-k8s.io/code-generator v0.24.3/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
-k8s.io/component-base v0.24.3 h1:u99WjuHYCRJjS1xeLOx72DdRaghuDnuMgueiGMFy1ec=
-k8s.io/component-base v0.24.3/go.mod h1:bqom2IWN9Lj+vwAkPNOv2TflsP1PeVDIwIN0lRthxYY=
-k8s.io/component-helpers v0.24.3/go.mod h1:/1WNW8TfBOijQ1ED2uCHb4wtXYWDVNMqUll8h36iNVo=
+k8s.io/api v0.24.4 h1:I5Y645gJ8zWKawyr78lVfDQkZrAViSbeRXsPZWTxmXk=
+k8s.io/api v0.24.4/go.mod h1:42pVfA0NRxrtJhZQOvRSyZcJihzAdU59WBtTjYcB0/M=
+k8s.io/apiextensions-apiserver v0.24.4 h1:w53Pm4zu8fCt9WfiRgS2YI6LE6I4NJ5aUi78GElD3K8=
+k8s.io/apiextensions-apiserver v0.24.4/go.mod h1:iDK+Xb4jsPNnRGj5jU/WqqjLvt8363M7cKixKe1C9+U=
+k8s.io/apimachinery v0.24.4 h1:S0Ur3J/PbivTcL43EdSdPhqCqKla2NIuneNwZcTDeGQ=
+k8s.io/apimachinery v0.24.4/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apiserver v0.24.4 h1:ei+OunC83pVEiagBeZhTnRZvkclHgpzs/rrm7aSBDYs=
+k8s.io/apiserver v0.24.4/go.mod h1:mAuC3pZVc0IDXLx7lUHoisBOtBa1SobfLW/CI3klXQE=
+k8s.io/cli-runtime v0.24.4 h1:YCSf0dZp+pYXVR/8aZQ6MEBSiicv8rLyVsGBEbRnwfY=
+k8s.io/cli-runtime v0.24.4/go.mod h1:RF+cSLYXkPV3WyvPrX2qeRLEUJY38INWx6jLKVLFCxM=
+k8s.io/client-go v0.24.4 h1:hIAIJZIPyaw46AkxwyR0FRfM/pRxpUNTd3ysYu9vyRg=
+k8s.io/client-go v0.24.4/go.mod h1:+AxlPWw/H6f+EJhRSjIeALaJT4tbeB/8g9BNvXGPd0Y=
+k8s.io/code-generator v0.24.4/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
+k8s.io/component-base v0.24.4 h1:WEGRp06GBYVwxp5JdiRaJ1zkdOhrqucxRv/8IrABLG0=
+k8s.io/component-base v0.24.4/go.mod h1:sWxkgcMfbYHadw0OJ0N+vIscd14/nqSIM2veCdg843o=
+k8s.io/component-helpers v0.24.4/go.mod h1:xAHlOKU8rAjLgXWJEsueWLR1LDMThbaPf2YvgKpSyQ8=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
@@ -1962,15 +1887,15 @@ k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
-k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs=
-k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0=
-k8s.io/kubectl v0.24.3 h1:PqY8ho/S/KuE2/hCC3Iee7X+lOtARYo0LQsNzvV/edE=
-k8s.io/kubectl v0.24.3/go.mod h1:PYLcvw96sC1NLbxZEDbdlOEd6/C76VIWjGmWV5QjSk0=
-k8s.io/metrics v0.24.3/go.mod h1:p1M0lhMySWfhISkSd3HEj8xIgrVnJTK3PPhFq2rA3To=
+k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
+k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
+k8s.io/kubectl v0.24.4 h1:fPEBkAV3/cu3BQVIUCXNngCCY62AlZ+2rkRVHcmJPn0=
+k8s.io/kubectl v0.24.4/go.mod h1:AVyJzxUwA5UMGTDyKGL6nd6RRW36FbmAdtIDMhrZtW0=
+k8s.io/metrics v0.24.4/go.mod h1:7D8Xm3DGZoJaiCS8+QA2EzdMuDlq0Y8SiOPUB/1BaGU=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 h1:XmRqFcQlCy/lKRZ39j+RVpokYNroHPqV3mcBRfnhT5o=
+k8s.io/utils v0.0.0-20220812165043-ad590609e2e5/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=

From 09406c6ff1e06f903adae86586b8bfc3481d7587 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 Aug 2022 10:20:16 +0200
Subject: [PATCH 0324/2268] fix: Use distinct tmp dir per user

This avoids conflicts when used in parallel and also avoids any possible
security issues in regard to temporary files.
---
 pkg/utils/utils.go | 55 ++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 51 insertions(+), 4 deletions(-)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 4bcd0bf70..f704bf0f6 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -3,24 +3,71 @@ package utils
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"fmt"
 	"github.com/jinzhu/copier"
+	"github.com/kluctl/kluctl-python-deps/pkg/utils"
+	"io/fs"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strconv"
 	"sync"
 )
 
 var createTmpBaseDirOnce sync.Once
+var tmpBaseDir string
 
 func GetTmpBaseDir() string {
-	dir := filepath.Join(os.TempDir(), "kluctl-workdir")
 	createTmpBaseDirOnce.Do(func() {
-		err := os.MkdirAll(dir, 0o700)
+		createTmpBaseDir()
+	})
+	return tmpBaseDir
+}
+
+func createTmpBaseDir() {
+	dir := filepath.Join(os.TempDir(), "kluctl-workdir")
+
+	ensureDir(dir, 0o777, true)
+
+	// every user gets its own tmp dir
+	u, err := user.Current()
+	if err != nil {
+		panic(err)
+	}
+
+	dir = filepath.Join(dir, u.Uid)
+	ensureDir(dir, 0o700, true)
+
+	tmpBaseDir = dir
+}
+
+func ensureDir(path string, perm fs.FileMode, allowCreate bool) {
+	if utils.Exists(path) {
+		st, err := os.Lstat(path)
 		if err != nil {
 			panic(err)
 		}
-	})
-	return dir
+		if !st.IsDir() {
+			panic(fmt.Sprintf("%s is not a directory", path))
+		}
+		if st.Mode().Perm() != perm {
+			err = os.Chmod(path, perm)
+			if err != nil {
+				panic(err)
+			}
+		}
+	} else if !allowCreate {
+		panic(fmt.Sprintf("failed to ensure directory %s", path))
+	} else {
+		err := os.Mkdir(path, perm)
+		if err != nil {
+			if os.IsExist(err) {
+				ensureDir(path, perm, false)
+			} else {
+				panic(err)
+			}
+		}
+	}
 }
 
 func Sha256String(data string) string {

From ecb5e10341a1125723ebdd00d206312922fee021 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 29 Aug 2022 12:11:40 +0200
Subject: [PATCH 0325/2268] fix: Properly marshal objects with yaml tags when
 passing vars to jinja2

---
 pkg/jinja2/jinja2_renderer.go |  3 ++-
 pkg/yaml/yaml.go              | 13 +++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index e5b64ef73..687669507 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl-python-deps/pkg/python"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"io/ioutil"
 	"os"
@@ -130,7 +131,7 @@ type jinja2Result struct {
 }
 
 func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject, isString bool, strict bool) error {
-	varsStr, err := json.Marshal(vars.Object)
+	varsStr, err := yaml.WriteJsonString(vars)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 6d559b530..89610c94a 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -201,6 +201,19 @@ func WriteYamlToTar(tw *tar.Writer, o interface{}, name string) error {
 	return nil
 }
 
+func WriteJsonString(o interface{}) (string, error) {
+	x, err := WriteYamlBytes(o)
+	if err != nil {
+		return "", err
+	}
+
+	x, err = ConvertYamlToJson(x)
+	if err != nil {
+		return "", err
+	}
+	return string(x), nil
+}
+
 func ConvertYamlToJson(b []byte) ([]byte, error) {
 	var x interface{}
 	err := ReadYamlBytes(b, &x)

From d60d77dd11e36195f16ebb97b4295e1f64a73527 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 29 Aug 2022 12:12:03 +0200
Subject: [PATCH 0326/2268] fix: Only check for replicas if replicas != 0

---
 pkg/validation/validation.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 6e631470f..7a3ecb5d2 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -281,10 +281,13 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			}
 		}
 	case schema.GroupKind{Group: "apps", Kind: "Deployment"}:
-		readyReplicas := getStatusFieldInt("readyReplicas", reactNotReady, true, 0)
-		replicas := getStatusFieldInt("replicas", reactNotReady, true, 0)
-		if readyReplicas < replicas {
-			addNotReady(fmt.Sprintf("readyReplicas (%d) is less then replicas (%d)", readyReplicas, replicas))
+		specReplicas, ok, _ := o.GetNestedInt("spec", "replicas")
+		if ok && specReplicas != 0 {
+			readyReplicas := getStatusFieldInt("readyReplicas", reactNotReady, true, 0)
+			replicas := getStatusFieldInt("replicas", reactNotReady, true, 0)
+			if readyReplicas < replicas {
+				addNotReady(fmt.Sprintf("readyReplicas (%d) is less then replicas (%d)", readyReplicas, replicas))
+			}
 		}
 	case schema.GroupKind{Group: "", Kind: "PersistentVolumeClaim"}:
 		phase := getStatusFieldStr("phase", reactNotReady, true, "")

From 215585b3528929a0ce55059c1c7ca3b71ea9ea61 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 29 Aug 2022 14:41:07 +0200
Subject: [PATCH 0327/2268] refactor: Export ListRemoteRefs helper functions

---
 pkg/git/list_refs.go     | 43 +++++++++++++++++++++++-----------------
 pkg/git/mirrored_repo.go | 16 ++++++++-------
 2 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
index 2bc517fd6..d529c952c 100644
--- a/pkg/git/list_refs.go
+++ b/pkg/git/list_refs.go
@@ -2,33 +2,38 @@ package git
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
+	"github.com/go-git/go-git/v5/storage/memory"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"strconv"
 )
 
-// listRemoteRefsFastSsh will reuse existing ssh connections from a pool
-func (g *MirroredGitRepo) listRemoteRefsFastSsh(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
-	var portInt int64 = -1
-	if g.url.Port() != "" {
+// ListRemoteRefsFastSsh will reuse existing ssh connections from a pool
+func ListRemoteRefsFastSsh(ctx context.Context, url git_url.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	var portInt int64 = 22
+	if url.Port() != "" {
 		var err error
-		portInt, err = strconv.ParseInt(g.url.Port(), 10, 32)
+		portInt, err = strconv.ParseInt(url.Port(), 10, 32)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	s, err := g.sshPool.GetSession(g.ctx, g.url.Hostname(), int(portInt), auth)
+	s, err := sshPool.GetSession(ctx, url.Hostname(), int(portInt), auth)
 	if err != nil {
 		return nil, err
 	}
 	defer s.Close()
 
-	cmd := fmt.Sprintf("git-upload-pack %s", g.url.Path)
+	cmd := fmt.Sprintf("git-upload-pack %s", url.Path)
 
 	stdout := bytes.NewBuffer(nil)
 	stderr := bytes.NewBuffer(nil)
@@ -71,13 +76,15 @@ func (g *MirroredGitRepo) listRemoteRefsFastSsh(r *git.Repository, auth auth2.Au
 	return resultRefs, nil
 }
 
-func (g *MirroredGitRepo) listRemoteRefsSlow(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
-	remote, err := r.Remote("origin")
-	if err != nil {
-		return nil, err
-	}
+func ListRemoteRefsSlow(ctx context.Context, url git_url.GitUrl, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	storage := memory.NewStorage()
+	remote := git.NewRemote(storage, &config.RemoteConfig{
+		Name:  "origin",
+		URLs:  []string{url.String()},
+		Fetch: defaultFetch,
+	})
 
-	remoteRefs, err := remote.ListContext(g.ctx, &git.ListOptions{
+	remoteRefs, err := remote.ListContext(ctx, &git.ListOptions{
 		Auth:     auth.AuthMethod,
 		CABundle: auth.CABundle,
 	})
@@ -87,13 +94,13 @@ func (g *MirroredGitRepo) listRemoteRefsSlow(r *git.Repository, auth auth2.AuthM
 	return remoteRefs, nil
 }
 
-func (g *MirroredGitRepo) listRemoteRefs(r *git.Repository, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
-	if g.url.IsSsh() {
-		refs, err := g.listRemoteRefsFastSsh(r, auth)
+func ListRemoteRefs(ctx context.Context, url git_url.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+	if url.IsSsh() {
+		refs, err := ListRemoteRefsFastSsh(ctx, url, sshPool, auth)
 		if err == nil {
 			return refs, nil
 		}
-		status.Warning(g.ctx, "Fast listing of remote refs failed: %s", err.Error())
+		status.Warning(ctx, "Fast listing of remote refs failed: %s", err.Error())
 	}
-	return g.listRemoteRefsSlow(r, auth)
+	return ListRemoteRefsSlow(ctx, url, auth)
 }
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 3c3a271c1..00eb928c6 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -24,6 +24,11 @@ import (
 
 var cacheBaseDir = filepath.Join(utils.GetTmpBaseDir(), "git-cache")
 
+var defaultFetch = []config.RefSpec{
+	"+refs/heads/*:refs/heads/*",
+	"+refs/tags/*:refs/tags/*",
+}
+
 type MirroredGitRepo struct {
 	ctx context.Context
 
@@ -200,7 +205,7 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error
 
 	auth := g.authProviders.BuildAuth(g.ctx, g.url)
 
-	remoteRefs, err := g.listRemoteRefs(r, auth)
+	remoteRefs, err := ListRemoteRefs(g.ctx, g.url, g.sshPool, auth)
 	if err != nil {
 		return err
 	}
@@ -302,12 +307,9 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 	}
 
 	_, err = repo.CreateRemote(&config.RemoteConfig{
-		Name: "origin",
-		URLs: []string{g.url.String()},
-		Fetch: []config.RefSpec{
-			"+refs/heads/*:refs/heads/*",
-			"+refs/tags/*:refs/tags/*",
-		},
+		Name:  "origin",
+		URLs:  []string{g.url.String()},
+		Fetch: defaultFetch,
 	})
 	if err != nil {
 		return err

From 317da3aeac29300e5b14543a13f24efc3b043528 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Sep 2022 15:18:02 +0200
Subject: [PATCH 0328/2268] refactor: Allow to trim/lstrip blocks in Jinja2

---
 pkg/jinja2/jinja2.go                     | 19 ++++++++++++++++++-
 pkg/jinja2/jinja2_renderer.go            |  8 ++++++++
 pkg/jinja2/python_src/jinja2_renderer.py |  6 +++++-
 pkg/jinja2/python_src/main.py            |  4 ++--
 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
index 2d433ec1a..62df03c34 100644
--- a/pkg/jinja2/jinja2.go
+++ b/pkg/jinja2/jinja2.go
@@ -35,11 +35,25 @@ type Jinja2Error struct {
 	error string
 }
 
+type Jinja2Opt func(j2 *pythonJinja2Renderer)
+
+func WithTrimBlocks(trimBlocks bool) Jinja2Opt {
+	return func(j2 *pythonJinja2Renderer) {
+		j2.trimBlocks = trimBlocks
+	}
+}
+
+func WithLStripBlocks(lstripBlocks bool) Jinja2Opt {
+	return func(j2 *pythonJinja2Renderer) {
+		j2.lstripBlocks = lstripBlocks
+	}
+}
+
 func (m *Jinja2Error) Error() string {
 	return m.error
 }
 
-func NewJinja2() (*Jinja2, error) {
+func NewJinja2(opts ...Jinja2Opt) (*Jinja2, error) {
 	var wg sync.WaitGroup
 	var mutex sync.Mutex
 	var err error
@@ -61,6 +75,9 @@ func NewJinja2() (*Jinja2, error) {
 				err = err2
 				return
 			}
+			for _, o := range opts {
+				o(pj)
+			}
 			j.pj <- pj
 		}()
 	}
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
index 687669507..bcbd36edb 100644
--- a/pkg/jinja2/jinja2_renderer.go
+++ b/pkg/jinja2/jinja2_renderer.go
@@ -23,6 +23,9 @@ type pythonJinja2Renderer struct {
 	stdout io.ReadCloser
 
 	stdoutReader *bufio.Reader
+
+	trimBlocks   bool
+	lstripBlocks bool
 }
 
 func newPythonJinja2Renderer() (*pythonJinja2Renderer, error) {
@@ -123,6 +126,9 @@ type jinja2Args struct {
 	SearchDirs []string `json:"searchDirs"`
 	Vars       string   `json:"vars"`
 	Strict     bool     `json:"strict"`
+
+	TrimBlocks   bool `json:"trimBlocks"`
+	LStripBlocks bool `json:"lstripBlocks"`
 }
 
 type jinja2Result struct {
@@ -147,6 +153,8 @@ func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []stri
 	jargs.Vars = string(varsStr)
 	jargs.SearchDirs = searchDirs
 	jargs.Strict = strict
+	jargs.TrimBlocks = j.trimBlocks
+	jargs.LStripBlocks = j.lstripBlocks
 
 	for _, job := range jobs {
 		if ist, r := isMaybeTemplate(job.Template, searchDirs, isString); !ist {
diff --git a/pkg/jinja2/python_src/jinja2_renderer.py b/pkg/jinja2/python_src/jinja2_renderer.py
index 52e868b30..fbc1a1364 100644
--- a/pkg/jinja2/python_src/jinja2_renderer.py
+++ b/pkg/jinja2/python_src/jinja2_renderer.py
@@ -27,6 +27,9 @@ def _return_self(self, other):
     __pow__ = __rpow__ = _return_self
 
 class Jinja2Renderer:
+    def __init__(self, trim_blocks=False, lstrip_blocks=False):
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
 
     def get_image_wrapper(self, image, latest_version=None):
         if latest_version is None:
@@ -74,7 +77,8 @@ def build_env(self, vars_str, search_dirs, strict):
         environment = KluctlJinja2Environment(loader=FileSystemLoader(search_dirs),
                                               undefined=StrictUndefined if strict else NullUndefined,
                                               cache_size=10000,
-                                              auto_reload=False)
+                                              auto_reload=False,
+                                              trim_blocks=self.trim_blocks, lstrip_blocks=self.lstrip_blocks)
         merge_dict(environment.globals, vars, clone=False)
 
         add_jinja2_filters(environment)
diff --git a/pkg/jinja2/python_src/main.py b/pkg/jinja2/python_src/main.py
index 4f35ec9b7..15916d2c3 100644
--- a/pkg/jinja2/python_src/main.py
+++ b/pkg/jinja2/python_src/main.py
@@ -5,14 +5,14 @@
 
 
 def main():
-    r = Jinja2Renderer()
-
     while True:
         args = sys.stdin.readline()
         if not args:
             break
         args = json.loads(args)
 
+        r = Jinja2Renderer(args.get("trimBlocks", False), args.get("lstripBlocks", False))
+
         if args["cmd"] == "render-strings":
             result = r.RenderStrings(args["templates"], args["searchDirs"] or [], args["vars"], args["strict"])
         elif args["cmd"] == "render-files":

From a0713fbde6841fb692b953189c44de8a7503a726 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Sep 2022 16:26:00 +0200
Subject: [PATCH 0329/2268] chore: Run go get -u ./...

---
 go.mod | 58 ++++++++++++++++++++++++++--------------------------
 go.sum | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index df2bf20cd..eb85f2f1c 100644
--- a/go.mod
+++ b/go.mod
@@ -5,12 +5,12 @@ go 1.19
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.80
-	github.com/bitnami-labs/sealed-secrets v0.18.1
+	github.com/aws/aws-sdk-go v1.44.89
+	github.com/bitnami-labs/sealed-secrets v0.18.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
-	github.com/fluxcd/pkg/kustomize v0.5.3
+	github.com/fluxcd/pkg/kustomize v0.7.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
 	github.com/gobwas/glob v0.2.3
@@ -21,35 +21,35 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a
+	github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.14.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.8.1
+	github.com/rogpeppe/go-internal v1.9.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.12.0
 	github.com/stretchr/testify v1.8.0
-	github.com/vbauerster/mpb/v7 v7.4.2
+	github.com/vbauerster/mpb/v7 v7.5.2
 	github.com/whilp/git-urls v1.0.0
-	github.com/xanzy/ssh-agent v0.3.1
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
-	golang.org/x/net v0.0.0-20220812174116-3211cb980234
+	github.com/xanzy/ssh-agent v0.3.2
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde
-	golang.org/x/sys v0.0.0-20220818161305-2296e01440c6
+	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261
 	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
 	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.9.3
-	k8s.io/api v0.24.4
-	k8s.io/apiextensions-apiserver v0.24.4
-	k8s.io/apimachinery v0.24.4
-	k8s.io/client-go v0.24.4
+	helm.sh/helm/v3 v3.9.4
+	k8s.io/api v0.25.0
+	k8s.io/apiextensions-apiserver v0.25.0
+	k8s.io/apimachinery v0.25.0
+	k8s.io/client-go v0.25.0
 	k8s.io/klog/v2 v2.70.1
 	sigs.k8s.io/kind v0.14.0
 	sigs.k8s.io/kustomize/api v0.12.1
@@ -72,7 +72,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
@@ -83,7 +83,7 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
+	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.2.0 // indirect
 	github.com/containerd/containerd v1.6.8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -92,7 +92,7 @@ require (
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.2.2 // indirect
+	github.com/hashicorp/go-hclog v1.3.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.5 // indirect
@@ -174,7 +174,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -191,7 +191,7 @@ require (
 	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.4.0 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -199,22 +199,22 @@ require (
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220817180228-f738f5508c12 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 // indirect
+	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
 	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 // indirect
-	google.golang.org/grpc v1.48.0 // indirect
+	google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf // indirect
+	google.golang.org/grpc v1.49.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.24.4 // indirect
-	k8s.io/cli-runtime v0.24.4 // indirect
-	k8s.io/component-base v0.24.4 // indirect
+	k8s.io/apiserver v0.25.0 // indirect
+	k8s.io/cli-runtime v0.25.0 // indirect
+	k8s.io/component-base v0.25.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
-	k8s.io/kubectl v0.24.4 // indirect
-	k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 // indirect
+	k8s.io/kubectl v0.25.0 // indirect
+	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 // indirect
 	oras.land/oras-go v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index ed9d54a25..301f77c4e 100644
--- a/go.sum
+++ b/go.sum
@@ -94,10 +94,12 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -116,6 +118,8 @@ github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmU
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794 h1:efPD6snIrIBAfmZhcm7GQ72VHlzsQ/3OrghnnGEpJBM=
 github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
+github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -162,6 +166,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.80 h1:jEXGecSgPdvM5KnyDsSgFhZSm7WwaTp4h544Im4SfhI=
 github.com/aws/aws-sdk-go v1.44.80/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.89 h1:Xf5Pp9GsNSMRinAuWNiQd0vusXXb3IgYbNlxldhWS2Q=
+github.com/aws/aws-sdk-go v1.44.89/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -171,6 +177,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitnami-labs/sealed-secrets v0.18.1 h1:xXzi0Z6lArTykRGqCOC2rN3zN648zjQtkCzAVjJj9OY=
 github.com/bitnami-labs/sealed-secrets v0.18.1/go.mod h1:pOMGS1imRiIPLm7OpdD/s/OfgQmLkKxTqWruSEiQqCM=
+github.com/bitnami-labs/sealed-secrets v0.18.2 h1:CfZD0JmhAPOQ7YqxrxZ90/+BjqTheWztBOYploqO6nc=
+github.com/bitnami-labs/sealed-secrets v0.18.2/go.mod h1:wlhaZ+SI5aJkpq9CyyP0pVLJEj4LPXLzLHb2TnID/Rc=
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
@@ -191,12 +199,15 @@ github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4r
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
+github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
+github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
 github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -275,6 +286,8 @@ github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQ
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@@ -322,6 +335,8 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/kustomize v0.5.3 h1:WpxNOV/Yklp0p7Qv85VwBegq9fABuLR9qSWaAVa3+yc=
 github.com/fluxcd/pkg/kustomize v0.5.3/go.mod h1:zy1FLxkEDADUykCnrXqq6rVN48t3uMhAb3ao+zv0rFE=
+github.com/fluxcd/pkg/kustomize v0.7.0 h1:604rlpRZTWaOfzDZ1W93aHaFh9kn8/UMX/wzsjwIUQY=
+github.com/fluxcd/pkg/kustomize v0.7.0/go.mod h1:zJY3Z0+SX+zs+/A1F6fCT0JvUce265XnrpTtHnujXPo=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -606,6 +621,8 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M=
 github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.3.0 h1:G0ACM8Z2WilWgPv3Vdzwm3V0BQu/kSmrkVtpe1fy9do=
+github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -737,6 +754,8 @@ github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQan
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a h1:2W9TlV8b6sqjIKhbp9bgKjusdF3HgQucFNmwGNb1N+Y=
 github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41 h1:sMQz3y4XtYS4YjAil3B8pxuhjPEObt0xMPMwmPZC9O0=
+github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -934,6 +953,7 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
+github.com/onsi/gomega v1.20.0 h1:8W0cWlwFkflGPLltQvLRB7ZVD5HuP6ng320w2IS245Q=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
@@ -955,6 +975,8 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.3 h1:h9JoA60e1dVEOpp0PFwJSmt1Htu057NUq9/bUwaO61s=
 github.com/pelletier/go-toml/v2 v2.0.3/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
+github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
@@ -1036,6 +1058,8 @@ github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ=
 github.com/rubenv/sql-migrate v1.1.2/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
@@ -1134,6 +1158,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
 github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
+github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
+github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
 github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
@@ -1163,6 +1189,8 @@ github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7Fw
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vbauerster/mpb/v7 v7.4.2 h1:n917F4d8EWdUKc9c81wFkksyG6P6Mg7IETfKCE1Xqng=
 github.com/vbauerster/mpb/v7 v7.4.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
+github.com/vbauerster/mpb/v7 v7.5.2 h1:Ph3JvpBcoIwzIG1QwbUq97KQifrTRbKcMXN9rN5BYAs=
+github.com/vbauerster/mpb/v7 v7.5.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -1171,6 +1199,8 @@ github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgw
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo=
 github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
+github.com/xanzy/ssh-agent v0.3.2 h1:eKj4SX2Fe7mui28ZgnFW5fmTz1EIr7ugo5s6wDxdHBM=
+github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1282,9 +1312,12 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1384,6 +1417,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
 golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1404,6 +1439,8 @@ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 h1:dtndE8FcEta75/4kHF3AbpuWzV6f1LjnLrM4pe2SZrw=
 golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1519,6 +1556,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 h1:Sx/u41w+OwrInGdEckYmEuU5gHoGSL4QbDz3S9s6j4U=
 golang.org/x/sys v0.0.0-20220818161305-2296e01440c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
+golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1756,6 +1795,8 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 h1:C2UVWqrgLYKrT5nh5oU6hLRm1AeEklCK5eloQA1NtFY=
 google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf h1:Q5xNKbTSFwkuaaGaR7CMcXEM5sy19KYdUU8iF8/iRC0=
+google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1787,6 +1828,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
 google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw=
+google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1853,6 +1896,8 @@ gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 helm.sh/helm/v3 v3.9.3 h1:etd4Qc45/bnIkBofZIRwrAzYuG3bNWR1EdMN4fsfzoE=
 helm.sh/helm/v3 v3.9.3/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
+helm.sh/helm/v3 v3.9.4 h1:TCI1QhJUeLVOdccfdw+vnSEO3Td6gNqibptB04QtExY=
+helm.sh/helm/v3 v3.9.4/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1863,23 +1908,38 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 k8s.io/api v0.24.4 h1:I5Y645gJ8zWKawyr78lVfDQkZrAViSbeRXsPZWTxmXk=
 k8s.io/api v0.24.4/go.mod h1:42pVfA0NRxrtJhZQOvRSyZcJihzAdU59WBtTjYcB0/M=
+k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
+k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
 k8s.io/apiextensions-apiserver v0.24.4 h1:w53Pm4zu8fCt9WfiRgS2YI6LE6I4NJ5aUi78GElD3K8=
 k8s.io/apiextensions-apiserver v0.24.4/go.mod h1:iDK+Xb4jsPNnRGj5jU/WqqjLvt8363M7cKixKe1C9+U=
+k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
+k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
 k8s.io/apimachinery v0.24.4 h1:S0Ur3J/PbivTcL43EdSdPhqCqKla2NIuneNwZcTDeGQ=
 k8s.io/apimachinery v0.24.4/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
+k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
+k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
 k8s.io/apiserver v0.24.4 h1:ei+OunC83pVEiagBeZhTnRZvkclHgpzs/rrm7aSBDYs=
 k8s.io/apiserver v0.24.4/go.mod h1:mAuC3pZVc0IDXLx7lUHoisBOtBa1SobfLW/CI3klXQE=
+k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
+k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
 k8s.io/cli-runtime v0.24.4 h1:YCSf0dZp+pYXVR/8aZQ6MEBSiicv8rLyVsGBEbRnwfY=
 k8s.io/cli-runtime v0.24.4/go.mod h1:RF+cSLYXkPV3WyvPrX2qeRLEUJY38INWx6jLKVLFCxM=
+k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q=
+k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
 k8s.io/client-go v0.24.4 h1:hIAIJZIPyaw46AkxwyR0FRfM/pRxpUNTd3ysYu9vyRg=
 k8s.io/client-go v0.24.4/go.mod h1:+AxlPWw/H6f+EJhRSjIeALaJT4tbeB/8g9BNvXGPd0Y=
+k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
+k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
 k8s.io/code-generator v0.24.4/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
 k8s.io/component-base v0.24.4 h1:WEGRp06GBYVwxp5JdiRaJ1zkdOhrqucxRv/8IrABLG0=
 k8s.io/component-base v0.24.4/go.mod h1:sWxkgcMfbYHadw0OJ0N+vIscd14/nqSIM2veCdg843o=
+k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
+k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
 k8s.io/component-helpers v0.24.4/go.mod h1:xAHlOKU8rAjLgXWJEsueWLR1LDMThbaPf2YvgKpSyQ8=
 k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
@@ -1891,11 +1951,15 @@ k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/kubectl v0.24.4 h1:fPEBkAV3/cu3BQVIUCXNngCCY62AlZ+2rkRVHcmJPn0=
 k8s.io/kubectl v0.24.4/go.mod h1:AVyJzxUwA5UMGTDyKGL6nd6RRW36FbmAdtIDMhrZtW0=
+k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
+k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
 k8s.io/metrics v0.24.4/go.mod h1:7D8Xm3DGZoJaiCS8+QA2EzdMuDlq0Y8SiOPUB/1BaGU=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 h1:XmRqFcQlCy/lKRZ39j+RVpokYNroHPqV3mcBRfnhT5o=
 k8s.io/utils v0.0.0-20220812165043-ad590609e2e5/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
+k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=

From d0e639c4ec6f6882d018b86d2ca501d61110bedf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Sep 2022 11:26:28 +0200
Subject: [PATCH 0330/2268] fix: Fix crash when secrets file has no "secrets"
 root

---
 pkg/vars/vars_loader.go | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 5afb09788..49ffe3e9b 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -108,6 +108,12 @@ func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string
 	}
 	if rootKey != "" {
 		newVars, _, err = newVars.GetNestedObject(rootKey)
+		if err != nil {
+			return err
+		}
+		if newVars == nil {
+			return fmt.Errorf("vars from %s have no '%s' root", path, rootKey)
+		}
 	}
 	v.mergeVars(varsCtx, newVars, rootKey)
 	return nil
@@ -146,7 +152,7 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 	if err != nil {
 		return err
 	}
-	return v.loadFromString(varsCtx, secret, rootKey)
+	return v.loadFromString(varsCtx, secret, "awsSecretsManager", rootKey)
 }
 
 func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
@@ -154,7 +160,7 @@ func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootK
 	if err != nil {
 		return err
 	}
-	return v.loadFromString(varsCtx, secret, rootKey)
+	return v.loadFromString(varsCtx, secret, "vault", rootKey)
 }
 
 func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
@@ -178,7 +184,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 		return err
 	}
 
-	return v.loadFromString(varsCtx, string(f), rootKey)
+	return v.loadFromString(varsCtx, string(f), "git", rootKey)
 }
 
 func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, base64Decode bool) error {
@@ -237,14 +243,14 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		}
 	}
 
-	err = v.loadFromString(varsCtx, value, rootKey)
+	err = v.loadFromString(varsCtx, value, "k8s", rootKey)
 	if err != nil {
 		return fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
 	}
 	return nil
 }
 
-func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, rootKey string) error {
+func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, secretType string, rootKey string) error {
 	newVars := uo.New()
 	err := v.renderYamlString(varsCtx, s, newVars)
 	if err != nil {
@@ -253,6 +259,12 @@ func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, rootKey string)
 
 	if rootKey != "" {
 		newVars, _, err = newVars.GetNestedObject(rootKey)
+		if err != nil {
+			return err
+		}
+		if newVars == nil {
+			return fmt.Errorf("%s secret has no '%s' root", secretType, rootKey)
+		}
 	}
 
 	v.mergeVars(varsCtx, newVars, rootKey)

From 9bf311f63a29d16825b96a2f7d1b518398159ec5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Sep 2022 11:32:39 +0200
Subject: [PATCH 0331/2268] chore: Run go mod tidy

---
 go.sum | 227 ---------------------------------------------------------
 1 file changed, 227 deletions(-)

diff --git a/go.sum b/go.sum
index 301f77c4e..d09bfb382 100644
--- a/go.sum
+++ b/go.sum
@@ -60,10 +60,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
 github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
-github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk=
 github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
@@ -87,19 +85,16 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
-github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -107,21 +102,14 @@ github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvd
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794 h1:efPD6snIrIBAfmZhcm7GQ72VHlzsQ/3OrghnnGEpJBM=
-github.com/ProtonMail/go-crypto v0.0.0-20220812175011-7fcef0dbe794/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -144,7 +132,6 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -156,7 +143,6 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/ashanbrown/forbidigo v1.2.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI=
@@ -164,25 +150,17 @@ github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9D
 github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.80 h1:jEXGecSgPdvM5KnyDsSgFhZSm7WwaTp4h544Im4SfhI=
-github.com/aws/aws-sdk-go v1.44.80/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.89 h1:Xf5Pp9GsNSMRinAuWNiQd0vusXXb3IgYbNlxldhWS2Q=
 github.com/aws/aws-sdk-go v1.44.89/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.18.1 h1:xXzi0Z6lArTykRGqCOC2rN3zN648zjQtkCzAVjJj9OY=
-github.com/bitnami-labs/sealed-secrets v0.18.1/go.mod h1:pOMGS1imRiIPLm7OpdD/s/OfgQmLkKxTqWruSEiQqCM=
 github.com/bitnami-labs/sealed-secrets v0.18.2 h1:CfZD0JmhAPOQ7YqxrxZ90/+BjqTheWztBOYploqO6nc=
 github.com/bitnami-labs/sealed-secrets v0.18.2/go.mod h1:wlhaZ+SI5aJkpq9CyyP0pVLJEj4LPXLzLHb2TnID/Rc=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
-github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec=
 github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
 github.com/breml/bidichk v0.1.1/go.mod h1:zbfeitpevDUGI7V91Uzzuwrn4Vls8MoBMrwtt78jmso=
@@ -197,15 +175,10 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
-github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
@@ -222,28 +195,17 @@ github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo=
-github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
-github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
 github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
@@ -265,11 +227,9 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
 github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCFFnBUn4RN0nRcs1LJA=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
 github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -284,8 +244,6 @@ github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5Xh
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
@@ -293,9 +251,6 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
@@ -308,21 +263,16 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/esimonov/ifshort v1.0.3/go.mod h1:yZqNJUrNn20K8Q9n2CrjTKYyVEmX209Hgu+M1LBpeZE=
 github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
-github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
@@ -331,15 +281,10 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/pkg/kustomize v0.5.3 h1:WpxNOV/Yklp0p7Qv85VwBegq9fABuLR9qSWaAVa3+yc=
-github.com/fluxcd/pkg/kustomize v0.5.3/go.mod h1:zy1FLxkEDADUykCnrXqq6rVN48t3uMhAb3ao+zv0rFE=
 github.com/fluxcd/pkg/kustomize v0.7.0 h1:604rlpRZTWaOfzDZ1W93aHaFh9kn8/UMX/wzsjwIUQY=
 github.com/fluxcd/pkg/kustomize v0.7.0/go.mod h1:zJY3Z0+SX+zs+/A1F6fCT0JvUce265XnrpTtHnujXPo=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -347,15 +292,11 @@ github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
-github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
-github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
-github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
-github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
@@ -381,22 +322,17 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro=
 github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
@@ -451,14 +387,11 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -500,18 +433,13 @@ github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZ
 github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
 github.com/golangci/revgrep v0.0.0-20210930125155-c22e5001d4f2/go.mod h1:LK+zW4MpyytAWQRz0M4xnzEk50lSvqDQKfx304apFkY=
 github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
-github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w=
-github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA=
 github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
 github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs=
-github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ=
 github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
 github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -531,7 +459,6 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
 github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -567,7 +494,6 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -594,15 +520,11 @@ github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod
 github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
-github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
@@ -619,8 +541,6 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M=
-github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-hclog v1.3.0 h1:G0ACM8Z2WilWgPv3Vdzwm3V0BQu/kSmrkVtpe1fy9do=
 github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -688,7 +608,6 @@ github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -718,7 +637,6 @@ github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/josharian/txtarfs v0.0.0-20210218200122-0702f000015a/go.mod h1:izVPOvVRsHiKkeGCT6tYBNWyDVuzj9wAaBb5R9qamfw=
@@ -752,8 +670,6 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a h1:2W9TlV8b6sqjIKhbp9bgKjusdF3HgQucFNmwGNb1N+Y=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220819065415-624185ed2c0a/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
 github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41 h1:sMQz3y4XtYS4YjAil3B8pxuhjPEObt0xMPMwmPZC9O0=
 github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -794,18 +710,14 @@ github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
 github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
 github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU=
@@ -841,7 +753,6 @@ github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mN
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
@@ -895,7 +806,6 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
-github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI=
 github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -913,14 +823,12 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8=
 github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo=
 github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
 github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
@@ -928,31 +836,24 @@ github.com/nishanths/exhaustive v0.2.3/go.mod h1:bhIX678Nx8inLM9PbpvK1yv6oGtoP8B
 github.com/nishanths/predeclared v0.0.0-20190419143655-18a43bb90ffc/go.mod h1:62PewwiQTlm/7Rj+cxVYqZvDIUc+JjZq6GHAC1fsObQ=
 github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB9sbB1usJ+xjQE=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
 github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
-github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/onsi/gomega v1.20.0 h1:8W0cWlwFkflGPLltQvLRB7ZVD5HuP6ng320w2IS245Q=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -973,8 +874,6 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.3 h1:h9JoA60e1dVEOpp0PFwJSmt1Htu057NUq9/bUwaO61s=
-github.com/pelletier/go-toml/v2 v2.0.3/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
 github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
 github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -998,9 +897,7 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
-github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
@@ -1014,8 +911,6 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
@@ -1025,7 +920,6 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+
 github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
@@ -1034,7 +928,6 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/pseudomuto/protoc-gen-doc v1.3.2/go.mod h1:y5+P6n3iGrbKG+9O04V5ld71in3v/bX88wUwgt+U8EA=
 github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
@@ -1056,8 +949,6 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
@@ -1101,7 +992,6 @@ github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5N
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI=
 github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -1117,7 +1007,6 @@ github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
@@ -1125,13 +1014,11 @@ github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJ
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
 github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
@@ -1140,7 +1027,6 @@ github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRk
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -1156,8 +1042,6 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
-github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
@@ -1171,7 +1055,6 @@ github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcy
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tomarrell/wrapcheck/v2 v2.4.0/go.mod h1:68bQ/eJg55BROaRTbMjC7vuhL2OgfoG8bLp9ZyoBfyY=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
 github.com/tommy-muehle/go-mnd/v2 v2.4.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
@@ -1187,8 +1070,6 @@ github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbauerster/mpb/v7 v7.4.2 h1:n917F4d8EWdUKc9c81wFkksyG6P6Mg7IETfKCE1Xqng=
-github.com/vbauerster/mpb/v7 v7.4.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
 github.com/vbauerster/mpb/v7 v7.5.2 h1:Ph3JvpBcoIwzIG1QwbUq97KQifrTRbKcMXN9rN5BYAs=
 github.com/vbauerster/mpb/v7 v7.5.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
@@ -1197,8 +1078,6 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6Ac
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
-github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo=
-github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w=
 github.com/xanzy/ssh-agent v0.3.2 h1:eKj4SX2Fe7mui28ZgnFW5fmTz1EIr7ugo5s6wDxdHBM=
 github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1209,7 +1088,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
 github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
 github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
@@ -1224,27 +1102,17 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6yfWfDmlWd35khcWpUa4L0xI/k=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
-go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
-go.etcd.io/etcd/client/v3 v3.5.1/go.mod h1:OnjH4M8OnAotwaB2l9bVgZzRFKru7/ZMoS46OtKyd3Q=
-go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE=
-go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc=
-go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4=
 go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
@@ -1254,19 +1122,7 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4=
-go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo=
-go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM=
-go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
-go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
-go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc=
-go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE=
-go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE=
-go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
 go.starlark.net v0.0.0-20220817180228-f738f5508c12 h1:xOBJXWGEDwU5xSDxH6macxO11Us0AH2fTa9rmsbbF7g=
 go.starlark.net v0.0.0-20220817180228-f738f5508c12/go.mod h1:VZcBMdr3cT3PnBoWunTabuSEXwVAH+ZJ5zxfs3AdASk=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -1275,7 +1131,6 @@ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
@@ -1284,7 +1139,6 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1300,22 +1154,17 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1355,7 +1204,6 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1375,7 +1223,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1397,7 +1244,6 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -1410,13 +1256,9 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220812174116-3211cb980234 h1:RDqmgfe7SvlMWoqC3xwQ2blLO3fcWcxMa3eBLRdRW7E=
-golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1435,10 +1277,7 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 h1:dtndE8FcEta75/4kHF3AbpuWzV6f1LjnLrM4pe2SZrw=
-golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1480,7 +1319,6 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1502,13 +1340,11 @@ golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1538,24 +1374,19 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220818161305-2296e01440c6 h1:Sx/u41w+OwrInGdEckYmEuU5gHoGSL4QbDz3S9s6j4U=
-golang.org/x/sys v0.0.0-20220818161305-2296e01440c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1578,8 +1409,6 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1641,7 +1470,6 @@ golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200422022333-3d57cf2e726e/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -1686,7 +1514,6 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1766,8 +1593,6 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1791,10 +1616,7 @@ google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKr
 google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
 google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 h1:C2UVWqrgLYKrT5nh5oU6hLRm1AeEklCK5eloQA1NtFY=
-google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
 google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf h1:Q5xNKbTSFwkuaaGaR7CMcXEM5sy19KYdUU8iF8/iRC0=
 google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
@@ -1826,8 +1648,6 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
 google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
-google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw=
 google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
@@ -1860,17 +1680,13 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
@@ -1893,9 +1709,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-helm.sh/helm/v3 v3.9.3 h1:etd4Qc45/bnIkBofZIRwrAzYuG3bNWR1EdMN4fsfzoE=
-helm.sh/helm/v3 v3.9.3/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
 helm.sh/helm/v3 v3.9.4 h1:TCI1QhJUeLVOdccfdw+vnSEO3Td6gNqibptB04QtExY=
 helm.sh/helm/v3 v3.9.4/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1906,58 +1719,27 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.24.4 h1:I5Y645gJ8zWKawyr78lVfDQkZrAViSbeRXsPZWTxmXk=
-k8s.io/api v0.24.4/go.mod h1:42pVfA0NRxrtJhZQOvRSyZcJihzAdU59WBtTjYcB0/M=
 k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
 k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
-k8s.io/apiextensions-apiserver v0.24.4 h1:w53Pm4zu8fCt9WfiRgS2YI6LE6I4NJ5aUi78GElD3K8=
-k8s.io/apiextensions-apiserver v0.24.4/go.mod h1:iDK+Xb4jsPNnRGj5jU/WqqjLvt8363M7cKixKe1C9+U=
 k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
 k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
-k8s.io/apimachinery v0.24.4 h1:S0Ur3J/PbivTcL43EdSdPhqCqKla2NIuneNwZcTDeGQ=
-k8s.io/apimachinery v0.24.4/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM=
 k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
 k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
-k8s.io/apiserver v0.24.4 h1:ei+OunC83pVEiagBeZhTnRZvkclHgpzs/rrm7aSBDYs=
-k8s.io/apiserver v0.24.4/go.mod h1:mAuC3pZVc0IDXLx7lUHoisBOtBa1SobfLW/CI3klXQE=
 k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
 k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
-k8s.io/cli-runtime v0.24.4 h1:YCSf0dZp+pYXVR/8aZQ6MEBSiicv8rLyVsGBEbRnwfY=
-k8s.io/cli-runtime v0.24.4/go.mod h1:RF+cSLYXkPV3WyvPrX2qeRLEUJY38INWx6jLKVLFCxM=
 k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q=
 k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
-k8s.io/client-go v0.24.4 h1:hIAIJZIPyaw46AkxwyR0FRfM/pRxpUNTd3ysYu9vyRg=
-k8s.io/client-go v0.24.4/go.mod h1:+AxlPWw/H6f+EJhRSjIeALaJT4tbeB/8g9BNvXGPd0Y=
 k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
 k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
-k8s.io/code-generator v0.24.4/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w=
-k8s.io/component-base v0.24.4 h1:WEGRp06GBYVwxp5JdiRaJ1zkdOhrqucxRv/8IrABLG0=
-k8s.io/component-base v0.24.4/go.mod h1:sWxkgcMfbYHadw0OJ0N+vIscd14/nqSIM2veCdg843o=
 k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
 k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
-k8s.io/component-helpers v0.24.4/go.mod h1:xAHlOKU8rAjLgXWJEsueWLR1LDMThbaPf2YvgKpSyQ8=
-k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
-k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
-k8s.io/kubectl v0.24.4 h1:fPEBkAV3/cu3BQVIUCXNngCCY62AlZ+2rkRVHcmJPn0=
-k8s.io/kubectl v0.24.4/go.mod h1:AVyJzxUwA5UMGTDyKGL6nd6RRW36FbmAdtIDMhrZtW0=
 k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
 k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
-k8s.io/metrics v0.24.4/go.mod h1:7D8Xm3DGZoJaiCS8+QA2EzdMuDlq0Y8SiOPUB/1BaGU=
-k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 h1:XmRqFcQlCy/lKRZ39j+RVpokYNroHPqV3mcBRfnhT5o=
-k8s.io/utils v0.0.0-20220812165043-ad590609e2e5/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
@@ -1969,25 +1751,16 @@ oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
-sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
 sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
-sigs.k8s.io/kustomize/api v0.11.4/go.mod h1:k+8RsqYbgpkIrJ4p9jcdPqe8DprLxFUUO0yNOq8C+xI=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
-sigs.k8s.io/kustomize/cmd/config v0.10.6/go.mod h1:/S4A4nUANUa4bZJ/Edt7ZQTyKOY9WCER0uBS1SW2Rco=
-sigs.k8s.io/kustomize/kustomize/v4 v4.5.4/go.mod h1:Zo/Xc5FKD6sHl0lilbrieeGeZHVYCA4BzxeAaLI05Bg=
-sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
 sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

From fc0b6af6e72d705f219538b10e90392458dfd657 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Sep 2022 10:53:05 +0200
Subject: [PATCH 0332/2268] fix: Prefer fixed-images passed via command line
 over images configured anywhere else

---
 cmd/kluctl/commands/utils.go         | 4 +---
 pkg/deployment/images.go             | 7 +++++++
 pkg/kluctl_project/target_context.go | 4 +---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3ab20e9be..ed0257f38 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -136,9 +136,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return err
 	}
-	for _, fi := range fixedImages {
-		images.AddFixedImage(fi)
-	}
+	images.PrependFixedImages(fixedImages)
 
 	inclusion, err := args.inclusionFlags.ParseInclusionFromArgs()
 	if err != nil {
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index f7ef098e7..8dc9c5f77 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -41,6 +41,13 @@ func (images *Images) AddFixedImage(fi types.FixedImage) {
 	images.fixedImages = append(images.fixedImages, fi)
 }
 
+func (images *Images) PrependFixedImages(fis []types.FixedImage) {
+	var newFixedImages []types.FixedImage
+	newFixedImages = append(newFixedImages, fis...)
+	newFixedImages = append(newFixedImages, images.fixedImages...)
+	images.fixedImages = newFixedImages
+}
+
 func (images *Images) SeenImages(simple bool) []types.FixedImage {
 	var ret []types.FixedImage
 	for _, fi := range images.seenImages {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index b5ed711fd..47d187a36 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -39,9 +39,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		}
 		target = t.Target
 
-		for _, fi := range target.Images {
-			images.AddFixedImage(fi)
-		}
+		images.PrependFixedImages(target.Images)
 	}
 
 	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, args, forSeal)

From 29ad3cfb633613fb36a299b4d444f69162824f5b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Sep 2022 13:24:39 +0200
Subject: [PATCH 0333/2268] fix: Don't write addresses into known_hosts to
 avoid issues with IPV6 parsing

---
 pkg/git/auth/goph/hosts.go | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/pkg/git/auth/goph/hosts.go b/pkg/git/auth/goph/hosts.go
index e2d9bec1e..10b8cdeb3 100644
--- a/pkg/git/auth/goph/hosts.go
+++ b/pkg/git/auth/goph/hosts.go
@@ -96,14 +96,7 @@ func AddKnownHost(host string, remote net.Addr, key ssh.PublicKey, knownFile str
 
 	defer f.Close()
 
-	remoteNormalized := knownhosts.Normalize(remote.String())
-	hostNormalized := knownhosts.Normalize(host)
-	addresses := []string{remoteNormalized}
-
-	if hostNormalized != remoteNormalized {
-		addresses = append(addresses, hostNormalized)
-	}
-
+	addresses := []string{host}
 	_, err = f.WriteString(knownhosts.Line(addresses, key) + "\n")
 
 	return err

From 2889a9f2af1660edcc84c5dbb501dff0eb325ae3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Sep 2022 22:29:09 +0200
Subject: [PATCH 0334/2268] fix: Stop using mpb and instead rely on uilive

---
 go.mod                            |   4 +-
 go.sum                            |   8 +-
 pkg/status/multiline/multiline.go | 133 ++++++++++++++++++++++++++++++
 pkg/status/multiline/spinner.go   |  13 +++
 pkg/status/status_handler.go      | 102 ++++++++++++-----------
 pkg/status/utils.go               |   2 +-
 6 files changed, 203 insertions(+), 59 deletions(-)
 create mode 100644 pkg/status/multiline/multiline.go
 create mode 100644 pkg/status/multiline/spinner.go

diff --git a/go.mod b/go.mod
index eb85f2f1c..a17436d62 100644
--- a/go.mod
+++ b/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.11.0
+	github.com/gosuri/uilive v0.0.4
 	github.com/hashicorp/vault/api v1.7.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
@@ -34,7 +35,6 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.12.0
 	github.com/stretchr/testify v1.8.0
-	github.com/vbauerster/mpb/v7 v7.5.2
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
 	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
@@ -73,8 +73,6 @@ require (
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
-	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/armon/go-metrics v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index d09bfb382..a4812274e 100644
--- a/go.sum
+++ b/go.sum
@@ -112,10 +112,6 @@ github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErI
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
-github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
-github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
-github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -518,6 +514,8 @@ github.com/gostaticanalysis/forcetypeassert v0.0.0-20200621232751-01d4955beaa5/g
 github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
 github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
 github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU=
+github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY=
+github.com/gosuri/uilive v0.0.4/go.mod h1:V/epo5LjjlDE5RJUcqx8dbw+zc93y5Ya3yg8tfZ74VI=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
@@ -1070,8 +1068,6 @@ github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/vbauerster/mpb/v7 v7.5.2 h1:Ph3JvpBcoIwzIG1QwbUq97KQifrTRbKcMXN9rN5BYAs=
-github.com/vbauerster/mpb/v7 v7.5.2/go.mod h1:UmOiIUI8aPqWXIps0ciik3RKMdzx7+ooQpq+fBcXwBA=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
diff --git a/pkg/status/multiline/multiline.go b/pkg/status/multiline/multiline.go
new file mode 100644
index 000000000..f2a67889e
--- /dev/null
+++ b/pkg/status/multiline/multiline.go
@@ -0,0 +1,133 @@
+package multiline
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/gosuri/uilive"
+	"io"
+	"sync"
+	"time"
+)
+
+type MultiLinePrinter struct {
+	topLines []*Line
+	lines    []*Line
+
+	uil         *uilive.Writer
+	lastWritten []byte
+
+	ticker *time.Ticker
+	tdone  chan bool
+
+	mutex sync.Mutex
+}
+
+type LineFunc func() string
+
+type Line struct {
+	ml *MultiLinePrinter
+	s  LineFunc
+}
+
+func (ml *MultiLinePrinter) Start(w io.Writer) {
+	ml.uil = uilive.New()
+	ml.uil.Out = w
+	ml.uil.Start()
+
+	ml.ticker = time.NewTicker(100 * time.Millisecond)
+	ml.tdone = make(chan bool)
+
+	go ml.loop()
+}
+
+func (ml *MultiLinePrinter) Stop() {
+	ml.Flush()
+	ml.tdone <- true
+	<-ml.tdone
+	ml.uil.Stop()
+}
+
+func (ml *MultiLinePrinter) loop() {
+	for {
+		select {
+		case <-ml.ticker.C:
+			if ml.ticker != nil {
+				ml.Flush()
+			}
+		case <-ml.tdone:
+			ml.mutex.Lock()
+			ml.ticker.Stop()
+			ml.ticker = nil
+			ml.mutex.Unlock()
+			close(ml.tdone)
+			return
+		}
+	}
+}
+
+func (ml *MultiLinePrinter) Flush() {
+	ml.mutex.Lock()
+	defer ml.mutex.Unlock()
+
+	hadTopLines := false
+	if len(ml.topLines) != 0 {
+		hadTopLines = true
+		topBuf := bytes.NewBuffer(nil)
+		for _, l := range ml.topLines {
+			_, _ = fmt.Fprintf(topBuf, "%s\n", l.s())
+		}
+
+		_, _ = ml.uil.Bypass().Write(topBuf.Bytes())
+		ml.topLines = nil
+	}
+
+	linesBuf := bytes.NewBuffer(nil)
+	for _, l := range ml.lines {
+		_, _ = fmt.Fprintf(linesBuf, "%s\n", l.s())
+	}
+	newBytes := linesBuf.Bytes()
+	if hadTopLines || !bytes.Equal(newBytes, ml.lastWritten) {
+		_, _ = ml.uil.Write(newBytes)
+		ml.lastWritten = newBytes
+	}
+}
+
+func (ml *MultiLinePrinter) NewTopLine(s LineFunc) {
+	ml.mutex.Lock()
+	defer ml.mutex.Unlock()
+
+	l := &Line{
+		ml: ml,
+		s:  s,
+	}
+	ml.topLines = append(ml.topLines, l)
+}
+
+func (ml *MultiLinePrinter) NewLine(s LineFunc) *Line {
+	ml.mutex.Lock()
+	defer ml.mutex.Unlock()
+
+	l := &Line{
+		ml: ml,
+		s:  s,
+	}
+	ml.lines = append(ml.lines, l)
+
+	return l
+}
+
+func (l *Line) Remove(pushToTop bool) {
+	l.ml.mutex.Lock()
+	defer l.ml.mutex.Unlock()
+
+	for i, l2 := range l.ml.lines {
+		if l2 == l {
+			l.ml.lines = append(l.ml.lines[:i], l.ml.lines[i+1:]...)
+
+			if pushToTop {
+				l.ml.topLines = append(l.ml.topLines, l)
+			}
+			break
+		}
+	}
+}
diff --git a/pkg/status/multiline/spinner.go b/pkg/status/multiline/spinner.go
new file mode 100644
index 000000000..b686973ab
--- /dev/null
+++ b/pkg/status/multiline/spinner.go
@@ -0,0 +1,13 @@
+package multiline
+
+import (
+	"time"
+)
+
+var spinner = []string{"⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"}
+
+func Spinner() string {
+	factor := int64(100)
+	frame := int((time.Now().UnixMilli() / factor) % int64(len(spinner)))
+	return spinner[frame]
+}
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 7b5a85a82..34f2bd717 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -2,13 +2,12 @@ package status
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status/multiline"
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
-	"github.com/vbauerster/mpb/v7"
-	"github.com/vbauerster/mpb/v7/decor"
 	"io"
-	"math"
 	"strings"
+	"sync"
 	"syscall"
 )
 
@@ -16,18 +15,22 @@ type MultiLineStatusHandler struct {
 	ctx        context.Context
 	out        io.Writer
 	isTerminal bool
-	progress   *mpb.Progress
 	trace      bool
+
+	ml *multiline.MultiLinePrinter
 }
 
 type statusLine struct {
-	slh     *MultiLineStatusHandler
+	slh *MultiLineStatusHandler
+	l   *multiline.Line
+
+	current int
 	total   int
-	bar     *mpb.Bar
-	filler  mpb.BarFiller
 	message string
 
 	barOverride string
+
+	mutex sync.Mutex
 }
 
 func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bool, trace bool) *MultiLineStatusHandler {
@@ -52,8 +55,7 @@ func (s *MultiLineStatusHandler) IsTraceEnabled() bool {
 }
 
 func (s *MultiLineStatusHandler) Flush() {
-	s.Stop()
-	s.start()
+	s.ml.Flush()
 }
 
 func (s *MultiLineStatusHandler) SetTrace(trace bool) {
@@ -61,60 +63,43 @@ func (s *MultiLineStatusHandler) SetTrace(trace bool) {
 }
 
 func (s *MultiLineStatusHandler) start() {
-	s.progress = mpb.NewWithContext(
-		s.ctx,
-		mpb.WithWidth(utils.GetTermWidth()),
-		mpb.WithOutput(s.out),
-		mpb.PopCompletedMode(),
-	)
+	s.ml = &multiline.MultiLinePrinter{}
+	s.ml.Start(s.out)
 }
 
 func (s *MultiLineStatusHandler) Stop() {
-	s.progress.Wait()
+	s.ml.Stop()
 }
 
 func (s *MultiLineStatusHandler) StartStatus(total int, message string) StatusLine {
-	return s.startStatus(total, message, 0, "")
+	return s.startStatus(total, message, "")
 }
 
-func (s *MultiLineStatusHandler) startStatus(total int, message string, priority int, barOverride string) *statusLine {
+func (s *MultiLineStatusHandler) startStatus(total int, message string, barOverride string) *statusLine {
 	sl := &statusLine{
 		slh:         s,
 		total:       total,
 		message:     message,
 		barOverride: barOverride,
 	}
-	sl.filler = mpb.SpinnerStyle().PositionLeft().Build()
 
-	opts := []mpb.BarOption{
-		mpb.BarWidth(1),
-		mpb.AppendDecorators(decor.Any(sl.DecorMessage, decor.WCSyncWidthR)),
-	}
-	if priority != 0 {
-		opts = append(opts, mpb.BarPriority(priority))
-	}
-
-	sl.bar = s.progress.Add(int64(total), sl, opts...)
+	sl.l = sl.slh.ml.NewLine(sl.lineFunc)
 
 	return sl
 }
 
-func (sl *statusLine) DecorMessage(s decor.Statistics) string {
-	return sl.message
-}
-
-func (sl *statusLine) Fill(w io.Writer, reqWidth int, stat decor.Statistics) {
-	if sl.barOverride != "" {
-		_, _ = io.WriteString(w, sl.barOverride)
-		return
+func (s *MultiLineStatusHandler) printLine(message string, barOverride string, doFlush bool) {
+	s.ml.NewTopLine(func() string {
+		return fmt.Sprintf("%s %s", barOverride, message)
+	})
+	if doFlush {
+		s.Flush()
 	}
-
-	sl.filler.Fill(w, reqWidth, stat)
 }
 
 func (s *MultiLineStatusHandler) Info(message string) {
 	o := withColor("green", "ⓘ")
-	s.startStatus(1, message, math.MinInt, o).end(o)
+	s.printLine(message, o, true)
 }
 
 func (s *MultiLineStatusHandler) InfoFallback(message string) {
@@ -123,12 +108,12 @@ func (s *MultiLineStatusHandler) InfoFallback(message string) {
 
 func (s *MultiLineStatusHandler) Warning(message string) {
 	o := withColor("yellow", "⚠")
-	s.startStatus(1, message, math.MinInt, o).end(o)
+	s.printLine(message, o, true)
 }
 
 func (s *MultiLineStatusHandler) Error(message string) {
 	o := withColor("red", "✗")
-	s.startStatus(1, message, math.MinInt, o).end(o)
+	s.printLine(message, o, true)
 }
 
 func (s *MultiLineStatusHandler) Trace(message string) {
@@ -143,7 +128,7 @@ func (s *MultiLineStatusHandler) PlainText(text string) {
 
 func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string, error) {
 	o := withColor("yellow", "?")
-	sl := s.startStatus(1, message, math.MinInt, o)
+	sl := s.startStatus(1, message, o)
 	defer sl.end(o)
 
 	doUpdate := func(ret []byte) {
@@ -159,28 +144,47 @@ func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string,
 	return string(ret), err
 }
 
+func (sl *statusLine) lineFunc() string {
+	sl.mutex.Lock()
+	defer sl.mutex.Unlock()
+
+	if sl.barOverride != "" {
+		return fmt.Sprintf("%s %s", sl.barOverride, sl.message)
+	}
+
+	s := multiline.Spinner()
+	return fmt.Sprintf("%s %s", s, sl.message)
+}
+
 func (sl *statusLine) SetTotal(total int) {
+	sl.mutex.Lock()
+	defer sl.mutex.Unlock()
 	sl.total = total
-	sl.bar.SetTotal(int64(total), false)
-	sl.bar.EnableTriggerComplete()
 }
 
 func (sl *statusLine) Increment() {
-	sl.bar.Increment()
+	sl.mutex.Lock()
+	defer sl.mutex.Unlock()
+	if sl.current < sl.total {
+		sl.current++
+	}
 }
 
 func (sl *statusLine) Update(message string) {
+	sl.mutex.Lock()
+	defer sl.mutex.Unlock()
 	sl.message = message
 }
 
 func (sl *statusLine) end(barOverride string) {
 	sl.barOverride = barOverride
-	// make sure that the bar es rendered on top so that it can be properly popped
-	sl.bar.SetPriority(math.MinInt)
-	sl.bar.SetCurrent(int64(sl.total))
+	sl.current = sl.total
+	sl.l.Remove(true)
 }
 
 func (sl *statusLine) End(result EndResult) {
+	sl.mutex.Lock()
+	defer sl.mutex.Unlock()
 	switch result {
 	case EndSuccess:
 		sl.end(withColor("green", "✓"))
diff --git a/pkg/status/utils.go b/pkg/status/utils.go
index 0a2edfc82..21555d432 100644
--- a/pkg/status/utils.go
+++ b/pkg/status/utils.go
@@ -31,7 +31,7 @@ type replaceRReader struct {
 
 func (r *replaceRReader) Read(p []byte) (int, error) {
 	written := 0
-	for true {
+	for written < len(p) {
 		b, err := r.reader.ReadByte()
 		if err != nil {
 			if err == io.EOF {

From 1189a4598dbe2bd3e40ee74ed586109e63595b0e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Sep 2022 15:23:38 +0200
Subject: [PATCH 0335/2268] feat: Switch to go-jinja2 library

---
 cmd/kluctl/commands/utils.go             |   6 +-
 go.mod                                   |   5 +-
 go.sum                                   |   5 +-
 pkg/deployment/deployment_item.go        |   9 +-
 pkg/deployment/deployment_project.go     |   3 +-
 pkg/jinja2/.gitignore                    |   2 -
 pkg/jinja2/jinja2.go                     | 255 -----------------------
 pkg/jinja2/jinja2_renderer.go            | 213 -------------------
 pkg/jinja2/python_src/.gitignore         |   4 -
 pkg/jinja2/python_src/.python-version    |   1 -
 pkg/jinja2/python_src/dict_utils.py      |  64 ------
 pkg/jinja2/python_src/jinja2_renderer.py | 122 -----------
 pkg/jinja2/python_src/jinja2_utils.py    | 140 -------------
 pkg/jinja2/python_src/jsonpath_utils.py  | 100 ---------
 pkg/jinja2/python_src/main.py            |  34 ---
 pkg/jinja2/python_src/yaml_utils.py      |  51 -----
 pkg/jinja2/render_struct.go              | 181 ----------------
 pkg/jinja2/source.go                     |  93 ---------
 pkg/kluctl_jinja2/embed.go               |   8 +
 pkg/kluctl_jinja2/ext/__init__.py        |   3 +
 pkg/kluctl_jinja2/ext/images_ext.py      |  53 +++++
 pkg/kluctl_jinja2/jinja2.go              |  23 ++
 pkg/kluctl_project/load.go               |   2 +-
 pkg/kluctl_project/project.go            |   2 +-
 pkg/kluctl_project/targets.go            |   4 +-
 pkg/utils/uo/uo.go                       |  16 ++
 pkg/utils/utils.go                       |   3 +-
 pkg/vars/vars.go                         |  37 +++-
 pkg/vars/vars_loader.go                  |  10 +-
 pkg/vars/vars_test.go                    |   5 +-
 30 files changed, 168 insertions(+), 1286 deletions(-)
 delete mode 100644 pkg/jinja2/.gitignore
 delete mode 100644 pkg/jinja2/jinja2.go
 delete mode 100644 pkg/jinja2/jinja2_renderer.go
 delete mode 100644 pkg/jinja2/python_src/.gitignore
 delete mode 100644 pkg/jinja2/python_src/.python-version
 delete mode 100644 pkg/jinja2/python_src/dict_utils.py
 delete mode 100644 pkg/jinja2/python_src/jinja2_renderer.py
 delete mode 100644 pkg/jinja2/python_src/jinja2_utils.py
 delete mode 100644 pkg/jinja2/python_src/jsonpath_utils.py
 delete mode 100644 pkg/jinja2/python_src/main.py
 delete mode 100644 pkg/jinja2/python_src/yaml_utils.py
 delete mode 100644 pkg/jinja2/render_struct.go
 delete mode 100644 pkg/jinja2/source.go
 create mode 100644 pkg/kluctl_jinja2/embed.go
 create mode 100644 pkg/kluctl_jinja2/ext/__init__.py
 create mode 100644 pkg/kluctl_jinja2/ext/images_ext.py
 create mode 100644 pkg/kluctl_jinja2/jinja2.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ed0257f38..9b50739d4 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -10,7 +10,7 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -39,14 +39,12 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	}
 	defer os.RemoveAll(tmpDir)
 
-	j2, err := jinja2.NewJinja2()
+	j2, err := kluctl_jinja2.NewKluctlJinja2(strictTemplates)
 	if err != nil {
 		return err
 	}
 	defer j2.Close()
 
-	j2.SetStrict(strictTemplates)
-
 	cwd, err := os.Getwd()
 	if err != nil {
 		return err
diff --git a/go.mod b/go.mod
index a17436d62..93aaf886c 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/fluxcd/pkg/kustomize v0.7.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.0
-	github.com/gobwas/glob v0.2.3
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.11.0
 	github.com/gosuri/uilive v0.0.4
@@ -22,7 +22,8 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41
+	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
+	github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
diff --git a/go.sum b/go.sum
index a4812274e..d4cf7fb99 100644
--- a/go.sum
+++ b/go.sum
@@ -668,8 +668,8 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41 h1:sMQz3y4XtYS4YjAil3B8pxuhjPEObt0xMPMwmPZC9O0=
-github.com/kluctl/kluctl-python-deps v0.0.0-20220819072433-e8107cc5ae41/go.mod h1:w4cTz1av5JFX9bMTB7Vm2qtmm5+eU+ncvB1/oyjVwOw=
+github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
+github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1380,7 +1380,6 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 959830915..e97bb48d2 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -128,7 +128,7 @@ func (di *DeploymentItem) render(forSeal bool) error {
 			}
 			if yaml.Exists(filepath.Join(p, "helm-chart.yml")) {
 				// never try to render helm charts
-				ep := filepath.Join(di.RelToProjectItemDir, relDir, "charts/**")
+				ep := filepath.Join(relDir, "charts/**")
 				ep = filepath.ToSlash(ep)
 				excludePatterns = append(excludePatterns, ep)
 				return filepath.SkipDir
@@ -145,7 +145,12 @@ func (di *DeploymentItem) render(forSeal bool) error {
 		excludePatterns = append(excludePatterns, "**.sealme")
 	}
 
-	return varsCtx.RenderDirectory(di.Project.source.dir, di.Project.getRenderSearchDirs(), di.Project.relDir, excludePatterns, di.RelToProjectItemDir, di.RenderedDir)
+	return varsCtx.RenderDirectory(
+		filepath.Join(di.Project.source.dir, di.RelToSourceItemDir),
+		di.RenderedDir,
+		excludePatterns,
+		di.Project.getRenderSearchDirs(),
+	)
 }
 
 func (di *DeploymentItem) renderHelmCharts() error {
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index a11c1e919..ecd599c31 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -75,8 +75,9 @@ func (p *DeploymentProject) loadConfig() error {
 		}
 		return fmt.Errorf("%s not found", configPath)
 	}
+	configPath = yaml.FixPathExt(configPath)
 
-	err := p.VarsCtx.RenderYamlFile(yaml.FixNameExt(p.absDir, "deployment.yml"), p.getRenderSearchDirs(), &p.Config)
+	err := p.VarsCtx.RenderYamlFile(configPath, p.getRenderSearchDirs(), &p.Config)
 	if err != nil {
 		return fmt.Errorf("failed to load deployment.yml: %w", err)
 	}
diff --git a/pkg/jinja2/.gitignore b/pkg/jinja2/.gitignore
deleted file mode 100644
index c23b5c5b7..000000000
--- a/pkg/jinja2/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*.tar.gz
-*.files
\ No newline at end of file
diff --git a/pkg/jinja2/jinja2.go b/pkg/jinja2/jinja2.go
deleted file mode 100644
index 62df03c34..000000000
--- a/pkg/jinja2/jinja2.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package jinja2
-
-import (
-	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"io/fs"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-)
-
-var paralellism = 4
-
-type Jinja2 struct {
-	pj        chan *pythonJinja2Renderer
-	strict    bool
-	globCache map[string]interface{}
-	mutex     sync.Mutex
-}
-
-type RenderJob struct {
-	Template string
-	Result   *string
-	Error    error
-
-	target string
-}
-
-type Jinja2Error struct {
-	error string
-}
-
-type Jinja2Opt func(j2 *pythonJinja2Renderer)
-
-func WithTrimBlocks(trimBlocks bool) Jinja2Opt {
-	return func(j2 *pythonJinja2Renderer) {
-		j2.trimBlocks = trimBlocks
-	}
-}
-
-func WithLStripBlocks(lstripBlocks bool) Jinja2Opt {
-	return func(j2 *pythonJinja2Renderer) {
-		j2.lstripBlocks = lstripBlocks
-	}
-}
-
-func (m *Jinja2Error) Error() string {
-	return m.error
-}
-
-func NewJinja2(opts ...Jinja2Opt) (*Jinja2, error) {
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	var err error
-
-	j := &Jinja2{
-		pj:        make(chan *pythonJinja2Renderer, paralellism),
-		strict:    true,
-		globCache: map[string]interface{}{},
-	}
-
-	for i := 0; i < paralellism; i++ {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			pj, err2 := newPythonJinja2Renderer()
-			if err2 != nil {
-				mutex.Lock()
-				defer mutex.Unlock()
-				err = err2
-				return
-			}
-			for _, o := range opts {
-				o(pj)
-			}
-			j.pj <- pj
-		}()
-	}
-	wg.Wait()
-	if err != nil {
-		return nil, err
-	}
-
-	return j, nil
-}
-
-func (j *Jinja2) Close() {
-	for i := 0; i < paralellism; i++ {
-		pj := <-j.pj
-		pj.Close()
-	}
-}
-
-func (j *Jinja2) SetStrict(strict bool) {
-	j.strict = strict
-}
-
-func (j *Jinja2) RenderStrings(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject) error {
-	pj := <-j.pj
-	defer func() { j.pj <- pj }()
-	return pj.renderHelper(jobs, searchDirs, vars, true, j.strict)
-}
-
-func (j *Jinja2) RenderFiles(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject) error {
-	pj := <-j.pj
-	defer func() { j.pj <- pj }()
-	return pj.renderHelper(jobs, searchDirs, vars, false, j.strict)
-}
-
-func (j *Jinja2) RenderString(template string, searchDirs []string, vars *uo.UnstructuredObject) (string, error) {
-	jobs := []*RenderJob{{
-		Template: template,
-	}}
-	err := j.RenderStrings(jobs, searchDirs, vars)
-	if err != nil {
-		return "", err
-	}
-	if jobs[0].Error != nil {
-		return "", jobs[0].Error
-	}
-	return *jobs[0].Result, nil
-}
-
-func (j *Jinja2) RenderFile(template string, searchDirs []string, vars *uo.UnstructuredObject) (string, error) {
-	jobs := []*RenderJob{{
-		Template: template,
-	}}
-	err := j.RenderFiles(jobs, searchDirs, vars)
-	if err != nil {
-		return "", err
-	}
-	if jobs[0].Error != nil {
-		return "", jobs[0].Error
-	}
-	return *jobs[0].Result, nil
-}
-
-func (j *Jinja2) getGlob(pattern string) (glob.Glob, error) {
-	j.mutex.Lock()
-	defer j.mutex.Unlock()
-
-	g, ok := j.globCache[pattern]
-	if ok {
-		if g2, ok := g.(glob.Glob); ok {
-			return g2, nil
-		} else {
-			return nil, g2.(error)
-		}
-	}
-	g, err := glob.Compile(pattern, '/')
-	if err != nil {
-		j.globCache[pattern] = err
-		return nil, err
-	}
-	j.globCache[pattern] = g
-	return g.(glob.Glob), nil
-}
-func (j *Jinja2) needsRender(path string, excludedPatterns []string) bool {
-	path = filepath.ToSlash(path)
-
-	for _, p := range excludedPatterns {
-		g, err := j.getGlob(p)
-		if err != nil {
-			return false
-		}
-		if g.Match(path) {
-			return false
-		}
-	}
-	return true
-}
-
-func (j *Jinja2) RenderDirectory(rootDir string, searchDirs []string, relSourceDir string, excludePatterns []string, subdir string, targetDir string, vars *uo.UnstructuredObject) error {
-	searchDirs = append([]string{rootDir}, searchDirs...)
-
-	walkDir, err := securejoin.SecureJoin(rootDir, filepath.Join(relSourceDir, subdir))
-	if err != nil {
-		return err
-	}
-
-	var jobs []*RenderJob
-
-	err = filepath.WalkDir(walkDir, func(p string, d fs.DirEntry, err error) error {
-		relPath, err := filepath.Rel(walkDir, p)
-		if err != nil {
-			return err
-		}
-		if d.IsDir() {
-			err = os.MkdirAll(filepath.Join(targetDir, relPath), 0o700)
-			if err != nil {
-				return err
-			}
-			return nil
-		}
-
-		sourcePath := filepath.Clean(filepath.Join(subdir, relPath))
-		targetPath := filepath.Join(targetDir, relPath)
-
-		if !j.needsRender(sourcePath, excludePatterns) {
-			return utils.CopyFile(p, targetPath)
-		}
-
-		found := false
-		for _, searchDir := range searchDirs {
-			if utils.Exists(filepath.Join(searchDir, sourcePath)) {
-				sourcePath = filepath.Clean(filepath.Join(searchDir, sourcePath))
-				sourcePath, err = filepath.Rel(rootDir, sourcePath)
-				if err != nil {
-					return err
-				}
-				found = true
-			}
-		}
-		if !found {
-			return fmt.Errorf("did not find %s in searchDirs", relPath)
-		}
-
-		// jinja2 templates are using / even on Windows
-		sourcePath = strings.ReplaceAll(sourcePath, "\\", "/")
-
-		job := &RenderJob{
-			Template: sourcePath,
-			target:   targetPath,
-		}
-		jobs = append(jobs, job)
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	err = j.RenderFiles(jobs, searchDirs, vars)
-	if err != nil {
-		return err
-	}
-
-	var errors []error
-	for _, job := range jobs {
-		if job.Error != nil {
-			errors = append(errors, job.Error)
-			continue
-		}
-
-		err = ioutil.WriteFile(job.target, []byte(*job.Result), 0o600)
-		if err != nil {
-			return err
-		}
-	}
-	return utils.NewErrorListOrNil(errors)
-}
diff --git a/pkg/jinja2/jinja2_renderer.go b/pkg/jinja2/jinja2_renderer.go
deleted file mode 100644
index bcbd36edb..000000000
--- a/pkg/jinja2/jinja2_renderer.go
+++ /dev/null
@@ -1,213 +0,0 @@
-package jinja2
-
-import (
-	"bufio"
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"github.com/kluctl/kluctl-python-deps/pkg/python"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"time"
-)
-
-type pythonJinja2Renderer struct {
-	cmd    *exec.Cmd
-	stdin  io.WriteCloser
-	stdout io.ReadCloser
-
-	stdoutReader *bufio.Reader
-
-	trimBlocks   bool
-	lstripBlocks bool
-}
-
-func newPythonJinja2Renderer() (*pythonJinja2Renderer, error) {
-	isOk := false
-	j := &pythonJinja2Renderer{}
-	defer func() {
-		if !isOk {
-			j.Close()
-		}
-	}()
-
-	args := []string{filepath.Join(pythonSrcExtracted, "main.py")}
-	j.cmd = python.PythonCmd(args)
-	j.cmd.Stderr = os.Stderr
-	j.cmd.Env = append(j.cmd.Env, fmt.Sprintf("PYTHONPATH=%s/wheel", pythonSrcExtracted))
-
-	stdout, err := j.cmd.StdoutPipe()
-	if err != nil {
-		return nil, err
-	}
-	j.stdout = stdout
-
-	stdin, err := j.cmd.StdinPipe()
-	if err != nil {
-		return nil, err
-	}
-	j.stdin = stdin
-
-	err = j.cmd.Start()
-	if err != nil {
-		return nil, err
-	}
-
-	j.stdoutReader = bufio.NewReader(j.stdout)
-
-	isOk = true
-
-	return j, nil
-}
-
-func (j *pythonJinja2Renderer) Close() {
-	if j.stdin != nil {
-		args := jinja2Args{Cmd: "exit"}
-		_ = json.NewEncoder(j.stdin).Encode(args)
-
-		_ = j.stdin.Close()
-		j.stdin = nil
-	}
-	if j.stdout != nil {
-		_ = j.stdout.Close()
-		j.stdout = nil
-	}
-	if j.cmd != nil {
-		if j.cmd.Process != nil {
-			timer := time.AfterFunc(5*time.Second, func() {
-				_ = j.cmd.Process.Kill()
-			})
-			_ = j.cmd.Wait()
-			timer.Stop()
-		}
-		j.cmd = nil
-	}
-}
-
-func isMaybeTemplateString(template string) bool {
-	return strings.IndexRune(template, '{') != -1
-}
-
-func isMaybeTemplateBytes(template []byte) bool {
-	return bytes.IndexRune(template, '{') != -1
-}
-
-func isMaybeTemplate(template string, searchDirs []string, isString bool) (bool, *string) {
-	if isString {
-		if !isMaybeTemplateString(template) {
-			return false, &template
-		}
-	} else {
-		for _, s := range searchDirs {
-			b, err := ioutil.ReadFile(filepath.Join(s, template))
-			if err != nil {
-				continue
-			}
-			if !isMaybeTemplateBytes(b) {
-				x := string(b)
-				return false, &x
-			} else {
-				return true, nil
-			}
-		}
-	}
-	return true, nil
-}
-
-type jinja2Args struct {
-	Cmd        string   `json:"cmd"`
-	Templates  []string `json:"templates"`
-	SearchDirs []string `json:"searchDirs"`
-	Vars       string   `json:"vars"`
-	Strict     bool     `json:"strict"`
-
-	TrimBlocks   bool `json:"trimBlocks"`
-	LStripBlocks bool `json:"lstripBlocks"`
-}
-
-type jinja2Result struct {
-	Result *string `json:"result,omitempty"`
-	Error  *string `json:"error,omitempty"`
-}
-
-func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, searchDirs []string, vars *uo.UnstructuredObject, isString bool, strict bool) error {
-	varsStr, err := yaml.WriteJsonString(vars)
-	if err != nil {
-		return err
-	}
-
-	var processedJobs []*RenderJob
-
-	var jargs jinja2Args
-	if isString {
-		jargs.Cmd = "render-strings"
-	} else {
-		jargs.Cmd = "render-files"
-	}
-	jargs.Vars = string(varsStr)
-	jargs.SearchDirs = searchDirs
-	jargs.Strict = strict
-	jargs.TrimBlocks = j.trimBlocks
-	jargs.LStripBlocks = j.lstripBlocks
-
-	for _, job := range jobs {
-		if ist, r := isMaybeTemplate(job.Template, searchDirs, isString); !ist {
-			job.Result = r
-			continue
-		}
-		processedJobs = append(processedJobs, job)
-		jargs.Templates = append(jargs.Templates, job.Template)
-	}
-	if len(processedJobs) == 0 {
-		return nil
-	}
-
-	b, err := json.Marshal(jargs)
-	if err != nil {
-		j.Close()
-		return err
-	}
-	b = append(b, '\n')
-
-	_, err = j.stdin.Write(b)
-	if err != nil {
-		j.Close()
-		return err
-	}
-
-	line := bytes.NewBuffer(nil)
-	for true {
-		l, p, err := j.stdoutReader.ReadLine()
-		if err != nil {
-			return err
-		}
-		line.Write(l)
-		if !p {
-			break
-		}
-	}
-	var result []jinja2Result
-	err = json.Unmarshal(line.Bytes(), &result)
-	if err != nil {
-		return err
-	}
-
-	for i, item := range result {
-		if item.Result != nil {
-			processedJobs[i].Result = item.Result
-		} else {
-			if item.Error == nil {
-				return fmt.Errorf("missing result and error from item at index %d", i)
-			}
-			processedJobs[i].Error = &Jinja2Error{*item.Error}
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/jinja2/python_src/.gitignore b/pkg/jinja2/python_src/.gitignore
deleted file mode 100644
index c4095b70b..000000000
--- a/pkg/jinja2/python_src/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-__pycache__
-
-/venv
-/wheel
diff --git a/pkg/jinja2/python_src/.python-version b/pkg/jinja2/python_src/.python-version
deleted file mode 100644
index 30291cba2..000000000
--- a/pkg/jinja2/python_src/.python-version
+++ /dev/null
@@ -1 +0,0 @@
-3.10.0
diff --git a/pkg/jinja2/python_src/dict_utils.py b/pkg/jinja2/python_src/dict_utils.py
deleted file mode 100644
index f076faeea..000000000
--- a/pkg/jinja2/python_src/dict_utils.py
+++ /dev/null
@@ -1,64 +0,0 @@
-from jsonpath_utils import parse_json_path
-
-
-def copy_primitive_value(v):
-    if isinstance(v, dict):
-        return copy_dict(v)
-    if is_iterable(v, False):
-        return [copy_primitive_value(x) for x in v]
-    return v
-
-def copy_dict(a):
-    ret = {}
-    for k, v in a.items():
-        ret[k] = copy_primitive_value(v)
-    return ret
-
-def merge_dict(a, b, clone=True):
-    if clone:
-        a = copy_dict(a)
-    if a is None:
-        a = {}
-    if b is None:
-        b = {}
-    for key in b:
-        if key in a:
-            if isinstance(a[key], dict) and isinstance(b[key], dict):
-                merge_dict(a[key], b[key], clone=False)
-            else:
-                a[key] = b[key]
-        else:
-            a[key] = b[key]
-    return a
-
-
-def get_dict_value(y, path, default=None):
-    p = parse_json_path(path)
-    f = p.find(y)
-    if len(f) > 1:
-        raise Exception("Only simple jsonpath supported in get_dict_value")
-    if len(f) == 0:
-        return default
-    return f[0].value
-
-def is_iterable(obj, str_and_bytes=True):
-    if isinstance(obj, list):
-        return True
-    if isinstance(obj, tuple):
-        return True
-    if isinstance(obj, dict):
-        return True
-    if isinstance(obj, str):
-        return str_and_bytes
-    if isinstance(obj, bytes):
-        return str_and_bytes
-    if isinstance(obj, int) or isinstance(obj, bool):
-        return False
-    if isinstance(obj, type):
-        return False
-    try:
-        iter(obj)
-    except Exception:
-        return False
-    else:
-        return True
diff --git a/pkg/jinja2/python_src/jinja2_renderer.py b/pkg/jinja2/python_src/jinja2_renderer.py
deleted file mode 100644
index fbc1a1364..000000000
--- a/pkg/jinja2/python_src/jinja2_renderer.py
+++ /dev/null
@@ -1,122 +0,0 @@
-import base64
-import json
-
-from jinja2 import StrictUndefined, FileSystemLoader, ChainableUndefined
-
-from dict_utils import merge_dict
-from jinja2_utils import KluctlJinja2Environment, add_jinja2_filters, extract_template_error
-
-
-begin_placeholder = "XXXXXbegin_get_image_"
-end_placeholder = "_end_get_imageXXXXX"
-
-
-class NullUndefined(ChainableUndefined):
-    def _return_self(self, other):
-        return self
-
-    __add__ = __radd__ = __sub__ = __rsub__ = _return_self
-    __mul__ = __rmul__ = __div__ = __rdiv__ = _return_self
-    __truediv__ = __rtruediv__ = _return_self
-    __floordiv__ = __rfloordiv__ = _return_self
-    __mod__ = __rmod__ = _return_self
-    __pos__ = __neg__ = _return_self
-    __call__ = __getitem__ = _return_self
-    __lt__ = __le__ = __gt__ = __ge__ = _return_self
-    __int__ = __float__ = __complex__ = _return_self
-    __pow__ = __rpow__ = _return_self
-
-class Jinja2Renderer:
-    def __init__(self, trim_blocks=False, lstrip_blocks=False):
-        self.trim_blocks = trim_blocks
-        self.lstrip_blocks = lstrip_blocks
-
-    def get_image_wrapper(self, image, latest_version=None):
-        if latest_version is None:
-            latest_version = "semver()"
-        placeholder = {
-            "image": image,
-            "latestVersion": str(latest_version),
-        }
-        j = json.dumps(placeholder)
-        j = base64.b64encode(j.encode("utf8")).decode("utf8")
-        j = begin_placeholder + j + end_placeholder
-        return j
-
-    def build_images_vars(self):
-        def semver(allow_no_nums=False):
-            return "semver(allow_no_nums=%s)" % allow_no_nums
-        def prefix(s, suffix=None):
-            if suffix is None:
-                return "prefix(\"%s\")" % s
-            else:
-                return "prefix(\"%s\", suffix=\"%s\")" % (s, suffix)
-        def number():
-            return "number()"
-        def regex(r):
-            return "regex(\"%s\")" % r
-
-        vars = {
-            'images': {
-                'get_image': self.get_image_wrapper,
-            },
-            'version': {
-                'semver': semver,
-                'prefix': prefix,
-                'number': number,
-                'regex': regex,
-            },
-        }
-        return vars
-
-    def build_env(self, vars_str, search_dirs, strict):
-        vars = json.loads(vars_str)
-        image_vars = self.build_images_vars()
-        merge_dict(vars, image_vars, clone=False)
-
-        environment = KluctlJinja2Environment(loader=FileSystemLoader(search_dirs),
-                                              undefined=StrictUndefined if strict else NullUndefined,
-                                              cache_size=10000,
-                                              auto_reload=False,
-                                              trim_blocks=self.trim_blocks, lstrip_blocks=self.lstrip_blocks)
-        merge_dict(environment.globals, vars, clone=False)
-
-        add_jinja2_filters(environment)
-        return environment
-
-    def render_helper(self, templates, search_dirs, vars, is_string, strict):
-        env = self.build_env(vars, search_dirs, strict)
-
-        result = []
-
-        for i, t in enumerate(templates):
-            try:
-                if is_string:
-                    t = env.from_string(t)
-                else:
-                    t = env.get_template(t)
-                result.append({
-                    "result": t.render()
-                })
-            except Exception as e:
-                result.append({
-                    "error": extract_template_error(e),
-                })
-
-        return result
-
-    def RenderStrings(self, templates, search_dirs, vars, strict):
-        try:
-            return self.render_helper(templates, search_dirs, vars, True, strict)
-        except Exception as e:
-            return [{
-                "error": str(e)
-            }] * len(templates)
-
-    def RenderFiles(self, templates, search_dirs, vars, strict):
-        try:
-            return self.render_helper(templates, search_dirs, vars, False, strict)
-        except Exception as e:
-            return [{
-                "error": str(e)
-            }] * len(templates)
diff --git a/pkg/jinja2/python_src/jinja2_utils.py b/pkg/jinja2/python_src/jinja2_utils.py
deleted file mode 100644
index 373afa280..000000000
--- a/pkg/jinja2/python_src/jinja2_utils.py
+++ /dev/null
@@ -1,140 +0,0 @@
-import base64
-import hashlib
-import io
-import json
-import logging
-import os
-import sys
-import traceback
-
-import jinja2
-from jinja2 import Environment, TemplateNotFound, TemplateError
-from jinja2.runtime import Context
-
-from dict_utils import merge_dict, get_dict_value
-from yaml_utils import yaml_dump, yaml_load
-
-logger = logging.getLogger(__name__)
-
-# This Jinja2 environment allows to load templates relative to the parent template. This means that for example
-# '{% include "file.yml" %}' will try to include the template from a ./file.yml
-class KluctlJinja2Environment(Environment):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.add_extension("jinja2.ext.loopcontrols")
-
-    """Override join_path() to enable relative template paths."""
-    """See https://stackoverflow.com/a/3655911/7132642"""
-    def join_path(self, template, parent):
-        p = os.path.join(os.path.dirname(parent), template)
-        p = os.path.normpath(p)
-        return p.replace('\\', '/')
-
-def b64encode(string):
-    return base64.b64encode(string.encode()).decode()
-
-def b64decode(string):
-    return base64.b64decode(string.encode()).decode()
-
-def to_yaml(obj):
-    return yaml_dump(obj)
-
-def to_json(obj):
-    return json.dumps(obj)
-
-def from_yaml(s):
-    return yaml_load(s)
-
-@jinja2.pass_context
-def render(ctx, string):
-    t = ctx.environment.from_string(string)
-    return t.render(ctx.parent)
-
-def sha256(s):
-    if not isinstance(s, bytes):
-        s = s.encode("utf-8")
-    return hashlib.sha256(s).hexdigest()
-
-@jinja2.pass_context
-def load_template(ctx, path, **kwargs):
-    dir = os.path.dirname(ctx.name)
-    full_path = os.path.join(dir, path)
-    try:
-        t = ctx.environment.get_template(full_path.replace('\\', '/'))
-    except TemplateNotFound:
-        t = ctx.environment.get_template(path.replace('\\', '/'))
-    vars = merge_dict(ctx.parent, kwargs)
-    return t.render(vars)
-
-class VarNotFoundException(Exception):
-    pass
-
-@jinja2.pass_context
-def get_var(ctx, path, default):
-    if not isinstance(path, list):
-        path = [path]
-    for p in path:
-        r = get_dict_value(ctx.parent, p, VarNotFoundException())
-        if isinstance(r, VarNotFoundException):
-            continue
-        return r
-    return default
-
-def update_dict(a, b):
-    merge_dict(a, b, False)
-    return ""
-
-def raise_helper(msg):
-    raise TemplateError(msg)
-
-def debug_print(msg):
-    logger.info("debug_print: %s" % str(msg))
-    return ""
-
-@jinja2.pass_context
-def load_sha256(ctx: Context, path, digest_len=None):
-    if "__calc_sha256__" in ctx:
-        return "__self_sha256__"
-    rendered = load_template(ctx, path, __calc_sha256__=True)
-    hash = hashlib.sha256(rendered.encode("utf-8")).hexdigest()
-    if digest_len is not None:
-        hash = hash[:digest_len]
-    return hash
-
-
-def add_jinja2_filters(jinja2_env):
-    jinja2_env.filters['b64encode'] = b64encode
-    jinja2_env.filters['b64decode'] = b64decode
-    jinja2_env.filters['to_yaml'] = to_yaml
-    jinja2_env.filters['to_json'] = to_json
-    jinja2_env.filters['from_yaml'] = from_yaml
-    jinja2_env.filters['render'] = render
-    jinja2_env.filters['sha256'] = sha256
-    jinja2_env.globals['load_template'] = load_template
-    jinja2_env.globals['get_var'] = get_var
-    jinja2_env.globals['merge_dict'] = merge_dict
-    jinja2_env.globals['update_dict'] = update_dict
-    jinja2_env.globals['raise'] = raise_helper
-    jinja2_env.globals['debug_print'] = debug_print
-    jinja2_env.globals['load_sha256'] = load_sha256
-
-def extract_template_error(e):
-    try:
-        raise e
-    except TemplateNotFound as e2:
-        return "template %s not found" % str(e2)
-    except:
-        etype, value, tb = sys.exc_info()
-    extracted_tb = traceback.extract_tb(tb)
-    found_template = None
-    for i, s in reversed(list(enumerate(extracted_tb))):
-        if not s.filename.endswith(".py"):
-            found_template = i
-            break
-    f = io.StringIO()
-    if found_template is not None:
-        traceback.print_list([extracted_tb[found_template]], file=f)
-        print("%s: %s" % (type(e).__name__, str(e)), file=f)
-    else:
-        traceback.print_exception(etype, value, tb, file=f)
-    return f.getvalue()
diff --git a/pkg/jinja2/python_src/jsonpath_utils.py b/pkg/jinja2/python_src/jsonpath_utils.py
deleted file mode 100644
index 4d7f8d494..000000000
--- a/pkg/jinja2/python_src/jsonpath_utils.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Add better wildcard support to jsonpath lib
-import fnmatch
-import logging
-import os
-
-import ply
-from jsonpath_ng import auto_id_field, jsonpath, JSONPath
-from jsonpath_ng.exceptions import JsonPathParserError
-from jsonpath_ng.ext.parser import ExtentedJsonPathParser
-from jsonpath_ng.parser import IteratorToTokenStream
-
-
-logger = logging.getLogger(__name__)
-
-def ext_reified_fields(self, datum):
-    result = []
-    for field in self.fields:
-        if "*" not in field:
-            result.append(field)
-            continue
-        try:
-            fields = [f for f in datum.value.keys() if fnmatch.fnmatch(f, field)]
-            if auto_id_field is not None:
-                fields.append(auto_id_field)
-            result += fields
-        except AttributeError:
-            pass
-    return tuple(result)
-jsonpath.Fields.reified_fields = ext_reified_fields
-
-# This class pre-creates the yacc parser to speed up things
-class MyJsonPathParser(ExtentedJsonPathParser):
-    '''
-    Dummy doc-string to avoid exceptions
-    '''
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-
-        start_symbol = 'jsonpath'
-
-        output_directory = os.path.dirname(__file__)
-        try:
-            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
-        except:
-            module_name = __name__
-
-        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
-        self.parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule=parsing_table_module,
-                                   outputdir=output_directory,
-                                   write_tables=0,
-                                   start=start_symbol,
-                                   errorlog=logger)
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-        assert start_symbol == "jsonpath"
-        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
-
-
-def convert_list_to_json_path(p):
-    p2 = ""
-    for x in p:
-        if isinstance(x, str):
-            if x.isalnum():
-                if p2 != "":
-                    p2 += "."
-                p2 += "%s" % x
-            else:
-                if p2 == "":
-                    p2 = "$"
-                if '"' in x:
-                    p2 = "%s['%s']" % (p2, x)
-                else:
-                    p2 = '%s["%s"]' % (p2, x)
-        else:
-            if p2 == "":
-                p2 = "$"
-            p2 = "%s[%d]" % (p2, x)
-    return p2
-
-json_path_cache = {}
-json_path_parser = MyJsonPathParser()
-
-def parse_json_path(p) -> JSONPath:
-    if isinstance(p, list) or isinstance(p, tuple):
-        p = convert_list_to_json_path(p)
-
-    if p in json_path_cache:
-        return json_path_cache[p]
-
-    try:
-        pp = json_path_parser.parse(p)
-    except JsonPathParserError as e:
-        raise Exception("Invalid json path '%s'. Error=%s" % (p, str(e)))
-
-    pp = json_path_cache.setdefault(p, pp)
-
-    return pp
diff --git a/pkg/jinja2/python_src/main.py b/pkg/jinja2/python_src/main.py
deleted file mode 100644
index 15916d2c3..000000000
--- a/pkg/jinja2/python_src/main.py
+++ /dev/null
@@ -1,34 +0,0 @@
-import json
-import sys
-
-from jinja2_renderer import Jinja2Renderer
-
-
-def main():
-    while True:
-        args = sys.stdin.readline()
-        if not args:
-            break
-        args = json.loads(args)
-
-        r = Jinja2Renderer(args.get("trimBlocks", False), args.get("lstripBlocks", False))
-
-        if args["cmd"] == "render-strings":
-            result = r.RenderStrings(args["templates"], args["searchDirs"] or [], args["vars"], args["strict"])
-        elif args["cmd"] == "render-files":
-            result = r.RenderFiles(args["templates"], args["searchDirs"] or [], args["vars"], args["strict"])
-        elif args["cmd"] == "exit":
-            break
-        else:
-            raise Exception("invalid cmd")
-
-        result = json.dumps(result)
-
-        sys.stdout.write(result + "\n")
-        sys.stdout.flush()
-
-if __name__ == "__main__":
-    try:
-        main()
-    except KeyboardInterrupt as e:
-        pass
diff --git a/pkg/jinja2/python_src/yaml_utils.py b/pkg/jinja2/python_src/yaml_utils.py
deleted file mode 100644
index ce9d8ec8d..000000000
--- a/pkg/jinja2/python_src/yaml_utils.py
+++ /dev/null
@@ -1,51 +0,0 @@
-import yaml
-
-from yaml import SafeLoader as SafeLoader, SafeDumper as SafeDumper
-
-def construct_value(load, node):
-    if not isinstance(node, yaml.ScalarNode):
-        raise yaml.constructor.ConstructorError(
-            "while constructing a value",
-            node.start_mark,
-            "expected a scalar, but found %s" % node.id, node.start_mark
-        )
-    yield str(node.value)
-
-
-# See https://github.com/yaml/pyyaml/issues/89
-SafeLoader.add_constructor(u'tag:yaml.org,2002:value', construct_value)
-
-
-def multiline_str_representer(dumper, data):
-    if len(data.splitlines()) > 1:  # check for multiline string
-        return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='|')
-    return dumper.represent_scalar('tag:yaml.org,2002:str', data)
-
-class MultilineStrDumper(SafeDumper):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.add_representer(str, multiline_str_representer)
-
-def yaml_load(s):
-    return yaml.load(s, Loader=SafeLoader)
-
-def yaml_load_all(s):
-    return list(yaml.load_all(s, Loader=SafeLoader))
-
-def yaml_load_file(path, all=False):
-    with open(path) as f:
-        if all:
-            y = yaml_load_all(f)
-        else:
-            y = yaml_load(f)
-    return y
-
-def yaml_dump(y, stream=None):
-    return yaml.dump(y, stream=stream, Dumper=MultilineStrDumper, sort_keys=False)
-
-def yaml_dump_all(y, stream=None):
-    return yaml.dump_all(y, stream=stream, Dumper=MultilineStrDumper, sort_keys=False)
-
-def yaml_save_file(y, path):
-    with open(path, mode='w') as f:
-        yaml_dump(y, f)
diff --git a/pkg/jinja2/render_struct.go b/pkg/jinja2/render_struct.go
deleted file mode 100644
index e2f06996b..000000000
--- a/pkg/jinja2/render_struct.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package jinja2
-
-import (
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"reflect"
-)
-
-type structStringCollectorEntry struct {
-	s      string
-	setter func(s string)
-}
-
-type structStringCollector struct {
-	j       *Jinja2
-	strings []structStringCollectorEntry
-}
-
-func (w *structStringCollector) extractTemplateString(v reflect.Value) (string, bool) {
-	if v.IsZero() {
-		return "", false
-	}
-
-	t := v.Type()
-	if t.Kind() == reflect.Interface || t.Kind() == reflect.Pointer {
-		v = v.Elem()
-		t = v.Type()
-	}
-	if t.Kind() == reflect.String {
-		s := v.String()
-		if !isMaybeTemplateString(s) {
-			return "", false
-		}
-		return v.String(), true
-	}
-	return "", false
-}
-
-func (w *structStringCollector) addString(s string, setter func(s string)) {
-	w.strings = append(w.strings, structStringCollectorEntry{
-		s:      s,
-		setter: setter,
-	})
-}
-
-func (w *structStringCollector) walkStruct(v reflect.Value) error {
-	t := v.Type()
-	l := t.NumField()
-
-	for i := 0; i < l; i++ {
-		f := v.Field(i)
-		if s, ok := w.extractTemplateString(f); ok {
-			w.addString(s, func(s string) {
-				if f.Type().Kind() == reflect.Pointer {
-					f.Set(reflect.ValueOf(&s))
-				} else {
-					f.Set(reflect.ValueOf(s))
-				}
-			})
-		} else {
-			err := w.walkValue(f)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *structStringCollector) walkList(v reflect.Value) error {
-	l := v.Len()
-	for i := 0; i < l; i++ {
-		e := v.Index(i)
-		if s, ok := w.extractTemplateString(e); ok {
-			w.addString(s, func(s string) {
-				if e.Type().Kind() == reflect.Pointer {
-					e.Set(reflect.ValueOf(&s))
-				} else {
-					e.Set(reflect.ValueOf(s))
-				}
-			})
-		} else {
-			err := w.walkValue(e)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *structStringCollector) walkMap(v reflect.Value) error {
-	it := v.MapRange()
-	for it.Next() {
-		ik := it.Key()
-		iv := it.Value()
-
-		if s, ok := w.extractTemplateString(iv); ok {
-			if isMaybeTemplateString(s) {
-				w.addString(s, func(s string) {
-					if iv.Type().Kind() == reflect.Pointer {
-						v.SetMapIndex(ik, reflect.ValueOf(&s))
-					} else {
-						v.SetMapIndex(ik, reflect.ValueOf(s))
-					}
-				})
-			}
-		} else {
-			err := w.walkValue(iv)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *structStringCollector) walkValue(v reflect.Value) error {
-	if v.IsZero() {
-		return nil
-	}
-
-	v = reflect.Indirect(v)
-	t := v.Type()
-
-	switch t.Kind() {
-	case reflect.Interface, reflect.Pointer:
-		return w.walkValue(v.Elem())
-	case reflect.Slice, reflect.Array:
-		return w.walkList(v)
-	case reflect.Struct:
-		return w.walkStruct(v)
-	case reflect.Map:
-		return w.walkMap(v)
-	}
-	return nil
-}
-
-func (j *Jinja2) RenderStruct(o interface{}, vars *uo.UnstructuredObject) (bool, bool, error) {
-	w := &structStringCollector{j: j}
-	v := reflect.ValueOf(o)
-	err := w.walkValue(v)
-	if err != nil {
-		return false, false, err
-	}
-
-	var jobs []*RenderJob
-
-	for _, sv := range w.strings {
-		jobs = append(jobs, &RenderJob{Template: sv.s})
-	}
-
-	err = j.RenderStrings(jobs, nil, vars)
-	if err != nil {
-		return false, false, err
-	}
-
-	changed := false
-	moreTemplates := false
-
-	var errors []error
-	for i, sv := range w.strings {
-		job := jobs[i]
-		if job.Error != nil {
-			errors = append(errors, job.Error)
-		} else {
-			if sv.s != *job.Result {
-				sv.setter(*job.Result)
-				changed = true
-				if isMaybeTemplateString(*job.Result) {
-					moreTemplates = true
-				}
-			}
-		}
-	}
-	if len(errors) != 0 {
-		return false, false, utils.NewErrorListOrNil(errors)
-	}
-
-	return changed, moreTemplates, nil
-}
diff --git a/pkg/jinja2/source.go b/pkg/jinja2/source.go
deleted file mode 100644
index b80377261..000000000
--- a/pkg/jinja2/source.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package jinja2
-
-import (
-	"crypto/sha256"
-	"embed"
-	"encoding/binary"
-	"encoding/hex"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/rogpeppe/go-internal/lockedfile"
-	"io/fs"
-	"os"
-	"path/filepath"
-)
-
-//go:embed python_src
-var _pythonSrc embed.FS
-var pythonSrc, _ = fs.Sub(_pythonSrc, "python_src")
-
-var pythonSrcExtracted string
-
-func init() {
-	srcDir, err := extractSource()
-	if err != nil {
-		panic(err)
-	}
-	pythonSrcExtracted = srcDir
-}
-
-func extractSource() (string, error) {
-	hash := calcEmbeddedHash(pythonSrc)
-
-	targetPath := filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("jinja2-%s", hash[:16]))
-
-	lock, err := lockedfile.Create(targetPath + ".lock")
-	if err != nil {
-		return "", err
-	}
-	defer lock.Close()
-
-	err = fs.WalkDir(pythonSrc, ".", func(path string, d fs.DirEntry, err error) error {
-		if d == nil || d.IsDir() {
-			return nil
-		}
-		data, err := fs.ReadFile(pythonSrc, path)
-		if err != nil {
-			return err
-		}
-		targetPath2 := filepath.Join(targetPath, path)
-		err = os.MkdirAll(filepath.Dir(targetPath2), 0o755)
-		if err != nil {
-			return err
-		}
-
-		err = os.WriteFile(targetPath2+".tmp", data, 0o644)
-		if err != nil {
-			return err
-		}
-		err = os.Rename(targetPath2+".tmp", targetPath2)
-		if err != nil {
-			return err
-		}
-		return nil
-	})
-	if err != nil {
-		return "", err
-	}
-
-	return targetPath, nil
-}
-
-func calcEmbeddedHash(fs1 fs.FS) string {
-	h := sha256.New()
-	err := fs.WalkDir(fs1, ".", func(path string, d fs.DirEntry, err error) error {
-		_ = binary.Write(h, binary.LittleEndian, path)
-		if d.IsDir() {
-			_ = binary.Write(h, binary.LittleEndian, "dir")
-		} else {
-			_ = binary.Write(h, binary.LittleEndian, "regular")
-			data, err := fs.ReadFile(fs1, path)
-			if err != nil {
-				panic(err)
-			}
-			_ = binary.Write(h, binary.LittleEndian, len(data))
-			_ = binary.Write(h, binary.LittleEndian, data)
-		}
-		return nil
-	})
-	if err != nil {
-		panic(err)
-	}
-	return hex.EncodeToString(h.Sum(nil))
-}
diff --git a/pkg/kluctl_jinja2/embed.go b/pkg/kluctl_jinja2/embed.go
new file mode 100644
index 000000000..a948f8133
--- /dev/null
+++ b/pkg/kluctl_jinja2/embed.go
@@ -0,0 +1,8 @@
+package kluctl_jinja2
+
+import (
+	"embed"
+)
+
+//go:embed all:ext
+var ExtSource embed.FS
diff --git a/pkg/kluctl_jinja2/ext/__init__.py b/pkg/kluctl_jinja2/ext/__init__.py
new file mode 100644
index 000000000..4e1189132
--- /dev/null
+++ b/pkg/kluctl_jinja2/ext/__init__.py
@@ -0,0 +1,3 @@
+from .images_ext import ImagesExtension
+
+images = ImagesExtension
diff --git a/pkg/kluctl_jinja2/ext/images_ext.py b/pkg/kluctl_jinja2/ext/images_ext.py
new file mode 100644
index 000000000..4c363b194
--- /dev/null
+++ b/pkg/kluctl_jinja2/ext/images_ext.py
@@ -0,0 +1,53 @@
+import base64
+import json
+
+from jinja2.ext import Extension
+
+begin_placeholder = "XXXXXbegin_get_image_"
+end_placeholder = "_end_get_imageXXXXX"
+
+class ImagesExtension(Extension):
+    def __init__(self, environment):
+        super().__init__(environment)
+        environment.globals.update(self.build_images_vars())
+
+    def get_image_wrapper(self, image, latest_version=None):
+        if latest_version is None:
+            latest_version = "semver()"
+        placeholder = {
+            "image": image,
+            "latestVersion": str(latest_version),
+        }
+        j = json.dumps(placeholder)
+        j = base64.b64encode(j.encode("utf8")).decode("utf8")
+        j = begin_placeholder + j + end_placeholder
+        return j
+
+    def build_images_vars(self):
+        def semver(allow_no_nums=False):
+            return "semver(allow_no_nums=%s)" % allow_no_nums
+
+        def prefix(s, suffix=None):
+            if suffix is None:
+                return "prefix(\"%s\")" % s
+            else:
+                return "prefix(\"%s\", suffix=\"%s\")" % (s, suffix)
+
+        def number():
+            return "number()"
+
+        def regex(r):
+            return "regex(\"%s\")" % r
+
+        vars = {
+            'images': {
+                'get_image': self.get_image_wrapper,
+            },
+            'version': {
+                'semver': semver,
+                'prefix': prefix,
+                'number': number,
+                'regex': regex,
+            },
+        }
+        return vars
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
new file mode 100644
index 000000000..13b04154d
--- /dev/null
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -0,0 +1,23 @@
+package kluctl_jinja2
+
+import (
+	"github.com/kluctl/go-embed-python/embed_util"
+	x "github.com/kluctl/go-jinja2"
+)
+
+const parallelism = 4
+
+func NewKluctlJinja2(strict bool) (*x.Jinja2, error) {
+	extSrc, err := embed_util.NewEmbeddedFiles(ExtSource, "kluctl-ext")
+	if err != nil {
+		return nil, err
+	}
+
+	return x.NewJinja2("kluctl",
+		parallelism,
+		x.WithStrict(strict),
+		x.WithExtension("jinja2.ext.loopcontrols"),
+		x.WithExtension("go_jinja2.ext.kluctl"),
+		x.WithExtension("ext.images_ext.ImagesExtension"),
+		x.WithPythonPath(extSrc.GetExtractedPath()))
+}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 78cde9970..d5d8ec704 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index da067d70f..e0495d225 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -3,8 +3,8 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"regexp"
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 18ac0153a..17f3f784c 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -97,8 +97,8 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 			}
 		}
 
-		changed, moreTemplates, err := c.J2.RenderStruct(target, varsCtx.Vars)
-		if err == nil && (!changed || !moreTemplates) {
+		changed, err := varsCtx.RenderStruct(target)
+		if err == nil && !changed {
 			return nil
 		}
 	}
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 0356a98ac..8630e1a15 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -63,6 +63,22 @@ func (uo *UnstructuredObject) ToStruct(out interface{}) error {
 	return yaml.ReadYamlBytes(b, out)
 }
 
+// ToMap will ensure that only plain go values are returned, meaning that all internal structs are converted
+// to maps
+func (uo *UnstructuredObject) ToMap() (map[string]any, error) {
+	b, err := yaml.WriteYamlBytes(uo.Object)
+	if err != nil {
+		return nil, err
+	}
+
+	var ret map[string]any
+	err = yaml.ReadYamlBytes(b, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return ret, nil
+}
+
 func FromString(s string) (*UnstructuredObject, error) {
 	o := New()
 	err := yaml.ReadYamlString(s, &o.Object)
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index f704bf0f6..ae5ad7ca1 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -5,7 +5,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/jinzhu/copier"
-	"github.com/kluctl/kluctl-python-deps/pkg/utils"
 	"io/fs"
 	"os"
 	"os/user"
@@ -42,7 +41,7 @@ func createTmpBaseDir() {
 }
 
 func ensureDir(path string, perm fs.FileMode, allowCreate bool) {
-	if utils.Exists(path) {
+	if Exists(path) {
 		st, err := os.Lstat(path)
 		if err != nil {
 			panic(err)
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index c29d4ba18..ecb960224 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -1,7 +1,7 @@
 package vars
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
@@ -44,8 +44,33 @@ func (vc *VarsCtx) UpdateChildFromStruct(child string, o interface{}) error {
 	return nil
 }
 
+func (vc *VarsCtx) RenderString(t string) (string, error) {
+	globals, err := vc.Vars.ToMap()
+	if err != nil {
+		return "", err
+	}
+	return vc.J2.RenderString(t,
+		jinja2.WithGlobals(globals),
+	)
+}
+
+func (vc *VarsCtx) RenderStruct(o interface{}) (bool, error) {
+	globals, err := vc.Vars.ToMap()
+	if err != nil {
+		return false, err
+	}
+	return vc.J2.RenderStruct(o, jinja2.WithGlobals(globals))
+}
+
 func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}) error {
-	ret, err := vc.J2.RenderFile(p, searchDirs, vc.Vars)
+	globals, err := vc.Vars.ToMap()
+	if err != nil {
+		return err
+	}
+	ret, err := vc.J2.RenderFile(p,
+		jinja2.WithSearchDirs(searchDirs),
+		jinja2.WithGlobals(globals),
+	)
 	if err != nil {
 		return err
 	}
@@ -58,6 +83,10 @@ func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}
 	return nil
 }
 
-func (vc *VarsCtx) RenderDirectory(rootDir string, searchDirs []string, relSourceDir string, excludePatterns []string, subdir string, targetDir string) error {
-	return vc.J2.RenderDirectory(rootDir, searchDirs, relSourceDir, excludePatterns, subdir, targetDir, vc.Vars)
+func (vc *VarsCtx) RenderDirectory(sourceDir string, targetDir string, excludePatterns []string, searchDirs []string) error {
+	globals, err := vc.Vars.ToMap()
+	if err != nil {
+		return err
+	}
+	return vc.J2.RenderDirectory(sourceDir, targetDir, excludePatterns, jinja2.WithGlobals(globals), jinja2.WithSearchDirs(searchDirs))
 }
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 49ffe3e9b..338e1b446 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -61,7 +62,12 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return err
 	}
 
-	_, _, err = varsCtx.J2.RenderStruct(&source, varsCtx.Vars)
+	globals, err := varsCtx.Vars.ToMap()
+	if err != nil {
+		return err
+	}
+
+	_, err = varsCtx.J2.RenderStruct(&source, jinja2.WithGlobals(globals))
 	if err != nil {
 		return err
 	}
@@ -272,7 +278,7 @@ func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, secretType strin
 }
 
 func (v *VarsLoader) renderYamlString(varsCtx *VarsCtx, s string, out interface{}) error {
-	ret, err := varsCtx.J2.RenderString(s, nil, varsCtx.Vars)
+	ret, err := varsCtx.RenderString(s)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index 66e7bb092..46c822e8b 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -1,14 +1,15 @@
 package vars
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/jinja2"
+	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
 func newJinja2Must(t *testing.T) *jinja2.Jinja2 {
-	j2, err := jinja2.NewJinja2()
+	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
 		t.Fatal(err)
 	}

From 6b9961a6d49d61f88ed57d670ddb53be405f4ea1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Sep 2022 23:31:52 +0200
Subject: [PATCH 0336/2268] fix: Run go mod tidy

---
 go.sum | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/go.sum b/go.sum
index d4cf7fb99..09884bf43 100644
--- a/go.sum
+++ b/go.sum
@@ -670,6 +670,8 @@ github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQan
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
+github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b h1:6IGYwbtc6VR5nyUckJvgtnIlrg7dzNUbkHtVvTfPVkY=
+github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

From 890e75da7d4ea2a42b9947f8a3d353c8e54b3e77 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Sep 2022 09:26:41 +0200
Subject: [PATCH 0337/2268] ci: Remove python from Github workflows

---
 .github/workflows/release.yml | 4 ----
 .github/workflows/tests.yml   | 4 ----
 2 files changed, 8 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9c7982a03..bc3074b45 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,10 +24,6 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.19
-      - name: Set up Python
-        uses: actions/setup-python@v2
-        with:
-          python-version: 3.10.2
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v1
       - name: Setup Docker Buildx
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 26e089c85..fad114c1a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -16,10 +16,6 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '1.19'
-      - name: Set up Python
-        uses: actions/setup-python@v2
-        with:
-          python-version: 3.10.2
       - uses: actions/cache@v2
         with:
           path: |

From 21c7a3d95ef4b919c11c117ef5eb31c442355c3a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Sep 2022 09:52:02 +0200
Subject: [PATCH 0338/2268] fix: Add deployment item dir to search dir

---
 pkg/deployment/deployment_item.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index e97bb48d2..a5709038c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -145,11 +145,15 @@ func (di *DeploymentItem) render(forSeal bool) error {
 		excludePatterns = append(excludePatterns, "**.sealme")
 	}
 
+	searchDirs := di.Project.getRenderSearchDirs()
+	// also add deployment item dir to search dirs
+	searchDirs = append([]string{*di.dir}, searchDirs...)
+
 	return varsCtx.RenderDirectory(
 		filepath.Join(di.Project.source.dir, di.RelToSourceItemDir),
 		di.RenderedDir,
 		excludePatterns,
-		di.Project.getRenderSearchDirs(),
+		searchDirs,
 	)
 }
 

From bdba594f019420270977de4e48fdbb214f108beb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Sep 2022 09:52:12 +0200
Subject: [PATCH 0339/2268] fix: Fix deadloc in status handler

---
 pkg/status/status_handler.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 34f2bd717..3f10a4763 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -177,14 +177,15 @@ func (sl *statusLine) Update(message string) {
 }
 
 func (sl *statusLine) end(barOverride string) {
+	sl.mutex.Lock()
 	sl.barOverride = barOverride
 	sl.current = sl.total
+	sl.mutex.Unlock()
+
 	sl.l.Remove(true)
 }
 
 func (sl *statusLine) End(result EndResult) {
-	sl.mutex.Lock()
-	defer sl.mutex.Unlock()
 	switch result {
 	case EndSuccess:
 		sl.end(withColor("green", "✓"))

From 9a386611f2c6520cdcb795a2d6565b576822f0b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Sep 2022 10:59:16 +0200
Subject: [PATCH 0340/2268] feat: Remove Helm from docker image

---
 Dockerfile | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cd4912bac..1585cdfb3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,11 +4,6 @@ RUN apk add --no-cache ca-certificates curl
 
 ARG ARCH=linux-amd64
 
-ENV HELM_VERSION=v3.8.2
-RUN wget -O helm.tar.gz https://get.helm.sh/helm-$HELM_VERSION-$ARCH.tar.gz && \
-    tar xzf helm.tar.gz && \
-    mv $ARCH/helm /
-
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64
 FROM debian:bullseye-slim
 COPY --from=builder /helm /usr/bin

From ff96e257f53eef03c17fe9e5b10ea4fcfd05b0aa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Sep 2022 15:34:56 +0200
Subject: [PATCH 0341/2268] chore: Add /vendor to .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 8079ea478..276ce77b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,4 +12,5 @@
 /e2e.test*
 /bin
 /reports
+/vendor
 dist/

From 90d639b6e6d525ae8b01d8e21497428a6f901b9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Sep 2022 11:41:39 +0200
Subject: [PATCH 0342/2268] fix: Don't use user.Current() on Linux/Mac as it
 requires CGO/$USER

---
 pkg/utils/utils.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index ae5ad7ca1..b28b992eb 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/user"
 	"path/filepath"
+	"runtime"
 	"strconv"
 	"sync"
 )
@@ -29,12 +30,17 @@ func createTmpBaseDir() {
 	ensureDir(dir, 0o777, true)
 
 	// every user gets its own tmp dir
-	u, err := user.Current()
-	if err != nil {
-		panic(err)
+	if runtime.GOOS == "windows" {
+		u, err := user.Current()
+		if err != nil {
+			panic(err)
+		}
+		dir = filepath.Join(dir, u.Uid)
+	} else {
+		uid := os.Getuid()
+		dir = filepath.Join(dir, fmt.Sprintf("%d", uid))
 	}
 
-	dir = filepath.Join(dir, u.Uid)
 	ensureDir(dir, 0o700, true)
 
 	tmpBaseDir = dir

From 7bb2a79621c55039a6507fbbb488da9d5d9fd43e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 19 Sep 2022 16:41:57 +0200
Subject: [PATCH 0343/2268] fix: Also treat --force-replace-on-error as
 --replace-on-error

---
 pkg/deployment/utils/apply_utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index baca9e10f..9b3ce4101 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -208,7 +208,7 @@ func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool,
 func (a *ApplyUtil) retryApplyWithReplace(x *uo.UnstructuredObject, hook bool, remoteObject *uo.UnstructuredObject, applyError error) {
 	ref := x.GetK8sRef()
 
-	if !a.o.ReplaceOnError || remoteObject == nil {
+	if (!a.o.ReplaceOnError && !a.o.ForceReplaceOnError) || remoteObject == nil {
 		a.HandleError(ref, applyError)
 		return
 	}

From 80df7d116430ed9fbe258bd1d138ccdf0c1e2a28 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 19 Sep 2022 16:42:15 +0200
Subject: [PATCH 0344/2268] fix: Upgrade go-jinja2

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 93aaf886c..6faf03396 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b
+	github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
diff --git a/go.sum b/go.sum
index 09884bf43..9c5246c17 100644
--- a/go.sum
+++ b/go.sum
@@ -670,8 +670,8 @@ github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQan
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b h1:6IGYwbtc6VR5nyUckJvgtnIlrg7dzNUbkHtVvTfPVkY=
-github.com/kluctl/go-jinja2 v0.0.0-20220908201753-f33cd6224f2b/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
+github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2 h1:qjiBSePbrBSWaJhvymlcrM3TW/PhbFoXvOfgKuQsDr0=
+github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

From 5f283c9ec542003255616be7e966916c18d2311d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 21:26:03 +0200
Subject: [PATCH 0345/2268] feat: Remove dynamicArgs pattern support

---
 pkg/kluctl_project/project.go | 14 --------------
 pkg/types/kluctl_project.go   |  3 +--
 2 files changed, 1 insertion(+), 16 deletions(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index e0495d225..31e833e3a 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"regexp"
 )
 
 type LoadedKluctlProject struct {
@@ -70,18 +69,5 @@ func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName str
 		return fmt.Errorf("dynamic argument %s is not allowed for target", argName)
 	}
 
-	argPattern := ".*"
-	if dynArg.Pattern != nil {
-		argPattern = *dynArg.Pattern
-	}
-	argPattern = fmt.Sprintf("^%s$", argPattern)
-
-	m, err := regexp.MatchString(argPattern, argValue)
-	if err != nil {
-		return err
-	}
-	if !m {
-		return fmt.Errorf("dynamic argument %s does not match required pattern '%s", argName, argPattern)
-	}
 	return nil
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 9ecb1fcdd..f5fb852ad 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -7,8 +7,7 @@ import (
 )
 
 type DynamicArg struct {
-	Name    string  `yaml:"name" validate:"required"`
-	Pattern *string `yaml:"pattern,omitempty"`
+	Name string `yaml:"name" validate:"required"`
 }
 
 type ExternalTargetConfig struct {

From 834c11f258fedcdc6ce232240c5d67b81f6c196e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:11:06 +0200
Subject: [PATCH 0346/2268] fix: Don't treat final error as formatted string

---
 cmd/kluctl/commands/root.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 7e3928ac8..f7eea355e 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -254,7 +254,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 	sh := status.FromContext(cliCtx)
 
 	if err != nil {
-		status.Error(cliCtx, err.Error())
+		status.Error(cliCtx, "%s", err.Error())
 		sh.Stop()
 		os.Exit(1)
 	}

From e6c028ca3bcda3996df6409d5c1e37543a1f251a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:11:32 +0200
Subject: [PATCH 0347/2268] fix: Fix diff after downscale

---
 pkg/deployment/commands/downscale.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
index 82e89b2cc..184f08029 100644
--- a/pkg/deployment/commands/downscale.go
+++ b/pkg/deployment/commands/downscale.go
@@ -6,7 +6,6 @@ import (
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sync"
 )
@@ -34,8 +33,6 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
 
-	appliedObjects := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
-
 	for _, d := range cmd.c.Deployments {
 		if !d.CheckInclusionForDeploy() {
 			continue
@@ -62,7 +59,7 @@ func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types
 	}
 	wg.Wait()
 
-	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, appliedObjects)
+	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, ad.GetAppliedObjectsMap())
 	du.Diff()
 
 	return &types.CommandResult{

From 0c9fedec1fd44efce4a9ec08d24f85fc17660bfd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:12:13 +0200
Subject: [PATCH 0348/2268] feat: Treat -a values as yaml

---
 pkg/deployment/external_args.go      | 11 ++++++++---
 pkg/kluctl_project/target_context.go |  6 +++++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index e3c6600ed..53e4a292d 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -28,16 +28,21 @@ func ParseArgs(argsList []string) (map[string]string, error) {
 	return args, nil
 }
 
-func ConvertArgsToVars(args map[string]string) *uo.UnstructuredObject {
+func ConvertArgsToVars(args map[string]string) (*uo.UnstructuredObject, error) {
 	vars := uo.New()
 	for n, v := range args {
 		var p []interface{}
 		for _, x := range strings.Split(n, ".") {
 			p = append(p, x)
 		}
-		_ = vars.SetNestedField(v, p...)
+		var j any
+		err := yaml.ReadYamlString(v, &j)
+		if err != nil {
+			return nil, err
+		}
+		_ = vars.SetNestedField(j, p...)
 	}
-	return vars
+	return vars, nil
 }
 
 func CheckRequiredDeployArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) error {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 47d187a36..d8624f8ba 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -151,7 +151,11 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 			}
 		}
 	}
-	allArgs.Merge(deployment.ConvertArgsToVars(args))
+	convertedArgs, err := deployment.ConvertArgsToVars(args)
+	if err != nil {
+		return doError(err)
+	}
+	allArgs.Merge(convertedArgs)
 	if target != nil {
 		if target.Args != nil {
 			allArgs.Merge(target.Args)

From ad4535223b7b722b195bec6ab66feff32680b8b9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:12:48 +0200
Subject: [PATCH 0349/2268] feat: Allow children of dynamic args to be set via
 -a

---
 pkg/kluctl_project/project.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 31e833e3a..65dc137da 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"strings"
 )
 
 type LoadedKluctlProject struct {
@@ -60,7 +61,7 @@ func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTar
 func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue string) error {
 	var dynArg *types2.DynamicArg
 	for _, x := range target.DynamicArgs {
-		if x.Name == argName {
+		if x.Name == argName || strings.HasPrefix(argName, x.Name+".") {
 			dynArg = &x
 			break
 		}

From 42e5a451dd52a10c9a017c3896bd82d0e75d4b93 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:13:53 +0200
Subject: [PATCH 0350/2268] feat: Allow nested defaults for args

---
 pkg/deployment/external_args.go      | 20 ++++++++++++++------
 pkg/kluctl_project/target_context.go |  2 +-
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 53e4a292d..955b74b27 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -45,7 +45,7 @@ func ConvertArgsToVars(args map[string]string) (*uo.UnstructuredObject, error) {
 	return vars, nil
 }
 
-func CheckRequiredDeployArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) error {
+func LoadDeploymentArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) error {
 	// First try to load the config without templating to avoid getting errors while rendering because required
 	// args were not set. Otherwise we won't be able to iterator through the 'args' array in the deployment.yml
 	// when the rendering error is actually args related.
@@ -69,6 +69,19 @@ func CheckRequiredDeployArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.U
 		return nil
 	}
 
+	// load defaults
+	defaults := uo.New()
+	for _, a := range conf.Args {
+		if a.Default != nil {
+			a2 := uo.FromMap(map[string]interface{}{
+				a.Name: a.Default,
+			})
+			defaults.Merge(a2)
+		}
+	}
+	defaults.Merge(deployArgs)
+	*deployArgs = *defaults
+
 	err = checkRequiredArgs(conf.Args, deployArgs)
 	if err != nil {
 		return err
@@ -86,11 +99,6 @@ func checkRequiredArgs(argsDef []*types.DeploymentArg, args *uo.UnstructuredObje
 		if !found {
 			if a.Default == nil {
 				return fmt.Errorf("required argument %s not set", a.Name)
-			} else {
-				err := args.SetNestedField(a.Default, p...)
-				if err != nil {
-					return err
-				}
 			}
 		}
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index d8624f8ba..023bf089a 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -167,7 +167,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		}
 	}
 
-	err = deployment.CheckRequiredDeployArgs(p.DeploymentDir, varsCtx, allArgs)
+	err = deployment.LoadDeploymentArgs(p.DeploymentDir, varsCtx, allArgs)
 	if err != nil {
 		return doError(err)
 	}

From 97bc348f027b1739bb99cb69df56e2efcb02f72a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:14:26 +0200
Subject: [PATCH 0351/2268] feat: Implement kluctl.io/delete annotation

---
 pkg/deployment/utils/apply_utils.go | 16 +++++++++++++---
 pkg/deployment/utils/hooks_util.go  |  4 ++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 9b3ce4101..58b32270f 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -412,7 +412,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 }
 
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
-	var toDelete []k8s2.ObjectRef
+	toDelete := map[k8s2.ObjectRef]bool{}
 	for _, x := range d.Config.DeleteObjects {
 		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind)) {
 			ref := k8s2.ObjectRef{
@@ -420,7 +420,12 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 				Name:      x.Name,
 				Namespace: x.Namespace,
 			}
-			toDelete = append(toDelete, ref)
+			toDelete[ref] = true
+		}
+	}
+	for _, x := range d.Objects {
+		if utils.ParseBoolOrFalse(x.GetK8sAnnotation("kluctl.io/delete")) {
+			toDelete[x.GetK8sRef()] = true
 		}
 	}
 
@@ -438,6 +443,9 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		if h.GetHook(o) != nil {
 			continue
 		}
+		if _, ok := toDelete[o.GetK8sRef()]; ok {
+			continue
+		}
 		applyObjects = append(applyObjects, o)
 	}
 
@@ -462,10 +470,12 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 
 	if len(toDelete) != 0 {
 		a.sctx.InfoFallback("Deleting %d objects", len(toDelete))
-		for i, ref := range toDelete {
+		i := 0
+		for ref := range toDelete {
 			a.sctx.Update(fmt.Sprintf("Deleting object %s (%d of %d)", ref.String(), i+1, len(toDelete)))
 			a.DeleteObject(ref, false)
 			a.sctx.Increment()
+			i++
 		}
 	}
 
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index b811962c7..9acbb6178 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -156,6 +156,10 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 		return ret
 	}
 
+	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/delete")) {
+		return nil
+	}
+
 	hooks := getSet("kluctl.io/hook")
 	for h := range hooks {
 		if utils.FindStrInSlice(supportedKluctlHooks, h) == -1 {

From b844b865c5db9634dd00e85e0ffada40f7bcdb3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Sep 2022 23:41:10 +0200
Subject: [PATCH 0352/2268] fix: Don'tr treat string array arguments as CSV

---
 cmd/kluctl/commands/cobra_utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index b8fae0c44..1d2fa005a 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -171,7 +171,7 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 		if defaultValue != "" {
 			return fmt.Errorf("default not supported for slices")
 		}
-		cg.cmd.PersistentFlags().StringSliceVarP(v2.(*[]string), name, shortFlag, nil, help)
+		cg.cmd.PersistentFlags().StringArrayVarP(v2.(*[]string), name, shortFlag, nil, help)
 	case *bool:
 		parsedDefault := false
 		if defaultValue != "" {

From e96b775ee87bf305b53adfd01ecc31be7b4783a0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 08:56:03 +0200
Subject: [PATCH 0353/2268] refactor: Pass UnstructedObject into
 NewTargetContext for vars

Instead of map[string]string. This allows arbitrary yaml values to be passed.
---
 cmd/kluctl/commands/utils.go         |  6 +++++-
 pkg/kluctl_project/project.go        |  2 +-
 pkg/kluctl_project/target_context.go | 15 ++++++---------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 9b50739d4..6a6efa30f 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -145,6 +145,10 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return err
 	}
+	optionArgs2, err := deployment.ConvertArgsToVars(optionArgs)
+	if err != nil {
+		return err
+	}
 
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
@@ -163,7 +167,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	targetCtx, err := p.NewTargetContext(ctx, args.targetFlags.Target, clusterName,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
-		optionArgs, args.forSeal, images, inclusion,
+		optionArgs2, args.forSeal, images, inclusion,
 		renderOutputDir)
 	if err != nil {
 		return err
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 65dc137da..bca9ab1a3 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -58,7 +58,7 @@ func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTar
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
 
-func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue string) error {
+func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue any) error {
 	var dynArg *types2.DynamicArg
 	for _, x := range target.DynamicArgs {
 		if x.Name == argName || strings.HasPrefix(argName, x.Name+".") {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 023bf089a..37e87f56f 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -25,7 +25,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, dryRun bool, args map[string]string, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -42,7 +42,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		images.PrependFixedImages(target.Images)
 	}
 
-	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, args, forSeal)
+	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, externalArgs, forSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -103,7 +103,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, args map[string]string, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
+func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
 	doError := func(err error) (*vars.VarsCtx, *rest.Config, string, error) {
 		return nil, nil, "", err
 	}
@@ -144,18 +144,15 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 	allArgs := uo.New()
 
 	if target != nil {
-		for argName, argValue := range args {
+		for argName, argValue := range externalArgs.Object {
 			err = p.CheckDynamicArg(target, argName, argValue)
 			if err != nil {
 				return doError(err)
 			}
 		}
 	}
-	convertedArgs, err := deployment.ConvertArgsToVars(args)
-	if err != nil {
-		return doError(err)
-	}
-	allArgs.Merge(convertedArgs)
+
+	allArgs.Merge(externalArgs)
 	if target != nil {
 		if target.Args != nil {
 			allArgs.Merge(target.Args)

From 0ec1e7c47c1e1ff78f93121a068eb2fceb9d15a3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 08:59:17 +0200
Subject: [PATCH 0354/2268] feat: Enable time extension for jinja2 templating

---
 go.mod                      | 2 +-
 go.sum                      | 4 ++--
 pkg/kluctl_jinja2/jinja2.go | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6faf03396..c1423545f 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2
+	github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
diff --git a/go.sum b/go.sum
index 9c5246c17..1c0792b44 100644
--- a/go.sum
+++ b/go.sum
@@ -670,8 +670,8 @@ github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQan
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2 h1:qjiBSePbrBSWaJhvymlcrM3TW/PhbFoXvOfgKuQsDr0=
-github.com/kluctl/go-jinja2 v0.0.0-20220915092153-31a9e083bdf2/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
+github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d h1:pfyMHiDIYskxhJFlh1u1Xi3qHKGzg8Vna5hsRm7Cz0I=
+github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
index 13b04154d..8f81ebd5e 100644
--- a/pkg/kluctl_jinja2/jinja2.go
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -18,6 +18,7 @@ func NewKluctlJinja2(strict bool) (*x.Jinja2, error) {
 		x.WithStrict(strict),
 		x.WithExtension("jinja2.ext.loopcontrols"),
 		x.WithExtension("go_jinja2.ext.kluctl"),
+		x.WithExtension("go_jinja2.ext.time"),
 		x.WithExtension("ext.images_ext.ImagesExtension"),
 		x.WithPythonPath(extSrc.GetExtractedPath()))
 }

From 931a04fd5bf276974bf4e2bc47f7b21f6ffb49dd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 09:03:22 +0200
Subject: [PATCH 0355/2268] chore: Run go get -u ./...

---
 go.mod | 70 ++++++++++++++++++++++++++--------------------------
 go.sum | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+), 35 deletions(-)

diff --git a/go.mod b/go.mod
index c1423545f..b36010d39 100644
--- a/go.mod
+++ b/go.mod
@@ -5,19 +5,19 @@ go 1.19
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/aws/aws-sdk-go v1.44.89
+	github.com/aws/aws-sdk-go v1.44.103
 	github.com/bitnami-labs/sealed-secrets v0.18.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/fluxcd/pkg/kustomize v0.7.0
 	github.com/go-git/go-git/v5 v5.4.2
-	github.com/go-playground/validator/v10 v10.11.0
+	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.11.0
 	github.com/gosuri/uilive v0.0.4
-	github.com/hashicorp/vault/api v1.7.2
+	github.com/hashicorp/vault/api v1.8.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
@@ -34,32 +34,32 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.12.0
+	github.com/spf13/viper v1.13.0
 	github.com/stretchr/testify v1.8.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
-	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
-	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde
-	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261
-	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
+	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
+	golang.org/x/net v0.0.0-20220921203646-d300de134e69
+	golang.org/x/sync v0.0.0-20220907140024-f12130a52804
+	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
+	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
 	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.9.4
-	k8s.io/api v0.25.0
-	k8s.io/apiextensions-apiserver v0.25.0
-	k8s.io/apimachinery v0.25.0
-	k8s.io/client-go v0.25.0
-	k8s.io/klog/v2 v2.70.1
-	sigs.k8s.io/kind v0.14.0
+	helm.sh/helm/v3 v3.10.0
+	k8s.io/api v0.25.2
+	k8s.io/apiextensions-apiserver v0.25.2
+	k8s.io/apimachinery v0.25.2
+	k8s.io/client-go v0.25.2
+	k8s.io/klog/v2 v2.80.1
+	sigs.k8s.io/kind v0.15.0
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
 require (
-	cloud.google.com/go/compute v1.9.0 // indirect
+	cloud.google.com/go/compute v1.10.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
@@ -76,7 +76,7 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
-	github.com/armon/go-metrics v0.4.0 // indirect
+	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -86,8 +86,8 @@ require (
 	github.com/cloudflare/circl v1.2.0 // indirect
 	github.com/containerd/containerd v1.6.8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.17+incompatible // indirect
-	github.com/docker/docker v20.10.17+incompatible // indirect
+	github.com/docker/cli v20.10.18+incompatible // indirect
+	github.com/docker/docker v20.10.18+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -113,7 +113,7 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -122,7 +122,7 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.3.0 // indirect
+	github.com/hashicorp/go-hclog v1.3.1 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.5 // indirect
@@ -136,7 +136,7 @@ require (
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/sdk v0.5.3 // indirect
+	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
@@ -145,16 +145,16 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.9 // indirect
+	github.com/klauspost/compress v1.15.10 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/lib/pq v1.10.6 // indirect
+	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -181,8 +181,8 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rivo/uniseg v0.3.4 // indirect
-	github.com/rubenv/sql-migrate v1.1.2 // indirect
+	github.com/rivo/uniseg v0.4.2 // indirect
+	github.com/rubenv/sql-migrate v1.2.0 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
@@ -198,21 +198,21 @@ require (
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20220817180228-f738f5508c12 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
-	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
+	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
+	golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf // indirect
+	google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 // indirect
 	google.golang.org/grpc v1.49.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.25.0 // indirect
-	k8s.io/cli-runtime v0.25.0 // indirect
-	k8s.io/component-base v0.25.0 // indirect
+	k8s.io/apiserver v0.25.2 // indirect
+	k8s.io/cli-runtime v0.25.2 // indirect
+	k8s.io/component-base v0.25.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
-	k8s.io/kubectl v0.25.0 // indirect
+	k8s.io/kubectl v0.25.2 // indirect
 	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 // indirect
 	oras.land/oras-go v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
diff --git a/go.sum b/go.sum
index 1c0792b44..5851700e6 100644
--- a/go.sum
+++ b/go.sum
@@ -36,6 +36,8 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/compute v1.9.0 h1:ED/FP4xv8GJw63v556/ASNc1CeeLUO2Bs8nzaHchkHg=
 cloud.google.com/go/compute v1.9.0/go.mod h1:lWv1h/zUWTm/LozzfTJhBSkd6ShQq8la8VeeuOEGxfY=
+cloud.google.com/go/compute v1.10.0 h1:aoLIYaA1fX3ywihqpBk2APQKOo20nXsp1GEZQbx5Jk4=
+cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
@@ -91,11 +93,14 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
@@ -134,6 +139,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8Q=
 github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
+github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
+github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -148,6 +155,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.89 h1:Xf5Pp9GsNSMRinAuWNiQd0vusXXb3IgYbNlxldhWS2Q=
 github.com/aws/aws-sdk-go v1.44.89/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.103 h1:tbhBHKgiZSIUkG8FcHy3wYKpPVvp65Wn7ZiX0B8phpY=
+github.com/aws/aws-sdk-go v1.44.103/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -171,6 +180,7 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -229,10 +239,14 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
 github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
+github.com/docker/cli v20.10.18+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
 github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
+github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -339,6 +353,8 @@ github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/j
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
 github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
+github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -452,6 +468,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
 github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -541,6 +559,8 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.3.0 h1:G0ACM8Z2WilWgPv3Vdzwm3V0BQu/kSmrkVtpe1fy9do=
 github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
+github.com/hashicorp/go-hclog v1.3.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -591,8 +611,12 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ=
 github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
+github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
+github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/sdk v0.5.3 h1:PWY8sq/9pRrK9vUIy75qCH2Jd8oeENAgkaa/qbhzFrs=
 github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
+github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
+github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@@ -668,6 +692,8 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
+github.com/klauspost/compress v1.15.10 h1:Ai8UzuomSCDw90e1qNMtb15msBXsNpH6gzkkENQNcJo=
+github.com/klauspost/compress v1.15.10/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
 github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d h1:pfyMHiDIYskxhJFlh1u1Xi3qHKGzg8Vna5hsRm7Cz0I=
@@ -708,6 +734,8 @@ github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
 github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
+github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
@@ -756,10 +784,13 @@ github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
+github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
@@ -775,6 +806,7 @@ github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4=
+github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -855,6 +887,7 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.20.0 h1:8W0cWlwFkflGPLltQvLRB7ZVD5HuP6ng320w2IS245Q=
+github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
@@ -943,6 +976,8 @@ github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.3.4 h1:3Z3Eu6FGHZWSfNKJTOUiPatWwfc7DzJRU04jFUqJODw=
 github.com/rivo/uniseg v0.3.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
+github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -954,6 +989,8 @@ github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/f
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ=
 github.com/rubenv/sql-migrate v1.1.2/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
+github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
+github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
@@ -1023,6 +1060,8 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH
 github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
 github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
 github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
+github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
+github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1165,6 +1204,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY=
+golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1259,6 +1300,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220921203646-d300de134e69 h1:hUJpGDpnfwdJW8iNypFjmSY0sCBEL+spFTZ2eO+Sfps=
+golang.org/x/net v0.0.0-20220921203646-d300de134e69/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1278,6 +1321,8 @@ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
 golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
+golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1292,6 +1337,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde h1:ejfdSekXMDxDLbRrJMwUk6KnSLZ2McaUCVcIKM+N6jc=
 golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
+golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1386,11 +1433,15 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
+golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220919170432-7a66f970e087 h1:tPwmk4vmvVCMdr98VgL4JH+qZxPL8fqlUOHnyOM8N3w=
+golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1408,6 +1459,8 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
 golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs=
+golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1616,6 +1669,8 @@ google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf h1:Q5xNKbTSFwkuaaGaR7CMcXEM5sy19KYdUU8iF8/iRC0=
 google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
+google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
+google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1708,6 +1763,8 @@ gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 helm.sh/helm/v3 v3.9.4 h1:TCI1QhJUeLVOdccfdw+vnSEO3Td6gNqibptB04QtExY=
 helm.sh/helm/v3 v3.9.4/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
+helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI=
+helm.sh/helm/v3 v3.10.0/go.mod h1:paPw0hO5KVfrCMbi1M8+P8xdfBri3IiJiVKATZsFR94=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1718,25 +1775,44 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
 k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
+k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8=
+k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0=
 k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
 k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
+k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo=
+k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18QXJaJvIDLvE8=
 k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
 k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
+k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
+k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
 k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
 k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
+k8s.io/apiserver v0.25.2 h1:YePimobk187IMIdnmsMxsfIbC5p4eX3WSOrS9x6FEYw=
+k8s.io/apiserver v0.25.2/go.mod h1:30r7xyQTREWCkG2uSjgjhQcKVvAAlqoD+YyrqR6Cn+I=
 k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q=
 k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
+k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
+k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
 k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
 k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
+k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
+k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
 k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
 k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
+k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
+k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
 k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
+k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
 k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
+k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
+k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
@@ -1752,6 +1828,8 @@ sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
 sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
+sigs.k8s.io/kind v0.15.0 h1:Fskj234L4hjQlsScCgeYvCBIRt06cjLzc7+kbr1u8Tg=
+sigs.k8s.io/kind v0.15.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=

From 3704872db5d2c0ebd33dd717b6039fc0ff9180ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 09:10:24 +0200
Subject: [PATCH 0356/2268] feat: Remove downscale command

---
 .github/ISSUE_TEMPLATE/FEATURE.yml      |  1 -
 cmd/kluctl/commands/cmd_downscale.go    | 60 -----------------
 cmd/kluctl/commands/root.go             |  1 -
 pkg/deployment/commands/downscale.go    | 73 --------------------
 pkg/deployment/utils/downscale_utils.go | 88 -------------------------
 5 files changed, 223 deletions(-)
 delete mode 100644 cmd/kluctl/commands/cmd_downscale.go
 delete mode 100644 pkg/deployment/commands/downscale.go
 delete mode 100644 pkg/deployment/utils/downscale_utils.go

diff --git a/.github/ISSUE_TEMPLATE/FEATURE.yml b/.github/ISSUE_TEMPLATE/FEATURE.yml
index 4bdf4b33c..44c5f6875 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE.yml
@@ -21,7 +21,6 @@ body:
         - label: "delete"
         - label: "deploy"
         - label: "diff"
-        - label: "downscale"
         - label: "helm-pull"
         - label: "helm-update"
         - label: "list-images"
diff --git a/cmd/kluctl/commands/cmd_downscale.go b/cmd/kluctl/commands/cmd_downscale.go
deleted file mode 100644
index ac2d0a610..000000000
--- a/cmd/kluctl/commands/cmd_downscale.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package commands
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-)
-
-type downscaleCmd struct {
-	args.ProjectFlags
-	args.TargetFlags
-	args.ArgsFlags
-	args.ImageFlags
-	args.InclusionFlags
-	args.YesFlags
-	args.DryRunFlags
-	args.OutputFormatFlags
-	args.RenderOutputDirFlags
-}
-
-func (cmd *downscaleCmd) Help() string {
-	return `This command will downscale all Deployments, StatefulSets and CronJobs.
-It is also possible to influence the behaviour with the help of annotations, as described in
-the documentation.`
-}
-
-func (cmd *downscaleCmd) Run() error {
-	ptArgs := projectTargetCommandArgs{
-		projectFlags:         cmd.ProjectFlags,
-		targetFlags:          cmd.TargetFlags,
-		argsFlags:            cmd.ArgsFlags,
-		imageFlags:           cmd.ImageFlags,
-		inclusionFlags:       cmd.InclusionFlags,
-		dryRunArgs:           &cmd.DryRunFlags,
-		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		if !cmd.Yes && !cmd.DryRun {
-			if !status.AskForConfirmation(cliCtx, fmt.Sprintf("Do you really want to downscale on context/cluster %s?", ctx.targetCtx.ClusterContext)) {
-				return fmt.Errorf("aborted")
-			}
-		}
-
-		cmd2 := commands.NewDownscaleCommand(ctx.targetCtx.DeploymentCollection)
-
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
-		if err != nil {
-			return err
-		}
-		err = outputCommandResult(cmd.OutputFormat, result)
-		if err != nil {
-			return err
-		}
-		if len(result.Errors) != 0 {
-			return fmt.Errorf("command failed")
-		}
-		return nil
-	})
-}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f7eea355e..8c0f31a30 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -50,7 +50,6 @@ type cli struct {
 	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
 	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
 	Diff              diffCmd              `cmd:"" help:"Perform a diff between the locally rendered target and the already deployed target"`
-	Downscale         downscaleCmd         `cmd:"" help:"Downscale all deployments"`
 	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pulls the specified Helm charts"`
 	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
 	ListImages        listImagesCmd        `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
diff --git a/pkg/deployment/commands/downscale.go b/pkg/deployment/commands/downscale.go
deleted file mode 100644
index 184f08029..000000000
--- a/pkg/deployment/commands/downscale.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package commands
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"sync"
-)
-
-type DownscaleCommand struct {
-	c *deployment.DeploymentCollection
-}
-
-func NewDownscaleCommand(c *deployment.DeploymentCollection) *DownscaleCommand {
-	return &DownscaleCommand{
-		c: c,
-	}
-}
-
-func (cmd *DownscaleCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
-	var wg sync.WaitGroup
-
-	dew := utils2.NewDeploymentErrorsAndWarnings()
-
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
-	if err != nil {
-		return nil, err
-	}
-
-	ad := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
-
-	for _, d := range cmd.c.Deployments {
-		if !d.CheckInclusionForDeploy() {
-			continue
-		}
-		au := ad.NewApplyUtil(ctx, nil)
-		for _, o := range d.Objects {
-			o := o
-			ref := o.GetK8sRef()
-			wg.Add(1)
-			if utils2.IsDownscaleDelete(o) {
-				go func() {
-					defer wg.Done()
-					au.DeleteObject(ref, false)
-				}()
-			} else {
-				go func() {
-					defer wg.Done()
-					au.ReplaceObject(ref, ru.GetRemoteObject(ref), func(remote *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
-						return utils2.DownscaleObject(remote, o)
-					})
-				}()
-			}
-		}
-	}
-	wg.Wait()
-
-	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, ad.GetAppliedObjectsMap())
-	du.Diff()
-
-	return &types.CommandResult{
-		NewObjects:     du.NewObjects,
-		ChangedObjects: du.ChangedObjects,
-		DeletedObjects: ad.GetDeletedObjects(),
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
-		SeenImages:     cmd.c.Images.SeenImages(false),
-	}, nil
-}
diff --git a/pkg/deployment/utils/downscale_utils.go b/pkg/deployment/utils/downscale_utils.go
deleted file mode 100644
index aed46dd92..000000000
--- a/pkg/deployment/utils/downscale_utils.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	jsonpatch "github.com/evanphx/json-patch"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"regexp"
-	"strconv"
-)
-
-var (
-	downscaleAnnotationPatchRegex = regexp.MustCompile(`^kluctl.io/downscale-patch(-\d*)?$`)
-	downscaleAnnotationDelete     = "kluctl.io/downscale-delete"
-	downscaleAnnotationIgnore     = "kluctl.io/downscale-ignore"
-)
-
-func IsDownscaleDelete(o *uo.UnstructuredObject) bool {
-	a, _ := o.GetK8sAnnotations()[downscaleAnnotationDelete]
-	b, _ := strconv.ParseBool(a)
-	return b
-}
-
-func isDownscaleIgnore(o *uo.UnstructuredObject) bool {
-	a, _ := o.GetK8sAnnotations()[downscaleAnnotationIgnore]
-	b, _ := strconv.ParseBool(a)
-	return b
-}
-
-func DownscaleObject(remote *uo.UnstructuredObject, local *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
-	ret := remote
-	if isDownscaleIgnore(local) {
-		return ret, nil
-	}
-	var patch jsonpatch.Patch
-	for _, v := range local.GetK8sAnnotationsWithRegex(downscaleAnnotationPatchRegex) {
-		j, err := yaml.ConvertYamlToJson([]byte(v))
-		if err != nil {
-			return nil, fmt.Errorf("invalid jsonpatch json/yaml: %w", err)
-		}
-		p, err := jsonpatch.DecodePatch(j)
-		if err != nil {
-			return nil, fmt.Errorf("invalid jsonpatch: %w", err)
-		}
-		patch = append(patch, p...)
-	}
-
-	if len(patch) != 0 {
-		j, err := yaml.WriteYamlBytes(ret.Object)
-		if err != nil {
-			return nil, err
-		}
-		j, err = yaml.ConvertYamlToJson(j)
-		if err != nil {
-			return nil, err
-		}
-		j, err = patch.Apply(j)
-		if err != nil {
-			return nil, err
-		}
-		ret = &uo.UnstructuredObject{}
-		err = yaml.ReadYamlBytes(j, &ret.Object)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	ref := remote.GetK8sRef()
-	switch ref.GVK.GroupKind() {
-	case schema.GroupKind{Group: "apps", Kind: "Deployment"}:
-		fallthrough
-	case schema.GroupKind{Group: "apps", Kind: "StatefulSet"}:
-		ret = ret.Clone()
-		err := ret.SetNestedField(0, "spec", "replicas")
-		if err != nil {
-			return nil, err
-		}
-	case schema.GroupKind{Group: "batch", Kind: "CronJob"}:
-		ret = ret.Clone()
-		err := ret.SetNestedField(true, "spec", "suspend")
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return ret, nil
-}

From 2ee45fb78ec1a5dca3fd7cd62e8ee79be7455642 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 10:35:36 +0200
Subject: [PATCH 0357/2268] feat: Add --offline-kubernetes flag to render
 command

---
 cmd/kluctl/commands/cmd_render.go    |  2 ++
 cmd/kluctl/commands/utils.go         |  8 +++++---
 pkg/kluctl_project/target_context.go | 27 ++++++++++++++++++++-------
 pkg/vars/vars_loader.go              |  2 +-
 4 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 190760e8d..2b45c9f9b 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -13,6 +13,7 @@ type renderCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.RenderOutputDirFlags
+	OfflineKubernetes bool `group:"misc" help:"Run render in offline mode, meaning that it will not try to connect the target cluster"`
 }
 
 func (cmd *renderCmd) Help() string {
@@ -35,6 +36,7 @@ func (cmd *renderCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		offlineKubernetes:    cmd.OfflineKubernetes,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.SharedContext.RenderDir)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 6a6efa30f..968077a02 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -104,8 +104,9 @@ type projectTargetCommandArgs struct {
 	dryRunArgs           *args.DryRunFlags
 	renderOutputDirFlags args.RenderOutputDirFlags
 
-	forSeal       bool
-	forCompletion bool
+	forSeal           bool
+	forCompletion     bool
+	offlineKubernetes bool
 }
 
 type commandCtx struct {
@@ -165,7 +166,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		clusterName = &args.projectFlags.Cluster
 	}
 
-	targetCtx, err := p.NewTargetContext(ctx, args.targetFlags.Target, clusterName,
+	targetCtx, err := p.NewTargetContext(ctx,
+		args.targetFlags.Target, clusterName, args.offlineKubernetes,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
 		optionArgs2, args.forSeal, images, inclusion,
 		renderOutputDir)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 37e87f56f..f93c9e8ed 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
 )
 
@@ -25,7 +26,7 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, offlineK8s bool, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.DeploymentDir)
 	if err != nil {
 		return nil, err
@@ -42,7 +43,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		images.PrependFixedImages(target.Images)
 	}
 
-	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, externalArgs, forSeal)
+	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, offlineK8s, externalArgs, forSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -103,7 +104,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
+func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, offlineK8s bool, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
 	doError := func(err error) (*vars.VarsCtx, *rest.Config, string, error) {
 		return nil, nil, "", err
 	}
@@ -130,9 +131,17 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		}
 	}
 
-	clientConfig, restConfig, err := p.loadArgs.ClientConfigGetter(contextName)
-	if err != nil {
-		return doError(err)
+	var err error
+	var clientConfig *rest.Config
+	if !offlineK8s {
+		var restConfig *api.Config
+		clientConfig, restConfig, err = p.loadArgs.ClientConfigGetter(contextName)
+		if err != nil {
+			return doError(err)
+		}
+		if contextName == nil {
+			contextName = &restConfig.CurrentContext
+		}
 	}
 
 	targetVars, err := uo.FromStruct(target)
@@ -171,7 +180,11 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 
 	varsCtx.UpdateChild("args", allArgs)
 
-	return varsCtx, clientConfig, restConfig.CurrentContext, nil
+	var contextName2 string
+	if contextName != nil {
+		contextName2 = *contextName
+	}
+	return varsCtx, clientConfig, contextName2, nil
 }
 
 func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, error) {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 338e1b446..a479ec791 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -195,7 +195,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 
 func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, base64Decode bool) error {
 	if v.k == nil {
-		return nil
+		return fmt.Errorf("loading vars from cluster is disabled")
 	}
 
 	var err error

From ce61477328ea2e1ce0076a9675d7dbfa00877451 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 10:35:49 +0200
Subject: [PATCH 0358/2268] feat: Add --print-all flag to render command

---
 cmd/kluctl/commands/cmd_render.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 2b45c9f9b..52327efdd 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -4,7 +4,9 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
+	"os"
 )
 
 type renderCmd struct {
@@ -13,7 +15,9 @@ type renderCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.RenderOutputDirFlags
+
 	OfflineKubernetes bool `group:"misc" help:"Run render in offline mode, meaning that it will not try to connect the target cluster"`
+	PrintAll          bool `group:"misc" help:"Write all rendered manifests to stdout"`
 }
 
 func (cmd *renderCmd) Help() string {
@@ -22,12 +26,14 @@ a temporary directory or a specified directory.`
 }
 
 func (cmd *renderCmd) Run() error {
+	isTmp := false
 	if cmd.RenderOutputDir == "" {
 		p, err := ioutil.TempDir(utils.GetTmpBaseDir(), "rendered-")
 		if err != nil {
 			return err
 		}
 		cmd.RenderOutputDir = p
+		isTmp = true
 	}
 
 	ptArgs := projectTargetCommandArgs{
@@ -39,7 +45,21 @@ func (cmd *renderCmd) Run() error {
 		offlineKubernetes:    cmd.OfflineKubernetes,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.SharedContext.RenderDir)
+		if cmd.PrintAll {
+			var all []any
+			for _, d := range ctx.targetCtx.DeploymentCollection.Deployments {
+				for _, o := range d.Objects {
+					all = append(all, o)
+				}
+			}
+			if isTmp {
+				defer os.RemoveAll(cmd.RenderOutputDir)
+			}
+			status.Flush(ctx.ctx)
+			return yaml.WriteYamlAllStream(os.Stdout, all)
+		} else {
+			status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.SharedContext.RenderDir)
+		}
 		return nil
 	})
 }

From ac91c0a5cdb90c40d0b674cea21e96b342e1e4d1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 10:47:30 +0200
Subject: [PATCH 0359/2268] feat: Remove cluster-id from sealed secrets

This is required to make offline sealing possible.
---
 pkg/seal/sealer.go | 53 +---------------------------------------------
 1 file changed, 1 insertion(+), 52 deletions(-)

diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 80309e6a7..57e02491b 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -10,12 +10,10 @@ import (
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/crypto/scrypt"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
@@ -24,13 +22,11 @@ import (
 )
 
 const hashAnnotation = "kluctl.io/sealedsecret-hashes"
-const clusterIdAnnotation = "kluctl.io/sealedsecret-cluster-id"
 
 type Sealer struct {
 	ctx         context.Context
 	forceReseal bool
 	cert        *rsa.PublicKey
-	clusterId   string
 }
 
 func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, forceReseal bool) (*Sealer, error) {
@@ -38,54 +34,16 @@ func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace st
 		ctx:         ctx,
 		forceReseal: forceReseal,
 	}
+
 	cert, err := fetchCert(ctx, k, sealedSecretsNamespace, sealedSecretsControllerName)
 	if err != nil {
 		return nil, err
 	}
 	s.cert = cert
 
-	clusterId, err := getClusterId(k)
-	if err != nil {
-		return nil, err
-	}
-
-	s.clusterId = clusterId
-
 	return s, nil
 }
 
-// We treat the hashed kube-root-ca.crt as cluster id for now. We also accept that it might change when keys
-// get rotated.
-func getClusterId(k *k8s.K8sCluster) (string, error) {
-	o, _, err := k.GetSingleObject(k8s2.ObjectRef{
-		GVK:       schema.GroupVersionKind{Version: "v1", Kind: "ConfigMap"},
-		Name:      "kube-root-ca.crt",
-		Namespace: "kube-system",
-	})
-	if err != nil && !errors.IsNotFound(err) {
-		return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: %w", err)
-	}
-
-	var kubeRootCA string
-	if o != nil {
-		x, ok, err := o.GetNestedString("data", "ca.crt")
-		if err != nil {
-			return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: %w", err)
-		}
-		if !ok {
-			return "", fmt.Errorf("failed to retrieve kube-root-ca.crt: ca.crt key is missing")
-		}
-		kubeRootCA = x
-	} else {
-		// fall-back to CA from kubeconfig
-		ca := k.GetCA()
-		if ca != nil {
-			kubeRootCA = string(ca)
-		}
-	}
-	return utils.Sha256String(kubeRootCA), nil
-}
-
 func (s *Sealer) doHash(key string, secret []byte, secretName string, secretNamespace string, scope string) string {
 	if secretNamespace == "" {
 		secretNamespace = "*"
@@ -170,7 +128,6 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 
 	var existingContent *uo.UnstructuredObject
 	var existingHashes *uo.UnstructuredObject
-	var existingClusterId string
 
 	if utils.Exists(targetFile) {
 		existingContent, err = uo.FromFile(targetFile)
@@ -178,10 +135,6 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 		if a != nil {
 			existingHashes, _ = uo.FromString(*a)
 		}
-		a = existingContent.GetK8sAnnotation(clusterIdAnnotation)
-		if a != nil {
-			existingClusterId = *a
-		}
 	}
 	if existingHashes == nil {
 		existingHashes = uo.New()
@@ -243,9 +196,6 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	if s.forceReseal {
 		resealAll = true
 		status.Info(s.ctx, "Forcing reseal of secrets in %s", secretName)
-	} else if existingClusterId != s.clusterId {
-		resealAll = true
-		status.Info(s.ctx, "Target cluster for secret %s has changed, forcing reseal", secretName)
 	}
 
 	for k, v := range secrets {
@@ -284,7 +234,6 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 		return err
 	}
 	result.SetK8sAnnotation(hashAnnotation, resultSecretHashesStr)
-	result.SetK8sAnnotation(clusterIdAnnotation, s.clusterId)
 
 	if reflect.DeepEqual(existingContent, result) {
 		status.Info(s.ctx, "Skipped %s as it did not change", baseName)

From 3f97ff132d744c11820b9ebb272fa3b491641c82 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 10:54:04 +0200
Subject: [PATCH 0360/2268] refactor: Move fetching of certs outside of
 NewSealer

---
 cmd/kluctl/commands/cmd_seal.go |  7 ++++++-
 pkg/seal/fetch_cert.go          |  2 +-
 pkg/seal/sealer.go              | 10 ++--------
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 65fe92997..1cf922d40 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -66,7 +66,12 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			}
 		}
 
-		sealer, err := seal.NewSealer(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName, cmd.ForceReseal)
+		cert, err := seal.FetchCert(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
+		if err != nil {
+			return doFail(err)
+		}
+
+		sealer, err := seal.NewSealer(ctx.ctx, cert, cmd.ForceReseal)
 		if err != nil {
 			return doFail(err)
 		}
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 95b1c154a..5679079a0 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -13,7 +13,7 @@ import (
 	"k8s.io/client-go/util/cert"
 )
 
-func fetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
+func FetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
 	certData, err := openCertFromController(k, namespace, controllerName)
 	if err != nil {
 		if controllerName == "sealed-secrets-controller" {
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 57e02491b..d6c31391e 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -8,7 +8,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -29,18 +28,13 @@ type Sealer struct {
 	cert        *rsa.PublicKey
 }
 
-func NewSealer(ctx context.Context, k *k8s.K8sCluster, sealedSecretsNamespace string, sealedSecretsControllerName string, forceReseal bool) (*Sealer, error) {
+func NewSealer(ctx context.Context, cert *rsa.PublicKey, forceReseal bool) (*Sealer, error) {
 	s := &Sealer{
 		ctx:         ctx,
 		forceReseal: forceReseal,
+		cert:        cert,
 	}
 
-	cert, err := fetchCert(ctx, k, sealedSecretsNamespace, sealedSecretsControllerName)
-	if err != nil {
-		return nil, err
-	}
-	s.cert = cert
-
 	return s, nil
 }
 

From 667ecaeee97d2097b1fa1700a6253eba0cf7c064 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:03:09 +0200
Subject: [PATCH 0361/2268] refactor: Simplify runCmdSealForTarget

---
 cmd/kluctl/commands/cmd_seal.go | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 1cf922d40..7aaaa489c 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
 type sealCmd struct {
@@ -49,17 +50,24 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			return doFail(err)
 		}
 
+		secretsConfig := p.Config.SecretsConfig
+		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
+		if secretsConfig != nil {
+			sealedSecretsConfig = secretsConfig.SealedSecrets
+		}
+
 		sealedSecretsNamespace := "kube-system"
 		sealedSecretsControllerName := "sealed-secrets-controller"
-		if p.Config.SecretsConfig != nil && p.Config.SecretsConfig.SealedSecrets != nil {
-			if p.Config.SecretsConfig.SealedSecrets.Namespace != nil {
-				sealedSecretsNamespace = *p.Config.SecretsConfig.SealedSecrets.Namespace
+		if sealedSecretsConfig != nil {
+			if sealedSecretsConfig.Namespace != nil {
+				sealedSecretsNamespace = *sealedSecretsConfig.Namespace
 			}
-			if p.Config.SecretsConfig.SealedSecrets.ControllerName != nil {
-				sealedSecretsControllerName = *p.Config.SecretsConfig.SealedSecrets.ControllerName
+			if sealedSecretsConfig.ControllerName != nil {
+				sealedSecretsControllerName = *sealedSecretsConfig.ControllerName
 			}
 		}
-		if p.Config.SecretsConfig == nil || p.Config.SecretsConfig.SealedSecrets == nil || p.Config.SecretsConfig.SealedSecrets.Bootstrap == nil || *p.Config.SecretsConfig.SealedSecrets.Bootstrap {
+
+		if sealedSecretsConfig == nil || sealedSecretsConfig.Bootstrap == nil || *sealedSecretsConfig.Bootstrap {
 			err = seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace)
 			if err != nil {
 				return doFail(err)

From 1bf1c1ab31aed5f28af85c3982e7c4fa05c2a600 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:25:40 +0200
Subject: [PATCH 0362/2268] feat: Allow to specify certFile via target
 SealingConfig

---
 cmd/kluctl/commands/cmd_seal.go | 85 +++++++++++++++++++++++----------
 pkg/seal/fetch_cert.go          |  4 +-
 pkg/types/kluctl_project.go     |  1 +
 3 files changed, 63 insertions(+), 27 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 7aaaa489c..61ab95183 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -2,13 +2,16 @@ package commands
 
 import (
 	"context"
+	"crypto/rsa"
 	"fmt"
+	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"os"
 )
 
 type sealCmd struct {
@@ -50,31 +53,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 			return doFail(err)
 		}
 
-		secretsConfig := p.Config.SecretsConfig
-		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
-		if secretsConfig != nil {
-			sealedSecretsConfig = secretsConfig.SealedSecrets
-		}
-
-		sealedSecretsNamespace := "kube-system"
-		sealedSecretsControllerName := "sealed-secrets-controller"
-		if sealedSecretsConfig != nil {
-			if sealedSecretsConfig.Namespace != nil {
-				sealedSecretsNamespace = *sealedSecretsConfig.Namespace
-			}
-			if sealedSecretsConfig.ControllerName != nil {
-				sealedSecretsControllerName = *sealedSecretsConfig.ControllerName
-			}
-		}
-
-		if sealedSecretsConfig == nil || sealedSecretsConfig.Bootstrap == nil || *sealedSecretsConfig.Bootstrap {
-			err = seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace)
-			if err != nil {
-				return doFail(err)
-			}
-		}
-
-		cert, err := seal.FetchCert(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
+		cert, err := cmd.loadCert(ctx)
 		if err != nil {
 			return doFail(err)
 		}
@@ -102,6 +81,62 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	})
 }
 
+func (cmd *sealCmd) loadCert(ctx *commandCtx) (*rsa.PublicKey, error) {
+	sealingConfig := ctx.targetCtx.Target.SealingConfig
+
+	var certFile string
+
+	if sealingConfig != nil && sealingConfig.CertFile != nil {
+		path, err := securejoin.SecureJoin(ctx.targetCtx.KluctlProject.ProjectDir, *sealingConfig.CertFile)
+		if err != nil {
+			return nil, err
+		}
+		certFile = path
+	}
+
+	if certFile != "" {
+		d, err := os.ReadFile(certFile)
+		if err != nil {
+			return nil, err
+		}
+		cert, err := seal.ParseCert(d)
+		if err != nil {
+			return nil, err
+		}
+		return cert, nil
+	} else {
+		secretsConfig := ctx.targetCtx.KluctlProject.Config.SecretsConfig
+		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
+		if secretsConfig != nil {
+			sealedSecretsConfig = secretsConfig.SealedSecrets
+		}
+
+		sealedSecretsNamespace := "kube-system"
+		sealedSecretsControllerName := "sealed-secrets-controller"
+		if sealedSecretsConfig != nil {
+			if sealedSecretsConfig.Namespace != nil {
+				sealedSecretsNamespace = *sealedSecretsConfig.Namespace
+			}
+			if sealedSecretsConfig.ControllerName != nil {
+				sealedSecretsControllerName = *sealedSecretsConfig.ControllerName
+			}
+		}
+
+		if sealedSecretsConfig == nil || sealedSecretsConfig.Bootstrap == nil || *sealedSecretsConfig.Bootstrap {
+			err := seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		cert, err := seal.FetchCert(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
+		if err != nil {
+			return nil, err
+		}
+		return cert, nil
+	}
+}
+
 func (cmd *sealCmd) Run() error {
 	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 5679079a0..900dc0369 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -34,7 +34,7 @@ func FetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, control
 		}
 	}
 
-	return parseKey(certData)
+	return ParseCert(certData)
 }
 
 func openCertFromBootstrap(k *k8s.K8sCluster, namespace string) ([]byte, error) {
@@ -92,7 +92,7 @@ func getServicePortName(k *k8s.K8sCluster, namespace, serviceName string) (strin
 	return n, nil
 }
 
-func parseKey(data []byte) (*rsa.PublicKey, error) {
+func ParseCert(data []byte) (*rsa.PublicKey, error) {
 	certs, err := cert.ParseCertsPEM(data)
 	if err != nil {
 		return nil, err
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index f5fb852ad..3f7efdf59 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -25,6 +25,7 @@ type SealingConfig struct {
 	DynamicSealing *bool                  `yaml:"dynamicSealing,omitempty"`
 	Args           *uo.UnstructuredObject `yaml:"args,omitempty"`
 	SecretSets     []string               `yaml:"secretSets,omitempty"`
+	CertFile       *string                `yaml:"certFile,omitempty"`
 }
 
 type Target struct {

From 864a0d694b84ce73af47801e82b01ad1e727501e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:26:07 +0200
Subject: [PATCH 0363/2268] feat: Allow to override certFile via command line

---
 cmd/kluctl/commands/cmd_seal.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 61ab95183..83ebbe68a 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -18,7 +18,8 @@ type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
 
-	ForceReseal bool `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
+	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
+	CertFile    string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
 }
 
 func (cmd *sealCmd) Help() string {
@@ -94,6 +95,13 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*rsa.PublicKey, error) {
 		certFile = path
 	}
 
+	if cmd.CertFile != "" {
+		if certFile != "" {
+			status.Info(ctx.ctx, "Overriding certFile from target with certFile argument")
+		}
+		certFile = cmd.CertFile
+	}
+
 	if certFile != "" {
 		d, err := os.ReadFile(certFile)
 		if err != nil {

From b25579cc82baf29c015bc63ef6e975298b3fec3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:26:29 +0200
Subject: [PATCH 0364/2268] feat: Add --offline-kubernetes flag to seal command

---
 cmd/kluctl/commands/cmd_seal.go | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 83ebbe68a..6b3d9e9ff 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -18,8 +18,9 @@ type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
 
-	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
-	CertFile    string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
+	ForceReseal       bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
+	CertFile          string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
+	OfflineKubernetes bool   `group:"misc" help:"Run seal in offline mode, meaning that it will not try to connect the target cluster"`
 }
 
 func (cmd *sealCmd) Help() string {
@@ -41,9 +42,10 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	}
 
 	ptArgs := projectTargetCommandArgs{
-		projectFlags: cmd.ProjectFlags,
-		targetFlags:  cmd.TargetFlags,
-		forSeal:      true,
+		projectFlags:      cmd.ProjectFlags,
+		targetFlags:       cmd.TargetFlags,
+		forSeal:           true,
+		offlineKubernetes: cmd.OfflineKubernetes,
 	}
 	ptArgs.targetFlags.Target = targetName
 
@@ -113,6 +115,10 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*rsa.PublicKey, error) {
 		}
 		return cert, nil
 	} else {
+		if ctx.targetCtx.SharedContext.K == nil {
+			return nil, fmt.Errorf("must specify certFile when sealing in offline mode")
+		}
+
 		secretsConfig := ctx.targetCtx.KluctlProject.Config.SecretsConfig
 		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
 		if secretsConfig != nil {

From 74ae3f7bb04ab18a9deb185911a79357e7f32750 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:43:27 +0200
Subject: [PATCH 0365/2268] feat: Write certificate hash to sealed secret and
 re-seal when it changes

---
 cmd/kluctl/commands/cmd_seal.go |  4 ++--
 pkg/seal/fetch_cert.go          | 13 ++++---------
 pkg/seal/sealer.go              | 34 ++++++++++++++++++++++++++++++---
 3 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 6b3d9e9ff..636444179 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -2,7 +2,7 @@ package commands
 
 import (
 	"context"
-	"crypto/rsa"
+	"crypto/x509"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
@@ -84,7 +84,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	})
 }
 
-func (cmd *sealCmd) loadCert(ctx *commandCtx) (*rsa.PublicKey, error) {
+func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
 	sealingConfig := ctx.targetCtx.Target.SealingConfig
 
 	var certFile string
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 900dc0369..07fd5e7c0 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -2,7 +2,7 @@ package seal
 
 import (
 	"context"
-	"crypto/rsa"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -13,7 +13,7 @@ import (
 	"k8s.io/client-go/util/cert"
 )
 
-func FetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*rsa.PublicKey, error) {
+func FetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*x509.Certificate, error) {
 	certData, err := openCertFromController(k, namespace, controllerName)
 	if err != nil {
 		if controllerName == "sealed-secrets-controller" {
@@ -92,7 +92,7 @@ func getServicePortName(k *k8s.K8sCluster, namespace, serviceName string) (strin
 	return n, nil
 }
 
-func ParseCert(data []byte) (*rsa.PublicKey, error) {
+func ParseCert(data []byte) (*x509.Certificate, error) {
 	certs, err := cert.ParseCertsPEM(data)
 	if err != nil {
 		return nil, err
@@ -103,10 +103,5 @@ func ParseCert(data []byte) (*rsa.PublicKey, error) {
 		return nil, errors.New("failed to read any certificates")
 	}
 
-	cert, ok := certs[0].PublicKey.(*rsa.PublicKey)
-	if !ok {
-		return nil, fmt.Errorf("fxpected RSA public key but found %v", certs[0].PublicKey)
-	}
-
-	return cert, nil
+	return certs[0], nil
 }
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index d6c31391e..268009cc6 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@@ -21,20 +23,36 @@ import (
 )
 
 const hashAnnotation = "kluctl.io/sealedsecret-hashes"
+const certHashAnnotation = "kluctl.io/sealedsecret-cert-hash"
 
 type Sealer struct {
 	ctx         context.Context
 	forceReseal bool
-	cert        *rsa.PublicKey
+	cert        *x509.Certificate
+	pubKey      *rsa.PublicKey
+	certHash    string
 }
 
-func NewSealer(ctx context.Context, cert *rsa.PublicKey, forceReseal bool) (*Sealer, error) {
+func NewSealer(ctx context.Context, cert *x509.Certificate, forceReseal bool) (*Sealer, error) {
 	s := &Sealer{
 		ctx:         ctx,
 		forceReseal: forceReseal,
 		cert:        cert,
 	}
 
+	pk, ok := cert.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("expected RSA public key but found %v", cert.PublicKey)
+	}
+	s.pubKey = pk
+
+	pkBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+	h := sha256.Sum256(pkBytes)
+	s.certHash = hex.EncodeToString(h[:])
+
 	return s, nil
 }
 
@@ -69,7 +87,8 @@ func encryptionLabel(namespace string, name string, scope string) []byte {
 }
 
 func (s *Sealer) encryptSecret(secret []byte, secretName string, secretNamespace string, scope string) (string, error) {
-	b, err := crypto.HybridEncrypt(rand.Reader, s.cert, secret, encryptionLabel(secretNamespace, secretName, scope))
+	// todo
+	b, err := crypto.HybridEncrypt(rand.Reader, s.pubKey, secret, encryptionLabel(secretNamespace, secretName, scope))
 	if err != nil {
 		return "", err
 	}
@@ -122,6 +141,7 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 
 	var existingContent *uo.UnstructuredObject
 	var existingHashes *uo.UnstructuredObject
+	var existingCertHash string
 
 	if utils.Exists(targetFile) {
 		existingContent, err = uo.FromFile(targetFile)
@@ -129,6 +149,10 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 		if a != nil {
 			existingHashes, _ = uo.FromString(*a)
 		}
+		a = existingContent.GetK8sAnnotation(certHashAnnotation)
+		if a != nil {
+			existingCertHash = *a
+		}
 	}
 	if existingHashes == nil {
 		existingHashes = uo.New()
@@ -190,6 +214,9 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	if s.forceReseal {
 		resealAll = true
 		status.Info(s.ctx, "Forcing reseal of secrets in %s", secretName)
+	} else if existingCertHash != s.certHash {
+		resealAll = true
+		status.Info(s.ctx, "Cert for secret %s has changed, forcing reseal", secretName)
 	}
 
 	for k, v := range secrets {
@@ -228,6 +255,7 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 		return err
 	}
 	result.SetK8sAnnotation(hashAnnotation, resultSecretHashesStr)
+	result.SetK8sAnnotation(certHashAnnotation, s.certHash)
 
 	if reflect.DeepEqual(existingContent, result) {
 		status.Info(s.ctx, "Skipped %s as it did not change", baseName)

From 738b2c834d3f768fd45203383369d6f2b3001791 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 11:49:20 +0200
Subject: [PATCH 0366/2268] chore: Run go mod tidy

---
 go.mod |  2 +-
 go.sum | 80 ++--------------------------------------------------------
 2 files changed, 3 insertions(+), 79 deletions(-)

diff --git a/go.mod b/go.mod
index b36010d39..2832f1384 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.18.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/evanphx/json-patch v5.6.0+incompatible
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/fluxcd/pkg/kustomize v0.7.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.1
diff --git a/go.sum b/go.sum
index 5851700e6..b2e3c6035 100644
--- a/go.sum
+++ b/go.sum
@@ -34,8 +34,6 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.9.0 h1:ED/FP4xv8GJw63v556/ASNc1CeeLUO2Bs8nzaHchkHg=
-cloud.google.com/go/compute v1.9.0/go.mod h1:lWv1h/zUWTm/LozzfTJhBSkd6ShQq8la8VeeuOEGxfY=
 cloud.google.com/go/compute v1.10.0 h1:aoLIYaA1fX3ywihqpBk2APQKOo20nXsp1GEZQbx5Jk4=
 cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
@@ -93,12 +91,10 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
@@ -137,8 +133,6 @@ github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8Q=
-github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -153,8 +147,6 @@ github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9D
 github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.89 h1:Xf5Pp9GsNSMRinAuWNiQd0vusXXb3IgYbNlxldhWS2Q=
-github.com/aws/aws-sdk-go v1.44.89/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.103 h1:tbhBHKgiZSIUkG8FcHy3wYKpPVvp65Wn7ZiX0B8phpY=
 github.com/aws/aws-sdk-go v1.44.103/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -180,7 +172,6 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -237,14 +228,10 @@ github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCF
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
-github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M=
-github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
 github.com/docker/cli v20.10.18+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
-github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
 github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
@@ -351,8 +338,6 @@ github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb
 github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
-github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
 github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
@@ -466,8 +451,6 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
@@ -557,8 +540,6 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.3.0 h1:G0ACM8Z2WilWgPv3Vdzwm3V0BQu/kSmrkVtpe1fy9do=
-github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
 github.com/hashicorp/go-hclog v1.3.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -609,12 +590,8 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
-github.com/hashicorp/vault/api v1.7.2 h1:kawHE7s/4xwrdKbkmwQi0wYaIeUhk5ueek7ljuezCVQ=
-github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
 github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
 github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
-github.com/hashicorp/vault/sdk v0.5.3 h1:PWY8sq/9pRrK9vUIy75qCH2Jd8oeENAgkaa/qbhzFrs=
-github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
 github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
@@ -690,8 +667,6 @@ github.com/kisielk/errcheck v1.6.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
-github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.10 h1:Ai8UzuomSCDw90e1qNMtb15msBXsNpH6gzkkENQNcJo=
 github.com/klauspost/compress v1.15.10/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
@@ -732,8 +707,6 @@ github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=
-github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
@@ -782,14 +755,12 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw=
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -805,7 +776,6 @@ github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4=
 github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -882,11 +852,10 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
+github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.20.0 h1:8W0cWlwFkflGPLltQvLRB7ZVD5HuP6ng320w2IS245Q=
 github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -974,8 +943,6 @@ github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:r
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.3.4 h1:3Z3Eu6FGHZWSfNKJTOUiPatWwfc7DzJRU04jFUqJODw=
-github.com/rivo/uniseg v0.3.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
 github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -987,8 +954,6 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
-github.com/rubenv/sql-migrate v1.1.2 h1:9M6oj4e//owVVHYrFISmY9LBRw6gzkCNmD9MV36tZeQ=
-github.com/rubenv/sql-migrate v1.1.2/go.mod h1:/7TZymwxN8VWumcIxw1jjHEcR1djpdkMHQPT4FWdnbQ=
 github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
 github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
@@ -1058,8 +1023,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
-github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
-github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
 github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
 github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
@@ -1202,8 +1165,6 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY=
 golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1298,8 +1259,6 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.0.0-20220921203646-d300de134e69 h1:hUJpGDpnfwdJW8iNypFjmSY0sCBEL+spFTZ2eO+Sfps=
 golang.org/x/net v0.0.0-20220921203646-d300de134e69/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1319,8 +1278,6 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1335,8 +1292,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde h1:ejfdSekXMDxDLbRrJMwUk6KnSLZ2McaUCVcIKM+N6jc=
-golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
 golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1431,15 +1386,11 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
-golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
 golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220919170432-7a66f970e087 h1:tPwmk4vmvVCMdr98VgL4JH+qZxPL8fqlUOHnyOM8N3w=
 golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1457,8 +1408,6 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 h1:ftMN5LMiBFjbzleLqtoBZk7KdJwhuybIU+FckUHgoyQ=
-golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs=
 golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1667,8 +1616,6 @@ google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwy
 google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf h1:Q5xNKbTSFwkuaaGaR7CMcXEM5sy19KYdUU8iF8/iRC0=
-google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
 google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
 google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
@@ -1761,8 +1708,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-helm.sh/helm/v3 v3.9.4 h1:TCI1QhJUeLVOdccfdw+vnSEO3Td6gNqibptB04QtExY=
-helm.sh/helm/v3 v3.9.4/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY=
 helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI=
 helm.sh/helm/v3 v3.10.0/go.mod h1:paPw0hO5KVfrCMbi1M8+P8xdfBri3IiJiVKATZsFR94=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1773,44 +1718,25 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
-k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
 k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8=
 k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0=
-k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
-k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
 k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo=
 k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18QXJaJvIDLvE8=
-k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
-k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
 k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
 k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
-k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
-k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
 k8s.io/apiserver v0.25.2 h1:YePimobk187IMIdnmsMxsfIbC5p4eX3WSOrS9x6FEYw=
 k8s.io/apiserver v0.25.2/go.mod h1:30r7xyQTREWCkG2uSjgjhQcKVvAAlqoD+YyrqR6Cn+I=
-k8s.io/cli-runtime v0.25.0 h1:XBnTc2Fi+w818jcJGzhiJKQuXl8479sZ4FhtV5hVJ1Q=
-k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
 k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
 k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
-k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
-k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
 k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
 k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
-k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
-k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
 k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
 k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
-k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
-k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
-k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
 k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
 k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
@@ -1826,8 +1752,6 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kind v0.14.0 h1:cNmI3jGBvp7UegEGbC5we8plDtCUmaNRL+bod7JoSCE=
-sigs.k8s.io/kind v0.14.0/go.mod h1:UrFRPHG+2a5j0Q7qiR4gtJ4rEyn8TuMQwuOPf+m4oHg=
 sigs.k8s.io/kind v0.15.0 h1:Fskj234L4hjQlsScCgeYvCBIRt06cjLzc7+kbr1u8Tg=
 sigs.k8s.io/kind v0.15.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From 26ebb324ca8f9bfaf1fa1b9f78066d9d2ab82aa8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 12:25:17 +0200
Subject: [PATCH 0367/2268] fix: Upgrade go-jinja2 to fix relative includes of
 ../ files

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2832f1384..9aa4aa26d 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d
+	github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
diff --git a/go.sum b/go.sum
index b2e3c6035..40c565407 100644
--- a/go.sum
+++ b/go.sum
@@ -671,8 +671,8 @@ github.com/klauspost/compress v1.15.10 h1:Ai8UzuomSCDw90e1qNMtb15msBXsNpH6gzkkEN
 github.com/klauspost/compress v1.15.10/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d h1:pfyMHiDIYskxhJFlh1u1Xi3qHKGzg8Vna5hsRm7Cz0I=
-github.com/kluctl/go-jinja2 v0.0.0-20220922065727-cf67f5b7f26d/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
+github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b h1:4fBKK0PZ8e/DC4GqM6RrUSSE2J6SlVTKNPb8awYxb5g=
+github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

From 52ca9acce842256386fccce6817fa1e3186723ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 13:43:21 +0200
Subject: [PATCH 0368/2268] chore: Remove archive command from issue template

---
 .github/ISSUE_TEMPLATE/FEATURE.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/FEATURE.yml b/.github/ISSUE_TEMPLATE/FEATURE.yml
index 44c5f6875..79ca1bca3 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE.yml
@@ -16,7 +16,6 @@ body:
       label: Command
       description: Which command will be affected by the feature request? (If you want to propose a new command, just leave all unchecked)
       options:
-        - label: "archive"
         - label: "check-image-updates"
         - label: "delete"
         - label: "deploy"

From 8606733482c694fd5f3d706130d877ed9e93cc30 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 14:03:50 +0200
Subject: [PATCH 0369/2268] fix: Enable colored output in windows

---
 cmd/kluctl/commands/root.go  | 12 ++++++---
 pkg/status/status_handler.go | 49 ++++++++++++++++++++++++------------
 pkg/status/utils.go          | 13 ----------
 3 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 8c0f31a30..3fabd1561 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -24,6 +24,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/mattn/go-colorable"
 	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -43,6 +44,7 @@ const latestReleaseUrl = "https://api.github.com/repos/kluctl/kluctl/releases/la
 type cli struct {
 	Debug         bool `group:"global" help:"Enable debug logging"`
 	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
+	NoColor       bool `group:"global" help:"Disable colored output"`
 
 	CpuProfile string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
 
@@ -74,7 +76,7 @@ var flagGroups = []groupInfo{
 var cliCtx = context.Background()
 var didSetupStatusHandler bool
 
-func setupStatusHandler(debug bool) {
+func setupStatusHandler(debug bool, noColor bool) {
 	didSetupStatusHandler = true
 
 	origStderr := os.Stderr
@@ -83,7 +85,7 @@ func setupStatusHandler(debug bool) {
 	isTerminal := isatty.IsTerminal(os.Stderr.Fd())
 	var sh status.StatusHandler
 	if !debug && isatty.IsTerminal(os.Stderr.Fd()) {
-		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, isTerminal, false)
+		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, isTerminal, !noColor, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
@@ -187,7 +189,7 @@ func (c *cli) preRun() error {
 	if err != nil {
 		return err
 	}
-	setupStatusHandler(c.Debug)
+	setupStatusHandler(c.Debug, c.NoColor)
 	c.checkNewVersion()
 	return nil
 }
@@ -214,6 +216,8 @@ func initViper() {
 }
 
 func Execute() {
+	colorable.EnableColorsStdout(nil)
+
 	root := cli{}
 	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
 		"Deploy and manage complex deployments on Kubernetes",
@@ -241,7 +245,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	err = rootCmd.ExecuteContext(cliCtx)
 	if !didSetupStatusHandler {
-		setupStatusHandler(false)
+		setupStatusHandler(false, true)
 	}
 
 	if cpuProfileFile != nil {
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 3f10a4763..a55075de4 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -12,10 +12,11 @@ import (
 )
 
 type MultiLineStatusHandler struct {
-	ctx        context.Context
-	out        io.Writer
-	isTerminal bool
-	trace      bool
+	ctx         context.Context
+	out         io.Writer
+	isTerminal  bool
+	enableColor bool
+	trace       bool
 
 	ml *multiline.MultiLinePrinter
 }
@@ -33,12 +34,13 @@ type statusLine struct {
 	mutex sync.Mutex
 }
 
-func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bool, trace bool) *MultiLineStatusHandler {
+func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bool, enableColor bool, trace bool) *MultiLineStatusHandler {
 	sh := &MultiLineStatusHandler{
-		ctx:        ctx,
-		out:        out,
-		isTerminal: isTerminal,
-		trace:      trace,
+		ctx:         ctx,
+		out:         out,
+		isTerminal:  isTerminal,
+		enableColor: enableColor,
+		trace:       trace,
 	}
 
 	sh.start()
@@ -88,6 +90,21 @@ func (s *MultiLineStatusHandler) startStatus(total int, message string, barOverr
 	return sl
 }
 
+func (s *MultiLineStatusHandler) withColor(c string, txt string) string {
+	if !s.isTerminal || !s.enableColor {
+		return txt
+	}
+	switch c {
+	case "red":
+		c = "\x1b[31m"
+	case "green":
+		c = "\x1b[32m"
+	case "yellow":
+		c = "\x1b[33m"
+	}
+	return fmt.Sprintf("%s%s\x1b[0m", c, txt)
+}
+
 func (s *MultiLineStatusHandler) printLine(message string, barOverride string, doFlush bool) {
 	s.ml.NewTopLine(func() string {
 		return fmt.Sprintf("%s %s", barOverride, message)
@@ -98,7 +115,7 @@ func (s *MultiLineStatusHandler) printLine(message string, barOverride string, d
 }
 
 func (s *MultiLineStatusHandler) Info(message string) {
-	o := withColor("green", "ⓘ")
+	o := s.withColor("green", "ⓘ")
 	s.printLine(message, o, true)
 }
 
@@ -107,12 +124,12 @@ func (s *MultiLineStatusHandler) InfoFallback(message string) {
 }
 
 func (s *MultiLineStatusHandler) Warning(message string) {
-	o := withColor("yellow", "⚠")
+	o := s.withColor("yellow", "⚠")
 	s.printLine(message, o, true)
 }
 
 func (s *MultiLineStatusHandler) Error(message string) {
-	o := withColor("red", "✗")
+	o := s.withColor("red", "✗")
 	s.printLine(message, o, true)
 }
 
@@ -127,7 +144,7 @@ func (s *MultiLineStatusHandler) PlainText(text string) {
 }
 
 func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string, error) {
-	o := withColor("yellow", "?")
+	o := s.withColor("yellow", "?")
 	sl := s.startStatus(1, message, o)
 	defer sl.end(o)
 
@@ -188,10 +205,10 @@ func (sl *statusLine) end(barOverride string) {
 func (sl *statusLine) End(result EndResult) {
 	switch result {
 	case EndSuccess:
-		sl.end(withColor("green", "✓"))
+		sl.end(sl.slh.withColor("green", "✓"))
 	case EndWarning:
-		sl.end(withColor("yellow", "⚠"))
+		sl.end(sl.slh.withColor("yellow", "⚠"))
 	case EndError:
-		sl.end(withColor("red", "✗"))
+		sl.end(sl.slh.withColor("red", "✗"))
 	}
 }
diff --git a/pkg/status/utils.go b/pkg/status/utils.go
index 21555d432..cc5002217 100644
--- a/pkg/status/utils.go
+++ b/pkg/status/utils.go
@@ -2,7 +2,6 @@ package status
 
 import (
 	"bufio"
-	"fmt"
 	"io"
 )
 
@@ -64,15 +63,3 @@ func (r *replaceRReader) Read(p []byte) (int, error) {
 	}
 	return written, nil
 }
-
-func withColor(c string, s string) string {
-	switch c {
-	case "red":
-		c = "\x1b[31m"
-	case "green":
-		c = "\x1b[32m"
-	case "yellow":
-		c = "\x1b[33m"
-	}
-	return fmt.Sprintf("%s%s\x1b[0m", c, s)
-}

From 7bb7747095af82c18d8a1ded6c4a9b8d08a0e9e9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Sep 2022 21:17:57 +0200
Subject: [PATCH 0370/2268] chore: Run go fmt ./...

---
 cmd/kluctl/commands/root.go         | 2 +-
 main.go                             | 2 +-
 pkg/utils/kustomize.go              | 8 ++++----
 pkg/utils/python_scanner/scanner.go | 1 -
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 3fabd1561..d98200898 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/main.go b/main.go
index fb256f4c4..f6ca27150 100644
--- a/main.go
+++ b/main.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/pkg/utils/kustomize.go b/pkg/utils/kustomize.go
index 21fbe4fe2..44a92258a 100644
--- a/pkg/utils/kustomize.go
+++ b/pkg/utils/kustomize.go
@@ -18,10 +18,10 @@ import (
 var kustomizeBuildMutex sync.Mutex
 
 // SecureBuildKustomization wraps krusty.MakeKustomizer with the following settings:
-//  - secure on-disk FS denying operations outside root
-//  - load files from outside the kustomization dir path
-//    (but not outside root)
-//  - disable plugins except for the builtin ones
+//   - secure on-disk FS denying operations outside root
+//   - load files from outside the kustomization dir path
+//     (but not outside root)
+//   - disable plugins except for the builtin ones
 func SecureBuildKustomization(root, dirPath string, allowRemoteBases bool) (_ resmap.ResMap, err error) {
 	var fs filesys.FileSystem
 
diff --git a/pkg/utils/python_scanner/scanner.go b/pkg/utils/python_scanner/scanner.go
index c6f385484..c64b1e506 100644
--- a/pkg/utils/python_scanner/scanner.go
+++ b/pkg/utils/python_scanner/scanner.go
@@ -60,7 +60,6 @@ func (pos Position) String() string {
 //
 // Use GoTokens to configure the Scanner such that it accepts all Go
 // literal tokens including Go identifiers. Comments will be skipped.
-//
 const (
 	ScanIdents     = 1 << -Ident
 	ScanInts       = 1 << -Int

From 0682af3ac4b6553d3a63ae92b142fff223f6b24f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 12:26:43 +0200
Subject: [PATCH 0371/2268] feat: Pass k8s client into Helm install commands

This is a preparation to allow lookup in Helm charts. It will however not
work before https://github.com/helm/helm/pull/9426 or a comparable
solution is merged.
---
 pkg/deployment/helm_chart.go   | 10 ++++++----
 pkg/k8s/client_factory.go      |  6 +++++-
 pkg/k8s/fake_client_factory.go |  4 ++++
 pkg/k8s/k8s_cluster.go         | 29 +++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index a533ba8de..2d930c4b0 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -90,13 +90,15 @@ func (c *helmChart) GetFullOutputPath() (string, error) {
 	return securejoin.SecureJoin(dir, c.GetOutputPath())
 }
 
-func (c *helmChart) buildHelmConfig() (*action.Configuration, error) {
+func (c *helmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
 	rc, err := registry.NewClient()
 	if err != nil {
 		return nil, err
 	}
+
 	return &action.Configuration{
-		RegistryClient: rc,
+		RESTClientGetter: k,
+		RegistryClient:   rc,
 	}, nil
 }
 
@@ -114,7 +116,7 @@ func (c *helmChart) Pull(ctx context.Context) error {
 	targetDir := filepath.Join(filepath.Dir(c.configFile), "charts")
 	_ = os.RemoveAll(chartDir)
 
-	cfg, err := c.buildHelmConfig()
+	cfg, err := c.buildHelmConfig(nil)
 	if err != nil {
 		return err
 	}
@@ -232,7 +234,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 			return err
 		}
 	}
-	cfg, err := c.buildHelmConfig()
+	cfg, err := c.buildHelmConfig(k)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 6ab49a220..8480a2540 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -14,6 +14,7 @@ import (
 )
 
 type ClientFactory interface {
+	RESTConfig() *rest.Config
 	GetCA() []byte
 
 	CloseIdleConnections()
@@ -28,12 +29,15 @@ type realClientFactory struct {
 	httpClient *http.Client
 }
 
+func (r *realClientFactory) RESTConfig() *rest.Config {
+	return r.config
+}
+
 func (r *realClientFactory) GetCA() []byte {
 	return r.config.CAData
 }
 
 func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
-
 	apiHost, err := url.Parse(r.config.Host)
 	if err != nil {
 		return nil, err
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index b01673f27..cee966194 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -23,6 +23,10 @@ type fakeClientFactory struct {
 	scheme    *runtime.Scheme
 }
 
+func (f *fakeClientFactory) RESTConfig() *rest.Config {
+	return nil
+}
+
 func (f *fakeClientFactory) GetCA() []byte {
 	return []byte{}
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 8b58788c9..de92465ac 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -16,9 +16,11 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/version"
+	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/restmapper"
 	"sync"
 	"time"
 )
@@ -449,3 +451,30 @@ func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params
 	}
 	return ret.Stream(k.ctx)
 }
+
+func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
+	return k.clientFactory.RESTConfig(), nil
+}
+
+func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
+	d, err := k.clientFactory.DiscoveryClient()
+	if err != nil {
+		return nil, err
+	}
+	cd, ok := d.(discovery.CachedDiscoveryInterface)
+	if !ok {
+		return nil, fmt.Errorf("not a CachedDiscoveryInterface")
+	}
+	return cd, nil
+}
+
+func (k *K8sCluster) ToRESTMapper() (meta.RESTMapper, error) {
+	discoveryClient, err := k.ToDiscoveryClient()
+	if err != nil {
+		return nil, err
+	}
+
+	mapper := restmapper.NewDeferredDiscoveryRESTMapper(discoveryClient)
+	expander := restmapper.NewShortcutExpander(mapper, discoveryClient)
+	return expander, nil
+}

From 7e2b6b690403df4e386588c0b83e58735fd68a63 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 13:10:45 +0200
Subject: [PATCH 0372/2268] fix: Add new-line between diff tables

---
 cmd/kluctl/commands/command_result.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 668e21ec2..b5702f1c7 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -38,7 +38,10 @@ func formatCommandResultText(cr *types.CommandResult) string {
 		prettyObjectRefs(buf, refs)
 
 		buf.WriteString("\n")
-		for _, co := range cr.ChangedObjects {
+		for i, co := range cr.ChangedObjects {
+			if i != 0 {
+				buf.WriteString("\n")
+			}
 			prettyChanges(buf, co.Ref, co.Changes)
 		}
 	}

From b717b2bb6d7bcc710b7ed8abde75191b80dcda20 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 14:00:08 +0200
Subject: [PATCH 0373/2268] fix: Use custom multiline implementation

uilive had issues on windows and causes partially cleared lines.
---
 go.mod                                      |  9 +-
 go.sum                                      | 10 +--
 pkg/status/multiline/clear_lines.go         |  4 +
 pkg/status/multiline/clear_lines_posix.go   | 15 ++++
 pkg/status/multiline/clear_lines_windows.go | 94 +++++++++++++++++++++
 pkg/status/multiline/multiline.go           | 55 +++++++-----
 6 files changed, 154 insertions(+), 33 deletions(-)
 create mode 100644 pkg/status/multiline/clear_lines.go
 create mode 100644 pkg/status/multiline/clear_lines_posix.go
 create mode 100644 pkg/status/multiline/clear_lines_windows.go

diff --git a/go.mod b/go.mod
index 9aa4aa26d..8b701789b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,18 +5,17 @@ go 1.19
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/aws/aws-sdk-go v1.44.103
 	github.com/bitnami-labs/sealed-secrets v0.18.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/fluxcd/pkg/kustomize v0.7.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.11.0
-	github.com/gosuri/uilive v0.0.4
 	github.com/hashicorp/vault/api v1.8.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
@@ -24,7 +23,9 @@ require (
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
 	github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b
+	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
+	github.com/mattn/go-runewidth v0.0.9
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.14.4
@@ -94,6 +95,7 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
@@ -153,8 +155,6 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -181,7 +181,6 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rivo/uniseg v0.4.2 // indirect
 	github.com/rubenv/sql-migrate v1.2.0 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 40c565407..4c724677b 100644
--- a/go.sum
+++ b/go.sum
@@ -113,6 +113,8 @@ github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErI
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -515,8 +517,6 @@ github.com/gostaticanalysis/forcetypeassert v0.0.0-20200621232751-01d4955beaa5/g
 github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
 github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
 github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU=
-github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY=
-github.com/gosuri/uilive v0.0.4/go.mod h1:V/epo5LjjlDE5RJUcqx8dbw+zc93y5Ya3yg8tfZ74VI=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
@@ -754,9 +754,8 @@ github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mN
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
-github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
@@ -942,9 +941,6 @@ github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mo
 github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
-github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
diff --git a/pkg/status/multiline/clear_lines.go b/pkg/status/multiline/clear_lines.go
new file mode 100644
index 000000000..0b0a41c7b
--- /dev/null
+++ b/pkg/status/multiline/clear_lines.go
@@ -0,0 +1,4 @@
+package multiline
+
+// ESC is the ASCII code for escape character
+const ESC = 27
diff --git a/pkg/status/multiline/clear_lines_posix.go b/pkg/status/multiline/clear_lines_posix.go
new file mode 100644
index 000000000..0742f106d
--- /dev/null
+++ b/pkg/status/multiline/clear_lines_posix.go
@@ -0,0 +1,15 @@
+//go:build !windows
+
+package multiline
+
+import (
+	"fmt"
+	"strings"
+)
+
+// clear the line and move the cursor up
+var clear = fmt.Sprintf("%c[%dA%c[2K", ESC, 1, ESC)
+
+func (ml *MultiLinePrinter) clearLines(lines int) {
+	_, _ = fmt.Fprint(ml.w, strings.Repeat(clear, lines))
+}
diff --git a/pkg/status/multiline/clear_lines_windows.go b/pkg/status/multiline/clear_lines_windows.go
new file mode 100644
index 000000000..b58b42fa2
--- /dev/null
+++ b/pkg/status/multiline/clear_lines_windows.go
@@ -0,0 +1,94 @@
+//go:build windows
+
+package multiline
+
+import (
+	"fmt"
+	"github.com/mattn/go-isatty"
+	"io"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+var kernel32 = syscall.NewLazyDLL("kernel32.dll")
+
+var (
+	procGetConsoleScreenBufferInfo = kernel32.NewProc("GetConsoleScreenBufferInfo")
+	procSetConsoleCursorPosition   = kernel32.NewProc("SetConsoleCursorPosition")
+	procFillConsoleOutputCharacter = kernel32.NewProc("FillConsoleOutputCharacterW")
+)
+
+// clear the line and move the cursor up
+var clear = fmt.Sprintf("%c[%dA%c[2K\r", ESC, 0, ESC)
+
+type short int16
+type dword uint32
+type word uint16
+
+type coord struct {
+	x short
+	y short
+}
+
+type smallRect struct {
+	left   short
+	top    short
+	right  short
+	bottom short
+}
+
+type consoleScreenBufferInfo struct {
+	size              coord
+	cursorPosition    coord
+	attributes        word
+	window            smallRect
+	maximumWindowSize coord
+}
+
+// FdWriter is a writer with a file descriptor.
+type FdWriter interface {
+	io.Writer
+	Fd() uintptr
+}
+
+func (ml *MultiLinePrinter) clearLines(lines int) {
+	f, ok := ml.w.(FdWriter)
+	if ok && !isatty.IsTerminal(f.Fd()) {
+		ok = false
+	}
+	if !ok {
+		_, _ = fmt.Fprint(ml.w, strings.Repeat(clear, lines))
+		return
+	}
+	fd := f.Fd()
+	var info windows.ConsoleScreenBufferInfo
+	if err := windows.GetConsoleScreenBufferInfo(windows.Handle(fd), &info); err != nil {
+		return
+	}
+
+	info.CursorPosition.Y -= int16(lines)
+	if info.CursorPosition.Y < 0 {
+		info.CursorPosition.Y = 0
+	}
+	_, _, _ = procSetConsoleCursorPosition.Call(
+		uintptr(fd),
+		uintptr(uint32(uint16(info.CursorPosition.Y))<<16|uint32(uint16(info.CursorPosition.X))),
+	)
+
+	// clear the lines
+	cursor := &windows.Coord{
+		X: info.Window.Left,
+		Y: info.CursorPosition.Y,
+	}
+	count := uint32(info.Size.X) * uint32(lines)
+	_, _, _ = procFillConsoleOutputCharacter.Call(
+		uintptr(fd),
+		uintptr(' '),
+		uintptr(count),
+		*(*uintptr)(unsafe.Pointer(cursor)),
+		uintptr(unsafe.Pointer(new(uint32))),
+	)
+}
diff --git a/pkg/status/multiline/multiline.go b/pkg/status/multiline/multiline.go
index f2a67889e..9ecce1d7c 100644
--- a/pkg/status/multiline/multiline.go
+++ b/pkg/status/multiline/multiline.go
@@ -1,9 +1,10 @@
 package multiline
 
 import (
-	"bytes"
 	"fmt"
-	"github.com/gosuri/uilive"
+	"github.com/acarl005/stripansi"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/mattn/go-runewidth"
 	"io"
 	"sync"
 	"time"
@@ -13,8 +14,8 @@ type MultiLinePrinter struct {
 	topLines []*Line
 	lines    []*Line
 
-	uil         *uilive.Writer
-	lastWritten []byte
+	w         io.Writer
+	prevLines []string
 
 	ticker *time.Ticker
 	tdone  chan bool
@@ -30,11 +31,9 @@ type Line struct {
 }
 
 func (ml *MultiLinePrinter) Start(w io.Writer) {
-	ml.uil = uilive.New()
-	ml.uil.Out = w
-	ml.uil.Start()
+	ml.w = w
 
-	ml.ticker = time.NewTicker(100 * time.Millisecond)
+	ml.ticker = time.NewTicker(1 * time.Millisecond)
 	ml.tdone = make(chan bool)
 
 	go ml.loop()
@@ -44,7 +43,6 @@ func (ml *MultiLinePrinter) Stop() {
 	ml.Flush()
 	ml.tdone <- true
 	<-ml.tdone
-	ml.uil.Stop()
 }
 
 func (ml *MultiLinePrinter) loop() {
@@ -69,27 +67,42 @@ func (ml *MultiLinePrinter) Flush() {
 	ml.mutex.Lock()
 	defer ml.mutex.Unlock()
 
-	hadTopLines := false
+	tw := utils.GetTermWidth()
+
+	// Count the number of lines that need to be cleared. We need to take wrapping into account as well
+	prevTotalLines := 0
+	for _, line := range ml.prevLines {
+		prevTotalLines += ml.countConsoleLines(line, tw)
+	}
+	if prevTotalLines > 0 {
+		ml.clearLines(prevTotalLines)
+	}
+
 	if len(ml.topLines) != 0 {
-		hadTopLines = true
-		topBuf := bytes.NewBuffer(nil)
 		for _, l := range ml.topLines {
-			_, _ = fmt.Fprintf(topBuf, "%s\n", l.s())
+			_, _ = fmt.Fprintf(ml.w, "%s\n", l.s())
 		}
-
-		_, _ = ml.uil.Bypass().Write(topBuf.Bytes())
 		ml.topLines = nil
 	}
 
-	linesBuf := bytes.NewBuffer(nil)
+	ml.prevLines = nil
 	for _, l := range ml.lines {
-		_, _ = fmt.Fprintf(linesBuf, "%s\n", l.s())
+		s := l.s()
+		ml.prevLines = append(ml.prevLines, s)
+		_, _ = fmt.Fprintf(ml.w, "%s\n", s)
 	}
-	newBytes := linesBuf.Bytes()
-	if hadTopLines || !bytes.Equal(newBytes, ml.lastWritten) {
-		_, _ = ml.uil.Write(newBytes)
-		ml.lastWritten = newBytes
+}
+
+func (ml *MultiLinePrinter) countConsoleLines(s string, tw int) int {
+	s = stripansi.Strip(s)
+	w := runewidth.StringWidth(s)
+	cnt := 1
+	for w > tw {
+		cnt++
+		s = s[tw:]
+		w = runewidth.StringWidth(s)
 	}
+	return cnt
 }
 
 func (ml *MultiLinePrinter) NewTopLine(s LineFunc) {

From e190eec384f337ae26b7e4014f6778cc0206c723 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 14:35:23 +0200
Subject: [PATCH 0374/2268] fix: Use custom GetSize/GetWidth implementation

---
 cmd/kluctl/commands/cobra_utils.go  |  3 ++-
 pkg/status/multiline/multiline.go   |  4 ++--
 pkg/utils/prettytable.go            | 20 ++------------------
 pkg/utils/term/term_size.go         | 22 ++++++++++++++++++++++
 pkg/utils/term/term_size_unix.go    | 14 ++++++++++++++
 pkg/utils/term/term_size_windows.go | 21 +++++++++++++++++++++
 6 files changed, 63 insertions(+), 21 deletions(-)
 create mode 100644 pkg/utils/term/term_size.go
 create mode 100644 pkg/utils/term/term_size_unix.go
 create mode 100644 pkg/utils/term/term_size_windows.go

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 1d2fa005a..3f8bc6316 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
@@ -252,7 +253,7 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 func (c *rootCommand) helpFunc(cg *commandAndGroups) {
 	cmd := cg.cmd
 
-	termWidth := utils.GetTermWidth()
+	termWidth := term.GetWidth()
 
 	h := "Usage: "
 	if cmd.Runnable() {
diff --git a/pkg/status/multiline/multiline.go b/pkg/status/multiline/multiline.go
index 9ecce1d7c..09bcd5b40 100644
--- a/pkg/status/multiline/multiline.go
+++ b/pkg/status/multiline/multiline.go
@@ -3,7 +3,7 @@ package multiline
 import (
 	"fmt"
 	"github.com/acarl005/stripansi"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/mattn/go-runewidth"
 	"io"
 	"sync"
@@ -67,7 +67,7 @@ func (ml *MultiLinePrinter) Flush() {
 	ml.mutex.Lock()
 	defer ml.mutex.Unlock()
 
-	tw := utils.GetTermWidth()
+	tw := term.GetWidth()
 
 	// Count the number of lines that need to be cleared. We need to take wrapping into account as well
 	prevTotalLines := 0
diff --git a/pkg/utils/prettytable.go b/pkg/utils/prettytable.go
index cb9858530..88db41614 100644
--- a/pkg/utils/prettytable.go
+++ b/pkg/utils/prettytable.go
@@ -2,10 +2,8 @@ package utils
 
 import (
 	"bytes"
-	"golang.org/x/crypto/ssh/terminal"
-	"os"
+	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"sort"
-	"strconv"
 	"strings"
 )
 
@@ -25,20 +23,6 @@ func (t *PrettyTable) SortRows(col int) {
 	})
 }
 
-func GetTermWidth() int {
-	if c, ok := os.LookupEnv("COLUMNS"); ok {
-		tw, err := strconv.ParseInt(c, 10, 32)
-		if err == nil {
-			return int(tw)
-		}
-	}
-	tw, _, err := terminal.GetSize(0)
-	if err != nil {
-		return 80
-	}
-	return tw
-}
-
 func (t *PrettyTable) Render(limitWidths []int) string {
 	cols := len(t.rows[0])
 
@@ -82,7 +66,7 @@ func (t *PrettyTable) Render(limitWidths []int) string {
 	}
 
 	if len(limitWidths) < cols {
-		tw := GetTermWidth()
+		tw := term.GetWidth()
 		// last column should use all remaining space
 		tw = tw - widthSum - (cols-1)*3 - 4
 		if tw <= 0 {
diff --git a/pkg/utils/term/term_size.go b/pkg/utils/term/term_size.go
new file mode 100644
index 000000000..706f09180
--- /dev/null
+++ b/pkg/utils/term/term_size.go
@@ -0,0 +1,22 @@
+package term
+
+import (
+	"os"
+	"strconv"
+)
+
+var origStdout = os.Stdout
+
+func GetWidth() int {
+	if c, ok := os.LookupEnv("COLUMNS"); ok {
+		tw, err := strconv.ParseInt(c, 10, 32)
+		if err == nil {
+			return int(tw)
+		}
+	}
+	w, _, err := GetSize(int(origStdout.Fd()))
+	if err != nil {
+		return 80
+	}
+	return w
+}
diff --git a/pkg/utils/term/term_size_unix.go b/pkg/utils/term/term_size_unix.go
new file mode 100644
index 000000000..f283e307c
--- /dev/null
+++ b/pkg/utils/term/term_size_unix.go
@@ -0,0 +1,14 @@
+//go:build !windows
+
+package term
+
+import "golang.org/x/sys/unix"
+
+// GetSize returns the dimensions of the given terminal.
+func GetSize(fd int) (width, height int, err error) {
+	ws, err := unix.IoctlGetWinsize(fd, unix.TIOCGWINSZ)
+	if err != nil {
+		return -1, -1, err
+	}
+	return int(ws.Col), int(ws.Row), nil
+}
diff --git a/pkg/utils/term/term_size_windows.go b/pkg/utils/term/term_size_windows.go
new file mode 100644
index 000000000..51a9d1310
--- /dev/null
+++ b/pkg/utils/term/term_size_windows.go
@@ -0,0 +1,21 @@
+//go:build windows
+
+package term
+
+import (
+	"golang.org/x/sys/windows"
+)
+
+// GetSize returns the visible dimensions of the given terminal.
+//
+// These dimensions don't include any scrollback buffer height.
+func GetSize(fd int) (width, height int, err error) {
+	var info windows.ConsoleScreenBufferInfo
+	if err := windows.GetConsoleScreenBufferInfo(windows.Handle(fd), &info); err != nil {
+		return 0, 0, err
+	}
+	// terminal.GetSize from crypto/ssh adds "+ 1" to both width and height:
+	// https://go.googlesource.com/crypto/+/refs/heads/release-branch.go1.14/ssh/terminal/util_windows.go#75
+	// but looks like this is a root cause of issue #66, so removing both "+ 1" have fixed it.
+	return int(info.Window.Right - info.Window.Left), int(info.Window.Bottom - info.Window.Top), nil
+}

From d1e5da6d4c74f7a1a08a2161aa091a72d663b2ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 18:43:27 +0200
Subject: [PATCH 0375/2268] chore: Run go get -u ./...

---
 go.mod | 37 ++++++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 8b701789b..81af6f3a8 100644
--- a/go.mod
+++ b/go.mod
@@ -6,11 +6,11 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.103
-	github.com/bitnami-labs/sealed-secrets v0.18.2
+	github.com/aws/aws-sdk-go v1.44.105
+	github.com/bitnami-labs/sealed-secrets v0.18.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/fluxcd/pkg/kustomize v0.7.0
+	github.com/fluxcd/pkg/kustomize v0.8.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
@@ -25,7 +25,7 @@ require (
 	github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
-	github.com/mattn/go-runewidth v0.0.9
+	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.14.4
@@ -39,9 +39,9 @@ require (
 	github.com/stretchr/testify v1.8.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
-	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
-	golang.org/x/net v0.0.0-20220921203646-d300de134e69
-	golang.org/x/sync v0.0.0-20220907140024-f12130a52804
+	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
+	golang.org/x/net v0.0.0-20220923203811-8be639271d50
+	golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7
 	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
 	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
 	golang.org/x/text v0.3.7
@@ -53,7 +53,7 @@ require (
 	k8s.io/apimachinery v0.25.2
 	k8s.io/client-go v0.25.2
 	k8s.io/klog/v2 v2.80.1
-	sigs.k8s.io/kind v0.15.0
+	sigs.k8s.io/kind v0.16.0
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
@@ -73,7 +73,7 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
-	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
@@ -89,7 +89,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.18+incompatible // indirect
 	github.com/docker/docker v20.10.18+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.6.4 // indirect
+	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -147,7 +147,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.10 // indirect
+	github.com/klauspost/compress v1.15.11 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
@@ -155,7 +155,7 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -171,7 +171,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
@@ -181,6 +181,7 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/rivo/uniseg v0.4.2 // indirect
 	github.com/rubenv/sql-migrate v1.2.0 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -195,12 +196,14 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.starlark.net v0.0.0-20220817180228-f738f5508c12 // indirect
+	go.starlark.net v0.0.0-20220926145019-14b050677505 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
-	golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 // indirect
+	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
+	golang.org/x/tools v0.1.12 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 // indirect
+	google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc // indirect
 	google.golang.org/grpc v1.49.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
@@ -212,7 +215,7 @@ require (
 	k8s.io/component-base v0.25.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
 	k8s.io/kubectl v0.25.2 // indirect
-	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 // indirect
+	k8s.io/utils v0.0.0-20220922133306-665eaaec4324 // indirect
 	oras.land/oras-go v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect

From c6281fa167a3afdea9c8f906b8ac79ecaab7c9e4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Sep 2022 18:48:20 +0200
Subject: [PATCH 0376/2268] chore: Run go mod tidy

---
 go.sum | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/go.sum b/go.sum
index 4c724677b..46fc203bd 100644
--- a/go.sum
+++ b/go.sum
@@ -105,6 +105,8 @@ github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jB
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
@@ -151,6 +153,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.44.103 h1:tbhBHKgiZSIUkG8FcHy3wYKpPVvp65Wn7ZiX0B8phpY=
 github.com/aws/aws-sdk-go v1.44.103/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.105 h1:UUwoD1PRKIj3ltrDUYTDQj5fOTK3XsnqolLpRTMmSEM=
+github.com/aws/aws-sdk-go v1.44.105/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -158,6 +162,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitnami-labs/sealed-secrets v0.18.2 h1:CfZD0JmhAPOQ7YqxrxZ90/+BjqTheWztBOYploqO6nc=
 github.com/bitnami-labs/sealed-secrets v0.18.2/go.mod h1:wlhaZ+SI5aJkpq9CyyP0pVLJEj4LPXLzLHb2TnID/Rc=
+github.com/bitnami-labs/sealed-secrets v0.18.5 h1:PT/lxfgWnP8l8ybpvTsHuJltY4A35LI8if19Ww9FbcU=
+github.com/bitnami-labs/sealed-secrets v0.18.5/go.mod h1:nzCyKhzDRbNySRUZXR6tvui4s95LbuaNpBoGRvV9Nk8=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
 github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec=
@@ -174,6 +180,7 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -238,6 +245,8 @@ github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfem
 github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
+github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
+github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@@ -283,6 +292,8 @@ github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8S
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/pkg/kustomize v0.7.0 h1:604rlpRZTWaOfzDZ1W93aHaFh9kn8/UMX/wzsjwIUQY=
 github.com/fluxcd/pkg/kustomize v0.7.0/go.mod h1:zJY3Z0+SX+zs+/A1F6fCT0JvUce265XnrpTtHnujXPo=
+github.com/fluxcd/pkg/kustomize v0.8.0 h1:8AdEvp6y38ISZzoi0H82Si5zkmLXClbeX10W7HevB00=
+github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKzi2UcFUeabDAE=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -620,6 +631,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/jhump/protoreflect v1.6.1 h1:4/2yi5LyDPP7nN+Hiird1SAJ6YoxUm13/oxHGRnbPd8=
 github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
 github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
@@ -669,6 +681,8 @@ github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.10 h1:Ai8UzuomSCDw90e1qNMtb15msBXsNpH6gzkkENQNcJo=
 github.com/klauspost/compress v1.15.10/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
+github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c=
+github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
 github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b h1:4fBKK0PZ8e/DC4GqM6RrUSSE2J6SlVTKNPb8awYxb5g=
@@ -729,6 +743,7 @@ github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
+github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
 github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
@@ -756,6 +771,8 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
 github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
+github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
@@ -765,6 +782,8 @@ github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpe
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM=
+github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
 github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
 github.com/mgechev/revive v1.1.2/go.mod h1:bnXsMr+ZTH09V5rssEI+jHAZ4z+ZdyhgO/zsy3EhK+0=
@@ -860,6 +879,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
 github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198/go.mod h1:j4h1pJW6ZcJTgMZWP3+7RlG3zTaP02aDZ/Qw0sppK7Q=
+github.com/opencontainers/image-spec v1.1.0-rc1 h1:lfG+OTa7V8PD3PKvkocSG9KAcA9MANqJn53m31Fvwkc=
+github.com/opencontainers/image-spec v1.1.0-rc1/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
@@ -941,6 +962,9 @@ github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mo
 github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
+github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -1121,6 +1145,8 @@ go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20220817180228-f738f5508c12 h1:xOBJXWGEDwU5xSDxH6macxO11Us0AH2fTa9rmsbbF7g=
 go.starlark.net v0.0.0-20220817180228-f738f5508c12/go.mod h1:VZcBMdr3cT3PnBoWunTabuSEXwVAH+ZJ5zxfs3AdASk=
+go.starlark.net v0.0.0-20220926145019-14b050677505 h1:W0MibAL5BiEenQR+F/EF/a4HJhgLngHVvm6jbtUW0PM=
+go.starlark.net v0.0.0-20220926145019-14b050677505/go.mod h1:qsNirHv+Awo5xHuNyQ/0niov6kDxdBs+bqpVMBCW77k=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@@ -1163,6 +1189,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY=
 golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
+golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1200,6 +1228,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1257,6 +1287,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220921203646-d300de134e69 h1:hUJpGDpnfwdJW8iNypFjmSY0sCBEL+spFTZ2eO+Sfps=
 golang.org/x/net v0.0.0-20220921203646-d300de134e69/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220923203811-8be639271d50 h1:vKyz8L3zkd+xrMeIaBsQ/MNVPVFSffdaU3ZyYlBGFnI=
+golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1290,6 +1322,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
 golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1387,6 +1421,7 @@ golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220919170432-7a66f970e087 h1:tPwmk4vmvVCMdr98VgL4JH+qZxPL8fqlUOHnyOM8N3w=
 golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1406,6 +1441,8 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs=
 golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
+golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1509,6 +1546,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1614,6 +1653,8 @@ google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEc
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
 google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
+google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc h1:saaNe2+SBQxandnzcD/qB1JEBQ2Pqew+KlFLLdA/XcM=
+google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc/go.mod h1:yEEpwVWKMZZzo81NwRgyEJnA2fQvpXAYPVisv8EgDVs=
 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1728,6 +1769,7 @@ k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
 k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
 k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
 k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
@@ -1737,6 +1779,8 @@ k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
 k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
 k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20220922133306-665eaaec4324 h1:i+xdFemcSNuJvIfBlaYuXgRondKxK4z4prVPKzEaelI=
+k8s.io/utils v0.0.0-20220922133306-665eaaec4324/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
@@ -1750,6 +1794,8 @@ sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kind v0.15.0 h1:Fskj234L4hjQlsScCgeYvCBIRt06cjLzc7+kbr1u8Tg=
 sigs.k8s.io/kind v0.15.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
+sigs.k8s.io/kind v0.16.0 h1:GFXyyxtPnHFKqXr3ZG8/X0+0K9sl69lejStlPn2WQyM=
+sigs.k8s.io/kind v0.16.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=

From 4ea1d40bb7dd5909ecb0b73011cafdfa73bd76f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 10:19:43 +0200
Subject: [PATCH 0377/2268] fix: Use 100ms for multiline updates

---
 pkg/status/multiline/multiline.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/status/multiline/multiline.go b/pkg/status/multiline/multiline.go
index 09bcd5b40..399942828 100644
--- a/pkg/status/multiline/multiline.go
+++ b/pkg/status/multiline/multiline.go
@@ -33,7 +33,7 @@ type Line struct {
 func (ml *MultiLinePrinter) Start(w io.Writer) {
 	ml.w = w
 
-	ml.ticker = time.NewTicker(1 * time.Millisecond)
+	ml.ticker = time.NewTicker(100 * time.Millisecond)
 	ml.tdone = make(chan bool)
 
 	go ml.loop()

From d4b7cfd01b2b49d8501c1b3e855d35796a7d8113 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 11:33:25 +0200
Subject: [PATCH 0378/2268] refactor: Generalize deprecation handling

---
 pkg/kluctl_project/project.go        |  3 ---
 pkg/kluctl_project/project_load.go   | 12 +++++------
 pkg/kluctl_project/target_context.go |  6 ++----
 pkg/status/status.go                 | 32 ++++++++++++++++++++++++----
 pkg/vars/vars_loader.go              |  2 +-
 5 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index bca9ab1a3..ebb5b2e26 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"strings"
 )
 
@@ -29,8 +28,6 @@ type LoadedKluctlProject struct {
 
 	J2 *jinja2.Jinja2
 	RP *repocache.GitRepoCache
-
-	warnOnce utils.OnceByKey
 }
 
 func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 3a2d1e730..738c3219c 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -96,10 +96,8 @@ func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, de
 	}
 
 	if ep.Project != nil {
-		c.warnOnce.Do("external-projects", func() {
-			status.Warning(c.ctx, "External projects are deprecated and support for them will be removed in the future. "+
-				"Use Git variable sources as replacement for cluster configs and Git includes as replacement for external deployment projects.")
-		})
+		status.Deprecation(c.ctx, "external-projects", "External projects are deprecated and support for them will be removed in the future. "+
+			"Use Git variable sources as replacement for cluster configs and Git includes as replacement for external deployment projects.")
 
 		// pointing to an actual external project, so let's try to clone it
 		return c.loadGitProject(ep.Project, defaultGitSubDir)
@@ -156,13 +154,13 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	defer s.Failed()
 
 	if c.loadArgs.LocalClusters != "" {
-		status.Warning(c.ctx, "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
+		status.Deprecation(c.ctx, "--local-clusters", "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
 	}
 	if c.loadArgs.LocalDeployment != "" {
-		status.Warning(c.ctx, "--local-deployment is deprecated and will be removed in an upcoming version. Use git includes instead.")
+		status.Deprecation(c.ctx, "--local-deployment", "--local-deployment is deprecated and will be removed in an upcoming version. Use git includes instead.")
 	}
 	if c.loadArgs.LocalSealedSecrets != "" {
-		status.Warning(c.ctx, "--local-sealed-secrets is deprecated and will be removed in an upcoming version.")
+		status.Deprecation(c.ctx, "--local-sealed-secrets", "--local-sealed-secrets is deprecated and will be removed in an upcoming version.")
 	}
 
 	deploymentInfo, err := c.loadExternalProject(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f93c9e8ed..b2c9ad978 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -205,7 +205,7 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 			return err
 		}
 		if len(secretEntry.Sources) != 0 {
-			status.Warning(p.ctx, "'sources' in secretSets is deprecated, use 'vars' instead")
+			status.Deprecation(p.ctx, "secrets-sets-sources", "'sources' in secretSets is deprecated, use 'vars' instead")
 			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Sources, searchDirs, "secrets")
 		} else {
 			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Vars, searchDirs, "secrets")
@@ -221,9 +221,7 @@ func (p *LoadedKluctlProject) LoadClusterConfig(clusterName string) (*types.Clus
 	var err error
 	var clusterConfig *types.ClusterConfig
 
-	p.warnOnce.Do("cluster-config", func() {
-		status.Warning(p.ctx, "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
-	})
+	status.Deprecation(p.ctx, "cluster-config", "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
 
 	clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, clusterName)
 	if err != nil {
diff --git a/pkg/status/status.go b/pkg/status/status.go
index c49f64dfc..8c8f158c3 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -3,6 +3,7 @@ package status
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 // StatusContext is used to report user-facing status/progress
@@ -57,17 +58,33 @@ type StatusHandler interface {
 }
 
 type contextKey struct{}
+type contextValue struct {
+	slh         StatusHandler
+	deprecation utils.OnceByKey
+}
+
+var noopContextValue = contextValue{
+	slh: &NoopStatusHandler{},
+}
 
 func NewContext(ctx context.Context, slh StatusHandler) context.Context {
-	return context.WithValue(ctx, contextKey{}, slh)
+	return context.WithValue(ctx, contextKey{}, &contextValue{
+		slh: slh,
+	})
 }
 
-func FromContext(ctx context.Context) StatusHandler {
+func getContextValue(ctx context.Context) *contextValue {
 	v := ctx.Value(contextKey{})
 	if v == nil {
-		return &NoopStatusHandler{}
+		return &noopContextValue
 	}
-	return v.(StatusHandler)
+	cv := v.(*contextValue)
+	return cv
+}
+
+func FromContext(ctx context.Context) StatusHandler {
+	v := getContextValue(ctx)
+	return v.slh
 }
 
 type Option func(s *StatusContext)
@@ -250,6 +267,13 @@ func Prompt(ctx context.Context, password bool, message string, args ...any) (st
 	return slh.Prompt(password, fmt.Sprintf(message, args...))
 }
 
+func Deprecation(ctx context.Context, key string, message string) {
+	cv := getContextValue(ctx)
+	cv.deprecation.Do(key, func() {
+		cv.slh.Warning(message)
+	})
+}
+
 func Flush(ctx context.Context) {
 	slh := FromContext(ctx)
 	slh.Flush()
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index a479ec791..84986f0a1 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -76,7 +76,7 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		v.mergeVars(varsCtx, source.Values, rootKey)
 		return nil
 	} else if source.Path != nil {
-		status.Warning(v.ctx, "'path' is deprecated as vars source, use 'file' instead")
+		status.Deprecation(v.ctx, "vars-path", "'path' is deprecated as vars source, use 'file' instead")
 		return v.loadFile(varsCtx, *source.Path, searchDirs, rootKey)
 	} else if source.File != nil {
 		return v.loadFile(varsCtx, *source.File, searchDirs, rootKey)

From 1952338e127d2f06be04983a1ae214c969565b9d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 11:33:56 +0200
Subject: [PATCH 0379/2268] feat: Upgrade go-jinja2 to add .templateignore
 support

Also deprecate templateExcludes.
---
 go.mod                            |   2 +-
 go.sum                            | 517 +-----------------------------
 pkg/deployment/deployment_item.go |   4 +
 3 files changed, 8 insertions(+), 515 deletions(-)

diff --git a/go.mod b/go.mod
index 81af6f3a8..cc78c4587 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b
+	github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
diff --git a/go.sum b/go.sum
index 46fc203bd..1b9d4d57c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,3 @@
-4d63.com/gochecknoglobals v0.1.0/go.mod h1:wfdC5ZjKSPr7CybKEcgJhUOgeAQW1+7WcyK8OvUilfo=
-bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -14,7 +12,6 @@ cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.60.0/go.mod h1:yw2G51M9IfRboUH61Us8GqCeF1PzPblB823Mn2q2eAU=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
@@ -23,11 +20,6 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -39,23 +31,17 @@ cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOt
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/firestore v1.6.0/go.mod h1:afJwI0vaXwAG54kI7A//lP/lSPDkQORQuMkv56TxEPU=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/pubsub v1.5.0/go.mod h1:ZEwJccE3z93Z2HWvstpri00jOg7oO4UZDtKhwDwqF0w=
-cloud.google.com/go/spanner v1.7.0/go.mod h1:sd3K2gZ9Fd0vMPLXzeCrF6fq4i63Q7aTLW/lBIfBkIk=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Antonboom/errname v0.1.5/go.mod h1:DugbBstvPFQbv/5uLcRRzfrNqKE9tVdVCqWCLp6Cifo=
-github.com/Antonboom/nilnil v0.1.0/go.mod h1:PhHLvRPSghY5Y7mX4TW+BHZQYo1A8flE5H20D3IPZBo=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -77,25 +63,19 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
-github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
@@ -103,18 +83,15 @@ github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvd
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
-github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
@@ -126,16 +103,10 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
-github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE=
-github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
-github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
 github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
@@ -146,13 +117,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/ashanbrown/forbidigo v1.2.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI=
-github.com/ashanbrown/makezero v0.0.0-20210520155254-b6261585ddde/go.mod h1:oG9Dnez7/ESBqc4EdrdNlryeo7d0KcW1ftXHm7nU/UU=
-github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.103 h1:tbhBHKgiZSIUkG8FcHy3wYKpPVvp65Wn7ZiX0B8phpY=
-github.com/aws/aws-sdk-go v1.44.103/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.105 h1:UUwoD1PRKIj3ltrDUYTDQj5fOTK3XsnqolLpRTMmSEM=
 github.com/aws/aws-sdk-go v1.44.105/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -160,35 +124,25 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.18.2 h1:CfZD0JmhAPOQ7YqxrxZ90/+BjqTheWztBOYploqO6nc=
-github.com/bitnami-labs/sealed-secrets v0.18.2/go.mod h1:wlhaZ+SI5aJkpq9CyyP0pVLJEj4LPXLzLHb2TnID/Rc=
 github.com/bitnami-labs/sealed-secrets v0.18.5 h1:PT/lxfgWnP8l8ybpvTsHuJltY4A35LI8if19Ww9FbcU=
 github.com/bitnami-labs/sealed-secrets v0.18.5/go.mod h1:nzCyKhzDRbNySRUZXR6tvui4s95LbuaNpBoGRvV9Nk8=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
-github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
-github.com/blizzy78/varnamelen v0.3.0/go.mod h1:hbwRdBvoBqxk34XyQ6HA0UH3G0/1TKuv5AC4eaBT0Ec=
-github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
-github.com/breml/bidichk v0.1.1/go.mod h1:zbfeitpevDUGI7V91Uzzuwrn4Vls8MoBMrwtt78jmso=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
-github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
-github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
-github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -202,40 +156,24 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
 github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
 github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/daixiang0/gci v0.2.9/go.mod h1:+4dZ7TISfSmqfAGv59ePaHfNzgGtIkHAhhdKggP1JAc=
-github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
-github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCFFnBUn4RN0nRcs1LJA=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
 github.com/docker/cli v20.10.18+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -243,8 +181,6 @@ github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
 github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
-github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -256,8 +192,6 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
@@ -271,10 +205,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/esimonov/ifshort v1.0.3/go.mod h1:yZqNJUrNn20K8Q9n2CrjTKYyVEmX209Hgu+M1LBpeZE=
-github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
@@ -282,31 +213,21 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
-github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/pkg/kustomize v0.7.0 h1:604rlpRZTWaOfzDZ1W93aHaFh9kn8/UMX/wzsjwIUQY=
-github.com/fluxcd/pkg/kustomize v0.7.0/go.mod h1:zJY3Z0+SX+zs+/A1F6fCT0JvUce265XnrpTtHnujXPo=
 github.com/fluxcd/pkg/kustomize v0.8.0 h1:8AdEvp6y38ISZzoi0H82Si5zkmLXClbeX10W7HevB00=
 github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKzi2UcFUeabDAE=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
-github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-critic/go-critic v0.6.1/go.mod h1:SdNCfU0yF3UBjtaZGw6586/WocupMOJuiqgom5DsQxM=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
@@ -331,12 +252,9 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -353,27 +271,12 @@ github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/j
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
 github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
-github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
-github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
-github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
-github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astequal v1.0.1/go.mod h1:4oGA3EZXTVItV/ipGiOx7NWkY5veFfcsOJVS2YxltLw=
-github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
-github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU=
-github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
-github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc=
-github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
-github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
@@ -384,11 +287,7 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
-github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
@@ -397,7 +296,6 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -410,8 +308,6 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -430,26 +326,13 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
-github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
-github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8=
-github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
-github.com/golangci/golangci-lint v1.43.0/go.mod h1:VIFlUqidx5ggxDfQagdvd9E67UjMXtTHBkBQ7sHoC5Q=
-github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
-github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
-github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
-github.com/golangci/revgrep v0.0.0-20210930125155-c22e5001d4f2/go.mod h1:LK+zW4MpyytAWQRz0M4xnzEk50lSvqDQKfx304apFkY=
-github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
-github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs=
 github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
 github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -463,7 +346,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
@@ -474,74 +356,40 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/trillian v1.3.11/go.mod h1:0tPraVHrSDkA3BO6vKX67zgLXs6SsOAbHEivX+9mPgw=
-github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
-github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254/go.mod h1:M9mZEtGIsR1oDaZagNPNG9iq9n2HrhZ17dsXk73V3Lw=
-github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75/go.mod h1:g2644b03hfBX9Ov0ZBDgXXens4rxSxmqFBbhvKv2yVA=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/gostaticanalysis/analysisutil v0.1.0/go.mod h1:dMhHRU9KTiDcuLGdy87/2gTR8WruwYZrKdRq9m1O6uw=
-github.com/gostaticanalysis/analysisutil v0.4.1/go.mod h1:18U/DLpRgIUd459wGxVHE0fRgmo1UgHDcbw7F5idXu0=
-github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=
-github.com/gostaticanalysis/comment v1.3.0/go.mod h1:xMicKDx7XRXYdVwY9f9wQpDJVnqWxw9wCauCMKp+IBI=
-github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado=
-github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM=
-github.com/gostaticanalysis/forcetypeassert v0.0.0-20200621232751-01d4955beaa5/go.mod h1:qZEedyP/sY1lTGV1uJ3VhWZ2mqag3IkWsDHVbplHXak=
-github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
-github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
-github.com/gostaticanalysis/testutil v0.4.0/go.mod h1:bLIoPefWXrRi/ssLFWX1dx7Repi5x3CuviD3dgAZaBU=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -550,7 +398,6 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
 github.com/hashicorp/go-hclog v1.3.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -558,7 +405,6 @@ github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJ
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
@@ -584,7 +430,6 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
@@ -596,11 +441,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
 github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
@@ -609,16 +451,11 @@ github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
-github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
@@ -630,27 +467,17 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
-github.com/jhump/protoreflect v1.6.1 h1:4/2yi5LyDPP7nN+Hiird1SAJ6YoxUm13/oxHGRnbPd8=
-github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
-github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/josharian/txtarfs v0.0.0-20210218200122-0702f000015a/go.mod h1:izVPOvVRsHiKkeGCT6tYBNWyDVuzj9wAaBb5R9qamfw=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -662,33 +489,22 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/julz/importas v0.0.0-20210419104244-841f0c0fe66d/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
-github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/errcheck v1.6.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
-github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.15.10 h1:Ai8UzuomSCDw90e1qNMtb15msBXsNpH6gzkkENQNcJo=
-github.com/klauspost/compress v1.15.10/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c=
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b h1:4fBKK0PZ8e/DC4GqM6RrUSSE2J6SlVTKNPb8awYxb5g=
-github.com/kluctl/go-jinja2 v0.0.0-20220922102415-424914b4142b/go.mod h1:8deI9sssmQf1CiCnyRJoBgfIw4Hh3+WsHmmO9+xIIO0=
+github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca h1:OSl16ha01V8QHu/yKmsfKHx8r6ts/O3xHuT5SaaJ/1I=
+github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca/go.mod h1:kMEDb2dWTbpe6CT+XuGVPcnY1ph9IfHf4b43KN80qas=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
@@ -702,32 +518,18 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kulti/thelper v0.4.0/go.mod h1:vMu2Cizjy/grP+jmsvOFDx1kYP6+PD1lqg4Yu5exl2U=
-github.com/kunwardeep/paralleltest v1.0.3/go.mod h1:vLydzomDFpk7yu5UX02RmP0H8QfRPOV/oFhWN85Mjb4=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/ldez/gomoddirectives v0.2.2/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
-github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.3/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
@@ -735,65 +537,37 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/maratori/testpackage v1.0.1/go.mod h1:ddKdw+XG0Phzhx8BFDTKgpWP4i7MpApTE5fXSKAqwDU=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
 github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
 github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
 github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
-github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
-github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw=
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
-github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM=
 github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
-github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
-github.com/mgechev/revive v1.1.2/go.mod h1:bnXsMr+ZTH09V5rssEI+jHAZ4z+ZdyhgO/zsy3EhK+0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
 github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -814,11 +588,9 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
@@ -835,63 +607,30 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
-github.com/moricho/tparallel v0.2.1/go.mod h1:fXEIZxG2vdfl0ZF8b42f5a78EhjjD5mX8qUplsoSU4k=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8=
-github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo=
-github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc=
-github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
-github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nishanths/exhaustive v0.2.3/go.mod h1:bhIX678Nx8inLM9PbpvK1yv6oGtoP8BfaIeMzgBNKvc=
-github.com/nishanths/predeclared v0.0.0-20190419143655-18a43bb90ffc/go.mod h1:62PewwiQTlm/7Rj+cxVYqZvDIUc+JjZq6GHAC1fsObQ=
-github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB9sbB1usJ+xjQE=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
 github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
+github.com/onsi/gomega v1.20.2 h1:8uQq0zMgLEfa0vRrrBgaJF2gyW9Da9BmfGV+OyUzfkY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 h1:+czc/J8SlhPKLOtVLMQc+xDCFBT73ZStMsRhSsUhsSg=
-github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198/go.mod h1:j4h1pJW6ZcJTgMZWP3+7RlG3zTaP02aDZ/Qw0sppK7Q=
 github.com/opencontainers/image-spec v1.1.0-rc1 h1:lfG+OTa7V8PD3PKvkocSG9KAcA9MANqJn53m31Fvwkc=
 github.com/opencontainers/image-spec v1.1.0-rc1/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
@@ -900,7 +639,6 @@ github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwb
 github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
@@ -911,12 +649,9 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/polyfloyd/go-errorlint v0.0.0-20210722154253-910bb7978349/go.mod h1:wi9BfjxjF/bwiZ701TzmfKu6UKC357IOAtNr0Td0Lvw=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -950,57 +685,34 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/pseudomuto/protoc-gen-doc v1.3.2/go.mod h1:y5+P6n3iGrbKG+9O04V5ld71in3v/bX88wUwgt+U8EA=
-github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q=
-github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
-github.com/quasilyte/go-ruleguard v0.3.1-0.20210203134552-1b5a410e1cc8/go.mod h1:KsAh3x0e7Fkpgs+Q9pNLS5XpFSvYCEVl5gP9Pp1xp30=
-github.com/quasilyte/go-ruleguard v0.3.13/go.mod h1:Ul8wwdqR6kBVOCt2dipDBkE+T6vAV/iixkrKuRTN1oQ=
-github.com/quasilyte/go-ruleguard/dsl v0.3.0/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
-github.com/quasilyte/go-ruleguard/dsl v0.3.10/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
-github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc=
-github.com/quasilyte/go-ruleguard/rules v0.0.0-20210428214800-545e0d2e0bf7/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50=
-github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
 github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
 github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryancurrah/gomodguard v1.2.3/go.mod h1:rYbA/4Tg5c54mV1sv4sQTP5WOPBcoLtnBZ7/TEhXAbg=
-github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE=
-github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/securego/gosec/v2 v2.9.1/go.mod h1:oDcDLcatOJxkCGaCaq8lua1jTnYf6Sou4wdiJ1n4iHc=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
-github.com/shirou/gopsutil/v3 v3.21.10/go.mod h1:t75NhzCZ/dYyPQjyQmrAYP6c8+LCdFANeBMdLPCNnew=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -1010,49 +722,32 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sivchari/tenv v1.4.7/go.mod h1:5nF+bITvkebQVanjU6IuMbvIot/7ReNsUV7I5NbprB0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI=
-github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
 github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4=
 github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
 github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
-github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1066,33 +761,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
-github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
-github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
-github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
-github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
-github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
-github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
-github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tomarrell/wrapcheck/v2 v2.4.0/go.mod h1:68bQ/eJg55BROaRTbMjC7vuhL2OgfoG8bLp9ZyoBfyY=
-github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
-github.com/tommy-muehle/go-mnd/v2 v2.4.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
-github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/uudashr/gocognit v1.0.5/go.mod h1:wgYz0mitoKOTysqxTDMOUXg+Jb5SvtihkfmugIZYpEA=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
-github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
-github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
-github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
@@ -1107,15 +777,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
 github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc=
-github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
-github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
-github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1127,13 +790,9 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6yfWfDmlWd35khcWpUa4L0xI/k=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
-go.mozilla.org/mozlog v0.0.0-20170222151521-4bb13139d403/go.mod h1:jHoPAGnDrCy6kaI2tAze5Prf0Nr0w/oNkROt2lw3n3o=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1143,52 +802,33 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20220817180228-f738f5508c12 h1:xOBJXWGEDwU5xSDxH6macxO11Us0AH2fTa9rmsbbF7g=
-go.starlark.net v0.0.0-20220817180228-f738f5508c12/go.mod h1:VZcBMdr3cT3PnBoWunTabuSEXwVAH+ZJ5zxfs3AdASk=
 go.starlark.net v0.0.0-20220926145019-14b050677505 h1:W0MibAL5BiEenQR+F/EF/a4HJhgLngHVvm6jbtUW0PM=
 go.starlark.net v0.0.0-20220926145019-14b050677505/go.mod h1:qsNirHv+Awo5xHuNyQ/0niov6kDxdBs+bqpVMBCW77k=
-go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
-go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0 h1:a5Yg6ylndHHYJqIPrdq0AhvR6KTvDTAvgBtaidhEevY=
-golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1201,7 +841,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1227,16 +866,13 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1248,9 +884,6 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1258,11 +891,9 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -1277,16 +908,11 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220921203646-d300de134e69 h1:hUJpGDpnfwdJW8iNypFjmSY0sCBEL+spFTZ2eO+Sfps=
-golang.org/x/net v0.0.0-20220921203646-d300de134e69/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.0.0-20220923203811-8be639271d50 h1:vKyz8L3zkd+xrMeIaBsQ/MNVPVFSffdaU3ZyYlBGFnI=
 golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1302,9 +928,6 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
@@ -1312,7 +935,6 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1320,20 +942,14 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804 h1:0SH2R3f1b1VmIMG7BXbEZCBUu2dKmHschSmjqGUrW8A=
-golang.org/x/sync v0.0.0-20220907140024-f12130a52804/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
 golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1343,30 +959,22 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1379,7 +987,6 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1394,21 +1001,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1418,7 +1018,6 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
 golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1434,29 +1033,17 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs=
-golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
 golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190307163923-6a08e3108db3/go.mod h1:25r3+/G6/xytQM8iWZKq3Hn0kr0rgFKPUNVEL/dr3z4=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190321232350-e250d351ecad/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -1466,26 +1053,17 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190916130336-e45ffcd953cc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -1495,56 +1073,24 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200324003944-a576cf524670/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200422022333-3d57cf2e726e/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200624225443-88f3c62a19ff/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200625211823-6506e20df31f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200626171337-aa94e735be7f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200630154851-b2d8b0336632/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200706234117-b22de6825cf7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200831203904-5a2aa26beb65/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201002184944-ecd9fd270d5d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201028025901-8cd080b735b3/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201114224030-61ea331ec02b/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201118003311-bd56c0adb394/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201230224404-63754364767c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
-golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
@@ -1556,7 +1102,6 @@ google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEt
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
@@ -1575,24 +1120,15 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1600,7 +1136,6 @@ google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
@@ -1614,15 +1149,12 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200707001353-8e8330bf89df/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1638,36 +1170,19 @@ google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737 h1:K1zaaMdYBXRyX+cwFnxj7M6zwDyumLQMZ5xqwGvjreQ=
-google.golang.org/genproto v0.0.0-20220921223823-23cae91e6737/go.mod h1:2r/26NEF3bFmT3eC3aZreahSal0C3Shl8Gi6vyDYqOQ=
 google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc h1:saaNe2+SBQxandnzcD/qB1JEBQ2Pqew+KlFLLdA/XcM=
 google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc/go.mod h1:yEEpwVWKMZZzo81NwRgyEJnA2fQvpXAYPVisv8EgDVs=
-google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.0/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
@@ -1678,15 +1193,10 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw=
 google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1709,30 +1219,21 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.6/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
@@ -1754,7 +1255,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8=
 k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0=
 k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo=
@@ -1769,22 +1269,14 @@ k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
 k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
 k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
 k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
 k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
-k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73 h1:H9TCJUUx+2VA0ZiD9lvtaX8fthFsMoD+Izn93E/hm8U=
-k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220922133306-665eaaec4324 h1:i+xdFemcSNuJvIfBlaYuXgRondKxK4z4prVPKzEaelI=
 k8s.io/utils v0.0.0-20220922133306-665eaaec4324/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
-mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
-mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
-mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE=
 oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
 oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
@@ -1792,8 +1284,6 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kind v0.15.0 h1:Fskj234L4hjQlsScCgeYvCBIRt06cjLzc7+kbr1u8Tg=
-sigs.k8s.io/kind v0.15.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kind v0.16.0 h1:GFXyyxtPnHFKqXr3ZG8/X0+0K9sl69lejStlPn2WQyM=
 sigs.k8s.io/kind v0.16.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
@@ -1802,6 +1292,5 @@ sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2
 sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index a5709038c..e0c30c28e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -119,6 +120,9 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	}
 
 	var excludePatterns []string
+	if len(di.Project.Config.TemplateExcludes) != 0 {
+		status.Deprecation(di.ctx.Ctx, "template-excludes", "'templateExcludes' are deprecated, use .templateignore files instead.")
+	}
 	excludePatterns = append(excludePatterns, di.Project.Config.TemplateExcludes...)
 	err = filepath.WalkDir(*di.dir, func(p string, d fs.DirEntry, err error) error {
 		if d.IsDir() {

From 2ee42097e3045124cd96e98b5f46aa070c2ddedd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 14:05:58 +0200
Subject: [PATCH 0380/2268] fix: Remove traces of Helm installation from
 Dockerfile

---
 Dockerfile | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1585cdfb3..d312e8c6f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,4 @@
-FROM alpine:3.15 as builder
-
-RUN apk add --no-cache ca-certificates curl
-
-ARG ARCH=linux-amd64
-
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64
 FROM debian:bullseye-slim
-COPY --from=builder /helm /usr/bin
 COPY kluctl /usr/bin/
 ENTRYPOINT ["/usr/bin/kluctl"]

From f9d6b8a2f36f5004a525c6ff31bc77c5e152114d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 16:08:36 +0200
Subject: [PATCH 0381/2268] docs: Enhance documentation for `-a`

---
 cmd/kluctl/args/project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 2639966fb..d2c933721 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -18,7 +18,7 @@ type ProjectFlags struct {
 }
 
 type ArgsFlags struct {
-	Arg []string `group:"project" short:"a" help:"Template argument in the form name=value"`
+	Arg []string `group:"project" short:"a" help:"Passes a template argument in the form of name=value. Nested args can be set with the '-a my.nested.arg=value' syntax. Values are interpreted as yaml values, meaning that 'true' and 'false' will lead to boolean values and numbers will be treated as numbers. Use quotes if you want these to be treated as strings."`
 }
 
 type TargetFlags struct {

From 545bff744d53bcb0e2da15de57c3ed750a5ead2a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Sep 2022 17:19:51 +0200
Subject: [PATCH 0382/2268] fix: Skip waiting on hooks when --no-wait was
 specified

---
 pkg/deployment/utils/hooks_util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 9acbb6178..6ebcd928f 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -107,7 +107,7 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 		if u.a.HadError(ref) {
 			continue
 		}
-		if !h.wait {
+		if !h.wait || u.a.o.NoWait {
 			continue
 		}
 		waitResults[ref] = u.a.WaitReadiness(ref, h.timeout)

From 92163822f91267ee78f3c6b5ff209418e8426b8c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 08:52:26 +0200
Subject: [PATCH 0383/2268] fix: Fix diffs pretending that an object could be
 applied to a non-existing ns

We should only simulate creation of objects into new NSs if we know that the
NS is actually created.
---
 pkg/deployment/utils/apply_utils.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 58b32270f..bf1043c91 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -297,11 +297,15 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		x = x.Clone()
 		x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
 	} else if a.o.DryRun && remoteNamespace == nil && ref.Namespace != "" {
-		// The namespace does not exist, so let's pretend we deploy it to the default namespace with a dummy name
-		usesDummyName = true
-		x = x.Clone()
-		x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
-		x.SetK8sNamespace("default")
+		nsRef := k8s2.NewObjectRef("", "v1", "Namespace", ref.Namespace, "")
+		if _, ok := a.appliedObjects[nsRef]; ok {
+			// The namespace does not really exist, but would have been created if dryRun would be false.
+			// So let's pretend we deploy it to the default namespace with a dummy name
+			usesDummyName = true
+			x = x.Clone()
+			x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
+			x.SetK8sNamespace("default")
+		}
 	}
 
 	options := k8s.PatchOptions{

From fbfbdc564e7a5d4f1a868607d7e461e0c0ef1f32 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 08:59:30 +0200
Subject: [PATCH 0384/2268] fix: Add ca-certificates to docker container

This is required to make https git repos work.
---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index d312e8c6f..b22c03a9a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64
 FROM debian:bullseye-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
+
 COPY kluctl /usr/bin/
 ENTRYPOINT ["/usr/bin/kluctl"]

From d6732bbe13653a50c70147c344968e27cd701fec Mon Sep 17 00:00:00 2001
From: Marko Petrovic <22802784+gitbluf@users.noreply.github.com>
Date: Thu, 29 Sep 2022 09:21:22 +0200
Subject: [PATCH 0385/2268] feat: Add flux-kluctl-controller subcommands (#46)

* Add: subcommands:
flux-reconcile
flux-suspend
flux-resume

* Add: print out revision

* refactor: Add NewClientFactoryFromDefaultConfig helper method

This method allows to create a client factory for the default kubeconfig.

* refactor: Implement PatchObjectWithJsonPatch

* Cherry pick suggested commits

* Refactor: reconcile,resume,suspend
Update: k8s_cluster.go helper fn

* Remove: pkg/flux => helper functions moved to k8s

* Add: helper functions:
GetObjectSource
GetObjectStatus
WaitForReady

* Refactor: flux-reconcile,suspend,resume

* Add: Flux VerifyFlag function

* Add: e2e test for flux commands

* Update: test yaml resources, README

* chore: Run go mod tidy

* refactor: Add real "flux" sub-command instead of using flux-xxx commands

* fix: Fix crash when adding nested sub-commands

* fix: Adjust status output of flux sub-commands to be in the same style as other commands

* tests: Fix flux tests to use correct sub-commands

* fix: Fix patch type in PatchObject

* Refactor:
Move Flux unique functions to flux_cmd as helper functions
Add Flux test asserts of actions

Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 .gitignore                                |    1 +
 cmd/kluctl/args/flux.go                   |   34 +
 cmd/kluctl/args/helm_credentials.go       |    3 +-
 cmd/kluctl/commands/cmd_flux.go           |   70 +
 cmd/kluctl/commands/cmd_flux_reconcile.go |  108 +
 cmd/kluctl/commands/cmd_flux_resume.go    |   48 +
 cmd/kluctl/commands/cmd_flux_suspend.go   |   47 +
 cmd/kluctl/commands/cobra_utils.go        |    9 +-
 cmd/kluctl/commands/root.go               |   19 +-
 e2e/flux_test.go                          |   65 +
 e2e/hooks_test.go                         |    5 +-
 e2e/project.go                            |   13 +-
 e2e/test_resources/README.md              |   21 +-
 e2e/test_resources/flux-source-crd.yaml   | 2623 +++++++++++++++++++++
 e2e/test_resources/kluctl-crds.yaml       | 1592 +++++++++++++
 e2e/test_resources/kluctl-deployment.yaml |   30 +
 e2e/test_resources/resources.go           |    3 +-
 e2e/utils.go                              |    9 +-
 pkg/k8s/client_factory.go                 |   17 +
 pkg/k8s/k8s_cluster.go                    |   40 +-
 20 files changed, 4719 insertions(+), 38 deletions(-)
 create mode 100644 cmd/kluctl/args/flux.go
 create mode 100644 cmd/kluctl/commands/cmd_flux.go
 create mode 100644 cmd/kluctl/commands/cmd_flux_reconcile.go
 create mode 100644 cmd/kluctl/commands/cmd_flux_resume.go
 create mode 100644 cmd/kluctl/commands/cmd_flux_suspend.go
 create mode 100644 e2e/flux_test.go
 create mode 100644 e2e/test_resources/flux-source-crd.yaml
 create mode 100644 e2e/test_resources/kluctl-crds.yaml
 create mode 100644 e2e/test_resources/kluctl-deployment.yaml

diff --git a/.gitignore b/.gitignore
index 276ce77b0..8160eea20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@
 /reports
 /vendor
 dist/
+.vscode
\ No newline at end of file
diff --git a/cmd/kluctl/args/flux.go b/cmd/kluctl/args/flux.go
new file mode 100644
index 000000000..a1307a16a
--- /dev/null
+++ b/cmd/kluctl/args/flux.go
@@ -0,0 +1,34 @@
+package args
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+type KluctlDeploymentFlags struct {
+	KluctlDeployment string `group:"flux" short:"k" help:"Name of the KluctlDeployment to interact with"`
+	Namespace        string `group:"flux" short:"n" help:"Namespace where KluctlDeployment is located"`
+	WithSource       bool   `group:"flux" help:"--with-source will annotate Source object as well, triggering pulling"`
+	NoWait           bool   `group:"flux" help:"Don't wait for objects readiness'"`
+}
+
+var KluctlDeploymentGVK = schema.GroupVersionKind{
+	Group:   "flux.kluctl.io",
+	Version: "v1alpha1",
+	Kind:    "KluctlDeployment",
+}
+
+var GitRepositoryGVK = schema.GroupVersionKind{
+	Group:   "source.toolkit.fluxcd.io",
+	Version: "v1beta2",
+	Kind:    "GitRepository",
+}
+
+func (cmd *KluctlDeploymentFlags) VerifyFlags() bool {
+	if cmd.KluctlDeployment == "" {
+		return false
+	}
+	if cmd.Namespace == "" {
+		cmd.Namespace = "default"
+	}
+	return true
+}
diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 23db78c6d..47cd25feb 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -1,9 +1,10 @@
 package args
 
 import (
+	"strings"
+
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/repo"
-	"strings"
 )
 
 type HelmCredentials struct {
diff --git a/cmd/kluctl/commands/cmd_flux.go b/cmd/kluctl/commands/cmd_flux.go
new file mode 100644
index 000000000..2b68aa514
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_flux.go
@@ -0,0 +1,70 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	kube "github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+)
+
+type fluxCmd struct {
+	Reconcile fluxReconcileCmd `cmd:"" help:"Reconcile KluctlDeployment"`
+	Suspend   fluxSuspendCmd   `cmd:"" help:"Suspend KluctlDeployment"`
+	Resume    fluxResumeCmd    `cmd:"" help:"Resume KluctlDeployment"`
+}
+
+func WaitForReady(k *kube.K8sCluster, ref k8s.ObjectRef) (bool, error) {
+	o, _, err := k.GetSingleObject(ref)
+	if o == nil {
+		return false, err
+	}
+	retry := 0
+	finalStatus := true
+	var errorMsg error
+	for s, err := GetObjectStatus(o); s != true; {
+		if retry >= 5 || err != nil {
+			finalStatus = false
+			errorMsg = err
+			break
+		}
+		retry++
+		time.Sleep(8 * time.Second)
+	}
+	return finalStatus, errorMsg
+}
+
+func GetObjectStatus(o *uo.UnstructuredObject) (bool, error) {
+	conditions, ok, err := o.GetNestedField("status", "conditions")
+	if !ok {
+		return false, err
+	}
+	for _, v := range conditions.([]interface{}) {
+		if (v.(map[string]interface{})["type"]) == "Ready" {
+			return true, nil
+		}
+	}
+
+	return false, err
+}
+
+func GetObjectSource(o *uo.UnstructuredObject, name string, namespace string, ctx context.Context) (string, string, error) {
+	status.Trace(ctx, "fetching %s in %s", name, namespace)
+
+	sourceName, ok, err := o.GetNestedField("spec", "sourceRef", "name")
+	if !ok {
+		return "", "", err
+	}
+
+	sourceNamespace, ok, err := o.GetNestedField("spec", "sourceRef", "namespace")
+	if !ok {
+		return "", "", err
+	}
+
+	return fmt.Sprintf("%v", sourceName),
+		fmt.Sprintf("%v", sourceNamespace),
+		err
+}
diff --git a/cmd/kluctl/commands/cmd_flux_reconcile.go b/cmd/kluctl/commands/cmd_flux_reconcile.go
new file mode 100644
index 000000000..a6ed024e2
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_flux_reconcile.go
@@ -0,0 +1,108 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+)
+
+type fluxReconcileCmd struct {
+	args.KluctlDeploymentFlags
+}
+
+func (cmd *fluxReconcileCmd) Run() error {
+	var (
+		sourceNamespace string
+		sourceName      string
+	)
+	ns := cmd.KluctlDeploymentFlags.Namespace
+	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
+	source := cmd.KluctlDeploymentFlags.WithSource
+	noWait := cmd.KluctlDeploymentFlags.NoWait
+	timestamp := time.Now().Format(time.RFC3339)
+
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	if err != nil {
+		return err
+	}
+	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
+	if err != nil {
+		return err
+	}
+
+	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+	patch := []k8s.JsonPatch{{
+		Op:   "replace",
+		Path: "/metadata/annotations",
+		Value: map[string]string{
+			"fluxcd.io/reconcileAt": timestamp,
+		},
+	}}
+
+	if source {
+		if !cmd.VerifyFlags() {
+			fmt.Println("KluctlDeployment name flag not provided..")
+			os.Exit(1)
+		}
+		o, _, err := k.GetSingleObject(ref)
+		if o == nil {
+			return err
+		}
+
+		sourceName, sourceNamespace, err = GetObjectSource(o, kd, ns, context.TODO())
+		if err != nil {
+			return err
+		}
+		ref2 := k8s2.ObjectRef{GVK: args.GitRepositoryGVK, Name: sourceName, Namespace: sourceNamespace}
+
+		s := status.Start(cliCtx, "Annotating Source %s in %s namespace", sourceName, sourceNamespace)
+		defer s.Failed()
+
+		_, _, err = k.PatchObjectWithJsonPatch(ref2, patch, k8s.PatchOptions{})
+		if err != nil {
+			return err
+		}
+		s.Success()
+
+		s = status.Start(cliCtx, "Waiting for Source %s to finish reconciliation", sourceName)
+
+		if !noWait {
+			ready, err := WaitForReady(k, ref2)
+			if !ready {
+				s.FailedWithMessage("Failed while waiting for Source %s to get ready..", sourceName)
+				return err
+			}
+		}
+
+		s.Success()
+	}
+
+	s := status.Start(cliCtx, "Annotating KluctlDeployment %s in %s namespace", kd, ns)
+	defer s.Failed()
+
+	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
+	if err != nil {
+		return err
+	}
+	s.Success()
+
+	s = status.Start(cliCtx, "Waiting for KluctlDeployment %s in %s namespace to finish reconciliation", kd, ns)
+
+	if !noWait {
+		ready, err := WaitForReady(k, ref)
+		if !ready {
+			s.FailedWithMessage("Failed while waiting for KluctlDeployment %s to get ready..", kd)
+			return err
+		}
+	}
+
+	s.Success()
+
+	return err
+}
diff --git a/cmd/kluctl/commands/cmd_flux_resume.go b/cmd/kluctl/commands/cmd_flux_resume.go
new file mode 100644
index 000000000..8b7aaafc8
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_flux_resume.go
@@ -0,0 +1,48 @@
+package commands
+
+import (
+	"context"
+
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+)
+
+type fluxResumeCmd struct {
+	args.KluctlDeploymentFlags
+}
+
+// TODO add reconciliation after resume
+func (cmd *fluxResumeCmd) Run() error {
+	ns := cmd.KluctlDeploymentFlags.Namespace
+	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
+
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	if err != nil {
+		return err
+	}
+	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
+	if err != nil {
+		return err
+	}
+
+	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+
+	patch := []k8s.JsonPatch{{
+		Op:    "replace",
+		Path:  "/spec/suspend",
+		Value: false,
+	}}
+
+	s := status.Start(cliCtx, "Resuming KluctlDeployment %s in %s namespace", kd, ns)
+	defer s.Failed()
+
+	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
+	if err != nil {
+		return err
+	}
+	s.Success()
+
+	return err
+}
diff --git a/cmd/kluctl/commands/cmd_flux_suspend.go b/cmd/kluctl/commands/cmd_flux_suspend.go
new file mode 100644
index 000000000..6e5422fb6
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_flux_suspend.go
@@ -0,0 +1,47 @@
+package commands
+
+import (
+	"context"
+
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+)
+
+type fluxSuspendCmd struct {
+	args.KluctlDeploymentFlags
+}
+
+func (cmd *fluxSuspendCmd) Run() error {
+	ns := cmd.KluctlDeploymentFlags.Namespace
+	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
+
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	if err != nil {
+		return err
+	}
+	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
+	if err != nil {
+		return err
+	}
+
+	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+	patch := []k8s.JsonPatch{{
+		Op:    "replace",
+		Path:  "/spec/suspend",
+		Value: true,
+	}}
+
+	s := status.Start(cliCtx, "Suspending KluctlDeployment %s in %s namespace", kd, ns)
+	defer s.Failed()
+
+	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
+	if err != nil {
+		return err
+	}
+
+	s.Success()
+
+	return err
+}
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 3f8bc6316..d495f58f6 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -66,11 +66,10 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 	}
 
 	runP, ok := cmdStruct.(runProvider)
-	if !ok {
-		panic(fmt.Sprintf("%s does not implement runProvider", name))
-	}
-	cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
-		return runP.Run()
+	if ok {
+		cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
+			return runP.Run()
+		}
 	}
 
 	err := c.buildCobraSubCommands(cg, cmdStruct)
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index d98200898..e85358e86 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,6 +18,15 @@ package commands
 import (
 	"context"
 	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"runtime/pprof"
+	"strings"
+	"time"
+
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -28,15 +37,7 @@ import (
 	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"io"
 	"k8s.io/klog/v2"
-	"log"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime/pprof"
-	"strings"
-	"time"
 )
 
 const latestReleaseUrl = "https://api.github.com/repos/kluctl/kluctl/releases/latest"
@@ -61,6 +62,7 @@ type cli struct {
 	Render            renderCmd            `cmd:"" help:"Renders all resources and configuration files"`
 	Seal              sealCmd              `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate          validateCmd          `cmd:"" help:"Validates the already deployed deployment"`
+	Flux              fluxCmd              `cmd:"" help:"Flux sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
@@ -71,6 +73,7 @@ var flagGroups = []groupInfo{
 	{group: "images", title: "Image arguments:", description: "Control fixed images and update behaviour."},
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
+	{group: "flux", title: "Flux arguments:", description: "EXPERIMENTAL: Subcommands for interaction with flux-kluctl-controller"},
 }
 
 var cliCtx = context.Background()
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
new file mode 100644
index 000000000..56bde84b3
--- /dev/null
+++ b/e2e/flux_test.go
@@ -0,0 +1,65 @@
+package e2e
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFluxCommands(t *testing.T) {
+	t.Parallel()
+
+	k := defaultKindCluster1
+
+	p := &testProject{}
+	p.init(t, k, "simple")
+
+	defer p.cleanup()
+
+	test_resources.ApplyYaml("flux-source-crd.yaml", k)
+	test_resources.ApplyYaml("kluctl-crds.yaml", k)
+	test_resources.ApplyYaml("kluctl-deployment.yaml", k)
+
+	assertResourceExists(t, k, "default", "kluctldeployment/microservices-demo-test")
+
+	p.KluctlMust("flux", "suspend", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test")
+	suspend := getKluctlSuspendField(t, k)
+	assert.Equal(t, true, suspend, "Field status.suspend is not false")
+
+	p.KluctlMust("flux", "resume", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test", "--no-wait")
+	resume := getKluctlSuspendField(t, k)
+	assert.Equal(t, false, resume, "Field status.suspend is not true")
+
+	p.KluctlMust("flux", "reconcile", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test", "--with-source", "--no-wait")
+	annotation := getKluctlAnnotations(t, k)
+	assert.Len(t, annotation, 1, "Annotation not present")
+}
+
+func getKluctlSuspendField(t *testing.T, k *test_utils.KindCluster) interface{} {
+	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
+	result, ok, err := o.GetNestedField("spec", "suspend")
+	fmt.Println(result)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !ok {
+		t.Fatalf("result not found")
+	}
+	return result
+}
+
+func getKluctlAnnotations(t *testing.T, k *test_utils.KindCluster) interface{} {
+	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
+	result, ok, err := o.GetNestedField("metadata", "annotations")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !ok {
+		t.Fatalf("result not found")
+	}
+	fmt.Println(result)
+	return result
+}
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 18149608c..d105b9a45 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -3,9 +3,10 @@ package e2e
 import (
 	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
+
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 const hookScript = `
diff --git a/e2e/project.go b/e2e/project.go
index be0bd2823..2b67e294a 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -2,6 +2,13 @@ package e2e
 
 import (
 	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"testing"
+
 	"github.com/go-git/go-git/v5"
 	"github.com/imdario/mergo"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
@@ -9,12 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"reflect"
-	"strings"
-	"testing"
 )
 
 type testProject struct {
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
index e3655fad6..a95af0258 100644
--- a/e2e/test_resources/README.md
+++ b/e2e/test_resources/README.md
@@ -1,9 +1,26 @@
 # sealed-secrets.yaml
-
+```bash
 helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
 helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds --skip-tests > sealed-secrets.yaml
+```
 
 # vault.yaml
-
+```bash
 helm repo add hashicorp https://helm.releases.hashicorp.com
 helm template vault hashicorp/vault -n vault -f vault-values.yaml --include-crds --skip-tests > vault.yaml
+```
+
+# kluctl-crds.yaml
+Fetches flux-kluctl-controller crd definitions
+```bash
+kustomize build https://github.com/kluctl/flux-kluctl-controller/config/crd > kluctl-crds.yaml
+```
+
+# kluctl-deployment.yaml
+This is a simple KluctlDeployment that is not really valid. It points to a non-existing GitRepository. This object is only used to test `kluctl flux` subcommands (which only sets annotations and updates field 'suspend').
+
+# flux-source-crd.yaml
+Fetches flux-source-controller crd definitions
+```bash
+kustomize build https://github.com/fluxcd/source-controller/config/crd > flux-source-crd.yaml
+```
\ No newline at end of file
diff --git a/e2e/test_resources/flux-source-crd.yaml b/e2e/test_resources/flux-source-crd.yaml
new file mode 100644
index 000000000..4eda189ac
--- /dev/null
+++ b/e2e/test_resources/flux-source-crd.yaml
@@ -0,0 +1,2623 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: buckets.source.toolkit.fluxcd.io
+spec:
+  group: source.toolkit.fluxcd.io
+  names:
+    kind: Bucket
+    listKind: BucketList
+    plural: buckets
+    singular: bucket
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.endpoint
+      name: Endpoint
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Bucket is the Schema for the buckets API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BucketSpec defines the desired state of an S3 compatible
+              bucket
+            properties:
+              accessFrom:
+                description: AccessFrom defines an Access Control List for allowing
+                  cross-namespace references to this object.
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              bucketName:
+                description: The bucket name.
+                type: string
+              endpoint:
+                description: The bucket endpoint address.
+                type: string
+              ignore:
+                description: Ignore overrides the set of excluded patterns in the
+                  .sourceignore format (which is the same as .gitignore). If not provided,
+                  a default will be used, consult the documentation for your version
+                  to find out what those are.
+                type: string
+              insecure:
+                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+                type: boolean
+              interval:
+                description: The interval at which to check for bucket updates.
+                type: string
+              provider:
+                default: generic
+                description: The S3 compatible storage provider name, default ('generic').
+                enum:
+                - generic
+                - aws
+                - gcp
+                type: string
+              region:
+                description: The bucket region.
+                type: string
+              secretRef:
+                description: The name of the secret containing authentication credentials
+                  for the Bucket.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              timeout:
+                default: 60s
+                description: The timeout for download operations, defaults to 60s.
+                type: string
+            required:
+            - bucketName
+            - endpoint
+            - interval
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: BucketStatus defines the observed state of a bucket
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  Bucket sync.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the artifact.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of this artifact.
+                    format: date-time
+                    type: string
+                  path:
+                    description: Path is the relative file path of this artifact.
+                    type: string
+                  revision:
+                    description: Revision is a human readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm index timestamp, a Helm chart version, etc.
+                    type: string
+                  url:
+                    description: URL is the HTTP address of this artifact.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the Bucket.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation.
+                format: int64
+                type: integer
+              url:
+                description: URL is the download link for the artifact output of the
+                  last Bucket sync.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.endpoint
+      name: Endpoint
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: Bucket is the Schema for the buckets API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BucketSpec specifies the required configuration to produce
+              an Artifact for an object storage bucket.
+            properties:
+              accessFrom:
+                description: 'AccessFrom specifies an Access Control List for allowing
+                  cross-namespace references to this object. NOTE: Not implemented,
+                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              bucketName:
+                description: BucketName is the name of the object storage bucket.
+                type: string
+              endpoint:
+                description: Endpoint is the object storage address the BucketName
+                  is located at.
+                type: string
+              ignore:
+                description: Ignore overrides the set of excluded patterns in the
+                  .sourceignore format (which is the same as .gitignore). If not provided,
+                  a default will be used, consult the documentation for your version
+                  to find out what those are.
+                type: string
+              insecure:
+                description: Insecure allows connecting to a non-TLS HTTP Endpoint.
+                type: boolean
+              interval:
+                description: Interval at which to check the Endpoint for updates.
+                type: string
+              provider:
+                default: generic
+                description: Provider of the object storage bucket. Defaults to 'generic',
+                  which expects an S3 (API) compatible object storage.
+                enum:
+                - generic
+                - aws
+                - gcp
+                - azure
+                type: string
+              region:
+                description: Region of the Endpoint where the BucketName is located
+                  in.
+                type: string
+              secretRef:
+                description: SecretRef specifies the Secret containing authentication
+                  credentials for the Bucket.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: Suspend tells the controller to suspend the reconciliation
+                  of this Bucket.
+                type: boolean
+              timeout:
+                default: 60s
+                description: Timeout for fetch operations, defaults to 60s.
+                type: string
+            required:
+            - bucketName
+            - endpoint
+            - interval
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: BucketStatus records the observed state of a Bucket.
+            properties:
+              artifact:
+                description: Artifact represents the last successful Bucket reconciliation.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the Artifact file.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of the Artifact.
+                    format: date-time
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    description: Metadata holds upstream information such as OCI annotations.
+                    type: object
+                  path:
+                    description: Path is the relative file path of the Artifact. It
+                      can be used to locate the file in the root of the Artifact storage
+                      on the local file system of the controller managing the Source.
+                    type: string
+                  revision:
+                    description: Revision is a human-readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm chart version, etc.
+                    type: string
+                  size:
+                    description: Size is the number of bytes in the file.
+                    format: int64
+                    type: integer
+                  url:
+                    description: URL is the HTTP address of the Artifact as exposed
+                      by the controller managing the Source. It can be used to retrieve
+                      the Artifact for consumption, e.g. by another controller applying
+                      the Artifact contents.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the Bucket.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation of
+                  the Bucket object.
+                format: int64
+                type: integer
+              url:
+                description: URL is the dynamic fetch link for the latest Artifact.
+                  It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+                  data is recommended.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: gitrepositories.source.toolkit.fluxcd.io
+spec:
+  group: source.toolkit.fluxcd.io
+  names:
+    kind: GitRepository
+    listKind: GitRepositoryList
+    plural: gitrepositories
+    shortNames:
+    - gitrepo
+    singular: gitrepository
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.url
+      name: URL
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: GitRepository is the Schema for the gitrepositories API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GitRepositorySpec defines the desired state of a Git repository.
+            properties:
+              accessFrom:
+                description: AccessFrom defines an Access Control List for allowing
+                  cross-namespace references to this object.
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              gitImplementation:
+                default: go-git
+                description: Determines which git client library to use. Defaults
+                  to go-git, valid values are ('go-git', 'libgit2').
+                enum:
+                - go-git
+                - libgit2
+                type: string
+              ignore:
+                description: Ignore overrides the set of excluded patterns in the
+                  .sourceignore format (which is the same as .gitignore). If not provided,
+                  a default will be used, consult the documentation for your version
+                  to find out what those are.
+                type: string
+              include:
+                description: Extra git repositories to map into the repository
+                items:
+                  description: GitRepositoryInclude defines a source with a from and
+                    to path.
+                  properties:
+                    fromPath:
+                      description: The path to copy contents from, defaults to the
+                        root directory.
+                      type: string
+                    repository:
+                      description: Reference to a GitRepository to include.
+                      properties:
+                        name:
+                          description: Name of the referent.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    toPath:
+                      description: The path to copy contents to, defaults to the name
+                        of the source ref.
+                      type: string
+                  required:
+                  - repository
+                  type: object
+                type: array
+              interval:
+                description: The interval at which to check for repository updates.
+                type: string
+              recurseSubmodules:
+                description: When enabled, after the clone is created, initializes
+                  all submodules within, using their default settings. This option
+                  is available only when using the 'go-git' GitImplementation.
+                type: boolean
+              ref:
+                description: The Git reference to checkout and monitor for changes,
+                  defaults to master branch.
+                properties:
+                  branch:
+                    description: The Git branch to checkout, defaults to master.
+                    type: string
+                  commit:
+                    description: The Git commit SHA to checkout, if specified Tag
+                      filters will be ignored.
+                    type: string
+                  semver:
+                    description: The Git tag semver expression, takes precedence over
+                      Tag.
+                    type: string
+                  tag:
+                    description: The Git tag to checkout, takes precedence over Branch.
+                    type: string
+                type: object
+              secretRef:
+                description: The secret name containing the Git credentials. For HTTPS
+                  repositories the secret must contain username and password fields.
+                  For SSH repositories the secret must contain identity and known_hosts
+                  fields.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              timeout:
+                default: 60s
+                description: The timeout for remote Git operations like cloning, defaults
+                  to 60s.
+                type: string
+              url:
+                description: The repository URL, can be a HTTP/S or SSH address.
+                pattern: ^(http|https|ssh)://.*$
+                type: string
+              verify:
+                description: Verify OpenPGP signature for the Git commit HEAD points
+                  to.
+                properties:
+                  mode:
+                    description: Mode describes what git object should be verified,
+                      currently ('head').
+                    enum:
+                    - head
+                    type: string
+                  secretRef:
+                    description: The secret name containing the public keys of all
+                      trusted Git authors.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - mode
+                type: object
+            required:
+            - interval
+            - url
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: GitRepositoryStatus defines the observed state of a Git repository.
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  repository sync.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the artifact.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of this artifact.
+                    format: date-time
+                    type: string
+                  path:
+                    description: Path is the relative file path of this artifact.
+                    type: string
+                  revision:
+                    description: Revision is a human readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm index timestamp, a Helm chart version, etc.
+                    type: string
+                  url:
+                    description: URL is the HTTP address of this artifact.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the GitRepository.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              includedArtifacts:
+                description: IncludedArtifacts represents the included artifacts from
+                  the last successful repository sync.
+                items:
+                  description: Artifact represents the output of a source synchronisation.
+                  properties:
+                    checksum:
+                      description: Checksum is the SHA256 checksum of the artifact.
+                      type: string
+                    lastUpdateTime:
+                      description: LastUpdateTime is the timestamp corresponding to
+                        the last update of this artifact.
+                      format: date-time
+                      type: string
+                    path:
+                      description: Path is the relative file path of this artifact.
+                      type: string
+                    revision:
+                      description: Revision is a human readable identifier traceable
+                        in the origin source system. It can be a Git commit SHA, Git
+                        tag, a Helm index timestamp, a Helm chart version, etc.
+                      type: string
+                    url:
+                      description: URL is the HTTP address of this artifact.
+                      type: string
+                  required:
+                  - path
+                  - url
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation.
+                format: int64
+                type: integer
+              url:
+                description: URL is the download link for the artifact output of the
+                  last repository sync.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.url
+      name: URL
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: GitRepository is the Schema for the gitrepositories API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: GitRepositorySpec specifies the required configuration to
+              produce an Artifact for a Git repository.
+            properties:
+              accessFrom:
+                description: 'AccessFrom specifies an Access Control List for allowing
+                  cross-namespace references to this object. NOTE: Not implemented,
+                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              gitImplementation:
+                default: go-git
+                description: GitImplementation specifies which Git client library
+                  implementation to use. Defaults to 'go-git', valid values are ('go-git',
+                  'libgit2').
+                enum:
+                - go-git
+                - libgit2
+                type: string
+              ignore:
+                description: Ignore overrides the set of excluded patterns in the
+                  .sourceignore format (which is the same as .gitignore). If not provided,
+                  a default will be used, consult the documentation for your version
+                  to find out what those are.
+                type: string
+              include:
+                description: Include specifies a list of GitRepository resources which
+                  Artifacts should be included in the Artifact produced for this GitRepository.
+                items:
+                  description: GitRepositoryInclude specifies a local reference to
+                    a GitRepository which Artifact (sub-)contents must be included,
+                    and where they should be placed.
+                  properties:
+                    fromPath:
+                      description: FromPath specifies the path to copy contents from,
+                        defaults to the root of the Artifact.
+                      type: string
+                    repository:
+                      description: GitRepositoryRef specifies the GitRepository which
+                        Artifact contents must be included.
+                      properties:
+                        name:
+                          description: Name of the referent.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    toPath:
+                      description: ToPath specifies the path to copy contents to,
+                        defaults to the name of the GitRepositoryRef.
+                      type: string
+                  required:
+                  - repository
+                  type: object
+                type: array
+              interval:
+                description: Interval at which to check the GitRepository for updates.
+                type: string
+              recurseSubmodules:
+                description: RecurseSubmodules enables the initialization of all submodules
+                  within the GitRepository as cloned from the URL, using their default
+                  settings. This option is available only when using the 'go-git'
+                  GitImplementation.
+                type: boolean
+              ref:
+                description: Reference specifies the Git reference to resolve and
+                  monitor for changes, defaults to the 'master' branch.
+                properties:
+                  branch:
+                    description: "Branch to check out, defaults to 'master' if no
+                      other field is defined. \n When GitRepositorySpec.GitImplementation
+                      is set to 'go-git', a shallow clone of the specified branch
+                      is performed."
+                    type: string
+                  commit:
+                    description: "Commit SHA to check out, takes precedence over all
+                      reference fields. \n When GitRepositorySpec.GitImplementation
+                      is set to 'go-git', this can be combined with Branch to shallow
+                      clone the branch, in which the commit is expected to exist."
+                    type: string
+                  semver:
+                    description: SemVer tag expression to check out, takes precedence
+                      over Tag.
+                    type: string
+                  tag:
+                    description: Tag to check out, takes precedence over Branch.
+                    type: string
+                type: object
+              secretRef:
+                description: SecretRef specifies the Secret containing authentication
+                  credentials for the GitRepository. For HTTPS repositories the Secret
+                  must contain 'username' and 'password' fields. For SSH repositories
+                  the Secret must contain 'identity' and 'known_hosts' fields.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: Suspend tells the controller to suspend the reconciliation
+                  of this GitRepository.
+                type: boolean
+              timeout:
+                default: 60s
+                description: Timeout for Git operations like cloning, defaults to
+                  60s.
+                type: string
+              url:
+                description: URL specifies the Git repository URL, it can be an HTTP/S
+                  or SSH address.
+                pattern: ^(http|https|ssh)://.*$
+                type: string
+              verify:
+                description: Verification specifies the configuration to verify the
+                  Git commit signature(s).
+                properties:
+                  mode:
+                    description: Mode specifies what Git object should be verified,
+                      currently ('head').
+                    enum:
+                    - head
+                    type: string
+                  secretRef:
+                    description: SecretRef specifies the Secret containing the public
+                      keys of trusted Git authors.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - mode
+                type: object
+            required:
+            - interval
+            - url
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: GitRepositoryStatus records the observed state of a Git repository.
+            properties:
+              artifact:
+                description: Artifact represents the last successful GitRepository
+                  reconciliation.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the Artifact file.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of the Artifact.
+                    format: date-time
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    description: Metadata holds upstream information such as OCI annotations.
+                    type: object
+                  path:
+                    description: Path is the relative file path of the Artifact. It
+                      can be used to locate the file in the root of the Artifact storage
+                      on the local file system of the controller managing the Source.
+                    type: string
+                  revision:
+                    description: Revision is a human-readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm chart version, etc.
+                    type: string
+                  size:
+                    description: Size is the number of bytes in the file.
+                    format: int64
+                    type: integer
+                  url:
+                    description: URL is the HTTP address of the Artifact as exposed
+                      by the controller managing the Source. It can be used to retrieve
+                      the Artifact for consumption, e.g. by another controller applying
+                      the Artifact contents.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the GitRepository.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              contentConfigChecksum:
+                description: 'ContentConfigChecksum is a checksum of all the configurations
+                  related to the content of the source artifact:  - .spec.ignore  -
+                  .spec.recurseSubmodules  - .spec.included and the checksum of the
+                  included artifacts observed in .status.observedGeneration version
+                  of the object. This can be used to determine if the content of the
+                  included repository has changed. It has the format of `<algo>:<checksum>`,
+                  for example: `sha256:<checksum>`.'
+                type: string
+              includedArtifacts:
+                description: IncludedArtifacts contains a list of the last successfully
+                  included Artifacts as instructed by GitRepositorySpec.Include.
+                items:
+                  description: Artifact represents the output of a Source reconciliation.
+                  properties:
+                    checksum:
+                      description: Checksum is the SHA256 checksum of the Artifact
+                        file.
+                      type: string
+                    lastUpdateTime:
+                      description: LastUpdateTime is the timestamp corresponding to
+                        the last update of the Artifact.
+                      format: date-time
+                      type: string
+                    metadata:
+                      additionalProperties:
+                        type: string
+                      description: Metadata holds upstream information such as OCI
+                        annotations.
+                      type: object
+                    path:
+                      description: Path is the relative file path of the Artifact.
+                        It can be used to locate the file in the root of the Artifact
+                        storage on the local file system of the controller managing
+                        the Source.
+                      type: string
+                    revision:
+                      description: Revision is a human-readable identifier traceable
+                        in the origin source system. It can be a Git commit SHA, Git
+                        tag, a Helm chart version, etc.
+                      type: string
+                    size:
+                      description: Size is the number of bytes in the file.
+                      format: int64
+                      type: integer
+                    url:
+                      description: URL is the HTTP address of the Artifact as exposed
+                        by the controller managing the Source. It can be used to retrieve
+                        the Artifact for consumption, e.g. by another controller applying
+                        the Artifact contents.
+                      type: string
+                  required:
+                  - path
+                  - url
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation of
+                  the GitRepository object.
+                format: int64
+                type: integer
+              url:
+                description: URL is the dynamic fetch link for the latest Artifact.
+                  It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
+                  data is recommended.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: helmcharts.source.toolkit.fluxcd.io
+spec:
+  group: source.toolkit.fluxcd.io
+  names:
+    kind: HelmChart
+    listKind: HelmChartList
+    plural: helmcharts
+    shortNames:
+    - hc
+    singular: helmchart
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.chart
+      name: Chart
+      type: string
+    - jsonPath: .spec.version
+      name: Version
+      type: string
+    - jsonPath: .spec.sourceRef.kind
+      name: Source Kind
+      type: string
+    - jsonPath: .spec.sourceRef.name
+      name: Source Name
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: HelmChart is the Schema for the helmcharts API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmChartSpec defines the desired state of a Helm chart.
+            properties:
+              accessFrom:
+                description: AccessFrom defines an Access Control List for allowing
+                  cross-namespace references to this object.
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              chart:
+                description: The name or path the Helm chart is available at in the
+                  SourceRef.
+                type: string
+              interval:
+                description: The interval at which to check the Source for updates.
+                type: string
+              reconcileStrategy:
+                default: ChartVersion
+                description: Determines what enables the creation of a new artifact.
+                  Valid values are ('ChartVersion', 'Revision'). See the documentation
+                  of the values for an explanation on their behavior. Defaults to
+                  ChartVersion when omitted.
+                enum:
+                - ChartVersion
+                - Revision
+                type: string
+              sourceRef:
+                description: The reference to the Source the chart is available at.
+                properties:
+                  apiVersion:
+                    description: APIVersion of the referent.
+                    type: string
+                  kind:
+                    description: Kind of the referent, valid values are ('HelmRepository',
+                      'GitRepository', 'Bucket').
+                    enum:
+                    - HelmRepository
+                    - GitRepository
+                    - Bucket
+                    type: string
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              valuesFile:
+                description: Alternative values file to use as the default chart values,
+                  expected to be a relative path in the SourceRef. Deprecated in favor
+                  of ValuesFiles, for backwards compatibility the file defined here
+                  is merged before the ValuesFiles items. Ignored when omitted.
+                type: string
+              valuesFiles:
+                description: Alternative list of values files to use as the chart
+                  values (values.yaml is not included by default), expected to be
+                  a relative path in the SourceRef. Values files are merged in the
+                  order of this list with the last file overriding the first. Ignored
+                  when omitted.
+                items:
+                  type: string
+                type: array
+              version:
+                default: '*'
+                description: The chart version semver expression, ignored for charts
+                  from GitRepository and Bucket sources. Defaults to latest when omitted.
+                type: string
+            required:
+            - chart
+            - interval
+            - sourceRef
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: HelmChartStatus defines the observed state of the HelmChart.
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  chart sync.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the artifact.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of this artifact.
+                    format: date-time
+                    type: string
+                  path:
+                    description: Path is the relative file path of this artifact.
+                    type: string
+                  revision:
+                    description: Revision is a human readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm index timestamp, a Helm chart version, etc.
+                    type: string
+                  url:
+                    description: URL is the HTTP address of this artifact.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the HelmChart.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation.
+                format: int64
+                type: integer
+              url:
+                description: URL is the download link for the last chart pulled.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.chart
+      name: Chart
+      type: string
+    - jsonPath: .spec.version
+      name: Version
+      type: string
+    - jsonPath: .spec.sourceRef.kind
+      name: Source Kind
+      type: string
+    - jsonPath: .spec.sourceRef.name
+      name: Source Name
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: HelmChart is the Schema for the helmcharts API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmChartSpec specifies the desired state of a Helm chart.
+            properties:
+              accessFrom:
+                description: 'AccessFrom specifies an Access Control List for allowing
+                  cross-namespace references to this object. NOTE: Not implemented,
+                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              chart:
+                description: Chart is the name or path the Helm chart is available
+                  at in the SourceRef.
+                type: string
+              interval:
+                description: Interval is the interval at which to check the Source
+                  for updates.
+                type: string
+              reconcileStrategy:
+                default: ChartVersion
+                description: ReconcileStrategy determines what enables the creation
+                  of a new artifact. Valid values are ('ChartVersion', 'Revision').
+                  See the documentation of the values for an explanation on their
+                  behavior. Defaults to ChartVersion when omitted.
+                enum:
+                - ChartVersion
+                - Revision
+                type: string
+              sourceRef:
+                description: SourceRef is the reference to the Source the chart is
+                  available at.
+                properties:
+                  apiVersion:
+                    description: APIVersion of the referent.
+                    type: string
+                  kind:
+                    description: Kind of the referent, valid values are ('HelmRepository',
+                      'GitRepository', 'Bucket').
+                    enum:
+                    - HelmRepository
+                    - GitRepository
+                    - Bucket
+                    type: string
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              suspend:
+                description: Suspend tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              valuesFile:
+                description: ValuesFile is an alternative values file to use as the
+                  default chart values, expected to be a relative path in the SourceRef.
+                  Deprecated in favor of ValuesFiles, for backwards compatibility
+                  the file specified here is merged before the ValuesFiles items.
+                  Ignored when omitted.
+                type: string
+              valuesFiles:
+                description: ValuesFiles is an alternative list of values files to
+                  use as the chart values (values.yaml is not included by default),
+                  expected to be a relative path in the SourceRef. Values files are
+                  merged in the order of this list with the last file overriding the
+                  first. Ignored when omitted.
+                items:
+                  type: string
+                type: array
+              version:
+                default: '*'
+                description: Version is the chart version semver expression, ignored
+                  for charts from GitRepository and Bucket sources. Defaults to latest
+                  when omitted.
+                type: string
+            required:
+            - chart
+            - interval
+            - sourceRef
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: HelmChartStatus records the observed state of the HelmChart.
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  reconciliation.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the Artifact file.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of the Artifact.
+                    format: date-time
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    description: Metadata holds upstream information such as OCI annotations.
+                    type: object
+                  path:
+                    description: Path is the relative file path of the Artifact. It
+                      can be used to locate the file in the root of the Artifact storage
+                      on the local file system of the controller managing the Source.
+                    type: string
+                  revision:
+                    description: Revision is a human-readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm chart version, etc.
+                    type: string
+                  size:
+                    description: Size is the number of bytes in the file.
+                    format: int64
+                    type: integer
+                  url:
+                    description: URL is the HTTP address of the Artifact as exposed
+                      by the controller managing the Source. It can be used to retrieve
+                      the Artifact for consumption, e.g. by another controller applying
+                      the Artifact contents.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the HelmChart.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedChartName:
+                description: ObservedChartName is the last observed chart name as
+                  specified by the resolved chart reference.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation of
+                  the HelmChart object.
+                format: int64
+                type: integer
+              observedSourceArtifactRevision:
+                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
+                  of the HelmChartSpec.SourceRef.
+                type: string
+              url:
+                description: URL is the dynamic fetch link for the latest Artifact.
+                  It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
+                  data is recommended.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: helmrepositories.source.toolkit.fluxcd.io
+spec:
+  group: source.toolkit.fluxcd.io
+  names:
+    kind: HelmRepository
+    listKind: HelmRepositoryList
+    plural: helmrepositories
+    shortNames:
+    - helmrepo
+    singular: helmrepository
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.url
+      name: URL
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: HelmRepository is the Schema for the helmrepositories API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmRepositorySpec defines the reference to a Helm repository.
+            properties:
+              accessFrom:
+                description: AccessFrom defines an Access Control List for allowing
+                  cross-namespace references to this object.
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              interval:
+                description: The interval at which to check the upstream for updates.
+                type: string
+              passCredentials:
+                description: PassCredentials allows the credentials from the SecretRef
+                  to be passed on to a host that does not match the host as defined
+                  in URL. This may be required if the host of the advertised chart
+                  URLs in the index differ from the defined URL. Enabling this should
+                  be done with caution, as it can potentially result in credentials
+                  getting stolen in a MITM-attack.
+                type: boolean
+              secretRef:
+                description: The name of the secret containing authentication credentials
+                  for the Helm repository. For HTTP/S basic auth the secret must contain
+                  username and password fields. For TLS the secret must contain a
+                  certFile and keyFile, and/or caCert fields.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              timeout:
+                default: 60s
+                description: The timeout of index downloading, defaults to 60s.
+                type: string
+              url:
+                description: The Helm repository URL, a valid URL contains at least
+                  a protocol and host.
+                type: string
+            required:
+            - interval
+            - url
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: HelmRepositoryStatus defines the observed state of the HelmRepository.
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  repository sync.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the artifact.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of this artifact.
+                    format: date-time
+                    type: string
+                  path:
+                    description: Path is the relative file path of this artifact.
+                    type: string
+                  revision:
+                    description: Revision is a human readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm index timestamp, a Helm chart version, etc.
+                    type: string
+                  url:
+                    description: URL is the HTTP address of this artifact.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the HelmRepository.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation.
+                format: int64
+                type: integer
+              url:
+                description: URL is the download link for the last index fetched.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.url
+      name: URL
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: HelmRepository is the Schema for the helmrepositories API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HelmRepositorySpec specifies the required configuration to
+              produce an Artifact for a Helm repository index YAML.
+            properties:
+              accessFrom:
+                description: 'AccessFrom specifies an Access Control List for allowing
+                  cross-namespace references to this object. NOTE: Not implemented,
+                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
+                properties:
+                  namespaceSelectors:
+                    description: NamespaceSelectors is the list of namespace selectors
+                      to which this ACL applies. Items in this list are evaluated
+                      using a logical OR operation.
+                    items:
+                      description: NamespaceSelector selects the namespaces to which
+                        this ACL applies. An empty map of MatchLabels matches all
+                        namespaces in a cluster.
+                      properties:
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: MatchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                    type: array
+                required:
+                - namespaceSelectors
+                type: object
+              interval:
+                description: Interval at which to check the URL for updates.
+                type: string
+              passCredentials:
+                description: PassCredentials allows the credentials from the SecretRef
+                  to be passed on to a host that does not match the host as defined
+                  in URL. This may be required if the host of the advertised chart
+                  URLs in the index differ from the defined URL. Enabling this should
+                  be done with caution, as it can potentially result in credentials
+                  getting stolen in a MITM-attack.
+                type: boolean
+              provider:
+                default: generic
+                description: Provider used for authentication, can be 'aws', 'azure',
+                  'gcp' or 'generic'. This field is optional, and only taken into
+                  account if the .spec.type field is set to 'oci'. When not specified,
+                  defaults to 'generic'.
+                enum:
+                - generic
+                - aws
+                - azure
+                - gcp
+                type: string
+              secretRef:
+                description: SecretRef specifies the Secret containing authentication
+                  credentials for the HelmRepository. For HTTP/S basic auth the secret
+                  must contain 'username' and 'password' fields. For TLS the secret
+                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              suspend:
+                description: Suspend tells the controller to suspend the reconciliation
+                  of this HelmRepository.
+                type: boolean
+              timeout:
+                default: 60s
+                description: Timeout is used for the index fetch operation for an
+                  HTTPS helm repository, and for remote OCI Repository operations
+                  like pulling for an OCI helm repository. Its default value is 60s.
+                type: string
+              type:
+                description: Type of the HelmRepository. When this field is set to  "oci",
+                  the URL field value must be prefixed with "oci://".
+                enum:
+                - default
+                - oci
+                type: string
+              url:
+                description: URL of the Helm repository, a valid URL contains at least
+                  a protocol and host.
+                type: string
+            required:
+            - interval
+            - url
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: HelmRepositoryStatus records the observed state of the HelmRepository.
+            properties:
+              artifact:
+                description: Artifact represents the last successful HelmRepository
+                  reconciliation.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the Artifact file.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of the Artifact.
+                    format: date-time
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    description: Metadata holds upstream information such as OCI annotations.
+                    type: object
+                  path:
+                    description: Path is the relative file path of the Artifact. It
+                      can be used to locate the file in the root of the Artifact storage
+                      on the local file system of the controller managing the Source.
+                    type: string
+                  revision:
+                    description: Revision is a human-readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm chart version, etc.
+                    type: string
+                  size:
+                    description: Size is the number of bytes in the file.
+                    format: int64
+                    type: integer
+                  url:
+                    description: URL is the HTTP address of the Artifact as exposed
+                      by the controller managing the Source. It can be used to retrieve
+                      the Artifact for consumption, e.g. by another controller applying
+                      the Artifact contents.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the HelmRepository.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation of
+                  the HelmRepository object.
+                format: int64
+                type: integer
+              url:
+                description: URL is the dynamic fetch link for the latest Artifact.
+                  It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
+                  data is recommended.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: ocirepositories.source.toolkit.fluxcd.io
+spec:
+  group: source.toolkit.fluxcd.io
+  names:
+    kind: OCIRepository
+    listKind: OCIRepositoryList
+    plural: ocirepositories
+    shortNames:
+    - ocirepo
+    singular: ocirepository
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.url
+      name: URL
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: OCIRepository is the Schema for the ocirepositories API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OCIRepositorySpec defines the desired state of OCIRepository
+            properties:
+              certSecretRef:
+                description: "CertSecretRef can be given the name of a secret containing
+                  either or both of \n  - a PEM-encoded client certificate (`certFile`)
+                  and private  key (`keyFile`);  - a PEM-encoded CA certificate (`caFile`)
+                  \n  and whichever are supplied, will be used for connecting to the
+                  \ registry. The client cert and key are useful if you are  authenticating
+                  with a certificate; the CA cert is useful if  you are using a self-signed
+                  server certificate."
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              ignore:
+                description: Ignore overrides the set of excluded patterns in the
+                  .sourceignore format (which is the same as .gitignore). If not provided,
+                  a default will be used, consult the documentation for your version
+                  to find out what those are.
+                type: string
+              insecure:
+                description: Insecure allows connecting to a non-TLS HTTP container
+                  registry.
+                type: boolean
+              interval:
+                description: The interval at which to check for image updates.
+                type: string
+              layerSelector:
+                description: LayerSelector specifies which layer should be extracted
+                  from the OCI artifact. When not specified, the first layer found
+                  in the artifact is selected.
+                properties:
+                  mediaType:
+                    description: MediaType specifies the OCI media type of the layer
+                      which should be extracted from the OCI Artifact. The first layer
+                      matching this type is selected.
+                    type: string
+                type: object
+              provider:
+                default: generic
+                description: The provider used for authentication, can be 'aws', 'azure',
+                  'gcp' or 'generic'. When not specified, defaults to 'generic'.
+                enum:
+                - generic
+                - aws
+                - azure
+                - gcp
+                type: string
+              ref:
+                description: The OCI reference to pull and monitor for changes, defaults
+                  to the latest tag.
+                properties:
+                  digest:
+                    description: Digest is the image digest to pull, takes precedence
+                      over SemVer. The value should be in the format 'sha256:<HASH>'.
+                    type: string
+                  semver:
+                    description: SemVer is the range of tags to pull selecting the
+                      latest within the range, takes precedence over Tag.
+                    type: string
+                  tag:
+                    description: Tag is the image tag to pull, defaults to latest.
+                    type: string
+                type: object
+              secretRef:
+                description: SecretRef contains the secret name containing the registry
+                  login credentials to resolve image metadata. The secret must be
+                  of type kubernetes.io/dockerconfigjson.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              serviceAccountName:
+                description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
+                  used to authenticate the image pull if the service account has attached
+                  pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
+                type: string
+              suspend:
+                description: This flag tells the controller to suspend the reconciliation
+                  of this source.
+                type: boolean
+              timeout:
+                default: 60s
+                description: The timeout for remote OCI Repository operations like
+                  pulling, defaults to 60s.
+                type: string
+              url:
+                description: URL is a reference to an OCI artifact repository hosted
+                  on a remote container registry.
+                pattern: ^oci://.*$
+                type: string
+            required:
+            - interval
+            - url
+            type: object
+          status:
+            default:
+              observedGeneration: -1
+            description: OCIRepositoryStatus defines the observed state of OCIRepository
+            properties:
+              artifact:
+                description: Artifact represents the output of the last successful
+                  OCI Repository sync.
+                properties:
+                  checksum:
+                    description: Checksum is the SHA256 checksum of the Artifact file.
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime is the timestamp corresponding to
+                      the last update of the Artifact.
+                    format: date-time
+                    type: string
+                  metadata:
+                    additionalProperties:
+                      type: string
+                    description: Metadata holds upstream information such as OCI annotations.
+                    type: object
+                  path:
+                    description: Path is the relative file path of the Artifact. It
+                      can be used to locate the file in the root of the Artifact storage
+                      on the local file system of the controller managing the Source.
+                    type: string
+                  revision:
+                    description: Revision is a human-readable identifier traceable
+                      in the origin source system. It can be a Git commit SHA, Git
+                      tag, a Helm chart version, etc.
+                    type: string
+                  size:
+                    description: Size is the number of bytes in the file.
+                    format: int64
+                    type: integer
+                  url:
+                    description: URL is the HTTP address of the Artifact as exposed
+                      by the controller managing the Source. It can be used to retrieve
+                      the Artifact for consumption, e.g. by another controller applying
+                      the Artifact contents.
+                    type: string
+                required:
+                - path
+                - url
+                type: object
+              conditions:
+                description: Conditions holds the conditions for the OCIRepository.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last observed generation.
+                format: int64
+                type: integer
+              url:
+                description: URL is the download link for the artifact output of the
+                  last OCI Repository sync.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/e2e/test_resources/kluctl-crds.yaml b/e2e/test_resources/kluctl-crds.yaml
new file mode 100644
index 000000000..d16c0d9ea
--- /dev/null
+++ b/e2e/test_resources/kluctl-crds.yaml
@@ -0,0 +1,1592 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: kluctldeployments.flux.kluctl.io
+spec:
+  group: flux.kluctl.io
+  names:
+    kind: KluctlDeployment
+    listKind: KluctlDeploymentList
+    plural: kluctldeployments
+    singular: kluctldeployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.lastDeployResult.time
+      name: Deployed
+      type: date
+    - jsonPath: .status.lastPruneResult.time
+      name: Pruned
+      type: date
+    - jsonPath: .status.lastValidateResult.time
+      name: Validated
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KluctlDeployment is the Schema for the kluctldeployments API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KluctlDeploymentSpec defines the desired state of KluctlDeployment
+            properties:
+              abortOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to abort deployments
+                  immediately when something fails. Equivalent to using '--abort-on-error'
+                  when calling kluctl.
+                type: boolean
+              args:
+                additionalProperties:
+                  type: string
+                description: Args specifies dynamic target args. Only arguments defined
+                  by 'dynamicArgs' of the target are allowed.
+                type: object
+              dependsOn:
+                description: DependsOn may contain a meta.NamespacedObjectReference
+                  slice with references to resources that must be ready before this
+                  kluctl project can be deployed.
+                items:
+                  description: NamespacedObjectReference contains enough information
+                    to locate the referenced Kubernetes resource object in any namespace.
+                  properties:
+                    name:
+                      description: Name of the referent.
+                      type: string
+                    namespace:
+                      description: Namespace of the referent, when not specified it
+                        acts as LocalObjectReference.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              deployInterval:
+                description: DeployInterval specifies the interval at which to deploy
+                  the KluctlDeployment. This is independent of the 'Interval' value,
+                  which only causes deployments if some deployment objects have changed.
+                type: string
+              deployMode:
+                default: full-deploy
+                description: DeployMode specifies what deploy mode should be used
+                enum:
+                - full-deploy
+                - poke-images
+                type: string
+              dryRun:
+                default: false
+                description: DryRun instructs kluctl to run everything in dry-run
+                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                type: boolean
+              excludeDeploymentDirs:
+                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
+                  with the given dir. Equivalent to using '--exclude-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              excludeTags:
+                description: ExcludeTags instructs kluctl to exclude deployments with
+                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                items:
+                  type: string
+                type: array
+              forceApply:
+                default: false
+                description: ForceApply instructs kluctl to force-apply in case of
+                  SSA conflicts. Equivalent to using '--force-apply' when calling
+                  kluctl.
+                type: boolean
+              forceReplaceOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to force-replace
+                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
+                  when calling kluctl.
+                type: boolean
+              images:
+                description: Images contains a list of fixed image overrides. Equivalent
+                  to using '--fixed-images-file' when calling kluctl.
+                items:
+                  properties:
+                    container:
+                      type: string
+                    deployTags:
+                      items:
+                        type: string
+                      type: array
+                    deployedImage:
+                      type: string
+                    deployment:
+                      type: string
+                    deploymentDir:
+                      type: string
+                    image:
+                      type: string
+                    namespace:
+                      type: string
+                    object:
+                      description: ObjectRef contains the information necessary to
+                        locate a resource within a cluster.
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                        version:
+                          type: string
+                      required:
+                      - group
+                      - kind
+                      - name
+                      - namespace
+                      - version
+                      type: object
+                    registryImage:
+                      type: string
+                    resultImage:
+                      type: string
+                    versionFilter:
+                      type: string
+                  required:
+                  - image
+                  - resultImage
+                  type: object
+                type: array
+              includeDeploymentDirs:
+                description: IncludeDeploymentDirs instructs kluctl to only include
+                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              includeTags:
+                description: IncludeTags instructs kluctl to only include deployments
+                  with given tags. Equivalent to using '--include-tag' when calling
+                  kluctl.
+                items:
+                  type: string
+                type: array
+              interval:
+                description: The interval at which to reconcile the KluctlDeployment.
+                type: string
+              kubeConfig:
+                description: The KubeConfig for deploying to the target cluster. Specifies
+                  the kubeconfig to be used when invoking kluctl. Contexts in this
+                  kubeconfig must match the context found in the kluctl target. As
+                  an alternative, RenameContexts can be used to fix non-matching context
+                  names.
+                properties:
+                  secretRef:
+                    description: SecretRef holds the name of a secret that contains
+                      a key with the kubeconfig file as the value. If no key is set,
+                      the key will default to 'value'. The secret must be in the same
+                      namespace as the Kustomization. It is recommended that the kubeconfig
+                      is self-contained, and the secret is regularly updated if credentials
+                      such as a cloud-access-token expire. Cloud specific `cmd-path`
+                      auth helpers will not function without adding binaries and credentials
+                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    properties:
+                      key:
+                        description: Key in the Secret, when not specified an implementation-specific
+                          default key is used.
+                        type: string
+                      name:
+                        description: Name of the Secret.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+              noWait:
+                default: false
+                description: NoWait instructs kluctl to not wait for any resources
+                  to become ready, including hooks. Equivalent to using '--no-wait'
+                  when calling kluctl.
+                type: boolean
+              path:
+                description: Path to the directory containing the .kluctl.yaml file,
+                  or the Defaults to 'None', which translates to the root path of
+                  the SourceRef.
+                type: string
+              prune:
+                default: false
+                description: Prune enables pruning after deploying.
+                type: boolean
+              registrySecrets:
+                description: RegistrySecrets is a list of secret references to be
+                  used for image registry authentication. The secrets must either
+                  have ".dockerconfigjson" included or "registry", "username" and
+                  "password". Additionally, "caFile" and "insecure" can be specified.
+                items:
+                  description: LocalObjectReference contains enough information to
+                    locate the referenced Kubernetes resource object.
+                  properties:
+                    name:
+                      description: Name of the referent.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              renameContexts:
+                description: RenameContexts specifies a list of context rename operations.
+                  This is useful when the kluctl target's context does not match with
+                  the contexts found in the kubeconfig while deploying. This is the
+                  case when using kubeconfigs generated from service accounts, in
+                  which case the context name is always "default".
+                items:
+                  description: RenameContext specifies a single rename of a context
+                  properties:
+                    newContext:
+                      description: NewContext is the new name of the context
+                      type: string
+                    oldContext:
+                      description: OldContext is the name of the context to be renamed
+                      type: string
+                  required:
+                  - newContext
+                  - oldContext
+                  type: object
+                type: array
+              replaceOnError:
+                default: false
+                description: ReplaceOnError instructs kluctl to replace resources
+                  on error. Equivalent to using '--replace-on-error' when calling
+                  kluctl.
+                type: boolean
+              retryInterval:
+                description: The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the KluctlDeploymentSpec.Interval
+                  value to retry failures.
+                type: string
+              serviceAccountName:
+                description: The name of the Kubernetes service account to use while
+                  deploying. If not specified, the default service account is used.
+                type: string
+              sourceRef:
+                description: Reference of the source where the kluctl project is.
+                  The authentication secrets from the source are also used to authenticate
+                  dependent git repositories which are cloned while deploying the
+                  kluctl project.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  kind:
+                    description: Kind of the referent.
+                    enum:
+                    - GitRepository
+                    - Bucket
+                    type: string
+                  name:
+                    description: Name of the referent.
+                    type: string
+                  namespace:
+                    description: Namespace of the referent, defaults to the namespace
+                      of the Kubernetes resource object that contains the reference.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend subsequent
+                  kluctl executions, it does not apply to already started executions.
+                  Defaults to false.
+                type: boolean
+              target:
+                description: Target specifies the kluctl target to deploy
+                maxLength: 63
+                minLength: 1
+                type: string
+              timeout:
+                description: Timeout for all operations. Defaults to 'Interval' duration.
+                type: string
+              updateImages:
+                default: false
+                description: UpdateImages instructs kluctl to update dynamic images.
+                  Equivalent to using '-u' when calling kluctl.
+                type: boolean
+              validateInterval:
+                default: 5m
+                description: ValidateInterval specifies the interval at which to validate
+                  the KluctlDeployment. Validation is performed the same way as with
+                  'kluctl validate -t <target>'. Defaults to 1m.
+                type: string
+            required:
+            - interval
+            - sourceRef
+            - target
+            type: object
+          status:
+            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
+            properties:
+              commonLabels:
+                additionalProperties:
+                  type: string
+                description: CommonLabels are the commonLabels found in the deployment
+                  project when the last deployment was done. This is used to perform
+                  cleanup/deletion in case the KluctlDeployment project is deleted
+                type: object
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    type FooStatus struct{     // Represents the observations of a
+                    foo's current state.     // Known .status.conditions.type are:
+                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
+                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
+                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+                    \n     // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastAttemptedRevision:
+                description: LastAttemptedRevision is the revision of the last reconciliation
+                  attempt.
+                type: string
+              lastDeployResult:
+                description: LastDeployResult is the result of the last deploy command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  result:
+                    properties:
+                      changedObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      deletedObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      errors:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                      hookObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      newObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      orphanObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      seenImages:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                            registryImage:
+                              type: string
+                            resultImage:
+                              type: string
+                            versionFilter:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      warnings:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                    type: object
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  targetName:
+                    description: TargetName is the name of the target
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - targetName
+                - time
+                type: object
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              lastPruneResult:
+                description: LastDeployResult is the result of the last prune command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  result:
+                    properties:
+                      changedObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      deletedObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      errors:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                      hookObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      newObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      orphanObjects:
+                        items:
+                          description: ObjectRef contains the information necessary
+                            to locate a resource within a cluster.
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - group
+                          - kind
+                          - name
+                          - namespace
+                          - version
+                          type: object
+                        type: array
+                      seenImages:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                            registryImage:
+                              type: string
+                            resultImage:
+                              type: string
+                            versionFilter:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      warnings:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                    type: object
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  targetName:
+                    description: TargetName is the name of the target
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - targetName
+                - time
+                type: object
+              lastValidateResult:
+                description: LastValidateResult is the result of the last validate
+                  command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  result:
+                    properties:
+                      errors:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                      ready:
+                        type: boolean
+                      results:
+                        items:
+                          properties:
+                            annotation:
+                              type: string
+                            message:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - annotation
+                          - message
+                          - ref
+                          type: object
+                        type: array
+                      warnings:
+                        items:
+                          properties:
+                            error:
+                              type: string
+                            ref:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                          required:
+                          - error
+                          - ref
+                          type: object
+                        type: array
+                    required:
+                    - ready
+                    type: object
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  targetName:
+                    description: TargetName is the name of the target
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - error
+                - targetName
+                - time
+                type: object
+              observedGeneration:
+                description: ObservedGeneration is the last reconciled generation.
+                format: int64
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: kluctlmultideployments.flux.kluctl.io
+spec:
+  group: flux.kluctl.io
+  names:
+    kind: KluctlMultiDeployment
+    listKind: KluctlMultiDeploymentList
+    plural: kluctlmultideployments
+    singular: kluctlmultideployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.targetPattern
+      name: Pattern
+      type: string
+    - jsonPath: .status.targetCount
+      name: Targets
+      type: integer
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KluctlMultiDeployment is the Schema for the kluctlmultideployments
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: KluctlMultiDeploymentSpec defines the desired state of KluctlMultiDeployment
+            properties:
+              dependsOn:
+                description: DependsOn may contain a meta.NamespacedObjectReference
+                  slice with references to resources that must be ready before this
+                  kluctl project can be deployed.
+                items:
+                  description: NamespacedObjectReference contains enough information
+                    to locate the referenced Kubernetes resource object in any namespace.
+                  properties:
+                    name:
+                      description: Name of the referent.
+                      type: string
+                    namespace:
+                      description: Namespace of the referent, when not specified it
+                        acts as LocalObjectReference.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              interval:
+                description: The interval at which to reconcile the KluctlDeployment.
+                type: string
+              path:
+                description: Path to the directory containing the .kluctl.yaml file,
+                  or the Defaults to 'None', which translates to the root path of
+                  the SourceRef.
+                type: string
+              retryInterval:
+                description: The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the KluctlDeploymentSpec.Interval
+                  value to retry failures.
+                type: string
+              sourceRef:
+                description: Reference of the source where the kluctl project is.
+                  The authentication secrets from the source are also used to authenticate
+                  dependent git repositories which are cloned while deploying the
+                  kluctl project.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  kind:
+                    description: Kind of the referent.
+                    enum:
+                    - GitRepository
+                    - Bucket
+                    type: string
+                  name:
+                    description: Name of the referent.
+                    type: string
+                  namespace:
+                    description: Namespace of the referent, defaults to the namespace
+                      of the Kubernetes resource object that contains the reference.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend subsequent
+                  kluctl executions, it does not apply to already started executions.
+                  Defaults to false.
+                type: boolean
+              targetPattern:
+                description: TargetPattern is the regex pattern used to match targets
+                type: string
+              template:
+                description: Template is the object template used to create KluctlDeploymet
+                  objects
+                properties:
+                  spec:
+                    description: Spec is the KluctlDeployment spec to be used as a
+                      template
+                    properties:
+                      abortOnError:
+                        default: false
+                        description: ForceReplaceOnError instructs kluctl to abort
+                          deployments immediately when something fails. Equivalent
+                          to using '--abort-on-error' when calling kluctl.
+                        type: boolean
+                      args:
+                        additionalProperties:
+                          type: string
+                        description: Args specifies dynamic target args. Only arguments
+                          defined by 'dynamicArgs' of the target are allowed.
+                        type: object
+                      deployInterval:
+                        description: DeployInterval specifies the interval at which
+                          to deploy the KluctlDeployment. This is independent of the
+                          'Interval' value, which only causes deployments if some
+                          deployment objects have changed.
+                        type: string
+                      deployMode:
+                        default: full-deploy
+                        description: DeployMode specifies what deploy mode should
+                          be used
+                        enum:
+                        - full-deploy
+                        - poke-images
+                        type: string
+                      dryRun:
+                        default: false
+                        description: DryRun instructs kluctl to run everything in
+                          dry-run mode. Equivalent to using '--dry-run' when calling
+                          kluctl.
+                        type: boolean
+                      excludeDeploymentDirs:
+                        description: ExcludeDeploymentDirs instructs kluctl to exclude
+                          deployments with the given dir. Equivalent to using '--exclude-deployment-dir'
+                          when calling kluctl.
+                        items:
+                          type: string
+                        type: array
+                      excludeTags:
+                        description: ExcludeTags instructs kluctl to exclude deployments
+                          with given tags. Equivalent to using '--exclude-tag' when
+                          calling kluctl.
+                        items:
+                          type: string
+                        type: array
+                      forceApply:
+                        default: false
+                        description: ForceApply instructs kluctl to force-apply in
+                          case of SSA conflicts. Equivalent to using '--force-apply'
+                          when calling kluctl.
+                        type: boolean
+                      forceReplaceOnError:
+                        default: false
+                        description: ForceReplaceOnError instructs kluctl to force-replace
+                          resources in case a normal replace fails. Equivalent to
+                          using '--force-replace-on-error' when calling kluctl.
+                        type: boolean
+                      images:
+                        description: Images contains a list of fixed image overrides.
+                          Equivalent to using '--fixed-images-file' when calling kluctl.
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              description: ObjectRef contains the information necessary
+                                to locate a resource within a cluster.
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - group
+                              - kind
+                              - name
+                              - namespace
+                              - version
+                              type: object
+                            registryImage:
+                              type: string
+                            resultImage:
+                              type: string
+                            versionFilter:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      includeDeploymentDirs:
+                        description: IncludeDeploymentDirs instructs kluctl to only
+                          include deployments with the given dir. Equivalent to using
+                          '--include-deployment-dir' when calling kluctl.
+                        items:
+                          type: string
+                        type: array
+                      includeTags:
+                        description: IncludeTags instructs kluctl to only include
+                          deployments with given tags. Equivalent to using '--include-tag'
+                          when calling kluctl.
+                        items:
+                          type: string
+                        type: array
+                      interval:
+                        description: The interval at which to reconcile the KluctlDeployment.
+                        type: string
+                      kubeConfig:
+                        description: The KubeConfig for deploying to the target cluster.
+                          Specifies the kubeconfig to be used when invoking kluctl.
+                          Contexts in this kubeconfig must match the context found
+                          in the kluctl target. As an alternative, RenameContexts
+                          can be used to fix non-matching context names.
+                        properties:
+                          secretRef:
+                            description: SecretRef holds the name of a secret that
+                              contains a key with the kubeconfig file as the value.
+                              If no key is set, the key will default to 'value'. The
+                              secret must be in the same namespace as the Kustomization.
+                              It is recommended that the kubeconfig is self-contained,
+                              and the secret is regularly updated if credentials such
+                              as a cloud-access-token expire. Cloud specific `cmd-path`
+                              auth helpers will not function without adding binaries
+                              and credentials to the Pod that is responsible for reconciling
+                              the KluctlDeployment.
+                            properties:
+                              key:
+                                description: Key in the Secret, when not specified
+                                  an implementation-specific default key is used.
+                                type: string
+                              name:
+                                description: Name of the Secret.
+                                type: string
+                            required:
+                            - name
+                            type: object
+                        type: object
+                      noWait:
+                        default: false
+                        description: NoWait instructs kluctl to not wait for any resources
+                          to become ready, including hooks. Equivalent to using '--no-wait'
+                          when calling kluctl.
+                        type: boolean
+                      prune:
+                        default: false
+                        description: Prune enables pruning after deploying.
+                        type: boolean
+                      registrySecrets:
+                        description: RegistrySecrets is a list of secret references
+                          to be used for image registry authentication. The secrets
+                          must either have ".dockerconfigjson" included or "registry",
+                          "username" and "password". Additionally, "caFile" and "insecure"
+                          can be specified.
+                        items:
+                          description: LocalObjectReference contains enough information
+                            to locate the referenced Kubernetes resource object.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      renameContexts:
+                        description: RenameContexts specifies a list of context rename
+                          operations. This is useful when the kluctl target's context
+                          does not match with the contexts found in the kubeconfig
+                          while deploying. This is the case when using kubeconfigs
+                          generated from service accounts, in which case the context
+                          name is always "default".
+                        items:
+                          description: RenameContext specifies a single rename of
+                            a context
+                          properties:
+                            newContext:
+                              description: NewContext is the new name of the context
+                              type: string
+                            oldContext:
+                              description: OldContext is the name of the context to
+                                be renamed
+                              type: string
+                          required:
+                          - newContext
+                          - oldContext
+                          type: object
+                        type: array
+                      replaceOnError:
+                        default: false
+                        description: ReplaceOnError instructs kluctl to replace resources
+                          on error. Equivalent to using '--replace-on-error' when
+                          calling kluctl.
+                        type: boolean
+                      retryInterval:
+                        description: The interval at which to retry a previously failed
+                          reconciliation. When not specified, the controller uses
+                          the KluctlDeploymentSpec.Interval value to retry failures.
+                        type: string
+                      serviceAccountName:
+                        description: The name of the Kubernetes service account to
+                          use while deploying. If not specified, the default service
+                          account is used.
+                        type: string
+                      timeout:
+                        description: Timeout for all operations. Defaults to 'Interval'
+                          duration.
+                        type: string
+                      updateImages:
+                        default: false
+                        description: UpdateImages instructs kluctl to update dynamic
+                          images. Equivalent to using '-u' when calling kluctl.
+                        type: boolean
+                      validateInterval:
+                        default: 5m
+                        description: ValidateInterval specifies the interval at which
+                          to validate the KluctlDeployment. Validation is performed
+                          the same way as with 'kluctl validate -t <target>'. Defaults
+                          to 1m.
+                        type: string
+                    required:
+                    - interval
+                    type: object
+                required:
+                - spec
+                type: object
+              timeout:
+                description: Timeout for all operations. Defaults to 'Interval' duration.
+                type: string
+            required:
+            - interval
+            - sourceRef
+            - targetPattern
+            - template
+            type: object
+          status:
+            description: KluctlMultiDeploymentStatus defines the observed state of
+              KluctlMultiDeployment
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    type FooStatus struct{     // Represents the observations of a
+                    foo's current state.     // Known .status.conditions.type are:
+                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
+                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
+                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
+                    \n     // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastAttemptedRevision:
+                description: LastAttemptedRevision is the revision of the last reconciliation
+                  attempt.
+                type: string
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last reconciled generation.
+                format: int64
+                type: integer
+              targetCount:
+                description: TargetCount is the number of targets detected
+                type: integer
+              targets:
+                description: Targets is the list of detected targets
+                items:
+                  description: KluctlMultiDeploymentTargetStatus describes the status
+                    of a single target
+                  properties:
+                    kluctlDeploymentName:
+                      description: KluctlDeploymentName is the name of the generated
+                        KluctlDeployment object
+                      type: string
+                    name:
+                      description: Name is the name of the detected target
+                      type: string
+                  required:
+                  - kluctlDeploymentName
+                  - name
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/e2e/test_resources/kluctl-deployment.yaml b/e2e/test_resources/kluctl-deployment.yaml
new file mode 100644
index 000000000..e10aeede8
--- /dev/null
+++ b/e2e/test_resources/kluctl-deployment.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: flux.kluctl.io/v1alpha1
+kind: KluctlDeployment
+metadata:
+  name: microservices-demo-test
+  namespace: default
+spec:
+  interval: 10m
+  path: ./simple
+  prune: true
+  renameContexts:
+  - newContext: kind-kind
+    oldContext: default
+  sourceRef:
+    kind: GitRepository
+    name: microservices-demo
+    namespace: default
+  target: simple
+  timeout: 2m
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: microservices-demo
+  namespace: default
+spec:
+  interval: 5m
+  ref:
+    branch: main
+  url: https://github.com/gitbluf/kluctl-examples.git
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 7644d1f09..24d724f66 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -2,9 +2,10 @@ package test_resources
 
 import (
 	"embed"
+	"os"
+
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"os"
 )
 
 //go:embed *.yaml
diff --git a/e2e/utils.go b/e2e/utils.go
index 274f5946c..9798a9de1 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -4,16 +4,17 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/validation"
-	log "github.com/sirupsen/logrus"
 	"io"
 	"os/exec"
 	"reflect"
 	"strings"
 	"testing"
 	"time"
+
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/validation"
+	log "github.com/sirupsen/logrus"
 )
 
 func recreateNamespace(t *testing.T, k *test_utils.KindCluster, namespace string) {
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 8480a2540..1c9e451df 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -7,6 +7,7 @@ import (
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 	"net/http"
 	"net/url"
 	"path/filepath"
@@ -81,3 +82,19 @@ func NewClientFactory(configIn *rest.Config) (ClientFactory, error) {
 		httpClient: httpClient,
 	}, nil
 }
+
+func NewClientFactoryFromDefaultConfig(context *string) (ClientFactory, error) {
+	configOverrides := &clientcmd.ConfigOverrides{}
+	if context != nil {
+		configOverrides.CurrentContext = *context
+	}
+
+	config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		clientcmd.NewDefaultClientConfigLoadingRules(),
+		configOverrides).ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
+	return NewClientFactory(config)
+}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index de92465ac..69bd95feb 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -2,14 +2,19 @@ package k8s
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"io"
+	"sync"
+	"time"
+
 	"github.com/Masterminds/semver/v3"
+
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -378,14 +383,8 @@ type PatchOptions struct {
 	ForceApply  bool
 }
 
-func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
+func (k *K8sCluster) doPatch(ref k8s.ObjectRef, data []byte, patchType types.PatchType, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
-	ref := o.GetK8sRef()
-
-	data, err := yaml.WriteYamlBytes(o)
-	if err != nil {
-		return nil, nil, err
-	}
 
 	po := v1.PatchOptions{
 		FieldManager: "kluctl",
@@ -401,7 +400,7 @@ func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions)
 
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
-		x, err := r.Patch(k.ctx, ref.Name, types.ApplyPatchType, data, po)
+		x, err := r.Patch(k.ctx, ref.Name, patchType, data, po)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
 		}
@@ -411,6 +410,29 @@ func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions)
 	return result, apiWarnings, err
 }
 
+func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
+	data, err := yaml.WriteYamlBytes(o)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return k.doPatch(o.GetK8sRef(), data, types.ApplyPatchType, options)
+}
+
+type JsonPatch struct {
+	Op    string `json:"op"`
+	Path  string `json:"path"`
+	Value any    `json:"value"`
+}
+
+func (k *K8sCluster) PatchObjectWithJsonPatch(ref k8s.ObjectRef, patch interface{}, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
+	data, err := json.Marshal(patch)
+	if err != nil {
+		return nil, nil, err
+	}
+	return k.doPatch(ref, data, types.JSONPatchType, options)
+}
+
 type UpdateOptions struct {
 	ForceDryRun bool
 }

From 0e2503532226dda8bba670d639c05f6268f8d8b6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 09:33:14 +0200
Subject: [PATCH 0386/2268] fix: Remove redundant imports (#52)

---
 pkg/k8s/k8s_cluster.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 69bd95feb..f8e8a07a7 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -26,8 +26,6 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/restmapper"
-	"sync"
-	"time"
 )
 
 type K8sCluster struct {

From 58aa90b428d7c871e17142a8c29456263979b590 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 11:33:05 +0200
Subject: [PATCH 0387/2268] chore: Prepare Makefile for installation/setup of
 envtest

---
 .gitignore |  1 +
 Makefile   | 62 +++++++++++++++++++++++++++++++++++++++++-------------
 2 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8160eea20..d7ad8b4f4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,7 @@
 /kluctl.exe
 /e2e.test*
 /bin
+/build
 /reports
 /vendor
 dist/
diff --git a/Makefile b/Makefile
index 631cc08ee..7d7c482d2 100644
--- a/Makefile
+++ b/Makefile
@@ -8,27 +8,27 @@ TEST_BINARY_NAME=kluctl-e2e
 REQUIRED_ENV_VARS=GOOS GOARCH
 EXPORT_RESULT?=false
 
+# If gobin not set, create one on ./build and add to path.
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(BUILD_DIR)/gobin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+export PATH:=$(GOBIN):${PATH}
+
+# Architecture to use envtest with
+ENVTEST_ARCH ?= amd64
+
 GREEN  := $(shell tput -Txterm setaf 2)
 YELLOW := $(shell tput -Txterm setaf 3)
 WHITE  := $(shell tput -Txterm setaf 7)
 CYAN   := $(shell tput -Txterm setaf 6)
 RESET  := $(shell tput -Txterm sgr0)
 
-.PHONY: all test build check-kubectl check-helm check-kind
+.PHONY: all test build
 
 all: help
 
-## Check:
-
-check-kubectl: ## Checks if kubectl is installed
-	kubectl version --client=true
-
-check-helm: ## Checks if helm is installed
-	helm version
-
-check-kind: ## Checks if kind is installed
-	kind version
-
 ## Build:
 build: build-go ## Run the complete build pipeline
 
@@ -42,11 +42,28 @@ clean: ## Remove build related file
 	rm -fr ./reports
 	rm -fr ./download-python
 
+## Envtest setup
+# Repository root based on Git metadata
+REPOSITORY_ROOT := $(shell git rev-parse --show-toplevel)
+BUILD_DIR := $(REPOSITORY_ROOT)/build
+ENVTEST = $(GOBIN)/setup-envtest
+.PHONY: envtest
+setup-envtest: ## Download envtest-setup locally if necessary.
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+
+# Download the envtest binaries to testbin
+ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin
+ENVTEST_KUBERNETES_VERSION?=latest
+install-envtest: setup-envtest
+	mkdir -p ${ENVTEST_ASSETS_DIR}
+	$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)
+
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite
 
-test-e2e: check-kubectl check-helm check-kind ## Runs the end to end tests
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e
+KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
+test-e2e: install-envtest ## Runs the end to end tests
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e
 
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)
@@ -98,4 +115,19 @@ help: ## Show this help.
 	@awk 'BEGIN {FS = ":.*?## "} { \
 		if (/^[0-9a-zA-Z_-]+:.*?##.*$$/) {printf "    ${YELLOW}%-20s${GREEN}%s${RESET}\n", $$1, $$2} \
 		else if (/^## .*$$/) {printf "  ${CYAN}%s${RESET}\n", substr($$1,4)} \
-		}' $(MAKEFILE_LIST)
\ No newline at end of file
+		}' $(MAKEFILE_LIST)
+
+## Tools
+# go-install-tool will 'go install' any package $2 and install it to $1.
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e ;\
+TMP_DIR=$$(mktemp -d) ;\
+cd $$TMP_DIR ;\
+go mod init tmp ;\
+echo "Downloading $(2)" ;\
+GOBIN=$(GOBIN) go install $(2) ;\
+rm -rf $$TMP_DIR ;\
+}
+endef

From f19dad3dbaa993a14047a37bf9c41c81b4674ebf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 11:35:42 +0200
Subject: [PATCH 0388/2268] tests: Switch to envtest based clusters

---
 e2e/contexts_test.go                   |  14 +-
 e2e/default_clusters.go                |  67 ++-------
 e2e/deploy_test.go                     |   2 +-
 e2e/external_projects_test.go          |   6 +-
 e2e/flux_test.go                       |   4 +-
 e2e/hooks_test.go                      |  20 +--
 e2e/inclusion_test.go                  |   6 +-
 e2e/project.go                         |  15 +-
 e2e/seal_test.go                       |  24 ++--
 e2e/test_resources/resources.go        |   8 +-
 e2e/utils.go                           |  27 ++--
 go.mod                                 |   4 +-
 go.sum                                 |  16 +--
 internal/test-utils/envtest_cluster.go | 100 ++++++++++++++
 internal/test-utils/kind_cluster.go    | 181 -------------------------
 15 files changed, 173 insertions(+), 321 deletions(-)
 create mode 100644 internal/test-utils/envtest_cluster.go
 delete mode 100644 internal/test-utils/kind_cluster.go

diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index b55c5ab6d..34d036a1e 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -3,7 +3,6 @@ package e2e
 import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/client-go/tools/clientcmd/api"
-	"sync"
 	"testing"
 )
 
@@ -12,17 +11,8 @@ func prepareContextTest(t *testing.T, name string) *testProject {
 	p.init(t, defaultKindCluster1, name)
 	p.mergeKubeconfig(defaultKindCluster2)
 
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		defer wg.Done()
-		recreateNamespace(t, defaultKindCluster1, p.projectName)
-	}()
-	go func() {
-		defer wg.Done()
-		recreateNamespace(t, defaultKindCluster2, p.projectName)
-	}()
-	wg.Wait()
+	createNamespace(t, defaultKindCluster1, p.projectName)
+	createNamespace(t, defaultKindCluster2, p.projectName)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 466df5b4f..c042571cc 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -1,62 +1,11 @@
 package e2e
 
 import (
-	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"os"
-	"path/filepath"
-	"strconv"
 	"sync"
 )
 
-func createDefaultKindCluster(num int) (*test_utils.KindCluster, int) {
-	kindClusterName := os.Getenv(fmt.Sprintf("KIND_CLUSTER_NAME%d", num))
-	kindApiHost := os.Getenv(fmt.Sprintf("KIND_API_HOST%d", num))
-	kindApiPort := os.Getenv(fmt.Sprintf("KIND_API_PORT%d", num))
-	kindExtraPortsOffset := os.Getenv(fmt.Sprintf("KIND_EXTRA_PORTS_OFFSET%d", num))
-	kindKubeconfig := os.Getenv(fmt.Sprintf("KIND_KUBECONFIG%d", num))
-	if kindClusterName == "" {
-		kindClusterName = fmt.Sprintf("kluctl-e2e-%d", num)
-	}
-	if kindApiHost == "" {
-		kindApiHost = "localhost"
-	}
-	if kindExtraPortsOffset == "" {
-		kindExtraPortsOffset = fmt.Sprintf("%d", 30000+num*1000)
-	}
-	if kindKubeconfig == "" {
-		kindKubeconfig = filepath.Join(utils.GetTmpBaseDir(), fmt.Sprintf("kluctl-e2e-kubeconfig-%d.yml", num))
-	}
-
-	var err error
-	var kindApiPortInt, kindExtraPortsOffsetInt int64
-
-	if kindApiPort != "" {
-		kindApiPortInt, err = strconv.ParseInt(kindApiPort, 0, 32)
-		if err != nil {
-			panic(err)
-		}
-	}
-	kindExtraPortsOffsetInt, err = strconv.ParseInt(kindExtraPortsOffset, 0, 32)
-	if err != nil {
-		panic(err)
-	}
-
-	vaultPort := int(kindExtraPortsOffsetInt) + 0
-
-	kindExtraPorts := map[int]int{
-		vaultPort: 30000,
-	}
-
-	k, err := test_utils.CreateKindCluster(kindClusterName, kindApiHost, int(kindApiPortInt), kindExtraPorts, kindKubeconfig)
-	if err != nil {
-		panic(err)
-	}
-	return k, vaultPort
-}
-
-var defaultKindCluster1, defaultKindCluster2 *test_utils.KindCluster
+var defaultKindCluster1, defaultKindCluster2 *test_utils.EnvTestCluster
 var defaultKindCluster1VaultPort, defaultKindCluster2VaultPort int
 
 func init() {
@@ -64,13 +13,19 @@ func init() {
 	wg.Add(2)
 	go func() {
 		defer wg.Done()
-		defaultKindCluster1, defaultKindCluster1VaultPort = createDefaultKindCluster(1)
-		deleteTestNamespaces(defaultKindCluster1)
+		var err error
+		defaultKindCluster1, err = test_utils.CreateEnvTestCluster("cluster1")
+		if err != nil {
+			panic(err)
+		}
 	}()
 	go func() {
 		defer wg.Done()
-		defaultKindCluster2, defaultKindCluster2VaultPort = createDefaultKindCluster(2)
-		deleteTestNamespaces(defaultKindCluster2)
+		var err error
+		defaultKindCluster2, err = test_utils.CreateEnvTestCluster("cluster2")
+		if err != nil {
+			panic(err)
+		}
 	}()
 	wg.Wait()
 }
diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index f8d451032..97044e7eb 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -13,7 +13,7 @@ func TestCommandDeploySimple(t *testing.T) {
 	p.init(t, k, "simple")
 	defer p.cleanup()
 
-	recreateNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.projectName)
 
 	p.updateTarget("test", nil)
 
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index 18dbe95ca..f2a4dd9db 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -12,12 +12,12 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	p.init(t, k, fmt.Sprintf("project-%s", namespace))
 	defer p.cleanup()
 
-	recreateNamespace(t, k, namespace)
+	createNamespace(t, k, namespace)
 
 	p.updateKindCluster(k, uo.FromMap(map[string]interface{}{
 		"cluster_var": "cluster_value1",
 	}))
-	p.updateTargetDeprecated("test", k.Name, uo.FromMap(map[string]interface{}{
+	p.updateTargetDeprecated("test", k.Context, uo.FromMap(map[string]interface{}{
 		"target_var": "target_value1",
 	}))
 	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{name: "cm1", namespace: namespace})
@@ -46,7 +46,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
 
-	p.updateTargetDeprecated("test", k.Name, uo.FromMap(map[string]interface{}{
+	p.updateTargetDeprecated("test", k.Context, uo.FromMap(map[string]interface{}{
 		"target_var": "target_value2",
 	}))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 56bde84b3..d11f62790 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -38,7 +38,7 @@ func TestFluxCommands(t *testing.T) {
 	assert.Len(t, annotation, 1, "Annotation not present")
 }
 
-func getKluctlSuspendField(t *testing.T, k *test_utils.KindCluster) interface{} {
+func getKluctlSuspendField(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
 	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
 	result, ok, err := o.GetNestedField("spec", "suspend")
 	fmt.Println(result)
@@ -51,7 +51,7 @@ func getKluctlSuspendField(t *testing.T, k *test_utils.KindCluster) interface{}
 	return result
 }
 
-func getKluctlAnnotations(t *testing.T, k *test_utils.KindCluster) interface{} {
+func getKluctlAnnotations(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
 	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
 	result, ok, err := o.GetNestedField("metadata", "annotations")
 	if err != nil {
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index d105b9a45..4c9cf2930 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -55,7 +55,7 @@ func addConfigMap(p *testProject, dir string, opts resourceOpts) {
 	})
 }
 
-func getHookResult(t *testing.T, p *testProject, k *test_utils.KindCluster, secretName string) *uo.UnstructuredObject {
+func getHookResult(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, secretName string) *uo.UnstructuredObject {
 	o := k.KubectlYamlMust(t, "-n", p.projectName, "get", "secret", secretName)
 	s, ok, err := o.GetNestedString("data", "result")
 	if err != nil {
@@ -75,7 +75,7 @@ func getHookResult(t *testing.T, p *testProject, k *test_utils.KindCluster, secr
 	return r
 }
 
-func getHookResultCMNames(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool) []string {
+func getHookResultCMNames(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool) []string {
 	secretName := "hook-result"
 	if second {
 		secretName = "hook-result2"
@@ -89,7 +89,7 @@ func getHookResultCMNames(t *testing.T, p *testProject, k *test_utils.KindCluste
 	return names
 }
 
-func assertHookResultCMName(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool, cmName string) {
+func assertHookResultCMName(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool, cmName string) {
 	names := getHookResultCMNames(t, p, k, second)
 	for _, x := range names {
 		if x == cmName {
@@ -99,7 +99,7 @@ func assertHookResultCMName(t *testing.T, p *testProject, k *test_utils.KindClus
 	t.Fatalf("%s not found in hook result", cmName)
 }
 
-func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.KindCluster, second bool, cmName string) {
+func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool, cmName string) {
 	names := getHookResultCMNames(t, p, k, second)
 	for _, x := range names {
 		if x == cmName {
@@ -108,7 +108,7 @@ func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.KindC
 	}
 }
 
-func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *test_utils.KindCluster) {
+func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *test_utils.EnvTestCluster) {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
 	k := defaultKindCluster1
@@ -120,7 +120,7 @@ func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletion
 		}
 	}()
 
-	recreateNamespace(t, k, namespace)
+	createNamespace(t, k, namespace)
 
 	p.updateTarget("test", nil)
 
@@ -131,14 +131,14 @@ func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletion
 	return p, k
 }
 
-func ensureHookExecuted(t *testing.T, p *testProject, k *test_utils.KindCluster) {
-	_, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
+func ensureHookExecuted(t *testing.T, p *testProject, k *test_utils.EnvTestCluster) {
+	_, _, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertResourceExists(t, k, p.projectName, "ConfigMap/cm1")
 }
 
-func ensureHookNotExecuted(t *testing.T, p *testProject, k *test_utils.KindCluster) {
-	_, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
+func ensureHookNotExecuted(t *testing.T, p *testProject, k *test_utils.EnvTestCluster) {
+	_, _, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertResourceNotExists(t, k, p.projectName, "Secret/hook-result")
 }
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 0395bff9f..247073d64 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.KindCluster) {
+func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
 	isDone := false
 
 	k := defaultKindCluster1
@@ -20,7 +20,7 @@ func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bo
 		}
 	}()
 
-	recreateNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.projectName)
 
 	p.updateTarget("test", nil)
 
@@ -49,7 +49,7 @@ func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bo
 	return p, k
 }
 
-func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.KindCluster, shouldExists map[string]bool, add []string, remove []string) {
+func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
 	for _, x := range add {
 		shouldExists[x] = true
 	}
diff --git a/e2e/project.go b/e2e/project.go
index 2b67e294a..f540b6b3d 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -37,7 +37,7 @@ type testProject struct {
 	gitServer *test_utils.GitServer
 }
 
-func (p *testProject) init(t *testing.T, k *test_utils.KindCluster, projectName string) {
+func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectName string) {
 	p.t = t
 	p.gitServer = test_utils.NewGitServer(t)
 	p.projectName = projectName
@@ -92,9 +92,9 @@ func (p *testProject) cleanup() {
 	}
 }
 
-func (p *testProject) mergeKubeconfig(k *test_utils.KindCluster) {
+func (p *testProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
-		nkcfg, err := clientcmd.LoadFromFile(k.Kubeconfig)
+		nkcfg, err := clientcmd.Load(k.Kubeconfig)
 		if err != nil {
 			p.t.Fatal(err)
 		}
@@ -187,13 +187,10 @@ func (p *testProject) updateCluster(name string, context string, vars *uo.Unstru
 	}, fmt.Sprintf("add/update cluster %s", name))
 }
 
-func (p *testProject) updateKindCluster(k *test_utils.KindCluster, vars *uo.UnstructuredObject) {
-	context, err := k.Kubectl("config", "current-context")
-	if err != nil {
-		p.t.Fatal(err)
-	}
+func (p *testProject) updateKindCluster(k *test_utils.EnvTestCluster, vars *uo.UnstructuredObject) {
+	context := k.KubectlMust(p.t, "config", "current-context")
 	context = strings.TrimSpace(context)
-	p.updateCluster(k.Name, context, vars)
+	p.updateCluster(k.Context, context, vars)
 }
 
 func (p *testProject) updateTargetDeprecated(name string, cluster string, args *uo.UnstructuredObject) {
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 28e6b976f..da18bb655 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -18,26 +18,26 @@ import (
 	"time"
 )
 
-func installSealedSecretsOperator(k *test_utils.KindCluster) {
+func installSealedSecretsOperator(k *test_utils.EnvTestCluster) {
 	test_resources.ApplyYaml("sealed-secrets.yaml", k)
 }
 
-func waitForSealedSecretsOperator(t *testing.T, k *test_utils.KindCluster) {
+func waitForSealedSecretsOperator(t *testing.T, k *test_utils.EnvTestCluster) {
 	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
 }
 
-func deleteSealedSecretsOperator(k *test_utils.KindCluster) {
+func deleteSealedSecretsOperator(k *test_utils.EnvTestCluster) {
 	test_resources.DeleteYaml("sealed-secrets.yaml", k)
-	_, _ = k.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
-	_, _ = k.Kubectl("-n", "kube-system", "delete", "configmap", "sealed-secrets-key-kluctl-bootstrap", "--wait")
+	_, _, _ = k.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
+	_, _, _ = k.Kubectl("-n", "kube-system", "delete", "configmap", "sealed-secrets-key-kluctl-bootstrap", "--wait")
 }
 
-func installVault(k *test_utils.KindCluster) {
-	_, _ = k.Kubectl("create", "ns", "vault")
+func installVault(k *test_utils.EnvTestCluster) {
+	_, _, _ = k.Kubectl("create", "ns", "vault")
 	test_resources.ApplyYaml("vault.yaml", k)
 }
 
-func waitForVault(t *testing.T, k *test_utils.KindCluster) {
+func waitForVault(t *testing.T, k *test_utils.EnvTestCluster) {
 	waitForReadiness(t, k, "vault", "statefulset/vault", 5*time.Minute)
 }
 
@@ -56,11 +56,11 @@ func init() {
 	wg.Wait()
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.KindCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
 	p := &testProject{}
 	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
 
-	recreateNamespace(t, k, namespace)
+	createNamespace(t, k, namespace)
 
 	addSecretsSet(p, "test", varsSources)
 	addSecretsSetToTarget(p, "test-target", "test")
@@ -84,7 +84,7 @@ func addSecretsSetToTarget(p *testProject, targetName string, secretSetName stri
 	})
 }
 
-func assertDecryptedSecrets(t *testing.T, k *test_utils.KindCluster, namespace string, secretName string, expectedSecrets map[string]string) {
+func assertDecryptedSecrets(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secretName string, expectedSecrets map[string]string) {
 	s := k.KubectlYamlMust(t, "-n", namespace, "get", "secret", secretName)
 
 	for key, value := range expectedSecrets {
@@ -294,7 +294,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	addSecretsSetToTarget(p, "test-target2", "test2")
 
 	p.mergeKubeconfig(defaultKindCluster2)
-	recreateNamespace(t, defaultKindCluster2, namespace)
+	createNamespace(t, defaultKindCluster2, namespace)
 	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
 	})
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 24d724f66..90454201d 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -26,21 +26,21 @@ func GetYamlTmpFile(name string) string {
 	return tmpFile.Name()
 }
 
-func ApplyYaml(name string, k *test_utils.KindCluster) {
+func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 	tmpFile := GetYamlTmpFile(name)
 	defer os.Remove(tmpFile)
 
-	_, err := k.Kubectl("apply", "-f", tmpFile)
+	_, _, err := k.Kubectl("apply", "-f", tmpFile)
 	if err != nil {
 		panic(err)
 	}
 }
 
-func DeleteYaml(name string, k *test_utils.KindCluster) {
+func DeleteYaml(name string, k *test_utils.EnvTestCluster) {
 	tmpFile := GetYamlTmpFile(name)
 	defer os.Remove(tmpFile)
 
-	_, err := k.Kubectl("delete", "-f", tmpFile)
+	_, _, err := k.Kubectl("delete", "-f", tmpFile)
 	if err != nil {
 		panic(err)
 	}
diff --git a/e2e/utils.go b/e2e/utils.go
index 9798a9de1..eaf69dea2 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -17,24 +17,19 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
-func recreateNamespace(t *testing.T, k *test_utils.KindCluster, namespace string) {
-	_, _ = k.Kubectl("delete", "ns", namespace)
+func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
 	k.KubectlMust(t, "create", "ns", namespace)
 	k.KubectlMust(t, "label", "ns", namespace, "kluctl-e2e=true")
 }
 
-func deleteTestNamespaces(k *test_utils.KindCluster) {
-	_, _ = k.Kubectl("delete", "ns", "-l", "kubectl-e2e=true")
-}
-
-func waitForReadiness(t *testing.T, k *test_utils.KindCluster, namespace string, resource string, timeout time.Duration) bool {
+func waitForReadiness(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string, timeout time.Duration) bool {
 	t.Logf("Waiting for readiness: %s/%s", namespace, resource)
 
 	startTime := time.Now()
 	for time.Now().Sub(startTime) < timeout {
-		y, err := k.KubectlYaml("-n", namespace, "get", resource)
+		y, stderr, err := k.KubectlYaml("-n", namespace, "get", resource)
 		if err != nil {
-			if ee, ok := err.(*exec.ExitError); !ok || strings.Index(string(ee.Stderr), "NotFound") == -1 {
+			if strings.Index(stderr, "NotFound") == -1 {
 				t.Fatal(err)
 			}
 			time.Sleep(1 * time.Second)
@@ -61,13 +56,13 @@ func waitForReadiness(t *testing.T, k *test_utils.KindCluster, namespace string,
 	return false
 }
 
-func assertReadiness(t *testing.T, k *test_utils.KindCluster, namespace string, resource string, timeout time.Duration) {
+func assertReadiness(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string, timeout time.Duration) {
 	if !waitForReadiness(t, k, namespace, resource, timeout) {
 		t.Errorf("%s/%s did not get ready in time", namespace, resource)
 	}
 }
 
-func assertResourceExists(t *testing.T, k *test_utils.KindCluster, namespace string, resource string) *uo.UnstructuredObject {
+func assertResourceExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string) *uo.UnstructuredObject {
 	var args []string
 	if namespace != "" {
 		args = append(args, "-n", namespace)
@@ -76,21 +71,17 @@ func assertResourceExists(t *testing.T, k *test_utils.KindCluster, namespace str
 	return k.KubectlYamlMust(t, args...)
 }
 
-func assertResourceNotExists(t *testing.T, k *test_utils.KindCluster, namespace string, resource string) {
+func assertResourceNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string) {
 	var args []string
 	if namespace != "" {
 		args = append(args, "-n", namespace)
 	}
 	args = append(args, "get", resource)
-	_, err := k.KubectlYaml(args...)
+	_, stderr, err := k.KubectlYaml(args...)
 	if err == nil {
 		t.Fatalf("'kubectl get' for %s should not have succeeded", resource)
 	} else {
-		ee, ok := err.(*exec.ExitError)
-		if !ok {
-			t.Fatal(err)
-		}
-		if strings.Index(string(ee.Stderr), "(NotFound)") == -1 {
+		if strings.Index(stderr, "(NotFound)") == -1 {
 			t.Fatal(err)
 		}
 	}
diff --git a/go.mod b/go.mod
index cc78c4587..5a7fa1316 100644
--- a/go.mod
+++ b/go.mod
@@ -53,12 +53,13 @@ require (
 	k8s.io/apimachinery v0.25.2
 	k8s.io/client-go v0.25.2
 	k8s.io/klog/v2 v2.80.1
-	sigs.k8s.io/kind v0.16.0
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
+require sigs.k8s.io/controller-runtime v0.13.0
+
 require (
 	cloud.google.com/go/compute v1.10.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
@@ -76,7 +77,6 @@ require (
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
-	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
diff --git a/go.sum b/go.sum
index 1b9d4d57c..c5651ad7a 100644
--- a/go.sum
+++ b/go.sum
@@ -63,7 +63,6 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
@@ -101,8 +100,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
-github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -163,7 +160,6 @@ github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
@@ -255,6 +251,7 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -616,6 +613,7 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
 github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
@@ -632,7 +630,6 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FI
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
@@ -732,7 +729,6 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
@@ -807,8 +803,10 @@ go.starlark.net v0.0.0-20220926145019-14b050677505/go.mod h1:qsNirHv+Awo5xHuNyQ/
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1098,6 +1096,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1227,6 +1226,7 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1282,10 +1282,10 @@ oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/controller-runtime v0.13.0 h1:iqa5RNciy7ADWnIc8QxCbOX5FEKVR3uxVxKHRMc2WIQ=
+sigs.k8s.io/controller-runtime v0.13.0/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kind v0.16.0 h1:GFXyyxtPnHFKqXr3ZG8/X0+0K9sl69lejStlPn2WQyM=
-sigs.k8s.io/kind v0.16.0/go.mod h1:cKTqagdRyUQmihhBOd+7p43DpOPRn9rHsUC08K1Jbsk=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
new file mode 100644
index 000000000..1151e87a7
--- /dev/null
+++ b/internal/test-utils/envtest_cluster.go
@@ -0,0 +1,100 @@
+package test_utils
+
+import (
+	"bytes"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"testing"
+)
+
+type EnvTestCluster struct {
+	env envtest.Environment
+
+	user       *envtest.AuthenticatedUser
+	Kubeconfig []byte
+	Context    string
+	config     *rest.Config
+}
+
+func CreateEnvTestCluster(context string) (*EnvTestCluster, error) {
+	k := &EnvTestCluster{
+		Context: context,
+	}
+
+	_, err := k.env.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	isOk := false
+	defer func() {
+		if !isOk {
+			_ = k.env.Stop()
+		}
+	}()
+
+	user, err := k.env.AddUser(envtest.User{Name: "default", Groups: []string{"system:masters"}}, &rest.Config{})
+	if err != nil {
+		return nil, err
+	}
+	k.user = user
+
+	kcfg, err := user.KubeConfig()
+	if err != nil {
+		return nil, err
+	}
+	
+	kcfg = bytes.ReplaceAll(kcfg, []byte("envtest"), []byte(context))
+
+	k.Kubeconfig = kcfg
+
+	isOk = true
+	return k, nil
+}
+
+// RESTConfig returns K8s client config to pass to clientset objects
+func (c *EnvTestCluster) RESTConfig() *rest.Config {
+	return c.config
+}
+
+func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
+	kctl, err := c.user.Kubectl()
+	if err != nil {
+		return "", "", err
+	}
+
+	stdout1, stderr1, err := kctl.Run(args...)
+	stdout, _ := io.ReadAll(stdout1)
+	stderr, _ := io.ReadAll(stderr1)
+	return string(stdout), string(stderr), err
+}
+
+func (c *EnvTestCluster) KubectlMust(t *testing.T, args ...string) string {
+	stdout, stderr, err := c.Kubectl(args...)
+	if err != nil {
+		t.Fatalf("%v, stderr=%s\n", err, stderr)
+	}
+	return stdout
+}
+
+func (c *EnvTestCluster) KubectlYaml(args ...string) (*uo.UnstructuredObject, string, error) {
+	args = append(args, "-oyaml")
+	stdout, stderr, err := c.Kubectl(args...)
+	if err != nil {
+		return nil, stderr, err
+	}
+	ret := uo.New()
+	err = yaml.ReadYamlString(stdout, ret)
+	return ret, stderr, err
+}
+
+func (c *EnvTestCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.UnstructuredObject {
+	o, stderr, err := c.KubectlYaml(args...)
+	if err != nil {
+		t.Fatalf("%v, stderr=%s\n", err, stderr)
+	}
+	return o
+}
diff --git a/internal/test-utils/kind_cluster.go b/internal/test-utils/kind_cluster.go
deleted file mode 100644
index 99ad404d7..000000000
--- a/internal/test-utils/kind_cluster.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package test_utils
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"net/url"
-	"os"
-	"os/exec"
-	"sigs.k8s.io/kind/pkg/apis/config/v1alpha4"
-	"sigs.k8s.io/kind/pkg/cluster"
-	kindcmd "sigs.k8s.io/kind/pkg/cmd"
-	"testing"
-	"time"
-)
-
-type KindCluster struct {
-	Name       string
-	Context    string
-	Kubeconfig string
-	config     *rest.Config
-}
-
-func CreateKindCluster(name, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfigPath string) (*KindCluster, error) {
-	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
-
-	c := &KindCluster{
-		Name:       name,
-		Context:    fmt.Sprintf("kind-%s", name),
-		Kubeconfig: kubeconfigPath,
-	}
-
-	n, err := provider.ListNodes(name)
-	if err != nil {
-		return nil, err
-	}
-	if len(n) == 0 {
-		if err := kindCreate(name, apiServerHost, apiServerPort, extraPorts, kubeconfigPath); err != nil {
-			return nil, err
-		}
-	}
-
-	return c, nil
-}
-
-// Delete removes the cluster from kind. The cluster may not be deleted straight away - this only issues a delete command
-func (c *KindCluster) Delete() error {
-	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
-	return provider.Delete(c.Name, c.Kubeconfig)
-}
-
-// RESTConfig returns K8s client config to pass to clientset objects
-func (c *KindCluster) RESTConfig() *rest.Config {
-	if c.config == nil {
-		var err error
-		c.config, err = clientcmd.BuildConfigFromFlags("", c.Kubeconfig)
-		if err != nil {
-			panic(err)
-		}
-	}
-	return c.config
-}
-
-func (c *KindCluster) Kubectl(args ...string) (string, error) {
-	cmd := exec.Command("kubectl", args...)
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, fmt.Sprintf("KUBECONFIG=%s", c.Kubeconfig))
-
-	stdout, err := cmd.Output()
-	return string(stdout), err
-}
-
-func (c *KindCluster) KubectlMust(t *testing.T, args ...string) string {
-	stdout, err := c.Kubectl(args...)
-	if err != nil {
-		if e, ok := err.(*exec.ExitError); ok {
-			t.Fatalf("%v, stderr=%s\n", err, string(e.Stderr))
-		} else {
-			t.Fatal(err)
-		}
-	}
-	return stdout
-}
-
-func (c *KindCluster) KubectlYaml(args ...string) (*uo.UnstructuredObject, error) {
-	args = append(args, "-oyaml")
-	stdout, err := c.Kubectl(args...)
-	if err != nil {
-		return nil, err
-	}
-	ret := uo.New()
-	err = yaml.ReadYamlString(stdout, ret)
-	return ret, err
-}
-
-func (c *KindCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.UnstructuredObject {
-	o, err := c.KubectlYaml(args...)
-	if err != nil {
-		if e, ok := err.(*exec.ExitError); ok {
-			t.Fatalf("%v, stderr=%s\n", err, string(e.Stderr))
-		} else {
-			t.Fatal(err)
-		}
-	}
-	return o
-}
-
-// kindCreate creates the kind cluster. It will retry up to 10 times if cluster creation fails.
-func kindCreate(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
-	var err error
-	for i := 0; i < 10; i++ {
-		err = kindCreate2(name, apiServerHost, apiServerPort, extraPorts, kubeconfig)
-		if err == nil {
-			return nil
-		}
-	}
-	return err
-}
-
-func kindCreate2(name string, apiServerHost string, apiServerPort int, extraPorts map[int]int, kubeconfig string) error {
-	fmt.Printf("🌧️  Creating kind cluster %s with apiServerHost=%s, apiServerPort=%d, extraPorts=%v...\n", name, apiServerHost, apiServerPort, extraPorts)
-	provider := cluster.NewProvider(cluster.ProviderWithLogger(kindcmd.NewLogger()))
-	config := v1alpha4.Cluster{
-		Name: name,
-		Nodes: []v1alpha4.Node{{
-			Role: "control-plane",
-		}},
-		Networking: v1alpha4.Networking{
-			APIServerAddress: "0.0.0.0",
-			APIServerPort:    int32(apiServerPort),
-		},
-	}
-	for hostPort, containerPort := range extraPorts {
-		config.Nodes[0].ExtraPortMappings = append(config.Nodes[0].ExtraPortMappings, v1alpha4.PortMapping{
-			ContainerPort: int32(containerPort),
-			HostPort:      int32(hostPort),
-			ListenAddress: "0.0.0.0",
-			Protocol:      "TCP",
-		})
-	}
-
-	err := provider.Create(
-		name,
-		cluster.CreateWithV1Alpha4Config(&config),
-		cluster.CreateWithNodeImage(""),
-		cluster.CreateWithRetain(false),
-		cluster.CreateWithWaitForReady(time.Duration(0)),
-		cluster.CreateWithKubeconfigPath(kubeconfig),
-		cluster.CreateWithDisplayUsage(false),
-	)
-	if err != nil {
-		return err
-	}
-
-	kcfg, err := clientcmd.LoadFromFile(kubeconfig)
-	if err != nil {
-		return err
-	}
-
-	c := kcfg.Clusters[fmt.Sprintf("kind-%s", name)]
-
-	u, err := url.Parse(c.Server)
-	if err != nil {
-		return err
-	}
-
-	// override api server host and disable TLS verification
-	// this is needed to make it work with remote docker hosts
-	c.InsecureSkipTLSVerify = true
-	c.CertificateAuthorityData = nil
-	c.Server = fmt.Sprintf("https://%s:%s", apiServerHost, u.Port())
-
-	err = clientcmd.WriteToFile(*kcfg, kubeconfig)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

From 80952981c34216cd441586ec3ee6b8efa07e4555 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 12:04:57 +0200
Subject: [PATCH 0389/2268] tests: Rename defaultKindClusterX to
 defaultClusterX

---
 e2e/contexts_test.go          | 48 +++++++++++++++++------------------
 e2e/default_clusters.go       |  6 ++---
 e2e/deploy_test.go            |  2 +-
 e2e/external_projects_test.go |  6 ++---
 e2e/flux_test.go              |  2 +-
 e2e/hooks_test.go             |  2 +-
 e2e/inclusion_test.go         |  2 +-
 e2e/project.go                |  2 +-
 e2e/seal_test.go              | 36 +++++++++++++-------------
 9 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 34d036a1e..5600f3689 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -8,11 +8,11 @@ import (
 
 func prepareContextTest(t *testing.T, name string) *testProject {
 	p := &testProject{}
-	p.init(t, defaultKindCluster1, name)
-	p.mergeKubeconfig(defaultKindCluster2)
+	p.init(t, defaultCluster1, name)
+	p.mergeKubeconfig(defaultCluster2)
 
-	createNamespace(t, defaultKindCluster1, p.projectName)
-	createNamespace(t, defaultKindCluster2, p.projectName)
+	createNamespace(t, defaultCluster1, p.projectName)
+	createNamespace(t, defaultCluster2, p.projectName)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
@@ -33,15 +33,15 @@ func TestContextCurrent(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 
 	p.updateMergedKubeconfig(func(config *api.Config) {
-		config.CurrentContext = defaultKindCluster2.Context
+		config.CurrentContext = defaultCluster2.Context
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 }
 
 func TestContext1(t *testing.T) {
@@ -51,12 +51,12 @@ func TestContext1(t *testing.T) {
 	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 }
 
 func TestContext2(t *testing.T) {
@@ -66,12 +66,12 @@ func TestContext2(t *testing.T) {
 	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
 }
 
 func TestContext1And2(t *testing.T) {
@@ -81,18 +81,18 @@ func TestContext1And2(t *testing.T) {
 	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 	p.updateTarget("test2", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test2")
-	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 }
 
 func TestContextSwitch(t *testing.T) {
@@ -102,17 +102,17 @@ func TestContextSwitch(t *testing.T) {
 	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultKindCluster2, p.projectName, "ConfigMap/cm")
+	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 }
diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index c042571cc..1d632c7b4 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -5,7 +5,7 @@ import (
 	"sync"
 )
 
-var defaultKindCluster1, defaultKindCluster2 *test_utils.EnvTestCluster
+var defaultCluster1, defaultCluster2 *test_utils.EnvTestCluster
 var defaultKindCluster1VaultPort, defaultKindCluster2VaultPort int
 
 func init() {
@@ -14,7 +14,7 @@ func init() {
 	go func() {
 		defer wg.Done()
 		var err error
-		defaultKindCluster1, err = test_utils.CreateEnvTestCluster("cluster1")
+		defaultCluster1, err = test_utils.CreateEnvTestCluster("cluster1")
 		if err != nil {
 			panic(err)
 		}
@@ -22,7 +22,7 @@ func init() {
 	go func() {
 		defer wg.Done()
 		var err error
-		defaultKindCluster2, err = test_utils.CreateEnvTestCluster("cluster2")
+		defaultCluster2, err = test_utils.CreateEnvTestCluster("cluster2")
 		if err != nil {
 			panic(err)
 		}
diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index 97044e7eb..9e54ebcf8 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -7,7 +7,7 @@ import (
 func TestCommandDeploySimple(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 
 	p := &testProject{}
 	p.init(t, k, "simple")
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
index f2a4dd9db..94e6aebc6 100644
--- a/e2e/external_projects_test.go
+++ b/e2e/external_projects_test.go
@@ -7,14 +7,14 @@ import (
 )
 
 func doTestProject(t *testing.T, namespace string, p *testProject) {
-	k := defaultKindCluster1
+	k := defaultCluster1
 
 	p.init(t, k, fmt.Sprintf("project-%s", namespace))
 	defer p.cleanup()
 
 	createNamespace(t, k, namespace)
 
-	p.updateKindCluster(k, uo.FromMap(map[string]interface{}{
+	p.updateEnvTestCluster(k, uo.FromMap(map[string]interface{}{
 		"cluster_var": "cluster_value1",
 	}))
 	p.updateTargetDeprecated("test", k.Context, uo.FromMap(map[string]interface{}{
@@ -38,7 +38,7 @@ func doTestProject(t *testing.T, namespace string, p *testProject) {
 	assertNestedFieldEquals(t, o, "cluster_value1", "data", "cluster_var")
 	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
 
-	p.updateKindCluster(k, uo.FromMap(map[string]interface{}{
+	p.updateEnvTestCluster(k, uo.FromMap(map[string]interface{}{
 		"cluster_var": "cluster_value2",
 	}))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index d11f62790..1b604dccb 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -12,7 +12,7 @@ import (
 func TestFluxCommands(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 
 	p := &testProject{}
 	p.init(t, k, "simple")
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 4c9cf2930..395640e7b 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -111,7 +111,7 @@ func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.EnvTe
 func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *test_utils.EnvTestCluster) {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
-	k := defaultKindCluster1
+	k := defaultCluster1
 	p := &testProject{}
 	p.init(t, k, namespace)
 	defer func() {
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 247073d64..243584b03 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -11,7 +11,7 @@ import (
 func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
 	isDone := false
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 	p := &testProject{}
 	p.init(t, k, namespace)
 	defer func() {
diff --git a/e2e/project.go b/e2e/project.go
index f540b6b3d..39996fa5b 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -187,7 +187,7 @@ func (p *testProject) updateCluster(name string, context string, vars *uo.Unstru
 	}, fmt.Sprintf("add/update cluster %s", name))
 }
 
-func (p *testProject) updateKindCluster(k *test_utils.EnvTestCluster, vars *uo.UnstructuredObject) {
+func (p *testProject) updateEnvTestCluster(k *test_utils.EnvTestCluster, vars *uo.UnstructuredObject) {
 	context := k.KubectlMust(p.t, "config", "current-context")
 	context = strings.TrimSpace(context)
 	p.updateCluster(k.Context, context, vars)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index da18bb655..f74a7544a 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -46,12 +46,12 @@ func init() {
 	wg.Add(2)
 	go func() {
 		defer wg.Done()
-		installSealedSecretsOperator(defaultKindCluster1)
-		installVault(defaultKindCluster1)
+		installSealedSecretsOperator(defaultCluster1)
+		installVault(defaultCluster1)
 	}()
 	go func() {
 		defer wg.Done()
-		installSealedSecretsOperator(defaultKindCluster2)
+		installSealedSecretsOperator(defaultCluster2)
 	}()
 	wg.Wait()
 }
@@ -95,7 +95,7 @@ func assertDecryptedSecrets(t *testing.T, k *test_utils.EnvTestCluster, namespac
 }
 
 func TestSeal_WithOperator(t *testing.T) {
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-with-operator"
 
 	waitForSealedSecretsOperator(t, k)
@@ -131,7 +131,7 @@ func TestSeal_WithOperator(t *testing.T) {
 }
 
 func TestSeal_WithBootstrap(t *testing.T) {
-	k := defaultKindCluster2
+	k := defaultCluster2
 	namespace := "seal-with-bootstrap"
 
 	// we still wait for it to be ready before we then delete it
@@ -175,7 +175,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 func TestSeal_MultipleVarSources(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-multiple-vs"
 
 	waitForSealedSecretsOperator(t, k)
@@ -217,7 +217,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 func TestSeal_MultipleSecretSets(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-multiple-ss"
 
 	waitForSealedSecretsOperator(t, k)
@@ -261,11 +261,11 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 }
 
 func TestSeal_MultipleTargets(t *testing.T) {
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-multiple-targets"
 
 	waitForSealedSecretsOperator(t, k)
-	waitForSealedSecretsOperator(t, defaultKindCluster2)
+	waitForSealedSecretsOperator(t, defaultCluster2)
 
 	p := prepareSealTest(t, k, namespace,
 		map[string]string{
@@ -293,13 +293,13 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	})
 	addSecretsSetToTarget(p, "test-target2", "test2")
 
-	p.mergeKubeconfig(defaultKindCluster2)
-	createNamespace(t, defaultKindCluster2, namespace)
+	p.mergeKubeconfig(defaultCluster2)
+	createNamespace(t, defaultCluster2, namespace)
 	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster1.Context, "context")
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 	p.updateTarget("test-target2", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultKindCluster2.Context, "context")
+		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("seal", "-t", "test-target")
@@ -317,8 +317,8 @@ func TestSeal_MultipleTargets(t *testing.T) {
 		"s1": "v1",
 		"s2": "v2",
 	})
-	waitForReadiness(t, defaultKindCluster2, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, defaultKindCluster2, namespace, "secret", map[string]string{
+	waitForReadiness(t, defaultCluster2, namespace, "secret/secret", 1*time.Minute)
+	assertDecryptedSecrets(t, defaultCluster2, namespace, "secret", map[string]string{
 		"s1": "v3",
 		"s2": "v4",
 	})
@@ -327,7 +327,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 func TestSeal_File(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-file"
 
 	waitForSealedSecretsOperator(t, k)
@@ -372,13 +372,13 @@ func TestSeal_File(t *testing.T) {
 func TestSeal_Vault(t *testing.T) {
 	t.Parallel()
 
-	k := defaultKindCluster1
+	k := defaultCluster1
 	namespace := "seal-vault"
 
 	waitForSealedSecretsOperator(t, k)
 	waitForVault(t, k)
 
-	u, err := url.Parse(defaultKindCluster1.RESTConfig().Host)
+	u, err := url.Parse(defaultCluster1.RESTConfig().Host)
 	if err != nil {
 		t.Fatal(err)
 	}

From dfc44a928a70d693b336663700d8c4f88b4eff78 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 12:16:24 +0200
Subject: [PATCH 0390/2268] tests: Enforce use of modified kubeconfig in
 Kubectl calls

---
 internal/test-utils/envtest_cluster.go | 30 +++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index 1151e87a7..eba311716 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -2,10 +2,13 @@ package test_utils
 
 import (
 	"bytes"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"k8s.io/client-go/rest"
+	"os"
+	"os/exec"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"testing"
 )
@@ -46,7 +49,7 @@ func CreateEnvTestCluster(context string) (*EnvTestCluster, error) {
 	if err != nil {
 		return nil, err
 	}
-	
+
 	kcfg = bytes.ReplaceAll(kcfg, []byte("envtest"), []byte(context))
 
 	k.Kubeconfig = kcfg
@@ -61,14 +64,31 @@ func (c *EnvTestCluster) RESTConfig() *rest.Config {
 }
 
 func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
-	kctl, err := c.user.Kubectl()
+	tmp, err := os.CreateTemp("", "")
 	if err != nil {
 		return "", "", err
 	}
+	defer func() {
+		tmp.Close()
+		os.Remove(tmp.Name())
+	}()
+
+	_, err = tmp.Write(c.Kubeconfig)
+	if err != nil {
+		return "", "", err
+	}
+
+	stdoutBuffer := &bytes.Buffer{}
+	stderrBuffer := &bytes.Buffer{}
+	allArgs := append([]string{fmt.Sprintf("--kubeconfig=%s", tmp.Name())}, args...)
+
+	cmd := exec.Command(c.env.ControlPlane.KubectlPath, allArgs...)
+	cmd.Stdout = stdoutBuffer
+	cmd.Stderr = stderrBuffer
 
-	stdout1, stderr1, err := kctl.Run(args...)
-	stdout, _ := io.ReadAll(stdout1)
-	stderr, _ := io.ReadAll(stderr1)
+	err = cmd.Run()
+	stdout, _ := io.ReadAll(stdoutBuffer)
+	stderr, _ := io.ReadAll(stderrBuffer)
 	return string(stdout), string(stderr), err
 }
 

From 15ba31bab821aef6ae4b359d8312b70108c24934 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 23:35:44 +0200
Subject: [PATCH 0391/2268] tests: Implement webhook callbacks in
 EnvTestCluster

---
 internal/test-utils/envtest_cluster.go        |  46 +++++---
 .../test-utils/envtest_cluster_callback.go    | 109 ++++++++++++++++++
 2 files changed, 141 insertions(+), 14 deletions(-)
 create mode 100644 internal/test-utils/envtest_cluster_callback.go

diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index eba311716..7683f8079 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -2,6 +2,7 @@ package test_utils
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -10,52 +11,69 @@ import (
 	"os"
 	"os/exec"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"testing"
 )
 
 type EnvTestCluster struct {
-	env envtest.Environment
+	env     envtest.Environment
+	started bool
 
 	user       *envtest.AuthenticatedUser
 	Kubeconfig []byte
 	Context    string
 	config     *rest.Config
+
+	callbackServer     webhook.Server
+	callbackServerStop context.CancelFunc
 }
 
-func CreateEnvTestCluster(context string) (*EnvTestCluster, error) {
+func CreateEnvTestCluster(context string) *EnvTestCluster {
 	k := &EnvTestCluster{
 		Context: context,
 	}
+	return k
+}
 
+func (k *EnvTestCluster) Start() error {
 	_, err := k.env.Start()
 	if err != nil {
-		return nil, err
+		return err
 	}
+	k.started = true
 
-	isOk := false
-	defer func() {
-		if !isOk {
-			_ = k.env.Stop()
-		}
-	}()
+	err = k.startCallbackServer()
+	if err != nil {
+		return err
+	}
 
 	user, err := k.env.AddUser(envtest.User{Name: "default", Groups: []string{"system:masters"}}, &rest.Config{})
 	if err != nil {
-		return nil, err
+		return err
 	}
 	k.user = user
 
 	kcfg, err := user.KubeConfig()
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	kcfg = bytes.ReplaceAll(kcfg, []byte("envtest"), []byte(context))
+	kcfg = bytes.ReplaceAll(kcfg, []byte("envtest"), []byte(k.Context))
 
 	k.Kubeconfig = kcfg
 
-	isOk = true
-	return k, nil
+	return nil
+}
+
+func (c *EnvTestCluster) Stop() {
+	if c.started {
+		_ = c.env.Stop()
+		c.started = false
+	}
+	if c.callbackServerStop != nil {
+		c.callbackServerStop()
+		c.callbackServerStop = nil
+	}
 }
 
 // RESTConfig returns K8s client config to pass to clientset objects
diff --git a/internal/test-utils/envtest_cluster_callback.go b/internal/test-utils/envtest_cluster_callback.go
new file mode 100644
index 000000000..2ec870b3c
--- /dev/null
+++ b/internal/test-utils/envtest_cluster_callback.go
@@ -0,0 +1,109 @@
+package test_utils
+
+import (
+	"context"
+	"fmt"
+	"github.com/go-logr/logr"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	admissionv1 "k8s.io/api/admissionregistration/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"net/http"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+type CallbackHandler func(o *uo.UnstructuredObject)
+
+func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb CallbackHandler) http.Handler {
+	wh := &webhook.Admission{
+		Handler: admission.HandlerFunc(func(ctx context.Context, request admission.Request) admission.Response {
+			k.serveCallback(gvr, request, cb)
+			return admission.Allowed("")
+		}),
+	}
+	_ = wh.InjectLogger(logr.New(log.NullLogSink{}))
+	return wh
+}
+
+func (k *EnvTestCluster) serveCallback(gvr schema.GroupVersionResource, request admission.Request, cb CallbackHandler) {
+	o, err := uo.FromString(string(request.Object.Raw))
+	if err != nil {
+		panic(err)
+	}
+
+	cb(o)
+}
+
+func (k *EnvTestCluster) startCallbackServer() error {
+	k.callbackServer.Host = k.env.WebhookInstallOptions.LocalServingHost
+	k.callbackServer.Port = k.env.WebhookInstallOptions.LocalServingPort
+	k.callbackServer.CertDir = k.env.WebhookInstallOptions.LocalServingCertDir
+
+	ctx, cancel := context.WithCancel(context.Background())
+	k.callbackServerStop = cancel
+
+	go func() {
+		_ = k.callbackServer.Start(ctx)
+	}()
+
+	return nil
+}
+
+func (k *EnvTestCluster) AddWebhookCallback(gvr schema.GroupVersionResource, isNamespaced bool, cb CallbackHandler) {
+	scope := admissionv1.ClusterScope
+	if isNamespaced {
+		scope = admissionv1.NamespacedScope
+	}
+
+	failedTypeV1 := admissionv1.Fail
+	equivalentTypeV1 := admissionv1.Equivalent
+	noSideEffectsV1 := admissionv1.SideEffectClassNone
+	timeout := int32(30)
+
+	group := gvr.Group
+	if gvr.Group == "" {
+		group = "none"
+	}
+	name := fmt.Sprintf("%s-%s-%s-callback", group, gvr.Version, gvr.Resource)
+	path := "/" + name
+
+	k.env.WebhookInstallOptions.ValidatingWebhooks = append(k.env.WebhookInstallOptions.ValidatingWebhooks, &admissionv1.ValidatingWebhookConfiguration{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ValidatingWebhookConfiguration",
+			APIVersion: "admissionregistration.k8s.io/v1",
+		},
+		Webhooks: []admissionv1.ValidatingWebhook{
+			{
+				Name: fmt.Sprintf("%s.callback.kubectl.io", name),
+				Rules: []admissionv1.RuleWithOperations{
+					{
+						Operations: []admissionv1.OperationType{"CREATE", "UPDATE"},
+						Rule: admissionv1.Rule{
+							APIGroups:   []string{gvr.Group},
+							APIVersions: []string{gvr.Version},
+							Resources:   []string{gvr.Resource},
+							Scope:       &scope,
+						},
+					},
+				},
+				FailurePolicy: &failedTypeV1,
+				MatchPolicy:   &equivalentTypeV1,
+				SideEffects:   &noSideEffectsV1,
+				ClientConfig: admissionv1.WebhookClientConfig{
+					Service: &admissionv1.ServiceReference{
+						Path: &name,
+					},
+				},
+				AdmissionReviewVersions: []string{"v1"},
+				TimeoutSeconds:          &timeout,
+			},
+		},
+	})
+
+	k.callbackServer.Register(path, k.buildServeCallback(gvr, cb))
+}

From c3daf546e27dc3aff0a2dee6a85ebe04572bb4cc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 23:36:08 +0200
Subject: [PATCH 0392/2268] tests: Simplify hook tests by using webhook
 callbacks

---
 e2e/default_clusters.go |   9 +-
 e2e/hooks_test.go       | 268 +++++++++++++++-------------------------
 2 files changed, 107 insertions(+), 170 deletions(-)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 1d632c7b4..b65f26b6d 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -5,7 +5,8 @@ import (
 	"sync"
 )
 
-var defaultCluster1, defaultCluster2 *test_utils.EnvTestCluster
+var defaultCluster1 = test_utils.CreateEnvTestCluster("cluster1")
+var defaultCluster2 = test_utils.CreateEnvTestCluster("cluster2")
 var defaultKindCluster1VaultPort, defaultKindCluster2VaultPort int
 
 func init() {
@@ -13,16 +14,14 @@ func init() {
 	wg.Add(2)
 	go func() {
 		defer wg.Done()
-		var err error
-		defaultCluster1, err = test_utils.CreateEnvTestCluster("cluster1")
+		err := defaultCluster1.Start()
 		if err != nil {
 			panic(err)
 		}
 	}()
 	go func() {
 		defer wg.Done()
-		var err error
-		defaultCluster2, err = test_utils.CreateEnvTestCluster("cluster2")
+		err := defaultCluster2.Start()
 		if err != nil {
 			panic(err)
 		}
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 395640e7b..f860553ed 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -1,27 +1,58 @@
 package e2e
 
 import (
-	"encoding/base64"
 	"fmt"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"testing"
 
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
-const hookScript = `
-kubectl get configmap -oyaml > /tmp/result.yml
-cat /tmp/result.yml
-if ! kubectl get secret {{ .name }}-result; then
-    name="{{ .name }}-result"
-else
-    name="{{ .name }}-result2"
-fi
-kubectl create secret generic $name --from-file=result=/tmp/result.yml
-kubectl delete configmap cm2 || true
-`
-
-func addHookDeployment(p *testProject, dir string, opts resourceOpts, isHelm bool, hook string, hookDeletionPolicy string) {
+type HookTestSuite struct {
+	suite.Suite
+
+	k *test_utils.EnvTestCluster
+
+	seenConfigMaps []string
+}
+
+func TestHooks(t *testing.T) {
+	suite.Run(t, &HookTestSuite{})
+}
+
+func (s *HookTestSuite) SetupSuite() {
+	s.clearSeenConfigmaps()
+
+	s.k = test_utils.CreateEnvTestCluster("cluster1")
+	s.k.AddWebhookCallback(schema.GroupVersionResource{
+		Version: "v1", Resource: "configmaps",
+	}, true, s.handleConfigmap)
+	err := s.k.Start()
+	if err != nil {
+		s.T().Fatal(err)
+	}
+}
+
+func (s *HookTestSuite) TearDownSuite() {
+	s.k.Stop()
+}
+
+func (s *HookTestSuite) SetupTest() {
+	s.clearSeenConfigmaps()
+}
+
+func (s *HookTestSuite) handleConfigmap(o *uo.UnstructuredObject) {
+	s.seenConfigMaps = append(s.seenConfigMaps, o.GetK8sName())
+}
+
+func (s *HookTestSuite) clearSeenConfigmaps() {
+	s.seenConfigMaps = nil
+}
+
+func (s *HookTestSuite) addHookConfigMap(p *testProject, dir string, opts resourceOpts, isHelm bool, hook string, hookDeletionPolicy string) {
 	annotations := make(map[string]string)
 	if isHelm {
 		annotations["helm.sh/hook"] = hook
@@ -35,17 +66,12 @@ func addHookDeployment(p *testProject, dir string, opts resourceOpts, isHelm boo
 		annotations["kluctl.io/hook-deletion-policy"] = hookDeletionPolicy
 	}
 
-	script := renderTemplateHelper(hookScript, map[string]interface{}{
-		"name":      opts.name,
-		"namespace": opts.namespace,
-	})
-
 	opts.annotations = uo.CopyMergeStrMap(opts.annotations, annotations)
 
-	addJobDeployment(p, dir, opts, "bitnami/kubectl:1.21", []string{"sh"}, []string{"-c", script})
+	s.addConfigMap(p, dir, opts)
 }
 
-func addConfigMap(p *testProject, dir string, opts resourceOpts) {
+func (s *HookTestSuite) addConfigMap(p *testProject, dir string, opts resourceOpts) {
 	o := uo.New()
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
@@ -55,203 +81,115 @@ func addConfigMap(p *testProject, dir string, opts resourceOpts) {
 	})
 }
 
-func getHookResult(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, secretName string) *uo.UnstructuredObject {
-	o := k.KubectlYamlMust(t, "-n", p.projectName, "get", "secret", secretName)
-	s, ok, err := o.GetNestedString("data", "result")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !ok {
-		t.Fatalf("result not found")
-	}
-	b, err := base64.StdEncoding.DecodeString(s)
-	if err != nil {
-		t.Fatal(err)
-	}
-	r, err := uo.FromString(string(b))
-	if err != nil {
-		t.Fatal(err)
-	}
-	return r
-}
-
-func getHookResultCMNames(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool) []string {
-	secretName := "hook-result"
-	if second {
-		secretName = "hook-result2"
-	}
-	o := getHookResult(t, p, k, secretName)
-	items, _, _ := o.GetNestedObjectList("items")
-	var names []string
-	for _, x := range items {
-		names = append(names, x.GetK8sName())
-	}
-	return names
-}
-
-func assertHookResultCMName(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool, cmName string) {
-	names := getHookResultCMNames(t, p, k, second)
-	for _, x := range names {
-		if x == cmName {
-			return
-		}
-	}
-	t.Fatalf("%s not found in hook result", cmName)
-}
-
-func assertHookResultNotCMName(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, second bool, cmName string) {
-	names := getHookResultCMNames(t, p, k, second)
-	for _, x := range names {
-		if x == cmName {
-			t.Fatalf("%s found in hook result", cmName)
-		}
-	}
-}
-
-func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) (*testProject, *test_utils.EnvTestCluster) {
+func (s *HookTestSuite) prepareHookTestProject(name string, hook string, hookDeletionPolicy string) *testProject {
 	isDone := false
 	namespace := fmt.Sprintf("hook-%s", name)
-	k := defaultCluster1
 	p := &testProject{}
-	p.init(t, k, namespace)
+	p.init(s.T(), s.k, namespace)
 	defer func() {
 		if !isDone {
 			p.cleanup()
 		}
 	}()
 
-	createNamespace(t, k, namespace)
+	createNamespace(s.T(), s.k, namespace)
 
 	p.updateTarget("test", nil)
 
-	addHookDeployment(p, "hook", resourceOpts{name: "hook", namespace: namespace}, false, hook, hookDeletionPolicy)
-	addConfigMap(p, "hook", resourceOpts{name: "cm1", namespace: namespace})
+	p.addKustomizeDeployment("hook", nil, nil)
+
+	s.addConfigMap(p, "hook", resourceOpts{name: "cm1", namespace: namespace})
+	s.addHookConfigMap(p, "hook", resourceOpts{name: "hook1", namespace: namespace}, false, hook, hookDeletionPolicy)
 
 	isDone = true
-	return p, k
+	return p
 }
 
-func ensureHookExecuted(t *testing.T, p *testProject, k *test_utils.EnvTestCluster) {
-	_, _, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
+func (s *HookTestSuite) ensureHookExecuted(p *testProject, expectedCms ...string) {
+	s.clearSeenConfigmaps()
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceExists(t, k, p.projectName, "ConfigMap/cm1")
+	assert.Equal(s.T(), expectedCms, s.seenConfigMaps)
 }
 
-func ensureHookNotExecuted(t *testing.T, p *testProject, k *test_utils.EnvTestCluster) {
-	_, _, _ = k.Kubectl("delete", "-n", p.projectName, "secret", "hook-result", "hook-result2")
+func (s *HookTestSuite) ensureHookNotExecuted(p *testProject) {
+	_, _, _ = s.k.Kubectl("delete", "-n", p.projectName, "configmaps", "cm1")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceNotExists(t, k, p.projectName, "Secret/hook-result")
+	assertResourceNotExists(s.T(), s.k, p.projectName, "ConfigMap/cm1")
 }
 
-func TestHooksPreDeployInitial(t *testing.T) {
-	t.Parallel()
-	p, k := prepareHookTestProject(t, "pre-deploy-initial", "pre-deploy-initial", "")
+func (s *HookTestSuite) TestHooksPreDeployInitial() {
+	p := s.prepareHookTestProject("pre-deploy-initial", "pre-deploy-initial", "")
 	defer p.cleanup()
-	ensureHookExecuted(t, p, k)
-	assertHookResultNotCMName(t, p, k, false, "cm1")
-	ensureHookNotExecuted(t, p, k)
+	s.ensureHookExecuted(p, "hook1", "cm1")
+	s.ensureHookExecuted(p, "cm1")
 }
 
-func TestHooksPostDeployInitial(t *testing.T) {
-	t.Parallel()
-	p, k := prepareHookTestProject(t, "post-deploy-initial", "post-deploy-initial", "")
+func (s *HookTestSuite) TestHooksPostDeployInitial() {
+	p := s.prepareHookTestProject("post-deploy-initial", "post-deploy-initial", "")
 	defer p.cleanup()
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
-	ensureHookNotExecuted(t, p, k)
+	s.ensureHookExecuted(p, "cm1", "hook1")
+	s.ensureHookExecuted(p, "cm1")
 }
 
-func TestHooksPreDeployUpgrade(t *testing.T) {
-	t.Parallel()
-	p, k := prepareHookTestProject(t, "pre-deploy-upgrade", "pre-deploy-upgrade", "")
+func (s *HookTestSuite) TestHooksPreDeployUpgrade() {
+	p := s.prepareHookTestProject("pre-deploy-upgrade", "pre-deploy-upgrade", "")
 	defer p.cleanup()
-	addConfigMap(p, "hook", resourceOpts{name: "cm2", namespace: p.projectName})
-	ensureHookNotExecuted(t, p, k)
-	k.KubectlMust(t, "delete", "-n", p.projectName, "configmap", "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultNotCMName(t, p, k, false, "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
+	s.ensureHookExecuted(p, "cm1")
+	s.ensureHookExecuted(p, "hook1", "cm1")
+	s.ensureHookExecuted(p, "hook1", "cm1")
 }
 
-func TestHooksPostDeployUpgrade(t *testing.T) {
-	t.Parallel()
-	p, k := prepareHookTestProject(t, "post-deploy-upgrade", "post-deploy-upgrade", "")
+func (s *HookTestSuite) TestHooksPostDeployUpgrade() {
+	p := s.prepareHookTestProject("post-deploy-upgrade", "post-deploy-upgrade", "")
 	defer p.cleanup()
-	addConfigMap(p, "hook", resourceOpts{name: "cm2", namespace: p.projectName})
-	ensureHookNotExecuted(t, p, k)
-	k.KubectlMust(t, "delete", "-n", p.projectName, "configmap", "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
+	s.ensureHookExecuted(p, "cm1")
+	s.ensureHookExecuted(p, "cm1", "hook1")
+	s.ensureHookExecuted(p, "cm1", "hook1")
 }
 
-func doTestHooksPreDeploy(t *testing.T, name string, hooks string) {
-	p, k := prepareHookTestProject(t, name, hooks, "")
+func (s *HookTestSuite) doTestHooksPreDeploy(name string, hooks string) {
+	p := s.prepareHookTestProject(name, hooks, "")
 	defer p.cleanup()
-	addConfigMap(p, "hook", resourceOpts{name: "cm2", namespace: p.projectName})
-	ensureHookExecuted(t, p, k)
-	k.KubectlMust(t, "delete", "-n", p.projectName, "configmap", "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultNotCMName(t, p, k, false, "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
+	s.ensureHookExecuted(p, "hook1", "cm1")
+	s.ensureHookExecuted(p, "hook1", "cm1")
 }
 
-func doTestHooksPostDeploy(t *testing.T, name string, hooks string) {
-	p, k := prepareHookTestProject(t, name, hooks, "")
+func (s *HookTestSuite) doTestHooksPostDeploy(name string, hooks string) {
+	p := s.prepareHookTestProject(name, hooks, "")
 	defer p.cleanup()
-	addConfigMap(p, "hook", resourceOpts{name: "cm2", namespace: p.projectName})
-	ensureHookExecuted(t, p, k)
-	k.KubectlMust(t, "delete", "-n", p.projectName, "configmap", "cm1")
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
+	s.ensureHookExecuted(p, "cm1", "hook1")
+	s.ensureHookExecuted(p, "cm1", "hook1")
 }
 
-func doTestHooksPrePostDeploy(t *testing.T, name string, hooks string) {
-	p, k := prepareHookTestProject(t, name, hooks, "")
+func (s *HookTestSuite) doTestHooksPrePostDeploy(name string, hooks string) {
+	p := s.prepareHookTestProject(name, hooks, "")
 	defer p.cleanup()
-	addConfigMap(p, "hook", resourceOpts{name: "cm2", namespace: p.projectName})
-	ensureHookExecuted(t, p, k)
-	assertHookResultNotCMName(t, p, k, false, "cm1")
-	assertHookResultNotCMName(t, p, k, false, "cm2")
-	assertHookResultCMName(t, p, k, true, "cm1")
-	assertHookResultCMName(t, p, k, true, "cm2")
-
-	ensureHookExecuted(t, p, k)
-	assertHookResultCMName(t, p, k, false, "cm1")
-	assertHookResultNotCMName(t, p, k, false, "cm2")
-	assertHookResultCMName(t, p, k, true, "cm1")
-	assertHookResultCMName(t, p, k, true, "cm2")
+	s.ensureHookExecuted(p, "hook1", "cm1", "hook1")
+	s.ensureHookExecuted(p, "hook1", "cm1", "hook1")
 }
 
-func TestHooksPreDeploy(t *testing.T) {
-	t.Parallel()
-	doTestHooksPreDeploy(t, "pre-deploy", "pre-deploy")
+func (s *HookTestSuite) TestHooksPreDeploy() {
+	s.doTestHooksPreDeploy("pre-deploy", "pre-deploy")
 }
 
-func TestHooksPreDeploy2(t *testing.T) {
-	t.Parallel()
+func (s *HookTestSuite) TestHooksPreDeploy2() {
 	// same as pre-deploy
-	doTestHooksPreDeploy(t, "pre-deploy2", "pre-deploy-initial,pre-deploy-upgrade")
+	s.doTestHooksPreDeploy("pre-deploy2", "pre-deploy-initial,pre-deploy-upgrade")
 }
 
-func TestHooksPostDeploy(t *testing.T) {
-	t.Parallel()
-	doTestHooksPostDeploy(t, "post-deploy", "post-deploy")
+func (s *HookTestSuite) TestHooksPostDeploy() {
+	s.doTestHooksPostDeploy("post-deploy", "post-deploy")
 }
 
-func TestHooksPostDeploy2(t *testing.T) {
-	t.Parallel()
+func (s *HookTestSuite) TestHooksPostDeploy2() {
 	// same as post-deploy
-	doTestHooksPostDeploy(t, "post-deploy2", "post-deploy-initial,post-deploy-upgrade")
+	s.doTestHooksPostDeploy("post-deploy2", "post-deploy-initial,post-deploy-upgrade")
 }
 
-func TestHooksPrePostDeploy(t *testing.T) {
-	t.Parallel()
-	doTestHooksPrePostDeploy(t, "pre-post-deploy", "pre-deploy,post-deploy")
+func (s *HookTestSuite) TestHooksPrePostDeploy() {
+	s.doTestHooksPrePostDeploy("pre-post-deploy", "pre-deploy,post-deploy")
 }
 
-func TestHooksPrePostDeploy2(t *testing.T) {
-	t.Parallel()
-	doTestHooksPrePostDeploy(t, "pre-post-deploy2", "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
+func (s *HookTestSuite) TestHooksPrePostDeploy2() {
+	s.doTestHooksPrePostDeploy("pre-post-deploy2", "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
 }

From 3cab5788e1ce77caa7c5523166ba617700169628 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Sep 2022 23:36:48 +0200
Subject: [PATCH 0393/2268] fix: Use background instead of forground deletion

---
 pkg/k8s/k8s_cluster.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index f8e8a07a7..1656e080d 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -236,7 +236,7 @@ type DeleteOptions struct {
 func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions) ([]ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
 
-	pp := v1.DeletePropagationForeground
+	pp := v1.DeletePropagationBackground
 	o := v1.DeleteOptions{
 		PropagationPolicy: &pp,
 	}

From c320b15d4314514af78da85ff1da81ce3579d40e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 15:13:48 +0200
Subject: [PATCH 0394/2268] tests: Simplify sealing tests and remove the need
 to install a real sealed-secrets controller

---
 e2e/default_clusters.go                |   1 -
 e2e/project.go                         |  13 +-
 e2e/seal_test.go                       | 377 ++++++++++++++-----------
 e2e/test_resources/README.md           |   6 -
 e2e/test_resources/vault-values.yaml   |  10 -
 e2e/test_resources/vault.yaml          | 235 ---------------
 e2e/utils_resources.go                 |  95 -------
 go.mod                                 |   7 +-
 go.sum                                 |   2 +
 internal/test-utils/envtest_cluster.go |   8 +-
 pkg/k8s/k8s_cluster.go                 |  42 ++-
 pkg/seal/fetch_cert.go                 |  11 +
 pkg/seal/sealer.go                     |  10 +-
 13 files changed, 294 insertions(+), 523 deletions(-)
 delete mode 100644 e2e/test_resources/vault-values.yaml
 delete mode 100644 e2e/test_resources/vault.yaml

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index b65f26b6d..3d0f10fd8 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -7,7 +7,6 @@ import (
 
 var defaultCluster1 = test_utils.CreateEnvTestCluster("cluster1")
 var defaultCluster2 = test_utils.CreateEnvTestCluster("cluster2")
-var defaultKindCluster1VaultPort, defaultKindCluster2VaultPort int
 
 func init() {
 	var wg sync.WaitGroup
diff --git a/e2e/project.go b/e2e/project.go
index 39996fa5b..e106c795a 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -2,13 +2,6 @@ package e2e
 
 import (
 	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"reflect"
-	"strings"
-	"testing"
-
 	"github.com/go-git/go-git/v5"
 	"github.com/imdario/mergo"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
@@ -16,6 +9,12 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"testing"
 )
 
 type testProject struct {
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index f74a7544a..531fef2c1 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -1,82 +1,154 @@
 package e2e
 
 import (
-	"encoding/base64"
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
+	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
-	"io/ioutil"
+	"github.com/stretchr/testify/suite"
+	certUtil "k8s.io/client-go/util/cert"
+	"k8s.io/client-go/util/keyutil"
+	"net"
 	"net/http"
-	"net/url"
+	"net/http/httptest"
 	"path/filepath"
-	"strings"
-	"sync"
 	"testing"
 	"time"
 )
 
-func installSealedSecretsOperator(k *test_utils.EnvTestCluster) {
-	test_resources.ApplyYaml("sealed-secrets.yaml", k)
+type SealedSecretsTestSuite struct {
+	suite.Suite
+
+	k  *test_utils.EnvTestCluster
+	k2 *test_utils.EnvTestCluster
+
+	certServer1 *certServer
+	certServer2 *certServer
 }
 
-func waitForSealedSecretsOperator(t *testing.T, k *test_utils.EnvTestCluster) {
-	waitForReadiness(t, k, "kube-system", "deployment/sealed-secrets-controller", 5*time.Minute)
+type certServer struct {
+	server   http.Server
+	url      string
+	certHash string
 }
 
-func deleteSealedSecretsOperator(k *test_utils.EnvTestCluster) {
-	test_resources.DeleteYaml("sealed-secrets.yaml", k)
-	_, _, _ = k.Kubectl("-n", "kube-system", "delete", "secret", "-l", "sealedsecrets.bitnami.com/sealed-secrets-key", "--wait")
-	_, _, _ = k.Kubectl("-n", "kube-system", "delete", "configmap", "sealed-secrets-key-kluctl-bootstrap", "--wait")
+func TestSealedSecrets(t *testing.T) {
+	suite.Run(t, &SealedSecretsTestSuite{})
 }
 
-func installVault(k *test_utils.EnvTestCluster) {
-	_, _, _ = k.Kubectl("create", "ns", "vault")
-	test_resources.ApplyYaml("vault.yaml", k)
+func (s *SealedSecretsTestSuite) SetupSuite() {
+	s.k = defaultCluster1
+	s.k2 = defaultCluster2
+
+	test_resources.ApplyYaml("sealed-secrets.yaml", s.k)
+	test_resources.ApplyYaml("sealed-secrets.yaml", s.k2)
+
+	var err error
+	s.certServer1, err = s.startCertServer()
+	if err != nil {
+		s.T().Fatal(err)
+	}
+	s.certServer2, err = s.startCertServer()
+	if err != nil {
+		s.T().Fatal(err)
+	}
 }
 
-func waitForVault(t *testing.T, k *test_utils.EnvTestCluster) {
-	waitForReadiness(t, k, "vault", "statefulset/vault", 5*time.Minute)
+func (s *SealedSecretsTestSuite) TearDownSuite() {
+	s.k = nil
+	s.k2 = nil
+
+	if s.certServer1 != nil {
+		s.certServer1.server.Close()
+	}
+	if s.certServer2 != nil {
+		s.certServer2.server.Close()
+	}
+	s.certServer1 = nil
+	s.certServer2 = nil
 }
 
-func init() {
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		defer wg.Done()
-		installSealedSecretsOperator(defaultCluster1)
-		installVault(defaultCluster1)
-	}()
+func (s *SealedSecretsTestSuite) startCertServer() (*certServer, error) {
+	key, cert, err := crypto.GeneratePrivateKeyAndCert(2048, 10*365*24*time.Hour, "tests.kluctl.io")
+	if err != nil {
+		return nil, err
+	}
+
+	certbytes := []byte{}
+	certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
+	keybytes := pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)})
+	_ = keybytes
+	l, err := net.Listen("tcp", "")
+	if err != nil {
+		return nil, err
+	}
+
+	mux := http.NewServeMux()
+	mux.Handle("/v1/cert.pem", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/x-pem-file")
+		_, _ = w.Write(certbytes)
+	}))
+
+	certUrl := fmt.Sprintf("http://localhost:%d", l.Addr().(*net.TCPAddr).Port)
+
+	var cs certServer
+	cs.url = certUrl
+	cs.server.Handler = mux
+	cs.certHash, err = seal.HashPublicKey(cert)
+	if err != nil {
+		return nil, err
+	}
+
 	go func() {
-		defer wg.Done()
-		installSealedSecretsOperator(defaultCluster2)
+		_ = cs.server.Serve(l)
 	}()
-	wg.Wait()
+
+	return &cs, nil
+}
+
+func (s *SealedSecretsTestSuite) addProxyVars(p *testProject) {
+	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
+		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
+		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
+		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME=%s", idx, "sealed-secrets-controller"))
+		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT=%s", idx, "http"))
+		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL=%s", idx, cs.url))
+	}
+	f(0, s.k, s.certServer1)
+	f(1, s.k2, s.certServer2)
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject) *testProject {
+func (s *SealedSecretsTestSuite) prepareSealTest(k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
 	p := &testProject{}
-	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
+	p.init(s.T(), k, fmt.Sprintf("seal-%s", namespace))
+	if proxy {
+		s.addProxyVars(p)
+	}
 
-	createNamespace(t, k, namespace)
+	createNamespace(s.T(), k, namespace)
 
-	addSecretsSet(p, "test", varsSources)
-	addSecretsSetToTarget(p, "test-target", "test")
+	s.addSecretsSet(p, "test", varsSources)
+	s.addSecretsSetToTarget(p, "test-target", "test")
 
 	addSecretDeployment(p, "secret-deployment", secrets, true, resourceOpts{name: "secret", namespace: namespace})
 
 	return p
 }
 
-func addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
+func (s *SealedSecretsTestSuite) addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
 	p.updateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
 		_ = secretSet.SetNestedField(varsSources, "vars")
 	})
 }
 
-func addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
+func (s *SealedSecretsTestSuite) addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
 	p.updateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
@@ -84,23 +156,37 @@ func addSecretsSetToTarget(p *testProject, targetName string, secretSetName stri
 	})
 }
 
-func assertDecryptedSecrets(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secretName string, expectedSecrets map[string]string) {
-	s := k.KubectlYamlMust(t, "-n", namespace, "get", "secret", secretName)
+func (s *SealedSecretsTestSuite) assertSealedSecret(k *test_utils.EnvTestCluster, namespace string, secretName string, expectedCertHash string, expectedSecrets map[string]string) {
+	y := k.KubectlYamlMust(s.T(), "-n", namespace, "get", "sealedsecret", secretName)
+
+	h1 := y.GetK8sAnnotation("kluctl.io/sealedsecret-cert-hash")
+	if h1 == nil {
+		s.T().Fatal("kluctl.io/sealedsecret-cert-hash annotation not found")
+	}
+	s.Assertions.Equal(expectedCertHash, *h1)
+
+	hashesStr := y.GetK8sAnnotation("kluctl.io/sealedsecret-hashes")
+	if hashesStr == nil {
+		s.T().Fatal("kluctl.io/sealedsecret-hashes annotation not found")
+	}
+	hashes, err := uo.FromString(*hashesStr)
+	if err != nil {
+		s.T().Fatal(err)
+	}
 
-	for key, value := range expectedSecrets {
-		x, _, _ := s.GetNestedString("data", key)
-		decoded, _ := base64.StdEncoding.DecodeString(x)
-		assert.Equal(t, value, string(decoded))
+	expectedHashes := map[string]any{}
+	for k, v := range expectedSecrets {
+		expectedHashes[k] = seal.HashSecret(k, []byte(v), secretName, namespace, "strict")
 	}
+
+	s.Assertions.Equal(expectedHashes, hashes.Object)
 }
 
-func TestSeal_WithOperator(t *testing.T) {
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_WithOperator() {
+	k := s.k
 	namespace := "seal-with-operator"
 
-	waitForSealedSecretsOperator(t, k)
-
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -112,34 +198,29 @@ func TestSeal_WithOperator(t *testing.T) {
 					"s2": "v2",
 				},
 			}),
-		},
-	)
+		}, true)
 	defer p.cleanup()
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
-
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func TestSeal_WithBootstrap(t *testing.T) {
-	k := defaultCluster2
+func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
+	k := s.k
 	namespace := "seal-with-bootstrap"
 
-	// we still wait for it to be ready before we then delete it
-	// this way it's pre-pulled and pre-warmed when we later start it
-	waitForSealedSecretsOperator(t, k)
-	deleteSealedSecretsOperator(k)
+	// deleting the crd causes kluctl to not recognize the operator, so it will do a bootstrap
+	k.KubectlMust(s.T(), "delete", "crd", "sealedsecrets.bitnami.com")
 
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -151,36 +232,40 @@ func TestSeal_WithBootstrap(t *testing.T) {
 					"s2": "v2",
 				},
 			}),
-		},
-	)
+		}, false)
+
 	defer p.cleanup()
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	installSealedSecretsOperator(k)
-	waitForSealedSecretsOperator(t, k)
+	test_resources.ApplyYaml("sealed-secrets.yaml", k)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	pkCm := k.KubectlYamlMust(s.T(), "-n", "kube-system", "get", "cm", "sealed-secrets-key-kluctl-bootstrap")
+	certBytes, ok, _ := pkCm.GetNestedString("data", "tls.crt")
+	s.Assertions.True(ok)
+
+	cert, err := seal.ParseCert([]byte(certBytes))
+	s.Assertions.NoError(err)
+
+	certHash, err := seal.HashPublicKey(cert)
+	s.Assertions.NoError(err)
+
+	s.assertSealedSecret(k, namespace, "secret", certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func TestSeal_MultipleVarSources(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_MultipleVarSources() {
+	k := s.k
 	namespace := "seal-multiple-vs"
 
-	waitForSealedSecretsOperator(t, k)
-
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -196,33 +281,27 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 					"s2": "v2",
 				},
 			}),
-		},
-	)
+		}, true)
 	defer p.cleanup()
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func TestSeal_MultipleSecretSets(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_MultipleSecretSets() {
+	k := s.k
 	namespace := "seal-multiple-ss"
 
-	waitForSealedSecretsOperator(t, k)
-
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -233,41 +312,37 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 					"s1": "v1",
 				},
 			}),
-		},
-	)
+		}, true)
+
 	defer p.cleanup()
 
-	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+	s.addSecretsSet(p, "test2", []*uo.UnstructuredObject{
 		uo.FromMap(map[string]interface{}{
 			"values": map[string]interface{}{
 				"s2": "v2",
 			},
 		}),
 	})
-	addSecretsSetToTarget(p, "test-target", "test2")
+	s.addSecretsSetToTarget(p, "test-target", "test2")
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func TestSeal_MultipleTargets(t *testing.T) {
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_MultipleTargets() {
+	k := s.k
 	namespace := "seal-multiple-targets"
 
-	waitForSealedSecretsOperator(t, k)
-	waitForSealedSecretsOperator(t, defaultCluster2)
-
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -279,11 +354,10 @@ func TestSeal_MultipleTargets(t *testing.T) {
 					"s2": "v2",
 				},
 			}),
-		},
-	)
+		}, true)
 	defer p.cleanup()
 
-	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+	s.addSecretsSet(p, "test2", []*uo.UnstructuredObject{
 		uo.FromMap(map[string]interface{}{
 			"values": map[string]interface{}{
 				"s1": "v3",
@@ -291,48 +365,42 @@ func TestSeal_MultipleTargets(t *testing.T) {
 			},
 		}),
 	})
-	addSecretsSetToTarget(p, "test-target2", "test2")
+	s.addSecretsSetToTarget(p, "test-target2", "test2")
 
-	p.mergeKubeconfig(defaultCluster2)
-	createNamespace(t, defaultCluster2, namespace)
+	p.mergeKubeconfig(s.k2)
+	createNamespace(s.T(), s.k2, namespace)
 	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultCluster1.Context, "context")
+		_ = target.SetNestedField(s.k.Context, "context")
 	})
 	p.updateTarget("test-target2", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultCluster2.Context, "context")
+		_ = target.SetNestedField(s.k2.Context, "context")
 	})
 
 	p.KluctlMust("seal", "-t", "test-target")
 	p.KluctlMust("seal", "-t", "test-target2")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
-	waitForReadiness(t, defaultCluster2, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, defaultCluster2, namespace, "secret", map[string]string{
+	s.assertSealedSecret(s.k2, namespace, "secret", s.certServer2.certHash, map[string]string{
 		"s1": "v3",
 		"s2": "v4",
 	})
 }
 
-func TestSeal_File(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_File() {
+	k := s.k
 	namespace := "seal-file"
 
-	waitForSealedSecretsOperator(t, k)
-
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -341,8 +409,7 @@ func TestSeal_File(t *testing.T) {
 			uo.FromMap(map[string]interface{}{
 				"file": utils.StrPtr("secret-values.yaml"),
 			}),
-		},
-	)
+		}, true)
 	defer p.cleanup()
 
 	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), "secret-values.yaml", func(o *uo.UnstructuredObject) error {
@@ -358,50 +425,44 @@ func TestSeal_File(t *testing.T) {
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func TestSeal_Vault(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
+func (s *SealedSecretsTestSuite) TestSeal_Vault() {
+	k := s.k
 	namespace := "seal-vault"
 
-	waitForSealedSecretsOperator(t, k)
-	waitForVault(t, k)
-
-	u, err := url.Parse(defaultCluster1.RESTConfig().Host)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	vaultUrl := fmt.Sprintf("http://%s:%d", u.Hostname(), defaultKindCluster1VaultPort)
+	server := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		if request.URL.Path != "/v1/secret/data/secret" {
+			http.NotFound(writer, request)
+			return
+		}
+		o := uo.FromMap(map[string]interface{}{
+			"data": map[string]interface{}{
+				"data": map[string]interface{}{
+					"secrets": map[string]interface{}{
+						"s1": "v1",
+						"s2": "v2",
+					},
+				},
+			},
+		})
+		s, _ := yaml.WriteJsonString(o)
+		writer.Header().Set("Content-Type", "application/json")
+		_, _ = writer.Write([]byte(s))
+	}))
+	defer server.Close()
 
-	req, err := http.NewRequest("POST", fmt.Sprintf("%s/v1/secret/data/secret", vaultUrl), strings.NewReader(`{"data": {"secrets":{"s1":"v1","s2":"v2"}}}`))
-	if err != nil {
-		t.Fatal(err)
-	}
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-Vault-Token", "root")
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != http.StatusOK {
-		body, _ := ioutil.ReadAll(resp.Body)
-		t.Fatalf("vault response status %d, body=%s", resp.StatusCode, string(body))
-	}
+	vaultUrl := server.URL
 
-	p := prepareSealTest(t, k, namespace,
+	p := s.prepareSealTest(k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -413,20 +474,18 @@ func TestSeal_Vault(t *testing.T) {
 					"path":    "secret/data/secret",
 				},
 			}),
-		},
-	)
+		}, true)
 	defer p.cleanup()
 
 	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	waitForReadiness(t, k, namespace, "secret/secret", 1*time.Minute)
-	assertDecryptedSecrets(t, k, namespace, "secret", map[string]string{
+	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
index a95af0258..742fd70c2 100644
--- a/e2e/test_resources/README.md
+++ b/e2e/test_resources/README.md
@@ -4,12 +4,6 @@ helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
 helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds --skip-tests > sealed-secrets.yaml
 ```
 
-# vault.yaml
-```bash
-helm repo add hashicorp https://helm.releases.hashicorp.com
-helm template vault hashicorp/vault -n vault -f vault-values.yaml --include-crds --skip-tests > vault.yaml
-```
-
 # kluctl-crds.yaml
 Fetches flux-kluctl-controller crd definitions
 ```bash
diff --git a/e2e/test_resources/vault-values.yaml b/e2e/test_resources/vault-values.yaml
deleted file mode 100644
index 1934c072a..000000000
--- a/e2e/test_resources/vault-values.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-server:
-  # Must be RollingUpdate as otherwise it's reported as ready much too early
-  updateStrategyType: RollingUpdate
-  dev:
-    enabled: true
-  service:
-    type: NodePort
-    nodePort: 30000
-injector:
-  enabled: false
diff --git a/e2e/test_resources/vault.yaml b/e2e/test_resources/vault.yaml
deleted file mode 100644
index 13e65b084..000000000
--- a/e2e/test_resources/vault.yaml
+++ /dev/null
@@ -1,235 +0,0 @@
----
-# Source: vault/templates/server-serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
-  namespace: vault
-  labels:
-    helm.sh/chart: vault-0.20.1
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    app.kubernetes.io/managed-by: Helm
----
-# Source: vault/templates/server-clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: vault-server-binding
-  labels:
-    helm.sh/chart: vault-0.20.1
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: vault
-  namespace: vault
----
-# Source: vault/templates/server-headless-service.yaml
-# Service for Vault cluster
-apiVersion: v1
-kind: Service
-metadata:
-  name: vault-internal
-  namespace: vault
-  labels:
-    helm.sh/chart: vault-0.20.1
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-
-spec:
-  clusterIP: None
-  publishNotReadyAddresses: true
-  ports:
-    - name: "http"
-      port: 8200
-      targetPort: 8200
-    - name: https-internal
-      port: 8201
-      targetPort: 8201
-  selector:
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    component: server
----
-# Source: vault/templates/server-service.yaml
-# Service for Vault cluster
-apiVersion: v1
-kind: Service
-metadata:
-  name: vault
-  namespace: vault
-  labels:
-    helm.sh/chart: vault-0.20.1
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-
-spec:
-  type: NodePort
-  externalTrafficPolicy: Cluster
-  # We want the servers to become available even if they're not ready
-  # since this DNS is also used for join operations.
-  publishNotReadyAddresses: true
-  ports:
-    - name: http
-      port: 8200
-      targetPort: 8200
-      nodePort: 30000
-    - name: https-internal
-      port: 8201
-      targetPort: 8201
-  selector:
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    component: server
----
-# Source: vault/templates/server-statefulset.yaml
-# StatefulSet to run the actual vault server cluster.
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: vault
-  namespace: vault
-  labels:
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/instance: vault
-    app.kubernetes.io/managed-by: Helm
-spec:
-  serviceName: vault-internal
-  podManagementPolicy: Parallel
-  replicas: 1
-  updateStrategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: vault
-      app.kubernetes.io/instance: vault
-      component: server
-  template:
-    metadata:
-      labels:
-        helm.sh/chart: vault-0.20.1
-        app.kubernetes.io/name: vault
-        app.kubernetes.io/instance: vault
-        component: server
-    spec:
-      
-      
-      
-      
-      terminationGracePeriodSeconds: 10
-      serviceAccountName: vault
-      
-      securityContext:
-        runAsNonRoot: true
-        runAsGroup: 1000
-        runAsUser: 100
-        fsGroup: 1000
-      volumes:
-        
-        - name: home
-          emptyDir: {}
-      containers:
-        - name: vault
-          
-          image: hashicorp/vault:1.10.3
-          imagePullPolicy: IfNotPresent
-          command:
-          - "/bin/sh"
-          - "-ec"
-          args: 
-          - |
-            /usr/local/bin/docker-entrypoint.sh vault server -dev 
-  
-          securityContext:
-            allowPrivilegeEscalation: false
-          env:
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: VAULT_K8S_POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: VAULT_K8S_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: VAULT_ADDR
-              value: "http://127.0.0.1:8200"
-            - name: VAULT_API_ADDR
-              value: "http://$(POD_IP):8200"
-            - name: SKIP_CHOWN
-              value: "true"
-            - name: SKIP_SETCAP
-              value: "true"
-            - name: HOSTNAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: VAULT_CLUSTER_ADDR
-              value: "https://$(HOSTNAME).vault-internal:8201"
-            - name: HOME
-              value: "/home/vault"
-            
-            - name: VAULT_DEV_ROOT_TOKEN_ID
-              value: root
-            - name: VAULT_DEV_LISTEN_ADDRESS
-              value: "[::]:8200"
-  
-            
-            
-          volumeMounts:
-          
-  
-  
-            - name: home
-              mountPath: /home/vault
-          ports:
-            - containerPort: 8200
-              name: http
-            - containerPort: 8201
-              name: https-internal
-            - containerPort: 8202
-              name: http-rep
-          readinessProbe:
-            # Check status; unsealed vault servers return 0
-            # The exit code reflects the seal status:
-            #   0 - unsealed
-            #   1 - error
-            #   2 - sealed
-            exec:
-              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
-            failureThreshold: 2
-            initialDelaySeconds: 5
-            periodSeconds: 5
-            successThreshold: 1
-            timeoutSeconds: 3
-          lifecycle:
-            # Vault container doesn't receive SIGTERM from Kubernetes
-            # and after the grace period ends, Kube sends SIGKILL.  This
-            # causes issues with graceful shutdowns such as deregistering itself
-            # from Consul (zombie services).
-            preStop:
-              exec:
-                command: [
-                  "/bin/sh", "-c",
-                  # Adding a sleep here to give the pod eviction a
-                  # chance to propagate, so requests will not be made
-                  # to this pod while it's terminating
-                  "sleep 5 && kill -SIGTERM $(pidof vault)",
-                ]
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index e6f9e4a20..38ebbde01 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -73,98 +73,3 @@ func addSecretDeployment(p *testProject, dir string, data map[string]string, sea
 		{fname, fname + ".sealme", o},
 	}, opts.tags)
 }
-
-func addDeploymentHelper(p *testProject, dir string, o *uo.UnstructuredObject, opts resourceOpts) {
-	rbac := renderTemplateObjectHelper(podRbacTemplate, map[string]interface{}{
-		"name":      o.GetK8sName(),
-		"namespace": o.GetK8sNamespace(),
-	})
-	for _, x := range rbac {
-		mergeMetadata(x, opts)
-	}
-	mergeMetadata(o, opts)
-
-	resources := []kustomizeResource{
-		{"rbac.yml", "", rbac},
-		{"deploy.yml", "", o},
-	}
-
-	p.addKustomizeDeployment(dir, resources, opts.tags)
-}
-
-func addJobDeployment(p *testProject, dir string, opts resourceOpts, image string, command []string, args []string) {
-	o := renderTemplateObjectHelper(jobTemplate, map[string]interface{}{
-		"name":      opts.name,
-		"namespace": opts.namespace,
-		"image":     image,
-	})
-	o[0].SetNestedField(command, "spec", "template", "spec", "containers", 0, "command")
-	o[0].SetNestedField(args, "spec", "template", "spec", "containers", 0, "args")
-	addDeploymentHelper(p, dir, o[0], opts)
-}
-
-const podRbacTemplate = `
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .name }}
-  namespace: {{ .namespace }}
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: "{{ .name }}"
-  namespace: "{{ .namespace }}"
-subjects:
-- kind: ServiceAccount
-  name: "{{ .name }}"
-  namespace: "{{ .namespace }}"
-roleRef:
-  kind: ClusterRole
-  name: "cluster-admin"
-  apiGroup: rbac.authorization.k8s.io
-`
-
-const deploymentTemplate = `
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .name }}
-  namespace: {{ .namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .name }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .name }}
-    spec:
-      terminationGracePeriodSeconds: 0
-      serviceAccountName: {{ .name }}
-      containers:
-        - image: {{ .image }}
-          imagePullPolicy: IfNotPresent
-          name: container
-`
-
-const jobTemplate = `
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ .name }}
-  namespace: {{ .namespace }}
-spec:
-  template:
-    spec:
-      terminationGracePeriodSeconds: 0
-      restartPolicy: OnFailure
-      serviceAccountName: {{ .name }}
-      containers:
-        - image: {{ .image }}
-          imagePullPolicy: IfNotPresent
-          name: container
-`
diff --git a/go.mod b/go.mod
index 5a7fa1316..57771f841 100644
--- a/go.mod
+++ b/go.mod
@@ -58,7 +58,10 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
-require sigs.k8s.io/controller-runtime v0.13.0
+require (
+	github.com/go-logr/logr v1.2.3
+	sigs.k8s.io/controller-runtime v0.13.0
+)
 
 require (
 	cloud.google.com/go/compute v1.10.0 // indirect
@@ -104,7 +107,6 @@ require (
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.0.2 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -202,6 +204,7 @@ require (
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/tools v0.1.12 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc // indirect
 	google.golang.org/grpc v1.49.0 // indirect
diff --git a/go.sum b/go.sum
index c5651ad7a..4249e8b49 100644
--- a/go.sum
+++ b/go.sum
@@ -202,6 +202,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
@@ -1097,6 +1098,7 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
+gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index 7683f8079..5bfd6100a 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -53,6 +53,8 @@ func (k *EnvTestCluster) Start() error {
 	}
 	k.user = user
 
+	k.config = user.Config()
+
 	kcfg, err := user.KubeConfig()
 	if err != nil {
 		return err
@@ -113,7 +115,11 @@ func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
 func (c *EnvTestCluster) KubectlMust(t *testing.T, args ...string) string {
 	stdout, stderr, err := c.Kubectl(args...)
 	if err != nil {
-		t.Fatalf("%v, stderr=%s\n", err, stderr)
+		if t != nil {
+			t.Fatalf("%v, stderr=%s\n", err, stderr)
+		} else {
+			panic(fmt.Sprintf("%v, stderr=%s\n", err, stderr))
+		}
 	}
 	return stdout
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 1656e080d..751664902 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -5,6 +5,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/http"
+	"strings"
 	"sync"
 	"time"
 
@@ -460,9 +462,47 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	return result, apiWarnings, err
 }
 
+// envtestProxyGet checks the environment variables KLUCTL_K8S_SERVICE_PROXY_XXX to enable testing of proxy requests with envtest
+func (k *K8sCluster) envtestProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
+	for _, m := range utils.ParseEnvConfigSets("KLUCTL_K8S_SERVICE_PROXY") {
+		envApiHost := strings.TrimSuffix(m["API_HOST"], "/")
+		envNamespace := m["SERVICE_NAMESPACE"]
+		envName := m["SERVICE_NAME"]
+		envPort := m["SERVICE_PORT"]
+		envUrl := m["LOCAL_URL"]
+
+		apiHost := strings.TrimSuffix(k.clientFactory.RESTConfig().Host, "/")
+
+		if envApiHost != apiHost || envNamespace != namespace || envName != name || port != envPort {
+			continue
+		}
+
+		status.Trace(k.ctx, "envtestProxyGet apiHost=%s, ns=%s, name=%s, port=%s, path=%s, envUrl=%s", apiHost, namespace, name, port, path, envUrl)
+
+		envUrl = fmt.Sprintf("%s%s", envUrl, path)
+		resp, err := http.Get(envUrl)
+		if err != nil {
+			return nil, err
+		}
+		if resp.StatusCode < 200 || resp.StatusCode > 299 {
+			return nil, fmt.Errorf("http get returned status %d: %s", resp.StatusCode, resp.Status)
+		}
+		return resp.Body, nil
+	}
+	return nil, nil
+}
+
 func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
+	stream, err := k.envtestProxyGet(scheme, namespace, name, port, path, params)
+	if err != nil {
+		return nil, err
+	}
+	if stream != nil {
+		return stream, nil
+	}
+
 	var ret rest.ResponseWrapper
-	_, err := k.clients.withClientFromPool(func(p *parallelClientEntry) error {
+	_, err = k.clients.withClientFromPool(func(p *parallelClientEntry) error {
 		ret = p.corev1.Services(namespace).ProxyGet(scheme, name, port, path, params)
 		return nil
 	})
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 07fd5e7c0..5c1c28963 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -2,7 +2,9 @@ package seal
 
 import (
 	"context"
+	"crypto/sha256"
 	"crypto/x509"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -105,3 +107,12 @@ func ParseCert(data []byte) (*x509.Certificate, error) {
 
 	return certs[0], nil
 }
+
+func HashPublicKey(cert *x509.Certificate) (string, error) {
+	pkBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
+	if err != nil {
+		return "", err
+	}
+	h := sha256.Sum256(pkBytes)
+	return hex.EncodeToString(h[:]), nil
+}
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 268009cc6..e821f2e99 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
@@ -46,17 +45,16 @@ func NewSealer(ctx context.Context, cert *x509.Certificate, forceReseal bool) (*
 	}
 	s.pubKey = pk
 
-	pkBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
+	var err error
+	s.certHash, err = HashPublicKey(cert)
 	if err != nil {
 		return nil, err
 	}
-	h := sha256.Sum256(pkBytes)
-	s.certHash = hex.EncodeToString(h[:])
 
 	return s, nil
 }
 
-func (s *Sealer) doHash(key string, secret []byte, secretName string, secretNamespace string, scope string) string {
+func HashSecret(key string, secret []byte, secretName string, secretNamespace string, scope string) string {
 	if secretNamespace == "" {
 		secretNamespace = "*"
 	}
@@ -220,7 +218,7 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	}
 
 	for k, v := range secrets {
-		hash := s.doHash(k, v, secretName, secretNamespace, *scope)
+		hash := HashSecret(k, v, secretName, secretNamespace, *scope)
 		existingHash, _, _ := existingHashes.GetNestedString(k)
 
 		doEncrypt := resealAll

From 7d1f28804e43dacd0f8b5dbd13c2cc87ffb18b06 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 15:20:44 +0200
Subject: [PATCH 0395/2268] chore: Fix exclusion of e2e tests from "make
 test-unit"

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 7d7c482d2..f4f6b06d0 100644
--- a/Makefile
+++ b/Makefile
@@ -71,7 +71,7 @@ ifeq ($(EXPORT_RESULT), true)
 	GO111MODULE=off $(GOCMD) get -u github.com/jstemmer/go-junit-report
 	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > reports/test-unit/junit-report.xml)
 endif
-	$(GOTEST) -v -race $(shell go list ./... | grep -v /e2e/) $(OUTPUT_OPTIONS)
+	$(GOTEST) -v -race $(shell go list ./... | grep -v 'v2/e2e') $(OUTPUT_OPTIONS)
 
 coverage-unit: ## Run the unit tests of the project and export the coverage
 	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/)

From b042dd909492ef42c6212afe9b9b9c6d08b457d8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 16:28:41 +0200
Subject: [PATCH 0396/2268] chore: Enable verbose e2e tests

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f4f6b06d0..82f7d3504 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,7 @@ test: test-unit test-e2e ## Runs the complete test suite
 
 KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
 test-e2e: install-envtest ## Runs the end to end tests
-	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e -test.v
 
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)

From 6fa34a316782b4509c72999a911c1a8dd2c9e11a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 17:27:11 +0200
Subject: [PATCH 0397/2268] tests: Paralellize a few tests

---
 e2e/hooks_test.go | 1 +
 e2e/seal_test.go  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index f860553ed..347ef2cf8 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -20,6 +20,7 @@ type HookTestSuite struct {
 }
 
 func TestHooks(t *testing.T) {
+	t.Parallel()
 	suite.Run(t, &HookTestSuite{})
 }
 
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 531fef2c1..a06c03156 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -40,6 +40,7 @@ type certServer struct {
 }
 
 func TestSealedSecrets(t *testing.T) {
+	t.Parallel()
 	suite.Run(t, &SealedSecretsTestSuite{})
 }
 

From 44982e64a4a974aa27b3ff5f5250043c7f992521 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 17:27:14 +0200
Subject: [PATCH 0398/2268] chore: Download kubebuilder-tools for windows from
 kubebuilder-tools-releases-windows repo

---
 Makefile | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 82f7d3504..446ffbcf9 100644
--- a/Makefile
+++ b/Makefile
@@ -52,11 +52,21 @@ setup-envtest: ## Download envtest-setup locally if necessary.
 	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
 # Download the envtest binaries to testbin
+ENVTEST_KUBERNETES_VERSION?=1.25.0
 ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin
-ENVTEST_KUBERNETES_VERSION?=latest
+
+ifeq ($(OS),Windows_NT)
+ENVTEST_ASSETS_DIR_WINDOWS=$(ENVTEST_ASSETS_DIR)/k8s/$(ENVTEST_KUBERNETES_VERSION)-windows-amd64
+install-envtest: setup-envtest $(ENVTEST_ASSETS_DIR_WINDOWS)/etcd.exe
+$(ENVTEST_ASSETS_DIR_WINDOWS)/etcd.exe:
+	mkdir -p $(ENVTEST_ASSETS_DIR_WINDOWS)
+	curl -o $(ENVTEST_ASSETS_DIR_WINDOWS)/kubebuilder-tools.tar.gz "https://raw.githubusercontent.com/kluctl/kubebuilder-tools-releases-windows/main/releases/kubebuilder-tools-$(ENVTEST_KUBERNETES_VERSION)_windows_amd64.tar.gz"
+	cd $(ENVTEST_ASSETS_DIR_WINDOWS) && tar xzf kubebuilder-tools.tar.gz && mv kubebuilder/bin/* .
+	rm $(ENVTEST_ASSETS_DIR_WINDOWS)/kubebuilder-tools.tar.gz
+else
 install-envtest: setup-envtest
-	mkdir -p ${ENVTEST_ASSETS_DIR}
 	$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)
+endif
 
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite

From 53bd717555dc314bb0307056433d7c0e05f583fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 15:25:55 +0200
Subject: [PATCH 0399/2268] ci: Stop using zerotier in CI and instead rely on
 envtest based tests (no docker)

---
 .github/workflows/tests.yml        | 199 ++++-------------------------
 Makefile                           |   3 +
 hack/zerotier-create-network.sh    |  29 -----
 hack/zerotier-delete-network.sh    |  16 ---
 hack/zerotier-join-network.sh      |  28 ----
 hack/zerotier-setup-docker-host.sh |  29 -----
 6 files changed, 28 insertions(+), 276 deletions(-)
 delete mode 100755 hack/zerotier-create-network.sh
 delete mode 100755 hack/zerotier-delete-network.sh
 delete mode 100755 hack/zerotier-join-network.sh
 delete mode 100755 hack/zerotier-setup-docker-host.sh

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index fad114c1a..b26c3e618 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -21,9 +21,9 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: build-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go-
+            build-go-${{ runner.os }}-
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v
@@ -66,64 +66,7 @@ jobs:
             e2e.test-darwin-amd64
             e2e.test-windows-amd64.exe
 
-  docker-host:
-    if: "!startsWith(github.ref, 'refs/tags/')"
-    runs-on: ubuntu-20.04
-    needs:
-      - build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install zerotier
-        run: |
-          sudo apt update
-          sudo apt install -y gpg jq
-          curl -s https://install.zerotier.com | sudo bash
-      - name: Setup inotify limits
-        run: |
-          # see https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
-          sudo sysctl fs.inotify.max_user_watches=524288
-          sudo sysctl fs.inotify.max_user_instances=512
-      - name: Stop docker
-        run: |
-          # Ensure docker is down and that the test jobs can wait for it to be available again after joining the network.
-          # Otherwise they might join and then docker restarts
-          sudo systemctl stop docker
-      - name: Create network
-        run: |
-          export CI_ZEROTIER_API_KEY=${{ secrets.CI_ZEROTIER_API_KEY }}
-          ./hack/zerotier-create-network.sh $GITHUB_RUN_ID
-      - name: Join network
-        run: |
-          export CI_ZEROTIER_API_KEY=${{ secrets.CI_ZEROTIER_API_KEY }}
-          ./hack/zerotier-join-network.sh $GITHUB_RUN_ID docker
-      - name: Restart ssh
-        run: |
-          sudo systemctl restart ssh
-      - name: Restart docker
-        run: |
-          sudo sed -i 's|-H fd://|-H fd:// -H tcp://0.0.0.0:2375|g' /lib/systemd/system/docker.service
-          sudo systemctl daemon-reload
-          sudo systemctl start docker
-      - name: Wait for other jobs to finish
-        run: |
-          export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
-          while true; do
-            JOBS=$(gh api /repos/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID/jobs | jq '.jobs[] | select(.name | startswith("tests "))')
-            NON_COMPLETED=$(echo $JOBS | jq '. | select(.status != "completed")')
-            if [ "$NON_COMPLETED" == "" ]; then
-              break
-            fi
-            sleep 5
-          done
-      - name: Delete network
-        if: always()
-        run: |
-          export CI_ZEROTIER_API_KEY=${{ secrets.CI_ZEROTIER_API_KEY }}
-          ./hack/zerotier-delete-network.sh $GITHUB_RUN_ID
-
   tests:
-    if: "!startsWith(github.ref, 'refs/tags/')"
     strategy:
       matrix:
         include:
@@ -141,125 +84,33 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Install zerotier (linux)
-        if: runner.os == 'Linux'
-        run: |
-          sudo apt update
-          sudo apt install -y gpg jq
-          curl -s https://install.zerotier.com | sudo bash
-      - name: Install zerotier (macOS)
-        if: runner.os == 'macOS'
-        run: |
-          brew install zerotier-one
-      - name: Install zerotier (windows)
-        if: runner.os == 'Windows'
-        shell: bash
-        run: |
-          choco install zerotier-one
-          echo "#!/usr/bin/env bash" > /usr/bin/zerotier-cli
-          echo '/c/ProgramData/ZeroTier/One/zerotier-one_x64.exe -q "$@"' >> /usr/bin/zerotier-cli
-          chmod +x /usr/bin/zerotier-cli
-
-          choco install netcat
-          echo /c/ProgramData/chocolatey/bin >> $GITHUB_PATH
-      - name: Join network
-        shell: bash
-        run: |
-          export CI_ZEROTIER_API_KEY=${{ secrets.CI_ZEROTIER_API_KEY }}
-          ./hack/zerotier-join-network.sh $GITHUB_RUN_ID ${{ matrix.binary-suffix }}
-      - name: Determine DOCKER_HOST
-        shell: bash
-        run: |
-          export CI_ZEROTIER_API_KEY=${{ secrets.CI_ZEROTIER_API_KEY }}
-          ./hack/zerotier-setup-docker-host.sh $GITHUB_RUN_ID
-      - name: Setup TOOLS envs
-        shell: bash
-        run: |
-          if [ "${{ runner.os }}" != "Windows" ]; then
-            echo "SUDO=sudo" >> $GITHUB_ENV
-          fi
-
-          TOOLS_EXE=
-          TOOLS_TARGET_DIR=$GITHUB_WORKSPACE/bin
-          mkdir $TOOLS_TARGET_DIR
-
-          if [ "${{ runner.os }}" == "macOS" ]; then
-            TOOLS_OS=darwin
-          elif [ "${{ runner.os }}" == "Windows" ]; then
-            TOOLS_OS=windows
-            TOOLS_EXE=.exe
-          else
-            TOOLS_OS=linux
-          fi
-          echo "TOOLS_EXE=$TOOLS_EXE" >> $GITHUB_ENV
-          echo "TOOLS_OS=$TOOLS_OS" >> $GITHUB_ENV
-          echo "TOOLS_TARGET_DIR=$TOOLS_TARGET_DIR" >> $GITHUB_ENV
-          echo "$TOOLS_TARGET_DIR" >> $GITHUB_PATH
-      - name: "[Windows] Install openssh"
-        if: runner.os == 'Windows'
-        shell: bash
-        run: |
-          choco install openssh
-      - name: Provide required tools versions
-        shell: bash
-        run: |
-          echo "KUBECTL_VERSION=1.21.5" >> $GITHUB_ENV
-          echo "KIND_VERSION=0.11.1" >> $GITHUB_ENV
-          echo "DOCKER_VERSION=20.10.9" >> $GITHUB_ENV
-      - name: Download required tools
-        shell: bash
-        run: |
-          curl -L -o kubectl$TOOLS_EXE https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/${TOOLS_OS}/amd64/kubectl$TOOLS_EXE && \
-              $SUDO mv kubectl$TOOLS_EXE "$TOOLS_TARGET_DIR/"
-          curl -L -o kind$TOOLS_EXE https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-${TOOLS_OS}-amd64 && \
-              $SUDO mv kind$TOOLS_EXE "$TOOLS_TARGET_DIR/"
-          if [ "${{ runner.os }}" == "macOS" ]; then
-            curl -L -o docker.tar.gz https://download.docker.com/mac/static/stable/x86_64/docker-$DOCKER_VERSION.tgz
-            tar xzf docker.tar.gz
-            $SUDO mv docker/docker "$TOOLS_TARGET_DIR/"
-            rm -rf docker
-          elif [ "${{ runner.os }}" == "Windows" ]; then
-            curl -L -o docker.zip https://download.docker.com/win/static/stable/x86_64/docker-$DOCKER_VERSION.zip
-            unzip docker.zip
-            mv docker/docker.exe "$TOOLS_TARGET_DIR/"
-            rm -rf docker
-          fi
-          $SUDO chmod -R +x "$TOOLS_TARGET_DIR/"
-      - name: Test required tools
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '1.19'
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            tests-go-${{ runner.os }}-
+      - name: Download artifacts
+        uses: actions/download-artifact@v2
+      - name: setup-envtest
         shell: bash
         run: |
-          kubectl version || true
-          kind version || true
-      - name: Prepare kind cluster variables
+          make install-envtest
+      - name: Run e2e tests
         shell: bash
         run: |
-          if [ "${{ runner.os }}" == "Linux" ]; then
-            echo "KIND_API_PORT1=10000" >> $GITHUB_ENV
-            echo "KIND_API_PORT2=20000" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET1=30000" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET2=31000" >> $GITHUB_ENV
-          elif [ "${{ runner.os }}" == "Windows" ]; then
-            echo "KIND_API_PORT1=10001" >> $GITHUB_ENV
-            echo "KIND_API_PORT2=20001" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET1=30100" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET2=31100" >> $GITHUB_ENV
-          else
-            echo "KIND_API_PORT1=10002" >> $GITHUB_ENV
-            echo "KIND_API_PORT2=20002" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET1=30200" >> $GITHUB_ENV
-            echo "KIND_EXTRA_PORTS_OFFSET2=31200" >> $GITHUB_ENV
+          EXE=
+          if [ "${{ runner.os }}" == "Windows" ]; then
+            EXE=.exe
           fi
-          KIND_CLUSTER_NAME_BASE=$(echo "kluctl-${{ runner.os }}" | awk '{{ print tolower($1) }}')
 
-          echo "KIND_API_HOST1=$DOCKER_IP" >> $GITHUB_ENV
-          echo "KIND_API_HOST2=$DOCKER_IP" >> $GITHUB_ENV
-          echo "KIND_CLUSTER_NAME1=$KIND_CLUSTER_NAME_BASE-1" >> $GITHUB_ENV
-          echo "KIND_CLUSTER_NAME2=$KIND_CLUSTER_NAME_BASE-2" >> $GITHUB_ENV
-      - name: Download artifacts
-        uses: actions/download-artifact@v2
-      - name: Run e2e tests
-        shell: bash
-        run: |
           chmod +x ./binaries/*
-          export KLUCTL_EXE=./binaries/kluctl-${{ matrix.binary-suffix }}$TOOLS_EXE
-          ./binaries/e2e.test-${{ matrix.binary-suffix }}$TOOLS_EXE -test.v
+          mv ./binaries/e2e.test-${{ matrix.binary-suffix }}$EXE ./e2e.test$EXE
+
+          export KLUCTL_EXE=./binaries/kluctl-${{ matrix.binary-suffix }}$EXE
+          make test-e2e-pre-built
diff --git a/Makefile b/Makefile
index 446ffbcf9..d8a176b7f 100644
--- a/Makefile
+++ b/Makefile
@@ -75,6 +75,9 @@ KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_
 test-e2e: install-envtest ## Runs the end to end tests
 	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e -test.v
 
+test-e2e-pre-built: install-envtest
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./e2e.test -test.v
+
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)
 	mkdir -p reports/test-unit
diff --git a/hack/zerotier-create-network.sh b/hack/zerotier-create-network.sh
deleted file mode 100755
index 000e77af9..000000000
--- a/hack/zerotier-create-network.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-NETWORK_NAME=$1
-
-NETWORK=$(curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" -XPOST -d"{}" https://my.zerotier.com/api/v1/network)
-NETWORK_ID=$(echo $NETWORK | jq '.config.id' -r)
-
-echo "Configuring network"
-cat << EOF | curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" -XPOST -d@- https://my.zerotier.com/api/v1/network/$NETWORK_ID
-{
-  "config": {
-    "private": false,
-    "name": "$NETWORK_NAME",
-    "ipAssignmentPools": [
-      {
-        "ipRangeStart":"10.147.17.1",
-        "ipRangeEnd":"10.147.17.254"
-      }
-    ],
-    "routes": [
-      {
-        "target":"10.147.17.0/24"
-      }
-    ]
-  }
-}
-EOF
diff --git a/hack/zerotier-delete-network.sh b/hack/zerotier-delete-network.sh
deleted file mode 100755
index a8c22a7f7..000000000
--- a/hack/zerotier-delete-network.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-NETWORK_NAME=$1
-
-echo "Searching network "
-NETWORKS=$(curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" https://my.zerotier.com/api/v1/network)
-NETWORK_ID=$(echo $NETWORKS | jq ".[] | select(.config.name == \"$NETWORK_NAME\") | .config.id" -r)
-
-if [ "$NETWORK_ID" = "" ]; then
-  exit 0
-fi
-
-echo "Deleting network"
-curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" -XDELETE https://my.zerotier.com/api/v1/network/$NETWORK_ID
diff --git a/hack/zerotier-join-network.sh b/hack/zerotier-join-network.sh
deleted file mode 100755
index 3f2094e41..000000000
--- a/hack/zerotier-join-network.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-NETWORK_NAME=$1
-MEMBER_NAME=$2
-
-while true; do
-  echo "Searching network"
-  NETWORKS=$(curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" https://my.zerotier.com/api/v1/network)
-  NETWORK_ID=$(echo $NETWORKS | jq ".[] | select(.config.name == \"$NETWORK_NAME\") | .config.id" -r)
-  if [ "$NETWORK_ID" != "" ]; then
-    break
-  fi
-  sleep 5
-done
-
-SUDO=
-if which sudo &> /dev/null; then
-  SUDO=sudo
-fi
-
-echo "Joining network"
-$SUDO zerotier-cli join $NETWORK_ID
-MEMBER_ID=$($SUDO zerotier-cli status | awk '{print $3}')
-
-echo "Renaming member $MEMBER_ID"
-curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" -XPOST -d"{\"name\": \"$MEMBER_NAME\"}" https://my.zerotier.com/api/v1/network/$NETWORK_ID/member/$MEMBER_ID
diff --git a/hack/zerotier-setup-docker-host.sh b/hack/zerotier-setup-docker-host.sh
deleted file mode 100755
index 4c06dbfc1..000000000
--- a/hack/zerotier-setup-docker-host.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-NETWORK_NAME=$1
-
-echo "Searching network "
-NETWORKS=$(curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" https://my.zerotier.com/api/v1/network)
-NETWORK_ID=$(echo $NETWORKS | jq ".[] | select(.config.name == \"$NETWORK_NAME\") | .config.id" -r)
-
-echo "Waiting for IP to be assigned to docker member"
-while true; do
-  MEMBERS=$(curl -H"Authorization: bearer $CI_ZEROTIER_API_KEY" https://my.zerotier.com/api/v1/network/$NETWORK_ID/member)
-  IP=$(echo $MEMBERS | jq ".[] | select(.name == \"docker\") | .config.ipAssignments[0]" -r)
-  if [ "$IP" != "null" ]; then
-    break
-  fi
-  sleep 5
-  echo "Still waiting..."
-done
-
-echo "DOCKER_IP=$IP" >> $GITHUB_ENV
-echo "DOCKER_HOST=tcp://$IP:2375" >> $GITHUB_ENV
-
-echo "Waiting for docker to become available"
-while ! nc -z $IP 2375; do
-  sleep 5
-  echo "Still waiting..."
-done

From 8538ad7cbe99a5a19a7cf5a16603e2e47d292f47 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 30 Sep 2022 22:39:59 +0200
Subject: [PATCH 0400/2268] ci: Run tests workflow for pull requests

---
 .github/workflows/tests.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b26c3e618..9f00b5a06 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,8 +2,9 @@ name: tests
 
 on:
   push:
+  pull_request:
     branches:
-      - '**'
+      - master
 
 jobs:
   build:

From c6a093e55018cb8a4a955955f37b923bba2eaab2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Oct 2022 09:54:56 +0200
Subject: [PATCH 0401/2268] fix: Upgrade go-jinja2 to fix zombie processes

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 57771f841..d00ca0ba4 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca
+	github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
diff --git a/go.sum b/go.sum
index 4249e8b49..df2ed7fd8 100644
--- a/go.sum
+++ b/go.sum
@@ -500,8 +500,8 @@ github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
 github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca h1:OSl16ha01V8QHu/yKmsfKHx8r6ts/O3xHuT5SaaJ/1I=
-github.com/kluctl/go-jinja2 v0.0.0-20220927093149-38ad307371ca/go.mod h1:kMEDb2dWTbpe6CT+XuGVPcnY1ph9IfHf4b43KN80qas=
+github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85 h1:T2Xhn0xx4MYwFBzc2ADMMJbO2SwH5lfL6r3txHCPYYE=
+github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85/go.mod h1:kMEDb2dWTbpe6CT+XuGVPcnY1ph9IfHf4b43KN80qas=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=

From 6fe7abcabffea0520a737ea49d3fe8548c895d91 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 09:27:27 +0200
Subject: [PATCH 0402/2268] fix: Skip postprocessCRDs in case
 --offline-kubernetes was used

Fixes #58
---
 pkg/deployment/deployment_item.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index e0c30c28e..588a08fca 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -439,6 +439,9 @@ func (di *DeploymentItem) postprocessCRDs() error {
 	if di.dir == nil {
 		return nil
 	}
+	if di.ctx.K == nil {
+		return nil
+	}
 
 	for _, o := range di.Objects {
 		gvk := o.GetK8sGVK()

From 6b4cf92cc8847fc75c1d0df236e47ce8019a1373 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 14:42:41 +0200
Subject: [PATCH 0403/2268] feat: Allow to pass --offline-kuberntes to
 list-images

---
 cmd/kluctl/commands/cmd_list_images.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index cfd9ef56f..4ec7d3543 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -14,14 +14,15 @@ type listImagesCmd struct {
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
-	Simple bool `group:"misc" help:"Output a simplified version of the images list"`
+	OfflineKubernetes bool `group:"misc" help:"Run list-images in offline mode, meaning that it will not try to connect the target cluster"`
+	Simple            bool `group:"misc" help:"Output a simplified version of the images list"`
 }
 
 func (cmd *listImagesCmd) Help() string {
 	return `The result is a compatible with yaml files expected by --fixed-images-file.
 
 If fixed images ('-f/--fixed-image') are provided, these are also taken into account,
-as described in for the deploy command.`
+as described in the deploy command.`
 }
 
 func (cmd *listImagesCmd) Run() error {
@@ -32,6 +33,7 @@ func (cmd *listImagesCmd) Run() error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		offlineKubernetes:    cmd.OfflineKubernetes,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		result := types.FixedImagesConfig{

From 63c11e52dad6d3bc23a77f67605ccfc672afd461 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 14:56:28 +0200
Subject: [PATCH 0404/2268] feat: Allow loading args from files, e.g.
 -amy_arg=@file.yaml

---
 cmd/kluctl/args/project.go      |  2 +-
 cmd/kluctl/commands/utils.go    |  2 +-
 pkg/deployment/external_args.go | 13 ++++++++++++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index d2c933721..b9e839fc7 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -18,7 +18,7 @@ type ProjectFlags struct {
 }
 
 type ArgsFlags struct {
-	Arg []string `group:"project" short:"a" help:"Passes a template argument in the form of name=value. Nested args can be set with the '-a my.nested.arg=value' syntax. Values are interpreted as yaml values, meaning that 'true' and 'false' will lead to boolean values and numbers will be treated as numbers. Use quotes if you want these to be treated as strings."`
+	Arg []string `group:"project" short:"a" help:"Passes a template argument in the form of name=value. Nested args can be set with the '-a my.nested.arg=value' syntax. Values are interpreted as yaml values, meaning that 'true' and 'false' will lead to boolean values and numbers will be treated as numbers. Use quotes if you want these to be treated as strings. If the value starts with @, it is treated as a file, meaning that the contents of the file will be loaded and treated as yaml."`
 }
 
 type TargetFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 968077a02..5b9373376 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -146,7 +146,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return err
 	}
-	optionArgs2, err := deployment.ConvertArgsToVars(optionArgs)
+	optionArgs2, err := deployment.ConvertArgsToVars(optionArgs, true)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 955b74b27..952dfa063 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
@@ -28,9 +29,19 @@ func ParseArgs(argsList []string) (map[string]string, error) {
 	return args, nil
 }
 
-func ConvertArgsToVars(args map[string]string) (*uo.UnstructuredObject, error) {
+func ConvertArgsToVars(args map[string]string, allowLoadFromFiles bool) (*uo.UnstructuredObject, error) {
 	vars := uo.New()
 	for n, v := range args {
+		if allowLoadFromFiles && strings.HasPrefix(v, "@") {
+			b, err := os.ReadFile(v[1:])
+			if err != nil {
+				return nil, err
+			}
+			v = string(b)
+		} else if strings.HasPrefix(v, "\\@") {
+			v = v[1:]
+		}
+
 		var p []interface{}
 		for _, x := range strings.Split(n, ".") {
 			p = append(p, x)

From 08b3c3df11fe4126c3beccbcaafb4b41f62151a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 15:06:14 +0200
Subject: [PATCH 0405/2268] feat: Implement --args-from-file to load args from
 a yaml file

---
 cmd/kluctl/args/project.go   | 3 ++-
 cmd/kluctl/commands/utils.go | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index b9e839fc7..6dfbc8bf0 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -18,7 +18,8 @@ type ProjectFlags struct {
 }
 
 type ArgsFlags struct {
-	Arg []string `group:"project" short:"a" help:"Passes a template argument in the form of name=value. Nested args can be set with the '-a my.nested.arg=value' syntax. Values are interpreted as yaml values, meaning that 'true' and 'false' will lead to boolean values and numbers will be treated as numbers. Use quotes if you want these to be treated as strings. If the value starts with @, it is treated as a file, meaning that the contents of the file will be loaded and treated as yaml."`
+	Arg          []string `group:"project" short:"a" help:"Passes a template argument in the form of name=value. Nested args can be set with the '-a my.nested.arg=value' syntax. Values are interpreted as yaml values, meaning that 'true' and 'false' will lead to boolean values and numbers will be treated as numbers. Use quotes if you want these to be treated as strings. If the value starts with @, it is treated as a file, meaning that the contents of the file will be loaded and treated as yaml."`
+	ArgsFromFile []string `group:"project" help:"Loads a yaml file and makes it available as arguments, meaning that they will be available thought the global 'args' variable."`
 }
 
 type TargetFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 5b9373376..eb0c9a1ad 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"k8s.io/client-go/rest"
@@ -150,6 +151,13 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return err
 	}
+	for _, a := range args.argsFlags.ArgsFromFile {
+		optionArgs3, err := uo.FromFile(a)
+		if err != nil {
+			return err
+		}
+		optionArgs2.Merge(optionArgs3)
+	}
 
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {

From 4bad414e42a3b4bfd616c477ece47b97405dedf4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 15:51:33 +0200
Subject: [PATCH 0406/2268] tests: Add tests for -a and --args-from-file

---
 e2e/args_test.go | 125 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 e2e/args_test.go

diff --git a/e2e/args_test.go b/e2e/args_test.go
new file mode 100644
index 000000000..b606df688
--- /dev/null
+++ b/e2e/args_test.go
@@ -0,0 +1,125 @@
+package e2e
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"os"
+	"testing"
+)
+
+func TestArgs(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "args")
+	defer p.cleanup()
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField([]any{
+			map[string]any{
+				"name": "a",
+			},
+			map[string]any{
+				"name": "b",
+			},
+			map[string]any{
+				"name": "c",
+			},
+			map[string]any{
+				"name": "d",
+			},
+		}, "dynamicArgs")
+	})
+	p.updateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]any{
+			map[string]any{
+				"name": "a",
+			},
+			map[string]any{
+				"name":    "b",
+				"default": "default",
+			},
+			map[string]any{
+				"name": "d",
+				"default": map[string]any{
+					"nested": "default",
+				},
+			},
+		}, "args")
+		return nil
+	})
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"a": `{{ args.a | default("na") }}`,
+		"b": `{{ args.b | default("na") }}`,
+		"c": `{{ args.c | default("na") }}`,
+		"d": "{{ args.d | to_json }}",
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
+	cm := k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "default", "data", "b")
+	assertNestedFieldEquals(t, cm, "na", "data", "c")
+	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "b", "data", "b")
+	assertNestedFieldEquals(t, cm, "na", "data", "c")
+	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "b", "data", "b")
+	assertNestedFieldEquals(t, cm, "c", "data", "c")
+	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, `{"nested": "d"}`, "data", "d")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, `{"nested": "d2"}`, "data", "d")
+
+	tmpFile, err := os.CreateTemp("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(tmpFile.Name())
+	_, _ = tmpFile.WriteString(`
+nested:
+  nested2: d3
+`)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d3"}}`, "data", "d")
+
+	_ = tmpFile.Truncate(0)
+	_, _ = tmpFile.Seek(0, 0)
+	_, _ = tmpFile.WriteString(`
+a: a2
+c: c2
+d:
+  nested:
+    nested2: d4
+`)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
+	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, "a2", "data", "a")
+	assertNestedFieldEquals(t, cm, "default", "data", "b")
+	assertNestedFieldEquals(t, cm, "c2", "data", "c")
+	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d4"}}`, "data", "d")
+}

From 7393163edbc2f2af1592105f23f25701934cf27c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 16:02:44 +0200
Subject: [PATCH 0407/2268] tests: Add some log outputs to debug hook tests
 flakiness

---
 e2e/hooks_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 347ef2cf8..86bbf45fa 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -46,10 +46,12 @@ func (s *HookTestSuite) SetupTest() {
 }
 
 func (s *HookTestSuite) handleConfigmap(o *uo.UnstructuredObject) {
+	s.T().Logf("handleConfigmap: %s", o.GetK8sName())
 	s.seenConfigMaps = append(s.seenConfigMaps, o.GetK8sName())
 }
 
 func (s *HookTestSuite) clearSeenConfigmaps() {
+	s.T().Logf("clearSeenConfigmaps: %v", s.seenConfigMaps)
 	s.seenConfigMaps = nil
 }
 

From 43a4f58cc4f6645ebb938f243b41c15135e8b4b8 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Mon, 17 Oct 2022 16:15:18 +0200
Subject: [PATCH 0408/2268] chore: move check list in PR template to comment

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 .github/pull_request_template.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index dc3dd31cb..205acfcdf 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -14,6 +14,7 @@ Please delete options that are not relevant.
 - [ ] This change requires a documentation update
 - [ ] This change requires a new example
 
+<!---
 All Submissions:
 
 * [ ] A corresponding issue exists
@@ -27,3 +28,4 @@ All Submissions:
 * [ ] New and existing unit tests pass locally with my changes
 * [ ] Any dependent changes have been merged and published in downstream modules
 * [ ] All commits are signed off which certify that you created the patch and that you agree to the [Developer Certificate of Origin](https://developercertificate.org/)
+-->

From 909f06b35a77444cef4b693cebfbfd8b0dabd806 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 16:59:24 +0200
Subject: [PATCH 0409/2268] fix: Treat strings as raw strings (no escape
 sequences handles) in version patterns

This avoids unnecessary warnings being printed in case of invalid escape
sequences in regex strings. The parser should actually NOT try to parse
these escape sequences as it would lead to invalid regex strings in case
a valid escape sequence (e.g. \n) is provided.
---
 pkg/utils/python_scanner/README.md  |  2 +-
 pkg/utils/python_scanner/scanner.go | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/utils/python_scanner/README.md b/pkg/utils/python_scanner/README.md
index 3ae1e4c85..645cb1299 100644
--- a/pkg/utils/python_scanner/README.md
+++ b/pkg/utils/python_scanner/README.md
@@ -1,2 +1,2 @@
-This package is a copy of golangs text/scanner package, with the difference that it interprets ' the same way as ", so
+This package is a copy of golangs text/scanner package, with the difference that it interprets ' and ` the same way as ", so
 that it's a little bit more like python.
\ No newline at end of file
diff --git a/pkg/utils/python_scanner/scanner.go b/pkg/utils/python_scanner/scanner.go
index c64b1e506..006f9107b 100644
--- a/pkg/utils/python_scanner/scanner.go
+++ b/pkg/utils/python_scanner/scanner.go
@@ -593,9 +593,9 @@ func (s *Scanner) scanString(quote rune) (n int) {
 	return
 }
 
-func (s *Scanner) scanRawString() {
+func (s *Scanner) scanRawString(quote rune) {
 	ch := s.next() // read character after '`'
-	for ch != '`' {
+	for ch != quote {
 		if ch < 0 {
 			s.error("literal not terminated")
 			return
@@ -697,14 +697,14 @@ redo:
 			break
 		case '"':
 			if s.Mode&ScanStrings != 0 {
-				s.scanString('"')
+				s.scanRawString('"')
 				tok = String
 			}
 			ch = s.next()
 		case '\'':
 			// This is the difference to golang's text/scanner package, we handle ' as a string and not as a char
 			if s.Mode&ScanStrings != 0 {
-				s.scanString('\'')
+				s.scanRawString('\'')
 				tok = String
 			}
 			ch = s.next()
@@ -726,7 +726,7 @@ redo:
 			}
 		case '`':
 			if s.Mode&ScanRawStrings != 0 {
-				s.scanRawString()
+				s.scanRawString('`')
 				tok = RawString
 			}
 			ch = s.next()

From 20da8b095a6bad2df0ad3b248a492d7d0bb8aa7c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 17:34:35 +0200
Subject: [PATCH 0410/2268] feat: Upgrade go-jinja2 to add slugify filter

---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index d00ca0ba4..6b01fa205 100644
--- a/go.mod
+++ b/go.mod
@@ -21,8 +21,8 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2
-	github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85
+	github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1
+	github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
@@ -40,9 +40,9 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
 	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
-	golang.org/x/net v0.0.0-20220923203811-8be639271d50
+	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
 	golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7
-	golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
+	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43
 	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
 	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index df2ed7fd8..5d9e2e5ba 100644
--- a/go.sum
+++ b/go.sum
@@ -498,10 +498,10 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c=
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2 h1:zjJAVyZiWJhufcafhykvXNar1vqDp/ukQk0hFuCJ9zw=
-github.com/kluctl/go-embed-python v0.0.0-3.10.6-20220906-2/go.mod h1:uekQDAlvKAYJWuDxxP1SGn1vTPUfoBwMS+aB6kR+v+o=
-github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85 h1:T2Xhn0xx4MYwFBzc2ADMMJbO2SwH5lfL6r3txHCPYYE=
-github.com/kluctl/go-jinja2 v0.0.0-20221011075324-ee187dbffa85/go.mod h1:kMEDb2dWTbpe6CT+XuGVPcnY1ph9IfHf4b43KN80qas=
+github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1 h1:4XlPysiwaex+j7+r6pPA12WyuBM9Sy6gSoeKYTqxU9M=
+github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1/go.mod h1:fuMI+yFFgrViXsRl+NIWQeuPDTvJtOk2pe0HoeujT54=
+github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305 h1:95WNlnGuRfLXgWoeBTDV0DhHwX26hUfnIzgiYTitsLk=
+github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305/go.mod h1:2G09vDjMA8VSWJT7Kox9EQi8l7DCkGnyBNcd7eomM1s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
@@ -912,8 +912,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220923203811-8be639271d50 h1:vKyz8L3zkd+xrMeIaBsQ/MNVPVFSffdaU3ZyYlBGFnI=
-golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221014081412-f15817d10f9b h1:tvrvnPFcdzp294diPnrdZZZ8XUt2Tyj7svb7X52iDuU=
+golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1015,8 +1015,8 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8 h1:h+EGohizhe9XlX18rfpa8k8RAc5XyaeamM+0VHRd4lc=
-golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4=
+golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 8a66a63f0264acf88e79a9968aafd3596af778aa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 17:36:44 +0200
Subject: [PATCH 0411/2268] chore: Run go get -u ./...

---
 go.mod | 59 +++++++++++++++++++++++++--------------------------
 go.sum | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 6b01fa205..fbccf67c5 100644
--- a/go.mod
+++ b/go.mod
@@ -6,8 +6,8 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.105
-	github.com/bitnami-labs/sealed-secrets v0.18.5
+	github.com/aws/aws-sdk-go v1.44.116
+	github.com/bitnami-labs/sealed-secrets v0.19.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.8.0
@@ -16,7 +16,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.11.0
-	github.com/hashicorp/vault/api v1.8.0
+	github.com/hashicorp/vault/api v1.8.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
@@ -28,30 +28,30 @@ require (
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.14.4
+	github.com/ohler55/ojg v1.14.5
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.5.0
+	github.com/spf13/cobra v1.6.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.13.0
 	github.com/stretchr/testify v1.8.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
-	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
+	golang.org/x/crypto v0.0.0-20221012134737-56aed061732a
 	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
-	golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7
+	golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0
 	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43
 	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
-	golang.org/x/text v0.3.7
+	golang.org/x/text v0.3.8
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.10.0
-	k8s.io/api v0.25.2
-	k8s.io/apiextensions-apiserver v0.25.2
-	k8s.io/apimachinery v0.25.2
-	k8s.io/client-go v0.25.2
+	helm.sh/helm/v3 v3.10.1
+	k8s.io/api v0.25.3
+	k8s.io/apiextensions-apiserver v0.25.3
+	k8s.io/apimachinery v0.25.3
+	k8s.io/client-go v0.25.3
 	k8s.io/klog/v2 v2.80.1
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
@@ -78,7 +78,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
@@ -90,8 +90,8 @@ require (
 	github.com/cloudflare/circl v1.2.0 // indirect
 	github.com/containerd/containerd v1.6.8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.18+incompatible // indirect
-	github.com/docker/docker v20.10.18+incompatible // indirect
+	github.com/docker/cli v20.10.19+incompatible // indirect
+	github.com/docker/docker v20.10.19+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -102,7 +102,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
@@ -173,7 +173,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc1 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
@@ -198,28 +198,29 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.starlark.net v0.0.0-20220926145019-14b050677505 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
+	go.starlark.net v0.0.0-20221010140840-6bf6f0955179 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
+	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
 	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc // indirect
-	google.golang.org/grpc v1.49.0 // indirect
+	google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a // indirect
+	google.golang.org/grpc v1.50.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.25.2 // indirect
-	k8s.io/cli-runtime v0.25.2 // indirect
-	k8s.io/component-base v0.25.2 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
-	k8s.io/kubectl v0.25.2 // indirect
-	k8s.io/utils v0.0.0-20220922133306-665eaaec4324 // indirect
-	oras.land/oras-go v1.2.0 // indirect
+	k8s.io/apiserver v0.25.3 // indirect
+	k8s.io/cli-runtime v0.25.3 // indirect
+	k8s.io/component-base v0.25.3 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/kubectl v0.25.3 // indirect
+	k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 // indirect
+	oras.land/oras-go v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 5d9e2e5ba..cc6a47da0 100644
--- a/go.sum
+++ b/go.sum
@@ -90,6 +90,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
 github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad h1:QeeqI2zxxgZVe11UrYFXXx6gVxPVF40ygekjBzEg4XY=
+github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
@@ -116,6 +118,8 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.44.105 h1:UUwoD1PRKIj3ltrDUYTDQj5fOTK3XsnqolLpRTMmSEM=
 github.com/aws/aws-sdk-go v1.44.105/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.116 h1:NpLIhcvLWXJZAEwvPj3TDHeqp7DleK6ZUVYyW01WNHY=
+github.com/aws/aws-sdk-go v1.44.116/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -123,6 +127,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitnami-labs/sealed-secrets v0.18.5 h1:PT/lxfgWnP8l8ybpvTsHuJltY4A35LI8if19Ww9FbcU=
 github.com/bitnami-labs/sealed-secrets v0.18.5/go.mod h1:nzCyKhzDRbNySRUZXR6tvui4s95LbuaNpBoGRvV9Nk8=
+github.com/bitnami-labs/sealed-secrets v0.19.1 h1:ZNLcVtTXRf7VkyNzyhe9omlwNYI0OHDteTbIHsQI7Ug=
+github.com/bitnami-labs/sealed-secrets v0.19.1/go.mod h1:5UcsiOdOoviJUtXY1GNSeFa8zezbBY+j9pQAA2RtKyw=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
@@ -134,6 +140,7 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -153,6 +160,7 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
 github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
@@ -173,10 +181,14 @@ github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27N
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
 github.com/docker/cli v20.10.18+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.19+incompatible h1:VKVBUb0KY/bx0FUCrCiNCL8wqgy8VxQli1dtNTn38AE=
+github.com/docker/cli v20.10.19+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
 github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.19+incompatible h1:lzEmjivyNHFHMNAFLXORMBXyGIhw/UP4DvJwvyKYq64=
+github.com/docker/docker v20.10.19+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -201,6 +213,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -222,6 +235,8 @@ github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
@@ -443,6 +458,8 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
 github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
+github.com/hashicorp/vault/api v1.8.1 h1:bMieWIe6dAlqAAPReZO/8zYtXaWUg/21umwqGZpEjCI=
+github.com/hashicorp/vault/api v1.8.1/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
 github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
@@ -617,6 +634,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
 github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.14.5 h1:xCX2oyh/ZaoesbLH6fwVHStSJpk4o4eJs8ttXutzdg0=
+github.com/ohler55/ojg v1.14.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
@@ -627,6 +646,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc1 h1:lfG+OTa7V8PD3PKvkocSG9KAcA9MANqJn53m31Fvwkc=
 github.com/opencontainers/image-spec v1.1.0-rc1/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
+github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -732,6 +753,8 @@ github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
+github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI=
+github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -788,6 +811,8 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
+go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0=
+go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -801,6 +826,8 @@ go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20220926145019-14b050677505 h1:W0MibAL5BiEenQR+F/EF/a4HJhgLngHVvm6jbtUW0PM=
 go.starlark.net v0.0.0-20220926145019-14b050677505/go.mod h1:qsNirHv+Awo5xHuNyQ/0niov6kDxdBs+bqpVMBCW77k=
+go.starlark.net v0.0.0-20221010140840-6bf6f0955179 h1:Mc5MkF55Iasgq23vSYpL6/l7EJXtlNjzw+8hbMQ/ShY=
+go.starlark.net v0.0.0-20221010140840-6bf6f0955179/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
@@ -830,6 +857,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20221012134737-56aed061732a h1:NmSIgad6KjE6VvHciPZuNRTKxGhlPfD6OA87W/PLkqg=
+golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -930,6 +959,8 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
+golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -943,6 +974,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
 golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 h1:cu5kTvlzcw1Q5S9f5ip1/cpiB4nXvw1XYzFPGgzLUOY=
+golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1015,6 +1048,7 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1032,6 +1066,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1175,6 +1211,8 @@ google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxH
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc h1:saaNe2+SBQxandnzcD/qB1JEBQ2Pqew+KlFLLdA/XcM=
 google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc/go.mod h1:yEEpwVWKMZZzo81NwRgyEJnA2fQvpXAYPVisv8EgDVs=
+google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a h1:GH6UPn3ixhWcKDhpnEC55S75cerLPdpp3hrhfKYjZgw=
+google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1196,8 +1234,11 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw=
 google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
+google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1250,6 +1291,8 @@ gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI=
 helm.sh/helm/v3 v3.10.0/go.mod h1:paPw0hO5KVfrCMbi1M8+P8xdfBri3IiJiVKATZsFR94=
+helm.sh/helm/v3 v3.10.1 h1:uTnNlYx8QcTSNA4ZJ50Llwife4CSohUY4ehumyVf2QE=
+helm.sh/helm/v3 v3.10.1/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1259,28 +1302,51 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8=
 k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0=
+k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
+k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
 k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo=
 k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18QXJaJvIDLvE8=
+k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
+k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
 k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
 k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
+k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
+k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
 k8s.io/apiserver v0.25.2 h1:YePimobk187IMIdnmsMxsfIbC5p4eX3WSOrS9x6FEYw=
 k8s.io/apiserver v0.25.2/go.mod h1:30r7xyQTREWCkG2uSjgjhQcKVvAAlqoD+YyrqR6Cn+I=
+k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
+k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
 k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
 k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
+k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
+k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
 k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
 k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
+k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
+k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
 k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
 k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
+k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
+k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
+k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
 k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
+k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
 k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
+k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
+k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
 k8s.io/utils v0.0.0-20220922133306-665eaaec4324 h1:i+xdFemcSNuJvIfBlaYuXgRondKxK4z4prVPKzEaelI=
 k8s.io/utils v0.0.0-20220922133306-665eaaec4324/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 h1:cTdVh7LYu82xeClmfzGtgyspNh6UxpwLWGi8R4sspNo=
+k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
 oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
+oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
+oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From 8db57a5531abd06e04c553ef9be348d443b55737 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 21:42:14 +0200
Subject: [PATCH 0412/2268] feat: Remove deprecated external projects and
 cluster configs

---
 cmd/kluctl/args/project.go           |  11 +-
 cmd/kluctl/commands/cmd_seal.go      |   3 -
 cmd/kluctl/commands/completion.go    |  36 ------
 cmd/kluctl/commands/utils.go         |  22 +---
 e2e/external_projects_test.go        |  77 -----------
 e2e/project.go                       | 109 +---------------
 e2e/seal_test.go                     |  14 +-
 pkg/kluctl_project/git.go            |  27 +---
 pkg/kluctl_project/project.go        |   2 -
 pkg/kluctl_project/project_load.go   | 187 ++-------------------------
 pkg/kluctl_project/target_context.go |  46 +------
 pkg/kluctl_project/targets.go        |  10 --
 pkg/types/cluster_config.go          |  83 ------------
 pkg/types/git_project.go             |  15 ---
 pkg/types/kluctl_project.go          |   8 +-
 15 files changed, 37 insertions(+), 613 deletions(-)
 delete mode 100644 e2e/external_projects_test.go
 delete mode 100644 pkg/types/cluster_config.go

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 6dfbc8bf0..d142ece1a 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -3,15 +3,8 @@ package args
 import "time"
 
 type ProjectFlags struct {
-	ProjectUrl string `group:"project" short:"p" help:"Git url of the kluctl project. If not specified, the current directory will be used instead of a remote Git project"`
-	ProjectRef string `group:"project" short:"b" help:"Git ref of the kluctl project. Only used when --project-url was given."`
-
-	ProjectConfig      existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
-	LocalClusters      existingDirType  `group:"project" help:"DEPRECATED. Local clusters directory. Overrides the project from .kluctl.yaml"`
-	LocalDeployment    existingDirType  `group:"project" help:"DEPRECATED. Local deployment directory. Overrides the project from .kluctl.yaml"`
-	LocalSealedSecrets existingDirType  `group:"project" help:"DEPRECATED. Local sealed-secrets directory. Overrides the project from .kluctl.yaml" `
-	OutputMetadata     string           `group:"project" help:"Specify the output path for the project metadata to be written to."`
-	Cluster            string           `group:"project" help:"DEPRECATED. Specify/Override cluster"`
+	ProjectConfig  existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
+	OutputMetadata string           `group:"project" help:"Specify the output path for the project metadata to be written to."`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 636444179..e2388b317 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -161,9 +161,6 @@ func (cmd *sealCmd) Run() error {
 			if cmd.Target != "" && cmd.Target != target.Target.Name {
 				continue
 			}
-			if cmd.Cluster != "" && target.Target.Cluster != nil && cmd.Cluster != *target.Target.Cluster {
-				continue
-			}
 			if target.Target.SealingConfig == nil {
 				status.Info(ctx, "Target %s has no sealingConfig", target.Target.Name)
 				continue
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 3c8ae9e37..7830d90e4 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -5,12 +5,8 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/spf13/cobra"
-	"os"
-	"path/filepath"
 	"reflect"
 	"strings"
 	"sync"
@@ -24,10 +20,6 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	inclusionFlags := v.FieldByName("InclusionFlags")
 	imageFlags := v.FieldByName("ImageFlags")
 
-	if projectFlags.IsValid() {
-		_ = ccmd.RegisterFlagCompletionFunc("cluster", buildClusterCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
-	}
-
 	if projectFlags.IsValid() && targetFlags.IsValid() {
 		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
 	}
@@ -56,34 +48,6 @@ func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(ctx contex
 	})
 }
 
-func buildClusterCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		var ret []string
-		err := withProjectForCompletion(projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
-			dents, err := os.ReadDir(p.ClustersDir)
-			if err != nil {
-				return err
-			}
-			for _, de := range dents {
-				var config types.ClusterConfig
-				err = yaml.ReadYamlFile(filepath.Join(p.ClustersDir, de.Name()), &config)
-				if err != nil {
-					continue
-				}
-				if config.Cluster.Name != "" {
-					ret = append(ret, config.Cluster.Name)
-				}
-			}
-			return nil
-		})
-		if err != nil {
-			status.Error(cliCtx, err.Error())
-			return nil, cobra.ShellCompDirectiveError
-		}
-		return ret, cobra.ShellCompDirectiveDefault
-	}
-}
-
 func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index eb0c9a1ad..84b5f9162 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
@@ -25,15 +24,6 @@ import (
 )
 
 func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	var url *git_url.GitUrl
-	if projectFlags.ProjectUrl != "" {
-		var err error
-		url, err = git_url.Parse(projectFlags.ProjectUrl)
-		if err != nil {
-			return err
-		}
-	}
-
 	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -67,12 +57,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
 		RepoRoot:           repoRoot,
 		ProjectDir:         cwd,
-		ProjectUrl:         url,
-		ProjectRef:         projectFlags.ProjectRef,
 		ProjectConfig:      projectFlags.ProjectConfig.String(),
-		LocalClusters:      projectFlags.LocalClusters.String(),
-		LocalDeployment:    projectFlags.LocalDeployment.String(),
-		LocalSealedSecrets: projectFlags.LocalSealedSecrets.String(),
 		RP:                 rp,
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
@@ -169,13 +154,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		renderOutputDir = tmpDir
 	}
 
-	var clusterName *string
-	if args.projectFlags.Cluster != "" {
-		clusterName = &args.projectFlags.Cluster
-	}
-
 	targetCtx, err := p.NewTargetContext(ctx,
-		args.targetFlags.Target, clusterName, args.offlineKubernetes,
+		args.targetFlags.Target, args.offlineKubernetes,
 		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
 		optionArgs2, args.forSeal, images, inclusion,
 		renderOutputDir)
diff --git a/e2e/external_projects_test.go b/e2e/external_projects_test.go
deleted file mode 100644
index 94e6aebc6..000000000
--- a/e2e/external_projects_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package e2e
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"testing"
-)
-
-func doTestProject(t *testing.T, namespace string, p *testProject) {
-	k := defaultCluster1
-
-	p.init(t, k, fmt.Sprintf("project-%s", namespace))
-	defer p.cleanup()
-
-	createNamespace(t, k, namespace)
-
-	p.updateEnvTestCluster(k, uo.FromMap(map[string]interface{}{
-		"cluster_var": "cluster_value1",
-	}))
-	p.updateTargetDeprecated("test", k.Context, uo.FromMap(map[string]interface{}{
-		"target_var": "target_value1",
-	}))
-	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{name: "cm1", namespace: namespace})
-
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceExists(t, k, namespace, "ConfigMap/cm1")
-
-	cmData := map[string]string{
-		"cluster_var": "{{ cluster.cluster_var }}",
-		"target_var":  "{{ args.target_var }}",
-	}
-
-	assertResourceNotExists(t, k, namespace, "ConfigMap/cm2")
-	addConfigMapDeployment(p, "cm2", cmData, resourceOpts{name: "cm2", namespace: namespace})
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-
-	o := assertResourceExists(t, k, namespace, "ConfigMap/cm2")
-	assertNestedFieldEquals(t, o, "cluster_value1", "data", "cluster_var")
-	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
-
-	p.updateEnvTestCluster(k, uo.FromMap(map[string]interface{}{
-		"cluster_var": "cluster_value2",
-	}))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	o = assertResourceExists(t, k, namespace, "ConfigMap/cm2")
-	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
-	assertNestedFieldEquals(t, o, "target_value1", "data", "target_var")
-
-	p.updateTargetDeprecated("test", k.Context, uo.FromMap(map[string]interface{}{
-		"target_var": "target_value2",
-	}))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	o = assertResourceExists(t, k, namespace, "ConfigMap/cm2")
-	assertNestedFieldEquals(t, o, "cluster_value2", "data", "cluster_var")
-	assertNestedFieldEquals(t, o, "target_value2", "data", "target_var")
-}
-
-func TestExternalProjects(t *testing.T) {
-	testCases := []struct {
-		name string
-		p    testProject
-	}{
-		{name: "external-kluctl-project", p: testProject{kluctlProjectExternal: true}},
-		{name: "external-clusters-project", p: testProject{clustersExternal: true}},
-		{name: "external-deployment-project", p: testProject{deploymentExternal: true}},
-		{name: "external-sealed-secrets-project", p: testProject{sealedSecretsExternal: true}},
-		{name: "external-all-projects", p: testProject{kluctlProjectExternal: true, clustersExternal: true, deploymentExternal: true, sealedSecretsExternal: true}},
-	}
-
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-			doTestProject(t, tc.name, &tc.p)
-		})
-	}
-}
diff --git a/e2e/project.go b/e2e/project.go
index e106c795a..3249dd8c5 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -22,15 +22,6 @@ type testProject struct {
 	extraEnv    []string
 	projectName string
 
-	kluctlProjectExternal bool
-	clustersExternal      bool
-	deploymentExternal    bool
-	sealedSecretsExternal bool
-
-	localClusters      *string
-	localDeployment    *string
-	localSealedSecrets *string
-
 	mergedKubeconfig string
 
 	gitServer *test_utils.GitServer
@@ -42,29 +33,8 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectNa
 	p.projectName = projectName
 
 	p.gitServer.GitInit(p.getKluctlProjectRepo())
-	if p.clustersExternal {
-		p.gitServer.GitInit(p.getClustersRepo())
-	}
-	if p.deploymentExternal {
-		p.gitServer.GitInit(p.getDeploymentRepo())
-	}
-	if p.sealedSecretsExternal {
-		p.gitServer.GitInit(p.getSealedSecretsRepo())
-	}
-
-	_ = os.MkdirAll(filepath.Join(p.gitServer.LocalRepoDir(p.getClustersRepo()), "clusters"), 0o700)
-	_ = os.MkdirAll(filepath.Join(p.gitServer.LocalRepoDir(p.getSealedSecretsRepo()), ".sealed-secrets"), 0o700)
 
 	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
-		if p.clustersExternal {
-			o.SetNestedField(p.gitServer.LocalGitUrl(p.getClustersRepo()), "clusters", "project")
-		}
-		if p.deploymentExternal {
-			o.SetNestedField(p.gitServer.LocalGitUrl(p.getDeploymentRepo()), "deployment", "project")
-		}
-		if p.sealedSecretsExternal {
-			o.SetNestedField(p.gitServer.LocalGitUrl(p.getSealedSecretsRepo()), "sealedSecrets", "project")
-		}
 		return nil
 	})
 	p.updateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
@@ -124,7 +94,7 @@ func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) err
 }
 
 func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
-	p.gitServer.UpdateYaml(p.getDeploymentRepo(), filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
 			o.SetNestedField(p.projectName, "commonLabels", "project_name")
 		}
@@ -133,7 +103,7 @@ func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.Unstruc
 }
 
 func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
-	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, "deployment.yml"))
+	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -165,43 +135,14 @@ func (p *testProject) listDeploymentItemPathes(dir string, fullPath bool) []stri
 }
 
 func (p *testProject) updateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
-	wt := p.gitServer.GetWorktree(p.getDeploymentRepo())
+	wt := p.gitServer.GetWorktree(p.getKluctlProjectRepo())
 
 	pth := filepath.Join(dir, "kustomization.yml")
-	p.gitServer.UpdateYaml(p.getDeploymentRepo(), pth, func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), pth, func(o *uo.UnstructuredObject) error {
 		return update(o, wt)
 	}, fmt.Sprintf("Update kustomization.yml for %s", dir))
 }
 
-func (p *testProject) updateCluster(name string, context string, vars *uo.UnstructuredObject) {
-	pth := filepath.Join("clusters", fmt.Sprintf("%s.yml", name))
-	p.gitServer.UpdateYaml(p.getClustersRepo(), pth, func(o *uo.UnstructuredObject) error {
-		o.Clear()
-		o.SetNestedField(name, "cluster", "name")
-		o.SetNestedField(context, "cluster", "context")
-		if vars != nil {
-			o.MergeChild("cluster", vars)
-		}
-		return nil
-	}, fmt.Sprintf("add/update cluster %s", name))
-}
-
-func (p *testProject) updateEnvTestCluster(k *test_utils.EnvTestCluster, vars *uo.UnstructuredObject) {
-	context := k.KubectlMust(p.t, "config", "current-context")
-	context = strings.TrimSpace(context)
-	p.updateCluster(k.Context, context, vars)
-}
-
-func (p *testProject) updateTargetDeprecated(name string, cluster string, args *uo.UnstructuredObject) {
-	p.updateTarget(name, func(target *uo.UnstructuredObject) {
-		if args != nil {
-			target.MergeChild("args", args)
-		}
-		// compatibility
-		_ = target.SetNestedField(cluster, "cluster")
-	})
-}
-
 func (p *testProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
 	p.updateNamedListItem(uo.KeyPath{"targets"}, name, cb)
 }
@@ -286,7 +227,7 @@ func (p *testProject) addKustomizeDeployment(dir string, resources []kustomizeRe
 		p.addDeploymentIncludes(deploymentDir)
 	}
 
-	absKustomizeDir := filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir)
+	absKustomizeDir := filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir)
 
 	err := os.MkdirAll(absKustomizeDir, 0o700)
 	if err != nil {
@@ -350,7 +291,7 @@ func (p *testProject) addKustomizeResources(dir string, resources []kustomizeRes
 			if fileName == "" {
 				fileName = r.name
 			}
-			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getDeploymentRepo()), dir, fileName), x)
+			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, fileName), x)
 			if err != nil {
 				return err
 			}
@@ -383,48 +324,12 @@ func (p *testProject) getKluctlProjectRepo() string {
 	return "kluctl-project"
 }
 
-func (p *testProject) getClustersRepo() string {
-	if p.clustersExternal {
-		return "external-clusters"
-	}
-	return p.getKluctlProjectRepo()
-}
-
-func (p *testProject) getDeploymentRepo() string {
-	if p.deploymentExternal {
-		return "external-deployment"
-	}
-	return p.getKluctlProjectRepo()
-}
-
-func (p *testProject) getSealedSecretsRepo() string {
-	if p.sealedSecretsExternal {
-		return "external-sealed-secrets"
-	}
-	return p.getKluctlProjectRepo()
-}
-
 func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
 
-	cwd := ""
-	if p.kluctlProjectExternal {
-		args = append(args, "--project-url", p.gitServer.LocalGitUrl(p.getKluctlProjectRepo()))
-	} else {
-		cwd = p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	}
-
-	if p.localClusters != nil {
-		args = append(args, "--local-clusters", *p.localClusters)
-	}
-	if p.localDeployment != nil {
-		args = append(args, "--local-deployment", *p.localDeployment)
-	}
-	if p.localSealedSecrets != nil {
-		args = append(args, "--local-sealed-secrets", *p.localSealedSecrets)
-	}
+	cwd := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 
 	args = append(args, "--debug")
 
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index a06c03156..14219dd66 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -204,7 +204,7 @@ func (s *SealedSecretsTestSuite) TestSeal_WithOperator() {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -239,7 +239,7 @@ func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	test_resources.ApplyYaml("sealed-secrets.yaml", k)
@@ -287,7 +287,7 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleVarSources() {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -328,7 +328,7 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleSecretSets() {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -380,7 +380,7 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleTargets() {
 	p.KluctlMust("seal", "-t", "test-target")
 	p.KluctlMust("seal", "-t", "test-target2")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
@@ -425,7 +425,7 @@ func (s *SealedSecretsTestSuite) TestSeal_File() {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -481,7 +481,7 @@ func (s *SealedSecretsTestSuite) TestSeal_Vault() {
 	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getSealedSecretsRepo())
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
 	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
index 12e7253e5..393836704 100644
--- a/pkg/kluctl_project/git.go
+++ b/pkg/kluctl_project/git.go
@@ -3,7 +3,6 @@ package kluctl_project
 import (
 	"fmt"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"sync"
 )
 
@@ -33,37 +32,13 @@ func (c *LoadedKluctlProject) updateGitCaches() error {
 
 		return nil
 	}
-	doUpdateExternalProject := func(p *types2.ExternalProject) error {
-		if p == nil || p.Project == nil {
-			return nil
-		}
-		return doUpdateGitProject(p.Project.Url)
-	}
-
-	err := doUpdateExternalProject(c.Config.Deployment)
-	if err != nil {
-		waitGroup.Wait()
-		return err
-	}
-	err = doUpdateExternalProject(c.Config.SealedSecrets)
-	if err != nil {
-		waitGroup.Wait()
-		return err
-	}
-	for _, ep := range c.Config.Clusters.Projects {
-		err = doUpdateExternalProject(&ep)
-		if err != nil {
-			waitGroup.Wait()
-			return err
-		}
-	}
 
 	for _, target := range c.Config.Targets {
 		if target.TargetConfig == nil || target.TargetConfig.Project == nil {
 			continue
 		}
 
-		err = doUpdateGitProject(target.TargetConfig.Project.Url)
+		err := doUpdateGitProject(target.TargetConfig.Project.Url)
 		if err != nil {
 			waitGroup.Wait()
 			return err
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index ebb5b2e26..0f89a9eb1 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -19,8 +19,6 @@ type LoadedKluctlProject struct {
 	projectRootDir string
 	ProjectDir     string
 
-	DeploymentDir    string
-	ClustersDir      string
 	sealedSecretsDir string
 
 	Config         types2.KluctlProject
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 738c3219c..29ea9e871 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -1,43 +1,25 @@
 package kluctl_project
 
 import (
-	"fmt"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io/ioutil"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api"
-	"os"
 	"path/filepath"
 )
 
 type LoadKluctlProjectArgs struct {
-	RepoRoot           string
-	ProjectDir         string
-	ProjectUrl         *git_url.GitUrl
-	ProjectRef         string
-	ProjectConfig      string
-	LocalClusters      string
-	LocalDeployment    string
-	LocalSealedSecrets string
+	RepoRoot      string
+	ProjectDir    string
+	ProjectConfig string
 
 	RP *repocache.GitRepoCache
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
 
-type gitProjectInfo struct {
-	url      git_url.GitUrl
-	ref      string
-	commit   string
-	repoRoot string
-	dir      string
-}
-
 func (c *LoadedKluctlProject) getConfigPath() string {
 	configPath := c.loadArgs.ProjectConfig
 	if configPath == "" {
@@ -49,91 +31,14 @@ func (c *LoadedKluctlProject) getConfigPath() string {
 	return configPath
 }
 
-func (c *LoadedKluctlProject) localProject(dir string) gitProjectInfo {
-	return gitProjectInfo{
-		dir: dir,
-	}
-}
-
-func (c *LoadedKluctlProject) loadGitProject(gitProject *types2.GitProject, defaultSubDir string) (ret gitProjectInfo, err error) {
-	ge, err := c.RP.GetEntry(gitProject.Url)
-	if err != nil {
-		return
-	}
-
-	cloneDir, ri, err := ge.GetClonedDir(gitProject.Ref)
-	if err != nil {
-		return
-	}
-
-	ret.url = gitProject.Url
-	ret.ref = ri.CheckedOutRef
-	ret.commit = ri.CheckedOutCommit
-	ret.repoRoot = cloneDir
-
-	subDir := gitProject.SubDir
-	if subDir == "" {
-		subDir = defaultSubDir
-	}
-	ret.dir = filepath.Join(ret.repoRoot, subDir)
-	err = utils.CheckInDir(ret.repoRoot, ret.dir)
-	if err != nil {
-		return
-	}
-
-	return
-}
-
-func (c *LoadedKluctlProject) loadExternalProject(ep *types2.ExternalProject, defaultGitSubDir string, localDir string) (gitProjectInfo, error) {
-	if localDir != "" {
-		return c.localProject(localDir), nil
-	}
-
-	if ep == nil {
-		// no ExternalProject provided, so we point into the kluctl project + defaultGitSubDir
-		p := filepath.Join(c.ProjectDir, defaultGitSubDir)
-		return c.localProject(p), nil
-	}
-
-	if ep.Project != nil {
-		status.Deprecation(c.ctx, "external-projects", "External projects are deprecated and support for them will be removed in the future. "+
-			"Use Git variable sources as replacement for cluster configs and Git includes as replacement for external deployment projects.")
-
-		// pointing to an actual external project, so let's try to clone it
-		return c.loadGitProject(ep.Project, defaultGitSubDir)
-	}
-
-	// ExternalProject was provided but without an external repo url, so point into the kluctl project.
-	// We also allow to leave the kluctl project dir but limit it to the git project
-
-	p := filepath.Join(c.ProjectDir, *ep.Path)
-	err := utils.CheckInDir(c.projectRootDir, p)
-	if err != nil {
-		return gitProjectInfo{}, fmt.Errorf("path '%s' is not inside git project root '%s': %w", p, c.projectRootDir, err)
-	}
-	return c.localProject(p), nil
-}
-
 func (c *LoadedKluctlProject) loadKluctlProject() error {
 	var err error
 
-	if c.loadArgs.ProjectUrl == nil {
-		c.projectRootDir = c.loadArgs.RepoRoot
-		c.ProjectDir = c.loadArgs.ProjectDir
-		err = utils.CheckInDir(c.projectRootDir, c.ProjectDir)
-		if err != nil {
-			return err
-		}
-	} else {
-		gi, err := c.loadGitProject(&types2.GitProject{
-			Url: *c.loadArgs.ProjectUrl,
-			Ref: c.loadArgs.ProjectRef,
-		}, "")
-		if err != nil {
-			return err
-		}
-		c.projectRootDir = gi.repoRoot
-		c.ProjectDir = gi.dir
+	c.projectRootDir = c.loadArgs.RepoRoot
+	c.ProjectDir = c.loadArgs.ProjectDir
+	err = utils.CheckInDir(c.projectRootDir, c.ProjectDir)
+	if err != nil {
+		return err
 	}
 
 	configPath := c.getConfigPath()
@@ -145,89 +50,17 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		}
 	}
 
-	err = c.updateGitCaches()
-	if err != nil {
-		return err
-	}
-
 	s := status.Start(c.ctx, "Loading kluctl project")
 	defer s.Failed()
 
-	if c.loadArgs.LocalClusters != "" {
-		status.Deprecation(c.ctx, "--local-clusters", "--local-clusters is deprecated and will be removed in an upcoming version. Use variables loaded from git instead.")
-	}
-	if c.loadArgs.LocalDeployment != "" {
-		status.Deprecation(c.ctx, "--local-deployment", "--local-deployment is deprecated and will be removed in an upcoming version. Use git includes instead.")
-	}
-	if c.loadArgs.LocalSealedSecrets != "" {
-		status.Deprecation(c.ctx, "--local-sealed-secrets", "--local-sealed-secrets is deprecated and will be removed in an upcoming version.")
-	}
-
-	deploymentInfo, err := c.loadExternalProject(c.Config.Deployment, "", c.loadArgs.LocalDeployment)
-	if err != nil {
-		return err
-	}
-	sealedSecretsInfo, err := c.loadExternalProject(c.Config.SealedSecrets, ".sealed-secrets", c.loadArgs.LocalSealedSecrets)
-	if err != nil {
-		return err
-	}
-	var clustersInfos []gitProjectInfo
-	if c.loadArgs.LocalClusters != "" {
-		clustersInfos = append(clustersInfos, c.localProject(c.loadArgs.LocalClusters))
-	} else if len(c.Config.Clusters.Projects) != 0 {
-		for _, ep := range c.Config.Clusters.Projects {
-			info, err := c.loadExternalProject(&ep, "clusters", "")
-			if err != nil {
-				return err
-			}
-			clustersInfos = append(clustersInfos, info)
-		}
-	} else {
-		ci, err := c.loadExternalProject(nil, "clusters", "")
-		if err != nil {
-			return err
-		}
-		clustersInfos = append(clustersInfos, ci)
-	}
-
-	mergedClustersDir := filepath.Join(c.TmpDir, "merged-clusters")
-	err = c.mergeClustersDirs(mergedClustersDir, clustersInfos)
+	err = c.updateGitCaches()
 	if err != nil {
 		return err
 	}
 
-	c.DeploymentDir = deploymentInfo.dir
-	c.ClustersDir = mergedClustersDir
-	c.sealedSecretsDir = sealedSecretsInfo.dir
+	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
 
 	s.Success()
 
 	return nil
 }
-
-func (c *LoadedKluctlProject) mergeClustersDirs(mergedClustersDir string, clustersInfos []gitProjectInfo) error {
-	err := os.MkdirAll(mergedClustersDir, 0o700)
-	if err != nil {
-		return err
-	}
-
-	for _, ci := range clustersInfos {
-		if !utils.IsDirectory(ci.dir) {
-			continue
-		}
-		files, err := ioutil.ReadDir(ci.dir)
-		if err != nil {
-			return err
-		}
-		for _, fi := range files {
-			p := filepath.Join(ci.dir, fi.Name())
-			if utils.IsFile(p) {
-				err = utils.CopyFile(p, filepath.Join(mergedClustersDir, fi.Name()))
-				if err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index b2c9ad978..3015d4345 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -26,8 +26,8 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, clusterName *string, offlineK8s bool, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
-	deploymentDir, err := filepath.Abs(p.DeploymentDir)
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, offlineK8s bool, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+	deploymentDir, err := filepath.Abs(p.ProjectDir)
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +43,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		images.PrependFixedImages(target.Images)
 	}
 
-	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, clusterName, offlineK8s, externalArgs, forSeal)
+	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, offlineK8s, externalArgs, forSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -104,32 +104,14 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *string, offlineK8s bool, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
+func (p *LoadedKluctlProject) buildVars(target *types.Target, offlineK8s bool, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
 	doError := func(err error) (*vars.VarsCtx, *rest.Config, string, error) {
 		return nil, nil, "", err
 	}
 
 	varsCtx := vars.NewVarsCtx(p.J2)
 
-	var contextName *string
-	if clusterName == nil && target != nil {
-		clusterName = target.Cluster
-		contextName = target.Context
-	}
-
-	if clusterName != nil {
-		clusterConfig, err := p.LoadClusterConfig(*clusterName)
-		if err != nil {
-			return doError(err)
-		}
-		err = varsCtx.UpdateChildFromStruct("cluster", clusterConfig.Cluster)
-		if err != nil {
-			return doError(err)
-		}
-		if contextName == nil {
-			contextName = &clusterConfig.Cluster.Context
-		}
-	}
+	contextName := target.Context
 
 	var err error
 	var clientConfig *rest.Config
@@ -173,7 +155,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, clusterName *strin
 		}
 	}
 
-	err = deployment.LoadDeploymentArgs(p.DeploymentDir, varsCtx, allArgs)
+	err = deployment.LoadDeploymentArgs(p.ProjectDir, varsCtx, allArgs)
 	if err != nil {
 		return doError(err)
 	}
@@ -197,7 +179,7 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 }
 
 func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
-	searchDirs := []string{p.DeploymentDir}
+	searchDirs := []string{p.ProjectDir}
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
 		secretEntry, err := p.findSecretsEntry(secretSetName)
@@ -216,17 +198,3 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 	}
 	return nil
 }
-
-func (p *LoadedKluctlProject) LoadClusterConfig(clusterName string) (*types.ClusterConfig, error) {
-	var err error
-	var clusterConfig *types.ClusterConfig
-
-	status.Deprecation(p.ctx, "cluster-config", "Cluster configurations have been deprecated and support for them will be removed in a future kluctl release.")
-
-	clusterConfig, err = types.LoadClusterConfig(p.ClustersDir, clusterName)
-	if err != nil {
-		return nil, err
-	}
-
-	return clusterConfig, nil
-}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 17f3f784c..3be7f1d60 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -87,16 +87,6 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 			return err
 		}
 
-		if target.Cluster != nil {
-			cc, err := c.LoadClusterConfig(*target.Cluster)
-			if err == nil {
-				err = varsCtx.UpdateChildFromStruct("cluster", cc.Cluster)
-				if err != nil {
-					return err
-				}
-			}
-		}
-
 		changed, err := varsCtx.RenderStruct(target)
 		if err == nil && !changed {
 			return nil
diff --git a/pkg/types/cluster_config.go b/pkg/types/cluster_config.go
deleted file mode 100644
index fe8ef11b2..000000000
--- a/pkg/types/cluster_config.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package types
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"path/filepath"
-)
-
-type ClusterConfig2 struct {
-	Name    string                 `yaml:"name" validate:"required"`
-	Context string                 `yaml:"context" validate:"required"`
-	Vars    *uo.UnstructuredObject `yaml:"vars,omitempty"`
-}
-
-type ClusterConfig struct {
-	Cluster *ClusterConfig2 `yaml:"cluster"`
-}
-
-// TODO remove custom unmarshaller when https://github.com/goccy/go-yaml/pull/220 gets released
-func (cc *ClusterConfig2) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	var u uo.UnstructuredObject
-	err := unmarshal(&u)
-	if err != nil {
-		return err
-	}
-
-	name, ok, err := u.GetNestedString("name")
-	if !ok {
-		return fmt.Errorf("name is missing (or not a string) in cluster config")
-	}
-	context, ok, err := u.GetNestedString("context")
-	if !ok {
-		return fmt.Errorf("context is missing (or not a string) in cluster config")
-	}
-
-	cc.Name = name
-	cc.Context = context
-
-	_ = u.RemoveNestedField("name")
-	_ = u.RemoveNestedField("context")
-
-	cc.Vars = &u
-	return nil
-}
-
-func (cc *ClusterConfig2) MarshalYAML() (interface{}, error) {
-	o := uo.FromMap(map[string]interface{}{
-		"name":    cc.Name,
-		"context": cc.Context,
-	})
-	o.Merge(cc.Vars)
-	return o, nil
-}
-
-func LoadClusterConfig(clusterDir string, clusterName string) (*ClusterConfig, error) {
-	if clusterName == "" {
-		return nil, fmt.Errorf("cluster name must be specified")
-	}
-
-	p := yaml.FixPathExt(filepath.Join(clusterDir, fmt.Sprintf("%s.yml", clusterName)))
-	if !utils.IsFile(p) {
-		return nil, fmt.Errorf("cluster config for %s not found", clusterName)
-	}
-
-	err := utils.CheckInDir(clusterDir, p)
-	if err != nil {
-		return nil, fmt.Errorf("cluster config for %s is not in cluster dir", clusterName)
-	}
-
-	var config ClusterConfig
-	err = yaml.ReadYamlFile(p, &config)
-	if err != nil {
-		return nil, err
-	}
-
-	if config.Cluster.Name != clusterName {
-		return nil, fmt.Errorf("cluster name in config (%s) does not match requested cluster name %s", config.Cluster.Name, clusterName)
-	}
-
-	return &config, nil
-}
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index efa7c6dc8..dd8c7bae6 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -43,21 +43,6 @@ func ValidateExternalProject(sl validator.StructLevel) {
 	}
 }
 
-type ExternalProjects struct {
-	Projects []ExternalProject
-}
-
-func (gp *ExternalProjects) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	singleProject := ExternalProject{}
-	if err := unmarshal(&singleProject); err == nil {
-		// it's a single project
-		gp.Projects = []ExternalProject{singleProject}
-		return nil
-	}
-	// try as array
-	return unmarshal(&gp.Projects)
-}
-
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
 	yaml.Validator.RegisterStructValidation(ValidateExternalProject, ExternalProject{})
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 3f7efdf59..9fddb42e8 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -30,7 +30,6 @@ type SealingConfig struct {
 
 type Target struct {
 	Name          string                 `yaml:"name" validate:"required"`
-	Cluster       *string                `yaml:"cluster,omitempty"`
 	Context       *string                `yaml:"context,omitempty"`
 	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
 	DynamicArgs   []DynamicArg           `yaml:"dynamicArgs,omitempty"`
@@ -71,11 +70,8 @@ type SecretsConfig struct {
 }
 
 type KluctlProject struct {
-	Deployment    *ExternalProject `yaml:"deployment,omitempty"`
-	SealedSecrets *ExternalProject `yaml:"sealedSecrets,omitempty"`
-	Clusters      ExternalProjects `yaml:"clusters,omitempty"`
-	Targets       []*Target        `yaml:"targets,omitempty"`
-	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
+	Targets       []*Target      `yaml:"targets,omitempty"`
+	SecretsConfig *SecretsConfig `yaml:"secretsConfig,omitempty"`
 }
 
 func init() {

From 0cb6433818d30f18602688fa15aa3cfe40a7af99 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 22:06:24 +0200
Subject: [PATCH 0413/2268] chore: Run go mod tidy

---
 go.sum | 60 ----------------------------------------------------------
 1 file changed, 60 deletions(-)

diff --git a/go.sum b/go.sum
index cc6a47da0..379bb254c 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,6 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895 h1:NsReiLpErIPzRrnogAXYwSoU7txA977LjDGrbkewJbg=
-github.com/ProtonMail/go-crypto v0.0.0-20220824120805-4b6e5c587895/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad h1:QeeqI2zxxgZVe11UrYFXXx6gVxPVF40ygekjBzEg4XY=
 github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -116,8 +114,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.105 h1:UUwoD1PRKIj3ltrDUYTDQj5fOTK3XsnqolLpRTMmSEM=
-github.com/aws/aws-sdk-go v1.44.105/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.116 h1:NpLIhcvLWXJZAEwvPj3TDHeqp7DleK6ZUVYyW01WNHY=
 github.com/aws/aws-sdk-go v1.44.116/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -125,8 +121,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.18.5 h1:PT/lxfgWnP8l8ybpvTsHuJltY4A35LI8if19Ww9FbcU=
-github.com/bitnami-labs/sealed-secrets v0.18.5/go.mod h1:nzCyKhzDRbNySRUZXR6tvui4s95LbuaNpBoGRvV9Nk8=
 github.com/bitnami-labs/sealed-secrets v0.19.1 h1:ZNLcVtTXRf7VkyNzyhe9omlwNYI0OHDteTbIHsQI7Ug=
 github.com/bitnami-labs/sealed-secrets v0.19.1/go.mod h1:5UcsiOdOoviJUtXY1GNSeFa8zezbBY+j9pQAA2RtKyw=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
@@ -140,7 +134,6 @@ github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -179,14 +172,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
-github.com/docker/cli v20.10.18+incompatible h1:f/GQLsVpo10VvToRay2IraVA1wHz9KktZyjev3SIVDU=
-github.com/docker/cli v20.10.18+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v20.10.19+incompatible h1:VKVBUb0KY/bx0FUCrCiNCL8wqgy8VxQli1dtNTn38AE=
 github.com/docker/cli v20.10.19+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.18+incompatible h1:SN84VYXTBNGn92T/QwIRPlum9zfemfitN7pbsp26WSc=
-github.com/docker/docker v20.10.18+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.19+incompatible h1:lzEmjivyNHFHMNAFLXORMBXyGIhw/UP4DvJwvyKYq64=
 github.com/docker/docker v20.10.19+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
@@ -233,8 +222,6 @@ github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKz
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
-github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -456,8 +443,6 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
-github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/api v1.8.1 h1:bMieWIe6dAlqAAPReZO/8zYtXaWUg/21umwqGZpEjCI=
 github.com/hashicorp/vault/api v1.8.1/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
@@ -632,8 +617,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
-github.com/ohler55/ojg v1.14.4 h1:L2ds8AlB5t/QbqSfhRwvagJzQ7pgmdrefMIypQs0Xik=
-github.com/ohler55/ojg v1.14.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/ohler55/ojg v1.14.5 h1:xCX2oyh/ZaoesbLH6fwVHStSJpk4o4eJs8ttXutzdg0=
 github.com/ohler55/ojg v1.14.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
@@ -644,8 +627,6 @@ github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
 github.com/onsi/gomega v1.20.2 h1:8uQq0zMgLEfa0vRrrBgaJF2gyW9Da9BmfGV+OyUzfkY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc1 h1:lfG+OTa7V8PD3PKvkocSG9KAcA9MANqJn53m31Fvwkc=
-github.com/opencontainers/image-spec v1.1.0-rc1/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
 github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -751,8 +732,6 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
-github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI=
 github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
@@ -824,8 +803,6 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20220926145019-14b050677505 h1:W0MibAL5BiEenQR+F/EF/a4HJhgLngHVvm6jbtUW0PM=
-go.starlark.net v0.0.0-20220926145019-14b050677505/go.mod h1:qsNirHv+Awo5xHuNyQ/0niov6kDxdBs+bqpVMBCW77k=
 go.starlark.net v0.0.0-20221010140840-6bf6f0955179 h1:Mc5MkF55Iasgq23vSYpL6/l7EJXtlNjzw+8hbMQ/ShY=
 go.starlark.net v0.0.0-20221010140840-6bf6f0955179/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
@@ -855,8 +832,6 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20221012134737-56aed061732a h1:NmSIgad6KjE6VvHciPZuNRTKxGhlPfD6OA87W/PLkqg=
 golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -957,8 +932,6 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 h1:lxqLZaMad/dJHMFZH0NiNpiEZI/nhgWhe4wgzpE+MuA=
-golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -972,8 +945,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
-golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 h1:cu5kTvlzcw1Q5S9f5ip1/cpiB4nXvw1XYzFPGgzLUOY=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1044,7 +1015,6 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1064,7 +1034,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
@@ -1209,8 +1178,6 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc h1:saaNe2+SBQxandnzcD/qB1JEBQ2Pqew+KlFLLdA/XcM=
-google.golang.org/genproto v0.0.0-20220923205249-dd2d53f1fffc/go.mod h1:yEEpwVWKMZZzo81NwRgyEJnA2fQvpXAYPVisv8EgDVs=
 google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a h1:GH6UPn3ixhWcKDhpnEC55S75cerLPdpp3hrhfKYjZgw=
 google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1235,8 +1202,6 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.49.0 h1:WTLtQzmQori5FUH25Pq4WT22oCsv8USpQ+F6rqtsmxw=
-google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1289,8 +1254,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI=
-helm.sh/helm/v3 v3.10.0/go.mod h1:paPw0hO5KVfrCMbi1M8+P8xdfBri3IiJiVKATZsFR94=
 helm.sh/helm/v3 v3.10.1 h1:uTnNlYx8QcTSNA4ZJ50Llwife4CSohUY4ehumyVf2QE=
 helm.sh/helm/v3 v3.10.1/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1300,51 +1263,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.2 h1:v6G8RyFcwf0HR5jQGIAYlvtRNrxMJQG1xJzaSeVnIS8=
-k8s.io/api v0.25.2/go.mod h1:qP1Rn4sCVFwx/xIhe+we2cwBLTXNcheRyYXwajonhy0=
 k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
 k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
-k8s.io/apiextensions-apiserver v0.25.2 h1:8uOQX17RE7XL02ngtnh3TgifY7EhekpK+/piwzQNnBo=
-k8s.io/apiextensions-apiserver v0.25.2/go.mod h1:iRwwRDlWPfaHhuBfQ0WMa5skdQfrE18QXJaJvIDLvE8=
 k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
 k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
-k8s.io/apimachinery v0.25.2 h1:WbxfAjCx+AeN8Ilp9joWnyJ6xu9OMeS/fsfjK/5zaQs=
-k8s.io/apimachinery v0.25.2/go.mod h1:hqqA1X0bsgsxI6dXsJ4HnNTBOmJNxyPp8dw3u2fSHwA=
 k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
 k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/apiserver v0.25.2 h1:YePimobk187IMIdnmsMxsfIbC5p4eX3WSOrS9x6FEYw=
-k8s.io/apiserver v0.25.2/go.mod h1:30r7xyQTREWCkG2uSjgjhQcKVvAAlqoD+YyrqR6Cn+I=
 k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
 k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
-k8s.io/cli-runtime v0.25.2 h1:XOx+SKRjBpYMLY/J292BHTkmyDffl/qOx3YSuFZkTuc=
-k8s.io/cli-runtime v0.25.2/go.mod h1:OQx3+/0st6x5YpkkJQlEWLC73V0wHsOFMC1/roxV8Oc=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
 k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
-k8s.io/client-go v0.25.2 h1:SUPp9p5CwM0yXGQrwYurw9LWz+YtMwhWd0GqOsSiefo=
-k8s.io/client-go v0.25.2/go.mod h1:i7cNU7N+yGQmJkewcRD2+Vuj4iz7b30kI8OcL3horQ4=
 k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
 k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
-k8s.io/component-base v0.25.2 h1:Nve/ZyHLUBHz1rqwkjXm/Re6IniNa5k7KgzxZpTfSQY=
-k8s.io/component-base v0.25.2/go.mod h1:90W21YMr+Yjg7MX+DohmZLzjsBtaxQDDwaX4YxDkl60=
 k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
 k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea h1:3QOH5+2fGsY8e1qf+GIFpg+zw/JGNrgyZRQR7/m6uWg=
-k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/kubectl v0.25.2 h1:2993lTeVimxKSWx/7z2PiJxUILygRa3tmC4QhFaeioA=
-k8s.io/kubectl v0.25.2/go.mod h1:eoBGJtKUj7x38KXelz+dqVtbtbKwCqyKzJWmBHU0prg=
 k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
 k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
-k8s.io/utils v0.0.0-20220922133306-665eaaec4324 h1:i+xdFemcSNuJvIfBlaYuXgRondKxK4z4prVPKzEaelI=
-k8s.io/utils v0.0.0-20220922133306-665eaaec4324/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 h1:cTdVh7LYu82xeClmfzGtgyspNh6UxpwLWGi8R4sspNo=
 k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
-oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
 oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 5c2cb4fa9505d450b682ee34a3cba7918bfa4670 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 22:18:33 +0200
Subject: [PATCH 0414/2268] refactor: Remove some unused code

---
 e2e/utils_resources.go | 21 ---------------------
 pkg/utils/debugger.go  | 26 --------------------------
 2 files changed, 47 deletions(-)
 delete mode 100644 pkg/utils/debugger.go

diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 38ebbde01..4bf65af62 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -1,10 +1,8 @@
 package e2e
 
 import (
-	"bytes"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"text/template"
 )
 
 type resourceOpts struct {
@@ -30,25 +28,6 @@ func mergeMetadata(o *uo.UnstructuredObject, opts resourceOpts) {
 	}
 }
 
-func renderTemplateHelper(tmpl string, m map[string]interface{}) string {
-	t := template.Must(template.New("").Parse(tmpl))
-	r := bytes.NewBuffer(nil)
-	err := t.Execute(r, m)
-	if err != nil {
-		panic(err)
-	}
-	return r.String()
-}
-
-func renderTemplateObjectHelper(tmpl string, m map[string]interface{}) []*uo.UnstructuredObject {
-	s := renderTemplateHelper(tmpl, m)
-	ret, err := uo.FromStringMulti(s)
-	if err != nil {
-		panic(err)
-	}
-	return ret
-}
-
 func addConfigMapDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
 	o := uo.New()
 	o.SetK8sGVKs("", "v1", "ConfigMap")
diff --git a/pkg/utils/debugger.go b/pkg/utils/debugger.go
deleted file mode 100644
index d16910726..000000000
--- a/pkg/utils/debugger.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package utils
-
-import (
-	"os"
-
-	"github.com/mitchellh/go-ps"
-)
-
-func IsLaunchedByDebugger() bool {
-	pid := os.Getppid()
-
-	// We loop in case there were intermediary processes like the gopls language server.
-	for pid != 0 {
-		switch p, err := ps.FindProcess(pid); {
-		case p == nil:
-			return false
-		case err != nil:
-			return false
-		case p.Executable() == "dlv":
-			return true
-		default:
-			pid = p.PPid()
-		}
-	}
-	return false
-}

From 96e1a086fa86380d6ee95cca4cbc8817a2483b4e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 22:19:23 +0200
Subject: [PATCH 0415/2268] refactor: Stop using deprecated ioutil funcs

---
 cmd/kluctl/commands/utils.go      |  7 +++----
 internal/test-utils/git_server.go |  3 +--
 pkg/deployment/deployment_item.go |  5 ++---
 pkg/deployment/helm_chart.go      |  3 +--
 pkg/git/auth/env_auth_provider.go |  6 +++---
 pkg/git/auth/ssh_auth_provider.go |  7 +++----
 pkg/git/mirrored_repo.go          | 11 +++++------
 pkg/git/poor_mans_clone.go        |  3 +--
 pkg/git/repocache/cache.go        |  3 +--
 pkg/registries/registries.go      | 10 +++++-----
 pkg/seal/fetch_cert.go            |  4 ++--
 pkg/vars/vars_loader.go           |  3 +--
 pkg/vars/vars_loader_http.go      |  3 +--
 pkg/vars/vars_loader_test.go      | 18 +++++++++---------
 14 files changed, 38 insertions(+), 48 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 84b5f9162..0b3fe41d8 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -16,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io/ioutil"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -24,7 +23,7 @@ import (
 )
 
 func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	tmpDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "project-")
+	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
 	}
@@ -73,7 +72,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		if err != nil {
 			return err
 		}
-		err = ioutil.WriteFile(projectFlags.OutputMetadata, b, 0o640)
+		err = os.WriteFile(projectFlags.OutputMetadata, b, 0o640)
 		if err != nil {
 			return err
 		}
@@ -146,7 +145,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
-		tmpDir, err := ioutil.TempDir(p.TmpDir, "rendered")
+		tmpDir, err := os.MkdirTemp(p.TmpDir, "rendered")
 		if err != nil {
 			return err
 		}
diff --git a/internal/test-utils/git_server.go b/internal/test-utils/git_server.go
index 29727fdeb..45a969474 100644
--- a/internal/test-utils/git_server.go
+++ b/internal/test-utils/git_server.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@@ -33,7 +32,7 @@ func NewGitServer(t *testing.T) *GitServer {
 		t: t,
 	}
 
-	baseDir, err := ioutil.TempDir(os.TempDir(), "kluctl-tests-")
+	baseDir, err := os.MkdirTemp(os.TempDir(), "kluctl-tests-")
 	if err != nil {
 		p.t.Fatal(err)
 	}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 588a08fca..7f944e92f 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -9,7 +9,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
-	"io/ioutil"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
@@ -307,11 +306,11 @@ func (di *DeploymentItem) resolveSealedSecrets() error {
 		if !utils.IsFile(sourcePath) {
 			return fmt.Errorf("%s. %s not found. You might need to seal it first", baseError, sourcePath)
 		}
-		b, err := ioutil.ReadFile(sourcePath)
+		b, err := os.ReadFile(sourcePath)
 		if err != nil {
 			return fmt.Errorf("failed to read source secret file %s: %w", sourcePath, err)
 		}
-		err = ioutil.WriteFile(targetPath, b, 0o600)
+		err = os.WriteFile(targetPath, b, 0o600)
 		if err != nil {
 			return fmt.Errorf("failed to write target secret file %s: %w", targetPath, err)
 		}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 2d930c4b0..b7930f0f8 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -22,7 +22,6 @@ import (
 	"helm.sh/helm/v3/pkg/registry"
 	"helm.sh/helm/v3/pkg/release"
 	"helm.sh/helm/v3/pkg/repo"
-	"io/ioutil"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
@@ -339,7 +338,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 		return err
 	}
 
-	err = ioutil.WriteFile(outputPath, rendered, 0o600)
+	err = os.WriteFile(outputPath, rendered, 0o600)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 2c1483811..7f692b661 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -5,7 +5,7 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/ioutil"
+	"os"
 )
 
 type GitEnvAuthProvider struct {
@@ -31,7 +31,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 
 		if ssh_key_path != "" {
 			ssh_key_path = utils.ExpandPath(ssh_key_path)
-			b, err := ioutil.ReadFile(ssh_key_path)
+			b, err := os.ReadFile(ssh_key_path)
 			if err != nil {
 				status.Trace(ctx, "GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err)
 			} else {
@@ -41,7 +41,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 		ca_bundle_path := m["CA_BUNDLE"]
 		if ca_bundle_path != "" {
 			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
-			b, err := ioutil.ReadFile(ca_bundle_path)
+			b, err := os.ReadFile(ca_bundle_path)
 			if err != nil {
 				status.Trace(ctx, "GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err)
 			} else {
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 9c347192b..c1be1b032 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -12,7 +12,6 @@ import (
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -176,7 +175,7 @@ func (k *deferredPassphraseKey) parse() {
 		return
 	}
 
-	pemBytes, err := ioutil.ReadFile(k.path)
+	pemBytes, err := os.ReadFile(k.path)
 	if err != nil {
 		k.err = err
 		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
@@ -213,7 +212,7 @@ func (k *dummyPublicKey) Verify(data []byte, sig *ssh.Signature) error {
 }
 
 func (k *deferredPassphraseKey) Hash() ([]byte, error) {
-	pemBytes, err := ioutil.ReadFile(k.path)
+	pemBytes, err := os.ReadFile(k.path)
 	if err != nil {
 		return nil, err
 	}
@@ -252,7 +251,7 @@ func (k *deferredPassphraseKey) Sign(rand io.Reader, data []byte) (*ssh.Signatur
 }
 
 func (a *GitSshAuthProvider) readKey(ctx context.Context, path string) (ssh.Signer, error) {
-	pemBytes, err := ioutil.ReadFile(path)
+	pemBytes, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
 	} else {
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 00eb928c6..c3a08ff7d 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -14,7 +14,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -120,7 +119,7 @@ func (g *MirroredGitRepo) IsLocked() bool {
 }
 
 func (g *MirroredGitRepo) LastUpdateTime() time.Time {
-	s, err := ioutil.ReadFile(filepath.Join(g.mirrorDir, ".update-time"))
+	s, err := os.ReadFile(filepath.Join(g.mirrorDir, ".update-time"))
 	if err != nil {
 		return time.Time{}
 	}
@@ -183,7 +182,7 @@ func (g *MirroredGitRepo) buildRepositoryObject() (*git.Repository, error) {
 
 func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	if utils.IsDirectory(g.mirrorDir) {
-		files, err := ioutil.ReadDir(g.mirrorDir)
+		files, err := os.ReadDir(g.mirrorDir)
 		if err != nil {
 			return err
 		}
@@ -280,7 +279,7 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error
 		}
 	}
 
-	_ = ioutil.WriteFile(filepath.Join(g.mirrorDir, ".update-time"), []byte(time.Now().Format(time.RFC3339Nano)), 0644)
+	_ = os.WriteFile(filepath.Join(g.mirrorDir, ".update-time"), []byte(time.Now().Format(time.RFC3339Nano)), 0644)
 
 	return nil
 }
@@ -295,7 +294,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 		return err
 	}
 
-	tmpMirrorDir, err := ioutil.TempDir(utils.GetTmpBaseDir(), "mirror-")
+	tmpMirrorDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "mirror-")
 	if err != nil {
 		return err
 	}
@@ -320,7 +319,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 		return err
 	}
 
-	files, err := ioutil.ReadDir(tmpMirrorDir)
+	files, err := os.ReadDir(tmpMirrorDir)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index d5216cb49..f5f306924 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -4,7 +4,6 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -63,7 +62,7 @@ func PoorMansClone(sourceDir string, targetDir string, coOptions *git.CheckoutOp
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(filepath.Join(targetDir, ".git", "config"), b, 0o600)
+	err = os.WriteFile(filepath.Join(targetDir, ".git", "config"), b, 0o600)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 76b4aa813..0f9dfcb90 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -9,7 +9,6 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -198,7 +197,7 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	}
 	repoName = strings.ReplaceAll(repoName, "/", "-")
 
-	p, err := ioutil.TempDir(tmpDir, repoName)
+	p, err := os.MkdirTemp(tmpDir, repoName)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index f51f99913..731f3cf27 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -15,7 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -180,7 +180,7 @@ func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
 		ca_bundle_path := m["CA_BUNDLE"]
 		if ca_bundle_path != "" {
 			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
-			b, err := ioutil.ReadFile(ca_bundle_path)
+			b, err := os.ReadFile(ca_bundle_path)
 			if err != nil {
 				return fmt.Errorf("failed to read ca bundle %s: %w", ca_bundle_path, err)
 			} else {
@@ -319,7 +319,7 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 		return nil
 	}
 
-	b, err := ioutil.ReadFile(cachePath)
+	b, err := os.ReadFile(cachePath)
 	if err != nil {
 		return nil
 	}
@@ -327,7 +327,7 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 	res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(b)), nil)
 
 	if strings.HasPrefix(res.Header.Get("Content-Type"), "application/json") {
-		jb, err := ioutil.ReadAll(res.Body)
+		jb, err := io.ReadAll(res.Body)
 		if err != nil {
 			return nil
 		}
@@ -349,7 +349,7 @@ func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
 		}
 	}
 
-	err := ioutil.WriteFile(cachePath+".tmp", data, 0o600)
+	err := os.WriteFile(cachePath+".tmp", data, 0o600)
 	if err != nil {
 		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
index 5c1c28963..6916a1845 100644
--- a/pkg/seal/fetch_cert.go
+++ b/pkg/seal/fetch_cert.go
@@ -10,7 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"io/ioutil"
+	"io"
 	v12 "k8s.io/api/core/v1"
 	"k8s.io/client-go/util/cert"
 )
@@ -68,7 +68,7 @@ func openCertFromController(k *k8s.K8sCluster, namespace, name string) ([]byte,
 	}
 	defer r.Close()
 
-	cert, err := ioutil.ReadAll(r)
+	cert, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 84986f0a1..6a1953644 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -16,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io/ioutil"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 )
@@ -185,7 +184,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 		return err
 	}
 
-	f, err := ioutil.ReadFile(path)
+	f, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 379e1730e..2f70cd260 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -10,7 +10,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 )
@@ -53,7 +52,7 @@ func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, p
 	}
 	defer resp.Body.Close()
 
-	respBody, err := ioutil.ReadAll(resp.Body)
+	respBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, "", err
 	}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 6cac07687..95c8ca022 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -15,7 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/stretchr/testify/assert"
-	"io/ioutil"
+	"io"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -28,7 +28,7 @@ import (
 )
 
 func newTestDir(t *testing.T) string {
-	tmp, err := ioutil.TempDir("", "")
+	tmp, err := os.MkdirTemp("", "")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -74,7 +74,7 @@ func TestVarsLoader_Values(t *testing.T) {
 
 func TestVarsLoader_File(t *testing.T) {
 	d := newTestDir(t)
-	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(vc, &types.VarsSource{
@@ -89,8 +89,8 @@ func TestVarsLoader_File(t *testing.T) {
 
 func TestVarsLoader_FileWithLoad(t *testing.T) {
 	d := newTestDir(t)
-	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
-	_ = ioutil.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(vc, &types.VarsSource{
@@ -106,8 +106,8 @@ func TestVarsLoader_FileWithLoad(t *testing.T) {
 func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
 	d := newTestDir(t)
 	_ = os.Mkdir(filepath.Join(d, "subdir"), 0o700)
-	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
-	_ = ioutil.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(vc, &types.VarsSource{
@@ -122,7 +122,7 @@ func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
 
 func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 	d := newTestDir(t)
-	_ = ioutil.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
+	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(vc, &types.VarsSource{
@@ -385,7 +385,7 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 			w.WriteHeader(542)
 			return
 		}
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		if string(body) != "body" {
 			w.WriteHeader(543)
 			return

From a4d30666a09d2ccfa81c05303f99bdec7ef05664 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 22:19:37 +0200
Subject: [PATCH 0416/2268] refactor: Remove unused WithPriority

---
 pkg/status/status.go | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/pkg/status/status.go b/pkg/status/status.go
index 8c8f158c3..5c8675bdd 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -14,11 +14,10 @@ type StatusContext struct {
 	finished bool
 	failed   bool
 
-	prefix        string
-	startMessage  string
-	startPriority int
-	startTotal    int
-	disableLogs   bool
+	prefix       string
+	startMessage string
+	startTotal   int
+	disableLogs  bool
 }
 
 type EndResult int
@@ -101,12 +100,6 @@ func WithStatus(message string, args ...any) Option {
 	}
 }
 
-func WithPriority(p int) Option {
-	return func(s *StatusContext) {
-		s.startPriority = p
-	}
-}
-
 func WithTotal(t int) Option {
 	return func(s *StatusContext) {
 		s.startTotal = t

From b34c45e0f69eb83f114ce4c62fffa5135601887f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Oct 2022 22:25:13 +0200
Subject: [PATCH 0417/2268] fix: Fix mixed value and pointer receivers

---
 pkg/git/git-url/url.go | 2 +-
 pkg/types/url.go       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/git/git-url/url.go b/pkg/git/git-url/url.go
index 452df12ee..ff3ae35bd 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/git/git-url/url.go
@@ -33,7 +33,7 @@ func (u *GitUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u GitUrl) MarshalYAML() (interface{}, error) {
+func (u *GitUrl) MarshalYAML() (interface{}, error) {
 	return u.String(), nil
 }
 
diff --git a/pkg/types/url.go b/pkg/types/url.go
index 703f8dfba..400328b3a 100644
--- a/pkg/types/url.go
+++ b/pkg/types/url.go
@@ -22,6 +22,6 @@ func (u *YamlUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u YamlUrl) MarshalYAML() (interface{}, error) {
+func (u *YamlUrl) MarshalYAML() (interface{}, error) {
 	return u.String(), nil
 }

From 73ec171bc0138a2821d217bbfbbcb1ff446595c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 08:51:13 +0200
Subject: [PATCH 0418/2268] feat: Remove --output-metadata flag

---
 cmd/kluctl/args/project.go    |  3 +--
 cmd/kluctl/commands/utils.go  | 12 ------------
 pkg/kluctl_project/project.go |  7 -------
 pkg/types/metadata.go         |  5 -----
 4 files changed, 1 insertion(+), 26 deletions(-)
 delete mode 100644 pkg/types/metadata.go

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index d142ece1a..a5a29038e 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -3,8 +3,7 @@ package args
 import "time"
 
 type ProjectFlags struct {
-	ProjectConfig  existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
-	OutputMetadata string           `group:"project" help:"Specify the output path for the project metadata to be written to."`
+	ProjectConfig existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0b3fe41d8..209052620 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -15,7 +15,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -66,17 +65,6 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		return err
 	}
 
-	if projectFlags.OutputMetadata != "" {
-		md := p.GetMetadata()
-		b, err := yaml.WriteYamlBytes(md)
-		if err != nil {
-			return err
-		}
-		err = os.WriteFile(projectFlags.OutputMetadata, b, 0o640)
-		if err != nil {
-			return err
-		}
-	}
 	return cb(ctx, p)
 }
 
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0f89a9eb1..29d27077f 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -28,13 +28,6 @@ type LoadedKluctlProject struct {
 	RP *repocache.GitRepoCache
 }
 
-func (c *LoadedKluctlProject) GetMetadata() *types2.ProjectMetadata {
-	md := &types2.ProjectMetadata{
-		Targets: c.DynamicTargets,
-	}
-	return md
-}
-
 func (c *LoadedKluctlProject) FindBaseTarget(name string) (*types2.Target, error) {
 	for _, target := range c.Config.Targets {
 		if target.Name == name {
diff --git a/pkg/types/metadata.go b/pkg/types/metadata.go
deleted file mode 100644
index f734de0ad..000000000
--- a/pkg/types/metadata.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package types
-
-type ProjectMetadata struct {
-	Targets []*DynamicTarget `yaml:"targets"`
-}

From f464d4999bb42eed2aec9dba91492a8a493cba13 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 11:50:00 +0200
Subject: [PATCH 0419/2268] Revert "fix: Fix mixed value and pointer receivers"

This reverts commit b34c45e0f69eb83f114ce4c62fffa5135601887f.
---
 pkg/git/git-url/url.go | 2 +-
 pkg/types/url.go       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/git/git-url/url.go b/pkg/git/git-url/url.go
index ff3ae35bd..452df12ee 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/git/git-url/url.go
@@ -33,7 +33,7 @@ func (u *GitUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u *GitUrl) MarshalYAML() (interface{}, error) {
+func (u GitUrl) MarshalYAML() (interface{}, error) {
 	return u.String(), nil
 }
 
diff --git a/pkg/types/url.go b/pkg/types/url.go
index 400328b3a..703f8dfba 100644
--- a/pkg/types/url.go
+++ b/pkg/types/url.go
@@ -22,6 +22,6 @@ func (u *YamlUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u *YamlUrl) MarshalYAML() (interface{}, error) {
+func (u YamlUrl) MarshalYAML() (interface{}, error) {
 	return u.String(), nil
 }

From 6a8160b488e5276514481d4167557335b5e6c32d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 12:04:34 +0200
Subject: [PATCH 0420/2268] refactor: Stop using GetGitTree and instead do a
 plain clone again

Speed improvement was not worth it and it made implementing overrides harder.
---
 pkg/git/repocache/cache.go         | 23 -------------
 pkg/kluctl_project/targets.go      | 53 ++++--------------------------
 pkg/kluctl_project/targets_test.go | 42 +----------------------
 3 files changed, 7 insertions(+), 111 deletions(-)

diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 0f9dfcb90..e7f6dd11b 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -3,7 +3,6 @@ package repocache
 import (
 	"context"
 	"fmt"
-	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -224,25 +223,3 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	}
 	return p, repoInfo, nil
 }
-
-func (e *CacheEntry) GetGitTree(ref string) (*object.Tree, error) {
-	e.updateMutex.Lock()
-	defer e.updateMutex.Unlock()
-
-	err := e.mr.Lock()
-	if err != nil {
-		return nil, err
-	}
-	defer e.mr.Unlock()
-
-	if ref == "" {
-		ref = e.defaultRef
-	}
-
-	_, commit, err := e.findCommit(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	return e.mr.GetGitTreeByCommit(commit)
-}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 3be7f1d60..0600dae27 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -3,14 +3,12 @@ package kluctl_project
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io"
 	"os"
 	"regexp"
 	"sort"
@@ -20,7 +18,6 @@ import (
 type dynamicTargetInfo struct {
 	baseTarget    *types.Target
 	dir           string
-	gitTree       *object.Tree
 	gitProject    *types.GitProject
 	ref           *string
 	refPattern    *string
@@ -169,11 +166,14 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 			return nil, err
 		}
 
-		gitTree, err := ge.GetGitTree(refShortName)
+		dir, _, err := ge.GetClonedDir(refShortName)
+		if err != nil {
+			return nil, err
+		}
 
 		dynamicTargets = append(dynamicTargets, &dynamicTargetInfo{
 			baseTarget:    baseTarget,
-			gitTree:       gitTree,
+			dir:           dir,
 			gitProject:    baseTarget.TargetConfig.Project,
 			ref:           &refShortName,
 			refPattern:    refPattern,
@@ -208,40 +208,7 @@ func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string,
 	}
 }
 
-func (c *LoadedKluctlProject) loadTargetConfigFileFromGit(targetInfo *dynamicTargetInfo) ([]byte, error) {
-	existsFunc := func(path string) bool {
-		e, err := targetInfo.gitTree.FindEntry(path)
-		if e == nil || err != nil {
-			return false
-		}
-		return true
-	}
-
-	var configFile string
-
-	if targetInfo.baseTarget.TargetConfig.File != nil {
-		configFile = *targetInfo.baseTarget.TargetConfig.File
-	} else {
-		configFile = "target-config.yml"
-		if !existsFunc(configFile) {
-			configFile = "target-config.yaml"
-		}
-	}
-
-	f, err := targetInfo.gitTree.File(configFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load target config: %w", err)
-	}
-	r, err := f.Reader()
-	if err != nil {
-		return nil, fmt.Errorf("failed to load target config: %w", err)
-	}
-	defer r.Close()
-
-	return io.ReadAll(r)
-}
-
-func (c *LoadedKluctlProject) loadTargetConfigFileFromLocal(targetInfo *dynamicTargetInfo) ([]byte, error) {
+func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
 	configFile := yaml.FixNameExt(targetInfo.dir, "target-config.yml")
 	if targetInfo.baseTarget.TargetConfig.File != nil {
 		configFile = *targetInfo.baseTarget.TargetConfig.File
@@ -257,14 +224,6 @@ func (c *LoadedKluctlProject) loadTargetConfigFileFromLocal(targetInfo *dynamicT
 	return os.ReadFile(configPath)
 }
 
-func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
-	if targetInfo.gitTree != nil {
-		return c.loadTargetConfigFileFromGit(targetInfo)
-	} else {
-		return c.loadTargetConfigFileFromLocal(targetInfo)
-	}
-}
-
 func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
 	var target types.Target
 	err := utils.DeepCopy(&target, targetInfo.baseTarget)
diff --git a/pkg/kluctl_project/targets_test.go b/pkg/kluctl_project/targets_test.go
index 628a69d4b..8f1cf30b1 100644
--- a/pkg/kluctl_project/targets_test.go
+++ b/pkg/kluctl_project/targets_test.go
@@ -1,17 +1,14 @@
 package kluctl_project
 
 import (
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
 	"testing"
-	"time"
 )
 
-func TestLoadTargetConfigFileFromLocal(t *testing.T) {
+func TestLoadTargetConfigFile(t *testing.T) {
 	c := LoadedKluctlProject{}
 	ti := &dynamicTargetInfo{
 		baseTarget: &types.Target{
@@ -27,40 +24,3 @@ func TestLoadTargetConfigFileFromLocal(t *testing.T) {
 
 	assert.Equal(t, []byte("test"), data)
 }
-
-func TestLoadTargetConfigFileFromGit(t *testing.T) {
-	dir := t.TempDir()
-	r, err := git.PlainInit(dir, false)
-	assert.NoError(t, err)
-
-	wt, err := r.Worktree()
-	assert.NoError(t, err)
-
-	err = os.WriteFile(filepath.Join(dir, "target-config.yml"), []byte("test"), 0600)
-	assert.NoError(t, err)
-
-	_, err = wt.Add("target-config.yml")
-	assert.NoError(t, err)
-
-	h, err := wt.Commit("test", &git.CommitOptions{Author: &object.Signature{Name: "test", Email: "test@test.com", When: time.Now()}})
-	assert.NoError(t, err)
-
-	commit, err := object.GetCommit(r.Storer, h)
-	assert.NoError(t, err)
-
-	gitTree, err := commit.Tree()
-	assert.NoError(t, err)
-
-	c := LoadedKluctlProject{}
-	ti := &dynamicTargetInfo{
-		baseTarget: &types.Target{
-			TargetConfig: &types.ExternalTargetConfig{},
-		},
-		gitTree: gitTree,
-	}
-
-	data, err := c.loadTargetConfigFile(ti)
-	assert.NoError(t, err)
-
-	assert.Equal(t, []byte("test"), data)
-}

From 530b0268b6aaf6c70009c9af66a02192eb383c96 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 12:05:55 +0200
Subject: [PATCH 0421/2268] chore: Implement status.WarningOnce

---
 pkg/status/status.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/status/status.go b/pkg/status/status.go
index 5c8675bdd..50dedcdd2 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -58,8 +58,9 @@ type StatusHandler interface {
 
 type contextKey struct{}
 type contextValue struct {
-	slh         StatusHandler
-	deprecation utils.OnceByKey
+	slh             StatusHandler
+	warningOnce     utils.OnceByKey
+	deprecationOnce utils.OnceByKey
 }
 
 var noopContextValue = contextValue{
@@ -240,6 +241,13 @@ func Warning(ctx context.Context, status string, args ...any) {
 	slh.Warning(fmt.Sprintf(status, args...))
 }
 
+func WarningOnce(ctx context.Context, key string, status string, args ...any) {
+	cv := getContextValue(ctx)
+	cv.deprecationOnce.Do(key, func() {
+		Warning(ctx, status, args...)
+	})
+}
+
 func Trace(ctx context.Context, status string, args ...any) {
 	slh := FromContext(ctx)
 	slh.Trace(fmt.Sprintf(status, args...))
@@ -262,7 +270,7 @@ func Prompt(ctx context.Context, password bool, message string, args ...any) (st
 
 func Deprecation(ctx context.Context, key string, message string) {
 	cv := getContextValue(ctx)
-	cv.deprecation.Do(key, func() {
+	cv.deprecationOnce.Do(key, func() {
 		cv.slh.Warning(message)
 	})
 }

From ccade82cd5e48386f79296f1bc3f8b8ec92f4a06 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 12:06:26 +0200
Subject: [PATCH 0422/2268] feat: Implement --local-git-override to allow local
 testing of external git repos

---
 cmd/kluctl/args/project.go   |  1 +
 cmd/kluctl/commands/utils.go | 37 ++++++++++++++++++++++++++++++-
 pkg/git/repocache/cache.go   | 43 +++++++++++++++++++++++++++++++-----
 pkg/vars/vars_loader_test.go |  2 +-
 4 files changed, 75 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index a5a29038e..8b49faa53 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -7,6 +7,7 @@ type ProjectFlags struct {
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
+	LocalGitOverride       []string      `group:"project" help:"Specify a local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them. To only override a single branch of the repo, use 'github.com:my-org/my-repo:my-branch=/local/path/to/override'"`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 209052620..7a49bf371 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
@@ -19,6 +20,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
+	"strings"
 )
 
 func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
@@ -49,7 +51,16 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 
 	sshPool := &ssh_pool.SshPool{}
 
-	rp := repocache.NewGitRepoCache(ctx, sshPool, auth.NewDefaultAuthProviders(), projectFlags.GitCacheUpdateInterval)
+	var repoOverrides []repocache.RepoOverride
+	for _, x := range projectFlags.LocalGitOverride {
+		ro, err := parseRepoOverride(x)
+		if err != nil {
+			return err
+		}
+		repoOverrides = append(repoOverrides, ro)
+	}
+
+	rp := repocache.NewGitRepoCache(ctx, sshPool, auth.NewDefaultAuthProviders(), repoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
@@ -192,3 +203,27 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 		return restConfig, &rawConfig, nil
 	}
 }
+
+func parseRepoOverride(s string) (ret repocache.RepoOverride, err error) {
+	sp := strings.SplitN(s, "=", 2)
+	if len(sp) != 2 {
+		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s", s)
+	}
+
+	sp2 := strings.Split(sp[0], ":")
+	if len(sp2) < 2 || len(sp2) > 3 {
+		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s", s)
+	}
+
+	u, err := git_url.Parse(fmt.Sprintf("%s:%s", sp2[0], sp2[1]))
+	if err != nil {
+		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s: %w", s, err)
+	}
+
+	ret.RepoKey = u.NormalizedRepoKey()
+	if len(sp2) == 3 {
+		ret.Ref = sp2[2]
+	}
+	ret.Override = sp[1]
+	return
+}
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index e7f6dd11b..59e89ef6f 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path"
@@ -21,8 +22,11 @@ type GitRepoCache struct {
 	authProviders  *auth.GitAuthProviders
 	sshPool        *ssh_pool.SshPool
 	updateInterval time.Duration
-	repos          map[string]*CacheEntry
-	reposMutex     sync.Mutex
+
+	repos      map[string]*CacheEntry
+	reposMutex sync.Mutex
+
+	repoOverrides []RepoOverride
 
 	cleanupDirs       []string
 	cleeanupDirsMutex sync.Mutex
@@ -44,18 +48,25 @@ type RepoInfo struct {
 	DefaultRef string            `yaml:"defaultRef"`
 }
 
+type RepoOverride struct {
+	RepoKey  string
+	Ref      string
+	Override string
+}
+
 type clonedDir struct {
 	dir  string
 	info git.CheckoutInfo
 }
 
-func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, updateInterval time.Duration) *GitRepoCache {
+func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, repoOverrides []RepoOverride, updateInterval time.Duration) *GitRepoCache {
 	return &GitRepoCache{
 		ctx:            ctx,
 		sshPool:        sshPool,
 		authProviders:  authProviders,
 		updateInterval: updateInterval,
 		repos:          map[string]*CacheEntry{},
+		repoOverrides:  repoOverrides,
 	}
 }
 
@@ -205,9 +216,29 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	e.rp.cleanupDirs = append(e.rp.cleanupDirs, p)
 	e.rp.cleeanupDirsMutex.Unlock()
 
-	err = e.mr.CloneProjectByCommit(commit, p)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
+	var foundRo *RepoOverride
+	for _, ro := range e.rp.repoOverrides {
+		u := e.mr.Url()
+		if ro.RepoKey == u.NormalizedRepoKey() {
+			if ro.Ref == "" || strings.HasSuffix(ref2, "/"+ro.Ref) {
+				foundRo = &ro
+				break
+			}
+		}
+	}
+
+	if foundRo != nil {
+		u := e.mr.Url()
+		status.WarningOnce(e.rp.ctx, fmt.Sprintf("git-override-%s|%s", foundRo.RepoKey, foundRo.Ref), "Overriding git repo %s with local directory %s", u.String(), foundRo.Override)
+		err = utils.CopyDir(foundRo.Override, p)
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
+	} else {
+		err = e.mr.CloneProjectByCommit(commit, p)
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
 	}
 
 	repoInfo, err := git.GetCheckoutInfo(p)
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 95c8ca022..872b6a6c3 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -39,7 +39,7 @@ func newTestDir(t *testing.T) string {
 }
 
 func newRP(t *testing.T) *repocache.GitRepoCache {
-	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(), 0)
+	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(), nil, 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 2733b1b825e7dfbdf7c4b766ff7e97b542506e5e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 13:36:27 +0200
Subject: [PATCH 0423/2268] feat: Remove deprecated "sources" from secretSets

---
 pkg/types/kluctl_project.go | 20 ++------------------
 pkg/vars/vars_loader.go     |  4 ----
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 9fddb42e8..b1e7e5f68 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -1,9 +1,7 @@
 package types
 
 import (
-	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DynamicArg struct {
@@ -44,18 +42,8 @@ type DynamicTarget struct {
 }
 
 type SecretSet struct {
-	Name string `yaml:"name" validate:"required"`
-	// TODO deprecated, use vars instead
-	Sources []*VarsSource `yaml:"sources,omitempty"`
-	Vars    []*VarsSource `yaml:"vars,omitempty"`
-}
-
-func ValidateSecretSet(sl validator.StructLevel) {
-	s := sl.Current().Interface().(SecretSet)
-
-	if len(s.Sources) != 0 && len(s.Vars) != 0 {
-		sl.ReportError(s, "vars", "vars", "sources and vars can't be set at the same time", "")
-	}
+	Name string        `yaml:"name" validate:"required"`
+	Vars []*VarsSource `yaml:"vars,omitempty"`
 }
 
 type GlobalSealedSecretsConfig struct {
@@ -73,7 +61,3 @@ type KluctlProject struct {
 	Targets       []*Target      `yaml:"targets,omitempty"`
 	SecretsConfig *SecretsConfig `yaml:"secretsConfig,omitempty"`
 }
-
-func init() {
-	yaml.Validator.RegisterStructValidation(ValidateSecretSet, SecretSet{})
-}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 6a1953644..53f004f8f 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -74,9 +73,6 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 	if source.Values != nil {
 		v.mergeVars(varsCtx, source.Values, rootKey)
 		return nil
-	} else if source.Path != nil {
-		status.Deprecation(v.ctx, "vars-path", "'path' is deprecated as vars source, use 'file' instead")
-		return v.loadFile(varsCtx, *source.Path, searchDirs, rootKey)
 	} else if source.File != nil {
 		return v.loadFile(varsCtx, *source.File, searchDirs, rootKey)
 	} else if source.Git != nil {

From 5a853eba8e95d493026f330c321e8581227d4915 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 13:36:47 +0200
Subject: [PATCH 0424/2268] feat: Remove deprecated "path" from "vars"

---
 pkg/kluctl_project/target_context.go | 7 +------
 pkg/types/vars_source.go             | 1 -
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 3015d4345..60ea9db07 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -186,12 +186,7 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 		if err != nil {
 			return err
 		}
-		if len(secretEntry.Sources) != 0 {
-			status.Deprecation(p.ctx, "secrets-sets-sources", "'sources' in secretSets is deprecated, use 'vars' instead")
-			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Sources, searchDirs, "secrets")
-		} else {
-			err = varsLoader.LoadVarsList(varsCtx, secretEntry.Vars, searchDirs, "secrets")
-		}
+		err = varsLoader.LoadVarsList(varsCtx, secretEntry.Vars, searchDirs, "secrets")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 89ca64760..af8a235cc 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -56,7 +56,6 @@ type VarsSourceVault struct {
 type VarsSource struct {
 	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
 	File              *string                             `yaml:"file,omitempty"`
-	Path              *string                             `yaml:"path,omitempty"`
 	Git               *VarsSourceGit                      `yaml:"git,omitempty"`
 	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `yaml:"clusterConfigMap,omitempty"`
 	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `yaml:"clusterSecret,omitempty"`

From 48cf6dba60ef11a051cf35c2c1bc54932302c868 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:18:20 +0200
Subject: [PATCH 0425/2268] feat: Deprecate dynamicTargets configuration per
 target

---
 pkg/kluctl_project/project.go        | 16 ----------------
 pkg/kluctl_project/target_context.go |  9 ---------
 pkg/kluctl_project/targets.go        | 16 ++++------------
 3 files changed, 4 insertions(+), 37 deletions(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 29d27077f..7d36b0872 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"strings"
 )
 
 type LoadedKluctlProject struct {
@@ -45,18 +44,3 @@ func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTar
 	}
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
-
-func (c *LoadedKluctlProject) CheckDynamicArg(target *types2.Target, argName string, argValue any) error {
-	var dynArg *types2.DynamicArg
-	for _, x := range target.DynamicArgs {
-		if x.Name == argName || strings.HasPrefix(argName, x.Name+".") {
-			dynArg = &x
-			break
-		}
-	}
-	if dynArg == nil {
-		return fmt.Errorf("dynamic argument %s is not allowed for target", argName)
-	}
-
-	return nil
-}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 60ea9db07..6b91e5fd0 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -134,15 +134,6 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, offlineK8s bool, e
 
 	allArgs := uo.New()
 
-	if target != nil {
-		for argName, argValue := range externalArgs.Object {
-			err = p.CheckDynamicArg(target, argName, argValue)
-			if err != nil {
-				return doError(err)
-			}
-		}
-	}
-
 	allArgs.Merge(externalArgs)
 	if target != nil {
 		if target.Args != nil {
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 0600dae27..baa2aa52f 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
@@ -245,19 +244,12 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 		return nil, err
 	}
 
+	if len(target.DynamicArgs) != 0 {
+		status.Deprecation(c.ctx, "dynamic-args", "dynamicArgs are deprecated and ignored. The field will be removed in a future kluctl release.")
+	}
+
 	// check and merge args
 	if targetConfig.Args != nil {
-		err = targetConfig.Args.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
-			strValue := fmt.Sprintf("%v", it.Value())
-			err := c.CheckDynamicArg(&target, it.KeyPath().ToJsonPath(), strValue)
-			if err != nil {
-				return err
-			}
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
 		target.Args.Merge(targetConfig.Args)
 	}
 	// We prepend the dynamic images to ensure they get higher priority later

From 107155bcfc3bc881bee7759df0ff023fd0396884 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:19:25 +0200
Subject: [PATCH 0426/2268] feat: Allow to run without targets (through the use
 of a no-name target)

---
 pkg/kluctl_project/target_context.go | 56 ++++++++++++++++------------
 1 file changed, 32 insertions(+), 24 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 6b91e5fd0..741cccbfe 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -39,11 +39,19 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 			return nil, err
 		}
 		target = t.Target
+	} else {
+		target = &types.Target{}
+	}
+
+	images.PrependFixedImages(target.Images)
 
-		images.PrependFixedImages(target.Images)
+	clientConfig, clusterContext, err := p.loadK8sConfig(target, offlineK8s)
+	if err != nil {
+		return nil, err
 	}
+	target.Context = &clusterContext
 
-	varsCtx, clientConfig, clusterContext, err := p.buildVars(target, offlineK8s, externalArgs, forSeal)
+	varsCtx, err := p.buildVars(target, externalArgs, forSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -79,7 +87,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		VarsLoader:                        varsLoader,
 		RenderDir:                         renderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
-		DefaultSealedSecretsOutputPattern: targetName,
+		DefaultSealedSecretsOutputPattern: target.Name,
 	}
 
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(deploymentDir), ".", nil)
@@ -104,31 +112,35 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, offlineK8s bool, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, *rest.Config, string, error) {
-	doError := func(err error) (*vars.VarsCtx, *rest.Config, string, error) {
-		return nil, nil, "", err
+func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s bool) (*rest.Config, string, error) {
+	if offlineK8s {
+		return nil, "", nil
 	}
 
-	varsCtx := vars.NewVarsCtx(p.J2)
-
 	contextName := target.Context
 
 	var err error
 	var clientConfig *rest.Config
-	if !offlineK8s {
-		var restConfig *api.Config
-		clientConfig, restConfig, err = p.loadArgs.ClientConfigGetter(contextName)
-		if err != nil {
-			return doError(err)
-		}
-		if contextName == nil {
-			contextName = &restConfig.CurrentContext
-		}
+	var restConfig *api.Config
+	clientConfig, restConfig, err = p.loadArgs.ClientConfigGetter(contextName)
+	if err != nil {
+		return nil, "", err
 	}
+	if contextName == nil {
+		contextName = &restConfig.CurrentContext
+	}
+	if contextName != nil {
+		return clientConfig, *contextName, nil
+	}
+	return clientConfig, "", nil
+}
+
+func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, error) {
+	varsCtx := vars.NewVarsCtx(p.J2)
 
 	targetVars, err := uo.FromStruct(target)
 	if err != nil {
-		return doError(err)
+		return nil, err
 	}
 	varsCtx.UpdateChild("target", targetVars)
 
@@ -148,16 +160,12 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, offlineK8s bool, e
 
 	err = deployment.LoadDeploymentArgs(p.ProjectDir, varsCtx, allArgs)
 	if err != nil {
-		return doError(err)
+		return nil, err
 	}
 
 	varsCtx.UpdateChild("args", allArgs)
 
-	var contextName2 string
-	if contextName != nil {
-		contextName2 = *contextName
-	}
-	return varsCtx, clientConfig, contextName2, nil
+	return varsCtx, nil
 }
 
 func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, error) {

From 09e34f7d7b33e0b76c9b3b375ea549ecee77d043 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:23:24 +0200
Subject: [PATCH 0427/2268] refactor: Pass target context params via struct

---
 cmd/kluctl/commands/utils.go         | 17 ++++++++++-----
 pkg/kluctl_project/target_context.go | 31 +++++++++++++++++++---------
 2 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 7a49bf371..5e41a4633 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -152,11 +152,18 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		renderOutputDir = tmpDir
 	}
 
-	targetCtx, err := p.NewTargetContext(ctx,
-		args.targetFlags.Target, args.offlineKubernetes,
-		args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
-		optionArgs2, args.forSeal, images, inclusion,
-		renderOutputDir)
+	targetParams := kluctl_project.TargetContextParams{
+		TargetName:      args.targetFlags.Target,
+		OfflineK8s:      args.offlineKubernetes,
+		DryRun:          args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
+		ExternalArgs:    optionArgs2,
+		ForSeal:         args.forSeal,
+		Images:          images,
+		Inclusion:       inclusion,
+		RenderOutputDir: renderOutputDir,
+	}
+
+	targetCtx, err := p.NewTargetContext(ctx, targetParams)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 741cccbfe..41faba801 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -26,15 +26,26 @@ type TargetContext struct {
 	DeploymentCollection *deployment.DeploymentCollection
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName string, offlineK8s bool, dryRun bool, externalArgs *uo.UnstructuredObject, forSeal bool, images *deployment.Images, inclusion *utils.Inclusion, renderOutputDir string) (*TargetContext, error) {
+type TargetContextParams struct {
+	TargetName      string
+	OfflineK8s      bool
+	DryRun          bool
+	ExternalArgs    *uo.UnstructuredObject
+	ForSeal         bool
+	Images          *deployment.Images
+	Inclusion       *utils.Inclusion
+	RenderOutputDir string
+}
+
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params TargetContextParams) (*TargetContext, error) {
 	deploymentDir, err := filepath.Abs(p.ProjectDir)
 	if err != nil {
 		return nil, err
 	}
 
 	var target *types.Target
-	if targetName != "" {
-		t, err := p.FindDynamicTarget(targetName)
+	if params.TargetName != "" {
+		t, err := p.FindDynamicTarget(params.TargetName)
 		if err != nil {
 			return nil, err
 		}
@@ -43,15 +54,15 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		target = &types.Target{}
 	}
 
-	images.PrependFixedImages(target.Images)
+	params.Images.PrependFixedImages(target.Images)
 
-	clientConfig, clusterContext, err := p.loadK8sConfig(target, offlineK8s)
+	clientConfig, clusterContext, err := p.loadK8sConfig(target, params.OfflineK8s)
 	if err != nil {
 		return nil, err
 	}
 	target.Context = &clusterContext
 
-	varsCtx, err := p.buildVars(target, externalArgs, forSeal)
+	varsCtx, err := p.buildVars(target, params.ExternalArgs, params.ForSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +74,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		if err != nil {
 			return nil, err
 		}
-		k, err = k8s.NewK8sCluster(ctx, clientFactory, dryRun)
+		k, err = k8s.NewK8sCluster(ctx, clientFactory, params.DryRun)
 		if err != nil {
 			s.Failed()
 			return nil, err
@@ -73,7 +84,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 
 	varsLoader := vars.NewVarsLoader(ctx, k, p.RP, aws.NewClientFactory())
 
-	if forSeal {
+	if params.ForSeal {
 		err = p.loadSecrets(target, varsCtx, varsLoader)
 		if err != nil {
 			return nil, err
@@ -85,7 +96,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		K:                                 k,
 		RP:                                p.RP,
 		VarsLoader:                        varsLoader,
-		RenderDir:                         renderOutputDir,
+		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,
 	}
@@ -95,7 +106,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, targetName s
 		return nil, err
 	}
 
-	c, err := deployment.NewDeploymentCollection(dctx, d, images, inclusion, forSeal)
+	c, err := deployment.NewDeploymentCollection(dctx, d, params.Images, params.Inclusion, params.ForSeal)
 	if err != nil {
 		return nil, err
 	}

From c7d8dfbe647cd67015a8734a764b1a40ece32f80 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:39:21 +0200
Subject: [PATCH 0428/2268] feat: Allow to override target name via -T

---
 cmd/kluctl/args/project.go           |  4 +++-
 cmd/kluctl/commands/utils.go         | 18 ++++++++++--------
 pkg/kluctl_project/target_context.go | 26 +++++++++++++++++---------
 3 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 8b49faa53..f60f27482 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -16,5 +16,7 @@ type ArgsFlags struct {
 }
 
 type TargetFlags struct {
-	Target string `group:"project" short:"t" help:"Target name to run command for. Target must exist in .kluctl.yaml."`
+	Target             string `group:"project" short:"t" help:"Target name to run command for. Target must exist in .kluctl.yaml."`
+	TargetNameOverride string `group:"project" short:"T" help:"Overrides the target name. If -t is used at the same time, then the target will be looked up based on -t <name> and then renamed to the value of -T. If no target is specified via -t, then the no-name target is renamed to the value of -T."`
+	Context            string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 5e41a4633..cd67132ad 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -153,14 +153,16 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	targetParams := kluctl_project.TargetContextParams{
-		TargetName:      args.targetFlags.Target,
-		OfflineK8s:      args.offlineKubernetes,
-		DryRun:          args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
-		ExternalArgs:    optionArgs2,
-		ForSeal:         args.forSeal,
-		Images:          images,
-		Inclusion:       inclusion,
-		RenderOutputDir: renderOutputDir,
+		TargetName:         args.targetFlags.Target,
+		TargetNameOverride: args.targetFlags.TargetNameOverride,
+		ContextOverride:    args.targetFlags.Context,
+		OfflineK8s:         args.offlineKubernetes,
+		DryRun:             args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
+		ExternalArgs:       optionArgs2,
+		ForSeal:            args.forSeal,
+		Images:             images,
+		Inclusion:          inclusion,
+		RenderOutputDir:    renderOutputDir,
 	}
 
 	targetCtx, err := p.NewTargetContext(ctx, targetParams)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 41faba801..246762e92 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -27,14 +27,16 @@ type TargetContext struct {
 }
 
 type TargetContextParams struct {
-	TargetName      string
-	OfflineK8s      bool
-	DryRun          bool
-	ExternalArgs    *uo.UnstructuredObject
-	ForSeal         bool
-	Images          *deployment.Images
-	Inclusion       *utils.Inclusion
-	RenderOutputDir string
+	TargetName         string
+	TargetNameOverride string
+	ContextOverride    string
+	OfflineK8s         bool
+	DryRun             bool
+	ExternalArgs       *uo.UnstructuredObject
+	ForSeal            bool
+	Images             *deployment.Images
+	Inclusion          *utils.Inclusion
+	RenderOutputDir    string
 }
 
 func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params TargetContextParams) (*TargetContext, error) {
@@ -49,10 +51,16 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		if err != nil {
 			return nil, err
 		}
-		target = t.Target
+		target = &*t.Target
 	} else {
 		target = &types.Target{}
 	}
+	if params.TargetNameOverride != "" {
+		target.Name = params.TargetNameOverride
+	}
+	if params.ContextOverride != "" {
+		target.Context = &params.ContextOverride
+	}
 
 	params.Images.PrependFixedImages(target.Images)
 

From a1cf0f34af14b32e51610f84667dde2dc8ff8ae2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:44:37 +0200
Subject: [PATCH 0429/2268] tests: Add test for context override

---
 e2e/contexts_test.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 5600f3689..6d9d10c7a 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -116,3 +116,21 @@ func TestContextSwitch(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
 	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
 }
+
+func TestContextOverride(t *testing.T) {
+	t.Parallel()
+
+	p := prepareContextTest(t, "context-override")
+	defer p.cleanup()
+
+	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
+	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+}

From ae1fcd5f4c82deb64ab88ef21b24dcba7526b8dc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 16:53:18 +0200
Subject: [PATCH 0430/2268] tests: Add test for no-name targets

---
 e2e/no_target_test.go | 54 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 e2e/no_target_test.go

diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
new file mode 100644
index 000000000..80f419298
--- /dev/null
+++ b/e2e/no_target_test.go
@@ -0,0 +1,54 @@
+package e2e
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func prepareNoTargetTest(t *testing.T, name string) *testProject {
+	p := &testProject{}
+	p.init(t, defaultCluster1, name)
+	p.mergeKubeconfig(defaultCluster2)
+
+	createNamespace(t, defaultCluster1, p.projectName)
+	createNamespace(t, defaultCluster2, p.projectName)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"targetName":    `{{ target.name }}`,
+		"targetContext": `{{ target.context }}`,
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+
+	return p
+}
+
+func TestNoTarget(t *testing.T) {
+	t.Parallel()
+
+	p := prepareNoTargetTest(t, "no-target")
+	defer p.cleanup()
+
+	p.KluctlMust("deploy", "--yes")
+	cm := assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assert.Equal(t, map[string]any{
+		"targetName":    "",
+		"targetContext": defaultCluster1.Context,
+	}, cm.Object["data"])
+
+	p.KluctlMust("deploy", "--yes", "-T", "override-name")
+	cm = assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assert.Equal(t, map[string]any{
+		"targetName":    "override-name",
+		"targetContext": defaultCluster1.Context,
+	}, cm.Object["data"])
+
+	p.KluctlMust("deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
+	cm = assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assert.Equal(t, map[string]any{
+		"targetName":    "override-name",
+		"targetContext": defaultCluster2.Context,
+	}, cm.Object["data"])
+}

From 929fec104964e9599907ac221be5f23230b9a999 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Oct 2022 09:18:00 +0200
Subject: [PATCH 0431/2268] feat: Implement kluctl.io/validate-ignore
 annotation

This allows to ignore an object while validation is running.
---
 pkg/validation/validation.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 7a3ecb5d2..7a1f1083c 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -50,6 +51,10 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 	// We assume all is good in case no validation is performed
 	ret.Ready = true
 
+	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/validate-ignore")) {
+		return
+	}
+
 	defer func() {
 		if r := recover(); r != nil {
 			if _, ok := r.(*validationFailed); ok {

From e9cbef252118b2304274af29e6176ba1c09524b2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:56:27 +0200
Subject: [PATCH 0432/2268] ci: Fix wrong pull_request branch

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 9f00b5a06..012806f23 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -4,7 +4,7 @@ on:
   push:
   pull_request:
     branches:
-      - master
+      - main
 
 jobs:
   build:

From ae017d389cb50009ac80f6588d8467c51496e9b9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 22:33:41 +0200
Subject: [PATCH 0433/2268] docs: Copy docs from www-kluctl.io project

---
 docs/_index.md                                |  93 ++++++
 docs/concepts.md                              |  54 ++++
 docs/get-started.md                           | 119 +++++++
 docs/history.md                               |  25 ++
 docs/installation.md                          |  64 ++++
 docs/philosophy.md                            |  36 +++
 docs/reference/_index.md                      |   8 +
 docs/reference/commands/_index.md             |  14 +
 docs/reference/commands/common-arguments.md   | 106 ++++++
 docs/reference/commands/delete.md             |  46 +++
 docs/reference/commands/deploy.md             |  78 +++++
 docs/reference/commands/diff.md               |  50 +++
 .../commands/environment-variables.md         |  23 ++
 docs/reference/commands/helm-pull.md          |  24 ++
 docs/reference/commands/helm-update.md        |  45 +++
 docs/reference/commands/list-images.md        |  39 +++
 docs/reference/commands/list-targets.md       |  28 ++
 docs/reference/commands/poke-images.md        |  41 +++
 docs/reference/commands/prune.md              |  39 +++
 docs/reference/commands/render.md             |  37 +++
 docs/reference/commands/seal.md               |  42 +++
 docs/reference/commands/validate.md           |  39 +++
 docs/reference/deployments/_index.md          |  62 ++++
 .../deployments/annotations/_index.md         |   7 +
 .../deployments/annotations/all-resources.md  |  91 ++++++
 .../deployments/annotations/hooks.md          |  23 ++
 .../deployments/annotations/kustomization.md  |  33 ++
 .../deployments/annotations/validation.md     |  16 +
 docs/reference/deployments/deployment-yml.md  | 306 ++++++++++++++++++
 docs/reference/deployments/helm.md            | 174 ++++++++++
 docs/reference/deployments/hooks.md           |  48 +++
 docs/reference/deployments/images.md          | 130 ++++++++
 docs/reference/deployments/kustomize.md       |  17 +
 docs/reference/deployments/readiness.md       |  15 +
 docs/reference/deployments/tags.md            |  83 +++++
 docs/reference/kluctl-project/_index.md       |  60 ++++
 .../kluctl-project/secrets-config/_index.md   |  73 +++++
 .../kluctl-project/targets/_index.md          | 103 ++++++
 .../kluctl-project/targets/dynamic-targets.md | 110 +++++++
 docs/reference/sealed-secrets.md              | 152 +++++++++
 docs/reference/templating/_index.md           |  53 +++
 docs/reference/templating/filters.md          |  80 +++++
 docs/reference/templating/functions.md        |  65 ++++
 .../templating/predefined-variables.md        |  27 ++
 docs/reference/templating/variable-sources.md | 215 ++++++++++++
 45 files changed, 2993 insertions(+)
 create mode 100644 docs/_index.md
 create mode 100644 docs/concepts.md
 create mode 100644 docs/get-started.md
 create mode 100644 docs/history.md
 create mode 100644 docs/installation.md
 create mode 100644 docs/philosophy.md
 create mode 100644 docs/reference/_index.md
 create mode 100644 docs/reference/commands/_index.md
 create mode 100644 docs/reference/commands/common-arguments.md
 create mode 100644 docs/reference/commands/delete.md
 create mode 100644 docs/reference/commands/deploy.md
 create mode 100644 docs/reference/commands/diff.md
 create mode 100644 docs/reference/commands/environment-variables.md
 create mode 100644 docs/reference/commands/helm-pull.md
 create mode 100644 docs/reference/commands/helm-update.md
 create mode 100644 docs/reference/commands/list-images.md
 create mode 100644 docs/reference/commands/list-targets.md
 create mode 100644 docs/reference/commands/poke-images.md
 create mode 100644 docs/reference/commands/prune.md
 create mode 100644 docs/reference/commands/render.md
 create mode 100644 docs/reference/commands/seal.md
 create mode 100644 docs/reference/commands/validate.md
 create mode 100644 docs/reference/deployments/_index.md
 create mode 100644 docs/reference/deployments/annotations/_index.md
 create mode 100644 docs/reference/deployments/annotations/all-resources.md
 create mode 100644 docs/reference/deployments/annotations/hooks.md
 create mode 100644 docs/reference/deployments/annotations/kustomization.md
 create mode 100644 docs/reference/deployments/annotations/validation.md
 create mode 100644 docs/reference/deployments/deployment-yml.md
 create mode 100644 docs/reference/deployments/helm.md
 create mode 100644 docs/reference/deployments/hooks.md
 create mode 100644 docs/reference/deployments/images.md
 create mode 100644 docs/reference/deployments/kustomize.md
 create mode 100644 docs/reference/deployments/readiness.md
 create mode 100644 docs/reference/deployments/tags.md
 create mode 100644 docs/reference/kluctl-project/_index.md
 create mode 100644 docs/reference/kluctl-project/secrets-config/_index.md
 create mode 100644 docs/reference/kluctl-project/targets/_index.md
 create mode 100644 docs/reference/kluctl-project/targets/dynamic-targets.md
 create mode 100644 docs/reference/sealed-secrets.md
 create mode 100644 docs/reference/templating/_index.md
 create mode 100644 docs/reference/templating/filters.md
 create mode 100644 docs/reference/templating/functions.md
 create mode 100644 docs/reference/templating/predefined-variables.md
 create mode 100644 docs/reference/templating/variable-sources.md

diff --git a/docs/_index.md b/docs/_index.md
new file mode 100644
index 000000000..c6a4cdaa4
--- /dev/null
+++ b/docs/_index.md
@@ -0,0 +1,93 @@
+---
+title: "Kluctl Documentation"
+linkTitle: "Docs"
+description: "The missing glue to put together large Kubernetes deployments."
+taxonomyCloud: []
+weight: 20
+menu:
+  main:
+    weight: 20
+---
+
+Kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
+Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
+line interface.
+
+Kluctl tries to be as flexible as possible, while remaining as simple as possible. It reuses established
+tools (e.g. Kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
+
+Kluctl is centered around "targets", which can be a cluster or a specific environment (e.g. test, dev, prod, ...) on one
+or multiple clusters. Targets can be deployed, diffed, pruned, deleted, and so on. The idea is to have the same set of
+operations for every target, no matter how simple or complex the deployment and/or target is.
+
+Kluctl does not depend on external operators/controllers and allows to use the same deployment wherever you want,
+as long as access to the kluctl project and clusters is available. This means, that you can use it from your 
+local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
+
+Flux support is in alpha state and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
+
+## Kluctl in Short
+
+<!-- borrowed from ./content/en/_index.html -->
+
+|     |     |
+| --- | --- |
+| 💪 Kluctl handles all your deployments | You can manage all your deployments with Kluctl, including infrastructure related and your applications. |
+| 🪶 Complex or simple, all the same | You can manage complex and simple deployments with Kluctl. Simple deployments are lightweight while complex deployment are easily manageable. |
+| 🤖 Native git support | Kluctl has native Git support integrated, meaning that it can easily deploy remote Kluctl projects or externalize parts (e.g. configuration) of your Kluctl project. |
+| 🪐 Multiple environments | Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration. |
+| 🌌 Multiple clusters | Manage multiple target clusters (in multiple clouds or bare-metal if you want). |
+| 🔩 Configuration and Templating | Kluctl allows to use templating in nearly all places, making it easy to have dynamic configuration. |
+| ⎈ Helm and Kustomize | The Helm and Kustomize integrations allow you to reuse plenty of third-party charts and kustomizations. |
+| 🔍 See what's different | Always know what the state of your deployments is by being able to run diffs on the whole deployment. |
+| 🔎 See what happened | Always know what you actually changed after performing a deployment. |
+| 💥 Know what went wrong | Kluctl will show you what part of your deployment failed and why. |
+| 👐 Live and let live | Kluctl tries to not interfere with any other tools or operators. This is possible due to it's use of server-side-apply. |
+| 🧹 Keep it clean | Keep your clusters clean by issuing regular prune calls. |
+| 🔐 Encrypted Secrets | Manage encrypted secrets for multiple target environments and clusters. |
+
+## What can I do with Kluctl?
+
+Kluctl allows you to define a Kluctl project, which in turn defines Kluctl
+deployments and sub-deployments. Each Kluctl deployment defines Kustomize deployments.
+
+A Kluctl project also defines targets, which represent your target environments
+and/or clusters.
+
+The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
+
+## Where do I start?
+
+{{% alert title="Get started with Kluctl!" %}}
+Following this [guide]({{< ref "docs/get-started" >}}) will just take a couple of minutes to complete:
+After installing `kluctl`, you can either check out the [example]({{< ref "docs/guides/examples" >}}) or [tutorials]({{< ref "docs/guides/tutorials" >}}).
+{{% /alert %}}
+
+<!-- TODO
+## Community
+
+Need help or want to contribute? Please see the links below. The Kluctl project is always looking for
+new contributors and there are a multitude of ways to get involved.
+
+- Getting Started?
+    - Look at our [Get Started guide](get-started/) and give us feedback
+- Need help?
+    - First: Ask questions on our [GH Discussions page](https://github.com/kluctl/kluctl/discussions)
+    - Second: Talk to us in the #kluctl channel on [CNCF Slack](https://slack.cncf.io/)
+    - Please follow our [Support Guidelines](/support/)
+      (in short: be nice, be respectful of volunteers' time, understand that maintainers and
+      contributors cannot respond to all DMs, and keep discussions in the public #kluctl channel as much as possible).
+- Have feature proposals or want to contribute?
+    - Propose features on our [GH Discussions page](https://github.com/kluctl/kluctl/discussions)
+    - Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
+    - [Join the flux-dev mailing list](https://lists.cncf.io/g/cncf-kluctl-dev).
+    - Check out [how to contribute](/contributing) to the project
+
+### Events
+
+Check out our **[events calendar](/#calendar)**,
+both with upcoming talks you can attend or past events videos you can watch.
+
+We look forward to seeing you with us!
+
+-->
diff --git a/docs/concepts.md b/docs/concepts.md
new file mode 100644
index 000000000..c410e32e1
--- /dev/null
+++ b/docs/concepts.md
@@ -0,0 +1,54 @@
+---
+title: Core Concepts
+description: Core Concepts of Kluctl.
+weight: 10
+---
+
+These are some core concepts in Kluctl.
+
+## Kluctl project
+The kluctl project defines targets, secret sources and external git projects.
+It is defined via the [.kluctl.yaml]({{< ref "docs/reference/kluctl-project" >}}) configuration file.
+
+The kluctl project can also optionally define where the deployment project and clusters configs are located (external
+git projects).
+
+## Targets
+A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
+allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
+
+## Deployments
+A [deployment]({{< ref "docs/reference/deployments" >}}) defines which Kustomize deployments and which sub-deployments
+to deploy. It also controls the order of deployments.
+
+Deployments may be configured through deployment arguments, which are typically provided via the targets but might also
+be provided through the CLI.
+
+## Variables
+[Variables]({{< ref "docs/reference/templating" >}}) are the main source of configuration. They are either loaded yaml
+files or directly defined inside deployments. Each variables file that is loaded has access to all the variables which
+were defined before, allowing complex composition of configuration.
+
+After being loaded, variables are usable through the templating engine at all nearly all places.
+
+## Templating
+All configuration files (including .kluctl.yaml and deployment.yaml) and all Kubernetes manifests involved are processed
+through a templating engine.
+The [templating engine]({{< ref "docs/reference/templating" >}}) allows simple variable substitution and also complex
+control structures (if/else, for loops, ...).
+
+## Secrets
+Secrets are loaded from [external sources]({{< ref "docs/reference/kluctl-project" >}}) and are only available
+while [sealing]({{< ref "docs/reference/sealed-secrets" >}}). After the sealing process, only the public-key encrypted
+sealed secrets are available.
+
+## Sealed Secrets
+[Sealed Secrets]({{< ref "docs/reference/sealed-secrets" >}}) are based on
+[Bitnami's sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets). Kluctl offers integration of
+sealed secrets through the `seal` command. Kluctl allows managing multiple sets of sealed secrets for multiple targets.
+
+## Unified CLI
+The CLI of kluctl is designed to be unified/consistent as much as possible. Most commands are centered around targets
+and thus require you to specify the target name (via `-t <target>`). If you remember how one command works, it's easy
+to figure out how the others work. Output from all targets based commands is also unified, allowing you to easily see
+what will and what did happen.
diff --git a/docs/get-started.md b/docs/get-started.md
new file mode 100644
index 000000000..d8868313b
--- /dev/null
+++ b/docs/get-started.md
@@ -0,0 +1,119 @@
+---
+title: "Get Started with Kluctl"
+linkTitle: "Get Started"
+description: "Get Started with Kluctl."
+weight: 20
+---
+
+This tutorial shows you how to bootstrap Flux to a Kubernetes cluster and deploy a sample application in a GitOps manner.
+
+## Before you begin
+
+A few things must be prepared before you actually begin.
+
+### Get a Kubernetes cluster
+
+The first step is of course: You need a kubernetes cluster. It doesn't really matter where this cluster is hosted, if
+it's a local (e.g. [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)) cluster, managed cluster, or a self-hosted
+cluster, kops or kubespray based, AWS, GCE, Azure, ... and so on. kluctl
+is completely independent of how Kubernetes is deployed and where it is hosted.
+
+There is however a minimum Kubernetes version that must be met: 1.20.0. This is due to the heavy use of server-side apply
+which was not stable enough in older versions of Kubernetes.
+
+### Prepare your kubeconfig
+
+Your local kubeconfig should be configured to have access to the target Kubernetes cluster via a dedicated context. The context
+name should match with the name that you want to use for the cluster from now on. Let's assume the name is `test.example.com`,
+then you'd have to ensure that the kubeconfig context `test.example.com` is correctly pointing and authorized for this
+cluster.
+
+See [Configure Access to Multiple Clusters](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) for documentation
+on how to manage multiple clusters with a single kubeconfig. Depending on the Kubernets provisioning/deployment tooling
+you used, you might also be able to directly export the context into your local kubeconfig. For example,
+[kops](https://github.com/kubernetes/kops/blob/master/docs/cli/kops_export.md) is able to export and merge the kubeconfig
+for a given cluster.
+
+## Objectives
+
+- Checkout one of the example Kluctl projects
+- Deploy to your local cluster
+- Change something and re-deploy
+
+## Install Kluctl
+
+The `kluctl` command-line interface (CLI) is required to perform deployments.
+
+To install the CLI with Homebrew run:
+
+```sh
+brew install kluctl/tap/kluctl
+```
+
+For other installation methods, see the [install documentation]({{< ref "docs/installation" >}}).
+
+## Clone the kluctl examples
+
+Clone the example project found at https://github.com/kluctl/kluctl-examples
+
+```sh
+git clone https://github.com/kluctl/kluctl-examples.git
+```
+
+## Choose one of the examples
+
+You can choose whatever example you like from the clones repository. We will however continue this guide by referring
+to the `simple-helm` example found in that repository. Change the current directory:
+
+```sh
+cd kluctl-examples/simple-helm
+```
+
+## Create your local cluster
+
+Create a local cluster with [kind](https://kind.sigs.k8s.io):
+
+```sh
+kind create cluster
+```
+
+This will update your kubeconfig to contain a context with the name `kind-kind`. By default, all examples will use
+the currently active context.
+
+## Deploy the example
+
+Now run the following command to deploy the example:
+
+```sh
+kluctl deploy -t simple-helm
+```
+
+Kluctl will perform a diff first and then ask for your confirmation to deploy it. In this case, you should only see
+some objects being newly deployed.
+
+```sh
+kubectl -nsimple-helm get pod
+```
+
+## Change something and re-deploy
+
+Now change something inside the deployment project. You could for example add `replicaCount: 2` to `deployment/nginx/helm-values.yml`.
+After you have saved your changes, run the deploy command again:
+
+```sh
+kluctl deploy -t simple-helm
+```
+
+This time it should show your modifications in the diff. Confirm that you want to perform the deployment and then verify
+it:
+
+```sh
+kubectl -nsimple-helm get pod
+```
+
+You should need 2 instances of the nginx POD running now.
+
+## Where to continue?
+
+Continue by reading through the [tutorials]({{< ref "docs/guides/tutorials" >}}) and by consulting
+the [reference documentation]({{< ref "reference" >}}).
diff --git a/docs/history.md b/docs/history.md
new file mode 100644
index 000000000..a1baceb2a
--- /dev/null
+++ b/docs/history.md
@@ -0,0 +1,25 @@
+---
+title: "History"
+linkTitle: "History"
+weight: 40
+description: "The history of kluctl."
+---
+
+Kluctl was created after multiple incarnations of complex multi-environment (e.g. dev, test, prod) deployments, including everything
+from monitoring, persistency and the actual custom services. The philosophy of these deployments was always
+"what belongs together, should be put together", meaning that only as much Git repositories were involved as necessary.
+
+The problems to solve turned out to be always the same:
+* Dozens of Helm Charts, kustomize deployments and standalone Kubernetes manifests needed to be orchestrated in a way
+  that they work together (services need to connect to the correct databases, and so on)
+* (Encrypted) Secrets needed to be managed and orchestrated for multiple environments and clusters
+* Updates of components was always risky and required keeping track of what actually changed since the last deployment
+* Available tools (Helm, Kustomize) were not suitable to solve this on its own in an easy/natural way
+* A lot of bash scripting was required to put things together
+
+When this got more and more complex, and the bash scripts started to become a mess (as "simple" Bash scripts always tend to become),
+kluctl was started from scratch. It now tries to solve the mentioned problems and provide a useful set of features (commands)
+in a sane and unified way.
+
+The first versions of kluctl were written in Python, hence the use of Jinja2 templating in kluctl. With version 2.0.0,
+kluctl was rewritten in Go.
diff --git a/docs/installation.md b/docs/installation.md
new file mode 100644
index 000000000..94ae4641a
--- /dev/null
+++ b/docs/installation.md
@@ -0,0 +1,64 @@
+---
+title: "Installation"
+linkTitle: "Installation"
+weight: 20
+description: "Installing kluctl."
+---
+
+## Install kluctl
+
+The kluctl CLI is available as a binary executable for all major platforms,
+the binaries can be downloaded form GitHub
+[releases page](https://github.com/kluctl/kluctl/releases).
+
+{{% tabs %}}
+{{% tab "Homebrew" %}}
+
+With [Homebrew](https://brew.sh) for macOS and Linux:
+
+```sh
+brew install kluctl/tap/kluctl
+```
+
+{{% /tab %}}
+{{% tab "bash" %}}
+
+With [Bash](https://www.gnu.org/software/bash/) for macOS and Linux:
+
+```sh
+curl -s https://kluctl.io/install.sh | bash
+```
+
+{{% /tab %}}
+
+<!-- TODO uncomment when chocolatey support is implemented
+{{% tab "Chocolatey" %}}
+
+With [Chocolatey](https://chocolatey.org/) for Windows:
+
+```powershell
+choco install kluctl
+```
+
+{{% /tab %}}
+-->
+{{% /tabs %}}
+
+<!-- TODO uncomment this when completion is implemented
+To configure your shell to load `kluctl` [bash completions](./cmd/kluctl_completion_bash.md) add to your profile:
+
+```sh
+. <(kluctl completion bash)
+```
+
+[`zsh`](./cmd/kluctl_completion_zsh.md), [`fish`](./cmd/kluctl_completion_fish.md),
+and [`powershell`](./cmd/kluctl_completion_powershell.md)
+are also supported with their own sub-commands.
+
+-->
+
+## Container images
+
+A container image with `kluctl` is available on GitHub:
+
+* `ghcr.io/kluctl/kluctl:<version>`
diff --git a/docs/philosophy.md b/docs/philosophy.md
new file mode 100644
index 000000000..580b9f397
--- /dev/null
+++ b/docs/philosophy.md
@@ -0,0 +1,36 @@
+---
+title: "Philosophy"
+linkTitle: "Philosophy"
+weight: 30
+description: "The philosophy behind kluctl."
+---
+
+Kluctl tries to follow a few basic ideas and a philosophy. Project and deployments structure, as well as all commands
+are centered on these.
+
+## Be practical
+Everything found in kluctl is based on years of experience in daily business, from the perspective of a DevOps Engineer. 
+Kluctl prefers practicability when possible, trying to make the daily life of a DevOps Engineer as comfortable as possible.
+
+## Consistent CLI
+Commands try to be as consistent as possible, making it easy to remember how they are used. For example, a `diff` is used the same way as a `deploy`. This applies to all sizes and complexities of projects. A simple/single-application deployment is used the same way as a complex one, so that it is easy to switch between projects.
+
+## Mostly declarative
+Kluctl tries to be declarative whenever possible, but loosens this in some cases to stay practical.
+For example, hooks, barriers and waitReadiness allows you to control order of deployments in a way that a pure declarative approach would not allow.
+
+## Predictable and traceable
+Always know what will happen (`diff` or `--dry-run`) and always know what happened (output changes done by a command).
+There is nothing worse than not knowing what's going to happen when you deploy the current state to prod. Not knowing what happened is on the same level.
+
+## Live and let live
+Kluctl tries to not interfere with any other tools or operators. It achieves this by honoring managed fields in an intelligent way.
+Kluctl will never force-apply anything without being told so, it will also always inform you about fields that you lost ownership of.
+
+## CLI/Client first
+Kluctl is centered around a unified command line interface and will always prioritize this. This
+guarantees that the DevOps Engineer never looses control, even if automation and/or GitOps style operators are being used.
+
+## No scripting
+Kluctl tries its best to remove the need for scripts (e.g. Bash) around deployments. It tries to remove the need
+for external orchestration of deployment order and/or dependencies.
diff --git a/docs/reference/_index.md b/docs/reference/_index.md
new file mode 100644
index 000000000..06d1ad3b4
--- /dev/null
+++ b/docs/reference/_index.md
@@ -0,0 +1,8 @@
+---
+title: "Reference"
+linkTitle: "Reference"
+description: >
+  Description of configuration files and commands
+weight: 110
+---
+
diff --git a/docs/reference/commands/_index.md b/docs/reference/commands/_index.md
new file mode 100644
index 000000000..438c870aa
--- /dev/null
+++ b/docs/reference/commands/_index.md
@@ -0,0 +1,14 @@
+---
+title: "Commands"
+linkTitle: "Commands"
+weight: 10
+description: >
+    Description of available commands.
+---
+
+kluctl offers a unified command line interface that allows to standardize all your deployments. Every project,
+no matter how different it is from other projects, is managed the same way.
+
+You can always call `kluctl --help` or `kluctl <command> --help` for a help prompt.
+
+Individual commands are documented in sub-sections.
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
new file mode 100644
index 000000000..429d78235
--- /dev/null
+++ b/docs/reference/commands/common-arguments.md
@@ -0,0 +1,106 @@
+---
+title: "Common Arguments"
+linkTitle: "Common Arguments"
+weight: 1
+description: >
+    Common arguments
+---
+
+A few sets of arguments are common between multiple commands. These arguments are still part of the command itself and
+must be placed *after* the command name.
+
+## Global arguments
+
+These arguments are available for all commands.
+
+<!-- BEGIN SECTION "deploy" "Global arguments" true -->
+```
+Global arguments:
+      --cpu-profile string   Enable CPU profiling and write the result to the given path
+      --debug                Enable debug logging
+      --no-color             Disable colored output
+      --no-update-check      Disable update check on startup
+
+```
+<!-- END SECTION -->
+
+## Project arguments
+
+These arguments are available for all commands that are based on a Kluctl project.
+They control where and how to load the kluctl project and deployment project.
+
+<!-- BEGIN SECTION "deploy" "Project arguments" true -->
+```
+Project arguments:
+  Define where and how to load the kluctl project and its components from.
+
+  -a, --arg stringArray                      Template argument in the form name=value
+      --cluster string                       DEPRECATED. Specify/Override cluster
+      --git-cache-update-interval duration   Specify the time to wait between git cache updates. Defaults to not
+                                             wait at all and always updating caches.
+      --local-clusters existingdir           DEPRECATED. Local clusters directory. Overrides the project from
+                                             .kluctl.yaml
+      --local-deployment existingdir         DEPRECATED. Local deployment directory. Overrides the project from
+                                             .kluctl.yaml
+      --local-sealed-secrets existingdir     DEPRECATED. Local sealed-secrets directory. Overrides the project
+                                             from .kluctl.yaml
+      --output-metadata string               Specify the output path for the project metadata to be written to.
+  -c, --project-config existingfile          Location of the .kluctl.yaml config file. Defaults to
+                                             $PROJECT/.kluctl.yaml
+  -b, --project-ref string                   Git ref of the kluctl project. Only used when --project-url was given.
+  -p, --project-url string                   Git url of the kluctl project. If not specified, the current
+                                             directory will be used instead of a remote Git project
+  -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
+      --timeout duration                     Specify timeout for all operations, including loading of the project,
+                                             all external api calls and waiting for readiness. (default 10m0s)
+
+```
+<!-- END SECTION -->
+
+## Image arguments
+
+These arguments are available on some target based commands.
+They control image versions requested by `images.get_image(...)` [calls]({{< ref "docs/reference/deployments/images#imagesget_image" >}}).
+
+<!-- BEGIN SECTION "deploy" "Image arguments" true -->
+```
+Image arguments:
+  Control fixed images and update behaviour.
+
+  -F, --fixed-image stringArray          Pin an image to a given version. Expects
+                                         '--fixed-image=image<:namespace:deployment:container>=result'
+      --fixed-images-file existingfile   Use .yaml file to pin image versions. See output of list-images
+                                         sub-command or read the documentation for details about the output format
+      --offline-images                   Omit contacting image registries and do not query for latest image tags.
+  -u, --update-images                    This causes kluctl to prefer the latest image found in registries, based
+                                         on the 'latest_image' filters provided to 'images.get_image(...)' calls.
+                                         Use this flag if you want to update to the latest versions/tags of all
+                                         images. '-u' takes precedence over '--fixed-image/--fixed-images-file',
+                                         meaning that the latest images are used even if an older image is given
+                                         via fixed images.
+
+```
+<!-- END SECTION -->
+
+## Inclusion/Exclusion arguments
+
+These arguments are available for some target based commands.
+They control inclusion/exclusion based on tags and deployment item pathes.
+
+<!-- BEGIN SECTION "deploy" "Inclusion/Exclusion arguments" true -->
+```
+Inclusion/Exclusion arguments:
+  Control inclusion/exclusion.
+
+      --exclude-deployment-dir stringArray   Exclude deployment dir. The path must be relative to the root
+                                             deployment project. Exclusion has precedence over inclusion, same as
+                                             in --exclude-tag
+  -E, --exclude-tag stringArray              Exclude deployments with given tag. Exclusion has precedence over
+                                             inclusion, meaning that explicitly excluded deployments will always
+                                             be excluded even if an inclusion rule would match the same deployment.
+      --include-deployment-dir stringArray   Include deployment dir. The path must be relative to the root
+                                             deployment project.
+  -I, --include-tag stringArray              Include deployments with given tag.
+
+```
+<!-- END SECTION -->
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
new file mode 100644
index 000000000..d2753f4b4
--- /dev/null
+++ b/docs/reference/commands/delete.md
@@ -0,0 +1,46 @@
+---
+title: "delete"
+linkTitle: "delete"
+weight: 10
+description: >
+    delete command
+---
+
+## Command
+<!-- BEGIN SECTION "delete" "Usage" false -->
+Usage: kluctl delete [flags]
+
+Delete a target (or parts of it) from the corresponding cluster
+Objects are located based on 'commonLabels', configured in 'deployment.yaml'
+
+WARNING: This command will also delete objects which are not part of your deployment
+project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
+take the local target/state into account!
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "delete" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+  -l, --delete-by-label stringArray   Override the labels used to find objects for deletion.
+      --dry-run                       Performs all kubernetes API calls in dry-run mode.
+  -o, --output-format stringArray     Specify output format and target file, in the format 'format=path'. Format
+                                      can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                      format for yaml is currently not documented and subject to change.
+      --render-output-dir string      Specifies the target directory to render the project into. If omitted, a
+                                      temporary directory is used.
+  -y, --yes                           Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+
+```
+<!-- END SECTION -->
+
+They have the same meaning as described in [deploy](#deploy).
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
new file mode 100644
index 000000000..2114ac54c
--- /dev/null
+++ b/docs/reference/commands/deploy.md
@@ -0,0 +1,78 @@
+---
+title: "deploy"
+linkTitle: "deploy"
+weight: 10
+description: >
+    deploy command
+---
+
+## Command
+<!-- BEGIN SECTION "deploy" "Usage" false -->
+Usage: kluctl deploy [flags]
+
+Deploys a target to the corresponding cluster
+This command will also output a diff between the initial state and the state after
+deployment. The format of this diff is the same as for the 'diff' command.
+It will also output a list of prunable objects (without actually deleting them).
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "deploy" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --abort-on-error               Abort deploying when an error occurs instead of trying the remaining deployments
+      --dry-run                      Performs all kubernetes API calls in dry-run mode.
+      --force-apply                  Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error       Same as --replace-on-error, but also try to delete and re-create objects. See
+                                     documentation for more details.
+      --no-wait                      Don't wait for objects readiness'
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --readiness-timeout duration   Maximum time to wait for object readiness. The timeout is meant per-object.
+                                     Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a
+                                     default timeout of 5m is used. (default 5m0s)
+      --render-output-dir string     Specifies the target directory to render the project into. If omitted, a
+                                     temporary directory is used.
+      --replace-on-error             When patching an object fails, try to replace it. See documentation for more
+                                     details.
+  -y, --yes                          Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+
+```
+<!-- END SECTION -->
+
+### --force-apply
+kluctl implements deployments via [server-side apply](https://kubernetes.io/reference/using-api/server-side-apply/)
+and a custom automatic conflict resolution algorithm. This algurithm is an automatic implementation of the
+"[Don't overwrite value, give up management claim](https://kubernetes.io/reference/using-api/server-side-apply/#conflicts)"
+method. It should work in most cases, but might still fail. In case of such failure, you can use `--force-apply` to
+use the "Overwrite value, become sole manager" strategy instead.
+
+Please note that this is a risky operation which might overwrite fields which were initially managed by kluctl but were
+then overtaken by other managers (e.g. by operators). Always use this option with caution and perform a dry-run
+before to ensure nothing unexpected gets overwritten.
+
+### --replace-on-error
+In some situations, patching Kubernetes objects might fail for different reasons. In such cases, you can try
+`--replace-on-error` to instruct kluctl to retry with an update operation.
+
+Please note that this will cause all fields to be overwritten, even if owned by other field managers.
+
+### --force-replace-on-error
+This flag will cause the same replacement attempt on failure as with `--replace-on-error`. In addition, it will fallback
+to a delete+recreate operation in case the replace also fails.
+
+Please note that this is a potentially risky operation, especially when an object carries some kind of important state.
+
+### --abort-on-error
+kluctl does not abort a command when an individual object fails can not be updated. It collects all errors and warnings
+and outputs them instead. This option modifies the behaviour to immediately abort the command.
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
new file mode 100644
index 000000000..3af235dd6
--- /dev/null
+++ b/docs/reference/commands/diff.md
@@ -0,0 +1,50 @@
+---
+title: "diff"
+linkTitle: "diff"
+weight: 10
+description: >
+    diff command
+---
+
+## Command
+<!-- BEGIN SECTION "diff" "Usage" false -->
+Usage: kluctl diff [flags]
+
+Perform a diff between the locally rendered target and the already deployed target
+The output is by default in human readable form (a table combined with unified diffs).
+The output can also be changed to output a yaml file. Please note however that the format
+is currently not documented and prone to changes.
+After the diff is performed, the command will also search for prunable objects and list them.
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "diff" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --force-apply                 Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
+                                    documentation for more details.
+      --ignore-annotations          Ignores changes in annotations when diffing
+      --ignore-labels               Ignores changes in labels when diffing
+      --ignore-tags                 Ignores changes in tags when diffing
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --replace-on-error            When patching an object fails, try to replace it. See documentation for more
+                                    details.
+
+```
+<!-- END SECTION -->
+
+`--force-apply` and `--replace-on-error` have the same meaning as in [deploy](#deploy).
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
new file mode 100644
index 000000000..15b7f003c
--- /dev/null
+++ b/docs/reference/commands/environment-variables.md
@@ -0,0 +1,23 @@
+---
+title: "Environment Variables"
+linkTitle: "Environment Variables"
+weight: 2
+description: >
+    Controlling Kluctl via environment variables
+---
+
+In addition to arguments, Kluctl can be controlled via a set of environment variables.
+
+## Environment variables as arguments
+All options/arguments accepted by kluctl can also be specified via environment variables. The name of the environment
+variables always start with `KLUCTL_` and end with the option/argument in uppercase and dashes replaced with
+underscores. As an example, `--project-url=my-project` can also be specified with the environment variable
+`KLUCTL_PROJECT_URL=my-project`.
+
+## Additional environment variables
+A few additional environment variables are supported which do not belong to an option/argument. These are:
+
+1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries]({{< ref "docs/reference/deployments/images#supported-image-registries-and-authentication" >}}) for details.
+2. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
+3. `KLUCTL_NO_THREADS`. Do not use multithreading while performing work. This is only useful for debugging purposes.
+4. `KLUCTL_IGNORE_DEBUGGER`. Pretend that there is no debugger attached when automatically deciding if multi-threading should be enabled or not.
diff --git a/docs/reference/commands/helm-pull.md b/docs/reference/commands/helm-pull.md
new file mode 100644
index 000000000..576324be4
--- /dev/null
+++ b/docs/reference/commands/helm-pull.md
@@ -0,0 +1,24 @@
+---
+title: "helm-pull"
+linkTitle: "helm-pull"
+weight: 10
+description: >
+    helm-pull command
+---
+
+## Command
+<!-- BEGIN SECTION "helm-pull" "Usage" false -->
+Usage: kluctl helm-pull [flags]
+
+Recursively searches for 'helm-chart.yaml' files and pulls the specified Helm charts
+The Helm charts are stored under the sub-directory 'charts/<chart-name>' next to the
+'helm-chart.yaml'. These Helm charts are meant to be added to version control so that
+pulling is only needed when really required (e.g. when the chart version changes).
+
+<!-- END SECTION -->
+
+See [helm-integration]({{< ref "docs/reference/deployments/helm">}}) for more details.
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
diff --git a/docs/reference/commands/helm-update.md b/docs/reference/commands/helm-update.md
new file mode 100644
index 000000000..a9e71f641
--- /dev/null
+++ b/docs/reference/commands/helm-update.md
@@ -0,0 +1,45 @@
+---
+title: "helm-update"
+linkTitle: "helm-update"
+weight: 10
+description: >
+    helm-update command
+---
+
+## Command
+<!-- BEGIN SECTION "helm-update" "Usage" false -->
+Usage: kluctl helm-update [flags]
+
+Recursively searches for 'helm-chart.yaml' files and checks for new available versions
+Optionally performs the actual upgrade and/or add a commit to version control.
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "helm-update" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --commit                                 Create a git commit for every updated chart
+      --insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                               --insecure-skip-tls-verify=<credentialsId>, where <credentialsId>
+                                               must match the id specified in the helm-chart.yaml.
+      --key-file stringArray                   Specify client certificate to use for Helm Repository
+                                               authentication. Must be in the form
+                                               --key-file=<credentialsId>:<path>, where <credentialsId> must match
+                                               the id specified in the helm-chart.yaml.
+      --password stringArray                   Specify password to use for Helm Repository authentication. Must be
+                                               in the form --password=<credentialsId>:<password>, where
+                                               <credentialsId> must match the id specified in the helm-chart.yaml.
+      --upgrade                                Write new versions into helm-chart.yaml and perform helm-pull afterwards
+      --username stringArray                   Specify username to use for Helm Repository authentication. Must be
+                                               in the form --username=<credentialsId>:<username>, where
+                                               <credentialsId> must match the id specified in the helm-chart.yaml.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
new file mode 100644
index 000000000..cf56b6af1
--- /dev/null
+++ b/docs/reference/commands/list-images.md
@@ -0,0 +1,39 @@
+---
+title: "list-images"
+linkTitle: "list-images"
+weight: 10
+description: >
+    list-images command
+---
+
+## Command
+<!-- BEGIN SECTION "list-images" "Usage" false -->
+Usage: kluctl list-images [flags]
+
+Renders the target and outputs all images used via 'images.get_image(...)
+The result is a compatible with yaml files expected by --fixed-images-file.
+
+If fixed images ('-f/--fixed-image') are provided, these are also taken into account,
+as described in for the deploy command.
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "list-images" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+  -o, --output stringArray         Specify output target file. Can be specified multiple times
+      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
+                                   temporary directory is used.
+      --simple                     Output a simplified version of the images list
+
+```
+<!-- END SECTION -->
diff --git a/docs/reference/commands/list-targets.md b/docs/reference/commands/list-targets.md
new file mode 100644
index 000000000..3ef135116
--- /dev/null
+++ b/docs/reference/commands/list-targets.md
@@ -0,0 +1,28 @@
+---
+title: "list-targets"
+linkTitle: "list-targets"
+weight: 10
+description: >
+    list-targets command
+---
+
+## Command
+<!-- BEGIN SECTION "list-targets" "Usage" false -->
+Usage: kluctl list-targets [flags]
+
+Outputs a yaml list with all target, including dynamic targets
+Outputs a yaml list with all target, including dynamic targets
+
+<!-- END SECTION -->
+
+## Arguments
+The following arguments are available:
+<!-- BEGIN SECTION "list-targets" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+  -o, --output stringArray   Specify output target file. Can be specified multiple times
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
new file mode 100644
index 000000000..2a0aa64f2
--- /dev/null
+++ b/docs/reference/commands/poke-images.md
@@ -0,0 +1,41 @@
+---
+title: "poke-images"
+linkTitle: "poke-images"
+weight: 10
+description: >
+    poke-images command
+---
+
+## Command
+<!-- BEGIN SECTION "poke-images" "Usage" false -->
+Usage: kluctl poke-images [flags]
+
+Replace all images in target
+This command will fully render the target and then only replace images instead of fully
+deploying the target. Only images used in combination with 'images.get_image(...)' are
+replaced
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "poke-images" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
new file mode 100644
index 000000000..f019404ac
--- /dev/null
+++ b/docs/reference/commands/prune.md
@@ -0,0 +1,39 @@
+---
+title: "prune"
+linkTitle: "prune"
+weight: 10
+description: >
+    prune command
+---
+
+## Command
+<!-- BEGIN SECTION "prune" "Usage" false -->
+Usage: kluctl prune [flags]
+
+Searches the target cluster for prunable objects and deletes them
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "prune" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+
+```
+<!-- END SECTION -->
+
+They have the same meaning as described in [deploy](#deploy).
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
new file mode 100644
index 000000000..f4869433b
--- /dev/null
+++ b/docs/reference/commands/render.md
@@ -0,0 +1,37 @@
+---
+title: "render"
+linkTitle: "render"
+weight: 10
+description: >
+    render command
+---
+
+## Command
+<!-- BEGIN SECTION "render" "Usage" false -->
+Usage: kluctl render [flags]
+
+Renders all resources and configuration files
+Renders all resources and configuration files and stores the result in either
+a temporary directory or a specified directory.
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "render" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --offline-kubernetes         Run render in offline mode, meaning that it will not try to connect the target
+                                   cluster
+      --print-all                  Write all rendered manifests to stdout
+      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
+                                   temporary directory is used.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/seal.md b/docs/reference/commands/seal.md
new file mode 100644
index 000000000..e87b720eb
--- /dev/null
+++ b/docs/reference/commands/seal.md
@@ -0,0 +1,42 @@
+---
+title: "seal"
+linkTitle: "seal"
+weight: 10
+description: >
+    seal command
+---
+
+## Command
+<!-- BEGIN SECTION "seal" "Usage" false -->
+Usage: kluctl seal [flags]
+
+Seal secrets based on target's sealingConfig
+Loads all secrets from the specified secrets sets from the target's sealingConfig and
+then renders the target, including all files with the '.sealme' extension. Then runs
+kubeseal on each '.sealme' file and stores secrets in the directory specified by
+'--local-sealed-secrets', using the outputPattern from your deployment project.
+
+If no '--target' is specified, sealing is performed for all targets.
+
+<!-- END SECTION -->
+
+See [sealed-secrets]({{< ref "docs/reference/sealed-secrets">}}) for more details.
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "seal" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --cert-file string     Use the given certificate for sealing instead of requesting it from the
+                             sealed-secrets controller
+      --force-reseal         Lets kluctl ignore secret hashes found in already sealed secrets and thus forces
+                             resealing of those.
+      --offline-kubernetes   Run seal in offline mode, meaning that it will not try to connect the target cluster
+
+```
+<!-- END SECTION -->
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
new file mode 100644
index 000000000..d27b9f59d
--- /dev/null
+++ b/docs/reference/commands/validate.md
@@ -0,0 +1,39 @@
+---
+title: "validate"
+linkTitle: "validate"
+weight: 10
+description: >
+    validate command
+---
+
+## Command
+<!-- BEGIN SECTION "validate" "Usage" false -->
+Usage: kluctl validate [flags]
+
+Validates the already deployed deployment
+This means that all objects are retrieved from the cluster and checked for readiness.
+
+TODO: This needs to be better documented!
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
+1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "validate" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+  -o, --output stringArray         Specify output target file. Can be specified multiple times
+      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
+                                   temporary directory is used.
+      --sleep duration             Sleep duration between validation attempts (default 5s)
+      --wait duration              Wait for the given amount of time until the deployment validates
+      --warnings-as-errors         Consider warnings as failures
+
+```
+<!-- END SECTION -->
diff --git a/docs/reference/deployments/_index.md b/docs/reference/deployments/_index.md
new file mode 100644
index 000000000..de97255a3
--- /dev/null
+++ b/docs/reference/deployments/_index.md
@@ -0,0 +1,62 @@
+---
+title: "Deployments"
+linkTitle: "Deployments"
+weight: 2
+description: >
+    Deployments and sub-deployments.
+---
+
+A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
+[Kustomize]({{< ref "./kustomize" >}}) deployments, but can also integrate [Helm Charts]({{< ref "./helm" >}}).
+
+## Basic structure
+
+The following visualization shows the basic structure of a deployment project. The entry point of every deployment
+project is the `deployment.yaml` file, which then includes further sub-deployments and kustomize deployments. It also
+provides some additional configuration required for multiple kluctl features to work as expected.
+
+As can be seen, sub-deployments can include other sub-deployments, allowing you to structure the deployment project
+as you need.
+
+Each level in this structure recursively adds [tags]({{< ref "./tags" >}}) to each deployed resources, allowing you to control
+precisely what is deployed in the future.
+
+Some visualized files/directories have links attached, follow them to get more information.
+
+<pre>
+-- project-dir/
+   |-- <a href="{{< ref "./deployment-yml" >}}">deployment.yaml</a>
+   |-- .gitignore
+   |-- kustomize-deployment1/
+   |   |-- kustomization.yaml
+   |   `-- resource.yaml
+   |-- sub-deployment/
+   |   |-- deployment.yaml
+   |   |-- kustomize-deployment2/
+   |   |   |-- kustomization.yaml
+   |   |   |-- resource1.yaml
+   |   |   `-- ...
+   |   |-- kustomize-deployment3/
+   |   |   |-- kustomization.yaml
+   |   |   |-- resource1.yaml
+   |   |   |-- resource2.yaml
+   |   |   |-- patch1.yaml
+   |   |   `-- ...
+   |   |-- <a href="{{< ref "./helm" >}}">kustomize-with-helm-deployment/</a>
+   |   |   |-- charts/
+   |   |   |   `-- ...
+   |   |   |-- kustomization.yaml
+   |   |   |-- helm-chart.yaml
+   |   |   `-- helm-values.yaml
+   |   `-- subsub-deployment/
+   |       |-- deployment.yaml
+   |       |-- ... kustomize deployments
+   |       `-- ... subsubsub deployments
+   `-- sub-deployment/
+       `-- ...
+</pre>
+
+## Order of deployments
+Deployments are done in parallel, meaning that there are usually no order guarantees. The only way to somehow control
+order, is by placing [barriers]({{< ref "./deployment-yml#barriers" >}}) between kustomize deployments.
+You should however not overuse barriers, as they negatively impact the speed of kluctl.
diff --git a/docs/reference/deployments/annotations/_index.md b/docs/reference/deployments/annotations/_index.md
new file mode 100644
index 000000000..a4187a3e9
--- /dev/null
+++ b/docs/reference/deployments/annotations/_index.md
@@ -0,0 +1,7 @@
+---
+title: "Annotations"
+linkTitle: "Annotations"
+weight: 10
+description: >
+    Annotations usable in Kubernetes resources.
+---
diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
new file mode 100644
index 000000000..c77c2604f
--- /dev/null
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -0,0 +1,91 @@
+---
+title: "All resources"
+linkTitle: "All resources"
+weight: 1
+description: >
+  Annotations on all resources
+---
+
+The following annotations control the behavior of the `deploy` and related commands.
+
+## Control deploy behavior
+
+The following annotations control deploy behavior, especially in regard to conflict resolution.
+
+### kluctl.io/delete
+If set to "true", the resource will be deleted at deployment time. Kluctl will not emit an error in case the resource
+does not exist. A resource with this annotation does not have to be complete/valid as it is never sent to the Kubernetes
+api server.
+
+### kluctl.io/force-apply
+If set to "true", the whole resource will be force-applied, meaning that all fields will be overwritten in case of
+field manager conflicts.
+
+### kluctl.io/force-apply-field
+Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be force-applied. Matching
+fields will be overwritten in case of field manager conflicts.
+
+If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
+
+## Control deletion/pruning
+
+The following annotations control how delete/prune is behaving.
+
+### kluctl.io/skip-delete
+If set to "true", the annotated resource will not be deleted when [delete]({{< ref "docs/reference/commands/delete" >}}) or
+[prune]({{< ref "docs/reference/commands/prune" >}}) is called.
+
+### kluctl.io/skip-delete-if-tags
+If set to "true", the annotated resource will not be deleted when [delete]({{< ref "docs/reference/commands/delete" >}}) or
+[prune]({{< ref "docs/reference/commands/prune" >}}) is called and inclusion/exclusion tags are used at the same time.
+
+This tag is especially useful and required on resources that would otherwise cause cascaded deletions of resources that
+do not match the specified inclusion/exclusion tags. Namespaces are the most prominent example of such resources, as
+they most likely don't match exclusion tags, but cascaded deletion would still cause deletion of the excluded resources.
+
+## Control diff behavior
+
+The following annotations control how diffs are performed.
+
+### kluctl.io/diff-name
+This annotation will override the name of the object when looking for the in-cluster version of an object used for
+diffs. This is useful when you are forced to use new names for the same objects whenever the content changes, e.g.
+for all kinds of immutable resource types.
+
+Example (filename job.yaml):
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: myjob-{{ load_sha256("job.yaml", 6) }}
+  annotations:
+    kluctl.io/diff-name: myjob
+spec:
+  template:
+    spec:
+      containers:
+      - name: hello
+        image: busybox
+        command: ["sh",  "-c", "echo hello"]
+      restartPolicy: Never
+```
+
+Without the `kluctl.io/diff-name` annotation, any change to the `job.yaml` would be treated as a new object in resulting
+diffs from various commands. This is due to the inclusion of the file hash in the job name. This would make it very hard
+to figure out what exactly changed in an object.
+
+With the `kluctl.io/diff-name` annotation, kluctl will pick an existing job from the cluster with the same diff-name
+and use it for the diff, making it a lot easier to analyze changes. If multiple objects match, the one with the youngest
+`creationTimestamp` is chosen.
+
+Please note that this will not cause old objects (with the same diff-name) to be prunes. You still have to regularely
+prune the deployment.
+
+### kluctl.io/ignore-diff
+If set to "true", the whole resource will be ignored while calculating diffs.
+
+### kluctl.io/ignore-diff-field
+Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be ignored while calculating
+diffs.
+
+If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
diff --git a/docs/reference/deployments/annotations/hooks.md b/docs/reference/deployments/annotations/hooks.md
new file mode 100644
index 000000000..c937cc95e
--- /dev/null
+++ b/docs/reference/deployments/annotations/hooks.md
@@ -0,0 +1,23 @@
+---
+title: "Hooks"
+linkTitle: "Hooks"
+weight: 2
+description: >
+  Annotations on hooks
+---
+The following annotations control hook execution
+
+See [hooks]({{< ref "docs/reference/deployments/hooks" >}}) for more details.
+
+### kluctl.io/hook
+Declares a resource to be a hook, which is deployed/executed as described in [hooks]({{< ref "docs/reference/deployments/hooks" >}}). The value of the
+annotation determines when the hook is deployed/executed.
+
+### kluctl.io/hook-weight
+Specifies a weight for the hook, used to determine deployment/execution order.
+
+### kluctl.io/hook-delete-policy
+Defines when to delete the hook resource.
+
+### kluctl.io/hook-wait
+Defines whether kluctl should wait for hook-completion.
diff --git a/docs/reference/deployments/annotations/kustomization.md b/docs/reference/deployments/annotations/kustomization.md
new file mode 100644
index 000000000..8c2f98e0d
--- /dev/null
+++ b/docs/reference/deployments/annotations/kustomization.md
@@ -0,0 +1,33 @@
+---
+title: "Kustomize"
+linkTitle: "Kustomize"
+weight: 4
+description: >
+  Annotations on the kustomization.yaml resource
+---
+
+Even though the `kustomization.yaml` from Kustomize deployments are not really Kubernetes resources (as they are not
+really deployed), they have the same structure as Kubernetes resources. This also means that the `kustomization.yaml`
+can define metadata and annotations. Through these annotations, additional behavior on the deployment can be controlled.
+
+Example:
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  annotations:
+    kluctl.io/barrier: "true"
+    kluctl.io/wait-readiness: "true"
+
+resources:
+  - deployment.yaml
+```
+
+### kluctl.io/barrier
+If set to `true`, kluctl will wait for all previous objects to be applied (but not necessarily ready). This has the
+same effect as [barrier]({{< ref "docs/reference/deployments#barriers" >}}) from deployment projects.
+
+### kluctl.io/wait-readiness
+If set to `true`, kluctl will wait for readiness of all objects from this kustomization project. Readiness is defined
+the same as in [hook readiness]({{< ref "docs/reference/deployments/readiness" >}}).
diff --git a/docs/reference/deployments/annotations/validation.md b/docs/reference/deployments/annotations/validation.md
new file mode 100644
index 000000000..df528c164
--- /dev/null
+++ b/docs/reference/deployments/annotations/validation.md
@@ -0,0 +1,16 @@
+---
+title: "Validation"
+linkTitle: "Validation"
+weight: 3
+description: >
+    Annotations to control validation
+---
+
+The following annotations influence the [validate]({{< ref "docs/reference/commands/validate" >}}) command.
+
+### validate-result.kluctl.io/xxx
+If this annotation is found on a resource that is checked while validation, the key and the value of the annotation
+are added to the validation result, which is then returned by the validate command.
+
+The annotation key is dynamic, meaning that all annotations that begin with `validate-result.kluctl.io/` are taken
+into account.
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
new file mode 100644
index 000000000..bb22bac01
--- /dev/null
+++ b/docs/reference/deployments/deployment-yml.md
@@ -0,0 +1,306 @@
+---
+title: "deployment.yaml"
+linkTitle: "deployment.yaml"
+weight: 1
+description: >
+    Structure of deployment.yaml.
+---
+
+The `deployment.yaml` file is the entrypoint for the deployment project. Included sub-deployments also provide a
+`deployment.yaml` file with the same structure as the initial one.
+
+An example `deployment.yaml` looks like this:
+```yaml
+sealedSecrets:
+  outputPattern: "{{ cluster.name }}/{{ args.environment }}"
+
+deployments:
+- path: nginx
+- path: my-app
+- include: monitoring
+
+commonLabels:
+  my.prefix/target: "{{ target.name }}"
+  my.prefix/deployment-project: my-deployment-project
+
+args:
+- name: environment
+```
+
+The following sub-chapters describe the available fields in the `deployment.yaml`
+
+## sealedSecrets
+`sealedSecrets` configures how sealed secrets are stored while sealing and located while rendering.
+See [Sealed Secrets]({{< ref "docs/reference/sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets" >}})
+for details.
+
+## deployments
+
+`deployments` is a list of deployment items. Multiple deployment types are supported, which is documented further down.
+Individual deployments are performed in parallel, unless a [barrier](#barriers) is encountered which causes kluctl to
+wait for all previous deployments to finish.
+
+### Kustomize deployments
+
+Specifies a [kustomize](https://kustomize.io/) deployment.
+Please see [Kustomize integration]({{< ref "./kustomize" >}}) for more details.
+
+Example:
+```yaml
+deployments:
+- path: path/to/deployment1
+- path: path/to/deployment2
+  waitReadiness: true
+```
+
+The `path` must point to a directory relative to the directory containing the `deployment.yaml`. Only directories
+that are part of the kluctl project are allowed. The directory must contain a valid `kustomization.yaml`.
+
+`waitReadiness` is optional and if set to `true` instructs kluctl to wait for readiness of each individual object
+of the kustomize deployment. Readiness is defined in [readiness]({{< ref "./readiness" >}}).
+
+### Includes
+
+Specifies a sub-deployment project to be included. The included sub-deployment project will inherit many properties
+of the parent project, e.g. tags, commonLabels and so on.
+
+Example:
+```yaml
+deployments:
+- include: path/to/sub-deployment
+```
+
+The `path` must point to a directory relative to the directory containing the `deployment.yaml`. Only directories
+that are part of the kluctl project are allowed. The directory must contain a valid `deployment.yaml`.
+
+### Git includes
+
+Specifies an external git project to be included. The project is included the same way with regular includes, except
+that the included project can not use/load templates from the parent project. An included project might also include
+further git projects.
+
+Simple example:
+```yaml
+deployments:
+- git: git@github.com/example/example.git
+```
+
+This will clone the git repository at `git@github.com/example/example.git`, checkout the default branch and include it
+into the current project.
+
+Advanced Example:
+```yaml
+deployments:
+- git:
+    url: git@github.com/example/example.git
+    ref: my-branch
+    subDir: some/sub/dir
+```
+
+The url specifies the Git url to be cloned and checked out. `ref` is optional and specifies the branch or tag to be used.
+If `ref` is omitted, the default branch will be checked out. `subDir` is optional and specifies the sub directory inside
+the git repository to include.
+
+### Barriers
+Causes kluctl to wait until all previous kustomize deployments have been applied. This is useful when
+upcoming deployments need the current or previous deployments to be finished beforehand. Previous deployments also
+include all sub-deployments from included deployments.
+
+Example:
+```yaml
+deployments:
+- path: kustomizeDeployment1
+- path: kustomizeDeployment2
+- include: subDeployment1
+- barrier: true
+# At this point, it's ensured that kustomizeDeployment1, kustomizeDeployment2 and all sub-deployments from
+# subDeployment1 are fully deployed.
+- path: kustomizeDeployment3
+```
+
+## deployments common properties
+All entries in `deployments` can have the following common properties:
+
+### vars (deployment item)
+A list of variable sets to be loaded into the templating context, which is then available in all [deployment items](#deployments)
+and [sub-deployments](#includes).
+
+See [templating]({{< ref "docs/reference/templating#vars-from-deploymentyaml" >}}) for more details.
+
+Example:
+```yaml
+deployments:
+- path: kustomizeDeployment1
+  vars:
+    - file: vars1.yaml
+    - values:
+        var1: value1
+- path: kustomizeDeployment2
+# all sub-deployments of this include will have the given variables available in their Jinj2 context.
+- include: subDeployment1
+  vars:
+    - file: vars2.yaml
+```
+
+### tags (deployment item)
+A list of tags the deployment should have. See [tags]({{< ref "./tags" >}}) for more details. For includes, this means that all
+sub-deployments will get these tags applied to. If not specified, the default tags logic as described in [tags]({{< ref "./tags" >}})
+is applied.
+
+Example:
+
+```yaml
+deployments:
+- path: kustomizeDeployment1
+  tags:
+    - tag1
+    - tag2
+- path: kustomizeDeployment2
+  tags:
+    - tag3
+# all sub-deployments of this include will get tag4 applied
+- include: subDeployment1
+  tags:
+    - tag4
+```
+
+### alwaysDeploy
+Forces a deployment to be included everytime, ignoring inclusion/exclusion sets from the command line.
+See [Deploying with tag inclusion/exclusion]({{< ref "./tags#deploying-with-tag-inclusionexclusion" >}}) for details.
+
+```yaml
+deployments:
+- path: kustomizeDeployment1
+  alwaysDeploy: true
+- path: kustomizeDeployment2
+```
+
+### skipDeleteIfTags
+Forces exclusion of a deployment whenever inclusion/exclusion tags are specified via command line.
+See [Deleting with tag inclusion/exclusion]({{< ref "./tags#deploying-with-tag-inclusionexclusion" >}}) for details.
+
+```yaml
+deployments:
+- path: kustomizeDeployment1
+  skipDeleteIfTags: true
+- path: kustomizeDeployment2
+```
+
+## vars (deployment project)
+A list of variable sets to be loaded into the templating context, which is then available in all [deployment items](#deployments)
+and [sub-deployments](#includes).
+
+See [templating]({{< ref "docs/reference/templating#vars-from-deploymentyaml" >}}) for more details.
+
+## commonLabels
+A dictionary of [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and values to be
+added to all resources deployed by any of the kustomize deployments in this deployment project.
+
+This feature is mainly meant to make it possible to identify all objects in a kubernetes cluster that were once deployed
+through a specific deployment project.
+
+Consider the following example `deployment.yaml`:
+```yaml
+deployments:
+  - path: nginx
+  - include: sub-deployment1
+
+commonLabels:
+  my.prefix/target: {{ target.name }}
+  my.prefix/deployment-name: my-deployment-project-name
+  my.prefix/label-1: value-1
+  my.prefix/label-2: value-2
+```
+
+Every resource deployed by the kustomize deployment `nginx` will now get the two provided labels attached. All included
+sub-deployment projects (e.g. `sub-deployment1`) will also recursively inherit these labels and pass them to further
+down.
+
+In case an included sub-deployment project also contains `commonLabels`, both dictionaries of common labels are merged
+inside the included sub-deployment project. In case of conflicts, the included common labels override the inherited.
+
+The root deployment's `commonLabels` is also used to identify objects to be deleted when performing `kluctl delete`
+or `kluctl prune` operations
+
+Please note that these `commonLabels` are not related to `commonLabels` supported in `kustomization.yaml` files. It was
+decided to not rely on this feature but instead attach labels manually to resources right before sending them to
+kubernetes. This is due to an [implementation detail](https://github.com/kubernetes-sigs/kustomize/issues/1009) in
+kustomize which causes `commonLabels` to also be applied to label selectors, which makes otherwise editable resources
+read-only when it comes to `commonLabels`.
+
+## overrideNamespace
+A string that is used as the default namespace for all kustomize deployments which don't have a `namespace` set in their
+`kustomization.yaml`.
+
+## tags (deployment project)
+A list of common tags which are applied to all kustomize deployments and sub-deployment includes.
+
+See [tags]({{< ref "./tags" >}}) for more details.
+
+## args
+A list of arguments that can or must be passed to most kluctl operations. Each of these arguments is then available
+in templating via the global `args` object. Only the root `deployment.yaml` can contain such argument definitions.
+
+An example looks like this:
+```yaml
+deployments:
+  - path: nginx
+
+args:
+  - name: environment
+  - name: enable_debug
+    default: false
+  - name: complex_arg
+    default:
+      my:
+        nested1: arg1
+        nested2: arg2
+```
+
+These arguments can then be used in templating, e.g. by using `{{ args.environment }}`.
+
+When calling kluctl, most of the commands will then require you to specify at least `-a environment=xxx` and optionally
+`-a enable_debug=true`
+
+The following sub chapters describe the fields for argument entries.
+
+### name
+The name of the argument.
+
+### default
+If specified, the argument becomes optional and will use the given value as default when not specified.
+
+The default value can be an arbitrary yaml value, meaning that it can also be a nested dictionary. In that case, passing
+args in nested form will only set the nested value. With the above example of `complex_arg`, running:
+
+```
+kluctl deploy -t my-target -a my.nested1=override`
+```
+
+will only modify the value below `my.nested1` and keep the value of `my.nested2`.
+
+## ignoreForDiff
+
+A list of objects and fields to ignore while performing diffs. Consider the following example:
+
+```yaml
+deployments:
+  - ...
+
+ignoreForDiff:
+  - group: apps
+    kind: Deployment
+    namespace: my-namespace
+    name: my-deployment
+    fieldPath: spec.replicas
+```
+
+This will remove the `spec.replicas` field from every resource that matches the object.
+`group`, `kind`, `namespace` and `name` can be omitted, which results in all objects matching. `fieldPath` must be a
+valid [JSON Path](https://goessner.net/articles/JsonPath/). `fieldPath` may also be a list of JSON paths.
+
+The JSON Path implementation used in kluctl has extended support for wildcards in field
+names, allowing you to also specify paths like `metadata.labels.my-prefix-*`.
+
+As an alternative, [annotations]({{< ref "./annotations/all-resources#control-diff-behavior" >}}) can be used to control
+diff behavior of individual resources.
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
new file mode 100644
index 000000000..0bc1733d9
--- /dev/null
+++ b/docs/reference/deployments/helm.md
@@ -0,0 +1,174 @@
+---
+title: "Helm Integration"
+linkTitle: "Helm Integration"
+weight: 3
+description: >
+    How Helm is integrated into Kluctl.
+---
+
+kluctl offers a simple-to-use Helm integration, which allows you to reuse many common third-party Helm Charts.
+
+The integration is split into 2 parts/steps/layers. The first is the management and pulling of the Helm Charts, while
+the second part handles configuration/customization and deployment of the chart.
+
+Pulled Helm Charts are meant to be added to version control to ensure proper speed and consistency.
+
+## How it works
+
+Helm charts are not directly deployed via Helm. Instead, kluctl renders the Helm Chart into a single file and then
+hands over the rendered yaml to [kustomize](https://kustomize.io/). Rendering is done in combination with a provided
+`helm-values.yaml`, which contains the necessary values to configure the Helm Chart.
+
+The resulting rendered yaml is then referred by your `kustomization.yaml`, from which point on the
+[kustomize integration]({{< ref "docs/reference/sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets" >}}) 
+takes over. This means, that you can perform all desired customization (patches, namespace override, ...) as if you
+provided your own resources via yaml files.
+
+### Helm hooks
+
+[Helm Hooks](https://helm.sh/docs/topics/charts_hooks/) are implemented by mapping them 
+to [kluctl hooks]({{< ref "./hooks" >}}), based on the following mapping table:
+
+| Helm hook     | kluctl hook         |
+|---------------|---------------------|
+| pre-install   | pre-deploy-initial  |
+| post-install  | post-deploy-initial |
+| pre-delete    | Not supported       |
+| post-delete   | Not supported       |
+| pre-upgrade   | pre-deploy-upgrade  |
+| post-upgrade  | post-deploy-upgrade |
+| pre-rollback  | Not supported       |
+| post-rollback | Not supported       |
+| test          | Not supported       |
+
+Please note that this is a best effort approach and not 100% compatible to how Helm would run hooks.
+
+## helm-chart.yaml
+
+The `helm-chart.yaml` defines where to get the chart from, which version should be pulled, the rendered output file name,
+and a few more Helm options. After this file is added to your project, you need to invoke the `helm-pull` command
+to pull the Helm Chart into your local project. It is advised to put the pulled Helm Chart into version control, so
+that deployments will always be based on the exact same Chart (Helm does not guarantee this when pulling).
+
+Example `helm-chart.yaml`:
+
+```yaml
+helmChart:
+  repo: https://charts.bitnami.com/bitnami
+  chartName: redis
+  chartVersion: 12.1.1
+  skipUpdate: false
+  releaseName: redis-cache
+  namespace: "{{ my.jinja2.var }}"
+  output: helm-rendered.yaml # this is optional
+```
+
+When running the `helm-pull` command, it will search for all `helm-chart.yaml` files in your project and then pull the
+chart from the specified repository with the specified version. The pull chart will then be located in the sub-directory
+`charts` below the same directory as the `helm-chart.yaml`
+
+The same filename that was specified in `output` must then be referred in a `kustomization.yaml` as a normal local
+resource. If `output` is omitted, the default value `helm-rendered.yaml` is used and must also be referenced in
+`kustomization.yaml`.
+
+`helmChart` inside `helm-chart.yaml` supports the following fields:
+
+### repo
+The url to the Helm repository where the Helm Chart is located. You can use hub.helm.sh to search for repositories and
+charts and then use the repos found there.
+
+oci based repositories are also supported, for example:
+```yaml
+helmChart:
+  repo: oci://r.myreg.io/mycharts/pepper
+  chartName: pepper
+  chartVersion: 1.2.3
+  releaseName: pepper
+  namespace: pepper
+```
+
+### chartName
+The name of the chart that can be found in the repository.
+
+### chartVersion
+The version of the chart.
+
+### skipUpdate
+Skip this Helm Chart when the [helm-update]({{< ref "docs/reference/commands/helm-update" >}}) command is called.
+If omitted, defaults to `false`.
+
+### releaseName
+The name of the Helm Release.
+
+### namespace
+The namespace that this Helm Chart is going to be deployed to. Please note that this should match the namespace
+that you're actually deploying the kustomize deployment to. This means, that either `namespace` in `kustomization.yaml`
+or `overrideNamespace` in `deployment.yaml` should match the namespace given here. The namespace should also be existing
+already at the point in time when the kustomize deployment is deployed.
+
+### output
+This is the file name into which the Helm Chart is rendered into. Your `kustomization.yaml` should include this same
+file. The file should not be existing in your project, as it is created on-the-fly while deploying.
+
+### skipCRDs
+If set to `true`, kluctl will pass `--skip-crds` to Helm when rendering the deployment. If set to `false` (which is
+the default), kluctl will pass `--include-crds` to Helm.
+
+## helm-values.yaml
+This file should be present when you need to pass custom Helm Value to Helm while rendering the deployment. Please
+read the documentation of the used Helm Charts for details on what is supported.
+
+## Updates to helm-charts
+In case a Helm Chart needs to be updated, you can either do this manually by replacing the [chartVersion](#chartversion)
+value in `helm-chart.yaml` and the calling the [helm-pull]({{< ref "docs/reference/commands/helm-pull" >}}) command or by simply invoking
+[helm-update]({{< ref "docs/reference/commands/helm-update" >}}) with `--upgrade` and/or `--commit` being set.
+
+## Private Chart Repositories
+It is also possible to use private chart repositories. There are currently two options to provide Helm Repository
+credentials to Kluctl.
+
+### Use `helm repo add --username xxx --password xxx` before
+Kluctl will try to find known repositories that are managed by the Helm CLI and then try to reuse the credentials of
+these. The repositories are identified by the URL of the repository, so it doesn't matter what name you used when you
+added the repository to Helm. The same method can be used for client certificate based authentication (`--key-file`
+in `helm repo add`).
+
+### Use the --username/--password arguments in `kluctl helm-pull`
+See the [helm-pull command]({{< ref "docs/reference/commands/helm-pull" >}}). You can control repository credentials
+via `--username`, `--password` and `--key-file`. Each argument must be in the form `credentialsId:value`, where
+the `credentialsId` must match the id specified in the `helm-chart.yaml`. Example:
+
+```yaml
+helmChart:
+  repo: https://raw.githubusercontent.com/example/private-helm-repo/main/
+  credentialsId: private-helm-repo
+  chartName: my-chart
+  chartVersion: 1.2.3
+  releaseName: my-chart
+  namespace: default
+```
+
+When credentialsId is specified, Kluctl will require you to specify `--username=private-helm-repo:my-username` and
+`--password=private-helm-repo:my-password`. You can also specify a client-side certificate instead via
+`--key-file=private-helm-repo:/path/to/cert`.
+
+Multiple Helm Charts can use the same `credentialsId`.
+
+Environment variables can also be used instead of arguments. See
+[Environment Variables]({{< ref "docs/reference/commands/environment-variables" >}}) for details.
+
+## Templating
+
+Both `helm-chart.yaml` and `helm-values.yaml` are rendered by the [templating engine]({{< ref "docs/reference/templating" >}}) before they
+are actually used. This means, that you can use all available Jinja2 variables at that point, which can for example be
+seen in the above `helm-chart.yaml` example for the namespace.
+
+There is however one exception that leads to a small limitation. When `helm-pull` reads the `helm-chart.yaml`, it does
+NOT render the file via the templating engine. This is because it can not know how to properly render the template as it
+does have no information about targets (there are no `-t` arguments set) at that point.
+
+This exception leads to the limitation that the `helm-chart.yaml` MUST be valid yaml even in case it is not rendered
+via the templating engine. This makes using control statements (if/for/...) impossible in this file. It also makes it
+a requirement to use quotes around values that contain templates (e.g. the namespace in the above example).
+
+`helm-values.yaml` is not subject to these limitations as it is only interpreted while deploying.
diff --git a/docs/reference/deployments/hooks.md b/docs/reference/deployments/hooks.md
new file mode 100644
index 000000000..db83a5a5b
--- /dev/null
+++ b/docs/reference/deployments/hooks.md
@@ -0,0 +1,48 @@
+---
+title: "Hooks"
+linkTitle: "Hooks"
+weight: 4
+description: >
+    Kluctl hooks.
+---
+
+Kluctl supports hooks in a similar fashion as known from Helm Charts. Hooks are executed/deployed before and/or after the
+actual deployment of a kustomize deployment.
+
+To mark a resource as a hook, add the `kluctl.io/hook` annotation to a resource. The value of the annotation must be
+a comma separated list of hook names. Possible value are described in the next chapter.
+
+## Hook types
+
+| Hook Type | Description |
+|---|---|
+| pre-deploy-initial | Executed right before the initial deployment is performed. |
+| post-deploy-initial | Executed right after the initial deployment is performed. |
+| pre-deploy-upgrade | Executed right before a non-initial deployment is performed. |
+| post-deploy-upgrade | Executed right after a non-initial deployment is performed. |
+| pre-deploy | Executed right before any (initial and non-initial) deployment is performed.|
+| post-deploy | Executed right after any (initial and non-initial) deployment is performed. |
+
+A deployment is considered to be an "initial" deployment if none of the resources related to the current kustomize
+deployment are found on the cluster at the time of deployment.
+
+If you need to execute hooks for every deployment, independent of its "initial" state, use
+`pre-deploy-initial,pre-deploy` to indicate that it should be executed all the time.
+
+## Hook deletion
+
+Hook resources are by default deleted right before creation (if they already existed before). This behavior can be
+changed by setting the `kluctl.io/hook-delete-policy` to a comma separated list of the following values:
+
+| Policy | Description |
+|---|---|
+| before-hook-creation | The default behavior, which means that the hook resource is deleted right before (re-)creation. |
+| hook-succeeded | Delete the hook resource directly after it got "ready" |
+| hook-failed | Delete the hook resource when it failed to get "ready" |
+
+## Hook readiness
+
+After each deployment/execution of the hooks that belong to a deployment stage (before/after deployment), kluctl
+waits for the hook resources to become "ready". Readiness is defined [here]({{< ref "./readiness" >}}).
+
+It is possible to disable waiting for hook readiness by setting the annotation `kluctl.io/hook-wait` to "false".
diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
new file mode 100644
index 000000000..3c419381c
--- /dev/null
+++ b/docs/reference/deployments/images.md
@@ -0,0 +1,130 @@
+---
+title: "Container Images"
+linkTitle: "Container Images"
+weight: 3
+description: >
+    Dynamic configuration of container images.
+---
+
+There are usually 2 different scenarios where Container Images need to be specified:
+1. When deploying third party applications like nginx, redis, ... (e.g. via the [Helm integration]({{< ref "./helm" >}})). <br>
+   * In this case, image versions/tags rarely change, and if they do, this is an explicit change to the deployment.
+1. When deploying your own applications. <br>
+   * In this case, image versions/tags might change very rapidly, sometimes multiple times per hour. It would be too much
+     effort and overhead when this would be managed explicitly via your deployment. Even with Jinja2 templating, this
+     would be hard to maintain.
+     
+kluctl offers a better solution for the second case.
+
+## Dynamic versions/tags
+
+kluctl is able to ask the used container registry for a list of tags/versions available for an image. It then can
+sort the list of images via a configurable order and then use the latest image for your deployment.
+
+It however only does this when the involved resource (e.g. a `Deployment` or `StatefulSet`) is not yet deployed. In case
+it is already deployed, the already deployed image will be reused to avoid undesired re-deployment/re-starting of
+otherwise unchanged resources.
+
+## images.get_image()
+
+This is solved via a templating function that is available in all templates/resources. The function is part of the global
+`images` object and expects the following arguments:
+
+`images.get_image(image, latest_version)`
+
+* image
+    * The image location, excluding the tag. Please see [supported image registries](#supported-image-registries-and-authentication) to
+      understand which registries are supported.`
+* latest_version
+    * Configures how tags/versions are sorted and thus how the latest image is determined. Can be:
+        * `version.semver()` <br>
+          Filters and sorts by loose semantic versioning. Versions must start with a number. It allows unlimited
+          `.` inside the version. It treats versions with a suffix as less then versions without a suffix
+          (e.g. 1.0-rc1 < 1.0). Two versions which only differ by suffix are sorted semantically.
+        * `version.prefix(prefix)` <br>
+          Only allows tags with the given prefix and then applies the same logic as images.semver() to whatever
+          follows right after the prefix. You can override the handling of the right part by providing `suffix=xxx`,
+          while `xxx` is another version filter, e.g. `version.prefix("master-", suffix=version.number())
+        * `version.number()` <br>
+          Only allows plain numbers as version numbers sorts them accordingly.
+        * `version.regex(regex)` <br>
+          Only allows versions/tags that match the given regex. Sorting is done the same way as in version.semver(),
+          except that versions do not necessarily need to start with a number.
+
+The mentioned version filters must be specified as strings. For example,
+
+`images.get_version("my-image", "prefix('master-', suffix=number())")`.
+
+If no version_filter is specified, then it defaults to `"semver()"`.
+
+Example deployment:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: c1
+        image: "{{ images.get_image('registry.gitlab.com/my-group/my-project') }}"
+```
+
+## Always using the latest images
+If you want to use the latest image no matter if an older version is already deployed, use the `-u` flag to your 
+`deploy`, `diff` or `list-images` commands.
+
+You can restrict updating to individual images by using `-I/--include-tag`. This is useful when using CI/CD for example,
+where you often want to perform a deployment that only updates a single application/service from your large deployment.
+
+## Fixed images via CLI
+The described `images.get_image` logic however leads to a loosely defined state on your target cluster/environment. This
+might be fine in a CI/CD environment, but might be undesired when deploying to production. In that case, it might be
+desirable to explicitly define which versions need to be deployed.
+
+To achieve this, you can use the `-F FIXED_IMAGE` [argument]({{< ref "docs/reference/commands/common-arguments#image-arguments" >}}).
+`FIXED_IMAGE` must be in the form of `-F image<:namespace:deployment:container>=result`. For example, to pin the image
+`registry.gitlab.com/my-group/my-project` to the tag `1.1.2` you'd have to specify
+`-F registry.gitlab.com/my-group/my-project=registry.gitlab.com/my-group/my-project:1.1.2`.
+
+## Fixed images via a yaml file
+
+As an alternative to specifying each fixed image via CLI (`--fixed-images-file=<file>`), you can also specify a single
+yaml file via CLI which then contains a list of entries that define image/deployment -> imageResult mappings.
+
+An example fixed-images files looks like this:
+
+```yaml
+images:
+  - image: registry.gitlab.com/my-group/my-project
+    resultImage: registry.gitlab.com/my-group/my-project:1.1.0
+  - image: registry.gitlab.com/my-group/my-project2
+    resultImage: registry.gitlab.com/my-group/my-project2:2.0.0
+  - deployment: StatefulSet/my-sts
+    resultImage: registry.gitlab.com/my-group/my-project3:1.0.0
+```
+
+You can also take an existing deployment and export the already deployed image versions into a fixed-images file by
+using the `list-images` command. It will produce a compatible fixed-images file based on the calls to
+`images.get_image` if a deployment would be performed with the given arguments. The result of that call is quite
+expressive, as it contains all the information gathered while images were collected. Use `--simple` to only return
+a list with image -> resultImage mappings.
+
+## Supported image registries and authentication
+All [v2 API](https://docs.docker.com/registry/spec/api/) based image registries are supported, including the Docker Hub,
+Gitlab, and many more. Private registries will need credentials to be setup correctly. This can be done by locally
+logging in via `docker login <registry>` or by specifying the following environment variables:
+
+Simply set the following environment variables to pass credentials to you private repository:
+1. KLUCTL_REGISTRY_HOST=registry.example.com
+2. KLUCTL_REGISTRY_USERNAME=username
+3. KLUCTL_REGISTRY_PASSWORD=password
+
+You can also pass credentials for more registries by adding an index to the environment variables,
+e.g. "KLUCTL_REGISTRY_1_HOST=registry.gitlab.com"
+
+In case your registry uses self-signed TLS certificates, it is currently required to disable TLS verification for these.
+You can do this via `KLUCTL_REGISTRY_TLSVERIFY=1`/`KLUCTL_REGISTRY_<idx>_TLSVERIFY=1` for the corresponding
+`KLUCTL_REGISTRY_HOST`/`KLUCTL_REGISTRY_<idx>_HOST` or by globally disabling it via `KLUCTL_REGISTRY_DEFAULT_TLSVERIFY=1`.
diff --git a/docs/reference/deployments/kustomize.md b/docs/reference/deployments/kustomize.md
new file mode 100644
index 000000000..d2099397c
--- /dev/null
+++ b/docs/reference/deployments/kustomize.md
@@ -0,0 +1,17 @@
+---
+title: "Kustomize Integration"
+linkTitle: "Kustomize Integration"
+weight: 2
+description: >
+    How Kustomize is integrated into Kluctl
+---
+
+kluctl uses [kustomize](https://kustomize.io/) to render final resources. This means, that the finest/lowest
+level in kluctl is represented with kustomize deployments. These kustomize deployments can then perform further
+customization, e.g. patching and more. You can also use kustomize to easily generate ConfigMaps or secrets from files.
+
+Generally, everything is possible via `kustomization.yaml`, is thus possible in kluctl.
+
+We advise to read the kustomize
+[reference](https://kubectl.docs.kubernetes.io/references/kustomize/). You can also look into the official kustomize
+[example](https://github.com/kubernetes-sigs/kustomize/tree/master/examples).
diff --git a/docs/reference/deployments/readiness.md b/docs/reference/deployments/readiness.md
new file mode 100644
index 000000000..4712fc172
--- /dev/null
+++ b/docs/reference/deployments/readiness.md
@@ -0,0 +1,15 @@
+---
+title: "Readiness"
+linkTitle: "Readiness"
+weight: 5
+description:
+  Definition of readiness.
+---
+
+There are multiple places where kluctl can wait for "readiness" of resources, e.g. for hooks or when `waitReadiness` is
+specified on a deployment item. Readiness depends on the resource kind, e.g. for a Job, kluctl would wait until it
+finishes successfully.
+
+After each deployment/execution of the hooks that belong to a deployment stage (before/after deployment), kluctl
+waits for the hook resources to become "ready". Readiness depends on the resource kind, e.g. for a Job, kluctl would
+wait until it finishes successfully.
diff --git a/docs/reference/deployments/tags.md b/docs/reference/deployments/tags.md
new file mode 100644
index 000000000..bf2a00d86
--- /dev/null
+++ b/docs/reference/deployments/tags.md
@@ -0,0 +1,83 @@
+---
+title: "Tags"
+linkTitle: "Tags"
+weight: 6
+---
+
+Every kustomize deployment has a set of tags assigned to it. These tags are defined in multiple places, which is
+documented in [deployment.yaml]({{< ref "./deployment-yml" >}}). Look for the `tags` field, which is available in multiple places per
+deployment project.
+
+Tags are useful when only one or more specific kustomize deployments need to be deployed or deleted.
+
+## Default tags
+
+[deployment items]({{< ref "./deployment-yml#deployments" >}}) in deployment projects can have an optional list of tags assigned.
+
+If this list is completely omitted, one single entry is added by default. This single entry equals to the last element
+of the `path` in the `deployments` entry.
+
+Consider the following example:
+
+```yaml
+deployments:
+  - path: nginx
+  - path: some/subdir
+```
+
+In this example, two kustomize deployments are defined. The first would get the tag `nginx` while the second
+would get the tag `subdir`.
+
+In most cases this heuristic is enough to get proper tags with which you can work. It might however lead to strange
+or even conflicting tags (e.g. `subdir` is really a bad tag), in which case you'd have to explicitly set tags.
+
+## Tag inheritance
+
+Deployment projects and deployments items inherit the tags of their parents. For example, if a deployment project
+has a [tags]({{< ref "./deployment-yml#tags-deployment-project" >}}) property defined, all `deployments` entries would
+inherit all these tags. Also, the sub-deployment projects included via deployment items of type
+[include]({{< ref "./deployment-yml#includes" >}}) inherit the tags of the deployment project. These included sub-deployments also
+inherit the [tags]({{< ref "./deployment-yml#tags-deployment-item" >}}) specified by the deployment item itself.
+
+Consider the following example `deployment.yaml`:
+
+```yaml
+deployments:
+  - include: sub-deployment1
+    tags:
+      - tag1
+      - tag2
+  - include: sub-deployment2
+    tags:
+      - tag3
+      - tag4
+  - include: subdir/subsub
+```
+
+Any kustomize deployment found in `sub-deployment1` would now inherit `tag1` and `tag2`. If `sub-deployment1` performs
+any further includes, these would also inherit these two tags. Inheriting is additive and recursive.
+
+The last sub-deployment project in the example is subject to the same default-tags logic as described
+in [Default tags](#default-tags), meaning that it will get the default tag `subsub`.
+
+## Deploying with tag inclusion/exclusion
+
+Special care needs to be taken when trying to deploy only a specific part of your deployment which requires some base
+resources to be deployed as well.
+
+Imagine a large deployment is able to deploy 10 applications, but you only want to deploy one of them. When using tags
+to achieve this, there might be some base resources (e.g. Namespaces) which are needed no matter if everything or just
+this single application is deployed. In that case, you'd need to set [alwaysDeploy]({{< ref "./deployment-yml#deployments" >}})
+to `true`.
+
+## Deleting with tag inclusion/exclusion
+
+Also, in most cases, even more special care has to be taken for the same types of resources as decribed before.
+
+Imagine a kustomize deployment being responsible for namespaces deployments. If you now want to delete everything except
+deployments that have the `persistency` tag assigned, the exclusion logic would NOT exclude deletion of the namespace.
+This would ultimately lead to everything being deleted, and the exclusion tag having no effect.
+
+In such a case, you'd need to set [skipDeleteIfTags]({{< ref "./deployment-yml#skipdeleteiftags" >}}) to `true` as well.
+
+In most cases, setting `alwaysDeploy` to `true` also requires setting `skipDeleteIfTags` to `true`.
diff --git a/docs/reference/kluctl-project/_index.md b/docs/reference/kluctl-project/_index.md
new file mode 100644
index 000000000..32d6bd66b
--- /dev/null
+++ b/docs/reference/kluctl-project/_index.md
@@ -0,0 +1,60 @@
+---
+title: "Kluctl project (.kluctl.yaml)"
+linkTitle: ".kluctl.yaml"
+weight: 1
+description: >
+    Kluctl project configuration, found in the .kluctl.yaml file.
+---
+
+The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines where the actual
+[deployment project]({{< ref "docs/reference/deployments" >}}) is located,
+where [sealed secrets]({{< ref "docs/reference/sealed-secrets" >}}) and unencrypted secrets are localed and which targets are available to
+invoke [commands]({{< ref "docs/reference/commands" >}}) on.
+
+## Example
+
+An example .kluctl.yaml looks like this:
+
+```yaml
+targets:
+  # test cluster, dev env
+  - name: dev
+    context: test.example.com
+    args:
+      environment_name: dev
+    sealingConfig:
+      secretSets:
+        - non-prod
+  # test cluster, test env
+  - name: test
+    context: test.example.com
+    args:
+      environment_name: test
+    sealingConfig:
+      secretSets:
+        - non-prod
+  # prod cluster, prod env
+  - name: prod
+    context: prod.example.com
+    args:
+      environment_name: prod
+    sealingConfig:
+      secretSets:
+        - prod
+
+# This is only required if you actually need sealed secrets
+secretsConfig:
+  secretSets:
+    - name: prod
+      vars:
+        # This file should not be part of version control!
+        - file: .secrets-prod.yaml
+    - name: non-prod
+      vars:
+        # This file should not be part of version control!
+        - file: .secrets-non-prod.yaml
+```
+
+## Allowed fields
+
+Please check the sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
diff --git a/docs/reference/kluctl-project/secrets-config/_index.md b/docs/reference/kluctl-project/secrets-config/_index.md
new file mode 100644
index 000000000..4aa9394f1
--- /dev/null
+++ b/docs/reference/kluctl-project/secrets-config/_index.md
@@ -0,0 +1,73 @@
+---
+title: "secretsConfig"
+linkTitle: "secretsConfig"
+weight: 4
+description: >
+  Optional, defines where to load secrets from.
+---
+
+This configures how secrets are retrieved while sealing. It is basically a list of named secret sets which can be
+referenced from targets.
+
+It has the following form:
+```yaml
+...
+secretsConfig:
+  secretSets:
+    - name: <name>
+      vars:
+        - ...
+  sealedSecrets: ...
+...
+```
+
+## secretSets
+
+Each `secretSets` entry has the following fields.
+
+### name
+This field specifies the name of the secret set. The name can be used in targets to refer to this secret set.
+
+### vars
+A list of variables sources. Check the documentation of
+[variables sources]({{< ref "docs/reference/templating/variable-sources" >}}) for details.
+
+Each variables source must have a root dictionary with the name `secrets` and all the actual secret values
+below that dictionary. Every other root key will be ignored.
+
+Example variables file:
+
+```yaml
+secrets:
+  secret: value1
+  nested:
+    secret: value2
+    list:
+      - a
+      - b
+...
+```
+
+## sealedSecrets
+This field specifies the configuration for sealing. It has the following form:
+
+```yaml
+...
+secretsConfig:
+  secretSets: ...
+  sealedSecrets:
+    bootstrap: true
+    namespace: kube-system
+    controllerName: sealed-secrets-controller
+...
+```
+
+### bootstrap
+Controls whether kluctl should bootstrap the initial private key in case the controller is not yet installed on
+the target cluster. Defaults to `true`.
+
+### namespace
+Specifies the namespace where the sealed-secrets controller is installed. Defaults to "kube-system".
+
+### controllerName
+Specifies the name of the sealed-secrets controller. Defaults to "sealed-secrets-controller".
diff --git a/docs/reference/kluctl-project/targets/_index.md b/docs/reference/kluctl-project/targets/_index.md
new file mode 100644
index 000000000..63951d5f0
--- /dev/null
+++ b/docs/reference/kluctl-project/targets/_index.md
@@ -0,0 +1,103 @@
+---
+title: "targets"
+linkTitle: "targets"
+weight: 4
+description: >
+  Required, defines targets for this kluctl project.
+---
+
+Specifies a list of targets for which commands can be invoked. A target puts together environment/target specific
+configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
+configuration (via `args`). Target entries also specifies which secrets to use while [sealing]({{< ref "docs/reference/sealed-secrets" >}}).
+
+Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target itself.
+The rendering process is retried 10 times until it finally succeeds, allowing you to reference
+the target itself in complex ways. This is especially useful when using [dynamic targets]({{< ref "./dynamic-targets" >}}).
+
+Target entries have the following form:
+```yaml
+targets:
+...
+  - name: <target_name>
+    context: <context_name>
+    args:
+      arg1: <value1>
+      arg2: <value2>
+      ...
+    dynamicArgs:
+      - name: <arg_name>
+      ...
+    images:
+      - image: my-image
+        resultImage: my-image:1.2.3
+    sealingConfig:
+      secretSets:
+        - <name_of_secrets_set>
+...
+```
+
+The following fields are allowed per target:
+
+## name
+This field specifies the name of the target. The name must be unique. It is referred in all commands via the
+[-t]({{< ref "docs/reference/commands/common-arguments" >}}) option.
+
+## context
+This field specifies the kubectl context of the target cluster. The context must exist in the currently active kubeconfig.
+If this field is omitted, Kluctl will always use the currently active context.
+
+## args
+This fields specifies a map of arguments to be passed to the deployment project when it is rendered. Allowed argument names
+are configured via [deployment args]({{< ref "docs/reference/deployments/deployment-yml#args" >}}).
+
+The arguments specified in the [dynamic target config]({{< ref "docs/reference/kluctl-project/targets/dynamic-targets#args" >}})
+have higher priority.
+
+## dynamicArgs
+This field specifies a list of CLI arguments that can be passed to kluctl when performing any commands on the target. These
+arguments are passed with `-a arg_name=arg_value` when for example calling `kluctl deploy -t target_name`.
+
+Each entry has the following fields:
+
+## images
+This field specifies a list of fixed images to be used by [`images.get_image(...)`]({{< ref "docs/reference/deployments/images#imagesget_image" >}}).
+The format is identical to the [fixed images file](https://kluctl.io/docs/reference/deployments/images/#fixed-images-via-a-yaml-file).
+
+The fixed images specified in the [dynamic target config]({{< ref "docs/reference/kluctl-project/targets/dynamic-targets#images" >}})
+have higher priority.
+
+### name
+The name of the argument.
+
+## sealingConfig
+This field configures how sealing is performed when the [seal command] ({{< ref "docs/reference/commands/seal" >}}) is invoked for this target.
+It has the following form:
+
+```yaml
+targets:
+...
+- name: <target_name>
+  ...
+  sealingConfig:
+    args:
+      arg1: <override_for_arg1>
+    certFile: <path-to-cert-file>
+    dynamicSealing: <true_or_false>
+    secretSets:
+      - <name_of_secrets_set>
+```
+
+### args
+This field allows adding extra arguments to the target args. These are only used while sealing and may override
+arguments which are already configured for the target.
+
+### certFile
+Optional path to a local (inside your project) public certificate used for sealing. Such a certificate can be fetched
+from the sealed-secrets controller using `kubeseal --fetch-cert`.
+
+### dynamicSealing
+This field specifies weather sealing should happen per [dynamic target]({{< ref "./dynamic-targets" >}}) or only once. This
+field is optional and defaults to `true`.
+
+### secretSets
+This field specifies a list of secret set names, which all must exist in the [secretsConfig]({{< ref "../secrets-config" >}}).
diff --git a/docs/reference/kluctl-project/targets/dynamic-targets.md b/docs/reference/kluctl-project/targets/dynamic-targets.md
new file mode 100644
index 000000000..f15ed7506
--- /dev/null
+++ b/docs/reference/kluctl-project/targets/dynamic-targets.md
@@ -0,0 +1,110 @@
+---
+title: "Dynamic Targets"
+linkTitle: "Dynamic Targets"
+weight: 1
+description: >
+    Dynamically defined targets.
+---
+
+Targets can also be "dynamic", meaning that additional configuration can be sourced from another git repository.
+This can be based on a single target repository and branch, or on a target repository and branch/ref pattern, resulting
+in multiple dynamic targets being created from one target definition.
+
+Please note that a single entry in `target` might end up with multiple dynamic targets, meaning that the name must be
+made unique between these dynamic targets. This can be achieved by using templating in the `name` field. As an example,
+`{{ target.targetConfig.ref }}` can be used to set the target name to the branch name of the dynamic target.
+
+Dynamic targets have the following form:
+```yaml
+targets:
+...
+  - name: <dynamic_target_name>
+    context: <cluster_name>
+    args: ...
+      arg1: <value1>
+      arg2: <value2>
+      ...
+    targetConfig:
+      project:
+        url: <git-url>
+      ref: <ref-name>
+      refPattern: <regex-pattern>
+      file: <config-file>
+    sealingConfig:
+      dynamicSealing: <false_or_true>
+      secretSets:
+        - <name_of_secrets_set>
+...
+```
+
+All fields known from normal targets are allowed. In addition, the targetConfig with following fields is available.
+
+## targetConfig
+
+The presence of this field causes the target to become a dynamic target. 
+It specifies where to look for dynamic targets and their addional configuration. It has the following form:
+
+```yaml
+...
+targets:
+...
+- name: <dynamic_target_name>
+  ...
+  targetConfig:
+    project:
+      url: <git-url>
+    ref: <ref-name>
+    refPattern: <regex-pattern>
+...
+```
+
+### project.url
+This field specifies the git clone url of the target configuration project.
+
+### ref
+This field specifies the branch or tag to use. If this field is specified, using `refPattern` is forbidden.
+This will result in one single dynamic target.
+
+### refPattern
+This field specifies a regex pattern to use when looking for candidate branches and tags. If this is specified,
+using `ref` is forbidden. This will result in multiple dynamic targets. Each dynamic target will have `ref` set to
+the actual branch name it belong to. This allows using of `{{ target.targetConfig.ref }}` in all other target fields.
+
+### file
+This field specifies the config file name to read externalized target config from.
+
+## Format of the target config
+The target config file referenced in `targetConfig` must be of the following format:
+
+```yaml
+args:
+  arg1: value1
+  arg2: value2
+images:
+  - image: registry.gitlab.com/my-group/my-project
+    resultImage: registry.gitlab.com/my-group/my-project:1.1.0
+```
+
+### args
+An optional map of arguments, in the same format as in the normal [target args]({{< ref "docs/reference/kluctl-project/targets/#args" >}}).
+
+The arguments specified here have higher priority.
+
+### images
+An optional list of fixed images, in the same format as in the normal [target images]({{< ref "docs/reference/kluctl-project/targets/#images" >}})
+
+## Simple dynamic targets
+
+A simplified form of dynamic targets is to store target config inside the same directory/project as the `.kluctl.yaml`.
+This can be done by omitting `project`, `ref` and `refPattern` from `targetConfig` and only specify `file`.
+
+## A note on sealing
+
+When sealing dynamic targets, it is very likely that it is not known yet which dynamic targets will actually exist in
+the future. This requires some special care when sealing secrets for these targets. Sealed secrets are usually namespace
+scoped, which might need to be changed to cluster-wide scoping so that the same sealed secret can be deployed into
+multiple targets (assuming you deploy to different namespaces for each target). When you do this, watch out to not
+compromise security, e.g. by sealing production level secrets with a cluster-wide scope!
+
+It is also very likely required to set `target.sealingConfig.dynamicSealing` to `false`, so that sealing is only performed
+once and not for all dynamic targets.
\ No newline at end of file
diff --git a/docs/reference/sealed-secrets.md b/docs/reference/sealed-secrets.md
new file mode 100644
index 000000000..fd9bf6fb3
--- /dev/null
+++ b/docs/reference/sealed-secrets.md
@@ -0,0 +1,152 @@
+---
+title: "Sealed Secrets"
+linkTitle: "Sealed Secrets"
+weight: 2
+description: >
+    Sealed Secrets integration
+---
+
+kluctl has an integration for [sealed secrets](https://github.com/bitnami-labs/sealed-secrets), allowing you to
+securely store secrets for multiple target clusters and/or environments inside version control.
+
+The integration consists of two parts:
+1. Sealing of secrets
+1. Automatically choosing and deploying the correct sealed secrets for a target
+
+## Requirements
+
+The Sealed Secrets integration relies on the [sealed-secrets operator](https://github.com/bitnami-labs/sealed-secrets)
+being installed. Installing the operator is the responsibility of you (or whoever is managing/operating the cluster).
+
+Kluctl can however perform sealing of secrets without an existing sealed-secrets operator installation. This is solved
+by automatically pre-provisioning a key onto the cluster that is compatible with the operator or by providing the
+public certificate via `certFile` in the targets [sealingConfig]({{< ref "docs/reference/kluctl-project/targets#certfile" >}}).
+
+## Sealing of .sealme files
+
+Sealing is done via the [seal command]({{< ref "docs/reference/commands/seal" >}}). It must be done before the actual
+deployment is performed.
+
+The `seal` command recursively searches for files that end with `.sealme`, renders them with the
+[templating engine]({{< ref "docs/reference/templating" >}}) engine. The rendered secret resource is then
+converted/encrypted into a sealed secret.
+
+The `.sealme` files itself have to be [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/),
+but without any actual secret data inside. The secret data is referenced via templating variables and is expected to be
+provided only at the time of sealing. This means, that the sensitive secret data must only be in clear text while sealing.
+Afterwards the sealed secrets can be added to version control.
+
+Example file (the name could be for example `db-secrets.yaml.sealme`):
+```yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: db-secrets
+  namespace: {{ my.namespace.variable }}
+stringData:
+  DB_URL: {{ secrets.database.url }}
+  DB_USERNAME: {{ secrets.database.username }}
+  DB_PASSWORD: {{ secrets.database.password }}
+```
+
+While sealing, the full templating context (same as in [templating]({{< ref "docs/reference/templating" >}})) is available.
+Additionally, the global `secrets` object/variable is available which contains the sensitive secrets.
+
+## Secret Sources
+
+Secrets are only loaded while sealing. Available secret sets and sources are configured via
+[.kluctl.yaml]({{< ref "docs/reference/kluctl-project/secrets-config" >}}). The secrets used per target are configured via the
+[secrets config]({{< ref "docs/reference/kluctl-project/targets#secretsets" >}}) of the targets.
+
+## Using sealed secrets
+
+After sealing a secret, it can be used inside kustomize deployments. While deploying, kluctl will look for resources
+included from `kustomization.yaml` which are not existent but for which a file with a `.sealme` extension exists. If such
+a file is found, the appropriate sealed secrets is located based on the
+[outputPattern](#outputpattern-and-location-of-stored-sealed-secrets).
+
+An example `kustomization.yaml`:
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+# please note that we do not specify the .sealme suffix here
+- db-secrets.yaml
+- my-deployments.yaml
+```
+
+## outputPattern and location of stored sealed secrets
+
+It is possible to override the output pattern in the root [deployment project]({{< ref "docs/reference/deployments" >}}).
+The output pattern must be a template string that is rendered with the full
+[templating context]({{< ref "docs/reference/templating" >}}) available for the deployment.yaml.
+
+When manually specifying the outputPattern, ensure that it works well with multiple clusters and targets. You can
+for example use the `{{ target.name }}` and `{{ cluster.name }}` inside the outputPattern.
+
+```yaml
+# deployment.yaml in root directory
+sealedSecrets:
+  outputPattern: "{{ cluster.name }}/{{ target.name }}"
+```
+
+The default outputPattern is simply `{{ target.name }}`, which should work well in most cases.
+
+The final storage location for the sealed secret is:
+
+`<base_dir>/<rendered_output_pattern>/<relative_sealme_file_dir>/<file_name>`
+
+with:
+* `base_dir`: The base directory for sealed secrets, which defaults to to the subdirectory `.sealed-secrets` in the kluctl project root
+  diretory.
+* `rendered_output_pattern`: The rendered outputPattern as described above.
+* `relative_sealme_file_dir`: The relative path from the deployment root directory.
+* `file_name`: The filename of the sealed secret, excluding the `.sealme` extension.
+
+## Content Hashes and re-sealing
+Sealed secrets are stored together with hashes of all individual secret entries. These hashes are then used to avoid
+unnecessary re-sealing in future [seal]({{< ref "docs/reference/commands/seal" >}}) invocations. If you want to force re-sealing, use the
+[--force-reseal]({{< ref "docs/reference/commands/seal" >}}) option.
+
+Hashing of secrets is done with bcrypt and the cluster id as salt. The cluster id is currently defined as the sha256 hash
+of the cluster CA certificate. This will cause re-sealing of all secrets in case a cluster is set up from scratch
+(which causes key from the sealed secrets operator to get wiped as well).
+
+## Clusters and namespaces
+Sealed secrets are usually only decryptable by one cluster, simply because each cluster has its own set of randomly
+generated public/private key pairs. This means, that a secret that was sealed for your production cluster can't be
+unsealed on your test cluster.
+
+In addition, sealed secrets can be bound to a single namespace, making them undecryptable for any other namespace.
+To limit a sealed secret to a namespace, simply fill the `metadata.namespace` field of the input secret (which is in
+the `.sealme` file). This way, the sealed secret can only be deployed to a single namespace.
+
+You can also use [Scopes](https://github.com/bitnami-labs/sealed-secrets#scopes) to lift/limit restrictions.
+
+## Using reflectors/replicators
+In case a sealed secrets needs to be deployed to more than one namespace, some form of replication must be used. You'd
+then seal the secret for a single namespace and use a reflection/replication controller to reflect the unsealed secret
+into one or multiple other namespaces. Example controllers that can accomplish this are the
+[Mittwald kubernetes-reflector](https://github.com/mittwald/kubernetes-replicator) and the
+[Emberstack Kubernetes Reflector](https://github.com/emberstack/kubernetes-reflector).
+
+Consider the following example (using the Mittwald replicator):
+```yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: db-secrets
+  namespace: {{ my.namespace.variable }}
+  annotations:
+    replicator.v1.mittwald.de/replicate-to: '{{ my.namespace.variable }}-.*'
+stringData:
+  DB_URL: {{ secrets.database.url }}
+  DB_USERNAME: {{ secrets.database.username }}
+  DB_PASSWORD: {{ secrets.database.password }}
+```
+
+The above example would cause automatic replication into every namespace that matches the replicate-to pattern.
+
+Please watch out for security implications. In the above example, everyone who has the right to create a namespace that
+matches the pattern will get access to the secret.
diff --git a/docs/reference/templating/_index.md b/docs/reference/templating/_index.md
new file mode 100644
index 000000000..ddef4c163
--- /dev/null
+++ b/docs/reference/templating/_index.md
@@ -0,0 +1,53 @@
+---
+title: "Templating"
+linkTitle: "Templating"
+weight: 2
+description: >
+    Templating Engine.
+---
+
+kluctl uses a Jinja2 Templating engine to pre-process/render every involved configuration file and resource before
+actually interpreting it. Only files that are explicitly excluded via [.templateignore files](#templateignore)
+are not rendered via Jinja2.
+
+Generally, everything that is possible with Jinja2 is possible in kluctl configuration/resources. Please
+read into the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.0.x/templates/) to understand what exactly
+is possible and how to use it.
+
+## .templateignore
+In some cases it is required to exclude specific files from templating, for example when the contents conflict with
+the used template engine (e.g. Go templates conflict with Jinja2 and cause errors). In such cases, you can place
+a `.templateignore` beside the excluded files or into a parent folder of it. The contents/format of the `.templateignore`
+file is the same as you would use in a `.gitignore` file.
+
+## Includes and imports
+Standard Jinja2 [includes](https://jinja.palletsprojects.com/en/2.11.x/templates/#include) and
+[imports](https://jinja.palletsprojects.com/en/2.11.x/templates/#import) can be used in all templates.
+
+The path given to include/import is searched in the directory of the root template and all it's parent directories up
+until the project root. Please note that the search path is not altered in included templates, meaning that it will
+always search in the same directories even if an include happens inside a file that was included as well.
+
+To include/import a file relative to the currently rendered file (which is not necessarily the root template), prefix
+the path with `./`, e.g. use `{% include "./my-relative-file.j2" %}"`.
+
+## Macros
+
+[Jinja2 macros](https://jinja.palletsprojects.com/en/2.11.x/templates/#macros) are fully supported. When writing
+macros that produce yaml resources, you must use the `---` yaml separator in case you want to produce multiple resources
+in one go.
+
+## Why no Go Templating
+
+kluctl started as a python project and was then migrated to be a Go project. In the python world, Jinja2 is the obvious
+choice when it comes to templating. In the Go world, of course Go Templates would be the first choice.
+
+When the migration to Go was performed, it was a conscious and opinionated decision to stick with Jinja2 templating.
+The reason is that I (@codablock) believe that Go Templates are hard to read and write and at the same time quite limited
+in their features (without extensive work). It never felt natural to write Go Templates.
+
+This "feeling" was confirmed by multiple users of kluctl when it started and users described as "relieving" to not
+be forced to use Go Templates.
+
+The above is my personal experience and opinion. I'm still quite open for contributions in regard to Go Templating
+support, as long as Jinja2 support is kept.
diff --git a/docs/reference/templating/filters.md b/docs/reference/templating/filters.md
new file mode 100644
index 000000000..cebf0275c
--- /dev/null
+++ b/docs/reference/templating/filters.md
@@ -0,0 +1,80 @@
+---
+title: "Filters"
+linkTitle: "Filters"
+weight: 3
+description: >
+    Available filters.
+---
+
+In addition to the [builtin Jinja2 filters](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-builtin-filters),
+kluctl provides a few additional filters:
+
+### b64encode
+Encodes the input value as base64. Example: `{{ "test" | b64encode }}` will result in `dGVzdA==`.
+
+### b64decode
+Decodes an input base64 encoded string. Example `{{ my.source.var | b64decode }}`.
+
+### from_yaml
+Parses a yaml string and returns an object. Please note that json is valid yaml, meaning that you can also use this
+filter to parse json.
+
+### to_yaml
+Converts a variable/object into its yaml representation. Please note that in most cases the resulting string will not
+be properly indented, which will require you to also use the `indent` filter. Example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-config
+data:
+  config.yaml: |
+    {{ my_config | to_yaml | indent(4) }}
+```
+
+### to_json
+Same as `to_yaml`, but with json as output. Please note that json is always valid yaml, meaning that you can also use
+`to_json` in yaml files. Consider the following example:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: c1
+        image: my-image
+        env: {{ my_list_of_env_entries | to_json }}
+```
+
+This would render json into a yaml file, which is still a valid yaml file. Compare this to how this would have to be
+solved with `to_yaml`:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: c1
+        image: my-image
+        env:
+          {{ my_list_of_env_entries | to_yaml | indent(10) }}
+```
+
+The required indention filter is the part that makes this error-prone and hard to maintain. Consider using `to_json`
+whenever you can.
+
+### render
+Renders the input string with the current Jinja2 context. Example:
+```
+{% set a="{{ my_var }}" %}
+{{ a | render }}
+```
\ No newline at end of file
diff --git a/docs/reference/templating/functions.md b/docs/reference/templating/functions.md
new file mode 100644
index 000000000..e24b4108e
--- /dev/null
+++ b/docs/reference/templating/functions.md
@@ -0,0 +1,65 @@
+---
+title: "Functions"
+linkTitle: "Functions"
+weight: 4
+description: >
+    Available functions.
+---
+
+In addition to the provided
+[builtin global functions](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-global-functions),
+kluctl also provides a few global functions:
+
+### load_template(file)
+Loads the given file into memory, renders it with the current Jinja2 context and then returns it as a string. Example:
+```
+{% set a=load_template('file.yaml') %}
+{{ a }}
+```
+
+`load_template` uses the same path searching rules as described in [includes/imports]({{< ref "docs/reference/templating#includes-and-imports" >}}).
+
+### load_sha256(file, digest_len)
+Loads the given file into memory, renders it and calculates the sha256 hash of the result.
+
+The filename given to `load_sha256` is treated the same as in `load_template`. Recursive loading/calculating of hashes
+is allowed and is solved by replacing `load_sha256` invocations with currently loaded templates with dummy strings.
+This also allows to calculate the hash of the currently rendered template, for example:
+
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-config-{{ load_sha256("configmap.yaml") }}
+data:
+```
+
+`digest_len` is an optional parameter that allows to limit the length of the returned hex digest.
+
+### get_var(field_path, default)
+Convenience method to navigate through the current context variables via a
+[JSON Path](https://goessner.net/articles/JsonPath/). Let's assume you currently have these variables defined
+(e.g. via [vars]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-project" >}})):
+```yaml
+my:
+  deep:
+    var: value
+```
+Then `{{ get_var('my.deep.var', 'my-default') }}` would return `value`.
+When any of the elements inside the field path are non-existent, the given default value is returned instead.
+
+The `field_path` parameter can also be a list of pathes, which are then tried one after the another, returning the first
+result that gives a value that is not None. For example, `{{ get_var(['non.existing.var', my.deep.var'], 'my-default') }}`
+would also return `value`.
+
+### merge_dict(d1, d2)
+Clones d1 and then recursively merges d2 into it and returns the result. Values inside d2 will override values in d1.
+
+### update_dict(d1, d2)
+Same as `merge_dict`, but merging is performed in-place into d1.
+
+### raise(msg)
+Raises a python exception with the given message. This causes the current command to abort.
+
+### debug_print(msg)
+Prints a line to stderr.
\ No newline at end of file
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
new file mode 100644
index 000000000..a5aabcee1
--- /dev/null
+++ b/docs/reference/templating/predefined-variables.md
@@ -0,0 +1,27 @@
+---
+title: "Predefined Variables"
+linkTitle: "Predefined Variables"
+weight: 1
+description: >
+    Available predefined variables.
+---
+
+There are multiple variables available which are pre-defined by kluctl. These are:
+
+### args
+This is a dictionary of arguments given via command line. It contains every argument defined in
+[deployment args]({{< ref "docs/reference/deployments/deployment-yml#args" >}}).
+
+### target
+This is the target definition of the currently processed target. It contains all values found in the 
+[target definition]({{< ref "docs/reference/kluctl-project/targets" >}}), for example `target.name`.
+
+### images
+This global object provides the dynamic images features described in [images]({{< ref "docs/reference/deployments/images" >}}).
+
+### version
+This global object defines latest version filters for `images.get_image(...)`. See [images]({{< ref "docs/reference/deployments/images" >}}) for details.
+
+### secrets
+This global object is only available while [sealing]({{< ref "docs/reference/sealed-secrets" >}}) and contains the loaded
+secrets defined via the currently sealed target.
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
new file mode 100644
index 000000000..34ea6bf09
--- /dev/null
+++ b/docs/reference/templating/variable-sources.md
@@ -0,0 +1,215 @@
+---
+title: "Variable Sources"
+linkTitle: "Variable Sources"
+weight: 2
+description: >
+  Available variable sources.
+---
+
+There are multiple places in deployment projects (deployment.yaml) where additional variables can be loaded into
+future Jinja2 contexts.
+
+The first place where vars can be specified is the deployment root, as documented [here]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-project" >}}).
+These vars are visible for all deployments inside the deployment project, including sub-deployments from includes.
+
+The second place to specify variables is in the deployment items, as documented [here]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-item" >}}).
+
+The variables loaded for each entry in `vars` are not available inside the `deployment.yaml` file itself.
+However, each entry in `vars` can use all variables defined before that specific entry is processed. Consider the
+following example.
+
+```yaml
+vars:
+- file: vars1.yaml
+- file: vars2.yaml
+```
+
+`vars2.yaml` can now use variables that are defined in `vars1.yaml`. At all times, variables defined by
+parents of the current sub-deployment project can be used in the current vars file.
+
+Different types of vars entries are possible:
+
+### file
+This loads variables from a yaml file. Assume the following yaml file with the name `vars1.yaml`:
+```yaml
+my_vars:
+  a: 1
+  b: "b"
+  c:
+    - l1
+    - l2
+```
+
+This file can be loaded via:
+
+```yaml
+vars:
+  - file: vars1.yaml
+```
+
+After which all included deployments and sub-deployments can use the jinja2 variables from `vars1.yaml`.
+
+### values
+An inline definition of variables. Example:
+
+```yaml
+vars:
+  - values:
+      a: 1
+      b: c
+```
+
+These variables can then be used in all deployments and sub-deployments.
+
+### git
+This loads variables from a git repository. Example:
+
+```yaml
+vars:
+  - git:
+      url: ssh://git@github.com/example/repo.git
+      ref: my-branch
+      path: path/to/vars.yaml
+```
+
+### clusterConfigMap
+Loads a configmap from the target's cluster and loads the specified key's value as a yaml file into the jinja2 variables
+context.
+
+Assume the following configmap to be deployed to the target cluster:
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-vars
+  namespace: my-namespace
+data:
+  vars: |
+    a: 1
+    b: "b"
+    c:
+      - l1
+      - l2
+```
+
+This configmap can be loaded via:
+
+```yaml
+vars:
+  - clusterConfigMap:
+      name: my-vars
+      namespace: my-namespace
+      key: vars
+```
+
+It assumes that the configmap is already deployed before the kluctl deployment happens. This might for example be
+useful to store meta information about the cluster itself and then make it available to kluctl deployments.
+
+### clusterSecret
+Same as clusterConfigMap, but for secrets.
+
+### http
+The http variables source allows to load variables from an arbitrary HTTP resource by performing a GET (or any other
+configured HTTP method) on the URL. Example:
+
+```yaml
+vars:
+  - http:
+      url: https://example.com/path/to/my/vars
+```
+
+The above source will load a variables file from the given URL. The file is expected to be in yaml or json format.
+
+The following additional properties are supported for http sources:
+
+##### method
+Specifies the HTTP method to be used when requesting the given resource. Defaults to `GET`.
+
+##### body
+The body to send along with the request. If not specified, nothing is sent.
+
+#### headers
+A map of key/values pairs representing the header entries to be added to the request. If not specified, nothing is added.
+
+##### jsonPath
+Can be used to select a nested element from the yaml/json document returned by the HTTP request. This is useful in case
+some REST api is used which does not directly return the variables file. Example:
+
+```yaml
+vars:
+  - http:
+      url: https://example.com/path/to/my/vars
+      jsonPath: $[0].data
+```
+
+The above example would successfully use the following json document as variables source:
+
+```json
+[{"data": {"vars": {"var1": "value1"}}}]
+```
+
+#### Authentication
+
+Kluctl currently supports BASIC and NTLM authentication. It will prompt for credentials when needed.
+
+### awsSecretsManager
+[AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) integration. Loads a variables YAML from an AWS Secrets
+Manager secret. The secret can either be specified via an ARN or via a secretName and region combination. An AWS
+config profile can also be specified (which must exist while sealing).
+
+The secrets stored in AWS Secrets manager must contain a valid yaml or json file.
+
+Example using an ARN:
+```yaml
+vars:
+  - awsSecretsManager:
+      secretName: arn:aws:secretsmanager:eu-central-1:12345678:secret:secret-name-XYZ
+      profile: my-prod-profile
+```
+
+Example using a secret name and region:
+```yaml
+vars:
+  - awsSecretsManager:
+      secretName: secret-name
+      region: eu-central-1
+      profile: my-prod-profile
+```
+
+The advantage of the latter is that the auto-generated suffix in the ARN (which might not be known at the time of
+writing the configuration) doesn't have to be specified.
+
+### vault
+
+[Vault by HashiCorp](https://www.vaultproject.io/) with [Tokens](https://www.vaultproject.io/docs/concepts/tokens) 
+authentication integration. The address and the path to the secret can be configured. 
+The implementation was tested with KV Secrets Engine.
+
+Example using vault:
+```yaml
+vars:
+  - vault:
+      address: http://localhost:8200
+      path: secret/data/simple
+```
+
+Before deploying or sealing please make sure that you have access to vault. You can do this for example by setting 
+the environment variable `VAULT_TOKEN`.
+
+### systemEnvVars
+Load variables from environment variables. Children of `systemEnvVars` can be arbitrary yaml, e.g. dictionaries or lists.
+The leaf values are used to get a value from the system environment.
+
+Example:
+```yaml
+vars:
+- systemEnvVars:
+    var1: ENV_VAR_NAME1
+    someDict:
+      var2: ENV_VAR_NAME2
+    someList:
+      - var3: ENV_VAR_NAME3
+```
+
+The above example will make 3 variables available: `var1`, `someDict.var2` and
+`someList[0].var3`, each having the values of the environment variables specified by the leaf values.

From 16aacf901b31e10cc5bc594f6ae93eb47fc11122 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 22:36:16 +0200
Subject: [PATCH 0434/2268] docs: Remove mentions of external projects

---
 docs/concepts.md                                 | 5 +----
 docs/reference/commands/environment-variables.md | 4 ++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/docs/concepts.md b/docs/concepts.md
index c410e32e1..583b8ccbe 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -7,12 +7,9 @@ weight: 10
 These are some core concepts in Kluctl.
 
 ## Kluctl project
-The kluctl project defines targets, secret sources and external git projects.
+The kluctl project defines targets and secret sources.
 It is defined via the [.kluctl.yaml]({{< ref "docs/reference/kluctl-project" >}}) configuration file.
 
-The kluctl project can also optionally define where the deployment project and clusters configs are located (external
-git projects).
-
 ## Targets
 A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
 allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index 15b7f003c..be7ade381 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -11,8 +11,8 @@ In addition to arguments, Kluctl can be controlled via a set of environment vari
 ## Environment variables as arguments
 All options/arguments accepted by kluctl can also be specified via environment variables. The name of the environment
 variables always start with `KLUCTL_` and end with the option/argument in uppercase and dashes replaced with
-underscores. As an example, `--project-url=my-project` can also be specified with the environment variable
-`KLUCTL_PROJECT_URL=my-project`.
+underscores. As an example, `--dry-run` can also be specified with the environment variable
+`KLUCTL_DRY_RUN=true`.
 
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:

From 89f36d5ebdde0c53a08f38587009f77acd6cc94a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 22:36:48 +0200
Subject: [PATCH 0435/2268] docs: Update documentation about environment
 variables

---
 docs/reference/commands/environment-variables.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index be7ade381..9bc60def5 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -18,6 +18,5 @@ underscores. As an example, `--dry-run` can also be specified with the environme
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
 1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries]({{< ref "docs/reference/deployments/images#supported-image-registries-and-authentication" >}}) for details.
-2. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
-3. `KLUCTL_NO_THREADS`. Do not use multithreading while performing work. This is only useful for debugging purposes.
-4. `KLUCTL_IGNORE_DEBUGGER`. Pretend that there is no debugger attached when automatically deciding if multi-threading should be enabled or not.
+2. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
+3. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.

From c7f4e47a8fcb1ca24917e706c286a072779807cf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 22:42:53 +0200
Subject: [PATCH 0436/2268] docs: Document slugify filter

---
 docs/reference/templating/filters.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/reference/templating/filters.md b/docs/reference/templating/filters.md
index cebf0275c..0f556d1f3 100644
--- a/docs/reference/templating/filters.md
+++ b/docs/reference/templating/filters.md
@@ -77,4 +77,7 @@ Renders the input string with the current Jinja2 context. Example:
 ```
 {% set a="{{ my_var }}" %}
 {{ a | render }}
-```
\ No newline at end of file
+```
+
+### slugify
+Slugify a string based on [python-slugify](https://github.com/un33k/python-slugify).

From 89d16e797790a05060002709290aed9b840e4af4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 22:57:24 +0200
Subject: [PATCH 0437/2268] docs: Add documentation for time template functions

---
 docs/reference/templating/functions.md | 31 +++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/docs/reference/templating/functions.md b/docs/reference/templating/functions.md
index e24b4108e..50c474ff9 100644
--- a/docs/reference/templating/functions.md
+++ b/docs/reference/templating/functions.md
@@ -62,4 +62,33 @@ Same as `merge_dict`, but merging is performed in-place into d1.
 Raises a python exception with the given message. This causes the current command to abort.
 
 ### debug_print(msg)
-Prints a line to stderr.
\ No newline at end of file
+Prints a line to stderr.
+
+### time.now()
+Returns the current time. The returned object has the following members:
+
+| member                        | description                                                                                                                                                                        |
+|-------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| t.as_timezone(tz)             | Converts and returns the time `t` in the given timezone. Example: <br/>`{{ time.now().as_timezone("Europe/Berlin") }}`                                                             |
+| t.weekday()                   | Returns the time's weekday. 0 means Monday and 6 means Sunday.                                                                                                                     |
+| t.hour()                      | Returns the time's hour from 0-23.                                                                                                                                                 |
+| t.minute()                    | Returns the time's minute from 0-59.                                                                                                                                               |
+| t.second()                    | Returns the time's second from 0-59.                                                                                                                                               |
+| t.nanosecond()                | Returns the time's nanosecond from 0-999999999.                                                                                                                                    |
+| t + delta                     | Adds a delta to `t`. Example: `{{ time.now() + time.second * 10 }}`                                                                                                                |
+| t - delta                     | Subtracts a delta from `t`. Example: `{{ time.now() - time.second * 10 }}`                                                                                                         |
+| t1 < t2<br/>t1 >= t2<br/> ... | Time objects can be compared to other time objects. Example:<br/>`{% if time.now() < time.parse_iso("2022-10-01T10:00") %}...{% endif %}`<br/>All logical operators are supported. |
+
+### time.utcnow()
+Returns the current time in UTC.
+The object has the same members as described in [time.now()](#timenow).
+
+### time.parse_iso(iso_time_str)
+Parse the given string and return a time object. The string must be in ISO time. 
+The object has the same members as described in [time.now()](#timenow).
+
+### time.second, time.minute, time.hour
+Represents a time delta to be used with `t + delta` and `t - delta`. Example
+```
+{{ time.now() + time.minute * 10 }}
+```

From 638248c9ea1e6db2390b56cab832bc8fc53c951b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Oct 2022 23:11:05 +0200
Subject: [PATCH 0438/2268] docs: Rename all _index.md files to README.md

---
 docs/{_index.md => README.md}                                     | 0
 docs/reference/{_index.md => README.md}                           | 0
 docs/reference/commands/{_index.md => README.md}                  | 0
 docs/reference/deployments/{_index.md => README.md}               | 0
 docs/reference/deployments/annotations/{_index.md => README.md}   | 0
 docs/reference/kluctl-project/{_index.md => README.md}            | 0
 .../kluctl-project/secrets-config/{_index.md => README.md}        | 0
 docs/reference/kluctl-project/targets/{_index.md => README.md}    | 0
 docs/reference/templating/{_index.md => README.md}                | 0
 9 files changed, 0 insertions(+), 0 deletions(-)
 rename docs/{_index.md => README.md} (100%)
 rename docs/reference/{_index.md => README.md} (100%)
 rename docs/reference/commands/{_index.md => README.md} (100%)
 rename docs/reference/deployments/{_index.md => README.md} (100%)
 rename docs/reference/deployments/annotations/{_index.md => README.md} (100%)
 rename docs/reference/kluctl-project/{_index.md => README.md} (100%)
 rename docs/reference/kluctl-project/secrets-config/{_index.md => README.md} (100%)
 rename docs/reference/kluctl-project/targets/{_index.md => README.md} (100%)
 rename docs/reference/templating/{_index.md => README.md} (100%)

diff --git a/docs/_index.md b/docs/README.md
similarity index 100%
rename from docs/_index.md
rename to docs/README.md
diff --git a/docs/reference/_index.md b/docs/reference/README.md
similarity index 100%
rename from docs/reference/_index.md
rename to docs/reference/README.md
diff --git a/docs/reference/commands/_index.md b/docs/reference/commands/README.md
similarity index 100%
rename from docs/reference/commands/_index.md
rename to docs/reference/commands/README.md
diff --git a/docs/reference/deployments/_index.md b/docs/reference/deployments/README.md
similarity index 100%
rename from docs/reference/deployments/_index.md
rename to docs/reference/deployments/README.md
diff --git a/docs/reference/deployments/annotations/_index.md b/docs/reference/deployments/annotations/README.md
similarity index 100%
rename from docs/reference/deployments/annotations/_index.md
rename to docs/reference/deployments/annotations/README.md
diff --git a/docs/reference/kluctl-project/_index.md b/docs/reference/kluctl-project/README.md
similarity index 100%
rename from docs/reference/kluctl-project/_index.md
rename to docs/reference/kluctl-project/README.md
diff --git a/docs/reference/kluctl-project/secrets-config/_index.md b/docs/reference/kluctl-project/secrets-config/README.md
similarity index 100%
rename from docs/reference/kluctl-project/secrets-config/_index.md
rename to docs/reference/kluctl-project/secrets-config/README.md
diff --git a/docs/reference/kluctl-project/targets/_index.md b/docs/reference/kluctl-project/targets/README.md
similarity index 100%
rename from docs/reference/kluctl-project/targets/_index.md
rename to docs/reference/kluctl-project/targets/README.md
diff --git a/docs/reference/templating/_index.md b/docs/reference/templating/README.md
similarity index 100%
rename from docs/reference/templating/_index.md
rename to docs/reference/templating/README.md

From d7b9b1c2e4cb54f05185ae501ed8ed8ddbee986a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Oct 2022 09:15:26 +0200
Subject: [PATCH 0439/2268] docs: Document kluctl.io/validate-ignore

---
 docs/reference/deployments/annotations/validation.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/reference/deployments/annotations/validation.md b/docs/reference/deployments/annotations/validation.md
index df528c164..f291a837c 100644
--- a/docs/reference/deployments/annotations/validation.md
+++ b/docs/reference/deployments/annotations/validation.md
@@ -14,3 +14,6 @@ are added to the validation result, which is then returned by the validate comma
 
 The annotation key is dynamic, meaning that all annotations that begin with `validate-result.kluctl.io/` are taken
 into account.
+
+### kluctl.io/validate-ignore
+If this annotation is set to `true`, the object will be ignored while `kluctl validate` is run.
\ No newline at end of file

From 91ab5bf74666efa988947aa40c99e8e9d6e4fa3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 15:04:59 +0200
Subject: [PATCH 0440/2268] docs: Prepare docs to be syncable to www-kluctl.io

---
 README.md                                     | 24 ++++---
 docs/README.md                                | 62 +++----------------
 docs/concepts.md                              |  5 ++
 docs/get-started.md                           | 28 ++++-----
 docs/history.md                               |  5 ++
 docs/installation.md                          | 41 ++++++++++--
 docs/philosophy.md                            |  5 ++
 docs/reference/README.md                      |  9 +++
 docs/reference/commands/README.md             | 22 +++++++
 docs/reference/commands/common-arguments.md   |  5 ++
 docs/reference/commands/delete.md             |  3 +
 docs/reference/commands/deploy.md             |  3 +
 docs/reference/commands/diff.md               |  3 +
 .../commands/environment-variables.md         |  3 +
 docs/reference/commands/helm-pull.md          |  3 +
 docs/reference/commands/helm-update.md        |  3 +
 docs/reference/commands/list-images.md        |  3 +
 docs/reference/commands/list-targets.md       |  3 +
 docs/reference/commands/poke-images.md        |  3 +
 docs/reference/commands/prune.md              |  3 +
 docs/reference/commands/render.md             |  3 +
 docs/reference/commands/seal.md               |  3 +
 docs/reference/commands/validate.md           |  3 +
 docs/reference/deployments/README.md          | 14 +++++
 .../deployments/annotations/README.md         | 10 +++
 .../deployments/annotations/all-resources.md  |  5 ++
 .../deployments/annotations/hooks.md          |  6 ++
 .../deployments/annotations/kustomization.md  |  5 ++
 .../deployments/annotations/validation.md     |  5 ++
 docs/reference/deployments/deployment-yml.md  |  5 ++
 docs/reference/deployments/helm.md            |  5 ++
 docs/reference/deployments/hooks.md           |  5 ++
 docs/reference/deployments/images.md          |  5 ++
 docs/reference/deployments/kustomize.md       |  5 ++
 docs/reference/deployments/readiness.md       |  5 ++
 docs/reference/deployments/tags.md            |  5 ++
 docs/reference/kluctl-project/README.md       | 10 ++-
 .../kluctl-project/secrets-config/README.md   |  5 ++
 .../kluctl-project/targets/README.md          |  5 ++
 .../kluctl-project/targets/dynamic-targets.md |  5 ++
 docs/reference/sealed-secrets.md              |  7 ++-
 docs/reference/templating/README.md           | 12 ++++
 docs/reference/templating/filters.md          |  5 ++
 docs/reference/templating/functions.md        |  5 ++
 .../templating/predefined-variables.md        |  5 ++
 docs/reference/templating/variable-sources.md |  5 ++
 install/README.md                             | 40 +-----------
 47 files changed, 308 insertions(+), 121 deletions(-)

diff --git a/README.md b/README.md
index c19f8f86f..899b40f2e 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,6 @@
 
 <img alt="kluctl" src="logo/kluctl.svg" width="200"/>
 
-<!-- copied from https://kluctl.io/docs -->
-
 Kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
 Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
 line interface.
@@ -25,17 +23,29 @@ local machine, from your CI/CD pipelines or any automation platform/system that
 
 Flux support is in alpha stadium and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
 
-## Installation
+## What can I do with Kluctl?
+
+Kluctl allows you to define a Kluctl project, which in turn defines Kluctl
+deployments and sub-deployments. Each Kluctl deployment defines Kustomize deployments.
+
+A Kluctl project also defines targets, which represent your target environments
+and/or clusters.
+
+The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
 
-See [installation](./install).
+## Where do I start?
+
+Installation instructions can be found [here](./docs/installation.md). For a getting started guide, continue
+[here](./docs/get-started.md).
 
 ## Documentation
 
-Documentation can be found here: https://kluctl.io/docs
+Documentation, news and blog posts can be found on https://kluctl.io.
 
-## Kluctl in Short
+The underlying documentation is synced from this repo (look into ./docs) to the website whenever something is merged
+into main.
 
-<!-- copied from https://kluctl.io/docs -->
+## Kluctl in Short
 
 |     |     |
 | --- | --- |
diff --git a/docs/README.md b/docs/README.md
index c6a4cdaa4..f9311fca4 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Kluctl Documentation"
 linkTitle: "Docs"
@@ -8,60 +10,16 @@ menu:
   main:
     weight: 20
 ---
+-->
 
-Kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
-Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
-line interface.
-
-Kluctl tries to be as flexible as possible, while remaining as simple as possible. It reuses established
-tools (e.g. Kustomize and Helm), making it possible to re-use a large set of available third-party deployments.
-
-Kluctl is centered around "targets", which can be a cluster or a specific environment (e.g. test, dev, prod, ...) on one
-or multiple clusters. Targets can be deployed, diffed, pruned, deleted, and so on. The idea is to have the same set of
-operations for every target, no matter how simple or complex the deployment and/or target is.
-
-Kluctl does not depend on external operators/controllers and allows to use the same deployment wherever you want,
-as long as access to the kluctl project and clusters is available. This means, that you can use it from your 
-local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
-
-Flux support is in alpha state and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
-
-## Kluctl in Short
-
-<!-- borrowed from ./content/en/_index.html -->
-
-|     |     |
-| --- | --- |
-| 💪 Kluctl handles all your deployments | You can manage all your deployments with Kluctl, including infrastructure related and your applications. |
-| 🪶 Complex or simple, all the same | You can manage complex and simple deployments with Kluctl. Simple deployments are lightweight while complex deployment are easily manageable. |
-| 🤖 Native git support | Kluctl has native Git support integrated, meaning that it can easily deploy remote Kluctl projects or externalize parts (e.g. configuration) of your Kluctl project. |
-| 🪐 Multiple environments | Deploy the same deployment to multiple environments (dev, test, prod, ...), with flexible differences in configuration. |
-| 🌌 Multiple clusters | Manage multiple target clusters (in multiple clouds or bare-metal if you want). |
-| 🔩 Configuration and Templating | Kluctl allows to use templating in nearly all places, making it easy to have dynamic configuration. |
-| ⎈ Helm and Kustomize | The Helm and Kustomize integrations allow you to reuse plenty of third-party charts and kustomizations. |
-| 🔍 See what's different | Always know what the state of your deployments is by being able to run diffs on the whole deployment. |
-| 🔎 See what happened | Always know what you actually changed after performing a deployment. |
-| 💥 Know what went wrong | Kluctl will show you what part of your deployment failed and why. |
-| 👐 Live and let live | Kluctl tries to not interfere with any other tools or operators. This is possible due to it's use of server-side-apply. |
-| 🧹 Keep it clean | Keep your clusters clean by issuing regular prune calls. |
-| 🔐 Encrypted Secrets | Manage encrypted secrets for multiple target environments and clusters. |
-
-## What can I do with Kluctl?
-
-Kluctl allows you to define a Kluctl project, which in turn defines Kluctl
-deployments and sub-deployments. Each Kluctl deployment defines Kustomize deployments.
-
-A Kluctl project also defines targets, which represent your target environments
-and/or clusters.
-
-The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
-
-## Where do I start?
+# Table of Contents
 
-{{% alert title="Get started with Kluctl!" %}}
-Following this [guide]({{< ref "docs/get-started" >}}) will just take a couple of minutes to complete:
-After installing `kluctl`, you can either check out the [example]({{< ref "docs/guides/examples" >}}) or [tutorials]({{< ref "docs/guides/tutorials" >}}).
-{{% /alert %}}
+1. [Get Started](./get-started.md)
+2. [Core Concepts](./concepts.md)
+3. [Installation](./installation)
+4. [Philosophy](./philosophy.md)
+5. [History](./history.md)
+6. [Reference](./reference)
 
 <!-- TODO
 ## Community
diff --git a/docs/concepts.md b/docs/concepts.md
index 583b8ccbe..b1ff352a0 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -1,8 +1,13 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: Core Concepts
 description: Core Concepts of Kluctl.
 weight: 10
 ---
+-->
+
+# Core Concepts
 
 These are some core concepts in Kluctl.
 
diff --git a/docs/get-started.md b/docs/get-started.md
index d8868313b..711235908 100644
--- a/docs/get-started.md
+++ b/docs/get-started.md
@@ -1,11 +1,16 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Get Started with Kluctl"
 linkTitle: "Get Started"
 description: "Get Started with Kluctl."
 weight: 20
 ---
+-->
+
+# Get Started
 
-This tutorial shows you how to bootstrap Flux to a Kubernetes cluster and deploy a sample application in a GitOps manner.
+This tutorial shows you how to start using kluctl.
 
 ## Before you begin
 
@@ -15,7 +20,7 @@ A few things must be prepared before you actually begin.
 
 The first step is of course: You need a kubernetes cluster. It doesn't really matter where this cluster is hosted, if
 it's a local (e.g. [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)) cluster, managed cluster, or a self-hosted
-cluster, kops or kubespray based, AWS, GCE, Azure, ... and so on. kluctl
+cluster, kops or kubespray based, AWS, GCE, Azure, ... and so on. Kluctl
 is completely independent of how Kubernetes is deployed and where it is hosted.
 
 There is however a minimum Kubernetes version that must be met: 1.20.0. This is due to the heavy use of server-side apply
@@ -29,7 +34,7 @@ then you'd have to ensure that the kubeconfig context `test.example.com` is corr
 cluster.
 
 See [Configure Access to Multiple Clusters](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/) for documentation
-on how to manage multiple clusters with a single kubeconfig. Depending on the Kubernets provisioning/deployment tooling
+on how to manage multiple clusters with a single kubeconfig. Depending on the Kubernetes provisioning/deployment tooling
 you used, you might also be able to directly export the context into your local kubeconfig. For example,
 [kops](https://github.com/kubernetes/kops/blob/master/docs/cli/kops_export.md) is able to export and merge the kubeconfig
 for a given cluster.
@@ -42,15 +47,8 @@ for a given cluster.
 
 ## Install Kluctl
 
-The `kluctl` command-line interface (CLI) is required to perform deployments.
-
-To install the CLI with Homebrew run:
-
-```sh
-brew install kluctl/tap/kluctl
-```
-
-For other installation methods, see the [install documentation]({{< ref "docs/installation" >}}).
+The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](./installation.md)
+to figure out how to install it.
 
 ## Clone the kluctl examples
 
@@ -62,7 +60,7 @@ git clone https://github.com/kluctl/kluctl-examples.git
 
 ## Choose one of the examples
 
-You can choose whatever example you like from the clones repository. We will however continue this guide by referring
+You can choose whatever example you like from the cloned repository. We will however continue this guide by referring
 to the `simple-helm` example found in that repository. Change the current directory:
 
 ```sh
@@ -115,5 +113,5 @@ You should need 2 instances of the nginx POD running now.
 
 ## Where to continue?
 
-Continue by reading through the [tutorials]({{< ref "docs/guides/tutorials" >}}) and by consulting
-the [reference documentation]({{< ref "reference" >}}).
+Continue by reading through the [tutorials](https://kluctl.io/docs/guides/tutorials/) and by consulting
+the [reference documentation](./reference).
diff --git a/docs/history.md b/docs/history.md
index a1baceb2a..f2f6fad8a 100644
--- a/docs/history.md
+++ b/docs/history.md
@@ -1,9 +1,14 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "History"
 linkTitle: "History"
 weight: 40
 description: "The history of kluctl."
 ---
+-->
+
+# History
 
 Kluctl was created after multiple incarnations of complex multi-environment (e.g. dev, test, prod) deployments, including everything
 from monitoring, persistency and the actual custom services. The philosophy of these deployments was always
diff --git a/docs/installation.md b/docs/installation.md
index 94ae4641a..3bf922ec7 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -1,18 +1,22 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Installation"
 linkTitle: "Installation"
 weight: 20
 description: "Installing kluctl."
 ---
+-->
 
-## Install kluctl
+# Installation
+
+## Binaries
 
 The kluctl CLI is available as a binary executable for all major platforms,
 the binaries can be downloaded form GitHub
 [releases page](https://github.com/kluctl/kluctl/releases).
 
-{{% tabs %}}
-{{% tab "Homebrew" %}}
+## Installation with Homebrew
 
 With [Homebrew](https://brew.sh) for macOS and Linux:
 
@@ -20,8 +24,7 @@ With [Homebrew](https://brew.sh) for macOS and Linux:
 brew install kluctl/tap/kluctl
 ```
 
-{{% /tab %}}
-{{% tab "bash" %}}
+## Installation with Bash
 
 With [Bash](https://www.gnu.org/software/bash/) for macOS and Linux:
 
@@ -29,7 +32,33 @@ With [Bash](https://www.gnu.org/software/bash/) for macOS and Linux:
 curl -s https://kluctl.io/install.sh | bash
 ```
 
-{{% /tab %}}
+The install script does the following:
+* attempts to detect your OS
+* downloads and unpacks the release tar file in a temporary directory
+* copies the kluctl binary to `/usr/local/bin`
+* removes the temporary directory
+
+## Build from source
+
+Clone the repository:
+
+```bash
+git clone https://github.com/kluctl/kluctl
+cd kluctl
+```
+
+Build the `kluctl` binary (requires go >= 1.19):
+
+```bash
+make build
+```
+
+Run the binary:
+
+```bash
+./bin/kluctl -h
+```
+
 
 <!-- TODO uncomment when chocolatey support is implemented
 {{% tab "Chocolatey" %}}
diff --git a/docs/philosophy.md b/docs/philosophy.md
index 580b9f397..87065ee15 100644
--- a/docs/philosophy.md
+++ b/docs/philosophy.md
@@ -1,9 +1,14 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Philosophy"
 linkTitle: "Philosophy"
 weight: 30
 description: "The philosophy behind kluctl."
 ---
+-->
+
+# Philosophy
 
 Kluctl tries to follow a few basic ideas and a philosophy. Project and deployments structure, as well as all commands
 are centered on these.
diff --git a/docs/reference/README.md b/docs/reference/README.md
index 06d1ad3b4..98ee9a446 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Reference"
 linkTitle: "Reference"
@@ -5,4 +7,11 @@ description: >
   Description of configuration files and commands
 weight: 110
 ---
+-->
+
+# Table of Contents
 
+1. [.kluctl.yaml](./kluctl-project)
+2. [Deployments](./deployments)
+3. [Sealed Secrets](./sealed-secrets.md)
+4. [Kluctl Commands](./commands)
diff --git a/docs/reference/commands/README.md b/docs/reference/commands/README.md
index 438c870aa..1fe1a1923 100644
--- a/docs/reference/commands/README.md
+++ b/docs/reference/commands/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Commands"
 linkTitle: "Commands"
@@ -5,6 +7,9 @@ weight: 10
 description: >
     Description of available commands.
 ---
+-->
+
+# Commands
 
 kluctl offers a unified command line interface that allows to standardize all your deployments. Every project,
 no matter how different it is from other projects, is managed the same way.
@@ -12,3 +17,20 @@ no matter how different it is from other projects, is managed the same way.
 You can always call `kluctl --help` or `kluctl <command> --help` for a help prompt.
 
 Individual commands are documented in sub-sections.
+
+## Table of Contents
+
+1. [Common Arguments](./common-arguments.md)
+2. [Environment Variables](./environment-variables.md)
+3. [delete](./delete.md)
+4. [deploy](./deploy.md)
+5. [diff](./diff.md)
+6. [helm-pull](./helm-pull.md)
+7. [helm-update](./helm-update.md)
+8. [list-images](./list-images.md)
+9. [list-targets](./list-targets.md)
+10. [poke-images](./poke-images.md)
+11. [prune](./prune.md)
+12. [render](./render.md)
+13. [seal](./seal.md)
+14. [validate](./validate.md)
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 429d78235..9cfe45558 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Common Arguments"
 linkTitle: "Common Arguments"
@@ -5,6 +7,9 @@ weight: 1
 description: >
     Common arguments
 ---
+-->
+
+# Common Arguments
 
 A few sets of arguments are common between multiple commands. These arguments are still part of the command itself and
 must be placed *after* the command name.
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index d2753f4b4..70483166f 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "delete"
 linkTitle: "delete"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     delete command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "delete" "Usage" false -->
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 2114ac54c..7ecfc1b24 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "deploy"
 linkTitle: "deploy"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     deploy command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "deploy" "Usage" false -->
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index 3af235dd6..c9d4546f4 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "diff"
 linkTitle: "diff"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     diff command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "diff" "Usage" false -->
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index 9bc60def5..6db995487 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Environment Variables"
 linkTitle: "Environment Variables"
@@ -5,6 +7,7 @@ weight: 2
 description: >
     Controlling Kluctl via environment variables
 ---
+-->
 
 In addition to arguments, Kluctl can be controlled via a set of environment variables.
 
diff --git a/docs/reference/commands/helm-pull.md b/docs/reference/commands/helm-pull.md
index 576324be4..80fb685a3 100644
--- a/docs/reference/commands/helm-pull.md
+++ b/docs/reference/commands/helm-pull.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "helm-pull"
 linkTitle: "helm-pull"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     helm-pull command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "helm-pull" "Usage" false -->
diff --git a/docs/reference/commands/helm-update.md b/docs/reference/commands/helm-update.md
index a9e71f641..e1a526ae8 100644
--- a/docs/reference/commands/helm-update.md
+++ b/docs/reference/commands/helm-update.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "helm-update"
 linkTitle: "helm-update"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     helm-update command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "helm-update" "Usage" false -->
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index cf56b6af1..ce0f2aaba 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "list-images"
 linkTitle: "list-images"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     list-images command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "list-images" "Usage" false -->
diff --git a/docs/reference/commands/list-targets.md b/docs/reference/commands/list-targets.md
index 3ef135116..f99d5b2e0 100644
--- a/docs/reference/commands/list-targets.md
+++ b/docs/reference/commands/list-targets.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "list-targets"
 linkTitle: "list-targets"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     list-targets command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "list-targets" "Usage" false -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 2a0aa64f2..585ae6d47 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "poke-images"
 linkTitle: "poke-images"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     poke-images command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "poke-images" "Usage" false -->
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index f019404ac..a895db0e8 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "prune"
 linkTitle: "prune"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     prune command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "prune" "Usage" false -->
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index f4869433b..c2b626415 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "render"
 linkTitle: "render"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     render command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "render" "Usage" false -->
diff --git a/docs/reference/commands/seal.md b/docs/reference/commands/seal.md
index e87b720eb..ee99cba1c 100644
--- a/docs/reference/commands/seal.md
+++ b/docs/reference/commands/seal.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "seal"
 linkTitle: "seal"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     seal command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "seal" "Usage" false -->
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index d27b9f59d..5ff5a0a6e 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "validate"
 linkTitle: "validate"
@@ -5,6 +7,7 @@ weight: 10
 description: >
     validate command
 ---
+-->
 
 ## Command
 <!-- BEGIN SECTION "validate" "Usage" false -->
diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index de97255a3..08c0d07d9 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Deployments"
 linkTitle: "Deployments"
@@ -5,6 +7,18 @@ weight: 2
 description: >
     Deployments and sub-deployments.
 ---
+-->
+
+# Table of Contents
+
+1. [deployment.yaml](./deployment-yml.md)
+2. [Kustomize Integration](./kustomize.md)
+3. [Container Images](./images.md)
+4. [Helm Integration](./helm.md)
+5. [Hooks](./hooks.md)
+6. [Readiness](./readiness.md)
+7. [Tags](./tags.md)
+8. [Annotations](./annotations)
 
 A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
 [Kustomize]({{< ref "./kustomize" >}}) deployments, but can also integrate [Helm Charts]({{< ref "./helm" >}}).
diff --git a/docs/reference/deployments/annotations/README.md b/docs/reference/deployments/annotations/README.md
index a4187a3e9..398001649 100644
--- a/docs/reference/deployments/annotations/README.md
+++ b/docs/reference/deployments/annotations/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Annotations"
 linkTitle: "Annotations"
@@ -5,3 +7,11 @@ weight: 10
 description: >
     Annotations usable in Kubernetes resources.
 ---
+-->
+
+# Table of Contents
+
+1. [All Resources](./all-resources.md)
+2. [Hooks](./hooks.md)
+3. [Validation](./validation.md)
+4. [Kustomize](./kustomization.md)
diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
index c77c2604f..5f2ee3327 100644
--- a/docs/reference/deployments/annotations/all-resources.md
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "All resources"
 linkTitle: "All resources"
@@ -5,6 +7,9 @@ weight: 1
 description: >
   Annotations on all resources
 ---
+-->
+
+# All resources
 
 The following annotations control the behavior of the `deploy` and related commands.
 
diff --git a/docs/reference/deployments/annotations/hooks.md b/docs/reference/deployments/annotations/hooks.md
index c937cc95e..ca946554e 100644
--- a/docs/reference/deployments/annotations/hooks.md
+++ b/docs/reference/deployments/annotations/hooks.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Hooks"
 linkTitle: "Hooks"
@@ -5,6 +7,10 @@ weight: 2
 description: >
   Annotations on hooks
 ---
+-->
+
+# Hooks
+
 The following annotations control hook execution
 
 See [hooks]({{< ref "docs/reference/deployments/hooks" >}}) for more details.
diff --git a/docs/reference/deployments/annotations/kustomization.md b/docs/reference/deployments/annotations/kustomization.md
index 8c2f98e0d..dfdcbf661 100644
--- a/docs/reference/deployments/annotations/kustomization.md
+++ b/docs/reference/deployments/annotations/kustomization.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Kustomize"
 linkTitle: "Kustomize"
@@ -5,6 +7,9 @@ weight: 4
 description: >
   Annotations on the kustomization.yaml resource
 ---
+-->
+
+# Kustomize
 
 Even though the `kustomization.yaml` from Kustomize deployments are not really Kubernetes resources (as they are not
 really deployed), they have the same structure as Kubernetes resources. This also means that the `kustomization.yaml`
diff --git a/docs/reference/deployments/annotations/validation.md b/docs/reference/deployments/annotations/validation.md
index f291a837c..d4720d2e4 100644
--- a/docs/reference/deployments/annotations/validation.md
+++ b/docs/reference/deployments/annotations/validation.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Validation"
 linkTitle: "Validation"
@@ -5,6 +7,9 @@ weight: 3
 description: >
     Annotations to control validation
 ---
+-->
+
+# Validation
 
 The following annotations influence the [validate]({{< ref "docs/reference/commands/validate" >}}) command.
 
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index bb22bac01..ab36ffc00 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "deployment.yaml"
 linkTitle: "deployment.yaml"
@@ -5,6 +7,9 @@ weight: 1
 description: >
     Structure of deployment.yaml.
 ---
+-->
+
+# Deployments
 
 The `deployment.yaml` file is the entrypoint for the deployment project. Included sub-deployments also provide a
 `deployment.yaml` file with the same structure as the initial one.
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 0bc1733d9..2d8dab7b4 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Helm Integration"
 linkTitle: "Helm Integration"
@@ -5,6 +7,9 @@ weight: 3
 description: >
     How Helm is integrated into Kluctl.
 ---
+-->
+
+# Helm Integration
 
 kluctl offers a simple-to-use Helm integration, which allows you to reuse many common third-party Helm Charts.
 
diff --git a/docs/reference/deployments/hooks.md b/docs/reference/deployments/hooks.md
index db83a5a5b..9764f0051 100644
--- a/docs/reference/deployments/hooks.md
+++ b/docs/reference/deployments/hooks.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Hooks"
 linkTitle: "Hooks"
@@ -5,6 +7,9 @@ weight: 4
 description: >
     Kluctl hooks.
 ---
+-->
+
+# Hooks
 
 Kluctl supports hooks in a similar fashion as known from Helm Charts. Hooks are executed/deployed before and/or after the
 actual deployment of a kustomize deployment.
diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
index 3c419381c..6f2a7e3cb 100644
--- a/docs/reference/deployments/images.md
+++ b/docs/reference/deployments/images.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Container Images"
 linkTitle: "Container Images"
@@ -5,6 +7,9 @@ weight: 3
 description: >
     Dynamic configuration of container images.
 ---
+-->
+
+# Container Images
 
 There are usually 2 different scenarios where Container Images need to be specified:
 1. When deploying third party applications like nginx, redis, ... (e.g. via the [Helm integration]({{< ref "./helm" >}})). <br>
diff --git a/docs/reference/deployments/kustomize.md b/docs/reference/deployments/kustomize.md
index d2099397c..bcf694096 100644
--- a/docs/reference/deployments/kustomize.md
+++ b/docs/reference/deployments/kustomize.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Kustomize Integration"
 linkTitle: "Kustomize Integration"
@@ -5,6 +7,9 @@ weight: 2
 description: >
     How Kustomize is integrated into Kluctl
 ---
+-->
+
+# Kustomize Integration
 
 kluctl uses [kustomize](https://kustomize.io/) to render final resources. This means, that the finest/lowest
 level in kluctl is represented with kustomize deployments. These kustomize deployments can then perform further
diff --git a/docs/reference/deployments/readiness.md b/docs/reference/deployments/readiness.md
index 4712fc172..d571f969f 100644
--- a/docs/reference/deployments/readiness.md
+++ b/docs/reference/deployments/readiness.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Readiness"
 linkTitle: "Readiness"
@@ -5,6 +7,9 @@ weight: 5
 description:
   Definition of readiness.
 ---
+-->
+
+# Readiness
 
 There are multiple places where kluctl can wait for "readiness" of resources, e.g. for hooks or when `waitReadiness` is
 specified on a deployment item. Readiness depends on the resource kind, e.g. for a Job, kluctl would wait until it
diff --git a/docs/reference/deployments/tags.md b/docs/reference/deployments/tags.md
index bf2a00d86..9501d0845 100644
--- a/docs/reference/deployments/tags.md
+++ b/docs/reference/deployments/tags.md
@@ -1,8 +1,13 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Tags"
 linkTitle: "Tags"
 weight: 6
 ---
+-->
+
+# Tags
 
 Every kustomize deployment has a set of tags assigned to it. These tags are defined in multiple places, which is
 documented in [deployment.yaml]({{< ref "./deployment-yml" >}}). Look for the `tags` field, which is available in multiple places per
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 32d6bd66b..eedd06aaa 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Kluctl project (.kluctl.yaml)"
 linkTitle: ".kluctl.yaml"
@@ -5,6 +7,9 @@ weight: 1
 description: >
     Kluctl project configuration, found in the .kluctl.yaml file.
 ---
+-->
+
+# Kluctl project
 
 The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines where the actual
 [deployment project]({{< ref "docs/reference/deployments" >}}) is located,
@@ -57,4 +62,7 @@ secretsConfig:
 
 ## Allowed fields
 
-Please check the sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
+Please check the following sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
+
+1. [targets](./targets)
+2. [secretsConfig](./secrets-config)
diff --git a/docs/reference/kluctl-project/secrets-config/README.md b/docs/reference/kluctl-project/secrets-config/README.md
index 4aa9394f1..41663bdb2 100644
--- a/docs/reference/kluctl-project/secrets-config/README.md
+++ b/docs/reference/kluctl-project/secrets-config/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "secretsConfig"
 linkTitle: "secretsConfig"
@@ -5,6 +7,9 @@ weight: 4
 description: >
   Optional, defines where to load secrets from.
 ---
+-->
+
+# secretsConfig
 
 This configures how secrets are retrieved while sealing. It is basically a list of named secret sets which can be
 referenced from targets.
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index 63951d5f0..9349cc476 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "targets"
 linkTitle: "targets"
@@ -5,6 +7,9 @@ weight: 4
 description: >
   Required, defines targets for this kluctl project.
 ---
+-->
+
+# targets
 
 Specifies a list of targets for which commands can be invoked. A target puts together environment/target specific
 configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
diff --git a/docs/reference/kluctl-project/targets/dynamic-targets.md b/docs/reference/kluctl-project/targets/dynamic-targets.md
index f15ed7506..158262cdc 100644
--- a/docs/reference/kluctl-project/targets/dynamic-targets.md
+++ b/docs/reference/kluctl-project/targets/dynamic-targets.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Dynamic Targets"
 linkTitle: "Dynamic Targets"
@@ -5,6 +7,9 @@ weight: 1
 description: >
     Dynamically defined targets.
 ---
+-->
+
+# Dynamic Targets
 
 Targets can also be "dynamic", meaning that additional configuration can be sourced from another git repository.
 This can be based on a single target repository and branch, or on a target repository and branch/ref pattern, resulting
diff --git a/docs/reference/sealed-secrets.md b/docs/reference/sealed-secrets.md
index fd9bf6fb3..8c7ebca61 100644
--- a/docs/reference/sealed-secrets.md
+++ b/docs/reference/sealed-secrets.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Sealed Secrets"
 linkTitle: "Sealed Secrets"
@@ -5,13 +7,16 @@ weight: 2
 description: >
     Sealed Secrets integration
 ---
+-->
+
+# Sealed Secrets
 
 kluctl has an integration for [sealed secrets](https://github.com/bitnami-labs/sealed-secrets), allowing you to
 securely store secrets for multiple target clusters and/or environments inside version control.
 
 The integration consists of two parts:
 1. Sealing of secrets
-1. Automatically choosing and deploying the correct sealed secrets for a target
+2. Automatically choosing and deploying the correct sealed secrets for a target
 
 ## Requirements
 
diff --git a/docs/reference/templating/README.md b/docs/reference/templating/README.md
index ddef4c163..fc2a26c3b 100644
--- a/docs/reference/templating/README.md
+++ b/docs/reference/templating/README.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Templating"
 linkTitle: "Templating"
@@ -5,6 +7,16 @@ weight: 2
 description: >
     Templating Engine.
 ---
+-->
+
+# Table of Contents
+
+1. [Predefined Variables](./predefined-variables.md)
+2. [Variable Sources](./variable-sources.md)
+3. [Filters](./filters.md)
+4. [Functions](./functions.md)
+
+# Templating
 
 kluctl uses a Jinja2 Templating engine to pre-process/render every involved configuration file and resource before
 actually interpreting it. Only files that are explicitly excluded via [.templateignore files](#templateignore)
diff --git a/docs/reference/templating/filters.md b/docs/reference/templating/filters.md
index 0f556d1f3..6495f57cd 100644
--- a/docs/reference/templating/filters.md
+++ b/docs/reference/templating/filters.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Filters"
 linkTitle: "Filters"
@@ -5,6 +7,9 @@ weight: 3
 description: >
     Available filters.
 ---
+-->
+
+# Filters
 
 In addition to the [builtin Jinja2 filters](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-builtin-filters),
 kluctl provides a few additional filters:
diff --git a/docs/reference/templating/functions.md b/docs/reference/templating/functions.md
index 50c474ff9..ad4894474 100644
--- a/docs/reference/templating/functions.md
+++ b/docs/reference/templating/functions.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Functions"
 linkTitle: "Functions"
@@ -5,6 +7,9 @@ weight: 4
 description: >
     Available functions.
 ---
+-->
+
+# Functions
 
 In addition to the provided
 [builtin global functions](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-global-functions),
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
index a5aabcee1..75c962937 100644
--- a/docs/reference/templating/predefined-variables.md
+++ b/docs/reference/templating/predefined-variables.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Predefined Variables"
 linkTitle: "Predefined Variables"
@@ -5,6 +7,9 @@ weight: 1
 description: >
     Available predefined variables.
 ---
+-->
+
+# Predefined Variables
 
 There are multiple variables available which are pre-defined by kluctl. These are:
 
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 34ea6bf09..368e15eb6 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -1,3 +1,5 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
 ---
 title: "Variable Sources"
 linkTitle: "Variable Sources"
@@ -5,6 +7,9 @@ weight: 2
 description: >
   Available variable sources.
 ---
+-->
+
+# Variable Sources
 
 There are multiple places in deployment projects (deployment.yaml) where additional variables can be loaded into
 future Jinja2 contexts.
diff --git a/install/README.md b/install/README.md
index a02fc9390..12aca8ecb 100644
--- a/install/README.md
+++ b/install/README.md
@@ -1,41 +1,3 @@
 # kluctl Installation
 
-Binaries for macOS and Linux AMD64 are available for download on the
-[release page](https://github.com/kluctl/kluctl/releases).
-
-To install the latest release run:
-
-```bash
-curl -s https://raw.githubusercontent.com/kluctl/kluctl/main/install/kluctl.sh | bash
-```
-
-The install script does the following:
-* attempts to detect your OS
-* downloads and unpacks the release tar file in a temporary directory
-* copies the kluctl binary to `/usr/local/bin`
-* removes the temporary directory
-
-## Alternative installation methods
-
-See https://kluctl.io/docs/installation for alternative installation methods.
-
-## Build from source
-
-Clone the repository:
-
-```bash
-git clone https://github.com/kluctl/kluctl
-cd kluctl
-```
-
-Build the `kluctl` binary (requires go >= 1.18 and python >= 3.10):
-
-```bash
-make build
-```
-
-Run the binary:
-
-```bash
-./bin/kluctl -h
-```
+Read [installation](../docs/installation.md) for instructions.

From ef2c8979a06cea33cc039131f9b9cd9d89274fd1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 15:49:18 +0200
Subject: [PATCH 0441/2268] ci: Use make in CI build

---
 .github/workflows/tests.yml | 48 +++++++++++++------------------------
 Makefile                    | 17 ++++++++-----
 2 files changed, 28 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 012806f23..6caae2381 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -30,42 +30,28 @@ jobs:
           go test ./cmd/... ./pkg/... -v
       - name: Build kluctl (linux)
         run: |
-          export CGO_ENABLED=0
-          export GOARCH=amd64
-          export GOOS=linux
-          go build
-          go test -c ./e2e
-          mv kluctl kluctl-linux-amd64
-          mv e2e.test e2e.test-linux-amd64
+          make build GOARCH=amd64 GOOS=linux
+          make test-e2e-build GOARCH=amd64 GOOS=linux
+          mv ./bin/kluctl ./bin/kluctl-linux-amd64
+          mv ./bin/kluctl-e2e ./bin/kluctl-e2e-linux-amd64
       - name: Build kluctl (darwin)
         run: |
-          export CGO_ENABLED=0
-          export GOARCH=amd64
-          export GOOS=darwin
-          go build
-          go test -c ./e2e
-          mv kluctl kluctl-darwin-amd64
-          mv e2e.test e2e.test-darwin-amd64
+          make build GOARCH=amd64 GOOS=darwin
+          make test-e2e-build GOARCH=amd64 GOOS=darwin
+          mv ./bin/kluctl ./bin/kluctl-darwin-amd64
+          mv ./bin/kluctl-e2e ./bin/kluctl-e2e-darwin-amd64
       - name: Build kluctl (windows)
         run: |
-          export CGO_ENABLED=0
-          export GOARCH=amd64
-          export GOOS=windows
-          go build
-          go test -c ./e2e
-          mv kluctl.exe kluctl-windows-amd64.exe
-          mv e2e.test.exe e2e.test-windows-amd64.exe
+          make build GOARCH=amd64 GOOS=windows
+          make test-e2e-build GOARCH=amd64 GOOS=windows
+          mv ./bin/kluctl.exe ./bin/kluctl-windows-amd64.exe
+          mv ./bin/kluctl-e2e.exe ./bin/kluctl-e2e-windows-amd64.exe
       - name: Upload binaries
         uses: actions/upload-artifact@v2
         with:
-          name: binaries
+          name: bin
           path: |
-            kluctl-linux-amd64
-            kluctl-darwin-amd64
-            kluctl-windows-amd64.exe
-            e2e.test-linux-amd64
-            e2e.test-darwin-amd64
-            e2e.test-windows-amd64.exe
+            ./bin
 
   tests:
     strategy:
@@ -110,8 +96,8 @@ jobs:
             EXE=.exe
           fi
 
-          chmod +x ./binaries/*
-          mv ./binaries/e2e.test-${{ matrix.binary-suffix }}$EXE ./e2e.test$EXE
+          chmod +x ./bin/*
+          mv ./bin/kluctl-${{ matrix.binary-suffix }}$EXE ./kluctl$EXE
+          mv ./bin/kluctl-e2e-${{ matrix.binary-suffix }}$EXE ./kluctl-e2e$EXE
 
-          export KLUCTL_EXE=./binaries/kluctl-${{ matrix.binary-suffix }}$EXE
           make test-e2e-pre-built
diff --git a/Makefile b/Makefile
index d8a176b7f..b20f9f51e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,14 @@
 # Based on the work of Thomas Poignant (thomaspoignant)
 # https://gist.github.com/thomaspoignant/5b72d579bd5f311904d973652180c705
+EXE=
+ifeq ($(GOOS), windows)
+EXE=.exe
+endif
 GOCMD=go
 GOTEST=$(GOCMD) test
 GOVET=$(GOCMD) vet
-BINARY_NAME=kluctl
-TEST_BINARY_NAME=kluctl-e2e
-REQUIRED_ENV_VARS=GOOS GOARCH
+BINARY_NAME=kluctl$(EXE)
+TEST_BINARY_NAME=kluctl-e2e$(EXE)
 EXPORT_RESULT?=false
 
 # If gobin not set, create one on ./build and add to path.
@@ -72,11 +75,13 @@ endif
 test: test-unit test-e2e ## Runs the complete test suite
 
 KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
-test-e2e: install-envtest ## Runs the end to end tests
-	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -o ./bin/$(TEST_BINARY_NAME) ./e2e -test.v
+test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
+
+test-e2e-build: ## Builds the end to end tests
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
 
 test-e2e-pre-built: install-envtest
-	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./e2e.test -test.v
+	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v
 
 test-unit: ## Run the unit tests of the project
 ifeq ($(EXPORT_RESULT), true)

From 3e4e5ff475c03c757c76dd30cc6b25b4d58deae2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 15:50:36 +0200
Subject: [PATCH 0442/2268] chore: Add replace-commands-help script and enforce
 up-to-date commands help

---
 .github/workflows/tests.yml            |   9 ++
 Makefile                               |   2 +
 internal/replace-commands-help/main.go | 172 +++++++++++++++++++++++++
 3 files changed, 183 insertions(+)
 create mode 100644 internal/replace-commands-help/main.go

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6caae2381..1b3f73653 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -46,6 +46,15 @@ jobs:
           make test-e2e-build GOARCH=amd64 GOOS=windows
           mv ./bin/kluctl.exe ./bin/kluctl-windows-amd64.exe
           mv ./bin/kluctl-e2e.exe ./bin/kluctl-e2e-windows-amd64.exe
+      - name: Verify commands help is up-to-date
+        run: |
+          make replace-commands-help
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "replace-commands-help must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
       - name: Upload binaries
         uses: actions/upload-artifact@v2
         with:
diff --git a/Makefile b/Makefile
index b20f9f51e..6c4304f17 100644
--- a/Makefile
+++ b/Makefile
@@ -113,6 +113,8 @@ else
 endif
 	docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:latest-alpine golangci-lint run $(OUTPUT_OPTIONS)
 
+replace-commands-help: ## Replace commands help in docs
+	$(GOCMD) run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
 
 ## Release:
 version: ## Write next version into version file
diff --git a/internal/replace-commands-help/main.go b/internal/replace-commands-help/main.go
new file mode 100644
index 000000000..6d4e781fb
--- /dev/null
+++ b/internal/replace-commands-help/main.go
@@ -0,0 +1,172 @@
+package main
+
+import (
+    "flag"
+    "fmt"
+    "github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+    "io/fs"
+    "io/ioutil"
+    "log"
+    "os"
+    "os/exec"
+    "path/filepath"
+    "reflect"
+    "regexp"
+    "strings"
+    "syscall"
+)
+
+var docsDir = flag.String("docs-dir", "", "Path to documentation")
+
+type section struct {
+    start   int
+    end     int
+    command string
+    section string
+    code    bool
+}
+
+func main() {
+    _ = syscall.Setenv("COLUMNS", "120")
+
+    if os.Getenv("CALL_KLUCTL") == "true" {
+        kluctlMain()
+        return
+    }
+
+    flag.Parse()
+
+    filepath.WalkDir(*docsDir, func(path string, d fs.DirEntry, err error) error {
+        if !strings.HasSuffix(path, ".md") {
+            return nil
+        }
+        processFile(path)
+        return nil
+    })
+}
+
+func kluctlMain() {
+    commands.Execute()
+}
+
+func processFile(path string) {
+    text, err := ioutil.ReadFile(path)
+    if err != nil {
+        log.Fatal(err)
+    }
+    lines := strings.Split(string(text), "\n")
+
+    var newLines []string
+    pos := 0
+    for true {
+        s := findNextSection(lines, pos)
+        if s == nil {
+            newLines = append(newLines, lines[pos:]...)
+            break
+        }
+
+        newLines = append(newLines, lines[pos:s.start+1]...)
+
+        s2 := getHelpSection(s.command, s.section)
+
+        if s.code {
+            newLines = append(newLines, "```")
+        }
+        newLines = append(newLines, s2...)
+        if s.code {
+            newLines = append(newLines, "```")
+        }
+
+        newLines = append(newLines, lines[s.end])
+        pos = s.end + 1
+    }
+
+    if !reflect.DeepEqual(lines, newLines) {
+        err = ioutil.WriteFile(path, []byte(strings.Join(newLines, "\n")), 0o600)
+        if err != nil {
+            log.Fatal(err)
+        }
+    }
+}
+
+var beginPattern = regexp.MustCompile(`<!-- BEGIN SECTION "([^"]*)" "([^"]*)" (true|false) -->`)
+var endPattern = regexp.MustCompile(`<!-- END SECTION -->`)
+
+func findNextSection(lines []string, start int) *section {
+
+    for i := start; i < len(lines); i++ {
+        m := beginPattern.FindSubmatch([]byte(lines[i]))
+        if m == nil {
+            continue
+        }
+
+        var s section
+        s.start = i
+        s.command = string(m[1])
+        s.section = string(m[2])
+        s.code = string(m[3]) == "true"
+
+        for j := i + 1; j < len(lines); j++ {
+            m = endPattern.FindSubmatch([]byte(lines[j]))
+            if m == nil {
+                continue
+            }
+            s.end = j
+            return &s
+        }
+    }
+    return nil
+}
+
+func countIndent(str string) int {
+    for i := 0; i < len(str); i++ {
+        if str[i] != ' ' {
+            return i
+        }
+    }
+    return 0
+}
+
+func getHelpSection(command string, section string) []string {
+    log.Printf("Getting section '%s' from command '%s'", section, command)
+
+    exe, err := os.Executable()
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    helpCmd := exec.Command(exe, command, "--help")
+    helpCmd.Env = os.Environ()
+    helpCmd.Env = append(helpCmd.Env, "CALL_KLUCTL=true")
+
+    out, err := helpCmd.CombinedOutput()
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    lines := strings.Split(string(out), "\n")
+
+    sectionStart := -1
+    for i := 0; i < len(lines); i++ {
+        indent := countIndent(lines[i])
+        if strings.HasPrefix(lines[i][indent:], fmt.Sprintf("%s:", section)) {
+            sectionStart = i
+            break
+        }
+    }
+    if sectionStart == -1 {
+        log.Fatalf("Section %s not found in command %s", section, command)
+    }
+
+    var ret []string
+    ret = append(ret, lines[sectionStart])
+    for i := sectionStart + 1; i < len(lines); i++ {
+        indent := countIndent(lines[i])
+        if len(lines[i]) != 0 && indent == 0 && lines[i][len(lines[i])-1] == ':' {
+            // new section has started
+            break
+        }
+        ret = append(ret, lines[i])
+    }
+    return ret
+}

From 27a85b75aa266951b47d6d10cbbda7650ad3329e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 16:02:58 +0200
Subject: [PATCH 0443/2268] tests: Implement a hack that removes the need for
 kluctl to be pre-build for e2e tests

---
 .github/workflows/tests.yml | 13 +++----------
 e2e/call_kluctl_hack.go     | 19 +++++++++++++++++++
 e2e/default_clusters.go     |  4 ++++
 e2e/project.go              | 24 +++++++-----------------
 4 files changed, 33 insertions(+), 27 deletions(-)
 create mode 100644 e2e/call_kluctl_hack.go

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1b3f73653..20f223be9 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -28,23 +28,17 @@ jobs:
       - name: Run unit tests
         run: |
           go test ./cmd/... ./pkg/... -v
-      - name: Build kluctl (linux)
+      - name: Build kluctl-e2e (linux)
         run: |
-          make build GOARCH=amd64 GOOS=linux
           make test-e2e-build GOARCH=amd64 GOOS=linux
-          mv ./bin/kluctl ./bin/kluctl-linux-amd64
           mv ./bin/kluctl-e2e ./bin/kluctl-e2e-linux-amd64
-      - name: Build kluctl (darwin)
+      - name: Build kluctl-e2e (darwin)
         run: |
-          make build GOARCH=amd64 GOOS=darwin
           make test-e2e-build GOARCH=amd64 GOOS=darwin
-          mv ./bin/kluctl ./bin/kluctl-darwin-amd64
           mv ./bin/kluctl-e2e ./bin/kluctl-e2e-darwin-amd64
-      - name: Build kluctl (windows)
+      - name: Build kluctl-e2e (windows)
         run: |
-          make build GOARCH=amd64 GOOS=windows
           make test-e2e-build GOARCH=amd64 GOOS=windows
-          mv ./bin/kluctl.exe ./bin/kluctl-windows-amd64.exe
           mv ./bin/kluctl-e2e.exe ./bin/kluctl-e2e-windows-amd64.exe
       - name: Verify commands help is up-to-date
         run: |
@@ -106,7 +100,6 @@ jobs:
           fi
 
           chmod +x ./bin/*
-          mv ./bin/kluctl-${{ matrix.binary-suffix }}$EXE ./kluctl$EXE
           mv ./bin/kluctl-e2e-${{ matrix.binary-suffix }}$EXE ./kluctl-e2e$EXE
 
           make test-e2e-pre-built
diff --git a/e2e/call_kluctl_hack.go b/e2e/call_kluctl_hack.go
new file mode 100644
index 000000000..6da895464
--- /dev/null
+++ b/e2e/call_kluctl_hack.go
@@ -0,0 +1,19 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+	"os"
+)
+
+func isCallKluctlHack() bool {
+	return os.Getenv("CALL_KLUCTL") == "true"
+}
+
+func init() {
+	// We use the Golang's initializing mechanism to run kluctl even though the test executable was invoked
+	// This is clearly a hack, but it avoids the requirement to have a kluctl executable pre-built
+	if isCallKluctlHack() {
+		commands.Execute()
+		os.Exit(0)
+	}
+}
diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 3d0f10fd8..ed28ccbbb 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -9,6 +9,10 @@ var defaultCluster1 = test_utils.CreateEnvTestCluster("cluster1")
 var defaultCluster2 = test_utils.CreateEnvTestCluster("cluster2")
 
 func init() {
+	if isCallKluctlHack() {
+		return
+	}
+
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
diff --git a/e2e/project.go b/e2e/project.go
index 3249dd8c5..b6f74c66f 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -337,27 +337,17 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 	env = append(env, p.extraEnv...)
 	env = append(env, fmt.Sprintf("KUBECONFIG=%s", p.mergedKubeconfig))
 
+	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
+	env = append(env, "CALL_KLUCTL=true")
+
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
-	kluctlExe := os.Getenv("KLUCTL_EXE")
-	if kluctlExe == "" {
-		curDir, _ := os.Getwd()
-		for i, p := range env {
-			x := strings.SplitN(p, "=", 2)
-			if x[0] == "PATH" {
-				env[i] = fmt.Sprintf("PATH=%s%c%s%c%s", curDir, os.PathListSeparator, filepath.Join(curDir, ".."), os.PathListSeparator, x[1])
-			}
-		}
-		kluctlExe = "kluctl"
-	} else {
-		p, err := filepath.Abs(kluctlExe)
-		if err != nil {
-			return "", "", err
-		}
-		kluctlExe = p
+	testExe, err := os.Executable()
+	if err != nil {
+		panic(err)
 	}
 
-	cmd := exec.Command(kluctlExe, args...)
+	cmd := exec.Command(testExe, args...)
 	cmd.Dir = cwd
 	cmd.Env = env
 

From 2be5c441af959e2d125ea197d449dfa5db2a42d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 16:13:47 +0200
Subject: [PATCH 0444/2268] tests: Build e2e tests with -race

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 6c4304f17..ffa103c7d 100644
--- a/Makefile
+++ b/Makefile
@@ -78,7 +78,7 @@ KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_
 test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
 
 test-e2e-build: ## Builds the end to end tests
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
+	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
 
 test-e2e-pre-built: install-envtest
 	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v

From d0433bafd0b64146e9ac21822c8d24731c1615e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 16:15:22 +0200
Subject: [PATCH 0445/2268] ci: Fix path to ./bin/kluctl-e2e

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 20f223be9..6e24c9004 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -100,6 +100,6 @@ jobs:
           fi
 
           chmod +x ./bin/*
-          mv ./bin/kluctl-e2e-${{ matrix.binary-suffix }}$EXE ./kluctl-e2e$EXE
+          mv ./bin/kluctl-e2e-${{ matrix.binary-suffix }}$EXE ./bin/kluctl-e2e$EXE
 
           make test-e2e-pre-built

From ce112fb489be7cadefda4844335bbbeefa2f865b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 16:30:15 +0200
Subject: [PATCH 0446/2268] chore: Remove CGO_ENABLED=0

We need CGO to enable -race
---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index ffa103c7d..0431f4133 100644
--- a/Makefile
+++ b/Makefile
@@ -37,7 +37,7 @@ build: build-go ## Run the complete build pipeline
 
 build-go:  ## Build your project and put the output binary in ./bin/
 	mkdir -p ./bin
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) build -o ./bin/$(BINARY_NAME)
+	GO111MODULE=on $(GOCMD) build -o ./bin/$(BINARY_NAME)
 
 clean: ## Remove build related file
 	rm -fr ./bin
@@ -78,7 +78,7 @@ KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_
 test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
 
 test-e2e-build: ## Builds the end to end tests
-	CGO_ENBALED=0 GO111MODULE=on $(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
+	GO111MODULE=on $(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
 
 test-e2e-pre-built: install-envtest
 	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v

From 1fcfd5317490f6c9b49aaae8cedef690bcee889c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 16:31:52 +0200
Subject: [PATCH 0447/2268] chore: Remove GO111MODULE=on as it is the default
 now

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 0431f4133..5cd44b6c1 100644
--- a/Makefile
+++ b/Makefile
@@ -37,7 +37,7 @@ build: build-go ## Run the complete build pipeline
 
 build-go:  ## Build your project and put the output binary in ./bin/
 	mkdir -p ./bin
-	GO111MODULE=on $(GOCMD) build -o ./bin/$(BINARY_NAME)
+	$(GOCMD) build -o ./bin/$(BINARY_NAME)
 
 clean: ## Remove build related file
 	rm -fr ./bin
@@ -78,7 +78,7 @@ KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_
 test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
 
 test-e2e-build: ## Builds the end to end tests
-	GO111MODULE=on $(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
+	$(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
 
 test-e2e-pre-built: install-envtest
 	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v

From fdd1e72d8d3bc7c66a178f9ac8c12294622ce358 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:02:38 +0200
Subject: [PATCH 0448/2268] ci: Only run race detection on linux

---
 Makefile | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 5cd44b6c1..92f691a82 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,12 @@ EXE=
 ifeq ($(GOOS), windows)
 EXE=.exe
 endif
+
+RACE=
+ifeq ($(GOOS), linux)
+RACE=-race
+endif
+
 GOCMD=go
 GOTEST=$(GOCMD) test
 GOVET=$(GOCMD) vet
@@ -78,7 +84,7 @@ KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_
 test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
 
 test-e2e-build: ## Builds the end to end tests
-	$(GOCMD) test -race -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
+	$(GOCMD) test $(RACE) -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
 
 test-e2e-pre-built: install-envtest
 	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v
@@ -89,7 +95,7 @@ ifeq ($(EXPORT_RESULT), true)
 	GO111MODULE=off $(GOCMD) get -u github.com/jstemmer/go-junit-report
 	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > reports/test-unit/junit-report.xml)
 endif
-	$(GOTEST) -v -race $(shell go list ./... | grep -v 'v2/e2e') $(OUTPUT_OPTIONS)
+	$(GOTEST) -v $(RACE) $(shell go list ./... | grep -v 'v2/e2e') $(OUTPUT_OPTIONS)
 
 coverage-unit: ## Run the unit tests of the project and export the coverage
 	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/)

From 6b649574432a23781ec3b2b9d8f0039be047795b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:09:24 +0200
Subject: [PATCH 0449/2268] docs: Replace hugo refs with simple MD links

---
 docs/concepts.md                              | 14 ++++++------
 docs/installation.md                          |  4 +---
 docs/reference/commands/common-arguments.md   |  2 +-
 docs/reference/commands/delete.md             |  6 ++---
 docs/reference/commands/deploy.md             |  6 ++---
 docs/reference/commands/diff.md               |  6 ++---
 .../commands/environment-variables.md         |  2 +-
 docs/reference/commands/helm-pull.md          |  4 ++--
 docs/reference/commands/helm-update.md        |  2 +-
 docs/reference/commands/list-images.md        |  6 ++---
 docs/reference/commands/poke-images.md        |  6 ++---
 docs/reference/commands/prune.md              |  6 ++---
 docs/reference/commands/render.md             |  4 ++--
 docs/reference/commands/seal.md               |  4 ++--
 docs/reference/commands/validate.md           |  4 ++--
 docs/reference/deployments/README.md          | 10 ++++-----
 .../deployments/annotations/all-resources.md  |  8 +++----
 .../deployments/annotations/hooks.md          |  4 ++--
 .../deployments/annotations/kustomization.md  |  4 ++--
 .../deployments/annotations/validation.md     |  2 +-
 docs/reference/deployments/deployment-yml.md  | 22 +++++++++----------
 docs/reference/deployments/helm.md            | 16 +++++++-------
 docs/reference/deployments/hooks.md           |  2 +-
 docs/reference/deployments/images.md          |  4 ++--
 docs/reference/deployments/tags.md            | 14 ++++++------
 docs/reference/kluctl-project/README.md       |  6 ++---
 .../kluctl-project/secrets-config/README.md   |  2 +-
 .../kluctl-project/targets/README.md          | 20 ++++++++---------
 .../kluctl-project/targets/dynamic-targets.md |  4 ++--
 docs/reference/sealed-secrets.md              | 20 ++++++++---------
 docs/reference/templating/functions.md        |  4 ++--
 .../templating/predefined-variables.md        | 10 ++++-----
 docs/reference/templating/variable-sources.md |  4 ++--
 33 files changed, 115 insertions(+), 117 deletions(-)

diff --git a/docs/concepts.md b/docs/concepts.md
index b1ff352a0..946f69c0f 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -13,21 +13,21 @@ These are some core concepts in Kluctl.
 
 ## Kluctl project
 The kluctl project defines targets and secret sources.
-It is defined via the [.kluctl.yaml]({{< ref "docs/reference/kluctl-project" >}}) configuration file.
+It is defined via the [.kluctl.yaml](./reference/kluctl-project) configuration file.
 
 ## Targets
 A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
 allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
 
 ## Deployments
-A [deployment]({{< ref "docs/reference/deployments" >}}) defines which Kustomize deployments and which sub-deployments
+A [deployment](./reference/deployments) defines which Kustomize deployments and which sub-deployments
 to deploy. It also controls the order of deployments.
 
 Deployments may be configured through deployment arguments, which are typically provided via the targets but might also
 be provided through the CLI.
 
 ## Variables
-[Variables]({{< ref "docs/reference/templating" >}}) are the main source of configuration. They are either loaded yaml
+[Variables](./reference/templating) are the main source of configuration. They are either loaded yaml
 files or directly defined inside deployments. Each variables file that is loaded has access to all the variables which
 were defined before, allowing complex composition of configuration.
 
@@ -36,16 +36,16 @@ After being loaded, variables are usable through the templating engine at all ne
 ## Templating
 All configuration files (including .kluctl.yaml and deployment.yaml) and all Kubernetes manifests involved are processed
 through a templating engine.
-The [templating engine]({{< ref "docs/reference/templating" >}}) allows simple variable substitution and also complex
+The [templating engine](./reference/templating) allows simple variable substitution and also complex
 control structures (if/else, for loops, ...).
 
 ## Secrets
-Secrets are loaded from [external sources]({{< ref "docs/reference/kluctl-project" >}}) and are only available
-while [sealing]({{< ref "docs/reference/sealed-secrets" >}}). After the sealing process, only the public-key encrypted
+Secrets are loaded from [external sources](./reference/kluctl-project) and are only available
+while [sealing](./reference/sealed-secrets). After the sealing process, only the public-key encrypted
 sealed secrets are available.
 
 ## Sealed Secrets
-[Sealed Secrets]({{< ref "docs/reference/sealed-secrets" >}}) are based on
+[Sealed Secrets](./reference/sealed-secrets) are based on
 [Bitnami's sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets). Kluctl offers integration of
 sealed secrets through the `seal` command. Kluctl allows managing multiple sets of sealed secrets for multiple targets.
 
diff --git a/docs/installation.md b/docs/installation.md
index 3bf922ec7..bd42145bf 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -61,7 +61,7 @@ Run the binary:
 
 
 <!-- TODO uncomment when chocolatey support is implemented
-{{% tab "Chocolatey" %}}
+## Chocolatey
 
 With [Chocolatey](https://chocolatey.org/) for Windows:
 
@@ -69,9 +69,7 @@ With [Chocolatey](https://chocolatey.org/) for Windows:
 choco install kluctl
 ```
 
-{{% /tab %}}
 -->
-{{% /tabs %}}
 
 <!-- TODO uncomment this when completion is implemented
 To configure your shell to load `kluctl` [bash completions](./cmd/kluctl_completion_bash.md) add to your profile:
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 9cfe45558..fdaa1c016 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -65,7 +65,7 @@ Project arguments:
 ## Image arguments
 
 These arguments are available on some target based commands.
-They control image versions requested by `images.get_image(...)` [calls]({{< ref "docs/reference/deployments/images#imagesget_image" >}}).
+They control image versions requested by `images.get_image(...)` [calls](../deployments/images#imagesget_image).
 
 <!-- BEGIN SECTION "deploy" "Image arguments" true -->
 ```
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 70483166f..33e8e2acd 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -24,9 +24,9 @@ take the local target/state into account!
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "delete" "Misc arguments" true -->
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 7ecfc1b24..65e472674 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -22,9 +22,9 @@ It will also output a list of prunable objects (without actually deleting them).
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "deploy" "Misc arguments" true -->
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index c9d4546f4..d54d6091b 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -23,9 +23,9 @@ After the diff is performed, the command will also search for prunable objects a
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "diff" "Misc arguments" true -->
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index 6db995487..2247be7cf 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -20,6 +20,6 @@ underscores. As an example, `--dry-run` can also be specified with the environme
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
-1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries]({{< ref "docs/reference/deployments/images#supported-image-registries-and-authentication" >}}) for details.
+1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries](../deployments/images#supported-image-registries-and-authentication) for details.
 2. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
 3. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
diff --git a/docs/reference/commands/helm-pull.md b/docs/reference/commands/helm-pull.md
index 80fb685a3..68d3871b4 100644
--- a/docs/reference/commands/helm-pull.md
+++ b/docs/reference/commands/helm-pull.md
@@ -20,8 +20,8 @@ pulling is only needed when really required (e.g. when the chart version changes
 
 <!-- END SECTION -->
 
-See [helm-integration]({{< ref "docs/reference/deployments/helm">}}) for more details.
+See [helm-integration](../deployments/helm) for more details.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
+1. [project arguments](./common-arguments#project-arguments) (except `-a`)
diff --git a/docs/reference/commands/helm-update.md b/docs/reference/commands/helm-update.md
index e1a526ae8..d719c76a0 100644
--- a/docs/reference/commands/helm-update.md
+++ b/docs/reference/commands/helm-update.md
@@ -20,7 +20,7 @@ Optionally performs the actual upgrade and/or add a commit to version control.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
+1. [project arguments](./common-arguments#project-arguments) (except `-a`)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "helm-update" "Misc arguments" true -->
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index ce0f2aaba..5d59e6949 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -23,9 +23,9 @@ as described in for the deploy command.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "list-images" "Misc arguments" true -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 585ae6d47..b5279c256 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -22,9 +22,9 @@ replaced
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "poke-images" "Misc arguments" true -->
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index a895db0e8..86161c3ea 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -18,9 +18,9 @@ Searches the target cluster for prunable objects and deletes them
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
-1. [inclusion/exclusion arguments]({{< ref "./common-arguments#inclusionexclusion-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "prune" "Misc arguments" true -->
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index c2b626415..05a48e59c 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -21,8 +21,8 @@ a temporary directory or a specified directory.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "render" "Misc arguments" true -->
diff --git a/docs/reference/commands/seal.md b/docs/reference/commands/seal.md
index ee99cba1c..88edc02c7 100644
--- a/docs/reference/commands/seal.md
+++ b/docs/reference/commands/seal.md
@@ -23,11 +23,11 @@ If no '--target' is specified, sealing is performed for all targets.
 
 <!-- END SECTION -->
 
-See [sealed-secrets]({{< ref "docs/reference/sealed-secrets">}}) for more details.
+See [sealed-secrets](../sealed-secrets) for more details.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}}) (except `-a`)
+1. [project arguments](./common-arguments#project-arguments) (except `-a`)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "seal" "Misc arguments" true -->
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index 5ff5a0a6e..d904c98fb 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -22,8 +22,8 @@ TODO: This needs to be better documented!
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments]({{< ref "./common-arguments#project-arguments" >}})
-1. [image arguments]({{< ref "./common-arguments#image-arguments" >}})
+1. [project arguments](./common-arguments#project-arguments)
+1. [image arguments](./common-arguments#image-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "validate" "Misc arguments" true -->
diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index 08c0d07d9..d4e211174 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -21,7 +21,7 @@ description: >
 8. [Annotations](./annotations)
 
 A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
-[Kustomize]({{< ref "./kustomize" >}}) deployments, but can also integrate [Helm Charts]({{< ref "./helm" >}}).
+[Kustomize](./kustomize.md) deployments, but can also integrate [Helm Charts](./helm.md).
 
 ## Basic structure
 
@@ -32,14 +32,14 @@ provides some additional configuration required for multiple kluctl features to
 As can be seen, sub-deployments can include other sub-deployments, allowing you to structure the deployment project
 as you need.
 
-Each level in this structure recursively adds [tags]({{< ref "./tags" >}}) to each deployed resources, allowing you to control
+Each level in this structure recursively adds [tags](./tags.md) to each deployed resources, allowing you to control
 precisely what is deployed in the future.
 
 Some visualized files/directories have links attached, follow them to get more information.
 
 <pre>
 -- project-dir/
-   |-- <a href="{{< ref "./deployment-yml" >}}">deployment.yaml</a>
+   |-- <a href="./deployment-yml.md">deployment.yaml</a>
    |-- .gitignore
    |-- kustomize-deployment1/
    |   |-- kustomization.yaml
@@ -56,7 +56,7 @@ Some visualized files/directories have links attached, follow them to get more i
    |   |   |-- resource2.yaml
    |   |   |-- patch1.yaml
    |   |   `-- ...
-   |   |-- <a href="{{< ref "./helm" >}}">kustomize-with-helm-deployment/</a>
+   |   |-- <a href="./helm.md">kustomize-with-helm-deployment/</a>
    |   |   |-- charts/
    |   |   |   `-- ...
    |   |   |-- kustomization.yaml
@@ -72,5 +72,5 @@ Some visualized files/directories have links attached, follow them to get more i
 
 ## Order of deployments
 Deployments are done in parallel, meaning that there are usually no order guarantees. The only way to somehow control
-order, is by placing [barriers]({{< ref "./deployment-yml#barriers" >}}) between kustomize deployments.
+order, is by placing [barriers](./deployment-yml.md#barriers) between kustomize deployments.
 You should however not overuse barriers, as they negatively impact the speed of kluctl.
diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
index 5f2ee3327..e1aa989d6 100644
--- a/docs/reference/deployments/annotations/all-resources.md
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -37,12 +37,12 @@ If more than one field needs to be specified, add `-xxx` to the annotation key,
 The following annotations control how delete/prune is behaving.
 
 ### kluctl.io/skip-delete
-If set to "true", the annotated resource will not be deleted when [delete]({{< ref "docs/reference/commands/delete" >}}) or
-[prune]({{< ref "docs/reference/commands/prune" >}}) is called.
+If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete) or
+[prune](../../commands/prune) is called.
 
 ### kluctl.io/skip-delete-if-tags
-If set to "true", the annotated resource will not be deleted when [delete]({{< ref "docs/reference/commands/delete" >}}) or
-[prune]({{< ref "docs/reference/commands/prune" >}}) is called and inclusion/exclusion tags are used at the same time.
+If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete) or
+[prune](../../commands/prune) is called and inclusion/exclusion tags are used at the same time.
 
 This tag is especially useful and required on resources that would otherwise cause cascaded deletions of resources that
 do not match the specified inclusion/exclusion tags. Namespaces are the most prominent example of such resources, as
diff --git a/docs/reference/deployments/annotations/hooks.md b/docs/reference/deployments/annotations/hooks.md
index ca946554e..1b033bf9b 100644
--- a/docs/reference/deployments/annotations/hooks.md
+++ b/docs/reference/deployments/annotations/hooks.md
@@ -13,10 +13,10 @@ description: >
 
 The following annotations control hook execution
 
-See [hooks]({{< ref "docs/reference/deployments/hooks" >}}) for more details.
+See [hooks](../../deployments/hooks) for more details.
 
 ### kluctl.io/hook
-Declares a resource to be a hook, which is deployed/executed as described in [hooks]({{< ref "docs/reference/deployments/hooks" >}}). The value of the
+Declares a resource to be a hook, which is deployed/executed as described in [hooks](../../deployments/hooks). The value of the
 annotation determines when the hook is deployed/executed.
 
 ### kluctl.io/hook-weight
diff --git a/docs/reference/deployments/annotations/kustomization.md b/docs/reference/deployments/annotations/kustomization.md
index dfdcbf661..f0312940c 100644
--- a/docs/reference/deployments/annotations/kustomization.md
+++ b/docs/reference/deployments/annotations/kustomization.md
@@ -31,8 +31,8 @@ resources:
 
 ### kluctl.io/barrier
 If set to `true`, kluctl will wait for all previous objects to be applied (but not necessarily ready). This has the
-same effect as [barrier]({{< ref "docs/reference/deployments#barriers" >}}) from deployment projects.
+same effect as [barrier](../../deployments/deployment-yml.md#barriers) from deployment projects.
 
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of all objects from this kustomization project. Readiness is defined
-the same as in [hook readiness]({{< ref "docs/reference/deployments/readiness" >}}).
+the same as in [hook readiness](../../deployments/readiness).
diff --git a/docs/reference/deployments/annotations/validation.md b/docs/reference/deployments/annotations/validation.md
index d4720d2e4..a36fcf2e4 100644
--- a/docs/reference/deployments/annotations/validation.md
+++ b/docs/reference/deployments/annotations/validation.md
@@ -11,7 +11,7 @@ description: >
 
 # Validation
 
-The following annotations influence the [validate]({{< ref "docs/reference/commands/validate" >}}) command.
+The following annotations influence the [validate](../../commands/validate) command.
 
 ### validate-result.kluctl.io/xxx
 If this annotation is found on a resource that is checked while validation, the key and the value of the annotation
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index ab36ffc00..0ca5cb75b 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -36,7 +36,7 @@ The following sub-chapters describe the available fields in the `deployment.yaml
 
 ## sealedSecrets
 `sealedSecrets` configures how sealed secrets are stored while sealing and located while rendering.
-See [Sealed Secrets]({{< ref "docs/reference/sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets" >}})
+See [Sealed Secrets](../sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets)
 for details.
 
 ## deployments
@@ -48,7 +48,7 @@ wait for all previous deployments to finish.
 ### Kustomize deployments
 
 Specifies a [kustomize](https://kustomize.io/) deployment.
-Please see [Kustomize integration]({{< ref "./kustomize" >}}) for more details.
+Please see [Kustomize integration](./kustomize.md) for more details.
 
 Example:
 ```yaml
@@ -62,7 +62,7 @@ The `path` must point to a directory relative to the directory containing the `d
 that are part of the kluctl project are allowed. The directory must contain a valid `kustomization.yaml`.
 
 `waitReadiness` is optional and if set to `true` instructs kluctl to wait for readiness of each individual object
-of the kustomize deployment. Readiness is defined in [readiness]({{< ref "./readiness" >}}).
+of the kustomize deployment. Readiness is defined in [readiness](./readiness.md).
 
 ### Includes
 
@@ -130,7 +130,7 @@ All entries in `deployments` can have the following common properties:
 A list of variable sets to be loaded into the templating context, which is then available in all [deployment items](#deployments)
 and [sub-deployments](#includes).
 
-See [templating]({{< ref "docs/reference/templating#vars-from-deploymentyaml" >}}) for more details.
+See [templating](../templating/variable-sources.md) for more details.
 
 Example:
 ```yaml
@@ -148,8 +148,8 @@ deployments:
 ```
 
 ### tags (deployment item)
-A list of tags the deployment should have. See [tags]({{< ref "./tags" >}}) for more details. For includes, this means that all
-sub-deployments will get these tags applied to. If not specified, the default tags logic as described in [tags]({{< ref "./tags" >}})
+A list of tags the deployment should have. See [tags](./tags.md) for more details. For includes, this means that all
+sub-deployments will get these tags applied to. If not specified, the default tags logic as described in [tags](./tags.md)
 is applied.
 
 Example:
@@ -171,7 +171,7 @@ deployments:
 
 ### alwaysDeploy
 Forces a deployment to be included everytime, ignoring inclusion/exclusion sets from the command line.
-See [Deploying with tag inclusion/exclusion]({{< ref "./tags#deploying-with-tag-inclusionexclusion" >}}) for details.
+See [Deploying with tag inclusion/exclusion](./tags.md#deploying-with-tag-inclusionexclusion) for details.
 
 ```yaml
 deployments:
@@ -182,7 +182,7 @@ deployments:
 
 ### skipDeleteIfTags
 Forces exclusion of a deployment whenever inclusion/exclusion tags are specified via command line.
-See [Deleting with tag inclusion/exclusion]({{< ref "./tags#deploying-with-tag-inclusionexclusion" >}}) for details.
+See [Deleting with tag inclusion/exclusion](./tags.md#deploying-with-tag-inclusionexclusion) for details.
 
 ```yaml
 deployments:
@@ -195,7 +195,7 @@ deployments:
 A list of variable sets to be loaded into the templating context, which is then available in all [deployment items](#deployments)
 and [sub-deployments](#includes).
 
-See [templating]({{< ref "docs/reference/templating#vars-from-deploymentyaml" >}}) for more details.
+See [templating](../templating/variable-sources.md) for more details.
 
 ## commonLabels
 A dictionary of [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and values to be
@@ -240,7 +240,7 @@ A string that is used as the default namespace for all kustomize deployments whi
 ## tags (deployment project)
 A list of common tags which are applied to all kustomize deployments and sub-deployment includes.
 
-See [tags]({{< ref "./tags" >}}) for more details.
+See [tags](./tags.md) for more details.
 
 ## args
 A list of arguments that can or must be passed to most kluctl operations. Each of these arguments is then available
@@ -307,5 +307,5 @@ valid [JSON Path](https://goessner.net/articles/JsonPath/). `fieldPath` may also
 The JSON Path implementation used in kluctl has extended support for wildcards in field
 names, allowing you to also specify paths like `metadata.labels.my-prefix-*`.
 
-As an alternative, [annotations]({{< ref "./annotations/all-resources#control-diff-behavior" >}}) can be used to control
+As an alternative, [annotations](./annotations/all-resources#control-diff-behavior) can be used to control
 diff behavior of individual resources.
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 2d8dab7b4..aab1fdbf0 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -25,14 +25,14 @@ hands over the rendered yaml to [kustomize](https://kustomize.io/). Rendering is
 `helm-values.yaml`, which contains the necessary values to configure the Helm Chart.
 
 The resulting rendered yaml is then referred by your `kustomization.yaml`, from which point on the
-[kustomize integration]({{< ref "docs/reference/sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets" >}}) 
+[kustomize integration](../sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets) 
 takes over. This means, that you can perform all desired customization (patches, namespace override, ...) as if you
 provided your own resources via yaml files.
 
 ### Helm hooks
 
 [Helm Hooks](https://helm.sh/docs/topics/charts_hooks/) are implemented by mapping them 
-to [kluctl hooks]({{< ref "./hooks" >}}), based on the following mapping table:
+to [kluctl hooks](./hooks.md), based on the following mapping table:
 
 | Helm hook     | kluctl hook         |
 |---------------|---------------------|
@@ -99,7 +99,7 @@ The name of the chart that can be found in the repository.
 The version of the chart.
 
 ### skipUpdate
-Skip this Helm Chart when the [helm-update]({{< ref "docs/reference/commands/helm-update" >}}) command is called.
+Skip this Helm Chart when the [helm-update](../commands/helm-update) command is called.
 If omitted, defaults to `false`.
 
 ### releaseName
@@ -125,8 +125,8 @@ read the documentation of the used Helm Charts for details on what is supported.
 
 ## Updates to helm-charts
 In case a Helm Chart needs to be updated, you can either do this manually by replacing the [chartVersion](#chartversion)
-value in `helm-chart.yaml` and the calling the [helm-pull]({{< ref "docs/reference/commands/helm-pull" >}}) command or by simply invoking
-[helm-update]({{< ref "docs/reference/commands/helm-update" >}}) with `--upgrade` and/or `--commit` being set.
+value in `helm-chart.yaml` and the calling the [helm-pull](../commands/helm-pull) command or by simply invoking
+[helm-update](../commands/helm-update) with `--upgrade` and/or `--commit` being set.
 
 ## Private Chart Repositories
 It is also possible to use private chart repositories. There are currently two options to provide Helm Repository
@@ -139,7 +139,7 @@ added the repository to Helm. The same method can be used for client certificate
 in `helm repo add`).
 
 ### Use the --username/--password arguments in `kluctl helm-pull`
-See the [helm-pull command]({{< ref "docs/reference/commands/helm-pull" >}}). You can control repository credentials
+See the [helm-pull command](../commands/helm-pull). You can control repository credentials
 via `--username`, `--password` and `--key-file`. Each argument must be in the form `credentialsId:value`, where
 the `credentialsId` must match the id specified in the `helm-chart.yaml`. Example:
 
@@ -160,11 +160,11 @@ When credentialsId is specified, Kluctl will require you to specify `--username=
 Multiple Helm Charts can use the same `credentialsId`.
 
 Environment variables can also be used instead of arguments. See
-[Environment Variables]({{< ref "docs/reference/commands/environment-variables" >}}) for details.
+[Environment Variables](../commands/environment-variables) for details.
 
 ## Templating
 
-Both `helm-chart.yaml` and `helm-values.yaml` are rendered by the [templating engine]({{< ref "docs/reference/templating" >}}) before they
+Both `helm-chart.yaml` and `helm-values.yaml` are rendered by the [templating engine](../templating) before they
 are actually used. This means, that you can use all available Jinja2 variables at that point, which can for example be
 seen in the above `helm-chart.yaml` example for the namespace.
 
diff --git a/docs/reference/deployments/hooks.md b/docs/reference/deployments/hooks.md
index 9764f0051..b9f5879c2 100644
--- a/docs/reference/deployments/hooks.md
+++ b/docs/reference/deployments/hooks.md
@@ -48,6 +48,6 @@ changed by setting the `kluctl.io/hook-delete-policy` to a comma separated list
 ## Hook readiness
 
 After each deployment/execution of the hooks that belong to a deployment stage (before/after deployment), kluctl
-waits for the hook resources to become "ready". Readiness is defined [here]({{< ref "./readiness" >}}).
+waits for the hook resources to become "ready". Readiness is defined [here](./readiness.md).
 
 It is possible to disable waiting for hook readiness by setting the annotation `kluctl.io/hook-wait` to "false".
diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
index 6f2a7e3cb..3b88af2bb 100644
--- a/docs/reference/deployments/images.md
+++ b/docs/reference/deployments/images.md
@@ -12,7 +12,7 @@ description: >
 # Container Images
 
 There are usually 2 different scenarios where Container Images need to be specified:
-1. When deploying third party applications like nginx, redis, ... (e.g. via the [Helm integration]({{< ref "./helm" >}})). <br>
+1. When deploying third party applications like nginx, redis, ... (e.g. via the [Helm integration](./helm.md)). <br>
    * In this case, image versions/tags rarely change, and if they do, this is an explicit change to the deployment.
 1. When deploying your own applications. <br>
    * In this case, image versions/tags might change very rapidly, sometimes multiple times per hour. It would be too much
@@ -89,7 +89,7 @@ The described `images.get_image` logic however leads to a loosely defined state
 might be fine in a CI/CD environment, but might be undesired when deploying to production. In that case, it might be
 desirable to explicitly define which versions need to be deployed.
 
-To achieve this, you can use the `-F FIXED_IMAGE` [argument]({{< ref "docs/reference/commands/common-arguments#image-arguments" >}}).
+To achieve this, you can use the `-F FIXED_IMAGE` [argument](../commands/common-arguments#image-arguments).
 `FIXED_IMAGE` must be in the form of `-F image<:namespace:deployment:container>=result`. For example, to pin the image
 `registry.gitlab.com/my-group/my-project` to the tag `1.1.2` you'd have to specify
 `-F registry.gitlab.com/my-group/my-project=registry.gitlab.com/my-group/my-project:1.1.2`.
diff --git a/docs/reference/deployments/tags.md b/docs/reference/deployments/tags.md
index 9501d0845..6bbfe18f4 100644
--- a/docs/reference/deployments/tags.md
+++ b/docs/reference/deployments/tags.md
@@ -10,14 +10,14 @@ weight: 6
 # Tags
 
 Every kustomize deployment has a set of tags assigned to it. These tags are defined in multiple places, which is
-documented in [deployment.yaml]({{< ref "./deployment-yml" >}}). Look for the `tags` field, which is available in multiple places per
+documented in [deployment.yaml](./deployment-yml.md). Look for the `tags` field, which is available in multiple places per
 deployment project.
 
 Tags are useful when only one or more specific kustomize deployments need to be deployed or deleted.
 
 ## Default tags
 
-[deployment items]({{< ref "./deployment-yml#deployments" >}}) in deployment projects can have an optional list of tags assigned.
+[deployment items](./deployment-yml.md#deployments) in deployment projects can have an optional list of tags assigned.
 
 If this list is completely omitted, one single entry is added by default. This single entry equals to the last element
 of the `path` in the `deployments` entry.
@@ -39,10 +39,10 @@ or even conflicting tags (e.g. `subdir` is really a bad tag), in which case you'
 ## Tag inheritance
 
 Deployment projects and deployments items inherit the tags of their parents. For example, if a deployment project
-has a [tags]({{< ref "./deployment-yml#tags-deployment-project" >}}) property defined, all `deployments` entries would
+has a [tags](./deployment-yml.md#tags-deployment-project) property defined, all `deployments` entries would
 inherit all these tags. Also, the sub-deployment projects included via deployment items of type
-[include]({{< ref "./deployment-yml#includes" >}}) inherit the tags of the deployment project. These included sub-deployments also
-inherit the [tags]({{< ref "./deployment-yml#tags-deployment-item" >}}) specified by the deployment item itself.
+[include](./deployment-yml.md#includes) inherit the tags of the deployment project. These included sub-deployments also
+inherit the [tags](./deployment-yml.md#tags-deployment-item) specified by the deployment item itself.
 
 Consider the following example `deployment.yaml`:
 
@@ -72,7 +72,7 @@ resources to be deployed as well.
 
 Imagine a large deployment is able to deploy 10 applications, but you only want to deploy one of them. When using tags
 to achieve this, there might be some base resources (e.g. Namespaces) which are needed no matter if everything or just
-this single application is deployed. In that case, you'd need to set [alwaysDeploy]({{< ref "./deployment-yml#deployments" >}})
+this single application is deployed. In that case, you'd need to set [alwaysDeploy](./deployment-yml.md#deployments)
 to `true`.
 
 ## Deleting with tag inclusion/exclusion
@@ -83,6 +83,6 @@ Imagine a kustomize deployment being responsible for namespaces deployments. If
 deployments that have the `persistency` tag assigned, the exclusion logic would NOT exclude deletion of the namespace.
 This would ultimately lead to everything being deleted, and the exclusion tag having no effect.
 
-In such a case, you'd need to set [skipDeleteIfTags]({{< ref "./deployment-yml#skipdeleteiftags" >}}) to `true` as well.
+In such a case, you'd need to set [skipDeleteIfTags](./deployment-yml.md#skipdeleteiftags) to `true` as well.
 
 In most cases, setting `alwaysDeploy` to `true` also requires setting `skipDeleteIfTags` to `true`.
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index eedd06aaa..556e1313f 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -12,9 +12,9 @@ description: >
 # Kluctl project
 
 The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines where the actual
-[deployment project]({{< ref "docs/reference/deployments" >}}) is located,
-where [sealed secrets]({{< ref "docs/reference/sealed-secrets" >}}) and unencrypted secrets are localed and which targets are available to
-invoke [commands]({{< ref "docs/reference/commands" >}}) on.
+[deployment project](../deployments) is located,
+where [sealed secrets](../sealed-secrets) and unencrypted secrets are localed and which targets are available to
+invoke [commands](../commands) on.
 
 ## Example
 
diff --git a/docs/reference/kluctl-project/secrets-config/README.md b/docs/reference/kluctl-project/secrets-config/README.md
index 41663bdb2..81207967a 100644
--- a/docs/reference/kluctl-project/secrets-config/README.md
+++ b/docs/reference/kluctl-project/secrets-config/README.md
@@ -35,7 +35,7 @@ This field specifies the name of the secret set. The name can be used in targets
 
 ### vars
 A list of variables sources. Check the documentation of
-[variables sources]({{< ref "docs/reference/templating/variable-sources" >}}) for details.
+[variables sources](../../templating/variable-sources) for details.
 
 Each variables source must have a root dictionary with the name `secrets` and all the actual secret values
 below that dictionary. Every other root key will be ignored.
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index 9349cc476..ce1a19f3c 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -13,11 +13,11 @@ description: >
 
 Specifies a list of targets for which commands can be invoked. A target puts together environment/target specific
 configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
-configuration (via `args`). Target entries also specifies which secrets to use while [sealing]({{< ref "docs/reference/sealed-secrets" >}}).
+configuration (via `args`). Target entries also specifies which secrets to use while [sealing](../../sealed-secrets).
 
 Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target itself.
 The rendering process is retried 10 times until it finally succeeds, allowing you to reference
-the target itself in complex ways. This is especially useful when using [dynamic targets]({{< ref "./dynamic-targets" >}}).
+the target itself in complex ways. This is especially useful when using [dynamic targets](./dynamic-targets.md).
 
 Target entries have the following form:
 ```yaml
@@ -45,7 +45,7 @@ The following fields are allowed per target:
 
 ## name
 This field specifies the name of the target. The name must be unique. It is referred in all commands via the
-[-t]({{< ref "docs/reference/commands/common-arguments" >}}) option.
+[-t](../../commands/common-arguments) option.
 
 ## context
 This field specifies the kubectl context of the target cluster. The context must exist in the currently active kubeconfig.
@@ -53,9 +53,9 @@ If this field is omitted, Kluctl will always use the currently active context.
 
 ## args
 This fields specifies a map of arguments to be passed to the deployment project when it is rendered. Allowed argument names
-are configured via [deployment args]({{< ref "docs/reference/deployments/deployment-yml#args" >}}).
+are configured via [deployment args](../../deployments/deployment-yml#args).
 
-The arguments specified in the [dynamic target config]({{< ref "docs/reference/kluctl-project/targets/dynamic-targets#args" >}})
+The arguments specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets#args)
 have higher priority.
 
 ## dynamicArgs
@@ -65,17 +65,17 @@ arguments are passed with `-a arg_name=arg_value` when for example calling `kluc
 Each entry has the following fields:
 
 ## images
-This field specifies a list of fixed images to be used by [`images.get_image(...)`]({{< ref "docs/reference/deployments/images#imagesget_image" >}}).
+This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images#imagesget_image).
 The format is identical to the [fixed images file](https://kluctl.io/docs/reference/deployments/images/#fixed-images-via-a-yaml-file).
 
-The fixed images specified in the [dynamic target config]({{< ref "docs/reference/kluctl-project/targets/dynamic-targets#images" >}})
+The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets#images)
 have higher priority.
 
 ### name
 The name of the argument.
 
 ## sealingConfig
-This field configures how sealing is performed when the [seal command] ({{< ref "docs/reference/commands/seal" >}}) is invoked for this target.
+This field configures how sealing is performed when the [seal command](../../commands/seal) is invoked for this target.
 It has the following form:
 
 ```yaml
@@ -101,8 +101,8 @@ Optional path to a local (inside your project) public certificate used for seali
 from the sealed-secrets controller using `kubeseal --fetch-cert`.
 
 ### dynamicSealing
-This field specifies weather sealing should happen per [dynamic target]({{< ref "./dynamic-targets" >}}) or only once. This
+This field specifies weather sealing should happen per [dynamic target](./dynamic-targets.md) or only once. This
 field is optional and defaults to `true`.
 
 ### secretSets
-This field specifies a list of secret set names, which all must exist in the [secretsConfig]({{< ref "../secrets-config" >}}).
+This field specifies a list of secret set names, which all must exist in the [secretsConfig](../secrets-config).
diff --git a/docs/reference/kluctl-project/targets/dynamic-targets.md b/docs/reference/kluctl-project/targets/dynamic-targets.md
index 158262cdc..32fa6a1af 100644
--- a/docs/reference/kluctl-project/targets/dynamic-targets.md
+++ b/docs/reference/kluctl-project/targets/dynamic-targets.md
@@ -91,12 +91,12 @@ images:
 ```
 
 ### args
-An optional map of arguments, in the same format as in the normal [target args]({{< ref "docs/reference/kluctl-project/targets/#args" >}}).
+An optional map of arguments, in the same format as in the normal [target args](../../kluctl-project/targets#args).
 
 The arguments specified here have higher priority.
 
 ### images
-An optional list of fixed images, in the same format as in the normal [target images]({{< ref "docs/reference/kluctl-project/targets/#images" >}})
+An optional list of fixed images, in the same format as in the normal [target images](../../kluctl-project/targets#images)
 
 ## Simple dynamic targets
 
diff --git a/docs/reference/sealed-secrets.md b/docs/reference/sealed-secrets.md
index 8c7ebca61..81dd38c84 100644
--- a/docs/reference/sealed-secrets.md
+++ b/docs/reference/sealed-secrets.md
@@ -25,15 +25,15 @@ being installed. Installing the operator is the responsibility of you (or whoeve
 
 Kluctl can however perform sealing of secrets without an existing sealed-secrets operator installation. This is solved
 by automatically pre-provisioning a key onto the cluster that is compatible with the operator or by providing the
-public certificate via `certFile` in the targets [sealingConfig]({{< ref "docs/reference/kluctl-project/targets#certfile" >}}).
+public certificate via `certFile` in the targets [sealingConfig](./kluctl-project/targets#certfile).
 
 ## Sealing of .sealme files
 
-Sealing is done via the [seal command]({{< ref "docs/reference/commands/seal" >}}). It must be done before the actual
+Sealing is done via the [seal command](./commands/seal). It must be done before the actual
 deployment is performed.
 
 The `seal` command recursively searches for files that end with `.sealme`, renders them with the
-[templating engine]({{< ref "docs/reference/templating" >}}) engine. The rendered secret resource is then
+[templating engine](./templating) engine. The rendered secret resource is then
 converted/encrypted into a sealed secret.
 
 The `.sealme` files itself have to be [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/),
@@ -54,14 +54,14 @@ stringData:
   DB_PASSWORD: {{ secrets.database.password }}
 ```
 
-While sealing, the full templating context (same as in [templating]({{< ref "docs/reference/templating" >}})) is available.
+While sealing, the full templating context (same as in [templating](./templating)) is available.
 Additionally, the global `secrets` object/variable is available which contains the sensitive secrets.
 
 ## Secret Sources
 
 Secrets are only loaded while sealing. Available secret sets and sources are configured via
-[.kluctl.yaml]({{< ref "docs/reference/kluctl-project/secrets-config" >}}). The secrets used per target are configured via the
-[secrets config]({{< ref "docs/reference/kluctl-project/targets#secretsets" >}}) of the targets.
+[.kluctl.yaml](./kluctl-project/secrets-config). The secrets used per target are configured via the
+[secrets config](./kluctl-project/targets#secretsets) of the targets.
 
 ## Using sealed secrets
 
@@ -83,9 +83,9 @@ resources:
 
 ## outputPattern and location of stored sealed secrets
 
-It is possible to override the output pattern in the root [deployment project]({{< ref "docs/reference/deployments" >}}).
+It is possible to override the output pattern in the root [deployment project](./deployments).
 The output pattern must be a template string that is rendered with the full
-[templating context]({{< ref "docs/reference/templating" >}}) available for the deployment.yaml.
+[templating context](./templating) available for the deployment.yaml.
 
 When manually specifying the outputPattern, ensure that it works well with multiple clusters and targets. You can
 for example use the `{{ target.name }}` and `{{ cluster.name }}` inside the outputPattern.
@@ -111,8 +111,8 @@ with:
 
 ## Content Hashes and re-sealing
 Sealed secrets are stored together with hashes of all individual secret entries. These hashes are then used to avoid
-unnecessary re-sealing in future [seal]({{< ref "docs/reference/commands/seal" >}}) invocations. If you want to force re-sealing, use the
-[--force-reseal]({{< ref "docs/reference/commands/seal" >}}) option.
+unnecessary re-sealing in future [seal](./commands/seal) invocations. If you want to force re-sealing, use the
+[--force-reseal](./commands/seal) option.
 
 Hashing of secrets is done with bcrypt and the cluster id as salt. The cluster id is currently defined as the sha256 hash
 of the cluster CA certificate. This will cause re-sealing of all secrets in case a cluster is set up from scratch
diff --git a/docs/reference/templating/functions.md b/docs/reference/templating/functions.md
index ad4894474..db0eac48e 100644
--- a/docs/reference/templating/functions.md
+++ b/docs/reference/templating/functions.md
@@ -22,7 +22,7 @@ Loads the given file into memory, renders it with the current Jinja2 context and
 {{ a }}
 ```
 
-`load_template` uses the same path searching rules as described in [includes/imports]({{< ref "docs/reference/templating#includes-and-imports" >}}).
+`load_template` uses the same path searching rules as described in [includes/imports](../templating#includes-and-imports).
 
 ### load_sha256(file, digest_len)
 Loads the given file into memory, renders it and calculates the sha256 hash of the result.
@@ -44,7 +44,7 @@ data:
 ### get_var(field_path, default)
 Convenience method to navigate through the current context variables via a
 [JSON Path](https://goessner.net/articles/JsonPath/). Let's assume you currently have these variables defined
-(e.g. via [vars]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-project" >}})):
+(e.g. via [vars](../deployments/deployment-yml#vars-deployment-project)):
 ```yaml
 my:
   deep:
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
index 75c962937..5c4e88645 100644
--- a/docs/reference/templating/predefined-variables.md
+++ b/docs/reference/templating/predefined-variables.md
@@ -15,18 +15,18 @@ There are multiple variables available which are pre-defined by kluctl. These ar
 
 ### args
 This is a dictionary of arguments given via command line. It contains every argument defined in
-[deployment args]({{< ref "docs/reference/deployments/deployment-yml#args" >}}).
+[deployment args](../deployments/deployment-yml#args).
 
 ### target
 This is the target definition of the currently processed target. It contains all values found in the 
-[target definition]({{< ref "docs/reference/kluctl-project/targets" >}}), for example `target.name`.
+[target definition](../kluctl-project/targets), for example `target.name`.
 
 ### images
-This global object provides the dynamic images features described in [images]({{< ref "docs/reference/deployments/images" >}}).
+This global object provides the dynamic images features described in [images](../deployments/images).
 
 ### version
-This global object defines latest version filters for `images.get_image(...)`. See [images]({{< ref "docs/reference/deployments/images" >}}) for details.
+This global object defines latest version filters for `images.get_image(...)`. See [images](../deployments/images) for details.
 
 ### secrets
-This global object is only available while [sealing]({{< ref "docs/reference/sealed-secrets" >}}) and contains the loaded
+This global object is only available while [sealing](../sealed-secrets) and contains the loaded
 secrets defined via the currently sealed target.
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 368e15eb6..c81465380 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -14,10 +14,10 @@ description: >
 There are multiple places in deployment projects (deployment.yaml) where additional variables can be loaded into
 future Jinja2 contexts.
 
-The first place where vars can be specified is the deployment root, as documented [here]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-project" >}}).
+The first place where vars can be specified is the deployment root, as documented [here](../deployments/deployment-yml#vars-deployment-project).
 These vars are visible for all deployments inside the deployment project, including sub-deployments from includes.
 
-The second place to specify variables is in the deployment items, as documented [here]({{< ref "docs/reference/deployments/deployment-yml#vars-deployment-item" >}}).
+The second place to specify variables is in the deployment items, as documented [here](../deployments/deployment-yml#vars-deployment-item).
 
 The variables loaded for each entry in `vars` are not available inside the `deployment.yaml` file itself.
 However, each entry in `vars` can use all variables defined before that specific entry is processed. Consider the

From ceb13154a42e3ab04eef960ee096a734ab0b2a80 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:10:06 +0200
Subject: [PATCH 0450/2268] docs: Run make replace-commands-help

---
 docs/reference/commands/common-arguments.md | 35 ++++++++++++++-------
 docs/reference/commands/list-images.md      |  4 ++-
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index fdaa1c016..235b823e1 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -39,23 +39,34 @@ They control where and how to load the kluctl project and deployment project.
 Project arguments:
   Define where and how to load the kluctl project and its components from.
 
-  -a, --arg stringArray                      Template argument in the form name=value
-      --cluster string                       DEPRECATED. Specify/Override cluster
+  -a, --arg stringArray                      Passes a template argument in the form of name=value. Nested args can
+                                             be set with the '-a my.nested.arg=value' syntax. Values are
+                                             interpreted as yaml values, meaning that 'true' and 'false' will lead
+                                             to boolean values and numbers will be treated as numbers. Use quotes
+                                             if you want these to be treated as strings. If the value starts with
+                                             @, it is treated as a file, meaning that the contents of the file
+                                             will be loaded and treated as yaml.
+      --args-from-file stringArray           Loads a yaml file and makes it available as arguments, meaning that
+                                             they will be available thought the global 'args' variable.
+      --context string                       Overrides the context name specified in the target. If the selected
+                                             target does not specify a context or the no-name target is used,
+                                             --context will override the currently active context.
       --git-cache-update-interval duration   Specify the time to wait between git cache updates. Defaults to not
                                              wait at all and always updating caches.
-      --local-clusters existingdir           DEPRECATED. Local clusters directory. Overrides the project from
-                                             .kluctl.yaml
-      --local-deployment existingdir         DEPRECATED. Local deployment directory. Overrides the project from
-                                             .kluctl.yaml
-      --local-sealed-secrets existingdir     DEPRECATED. Local sealed-secrets directory. Overrides the project
-                                             from .kluctl.yaml
-      --output-metadata string               Specify the output path for the project metadata to be written to.
+      --local-git-override stringArray       Specify a local git override in the form of
+                                             'github.com:my-org/my-repo=/local/path/to/override'. This will cause
+                                             kluctl to not use git to clone for the specified repository but
+                                             instead use the local directory. This is useful in case you need to
+                                             test out changes in external git repositories without pushing them.
+                                             To only override a single branch of the repo, use
+                                             'github.com:my-org/my-repo:my-branch=/local/path/to/override'
   -c, --project-config existingfile          Location of the .kluctl.yaml config file. Defaults to
                                              $PROJECT/.kluctl.yaml
-  -b, --project-ref string                   Git ref of the kluctl project. Only used when --project-url was given.
-  -p, --project-url string                   Git url of the kluctl project. If not specified, the current
-                                             directory will be used instead of a remote Git project
   -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
+  -T, --target-name-override string          Overrides the target name. If -t is used at the same time, then the
+                                             target will be looked up based on -t <name> and then renamed to the
+                                             value of -T. If no target is specified via -t, then the no-name
+                                             target is renamed to the value of -T.
       --timeout duration                     Specify timeout for all operations, including loading of the project,
                                              all external api calls and waiting for readiness. (default 10m0s)
 
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index 5d59e6949..e9deee305 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -17,7 +17,7 @@ Renders the target and outputs all images used via 'images.get_image(...)
 The result is a compatible with yaml files expected by --fixed-images-file.
 
 If fixed images ('-f/--fixed-image') are provided, these are also taken into account,
-as described in for the deploy command.
+as described in the deploy command.
 
 <!-- END SECTION -->
 
@@ -33,6 +33,8 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --offline-kubernetes         Run list-images in offline mode, meaning that it will not try to connect the
+                                   target cluster
   -o, --output stringArray         Specify output target file. Can be specified multiple times
       --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
                                    temporary directory is used.

From 545cd85e93765756729b1736b945298cafe0813b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:43:35 +0200
Subject: [PATCH 0451/2268] ci: Run markdown-link-check on markdown files

---
 .github/workflows/check-links-cron.yml | 19 +++++++++++++++++++
 .github/workflows/tests.yml            | 11 +++++++++++
 Makefile                               |  3 +++
 3 files changed, 33 insertions(+)
 create mode 100644 .github/workflows/check-links-cron.yml

diff --git a/.github/workflows/check-links-cron.yml b/.github/workflows/check-links-cron.yml
new file mode 100644
index 000000000..117b11289
--- /dev/null
+++ b/.github/workflows/check-links-cron.yml
@@ -0,0 +1,19 @@
+name: Check Markdown links
+
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    # Run everyday at 9:00 AM (See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07)
+    - cron: "0 9 * * *"
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          folder-path: 'docs, install'
+          file-path: './README.md'
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6e24c9004..4ce1e0de4 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -7,6 +7,17 @@ on:
       - main
 
 jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Check links on changed files
+        run: |
+          make markdown-link-check
+
   build:
     runs-on: ubuntu-20.04
     steps:
diff --git a/Makefile b/Makefile
index 92f691a82..6dee972ce 100644
--- a/Makefile
+++ b/Makefile
@@ -122,6 +122,9 @@ endif
 replace-commands-help: ## Replace commands help in docs
 	$(GOCMD) run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
 
+markdown-link-check: ## Check markdown files for dead links
+	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:stable
+
 ## Release:
 version: ## Write next version into version file
 	$(GOCMD) install github.com/bvieira/sv4git/v2/cmd/git-sv@v2.7.0

From 4b1a44511d1c4938f82bebdb467ba94b8a4e56e4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 18:05:08 +0200
Subject: [PATCH 0452/2268] ci: Move replace-commands-help into docs-check job

---
 .github/workflows/tests.yml | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 4ce1e0de4..3dd57cb2a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -7,16 +7,36 @@ on:
       - main
 
 jobs:
-  pre-checks:
+  docs-checks:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '1.19'
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: docs-check-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            docs-check-go-${{ runner.os }}-
       - name: Check links on changed files
         run: |
           make markdown-link-check
+      - name: Verify commands help is up-to-date
+        run: |
+          make replace-commands-help
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "replace-commands-help must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   build:
     runs-on: ubuntu-20.04
@@ -51,15 +71,6 @@ jobs:
         run: |
           make test-e2e-build GOARCH=amd64 GOOS=windows
           mv ./bin/kluctl-e2e.exe ./bin/kluctl-e2e-windows-amd64.exe
-      - name: Verify commands help is up-to-date
-        run: |
-          make replace-commands-help
-          if [ ! -z "$(git status --porcelain)" ]; then
-            echo "replace-commands-help must be invoked and the result committed"
-            git status
-            git diff
-            exit 1
-          fi
       - name: Upload binaries
         uses: actions/upload-artifact@v2
         with:

From c2c2e81ac7c1cd4dd9baa7acef2309c899640fd4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 17:57:00 +0200
Subject: [PATCH 0453/2268] docs: Fix dead links

---
 docs/README.md                                   |  2 +-
 docs/concepts.md                                 |  4 ++--
 docs/reference/commands/common-arguments.md      |  2 +-
 docs/reference/commands/delete.md                |  8 ++++----
 docs/reference/commands/deploy.md                | 10 +++++-----
 docs/reference/commands/diff.md                  |  8 ++++----
 docs/reference/commands/environment-variables.md |  2 +-
 docs/reference/commands/helm-pull.md             |  4 ++--
 docs/reference/commands/helm-update.md           |  2 +-
 docs/reference/commands/list-images.md           |  6 +++---
 docs/reference/commands/poke-images.md           |  6 +++---
 docs/reference/commands/prune.md                 |  8 ++++----
 docs/reference/commands/render.md                |  4 ++--
 docs/reference/commands/seal.md                  |  4 ++--
 docs/reference/commands/validate.md              |  4 ++--
 .../deployments/annotations/all-resources.md     |  8 ++++----
 docs/reference/deployments/annotations/hooks.md  |  4 ++--
 .../deployments/annotations/kustomization.md     |  2 +-
 .../deployments/annotations/validation.md        |  2 +-
 docs/reference/deployments/deployment-yml.md     |  4 ++--
 docs/reference/deployments/helm.md               | 12 ++++++------
 docs/reference/deployments/images.md             |  2 +-
 docs/reference/kluctl-project/README.md          |  2 +-
 .../kluctl-project/secrets-config/README.md      |  2 +-
 docs/reference/kluctl-project/targets/README.md  | 16 ++++++++--------
 docs/reference/sealed-secrets.md                 |  6 +++---
 docs/reference/templating/functions.md           |  2 +-
 .../reference/templating/predefined-variables.md |  8 ++++----
 docs/reference/templating/variable-sources.md    |  4 ++--
 29 files changed, 74 insertions(+), 74 deletions(-)

diff --git a/docs/README.md b/docs/README.md
index f9311fca4..1ccac0e55 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -16,7 +16,7 @@ menu:
 
 1. [Get Started](./get-started.md)
 2. [Core Concepts](./concepts.md)
-3. [Installation](./installation)
+3. [Installation](./installation.md)
 4. [Philosophy](./philosophy.md)
 5. [History](./history.md)
 6. [Reference](./reference)
diff --git a/docs/concepts.md b/docs/concepts.md
index 946f69c0f..2967356fe 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -41,11 +41,11 @@ control structures (if/else, for loops, ...).
 
 ## Secrets
 Secrets are loaded from [external sources](./reference/kluctl-project) and are only available
-while [sealing](./reference/sealed-secrets). After the sealing process, only the public-key encrypted
+while [sealing](./reference/sealed-secrets.md). After the sealing process, only the public-key encrypted
 sealed secrets are available.
 
 ## Sealed Secrets
-[Sealed Secrets](./reference/sealed-secrets) are based on
+[Sealed Secrets](./reference/sealed-secrets.md) are based on
 [Bitnami's sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets). Kluctl offers integration of
 sealed secrets through the `seal` command. Kluctl allows managing multiple sets of sealed secrets for multiple targets.
 
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 235b823e1..aedafc415 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -76,7 +76,7 @@ Project arguments:
 ## Image arguments
 
 These arguments are available on some target based commands.
-They control image versions requested by `images.get_image(...)` [calls](../deployments/images#imagesget_image).
+They control image versions requested by `images.get_image(...)` [calls](../deployments/images.md#imagesget_image).
 
 <!-- BEGIN SECTION "deploy" "Image arguments" true -->
 ```
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 33e8e2acd..7dd91db7c 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -24,9 +24,9 @@ take the local target/state into account!
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "delete" "Misc arguments" true -->
@@ -46,4 +46,4 @@ Misc arguments:
 ```
 <!-- END SECTION -->
 
-They have the same meaning as described in [deploy](#deploy).
+They have the same meaning as described in [deploy](./deploy.md).
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 65e472674..73ce93477 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -22,9 +22,9 @@ It will also output a list of prunable objects (without actually deleting them).
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "deploy" "Misc arguments" true -->
@@ -54,9 +54,9 @@ Misc arguments:
 <!-- END SECTION -->
 
 ### --force-apply
-kluctl implements deployments via [server-side apply](https://kubernetes.io/reference/using-api/server-side-apply/)
+kluctl implements deployments via [server-side apply](https://kubernetes.io/docs/reference/using-api/server-side-apply/)
 and a custom automatic conflict resolution algorithm. This algurithm is an automatic implementation of the
-"[Don't overwrite value, give up management claim](https://kubernetes.io/reference/using-api/server-side-apply/#conflicts)"
+"[Don't overwrite value, give up management claim](https://kubernetes.io/docs/reference/using-api/server-side-apply/#conflicts)"
 method. It should work in most cases, but might still fail. In case of such failure, you can use `--force-apply` to
 use the "Overwrite value, become sole manager" strategy instead.
 
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index d54d6091b..320833839 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -23,9 +23,9 @@ After the diff is performed, the command will also search for prunable objects a
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "diff" "Misc arguments" true -->
@@ -50,4 +50,4 @@ Misc arguments:
 ```
 <!-- END SECTION -->
 
-`--force-apply` and `--replace-on-error` have the same meaning as in [deploy](#deploy).
+`--force-apply` and `--replace-on-error` have the same meaning as in [deploy](./deploy.md).
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index 2247be7cf..62f775ed6 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -20,6 +20,6 @@ underscores. As an example, `--dry-run` can also be specified with the environme
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
-1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries](../deployments/images#supported-image-registries-and-authentication) for details.
+1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries](../deployments/images.md#supported-image-registries-and-authentication) for details.
 2. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
 3. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
diff --git a/docs/reference/commands/helm-pull.md b/docs/reference/commands/helm-pull.md
index 68d3871b4..8cc7ee552 100644
--- a/docs/reference/commands/helm-pull.md
+++ b/docs/reference/commands/helm-pull.md
@@ -20,8 +20,8 @@ pulling is only needed when really required (e.g. when the chart version changes
 
 <!-- END SECTION -->
 
-See [helm-integration](../deployments/helm) for more details.
+See [helm-integration](../deployments/helm.md) for more details.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments) (except `-a`)
+1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
diff --git a/docs/reference/commands/helm-update.md b/docs/reference/commands/helm-update.md
index d719c76a0..f9e679928 100644
--- a/docs/reference/commands/helm-update.md
+++ b/docs/reference/commands/helm-update.md
@@ -20,7 +20,7 @@ Optionally performs the actual upgrade and/or add a commit to version control.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments) (except `-a`)
+1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "helm-update" "Misc arguments" true -->
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index e9deee305..e4f6f7e2f 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -23,9 +23,9 @@ as described in the deploy command.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "list-images" "Misc arguments" true -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index b5279c256..8c3ba5ca8 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -22,9 +22,9 @@ replaced
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "poke-images" "Misc arguments" true -->
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index 86161c3ea..c33800f8c 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -18,9 +18,9 @@ Searches the target cluster for prunable objects and deletes them
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
-1. [inclusion/exclusion arguments](./common-arguments#inclusionexclusion-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "prune" "Misc arguments" true -->
@@ -39,4 +39,4 @@ Misc arguments:
 ```
 <!-- END SECTION -->
 
-They have the same meaning as described in [deploy](#deploy).
+They have the same meaning as described in [deploy](./prune.md).
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index 05a48e59c..2fb25364c 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -21,8 +21,8 @@ a temporary directory or a specified directory.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "render" "Misc arguments" true -->
diff --git a/docs/reference/commands/seal.md b/docs/reference/commands/seal.md
index 88edc02c7..4ec5fe457 100644
--- a/docs/reference/commands/seal.md
+++ b/docs/reference/commands/seal.md
@@ -23,11 +23,11 @@ If no '--target' is specified, sealing is performed for all targets.
 
 <!-- END SECTION -->
 
-See [sealed-secrets](../sealed-secrets) for more details.
+See [sealed-secrets](../sealed-secrets.md) for more details.
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments) (except `-a`)
+1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "seal" "Misc arguments" true -->
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index d904c98fb..987592774 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -22,8 +22,8 @@ TODO: This needs to be better documented!
 
 ## Arguments
 The following sets of arguments are available:
-1. [project arguments](./common-arguments#project-arguments)
-1. [image arguments](./common-arguments#image-arguments)
+1. [project arguments](./common-arguments.md#project-arguments)
+1. [image arguments](./common-arguments.md#image-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "validate" "Misc arguments" true -->
diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
index e1aa989d6..aa517a46c 100644
--- a/docs/reference/deployments/annotations/all-resources.md
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -37,12 +37,12 @@ If more than one field needs to be specified, add `-xxx` to the annotation key,
 The following annotations control how delete/prune is behaving.
 
 ### kluctl.io/skip-delete
-If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete) or
-[prune](../../commands/prune) is called.
+If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete.md) or
+[prune](../../commands/prune.md) is called.
 
 ### kluctl.io/skip-delete-if-tags
-If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete) or
-[prune](../../commands/prune) is called and inclusion/exclusion tags are used at the same time.
+If set to "true", the annotated resource will not be deleted when [delete](../../commands/delete.md) or
+[prune](../../commands/prune.md) is called and inclusion/exclusion tags are used at the same time.
 
 This tag is especially useful and required on resources that would otherwise cause cascaded deletions of resources that
 do not match the specified inclusion/exclusion tags. Namespaces are the most prominent example of such resources, as
diff --git a/docs/reference/deployments/annotations/hooks.md b/docs/reference/deployments/annotations/hooks.md
index 1b033bf9b..bcc81b6e1 100644
--- a/docs/reference/deployments/annotations/hooks.md
+++ b/docs/reference/deployments/annotations/hooks.md
@@ -13,10 +13,10 @@ description: >
 
 The following annotations control hook execution
 
-See [hooks](../../deployments/hooks) for more details.
+See [hooks](../../deployments/hooks.md) for more details.
 
 ### kluctl.io/hook
-Declares a resource to be a hook, which is deployed/executed as described in [hooks](../../deployments/hooks). The value of the
+Declares a resource to be a hook, which is deployed/executed as described in [hooks](../../deployments/hooks.md). The value of the
 annotation determines when the hook is deployed/executed.
 
 ### kluctl.io/hook-weight
diff --git a/docs/reference/deployments/annotations/kustomization.md b/docs/reference/deployments/annotations/kustomization.md
index f0312940c..6a740fc18 100644
--- a/docs/reference/deployments/annotations/kustomization.md
+++ b/docs/reference/deployments/annotations/kustomization.md
@@ -35,4 +35,4 @@ same effect as [barrier](../../deployments/deployment-yml.md#barriers) from depl
 
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of all objects from this kustomization project. Readiness is defined
-the same as in [hook readiness](../../deployments/readiness).
+the same as in [hook readiness](../../deployments/readiness.md).
diff --git a/docs/reference/deployments/annotations/validation.md b/docs/reference/deployments/annotations/validation.md
index a36fcf2e4..a6c35372c 100644
--- a/docs/reference/deployments/annotations/validation.md
+++ b/docs/reference/deployments/annotations/validation.md
@@ -11,7 +11,7 @@ description: >
 
 # Validation
 
-The following annotations influence the [validate](../../commands/validate) command.
+The following annotations influence the [validate](../../commands/validate.md) command.
 
 ### validate-result.kluctl.io/xxx
 If this annotation is found on a resource that is checked while validation, the key and the value of the annotation
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 0ca5cb75b..722a81e2a 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -36,7 +36,7 @@ The following sub-chapters describe the available fields in the `deployment.yaml
 
 ## sealedSecrets
 `sealedSecrets` configures how sealed secrets are stored while sealing and located while rendering.
-See [Sealed Secrets](../sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets)
+See [Sealed Secrets](../sealed-secrets.md#outputpattern-and-location-of-stored-sealed-secrets)
 for details.
 
 ## deployments
@@ -307,5 +307,5 @@ valid [JSON Path](https://goessner.net/articles/JsonPath/). `fieldPath` may also
 The JSON Path implementation used in kluctl has extended support for wildcards in field
 names, allowing you to also specify paths like `metadata.labels.my-prefix-*`.
 
-As an alternative, [annotations](./annotations/all-resources#control-diff-behavior) can be used to control
+As an alternative, [annotations](./annotations/all-resources.md#control-diff-behavior) can be used to control
 diff behavior of individual resources.
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index aab1fdbf0..75016f9e8 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -25,7 +25,7 @@ hands over the rendered yaml to [kustomize](https://kustomize.io/). Rendering is
 `helm-values.yaml`, which contains the necessary values to configure the Helm Chart.
 
 The resulting rendered yaml is then referred by your `kustomization.yaml`, from which point on the
-[kustomize integration](../sealed-secrets#outputpattern-and-location-of-stored-sealed-secrets) 
+[kustomize integration](../sealed-secrets.md#outputpattern-and-location-of-stored-sealed-secrets) 
 takes over. This means, that you can perform all desired customization (patches, namespace override, ...) as if you
 provided your own resources via yaml files.
 
@@ -99,7 +99,7 @@ The name of the chart that can be found in the repository.
 The version of the chart.
 
 ### skipUpdate
-Skip this Helm Chart when the [helm-update](../commands/helm-update) command is called.
+Skip this Helm Chart when the [helm-update](../commands/helm-update.md) command is called.
 If omitted, defaults to `false`.
 
 ### releaseName
@@ -125,8 +125,8 @@ read the documentation of the used Helm Charts for details on what is supported.
 
 ## Updates to helm-charts
 In case a Helm Chart needs to be updated, you can either do this manually by replacing the [chartVersion](#chartversion)
-value in `helm-chart.yaml` and the calling the [helm-pull](../commands/helm-pull) command or by simply invoking
-[helm-update](../commands/helm-update) with `--upgrade` and/or `--commit` being set.
+value in `helm-chart.yaml` and the calling the [helm-pull](../commands/helm-pull.md) command or by simply invoking
+[helm-update](../commands/helm-update.md) with `--upgrade` and/or `--commit` being set.
 
 ## Private Chart Repositories
 It is also possible to use private chart repositories. There are currently two options to provide Helm Repository
@@ -139,7 +139,7 @@ added the repository to Helm. The same method can be used for client certificate
 in `helm repo add`).
 
 ### Use the --username/--password arguments in `kluctl helm-pull`
-See the [helm-pull command](../commands/helm-pull). You can control repository credentials
+See the [helm-pull command](../commands/helm-pull.md). You can control repository credentials
 via `--username`, `--password` and `--key-file`. Each argument must be in the form `credentialsId:value`, where
 the `credentialsId` must match the id specified in the `helm-chart.yaml`. Example:
 
@@ -160,7 +160,7 @@ When credentialsId is specified, Kluctl will require you to specify `--username=
 Multiple Helm Charts can use the same `credentialsId`.
 
 Environment variables can also be used instead of arguments. See
-[Environment Variables](../commands/environment-variables) for details.
+[Environment Variables](../commands/environment-variables.md) for details.
 
 ## Templating
 
diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
index 3b88af2bb..b6270cf7d 100644
--- a/docs/reference/deployments/images.md
+++ b/docs/reference/deployments/images.md
@@ -89,7 +89,7 @@ The described `images.get_image` logic however leads to a loosely defined state
 might be fine in a CI/CD environment, but might be undesired when deploying to production. In that case, it might be
 desirable to explicitly define which versions need to be deployed.
 
-To achieve this, you can use the `-F FIXED_IMAGE` [argument](../commands/common-arguments#image-arguments).
+To achieve this, you can use the `-F FIXED_IMAGE` [argument](../commands/common-arguments.md#image-arguments).
 `FIXED_IMAGE` must be in the form of `-F image<:namespace:deployment:container>=result`. For example, to pin the image
 `registry.gitlab.com/my-group/my-project` to the tag `1.1.2` you'd have to specify
 `-F registry.gitlab.com/my-group/my-project=registry.gitlab.com/my-group/my-project:1.1.2`.
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 556e1313f..472a6f80d 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -13,7 +13,7 @@ description: >
 
 The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines where the actual
 [deployment project](../deployments) is located,
-where [sealed secrets](../sealed-secrets) and unencrypted secrets are localed and which targets are available to
+where [sealed secrets](../sealed-secrets.md) and unencrypted secrets are localed and which targets are available to
 invoke [commands](../commands) on.
 
 ## Example
diff --git a/docs/reference/kluctl-project/secrets-config/README.md b/docs/reference/kluctl-project/secrets-config/README.md
index 81207967a..8e1387af2 100644
--- a/docs/reference/kluctl-project/secrets-config/README.md
+++ b/docs/reference/kluctl-project/secrets-config/README.md
@@ -35,7 +35,7 @@ This field specifies the name of the secret set. The name can be used in targets
 
 ### vars
 A list of variables sources. Check the documentation of
-[variables sources](../../templating/variable-sources) for details.
+[variables sources](../../templating/variable-sources.md) for details.
 
 Each variables source must have a root dictionary with the name `secrets` and all the actual secret values
 below that dictionary. Every other root key will be ignored.
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index ce1a19f3c..46eba7293 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -13,7 +13,7 @@ description: >
 
 Specifies a list of targets for which commands can be invoked. A target puts together environment/target specific
 configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
-configuration (via `args`). Target entries also specifies which secrets to use while [sealing](../../sealed-secrets).
+configuration (via `args`). Target entries also specifies which secrets to use while [sealing](../../sealed-secrets.md).
 
 Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target itself.
 The rendering process is retried 10 times until it finally succeeds, allowing you to reference
@@ -45,7 +45,7 @@ The following fields are allowed per target:
 
 ## name
 This field specifies the name of the target. The name must be unique. It is referred in all commands via the
-[-t](../../commands/common-arguments) option.
+[-t](../../commands/common-arguments.md) option.
 
 ## context
 This field specifies the kubectl context of the target cluster. The context must exist in the currently active kubeconfig.
@@ -53,9 +53,9 @@ If this field is omitted, Kluctl will always use the currently active context.
 
 ## args
 This fields specifies a map of arguments to be passed to the deployment project when it is rendered. Allowed argument names
-are configured via [deployment args](../../deployments/deployment-yml#args).
+are configured via [deployment args](../../deployments/deployment-yml.md#args).
 
-The arguments specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets#args)
+The arguments specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#args)
 have higher priority.
 
 ## dynamicArgs
@@ -65,17 +65,17 @@ arguments are passed with `-a arg_name=arg_value` when for example calling `kluc
 Each entry has the following fields:
 
 ## images
-This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images#imagesget_image).
-The format is identical to the [fixed images file](https://kluctl.io/docs/reference/deployments/images/#fixed-images-via-a-yaml-file).
+This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images.md#imagesget_image).
+The format is identical to the [fixed images file](../../deployments/images.md#fixed-images-via-a-yaml-file).
 
-The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets#images)
+The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
 have higher priority.
 
 ### name
 The name of the argument.
 
 ## sealingConfig
-This field configures how sealing is performed when the [seal command](../../commands/seal) is invoked for this target.
+This field configures how sealing is performed when the [seal command](../../commands/seal.md) is invoked for this target.
 It has the following form:
 
 ```yaml
diff --git a/docs/reference/sealed-secrets.md b/docs/reference/sealed-secrets.md
index 81dd38c84..cfd40a2d1 100644
--- a/docs/reference/sealed-secrets.md
+++ b/docs/reference/sealed-secrets.md
@@ -29,7 +29,7 @@ public certificate via `certFile` in the targets [sealingConfig](./kluctl-projec
 
 ## Sealing of .sealme files
 
-Sealing is done via the [seal command](./commands/seal). It must be done before the actual
+Sealing is done via the [seal command](./commands/seal.md). It must be done before the actual
 deployment is performed.
 
 The `seal` command recursively searches for files that end with `.sealme`, renders them with the
@@ -111,8 +111,8 @@ with:
 
 ## Content Hashes and re-sealing
 Sealed secrets are stored together with hashes of all individual secret entries. These hashes are then used to avoid
-unnecessary re-sealing in future [seal](./commands/seal) invocations. If you want to force re-sealing, use the
-[--force-reseal](./commands/seal) option.
+unnecessary re-sealing in future [seal](./commands/seal.md) invocations. If you want to force re-sealing, use the
+[--force-reseal](./commands/seal.md) option.
 
 Hashing of secrets is done with bcrypt and the cluster id as salt. The cluster id is currently defined as the sha256 hash
 of the cluster CA certificate. This will cause re-sealing of all secrets in case a cluster is set up from scratch
diff --git a/docs/reference/templating/functions.md b/docs/reference/templating/functions.md
index db0eac48e..0ce224c56 100644
--- a/docs/reference/templating/functions.md
+++ b/docs/reference/templating/functions.md
@@ -44,7 +44,7 @@ data:
 ### get_var(field_path, default)
 Convenience method to navigate through the current context variables via a
 [JSON Path](https://goessner.net/articles/JsonPath/). Let's assume you currently have these variables defined
-(e.g. via [vars](../deployments/deployment-yml#vars-deployment-project)):
+(e.g. via [vars](../deployments/deployment-yml.md#vars-deployment-project)):
 ```yaml
 my:
   deep:
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
index 5c4e88645..951226f57 100644
--- a/docs/reference/templating/predefined-variables.md
+++ b/docs/reference/templating/predefined-variables.md
@@ -15,18 +15,18 @@ There are multiple variables available which are pre-defined by kluctl. These ar
 
 ### args
 This is a dictionary of arguments given via command line. It contains every argument defined in
-[deployment args](../deployments/deployment-yml#args).
+[deployment args](../deployments/deployment-yml.md#args).
 
 ### target
 This is the target definition of the currently processed target. It contains all values found in the 
 [target definition](../kluctl-project/targets), for example `target.name`.
 
 ### images
-This global object provides the dynamic images features described in [images](../deployments/images).
+This global object provides the dynamic images features described in [images](../deployments/images.md).
 
 ### version
-This global object defines latest version filters for `images.get_image(...)`. See [images](../deployments/images) for details.
+This global object defines latest version filters for `images.get_image(...)`. See [images](../deployments/images.md) for details.
 
 ### secrets
-This global object is only available while [sealing](../sealed-secrets) and contains the loaded
+This global object is only available while [sealing](../sealed-secrets.md) and contains the loaded
 secrets defined via the currently sealed target.
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index c81465380..f2391f2a6 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -14,10 +14,10 @@ description: >
 There are multiple places in deployment projects (deployment.yaml) where additional variables can be loaded into
 future Jinja2 contexts.
 
-The first place where vars can be specified is the deployment root, as documented [here](../deployments/deployment-yml#vars-deployment-project).
+The first place where vars can be specified is the deployment root, as documented [here](../deployments/deployment-yml.md#vars-deployment-project).
 These vars are visible for all deployments inside the deployment project, including sub-deployments from includes.
 
-The second place to specify variables is in the deployment items, as documented [here](../deployments/deployment-yml#vars-deployment-item).
+The second place to specify variables is in the deployment items, as documented [here](../deployments/deployment-yml.md#vars-deployment-item).
 
 The variables loaded for each entry in `vars` are not available inside the `deployment.yaml` file itself.
 However, each entry in `vars` can use all variables defined before that specific entry is processed. Consider the

From bda3a5dd9433263ef53dcd7889eb4a2932e957ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 19:45:46 +0200
Subject: [PATCH 0454/2268] docs: Fix issues related to hugo sync

---
 docs/get-started.md                              | 2 +-
 docs/reference/README.md                         | 2 +-
 docs/reference/deployments/README.md             | 4 ++--
 docs/reference/deployments/annotations/README.md | 2 +-
 docs/reference/deployments/deployment-yml.md     | 4 ++--
 docs/reference/kluctl-project/README.md          | 2 +-
 docs/reference/templating/README.md              | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/get-started.md b/docs/get-started.md
index 711235908..e1cc96cce 100644
--- a/docs/get-started.md
+++ b/docs/get-started.md
@@ -1,7 +1,7 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "Get Started with Kluctl"
+title: "Get Started"
 linkTitle: "Get Started"
 description: "Get Started with Kluctl."
 weight: 20
diff --git a/docs/reference/README.md b/docs/reference/README.md
index 98ee9a446..aec1d2c6b 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -9,7 +9,7 @@ weight: 110
 ---
 -->
 
-# Table of Contents
+## Table of Contents
 
 1. [.kluctl.yaml](./kluctl-project)
 2. [Deployments](./deployments)
diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index d4e211174..81af0afa7 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -9,9 +9,9 @@ description: >
 ---
 -->
 
-# Table of Contents
+## Table of Contents
 
-1. [deployment.yaml](./deployment-yml.md)
+1. [Deployments](./deployment-yml.md)
 2. [Kustomize Integration](./kustomize.md)
 3. [Container Images](./images.md)
 4. [Helm Integration](./helm.md)
diff --git a/docs/reference/deployments/annotations/README.md b/docs/reference/deployments/annotations/README.md
index 398001649..3c38ab58b 100644
--- a/docs/reference/deployments/annotations/README.md
+++ b/docs/reference/deployments/annotations/README.md
@@ -9,7 +9,7 @@ description: >
 ---
 -->
 
-# Table of Contents
+## Table of Contents
 
 1. [All Resources](./all-resources.md)
 2. [Hooks](./hooks.md)
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 722a81e2a..1d5914919 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -1,8 +1,8 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "deployment.yaml"
-linkTitle: "deployment.yaml"
+title: "Deployments"
+linkTitle: "Deployments"
 weight: 1
 description: >
     Structure of deployment.yaml.
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 472a6f80d..367e23778 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -1,7 +1,7 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "Kluctl project (.kluctl.yaml)"
+title: "Kluctl project"
 linkTitle: ".kluctl.yaml"
 weight: 1
 description: >
diff --git a/docs/reference/templating/README.md b/docs/reference/templating/README.md
index fc2a26c3b..96155e728 100644
--- a/docs/reference/templating/README.md
+++ b/docs/reference/templating/README.md
@@ -9,7 +9,7 @@ description: >
 ---
 -->
 
-# Table of Contents
+## Table of Contents
 
 1. [Predefined Variables](./predefined-variables.md)
 2. [Variable Sources](./variable-sources.md)

From 5f1589719a4929321ea8d0ef1cc0374ac7ade735 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 21 Oct 2022 22:28:41 +0200
Subject: [PATCH 0455/2268] docs: Remove .md from raw-html links

---
 docs/reference/deployments/README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index 81af0afa7..ede5bdaa1 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -37,9 +37,10 @@ precisely what is deployed in the future.
 
 Some visualized files/directories have links attached, follow them to get more information.
 
+<!-- markdown-link-check-disable -->
 <pre>
 -- project-dir/
-   |-- <a href="./deployment-yml.md">deployment.yaml</a>
+   |-- <a href="./deployment-yml">deployment.yaml</a>
    |-- .gitignore
    |-- kustomize-deployment1/
    |   |-- kustomization.yaml
@@ -56,7 +57,7 @@ Some visualized files/directories have links attached, follow them to get more i
    |   |   |-- resource2.yaml
    |   |   |-- patch1.yaml
    |   |   `-- ...
-   |   |-- <a href="./helm.md">kustomize-with-helm-deployment/</a>
+   |   |-- <a href="./helm">kustomize-with-helm-deployment/</a>
    |   |   |-- charts/
    |   |   |   `-- ...
    |   |   |-- kustomization.yaml
@@ -69,6 +70,7 @@ Some visualized files/directories have links attached, follow them to get more i
    `-- sub-deployment/
        `-- ...
 </pre>
+<!-- markdown-link-check-enable -->
 
 ## Order of deployments
 Deployments are done in parallel, meaning that there are usually no order guarantees. The only way to somehow control

From bf052f3986131f642e7bd4cbbced2fcc210e67c9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 11:56:50 +0200
Subject: [PATCH 0456/2268] feat: Allow to specify default values for
 systemEnvVars

---
 docs/reference/templating/variable-sources.md | 12 +++++++++++
 pkg/vars/vars_loader.go                       | 20 ++++++++++++++++---
 pkg/vars/vars_loader_test.go                  |  8 ++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index f2391f2a6..b2ab642c9 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -218,3 +218,15 @@ vars:
 
 The above example will make 3 variables available: `var1`, `someDict.var2` and
 `someList[0].var3`, each having the values of the environment variables specified by the leaf values.
+
+All specified environment variables must be set before calling kluctl unless a default value is set. Default values
+can be set by using the `ENV_VAR_NAME:default-value` form.
+
+Example:
+```yaml
+vars:
+- systemEnvVars:
+    var1: ENV_VAR_NAME4:defaultValue
+```
+
+The above example will set the variable `var1` to `defaultValue` in case ENV_VAR_NAME4 is not set.
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 53f004f8f..1f37ae405 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -17,6 +17,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
+	"strings"
 )
 
 type usernamePassword struct {
@@ -127,11 +128,24 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 		if !ok {
 			return fmt.Errorf("value at %s is not a string", it.KeyPath().ToJsonPath())
 		}
-		envValue, ok := os.LookupEnv(envName)
-		if !ok {
+		var defaultValue string
+		hasDefaultValue := false
+		if strings.IndexRune(envName, ':') != -1 {
+			s := strings.SplitN(envName, ":", 2)
+			envName = s[0]
+			defaultValue = s[1]
+			hasDefaultValue = true
+		}
+		envValueStr := ""
+		if v, ok := os.LookupEnv(envName); ok {
+			envValueStr = v
+		} else if hasDefaultValue {
+			envValueStr = defaultValue
+		} else {
 			return fmt.Errorf("environment variable %s not found for %s", envName, it.KeyPath().ToJsonPath())
 		}
-		err := newVars.SetNestedField(envValue, it.KeyPath()...)
+
+		err := newVars.SetNestedField(envValueStr, it.KeyPath()...)
 		if err != nil {
 			return fmt.Errorf("failed to set value for %s: %w", it.KeyPath().ToJsonPath(), err)
 		}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 872b6a6c3..2845892a4 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -334,6 +334,8 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 				"test3": map[string]interface{}{
 					"test4": "TEST4",
 				},
+				"test5": "TEST5:def",
+				"test6": "TEST1:def",
 			}),
 		}, nil, "")
 		assert.NoError(t, err)
@@ -346,6 +348,12 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 
 		v, _, _ = vc.Vars.GetNestedString("test3", "test4")
 		assert.Equal(t, "44", v)
+
+		v, _, _ = vc.Vars.GetNestedString("test5")
+		assert.Equal(t, "def", v)
+
+		v, _, _ = vc.Vars.GetNestedString("test6")
+		assert.Equal(t, "42", v)
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {

From 89f88cecdddaa6666b4a9ffbf86e0987543c0b91 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 12:07:29 +0200
Subject: [PATCH 0457/2268] feat: Treat systemEnvVars as yaml instead of plain
 string

This is a potentially breakting change, as it will cause integers and
booleans to not be treated as strings anymore.
---
 docs/reference/templating/variable-sources.md | 14 ++++++++++++++
 pkg/vars/vars_loader.go                       |  8 +++++++-
 pkg/vars/vars_loader_test.go                  | 18 +++++++++---------
 3 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index b2ab642c9..2941e532b 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -230,3 +230,17 @@ vars:
 ```
 
 The above example will set the variable `var1` to `defaultValue` in case ENV_VAR_NAME4 is not set.
+
+All values retrieved from environment variables (or specified as default values) will be treated as YAML, meaning that
+integers and booleans will be treated as integers/booleans. If you want to enforce strings, encapsulate the values in
+quotes.
+
+Example:
+```yaml
+vars:
+- systemEnvVars:
+    var1: ENV_VAR_NAME5:'true'
+```
+
+The above example will treat `true` as a string instead of a boolean. When the environment variable is set outside
+kluctl, it should also contain the quotes. Please note that your shell might require escaping to properly pass quotes.
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 1f37ae405..176c59d4e 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -145,7 +145,13 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 			return fmt.Errorf("environment variable %s not found for %s", envName, it.KeyPath().ToJsonPath())
 		}
 
-		err := newVars.SetNestedField(envValueStr, it.KeyPath()...)
+		var envValue any
+		err := yaml.ReadYamlString(envValueStr, &envValue)
+		if err != nil {
+			return fmt.Errorf("failed to parse env value '%s': %w", envValueStr, err)
+		}
+
+		err = newVars.SetNestedField(envValue, it.KeyPath()...)
 		if err != nil {
 			return fmt.Errorf("failed to set value for %s: %w", it.KeyPath().ToJsonPath(), err)
 		}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 2845892a4..65027e369 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -323,7 +323,7 @@ func TestVarsLoader_K8sObjectLabels(t *testing.T) {
 
 func TestVarsLoader_SystemEnv(t *testing.T) {
 	t.Setenv("TEST1", "42")
-	t.Setenv("TEST2", "43")
+	t.Setenv("TEST2", "'43'")
 	t.Setenv("TEST4", "44")
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
@@ -340,20 +340,20 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 		}, nil, "")
 		assert.NoError(t, err)
 
-		v, _, _ := vc.Vars.GetNestedString("test1")
-		assert.Equal(t, "42", v)
+		v, _, _ := vc.Vars.GetNestedField("test1")
+		assert.Equal(t, 42, v)
 
-		v, _, _ = vc.Vars.GetNestedString("test2")
+		v, _, _ = vc.Vars.GetNestedField("test2")
 		assert.Equal(t, "43", v)
 
-		v, _, _ = vc.Vars.GetNestedString("test3", "test4")
-		assert.Equal(t, "44", v)
+		v, _, _ = vc.Vars.GetNestedField("test3", "test4")
+		assert.Equal(t, 44, v)
 
-		v, _, _ = vc.Vars.GetNestedString("test5")
+		v, _, _ = vc.Vars.GetNestedField("test5")
 		assert.Equal(t, "def", v)
 
-		v, _, _ = vc.Vars.GetNestedString("test6")
-		assert.Equal(t, "42", v)
+		v, _, _ = vc.Vars.GetNestedField("test6")
+		assert.Equal(t, 42, v)
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {

From 0bf1753d4a0e284e56a1a7e9cc7cd0b9bc26394d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 14:44:43 +0200
Subject: [PATCH 0458/2268] feat: Allow to pass CLI arguments multiple times
 via environment variables

---
 cmd/kluctl/commands/cobra_utils.go            | 31 +++++++--
 cmd/kluctl/commands/root.go                   |  4 --
 .../commands/environment-variables.md         |  3 +
 pkg/utils/env.go                              | 67 ++++++++++++++-----
 pkg/utils/env_test.go                         | 32 +++++++++
 5 files changed, 112 insertions(+), 25 deletions(-)
 create mode 100644 pkg/utils/env_test.go

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index d495f58f6..af5644631 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -234,13 +234,36 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 			return
 		}
 		v := viper.Get(flag.Name)
+
+		var a []string
 		if v != nil {
-			s, ok := v.(string)
-			if !ok {
-				retErr = append(retErr, fmt.Errorf("viper flag %s is not a string", flag.Name))
+			if x, ok := v.(string); ok {
+				a = []string{x}
+			} else if x, ok := v.([]any); ok {
+				for _, y := range x {
+					s, ok := y.(string)
+					if !ok {
+						retErr = append(retErr, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
+						return
+					}
+					a = append(a, s)
+				}
+			} else {
+				retErr = append(retErr, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
 				return
 			}
-			err := flag.Value.Set(s)
+		}
+
+		envName := strings.ReplaceAll(flag.Name, "-", "_")
+		envName = strings.ToUpper(envName)
+		envName = fmt.Sprintf("KLUCTL_%s", envName)
+
+		for _, v := range utils.ParseEnvConfigList(envName) {
+			a = append(a, v)
+		}
+
+		for _, x := range a {
+			err := flag.Value.Set(x)
 			if err != nil {
 				retErr = append(retErr, err)
 			}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index e85358e86..d864584f0 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -212,10 +212,6 @@ func initViper() {
 			os.Exit(1)
 		}
 	}
-
-	viper.SetEnvPrefix("kluctl")
-	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
-	viper.AutomaticEnv()
 }
 
 func Execute() {
diff --git a/docs/reference/commands/environment-variables.md b/docs/reference/commands/environment-variables.md
index 62f775ed6..a76dcea9b 100644
--- a/docs/reference/commands/environment-variables.md
+++ b/docs/reference/commands/environment-variables.md
@@ -17,6 +17,9 @@ variables always start with `KLUCTL_` and end with the option/argument in upperc
 underscores. As an example, `--dry-run` can also be specified with the environment variable
 `KLUCTL_DRY_RUN=true`.
 
+If an argument needs to be specified multiple times through environment variables, indexed can be appended to the
+names of the environment variables, e.g. `KLUCTL_ARG_0=name1=value1` and `KLUCTL_ARG_1=name2=value2`.
+
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
diff --git a/pkg/utils/env.go b/pkg/utils/env.go
index 66ae280f9..b78f7dd39 100644
--- a/pkg/utils/env.go
+++ b/pkg/utils/env.go
@@ -19,11 +19,25 @@ func ParseEnvBool(name string, def bool) (bool, error) {
 	return def, nil
 }
 
-func ParseEnvConfigSets(prefix string) map[int]map[string]string {
+func parseEnv(prefix string, withIndex bool, withSuffix bool) map[int]map[string]string {
 	ret := make(map[int]map[string]string)
 
-	r := regexp.MustCompile(fmt.Sprintf(`^%s_(\d+)_(.*)$`, prefix))
-	r2 := regexp.MustCompile(fmt.Sprintf(`^%s_(.*)$`, prefix))
+	rs := prefix
+	curGroup := 1
+	indexGroup := -1
+	suffixGroup := -1
+	if withIndex {
+		rs += `(_\d+)?`
+		indexGroup = curGroup
+		curGroup++
+	}
+	if withSuffix {
+		rs += `_(.*)`
+		suffixGroup = curGroup
+		curGroup++
+	}
+	rs = fmt.Sprintf("^%s$", rs)
+	r := regexp.MustCompile(rs)
 
 	for _, e := range os.Environ() {
 		eq := strings.Index(e, "=")
@@ -34,26 +48,45 @@ func ParseEnvConfigSets(prefix string) map[int]map[string]string {
 		v := e[eq+1:]
 
 		idx := -1
-		key := ""
+		suffix := ""
 
 		m := r.FindStringSubmatch(n)
-		if m != nil {
-			x, _ := strconv.ParseInt(m[1], 10, 32)
-			idx = int(x)
-			key = m[2]
-		} else {
-			m = r2.FindStringSubmatch(n)
-			if m != nil {
-				key = m[1]
-			}
+		if m == nil {
+			continue
 		}
 
-		if key != "" {
-			if _, ok := ret[idx]; !ok {
-				ret[idx] = make(map[string]string)
+		if withIndex {
+			idxStr := m[indexGroup]
+			if idxStr != "" {
+				idxStr = idxStr[1:] // remove leading _
+				x, err := strconv.ParseInt(idxStr, 10, 32)
+				if err != nil {
+					continue
+				}
+				idx = int(x)
 			}
-			ret[idx][key] = v
 		}
+		if withSuffix {
+			suffix = m[suffixGroup]
+		}
+
+		if _, ok := ret[idx]; !ok {
+			ret[idx] = map[string]string{}
+		}
+		ret[idx][suffix] = v
+	}
+	return ret
+}
+
+func ParseEnvConfigSets(prefix string) map[int]map[string]string {
+	return parseEnv(prefix, true, true)
+}
+
+func ParseEnvConfigList(prefix string) map[int]string {
+	ret := make(map[int]string)
+
+	for idx, m := range parseEnv(prefix, true, false) {
+		ret[idx] = m[""]
 	}
 	return ret
 }
diff --git a/pkg/utils/env_test.go b/pkg/utils/env_test.go
new file mode 100644
index 000000000..2da463533
--- /dev/null
+++ b/pkg/utils/env_test.go
@@ -0,0 +1,32 @@
+package utils
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestParseEnvConfigSets_Prefixes(t *testing.T) {
+	t.Setenv("PREFIX_A", "a")
+	t.Setenv("PREFIX_B", "b")
+	t.Setenv("PREFIX2_C", "c")
+	assert.Equal(t, map[int]map[string]string{}, ParseEnvConfigSets("DUMMY"))
+	assert.Equal(t, map[int]map[string]string{-1: {"A": "a", "B": "b"}}, ParseEnvConfigSets("PREFIX"))
+	assert.Equal(t, map[int]map[string]string{-1: {"C": "c"}}, ParseEnvConfigSets("PREFIX2"))
+}
+
+func TestParseEnvConfigSets_Indexes(t *testing.T) {
+	t.Setenv("PREFIX_A", "a")
+	t.Setenv("PREFIX_0_A", "a0")
+	t.Setenv("PREFIX_0_B", "b0")
+	t.Setenv("PREFIX_1_A", "a1")
+	assert.Equal(t, map[int]map[string]string{-1: {"A": "a"}, 0: {"A": "a0", "B": "b0"}, 1: {"A": "a1"}}, ParseEnvConfigSets("PREFIX"))
+}
+
+func TestParseEnvConfigList(t *testing.T) {
+	t.Setenv("PREFIX", "a")
+	assert.Equal(t, map[int]string{-1: "a"}, ParseEnvConfigList("PREFIX"))
+
+	t.Setenv("PREFIX_0", "b")
+	t.Setenv("PREFIX_1", "c")
+	assert.Equal(t, map[int]string{-1: "a", 0: "b", 1: "c"}, ParseEnvConfigList("PREFIX"))
+}

From 076093234143e97cfabdfdb70df32c62acfb8a2d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 15:08:13 +0200
Subject: [PATCH 0459/2268] tests: Test passing multiple args via environment
 variables

---
 e2e/args_test.go | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index b606df688..df588a8a6 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -123,3 +123,41 @@ d:
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d4"}}`, "data", "d")
 }
+
+func TestArgsFromEnv(t *testing.T) {
+	t.Setenv("KLUCTL_ARG", "a=a")
+	t.Setenv("KLUCTL_ARG_1", "b=b")
+	t.Setenv("KLUCTL_ARG_2", `c={"nested":{"nested2":"c"}}`)
+	t.Setenv("KLUCTL_ARG_3", "d=true")
+	t.Setenv("KLUCTL_ARG_4", "e='true'")
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "args-from-envs")
+	defer p.cleanup()
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"a": `{{ args.a }}`,
+		"b": `{{ args.b }}`,
+		"c": `{{ args.c | to_json }}`,
+		"d": `{{ args.d }}`,
+		"e": `{{ args.e }}`,
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm := k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "b", "data", "b")
+	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "c"}}`, "data", "c")
+	assertNestedFieldEquals(t, cm, "True", "data", "d")
+	assertNestedFieldEquals(t, cm, "true", "data", "e")
+}

From f3a727c47955e4b7f35bf022b75741845a5738dc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 15:08:31 +0200
Subject: [PATCH 0460/2268] fix: Print arg value that was invalid

---
 pkg/deployment/external_args.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 952dfa063..365342560 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -18,7 +18,7 @@ func ParseArgs(argsList []string) (map[string]string, error) {
 	args := make(map[string]string)
 	for _, arg := range argsList {
 		if !argPattern.MatchString(arg) {
-			return nil, fmt.Errorf("invalid --arg argument. Must be --arg=some_var_name=value")
+			return nil, fmt.Errorf("invalid --arg argument. Must be --arg=some_var_name=value, not '%s'", arg)
 		}
 
 		s := strings.SplitN(arg, "=", 2)

From a739b97ee79905ca84d10c3e5bef386f4df50a84 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 15:11:01 +0200
Subject: [PATCH 0461/2268] docs: Remove mentions of dynamicArgs

---
 docs/reference/kluctl-project/targets/README.md | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index 46eba7293..a9d0de7a5 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -29,9 +29,6 @@ targets:
       arg1: <value1>
       arg2: <value2>
       ...
-    dynamicArgs:
-      - name: <arg_name>
-      ...
     images:
       - image: my-image
         resultImage: my-image:1.2.3
@@ -58,12 +55,6 @@ are configured via [deployment args](../../deployments/deployment-yml.md#args).
 The arguments specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#args)
 have higher priority.
 
-## dynamicArgs
-This field specifies a list of CLI arguments that can be passed to kluctl when performing any commands on the target. These
-arguments are passed with `-a arg_name=arg_value` when for example calling `kluctl deploy -t target_name`.
-
-Each entry has the following fields:
-
 ## images
 This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images.md#imagesget_image).
 The format is identical to the [fixed images file](../../deployments/images.md#fixed-images-via-a-yaml-file).
@@ -71,9 +62,6 @@ The format is identical to the [fixed images file](../../deployments/images.md#f
 The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
 have higher priority.
 
-### name
-The name of the argument.
-
 ## sealingConfig
 This field configures how sealing is performed when the [seal command](../../commands/seal.md) is invoked for this target.
 It has the following form:

From 9a1703f6c1aed0e2a80f6c72526df27edfaca0e3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 15:11:16 +0200
Subject: [PATCH 0462/2268] tests: Remove dynamicArgs from TestArgs

---
 e2e/args_test.go | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index df588a8a6..840203e04 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -19,20 +19,6 @@ func TestArgs(t *testing.T) {
 	createNamespace(t, k, p.projectName)
 
 	p.updateTarget("test", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField([]any{
-			map[string]any{
-				"name": "a",
-			},
-			map[string]any{
-				"name": "b",
-			},
-			map[string]any{
-				"name": "c",
-			},
-			map[string]any{
-				"name": "d",
-			},
-		}, "dynamicArgs")
 	})
 	p.updateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField([]any{

From d35c8c08165b45d3cd1e6e2e96b3cad8e0da70e4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 09:24:34 +0200
Subject: [PATCH 0463/2268] ci: Only run tests workflow on main branch and PRs

---
 .github/workflows/tests.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 3dd57cb2a..8e060e2ca 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,6 +2,8 @@ name: tests
 
 on:
   push:
+    branches:
+      - main
   pull_request:
     branches:
       - main

From da90721b96ef3c1f1d9029382532657b63ed86e2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 09:54:00 +0200
Subject: [PATCH 0464/2268] ci: Stop depending on pre-built test binaries and
 build on the target os runner

---
 .github/workflows/tests.yml | 48 +++++++++++--------------------------
 1 file changed, 14 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 8e060e2ca..faa1a4ee5 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -40,7 +40,7 @@ jobs:
             exit 1
           fi
 
-  build:
+  cross-compile:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
@@ -55,30 +55,18 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: build-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          key: cross-compile-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            build-go-${{ runner.os }}-
-      - name: Run unit tests
-        run: |
-          go test ./cmd/... ./pkg/... -v
-      - name: Build kluctl-e2e (linux)
+            cross-compile-go-${{ runner.os }}-
+      - name: Build kluctl (linux)
         run: |
-          make test-e2e-build GOARCH=amd64 GOOS=linux
-          mv ./bin/kluctl-e2e ./bin/kluctl-e2e-linux-amd64
-      - name: Build kluctl-e2e (darwin)
+          make build GOARCH=amd64 GOOS=linux
+      - name: Build kluctl (darwin)
         run: |
-          make test-e2e-build GOARCH=amd64 GOOS=darwin
-          mv ./bin/kluctl-e2e ./bin/kluctl-e2e-darwin-amd64
-      - name: Build kluctl-e2e (windows)
+          make build GOARCH=amd64 GOOS=darwin
+      - name: Build kluctl (windows)
         run: |
-          make test-e2e-build GOARCH=amd64 GOOS=windows
-          mv ./bin/kluctl-e2e.exe ./bin/kluctl-e2e-windows-amd64.exe
-      - name: Upload binaries
-        uses: actions/upload-artifact@v2
-        with:
-          name: bin
-          path: |
-            ./bin
+          make build GOARCH=amd64 GOOS=windows
 
   tests:
     strategy:
@@ -92,8 +80,6 @@ jobs:
             binary-suffix: windows-amd64
         os: [ubuntu-20.04, macos-11, windows-2019]
       fail-fast: false
-    needs:
-      - build
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
@@ -109,21 +95,15 @@ jobs:
           key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             tests-go-${{ runner.os }}-
-      - name: Download artifacts
-        uses: actions/download-artifact@v2
       - name: setup-envtest
         shell: bash
         run: |
           make install-envtest
+      - name: Run unit tests
+        shell: bash
+        run: |
+          make test-unit
       - name: Run e2e tests
         shell: bash
         run: |
-          EXE=
-          if [ "${{ runner.os }}" == "Windows" ]; then
-            EXE=.exe
-          fi
-
-          chmod +x ./bin/*
-          mv ./bin/kluctl-e2e-${{ matrix.binary-suffix }}$EXE ./bin/kluctl-e2e$EXE
-
-          make test-e2e-pre-built
+          make test-e2e

From 9664ff02b8f3ffd3f8badb95a210b5f693f5e22b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:01:50 +0200
Subject: [PATCH 0465/2268] chore: Setup GOOS/GOARCH properly in Makefile

---
 Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Makefile b/Makefile
index 6dee972ce..dcae8fd0d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,8 @@
 # Based on the work of Thomas Poignant (thomaspoignant)
 # https://gist.github.com/thomaspoignant/5b72d579bd5f311904d973652180c705
+GOOS=$(shell go env GOOS)
+GOARCH=$(shell go env GOARCH)
+
 EXE=
 ifeq ($(GOOS), windows)
 EXE=.exe

From d9f3483b473fcec8a84abd07d38e7b5a9baf7f41 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 10:55:06 +0200
Subject: [PATCH 0466/2268] tests: Refactor webhook handler

---
 e2e/hooks_test.go                               |  7 ++++---
 internal/test-utils/envtest_cluster_callback.go | 10 ++++------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 86bbf45fa..1d6555f3a 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	"testing"
 
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
@@ -45,9 +46,9 @@ func (s *HookTestSuite) SetupTest() {
 	s.clearSeenConfigmaps()
 }
 
-func (s *HookTestSuite) handleConfigmap(o *uo.UnstructuredObject) {
-	s.T().Logf("handleConfigmap: %s", o.GetK8sName())
-	s.seenConfigMaps = append(s.seenConfigMaps, o.GetK8sName())
+func (s *HookTestSuite) handleConfigmap(request admission.Request) {
+	s.T().Logf("handleConfigmap: %s %s/%s", request.Operation, request.Namespace, request.Name)
+	s.seenConfigMaps = append(s.seenConfigMaps, request.Name)
 }
 
 func (s *HookTestSuite) clearSeenConfigmaps() {
diff --git a/internal/test-utils/envtest_cluster_callback.go b/internal/test-utils/envtest_cluster_callback.go
index 2ec870b3c..31a6dc8f4 100644
--- a/internal/test-utils/envtest_cluster_callback.go
+++ b/internal/test-utils/envtest_cluster_callback.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/go-logr/logr"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	admissionv1 "k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -14,7 +13,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
-type CallbackHandler func(o *uo.UnstructuredObject)
+type CallbackHandler func(request admission.Request)
 
 func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb CallbackHandler) http.Handler {
 	wh := &webhook.Admission{
@@ -28,12 +27,11 @@ func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb
 }
 
 func (k *EnvTestCluster) serveCallback(gvr schema.GroupVersionResource, request admission.Request, cb CallbackHandler) {
-	o, err := uo.FromString(string(request.Object.Raw))
-	if err != nil {
-		panic(err)
+	if request.Resource.Group != gvr.Group || request.Resource.Version != gvr.Version || request.Resource.Resource != gvr.Resource {
+		return
 	}
 
-	cb(o)
+	cb(request)
 }
 
 func (k *EnvTestCluster) startCallbackServer() error {

From 4cf053b8f4085deab16f2e80c30c922d7f6112e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:12:31 +0200
Subject: [PATCH 0467/2268] tests: Add some more info to webhook logging

---
 e2e/hooks_test.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 1d6555f3a..ef4e44fba 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -47,7 +47,21 @@ func (s *HookTestSuite) SetupTest() {
 }
 
 func (s *HookTestSuite) handleConfigmap(request admission.Request) {
-	s.T().Logf("handleConfigmap: %s %s/%s", request.Operation, request.Namespace, request.Name)
+	x, err := uo.FromString(string(request.Object.Raw))
+	if err != nil {
+		s.T().Fatal(err)
+	}
+	generation, _, err := x.GetNestedInt("metadata", "generation")
+	if err != nil {
+		s.T().Fatal(err)
+	}
+	uid, _, err := x.GetNestedString("metadata", "uid")
+	if err != nil {
+		s.T().Fatal(err)
+	}
+
+	s.T().Logf("handleConfigmap: op=%s, name=%s/%s, generation=%d, uid=%s", request.Operation, request.Namespace, request.Name, generation, uid)
+
 	s.seenConfigMaps = append(s.seenConfigMaps, request.Name)
 }
 

From 73df58aeed572e6332404fefb9775d24e251846f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 16:06:59 +0200
Subject: [PATCH 0468/2268] tests: Add DynamicClient to EnvTestCluster

---
 internal/test-utils/envtest_cluster.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index 5bfd6100a..12891067b 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -7,7 +7,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
+	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
+	"net/http"
 	"os"
 	"os/exec"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
@@ -24,6 +26,9 @@ type EnvTestCluster struct {
 	Context    string
 	config     *rest.Config
 
+	HttpClient    *http.Client
+	DynamicClient dynamic.Interface
+
 	callbackServer     webhook.Server
 	callbackServerStop context.CancelFunc
 }
@@ -64,6 +69,18 @@ func (k *EnvTestCluster) Start() error {
 
 	k.Kubeconfig = kcfg
 
+	client, err := rest.HTTPClientFor(k.config)
+	if err != nil {
+		return err
+	}
+	k.HttpClient = client
+
+	dynamicClient, err := dynamic.NewForConfigAndClient(k.config, k.HttpClient)
+	if err != nil {
+		return err
+	}
+	k.DynamicClient = dynamicClient
+
 	return nil
 }
 

From 1a779a9a81e58866680eaa7fd4cac9136768e502 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 16:07:43 +0200
Subject: [PATCH 0469/2268] tests: Let flux tests use DynamicClient

---
 e2e/flux_test.go                          | 36 ++++++++++++++++++-----
 e2e/test_resources/kluctl-deployment.yaml | 11 +++++--
 2 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 1b604dccb..269562405 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -1,7 +1,11 @@
 package e2e
 
 import (
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"testing"
 
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
@@ -9,13 +13,30 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+var kluctlDeploymentGVR = schema.GroupVersionResource{
+	Group:    "flux.kluctl.io",
+	Version:  "v1alpha1",
+	Resource: "kluctldeployments",
+}
+
+func getKluctlDeploymentObject(t *testing.T, k *test_utils.EnvTestCluster) *uo.UnstructuredObject {
+	kd, err := k.DynamicClient.Resource(kluctlDeploymentGVR).Namespace("flux-test").Get(context.Background(), "microservices-demo-test", v1.GetOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if kd == nil {
+		t.Fatal("kluctldeployment not found")
+	}
+	return uo.FromUnstructured(kd)
+}
+
 func TestFluxCommands(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "simple")
+	p.init(t, k, "flux-test")
 
 	defer p.cleanup()
 
@@ -23,23 +44,24 @@ func TestFluxCommands(t *testing.T) {
 	test_resources.ApplyYaml("kluctl-crds.yaml", k)
 	test_resources.ApplyYaml("kluctl-deployment.yaml", k)
 
-	assertResourceExists(t, k, "default", "kluctldeployment/microservices-demo-test")
+	// assert that it was created
+	_ = getKluctlDeploymentObject(t, k)
 
-	p.KluctlMust("flux", "suspend", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test")
+	p.KluctlMust("flux", "suspend", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test")
 	suspend := getKluctlSuspendField(t, k)
 	assert.Equal(t, true, suspend, "Field status.suspend is not false")
 
-	p.KluctlMust("flux", "resume", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test", "--no-wait")
+	p.KluctlMust("flux", "resume", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test", "--no-wait")
 	resume := getKluctlSuspendField(t, k)
 	assert.Equal(t, false, resume, "Field status.suspend is not true")
 
-	p.KluctlMust("flux", "reconcile", "--namespace", "default", "--kluctl-deployment", "microservices-demo-test", "--with-source", "--no-wait")
+	p.KluctlMust("flux", "reconcile", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test", "--with-source", "--no-wait")
 	annotation := getKluctlAnnotations(t, k)
 	assert.Len(t, annotation, 1, "Annotation not present")
 }
 
 func getKluctlSuspendField(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
-	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
+	o := getKluctlDeploymentObject(t, k)
 	result, ok, err := o.GetNestedField("spec", "suspend")
 	fmt.Println(result)
 	if err != nil {
@@ -52,7 +74,7 @@ func getKluctlSuspendField(t *testing.T, k *test_utils.EnvTestCluster) interface
 }
 
 func getKluctlAnnotations(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
-	o := k.KubectlYamlMust(t, "-n", "default", "get", "kluctldeployment", "microservices-demo-test")
+	o := getKluctlDeploymentObject(t, k)
 	result, ok, err := o.GetNestedField("metadata", "annotations")
 	if err != nil {
 		t.Fatal(err)
diff --git a/e2e/test_resources/kluctl-deployment.yaml b/e2e/test_resources/kluctl-deployment.yaml
index e10aeede8..eae1bec80 100644
--- a/e2e/test_resources/kluctl-deployment.yaml
+++ b/e2e/test_resources/kluctl-deployment.yaml
@@ -1,9 +1,14 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-test
+---
 apiVersion: flux.kluctl.io/v1alpha1
 kind: KluctlDeployment
 metadata:
   name: microservices-demo-test
-  namespace: default
+  namespace: flux-test
 spec:
   interval: 10m
   path: ./simple
@@ -14,7 +19,7 @@ spec:
   sourceRef:
     kind: GitRepository
     name: microservices-demo
-    namespace: default
+    namespace: flux-test
   target: simple
   timeout: 2m
 ---
@@ -22,7 +27,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
   name: microservices-demo
-  namespace: default
+  namespace: flux-test
 spec:
   interval: 5m
   ref:

From 0f96267fc13780fb5f875fe0cc8661667900d5f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 16:08:53 +0200
Subject: [PATCH 0470/2268] tests: Remove waitReadiness and waitForReadiness

---
 e2e/utils.go | 49 ++-----------------------------------------------
 1 file changed, 2 insertions(+), 47 deletions(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index eaf69dea2..e4f75094a 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -3,18 +3,13 @@ package e2e
 import (
 	"bufio"
 	"bytes"
-	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io"
 	"os/exec"
 	"reflect"
 	"strings"
 	"testing"
-	"time"
-
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/validation"
-	log "github.com/sirupsen/logrus"
 )
 
 func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
@@ -22,46 +17,6 @@ func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace strin
 	k.KubectlMust(t, "label", "ns", namespace, "kluctl-e2e=true")
 }
 
-func waitForReadiness(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string, timeout time.Duration) bool {
-	t.Logf("Waiting for readiness: %s/%s", namespace, resource)
-
-	startTime := time.Now()
-	for time.Now().Sub(startTime) < timeout {
-		y, stderr, err := k.KubectlYaml("-n", namespace, "get", resource)
-		if err != nil {
-			if strings.Index(stderr, "NotFound") == -1 {
-				t.Fatal(err)
-			}
-			time.Sleep(1 * time.Second)
-			continue
-		}
-
-		v := validation.ValidateObject(nil, y, true)
-		if v.Ready {
-			return true
-		}
-
-		if log.IsLevelEnabled(log.DebugLevel) {
-			errTxt := ""
-			for _, e := range v.Errors {
-				if errTxt != "" {
-					errTxt += "\n"
-				}
-				errTxt += fmt.Sprintf("%s: %s", e.Ref.String(), e.Error)
-			}
-			log.Debugf("validation failed for %s/%s. errors:\n%s", namespace, resource, errTxt)
-		}
-		time.Sleep(1 * time.Second)
-	}
-	return false
-}
-
-func assertReadiness(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string, timeout time.Duration) {
-	if !waitForReadiness(t, k, namespace, resource, timeout) {
-		t.Errorf("%s/%s did not get ready in time", namespace, resource)
-	}
-}
-
 func assertResourceExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string) *uo.UnstructuredObject {
 	var args []string
 	if namespace != "" {

From da3134335991590f26bfcad82e1e361d8690ca97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 16:18:17 +0200
Subject: [PATCH 0471/2268] tests: Use DynamicClient instead of kubectl to
 check for configmaps

---
 e2e/contexts_test.go                   | 32 +++++++++---------
 e2e/deploy_test.go                     |  6 ++--
 e2e/hooks_test.go                      |  2 +-
 e2e/no_target_test.go                  |  8 ++---
 e2e/utils.go                           | 45 ++++++++++++++------------
 internal/test-utils/envtest_cluster.go | 26 +++++++++++++++
 6 files changed, 74 insertions(+), 45 deletions(-)

diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 6d9d10c7a..7de30a13f 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -33,15 +33,15 @@ func TestContextCurrent(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 
 	p.updateMergedKubeconfig(func(config *api.Config) {
 		config.CurrentContext = defaultCluster2.Context
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
 }
 
 func TestContext1(t *testing.T) {
@@ -55,8 +55,8 @@ func TestContext1(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 }
 
 func TestContext2(t *testing.T) {
@@ -70,8 +70,8 @@ func TestContext2(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster1, p.projectName, "cm")
 }
 
 func TestContext1And2(t *testing.T) {
@@ -88,11 +88,11 @@ func TestContext1And2(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test2")
-	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
 }
 
 func TestContextSwitch(t *testing.T) {
@@ -106,15 +106,15 @@ func TestContextSwitch(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
 }
 
 func TestContextOverride(t *testing.T) {
@@ -128,9 +128,9 @@ func TestContextOverride(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
-	assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
 }
diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index 9e54ebcf8..c6b0493da 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -22,14 +22,14 @@ func TestCommandDeploySimple(t *testing.T) {
 		namespace: p.projectName,
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceExists(t, k, p.projectName, "ConfigMap/cm")
+	assertConfigMapExists(t, k, p.projectName, "cm")
 
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
 		name:      "cm2",
 		namespace: p.projectName,
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
-	assertResourceNotExists(t, k, p.projectName, "ConfigMap/cm2")
+	assertConfigMapNotExists(t, k, p.projectName, "cm2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceExists(t, k, p.projectName, "ConfigMap/cm2")
+	assertConfigMapExists(t, k, p.projectName, "cm2")
 }
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index ef4e44fba..0385eb418 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -132,7 +132,7 @@ func (s *HookTestSuite) ensureHookExecuted(p *testProject, expectedCms ...string
 func (s *HookTestSuite) ensureHookNotExecuted(p *testProject) {
 	_, _, _ = s.k.Kubectl("delete", "-n", p.projectName, "configmaps", "cm1")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertResourceNotExists(s.T(), s.k, p.projectName, "ConfigMap/cm1")
+	assertConfigMapNotExists(s.T(), s.k, p.projectName, "cm1")
 }
 
 func (s *HookTestSuite) TestHooksPreDeployInitial() {
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 80f419298..31351c3eb 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -31,22 +31,22 @@ func TestNoTarget(t *testing.T) {
 	defer p.cleanup()
 
 	p.KluctlMust("deploy", "--yes")
-	cm := assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
-	assertResourceNotExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	cm := assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name")
-	cm = assertResourceExists(t, defaultCluster1, p.projectName, "ConfigMap/cm")
+	cm = assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
-	cm = assertResourceExists(t, defaultCluster2, p.projectName, "ConfigMap/cm")
+	cm = assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster2.Context,
diff --git a/e2e/utils.go b/e2e/utils.go
index e4f75094a..7e7ac0d26 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -3,42 +3,45 @@ package e2e
 import (
 	"bufio"
 	"bytes"
+	"context"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"os/exec"
 	"reflect"
-	"strings"
 	"testing"
 )
 
 func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
-	k.KubectlMust(t, "create", "ns", namespace)
-	k.KubectlMust(t, "label", "ns", namespace, "kluctl-e2e=true")
-}
+	var ns unstructured.Unstructured
+	ns.SetName(namespace)
+
+	_, err := k.DynamicClient.Resource(v1.SchemeGroupVersion.WithResource("namespaces")).Create(context.Background(), &ns, metav1.CreateOptions{})
 
-func assertResourceExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string) *uo.UnstructuredObject {
-	var args []string
-	if namespace != "" {
-		args = append(args, "-n", namespace)
+	if err != nil {
+		t.Fatal(err)
 	}
-	args = append(args, "get", resource)
-	return k.KubectlYamlMust(t, args...)
 }
 
-func assertResourceNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, resource string) {
-	var args []string
-	if namespace != "" {
-		args = append(args, "-n", namespace)
+func assertConfigMapExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
+	x, err := k.Get(v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+	if err != nil {
+		t.Fatalf("unexpected error '%v' while getting ConfigMap %s/%s", err, namespace, name)
 	}
-	args = append(args, "get", resource)
-	_, stderr, err := k.KubectlYaml(args...)
+	return x
+}
+
+func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) {
+	_, err := k.Get(v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
 	if err == nil {
-		t.Fatalf("'kubectl get' for %s should not have succeeded", resource)
-	} else {
-		if strings.Index(stderr, "(NotFound)") == -1 {
-			t.Fatal(err)
-		}
+		t.Fatalf("expected %s/%s to not exist", namespace, name)
+	}
+	if !errors.IsNotFound(err) {
+		t.Fatalf("unexpected error '%v' for %s/%s, expected a NotFound error", err, namespace, name)
 	}
 }
 
diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index 12891067b..33fa9a51a 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -7,6 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
 	"net/http"
@@ -100,6 +102,30 @@ func (c *EnvTestCluster) RESTConfig() *rest.Config {
 	return c.config
 }
 
+func (c *EnvTestCluster) Get(gvr schema.GroupVersionResource, namespace string, name string) (*uo.UnstructuredObject, error) {
+	x, err := c.DynamicClient.Resource(gvr).Namespace(namespace).Get(context.Background(), name, metav1.GetOptions{})
+	if err != nil {
+		return nil, err
+	}
+	return uo.FromUnstructured(x), nil
+}
+
+func (c *EnvTestCluster) MustGet(t *testing.T, gvr schema.GroupVersionResource, namespace string, name string) *uo.UnstructuredObject {
+	x, err := c.Get(gvr, namespace, name)
+	if err != nil {
+		t.Fatalf("error while getting %s/%s/%s: %s", gvr.String(), namespace, name, err.Error())
+	}
+	return x
+}
+
+func (c *EnvTestCluster) MustGetCoreV1(t *testing.T, resource string, namespace string, name string) *uo.UnstructuredObject {
+	return c.MustGet(t, schema.GroupVersionResource{
+		Group:    "",
+		Version:  "v1",
+		Resource: resource,
+	}, namespace, name)
+}
+
 func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
 	tmp, err := os.CreateTemp("", "")
 	if err != nil {

From 54edaaa93d29e8e6cbb96bf2498bbc276b39c76b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Oct 2022 17:06:33 +0200
Subject: [PATCH 0472/2268] tests: Stop using kubectl in ApplyYamls

---
 e2e/test_resources/resources.go     | 68 +++++++++++++++++++++++++----
 pkg/deployment/commands/validate.go |  2 +-
 pkg/deployment/utils/apply_utils.go |  2 +-
 pkg/validation/validation.go        |  6 ++-
 4 files changed, 67 insertions(+), 11 deletions(-)

diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 90454201d..2e53339ec 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -1,8 +1,17 @@
 package test_resources
 
 import (
+	"context"
 	"embed"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/validation"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
 	"os"
+	"strings"
+	"time"
 
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -26,22 +35,65 @@ func GetYamlTmpFile(name string) string {
 	return tmpFile.Name()
 }
 
+// poor mans resource mapper :)
+func guessGVR(gvk schema.GroupVersionKind) schema.GroupVersionResource {
+	gvr := schema.GroupVersionResource{
+		Group:   gvk.Group,
+		Version: gvk.Version,
+	}
+	if strings.HasSuffix(gvk.Kind, "y") {
+		gvr.Resource = strings.ToLower(gvk.Kind)[:len(gvk.Kind)-1] + "ies"
+	} else {
+		gvr.Resource = strings.ToLower(gvk.Kind) + "s"
+	}
+	return gvr
+}
+
 func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 	tmpFile := GetYamlTmpFile(name)
 	defer os.Remove(tmpFile)
 
-	_, _, err := k.Kubectl("apply", "-f", tmpFile)
+	docs, err := yaml.ReadYamlAllFile(tmpFile)
 	if err != nil {
 		panic(err)
 	}
-}
 
-func DeleteYaml(name string, k *test_utils.EnvTestCluster) {
-	tmpFile := GetYamlTmpFile(name)
-	defer os.Remove(tmpFile)
+	for _, doc := range docs {
+		m, ok := doc.(map[string]any)
+		if !ok {
+			panic("not a map!")
+		}
+		x := uo.FromMap(m)
 
-	_, _, err := k.Kubectl("delete", "-f", tmpFile)
-	if err != nil {
-		panic(err)
+		data, err := yaml.WriteYamlBytes(x)
+		if err != nil {
+			panic(err)
+		}
+
+		gvr := guessGVR(x.GetK8sGVK())
+		_, err = k.DynamicClient.Resource(gvr).
+			Namespace(x.GetK8sNamespace()).
+			Patch(context.Background(), x.GetK8sName(), types.ApplyPatchType, data, metav1.PatchOptions{
+				FieldManager: "e2e-tests",
+			})
+		if err != nil {
+			panic(err)
+		}
+
+		// wait for CRDs to get accepted
+		if x.GetK8sGVK().Kind == "CustomResourceDefinition" {
+			for true {
+				u, err := k.DynamicClient.Resource(gvr).Get(context.Background(), x.GetK8sName(), metav1.GetOptions{})
+				if err != nil {
+					panic(err)
+				}
+				vr := validation.ValidateObject(nil, uo.FromUnstructured(u), true, true)
+				if vr.Ready {
+					break
+				} else {
+					time.Sleep(time.Millisecond * 100)
+				}
+			}
+		}
 	}
 }
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 0647a3b51..1b4f20e89 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -56,7 +56,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 				result.Errors = append(result.Errors, types.DeploymentError{Ref: ref, Error: "object not found"})
 				continue
 			}
-			r := validation.ValidateObject(k, remoteObject, true)
+			r := validation.ValidateObject(k, remoteObject, true, false)
 			if !r.Ready {
 				result.Ready = false
 			}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index bf1043c91..440b83e76 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -363,7 +363,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			a.HandleError(ref, err)
 			return false
 		}
-		v := validation.ValidateObject(a.k, o, false)
+		v := validation.ValidateObject(a.k, o, false, false)
 		if v.Ready {
 			if didLog {
 				a.sctx.InfoFallback("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 7a1f1083c..36cf3445e 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -45,7 +45,7 @@ const (
 	reactNotReady
 )
 
-func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool) (ret types.ValidateResult) {
+func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool, forceStatusRequired bool) (ret types.ValidateResult) {
 	ref := o.GetK8sRef()
 
 	// We assume all is good in case no validation is performed
@@ -118,6 +118,10 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 
 	status, _, _ := o.GetNestedObject("status")
 	if status == nil {
+		if forceStatusRequired {
+			addNotReady("no status available yet")
+			return
+		}
 		if k == nil {
 			// can't really say anything...
 			return

From 9befb241e5cec495988e0fe868583c48d724af56 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:31:05 +0200
Subject: [PATCH 0473/2268] tests: Stop using kubectl in inclusion_test.go

---
 e2e/inclusion_test.go                  |  8 +++++---
 internal/test-utils/envtest_cluster.go | 27 ++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 243584b03..99e1beaab 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -1,8 +1,8 @@
 package e2e
 
 import (
-	"fmt"
 	"github.com/kluctl/kluctl/v2/internal/test-utils"
+	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
 	"reflect"
 	"testing"
@@ -58,8 +58,10 @@ func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestClust
 			delete(shouldExists, x)
 		}
 	}
-	exists := k.KubectlYamlMust(t, "-n", p.projectName, "get", "configmaps", "-l", fmt.Sprintf("project_name=%s", p.projectName))
-	items, _, _ := exists.GetNestedObjectList("items")
+	items, err := k.List(corev1.SchemeGroupVersion.WithResource("configmaps"), p.projectName, map[string]string{"project_name": p.projectName})
+	if err != nil {
+		t.Fatal(err)
+	}
 	found := make(map[string]bool)
 	for _, x := range items {
 		found[x.GetK8sName()] = true
diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index 33fa9a51a..fbf531283 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -126,6 +126,33 @@ func (c *EnvTestCluster) MustGetCoreV1(t *testing.T, resource string, namespace
 	}, namespace, name)
 }
 
+func (c *EnvTestCluster) List(gvr schema.GroupVersionResource, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, error) {
+	labelSelector := ""
+	if len(labels) != 0 {
+		for k, v := range labels {
+			if labelSelector != "" {
+				labelSelector += ","
+			}
+			labelSelector += fmt.Sprintf("%s=%s", k, v)
+		}
+	}
+
+	l, err := c.DynamicClient.Resource(gvr).
+		Namespace(namespace).
+		List(context.Background(), metav1.ListOptions{
+			LabelSelector: labelSelector,
+		})
+	if err != nil {
+		return nil, err
+	}
+	var ret []*uo.UnstructuredObject
+	for _, x := range l.Items {
+		x := x
+		ret = append(ret, uo.FromUnstructured(&x))
+	}
+	return ret, nil
+}
+
 func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
 	tmp, err := os.CreateTemp("", "")
 	if err != nil {

From abe958b7e83f351bb49449d0fd9353c5a278b6df Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:31:25 +0200
Subject: [PATCH 0474/2268] tests: Stop using kubectl in args_test.go

---
 e2e/args_test.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 840203e04..026f3bee0 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -50,32 +50,32 @@ func TestArgs(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
-	cm := k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d2"}`, "data", "d")
 
 	tmpFile, err := os.CreateTemp("", "")
@@ -89,7 +89,7 @@ nested:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d3"}}`, "data", "d")
 
 	_ = tmpFile.Truncate(0)
@@ -103,7 +103,7 @@ d:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
-	cm = k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, "a2", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
@@ -140,7 +140,7 @@ func TestArgsFromEnv(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	cm := k.KubectlYamlMust(t, "-n", p.projectName, "get", "cm/cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "c"}}`, "data", "c")

From e6b33ce8ad9ccc6f4aa5d44d91f2c51617bd95fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:31:38 +0200
Subject: [PATCH 0475/2268] tests: Stop using kubectl in hooks_test.go

---
 e2e/hooks_test.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 0385eb418..1d16eb736 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -1,9 +1,12 @@
 package e2e
 
 import (
+	"context"
 	"fmt"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	"testing"
@@ -130,7 +133,9 @@ func (s *HookTestSuite) ensureHookExecuted(p *testProject, expectedCms ...string
 }
 
 func (s *HookTestSuite) ensureHookNotExecuted(p *testProject) {
-	_, _, _ = s.k.Kubectl("delete", "-n", p.projectName, "configmaps", "cm1")
+	_ = s.k.DynamicClient.Resource(corev1.SchemeGroupVersion.WithResource("configmaps")).
+		Namespace(p.projectName).
+		Delete(context.Background(), "cm1", metav1.DeleteOptions{})
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapNotExists(s.T(), s.k, p.projectName, "cm1")
 }

From e805b7f8645c066c234952cfc1227268641e13bc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:31:48 +0200
Subject: [PATCH 0476/2268] tests: Stop using kubectl in seal_test.go

---
 e2e/seal_test.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 14219dd66..808735fa8 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"context"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -13,6 +14,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	certUtil "k8s.io/client-go/util/cert"
 	"k8s.io/client-go/util/keyutil"
 	"net"
@@ -158,7 +162,12 @@ func (s *SealedSecretsTestSuite) addSecretsSetToTarget(p *testProject, targetNam
 }
 
 func (s *SealedSecretsTestSuite) assertSealedSecret(k *test_utils.EnvTestCluster, namespace string, secretName string, expectedCertHash string, expectedSecrets map[string]string) {
-	y := k.KubectlYamlMust(s.T(), "-n", namespace, "get", "sealedsecret", secretName)
+
+	y := k.MustGet(s.T(), schema.GroupVersionResource{
+		Group:    "bitnami.com",
+		Version:  "v1alpha1",
+		Resource: "sealedsecrets",
+	}, namespace, secretName)
 
 	h1 := y.GetK8sAnnotation("kluctl.io/sealedsecret-cert-hash")
 	if h1 == nil {
@@ -219,7 +228,8 @@ func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
 	namespace := "seal-with-bootstrap"
 
 	// deleting the crd causes kluctl to not recognize the operator, so it will do a bootstrap
-	k.KubectlMust(s.T(), "delete", "crd", "sealedsecrets.bitnami.com")
+	_ = k.DynamicClient.Resource(apiextensionsv1.SchemeGroupVersion.WithResource("customresourcedefinitions")).
+		Delete(context.Background(), "sealedsecrets.bitnami.com", metav1.DeleteOptions{})
 
 	p := s.prepareSealTest(k, namespace,
 		map[string]string{
@@ -246,7 +256,7 @@ func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	pkCm := k.KubectlYamlMust(s.T(), "-n", "kube-system", "get", "cm", "sealed-secrets-key-kluctl-bootstrap")
+	pkCm := k.MustGetCoreV1(s.T(), "configmaps", "kube-system", "sealed-secrets-key-kluctl-bootstrap")
 	certBytes, ok, _ := pkCm.GetNestedString("data", "tls.crt")
 	s.Assertions.True(ok)
 

From ba963705c677c3ad0cfd7c48a9477041a098dd8d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 11:39:06 +0200
Subject: [PATCH 0477/2268] tests: Paralellize ApplyYaml

---
 e2e/flux_test.go                |  14 ++++-
 e2e/seal_test.go                |  14 ++++-
 e2e/test_resources/resources.go | 100 +++++++++++++++++++++++---------
 3 files changed, 95 insertions(+), 33 deletions(-)

diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 269562405..33f30dbde 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sync"
 	"testing"
 
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
@@ -40,8 +41,17 @@ func TestFluxCommands(t *testing.T) {
 
 	defer p.cleanup()
 
-	test_resources.ApplyYaml("flux-source-crd.yaml", k)
-	test_resources.ApplyYaml("kluctl-crds.yaml", k)
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		test_resources.ApplyYaml("flux-source-crd.yaml", k)
+		wg.Done()
+	}()
+	go func() {
+		test_resources.ApplyYaml("kluctl-crds.yaml", k)
+		wg.Done()
+	}()
+	wg.Wait()
 	test_resources.ApplyYaml("kluctl-deployment.yaml", k)
 
 	// assert that it was created
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 808735fa8..36cc27099 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -23,6 +23,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"path/filepath"
+	"sync"
 	"testing"
 	"time"
 )
@@ -52,8 +53,17 @@ func (s *SealedSecretsTestSuite) SetupSuite() {
 	s.k = defaultCluster1
 	s.k2 = defaultCluster2
 
-	test_resources.ApplyYaml("sealed-secrets.yaml", s.k)
-	test_resources.ApplyYaml("sealed-secrets.yaml", s.k2)
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		test_resources.ApplyYaml("sealed-secrets.yaml", s.k)
+		wg.Done()
+	}()
+	go func() {
+		test_resources.ApplyYaml("sealed-secrets.yaml", s.k2)
+		wg.Done()
+	}()
+	wg.Wait()
 
 	var err error
 	s.certServer1, err = s.startCertServer()
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 2e53339ec..f374d2ee0 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -3,6 +3,8 @@ package test_resources
 import (
 	"context"
 	"embed"
+	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -10,11 +12,10 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"os"
+	"sort"
 	"strings"
+	"sync"
 	"time"
-
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 //go:embed *.yaml
@@ -49,6 +50,32 @@ func guessGVR(gvk schema.GroupVersionKind) schema.GroupVersionResource {
 	return gvr
 }
 
+func prio(x *uo.UnstructuredObject) int {
+	switch x.GetK8sGVK().Kind {
+	case "Namespace":
+		return 100
+	case "CustomResourceDefinition":
+		return 100
+	default:
+		return 0
+	}
+}
+
+func waitReadiness(k *test_utils.EnvTestCluster, x *uo.UnstructuredObject) {
+	for true {
+		u, err := k.DynamicClient.Resource(guessGVR(x.GetK8sGVK())).Get(context.Background(), x.GetK8sName(), metav1.GetOptions{})
+		if err != nil {
+			panic(err)
+		}
+		vr := validation.ValidateObject(nil, uo.FromUnstructured(u), true, true)
+		if vr.Ready {
+			break
+		} else {
+			time.Sleep(time.Millisecond * 100)
+		}
+	}
+}
+
 func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 	tmpFile := GetYamlTmpFile(name)
 	defer os.Remove(tmpFile)
@@ -58,42 +85,57 @@ func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 		panic(err)
 	}
 
+	var objects []*uo.UnstructuredObject
 	for _, doc := range docs {
 		m, ok := doc.(map[string]any)
 		if !ok {
 			panic("not a map!")
 		}
 		x := uo.FromMap(m)
+		objects = append(objects, x)
+	}
 
-		data, err := yaml.WriteYamlBytes(x)
-		if err != nil {
-			panic(err)
-		}
+	sort.SliceStable(objects, func(i, j int) bool {
+		return prio(objects[i]) > prio(objects[j])
+	})
 
-		gvr := guessGVR(x.GetK8sGVK())
-		_, err = k.DynamicClient.Resource(gvr).
-			Namespace(x.GetK8sNamespace()).
-			Patch(context.Background(), x.GetK8sName(), types.ApplyPatchType, data, metav1.PatchOptions{
-				FieldManager: "e2e-tests",
-			})
-		if err != nil {
-			panic(err)
+	var wg sync.WaitGroup
+	prevPrio := prio(objects[0])
+	for _, x := range objects {
+		x := x
+
+		p := prio(x)
+		if p != prevPrio {
+			wg.Wait()
 		}
+		prevPrio = p
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
 
-		// wait for CRDs to get accepted
-		if x.GetK8sGVK().Kind == "CustomResourceDefinition" {
-			for true {
-				u, err := k.DynamicClient.Resource(gvr).Get(context.Background(), x.GetK8sName(), metav1.GetOptions{})
-				if err != nil {
-					panic(err)
-				}
-				vr := validation.ValidateObject(nil, uo.FromUnstructured(u), true, true)
-				if vr.Ready {
-					break
-				} else {
-					time.Sleep(time.Millisecond * 100)
-				}
+			data, err := yaml.WriteYamlBytes(x)
+			if err != nil {
+				panic(err)
 			}
-		}
+
+			gvr := guessGVR(x.GetK8sGVK())
+			_, err = k.DynamicClient.Resource(gvr).
+				Namespace(x.GetK8sNamespace()).
+				Patch(context.Background(), x.GetK8sName(), types.ApplyPatchType, data, metav1.PatchOptions{
+					FieldManager: "e2e-tests",
+				})
+			if err != nil {
+				panic(err)
+			}
+
+			// wait for CRDs to get accepted
+			if x.GetK8sGVK().Kind == "CustomResourceDefinition" {
+				waitReadiness(k, x)
+				// add some safety net...for some reason the envtest api server still fails if not waiting
+				time.Sleep(200 * time.Millisecond)
+			}
+		}()
 	}
+	wg.Wait()
 }

From e86e1bae403a9ea17b3ada0b0dc52dd63eff6d7e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 12:06:04 +0200
Subject: [PATCH 0478/2268] tests: Disable rate limitting

---
 internal/test-utils/envtest_cluster.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index fbf531283..dd03a5c59 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -11,6 +11,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/util/flowcontrol"
 	"net/http"
 	"os"
 	"os/exec"
@@ -61,6 +62,7 @@ func (k *EnvTestCluster) Start() error {
 	k.user = user
 
 	k.config = user.Config()
+	k.config.RateLimiter = flowcontrol.NewFakeAlwaysRateLimiter()
 
 	kcfg, err := user.KubeConfig()
 	if err != nil {

From f55474521d423b220ebf0f341a8937c6b6048911 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 12:06:39 +0200
Subject: [PATCH 0479/2268] tests: Remove Kubectl help funcs

---
 internal/test-utils/envtest_cluster.go | 64 --------------------------
 1 file changed, 64 deletions(-)

diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index dd03a5c59..f113e87ff 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -5,16 +5,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"io"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/util/flowcontrol"
 	"net/http"
-	"os"
-	"os/exec"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"testing"
@@ -154,63 +150,3 @@ func (c *EnvTestCluster) List(gvr schema.GroupVersionResource, namespace string,
 	}
 	return ret, nil
 }
-
-func (c *EnvTestCluster) Kubectl(args ...string) (string, string, error) {
-	tmp, err := os.CreateTemp("", "")
-	if err != nil {
-		return "", "", err
-	}
-	defer func() {
-		tmp.Close()
-		os.Remove(tmp.Name())
-	}()
-
-	_, err = tmp.Write(c.Kubeconfig)
-	if err != nil {
-		return "", "", err
-	}
-
-	stdoutBuffer := &bytes.Buffer{}
-	stderrBuffer := &bytes.Buffer{}
-	allArgs := append([]string{fmt.Sprintf("--kubeconfig=%s", tmp.Name())}, args...)
-
-	cmd := exec.Command(c.env.ControlPlane.KubectlPath, allArgs...)
-	cmd.Stdout = stdoutBuffer
-	cmd.Stderr = stderrBuffer
-
-	err = cmd.Run()
-	stdout, _ := io.ReadAll(stdoutBuffer)
-	stderr, _ := io.ReadAll(stderrBuffer)
-	return string(stdout), string(stderr), err
-}
-
-func (c *EnvTestCluster) KubectlMust(t *testing.T, args ...string) string {
-	stdout, stderr, err := c.Kubectl(args...)
-	if err != nil {
-		if t != nil {
-			t.Fatalf("%v, stderr=%s\n", err, stderr)
-		} else {
-			panic(fmt.Sprintf("%v, stderr=%s\n", err, stderr))
-		}
-	}
-	return stdout
-}
-
-func (c *EnvTestCluster) KubectlYaml(args ...string) (*uo.UnstructuredObject, string, error) {
-	args = append(args, "-oyaml")
-	stdout, stderr, err := c.Kubectl(args...)
-	if err != nil {
-		return nil, stderr, err
-	}
-	ret := uo.New()
-	err = yaml.ReadYamlString(stdout, ret)
-	return ret, stderr, err
-}
-
-func (c *EnvTestCluster) KubectlYamlMust(t *testing.T, args ...string) *uo.UnstructuredObject {
-	o, stderr, err := c.KubectlYaml(args...)
-	if err != nil {
-		t.Fatalf("%v, stderr=%s\n", err, stderr)
-	}
-	return o
-}

From c659f7846174b5121dd174471224e7ce5e296c99 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 13:49:42 +0200
Subject: [PATCH 0480/2268] tests: Make hook tests parallel again

---
 e2e/default_clusters.go                       |   4 +
 e2e/hooks_test.go                             | 209 +++++++++---------
 internal/test-utils/envtest_cluster.go        |   4 +
 .../test-utils/envtest_cluster_callback.go    |  44 +++-
 4 files changed, 153 insertions(+), 108 deletions(-)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index ed28ccbbb..ca75f2003 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
 )
 
@@ -24,6 +25,9 @@ func init() {
 	}()
 	go func() {
 		defer wg.Done()
+		defaultCluster2.InitWebhookCallback(schema.GroupVersionResource{
+			Version: "v1", Resource: "configmaps",
+		}, true)
 		err := defaultCluster2.Start()
 		if err != nil {
 			panic(err)
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 1d16eb736..29a54f239 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -15,65 +14,56 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
-type HookTestSuite struct {
-	suite.Suite
-
+type hooksTestContext struct {
+	t *testing.T
 	k *test_utils.EnvTestCluster
 
+	p *testProject
+
 	seenConfigMaps []string
-}
 
-func TestHooks(t *testing.T) {
-	t.Parallel()
-	suite.Run(t, &HookTestSuite{})
+	whh *test_utils.CallbackHandlerEntry
 }
 
-func (s *HookTestSuite) SetupSuite() {
-	s.clearSeenConfigmaps()
-
-	s.k = test_utils.CreateEnvTestCluster("cluster1")
-	s.k.AddWebhookCallback(schema.GroupVersionResource{
+func (s *hooksTestContext) setupWebhook() {
+	s.whh = s.k.AddWebhookHandler(schema.GroupVersionResource{
 		Version: "v1", Resource: "configmaps",
-	}, true, s.handleConfigmap)
-	err := s.k.Start()
-	if err != nil {
-		s.T().Fatal(err)
-	}
+	}, s.handleConfigmap)
 }
 
-func (s *HookTestSuite) TearDownSuite() {
-	s.k.Stop()
+func (s *hooksTestContext) removeWebhook() {
+	s.k.RemoveWebhookHandler(s.whh)
 }
 
-func (s *HookTestSuite) SetupTest() {
-	s.clearSeenConfigmaps()
-}
+func (s *hooksTestContext) handleConfigmap(request admission.Request) {
+	if s.p.projectName != request.Namespace {
+		return
+	}
 
-func (s *HookTestSuite) handleConfigmap(request admission.Request) {
 	x, err := uo.FromString(string(request.Object.Raw))
 	if err != nil {
-		s.T().Fatal(err)
+		s.t.Fatal(err)
 	}
 	generation, _, err := x.GetNestedInt("metadata", "generation")
 	if err != nil {
-		s.T().Fatal(err)
+		s.t.Fatal(err)
 	}
 	uid, _, err := x.GetNestedString("metadata", "uid")
 	if err != nil {
-		s.T().Fatal(err)
+		s.t.Fatal(err)
 	}
 
-	s.T().Logf("handleConfigmap: op=%s, name=%s/%s, generation=%d, uid=%s", request.Operation, request.Namespace, request.Name, generation, uid)
+	s.t.Logf("handleConfigmap: op=%s, name=%s/%s, generation=%d, uid=%s", request.Operation, request.Namespace, request.Name, generation, uid)
 
 	s.seenConfigMaps = append(s.seenConfigMaps, request.Name)
 }
 
-func (s *HookTestSuite) clearSeenConfigmaps() {
-	s.T().Logf("clearSeenConfigmaps: %v", s.seenConfigMaps)
+func (s *hooksTestContext) clearSeenConfigmaps() {
+	s.t.Logf("clearSeenConfigmaps: %v", s.seenConfigMaps)
 	s.seenConfigMaps = nil
 }
 
-func (s *HookTestSuite) addHookConfigMap(p *testProject, dir string, opts resourceOpts, isHelm bool, hook string, hookDeletionPolicy string) {
+func (s *hooksTestContext) addHookConfigMap(dir string, opts resourceOpts, isHelm bool, hook string, hookDeletionPolicy string) {
 	annotations := make(map[string]string)
 	if isHelm {
 		annotations["helm.sh/hook"] = hook
@@ -89,130 +79,137 @@ func (s *HookTestSuite) addHookConfigMap(p *testProject, dir string, opts resour
 
 	opts.annotations = uo.CopyMergeStrMap(opts.annotations, annotations)
 
-	s.addConfigMap(p, dir, opts)
+	s.addConfigMap(dir, opts)
 }
 
-func (s *HookTestSuite) addConfigMap(p *testProject, dir string, opts resourceOpts) {
+func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	o := uo.New()
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
-	p.addKustomizeResources(dir, []kustomizeResource{
+	s.p.addKustomizeResources(dir, []kustomizeResource{
 		{fmt.Sprintf("%s.yml", opts.name), "", o},
 	})
 }
 
-func (s *HookTestSuite) prepareHookTestProject(name string, hook string, hookDeletionPolicy string) *testProject {
-	isDone := false
+func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) *hooksTestContext {
+	s := &hooksTestContext{
+		t: t,
+		k: defaultCluster2, // use cluster2 as it has webhooks setup
+		p: &testProject{},
+	}
+	s.setupWebhook()
+
 	namespace := fmt.Sprintf("hook-%s", name)
-	p := &testProject{}
-	p.init(s.T(), s.k, namespace)
-	defer func() {
-		if !isDone {
-			p.cleanup()
-		}
-	}()
 
-	createNamespace(s.T(), s.k, namespace)
+	s.p.init(t, s.k, namespace)
+	t.Cleanup(func() {
+		s.removeWebhook()
+		s.p.cleanup()
+	})
+
+	createNamespace(s.t, s.k, namespace)
 
-	p.updateTarget("test", nil)
+	s.p.updateTarget("test", nil)
 
-	p.addKustomizeDeployment("hook", nil, nil)
+	s.p.addKustomizeDeployment("hook", nil, nil)
 
-	s.addConfigMap(p, "hook", resourceOpts{name: "cm1", namespace: namespace})
-	s.addHookConfigMap(p, "hook", resourceOpts{name: "hook1", namespace: namespace}, false, hook, hookDeletionPolicy)
+	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: namespace})
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: namespace}, false, hook, hookDeletionPolicy)
 
-	isDone = true
-	return p
+	return s
 }
 
-func (s *HookTestSuite) ensureHookExecuted(p *testProject, expectedCms ...string) {
+func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
 	s.clearSeenConfigmaps()
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assert.Equal(s.T(), expectedCms, s.seenConfigMaps)
+	s.p.KluctlMust("deploy", "--yes", "-t", "test")
+	assert.Equal(s.t, expectedCms, s.seenConfigMaps)
 }
 
-func (s *HookTestSuite) ensureHookNotExecuted(p *testProject) {
+func (s *hooksTestContext) ensureHookNotExecuted() {
 	_ = s.k.DynamicClient.Resource(corev1.SchemeGroupVersion.WithResource("configmaps")).
-		Namespace(p.projectName).
+		Namespace(s.p.projectName).
 		Delete(context.Background(), "cm1", metav1.DeleteOptions{})
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapNotExists(s.T(), s.k, p.projectName, "cm1")
+	s.p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapNotExists(s.t, s.k, s.p.projectName, "cm1")
 }
 
-func (s *HookTestSuite) TestHooksPreDeployInitial() {
-	p := s.prepareHookTestProject("pre-deploy-initial", "pre-deploy-initial", "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "hook1", "cm1")
-	s.ensureHookExecuted(p, "cm1")
+func TestHooksPreDeployInitial(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "pre-deploy-initial", "pre-deploy-initial", "")
+	s.ensureHookExecuted("hook1", "cm1")
+	s.ensureHookExecuted("cm1")
 }
 
-func (s *HookTestSuite) TestHooksPostDeployInitial() {
-	p := s.prepareHookTestProject("post-deploy-initial", "post-deploy-initial", "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "cm1", "hook1")
-	s.ensureHookExecuted(p, "cm1")
+func TestHooksPostDeployInitial(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-deploy-initial", "post-deploy-initial", "")
+	s.ensureHookExecuted("cm1", "hook1")
+	s.ensureHookExecuted("cm1")
 }
 
-func (s *HookTestSuite) TestHooksPreDeployUpgrade() {
-	p := s.prepareHookTestProject("pre-deploy-upgrade", "pre-deploy-upgrade", "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "cm1")
-	s.ensureHookExecuted(p, "hook1", "cm1")
-	s.ensureHookExecuted(p, "hook1", "cm1")
+func TestHooksPreDeployUpgrade(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "pre-deploy-upgrade", "pre-deploy-upgrade", "")
+	s.ensureHookExecuted("cm1")
+	s.ensureHookExecuted("hook1", "cm1")
+	s.ensureHookExecuted("hook1", "cm1")
 }
 
-func (s *HookTestSuite) TestHooksPostDeployUpgrade() {
-	p := s.prepareHookTestProject("post-deploy-upgrade", "post-deploy-upgrade", "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "cm1")
-	s.ensureHookExecuted(p, "cm1", "hook1")
-	s.ensureHookExecuted(p, "cm1", "hook1")
+func TestHooksPostDeployUpgrade(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-deploy-upgrade", "post-deploy-upgrade", "")
+	s.ensureHookExecuted("cm1")
+	s.ensureHookExecuted("cm1", "hook1")
+	s.ensureHookExecuted("cm1", "hook1")
 }
 
-func (s *HookTestSuite) doTestHooksPreDeploy(name string, hooks string) {
-	p := s.prepareHookTestProject(name, hooks, "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "hook1", "cm1")
-	s.ensureHookExecuted(p, "hook1", "cm1")
+func doTestHooksPreDeploy(t *testing.T, name string, hooks string) {
+	s := prepareHookTestProject(t, name, hooks, "")
+	s.ensureHookExecuted("hook1", "cm1")
+	s.ensureHookExecuted("hook1", "cm1")
 }
 
-func (s *HookTestSuite) doTestHooksPostDeploy(name string, hooks string) {
-	p := s.prepareHookTestProject(name, hooks, "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "cm1", "hook1")
-	s.ensureHookExecuted(p, "cm1", "hook1")
+func doTestHooksPostDeploy(t *testing.T, name string, hooks string) {
+	s := prepareHookTestProject(t, name, hooks, "")
+	s.ensureHookExecuted("cm1", "hook1")
+	s.ensureHookExecuted("cm1", "hook1")
 }
 
-func (s *HookTestSuite) doTestHooksPrePostDeploy(name string, hooks string) {
-	p := s.prepareHookTestProject(name, hooks, "")
-	defer p.cleanup()
-	s.ensureHookExecuted(p, "hook1", "cm1", "hook1")
-	s.ensureHookExecuted(p, "hook1", "cm1", "hook1")
+func doTestHooksPrePostDeploy(t *testing.T, name string, hooks string) {
+	s := prepareHookTestProject(t, name, hooks, "")
+	s.ensureHookExecuted("hook1", "cm1", "hook1")
+	s.ensureHookExecuted("hook1", "cm1", "hook1")
 }
 
-func (s *HookTestSuite) TestHooksPreDeploy() {
-	s.doTestHooksPreDeploy("pre-deploy", "pre-deploy")
+func TestHooksPreDeploy(t *testing.T) {
+	t.Parallel()
+	doTestHooksPreDeploy(t, "pre-deploy", "pre-deploy")
 }
 
-func (s *HookTestSuite) TestHooksPreDeploy2() {
+func TestHooksPreDeploy2(t *testing.T) {
+	t.Parallel()
 	// same as pre-deploy
-	s.doTestHooksPreDeploy("pre-deploy2", "pre-deploy-initial,pre-deploy-upgrade")
+	doTestHooksPreDeploy(t, "pre-deploy2", "pre-deploy-initial,pre-deploy-upgrade")
 }
 
-func (s *HookTestSuite) TestHooksPostDeploy() {
-	s.doTestHooksPostDeploy("post-deploy", "post-deploy")
+func TestHooksPostDeploy(t *testing.T) {
+	t.Parallel()
+	doTestHooksPostDeploy(t, "post-deploy", "post-deploy")
 }
 
-func (s *HookTestSuite) TestHooksPostDeploy2() {
+func TestHooksPostDeploy2(t *testing.T) {
+	t.Parallel()
 	// same as post-deploy
-	s.doTestHooksPostDeploy("post-deploy2", "post-deploy-initial,post-deploy-upgrade")
+	doTestHooksPostDeploy(t, "post-deploy2", "post-deploy-initial,post-deploy-upgrade")
 }
 
-func (s *HookTestSuite) TestHooksPrePostDeploy() {
-	s.doTestHooksPrePostDeploy("pre-post-deploy", "pre-deploy,post-deploy")
+func TestHooksPrePostDeploy(t *testing.T) {
+	t.Parallel()
+	doTestHooksPrePostDeploy(t, "pre-post-deploy", "pre-deploy,post-deploy")
 }
 
-func (s *HookTestSuite) TestHooksPrePostDeploy2() {
-	s.doTestHooksPrePostDeploy("pre-post-deploy2", "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
+func TestHooksPrePostDeploy2(t *testing.T) {
+	t.Parallel()
+	doTestHooksPrePostDeploy(t, "pre-post-deploy2", "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
 }
diff --git a/internal/test-utils/envtest_cluster.go b/internal/test-utils/envtest_cluster.go
index f113e87ff..c32b82665 100644
--- a/internal/test-utils/envtest_cluster.go
+++ b/internal/test-utils/envtest_cluster.go
@@ -13,6 +13,7 @@ import (
 	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sync"
 	"testing"
 )
 
@@ -30,6 +31,9 @@ type EnvTestCluster struct {
 
 	callbackServer     webhook.Server
 	callbackServerStop context.CancelFunc
+
+	webhookHandlers      []*CallbackHandlerEntry
+	webhookHandlersMutex sync.Mutex
 }
 
 func CreateEnvTestCluster(context string) *EnvTestCluster {
diff --git a/internal/test-utils/envtest_cluster_callback.go b/internal/test-utils/envtest_cluster_callback.go
index 31a6dc8f4..54b95fc02 100644
--- a/internal/test-utils/envtest_cluster_callback.go
+++ b/internal/test-utils/envtest_cluster_callback.go
@@ -14,6 +14,10 @@ import (
 )
 
 type CallbackHandler func(request admission.Request)
+type CallbackHandlerEntry struct {
+	GVR      schema.GroupVersionResource
+	Callback CallbackHandler
+}
 
 func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb CallbackHandler) http.Handler {
 	wh := &webhook.Admission{
@@ -49,7 +53,7 @@ func (k *EnvTestCluster) startCallbackServer() error {
 	return nil
 }
 
-func (k *EnvTestCluster) AddWebhookCallback(gvr schema.GroupVersionResource, isNamespaced bool, cb CallbackHandler) {
+func (k *EnvTestCluster) InitWebhookCallback(gvr schema.GroupVersionResource, isNamespaced bool) {
 	scope := admissionv1.ClusterScope
 	if isNamespaced {
 		scope = admissionv1.NamespacedScope
@@ -103,5 +107,41 @@ func (k *EnvTestCluster) AddWebhookCallback(gvr schema.GroupVersionResource, isN
 		},
 	})
 
-	k.callbackServer.Register(path, k.buildServeCallback(gvr, cb))
+	k.callbackServer.Register(path, k.buildServeCallback(gvr, k.handleWebhook))
+}
+
+func (k *EnvTestCluster) handleWebhook(request admission.Request) {
+	k.webhookHandlersMutex.Lock()
+	defer k.webhookHandlersMutex.Unlock()
+
+	for _, e := range k.webhookHandlers {
+		if e.GVR.Group == request.Resource.Group && e.GVR.Version == request.Resource.Version && e.GVR.Resource == request.Resource.Resource {
+			e.Callback(request)
+		}
+	}
+}
+
+func (k *EnvTestCluster) AddWebhookHandler(gvr schema.GroupVersionResource, cb CallbackHandler) *CallbackHandlerEntry {
+	k.webhookHandlersMutex.Lock()
+	defer k.webhookHandlersMutex.Unlock()
+
+	entry := &CallbackHandlerEntry{
+		GVR:      gvr,
+		Callback: cb,
+	}
+	k.webhookHandlers = append(k.webhookHandlers, entry)
+
+	return entry
+}
+
+func (k *EnvTestCluster) RemoveWebhookHandler(e *CallbackHandlerEntry) {
+	k.webhookHandlersMutex.Lock()
+	defer k.webhookHandlersMutex.Unlock()
+	old := k.webhookHandlers
+	k.webhookHandlers = make([]*CallbackHandlerEntry, 0, len(k.webhookHandlers))
+	for _, e2 := range old {
+		if e != e2 {
+			k.webhookHandlers = append(k.webhookHandlers, e2)
+		}
+	}
 }

From 984cd77f3667ef15c7fbd29c45f19a56c13e6845 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 14:05:32 +0200
Subject: [PATCH 0481/2268] tests: Paralellize sealed secrets tests

---
 e2e/default_clusters.go |   3 +
 e2e/seal_test.go        | 220 +++++++++++++++++-----------------------
 2 files changed, 94 insertions(+), 129 deletions(-)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index ca75f2003..3ef14c5c8 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
@@ -22,6 +23,7 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
+		test_resources.ApplyYaml("sealed-secrets.yaml", defaultCluster1)
 	}()
 	go func() {
 		defer wg.Done()
@@ -32,6 +34,7 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
+		test_resources.ApplyYaml("sealed-secrets.yaml", defaultCluster2)
 	}()
 	wg.Wait()
 }
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 36cc27099..8f1b42dfe 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -13,7 +13,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/suite"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -23,74 +22,32 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"path/filepath"
-	"sync"
 	"testing"
 	"time"
 )
 
-type SealedSecretsTestSuite struct {
-	suite.Suite
-
-	k  *test_utils.EnvTestCluster
-	k2 *test_utils.EnvTestCluster
-
-	certServer1 *certServer
-	certServer2 *certServer
-}
-
 type certServer struct {
 	server   http.Server
 	url      string
 	certHash string
 }
 
-func TestSealedSecrets(t *testing.T) {
-	t.Parallel()
-	suite.Run(t, &SealedSecretsTestSuite{})
-}
-
-func (s *SealedSecretsTestSuite) SetupSuite() {
-	s.k = defaultCluster1
-	s.k2 = defaultCluster2
-
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		test_resources.ApplyYaml("sealed-secrets.yaml", s.k)
-		wg.Done()
-	}()
-	go func() {
-		test_resources.ApplyYaml("sealed-secrets.yaml", s.k2)
-		wg.Done()
-	}()
-	wg.Wait()
+var certServer1 *certServer
+var certServer2 *certServer
 
+func init() {
 	var err error
-	s.certServer1, err = s.startCertServer()
+	certServer1, err = startCertServer()
 	if err != nil {
-		s.T().Fatal(err)
+		panic(err)
 	}
-	s.certServer2, err = s.startCertServer()
+	certServer2, err = startCertServer()
 	if err != nil {
-		s.T().Fatal(err)
-	}
-}
-
-func (s *SealedSecretsTestSuite) TearDownSuite() {
-	s.k = nil
-	s.k2 = nil
-
-	if s.certServer1 != nil {
-		s.certServer1.server.Close()
-	}
-	if s.certServer2 != nil {
-		s.certServer2.server.Close()
+		panic(err)
 	}
-	s.certServer1 = nil
-	s.certServer2 = nil
 }
 
-func (s *SealedSecretsTestSuite) startCertServer() (*certServer, error) {
+func startCertServer() (*certServer, error) {
 	key, cert, err := crypto.GeneratePrivateKeyAndCert(2048, 10*365*24*time.Hour, "tests.kluctl.io")
 	if err != nil {
 		return nil, err
@@ -128,7 +85,7 @@ func (s *SealedSecretsTestSuite) startCertServer() (*certServer, error) {
 	return &cs, nil
 }
 
-func (s *SealedSecretsTestSuite) addProxyVars(p *testProject) {
+func addProxyVars(p *testProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
@@ -136,34 +93,37 @@ func (s *SealedSecretsTestSuite) addProxyVars(p *testProject) {
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT=%s", idx, "http"))
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL=%s", idx, cs.url))
 	}
-	f(0, s.k, s.certServer1)
-	f(1, s.k2, s.certServer2)
+	f(0, defaultCluster1, certServer1)
+	f(1, defaultCluster2, certServer2)
 }
 
-func (s *SealedSecretsTestSuite) prepareSealTest(k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
 	p := &testProject{}
-	p.init(s.T(), k, fmt.Sprintf("seal-%s", namespace))
+	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
+	t.Cleanup(func() {
+		p.cleanup()
+	})
 	if proxy {
-		s.addProxyVars(p)
+		addProxyVars(p)
 	}
 
-	createNamespace(s.T(), k, namespace)
+	createNamespace(t, k, namespace)
 
-	s.addSecretsSet(p, "test", varsSources)
-	s.addSecretsSetToTarget(p, "test-target", "test")
+	addSecretsSet(p, "test", varsSources)
+	addSecretsSetToTarget(p, "test-target", "test")
 
 	addSecretDeployment(p, "secret-deployment", secrets, true, resourceOpts{name: "secret", namespace: namespace})
 
 	return p
 }
 
-func (s *SealedSecretsTestSuite) addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
+func addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
 	p.updateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
 		_ = secretSet.SetNestedField(varsSources, "vars")
 	})
 }
 
-func (s *SealedSecretsTestSuite) addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
+func addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
 	p.updateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
@@ -171,9 +131,8 @@ func (s *SealedSecretsTestSuite) addSecretsSetToTarget(p *testProject, targetNam
 	})
 }
 
-func (s *SealedSecretsTestSuite) assertSealedSecret(k *test_utils.EnvTestCluster, namespace string, secretName string, expectedCertHash string, expectedSecrets map[string]string) {
-
-	y := k.MustGet(s.T(), schema.GroupVersionResource{
+func assertSealedSecret(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secretName string, expectedCertHash string, expectedSecrets map[string]string) {
+	y := k.MustGet(t, schema.GroupVersionResource{
 		Group:    "bitnami.com",
 		Version:  "v1alpha1",
 		Resource: "sealedsecrets",
@@ -181,17 +140,17 @@ func (s *SealedSecretsTestSuite) assertSealedSecret(k *test_utils.EnvTestCluster
 
 	h1 := y.GetK8sAnnotation("kluctl.io/sealedsecret-cert-hash")
 	if h1 == nil {
-		s.T().Fatal("kluctl.io/sealedsecret-cert-hash annotation not found")
+		t.Fatal("kluctl.io/sealedsecret-cert-hash annotation not found")
 	}
-	s.Assertions.Equal(expectedCertHash, *h1)
+	assert.Equal(t, expectedCertHash, *h1)
 
 	hashesStr := y.GetK8sAnnotation("kluctl.io/sealedsecret-hashes")
 	if hashesStr == nil {
-		s.T().Fatal("kluctl.io/sealedsecret-hashes annotation not found")
+		t.Fatal("kluctl.io/sealedsecret-hashes annotation not found")
 	}
 	hashes, err := uo.FromString(*hashesStr)
 	if err != nil {
-		s.T().Fatal(err)
+		t.Fatal(err)
 	}
 
 	expectedHashes := map[string]any{}
@@ -199,14 +158,15 @@ func (s *SealedSecretsTestSuite) assertSealedSecret(k *test_utils.EnvTestCluster
 		expectedHashes[k] = seal.HashSecret(k, []byte(v), secretName, namespace, "strict")
 	}
 
-	s.Assertions.Equal(expectedHashes, hashes.Object)
+	assert.Equal(t, expectedHashes, hashes.Object)
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_WithOperator() {
-	k := s.k
+func TestSeal_WithOperator(t *testing.T) {
+	t.Parallel()
+	k := defaultCluster1
 	namespace := "seal-with-operator"
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -219,29 +179,30 @@ func (s *SealedSecretsTestSuite) TestSeal_WithOperator() {
 				},
 			}),
 		}, true)
-	defer p.cleanup()
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
-	k := s.k
+func TestSeal_WithBootstrap(t *testing.T) {
+	// this test must NOT run in parallel
+
+	k := defaultCluster1
 	namespace := "seal-with-bootstrap"
 
 	// deleting the crd causes kluctl to not recognize the operator, so it will do a bootstrap
 	_ = k.DynamicClient.Resource(apiextensionsv1.SchemeGroupVersion.WithResource("customresourcedefinitions")).
 		Delete(context.Background(), "sealedsecrets.bitnami.com", metav1.DeleteOptions{})
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -255,38 +216,38 @@ func (s *SealedSecretsTestSuite) TestSeal_WithBootstrap() {
 			}),
 		}, false)
 
-	defer p.cleanup()
-
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	test_resources.ApplyYaml("sealed-secrets.yaml", k)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	pkCm := k.MustGetCoreV1(s.T(), "configmaps", "kube-system", "sealed-secrets-key-kluctl-bootstrap")
+	pkCm := k.MustGetCoreV1(t, "configmaps", "kube-system", "sealed-secrets-key-kluctl-bootstrap")
 	certBytes, ok, _ := pkCm.GetNestedString("data", "tls.crt")
-	s.Assertions.True(ok)
+	assert.True(t, ok)
 
 	cert, err := seal.ParseCert([]byte(certBytes))
-	s.Assertions.NoError(err)
+	assert.NoError(t, err)
 
 	certHash, err := seal.HashPublicKey(cert)
-	s.Assertions.NoError(err)
+	assert.NoError(t, err)
 
-	s.assertSealedSecret(k, namespace, "secret", certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_MultipleVarSources() {
-	k := s.k
+func TestSeal_MultipleVarSources(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
 	namespace := "seal-multiple-vs"
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -303,26 +264,27 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleVarSources() {
 				},
 			}),
 		}, true)
-	defer p.cleanup()
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_MultipleSecretSets() {
-	k := s.k
+func TestSeal_MultipleSecretSets(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
 	namespace := "seal-multiple-ss"
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -335,35 +297,35 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleSecretSets() {
 			}),
 		}, true)
 
-	defer p.cleanup()
-
-	s.addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
 		uo.FromMap(map[string]interface{}{
 			"values": map[string]interface{}{
 				"s2": "v2",
 			},
 		}),
 	})
-	s.addSecretsSetToTarget(p, "test-target", "test2")
+	addSecretsSetToTarget(p, "test-target", "test2")
 
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_MultipleTargets() {
-	k := s.k
+func TestSeal_MultipleTargets(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
 	namespace := "seal-multiple-targets"
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -376,9 +338,8 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleTargets() {
 				},
 			}),
 		}, true)
-	defer p.cleanup()
 
-	s.addSecretsSet(p, "test2", []*uo.UnstructuredObject{
+	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
 		uo.FromMap(map[string]interface{}{
 			"values": map[string]interface{}{
 				"s1": "v3",
@@ -386,42 +347,44 @@ func (s *SealedSecretsTestSuite) TestSeal_MultipleTargets() {
 			},
 		}),
 	})
-	s.addSecretsSetToTarget(p, "test-target2", "test2")
+	addSecretsSetToTarget(p, "test-target2", "test2")
 
-	p.mergeKubeconfig(s.k2)
-	createNamespace(s.T(), s.k2, namespace)
+	p.mergeKubeconfig(defaultCluster2)
+	createNamespace(t, defaultCluster2, namespace)
 	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(s.k.Context, "context")
+		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 	p.updateTarget("test-target2", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(s.k2.Context, "context")
+		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("seal", "-t", "test-target")
 	p.KluctlMust("seal", "-t", "test-target2")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
 
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster1, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
-	s.assertSealedSecret(s.k2, namespace, "secret", s.certServer2.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster2, namespace, "secret", certServer2.certHash, map[string]string{
 		"s1": "v3",
 		"s2": "v4",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_File() {
-	k := s.k
+func TestSeal_File(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
 	namespace := "seal-file"
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -431,7 +394,6 @@ func (s *SealedSecretsTestSuite) TestSeal_File() {
 				"file": utils.StrPtr("secret-values.yaml"),
 			}),
 		}, true)
-	defer p.cleanup()
 
 	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), "secret-values.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromMap(map[string]interface{}{
@@ -446,18 +408,20 @@ func (s *SealedSecretsTestSuite) TestSeal_File() {
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
 }
 
-func (s *SealedSecretsTestSuite) TestSeal_Vault() {
-	k := s.k
+func TestSeal_Vault(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
 	namespace := "seal-vault"
 
 	server := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
@@ -479,11 +443,10 @@ func (s *SealedSecretsTestSuite) TestSeal_Vault() {
 		writer.Header().Set("Content-Type", "application/json")
 		_, _ = writer.Write([]byte(s))
 	}))
-	defer server.Close()
 
 	vaultUrl := server.URL
 
-	p := s.prepareSealTest(k, namespace,
+	p := prepareSealTest(t, k, namespace,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -496,17 +459,16 @@ func (s *SealedSecretsTestSuite) TestSeal_Vault() {
 				},
 			}),
 		}, true)
-	defer p.cleanup()
 
 	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
-	assert.FileExists(s.T(), filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	s.assertSealedSecret(k, namespace, "secret", s.certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})

From 519ec7ebfa91b996db3721d878b55f90581af75c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 14:09:10 +0200
Subject: [PATCH 0482/2268] chore: Run go mod tidy

---
 go.mod | 1 -
 go.sum | 2 --
 2 files changed, 3 deletions(-)

diff --git a/go.mod b/go.mod
index fbccf67c5..729920c5c 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,6 @@ require (
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
-	github.com/mitchellh/go-ps v1.0.0
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.14.5
 	github.com/pkg/errors v0.9.1
diff --git a/go.sum b/go.sum
index 379bb254c..e00cb9714 100644
--- a/go.sum
+++ b/go.sum
@@ -575,8 +575,6 @@ github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HK
 github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
-github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
 github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=

From ca84085fcf8a657343e446e8c1206cece120eda4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 14:26:37 +0200
Subject: [PATCH 0483/2268] fix: Fix check for helm-chart.yaml

The check did previously not verify that a / was present before the filename.
---
 pkg/deployment/deployment_item.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 7f944e92f..873a478c1 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -160,13 +160,19 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	)
 }
 
+func (di *DeploymentItem) isHelmChartYaml(p string) bool {
+	_, file := filepath.Split(p)
+	file = strings.ToLower(file)
+	return file == "helm-chart.yml" || file == "helm-chart.yaml"
+}
+
 func (di *DeploymentItem) renderHelmCharts() error {
 	if di.dir == nil {
 		return nil
 	}
 
 	err := filepath.Walk(di.RenderedDir, func(p string, info fs.FileInfo, err error) error {
-		if !strings.HasSuffix(p, "helm-chart.yml") && !strings.HasSuffix(p, "helm-chart.yaml") {
+		if !di.isHelmChartYaml(p) {
 			return nil
 		}
 

From 72b777b9084b3f1d96532601b84b55244be49c2b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 15:39:22 +0200
Subject: [PATCH 0484/2268] feat: Allow to add deployment items without a
 kustomization.yaml

kluctl will then generate a simple kustomization.yaml.
---
 docs/reference/deployments/deployment-yml.md | 16 +++-
 pkg/deployment/deployment_item.go            | 86 ++++++++++++++++++--
 pkg/deployment/deployment_project.go         |  5 --
 3 files changed, 96 insertions(+), 11 deletions(-)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 1d5914919..e1aac4061 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -45,9 +45,23 @@ for details.
 Individual deployments are performed in parallel, unless a [barrier](#barriers) is encountered which causes kluctl to
 wait for all previous deployments to finish.
 
+### Simple deployments
+
+Simple deployments are specified via `path` and are expected to be directories with Kubernetes manifests inside.
+Kluctl will internally generate a kustomization.yaml from these manifests and treat the deployment item the same way
+as it would treat a [Kustomize deployment](#kustomize-deployments).
+
+Example:
+```yaml
+deployments:
+- path: path/to/manifests
+```
+
 ### Kustomize deployments
 
-Specifies a [kustomize](https://kustomize.io/) deployment.
+When the deployment item directory specified via `path` contains a `kustomization.yaml`, Kluctl will use this file
+instead of generating one.
+
 Please see [Kustomize integration](./kustomize.md) for more details.
 
 Example:
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 873a478c1..0c53716e9 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -11,6 +11,7 @@ import (
 	"io/fs"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 )
@@ -166,6 +167,12 @@ func (di *DeploymentItem) isHelmChartYaml(p string) bool {
 	return file == "helm-chart.yml" || file == "helm-chart.yaml"
 }
 
+func (di *DeploymentItem) isHelmValuesYaml(p string) bool {
+	_, file := filepath.Split(p)
+	file = strings.ToLower(file)
+	return file == "helm-values.yml" || file == "helm-values.yaml"
+}
+
 func (di *DeploymentItem) renderHelmCharts() error {
 	if di.dir == nil {
 		return nil
@@ -224,15 +231,23 @@ func (di *DeploymentItem) ListSealedSecrets(subdir string) ([]string, error) {
 		return nil, err
 	}
 
-	y, err := uo.FromFile(yaml.FixPathExt(filepath.Join(renderedDir, "kustomization.yml")))
+	y, err := di.readKustomizationYaml(subdir)
 	if err != nil {
 		return nil, err
 	}
-	l, _, err := y.GetNestedStringList("resources")
+	if y == nil {
+		y, err = di.generateKustomizationYaml(subdir)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	resources, _, err := y.GetNestedStringList("resources")
 	if err != nil {
 		return nil, err
 	}
-	for _, resource := range l {
+
+	for _, resource := range resources {
 		p := filepath.Clean(filepath.Join(renderedDir, resource))
 
 		isDir := utils.IsDirectory(p)
@@ -376,6 +391,60 @@ func (di *DeploymentItem) readKustomizationYaml(subDir string) (*uo.Unstructured
 	return ky, err
 }
 
+func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.UnstructuredObject, error) {
+	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, subDir, "kustomization.yml"))
+	if utils.IsFile(kustomizeYamlPath) {
+		return nil, nil
+	}
+
+	des, err := os.ReadDir(filepath.Join(di.RenderedDir, subDir))
+	if err != nil {
+		return nil, err
+	}
+
+	var list []any
+	m := map[string]bool{}
+
+	for _, de := range des {
+		if de.IsDir() {
+			continue
+		}
+
+		lname := strings.ToLower(de.Name())
+		resourcePath := ""
+
+		if di.isHelmValuesYaml(de.Name()) {
+			continue
+		} else if di.isHelmChartYaml(de.Name()) {
+			c, err := NewHelmChart(filepath.Join(di.RenderedDir, subDir, de.Name()))
+			if err != nil {
+				return nil, err
+			}
+			if !utils.IsFile(filepath.Join(di.RenderedDir, subDir, c.GetOutputPath())) {
+				resourcePath = c.GetOutputPath()
+			}
+		} else if strings.HasSuffix(lname, ".yml") || strings.HasSuffix(lname, ".yaml") {
+			resourcePath = de.Name()
+		} else if strings.HasSuffix(lname, ".yml"+SealmeExt) || strings.HasSuffix(lname, ".yaml"+SealmeExt) {
+			resourcePath = de.Name()[:len(de.Name())-len(SealmeExt)]
+		}
+
+		if resourcePath != "" {
+			resourcePath = filepath.ToSlash(resourcePath)
+			resourcePath = path.Clean(resourcePath)
+			if _, ok := m[resourcePath]; !ok {
+				m[resourcePath] = true
+				list = append(list, resourcePath)
+			}
+		}
+	}
+
+	generated := uo.New()
+	_ = generated.SetNestedField(list, "resources")
+
+	return generated, nil
+}
+
 func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) error {
 	kustomizeYamlPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, "kustomization.yml"))
 	return yaml.WriteYamlFile(kustomizeYamlPath, ky)
@@ -387,7 +456,14 @@ func (di *DeploymentItem) prepareKustomizationYaml() error {
 		return err
 	}
 	if ky == nil {
-		return nil
+		ky, err = di.generateKustomizationYaml("")
+		if err != nil {
+			return err
+		}
+		err = di.writeKustomizationYaml(ky)
+		if err != nil {
+			return err
+		}
 	}
 
 	overrideNamespace := di.Project.getOverrideNamespace()
@@ -404,7 +480,7 @@ func (di *DeploymentItem) prepareKustomizationYaml() error {
 	di.Barrier = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/barrier"))
 	di.WaitReadiness = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/wait-readiness"))
 
-	// Save modified kustomize.yml
+	// Save modified kustomization.yml
 	return di.writeKustomizationYaml(ky)
 }
 
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index ecd599c31..04a06dac7 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -136,11 +136,6 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 		if !utils.IsDirectory(diDir) {
 			return fmt.Errorf("deployment path is not a directory: %s", *di.Path)
 		}
-
-		pth := yaml.FixPathExt(filepath.Join(diDir, "kustomization.yml"))
-		if !utils.IsFile(pth) {
-			return fmt.Errorf("%s not found or not a file", pth)
-		}
 	}
 	return nil
 }

From 3f86f9e0578d0fa22c6e4cc5c14c16b33253fc71 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 15:50:22 +0200
Subject: [PATCH 0485/2268] tests: Cleanup testProject as part of testing
 cleanup

---
 e2e/args_test.go      |  2 --
 e2e/contexts_test.go  |  6 ------
 e2e/deploy_test.go    |  1 -
 e2e/flux_test.go      |  2 --
 e2e/hooks_test.go     |  1 -
 e2e/inclusion_test.go | 14 --------------
 e2e/no_target_test.go |  1 -
 e2e/project.go        | 14 +++-----------
 e2e/seal_test.go      |  4 +---
 9 files changed, 4 insertions(+), 41 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 026f3bee0..527a75ce3 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -14,7 +14,6 @@ func TestArgs(t *testing.T) {
 
 	p := &testProject{}
 	p.init(t, k, "args")
-	defer p.cleanup()
 
 	createNamespace(t, k, p.projectName)
 
@@ -121,7 +120,6 @@ func TestArgsFromEnv(t *testing.T) {
 
 	p := &testProject{}
 	p.init(t, k, "args-from-envs")
-	defer p.cleanup()
 
 	createNamespace(t, k, p.projectName)
 
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 7de30a13f..29fa1d133 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -26,7 +26,6 @@ func TestContextCurrent(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-current")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		// no context set, assume the current one is used
@@ -48,7 +47,6 @@ func TestContext1(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-1")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
@@ -63,7 +61,6 @@ func TestContext2(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-2")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
@@ -78,7 +75,6 @@ func TestContext1And2(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-1-and-2")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
@@ -99,7 +95,6 @@ func TestContextSwitch(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-switch")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
@@ -121,7 +116,6 @@ func TestContextOverride(t *testing.T) {
 	t.Parallel()
 
 	p := prepareContextTest(t, "context-override")
-	defer p.cleanup()
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
index c6b0493da..6c3029ea8 100644
--- a/e2e/deploy_test.go
+++ b/e2e/deploy_test.go
@@ -11,7 +11,6 @@ func TestCommandDeploySimple(t *testing.T) {
 
 	p := &testProject{}
 	p.init(t, k, "simple")
-	defer p.cleanup()
 
 	createNamespace(t, k, p.projectName)
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 33f30dbde..b7b4bcb53 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -39,8 +39,6 @@ func TestFluxCommands(t *testing.T) {
 	p := &testProject{}
 	p.init(t, k, "flux-test")
 
-	defer p.cleanup()
-
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 29a54f239..af1c2221c 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -105,7 +105,6 @@ func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletion
 	s.p.init(t, s.k, namespace)
 	t.Cleanup(func() {
 		s.removeWebhook()
-		s.p.cleanup()
 	})
 
 	createNamespace(s.t, s.k, namespace)
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 99e1beaab..edba11b1a 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -9,16 +9,9 @@ import (
 )
 
 func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
-	isDone := false
-
 	k := defaultCluster1
 	p := &testProject{}
 	p.init(t, k, namespace)
-	defer func() {
-		if !isDone {
-			p.cleanup()
-		}
-	}()
 
 	createNamespace(t, k, p.projectName)
 
@@ -45,7 +38,6 @@ func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bo
 		addConfigMapDeployment(p, "include3/icm5", nil, resourceOpts{name: "icm5", namespace: p.projectName, tags: []string{"itag5", "itag6"}})
 	}
 
-	isDone = true
 	return p, k
 }
 
@@ -74,7 +66,6 @@ func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestClust
 func TestInclusionTags(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-tags", false)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -109,7 +100,6 @@ func TestInclusionTags(t *testing.T) {
 func TestExclusionTags(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-exclusion", false)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -134,7 +124,6 @@ func TestExclusionTags(t *testing.T) {
 func TestInclusionIncludeDirs(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-dirs", true)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -156,7 +145,6 @@ func TestInclusionIncludeDirs(t *testing.T) {
 func TestInclusionDeploymentDirs(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-kustomize-dirs", true)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -184,7 +172,6 @@ func TestInclusionDeploymentDirs(t *testing.T) {
 func TestInclusionPrune(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-prune", false)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add []string, remove []string) {
@@ -218,7 +205,6 @@ func TestInclusionPrune(t *testing.T) {
 func TestInclusionDelete(t *testing.T) {
 	t.Parallel()
 	p, k := prepareInclusionTestProject(t, "inclusion-delete", false)
-	defer p.cleanup()
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add []string, remove []string) {
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 31351c3eb..7c2f74f61 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -28,7 +28,6 @@ func TestNoTarget(t *testing.T) {
 	t.Parallel()
 
 	p := prepareNoTargetTest(t, "no-target")
-	defer p.cleanup()
 
 	p.KluctlMust("deploy", "--yes")
 	cm := assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
diff --git a/e2e/project.go b/e2e/project.go
index b6f74c66f..83e3a6ecc 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -47,20 +47,12 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectNa
 	}
 	_ = tmpFile.Close()
 	p.mergedKubeconfig = tmpFile.Name()
+	t.Cleanup(func() {
+		os.Remove(p.mergedKubeconfig)
+	})
 	p.mergeKubeconfig(k)
 }
 
-func (p *testProject) cleanup() {
-	if p.gitServer != nil {
-		p.gitServer.Cleanup()
-		p.gitServer = nil
-	}
-	if p.mergedKubeconfig != "" {
-		_ = os.Remove(p.mergedKubeconfig)
-		p.mergedKubeconfig = ""
-	}
-}
-
 func (p *testProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.Load(k.Kubeconfig)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 8f1b42dfe..ab7fb7fbe 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -100,9 +100,7 @@ func addProxyVars(p *testProject) {
 func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
 	p := &testProject{}
 	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
-	t.Cleanup(func() {
-		p.cleanup()
-	})
+
 	if proxy {
 		addProxyVars(p)
 	}

From 105be5a7ab561616888f2503e5cc46183d415c92 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 16:09:45 +0200
Subject: [PATCH 0486/2268] tests: Add test for generated kustomizations

---
 e2e/deploy_test.go                | 34 -------------
 e2e/deployment_items_test.go      | 83 +++++++++++++++++++++++++++++++
 e2e/project.go                    | 12 +++--
 e2e/seal_test.go                  |  4 +-
 e2e/utils_resources.go            | 31 ++++++++----
 internal/test-utils/git_server.go |  8 +++
 6 files changed, 124 insertions(+), 48 deletions(-)
 delete mode 100644 e2e/deploy_test.go
 create mode 100644 e2e/deployment_items_test.go

diff --git a/e2e/deploy_test.go b/e2e/deploy_test.go
deleted file mode 100644
index 6c3029ea8..000000000
--- a/e2e/deploy_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package e2e
-
-import (
-	"testing"
-)
-
-func TestCommandDeploySimple(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := &testProject{}
-	p.init(t, k, "simple")
-
-	createNamespace(t, k, p.projectName)
-
-	p.updateTarget("test", nil)
-
-	addConfigMapDeployment(p, "cm", nil, resourceOpts{
-		name:      "cm",
-		namespace: p.projectName,
-	})
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.projectName, "cm")
-
-	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
-		name:      "cm2",
-		namespace: p.projectName,
-	})
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
-	assertConfigMapNotExists(t, k, p.projectName, "cm2")
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.projectName, "cm2")
-}
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
new file mode 100644
index 000000000..c1a8ffe8e
--- /dev/null
+++ b/e2e/deployment_items_test.go
@@ -0,0 +1,83 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"testing"
+)
+
+func TestKustomize(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "di-kustomize")
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.projectName, "cm")
+
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.projectName,
+	})
+	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
+	assertConfigMapNotExists(t, k, p.projectName, "cm2")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.projectName, "cm2")
+}
+
+func TestGeneratedKustomize(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "di-generated-kustomize")
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", nil)
+
+	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]any{
+			map[string]any{
+				"path": "generated-kustomize",
+			},
+		}, "deployments")
+		return nil
+	})
+	p.updateYaml("generated-kustomize/cm1.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *createConfigMapObject(nil, resourceOpts{
+			name:      "cm1",
+			namespace: p.projectName,
+		})
+		return nil
+	}, "")
+	p.updateYaml("generated-kustomize/cm2.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *createConfigMapObject(nil, resourceOpts{
+			name:      "cm2",
+			namespace: p.projectName,
+		})
+		return nil
+	}, "")
+	p.updateYaml("generated-kustomize/cm3._yaml", func(o *uo.UnstructuredObject) error {
+		*o = *createConfigMapObject(nil, resourceOpts{
+			name:      "cm3",
+			namespace: p.projectName,
+		})
+		return nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.projectName, "cm1")
+	assertConfigMapExists(t, k, p.projectName, "cm2")
+	assertConfigMapNotExists(t, k, p.projectName, "cm3")
+}
diff --git a/e2e/project.go b/e2e/project.go
index 83e3a6ecc..f68025aef 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -82,11 +82,11 @@ func (p *testProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config
 }
 
 func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
-	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), ".kluctl.yml", update, "")
+	p.updateYaml(".kluctl.yml", update, "")
 }
 
 func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
-	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
+	p.updateYaml(filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
 			o.SetNestedField(p.projectName, "commonLabels", "project_name")
 		}
@@ -94,6 +94,12 @@ func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.Unstruc
 	}, "")
 }
 
+func (p *testProject) updateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
+	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), path, func(o *uo.UnstructuredObject) error {
+		return update(o)
+	}, message)
+}
+
 func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
 	if err != nil {
@@ -130,7 +136,7 @@ func (p *testProject) updateKustomizeDeployment(dir string, update func(o *uo.Un
 	wt := p.gitServer.GetWorktree(p.getKluctlProjectRepo())
 
 	pth := filepath.Join(dir, "kustomization.yml")
-	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), pth, func(o *uo.UnstructuredObject) error {
+	p.updateYaml(pth, func(o *uo.UnstructuredObject) error {
 		return update(o, wt)
 	}, fmt.Sprintf("Update kustomization.yml for %s", dir))
 }
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index ab7fb7fbe..7ac2ef26a 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -110,7 +110,7 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace strin
 	addSecretsSet(p, "test", varsSources)
 	addSecretsSetToTarget(p, "test-target", "test")
 
-	addSecretDeployment(p, "secret-deployment", secrets, true, resourceOpts{name: "secret", namespace: namespace})
+	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: namespace})
 
 	return p
 }
@@ -393,7 +393,7 @@ func TestSeal_File(t *testing.T) {
 			}),
 		}, true)
 
-	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), "secret-values.yaml", func(o *uo.UnstructuredObject) error {
+	p.updateYaml("secret-values.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromMap(map[string]interface{}{
 			"secrets": map[string]interface{}{
 				"s1": "v1",
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 4bf65af62..073b246c5 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -28,25 +28,38 @@ func mergeMetadata(o *uo.UnstructuredObject, opts resourceOpts) {
 	}
 }
 
-func addConfigMapDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
+func createCoreV1Object(kind string, opts resourceOpts) *uo.UnstructuredObject {
 	o := uo.New()
-	o.SetK8sGVKs("", "v1", "ConfigMap")
+	o.SetK8sGVKs("", "v1", kind)
 	mergeMetadata(o, opts)
+	return o
+}
+
+func createConfigMapObject(data map[string]string, opts resourceOpts) *uo.UnstructuredObject {
+	o := createCoreV1Object("ConfigMap", opts)
 	if data != nil {
 		o.SetNestedField(data, "data")
 	}
-	p.addKustomizeDeployment(dir, []kustomizeResource{
-		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
-	}, opts.tags)
+	return o
 }
 
-func addSecretDeployment(p *testProject, dir string, data map[string]string, sealedSecret bool, opts resourceOpts) {
-	o := uo.New()
-	o.SetK8sGVKs("", "v1", "Secret")
-	mergeMetadata(o, opts)
+func createSecretObject(data map[string]string, opts resourceOpts) *uo.UnstructuredObject {
+	o := createCoreV1Object("ConfigMap", opts)
 	if data != nil {
 		o.SetNestedField(data, "stringData")
 	}
+	return o
+}
+
+func addConfigMapDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
+	o := createConfigMapObject(data, opts)
+	p.addKustomizeDeployment(dir, []kustomizeResource{
+		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
+	}, opts.tags)
+}
+
+func addSecretDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
+	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
 	p.addKustomizeDeployment(dir, []kustomizeResource{
 		{fname, fname + ".sealme", o},
diff --git a/internal/test-utils/git_server.go b/internal/test-utils/git_server.go
index 45a969474..4ed9f70da 100644
--- a/internal/test-utils/git_server.go
+++ b/internal/test-utils/git_server.go
@@ -150,6 +150,14 @@ func (p *GitServer) CommitFiles(repo string, add []string, all bool, message str
 func (p *GitServer) CommitYaml(repo string, pth string, message string, y *uo.UnstructuredObject) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
+	dir, _ := filepath.Split(fullPath)
+	if dir != "" {
+		err := os.MkdirAll(dir, 0o700)
+		if err != nil {
+			panic(err)
+		}
+	}
+
 	err := yaml.WriteYamlFile(fullPath, y)
 	if err != nil {
 		p.t.Fatal(err)

From 0323bf04f825be439053022c7300cc8fbdcbba41 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 16:20:36 +0200
Subject: [PATCH 0487/2268] tests: Add test for sealing of multiple secrets

---
 e2e/seal_test.go | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 7ac2ef26a..801c5b63b 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -376,6 +376,47 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	})
 }
 
+func TestSeal_MultipleSecrets(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	namespace := "seal-multiple-secrets"
+
+	secret1 := map[string]string{
+		"s1": "{{ secrets.s1 }}",
+	}
+	secret2 := map[string]string{
+		"s2": "{{ secrets.s2 }}",
+	}
+
+	p := prepareSealTest(t, k, namespace,
+		secret1,
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+					"s2": "v2",
+				},
+			}),
+		}, true)
+	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: namespace})
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment2/test-target/secret-secret2.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+		"s1": "v1",
+	})
+	assertSealedSecret(t, k, namespace, "secret2", certServer1.certHash, map[string]string{
+		"s2": "v2",
+	})
+}
+
 func TestSeal_File(t *testing.T) {
 	t.Parallel()
 

From 340bd4b67c645a9fc7ec941a568528e6f2b7b085 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 16:33:46 +0200
Subject: [PATCH 0488/2268] test: Add test for sealing of multiple secrets via
 a single .sealme file

---
 e2e/seal_test.go                  | 46 +++++++++++++++++++++++++++++++
 internal/test-utils/git_server.go | 26 +++++++++++++++++
 2 files changed, 72 insertions(+)

diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 801c5b63b..9f5e00490 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -417,6 +417,52 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 	})
 }
 
+func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	namespace := "seal-multiple-secrets2"
+
+	secret1 := map[string]string{
+		"s1": "{{ secrets.s1 }}",
+	}
+	secret2 := map[string]string{
+		"s2": "{{ secrets.s2 }}",
+	}
+	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: namespace}))
+
+	p := prepareSealTest(t, k, namespace,
+		secret1,
+		[]*uo.UnstructuredObject{
+			uo.FromMap(map[string]interface{}{
+				"values": map[string]interface{}{
+					"s1": "v1",
+					"s2": "v2",
+				},
+			}),
+		}, true)
+
+	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), "secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
+		f += "---\n"
+		f += secret2Text
+		return f, nil
+	}, "")
+
+	p.KluctlMust("seal", "-t", "test-target")
+
+	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+
+	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+		"s1": "v1",
+	})
+	assertSealedSecret(t, k, namespace, "secret2", certServer1.certHash, map[string]string{
+		"s2": "v2",
+	})
+}
+
 func TestSeal_File(t *testing.T) {
 	t.Parallel()
 
diff --git a/internal/test-utils/git_server.go b/internal/test-utils/git_server.go
index 4ed9f70da..070e4c98e 100644
--- a/internal/test-utils/git_server.go
+++ b/internal/test-utils/git_server.go
@@ -168,6 +168,32 @@ func (p *GitServer) CommitYaml(repo string, pth string, message string, y *uo.Un
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
+func (p *GitServer) UpdateFile(repo string, pth string, update func(f string) (string, error), message string) {
+	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	f := ""
+	if utils.Exists(fullPath) {
+		b, err := os.ReadFile(fullPath)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+		f = string(b)
+	}
+
+	newF, err := update(f)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
+	if f == newF {
+		return
+	}
+	err = os.WriteFile(fullPath, []byte(newF), 0o600)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	p.CommitFiles(repo, []string{pth}, false, message)
+}
+
 func (p *GitServer) UpdateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 

From b6b5956472d451baf36d84e7af70dbe99db341b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 17:11:08 +0200
Subject: [PATCH 0489/2268] feat: Allow to have multiple secrets in a single
 .sealme file

---
 pkg/seal/sealer.go | 160 +++++++++++++++++++++++++++++----------------
 pkg/utils/uo/uo.go |  12 ++++
 2 files changed, 115 insertions(+), 57 deletions(-)

diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index e821f2e99..3055768cf 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -17,7 +17,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path/filepath"
-	"reflect"
 	"strconv"
 )
 
@@ -93,18 +92,88 @@ func (s *Sealer) encryptSecret(secret []byte, secretName string, secretNamespace
 	return base64.StdEncoding.EncodeToString(b), nil
 }
 
+type sealedSecret struct {
+	content  *uo.UnstructuredObject
+	hashes   *uo.UnstructuredObject
+	certHash string
+}
+
+func buildSecretRef(o *uo.UnstructuredObject) string {
+	return fmt.Sprintf("%s/%s", o.GetK8sNamespace(), o.GetK8sName())
+}
+
+func (s *Sealer) loadExistingSealedSecrets(p string) (map[string]*sealedSecret, error) {
+	ret := map[string]*sealedSecret{}
+
+	if !utils.Exists(p) {
+		return ret, nil
+	}
+
+	list, err := uo.FromFileMulti(p)
+	if err != nil {
+		return nil, err
+	}
+	if len(list) != 1 {
+		err = nil
+	}
+
+	for _, x := range list {
+		var ss sealedSecret
+
+		ss.content = x
+
+		a := x.GetK8sAnnotation(hashAnnotation)
+		if a != nil {
+			ss.hashes, _ = uo.FromString(*a)
+		}
+		a = x.GetK8sAnnotation(certHashAnnotation)
+		if a != nil {
+			ss.certHash = *a
+		}
+		if ss.hashes == nil {
+			ss.hashes = uo.New()
+		}
+
+		ret[buildSecretRef(x)] = &ss
+	}
+	return ret, nil
+}
+
 func (s *Sealer) SealFile(p string, targetFile string) error {
-	baseName := filepath.Base(targetFile)
 	err := os.MkdirAll(filepath.Dir(targetFile), 0o700)
 	if err != nil {
 		return err
 	}
 
-	o, err := uo.FromFile(p)
+	existingSealedSecrets, err := s.loadExistingSealedSecrets(targetFile)
+	if err != nil {
+		return err
+	}
+
+	secrets, err := uo.FromFileMulti(p)
+	if err != nil {
+		return err
+	}
+
+	var result []any
+
+	for _, o := range secrets {
+		existing, _ := existingSealedSecrets[buildSecretRef(o)]
+		newSealedSecret, err := s.sealSecret(o, existing)
+		if err != nil {
+			return err
+		}
+		result = append(result, newSealedSecret.content)
+	}
+
+	err = yaml.WriteYamlAllFile(targetFile, result)
 	if err != nil {
 		return err
 	}
+	return nil
+}
 
+func (s *Sealer) sealSecret(o *uo.UnstructuredObject, existing *sealedSecret) (*sealedSecret, error) {
 	secretName := o.ToUnstructured().GetName()
 	secretNamespace := o.ToUnstructured().GetNamespace()
 	if secretNamespace == "" {
@@ -112,7 +181,7 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 	}
 	secretType, ok, err := o.GetNestedString("type")
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if !ok {
 		secretType = "Opaque"
@@ -137,53 +206,34 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 		scope = &x
 	}
 
-	var existingContent *uo.UnstructuredObject
-	var existingHashes *uo.UnstructuredObject
-	var existingCertHash string
-
-	if utils.Exists(targetFile) {
-		existingContent, err = uo.FromFile(targetFile)
-		a := existingContent.GetK8sAnnotation(hashAnnotation)
-		if a != nil {
-			existingHashes, _ = uo.FromString(*a)
-		}
-		a = existingContent.GetK8sAnnotation(certHashAnnotation)
-		if a != nil {
-			existingCertHash = *a
-		}
-	}
-	if existingHashes == nil {
-		existingHashes = uo.New()
-	}
-
 	secrets := make(map[string][]byte)
 
 	data, ok, err := o.GetNestedObject("data")
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if ok {
 		for k, v := range data.Object {
 			s, ok := v.(string)
 			if !ok {
-				return fmt.Errorf("%s is not a string", k)
+				return nil, fmt.Errorf("%s is not a string", k)
 			}
 			secrets[k], err = base64.StdEncoding.DecodeString(s)
 			if err != nil {
-				return fmt.Errorf("failed to decode base64 string for secret %s and key %s", secretName, k)
+				return nil, fmt.Errorf("failed to decode base64 string for secret %s and key %s", secretName, k)
 			}
 		}
 	}
 
 	stringData, ok, err := o.GetNestedObject("stringData")
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if ok {
 		for k, v := range stringData.Object {
 			s, ok := v.(string)
 			if !ok {
-				return fmt.Errorf("%s is not a string", k)
+				return nil, fmt.Errorf("%s is not a string", k)
 			}
 			secrets[k] = []byte(s)
 		}
@@ -191,47 +241,52 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 
 	resultSecretHashes := make(map[string]string)
 
-	result := uo.New()
-	result.SetK8sGVK(schema.GroupVersionKind{Group: "bitnami.com", Version: "v1alpha1", Kind: "SealedSecret"})
-	result.SetK8sName(secretName)
-	result.SetK8sNamespace(secretNamespace)
-	result.SetK8sAnnotation("sealedsecrets.bitnami.com/scope", *scope)
+	var result sealedSecret
+	result.content = uo.New()
+	result.content.SetK8sGVK(schema.GroupVersionKind{Group: "bitnami.com", Version: "v1alpha1", Kind: "SealedSecret"})
+	result.content.SetK8sName(secretName)
+	result.content.SetK8sNamespace(secretNamespace)
+	result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/scope", *scope)
 	if *scope == "namespace-wide" {
-		result.SetK8sAnnotation("sealedsecrets.bitnami.com/namespace-wide", "true")
+		result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/namespace-wide", "true")
 	}
 	if *scope == "cluster-wide" {
-		result.SetK8sAnnotation("sealedsecrets.bitnami.com/cluster-wide", "true")
+		result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/cluster-wide", "true")
 	}
-	_ = result.SetNestedField(secretType, "spec", "template", "type")
+	_ = result.content.SetNestedField(secretType, "spec", "template", "type")
 	metadata, ok, _ := o.GetNestedObject("metadata")
 	if ok {
-		result.SetNestedField(metadata.Object, "spec", "template", "metadata")
+		result.content.SetNestedField(metadata.Object, "spec", "template", "metadata")
 	}
 
 	resealAll := false
 	if s.forceReseal {
 		resealAll = true
 		status.Info(s.ctx, "Forcing reseal of secrets in %s", secretName)
-	} else if existingCertHash != s.certHash {
+	} else if existing == nil || existing.certHash != s.certHash {
 		resealAll = true
 		status.Info(s.ctx, "Cert for secret %s has changed, forcing reseal", secretName)
 	}
 
 	for k, v := range secrets {
 		hash := HashSecret(k, v, secretName, secretNamespace, *scope)
-		existingHash, _, _ := existingHashes.GetNestedString(k)
 
-		doEncrypt := resealAll
+		var existingHash string
+		if existing != nil {
+			existingHash, _, _ = existing.hashes.GetNestedString(k)
+		}
+
+		doEncrypt := existing == nil || resealAll
 		if !doEncrypt && hash != existingHash {
 			status.Info(s.ctx, "Secret %s and key %s has changed, resealing", secretName, k)
 			doEncrypt = true
 		}
 
 		if !doEncrypt {
-			e, ok, _ := existingContent.GetNestedString("spec", "encryptedData", k)
+			e, ok, _ := existing.content.GetNestedString("spec", "encryptedData", k)
 			if ok {
 				status.Trace(s.ctx, "Secret %s and key %s is unchanged", secretName, k)
-				result.SetNestedField(e, "spec", "encryptedData", k)
+				result.content.SetNestedField(e, "spec", "encryptedData", k)
 				resultSecretHashes[k] = hash
 				continue
 			} else {
@@ -242,27 +297,18 @@ func (s *Sealer) SealFile(p string, targetFile string) error {
 
 		e, err := s.encryptSecret(v, secretName, secretNamespace, *scope)
 		if err != nil {
-			return fmt.Errorf("failed to encrypt secret %s with key %s", secretName, k)
+			return nil, fmt.Errorf("failed to encrypt secret %s with key %s", secretName, k)
 		}
-		result.SetNestedField(e, "spec", "encryptedData", k)
+		result.content.SetNestedField(e, "spec", "encryptedData", k)
 		resultSecretHashes[k] = hash
 	}
 
 	resultSecretHashesStr, err := yaml.WriteYamlString(resultSecretHashes)
 	if err != nil {
-		return err
-	}
-	result.SetK8sAnnotation(hashAnnotation, resultSecretHashesStr)
-	result.SetK8sAnnotation(certHashAnnotation, s.certHash)
-
-	if reflect.DeepEqual(existingContent, result) {
-		status.Info(s.ctx, "Skipped %s as it did not change", baseName)
-		return nil
+		return nil, err
 	}
+	result.content.SetK8sAnnotation(hashAnnotation, resultSecretHashesStr)
+	result.content.SetK8sAnnotation(certHashAnnotation, s.certHash)
 
-	err = yaml.WriteYamlFile(targetFile, result)
-	if err != nil {
-		return err
-	}
-	return nil
+	return &result, nil
 }
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 8630e1a15..d5190d1ae 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -110,6 +110,18 @@ func FromStringMulti(s string) ([]*UnstructuredObject, error) {
 	if err != nil {
 		return nil, err
 	}
+	return fromAnyList(ifs)
+}
+
+func FromFileMulti(p string) ([]*UnstructuredObject, error) {
+	ifs, err := yaml.ReadYamlAllFile(p)
+	if err != nil {
+		return nil, err
+	}
+	return fromAnyList(ifs)
+}
+
+func fromAnyList(ifs []any) ([]*UnstructuredObject, error) {
 	var ret []*UnstructuredObject
 	for _, i := range ifs {
 		m, ok := i.(map[string]interface{})

From eb2d5d6861bb69cd005011fcf224e7506c10132d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 17:23:04 +0200
Subject: [PATCH 0490/2268] chore: Run go get -u ./...

---
 go.mod | 42 +++++++++++++--------------
 go.sum | 91 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 67 insertions(+), 66 deletions(-)

diff --git a/go.mod b/go.mod
index 729920c5c..b422ea1b5 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.116
+	github.com/aws/aws-sdk-go v1.44.122
 	github.com/bitnami-labs/sealed-secrets v0.19.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
@@ -15,7 +15,7 @@ require (
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
-	github.com/google/go-containerregistry v0.11.0
+	github.com/google/go-containerregistry v0.12.0
 	github.com/hashicorp/vault/api v1.8.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
@@ -32,18 +32,18 @@ require (
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.0
+	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.13.0
 	github.com/stretchr/testify v1.8.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.2
-	golang.org/x/crypto v0.0.0-20221012134737-56aed061732a
-	golang.org/x/net v0.0.0-20221014081412-f15817d10f9b
-	golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0
-	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43
-	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
-	golang.org/x/text v0.3.8
+	golang.org/x/crypto v0.1.0
+	golang.org/x/net v0.1.0
+	golang.org/x/sync v0.1.0
+	golang.org/x/sys v0.1.0
+	golang.org/x/term v0.1.0
+	golang.org/x/text v0.4.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.1
@@ -71,7 +71,7 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/BurntSushi/toml v1.2.0 // indirect
+	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
@@ -87,10 +87,10 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.2.0 // indirect
-	github.com/containerd/containerd v1.6.8 // indirect
+	github.com/containerd/containerd v1.6.9 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.19+incompatible // indirect
-	github.com/docker/docker v20.10.19+incompatible // indirect
+	github.com/docker/cli v20.10.20+incompatible // indirect
+	github.com/docker/docker v20.10.20+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -105,7 +105,7 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/go-gorp/gorp/v3 v3.0.2 // indirect
+	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -179,7 +179,7 @@ require (
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.13.0 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rivo/uniseg v0.4.2 // indirect
@@ -198,15 +198,15 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
-	go.starlark.net v0.0.0-20221010140840-6bf6f0955179 // indirect
+	go.starlark.net v0.0.0-20221020143700-22309ac47eac // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect
-	golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	golang.org/x/mod v0.6.0 // indirect
+	golang.org/x/oauth2 v0.1.0 // indirect
+	golang.org/x/time v0.1.0 // indirect
+	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a // indirect
+	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
 	google.golang.org/grpc v1.50.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
diff --git a/go.sum b/go.sum
index e00cb9714..7e295f7f2 100644
--- a/go.sum
+++ b/go.sum
@@ -63,8 +63,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
 github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
-github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -114,8 +114,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.116 h1:NpLIhcvLWXJZAEwvPj3TDHeqp7DleK6ZUVYyW01WNHY=
-github.com/aws/aws-sdk-go v1.44.116/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo=
+github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -155,9 +155,9 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
-github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
-github.com/containerd/stargz-snapshotter/estargz v0.12.0 h1:idtwRTLjk2erqiYhPWy2L844By8NRFYEwYHcXhoIWPM=
+github.com/containerd/containerd v1.6.9 h1:IN/r8DUes/B5lEGTNfIiUkfZBtIQJGx2ai703dV6lRA=
+github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ=
+github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@@ -172,12 +172,12 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
-github.com/docker/cli v20.10.19+incompatible h1:VKVBUb0KY/bx0FUCrCiNCL8wqgy8VxQli1dtNTn38AE=
-github.com/docker/cli v20.10.19+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4=
+github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.19+incompatible h1:lzEmjivyNHFHMNAFLXORMBXyGIhw/UP4DvJwvyKYq64=
-github.com/docker/docker v20.10.19+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.20+incompatible h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E=
+github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -241,8 +241,9 @@ github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gorp/gorp/v3 v3.0.2 h1:ULqJXIekoqMx29FI5ekXXFoH1dT2Vc8UhnRzBg+Emz4=
 github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
+github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
+github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
@@ -348,8 +349,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.11.0 h1:Xt8x1adcREjFcmDoDK8OdOsjxu90PHkGuwNP8GiHMLM=
-github.com/google/go-containerregistry v0.11.0/go.mod h1:BBaYtsHPHA42uEgAvd/NejvAfPSlz281sJWqupjSxfk=
+github.com/google/go-containerregistry v0.12.0 h1:nidOEtFYlgPCRqxCKj/4c/js940HVWplCWc5ftdfdUA=
+github.com/google/go-containerregistry v0.12.0/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -512,8 +513,8 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -561,8 +562,8 @@ github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWV
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.14 h1:qZgc/Rwetq+MtyE18WhzjokPD93dNqLGNT3QJuLvBGw=
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM=
 github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
@@ -650,8 +651,8 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg=
 github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
+github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
@@ -664,8 +665,9 @@ github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
@@ -730,8 +732,8 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI=
-github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
+github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -785,7 +787,6 @@ github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0=
@@ -801,8 +802,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20221010140840-6bf6f0955179 h1:Mc5MkF55Iasgq23vSYpL6/l7EJXtlNjzw+8hbMQ/ShY=
-go.starlark.net v0.0.0-20221010140840-6bf6f0955179/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
+go.starlark.net v0.0.0-20221020143700-22309ac47eac h1:gBO5Qfcw5V9404yzsu2FEIsxK/u2mBNTNogK0uIoVhk=
+go.starlark.net v0.0.0-20221020143700-22309ac47eac/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
@@ -830,8 +831,8 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20221012134737-56aed061732a h1:NmSIgad6KjE6VvHciPZuNRTKxGhlPfD6OA87W/PLkqg=
-golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -867,8 +868,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -914,8 +915,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20221014081412-f15817d10f9b h1:tvrvnPFcdzp294diPnrdZZZ8XUt2Tyj7svb7X52iDuU=
-golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -930,8 +931,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk=
-golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
+golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -943,8 +944,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 h1:cu5kTvlzcw1Q5S9f5ip1/cpiB4nXvw1XYzFPGgzLUOY=
-golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1017,13 +1018,13 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4=
-golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220919170432-7a66f970e087 h1:tPwmk4vmvVCMdr98VgL4JH+qZxPL8fqlUOHnyOM8N3w=
-golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1033,13 +1034,13 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
-golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
+golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1094,8 +1095,8 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
+golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1176,8 +1177,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a h1:GH6UPn3ixhWcKDhpnEC55S75cerLPdpp3hrhfKYjZgw=
-google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
+google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU=
+google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

From c023d41b61703ff608744e2983a67efc8069cd31 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 17:36:33 +0200
Subject: [PATCH 0491/2268] fix: Fix compilation of buildTransport after
 updating dependencies

---
 pkg/registries/registries.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 731f3cf27..a280438bf 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -228,7 +228,12 @@ func (rh *RegistryHelper) buildTransport(registry string) (http.RoundTripper, er
 			return remote.DefaultTransport, nil
 		}
 
-		t := remote.DefaultTransport.Clone()
+		httpTransport, ok := remote.DefaultTransport.(*http.Transport)
+		if !ok {
+			return nil, fmt.Errorf("remote.DefaultTransport is not a http.Transport anymore. Please report this to https://github.com/kluctl/kluctl")
+		}
+		t := httpTransport.Clone()
+
 		t.TLSClientConfig.RootCAs = ca
 		t.TLSClientConfig.InsecureSkipVerify = skipTls
 		return t, nil

From 5aad1eccc36976d96310d466a20137c4b5753ab8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Oct 2022 22:49:53 +0200
Subject: [PATCH 0492/2268] feat: Also print orphan objects when showing diff
 before deploy

---
 pkg/deployment/commands/deploy.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 0fd1823ca..c82a6a303 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -53,17 +53,19 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
 		du.Diff()
 
+		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &types.CommandResult{
 			NewObjects:     du.NewObjects,
 			ChangedObjects: du.ChangedObjects,
 			DeletedObjects: au.GetDeletedObjects(),
 			HookObjects:    au.GetAppliedHookObjects(),
+			OrphanObjects:  orphanObjects,
 			Errors:         dew.GetErrorsList(),
 			Warnings:       dew.GetWarningsList(),
 			SeenImages:     cmd.c.Images.SeenImages(false),
 		}
 
-		err := diffResultCb(diffResult)
+		err = diffResultCb(diffResult)
 		if err != nil {
 			return nil, err
 		}

From a0ae4c51ea0fcf246f9bdbab071abe27a6b4bae8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Oct 2022 10:33:29 +0200
Subject: [PATCH 0493/2268] fix: Treat "MY_ENV_VAR:" as empty string instead of
 nil

---
 pkg/vars/vars_loader.go      | 4 ++++
 pkg/vars/vars_loader_test.go | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 176c59d4e..81e62d746 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -141,6 +141,10 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 			envValueStr = v
 		} else if hasDefaultValue {
 			envValueStr = defaultValue
+			if envValueStr == "" {
+				// treat empty default string as literal empty string instead of treating it as nil
+				envValueStr = `""`
+			}
 		} else {
 			return fmt.Errorf("environment variable %s not found for %s", envName, it.KeyPath().ToJsonPath())
 		}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 65027e369..bf4e3085b 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -336,6 +336,8 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 				},
 				"test5": "TEST5:def",
 				"test6": "TEST1:def",
+				"test7": "TEST5:''",
+				"test8": "TEST5:",
 			}),
 		}, nil, "")
 		assert.NoError(t, err)
@@ -354,6 +356,12 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 
 		v, _, _ = vc.Vars.GetNestedField("test6")
 		assert.Equal(t, 42, v)
+
+		v, _, _ = vc.Vars.GetNestedField("test7")
+		assert.Equal(t, "", v)
+
+		v, _, _ = vc.Vars.GetNestedField("test8")
+		assert.Equal(t, "", v)
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {

From 951dcccf17ab043620ba8cc8f16da64c86fdda31 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Oct 2022 10:34:06 +0200
Subject: [PATCH 0494/2268] fix: Allow to mix arguments from environment and
 CLI

---
 cmd/kluctl/commands/cobra_utils.go | 16 ++++++++++---
 e2e/args_test.go                   | 37 ++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index af5644631..5982f04bf 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -230,7 +230,8 @@ func copyViperValuesToCobraCmd(cmd *cobra.Command) error {
 func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 	var retErr []error
 	flags.VisitAll(func(flag *pflag.Flag) {
-		if flag.Changed {
+		sliceValue, _ := flag.Value.(pflag.SliceValue)
+		if flag.Changed && sliceValue == nil {
 			return
 		}
 		v := viper.Get(flag.Name)
@@ -262,11 +263,20 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 			a = append(a, v)
 		}
 
-		for _, x := range a {
-			err := flag.Value.Set(x)
+		if sliceValue != nil {
+			// we must ensure that values passed via CLI are at the end of the slice
+			a = append(a, sliceValue.GetSlice()...)
+			err := sliceValue.Replace(a)
 			if err != nil {
 				retErr = append(retErr, err)
 			}
+		} else {
+			for _, x := range a {
+				err := flag.Value.Set(x)
+				if err != nil {
+					retErr = append(retErr, err)
+				}
+			}
 		}
 	})
 	return utils.NewErrorListOrNil(retErr)
diff --git a/e2e/args_test.go b/e2e/args_test.go
index 527a75ce3..41c28870b 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -145,3 +145,40 @@ func TestArgsFromEnv(t *testing.T) {
 	assertNestedFieldEquals(t, cm, "True", "data", "d")
 	assertNestedFieldEquals(t, cm, "true", "data", "e")
 }
+
+func TestArgsFromEnvAndCli(t *testing.T) {
+	t.Setenv("KLUCTL_ARG_1", "a=a")
+	t.Setenv("KLUCTL_ARG_2", "c=c")
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "args-from-envs-and-cli")
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"a": `{{ args.a }}`,
+		"b": `{{ args.b }}`,
+		"c": `{{ args.c }}`,
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b")
+	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "b", "data", "b")
+	assertNestedFieldEquals(t, cm, "c", "data", "c")
+
+	// make sure the CLI overrides values from env
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b", "-a", "c=c2")
+	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	assertNestedFieldEquals(t, cm, "a", "data", "a")
+	assertNestedFieldEquals(t, cm, "b", "data", "b")
+	assertNestedFieldEquals(t, cm, "c2", "data", "c")
+}

From 199955ca1d21b4ca9f6e5fca6f2d3c130099cf39 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Oct 2022 12:13:48 +0200
Subject: [PATCH 0495/2268] docs: Add COC, CONTRIBUTING and DEVELOPMENT docs

---
 CODE_OF_CONDUCT.md |  3 +++
 CONTRIBUTING.md    | 59 ++++++++++++++++++++++++++++++++++++++++++++++
 DEVELOPMENT.md     | 50 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 112 insertions(+)
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 DEVELOPMENT.md

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000..5f90c194f
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+## Code of Conduct
+
+Kluctl follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..bc4ff3e98
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,59 @@
+# Contributing
+
+As all Open Source projects, Kluctl lives from contributions. If you consider contributing, we are welcoming you to do so.
+
+## Communication
+
+Contributing to Open Source projects also means that you are communicating with other members of the community. Please
+follow the [Code of Conduct](./CODE_OF_CONDUCT.md) whenever you communicate.
+
+## Creating issues / Reporting bugs
+
+Probably the easiest way to contribute is to create issues on Github. An issue could for example be a bug report or
+a feature request. It's also fine to create an issue that requests some change, for example to documentation. Issues
+can also be used as reminders/TODOs that something needs to be done in the future.
+
+The project is still in early stage when it comes to project management, so please bare with us if processes are still
+a bit "loose".
+
+One thing we'd like to ask for is to first search for issues that might already represent what you plan to report.
+In many cases it turns out that other people stumbled across the same thing already. If not, then you're "lucky" to
+report first :)
+
+It might also be useful to ask inside the #kluctl channel of the [CNCF Slack](https://slack.cncf.io) if you are unsure
+about your issue.
+
+## Finding issues to work on
+
+Check the [open issues](https://github.com/kluctl/kluctl/issues) and see if you can find something that you believe you
+could help with.
+
+## Contributing/Modifying documentation
+
+The next level of contribution is modifying documentation. Fork the repository and start working on the changes locally.
+When done, commit the changes, push them and create a pull request. If your pull request fixes an issue, add the proper
+`Fixes: #xxx` line so that the issue can be auto-closed.
+
+Please note that we follow [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) when committing.
+
+## Contributing/Modifying source code
+
+To fix a bug or add a feature, follow the same procedure as described in the previous chapter. Read the
+[DEVELOPMENT](./DEVELOPMENT.md) guidelines on how to build and run Kluctl from source.
+
+Additionally, you should ensure that your changes don't break anything. You can do this by running the
+[test suite](./DEVELOPMENT.md#how-to-run-the-test-suite) and by testing your changes manually. Adding new tests for
+fixed bugs and/or new features is also nice to see. Reviewers will also point out when tests would be of value.
+
+However, don't worry if you feel overwhelmed (e.g. with tests). You can also create a `[WIP]` pull request and ask for
+help.
+
+Please note that we follow [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) when committing.
+
+## Conventional commits
+
+As mentioned before, we follow [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) when committing.
+These commits are then used to create release notes and properly bump version numbers.
+
+We might reconsider this approach in the future, especially when we re-design the
+[release process](./DEVELOPMENT.md#releasing-process).
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
new file mode 100644
index 000000000..015f2a904
--- /dev/null
+++ b/DEVELOPMENT.md
@@ -0,0 +1,50 @@
+# Development
+
+## Installing required dependencies
+
+There are a number of dependencies required to be able to compile, run and test Kluctl:
+
+- [Install Go](https://golang.org/doc/install)
+
+In addition to the above, the following dependencies are also used by some of the `make` targets:
+
+- `goreleaser` (latest)
+- `setup-envtest` (latest)
+
+If any of the above dependencies are not present on your system, the first invocation of a `make` target that requires them will install them.
+
+## How to run the test suite
+
+Prerequisites:
+* Go >= 1.19
+
+You can run the test suite by simply doing
+
+```sh
+make test
+```
+
+Tests are separated between unit tests (found in-tree next to the tested code) and e2e tests (found below `./e2e`).
+Running `make test` will run all these tests. To only run unit tests, run `make test-unit`. To only run e2e tests, run
+`make test-e2e`.
+
+e2e tests rely on kubebuilders `envtest` package and thus also require `setup-envtest` and dependent binaries
+(e.g. kube-apiserver) to be available as well. The Makefile will take care of downloading these if required.
+
+## How to build Kluctl
+
+Simply run `make build`, which will build the kluctl binary any put into `./bin/`. To use, either directly invoke it
+with the relative or absolute path or update your `PATH` environment variable to point to the bin directory.
+
+## Contributions
+
+See [CONTRIBUTING](./CONTRIBUTING.md) for details.
+
+## Releasing process
+
+The release process is currently partly manual and partly automated. A maintainer has to create a version tag and
+manually push it to Github. A Github workflow will then react to this tag by running `goreleaser`, which will then
+create a draft release. The maintainer then has to manually update the pre-generated release notes and publish the
+release.
+
+This process is going to be modified in the future to contain more automation and more collaboration friendly processes.

From bac93151c38802a7919c18c8bc01f811f7bd8b45 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Oct 2022 12:14:04 +0200
Subject: [PATCH 0496/2268] docs: Update README.md with links to new docs

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 899b40f2e..3d6380bc7 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,11 @@ Documentation, news and blog posts can be found on https://kluctl.io.
 The underlying documentation is synced from this repo (look into ./docs) to the website whenever something is merged
 into main.
 
+## Development and contributions
+
+Please read [DEVELOPMENT](./DEVELOPMENT.md) and [CONTRIBUTIONS](./CONTRIBUTING.md) for details on how the Kluctl project
+handles these matters.
+
 ## Kluctl in Short
 
 |     |     |

From 0f165a912f2f7d46f3fd53e5b3f5c6a87392a07d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Oct 2022 12:14:15 +0200
Subject: [PATCH 0497/2268] docs: Add community section in README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 3d6380bc7..51c58facb 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,15 @@ The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
 Installation instructions can be found [here](./docs/installation.md). For a getting started guide, continue
 [here](./docs/get-started.md).
 
+## Community
+
+Check the [community page](https://kluctl.io/community/) for details about the Kluctl community.
+
+In short: We use [Github Issues](https://github.com/kluctl/kluctl/issues) and
+[Github Discussions](https://github.com/kluctl/kluctl/discussions) to track and discuss Kluctl related development.
+You can also join the #kluctl channel inside the [CNCF Slack](https://slack.cncf.io) to get in contact with other
+community members and contributors/developers.
+
 ## Documentation
 
 Documentation, news and blog posts can be found on https://kluctl.io.

From c5790b8df0571c05eca983d92acac0a74c1f4ab2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Oct 2022 12:23:45 +0200
Subject: [PATCH 0498/2268] docs: Add MAINTAINERS.md

---
 MAINTAINERS.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 MAINTAINERS.md

diff --git a/MAINTAINERS.md b/MAINTAINERS.md
new file mode 100644
index 000000000..cd30797d4
--- /dev/null
+++ b/MAINTAINERS.md
@@ -0,0 +1,11 @@
+# Maintainers
+
+The maintainers are generally available in Slack at
+https://cloud-native.slack.com in #klcutl
+(obtain an invitation at https://slack.cncf.io/).
+
+Currently, the maintainers of Kluctl are:
+
+- Alexander Block (github: @codablock, slack: codablock)
+- Aljoscha Poertner (github: @AljoschaP, slack: aljoshare)
+- Matthias Gebbe (github: @matzegebbe)

From 652bfb0b94d1f033c74e0095f46502615fa0c38c Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Tue, 1 Nov 2022 23:14:10 +0100
Subject: [PATCH 0499/2268] Update MAINTAINERS.md

fix firstname, added slack for Mathias Gebbe
---
 MAINTAINERS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MAINTAINERS.md b/MAINTAINERS.md
index cd30797d4..715056cf7 100644
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -8,4 +8,4 @@ Currently, the maintainers of Kluctl are:
 
 - Alexander Block (github: @codablock, slack: codablock)
 - Aljoscha Poertner (github: @AljoschaP, slack: aljoshare)
-- Matthias Gebbe (github: @matzegebbe)
+- Mathias Gebbe (github: @matzegebbe, slack: matzeihnsein)

From 2e285bb4848d9c51334fcc847252937249f09e3e Mon Sep 17 00:00:00 2001
From: Prateek Mishra <pr0PM@pm.me>
Date: Fri, 4 Nov 2022 22:43:36 +0530
Subject: [PATCH 0500/2268] typo fix

---
 docs/get-started.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/get-started.md b/docs/get-started.md
index e1cc96cce..5393963e9 100644
--- a/docs/get-started.md
+++ b/docs/get-started.md
@@ -90,7 +90,7 @@ Kluctl will perform a diff first and then ask for your confirmation to deploy it
 some objects being newly deployed.
 
 ```sh
-kubectl -nsimple-helm get pod
+kubectl -n simple-helm get pod
 ```
 
 ## Change something and re-deploy
@@ -106,7 +106,7 @@ This time it should show your modifications in the diff. Confirm that you want t
 it:
 
 ```sh
-kubectl -nsimple-helm get pod
+kubectl -n simple-helm get pod
 ```
 
 You should need 2 instances of the nginx POD running now.

From 896ffb1344bd8052eb85ec393fc0158ae11bca0e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 8 Nov 2022 08:43:10 +0100
Subject: [PATCH 0501/2268] fix: Also take initContainers into account in
 poke-images

---
 pkg/deployment/commands/poke_images.go | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index cde5280b7..a06bf48a2 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -54,14 +54,19 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 		containersAndImages[*fi.Object] = append(containersAndImages[*fi.Object], fi)
 	}
 
-	doPokeImage := func(images []types.FixedImage, o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
-		containers, _, _ := o.GetNestedObjectList("spec", "template", "spec", "containers")
+	var fieldPathes []uo.KeyPath
+	fieldPathes = append(fieldPathes, uo.KeyPath{"spec", "template", "spec", "containers"})
+	fieldPathes = append(fieldPathes, uo.KeyPath{"spec", "template", "spec", "initContainers"})
 
+	doPokeImage := func(images []types.FixedImage, o *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 		for _, image := range images {
-			for _, c := range containers {
-				containerName, _, _ := c.GetNestedString("name")
-				if image.Container != nil && containerName == *image.Container {
-					c.SetNestedField(image.ResultImage, "image")
+			for _, jsp := range fieldPathes {
+				containers, _, _ := o.GetNestedObjectList(jsp...)
+				for _, c := range containers {
+					containerName, _, _ := c.GetNestedString("name")
+					if image.Container != nil && containerName == *image.Container {
+						_ = c.SetNestedField(image.ResultImage, "image")
+					}
 				}
 			}
 		}

From 4bb1f6717620a1350fce21de9d1f08171b189142 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 8 Nov 2022 10:08:07 +0100
Subject: [PATCH 0502/2268] docs: Remove redundant section from readiness.md

That same section is already inside hooks.md
---
 docs/reference/deployments/readiness.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docs/reference/deployments/readiness.md b/docs/reference/deployments/readiness.md
index d571f969f..ec8020bb0 100644
--- a/docs/reference/deployments/readiness.md
+++ b/docs/reference/deployments/readiness.md
@@ -14,7 +14,3 @@ description:
 There are multiple places where kluctl can wait for "readiness" of resources, e.g. for hooks or when `waitReadiness` is
 specified on a deployment item. Readiness depends on the resource kind, e.g. for a Job, kluctl would wait until it
 finishes successfully.
-
-After each deployment/execution of the hooks that belong to a deployment stage (before/after deployment), kluctl
-waits for the hook resources to become "ready". Readiness depends on the resource kind, e.g. for a Job, kluctl would
-wait until it finishes successfully.

From 194582a39c5e96ea52dd7ef0e26c5ebb93290a49 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 13:17:45 +0100
Subject: [PATCH 0503/2268] refactor: Move writing of kustomization.yaml into
 buildKustomize

---
 pkg/deployment/deployment_item.go | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 0c53716e9..490cec5f9 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -450,19 +450,19 @@ func (di *DeploymentItem) writeKustomizationYaml(ky *uo.UnstructuredObject) erro
 	return yaml.WriteYamlFile(kustomizeYamlPath, ky)
 }
 
-func (di *DeploymentItem) prepareKustomizationYaml() error {
+func (di *DeploymentItem) prepareKustomizationYaml() (*uo.UnstructuredObject, error) {
 	ky, err := di.readKustomizationYaml("")
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if ky == nil {
 		ky, err = di.generateKustomizationYaml("")
 		if err != nil {
-			return err
+			return nil, err
 		}
 		err = di.writeKustomizationYaml(ky)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	}
 
@@ -470,7 +470,7 @@ func (di *DeploymentItem) prepareKustomizationYaml() error {
 	if overrideNamespace != nil {
 		_, ok, err := ky.GetNestedString("namespace")
 		if err != nil {
-			return err
+			return nil, err
 		}
 		if !ok {
 			ky.SetNestedField(*overrideNamespace, "namespace")
@@ -480,8 +480,7 @@ func (di *DeploymentItem) prepareKustomizationYaml() error {
 	di.Barrier = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/barrier"))
 	di.WaitReadiness = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/wait-readiness"))
 
-	// Save modified kustomization.yml
-	return di.writeKustomizationYaml(ky)
+	return ky, nil
 }
 
 func (di *DeploymentItem) buildKustomize() error {
@@ -489,7 +488,13 @@ func (di *DeploymentItem) buildKustomize() error {
 		return nil
 	}
 
-	err := di.prepareKustomizationYaml()
+	ky, err := di.prepareKustomizationYaml()
+	if err != nil {
+		return err
+	}
+
+	// Save modified kustomization.yml
+	err = di.writeKustomizationYaml(ky)
 	if err != nil {
 		return err
 	}

From d4d381855a1d0299c400c26759ea7815785fb314 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 11:01:47 +0100
Subject: [PATCH 0504/2268] refacor: Reuse loadFile for git vars

---
 pkg/vars/vars.go        | 20 ++++++++++++++------
 pkg/vars/vars_loader.go | 15 ++-------------
 2 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index ecb960224..cc3599471 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -44,12 +44,13 @@ func (vc *VarsCtx) UpdateChildFromStruct(child string, o interface{}) error {
 	return nil
 }
 
-func (vc *VarsCtx) RenderString(t string) (string, error) {
+func (vc *VarsCtx) RenderString(t string, searchDirs []string) (string, error) {
 	globals, err := vc.Vars.ToMap()
 	if err != nil {
 		return "", err
 	}
 	return vc.J2.RenderString(t,
+		jinja2.WithSearchDirs(searchDirs),
 		jinja2.WithGlobals(globals),
 	)
 }
@@ -62,24 +63,31 @@ func (vc *VarsCtx) RenderStruct(o interface{}) (bool, error) {
 	return vc.J2.RenderStruct(o, jinja2.WithGlobals(globals))
 }
 
-func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}) error {
+func (vc *VarsCtx) RenderFile(p string, searchDirs []string) (string, error) {
 	globals, err := vc.Vars.ToMap()
 	if err != nil {
-		return err
+		return "", err
 	}
 	ret, err := vc.J2.RenderFile(p,
 		jinja2.WithSearchDirs(searchDirs),
 		jinja2.WithGlobals(globals),
 	)
 	if err != nil {
-		return err
+		return "", err
 	}
 
-	err = yaml.ReadYamlString(ret, out)
+	return ret, nil
+}
+
+func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}) error {
+	rendered, err := vc.RenderFile(p, searchDirs)
+	if err != nil {
+		return err
+	}
+	err = yaml.ReadYamlString(rendered, out)
 	if err != nil {
 		return err
 	}
-
 	return nil
 }
 
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 81e62d746..b0ae45db4 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -199,17 +198,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
 
-	path, err := securejoin.SecureJoin(clonedDir, gitFile.Path)
-	if err != nil {
-		return err
-	}
-
-	f, err := os.ReadFile(path)
-	if err != nil {
-		return err
-	}
-
-	return v.loadFromString(varsCtx, string(f), "git", rootKey)
+	return v.loadFile(varsCtx, gitFile.Path, []string{clonedDir}, rootKey)
 }
 
 func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, base64Decode bool) error {
@@ -297,7 +286,7 @@ func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, secretType strin
 }
 
 func (v *VarsLoader) renderYamlString(varsCtx *VarsCtx, s string, out interface{}) error {
-	ret, err := varsCtx.RenderString(s)
+	ret, err := varsCtx.RenderString(s, nil)
 	if err != nil {
 		return err
 	}

From 54a3485d2b1ce96a2cb2a4cc37435b0fa86b0330 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 15:30:17 +0100
Subject: [PATCH 0505/2268] feat: Implement sops support for vars files

---
 go.mod                                    |  18 +++
 go.sum                                    | 185 ++++++++++++++++++++++
 pkg/vars/sops_test_resources/.sops.yaml   |   3 +
 pkg/vars/sops_test_resources/README.md    |   4 +
 pkg/vars/sops_test_resources/embed.go     |   6 +
 pkg/vars/sops_test_resources/test-key.txt |   3 +
 pkg/vars/sops_test_resources/test.yaml    |  22 +++
 pkg/vars/vars_loader.go                   |  22 ++-
 pkg/vars/vars_loader_test.go              |  22 ++-
 pkg/yaml/yaml.go                          |   4 +
 10 files changed, 287 insertions(+), 2 deletions(-)
 create mode 100644 pkg/vars/sops_test_resources/.sops.yaml
 create mode 100644 pkg/vars/sops_test_resources/README.md
 create mode 100644 pkg/vars/sops_test_resources/embed.go
 create mode 100644 pkg/vars/sops_test_resources/test-key.txt
 create mode 100644 pkg/vars/sops_test_resources/test.yaml

diff --git a/go.mod b/go.mod
index b422ea1b5..4bcfb6282 100644
--- a/go.mod
+++ b/go.mod
@@ -59,16 +59,23 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.0
 )
 
 require (
 	cloud.google.com/go/compute v1.10.0 // indirect
+	filippo.io/age v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
+	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
@@ -83,12 +90,14 @@ require (
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.2.0 // indirect
 	github.com/containerd/containerd v1.6.9 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/cli v20.10.20+incompatible // indirect
 	github.com/docker/docker v20.10.20+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
@@ -112,6 +121,7 @@ require (
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
@@ -120,8 +130,11 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.4.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
+	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -141,6 +154,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -198,6 +212,8 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
+	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
+	go.opencensus.io v0.23.0 // indirect
 	go.starlark.net v0.0.0-20221020143700-22309ac47eac // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.6.0 // indirect
@@ -205,6 +221,7 @@ require (
 	golang.org/x/time v0.1.0 // indirect
 	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/api v0.96.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
 	google.golang.org/grpc v1.50.1 // indirect
@@ -212,6 +229,7 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	k8s.io/apiserver v0.25.3 // indirect
 	k8s.io/cli-runtime v0.25.3 // indirect
diff --git a/go.sum b/go.sum
index 7e295f7f2..11bfa90e8 100644
--- a/go.sum
+++ b/go.sum
@@ -20,17 +20,34 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
+cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
+cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
+cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
+cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
+cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
+cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
+cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
 cloud.google.com/go/compute v1.10.0 h1:aoLIYaA1fX3ywihqpBk2APQKOo20nXsp1GEZQbx5Jk4=
 cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -41,21 +58,35 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
+filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
+github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII=
+github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
+github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
 github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
 github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk=
 github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
 github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
+github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
+github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
+github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac=
+github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
 github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
@@ -86,6 +117,7 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad h1:QeeqI2zxxgZVe11UrYFXXx6gVxPVF40ygekjBzEg4XY=
@@ -124,6 +156,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/bitnami-labs/sealed-secrets v0.19.1 h1:ZNLcVtTXRf7VkyNzyhe9omlwNYI0OHDteTbIHsQI7Ug=
 github.com/bitnami-labs/sealed-secrets v0.19.1/go.mod h1:5UcsiOdOoviJUtXY1GNSeFa8zezbBY+j9pQAA2RtKyw=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
+github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
+github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
@@ -131,6 +165,7 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -152,11 +187,16 @@ github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.9 h1:IN/r8DUes/B5lEGTNfIiUkfZBtIQJGx2ai703dV6lRA=
 github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ=
+github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
@@ -171,6 +211,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
+github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4=
 github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -203,6 +245,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -301,6 +344,7 @@ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -309,6 +353,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -327,6 +372,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -347,6 +393,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.12.0 h1:nidOEtFYlgPCRqxCKj/4c/js940HVWplCWc5ftdfdUA=
@@ -357,6 +406,7 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -369,6 +419,9 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
@@ -376,8 +429,18 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
+github.com/googleapis/enterprise-certificate-proxy v0.1.0 h1:zO8WHNx/MYiAKJ3d5spxZXZE6KHmIQGQcAzwUzV7qQw=
+github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
+github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk=
+github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
+github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -386,6 +449,8 @@ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
+github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
+github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
@@ -452,6 +517,8 @@ github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
+github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -628,6 +695,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
 github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw=
+github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -793,6 +862,10 @@ go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0=
 go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
+go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
+go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
+go.mozilla.org/sops/v3 v3.7.3 h1:CYx02LnWTATWv6NqWJIt4JCKVKSnGV+MsRiDpvwWQhg=
+go.mozilla.org/sops/v3 v3.7.3/go.mod h1:AutdccISG5Nt/faUigaKPU9aGmhyZuCyUiSx5YCa1O8=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -910,11 +983,18 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -930,7 +1010,15 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -944,6 +1032,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1003,19 +1092,34 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
@@ -1093,7 +1197,11 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
@@ -1101,6 +1209,10 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
 gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -1125,6 +1237,26 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
+google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
+google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
+google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
+google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
+google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
+google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
+google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
+google.golang.org/api v0.96.0 h1:F60cuQPJq7K7FzsxMYHAUJSiXh2oKctHxBMbDygxhfM=
+google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1174,9 +1306,47 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU=
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1198,11 +1368,22 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1216,6 +1397,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -1234,6 +1416,8 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
+gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1251,6 +1435,7 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 helm.sh/helm/v3 v3.10.1 h1:uTnNlYx8QcTSNA4ZJ50Llwife4CSohUY4ehumyVf2QE=
diff --git a/pkg/vars/sops_test_resources/.sops.yaml b/pkg/vars/sops_test_resources/.sops.yaml
new file mode 100644
index 000000000..9071c5ce4
--- /dev/null
+++ b/pkg/vars/sops_test_resources/.sops.yaml
@@ -0,0 +1,3 @@
+creation_rules:
+  - path_regex: test.yaml
+    age: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
diff --git a/pkg/vars/sops_test_resources/README.md b/pkg/vars/sops_test_resources/README.md
new file mode 100644
index 000000000..d9d669b06
--- /dev/null
+++ b/pkg/vars/sops_test_resources/README.md
@@ -0,0 +1,4 @@
+To edit the test.yaml file, run:
+```sh
+SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test.yaml
+```
diff --git a/pkg/vars/sops_test_resources/embed.go b/pkg/vars/sops_test_resources/embed.go
new file mode 100644
index 000000000..de606a4eb
--- /dev/null
+++ b/pkg/vars/sops_test_resources/embed.go
@@ -0,0 +1,6 @@
+package sops_test_resources
+
+import "embed"
+
+//go:embed all:*
+var TestResources embed.FS
diff --git a/pkg/vars/sops_test_resources/test-key.txt b/pkg/vars/sops_test_resources/test-key.txt
new file mode 100644
index 000000000..3f4a2f064
--- /dev/null
+++ b/pkg/vars/sops_test_resources/test-key.txt
@@ -0,0 +1,3 @@
+# created: 2022-11-10T11:37:19+01:00
+# public key: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
+AGE-SECRET-KEY-1SKGMW8JCGJ5U0UZZ0WC0583NZTRZ58F02A2KXKUULLNRM07XZ9SQ228TEW
diff --git a/pkg/vars/sops_test_resources/test.yaml b/pkg/vars/sops_test_resources/test.yaml
new file mode 100644
index 000000000..c3a287063
--- /dev/null
+++ b/pkg/vars/sops_test_resources/test.yaml
@@ -0,0 +1,22 @@
+test1:
+    test2: ENC[AES256_GCM,data:t/0=,iv:O061yXXLVkr36SYhF5fHHVdq+uzIbuGWMo1exsR0XK0=,tag:x/adK5sLVqdm233w/oWWiw==,type:int]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUzZtaTl5YlhaOWRoRG9j
+            Vnc5UlpTUHZVUkcwbmgzM2lmTjJob3lQaURrCi9MSmNsZ3ltUkV4dkZScEJ0cks4
+            cmlIRUgvWDBnQVpDdTRudXFMNlc3TFEKLS0tIGJHZEowODRNaittT3htZ29CSFJn
+            bjFkMEg4cCttZXcwdURNdnVaZ2EyUlEKTaJsay+v0TXNr9NIxFyvTXrcHgSV63Si
+            YiVg5/ovqVUd26lPvsQwuS9iu5BQaZAzA5uZdw4Ain+SQM9iIf8zTQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-10T11:17:45Z"
+    mac: ENC[AES256_GCM,data:mr9GReeEuGOobT0DwL2VBPuapT1Hc6tkhG0djYBybHKIpYaRzqz1RLdxeMHlsIMar6tbKHqRXC4euwXpzArUEhdJXzWMnBbiimibDauvH/Zf5Yf4LSYM0OyCttOfxYKejwtnBJ7Lm4C0udciPcCGKDBpql+yTX9U/vOqPQt0/vA=,iv:2jpr2QLN/zyv1QBXsVQpduDh16i2q/Sr4xTF+ojwXq0=,tag:CCl/Il59RnYe2HuoDJycZg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index b0ae45db4..0dd5e66eb 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -14,6 +14,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"go.mozilla.org/sops/v3"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"go.mozilla.org/sops/v3/decrypt"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"strings"
@@ -102,8 +105,25 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 }
 
 func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string, rootKey string) error {
+	rendered, err := varsCtx.RenderFile(path, searchDirs)
+	if err != nil {
+		return fmt.Errorf("failed to render vars file %s: %w", path, err)
+	}
+
+	if yaml.IsMaybeSopsFile([]byte(rendered)) {
+		decrypted, err := decrypt.DataWithFormat([]byte(rendered), formats.FormatForPath(path))
+		if err != nil && err != sops.MetadataNotFound {
+			return fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
+		} else if err == nil {
+			rendered = string(decrypted)
+		}
+	}
+
 	newVars := uo.New()
-	err := varsCtx.RenderYamlFile(path, searchDirs, newVars)
+	err = yaml.ReadYamlString(rendered, newVars)
+	if err != nil {
+		return err
+	}
 	if err != nil {
 		return fmt.Errorf("failed to load vars from %s: %w", path, err)
 	}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index bf4e3085b..c7e758bdf 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/stretchr/testify/assert"
+	"go.mozilla.org/sops/v3/age"
 	"io"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -87,6 +88,25 @@ func TestVarsLoader_File(t *testing.T) {
 	})
 }
 
+func TestVarsLoader_SopsFile(t *testing.T) {
+	d := newTestDir(t)
+	f, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
+	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	_ = os.WriteFile(filepath.Join(d, "test.yaml"), f, 0o600)
+
+	t.Setenv(age.SopsAgeKeyEnv, string(key))
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			File: utils.StrPtr("test.yaml"),
+		}, []string{d}, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
 func TestVarsLoader_FileWithLoad(t *testing.T) {
 	d := newTestDir(t)
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
@@ -128,7 +148,7 @@ func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 		err := vl.LoadVars(vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.EqualError(t, err, "failed to load vars from test.yaml: template test3.txt not found")
+		assert.EqualError(t, err, "failed to render vars file test.yaml: template test3.txt not found")
 	})
 }
 
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 89610c94a..0dde23fad 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -285,3 +285,7 @@ func Exists(p string) bool {
 	p = FixPathExt(p)
 	return utils.Exists(p)
 }
+
+func IsMaybeSopsFile(s []byte) bool {
+	return bytes.Index(s, []byte("sops")) != -1
+}

From 86c8f83dfd244009b142b1187f8153f3f0cbd081 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 15:21:12 +0100
Subject: [PATCH 0506/2268] feat: Support sops in kustomize resources

---
 pkg/deployment/deployment_item.go | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 490cec5f9..d42afe526 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -8,6 +8,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"go.mozilla.org/sops/v3"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"go.mozilla.org/sops/v3/decrypt"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
@@ -483,6 +486,31 @@ func (di *DeploymentItem) prepareKustomizationYaml() (*uo.UnstructuredObject, er
 	return ky, nil
 }
 
+func (di *DeploymentItem) decryptSopsFile(p string) error {
+	file, err := os.ReadFile(p)
+	if err != nil {
+		return fmt.Errorf("failed to read file %s: %w", p, err)
+	}
+
+	if !yaml.IsMaybeSopsFile(file) {
+		return nil
+	}
+
+	decrypted, err := decrypt.DataWithFormat(file, formats.FormatForPath(p))
+	if err == sops.MetadataNotFound {
+		// not encrypted, so bail out
+		return nil
+	} else if err != nil {
+		return fmt.Errorf("failed to decrypt file %s: %w", p, err)
+	}
+
+	err = os.WriteFile(p, decrypted, 0o600)
+	if err != nil {
+		return fmt.Errorf("failed to save decrypted file %s: %w", p, err)
+	}
+	return nil
+}
+
 func (di *DeploymentItem) buildKustomize() error {
 	if di.dir == nil {
 		return nil
@@ -499,6 +527,17 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
+	resources, _, _ := ky.GetNestedStringList("resources")
+	for _, r := range resources {
+		p := filepath.Join(di.RenderedDir, r)
+		if utils.IsFile(p) {
+			err = di.decryptSopsFile(p)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	rm, err := utils.SecureBuildKustomization(di.RenderedSourceRootDir, di.RenderedDir, true)
 	if err != nil {
 		return err

From 3e0a1b0af658891f0417714db1dc01f93802ac92 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 16:09:10 +0100
Subject: [PATCH 0507/2268] tests: Add sops tests

---
 e2e/project.go                                | 22 +++--
 e2e/sops_test.go                              | 83 +++++++++++++++++++
 pkg/vars/sops_test_resources/.sops.yaml       |  3 +-
 pkg/vars/sops_test_resources/README.md        |  1 +
 .../sops_test_resources/test-configmap.yaml   | 26 ++++++
 5 files changed, 125 insertions(+), 10 deletions(-)
 create mode 100644 e2e/sops_test.go
 create mode 100644 pkg/vars/sops_test_resources/test-configmap.yaml

diff --git a/e2e/project.go b/e2e/project.go
index f68025aef..2e137e841 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -100,6 +100,10 @@ func (p *testProject) updateYaml(path string, update func(o *uo.UnstructuredObje
 	}, message)
 }
 
+func (p *testProject) updateFile(path string, update func(f string) (string, error), message string) {
+	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), path, update, message)
+}
+
 func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
 	if err != nil {
@@ -284,18 +288,20 @@ func (p *testProject) addKustomizeResources(dir string, resources []kustomizeRes
 		l, _, _ := o.GetNestedList("resources")
 		for _, r := range resources {
 			l = append(l, r.name)
-			x := p.convertInterfaceToList(r.content)
 			fileName := r.fileName
 			if fileName == "" {
 				fileName = r.name
 			}
-			err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, fileName), x)
-			if err != nil {
-				return err
-			}
-			_, err = wt.Add(filepath.Join(dir, fileName))
-			if err != nil {
-				return err
+			if r.content != nil {
+				x := p.convertInterfaceToList(r.content)
+				err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, fileName), x)
+				if err != nil {
+					return err
+				}
+				_, err = wt.Add(filepath.Join(dir, fileName))
+				if err != nil {
+					return err
+				}
 			}
 		}
 		o.SetNestedField(l, "resources")
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
new file mode 100644
index 000000000..59e352b82
--- /dev/null
+++ b/e2e/sops_test.go
@@ -0,0 +1,83 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
+	"go.mozilla.org/sops/v3/age"
+	"testing"
+)
+
+func TestSopsVars(t *testing.T) {
+	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	t.Setenv(age.SopsAgeKeyEnv, string(key))
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "sops-vars")
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"v1": "{{ test1.test2 }}",
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.projectName,
+	})
+	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]map[string]any{
+			{
+				"file": "encrypted-vars.yaml",
+			},
+		}, "vars")
+		return nil
+	})
+
+	p.updateFile("encrypted-vars.yaml", func(f string) (string, error) {
+		b, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
+		return string(b), nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+
+	cm := assertConfigMapExists(t, k, p.projectName, "cm")
+	assertNestedFieldEquals(t, cm, map[string]any{
+		"v1": "42",
+	}, "data")
+}
+
+func TestSopsResources(t *testing.T) {
+	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	t.Setenv(age.SopsAgeKeyEnv, string(key))
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k, "sops-resources")
+
+	createNamespace(t, k, p.projectName)
+
+	p.updateTarget("test", nil)
+	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(p.projectName, "overrideNamespace")
+		return nil
+	})
+
+	p.addKustomizeDeployment("cm", []kustomizeResource{
+		{name: "encrypted-cm.yaml"},
+	}, nil)
+
+	p.updateFile("cm/encrypted-cm.yaml", func(f string) (string, error) {
+		b, _ := sops_test_resources.TestResources.ReadFile("test-configmap.yaml")
+		return string(b), nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+
+	cm := assertConfigMapExists(t, k, p.projectName, "encrypted-cm")
+	assertNestedFieldEquals(t, cm, map[string]any{
+		"a": "b",
+	}, "data")
+}
diff --git a/pkg/vars/sops_test_resources/.sops.yaml b/pkg/vars/sops_test_resources/.sops.yaml
index 9071c5ce4..73232ad66 100644
--- a/pkg/vars/sops_test_resources/.sops.yaml
+++ b/pkg/vars/sops_test_resources/.sops.yaml
@@ -1,3 +1,2 @@
 creation_rules:
-  - path_regex: test.yaml
-    age: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
+  - age: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
diff --git a/pkg/vars/sops_test_resources/README.md b/pkg/vars/sops_test_resources/README.md
index d9d669b06..f25a10769 100644
--- a/pkg/vars/sops_test_resources/README.md
+++ b/pkg/vars/sops_test_resources/README.md
@@ -1,4 +1,5 @@
 To edit the test.yaml file, run:
 ```sh
 SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test.yaml
+SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test-configmap.yaml
 ```
diff --git a/pkg/vars/sops_test_resources/test-configmap.yaml b/pkg/vars/sops_test_resources/test-configmap.yaml
new file mode 100644
index 000000000..412303b43
--- /dev/null
+++ b/pkg/vars/sops_test_resources/test-configmap.yaml
@@ -0,0 +1,26 @@
+apiVersion: ENC[AES256_GCM,data:P+0=,iv:BI/ZR9fS+Pt26Ert1Bm+CgEPba/rN149lhBvMJdrC3M=,tag:/vMKi5bqzS7RiYlHV6ES0w==,type:str]
+kind: ENC[AES256_GCM,data:AdJ37WNulWCn,iv:HcLZZEUbzDw0Y/eXaJ/1Lzr/lJ1wexXvq0sf+WRTgAw=,tag:3SpRc9DHXcdINxsBZAB4aw==,type:str]
+metadata:
+    name: ENC[AES256_GCM,data:JzAbIoxlaC/W+2ng,iv:Wiv9cFlmOJov5HL8nWwDNUg+GAsq2NRvyWM9OK5SNCA=,tag:/N+sO//QpnGbcxfq0OxDlg==,type:str]
+data:
+    a: ENC[AES256_GCM,data:Gg==,iv:8cfbT7VXyWdQxWWAB84+RhdEfQ/QYCXEtdQBVtL4dGg=,tag:+EYsouHQU5jXyAMTnLAJHg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ05WY2hiNFdOcnJyYThr
+            QXZTTXFGVWJtYzcvakRBbzFpRnFwWGVPVjNnCkYyUW9qMEx2K25NbFVYY3d6NWZ3
+            YnU4ZGpnamYwWGxrb2ZTandVQXNPR2sKLS0tIGZ2cnZZNXRKRnI2TVdVV1Z0eUsx
+            V1A2MXp1V3Z3VHUzVzlQc1dISkpmeVUKRNruIW7lGYGZ2zP2bJ/zrfB5ezktDPSU
+            I21uQv0OMYxCBBxVGCwqGm2LEG9jJZR+8yV7QTQqH4x/G3/V+zFFEA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-10T14:53:10Z"
+    mac: ENC[AES256_GCM,data:Qxl1mPN5nGaH9/K+RGuItcHou7tbPrd1p37067nKoxPPF2a2o7kJV6FfJsB6tUYWaEHZMMseE2Gl5mJ1H8m6mmZBjx+DiBBoGmAh719PJ7kffDYFB0trk2Ysh1TQubvy7lv8pPCo7ruVhfoz9/oUTyoFquD+70f/xFa3nH0HPM8=,iv:5NnE8CfRy4Vz95CxQW5omkTsj+i6LDWzuAWIfzF5qOg=,tag:+dyFsFfsJj+dojMiDRIb7w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

From 05fae7cad7d96c8c7660ae84c80841af5e813e23 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 21:57:17 +0100
Subject: [PATCH 0508/2268] tests: Fix tests compilation

---
 pkg/vars/vars_loader_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index c7e758bdf..95db5f20f 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
 	"go.mozilla.org/sops/v3/age"
 	"io"

From fb17e29216ed48632e724062f1d1f58004e5ebfe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 21:58:58 +0100
Subject: [PATCH 0509/2268] docs: Add docs for SOPS support

---
 docs/reference/deployments/README.md    |  9 ++--
 docs/reference/deployments/helm.md      |  2 +-
 docs/reference/deployments/hooks.md     |  2 +-
 docs/reference/deployments/readiness.md |  2 +-
 docs/reference/deployments/sops.md      | 70 +++++++++++++++++++++++++
 docs/reference/deployments/tags.md      |  2 +-
 6 files changed, 79 insertions(+), 8 deletions(-)
 create mode 100644 docs/reference/deployments/sops.md

diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index ede5bdaa1..b54534e4f 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -15,10 +15,11 @@ description: >
 2. [Kustomize Integration](./kustomize.md)
 3. [Container Images](./images.md)
 4. [Helm Integration](./helm.md)
-5. [Hooks](./hooks.md)
-6. [Readiness](./readiness.md)
-7. [Tags](./tags.md)
-8. [Annotations](./annotations)
+5. [SOPS Integration](./sops.md)
+6. [Hooks](./hooks.md)
+7. [Readiness](./readiness.md)
+8. [Tags](./tags.md)
+9. [Annotations](./annotations)
 
 A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
 [Kustomize](./kustomize.md) deployments, but can also integrate [Helm Charts](./helm.md).
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 75016f9e8..c5ac21956 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -3,7 +3,7 @@
 ---
 title: "Helm Integration"
 linkTitle: "Helm Integration"
-weight: 3
+weight: 4
 description: >
     How Helm is integrated into Kluctl.
 ---
diff --git a/docs/reference/deployments/hooks.md b/docs/reference/deployments/hooks.md
index b9f5879c2..34567de06 100644
--- a/docs/reference/deployments/hooks.md
+++ b/docs/reference/deployments/hooks.md
@@ -3,7 +3,7 @@
 ---
 title: "Hooks"
 linkTitle: "Hooks"
-weight: 4
+weight: 6
 description: >
     Kluctl hooks.
 ---
diff --git a/docs/reference/deployments/readiness.md b/docs/reference/deployments/readiness.md
index ec8020bb0..ff3197659 100644
--- a/docs/reference/deployments/readiness.md
+++ b/docs/reference/deployments/readiness.md
@@ -3,7 +3,7 @@
 ---
 title: "Readiness"
 linkTitle: "Readiness"
-weight: 5
+weight: 7
 description:
   Definition of readiness.
 ---
diff --git a/docs/reference/deployments/sops.md b/docs/reference/deployments/sops.md
new file mode 100644
index 000000000..1b29dcf0e
--- /dev/null
+++ b/docs/reference/deployments/sops.md
@@ -0,0 +1,70 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "SOPS Integration"
+linkTitle: "SOPS Integration"
+weight: 5
+description: >
+    How SOPS is integrated into Kluctl
+---
+-->
+
+# SOPS Integration
+
+Kluctl integrates natively with [SOPS](https://github.com/mozilla/sops). Kluctl is able to decrypt all resources
+referenced by [Kustomize](./kustomize.md) deployment items (including [simple deployments](./deployment-yml.md#simple-deployments)).
+In addition, Kluctl will also decrypt all variable sources of the types [file](../templating/variable-sources.md#file)
+and [git](../templating/variable-sources.md#git).
+
+Kluctl assumes that you have setup sops as usual so that it knows how to decrypt these files.
+
+## Only encrypting Secrets's data
+
+To only encrypt the `data` and `stringData` fields of Kubernetes secrets, use a `.sops.yaml` configuration file that
+`encrypted_regex` to filter encrypted fields:
+
+```
+creation_rules:
+  - path_regex: .*.yaml
+    encrypted_regex: ^(data|stringData)$
+```
+
+## Combining templating and SOPS
+
+As an alternative, you can split secret values and the resulting Kubernetes resources into two different places and then
+use templating to use the secret values wherever needed. Example:
+
+Write the following content into `secrets/my-secrets.yaml`:
+
+```yaml
+secrets:
+  mySecret: secret-value
+```
+
+And encrypt it with SOPS:
+
+```shell
+$ sops -e -i secrets/my-secrets.yaml
+```
+
+Add this [variables source](../templating/variable-sources.md) to one of your [deployments](./deployment-yml.md):
+
+```yaml
+vars:
+  - file: secrets/my-secrets.yaml
+
+deployments:
+- ...
+```
+
+Then, in one of your deployment items define the following `Secret`:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-secret
+  namespace: default
+stringData:
+  secret: "{{ secrets.mySecret }}"
+```
diff --git a/docs/reference/deployments/tags.md b/docs/reference/deployments/tags.md
index 6bbfe18f4..b1aa08afe 100644
--- a/docs/reference/deployments/tags.md
+++ b/docs/reference/deployments/tags.md
@@ -3,7 +3,7 @@
 ---
 title: "Tags"
 linkTitle: "Tags"
-weight: 6
+weight: 8
 ---
 -->
 

From 85e0bdc658b1fb0b812ff0c839760d45810135d2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 22:12:13 +0100
Subject: [PATCH 0510/2268] docs: Remove all references to sealed secrets in
 docs

---
 docs/concepts.md                              |  12 +-
 docs/reference/README.md                      |   3 +-
 docs/reference/commands/README.md             |   3 +-
 docs/reference/commands/seal.md               |  45 -----
 docs/reference/deployments/deployment-yml.md  |   8 -
 docs/reference/deployments/helm.md            |   2 +-
 docs/reference/kluctl-project/README.md       |  28 +---
 .../kluctl-project/secrets-config/README.md   |  78 ---------
 .../kluctl-project/targets/README.md          |  38 +----
 .../kluctl-project/targets/dynamic-targets.md |  15 --
 docs/reference/sealed-secrets.md              | 157 ------------------
 .../templating/predefined-variables.md        |   4 -
 docs/reference/templating/variable-sources.md |   6 +-
 13 files changed, 10 insertions(+), 389 deletions(-)
 delete mode 100644 docs/reference/commands/seal.md
 delete mode 100644 docs/reference/kluctl-project/secrets-config/README.md
 delete mode 100644 docs/reference/sealed-secrets.md

diff --git a/docs/concepts.md b/docs/concepts.md
index 2967356fe..ef99583dd 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -12,7 +12,7 @@ weight: 10
 These are some core concepts in Kluctl.
 
 ## Kluctl project
-The kluctl project defines targets and secret sources.
+The kluctl project defines targets.
 It is defined via the [.kluctl.yaml](./reference/kluctl-project) configuration file.
 
 ## Targets
@@ -39,16 +39,6 @@ through a templating engine.
 The [templating engine](./reference/templating) allows simple variable substitution and also complex
 control structures (if/else, for loops, ...).
 
-## Secrets
-Secrets are loaded from [external sources](./reference/kluctl-project) and are only available
-while [sealing](./reference/sealed-secrets.md). After the sealing process, only the public-key encrypted
-sealed secrets are available.
-
-## Sealed Secrets
-[Sealed Secrets](./reference/sealed-secrets.md) are based on
-[Bitnami's sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets). Kluctl offers integration of
-sealed secrets through the `seal` command. Kluctl allows managing multiple sets of sealed secrets for multiple targets.
-
 ## Unified CLI
 The CLI of kluctl is designed to be unified/consistent as much as possible. Most commands are centered around targets
 and thus require you to specify the target name (via `-t <target>`). If you remember how one command works, it's easy
diff --git a/docs/reference/README.md b/docs/reference/README.md
index aec1d2c6b..19695290e 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -13,5 +13,4 @@ weight: 110
 
 1. [.kluctl.yaml](./kluctl-project)
 2. [Deployments](./deployments)
-3. [Sealed Secrets](./sealed-secrets.md)
-4. [Kluctl Commands](./commands)
+3. [Kluctl Commands](./commands)
diff --git a/docs/reference/commands/README.md b/docs/reference/commands/README.md
index 1fe1a1923..8a3683520 100644
--- a/docs/reference/commands/README.md
+++ b/docs/reference/commands/README.md
@@ -32,5 +32,4 @@ Individual commands are documented in sub-sections.
 10. [poke-images](./poke-images.md)
 11. [prune](./prune.md)
 12. [render](./render.md)
-13. [seal](./seal.md)
-14. [validate](./validate.md)
+13. [validate](./validate.md)
diff --git a/docs/reference/commands/seal.md b/docs/reference/commands/seal.md
deleted file mode 100644
index 4ec5fe457..000000000
--- a/docs/reference/commands/seal.md
+++ /dev/null
@@ -1,45 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "seal"
-linkTitle: "seal"
-weight: 10
-description: >
-    seal command
----
--->
-
-## Command
-<!-- BEGIN SECTION "seal" "Usage" false -->
-Usage: kluctl seal [flags]
-
-Seal secrets based on target's sealingConfig
-Loads all secrets from the specified secrets sets from the target's sealingConfig and
-then renders the target, including all files with the '.sealme' extension. Then runs
-kubeseal on each '.sealme' file and stores secrets in the directory specified by
-'--local-sealed-secrets', using the outputPattern from your deployment project.
-
-If no '--target' is specified, sealing is performed for all targets.
-
-<!-- END SECTION -->
-
-See [sealed-secrets](../sealed-secrets.md) for more details.
-
-## Arguments
-The following sets of arguments are available:
-1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
-
-In addition, the following arguments are available:
-<!-- BEGIN SECTION "seal" "Misc arguments" true -->
-```
-Misc arguments:
-  Command specific arguments.
-
-      --cert-file string     Use the given certificate for sealing instead of requesting it from the
-                             sealed-secrets controller
-      --force-reseal         Lets kluctl ignore secret hashes found in already sealed secrets and thus forces
-                             resealing of those.
-      --offline-kubernetes   Run seal in offline mode, meaning that it will not try to connect the target cluster
-
-```
-<!-- END SECTION -->
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index e1aac4061..7a0be122b 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -16,9 +16,6 @@ The `deployment.yaml` file is the entrypoint for the deployment project. Include
 
 An example `deployment.yaml` looks like this:
 ```yaml
-sealedSecrets:
-  outputPattern: "{{ cluster.name }}/{{ args.environment }}"
-
 deployments:
 - path: nginx
 - path: my-app
@@ -34,11 +31,6 @@ args:
 
 The following sub-chapters describe the available fields in the `deployment.yaml`
 
-## sealedSecrets
-`sealedSecrets` configures how sealed secrets are stored while sealing and located while rendering.
-See [Sealed Secrets](../sealed-secrets.md#outputpattern-and-location-of-stored-sealed-secrets)
-for details.
-
 ## deployments
 
 `deployments` is a list of deployment items. Multiple deployment types are supported, which is documented further down.
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 75016f9e8..f0aaf8403 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -25,7 +25,7 @@ hands over the rendered yaml to [kustomize](https://kustomize.io/). Rendering is
 `helm-values.yaml`, which contains the necessary values to configure the Helm Chart.
 
 The resulting rendered yaml is then referred by your `kustomization.yaml`, from which point on the
-[kustomize integration](../sealed-secrets.md#outputpattern-and-location-of-stored-sealed-secrets) 
+[kustomize integration](./kustomize.md) 
 takes over. This means, that you can perform all desired customization (patches, namespace override, ...) as if you
 provided your own resources via yaml files.
 
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 367e23778..f442ee3fb 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -11,10 +11,8 @@ description: >
 
 # Kluctl project
 
-The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines where the actual
-[deployment project](../deployments) is located,
-where [sealed secrets](../sealed-secrets.md) and unencrypted secrets are localed and which targets are available to
-invoke [commands](../commands) on.
+The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines which targets are
+available to invoke [commands](../commands) on.
 
 ## Example
 
@@ -27,37 +25,16 @@ targets:
     context: test.example.com
     args:
       environment_name: dev
-    sealingConfig:
-      secretSets:
-        - non-prod
   # test cluster, test env
   - name: test
     context: test.example.com
     args:
       environment_name: test
-    sealingConfig:
-      secretSets:
-        - non-prod
   # prod cluster, prod env
   - name: prod
     context: prod.example.com
     args:
       environment_name: prod
-    sealingConfig:
-      secretSets:
-        - prod
-
-# This is only required if you actually need sealed secrets
-secretsConfig:
-  secretSets:
-    - name: prod
-      vars:
-        # This file should not be part of version control!
-        - file: .secrets-prod.yaml
-    - name: non-prod
-      vars:
-        # This file should not be part of version control!
-        - file: .secrets-non-prod.yaml
 ```
 
 ## Allowed fields
@@ -65,4 +42,3 @@ secretsConfig:
 Please check the following sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
 
 1. [targets](./targets)
-2. [secretsConfig](./secrets-config)
diff --git a/docs/reference/kluctl-project/secrets-config/README.md b/docs/reference/kluctl-project/secrets-config/README.md
deleted file mode 100644
index 8e1387af2..000000000
--- a/docs/reference/kluctl-project/secrets-config/README.md
+++ /dev/null
@@ -1,78 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "secretsConfig"
-linkTitle: "secretsConfig"
-weight: 4
-description: >
-  Optional, defines where to load secrets from.
----
--->
-
-# secretsConfig
-
-This configures how secrets are retrieved while sealing. It is basically a list of named secret sets which can be
-referenced from targets.
-
-It has the following form:
-```yaml
-...
-secretsConfig:
-  secretSets:
-    - name: <name>
-      vars:
-        - ...
-  sealedSecrets: ...
-...
-```
-
-## secretSets
-
-Each `secretSets` entry has the following fields.
-
-### name
-This field specifies the name of the secret set. The name can be used in targets to refer to this secret set.
-
-### vars
-A list of variables sources. Check the documentation of
-[variables sources](../../templating/variable-sources.md) for details.
-
-Each variables source must have a root dictionary with the name `secrets` and all the actual secret values
-below that dictionary. Every other root key will be ignored.
-
-Example variables file:
-
-```yaml
-secrets:
-  secret: value1
-  nested:
-    secret: value2
-    list:
-      - a
-      - b
-...
-```
-
-## sealedSecrets
-This field specifies the configuration for sealing. It has the following form:
-
-```yaml
-...
-secretsConfig:
-  secretSets: ...
-  sealedSecrets:
-    bootstrap: true
-    namespace: kube-system
-    controllerName: sealed-secrets-controller
-...
-```
-
-### bootstrap
-Controls whether kluctl should bootstrap the initial private key in case the controller is not yet installed on
-the target cluster. Defaults to `true`.
-
-### namespace
-Specifies the namespace where the sealed-secrets controller is installed. Defaults to "kube-system".
-
-### controllerName
-Specifies the name of the sealed-secrets controller. Defaults to "sealed-secrets-controller".
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index a9d0de7a5..74673d86d 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -13,7 +13,7 @@ description: >
 
 Specifies a list of targets for which commands can be invoked. A target puts together environment/target specific
 configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
-configuration (via `args`). Target entries also specifies which secrets to use while [sealing](../../sealed-secrets.md).
+configuration (via `args`).
 
 Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target itself.
 The rendering process is retried 10 times until it finally succeeds, allowing you to reference
@@ -32,9 +32,6 @@ targets:
     images:
       - image: my-image
         resultImage: my-image:1.2.3
-    sealingConfig:
-      secretSets:
-        - <name_of_secrets_set>
 ...
 ```
 
@@ -61,36 +58,3 @@ The format is identical to the [fixed images file](../../deployments/images.md#f
 
 The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
 have higher priority.
-
-## sealingConfig
-This field configures how sealing is performed when the [seal command](../../commands/seal.md) is invoked for this target.
-It has the following form:
-
-```yaml
-targets:
-...
-- name: <target_name>
-  ...
-  sealingConfig:
-    args:
-      arg1: <override_for_arg1>
-    certFile: <path-to-cert-file>
-    dynamicSealing: <true_or_false>
-    secretSets:
-      - <name_of_secrets_set>
-```
-
-### args
-This field allows adding extra arguments to the target args. These are only used while sealing and may override
-arguments which are already configured for the target.
-
-### certFile
-Optional path to a local (inside your project) public certificate used for sealing. Such a certificate can be fetched
-from the sealed-secrets controller using `kubeseal --fetch-cert`.
-
-### dynamicSealing
-This field specifies weather sealing should happen per [dynamic target](./dynamic-targets.md) or only once. This
-field is optional and defaults to `true`.
-
-### secretSets
-This field specifies a list of secret set names, which all must exist in the [secretsConfig](../secrets-config).
diff --git a/docs/reference/kluctl-project/targets/dynamic-targets.md b/docs/reference/kluctl-project/targets/dynamic-targets.md
index 32fa6a1af..6b18cace4 100644
--- a/docs/reference/kluctl-project/targets/dynamic-targets.md
+++ b/docs/reference/kluctl-project/targets/dynamic-targets.md
@@ -35,10 +35,6 @@ targets:
       ref: <ref-name>
       refPattern: <regex-pattern>
       file: <config-file>
-    sealingConfig:
-      dynamicSealing: <false_or_true>
-      secretSets:
-        - <name_of_secrets_set>
 ...
 ```
 
@@ -102,14 +98,3 @@ An optional list of fixed images, in the same format as in the normal [target im
 
 A simplified form of dynamic targets is to store target config inside the same directory/project as the `.kluctl.yaml`.
 This can be done by omitting `project`, `ref` and `refPattern` from `targetConfig` and only specify `file`.
-
-## A note on sealing
-
-When sealing dynamic targets, it is very likely that it is not known yet which dynamic targets will actually exist in
-the future. This requires some special care when sealing secrets for these targets. Sealed secrets are usually namespace
-scoped, which might need to be changed to cluster-wide scoping so that the same sealed secret can be deployed into
-multiple targets (assuming you deploy to different namespaces for each target). When you do this, watch out to not
-compromise security, e.g. by sealing production level secrets with a cluster-wide scope!
-
-It is also very likely required to set `target.sealingConfig.dynamicSealing` to `false`, so that sealing is only performed
-once and not for all dynamic targets.
\ No newline at end of file
diff --git a/docs/reference/sealed-secrets.md b/docs/reference/sealed-secrets.md
deleted file mode 100644
index cfd40a2d1..000000000
--- a/docs/reference/sealed-secrets.md
+++ /dev/null
@@ -1,157 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "Sealed Secrets"
-linkTitle: "Sealed Secrets"
-weight: 2
-description: >
-    Sealed Secrets integration
----
--->
-
-# Sealed Secrets
-
-kluctl has an integration for [sealed secrets](https://github.com/bitnami-labs/sealed-secrets), allowing you to
-securely store secrets for multiple target clusters and/or environments inside version control.
-
-The integration consists of two parts:
-1. Sealing of secrets
-2. Automatically choosing and deploying the correct sealed secrets for a target
-
-## Requirements
-
-The Sealed Secrets integration relies on the [sealed-secrets operator](https://github.com/bitnami-labs/sealed-secrets)
-being installed. Installing the operator is the responsibility of you (or whoever is managing/operating the cluster).
-
-Kluctl can however perform sealing of secrets without an existing sealed-secrets operator installation. This is solved
-by automatically pre-provisioning a key onto the cluster that is compatible with the operator or by providing the
-public certificate via `certFile` in the targets [sealingConfig](./kluctl-project/targets#certfile).
-
-## Sealing of .sealme files
-
-Sealing is done via the [seal command](./commands/seal.md). It must be done before the actual
-deployment is performed.
-
-The `seal` command recursively searches for files that end with `.sealme`, renders them with the
-[templating engine](./templating) engine. The rendered secret resource is then
-converted/encrypted into a sealed secret.
-
-The `.sealme` files itself have to be [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/),
-but without any actual secret data inside. The secret data is referenced via templating variables and is expected to be
-provided only at the time of sealing. This means, that the sensitive secret data must only be in clear text while sealing.
-Afterwards the sealed secrets can be added to version control.
-
-Example file (the name could be for example `db-secrets.yaml.sealme`):
-```yaml
-kind: Secret
-apiVersion: v1
-metadata:
-  name: db-secrets
-  namespace: {{ my.namespace.variable }}
-stringData:
-  DB_URL: {{ secrets.database.url }}
-  DB_USERNAME: {{ secrets.database.username }}
-  DB_PASSWORD: {{ secrets.database.password }}
-```
-
-While sealing, the full templating context (same as in [templating](./templating)) is available.
-Additionally, the global `secrets` object/variable is available which contains the sensitive secrets.
-
-## Secret Sources
-
-Secrets are only loaded while sealing. Available secret sets and sources are configured via
-[.kluctl.yaml](./kluctl-project/secrets-config). The secrets used per target are configured via the
-[secrets config](./kluctl-project/targets#secretsets) of the targets.
-
-## Using sealed secrets
-
-After sealing a secret, it can be used inside kustomize deployments. While deploying, kluctl will look for resources
-included from `kustomization.yaml` which are not existent but for which a file with a `.sealme` extension exists. If such
-a file is found, the appropriate sealed secrets is located based on the
-[outputPattern](#outputpattern-and-location-of-stored-sealed-secrets).
-
-An example `kustomization.yaml`:
-```yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-# please note that we do not specify the .sealme suffix here
-- db-secrets.yaml
-- my-deployments.yaml
-```
-
-## outputPattern and location of stored sealed secrets
-
-It is possible to override the output pattern in the root [deployment project](./deployments).
-The output pattern must be a template string that is rendered with the full
-[templating context](./templating) available for the deployment.yaml.
-
-When manually specifying the outputPattern, ensure that it works well with multiple clusters and targets. You can
-for example use the `{{ target.name }}` and `{{ cluster.name }}` inside the outputPattern.
-
-```yaml
-# deployment.yaml in root directory
-sealedSecrets:
-  outputPattern: "{{ cluster.name }}/{{ target.name }}"
-```
-
-The default outputPattern is simply `{{ target.name }}`, which should work well in most cases.
-
-The final storage location for the sealed secret is:
-
-`<base_dir>/<rendered_output_pattern>/<relative_sealme_file_dir>/<file_name>`
-
-with:
-* `base_dir`: The base directory for sealed secrets, which defaults to to the subdirectory `.sealed-secrets` in the kluctl project root
-  diretory.
-* `rendered_output_pattern`: The rendered outputPattern as described above.
-* `relative_sealme_file_dir`: The relative path from the deployment root directory.
-* `file_name`: The filename of the sealed secret, excluding the `.sealme` extension.
-
-## Content Hashes and re-sealing
-Sealed secrets are stored together with hashes of all individual secret entries. These hashes are then used to avoid
-unnecessary re-sealing in future [seal](./commands/seal.md) invocations. If you want to force re-sealing, use the
-[--force-reseal](./commands/seal.md) option.
-
-Hashing of secrets is done with bcrypt and the cluster id as salt. The cluster id is currently defined as the sha256 hash
-of the cluster CA certificate. This will cause re-sealing of all secrets in case a cluster is set up from scratch
-(which causes key from the sealed secrets operator to get wiped as well).
-
-## Clusters and namespaces
-Sealed secrets are usually only decryptable by one cluster, simply because each cluster has its own set of randomly
-generated public/private key pairs. This means, that a secret that was sealed for your production cluster can't be
-unsealed on your test cluster.
-
-In addition, sealed secrets can be bound to a single namespace, making them undecryptable for any other namespace.
-To limit a sealed secret to a namespace, simply fill the `metadata.namespace` field of the input secret (which is in
-the `.sealme` file). This way, the sealed secret can only be deployed to a single namespace.
-
-You can also use [Scopes](https://github.com/bitnami-labs/sealed-secrets#scopes) to lift/limit restrictions.
-
-## Using reflectors/replicators
-In case a sealed secrets needs to be deployed to more than one namespace, some form of replication must be used. You'd
-then seal the secret for a single namespace and use a reflection/replication controller to reflect the unsealed secret
-into one or multiple other namespaces. Example controllers that can accomplish this are the
-[Mittwald kubernetes-reflector](https://github.com/mittwald/kubernetes-replicator) and the
-[Emberstack Kubernetes Reflector](https://github.com/emberstack/kubernetes-reflector).
-
-Consider the following example (using the Mittwald replicator):
-```yaml
-kind: Secret
-apiVersion: v1
-metadata:
-  name: db-secrets
-  namespace: {{ my.namespace.variable }}
-  annotations:
-    replicator.v1.mittwald.de/replicate-to: '{{ my.namespace.variable }}-.*'
-stringData:
-  DB_URL: {{ secrets.database.url }}
-  DB_USERNAME: {{ secrets.database.username }}
-  DB_PASSWORD: {{ secrets.database.password }}
-```
-
-The above example would cause automatic replication into every namespace that matches the replicate-to pattern.
-
-Please watch out for security implications. In the above example, everyone who has the right to create a namespace that
-matches the pattern will get access to the secret.
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
index 951226f57..a547e1d86 100644
--- a/docs/reference/templating/predefined-variables.md
+++ b/docs/reference/templating/predefined-variables.md
@@ -26,7 +26,3 @@ This global object provides the dynamic images features described in [images](..
 
 ### version
 This global object defines latest version filters for `images.get_image(...)`. See [images](../deployments/images.md) for details.
-
-### secrets
-This global object is only available while [sealing](../sealed-secrets.md) and contains the loaded
-secrets defined via the currently sealed target.
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 2941e532b..ad6ad30c2 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -159,8 +159,8 @@ Kluctl currently supports BASIC and NTLM authentication. It will prompt for cred
 
 ### awsSecretsManager
 [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) integration. Loads a variables YAML from an AWS Secrets
-Manager secret. The secret can either be specified via an ARN or via a secretName and region combination. An AWS
-config profile can also be specified (which must exist while sealing).
+Manager secret. The secret can either be specified via an ARN or via a secretName and region combination. An existing AWS
+config profile can also be specified.
 
 The secrets stored in AWS Secrets manager must contain a valid yaml or json file.
 
@@ -198,7 +198,7 @@ vars:
       path: secret/data/simple
 ```
 
-Before deploying or sealing please make sure that you have access to vault. You can do this for example by setting 
+Before deploying please make sure that you have access to vault. You can do this for example by setting 
 the environment variable `VAULT_TOKEN`.
 
 ### systemEnvVars

From 3e885a1e4e566d49e21baac6a4650cb8c7af8afe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Nov 2022 22:17:15 +0100
Subject: [PATCH 0511/2268] feat: Deprecate the SealedSecrets integration

---
 pkg/kluctl_project/project_load.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 29ea9e871..c4a2b20b9 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -60,6 +60,19 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 
 	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
 
+	sealedSecretsUsed := false
+	if c.Config.SecretsConfig != nil {
+		sealedSecretsUsed = true
+	}
+	for _, t := range c.Config.Targets {
+		if t.SealingConfig != nil {
+			sealedSecretsUsed = true
+		}
+	}
+	if sealedSecretsUsed {
+		status.Deprecation(c.ctx, "sealed-secrets", "The SealedSecrets integration is deprecated and will be completely removed in an upcoming version. Please switch to using the SOPS integration instead.")
+	}
+
 	s.Success()
 
 	return nil

From 86a7a4cb9e91d622f047f74466b1ae864e503ed9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 13:37:48 +0100
Subject: [PATCH 0512/2268] fix: Upgrade github.com/xanzy/ssh-agent to current
 master to fix crash

See https://github.com/xanzy/ssh-agent/pull/11
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b422ea1b5..ba6357db2 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	github.com/spf13/viper v1.13.0
 	github.com/stretchr/testify v1.8.0
 	github.com/whilp/git-urls v1.0.0
-	github.com/xanzy/ssh-agent v0.3.2
+	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
 	golang.org/x/crypto v0.1.0
 	golang.org/x/net v0.1.0
 	golang.org/x/sync v0.1.0
diff --git a/go.sum b/go.sum
index 7e295f7f2..7698848d5 100644
--- a/go.sum
+++ b/go.sum
@@ -767,8 +767,8 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6Ac
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
-github.com/xanzy/ssh-agent v0.3.2 h1:eKj4SX2Fe7mui28ZgnFW5fmTz1EIr7ugo5s6wDxdHBM=
-github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4 h1:3kHD8uZqiYes9JHdd3FzuyUbG10g9Bp9EOfqkSHIhg4=
+github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=

From 12a50d0c29ec28444864c86fbeef0996f59fb79e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 13:57:59 +0100
Subject: [PATCH 0513/2268] fix: Fix clearing of multiline status lines

---
 pkg/status/multiline/multiline.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/status/multiline/multiline.go b/pkg/status/multiline/multiline.go
index 399942828..8d1153b9e 100644
--- a/pkg/status/multiline/multiline.go
+++ b/pkg/status/multiline/multiline.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/mattn/go-runewidth"
 	"io"
+	"strings"
 	"sync"
 	"time"
 )
@@ -72,7 +73,9 @@ func (ml *MultiLinePrinter) Flush() {
 	// Count the number of lines that need to be cleared. We need to take wrapping into account as well
 	prevTotalLines := 0
 	for _, line := range ml.prevLines {
-		prevTotalLines += ml.countConsoleLines(line, tw)
+		for _, sl := range strings.Split(line, "\n") {
+			prevTotalLines += ml.countWrappedLines(sl, tw)
+		}
 	}
 	if prevTotalLines > 0 {
 		ml.clearLines(prevTotalLines)
@@ -93,7 +96,7 @@ func (ml *MultiLinePrinter) Flush() {
 	}
 }
 
-func (ml *MultiLinePrinter) countConsoleLines(s string, tw int) int {
+func (ml *MultiLinePrinter) countWrappedLines(s string, tw int) int {
 	s = stripansi.Strip(s)
 	w := runewidth.StringWidth(s)
 	cnt := 1

From bb421eb47ad24448b2ccc17c17093b2936e1238c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 14:08:31 +0100
Subject: [PATCH 0514/2268] ci: Add dependabot support

---
 .github/dependabot.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..4143be270
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"

From 4ae9a5ee63cc9cc733a3276cbc27dc9dc2032ce2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:25:28 +0000
Subject: [PATCH 0515/2268] chore(deps): Bump actions/setup-go from 2 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 .github/workflows/tests.yml   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bc3074b45..5d1e4aed2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Fetch all tags
         run: git fetch --force --tags
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: 1.19
       - name: Setup QEMU
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index faa1a4ee5..771c00cc2 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: '1.19'
       - uses: actions/cache@v2
@@ -47,7 +47,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: '1.19'
       - uses: actions/cache@v2
@@ -84,7 +84,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: '1.19'
       - uses: actions/cache@v2

From 73eca1f83f627d466679d272d75260e5b5e3cdeb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:25:33 +0000
Subject: [PATCH 0516/2268] chore(deps): Bump docker/setup-qemu-action from 1
 to 2

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bc3074b45..af7579d5e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
         with:
           go-version: 1.19
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v1

From 39273d96af5e36c328b1539425b4e0ac82033cef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:25:42 +0000
Subject: [PATCH 0517/2268] chore(deps): Bump docker/login-action from 1 to 2

Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bc3074b45..9727d90dd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: kluctlbot

From 0694d18a7b3fbb17f8f62b028fa378576335e15e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:25:47 +0000
Subject: [PATCH 0518/2268] chore(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 .github/workflows/tests.yml   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bc3074b45..70dff0a0c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
           registry: ghcr.io
           username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index faa1a4ee5..0a019bae9 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '1.19'
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -50,7 +50,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '1.19'
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -87,7 +87,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '1.19'
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod

From 0f2c257b591789ab8d843718862fc9b48544e638 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:25:56 +0000
Subject: [PATCH 0519/2268] chore(deps): Bump docker/setup-buildx-action from 1
 to 2

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bc3074b45..f23bc8f45 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
         uses: docker/setup-qemu-action@v1
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry

From 305e3fd2e4372a5c2ffbe25669ff12de886a0436 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:27:48 +0000
Subject: [PATCH 0520/2268] chore(deps): Bump
 github.com/google/go-containerregistry

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ebdc3b552..1f37560d5 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
-	github.com/google/go-containerregistry v0.12.0
+	github.com/google/go-containerregistry v0.12.1
 	github.com/hashicorp/vault/api v1.8.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
diff --git a/go.sum b/go.sum
index 9437e853f..176a61dc2 100644
--- a/go.sum
+++ b/go.sum
@@ -398,8 +398,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.12.0 h1:nidOEtFYlgPCRqxCKj/4c/js940HVWplCWc5ftdfdUA=
-github.com/google/go-containerregistry v0.12.0/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
+github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8=
+github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 4c21f14d7257186b9c8163c837731db338e87393 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:27:52 +0000
Subject: [PATCH 0521/2268] chore(deps): Bump golang.org/x/sys from 0.1.0 to
 0.2.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ebdc3b552..af0f017b4 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	golang.org/x/crypto v0.1.0
 	golang.org/x/net v0.1.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.1.0
+	golang.org/x/sys v0.2.0
 	golang.org/x/term v0.1.0
 	golang.org/x/text v0.4.0
 	gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index 9437e853f..ae46d1cbe 100644
--- a/go.sum
+++ b/go.sum
@@ -1122,8 +1122,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 59393c0b195409643682e5056ecad3c90292e697 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:27:57 +0000
Subject: [PATCH 0522/2268] chore(deps): Bump github.com/spf13/viper from
 1.13.0 to 1.14.0

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  13 +++--
 go.sum | 176 ++++++---------------------------------------------------
 2 files changed, 25 insertions(+), 164 deletions(-)

diff --git a/go.mod b/go.mod
index ebdc3b552..dba0c8c73 100644
--- a/go.mod
+++ b/go.mod
@@ -34,8 +34,8 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.13.0
-	github.com/stretchr/testify v1.8.0
+	github.com/spf13/viper v1.14.0
+	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
 	golang.org/x/crypto v0.1.0
@@ -64,7 +64,8 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.10.0 // indirect
+	cloud.google.com/go/compute v1.12.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.1 // indirect
 	filippo.io/age v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
@@ -130,8 +131,8 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.4.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.6.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
@@ -221,7 +222,7 @@ require (
 	golang.org/x/time v0.1.0 // indirect
 	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/api v0.96.0 // indirect
+	google.golang.org/api v0.102.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
 	google.golang.org/grpc v1.50.1 // indirect
diff --git a/go.sum b/go.sum
index 9437e853f..5ef390e2b 100644
--- a/go.sum
+++ b/go.sum
@@ -20,34 +20,19 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
-cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
-cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
-cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
-cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
-cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
-cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
-cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
-cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
-cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
-cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
-cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
-cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
-cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
-cloud.google.com/go/compute v1.10.0 h1:aoLIYaA1fX3ywihqpBk2APQKOo20nXsp1GEZQbx5Jk4=
-cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
+cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0=
+cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
+cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48=
+cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -58,7 +43,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
 filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
@@ -187,12 +171,8 @@ github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
 github.com/containerd/containerd v1.6.9 h1:IN/r8DUes/B5lEGTNfIiUkfZBtIQJGx2ai703dV6lRA=
 github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ=
@@ -245,7 +225,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -353,7 +332,6 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -372,7 +350,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -393,9 +370,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.12.0 h1:nidOEtFYlgPCRqxCKj/4c/js940HVWplCWc5ftdfdUA=
@@ -406,7 +380,6 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -419,9 +392,6 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
@@ -429,18 +399,12 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
-github.com/googleapis/enterprise-certificate-proxy v0.1.0 h1:zO8WHNx/MYiAKJ3d5spxZXZE6KHmIQGQcAzwUzV7qQw=
-github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
+github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs=
+github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
-github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
-github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
-github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk=
-github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
-github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/googleapis/gax-go/v2 v2.6.0 h1:SXk3ABtQYDT/OH8jAyvEOQ58mgawq5C4o/4/89qN2ZU=
+github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -809,13 +773,14 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU=
-github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
+github.com/spf13/viper v1.14.0 h1:Rg7d3Lo706X9tHsJMUjdiwMpHB7W8WnSVOssIY+JElU=
+github.com/spf13/viper v1.14.0/go.mod h1:WT//axPky3FdvXHzGw33dNdXXXfFQqmEalje+egj8As=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -824,8 +789,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
@@ -880,8 +846,8 @@ go.starlark.net v0.0.0-20221020143700-22309ac47eac/go.mod h1:kIVgS18CjmEC3PqMd5k
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -983,18 +949,11 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1010,15 +969,7 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1032,7 +983,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1092,34 +1042,19 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
@@ -1197,11 +1132,7 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
@@ -1209,10 +1140,7 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
-golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
 gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
 gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -1237,26 +1165,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
-google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
-google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
-google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
-google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
-google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
-google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
-google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
-google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
-google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
-google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
-google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
-google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
-google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
-google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
-google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
-google.golang.org/api v0.96.0 h1:F60cuQPJq7K7FzsxMYHAUJSiXh2oKctHxBMbDygxhfM=
-google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
+google.golang.org/api v0.102.0 h1:JxJl2qQ85fRMPNvlZY/enexbxpCjLwGhZUtgfGeQ51I=
+google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1306,47 +1216,9 @@ google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
-google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
-google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
-google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
-google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
-google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
-google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
-google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
-google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
-google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
-google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU=
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1368,22 +1240,11 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1397,7 +1258,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=

From ec0e194db10f0ac5c73e39aaf26e9fa779657005 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Nov 2022 13:28:15 +0000
Subject: [PATCH 0523/2268] chore(deps): Bump helm.sh/helm/v3 from 3.10.1 to
 3.10.2

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.10.1 to 3.10.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.10.1...v3.10.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ebdc3b552..d79225173 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	golang.org/x/text v0.4.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.10.1
+	helm.sh/helm/v3 v3.10.2
 	k8s.io/api v0.25.3
 	k8s.io/apiextensions-apiserver v0.25.3
 	k8s.io/apimachinery v0.25.3
diff --git a/go.sum b/go.sum
index 9437e853f..489310b1e 100644
--- a/go.sum
+++ b/go.sum
@@ -1438,8 +1438,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-helm.sh/helm/v3 v3.10.1 h1:uTnNlYx8QcTSNA4ZJ50Llwife4CSohUY4ehumyVf2QE=
-helm.sh/helm/v3 v3.10.1/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
+helm.sh/helm/v3 v3.10.2 h1:2PmN9NgmqTn5pswfL5Kh2LxOKjkmh0hxKLe6/J0yUY4=
+helm.sh/helm/v3 v3.10.2/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From bedc8a32cae08b487ba468875b0d18c8870dd09a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 14:33:08 +0100
Subject: [PATCH 0524/2268] feat: Move args definitions into .kluctl.yaml and
 deprecate args in deployment.yaml

---
 e2e/args_test.go                     | 54 ++++++++++++++++++----------
 pkg/deployment/external_args.go      | 18 +++++++---
 pkg/kluctl_project/target_context.go | 11 +++++-
 pkg/types/deployment.go              |  5 ---
 pkg/types/kluctl_project.go          | 10 ++++--
 5 files changed, 67 insertions(+), 31 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 41c28870b..f20bc88b9 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 )
 
-func TestArgs(t *testing.T) {
+func testArgs(t *testing.T, deprecated bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -19,24 +19,34 @@ func TestArgs(t *testing.T) {
 
 	p.updateTarget("test", func(target *uo.UnstructuredObject) {
 	})
-	p.updateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField([]any{
-			map[string]any{
-				"name": "a",
-			},
-			map[string]any{
-				"name":    "b",
-				"default": "default",
-			},
-			map[string]any{
-				"name": "d",
-				"default": map[string]any{
-					"nested": "default",
-				},
+
+	args := []any{
+		map[string]any{
+			"name": "a",
+		},
+		map[string]any{
+			"name":    "b",
+			"default": "default",
+		},
+		map[string]any{
+			"name": "d",
+			"default": map[string]any{
+				"nested": "default",
 			},
-		}, "args")
-		return nil
-	})
+		},
+	}
+
+	if deprecated {
+		p.updateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField(args, "args")
+			return nil
+		})
+	} else {
+		p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField(args, "args")
+			return nil
+		})
+	}
 
 	addConfigMapDeployment(p, "cm", map[string]string{
 		"a": `{{ args.a | default("na") }}`,
@@ -109,6 +119,14 @@ d:
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d4"}}`, "data", "d")
 }
 
+func TestDeprecatedArgs(t *testing.T) {
+	testArgs(t, true)
+}
+
+func TestArgs(t *testing.T) {
+	testArgs(t, false)
+}
+
 func TestArgsFromEnv(t *testing.T) {
 	t.Setenv("KLUCTL_ARG", "a=a")
 	t.Setenv("KLUCTL_ARG_1", "b=b")
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 365342560..53e6eaf70 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -1,7 +1,9 @@
 package deployment
 
 import (
+	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
@@ -56,7 +58,7 @@ func ConvertArgsToVars(args map[string]string, allowLoadFromFiles bool) (*uo.Uns
 	return vars, nil
 }
 
-func LoadDeploymentArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) error {
+func LoadDeprecatedDeploymentArgs(ctx context.Context, dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) (bool, error) {
 	// First try to load the config without templating to avoid getting errors while rendering because required
 	// args were not set. Otherwise we won't be able to iterator through the 'args' array in the deployment.yml
 	// when the rendering error is actually args related.
@@ -72,17 +74,23 @@ func LoadDeploymentArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.Unstru
 		varsCtx2.UpdateChild("args", deployArgs)
 		err = varsCtx2.RenderYamlFile(yaml.FixNameExt(dir, "deployment.yml"), []string{dir}, &conf)
 		if err != nil {
-			return err
+			return false, err
 		}
 	}
 
 	if len(conf.Args) == 0 {
-		return nil
+		return false, nil
 	}
 
+	status.Deprecation(ctx, "deployment-args", "'args' in deployment.yaml is deprecated, please use 'args' from .kluctl.yaml instead.")
+
+	return true, LoadDefaultArgs(conf.Args, deployArgs)
+}
+
+func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObject) error {
 	// load defaults
 	defaults := uo.New()
-	for _, a := range conf.Args {
+	for _, a := range args {
 		if a.Default != nil {
 			a2 := uo.FromMap(map[string]interface{}{
 				a.Name: a.Default,
@@ -93,7 +101,7 @@ func LoadDeploymentArgs(dir string, varsCtx *vars.VarsCtx, deployArgs *uo.Unstru
 	defaults.Merge(deployArgs)
 	*deployArgs = *defaults
 
-	err = checkRequiredArgs(conf.Args, deployArgs)
+	err := checkRequiredArgs(args, deployArgs)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 246762e92..3a47c0642 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -177,7 +177,16 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 		}
 	}
 
-	err = deployment.LoadDeploymentArgs(p.ProjectDir, varsCtx, allArgs)
+	deprecatedArgs, err := deployment.LoadDeprecatedDeploymentArgs(p.ctx, p.ProjectDir, varsCtx, allArgs)
+	if err != nil {
+		return nil, err
+	}
+
+	if deprecatedArgs && len(p.Config.Args) != 0 {
+		return nil, fmt.Errorf("mixing deprecated 'args' from deployment.yaml and .kluctl.yaml is not allowed")
+	}
+
+	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index d331457f2..eee074fda 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -53,11 +53,6 @@ func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	}
 }
 
-type DeploymentArg struct {
-	Name    string      `yaml:"name" validate:"required"`
-	Default interface{} `yaml:"default,omitempty"`
-}
-
 type SealedSecretsConfig struct {
 	OutputPattern *string `yaml:"outputPattern,omitempty"`
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index b1e7e5f68..0266fa1a0 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -41,6 +41,11 @@ type DynamicTarget struct {
 	BaseTargetName string  `yaml:"baseTargetName"`
 }
 
+type DeploymentArg struct {
+	Name    string      `yaml:"name" validate:"required"`
+	Default interface{} `yaml:"default,omitempty"`
+}
+
 type SecretSet struct {
 	Name string        `yaml:"name" validate:"required"`
 	Vars []*VarsSource `yaml:"vars,omitempty"`
@@ -58,6 +63,7 @@ type SecretsConfig struct {
 }
 
 type KluctlProject struct {
-	Targets       []*Target      `yaml:"targets,omitempty"`
-	SecretsConfig *SecretsConfig `yaml:"secretsConfig,omitempty"`
+	Targets       []*Target        `yaml:"targets,omitempty"`
+	Args          []*DeploymentArg `yaml:"args,omitempty"`
+	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
 }

From 941f90e93a8398fc9f4b0acddce2c80e7cf1c455 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 15:01:46 +0100
Subject: [PATCH 0525/2268] feat: Allow to run kluctl on simple kustomize
 deployments

---
 pkg/deployment/deployment_project.go | 22 +++++++++++++++++++---
 pkg/deployment/external_args.go      |  4 ++++
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 04a06dac7..a0bb80952 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -70,10 +70,15 @@ func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*type
 func (p *DeploymentProject) loadConfig() error {
 	configPath := filepath.Join(p.absDir, "deployment.yml")
 	if !yaml.Exists(configPath) {
-		if yaml.Exists(filepath.Join(p.absDir, "kustomization.yml")) {
+		if p.parentProject == nil {
+			// the root project is allowed to not have a deployment.yaml
+			// in that case, it is treated as a simple deployment with a single deployment item pointing to "."
+			return p.generateSingleKustomizeProject()
+		} else if yaml.Exists(filepath.Join(p.absDir, "kustomization.yml")) {
 			return fmt.Errorf("deployment.yml not found but folder %s contains a kustomization.yml", p.absDir)
+		} else {
+			return fmt.Errorf("%s not found", configPath)
 		}
-		return fmt.Errorf("%s not found", configPath)
 	}
 	configPath = yaml.FixPathExt(configPath)
 
@@ -82,7 +87,18 @@ func (p *DeploymentProject) loadConfig() error {
 		return fmt.Errorf("failed to load deployment.yml: %w", err)
 	}
 
-	err = p.loadVarsList(p.VarsCtx, p.Config.Vars)
+	return p.processConfig()
+}
+
+func (p *DeploymentProject) generateSingleKustomizeProject() error {
+	p.Config.Deployments = append(p.Config.Deployments, &types.DeploymentItemConfig{
+		Path: utils.StrPtr("."),
+	})
+	return nil
+}
+
+func (p *DeploymentProject) processConfig() error {
+	err := p.loadVarsList(p.VarsCtx, p.Config.Vars)
 	if err != nil {
 		return fmt.Errorf("failed to load deployment.yml vars: %w", err)
 	}
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 53e6eaf70..c7f0aefcc 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -63,6 +63,10 @@ func LoadDeprecatedDeploymentArgs(ctx context.Context, dir string, varsCtx *vars
 	// args were not set. Otherwise we won't be able to iterator through the 'args' array in the deployment.yml
 	// when the rendering error is actually args related.
 
+	if !yaml.Exists(filepath.Join(dir, "deployment.yml")) {
+		return false, nil
+	}
+
 	var conf types.DeploymentProjectConfig
 
 	err := yaml.ReadYamlFile(yaml.FixPathExt(filepath.Join(dir, "deployment.yml")), &conf)

From 8c5c0e732b3455bf85e8c0186ac2386c081e4658 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 15:19:13 +0100
Subject: [PATCH 0526/2268] refactor: Remove mutex that is not really needed in
 RemoteObjectUtils

---
 pkg/deployment/utils/remote_objects_utils.go | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 442acb1a6..e61cff4f6 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sync"
 )
 
 type RemoteObjectUtils struct {
@@ -16,7 +15,6 @@ type RemoteObjectUtils struct {
 	dew              *DeploymentErrorsAndWarnings
 	remoteObjects    map[k8s2.ObjectRef]*uo.UnstructuredObject
 	remoteNamespaces map[string]*uo.UnstructuredObject
-	mutex            sync.Mutex
 }
 
 func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
@@ -44,7 +42,6 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		return err
 	}
 
-	u.mutex.Lock()
 	for _, o := range allObjects {
 		u.remoteObjects[o.GetK8sRef()] = o
 	}
@@ -59,7 +56,6 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 			}
 		}
 	}
-	u.mutex.Unlock()
 
 	if len(notFoundRefsList) != 0 {
 		s.UpdateAndInfoFallback("Getting %d additional remote objects", len(notFoundRefsList))
@@ -70,11 +66,9 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		if err != nil {
 			return err
 		}
-		u.mutex.Lock()
 		for _, o := range r {
 			u.remoteObjects[o.GetK8sRef()] = o
 		}
-		u.mutex.Unlock()
 	}
 
 	s.UpdateAndInfoFallback("Getting namespaces")
@@ -96,31 +90,22 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 }
 
 func (u *RemoteObjectUtils) GetRemoteObject(ref k8s2.ObjectRef) *uo.UnstructuredObject {
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
 	o, _ := u.remoteObjects[ref]
 	return o
 }
 
 func (u *RemoteObjectUtils) GetRemoteNamespace(name string) *uo.UnstructuredObject {
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
 	o, _ := u.remoteNamespaces[name]
 	return o
 }
 
 func (u *RemoteObjectUtils) ForgetRemoteObject(ref k8s2.ObjectRef) {
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
 	delete(u.remoteObjects, ref)
 }
 
 func (u *RemoteObjectUtils) GetFilteredRemoteObjects(inclusion *utils.Inclusion) []*uo.UnstructuredObject {
 	var ret []*uo.UnstructuredObject
 
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
-
 	for _, o := range u.remoteObjects {
 		iv := u.getInclusionEntries(o)
 		if inclusion.CheckIncluded(iv, false) {

From d6aee5b1d63dcd75370c009b9023e862c589f1d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 15:21:27 +0100
Subject: [PATCH 0527/2268] feat: Allow deployments without commonLabels

But forbid deletes.
---
 e2e/no_target_test.go                        | 26 +++++++++++++++++---
 pkg/deployment/commands/delete.go            |  5 ++++
 pkg/deployment/deployment_project.go         |  4 ---
 pkg/deployment/utils/remote_objects_utils.go | 21 ++++++++--------
 4 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 7c2f74f61..7e3083cee 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -2,10 +2,12 @@ package e2e
 
 import (
 	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
 	"testing"
 )
 
-func prepareNoTargetTest(t *testing.T, name string) *testProject {
+func prepareNoTargetTest(t *testing.T, name string, withDeploymentYaml bool) *testProject {
 	p := &testProject{}
 	p.init(t, defaultCluster1, name)
 	p.mergeKubeconfig(defaultCluster2)
@@ -13,7 +15,7 @@ func prepareNoTargetTest(t *testing.T, name string) *testProject {
 	createNamespace(t, defaultCluster1, p.projectName)
 	createNamespace(t, defaultCluster2, p.projectName)
 
-	addConfigMapDeployment(p, "cm", map[string]string{
+	cm := createConfigMapObject(map[string]string{
 		"targetName":    `{{ target.name }}`,
 		"targetContext": `{{ target.context }}`,
 	}, resourceOpts{
@@ -21,13 +23,21 @@ func prepareNoTargetTest(t *testing.T, name string) *testProject {
 		namespace: p.projectName,
 	})
 
+	if withDeploymentYaml {
+		p.addKustomizeDeployment("cm", []kustomizeResource{{name: "cm.yaml", content: cm}}, nil)
+	} else {
+		p.addKustomizeResources("", []kustomizeResource{{name: "cm.yaml", content: cm}})
+		err := os.Remove(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "deployment.yml"))
+		assert.NoError(t, err)
+	}
+
 	return p
 }
 
-func TestNoTarget(t *testing.T) {
+func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 	t.Parallel()
 
-	p := prepareNoTargetTest(t, "no-target")
+	p := prepareNoTargetTest(t, "no-target", withDeploymentYaml)
 
 	p.KluctlMust("deploy", "--yes")
 	cm := assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
@@ -51,3 +61,11 @@ func TestNoTarget(t *testing.T) {
 		"targetContext": defaultCluster2.Context,
 	}, cm.Object["data"])
 }
+
+func TestNoTarget(t *testing.T) {
+	testNoTarget(t, true)
+}
+
+func TestNoTargetNoDeployment(t *testing.T) {
+	testNoTarget(t, false)
+}
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index d4cb32fd8..e32ae759f 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -32,6 +33,10 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Ob
 		labels = cmd.c.Project.GetCommonLabels()
 	}
 
+	if len(labels) == 0 {
+		return nil, fmt.Errorf("deletion without using commonLabels in the root deployment.yaml is not allowed")
+	}
+
 	var inclusion *utils.Inclusion
 	if cmd.c != nil {
 		inclusion = cmd.c.Inclusion
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index a0bb80952..9f3909ab7 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -121,10 +121,6 @@ func (p *DeploymentProject) processConfig() error {
 		return err
 	}
 
-	if len(p.GetCommonLabels()) == 0 {
-		return fmt.Errorf("no commonLabels in root deployment. This is not allowed")
-	}
-
 	if len(p.Config.Args) != 0 && p.parentProject != nil {
 		return fmt.Errorf("only the root deployment.yml can define args")
 	}
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index e61cff4f6..520a786a0 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -34,16 +34,17 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 	s := status.Start(u.ctx, "Getting remote objects by commonLabels")
 	defer s.Failed()
 
-	allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels)
-	for gvk, aw := range apiWarnings {
-		u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, aw)
-	}
-	if err != nil {
-		return err
-	}
-
-	for _, o := range allObjects {
-		u.remoteObjects[o.GetK8sRef()] = o
+	if len(labels) != 0 {
+		allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels)
+		for gvk, aw := range apiWarnings {
+			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, aw)
+		}
+		if err != nil {
+			return err
+		}
+		for _, o := range allObjects {
+			u.remoteObjects[o.GetK8sRef()] = o
+		}
 	}
 
 	notFoundRefsMap := make(map[k8s2.ObjectRef]bool)

From 6d34cf7b25b1056a44ab20e2162852a796f6efd6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 15:40:29 +0100
Subject: [PATCH 0528/2268] fix: Ignore .git folders by default

---
 pkg/deployment/deployment_item.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index d42afe526..69cdb586f 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -123,6 +123,8 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	}
 
 	var excludePatterns []string
+	excludePatterns = append(excludePatterns, "**/.git")
+
 	if len(di.Project.Config.TemplateExcludes) != 0 {
 		status.Deprecation(di.ctx.Ctx, "template-excludes", "'templateExcludes' are deprecated, use .templateignore files instead.")
 	}

From 12595b79fa4e66101706245bc752e133bd7e17b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 16:09:47 +0100
Subject: [PATCH 0529/2268] tests: Automate namespace uses in tests

---
 e2e/args_test.go             | 38 ++++++++++-----------
 e2e/contexts_test.go         | 54 ++++++++++++++---------------
 e2e/deployment_items_test.go | 30 ++++++++--------
 e2e/flux_test.go             |  2 +-
 e2e/hooks_test.go            | 16 ++++-----
 e2e/inclusion_test.go        | 44 ++++++++++++------------
 e2e/no_target_test.go        | 20 +++++------
 e2e/project.go               | 20 ++++++-----
 e2e/seal_test.go             | 66 ++++++++++++++++--------------------
 e2e/sops_test.go             | 16 ++++-----
 10 files changed, 150 insertions(+), 156 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index f20bc88b9..05e38fe97 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -13,9 +13,9 @@ func testArgs(t *testing.T, deprecated bool) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "args")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", func(target *uo.UnstructuredObject) {
 	})
@@ -55,36 +55,36 @@ func testArgs(t *testing.T, deprecated bool) {
 		"d": "{{ args.d | to_json }}",
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
-	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d2"}`, "data", "d")
 
 	tmpFile, err := os.CreateTemp("", "")
@@ -98,7 +98,7 @@ nested:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d3"}}`, "data", "d")
 
 	_ = tmpFile.Truncate(0)
@@ -112,7 +112,7 @@ d:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a2", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
@@ -137,9 +137,9 @@ func TestArgsFromEnv(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "args-from-envs")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", func(target *uo.UnstructuredObject) {
 	})
@@ -152,11 +152,11 @@ func TestArgsFromEnv(t *testing.T) {
 		"e": `{{ args.e }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "c"}}`, "data", "c")
@@ -171,9 +171,9 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "args-from-envs-and-cli")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", func(target *uo.UnstructuredObject) {
 	})
@@ -184,18 +184,18 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 		"c": `{{ args.c }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b")
-	cm := k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 
 	// make sure the CLI overrides values from env
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b", "-a", "c=c2")
-	cm = k.MustGetCoreV1(t, "configmaps", p.projectName, "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 29fa1d133..a6e2a0898 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -6,17 +6,17 @@ import (
 	"testing"
 )
 
-func prepareContextTest(t *testing.T, name string) *testProject {
+func prepareContextTest(t *testing.T) *testProject {
 	p := &testProject{}
-	p.init(t, defaultCluster1, name)
+	p.init(t, defaultCluster1)
 	p.mergeKubeconfig(defaultCluster2)
 
-	createNamespace(t, defaultCluster1, p.projectName)
-	createNamespace(t, defaultCluster2, p.projectName)
+	createNamespace(t, defaultCluster1, p.testSlug())
+	createNamespace(t, defaultCluster2, p.testSlug())
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 
 	return p
@@ -25,56 +25,56 @@ func prepareContextTest(t *testing.T, name string) *testProject {
 func TestContextCurrent(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-current")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		// no context set, assume the current one is used
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 
 	p.updateMergedKubeconfig(func(config *api.Config) {
 		config.CurrentContext = defaultCluster2.Context
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
 }
 
 func TestContext1(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-1")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 }
 
 func TestContext2(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-2")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster1, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster1, p.testSlug(), "cm")
 }
 
 func TestContext1And2(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-1-and-2")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
@@ -84,47 +84,47 @@ func TestContext1And2(t *testing.T) {
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test2")
-	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
 }
 
 func TestContextSwitch(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-switch")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
 }
 
 func TestContextOverride(t *testing.T) {
 	t.Parallel()
 
-	p := prepareContextTest(t, "context-override")
+	p := prepareContextTest(t)
 
 	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
-	assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
 }
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index c1a8ffe8e..a9fa3c5b6 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -11,27 +11,27 @@ func TestKustomize(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "di-kustomize")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.projectName, "cm")
+	assertConfigMapExists(t, k, p.testSlug(), "cm")
 
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
 		name:      "cm2",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
-	assertConfigMapNotExists(t, k, p.projectName, "cm2")
+	assertConfigMapNotExists(t, k, p.testSlug(), "cm2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.projectName, "cm2")
+	assertConfigMapExists(t, k, p.testSlug(), "cm2")
 }
 
 func TestGeneratedKustomize(t *testing.T) {
@@ -40,9 +40,9 @@ func TestGeneratedKustomize(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "di-generated-kustomize")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", nil)
 
@@ -57,27 +57,27 @@ func TestGeneratedKustomize(t *testing.T) {
 	p.updateYaml("generated-kustomize/cm1.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm1",
-			namespace: p.projectName,
+			namespace: p.testSlug(),
 		})
 		return nil
 	}, "")
 	p.updateYaml("generated-kustomize/cm2.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm2",
-			namespace: p.projectName,
+			namespace: p.testSlug(),
 		})
 		return nil
 	}, "")
 	p.updateYaml("generated-kustomize/cm3._yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm3",
-			namespace: p.projectName,
+			namespace: p.testSlug(),
 		})
 		return nil
 	}, "")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.projectName, "cm1")
-	assertConfigMapExists(t, k, p.projectName, "cm2")
-	assertConfigMapNotExists(t, k, p.projectName, "cm3")
+	assertConfigMapExists(t, k, p.testSlug(), "cm1")
+	assertConfigMapExists(t, k, p.testSlug(), "cm2")
+	assertConfigMapNotExists(t, k, p.testSlug(), "cm3")
 }
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index b7b4bcb53..b796e792d 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -37,7 +37,7 @@ func TestFluxCommands(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "flux-test")
+	p.init(t, k)
 
 	var wg sync.WaitGroup
 	wg.Add(2)
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index af1c2221c..863ba6af3 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -36,7 +36,7 @@ func (s *hooksTestContext) removeWebhook() {
 }
 
 func (s *hooksTestContext) handleConfigmap(request admission.Request) {
-	if s.p.projectName != request.Namespace {
+	if s.p.testSlug() != request.Namespace {
 		return
 	}
 
@@ -100,21 +100,19 @@ func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletion
 	}
 	s.setupWebhook()
 
-	namespace := fmt.Sprintf("hook-%s", name)
-
-	s.p.init(t, s.k, namespace)
+	s.p.init(t, s.k)
 	t.Cleanup(func() {
 		s.removeWebhook()
 	})
 
-	createNamespace(s.t, s.k, namespace)
+	createNamespace(s.t, s.k, s.p.testSlug())
 
 	s.p.updateTarget("test", nil)
 
 	s.p.addKustomizeDeployment("hook", nil, nil)
 
-	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: namespace})
-	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: namespace}, false, hook, hookDeletionPolicy)
+	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.testSlug()})
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.testSlug()}, false, hook, hookDeletionPolicy)
 
 	return s
 }
@@ -127,10 +125,10 @@ func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
 
 func (s *hooksTestContext) ensureHookNotExecuted() {
 	_ = s.k.DynamicClient.Resource(corev1.SchemeGroupVersion.WithResource("configmaps")).
-		Namespace(s.p.projectName).
+		Namespace(s.p.testSlug()).
 		Delete(context.Background(), "cm1", metav1.DeleteOptions{})
 	s.p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapNotExists(s.t, s.k, s.p.projectName, "cm1")
+	assertConfigMapNotExists(s.t, s.k, s.p.testSlug(), "cm1")
 }
 
 func TestHooksPreDeployInitial(t *testing.T) {
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index edba11b1a..a50564854 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -8,34 +8,34 @@ import (
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, namespace string, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
+func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
 	k := defaultCluster1
 	p := &testProject{}
-	p.init(t, k, namespace)
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", nil)
 
-	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.projectName})
-	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.projectName})
-	addConfigMapDeployment(p, "cm3", nil, resourceOpts{name: "cm3", namespace: p.projectName, tags: []string{"tag1", "tag2"}})
-	addConfigMapDeployment(p, "cm4", nil, resourceOpts{name: "cm4", namespace: p.projectName, tags: []string{"tag1", "tag3"}})
-	addConfigMapDeployment(p, "cm5", nil, resourceOpts{name: "cm5", namespace: p.projectName, tags: []string{"tag1", "tag4"}})
-	addConfigMapDeployment(p, "cm6", nil, resourceOpts{name: "cm6", namespace: p.projectName, tags: []string{"tag1", "tag5"}})
-	addConfigMapDeployment(p, "cm7", nil, resourceOpts{name: "cm7", namespace: p.projectName, tags: []string{"tag1", "tag6"}})
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.testSlug()})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.testSlug()})
+	addConfigMapDeployment(p, "cm3", nil, resourceOpts{name: "cm3", namespace: p.testSlug(), tags: []string{"tag1", "tag2"}})
+	addConfigMapDeployment(p, "cm4", nil, resourceOpts{name: "cm4", namespace: p.testSlug(), tags: []string{"tag1", "tag3"}})
+	addConfigMapDeployment(p, "cm5", nil, resourceOpts{name: "cm5", namespace: p.testSlug(), tags: []string{"tag1", "tag4"}})
+	addConfigMapDeployment(p, "cm6", nil, resourceOpts{name: "cm6", namespace: p.testSlug(), tags: []string{"tag1", "tag5"}})
+	addConfigMapDeployment(p, "cm7", nil, resourceOpts{name: "cm7", namespace: p.testSlug(), tags: []string{"tag1", "tag6"}})
 
 	if withIncludes {
 		p.addDeploymentInclude(".", "include1", nil)
-		addConfigMapDeployment(p, "include1/icm1", nil, resourceOpts{name: "icm1", namespace: p.projectName, tags: []string{"itag1", "itag2"}})
+		addConfigMapDeployment(p, "include1/icm1", nil, resourceOpts{name: "icm1", namespace: p.testSlug(), tags: []string{"itag1", "itag2"}})
 
 		p.addDeploymentInclude(".", "include2", nil)
-		addConfigMapDeployment(p, "include2/icm2", nil, resourceOpts{name: "icm2", namespace: p.projectName})
-		addConfigMapDeployment(p, "include2/icm3", nil, resourceOpts{name: "icm3", namespace: p.projectName, tags: []string{"itag3", "itag4"}})
+		addConfigMapDeployment(p, "include2/icm2", nil, resourceOpts{name: "icm2", namespace: p.testSlug()})
+		addConfigMapDeployment(p, "include2/icm3", nil, resourceOpts{name: "icm3", namespace: p.testSlug(), tags: []string{"itag3", "itag4"}})
 
 		p.addDeploymentInclude(".", "include3", []string{"itag5"})
-		addConfigMapDeployment(p, "include3/icm4", nil, resourceOpts{name: "icm4", namespace: p.projectName})
-		addConfigMapDeployment(p, "include3/icm5", nil, resourceOpts{name: "icm5", namespace: p.projectName, tags: []string{"itag5", "itag6"}})
+		addConfigMapDeployment(p, "include3/icm4", nil, resourceOpts{name: "icm4", namespace: p.testSlug()})
+		addConfigMapDeployment(p, "include3/icm5", nil, resourceOpts{name: "icm5", namespace: p.testSlug(), tags: []string{"itag5", "itag6"}})
 	}
 
 	return p, k
@@ -50,7 +50,7 @@ func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestClust
 			delete(shouldExists, x)
 		}
 	}
-	items, err := k.List(corev1.SchemeGroupVersion.WithResource("configmaps"), p.projectName, map[string]string{"project_name": p.projectName})
+	items, err := k.List(corev1.SchemeGroupVersion.WithResource("configmaps"), p.testSlug(), map[string]string{"project_name": p.testSlug()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -65,7 +65,7 @@ func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestClust
 
 func TestInclusionTags(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-tags", false)
+	p, k := prepareInclusionTestProject(t, false)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -99,7 +99,7 @@ func TestInclusionTags(t *testing.T) {
 
 func TestExclusionTags(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-exclusion", false)
+	p, k := prepareInclusionTestProject(t, false)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -123,7 +123,7 @@ func TestExclusionTags(t *testing.T) {
 
 func TestInclusionIncludeDirs(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-dirs", true)
+	p, k := prepareInclusionTestProject(t, true)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -144,7 +144,7 @@ func TestInclusionIncludeDirs(t *testing.T) {
 
 func TestInclusionDeploymentDirs(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-kustomize-dirs", true)
+	p, k := prepareInclusionTestProject(t, true)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add ...string) {
@@ -171,7 +171,7 @@ func TestInclusionDeploymentDirs(t *testing.T) {
 
 func TestInclusionPrune(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-prune", false)
+	p, k := prepareInclusionTestProject(t, false)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add []string, remove []string) {
@@ -204,7 +204,7 @@ func TestInclusionPrune(t *testing.T) {
 
 func TestInclusionDelete(t *testing.T) {
 	t.Parallel()
-	p, k := prepareInclusionTestProject(t, "inclusion-delete", false)
+	p, k := prepareInclusionTestProject(t, false)
 
 	shouldExists := make(map[string]bool)
 	doAssertExists := func(add []string, remove []string) {
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 7e3083cee..01cdfe738 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -7,20 +7,20 @@ import (
 	"testing"
 )
 
-func prepareNoTargetTest(t *testing.T, name string, withDeploymentYaml bool) *testProject {
+func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *testProject {
 	p := &testProject{}
-	p.init(t, defaultCluster1, name)
+	p.init(t, defaultCluster1)
 	p.mergeKubeconfig(defaultCluster2)
 
-	createNamespace(t, defaultCluster1, p.projectName)
-	createNamespace(t, defaultCluster2, p.projectName)
+	createNamespace(t, defaultCluster1, p.testSlug())
+	createNamespace(t, defaultCluster2, p.testSlug())
 
 	cm := createConfigMapObject(map[string]string{
 		"targetName":    `{{ target.name }}`,
 		"targetContext": `{{ target.context }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 
 	if withDeploymentYaml {
@@ -37,25 +37,25 @@ func prepareNoTargetTest(t *testing.T, name string, withDeploymentYaml bool) *te
 func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 	t.Parallel()
 
-	p := prepareNoTargetTest(t, "no-target", withDeploymentYaml)
+	p := prepareNoTargetTest(t, withDeploymentYaml)
 
 	p.KluctlMust("deploy", "--yes")
-	cm := assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.projectName, "cm")
+	cm := assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name")
-	cm = assertConfigMapExists(t, defaultCluster1, p.projectName, "cm")
+	cm = assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
-	cm = assertConfigMapExists(t, defaultCluster2, p.projectName, "cm")
+	cm = assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster2.Context,
diff --git a/e2e/project.go b/e2e/project.go
index 2e137e841..41fd915eb 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/huandu/xstrings"
 	"github.com/imdario/mergo"
 	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -18,20 +19,17 @@ import (
 )
 
 type testProject struct {
-	t           *testing.T
-	extraEnv    []string
-	projectName string
+	t        *testing.T
+	extraEnv []string
 
 	mergedKubeconfig string
 
 	gitServer *test_utils.GitServer
 }
 
-func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectName string) {
+func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster) {
 	p.t = t
 	p.gitServer = test_utils.NewGitServer(t)
-	p.projectName = projectName
-
 	p.gitServer.GitInit(p.getKluctlProjectRepo())
 
 	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
@@ -41,7 +39,7 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectNa
 		return nil
 	})
 
-	tmpFile, err := os.CreateTemp("", projectName+"-kubeconfig-")
+	tmpFile, err := os.CreateTemp("", p.testSlug()+"-kubeconfig-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -53,6 +51,12 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster, projectNa
 	p.mergeKubeconfig(k)
 }
 
+func (p *testProject) testSlug() string {
+	n := p.t.Name()
+	n = xstrings.ToKebabCase(n)
+	return n
+}
+
 func (p *testProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.Load(k.Kubeconfig)
@@ -88,7 +92,7 @@ func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) err
 func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
 	p.updateYaml(filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
-			o.SetNestedField(p.projectName, "commonLabels", "project_name")
+			o.SetNestedField(p.testSlug(), "commonLabels", "project_name")
 		}
 		return update(o)
 	}, "")
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 9f5e00490..c5b9268bf 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -97,20 +97,20 @@ func addProxyVars(p *testProject) {
 	f(1, defaultCluster2, certServer2)
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
 	p := &testProject{}
-	p.init(t, k, fmt.Sprintf("seal-%s", namespace))
+	p.init(t, k)
 
 	if proxy {
 		addProxyVars(p)
 	}
 
-	createNamespace(t, k, namespace)
+	createNamespace(t, k, p.testSlug())
 
 	addSecretsSet(p, "test", varsSources)
 	addSecretsSetToTarget(p, "test-target", "test")
 
-	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: namespace})
+	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.testSlug()})
 
 	return p
 }
@@ -162,9 +162,8 @@ func assertSealedSecret(t *testing.T, k *test_utils.EnvTestCluster, namespace st
 func TestSeal_WithOperator(t *testing.T) {
 	t.Parallel()
 	k := defaultCluster1
-	namespace := "seal-with-operator"
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -184,7 +183,7 @@ func TestSeal_WithOperator(t *testing.T) {
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -194,13 +193,12 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	// this test must NOT run in parallel
 
 	k := defaultCluster1
-	namespace := "seal-with-bootstrap"
 
 	// deleting the crd causes kluctl to not recognize the operator, so it will do a bootstrap
 	_ = k.DynamicClient.Resource(apiextensionsv1.SchemeGroupVersion.WithResource("customresourcedefinitions")).
 		Delete(context.Background(), "sealedsecrets.bitnami.com", metav1.DeleteOptions{})
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -233,7 +231,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	certHash, err := seal.HashPublicKey(cert)
 	assert.NoError(t, err)
 
-	assertSealedSecret(t, k, namespace, "secret", certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -243,9 +241,8 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-multiple-vs"
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -270,7 +267,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -280,9 +277,8 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-multiple-ss"
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -311,7 +307,7 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -321,9 +317,8 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-multiple-targets"
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -348,7 +343,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	addSecretsSetToTarget(p, "test-target2", "test2")
 
 	p.mergeKubeconfig(defaultCluster2)
-	createNamespace(t, defaultCluster2, namespace)
+	createNamespace(t, defaultCluster2, p.testSlug())
 	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
@@ -366,11 +361,11 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
 
-	assertSealedSecret(t, defaultCluster1, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster1, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
-	assertSealedSecret(t, defaultCluster2, namespace, "secret", certServer2.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster2, p.testSlug(), "secret", certServer2.certHash, map[string]string{
 		"s1": "v3",
 		"s2": "v4",
 	})
@@ -380,7 +375,6 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-multiple-secrets"
 
 	secret1 := map[string]string{
 		"s1": "{{ secrets.s1 }}",
@@ -389,7 +383,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 		"s2": "{{ secrets.s2 }}",
 	}
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		secret1,
 		[]*uo.UnstructuredObject{
 			uo.FromMap(map[string]interface{}{
@@ -399,7 +393,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 				},
 			}),
 		}, true)
-	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: namespace})
+	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.testSlug()})
 
 	p.KluctlMust("seal", "-t", "test-target")
 
@@ -409,10 +403,10 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 	})
-	assertSealedSecret(t, k, namespace, "secret2", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret2", certServer1.certHash, map[string]string{
 		"s2": "v2",
 	})
 }
@@ -421,7 +415,6 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-multiple-secrets2"
 
 	secret1 := map[string]string{
 		"s1": "{{ secrets.s1 }}",
@@ -429,9 +422,8 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 	secret2 := map[string]string{
 		"s2": "{{ secrets.s2 }}",
 	}
-	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: namespace}))
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		secret1,
 		[]*uo.UnstructuredObject{
 			uo.FromMap(map[string]interface{}{
@@ -442,6 +434,8 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 			}),
 		}, true)
 
+	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: p.testSlug()}))
+
 	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), "secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
 		f += "---\n"
 		f += secret2Text
@@ -455,10 +449,10 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 	})
-	assertSealedSecret(t, k, namespace, "secret2", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret2", certServer1.certHash, map[string]string{
 		"s2": "v2",
 	})
 }
@@ -467,9 +461,8 @@ func TestSeal_File(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-file"
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -497,7 +490,7 @@ func TestSeal_File(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -507,7 +500,6 @@ func TestSeal_Vault(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	namespace := "seal-vault"
 
 	server := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		if request.URL.Path != "/v1/secret/data/secret" {
@@ -531,7 +523,7 @@ func TestSeal_Vault(t *testing.T) {
 
 	vaultUrl := server.URL
 
-	p := prepareSealTest(t, k, namespace,
+	p := prepareSealTest(t, k,
 		map[string]string{
 			"s1": "{{ secrets.s1 }}",
 			"s2": "{{ secrets.s2 }}",
@@ -553,7 +545,7 @@ func TestSeal_Vault(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, namespace, "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 59e352b82..ee9af770a 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -14,9 +14,9 @@ func TestSopsVars(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "sops-vars")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", nil)
 
@@ -24,7 +24,7 @@ func TestSopsVars(t *testing.T) {
 		"v1": "{{ test1.test2 }}",
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.projectName,
+		namespace: p.testSlug(),
 	})
 	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField([]map[string]any{
@@ -42,7 +42,7 @@ func TestSopsVars(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
-	cm := assertConfigMapExists(t, k, p.projectName, "cm")
+	cm := assertConfigMapExists(t, k, p.testSlug(), "cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
 		"v1": "42",
 	}, "data")
@@ -55,13 +55,13 @@ func TestSopsResources(t *testing.T) {
 	k := defaultCluster1
 
 	p := &testProject{}
-	p.init(t, k, "sops-resources")
+	p.init(t, k)
 
-	createNamespace(t, k, p.projectName)
+	createNamespace(t, k, p.testSlug())
 
 	p.updateTarget("test", nil)
 	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(p.projectName, "overrideNamespace")
+		_ = o.SetNestedField(p.testSlug(), "overrideNamespace")
 		return nil
 	})
 
@@ -76,7 +76,7 @@ func TestSopsResources(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
-	cm := assertConfigMapExists(t, k, p.projectName, "encrypted-cm")
+	cm := assertConfigMapExists(t, k, p.testSlug(), "encrypted-cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
 		"a": "b",
 	}, "data")

From 8aeab4110760b3e4dc0ef8069770b997f8894d4d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Nov 2022 16:31:04 +0100
Subject: [PATCH 0530/2268] docs: Add docs about plain Kustomize deployments

---
 docs/get-started.md                     | 16 +++++++++++++++-
 docs/reference/deployments/README.md    |  7 +++++++
 docs/reference/kluctl-project/README.md |  5 +++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/get-started.md b/docs/get-started.md
index 5393963e9..c92642802 100644
--- a/docs/get-started.md
+++ b/docs/get-started.md
@@ -50,8 +50,22 @@ for a given cluster.
 The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](./installation.md)
 to figure out how to install it.
 
-## Clone the kluctl examples
+## Use Kluctl with a plain Kustomize deployment
 
+The simplest way to test out Kluctl is to use an existing Kustomize deployment and just test out the CLI. For example,
+try it with the [podtato-head project](https://github.com/podtato-head/podtato-head):
+
+```shell
+$ git clone https://github.com/podtato-head/podtato-head.git
+$ cd podtato-head/delivery/kustomize/base
+$ kluctl deploy
+```
+
+Then try to modify something inside the Kustomize deployment and retry the `kluctl deploy` call.
+
+## Try out the Kluctl examples
+
+For more advanced examples, check out the Kluctl example projects.
 Clone the example project found at https://github.com/kluctl/kluctl-examples
 
 ```sh
diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index b54534e4f..19145cca4 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -77,3 +77,10 @@ Some visualized files/directories have links attached, follow them to get more i
 Deployments are done in parallel, meaning that there are usually no order guarantees. The only way to somehow control
 order, is by placing [barriers](./deployment-yml.md#barriers) between kustomize deployments.
 You should however not overuse barriers, as they negatively impact the speed of kluctl.
+
+## Plain Kustomize
+
+It's also possible to use Kluctl on plain Kustomize deployments. Simply run `kluctl deploy` from inside the
+folder of your `kustomization.yaml`. If you also don't have a `.kluctl.yaml`, you can also work without targets.
+
+Please note that pruning and deletion is not supported in this mode.
\ No newline at end of file
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index f442ee3fb..ba14d1b65 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -42,3 +42,8 @@ targets:
 Please check the following sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
 
 1. [targets](./targets)
+
+## Using Kluctl without .kluctl.yaml
+
+It's possible to use Kluctl without any `.kluctl.yaml`. In that case, all commands must be used without specifying the
+target.

From 551d76ad66fb0846f7b0fec6ef6535a2a4b0a5fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 12 Nov 2022 22:01:46 +0100
Subject: [PATCH 0531/2268] docs: Mention SOPS in variable-sources.md

---
 docs/reference/templating/variable-sources.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index ad6ad30c2..2f4a4137f 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -54,6 +54,9 @@ vars:
 
 After which all included deployments and sub-deployments can use the jinja2 variables from `vars1.yaml`.
 
+Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
+[sops integration](../deployments/sops.md) integration for more details.
+
 ### values
 An inline definition of variables. Example:
 
@@ -77,6 +80,9 @@ vars:
       path: path/to/vars.yaml
 ```
 
+Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
+[sops integration](../deployments/sops.md) integration for more details.
+
 ### clusterConfigMap
 Loads a configmap from the target's cluster and loads the specified key's value as a yaml file into the jinja2 variables
 context.

From f33d4185f5c445253709f405c7bc5e7ce3b085a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:10:08 +0000
Subject: [PATCH 0532/2268] chore(deps): Bump goreleaser/goreleaser-action from
 2 to 3

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b5e3dd1f8..dd4ea8163 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-goreleaser-
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v3
         with:
           distribution: goreleaser
           version: latest

From 4ec6a5e533c831b9c7ed91c13d445a6cf5d9c822 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:12:48 +0000
Subject: [PATCH 0533/2268] chore(deps): Bump k8s.io/client-go from 0.25.3 to
 0.25.4

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.25.3 to 0.25.4.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.3...v0.25.4)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  8 ++++----
 go.sum | 12 ++++++------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index cd6924cbe..114f968a3 100644
--- a/go.mod
+++ b/go.mod
@@ -47,10 +47,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.2
-	k8s.io/api v0.25.3
+	k8s.io/api v0.25.4
 	k8s.io/apiextensions-apiserver v0.25.3
-	k8s.io/apimachinery v0.25.3
-	k8s.io/client-go v0.25.3
+	k8s.io/apimachinery v0.25.4
+	k8s.io/client-go v0.25.4
 	k8s.io/klog/v2 v2.80.1
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
@@ -59,6 +59,7 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/huandu/xstrings v1.3.2
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.0
 )
@@ -156,7 +157,6 @@ require (
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index 83a6e4635..3d9ef5775 100644
--- a/go.sum
+++ b/go.sum
@@ -1307,18 +1307,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
-k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
+k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs=
+k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ=
 k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
 k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
-k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
-k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
+k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc=
+k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
 k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
 k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
 k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
-k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
-k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
+k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8=
+k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw=
 k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
 k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=

From b07d6489a20d2086ce682299a2e9b01a5746af47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:13:03 +0000
Subject: [PATCH 0534/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.13.0 to 0.13.1

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.13.0...v0.13.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index cd6924cbe..fd9a08fd4 100644
--- a/go.mod
+++ b/go.mod
@@ -59,8 +59,9 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/huandu/xstrings v1.3.2
 	go.mozilla.org/sops/v3 v3.7.3
-	sigs.k8s.io/controller-runtime v0.13.0
+	sigs.k8s.io/controller-runtime v0.13.1
 )
 
 require (
@@ -156,7 +157,6 @@ require (
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index 83a6e4635..bb045f8fb 100644
--- a/go.sum
+++ b/go.sum
@@ -1334,8 +1334,8 @@ oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.13.0 h1:iqa5RNciy7ADWnIc8QxCbOX5FEKVR3uxVxKHRMc2WIQ=
-sigs.k8s.io/controller-runtime v0.13.0/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI=
+sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg=
+sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From 7b3a7f341e86cab645fac9b76e2c7f777e5ecfa2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:13:19 +0000
Subject: [PATCH 0535/2268] chore(deps): Bump golang.org/x/net from 0.1.0 to
 0.2.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 6 +++---
 go.sum | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index cd6924cbe..cc815544c 100644
--- a/go.mod
+++ b/go.mod
@@ -39,10 +39,10 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
 	golang.org/x/crypto v0.1.0
-	golang.org/x/net v0.1.0
+	golang.org/x/net v0.2.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.2.0
-	golang.org/x/term v0.1.0
+	golang.org/x/term v0.2.0
 	golang.org/x/text v0.4.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -59,6 +59,7 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/huandu/xstrings v1.3.2
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.0
 )
@@ -156,7 +157,6 @@ require (
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index 83a6e4635..cac032fe8 100644
--- a/go.sum
+++ b/go.sum
@@ -954,8 +954,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1062,8 +1062,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 04d450f6a13fa32a5c9c8ef93e988c7b04b0f7b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Nov 2022 22:13:59 +0000
Subject: [PATCH 0536/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.8.1 to 1.8.2

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index cd6924cbe..7553e9e47 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.2
 	github.com/google/go-containerregistry v0.12.1
-	github.com/hashicorp/vault/api v1.8.1
+	github.com/hashicorp/vault/api v1.8.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
@@ -59,6 +59,7 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/huandu/xstrings v1.3.2
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.0
 )
@@ -156,7 +157,6 @@ require (
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index 83a6e4635..473fff58b 100644
--- a/go.sum
+++ b/go.sum
@@ -473,8 +473,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.8.1 h1:bMieWIe6dAlqAAPReZO/8zYtXaWUg/21umwqGZpEjCI=
-github.com/hashicorp/vault/api v1.8.1/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
+github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
+github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
 github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=

From 3758a64805fbdbbd4d382df7b3604103bba75541 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 14:37:41 +0100
Subject: [PATCH 0537/2268] feat: Remove --local-deployment from
 helm-pull/helm-update

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 17 +++++++++++------
 cmd/kluctl/commands/cmd_helm_update.go | 19 ++++++++++---------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 90d8c9fc8..74adaf8cf 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -4,15 +4,15 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
+	"os"
 	"path/filepath"
 )
 
 type helmPullCmd struct {
 	args.HelmCredentials
-
-	LocalDeployment string `group:"project" help:"Local deployment directory. Defaults to current directory"`
 }
 
 func (cmd *helmPullCmd) Help() string {
@@ -22,12 +22,17 @@ pulling is only needed when really required (e.g. when the chart version changes
 }
 
 func (cmd *helmPullCmd) Run() error {
-	rootPath := "."
-	if cmd.LocalDeployment != "" {
-		rootPath = cmd.LocalDeployment
+	cwd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+
+	gitRootPath, err := git2.DetectGitRepositoryRoot(cwd)
+	if err != nil {
+		return err
 	}
 
-	err := filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
 			s := status.Start(cliCtx, "Pulling for %s", p)
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 55c30b8e8..9210c9e38 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -8,15 +8,15 @@ import (
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"io/fs"
+	"os"
 	"path/filepath"
 )
 
 type helmUpdateCmd struct {
 	args.HelmCredentials
 
-	LocalDeployment string `group:"project" help:"Local deployment directory. Defaults to current directory"`
-	Upgrade         bool   `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
-	Commit          bool   `group:"misc" help:"Create a git commit for every updated chart"`
+	Upgrade bool `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
+	Commit  bool `group:"misc" help:"Create a git commit for every updated chart"`
 }
 
 func (cmd *helmUpdateCmd) Help() string {
@@ -24,16 +24,17 @@ func (cmd *helmUpdateCmd) Help() string {
 }
 
 func (cmd *helmUpdateCmd) Run() error {
-	rootPath := "."
-	if cmd.LocalDeployment != "" {
-		rootPath = cmd.LocalDeployment
+	cwd, err := os.Getwd()
+	if err != nil {
+		return err
 	}
-	gitRootPath, err := git2.DetectGitRepositoryRoot(rootPath)
+
+	gitRootPath, err := git2.DetectGitRepositoryRoot(cwd)
 	if err != nil {
 		return err
 	}
 
-	err = filepath.WalkDir(rootPath, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
 			statusPrefix := filepath.Base(filepath.Dir(p))
@@ -134,7 +135,7 @@ func (cmd *helmUpdateCmd) Run() error {
 						return err
 					}
 					for p := range gitFiles {
-						absPath, err := filepath.Abs(filepath.Join(rootPath, p))
+						absPath, err := filepath.Abs(filepath.Join(cwd, p))
 						if err != nil {
 							return err
 						}

From 87978f3772aa7c0810b61acc77a88c2f8dd6936a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 14:38:13 +0100
Subject: [PATCH 0538/2268] feat: Better status reporting for
 helm-pull/helm-update

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 21 +++++++++++++++++----
 cmd/kluctl/commands/cmd_helm_update.go |  6 +++++-
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 74adaf8cf..dc6f251de 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -35,16 +35,29 @@ func (cmd *helmPullCmd) Run() error {
 	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			s := status.Start(cliCtx, "Pulling for %s", p)
+			statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+			if err != nil {
+				return err
+			}
+
+			s := status.Start(cliCtx, "%s: Pulling Chart %s", statusPrefix)
 			chart, err := deployment.NewHelmChart(p)
 			if err != nil {
-				s.FailedWithMessage(err.Error())
+				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 				return err
 			}
 
+			chartName, err := chart.GetChartName()
+			if err != nil {
+				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+				return err
+			}
+
+			s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chartName, *chart.Config.ChartVersion)
+
 			creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
 			if chart.Config.CredentialsId != nil && creds == nil {
-				err := fmt.Errorf("no credentials provided for %s", p)
+				err := fmt.Errorf("%s: no credentials provided", statusPrefix)
 				s.FailedWithMessage(err.Error())
 				return err
 			}
@@ -52,7 +65,7 @@ func (cmd *helmPullCmd) Run() error {
 
 			err = chart.Pull(cliCtx)
 			if err != nil {
-				s.FailedWithMessage(err.Error())
+				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 				return err
 			}
 			s.Success()
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 9210c9e38..0f629a099 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -37,7 +37,11 @@ func (cmd *helmUpdateCmd) Run() error {
 	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			statusPrefix := filepath.Base(filepath.Dir(p))
+			statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+			if err != nil {
+				return err
+			}
+
 			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
 			defer s.Failed()
 

From b7ef0e513bce388523e2bb2b0f120559487fb92c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 14:48:30 +0100
Subject: [PATCH 0539/2268] feat: Paralellize helm-pull

---
 cmd/kluctl/commands/cmd_helm_pull.go | 99 +++++++++++++++++-----------
 pkg/utils/limited_routine.go         | 36 ++++++++++
 2 files changed, 98 insertions(+), 37 deletions(-)
 create mode 100644 pkg/utils/limited_routine.go

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index dc6f251de..87d7cb732 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -2,13 +2,17 @@ package commands
 
 import (
 	"fmt"
+	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"golang.org/x/sync/semaphore"
 	"io/fs"
 	"os"
 	"path/filepath"
+	"sync"
 )
 
 type helmPullCmd struct {
@@ -32,50 +36,71 @@ func (cmd *helmPullCmd) Run() error {
 		return err
 	}
 
+	var errs *multierror.Error
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	sem := semaphore.NewWeighted(8)
+
 	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
-		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
-			if err != nil {
-				return err
-			}
-
-			s := status.Start(cliCtx, "%s: Pulling Chart %s", statusPrefix)
-			chart, err := deployment.NewHelmChart(p)
-			if err != nil {
-				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-				return err
-			}
-
-			chartName, err := chart.GetChartName()
-			if err != nil {
-				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-				return err
-			}
-
-			s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chartName, *chart.Config.ChartVersion)
-
-			creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
-			if chart.Config.CredentialsId != nil && creds == nil {
-				err := fmt.Errorf("%s: no credentials provided", statusPrefix)
-				s.FailedWithMessage(err.Error())
-				return err
-			}
-			chart.SetCredentials(creds)
-
-			err = chart.Pull(cliCtx)
-			if err != nil {
-				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-				return err
-			}
-			s.Success()
+		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
+			return nil
 		}
+
+		wg.Add(1)
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
+			defer wg.Done()
+			return doPull(gitRootPath, p, cmd.HelmCredentials)
+		})
+
 		return nil
 	})
-
+	wg.Wait()
 	if err != nil {
+		errs = multierror.Append(errs, err)
+	}
+
+	if errs.ErrorOrNil() != nil {
 		return fmt.Errorf("command failed")
 	}
 
-	return err
+	return nil
+}
+
+func doPull(gitRootPath string, p string, helmCredentials args.HelmCredentials) error {
+	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+	if err != nil {
+		return err
+	}
+
+	s := status.Start(cliCtx, "%s: Pulling Chart %s", statusPrefix)
+	doError := func(err error) error {
+		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+		return err
+	}
+
+	chart, err := deployment.NewHelmChart(p)
+	if err != nil {
+		return doError(err)
+	}
+
+	chartName, err := chart.GetChartName()
+	if err != nil {
+		return doError(err)
+	}
+
+	s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chartName, *chart.Config.ChartVersion)
+
+	creds := helmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
+	if chart.Config.CredentialsId != nil && creds == nil {
+		return doError(fmt.Errorf("no credentials provided"))
+	}
+	chart.SetCredentials(creds)
+
+	err = chart.Pull(cliCtx)
+	if err != nil {
+		return doError(err)
+	}
+	s.Success()
+	return nil
 }
diff --git a/pkg/utils/limited_routine.go b/pkg/utils/limited_routine.go
new file mode 100644
index 000000000..7653bfc26
--- /dev/null
+++ b/pkg/utils/limited_routine.go
@@ -0,0 +1,36 @@
+package utils
+
+import (
+	"context"
+	"github.com/hashicorp/go-multierror"
+	"golang.org/x/sync/semaphore"
+	"sync"
+)
+
+func GoLimited(ctx context.Context, sem *semaphore.Weighted, fn func(), errCb func(err error)) {
+	go func() {
+		err := sem.Acquire(ctx, 1)
+		if err != nil {
+			if errCb != nil {
+				errCb(err)
+			}
+			return
+		}
+		defer sem.Release(1)
+		fn()
+	}()
+}
+
+func GoLimitedMultiError(ctx context.Context, sem *semaphore.Weighted, merr **multierror.Error, mutex *sync.Mutex, fn func() error) {
+	errCb := func(err error) {
+		mutex.Lock()
+		defer mutex.Unlock()
+		*merr = multierror.Append(*merr, err)
+	}
+	GoLimited(ctx, sem, func() {
+		err := fn()
+		if err != nil {
+			errCb(err)
+		}
+	}, errCb)
+}

From c2ee8f1931849752ef11a76f6c52c33c840fd91f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 14:49:37 +0100
Subject: [PATCH 0540/2268] refactor: Eaerly bailout

---
 cmd/kluctl/commands/cmd_helm_update.go | 177 +++++++++++++------------
 1 file changed, 89 insertions(+), 88 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 0f629a099..42e71ac6d 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -36,129 +36,130 @@ func (cmd *helmUpdateCmd) Run() error {
 
 	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
-		if fname == "helm-chart.yml" || fname == "helm-chart.yaml" {
-			statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
+			return nil
+		}
+		statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+		if err != nil {
+			return err
+		}
+
+		s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
+		defer s.Failed()
+
+		chart, err := deployment.NewHelmChart(p)
+		if err != nil {
+			s.Update("%s: Error while loading helm-chart.yaml: %v", statusPrefix, err)
+			return err
+		}
+
+		creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
+		if chart.Config.CredentialsId != nil && creds == nil {
+			err := fmt.Errorf("%s: No credentials provided", statusPrefix)
+			s.FailedWithMessage(err.Error())
+			return err
+		}
+		chart.SetCredentials(creds)
+
+		newVersion, updated, err := chart.CheckUpdate()
+		if err != nil {
+			return err
+		}
+		if !updated {
+			s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
+			s.Success()
+			return nil
+		}
+		msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
+		if chart.Config.SkipUpdate {
+			msg += " skipUpdate is set to true."
+		}
+		s.Update(msg)
+
+		if !cmd.Upgrade {
+			s.Success()
+		} else {
+			if chart.Config.SkipUpdate {
+				s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
+				s.Success()
+				return nil
+			}
+
+			oldVersion := *chart.Config.ChartVersion
+			chart.Config.ChartVersion = &newVersion
+			err = chart.Save()
 			if err != nil {
 				return err
 			}
 
-			s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
-			defer s.Failed()
+			chartsDir := filepath.Join(filepath.Dir(p), "charts")
 
-			chart, err := deployment.NewHelmChart(p)
+			// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
+			// know what got deleted
+			gitFiles := make(map[string]bool)
+			gitFiles[p] = true
+			err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
+				if !d.IsDir() {
+					gitFiles[p] = true
+				}
+				return nil
+			})
 			if err != nil {
-				s.Update("%s: Error while loading helm-chart.yaml: %v", statusPrefix, err)
 				return err
 			}
 
-			creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
-			if chart.Config.CredentialsId != nil && creds == nil {
-				err := fmt.Errorf("%s: No credentials provided", statusPrefix)
-				s.FailedWithMessage(err.Error())
-				return err
-			}
-			chart.SetCredentials(creds)
+			s.Update("%s: Pulling new version", statusPrefix)
+			defer s.Failed()
 
-			newVersion, updated, err := chart.CheckUpdate()
+			err = chart.Pull(cliCtx)
 			if err != nil {
 				return err
 			}
-			if !updated {
-				s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
-				s.Success()
-				return nil
-			}
-			msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
-			if chart.Config.SkipUpdate {
-				msg += " skipUpdate is set to true."
-			}
-			s.Update(msg)
 
-			if !cmd.Upgrade {
-				s.Success()
-			} else {
-				if chart.Config.SkipUpdate {
-					s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
-					s.Success()
-					return nil
-				}
-
-				oldVersion := *chart.Config.ChartVersion
-				chart.Config.ChartVersion = &newVersion
-				err = chart.Save()
-				if err != nil {
-					return err
+			// and now list all files again to catch all new files
+			err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
+				if !d.IsDir() {
+					gitFiles[p] = true
 				}
+				return nil
+			})
+			if err != nil {
+				return err
+			}
 
-				chartsDir := filepath.Join(filepath.Dir(p), "charts")
-
-				// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
-				// know what got deleted
-				gitFiles := make(map[string]bool)
-				gitFiles[p] = true
-				err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
-					if !d.IsDir() {
-						gitFiles[p] = true
-					}
-					return nil
-				})
-				if err != nil {
-					return err
-				}
+			if cmd.Commit {
+				commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", filepath.Dir(p), oldVersion, newVersion)
 
-				s.Update("%s: Pulling new version", statusPrefix)
-				defer s.Failed()
+				s.Update(fmt.Sprintf("%s: Updating chart from %s to %s", statusPrefix, oldVersion, newVersion))
 
-				err = chart.Pull(cliCtx)
+				r, err := git.PlainOpen(gitRootPath)
 				if err != nil {
 					return err
 				}
-
-				// and now list all files again to catch all new files
-				err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
-					if !d.IsDir() {
-						gitFiles[p] = true
-					}
-					return nil
-				})
+				wt, err := r.Worktree()
 				if err != nil {
 					return err
 				}
-
-				if cmd.Commit {
-					commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", filepath.Dir(p), oldVersion, newVersion)
-
-					s.Update(fmt.Sprintf("%s: Updating chart from %s to %s", statusPrefix, oldVersion, newVersion))
-
-					r, err := git.PlainOpen(gitRootPath)
+				for p := range gitFiles {
+					absPath, err := filepath.Abs(filepath.Join(cwd, p))
 					if err != nil {
 						return err
 					}
-					wt, err := r.Worktree()
+					relToGit, err := filepath.Rel(gitRootPath, absPath)
 					if err != nil {
 						return err
 					}
-					for p := range gitFiles {
-						absPath, err := filepath.Abs(filepath.Join(cwd, p))
-						if err != nil {
-							return err
-						}
-						relToGit, err := filepath.Rel(gitRootPath, absPath)
-						if err != nil {
-							return err
-						}
-						_, err = wt.Add(relToGit)
-						if err != nil {
-							return err
-						}
-					}
-					_, err = wt.Commit(commitMsg, &git.CommitOptions{})
+					_, err = wt.Add(relToGit)
 					if err != nil {
 						return err
 					}
 				}
-				s.Success()
+				_, err = wt.Commit(commitMsg, &git.CommitOptions{})
+				if err != nil {
+					return err
+				}
 			}
+			s.Success()
 		}
 		return nil
 	})

From 9e7bcf7c4869a29bde28f399fdffa601c5177301 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 15:34:49 +0100
Subject: [PATCH 0541/2268] feat: Paralellize helm-update

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  13 +-
 cmd/kluctl/commands/cmd_helm_update.go | 296 ++++++++++++++++---------
 pkg/deployment/helm_chart.go           |  44 ++--
 3 files changed, 221 insertions(+), 132 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 87d7cb732..e4c510993 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -50,7 +50,14 @@ func (cmd *helmPullCmd) Run() error {
 		wg.Add(1)
 		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
 			defer wg.Done()
-			return doPull(gitRootPath, p, cmd.HelmCredentials)
+			s := status.Start(cliCtx, "%s: Pulling Chart")
+			defer s.Failed()
+			err := doPull(gitRootPath, p, cmd.HelmCredentials, s)
+			if err != nil {
+				return err
+			}
+			s.Success()
+			return nil
 		})
 
 		return nil
@@ -67,13 +74,12 @@ func (cmd *helmPullCmd) Run() error {
 	return nil
 }
 
-func doPull(gitRootPath string, p string, helmCredentials args.HelmCredentials) error {
+func doPull(gitRootPath string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
 	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
 	if err != nil {
 		return err
 	}
 
-	s := status.Start(cliCtx, "%s: Pulling Chart %s", statusPrefix)
 	doError := func(err error) error {
 		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return err
@@ -101,6 +107,5 @@ func doPull(gitRootPath string, p string, helmCredentials args.HelmCredentials)
 	if err != nil {
 		return doError(err)
 	}
-	s.Success()
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 42e71ac6d..d35bdb496 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,13 +3,17 @@ package commands
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"golang.org/x/sync/semaphore"
 	"io/fs"
 	"os"
 	"path/filepath"
+	"sync"
 )
 
 type helmUpdateCmd struct {
@@ -34,134 +38,214 @@ func (cmd *helmUpdateCmd) Run() error {
 		return err
 	}
 
+	var errs *multierror.Error
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	sem := semaphore.NewWeighted(8)
+
+	type updatedChart struct {
+		chart       *deployment.HelmChart
+		newVersion  string
+		oldVersion  string
+		pullSuccess bool
+	}
+	var updatedCharts []*updatedChart
+
 	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
 			return nil
 		}
-		statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
-		if err != nil {
-			return err
-		}
 
-		s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
-		defer s.Failed()
+		wg.Add(1)
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
+			defer wg.Done()
 
-		chart, err := deployment.NewHelmChart(p)
-		if err != nil {
-			s.Update("%s: Error while loading helm-chart.yaml: %v", statusPrefix, err)
-			return err
-		}
+			chart, newVersion, updated, err := cmd.doCheckUpdate(gitRootPath, p)
+			if err != nil {
+				return err
+			}
 
-		creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
-		if chart.Config.CredentialsId != nil && creds == nil {
-			err := fmt.Errorf("%s: No credentials provided", statusPrefix)
-			s.FailedWithMessage(err.Error())
-			return err
-		}
-		chart.SetCredentials(creds)
+			mutex.Lock()
+			defer mutex.Unlock()
 
-		newVersion, updated, err := chart.CheckUpdate()
-		if err != nil {
-			return err
-		}
-		if !updated {
-			s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
-			s.Success()
+			if updated {
+				updatedCharts = append(updatedCharts, &updatedChart{
+					chart:      chart,
+					newVersion: newVersion,
+					oldVersion: *chart.Config.ChartVersion,
+				})
+			}
 			return nil
-		}
+		})
+		return nil
+	})
+	wg.Wait()
+	if err != nil {
+		errs = multierror.Append(errs, err)
+		return errs.ErrorOrNil()
+	}
+
+	if !cmd.Upgrade {
+		return errs.ErrorOrNil()
+	}
+
+	for _, uc := range updatedCharts {
+		uc := uc
+
+		wg.Add(1)
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
+			defer wg.Done()
+
+			err := cmd.pullAndCommitChart(gitRootPath, uc.chart, uc.oldVersion, uc.newVersion, &mutex)
+			if err != nil {
+				return err
+			}
+			return nil
+		})
+	}
+	wg.Wait()
+
+	if !cmd.Commit {
+		return errs.ErrorOrNil()
+	}
+
+	return errs.ErrorOrNil()
+}
+
+func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployment.HelmChart, string, bool, error) {
+	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+	if err != nil {
+		return nil, "", false, err
+	}
+
+	s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
+	doError := func(err error) (*deployment.HelmChart, string, bool, error) {
+		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+		return nil, "", false, err
+	}
+
+	chart, err := deployment.NewHelmChart(p)
+	if err != nil {
+		return doError(err)
+	}
+
+	creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
+	if chart.Config.CredentialsId != nil && creds == nil {
+		return doError(fmt.Errorf("no credentials provided"))
+	}
+	chart.SetCredentials(creds)
+
+	newVersion, updated, err := chart.CheckUpdate()
+	if err != nil {
+		return doError(err)
+	}
+	if !updated {
+		s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
+	} else {
 		msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
 		if chart.Config.SkipUpdate {
 			msg += " skipUpdate is set to true."
 		}
 		s.Update(msg)
+	}
+	s.Success()
 
-		if !cmd.Upgrade {
-			s.Success()
-		} else {
-			if chart.Config.SkipUpdate {
-				s.Update("%s: NOT upgrading chart as skipUpdate was set to true", statusPrefix)
-				s.Success()
-				return nil
-			}
-
-			oldVersion := *chart.Config.ChartVersion
-			chart.Config.ChartVersion = &newVersion
-			err = chart.Save()
-			if err != nil {
-				return err
-			}
+	return chart, newVersion, updated, nil
+}
 
-			chartsDir := filepath.Join(filepath.Dir(p), "charts")
-
-			// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
-			// know what got deleted
-			gitFiles := make(map[string]bool)
-			gitFiles[p] = true
-			err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
-				if !d.IsDir() {
-					gitFiles[p] = true
-				}
-				return nil
-			})
-			if err != nil {
-				return err
-			}
+func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployment.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
+	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(chart.ConfigFile))
+	if err != nil {
+		return err
+	}
 
-			s.Update("%s: Pulling new version", statusPrefix)
-			defer s.Failed()
+	s := status.Start(cliCtx, "%s: Pulling Chart", statusPrefix)
+	defer s.Failed()
 
-			err = chart.Pull(cliCtx)
-			if err != nil {
-				return err
-			}
+	chart.Config.ChartVersion = &newVersion
+	err = chart.Save()
+	if err != nil {
+		return err
+	}
 
-			// and now list all files again to catch all new files
-			err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
-				if !d.IsDir() {
-					gitFiles[p] = true
-				}
-				return nil
-			})
-			if err != nil {
-				return err
-			}
+	chartsDir, err := chart.GetChartDir()
+	if err != nil {
+		return err
+	}
 
-			if cmd.Commit {
-				commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", filepath.Dir(p), oldVersion, newVersion)
-
-				s.Update(fmt.Sprintf("%s: Updating chart from %s to %s", statusPrefix, oldVersion, newVersion))
-
-				r, err := git.PlainOpen(gitRootPath)
-				if err != nil {
-					return err
-				}
-				wt, err := r.Worktree()
-				if err != nil {
-					return err
-				}
-				for p := range gitFiles {
-					absPath, err := filepath.Abs(filepath.Join(cwd, p))
-					if err != nil {
-						return err
-					}
-					relToGit, err := filepath.Rel(gitRootPath, absPath)
-					if err != nil {
-						return err
-					}
-					_, err = wt.Add(relToGit)
-					if err != nil {
-						return err
-					}
-				}
-				_, err = wt.Commit(commitMsg, &git.CommitOptions{})
-				if err != nil {
-					return err
-				}
-			}
-			s.Success()
+	// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
+	// know what got deleted
+	oldFiles := map[string]bool{}
+	err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
+		if d.IsDir() {
+			return nil
+		}
+		relToGit, err := filepath.Rel(gitRootPath, p)
+		if err != nil {
+			return err
 		}
+		oldFiles[relToGit] = true
 		return nil
 	})
-	return err
+	if err != nil {
+		return err
+	}
+
+	err = doPull(gitRootPath, chart.ConfigFile, cmd.HelmCredentials, s)
+	if err != nil {
+		return err
+	}
+
+	var toAdd []string
+	relToGit, err := filepath.Rel(gitRootPath, chart.ConfigFile)
+	if err != nil {
+		return err
+	}
+	toAdd = append(toAdd, relToGit)
+
+	relToGit, err = filepath.Rel(gitRootPath, chartsDir)
+	if err != nil {
+		return err
+	}
+	toAdd = append(toAdd, relToGit)
+
+	// figure out what got deleted
+	for p, _ := range oldFiles {
+		if !utils.IsFile(filepath.Join(gitRootPath, p)) {
+			toAdd = append(toAdd, p)
+		}
+	}
+
+	s.Update("%s: Committing chart", statusPrefix)
+
+	mutex.Lock()
+	defer mutex.Unlock()
+
+	r, err := git.PlainOpen(gitRootPath)
+	if err != nil {
+		return err
+	}
+	wt, err := r.Worktree()
+	if err != nil {
+		return err
+	}
+
+	for _, p := range toAdd {
+		_, err = wt.Add(p)
+		if err != nil {
+			return err
+		}
+	}
+
+	commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", statusPrefix, oldVersion, newVersion)
+	_, err = wt.Commit(commitMsg, &git.CommitOptions{})
+	if err != nil {
+		return err
+	}
+
+	s.Update("%s: Committed helm chart with version %s", statusPrefix, newVersion)
+	s.Success()
+
+	return nil
 }
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index b7930f0f8..f5b8fcdc7 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -30,27 +30,27 @@ import (
 	"strings"
 )
 
-type helmChart struct {
-	configFile  string
+type HelmChart struct {
+	ConfigFile  string
 	Config      *types.HelmChartConfig
 	credentials *repo.Entry
 }
 
-func NewHelmChart(configFile string) (*helmChart, error) {
+func NewHelmChart(configFile string) (*HelmChart, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
 		return nil, err
 	}
 
-	hc := &helmChart{
-		configFile: configFile,
+	hc := &HelmChart{
+		ConfigFile: configFile,
 		Config:     &config,
 	}
 	return hc, nil
 }
 
-func (c *helmChart) GetChartName() (string, error) {
+func (c *HelmChart) GetChartName() (string, error) {
 	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
 		s := strings.Split(*c.Config.Repo, "/")
 		chartName := s[len(s)-1]
@@ -65,18 +65,18 @@ func (c *helmChart) GetChartName() (string, error) {
 	return *c.Config.ChartName, nil
 }
 
-func (c *helmChart) GetChartDir() (string, error) {
+func (c *HelmChart) GetChartDir() (string, error) {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return "", err
 	}
 
-	dir := filepath.Dir(c.configFile)
+	dir := filepath.Dir(c.ConfigFile)
 	targetDir := filepath.Join(dir, "charts")
 	return securejoin.SecureJoin(targetDir, chartName)
 }
 
-func (c *helmChart) GetOutputPath() string {
+func (c *HelmChart) GetOutputPath() string {
 	output := "helm-rendered.yaml"
 	if c.Config.Output != nil {
 		output = *c.Config.Output
@@ -84,12 +84,12 @@ func (c *helmChart) GetOutputPath() string {
 	return output
 }
 
-func (c *helmChart) GetFullOutputPath() (string, error) {
-	dir := filepath.Dir(c.configFile)
+func (c *HelmChart) GetFullOutputPath() (string, error) {
+	dir := filepath.Dir(c.ConfigFile)
 	return securejoin.SecureJoin(dir, c.GetOutputPath())
 }
 
-func (c *helmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
+func (c *HelmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
 	rc, err := registry.NewClient()
 	if err != nil {
 		return nil, err
@@ -101,7 +101,7 @@ func (c *helmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, e
 	}, nil
 }
 
-func (c *helmChart) Pull(ctx context.Context) error {
+func (c *HelmChart) Pull(ctx context.Context) error {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return err
@@ -112,7 +112,7 @@ func (c *helmChart) Pull(ctx context.Context) error {
 		return err
 	}
 
-	targetDir := filepath.Join(filepath.Dir(c.configFile), "charts")
+	targetDir := filepath.Join(filepath.Dir(c.ConfigFile), "charts")
 	_ = os.RemoveAll(chartDir)
 
 	cfg, err := c.buildHelmConfig(nil)
@@ -154,7 +154,7 @@ func (c *helmChart) Pull(ctx context.Context) error {
 	return nil
 }
 
-func (c *helmChart) CheckUpdate() (string, bool, error) {
+func (c *HelmChart) CheckUpdate() (string, bool, error) {
 	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
 		return "", false, nil
 	}
@@ -203,7 +203,7 @@ func (c *helmChart) CheckUpdate() (string, bool, error) {
 	return latestVersion, updated, nil
 }
 
-func (c *helmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
+func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return err
@@ -215,7 +215,7 @@ func (c *helmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
+func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	chartDir, err := c.GetChartDir()
 	if err != nil {
 		return err
@@ -224,7 +224,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	if err != nil {
 		return err
 	}
-	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(c.configFile), "helm-values.yml"))
+	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(c.ConfigFile), "helm-values.yml"))
 
 	var gvs []schema.GroupVersion
 	if k != nil {
@@ -345,7 +345,7 @@ func (c *helmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	return nil
 }
 
-func (c *helmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
+func (c *HelmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
 	var parsed []*uo.UnstructuredObject
 
 	duplicatesRemoved, err := yaml.RemoveDuplicateFields(strings.NewReader(s))
@@ -367,7 +367,7 @@ func (c *helmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject,
 	return parsed, nil
 }
 
-func (c *helmChart) SetCredentials(credentials *repo.Entry) {
+func (c *HelmChart) SetCredentials(credentials *repo.Entry) {
 	c.credentials = credentials
 }
 
@@ -388,6 +388,6 @@ func isTestHook(h *release.Hook) bool {
 	return false
 }
 
-func (c *helmChart) Save() error {
-	return yaml.WriteYamlFile(c.configFile, c.Config)
+func (c *HelmChart) Save() error {
+	return yaml.WriteYamlFile(c.ConfigFile, c.Config)
 }

From 41271471fb25026fe1120997c1202437636c9b0f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Nov 2022 23:54:33 +0100
Subject: [PATCH 0542/2268] feat: Allow to use Helm without pre-pulling

---
 pkg/deployment/helm_chart.go | 129 +++++++++++++++++++++++++++++++++--
 1 file changed, 123 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index f5b8fcdc7..f259e6a31 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -2,6 +2,8 @@ package deployment
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -12,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
+	"github.com/rogpeppe/go-internal/lockedfile"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/chart"
 	"helm.sh/helm/v3/pkg/chart/loader"
@@ -28,6 +31,7 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"time"
 )
 
 type HelmChart struct {
@@ -101,19 +105,96 @@ func (c *HelmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, e
 	}, nil
 }
 
+func (c *HelmChart) checkNeedsPull(chartDir string, isTmp bool) (bool, bool, string, error) {
+	if !utils.IsDirectory(chartDir) {
+		return true, false, "", nil
+	}
+
+	chartYamlPath := yaml.FixPathExt(filepath.Join(chartDir, "Chart.yaml"))
+	st, err := os.Stat(chartYamlPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return true, false, "", nil
+		}
+		return false, false, "", err
+	}
+	if isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
+		// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
+		return true, false, "", nil
+	}
+
+	chartYaml, err := uo.FromFile(chartYamlPath)
+	if err != nil {
+		return false, false, "", err
+	}
+
+	version, _, _ := chartYaml.GetNestedString("version")
+	if version != *c.Config.ChartVersion {
+		return true, true, version, nil
+	}
+	return false, false, "", nil
+}
+
 func (c *HelmChart) Pull(ctx context.Context) error {
-	chartName, err := c.GetChartName()
+	chartDir, err := c.GetChartDir()
 	if err != nil {
 		return err
 	}
+	return c.doPull(ctx, chartDir)
+}
 
-	chartDir, err := c.GetChartDir()
+func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
+	chartName, err := c.GetChartName()
+	if err != nil {
+		return "", err
+	}
+
+	hash := sha256.New()
+	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.Repo)
+	_, _ = fmt.Fprintf(hash, "%s\n", chartName)
+	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.ChartVersion)
+	h := hex.EncodeToString(hash.Sum(nil))
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "helm-charts")
+	_ = os.MkdirAll(tmpDir, 0o700)
+	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", chartName, h))
+
+	lockFile := tmpDir + ".lock"
+	lock, err := lockedfile.Create(lockFile)
+	if err != nil {
+		return "", err
+	}
+	defer lock.Close()
+
+	needsPull, _, _, err := c.checkNeedsPull(tmpDir, true)
+	if err != nil {
+		return "", err
+	}
+	if !needsPull {
+		return tmpDir, nil
+	}
+	err = c.doPull(ctx, tmpDir)
+	if err != nil {
+		return "", err
+	}
+	return tmpDir, nil
+}
+
+func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
+	chartName, err := c.GetChartName()
 	if err != nil {
 		return err
 	}
 
-	targetDir := filepath.Join(filepath.Dir(c.ConfigFile), "charts")
 	_ = os.RemoveAll(chartDir)
+	_ = os.MkdirAll(filepath.Dir(chartDir), 0o700)
+
+	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "helm-pull-")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	tmpChartDir := filepath.Join(tmpDir, chartName)
 
 	cfg, err := c.buildHelmConfig(nil)
 	if err != nil {
@@ -122,7 +203,7 @@ func (c *HelmChart) Pull(ctx context.Context) error {
 	a := action.NewPullWithOpts(action.WithConfig(cfg))
 	a.Settings = cli.New()
 	a.Untar = true
-	a.DestDir = targetDir
+	a.DestDir = tmpDir
 	a.Version = *c.Config.ChartVersion
 
 	if c.credentials != nil {
@@ -142,15 +223,22 @@ func (c *HelmChart) Pull(ctx context.Context) error {
 		a.RepoURL = *c.Config.Repo
 		out, err = a.Run(chartName)
 	}
+	if err != nil {
+		return err
+	}
+
 	// a bug in the Pull command causes this directory to be created by accident
-	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tar.gz", a.Version))
-	_ = os.RemoveAll(chartDir + fmt.Sprintf("-%s.tgz", a.Version))
+	_ = os.RemoveAll(tmpChartDir + fmt.Sprintf("-%s.tar.gz", a.Version))
+	_ = os.RemoveAll(tmpChartDir + fmt.Sprintf("-%s.tgz", a.Version))
 	if out != "" {
 		status.PlainText(ctx, out)
 	}
+
+	err = os.Rename(tmpChartDir, chartDir)
 	if err != nil {
 		return err
 	}
+
 	return nil
 }
 
@@ -216,10 +304,39 @@ func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
 }
 
 func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
+	chartName, err := c.GetChartName()
+	if err != nil {
+		return err
+	}
+
 	chartDir, err := c.GetChartDir()
 	if err != nil {
 		return err
 	}
+
+	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
+	if err != nil {
+		return err
+	}
+	if needsPull {
+		if versionChanged {
+			return fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+				"Desired version is %s while pre-pulled version is %s", chartName, *c.Config.ChartVersion, prePulledVersion)
+		} else {
+			status.Warning(ctx, "Warning, need to pull Helm Chart %s with version %s. "+
+				"Please consider pre-pulling it with 'kluctl helm-pull'", chartName, *c.Config.ChartVersion)
+		}
+
+		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", chartName, *c.Config.ChartVersion)
+		defer s.Failed()
+
+		chartDir, err = c.pullTmpChart(ctx)
+		if err != nil {
+			return err
+		}
+		s.Success()
+	}
+
 	outputPath, err := c.GetFullOutputPath()
 	if err != nil {
 		return err

From 5cfde34fd9dc29fa7412a54221aadbe56fbd3c4f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 10:27:16 +0100
Subject: [PATCH 0543/2268] fix: Don't swallow errors when using simple status
 handler

---
 pkg/status/status.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/status/status.go b/pkg/status/status.go
index 50dedcdd2..2bf1ec85a 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -201,7 +201,7 @@ func (s *StatusContext) FailedWithMessage(msg string, args ...any) {
 	if s.finished {
 		return
 	}
-	s.Update(msg, args...)
+	s.UpdateAndInfoFallback(msg, args...)
 	s.Failed()
 }
 

From 752653b6fc74f23e9f05bab94df2dfbaca872687 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 10:27:50 +0100
Subject: [PATCH 0544/2268] fix: Show prefix in helmPullCmd.Run()

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 16 ++++++++--------
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index e4c510993..c4f9ff8f4 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -47,12 +47,17 @@ func (cmd *helmPullCmd) Run() error {
 			return nil
 		}
 
+		statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+		if err != nil {
+			return err
+		}
+
 		wg.Add(1)
 		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
 			defer wg.Done()
-			s := status.Start(cliCtx, "%s: Pulling Chart")
+			s := status.Start(cliCtx, "%s: Pulling Chart", statusPrefix)
 			defer s.Failed()
-			err := doPull(gitRootPath, p, cmd.HelmCredentials, s)
+			err := doPull(statusPrefix, p, cmd.HelmCredentials, s)
 			if err != nil {
 				return err
 			}
@@ -74,12 +79,7 @@ func (cmd *helmPullCmd) Run() error {
 	return nil
 }
 
-func doPull(gitRootPath string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
-	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
-	if err != nil {
-		return err
-	}
-
+func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
 	doError := func(err error) error {
 		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return err
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index d35bdb496..1d5f696a8 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -192,7 +192,7 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 		return err
 	}
 
-	err = doPull(gitRootPath, chart.ConfigFile, cmd.HelmCredentials, s)
+	err = doPull(statusPrefix, chart.ConfigFile, cmd.HelmCredentials, s)
 	if err != nil {
 		return err
 	}

From 03f9a74ac736c5e099e4759703db655eddb16a21 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:34:24 +0100
Subject: [PATCH 0545/2268] tests: Fix incomplete stdout/stderr reading from
 sub-processes

---
 e2e/utils.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index 7e7ac0d26..f8a20f9ad 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -13,6 +13,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"os/exec"
 	"reflect"
+	"sync"
 	"testing"
 )
 
@@ -69,7 +70,9 @@ func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
 		return "", "", err
 	}
 
+	var wg sync.WaitGroup
 	stdReader := func(testLogPrefix string, buf io.StringWriter, pipe io.Reader) {
+		defer wg.Done()
 		scanner := bufio.NewScanner(pipe)
 		for scanner.Scan() {
 			l := scanner.Text()
@@ -81,9 +84,15 @@ func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
 	stdoutBuf := bytes.NewBuffer(nil)
 	stderrBuf := bytes.NewBuffer(nil)
 
+	wg.Add(2)
 	go stdReader("stdout: ", stdoutBuf, stdoutPipe)
 	go stdReader("stderr: ", stderrBuf, stderrPipe)
 
-	err = cmd.Run()
+	err = cmd.Start()
+	if err != nil {
+		return "", "", err
+	}
+	wg.Wait()
+	err = cmd.Wait()
 	return stdoutBuf.String(), stderrBuf.String(), err
 }

From 91689d19493c4a987a7e987682839ac697ecb061 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:34:54 +0100
Subject: [PATCH 0546/2268] fix: Also print warnings/errors with simple status
 handler

---
 cmd/kluctl/commands/cmd_helm_update.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 1d5f696a8..6c1ed737a 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -141,13 +141,13 @@ func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployme
 		return doError(err)
 	}
 	if !updated {
-		s.Update("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
+		s.UpdateAndInfoFallback("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
 	} else {
 		msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
 		if chart.Config.SkipUpdate {
 			msg += " skipUpdate is set to true."
 		}
-		s.Update(msg)
+		s.UpdateAndInfoFallback(msg)
 	}
 	s.Success()
 

From 3fa462a8683dc69def02319afd3ce7362a58b549 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:35:14 +0100
Subject: [PATCH 0547/2268] fix: Properly skip chart updates if skipUpdate is
 true

---
 cmd/kluctl/commands/cmd_helm_update.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 6c1ed737a..ae560adab 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -69,7 +69,7 @@ func (cmd *helmUpdateCmd) Run() error {
 			mutex.Lock()
 			defer mutex.Unlock()
 
-			if updated {
+			if !chart.Config.SkipUpdate && updated {
 				updatedCharts = append(updatedCharts, &updatedChart{
 					chart:      chart,
 					newVersion: newVersion,

From 4ab482756681ad79b0427ab8423397a45062fb60 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:35:37 +0100
Subject: [PATCH 0548/2268] fix: Use temporary cache when downloading Helm
 index files

---
 pkg/deployment/helm_chart.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index f259e6a31..a7cf18b55 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -265,6 +265,12 @@ func (c *HelmChart) CheckUpdate() (string, bool, error) {
 		return "", false, err
 	}
 
+	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(), "helm-check-update-")
+	if err != nil {
+		return "", false, err
+	}
+	defer os.RemoveAll(r.CachePath)
+
 	indexFile, err := r.DownloadIndexFile()
 	if err != nil {
 		return "", false, err

From f698dd97accb8470227a0effa4950b2351251d9e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:35:47 +0100
Subject: [PATCH 0549/2268] tests: Implement Helm tests

---
 e2e/helm_test.go                             | 395 +++++++++++++++++++
 e2e/test-helm-chart/.helmignore              |  23 ++
 e2e/test-helm-chart/Chart.yaml               |   6 +
 e2e/test-helm-chart/resources.go             |   8 +
 e2e/test-helm-chart/templates/_helpers.tpl   |  62 +++
 e2e/test-helm-chart/templates/configmap.yaml |  10 +
 e2e/test-helm-chart/values.yaml              |   3 +
 internal/test-utils/git_server.go            |   7 +-
 8 files changed, 513 insertions(+), 1 deletion(-)
 create mode 100644 e2e/helm_test.go
 create mode 100644 e2e/test-helm-chart/.helmignore
 create mode 100644 e2e/test-helm-chart/Chart.yaml
 create mode 100644 e2e/test-helm-chart/resources.go
 create mode 100644 e2e/test-helm-chart/templates/_helpers.tpl
 create mode 100644 e2e/test-helm-chart/templates/configmap.yaml
 create mode 100644 e2e/test-helm-chart/values.yaml

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
new file mode 100644
index 000000000..a0a73552a
--- /dev/null
+++ b/e2e/helm_test.go
@@ -0,0 +1,395 @@
+package e2e
+
+import (
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/object"
+	test_resources "github.com/kluctl/kluctl/v2/e2e/test-helm-chart"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/cli/values"
+	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"sort"
+	"testing"
+)
+
+func createHelmPackage(t *testing.T, name string, version string) string {
+	tmpDir := t.TempDir()
+	err := utils.FsCopyDir(test_resources.HelmChartFS, ".", tmpDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	c, err := uo.FromFile(filepath.Join(tmpDir, "Chart.yaml"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_ = c.SetNestedField(name, "name")
+	_ = c.SetNestedField(version, "version")
+
+	err = yaml.WriteYamlFile(filepath.Join(tmpDir, "Chart.yaml"), c)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	settings := cli.New()
+	client := action.NewPackage()
+	client.Destination = tmpDir
+	valueOpts := &values.Options{}
+	p := getter.All(settings)
+	vals, err := valueOpts.MergeValues(p)
+	retName, err := client.Run(tmpDir, vals)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return retName
+}
+
+type repoChart struct {
+	chartName string
+	version   string
+}
+
+func createHelmRepo(t *testing.T, charts []repoChart) string {
+	tmpDir := t.TempDir()
+
+	for _, c := range charts {
+		tgz := createHelmPackage(t, c.chartName, c.version)
+		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+	}
+
+	s := httptest.NewServer(http.FileServer(http.FS(os.DirFS(tmpDir))))
+	t.Cleanup(s.Close)
+
+	i, err := repo.IndexDirectory(tmpDir, s.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	i.SortEntries()
+	err = i.WriteFile(filepath.Join(tmpDir, "index.yaml"), 0644)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return s.URL
+}
+
+func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
+
+	p.addKustomizeDeployment(dir, []kustomizeResource{
+		{name: "helm-rendered.yaml"},
+	}, nil)
+
+	p.updateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"helmChart": map[string]any{
+				"repo":         repoUrl,
+				"chartName":    chartName,
+				"chartVersion": version,
+				"releaseName":  releaseName,
+				"namespace":    namespace,
+			},
+		})
+		return nil
+	}, "")
+
+	if values != nil {
+		p.updateYaml(filepath.Join(dir, "helm-values.yaml"), func(o *uo.UnstructuredObject) error {
+			*o = *uo.FromMap(values)
+			return nil
+		}, "")
+	}
+}
+
+func TestHelmNoPrePull(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+	})
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+}
+
+func TestHelmPrePull(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+		{chartName: "test-chart2", version: "0.1.0"},
+	})
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+
+	p.KluctlMust("helm-pull")
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), nil)
+
+	p.KluctlMust("helm-pull")
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.testSlug(), "test-helm2-test-chart2")
+}
+
+func TestHelmManualUpgrade(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+		{chartName: "test-chart1", version: "0.2.0"},
+	})
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+
+	p.KluctlMust("helm-pull")
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm := assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	v, _, _ := cm.GetNestedString("data", "version")
+	assert.Equal(t, "0.1.0", v)
+
+	p.updateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("0.2.0", "helmChart", "chartVersion")
+		return nil
+	}, "")
+
+	p.KluctlMust("helm-pull")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm = assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	v, _, _ = cm.GetNestedString("data", "version")
+	assert.Equal(t, "0.2.0", v)
+}
+
+func testHelmUpdate(t *testing.T, upgrade bool, commit bool) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+		{chartName: "test-chart1", version: "0.2.0"},
+		{chartName: "test-chart2", version: "0.1.0"},
+		{chartName: "test-chart2", version: "0.3.0"},
+	})
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), nil)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.testSlug(), nil)
+
+	p.updateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipUpdate")
+		return nil
+	}, "")
+
+	p.KluctlMust("helm-pull")
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm3/charts/test-chart1/Chart.yaml"))
+
+	args := []string{"helm-update"}
+	if upgrade {
+		args = append(args, "--upgrade")
+	}
+	if commit {
+		args = append(args, "--commit")
+	}
+
+	_, stderr := p.KluctlMust(args...)
+	assert.Contains(t, stderr, "helm1: Chart has new version 0.2.0 available.")
+	assert.Contains(t, stderr, "helm2: Chart has new version 0.3.0 available.")
+	assert.Contains(t, stderr, "helm3: Chart has new version 0.2.0 available. Old version is 0.1.0. skipUpdate is set to true.")
+
+	c1, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	assert.NoError(t, err)
+	c2, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
+	assert.NoError(t, err)
+	c3, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm3/charts/test-chart1/Chart.yaml"))
+	assert.NoError(t, err)
+
+	v1, _, _ := c1.GetNestedString("version")
+	v2, _, _ := c2.GetNestedString("version")
+	v3, _, _ := c3.GetNestedString("version")
+	if upgrade {
+		assert.Equal(t, "0.2.0", v1)
+		assert.Equal(t, "0.3.0", v2)
+		assert.Equal(t, "0.1.0", v3)
+	} else {
+		assert.Equal(t, "0.1.0", v1)
+		assert.Equal(t, "0.1.0", v2)
+		assert.Equal(t, "0.1.0", v3)
+	}
+
+	if commit {
+		r := p.gitServer.GetGitRepo(p.getKluctlProjectRepo())
+
+		commits, err := r.Log(&git.LogOptions{})
+		assert.NoError(t, err)
+		var commitList []object.Commit
+		err = commits.ForEach(func(commit *object.Commit) error {
+			commitList = append(commitList, *commit)
+			return nil
+		})
+		assert.NoError(t, err)
+
+		commitList = commitList[0:2]
+		sort.Slice(commitList, func(i, j int) bool {
+			return commitList[i].Message < commitList[j].Message
+		})
+
+		assert.Equal(t, "Updated helm chart helm1 from 0.1.0 to 0.2.0", commitList[0].Message)
+		assert.Equal(t, "Updated helm chart helm2 from 0.1.0 to 0.3.0", commitList[1].Message)
+	}
+}
+
+func TestHelmUpdate(t *testing.T) {
+	testHelmUpdate(t, false, false)
+}
+
+func TestHelmUpdateAndUpgrade(t *testing.T) {
+	testHelmUpdate(t, true, false)
+}
+
+func TestHelmUpdateAndUpgradeAndCommit(t *testing.T) {
+	testHelmUpdate(t, true, true)
+}
+
+func TestHelmValues(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+		{chartName: "test-chart2", version: "0.1.0"},
+	})
+
+	values1 := map[string]any{
+		"data": map[string]any{
+			"a": "x1",
+			"b": "y1",
+		},
+	}
+	values2 := map[string]any{
+		"data": map[string]any{
+			"a": "x2",
+			"b": "y2",
+		},
+	}
+	values3 := map[string]any{
+		"data": map[string]any{
+			"a": "{{ args.a }}",
+			"b": "{{ args.b }}",
+		},
+	}
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), values1)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), values2)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.testSlug(), values3)
+
+	p.KluctlMust("helm-pull")
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+
+	cm1 := assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	cm2 := assertConfigMapExists(t, k, p.testSlug(), "test-helm2-test-chart2")
+	cm3 := assertConfigMapExists(t, k, p.testSlug(), "test-helm3-test-chart1")
+
+	assert.Equal(t, map[string]any{
+		"a":       "x1",
+		"b":       "y1",
+		"version": "0.1.0",
+	}, cm1.Object["data"])
+	assert.Equal(t, map[string]any{
+		"a":       "x2",
+		"b":       "y2",
+		"version": "0.1.0",
+	}, cm2.Object["data"])
+	assert.Equal(t, map[string]any{
+		"a":       "a",
+		"b":       "b",
+		"version": "0.1.0",
+	}, cm3.Object["data"])
+}
+
+func TestHelmTemplateChartYaml(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := &testProject{}
+	p.init(t, k)
+
+	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.testSlug()+"-a")
+	createNamespace(t, k, p.testSlug()+"-b")
+
+	repoUrl := createHelmRepo(p.t, []repoChart{
+		{chartName: "test-chart1", version: "0.1.0"},
+		{chartName: "test-chart2", version: "0.1.0"},
+	})
+
+	p.updateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.testSlug(), nil)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.testSlug(), nil)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.testSlug()+"-{{ args.a }}", nil)
+	addHelmDeployment(p, "helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.testSlug()+"-{{ args.b }}", nil)
+
+	p.KluctlMust("helm-pull")
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+
+	assertConfigMapExists(t, k, p.testSlug(), "test-helm-a-test-chart1")
+	assertConfigMapExists(t, k, p.testSlug(), "test-helm-b-test-chart2")
+	assertConfigMapExists(t, k, p.testSlug()+"-a", "test-helm-ns-test-chart1")
+	assertConfigMapExists(t, k, p.testSlug()+"-b", "test-helm-ns-test-chart1")
+}
diff --git a/e2e/test-helm-chart/.helmignore b/e2e/test-helm-chart/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/e2e/test-helm-chart/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/e2e/test-helm-chart/Chart.yaml b/e2e/test-helm-chart/Chart.yaml
new file mode 100644
index 000000000..0f3baa0c1
--- /dev/null
+++ b/e2e/test-helm-chart/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: test-helm-chart
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "0.1.0"
diff --git a/e2e/test-helm-chart/resources.go b/e2e/test-helm-chart/resources.go
new file mode 100644
index 000000000..2ad97a675
--- /dev/null
+++ b/e2e/test-helm-chart/resources.go
@@ -0,0 +1,8 @@
+package test_resources
+
+import (
+	"embed"
+)
+
+//go:embed all:*
+var HelmChartFS embed.FS
diff --git a/e2e/test-helm-chart/templates/_helpers.tpl b/e2e/test-helm-chart/templates/_helpers.tpl
new file mode 100644
index 000000000..bcbf57e17
--- /dev/null
+++ b/e2e/test-helm-chart/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "test-helm-chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "test-helm-chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "test-helm-chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "test-helm-chart.labels" -}}
+helm.sh/chart: {{ include "test-helm-chart.chart" . }}
+{{ include "test-helm-chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "test-helm-chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "test-helm-chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "test-helm-chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "test-helm-chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/e2e/test-helm-chart/templates/configmap.yaml b/e2e/test-helm-chart/templates/configmap.yaml
new file mode 100644
index 000000000..fe63edb28
--- /dev/null
+++ b/e2e/test-helm-chart/templates/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "test-helm-chart.fullname" . }}
+  labels:
+    {{- include "test-helm-chart.labels" . | nindent 4 }}
+data:
+  a: {{ .Values.data.a }}
+  b: {{ .Values.data.b }}
+  version: {{ .Chart.Version }}
diff --git a/e2e/test-helm-chart/values.yaml b/e2e/test-helm-chart/values.yaml
new file mode 100644
index 000000000..9d4b13a77
--- /dev/null
+++ b/e2e/test-helm-chart/values.yaml
@@ -0,0 +1,3 @@
+data:
+  a: v1
+  b: v2
diff --git a/internal/test-utils/git_server.go b/internal/test-utils/git_server.go
index 070e4c98e..f539dac91 100644
--- a/internal/test-utils/git_server.go
+++ b/internal/test-utils/git_server.go
@@ -243,11 +243,16 @@ func (p *GitServer) LocalRepoDir(repo string) string {
 	return filepath.Join(p.baseDir, repo)
 }
 
-func (p *GitServer) GetWorktree(repo string) *git.Worktree {
+func (p *GitServer) GetGitRepo(repo string) *git.Repository {
 	r, err := git.PlainOpen(p.LocalRepoDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
 	}
+	return r
+}
+
+func (p *GitServer) GetWorktree(repo string) *git.Worktree {
+	r := p.GetGitRepo(repo)
 	wt, err := r.Worktree()
 	if err != nil {
 		p.t.Fatal(err)

From bae9fe76d8e558911af350c2eaa96fa9e37af5bf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 14:44:32 +0100
Subject: [PATCH 0550/2268] docs: Update helm.md to mention that pre-pulling is
 optional

---
 docs/reference/deployments/helm.md | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 11794ea7d..bc49ddf0d 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -16,11 +16,17 @@ kluctl offers a simple-to-use Helm integration, which allows you to reuse many c
 The integration is split into 2 parts/steps/layers. The first is the management and pulling of the Helm Charts, while
 the second part handles configuration/customization and deployment of the chart.
 
-Pulled Helm Charts are meant to be added to version control to ensure proper speed and consistency.
+It is recommended to pre-pull Helm Charts with [`kluctl helm-pull`](../commands/helm-pull.md), which will store the
+pulled charts near the `helm-chart.yaml` file (inside the `charts` sub-directory). It is however also possible (but not
+recommended) to skip the pre-pulling phase and let kluctl pull Charts on-demand.
+
+When pre-pulling Helm Charts, you can also add the resulting Chart contents into version control. This is actually
+recommended as it ensures that the deployment will always behave the same. It also allows pull-request based reviews
+on third-party Helm Charts.
 
 ## How it works
 
-Helm charts are not directly deployed via Helm. Instead, kluctl renders the Helm Chart into a single file and then
+Helm charts are not directly installed via Helm. Instead, kluctl renders the Helm Chart into a single file and then
 hands over the rendered yaml to [kustomize](https://kustomize.io/). Rendering is done in combination with a provided
 `helm-values.yaml`, which contains the necessary values to configure the Helm Chart.
 
@@ -82,7 +88,7 @@ resource. If `output` is omitted, the default value `helm-rendered.yaml` is used
 The url to the Helm repository where the Helm Chart is located. You can use hub.helm.sh to search for repositories and
 charts and then use the repos found there.
 
-oci based repositories are also supported, for example:
+OCI based repositories are also supported, for example:
 ```yaml
 helmChart:
   repo: oci://r.myreg.io/mycharts/pepper

From 90bf499d8b81dba8ac89787f356336835d27fd3c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:14:35 +0100
Subject: [PATCH 0551/2268] fix: Fix false-positive cache hits when scheme
 changes

---
 pkg/registries/registries.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index a280438bf..48556c1e8 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -367,7 +367,7 @@ func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
 }
 
 func (rh *RegistryHelper) RoundTripCached(req *http.Request, extraKey string, onNew func(res *http.Response) error) (*http.Response, error) {
-	key := fmt.Sprintf("%s\n%s\n%s\n", req.Host, req.URL.Path, extraKey)
+	key := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n", req.URL.Scheme, req.URL.Host, req.Host, req.URL.Path, extraKey)
 	key = utils.Sha256String(key)
 
 	isNew := false

From 3447518f585d24e7b2e409fe67840ae883c4121e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:14:51 +0100
Subject: [PATCH 0552/2268] feat: Implement helm-update for OCI charts

---
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 pkg/deployment/helm_chart.go           | 29 ++++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index ae560adab..4dca7ca47 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -136,7 +136,7 @@ func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployme
 	}
 	chart.SetCredentials(creds)
 
-	newVersion, updated, err := chart.CheckUpdate()
+	newVersion, updated, err := chart.CheckUpdate(cliCtx)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index a7cf18b55..fb3b53926 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -242,10 +243,34 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	return nil
 }
 
-func (c *HelmChart) CheckUpdate() (string, bool, error) {
+func (c *HelmChart) CheckUpdate(ctx context.Context) (string, bool, error) {
 	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
-		return "", false, nil
+		return c.checkUpdateOciRepo(ctx)
 	}
+	return c.checkUpdateHelmRepo()
+}
+
+func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error) {
+	rh := registries.NewRegistryHelper(ctx)
+
+	imageName := strings.TrimPrefix(*c.Config.Repo, "oci://")
+	tags, err := rh.ListImageTags(imageName)
+	if err != nil {
+		return "", false, err
+	}
+
+	var ls versions.LooseVersionSlice
+	for _, x := range tags {
+		ls = append(ls, versions.LooseVersion(x))
+	}
+	sort.Stable(ls)
+	latestVersion := string(ls[len(ls)-1])
+
+	updated := latestVersion != *c.Config.ChartVersion
+	return latestVersion, updated, nil
+}
+
+func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 	chartName, err := c.GetChartName()
 	if err != nil {
 		return "", false, err

From 2a3b86b91d1e05e016d1cc6545ac547e879f8239 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:15:00 +0100
Subject: [PATCH 0553/2268] tests: Test OCI charts

---
 e2e/helm_test.go | 118 ++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 102 insertions(+), 16 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index a0a73552a..e4195f7f7 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/google/go-containerregistry/pkg/registry"
 	test_resources "github.com/kluctl/kluctl/v2/e2e/test-helm-chart"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -12,12 +13,16 @@ import (
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/cli/values"
 	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/pusher"
+	registry2 "helm.sh/helm/v3/pkg/registry"
 	"helm.sh/helm/v3/pkg/repo"
+	"helm.sh/helm/v3/pkg/uploader"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"sort"
+	"strings"
 	"testing"
 )
 
@@ -85,7 +90,50 @@ func createHelmRepo(t *testing.T, charts []repoChart) string {
 	return s.URL
 }
 
+func createOciRepo(t *testing.T, charts []repoChart) string {
+	tmpDir := t.TempDir()
+
+	ociRegistry := registry.New()
+	ociServer := httptest.NewServer(ociRegistry)
+
+	t.Cleanup(ociServer.Close)
+
+	ociUrl := strings.ReplaceAll(ociServer.URL, "http://", "oci://")
+
+	var out strings.Builder
+	settings := cli.New()
+	c := uploader.ChartUploader{
+		Out:     &out,
+		Pushers: pusher.All(settings),
+		Options: []pusher.Option{},
+	}
+
+	for _, chart := range charts {
+		tgz := createHelmPackage(t, chart.chartName, chart.version)
+		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+
+		err := c.UploadTo(tgz, ociUrl)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	return ociUrl
+}
+
+func createHelmOrOciRepo(t *testing.T, charts []repoChart, oci bool) string {
+	if oci {
+		return createOciRepo(t, charts)
+	} else {
+		return createHelmRepo(t, charts)
+	}
+}
+
 func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
+	if registry2.IsOCI(repoUrl) {
+		repoUrl += "/" + chartName
+		chartName = ""
+	}
 
 	p.addKustomizeDeployment(dir, []kustomizeResource{
 		{name: "helm-rendered.yaml"},
@@ -95,12 +143,14 @@ func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, ve
 		*o = *uo.FromMap(map[string]interface{}{
 			"helmChart": map[string]any{
 				"repo":         repoUrl,
-				"chartName":    chartName,
 				"chartVersion": version,
 				"releaseName":  releaseName,
 				"namespace":    namespace,
 			},
 		})
+		if chartName != "" {
+			_ = o.SetNestedField(chartName, "helmChart", "chartName")
+		}
 		return nil
 	}, "")
 
@@ -112,7 +162,7 @@ func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, ve
 	}
 }
 
-func TestHelmNoPrePull(t *testing.T) {
+func testHelmNoPrePull(t *testing.T, oci bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -122,9 +172,9 @@ func TestHelmNoPrePull(t *testing.T) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
+	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
-	})
+	}, oci)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -132,7 +182,15 @@ func TestHelmNoPrePull(t *testing.T) {
 	assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
 }
 
-func TestHelmPrePull(t *testing.T) {
+func TestHelmNoPrePull(t *testing.T) {
+	testHelmNoPrePull(t, false)
+}
+
+func TestHelmNoPrePullOci(t *testing.T) {
+	testHelmNoPrePull(t, true)
+}
+
+func testHelmPrePull(t *testing.T, oci bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -142,10 +200,10 @@ func TestHelmPrePull(t *testing.T) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
+	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart2", version: "0.1.0"},
-	})
+	}, oci)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -163,7 +221,15 @@ func TestHelmPrePull(t *testing.T) {
 	assertConfigMapExists(t, k, p.testSlug(), "test-helm2-test-chart2")
 }
 
-func TestHelmManualUpgrade(t *testing.T) {
+func TestHelmPrePull(t *testing.T) {
+	testHelmPrePull(t, false)
+}
+
+func TestHelmPrePullOci(t *testing.T) {
+	testHelmPrePull(t, true)
+}
+
+func testHelmManualUpgrade(t *testing.T, oci bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -173,10 +239,10 @@ func TestHelmManualUpgrade(t *testing.T) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
+	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart1", version: "0.2.0"},
-	})
+	}, oci)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -200,7 +266,15 @@ func TestHelmManualUpgrade(t *testing.T) {
 	assert.Equal(t, "0.2.0", v)
 }
 
-func testHelmUpdate(t *testing.T, upgrade bool, commit bool) {
+func TestHelmManualUpgrade(t *testing.T) {
+	testHelmManualUpgrade(t, false)
+}
+
+func TestHelmManualUpgradeOci(t *testing.T) {
+	testHelmManualUpgrade(t, true)
+}
+
+func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -210,12 +284,12 @@ func testHelmUpdate(t *testing.T, upgrade bool, commit bool) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
+	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart1", version: "0.2.0"},
 		{chartName: "test-chart2", version: "0.1.0"},
 		{chartName: "test-chart2", version: "0.3.0"},
-	})
+	}, oci)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -288,15 +362,27 @@ func testHelmUpdate(t *testing.T, upgrade bool, commit bool) {
 }
 
 func TestHelmUpdate(t *testing.T) {
-	testHelmUpdate(t, false, false)
+	testHelmUpdate(t, false, false, false)
+}
+
+func TestHelmUpdateOci(t *testing.T) {
+	testHelmUpdate(t, true, false, false)
 }
 
 func TestHelmUpdateAndUpgrade(t *testing.T) {
-	testHelmUpdate(t, true, false)
+	testHelmUpdate(t, false, true, false)
+}
+
+func TestHelmUpdateAndUpgradeOci(t *testing.T) {
+	testHelmUpdate(t, true, true, false)
 }
 
 func TestHelmUpdateAndUpgradeAndCommit(t *testing.T) {
-	testHelmUpdate(t, true, true)
+	testHelmUpdate(t, false, true, true)
+}
+
+func TestHelmUpdateAndUpgradeAndCommitOci(t *testing.T) {
+	testHelmUpdate(t, true, true, true)
 }
 
 func TestHelmValues(t *testing.T) {

From ea71790483532b9665fa3a81de24d25a8abb556d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:24:43 +0100
Subject: [PATCH 0554/2268] feat: Add --interactive/-i mode for helm-update

---
 cmd/kluctl/commands/cmd_helm_update.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 4dca7ca47..638d4792c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -21,6 +21,8 @@ type helmUpdateCmd struct {
 
 	Upgrade bool `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
 	Commit  bool `group:"misc" help:"Create a git commit for every updated chart"`
+
+	Interactive bool `group:"misc" short:"i" help:"Ask for every Helm Chart if it should be upgraded."`
 }
 
 func (cmd *helmUpdateCmd) Help() string {
@@ -44,6 +46,7 @@ func (cmd *helmUpdateCmd) Run() error {
 	sem := semaphore.NewWeighted(8)
 
 	type updatedChart struct {
+		path        string
 		chart       *deployment.HelmChart
 		newVersion  string
 		oldVersion  string
@@ -71,6 +74,7 @@ func (cmd *helmUpdateCmd) Run() error {
 
 			if !chart.Config.SkipUpdate && updated {
 				updatedCharts = append(updatedCharts, &updatedChart{
+					path:       p,
 					chart:      chart,
 					newVersion: newVersion,
 					oldVersion: *chart.Config.ChartVersion,
@@ -90,6 +94,10 @@ func (cmd *helmUpdateCmd) Run() error {
 		return errs.ErrorOrNil()
 	}
 
+	if cmd.Interactive {
+		sem = semaphore.NewWeighted(1)
+	}
+
 	for _, uc := range updatedCharts {
 		uc := uc
 
@@ -97,6 +105,14 @@ func (cmd *helmUpdateCmd) Run() error {
 		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
 			defer wg.Done()
 
+			if cmd.Interactive {
+				statusPrefix, _ := filepath.Rel(gitRootPath, filepath.Dir(uc.path))
+				chartName, _ := uc.chart.GetChartName()
+				if !status.AskForConfirmation(cliCtx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?", statusPrefix, chartName, uc.oldVersion, uc.newVersion)) {
+					return nil
+				}
+			}
+
 			err := cmd.pullAndCommitChart(gitRootPath, uc.chart, uc.oldVersion, uc.newVersion, &mutex)
 			if err != nil {
 				return err

From 73e65fff1cbafefafdd5bb77a601fd9005d0fd18 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:43:21 +0100
Subject: [PATCH 0555/2268] refactor: Put rendering of Helm charts into own
 function

---
 pkg/deployment/deployment_collection.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 0a379cffa..d8449cd77 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -131,10 +131,17 @@ func (c *DeploymentCollection) RenderDeployments() error {
 		return utils.NewErrorListOrNil(errors)
 	}
 	s.Success()
+	return nil
+}
 
-	s = status.Start(c.ctx.Ctx, "Rendering Helm Charts")
+func (c *DeploymentCollection) renderHelmCharts() error {
+	s := status.Start(c.ctx.Ctx, "Rendering Helm Charts")
 	defer s.Failed()
 
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	var errors []error
+
 	for _, d := range c.Deployments {
 		d := d
 		wg.Add(1)
@@ -271,6 +278,10 @@ func (c *DeploymentCollection) Prepare() error {
 	if err != nil {
 		return err
 	}
+	err = c.renderHelmCharts()
+	if err != nil {
+		return err
+	}
 	err = c.resolveSealedSecrets()
 	if err != nil {
 		return err

From f34daed0c744b93f310f8101641ca1fd5555de11 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:47:09 +0100
Subject: [PATCH 0556/2268] feat: Allow to pass Helm credentials in all
 relevant commands

---
 cmd/kluctl/args/helm_credentials.go    | 17 +++++----
 cmd/kluctl/commands/cmd_delete.go      |  2 +
 cmd/kluctl/commands/cmd_deploy.go      |  2 +
 cmd/kluctl/commands/cmd_diff.go        |  2 +
 cmd/kluctl/commands/cmd_helm_pull.go   |  8 +---
 cmd/kluctl/commands/cmd_helm_update.go |  6 +--
 cmd/kluctl/commands/cmd_list_images.go |  2 +
 cmd/kluctl/commands/cmd_poke_images.go |  2 +
 cmd/kluctl/commands/cmd_prune.go       |  2 +
 cmd/kluctl/commands/cmd_render.go      |  2 +
 cmd/kluctl/commands/cmd_seal.go        |  2 +
 cmd/kluctl/commands/cmd_validate.go    |  2 +
 cmd/kluctl/commands/utils.go           |  2 +
 pkg/deployment/deployment_item.go      |  2 +
 pkg/deployment/helm_chart.go           | 51 ++++++++++++++++++--------
 pkg/deployment/shared_context.go       |  9 +++--
 pkg/kluctl_project/target_context.go   |  2 +
 17 files changed, 77 insertions(+), 38 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 47cd25feb..451ff7ef2 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -8,10 +8,10 @@ import (
 )
 
 type HelmCredentials struct {
-	Username              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	Password              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	KeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --key-file=<credentialsId>:<path>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	InsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmUsername              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmPassword              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmKeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<credentialsId>:<path>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 }
 
 func (c *HelmCredentials) FindCredentials(repoUrl string, credentialsId *string) *repo.Entry {
@@ -28,28 +28,29 @@ func (c *HelmCredentials) FindCredentials(repoUrl string, credentialsId *string)
 		}
 
 		var e repo.Entry
-		for _, x := range c.Username {
+		for _, x := range c.HelmUsername {
 			if v, ok := splitIdAndValue(x); ok {
 				e.Username = v
 			}
 		}
-		for _, x := range c.Password {
+		for _, x := range c.HelmPassword {
 			if v, ok := splitIdAndValue(x); ok {
 				e.Password = v
 			}
 		}
-		for _, x := range c.KeyFile {
+		for _, x := range c.HelmKeyFile {
 			if v, ok := splitIdAndValue(x); ok {
 				e.KeyFile = v
 			}
 		}
-		for _, x := range c.InsecureSkipTlsVerify {
+		for _, x := range c.HelmInsecureSkipTlsVerify {
 			if x == *credentialsId {
 				e.InsecureSkipTLSverify = true
 			}
 		}
 
 		if e != (repo.Entry{}) {
+			e.URL = repoUrl
 			return &e
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 368ccd554..ecfc97814 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -20,6 +20,7 @@ type deleteCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -43,6 +44,7 @@ func (cmd *deleteCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 0e57f6e75..9b62a7aa8 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -14,6 +14,7 @@ type deployCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.ForceApplyFlags
@@ -40,6 +41,7 @@ func (cmd *deployCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index bc6fcc211..d18becfe5 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -12,6 +12,7 @@ type diffCmd struct {
 	args.ArgsFlags
 	args.InclusionFlags
 	args.ImageFlags
+	args.HelmCredentials
 	args.ForceApplyFlags
 	args.ReplaceOnErrorFlags
 	args.IgnoreFlags
@@ -33,6 +34,7 @@ func (cmd *diffCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index c4f9ff8f4..42e5da324 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -90,6 +90,8 @@ func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials,
 		return doError(err)
 	}
 
+	chart.SetCredentials(&helmCredentials)
+
 	chartName, err := chart.GetChartName()
 	if err != nil {
 		return doError(err)
@@ -97,12 +99,6 @@ func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials,
 
 	s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chartName, *chart.Config.ChartVersion)
 
-	creds := helmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
-	if chart.Config.CredentialsId != nil && creds == nil {
-		return doError(fmt.Errorf("no credentials provided"))
-	}
-	chart.SetCredentials(creds)
-
 	err = chart.Pull(cliCtx)
 	if err != nil {
 		return doError(err)
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 638d4792c..10c8a412c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -146,11 +146,7 @@ func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployme
 		return doError(err)
 	}
 
-	creds := cmd.HelmCredentials.FindCredentials(*chart.Config.Repo, chart.Config.CredentialsId)
-	if chart.Config.CredentialsId != nil && creds == nil {
-		return doError(fmt.Errorf("no credentials provided"))
-	}
-	chart.SetCredentials(creds)
+	chart.SetCredentials(&cmd.HelmCredentials)
 
 	newVersion, updated, err := chart.CheckUpdate(cliCtx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 4ec7d3543..371310ed1 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -11,6 +11,7 @@ type listImagesCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
@@ -32,6 +33,7 @@ func (cmd *listImagesCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
 	}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index e08e152c8..b28c2f369 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -13,6 +13,7 @@ type pokeImagesCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -32,6 +33,7 @@ func (cmd *pokeImagesCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 3610aed88..a9197b22f 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -12,6 +12,7 @@ type pruneCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -33,6 +34,7 @@ func (cmd *pruneCmd) Run() error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 52327efdd..f3fcf8b5c 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -14,6 +14,7 @@ type renderCmd struct {
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
+	args.HelmCredentials
 	args.RenderOutputDirFlags
 
 	OfflineKubernetes bool `group:"misc" help:"Run render in offline mode, meaning that it will not try to connect the target cluster"`
@@ -41,6 +42,7 @@ func (cmd *renderCmd) Run() error {
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
 	}
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index e2388b317..e1b2dce24 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -17,6 +17,7 @@ import (
 type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
+	args.HelmCredentials
 
 	ForceReseal       bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
 	CertFile          string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
@@ -44,6 +45,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:      cmd.ProjectFlags,
 		targetFlags:       cmd.TargetFlags,
+		helmCredentials:   cmd.HelmCredentials,
 		forSeal:           true,
 		offlineKubernetes: cmd.OfflineKubernetes,
 	}
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index b34d90a0d..4558cd76f 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -13,6 +13,7 @@ type validateCmd struct {
 	args.TargetFlags
 	args.ArgsFlags
 	args.InclusionFlags
+	args.HelmCredentials
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
@@ -33,6 +34,7 @@ func (cmd *validateCmd) Run() error {
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index cd67132ad..eab25b232 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -85,6 +85,7 @@ type projectTargetCommandArgs struct {
 	argsFlags            args.ArgsFlags
 	imageFlags           args.ImageFlags
 	inclusionFlags       args.InclusionFlags
+	helmCredentials      args.HelmCredentials
 	dryRunArgs           *args.DryRunFlags
 	renderOutputDirFlags args.RenderOutputDirFlags
 
@@ -162,6 +163,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		ForSeal:            args.forSeal,
 		Images:             images,
 		Inclusion:          inclusion,
+		HelmCredentials:    &args.helmCredentials,
 		RenderOutputDir:    renderOutputDir,
 	}
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 69cdb586f..084035ba4 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -198,6 +198,8 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
+		chart.SetCredentials(di.ctx.HelmCredentials)
+
 		ky, err := di.readKustomizationYaml(subDir)
 		if err == nil && ky != nil {
 			resources, _, _ := ky.GetNestedStringList("resources")
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index fb3b53926..214a1ed1c 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -35,10 +35,15 @@ import (
 	"time"
 )
 
+type HelmCredentialsProvider interface {
+	FindCredentials(repoUrl string, credentialsId *string) *repo.Entry
+}
+
 type HelmChart struct {
-	ConfigFile  string
-	Config      *types.HelmChartConfig
-	credentials *repo.Entry
+	ConfigFile string
+	Config     *types.HelmChartConfig
+
+	credentials HelmCredentialsProvider
 }
 
 func NewHelmChart(configFile string) (*HelmChart, error) {
@@ -207,14 +212,21 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	a.DestDir = tmpDir
 	a.Version = *c.Config.ChartVersion
 
-	if c.credentials != nil {
-		a.Username = c.credentials.Username
-		a.Password = c.credentials.Password
-		a.CertFile = c.credentials.CertFile
-		a.CaFile = c.credentials.CAFile
-		a.KeyFile = c.credentials.KeyFile
-		a.InsecureSkipTLSverify = c.credentials.InsecureSkipTLSverify
-		a.PassCredentialsAll = c.credentials.PassCredentialsAll
+	if c.Config.CredentialsId != nil {
+		if c.credentials == nil {
+			return fmt.Errorf("no credentials provider")
+		}
+		creds := c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
+		if creds == nil {
+			return fmt.Errorf("no credentials provided for Chart %s", chartName)
+		}
+		a.Username = creds.Username
+		a.Password = creds.Password
+		a.CertFile = creds.CertFile
+		a.CaFile = creds.CAFile
+		a.KeyFile = creds.KeyFile
+		a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
+		a.PassCredentialsAll = creds.PassCredentialsAll
 	}
 
 	var out string
@@ -278,8 +290,17 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 	var latestVersion string
 
 	settings := cli.New()
-	e := c.credentials
-	if e == nil {
+
+	var e *repo.Entry
+	if c.Config.CredentialsId != nil {
+		if c.credentials == nil {
+			return "", false, fmt.Errorf("no credentials provider")
+		}
+		e = c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
+		if e == nil {
+			return "", false, fmt.Errorf("no credentials provided for Chart %s", chartName)
+		}
+	} else {
 		e = &repo.Entry{
 			URL: *c.Config.Repo,
 		}
@@ -515,8 +536,8 @@ func (c *HelmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject,
 	return parsed, nil
 }
 
-func (c *HelmChart) SetCredentials(credentials *repo.Entry) {
-	c.credentials = credentials
+func (c *HelmChart) SetCredentials(p HelmCredentialsProvider) {
+	c.credentials = p
 }
 
 func checkIfInstallable(ch *chart.Chart) error {
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 3d4e3ca50..4851cbcd9 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -8,10 +8,11 @@ import (
 )
 
 type SharedContext struct {
-	Ctx        context.Context
-	K          *k8s.K8sCluster
-	RP         *repocache.GitRepoCache
-	VarsLoader *vars.VarsLoader
+	Ctx             context.Context
+	K               *k8s.K8sCluster
+	RP              *repocache.GitRepoCache
+	VarsLoader      *vars.VarsLoader
+	HelmCredentials HelmCredentialsProvider
 
 	RenderDir                         string
 	SealedSecretsDir                  string
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 3a47c0642..9af4f6c1c 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -36,6 +36,7 @@ type TargetContextParams struct {
 	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
+	HelmCredentials    deployment.HelmCredentialsProvider
 	RenderOutputDir    string
 }
 
@@ -104,6 +105,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		K:                                 k,
 		RP:                                p.RP,
 		VarsLoader:                        varsLoader,
+		HelmCredentials:                   params.HelmCredentials,
 		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,

From 155fc8e94670a9942abda9c8de52c034ec06a424 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 16:25:44 +0100
Subject: [PATCH 0557/2268] docs: Run replace-commands-help

---
 docs/reference/commands/delete.md      | 33 ++++++++++++----
 docs/reference/commands/deploy.md      | 54 ++++++++++++++++++--------
 docs/reference/commands/diff.md        | 43 +++++++++++++-------
 docs/reference/commands/helm-update.md | 34 +++++++++-------
 docs/reference/commands/list-images.md | 27 ++++++++++---
 docs/reference/commands/poke-images.md | 31 +++++++++++----
 docs/reference/commands/prune.md       | 31 +++++++++++----
 docs/reference/commands/render.md      | 25 +++++++++---
 docs/reference/commands/validate.md    | 27 ++++++++++---
 9 files changed, 221 insertions(+), 84 deletions(-)

diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 7dd91db7c..264e4c553 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -34,14 +34,31 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-  -l, --delete-by-label stringArray   Override the labels used to find objects for deletion.
-      --dry-run                       Performs all kubernetes API calls in dry-run mode.
-  -o, --output-format stringArray     Specify output format and target file, in the format 'format=path'. Format
-                                      can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                      format for yaml is currently not documented and subject to change.
-      --render-output-dir string      Specifies the target directory to render the project into. If omitted, a
-                                      temporary directory is used.
-  -y, --yes                           Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+  -l, --delete-by-label stringArray                 Override the labels used to find objects for deletion.
+      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+  -o, --output-format stringArray                   Specify output format and target file, in the format
+                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
+                                                    specified multiple times. The actual format for yaml is
+                                                    currently not documented and subject to change.
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
+                                                    would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 73ce93477..044715d7b 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -32,23 +32,43 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --abort-on-error               Abort deploying when an error occurs instead of trying the remaining deployments
-      --dry-run                      Performs all kubernetes API calls in dry-run mode.
-      --force-apply                  Force conflict resolution when applying. See documentation for details
-      --force-replace-on-error       Same as --replace-on-error, but also try to delete and re-create objects. See
-                                     documentation for more details.
-      --no-wait                      Don't wait for objects readiness'
-  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
-                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                     format for yaml is currently not documented and subject to change.
-      --readiness-timeout duration   Maximum time to wait for object readiness. The timeout is meant per-object.
-                                     Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a
-                                     default timeout of 5m is used. (default 5m0s)
-      --render-output-dir string     Specifies the target directory to render the project into. If omitted, a
-                                     temporary directory is used.
-      --replace-on-error             When patching an object fails, try to replace it. See documentation for more
-                                     details.
-  -y, --yes                          Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+      --abort-on-error                              Abort deploying when an error occurs instead of trying the
+                                                    remaining deployments
+      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
+      --force-apply                                 Force conflict resolution when applying. See documentation for
+                                                    details
+      --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
+                                                    re-create objects. See documentation for more details.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --no-wait                                     Don't wait for objects readiness'
+  -o, --output-format stringArray                   Specify output format and target file, in the format
+                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
+                                                    specified multiple times. The actual format for yaml is
+                                                    currently not documented and subject to change.
+      --readiness-timeout duration                  Maximum time to wait for object readiness. The timeout is
+                                                    meant per-object. Timeouts are in the duration format (1s, 1m,
+                                                    1h, ...). If not specified, a default timeout of 5m is used.
+                                                    (default 5m0s)
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+      --replace-on-error                            When patching an object fails, try to replace it. See
+                                                    documentation for more details.
+  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
+                                                    would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index 320833839..bb047a7c4 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -33,19 +33,36 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --force-apply                 Force conflict resolution when applying. See documentation for details
-      --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
-                                    documentation for more details.
-      --ignore-annotations          Ignores changes in annotations when diffing
-      --ignore-labels               Ignores changes in labels when diffing
-      --ignore-tags                 Ignores changes in tags when diffing
-  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
-                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
-                                    for yaml is currently not documented and subject to change.
-      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
-                                    temporary directory is used.
-      --replace-on-error            When patching an object fails, try to replace it. See documentation for more
-                                    details.
+      --force-apply                                 Force conflict resolution when applying. See documentation for
+                                                    details
+      --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
+                                                    re-create objects. See documentation for more details.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --ignore-annotations                          Ignores changes in annotations when diffing
+      --ignore-labels                               Ignores changes in labels when diffing
+      --ignore-tags                                 Ignores changes in tags when diffing
+  -o, --output-format stringArray                   Specify output format and target file, in the format
+                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
+                                                    specified multiple times. The actual format for yaml is
+                                                    currently not documented and subject to change.
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+      --replace-on-error                            When patching an object fails, try to replace it. See
+                                                    documentation for more details.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/helm-update.md b/docs/reference/commands/helm-update.md
index f9e679928..0e671b5aa 100644
--- a/docs/reference/commands/helm-update.md
+++ b/docs/reference/commands/helm-update.md
@@ -28,21 +28,25 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --commit                                 Create a git commit for every updated chart
-      --insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                               --insecure-skip-tls-verify=<credentialsId>, where <credentialsId>
-                                               must match the id specified in the helm-chart.yaml.
-      --key-file stringArray                   Specify client certificate to use for Helm Repository
-                                               authentication. Must be in the form
-                                               --key-file=<credentialsId>:<path>, where <credentialsId> must match
-                                               the id specified in the helm-chart.yaml.
-      --password stringArray                   Specify password to use for Helm Repository authentication. Must be
-                                               in the form --password=<credentialsId>:<password>, where
-                                               <credentialsId> must match the id specified in the helm-chart.yaml.
-      --upgrade                                Write new versions into helm-chart.yaml and perform helm-pull afterwards
-      --username stringArray                   Specify username to use for Helm Repository authentication. Must be
-                                               in the form --username=<credentialsId>:<username>, where
-                                               <credentialsId> must match the id specified in the helm-chart.yaml.
+      --commit                                      Create a git commit for every updated chart
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+  -i, --interactive                                 Ask for every Helm Chart if it should be upgraded.
+      --upgrade                                     Write new versions into helm-chart.yaml and perform helm-pull
+                                                    afterwards
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index e4f6f7e2f..e90fe6624 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -33,12 +33,27 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --offline-kubernetes         Run list-images in offline mode, meaning that it will not try to connect the
-                                   target cluster
-  -o, --output stringArray         Specify output target file. Can be specified multiple times
-      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
-                                   temporary directory is used.
-      --simple                     Output a simplified version of the images list
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --offline-kubernetes                          Run list-images in offline mode, meaning that it will not try
+                                                    to connect the target cluster
+  -o, --output stringArray                          Specify output target file. Can be specified multiple times
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+      --simple                                      Output a simplified version of the images list
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 8c3ba5ca8..4d16e9589 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -32,13 +32,30 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                     Performs all kubernetes API calls in dry-run mode.
-  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
-                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
-                                    for yaml is currently not documented and subject to change.
-      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
-                                    temporary directory is used.
-  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+  -o, --output-format stringArray                   Specify output format and target file, in the format
+                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
+                                                    specified multiple times. The actual format for yaml is
+                                                    currently not documented and subject to change.
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
+                                                    would answer 'yes'.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index c33800f8c..bef1d7c4b 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -28,13 +28,30 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                     Performs all kubernetes API calls in dry-run mode.
-  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
-                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
-                                    for yaml is currently not documented and subject to change.
-      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
-                                    temporary directory is used.
-  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+  -o, --output-format stringArray                   Specify output format and target file, in the format
+                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
+                                                    specified multiple times. The actual format for yaml is
+                                                    currently not documented and subject to change.
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
+                                                    would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index 2fb25364c..f27882a06 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -30,11 +30,26 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --offline-kubernetes         Run render in offline mode, meaning that it will not try to connect the target
-                                   cluster
-      --print-all                  Write all rendered manifests to stdout
-      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
-                                   temporary directory is used.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --offline-kubernetes                          Run render in offline mode, meaning that it will not try to
+                                                    connect the target cluster
+      --print-all                                   Write all rendered manifests to stdout
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index 987592774..77a0abb98 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -31,12 +31,27 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-  -o, --output stringArray         Specify output target file. Can be specified multiple times
-      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
-                                   temporary directory is used.
-      --sleep duration             Sleep duration between validation attempts (default 5s)
-      --wait duration              Wait for the given amount of time until the deployment validates
-      --warnings-as-errors         Consider warnings as failures
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
+                                                    must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+  -o, --output stringArray                          Specify output target file. Can be specified multiple times
+      --render-output-dir string                    Specifies the target directory to render the project into. If
+                                                    omitted, a temporary directory is used.
+      --sleep duration                              Sleep duration between validation attempts (default 5s)
+      --wait duration                               Wait for the given amount of time until the deployment validates
+      --warnings-as-errors                          Consider warnings as failures
 
 ```
 <!-- END SECTION -->

From bdff6953602d92e53a1ca890de9f64d878e5c809 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 21:58:28 +0100
Subject: [PATCH 0558/2268] fix: Fix panic in case of empty env vars

---
 pkg/utils/env.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/env.go b/pkg/utils/env.go
index b78f7dd39..a4b2845aa 100644
--- a/pkg/utils/env.go
+++ b/pkg/utils/env.go
@@ -42,7 +42,7 @@ func parseEnv(prefix string, withIndex bool, withSuffix bool) map[int]map[string
 	for _, e := range os.Environ() {
 		eq := strings.Index(e, "=")
 		if eq == -1 {
-			panic(fmt.Sprintf("unexpected env var %s", e))
+			continue
 		}
 		n := e[:eq]
 		v := e[eq+1:]

From b07ae7bb6f13e1e5d123ff432ba1a0235870acd4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 21:59:09 +0100
Subject: [PATCH 0559/2268] tests: Use fresh base tmp dir for each test

---
 e2e/project.go     | 1 +
 pkg/utils/utils.go | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/e2e/project.go b/e2e/project.go
index 41fd915eb..02e0b0135 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -347,6 +347,7 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
+	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", p.t.TempDir()))
 
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index b28b992eb..8796755a9 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -25,6 +25,12 @@ func GetTmpBaseDir() string {
 }
 
 func createTmpBaseDir() {
+	envTmpDir := os.Getenv("KLUCTL_BASE_TMP_DIR")
+	if envTmpDir != "" {
+		tmpBaseDir = envTmpDir
+		return
+	}
+
 	dir := filepath.Join(os.TempDir(), "kluctl-workdir")
 
 	ensureDir(dir, 0o777, true)

From d6e2d34ecadd10ff352af59f4c5852610c31e2d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 21:59:28 +0100
Subject: [PATCH 0560/2268] tests: Fix testSlug() for sub tests

---
 e2e/project.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e2e/project.go b/e2e/project.go
index 02e0b0135..bcf57d051 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -54,6 +54,7 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster) {
 func (p *testProject) testSlug() string {
 	n := p.t.Name()
 	n = xstrings.ToKebabCase(n)
+	n = strings.ReplaceAll(n, "/", "-")
 	return n
 }
 

From 90b3762ebcd44e19dc7ada9eda7554709d5dd177 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 22:09:46 +0100
Subject: [PATCH 0561/2268] refactor: Pre-calculate chartName and chartDir

---
 cmd/kluctl/commands/cmd_helm_pull.go   |   7 +-
 cmd/kluctl/commands/cmd_helm_update.go |  13 +---
 pkg/deployment/helm_chart.go           | 103 ++++++++++---------------
 3 files changed, 45 insertions(+), 78 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 42e5da324..bc55d6865 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -92,12 +92,7 @@ func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials,
 
 	chart.SetCredentials(&helmCredentials)
 
-	chartName, err := chart.GetChartName()
-	if err != nil {
-		return doError(err)
-	}
-
-	s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chartName, *chart.Config.ChartVersion)
+	s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chart.GetChartName(), *chart.Config.ChartVersion)
 
 	err = chart.Pull(cliCtx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 10c8a412c..30e4a5626 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -107,8 +107,8 @@ func (cmd *helmUpdateCmd) Run() error {
 
 			if cmd.Interactive {
 				statusPrefix, _ := filepath.Rel(gitRootPath, filepath.Dir(uc.path))
-				chartName, _ := uc.chart.GetChartName()
-				if !status.AskForConfirmation(cliCtx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?", statusPrefix, chartName, uc.oldVersion, uc.newVersion)) {
+				if !status.AskForConfirmation(cliCtx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?",
+					statusPrefix, uc.chart.GetChartName(), uc.oldVersion, uc.newVersion)) {
 					return nil
 				}
 			}
@@ -181,15 +181,10 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 		return err
 	}
 
-	chartsDir, err := chart.GetChartDir()
-	if err != nil {
-		return err
-	}
-
 	// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
 	// know what got deleted
 	oldFiles := map[string]bool{}
-	err = filepath.WalkDir(chartsDir, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(chart.GetChartDir(), func(p string, d fs.DirEntry, err error) error {
 		if d.IsDir() {
 			return nil
 		}
@@ -216,7 +211,7 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 	}
 	toAdd = append(toAdd, relToGit)
 
-	relToGit, err = filepath.Rel(gitRootPath, chartsDir)
+	relToGit, err = filepath.Rel(gitRootPath, chart.GetChartDir())
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 214a1ed1c..cf9a62766 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -44,6 +44,9 @@ type HelmChart struct {
 	Config     *types.HelmChartConfig
 
 	credentials HelmCredentialsProvider
+
+	chartName string
+	chartDir  string
 }
 
 func NewHelmChart(configFile string) (*HelmChart, error) {
@@ -57,33 +60,37 @@ func NewHelmChart(configFile string) (*HelmChart, error) {
 		ConfigFile: configFile,
 		Config:     &config,
 	}
-	return hc, nil
-}
 
-func (c *HelmChart) GetChartName() (string, error) {
-	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
-		s := strings.Split(*c.Config.Repo, "/")
+	if hc.Config.Repo != nil && registry.IsOCI(*hc.Config.Repo) {
+		s := strings.Split(*hc.Config.Repo, "/")
 		chartName := s[len(s)-1]
 		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
-			return "", fmt.Errorf("invalid oci chart url: %s", *c.Config.Repo)
+			return nil, fmt.Errorf("invalid oci chart url: %s", *hc.Config.Repo)
 		}
-		return chartName, nil
-	}
-	if c.Config.ChartName == nil {
-		return "", fmt.Errorf("chartName is missing in helm-chart.yml")
+		hc.chartName = chartName
+	} else if hc.Config.ChartName == nil {
+		return nil, fmt.Errorf("chartName is missing in helm-chart.yml")
+	} else {
+		hc.chartName = *hc.Config.ChartName
 	}
-	return *c.Config.ChartName, nil
-}
 
-func (c *HelmChart) GetChartDir() (string, error) {
-	chartName, err := c.GetChartName()
+	dir := filepath.Dir(configFile)
+	chartDir := filepath.Join(dir, "charts")
+	chartDir, err = securejoin.SecureJoin(chartDir, hc.chartName)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
+	hc.chartDir = chartDir
 
-	dir := filepath.Dir(c.ConfigFile)
-	targetDir := filepath.Join(dir, "charts")
-	return securejoin.SecureJoin(targetDir, chartName)
+	return hc, nil
+}
+
+func (c *HelmChart) GetChartName() string {
+	return c.chartName
+}
+
+func (c *HelmChart) GetChartDir() string {
+	return c.chartDir
 }
 
 func (c *HelmChart) GetOutputPath() string {
@@ -142,27 +149,18 @@ func (c *HelmChart) checkNeedsPull(chartDir string, isTmp bool) (bool, bool, str
 }
 
 func (c *HelmChart) Pull(ctx context.Context) error {
-	chartDir, err := c.GetChartDir()
-	if err != nil {
-		return err
-	}
-	return c.doPull(ctx, chartDir)
+	return c.doPull(ctx, c.chartDir)
 }
 
 func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
-	chartName, err := c.GetChartName()
-	if err != nil {
-		return "", err
-	}
-
 	hash := sha256.New()
 	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.Repo)
-	_, _ = fmt.Fprintf(hash, "%s\n", chartName)
+	_, _ = fmt.Fprintf(hash, "%s\n", c.chartName)
 	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.ChartVersion)
 	h := hex.EncodeToString(hash.Sum(nil))
 	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "helm-charts")
 	_ = os.MkdirAll(tmpDir, 0o700)
-	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", chartName, h))
+	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", c.chartName, h))
 
 	lockFile := tmpDir + ".lock"
 	lock, err := lockedfile.Create(lockFile)
@@ -186,11 +184,6 @@ func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
 }
 
 func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
-	chartName, err := c.GetChartName()
-	if err != nil {
-		return err
-	}
-
 	_ = os.RemoveAll(chartDir)
 	_ = os.MkdirAll(filepath.Dir(chartDir), 0o700)
 
@@ -200,7 +193,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	}
 	defer os.RemoveAll(tmpDir)
 
-	tmpChartDir := filepath.Join(tmpDir, chartName)
+	tmpChartDir := filepath.Join(tmpDir, c.chartName)
 
 	cfg, err := c.buildHelmConfig(nil)
 	if err != nil {
@@ -218,7 +211,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 		}
 		creds := c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
 		if creds == nil {
-			return fmt.Errorf("no credentials provided for Chart %s", chartName)
+			return fmt.Errorf("no credentials provided for Chart %s", c.chartName)
 		}
 		a.Username = creds.Username
 		a.Password = creds.Password
@@ -234,7 +227,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 		out, err = a.Run(*c.Config.Repo)
 	} else {
 		a.RepoURL = *c.Config.Repo
-		out, err = a.Run(chartName)
+		out, err = a.Run(c.chartName)
 	}
 	if err != nil {
 		return err
@@ -283,10 +276,6 @@ func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error
 }
 
 func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
-	chartName, err := c.GetChartName()
-	if err != nil {
-		return "", false, err
-	}
 	var latestVersion string
 
 	settings := cli.New()
@@ -298,7 +287,7 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 		}
 		e = c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
 		if e == nil {
-			return "", false, fmt.Errorf("no credentials provided for Chart %s", chartName)
+			return "", false, fmt.Errorf("no credentials provided for Chart %s", c.chartName)
 		}
 	} else {
 		e = &repo.Entry{
@@ -327,9 +316,9 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 		return "", false, err
 	}
 
-	indexEntry, ok := index.Entries[chartName]
+	indexEntry, ok := index.Entries[c.chartName]
 	if !ok || len(indexEntry) == 0 {
-		return "", false, fmt.Errorf("helm chart %s not found in repo index", chartName)
+		return "", false, fmt.Errorf("helm chart %s not found in repo index", c.chartName)
 	}
 
 	var ls versions.LooseVersionSlice
@@ -344,27 +333,15 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 }
 
 func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
-	chartName, err := c.GetChartName()
+	err := c.doRender(ctx, k)
 	if err != nil {
-		return err
-	}
-	err = c.doRender(ctx, k)
-	if err != nil {
-		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", chartName, c.Config.ReleaseName, err)
+		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", c.chartName, c.Config.ReleaseName, err)
 	}
 	return nil
 }
 
 func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
-	chartName, err := c.GetChartName()
-	if err != nil {
-		return err
-	}
-
-	chartDir, err := c.GetChartDir()
-	if err != nil {
-		return err
-	}
+	chartDir := c.chartDir
 
 	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
 	if err != nil {
@@ -373,13 +350,13 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	if needsPull {
 		if versionChanged {
 			return fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-				"Desired version is %s while pre-pulled version is %s", chartName, *c.Config.ChartVersion, prePulledVersion)
+				"Desired version is %s while pre-pulled version is %s", c.chartName, *c.Config.ChartVersion, prePulledVersion)
 		} else {
 			status.Warning(ctx, "Warning, need to pull Helm Chart %s with version %s. "+
-				"Please consider pre-pulling it with 'kluctl helm-pull'", chartName, *c.Config.ChartVersion)
+				"Please consider pre-pulling it with 'kluctl helm-pull'", c.chartName, *c.Config.ChartVersion)
 		}
 
-		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", chartName, *c.Config.ChartVersion)
+		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", c.chartName, *c.Config.ChartVersion)
 		defer s.Failed()
 
 		chartDir, err = c.pullTmpChart(ctx)

From 9f9865f81ec8d1b73f35830643caa556169bc5eb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 22:17:49 +0100
Subject: [PATCH 0562/2268] fix: Disable OCI credentials for now

---
 pkg/deployment/helm_chart.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index cf9a62766..1b53132c0 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -206,6 +206,10 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	a.Version = *c.Config.ChartVersion
 
 	if c.Config.CredentialsId != nil {
+		if registry.IsOCI(*c.Config.Repo) {
+			return fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
+		}
+
 		if c.credentials == nil {
 			return fmt.Errorf("no credentials provider")
 		}

From 78dde16ff1d7508707a6da106a7466067cb0f871 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 22:37:55 +0100
Subject: [PATCH 0563/2268] tests: Add tests for Helm credentials

---
 e2e/helm_test.go | 189 +++++++++++++++++++++++++++++++++--------------
 1 file changed, 133 insertions(+), 56 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index e4195f7f7..780ea9c2b 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -19,6 +19,7 @@ import (
 	"helm.sh/helm/v3/pkg/uploader"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"os"
 	"path/filepath"
 	"sort"
@@ -65,7 +66,7 @@ type repoChart struct {
 	version   string
 }
 
-func createHelmRepo(t *testing.T, charts []repoChart) string {
+func createHelmRepo(t *testing.T, charts []repoChart, password string) string {
 	tmpDir := t.TempDir()
 
 	for _, c := range charts {
@@ -73,7 +74,18 @@ func createHelmRepo(t *testing.T, charts []repoChart) string {
 		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
 	}
 
-	s := httptest.NewServer(http.FileServer(http.FS(os.DirFS(tmpDir))))
+	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if password != "" {
+			_, p, ok := r.BasicAuth()
+			if !ok || p != password {
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		fs.ServeHTTP(w, r)
+	}))
+
 	t.Cleanup(s.Close)
 
 	i, err := repo.IndexDirectory(tmpDir, s.URL)
@@ -90,15 +102,30 @@ func createHelmRepo(t *testing.T, charts []repoChart) string {
 	return s.URL
 }
 
-func createOciRepo(t *testing.T, charts []repoChart) string {
+func createOciRepo(t *testing.T, charts []repoChart, password string) string {
 	tmpDir := t.TempDir()
 
 	ociRegistry := registry.New()
-	ociServer := httptest.NewServer(ociRegistry)
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if password != "" {
+			_, p, ok := r.BasicAuth()
+			if !ok {
+				w.Header().Add("WWW-Authenticate", "Basic")
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+			if !ok || p != password {
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		ociRegistry.ServeHTTP(w, r)
+	}))
 
-	t.Cleanup(ociServer.Close)
+	t.Cleanup(s.Close)
 
-	ociUrl := strings.ReplaceAll(ociServer.URL, "http://", "oci://")
+	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
+	ociUrl2, _ := url.Parse(ociUrl)
 
 	var out strings.Builder
 	settings := cli.New()
@@ -108,6 +135,20 @@ func createOciRepo(t *testing.T, charts []repoChart) string {
 		Options: []pusher.Option{},
 	}
 
+	var registryClient *registry2.Client
+	if password != "" {
+		var err error
+		registryClient, err = registry2.NewClient()
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth("test-user", password), registry2.LoginOptInsecure(true))
+		if err != nil {
+			t.Fatal(err)
+		}
+		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
+	}
+
 	for _, chart := range charts {
 		tgz := createHelmPackage(t, chart.chartName, chart.version)
 		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
@@ -118,14 +159,18 @@ func createOciRepo(t *testing.T, charts []repoChart) string {
 		}
 	}
 
+	if registryClient != nil {
+		registryClient.Logout(ociUrl2.Host)
+	}
+
 	return ociUrl
 }
 
-func createHelmOrOciRepo(t *testing.T, charts []repoChart, oci bool) string {
+func createHelmOrOciRepo(t *testing.T, charts []repoChart, oci bool, password string) string {
 	if oci {
-		return createOciRepo(t, charts)
+		return createOciRepo(t, charts, password)
 	} else {
-		return createHelmRepo(t, charts)
+		return createHelmRepo(t, charts, password)
 	}
 }
 
@@ -162,35 +207,16 @@ func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, ve
 	}
 }
 
-func testHelmNoPrePull(t *testing.T, oci bool) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := &testProject{}
-	p.init(t, k)
-
-	createNamespace(t, k, p.testSlug())
-
-	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
-	}, oci)
-
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+type testCase struct {
+	name          string
+	oci           bool
+	testAuth      bool
+	credsId       string
+	extraArgs     []string
+	expectedError string
 }
 
-func TestHelmNoPrePull(t *testing.T) {
-	testHelmNoPrePull(t, false)
-}
-
-func TestHelmNoPrePullOci(t *testing.T) {
-	testHelmNoPrePull(t, true)
-}
-
-func testHelmPrePull(t *testing.T, oci bool) {
+func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -200,33 +226,84 @@ func testHelmPrePull(t *testing.T, oci bool) {
 
 	createNamespace(t, k, p.testSlug())
 
+	password := ""
+	if tc.testAuth {
+		password = "secret-password"
+	}
+
 	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
-		{chartName: "test-chart2", version: "0.1.0"},
-	}, oci)
+	}, tc.oci, password)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
 
-	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	if tc.testAuth {
+		if tc.credsId != "" {
+			p.updateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+				_ = o.SetNestedField(tc.credsId, "helmChart", "credentialsId")
+				return nil
+			}, "")
+		}
+	}
 
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), nil)
+	if prePull {
+		args := []string{"helm-pull"}
+		args = append(args, tc.extraArgs...)
+
+		_, stderr, err := p.Kluctl(args...)
+		if tc.expectedError != "" {
+			assert.Error(t, err)
+			assert.Contains(t, stderr, tc.expectedError)
+			return
+		} else {
+			assert.NoError(t, err)
+			assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+		}
+	}
 
-	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "test-helm2-test-chart2")
+	args := []string{"deploy", "--yes", "-t", "test"}
+	args = append(args, tc.extraArgs...)
+	_, stderr, err := p.Kluctl(args...)
+	prePullWarning := "Warning, need to pull Helm Chart test-chart1 with version 0.1.0."
+	if prePull {
+		assert.NotContains(t, stderr, prePullWarning)
+	} else {
+		assert.Contains(t, stderr, prePullWarning)
+	}
+	if tc.expectedError != "" {
+		assert.Error(t, err)
+		assert.Contains(t, stderr, tc.expectedError)
+	} else {
+		assert.NoError(t, err)
+		assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	}
 }
 
-func TestHelmPrePull(t *testing.T) {
-	testHelmPrePull(t, false)
-}
+func TestHelmPull(t *testing.T) {
+	tests := []testCase{
+		{name: "helm-no-creds"},
+		{name: "helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
+			expectedError: "no credentials provided for Chart test-chart1"},
+		{name: "helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
+			extraArgs:     []string{"--helm-username=test-creds:user", "--helm-password=test-creds:invalid"},
+			expectedError: "401 Unauthorized"},
+		{name: "helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
+			extraArgs: []string{"--helm-username=test-creds:user", "--helm-password=test-creds:secret-password"}},
+		{name: "oci", oci: true},
+		{name: "oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
+			extraArgs:     []string{"--helm-username=test-creds:user", "--helm-password=test-creds:secret-password"},
+			expectedError: "OCI charts can currently only be authenticated via registry login and not via cli arguments"},
+	}
 
-func TestHelmPrePullOci(t *testing.T) {
-	testHelmPrePull(t, true)
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			testHelmPull(t, tc, false)
+		})
+		t.Run(tc.name+"-prepull", func(t *testing.T) {
+			testHelmPull(t, tc, true)
+		})
+	}
 }
 
 func testHelmManualUpgrade(t *testing.T, oci bool) {
@@ -242,7 +319,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart1", version: "0.2.0"},
-	}, oci)
+	}, oci, "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -289,7 +366,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		{chartName: "test-chart1", version: "0.2.0"},
 		{chartName: "test-chart2", version: "0.1.0"},
 		{chartName: "test-chart2", version: "0.3.0"},
-	}, oci)
+	}, oci, "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -398,7 +475,7 @@ func TestHelmValues(t *testing.T) {
 	repoUrl := createHelmRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart2", version: "0.1.0"},
-	})
+	}, "")
 
 	values1 := map[string]any{
 		"data": map[string]any{
@@ -463,7 +540,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	repoUrl := createHelmRepo(p.t, []repoChart{
 		{chartName: "test-chart1", version: "0.1.0"},
 		{chartName: "test-chart2", version: "0.1.0"},
-	})
+	}, "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.testSlug(), nil)

From 46eea9002af77fdd539d9c2470fdd354214102ae Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 22:38:25 +0100
Subject: [PATCH 0564/2268] chore: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 9c9e527f2..8110b5859 100644
--- a/go.mod
+++ b/go.mod
@@ -59,6 +59,7 @@ require (
 
 require (
 	github.com/go-logr/logr v1.2.3
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.3.2
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.1
@@ -142,7 +143,6 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.3.1 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.5 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect

From a7f87d0444a56d51c45cd3c7c65250be7eef30c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 23:29:11 +0100
Subject: [PATCH 0565/2268] ci: Run cross-compile in own workflow and only on
 main

---
 .github/workflows/cross-compile.yaml | 36 ++++++++++++++++++++++++++++
 .github/workflows/tests.yml          | 28 ----------------------
 2 files changed, 36 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/cross-compile.yaml

diff --git a/.github/workflows/cross-compile.yaml b/.github/workflows/cross-compile.yaml
new file mode 100644
index 000000000..556c864d7
--- /dev/null
+++ b/.github/workflows/cross-compile.yaml
@@ -0,0 +1,36 @@
+name: cross-compile
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  cross-compile:
+    runs-on: ubuntu-20.04
+    if: github.event_name != 'pull_request'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.19'
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: cross-compile-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            cross-compile-go-${{ runner.os }}-
+      - name: Build kluctl (linux)
+        run: |
+          make build GOARCH=amd64 GOOS=linux
+      - name: Build kluctl (darwin)
+        run: |
+          make build GOARCH=amd64 GOOS=darwin
+      - name: Build kluctl (windows)
+        run: |
+          make build GOARCH=amd64 GOOS=windows
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2731beb35..0b99db18d 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -40,34 +40,6 @@ jobs:
             exit 1
           fi
 
-  cross-compile:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v3
-        with:
-          go-version: '1.19'
-      - uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: cross-compile-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            cross-compile-go-${{ runner.os }}-
-      - name: Build kluctl (linux)
-        run: |
-          make build GOARCH=amd64 GOOS=linux
-      - name: Build kluctl (darwin)
-        run: |
-          make build GOARCH=amd64 GOOS=darwin
-      - name: Build kluctl (windows)
-        run: |
-          make build GOARCH=amd64 GOOS=windows
-
   tests:
     strategy:
       matrix:

From c974123e5d3ec3c2c47008cd90663fdd1cc7c79b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 23:33:52 +0100
Subject: [PATCH 0566/2268] ci: In pull requests, only run e2e tests for linux

---
 .github/workflows/tests.yml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0b99db18d..08e319e0b 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -45,11 +45,11 @@ jobs:
       matrix:
         include:
           - os: ubuntu-20.04
-            binary-suffix: linux-amd64
+            run_on_pull_requests: true
           - os: macos-11
-            binary-suffix: darwin-amd64
+            run_on_pull_requests: false
           - os: windows-2019
-            binary-suffix: windows-amd64
+            run_on_pull_requests: false
         os: [ubuntu-20.04, macos-11, windows-2019]
       fail-fast: false
     runs-on: ${{ matrix.os }}
@@ -67,15 +67,17 @@ jobs:
           key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             tests-go-${{ runner.os }}-
-      - name: setup-envtest
-        shell: bash
-        run: |
-          make install-envtest
       - name: Run unit tests
         shell: bash
         run: |
           make test-unit
+      - name: setup-envtest
+        if: matrix.run_on_pull_requests || github.event_name != 'pull_request'
+        shell: bash
+        run: |
+          make install-envtest
       - name: Run e2e tests
+        if: matrix.run_on_pull_requests || github.event_name != 'pull_request'
         shell: bash
         run: |
           make test-e2e

From 6c898b13ad0cbafad02f3d282709c9f732f42f9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Nov 2022 23:41:24 +0100
Subject: [PATCH 0567/2268] ci: Wipe cache

---
 .github/workflows/tests.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 08e319e0b..92f166bb7 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -26,7 +26,7 @@ jobs:
             ~/.cache/go-build
           key: docs-check-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            docs-check-go-${{ runner.os }}-
+            docs1-check-go-${{ runner.os }}-
       - name: Check links on changed files
         run: |
           make markdown-link-check
@@ -64,9 +64,9 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          key: tests1-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            tests-go-${{ runner.os }}-
+            tests1-go-${{ runner.os }}-
       - name: Run unit tests
         shell: bash
         run: |

From 603e0716fafee9254e35bfda1e77e98c643419e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 23:02:37 +0000
Subject: [PATCH 0568/2268] chore(deps): Bump golang.org/x/crypto from 0.1.0 to
 0.2.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8110b5859..30a4da448 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
-	golang.org/x/crypto v0.1.0
+	golang.org/x/crypto v0.2.0
 	golang.org/x/net v0.2.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.2.0
diff --git a/go.sum b/go.sum
index c7ca5c92f..28eb9796f 100644
--- a/go.sum
+++ b/go.sum
@@ -870,8 +870,8 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
+golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 7028b084e1dd01049a7cc368657e7ab2436bf836 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Nov 2022 20:38:32 +0100
Subject: [PATCH 0569/2268] fix: Fix "invalid cross-device link" errors when
 pulling charts inside docker

---
 pkg/deployment/helm_chart.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 1b53132c0..0d9b4d4cb 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -184,10 +184,14 @@ func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
 }
 
 func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
+	baseDir := filepath.Dir(chartDir)
+
 	_ = os.RemoveAll(chartDir)
-	_ = os.MkdirAll(filepath.Dir(chartDir), 0o700)
+	_ = os.MkdirAll(baseDir, 0o700)
 
-	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "helm-pull-")
+	// need to use the same filesystem/volume that we later os.Rename the final pull chart to, as otherwise
+	// the rename operation will lead to errors
+	tmpDir, err := os.MkdirTemp(baseDir, c.chartName+"-pull-")
 	if err != nil {
 		return err
 	}

From f811edec55f506a07d1c158b8594a55c06f74b6d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Nov 2022 21:00:21 +0100
Subject: [PATCH 0570/2268] docs: Fix reference to long removed deleteByLabels

---
 docs/reference/commands/delete.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 264e4c553..e67295aab 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -17,7 +17,7 @@ Delete a target (or parts of it) from the corresponding cluster
 Objects are located based on 'commonLabels', configured in 'deployment.yaml'
 
 WARNING: This command will also delete objects which are not part of your deployment
-project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
+project (anymore). It really only decides based on the 'commonLabels' labels and does NOT
 take the local target/state into account!
 
 <!-- END SECTION -->

From 90d5b0f5a86d37e20356e1ee28f2480f46453cd1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Nov 2022 21:04:28 +0100
Subject: [PATCH 0571/2268] docs: Move args documentation into .kluctl.yaml
 documentation

---
 docs/reference/commands/delete.md            |  2 +-
 docs/reference/deployments/deployment-yml.md | 45 ------------------
 docs/reference/kluctl-project/README.md      | 50 +++++++++++++++++++-
 3 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index e67295aab..264e4c553 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -17,7 +17,7 @@ Delete a target (or parts of it) from the corresponding cluster
 Objects are located based on 'commonLabels', configured in 'deployment.yaml'
 
 WARNING: This command will also delete objects which are not part of your deployment
-project (anymore). It really only decides based on the 'commonLabels' labels and does NOT
+project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
 take the local target/state into account!
 
 <!-- END SECTION -->
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 7a0be122b..a8ff6252f 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -24,9 +24,6 @@ deployments:
 commonLabels:
   my.prefix/target: "{{ target.name }}"
   my.prefix/deployment-project: my-deployment-project
-
-args:
-- name: environment
 ```
 
 The following sub-chapters describe the available fields in the `deployment.yaml`
@@ -248,48 +245,6 @@ A list of common tags which are applied to all kustomize deployments and sub-dep
 
 See [tags](./tags.md) for more details.
 
-## args
-A list of arguments that can or must be passed to most kluctl operations. Each of these arguments is then available
-in templating via the global `args` object. Only the root `deployment.yaml` can contain such argument definitions.
-
-An example looks like this:
-```yaml
-deployments:
-  - path: nginx
-
-args:
-  - name: environment
-  - name: enable_debug
-    default: false
-  - name: complex_arg
-    default:
-      my:
-        nested1: arg1
-        nested2: arg2
-```
-
-These arguments can then be used in templating, e.g. by using `{{ args.environment }}`.
-
-When calling kluctl, most of the commands will then require you to specify at least `-a environment=xxx` and optionally
-`-a enable_debug=true`
-
-The following sub chapters describe the fields for argument entries.
-
-### name
-The name of the argument.
-
-### default
-If specified, the argument becomes optional and will use the given value as default when not specified.
-
-The default value can be an arbitrary yaml value, meaning that it can also be a nested dictionary. In that case, passing
-args in nested form will only set the nested value. With the above example of `complex_arg`, running:
-
-```
-kluctl deploy -t my-target -a my.nested1=override`
-```
-
-will only modify the value below `my.nested1` and keep the value of `my.nested2`.
-
 ## ignoreForDiff
 
 A list of objects and fields to ignore while performing diffs. Consider the following example:
diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index ba14d1b65..e48f33f47 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -35,13 +35,59 @@ targets:
     context: prod.example.com
     args:
       environment_name: prod
+
+args:
+  - name: environment
 ```
 
 ## Allowed fields
 
-Please check the following sub-sections of this section to see which fields are allowed at the root level of `.kluctl.yaml`.
+### targets
+
+Please check the [targets](./targets) sub-section for details.
+
+### args
+
+A list of arguments that can or must be passed to most kluctl operations. Each of these arguments is then available
+in templating via the global `args` object.
+
+An example looks like this:
+```yaml
+targets:
+...
+
+args:
+  - name: environment
+  - name: enable_debug
+    default: false
+  - name: complex_arg
+    default:
+      my:
+        nested1: arg1
+        nested2: arg2
+```
+
+These arguments can then be used in templating, e.g. by using `{{ args.environment }}`.
+
+When calling kluctl, most of the commands will then require you to specify at least `-a environment=xxx` and optionally
+`-a enable_debug=true`
+
+The following sub chapters describe the fields for argument entries.
+
+#### name
+The name of the argument.
+
+#### default
+If specified, the argument becomes optional and will use the given value as default when not specified.
+
+The default value can be an arbitrary yaml value, meaning that it can also be a nested dictionary. In that case, passing
+args in nested form will only set the nested value. With the above example of `complex_arg`, running:
+
+```
+kluctl deploy -t my-target -a my.nested1=override`
+```
 
-1. [targets](./targets)
+will only modify the value below `my.nested1` and keep the value of `my.nested2`.
 
 ## Using Kluctl without .kluctl.yaml
 

From 1c8c8abd2247d69096b361b39729c481de617476 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Nov 2022 22:16:53 +0000
Subject: [PATCH 0572/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.122 to 1.44.139

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.122 to 1.44.139.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.122...v1.44.139)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  2 +-
 go.sum | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 30a4da448..39c3fbede 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.122
+	github.com/aws/aws-sdk-go v1.44.139
 	github.com/bitnami-labs/sealed-secrets v0.19.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 28eb9796f..97ed5720e 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo=
-github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.139 h1:Mj/OZBy9RTbzJ8pfgK6rOL8xgUEAIn8pfIN6qWFtpAk=
+github.com/aws/aws-sdk-go v1.44.139/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -819,6 +819,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
@@ -907,6 +908,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -954,6 +956,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -983,6 +987,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1054,14 +1059,18 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1134,6 +1143,7 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 4025358e28d4650f43516896bcfed9e472735bdc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Nov 2022 22:17:31 +0000
Subject: [PATCH 0573/2268] chore(deps): Bump golang.org/x/crypto from 0.2.0 to
 0.3.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 30a4da448..db5547ad2 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
-	golang.org/x/crypto v0.2.0
+	golang.org/x/crypto v0.3.0
 	golang.org/x/net v0.2.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.2.0
diff --git a/go.sum b/go.sum
index 28eb9796f..842a149d9 100644
--- a/go.sum
+++ b/go.sum
@@ -870,8 +870,8 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 1b0bf313ec8b7cbae5b2bf8fea9528b302ce10f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Nov 2022 22:17:37 +0000
Subject: [PATCH 0574/2268] chore(deps): Bump github.com/huandu/xstrings from
 1.3.2 to 1.3.3

Bumps [github.com/huandu/xstrings](https://github.com/huandu/xstrings) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/huandu/xstrings/releases)
- [Commits](https://github.com/huandu/xstrings/compare/v1.3.2...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/huandu/xstrings
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 30a4da448..2d60b5875 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/huandu/xstrings v1.3.2
+	github.com/huandu/xstrings v1.3.3
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.1
 )
diff --git a/go.sum b/go.sum
index 28eb9796f..a8fae1877 100644
--- a/go.sum
+++ b/go.sum
@@ -484,8 +484,9 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=

From 47ac7e4a41d63fed3832d2f676550287fb5cbd98 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Nov 2022 11:48:42 +0100
Subject: [PATCH 0575/2268] docs: Make kustomize-deployment2 a
 simple-deployment

---
 docs/reference/deployments/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/reference/deployments/README.md b/docs/reference/deployments/README.md
index 19145cca4..36c4f42d7 100644
--- a/docs/reference/deployments/README.md
+++ b/docs/reference/deployments/README.md
@@ -49,7 +49,6 @@ Some visualized files/directories have links attached, follow them to get more i
    |-- sub-deployment/
    |   |-- deployment.yaml
    |   |-- kustomize-deployment2/
-   |   |   |-- kustomization.yaml
    |   |   |-- resource1.yaml
    |   |   `-- ...
    |   |-- kustomize-deployment3/

From 84ca198a97957d6dd58110facd807042cf6308df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Nov 2022 22:10:48 +0000
Subject: [PATCH 0576/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.139 to 1.44.140

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.139 to 1.44.140.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.139...v1.44.140)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c1e9d2c67..a8ff4d321 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.139
+	github.com/aws/aws-sdk-go v1.44.140
 	github.com/bitnami-labs/sealed-secrets v0.19.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index b9fdb39d8..b5bd674c7 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.139 h1:Mj/OZBy9RTbzJ8pfgK6rOL8xgUEAIn8pfIN6qWFtpAk=
-github.com/aws/aws-sdk-go v1.44.139/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.140 h1:6MxVSiAORc6AG+oh6401TEgWHb1ZzFL8y6+eBLoJtdU=
+github.com/aws/aws-sdk-go v1.44.140/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 0579d250447bfafa0e31a4136351561e60515da2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Nov 2022 22:53:40 +0000
Subject: [PATCH 0577/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.19.1...v0.19.2)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  4 ++--
 go.sum | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index a8ff4d321..8f2d91554 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/aws/aws-sdk-go v1.44.140
-	github.com/bitnami-labs/sealed-secrets v0.19.1
+	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.8.0
@@ -193,7 +193,7 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.13.0 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
diff --git a/go.sum b/go.sum
index b5bd674c7..77ae9e7db 100644
--- a/go.sum
+++ b/go.sum
@@ -137,8 +137,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.19.1 h1:ZNLcVtTXRf7VkyNzyhe9omlwNYI0OHDteTbIHsQI7Ug=
-github.com/bitnami-labs/sealed-secrets v0.19.1/go.mod h1:5UcsiOdOoviJUtXY1GNSeFa8zezbBY+j9pQAA2RtKyw=
+github.com/bitnami-labs/sealed-secrets v0.19.2 h1:0NpJCAhfDTkZ2u3PJaRWSynxlg55ssHxPQNn8T5JNPU=
+github.com/bitnami-labs/sealed-secrets v0.19.2/go.mod h1:KjTgHdD22gpjERjT1rA8yi4P4EkccMhRR2JW6Ctfu6g=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -654,8 +654,8 @@ github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo/v2 v2.1.6 h1:Fx2POJZfKRQcM1pH49qSZiYeu319wji004qX+GDovrU=
-github.com/onsi/gomega v1.20.2 h1:8uQq0zMgLEfa0vRrrBgaJF2gyW9Da9BmfGV+OyUzfkY=
+github.com/onsi/ginkgo/v2 v2.5.0 h1:TRtrvv2vdQqzkwrQ1ke6vtXf7IK34RBUJafIy1wMwls=
+github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -694,8 +694,8 @@ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
-github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=

From 87c683f52efa37b10c2b573162ffc6c10cff0a44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 19 Nov 2022 19:27:14 +0000
Subject: [PATCH 0578/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.140 to 1.44.142

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.140 to 1.44.142.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.140...v1.44.142)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8f2d91554..9b323e838 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.140
+	github.com/aws/aws-sdk-go v1.44.142
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 77ae9e7db..2b2ef6427 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.140 h1:6MxVSiAORc6AG+oh6401TEgWHb1ZzFL8y6+eBLoJtdU=
-github.com/aws/aws-sdk-go v1.44.140/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.142 h1:KZ1/FDwCSft1DuNllFaBtWpcG0CW2NgQjvOrE1TdlXE=
+github.com/aws/aws-sdk-go v1.44.142/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From cc88ac875c01265a183e5b0e2e8a07d7287cbbe4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 21 Nov 2022 13:29:38 +0100
Subject: [PATCH 0579/2268] fix: Fix race condition due to use of
 GoLimitedMultiError

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  4 +---
 cmd/kluctl/commands/cmd_helm_update.go | 10 ++--------
 pkg/utils/limited_routine.go           | 12 +++++++++---
 3 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index bc55d6865..af62259f1 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -52,9 +52,7 @@ func (cmd *helmPullCmd) Run() error {
 			return err
 		}
 
-		wg.Add(1)
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
-			defer wg.Done()
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
 			s := status.Start(cliCtx, "%s: Pulling Chart", statusPrefix)
 			defer s.Failed()
 			err := doPull(statusPrefix, p, cmd.HelmCredentials, s)
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 30e4a5626..7d6fc14f0 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -60,10 +60,7 @@ func (cmd *helmUpdateCmd) Run() error {
 			return nil
 		}
 
-		wg.Add(1)
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
-			defer wg.Done()
-
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
 			chart, newVersion, updated, err := cmd.doCheckUpdate(gitRootPath, p)
 			if err != nil {
 				return err
@@ -101,10 +98,7 @@ func (cmd *helmUpdateCmd) Run() error {
 	for _, uc := range updatedCharts {
 		uc := uc
 
-		wg.Add(1)
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, func() error {
-			defer wg.Done()
-
+		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
 			if cmd.Interactive {
 				statusPrefix, _ := filepath.Rel(gitRootPath, filepath.Dir(uc.path))
 				if !status.AskForConfirmation(cliCtx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?",
diff --git a/pkg/utils/limited_routine.go b/pkg/utils/limited_routine.go
index 7653bfc26..f38a1bdde 100644
--- a/pkg/utils/limited_routine.go
+++ b/pkg/utils/limited_routine.go
@@ -7,8 +7,14 @@ import (
 	"sync"
 )
 
-func GoLimited(ctx context.Context, sem *semaphore.Weighted, fn func(), errCb func(err error)) {
+func GoLimited(ctx context.Context, sem *semaphore.Weighted, wg *sync.WaitGroup, fn func(), errCb func(err error)) {
+	if wg != nil {
+		wg.Add(1)
+	}
 	go func() {
+		if wg != nil {
+			defer wg.Done()
+		}
 		err := sem.Acquire(ctx, 1)
 		if err != nil {
 			if errCb != nil {
@@ -21,13 +27,13 @@ func GoLimited(ctx context.Context, sem *semaphore.Weighted, fn func(), errCb fu
 	}()
 }
 
-func GoLimitedMultiError(ctx context.Context, sem *semaphore.Weighted, merr **multierror.Error, mutex *sync.Mutex, fn func() error) {
+func GoLimitedMultiError(ctx context.Context, sem *semaphore.Weighted, merr **multierror.Error, mutex *sync.Mutex, wg *sync.WaitGroup, fn func() error) {
 	errCb := func(err error) {
 		mutex.Lock()
 		defer mutex.Unlock()
 		*merr = multierror.Append(*merr, err)
 	}
-	GoLimited(ctx, sem, func() {
+	GoLimited(ctx, sem, wg, func() {
 		err := fn()
 		if err != nil {
 			errCb(err)

From e2c9361f34a2e8d4661fb2ffd00c82907bba796c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Nov 2022 22:48:37 +0000
Subject: [PATCH 0580/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.142 to 1.44.144

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.142 to 1.44.144.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.142...v1.44.144)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9b323e838..57851c7ab 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.142
+	github.com/aws/aws-sdk-go v1.44.144
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 2b2ef6427..aa745abe8 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.142 h1:KZ1/FDwCSft1DuNllFaBtWpcG0CW2NgQjvOrE1TdlXE=
-github.com/aws/aws-sdk-go v1.44.142/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.144 h1:mMWdnYL8HZsobrQe1mwvQ18Xt8UbOVhWgipjuma5Mkg=
+github.com/aws/aws-sdk-go v1.44.144/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From ebba705357714fefeeeba390ccb012865924e17e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Nov 2022 22:07:33 +0000
Subject: [PATCH 0581/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.144 to 1.44.145

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.144 to 1.44.145.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.144...v1.44.145)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 57851c7ab..7108d7e82 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.144
+	github.com/aws/aws-sdk-go v1.44.145
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index aa745abe8..89ad58cea 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.144 h1:mMWdnYL8HZsobrQe1mwvQ18Xt8UbOVhWgipjuma5Mkg=
-github.com/aws/aws-sdk-go v1.44.144/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.145 h1:KMVRrIyjBsNz3xGPuHIRnhIuKlb5h3Ii5e5jbi3cgnc=
+github.com/aws/aws-sdk-go v1.44.145/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From d5ddbfa41f102882146b297a02ad5c26926aad2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Nov 2022 10:53:45 +0100
Subject: [PATCH 0582/2268] feat: Allow to pass SOPS decrypter from outside

This is the preparation for SOPS support in the flux-kluctl-controller
---
 pkg/deployment/deployment_item.go    | 31 +--------------
 pkg/deployment/shared_context.go     |  2 +
 pkg/kluctl_project/load.go           | 16 +++++---
 pkg/kluctl_project/project.go        |  6 ++-
 pkg/kluctl_project/project_load.go   |  4 +-
 pkg/kluctl_project/target_context.go |  3 +-
 pkg/sops/sops_decryptor.go           | 21 +++++++++++
 pkg/sops/utils.go                    | 56 ++++++++++++++++++++++++++++
 pkg/vars/vars_loader.go              | 27 +++++++-------
 pkg/vars/vars_loader_test.go         |  3 +-
 pkg/yaml/yaml.go                     |  4 --
 11 files changed, 116 insertions(+), 57 deletions(-)
 create mode 100644 pkg/sops/sops_decryptor.go
 create mode 100644 pkg/sops/utils.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 084035ba4..d6d1ad573 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,14 +3,12 @@ package deployment
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
-	"go.mozilla.org/sops/v3/decrypt"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
@@ -490,31 +488,6 @@ func (di *DeploymentItem) prepareKustomizationYaml() (*uo.UnstructuredObject, er
 	return ky, nil
 }
 
-func (di *DeploymentItem) decryptSopsFile(p string) error {
-	file, err := os.ReadFile(p)
-	if err != nil {
-		return fmt.Errorf("failed to read file %s: %w", p, err)
-	}
-
-	if !yaml.IsMaybeSopsFile(file) {
-		return nil
-	}
-
-	decrypted, err := decrypt.DataWithFormat(file, formats.FormatForPath(p))
-	if err == sops.MetadataNotFound {
-		// not encrypted, so bail out
-		return nil
-	} else if err != nil {
-		return fmt.Errorf("failed to decrypt file %s: %w", p, err)
-	}
-
-	err = os.WriteFile(p, decrypted, 0o600)
-	if err != nil {
-		return fmt.Errorf("failed to save decrypted file %s: %w", p, err)
-	}
-	return nil
-}
-
 func (di *DeploymentItem) buildKustomize() error {
 	if di.dir == nil {
 		return nil
@@ -535,7 +508,7 @@ func (di *DeploymentItem) buildKustomize() error {
 	for _, r := range resources {
 		p := filepath.Join(di.RenderedDir, r)
 		if utils.IsFile(p) {
-			err = di.decryptSopsFile(p)
+			err = sops.MaybeDecryptFile(di.ctx.SopsDecrypter, p)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 4851cbcd9..f5334c195 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
 
@@ -11,6 +12,7 @@ type SharedContext struct {
 	Ctx             context.Context
 	K               *k8s.K8sCluster
 	RP              *repocache.GitRepoCache
+	SopsDecrypter   sops.SopsDecrypter
 	VarsLoader      *vars.VarsLoader
 	HelmCredentials HelmCredentialsProvider
 
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index d5d8ec704..d477429b8 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,6 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
@@ -11,11 +12,16 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 	defer status.Trace(ctx, "leave LoadKluctlProject")
 
 	p := &LoadedKluctlProject{
-		ctx:      ctx,
-		loadArgs: args,
-		TmpDir:   tmpDir,
-		J2:       j2,
-		RP:       args.RP,
+		ctx:           ctx,
+		loadArgs:      args,
+		TmpDir:        tmpDir,
+		J2:            j2,
+		RP:            args.RP,
+		SopsDecrypter: args.SopsDecrypter,
+	}
+
+	if p.SopsDecrypter == nil {
+		p.SopsDecrypter = &sops.LocalSopsDecrypter{}
 	}
 
 	err := p.loadKluctlProject()
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 7d36b0872..1701abfc2 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 )
 
@@ -23,8 +24,9 @@ type LoadedKluctlProject struct {
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
 
-	J2 *jinja2.Jinja2
-	RP *repocache.GitRepoCache
+	J2            *jinja2.Jinja2
+	RP            *repocache.GitRepoCache
+	SopsDecrypter sops.SopsDecrypter
 }
 
 func (c *LoadedKluctlProject) FindBaseTarget(name string) (*types2.Target, error) {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index c4a2b20b9..dfe0cbe2d 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,6 +2,7 @@ package kluctl_project
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -15,7 +16,8 @@ type LoadKluctlProjectArgs struct {
 	ProjectDir    string
 	ProjectConfig string
 
-	RP *repocache.GitRepoCache
+	SopsDecrypter sops.SopsDecrypter
+	RP            *repocache.GitRepoCache
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 9af4f6c1c..952c44d85 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -91,7 +91,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		s.Success()
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.RP, aws.NewClientFactory())
+	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory())
 
 	if params.ForSeal {
 		err = p.loadSecrets(target, varsCtx, varsLoader)
@@ -104,6 +104,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		Ctx:                               ctx,
 		K:                                 k,
 		RP:                                p.RP,
+		SopsDecrypter:                     p.SopsDecrypter,
 		VarsLoader:                        varsLoader,
 		HelmCredentials:                   params.HelmCredentials,
 		RenderDir:                         params.RenderOutputDir,
diff --git a/pkg/sops/sops_decryptor.go b/pkg/sops/sops_decryptor.go
new file mode 100644
index 000000000..474d9872d
--- /dev/null
+++ b/pkg/sops/sops_decryptor.go
@@ -0,0 +1,21 @@
+package sops
+
+import (
+	"fmt"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"go.mozilla.org/sops/v3/decrypt"
+)
+
+type SopsDecrypter interface {
+	SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) ([]byte, error)
+}
+
+type LocalSopsDecrypter struct {
+}
+
+func (_ LocalSopsDecrypter) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) ([]byte, error) {
+	if inputFormat != outputFormat {
+		return nil, fmt.Errorf("inputFormat and outputFormat must be equal")
+	}
+	return decrypt.DataWithFormat(data, inputFormat)
+}
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
new file mode 100644
index 000000000..39a1d85b2
--- /dev/null
+++ b/pkg/sops/utils.go
@@ -0,0 +1,56 @@
+package sops
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"go.mozilla.org/sops/v3"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"os"
+)
+
+func IsMaybeSopsFile(s []byte) bool {
+	return bytes.Index(s, []byte("sops")) != -1
+}
+
+func MaybeDecrypt(decrypter SopsDecrypter, encrypted []byte, inputFormat, outputFormat formats.Format) ([]byte, bool, error) {
+	if decrypter == nil {
+		return encrypted, false, nil
+	}
+
+	if !IsMaybeSopsFile(encrypted) {
+		return encrypted, false, nil
+	}
+
+	d, err := decrypter.SopsDecryptWithFormat(encrypted, inputFormat, outputFormat)
+	if err != nil {
+		if errors.Is(err, sops.MetadataNotFound) {
+			return encrypted, false, nil
+		}
+		return nil, false, err
+	}
+	return d, true, nil
+}
+
+func MaybeDecryptFile(decrypter SopsDecrypter, path string) error {
+	format := formats.FormatForPath(path)
+
+	file, err := os.ReadFile(path)
+	if err != nil {
+		return fmt.Errorf("failed to read file %s: %w", path, err)
+	}
+
+	decrypted, encrypted, err := MaybeDecrypt(decrypter, file, format, format)
+	if err != nil {
+		return fmt.Errorf("failed to decrypt file %s: %w", path, err)
+	}
+	if !encrypted {
+		return nil
+	}
+
+	err = os.WriteFile(path, decrypted, 0o600)
+	if err != nil {
+		return fmt.Errorf("failed to save decrypted file %s: %w", path, err)
+	}
+	return nil
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 0dd5e66eb..226a5d5e3 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -14,9 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"go.mozilla.org/sops/v3"
 	"go.mozilla.org/sops/v3/cmd/sops/formats"
-	"go.mozilla.org/sops/v3/decrypt"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"strings"
@@ -28,18 +27,20 @@ type usernamePassword struct {
 }
 
 type VarsLoader struct {
-	ctx context.Context
-	k   *k8s.K8sCluster
-	rp  *repocache.GitRepoCache
-	aws aws.AwsClientFactory
+	ctx  context.Context
+	k    *k8s.K8sCluster
+	sops sops.SopsDecrypter
+	rp   *repocache.GitRepoCache
+	aws  aws.AwsClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops sops.SopsDecrypter, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
+		sops:             sops,
 		rp:               rp,
 		aws:              aws,
 		credentialsCache: map[string]usernamePassword{},
@@ -110,14 +111,12 @@ func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string
 		return fmt.Errorf("failed to render vars file %s: %w", path, err)
 	}
 
-	if yaml.IsMaybeSopsFile([]byte(rendered)) {
-		decrypted, err := decrypt.DataWithFormat([]byte(rendered), formats.FormatForPath(path))
-		if err != nil && err != sops.MetadataNotFound {
-			return fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
-		} else if err == nil {
-			rendered = string(decrypted)
-		}
+	format := formats.FormatForPath(path)
+	decrypted, _, err := sops.MaybeDecrypt(v.sops, []byte(rendered), format, format)
+	if err != nil {
+		return fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
 	}
+	rendered = string(decrypted)
 
 	newVars := uo.New()
 	err = yaml.ReadYamlString(rendered, newVars)
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 95db5f20f..95fff9e9a 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -56,7 +57,7 @@ func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aw
 	grc := newRP(t)
 	fakeAws := aws.NewFakeClientFactory()
 
-	vl := NewVarsLoader(context.TODO(), k, grc, fakeAws)
+	vl := NewVarsLoader(context.TODO(), k, &sops.LocalSopsDecrypter{}, grc, fakeAws)
 	vc := NewVarsCtx(newJinja2Must(t))
 
 	test(vl, vc, fakeAws)
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 0dde23fad..89610c94a 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -285,7 +285,3 @@ func Exists(p string) bool {
 	p = FixPathExt(p)
 	return utils.Exists(p)
 }
-
-func IsMaybeSopsFile(s []byte) bool {
-	return bytes.Index(s, []byte("sops")) != -1
-}

From 9b8f27efec2a535500466c9e2d71174d76ab855a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Nov 2022 15:58:30 +0100
Subject: [PATCH 0583/2268] fix: Fix simulation of dryRun creation into fresh
 namespaces

The ApplyUtil only tracks applied objects of the current deployment item
but not objects that were previously applied by other instances. This
causes namespaces to be considered "non-existent" when not created in the
same item. This is fixed by globally tracking created namespaces.
---
 pkg/deployment/utils/apply_utils.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 440b83e76..2bee3e50d 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -46,7 +46,8 @@ type ApplyUtil struct {
 	deletedHookObjects map[k8s2.ObjectRef]bool
 	mutex              sync.Mutex
 
-	abortSignal *atomic.Value
+	abortSignal   *atomic.Value
+	allNamespaces *sync.Map
 
 	ru   *RemoteObjectUtils
 	k    *k8s.K8sCluster
@@ -65,6 +66,11 @@ type ApplyDeploymentsUtil struct {
 
 	abortSignal atomic.Value
 
+	// Used to track all created namespaces
+	// All ApplyUtil instances write to this in parallel and we ignore that order might be unstable
+	// This is only used to simulate dryRun apply into new namespaces
+	allNamespaces sync.Map
+
 	resultsMutex sync.Mutex
 	results      []*ApplyUtil
 }
@@ -94,6 +100,7 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *sta
 		deletedObjects:     map[k8s2.ObjectRef]bool{},
 		deletedHookObjects: map[k8s2.ObjectRef]bool{},
 		abortSignal:        &ad.abortSignal,
+		allNamespaces:      &ad.allNamespaces,
 		ru:                 ad.ru,
 		k:                  ad.k,
 		o:                  ad.o,
@@ -297,8 +304,7 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		x = x.Clone()
 		x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
 	} else if a.o.DryRun && remoteNamespace == nil && ref.Namespace != "" {
-		nsRef := k8s2.NewObjectRef("", "v1", "Namespace", ref.Namespace, "")
-		if _, ok := a.appliedObjects[nsRef]; ok {
+		if _, ok := a.allNamespaces.Load(ref.Namespace); ok {
 			// The namespace does not really exist, but would have been created if dryRun would be false.
 			// So let's pretend we deploy it to the default namespace with a dummy name
 			usesDummyName = true
@@ -318,6 +324,9 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		_ = r.ReplaceValues(tmpName, ref.Name)
 		r.SetK8sNamespace(ref.Namespace)
 	}
+	if r != nil && ref.GVK.GroupKind().String() == "Namespace" {
+		a.allNamespaces.Store(ref.Name, r)
+	}
 	a.handleApiWarnings(ref, apiWarnings)
 	if err == nil {
 		a.handleResult(r, hook)

From 121881e88e6c1a1b31a4e16ebe93803fa0d612f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 10:38:46 +0100
Subject: [PATCH 0584/2268] fix: Make check for overwritten fields managers
 more strict

Otherwise field managers that for example contain "kluctl" somewhere
in-between are overwritten as well. Noticed this while working on the
flux-kluctl-controller.
---
 pkg/diff/managed_fields.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 1a5a36673..9fa5d1d69 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -18,11 +18,11 @@ type LostOwnership struct {
 
 var forceApplyFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/force-apply-field(-\d*)?$`)
 var overwriteAllowedManagers = []*regexp.Regexp{
-	regexp.MustCompile("kluctl"),
-	regexp.MustCompile("kubectl"),
-	regexp.MustCompile("kubectl-.*"),
-	regexp.MustCompile("rancher"),
-	regexp.MustCompile("k9s"),
+	regexp.MustCompile("^kluctl$"),
+	regexp.MustCompile("^kubectl$"),
+	regexp.MustCompile("^kubectl-.*$"),
+	regexp.MustCompile("^rancher$"),
+	regexp.MustCompile("^k9s$"),
 }
 
 func checkListItemMatch(o interface{}, pathElement fieldpath.PathElement, index int) (bool, error) {

From d7aac60ee0aede00b325cb2bdf4a9cc462e41d19 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 15:59:02 +0100
Subject: [PATCH 0585/2268] tests: Move test-utils package below e2e

---
 e2e/default_clusters.go                                  | 2 +-
 e2e/flux_test.go                                         | 2 +-
 e2e/hooks_test.go                                        | 2 +-
 e2e/inclusion_test.go                                    | 2 +-
 e2e/project.go                                           | 2 +-
 e2e/seal_test.go                                         | 2 +-
 {internal => e2e}/test-utils/envtest_cluster.go          | 0
 {internal => e2e}/test-utils/envtest_cluster_callback.go | 0
 {internal => e2e}/test-utils/git_server.go               | 0
 e2e/test_resources/resources.go                          | 2 +-
 e2e/utils.go                                             | 2 +-
 pkg/vars/vars_loader_test.go                             | 2 +-
 12 files changed, 9 insertions(+), 9 deletions(-)
 rename {internal => e2e}/test-utils/envtest_cluster.go (100%)
 rename {internal => e2e}/test-utils/envtest_cluster_callback.go (100%)
 rename {internal => e2e}/test-utils/git_server.go (100%)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 3ef14c5c8..3baff99ef 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -1,8 +1,8 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
 )
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index b796e792d..5cd90eec7 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -10,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 863ba6af3..663c8fb22 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -10,7 +11,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	"testing"
 
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index a50564854..84e61ad8e 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	"github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
 	"reflect"
diff --git a/e2e/project.go b/e2e/project.go
index bcf57d051..1443b4901 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -5,7 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/imdario/mergo"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/tools/clientcmd"
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index c5b9268bf..c172f060b 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -6,8 +6,8 @@ import (
 	"encoding/pem"
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	"github.com/kluctl/kluctl/v2/internal/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/internal/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
similarity index 100%
rename from internal/test-utils/envtest_cluster.go
rename to e2e/test-utils/envtest_cluster.go
diff --git a/internal/test-utils/envtest_cluster_callback.go b/e2e/test-utils/envtest_cluster_callback.go
similarity index 100%
rename from internal/test-utils/envtest_cluster_callback.go
rename to e2e/test-utils/envtest_cluster_callback.go
diff --git a/internal/test-utils/git_server.go b/e2e/test-utils/git_server.go
similarity index 100%
rename from internal/test-utils/git_server.go
rename to e2e/test-utils/git_server.go
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index f374d2ee0..fa1754bff 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -3,7 +3,7 @@ package test_resources
 import (
 	"context"
 	"embed"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
diff --git a/e2e/utils.go b/e2e/utils.go
index f8a20f9ad..bd8eb8e63 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -4,7 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io"
 	v1 "k8s.io/api/core/v1"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 95fff9e9a..9b46900c8 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	test_utils "github.com/kluctl/kluctl/v2/internal/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"

From 95f6242dceb3360aaf9edac964097267702082bb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:25:55 +0100
Subject: [PATCH 0586/2268] tests: Move Helm Repo utils into test-utils

---
 e2e/helm_test.go                  | 194 +++---------------------------
 e2e/test-utils/helm_repo_utils.go | 163 +++++++++++++++++++++++++
 2 files changed, 183 insertions(+), 174 deletions(-)
 create mode 100644 e2e/test-utils/helm_repo_utils.go

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 780ea9c2b..e5d5b9952 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -3,174 +3,20 @@ package e2e
 import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
-	"github.com/google/go-containerregistry/pkg/registry"
-	test_resources "github.com/kluctl/kluctl/v2/e2e/test-helm-chart"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
-	"helm.sh/helm/v3/pkg/action"
-	"helm.sh/helm/v3/pkg/cli"
-	"helm.sh/helm/v3/pkg/cli/values"
-	"helm.sh/helm/v3/pkg/getter"
-	"helm.sh/helm/v3/pkg/pusher"
 	registry2 "helm.sh/helm/v3/pkg/registry"
-	"helm.sh/helm/v3/pkg/repo"
-	"helm.sh/helm/v3/pkg/uploader"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"os"
 	"path/filepath"
 	"sort"
-	"strings"
 	"testing"
 )
 
-func createHelmPackage(t *testing.T, name string, version string) string {
-	tmpDir := t.TempDir()
-	err := utils.FsCopyDir(test_resources.HelmChartFS, ".", tmpDir)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	c, err := uo.FromFile(filepath.Join(tmpDir, "Chart.yaml"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_ = c.SetNestedField(name, "name")
-	_ = c.SetNestedField(version, "version")
-
-	err = yaml.WriteYamlFile(filepath.Join(tmpDir, "Chart.yaml"), c)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	settings := cli.New()
-	client := action.NewPackage()
-	client.Destination = tmpDir
-	valueOpts := &values.Options{}
-	p := getter.All(settings)
-	vals, err := valueOpts.MergeValues(p)
-	retName, err := client.Run(tmpDir, vals)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return retName
-}
-
-type repoChart struct {
-	chartName string
-	version   string
-}
-
-func createHelmRepo(t *testing.T, charts []repoChart, password string) string {
-	tmpDir := t.TempDir()
-
-	for _, c := range charts {
-		tgz := createHelmPackage(t, c.chartName, c.version)
-		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
-	}
-
-	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if password != "" {
-			_, p, ok := r.BasicAuth()
-			if !ok || p != password {
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-		}
-		fs.ServeHTTP(w, r)
-	}))
-
-	t.Cleanup(s.Close)
-
-	i, err := repo.IndexDirectory(tmpDir, s.URL)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	i.SortEntries()
-	err = i.WriteFile(filepath.Join(tmpDir, "index.yaml"), 0644)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return s.URL
-}
-
-func createOciRepo(t *testing.T, charts []repoChart, password string) string {
-	tmpDir := t.TempDir()
-
-	ociRegistry := registry.New()
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if password != "" {
-			_, p, ok := r.BasicAuth()
-			if !ok {
-				w.Header().Add("WWW-Authenticate", "Basic")
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-			if !ok || p != password {
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-		}
-		ociRegistry.ServeHTTP(w, r)
-	}))
-
-	t.Cleanup(s.Close)
-
-	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
-	ociUrl2, _ := url.Parse(ociUrl)
-
-	var out strings.Builder
-	settings := cli.New()
-	c := uploader.ChartUploader{
-		Out:     &out,
-		Pushers: pusher.All(settings),
-		Options: []pusher.Option{},
-	}
-
-	var registryClient *registry2.Client
-	if password != "" {
-		var err error
-		registryClient, err = registry2.NewClient()
-		if err != nil {
-			t.Fatal(err)
-		}
-		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth("test-user", password), registry2.LoginOptInsecure(true))
-		if err != nil {
-			t.Fatal(err)
-		}
-		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
-	}
-
-	for _, chart := range charts {
-		tgz := createHelmPackage(t, chart.chartName, chart.version)
-		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
-
-		err := c.UploadTo(tgz, ociUrl)
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	if registryClient != nil {
-		registryClient.Logout(ociUrl2.Host)
-	}
-
-	return ociUrl
-}
-
-func createHelmOrOciRepo(t *testing.T, charts []repoChart, oci bool, password string) string {
+func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, password string) string {
 	if oci {
-		return createOciRepo(t, charts, password)
+		return test_utils.CreateOciRepo(t, charts, password)
 	} else {
-		return createHelmRepo(t, charts, password)
+		return test_utils.CreateHelmRepo(t, charts, password)
 	}
 }
 
@@ -231,8 +77,8 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 		password = "secret-password"
 	}
 
-	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
+	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
 	}, tc.oci, password)
 
 	p.updateTarget("test", nil)
@@ -316,9 +162,9 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
-		{chartName: "test-chart1", version: "0.2.0"},
+	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
 	}, oci, "")
 
 	p.updateTarget("test", nil)
@@ -361,11 +207,11 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmOrOciRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
-		{chartName: "test-chart1", version: "0.2.0"},
-		{chartName: "test-chart2", version: "0.1.0"},
-		{chartName: "test-chart2", version: "0.3.0"},
+	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
+		{ChartName: "test-chart2", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.3.0"},
 	}, oci, "")
 
 	p.updateTarget("test", nil)
@@ -472,9 +318,9 @@ func TestHelmValues(t *testing.T) {
 
 	createNamespace(t, k, p.testSlug())
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
-		{chartName: "test-chart2", version: "0.1.0"},
+	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "")
 
 	values1 := map[string]any{
@@ -537,9 +383,9 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	createNamespace(t, k, p.testSlug()+"-a")
 	createNamespace(t, k, p.testSlug()+"-b")
 
-	repoUrl := createHelmRepo(p.t, []repoChart{
-		{chartName: "test-chart1", version: "0.1.0"},
-		{chartName: "test-chart2", version: "0.1.0"},
+	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "")
 
 	p.updateTarget("test", nil)
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
new file mode 100644
index 000000000..afe54a276
--- /dev/null
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -0,0 +1,163 @@
+package test_utils
+
+import (
+	"github.com/google/go-containerregistry/pkg/registry"
+	test_resources "github.com/kluctl/kluctl/v2/e2e/test-helm-chart"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/cli/values"
+	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/pusher"
+	registry2 "helm.sh/helm/v3/pkg/registry"
+	"helm.sh/helm/v3/pkg/repo"
+	"helm.sh/helm/v3/pkg/uploader"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func createHelmPackage(t *testing.T, name string, version string) string {
+	tmpDir := t.TempDir()
+	err := utils.FsCopyDir(test_resources.HelmChartFS, ".", tmpDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	c, err := uo.FromFile(filepath.Join(tmpDir, "Chart.yaml"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_ = c.SetNestedField(name, "name")
+	_ = c.SetNestedField(version, "version")
+
+	err = yaml.WriteYamlFile(filepath.Join(tmpDir, "Chart.yaml"), c)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	settings := cli.New()
+	client := action.NewPackage()
+	client.Destination = tmpDir
+	valueOpts := &values.Options{}
+	p := getter.All(settings)
+	vals, err := valueOpts.MergeValues(p)
+	retName, err := client.Run(tmpDir, vals)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return retName
+}
+
+type RepoChart struct {
+	ChartName string
+	Version   string
+}
+
+func CreateHelmRepo(t *testing.T, charts []RepoChart, password string) string {
+	tmpDir := t.TempDir()
+
+	for _, c := range charts {
+		tgz := createHelmPackage(t, c.ChartName, c.Version)
+		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+	}
+
+	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if password != "" {
+			_, p, ok := r.BasicAuth()
+			if !ok || p != password {
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		fs.ServeHTTP(w, r)
+	}))
+
+	t.Cleanup(s.Close)
+
+	i, err := repo.IndexDirectory(tmpDir, s.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	i.SortEntries()
+	err = i.WriteFile(filepath.Join(tmpDir, "index.yaml"), 0644)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return s.URL
+}
+
+func CreateOciRepo(t *testing.T, charts []RepoChart, password string) string {
+	tmpDir := t.TempDir()
+
+	ociRegistry := registry.New()
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if password != "" {
+			_, p, ok := r.BasicAuth()
+			if !ok {
+				w.Header().Add("WWW-Authenticate", "Basic")
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+			if !ok || p != password {
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		ociRegistry.ServeHTTP(w, r)
+	}))
+
+	t.Cleanup(s.Close)
+
+	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
+	ociUrl2, _ := url.Parse(ociUrl)
+
+	var out strings.Builder
+	settings := cli.New()
+	c := uploader.ChartUploader{
+		Out:     &out,
+		Pushers: pusher.All(settings),
+		Options: []pusher.Option{},
+	}
+
+	var registryClient *registry2.Client
+	if password != "" {
+		var err error
+		registryClient, err = registry2.NewClient()
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth("test-user", password), registry2.LoginOptInsecure(true))
+		if err != nil {
+			t.Fatal(err)
+		}
+		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
+	}
+
+	for _, chart := range charts {
+		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
+		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+
+		err := c.UploadTo(tgz, ociUrl)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if registryClient != nil {
+		registryClient.Logout(ociUrl2.Host)
+	}
+
+	return ociUrl
+}

From 8e531507d95cfd7ca922c6057b4a7ed65818a0c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:33:48 +0100
Subject: [PATCH 0587/2268] tests: Also pass username to test Helm repos

---
 e2e/helm_test.go                  | 24 +++++++++++++-----------
 e2e/test-utils/helm_repo_utils.go | 16 ++++++++--------
 2 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index e5d5b9952..8b9adf1c5 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -12,11 +12,11 @@ import (
 	"testing"
 )
 
-func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, password string) string {
+func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, user string, password string) string {
 	if oci {
-		return test_utils.CreateOciRepo(t, charts, password)
+		return test_utils.CreateOciRepo(t, charts, user, password)
 	} else {
-		return test_utils.CreateHelmRepo(t, charts, password)
+		return test_utils.CreateHelmRepo(t, charts, user, password)
 	}
 }
 
@@ -72,14 +72,16 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	createNamespace(t, k, p.testSlug())
 
+	user := ""
 	password := ""
 	if tc.testAuth {
+		user = "test-user"
 		password = "secret-password"
 	}
 
 	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, tc.oci, password)
+	}, tc.oci, user, password)
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -132,13 +134,13 @@ func TestHelmPull(t *testing.T) {
 		{name: "helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
 			expectedError: "no credentials provided for Chart test-chart1"},
 		{name: "helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
-			extraArgs:     []string{"--helm-username=test-creds:user", "--helm-password=test-creds:invalid"},
+			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:invalid"},
 			expectedError: "401 Unauthorized"},
 		{name: "helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
-			extraArgs: []string{"--helm-username=test-creds:user", "--helm-password=test-creds:secret-password"}},
+			extraArgs: []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:secret-password"}},
 		{name: "oci", oci: true},
 		{name: "oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
-			extraArgs:     []string{"--helm-username=test-creds:user", "--helm-password=test-creds:secret-password"},
+			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:secret-password"},
 			expectedError: "OCI charts can currently only be authenticated via registry login and not via cli arguments"},
 	}
 
@@ -165,7 +167,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
-	}, oci, "")
+	}, oci, "", "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -212,7 +214,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		{ChartName: "test-chart1", Version: "0.2.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.3.0"},
-	}, oci, "")
+	}, oci, "", "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
@@ -321,7 +323,7 @@ func TestHelmValues(t *testing.T) {
 	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "")
+	}, "", "")
 
 	values1 := map[string]any{
 		"data": map[string]any{
@@ -386,7 +388,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "")
+	}, "", "")
 
 	p.updateTarget("test", nil)
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.testSlug(), nil)
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index afe54a276..631b2a677 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -62,7 +62,7 @@ type RepoChart struct {
 	Version   string
 }
 
-func CreateHelmRepo(t *testing.T, charts []RepoChart, password string) string {
+func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password string) string {
 	tmpDir := t.TempDir()
 
 	for _, c := range charts {
@@ -73,8 +73,8 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, password string) string {
 	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if password != "" {
-			_, p, ok := r.BasicAuth()
-			if !ok || p != password {
+			u, p, ok := r.BasicAuth()
+			if !ok || u != username || p != password {
 				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
 				return
 			}
@@ -98,19 +98,19 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, password string) string {
 	return s.URL
 }
 
-func CreateOciRepo(t *testing.T, charts []RepoChart, password string) string {
+func CreateOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
 	tmpDir := t.TempDir()
 
 	ociRegistry := registry.New()
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if password != "" {
-			_, p, ok := r.BasicAuth()
+		if username != "" || password != "" {
+			u, p, ok := r.BasicAuth()
 			if !ok {
 				w.Header().Add("WWW-Authenticate", "Basic")
 				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
 				return
 			}
-			if !ok || p != password {
+			if u != username || p != password {
 				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
 				return
 			}
@@ -138,7 +138,7 @@ func CreateOciRepo(t *testing.T, charts []RepoChart, password string) string {
 		if err != nil {
 			t.Fatal(err)
 		}
-		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth("test-user", password), registry2.LoginOptInsecure(true))
+		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth(username, password), registry2.LoginOptInsecure(true))
 		if err != nil {
 			t.Fatal(err)
 		}

From 203ceed998e0d3a62fb235130d13790e31c450b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:48:16 +0100
Subject: [PATCH 0588/2268] tests: Get rid of redundant name in hooks tests

---
 e2e/hooks_test.go | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 663c8fb22..c94827e4d 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -92,7 +92,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	})
 }
 
-func prepareHookTestProject(t *testing.T, name string, hook string, hookDeletionPolicy string) *hooksTestContext {
+func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string) *hooksTestContext {
 	s := &hooksTestContext{
 		t: t,
 		k: defaultCluster2, // use cluster2 as it has webhooks setup
@@ -133,21 +133,21 @@ func (s *hooksTestContext) ensureHookNotExecuted() {
 
 func TestHooksPreDeployInitial(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "pre-deploy-initial", "pre-deploy-initial", "")
+	s := prepareHookTestProject(t, "pre-deploy-initial", "")
 	s.ensureHookExecuted("hook1", "cm1")
 	s.ensureHookExecuted("cm1")
 }
 
 func TestHooksPostDeployInitial(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "post-deploy-initial", "post-deploy-initial", "")
+	s := prepareHookTestProject(t, "post-deploy-initial", "")
 	s.ensureHookExecuted("cm1", "hook1")
 	s.ensureHookExecuted("cm1")
 }
 
 func TestHooksPreDeployUpgrade(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "pre-deploy-upgrade", "pre-deploy-upgrade", "")
+	s := prepareHookTestProject(t, "pre-deploy-upgrade", "")
 	s.ensureHookExecuted("cm1")
 	s.ensureHookExecuted("hook1", "cm1")
 	s.ensureHookExecuted("hook1", "cm1")
@@ -155,58 +155,58 @@ func TestHooksPreDeployUpgrade(t *testing.T) {
 
 func TestHooksPostDeployUpgrade(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "post-deploy-upgrade", "post-deploy-upgrade", "")
+	s := prepareHookTestProject(t, "post-deploy-upgrade", "")
 	s.ensureHookExecuted("cm1")
 	s.ensureHookExecuted("cm1", "hook1")
 	s.ensureHookExecuted("cm1", "hook1")
 }
 
-func doTestHooksPreDeploy(t *testing.T, name string, hooks string) {
-	s := prepareHookTestProject(t, name, hooks, "")
+func doTestHooksPreDeploy(t *testing.T, hooks string) {
+	s := prepareHookTestProject(t, hooks, "")
 	s.ensureHookExecuted("hook1", "cm1")
 	s.ensureHookExecuted("hook1", "cm1")
 }
 
-func doTestHooksPostDeploy(t *testing.T, name string, hooks string) {
-	s := prepareHookTestProject(t, name, hooks, "")
+func doTestHooksPostDeploy(t *testing.T, hooks string) {
+	s := prepareHookTestProject(t, hooks, "")
 	s.ensureHookExecuted("cm1", "hook1")
 	s.ensureHookExecuted("cm1", "hook1")
 }
 
-func doTestHooksPrePostDeploy(t *testing.T, name string, hooks string) {
-	s := prepareHookTestProject(t, name, hooks, "")
+func doTestHooksPrePostDeploy(t *testing.T, hooks string) {
+	s := prepareHookTestProject(t, hooks, "")
 	s.ensureHookExecuted("hook1", "cm1", "hook1")
 	s.ensureHookExecuted("hook1", "cm1", "hook1")
 }
 
 func TestHooksPreDeploy(t *testing.T) {
 	t.Parallel()
-	doTestHooksPreDeploy(t, "pre-deploy", "pre-deploy")
+	doTestHooksPreDeploy(t, "pre-deploy")
 }
 
 func TestHooksPreDeploy2(t *testing.T) {
 	t.Parallel()
 	// same as pre-deploy
-	doTestHooksPreDeploy(t, "pre-deploy2", "pre-deploy-initial,pre-deploy-upgrade")
+	doTestHooksPreDeploy(t, "pre-deploy-initial,pre-deploy-upgrade")
 }
 
 func TestHooksPostDeploy(t *testing.T) {
 	t.Parallel()
-	doTestHooksPostDeploy(t, "post-deploy", "post-deploy")
+	doTestHooksPostDeploy(t, "post-deploy")
 }
 
 func TestHooksPostDeploy2(t *testing.T) {
 	t.Parallel()
 	// same as post-deploy
-	doTestHooksPostDeploy(t, "post-deploy2", "post-deploy-initial,post-deploy-upgrade")
+	doTestHooksPostDeploy(t, "post-deploy-initial,post-deploy-upgrade")
 }
 
 func TestHooksPrePostDeploy(t *testing.T) {
 	t.Parallel()
-	doTestHooksPrePostDeploy(t, "pre-post-deploy", "pre-deploy,post-deploy")
+	doTestHooksPrePostDeploy(t, "pre-deploy,post-deploy")
 }
 
 func TestHooksPrePostDeploy2(t *testing.T) {
 	t.Parallel()
-	doTestHooksPrePostDeploy(t, "pre-post-deploy2", "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
+	doTestHooksPrePostDeploy(t, "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
 }

From 30e646f1020a66c43dd613975825852330c7d1b3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:50:44 +0100
Subject: [PATCH 0589/2268] tests: Implement and use NewTestProject

---
 e2e/args_test.go             |  9 ++----
 e2e/contexts_test.go         |  5 ++-
 e2e/deployment_items_test.go |  6 ++--
 e2e/flux_test.go             |  3 +-
 e2e/helm_test.go             | 17 ++++------
 e2e/hooks_test.go            |  5 ++-
 e2e/inclusion_test.go        |  7 ++--
 e2e/no_target_test.go        |  5 ++-
 e2e/project.go               | 62 ++++++++++++++++++++----------------
 e2e/seal_test.go             | 11 +++----
 e2e/sops_test.go             |  6 ++--
 e2e/utils_resources.go       |  4 +--
 12 files changed, 64 insertions(+), 76 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 05e38fe97..17e772568 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -12,8 +12,7 @@ func testArgs(t *testing.T, deprecated bool) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -136,8 +135,7 @@ func TestArgsFromEnv(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -170,8 +168,7 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index a6e2a0898..55296bac2 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -6,9 +6,8 @@ import (
 	"testing"
 )
 
-func prepareContextTest(t *testing.T) *testProject {
-	p := &testProject{}
-	p.init(t, defaultCluster1)
+func prepareContextTest(t *testing.T) *TestProject {
+	p := NewTestProject(t, defaultCluster1)
 	p.mergeKubeconfig(defaultCluster2)
 
 	createNamespace(t, defaultCluster1, p.testSlug())
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index a9fa3c5b6..23d4c0bad 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -10,8 +10,7 @@ func TestKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -39,8 +38,7 @@ func TestGeneratedKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 5cd90eec7..b9f49d496 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -36,8 +36,7 @@ func TestFluxCommands(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	var wg sync.WaitGroup
 	wg.Add(2)
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 8b9adf1c5..cb4a588f5 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -20,7 +20,7 @@ func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool,
 	}
 }
 
-func addHelmDeployment(p *testProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
+func addHelmDeployment(p *TestProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
 	if registry2.IsOCI(repoUrl) {
 		repoUrl += "/" + chartName
 		chartName = ""
@@ -67,8 +67,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -159,8 +158,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -204,8 +202,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -315,8 +312,7 @@ func TestHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -378,8 +374,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 	createNamespace(t, k, p.testSlug()+"-a")
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index c94827e4d..54df6986e 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -18,7 +18,7 @@ type hooksTestContext struct {
 	t *testing.T
 	k *test_utils.EnvTestCluster
 
-	p *testProject
+	p *TestProject
 
 	seenConfigMaps []string
 
@@ -96,11 +96,10 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	s := &hooksTestContext{
 		t: t,
 		k: defaultCluster2, // use cluster2 as it has webhooks setup
-		p: &testProject{},
 	}
 	s.setupWebhook()
 
-	s.p.init(t, s.k)
+	s.p = NewTestProject(t, s.k)
 	t.Cleanup(func() {
 		s.removeWebhook()
 	})
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 84e61ad8e..1a212cc4d 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -8,10 +8,9 @@ import (
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*testProject, *test_utils.EnvTestCluster) {
+func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*TestProject, *test_utils.EnvTestCluster) {
 	k := defaultCluster1
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -41,7 +40,7 @@ func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*testProject,
 	return p, k
 }
 
-func assertExistsHelper(t *testing.T, p *testProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
+func assertExistsHelper(t *testing.T, p *TestProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
 	for _, x := range add {
 		shouldExists[x] = true
 	}
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 01cdfe738..433df873d 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -7,9 +7,8 @@ import (
 	"testing"
 )
 
-func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *testProject {
-	p := &testProject{}
-	p.init(t, defaultCluster1)
+func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
+	p := NewTestProject(t, defaultCluster1)
 	p.mergeKubeconfig(defaultCluster2)
 
 	createNamespace(t, defaultCluster1, p.testSlug())
diff --git a/e2e/project.go b/e2e/project.go
index 1443b4901..afbb0fc0c 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -18,7 +18,7 @@ import (
 	"testing"
 )
 
-type testProject struct {
+type TestProject struct {
 	t        *testing.T
 	extraEnv []string
 
@@ -27,8 +27,11 @@ type testProject struct {
 	gitServer *test_utils.GitServer
 }
 
-func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster) {
-	p.t = t
+func NewTestProject(t *testing.T, k *test_utils.EnvTestCluster) *TestProject {
+	p := &TestProject{
+		t: t,
+	}
+
 	p.gitServer = test_utils.NewGitServer(t)
 	p.gitServer.GitInit(p.getKluctlProjectRepo())
 
@@ -48,17 +51,20 @@ func (p *testProject) init(t *testing.T, k *test_utils.EnvTestCluster) {
 	t.Cleanup(func() {
 		os.Remove(p.mergedKubeconfig)
 	})
-	p.mergeKubeconfig(k)
+	if k != nil {
+		p.mergeKubeconfig(k)
+	}
+	return p
 }
 
-func (p *testProject) testSlug() string {
+func (p *TestProject) testSlug() string {
 	n := p.t.Name()
 	n = xstrings.ToKebabCase(n)
 	n = strings.ReplaceAll(n, "/", "-")
 	return n
 }
 
-func (p *testProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
+func (p *TestProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.Load(k.Kubeconfig)
 		if err != nil {
@@ -72,7 +78,7 @@ func (p *testProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	})
 }
 
-func (p *testProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
+func (p *TestProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
 	mkcfg, err := clientcmd.LoadFromFile(p.mergedKubeconfig)
 	if err != nil {
 		p.t.Fatal(err)
@@ -86,11 +92,11 @@ func (p *testProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config
 	}
 }
 
-func (p *testProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
+func (p *TestProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
 	p.updateYaml(".kluctl.yml", update, "")
 }
 
-func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
+func (p *TestProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
 	p.updateYaml(filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
 			o.SetNestedField(p.testSlug(), "commonLabels", "project_name")
@@ -99,17 +105,17 @@ func (p *testProject) updateDeploymentYaml(dir string, update func(o *uo.Unstruc
 	}, "")
 }
 
-func (p *testProject) updateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
+func (p *TestProject) updateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
 	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), path, func(o *uo.UnstructuredObject) error {
 		return update(o)
 	}, message)
 }
 
-func (p *testProject) updateFile(path string, update func(f string) (string, error), message string) {
+func (p *TestProject) updateFile(path string, update func(f string) (string, error), message string) {
 	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), path, update, message)
 }
 
-func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
+func (p *TestProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
 	if err != nil {
 		p.t.Fatal(err)
@@ -117,7 +123,7 @@ func (p *testProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
 	return o
 }
 
-func (p *testProject) listDeploymentItemPathes(dir string, fullPath bool) []string {
+func (p *TestProject) listDeploymentItemPathes(dir string, fullPath bool) []string {
 	var ret []string
 	o := p.getDeploymentYaml(dir)
 	l, _, err := o.GetNestedObjectList("deployments")
@@ -141,7 +147,7 @@ func (p *testProject) listDeploymentItemPathes(dir string, fullPath bool) []stri
 	return ret
 }
 
-func (p *testProject) updateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
+func (p *TestProject) updateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
 	wt := p.gitServer.GetWorktree(p.getKluctlProjectRepo())
 
 	pth := filepath.Join(dir, "kustomization.yml")
@@ -150,15 +156,15 @@ func (p *testProject) updateKustomizeDeployment(dir string, update func(o *uo.Un
 	}, fmt.Sprintf("Update kustomization.yml for %s", dir))
 }
 
-func (p *testProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
+func (p *TestProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
 	p.updateNamedListItem(uo.KeyPath{"targets"}, name, cb)
 }
 
-func (p *testProject) updateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
+func (p *TestProject) updateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
 	p.updateNamedListItem(uo.KeyPath{"secretsConfig", "secretSets"}, name, cb)
 }
 
-func (p *testProject) updateNamedListItem(path uo.KeyPath, name string, cb func(item *uo.UnstructuredObject)) {
+func (p *TestProject) updateNamedListItem(path uo.KeyPath, name string, cb func(item *uo.UnstructuredObject)) {
 	if cb == nil {
 		cb = func(target *uo.UnstructuredObject) {}
 	}
@@ -188,7 +194,7 @@ func (p *testProject) updateNamedListItem(path uo.KeyPath, name string, cb func(
 	})
 }
 
-func (p *testProject) updateDeploymentItems(dir string, update func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject) {
+func (p *TestProject) updateDeploymentItems(dir string, update func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject) {
 	p.updateDeploymentYaml(dir, func(o *uo.UnstructuredObject) error {
 		items, _, _ := o.GetNestedObjectList("deployments")
 		items = update(items)
@@ -196,7 +202,7 @@ func (p *testProject) updateDeploymentItems(dir string, update func(items []*uo.
 	})
 }
 
-func (p *testProject) addDeploymentItem(dir string, item *uo.UnstructuredObject) {
+func (p *TestProject) addDeploymentItem(dir string, item *uo.UnstructuredObject) {
 	p.updateDeploymentItems(dir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
 		for _, x := range items {
 			if reflect.DeepEqual(x, item) {
@@ -208,7 +214,7 @@ func (p *testProject) addDeploymentItem(dir string, item *uo.UnstructuredObject)
 	})
 }
 
-func (p *testProject) addDeploymentInclude(dir string, includePath string, tags []string) {
+func (p *TestProject) addDeploymentInclude(dir string, includePath string, tags []string) {
 	n := uo.FromMap(map[string]interface{}{
 		"include": includePath,
 	})
@@ -218,7 +224,7 @@ func (p *testProject) addDeploymentInclude(dir string, includePath string, tags
 	p.addDeploymentItem(dir, n)
 }
 
-func (p *testProject) addDeploymentIncludes(dir string) {
+func (p *TestProject) addDeploymentIncludes(dir string) {
 	var pp []string
 	for _, x := range strings.Split(dir, "/") {
 		if x != "." {
@@ -228,7 +234,7 @@ func (p *testProject) addDeploymentIncludes(dir string) {
 	}
 }
 
-func (p *testProject) addKustomizeDeployment(dir string, resources []kustomizeResource, tags []string) {
+func (p *TestProject) addKustomizeDeployment(dir string, resources []kustomizeResource, tags []string) {
 	deploymentDir := filepath.Dir(dir)
 	if deploymentDir != "" {
 		p.addDeploymentIncludes(deploymentDir)
@@ -262,7 +268,7 @@ func (p *testProject) addKustomizeDeployment(dir string, resources []kustomizeRe
 	})
 }
 
-func (p *testProject) convertInterfaceToList(x interface{}) []interface{} {
+func (p *TestProject) convertInterfaceToList(x interface{}) []interface{} {
 	var ret []interface{}
 	if l, ok := x.([]interface{}); ok {
 		return l
@@ -288,7 +294,7 @@ type kustomizeResource struct {
 	content  interface{}
 }
 
-func (p *testProject) addKustomizeResources(dir string, resources []kustomizeResource) {
+func (p *TestProject) addKustomizeResources(dir string, resources []kustomizeResource) {
 	p.updateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
 		l, _, _ := o.GetNestedList("resources")
 		for _, r := range resources {
@@ -314,7 +320,7 @@ func (p *testProject) addKustomizeResources(dir string, resources []kustomizeRes
 	})
 }
 
-func (p *testProject) deleteKustomizeDeployment(dir string) {
+func (p *TestProject) deleteKustomizeDeployment(dir string) {
 	deploymentDir := filepath.Dir(dir)
 	p.updateDeploymentItems(deploymentDir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
 		var newItems []*uo.UnstructuredObject
@@ -329,11 +335,11 @@ func (p *testProject) deleteKustomizeDeployment(dir string) {
 	})
 }
 
-func (p *testProject) getKluctlProjectRepo() string {
+func (p *TestProject) getKluctlProjectRepo() string {
 	return "kluctl-project"
 }
 
-func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
+func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
@@ -365,7 +371,7 @@ func (p *testProject) Kluctl(argsIn ...string) (string, string, error) {
 	return stdout, stderr, err
 }
 
-func (p *testProject) KluctlMust(argsIn ...string) (string, string) {
+func (p *TestProject) KluctlMust(argsIn ...string) (string, string) {
 	stdout, stderr, err := p.Kluctl(argsIn...)
 	if err != nil {
 		p.t.Logf(stderr)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index c172f060b..bf64c78a8 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -85,7 +85,7 @@ func startCertServer() (*certServer, error) {
 	return &cs, nil
 }
 
-func addProxyVars(p *testProject) {
+func addProxyVars(p *TestProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
 		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
@@ -97,9 +97,8 @@ func addProxyVars(p *testProject) {
 	f(1, defaultCluster2, certServer2)
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *testProject {
-	p := &testProject{}
-	p.init(t, k)
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *TestProject {
+	p := NewTestProject(t, k)
 
 	if proxy {
 		addProxyVars(p)
@@ -115,13 +114,13 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[str
 	return p
 }
 
-func addSecretsSet(p *testProject, name string, varsSources []*uo.UnstructuredObject) {
+func addSecretsSet(p *TestProject, name string, varsSources []*uo.UnstructuredObject) {
 	p.updateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
 		_ = secretSet.SetNestedField(varsSources, "vars")
 	})
 }
 
-func addSecretsSetToTarget(p *testProject, targetName string, secretSetName string) {
+func addSecretsSetToTarget(p *TestProject, targetName string, secretSetName string) {
 	p.updateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index ee9af770a..c7e3f127f 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -13,8 +13,7 @@ func TestSopsVars(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
@@ -54,8 +53,7 @@ func TestSopsResources(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := &testProject{}
-	p.init(t, k)
+	p := NewTestProject(t, k)
 
 	createNamespace(t, k, p.testSlug())
 
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 073b246c5..9c8f03fae 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -51,14 +51,14 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 	return o
 }
 
-func addConfigMapDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
+func addConfigMapDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
 	p.addKustomizeDeployment(dir, []kustomizeResource{
 		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
 	}, opts.tags)
 }
 
-func addSecretDeployment(p *testProject, dir string, data map[string]string, opts resourceOpts) {
+func addSecretDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
 	p.addKustomizeDeployment(dir, []kustomizeResource{

From 82b5844237f3c39a05680f341d78700712415bda Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:51:51 +0100
Subject: [PATCH 0590/2268] tests: Update flux-kluctl-controller CRDs

---
 e2e/test_resources/kluctl-crds.yaml | 1221 +++------------------------
 1 file changed, 98 insertions(+), 1123 deletions(-)

diff --git a/e2e/test_resources/kluctl-crds.yaml b/e2e/test_resources/kluctl-crds.yaml
index d16c0d9ea..83b9cffcc 100644
--- a/e2e/test_resources/kluctl-crds.yaml
+++ b/e2e/test_resources/kluctl-crds.yaml
@@ -51,7 +51,6 @@ spec:
           metadata:
             type: object
           spec:
-            description: KluctlDeploymentSpec defines the desired state of KluctlDeployment
             properties:
               abortOnError:
                 default: false
@@ -60,34 +59,42 @@ spec:
                   when calling kluctl.
                 type: boolean
               args:
-                additionalProperties:
-                  type: string
-                description: Args specifies dynamic target args. Only arguments defined
-                  by 'dynamicArgs' of the target are allowed.
+                description: Args specifies dynamic target args.
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              context:
+                description: If specified, overrides the context to be used. This
+                  will effectively make kluctl ignore the context specified in the
+                  target.
+                type: string
+              decryption:
+                description: Decrypt Kubernetes secrets before applying them on the
+                  cluster.
+                properties:
+                  provider:
+                    description: Provider is the name of the decryption engine.
+                    enum:
+                    - sops
+                    type: string
+                  secretRef:
+                    description: The secret name containing the private OpenPGP keys
+                      used for decryption.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - provider
                 type: object
-              dependsOn:
-                description: DependsOn may contain a meta.NamespacedObjectReference
-                  slice with references to resources that must be ready before this
-                  kluctl project can be deployed.
-                items:
-                  description: NamespacedObjectReference contains enough information
-                    to locate the referenced Kubernetes resource object in any namespace.
-                  properties:
-                    name:
-                      description: Name of the referent.
-                      type: string
-                    namespace:
-                      description: Namespace of the referent, when not specified it
-                        acts as LocalObjectReference.
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
               deployInterval:
                 description: DeployInterval specifies the interval at which to deploy
-                  the KluctlDeployment. This is independent of the 'Interval' value,
-                  which only causes deployments if some deployment objects have changed.
+                  the KluctlDeployment. It defaults to the Interval value, meaning
+                  that it will re-deploy on every reconciliation. If you set DeployInterval
+                  to a different value,
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
                 type: string
               deployMode:
                 default: full-deploy
@@ -96,6 +103,14 @@ spec:
                 - full-deploy
                 - poke-images
                 type: string
+              deployOnChanges:
+                default: true
+                description: DeployOnChanges will cause a re-deployment whenever the
+                  rendered resources change in the deployment. This check is performed
+                  on every reconciliation. This means that a deployment will be triggered
+                  even before the DeployInterval has passed in case something has
+                  changed in the rendered resources.
+                type: boolean
               dryRun:
                 default: false
                 description: DryRun instructs kluctl to run everything in dry-run
@@ -195,13 +210,16 @@ spec:
                 type: array
               interval:
                 description: The interval at which to reconcile the KluctlDeployment.
+                  By default, the controller will re-deploy and validate the deployment
+                  on each reconciliation. To override this behavior, change the DeployInterval
+                  and/or ValidateInterval values.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               kubeConfig:
                 description: The KubeConfig for deploying to the target cluster. Specifies
                   the kubeconfig to be used when invoking kluctl. Contexts in this
                   kubeconfig must match the context found in the kluctl target. As
-                  an alternative, RenameContexts can be used to fix non-matching context
-                  names.
+                  an alternative, specify the context to be used via 'context'
                 properties:
                   secretRef:
                     description: SecretRef holds the name of a secret that contains
@@ -283,8 +301,9 @@ spec:
                 type: boolean
               retryInterval:
                 description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the KluctlDeploymentSpec.Interval
-                  value to retry failures.
+                  When not specified, the controller uses the Interval value to retry
+                  failures.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               serviceAccountName:
                 description: The name of the Kubernetes service account to use while
@@ -297,20 +316,18 @@ spec:
                   kluctl project.
                 properties:
                   apiVersion:
-                    description: API version of the referent.
+                    description: API version of the referent, if not specified the
+                      Kubernetes preferred version will be used.
                     type: string
                   kind:
                     description: Kind of the referent.
-                    enum:
-                    - GitRepository
-                    - Bucket
                     type: string
                   name:
                     description: Name of the referent.
                     type: string
                   namespace:
-                    description: Namespace of the referent, defaults to the namespace
-                      of the Kubernetes resource object that contains the reference.
+                    description: Namespace of the referent, when not specified it
+                      acts as LocalObjectReference.
                     type: string
                 required:
                 - kind
@@ -322,28 +339,43 @@ spec:
                   Defaults to false.
                 type: boolean
               target:
-                description: Target specifies the kluctl target to deploy
+                description: Target specifies the kluctl target to deploy. If not
+                  specified, an empty target is used that has no name and no context.
+                  Use 'TargetName' and 'Context' to specify the name and context in
+                  that case.
+                maxLength: 63
+                minLength: 1
+                type: string
+              targetNameOverride:
+                description: TargetNameOverride sets or overrides the target name.
+                  This is especially useful when deployment without a target.
                 maxLength: 63
                 minLength: 1
                 type: string
               timeout:
                 description: Timeout for all operations. Defaults to 'Interval' duration.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               updateImages:
                 default: false
                 description: UpdateImages instructs kluctl to update dynamic images.
                   Equivalent to using '-u' when calling kluctl.
                 type: boolean
+              validate:
+                default: true
+                description: Validate enables validation after deploying
+                type: boolean
               validateInterval:
-                default: 5m
                 description: ValidateInterval specifies the interval at which to validate
                   the KluctlDeployment. Validation is performed the same way as with
-                  'kluctl validate -t <target>'. Defaults to 1m.
+                  'kluctl validate -t <target>'. Defaults to the same value as specified
+                  in Interval. Validate is also performed whenever a deployment is
+                  performed, independent of the value of ValidateInterval
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
                 type: string
             required:
             - interval
             - sourceRef
-            - target
             type: object
           status:
             description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
@@ -360,13 +392,14 @@ spec:
                   description: "Condition contains details for one aspect of the current
                     state of this API Resource. --- This struct is intended for direct
                     use as an array at the field path .status.conditions.  For example,
-                    type FooStatus struct{     // Represents the observations of a
-                    foo's current state.     // Known .status.conditions.type are:
-                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
-                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
-                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
-                    \n     // other fields }"
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -436,253 +469,26 @@ spec:
                   objectsHash:
                     description: ObjectsHash is the hash of all rendered objects
                     type: string
-                  result:
-                    properties:
-                      changedObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      deletedObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      errors:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                      hookObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      newObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      orphanObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      seenImages:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                            registryImage:
-                              type: string
-                            resultImage:
-                              type: string
-                            versionFilter:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      warnings:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                    type: object
+                  rawResult:
+                    type: string
                   revision:
                     description: Revision is the source revision. Please note that
                       kluctl projects have dependent git repositories which are not
                       considered in the source revision
                     type: string
-                  targetName:
-                    description: TargetName is the name of the target
+                  target:
+                    type: string
+                  targetNameOverride:
                     type: string
                   time:
                     description: AttemptedAt is the time when the attempt was performed
                     format: date-time
                     type: string
                 required:
-                - targetName
                 - time
                 type: object
+              lastHandledDeployAt:
+                type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
@@ -696,251 +502,22 @@ spec:
                   objectsHash:
                     description: ObjectsHash is the hash of all rendered objects
                     type: string
-                  result:
-                    properties:
-                      changedObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      deletedObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      errors:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                      hookObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      newObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      orphanObjects:
-                        items:
-                          description: ObjectRef contains the information necessary
-                            to locate a resource within a cluster.
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - group
-                          - kind
-                          - name
-                          - namespace
-                          - version
-                          type: object
-                        type: array
-                      seenImages:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                            registryImage:
-                              type: string
-                            resultImage:
-                              type: string
-                            versionFilter:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      warnings:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                    type: object
+                  rawResult:
+                    type: string
                   revision:
                     description: Revision is the source revision. Please note that
                       kluctl projects have dependent git repositories which are not
                       considered in the source revision
                     type: string
-                  targetName:
-                    description: TargetName is the name of the target
+                  target:
+                    type: string
+                  targetNameOverride:
                     type: string
                   time:
                     description: AttemptedAt is the time when the attempt was performed
                     format: date-time
                     type: string
                 required:
-                - targetName
                 - time
                 type: object
               lastValidateResult:
@@ -952,632 +529,30 @@ spec:
                   objectsHash:
                     description: ObjectsHash is the hash of all rendered objects
                     type: string
-                  result:
-                    properties:
-                      errors:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                      ready:
-                        type: boolean
-                      results:
-                        items:
-                          properties:
-                            annotation:
-                              type: string
-                            message:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - annotation
-                          - message
-                          - ref
-                          type: object
-                        type: array
-                      warnings:
-                        items:
-                          properties:
-                            error:
-                              type: string
-                            ref:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                          required:
-                          - error
-                          - ref
-                          type: object
-                        type: array
-                    required:
-                    - ready
-                    type: object
+                  rawResult:
+                    type: string
                   revision:
                     description: Revision is the source revision. Please note that
                       kluctl projects have dependent git repositories which are not
                       considered in the source revision
                     type: string
-                  targetName:
-                    description: TargetName is the name of the target
+                  target:
+                    type: string
+                  targetNameOverride:
                     type: string
                   time:
                     description: AttemptedAt is the time when the attempt was performed
                     format: date-time
                     type: string
                 required:
-                - error
-                - targetName
                 - time
                 type: object
               observedGeneration:
                 description: ObservedGeneration is the last reconciled generation.
                 format: int64
                 type: integer
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: kluctlmultideployments.flux.kluctl.io
-spec:
-  group: flux.kluctl.io
-  names:
-    kind: KluctlMultiDeployment
-    listKind: KluctlMultiDeploymentList
-    plural: kluctlmultideployments
-    singular: kluctlmultideployment
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.targetPattern
-      name: Pattern
-      type: string
-    - jsonPath: .status.targetCount
-      name: Targets
-      type: integer
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: KluctlMultiDeployment is the Schema for the kluctlmultideployments
-          API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: KluctlMultiDeploymentSpec defines the desired state of KluctlMultiDeployment
-            properties:
-              dependsOn:
-                description: DependsOn may contain a meta.NamespacedObjectReference
-                  slice with references to resources that must be ready before this
-                  kluctl project can be deployed.
-                items:
-                  description: NamespacedObjectReference contains enough information
-                    to locate the referenced Kubernetes resource object in any namespace.
-                  properties:
-                    name:
-                      description: Name of the referent.
-                      type: string
-                    namespace:
-                      description: Namespace of the referent, when not specified it
-                        acts as LocalObjectReference.
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              interval:
-                description: The interval at which to reconcile the KluctlDeployment.
-                type: string
-              path:
-                description: Path to the directory containing the .kluctl.yaml file,
-                  or the Defaults to 'None', which translates to the root path of
-                  the SourceRef.
-                type: string
-              retryInterval:
-                description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the KluctlDeploymentSpec.Interval
-                  value to retry failures.
-                type: string
-              sourceRef:
-                description: Reference of the source where the kluctl project is.
-                  The authentication secrets from the source are also used to authenticate
-                  dependent git repositories which are cloned while deploying the
-                  kluctl project.
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  kind:
-                    description: Kind of the referent.
-                    enum:
-                    - GitRepository
-                    - Bucket
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                  namespace:
-                    description: Namespace of the referent, defaults to the namespace
-                      of the Kubernetes resource object that contains the reference.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend subsequent
-                  kluctl executions, it does not apply to already started executions.
-                  Defaults to false.
-                type: boolean
-              targetPattern:
-                description: TargetPattern is the regex pattern used to match targets
+              rawTarget:
                 type: string
-              template:
-                description: Template is the object template used to create KluctlDeploymet
-                  objects
-                properties:
-                  spec:
-                    description: Spec is the KluctlDeployment spec to be used as a
-                      template
-                    properties:
-                      abortOnError:
-                        default: false
-                        description: ForceReplaceOnError instructs kluctl to abort
-                          deployments immediately when something fails. Equivalent
-                          to using '--abort-on-error' when calling kluctl.
-                        type: boolean
-                      args:
-                        additionalProperties:
-                          type: string
-                        description: Args specifies dynamic target args. Only arguments
-                          defined by 'dynamicArgs' of the target are allowed.
-                        type: object
-                      deployInterval:
-                        description: DeployInterval specifies the interval at which
-                          to deploy the KluctlDeployment. This is independent of the
-                          'Interval' value, which only causes deployments if some
-                          deployment objects have changed.
-                        type: string
-                      deployMode:
-                        default: full-deploy
-                        description: DeployMode specifies what deploy mode should
-                          be used
-                        enum:
-                        - full-deploy
-                        - poke-images
-                        type: string
-                      dryRun:
-                        default: false
-                        description: DryRun instructs kluctl to run everything in
-                          dry-run mode. Equivalent to using '--dry-run' when calling
-                          kluctl.
-                        type: boolean
-                      excludeDeploymentDirs:
-                        description: ExcludeDeploymentDirs instructs kluctl to exclude
-                          deployments with the given dir. Equivalent to using '--exclude-deployment-dir'
-                          when calling kluctl.
-                        items:
-                          type: string
-                        type: array
-                      excludeTags:
-                        description: ExcludeTags instructs kluctl to exclude deployments
-                          with given tags. Equivalent to using '--exclude-tag' when
-                          calling kluctl.
-                        items:
-                          type: string
-                        type: array
-                      forceApply:
-                        default: false
-                        description: ForceApply instructs kluctl to force-apply in
-                          case of SSA conflicts. Equivalent to using '--force-apply'
-                          when calling kluctl.
-                        type: boolean
-                      forceReplaceOnError:
-                        default: false
-                        description: ForceReplaceOnError instructs kluctl to force-replace
-                          resources in case a normal replace fails. Equivalent to
-                          using '--force-replace-on-error' when calling kluctl.
-                        type: boolean
-                      images:
-                        description: Images contains a list of fixed image overrides.
-                          Equivalent to using '--fixed-images-file' when calling kluctl.
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              description: ObjectRef contains the information necessary
-                                to locate a resource within a cluster.
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - group
-                              - kind
-                              - name
-                              - namespace
-                              - version
-                              type: object
-                            registryImage:
-                              type: string
-                            resultImage:
-                              type: string
-                            versionFilter:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      includeDeploymentDirs:
-                        description: IncludeDeploymentDirs instructs kluctl to only
-                          include deployments with the given dir. Equivalent to using
-                          '--include-deployment-dir' when calling kluctl.
-                        items:
-                          type: string
-                        type: array
-                      includeTags:
-                        description: IncludeTags instructs kluctl to only include
-                          deployments with given tags. Equivalent to using '--include-tag'
-                          when calling kluctl.
-                        items:
-                          type: string
-                        type: array
-                      interval:
-                        description: The interval at which to reconcile the KluctlDeployment.
-                        type: string
-                      kubeConfig:
-                        description: The KubeConfig for deploying to the target cluster.
-                          Specifies the kubeconfig to be used when invoking kluctl.
-                          Contexts in this kubeconfig must match the context found
-                          in the kluctl target. As an alternative, RenameContexts
-                          can be used to fix non-matching context names.
-                        properties:
-                          secretRef:
-                            description: SecretRef holds the name of a secret that
-                              contains a key with the kubeconfig file as the value.
-                              If no key is set, the key will default to 'value'. The
-                              secret must be in the same namespace as the Kustomization.
-                              It is recommended that the kubeconfig is self-contained,
-                              and the secret is regularly updated if credentials such
-                              as a cloud-access-token expire. Cloud specific `cmd-path`
-                              auth helpers will not function without adding binaries
-                              and credentials to the Pod that is responsible for reconciling
-                              the KluctlDeployment.
-                            properties:
-                              key:
-                                description: Key in the Secret, when not specified
-                                  an implementation-specific default key is used.
-                                type: string
-                              name:
-                                description: Name of the Secret.
-                                type: string
-                            required:
-                            - name
-                            type: object
-                        type: object
-                      noWait:
-                        default: false
-                        description: NoWait instructs kluctl to not wait for any resources
-                          to become ready, including hooks. Equivalent to using '--no-wait'
-                          when calling kluctl.
-                        type: boolean
-                      prune:
-                        default: false
-                        description: Prune enables pruning after deploying.
-                        type: boolean
-                      registrySecrets:
-                        description: RegistrySecrets is a list of secret references
-                          to be used for image registry authentication. The secrets
-                          must either have ".dockerconfigjson" included or "registry",
-                          "username" and "password". Additionally, "caFile" and "insecure"
-                          can be specified.
-                        items:
-                          description: LocalObjectReference contains enough information
-                            to locate the referenced Kubernetes resource object.
-                          properties:
-                            name:
-                              description: Name of the referent.
-                              type: string
-                          required:
-                          - name
-                          type: object
-                        type: array
-                      renameContexts:
-                        description: RenameContexts specifies a list of context rename
-                          operations. This is useful when the kluctl target's context
-                          does not match with the contexts found in the kubeconfig
-                          while deploying. This is the case when using kubeconfigs
-                          generated from service accounts, in which case the context
-                          name is always "default".
-                        items:
-                          description: RenameContext specifies a single rename of
-                            a context
-                          properties:
-                            newContext:
-                              description: NewContext is the new name of the context
-                              type: string
-                            oldContext:
-                              description: OldContext is the name of the context to
-                                be renamed
-                              type: string
-                          required:
-                          - newContext
-                          - oldContext
-                          type: object
-                        type: array
-                      replaceOnError:
-                        default: false
-                        description: ReplaceOnError instructs kluctl to replace resources
-                          on error. Equivalent to using '--replace-on-error' when
-                          calling kluctl.
-                        type: boolean
-                      retryInterval:
-                        description: The interval at which to retry a previously failed
-                          reconciliation. When not specified, the controller uses
-                          the KluctlDeploymentSpec.Interval value to retry failures.
-                        type: string
-                      serviceAccountName:
-                        description: The name of the Kubernetes service account to
-                          use while deploying. If not specified, the default service
-                          account is used.
-                        type: string
-                      timeout:
-                        description: Timeout for all operations. Defaults to 'Interval'
-                          duration.
-                        type: string
-                      updateImages:
-                        default: false
-                        description: UpdateImages instructs kluctl to update dynamic
-                          images. Equivalent to using '-u' when calling kluctl.
-                        type: boolean
-                      validateInterval:
-                        default: 5m
-                        description: ValidateInterval specifies the interval at which
-                          to validate the KluctlDeployment. Validation is performed
-                          the same way as with 'kluctl validate -t <target>'. Defaults
-                          to 1m.
-                        type: string
-                    required:
-                    - interval
-                    type: object
-                required:
-                - spec
-                type: object
-              timeout:
-                description: Timeout for all operations. Defaults to 'Interval' duration.
-                type: string
-            required:
-            - interval
-            - sourceRef
-            - targetPattern
-            - template
-            type: object
-          status:
-            description: KluctlMultiDeploymentStatus defines the observed state of
-              KluctlMultiDeployment
-            properties:
-              conditions:
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    type FooStatus struct{     // Represents the observations of a
-                    foo's current state.     // Known .status.conditions.type are:
-                    \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type
-                    \    // +patchStrategy=merge     // +listType=map     // +listMapKey=type
-                    \    Conditions []metav1.Condition `json:\"conditions,omitempty\"
-                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
-                    \n     // other fields }"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastAttemptedRevision:
-                description: LastAttemptedRevision is the revision of the last reconciliation
-                  attempt.
-                type: string
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last reconciled generation.
-                format: int64
-                type: integer
-              targetCount:
-                description: TargetCount is the number of targets detected
-                type: integer
-              targets:
-                description: Targets is the list of detected targets
-                items:
-                  description: KluctlMultiDeploymentTargetStatus describes the status
-                    of a single target
-                  properties:
-                    kluctlDeploymentName:
-                      description: KluctlDeploymentName is the name of the generated
-                        KluctlDeployment object
-                      type: string
-                    name:
-                      description: Name is the name of the detected target
-                      type: string
-                  required:
-                  - kluctlDeploymentName
-                  - name
-                  type: object
-                type: array
             type: object
         type: object
     served: true

From c5454557f845548588cbd005839bdc8020ca211a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:54:53 +0100
Subject: [PATCH 0591/2268] tests: Make multiple functions of TestProject
 public

---
 e2e/args_test.go             | 42 +++++++++---------
 e2e/contexts_test.go         | 58 ++++++++++++------------
 e2e/deployment_items_test.go | 38 ++++++++--------
 e2e/helm_test.go             | 80 ++++++++++++++++-----------------
 e2e/hooks_test.go            | 18 ++++----
 e2e/inclusion_test.go        | 50 ++++++++++-----------
 e2e/no_target_test.go        | 20 ++++-----
 e2e/project.go               | 86 ++++++++++++++++++------------------
 e2e/seal_test.go             | 44 +++++++++---------
 e2e/sops_test.go             | 26 +++++------
 e2e/utils_resources.go       |  4 +-
 11 files changed, 233 insertions(+), 233 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 17e772568..32443a740 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -14,9 +14,9 @@ func testArgs(t *testing.T, deprecated bool) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
 	})
 
 	args := []any{
@@ -36,12 +36,12 @@ func testArgs(t *testing.T, deprecated bool) {
 	}
 
 	if deprecated {
-		p.updateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
+		p.UpdateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
 			_ = o.SetNestedField(args, "args")
 			return nil
 		})
 	} else {
-		p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 			_ = o.SetNestedField(args, "args")
 			return nil
 		})
@@ -54,36 +54,36 @@ func testArgs(t *testing.T, deprecated bool) {
 		"d": "{{ args.d | to_json }}",
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
-	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d"}`, "data", "d")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d2"}`, "data", "d")
 
 	tmpFile, err := os.CreateTemp("", "")
@@ -97,7 +97,7 @@ nested:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d3"}}`, "data", "d")
 
 	_ = tmpFile.Truncate(0)
@@ -111,7 +111,7 @@ d:
 `)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a2", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
@@ -137,9 +137,9 @@ func TestArgsFromEnv(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
 	})
 
 	addConfigMapDeployment(p, "cm", map[string]string{
@@ -150,11 +150,11 @@ func TestArgsFromEnv(t *testing.T) {
 		"e": `{{ args.e }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "c"}}`, "data", "c")
@@ -170,9 +170,9 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
 	})
 
 	addConfigMapDeployment(p, "cm", map[string]string{
@@ -181,18 +181,18 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 		"c": `{{ args.c }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b")
-	cm := k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 
 	// make sure the CLI overrides values from env
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b", "-a", "c=c2")
-	cm = k.MustGetCoreV1(t, "configmaps", p.testSlug(), "cm")
+	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 55296bac2..1f3c5ee45 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -8,14 +8,14 @@ import (
 
 func prepareContextTest(t *testing.T) *TestProject {
 	p := NewTestProject(t, defaultCluster1)
-	p.mergeKubeconfig(defaultCluster2)
+	p.MergeKubeconfig(defaultCluster2)
 
-	createNamespace(t, defaultCluster1, p.testSlug())
-	createNamespace(t, defaultCluster2, p.testSlug())
+	createNamespace(t, defaultCluster1, p.TestSlug())
+	createNamespace(t, defaultCluster2, p.TestSlug())
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 
 	return p
@@ -26,20 +26,20 @@ func TestContextCurrent(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		// no context set, assume the current one is used
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
-	p.updateMergedKubeconfig(func(config *api.Config) {
+	p.UpdateMergedKubeconfig(func(config *api.Config) {
 		config.CurrentContext = defaultCluster2.Context
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
 func TestContext1(t *testing.T) {
@@ -47,13 +47,13 @@ func TestContext1(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
 func TestContext2(t *testing.T) {
@@ -61,13 +61,13 @@ func TestContext2(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster1, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster1, p.TestSlug(), "cm")
 }
 
 func TestContext1And2(t *testing.T) {
@@ -75,19 +75,19 @@ func TestContext1And2(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
-	p.updateTarget("test2", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test2", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test2")
-	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
 func TestContextSwitch(t *testing.T) {
@@ -95,20 +95,20 @@ func TestContextSwitch(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
 func TestContextOverride(t *testing.T) {
@@ -116,14 +116,14 @@ func TestContextOverride(t *testing.T) {
 
 	p := prepareContextTest(t)
 
-	p.updateTarget("test1", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
-	assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
-	assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 23d4c0bad..122204df4 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -12,25 +12,25 @@ func TestKustomize(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", nil)
+	p.UpdateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "cm")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
 		name:      "cm2",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
-	assertConfigMapNotExists(t, k, p.testSlug(), "cm2")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 }
 
 func TestGeneratedKustomize(t *testing.T) {
@@ -40,11 +40,11 @@ func TestGeneratedKustomize(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", nil)
+	p.UpdateTarget("test", nil)
 
-	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField([]any{
 			map[string]any{
 				"path": "generated-kustomize",
@@ -52,30 +52,30 @@ func TestGeneratedKustomize(t *testing.T) {
 		}, "deployments")
 		return nil
 	})
-	p.updateYaml("generated-kustomize/cm1.yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("generated-kustomize/cm1.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm1",
-			namespace: p.testSlug(),
+			namespace: p.TestSlug(),
 		})
 		return nil
 	}, "")
-	p.updateYaml("generated-kustomize/cm2.yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("generated-kustomize/cm2.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm2",
-			namespace: p.testSlug(),
+			namespace: p.TestSlug(),
 		})
 		return nil
 	}, "")
-	p.updateYaml("generated-kustomize/cm3._yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("generated-kustomize/cm3._yaml", func(o *uo.UnstructuredObject) error {
 		*o = *createConfigMapObject(nil, resourceOpts{
 			name:      "cm3",
-			namespace: p.testSlug(),
+			namespace: p.TestSlug(),
 		})
 		return nil
 	}, "")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapExists(t, k, p.testSlug(), "cm1")
-	assertConfigMapExists(t, k, p.testSlug(), "cm2")
-	assertConfigMapNotExists(t, k, p.testSlug(), "cm3")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
 }
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index cb4a588f5..f973570be 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -26,11 +26,11 @@ func addHelmDeployment(p *TestProject, dir string, repoUrl string, chartName, ve
 		chartName = ""
 	}
 
-	p.addKustomizeDeployment(dir, []kustomizeResource{
+	p.AddKustomizeDeployment(dir, []kustomizeResource{
 		{name: "helm-rendered.yaml"},
 	}, nil)
 
-	p.updateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromMap(map[string]interface{}{
 			"helmChart": map[string]any{
 				"repo":         repoUrl,
@@ -46,7 +46,7 @@ func addHelmDeployment(p *TestProject, dir string, repoUrl string, chartName, ve
 	}, "")
 
 	if values != nil {
-		p.updateYaml(filepath.Join(dir, "helm-values.yaml"), func(o *uo.UnstructuredObject) error {
+		p.UpdateYaml(filepath.Join(dir, "helm-values.yaml"), func(o *uo.UnstructuredObject) error {
 			*o = *uo.FromMap(values)
 			return nil
 		}, "")
@@ -69,7 +69,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
 	user := ""
 	password := ""
@@ -82,12 +82,12 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 		{ChartName: "test-chart1", Version: "0.1.0"},
 	}, tc.oci, user, password)
 
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+	p.UpdateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	if tc.testAuth {
 		if tc.credsId != "" {
-			p.updateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+			p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 				_ = o.SetNestedField(tc.credsId, "helmChart", "credentialsId")
 				return nil
 			}, "")
@@ -123,7 +123,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 		assert.Contains(t, stderr, tc.expectedError)
 	} else {
 		assert.NoError(t, err)
-		assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+		assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	}
 }
 
@@ -160,31 +160,31 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
 	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
 	}, oci, "", "")
 
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
+	p.UpdateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust("helm-pull")
 	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	cm := assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.1.0", v)
 
-	p.updateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("0.2.0", "helmChart", "chartVersion")
 		return nil
 	}, "")
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	cm = assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.2.0", v)
 }
@@ -204,7 +204,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
 	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
@@ -213,12 +213,12 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		{ChartName: "test-chart2", Version: "0.3.0"},
 	}, oci, "", "")
 
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), nil)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), nil)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.testSlug(), nil)
+	p.UpdateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
-	p.updateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipUpdate")
 		return nil
 	}, "")
@@ -314,7 +314,7 @@ func TestHelmValues(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
 	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
@@ -340,17 +340,17 @@ func TestHelmValues(t *testing.T) {
 		},
 	}
 
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.testSlug(), values1)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.testSlug(), values2)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.testSlug(), values3)
+	p.UpdateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 
-	cm1 := assertConfigMapExists(t, k, p.testSlug(), "test-helm1-test-chart1")
-	cm2 := assertConfigMapExists(t, k, p.testSlug(), "test-helm2-test-chart2")
-	cm3 := assertConfigMapExists(t, k, p.testSlug(), "test-helm3-test-chart1")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
+	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm2-test-chart2")
+	cm3 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm3-test-chart1")
 
 	assert.Equal(t, map[string]any{
 		"a":       "x1",
@@ -376,26 +376,26 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
-	createNamespace(t, k, p.testSlug()+"-a")
-	createNamespace(t, k, p.testSlug()+"-b")
+	createNamespace(t, k, p.TestSlug())
+	createNamespace(t, k, p.TestSlug()+"-a")
+	createNamespace(t, k, p.TestSlug()+"-b")
 
 	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "", "")
 
-	p.updateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.testSlug(), nil)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.testSlug(), nil)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.testSlug()+"-{{ args.a }}", nil)
-	addHelmDeployment(p, "helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.testSlug()+"-{{ args.b }}", nil)
+	p.UpdateTarget("test", nil)
+	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
+	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
+	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
+	addHelmDeployment(p, "helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 
-	assertConfigMapExists(t, k, p.testSlug(), "test-helm-a-test-chart1")
-	assertConfigMapExists(t, k, p.testSlug(), "test-helm-b-test-chart2")
-	assertConfigMapExists(t, k, p.testSlug()+"-a", "test-helm-ns-test-chart1")
-	assertConfigMapExists(t, k, p.testSlug()+"-b", "test-helm-ns-test-chart1")
+	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-a-test-chart1")
+	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-b-test-chart2")
+	assertConfigMapExists(t, k, p.TestSlug()+"-a", "test-helm-ns-test-chart1")
+	assertConfigMapExists(t, k, p.TestSlug()+"-b", "test-helm-ns-test-chart1")
 }
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 54df6986e..e9e4ae433 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -36,7 +36,7 @@ func (s *hooksTestContext) removeWebhook() {
 }
 
 func (s *hooksTestContext) handleConfigmap(request admission.Request) {
-	if s.p.testSlug() != request.Namespace {
+	if s.p.TestSlug() != request.Namespace {
 		return
 	}
 
@@ -87,7 +87,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
-	s.p.addKustomizeResources(dir, []kustomizeResource{
+	s.p.AddKustomizeResources(dir, []kustomizeResource{
 		{fmt.Sprintf("%s.yml", opts.name), "", o},
 	})
 }
@@ -104,14 +104,14 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 		s.removeWebhook()
 	})
 
-	createNamespace(s.t, s.k, s.p.testSlug())
+	createNamespace(s.t, s.k, s.p.TestSlug())
 
-	s.p.updateTarget("test", nil)
+	s.p.UpdateTarget("test", nil)
 
-	s.p.addKustomizeDeployment("hook", nil, nil)
+	s.p.AddKustomizeDeployment("hook", nil, nil)
 
-	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.testSlug()})
-	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.testSlug()}, false, hook, hookDeletionPolicy)
+	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.TestSlug()})
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, false, hook, hookDeletionPolicy)
 
 	return s
 }
@@ -124,10 +124,10 @@ func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
 
 func (s *hooksTestContext) ensureHookNotExecuted() {
 	_ = s.k.DynamicClient.Resource(corev1.SchemeGroupVersion.WithResource("configmaps")).
-		Namespace(s.p.testSlug()).
+		Namespace(s.p.TestSlug()).
 		Delete(context.Background(), "cm1", metav1.DeleteOptions{})
 	s.p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapNotExists(s.t, s.k, s.p.testSlug(), "cm1")
+	assertConfigMapNotExists(s.t, s.k, s.p.TestSlug(), "cm1")
 }
 
 func TestHooksPreDeployInitial(t *testing.T) {
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 1a212cc4d..f8e196651 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -12,29 +12,29 @@ func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*TestProject,
 	k := defaultCluster1
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", nil)
+	p.UpdateTarget("test", nil)
 
-	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.testSlug()})
-	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.testSlug()})
-	addConfigMapDeployment(p, "cm3", nil, resourceOpts{name: "cm3", namespace: p.testSlug(), tags: []string{"tag1", "tag2"}})
-	addConfigMapDeployment(p, "cm4", nil, resourceOpts{name: "cm4", namespace: p.testSlug(), tags: []string{"tag1", "tag3"}})
-	addConfigMapDeployment(p, "cm5", nil, resourceOpts{name: "cm5", namespace: p.testSlug(), tags: []string{"tag1", "tag4"}})
-	addConfigMapDeployment(p, "cm6", nil, resourceOpts{name: "cm6", namespace: p.testSlug(), tags: []string{"tag1", "tag5"}})
-	addConfigMapDeployment(p, "cm7", nil, resourceOpts{name: "cm7", namespace: p.testSlug(), tags: []string{"tag1", "tag6"}})
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.TestSlug()})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.TestSlug()})
+	addConfigMapDeployment(p, "cm3", nil, resourceOpts{name: "cm3", namespace: p.TestSlug(), tags: []string{"tag1", "tag2"}})
+	addConfigMapDeployment(p, "cm4", nil, resourceOpts{name: "cm4", namespace: p.TestSlug(), tags: []string{"tag1", "tag3"}})
+	addConfigMapDeployment(p, "cm5", nil, resourceOpts{name: "cm5", namespace: p.TestSlug(), tags: []string{"tag1", "tag4"}})
+	addConfigMapDeployment(p, "cm6", nil, resourceOpts{name: "cm6", namespace: p.TestSlug(), tags: []string{"tag1", "tag5"}})
+	addConfigMapDeployment(p, "cm7", nil, resourceOpts{name: "cm7", namespace: p.TestSlug(), tags: []string{"tag1", "tag6"}})
 
 	if withIncludes {
-		p.addDeploymentInclude(".", "include1", nil)
-		addConfigMapDeployment(p, "include1/icm1", nil, resourceOpts{name: "icm1", namespace: p.testSlug(), tags: []string{"itag1", "itag2"}})
+		p.AddDeploymentInclude(".", "include1", nil)
+		addConfigMapDeployment(p, "include1/icm1", nil, resourceOpts{name: "icm1", namespace: p.TestSlug(), tags: []string{"itag1", "itag2"}})
 
-		p.addDeploymentInclude(".", "include2", nil)
-		addConfigMapDeployment(p, "include2/icm2", nil, resourceOpts{name: "icm2", namespace: p.testSlug()})
-		addConfigMapDeployment(p, "include2/icm3", nil, resourceOpts{name: "icm3", namespace: p.testSlug(), tags: []string{"itag3", "itag4"}})
+		p.AddDeploymentInclude(".", "include2", nil)
+		addConfigMapDeployment(p, "include2/icm2", nil, resourceOpts{name: "icm2", namespace: p.TestSlug()})
+		addConfigMapDeployment(p, "include2/icm3", nil, resourceOpts{name: "icm3", namespace: p.TestSlug(), tags: []string{"itag3", "itag4"}})
 
-		p.addDeploymentInclude(".", "include3", []string{"itag5"})
-		addConfigMapDeployment(p, "include3/icm4", nil, resourceOpts{name: "icm4", namespace: p.testSlug()})
-		addConfigMapDeployment(p, "include3/icm5", nil, resourceOpts{name: "icm5", namespace: p.testSlug(), tags: []string{"itag5", "itag6"}})
+		p.AddDeploymentInclude(".", "include3", []string{"itag5"})
+		addConfigMapDeployment(p, "include3/icm4", nil, resourceOpts{name: "icm4", namespace: p.TestSlug()})
+		addConfigMapDeployment(p, "include3/icm5", nil, resourceOpts{name: "icm5", namespace: p.TestSlug(), tags: []string{"itag5", "itag6"}})
 	}
 
 	return p, k
@@ -49,7 +49,7 @@ func assertExistsHelper(t *testing.T, p *TestProject, k *test_utils.EnvTestClust
 			delete(shouldExists, x)
 		}
 	}
-	items, err := k.List(corev1.SchemeGroupVersion.WithResource("configmaps"), p.testSlug(), map[string]string{"project_name": p.testSlug()})
+	items, err := k.List(corev1.SchemeGroupVersion.WithResource("configmaps"), p.TestSlug(), map[string]string{"project_name": p.TestSlug()})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -160,7 +160,7 @@ func TestInclusionDeploymentDirs(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--exclude-deployment-dir", "include3/icm5")
 	var a []string
-	for _, x := range p.listDeploymentItemPathes(".", false) {
+	for _, x := range p.ListDeploymentItemPathes(".", false) {
 		if x != "icm5" {
 			a = append(a, filepath.Base(x))
 		}
@@ -180,20 +180,20 @@ func TestInclusionPrune(t *testing.T) {
 	doAssertExists(nil, nil)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	doAssertExists(p.listDeploymentItemPathes(".", false), nil)
+	doAssertExists(p.ListDeploymentItemPathes(".", false), nil)
 
-	p.deleteKustomizeDeployment("cm1")
+	p.DeleteKustomizeDeployment("cm1")
 	p.KluctlMust("prune", "--yes", "-t", "test", "-I", "non-existent-tag")
 	doAssertExists(nil, nil)
 
 	p.KluctlMust("prune", "--yes", "-t", "test", "-I", "cm1")
 	doAssertExists(nil, []string{"cm1"})
 
-	p.deleteKustomizeDeployment("cm2")
+	p.DeleteKustomizeDeployment("cm2")
 	p.KluctlMust("prune", "--yes", "-t", "test", "-E", "cm2")
 	doAssertExists(nil, nil)
 
-	p.deleteKustomizeDeployment("cm3")
+	p.DeleteKustomizeDeployment("cm3")
 	p.KluctlMust("prune", "--yes", "-t", "test", "--exclude-deployment-dir", "cm3")
 	doAssertExists(nil, []string{"cm2"})
 
@@ -211,7 +211,7 @@ func TestInclusionDelete(t *testing.T) {
 	}
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
-	doAssertExists(p.listDeploymentItemPathes(".", false), nil)
+	doAssertExists(p.ListDeploymentItemPathes(".", false), nil)
 
 	p.KluctlMust("delete", "--yes", "-t", "test", "-I", "non-existent-tag")
 	doAssertExists(nil, nil)
@@ -221,7 +221,7 @@ func TestInclusionDelete(t *testing.T) {
 
 	p.KluctlMust("delete", "--yes", "-t", "test", "-E", "cm2")
 	var a []string
-	for _, x := range p.listDeploymentItemPathes(".", false) {
+	for _, x := range p.ListDeploymentItemPathes(".", false) {
 		if x != "cm1" && x != "cm2" {
 			a = append(a, x)
 		}
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 433df873d..c3866d521 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -9,23 +9,23 @@ import (
 
 func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
 	p := NewTestProject(t, defaultCluster1)
-	p.mergeKubeconfig(defaultCluster2)
+	p.MergeKubeconfig(defaultCluster2)
 
-	createNamespace(t, defaultCluster1, p.testSlug())
-	createNamespace(t, defaultCluster2, p.testSlug())
+	createNamespace(t, defaultCluster1, p.TestSlug())
+	createNamespace(t, defaultCluster2, p.TestSlug())
 
 	cm := createConfigMapObject(map[string]string{
 		"targetName":    `{{ target.name }}`,
 		"targetContext": `{{ target.context }}`,
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
 
 	if withDeploymentYaml {
-		p.addKustomizeDeployment("cm", []kustomizeResource{{name: "cm.yaml", content: cm}}, nil)
+		p.AddKustomizeDeployment("cm", []kustomizeResource{{name: "cm.yaml", content: cm}}, nil)
 	} else {
-		p.addKustomizeResources("", []kustomizeResource{{name: "cm.yaml", content: cm}})
+		p.AddKustomizeResources("", []kustomizeResource{{name: "cm.yaml", content: cm}})
 		err := os.Remove(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "deployment.yml"))
 		assert.NoError(t, err)
 	}
@@ -39,22 +39,22 @@ func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 	p := prepareNoTargetTest(t, withDeploymentYaml)
 
 	p.KluctlMust("deploy", "--yes")
-	cm := assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
-	assertConfigMapNotExists(t, defaultCluster2, p.testSlug(), "cm")
+	cm := assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
+	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name")
-	cm = assertConfigMapExists(t, defaultCluster1, p.testSlug(), "cm")
+	cm = assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
 	p.KluctlMust("deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
-	cm = assertConfigMapExists(t, defaultCluster2, p.testSlug(), "cm")
+	cm = assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster2.Context,
diff --git a/e2e/project.go b/e2e/project.go
index afbb0fc0c..762506d57 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -35,14 +35,14 @@ func NewTestProject(t *testing.T, k *test_utils.EnvTestCluster) *TestProject {
 	p.gitServer = test_utils.NewGitServer(t)
 	p.gitServer.GitInit(p.getKluctlProjectRepo())
 
-	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
+	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		return nil
 	})
-	p.updateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
+	p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
 		return nil
 	})
 
-	tmpFile, err := os.CreateTemp("", p.testSlug()+"-kubeconfig-")
+	tmpFile, err := os.CreateTemp("", p.TestSlug()+"-kubeconfig-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -52,20 +52,20 @@ func NewTestProject(t *testing.T, k *test_utils.EnvTestCluster) *TestProject {
 		os.Remove(p.mergedKubeconfig)
 	})
 	if k != nil {
-		p.mergeKubeconfig(k)
+		p.MergeKubeconfig(k)
 	}
 	return p
 }
 
-func (p *TestProject) testSlug() string {
+func (p *TestProject) TestSlug() string {
 	n := p.t.Name()
 	n = xstrings.ToKebabCase(n)
 	n = strings.ReplaceAll(n, "/", "-")
 	return n
 }
 
-func (p *TestProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
-	p.updateMergedKubeconfig(func(config *clientcmdapi.Config) {
+func (p *TestProject) MergeKubeconfig(k *test_utils.EnvTestCluster) {
+	p.UpdateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.Load(k.Kubeconfig)
 		if err != nil {
 			p.t.Fatal(err)
@@ -78,7 +78,7 @@ func (p *TestProject) mergeKubeconfig(k *test_utils.EnvTestCluster) {
 	})
 }
 
-func (p *TestProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
+func (p *TestProject) UpdateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
 	mkcfg, err := clientcmd.LoadFromFile(p.mergedKubeconfig)
 	if err != nil {
 		p.t.Fatal(err)
@@ -92,30 +92,30 @@ func (p *TestProject) updateMergedKubeconfig(cb func(config *clientcmdapi.Config
 	}
 }
 
-func (p *TestProject) updateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
-	p.updateYaml(".kluctl.yml", update, "")
+func (p *TestProject) UpdateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
+	p.UpdateYaml(".kluctl.yml", update, "")
 }
 
-func (p *TestProject) updateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
-	p.updateYaml(filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
+func (p *TestProject) UpdateDeploymentYaml(dir string, update func(o *uo.UnstructuredObject) error) {
+	p.UpdateYaml(filepath.Join(dir, "deployment.yml"), func(o *uo.UnstructuredObject) error {
 		if dir == "." {
-			o.SetNestedField(p.testSlug(), "commonLabels", "project_name")
+			o.SetNestedField(p.TestSlug(), "commonLabels", "project_name")
 		}
 		return update(o)
 	}, "")
 }
 
-func (p *TestProject) updateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
+func (p *TestProject) UpdateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
 	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), path, func(o *uo.UnstructuredObject) error {
 		return update(o)
 	}, message)
 }
 
-func (p *TestProject) updateFile(path string, update func(f string) (string, error), message string) {
+func (p *TestProject) UpdateFile(path string, update func(f string) (string, error), message string) {
 	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), path, update, message)
 }
 
-func (p *TestProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
+func (p *TestProject) GetDeploymentYaml(dir string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
 	if err != nil {
 		p.t.Fatal(err)
@@ -123,9 +123,9 @@ func (p *TestProject) getDeploymentYaml(dir string) *uo.UnstructuredObject {
 	return o
 }
 
-func (p *TestProject) listDeploymentItemPathes(dir string, fullPath bool) []string {
+func (p *TestProject) ListDeploymentItemPathes(dir string, fullPath bool) []string {
 	var ret []string
-	o := p.getDeploymentYaml(dir)
+	o := p.GetDeploymentYaml(dir)
 	l, _, err := o.GetNestedObjectList("deployments")
 	if err != nil {
 		p.t.Fatal(err)
@@ -141,35 +141,35 @@ func (p *TestProject) listDeploymentItemPathes(dir string, fullPath bool) []stri
 		}
 		pth, ok, _ = x.GetNestedString("include")
 		if ok {
-			ret = append(ret, p.listDeploymentItemPathes(filepath.Join(dir, pth), fullPath)...)
+			ret = append(ret, p.ListDeploymentItemPathes(filepath.Join(dir, pth), fullPath)...)
 		}
 	}
 	return ret
 }
 
-func (p *TestProject) updateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
+func (p *TestProject) UpdateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
 	wt := p.gitServer.GetWorktree(p.getKluctlProjectRepo())
 
 	pth := filepath.Join(dir, "kustomization.yml")
-	p.updateYaml(pth, func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml(pth, func(o *uo.UnstructuredObject) error {
 		return update(o, wt)
 	}, fmt.Sprintf("Update kustomization.yml for %s", dir))
 }
 
-func (p *TestProject) updateTarget(name string, cb func(target *uo.UnstructuredObject)) {
-	p.updateNamedListItem(uo.KeyPath{"targets"}, name, cb)
+func (p *TestProject) UpdateTarget(name string, cb func(target *uo.UnstructuredObject)) {
+	p.UpdateNamedListItem(uo.KeyPath{"targets"}, name, cb)
 }
 
 func (p *TestProject) updateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
-	p.updateNamedListItem(uo.KeyPath{"secretsConfig", "secretSets"}, name, cb)
+	p.UpdateNamedListItem(uo.KeyPath{"secretsConfig", "secretSets"}, name, cb)
 }
 
-func (p *TestProject) updateNamedListItem(path uo.KeyPath, name string, cb func(item *uo.UnstructuredObject)) {
+func (p *TestProject) UpdateNamedListItem(path uo.KeyPath, name string, cb func(item *uo.UnstructuredObject)) {
 	if cb == nil {
 		cb = func(target *uo.UnstructuredObject) {}
 	}
 
-	p.updateKluctlYaml(func(o *uo.UnstructuredObject) error {
+	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		l, _, _ := o.GetNestedObjectList(path...)
 		var newList []*uo.UnstructuredObject
 		found := false
@@ -194,16 +194,16 @@ func (p *TestProject) updateNamedListItem(path uo.KeyPath, name string, cb func(
 	})
 }
 
-func (p *TestProject) updateDeploymentItems(dir string, update func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject) {
-	p.updateDeploymentYaml(dir, func(o *uo.UnstructuredObject) error {
+func (p *TestProject) UpdateDeploymentItems(dir string, update func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject) {
+	p.UpdateDeploymentYaml(dir, func(o *uo.UnstructuredObject) error {
 		items, _, _ := o.GetNestedObjectList("deployments")
 		items = update(items)
 		return o.SetNestedField(items, "deployments")
 	})
 }
 
-func (p *TestProject) addDeploymentItem(dir string, item *uo.UnstructuredObject) {
-	p.updateDeploymentItems(dir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+func (p *TestProject) AddDeploymentItem(dir string, item *uo.UnstructuredObject) {
+	p.UpdateDeploymentItems(dir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
 		for _, x := range items {
 			if reflect.DeepEqual(x, item) {
 				return items
@@ -214,30 +214,30 @@ func (p *TestProject) addDeploymentItem(dir string, item *uo.UnstructuredObject)
 	})
 }
 
-func (p *TestProject) addDeploymentInclude(dir string, includePath string, tags []string) {
+func (p *TestProject) AddDeploymentInclude(dir string, includePath string, tags []string) {
 	n := uo.FromMap(map[string]interface{}{
 		"include": includePath,
 	})
 	if len(tags) != 0 {
 		n.SetNestedField(tags, "tags")
 	}
-	p.addDeploymentItem(dir, n)
+	p.AddDeploymentItem(dir, n)
 }
 
-func (p *TestProject) addDeploymentIncludes(dir string) {
+func (p *TestProject) AddDeploymentIncludes(dir string) {
 	var pp []string
 	for _, x := range strings.Split(dir, "/") {
 		if x != "." {
-			p.addDeploymentInclude(filepath.Join(pp...), x, nil)
+			p.AddDeploymentInclude(filepath.Join(pp...), x, nil)
 		}
 		pp = append(pp, x)
 	}
 }
 
-func (p *TestProject) addKustomizeDeployment(dir string, resources []kustomizeResource, tags []string) {
+func (p *TestProject) AddKustomizeDeployment(dir string, resources []kustomizeResource, tags []string) {
 	deploymentDir := filepath.Dir(dir)
 	if deploymentDir != "" {
-		p.addDeploymentIncludes(deploymentDir)
+		p.AddDeploymentIncludes(deploymentDir)
 	}
 
 	absKustomizeDir := filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir)
@@ -247,14 +247,14 @@ func (p *TestProject) addKustomizeDeployment(dir string, resources []kustomizeRe
 		p.t.Fatal(err)
 	}
 
-	p.updateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
+	p.UpdateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
 		o.SetNestedField("kustomize.config.k8s.io/v1beta1", "apiVersion")
 		o.SetNestedField("Kustomization", "kind")
 		return nil
 	})
 
-	p.addKustomizeResources(dir, resources)
-	p.updateDeploymentYaml(deploymentDir, func(o *uo.UnstructuredObject) error {
+	p.AddKustomizeResources(dir, resources)
+	p.UpdateDeploymentYaml(deploymentDir, func(o *uo.UnstructuredObject) error {
 		d, _, _ := o.GetNestedObjectList("deployments")
 		n := uo.FromMap(map[string]interface{}{
 			"path": filepath.Base(dir),
@@ -294,8 +294,8 @@ type kustomizeResource struct {
 	content  interface{}
 }
 
-func (p *TestProject) addKustomizeResources(dir string, resources []kustomizeResource) {
-	p.updateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
+func (p *TestProject) AddKustomizeResources(dir string, resources []kustomizeResource) {
+	p.UpdateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
 		l, _, _ := o.GetNestedList("resources")
 		for _, r := range resources {
 			l = append(l, r.name)
@@ -320,9 +320,9 @@ func (p *TestProject) addKustomizeResources(dir string, resources []kustomizeRes
 	})
 }
 
-func (p *TestProject) deleteKustomizeDeployment(dir string) {
+func (p *TestProject) DeleteKustomizeDeployment(dir string) {
 	deploymentDir := filepath.Dir(dir)
-	p.updateDeploymentItems(deploymentDir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+	p.UpdateDeploymentItems(deploymentDir, func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
 		var newItems []*uo.UnstructuredObject
 		for _, item := range items {
 			pth, _, _ := item.GetNestedString("path")
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index bf64c78a8..441281150 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -104,12 +104,12 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[str
 		addProxyVars(p)
 	}
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
 	addSecretsSet(p, "test", varsSources)
 	addSecretsSetToTarget(p, "test-target", "test")
 
-	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.testSlug()})
+	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.TestSlug()})
 
 	return p
 }
@@ -121,7 +121,7 @@ func addSecretsSet(p *TestProject, name string, varsSources []*uo.UnstructuredOb
 }
 
 func addSecretsSetToTarget(p *TestProject, targetName string, secretSetName string) {
-	p.updateTarget(targetName, func(target *uo.UnstructuredObject) {
+	p.UpdateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
 		_ = target.SetNestedField(l, "sealingConfig", "secretSets")
@@ -182,7 +182,7 @@ func TestSeal_WithOperator(t *testing.T) {
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -230,7 +230,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	certHash, err := seal.HashPublicKey(cert)
 	assert.NoError(t, err)
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -266,7 +266,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -306,7 +306,7 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -341,12 +341,12 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	})
 	addSecretsSetToTarget(p, "test-target2", "test2")
 
-	p.mergeKubeconfig(defaultCluster2)
-	createNamespace(t, defaultCluster2, p.testSlug())
-	p.updateTarget("test-target", func(target *uo.UnstructuredObject) {
+	p.MergeKubeconfig(defaultCluster2)
+	createNamespace(t, defaultCluster2, p.TestSlug())
+	p.UpdateTarget("test-target", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
-	p.updateTarget("test-target2", func(target *uo.UnstructuredObject) {
+	p.UpdateTarget("test-target2", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
@@ -360,11 +360,11 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
 
-	assertSealedSecret(t, defaultCluster1, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster1, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
-	assertSealedSecret(t, defaultCluster2, p.testSlug(), "secret", certServer2.certHash, map[string]string{
+	assertSealedSecret(t, defaultCluster2, p.TestSlug(), "secret", certServer2.certHash, map[string]string{
 		"s1": "v3",
 		"s2": "v4",
 	})
@@ -392,7 +392,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 				},
 			}),
 		}, true)
-	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.testSlug()})
+	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()})
 
 	p.KluctlMust("seal", "-t", "test-target")
 
@@ -402,10 +402,10 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 	})
-	assertSealedSecret(t, k, p.testSlug(), "secret2", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret2", certServer1.certHash, map[string]string{
 		"s2": "v2",
 	})
 }
@@ -433,7 +433,7 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 			}),
 		}, true)
 
-	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: p.testSlug()}))
+	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}))
 
 	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), "secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
 		f += "---\n"
@@ -448,10 +448,10 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 	})
-	assertSealedSecret(t, k, p.testSlug(), "secret2", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret2", certServer1.certHash, map[string]string{
 		"s2": "v2",
 	})
 }
@@ -472,7 +472,7 @@ func TestSeal_File(t *testing.T) {
 			}),
 		}, true)
 
-	p.updateYaml("secret-values.yaml", func(o *uo.UnstructuredObject) error {
+	p.UpdateYaml("secret-values.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromMap(map[string]interface{}{
 			"secrets": map[string]interface{}{
 				"s1": "v1",
@@ -489,7 +489,7 @@ func TestSeal_File(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
@@ -544,7 +544,7 @@ func TestSeal_Vault(t *testing.T) {
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
-	assertSealedSecret(t, k, p.testSlug(), "secret", certServer1.certHash, map[string]string{
+	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
 	})
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index c7e3f127f..0e4e6bbf4 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -15,17 +15,17 @@ func TestSopsVars(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", nil)
+	p.UpdateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm", map[string]string{
 		"v1": "{{ test1.test2 }}",
 	}, resourceOpts{
 		name:      "cm",
-		namespace: p.testSlug(),
+		namespace: p.TestSlug(),
 	})
-	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField([]map[string]any{
 			{
 				"file": "encrypted-vars.yaml",
@@ -34,14 +34,14 @@ func TestSopsVars(t *testing.T) {
 		return nil
 	})
 
-	p.updateFile("encrypted-vars.yaml", func(f string) (string, error) {
+	p.UpdateFile("encrypted-vars.yaml", func(f string) (string, error) {
 		b, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
 		return string(b), nil
 	}, "")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
-	cm := assertConfigMapExists(t, k, p.testSlug(), "cm")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
 		"v1": "42",
 	}, "data")
@@ -55,26 +55,26 @@ func TestSopsResources(t *testing.T) {
 
 	p := NewTestProject(t, k)
 
-	createNamespace(t, k, p.testSlug())
+	createNamespace(t, k, p.TestSlug())
 
-	p.updateTarget("test", nil)
-	p.updateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(p.testSlug(), "overrideNamespace")
+	p.UpdateTarget("test", nil)
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(p.TestSlug(), "overrideNamespace")
 		return nil
 	})
 
-	p.addKustomizeDeployment("cm", []kustomizeResource{
+	p.AddKustomizeDeployment("cm", []kustomizeResource{
 		{name: "encrypted-cm.yaml"},
 	}, nil)
 
-	p.updateFile("cm/encrypted-cm.yaml", func(f string) (string, error) {
+	p.UpdateFile("cm/encrypted-cm.yaml", func(f string) (string, error) {
 		b, _ := sops_test_resources.TestResources.ReadFile("test-configmap.yaml")
 		return string(b), nil
 	}, "")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
-	cm := assertConfigMapExists(t, k, p.testSlug(), "encrypted-cm")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "encrypted-cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
 		"a": "b",
 	}, "data")
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 9c8f03fae..4df587ec1 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -53,7 +53,7 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 
 func addConfigMapDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
-	p.addKustomizeDeployment(dir, []kustomizeResource{
+	p.AddKustomizeDeployment(dir, []kustomizeResource{
 		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
 	}, opts.tags)
 }
@@ -61,7 +61,7 @@ func addConfigMapDeployment(p *TestProject, dir string, data map[string]string,
 func addSecretDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
-	p.addKustomizeDeployment(dir, []kustomizeResource{
+	p.AddKustomizeDeployment(dir, []kustomizeResource{
 		{fname, fname + ".sealme", o},
 	}, opts.tags)
 }

From 65bfbf428501ecd375d7d697b9690e10223f841c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 16:55:55 +0100
Subject: [PATCH 0592/2268] tests: KustomizeResource public

---
 e2e/helm_test.go       |  4 ++--
 e2e/hooks_test.go      |  2 +-
 e2e/no_target_test.go  |  4 ++--
 e2e/project.go         | 22 +++++++++++-----------
 e2e/sops_test.go       |  4 ++--
 e2e/utils_resources.go |  4 ++--
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index f973570be..786ae8487 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -26,8 +26,8 @@ func addHelmDeployment(p *TestProject, dir string, repoUrl string, chartName, ve
 		chartName = ""
 	}
 
-	p.AddKustomizeDeployment(dir, []kustomizeResource{
-		{name: "helm-rendered.yaml"},
+	p.AddKustomizeDeployment(dir, []KustomizeResource{
+		{Name: "helm-rendered.yaml"},
 	}, nil)
 
 	p.UpdateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index e9e4ae433..2d57815bd 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -87,7 +87,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
-	s.p.AddKustomizeResources(dir, []kustomizeResource{
+	s.p.AddKustomizeResources(dir, []KustomizeResource{
 		{fmt.Sprintf("%s.yml", opts.name), "", o},
 	})
 }
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index c3866d521..367041be0 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -23,9 +23,9 @@ func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
 	})
 
 	if withDeploymentYaml {
-		p.AddKustomizeDeployment("cm", []kustomizeResource{{name: "cm.yaml", content: cm}}, nil)
+		p.AddKustomizeDeployment("cm", []KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
 	} else {
-		p.AddKustomizeResources("", []kustomizeResource{{name: "cm.yaml", content: cm}})
+		p.AddKustomizeResources("", []KustomizeResource{{Name: "cm.yaml", Content: cm}})
 		err := os.Remove(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "deployment.yml"))
 		assert.NoError(t, err)
 	}
diff --git a/e2e/project.go b/e2e/project.go
index 762506d57..25ee4be57 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -234,7 +234,7 @@ func (p *TestProject) AddDeploymentIncludes(dir string) {
 	}
 }
 
-func (p *TestProject) AddKustomizeDeployment(dir string, resources []kustomizeResource, tags []string) {
+func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeResource, tags []string) {
 	deploymentDir := filepath.Dir(dir)
 	if deploymentDir != "" {
 		p.AddDeploymentIncludes(deploymentDir)
@@ -288,23 +288,23 @@ func (p *TestProject) convertInterfaceToList(x interface{}) []interface{} {
 	return []interface{}{x}
 }
 
-type kustomizeResource struct {
-	name     string
-	fileName string
-	content  interface{}
+type KustomizeResource struct {
+	Name     string
+	FileName string
+	Content  interface{}
 }
 
-func (p *TestProject) AddKustomizeResources(dir string, resources []kustomizeResource) {
+func (p *TestProject) AddKustomizeResources(dir string, resources []KustomizeResource) {
 	p.UpdateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
 		l, _, _ := o.GetNestedList("resources")
 		for _, r := range resources {
-			l = append(l, r.name)
-			fileName := r.fileName
+			l = append(l, r.Name)
+			fileName := r.FileName
 			if fileName == "" {
-				fileName = r.name
+				fileName = r.Name
 			}
-			if r.content != nil {
-				x := p.convertInterfaceToList(r.content)
+			if r.Content != nil {
+				x := p.convertInterfaceToList(r.Content)
 				err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, fileName), x)
 				if err != nil {
 					return err
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 0e4e6bbf4..726c29b1b 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -63,8 +63,8 @@ func TestSopsResources(t *testing.T) {
 		return nil
 	})
 
-	p.AddKustomizeDeployment("cm", []kustomizeResource{
-		{name: "encrypted-cm.yaml"},
+	p.AddKustomizeDeployment("cm", []KustomizeResource{
+		{Name: "encrypted-cm.yaml"},
 	}, nil)
 
 	p.UpdateFile("cm/encrypted-cm.yaml", func(f string) (string, error) {
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 4df587ec1..83a5df3e8 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -53,7 +53,7 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 
 func addConfigMapDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
-	p.AddKustomizeDeployment(dir, []kustomizeResource{
+	p.AddKustomizeDeployment(dir, []KustomizeResource{
 		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
 	}, opts.tags)
 }
@@ -61,7 +61,7 @@ func addConfigMapDeployment(p *TestProject, dir string, data map[string]string,
 func addSecretDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
-	p.AddKustomizeDeployment(dir, []kustomizeResource{
+	p.AddKustomizeDeployment(dir, []KustomizeResource{
 		{fname, fname + ".sealme", o},
 	}, opts.tags)
 }

From d12955dd49a41904390aa3d0c916732ac7148f39 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 17:05:32 +0100
Subject: [PATCH 0593/2268] tests: Simplify TestProject to only support one git
 repo

---
 e2e/helm_test.go             | 18 +++++++++---------
 e2e/no_target_test.go        |  2 +-
 e2e/project.go               | 28 ++++++++++++++++++----------
 e2e/seal_test.go             | 20 ++++++++++----------
 e2e/test-utils/git_server.go |  2 +-
 pkg/vars/vars_loader_test.go |  4 ++--
 6 files changed, 41 insertions(+), 33 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 786ae8487..0110c3689 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -105,7 +105,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 			return
 		} else {
 			assert.NoError(t, err)
-			assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+			assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
 		}
 	}
 
@@ -171,7 +171,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
@@ -224,9 +224,9 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}, "")
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
-	assert.FileExists(t, filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm3/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm2/charts/test-chart2/Chart.yaml"))
+	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm3/charts/test-chart1/Chart.yaml"))
 
 	args := []string{"helm-update"}
 	if upgrade {
@@ -241,11 +241,11 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	assert.Contains(t, stderr, "helm2: Chart has new version 0.3.0 available.")
 	assert.Contains(t, stderr, "helm3: Chart has new version 0.2.0 available. Old version is 0.1.0. skipUpdate is set to true.")
 
-	c1, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm1/charts/test-chart1/Chart.yaml"))
+	c1, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
 	assert.NoError(t, err)
-	c2, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm2/charts/test-chart2/Chart.yaml"))
+	c2, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm2/charts/test-chart2/Chart.yaml"))
 	assert.NoError(t, err)
-	c3, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "helm3/charts/test-chart1/Chart.yaml"))
+	c3, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm3/charts/test-chart1/Chart.yaml"))
 	assert.NoError(t, err)
 
 	v1, _, _ := c1.GetNestedString("version")
@@ -262,7 +262,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}
 
 	if commit {
-		r := p.gitServer.GetGitRepo(p.getKluctlProjectRepo())
+		r := p.GetGitRepo()
 
 		commits, err := r.Log(&git.LogOptions{})
 		assert.NoError(t, err)
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 367041be0..5d92a5c6c 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -26,7 +26,7 @@ func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
 		p.AddKustomizeDeployment("cm", []KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
 	} else {
 		p.AddKustomizeResources("", []KustomizeResource{{Name: "cm.yaml", Content: cm}})
-		err := os.Remove(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), "deployment.yml"))
+		err := os.Remove(filepath.Join(p.LocalRepoDir(), "deployment.yml"))
 		assert.NoError(t, err)
 	}
 
diff --git a/e2e/project.go b/e2e/project.go
index 25ee4be57..4e1a4a14d 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -33,7 +33,7 @@ func NewTestProject(t *testing.T, k *test_utils.EnvTestCluster) *TestProject {
 	}
 
 	p.gitServer = test_utils.NewGitServer(t)
-	p.gitServer.GitInit(p.getKluctlProjectRepo())
+	p.gitServer.GitInit("kluctl-project")
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		return nil
@@ -106,17 +106,17 @@ func (p *TestProject) UpdateDeploymentYaml(dir string, update func(o *uo.Unstruc
 }
 
 func (p *TestProject) UpdateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
-	p.gitServer.UpdateYaml(p.getKluctlProjectRepo(), path, func(o *uo.UnstructuredObject) error {
+	p.gitServer.UpdateYaml("kluctl-project", path, func(o *uo.UnstructuredObject) error {
 		return update(o)
 	}, message)
 }
 
 func (p *TestProject) UpdateFile(path string, update func(f string) (string, error), message string) {
-	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), path, update, message)
+	p.gitServer.UpdateFile("kluctl-project", path, update, message)
 }
 
 func (p *TestProject) GetDeploymentYaml(dir string) *uo.UnstructuredObject {
-	o, err := uo.FromFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, "deployment.yml"))
+	o, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), dir, "deployment.yml"))
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -148,7 +148,7 @@ func (p *TestProject) ListDeploymentItemPathes(dir string, fullPath bool) []stri
 }
 
 func (p *TestProject) UpdateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
-	wt := p.gitServer.GetWorktree(p.getKluctlProjectRepo())
+	wt := p.gitServer.GetWorktree("kluctl-project")
 
 	pth := filepath.Join(dir, "kustomization.yml")
 	p.UpdateYaml(pth, func(o *uo.UnstructuredObject) error {
@@ -240,7 +240,7 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 		p.AddDeploymentIncludes(deploymentDir)
 	}
 
-	absKustomizeDir := filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir)
+	absKustomizeDir := filepath.Join(p.LocalRepoDir(), dir)
 
 	err := os.MkdirAll(absKustomizeDir, 0o700)
 	if err != nil {
@@ -305,7 +305,7 @@ func (p *TestProject) AddKustomizeResources(dir string, resources []KustomizeRes
 			}
 			if r.Content != nil {
 				x := p.convertInterfaceToList(r.Content)
-				err := yaml.WriteYamlAllFile(filepath.Join(p.gitServer.LocalRepoDir(p.getKluctlProjectRepo()), dir, fileName), x)
+				err := yaml.WriteYamlAllFile(filepath.Join(p.LocalRepoDir(), dir, fileName), x)
 				if err != nil {
 					return err
 				}
@@ -335,8 +335,16 @@ func (p *TestProject) DeleteKustomizeDeployment(dir string) {
 	})
 }
 
-func (p *TestProject) getKluctlProjectRepo() string {
-	return "kluctl-project"
+func (p *TestProject) GitUrl() string {
+	return p.gitServer.GitUrl("kluctl-project")
+}
+
+func (p *TestProject) LocalRepoDir() string {
+	return p.gitServer.LocalRepoDir("kluctl-project")
+}
+
+func (p *TestProject) GetGitRepo() *git.Repository {
+	return p.gitServer.GetGitRepo("kluctl-project")
 }
 
 func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
@@ -344,7 +352,7 @@ func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
 
-	cwd := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	cwd := p.LocalRepoDir()
 
 	args = append(args, "--debug")
 
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 441281150..d80be37b3 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -178,7 +178,7 @@ func TestSeal_WithOperator(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -213,7 +213,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	test_resources.ApplyYaml("sealed-secrets.yaml", k)
@@ -261,7 +261,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -301,7 +301,7 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -353,7 +353,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	p.KluctlMust("seal", "-t", "test-target")
 	p.KluctlMust("seal", "-t", "test-target2")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
@@ -396,7 +396,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment2/test-target/secret-secret2.yml"))
 
@@ -435,7 +435,7 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 
 	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}))
 
-	p.gitServer.UpdateFile(p.getKluctlProjectRepo(), "secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
+	p.UpdateFile("secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
 		f += "---\n"
 		f += secret2Text
 		return f, nil
@@ -443,7 +443,7 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -484,7 +484,7 @@ func TestSeal_File(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -539,7 +539,7 @@ func TestSeal_Vault(t *testing.T) {
 	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.gitServer.LocalRepoDir(p.getKluctlProjectRepo())
+	sealedSecretsDir := p.LocalRepoDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
diff --git a/e2e/test-utils/git_server.go b/e2e/test-utils/git_server.go
index f539dac91..6e45a3031 100644
--- a/e2e/test-utils/git_server.go
+++ b/e2e/test-utils/git_server.go
@@ -235,7 +235,7 @@ func (p *GitServer) convertInterfaceToList(x interface{}) []interface{} {
 	return []interface{}{x}
 }
 
-func (p *GitServer) LocalGitUrl(repo string) string {
+func (p *GitServer) GitUrl(repo string) string {
 	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, repo)
 }
 
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 9b46900c8..fc0d510e0 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -163,7 +163,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	}, "")
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.LocalGitUrl("repo"))
+		url, _ := git_url.Parse(gs.GitUrl("repo"))
 		err := vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
@@ -199,7 +199,7 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 	assert.NoError(t, err)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.LocalGitUrl("repo"))
+		url, _ := git_url.Parse(gs.GitUrl("repo"))
 		err = vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,

From ef3c11d54670b529415dfc3ccb60e66e5ab6489d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 17:07:19 +0100
Subject: [PATCH 0594/2268] tests: Implement AddExtraEnv helper

---
 e2e/project.go   |  4 ++++
 e2e/seal_test.go | 12 ++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/e2e/project.go b/e2e/project.go
index 4e1a4a14d..8b4cc5364 100644
--- a/e2e/project.go
+++ b/e2e/project.go
@@ -92,6 +92,10 @@ func (p *TestProject) UpdateMergedKubeconfig(cb func(config *clientcmdapi.Config
 	}
 }
 
+func (p *TestProject) AddExtraEnv(e string) {
+	p.extraEnv = append(p.extraEnv, e)
+}
+
 func (p *TestProject) UpdateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
 	p.UpdateYaml(".kluctl.yml", update, "")
 }
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index d80be37b3..ab4b87d4c 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -87,11 +87,11 @@ func startCertServer() (*certServer, error) {
 
 func addProxyVars(p *TestProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
-		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
-		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
-		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME=%s", idx, "sealed-secrets-controller"))
-		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT=%s", idx, "http"))
-		p.extraEnv = append(p.extraEnv, fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL=%s", idx, cs.url))
+		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
+		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
+		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME=%s", idx, "sealed-secrets-controller"))
+		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT=%s", idx, "http"))
+		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL=%s", idx, cs.url))
 	}
 	f(0, defaultCluster1, certServer1)
 	f(1, defaultCluster2, certServer2)
@@ -536,7 +536,7 @@ func TestSeal_Vault(t *testing.T) {
 			}),
 		}, true)
 
-	p.extraEnv = append(p.extraEnv, "VAULT_TOKEN=root")
+	p.AddExtraEnv("VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalRepoDir()

From fdeee82cafe249a6e25120631b8d0794a945de05 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 17:11:53 +0100
Subject: [PATCH 0595/2268] tests: Move TestProject into test-utils package

---
 e2e/args_test.go                |  7 ++---
 e2e/contexts_test.go            |  5 ++--
 e2e/deployment_items_test.go    |  5 ++--
 e2e/flux_test.go                |  2 +-
 e2e/helm_test.go                | 24 ++++++++---------
 e2e/hooks_test.go               |  6 ++---
 e2e/inclusion_test.go           |  6 ++---
 e2e/no_target_test.go           |  9 ++++---
 e2e/seal_test.go                | 12 ++++-----
 e2e/sops_test.go                |  7 ++---
 e2e/{ => test-utils}/project.go | 13 +++++----
 e2e/test-utils/run_helper.go    | 48 +++++++++++++++++++++++++++++++++
 e2e/utils.go                    | 43 -----------------------------
 e2e/utils_resources.go          |  9 ++++---
 14 files changed, 103 insertions(+), 93 deletions(-)
 rename e2e/{ => test-utils}/project.go (96%)
 create mode 100644 e2e/test-utils/run_helper.go

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 32443a740..2cfebb50e 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"testing"
@@ -12,7 +13,7 @@ func testArgs(t *testing.T, deprecated bool) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -135,7 +136,7 @@ func TestArgsFromEnv(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -168,7 +169,7 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 1f3c5ee45..ef7a203b0 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -1,13 +1,14 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"testing"
 )
 
-func prepareContextTest(t *testing.T) *TestProject {
-	p := NewTestProject(t, defaultCluster1)
+func prepareContextTest(t *testing.T) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t, defaultCluster1)
 	p.MergeKubeconfig(defaultCluster2)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 122204df4..2a346b8fe 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 )
@@ -10,7 +11,7 @@ func TestKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -38,7 +39,7 @@ func TestGeneratedKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index b9f49d496..c8e1979b2 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -36,7 +36,7 @@ func TestFluxCommands(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	var wg sync.WaitGroup
 	wg.Add(2)
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 0110c3689..4efa1fc14 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -20,13 +20,13 @@ func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool,
 	}
 }
 
-func addHelmDeployment(p *TestProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
+func addHelmDeployment(p *test_utils.TestProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
 	if registry2.IsOCI(repoUrl) {
 		repoUrl += "/" + chartName
 		chartName = ""
 	}
 
-	p.AddKustomizeDeployment(dir, []KustomizeResource{
+	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
 		{Name: "helm-rendered.yaml"},
 	}, nil)
 
@@ -67,7 +67,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -78,7 +78,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 		password = "secret-password"
 	}
 
-	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 	}, tc.oci, user, password)
 
@@ -158,11 +158,11 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
 	}, oci, "", "")
@@ -202,11 +202,11 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(p.t, []test_utils.RepoChart{
+	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
@@ -312,11 +312,11 @@ func TestHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "", "")
@@ -374,13 +374,13 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 	createNamespace(t, k, p.TestSlug()+"-a")
 	createNamespace(t, k, p.TestSlug()+"-b")
 
-	repoUrl := test_utils.CreateHelmRepo(p.t, []test_utils.RepoChart{
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "", "")
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 2d57815bd..766c43e9c 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -18,7 +18,7 @@ type hooksTestContext struct {
 	t *testing.T
 	k *test_utils.EnvTestCluster
 
-	p *TestProject
+	p *test_utils.TestProject
 
 	seenConfigMaps []string
 
@@ -87,7 +87,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
-	s.p.AddKustomizeResources(dir, []KustomizeResource{
+	s.p.AddKustomizeResources(dir, []test_utils.KustomizeResource{
 		{fmt.Sprintf("%s.yml", opts.name), "", o},
 	})
 }
@@ -99,7 +99,7 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	}
 	s.setupWebhook()
 
-	s.p = NewTestProject(t, s.k)
+	s.p = test_utils.NewTestProject(t, s.k)
 	t.Cleanup(func() {
 		s.removeWebhook()
 	})
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index f8e196651..08e6f5881 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -8,9 +8,9 @@ import (
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*TestProject, *test_utils.EnvTestCluster) {
+func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_utils.TestProject, *test_utils.EnvTestCluster) {
 	k := defaultCluster1
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -40,7 +40,7 @@ func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*TestProject,
 	return p, k
 }
 
-func assertExistsHelper(t *testing.T, p *TestProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
+func assertExistsHelper(t *testing.T, p *test_utils.TestProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
 	for _, x := range add {
 		shouldExists[x] = true
 	}
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 5d92a5c6c..caa7d217c 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -1,14 +1,15 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
 	"testing"
 )
 
-func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
-	p := NewTestProject(t, defaultCluster1)
+func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t, defaultCluster1)
 	p.MergeKubeconfig(defaultCluster2)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
@@ -23,9 +24,9 @@ func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *TestProject {
 	})
 
 	if withDeploymentYaml {
-		p.AddKustomizeDeployment("cm", []KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
+		p.AddKustomizeDeployment("cm", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
 	} else {
-		p.AddKustomizeResources("", []KustomizeResource{{Name: "cm.yaml", Content: cm}})
+		p.AddKustomizeResources("", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}})
 		err := os.Remove(filepath.Join(p.LocalRepoDir(), "deployment.yml"))
 		assert.NoError(t, err)
 	}
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index ab4b87d4c..ecbf0b69f 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -85,7 +85,7 @@ func startCertServer() (*certServer, error) {
 	return &cs, nil
 }
 
-func addProxyVars(p *TestProject) {
+func addProxyVars(p *test_utils.TestProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
 		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
 		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
@@ -97,8 +97,8 @@ func addProxyVars(p *TestProject) {
 	f(1, defaultCluster2, certServer2)
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *TestProject {
-	p := NewTestProject(t, k)
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t, k)
 
 	if proxy {
 		addProxyVars(p)
@@ -114,13 +114,13 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[str
 	return p
 }
 
-func addSecretsSet(p *TestProject, name string, varsSources []*uo.UnstructuredObject) {
-	p.updateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
+func addSecretsSet(p *test_utils.TestProject, name string, varsSources []*uo.UnstructuredObject) {
+	p.UpdateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
 		_ = secretSet.SetNestedField(varsSources, "vars")
 	})
 }
 
-func addSecretsSetToTarget(p *TestProject, targetName string, secretSetName string) {
+func addSecretsSetToTarget(p *test_utils.TestProject, targetName string, secretSetName string) {
 	p.UpdateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 726c29b1b..22014d9a0 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"go.mozilla.org/sops/v3/age"
@@ -13,7 +14,7 @@ func TestSopsVars(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -53,7 +54,7 @@ func TestSopsResources(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := NewTestProject(t, k)
+	p := test_utils.NewTestProject(t, k)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -63,7 +64,7 @@ func TestSopsResources(t *testing.T) {
 		return nil
 	})
 
-	p.AddKustomizeDeployment("cm", []KustomizeResource{
+	p.AddKustomizeDeployment("cm", []test_utils.KustomizeResource{
 		{Name: "encrypted-cm.yaml"},
 	}, nil)
 
diff --git a/e2e/project.go b/e2e/test-utils/project.go
similarity index 96%
rename from e2e/project.go
rename to e2e/test-utils/project.go
index 8b4cc5364..fdf05fc6b 100644
--- a/e2e/project.go
+++ b/e2e/test-utils/project.go
@@ -1,11 +1,10 @@
-package e2e
+package test_utils
 
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/imdario/mergo"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/tools/clientcmd"
@@ -24,15 +23,15 @@ type TestProject struct {
 
 	mergedKubeconfig string
 
-	gitServer *test_utils.GitServer
+	gitServer *GitServer
 }
 
-func NewTestProject(t *testing.T, k *test_utils.EnvTestCluster) *TestProject {
+func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
 	p := &TestProject{
 		t: t,
 	}
 
-	p.gitServer = test_utils.NewGitServer(t)
+	p.gitServer = NewGitServer(t)
 	p.gitServer.GitInit("kluctl-project")
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
@@ -64,7 +63,7 @@ func (p *TestProject) TestSlug() string {
 	return n
 }
 
-func (p *TestProject) MergeKubeconfig(k *test_utils.EnvTestCluster) {
+func (p *TestProject) MergeKubeconfig(k *EnvTestCluster) {
 	p.UpdateMergedKubeconfig(func(config *clientcmdapi.Config) {
 		nkcfg, err := clientcmd.Load(k.Kubeconfig)
 		if err != nil {
@@ -164,7 +163,7 @@ func (p *TestProject) UpdateTarget(name string, cb func(target *uo.UnstructuredO
 	p.UpdateNamedListItem(uo.KeyPath{"targets"}, name, cb)
 }
 
-func (p *TestProject) updateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
+func (p *TestProject) UpdateSecretSet(name string, cb func(secretSet *uo.UnstructuredObject)) {
 	p.UpdateNamedListItem(uo.KeyPath{"secretsConfig", "secretSets"}, name, cb)
 }
 
diff --git a/e2e/test-utils/run_helper.go b/e2e/test-utils/run_helper.go
new file mode 100644
index 000000000..face1f426
--- /dev/null
+++ b/e2e/test-utils/run_helper.go
@@ -0,0 +1,48 @@
+package test_utils
+
+import (
+	"bufio"
+	"bytes"
+	"io"
+	"os/exec"
+	"sync"
+	"testing"
+)
+
+func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
+	stdoutPipe, err := cmd.StdoutPipe()
+	if err != nil {
+		return "", "", err
+	}
+	stderrPipe, err := cmd.StderrPipe()
+	if err != nil {
+		_ = stdoutPipe.Close()
+		return "", "", err
+	}
+
+	var wg sync.WaitGroup
+	stdReader := func(testLogPrefix string, buf io.StringWriter, pipe io.Reader) {
+		defer wg.Done()
+		scanner := bufio.NewScanner(pipe)
+		for scanner.Scan() {
+			l := scanner.Text()
+			t.Log(testLogPrefix + l)
+			_, _ = buf.WriteString(l + "\n")
+		}
+	}
+
+	stdoutBuf := bytes.NewBuffer(nil)
+	stderrBuf := bytes.NewBuffer(nil)
+
+	wg.Add(2)
+	go stdReader("stdout: ", stdoutBuf, stdoutPipe)
+	go stdReader("stderr: ", stderrBuf, stderrPipe)
+
+	err = cmd.Start()
+	if err != nil {
+		return "", "", err
+	}
+	wg.Wait()
+	err = cmd.Wait()
+	return stdoutBuf.String(), stderrBuf.String(), err
+}
diff --git a/e2e/utils.go b/e2e/utils.go
index bd8eb8e63..5d4a234a0 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -1,19 +1,14 @@
 package e2e
 
 import (
-	"bufio"
-	"bytes"
 	"context"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"io"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"os/exec"
 	"reflect"
-	"sync"
 	"testing"
 )
 
@@ -58,41 +53,3 @@ func assertNestedFieldEquals(t *testing.T, o *uo.UnstructuredObject, expected in
 		t.Fatalf("%v != %v", v, expected)
 	}
 }
-
-func runHelper(t *testing.T, cmd *exec.Cmd) (string, string, error) {
-	stdoutPipe, err := cmd.StdoutPipe()
-	if err != nil {
-		return "", "", err
-	}
-	stderrPipe, err := cmd.StderrPipe()
-	if err != nil {
-		_ = stdoutPipe.Close()
-		return "", "", err
-	}
-
-	var wg sync.WaitGroup
-	stdReader := func(testLogPrefix string, buf io.StringWriter, pipe io.Reader) {
-		defer wg.Done()
-		scanner := bufio.NewScanner(pipe)
-		for scanner.Scan() {
-			l := scanner.Text()
-			t.Log(testLogPrefix + l)
-			_, _ = buf.WriteString(l + "\n")
-		}
-	}
-
-	stdoutBuf := bytes.NewBuffer(nil)
-	stderrBuf := bytes.NewBuffer(nil)
-
-	wg.Add(2)
-	go stdReader("stdout: ", stdoutBuf, stdoutPipe)
-	go stdReader("stderr: ", stderrBuf, stderrPipe)
-
-	err = cmd.Start()
-	if err != nil {
-		return "", "", err
-	}
-	wg.Wait()
-	err = cmd.Wait()
-	return stdoutBuf.String(), stderrBuf.String(), err
-}
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 83a5df3e8..6d645d980 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
@@ -51,17 +52,17 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 	return o
 }
 
-func addConfigMapDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
+func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
-	p.AddKustomizeDeployment(dir, []KustomizeResource{
+	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
 		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
 	}, opts.tags)
 }
 
-func addSecretDeployment(p *TestProject, dir string, data map[string]string, opts resourceOpts) {
+func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
-	p.AddKustomizeDeployment(dir, []KustomizeResource{
+	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
 		{fname, fname + ".sealme", o},
 	}, opts.tags)
 }

From 04bb23d138d6d4b7833f699a377ba9766172b421 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 20:58:13 +0100
Subject: [PATCH 0596/2268] tests: Move test-helm-chart into test-utils

---
 e2e/test-utils/helm_repo_utils.go                             | 2 +-
 e2e/{ => test-utils}/test-helm-chart/.helmignore              | 0
 e2e/{ => test-utils}/test-helm-chart/Chart.yaml               | 0
 e2e/{ => test-utils}/test-helm-chart/resources.go             | 0
 e2e/{ => test-utils}/test-helm-chart/templates/_helpers.tpl   | 0
 e2e/{ => test-utils}/test-helm-chart/templates/configmap.yaml | 0
 e2e/{ => test-utils}/test-helm-chart/values.yaml              | 0
 7 files changed, 1 insertion(+), 1 deletion(-)
 rename e2e/{ => test-utils}/test-helm-chart/.helmignore (100%)
 rename e2e/{ => test-utils}/test-helm-chart/Chart.yaml (100%)
 rename e2e/{ => test-utils}/test-helm-chart/resources.go (100%)
 rename e2e/{ => test-utils}/test-helm-chart/templates/_helpers.tpl (100%)
 rename e2e/{ => test-utils}/test-helm-chart/templates/configmap.yaml (100%)
 rename e2e/{ => test-utils}/test-helm-chart/values.yaml (100%)

diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 631b2a677..fc5f422f2 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -2,7 +2,7 @@ package test_utils
 
 import (
 	"github.com/google/go-containerregistry/pkg/registry"
-	test_resources "github.com/kluctl/kluctl/v2/e2e/test-helm-chart"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
diff --git a/e2e/test-helm-chart/.helmignore b/e2e/test-utils/test-helm-chart/.helmignore
similarity index 100%
rename from e2e/test-helm-chart/.helmignore
rename to e2e/test-utils/test-helm-chart/.helmignore
diff --git a/e2e/test-helm-chart/Chart.yaml b/e2e/test-utils/test-helm-chart/Chart.yaml
similarity index 100%
rename from e2e/test-helm-chart/Chart.yaml
rename to e2e/test-utils/test-helm-chart/Chart.yaml
diff --git a/e2e/test-helm-chart/resources.go b/e2e/test-utils/test-helm-chart/resources.go
similarity index 100%
rename from e2e/test-helm-chart/resources.go
rename to e2e/test-utils/test-helm-chart/resources.go
diff --git a/e2e/test-helm-chart/templates/_helpers.tpl b/e2e/test-utils/test-helm-chart/templates/_helpers.tpl
similarity index 100%
rename from e2e/test-helm-chart/templates/_helpers.tpl
rename to e2e/test-utils/test-helm-chart/templates/_helpers.tpl
diff --git a/e2e/test-helm-chart/templates/configmap.yaml b/e2e/test-utils/test-helm-chart/templates/configmap.yaml
similarity index 100%
rename from e2e/test-helm-chart/templates/configmap.yaml
rename to e2e/test-utils/test-helm-chart/templates/configmap.yaml
diff --git a/e2e/test-helm-chart/values.yaml b/e2e/test-utils/test-helm-chart/values.yaml
similarity index 100%
rename from e2e/test-helm-chart/values.yaml
rename to e2e/test-utils/test-helm-chart/values.yaml

From 02181c5e80252fd1679f1f0dd9ebf5e3f0028083 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 23:04:58 +0100
Subject: [PATCH 0597/2268] tests: Move addHelmDeployment into TestProject

---
 e2e/helm_test.go          | 58 ++++++++-------------------------------
 e2e/test-utils/project.go | 34 +++++++++++++++++++++++
 2 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 4efa1fc14..58b15625d 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -6,7 +6,6 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
-	registry2 "helm.sh/helm/v3/pkg/registry"
 	"path/filepath"
 	"sort"
 	"testing"
@@ -20,39 +19,6 @@ func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool,
 	}
 }
 
-func addHelmDeployment(p *test_utils.TestProject, dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
-	if registry2.IsOCI(repoUrl) {
-		repoUrl += "/" + chartName
-		chartName = ""
-	}
-
-	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
-		{Name: "helm-rendered.yaml"},
-	}, nil)
-
-	p.UpdateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
-		*o = *uo.FromMap(map[string]interface{}{
-			"helmChart": map[string]any{
-				"repo":         repoUrl,
-				"chartVersion": version,
-				"releaseName":  releaseName,
-				"namespace":    namespace,
-			},
-		})
-		if chartName != "" {
-			_ = o.SetNestedField(chartName, "helmChart", "chartName")
-		}
-		return nil
-	}, "")
-
-	if values != nil {
-		p.UpdateYaml(filepath.Join(dir, "helm-values.yaml"), func(o *uo.UnstructuredObject) error {
-			*o = *uo.FromMap(values)
-			return nil
-		}, "")
-	}
-}
-
 type testCase struct {
 	name          string
 	oci           bool
@@ -83,7 +49,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 	}, tc.oci, user, password)
 
 	p.UpdateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	if tc.testAuth {
 		if tc.credsId != "" {
@@ -168,7 +134,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	}, oci, "", "")
 
 	p.UpdateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust("helm-pull")
 	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
@@ -214,9 +180,9 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}, oci, "", "")
 
 	p.UpdateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipUpdate")
@@ -341,9 +307,9 @@ func TestHelmValues(t *testing.T) {
 	}
 
 	p.UpdateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
+	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
@@ -386,10 +352,10 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	}, "", "")
 
 	p.UpdateTarget("test", nil)
-	addHelmDeployment(p, "helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
-	addHelmDeployment(p, "helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
-	addHelmDeployment(p, "helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
-	addHelmDeployment(p, "helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
+	p.AddHelmDeployment("helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index fdf05fc6b..51183ffef 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -7,6 +7,7 @@ import (
 	"github.com/imdario/mergo"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	registry2 "helm.sh/helm/v3/pkg/registry"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"os"
@@ -271,6 +272,39 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 	})
 }
 
+func (p *TestProject) AddHelmDeployment(dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
+	if registry2.IsOCI(repoUrl) {
+		repoUrl += "/" + chartName
+		chartName = ""
+	}
+
+	p.AddKustomizeDeployment(dir, []KustomizeResource{
+		{Name: "helm-rendered.yaml"},
+	}, nil)
+
+	p.UpdateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"helmChart": map[string]any{
+				"repo":         repoUrl,
+				"chartVersion": version,
+				"releaseName":  releaseName,
+				"namespace":    namespace,
+			},
+		})
+		if chartName != "" {
+			_ = o.SetNestedField(chartName, "helmChart", "chartName")
+		}
+		return nil
+	}, "")
+
+	if values != nil {
+		p.UpdateYaml(filepath.Join(dir, "helm-values.yaml"), func(o *uo.UnstructuredObject) error {
+			*o = *uo.FromMap(values)
+			return nil
+		}, "")
+	}
+}
+
 func (p *TestProject) convertInterfaceToList(x interface{}) []interface{} {
 	var ret []interface{}
 	if l, ok := x.([]interface{}); ok {

From 22d0278238d0751061a30b349f2b79999bd44a96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Nov 2022 22:13:00 +0000
Subject: [PATCH 0598/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.145 to 1.44.146

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.145 to 1.44.146.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.145...v1.44.146)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7108d7e82..7f5badd32 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.145
+	github.com/aws/aws-sdk-go v1.44.146
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 89ad58cea..b83e8c3c7 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.145 h1:KMVRrIyjBsNz3xGPuHIRnhIuKlb5h3Ii5e5jbi3cgnc=
-github.com/aws/aws-sdk-go v1.44.145/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.146 h1:7YdGgPxDPRJu/yYffzZp/H7yHzQ6AqmuNFZPYraaN8I=
+github.com/aws/aws-sdk-go v1.44.146/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 64abf6c5824c515c17b4594db3782c9b34797014 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Nov 2022 22:13:40 +0000
Subject: [PATCH 0599/2268] chore(deps): Bump github.com/Masterminds/semver/v3
 from 3.1.1 to 3.2.0

Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/semver/compare/v3.1.1...v3.2.0)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 7108d7e82..202de4dd6 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
-	github.com/Masterminds/semver/v3 v3.1.1
+	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/aws/aws-sdk-go v1.44.145
 	github.com/bitnami-labs/sealed-secrets v0.19.2
diff --git a/go.sum b/go.sum
index 89ad58cea..c186d2345 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,9 @@ github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=

From 81a8c7424eb7f2f37c19fe09a1dae0f1e6b2b9a0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Nov 2022 23:07:37 +0100
Subject: [PATCH 0600/2268] fix: Also consider helm credentials when no
 credentialsId is provided

---
 e2e/helm_test.go             |  2 +-
 pkg/deployment/helm_chart.go | 21 +++++++++++----------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 58b15625d..94386b8f8 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -97,7 +97,7 @@ func TestHelmPull(t *testing.T) {
 	tests := []testCase{
 		{name: "helm-no-creds"},
 		{name: "helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
-			expectedError: "no credentials provided for Chart test-chart1"},
+			expectedError: "401 Unauthorized"},
 		{name: "helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
 			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:invalid"},
 			expectedError: "401 Unauthorized"},
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 0d9b4d4cb..dda52347a 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -213,21 +213,22 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 		if registry.IsOCI(*c.Config.Repo) {
 			return fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
 		}
-
 		if c.credentials == nil {
 			return fmt.Errorf("no credentials provider")
 		}
+	}
+
+	if c.credentials != nil {
 		creds := c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
-		if creds == nil {
-			return fmt.Errorf("no credentials provided for Chart %s", c.chartName)
+		if creds != nil {
+			a.Username = creds.Username
+			a.Password = creds.Password
+			a.CertFile = creds.CertFile
+			a.CaFile = creds.CAFile
+			a.KeyFile = creds.KeyFile
+			a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
+			a.PassCredentialsAll = creds.PassCredentialsAll
 		}
-		a.Username = creds.Username
-		a.Password = creds.Password
-		a.CertFile = creds.CertFile
-		a.CaFile = creds.CAFile
-		a.KeyFile = creds.KeyFile
-		a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
-		a.PassCredentialsAll = creds.PassCredentialsAll
 	}
 
 	var out string

From 511efdc4b08295230e067d0073d0b145be7fa070 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Nov 2022 22:07:31 +0000
Subject: [PATCH 0601/2268] chore(deps): Bump github.com/golang-jwt/jwt/v4 from
 4.4.2 to 4.4.3

Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.2 to 4.4.3.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index aa0533f25..3561dec7e 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.2
+	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/google/go-containerregistry v0.12.1
 	github.com/hashicorp/vault/api v1.8.2
 	github.com/hexops/gotextdiff v1.0.3
diff --git a/go.sum b/go.sum
index 3acee807f..e633e02b6 100644
--- a/go.sum
+++ b/go.sum
@@ -316,8 +316,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
-github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
+github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=

From fe837cbe6a7c8f73ef29c30b1082d1217c605b2f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 29 Nov 2022 20:12:56 +0100
Subject: [PATCH 0602/2268] refactor: Remove status handler dependency from git
 pkg

---
 pkg/git/mirrored_repo.go   | 17 +++++------------
 pkg/git/repocache/cache.go |  5 +++++
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index c3a08ff7d..14262b6fd 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -11,7 +11,6 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
@@ -105,7 +104,6 @@ func (g *MirroredGitRepo) Unlock() error {
 
 	err := g.fileLock.Close()
 	if err != nil {
-		status.Warning(g.ctx, "Unlock of %s failed: %v", g.fileLockPath, err)
 		return err
 	}
 	g.fileLock = nil
@@ -196,7 +194,7 @@ func (g *MirroredGitRepo) cleanupMirrorDir() error {
 	return nil
 }
 
-func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error {
+func (g *MirroredGitRepo) update(repoDir string) error {
 	r, err := git.PlainOpen(repoDir)
 	if err != nil {
 		return err
@@ -284,10 +282,10 @@ func (g *MirroredGitRepo) update(s *status.StatusContext, repoDir string) error
 	return nil
 }
 
-func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
+func (g *MirroredGitRepo) cloneOrUpdate() error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	if utils.IsFile(initMarker) {
-		return g.update(s, g.mirrorDir)
+		return g.update(g.mirrorDir)
 	}
 	err := g.cleanupMirrorDir()
 	if err != nil {
@@ -314,7 +312,7 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 		return err
 	}
 
-	err = g.update(s, tmpMirrorDir)
+	err = g.update(tmpMirrorDir)
 	if err != nil {
 		return err
 	}
@@ -337,14 +335,11 @@ func (g *MirroredGitRepo) cloneOrUpdate(s *status.StatusContext) error {
 }
 
 func (g *MirroredGitRepo) Update() error {
-	s := status.Start(g.ctx, "Updating git cache for %s", g.url.String())
-	err := g.cloneOrUpdate(s)
+	err := g.cloneOrUpdate()
 	if err != nil {
-		s.FailedWithMessage(err.Error())
 		return err
 	}
 	g.hasUpdated = true
-	s.Success()
 	return nil
 }
 
@@ -353,8 +348,6 @@ func (g *MirroredGitRepo) CloneProjectByCommit(commit string, targetDir string)
 		panic("tried to clone from a project that is not locked/updated")
 	}
 
-	status.Trace(g.ctx, "Cloning git project: url='%s', commit='%s', target='%s'", g.url.String(), commit, targetDir)
-
 	err := PoorMansClone(g.mirrorDir, targetDir, &git.CheckoutOptions{Hash: plumbing.NewHash(commit)})
 	if err != nil {
 		return fmt.Errorf("failed to clone %s from %s: %w", commit, g.url.String(), err)
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 59e89ef6f..aa0cb0c91 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -118,10 +118,15 @@ func (e *CacheEntry) Update() error {
 		if time.Now().Sub(e.mr.LastUpdateTime()) <= e.rp.updateInterval {
 			e.mr.SetUpdated(true)
 		} else {
+			url := e.mr.Url()
+			s := status.Start(e.rp.ctx, "Updating git cache for %s", url.String())
+			defer s.Failed()
 			err := e.mr.Update()
 			if err != nil {
+				s.FailedWithMessage(err.Error())
 				return err
 			}
+			s.Success()
 		}
 	}
 

From baf324c82cf9a93437c8a2591442fd049a6ea7e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:02:28 +0100
Subject: [PATCH 0603/2268] refactor: Get rid of status handler dependency in
 git package

---
 cmd/kluctl/commands/utils.go          | 11 +++++++-
 pkg/git/auth/auth_provider.go         | 13 ++++++---
 pkg/git/auth/env_auth_provider.go     | 10 ++++---
 pkg/git/auth/git_credentials_file.go  | 15 ++++++-----
 pkg/git/auth/list_auth_provider.go    | 32 +++++++++++-----------
 pkg/git/auth/ssh_auth_provider.go     | 38 +++++++++++++-------------
 pkg/git/auth/ssh_known_hosts.go       | 15 +++++------
 pkg/git/list_refs.go                  |  2 --
 pkg/git/messages/message_callbacks.go | 39 +++++++++++++++++++++++++++
 pkg/git/ssh-pool/ssh_pool.go          |  4 +--
 pkg/vars/vars_loader_test.go          |  2 +-
 11 files changed, 118 insertions(+), 63 deletions(-)
 create mode 100644 pkg/git/messages/message_callbacks.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index eab25b232..0a53757ad 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
@@ -60,7 +61,15 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		repoOverrides = append(repoOverrides, ro)
 	}
 
-	rp := repocache.NewGitRepoCache(ctx, sshPool, auth.NewDefaultAuthProviders(), repoOverrides, projectFlags.GitCacheUpdateInterval)
+	messageCallbacks := &messages.MessageCallbacks{
+		WarningFn:            func(s string) { status.Warning(ctx, s) },
+		TraceFn:              func(s string) { status.Trace(ctx, s) },
+		AskForPasswordFn:     func(s string) (string, error) { return status.AskForPassword(ctx, s) },
+		AskForConfirmationFn: func(s string) bool { return status.AskForConfirmation(ctx, s) },
+	}
+	gitAuth := auth.NewDefaultAuthProviders(messageCallbacks)
+
+	rp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 0eca67a60..0d77d2cf6 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -41,10 +42,14 @@ func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 	return AuthMethodAndCA{}
 }
 
-func NewDefaultAuthProviders() *GitAuthProviders {
+func NewDefaultAuthProviders(messageCallbacks *messages.MessageCallbacks) *GitAuthProviders {
+	if messageCallbacks == nil {
+		messageCallbacks = &messages.MessageCallbacks{}
+	}
+
 	a := &GitAuthProviders{}
-	a.RegisterAuthProvider(&GitEnvAuthProvider{}, true)
-	a.RegisterAuthProvider(&GitCredentialsFileAuthProvider{}, true)
-	a.RegisterAuthProvider(&GitSshAuthProvider{}, true)
+	a.RegisterAuthProvider(&GitEnvAuthProvider{MessageCallbacks: *messageCallbacks}, true)
+	a.RegisterAuthProvider(&GitCredentialsFileAuthProvider{MessageCallbacks: *messageCallbacks}, true)
+	a.RegisterAuthProvider(&GitSshAuthProvider{MessageCallbacks: *messageCallbacks}, true)
 	return a
 }
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 7f692b661..76a4a3c8d 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -2,13 +2,15 @@ package auth
 
 import (
 	"context"
+	"fmt"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 )
 
 type GitEnvAuthProvider struct {
+	MessageCallbacks messages.MessageCallbacks
 }
 
 func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
@@ -27,13 +29,13 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 
 		ssh_key_path, _ := m["SSH_KEY"]
 
-		status.Trace(ctx, "GitEnvAuthProvider: adding entry host=%s, pathPrefix=%s, username=%s, ssh_key=%s", e.Host, e.PathPrefix, e.Username, ssh_key_path)
+		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, pathPrefix=%s, username=%s, ssh_key=%s", e.Host, e.PathPrefix, e.Username, ssh_key_path))
 
 		if ssh_key_path != "" {
 			ssh_key_path = utils.ExpandPath(ssh_key_path)
 			b, err := os.ReadFile(ssh_key_path)
 			if err != nil {
-				status.Trace(ctx, "GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err)
+				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err))
 			} else {
 				e.SshKey = b
 			}
@@ -43,7 +45,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
 			b, err := os.ReadFile(ca_bundle_path)
 			if err != nil {
-				status.Trace(ctx, "GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err)
+				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err))
 			} else {
 				e.CABundle = b
 			}
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 7ee6775c3..5d3ef3cfd 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -5,14 +5,15 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	giturls "github.com/whilp/git-urls"
 	"os"
 	"path/filepath"
 )
 
 type GitCredentialsFileAuthProvider struct {
+	MessageCallbacks messages.MessageCallbacks
 }
 
 func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
@@ -22,21 +23,21 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 
 	home, err := os.UserHomeDir()
 	if err != nil {
-		status.Warning(ctx, "Could not determine home directory: %v", err)
+		a.MessageCallbacks.Warning("Could not determine home directory: %v", err)
 		return AuthMethodAndCA{}
 	}
-	auth := a.tryBuildAuth(ctx, gitUrl, filepath.Join(home, ".git-credentials"))
+	auth := a.tryBuildAuth(gitUrl, filepath.Join(home, ".git-credentials"))
 	if auth != nil {
 		return *auth
 	}
 
 	if xdgHome, ok := os.LookupEnv("XDG_CONFIG_HOME"); ok && xdgHome != "" {
-		auth = a.tryBuildAuth(ctx, gitUrl, filepath.Join(xdgHome, ".git-credentials"))
+		auth = a.tryBuildAuth(gitUrl, filepath.Join(xdgHome, ".git-credentials"))
 		if auth != nil {
 			return *auth
 		}
 	} else {
-		auth = a.tryBuildAuth(ctx, gitUrl, filepath.Join(home, ".config/.git-credentials"))
+		auth = a.tryBuildAuth(gitUrl, filepath.Join(home, ".config/.git-credentials"))
 		if auth != nil {
 			return *auth
 		}
@@ -44,14 +45,14 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 	return AuthMethodAndCA{}
 }
 
-func (a *GitCredentialsFileAuthProvider) tryBuildAuth(ctx context.Context, gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
 	if !utils.IsFile(gitCredentialsPath) {
 		return nil
 	}
 
 	f, err := os.Open(gitCredentialsPath)
 	if err != nil {
-		status.Warning(ctx, "Failed to open %s: %v", gitCredentialsPath, err)
+		a.MessageCallbacks.Warning("Failed to open %s: %v", gitCredentialsPath, err)
 		return nil
 	}
 	defer f.Close()
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 532734c1d..e11cb176c 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"strings"
 )
 
 type ListAuthProvider struct {
+	MessageCallbacks messages.MessageCallbacks
+
 	entries []AuthEntry
 }
 
@@ -30,10 +32,10 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 }
 
 func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
-	status.Trace(ctx, "ListAuthProvider: BuildAuth for %s", gitUrl.String())
-	status.Trace(ctx, "ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
+	a.MessageCallbacks.Trace("ListAuthProvider: BuildAuth for %s", gitUrl.String())
+	a.MessageCallbacks.Trace("ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
 	for _, e := range a.entries {
-		status.Trace(ctx, "ListAuthProvider: try host=%s, pathPrefix=%s, username=%s", e.Host, e.PathPrefix, e.Username)
+		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, pathPrefix=%s, username=%s", e.Host, e.PathPrefix, e.Username)
 
 		if e.Host != "*" && e.Host != gitUrl.Hostname() {
 			continue
@@ -69,29 +71,29 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 
 		if gitUrl.IsSsh() {
 			if e.SshKey == nil {
-				status.Trace(ctx, "ListAuthProvider: empty ssh key is not accepted")
+				a.MessageCallbacks.Trace("ListAuthProvider: empty ssh key is not accepted")
 				continue
 			}
-			status.Trace(ctx, "ListAuthProvider: using username+sshKey")
-			a, err := ssh.NewPublicKeys(username, e.SshKey, "")
+			a.MessageCallbacks.Trace("ListAuthProvider: using username+sshKey")
+			pk, err := ssh.NewPublicKeys(username, e.SshKey, "")
 			if err != nil {
-				status.Trace(ctx, "ListAuthProvider: failed to parse private key: %v", err)
+				a.MessageCallbacks.Trace("ListAuthProvider: failed to parse private key: %v", err)
 			} else {
-				a.HostKeyCallback = buildVerifyHostCallback(ctx, e.KnownHosts)
+				pk.HostKeyCallback = buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts)
 				return AuthMethodAndCA{
-					AuthMethod: a,
+					AuthMethod: pk,
 					Hash: func() ([]byte, error) {
-						return buildHash(a.Signer)
+						return buildHash(pk.Signer)
 					},
-					ClientConfig: a.ClientConfig,
+					ClientConfig: pk.ClientConfig,
 				}
 			}
 		} else {
 			if e.Password == "" {
-				status.Trace(ctx, "ListAuthProvider: empty password is not accepted")
+				a.MessageCallbacks.Trace("ListAuthProvider: empty password is not accepted")
 				continue
 			}
-			status.Trace(ctx, "ListAuthProvider: using username+password")
+			a.MessageCallbacks.Trace("ListAuthProvider: using username+password")
 			return AuthMethodAndCA{
 				AuthMethod: &http.BasicAuth{
 					Username: username,
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index c1be1b032..1098ef791 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"github.com/kevinburke/ssh_config"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
@@ -19,6 +19,8 @@ import (
 )
 
 type GitSshAuthProvider struct {
+	MessageCallbacks messages.MessageCallbacks
+
 	passphrases      map[string][]byte
 	passphrasesMutex sync.Mutex
 }
@@ -44,7 +46,7 @@ func (a *sshDefaultIdentityAndAgent) ClientConfig() (*ssh.ClientConfig, error) {
 		User: a.user,
 		Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Signers)},
 	}
-	cc.HostKeyCallback = buildVerifyHostCallback(a.ctx, nil)
+	cc.HostKeyCallback = buildVerifyHostCallback(a.authProvider.MessageCallbacks, nil)
 	return cc, nil
 }
 
@@ -53,49 +55,49 @@ func (a *sshDefaultIdentityAndAgent) Signers() ([]ssh.Signer, error) {
 }
 
 func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
-	status.Trace(a.ctx, "trying to add default identity")
+	a.authProvider.MessageCallbacks.Trace("trying to add default identity")
 	u, err := user.Current()
 	if err != nil {
-		status.Trace(a.ctx, "No current user: %v", err)
+		a.authProvider.MessageCallbacks.Trace("No current user: %v", err)
 	} else {
 		path := filepath.Join(u.HomeDir, ".ssh", "id_rsa")
 		signer, err := a.authProvider.readKey(a.ctx, path)
 		if err != nil && !os.IsNotExist(err) {
-			status.Warning(a.ctx, "Failed to read default identity file for url %s: %v", gitUrl.String(), err)
+			a.authProvider.MessageCallbacks.Warning("Failed to read default identity file for url %s: %v", gitUrl.String(), err)
 		} else if signer != nil {
-			status.Trace(a.ctx, "...added '%s' as default identity", path)
+			a.authProvider.MessageCallbacks.Trace("...added '%s' as default identity", path)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
-	status.Trace(a.ctx, "trying to add identities from ssh config")
+	a.authProvider.MessageCallbacks.Trace("trying to add identities from ssh config")
 	for _, id := range ssh_config.GetAll(gitUrl.Hostname(), "IdentityFile") {
 		expanded := utils.ExpandPath(id)
-		status.Trace(a.ctx, "...trying '%s' (expanded: '%s')", id, expanded)
+		a.authProvider.MessageCallbacks.Trace("...trying '%s' (expanded: '%s')", id, expanded)
 		signer, err := a.authProvider.readKey(a.ctx, expanded)
 		if err != nil && !os.IsNotExist(err) {
-			status.Warning(a.ctx, "Failed to read key %s for url %s: %v", id, gitUrl.String(), err)
+			a.authProvider.MessageCallbacks.Warning("Failed to read key %s for url %s: %v", id, gitUrl.String(), err)
 		} else if err == nil {
-			status.Trace(a.ctx, "...added '%s' from ssh config", expanded)
+			a.authProvider.MessageCallbacks.Trace("...added '%s' from ssh config", expanded)
 			a.signers = append(a.signers, signer)
 		}
 	}
 }
 
 func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
-	status.Trace(a.ctx, "trying to add agent keys")
+	a.authProvider.MessageCallbacks.Trace("trying to add agent keys")
 	agent, _, err := sshagent.New()
 	if err != nil {
-		status.Warning(a.ctx, "Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
+		a.authProvider.MessageCallbacks.Warning("Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
 	} else {
 		signers, err := agent.Signers()
 		if err != nil {
-			status.Warning(a.ctx, "Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)
+			a.authProvider.MessageCallbacks.Warning("Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)
 			return
 		}
-		status.Trace(a.ctx, "...added %d agent keys", len(signers))
+		a.authProvider.MessageCallbacks.Trace("...added %d agent keys", len(signers))
 		a.signers = append(a.signers, signers...)
 	}
 }
@@ -157,7 +159,7 @@ func (k *deferredPassphraseKey) getPassphrase() ([]byte, error) {
 		return passphrase, nil
 	}
 
-	passphraseStr, err := status.AskForPassword(k.ctx, fmt.Sprintf("Enter passphrase for key '%s'", k.path))
+	passphraseStr, err := k.a.MessageCallbacks.AskForPassword(fmt.Sprintf("Enter passphrase for key '%s'", k.path))
 	if err != nil {
 		k.a.passphrases[k.path] = nil
 		return nil, err
@@ -171,21 +173,21 @@ func (k *deferredPassphraseKey) parse() {
 	passphrase, err := k.getPassphrase()
 	if err != nil {
 		k.err = err
-		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
+		k.a.MessageCallbacks.Warning("Failed to parse key %s: %v", k.path, err)
 		return
 	}
 
 	pemBytes, err := os.ReadFile(k.path)
 	if err != nil {
 		k.err = err
-		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
+		k.a.MessageCallbacks.Warning("Failed to parse key %s: %v", k.path, err)
 		return
 	}
 
 	s, err := ssh.ParsePrivateKeyWithPassphrase(pemBytes, passphrase)
 	if err != nil {
 		k.err = err
-		status.Warning(k.ctx, "Failed to parse key %s: %v", k.path, err)
+		k.a.MessageCallbacks.Warning("Failed to parse key %s: %v", k.path, err)
 		return
 	}
 	k.parsed = s
diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index ec5df2966..0d0e9b713 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -1,10 +1,9 @@
 package auth
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/crypto/ssh"
 	"net"
@@ -16,13 +15,13 @@ import (
 
 var askHostMutex sync.Mutex
 
-func buildVerifyHostCallback(ctx context.Context, knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+func buildVerifyHostCallback(messageCallbacks messages.MessageCallbacks, knownHosts []byte) func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 	return func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-		return verifyHost(ctx, hostname, remote, key, knownHosts)
+		return verifyHost(messageCallbacks, hostname, remote, key, knownHosts)
 	}
 }
 
-func verifyHost(ctx context.Context, host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
+func verifyHost(messageCallbacks messages.MessageCallbacks, host string, remote net.Addr, key ssh.PublicKey, knownHosts []byte) error {
 	// Ensure only one prompt happens at a time
 	askHostMutex.Lock()
 	defer askHostMutex.Unlock()
@@ -87,14 +86,14 @@ func verifyHost(ctx context.Context, host string, remote net.Addr, key ssh.Publi
 		return fmt.Errorf("host not found and SSH_KNOWN_HOSTS has been set")
 	}
 
-	if !askIsHostTrusted(ctx, host, key) {
+	if !askIsHostTrusted(messageCallbacks, host, key) {
 		return fmt.Errorf("aborted")
 	}
 
 	return goph.AddKnownHost(host, remote, key, "")
 }
 
-func askIsHostTrusted(ctx context.Context, host string, key ssh.PublicKey) bool {
+func askIsHostTrusted(messageCallbacks messages.MessageCallbacks, host string, key ssh.PublicKey) bool {
 	prompt := fmt.Sprintf("Unknown Host: %s\nFingerprint: %s\nWould you like to add it? ", host, ssh.FingerprintSHA256(key))
-	return status.AskForConfirmation(ctx, prompt)
+	return messageCallbacks.AskForConfirmation(prompt)
 }
diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
index d529c952c..735234d6b 100644
--- a/pkg/git/list_refs.go
+++ b/pkg/git/list_refs.go
@@ -12,7 +12,6 @@ import (
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"strconv"
 )
 
@@ -100,7 +99,6 @@ func ListRemoteRefs(ctx context.Context, url git_url.GitUrl, sshPool *ssh_pool.S
 		if err == nil {
 			return refs, nil
 		}
-		status.Warning(ctx, "Fast listing of remote refs failed: %s", err.Error())
 	}
 	return ListRemoteRefsSlow(ctx, url, auth)
 }
diff --git a/pkg/git/messages/message_callbacks.go b/pkg/git/messages/message_callbacks.go
new file mode 100644
index 000000000..e9d8715c4
--- /dev/null
+++ b/pkg/git/messages/message_callbacks.go
@@ -0,0 +1,39 @@
+package messages
+
+import "fmt"
+
+type MessageCallbacks struct {
+	WarningFn            func(s string)
+	TraceFn              func(s string)
+	AskForPasswordFn     func(prompt string) (string, error)
+	AskForConfirmationFn func(prompt string) bool
+}
+
+func (l MessageCallbacks) Warning(s string, args ...any) {
+	if l.WarningFn != nil {
+		l.WarningFn(fmt.Sprintf(s, args...))
+	}
+}
+
+func (l MessageCallbacks) Trace(s string, args ...any) {
+	if l.TraceFn != nil {
+		l.TraceFn(fmt.Sprintf(s, args...))
+	}
+}
+
+func (l MessageCallbacks) AskForPassword(prompt string) (string, error) {
+	if l.AskForPasswordFn != nil {
+		return l.AskForPasswordFn(prompt)
+	}
+	err := fmt.Errorf("AskForPasswordFn not provided, skipping prompt: %s", prompt)
+	l.Warning(err.Error())
+	return "", err
+}
+
+func (l MessageCallbacks) AskForConfirmation(prompt string) bool {
+	if l.AskForConfirmationFn != nil {
+		return l.AskForConfirmationFn(prompt)
+	}
+	l.Warning("Not a terminal, suppressed prompt: %s", prompt)
+	return false
+}
diff --git a/pkg/git/ssh-pool/ssh_pool.go b/pkg/git/ssh-pool/ssh_pool.go
index fb60c220c..7b33a4f1c 100644
--- a/pkg/git/ssh-pool/ssh_pool.go
+++ b/pkg/git/ssh-pool/ssh_pool.go
@@ -7,7 +7,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/net/proxy"
 	"sync"
@@ -78,7 +77,6 @@ func (p *SshPool) GetSession(ctx context.Context, host string, port int, auth au
 
 	s, err := pe.pc.client.NewSession()
 	if err != nil {
-		origErr := err
 		_ = pe.pc.client.Close()
 		pe.pc = nil
 		if isNew {
@@ -92,7 +90,7 @@ func (p *SshPool) GetSession(ctx context.Context, host string, port int, auth au
 				p.pool.Delete(h)
 				return nil, err
 			}
-			status.Trace(ctx, "Successfully retries failed ssh connection. Old error: %s", origErr)
+
 			pe.pc = &poolClient{
 				time:   time.Now(),
 				client: client,
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index fc0d510e0..719315987 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -42,7 +42,7 @@ func newTestDir(t *testing.T) string {
 }
 
 func newRP(t *testing.T) *repocache.GitRepoCache {
-	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(), nil, 0)
+	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(nil), nil, 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 68f2c00951300c9c8695358345785d7e24a5c791 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:03:02 +0100
Subject: [PATCH 0604/2268] refactor: Make git env prefix dynamic

---
 cmd/kluctl/commands/utils.go      | 2 +-
 pkg/git/auth/auth_provider.go     | 4 ++--
 pkg/git/auth/env_auth_provider.go | 4 +++-
 pkg/vars/vars_loader_test.go      | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0a53757ad..e3c827be0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -67,7 +67,7 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 		AskForPasswordFn:     func(s string) (string, error) { return status.AskForPassword(ctx, s) },
 		AskForConfirmationFn: func(s string) bool { return status.AskForConfirmation(ctx, s) },
 	}
-	gitAuth := auth.NewDefaultAuthProviders(messageCallbacks)
+	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 
 	rp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 0d77d2cf6..19b2d418e 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -42,13 +42,13 @@ func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 	return AuthMethodAndCA{}
 }
 
-func NewDefaultAuthProviders(messageCallbacks *messages.MessageCallbacks) *GitAuthProviders {
+func NewDefaultAuthProviders(envPrefix string, messageCallbacks *messages.MessageCallbacks) *GitAuthProviders {
 	if messageCallbacks == nil {
 		messageCallbacks = &messages.MessageCallbacks{}
 	}
 
 	a := &GitAuthProviders{}
-	a.RegisterAuthProvider(&GitEnvAuthProvider{MessageCallbacks: *messageCallbacks}, true)
+	a.RegisterAuthProvider(&GitEnvAuthProvider{MessageCallbacks: *messageCallbacks, Prefix: envPrefix}, true)
 	a.RegisterAuthProvider(&GitCredentialsFileAuthProvider{MessageCallbacks: *messageCallbacks}, true)
 	a.RegisterAuthProvider(&GitSshAuthProvider{MessageCallbacks: *messageCallbacks}, true)
 	return a
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 76a4a3c8d..7dfa737fb 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -11,12 +11,14 @@ import (
 
 type GitEnvAuthProvider struct {
 	MessageCallbacks messages.MessageCallbacks
+
+	Prefix string
 }
 
 func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
 	var la ListAuthProvider
 
-	for _, m := range utils.ParseEnvConfigSets("KLUCTL_GIT") {
+	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
 		e := AuthEntry{
 			Host:       m["HOST"],
 			PathPrefix: m["PATH_PREFIX"],
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 719315987..30d6ce755 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -42,7 +42,7 @@ func newTestDir(t *testing.T) string {
 }
 
 func newRP(t *testing.T) *repocache.GitRepoCache {
-	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders(nil), nil, 0)
+	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders("KLUCTL_GIT", nil), nil, 0)
 	t.Cleanup(func() {
 		grc.Clear()
 	})

From 18083d897aeba5ba76c08485f78419a53dea5ee1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:04:21 +0100
Subject: [PATCH 0605/2268] refactor: Get rid of pkg/utils dependency from git
 package

---
 pkg/git/auth/env_auth_provider.go    |  4 +--
 pkg/git/auth/git_credentials_file.go |  4 +--
 pkg/git/auth/ssh_auth_provider.go    |  3 +--
 pkg/git/auth/utils.go                | 13 ++++++++++
 pkg/git/mirrored_repo.go             | 37 ++++++++++++++++++----------
 pkg/git/repocache/cache.go           |  2 +-
 pkg/git/utils.go                     |  5 ++--
 7 files changed, 46 insertions(+), 22 deletions(-)
 create mode 100644 pkg/git/auth/utils.go

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 7dfa737fb..d88c54e89 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -34,7 +34,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, pathPrefix=%s, username=%s, ssh_key=%s", e.Host, e.PathPrefix, e.Username, ssh_key_path))
 
 		if ssh_key_path != "" {
-			ssh_key_path = utils.ExpandPath(ssh_key_path)
+			ssh_key_path = expandHomeDir(ssh_key_path)
 			b, err := os.ReadFile(ssh_key_path)
 			if err != nil {
 				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err))
@@ -44,7 +44,7 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 		}
 		ca_bundle_path := m["CA_BUNDLE"]
 		if ca_bundle_path != "" {
-			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
+			ca_bundle_path = expandHomeDir(ca_bundle_path)
 			b, err := os.ReadFile(ca_bundle_path)
 			if err != nil {
 				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err))
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 5d3ef3cfd..68989ca85 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -5,7 +5,6 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	giturls "github.com/whilp/git-urls"
 	"os"
@@ -46,7 +45,8 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 }
 
 func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
-	if !utils.IsFile(gitCredentialsPath) {
+	st, err := os.Stat(gitCredentialsPath)
+	if err != nil || !st.Mode().IsDir() {
 		return nil
 	}
 
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 1098ef791..2e95cb864 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kevinburke/ssh_config"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"io"
@@ -74,7 +73,7 @@ func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
 func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add identities from ssh config")
 	for _, id := range ssh_config.GetAll(gitUrl.Hostname(), "IdentityFile") {
-		expanded := utils.ExpandPath(id)
+		expanded := expandHomeDir(id)
 		a.authProvider.MessageCallbacks.Trace("...trying '%s' (expanded: '%s')", id, expanded)
 		signer, err := a.authProvider.readKey(a.ctx, expanded)
 		if err != nil && !os.IsNotExist(err) {
diff --git a/pkg/git/auth/utils.go b/pkg/git/auth/utils.go
new file mode 100644
index 000000000..ff0c9e834
--- /dev/null
+++ b/pkg/git/auth/utils.go
@@ -0,0 +1,13 @@
+package auth
+
+import (
+	"k8s.io/client-go/util/homedir"
+	"strings"
+)
+
+func expandHomeDir(p string) string {
+	if strings.HasPrefix(p, "~/") {
+		p = homedir.HomeDir() + p[1:]
+	}
+	return p
+}
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 14262b6fd..10e2e805c 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -2,6 +2,8 @@ package git
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@@ -11,7 +13,6 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
 	"path/filepath"
@@ -20,8 +21,6 @@ import (
 	"time"
 )
 
-var cacheBaseDir = filepath.Join(utils.GetTmpBaseDir(), "git-cache")
-
 var defaultFetch = []config.RefSpec{
 	"+refs/heads/*:refs/heads/*",
 	"+refs/tags/*:refs/tags/*",
@@ -30,6 +29,7 @@ var defaultFetch = []config.RefSpec{
 type MirroredGitRepo struct {
 	ctx context.Context
 
+	baseDir       string
 	sshPool       *ssh_pool.SshPool
 	authProviders *auth2.GitAuthProviders
 
@@ -44,21 +44,25 @@ type MirroredGitRepo struct {
 	mutex sync.Mutex
 }
 
-func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl, sshPool *ssh_pool.SshPool, authProviders *auth2.GitAuthProviders) (*MirroredGitRepo, error) {
+func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl, baseDir string, sshPool *ssh_pool.SshPool, authProviders *auth2.GitAuthProviders) (*MirroredGitRepo, error) {
 	mirrorRepoName := buildMirrorRepoName(u)
 	o := &MirroredGitRepo{
 		ctx:           ctx,
+		baseDir:       baseDir,
 		sshPool:       sshPool,
 		authProviders: authProviders,
 		url:           u,
-		mirrorDir:     filepath.Join(cacheBaseDir, mirrorRepoName),
+		mirrorDir:     filepath.Join(baseDir, mirrorRepoName),
 	}
 
-	if !utils.IsDirectory(o.mirrorDir) {
-		err := os.MkdirAll(o.mirrorDir, 0o700)
+	st, err := os.Stat(o.mirrorDir)
+	if err != nil {
+		err = os.MkdirAll(o.mirrorDir, 0o700)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create mirror repo for %v: %w", u.String(), err)
 		}
+	} else if !st.IsDir() {
+		return nil, fmt.Errorf("%s is not a directory", o.mirrorDir)
 	}
 
 	o.fileLockPath = filepath.Join(o.mirrorDir, ".cache.lock")
@@ -179,7 +183,8 @@ func (g *MirroredGitRepo) buildRepositoryObject() (*git.Repository, error) {
 }
 
 func (g *MirroredGitRepo) cleanupMirrorDir() error {
-	if utils.IsDirectory(g.mirrorDir) {
+	st, err := os.Stat(g.mirrorDir)
+	if err == nil && st.IsDir() {
 		files, err := os.ReadDir(g.mirrorDir)
 		if err != nil {
 			return err
@@ -284,15 +289,16 @@ func (g *MirroredGitRepo) update(repoDir string) error {
 
 func (g *MirroredGitRepo) cloneOrUpdate() error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
-	if utils.IsFile(initMarker) {
+	st, err := os.Stat(initMarker)
+	if err == nil && st.Mode().IsRegular() {
 		return g.update(g.mirrorDir)
 	}
-	err := g.cleanupMirrorDir()
+	err = g.cleanupMirrorDir()
 	if err != nil {
 		return err
 	}
 
-	tmpMirrorDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "mirror-")
+	tmpMirrorDir, err := os.MkdirTemp(g.baseDir, "tmp-mirror-")
 	if err != nil {
 		return err
 	}
@@ -327,10 +333,11 @@ func (g *MirroredGitRepo) cloneOrUpdate() error {
 			return err
 		}
 	}
-	err = utils.Touch(initMarker)
+	f, err := os.Create(initMarker)
 	if err != nil {
 		return err
 	}
+	defer f.Close()
 	return nil
 }
 
@@ -383,12 +390,16 @@ func (g *MirroredGitRepo) GetGitTreeByCommit(commitHash string) (*object.Tree, e
 }
 
 func buildMirrorRepoName(u git_url.GitUrl) string {
+	h := sha256.New()
+	h.Write([]byte(u.String()))
+	h2 := hex.EncodeToString(h.Sum(nil))
+
 	r := filepath.Base(u.Path)
 	r = strings.ReplaceAll(r, "/", "-")
 	r = strings.ReplaceAll(r, "\\", "-")
 	if strings.HasSuffix(r, ".git") {
 		r = r[:len(r)-len(".git")]
 	}
-	r += "-" + utils.Sha256String(u.String())[:6]
+	r += "-" + h2[:6]
 	return r
 }
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index aa0cb0c91..1aecfa179 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -86,7 +86,7 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 
 	e, ok := rp.repos[url.NormalizedRepoKey()]
 	if !ok {
-		mr, err := git.NewMirroredGitRepo(rp.ctx, url, rp.sshPool, rp.authProviders)
+		mr, err := git.NewMirroredGitRepo(rp.ctx, url, filepath.Join(utils.GetTmpBaseDir(), "git-cache"), rp.sshPool, rp.authProviders)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index 0c0bb72d0..f007fa3ee 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -3,7 +3,7 @@ package git
 import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
 	"path/filepath"
 )
 
@@ -32,7 +32,8 @@ func DetectGitRepositoryRoot(path string) (string, error) {
 		return "", err
 	}
 	for true {
-		if utils.Exists(filepath.Join(path, ".git")) {
+		st, err := os.Stat(filepath.Join(path, ".git"))
+		if err == nil && st.IsDir() {
 			break
 		}
 		old := path

From 580352ec507d2972c9b03c84bc7a5761511a4601 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:13:58 +0100
Subject: [PATCH 0606/2268] refactor: Remove custom Copy functions from utils
 and use otiai10/copy instead

---
 e2e/test-utils/helm_repo_utils.go | 20 ++++++--
 e2e/test_resources/resources.go   |  7 ++-
 go.mod                            |  1 +
 go.sum                            |  7 +++
 pkg/git/poor_mans_clone.go        | 14 +++---
 pkg/git/repocache/cache.go        |  3 +-
 pkg/utils/fs.go                   | 79 -------------------------------
 7 files changed, 37 insertions(+), 94 deletions(-)

diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index fc5f422f2..aabe7835b 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -3,9 +3,9 @@ package test_utils
 import (
 	"github.com/google/go-containerregistry/pkg/registry"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	cp "github.com/otiai10/copy"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/cli/values"
@@ -14,6 +14,7 @@ import (
 	registry2 "helm.sh/helm/v3/pkg/registry"
 	"helm.sh/helm/v3/pkg/repo"
 	"helm.sh/helm/v3/pkg/uploader"
+	"io/fs"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -25,7 +26,18 @@ import (
 
 func createHelmPackage(t *testing.T, name string, version string) string {
 	tmpDir := t.TempDir()
-	err := utils.FsCopyDir(test_resources.HelmChartFS, ".", tmpDir)
+
+	err := fs.WalkDir(test_resources.HelmChartFS, ".", func(path string, d fs.DirEntry, err error) error {
+		if d.IsDir() {
+			return os.MkdirAll(filepath.Join(tmpDir, path), 0o700)
+		} else {
+			b, err := test_resources.HelmChartFS.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			return os.WriteFile(filepath.Join(tmpDir, path), b, 0o600)
+		}
+	})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -67,7 +79,7 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password
 
 	for _, c := range charts {
 		tgz := createHelmPackage(t, c.ChartName, c.Version)
-		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
 	}
 
 	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
@@ -147,7 +159,7 @@ func CreateOciRepo(t *testing.T, charts []RepoChart, username string, password s
 
 	for _, chart := range charts {
 		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
-		_ = utils.CopyFile(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
 
 		err := c.UploadTo(tgz, ociUrl)
 		if err != nil {
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index fa1754bff..23dad66c9 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"embed"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -28,7 +27,11 @@ func GetYamlTmpFile(name string) string {
 	}
 	tmpFile.Close()
 
-	err = utils.FsCopyFile(Yamls, name, tmpFile.Name())
+	b, err := Yamls.ReadFile(name)
+	if err != nil {
+		panic(err)
+	}
+	err = os.WriteFile(tmpFile.Name(), b, 0o600)
 	if err != nil {
 		panic(err)
 	}
diff --git a/go.mod b/go.mod
index aa0533f25..ae00085ce 100644
--- a/go.mod
+++ b/go.mod
@@ -61,6 +61,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.3.3
+	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.1
 )
diff --git a/go.sum b/go.sum
index 3acee807f..2a56447bd 100644
--- a/go.sum
+++ b/go.sum
@@ -663,6 +663,13 @@ github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7X
 github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
+github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
+github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
+github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index f5f306924..975112564 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -3,7 +3,7 @@ package git
 import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	cp "github.com/otiai10/copy"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -32,15 +32,13 @@ func PoorMansClone(sourceDir string, targetDir string, coOptions *git.CheckoutOp
 		if de.Name() == "objects" {
 			err = os.Symlink(s, d)
 			if err != nil && runtime.GOOS == "windows" {
-				// windows 10 does not support symlinks as unprivileged users...
-				err = utils.CopyDir(s, d)
+				// Windows 10 does not support symlinks as unprivileged users, so we revert to deep copying
+				err = cp.Copy(s, d, cp.Options{OnSymlink: func(src string) cp.SymlinkAction {
+					return cp.Deep
+				}})
 			}
 		} else {
-			if de.IsDir() {
-				err = utils.CopyDir(s, d)
-			} else {
-				err = utils.CopyFile(s, d)
-			}
+			err = cp.Copy(s, d)
 		}
 		if err != nil {
 			return err
diff --git a/pkg/git/repocache/cache.go b/pkg/git/repocache/cache.go
index 1aecfa179..88d20f53a 100644
--- a/pkg/git/repocache/cache.go
+++ b/pkg/git/repocache/cache.go
@@ -9,6 +9,7 @@ import (
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	cp "github.com/otiai10/copy"
 	"os"
 	"path"
 	"path/filepath"
@@ -235,7 +236,7 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	if foundRo != nil {
 		u := e.mr.Url()
 		status.WarningOnce(e.rp.ctx, fmt.Sprintf("git-override-%s|%s", foundRo.RepoKey, foundRo.Ref), "Overriding git repo %s with local directory %s", u.String(), foundRo.Override)
-		err = utils.CopyDir(foundRo.Override, p)
+		err = cp.Copy(foundRo.Override, p)
 		if err != nil {
 			return "", git.CheckoutInfo{}, err
 		}
diff --git a/pkg/utils/fs.go b/pkg/utils/fs.go
index 0b25e1e4b..1c6909e00 100644
--- a/pkg/utils/fs.go
+++ b/pkg/utils/fs.go
@@ -2,11 +2,8 @@ package utils
 
 import (
 	"fmt"
-	"io"
-	"io/fs"
 	"k8s.io/client-go/util/homedir"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 )
@@ -69,82 +66,6 @@ func Touch(path string) error {
 	return f.Close()
 }
 
-func CopyFile(src string, dst string) error {
-	if !IsFile(src) {
-		return fmt.Errorf("%s is not a regular file", src)
-	}
-	f, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	return CopyFileStream(f, dst)
-}
-
-func FsCopyFile(srcFs fs.FS, src, dst string) error {
-	src = filepath.ToSlash(src)
-	source, err := srcFs.Open(src)
-	if err != nil {
-		return err
-	}
-	defer source.Close()
-
-	sourceFileStat, err := source.Stat()
-	if err != nil {
-		return err
-	}
-
-	if !sourceFileStat.Mode().IsRegular() {
-		return fmt.Errorf("%s is not a regular file", src)
-	}
-
-	return CopyFileStream(source, dst)
-}
-
-func CopyFileStream(src io.Reader, dst string) error {
-	destination, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer destination.Close()
-
-	_, err = io.Copy(destination, src)
-	return err
-}
-
-func FsCopyDir(srcFs fs.FS, src string, dst string) error {
-	var err error
-	var fds []fs.DirEntry
-
-	src = filepath.ToSlash(src)
-
-	if fds, err = fs.ReadDir(srcFs, src); err != nil {
-		return err
-	}
-	if err = os.MkdirAll(dst, 0o700); err != nil {
-		return err
-	}
-	for _, fd := range fds {
-		srcfp := path.Join(src, fd.Name())
-		dstfp := filepath.Join(dst, fd.Name())
-
-		if fd.IsDir() {
-			if err = FsCopyDir(srcFs, srcfp, dstfp); err != nil {
-				return err
-			}
-		} else {
-			if err = FsCopyFile(srcFs, srcfp, dstfp); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func CopyDir(src string, dst string) error {
-	return FsCopyDir(os.DirFS(src), ".", dst)
-}
-
 func ExpandPath(p string) string {
 	if strings.HasPrefix(p, "~/") {
 		p = homedir.HomeDir() + p[1:]

From a152db00b4cd887d624c444c843d4940ebe329cb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:15:56 +0100
Subject: [PATCH 0607/2268] refactor: Move repocache package out of git package

---
 cmd/kluctl/commands/utils.go       | 2 +-
 pkg/deployment/shared_context.go   | 2 +-
 pkg/kluctl_project/project.go      | 2 +-
 pkg/kluctl_project/project_load.go | 2 +-
 pkg/{git => }/repocache/cache.go   | 0
 pkg/vars/vars_loader.go            | 2 +-
 pkg/vars/vars_loader_test.go       | 2 +-
 7 files changed, 6 insertions(+), 6 deletions(-)
 rename pkg/{git => }/repocache/cache.go (100%)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index e3c827be0..221f97ac0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,11 +9,11 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index f5334c195..be1492050 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,8 +2,8 @@ package deployment
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 1701abfc2..0df49e01c 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 )
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index dfe0cbe2d..4c075fd23 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -1,7 +1,7 @@
 package kluctl_project
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/git/repocache/cache.go b/pkg/repocache/cache.go
similarity index 100%
rename from pkg/git/repocache/cache.go
rename to pkg/repocache/cache.go
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 226a5d5e3..6ead52755 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -5,8 +5,8 @@ import (
 	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 30d6ce755..be4b18fa8 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -7,9 +7,9 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/git/repocache"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"

From 1635e682aa09d22019e0bc5e440e9aa95ae62181 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:17:14 +0100
Subject: [PATCH 0608/2268] refactor: Rename GitServer to TestGitServer

---
 e2e/test-utils/project.go                     |  4 +--
 .../{git_server.go => test_git_server.go}     | 30 +++++++++----------
 pkg/vars/vars_loader_test.go                  |  4 +--
 3 files changed, 19 insertions(+), 19 deletions(-)
 rename e2e/test-utils/{git_server.go => test_git_server.go} (80%)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 51183ffef..d9a5a4bd3 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -24,7 +24,7 @@ type TestProject struct {
 
 	mergedKubeconfig string
 
-	gitServer *GitServer
+	gitServer *TestGitServer
 }
 
 func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
@@ -32,7 +32,7 @@ func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
 		t: t,
 	}
 
-	p.gitServer = NewGitServer(t)
+	p.gitServer = NewTestGitServer(t)
 	p.gitServer.GitInit("kluctl-project")
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
diff --git a/e2e/test-utils/git_server.go b/e2e/test-utils/test_git_server.go
similarity index 80%
rename from e2e/test-utils/git_server.go
rename to e2e/test-utils/test_git_server.go
index 6e45a3031..dd163fafb 100644
--- a/e2e/test-utils/git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -17,7 +17,7 @@ import (
 	"testing"
 )
 
-type GitServer struct {
+type TestGitServer struct {
 	t *testing.T
 
 	baseDir string
@@ -27,8 +27,8 @@ type GitServer struct {
 	gitServerPort int
 }
 
-func NewGitServer(t *testing.T) *GitServer {
-	p := &GitServer{
+func NewTestGitServer(t *testing.T) *TestGitServer {
+	p := &TestGitServer{
 		t: t,
 	}
 
@@ -47,7 +47,7 @@ func NewGitServer(t *testing.T) *GitServer {
 	return p
 }
 
-func (p *GitServer) initGitServer() {
+func (p *TestGitServer) initGitServer() {
 	p.gitServer = http_server.New(p.baseDir)
 
 	p.gitHttpServer = &http.Server{
@@ -67,7 +67,7 @@ func (p *GitServer) initGitServer() {
 	}()
 }
 
-func (p *GitServer) Cleanup() {
+func (p *TestGitServer) Cleanup() {
 	if p.gitHttpServer != nil {
 		_ = p.gitHttpServer.Shutdown(context.Background())
 		p.gitHttpServer = nil
@@ -81,7 +81,7 @@ func (p *GitServer) Cleanup() {
 	p.baseDir = ""
 }
 
-func (p *GitServer) GitInit(repo string) {
+func (p *TestGitServer) GitInit(repo string) {
 	dir := p.LocalRepoDir(repo)
 
 	err := os.MkdirAll(dir, 0o700)
@@ -124,7 +124,7 @@ func (p *GitServer) GitInit(repo string) {
 	}
 }
 
-func (p *GitServer) CommitFiles(repo string, add []string, all bool, message string) {
+func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message string) {
 	r, err := git.PlainOpen(p.LocalRepoDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
@@ -147,7 +147,7 @@ func (p *GitServer) CommitFiles(repo string, add []string, all bool, message str
 	}
 }
 
-func (p *GitServer) CommitYaml(repo string, pth string, message string, y *uo.UnstructuredObject) {
+func (p *TestGitServer) CommitYaml(repo string, pth string, message string, y *uo.UnstructuredObject) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
 	dir, _ := filepath.Split(fullPath)
@@ -168,7 +168,7 @@ func (p *GitServer) CommitYaml(repo string, pth string, message string, y *uo.Un
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
-func (p *GitServer) UpdateFile(repo string, pth string, update func(f string) (string, error), message string) {
+func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string) (string, error), message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 	f := ""
 	if utils.Exists(fullPath) {
@@ -194,7 +194,7 @@ func (p *GitServer) UpdateFile(repo string, pth string, update func(f string) (s
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
-func (p *GitServer) UpdateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
+func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
 	o := uo.New()
@@ -215,7 +215,7 @@ func (p *GitServer) UpdateYaml(repo string, pth string, update func(o *uo.Unstru
 	p.CommitYaml(repo, pth, message, o)
 }
 
-func (p *GitServer) convertInterfaceToList(x interface{}) []interface{} {
+func (p *TestGitServer) convertInterfaceToList(x interface{}) []interface{} {
 	var ret []interface{}
 	if l, ok := x.([]interface{}); ok {
 		return l
@@ -235,15 +235,15 @@ func (p *GitServer) convertInterfaceToList(x interface{}) []interface{} {
 	return []interface{}{x}
 }
 
-func (p *GitServer) GitUrl(repo string) string {
+func (p *TestGitServer) GitUrl(repo string) string {
 	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, repo)
 }
 
-func (p *GitServer) LocalRepoDir(repo string) string {
+func (p *TestGitServer) LocalRepoDir(repo string) string {
 	return filepath.Join(p.baseDir, repo)
 }
 
-func (p *GitServer) GetGitRepo(repo string) *git.Repository {
+func (p *TestGitServer) GetGitRepo(repo string) *git.Repository {
 	r, err := git.PlainOpen(p.LocalRepoDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
@@ -251,7 +251,7 @@ func (p *GitServer) GetGitRepo(repo string) *git.Repository {
 	return r
 }
 
-func (p *GitServer) GetWorktree(repo string) *git.Worktree {
+func (p *TestGitServer) GetWorktree(repo string) *git.Worktree {
 	r := p.GetGitRepo(repo)
 	wt, err := r.Worktree()
 	if err != nil {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index be4b18fa8..729970b94 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -155,7 +155,7 @@ func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 }
 
 func TestVarsLoader_Git(t *testing.T) {
-	gs := test_utils.NewGitServer(t)
+	gs := test_utils.NewTestGitServer(t)
 	gs.GitInit("repo")
 	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
@@ -178,7 +178,7 @@ func TestVarsLoader_Git(t *testing.T) {
 }
 
 func TestVarsLoader_GitBranch(t *testing.T) {
-	gs := test_utils.NewGitServer(t)
+	gs := test_utils.NewTestGitServer(t)
 	gs.GitInit("repo")
 
 	wt := gs.GetWorktree("repo")

From 1ed0c22ef21d87491d79d5c2c37e1adcd3463d5d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 13:17:57 +0100
Subject: [PATCH 0609/2268] refactor: Move TestGitServer into git package

---
 e2e/test-utils/project.go                      | 5 +++--
 {e2e/test-utils => pkg/git}/test_git_server.go | 2 +-
 pkg/vars/vars_loader_test.go                   | 6 +++---
 3 files changed, 7 insertions(+), 6 deletions(-)
 rename {e2e/test-utils => pkg/git}/test_git_server.go (99%)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index d9a5a4bd3..b07fb529d 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -5,6 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/imdario/mergo"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
@@ -24,7 +25,7 @@ type TestProject struct {
 
 	mergedKubeconfig string
 
-	gitServer *TestGitServer
+	gitServer *git2.TestGitServer
 }
 
 func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
@@ -32,7 +33,7 @@ func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
 		t: t,
 	}
 
-	p.gitServer = NewTestGitServer(t)
+	p.gitServer = git2.NewTestGitServer(t)
 	p.gitServer.GitInit("kluctl-project")
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
diff --git a/e2e/test-utils/test_git_server.go b/pkg/git/test_git_server.go
similarity index 99%
rename from e2e/test-utils/test_git_server.go
rename to pkg/git/test_git_server.go
index dd163fafb..2e7805c7c 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -1,4 +1,4 @@
-package test_utils
+package git
 
 import (
 	"context"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 729970b94..18e342465 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
@@ -155,7 +155,7 @@ func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 }
 
 func TestVarsLoader_Git(t *testing.T) {
-	gs := test_utils.NewTestGitServer(t)
+	gs := git.NewTestGitServer(t)
 	gs.GitInit("repo")
 	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
@@ -178,7 +178,7 @@ func TestVarsLoader_Git(t *testing.T) {
 }
 
 func TestVarsLoader_GitBranch(t *testing.T) {
-	gs := test_utils.NewTestGitServer(t)
+	gs := git.NewTestGitServer(t)
 	gs.GitInit("repo")
 
 	wt := gs.GetWorktree("repo")

From 4585fe5f9790a4f5dbe0511abf62af158e9bb731 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 15:30:04 +0100
Subject: [PATCH 0610/2268] refactor: Get rid of utils dependency in
 TestGitServer

---
 pkg/git/test_git_server.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 2e7805c7c..5a1cf29b4 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"log"
@@ -110,10 +109,11 @@ func (p *TestGitServer) GitInit(repo string) {
 	if err != nil {
 		p.t.Fatal(err)
 	}
-	err = utils.Touch(filepath.Join(dir, ".dummy"))
+	f, err := os.Create(filepath.Join(dir, ".dummy"))
 	if err != nil {
 		p.t.Fatal(err)
 	}
+	_ = f.Close()
 	_, err = wt.Add(".dummy")
 	if err != nil {
 		p.t.Fatal(err)
@@ -171,7 +171,7 @@ func (p *TestGitServer) CommitYaml(repo string, pth string, message string, y *u
 func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string) (string, error), message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 	f := ""
-	if utils.Exists(fullPath) {
+	if _, err := os.Stat(fullPath); err == nil {
 		b, err := os.ReadFile(fullPath)
 		if err != nil {
 			p.t.Fatal(err)
@@ -198,7 +198,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *uo.Un
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
 	o := uo.New()
-	if utils.Exists(fullPath) {
+	if _, err := os.Stat(fullPath); err == nil {
 		err := yaml.ReadYamlFile(fullPath, o)
 		if err != nil {
 			p.t.Fatal(err)

From 0c450715d1c2c1363408113771862d7824a00808 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 15:27:31 +0100
Subject: [PATCH 0611/2268] refactor: Get rid of uo dependency in TestGitServer

---
 pkg/git/test_git_server.go | 54 ++++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 29 deletions(-)

diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 5a1cf29b4..fcbd28883 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/jinzhu/copier"
 	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"gopkg.in/yaml.v3"
 	"log"
 	"net"
 	"net/http"
@@ -147,7 +147,7 @@ func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message
 	}
 }
 
-func (p *TestGitServer) CommitYaml(repo string, pth string, message string, y *uo.UnstructuredObject) {
+func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o map[string]any) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
 	dir, _ := filepath.Split(fullPath)
@@ -158,7 +158,11 @@ func (p *TestGitServer) CommitYaml(repo string, pth string, message string, y *u
 		}
 	}
 
-	err := yaml.WriteYamlFile(fullPath, y)
+	b, err := yaml.Marshal(o)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	err = os.WriteFile(fullPath, b, 0o600)
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -194,18 +198,30 @@ func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
-func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *uo.UnstructuredObject) error, message string) {
+func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *map[string]any) error, message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
-	o := uo.New()
+	var o map[string]any
 	if _, err := os.Stat(fullPath); err == nil {
-		err := yaml.ReadYamlFile(fullPath, o)
+		b, err := os.ReadFile(fullPath)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+		err = yaml.Unmarshal(b, &o)
 		if err != nil {
 			p.t.Fatal(err)
 		}
+	} else {
+		o = map[string]any{}
 	}
-	orig := o.Clone()
-	err := update(o)
+
+	var orig map[string]any
+	err := copier.CopyWithOption(&orig, &o, copier.Option{DeepCopy: true})
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
+	err = update(&o)
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -215,26 +231,6 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *uo.Un
 	p.CommitYaml(repo, pth, message, o)
 }
 
-func (p *TestGitServer) convertInterfaceToList(x interface{}) []interface{} {
-	var ret []interface{}
-	if l, ok := x.([]interface{}); ok {
-		return l
-	}
-	if l, ok := x.([]*uo.UnstructuredObject); ok {
-		for _, y := range l {
-			ret = append(ret, y)
-		}
-		return ret
-	}
-	if l, ok := x.([]map[string]interface{}); ok {
-		for _, y := range l {
-			ret = append(ret, y)
-		}
-		return ret
-	}
-	return []interface{}{x}
-}
-
 func (p *TestGitServer) GitUrl(repo string) string {
 	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, repo)
 }

From 667937f7995f666fd360ef612067608cf01e1e55 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 22:04:29 +0100
Subject: [PATCH 0612/2268] refactor: Remove dependency to UnstructuredObject
 in git package

---
 e2e/test-utils/project.go    | 11 +++++++++--
 pkg/git/test_git_server.go   |  4 ++--
 pkg/vars/vars_loader_test.go | 12 ++++++++----
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index b07fb529d..f52e77e80 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -5,6 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/imdario/mergo"
+	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -111,8 +112,14 @@ func (p *TestProject) UpdateDeploymentYaml(dir string, update func(o *uo.Unstruc
 }
 
 func (p *TestProject) UpdateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
-	p.gitServer.UpdateYaml("kluctl-project", path, func(o *uo.UnstructuredObject) error {
-		return update(o)
+	p.gitServer.UpdateYaml("kluctl-project", path, func(o map[string]any) error {
+		u := uo.FromMap(o)
+		err := update(u)
+		if err != nil {
+			return err
+		}
+		_ = copier.CopyWithOption(&o, &u.Object, copier.Option{DeepCopy: true})
+		return nil
 	}, message)
 }
 
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index fcbd28883..e7661ab9e 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -198,7 +198,7 @@ func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
-func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *map[string]any) error, message string) {
+func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[string]any) error, message string) {
 	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
 
 	var o map[string]any
@@ -221,7 +221,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o *map[s
 		p.t.Fatal(err)
 	}
 
-	err = update(&o)
+	err = update(o)
 	if err != nil {
 		p.t.Fatal(err)
 	}
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 18e342465..ecf2e006e 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -157,8 +157,10 @@ func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 func TestVarsLoader_Git(t *testing.T) {
 	gs := git.NewTestGitServer(t)
 	gs.GitInit("repo")
-	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
-		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
+	gs.UpdateYaml("repo", "test.yaml", func(o map[string]any) error {
+		o["test1"] = map[string]any{
+			"test2": 42,
+		}
 		return nil
 	}, "")
 
@@ -188,8 +190,10 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 	})
 	assert.NoError(t, err)
 
-	gs.UpdateYaml("repo", "test.yaml", func(o *uo.UnstructuredObject) error {
-		*o = *uo.FromStringMust(`{"test1": {"test2": 42}}`)
+	gs.UpdateYaml("repo", "test.yaml", func(o map[string]any) error {
+		o["test1"] = map[string]any{
+			"test2": 42,
+		}
 		return nil
 	}, "")
 

From 2853468ed9c5a93e1e3ac23f602f2ad40b30f21e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 30 Nov 2022 22:09:52 +0100
Subject: [PATCH 0613/2268] refactor: Remove dependency to utils in git package

---
 pkg/git/auth/ssh_known_hosts.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 0d0e9b713..9e8017040 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/crypto/ssh"
 	"net"
 	"os"
@@ -47,7 +46,7 @@ func verifyHost(messageCallbacks messages.MessageCallbacks, host string, remote
 			}
 
 			f := filepath.Join(home, ".ssh", "known_hosts")
-			if !utils.Exists(filepath.Dir(f)) {
+			if _, err := os.Stat(filepath.Dir(f)); err != nil {
 				err = os.MkdirAll(filepath.Dir(f), 0o700)
 				if err != nil {
 					return err
@@ -58,7 +57,7 @@ func verifyHost(messageCallbacks messages.MessageCallbacks, host string, remote
 			allowAdd = true
 		}
 	} else {
-		tmpFile, err := os.CreateTemp(utils.GetTmpBaseDir(), "known_hosts-")
+		tmpFile, err := os.CreateTemp("", "known_hosts-")
 		if err != nil {
 			return err
 		}

From 2ceb76ee809ebffc4b24f713d6db95095aafb994 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Dec 2022 22:09:20 +0000
Subject: [PATCH 0614/2268] chore(deps): Bump github.com/huandu/xstrings from
 1.3.3 to 1.4.0

Bumps [github.com/huandu/xstrings](https://github.com/huandu/xstrings) from 1.3.3 to 1.4.0.
- [Release notes](https://github.com/huandu/xstrings/releases)
- [Commits](https://github.com/huandu/xstrings/compare/v1.3.3...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/huandu/xstrings
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ae00085ce..5e425d6db 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/huandu/xstrings v1.3.3
+	github.com/huandu/xstrings v1.4.0
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.13.1
diff --git a/go.sum b/go.sum
index 2a56447bd..6216b20a0 100644
--- a/go.sum
+++ b/go.sum
@@ -486,8 +486,8 @@ github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
-github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
+github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=

From d72f1746c7d0082a26668a8fdfaf37d854bb9095 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Dec 2022 22:08:44 +0000
Subject: [PATCH 0615/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.146 to 1.44.154

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.146 to 1.44.154.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.146...v1.44.154)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ae00085ce..981c37ff5 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.146
+	github.com/aws/aws-sdk-go v1.44.154
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 2a56447bd..561253b46 100644
--- a/go.sum
+++ b/go.sum
@@ -131,8 +131,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.146 h1:7YdGgPxDPRJu/yYffzZp/H7yHzQ6AqmuNFZPYraaN8I=
-github.com/aws/aws-sdk-go v1.44.146/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.154 h1:2TaEC8JIM/t7Fu+FBmdOBK5jFUAVL07tbpfJsLuVo3Q=
+github.com/aws/aws-sdk-go v1.44.154/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 58ca81510ee22a60f152fae2fd3c722e362ecca6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 11:16:47 +0100
Subject: [PATCH 0616/2268] refactor: Use to github.com/fluxcd/pkg/kustomize

This removes the need to use a copy of SecureBuildKustomization inside
Kluctl.
---
 go.mod                            | 24 ++++++------
 go.sum                            | 44 ++++++++++++----------
 pkg/deployment/deployment_item.go |  3 +-
 pkg/utils/kustomize.go            | 62 -------------------------------
 4 files changed, 39 insertions(+), 94 deletions(-)
 delete mode 100644 pkg/utils/kustomize.go

diff --git a/go.mod b/go.mod
index 3cef08b7c..8870ed9e9 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/fluxcd/pkg/kustomize v0.8.0
+	github.com/fluxcd/pkg/kustomize v0.11.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
@@ -48,11 +48,11 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.2
 	k8s.io/api v0.25.4
-	k8s.io/apiextensions-apiserver v0.25.3
+	k8s.io/apiextensions-apiserver v0.25.4
 	k8s.io/apimachinery v0.25.4
 	k8s.io/client-go v0.25.4
 	k8s.io/klog/v2 v2.80.1
-	sigs.k8s.io/kustomize/api v0.12.1
+	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
@@ -108,12 +108,14 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/drone/envsubst v1.0.3 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
+	github.com/fluxcd/pkg/apis/kustomize v0.7.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
@@ -216,11 +218,11 @@ require (
 	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.23.0 // indirect
-	go.starlark.net v0.0.0-20221020143700-22309ac47eac // indirect
+	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.6.0 // indirect
-	golang.org/x/oauth2 v0.1.0 // indirect
-	golang.org/x/time v0.1.0 // indirect
+	golang.org/x/oauth2 v0.2.0 // indirect
+	golang.org/x/time v0.2.0 // indirect
 	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.102.0 // indirect
@@ -233,12 +235,12 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.25.3 // indirect
+	k8s.io/apiserver v0.25.4 // indirect
 	k8s.io/cli-runtime v0.25.3 // indirect
-	k8s.io/component-base v0.25.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/component-base v0.25.4 // indirect
+	k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 // indirect
 	k8s.io/kubectl v0.25.3 // indirect
-	k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 // indirect
+	k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect
 	oras.land/oras-go v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index f91f3c8d1..cbe4b45be 100644
--- a/go.sum
+++ b/go.sum
@@ -212,9 +212,11 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
+github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
-github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
-github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.10.0 h1:X4gma4HM7hFm6WMeAsTfqA0GOfdNoCzBIkHGoRLGXuM=
+github.com/emicklei/go-restful/v3 v3.10.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -240,8 +242,10 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/pkg/kustomize v0.8.0 h1:8AdEvp6y38ISZzoi0H82Si5zkmLXClbeX10W7HevB00=
-github.com/fluxcd/pkg/kustomize v0.8.0/go.mod h1:zGtCZF6V3hMWcf46SqrQc10fS9yUlKzi2UcFUeabDAE=
+github.com/fluxcd/pkg/apis/kustomize v0.7.0 h1:X2htBmJ91nGYv4d93gin665MFWKNGiNwUiZ08/Zz0hY=
+github.com/fluxcd/pkg/apis/kustomize v0.7.0/go.mod h1:Mu+KdktsEKWA4l/33CZdY5lB4hz51mqfcLzBZSwAqVg=
+github.com/fluxcd/pkg/kustomize v0.11.0 h1:zseS9LRUuzhP/7KamccmsOgYpJAdhqtsf+2wN/CHF3I=
+github.com/fluxcd/pkg/kustomize v0.11.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -851,8 +855,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20221020143700-22309ac47eac h1:gBO5Qfcw5V9404yzsu2FEIsxK/u2mBNTNogK0uIoVhk=
-go.starlark.net v0.0.0-20221020143700-22309ac47eac/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
+go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
+go.starlark.net v0.0.0-20221028183056-acb66ad56dd2/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
@@ -983,8 +987,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
-golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
+golang.org/x/oauth2 v0.2.0 h1:GtQkldQ9m7yvzCL1V+LrYow3Khe0eJH0w7RbX/VbaIU=
+golang.org/x/oauth2 v0.2.0/go.mod h1:Cwn6afJ8jrQwYMxQDTpISoXmXW9I6qF6vDeuuoX3Ibs=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1096,8 +1100,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
-golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE=
+golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1328,26 +1332,26 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs=
 k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ=
-k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
-k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
+k8s.io/apiextensions-apiserver v0.25.4 h1:7hu9pF+xikxQuQZ7/30z/qxIPZc2J1lFElPtr7f+B6U=
+k8s.io/apiextensions-apiserver v0.25.4/go.mod h1:bkSGki5YBoZWdn5pWtNIdGvDrrsRWlmnvl9a+tAw5vQ=
 k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc=
 k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
-k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
-k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
+k8s.io/apiserver v0.25.4 h1:/3TwZcgLqX7wUxq7TtXOUqXeBTwXIblVMQdhR5XZ7yo=
+k8s.io/apiserver v0.25.4/go.mod h1:rPcm567XxjOnnd7jedDUnGJGmDGAo+cT6H7QHAN+xV0=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
 k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
 k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8=
 k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw=
-k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
-k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
+k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ=
+k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
-k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 h1:zfqQc1V6/ZgGpvrOVvr62OjiqQX4lZjfznK34NQwkqw=
+k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
 k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
-k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 h1:cTdVh7LYu82xeClmfzGtgyspNh6UxpwLWGi8R4sspNo=
-k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
+k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
 oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index d6d1ad573..94d23ddd9 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"fmt"
+	"github.com/fluxcd/pkg/kustomize"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -515,7 +516,7 @@ func (di *DeploymentItem) buildKustomize() error {
 		}
 	}
 
-	rm, err := utils.SecureBuildKustomization(di.RenderedSourceRootDir, di.RenderedDir, true)
+	rm, err := kustomize.SecureBuild(di.RenderedSourceRootDir, di.RenderedDir, true)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/utils/kustomize.go b/pkg/utils/kustomize.go
deleted file mode 100644
index 44a92258a..000000000
--- a/pkg/utils/kustomize.go
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-Code in this file is copied from https://github.com/fluxcd/kustomize-controller/blob/main/controllers/kustomization_generator.go
-*/
-
-package utils
-
-import (
-	"fmt"
-	securefs "github.com/fluxcd/pkg/kustomize/filesys"
-	"sigs.k8s.io/kustomize/api/filesys"
-	"sigs.k8s.io/kustomize/api/krusty"
-	"sigs.k8s.io/kustomize/api/resmap"
-	kustypes "sigs.k8s.io/kustomize/api/types"
-	"sync"
-)
-
-// TODO: remove mutex when kustomize fixes the concurrent map read/write panic
-var kustomizeBuildMutex sync.Mutex
-
-// SecureBuildKustomization wraps krusty.MakeKustomizer with the following settings:
-//   - secure on-disk FS denying operations outside root
-//   - load files from outside the kustomization dir path
-//     (but not outside root)
-//   - disable plugins except for the builtin ones
-func SecureBuildKustomization(root, dirPath string, allowRemoteBases bool) (_ resmap.ResMap, err error) {
-	var fs filesys.FileSystem
-
-	// Create secure FS for root with or without remote base support
-	if allowRemoteBases {
-		fs, err = securefs.MakeFsOnDiskSecureBuild(root)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		fs, err = securefs.MakeFsOnDiskSecure(root)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	// Temporary workaround for concurrent map read and map write bug
-	// https://github.com/kubernetes-sigs/kustomize/issues/3659
-	kustomizeBuildMutex.Lock()
-	defer kustomizeBuildMutex.Unlock()
-
-	// Kustomize tends to panic in unpredicted ways due to (accidental)
-	// invalid object data; recover when this happens to ensure continuity of
-	// operations
-	defer func() {
-		if r := recover(); r != nil {
-			err = fmt.Errorf("recovered from kustomize build panic: %v", r)
-		}
-	}()
-
-	buildOptions := &krusty.Options{
-		LoadRestrictions: kustypes.LoadRestrictionsNone,
-		PluginConfig:     kustypes.DisabledPluginConfig(),
-	}
-
-	k := krusty.MakeKustomizer(buildOptions)
-	return k.Run(fs, dirPath)
-}

From c9972318ac1a66b7e7430140f7554fb22abf6716 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 11:42:25 +0100
Subject: [PATCH 0617/2268] fix: Use locked files to write/read registry cache
 files

---
 pkg/registries/registries.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 48556c1e8..81b1156e8 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -15,6 +15,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/rogpeppe/go-internal/lockedfile"
 	"io"
 	"net/http"
 	"net/http/httputil"
@@ -324,7 +325,13 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 		return nil
 	}
 
-	b, err := os.ReadFile(cachePath)
+	f, err := lockedfile.OpenFile(cachePath, os.O_RDONLY, 0)
+	if err != nil {
+		status.Warning(rh.ctx, "readCachedResponse failed: %v", err)
+		return nil
+	}
+	b, err := io.ReadAll(f)
+	_ = f.Close()
 	if err != nil {
 		return nil
 	}
@@ -346,20 +353,23 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 
 func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
 	cachePath := rh.getCachePath(key)
-	if !utils.Exists(filepath.Dir(cachePath)) {
-		err := os.MkdirAll(filepath.Dir(cachePath), 0o700)
+	cacheDir := filepath.Dir(cachePath)
+	if !utils.Exists(cacheDir) {
+		err := os.MkdirAll(cacheDir, 0o700)
 		if err != nil {
 			status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 			return
 		}
 	}
 
-	err := os.WriteFile(cachePath+".tmp", data, 0o600)
+	f, err := lockedfile.OpenFile(cachePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
 		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
 	}
-	err = os.Rename(cachePath+".tmp", cachePath)
+	defer f.Close()
+
+	_, err = f.Write(data)
 	if err != nil {
 		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
 		return

From 215ab6df1ace4bad8c4241773ac84c0717e86a98 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 14:04:12 +0100
Subject: [PATCH 0618/2268] feat: Support SOPS in helm-files.yaml

---
 e2e/sops_test.go                              | 34 +++++++++++++++++++
 pkg/deployment/deployment_item.go             |  2 +-
 pkg/deployment/helm_chart.go                  | 14 +++++---
 pkg/sops/utils.go                             | 18 ++++++++--
 pkg/vars/sops_test_resources/README.md        |  1 +
 pkg/vars/sops_test_resources/helm-values.yaml | 23 +++++++++++++
 6 files changed, 85 insertions(+), 7 deletions(-)
 create mode 100644 pkg/vars/sops_test_resources/helm-values.yaml

diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 22014d9a0..6b4a1a1a2 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -4,6 +4,7 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
+	"github.com/stretchr/testify/assert"
 	"go.mozilla.org/sops/v3/age"
 	"testing"
 )
@@ -80,3 +81,36 @@ func TestSopsResources(t *testing.T) {
 		"a": "b",
 	}, "data")
 }
+
+func TestSopsHelmValues(t *testing.T) {
+	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	t.Setenv(age.SopsAgeKeyEnv, string(key))
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t, k)
+
+	createNamespace(t, k, p.TestSlug())
+
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+	}, "", "")
+
+	valuesBytes, err := sops_test_resources.TestResources.ReadFile("helm-values.yaml")
+	assert.NoError(t, err)
+	values1, err := uo.FromString(string(valuesBytes))
+	assert.NoError(t, err)
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
+
+	assert.Equal(t, map[string]any{
+		"a":       "secret1",
+		"b":       "secret2",
+		"version": "0.1.0",
+	}, cm1.Object["data"])
+}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 94d23ddd9..f6caec641 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -214,7 +214,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			}
 		}
 
-		return chart.Render(di.ctx.Ctx, di.ctx.K)
+		return chart.Render(di.ctx.Ctx, di.ctx.K, di.ctx.SopsDecrypter)
 	})
 	if err != nil {
 		return err
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index dda52347a..584fe3a72 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -8,6 +8,7 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -341,15 +342,15 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 	return latestVersion, updated, nil
 }
 
-func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster) error {
-	err := c.doRender(ctx, k)
+func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, sopsDecrypter sops.SopsDecrypter) error {
+	err := c.doRender(ctx, k, sopsDecrypter)
 	if err != nil {
 		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", c.chartName, c.Config.ReleaseName, err)
 	}
 	return nil
 }
 
-func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
+func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, sopsDecrypter sops.SopsDecrypter) error {
 	chartDir := c.chartDir
 
 	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
@@ -397,7 +398,12 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster) error {
 	valueOpts := values.Options{}
 
 	if utils.Exists(valuesPath) {
-		valueOpts.ValueFiles = append(valueOpts.ValueFiles, valuesPath)
+		tmpValues, err := sops.MaybeDecryptFileToTmp(sopsDecrypter, valuesPath)
+		if err != nil {
+			return err
+		}
+		defer os.Remove(tmpValues)
+		valueOpts.ValueFiles = append(valueOpts.ValueFiles, tmpValues)
 	}
 
 	var kubeVersion *chartutil.KubeVersion
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
index 39a1d85b2..7a1250d5e 100644
--- a/pkg/sops/utils.go
+++ b/pkg/sops/utils.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"go.mozilla.org/sops/v3"
 	"go.mozilla.org/sops/v3/cmd/sops/formats"
 	"os"
@@ -33,6 +34,10 @@ func MaybeDecrypt(decrypter SopsDecrypter, encrypted []byte, inputFormat, output
 }
 
 func MaybeDecryptFile(decrypter SopsDecrypter, path string) error {
+	return MaybeDecryptFileTo(decrypter, path, path)
+}
+
+func MaybeDecryptFileTo(decrypter SopsDecrypter, path string, to string) error {
 	format := formats.FormatForPath(path)
 
 	file, err := os.ReadFile(path)
@@ -44,13 +49,22 @@ func MaybeDecryptFile(decrypter SopsDecrypter, path string) error {
 	if err != nil {
 		return fmt.Errorf("failed to decrypt file %s: %w", path, err)
 	}
-	if !encrypted {
+	if !encrypted && path == to {
 		return nil
 	}
 
-	err = os.WriteFile(path, decrypted, 0o600)
+	err = os.WriteFile(to, decrypted, 0o600)
 	if err != nil {
 		return fmt.Errorf("failed to save decrypted file %s: %w", path, err)
 	}
 	return nil
 }
+
+func MaybeDecryptFileToTmp(decrypter SopsDecrypter, path string) (string, error) {
+	tmp, err := os.CreateTemp(utils.GetTmpBaseDir(), "sops-decrypt-")
+	if err != nil {
+		return "", err
+	}
+	_ = tmp.Close()
+	return tmp.Name(), MaybeDecryptFileTo(decrypter, path, tmp.Name())
+}
diff --git a/pkg/vars/sops_test_resources/README.md b/pkg/vars/sops_test_resources/README.md
index f25a10769..6a5cfbd52 100644
--- a/pkg/vars/sops_test_resources/README.md
+++ b/pkg/vars/sops_test_resources/README.md
@@ -2,4 +2,5 @@ To edit the test.yaml file, run:
 ```sh
 SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test.yaml
 SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test-configmap.yaml
+SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops helm-values.yaml
 ```
diff --git a/pkg/vars/sops_test_resources/helm-values.yaml b/pkg/vars/sops_test_resources/helm-values.yaml
new file mode 100644
index 000000000..06aca28b4
--- /dev/null
+++ b/pkg/vars/sops_test_resources/helm-values.yaml
@@ -0,0 +1,23 @@
+data:
+    a: ENC[AES256_GCM,data:72uviUAptw==,iv:jRc24qIQwkbhGAp2zj6qiaoiunMFYiQdJEW8tC6nCOw=,tag:LA4hUT++fqgT5ZgKTM6LFA==,type:str]
+    b: ENC[AES256_GCM,data:M7AlzSVTxg==,iv:j2yFEUIc5OwWmhVFzljZDmPEII/0jzr42nBiplXZG1Y=,tag:1w91ofjr1nOF8rU7gH8ZGQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRzZhejBCdmdYdHc5dEYw
+            UGduYk1neGlYeXNQenRSYmQrV0FpTkcwRTNFCk1panJJTmsyejdzNGtkTFJhWVVn
+            bXhkaU0xZlAwbFo2UG5QdkpnajlZZzQKLS0tIHRzRkRtWEhzL1R1R2VoM0NFMk5s
+            NzlGRU0zK29IV3FuSWxIS2ZXb1FFMEEKQKXp5xfIRQ94uQ0Z6QkNYrnqF6LjW/XT
+            HihRLtBxL4Yuj/3bhImk+3PqCh8fdCjPmN13NURUxeW9q6fWwZWekA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-12-07T12:53:07Z"
+    mac: ENC[AES256_GCM,data:tQFvNENKLBCmIO5De4QVj3GDpXq2haYpK7dlrvcYZ9S0Aw5l92HB3MHi3RYtxDH6ZqC1HbwKGEcFmINRUAA98+g6htJ3XV+yfjuL09v0W3Kosf6FbkEpKvfrbD+Z2nGrQ6+IdGAH/TPICK1D2MtJ7Q9DHd+98STxmcZ4npyiu8g=,iv:bteoE24FA+h+BnbRKoH9FbAT3qk3p8Mh6oqUBGg7NRU=,tag:Al6hWq7fuI8eXOddoCwdNg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

From 97e622973dbc12759ec60d36bf96296054d5b543 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 14:33:11 +0100
Subject: [PATCH 0619/2268] feat: Implement annotations to mark objects/fields
 to be ignored on conflict

---
 .../deployments/annotations/all-resources.md  | 10 ++++
 pkg/diff/managed_fields.go                    | 52 +++++++++++++------
 2 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
index aa517a46c..9340ebdbf 100644
--- a/docs/reference/deployments/annotations/all-resources.md
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -32,6 +32,16 @@ fields will be overwritten in case of field manager conflicts.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
+### kluctl.io/ignore-conflicts
+If set to "true", the whole all fields of the object are going to be ignored when conflicts arise.
+This effectively disables the warnings that are shown when field ownership is lost.
+
+### kluctl.io/ignore-conflicts-field
+Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be ignored when conflicts arise.
+This effectively disables the warnings that are shown when field ownership is lost.
+
+If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
+
 ## Control deletion/pruning
 
 The following annotations control how delete/prune is behaving.
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 9fa5d1d69..e2b4e6797 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -2,6 +2,7 @@ package diff
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
@@ -17,6 +18,7 @@ type LostOwnership struct {
 }
 
 var forceApplyFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/force-apply-field(-\d*)?$`)
+var ignoreConflictsFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-conflicts-field(-\d*)?$`)
 var overwriteAllowedManagers = []*regexp.Regexp{
 	regexp.MustCompile("^kluctl$"),
 	regexp.MustCompile("^kubectl$"),
@@ -98,6 +100,24 @@ func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) (uo.Ke
 	return ret, true, nil
 }
 
+func collectFields(o *uo.UnstructuredObject, regex *regexp.Regexp) (map[string]bool, error) {
+	result := map[string]bool{}
+	for _, v := range o.GetK8sAnnotationsWithRegex(regex) {
+		j, err := uo.NewMyJsonPath(v)
+		if err != nil {
+			return nil, err
+		}
+		fields, err := j.ListMatchingFields(o)
+		if err != nil {
+			return nil, err
+		}
+		for _, f := range fields {
+			result[f.ToJsonPath()] = true
+		}
+	}
+	return result, nil
+}
+
 func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, conflictStatus metav1.Status) (*uo.UnstructuredObject, []LostOwnership, error) {
 	managedFields := remote.GetK8sManagedFields()
 
@@ -154,24 +174,19 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 
 	ret := local.Clone()
 
-	forceApplyAll := false
+	forceApplyAll := utils.ParseBoolOrFalse(local.GetK8sAnnotation("kluctl.io/force-apply"))
+	ignoreConflictsAll := utils.ParseBoolOrFalse(local.GetK8sAnnotation("kluctl.io/ignore-conflicts"))
 	if x := local.GetK8sAnnotation("kluctl.io/force-apply"); x != nil {
 		forceApplyAll, _ = strconv.ParseBool(*x)
 	}
 
-	forceApplyFields := make(map[string]bool)
-	for _, v := range local.GetK8sAnnotationsWithRegex(forceApplyFieldAnnotationRegex) {
-		j, err := uo.NewMyJsonPath(v)
-		if err != nil {
-			return nil, nil, err
-		}
-		fields, err := j.ListMatchingFields(ret)
-		if err != nil {
-			return nil, nil, err
-		}
-		for _, f := range fields {
-			forceApplyFields[f.ToJsonPath()] = true
-		}
+	forceApplyFields, err := collectFields(ret, forceApplyFieldAnnotationRegex)
+	if err != nil {
+		return nil, nil, err
+	}
+	ignoreConflictFields, err := collectFields(ret, ignoreConflictsFieldAnnotationRegex)
+	if err != nil {
+		return nil, nil, err
 	}
 
 	var lostOwnership []LostOwnership
@@ -215,6 +230,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 		}
 
 		overwrite := true
+		ignoreConflict := ignoreConflictsAll
 		if !forceApplyAll {
 			for _, mfn := range mf.managers {
 				found := false
@@ -236,6 +252,12 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 				overwrite = true
 			}
 		}
+		if _, ok := ignoreConflictFields[localKeyPath.ToJsonPath()]; ok {
+			ignoreConflict = true
+		}
+		if _, ok := ignoreConflictFields[remoteKeyPath.ToJsonPath()]; ok {
+			ignoreConflict = true
+		}
 
 		if !overwrite {
 			j, err := uo.NewMyJsonPath(localKeyPath.ToJsonPath())
@@ -247,7 +269,7 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 				return nil, nil, err
 			}
 
-			if !reflect.DeepEqual(localValue, remoteValue) {
+			if !reflect.DeepEqual(localValue, remoteValue) && !ignoreConflict {
 				lostOwnership = append(lostOwnership, LostOwnership{
 					Field:   cause.Field,
 					Message: cause.Message,

From 794c94fc3eff185efcd4957c76a9e6172c64eb2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 15:50:14 +0100
Subject: [PATCH 0620/2268] tests: Implement tests for conflict resolution

---
 pkg/diff/managed_fields_test.go | 192 ++++++++++++++++++++++++++++++++
 1 file changed, 192 insertions(+)
 create mode 100644 pkg/diff/managed_fields_test.go

diff --git a/pkg/diff/managed_fields_test.go b/pkg/diff/managed_fields_test.go
new file mode 100644
index 000000000..3c6fcd96e
--- /dev/null
+++ b/pkg/diff/managed_fields_test.go
@@ -0,0 +1,192 @@
+package diff
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
+	"testing"
+)
+
+func TestResolveFieldManagerConflicts(t *testing.T) {
+	type testCase struct {
+		name   string
+		remote *uo.UnstructuredObject
+		local  *uo.UnstructuredObject
+		status metav1.Status
+		result *uo.UnstructuredObject
+		lost   []LostOwnership
+		anns   map[string]string
+	}
+
+	type fieldInfo struct {
+		name    string
+		value   string
+		manager string
+	}
+
+	buildConfigMap := func(fields ...fieldInfo) *uo.UnstructuredObject {
+		o := uo.FromMap(map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "ConfigMap",
+			"metadata": map[string]any{
+				"name":      "name",
+				"namespace": "namespace",
+			},
+			"data": map[string]any{},
+		})
+		pathesByManagers := map[string][]fieldpath.Path{}
+		for _, fi := range fields {
+			_ = o.SetNestedField(fi.value, "data", fi.name)
+			if fi.manager != "" {
+				pathesByManagers[fi.manager] = append(pathesByManagers[fi.manager], fieldpath.MakePathOrDie("data", fi.name))
+			}
+		}
+		var managedFields []any
+		for manager, pbm := range pathesByManagers {
+			fs := fieldpath.NewSet(pbm...)
+			json, _ := fs.ToJSON()
+			fsY, _ := uo.FromString(string(json))
+			managedFields = append(managedFields, map[string]interface{}{
+				"apiVersion": "v1",
+				"fieldsType": "FieldsV1",
+				"manager":    manager,
+				"operation":  "Apply",
+				"time":       "dummy",
+				"fieldsV1":   fsY.Object,
+			})
+		}
+		_ = o.SetNestedField(managedFields, "metadata", "managedFields")
+		return o
+	}
+
+	buildConflicts := func(fields ...string) metav1.Status {
+		var s metav1.Status
+		s.Details = &metav1.StatusDetails{}
+		for _, f := range fields {
+			s.Details.Causes = append(s.Details.Causes, metav1.StatusCause{
+				Type:  metav1.CauseTypeFieldManagerConflict,
+				Field: fmt.Sprintf(".data.%s", f),
+			})
+		}
+		return s
+	}
+
+	buildLost := func(fields ...string) []LostOwnership {
+		var l []LostOwnership
+		for _, f := range fields {
+			l = append(l, LostOwnership{
+				Field:   fmt.Sprintf(".data.%s", f),
+				Message: "",
+			})
+		}
+		return l
+	}
+
+	buildAnnotations := func(kvs ...string) map[string]string {
+		ret := map[string]string{}
+		for i := 0; i < len(kvs); i += 2 {
+			ret[kvs[i]] = kvs[i+1]
+		}
+		return ret
+	}
+
+	tests := []testCase{
+		{
+			name:   "overwrite-kubectl",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "kubectl"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}),
+			status: buildConflicts("d1"),
+			result: buildConfigMap(fieldInfo{"d1", "x", "m1"}),
+		},
+		{
+			name:   "lost-field",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}),
+			status: buildConflicts("d1"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d1"),
+			// also test non-matching fields here
+			anns: buildAnnotations("kluctl.io/force-apply-field", "data.d3"),
+		},
+		{
+			name:   "force-apply-object",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/force-apply", "true"),
+		},
+		{
+			name:   "force-apply-field",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d3"),
+			anns:   buildAnnotations("kluctl.io/force-apply-field", "data.d1"),
+		},
+		{
+			name:   "force-apply-field-xxx",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			lost:   buildLost("d1"),
+			anns:   buildAnnotations("kluctl.io/force-apply-field-123", "data.d3"),
+		},
+		{
+			name:   "ignore-conflicts",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/ignore-conflicts", "true"),
+		},
+		{
+			name:   "ignore-conflicts-field",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d3"),
+			anns:   buildAnnotations("kluctl.io/ignore-conflicts-field", "data.d1"),
+		},
+		{
+			name:   "ignore-conflicts-field-xxx",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d1"),
+			anns:   buildAnnotations("kluctl.io/ignore-conflicts-field-123", "data.d3"),
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			if tc.local != nil {
+				_ = tc.local.RemoveNestedField("metadata", "managedFields")
+			}
+			if tc.result != nil {
+				_ = tc.result.RemoveNestedField("metadata", "managedFields")
+			}
+			for k, v := range tc.anns {
+				if tc.local != nil {
+					tc.local.SetK8sAnnotation(k, v)
+				}
+				if tc.result != nil {
+					tc.result.SetK8sAnnotation(k, v)
+				}
+			}
+
+			r, l, err := ResolveFieldManagerConflicts(tc.local, tc.remote, tc.status)
+			assert.NoError(t, err)
+			assert.Equal(t, r, tc.result)
+			assert.Equal(t, l, tc.lost)
+		})
+	}
+}

From aa7b47c81cdaedd6cf40353158e9d71a2aee3d9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 17:12:33 +0100
Subject: [PATCH 0621/2268] fix: Fix potential nil pointer access in
 pullAndCommitChart

---
 cmd/kluctl/commands/cmd_helm_update.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 7d6fc14f0..e831c591f 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -179,7 +179,7 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 	// know what got deleted
 	oldFiles := map[string]bool{}
 	err = filepath.WalkDir(chart.GetChartDir(), func(p string, d fs.DirEntry, err error) error {
-		if d.IsDir() {
+		if d == nil || d.IsDir() {
 			return nil
 		}
 		relToGit, err := filepath.Rel(gitRootPath, p)

From 967ec16f3fb3ddf9cbe1a726620ed64ece8fc935 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 17:15:16 +0100
Subject: [PATCH 0622/2268] feat: Use github.com/Masterminds/semver for Helm
 version sorting

---
 pkg/deployment/helm_chart.go | 47 +++++++++++++++++++++++++++---------
 1 file changed, 35 insertions(+), 12 deletions(-)

diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 584fe3a72..5308e9431 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"github.com/Masterminds/semver/v3"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
@@ -13,7 +14,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
 	"github.com/rogpeppe/go-internal/lockedfile"
@@ -57,6 +57,11 @@ func NewHelmChart(configFile string) (*HelmChart, error) {
 		return nil, err
 	}
 
+	_, err = semver.NewVersion(*config.ChartVersion)
+	if err != nil {
+		return nil, fmt.Errorf("invalid chart version '%s': %w", *config.ChartVersion, err)
+	}
+
 	hc := &HelmChart{
 		ConfigFile: configFile,
 		Config:     &config,
@@ -274,20 +279,16 @@ func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error
 		return "", false, err
 	}
 
-	var ls versions.LooseVersionSlice
-	for _, x := range tags {
-		ls = append(ls, versions.LooseVersion(x))
+	latestVersion, err := c.findLatestVersion(tags)
+	if err != nil {
+		return "", false, err
 	}
-	sort.Stable(ls)
-	latestVersion := string(ls[len(ls)-1])
 
 	updated := latestVersion != *c.Config.ChartVersion
 	return latestVersion, updated, nil
 }
 
 func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
-	var latestVersion string
-
 	settings := cli.New()
 
 	var e *repo.Entry
@@ -331,17 +332,39 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 		return "", false, fmt.Errorf("helm chart %s not found in repo index", c.chartName)
 	}
 
-	var ls versions.LooseVersionSlice
+	versions := make([]string, 0, indexEntry.Len())
 	for _, x := range indexEntry {
-		ls = append(ls, versions.LooseVersion(x.Version))
+		versions = append(versions, x.Version)
+	}
+
+	latestVersion, err := c.findLatestVersion(versions)
+	if err != nil {
+		return "", false, err
 	}
-	sort.Stable(ls)
-	latestVersion = string(ls[len(ls)-1])
 
 	updated := latestVersion != *c.Config.ChartVersion
 	return latestVersion, updated, nil
 }
 
+func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
+	var versions semver.Collection
+	for _, x := range inputVersions {
+		v, err := semver.NewVersion(x)
+		if err != nil {
+			continue
+		}
+
+		versions = append(versions, v)
+	}
+	if len(versions) == 0 {
+		return "", fmt.Errorf("no version found")
+	}
+
+	sort.Stable(versions)
+	latestVersion := versions[len(versions)-1].Original()
+	return latestVersion, nil
+}
+
 func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, sopsDecrypter sops.SopsDecrypter) error {
 	err := c.doRender(ctx, k, sopsDecrypter)
 	if err != nil {

From 5e84b0f426e00f4ced5c40d5b8145c9a6510dce2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 17:15:33 +0100
Subject: [PATCH 0623/2268] feat: Implement updateConstraints for
 helm-chart.yaml

---
 docs/reference/deployments/helm.md | 11 +++++-
 e2e/helm_test.go                   | 63 ++++++++++++++++++++++++++++++
 e2e/test-utils/project.go          |  8 +++-
 pkg/deployment/helm_chart.go       | 23 ++++++++++-
 pkg/types/helm_chart.go            | 19 ++++-----
 5 files changed, 111 insertions(+), 13 deletions(-)

diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index bc49ddf0d..ee2c4ec21 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -68,6 +68,7 @@ helmChart:
   repo: https://charts.bitnami.com/bitnami
   chartName: redis
   chartVersion: 12.1.1
+  updateConstraints: ~12.1.0
   skipUpdate: false
   releaseName: redis-cache
   namespace: "{{ my.jinja2.var }}"
@@ -102,7 +103,15 @@ helmChart:
 The name of the chart that can be found in the repository.
 
 ### chartVersion
-The version of the chart.
+The version of the chart. Must be a valid semantic version.
+
+### updateConstraints
+Specifies version constraints to be used when running [helm-update](../commands/helm-update.md). See
+[Checking Version Constraints](https://github.com/Masterminds/semver#checking-version-constraints) for details on the
+supported syntax.
+
+If omitted, Kluctl will filter out pre-releases by default. Use a `updateConstraings` like `~1.2.3-0` to enable
+pre-releases.
 
 ### skipUpdate
 Skip this Helm Chart when the [helm-update](../commands/helm-update.md) command is called.
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 94386b8f8..4ac15022b 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -273,6 +273,69 @@ func TestHelmUpdateAndUpgradeAndCommitOci(t *testing.T) {
 	testHelmUpdate(t, true, true, true)
 }
 
+func testHelmUpdateConstraints(t *testing.T, oci bool) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t, k)
+
+	createNamespace(t, k, p.TestSlug())
+
+	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.1.1"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
+		{ChartName: "test-chart1", Version: "1.1.0"},
+		{ChartName: "test-chart1", Version: "1.1.1"},
+		{ChartName: "test-chart1", Version: "1.2.1"},
+	}, oci, "", "")
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repoUrl, "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("~0.1.0", "helmChart", "updateConstraints")
+		return nil
+	}, "")
+	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("~0.2.0", "helmChart", "updateConstraints")
+		return nil
+	}, "")
+	p.UpdateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("~1.2.0", "helmChart", "updateConstraints")
+		return nil
+	}, "")
+
+	args := []string{"helm-update", "--upgrade"}
+
+	_, stderr := p.KluctlMust(args...)
+	assert.Contains(t, stderr, "helm1: Chart has new version 0.1.1 available.")
+	assert.Contains(t, stderr, "helm2: Chart has new version 0.2.0 available.")
+	assert.Contains(t, stderr, "helm3: Chart has new version 1.2.1 available.")
+
+	c1 := p.GetYaml("helm1/helm-chart.yaml")
+	c2 := p.GetYaml("helm2/helm-chart.yaml")
+	c3 := p.GetYaml("helm3/helm-chart.yaml")
+
+	v1, _, _ := c1.GetNestedString("helmChart", "chartVersion")
+	v2, _, _ := c2.GetNestedString("helmChart", "chartVersion")
+	v3, _, _ := c3.GetNestedString("helmChart", "chartVersion")
+	assert.Equal(t, "0.1.1", v1)
+	assert.Equal(t, "0.2.0", v2)
+	assert.Equal(t, "1.2.1", v3)
+}
+
+func TestHelmUpdateConstraints(t *testing.T) {
+	testHelmUpdateConstraints(t, false)
+}
+
+func TestHelmUpdateConstraintsOci(t *testing.T) {
+	testHelmUpdateConstraints(t, true)
+}
+
 func TestHelmValues(t *testing.T) {
 	t.Parallel()
 
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index f52e77e80..ffc225c62 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -127,14 +127,18 @@ func (p *TestProject) UpdateFile(path string, update func(f string) (string, err
 	p.gitServer.UpdateFile("kluctl-project", path, update, message)
 }
 
-func (p *TestProject) GetDeploymentYaml(dir string) *uo.UnstructuredObject {
-	o, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), dir, "deployment.yml"))
+func (p *TestProject) GetYaml(path string) *uo.UnstructuredObject {
+	o, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), path))
 	if err != nil {
 		p.t.Fatal(err)
 	}
 	return o
 }
 
+func (p *TestProject) GetDeploymentYaml(dir string) *uo.UnstructuredObject {
+	return p.GetYaml(filepath.Join(dir, "deployment.yml"))
+}
+
 func (p *TestProject) ListDeploymentItemPathes(dir string, fullPath bool) []string {
 	var ret []string
 	o := p.GetDeploymentYaml(dir)
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index 5308e9431..bd5f27fdf 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -347,6 +347,15 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 }
 
 func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
+	var err error
+	var updateConstraints *semver.Constraints
+	if c.Config.UpdateConstraints != nil {
+		updateConstraints, err = semver.NewConstraint(*c.Config.UpdateConstraints)
+		if err != nil {
+			return "", fmt.Errorf("invalid update constraints '%s': %w", *c.Config.UpdateConstraints, err)
+		}
+	}
+
 	var versions semver.Collection
 	for _, x := range inputVersions {
 		v, err := semver.NewVersion(x)
@@ -354,10 +363,22 @@ func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
 			continue
 		}
 
+		if updateConstraints == nil {
+			if v.Prerelease() != "" {
+				// we don't allow pre-releases by default. To allow pre-releases, use 1.0.0-0 as constraint
+				continue
+			}
+		} else if !updateConstraints.Check(v) {
+			continue
+		}
 		versions = append(versions, v)
 	}
 	if len(versions) == 0 {
-		return "", fmt.Errorf("no version found")
+		if c.Config.UpdateConstraints == nil {
+			return "", fmt.Errorf("no version found")
+		} else {
+			return "", fmt.Errorf("no version found that satisfies constraints '%s'", *c.Config.UpdateConstraints)
+		}
 	}
 
 	sort.Stable(versions)
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index d5e9e4445..7cf645597 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,15 +1,16 @@
 package types
 
 type HelmChartConfig2 struct {
-	Repo          *string `yaml:"repo" validate:"required"`
-	CredentialsId *string `yaml:"credentialsId,omitempty"`
-	ChartName     *string `yaml:"chartName,omitempty"`
-	ChartVersion  *string `yaml:"chartVersion" validate:"required"`
-	ReleaseName   string  `yaml:"releaseName" validate:"required"`
-	Namespace     *string `yaml:"namespace,omitempty"`
-	Output        *string `yaml:"output,omitempty"`
-	SkipCRDs      bool    `yaml:"skipCRDs,omitempty"`
-	SkipUpdate    bool    `yaml:"skipUpdate,omitempty"`
+	Repo              *string `yaml:"repo" validate:"required"`
+	CredentialsId     *string `yaml:"credentialsId,omitempty"`
+	ChartName         *string `yaml:"chartName,omitempty"`
+	ChartVersion      *string `yaml:"chartVersion" validate:"required"`
+	UpdateConstraints *string `yaml:"updateConstraints"`
+	ReleaseName       string  `yaml:"releaseName" validate:"required"`
+	Namespace         *string `yaml:"namespace,omitempty"`
+	Output            *string `yaml:"output,omitempty"`
+	SkipCRDs          bool    `yaml:"skipCRDs,omitempty"`
+	SkipUpdate        bool    `yaml:"skipUpdate,omitempty"`
 }
 
 type HelmChartConfig struct {

From 64f602eb37ff9e2b42ab6410c724319dd5539359 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Dec 2022 22:14:05 +0000
Subject: [PATCH 0624/2268] chore(deps): Bump golang.org/x/net from 0.2.0 to
 0.4.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.4.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  8 ++++----
 go.sum | 15 ++++++++-------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index b3ba13049..df37fc236 100644
--- a/go.mod
+++ b/go.mod
@@ -39,11 +39,11 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
 	golang.org/x/crypto v0.3.0
-	golang.org/x/net v0.2.0
+	golang.org/x/net v0.4.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.2.0
-	golang.org/x/term v0.2.0
-	golang.org/x/text v0.4.0
+	golang.org/x/sys v0.3.0
+	golang.org/x/term v0.3.0
+	golang.org/x/text v0.5.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.2
diff --git a/go.sum b/go.sum
index 83e4ab2bc..6a0a94efe 100644
--- a/go.sum
+++ b/go.sum
@@ -971,8 +971,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
+golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1078,14 +1078,14 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1095,8 +1095,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 17c8fd9074f27c02bb4464ea88f48ad1e42f6389 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2022 23:18:05 +0100
Subject: [PATCH 0625/2268] chore: Add more info when pulling charts

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 2 +-
 cmd/kluctl/commands/cmd_helm_update.go | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index af62259f1..fba329f84 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -90,7 +90,7 @@ func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials,
 
 	chart.SetCredentials(&helmCredentials)
 
-	s.Update("%s: Pulling Chart %s with version %s", statusPrefix, chart.GetChartName(), *chart.Config.ChartVersion)
+	s.UpdateAndInfoFallback("%s: Pulling Chart %s with version %s", statusPrefix, chart.GetChartName(), *chart.Config.ChartVersion)
 
 	err = chart.Pull(cliCtx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index e831c591f..47edfeae9 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -218,7 +218,7 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 		}
 	}
 
-	s.Update("%s: Committing chart", statusPrefix)
+	s.UpdateAndInfoFallback("%s: Committing chart", statusPrefix)
 
 	mutex.Lock()
 	defer mutex.Unlock()
@@ -235,14 +235,14 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 	for _, p := range toAdd {
 		_, err = wt.Add(p)
 		if err != nil {
-			return err
+			return fmt.Errorf("failed to add %s to git index: %w", p, err)
 		}
 	}
 
 	commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", statusPrefix, oldVersion, newVersion)
 	_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to commit: %w", err)
 	}
 
 	s.Update("%s: Committed helm chart with version %s", statusPrefix, newVersion)

From 18e686a7a594889fe45a75dfd94f3c149a71270b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Dec 2022 09:51:38 +0100
Subject: [PATCH 0626/2268] fix: Fix sporadically occuring "no such file or
 directly" errors

See the inline comment for details.
---
 cmd/kluctl/commands/cmd_helm_update.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 47edfeae9..2b9fad76b 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -11,9 +11,11 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/sync/semaphore"
 	"io/fs"
+	"math/rand"
 	"os"
 	"path/filepath"
 	"sync"
+	"time"
 )
 
 type helmUpdateCmd struct {
@@ -233,7 +235,19 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 	}
 
 	for _, p := range toAdd {
-		_, err = wt.Add(p)
+		// we have to retry a few times as Add() might fail with "no such file or directly"
+		// This is because it internally tries to get the git status, which fails if files are added/deleted in
+		// parallel by another goroutine (we're pulling in parallel). We're guarding the repo via the mutex from above
+		// so this is actually safe.
+		for i := 0; i < 10; i++ {
+			_, err = wt.Add(p)
+			if err == nil || !os.IsNotExist(err) {
+				break
+			}
+			// let's have some randomness in waiting time to ensure we don't run into the same problem again and again
+			s := time.Duration(rand.Intn(10) + 10)
+			time.Sleep(s * time.Millisecond)
+		}
 		if err != nil {
 			return fmt.Errorf("failed to add %s to git index: %w", p, err)
 		}

From 006eba70d60e5bddc948fed6905f1b94bf822de8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Dec 2022 09:58:00 +0100
Subject: [PATCH 0627/2268] refactor: Move --offline-kubernetes flag into
 OfflineKubernetesFlags

---
 cmd/kluctl/args/misc.go                | 4 ++++
 cmd/kluctl/commands/cmd_list_images.go | 4 ++--
 cmd/kluctl/commands/cmd_render.go      | 4 ++--
 cmd/kluctl/commands/cmd_seal.go        | 6 +++---
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 196f52872..7b2540c12 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -8,6 +8,10 @@ type YesFlags struct {
 	Yes bool `group:"misc" short:"y" help:"Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'."`
 }
 
+type OfflineKubernetesFlags struct {
+	OfflineKubernetes bool `group:"misc" help:"Run command in offline mode, meaning that it will not try to connect the target cluster"`
+}
+
 type DryRunFlags struct {
 	DryRun bool `group:"misc" help:"Performs all kubernetes API calls in dry-run mode."`
 }
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 371310ed1..477a757c2 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -14,9 +14,9 @@ type listImagesCmd struct {
 	args.HelmCredentials
 	args.OutputFlags
 	args.RenderOutputDirFlags
+	args.OfflineKubernetesFlags
 
-	OfflineKubernetes bool `group:"misc" help:"Run list-images in offline mode, meaning that it will not try to connect the target cluster"`
-	Simple            bool `group:"misc" help:"Output a simplified version of the images list"`
+	Simple bool `group:"misc" help:"Output a simplified version of the images list"`
 }
 
 func (cmd *listImagesCmd) Help() string {
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index f3fcf8b5c..9a82dc4ce 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -16,9 +16,9 @@ type renderCmd struct {
 	args.ImageFlags
 	args.HelmCredentials
 	args.RenderOutputDirFlags
+	args.OfflineKubernetesFlags
 
-	OfflineKubernetes bool `group:"misc" help:"Run render in offline mode, meaning that it will not try to connect the target cluster"`
-	PrintAll          bool `group:"misc" help:"Write all rendered manifests to stdout"`
+	PrintAll bool `group:"misc" help:"Write all rendered manifests to stdout"`
 }
 
 func (cmd *renderCmd) Help() string {
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index e1b2dce24..679d5697d 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -18,10 +18,10 @@ type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
 	args.HelmCredentials
+	args.OfflineKubernetesFlags
 
-	ForceReseal       bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
-	CertFile          string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
-	OfflineKubernetes bool   `group:"misc" help:"Run seal in offline mode, meaning that it will not try to connect the target cluster"`
+	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
+	CertFile    string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
 }
 
 func (cmd *sealCmd) Help() string {

From df99219670320b1510f4fac0b275438d71e55f75 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 8 Dec 2022 09:33:27 +0000
Subject: [PATCH 0628/2268] chore(deps): Bump golang.org/x/crypto from 0.3.0 to
 0.4.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index df37fc236..ab79f6f8b 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
-	golang.org/x/crypto v0.3.0
+	golang.org/x/crypto v0.4.0
 	golang.org/x/net v0.4.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.3.0
diff --git a/go.sum b/go.sum
index 6a0a94efe..4b69beba1 100644
--- a/go.sum
+++ b/go.sum
@@ -884,8 +884,8 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
-golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 17ba8b1c31d283de49701e7d8da979f6323e1183 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Dec 2022 10:07:39 +0100
Subject: [PATCH 0629/2268] feat: Implement --kubernetes-version to be used
 with --offline-kubernetes

---
 cmd/kluctl/args/misc.go                |  3 ++-
 cmd/kluctl/commands/cmd_list_images.go |  1 +
 cmd/kluctl/commands/cmd_render.go      |  1 +
 cmd/kluctl/commands/cmd_seal.go        |  1 +
 cmd/kluctl/commands/utils.go           |  2 ++
 pkg/deployment/deployment_item.go      |  2 +-
 pkg/deployment/helm_chart.go           | 12 +++++++++---
 pkg/deployment/shared_context.go       |  1 +
 pkg/kluctl_project/target_context.go   |  2 ++
 9 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 7b2540c12..52b7b6f4c 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -9,7 +9,8 @@ type YesFlags struct {
 }
 
 type OfflineKubernetesFlags struct {
-	OfflineKubernetes bool `group:"misc" help:"Run command in offline mode, meaning that it will not try to connect the target cluster"`
+	OfflineKubernetes bool   `group:"misc" help:"Run command in offline mode, meaning that it will not try to connect the target cluster"`
+	KubernetesVersion string `group:"misc" help:"Specify the Kubernetes version that will be assumed. This will also override the kubeVersion used when rendering Helm Charts."`
 }
 
 type DryRunFlags struct {
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 477a757c2..748d2805e 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -36,6 +36,7 @@ func (cmd *listImagesCmd) Run() error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
+		kubernetesVersion:    cmd.KubernetesVersion,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		result := types.FixedImagesConfig{
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 9a82dc4ce..d7c5ff244 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -45,6 +45,7 @@ func (cmd *renderCmd) Run() error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
+		kubernetesVersion:    cmd.KubernetesVersion,
 	}
 	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
 		if cmd.PrintAll {
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 679d5697d..fc31ec63f 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -48,6 +48,7 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 		helmCredentials:   cmd.HelmCredentials,
 		forSeal:           true,
 		offlineKubernetes: cmd.OfflineKubernetes,
+		kubernetesVersion: cmd.KubernetesVersion,
 	}
 	ptArgs.targetFlags.Target = targetName
 
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 221f97ac0..5715f93e4 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -101,6 +101,7 @@ type projectTargetCommandArgs struct {
 	forSeal           bool
 	forCompletion     bool
 	offlineKubernetes bool
+	kubernetesVersion string
 }
 
 type commandCtx struct {
@@ -167,6 +168,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		TargetNameOverride: args.targetFlags.TargetNameOverride,
 		ContextOverride:    args.targetFlags.Context,
 		OfflineK8s:         args.offlineKubernetes,
+		K8sVersion:         args.kubernetesVersion,
 		DryRun:             args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
 		ExternalArgs:       optionArgs2,
 		ForSeal:            args.forSeal,
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index f6caec641..bbd9665b6 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -214,7 +214,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			}
 		}
 
-		return chart.Render(di.ctx.Ctx, di.ctx.K, di.ctx.SopsDecrypter)
+		return chart.Render(di.ctx.Ctx, di.ctx.K, di.ctx.K8sVersion, di.ctx.SopsDecrypter)
 	})
 	if err != nil {
 		return err
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index bd5f27fdf..d21426da2 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -386,15 +386,15 @@ func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
 	return latestVersion, nil
 }
 
-func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, sopsDecrypter sops.SopsDecrypter) error {
-	err := c.doRender(ctx, k, sopsDecrypter)
+func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+	err := c.doRender(ctx, k, k8sVersion, sopsDecrypter)
 	if err != nil {
 		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", c.chartName, c.Config.ReleaseName, err)
 	}
 	return nil
 }
 
-func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, sopsDecrypter sops.SopsDecrypter) error {
+func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
 	chartDir := c.chartDir
 
 	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
@@ -457,6 +457,12 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, sopsDecrypt
 			return err
 		}
 	}
+	if k8sVersion != "" {
+		kubeVersion, err = chartutil.ParseKubeVersion(k8sVersion)
+		if err != nil {
+			return err
+		}
+	}
 
 	namespace := "default"
 	if c.Config.Namespace != nil {
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index be1492050..7fce849ce 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -11,6 +11,7 @@ import (
 type SharedContext struct {
 	Ctx             context.Context
 	K               *k8s.K8sCluster
+	K8sVersion      string
 	RP              *repocache.GitRepoCache
 	SopsDecrypter   sops.SopsDecrypter
 	VarsLoader      *vars.VarsLoader
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 952c44d85..980585382 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -31,6 +31,7 @@ type TargetContextParams struct {
 	TargetNameOverride string
 	ContextOverride    string
 	OfflineK8s         bool
+	K8sVersion         string
 	DryRun             bool
 	ExternalArgs       *uo.UnstructuredObject
 	ForSeal            bool
@@ -103,6 +104,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	dctx := deployment.SharedContext{
 		Ctx:                               ctx,
 		K:                                 k,
+		K8sVersion:                        params.K8sVersion,
 		RP:                                p.RP,
 		SopsDecrypter:                     p.SopsDecrypter,
 		VarsLoader:                        varsLoader,

From da1647e2b7122ba148d27661e32cd4b1f7d34a1b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Dec 2022 10:20:07 +0100
Subject: [PATCH 0630/2268] tests: Add tests for --kubernetes-version

---
 e2e/helm_test.go                              | 58 ++++++++++++++++---
 e2e/sops_test.go                              |  7 ++-
 e2e/test-utils/envtest_cluster.go             | 12 ++++
 .../test-helm-chart/templates/configmap.yaml  |  1 +
 4 files changed, 66 insertions(+), 12 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 4ac15022b..cedfa3a60 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -382,19 +382,22 @@ func TestHelmValues(t *testing.T) {
 	cm3 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm3-test-chart1")
 
 	assert.Equal(t, map[string]any{
-		"a":       "x1",
-		"b":       "y1",
-		"version": "0.1.0",
+		"a":           "x1",
+		"b":           "y1",
+		"version":     "0.1.0",
+		"kubeVersion": k.ServerVersion.String(),
 	}, cm1.Object["data"])
 	assert.Equal(t, map[string]any{
-		"a":       "x2",
-		"b":       "y2",
-		"version": "0.1.0",
+		"a":           "x2",
+		"b":           "y2",
+		"version":     "0.1.0",
+		"kubeVersion": k.ServerVersion.String(),
 	}, cm2.Object["data"])
 	assert.Equal(t, map[string]any{
-		"a":       "a",
-		"b":       "b",
-		"version": "0.1.0",
+		"a":           "a",
+		"b":           "b",
+		"version":     "0.1.0",
+		"kubeVersion": k.ServerVersion.String(),
 	}, cm3.Object["data"])
 }
 
@@ -428,3 +431,40 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug()+"-a", "test-helm-ns-test-chart1")
 	assertConfigMapExists(t, k, p.TestSlug()+"-b", "test-helm-ns-test-chart1")
 }
+
+func TestHelmRenderOfflineKubernetes(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t, k)
+
+	createNamespace(t, k, p.TestSlug())
+
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+	}, "", "")
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+
+	stdout, _ := p.KluctlMust("render", "--print-all", "--offline-kubernetes", "-t", "test")
+	cm1 := uo.FromStringMust(stdout)
+
+	assert.Equal(t, map[string]any{
+		"a":           "v1",
+		"b":           "v2",
+		"version":     "0.1.0",
+		"kubeVersion": "v1.20.0",
+	}, cm1.Object["data"])
+
+	stdout, _ = p.KluctlMust("render", "--print-all", "--offline-kubernetes", "--kubernetes-version", "1.22.1", "-t", "test")
+	cm1 = uo.FromStringMust(stdout)
+
+	assert.Equal(t, map[string]any{
+		"a":           "v1",
+		"b":           "v2",
+		"version":     "0.1.0",
+		"kubeVersion": "v1.22.1",
+	}, cm1.Object["data"])
+}
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 6b4a1a1a2..da65ece12 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -109,8 +109,9 @@ func TestSopsHelmValues(t *testing.T) {
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 
 	assert.Equal(t, map[string]any{
-		"a":       "secret1",
-		"b":       "secret2",
-		"version": "0.1.0",
+		"a":           "secret1",
+		"b":           "secret2",
+		"version":     "0.1.0",
+		"kubeVersion": k.ServerVersion.String(),
 	}, cm1.Object["data"])
 }
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index c32b82665..df6893c7d 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -7,6 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/version"
+	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/util/flowcontrol"
@@ -28,6 +30,7 @@ type EnvTestCluster struct {
 
 	HttpClient    *http.Client
 	DynamicClient dynamic.Interface
+	ServerVersion *version.Info
 
 	callbackServer     webhook.Server
 	callbackServerStop context.CancelFunc
@@ -85,6 +88,15 @@ func (k *EnvTestCluster) Start() error {
 	}
 	k.DynamicClient = dynamicClient
 
+	discoveryClient, err := discovery.NewDiscoveryClientForConfigAndClient(k.config, client)
+	if err != nil {
+		return err
+	}
+	k.ServerVersion, err = discoveryClient.ServerVersion()
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
diff --git a/e2e/test-utils/test-helm-chart/templates/configmap.yaml b/e2e/test-utils/test-helm-chart/templates/configmap.yaml
index fe63edb28..25adf10ac 100644
--- a/e2e/test-utils/test-helm-chart/templates/configmap.yaml
+++ b/e2e/test-utils/test-helm-chart/templates/configmap.yaml
@@ -8,3 +8,4 @@ data:
   a: {{ .Values.data.a }}
   b: {{ .Values.data.b }}
   version: {{ .Chart.Version }}
+  kubeVersion: {{ .Capabilities.KubeVersion }}

From f25e9812e4538b92470de55d0814a0a86265b45e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Dec 2022 10:34:46 +0100
Subject: [PATCH 0631/2268] docs: Run make replace-commands-help

---
 docs/reference/commands/list-images.md | 6 ++++--
 docs/reference/commands/render.md      | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/reference/commands/list-images.md b/docs/reference/commands/list-images.md
index e90fe6624..125b79770 100644
--- a/docs/reference/commands/list-images.md
+++ b/docs/reference/commands/list-images.md
@@ -48,8 +48,10 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
-      --offline-kubernetes                          Run list-images in offline mode, meaning that it will not try
-                                                    to connect the target cluster
+      --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
+                                                    also override the kubeVersion used when rendering Helm Charts.
+      --offline-kubernetes                          Run command in offline mode, meaning that it will not try to
+                                                    connect the target cluster
   -o, --output stringArray                          Specify output target file. Can be specified multiple times
       --render-output-dir string                    Specifies the target directory to render the project into. If
                                                     omitted, a temporary directory is used.
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index f27882a06..3556e40c0 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -45,7 +45,9 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
-      --offline-kubernetes                          Run render in offline mode, meaning that it will not try to
+      --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
+                                                    also override the kubeVersion used when rendering Helm Charts.
+      --offline-kubernetes                          Run command in offline mode, meaning that it will not try to
                                                     connect the target cluster
       --print-all                                   Write all rendered manifests to stdout
       --render-output-dir string                    Specifies the target directory to render the project into. If

From 5a5112f9957acd247467111c31c2041fe6dbd272 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 10:34:43 +0100
Subject: [PATCH 0632/2268] refactor: Don't use global cliCtx anymore and pass
 ctx around where needed

---
 .../commands/cmd_check_image_updates.go       | 17 +++----
 cmd/kluctl/commands/cmd_delete.go             | 12 ++---
 cmd/kluctl/commands/cmd_deploy.go             | 31 +++++++------
 cmd/kluctl/commands/cmd_diff.go               | 11 ++---
 cmd/kluctl/commands/cmd_flux_reconcile.go     | 10 ++---
 cmd/kluctl/commands/cmd_flux_resume.go        |  4 +-
 cmd/kluctl/commands/cmd_flux_suspend.go       |  4 +-
 cmd/kluctl/commands/cmd_helm_pull.go          | 13 +++---
 cmd/kluctl/commands/cmd_helm_update.go        | 25 ++++++-----
 cmd/kluctl/commands/cmd_list_images.go        |  9 ++--
 cmd/kluctl/commands/cmd_list_targets.go       |  6 +--
 cmd/kluctl/commands/cmd_poke_images.go        | 13 +++---
 cmd/kluctl/commands/cmd_prune.go              | 17 +++----
 cmd/kluctl/commands/cmd_render.go             | 11 ++---
 cmd/kluctl/commands/cmd_seal.go               | 34 +++++++-------
 cmd/kluctl/commands/cmd_validate.go           | 11 ++---
 cmd/kluctl/commands/cmd_version.go            |  3 +-
 cmd/kluctl/commands/cobra_utils.go            |  5 ++-
 cmd/kluctl/commands/command_result.go         | 13 +++---
 cmd/kluctl/commands/completion.go             | 44 ++++++++++---------
 cmd/kluctl/commands/root.go                   |  8 +++-
 cmd/kluctl/commands/utils.go                  | 12 ++---
 22 files changed, 167 insertions(+), 146 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 14be5ede7..a21df32c3 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -22,20 +23,20 @@ func (cmd *checkImageUpdatesCmd) Help() string {
 	return `This is based on a best effort approach and might give many false-positives.`
 }
 
-func (cmd *checkImageUpdatesCmd) Run() error {
+func (cmd *checkImageUpdatesCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		return runCheckImageUpdates(ctx)
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		return runCheckImageUpdates(cmdCtx)
 	})
 }
 
-func runCheckImageUpdates(ctx *commandCtx) error {
-	renderedImages := ctx.targetCtx.DeploymentCollection.FindRenderedImages()
+func runCheckImageUpdates(cmdCtx *commandCtx) error {
+	renderedImages := cmdCtx.targetCtx.DeploymentCollection.FindRenderedImages()
 
-	rh := registries.NewRegistryHelper(ctx.ctx)
+	rh := registries.NewRegistryHelper(cmdCtx.ctx)
 
 	imageTags := make(map[string]interface{})
 	var mutex sync.Mutex
@@ -76,7 +77,7 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 		for _, image := range images {
 			s := strings.SplitN(image, ":", 2)
 			if len(s) == 1 {
-				status.Warning(ctx.ctx, "%s: Ignoring image %s as it doesn't specify a tag", ref.String(), image)
+				status.Warning(cmdCtx.ctx, "%s: Ignoring image %s as it doesn't specify a tag", ref.String(), image)
 				continue
 			}
 			repo := s[0]
@@ -84,7 +85,7 @@ func runCheckImageUpdates(ctx *commandCtx) error {
 			repoTags, _ := imageTags[repo].([]string)
 			err, _ := imageTags[repo].(error)
 			if err != nil {
-				status.Warning(ctx.ctx, "%s: Failed to list tags for %s. %v", ref.String(), repo, err)
+				status.Warning(cmdCtx.ctx, "%s: Failed to list tags for %s. %v", ref.String(), repo, err)
 				continue
 			}
 
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index ecfc97814..48a09b2c7 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -37,7 +37,7 @@ project (anymore). It really only decides based on the 'deleteByLabel' labels an
 take the local target/state into account!`
 }
 
-func (cmd *deleteCmd) Run() error {
+func (cmd *deleteCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -48,8 +48,8 @@ func (cmd *deleteCmd) Run() error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(ctx.targetCtx.DeploymentCollection)
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		cmd2 := commands.NewDeleteCommand(cmdCtx.targetCtx.DeploymentCollection)
 
 		deleteByLabels, err := deployment.ParseArgs(cmd.DeleteByLabel)
 		if err != nil {
@@ -58,15 +58,15 @@ func (cmd *deleteCmd) Run() error {
 
 		cmd2.OverrideDeleteByLabels = deleteByLabels
 
-		objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
+		objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
-		result, err := confirmedDeleteObjects(ctx.ctx, ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+		result, err := confirmedDeleteObjects(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 9b62a7aa8..f819935db 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -34,7 +35,7 @@ It will also output a list of prunable objects (without actually deleting them).
 `
 }
 
-func (cmd *deployCmd) Run() error {
+func (cmd *deployCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -45,16 +46,16 @@ func (cmd *deployCmd) Run() error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		return cmd.runCmdDeploy(ctx)
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		return cmd.runCmdDeploy(cmdCtx)
 	})
 }
 
-func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
-	status.Trace(ctx.ctx, "enter runCmdDeploy")
-	defer status.Trace(ctx.ctx, "leave runCmdDeploy")
+func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
+	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
+	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
 
-	cmd2 := commands.NewDeployCommand(ctx.targetCtx.DeploymentCollection)
+	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx.DeploymentCollection)
 	cmd2.ForceApply = cmd.ForceApply
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
 	cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
@@ -62,16 +63,18 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 	cmd2.ReadinessTimeout = cmd.ReadinessTimeout
 	cmd2.NoWait = cmd.NoWait
 
-	cb := cmd.diffResultCb
+	cb := func(diffResult *types.CommandResult) error {
+		return cmd.diffResultCb(cmdCtx.ctx, diffResult)
+	}
 	if cmd.Yes || cmd.DryRun {
 		cb = nil
 	}
 
-	result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K, cb)
+	result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, cb)
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmd.OutputFormat, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, result)
 	if err != nil {
 		return err
 	}
@@ -81,8 +84,8 @@ func (cmd *deployCmd) runCmdDeploy(ctx *commandCtx) error {
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(diffResult *types.CommandResult) error {
-	err := outputCommandResult(nil, diffResult)
+func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *types.CommandResult) error {
+	err := outputCommandResult(ctx, nil, diffResult)
 	if err != nil {
 		return err
 	}
@@ -90,11 +93,11 @@ func (cmd *deployCmd) diffResultCb(diffResult *types.CommandResult) error {
 		return nil
 	}
 	if len(diffResult.Errors) != 0 {
-		if !status.AskForConfirmation(cliCtx, "The diff resulted in errors, do you still want to proceed?") {
+		if !status.AskForConfirmation(ctx, "The diff resulted in errors, do you still want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	} else {
-		if !status.AskForConfirmation(cliCtx, "The diff succeeded, do you want to proceed?") {
+		if !status.AskForConfirmation(ctx, "The diff succeeded, do you want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index d18becfe5..bb8fcce19 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -27,7 +28,7 @@ is currently not documented and prone to changes.
 After the diff is performed, the command will also search for prunable objects and list them.`
 }
 
-func (cmd *diffCmd) Run() error {
+func (cmd *diffCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -37,19 +38,19 @@ func (cmd *diffCmd) Run() error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		cmd2 := commands.NewDiffCommand(ctx.targetCtx.DeploymentCollection)
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx.DeploymentCollection)
 		cmd2.ForceApply = cmd.ForceApply
 		cmd2.ReplaceOnError = cmd.ReplaceOnError
 		cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
+		result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_flux_reconcile.go b/cmd/kluctl/commands/cmd_flux_reconcile.go
index a6ed024e2..8e4668024 100644
--- a/cmd/kluctl/commands/cmd_flux_reconcile.go
+++ b/cmd/kluctl/commands/cmd_flux_reconcile.go
@@ -16,7 +16,7 @@ type fluxReconcileCmd struct {
 	args.KluctlDeploymentFlags
 }
 
-func (cmd *fluxReconcileCmd) Run() error {
+func (cmd *fluxReconcileCmd) Run(ctx context.Context) error {
 	var (
 		sourceNamespace string
 		sourceName      string
@@ -61,7 +61,7 @@ func (cmd *fluxReconcileCmd) Run() error {
 		}
 		ref2 := k8s2.ObjectRef{GVK: args.GitRepositoryGVK, Name: sourceName, Namespace: sourceNamespace}
 
-		s := status.Start(cliCtx, "Annotating Source %s in %s namespace", sourceName, sourceNamespace)
+		s := status.Start(ctx, "Annotating Source %s in %s namespace", sourceName, sourceNamespace)
 		defer s.Failed()
 
 		_, _, err = k.PatchObjectWithJsonPatch(ref2, patch, k8s.PatchOptions{})
@@ -70,7 +70,7 @@ func (cmd *fluxReconcileCmd) Run() error {
 		}
 		s.Success()
 
-		s = status.Start(cliCtx, "Waiting for Source %s to finish reconciliation", sourceName)
+		s = status.Start(ctx, "Waiting for Source %s to finish reconciliation", sourceName)
 
 		if !noWait {
 			ready, err := WaitForReady(k, ref2)
@@ -83,7 +83,7 @@ func (cmd *fluxReconcileCmd) Run() error {
 		s.Success()
 	}
 
-	s := status.Start(cliCtx, "Annotating KluctlDeployment %s in %s namespace", kd, ns)
+	s := status.Start(ctx, "Annotating KluctlDeployment %s in %s namespace", kd, ns)
 	defer s.Failed()
 
 	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
@@ -92,7 +92,7 @@ func (cmd *fluxReconcileCmd) Run() error {
 	}
 	s.Success()
 
-	s = status.Start(cliCtx, "Waiting for KluctlDeployment %s in %s namespace to finish reconciliation", kd, ns)
+	s = status.Start(ctx, "Waiting for KluctlDeployment %s in %s namespace to finish reconciliation", kd, ns)
 
 	if !noWait {
 		ready, err := WaitForReady(k, ref)
diff --git a/cmd/kluctl/commands/cmd_flux_resume.go b/cmd/kluctl/commands/cmd_flux_resume.go
index 8b7aaafc8..3b90f1219 100644
--- a/cmd/kluctl/commands/cmd_flux_resume.go
+++ b/cmd/kluctl/commands/cmd_flux_resume.go
@@ -14,7 +14,7 @@ type fluxResumeCmd struct {
 }
 
 // TODO add reconciliation after resume
-func (cmd *fluxResumeCmd) Run() error {
+func (cmd *fluxResumeCmd) Run(ctx context.Context) error {
 	ns := cmd.KluctlDeploymentFlags.Namespace
 	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
 
@@ -35,7 +35,7 @@ func (cmd *fluxResumeCmd) Run() error {
 		Value: false,
 	}}
 
-	s := status.Start(cliCtx, "Resuming KluctlDeployment %s in %s namespace", kd, ns)
+	s := status.Start(ctx, "Resuming KluctlDeployment %s in %s namespace", kd, ns)
 	defer s.Failed()
 
 	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
diff --git a/cmd/kluctl/commands/cmd_flux_suspend.go b/cmd/kluctl/commands/cmd_flux_suspend.go
index 6e5422fb6..d06212dbe 100644
--- a/cmd/kluctl/commands/cmd_flux_suspend.go
+++ b/cmd/kluctl/commands/cmd_flux_suspend.go
@@ -13,7 +13,7 @@ type fluxSuspendCmd struct {
 	args.KluctlDeploymentFlags
 }
 
-func (cmd *fluxSuspendCmd) Run() error {
+func (cmd *fluxSuspendCmd) Run(ctx context.Context) error {
 	ns := cmd.KluctlDeploymentFlags.Namespace
 	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
 
@@ -33,7 +33,7 @@ func (cmd *fluxSuspendCmd) Run() error {
 		Value: true,
 	}}
 
-	s := status.Start(cliCtx, "Suspending KluctlDeployment %s in %s namespace", kd, ns)
+	s := status.Start(ctx, "Suspending KluctlDeployment %s in %s namespace", kd, ns)
 	defer s.Failed()
 
 	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index fba329f84..4ee57ec2e 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
@@ -25,7 +26,7 @@ func (cmd *helmPullCmd) Help() string {
 pulling is only needed when really required (e.g. when the chart version changes).`
 }
 
-func (cmd *helmPullCmd) Run() error {
+func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	cwd, err := os.Getwd()
 	if err != nil {
 		return err
@@ -52,10 +53,10 @@ func (cmd *helmPullCmd) Run() error {
 			return err
 		}
 
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
-			s := status.Start(cliCtx, "%s: Pulling Chart", statusPrefix)
+		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+			s := status.Start(ctx, "%s: Pulling Chart", statusPrefix)
 			defer s.Failed()
-			err := doPull(statusPrefix, p, cmd.HelmCredentials, s)
+			err := doPull(ctx, statusPrefix, p, cmd.HelmCredentials, s)
 			if err != nil {
 				return err
 			}
@@ -77,7 +78,7 @@ func (cmd *helmPullCmd) Run() error {
 	return nil
 }
 
-func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
+func doPull(ctx context.Context, statusPrefix string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
 	doError := func(err error) error {
 		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return err
@@ -92,7 +93,7 @@ func doPull(statusPrefix string, p string, helmCredentials args.HelmCredentials,
 
 	s.UpdateAndInfoFallback("%s: Pulling Chart %s with version %s", statusPrefix, chart.GetChartName(), *chart.Config.ChartVersion)
 
-	err = chart.Pull(cliCtx)
+	err = chart.Pull(ctx)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 2b9fad76b..beecb5d0e 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/hashicorp/go-multierror"
@@ -31,7 +32,7 @@ func (cmd *helmUpdateCmd) Help() string {
 	return `Optionally performs the actual upgrade and/or add a commit to version control.`
 }
 
-func (cmd *helmUpdateCmd) Run() error {
+func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	cwd, err := os.Getwd()
 	if err != nil {
 		return err
@@ -62,8 +63,8 @@ func (cmd *helmUpdateCmd) Run() error {
 			return nil
 		}
 
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
-			chart, newVersion, updated, err := cmd.doCheckUpdate(gitRootPath, p)
+		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+			chart, newVersion, updated, err := cmd.doCheckUpdate(ctx, gitRootPath, p)
 			if err != nil {
 				return err
 			}
@@ -100,16 +101,16 @@ func (cmd *helmUpdateCmd) Run() error {
 	for _, uc := range updatedCharts {
 		uc := uc
 
-		utils.GoLimitedMultiError(cliCtx, sem, &errs, &mutex, &wg, func() error {
+		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
 			if cmd.Interactive {
 				statusPrefix, _ := filepath.Rel(gitRootPath, filepath.Dir(uc.path))
-				if !status.AskForConfirmation(cliCtx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?",
+				if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?",
 					statusPrefix, uc.chart.GetChartName(), uc.oldVersion, uc.newVersion)) {
 					return nil
 				}
 			}
 
-			err := cmd.pullAndCommitChart(gitRootPath, uc.chart, uc.oldVersion, uc.newVersion, &mutex)
+			err := cmd.pullAndCommitChart(ctx, gitRootPath, uc.chart, uc.oldVersion, uc.newVersion, &mutex)
 			if err != nil {
 				return err
 			}
@@ -125,13 +126,13 @@ func (cmd *helmUpdateCmd) Run() error {
 	return errs.ErrorOrNil()
 }
 
-func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployment.HelmChart, string, bool, error) {
+func (cmd *helmUpdateCmd) doCheckUpdate(ctx context.Context, gitRootPath string, p string) (*deployment.HelmChart, string, bool, error) {
 	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
 	if err != nil {
 		return nil, "", false, err
 	}
 
-	s := status.Start(cliCtx, "%s: Checking for updates", statusPrefix)
+	s := status.Start(ctx, "%s: Checking for updates", statusPrefix)
 	doError := func(err error) (*deployment.HelmChart, string, bool, error) {
 		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return nil, "", false, err
@@ -144,7 +145,7 @@ func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployme
 
 	chart.SetCredentials(&cmd.HelmCredentials)
 
-	newVersion, updated, err := chart.CheckUpdate(cliCtx)
+	newVersion, updated, err := chart.CheckUpdate(ctx)
 	if err != nil {
 		return doError(err)
 	}
@@ -162,13 +163,13 @@ func (cmd *helmUpdateCmd) doCheckUpdate(gitRootPath string, p string) (*deployme
 	return chart, newVersion, updated, nil
 }
 
-func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployment.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
+func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath string, chart *deployment.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
 	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(chart.ConfigFile))
 	if err != nil {
 		return err
 	}
 
-	s := status.Start(cliCtx, "%s: Pulling Chart", statusPrefix)
+	s := status.Start(ctx, "%s: Pulling Chart", statusPrefix)
 	defer s.Failed()
 
 	chart.Config.ChartVersion = &newVersion
@@ -195,7 +196,7 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(gitRootPath string, chart *deployme
 		return err
 	}
 
-	err = doPull(statusPrefix, chart.ConfigFile, cmd.HelmCredentials, s)
+	err = doPull(ctx, statusPrefix, chart.ConfigFile, cmd.HelmCredentials, s)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 748d2805e..7e1f78e83 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 )
@@ -26,7 +27,7 @@ If fixed images ('-f/--fixed-image') are provided, these are also taken into acc
 as described in the deploy command.`
 }
 
-func (cmd *listImagesCmd) Run() error {
+func (cmd *listImagesCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -38,10 +39,10 @@ func (cmd *listImagesCmd) Run() error {
 		offlineKubernetes:    cmd.OfflineKubernetes,
 		kubernetesVersion:    cmd.KubernetesVersion,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		result := types.FixedImagesConfig{
-			Images: ctx.images.SeenImages(cmd.Simple),
+			Images: cmdCtx.images.SeenImages(cmd.Simple),
 		}
-		return outputYamlResult(cmd.Output, result, false)
+		return outputYamlResult(ctx, cmd.Output, result, false)
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index f8a6b5626..91eacf231 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -16,12 +16,12 @@ func (cmd *listTargetsCmd) Help() string {
 	return `Outputs a yaml list with all target, including dynamic targets`
 }
 
-func (cmd *listTargetsCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+func (cmd *listTargetsCmd) Run(ctx context.Context) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
 		}
-		return outputYamlResult(cmd.Output, result, false)
+		return outputYamlResult(ctx, cmd.Output, result, false)
 	})
 }
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index b28c2f369..7492acc74 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -26,7 +27,7 @@ deploying the target. Only images used in combination with 'images.get_image(...
 replaced`
 }
 
-func (cmd *pokeImagesCmd) Run() error {
+func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -37,20 +38,20 @@ func (cmd *pokeImagesCmd) Run() error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !status.AskForConfirmation(cliCtx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", ctx.targetCtx.ClusterContext)) {
+			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", cmdCtx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
 
-		cmd2 := commands.NewPokeImagesCommand(ctx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewPokeImagesCommand(cmdCtx.targetCtx.DeploymentCollection)
 
-		result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
+		result, err := cmd2.Run(ctx, cmdCtx.targetCtx.SharedContext.K)
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index a9197b22f..13516a1b4 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -27,7 +28,7 @@ func (cmd *pruneCmd) Help() string {
   3. Remove all objects from the list of 1. that are part of the list in 2.`
 }
 
-func (cmd *pruneCmd) Run() error {
+func (cmd *pruneCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -38,22 +39,22 @@ func (cmd *pruneCmd) Run() error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
-		return cmd.runCmdPrune(ctx)
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		return cmd.runCmdPrune(cmdCtx)
 	})
 }
 
-func (cmd *pruneCmd) runCmdPrune(ctx *commandCtx) error {
-	cmd2 := commands.NewPruneCommand(ctx.targetCtx.DeploymentCollection)
-	objects, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
+func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
+	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.DeploymentCollection)
+	objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 	if err != nil {
 		return err
 	}
-	result, err := confirmedDeleteObjects(ctx.ctx, ctx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+	result, err := confirmedDeleteObjects(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmd.OutputFormat, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, result)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index d7c5ff244..16c0bc2c1 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -26,7 +27,7 @@ func (cmd *renderCmd) Help() string {
 a temporary directory or a specified directory.`
 }
 
-func (cmd *renderCmd) Run() error {
+func (cmd *renderCmd) Run(ctx context.Context) error {
 	isTmp := false
 	if cmd.RenderOutputDir == "" {
 		p, err := ioutil.TempDir(utils.GetTmpBaseDir(), "rendered-")
@@ -47,10 +48,10 @@ func (cmd *renderCmd) Run() error {
 		offlineKubernetes:    cmd.OfflineKubernetes,
 		kubernetesVersion:    cmd.KubernetesVersion,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		if cmd.PrintAll {
 			var all []any
-			for _, d := range ctx.targetCtx.DeploymentCollection.Deployments {
+			for _, d := range cmdCtx.targetCtx.DeploymentCollection.Deployments {
 				for _, o := range d.Objects {
 					all = append(all, o)
 				}
@@ -58,10 +59,10 @@ func (cmd *renderCmd) Run() error {
 			if isTmp {
 				defer os.RemoveAll(cmd.RenderOutputDir)
 			}
-			status.Flush(ctx.ctx)
+			status.Flush(cmdCtx.ctx)
 			return yaml.WriteYamlAllStream(os.Stdout, all)
 		} else {
-			status.Info(ctx.ctx, "Rendered into %s", ctx.targetCtx.SharedContext.RenderDir)
+			status.Info(cmdCtx.ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
 		}
 		return nil
 	})
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index fc31ec63f..18fd57647 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -53,30 +53,30 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	ptArgs.targetFlags.Target = targetName
 
 	// pass forSeal=True so that .sealme files are rendered as well
-	return withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
-		err := ctx.targetCtx.DeploymentCollection.RenderDeployments()
+	return withProjectTargetCommandContext(ctx, ptArgs, p, func(cmdCtx *commandCtx) error {
+		err := cmdCtx.targetCtx.DeploymentCollection.RenderDeployments()
 		if err != nil {
 			return doFail(err)
 		}
 
-		cert, err := cmd.loadCert(ctx)
+		cert, err := cmd.loadCert(cmdCtx)
 		if err != nil {
 			return doFail(err)
 		}
 
-		sealer, err := seal.NewSealer(ctx.ctx, cert, cmd.ForceReseal)
+		sealer, err := seal.NewSealer(cmdCtx.ctx, cert, cmd.ForceReseal)
 		if err != nil {
 			return doFail(err)
 		}
 
 		outputPattern := targetName
-		if ctx.targetCtx.DeploymentProject.Config.SealedSecrets != nil && ctx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern != nil {
+		if cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets != nil && cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern != nil {
 			// the outputPattern is rendered already at this point, meaning that for example
 			// '{{ cluster.name }}/{{ target.name }}' will already be rendered to 'my-cluster/my-target'
-			outputPattern = *ctx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern
+			outputPattern = *cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern
 		}
 
-		cmd2 := commands.NewSealCommand(ctx.targetCtx.DeploymentCollection, outputPattern, ctx.targetCtx.SharedContext.RenderDir, ctx.targetCtx.SharedContext.SealedSecretsDir)
+		cmd2 := commands.NewSealCommand(cmdCtx.targetCtx.DeploymentCollection, outputPattern, cmdCtx.targetCtx.SharedContext.RenderDir, cmdCtx.targetCtx.SharedContext.SealedSecretsDir)
 		err = cmd2.Run(sealer)
 
 		if err != nil {
@@ -87,13 +87,13 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	})
 }
 
-func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
-	sealingConfig := ctx.targetCtx.Target.SealingConfig
+func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
+	sealingConfig := cmdCtx.targetCtx.Target.SealingConfig
 
 	var certFile string
 
 	if sealingConfig != nil && sealingConfig.CertFile != nil {
-		path, err := securejoin.SecureJoin(ctx.targetCtx.KluctlProject.ProjectDir, *sealingConfig.CertFile)
+		path, err := securejoin.SecureJoin(cmdCtx.targetCtx.KluctlProject.ProjectDir, *sealingConfig.CertFile)
 		if err != nil {
 			return nil, err
 		}
@@ -102,7 +102,7 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
 
 	if cmd.CertFile != "" {
 		if certFile != "" {
-			status.Info(ctx.ctx, "Overriding certFile from target with certFile argument")
+			status.Info(cmdCtx.ctx, "Overriding certFile from target with certFile argument")
 		}
 		certFile = cmd.CertFile
 	}
@@ -118,11 +118,11 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
 		}
 		return cert, nil
 	} else {
-		if ctx.targetCtx.SharedContext.K == nil {
+		if cmdCtx.targetCtx.SharedContext.K == nil {
 			return nil, fmt.Errorf("must specify certFile when sealing in offline mode")
 		}
 
-		secretsConfig := ctx.targetCtx.KluctlProject.Config.SecretsConfig
+		secretsConfig := cmdCtx.targetCtx.KluctlProject.Config.SecretsConfig
 		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
 		if secretsConfig != nil {
 			sealedSecretsConfig = secretsConfig.SealedSecrets
@@ -140,13 +140,13 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
 		}
 
 		if sealedSecretsConfig == nil || sealedSecretsConfig.Bootstrap == nil || *sealedSecretsConfig.Bootstrap {
-			err := seal.BootstrapSealedSecrets(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace)
+			err := seal.BootstrapSealedSecrets(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, sealedSecretsNamespace)
 			if err != nil {
 				return nil, err
 			}
 		}
 
-		cert, err := seal.FetchCert(ctx.ctx, ctx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
+		cert, err := seal.FetchCert(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
 		if err != nil {
 			return nil, err
 		}
@@ -154,8 +154,8 @@ func (cmd *sealCmd) loadCert(ctx *commandCtx) (*x509.Certificate, error) {
 	}
 }
 
-func (cmd *sealCmd) Run() error {
-	return withKluctlProjectFromArgs(cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+func (cmd *sealCmd) Run(ctx context.Context) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		baseTargets := make(map[string]bool)
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 4558cd76f..101af905f 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
@@ -28,7 +29,7 @@ func (cmd *validateCmd) Help() string {
 TODO: This needs to be better documented!`
 }
 
-func (cmd *validateCmd) Run() error {
+func (cmd *validateCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
 		targetFlags:          cmd.TargetFlags,
@@ -37,17 +38,17 @@ func (cmd *validateCmd) Run() error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ptArgs, func(ctx *commandCtx) error {
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		startTime := time.Now()
-		cmd2 := commands.NewValidateCommand(ctx.ctx, ctx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.DeploymentCollection)
 		for true {
-			result, err := cmd2.Run(ctx.ctx, ctx.targetCtx.SharedContext.K)
+			result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 			if err != nil {
 				return err
 			}
 			failed := len(result.Errors) != 0 || (cmd.WarningsAsErrors && len(result.Warnings) != 0)
 
-			err = outputValidateResult(cmd.Output, result)
+			err = outputValidateResult(ctx, cmd.Output, result)
 			if err != nil {
 				return err
 			}
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index 98da1b398..b7683a784 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"os"
 )
@@ -8,7 +9,7 @@ import (
 type versionCmd struct {
 }
 
-func (cmd *versionCmd) Run() error {
+func (cmd *versionCmd) Run(ctx context.Context) error {
 	_, err := os.Stdout.WriteString(version.GetVersion() + "\n")
 	return err
 }
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 5982f04bf..5ebf48f10 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -1,6 +1,7 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
@@ -20,7 +21,7 @@ type helpProvider interface {
 }
 
 type runProvider interface {
-	Run() error
+	Run(ctx context.Context) error
 }
 
 type rootCommand struct {
@@ -68,7 +69,7 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 	runP, ok := cmdStruct.(runProvider)
 	if ok {
 		cg.cmd.RunE = func(cmd *cobra.Command, args []string) error {
-			return runP.Run()
+			return runP.Run(cmd.Context())
 		}
 	}
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index b5702f1c7..cdf7f0753 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"bytes"
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -196,24 +197,24 @@ func outputHelper(output []string, cb func(format string) (string, error)) error
 	return nil
 }
 
-func outputCommandResult(output []string, cr *types.CommandResult) error {
-	status.Flush(cliCtx)
+func outputCommandResult(ctx context.Context, output []string, cr *types.CommandResult) error {
+	status.Flush(ctx)
 
 	return outputHelper(output, func(format string) (string, error) {
 		return formatCommandResult(cr, format)
 	})
 }
 
-func outputValidateResult(output []string, vr *types.ValidateResult) error {
-	status.Flush(cliCtx)
+func outputValidateResult(ctx context.Context, output []string, vr *types.ValidateResult) error {
+	status.Flush(ctx)
 
 	return outputHelper(output, func(format string) (string, error) {
 		return formatValidateResult(vr, format)
 	})
 }
 
-func outputYamlResult(output []string, result interface{}, multiDoc bool) error {
-	status.Flush(cliCtx)
+func outputYamlResult(ctx context.Context, output []string, result interface{}, multiDoc bool) error {
+	status.Flush(ctx)
 
 	if len(output) == 0 {
 		output = []string{"-"}
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 7830d90e4..32ffab84f 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -20,13 +20,15 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	inclusionFlags := v.FieldByName("InclusionFlags")
 	imageFlags := v.FieldByName("ImageFlags")
 
+	ctx := context.Background()
+
 	if projectFlags.IsValid() && targetFlags.IsValid() {
-		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(projectFlags.Addr().Interface().(*args.ProjectFlags)))
+		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(ctx, projectFlags.Addr().Interface().(*args.ProjectFlags)))
 	}
 
 	if projectFlags.IsValid() && inclusionFlags.IsValid() {
-		tagsFunc := buildInclusionCompletionFunc(cmdStruct, false)
-		dirsFunc := buildInclusionCompletionFunc(cmdStruct, true)
+		tagsFunc := buildInclusionCompletionFunc(ctx, cmdStruct, false)
+		dirsFunc := buildInclusionCompletionFunc(ctx, cmdStruct, true)
 		_ = ccmd.RegisterFlagCompletionFunc("include-tag", tagsFunc)
 		_ = ccmd.RegisterFlagCompletionFunc("exclude-tag", tagsFunc)
 		_ = ccmd.RegisterFlagCompletionFunc("include-deployment-dir", dirsFunc)
@@ -34,31 +36,31 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	}
 
 	if imageFlags.IsValid() {
-		_ = ccmd.RegisterFlagCompletionFunc("fixed-image", buildImagesCompletionFunc(cmdStruct))
+		_ = ccmd.RegisterFlagCompletionFunc("fixed-image", buildImagesCompletionFunc(ctx, cmdStruct))
 	}
 
 	return nil
 }
 
-func withProjectForCompletion(projectArgs *args.ProjectFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(*projectArgs, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, *projectArgs, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
 
-func buildTargetCompletionFunc(projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+func buildTargetCompletionFunc(ctx context.Context, projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			for _, t := range p.DynamicTargets {
 				ret = append(ret, t.Target.Name)
 			}
 			return nil
 		})
 		if err != nil {
-			status.Error(cliCtx, err.Error())
+			status.Error(ctx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		return ret, cobra.ShellCompDirectiveDefault
@@ -89,7 +91,7 @@ func buildAutocompleteProjectTargetCommandArgs(cmdStruct interface{}) projectTar
 	return ptArgs
 }
 
-func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+func buildInclusionCompletionFunc(ctx context.Context, cmdStruct interface{}, forDirs bool) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
 
@@ -97,7 +99,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 		var deploymentItemDirs utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -113,10 +115,10 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 				ptArgs.targetFlags.Target = t
 				wg.Add(1)
 				go func() {
-					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
+					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(cmdCtx *commandCtx) error {
 						mutex.Lock()
 						defer mutex.Unlock()
-						for _, di := range ctx.targetCtx.DeploymentCollection.Deployments {
+						for _, di := range cmdCtx.targetCtx.DeploymentCollection.Deployments {
 							tags.Merge(di.Tags)
 							deploymentItemDirs.Set(di.RelToSourceItemDir, true)
 						}
@@ -129,7 +131,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 			return nil
 		})
 		if err != nil {
-			status.Error(cliCtx, err.Error())
+			status.Error(ctx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		if forDirs {
@@ -140,7 +142,7 @@ func buildInclusionCompletionFunc(cmdStruct interface{}, forDirs bool) func(cmd
 	}
 }
 
-func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
 
@@ -151,7 +153,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 		var images utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(&ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -167,15 +169,15 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 				ptArgs.targetFlags.Target = t
 				wg.Add(1)
 				go func() {
-					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(ctx *commandCtx) error {
-						err := ctx.targetCtx.DeploymentCollection.Prepare()
+					_ = withProjectTargetCommandContext(ctx, ptArgs, p, func(cmdCtx *commandCtx) error {
+						err := cmdCtx.targetCtx.DeploymentCollection.Prepare()
 						if err != nil {
-							status.Error(cliCtx, err.Error())
+							status.Error(ctx, err.Error())
 						}
 
 						mutex.Lock()
 						defer mutex.Unlock()
-						for _, si := range ctx.images.SeenImages(false) {
+						for _, si := range cmdCtx.images.SeenImages(false) {
 							str := si.Image
 							if si.Namespace != nil {
 								str += ":" + *si.Namespace
@@ -197,7 +199,7 @@ func buildImagesCompletionFunc(cmdStruct interface{}) func(cmd *cobra.Command, a
 			return nil
 		})
 		if err != nil {
-			status.Error(cliCtx, err.Error())
+			status.Error(ctx, err.Error())
 			return nil, cobra.ShellCompDirectiveError
 		}
 		return images.ListKeys(), cobra.ShellCompDirectiveNoSpace
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index d864584f0..203e06405 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -197,7 +197,7 @@ func (c *cli) preRun() error {
 	return nil
 }
 
-func (c *cli) Run() error {
+func (c *cli) Run(ctx context.Context) error {
 	return nil
 }
 
@@ -237,7 +237,11 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		if err != nil {
 			return err
 		}
-		return root.preRun()
+		err = root.preRun()
+		for c := cmd; c != nil; c = c.Parent() {
+			c.SetContext(cliCtx)
+		}
+		return err
 	}
 
 	initViper()
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 5715f93e4..f3184db23 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -24,7 +24,7 @@ import (
 	"strings"
 )
 
-func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -44,10 +44,10 @@ func withKluctlProjectFromArgs(projectFlags args.ProjectFlags, strictTemplates b
 
 	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
 	if err != nil {
-		status.Warning(cliCtx, "Failed to detect git project root. This might cause follow-up errors")
+		status.Warning(ctx, "Failed to detect git project root. This might cause follow-up errors")
 	}
 
-	ctx, cancel := context.WithTimeout(cliCtx, projectFlags.Timeout)
+	ctx, cancel := context.WithTimeout(ctx, projectFlags.Timeout)
 	defer cancel()
 
 	sshPool := &ssh_pool.SshPool{}
@@ -110,13 +110,13 @@ type commandCtx struct {
 	images    *deployment.Images
 }
 
-func withProjectCommandContext(args projectTargetCommandArgs, cb func(ctx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(args.projectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
+	return withKluctlProjectFromArgs(ctx, args.projectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
 
-func withProjectTargetCommandContext(ctx context.Context, args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(ctx *commandCtx) error) error {
+func withProjectTargetCommandContext(ctx context.Context, args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(cmdCtx *commandCtx) error) error {
 	rh := registries.NewRegistryHelper(ctx)
 	err := rh.ParseAuthEntriesFromEnv()
 	if err != nil {

From 4834099b8eecc52384568c0fb66c67543252d064 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 10:50:38 +0100
Subject: [PATCH 0633/2268] chore: Reformat replace-commands-help/main.go

---
 internal/replace-commands-help/main.go | 282 ++++++++++++-------------
 1 file changed, 141 insertions(+), 141 deletions(-)

diff --git a/internal/replace-commands-help/main.go b/internal/replace-commands-help/main.go
index 6d4e781fb..a29bc8764 100644
--- a/internal/replace-commands-help/main.go
+++ b/internal/replace-commands-help/main.go
@@ -1,92 +1,92 @@
 package main
 
 import (
-    "flag"
-    "fmt"
-    "github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
-    "io/fs"
-    "io/ioutil"
-    "log"
-    "os"
-    "os/exec"
-    "path/filepath"
-    "reflect"
-    "regexp"
-    "strings"
-    "syscall"
+	"flag"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+	"io/fs"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"strings"
+	"syscall"
 )
 
 var docsDir = flag.String("docs-dir", "", "Path to documentation")
 
 type section struct {
-    start   int
-    end     int
-    command string
-    section string
-    code    bool
+	start   int
+	end     int
+	command string
+	section string
+	code    bool
 }
 
 func main() {
-    _ = syscall.Setenv("COLUMNS", "120")
-
-    if os.Getenv("CALL_KLUCTL") == "true" {
-        kluctlMain()
-        return
-    }
-
-    flag.Parse()
-
-    filepath.WalkDir(*docsDir, func(path string, d fs.DirEntry, err error) error {
-        if !strings.HasSuffix(path, ".md") {
-            return nil
-        }
-        processFile(path)
-        return nil
-    })
+	_ = syscall.Setenv("COLUMNS", "120")
+
+	if os.Getenv("CALL_KLUCTL") == "true" {
+		kluctlMain()
+		return
+	}
+
+	flag.Parse()
+
+	filepath.WalkDir(*docsDir, func(path string, d fs.DirEntry, err error) error {
+		if !strings.HasSuffix(path, ".md") {
+			return nil
+		}
+		processFile(path)
+		return nil
+	})
 }
 
 func kluctlMain() {
-    commands.Execute()
+	commands.Execute()
 }
 
 func processFile(path string) {
-    text, err := ioutil.ReadFile(path)
-    if err != nil {
-        log.Fatal(err)
-    }
-    lines := strings.Split(string(text), "\n")
-
-    var newLines []string
-    pos := 0
-    for true {
-        s := findNextSection(lines, pos)
-        if s == nil {
-            newLines = append(newLines, lines[pos:]...)
-            break
-        }
-
-        newLines = append(newLines, lines[pos:s.start+1]...)
-
-        s2 := getHelpSection(s.command, s.section)
-
-        if s.code {
-            newLines = append(newLines, "```")
-        }
-        newLines = append(newLines, s2...)
-        if s.code {
-            newLines = append(newLines, "```")
-        }
-
-        newLines = append(newLines, lines[s.end])
-        pos = s.end + 1
-    }
-
-    if !reflect.DeepEqual(lines, newLines) {
-        err = ioutil.WriteFile(path, []byte(strings.Join(newLines, "\n")), 0o600)
-        if err != nil {
-            log.Fatal(err)
-        }
-    }
+	text, err := ioutil.ReadFile(path)
+	if err != nil {
+		log.Fatal(err)
+	}
+	lines := strings.Split(string(text), "\n")
+
+	var newLines []string
+	pos := 0
+	for true {
+		s := findNextSection(lines, pos)
+		if s == nil {
+			newLines = append(newLines, lines[pos:]...)
+			break
+		}
+
+		newLines = append(newLines, lines[pos:s.start+1]...)
+
+		s2 := getHelpSection(s.command, s.section)
+
+		if s.code {
+			newLines = append(newLines, "```")
+		}
+		newLines = append(newLines, s2...)
+		if s.code {
+			newLines = append(newLines, "```")
+		}
+
+		newLines = append(newLines, lines[s.end])
+		pos = s.end + 1
+	}
+
+	if !reflect.DeepEqual(lines, newLines) {
+		err = ioutil.WriteFile(path, []byte(strings.Join(newLines, "\n")), 0o600)
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
 }
 
 var beginPattern = regexp.MustCompile(`<!-- BEGIN SECTION "([^"]*)" "([^"]*)" (true|false) -->`)
@@ -94,79 +94,79 @@ var endPattern = regexp.MustCompile(`<!-- END SECTION -->`)
 
 func findNextSection(lines []string, start int) *section {
 
-    for i := start; i < len(lines); i++ {
-        m := beginPattern.FindSubmatch([]byte(lines[i]))
-        if m == nil {
-            continue
-        }
-
-        var s section
-        s.start = i
-        s.command = string(m[1])
-        s.section = string(m[2])
-        s.code = string(m[3]) == "true"
-
-        for j := i + 1; j < len(lines); j++ {
-            m = endPattern.FindSubmatch([]byte(lines[j]))
-            if m == nil {
-                continue
-            }
-            s.end = j
-            return &s
-        }
-    }
-    return nil
+	for i := start; i < len(lines); i++ {
+		m := beginPattern.FindSubmatch([]byte(lines[i]))
+		if m == nil {
+			continue
+		}
+
+		var s section
+		s.start = i
+		s.command = string(m[1])
+		s.section = string(m[2])
+		s.code = string(m[3]) == "true"
+
+		for j := i + 1; j < len(lines); j++ {
+			m = endPattern.FindSubmatch([]byte(lines[j]))
+			if m == nil {
+				continue
+			}
+			s.end = j
+			return &s
+		}
+	}
+	return nil
 }
 
 func countIndent(str string) int {
-    for i := 0; i < len(str); i++ {
-        if str[i] != ' ' {
-            return i
-        }
-    }
-    return 0
+	for i := 0; i < len(str); i++ {
+		if str[i] != ' ' {
+			return i
+		}
+	}
+	return 0
 }
 
 func getHelpSection(command string, section string) []string {
-    log.Printf("Getting section '%s' from command '%s'", section, command)
-
-    exe, err := os.Executable()
-    if err != nil {
-        log.Fatal(err)
-    }
-
-    helpCmd := exec.Command(exe, command, "--help")
-    helpCmd.Env = os.Environ()
-    helpCmd.Env = append(helpCmd.Env, "CALL_KLUCTL=true")
-
-    out, err := helpCmd.CombinedOutput()
-    if err != nil {
-        log.Fatal(err)
-    }
-
-    lines := strings.Split(string(out), "\n")
-
-    sectionStart := -1
-    for i := 0; i < len(lines); i++ {
-        indent := countIndent(lines[i])
-        if strings.HasPrefix(lines[i][indent:], fmt.Sprintf("%s:", section)) {
-            sectionStart = i
-            break
-        }
-    }
-    if sectionStart == -1 {
-        log.Fatalf("Section %s not found in command %s", section, command)
-    }
-
-    var ret []string
-    ret = append(ret, lines[sectionStart])
-    for i := sectionStart + 1; i < len(lines); i++ {
-        indent := countIndent(lines[i])
-        if len(lines[i]) != 0 && indent == 0 && lines[i][len(lines[i])-1] == ':' {
-            // new section has started
-            break
-        }
-        ret = append(ret, lines[i])
-    }
-    return ret
+	log.Printf("Getting section '%s' from command '%s'", section, command)
+
+	exe, err := os.Executable()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	helpCmd := exec.Command(exe, command, "--help")
+	helpCmd.Env = os.Environ()
+	helpCmd.Env = append(helpCmd.Env, "CALL_KLUCTL=true")
+
+	out, err := helpCmd.CombinedOutput()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	lines := strings.Split(string(out), "\n")
+
+	sectionStart := -1
+	for i := 0; i < len(lines); i++ {
+		indent := countIndent(lines[i])
+		if strings.HasPrefix(lines[i][indent:], fmt.Sprintf("%s:", section)) {
+			sectionStart = i
+			break
+		}
+	}
+	if sectionStart == -1 {
+		log.Fatalf("Section %s not found in command %s", section, command)
+	}
+
+	var ret []string
+	ret = append(ret, lines[sectionStart])
+	for i := sectionStart + 1; i < len(lines); i++ {
+		indent := countIndent(lines[i])
+		if len(lines[i]) != 0 && indent == 0 && lines[i][len(lines[i])-1] == ':' {
+			// new section has started
+			break
+		}
+		ret = append(ret, lines[i])
+	}
+	return ret
 }

From 77d5c6ee5d8d13ed008de5e73c2345e97fe14ec8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 10:51:55 +0100
Subject: [PATCH 0634/2268] refactor: Split Execute() into into Main() and
 Execute()

---
 cmd/kluctl/commands/root.go            | 152 +++++++++++++++----------
 e2e/call_kluctl_hack.go                |   2 +-
 internal/replace-commands-help/main.go |   2 +-
 main.go                                |   2 +-
 4 files changed, 94 insertions(+), 64 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 203e06405..0af94bdfa 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -42,12 +42,16 @@ import (
 
 const latestReleaseUrl = "https://api.github.com/repos/kluctl/kluctl/releases/latest"
 
-type cli struct {
+type GlobalFlags struct {
 	Debug         bool `group:"global" help:"Enable debug logging"`
 	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
 	NoColor       bool `group:"global" help:"Disable colored output"`
 
 	CpuProfile string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
+}
+
+type cli struct {
+	GlobalFlags
 
 	CheckImageUpdates checkImageUpdatesCmd `cmd:"" help:"Render deployment and check if any images have new tags available"`
 	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
@@ -76,30 +80,35 @@ var flagGroups = []groupInfo{
 	{group: "flux", title: "Flux arguments:", description: "EXPERIMENTAL: Subcommands for interaction with flux-kluctl-controller"},
 }
 
-var cliCtx = context.Background()
-var didSetupStatusHandler bool
-
-func setupStatusHandler(debug bool, noColor bool) {
-	didSetupStatusHandler = true
-
-	origStderr := os.Stderr
+var origStderr = os.Stderr
 
+func initStatusHandler(ctx context.Context, debug bool, noColor bool) context.Context {
 	// we must determine isTerminal before we override os.Stderr
-	isTerminal := isatty.IsTerminal(os.Stderr.Fd())
+	isTerminal := isatty.IsTerminal(origStderr.Fd())
 	var sh status.StatusHandler
-	if !debug && isatty.IsTerminal(os.Stderr.Fd()) {
-		sh = status.NewMultiLineStatusHandler(cliCtx, os.Stderr, isTerminal, !noColor, false)
+	if !debug && isatty.IsTerminal(origStderr.Fd()) {
+		sh = status.NewMultiLineStatusHandler(ctx, origStderr, isTerminal, !noColor, false)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
 		}, isTerminal, false)
 	}
 	sh.SetTrace(debug)
-	cliCtx = status.NewContext(cliCtx, sh)
+	ctx = status.NewContext(ctx, sh)
+	return ctx
+}
+
+func redirectLogsAndStderr(ctxGetter func() context.Context) {
+	f := func(line string) {
+		status.Info(ctxGetter(), line)
+	}
+
+	lr1 := status.NewLineRedirector(f)
+	lr2 := status.NewLineRedirector(f)
 
 	klog.LogToStderr(false)
-	klog.SetOutput(status.NewLineRedirector(sh.Info))
-	log.SetOutput(status.NewLineRedirector(sh.Info))
+	klog.SetOutput(lr1)
+	log.SetOutput(lr2)
 
 	pr, pw, err := os.Pipe()
 	if err != nil {
@@ -107,7 +116,7 @@ func setupStatusHandler(debug bool, noColor bool) {
 	}
 
 	go func() {
-		x := status.NewLineRedirector(sh.Info)
+		x := status.NewLineRedirector(f)
 		_, _ = io.Copy(x, pr)
 	}()
 
@@ -135,10 +144,7 @@ type VersionCheckState struct {
 	LastVersionCheck time.Time `yaml:"lastVersionCheck"`
 }
 
-func (c *cli) checkNewVersion() {
-	if c.NoUpdateCheck {
-		return
-	}
+func checkNewVersion(ctx context.Context) {
 	if version.GetVersion() == "0.0.0" {
 		return
 	}
@@ -155,7 +161,7 @@ func (c *cli) checkNewVersion() {
 	versionCheckState.LastVersionCheck = time.Now()
 	_ = yaml.WriteYamlFile(versionCheckPath, &versionCheckState)
 
-	s := status.Start(cliCtx, "Checking for new kluctl version")
+	s := status.Start(ctx, "Checking for new kluctl version")
 	defer s.Failed()
 
 	r, err := http.Get(latestReleaseUrl)
@@ -187,36 +193,70 @@ func (c *cli) checkNewVersion() {
 	s.Success()
 }
 
-func (c *cli) preRun() error {
-	err := setupProfiling(c.CpuProfile)
-	if err != nil {
-		return err
-	}
-	setupStatusHandler(c.Debug, c.NoColor)
-	c.checkNewVersion()
-	return nil
-}
-
 func (c *cli) Run(ctx context.Context) error {
 	return nil
 }
 
-func initViper() {
+func initViper(ctx context.Context) {
 	viper.SetConfigName("config")
 	viper.SetConfigType("yaml")
 	viper.AddConfigPath("/etc/kluctl/")
 	viper.AddConfigPath("$HOME/.kluctl")
 	if err := viper.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
-			status.Error(cliCtx, err.Error())
+			status.Error(ctx, err.Error())
 			os.Exit(1)
 		}
 	}
 }
 
-func Execute() {
+func Main() {
 	colorable.EnableColorsStdout(nil)
+	ctx := context.Background()
+
+	ctx = initStatusHandler(ctx, false, true)
+	redirectLogsAndStderr(func() context.Context {
+		// ctx might be replaced later in preRun() of Execute()
+		return ctx
+	})
+
+	initViper(ctx)
 
+	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags GlobalFlags) (context.Context, error) {
+		err := copyViperValuesToCobraCmd(cmd)
+		if err != nil {
+			return ctx, err
+		}
+		err = setupProfiling(flags.CpuProfile)
+		if err != nil {
+			return ctx, err
+		}
+		oldSh := status.FromContext(ctxIn)
+		if oldSh != nil {
+			oldSh.Stop()
+		}
+		ctx = initStatusHandler(ctxIn, flags.Debug, flags.NoColor)
+		if !flags.NoUpdateCheck {
+			checkNewVersion(ctx)
+		}
+		return ctx, nil
+	})
+
+	if cpuProfileFile != nil {
+		pprof.StopCPUProfile()
+		_ = cpuProfileFile.Close()
+		cpuProfileFile = nil
+	}
+
+	sh := status.FromContext(ctx)
+	sh.Stop()
+
+	if err != nil {
+		os.Exit(1)
+	}
+}
+
+func Execute(ctx context.Context, args []string, preRun func(ctx context.Context, rootCmd *cobra.Command, flags GlobalFlags) (context.Context, error)) error {
 	root := cli{}
 	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
 		"Deploy and manage complex deployments on Kubernetes",
@@ -225,44 +265,34 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		flagGroups)
 
 	if err != nil {
-		panic(err)
+		return err
 	}
 
+	rootCmd.SetContext(ctx)
+	rootCmd.SetArgs(args)
 	rootCmd.Version = version.GetVersion()
 	rootCmd.SilenceUsage = true
 	rootCmd.SilenceErrors = true
 
 	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
-		err := copyViperValuesToCobraCmd(cmd)
-		if err != nil {
-			return err
-		}
-		err = root.preRun()
-		for c := cmd; c != nil; c = c.Parent() {
-			c.SetContext(cliCtx)
+		if preRun != nil {
+			ctx, err = preRun(ctx, cmd, root.GlobalFlags)
+			if ctx != nil {
+				for c := cmd; c != nil; c = c.Parent() {
+					c.SetContext(ctx)
+				}
+			}
+			if err != nil {
+				return err
+			}
 		}
-		return err
-	}
-
-	initViper()
-
-	err = rootCmd.ExecuteContext(cliCtx)
-	if !didSetupStatusHandler {
-		setupStatusHandler(false, true)
+		return nil
 	}
 
-	if cpuProfileFile != nil {
-		pprof.StopCPUProfile()
-		_ = cpuProfileFile.Close()
-		cpuProfileFile = nil
-	}
-
-	sh := status.FromContext(cliCtx)
-
+	err = rootCmd.Execute()
 	if err != nil {
-		status.Error(cliCtx, "%s", err.Error())
-		sh.Stop()
-		os.Exit(1)
+		status.Error(ctx, err.Error())
+		return err
 	}
-	sh.Stop()
+	return nil
 }
diff --git a/e2e/call_kluctl_hack.go b/e2e/call_kluctl_hack.go
index 6da895464..fa5268d30 100644
--- a/e2e/call_kluctl_hack.go
+++ b/e2e/call_kluctl_hack.go
@@ -13,7 +13,7 @@ func init() {
 	// We use the Golang's initializing mechanism to run kluctl even though the test executable was invoked
 	// This is clearly a hack, but it avoids the requirement to have a kluctl executable pre-built
 	if isCallKluctlHack() {
-		commands.Execute()
+		commands.Main()
 		os.Exit(0)
 	}
 }
diff --git a/internal/replace-commands-help/main.go b/internal/replace-commands-help/main.go
index a29bc8764..2f47f1c08 100644
--- a/internal/replace-commands-help/main.go
+++ b/internal/replace-commands-help/main.go
@@ -46,7 +46,7 @@ func main() {
 }
 
 func kluctlMain() {
-	commands.Execute()
+	commands.Main()
 }
 
 func processFile(path string) {
diff --git a/main.go b/main.go
index f6ca27150..d7b055670 100644
--- a/main.go
+++ b/main.go
@@ -24,5 +24,5 @@ var version = "0.0.0"
 
 func main() {
 	version2.SetVersion(version)
-	commands.Execute()
+	commands.Main()
 }

From 779a97a1df9877cf7e8fe0090d9d40d1150bb674 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 11:26:54 +0100
Subject: [PATCH 0635/2268] refactor: Allow to override tmp base dir via
 context

---
 cmd/kluctl/commands/cmd_flux_reconcile.go |  2 +-
 cmd/kluctl/commands/cmd_flux_resume.go    |  2 +-
 cmd/kluctl/commands/cmd_flux_suspend.go   |  2 +-
 cmd/kluctl/commands/cmd_render.go         |  2 +-
 cmd/kluctl/commands/root.go               |  2 +-
 cmd/kluctl/commands/utils.go              |  2 +-
 pkg/deployment/helm_chart.go              | 10 +--
 pkg/k8s/client_factory.go                 | 11 ++-
 pkg/kluctl_project/target_context.go      |  2 +-
 pkg/registries/registries.go              |  2 +-
 pkg/repocache/cache.go                    |  4 +-
 pkg/sops/utils.go                         |  5 +-
 pkg/utils/tmpdir.go                       | 98 +++++++++++++++++++++++
 pkg/utils/utils.go                        | 74 -----------------
 14 files changed, 123 insertions(+), 95 deletions(-)
 create mode 100644 pkg/utils/tmpdir.go

diff --git a/cmd/kluctl/commands/cmd_flux_reconcile.go b/cmd/kluctl/commands/cmd_flux_reconcile.go
index 8e4668024..91e345112 100644
--- a/cmd/kluctl/commands/cmd_flux_reconcile.go
+++ b/cmd/kluctl/commands/cmd_flux_reconcile.go
@@ -27,7 +27,7 @@ func (cmd *fluxReconcileCmd) Run(ctx context.Context) error {
 	noWait := cmd.KluctlDeploymentFlags.NoWait
 	timestamp := time.Now().Format(time.RFC3339)
 
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_flux_resume.go b/cmd/kluctl/commands/cmd_flux_resume.go
index 3b90f1219..d2fbc7d69 100644
--- a/cmd/kluctl/commands/cmd_flux_resume.go
+++ b/cmd/kluctl/commands/cmd_flux_resume.go
@@ -18,7 +18,7 @@ func (cmd *fluxResumeCmd) Run(ctx context.Context) error {
 	ns := cmd.KluctlDeploymentFlags.Namespace
 	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
 
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_flux_suspend.go b/cmd/kluctl/commands/cmd_flux_suspend.go
index d06212dbe..dc90d9c2b 100644
--- a/cmd/kluctl/commands/cmd_flux_suspend.go
+++ b/cmd/kluctl/commands/cmd_flux_suspend.go
@@ -17,7 +17,7 @@ func (cmd *fluxSuspendCmd) Run(ctx context.Context) error {
 	ns := cmd.KluctlDeploymentFlags.Namespace
 	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
 
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(nil)
+	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 16c0bc2c1..27851b332 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -30,7 +30,7 @@ a temporary directory or a specified directory.`
 func (cmd *renderCmd) Run(ctx context.Context) error {
 	isTmp := false
 	if cmd.RenderOutputDir == "" {
-		p, err := ioutil.TempDir(utils.GetTmpBaseDir(), "rendered-")
+		p, err := ioutil.TempDir(utils.GetTmpBaseDir(ctx), "rendered-")
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 0af94bdfa..2c6d696f1 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -149,7 +149,7 @@ func checkNewVersion(ctx context.Context) {
 		return
 	}
 
-	versionCheckPath := filepath.Join(utils.GetTmpBaseDir(), "version_check.yaml")
+	versionCheckPath := filepath.Join(utils.GetTmpBaseDir(ctx), "version_check.yaml")
 	var versionCheckState VersionCheckState
 	err := yaml.ReadYamlFile(versionCheckPath, &versionCheckState)
 	if err == nil {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index f3184db23..bfe63cb17 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -25,7 +25,7 @@ import (
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(), "project-")
+	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
 	}
diff --git a/pkg/deployment/helm_chart.go b/pkg/deployment/helm_chart.go
index d21426da2..cf1cb825c 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/deployment/helm_chart.go
@@ -164,7 +164,7 @@ func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
 	_, _ = fmt.Fprintf(hash, "%s\n", c.chartName)
 	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.ChartVersion)
 	h := hex.EncodeToString(hash.Sum(nil))
-	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "helm-charts")
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
 	_ = os.MkdirAll(tmpDir, 0o700)
 	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", c.chartName, h))
 
@@ -267,7 +267,7 @@ func (c *HelmChart) CheckUpdate(ctx context.Context) (string, bool, error) {
 	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
 		return c.checkUpdateOciRepo(ctx)
 	}
-	return c.checkUpdateHelmRepo()
+	return c.checkUpdateHelmRepo(ctx)
 }
 
 func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error) {
@@ -288,7 +288,7 @@ func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error
 	return latestVersion, updated, nil
 }
 
-func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
+func (c *HelmChart) checkUpdateHelmRepo(ctx context.Context) (string, bool, error) {
 	settings := cli.New()
 
 	var e *repo.Entry
@@ -311,7 +311,7 @@ func (c *HelmChart) checkUpdateHelmRepo() (string, bool, error) {
 		return "", false, err
 	}
 
-	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(), "helm-check-update-")
+	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(ctx), "helm-check-update-")
 	if err != nil {
 		return "", false, err
 	}
@@ -442,7 +442,7 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion
 	valueOpts := values.Options{}
 
 	if utils.Exists(valuesPath) {
-		tmpValues, err := sops.MaybeDecryptFileToTmp(sopsDecrypter, valuesPath)
+		tmpValues, err := sops.MaybeDecryptFileToTmp(ctx, sopsDecrypter, valuesPath)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 1c9e451df..f5e1f4b7a 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -1,6 +1,7 @@
 package k8s
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/discovery/cached/disk"
@@ -26,6 +27,7 @@ type ClientFactory interface {
 }
 
 type realClientFactory struct {
+	ctx        context.Context
 	config     *rest.Config
 	httpClient *http.Client
 }
@@ -43,7 +45,7 @@ func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, err
 	if err != nil {
 		return nil, err
 	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(), "kube-cache/discovery", apiHost.Hostname())
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(r.ctx), "kube-cache/discovery", apiHost.Hostname())
 	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(r.config), discoveryCacheDir, "", time.Hour*24)
 	if err != nil {
 		return nil, err
@@ -67,7 +69,7 @@ func (r *realClientFactory) CloseIdleConnections() {
 	r.httpClient.CloseIdleConnections()
 }
 
-func NewClientFactory(configIn *rest.Config) (ClientFactory, error) {
+func NewClientFactory(ctx context.Context, configIn *rest.Config) (ClientFactory, error) {
 	restConfig := rest.CopyConfig(configIn)
 	restConfig.QPS = 10
 	restConfig.Burst = 20
@@ -78,12 +80,13 @@ func NewClientFactory(configIn *rest.Config) (ClientFactory, error) {
 	}
 
 	return &realClientFactory{
+		ctx:        ctx,
 		config:     restConfig,
 		httpClient: httpClient,
 	}, nil
 }
 
-func NewClientFactoryFromDefaultConfig(context *string) (ClientFactory, error) {
+func NewClientFactoryFromDefaultConfig(ctx context.Context, context *string) (ClientFactory, error) {
 	configOverrides := &clientcmd.ConfigOverrides{}
 	if context != nil {
 		configOverrides.CurrentContext = *context
@@ -96,5 +99,5 @@ func NewClientFactoryFromDefaultConfig(context *string) (ClientFactory, error) {
 		return nil, err
 	}
 
-	return NewClientFactory(config)
+	return NewClientFactory(ctx, config)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 980585382..bacf2d7d5 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -80,7 +80,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
 		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
-		clientFactory, err := k8s.NewClientFactory(clientConfig)
+		clientFactory, err := k8s.NewClientFactory(ctx, clientConfig)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 81b1156e8..ffda2e3f8 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -284,7 +284,7 @@ func (rh *RegistryHelper) realmFromRequest(req *http.Request) string {
 }
 
 func (rh *RegistryHelper) getCachePath(key string) string {
-	return filepath.Join(utils.GetTmpBaseDir(), "registries-cache", key[0:2], key[2:4], key)
+	return filepath.Join(utils.GetTmpBaseDir(rh.ctx), "registries-cache", key[0:2], key[2:4], key)
 }
 
 func (rh *RegistryHelper) checkInvalidToken(resBody []byte) bool {
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 88d20f53a..9d9e70b32 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -87,7 +87,7 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 
 	e, ok := rp.repos[url.NormalizedRepoKey()]
 	if !ok {
-		mr, err := git.NewMirroredGitRepo(rp.ctx, url, filepath.Join(utils.GetTmpBaseDir(), "git-cache"), rp.sshPool, rp.authProviders)
+		mr, err := git.NewMirroredGitRepo(rp.ctx, url, filepath.Join(utils.GetTmpBaseDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
 		if err != nil {
 			return nil, err
 		}
@@ -198,7 +198,7 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 		return "", git.CheckoutInfo{}, err
 	}
 
-	tmpDir := filepath.Join(utils.GetTmpBaseDir(), "git-cloned")
+	tmpDir := filepath.Join(utils.GetTmpBaseDir(e.rp.ctx), "git-cloned")
 	err = os.MkdirAll(tmpDir, 0700)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
index 7a1250d5e..5b05e20ca 100644
--- a/pkg/sops/utils.go
+++ b/pkg/sops/utils.go
@@ -2,6 +2,7 @@ package sops
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -60,8 +61,8 @@ func MaybeDecryptFileTo(decrypter SopsDecrypter, path string, to string) error {
 	return nil
 }
 
-func MaybeDecryptFileToTmp(decrypter SopsDecrypter, path string) (string, error) {
-	tmp, err := os.CreateTemp(utils.GetTmpBaseDir(), "sops-decrypt-")
+func MaybeDecryptFileToTmp(ctx context.Context, decrypter SopsDecrypter, path string) (string, error) {
+	tmp, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "sops-decrypt-")
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/utils/tmpdir.go b/pkg/utils/tmpdir.go
new file mode 100644
index 000000000..76d684f8a
--- /dev/null
+++ b/pkg/utils/tmpdir.go
@@ -0,0 +1,98 @@
+package utils
+
+import (
+	"context"
+	"fmt"
+	"io/fs"
+	"os"
+	"os/user"
+	"path/filepath"
+	"runtime"
+	"sync"
+)
+
+type tmpBaseDirKey int
+type tmpBaseDirValue struct {
+	dir      string
+	initOnce sync.Once
+}
+
+var tmpBaseDirKeyInst tmpBaseDirKey
+var tmpBaseDirValueDefault = &tmpBaseDirValue{
+	dir: getDefaultTmpBaseDir(),
+}
+
+func WithTmpBaseDir(ctx context.Context, tmpBaseDir string) context.Context {
+	return context.WithValue(ctx, tmpBaseDirKeyInst, &tmpBaseDirValue{
+		dir: tmpBaseDir,
+	})
+}
+
+func GetTmpBaseDir(ctx context.Context) string {
+	v := ctx.Value(tmpBaseDirKeyInst)
+	if v == nil {
+		v = tmpBaseDirValueDefault
+	}
+	v2 := v.(*tmpBaseDirValue)
+	v2.initOnce.Do(func() {
+		v2.dir = createTmpBaseDir(v2.dir)
+	})
+	return v2.dir
+}
+
+func getDefaultTmpBaseDir() string {
+	dir := os.Getenv("KLUCTL_BASE_TMP_DIR")
+	if dir != "" {
+		return dir
+	}
+
+	return filepath.Join(os.TempDir(), "kluctl-workdir")
+}
+
+func createTmpBaseDir(dir string) string {
+	ensureDir(dir, 0o777, true)
+
+	// every user gets its own tmp dir
+	if runtime.GOOS == "windows" {
+		u, err := user.Current()
+		if err != nil {
+			panic(err)
+		}
+		dir = filepath.Join(dir, u.Uid)
+	} else {
+		uid := os.Getuid()
+		dir = filepath.Join(dir, fmt.Sprintf("%d", uid))
+	}
+
+	ensureDir(dir, 0o700, true)
+	return dir
+}
+
+func ensureDir(path string, perm fs.FileMode, allowCreate bool) {
+	if Exists(path) {
+		st, err := os.Lstat(path)
+		if err != nil {
+			panic(err)
+		}
+		if !st.IsDir() {
+			panic(fmt.Sprintf("%s is not a directory", path))
+		}
+		if st.Mode().Perm() != perm {
+			err = os.Chmod(path, perm)
+			if err != nil {
+				panic(err)
+			}
+		}
+	} else if !allowCreate {
+		panic(fmt.Sprintf("failed to ensure directory %s", path))
+	} else {
+		err := os.Mkdir(path, perm)
+		if err != nil {
+			if os.IsExist(err) {
+				ensureDir(path, perm, false)
+			} else {
+				panic(err)
+			}
+		}
+	}
+}
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 8796755a9..97b9d781d 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -3,84 +3,10 @@ package utils
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	"fmt"
 	"github.com/jinzhu/copier"
-	"io/fs"
-	"os"
-	"os/user"
-	"path/filepath"
-	"runtime"
 	"strconv"
-	"sync"
 )
 
-var createTmpBaseDirOnce sync.Once
-var tmpBaseDir string
-
-func GetTmpBaseDir() string {
-	createTmpBaseDirOnce.Do(func() {
-		createTmpBaseDir()
-	})
-	return tmpBaseDir
-}
-
-func createTmpBaseDir() {
-	envTmpDir := os.Getenv("KLUCTL_BASE_TMP_DIR")
-	if envTmpDir != "" {
-		tmpBaseDir = envTmpDir
-		return
-	}
-
-	dir := filepath.Join(os.TempDir(), "kluctl-workdir")
-
-	ensureDir(dir, 0o777, true)
-
-	// every user gets its own tmp dir
-	if runtime.GOOS == "windows" {
-		u, err := user.Current()
-		if err != nil {
-			panic(err)
-		}
-		dir = filepath.Join(dir, u.Uid)
-	} else {
-		uid := os.Getuid()
-		dir = filepath.Join(dir, fmt.Sprintf("%d", uid))
-	}
-
-	ensureDir(dir, 0o700, true)
-
-	tmpBaseDir = dir
-}
-
-func ensureDir(path string, perm fs.FileMode, allowCreate bool) {
-	if Exists(path) {
-		st, err := os.Lstat(path)
-		if err != nil {
-			panic(err)
-		}
-		if !st.IsDir() {
-			panic(fmt.Sprintf("%s is not a directory", path))
-		}
-		if st.Mode().Perm() != perm {
-			err = os.Chmod(path, perm)
-			if err != nil {
-				panic(err)
-			}
-		}
-	} else if !allowCreate {
-		panic(fmt.Sprintf("failed to ensure directory %s", path))
-	} else {
-		err := os.Mkdir(path, perm)
-		if err != nil {
-			if os.IsExist(err) {
-				ensureDir(path, perm, false)
-			} else {
-				panic(err)
-			}
-		}
-	}
-}
-
 func Sha256String(data string) string {
 	return Sha256Bytes([]byte(data))
 }

From 8849b1f19d5f5ce394db03280eca87f5d5b9b45d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 11:55:53 +0100
Subject: [PATCH 0636/2268] tests: Use global KUBECONFIG instead of per-project
 mergedKubeconfig

---
 e2e/args_test.go             |  6 ++--
 e2e/contexts_test.go         | 10 ++----
 e2e/default_clusters.go      | 63 ++++++++++++++++++++++++++++++++++++
 e2e/deployment_items_test.go |  4 +--
 e2e/flux_test.go             |  2 +-
 e2e/helm_test.go             | 14 ++++----
 e2e/hooks_test.go            |  6 ++--
 e2e/inclusion_test.go        |  2 +-
 e2e/no_target_test.go        |  3 +-
 e2e/seal_test.go             |  3 +-
 e2e/sops_test.go             |  6 ++--
 e2e/test-utils/project.go    | 48 +--------------------------
 12 files changed, 89 insertions(+), 78 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 2cfebb50e..b52578096 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -13,7 +13,7 @@ func testArgs(t *testing.T, deprecated bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -136,7 +136,7 @@ func TestArgsFromEnv(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -169,7 +169,7 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index ef7a203b0..e5c6a73a9 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -3,13 +3,11 @@ package e2e
 import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"k8s.io/client-go/tools/clientcmd/api"
 	"testing"
 )
 
 func prepareContextTest(t *testing.T) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t, defaultCluster1)
-	p.MergeKubeconfig(defaultCluster2)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
 	createNamespace(t, defaultCluster2, p.TestSlug())
@@ -23,8 +21,6 @@ func prepareContextTest(t *testing.T) *test_utils.TestProject {
 }
 
 func TestContextCurrent(t *testing.T) {
-	t.Parallel()
-
 	p := prepareContextTest(t)
 
 	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
@@ -35,9 +31,7 @@ func TestContextCurrent(t *testing.T) {
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
-	p.UpdateMergedKubeconfig(func(config *api.Config) {
-		config.CurrentContext = defaultCluster2.Context
-	})
+	setMergedKubeconfigContext(t, defaultCluster2.Context)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 3baff99ef..0d5479d27 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -1,14 +1,21 @@
 package e2e
 
+import "C"
 import (
+	"github.com/imdario/mergo"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/tools/clientcmd"
+	"os"
+	"runtime"
 	"sync"
+	"testing"
 )
 
 var defaultCluster1 = test_utils.CreateEnvTestCluster("cluster1")
 var defaultCluster2 = test_utils.CreateEnvTestCluster("cluster2")
+var mergedKubeconfig string
 
 func init() {
 	if isCallKluctlHack() {
@@ -37,4 +44,60 @@ func init() {
 		test_resources.ApplyYaml("sealed-secrets.yaml", defaultCluster2)
 	}()
 	wg.Wait()
+
+	tmpKubeconfig, err := os.CreateTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	_ = tmpKubeconfig.Close()
+	runtime.SetFinalizer(defaultCluster1, func(_ *test_utils.EnvTestCluster) {
+		_ = os.Remove(tmpKubeconfig.Name())
+	})
+
+	mergeKubeconfig(tmpKubeconfig.Name(), defaultCluster1.Kubeconfig)
+	mergeKubeconfig(tmpKubeconfig.Name(), defaultCluster2.Kubeconfig)
+
+	mergedKubeconfig = tmpKubeconfig.Name()
+	_ = os.Setenv("KUBECONFIG", mergedKubeconfig)
+}
+
+func mergeKubeconfig(path string, kubeconfig []byte) {
+	mkcfg, err := clientcmd.LoadFromFile(path)
+	if err != nil {
+		panic(err)
+	}
+
+	nkcfg, err := clientcmd.Load(kubeconfig)
+	if err != nil {
+		panic(err)
+	}
+
+	err = mergo.Merge(mkcfg, nkcfg)
+	if err != nil {
+		panic(err)
+	}
+
+	err = clientcmd.WriteToFile(*mkcfg, path)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func setMergedKubeconfigContext(t *testing.T, newContext string) {
+	tmpKubeconfig, err := os.CreateTemp(t.TempDir(), "kubeconfig-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	_ = tmpKubeconfig.Close()
+
+	kcfg, err := clientcmd.LoadFromFile(mergedKubeconfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	kcfg.CurrentContext = newContext
+	err = clientcmd.WriteToFile(*kcfg, tmpKubeconfig.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Setenv("KUBECONFIG", tmpKubeconfig.Name())
 }
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 2a346b8fe..71e93a34a 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -11,7 +11,7 @@ func TestKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -39,7 +39,7 @@ func TestGeneratedKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index c8e1979b2..8854487b7 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -36,7 +36,7 @@ func TestFluxCommands(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	var wg sync.WaitGroup
 	wg.Add(2)
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index cedfa3a60..3fe9dad20 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -33,7 +33,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -124,7 +124,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -168,7 +168,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -278,7 +278,7 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -341,7 +341,7 @@ func TestHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -406,7 +406,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 	createNamespace(t, k, p.TestSlug()+"-a")
@@ -437,7 +437,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 766c43e9c..e32f1c55f 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -99,14 +99,16 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	}
 	s.setupWebhook()
 
-	s.p = test_utils.NewTestProject(t, s.k)
+	s.p = test_utils.NewTestProject(t)
 	t.Cleanup(func() {
 		s.removeWebhook()
 	})
 
 	createNamespace(s.t, s.k, s.p.TestSlug())
 
-	s.p.UpdateTarget("test", nil)
+	s.p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField(s.k.Context, "context")
+	})
 
 	s.p.AddKustomizeDeployment("hook", nil, nil)
 
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 08e6f5881..84b427c97 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -10,7 +10,7 @@ import (
 
 func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_utils.TestProject, *test_utils.EnvTestCluster) {
 	k := defaultCluster1
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index caa7d217c..1451d10d8 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -9,8 +9,7 @@ import (
 )
 
 func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t, defaultCluster1)
-	p.MergeKubeconfig(defaultCluster2)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
 	createNamespace(t, defaultCluster2, p.TestSlug())
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index ecbf0b69f..49c060feb 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -98,7 +98,7 @@ func addProxyVars(p *test_utils.TestProject) {
 }
 
 func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	if proxy {
 		addProxyVars(p)
@@ -341,7 +341,6 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	})
 	addSecretsSetToTarget(p, "test-target2", "test2")
 
-	p.MergeKubeconfig(defaultCluster2)
 	createNamespace(t, defaultCluster2, p.TestSlug())
 	p.UpdateTarget("test-target", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index da65ece12..598885272 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -15,7 +15,7 @@ func TestSopsVars(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -55,7 +55,7 @@ func TestSopsResources(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -88,7 +88,7 @@ func TestSopsHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, k)
+	p := test_utils.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index ffc225c62..e3951f616 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -4,14 +4,11 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
-	"github.com/imdario/mergo"
 	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
-	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -24,12 +21,10 @@ type TestProject struct {
 	t        *testing.T
 	extraEnv []string
 
-	mergedKubeconfig string
-
 	gitServer *git2.TestGitServer
 }
 
-func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
+func NewTestProject(t *testing.T) *TestProject {
 	p := &TestProject{
 		t: t,
 	}
@@ -43,19 +38,6 @@ func NewTestProject(t *testing.T, k *EnvTestCluster) *TestProject {
 	p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
 		return nil
 	})
-
-	tmpFile, err := os.CreateTemp("", p.TestSlug()+"-kubeconfig-")
-	if err != nil {
-		t.Fatal(err)
-	}
-	_ = tmpFile.Close()
-	p.mergedKubeconfig = tmpFile.Name()
-	t.Cleanup(func() {
-		os.Remove(p.mergedKubeconfig)
-	})
-	if k != nil {
-		p.MergeKubeconfig(k)
-	}
 	return p
 }
 
@@ -66,34 +48,6 @@ func (p *TestProject) TestSlug() string {
 	return n
 }
 
-func (p *TestProject) MergeKubeconfig(k *EnvTestCluster) {
-	p.UpdateMergedKubeconfig(func(config *clientcmdapi.Config) {
-		nkcfg, err := clientcmd.Load(k.Kubeconfig)
-		if err != nil {
-			p.t.Fatal(err)
-		}
-
-		err = mergo.Merge(config, nkcfg)
-		if err != nil {
-			p.t.Fatal(err)
-		}
-	})
-}
-
-func (p *TestProject) UpdateMergedKubeconfig(cb func(config *clientcmdapi.Config)) {
-	mkcfg, err := clientcmd.LoadFromFile(p.mergedKubeconfig)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-
-	cb(mkcfg)
-
-	err = clientcmd.WriteToFile(*mkcfg, p.mergedKubeconfig)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-}
-
 func (p *TestProject) AddExtraEnv(e string) {
 	p.extraEnv = append(p.extraEnv, e)
 }

From e427b01612a6b1c02ca7a134117c2b457e300633 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 13:23:23 +0100
Subject: [PATCH 0637/2268] refactor: Allow to override stdout/stderr in
 commands

---
 .../commands/cmd_check_image_updates.go       |  3 +-
 cmd/kluctl/commands/cmd_delete.go             |  5 +-
 cmd/kluctl/commands/cmd_render.go             |  2 +-
 cmd/kluctl/commands/cmd_validate.go           |  3 +-
 cmd/kluctl/commands/cmd_version.go            |  3 +-
 cmd/kluctl/commands/command_result.go         | 15 +++---
 cmd/kluctl/commands/override_std_streams.go   | 53 +++++++++++++++++++
 7 files changed, 67 insertions(+), 17 deletions(-)
 create mode 100644 cmd/kluctl/commands/override_std_streams.go

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index a21df32c3..64471dd3b 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
-	"os"
 	"regexp"
 	"sort"
 	"strings"
@@ -130,6 +129,6 @@ func runCheckImageUpdates(cmdCtx *commandCtx) error {
 	}
 
 	table.SortRows(1)
-	_, _ = os.Stdout.WriteString(table.Render([]int{60}))
+	_, _ = getStdout(cmdCtx.ctx).WriteString(table.Render([]int{60}))
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 48a09b2c7..b034c6c4e 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -11,7 +11,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"os"
 )
 
 type deleteCmd struct {
@@ -79,9 +78,9 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 
 func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*types.CommandResult, error) {
 	if len(refs) != 0 {
-		_, _ = os.Stderr.WriteString("The following objects will be deleted:\n")
+		_, _ = getStderr(ctx).WriteString("The following objects will be deleted:\n")
 		for _, ref := range refs {
-			_, _ = os.Stderr.WriteString(fmt.Sprintf("  %s\n", ref.String()))
+			_, _ = getStderr(ctx).WriteString(fmt.Sprintf("  %s\n", ref.String()))
 		}
 		if !forceYes && !dryRun {
 			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 27851b332..9c4152129 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -60,7 +60,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 				defer os.RemoveAll(cmd.RenderOutputDir)
 			}
 			status.Flush(cmdCtx.ctx)
-			return yaml.WriteYamlAllStream(os.Stdout, all)
+			return yaml.WriteYamlAllStream(getStdout(ctx), all)
 		} else {
 			status.Info(cmdCtx.ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
 		}
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 101af905f..26b43da2f 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"os"
 	"time"
 )
 
@@ -54,7 +53,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 			}
 
 			if !failed {
-				_, _ = os.Stderr.WriteString("Validation succeeded\n")
+				_, _ = getStderr(ctx).WriteString("Validation succeeded\n")
 				return nil
 			}
 
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index b7683a784..c28a5b37e 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -3,13 +3,12 @@ package commands
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/version"
-	"os"
 )
 
 type versionCmd struct {
 }
 
 func (cmd *versionCmd) Run(ctx context.Context) error {
-	_, err := os.Stdout.WriteString(version.GetVersion() + "\n")
+	_, err := getStdout(ctx).WriteString(version.GetVersion() + "\n")
 	return err
 }
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index cdf7f0753..f9dd12408 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -173,7 +173,7 @@ func formatValidateResult(vr *types.ValidateResult, format string) (string, erro
 	}
 }
 
-func outputHelper(output []string, cb func(format string) (string, error)) error {
+func outputHelper(ctx context.Context, output []string, cb func(format string) (string, error)) error {
 	if len(output) == 0 {
 		output = []string{"text"}
 	}
@@ -189,7 +189,7 @@ func outputHelper(output []string, cb func(format string) (string, error)) error
 			return err
 		}
 
-		err = outputResult(path, r)
+		err = outputResult(ctx, path, r)
 		if err != nil {
 			return err
 		}
@@ -200,7 +200,7 @@ func outputHelper(output []string, cb func(format string) (string, error)) error
 func outputCommandResult(ctx context.Context, output []string, cr *types.CommandResult) error {
 	status.Flush(ctx)
 
-	return outputHelper(output, func(format string) (string, error) {
+	return outputHelper(ctx, output, func(format string) (string, error) {
 		return formatCommandResult(cr, format)
 	})
 }
@@ -208,7 +208,7 @@ func outputCommandResult(ctx context.Context, output []string, cr *types.Command
 func outputValidateResult(ctx context.Context, output []string, vr *types.ValidateResult) error {
 	status.Flush(ctx)
 
-	return outputHelper(output, func(format string) (string, error) {
+	return outputHelper(ctx, output, func(format string) (string, error) {
 		return formatValidateResult(vr, format)
 	})
 }
@@ -238,7 +238,7 @@ func outputYamlResult(ctx context.Context, output []string, result interface{},
 		s = x
 	}
 	for _, path := range output {
-		err := outputResult(&path, s)
+		err := outputResult(ctx, &path, s)
 		if err != nil {
 			return err
 		}
@@ -246,8 +246,9 @@ func outputYamlResult(ctx context.Context, output []string, result interface{},
 	return nil
 }
 
-func outputResult(f *string, result string) error {
-	w := os.Stdout
+func outputResult(ctx context.Context, f *string, result string) error {
+	var w io.Writer
+	w = getStdout(ctx)
 	if f != nil && *f != "-" {
 		f, err := os.Create(*f)
 		if err != nil {
diff --git a/cmd/kluctl/commands/override_std_streams.go b/cmd/kluctl/commands/override_std_streams.go
new file mode 100644
index 000000000..ab2573f72
--- /dev/null
+++ b/cmd/kluctl/commands/override_std_streams.go
@@ -0,0 +1,53 @@
+package commands
+
+import (
+	"context"
+	"io"
+	"os"
+)
+
+type overrideStdStreamsKey int
+type overrideStdStreamsValue struct {
+	stdout io.Writer
+	stderr io.Writer
+}
+
+var overrideStdStreamsKeyInst overrideStdStreamsKey
+
+func WithStdStreams(ctx context.Context, stdout io.Writer, stderr io.Writer) context.Context {
+	return context.WithValue(ctx, overrideStdStreamsKeyInst, &overrideStdStreamsValue{
+		stdout: stdout,
+		stderr: stderr,
+	})
+}
+
+func getStdStreams(ctx context.Context) (io.Writer, io.Writer) {
+	v := ctx.Value(overrideStdStreamsKeyInst)
+	if v == nil {
+		return os.Stdout, os.Stderr
+	}
+	v2 := v.(*overrideStdStreamsValue)
+	return v2.stdout, v2.stderr
+}
+
+type stringWriter struct {
+	w io.Writer
+}
+
+func (w *stringWriter) WriteString(s string) (n int, err error) {
+	return w.w.Write([]byte(s))
+}
+
+func (w *stringWriter) Write(b []byte) (n int, err error) {
+	return w.w.Write(b)
+}
+
+func getStdout(ctx context.Context) *stringWriter {
+	stdout, _ := getStdStreams(ctx)
+	return &stringWriter{stdout}
+}
+
+func getStderr(ctx context.Context) *stringWriter {
+	_, stderr := getStdStreams(ctx)
+	return &stringWriter{stderr}
+}

From d496a45ccdb50b7ff884a11d28d365aa3d16e49c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 13:46:52 +0100
Subject: [PATCH 0638/2268] feat: Implement --project-dir argument

---
 cmd/kluctl/args/project.go             | 22 +++++++++++++++++++++-
 cmd/kluctl/commands/cmd_helm_pull.go   |  8 ++++----
 cmd/kluctl/commands/cmd_helm_update.go |  7 ++++---
 cmd/kluctl/commands/utils.go           |  6 +++---
 4 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index f60f27482..eff3ec1f0 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -1,8 +1,28 @@
 package args
 
-import "time"
+import (
+	"os"
+	"time"
+)
+
+type ProjectDir struct {
+	ProjectDir existingDirType `group:"project" help:"Specify the project directory. Defaults to the current working directory."`
+}
+
+func (a ProjectDir) GetProjectDir() (string, error) {
+	if a.ProjectDir != "" {
+		return a.ProjectDir.String(), nil
+	}
+	cwd, err := os.Getwd()
+	if err != nil {
+		return "", err
+	}
+	return cwd, nil
+}
 
 type ProjectFlags struct {
+	ProjectDir
+
 	ProjectConfig existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 4ee57ec2e..ab2d7bf66 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -11,12 +11,12 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/sync/semaphore"
 	"io/fs"
-	"os"
 	"path/filepath"
 	"sync"
 )
 
 type helmPullCmd struct {
+	args.ProjectDir
 	args.HelmCredentials
 }
 
@@ -27,12 +27,12 @@ pulling is only needed when really required (e.g. when the chart version changes
 }
 
 func (cmd *helmPullCmd) Run(ctx context.Context) error {
-	cwd, err := os.Getwd()
+	projectDir, err := cmd.ProjectDir.GetProjectDir()
 	if err != nil {
 		return err
 	}
 
-	gitRootPath, err := git2.DetectGitRepositoryRoot(cwd)
+	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)
 	if err != nil {
 		return err
 	}
@@ -42,7 +42,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(8)
 
-	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
 			return nil
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index beecb5d0e..225caec92 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -20,6 +20,7 @@ import (
 )
 
 type helmUpdateCmd struct {
+	args.ProjectDir
 	args.HelmCredentials
 
 	Upgrade bool `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
@@ -33,12 +34,12 @@ func (cmd *helmUpdateCmd) Help() string {
 }
 
 func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
-	cwd, err := os.Getwd()
+	projectDir, err := cmd.ProjectDir.GetProjectDir()
 	if err != nil {
 		return err
 	}
 
-	gitRootPath, err := git2.DetectGitRepositoryRoot(cwd)
+	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)
 	if err != nil {
 		return err
 	}
@@ -57,7 +58,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 	var updatedCharts []*updatedChart
 
-	err = filepath.WalkDir(cwd, func(p string, d fs.DirEntry, err error) error {
+	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
 		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
 			return nil
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index bfe63cb17..a209d2829 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -37,12 +37,12 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	}
 	defer j2.Close()
 
-	cwd, err := os.Getwd()
+	projectDir, err := projectFlags.ProjectDir.GetProjectDir()
 	if err != nil {
 		return err
 	}
 
-	repoRoot, err := git.DetectGitRepositoryRoot(cwd)
+	repoRoot, err := git.DetectGitRepositoryRoot(projectDir)
 	if err != nil {
 		status.Warning(ctx, "Failed to detect git project root. This might cause follow-up errors")
 	}
@@ -74,7 +74,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
 		RepoRoot:           repoRoot,
-		ProjectDir:         cwd,
+		ProjectDir:         projectDir,
 		ProjectConfig:      projectFlags.ProjectConfig.String(),
 		RP:                 rp,
 		ClientConfigGetter: clientConfigGetter(forCompletion),

From 986c5d62a62549a9b5e64c172db42c895c8bb894 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 13:47:17 +0100
Subject: [PATCH 0639/2268] fix: Don't allow term.GetWidth() to return 0

---
 pkg/utils/term/term_size.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/term/term_size.go b/pkg/utils/term/term_size.go
index 706f09180..0c210fd72 100644
--- a/pkg/utils/term/term_size.go
+++ b/pkg/utils/term/term_size.go
@@ -15,7 +15,7 @@ func GetWidth() int {
 		}
 	}
 	w, _, err := GetSize(int(origStdout.Fd()))
-	if err != nil {
+	if err != nil || w == 0 {
 		return 80
 	}
 	return w

From a71636b61c5280498da3bf4bb25b6383bf62f813 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 14:42:19 +0100
Subject: [PATCH 0640/2268] tests: Execute kluctl via commands.Execute()
 instead of spawning a process

---
 e2e/args_test.go          | 20 +++++------
 e2e/flux_test.go          |  2 +-
 e2e/seal_test.go          |  2 +-
 e2e/sops_test.go          | 24 ++++++++-----
 e2e/test-utils/project.go | 73 +++++++++++++++++++++++++++++++++++----
 5 files changed, 93 insertions(+), 28 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index b52578096..d754bf3f6 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -128,15 +128,14 @@ func TestArgs(t *testing.T) {
 }
 
 func TestArgsFromEnv(t *testing.T) {
-	t.Setenv("KLUCTL_ARG", "a=a")
-	t.Setenv("KLUCTL_ARG_1", "b=b")
-	t.Setenv("KLUCTL_ARG_2", `c={"nested":{"nested2":"c"}}`)
-	t.Setenv("KLUCTL_ARG_3", "d=true")
-	t.Setenv("KLUCTL_ARG_4", "e='true'")
-
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p.AddExtraEnv("KLUCTL_ARG=a=a")
+	p.AddExtraEnv("KLUCTL_ARG_1=b=b")
+	p.AddExtraEnv(`KLUCTL_ARG_2=c={"nested":{"nested2":"c"}}`)
+	p.AddExtraEnv("KLUCTL_ARG_3=d=true")
+	p.AddExtraEnv("KLUCTL_ARG_4=e='true'")
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -164,12 +163,11 @@ func TestArgsFromEnv(t *testing.T) {
 }
 
 func TestArgsFromEnvAndCli(t *testing.T) {
-	t.Setenv("KLUCTL_ARG_1", "a=a")
-	t.Setenv("KLUCTL_ARG_2", "c=c")
-
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p.AddExtraEnv("KLUCTL_ARG_1=a=a")
+	p.AddExtraEnv("KLUCTL_ARG_2=c=c")
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
index 8854487b7..5967270c4 100644
--- a/e2e/flux_test.go
+++ b/e2e/flux_test.go
@@ -36,7 +36,7 @@ func TestFluxCommands(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
 
 	var wg sync.WaitGroup
 	wg.Add(2)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 49c060feb..2308ec103 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -98,7 +98,7 @@ func addProxyVars(p *test_utils.TestProject) {
 }
 
 func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
 
 	if proxy {
 		addProxyVars(p)
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 598885272..2ea1d9ac7 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
@@ -9,13 +10,18 @@ import (
 	"testing"
 )
 
-func TestSopsVars(t *testing.T) {
+func setSopsKey(p *test_utils.TestProject) {
 	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
-	t.Setenv(age.SopsAgeKeyEnv, string(key))
+	p.AddExtraEnv(fmt.Sprintf("%s=%s", age.SopsAgeKeyEnv, string(key)))
+}
+
+func TestSopsVars(t *testing.T) {
+	t.Parallel()
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -50,12 +56,12 @@ func TestSopsVars(t *testing.T) {
 }
 
 func TestSopsResources(t *testing.T) {
-	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
-	t.Setenv(age.SopsAgeKeyEnv, string(key))
+	t.Parallel()
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -83,12 +89,12 @@ func TestSopsResources(t *testing.T) {
 }
 
 func TestSopsHelmValues(t *testing.T) {
-	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
-	t.Setenv(age.SopsAgeKeyEnv, string(key))
+	t.Parallel()
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index e3951f616..0d3b79415 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -1,11 +1,16 @@
 package test_utils
 
 import (
+	"bytes"
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
@@ -18,17 +23,31 @@ import (
 )
 
 type TestProject struct {
-	t        *testing.T
-	extraEnv []string
+	t *testing.T
+
+	extraEnv   []string
+	useProcess bool
 
 	gitServer *git2.TestGitServer
 }
 
-func NewTestProject(t *testing.T) *TestProject {
+type TestProjectOption func(p *TestProject)
+
+func WithUseProcess(useProcess bool) TestProjectOption {
+	return func(p *TestProject) {
+		p.useProcess = useProcess
+	}
+}
+
+func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
 		t: t,
 	}
 
+	for _, o := range opts {
+		o(p)
+	}
+
 	p.gitServer = git2.NewTestGitServer(t)
 	p.gitServer.GitInit("kluctl-project")
 
@@ -350,7 +369,7 @@ func (p *TestProject) GetGitRepo() *git.Repository {
 	return p.gitServer.GetGitRepo("kluctl-project")
 }
 
-func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
+func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
@@ -361,7 +380,6 @@ func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
 
 	env := os.Environ()
 	env = append(env, p.extraEnv...)
-	env = append(env, fmt.Sprintf("KUBECONFIG=%s", p.mergedKubeconfig))
 
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
@@ -382,10 +400,53 @@ func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
 	return stdout, stderr, err
 }
 
+func (p *TestProject) KluctlProcessMust(argsIn ...string) (string, string) {
+	stdout, stderr, err := p.KluctlProcess(argsIn...)
+	if err != nil {
+		p.t.Logf(stderr)
+		p.t.Fatal(fmt.Errorf("kluctl failed: %w", err))
+	}
+	return stdout, stderr
+}
+
+func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
+	if len(p.extraEnv) != 0 {
+		p.t.Fatal("extraEnv is only supported in KluctlProcess(...)")
+	}
+
+	var args []string
+	args = append(args, "--project-dir", p.LocalRepoDir())
+	args = append(args, argsIn...)
+
+	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
+
+	stdout := bytes.NewBuffer(nil)
+	stderr := bytes.NewBuffer(nil)
+
+	ctx := context.Background()
+	ctx = utils.WithTmpBaseDir(ctx, p.t.TempDir())
+	ctx = commands.WithStdStreams(ctx, stdout, stderr)
+	sh := status.NewSimpleStatusHandler(func(message string) {
+		p.t.Log(message)
+		stderr.WriteString(message + "\n")
+	}, false, true)
+	defer sh.Stop()
+	ctx = status.NewContext(ctx, sh)
+	err := commands.Execute(ctx, args, nil)
+	return stdout.String(), stderr.String(), err
+}
+
+func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
+	if p.useProcess {
+		return p.KluctlProcess(argsIn...)
+	} else {
+		return p.KluctlExecute(argsIn...)
+	}
+}
+
 func (p *TestProject) KluctlMust(argsIn ...string) (string, string) {
 	stdout, stderr, err := p.Kluctl(argsIn...)
 	if err != nil {
-		p.t.Logf(stderr)
 		p.t.Fatal(fmt.Errorf("kluctl failed: %w", err))
 	}
 	return stdout, stderr

From 687d718794b1f7008f1117dd56b9e97c6b5e88c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 15:52:50 +0100
Subject: [PATCH 0641/2268] tests: Fix potential crash in webhook handler

---
 e2e/hooks_test.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index e32f1c55f..122dc018a 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -96,10 +96,9 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	s := &hooksTestContext{
 		t: t,
 		k: defaultCluster2, // use cluster2 as it has webhooks setup
+		p: test_utils.NewTestProject(t),
 	}
 	s.setupWebhook()
-
-	s.p = test_utils.NewTestProject(t)
 	t.Cleanup(func() {
 		s.removeWebhook()
 	})

From 8328ad819370c05b3c5bdaaae0cfea2ce5c37920 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 15:53:25 +0100
Subject: [PATCH 0642/2268] tests: Ignore config map updates when they don't
 belong to the current run

---
 e2e/hooks_test.go | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 122dc018a..504559c23 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -1,14 +1,12 @@
 package e2e
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"sync"
 	"testing"
 
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -20,7 +18,9 @@ type hooksTestContext struct {
 
 	p *test_utils.TestProject
 
+	m              sync.Mutex
 	seenConfigMaps []string
+	runCount       int
 
 	whh *test_utils.CallbackHandlerEntry
 }
@@ -39,6 +39,8 @@ func (s *hooksTestContext) handleConfigmap(request admission.Request) {
 	if s.p.TestSlug() != request.Namespace {
 		return
 	}
+	s.m.Lock()
+	defer s.m.Unlock()
 
 	x, err := uo.FromString(string(request.Object.Raw))
 	if err != nil {
@@ -52,6 +54,10 @@ func (s *hooksTestContext) handleConfigmap(request admission.Request) {
 	if err != nil {
 		s.t.Fatal(err)
 	}
+	runCount := x.GetK8sLabel("tests.kluctl.io/runCount")
+	if runCount == nil || *runCount != fmt.Sprintf("%d", s.runCount) {
+		return
+	}
 
 	s.t.Logf("handleConfigmap: op=%s, name=%s/%s, generation=%d, uid=%s", request.Operation, request.Namespace, request.Name, generation, uid)
 
@@ -59,6 +65,8 @@ func (s *hooksTestContext) handleConfigmap(request admission.Request) {
 }
 
 func (s *hooksTestContext) clearSeenConfigmaps() {
+	s.m.Lock()
+	defer s.m.Unlock()
 	s.t.Logf("clearSeenConfigmaps: %v", s.seenConfigMaps)
 	s.seenConfigMaps = nil
 }
@@ -117,20 +125,22 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	return s
 }
 
+func (s *hooksTestContext) incRunCount() {
+	s.runCount++
+	s.t.Logf("incRunCount: %d", s.runCount)
+	s.p.UpdateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(fmt.Sprintf("%d", s.runCount), "commonLabels", "tests.kluctl.io/runCount")
+		return nil
+	})
+}
+
 func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
 	s.clearSeenConfigmaps()
+	s.incRunCount()
 	s.p.KluctlMust("deploy", "--yes", "-t", "test")
 	assert.Equal(s.t, expectedCms, s.seenConfigMaps)
 }
 
-func (s *hooksTestContext) ensureHookNotExecuted() {
-	_ = s.k.DynamicClient.Resource(corev1.SchemeGroupVersion.WithResource("configmaps")).
-		Namespace(s.p.TestSlug()).
-		Delete(context.Background(), "cm1", metav1.DeleteOptions{})
-	s.p.KluctlMust("deploy", "--yes", "-t", "test")
-	assertConfigMapNotExists(s.t, s.k, s.p.TestSlug(), "cm1")
-}
-
 func TestHooksPreDeployInitial(t *testing.T) {
 	t.Parallel()
 	s := prepareHookTestProject(t, "pre-deploy-initial", "")

From b3a72803d3653eed220fb74f585e2a8a71a0897b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 16:03:13 +0100
Subject: [PATCH 0643/2268] docs: Run make replace-commands-help

---
 docs/reference/commands/common-arguments.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index aedafc415..0f3150151 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -62,6 +62,7 @@ Project arguments:
                                              'github.com:my-org/my-repo:my-branch=/local/path/to/override'
   -c, --project-config existingfile          Location of the .kluctl.yaml config file. Defaults to
                                              $PROJECT/.kluctl.yaml
+      --project-dir existingdir              Specify the project directory. Defaults to the current working directory.
   -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
   -T, --target-name-override string          Overrides the target name. If -t is used at the same time, then the
                                              target will be looked up based on -t <name> and then renamed to the

From f704069fcab9070242670027936a152dc85326d4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 16:14:28 +0100
Subject: [PATCH 0644/2268] refactor: More uses og GetK8sAnnotation/GetK8sLabel
 and ParseBoolOrFalse

---
 pkg/deployment/deployment_item.go    | 8 ++++++--
 pkg/deployment/utils/delete_utils.go | 9 +++------
 pkg/diff/normalize.go                | 5 ++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index bbd9665b6..94f005e5c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -578,8 +578,12 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			}
 
 			// Set common labels/annotations
-			o.SetK8sLabels(uo.CopyMergeStrMap(o.GetK8sLabels(), commonLabels))
-			o.SetK8sAnnotations(uo.CopyMergeStrMap(o.GetK8sAnnotations(), commonAnnotations))
+			for n, v := range commonLabels {
+				o.SetK8sLabel(n, v)
+			}
+			for n, v := range commonAnnotations {
+				o.SetK8sAnnotation(n, v)
+			}
 
 			// Resolve image placeholders
 			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys())
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index dabdf569e..f4cec36cc 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -5,11 +5,11 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"golang.org/x/sync/semaphore"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"strconv"
 	"sync"
 )
 
@@ -73,13 +73,11 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 			continue
 		}
 
-		annotations := o.GetK8sAnnotations()
 		ownerRefs := o.GetK8sOwnerReferences()
 		managedFields := o.GetK8sManagedFields()
 
 		// exclude when explicitly requested
-		skipDelete, err := strconv.ParseBool(annotations["kluctl.io/skip-delete"])
-		if err == nil && skipDelete {
+		if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete")) {
 			continue
 		}
 
@@ -114,8 +112,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 
 		// exclude resources which have the 'kluctl.io/skip-delete-if-tags' annotation set
 		if inclusionHasTags {
-			skipDeleteIfTags, err := strconv.ParseBool(annotations["kluctl.io/skip-delete-if-tags"])
-			if err == nil && skipDeleteIfTags {
+			if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete-if-tags")) {
 				continue
 			}
 		}
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index dd69cf073..5123a347f 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -3,9 +3,9 @@ package diff
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"regexp"
-	"strconv"
 	"strings"
 )
 
@@ -168,8 +168,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		}
 	}
 
-	ignoreAll, _ := strconv.ParseBool(localObject.GetK8sAnnotations()["kluctl.io/ignore-diff"])
-	if ignoreAll {
+	if utils.ParseBoolOrFalse(localObject.GetK8sAnnotation("kluctl.io/ignore-diff")) {
 		// Return empty object so that diffs will always be empty
 		return &uo.UnstructuredObject{Object: map[string]interface{}{}}
 	}

From e4da1f800f5869eacfd463c99f3224dea9732e6b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 16:20:56 +0100
Subject: [PATCH 0645/2268] feat: Add compatibility code for
 helm.sh/resource-policy annotation

---
 pkg/deployment/utils/delete_utils.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index f4cec36cc..babaa5a4b 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -81,6 +81,14 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 			continue
 		}
 
+		helmResourcePolicy := o.GetK8sAnnotation("helm.sh/resource-policy")
+		if helmResourcePolicy != nil && *helmResourcePolicy == "keep" {
+			// warning, this is currently not how Helm handles it. Helm will only respect annotations set in the Chart
+			// itself, while Kluctl will also respect it when manually set on the live resource
+			// See: https://github.com/helm/helm/issues/8132
+			continue
+		}
+
 		// exclude objects which are owned by some other object
 		if len(ownerRefs) != 0 {
 			continue

From 0cc442d698975b728946edd7d5e45564bf77f5b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 16:23:47 +0100
Subject: [PATCH 0646/2268] tests: Fix race condition

---
 e2e/test-utils/project.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 0d3b79415..9a87be0f1 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -19,6 +19,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"strings"
+	"sync"
 	"testing"
 )
 
@@ -420,6 +421,7 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
+	var m sync.Mutex
 	stdout := bytes.NewBuffer(nil)
 	stderr := bytes.NewBuffer(nil)
 
@@ -427,6 +429,8 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	ctx = utils.WithTmpBaseDir(ctx, p.t.TempDir())
 	ctx = commands.WithStdStreams(ctx, stdout, stderr)
 	sh := status.NewSimpleStatusHandler(func(message string) {
+		m.Lock()
+		defer m.Unlock()
 		p.t.Log(message)
 		stderr.WriteString(message + "\n")
 	}, false, true)

From 7cf5d1ac4df9f772d8aa538abbc747f5e593878f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 17:06:57 +0100
Subject: [PATCH 0647/2268] feat: Respect inclusion flags while collecting
 deployments

---
 docs/reference/deployments/deployment-yml.md |  2 ++
 pkg/deployment/commands/poke_images.go       |  3 ---
 pkg/deployment/commands/validate.go          |  3 ---
 pkg/deployment/deployment_collection.go      | 13 +++++++++----
 pkg/deployment/deployment_item.go            |  9 ++-------
 pkg/deployment/utils/apply_utils.go          |  5 -----
 pkg/deployment/utils/diff_utils.go           |  4 ----
 7 files changed, 13 insertions(+), 26 deletions(-)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index a8ff6252f..73e0fb3a5 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -183,6 +183,8 @@ deployments:
 - path: kustomizeDeployment2
 ```
 
+Please note that `alwaysDeploy` will also cause [kluctl render](../commands/render.md) to always render the resources.
+
 ### skipDeleteIfTags
 Forces exclusion of a deployment whenever inclusion/exclusion tags are specified via command line.
 See [Deleting with tag inclusion/exclusion](./tags.md#deploying-with-tag-inclusionexclusion) for details.
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index a06bf48a2..3bcaaef36 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -35,9 +35,6 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 
 	allObjects := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, d := range cmd.c.Deployments {
-		if !d.CheckInclusionForDeploy() {
-			continue
-		}
 		for _, o := range d.Objects {
 			allObjects[o.GetK8sRef()] = o
 		}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 1b4f20e89..a5781f855 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -38,9 +38,6 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.c.Deployments, cmd.ru, k, &utils2.ApplyUtilOptions{})
 	for _, d := range cmd.c.Deployments {
-		if !d.CheckInclusionForDeploy() {
-			continue
-		}
 		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
 		for _, o := range d.Objects {
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index d8449cd77..c37a9fc9d 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -34,11 +34,16 @@ func NewDeploymentCollection(ctx SharedContext, project *DeploymentProject, imag
 	}
 
 	indexes := make(map[string]int)
-	deployments, err := dc.collectDeployments(project, indexes)
+	deployments, err := dc.collectAllDeployments(project, indexes)
 	if err != nil {
 		return nil, err
 	}
-	dc.Deployments = deployments
+	dc.Deployments = make([]*DeploymentItem, 0, len(deployments))
+	for _, d := range deployments {
+		if d.CheckInclusionForDeploy() {
+			dc.Deployments = append(dc.Deployments, d)
+		}
+	}
 	return dc, nil
 }
 
@@ -75,7 +80,7 @@ func findDeploymentItemIndex(project *DeploymentProject, pth *string, indexes ma
 	return index, dir2
 }
 
-func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, indexes map[string]int) ([]*DeploymentItem, error) {
+func (c *DeploymentCollection) collectAllDeployments(project *DeploymentProject, indexes map[string]int) ([]*DeploymentItem, error) {
 	var ret []*DeploymentItem
 
 	for i, diConfig := range project.Config.Deployments {
@@ -84,7 +89,7 @@ func (c *DeploymentCollection) collectDeployments(project *DeploymentProject, in
 			if !ok {
 				panic(fmt.Sprintf("Did not find find index %d in project.includes", i))
 			}
-			ret2, err := c.collectDeployments(includedProject, indexes)
+			ret2, err := c.collectAllDeployments(includedProject, indexes)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index bbd9665b6..6776bb7db 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -367,16 +367,11 @@ func (di *DeploymentItem) CheckInclusionForDeploy() bool {
 	if di.Config.AlwaysDeploy {
 		return true
 	}
-	values := di.buildInclusionEntries()
-	return di.Inclusion.CheckIncluded(values, false)
-}
-
-func (di *DeploymentItem) checkInclusionForDelete() bool {
-	if di.Inclusion == nil {
+	if di.Config.Barrier {
 		return true
 	}
 	values := di.buildInclusionEntries()
-	return di.Inclusion.CheckIncluded(values, di.Config.SkipDeleteIfTags)
+	return di.Inclusion.CheckIncluded(values, false)
 }
 
 func (di *DeploymentItem) readKustomizationYaml(subDir string) (*uo.UnstructuredObject, error) {
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 2bee3e50d..87767ad19 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -475,11 +475,6 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	// +1 to ensure that we don't prematurely complete the bar (which would happen as we don't count for waiting)
 	total := len(applyObjects) + len(preHooks) + len(postHooks) + 1
 	a.sctx.SetTotal(total)
-	if !d.CheckInclusionForDeploy() {
-		a.sctx.UpdateAndInfoFallback("Skipped")
-		a.sctx.Warning()
-		return
-	}
 
 	if len(toDelete) != 0 {
 		a.sctx.InfoFallback("Deleting %d objects", len(toDelete))
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 3690ecdd8..77b1e31ad 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -42,10 +42,6 @@ func (u *diffUtil) Diff() {
 	u.calcRemoteObjectsForDiff()
 
 	for _, d := range u.deployments {
-		if !d.CheckInclusionForDeploy() {
-			continue
-		}
-
 		ignoreForDiffs := d.Project.GetIgnoreForDiffs(u.IgnoreTags, u.IgnoreLabels, u.IgnoreAnnotations)
 		for _, o := range d.Objects {
 			o := o

From 553d8ea76cd019446421ae18274d7873d4e5829e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 17:07:38 +0100
Subject: [PATCH 0648/2268] feat: Allow inclusion flags on render command

---
 cmd/kluctl/commands/cmd_render.go | 2 ++
 docs/reference/commands/render.md | 1 +
 2 files changed, 3 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 9c4152129..f8e252804 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -15,6 +15,7 @@ type renderCmd struct {
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
+	args.InclusionFlags
 	args.HelmCredentials
 	args.RenderOutputDirFlags
 	args.OfflineKubernetesFlags
@@ -43,6 +44,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
+		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
diff --git a/docs/reference/commands/render.md b/docs/reference/commands/render.md
index 3556e40c0..5681e0f57 100644
--- a/docs/reference/commands/render.md
+++ b/docs/reference/commands/render.md
@@ -23,6 +23,7 @@ a temporary directory or a specified directory.
 The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
+1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "render" "Misc arguments" true -->

From 0275419164233600a55c940017695b872eb5313d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2022 17:57:37 +0100
Subject: [PATCH 0649/2268] feat: Allow to ignore missing variable sources

---
 docs/reference/templating/variable-sources.md |   5 +
 pkg/types/vars_source.go                      |   5 +
 pkg/vars/aws/fake_clientfactory.go            |   3 +-
 pkg/vars/vars_loader.go                       |  66 ++++++---
 pkg/vars/vars_loader_http.go                  |  11 +-
 pkg/vars/vars_loader_test.go                  | 132 +++++++++++++++++-
 pkg/vars/vault/secrets.go                     |  11 +-
 7 files changed, 204 insertions(+), 29 deletions(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 2f4a4137f..43c03e071 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -27,11 +27,16 @@ following example.
 vars:
 - file: vars1.yaml
 - file: vars2.yaml
+- file: optional-vars.yaml
+  ignoreMissing: true
 ```
 
 `vars2.yaml` can now use variables that are defined in `vars1.yaml`. At all times, variables defined by
 parents of the current sub-deployment project can be used in the current vars file.
 
+Each variable source can have the optional field `ignoreMissing` set to `true`, causing Kluctl to ignore if the source
+can not be found.
+
 Different types of vars entries are possible:
 
 ### file
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index af8a235cc..c32578469 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -54,6 +54,8 @@ type VarsSourceVault struct {
 }
 
 type VarsSource struct {
+	IgnoreMissing *bool `yaml:"ignoreMissing,omitempty"`
+
 	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
 	File              *string                             `yaml:"file,omitempty"`
 	Git               *VarsSourceGit                      `yaml:"git,omitempty"`
@@ -71,6 +73,9 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	count := 0
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
+		if v.Type().Field(i).Name == "IgnoreMissing" {
+			continue
+		}
 		if !v.Field(i).IsNil() {
 			count += 1
 		}
diff --git a/pkg/vars/aws/fake_clientfactory.go b/pkg/vars/aws/fake_clientfactory.go
index 219dc1259..d06d68fd5 100644
--- a/pkg/vars/aws/fake_clientfactory.go
+++ b/pkg/vars/aws/fake_clientfactory.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
 )
@@ -27,7 +28,7 @@ func (f *FakeAwsClientFactory) GetSecretValue(in *secretsmanager.GetSecretValueI
 		}, nil
 	}
 
-	return nil, fmt.Errorf("secret %s not found", *in.SecretId)
+	return nil, awserr.New(secretsmanager.ErrCodeResourceNotFoundException, fmt.Sprintf("secret %s not found", *in.SecretId), nil)
 }
 
 func (f *FakeAwsClientFactory) SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error) {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 6ead52755..40e0bea86 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -3,7 +3,10 @@ package vars
 import (
 	"context"
 	"encoding/base64"
+	errors2 "errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -16,6 +19,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"strings"
@@ -74,25 +78,30 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return err
 	}
 
+	ignoreMissing := false
+	if source.IgnoreMissing != nil {
+		ignoreMissing = *source.IgnoreMissing
+	}
+
 	if source.Values != nil {
 		v.mergeVars(varsCtx, source.Values, rootKey)
 		return nil
 	} else if source.File != nil {
-		return v.loadFile(varsCtx, *source.File, searchDirs, rootKey)
+		return v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs, rootKey)
 	} else if source.Git != nil {
-		return v.loadGit(varsCtx, source.Git, rootKey)
+		return v.loadGit(varsCtx, source.Git, ignoreMissing, rootKey)
 	} else if source.ClusterConfigMap != nil {
-		return v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, rootKey, false)
+		return v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, rootKey, ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
-		return v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, rootKey, true)
+		return v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, rootKey, ignoreMissing, true)
 	} else if source.SystemEnvVars != nil {
-		return v.loadSystemEnvs(varsCtx, &source, rootKey)
+		return v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
 	} else if source.Http != nil {
-		return v.loadHttp(varsCtx, &source, rootKey)
+		return v.loadHttp(varsCtx, &source, ignoreMissing, rootKey)
 	} else if source.AwsSecretsManager != nil {
-		return v.loadAwsSecretsManager(varsCtx, &source, rootKey)
+		return v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing, rootKey)
 	} else if source.Vault != nil {
-		return v.loadVault(varsCtx, &source, rootKey)
+		return v.loadVault(varsCtx, &source, ignoreMissing, rootKey)
 	}
 	return fmt.Errorf("invalid vars source")
 }
@@ -105,7 +114,11 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 	}
 }
 
-func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string, rootKey string) error {
+func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string, rootKey string) error {
+	if ignoreMissing && !utils.Exists(path) {
+		return nil
+	}
+
 	rendered, err := varsCtx.RenderFile(path, searchDirs)
 	if err != nil {
 		return fmt.Errorf("failed to render vars file %s: %w", path, err)
@@ -139,7 +152,7 @@ func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, searchDirs []string
 	return nil
 }
 
-func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
+func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
 	newVars := uo.New()
 	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 		envName, ok := it.Value().(string)
@@ -164,6 +177,9 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 				envValueStr = `""`
 			}
 		} else {
+			if ignoreMissing {
+				return nil
+			}
 			return fmt.Errorf("environment variable %s not found for %s", envName, it.KeyPath().ToJsonPath())
 		}
 
@@ -186,27 +202,39 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 	return nil
 }
 
-func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
+func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
 	if v.aws == nil {
 		return fmt.Errorf("no AWS client factory provided")
 	}
 
 	secret, err := aws.GetAwsSecretsManagerSecret(v.aws, source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
 	if err != nil {
+		var aerr awserr.Error
+		if errors2.As(err, &aerr) {
+			if ignoreMissing && aerr.Code() == secretsmanager.ErrCodeResourceNotFoundException {
+				return nil
+			}
+		}
 		return err
 	}
 	return v.loadFromString(varsCtx, secret, "awsSecretsManager", rootKey)
 }
 
-func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
+func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
 	secret, err := vault.GetSecret(source.Vault.Address, source.Vault.Path)
 	if err != nil {
 		return err
 	}
-	return v.loadFromString(varsCtx, secret, "vault", rootKey)
+	if secret == nil {
+		if ignoreMissing {
+			return nil
+		}
+		return fmt.Errorf("the specified vault secret was not found")
+	}
+	return v.loadFromString(varsCtx, *secret, "vault", rootKey)
 }
 
-func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, rootKey string) error {
+func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool, rootKey string) error {
 	ge, err := v.rp.GetEntry(gitFile.Url)
 	if err != nil {
 		return err
@@ -217,10 +245,10 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, roo
 		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
 
-	return v.loadFile(varsCtx, gitFile.Path, []string{clonedDir}, rootKey)
+	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir}, rootKey)
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, base64Decode bool) error {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, ignoreMissing bool, base64Decode bool) error {
 	if v.k == nil {
 		return fmt.Errorf("loading vars from cluster is disabled")
 	}
@@ -231,6 +259,9 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 	if varsSource.Name != "" {
 		o, _, err = v.k.GetSingleObject(k8s2.NewObjectRef("", "v1", kind, varsSource.Name, varsSource.Namespace))
 		if err != nil {
+			if ignoreMissing && errors.IsNotFound(err) {
+				return nil
+			}
 			return err
 		}
 	} else {
@@ -243,6 +274,9 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 			return err
 		}
 		if len(objs) == 0 {
+			if ignoreMissing {
+				return nil
+			}
 			return fmt.Errorf("no object found with labels %v", varsSource.Labels)
 		}
 		if len(objs) > 1 {
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 2f70cd260..7de4ca0a2 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -14,7 +14,7 @@ import (
 	"strings"
 )
 
-func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, password string) (*http.Response, string, error) {
+func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, ignoreMissing bool, username string, password string) (*http.Response, string, error) {
 	client := &http.Client{
 		Transport: ntlmssp.Negotiator{
 			RoundTripper: &http.Transport{
@@ -64,8 +64,8 @@ func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, username string, p
 	return resp, string(respBody), nil
 }
 
-func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, rootKey string) error {
-	resp, respBody, err := v.doHttp(source.Http, "", "")
+func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
+	resp, respBody, err := v.doHttp(source.Http, ignoreMissing, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
@@ -95,11 +95,14 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, rootKe
 			v.credentialsCache[credsKey] = creds
 		}
 
-		resp, respBody, err = v.doHttp(source.Http, creds.username, creds.password)
+		resp, respBody, err = v.doHttp(source.Http, ignoreMissing, creds.username, creds.password)
 		if err != nil {
 			return err
 		}
 	} else if err != nil {
+		if ignoreMissing && resp != nil && resp.StatusCode == http.StatusNotFound {
+			return nil
+		}
 		return err
 	}
 
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index ecf2e006e..b4d4a0f38 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -27,6 +27,7 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 )
 
@@ -88,6 +89,15 @@ func TestVarsLoader_File(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(t, int64(42), v)
 	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			File:          utils.StrPtr("test-missing.yaml"),
+		}, []string{d}, "")
+		assert.NoError(t, err)
+	})
 }
 
 func TestVarsLoader_SopsFile(t *testing.T) {
@@ -177,6 +187,19 @@ func TestVarsLoader_Git(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(t, int64(42), v)
 	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		url, _ := git_url.Parse(gs.GitUrl("repo"))
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			Git: &types.VarsSourceGit{
+				Url:  *url,
+				Path: "test-missing.yaml",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	})
 }
 
 func TestVarsLoader_GitBranch(t *testing.T) {
@@ -259,6 +282,19 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 		}, nil, "")
 		assert.EqualError(t, err, "key vars1 not found in ns/ConfigMap/cm on cluster")
 	}, &cm)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "cm-missing",
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	}, &cm)
 }
 
 func TestVarsLoader_ClusterSecret(t *testing.T) {
@@ -302,6 +338,19 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 		}, nil, "")
 		assert.EqualError(t, err, "key vars1 not found in ns/Secret/s on cluster")
 	}, &secret)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "s-missing",
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	}, &secret)
 }
 
 func TestVarsLoader_K8sObjectLabels(t *testing.T) {
@@ -345,6 +394,19 @@ func TestVarsLoader_K8sObjectLabels(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedInt("test3", "test4")
 		assert.Equal(t, int64(43), v)
 	}, &cm1, &cm2)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Labels:    map[string]string{"label2": "value-missing"},
+				Namespace: "ns",
+				Key:       "vars",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	}, &cm1, &cm2)
 }
 
 func TestVarsLoader_SystemEnv(t *testing.T) {
@@ -398,17 +460,38 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 		}, nil, "")
 		assert.EqualError(t, err, "environment variable TEST5 not found for test5")
 	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			SystemEnvVars: uo.FromMap(map[string]interface{}{
+				"test1": "TEST-MISSING",
+			}),
+		}, nil, "")
+		assert.NoError(t, err)
+
+		_, ok, _ := vc.Vars.GetNestedField("test1")
+		assert.False(t, ok)
+	})
 }
 
 func TestVarsLoader_Http_GET(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		_, _ = w.Write([]byte(`{"test1": {"test2": 42}}`))
+		if strings.HasSuffix(r.URL.Path, "/ok") {
+			_, _ = w.Write([]byte(`{"test1": {"test2": 42}}`))
+		} else if strings.HasSuffix(r.URL.Path, "/error") {
+			http.Error(w, "error", http.StatusInternalServerError)
+		} else {
+			http.NotFound(w, r)
+		}
 	}))
 	defer ts.Close()
 
-	u, _ := url.Parse(ts.URL)
-
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		u, _ := url.Parse(ts.URL)
+		u.Path += "/ok"
+
 		err := vl.LoadVars(vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
@@ -419,6 +502,33 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(t, int64(42), v)
 	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		u, _ := url.Parse(ts.URL)
+		u.Path += "/missing"
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			Http: &types.VarsSourceHttp{
+				Url: types.YamlUrl{URL: *u},
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		u, _ := url.Parse(ts.URL)
+		u.Path += "/error"
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			Http: &types.VarsSourceHttp{
+				Url: types.YamlUrl{URL: *u},
+			},
+		}, nil, "")
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "failed with status code 500")
+	})
 }
 
 func TestVarsLoader_Http_POST(t *testing.T) {
@@ -543,4 +653,20 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(t, int64(42), v)
 	})
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		aws.Secrets = map[string]string{
+			"secret": `{"test1": {"test2": 42}}`,
+		}
+
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
+				SecretName: "missing",
+				Region:     utils.StrPtr("eu-central1"),
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+	})
 }
diff --git a/pkg/vars/vault/secrets.go b/pkg/vars/vault/secrets.go
index 49f04618f..7d4fb9012 100644
--- a/pkg/vars/vault/secrets.go
+++ b/pkg/vars/vault/secrets.go
@@ -13,19 +13,20 @@ var httpClient = &http.Client{
 	Timeout: 15 * time.Second,
 }
 
-func GetSecret(server string, path string) (string, error) {
+func GetSecret(server string, path string) (*string, error) {
 	client, err := api.NewClient(&api.Config{Address: server, HttpClient: httpClient})
 	if err != nil {
-		return "", fmt.Errorf("failed to create vault %s client", server)
+		return nil, fmt.Errorf("failed to create vault %s client", server)
 	}
 	secret, err := client.Logical().Read(path)
 	if err != nil {
-		return "", fmt.Errorf("reading from vault failed: %v", err)
+		return nil, fmt.Errorf("reading from vault failed: %v", err)
 	}
 	if secret == nil || secret.Data == nil {
-		return "", fmt.Errorf("the specified vault secret was not found")
+		return nil, nil
 	}
 	data, _ := secret.Data["data"].(map[string]interface{})
 	jsonData, _ := json.Marshal(data)
-	return string(jsonData), nil
+	ret := string(jsonData)
+	return &ret, nil
 }

From 63182574f360610bceebaa86cd0dad9a303f3b65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Dec 2022 22:08:14 +0000
Subject: [PATCH 0650/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.154 to 1.44.157

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.154 to 1.44.157.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.154...v1.44.157)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ab79f6f8b..957530805 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.154
+	github.com/aws/aws-sdk-go v1.44.157
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 4b69beba1..c627a02b2 100644
--- a/go.sum
+++ b/go.sum
@@ -131,8 +131,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.154 h1:2TaEC8JIM/t7Fu+FBmdOBK5jFUAVL07tbpfJsLuVo3Q=
-github.com/aws/aws-sdk-go v1.44.154/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.157 h1:JVBPpEWC8+yA7CbfAuTl/ZFFlHS3yoqWFqxFyTCISwg=
+github.com/aws/aws-sdk-go v1.44.157/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From aae82d0e28b2eaad9028aeef489d59eccd5b8d58 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Dec 2022 22:08:33 +0000
Subject: [PATCH 0651/2268] chore(deps): Bump k8s.io/api from 0.25.4 to 0.26.0

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.4 to 0.26.0.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.25.4...v0.26.0)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index ab79f6f8b..79fcb8c5e 100644
--- a/go.mod
+++ b/go.mod
@@ -47,9 +47,9 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.2
-	k8s.io/api v0.25.4
+	k8s.io/api v0.26.0
 	k8s.io/apiextensions-apiserver v0.25.4
-	k8s.io/apimachinery v0.25.4
+	k8s.io/apimachinery v0.26.0
 	k8s.io/client-go v0.25.4
 	k8s.io/klog/v2 v2.80.1
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
diff --git a/go.sum b/go.sum
index 4b69beba1..9b23f2e91 100644
--- a/go.sum
+++ b/go.sum
@@ -1331,12 +1331,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.25.4 h1:3YO8J4RtmG7elEgaWMb4HgmpS2CfY1QlaOz9nwB+ZSs=
-k8s.io/api v0.25.4/go.mod h1:IG2+RzyPQLllQxnhzD8KQNEu4c4YvyDTpSMztf4A0OQ=
+k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I=
+k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg=
 k8s.io/apiextensions-apiserver v0.25.4 h1:7hu9pF+xikxQuQZ7/30z/qxIPZc2J1lFElPtr7f+B6U=
 k8s.io/apiextensions-apiserver v0.25.4/go.mod h1:bkSGki5YBoZWdn5pWtNIdGvDrrsRWlmnvl9a+tAw5vQ=
-k8s.io/apimachinery v0.25.4 h1:CtXsuaitMESSu339tfhVXhQrPET+EiWnIY1rcurKnAc=
-k8s.io/apimachinery v0.25.4/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
+k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg=
+k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
 k8s.io/apiserver v0.25.4 h1:/3TwZcgLqX7wUxq7TtXOUqXeBTwXIblVMQdhR5XZ7yo=
 k8s.io/apiserver v0.25.4/go.mod h1:rPcm567XxjOnnd7jedDUnGJGmDGAo+cT6H7QHAN+xV0=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=

From 096659c65d305a78f3ddbc2e956f4907eba642c2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 00:50:36 +0100
Subject: [PATCH 0652/2268] tests: Actually collect and return stdout

---
 e2e/test-utils/project.go | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 9a87be0f1..441d8250c 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -422,22 +422,28 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
 	var m sync.Mutex
-	stdout := bytes.NewBuffer(nil)
-	stderr := bytes.NewBuffer(nil)
+	stdoutBuf := bytes.NewBuffer(nil)
+	stdout := status.NewLineRedirector(func(line string) {
+		m.Lock()
+		defer m.Unlock()
+		p.t.Log(line)
+		stdoutBuf.WriteString(line + "\n")
+	})
+	stderrBuf := bytes.NewBuffer(nil)
 
 	ctx := context.Background()
 	ctx = utils.WithTmpBaseDir(ctx, p.t.TempDir())
-	ctx = commands.WithStdStreams(ctx, stdout, stderr)
+	ctx = commands.WithStdStreams(ctx, stdout, stderrBuf)
 	sh := status.NewSimpleStatusHandler(func(message string) {
 		m.Lock()
 		defer m.Unlock()
 		p.t.Log(message)
-		stderr.WriteString(message + "\n")
+		stderrBuf.WriteString(message + "\n")
 	}, false, true)
 	defer sh.Stop()
 	ctx = status.NewContext(ctx, sh)
 	err := commands.Execute(ctx, args, nil)
-	return stdout.String(), stderr.String(), err
+	return stdoutBuf.String(), stderrBuf.String(), err
 }
 
 func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {

From 9f7d5cc8937f46e420340e48aeabbdae357820ff Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 00:51:17 +0100
Subject: [PATCH 0653/2268] feat: Don't force-replace objects marked with
 kluctl.io/skip-delete

---
 e2e/skip_delete_test.go              | 132 +++++++++++++++++++++++++++
 e2e/utils.go                         |  10 ++
 pkg/deployment/utils/apply_utils.go  |  16 +++-
 pkg/deployment/utils/delete_utils.go |  26 ++++--
 4 files changed, 171 insertions(+), 13 deletions(-)
 create mode 100644 e2e/skip_delete_test.go

diff --git a/e2e/skip_delete_test.go b/e2e/skip_delete_test.go
new file mode 100644
index 000000000..ba7802e2e
--- /dev/null
+++ b/e2e/skip_delete_test.go
@@ -0,0 +1,132 @@
+package e2e
+
+import (
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"strings"
+	"testing"
+)
+
+func TestSkipDelete(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", map[string]string{}, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm3", map[string]string{}, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"kluctl.io/skip-delete": "true",
+		},
+	})
+	addConfigMapDeployment(p, "cm4", map[string]string{}, resourceOpts{
+		name:      "cm4",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"helm.sh/resource-policy": "keep",
+		},
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm4")
+
+	cm2.SetK8sAnnotation("kluctl.io/skip-delete", "true")
+	updateObject(t, k, cm2)
+
+	p.KluctlMust("delete", "--yes", "-t", "test")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm1")
+	cm2 = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm4")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	cm1.SetK8sAnnotation("kluctl.io/skip-delete", "true")
+	cm2.SetK8sAnnotation("kluctl.io/skip-delete", "false")
+	updateObject(t, k, cm1)
+	updateObject(t, k, cm2)
+	p.DeleteKustomizeDeployment("cm1")
+	p.DeleteKustomizeDeployment("cm2")
+	p.DeleteKustomizeDeployment("cm3")
+	p.KluctlMust("prune", "--yes", "-t", "test")
+	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm4")
+}
+
+func TestForceReplaceSkipDelete(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{
+		"k1": "v1",
+	}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"kluctl.io/skip-delete": "true",
+		},
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assert.Equal(t, map[string]any{
+		"k1": "v1",
+	}, cm1.Object["data"])
+
+	p.UpdateYaml("cm1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v2", "data", "k1")
+		return nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assert.Equal(t, map[string]any{
+		"k1": "v2",
+	}, cm1.Object["data"])
+
+	invalidLabel := "invalid_label_" + strings.Repeat("x", 63)
+	p.UpdateYaml("cm1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		o.SetK8sLabel(invalidLabel, "invalid_label")
+		return nil
+	}, "")
+	stdout, _, err := p.Kluctl("deploy", "--yes", "-t", "test")
+	assert.Error(t, err)
+	assert.Contains(t, stdout, "invalid: metadata.labels")
+	// make sure it did not try to replace it
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+
+	stdout, stderr, err := p.Kluctl("deploy", "--yes", "-t", "test", "--force-replace-on-error")
+	assert.Error(t, err)
+	assert.Contains(t, stdout, "retrying with replace instead of patch")
+	assert.Contains(t, stderr, "skipped forced replace")
+	assert.Contains(t, stdout, "invalid: metadata.labels")
+	// make sure it did not try to replace it
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+}
diff --git a/e2e/utils.go b/e2e/utils.go
index 5d4a234a0..1e3b6c61b 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
 	"testing"
 )
@@ -53,3 +55,11 @@ func assertNestedFieldEquals(t *testing.T, o *uo.UnstructuredObject, expected in
 		t.Fatalf("%v != %v", v, expected)
 	}
 }
+
+func updateObject(t *testing.T, k *test_utils.EnvTestCluster, o *uo.UnstructuredObject) {
+	_, err := k.DynamicClient.Resource(schema.GroupVersionResource{
+		Version:  "v1",
+		Resource: "configmaps",
+	}).Namespace(o.GetK8sNamespace()).Update(context.Background(), o.ToUnstructured(), metav1.UpdateOptions{})
+	assert.NoError(t, err)
+}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 2bee3e50d..78bc51836 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -180,7 +180,7 @@ func (a *ApplyUtil) DeleteObject(ref k8s2.ObjectRef, hook bool) bool {
 	return true
 }
 
-func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool, applyError error) {
+func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool, remoteObject *uo.UnstructuredObject, applyError error) {
 	ref := x.GetK8sRef()
 
 	if !a.o.ForceReplaceOnError {
@@ -188,6 +188,16 @@ func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool,
 		return
 	}
 
+	skipDelete := isSkipDelete(x)
+	if remoteObject != nil {
+		skipDelete = skipDelete || isSkipDelete(remoteObject)
+	}
+	if skipDelete {
+		status.Warning(a.ctx, "skipped forced replace of %s", ref.String())
+		a.HandleError(ref, applyError)
+		return
+	}
+
 	warn := fmt.Errorf("patching %s failed, retrying by deleting and re-applying", ref.String())
 	a.HandleWarning(ref, warn)
 	status.Warning(a.ctx, warn.Error())
@@ -235,7 +245,7 @@ func (a *ApplyUtil) retryApplyWithReplace(x *uo.UnstructuredObject, hook bool, r
 	r, apiWarnings, err := a.k.UpdateObject(x, o)
 	a.handleApiWarnings(ref, apiWarnings)
 	if err != nil {
-		a.retryApplyForceReplace(x, hook, err)
+		a.retryApplyForceReplace(x, hook, remoteObject, err)
 		return
 	}
 	a.handleResult(r, hook)
@@ -334,8 +344,6 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		a.HandleError(ref, err)
 	} else if errors.IsConflict(err) {
 		a.retryApplyWithConflicts(x, hook, remoteObject, err)
-	} else if errors.IsInternalError(err) {
-		a.HandleError(ref, err)
 	} else {
 		a.retryApplyWithReplace(x, hook, remoteObject, err)
 	}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index babaa5a4b..d79f5d229 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -47,6 +47,22 @@ func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef
 	return ref
 }
 
+func isSkipDelete(o *uo.UnstructuredObject) bool {
+	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete")) {
+		return true
+	}
+
+	helmResourcePolicy := o.GetK8sAnnotation("helm.sh/resource-policy")
+	if helmResourcePolicy != nil && *helmResourcePolicy == "keep" {
+		// warning, this is currently not how Helm handles it. Helm will only respect annotations set in the Chart
+		// itself, while Kluctl will also respect it when manually set on the live resource
+		// See: https://github.com/helm/helm/issues/8132
+		return true
+	}
+
+	return false
+}
+
 func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject, apiFilter []string, inclusionHasTags bool, excludedObjects map[k8s2.ObjectRef]bool) ([]*uo.UnstructuredObject, error) {
 	filterFunc := func(ar *v1.APIResource) bool {
 		if len(apiFilter) == 0 {
@@ -77,15 +93,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 		managedFields := o.GetK8sManagedFields()
 
 		// exclude when explicitly requested
-		if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete")) {
-			continue
-		}
-
-		helmResourcePolicy := o.GetK8sAnnotation("helm.sh/resource-policy")
-		if helmResourcePolicy != nil && *helmResourcePolicy == "keep" {
-			// warning, this is currently not how Helm handles it. Helm will only respect annotations set in the Chart
-			// itself, while Kluctl will also respect it when manually set on the live resource
-			// See: https://github.com/helm/helm/issues/8132
+		if isSkipDelete(o) {
 			continue
 		}
 

From 5f0338566fb26048e198b9c99acd388c95994fde Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 01:01:54 +0100
Subject: [PATCH 0654/2268] chore: Upgrade go-git to v5.5.0

---
 go.mod                             |  6 ++--
 go.sum                             | 51 +++++++++++++++---------------
 pkg/git/auth/list_auth_provider.go | 12 +++++--
 3 files changed, 39 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index ab79f6f8b..e3b62184a 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.11.0
-	github.com/go-git/go-git/v5 v5.4.2
+	github.com/go-git/go-git/v5 v5.5.0
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -88,7 +88,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
@@ -195,6 +195,7 @@ require (
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
+	github.com/pjbgf/sha1cd v0.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
@@ -206,6 +207,7 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/skeema/knownhosts v1.1.0 // indirect
 	github.com/spf13/afero v1.9.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 4b69beba1..7eb91241c 100644
--- a/go.sum
+++ b/go.sum
@@ -96,17 +96,14 @@ github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmy
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad h1:QeeqI2zxxgZVe11UrYFXXx6gVxPVF40ygekjBzEg4XY=
-github.com/ProtonMail/go-crypto v0.0.0-20220930113650-c6815a8c17ad/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
+github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
@@ -117,8 +114,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -217,7 +214,6 @@ github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/emicklei/go-restful/v3 v3.10.0 h1:X4gma4HM7hFm6WMeAsTfqA0GOfdNoCzBIkHGoRLGXuM=
 github.com/emicklei/go-restful/v3 v3.10.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -246,25 +242,23 @@ github.com/fluxcd/pkg/apis/kustomize v0.7.0 h1:X2htBmJ91nGYv4d93gin665MFWKNGiNwU
 github.com/fluxcd/pkg/apis/kustomize v0.7.0/go.mod h1:Mu+KdktsEKWA4l/33CZdY5lB4hz51mqfcLzBZSwAqVg=
 github.com/fluxcd/pkg/kustomize v0.11.0 h1:zseS9LRUuzhP/7KamccmsOgYpJAdhqtsf+2wN/CHF3I=
 github.com/fluxcd/pkg/kustomize v0.11.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
+github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
-github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
+github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
+github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
+github.com/go-git/go-git/v5 v5.5.0 h1:StO/ASRvk1Pp74tr7XQ0pQwKlCFignzzTF/NLKdQzUE=
+github.com/go-git/go-git/v5 v5.5.0/go.mod h1:g456XI30HAdt7GQtIf8JR6GDAdULGaR4KtfFtQa0uTg=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -495,7 +489,6 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -531,7 +524,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -687,6 +679,8 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pjbgf/sha1cd v0.2.0 h1:gIsJVwjbRviE4gydidGztxH1IlJQoYBcCrwG4Dz8wvM=
+github.com/pjbgf/sha1cd v0.2.0/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -761,13 +755,14 @@ github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5g
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
+github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -814,7 +809,7 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
+github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4 h1:3kHD8uZqiYes9JHdd3FzuyUbG10g9Bp9EOfqkSHIhg4=
 github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -866,7 +861,6 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -876,14 +870,16 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
 golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -962,7 +958,6 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -970,7 +965,9 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1018,7 +1015,6 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1053,12 +1049,10 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1075,15 +1069,20 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index e11cb176c..44e75c477 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	ssh2 "golang.org/x/crypto/ssh"
 	"strings"
 )
 
@@ -79,13 +80,20 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 			if err != nil {
 				a.MessageCallbacks.Trace("ListAuthProvider: failed to parse private key: %v", err)
 			} else {
-				pk.HostKeyCallback = buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts)
+				hostKeyCallback := buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts)
 				return AuthMethodAndCA{
 					AuthMethod: pk,
 					Hash: func() ([]byte, error) {
 						return buildHash(pk.Signer)
 					},
-					ClientConfig: pk.ClientConfig,
+					ClientConfig: func() (*ssh2.ClientConfig, error) {
+						ccfg, err := pk.ClientConfig()
+						if err != nil {
+							return nil, err
+						}
+						ccfg.HostKeyCallback = hostKeyCallback
+						return ccfg, nil
+					},
 				}
 			}
 		} else {

From c9aa3d1628b8687165e20c26e4a642428fe5aa02 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 01:07:59 +0100
Subject: [PATCH 0655/2268] tests: Fix race condition

---
 e2e/test-utils/project.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 441d8250c..b97497f98 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -440,9 +440,16 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 		p.t.Log(message)
 		stderrBuf.WriteString(message + "\n")
 	}, false, true)
-	defer sh.Stop()
+	defer func() {
+		if sh != nil {
+			sh.Stop()
+		}
+	}()
 	ctx = status.NewContext(ctx, sh)
 	err := commands.Execute(ctx, args, nil)
+	sh.Stop()
+	sh = nil
+	_ = stdout.Close()
 	return stdoutBuf.String(), stderrBuf.String(), err
 }
 

From 0e712d3c1fa009abf8fc9f3c3fb130c6cb727115 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 01:21:30 +0100
Subject: [PATCH 0656/2268] fix: Wait for lineRedirector to finish when calling
 Close()

---
 pkg/status/utils.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/pkg/status/utils.go b/pkg/status/utils.go
index cc5002217..4930ddf2f 100644
--- a/pkg/status/utils.go
+++ b/pkg/status/utils.go
@@ -5,8 +5,23 @@ import (
 	"io"
 )
 
+type lineRedirector struct {
+	io.WriteCloser
+	done chan bool
+}
+
+func (lr *lineRedirector) Close() error {
+	err := lr.WriteCloser.Close()
+	if err != nil {
+		return err
+	}
+	<-lr.done
+	return nil
+}
+
 func NewLineRedirector(cb func(line string)) io.WriteCloser {
 	r, w := io.Pipe()
+	done := make(chan bool, 1)
 
 	go func() {
 		br := bufio.NewReader(r)
@@ -18,9 +33,10 @@ func NewLineRedirector(cb func(line string)) io.WriteCloser {
 			}
 			cb(msg)
 		}
+		done <- true
 	}()
 
-	return w
+	return &lineRedirector{w, done}
 }
 
 type replaceRReader struct {

From 56eb1e32c5403f6155dc2c806950388d76c19f54 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 01:29:25 +0100
Subject: [PATCH 0657/2268] fix: Upgrade github.com/pjbgf/sha1cd to 0.2.3 to
 fix !cgo compilation

---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 49328dda2..484ebe921 100644
--- a/go.mod
+++ b/go.mod
@@ -195,7 +195,7 @@ require (
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
-	github.com/pjbgf/sha1cd v0.2.0 // indirect
+	github.com/pjbgf/sha1cd v0.2.3 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
diff --git a/go.sum b/go.sum
index 07e98a652..5ce647007 100644
--- a/go.sum
+++ b/go.sum
@@ -679,8 +679,9 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pjbgf/sha1cd v0.2.0 h1:gIsJVwjbRviE4gydidGztxH1IlJQoYBcCrwG4Dz8wvM=
 github.com/pjbgf/sha1cd v0.2.0/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
+github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI=
+github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

From c534527a165594e11acaef426f8a387c39e278bf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Dec 2022 21:57:26 +0100
Subject: [PATCH 0658/2268] fix: Fix potential crash in readCachedResponse

---
 pkg/registries/registries.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index ffda2e3f8..b372b06b6 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -337,6 +337,10 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 	}
 
 	res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(b)), nil)
+	if err != nil {
+		status.Warning(rh.ctx, "readCachedResponse failed: %v", err)
+		return nil
+	}
 
 	if strings.HasPrefix(res.Header.Get("Content-Type"), "application/json") {
 		jb, err := io.ReadAll(res.Body)

From 85888a3370ba4a05e32dd37a0113dbfd3fa29cea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 09:23:06 +0100
Subject: [PATCH 0659/2268] refactor: Move HelmChart into own package

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  4 ++--
 cmd/kluctl/commands/cmd_helm_update.go | 12 ++++++------
 pkg/deployment/deployment_item.go      |  5 +++--
 pkg/deployment/shared_context.go       |  3 ++-
 pkg/{deployment => helm}/helm_chart.go |  2 +-
 pkg/kluctl_project/target_context.go   |  3 ++-
 6 files changed, 16 insertions(+), 13 deletions(-)
 rename pkg/{deployment => helm}/helm_chart.go (99%)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index ab2d7bf66..1dd11609c 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/sync/semaphore"
@@ -84,7 +84,7 @@ func doPull(ctx context.Context, statusPrefix string, p string, helmCredentials
 		return err
 	}
 
-	chart, err := deployment.NewHelmChart(p)
+	chart, err := helm.NewHelmChart(p)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 225caec92..daafebf19 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -6,8 +6,8 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/sync/semaphore"
@@ -51,7 +51,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	type updatedChart struct {
 		path        string
-		chart       *deployment.HelmChart
+		chart       *helm.HelmChart
 		newVersion  string
 		oldVersion  string
 		pullSuccess bool
@@ -127,19 +127,19 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	return errs.ErrorOrNil()
 }
 
-func (cmd *helmUpdateCmd) doCheckUpdate(ctx context.Context, gitRootPath string, p string) (*deployment.HelmChart, string, bool, error) {
+func (cmd *helmUpdateCmd) doCheckUpdate(ctx context.Context, gitRootPath string, p string) (*helm.HelmChart, string, bool, error) {
 	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
 	if err != nil {
 		return nil, "", false, err
 	}
 
 	s := status.Start(ctx, "%s: Checking for updates", statusPrefix)
-	doError := func(err error) (*deployment.HelmChart, string, bool, error) {
+	doError := func(err error) (*helm.HelmChart, string, bool, error) {
 		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return nil, "", false, err
 	}
 
-	chart, err := deployment.NewHelmChart(p)
+	chart, err := helm.NewHelmChart(p)
 	if err != nil {
 		return doError(err)
 	}
@@ -164,7 +164,7 @@ func (cmd *helmUpdateCmd) doCheckUpdate(ctx context.Context, gitRootPath string,
 	return chart, newVersion, updated, nil
 }
 
-func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath string, chart *deployment.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
+func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath string, chart *helm.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
 	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(chart.ConfigFile))
 	if err != nil {
 		return err
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 9051825d0..b63c7d704 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/fluxcd/pkg/kustomize"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -192,7 +193,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
-		chart, err := NewHelmChart(p)
+		chart, err := helm.NewHelmChart(p)
 		if err != nil {
 			return err
 		}
@@ -417,7 +418,7 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		if di.isHelmValuesYaml(de.Name()) {
 			continue
 		} else if di.isHelmChartYaml(de.Name()) {
-			c, err := NewHelmChart(filepath.Join(di.RenderedDir, subDir, de.Name()))
+			c, err := helm.NewHelmChart(filepath.Join(di.RenderedDir, subDir, de.Name()))
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 7fce849ce..dec1c4571 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -15,7 +16,7 @@ type SharedContext struct {
 	RP              *repocache.GitRepoCache
 	SopsDecrypter   sops.SopsDecrypter
 	VarsLoader      *vars.VarsLoader
-	HelmCredentials HelmCredentialsProvider
+	HelmCredentials helm.HelmCredentialsProvider
 
 	RenderDir                         string
 	SealedSecretsDir                  string
diff --git a/pkg/deployment/helm_chart.go b/pkg/helm/helm_chart.go
similarity index 99%
rename from pkg/deployment/helm_chart.go
rename to pkg/helm/helm_chart.go
index cf1cb825c..5c79c616e 100644
--- a/pkg/deployment/helm_chart.go
+++ b/pkg/helm/helm_chart.go
@@ -1,4 +1,4 @@
-package deployment
+package helm
 
 import (
 	"context"
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index bacf2d7d5..f07436014 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -37,7 +38,7 @@ type TargetContextParams struct {
 	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
-	HelmCredentials    deployment.HelmCredentialsProvider
+	HelmCredentials    helm.HelmCredentialsProvider
 	RenderOutputDir    string
 }
 

From cc8b1ebf9149d0d6e17242b696b095354ed8681a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 09:28:50 +0100
Subject: [PATCH 0660/2268] fix: Add omitempty to UpdateConstraints

---
 pkg/types/helm_chart.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 7cf645597..9ebc00118 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -5,7 +5,7 @@ type HelmChartConfig2 struct {
 	CredentialsId     *string `yaml:"credentialsId,omitempty"`
 	ChartName         *string `yaml:"chartName,omitempty"`
 	ChartVersion      *string `yaml:"chartVersion" validate:"required"`
-	UpdateConstraints *string `yaml:"updateConstraints"`
+	UpdateConstraints *string `yaml:"updateConstraints,omitempty"`
 	ReleaseName       string  `yaml:"releaseName" validate:"required"`
 	Namespace         *string `yaml:"namespace,omitempty"`
 	Output            *string `yaml:"output,omitempty"`

From ca06a858884a9bee5deeb004d202d07a68bf89f2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 09:36:30 +0100
Subject: [PATCH 0661/2268] feat: Store pre-pulled helm charts in central
 .helm-charts dir

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  97 ++++++---
 cmd/kluctl/commands/cmd_helm_update.go | 275 +++++++++++++++++--------
 pkg/deployment/deployment_item.go      |   4 +-
 pkg/deployment/shared_context.go       |   1 +
 pkg/helm/helm_chart.go                 | 125 ++++++++---
 pkg/kluctl_project/project.go          |   1 +
 pkg/kluctl_project/project_load.go     |   1 +
 pkg/kluctl_project/target_context.go   |   1 +
 8 files changed, 356 insertions(+), 149 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 1dd11609c..cb9ac562a 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -5,12 +5,13 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
 	"io/fs"
+	"os"
 	"path/filepath"
 	"sync"
 )
@@ -32,15 +33,14 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)
-	if err != nil {
-		return err
+	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
+		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
 
-	var errs *multierror.Error
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	sem := semaphore.NewWeighted(8)
+	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
+
+	chartsToPull := map[string]*helm.HelmChart{}
+	cleanupDirs := map[string][]string{}
 
 	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
@@ -48,24 +48,46 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 			return nil
 		}
 
-		statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
+		chart, err := helm.NewHelmChart(baseChartsDir, p)
 		if err != nil {
 			return err
 		}
 
+		chart.SetCredentials(&cmd.HelmCredentials)
+
+		cleanupDir := chart.GetChartDir(false)
+		cleanupDirs[cleanupDir] = append(cleanupDirs[cleanupDir], *chart.Config.ChartVersion)
+
+		if _, ok := chartsToPull[chart.GetChartDir(true)]; ok {
+			return nil
+		}
+
+		chartsToPull[chart.GetChartDir(true)] = chart
+		return nil
+	})
+
+	var errs *multierror.Error
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	sem := semaphore.NewWeighted(8)
+
+	for _, chart := range chartsToPull {
+		chart := chart
+		statusPrefix := chart.GetChartName()
+
 		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			s := status.Start(ctx, "%s: Pulling Chart", statusPrefix)
+			s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, *chart.Config.ChartVersion)
 			defer s.Failed()
-			err := doPull(ctx, statusPrefix, p, cmd.HelmCredentials, s)
+
+			err := chart.Pull(ctx)
 			if err != nil {
+				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 				return err
 			}
 			s.Success()
 			return nil
 		})
-
-		return nil
-	})
+	}
 	wg.Wait()
 	if err != nil {
 		errs = multierror.Append(errs, err)
@@ -75,27 +97,34 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		return fmt.Errorf("command failed")
 	}
 
-	return nil
-}
-
-func doPull(ctx context.Context, statusPrefix string, p string, helmCredentials args.HelmCredentials, s *status.StatusContext) error {
-	doError := func(err error) error {
-		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-		return err
-	}
-
-	chart, err := helm.NewHelmChart(p)
-	if err != nil {
-		return doError(err)
+	for dir, versions := range cleanupDirs {
+		des, err := os.ReadDir(dir)
+		if err != nil {
+			return err
+		}
+		for _, de := range des {
+			if !de.IsDir() {
+				continue
+			}
+			found := false
+			for _, v := range versions {
+				if v == de.Name() {
+					found = true
+					break
+				}
+			}
+			if !found {
+				chartName := filepath.Base(dir)
+				s := status.Start(ctx, "%s: Removing unused version %s", chartName, de.Name())
+				err = os.RemoveAll(filepath.Join(dir, de.Name()))
+				if err != nil {
+					s.Failed()
+					return err
+				}
+				s.Success()
+			}
+		}
 	}
 
-	chart.SetCredentials(&helmCredentials)
-
-	s.UpdateAndInfoFallback("%s: Pulling Chart %s with version %s", statusPrefix, chart.GetChartName(), *chart.Config.ChartVersion)
-
-	err = chart.Pull(ctx)
-	if err != nil {
-		return doError(err)
-	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index daafebf19..98dd66f4c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
 	"io/fs"
 	"math/rand"
@@ -33,30 +34,34 @@ func (cmd *helmUpdateCmd) Help() string {
 	return `Optionally performs the actual upgrade and/or add a commit to version control.`
 }
 
+type updatedChart struct {
+	charts     []*helm.HelmChart
+	newVersion string
+}
+
 func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	projectDir, err := cmd.ProjectDir.GetProjectDir()
 	if err != nil {
 		return err
 	}
 
+	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
+		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
+	}
+
 	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)
 	if err != nil {
 		return err
 	}
 
+	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
+
 	var errs *multierror.Error
 	var wg sync.WaitGroup
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(8)
 
-	type updatedChart struct {
-		path        string
-		chart       *helm.HelmChart
-		newVersion  string
-		oldVersion  string
-		pullSuccess bool
-	}
-	var updatedCharts []*updatedChart
+	chartsToCheck := map[string]*updatedChart{}
 
 	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
 		fname := filepath.Base(p)
@@ -64,8 +69,31 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			return nil
 		}
 
+		chart, err := helm.NewHelmChart(baseChartsDir, p)
+		if err != nil {
+			return err
+		}
+
+		chart.SetCredentials(&cmd.HelmCredentials)
+
+		key := buildKey(chart, chart.Config.UpdateConstraints, nil)
+		if uc2, ok := chartsToCheck[key]; ok {
+			uc2.charts = append(uc2.charts, chart)
+		} else {
+			chartsToCheck[key] = &updatedChart{
+				charts: []*helm.HelmChart{chart},
+			}
+		}
+		return nil
+	})
+
+	toKeep := map[string]bool{}
+	chartsToPull := map[string]*updatedChart{}
+
+	for _, uc := range chartsToCheck {
+		uc := uc
 		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			chart, newVersion, updated, err := cmd.doCheckUpdate(ctx, gitRootPath, p)
+			newVersion, err := cmd.doQueryLatestVersion(ctx, uc.charts[0])
 			if err != nil {
 				return err
 			}
@@ -73,22 +101,43 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			mutex.Lock()
 			defer mutex.Unlock()
 
-			if !chart.Config.SkipUpdate && updated {
-				updatedCharts = append(updatedCharts, &updatedChart{
-					path:       p,
-					chart:      chart,
+			key := buildKey(uc.charts[0], &newVersion, nil)
+			toKeep[key] = true
+
+			uc2, ok := chartsToPull[key]
+			if !ok {
+				uc2 = &updatedChart{
 					newVersion: newVersion,
-					oldVersion: *chart.Config.ChartVersion,
-				})
+				}
+				chartsToPull[key] = uc2
+			}
+
+			for _, chart := range uc.charts {
+				updated := newVersion != *chart.Config.ChartVersion
+				if updated && chart.Config.SkipUpdate {
+					status.Info(ctx, "%s: Skipping update to version %s", chart.GetChartName(), newVersion)
+					updated = false
+				}
+				if !updated {
+					toKeep[buildKey(chart, chart.Config.ChartVersion, nil)] = true
+					continue
+				}
+				if len(uc2.charts) == 0 {
+					status.Info(ctx, "%s: Chart has new version %s", chart.GetChartName(), newVersion)
+				}
+				uc2.charts = append(uc2.charts, chart)
+			}
+
+			if len(uc2.charts) == 0 {
+				delete(chartsToPull, key)
 			}
+
 			return nil
 		})
-		return nil
-	})
+	}
 	wg.Wait()
-	if err != nil {
-		errs = multierror.Append(errs, err)
-		return errs.ErrorOrNil()
+	if errs.ErrorOrNil() != nil {
+		return errs
 	}
 
 	if !cmd.Upgrade {
@@ -99,19 +148,19 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		sem = semaphore.NewWeighted(1)
 	}
 
-	for _, uc := range updatedCharts {
+	for _, uc := range chartsToPull {
 		uc := uc
 
 		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
 			if cmd.Interactive {
-				statusPrefix, _ := filepath.Rel(gitRootPath, filepath.Dir(uc.path))
-				if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s from version %s to %s?",
-					statusPrefix, uc.chart.GetChartName(), uc.oldVersion, uc.newVersion)) {
+				statusPrefix := uc.charts[0].GetChartName()
+				if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
+					statusPrefix, uc.charts[0].GetChartName(), uc.newVersion)) {
 					return nil
 				}
 			}
 
-			err := cmd.pullAndCommitChart(ctx, gitRootPath, uc.chart, uc.oldVersion, uc.newVersion, &mutex)
+			err := cmd.pullAndCommitCharts(ctx, gitRootPath, uc, toKeep, &mutex)
 			if err != nil {
 				return err
 			}
@@ -127,99 +176,155 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	return errs.ErrorOrNil()
 }
 
-func (cmd *helmUpdateCmd) doCheckUpdate(ctx context.Context, gitRootPath string, p string) (*helm.HelmChart, string, bool, error) {
-	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(p))
-	if err != nil {
-		return nil, "", false, err
+func buildKey(chart *helm.HelmChart, v1 *string, v2 *string) string {
+	key := chart.GetChartDir(false)
+	if v1 != nil {
+		key += " / " + *v1
 	}
-
-	s := status.Start(ctx, "%s: Checking for updates", statusPrefix)
-	doError := func(err error) (*helm.HelmChart, string, bool, error) {
-		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-		return nil, "", false, err
+	if v2 != nil {
+		key += " / " + *v2
 	}
+	return key
+}
 
-	chart, err := helm.NewHelmChart(p)
-	if err != nil {
-		return doError(err)
+func (cmd *helmUpdateCmd) doQueryLatestVersion(ctx context.Context, chart *helm.HelmChart) (string, error) {
+	statusPrefix := chart.GetChartName()
+
+	statusText := fmt.Sprintf("%s: Querying latest version", statusPrefix)
+	if chart.Config.UpdateConstraints != nil {
+		statusText = fmt.Sprintf("%s: Querying latest version with constraints '%s'", statusPrefix, *chart.Config.UpdateConstraints)
 	}
 
-	chart.SetCredentials(&cmd.HelmCredentials)
+	s := status.Start(ctx, statusText)
+	defer s.Failed()
 
-	newVersion, updated, err := chart.CheckUpdate(ctx)
+	doError := func(err error) (string, error) {
+		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+		return "", err
+	}
+
+	latestVersion, err := chart.QueryLatestVersion(ctx)
 	if err != nil {
 		return doError(err)
 	}
-	if !updated {
-		s.UpdateAndInfoFallback("%s: Version %s is already up-to-date.", statusPrefix, *chart.Config.ChartVersion)
-	} else {
-		msg := fmt.Sprintf("%s: Chart has new version %s available. Old version is %s.", statusPrefix, newVersion, *chart.Config.ChartVersion)
-		if chart.Config.SkipUpdate {
-			msg += " skipUpdate is set to true."
-		}
-		s.UpdateAndInfoFallback(msg)
-	}
 	s.Success()
 
-	return chart, newVersion, updated, nil
+	return latestVersion, nil
 }
 
-func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath string, chart *helm.HelmChart, oldVersion string, newVersion string, mutex *sync.Mutex) error {
-	statusPrefix, err := filepath.Rel(gitRootPath, filepath.Dir(chart.ConfigFile))
-	if err != nil {
-		return err
+func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.FileInfo) error {
+	err := filepath.WalkDir(dir, func(p string, d fs.DirEntry, err error) error {
+		if d == nil || d.IsDir() {
+			return nil
+		}
+		relToGit, err := filepath.Rel(root, p)
+		if err != nil {
+			return err
+		}
+		if _, ok := m[relToGit]; ok {
+			return nil
+		}
+		st, err := d.Info()
+		if err != nil {
+			return err
+		}
+		m[relToGit] = st
+		return nil
+	})
+	if os.IsNotExist(err) {
+		err = nil
 	}
+	return err
+}
 
-	s := status.Start(ctx, "%s: Pulling Chart", statusPrefix)
+func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, gitRootPath string, uc *updatedChart, toKeep map[string]bool, mutex *sync.Mutex) error {
+	statusPrefix := uc.charts[0].GetChartName()
+
+	s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, uc.newVersion)
 	defer s.Failed()
 
-	chart.Config.ChartVersion = &newVersion
-	err = chart.Save()
-	if err != nil {
+	doError := func(err error) error {
+		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 		return err
 	}
 
+	var toAdd []string
+	var oldVersions []string
+	var oldChartDirs []string
+
 	// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
 	// know what got deleted
-	oldFiles := map[string]bool{}
-	err = filepath.WalkDir(chart.GetChartDir(), func(p string, d fs.DirEntry, err error) error {
-		if d == nil || d.IsDir() {
-			return nil
+	files := map[string]os.FileInfo{}
+
+	for _, chart := range uc.charts {
+		oldChartDirs = append(oldChartDirs, chart.GetChartDir(true))
+		oldVersions = append(oldVersions, *chart.Config.ChartVersion)
+
+		chart.Config.ChartVersion = &uc.newVersion
+		err := chart.Save()
+		if err != nil {
+			return doError(err)
 		}
-		relToGit, err := filepath.Rel(gitRootPath, p)
+
+		// add helm-chart.yaml
+		relToGit, err := filepath.Rel(gitRootPath, chart.ConfigFile)
 		if err != nil {
-			return err
+			return doError(err)
+		}
+		toAdd = append(toAdd, relToGit)
+
+		err = cmd.collectFiles(gitRootPath, chart.GetDeprecatedChartDir(), files)
+		if err != nil {
+			return doError(err)
 		}
-		oldFiles[relToGit] = true
-		return nil
-	})
-	if err != nil {
-		return err
 	}
 
-	err = doPull(ctx, statusPrefix, chart.ConfigFile, cmd.HelmCredentials, s)
+	err := cmd.collectFiles(gitRootPath, uc.charts[0].GetChartDir(true), files)
 	if err != nil {
-		return err
+		return doError(err)
 	}
 
-	var toAdd []string
-	relToGit, err := filepath.Rel(gitRootPath, chart.ConfigFile)
+	err = uc.charts[0].Pull(ctx)
 	if err != nil {
-		return err
+		return doError(err)
 	}
-	toAdd = append(toAdd, relToGit)
 
-	relToGit, err = filepath.Rel(gitRootPath, chart.GetChartDir())
+	relToGit, err := filepath.Rel(gitRootPath, uc.charts[0].GetChartDir(true))
 	if err != nil {
-		return err
+		return doError(err)
 	}
 	toAdd = append(toAdd, relToGit)
 
+	// delete old versions
+	for i, chart := range uc.charts {
+		deleteOldVersion := !toKeep[buildKey(chart, &oldVersions[i], nil)]
+		if deleteOldVersion {
+			err = os.RemoveAll(oldChartDirs[i])
+			if err != nil {
+				return doError(err)
+			}
+		}
+
+		err = os.RemoveAll(chart.GetDeprecatedChartDir())
+		if err != nil {
+			return doError(err)
+		}
+	}
+
 	// figure out what got deleted
-	for p, _ := range oldFiles {
-		if !utils.IsFile(filepath.Join(gitRootPath, p)) {
-			toAdd = append(toAdd, p)
+	for p, oldSt := range files {
+		st, err := os.Lstat(filepath.Join(gitRootPath, p))
+		if err != nil {
+			if os.IsNotExist(err) {
+				toAdd = append(toAdd, p)
+				continue
+			}
+			return doError(err)
+		}
+		if st.Mode() == oldSt.Mode() && st.ModTime() == oldSt.ModTime() && st.Size() == oldSt.Size() {
+			continue
 		}
+		toAdd = append(toAdd, p)
 	}
 
 	s.UpdateAndInfoFallback("%s: Committing chart", statusPrefix)
@@ -229,11 +334,11 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath st
 
 	r, err := git.PlainOpen(gitRootPath)
 	if err != nil {
-		return err
+		return doError(err)
 	}
 	wt, err := r.Worktree()
 	if err != nil {
-		return err
+		return doError(err)
 	}
 
 	for _, p := range toAdd {
@@ -251,17 +356,17 @@ func (cmd *helmUpdateCmd) pullAndCommitChart(ctx context.Context, gitRootPath st
 			time.Sleep(s * time.Millisecond)
 		}
 		if err != nil {
-			return fmt.Errorf("failed to add %s to git index: %w", p, err)
+			return doError(fmt.Errorf("failed to add %s to git index: %w", p, err))
 		}
 	}
 
-	commitMsg := fmt.Sprintf("Updated helm chart %s from %s to %s", statusPrefix, oldVersion, newVersion)
+	commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", statusPrefix, uc.newVersion)
 	_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 	if err != nil {
-		return fmt.Errorf("failed to commit: %w", err)
+		return doError(fmt.Errorf("failed to commit: %w", err))
 	}
 
-	s.Update("%s: Committed helm chart with version %s", statusPrefix, newVersion)
+	s.Update("%s: Committed helm chart with version %s", statusPrefix, uc.newVersion)
 	s.Success()
 
 	return nil
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b63c7d704..72688db84 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -193,7 +193,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
-		chart, err := helm.NewHelmChart(p)
+		chart, err := helm.NewHelmChart(di.ctx.HelmChartsDir, p)
 		if err != nil {
 			return err
 		}
@@ -418,7 +418,7 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		if di.isHelmValuesYaml(de.Name()) {
 			continue
 		} else if di.isHelmChartYaml(de.Name()) {
-			c, err := helm.NewHelmChart(filepath.Join(di.RenderedDir, subDir, de.Name()))
+			c, err := helm.NewHelmChart(di.ctx.HelmChartsDir, filepath.Join(di.RenderedDir, subDir, de.Name()))
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index dec1c4571..49133fecb 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -21,4 +21,5 @@ type SharedContext struct {
 	RenderDir                         string
 	SealedSecretsDir                  string
 	DefaultSealedSecretsOutputPattern string
+	HelmChartsDir                     string
 }
diff --git a/pkg/helm/helm_chart.go b/pkg/helm/helm_chart.go
index 5c79c616e..e6dfab130 100644
--- a/pkg/helm/helm_chart.go
+++ b/pkg/helm/helm_chart.go
@@ -28,6 +28,7 @@ import (
 	"helm.sh/helm/v3/pkg/release"
 	"helm.sh/helm/v3/pkg/repo"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"net/url"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -46,11 +47,14 @@ type HelmChart struct {
 
 	credentials HelmCredentialsProvider
 
-	chartName string
-	chartDir  string
+	chartName          string
+	chartDir           string
+	deprecatedChartDir string
+
+	versions []string
 }
 
-func NewHelmChart(configFile string) (*HelmChart, error) {
+func NewHelmChart(baseChartsDir string, configFile string) (*HelmChart, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
@@ -86,19 +90,73 @@ func NewHelmChart(configFile string) (*HelmChart, error) {
 	if err != nil {
 		return nil, err
 	}
-	hc.chartDir = chartDir
+	hc.deprecatedChartDir = chartDir
+
+	hc.chartDir, err = hc.buildChartDir(baseChartsDir)
+	if err != nil {
+		return nil, err
+	}
 
 	return hc, nil
 }
 
+func (c *HelmChart) buildChartDir(baseChartsDir string) (string, error) {
+	u, err := url.Parse(*c.Config.Repo)
+	if err != nil {
+		return "", err
+	}
+
+	scheme := ""
+	port := ""
+	switch {
+	case registry.IsOCI(*c.Config.Repo):
+		scheme = "oci"
+	case u.Scheme == "http":
+		scheme = "http"
+		if u.Port() != "80" {
+			port = u.Port()
+		}
+	case u.Scheme == "https":
+		scheme = "https"
+		if u.Port() != "443" {
+			port = u.Port()
+		}
+	default:
+		return "", fmt.Errorf("unsupported scheme in %s", u.String())
+	}
+	if port != "" {
+		scheme += "_" + port
+	}
+
+	dir := filepath.Join(
+		baseChartsDir,
+		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
+		filepath.FromSlash(strings.ToLower(u.Path)),
+		c.chartName,
+	)
+	err = utils.CheckInDir(baseChartsDir, dir)
+	if err != nil {
+		return "", err
+	}
+
+	return dir, nil
+}
+
 func (c *HelmChart) GetChartName() string {
 	return c.chartName
 }
 
-func (c *HelmChart) GetChartDir() string {
+func (c *HelmChart) GetChartDir(withVersion bool) string {
+	if withVersion {
+		return filepath.Join(c.chartDir, *c.Config.ChartVersion)
+	}
 	return c.chartDir
 }
 
+func (c *HelmChart) GetDeprecatedChartDir() string {
+	return c.deprecatedChartDir
+}
+
 func (c *HelmChart) GetOutputPath() string {
 	output := "helm-rendered.yaml"
 	if c.Config.Output != nil {
@@ -155,7 +213,14 @@ func (c *HelmChart) checkNeedsPull(chartDir string, isTmp bool) (bool, bool, str
 }
 
 func (c *HelmChart) Pull(ctx context.Context) error {
-	return c.doPull(ctx, c.chartDir)
+	if utils.Exists(c.GetDeprecatedChartDir()) {
+		err := os.RemoveAll(c.GetDeprecatedChartDir())
+		if err != nil {
+			return err
+		}
+	}
+
+	return c.doPull(ctx, c.GetChartDir(true))
 }
 
 func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
@@ -165,7 +230,7 @@ func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
 	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.ChartVersion)
 	h := hex.EncodeToString(hash.Sum(nil))
 	tmpDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
-	_ = os.MkdirAll(tmpDir, 0o700)
+	_ = os.MkdirAll(tmpDir, 0o755)
 	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", c.chartName, h))
 
 	lockFile := tmpDir + ".lock"
@@ -193,7 +258,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	baseDir := filepath.Dir(chartDir)
 
 	_ = os.RemoveAll(chartDir)
-	_ = os.MkdirAll(baseDir, 0o700)
+	_ = os.MkdirAll(baseDir, 0o755)
 
 	// need to use the same filesystem/volume that we later os.Rename the final pull chart to, as otherwise
 	// the rename operation will lead to errors
@@ -263,42 +328,41 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	return nil
 }
 
-func (c *HelmChart) CheckUpdate(ctx context.Context) (string, bool, error) {
+func (c *HelmChart) QueryLatestVersion(ctx context.Context) (string, error) {
 	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
-		return c.checkUpdateOciRepo(ctx)
+		return c.queryLatestVersionOci(ctx)
 	}
-	return c.checkUpdateHelmRepo(ctx)
+	return c.queryLatestVersionHelmRepo(ctx)
 }
 
-func (c *HelmChart) checkUpdateOciRepo(ctx context.Context) (string, bool, error) {
+func (c *HelmChart) queryLatestVersionOci(ctx context.Context) (string, error) {
 	rh := registries.NewRegistryHelper(ctx)
 
 	imageName := strings.TrimPrefix(*c.Config.Repo, "oci://")
 	tags, err := rh.ListImageTags(imageName)
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
 	latestVersion, err := c.findLatestVersion(tags)
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
-	updated := latestVersion != *c.Config.ChartVersion
-	return latestVersion, updated, nil
+	return latestVersion, nil
 }
 
-func (c *HelmChart) checkUpdateHelmRepo(ctx context.Context) (string, bool, error) {
+func (c *HelmChart) queryLatestVersionHelmRepo(ctx context.Context) (string, error) {
 	settings := cli.New()
 
 	var e *repo.Entry
 	if c.Config.CredentialsId != nil {
 		if c.credentials == nil {
-			return "", false, fmt.Errorf("no credentials provider")
+			return "", fmt.Errorf("no credentials provider")
 		}
 		e = c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
 		if e == nil {
-			return "", false, fmt.Errorf("no credentials provided for Chart %s", c.chartName)
+			return "", fmt.Errorf("no credentials provided for Chart %s", c.chartName)
 		}
 	} else {
 		e = &repo.Entry{
@@ -308,28 +372,28 @@ func (c *HelmChart) checkUpdateHelmRepo(ctx context.Context) (string, bool, erro
 
 	r, err := repo.NewChartRepository(e, getter.All(settings))
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
 	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(ctx), "helm-check-update-")
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 	defer os.RemoveAll(r.CachePath)
 
 	indexFile, err := r.DownloadIndexFile()
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
 	index, err := repo.LoadIndexFile(indexFile)
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
 	indexEntry, ok := index.Entries[c.chartName]
 	if !ok || len(indexEntry) == 0 {
-		return "", false, fmt.Errorf("helm chart %s not found in repo index", c.chartName)
+		return "", fmt.Errorf("helm chart %s not found in repo index", c.chartName)
 	}
 
 	versions := make([]string, 0, indexEntry.Len())
@@ -339,11 +403,10 @@ func (c *HelmChart) checkUpdateHelmRepo(ctx context.Context) (string, bool, erro
 
 	latestVersion, err := c.findLatestVersion(versions)
 	if err != nil {
-		return "", false, err
+		return "", err
 	}
 
-	updated := latestVersion != *c.Config.ChartVersion
-	return latestVersion, updated, nil
+	return latestVersion, nil
 }
 
 func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
@@ -387,6 +450,12 @@ func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
 }
 
 func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+	deprecatedChartDir := c.GetDeprecatedChartDir()
+	if utils.IsDirectory(deprecatedChartDir) {
+		status.Deprecation(ctx, "helm-charts-dir", "Your project has pre-pulled charts located beside the helm-chart.yaml, which is deprecated. "+
+			"Please run 'kluctl helm-pull' on your project and ensure that the deprecated charts are removed! Future versions of kluctl will ignore these locations.")
+	}
+
 	err := c.doRender(ctx, k, k8sVersion, sopsDecrypter)
 	if err != nil {
 		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", c.chartName, c.Config.ReleaseName, err)
@@ -395,7 +464,7 @@ func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion st
 }
 
 func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
-	chartDir := c.chartDir
+	chartDir := c.deprecatedChartDir
 
 	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
 	if err != nil {
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0df49e01c..d30936121 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -20,6 +20,7 @@ type LoadedKluctlProject struct {
 	ProjectDir     string
 
 	sealedSecretsDir string
+	helmChartsDir    string
 
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 4c075fd23..b809bdd68 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -61,6 +61,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	}
 
 	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
+	c.helmChartsDir = filepath.Join(c.ProjectDir, ".helm-charts")
 
 	sealedSecretsUsed := false
 	if c.Config.SecretsConfig != nil {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f07436014..9ee3c53ec 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -113,6 +113,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,
+		HelmChartsDir:                     p.helmChartsDir,
 	}
 
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(deploymentDir), ".", nil)

From 85a993bad818ba841ebabadc335e1415608a052a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 11:18:03 +0100
Subject: [PATCH 0662/2268] refactor: Don't use pointers for
 Repo/ChartVersion/ChartName

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  4 +-
 cmd/kluctl/commands/cmd_helm_update.go |  8 ++--
 pkg/helm/helm_chart.go                 | 54 +++++++++++++-------------
 pkg/types/helm_chart.go                |  6 +--
 4 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index cb9ac562a..18f53c464 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -56,7 +56,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		chart.SetCredentials(&cmd.HelmCredentials)
 
 		cleanupDir := chart.GetChartDir(false)
-		cleanupDirs[cleanupDir] = append(cleanupDirs[cleanupDir], *chart.Config.ChartVersion)
+		cleanupDirs[cleanupDir] = append(cleanupDirs[cleanupDir], chart.Config.ChartVersion)
 
 		if _, ok := chartsToPull[chart.GetChartDir(true)]; ok {
 			return nil
@@ -76,7 +76,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		statusPrefix := chart.GetChartName()
 
 		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, *chart.Config.ChartVersion)
+			s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, chart.Config.ChartVersion)
 			defer s.Failed()
 
 			err := chart.Pull(ctx)
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 98dd66f4c..6d02499c4 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -113,13 +113,13 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			}
 
 			for _, chart := range uc.charts {
-				updated := newVersion != *chart.Config.ChartVersion
+				updated := newVersion != chart.Config.ChartVersion
 				if updated && chart.Config.SkipUpdate {
 					status.Info(ctx, "%s: Skipping update to version %s", chart.GetChartName(), newVersion)
 					updated = false
 				}
 				if !updated {
-					toKeep[buildKey(chart, chart.Config.ChartVersion, nil)] = true
+					toKeep[buildKey(chart, &chart.Config.ChartVersion, nil)] = true
 					continue
 				}
 				if len(uc2.charts) == 0 {
@@ -258,9 +258,9 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, gitRootPath s
 
 	for _, chart := range uc.charts {
 		oldChartDirs = append(oldChartDirs, chart.GetChartDir(true))
-		oldVersions = append(oldVersions, *chart.Config.ChartVersion)
+		oldVersions = append(oldVersions, chart.Config.ChartVersion)
 
-		chart.Config.ChartVersion = &uc.newVersion
+		chart.Config.ChartVersion = uc.newVersion
 		err := chart.Save()
 		if err != nil {
 			return doError(err)
diff --git a/pkg/helm/helm_chart.go b/pkg/helm/helm_chart.go
index e6dfab130..6c1f8e4dd 100644
--- a/pkg/helm/helm_chart.go
+++ b/pkg/helm/helm_chart.go
@@ -61,9 +61,9 @@ func NewHelmChart(baseChartsDir string, configFile string) (*HelmChart, error) {
 		return nil, err
 	}
 
-	_, err = semver.NewVersion(*config.ChartVersion)
+	_, err = semver.NewVersion(config.ChartVersion)
 	if err != nil {
-		return nil, fmt.Errorf("invalid chart version '%s': %w", *config.ChartVersion, err)
+		return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
 	}
 
 	hc := &HelmChart{
@@ -71,17 +71,17 @@ func NewHelmChart(baseChartsDir string, configFile string) (*HelmChart, error) {
 		Config:     &config,
 	}
 
-	if hc.Config.Repo != nil && registry.IsOCI(*hc.Config.Repo) {
-		s := strings.Split(*hc.Config.Repo, "/")
+	if registry.IsOCI(hc.Config.Repo) {
+		s := strings.Split(hc.Config.Repo, "/")
 		chartName := s[len(s)-1]
 		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
-			return nil, fmt.Errorf("invalid oci chart url: %s", *hc.Config.Repo)
+			return nil, fmt.Errorf("invalid oci chart url: %s", hc.Config.Repo)
 		}
 		hc.chartName = chartName
-	} else if hc.Config.ChartName == nil {
+	} else if hc.Config.ChartName == "" {
 		return nil, fmt.Errorf("chartName is missing in helm-chart.yml")
 	} else {
-		hc.chartName = *hc.Config.ChartName
+		hc.chartName = hc.Config.ChartName
 	}
 
 	dir := filepath.Dir(configFile)
@@ -101,7 +101,7 @@ func NewHelmChart(baseChartsDir string, configFile string) (*HelmChart, error) {
 }
 
 func (c *HelmChart) buildChartDir(baseChartsDir string) (string, error) {
-	u, err := url.Parse(*c.Config.Repo)
+	u, err := url.Parse(c.Config.Repo)
 	if err != nil {
 		return "", err
 	}
@@ -109,7 +109,7 @@ func (c *HelmChart) buildChartDir(baseChartsDir string) (string, error) {
 	scheme := ""
 	port := ""
 	switch {
-	case registry.IsOCI(*c.Config.Repo):
+	case registry.IsOCI(c.Config.Repo):
 		scheme = "oci"
 	case u.Scheme == "http":
 		scheme = "http"
@@ -148,7 +148,7 @@ func (c *HelmChart) GetChartName() string {
 
 func (c *HelmChart) GetChartDir(withVersion bool) string {
 	if withVersion {
-		return filepath.Join(c.chartDir, *c.Config.ChartVersion)
+		return filepath.Join(c.chartDir, c.Config.ChartVersion)
 	}
 	return c.chartDir
 }
@@ -206,7 +206,7 @@ func (c *HelmChart) checkNeedsPull(chartDir string, isTmp bool) (bool, bool, str
 	}
 
 	version, _, _ := chartYaml.GetNestedString("version")
-	if version != *c.Config.ChartVersion {
+	if version != c.Config.ChartVersion {
 		return true, true, version, nil
 	}
 	return false, false, "", nil
@@ -225,9 +225,9 @@ func (c *HelmChart) Pull(ctx context.Context) error {
 
 func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
 	hash := sha256.New()
-	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.Repo)
+	_, _ = fmt.Fprintf(hash, "%s\n", c.Config.Repo)
 	_, _ = fmt.Fprintf(hash, "%s\n", c.chartName)
-	_, _ = fmt.Fprintf(hash, "%s\n", *c.Config.ChartVersion)
+	_, _ = fmt.Fprintf(hash, "%s\n", c.Config.ChartVersion)
 	h := hex.EncodeToString(hash.Sum(nil))
 	tmpDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
 	_ = os.MkdirAll(tmpDir, 0o755)
@@ -278,10 +278,10 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	a.Settings = cli.New()
 	a.Untar = true
 	a.DestDir = tmpDir
-	a.Version = *c.Config.ChartVersion
+	a.Version = c.Config.ChartVersion
 
 	if c.Config.CredentialsId != nil {
-		if registry.IsOCI(*c.Config.Repo) {
+		if registry.IsOCI(c.Config.Repo) {
 			return fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
 		}
 		if c.credentials == nil {
@@ -290,7 +290,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	}
 
 	if c.credentials != nil {
-		creds := c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
+		creds := c.credentials.FindCredentials(c.Config.Repo, c.Config.CredentialsId)
 		if creds != nil {
 			a.Username = creds.Username
 			a.Password = creds.Password
@@ -303,10 +303,10 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 	}
 
 	var out string
-	if registry.IsOCI(*c.Config.Repo) {
-		out, err = a.Run(*c.Config.Repo)
+	if registry.IsOCI(c.Config.Repo) {
+		out, err = a.Run(c.Config.Repo)
 	} else {
-		a.RepoURL = *c.Config.Repo
+		a.RepoURL = c.Config.Repo
 		out, err = a.Run(c.chartName)
 	}
 	if err != nil {
@@ -329,7 +329,7 @@ func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
 }
 
 func (c *HelmChart) QueryLatestVersion(ctx context.Context) (string, error) {
-	if c.Config.Repo != nil && registry.IsOCI(*c.Config.Repo) {
+	if registry.IsOCI(c.Config.Repo) {
 		return c.queryLatestVersionOci(ctx)
 	}
 	return c.queryLatestVersionHelmRepo(ctx)
@@ -338,7 +338,7 @@ func (c *HelmChart) QueryLatestVersion(ctx context.Context) (string, error) {
 func (c *HelmChart) queryLatestVersionOci(ctx context.Context) (string, error) {
 	rh := registries.NewRegistryHelper(ctx)
 
-	imageName := strings.TrimPrefix(*c.Config.Repo, "oci://")
+	imageName := strings.TrimPrefix(c.Config.Repo, "oci://")
 	tags, err := rh.ListImageTags(imageName)
 	if err != nil {
 		return "", err
@@ -360,13 +360,13 @@ func (c *HelmChart) queryLatestVersionHelmRepo(ctx context.Context) (string, err
 		if c.credentials == nil {
 			return "", fmt.Errorf("no credentials provider")
 		}
-		e = c.credentials.FindCredentials(*c.Config.Repo, c.Config.CredentialsId)
+		e = c.credentials.FindCredentials(c.Config.Repo, c.Config.CredentialsId)
 		if e == nil {
 			return "", fmt.Errorf("no credentials provided for Chart %s", c.chartName)
 		}
 	} else {
 		e = &repo.Entry{
-			URL: *c.Config.Repo,
+			URL: c.Config.Repo,
 		}
 	}
 
@@ -473,13 +473,13 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion
 	if needsPull {
 		if versionChanged {
 			return fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-				"Desired version is %s while pre-pulled version is %s", c.chartName, *c.Config.ChartVersion, prePulledVersion)
+				"Desired version is %s while pre-pulled version is %s", c.chartName, c.Config.ChartVersion, prePulledVersion)
 		} else {
 			status.Warning(ctx, "Warning, need to pull Helm Chart %s with version %s. "+
-				"Please consider pre-pulling it with 'kluctl helm-pull'", c.chartName, *c.Config.ChartVersion)
+				"Please consider pre-pulling it with 'kluctl helm-pull'", c.chartName, c.Config.ChartVersion)
 		}
 
-		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", c.chartName, *c.Config.ChartVersion)
+		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", c.chartName, c.Config.ChartVersion)
 		defer s.Failed()
 
 		chartDir, err = c.pullTmpChart(ctx)
@@ -572,7 +572,7 @@ func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion
 	}
 
 	if chartRequested.Metadata.Deprecated {
-		status.Warning(ctx, "Chart %s is deprecated", *c.Config.ChartName)
+		status.Warning(ctx, "Chart %s is deprecated", c.Config.ChartName)
 	}
 
 	rel, err := client.Run(chartRequested, vals)
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 9ebc00118..11498426b 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,10 +1,10 @@
 package types
 
 type HelmChartConfig2 struct {
-	Repo              *string `yaml:"repo" validate:"required"`
+	Repo              string  `yaml:"repo" validate:"required"`
 	CredentialsId     *string `yaml:"credentialsId,omitempty"`
-	ChartName         *string `yaml:"chartName,omitempty"`
-	ChartVersion      *string `yaml:"chartVersion" validate:"required"`
+	ChartName         string  `yaml:"chartName,omitempty"`
+	ChartVersion      string  `yaml:"chartVersion" validate:"required"`
 	UpdateConstraints *string `yaml:"updateConstraints,omitempty"`
 	ReleaseName       string  `yaml:"releaseName" validate:"required"`
 	Namespace         *string `yaml:"namespace,omitempty"`

From 979de607b9af5caf0ff3d04379f1470a38f66ecd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 16:22:17 +0100
Subject: [PATCH 0663/2268] feat: Reimplement helm support to allow better
 control of pre-pulled charts

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 145 +++---
 cmd/kluctl/commands/cmd_helm_update.go | 408 +++++++--------
 e2e/helm_test.go                       | 101 ++--
 pkg/deployment/deployment_item.go      |  12 +-
 pkg/helm/chart.go                      | 409 +++++++++++++++
 pkg/helm/helm_chart.go                 | 673 -------------------------
 pkg/helm/helm_release.go               | 313 ++++++++++++
 pkg/helm/pulled_chart.go               |  65 +++
 pkg/helm/utils.go                      |  19 +
 9 files changed, 1159 insertions(+), 986 deletions(-)
 create mode 100644 pkg/helm/chart.go
 delete mode 100644 pkg/helm/helm_chart.go
 create mode 100644 pkg/helm/helm_release.go
 create mode 100644 pkg/helm/pulled_chart.go
 create mode 100644 pkg/helm/utils.go

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 18f53c464..ee8fc429d 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -39,92 +39,121 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	chartsToPull := map[string]*helm.HelmChart{}
-	cleanupDirs := map[string][]string{}
-
-	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
-		fname := filepath.Base(p)
-		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
-			return nil
-		}
-
-		chart, err := helm.NewHelmChart(baseChartsDir, p)
-		if err != nil {
-			return err
-		}
-
-		chart.SetCredentials(&cmd.HelmCredentials)
-
-		cleanupDir := chart.GetChartDir(false)
-		cleanupDirs[cleanupDir] = append(cleanupDirs[cleanupDir], chart.Config.ChartVersion)
+	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials)
+	if err != nil {
+		return err
+	}
 
-		if _, ok := chartsToPull[chart.GetChartDir(true)]; ok {
-			return nil
+	for _, hr := range releases {
+		if utils.Exists(hr.GetDeprecatedChartDir()) {
+			rel, err := filepath.Rel(projectDir, hr.GetDeprecatedChartDir())
+			if err != nil {
+				return err
+			}
+			status.Info(ctx, "Removing deprecated charts dir %s", rel)
+			err = os.RemoveAll(hr.GetDeprecatedChartDir())
+			if err != nil {
+				return err
+			}
 		}
-
-		chartsToPull[chart.GetChartDir(true)] = chart
-		return nil
-	})
+	}
 
 	var errs *multierror.Error
 	var wg sync.WaitGroup
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(8)
 
-	for _, chart := range chartsToPull {
+	for _, chart := range charts {
 		chart := chart
 		statusPrefix := chart.GetChartName()
 
-		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, chart.Config.ChartVersion)
-			defer s.Failed()
-
-			err := chart.Pull(ctx)
-			if err != nil {
-				s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-				return err
+		versionsToPull := map[string]bool{}
+		for _, hr := range releases {
+			if hr.Chart == chart {
+				versionsToPull[hr.Config.ChartVersion] = true
 			}
-			s.Success()
-			return nil
-		})
-	}
-	wg.Wait()
-	if err != nil {
-		errs = multierror.Append(errs, err)
-	}
-
-	if errs.ErrorOrNil() != nil {
-		return fmt.Errorf("command failed")
-	}
+		}
 
-	for dir, versions := range cleanupDirs {
-		des, err := os.ReadDir(dir)
+		cleanupDir, err := chart.BuildPulledChartDir(baseChartsDir, "")
 		if err != nil {
 			return err
 		}
+		des, err := os.ReadDir(cleanupDir)
+		if err != nil && !os.IsNotExist(err) {
+			return err
+		}
 		for _, de := range des {
 			if !de.IsDir() {
 				continue
 			}
-			found := false
-			for _, v := range versions {
-				if v == de.Name() {
-					found = true
-					break
+			if _, ok := versionsToPull[de.Name()]; !ok {
+				status.Info(ctx, "Removing unused Chart with version %s", de.Name())
+				err = os.RemoveAll(filepath.Join(cleanupDir, de.Name()))
+				if err != nil {
+					return err
 				}
 			}
-			if !found {
-				chartName := filepath.Base(dir)
-				s := status.Start(ctx, "%s: Removing unused version %s", chartName, de.Name())
-				err = os.RemoveAll(filepath.Join(dir, de.Name()))
+		}
+
+		for version, _ := range versionsToPull {
+			version := version
+			utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+				s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
+				defer s.Failed()
+
+				_, err := chart.PullInProject(ctx, baseChartsDir, version)
 				if err != nil {
-					s.Failed()
+					s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
 					return err
 				}
+
 				s.Success()
-			}
+				return nil
+			})
 		}
 	}
+	wg.Wait()
+	if err != nil {
+		errs = multierror.Append(errs, err)
+	}
+
+	if errs.ErrorOrNil() != nil {
+		return fmt.Errorf("command failed")
+	}
 
 	return nil
 }
+
+func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvider helm.HelmCredentialsProvider) ([]*helm.Release, []*helm.Chart, error) {
+	var releases []*helm.Release
+	chartsMap := make(map[string]*helm.Chart)
+	err := filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
+		fname := filepath.Base(p)
+		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
+			return nil
+		}
+
+		hr, err := helm.NewRelease(p, baseChartsDir, credentialsProvider)
+		if err != nil {
+			return err
+		}
+
+		releases = append(releases, hr)
+		chart := hr.Chart
+		key := fmt.Sprintf("%s / %s", chart.GetRepo(), chart.GetChartName())
+		if x, ok := chartsMap[key]; !ok {
+			chartsMap[key] = chart
+		} else {
+			hr.Chart = x
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+	charts := make([]*helm.Chart, 0, len(chartsMap))
+	for _, chart := range chartsMap {
+		charts = append(charts, chart)
+	}
+	return releases, charts, nil
+}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 6d02499c4..d40b274a6 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/format/index"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
@@ -13,11 +14,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
 	"io/fs"
-	"math/rand"
 	"os"
 	"path/filepath"
 	"sync"
-	"time"
 )
 
 type helmUpdateCmd struct {
@@ -34,11 +33,6 @@ func (cmd *helmUpdateCmd) Help() string {
 	return `Optionally performs the actual upgrade and/or add a commit to version control.`
 }
 
-type updatedChart struct {
-	charts     []*helm.HelmChart
-	newVersion string
-}
-
 func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	projectDir, err := cmd.ProjectDir.GetProjectDir()
 	if err != nil {
@@ -54,6 +48,26 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return err
 	}
 
+	if cmd.Commit {
+		g, err := git.PlainOpen(gitRootPath)
+		if err != nil {
+			return err
+		}
+		wt, err := g.Worktree()
+		if err != nil {
+			return err
+		}
+		gitStatus, err := wt.Status()
+		if err != nil {
+			return err
+		}
+		for _, s := range gitStatus {
+			if (s.Staging != git.Untracked && s.Staging != git.Unmodified) || (s.Worktree != git.Untracked && s.Worktree != git.Unmodified) {
+				return fmt.Errorf("--commit can only be used when the git worktree is unmodified")
+			}
+		}
+	}
+
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
 	var errs *multierror.Error
@@ -61,158 +75,151 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	var mutex sync.Mutex
 	sem := semaphore.NewWeighted(8)
 
-	chartsToCheck := map[string]*updatedChart{}
-
-	err = filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
-		fname := filepath.Base(p)
-		if fname != "helm-chart.yml" && fname != "helm-chart.yaml" {
-			return nil
-		}
-
-		chart, err := helm.NewHelmChart(baseChartsDir, p)
-		if err != nil {
-			return err
-		}
-
-		chart.SetCredentials(&cmd.HelmCredentials)
+	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials)
+	if err != nil {
+		return err
+	}
 
-		key := buildKey(chart, chart.Config.UpdateConstraints, nil)
-		if uc2, ok := chartsToCheck[key]; ok {
-			uc2.charts = append(uc2.charts, chart)
-		} else {
-			chartsToCheck[key] = &updatedChart{
-				charts: []*helm.HelmChart{chart},
+	for _, hr := range releases {
+		if utils.Exists(hr.GetDeprecatedChartDir()) {
+			relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
+			if err != nil {
+				return err
 			}
+			status.Error(ctx, "%s: Project is using a pre-pulled Helm Chart that is next to the helm-chart.yaml, which is deprecated. "+
+				"Updating is only possible after removing these. Use 'kluctl helm-pull' to remove all deprecated chart folders.", relDir)
+			return fmt.Errorf("detected deprecated chart folder")
 		}
-		return nil
-	})
-
-	toKeep := map[string]bool{}
-	chartsToPull := map[string]*updatedChart{}
+	}
 
-	for _, uc := range chartsToCheck {
-		uc := uc
+	for _, chart := range charts {
+		chart := chart
 		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			newVersion, err := cmd.doQueryLatestVersion(ctx, uc.charts[0])
+			s := status.Start(ctx, "%s: Querying versions", chart.GetChartName())
+			defer s.Failed()
+			err := chart.QueryVersions(ctx)
 			if err != nil {
+				s.FailedWithMessage("%s: %s", chart.GetChartName(), err.Error())
 				return err
 			}
+			s.Success()
+			return nil
+		})
+	}
+	wg.Wait()
+	if errs.ErrorOrNil() != nil {
+		return errs
+	}
 
-			mutex.Lock()
-			defer mutex.Unlock()
-
-			key := buildKey(uc.charts[0], &newVersion, nil)
-			toKeep[key] = true
+	for _, chart := range charts {
+		chart := chart
 
-			uc2, ok := chartsToPull[key]
-			if !ok {
-				uc2 = &updatedChart{
-					newVersion: newVersion,
-				}
-				chartsToPull[key] = uc2
+		versionsToPull := map[string]bool{}
+		for _, hr := range releases {
+			if hr.Chart != chart {
+				continue
 			}
+			versionsToPull[hr.Config.ChartVersion] = true
+		}
 
-			for _, chart := range uc.charts {
-				updated := newVersion != chart.Config.ChartVersion
-				if updated && chart.Config.SkipUpdate {
-					status.Info(ctx, "%s: Skipping update to version %s", chart.GetChartName(), newVersion)
-					updated = false
-				}
-				if !updated {
-					toKeep[buildKey(chart, &chart.Config.ChartVersion, nil)] = true
-					continue
-				}
-				if len(uc2.charts) == 0 {
-					status.Info(ctx, "%s: Chart has new version %s", chart.GetChartName(), newVersion)
+		for version, _ := range versionsToPull {
+			version := version
+			utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+				s := status.Start(ctx, "%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
+				defer s.Failed()
+				_, err := chart.PullCached(ctx, version)
+				if err != nil {
+					s.FailedWithMessage("%s: %s", chart.GetChartName(), err.Error())
+					return err
 				}
-				uc2.charts = append(uc2.charts, chart)
-			}
-
-			if len(uc2.charts) == 0 {
-				delete(chartsToPull, key)
-			}
-
-			return nil
-		})
+				s.Success()
+				return nil
+			})
+		}
 	}
 	wg.Wait()
 	if errs.ErrorOrNil() != nil {
 		return errs
 	}
 
-	if !cmd.Upgrade {
-		return errs.ErrorOrNil()
+	versionUseCounts := map[string]map[string]int{}
+	for _, hr := range releases {
+		key := fmt.Sprintf("%s / %s", hr.Chart.GetRepo(), hr.Chart.GetChartName())
+		if _, ok := versionUseCounts[key]; !ok {
+			versionUseCounts[key] = map[string]int{}
+		}
+		versionUseCounts[key][hr.Config.ChartVersion]++
 	}
 
-	if cmd.Interactive {
-		sem = semaphore.NewWeighted(1)
-	}
+	for _, hr := range releases {
+		relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
+		if err != nil {
+			return err
+		}
 
-	for _, uc := range chartsToPull {
-		uc := uc
+		latestVersion, err := hr.Chart.GetLatestVersion(hr.Config.UpdateConstraints)
+		if err != nil {
+			return err
+		}
+		if hr.Config.ChartVersion == latestVersion {
+			continue
+		}
 
-		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
-			if cmd.Interactive {
-				statusPrefix := uc.charts[0].GetChartName()
-				if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
-					statusPrefix, uc.charts[0].GetChartName(), uc.newVersion)) {
-					return nil
-				}
-			}
+		if hr.Config.SkipUpdate {
+			status.Info(ctx, "%s: Skipped update to version %s", relDir, latestVersion)
+			continue
+		}
 
-			err := cmd.pullAndCommitCharts(ctx, gitRootPath, uc, toKeep, &mutex)
-			if err != nil {
-				return err
-			}
-			return nil
-		})
-	}
-	wg.Wait()
+		status.Info(ctx, "%s: Chart has new version %s available", relDir, latestVersion)
 
-	if !cmd.Commit {
-		return errs.ErrorOrNil()
-	}
+		if !cmd.Upgrade {
+			continue
+		}
 
-	return errs.ErrorOrNil()
-}
+		if cmd.Interactive {
+			if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
+				relDir, hr.Chart.GetChartName(), latestVersion)) {
+				continue
+			}
+		}
 
-func buildKey(chart *helm.HelmChart, v1 *string, v2 *string) string {
-	key := chart.GetChartDir(false)
-	if v1 != nil {
-		key += " / " + *v1
-	}
-	if v2 != nil {
-		key += " / " + *v2
-	}
-	return key
-}
+		oldVersion := hr.Config.ChartVersion
+		hr.Config.ChartVersion = latestVersion
+		err = hr.Save()
+		if err != nil {
+			return err
+		}
 
-func (cmd *helmUpdateCmd) doQueryLatestVersion(ctx context.Context, chart *helm.HelmChart) (string, error) {
-	statusPrefix := chart.GetChartName()
+		status.Info(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
 
-	statusText := fmt.Sprintf("%s: Querying latest version", statusPrefix)
-	if chart.Config.UpdateConstraints != nil {
-		statusText = fmt.Sprintf("%s: Querying latest version with constraints '%s'", statusPrefix, *chart.Config.UpdateConstraints)
-	}
+		if !cmd.Commit {
+			continue
+		}
 
-	s := status.Start(ctx, statusText)
-	defer s.Failed()
+		key := fmt.Sprintf("%s / %s", hr.Chart.GetRepo(), hr.Chart.GetChartName())
+		uv := versionUseCounts[key]
+		uv[oldVersion]--
+		uv[latestVersion]++
 
-	doError := func(err error) (string, error) {
-		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
-		return "", err
-	}
+		pullChart := false
+		deleteChart := false
+		if uv[latestVersion] == 1 {
+			pullChart = true
+		}
+		if uv[oldVersion] == 0 {
+			deleteChart = true
+		}
 
-	latestVersion, err := chart.QueryLatestVersion(ctx)
-	if err != nil {
-		return doError(err)
+		err = cmd.pullAndCommitCharts(ctx, projectDir, baseChartsDir, gitRootPath, hr, oldVersion, latestVersion, pullChart, deleteChart)
+		if err != nil {
+			return err
+		}
 	}
-	s.Success()
 
-	return latestVersion, nil
+	return errs.ErrorOrNil()
 }
 
-func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.FileInfo) error {
+func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]bool) error {
 	err := filepath.WalkDir(dir, func(p string, d fs.DirEntry, err error) error {
 		if d == nil || d.IsDir() {
 			return nil
@@ -224,11 +231,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 		if _, ok := m[relToGit]; ok {
 			return nil
 		}
-		st, err := d.Info()
-		if err != nil {
-			return err
-		}
-		m[relToGit] = st
+		m[relToGit] = true
 		return nil
 	})
 	if os.IsNotExist(err) {
@@ -237,136 +240,109 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, gitRootPath string, uc *updatedChart, toKeep map[string]bool, mutex *sync.Mutex) error {
-	statusPrefix := uc.charts[0].GetChartName()
+func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hr *helm.Release, oldVersion string, newVersion string, pullChart bool, deleteChart bool) error {
+	relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
+	if err != nil {
+		return err
+	}
 
-	s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, uc.newVersion)
+	s := status.Start(ctx, "%s: Committing Chart with version %s", relDir, newVersion)
 	defer s.Failed()
 
 	doError := func(err error) error {
-		s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+		s.FailedWithMessage("%s: %s", relDir, err.Error())
 		return err
 	}
 
-	var toAdd []string
-	var oldVersions []string
-	var oldChartDirs []string
-
-	// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
-	// know what got deleted
-	files := map[string]os.FileInfo{}
-
-	for _, chart := range uc.charts {
-		oldChartDirs = append(oldChartDirs, chart.GetChartDir(true))
-		oldVersions = append(oldVersions, chart.Config.ChartVersion)
-
-		chart.Config.ChartVersion = uc.newVersion
-		err := chart.Save()
-		if err != nil {
-			return doError(err)
-		}
-
-		// add helm-chart.yaml
-		relToGit, err := filepath.Rel(gitRootPath, chart.ConfigFile)
-		if err != nil {
-			return doError(err)
-		}
-		toAdd = append(toAdd, relToGit)
-
-		err = cmd.collectFiles(gitRootPath, chart.GetDeprecatedChartDir(), files)
-		if err != nil {
-			return doError(err)
-		}
+	r, err := git.PlainOpen(gitRootPath)
+	if err != nil {
+		return doError(err)
 	}
-
-	err := cmd.collectFiles(gitRootPath, uc.charts[0].GetChartDir(true), files)
+	wt, err := r.Worktree()
 	if err != nil {
 		return doError(err)
 	}
 
-	err = uc.charts[0].Pull(ctx)
+	// add helm-chart.yaml
+	relToGit, err := filepath.Rel(gitRootPath, hr.ConfigFile)
 	if err != nil {
 		return doError(err)
 	}
-
-	relToGit, err := filepath.Rel(gitRootPath, uc.charts[0].GetChartDir(true))
+	_, err = wt.Add(relToGit)
 	if err != nil {
 		return doError(err)
 	}
-	toAdd = append(toAdd, relToGit)
 
-	// delete old versions
-	for i, chart := range uc.charts {
-		deleteOldVersion := !toKeep[buildKey(chart, &oldVersions[i], nil)]
-		if deleteOldVersion {
-			err = os.RemoveAll(oldChartDirs[i])
-			if err != nil {
-				return doError(err)
-			}
+	if deleteChart {
+		chartDir, err := hr.Chart.BuildPulledChartDir(baseChartsDir, oldVersion)
+		if err != nil {
+			return doError(err)
 		}
-
-		err = os.RemoveAll(chart.GetDeprecatedChartDir())
+		relChartDir, err := filepath.Rel(gitRootPath, chartDir)
+		if err != nil {
+			return doError(err)
+		}
+		_, err = wt.Remove(relChartDir)
+		if err != nil && err != index.ErrEntryNotFound {
+			return doError(err)
+		}
+		err = os.RemoveAll(chartDir)
 		if err != nil {
 			return doError(err)
 		}
 	}
 
-	// figure out what got deleted
-	for p, oldSt := range files {
-		st, err := os.Lstat(filepath.Join(gitRootPath, p))
+	if pullChart {
+		chartDir, err := hr.Chart.BuildPulledChartDir(baseChartsDir, newVersion)
 		if err != nil {
-			if os.IsNotExist(err) {
-				toAdd = append(toAdd, p)
-				continue
-			}
 			return doError(err)
 		}
-		if st.Mode() == oldSt.Mode() && st.ModTime() == oldSt.ModTime() && st.Size() == oldSt.Size() {
-			continue
+		relChartDir, err := filepath.Rel(gitRootPath, chartDir)
+		if err != nil {
+			return doError(err)
 		}
-		toAdd = append(toAdd, p)
-	}
 
-	s.UpdateAndInfoFallback("%s: Committing chart", statusPrefix)
+		// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
+		// know what got deleted
+		files := map[string]bool{}
+		err = cmd.collectFiles(gitRootPath, chartDir, files)
+		if err != nil {
+			return doError(err)
+		}
 
-	mutex.Lock()
-	defer mutex.Unlock()
+		_, err = hr.Chart.PullInProject(ctx, baseChartsDir, newVersion)
+		if err != nil {
+			return doError(err)
+		}
 
-	r, err := git.PlainOpen(gitRootPath)
-	if err != nil {
-		return doError(err)
-	}
-	wt, err := r.Worktree()
-	if err != nil {
-		return doError(err)
-	}
+		_, err = wt.Add(relChartDir)
+		if err != nil {
+			return doError(err)
+		}
 
-	for _, p := range toAdd {
-		// we have to retry a few times as Add() might fail with "no such file or directly"
-		// This is because it internally tries to get the git status, which fails if files are added/deleted in
-		// parallel by another goroutine (we're pulling in parallel). We're guarding the repo via the mutex from above
-		// so this is actually safe.
-		for i := 0; i < 10; i++ {
-			_, err = wt.Add(p)
-			if err == nil || !os.IsNotExist(err) {
-				break
+		// figure out what got deleted
+		for p := range files {
+			_, err := os.Lstat(filepath.Join(gitRootPath, p))
+			if err != nil {
+				if os.IsNotExist(err) {
+					_, err = wt.Remove(p)
+					if err != nil {
+						return doError(err)
+					}
+				} else {
+					return doError(err)
+				}
 			}
-			// let's have some randomness in waiting time to ensure we don't run into the same problem again and again
-			s := time.Duration(rand.Intn(10) + 10)
-			time.Sleep(s * time.Millisecond)
-		}
-		if err != nil {
-			return doError(fmt.Errorf("failed to add %s to git index: %w", p, err))
 		}
 	}
 
-	commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", statusPrefix, uc.newVersion)
+	commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", relToGit, newVersion)
 	_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 	if err != nil {
 		return doError(fmt.Errorf("failed to commit: %w", err))
 	}
 
-	s.Update("%s: Committed helm chart with version %s", statusPrefix, uc.newVersion)
+	s.Update("%s: Committed helm chart with version %s", relToGit, newVersion)
 	s.Success()
 
 	return nil
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 3fe9dad20..682163cca 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -1,11 +1,14 @@
 package e2e
 
 import (
+	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
+	"net/url"
+	"os"
 	"path/filepath"
 	"sort"
 	"testing"
@@ -71,18 +74,18 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 			return
 		} else {
 			assert.NoError(t, err)
-			assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
+			assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
 		}
 	}
 
 	args := []string{"deploy", "--yes", "-t", "test"}
 	args = append(args, tc.extraArgs...)
 	_, stderr, err := p.Kluctl(args...)
-	prePullWarning := "Warning, need to pull Helm Chart test-chart1 with version 0.1.0."
+	pullMessage := "Pulling Helm Chart test-chart1 with version 0.1.0"
 	if prePull {
-		assert.NotContains(t, stderr, prePullWarning)
+		assert.NotContains(t, stderr, pullMessage)
 	} else {
-		assert.Contains(t, stderr, prePullWarning)
+		assert.Contains(t, stderr, pullMessage)
 	}
 	if tc.expectedError != "" {
 		assert.Error(t, err)
@@ -137,7 +140,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
@@ -149,6 +152,8 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	}, "")
 
 	p.KluctlMust("helm-pull")
+	assert.NoFileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.2.0"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
@@ -190,9 +195,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}, "")
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
-	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm2/charts/test-chart2/Chart.yaml"))
-	assert.FileExists(t, filepath.Join(p.LocalRepoDir(), "helm3/charts/test-chart1/Chart.yaml"))
+	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart2", "0.1.0"))
 
 	args := []string{"helm-update"}
 	if upgrade {
@@ -203,28 +207,28 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}
 
 	_, stderr := p.KluctlMust(args...)
-	assert.Contains(t, stderr, "helm1: Chart has new version 0.2.0 available.")
-	assert.Contains(t, stderr, "helm2: Chart has new version 0.3.0 available.")
-	assert.Contains(t, stderr, "helm3: Chart has new version 0.2.0 available. Old version is 0.1.0. skipUpdate is set to true.")
+	assert.Contains(t, stderr, "helm1: Chart has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm2: Chart has new version 0.3.0 available")
+	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
 
-	c1, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm1/charts/test-chart1/Chart.yaml"))
-	assert.NoError(t, err)
-	c2, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm2/charts/test-chart2/Chart.yaml"))
-	assert.NoError(t, err)
-	c3, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), "helm3/charts/test-chart1/Chart.yaml"))
-	assert.NoError(t, err)
-
-	v1, _, _ := c1.GetNestedString("version")
-	v2, _, _ := c2.GetNestedString("version")
-	v3, _, _ := c3.GetNestedString("version")
 	if upgrade {
-		assert.Equal(t, "0.2.0", v1)
-		assert.Equal(t, "0.3.0", v2)
-		assert.Equal(t, "0.1.0", v3)
+		assert.Contains(t, stderr, "helm1: Updated Chart version to 0.2.0")
+		assert.Contains(t, stderr, "helm2: Updated Chart version to 0.3.0")
+	}
+	if commit {
+		assert.Contains(t, stderr, "helm1: Committing Chart with version 0.2.0")
+		assert.Contains(t, stderr, "helm2: Committing Chart with version 0.3.0")
+	}
+
+	pulledVersions1 := listChartVersions(t, p, repoUrl, "test-chart1")
+	pulledVersions2 := listChartVersions(t, p, repoUrl, "test-chart2")
+
+	if commit {
+		assert.Equal(t, []string{"0.1.0", "0.2.0"}, pulledVersions1)
+		assert.Equal(t, []string{"0.3.0"}, pulledVersions2)
 	} else {
-		assert.Equal(t, "0.1.0", v1)
-		assert.Equal(t, "0.1.0", v2)
-		assert.Equal(t, "0.1.0", v3)
+		assert.Equal(t, []string{"0.1.0"}, pulledVersions1)
+		assert.Equal(t, []string{"0.1.0"}, pulledVersions2)
 	}
 
 	if commit {
@@ -244,8 +248,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 			return commitList[i].Message < commitList[j].Message
 		})
 
-		assert.Equal(t, "Updated helm chart helm1 from 0.1.0 to 0.2.0", commitList[0].Message)
-		assert.Equal(t, "Updated helm chart helm2 from 0.1.0 to 0.3.0", commitList[1].Message)
+		assert.Equal(t, "Updated helm chart helm1/helm-chart.yaml to version 0.2.0", commitList[0].Message)
+		assert.Equal(t, "Updated helm chart helm2/helm-chart.yaml to version 0.3.0", commitList[1].Message)
 	}
 }
 
@@ -312,9 +316,9 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 	args := []string{"helm-update", "--upgrade"}
 
 	_, stderr := p.KluctlMust(args...)
-	assert.Contains(t, stderr, "helm1: Chart has new version 0.1.1 available.")
-	assert.Contains(t, stderr, "helm2: Chart has new version 0.2.0 available.")
-	assert.Contains(t, stderr, "helm3: Chart has new version 1.2.1 available.")
+	assert.Contains(t, stderr, "helm1: Chart has new version 0.1.1 available")
+	assert.Contains(t, stderr, "helm2: Chart has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm3: Chart has new version 1.2.1 available")
 
 	c1 := p.GetYaml("helm1/helm-chart.yaml")
 	c2 := p.GetYaml("helm2/helm-chart.yaml")
@@ -468,3 +472,36 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 		"kubeVersion": "v1.22.1",
 	}, cm1.Object["data"])
 }
+
+func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
+	u, err := url.Parse(url2)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var dir string
+	if u.Scheme == "oci" {
+		dir = filepath.Join(p.LocalRepoDir(), ".helm-charts", fmt.Sprintf("%s_%s", u.Scheme, u.Hostname()), chartName)
+	} else {
+		dir = filepath.Join(p.LocalRepoDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
+	}
+	if chartVersion != "" {
+		dir = filepath.Join(dir, chartVersion)
+	}
+	return dir
+}
+
+func getChartFile(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
+	return filepath.Join(getChartDir(t, p, url2, chartName, chartVersion), "Chart.yaml")
+}
+
+func listChartVersions(t *testing.T, p *test_utils.TestProject, url2 string, chartName string) []string {
+	des, err := os.ReadDir(getChartDir(t, p, url2, chartName, ""))
+	assert.NoError(t, err)
+
+	var versions []string
+	for _, de := range des {
+		versions = append(versions, de.Name())
+	}
+	sort.Strings(versions)
+	return versions
+}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 72688db84..05df656bd 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -193,29 +193,27 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
-		chart, err := helm.NewHelmChart(di.ctx.HelmChartsDir, p)
+		hr, err := helm.NewRelease(p, di.ctx.HelmChartsDir, di.ctx.HelmCredentials)
 		if err != nil {
 			return err
 		}
 
-		chart.SetCredentials(di.ctx.HelmCredentials)
-
 		ky, err := di.readKustomizationYaml(subDir)
 		if err == nil && ky != nil {
 			resources, _, _ := ky.GetNestedStringList("resources")
 			found := false
 			for _, r := range resources {
-				if r == chart.GetOutputPath() {
+				if r == hr.GetOutputPath() {
 					found = true
 					break
 				}
 			}
 			if !found {
-				return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.RelRenderedDir, chart.GetOutputPath())
+				return fmt.Errorf("%s/kustomization.yaml does not include the rendered helm chart: %s", di.RelRenderedDir, hr.GetOutputPath())
 			}
 		}
 
-		return chart.Render(di.ctx.Ctx, di.ctx.K, di.ctx.K8sVersion, di.ctx.SopsDecrypter)
+		return hr.Render(di.ctx.Ctx, di.ctx.K, di.ctx.K8sVersion, di.ctx.SopsDecrypter)
 	})
 	if err != nil {
 		return err
@@ -418,7 +416,7 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		if di.isHelmValuesYaml(de.Name()) {
 			continue
 		} else if di.isHelmChartYaml(de.Name()) {
-			c, err := helm.NewHelmChart(di.ctx.HelmChartsDir, filepath.Join(di.RenderedDir, subDir, de.Name()))
+			c, err := helm.NewRelease(filepath.Join(di.RenderedDir, subDir, de.Name()), di.ctx.HelmChartsDir, nil)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
new file mode 100644
index 000000000..c5c29e54b
--- /dev/null
+++ b/pkg/helm/chart.go
@@ -0,0 +1,409 @@
+package helm
+
+import (
+	"context"
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	cp "github.com/otiai10/copy"
+	"github.com/rogpeppe/go-internal/lockedfile"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/registry"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/url"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+)
+
+type HelmCredentialsProvider interface {
+	FindCredentials(repoUrl string, credentialsId *string) *repo.Entry
+}
+
+type Chart struct {
+	repo      string
+	chartName string
+
+	credentials   HelmCredentialsProvider
+	credentialsId string
+
+	versions []string
+}
+
+func NewChart(repo string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string) (*Chart, error) {
+	hc := &Chart{
+		repo:          repo,
+		credentials:   credentialsProvider,
+		credentialsId: credentialsId,
+	}
+
+	if repo == "" {
+		return nil, fmt.Errorf("repo is missing")
+	}
+
+	if registry.IsOCI(repo) {
+		if chartName != "" {
+			return nil, fmt.Errorf("chartName can't be specified when using OCI repos")
+		}
+		s := strings.Split(repo, "/")
+		chartName := s[len(s)-1]
+		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
+			return nil, fmt.Errorf("invalid oci chart url: %s", repo)
+		}
+		hc.chartName = chartName
+	} else if chartName == "" {
+		return nil, fmt.Errorf("chartName is missing")
+	} else {
+		hc.chartName = chartName
+	}
+
+	return hc, nil
+}
+
+func (c *Chart) GetRepo() string {
+	return c.repo
+}
+
+func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, error) {
+	u, err := url.Parse(c.repo)
+	if err != nil {
+		return "", err
+	}
+
+	scheme := ""
+	port := ""
+	switch {
+	case u.Scheme == "oci":
+		scheme = "oci"
+	case u.Scheme == "http":
+		scheme = "http"
+		if u.Port() != "80" {
+			port = u.Port()
+		}
+	case u.Scheme == "https":
+		scheme = "https"
+		if u.Port() != "443" {
+			port = u.Port()
+		}
+	default:
+		return "", fmt.Errorf("unsupported scheme in %s", u.String())
+	}
+	if port != "" {
+		scheme += "_" + port
+	}
+
+	dir := filepath.Join(
+		baseDir,
+		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
+		filepath.FromSlash(strings.ToLower(u.Path)),
+	)
+	if u.Scheme != "oci" {
+		dir = filepath.Join(dir, c.chartName)
+	}
+	if version != "" {
+		dir = filepath.Join(dir, version)
+	}
+	err = utils.CheckInDir(baseDir, dir)
+	if err != nil {
+		return "", err
+	}
+
+	return dir, nil
+}
+
+func (c *Chart) GetChartName() string {
+	return c.chartName
+}
+
+func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
+	tmpPullDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pull-")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmpPullDir)
+
+	cfg, err := buildHelmConfig(nil)
+	if err != nil {
+		return nil, err
+	}
+	a := action.NewPullWithOpts(action.WithConfig(cfg))
+	a.Settings = cli.New()
+	a.Untar = true
+	a.DestDir = tmpPullDir
+	a.Version = version
+
+	if c.credentialsId != "" {
+		if registry.IsOCI(c.repo) {
+			return nil, fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
+		}
+		if c.credentials == nil {
+			return nil, fmt.Errorf("no credentials provider")
+		}
+	}
+
+	if c.credentials != nil {
+		p := &c.credentialsId
+		if c.credentialsId == "" {
+			p = nil
+		}
+		creds := c.credentials.FindCredentials(c.repo, p)
+		if creds != nil {
+			a.Username = creds.Username
+			a.Password = creds.Password
+			a.CertFile = creds.CertFile
+			a.CaFile = creds.CAFile
+			a.KeyFile = creds.KeyFile
+			a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
+			a.PassCredentialsAll = creds.PassCredentialsAll
+		}
+	}
+
+	var out string
+	if registry.IsOCI(c.repo) {
+		out, err = a.Run(c.repo)
+	} else {
+		a.RepoURL = c.repo
+		out, err = a.Run(c.chartName)
+	}
+	if out != "" {
+		status.PlainText(ctx, out)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	chartDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pulled-")
+	if err != nil {
+		return nil, err
+	}
+
+	// move chart
+	des, err := os.ReadDir(filepath.Join(tmpPullDir, c.chartName))
+	if err != nil {
+		return nil, err
+	}
+	for _, de := range des {
+		err = os.Rename(filepath.Join(tmpPullDir, c.chartName, de.Name()), filepath.Join(chartDir, de.Name()))
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return NewPulledChart(c, version, chartDir, true), nil
+}
+
+func (c *Chart) Pull(ctx context.Context, pc *PulledChart) error {
+	newPulled, err := c.PullToTmp(ctx, pc.version)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(newPulled.dir)
+
+	err = os.RemoveAll(pc.dir)
+	if err != nil {
+		return err
+	}
+
+	_ = os.MkdirAll(filepath.Dir(pc.dir), 0o755)
+
+	err = cp.Copy(newPulled.dir, pc.dir)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart, *lockedfile.File, error) {
+	baseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
+	cacheDir, err := c.BuildPulledChartDir(baseDir, version)
+	_ = os.MkdirAll(cacheDir, 0o755)
+
+	lock, err := lockedfile.Create(cacheDir + ".lock")
+	if err != nil {
+		return nil, nil, err
+	}
+
+	cached := NewPulledChart(c, version, cacheDir, true)
+	needsPull, _, _, err := cached.CheckNeedsPull()
+	if err != nil {
+		_ = lock.Close()
+		return nil, nil, err
+	}
+	if !needsPull {
+		return cached, lock, nil
+	}
+
+	err = c.Pull(ctx, cached)
+	if err != nil {
+		_ = lock.Close()
+		return nil, nil, err
+	}
+
+	return cached, lock, nil
+}
+
+func (c *Chart) PullCached(ctx context.Context, version string) (*PulledChart, error) {
+	pc, lock, err := c.doPullCached(ctx, version)
+	if err != nil {
+		return nil, err
+	}
+	_ = lock.Close()
+	return pc, nil
+}
+
+func (c *Chart) PullInProject(ctx context.Context, baseDir string, version string) (*PulledChart, error) {
+	cachePc, lock, err := c.doPullCached(ctx, version)
+	if err != nil {
+		return nil, err
+	}
+	defer lock.Close()
+
+	pc, err := c.GetPulledChart(baseDir, version)
+	if err != nil {
+		return nil, err
+	}
+
+	err = os.RemoveAll(pc.dir)
+	if err != nil {
+		return nil, err
+	}
+
+	err = cp.Copy(cachePc.dir, pc.dir)
+	if err != nil {
+		return nil, err
+	}
+
+	return pc, nil
+}
+
+func (c *Chart) GetPulledChart(baseDir string, version string) (*PulledChart, error) {
+	chartDir, err := c.BuildPulledChartDir(baseDir, version)
+	if err != nil {
+		return nil, err
+	}
+	return NewPulledChart(c, version, chartDir, false), nil
+}
+
+func (c *Chart) QueryVersions(ctx context.Context) error {
+	if registry.IsOCI(c.repo) {
+		return c.queryVersionsOci(ctx)
+	}
+	return c.queryVersionsHelmRepo(ctx)
+}
+
+func (c *Chart) queryVersionsOci(ctx context.Context) error {
+	rh := registries.NewRegistryHelper(ctx)
+
+	imageName := strings.TrimPrefix(c.repo, "oci://")
+	tags, err := rh.ListImageTags(imageName)
+	if err != nil {
+		return err
+	}
+
+	c.versions = tags
+
+	return nil
+}
+
+func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
+	settings := cli.New()
+
+	var e *repo.Entry
+	if c.credentialsId != "" {
+		if c.credentials == nil {
+			return fmt.Errorf("no credentials provider")
+		}
+		e = c.credentials.FindCredentials(c.repo, &c.credentialsId)
+		if e == nil {
+			return fmt.Errorf("no credentials provided for Chart %s", c.chartName)
+		}
+	} else {
+		e = &repo.Entry{
+			URL: c.repo,
+		}
+	}
+
+	r, err := repo.NewChartRepository(e, getter.All(settings))
+	if err != nil {
+		return err
+	}
+
+	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(ctx), "helm-check-update-")
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(r.CachePath)
+
+	indexFile, err := r.DownloadIndexFile()
+	if err != nil {
+		return err
+	}
+
+	index, err := repo.LoadIndexFile(indexFile)
+	if err != nil {
+		return err
+	}
+
+	indexEntry, ok := index.Entries[c.chartName]
+	if !ok || len(indexEntry) == 0 {
+		return fmt.Errorf("helm chart %s not found in Repo index", c.chartName)
+	}
+
+	c.versions = make([]string, 0, indexEntry.Len())
+	for _, x := range indexEntry {
+		c.versions = append(c.versions, x.Version)
+	}
+
+	return nil
+}
+
+func (c *Chart) GetLatestVersion(constraints *string) (string, error) {
+	if len(c.versions) == 0 {
+		return "", fmt.Errorf("no versions found or queried")
+	}
+
+	var err error
+	var updateConstraints *semver.Constraints
+	if constraints != nil {
+		updateConstraints, err = semver.NewConstraint(*constraints)
+		if err != nil {
+			return "", fmt.Errorf("invalid constraints '%s': %w", *constraints, err)
+		}
+	}
+
+	var versions semver.Collection
+	for _, x := range c.versions {
+		v, err := semver.NewVersion(x)
+		if err != nil {
+			continue
+		}
+
+		if updateConstraints == nil {
+			if v.Prerelease() != "" {
+				// we don't allow pre-releases by default. To allow pre-releases, use 1.0.0-0 as constraint
+				continue
+			}
+		} else if !updateConstraints.Check(v) {
+			continue
+		}
+		versions = append(versions, v)
+	}
+	if len(versions) == 0 {
+		if constraints == nil {
+			return "", fmt.Errorf("no version found")
+		} else {
+			return "", fmt.Errorf("no version found that satisfies constraints '%s'", *constraints)
+		}
+	}
+
+	sort.Stable(versions)
+	latestVersion := versions[len(versions)-1].Original()
+	return latestVersion, nil
+}
diff --git a/pkg/helm/helm_chart.go b/pkg/helm/helm_chart.go
deleted file mode 100644
index 6c1f8e4dd..000000000
--- a/pkg/helm/helm_chart.go
+++ /dev/null
@@ -1,673 +0,0 @@
-package helm
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"github.com/Masterminds/semver/v3"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/registries"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"github.com/pkg/errors"
-	"github.com/rogpeppe/go-internal/lockedfile"
-	"helm.sh/helm/v3/pkg/action"
-	"helm.sh/helm/v3/pkg/chart"
-	"helm.sh/helm/v3/pkg/chart/loader"
-	"helm.sh/helm/v3/pkg/chartutil"
-	"helm.sh/helm/v3/pkg/cli"
-	"helm.sh/helm/v3/pkg/cli/values"
-	"helm.sh/helm/v3/pkg/getter"
-	"helm.sh/helm/v3/pkg/registry"
-	"helm.sh/helm/v3/pkg/release"
-	"helm.sh/helm/v3/pkg/repo"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"net/url"
-	"os"
-	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
-	"time"
-)
-
-type HelmCredentialsProvider interface {
-	FindCredentials(repoUrl string, credentialsId *string) *repo.Entry
-}
-
-type HelmChart struct {
-	ConfigFile string
-	Config     *types.HelmChartConfig
-
-	credentials HelmCredentialsProvider
-
-	chartName          string
-	chartDir           string
-	deprecatedChartDir string
-
-	versions []string
-}
-
-func NewHelmChart(baseChartsDir string, configFile string) (*HelmChart, error) {
-	var config types.HelmChartConfig
-	err := yaml.ReadYamlFile(configFile, &config)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = semver.NewVersion(config.ChartVersion)
-	if err != nil {
-		return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
-	}
-
-	hc := &HelmChart{
-		ConfigFile: configFile,
-		Config:     &config,
-	}
-
-	if registry.IsOCI(hc.Config.Repo) {
-		s := strings.Split(hc.Config.Repo, "/")
-		chartName := s[len(s)-1]
-		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
-			return nil, fmt.Errorf("invalid oci chart url: %s", hc.Config.Repo)
-		}
-		hc.chartName = chartName
-	} else if hc.Config.ChartName == "" {
-		return nil, fmt.Errorf("chartName is missing in helm-chart.yml")
-	} else {
-		hc.chartName = hc.Config.ChartName
-	}
-
-	dir := filepath.Dir(configFile)
-	chartDir := filepath.Join(dir, "charts")
-	chartDir, err = securejoin.SecureJoin(chartDir, hc.chartName)
-	if err != nil {
-		return nil, err
-	}
-	hc.deprecatedChartDir = chartDir
-
-	hc.chartDir, err = hc.buildChartDir(baseChartsDir)
-	if err != nil {
-		return nil, err
-	}
-
-	return hc, nil
-}
-
-func (c *HelmChart) buildChartDir(baseChartsDir string) (string, error) {
-	u, err := url.Parse(c.Config.Repo)
-	if err != nil {
-		return "", err
-	}
-
-	scheme := ""
-	port := ""
-	switch {
-	case registry.IsOCI(c.Config.Repo):
-		scheme = "oci"
-	case u.Scheme == "http":
-		scheme = "http"
-		if u.Port() != "80" {
-			port = u.Port()
-		}
-	case u.Scheme == "https":
-		scheme = "https"
-		if u.Port() != "443" {
-			port = u.Port()
-		}
-	default:
-		return "", fmt.Errorf("unsupported scheme in %s", u.String())
-	}
-	if port != "" {
-		scheme += "_" + port
-	}
-
-	dir := filepath.Join(
-		baseChartsDir,
-		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
-		filepath.FromSlash(strings.ToLower(u.Path)),
-		c.chartName,
-	)
-	err = utils.CheckInDir(baseChartsDir, dir)
-	if err != nil {
-		return "", err
-	}
-
-	return dir, nil
-}
-
-func (c *HelmChart) GetChartName() string {
-	return c.chartName
-}
-
-func (c *HelmChart) GetChartDir(withVersion bool) string {
-	if withVersion {
-		return filepath.Join(c.chartDir, c.Config.ChartVersion)
-	}
-	return c.chartDir
-}
-
-func (c *HelmChart) GetDeprecatedChartDir() string {
-	return c.deprecatedChartDir
-}
-
-func (c *HelmChart) GetOutputPath() string {
-	output := "helm-rendered.yaml"
-	if c.Config.Output != nil {
-		output = *c.Config.Output
-	}
-	return output
-}
-
-func (c *HelmChart) GetFullOutputPath() (string, error) {
-	dir := filepath.Dir(c.ConfigFile)
-	return securejoin.SecureJoin(dir, c.GetOutputPath())
-}
-
-func (c *HelmChart) buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
-	rc, err := registry.NewClient()
-	if err != nil {
-		return nil, err
-	}
-
-	return &action.Configuration{
-		RESTClientGetter: k,
-		RegistryClient:   rc,
-	}, nil
-}
-
-func (c *HelmChart) checkNeedsPull(chartDir string, isTmp bool) (bool, bool, string, error) {
-	if !utils.IsDirectory(chartDir) {
-		return true, false, "", nil
-	}
-
-	chartYamlPath := yaml.FixPathExt(filepath.Join(chartDir, "Chart.yaml"))
-	st, err := os.Stat(chartYamlPath)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return true, false, "", nil
-		}
-		return false, false, "", err
-	}
-	if isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
-		// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
-		return true, false, "", nil
-	}
-
-	chartYaml, err := uo.FromFile(chartYamlPath)
-	if err != nil {
-		return false, false, "", err
-	}
-
-	version, _, _ := chartYaml.GetNestedString("version")
-	if version != c.Config.ChartVersion {
-		return true, true, version, nil
-	}
-	return false, false, "", nil
-}
-
-func (c *HelmChart) Pull(ctx context.Context) error {
-	if utils.Exists(c.GetDeprecatedChartDir()) {
-		err := os.RemoveAll(c.GetDeprecatedChartDir())
-		if err != nil {
-			return err
-		}
-	}
-
-	return c.doPull(ctx, c.GetChartDir(true))
-}
-
-func (c *HelmChart) pullTmpChart(ctx context.Context) (string, error) {
-	hash := sha256.New()
-	_, _ = fmt.Fprintf(hash, "%s\n", c.Config.Repo)
-	_, _ = fmt.Fprintf(hash, "%s\n", c.chartName)
-	_, _ = fmt.Fprintf(hash, "%s\n", c.Config.ChartVersion)
-	h := hex.EncodeToString(hash.Sum(nil))
-	tmpDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
-	_ = os.MkdirAll(tmpDir, 0o755)
-	tmpDir = filepath.Join(tmpDir, fmt.Sprintf("%s-%s", c.chartName, h))
-
-	lockFile := tmpDir + ".lock"
-	lock, err := lockedfile.Create(lockFile)
-	if err != nil {
-		return "", err
-	}
-	defer lock.Close()
-
-	needsPull, _, _, err := c.checkNeedsPull(tmpDir, true)
-	if err != nil {
-		return "", err
-	}
-	if !needsPull {
-		return tmpDir, nil
-	}
-	err = c.doPull(ctx, tmpDir)
-	if err != nil {
-		return "", err
-	}
-	return tmpDir, nil
-}
-
-func (c *HelmChart) doPull(ctx context.Context, chartDir string) error {
-	baseDir := filepath.Dir(chartDir)
-
-	_ = os.RemoveAll(chartDir)
-	_ = os.MkdirAll(baseDir, 0o755)
-
-	// need to use the same filesystem/volume that we later os.Rename the final pull chart to, as otherwise
-	// the rename operation will lead to errors
-	tmpDir, err := os.MkdirTemp(baseDir, c.chartName+"-pull-")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	tmpChartDir := filepath.Join(tmpDir, c.chartName)
-
-	cfg, err := c.buildHelmConfig(nil)
-	if err != nil {
-		return err
-	}
-	a := action.NewPullWithOpts(action.WithConfig(cfg))
-	a.Settings = cli.New()
-	a.Untar = true
-	a.DestDir = tmpDir
-	a.Version = c.Config.ChartVersion
-
-	if c.Config.CredentialsId != nil {
-		if registry.IsOCI(c.Config.Repo) {
-			return fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
-		}
-		if c.credentials == nil {
-			return fmt.Errorf("no credentials provider")
-		}
-	}
-
-	if c.credentials != nil {
-		creds := c.credentials.FindCredentials(c.Config.Repo, c.Config.CredentialsId)
-		if creds != nil {
-			a.Username = creds.Username
-			a.Password = creds.Password
-			a.CertFile = creds.CertFile
-			a.CaFile = creds.CAFile
-			a.KeyFile = creds.KeyFile
-			a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
-			a.PassCredentialsAll = creds.PassCredentialsAll
-		}
-	}
-
-	var out string
-	if registry.IsOCI(c.Config.Repo) {
-		out, err = a.Run(c.Config.Repo)
-	} else {
-		a.RepoURL = c.Config.Repo
-		out, err = a.Run(c.chartName)
-	}
-	if err != nil {
-		return err
-	}
-
-	// a bug in the Pull command causes this directory to be created by accident
-	_ = os.RemoveAll(tmpChartDir + fmt.Sprintf("-%s.tar.gz", a.Version))
-	_ = os.RemoveAll(tmpChartDir + fmt.Sprintf("-%s.tgz", a.Version))
-	if out != "" {
-		status.PlainText(ctx, out)
-	}
-
-	err = os.Rename(tmpChartDir, chartDir)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (c *HelmChart) QueryLatestVersion(ctx context.Context) (string, error) {
-	if registry.IsOCI(c.Config.Repo) {
-		return c.queryLatestVersionOci(ctx)
-	}
-	return c.queryLatestVersionHelmRepo(ctx)
-}
-
-func (c *HelmChart) queryLatestVersionOci(ctx context.Context) (string, error) {
-	rh := registries.NewRegistryHelper(ctx)
-
-	imageName := strings.TrimPrefix(c.Config.Repo, "oci://")
-	tags, err := rh.ListImageTags(imageName)
-	if err != nil {
-		return "", err
-	}
-
-	latestVersion, err := c.findLatestVersion(tags)
-	if err != nil {
-		return "", err
-	}
-
-	return latestVersion, nil
-}
-
-func (c *HelmChart) queryLatestVersionHelmRepo(ctx context.Context) (string, error) {
-	settings := cli.New()
-
-	var e *repo.Entry
-	if c.Config.CredentialsId != nil {
-		if c.credentials == nil {
-			return "", fmt.Errorf("no credentials provider")
-		}
-		e = c.credentials.FindCredentials(c.Config.Repo, c.Config.CredentialsId)
-		if e == nil {
-			return "", fmt.Errorf("no credentials provided for Chart %s", c.chartName)
-		}
-	} else {
-		e = &repo.Entry{
-			URL: c.Config.Repo,
-		}
-	}
-
-	r, err := repo.NewChartRepository(e, getter.All(settings))
-	if err != nil {
-		return "", err
-	}
-
-	r.CachePath, err = os.MkdirTemp(utils.GetTmpBaseDir(ctx), "helm-check-update-")
-	if err != nil {
-		return "", err
-	}
-	defer os.RemoveAll(r.CachePath)
-
-	indexFile, err := r.DownloadIndexFile()
-	if err != nil {
-		return "", err
-	}
-
-	index, err := repo.LoadIndexFile(indexFile)
-	if err != nil {
-		return "", err
-	}
-
-	indexEntry, ok := index.Entries[c.chartName]
-	if !ok || len(indexEntry) == 0 {
-		return "", fmt.Errorf("helm chart %s not found in repo index", c.chartName)
-	}
-
-	versions := make([]string, 0, indexEntry.Len())
-	for _, x := range indexEntry {
-		versions = append(versions, x.Version)
-	}
-
-	latestVersion, err := c.findLatestVersion(versions)
-	if err != nil {
-		return "", err
-	}
-
-	return latestVersion, nil
-}
-
-func (c *HelmChart) findLatestVersion(inputVersions []string) (string, error) {
-	var err error
-	var updateConstraints *semver.Constraints
-	if c.Config.UpdateConstraints != nil {
-		updateConstraints, err = semver.NewConstraint(*c.Config.UpdateConstraints)
-		if err != nil {
-			return "", fmt.Errorf("invalid update constraints '%s': %w", *c.Config.UpdateConstraints, err)
-		}
-	}
-
-	var versions semver.Collection
-	for _, x := range inputVersions {
-		v, err := semver.NewVersion(x)
-		if err != nil {
-			continue
-		}
-
-		if updateConstraints == nil {
-			if v.Prerelease() != "" {
-				// we don't allow pre-releases by default. To allow pre-releases, use 1.0.0-0 as constraint
-				continue
-			}
-		} else if !updateConstraints.Check(v) {
-			continue
-		}
-		versions = append(versions, v)
-	}
-	if len(versions) == 0 {
-		if c.Config.UpdateConstraints == nil {
-			return "", fmt.Errorf("no version found")
-		} else {
-			return "", fmt.Errorf("no version found that satisfies constraints '%s'", *c.Config.UpdateConstraints)
-		}
-	}
-
-	sort.Stable(versions)
-	latestVersion := versions[len(versions)-1].Original()
-	return latestVersion, nil
-}
-
-func (c *HelmChart) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
-	deprecatedChartDir := c.GetDeprecatedChartDir()
-	if utils.IsDirectory(deprecatedChartDir) {
-		status.Deprecation(ctx, "helm-charts-dir", "Your project has pre-pulled charts located beside the helm-chart.yaml, which is deprecated. "+
-			"Please run 'kluctl helm-pull' on your project and ensure that the deprecated charts are removed! Future versions of kluctl will ignore these locations.")
-	}
-
-	err := c.doRender(ctx, k, k8sVersion, sopsDecrypter)
-	if err != nil {
-		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", c.chartName, c.Config.ReleaseName, err)
-	}
-	return nil
-}
-
-func (c *HelmChart) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
-	chartDir := c.deprecatedChartDir
-
-	needsPull, versionChanged, prePulledVersion, err := c.checkNeedsPull(chartDir, false)
-	if err != nil {
-		return err
-	}
-	if needsPull {
-		if versionChanged {
-			return fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-				"Desired version is %s while pre-pulled version is %s", c.chartName, c.Config.ChartVersion, prePulledVersion)
-		} else {
-			status.Warning(ctx, "Warning, need to pull Helm Chart %s with version %s. "+
-				"Please consider pre-pulling it with 'kluctl helm-pull'", c.chartName, c.Config.ChartVersion)
-		}
-
-		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", c.chartName, c.Config.ChartVersion)
-		defer s.Failed()
-
-		chartDir, err = c.pullTmpChart(ctx)
-		if err != nil {
-			return err
-		}
-		s.Success()
-	}
-
-	outputPath, err := c.GetFullOutputPath()
-	if err != nil {
-		return err
-	}
-	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(c.ConfigFile), "helm-values.yml"))
-
-	var gvs []schema.GroupVersion
-	if k != nil {
-		gvs, err = k.Resources.GetAllGroupVersions()
-		if err != nil {
-			return err
-		}
-	}
-	cfg, err := c.buildHelmConfig(k)
-	if err != nil {
-		return err
-	}
-
-	settings := cli.New()
-	valueOpts := values.Options{}
-
-	if utils.Exists(valuesPath) {
-		tmpValues, err := sops.MaybeDecryptFileToTmp(ctx, sopsDecrypter, valuesPath)
-		if err != nil {
-			return err
-		}
-		defer os.Remove(tmpValues)
-		valueOpts.ValueFiles = append(valueOpts.ValueFiles, tmpValues)
-	}
-
-	var kubeVersion *chartutil.KubeVersion
-	if k != nil {
-		kubeVersion, err = chartutil.ParseKubeVersion(k.ServerVersion.String())
-		if err != nil {
-			return err
-		}
-	}
-	if k8sVersion != "" {
-		kubeVersion, err = chartutil.ParseKubeVersion(k8sVersion)
-		if err != nil {
-			return err
-		}
-	}
-
-	namespace := "default"
-	if c.Config.Namespace != nil {
-		namespace = *c.Config.Namespace
-	}
-
-	client := action.NewInstall(cfg)
-	client.DryRun = true
-	client.Namespace = namespace
-	client.ReleaseName = c.Config.ReleaseName
-	client.Replace = true
-	client.ClientOnly = true
-	client.KubeVersion = kubeVersion
-
-	if c.Config.SkipCRDs {
-		client.SkipCRDs = true
-	} else {
-		client.IncludeCRDs = true
-	}
-	for _, gv := range gvs {
-		client.APIVersions = append(client.APIVersions, gv.String())
-	}
-
-	p := getter.All(settings)
-	vals, err := valueOpts.MergeValues(p)
-	if err != nil {
-		return err
-	}
-
-	// Check chart dependencies to make sure all are present in /charts
-	chartRequested, err := loader.Load(chartDir)
-	if err != nil {
-		return err
-	}
-
-	if err := checkIfInstallable(chartRequested); err != nil {
-		return err
-	}
-
-	if chartRequested.Metadata.Deprecated {
-		status.Warning(ctx, "Chart %s is deprecated", c.Config.ChartName)
-	}
-
-	rel, err := client.Run(chartRequested, vals)
-	if err != nil {
-		return err
-	}
-
-	parsed, err := c.parseRenderedManifests(rel.Manifest)
-	if err != nil {
-		return err
-	}
-
-	if !client.DisableHooks {
-		for _, m := range rel.Hooks {
-			if isTestHook(m) {
-				continue
-			}
-			parsedHooks, err := c.parseRenderedManifests(m.Manifest)
-			if err != nil {
-				return err
-			}
-			parsed = append(parsed, parsedHooks...)
-		}
-	}
-
-	var fixed []interface{}
-	for _, o := range parsed {
-		// "helm install" will deploy resources to the given namespace automatically, but "helm template" does not
-		// add the necessary namespace in the rendered resources
-		if k != nil {
-			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-				k.Resources.FixNamespace(o, namespace)
-				return nil
-			})
-			if err != nil {
-				return err
-			}
-		}
-		fixed = append(fixed, o)
-	}
-	rendered, err := yaml.WriteYamlAllBytes(fixed)
-	if err != nil {
-		return err
-	}
-
-	err = os.WriteFile(outputPath, rendered, 0o600)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *HelmChart) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
-	var parsed []*uo.UnstructuredObject
-
-	duplicatesRemoved, err := yaml.RemoveDuplicateFields(strings.NewReader(s))
-	if err != nil {
-		return nil, err
-	}
-
-	m, err := yaml.ReadYamlAllBytes(duplicatesRemoved)
-	if err != nil {
-		return nil, err
-	}
-	for _, x := range m {
-		x2, ok := x.(map[string]interface{})
-		if !ok {
-			return nil, fmt.Errorf("yaml object is not a map")
-		}
-		parsed = append(parsed, uo.FromMap(x2))
-	}
-	return parsed, nil
-}
-
-func (c *HelmChart) SetCredentials(p HelmCredentialsProvider) {
-	c.credentials = p
-}
-
-func checkIfInstallable(ch *chart.Chart) error {
-	switch ch.Metadata.Type {
-	case "", "application":
-		return nil
-	}
-	return errors.Errorf("%s charts are not installable", ch.Metadata.Type)
-}
-
-func isTestHook(h *release.Hook) bool {
-	for _, e := range h.Events {
-		if e == release.HookTest {
-			return true
-		}
-	}
-	return false
-}
-
-func (c *HelmChart) Save() error {
-	return yaml.WriteYamlFile(c.ConfigFile, c.Config)
-}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
new file mode 100644
index 000000000..885082193
--- /dev/null
+++ b/pkg/helm/helm_release.go
@@ -0,0 +1,313 @@
+package helm
+
+import (
+	"context"
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/pkg/errors"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/chart"
+	"helm.sh/helm/v3/pkg/chart/loader"
+	"helm.sh/helm/v3/pkg/chartutil"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/cli/values"
+	"helm.sh/helm/v3/pkg/getter"
+	"helm.sh/helm/v3/pkg/release"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+type Release struct {
+	ConfigFile string
+	Config     *types.HelmChartConfig
+	Chart      *Chart
+
+	baseChartsDir string
+}
+
+func NewRelease(configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider) (*Release, error) {
+	var config types.HelmChartConfig
+	err := yaml.ReadYamlFile(configFile, &config)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = semver.NewVersion(config.ChartVersion)
+	if err != nil {
+		return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
+	}
+
+	credentialsId := ""
+	if config.CredentialsId != nil {
+		credentialsId = *config.CredentialsId
+	}
+	chart, err := NewChart(config.Repo, config.ChartName, credentialsProvider, credentialsId)
+	if err != nil {
+		return nil, err
+	}
+
+	hr := &Release{
+		ConfigFile:    configFile,
+		Config:        &config,
+		baseChartsDir: baseChartsDir,
+		Chart:         chart,
+	}
+
+	return hr, nil
+}
+
+func (hr *Release) GetOutputPath() string {
+	output := "helm-rendered.yaml"
+	if hr.Config.Output != nil {
+		output = *hr.Config.Output
+	}
+	return output
+}
+
+func (hr *Release) GetFullOutputPath() (string, error) {
+	dir := filepath.Dir(hr.ConfigFile)
+	return securejoin.SecureJoin(dir, hr.GetOutputPath())
+}
+
+func (hr *Release) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+	err := hr.doRender(ctx, k, k8sVersion, sopsDecrypter)
+	if err != nil {
+		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", hr.Chart.GetChartName(), hr.Config.ReleaseName, err)
+	}
+	return nil
+}
+
+func (hr *Release) GetDeprecatedChartDir() string {
+	dir := filepath.Dir(hr.ConfigFile)
+	return filepath.Join(dir, "charts", hr.Chart.GetChartName())
+}
+
+func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
+	deprecatedPC := NewPulledChart(hr.Chart, hr.Config.ChartVersion, hr.GetDeprecatedChartDir(), false)
+	if deprecatedPC.CheckExists() {
+		status.Deprecation(ctx, "helm-charts-dir", "Your project has pre-pulled charts located next to the helm-chart.yaml, which is deprecated. "+
+			"Please run 'kluctl helm-pull' on your project and ensure that the deprecated charts are removed! Future versions of kluctl will ignore these locations.")
+		return deprecatedPC, nil
+	}
+	pc, err := hr.Chart.GetPulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
+	if err != nil {
+		return nil, err
+	}
+
+	needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
+	if err != nil {
+		return nil, err
+	}
+	if needsPull {
+		if versionChanged {
+			return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+				"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
+		}
+
+		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
+		defer s.Failed()
+
+		pc, err = hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
+		if err != nil {
+			return nil, err
+		}
+		s.Success()
+	}
+
+	return pc, nil
+}
+
+func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+	pc, err := hr.getPulledChart(ctx)
+	if err != nil {
+		return err
+	}
+
+	outputPath, err := hr.GetFullOutputPath()
+	if err != nil {
+		return err
+	}
+	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(hr.ConfigFile), "helm-values.yml"))
+
+	var gvs []schema.GroupVersion
+	if k != nil {
+		gvs, err = k.Resources.GetAllGroupVersions()
+		if err != nil {
+			return err
+		}
+	}
+	cfg, err := buildHelmConfig(k)
+	if err != nil {
+		return err
+	}
+
+	settings := cli.New()
+	valueOpts := values.Options{}
+
+	if utils.Exists(valuesPath) {
+		tmpValues, err := sops.MaybeDecryptFileToTmp(ctx, sopsDecrypter, valuesPath)
+		if err != nil {
+			return err
+		}
+		defer os.Remove(tmpValues)
+		valueOpts.ValueFiles = append(valueOpts.ValueFiles, tmpValues)
+	}
+
+	var kubeVersion *chartutil.KubeVersion
+	if k != nil {
+		kubeVersion, err = chartutil.ParseKubeVersion(k.ServerVersion.String())
+		if err != nil {
+			return err
+		}
+	}
+	if k8sVersion != "" {
+		kubeVersion, err = chartutil.ParseKubeVersion(k8sVersion)
+		if err != nil {
+			return err
+		}
+	}
+
+	namespace := "default"
+	if hr.Config.Namespace != nil {
+		namespace = *hr.Config.Namespace
+	}
+
+	client := action.NewInstall(cfg)
+	client.DryRun = true
+	client.Namespace = namespace
+	client.ReleaseName = hr.Config.ReleaseName
+	client.Replace = true
+	client.ClientOnly = true
+	client.KubeVersion = kubeVersion
+
+	if hr.Config.SkipCRDs {
+		client.SkipCRDs = true
+	} else {
+		client.IncludeCRDs = true
+	}
+	for _, gv := range gvs {
+		client.APIVersions = append(client.APIVersions, gv.String())
+	}
+
+	p := getter.All(settings)
+	vals, err := valueOpts.MergeValues(p)
+	if err != nil {
+		return err
+	}
+
+	// Check chart dependencies to make sure all are present in /charts
+	chartRequested, err := loader.Load(pc.dir)
+	if err != nil {
+		return err
+	}
+
+	if err := checkIfInstallable(chartRequested); err != nil {
+		return err
+	}
+
+	if chartRequested.Metadata.Deprecated {
+		status.Warning(ctx, "Chart %s is deprecated", hr.Config.ChartName)
+	}
+
+	rel, err := client.Run(chartRequested, vals)
+	if err != nil {
+		return err
+	}
+
+	parsed, err := hr.parseRenderedManifests(rel.Manifest)
+	if err != nil {
+		return err
+	}
+
+	if !client.DisableHooks {
+		for _, m := range rel.Hooks {
+			if isTestHook(m) {
+				continue
+			}
+			parsedHooks, err := hr.parseRenderedManifests(m.Manifest)
+			if err != nil {
+				return err
+			}
+			parsed = append(parsed, parsedHooks...)
+		}
+	}
+
+	var fixed []interface{}
+	for _, o := range parsed {
+		// "helm install" will deploy resources to the given namespace automatically, but "helm template" does not
+		// add the necessary namespace in the rendered resources
+		if k != nil {
+			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
+				k.Resources.FixNamespace(o, namespace)
+				return nil
+			})
+			if err != nil {
+				return err
+			}
+		}
+		fixed = append(fixed, o)
+	}
+	rendered, err := yaml.WriteYamlAllBytes(fixed)
+	if err != nil {
+		return err
+	}
+
+	err = os.WriteFile(outputPath, rendered, 0o600)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (hr *Release) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
+	var parsed []*uo.UnstructuredObject
+
+	duplicatesRemoved, err := yaml.RemoveDuplicateFields(strings.NewReader(s))
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := yaml.ReadYamlAllBytes(duplicatesRemoved)
+	if err != nil {
+		return nil, err
+	}
+	for _, x := range m {
+		x2, ok := x.(map[string]interface{})
+		if !ok {
+			return nil, fmt.Errorf("yaml object is not a map")
+		}
+		parsed = append(parsed, uo.FromMap(x2))
+	}
+	return parsed, nil
+}
+
+func (hr *Release) Save() error {
+	return yaml.WriteYamlFile(hr.ConfigFile, hr.Config)
+}
+
+func checkIfInstallable(ch *chart.Chart) error {
+	switch ch.Metadata.Type {
+	case "", "application":
+		return nil
+	}
+	return errors.Errorf("%s charts are not installable", ch.Metadata.Type)
+}
+
+func isTestHook(h *release.Hook) bool {
+	for _, e := range h.Events {
+		if e == release.HookTest {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
new file mode 100644
index 000000000..d8c65a963
--- /dev/null
+++ b/pkg/helm/pulled_chart.go
@@ -0,0 +1,65 @@
+package helm
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+type PulledChart struct {
+	chart   *Chart
+	version string
+	dir     string
+	isTmp   bool
+}
+
+func NewPulledChart(chart *Chart, version string, dir string, isTmp bool) *PulledChart {
+	pc := &PulledChart{
+		chart:   chart,
+		version: version,
+		dir:     dir,
+		isTmp:   isTmp,
+	}
+	return pc
+}
+
+func (pc *PulledChart) CheckExists() bool {
+	if !utils.IsDirectory(pc.dir) {
+		return false
+	}
+	return true
+}
+
+func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
+	if !utils.IsDirectory(pc.dir) {
+		return true, false, "", nil
+	}
+
+	chartYamlPath := yaml.FixPathExt(filepath.Join(pc.dir, "Chart.yaml"))
+	st, err := os.Stat(chartYamlPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return true, false, "", nil
+		}
+		return false, false, "", err
+	}
+
+	if pc.isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
+		// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
+		return true, false, "", nil
+	}
+
+	chartYaml, err := uo.FromFile(chartYamlPath)
+	if err != nil {
+		return false, false, "", err
+	}
+
+	version, _, _ := chartYaml.GetNestedString("version")
+	if version != pc.version {
+		return true, true, version, nil
+	}
+	return false, false, version, nil
+}
diff --git a/pkg/helm/utils.go b/pkg/helm/utils.go
new file mode 100644
index 000000000..d02c70ef0
--- /dev/null
+++ b/pkg/helm/utils.go
@@ -0,0 +1,19 @@
+package helm
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"helm.sh/helm/v3/pkg/action"
+	"helm.sh/helm/v3/pkg/registry"
+)
+
+func buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
+	rc, err := registry.NewClient()
+	if err != nil {
+		return nil, err
+	}
+
+	return &action.Configuration{
+		RESTClientGetter: k,
+		RegistryClient:   rc,
+	}, nil
+}

From 2e8b8b3187508c65a166549dd2f338080d63219f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 17:20:57 +0100
Subject: [PATCH 0664/2268] docs: Update docs in regard to pre-pulled charts
 location

---
 docs/reference/deployments/helm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index ee2c4ec21..f42fe69c3 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -17,7 +17,7 @@ The integration is split into 2 parts/steps/layers. The first is the management
 the second part handles configuration/customization and deployment of the chart.
 
 It is recommended to pre-pull Helm Charts with [`kluctl helm-pull`](../commands/helm-pull.md), which will store the
-pulled charts near the `helm-chart.yaml` file (inside the `charts` sub-directory). It is however also possible (but not
+pulled charts inside `.helm-charts` of the project directory. It is however also possible (but not
 recommended) to skip the pre-pulling phase and let kluctl pull Charts on-demand.
 
 When pre-pulling Helm Charts, you can also add the resulting Chart contents into version control. This is actually

From 916db16b085fa09ea42a89db7e09d8ab4890474a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 17:26:41 +0100
Subject: [PATCH 0665/2268] fix: Honor --upgrade without --commit

Fixes #158
---
 cmd/kluctl/commands/cmd_helm_update.go | 74 ++++++++++++++------------
 e2e/helm_test.go                       | 14 ++---
 2 files changed, 46 insertions(+), 42 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index d40b274a6..22e0abc8b 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -192,10 +192,6 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 		status.Info(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
 
-		if !cmd.Commit {
-			continue
-		}
-
 		key := fmt.Sprintf("%s / %s", hr.Chart.GetRepo(), hr.Chart.GetChartName())
 		uv := versionUseCounts[key]
 		uv[oldVersion]--
@@ -246,7 +242,7 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 		return err
 	}
 
-	s := status.Start(ctx, "%s: Committing Chart with version %s", relDir, newVersion)
+	s := status.Start(ctx, "%s: Upgrading Chart to version %s", relDir, newVersion)
 	defer s.Failed()
 
 	doError := func(err error) error {
@@ -263,14 +259,16 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 		return doError(err)
 	}
 
-	// add helm-chart.yaml
-	relToGit, err := filepath.Rel(gitRootPath, hr.ConfigFile)
-	if err != nil {
-		return doError(err)
-	}
-	_, err = wt.Add(relToGit)
-	if err != nil {
-		return doError(err)
+	if cmd.Commit {
+		// add helm-chart.yaml
+		relToGit, err := filepath.Rel(gitRootPath, hr.ConfigFile)
+		if err != nil {
+			return doError(err)
+		}
+		_, err = wt.Add(relToGit)
+		if err != nil {
+			return doError(err)
+		}
 	}
 
 	if deleteChart {
@@ -282,9 +280,11 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 		if err != nil {
 			return doError(err)
 		}
-		_, err = wt.Remove(relChartDir)
-		if err != nil && err != index.ErrEntryNotFound {
-			return doError(err)
+		if cmd.Commit {
+			_, err = wt.Remove(relChartDir)
+			if err != nil && err != index.ErrEntryNotFound {
+				return doError(err)
+			}
 		}
 		err = os.RemoveAll(chartDir)
 		if err != nil {
@@ -315,34 +315,38 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 			return doError(err)
 		}
 
-		_, err = wt.Add(relChartDir)
-		if err != nil {
-			return doError(err)
-		}
-
-		// figure out what got deleted
-		for p := range files {
-			_, err := os.Lstat(filepath.Join(gitRootPath, p))
+		if cmd.Commit {
+			_, err = wt.Add(relChartDir)
 			if err != nil {
-				if os.IsNotExist(err) {
-					_, err = wt.Remove(p)
-					if err != nil {
+				return doError(err)
+			}
+
+			// figure out what got deleted
+			for p := range files {
+				_, err := os.Lstat(filepath.Join(gitRootPath, p))
+				if err != nil {
+					if os.IsNotExist(err) {
+						_, err = wt.Remove(p)
+						if err != nil {
+							return doError(err)
+						}
+					} else {
 						return doError(err)
 					}
-				} else {
-					return doError(err)
 				}
 			}
 		}
 	}
 
-	commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", relToGit, newVersion)
-	_, err = wt.Commit(commitMsg, &git.CommitOptions{})
-	if err != nil {
-		return doError(fmt.Errorf("failed to commit: %w", err))
-	}
+	if cmd.Commit {
+		commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", relDir, newVersion)
+		_, err = wt.Commit(commitMsg, &git.CommitOptions{})
+		if err != nil {
+			return doError(fmt.Errorf("failed to commit: %w", err))
+		}
 
-	s.Update("%s: Committed helm chart with version %s", relToGit, newVersion)
+		s.UpdateAndInfoFallback("%s: Committed helm chart with version %s", relDir, newVersion)
+	}
 	s.Success()
 
 	return nil
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 682163cca..03a6540bb 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -212,18 +212,18 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
 
 	if upgrade {
-		assert.Contains(t, stderr, "helm1: Updated Chart version to 0.2.0")
-		assert.Contains(t, stderr, "helm2: Updated Chart version to 0.3.0")
+		assert.Contains(t, stderr, "helm1: Upgrading Chart to version 0.2.0")
+		assert.Contains(t, stderr, "helm2: Upgrading Chart to version 0.3.0")
 	}
 	if commit {
-		assert.Contains(t, stderr, "helm1: Committing Chart with version 0.2.0")
-		assert.Contains(t, stderr, "helm2: Committing Chart with version 0.3.0")
+		assert.Contains(t, stderr, "helm1: Committed helm chart with version 0.2.0")
+		assert.Contains(t, stderr, "helm2: Committed helm chart with version 0.3.0")
 	}
 
 	pulledVersions1 := listChartVersions(t, p, repoUrl, "test-chart1")
 	pulledVersions2 := listChartVersions(t, p, repoUrl, "test-chart2")
 
-	if commit {
+	if upgrade {
 		assert.Equal(t, []string{"0.1.0", "0.2.0"}, pulledVersions1)
 		assert.Equal(t, []string{"0.3.0"}, pulledVersions2)
 	} else {
@@ -248,8 +248,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 			return commitList[i].Message < commitList[j].Message
 		})
 
-		assert.Equal(t, "Updated helm chart helm1/helm-chart.yaml to version 0.2.0", commitList[0].Message)
-		assert.Equal(t, "Updated helm chart helm2/helm-chart.yaml to version 0.3.0", commitList[1].Message)
+		assert.Equal(t, "Updated helm chart helm1 to version 0.2.0", commitList[0].Message)
+		assert.Equal(t, "Updated helm chart helm2 to version 0.3.0", commitList[1].Message)
 	}
 }
 

From eac6fff2eb89c01866ba36035ac41fb34f532852 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Dec 2022 17:39:45 +0100
Subject: [PATCH 0666/2268] chore: Better log output when pulling/ugprading

---
 cmd/kluctl/commands/cmd_helm_update.go |  8 ++++----
 e2e/helm_test.go                       | 22 +++++++++++-----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 22e0abc8b..1cc484d4c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -170,7 +170,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			continue
 		}
 
-		status.Info(ctx, "%s: Chart has new version %s available", relDir, latestVersion)
+		status.Info(ctx, "%s: Chart %s has new version %s available", relDir, hr.Chart.GetChartName(), latestVersion)
 
 		if !cmd.Upgrade {
 			continue
@@ -242,7 +242,7 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 		return err
 	}
 
-	s := status.Start(ctx, "%s: Upgrading Chart to version %s", relDir, newVersion)
+	s := status.Start(ctx, "%s: Upgrading Chart %s to version %s", relDir, hr.Chart.GetChartName(), newVersion)
 	defer s.Failed()
 
 	doError := func(err error) error {
@@ -339,13 +339,13 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 	}
 
 	if cmd.Commit {
-		commitMsg := fmt.Sprintf("Updated helm chart %s to version %s", relDir, newVersion)
+		commitMsg := fmt.Sprintf("Updated helm chart %s in %s to version %s", hr.Chart.GetChartName(), relDir, newVersion)
 		_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 		if err != nil {
 			return doError(fmt.Errorf("failed to commit: %w", err))
 		}
 
-		s.UpdateAndInfoFallback("%s: Committed helm chart with version %s", relDir, newVersion)
+		s.UpdateAndInfoFallback("%s: Committed helm chart %s with version %s", relDir, hr.Chart.GetChartName(), newVersion)
 	}
 	s.Success()
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 03a6540bb..5b9a772d5 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -207,17 +207,17 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}
 
 	_, stderr := p.KluctlMust(args...)
-	assert.Contains(t, stderr, "helm1: Chart has new version 0.2.0 available")
-	assert.Contains(t, stderr, "helm2: Chart has new version 0.3.0 available")
+	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm2: Chart test-chart2 has new version 0.3.0 available")
 	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
 
 	if upgrade {
-		assert.Contains(t, stderr, "helm1: Upgrading Chart to version 0.2.0")
-		assert.Contains(t, stderr, "helm2: Upgrading Chart to version 0.3.0")
+		assert.Contains(t, stderr, "helm1: Upgrading Chart test-chart1 to version 0.2.0")
+		assert.Contains(t, stderr, "helm2: Upgrading Chart test-chart2 to version 0.3.0")
 	}
 	if commit {
-		assert.Contains(t, stderr, "helm1: Committed helm chart with version 0.2.0")
-		assert.Contains(t, stderr, "helm2: Committed helm chart with version 0.3.0")
+		assert.Contains(t, stderr, "helm1: Committed helm chart test-chart1 with version 0.2.0")
+		assert.Contains(t, stderr, "helm2: Committed helm chart test-chart2 with version 0.3.0")
 	}
 
 	pulledVersions1 := listChartVersions(t, p, repoUrl, "test-chart1")
@@ -248,8 +248,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 			return commitList[i].Message < commitList[j].Message
 		})
 
-		assert.Equal(t, "Updated helm chart helm1 to version 0.2.0", commitList[0].Message)
-		assert.Equal(t, "Updated helm chart helm2 to version 0.3.0", commitList[1].Message)
+		assert.Equal(t, "Updated helm chart test-chart1 in helm1 to version 0.2.0", commitList[0].Message)
+		assert.Equal(t, "Updated helm chart test-chart2 in helm2 to version 0.3.0", commitList[1].Message)
 	}
 }
 
@@ -316,9 +316,9 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 	args := []string{"helm-update", "--upgrade"}
 
 	_, stderr := p.KluctlMust(args...)
-	assert.Contains(t, stderr, "helm1: Chart has new version 0.1.1 available")
-	assert.Contains(t, stderr, "helm2: Chart has new version 0.2.0 available")
-	assert.Contains(t, stderr, "helm3: Chart has new version 1.2.1 available")
+	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.1.1 available")
+	assert.Contains(t, stderr, "helm2: Chart test-chart1 has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm3: Chart test-chart1 has new version 1.2.1 available")
 
 	c1 := p.GetYaml("helm1/helm-chart.yaml")
 	c2 := p.GetYaml("helm2/helm-chart.yaml")

From c57d5419ff02f4a987e4d37ddcf41783cae7dc24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Dec 2022 22:08:18 +0000
Subject: [PATCH 0667/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.157 to 1.44.158

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.157 to 1.44.158.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.157...v1.44.158)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 484ebe921..cdc51572b 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.157
+	github.com/aws/aws-sdk-go v1.44.158
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 5ce647007..8ccdc3d66 100644
--- a/go.sum
+++ b/go.sum
@@ -128,8 +128,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.157 h1:JVBPpEWC8+yA7CbfAuTl/ZFFlHS3yoqWFqxFyTCISwg=
-github.com/aws/aws-sdk-go v1.44.157/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.158 h1:Q71ei9ijL3KuyQcLJA9TtuYy2gMLsLdVH5Q2ackBq3s=
+github.com/aws/aws-sdk-go v1.44.158/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 04c2a2833595e07a75e16f1b113ebd476591d25d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Dec 2022 22:08:37 +0000
Subject: [PATCH 0668/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.5.0 to 5.5.1

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.0 to 5.5.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.5.0...v5.5.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  4 ++--
 go.sum | 10 ++++------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 484ebe921..dae75ac18 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.11.0
-	github.com/go-git/go-git/v5 v5.5.0
+	github.com/go-git/go-git/v5 v5.5.1
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -37,7 +37,7 @@ require (
 	github.com/spf13/viper v1.14.0
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
-	github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4
+	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.4.0
 	golang.org/x/net v0.4.0
 	golang.org/x/sync v0.1.0
diff --git a/go.sum b/go.sum
index 5ce647007..838b0c7b2 100644
--- a/go.sum
+++ b/go.sum
@@ -257,8 +257,8 @@ github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Ai
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.5.0 h1:StO/ASRvk1Pp74tr7XQ0pQwKlCFignzzTF/NLKdQzUE=
-github.com/go-git/go-git/v5 v5.5.0/go.mod h1:g456XI30HAdt7GQtIf8JR6GDAdULGaR4KtfFtQa0uTg=
+github.com/go-git/go-git/v5 v5.5.1 h1:5vtv2TB5PM/gPM+EvsHJ16hJh4uAkdGcKilcwY7FYwo=
+github.com/go-git/go-git/v5 v5.5.1/go.mod h1:uz5PQ3d0gz7mSgzZhSJToM6ALPaKCdSnl58/Xb5hzr8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -679,7 +679,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pjbgf/sha1cd v0.2.0/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI=
 github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -810,9 +809,8 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
-github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4 h1:3kHD8uZqiYes9JHdd3FzuyUbG10g9Bp9EOfqkSHIhg4=
-github.com/xanzy/ssh-agent v0.3.3-0.20220920102508-0fa644ba07f4/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=

From 690228f2b9eb9b07121c3ec37e59fb5140e71806 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Dec 2022 12:13:53 +0100
Subject: [PATCH 0669/2268] fix: Use fluxcd fork of go-git

See https://github.com/fluxcd/pkg/issues/397, especially in regard to
skeema/knownhosts breaking compatibility
---
 cmd/kluctl/commands/cmd_helm_update.go |  4 ++--
 e2e/helm_test.go                       |  4 ++--
 e2e/test-utils/project.go              |  2 +-
 go.mod                                 |  4 +++-
 go.sum                                 | 31 +++++++++++++++++++++-----
 pkg/git/auth/auth_provider.go          |  2 +-
 pkg/git/auth/git_credentials_file.go   |  2 +-
 pkg/git/auth/list_auth_provider.go     |  4 ++--
 pkg/git/list_refs.go                   | 10 ++++-----
 pkg/git/mirrored_repo.go               |  8 +++----
 pkg/git/poor_mans_clone.go             |  4 ++--
 pkg/git/ssh-pool/hostport.go           |  2 +-
 pkg/git/test_git_server.go             |  2 +-
 pkg/git/utils.go                       |  2 +-
 pkg/vars/vars_loader_test.go           |  4 ++--
 15 files changed, 53 insertions(+), 32 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 1cc484d4c..059c70233 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/plumbing/format/index"
+	"github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/plumbing/format/index"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 5b9a772d5..cf33cf37c 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -2,8 +2,8 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/plumbing/object"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index b97497f98..3d0b891fb 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/go-git/go-git/v5"
+	"github.com/fluxcd/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
diff --git a/go.mod b/go.mod
index d447c0d8a..b86ceba06 100644
--- a/go.mod
+++ b/go.mod
@@ -10,8 +10,9 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
+	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
+	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
 	github.com/fluxcd/pkg/kustomize v0.11.0
-	github.com/go-git/go-git/v5 v5.5.1
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -120,6 +121,7 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/go-git/go-git/v5 v5.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
diff --git a/go.sum b/go.sum
index bc25ba223..20b2f6dfc 100644
--- a/go.sum
+++ b/go.sum
@@ -96,12 +96,15 @@ github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmy
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -114,6 +117,7 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -214,6 +218,7 @@ github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/emicklei/go-restful/v3 v3.10.0 h1:X4gma4HM7hFm6WMeAsTfqA0GOfdNoCzBIkHGoRLGXuM=
 github.com/emicklei/go-restful/v3 v3.10.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -238,27 +243,33 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
+github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47Q2oaKDekn+BZVZCmxeCWNi+FyownE=
+github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
 github.com/fluxcd/pkg/apis/kustomize v0.7.0 h1:X2htBmJ91nGYv4d93gin665MFWKNGiNwUiZ08/Zz0hY=
 github.com/fluxcd/pkg/apis/kustomize v0.7.0/go.mod h1:Mu+KdktsEKWA4l/33CZdY5lB4hz51mqfcLzBZSwAqVg=
 github.com/fluxcd/pkg/kustomize v0.11.0 h1:zseS9LRUuzhP/7KamccmsOgYpJAdhqtsf+2wN/CHF3I=
 github.com/fluxcd/pkg/kustomize v0.11.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.5.1 h1:5vtv2TB5PM/gPM+EvsHJ16hJh4uAkdGcKilcwY7FYwo=
-github.com/go-git/go-git/v5 v5.5.1/go.mod h1:uz5PQ3d0gz7mSgzZhSJToM6ALPaKCdSnl58/Xb5hzr8=
+github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
+github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -489,6 +500,7 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -524,6 +536,7 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -755,6 +768,7 @@ github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5g
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
@@ -809,6 +823,8 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
+github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
+github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -860,6 +876,7 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -869,6 +886,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -878,7 +896,7 @@ golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
 golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -957,6 +975,7 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -966,7 +985,6 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1014,6 +1032,7 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1048,10 +1067,12 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1073,7 +1094,6 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1081,7 +1101,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 19b2d418e..002ea0d12 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -2,7 +2,7 @@ package auth
 
 import (
 	"context"
-	"github.com/go-git/go-git/v5/plumbing/transport"
+	"github.com/fluxcd/go-git/v5/plumbing/transport"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"golang.org/x/crypto/ssh"
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 68989ca85..eb1696075 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"bufio"
 	"context"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/fluxcd/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	giturls "github.com/whilp/git-urls"
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 44e75c477..3d095e419 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -2,8 +2,8 @@ package auth
 
 import (
 	"context"
-	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"github.com/fluxcd/go-git/v5/plumbing/transport/http"
+	"github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	ssh2 "golang.org/x/crypto/ssh"
diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
index 735234d6b..a4a8bb7d5 100644
--- a/pkg/git/list_refs.go
+++ b/pkg/git/list_refs.go
@@ -4,11 +4,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/config"
-	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
-	"github.com/go-git/go-git/v5/storage/memory"
+	"github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/config"
+	"github.com/fluxcd/go-git/v5/plumbing"
+	"github.com/fluxcd/go-git/v5/plumbing/protocol/packp"
+	"github.com/fluxcd/go-git/v5/storage/memory"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 10e2e805c..e1642cdb9 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -5,10 +5,10 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/config"
-	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/config"
+	"github.com/fluxcd/go-git/v5/plumbing"
+	"github.com/fluxcd/go-git/v5/plumbing/object"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index 975112564..9804cab66 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -1,8 +1,8 @@
 package git
 
 import (
-	"github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/config"
+	"github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/config"
 	cp "github.com/otiai10/copy"
 	"os"
 	"path/filepath"
diff --git a/pkg/git/ssh-pool/hostport.go b/pkg/git/ssh-pool/hostport.go
index 4ca5c5cc7..d4e314ae0 100644
--- a/pkg/git/ssh-pool/hostport.go
+++ b/pkg/git/ssh-pool/hostport.go
@@ -2,7 +2,7 @@ package ssh_pool
 
 import (
 	"fmt"
-	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
 	"strconv"
 )
 
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index e7661ab9e..a323901a5 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -3,7 +3,7 @@ package git
 import (
 	"context"
 	"fmt"
-	"github.com/go-git/go-git/v5"
+	"github.com/fluxcd/go-git/v5"
 	"github.com/jinzhu/copier"
 	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
 	"gopkg.in/yaml.v3"
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index f007fa3ee..121bca567 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -2,7 +2,7 @@ package git
 
 import (
 	"fmt"
-	"github.com/go-git/go-git/v5"
+	"github.com/fluxcd/go-git/v5"
 	"os"
 	"path/filepath"
 )
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index b4d4a0f38..e7ecd8720 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -2,8 +2,8 @@ package vars
 
 import (
 	"context"
-	git2 "github.com/go-git/go-git/v5"
-	"github.com/go-git/go-git/v5/plumbing"
+	git2 "github.com/fluxcd/go-git/v5"
+	"github.com/fluxcd/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"

From f51bf628ca4974f67d5428ea6ae1e0d4a6e5db30 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Dec 2022 12:14:51 +0100
Subject: [PATCH 0670/2268] fix: Use wrapper around AuthMethod to override
 ClientConfig for HostKeyCallback

---
 pkg/git/auth/auth_provider.go      | 13 +++++++++--
 pkg/git/auth/list_auth_provider.go | 36 +++++++++++++++++++++---------
 pkg/git/auth/ssh_auth_provider.go  |  1 -
 pkg/git/ssh-pool/ssh_pool.go       |  4 ++--
 4 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 002ea0d12..18809899a 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -2,7 +2,9 @@ package auth
 
 import (
 	"context"
+	"fmt"
 	"github.com/fluxcd/go-git/v5/plumbing/transport"
+	ssh2 "github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"golang.org/x/crypto/ssh"
@@ -12,8 +14,15 @@ type AuthMethodAndCA struct {
 	AuthMethod transport.AuthMethod
 	CABundle   []byte
 
-	Hash         func() ([]byte, error)
-	ClientConfig func() (*ssh.ClientConfig, error)
+	Hash func() ([]byte, error)
+}
+
+func (a *AuthMethodAndCA) SshClientConfig() (*ssh.ClientConfig, error) {
+	gitSshAuth, ok := a.AuthMethod.(ssh2.AuthMethod)
+	if !ok {
+		return nil, fmt.Errorf("auth is not a git ssh.AuthMethod")
+	}
+	return gitSshAuth.ClientConfig()
 }
 
 type GitAuthProvider interface {
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 3d095e419..c6876027e 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -28,6 +28,28 @@ type AuthEntry struct {
 	CABundle []byte
 }
 
+type KnownHostsWrapper struct {
+	authMethod      ssh.AuthMethod
+	hostKeyCallback ssh2.HostKeyCallback
+}
+
+func (w *KnownHostsWrapper) String() string {
+	return w.authMethod.String()
+}
+
+func (w *KnownHostsWrapper) Name() string {
+	return w.authMethod.Name()
+}
+
+func (w *KnownHostsWrapper) ClientConfig() (*ssh2.ClientConfig, error) {
+	ccfg, err := w.authMethod.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+	ccfg.HostKeyCallback = w.hostKeyCallback
+	return ccfg, nil
+}
+
 func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
@@ -80,20 +102,14 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl)
 			if err != nil {
 				a.MessageCallbacks.Trace("ListAuthProvider: failed to parse private key: %v", err)
 			} else {
-				hostKeyCallback := buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts)
 				return AuthMethodAndCA{
-					AuthMethod: pk,
+					AuthMethod: &KnownHostsWrapper{
+						authMethod:      pk,
+						hostKeyCallback: buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts),
+					},
 					Hash: func() ([]byte, error) {
 						return buildHash(pk.Signer)
 					},
-					ClientConfig: func() (*ssh2.ClientConfig, error) {
-						ccfg, err := pk.ClientConfig()
-						if err != nil {
-							return nil, err
-						}
-						ccfg.HostKeyCallback = hostKeyCallback
-						return ccfg, nil
-					},
 				}
 			}
 		} else {
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 2e95cb864..5af2d2c0d 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -130,7 +130,6 @@ func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 			}
 			return buildHashForList(signers)
 		},
-		ClientConfig: auth.ClientConfig,
 	}
 }
 
diff --git a/pkg/git/ssh-pool/ssh_pool.go b/pkg/git/ssh-pool/ssh_pool.go
index 7b33a4f1c..010fec57a 100644
--- a/pkg/git/ssh-pool/ssh_pool.go
+++ b/pkg/git/ssh-pool/ssh_pool.go
@@ -139,7 +139,7 @@ func (p *SshPool) newClient(ctx context.Context, addr string, auth auth.AuthMeth
 		return nil, err
 	}
 
-	config, err := auth.ClientConfig()
+	config, err := auth.SshClientConfig()
 	if err != nil {
 		return nil, err
 	}
@@ -157,7 +157,7 @@ func (p *SshPool) buildHash(addr string, auth auth.AuthMethodAndCA) (string, err
 		return "", fmt.Errorf("auth has no Hash")
 	}
 
-	config, err := auth.ClientConfig()
+	config, err := auth.SshClientConfig()
 	if err != nil {
 		return "", err
 	}

From ba3608599b80a7ae039e54b8b7525382af2ee40e Mon Sep 17 00:00:00 2001
From: Eng Zer Jun <engzerjun@gmail.com>
Date: Wed, 14 Dec 2022 20:17:10 +0800
Subject: [PATCH 0671/2268] test: use `T.TempDir` to create temporary test
 directory

This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.

Prior to this commit, temporary directory created using `os.MkdirTemp`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
	defer func() {
		if err := os.RemoveAll(dir); err != nil {
			t.Fatal(err)
		}
	}
is also tedious, but `t.TempDir` handles this for us nicely.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
---
 pkg/git/test_git_server.go   | 22 +++++++--------------
 pkg/vars/vars_loader_test.go | 38 +++++++++++++-----------------------
 2 files changed, 21 insertions(+), 39 deletions(-)

diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index a323901a5..7dd0a1614 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -3,10 +3,6 @@ package git
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
-	"github.com/jinzhu/copier"
-	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
-	"gopkg.in/yaml.v3"
 	"log"
 	"net"
 	"net/http"
@@ -14,6 +10,11 @@ import (
 	"path/filepath"
 	"reflect"
 	"testing"
+
+	"github.com/fluxcd/go-git/v5"
+	"github.com/jinzhu/copier"
+	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
+	"gopkg.in/yaml.v3"
 )
 
 type TestGitServer struct {
@@ -28,15 +29,10 @@ type TestGitServer struct {
 
 func NewTestGitServer(t *testing.T) *TestGitServer {
 	p := &TestGitServer{
-		t: t,
+		t:       t,
+		baseDir: t.TempDir(),
 	}
 
-	baseDir, err := os.MkdirTemp(os.TempDir(), "kluctl-tests-")
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	p.baseDir = baseDir
-
 	p.initGitServer()
 
 	t.Cleanup(func() {
@@ -73,10 +69,6 @@ func (p *TestGitServer) Cleanup() {
 		p.gitServer = nil
 	}
 
-	if p.baseDir == "" {
-		return
-	}
-	_ = os.RemoveAll(p.baseDir)
 	p.baseDir = ""
 }
 
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index e7ecd8720..a4a99b4e6 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -2,6 +2,15 @@ package vars
 
 import (
 	"context"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
 	git2 "github.com/fluxcd/go-git/v5"
 	"github.com/fluxcd/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/git"
@@ -18,30 +27,11 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
 	"go.mozilla.org/sops/v3/age"
-	"io"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
 )
 
-func newTestDir(t *testing.T) string {
-	tmp, err := os.MkdirTemp("", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Cleanup(func() {
-		_ = os.RemoveAll(tmp)
-	})
-	return tmp
-}
-
 func newRP(t *testing.T) *repocache.GitRepoCache {
 	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders("KLUCTL_GIT", nil), nil, 0)
 	t.Cleanup(func() {
@@ -77,7 +67,7 @@ func TestVarsLoader_Values(t *testing.T) {
 }
 
 func TestVarsLoader_File(t *testing.T) {
-	d := newTestDir(t)
+	d := t.TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
@@ -101,7 +91,7 @@ func TestVarsLoader_File(t *testing.T) {
 }
 
 func TestVarsLoader_SopsFile(t *testing.T) {
-	d := newTestDir(t)
+	d := t.TempDir()
 	f, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
 	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), f, 0o600)
@@ -120,7 +110,7 @@ func TestVarsLoader_SopsFile(t *testing.T) {
 }
 
 func TestVarsLoader_FileWithLoad(t *testing.T) {
-	d := newTestDir(t)
+	d := t.TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
 
@@ -136,7 +126,7 @@ func TestVarsLoader_FileWithLoad(t *testing.T) {
 }
 
 func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
-	d := newTestDir(t)
+	d := t.TempDir()
 	_ = os.Mkdir(filepath.Join(d, "subdir"), 0o700)
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
@@ -153,7 +143,7 @@ func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
 }
 
 func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
-	d := newTestDir(t)
+	d := t.TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {

From 9ee0b28807f87b2a9c953cdd1382648daeaadd47 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Dec 2022 17:47:18 +0100
Subject: [PATCH 0672/2268] docs: Set linkTitle to Kluctl

---
 docs/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/README.md b/docs/README.md
index 1ccac0e55..b1dab7f60 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -2,7 +2,7 @@
 
 ---
 title: "Kluctl Documentation"
-linkTitle: "Docs"
+linkTitle: "Kluctl"
 description: "The missing glue to put together large Kubernetes deployments."
 taxonomyCloud: []
 weight: 20

From 0fbb20d6d8ebe15efe7f8228e742061fba808490 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Dec 2022 17:51:31 +0100
Subject: [PATCH 0673/2268] docs: Remove Kluctl menu entry from hugo page

---
 docs/README.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/README.md b/docs/README.md
index b1dab7f60..9e921ca6b 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -6,9 +6,6 @@ linkTitle: "Kluctl"
 description: "The missing glue to put together large Kubernetes deployments."
 taxonomyCloud: []
 weight: 20
-menu:
-  main:
-    weight: 20
 ---
 -->
 

From dc3ebf970f517ad8342eaf11b067c0e292a782ff Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Dec 2022 22:59:09 +0100
Subject: [PATCH 0674/2268] feat: Obfuscate diffs of Secrets

---
 cmd/kluctl/args/misc.go                |  1 +
 cmd/kluctl/commands/cmd_delete.go      |  2 +-
 cmd/kluctl/commands/cmd_deploy.go      |  8 +--
 cmd/kluctl/commands/cmd_diff.go        |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  2 +-
 cmd/kluctl/commands/cmd_prune.go       |  2 +-
 cmd/kluctl/commands/command_result.go  | 10 +++-
 docs/reference/commands/delete.md      |  1 +
 docs/reference/commands/deploy.md      |  1 +
 docs/reference/commands/diff.md        |  1 +
 docs/reference/commands/poke-images.md |  1 +
 docs/reference/commands/prune.md       |  1 +
 e2e/obfuscate_test.go                  | 48 +++++++++++++++++
 e2e/seal_test.go                       |  4 +-
 e2e/utils.go                           |  8 +++
 e2e/utils_resources.go                 | 10 ++--
 pkg/diff/diff.go                       | 73 ++++++++++++++++----------
 pkg/diff/obfuscate.go                  | 42 +++++++++++++++
 18 files changed, 174 insertions(+), 43 deletions(-)
 create mode 100644 e2e/obfuscate_test.go
 create mode 100644 pkg/diff/obfuscate.go

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 52b7b6f4c..513e71165 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -42,6 +42,7 @@ type AbortOnErrorFlags struct {
 
 type OutputFormatFlags struct {
 	OutputFormat []string `group:"misc" short:"o" help:"Specify output format and target file, in the format 'format=path'. Format can either be 'text' or 'yaml'. Can be specified multiple times. The actual format for yaml is currently not documented and subject to change."`
+	NoObfuscate  bool     `group:"misc" help:"Disable obfuscation of sensitive/secret data"`
 }
 
 type OutputFlags struct {
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index b034c6c4e..ed20376b7 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -65,7 +65,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index f819935db..624d6b6e3 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -64,7 +64,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	cmd2.NoWait = cmd.NoWait
 
 	cb := func(diffResult *types.CommandResult) error {
-		return cmd.diffResultCb(cmdCtx.ctx, diffResult)
+		return cmd.diffResultCb(cmdCtx.ctx, cmd.NoObfuscate, diffResult)
 	}
 	if cmd.Yes || cmd.DryRun {
 		cb = nil
@@ -74,7 +74,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
 	if err != nil {
 		return err
 	}
@@ -84,8 +84,8 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *types.CommandResult) error {
-	err := outputCommandResult(ctx, nil, diffResult)
+func (cmd *deployCmd) diffResultCb(ctx context.Context, noObfuscate bool, diffResult *types.CommandResult) error {
+	err := outputCommandResult(ctx, nil, noObfuscate, diffResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index bb8fcce19..a32991d41 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -50,7 +50,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 7492acc74..c1593e58e 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -51,7 +51,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, result)
+		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 13516a1b4..9c887eb1c 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -54,7 +54,7 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index f9dd12408..dcf709fa1 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -197,9 +198,16 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 	return nil
 }
 
-func outputCommandResult(ctx context.Context, output []string, cr *types.CommandResult) error {
+func outputCommandResult(ctx context.Context, output []string, noObfuscate bool, cr *types.CommandResult) error {
 	status.Flush(ctx)
 
+	if !noObfuscate {
+		var obfuscator diff.Obfuscator
+		for _, c := range cr.ChangedObjects {
+			obfuscator.Obfuscate(c.Ref, c.Changes)
+		}
+	}
+
 	return outputHelper(ctx, output, func(format string) (string, error) {
 		return formatCommandResult(cr, format)
 	})
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 264e4c553..f75f0f77c 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -51,6 +51,7 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
+      --no-obfuscate                                Disable obfuscation of sensitive/secret data
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 044715d7b..edc7d6544 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -54,6 +54,7 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
+      --no-obfuscate                                Disable obfuscation of sensitive/secret data
       --no-wait                                     Don't wait for objects readiness'
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index bb047a7c4..4441498af 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -55,6 +55,7 @@ Misc arguments:
       --ignore-annotations                          Ignores changes in annotations when diffing
       --ignore-labels                               Ignores changes in labels when diffing
       --ignore-tags                                 Ignores changes in tags when diffing
+      --no-obfuscate                                Disable obfuscation of sensitive/secret data
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 4d16e9589..77a33c404 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -48,6 +48,7 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
+      --no-obfuscate                                Disable obfuscation of sensitive/secret data
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index bef1d7c4b..5bb327f3c 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -44,6 +44,7 @@ Misc arguments:
                                                     Must be in the form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
+      --no-obfuscate                                Disable obfuscation of sensitive/secret data
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is
diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
new file mode 100644
index 000000000..8f0d018e5
--- /dev/null
+++ b/e2e/obfuscate_test.go
@@ -0,0 +1,48 @@
+package e2e
+
+import (
+	"encoding/base64"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestObfuscateSecrets(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addSecretDeployment(p, "secret", map[string]string{
+		"secret": "secret_value_1",
+	}, resourceOpts{
+		name:      "secret",
+		namespace: p.TestSlug(),
+	}, false)
+	stdout, _ := p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertSecretExists(t, k, p.TestSlug(), "secret")
+	assert.NotContains(t, stdout, "secret_value")
+
+	p.UpdateYaml("secret/secret-secret.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("secret_value_2", "stringData", "secret")
+		return nil
+	}, "")
+	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	assert.NotContains(t, stdout, "secret_value")
+	assert.Contains(t, stdout, "***** (obfuscated)")
+
+	p.UpdateYaml("secret/secret-secret.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("secret_value_3", "stringData", "secret")
+		return nil
+	}, "")
+	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test", "--no-obfuscate")
+	assert.Contains(t, stdout, "-"+base64.StdEncoding.EncodeToString([]byte("secret_value_2")))
+	assert.Contains(t, stdout, "+"+base64.StdEncoding.EncodeToString([]byte("secret_value_3")))
+	assert.NotContains(t, stdout, "***** (obfuscated)")
+}
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 2308ec103..532088948 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -109,7 +109,7 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[str
 	addSecretsSet(p, "test", varsSources)
 	addSecretsSetToTarget(p, "test-target", "test")
 
-	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.TestSlug()})
+	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.TestSlug()}, true)
 
 	return p
 }
@@ -391,7 +391,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 				},
 			}),
 		}, true)
-	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()})
+	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}, true)
 
 	p.KluctlMust("seal", "-t", "test-target")
 
diff --git a/e2e/utils.go b/e2e/utils.go
index 1e3b6c61b..270c273fa 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -43,6 +43,14 @@ func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namesp
 	}
 }
 
+func assertSecretExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
+	x, err := k.Get(v1.SchemeGroupVersion.WithResource("secrets"), namespace, name)
+	if err != nil {
+		t.Fatalf("unexpected error '%v' while getting Secret %s/%s", err, namespace, name)
+	}
+	return x
+}
+
 func assertNestedFieldEquals(t *testing.T, o *uo.UnstructuredObject, expected interface{}, keys ...interface{}) {
 	v, ok, err := o.GetNestedField(keys...)
 	if err != nil {
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 6d645d980..4131374b7 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -45,7 +45,7 @@ func createConfigMapObject(data map[string]string, opts resourceOpts) *uo.Unstru
 }
 
 func createSecretObject(data map[string]string, opts resourceOpts) *uo.UnstructuredObject {
-	o := createCoreV1Object("ConfigMap", opts)
+	o := createCoreV1Object("Secret", opts)
 	if data != nil {
 		o.SetNestedField(data, "stringData")
 	}
@@ -59,10 +59,14 @@ func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[stri
 	}, opts.tags)
 }
 
-func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
+func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts, sealme bool) {
+	sealmeExt := ""
+	if sealme {
+		sealmeExt = ".sealme"
+	}
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
-		{fname, fname + ".sealme", o},
+		{fname, fname + sealmeExt, o},
 	}, opts.tags)
 }
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 5781b9312..f9f1a1c55 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -54,6 +54,10 @@ func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([
 		if err != nil {
 			return nil, err
 		}
+		err = updateUnifiedDiff(c2)
+		if err != nil {
+			return nil, err
+		}
 		changes = append(changes, *c2)
 	}
 
@@ -65,59 +69,70 @@ func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([
 func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) (*types.Change, error) {
 	switch c.Type {
 	case "create":
-		ud, err := buildUnifiedDiff(notPresent, c.To, false)
-		if err != nil {
-			return nil, err
-		}
 		p, err := convertPath(c.Path, newObject.Object)
 		if err != nil {
 			return nil, err
 		}
 		return &types.Change{
-			Type:        "insert",
-			JsonPath:    p,
-			NewValue:    c.To,
-			UnifiedDiff: ud,
+			Type:     "insert",
+			JsonPath: p,
+			NewValue: c.To,
 		}, nil
 	case "delete":
-		ud, err := buildUnifiedDiff(c.From, notPresent, false)
-		if err != nil {
-			return nil, err
-		}
 		p, err := convertPath(c.Path, oldObject.Object)
 		if err != nil {
 			return nil, err
 		}
 		return &types.Change{
-			Type:        "delete",
-			JsonPath:    p,
-			OldValue:    c.From,
-			UnifiedDiff: ud,
+			Type:     "delete",
+			JsonPath: p,
+			OldValue: c.From,
 		}, nil
 	case "update":
-		showType := false
-		if reflect.TypeOf(c.From) != reflect.TypeOf(c.To) {
-			showType = true
-		}
-		ud, err := buildUnifiedDiff(c.From, c.To, showType)
-		if err != nil {
-			return nil, err
-		}
 		p, err := convertPath(c.Path, newObject.Object)
 		if err != nil {
 			return nil, err
 		}
 		return &types.Change{
-			Type:        "update",
-			JsonPath:    p,
-			NewValue:    c.To,
-			OldValue:    c.From,
-			UnifiedDiff: ud,
+			Type:     "update",
+			JsonPath: p,
+			NewValue: c.To,
+			OldValue: c.From,
 		}, nil
 	}
 	return nil, fmt.Errorf("unknown change type %s", c.Type)
 }
 
+func updateUnifiedDiff(change *types.Change) error {
+	switch change.Type {
+	case "insert":
+		ud, err := buildUnifiedDiff(notPresent, change.NewValue, false)
+		if err != nil {
+			return err
+		}
+		change.UnifiedDiff = ud
+	case "delete":
+		ud, err := buildUnifiedDiff(change.OldValue, notPresent, false)
+		if err != nil {
+			return err
+		}
+		change.UnifiedDiff = ud
+	case "update":
+		showType := false
+		if reflect.TypeOf(change.OldValue) != reflect.TypeOf(change.NewValue) {
+			showType = true
+		}
+		ud, err := buildUnifiedDiff(change.OldValue, change.NewValue, showType)
+		if err != nil {
+			return err
+		}
+		change.UnifiedDiff = ud
+	default:
+		return fmt.Errorf("unknown change type %s", change.Type)
+	}
+	return nil
+}
+
 func stableSortChanges(changes []types.Change) {
 	changesStrs := make([]string, len(changes))
 	changesIndexes := make([]int, len(changes))
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
new file mode 100644
index 000000000..710ca60c0
--- /dev/null
+++ b/pkg/diff/obfuscate.go
@@ -0,0 +1,42 @@
+package diff
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"strings"
+)
+
+var secretGvk = schema.GroupKind{Group: "", Kind: "Secret"}
+
+type Obfuscator struct {
+}
+
+func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) {
+	if ref.GVK.GroupKind() == secretGvk {
+		o.obfuscateSecret(ref, changes)
+	}
+}
+
+func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change) {
+	for i, _ := range changes {
+		c := &changes[i]
+		if strings.HasPrefix(c.JsonPath, "data.") || strings.HasPrefix(c.JsonPath, "stringData.") {
+			if c.NewValue != nil {
+				c.NewValue = "*****a"
+			}
+			if c.OldValue != nil {
+				c.OldValue = "*****b"
+			}
+			_ = updateUnifiedDiff(c)
+			if c.NewValue != nil {
+				c.NewValue = "*****"
+				c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****a", "***** (obfuscated)")
+			}
+			if c.OldValue != nil {
+				c.OldValue = "*****"
+				c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****b", "***** (obfuscated)")
+			}
+		}
+	}
+}

From 7554f43670154b128c25183c1fb6f23143f1204d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Dec 2022 21:12:34 +0100
Subject: [PATCH 0675/2268] feat: Remove templateExcludes from deployment
 projects

---
 pkg/deployment/deployment_item.go | 5 -----
 pkg/types/deployment.go           | 3 +--
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 05df656bd..49d2e650f 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -125,10 +124,6 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	var excludePatterns []string
 	excludePatterns = append(excludePatterns, "**/.git")
 
-	if len(di.Project.Config.TemplateExcludes) != 0 {
-		status.Deprecation(di.ctx.Ctx, "template-excludes", "'templateExcludes' are deprecated, use .templateignore files instead.")
-	}
-	excludePatterns = append(excludePatterns, di.Project.Config.TemplateExcludes...)
 	err = filepath.WalkDir(*di.dir, func(p string, d fs.DirEntry, err error) error {
 		if d.IsDir() {
 			relDir, err := filepath.Rel(*di.dir, p)
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index eee074fda..cefcf4b59 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -94,8 +94,7 @@ type DeploymentProjectConfig struct {
 	OverrideNamespace *string           `yaml:"overrideNamespace,omitempty"`
 	Tags              []string          `yaml:"tags,omitempty"`
 
-	IgnoreForDiff    []*IgnoreForDiffItemConfig `yaml:"ignoreForDiff,omitempty"`
-	TemplateExcludes []string                   `yaml:"templateExcludes,omitempty"`
+	IgnoreForDiff []*IgnoreForDiffItemConfig `yaml:"ignoreForDiff,omitempty"`
 }
 
 func init() {

From 3794ed68bcc9e90510004dacc3ee4d27fc901c6f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Dec 2022 22:08:10 +0000
Subject: [PATCH 0676/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.158 to 1.44.160

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.158 to 1.44.160.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.158...v1.44.160)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b86ceba06..5f69d1c24 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.158
+	github.com/aws/aws-sdk-go v1.44.160
 	github.com/bitnami-labs/sealed-secrets v0.19.2
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 20b2f6dfc..434f6f811 100644
--- a/go.sum
+++ b/go.sum
@@ -132,8 +132,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.158 h1:Q71ei9ijL3KuyQcLJA9TtuYy2gMLsLdVH5Q2ackBq3s=
-github.com/aws/aws-sdk-go v1.44.158/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.160 h1:F41sWUel1CJ69ezoBGCg8sDyu9kyeKEpwmDrLXbCuyA=
+github.com/aws/aws-sdk-go v1.44.160/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From e779ecf2a3a3b21ba43d14daf1330834c3c21202 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Dec 2022 22:08:40 +0000
Subject: [PATCH 0677/2268] chore(deps): Bump helm.sh/helm/v3 from 3.10.2 to
 3.10.3

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.10.2 to 3.10.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.10.2...v3.10.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b86ceba06..a5bddba73 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	golang.org/x/text v0.5.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.10.2
+	helm.sh/helm/v3 v3.10.3
 	k8s.io/api v0.26.0
 	k8s.io/apiextensions-apiserver v0.25.4
 	k8s.io/apimachinery v0.26.0
diff --git a/go.sum b/go.sum
index 20b2f6dfc..2c8e17b78 100644
--- a/go.sum
+++ b/go.sum
@@ -1339,8 +1339,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
-helm.sh/helm/v3 v3.10.2 h1:2PmN9NgmqTn5pswfL5Kh2LxOKjkmh0hxKLe6/J0yUY4=
-helm.sh/helm/v3 v3.10.2/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
+helm.sh/helm/v3 v3.10.3 h1:wL7IUZ7Zyukm5Kz0OUmIFZgKHuAgByCrUcJBtY0kDyw=
+helm.sh/helm/v3 v3.10.3/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From e95e3e5908a967acdfb31cb16bbeccdc0ceafd35 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Dec 2022 08:14:22 +0000
Subject: [PATCH 0678/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.13.1 to 0.14.0

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.13.1 to 0.14.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.13.1...v0.14.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 14 +++++++-------
 go.sum | 37 +++++++++++++++++--------------------
 2 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/go.mod b/go.mod
index 1f310f9c2..673227fa3 100644
--- a/go.mod
+++ b/go.mod
@@ -49,9 +49,9 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.3
 	k8s.io/api v0.26.0
-	k8s.io/apiextensions-apiserver v0.25.4
+	k8s.io/apiextensions-apiserver v0.26.0
 	k8s.io/apimachinery v0.26.0
-	k8s.io/client-go v0.25.4
+	k8s.io/client-go v0.26.0
 	k8s.io/klog/v2 v2.80.1
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9
@@ -64,7 +64,7 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.3
-	sigs.k8s.io/controller-runtime v0.13.1
+	sigs.k8s.io/controller-runtime v0.14.0
 )
 
 require (
@@ -226,7 +226,7 @@ require (
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/oauth2 v0.2.0 // indirect
-	golang.org/x/time v0.2.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.102.0 // indirect
@@ -239,12 +239,12 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.25.4 // indirect
+	k8s.io/apiserver v0.26.0 // indirect
 	k8s.io/cli-runtime v0.25.3 // indirect
-	k8s.io/component-base v0.25.4 // indirect
+	k8s.io/component-base v0.26.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 // indirect
 	k8s.io/kubectl v0.25.3 // indirect
-	k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	oras.land/oras-go v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index b087c36fd..c865d24b6 100644
--- a/go.sum
+++ b/go.sum
@@ -241,7 +241,7 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
-github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47Q2oaKDekn+BZVZCmxeCWNi+FyownE=
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
@@ -657,14 +657,12 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/ohler55/ojg v1.14.5 h1:xCX2oyh/ZaoesbLH6fwVHStSJpk4o4eJs8ttXutzdg0=
 github.com/ohler55/ojg v1.14.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo/v2 v2.5.0 h1:TRtrvv2vdQqzkwrQ1ke6vtXf7IK34RBUJafIy1wMwls=
+github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc=
 github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -873,7 +871,7 @@ go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
+go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1118,8 +1116,8 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE=
-golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1316,7 +1314,6 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
 gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
@@ -1350,33 +1347,33 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I=
 k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg=
-k8s.io/apiextensions-apiserver v0.25.4 h1:7hu9pF+xikxQuQZ7/30z/qxIPZc2J1lFElPtr7f+B6U=
-k8s.io/apiextensions-apiserver v0.25.4/go.mod h1:bkSGki5YBoZWdn5pWtNIdGvDrrsRWlmnvl9a+tAw5vQ=
+k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo=
+k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ=
 k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg=
 k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
-k8s.io/apiserver v0.25.4 h1:/3TwZcgLqX7wUxq7TtXOUqXeBTwXIblVMQdhR5XZ7yo=
-k8s.io/apiserver v0.25.4/go.mod h1:rPcm567XxjOnnd7jedDUnGJGmDGAo+cT6H7QHAN+xV0=
+k8s.io/apiserver v0.26.0 h1:q+LqIK5EZwdznGZb8bq0+a+vCqdeEEe4Ux3zsOjbc4o=
+k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84=
 k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
 k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
-k8s.io/client-go v0.25.4 h1:3RNRDffAkNU56M/a7gUfXaEzdhZlYhoW8dgViGy5fn8=
-k8s.io/client-go v0.25.4/go.mod h1:8trHCAC83XKY0wsBIpbirZU4NTUpbuhc2JnI7OruGZw=
-k8s.io/component-base v0.25.4 h1:n1bjg9Yt+G1C0WnIDJmg2fo6wbEU1UGMRiQSjmj7hNQ=
-k8s.io/component-base v0.25.4/go.mod h1:nnZJU8OP13PJEm6/p5V2ztgX2oyteIaAGKGMYb2L2cY=
+k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8=
+k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg=
+k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs=
+k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 h1:zfqQc1V6/ZgGpvrOVvr62OjiqQX4lZjfznK34NQwkqw=
 k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
 k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
-k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
-k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
 oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.13.1 h1:tUsRCSJVM1QQOOeViGeX3GMT3dQF1eePPw6sEE3xSlg=
-sigs.k8s.io/controller-runtime v0.13.1/go.mod h1:Zbz+el8Yg31jubvAEyglRZGdLAjplZl+PgtYNI6WNTI=
+sigs.k8s.io/controller-runtime v0.14.0 h1:ju2xsov5Ara6FoQuddg+az+rAxsUsTYn2IYyEKCTyDc=
+sigs.k8s.io/controller-runtime v0.14.0/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From 6da364cbf6cc86daabe844a4560d2e02fe9a62d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 14:35:32 +0100
Subject: [PATCH 0679/2268] feat: Add support for local Helm Charts

---
 cmd/kluctl/commands/cmd_helm_pull.go | 11 ++++-
 docs/reference/deployments/helm.md   |  6 +++
 e2e/helm_test.go                     | 25 ++++++++++
 e2e/test-utils/helm_repo_utils.go    | 18 ++++---
 e2e/test-utils/project.go            |  8 +++-
 pkg/deployment/deployment_item.go    |  8 ++--
 pkg/helm/chart.go                    | 72 ++++++++++++++++++++++++++--
 pkg/helm/helm_release.go             | 36 ++++++++++++--
 pkg/types/helm_chart.go              | 47 +++++++++++++++++-
 9 files changed, 207 insertions(+), 24 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index ee8fc429d..0931ea0b8 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -133,11 +133,20 @@ func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvid
 			return nil
 		}
 
-		hr, err := helm.NewRelease(p, baseChartsDir, credentialsProvider)
+		relDir, err := filepath.Rel(projectDir, filepath.Dir(p))
 		if err != nil {
 			return err
 		}
 
+		hr, err := helm.NewRelease(projectDir, relDir, p, baseChartsDir, credentialsProvider)
+		if err != nil {
+			return err
+		}
+
+		if hr.Chart.IsLocalChart() {
+			return nil
+		}
+
 		releases = append(releases, hr)
 		chart := hr.Chart
 		key := fmt.Sprintf("%s / %s", chart.GetRepo(), chart.GetChartName())
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index f42fe69c3..bc31615f6 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -99,6 +99,12 @@ helmChart:
   namespace: pepper
 ```
 
+### path
+As alternative to `repo`, you can also specify `path`. The path must point to a local Helm Chart that is relative to the
+`helm-chart.yaml`. The local Chart must reside in your Kluctl project.
+
+When `path` is specified, `repo`, `chartName`, `chartVersion` and `updateContrainsts` are not allowed.
+
 ### chartName
 The name of the chart that can be found in the repository.
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index cf33cf37c..9d8f519cb 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -473,6 +473,31 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 	}, cm1.Object["data"])
 }
 
+func TestHelmLocalChart(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", "../test-chart1", "", "", "test-helm-1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", "test-chart2", "", "", "test-helm-2", p.TestSlug(), nil)
+
+	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalRepoDir(), "test-chart1"))
+	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalRepoDir(), "helm2/test-chart2"))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-1-test-chart1")
+	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-2-test-chart2")
+
+	_, stderr := p.KluctlMust("helm-pull")
+	assert.NotContains(t, stderr, "test-chart1")
+	assert.NotContains(t, stderr, "test-chart2")
+}
+
 func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
 	u, err := url.Parse(url2)
 	if err != nil {
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index aabe7835b..6bf45c0f5 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -24,25 +24,23 @@ import (
 	"testing"
 )
 
-func createHelmPackage(t *testing.T, name string, version string) string {
-	tmpDir := t.TempDir()
-
+func CreateHelmDir(t *testing.T, name string, version string, dest string) {
 	err := fs.WalkDir(test_resources.HelmChartFS, ".", func(path string, d fs.DirEntry, err error) error {
 		if d.IsDir() {
-			return os.MkdirAll(filepath.Join(tmpDir, path), 0o700)
+			return os.MkdirAll(filepath.Join(dest, path), 0o700)
 		} else {
 			b, err := test_resources.HelmChartFS.ReadFile(path)
 			if err != nil {
 				return err
 			}
-			return os.WriteFile(filepath.Join(tmpDir, path), b, 0o600)
+			return os.WriteFile(filepath.Join(dest, path), b, 0o600)
 		}
 	})
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	c, err := uo.FromFile(filepath.Join(tmpDir, "Chart.yaml"))
+	c, err := uo.FromFile(filepath.Join(dest, "Chart.yaml"))
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -50,10 +48,16 @@ func createHelmPackage(t *testing.T, name string, version string) string {
 	_ = c.SetNestedField(name, "name")
 	_ = c.SetNestedField(version, "version")
 
-	err = yaml.WriteYamlFile(filepath.Join(tmpDir, "Chart.yaml"), c)
+	err = yaml.WriteYamlFile(filepath.Join(dest, "Chart.yaml"), c)
 	if err != nil {
 		t.Fatal(err)
 	}
+}
+
+func createHelmPackage(t *testing.T, name string, version string) string {
+	tmpDir := t.TempDir()
+
+	CreateHelmDir(t, name, version, tmpDir)
 
 	settings := cli.New()
 	client := action.NewPackage()
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 3d0b891fb..b824a5223 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
+	"net/url"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -259,7 +260,11 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 }
 
 func (p *TestProject) AddHelmDeployment(dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
-	if registry2.IsOCI(repoUrl) {
+	localPath := ""
+	if u, err := url.Parse(repoUrl); err != nil || u.Host == "" {
+		localPath = repoUrl
+		repoUrl = ""
+	} else if registry2.IsOCI(repoUrl) {
 		repoUrl += "/" + chartName
 		chartName = ""
 	}
@@ -272,6 +277,7 @@ func (p *TestProject) AddHelmDeployment(dir string, repoUrl string, chartName, v
 		*o = *uo.FromMap(map[string]interface{}{
 			"helmChart": map[string]any{
 				"repo":         repoUrl,
+				"path":         localPath,
 				"chartVersion": version,
 				"releaseName":  releaseName,
 				"namespace":    namespace,
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 49d2e650f..bf5469beb 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -130,9 +130,9 @@ func (di *DeploymentItem) render(forSeal bool) error {
 			if err != nil {
 				return err
 			}
-			if yaml.Exists(filepath.Join(p, "helm-chart.yml")) {
+			if yaml.Exists(filepath.Join(p, "Chart.yaml")) {
 				// never try to render helm charts
-				ep := filepath.Join(relDir, "charts/**")
+				ep := fmt.Sprintf("%s/**", relDir)
 				ep = filepath.ToSlash(ep)
 				excludePatterns = append(excludePatterns, ep)
 				return filepath.SkipDir
@@ -188,7 +188,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
-		hr, err := helm.NewRelease(p, di.ctx.HelmChartsDir, di.ctx.HelmCredentials)
+		hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), p, di.ctx.HelmChartsDir, di.ctx.HelmCredentials)
 		if err != nil {
 			return err
 		}
@@ -411,7 +411,7 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		if di.isHelmValuesYaml(de.Name()) {
 			continue
 		} else if di.isHelmChartYaml(de.Name()) {
-			c, err := helm.NewRelease(filepath.Join(di.RenderedDir, subDir, de.Name()), di.ctx.HelmChartsDir, nil)
+			c, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), filepath.Join(di.RenderedDir, subDir, de.Name()), di.ctx.HelmChartsDir, nil)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index c5c29e54b..6ef7a4a64 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -7,6 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"helm.sh/helm/v3/pkg/action"
@@ -28,6 +30,7 @@ type HelmCredentialsProvider interface {
 
 type Chart struct {
 	repo      string
+	localPath string
 	chartName string
 
 	credentials   HelmCredentialsProvider
@@ -36,18 +39,32 @@ type Chart struct {
 	versions []string
 }
 
-func NewChart(repo string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string) (*Chart, error) {
 	hc := &Chart{
 		repo:          repo,
+		localPath:     localPath,
 		credentials:   credentialsProvider,
 		credentialsId: credentialsId,
 	}
 
-	if repo == "" {
-		return nil, fmt.Errorf("repo is missing")
+	if localPath == "" && repo == "" {
+		return nil, fmt.Errorf("repo and localPath are missing")
 	}
 
-	if registry.IsOCI(repo) {
+	if hc.IsLocalChart() {
+		chartYaml, err := uo.FromFile(yaml.FixPathExt(filepath.Join(hc.localPath, "Chart.yaml")))
+		if err != nil {
+			return nil, err
+		}
+		x, _, err := chartYaml.GetNestedString("name")
+		if err != nil {
+			return nil, err
+		}
+		if x == "" {
+			return nil, fmt.Errorf("invalid/empty chart name")
+		}
+		hc.chartName = x
+	} else if registry.IsOCI(repo) {
 		if chartName != "" {
 			return nil, fmt.Errorf("chartName can't be specified when using OCI repos")
 		}
@@ -70,6 +87,29 @@ func (c *Chart) GetRepo() string {
 	return c.repo
 }
 
+func (c *Chart) GetLocalPath() string {
+	return c.localPath
+}
+
+func (c *Chart) IsLocalChart() bool {
+	return c.localPath != ""
+}
+
+func (c *Chart) GetLocalChartVersion() (string, error) {
+	chartYaml, err := uo.FromFile(yaml.FixPathExt(filepath.Join(c.localPath, "Chart.yaml")))
+	if err != nil {
+		return "", err
+	}
+	x, _, err := chartYaml.GetNestedString("version")
+	if err != nil {
+		return "", err
+	}
+	if x == "" {
+		return "", fmt.Errorf("invalid/empty chart version")
+	}
+	return x, nil
+}
+
 func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, error) {
 	u, err := url.Parse(c.repo)
 	if err != nil {
@@ -122,6 +162,10 @@ func (c *Chart) GetChartName() string {
 }
 
 func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
+	if c.IsLocalChart() {
+		return nil, fmt.Errorf("can not pull local charts")
+	}
+
 	tmpPullDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pull-")
 	if err != nil {
 		return nil, err
@@ -199,6 +243,10 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 }
 
 func (c *Chart) Pull(ctx context.Context, pc *PulledChart) error {
+	if c.IsLocalChart() {
+		return fmt.Errorf("can not pull local charts")
+	}
+
 	newPulled, err := c.PullToTmp(ctx, pc.version)
 	if err != nil {
 		return err
@@ -250,6 +298,10 @@ func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart,
 }
 
 func (c *Chart) PullCached(ctx context.Context, version string) (*PulledChart, error) {
+	if c.IsLocalChart() {
+		return nil, fmt.Errorf("can not pull local charts")
+	}
+
 	pc, lock, err := c.doPullCached(ctx, version)
 	if err != nil {
 		return nil, err
@@ -259,6 +311,10 @@ func (c *Chart) PullCached(ctx context.Context, version string) (*PulledChart, e
 }
 
 func (c *Chart) PullInProject(ctx context.Context, baseDir string, version string) (*PulledChart, error) {
+	if c.IsLocalChart() {
+		return nil, fmt.Errorf("can not pull local charts")
+	}
+
 	cachePc, lock, err := c.doPullCached(ctx, version)
 	if err != nil {
 		return nil, err
@@ -284,6 +340,10 @@ func (c *Chart) PullInProject(ctx context.Context, baseDir string, version strin
 }
 
 func (c *Chart) GetPulledChart(baseDir string, version string) (*PulledChart, error) {
+	if c.IsLocalChart() {
+		return nil, fmt.Errorf("can not pull local charts")
+	}
+
 	chartDir, err := c.BuildPulledChartDir(baseDir, version)
 	if err != nil {
 		return nil, err
@@ -292,6 +352,10 @@ func (c *Chart) GetPulledChart(baseDir string, version string) (*PulledChart, er
 }
 
 func (c *Chart) QueryVersions(ctx context.Context) error {
+	if c.IsLocalChart() {
+		return fmt.Errorf("can not query versions for local charts")
+	}
+
 	if registry.IsOCI(c.repo) {
 		return c.queryVersionsOci(ctx)
 	}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 885082193..c4d8963e4 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -35,23 +35,41 @@ type Release struct {
 	baseChartsDir string
 }
 
-func NewRelease(configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider) (*Release, error) {
+func NewRelease(projectRoot string, relDirInProject string, configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider) (*Release, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
 		return nil, err
 	}
 
-	_, err = semver.NewVersion(config.ChartVersion)
-	if err != nil {
-		return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
+	if config.ChartVersion != "" {
+		_, err = semver.NewVersion(config.ChartVersion)
+		if err != nil {
+			return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
+		}
+	}
+
+	localPath := ""
+	if config.Path != "" {
+		if filepath.IsAbs(config.Path) {
+			return nil, fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
+		}
+		localPath = filepath.Join(projectRoot, relDirInProject, config.Path)
+		localPath, err = filepath.Abs(localPath)
+		if err != nil {
+			return nil, err
+		}
+		err = utils.CheckInDir(projectRoot, localPath)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	credentialsId := ""
 	if config.CredentialsId != nil {
 		credentialsId = *config.CredentialsId
 	}
-	chart, err := NewChart(config.Repo, config.ChartName, credentialsProvider, credentialsId)
+	chart, err := NewChart(config.Repo, localPath, config.ChartName, credentialsProvider, credentialsId)
 	if err != nil {
 		return nil, err
 	}
@@ -93,6 +111,14 @@ func (hr *Release) GetDeprecatedChartDir() string {
 }
 
 func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
+	if hr.Chart.IsLocalChart() {
+		version, err := hr.Chart.GetLocalChartVersion()
+		if err != nil {
+			return nil, err
+		}
+		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
+	}
+
 	deprecatedPC := NewPulledChart(hr.Chart, hr.Config.ChartVersion, hr.GetDeprecatedChartDir(), false)
 	if deprecatedPC.CheckExists() {
 		status.Deprecation(ctx, "helm-charts-dir", "Your project has pre-pulled charts located next to the helm-chart.yaml, which is deprecated. "+
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 11498426b..e2c45601f 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,10 +1,17 @@
 package types
 
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"helm.sh/helm/v3/pkg/registry"
+)
+
 type HelmChartConfig2 struct {
-	Repo              string  `yaml:"repo" validate:"required"`
+	Repo              string  `yaml:"repo,omitempty"`
+	Path              string  `yaml:"path,omitempty"`
 	CredentialsId     *string `yaml:"credentialsId,omitempty"`
 	ChartName         string  `yaml:"chartName,omitempty"`
-	ChartVersion      string  `yaml:"chartVersion" validate:"required"`
+	ChartVersion      string  `yaml:"chartVersion,omitempty"`
 	UpdateConstraints *string `yaml:"updateConstraints,omitempty"`
 	ReleaseName       string  `yaml:"releaseName" validate:"required"`
 	Namespace         *string `yaml:"namespace,omitempty"`
@@ -13,6 +20,42 @@ type HelmChartConfig2 struct {
 	SkipUpdate        bool    `yaml:"skipUpdate,omitempty"`
 }
 
+func ValidateHelmChartConfig2(sl validator.StructLevel) {
+	c := sl.Current().Interface().(HelmChartConfig2)
+	if c.Repo == "" && c.Path == "" {
+		sl.ReportError("self", "repo", "repo", "either repo or path must be specified", "")
+	} else if c.Repo != "" && c.Path != "" {
+		sl.ReportError("self", "repo", "repo", "only one of repo and path can be specified", "")
+	} else if c.Repo != "" {
+		if c.ChartVersion == "" {
+			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion must be specified when repo is specified", "")
+		}
+		if registry.IsOCI(c.Repo) {
+			if c.ChartName != "" {
+				sl.ReportError("self", "chartName", "chartName", "chartName can not be specified when repo is a OCI url", "")
+			}
+		} else {
+			if c.ChartName == "" {
+				sl.ReportError("self", "chartName", "chartName", "chartName must be specified when repo is normal Helm repo", "")
+			}
+		}
+	} else if c.Path != "" {
+		if c.ChartName != "" {
+			sl.ReportError("self", "chartName", "chartName", "chartName can not be specified for local Helm charts", "")
+		}
+		if c.ChartVersion != "" {
+			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion can not be specified for local Helm charts", "")
+		}
+		if c.UpdateConstraints != nil {
+			sl.ReportError("self", "updateConstraints", "updateConstraints", "updateConstraints can not be specified for local Helm charts", "")
+		}
+	}
+}
+
 type HelmChartConfig struct {
 	HelmChartConfig2 `yaml:"helmChart" validate:"required"`
 }
+
+func init() {
+	yaml.Validator.RegisterStructValidation(ValidateHelmChartConfig2, HelmChartConfig2{})
+}

From ef2f7271b9e5e7d6ddf5efdcf580895433503edd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 14:42:59 +0100
Subject: [PATCH 0680/2268] fix: Show help when kluctl is called without
 arguments

---
 cmd/kluctl/commands/root.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 2c6d696f1..8b7231230 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,6 +18,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	flag "github.com/spf13/pflag"
 	"io"
 	"log"
 	"net/http"
@@ -194,7 +195,7 @@ func checkNewVersion(ctx context.Context) {
 }
 
 func (c *cli) Run(ctx context.Context) error {
-	return nil
+	return flag.ErrHelp
 }
 
 func initViper(ctx context.Context) {

From 11325b13aff0988c4f2d324539624dc4df6800fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 15:01:07 +0100
Subject: [PATCH 0681/2268] fix: Fix help output of completion command

---
 cmd/kluctl/commands/cobra_utils.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 5ebf48f10..e8e68f528 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -88,7 +88,7 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 	}
 
 	cg.cmd.SetHelpFunc(func(command *cobra.Command, i []string) {
-		c.helpFunc(cg)
+		c.helpFunc(cg, command)
 	})
 
 	return cg, nil
@@ -283,9 +283,7 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 	return utils.NewErrorListOrNil(retErr)
 }
 
-func (c *rootCommand) helpFunc(cg *commandAndGroups) {
-	cmd := cg.cmd
-
+func (c *rootCommand) helpFunc(cg *commandAndGroups, cmd *cobra.Command) {
 	termWidth := term.GetWidth()
 
 	h := "Usage: "

From 876cf3fdfc3b5a8f22948e79e2e6fac2dbf6bce2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 15:05:07 +0100
Subject: [PATCH 0682/2268] fix: Actually install shell completions in brew tap

---
 .goreleaser.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 9570d3b69..43a80732f 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -115,8 +115,6 @@ brews:
     description: "kluctl"
     install: |
       bin.install "kluctl"
-    test: |
-      system "#{bin}/kluctl version"
 
       bash_output = Utils.safe_popen_read(bin/"kluctl", "completion", "bash")
       (bash_completion/"kluctl").write bash_output
@@ -126,3 +124,5 @@ brews:
 
       fish_output = Utils.safe_popen_read(bin/"kluctl", "completion", "fish")
       (fish_completion/"kluctl.fish").write fish_output
+    test: |
+      system "#{bin}/kluctl version"

From 99a8aabb23784f89ed73bde09b7938d6d863a1ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 15:08:12 +0100
Subject: [PATCH 0683/2268] fix: Flush status before printing version

---
 cmd/kluctl/commands/cmd_version.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index c28a5b37e..3328a0203 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 )
 
@@ -9,6 +10,7 @@ type versionCmd struct {
 }
 
 func (cmd *versionCmd) Run(ctx context.Context) error {
+	status.Flush(ctx)
 	_, err := getStdout(ctx).WriteString(version.GetVersion() + "\n")
 	return err
 }

From c01a8bfb18ee1c96ab704f1004a11d347ec4062e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Dec 2022 22:32:54 +0100
Subject: [PATCH 0684/2268] chore: Run go get -u ./...

---
 go.mod |  92 ++++++++++-----------
 go.sum | 248 +++++++++++++++++++++++----------------------------------
 2 files changed, 146 insertions(+), 194 deletions(-)

diff --git a/go.mod b/go.mod
index 673227fa3..4065cbaa8 100644
--- a/go.mod
+++ b/go.mod
@@ -3,16 +3,16 @@ module github.com/kluctl/kluctl/v2
 go 1.19
 
 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.160
-	github.com/bitnami-labs/sealed-secrets v0.19.2
+	github.com/aws/aws-sdk-go v1.44.161
+	github.com/bitnami-labs/sealed-secrets v0.19.3
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
 	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
-	github.com/fluxcd/pkg/kustomize v0.11.0
+	github.com/fluxcd/pkg/kustomize v0.12.0
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -22,8 +22,8 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1
-	github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305
+	github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1
+	github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
@@ -68,16 +68,16 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.12.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.1 // indirect
+	cloud.google.com/go/compute v1.14.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.2 // indirect
 	filippo.io/age v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
+	github.com/Azure/azure-sdk-for-go v67.1.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
@@ -86,7 +86,7 @@ require (
 	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
@@ -97,20 +97,20 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/cloudflare/circl v1.2.0 // indirect
-	github.com/containerd/containerd v1.6.9 // indirect
+	github.com/cloudflare/circl v1.3.0 // indirect
+	github.com/containerd/containerd v1.6.13 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/cli v20.10.20+incompatible // indirect
-	github.com/docker/docker v20.10.20+incompatible // indirect
+	github.com/docker/cli v20.10.21+incompatible // indirect
+	github.com/docker/docker v20.10.21+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/drone/envsubst v1.0.3 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
@@ -121,7 +121,7 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/go-git/go-git/v5 v5.4.2 // indirect
+	github.com/go-git/go-git/v5 v5.5.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
@@ -138,17 +138,17 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.3.1 // indirect
+	github.com/hashicorp/go-hclog v1.4.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.5 // indirect
+	github.com/hashicorp/go-plugin v1.4.8 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
@@ -159,24 +159,24 @@ require (
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/sdk v0.6.0 // indirect
+	github.com/hashicorp/vault/sdk v0.6.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.11 // indirect
+	github.com/klauspost/compress v1.15.13 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -184,7 +184,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
+	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -194,23 +194,23 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.2.3 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/common v0.39.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rivo/uniseg v0.4.2 // indirect
+	github.com/rivo/uniseg v0.4.3 // indirect
 	github.com/rubenv/sql-migrate v1.2.0 // indirect
-	github.com/russross/blackfriday v1.6.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.1.0 // indirect
-	github.com/spf13/afero v1.9.2 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
@@ -219,20 +219,20 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.5 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.6 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
-	go.opencensus.io v0.23.0 // indirect
-	go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/mod v0.6.0 // indirect
-	golang.org/x/oauth2 v0.2.0 // indirect
+	golang.org/x/mod v0.7.0 // indirect
+	golang.org/x/oauth2 v0.3.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.2.0 // indirect
+	golang.org/x/tools v0.4.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/api v0.102.0 // indirect
+	google.golang.org/api v0.105.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect
-	google.golang.org/grpc v1.50.1 // indirect
+	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
+	google.golang.org/grpc v1.51.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -240,12 +240,12 @@ require (
 	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	k8s.io/apiserver v0.26.0 // indirect
-	k8s.io/cli-runtime v0.25.3 // indirect
+	k8s.io/cli-runtime v0.26.0 // indirect
 	k8s.io/component-base v0.26.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 // indirect
-	k8s.io/kubectl v0.25.3 // indirect
+	k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect
+	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	oras.land/oras-go v1.2.1 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index c865d24b6..54d211f55 100644
--- a/go.sum
+++ b/go.sum
@@ -20,19 +20,21 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0=
-cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU=
-cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48=
-cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
+cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
+cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
+cloud.google.com/go/compute/metadata v0.2.2 h1:aWKAjYaBaOSrpKl57+jnS/3fJRQnxL7TvR/u1VVbt6k=
+cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -46,8 +48,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
 filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
-github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII=
-github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v67.1.0+incompatible h1:oziYcaopbnIKfM69DL05wXdypiqfrUKdxUKrKpynJTw=
+github.com/Azure/azure-sdk-for-go v67.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -60,8 +62,9 @@ github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxsh
 github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
@@ -75,8 +78,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
-github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -92,19 +95,16 @@ github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
-github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
-github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
-github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
+github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -116,8 +116,6 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -132,15 +130,15 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.160 h1:F41sWUel1CJ69ezoBGCg8sDyu9kyeKEpwmDrLXbCuyA=
-github.com/aws/aws-sdk-go v1.44.160/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.161 h1:uZdZJ30mlbaU2wsrd/wzibrX01cbgKE2t486TtRjeHs=
+github.com/aws/aws-sdk-go v1.44.161/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.19.2 h1:0NpJCAhfDTkZ2u3PJaRWSynxlg55ssHxPQNn8T5JNPU=
-github.com/bitnami-labs/sealed-secrets v0.19.2/go.mod h1:KjTgHdD22gpjERjT1rA8yi4P4EkccMhRR2JW6Ctfu6g=
+github.com/bitnami-labs/sealed-secrets v0.19.3 h1:D9v0fQt8JNDEoBU6HRKKJ20VhqvGUyaDrK1bl714i4I=
+github.com/bitnami-labs/sealed-secrets v0.19.3/go.mod h1:G7Psbu6s3ed7GCO6ZjZ51zff0GGGSymLxFXb4QkJnRw=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -150,15 +148,14 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -168,16 +165,16 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec=
-github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8M+INXlMk=
+github.com/cloudflare/circl v1.3.0 h1:Anq00jxDtoyX3+aCaYUZ0vXC5r4k4epberfWGDXV1zE=
+github.com/cloudflare/circl v1.3.0/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/containerd v1.6.9 h1:IN/r8DUes/B5lEGTNfIiUkfZBtIQJGx2ai703dV6lRA=
-github.com/containerd/containerd v1.6.9/go.mod h1:XVicUvkxOrftE2Q1YWUXgZwkkAxwQYNOFzYWvfVfEfQ=
+github.com/containerd/containerd v1.6.13 h1:7llWEzjLH/fao0f2lppn1L6NhjsvxqMdUQa2mgVCs+U=
+github.com/containerd/containerd v1.6.13/go.mod h1:vDm+BbU+dD9uvuUlHr+KmcY0HKX8WDyI6dzJjNi4ee8=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -185,8 +182,7 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
-github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -196,12 +192,12 @@ github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27N
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
-github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4=
-github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
+github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.20+incompatible h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E=
-github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
+github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -216,9 +212,8 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3
 github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
 github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
-github.com/emicklei/go-restful/v3 v3.10.0 h1:X4gma4HM7hFm6WMeAsTfqA0GOfdNoCzBIkHGoRLGXuM=
-github.com/emicklei/go-restful/v3 v3.10.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
+github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -247,29 +242,25 @@ github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
 github.com/fluxcd/pkg/apis/kustomize v0.7.0 h1:X2htBmJ91nGYv4d93gin665MFWKNGiNwUiZ08/Zz0hY=
 github.com/fluxcd/pkg/apis/kustomize v0.7.0/go.mod h1:Mu+KdktsEKWA4l/33CZdY5lB4hz51mqfcLzBZSwAqVg=
-github.com/fluxcd/pkg/kustomize v0.11.0 h1:zseS9LRUuzhP/7KamccmsOgYpJAdhqtsf+2wN/CHF3I=
-github.com/fluxcd/pkg/kustomize v0.11.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/fluxcd/pkg/kustomize v0.12.0 h1:4MQdbP3M8NTIcr8TgNMxRCN+2xZoMWtCDDS3RiOT+8M=
+github.com/fluxcd/pkg/kustomize v0.12.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
+github.com/go-git/go-git/v5 v5.5.1 h1:5vtv2TB5PM/gPM+EvsHJ16hJh4uAkdGcKilcwY7FYwo=
+github.com/go-git/go-git/v5 v5.5.1/go.mod h1:uz5PQ3d0gz7mSgzZhSJToM6ALPaKCdSnl58/Xb5hzr8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -278,12 +269,9 @@ github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -409,12 +397,12 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs=
-github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
+github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg=
+github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.6.0 h1:SXk3ABtQYDT/OH8jAyvEOQ58mgawq5C4o/4/89qN2ZU=
-github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY=
+github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
+github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -438,8 +426,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
-github.com/hashicorp/go-hclog v1.3.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I=
+github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -447,8 +435,8 @@ github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.5 h1:oTE/oQR4eghggRg8VY7PAz3dr++VwDNBGCcOfIvHpBo=
-github.com/hashicorp/go-plugin v1.4.5/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
+github.com/hashicorp/go-plugin v1.4.8 h1:CHGwpxYDOttQOY7HOWgETU9dyVjOXzniXDqJcYJE1zM=
+github.com/hashicorp/go-plugin v1.4.8/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
 github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
@@ -485,8 +473,8 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
 github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
-github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
-github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
+github.com/hashicorp/vault/sdk v0.6.1 h1:sjZC1z4j5Rh2GXYbkxn5BLK05S1p7+MhW4AgdUmgRUA=
+github.com/hashicorp/vault/sdk v0.6.1/go.mod h1:Ck4JuAC6usTphfrrRJCRH+7/N7O2ozZzkm/fzQFt4uM=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@@ -495,17 +483,18 @@ github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -521,11 +510,9 @@ github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -533,22 +520,19 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c=
-github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1 h1:4XlPysiwaex+j7+r6pPA12WyuBM9Sy6gSoeKYTqxU9M=
-github.com/kluctl/go-embed-python v0.0.0-3.10.7-20221017-1/go.mod h1:fuMI+yFFgrViXsRl+NIWQeuPDTvJtOk2pe0HoeujT54=
-github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305 h1:95WNlnGuRfLXgWoeBTDV0DhHwX26hUfnIzgiYTitsLk=
-github.com/kluctl/go-jinja2 v0.0.0-20221017153334-80addb432305/go.mod h1:2G09vDjMA8VSWJT7Kox9EQi8l7DCkGnyBNcd7eomM1s=
+github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0=
+github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
+github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1 h1:PXkdM8Z/Lh1+GIjXVG3dFs5enQoQ1eC7JXMz/Mo4R04=
+github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1/go.mod h1:qVVSnYkq5NSgUuLzz4hTCXvVsRQyF/ic4U5v7DaiCGM=
+github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1 h1:LwFIJE5cb6AAThM8FPbg589Y7zaToSrBCEQ1bxs8eiY=
+github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1/go.mod h1:hkHz+qOoK67xFAM8M6OkvvXpEsYq8ZKQxkYkat6J058=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
@@ -574,8 +558,8 @@ github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
-github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
@@ -607,8 +591,8 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A
 github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM=
-github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
@@ -639,8 +623,8 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
-github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI=
-github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
+github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -655,7 +639,6 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/ohler55/ojg v1.14.5 h1:xCX2oyh/ZaoesbLH6fwVHStSJpk4o4eJs8ttXutzdg0=
 github.com/ohler55/ojg v1.14.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
@@ -683,8 +666,8 @@ github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144T
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg=
-github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas=
+github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
+github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -708,9 +691,6 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
 github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -722,25 +702,19 @@ github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3d
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
+github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8=
-github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
+github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
@@ -749,9 +723,8 @@ github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZV
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
 github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
-github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
-github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -766,9 +739,7 @@ github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5g
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
@@ -779,8 +750,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw=
-github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
+github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
@@ -789,7 +760,6 @@ github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
@@ -821,7 +791,6 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
 github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
@@ -846,8 +815,8 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/api/v3 v3.5.5 h1:BX4JIbQ7hl7+jL+g+2j5UAr0o1bctCm6/Ct+ArBGkf0=
-go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
+go.etcd.io/etcd/api/v3 v3.5.6 h1:Cy2qx3npLcYqTKqGJzMypnMv2tiRyifZJ17BlWIWA7A=
+go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
@@ -860,11 +829,12 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20221028183056-acb66ad56dd2 h1:5/KzhcSqd4UgY51l17r7C5g/JiE6DRw1Vq7VJfQHuMc=
-go.starlark.net v0.0.0-20221028183056-acb66ad56dd2/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
+go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA=
+go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
@@ -874,7 +844,6 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -884,17 +853,16 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
 golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -933,8 +901,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
-golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -973,16 +941,13 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -997,10 +962,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.2.0 h1:GtQkldQ9m7yvzCL1V+LrYow3Khe0eJH0w7RbX/VbaIU=
-golang.org/x/oauth2 v0.2.0/go.mod h1:Cwn6afJ8jrQwYMxQDTpISoXmXW9I6qF6vDeuuoX3Ibs=
+golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8=
+golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1030,13 +993,11 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1050,8 +1011,6 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1065,14 +1024,11 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1080,9 +1036,6 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1092,6 +1045,7 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1099,6 +1053,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1130,7 +1085,6 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1173,13 +1127,12 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
-golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4=
+golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
 gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
 gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@@ -1204,8 +1157,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.102.0 h1:JxJl2qQ85fRMPNvlZY/enexbxpCjLwGhZUtgfGeQ51I=
-google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo=
+google.golang.org/api v0.105.0 h1:t6P9Jj+6XTn4U9I2wycQai6Q/Kz7iOT+QzjJ3G2V4x8=
+google.golang.org/api v0.105.0/go.mod h1:qh7eD5FJks5+BcE+cjBIm6Gz8vioK7EHvnlniqXBnqI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1258,8 +1211,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU=
-google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
+google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70=
+google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1282,8 +1235,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY=
-google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
+google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
+google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1334,7 +1287,6 @@ gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 helm.sh/helm/v3 v3.10.3 h1:wL7IUZ7Zyukm5Kz0OUmIFZgKHuAgByCrUcJBtY0kDyw=
 helm.sh/helm/v3 v3.10.3/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
@@ -1353,18 +1305,18 @@ k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg=
 k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
 k8s.io/apiserver v0.26.0 h1:q+LqIK5EZwdznGZb8bq0+a+vCqdeEEe4Ux3zsOjbc4o=
 k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84=
-k8s.io/cli-runtime v0.25.3 h1:Zs7P7l7db/5J+KDePOVtDlArAa9pZXaDinGWGZl0aM8=
-k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
+k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
+k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
 k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8=
 k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg=
 k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs=
 k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70 h1:zfqQc1V6/ZgGpvrOVvr62OjiqQX4lZjfznK34NQwkqw=
-k8s.io/kube-openapi v0.0.0-20221110221610-a28e98eb7c70/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
-k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
+k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s=
+k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
+k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
@@ -1374,8 +1326,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/controller-runtime v0.14.0 h1:ju2xsov5Ara6FoQuddg+az+rAxsUsTYn2IYyEKCTyDc=
 sigs.k8s.io/controller-runtime v0.14.0/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
-sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
 sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
 sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=

From 347a2b46673a02b895cc272372458f67600ed054 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 16 Dec 2022 15:18:32 +0100
Subject: [PATCH 0685/2268] fix: Use correct .helm-charts dir when using git
 includes

---
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 pkg/deployment/deployment_item.go      | 19 +++++++++++++++----
 pkg/deployment/shared_context.go       |  1 -
 pkg/kluctl_project/project.go          |  1 -
 pkg/kluctl_project/project_load.go     |  1 -
 pkg/kluctl_project/target_context.go   |  1 -
 6 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 059c70233..fd4856c1b 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -40,7 +40,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
-		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
+		return fmt.Errorf("helm-update can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
 
 	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index bf5469beb..a9ac22883 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -173,6 +173,17 @@ func (di *DeploymentItem) isHelmValuesYaml(p string) bool {
 	return file == "helm-values.yml" || file == "helm-values.yaml"
 }
 
+func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
+	configPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, subDir, "helm-chart.yaml"))
+	helmChartsDir := filepath.Join(di.Project.source.dir, ".helm-charts")
+
+	hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmCredentials)
+	if err != nil {
+		return nil, err
+	}
+	return hr, nil
+}
+
 func (di *DeploymentItem) renderHelmCharts() error {
 	if di.dir == nil {
 		return nil
@@ -188,7 +199,7 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			return err
 		}
 
-		hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), p, di.ctx.HelmChartsDir, di.ctx.HelmCredentials)
+		hr, err := di.newHelmRelease(subDir)
 		if err != nil {
 			return err
 		}
@@ -411,12 +422,12 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		if di.isHelmValuesYaml(de.Name()) {
 			continue
 		} else if di.isHelmChartYaml(de.Name()) {
-			c, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), filepath.Join(di.RenderedDir, subDir, de.Name()), di.ctx.HelmChartsDir, nil)
+			hr, err := di.newHelmRelease(subDir)
 			if err != nil {
 				return nil, err
 			}
-			if !utils.IsFile(filepath.Join(di.RenderedDir, subDir, c.GetOutputPath())) {
-				resourcePath = c.GetOutputPath()
+			if !utils.IsFile(filepath.Join(di.RenderedDir, subDir, hr.GetOutputPath())) {
+				resourcePath = hr.GetOutputPath()
 			}
 		} else if strings.HasSuffix(lname, ".yml") || strings.HasSuffix(lname, ".yaml") {
 			resourcePath = de.Name()
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 49133fecb..dec1c4571 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -21,5 +21,4 @@ type SharedContext struct {
 	RenderDir                         string
 	SealedSecretsDir                  string
 	DefaultSealedSecretsOutputPattern string
-	HelmChartsDir                     string
 }
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index d30936121..0df49e01c 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -20,7 +20,6 @@ type LoadedKluctlProject struct {
 	ProjectDir     string
 
 	sealedSecretsDir string
-	helmChartsDir    string
 
 	Config         types2.KluctlProject
 	DynamicTargets []*types2.DynamicTarget
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index b809bdd68..4c075fd23 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -61,7 +61,6 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	}
 
 	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
-	c.helmChartsDir = filepath.Join(c.ProjectDir, ".helm-charts")
 
 	sealedSecretsUsed := false
 	if c.Config.SecretsConfig != nil {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 9ee3c53ec..f07436014 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -113,7 +113,6 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,
-		HelmChartsDir:                     p.helmChartsDir,
 	}
 
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(deploymentDir), ".", nil)

From 347059d4bb06c47f773764ab4f8d584c074d6494 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Dec 2022 22:06:53 +0000
Subject: [PATCH 0686/2268] chore(deps): Bump goreleaser/goreleaser-action from
 3 to 4

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3 to 4.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dd4ea8163..4e2a47b9a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-goreleaser-
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser
           version: latest

From 7f1b3c747100468040fa19ac29b8cf28210133f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Dec 2022 22:10:08 +0000
Subject: [PATCH 0687/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.14.5 to 1.15.0

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.14.5 to 1.15.0.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.14.5...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4065cbaa8..c3fb32abb 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.14.5
+	github.com/ohler55/ojg v1.15.0
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index 54d211f55..3e97f3368 100644
--- a/go.sum
+++ b/go.sum
@@ -640,8 +640,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.14.5 h1:xCX2oyh/ZaoesbLH6fwVHStSJpk4o4eJs8ttXutzdg0=
-github.com/ohler55/ojg v1.14.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.15.0 h1:Z95FvBiMsMOOGP9Nzv5OVV4ND2KnEMxk0GOS8Kvcahg=
+github.com/ohler55/ojg v1.15.0/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=

From 55633c0df94f465b15f3915c2a97362cb6745219 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Dec 2022 22:10:29 +0000
Subject: [PATCH 0688/2268] chore(deps): Bump github.com/aws/aws-sdk-go from
 1.44.161 to 1.44.163

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.161 to 1.44.163.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.161...v1.44.163)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4065cbaa8..3e4135281 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.161
+	github.com/aws/aws-sdk-go v1.44.163
 	github.com/bitnami-labs/sealed-secrets v0.19.3
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
diff --git a/go.sum b/go.sum
index 54d211f55..e136f88e8 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.161 h1:uZdZJ30mlbaU2wsrd/wzibrX01cbgKE2t486TtRjeHs=
-github.com/aws/aws-sdk-go v1.44.161/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.163 h1:XO1A/Laqf/l0IxVPghaQzdnVwxofVFv00IlX0BpmbhQ=
+github.com/aws/aws-sdk-go v1.44.163/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From c248ff003165b81151686122a2fec3f28468edf8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Dec 2022 10:27:43 +0100
Subject: [PATCH 0689/2268] fix: Don't try to treat final error string as
 formatted string

---
 cmd/kluctl/commands/root.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 8b7231230..f7520e0b5 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -292,7 +292,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	err = rootCmd.Execute()
 	if err != nil {
-		status.Error(ctx, err.Error())
+		status.Error(ctx, "%s", err.Error())
 		return err
 	}
 	return nil

From 14a3d829d3e522c7f0c4284091ddfe386613d78b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Dec 2022 11:28:31 +0100
Subject: [PATCH 0690/2268] docs: Fix typo

---
 docs/reference/deployments/helm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index bc31615f6..665f3ef51 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -116,7 +116,7 @@ Specifies version constraints to be used when running [helm-update](../commands/
 [Checking Version Constraints](https://github.com/Masterminds/semver#checking-version-constraints) for details on the
 supported syntax.
 
-If omitted, Kluctl will filter out pre-releases by default. Use a `updateConstraings` like `~1.2.3-0` to enable
+If omitted, Kluctl will filter out pre-releases by default. Use a `updateConstraints` like `~1.2.3-0` to enable
 pre-releases.
 
 ### skipUpdate

From 3bec1e366ebb4c398a2a5de2c141131d3401bad7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Dec 2022 15:11:34 +0100
Subject: [PATCH 0691/2268] fix: Fix globals flags being ignored when specified
 via env variables

---
 cmd/kluctl/commands/root.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f7520e0b5..fe314bba0 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -223,7 +223,7 @@ func Main() {
 
 	initViper(ctx)
 
-	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags GlobalFlags) (context.Context, error) {
+	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
 		err := copyViperValuesToCobraCmd(cmd)
 		if err != nil {
 			return ctx, err
@@ -257,7 +257,7 @@ func Main() {
 	}
 }
 
-func Execute(ctx context.Context, args []string, preRun func(ctx context.Context, rootCmd *cobra.Command, flags GlobalFlags) (context.Context, error)) error {
+func Execute(ctx context.Context, args []string, preRun func(ctx context.Context, rootCmd *cobra.Command, flags *GlobalFlags) (context.Context, error)) error {
 	root := cli{}
 	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
 		"Deploy and manage complex deployments on Kubernetes",
@@ -277,7 +277,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
 		if preRun != nil {
-			ctx, err = preRun(ctx, cmd, root.GlobalFlags)
+			ctx, err = preRun(ctx, cmd, &root.GlobalFlags)
 			if ctx != nil {
 				for c := cmd; c != nil; c = c.Parent() {
 					c.SetContext(ctx)

From 07407b8ab90693be05ddbb66cd3d76389ff60c63 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Dec 2022 16:46:13 +0100
Subject: [PATCH 0692/2268] fix: Also obfuscate secrets when data/stringData
 was empty before

---
 e2e/obfuscate_test.go | 38 ++++++++++++++++++++++++++++++++++++--
 pkg/diff/obfuscate.go | 20 ++++++++++++++++++++
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
index 8f0d018e5..b2fbfc849 100644
--- a/e2e/obfuscate_test.go
+++ b/e2e/obfuscate_test.go
@@ -25,16 +25,25 @@ func TestObfuscateSecrets(t *testing.T) {
 		name:      "secret",
 		namespace: p.TestSlug(),
 	}, false)
+	addSecretDeployment(p, "secret2", nil, resourceOpts{
+		name:      "secret2",
+		namespace: p.TestSlug(),
+	}, false)
+	addSecretDeployment(p, "secret3", nil, resourceOpts{
+		name:      "secret3",
+		namespace: p.TestSlug(),
+	}, false)
+
 	stdout, _ := p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertSecretExists(t, k, p.TestSlug(), "secret")
-	assert.NotContains(t, stdout, "secret_value")
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value")))
 
 	p.UpdateYaml("secret/secret-secret.yml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("secret_value_2", "stringData", "secret")
 		return nil
 	}, "")
 	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
-	assert.NotContains(t, stdout, "secret_value")
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value")))
 	assert.Contains(t, stdout, "***** (obfuscated)")
 
 	p.UpdateYaml("secret/secret-secret.yml", func(o *uo.UnstructuredObject) error {
@@ -45,4 +54,29 @@ func TestObfuscateSecrets(t *testing.T) {
 	assert.Contains(t, stdout, "-"+base64.StdEncoding.EncodeToString([]byte("secret_value_2")))
 	assert.Contains(t, stdout, "+"+base64.StdEncoding.EncodeToString([]byte("secret_value_3")))
 	assert.NotContains(t, stdout, "***** (obfuscated)")
+
+	// also test changing from empty data to filled data
+	p.UpdateYaml("secret2/secret-secret2.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(map[string]any{
+			"secret2": "secret_value_2",
+		}, "stringData")
+		return nil
+	}, "")
+
+	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_2")))
+	assert.Contains(t, stdout, "+secret2: '***** (obfuscated)'")
+
+	p.UpdateYaml("secret3/secret-secret3.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(map[string]any{
+			"secret3": "secret_value_3",
+			"secret4": "secret_value_4",
+		}, "stringData")
+		return nil
+	}, "")
+	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_3")))
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_4")))
+	assert.Contains(t, stdout, "+secret3: '***** (obfuscated)'")
+	assert.Contains(t, stdout, "+secret4: '***** (obfuscated)'")
 }
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 710ca60c0..44f5a6109 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -19,6 +19,18 @@ func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) {
 }
 
 func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change) {
+	setMapValues := func(m any, v string) {
+		if m == nil {
+			return
+		}
+		m2, ok := m.(map[string]any)
+		if ok {
+			for k, _ := range m2 {
+				m2[k] = v
+			}
+		}
+	}
+
 	for i, _ := range changes {
 		c := &changes[i]
 		if strings.HasPrefix(c.JsonPath, "data.") || strings.HasPrefix(c.JsonPath, "stringData.") {
@@ -37,6 +49,14 @@ func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change)
 				c.OldValue = "*****"
 				c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****b", "***** (obfuscated)")
 			}
+		} else if c.JsonPath == "data" || c.JsonPath == "stringData" {
+			setMapValues(c.NewValue, "*****a")
+			setMapValues(c.OldValue, "*****b")
+			_ = updateUnifiedDiff(c)
+			c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****a", "***** (obfuscated)")
+			c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****b", "***** (obfuscated)")
+			setMapValues(c.NewValue, "*****")
+			setMapValues(c.OldValue, "*****")
 		}
 	}
 }

From 02c2bfa5361c73b9d04f3d8b7e4dba1b62134dac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Dec 2022 21:09:07 +0100
Subject: [PATCH 0693/2268] fix: Also obfuscate data["key.with.dot"] secrets

---
 cmd/kluctl/commands/command_result.go |  5 +-
 e2e/obfuscate_test.go                 | 13 +++++
 pkg/diff/obfuscate.go                 | 71 +++++++++++++++------------
 3 files changed, 57 insertions(+), 32 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index dcf709fa1..bc6bb1ca9 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -204,7 +204,10 @@ func outputCommandResult(ctx context.Context, output []string, noObfuscate bool,
 	if !noObfuscate {
 		var obfuscator diff.Obfuscator
 		for _, c := range cr.ChangedObjects {
-			obfuscator.Obfuscate(c.Ref, c.Changes)
+			err := obfuscator.Obfuscate(c.Ref, c.Changes)
+			if err != nil {
+				return err
+			}
 		}
 	}
 
diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
index b2fbfc849..7cff67ab1 100644
--- a/e2e/obfuscate_test.go
+++ b/e2e/obfuscate_test.go
@@ -79,4 +79,17 @@ func TestObfuscateSecrets(t *testing.T) {
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_4")))
 	assert.Contains(t, stdout, "+secret3: '***** (obfuscated)'")
 	assert.Contains(t, stdout, "+secret4: '***** (obfuscated)'")
+
+	p.UpdateYaml("secret3/secret-secret3.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(map[string]any{
+			"secret.dot1": "secret_value_5",
+			"secret.dot2": "secret_value_6",
+		}, "stringData")
+		return nil
+	}, "")
+	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_5")))
+	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_6")))
+	assert.Contains(t, stdout, "data[\"secret.dot1\"] | +***** (obfuscated)")
+	assert.Contains(t, stdout, "data[\"secret.dot2\"] | +***** (obfuscated)")
 }
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 44f5a6109..e576c29b9 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -1,8 +1,10 @@
 package diff
 
 import (
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/ohler55/ojg/jp"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strings"
 )
@@ -12,51 +14,58 @@ var secretGvk = schema.GroupKind{Group: "", Kind: "Secret"}
 type Obfuscator struct {
 }
 
-func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) {
+func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) error {
 	if ref.GVK.GroupKind() == secretGvk {
-		o.obfuscateSecret(ref, changes)
+		err := o.obfuscateSecret(ref, changes)
+		if err != nil {
+			return err
+		}
 	}
+	return nil
 }
 
-func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change) {
-	setMapValues := func(m any, v string) {
-		if m == nil {
-			return
+func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change) error {
+	replaceValues := func(x any, v string) any {
+		if x == nil {
+			return nil
 		}
-		m2, ok := m.(map[string]any)
-		if ok {
-			for k, _ := range m2 {
-				m2[k] = v
+		if m, ok := x.(map[string]any); ok {
+			for k, _ := range m {
+				m[k] = v
+			}
+			return m
+		} else if a, ok := x.([]any); ok {
+			for i, _ := range a {
+				a[i] = v
 			}
+			return a
 		}
+		return v
 	}
 
 	for i, _ := range changes {
 		c := &changes[i]
-		if strings.HasPrefix(c.JsonPath, "data.") || strings.HasPrefix(c.JsonPath, "stringData.") {
-			if c.NewValue != nil {
-				c.NewValue = "*****a"
-			}
-			if c.OldValue != nil {
-				c.OldValue = "*****b"
-			}
-			_ = updateUnifiedDiff(c)
-			if c.NewValue != nil {
-				c.NewValue = "*****"
-				c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****a", "***** (obfuscated)")
-			}
-			if c.OldValue != nil {
-				c.OldValue = "*****"
-				c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****b", "***** (obfuscated)")
-			}
-		} else if c.JsonPath == "data" || c.JsonPath == "stringData" {
-			setMapValues(c.NewValue, "*****a")
-			setMapValues(c.OldValue, "*****b")
+		j, err := jp.ParseString(c.JsonPath)
+		if err != nil {
+			return err
+		}
+		if len(j) == 0 {
+			return fmt.Errorf("unexpected empty jsonPath")
+		}
+		child, ok := j[0].(jp.Child)
+		if !ok {
+			return fmt.Errorf("unexpected jsonPath fragment: %s", c.JsonPath)
+		}
+
+		if child == "data" || child == "stringData" {
+			c.NewValue = replaceValues(c.NewValue, "*****a")
+			c.OldValue = replaceValues(c.OldValue, "*****b")
 			_ = updateUnifiedDiff(c)
+			c.NewValue = replaceValues(c.NewValue, "*****")
+			c.OldValue = replaceValues(c.OldValue, "*****")
 			c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****a", "***** (obfuscated)")
 			c.UnifiedDiff = strings.ReplaceAll(c.UnifiedDiff, "*****b", "***** (obfuscated)")
-			setMapValues(c.NewValue, "*****")
-			setMapValues(c.OldValue, "*****")
 		}
 	}
+	return nil
 }

From 076aa90549dc23dd7e5c365844c052fc3887a9b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Dec 2022 15:42:52 +0100
Subject: [PATCH 0694/2268] fix: loadFile should NOT ignore all files

The "utils.Exists(path)" check always returned false as it did not take
searchDirs into account.
---
 pkg/vars/vars_loader.go      |  8 ++++----
 pkg/vars/vars_loader_test.go | 12 ++++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 40e0bea86..86b5dc0e3 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -115,12 +115,12 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 }
 
 func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string, rootKey string) error {
-	if ignoreMissing && !utils.Exists(path) {
-		return nil
-	}
-
 	rendered, err := varsCtx.RenderFile(path, searchDirs)
 	if err != nil {
+		// TODO the Jinja2 renderer should be able to better report this error
+		if ignoreMissing && err.Error() == fmt.Sprintf("template %s not found", path) {
+			return nil
+		}
 		return fmt.Errorf("failed to render vars file %s: %w", path, err)
 	}
 
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index a4a99b4e6..d89772654 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -80,6 +80,18 @@ func TestVarsLoader_File(t *testing.T) {
 		assert.Equal(t, int64(42), v)
 	})
 
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		b := true
+		err := vl.LoadVars(vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			File:          utils.StrPtr("test.yaml"),
+		}, []string{d}, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(vc, &types.VarsSource{

From 49eff01307db791789572386f26a727deed346fc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Dec 2022 11:55:29 +0100
Subject: [PATCH 0695/2268] fix: Switch to aws-sdk-go-v2 for AWSSecretsManager
 vars source

---
 go.mod                             | 17 +++++++++++--
 go.sum                             | 33 ++++++++++++++++++++++++--
 pkg/vars/aws/clientfactory.go      | 38 +++++++++++++-----------------
 pkg/vars/aws/fake_clientfactory.go | 21 ++++++++++-------
 pkg/vars/aws/secrets_manager.go    |  7 +++---
 pkg/vars/vars_loader.go            |  9 ++++---
 6 files changed, 83 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index 32b762214..44a1dec60 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,6 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go v1.44.163
 	github.com/bitnami-labs/sealed-secrets v0.19.3
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
@@ -53,12 +52,13 @@ require (
 	k8s.io/apimachinery v0.26.0
 	k8s.io/client-go v0.26.0
 	k8s.io/klog/v2 v2.80.1
-	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
 require (
+	github.com/aws/aws-sdk-go-v2/config v1.18.7
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -94,6 +94,18 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
+	github.com/aws/aws-sdk-go v1.43.43 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.7 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
@@ -247,5 +259,6 @@ require (
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	oras.land/oras-go v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index bbdda4737..15b7d656e 100644
--- a/go.sum
+++ b/go.sum
@@ -130,8 +130,34 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.44.163 h1:XO1A/Laqf/l0IxVPghaQzdnVwxofVFv00IlX0BpmbhQ=
-github.com/aws/aws-sdk-go v1.44.163/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.43.43 h1:1L06qzQvl4aC3Skfh5rV7xVhGHjIZoHcqy16NoyQ1o4=
+github.com/aws/aws-sdk-go v1.43.43/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
+github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.7 h1:V94lTcix6jouwmAsgQMAEBozVAGJMFhVj+6/++xfe3E=
+github.com/aws/aws-sdk-go-v2/config v1.18.7/go.mod h1:OZYsyHFL5PB9UpyS78NElgKs11qI/B5KJau2XOJDXHA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.7 h1:qUUcNS5Z1092XBFT66IJM7mYkMwgZ8fcC8YDIbEwXck=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.7/go.mod h1:AdCcbZXHQCjJh6NaH3pFaw8LUeBFn5+88BZGMVGuBT8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11 h1:77V7vnw/NC4DORHVgA97+Ky2p1ri0+ZVYXh6ordUZU0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 h1:gItLq3zBYyRDPmqAClgzTH8PBjDQGeyptYGHIwtYYNA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.11.28/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 h1:KCacyVSs/wlcPGx37hcbT3IGYO8P8Jx+TgSDhAXtQMY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 h1:9Mtq1KM6nD8/+HStvWcvYnixJ5N85DX+P+OY3kI3W2k=
+github.com/aws/aws-sdk-go-v2/service/sts v1.17.7/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
+github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -368,6 +394,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8=
@@ -944,6 +971,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
@@ -1036,6 +1064,7 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/pkg/vars/aws/clientfactory.go b/pkg/vars/aws/clientfactory.go
index db7e43d0e..b0542058c 100644
--- a/pkg/vars/aws/clientfactory.go
+++ b/pkg/vars/aws/clientfactory.go
@@ -1,42 +1,38 @@
 package aws
 
 import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/secretsmanager"
-	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
-	"os"
+	"context"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 )
 
+type GetSecretValueInterface interface {
+	GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error)
+}
+
 type AwsClientFactory interface {
-	SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error)
+	SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error)
 }
 
 type awsClientFactory struct {
 }
 
-func (a *awsClientFactory) getSession(profile *string) (*session.Session, error) {
-	var opts session.Options
-	opts.SharedConfigState = session.SharedConfigEnable
-	// Environment variable always takes precedence
-	if _, ok := os.LookupEnv("AWS_PROFILE"); !ok && profile != nil {
-		opts.Profile = *profile
-	}
-	s, err := session.NewSessionWithOptions(opts)
-	if err != nil {
-		return nil, err
+func (a *awsClientFactory) SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error) {
+	var configOpts []func(*config.LoadOptions) error
+	if profile != nil {
+		configOpts = append(configOpts, config.WithSharedConfigProfile(*profile))
 	}
 
-	return s, nil
-}
+	if region != nil {
+		configOpts = append(configOpts, config.WithRegion(*region))
+	}
 
-func (a *awsClientFactory) SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error) {
-	s, err := a.getSession(profile)
+	cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
 	if err != nil {
 		return nil, err
 	}
 
-	return secretsmanager.New(s, &aws.Config{Region: region}), nil
+	return secretsmanager.NewFromConfig(cfg), nil
 }
 
 func NewClientFactory() AwsClientFactory {
diff --git a/pkg/vars/aws/fake_clientfactory.go b/pkg/vars/aws/fake_clientfactory.go
index d06d68fd5..18a170338 100644
--- a/pkg/vars/aws/fake_clientfactory.go
+++ b/pkg/vars/aws/fake_clientfactory.go
@@ -1,21 +1,21 @@
 package aws
 
 import (
+	"context"
 	"fmt"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/service/secretsmanager"
-	"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 )
 
 type FakeAwsClientFactory struct {
-	secretsmanageriface.SecretsManagerAPI
+	GetSecretValueInterface
 
 	Secrets map[string]string
 }
 
-func (f *FakeAwsClientFactory) GetSecretValue(in *secretsmanager.GetSecretValueInput) (*secretsmanager.GetSecretValueOutput, error) {
-	name := *in.SecretId
-	arn, err := ParseArn(*in.SecretId)
+func (f *FakeAwsClientFactory) GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error) {
+	name := *params.SecretId
+	arn, err := ParseArn(*params.SecretId)
 	if err == nil {
 		name = arn.Resource
 	}
@@ -28,10 +28,13 @@ func (f *FakeAwsClientFactory) GetSecretValue(in *secretsmanager.GetSecretValueI
 		}, nil
 	}
 
-	return nil, awserr.New(secretsmanager.ErrCodeResourceNotFoundException, fmt.Sprintf("secret %s not found", *in.SecretId), nil)
+	errMsg := fmt.Sprintf("secret %s not found", *params.SecretId)
+	return nil, &types.ResourceNotFoundException{
+		Message: &errMsg,
+	}
 }
 
-func (f *FakeAwsClientFactory) SecretsManagerClient(profile *string, region *string) (secretsmanageriface.SecretsManagerAPI, error) {
+func (f *FakeAwsClientFactory) SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error) {
 	return f, nil
 }
 
diff --git a/pkg/vars/aws/secrets_manager.go b/pkg/vars/aws/secrets_manager.go
index 1a57bd5ae..d3cced231 100644
--- a/pkg/vars/aws/secrets_manager.go
+++ b/pkg/vars/aws/secrets_manager.go
@@ -1,11 +1,12 @@
 package aws
 
 import (
+	"context"
 	"fmt"
-	"github.com/aws/aws-sdk-go/service/secretsmanager"
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 )
 
-func GetAwsSecretsManagerSecret(aws AwsClientFactory, profile *string, region *string, secretName string) (string, error) {
+func GetAwsSecretsManagerSecret(ctx context.Context, aws AwsClientFactory, profile *string, region *string, secretName string) (string, error) {
 	if region == nil {
 		arn, err := ParseArn(secretName)
 		if err != nil {
@@ -19,7 +20,7 @@ func GetAwsSecretsManagerSecret(aws AwsClientFactory, profile *string, region *s
 		return "", fmt.Errorf("getting secret %s from AWS secrets manager failed: %w", secretName, err)
 	}
 
-	r, err := smClient.GetSecretValue(&secretsmanager.GetSecretValueInput{
+	r, err := smClient.GetSecretValue(ctx, &secretsmanager.GetSecretValueInput{
 		SecretId: &secretName,
 	})
 	if err != nil {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 86b5dc0e3..9f070c54d 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -5,8 +5,7 @@ import (
 	"encoding/base64"
 	errors2 "errors"
 	"fmt"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/service/secretsmanager"
+	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -207,11 +206,11 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 		return fmt.Errorf("no AWS client factory provided")
 	}
 
-	secret, err := aws.GetAwsSecretsManagerSecret(v.aws, source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
+	secret, err := aws.GetAwsSecretsManagerSecret(v.ctx, v.aws, source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
 	if err != nil {
-		var aerr awserr.Error
+		var aerr *types2.ResourceNotFoundException
 		if errors2.As(err, &aerr) {
-			if ignoreMissing && aerr.Code() == secretsmanager.ErrCodeResourceNotFoundException {
+			if ignoreMissing {
 				return nil
 			}
 		}

From 972f67a7bef777331785c2091265a94cc0e49581 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Dec 2022 14:47:52 +0100
Subject: [PATCH 0696/2268] fix: Use custom SOPS decrytor implementation,
 inspired by the Flux decryptor

This ensures that the CLI and the controller use the same implemntation.
It also allows us to upgrade SOPS to the develop branch without breaking
the controller's dependencies.
---
 go.mod                               |   16 +-
 go.sum                               |   22 +-
 pkg/deployment/shared_context.go     |    4 +-
 pkg/helm/helm_release.go             |    5 +-
 pkg/kluctl_project/load.go           |    5 +-
 pkg/kluctl_project/project.go        |    4 +-
 pkg/kluctl_project/project_load.go   |    4 +-
 pkg/sops/decryptor/decryptor.go      |  636 +++++++++++++
 pkg/sops/decryptor/decryptor_test.go | 1229 ++++++++++++++++++++++++++
 pkg/sops/sops_decryptor.go           |   21 -
 pkg/sops/utils.go                    |    9 +-
 pkg/vars/vars_loader.go              |    5 +-
 pkg/vars/vars_loader_test.go         |    7 +-
 13 files changed, 1910 insertions(+), 57 deletions(-)
 create mode 100644 pkg/sops/decryptor/decryptor.go
 create mode 100644 pkg/sops/decryptor/decryptor_test.go
 delete mode 100644 pkg/sops/sops_decryptor.go

diff --git a/go.mod b/go.mod
index 44a1dec60..f4b2b9d17 100644
--- a/go.mod
+++ b/go.mod
@@ -57,27 +57,30 @@ require (
 )
 
 require (
+	filippo.io/age v1.0.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.7
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
+	github.com/onsi/gomega v1.24.1
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.3
 	sigs.k8s.io/controller-runtime v0.14.0
+	sigs.k8s.io/kustomize/api v0.12.1
+	sigs.k8s.io/yaml v1.3.0
 )
 
 require (
 	cloud.google.com/go/compute v1.14.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.2 // indirect
-	filippo.io/age v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go v67.1.0+incompatible // indirect
+	github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
@@ -251,6 +254,7 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gotest.tools/v3 v3.2.0 // indirect
 	k8s.io/apiserver v0.26.0 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
 	k8s.io/component-base v0.26.0 // indirect
@@ -259,6 +263,4 @@ require (
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	oras.land/oras-go v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/kustomize/api v0.12.1 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 15b7d656e..af3d44e15 100644
--- a/go.sum
+++ b/go.sum
@@ -48,23 +48,22 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
 filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
-github.com/Azure/azure-sdk-for-go v67.1.0+incompatible h1:oziYcaopbnIKfM69DL05wXdypiqfrUKdxUKrKpynJTw=
-github.com/Azure/azure-sdk-for-go v67.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII=
+github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
-github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
-github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
+github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
+github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk=
-github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U=
+github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
+github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
@@ -674,6 +673,7 @@ github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DV
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc=
 github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
+github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -787,6 +787,7 @@ github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
@@ -886,7 +887,6 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
@@ -1315,8 +1315,8 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
+gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
+gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
 helm.sh/helm/v3 v3.10.3 h1:wL7IUZ7Zyukm5Kz0OUmIFZgKHuAgByCrUcJBtY0kDyw=
 helm.sh/helm/v3 v3.10.3/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index dec1c4571..859f194ae 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -5,7 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
 
@@ -14,7 +14,7 @@ type SharedContext struct {
 	K               *k8s.K8sCluster
 	K8sVersion      string
 	RP              *repocache.GitRepoCache
-	SopsDecrypter   sops.SopsDecrypter
+	SopsDecrypter   *decryptor.Decryptor
 	VarsLoader      *vars.VarsLoader
 	HelmCredentials helm.HelmCredentialsProvider
 
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index c4d8963e4..efdaba29a 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -7,6 +7,7 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -97,7 +98,7 @@ func (hr *Release) GetFullOutputPath() (string, error) {
 	return securejoin.SecureJoin(dir, hr.GetOutputPath())
 }
 
-func (hr *Release) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+func (hr *Release) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter *decryptor.Decryptor) error {
 	err := hr.doRender(ctx, k, k8sVersion, sopsDecrypter)
 	if err != nil {
 		return fmt.Errorf("rendering helm chart %s for release %s has failed: %w", hr.Chart.GetChartName(), hr.Config.ReleaseName, err)
@@ -153,7 +154,7 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 	return pc, nil
 }
 
-func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter sops.SopsDecrypter) error {
+func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter *decryptor.Decryptor) error {
 	pc, err := hr.getPulledChart(ctx)
 	if err != nil {
 		return err
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index d477429b8..f320482ba 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 )
 
@@ -21,7 +21,8 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 	}
 
 	if p.SopsDecrypter == nil {
-		p.SopsDecrypter = &sops.LocalSopsDecrypter{}
+		p.SopsDecrypter = decryptor.NewDecryptor(args.ProjectDir, decryptor.MaxEncryptedFileSize)
+		p.SopsDecrypter.AddLocalKeyService()
 	}
 
 	err := p.loadKluctlProject()
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0df49e01c..cc3eb603a 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 )
 
@@ -26,7 +26,7 @@ type LoadedKluctlProject struct {
 
 	J2            *jinja2.Jinja2
 	RP            *repocache.GitRepoCache
-	SopsDecrypter sops.SopsDecrypter
+	SopsDecrypter *decryptor.Decryptor
 }
 
 func (c *LoadedKluctlProject) FindBaseTarget(name string) (*types2.Target, error) {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 4c075fd23..c397e5190 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -16,7 +16,7 @@ type LoadKluctlProjectArgs struct {
 	ProjectDir    string
 	ProjectConfig string
 
-	SopsDecrypter sops.SopsDecrypter
+	SopsDecrypter *decryptor.Decryptor
 	RP            *repocache.GitRepoCache
 
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
diff --git a/pkg/sops/decryptor/decryptor.go b/pkg/sops/decryptor/decryptor.go
new file mode 100644
index 000000000..84d65567b
--- /dev/null
+++ b/pkg/sops/decryptor/decryptor.go
@@ -0,0 +1,636 @@
+/*
+Copyright 2020 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package decryptor
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/keys"
+	"go.mozilla.org/sops/v3/pgp"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+	"time"
+
+	securejoin "github.com/cyphar/filepath-securejoin"
+	"go.mozilla.org/sops/v3"
+	"go.mozilla.org/sops/v3/aes"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"go.mozilla.org/sops/v3/keyservice"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/resource"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/yaml"
+)
+
+const (
+	// MaxEncryptedFileSize is the max allowed file size in bytes of an encrypted
+	// file.
+	MaxEncryptedFileSize int64 = 5 << 20
+	// unsupportedFormat is used to signal no sopsFormatToMarkerBytes format was
+	// detected by detectFormatFromMarkerBytes.
+	unsupportedFormat = formats.Format(-1)
+)
+
+var (
+	// sopsFormatToString is the counterpart to
+	// https://github.com/mozilla/sops/blob/v3.7.2/cmd/sops/formats/formats.go#L16
+	sopsFormatToString = map[formats.Format]string{
+		formats.Binary: "binary",
+		formats.Dotenv: "dotenv",
+		formats.Ini:    "INI",
+		formats.Json:   "JSON",
+		formats.Yaml:   "YAML",
+	}
+	// sopsFormatToMarkerBytes contains a list of formats and their byte
+	// order markers, used to detect if a Secret data field is SOPS' encrypted.
+	sopsFormatToMarkerBytes = map[formats.Format][]byte{
+		// formats.Binary is a JSON envelop at encrypted rest
+		formats.Binary: []byte("\"mac\": \"ENC["),
+		formats.Dotenv: []byte("sops_mac=ENC["),
+		formats.Ini:    []byte("[sops]"),
+		formats.Json:   []byte("\"mac\": \"ENC["),
+		formats.Yaml:   []byte("mac: ENC["),
+	}
+)
+
+// Decryptor performs decryption operations for a
+// kluctlv1.KluctlDeployment.
+// The only supported decryption provider at present is
+// DecryptionProviderSOPS.
+type Decryptor struct {
+	// root is the root for file system operations. Any (relative) path or
+	// symlink is not allowed to traverse outside this path.
+	root string
+	// maxFileSize is the max size in bytes a file is allowed to have to be
+	// decrypted. Defaults to MaxEncryptedFileSize.
+	maxFileSize int64
+	// checkSopsMac instructs the decryptor to perform the SOPS data integrity
+	// check using the MAC. Not enabled by default, as arbitrary data gets
+	// injected into most resources, causing the integrity check to fail.
+	// Mostly kept around for feature completeness and documentation purposes.
+	checkSopsMac bool
+
+	// keyServices are the SOPS keyservice.KeyServiceClient's available to the
+	// decryptor.
+	keyServices []keyservice.KeyServiceClient
+}
+
+// NewDecryptor creates a new Decryptor for the given kluctlDeployment.
+// gnuPGHome can be empty, in which case the systems' keyring is used.
+func NewDecryptor(root string, maxFileSize int64) *Decryptor {
+	return &Decryptor{
+		root:        root,
+		maxFileSize: maxFileSize,
+	}
+}
+
+func (d *Decryptor) AddLocalKeyService() {
+	d.AddKeyServiceClient(keyservice.NewLocalClient())
+}
+
+func (d *Decryptor) AddKeyServiceClient(s keyservice.KeyServiceClient) {
+	d.keyServices = append(d.keyServices, s)
+}
+
+// IsEncryptedSecret checks if the given object is a Kubernetes Secret encrypted
+// with Mozilla SOPS.
+func IsEncryptedSecret(object *unstructured.Unstructured) bool {
+	if object.GetKind() == "Secret" && object.GetAPIVersion() == "v1" {
+		if _, found, _ := unstructured.NestedFieldNoCopy(object.Object, "sops"); found {
+			return true
+		}
+	}
+	return false
+}
+
+// IsOfflineMethod returns true for offline decrypt methods or false otherwise
+func IsOfflineMethod(mk keys.MasterKey) bool {
+	switch mk.(type) {
+	case *pgp.MasterKey, *age.MasterKey:
+		return true
+	default:
+		return false
+	}
+}
+
+// SopsDecryptWithFormat attempts to load a SOPS encrypted file using the store
+// for the input format, gathers the data key for it from the key service,
+// and then decrypts the file data with the retrieved data key.
+// It returns the decrypted bytes in the provided output format, or an error.
+func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) (_ []byte, err error) {
+	defer func() {
+		// It was discovered that malicious input and/or output instructions can
+		// make SOPS panic. Recover from this panic and return as an error.
+		if r := recover(); r != nil {
+			err = fmt.Errorf("failed to emit encrypted %s file as decrypted %s: %v",
+				sopsFormatToString[inputFormat], sopsFormatToString[outputFormat], r)
+		}
+	}()
+
+	store := common.StoreForFormat(inputFormat)
+
+	tree, err := store.LoadEncryptedFile(data)
+	if err != nil {
+		return nil, sopsUserErr(fmt.Sprintf("failed to load encrypted %s data", sopsFormatToString[inputFormat]), err)
+	}
+
+	for _, group := range tree.Metadata.KeyGroups {
+		// Sort MasterKeys in the group so offline ones are tried first
+		sort.SliceStable(group, func(i, j int) bool {
+			return IsOfflineMethod(group[i]) && !IsOfflineMethod(group[j])
+		})
+	}
+
+	metadataKey, err := tree.Metadata.GetDataKeyWithKeyServices(d.keyServices)
+	if err != nil {
+		return nil, sopsUserErr("cannot get sops data key", err)
+	}
+
+	cipher := aes.NewCipher()
+	mac, err := tree.Decrypt(metadataKey, cipher)
+	if err != nil {
+		return nil, sopsUserErr("error decrypting sops tree", err)
+	}
+
+	if d.checkSopsMac {
+		// Compute the hash of the cleartext tree and compare it with
+		// the one that was stored in the document. If they match,
+		// integrity was preserved
+		// Ref: go.mozilla.org/sops/v3/decrypt/decrypt.go
+		originalMac, err := cipher.Decrypt(
+			tree.Metadata.MessageAuthenticationCode,
+			metadataKey,
+			tree.Metadata.LastModified.Format(time.RFC3339),
+		)
+		if err != nil {
+			return nil, sopsUserErr("failed to verify sops data integrity", err)
+		}
+		if originalMac != mac {
+			// If the file has an empty MAC, display "no MAC"
+			if originalMac == "" {
+				originalMac = "no MAC"
+			}
+			return nil, fmt.Errorf("failed to verify sops data integrity: expected mac '%s', got '%s'", originalMac, mac)
+		}
+	}
+
+	outputStore := common.StoreForFormat(outputFormat)
+	out, err := outputStore.EmitPlainFile(tree.Branches)
+	if err != nil {
+		return nil, sopsUserErr(fmt.Sprintf("failed to emit encrypted %s file as decrypted %s",
+			sopsFormatToString[inputFormat], sopsFormatToString[outputFormat]), err)
+	}
+	return out, err
+}
+
+// DecryptResource attempts to decrypt the provided resource overwriting the resource
+// with the decrypted data.
+// It has special support for Kubernetes Secrets with encrypted data entries
+// while decrypting with DecryptionProviderSOPS, to allow individual data entries
+// injected by e.g. a Kustomize secret generator to be decrypted
+func (d *Decryptor) DecryptResource(res *resource.Resource) (*resource.Resource, error) {
+	if res == nil {
+		return nil, nil
+	}
+
+	switch {
+	case isSOPSEncryptedResource(res):
+		// As we are expecting to decrypt right before applying, we do not
+		// care about keeping any other data (e.g. comments) around.
+		// We can therefore simply work with JSON, which saves us from e.g.
+		// JSON -> YAML -> JSON transformations.
+		out, err := res.MarshalJSON()
+		if err != nil {
+			return nil, err
+		}
+
+		data, err := d.SopsDecryptWithFormat(out, formats.Json, formats.Json)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decrypt and format '%s/%s' %s data: %w",
+				res.GetNamespace(), res.GetName(), res.GetKind(), err)
+		}
+
+		err = res.UnmarshalJSON(data)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal decrypted '%s/%s' %s to JSON: %w",
+				res.GetNamespace(), res.GetName(), res.GetKind(), err)
+		}
+		return res, nil
+	case res.GetKind() == "Secret":
+		dataMap := res.GetDataMap()
+		for key, value := range dataMap {
+			data, err := base64.StdEncoding.DecodeString(value)
+			if err != nil {
+				// If we fail to base64 decode, it is (very) likely to be a
+				// user input error. Instead of failing here, let it bubble
+				// up during the actual build.
+				continue
+			}
+
+			if inF := detectFormatFromMarkerBytes(data); inF != unsupportedFormat {
+				outF := formatForPath(key)
+				out, err := d.SopsDecryptWithFormat(data, inF, outF)
+				if err != nil {
+					return nil, fmt.Errorf("failed to decrypt and format '%s/%s' Secret field '%s': %w",
+						res.GetNamespace(), res.GetName(), key, err)
+				}
+				dataMap[key] = base64.StdEncoding.EncodeToString(out)
+			}
+		}
+		res.SetDataMap(dataMap)
+		return res, nil
+	}
+	return nil, nil
+}
+
+// DecryptEnvSources attempts to decrypt all types.SecretArgs FileSources and
+// EnvSources a Kustomization file in the directory at the provided path refers
+// to, before walking recursively over all other resources it refers to.
+// It ignores resource references which refer to absolute or relative paths
+// outside the working directory of the decryptor, but returns any decryption
+// error.
+func (d *Decryptor) DecryptEnvSources(path string) error {
+	decrypted, visited := make(map[string]struct{}, 0), make(map[string]struct{}, 0)
+	visit := d.decryptKustomizationEnvSources(decrypted)
+	return recurseKustomizationFiles(d.root, path, visit, visited)
+}
+
+// decryptKustomizationEnvSources returns a visitKustomization implementation
+// which attempts to decrypt any EnvSources entry it finds in the Kustomization
+// file with which it is called.
+// After decrypting successfully, it adds the absolute path of the file to the
+// given map.
+func (d *Decryptor) decryptKustomizationEnvSources(visited map[string]struct{}) visitKustomization {
+	return func(root, path string, kus *kustypes.Kustomization) error {
+		visitRef := func(sourcePath string, format formats.Format) error {
+			if !filepath.IsAbs(sourcePath) {
+				sourcePath = filepath.Join(path, sourcePath)
+			}
+			absRef, _, err := securePaths(root, sourcePath)
+			if err != nil {
+				return err
+			}
+			if _, ok := visited[absRef]; ok {
+				return nil
+			}
+
+			if err := d.sopsDecryptFile(absRef, format, format); err != nil {
+				return securePathErr(root, err)
+			}
+
+			// Explicitly set _after_ the decryption operation, this makes
+			// visited work as a list of actually decrypted files
+			visited[absRef] = struct{}{}
+			return nil
+		}
+
+		for _, gen := range kus.SecretGenerator {
+			for _, fileSrc := range gen.FileSources {
+				parts := strings.SplitN(fileSrc, "=", 2)
+				key := parts[0]
+				var filePath string
+				if len(parts) > 1 {
+					filePath = parts[1]
+				} else {
+					filePath = key
+				}
+				if err := visitRef(filePath, formatForPath(key)); err != nil {
+					return err
+				}
+			}
+			for _, envFile := range gen.EnvSources {
+				format := formatForPath(envFile)
+				if format == formats.Binary {
+					// Default to dotenv
+					format = formats.Dotenv
+				}
+				if err := visitRef(envFile, format); err != nil {
+					return err
+				}
+			}
+		}
+		return nil
+	}
+}
+
+// sopsDecryptFile attempts to decrypt the file at the given path using SOPS'
+// store for the provided input format, and writes it back to the path using
+// the store for the output format.
+// Path must be absolute and a regular file, the file is not allowed to exceed
+// the maxFileSize.
+//
+// NB: The method only does the simple checks described above and does not
+// verify whether the path provided is inside the working directory. Boundary
+// enforcement is expected to have been done by the caller.
+func (d *Decryptor) sopsDecryptFile(path string, inputFormat, outputFormat formats.Format) error {
+	fi, err := os.Lstat(path)
+	if err != nil {
+		return err
+	}
+
+	if !fi.Mode().IsRegular() {
+		return fmt.Errorf("cannot decrypt irregular file as it has file mode type bits set")
+	}
+	if fileSize := fi.Size(); d.maxFileSize > 0 && fileSize > d.maxFileSize {
+		return fmt.Errorf("cannot decrypt file with size (%d bytes) exceeding limit (%d)", fileSize, d.maxFileSize)
+	}
+
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return err
+	}
+
+	if !bytes.Contains(data, sopsFormatToMarkerBytes[inputFormat]) {
+		return nil
+	}
+
+	out, err := d.SopsDecryptWithFormat(data, inputFormat, outputFormat)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(path, out, 0o644)
+	if err != nil {
+		return fmt.Errorf("error writing sops decrypted %s data to %s file: %w",
+			sopsFormatToString[inputFormat], sopsFormatToString[outputFormat], err)
+	}
+	return nil
+}
+
+// sopsEncryptWithFormat attempts to load a plain file using the store
+// for the input format, gathers the data key for it from the key service,
+// and then encrypt the file data with the retrieved data key.
+// It returns the encrypted bytes in the provided output format, or an error.
+func (d *Decryptor) sopsEncryptWithFormat(metadata sops.Metadata, data []byte, inputFormat, outputFormat formats.Format) ([]byte, error) {
+	store := common.StoreForFormat(inputFormat)
+
+	branches, err := store.LoadPlainFile(data)
+	if err != nil {
+		return nil, err
+	}
+
+	tree := sops.Tree{
+		Branches: branches,
+		Metadata: metadata,
+	}
+	dataKey, errs := tree.GenerateDataKeyWithKeyServices(d.keyServices)
+	if len(errs) > 0 {
+		return nil, sopsUserErr("could not generate data key", fmt.Errorf("%s", errs))
+	}
+
+	cipher := aes.NewCipher()
+	unencryptedMac, err := tree.Encrypt(dataKey, cipher)
+	if err != nil {
+		return nil, sopsUserErr("error encrypting sops tree", err)
+	}
+	tree.Metadata.LastModified = time.Now().UTC()
+	tree.Metadata.MessageAuthenticationCode, err = cipher.Encrypt(unencryptedMac, dataKey, tree.Metadata.LastModified.Format(time.RFC3339))
+	if err != nil {
+		return nil, sopsUserErr("cannot encrypt sops data tree", err)
+	}
+
+	outStore := common.StoreForFormat(outputFormat)
+	out, err := outStore.EmitEncryptedFile(tree)
+	if err != nil {
+		return nil, sopsUserErr("failed to emit sops encrypted file", err)
+	}
+	return out, nil
+}
+
+// secureLoadKustomizationFile tries to securely load a Kustomization file from
+// the given directory path.
+// If multiple Kustomization files are found, or the request is ambiguous, an
+// error is returned.
+func secureLoadKustomizationFile(root, path string) (*kustypes.Kustomization, error) {
+	if !filepath.IsAbs(root) {
+		return nil, fmt.Errorf("root '%s' must be absolute", root)
+	}
+	if filepath.IsAbs(path) {
+		return nil, fmt.Errorf("path '%s' must be relative", path)
+	}
+
+	var loadPath string
+	for _, fName := range konfig.RecognizedKustomizationFileNames() {
+		fPath, err := securejoin.SecureJoin(root, filepath.Join(path, fName))
+		if err != nil {
+			return nil, fmt.Errorf("failed to secure join %s: %w", fName, err)
+		}
+		fi, err := os.Lstat(fPath)
+		if err != nil {
+			if errors.Is(err, fs.ErrNotExist) {
+				continue
+			}
+			return nil, fmt.Errorf("failed to lstat %s: %w", fName, securePathErr(root, err))
+		}
+
+		if !fi.Mode().IsRegular() {
+			return nil, fmt.Errorf("expected %s to be a regular file", fName)
+		}
+		if loadPath != "" {
+			return nil, fmt.Errorf("found multiple kustomization files")
+		}
+		loadPath = fPath
+	}
+	if loadPath == "" {
+		return nil, fmt.Errorf("no kustomization file found")
+	}
+
+	data, err := os.ReadFile(loadPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read kustomization file: %w", securePathErr(root, err))
+	}
+
+	kus := kustypes.Kustomization{
+		TypeMeta: kustypes.TypeMeta{
+			APIVersion: kustypes.KustomizationVersion,
+			Kind:       kustypes.KustomizationKind,
+		},
+	}
+	if err := yaml.Unmarshal(data, &kus); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal kustomization file from '%s': %w", loadPath, err)
+	}
+	return &kus, nil
+}
+
+// visitKustomization is called by recurseKustomizationFiles after every
+// successful Kustomization file load.
+type visitKustomization func(root, path string, kus *kustypes.Kustomization) error
+
+// errRecurseIgnore is a wrapping error to signal to recurseKustomizationFiles
+// the error can be ignored during recursion. For example, because the
+// Kustomization file can not be loaded for a subsequent call.
+type errRecurseIgnore struct {
+	Err error
+}
+
+// Unwrap returns the actual underlying error.
+func (e *errRecurseIgnore) Unwrap() error {
+	return e.Err
+}
+
+// Error returns the error string of the underlying error.
+func (e *errRecurseIgnore) Error() string {
+	if err := e.Err; err != nil {
+		return e.Err.Error()
+	}
+	return "recurse ignore"
+}
+
+// recurseKustomizationFiles attempts to recursively load and visit
+// Kustomization files.
+// The provided path is allowed to be relative, in which case it is safely
+// joined with root. When absolute, it must be inside root.
+func recurseKustomizationFiles(root, path string, visit visitKustomization, visited map[string]struct{}) error {
+	// Resolve the secure paths
+	absPath, relPath, err := securePaths(root, path)
+	if err != nil {
+		return err
+	}
+
+	if _, ok := visited[absPath]; ok {
+		// Short-circuit
+		return nil
+	}
+	visited[absPath] = struct{}{}
+
+	// Confirm we are dealing with a directory
+	fi, err := os.Lstat(absPath)
+	if err != nil {
+		err = securePathErr(root, err)
+		if errors.Is(err, fs.ErrNotExist) {
+			err = &errRecurseIgnore{Err: err}
+		}
+		return err
+	}
+	if !fi.IsDir() {
+		return &errRecurseIgnore{Err: fmt.Errorf("not a directory")}
+	}
+
+	// Attempt to load the Kustomization file from the directory
+	kus, err := secureLoadKustomizationFile(root, relPath)
+	if err != nil {
+		return err
+	}
+
+	// Visit the Kustomization
+	if err = visit(root, path, kus); err != nil {
+		return err
+	}
+
+	// Recurse over other resources in Kustomization,
+	// repeating the above logic per item
+	for _, res := range kus.Resources {
+		if !filepath.IsAbs(res) {
+			res = filepath.Join(path, res)
+		}
+		if err = recurseKustomizationFiles(root, res, visit, visited); err != nil {
+			// When the resource does not exist at the compiled path, it's
+			// either an invalid reference, or a URL.
+			// If the reference is valid but does not point to a directory,
+			// we have run into a dead end as well.
+			// In all other cases, the error is of (possible) importance to
+			// the user, and we should return it.
+			if _, ok := err.(*errRecurseIgnore); !ok {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// isSOPSEncryptedResource detects if the given resource is a SOPS' encrypted
+// resource by looking for ".sops" and ".sops.mac" fields.
+func isSOPSEncryptedResource(res *resource.Resource) bool {
+	if res == nil {
+		return false
+	}
+	sopsField := res.Field("sops")
+	if sopsField.IsNilOrEmpty() {
+		return false
+	}
+	macField := sopsField.Value.Field("mac")
+	return !macField.IsNilOrEmpty()
+}
+
+// securePaths returns the absolute and relative paths for the provided path,
+// guaranteed to be scoped inside the provided root.
+// When the given path is absolute, the root is stripped before secure joining
+// it on root.
+func securePaths(root, path string) (string, string, error) {
+	if filepath.IsAbs(path) {
+		path = stripRoot(root, path)
+	}
+	secureAbsPath, err := securejoin.SecureJoin(root, path)
+	if err != nil {
+		return "", "", err
+	}
+	return secureAbsPath, stripRoot(root, secureAbsPath), nil
+}
+
+func stripRoot(root, path string) string {
+	sepStr := string(filepath.Separator)
+	root, path = filepath.Clean(sepStr+root), filepath.Clean(sepStr+path)
+	switch {
+	case path == root:
+		path = sepStr
+	case root == sepStr:
+		// noop
+	case strings.HasPrefix(path, root+sepStr):
+		path = strings.TrimPrefix(path, root+sepStr)
+	}
+	return filepath.Clean(filepath.Join("."+sepStr, path))
+}
+
+func sopsUserErr(msg string, err error) error {
+	if userErr, ok := err.(sops.UserError); ok {
+		err = fmt.Errorf(userErr.UserError())
+	}
+	return fmt.Errorf("%s: %w", msg, err)
+}
+
+func securePathErr(root string, err error) error {
+	if pathErr := new(fs.PathError); errors.As(err, &pathErr) {
+		err = &fs.PathError{Op: pathErr.Op, Path: stripRoot(root, pathErr.Path), Err: pathErr.Err}
+	}
+	return err
+}
+
+func formatForPath(path string) formats.Format {
+	switch {
+	case strings.HasSuffix(path, corev1.DockerConfigJsonKey):
+		return formats.Json
+	default:
+		return formats.FormatForPath(path)
+	}
+}
+
+func detectFormatFromMarkerBytes(b []byte) formats.Format {
+	for k, v := range sopsFormatToMarkerBytes {
+		if bytes.Contains(b, v) {
+			return k
+		}
+	}
+	return unsupportedFormat
+}
diff --git a/pkg/sops/decryptor/decryptor_test.go b/pkg/sops/decryptor/decryptor_test.go
new file mode 100644
index 000000000..9f3c642ec
--- /dev/null
+++ b/pkg/sops/decryptor/decryptor_test.go
@@ -0,0 +1,1229 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package decryptor
+
+import (
+	"bytes"
+	"encoding/base64"
+	extage "filippo.io/age"
+	"fmt"
+	. "github.com/onsi/gomega"
+	gt "github.com/onsi/gomega/types"
+	"go.mozilla.org/sops/v3"
+	sopsage "go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"io/fs"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/provider"
+	"sigs.k8s.io/kustomize/api/resource"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/yaml"
+	"strings"
+	"testing"
+)
+
+func TestIsEncryptedSecret(t *testing.T) {
+	tests := []struct {
+		name   string
+		object []byte
+		want   gt.GomegaMatcher
+	}{
+		{name: "encrypted secret", object: []byte("apiVersion: v1\nkind: Secret\nsops: true\n"), want: BeTrue()},
+		{name: "decrypted secret", object: []byte("apiVersion: v1\nkind: Secret\n"), want: BeFalse()},
+		{name: "other resource", object: []byte("apiVersion: v1\nkind: Deployment\n"), want: BeFalse()},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			u := &unstructured.Unstructured{}
+			g.Expect(yaml.Unmarshal(tt.object, u)).To(Succeed())
+			g.Expect(IsEncryptedSecret(u)).To(tt.want)
+		})
+	}
+}
+
+func TestDecryptor_SopsDecryptWithFormat(t *testing.T) {
+	t.Run("decrypt INI to INI", func(t *testing.T) {
+		g := NewWithT(t)
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		kd := &Decryptor{
+			checkSopsMac: true,
+		}
+		kd.AddLocalKeyService()
+
+		format := formats.Ini
+		data := []byte("[config]\nkey = value\n")
+		encData, err := kd.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, data, format, format)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(bytes.Contains(encData, sopsFormatToMarkerBytes[format])).To(BeTrue())
+		g.Expect(encData).ToNot(Equal(data))
+
+		out, err := kd.SopsDecryptWithFormat(encData, format, format)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(out).To(Equal(data))
+	})
+
+	t.Run("decrypt JSON to YAML", func(t *testing.T) {
+		g := NewWithT(t)
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		kd := &Decryptor{
+			checkSopsMac: true,
+		}
+		kd.AddLocalKeyService()
+
+		inputFormat, outputFormat := formats.Json, formats.Yaml
+		data := []byte("{\"key\": \"value\"}\n")
+		encData, err := kd.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, data, inputFormat, inputFormat)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(bytes.Contains(encData, sopsFormatToMarkerBytes[inputFormat])).To(BeTrue())
+
+		out, err := kd.SopsDecryptWithFormat(encData, inputFormat, outputFormat)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(out).To(Equal([]byte("key: value\n")))
+	})
+
+	t.Run("invalid JSON data", func(t *testing.T) {
+		g := NewWithT(t)
+
+		format := formats.Json
+		data, err := (&Decryptor{}).SopsDecryptWithFormat([]byte("invalid json"), format, format)
+		g.Expect(err).To(HaveOccurred())
+		g.Expect(err.Error()).To(ContainSubstring("failed to load encrypted JSON data"))
+		g.Expect(data).To(BeNil())
+	})
+
+	t.Run("no data key", func(t *testing.T) {
+		g := NewWithT(t)
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+
+		kd := &Decryptor{}
+		kd.AddLocalKeyService()
+
+		format := formats.Binary
+		encData, err := kd.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, []byte("foo bar"), format, format)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(bytes.Contains(encData, sopsFormatToMarkerBytes[format])).To(BeTrue())
+
+		data, err := kd.SopsDecryptWithFormat(encData, format, format)
+		g.Expect(err).To(HaveOccurred())
+		g.Expect(err.Error()).To(ContainSubstring("cannot get sops data key"))
+		g.Expect(data).To(BeNil())
+	})
+
+	t.Run("with mac check", func(t *testing.T) {
+		g := NewWithT(t)
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		kd := &Decryptor{
+			checkSopsMac: true,
+		}
+		kd.AddLocalKeyService()
+
+		format := formats.Dotenv
+		data := []byte("key=value\n")
+		encData, err := kd.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, data, format, format)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(bytes.Contains(encData, sopsFormatToMarkerBytes[format])).To(BeTrue())
+
+		out, err := kd.SopsDecryptWithFormat(encData, format, format)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(out).To(Equal(data))
+
+		badMAC := regexp.MustCompile("(?m)[\r\n]+^.*sops_mac=.*$")
+		badMACData := badMAC.ReplaceAll(encData, []byte("\nsops_mac=\n"))
+		out, err = kd.SopsDecryptWithFormat(badMACData, format, format)
+		g.Expect(err).To(HaveOccurred())
+		g.Expect(err.Error()).To(ContainSubstring("failed to verify sops data integrity: expected mac 'no MAC'"))
+		g.Expect(out).To(BeNil())
+	})
+}
+
+func TestDecryptor_DecryptResource(t *testing.T) {
+	var (
+		resourceFactory = provider.NewDefaultDepProvider().GetResourceFactory()
+		emptyResource   = resourceFactory.FromMap(map[string]interface{}{})
+	)
+
+	newSecretResource := func(namespace, name string, data map[string]interface{}) *resource.Resource {
+		return resourceFactory.FromMap(map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"metadata": map[string]interface{}{
+				"name":      name,
+				"namespace": namespace,
+			},
+			"data": data,
+		})
+	}
+
+	t.Run("SOPS-encrypted Secret resource", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+		d.AddLocalKeyService()
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		secret := newSecretResource("test", "secret", map[string]interface{}{
+			"key": "value",
+		})
+		g.Expect(isSOPSEncryptedResource(secret)).To(BeFalse())
+
+		secretData, err := secret.MarshalJSON()
+		g.Expect(err).ToNot(HaveOccurred())
+
+		encData, err := d.sopsEncryptWithFormat(sops.Metadata{
+			EncryptedRegex: "^(data|stringData)$",
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, secretData, formats.Json, formats.Json)
+		g.Expect(err).ToNot(HaveOccurred())
+
+		g.Expect(secret.UnmarshalJSON(encData)).To(Succeed())
+		g.Expect(isSOPSEncryptedResource(secret)).To(BeTrue())
+
+		got, err := d.DecryptResource(secret)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).ToNot(BeNil())
+		g.Expect(got.MarshalJSON()).To(Equal(secretData))
+	})
+
+	t.Run("SOPS-encrypted binary-format Secret data field", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+		d.AddLocalKeyService()
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		plainData := []byte("[config]\napp = secret\n")
+		encData, err := d.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, plainData, formats.Ini, formats.Yaml)
+		g.Expect(err).ToNot(HaveOccurred())
+
+		secret := newSecretResource("test", "secret-data", map[string]interface{}{
+			"file.ini": base64.StdEncoding.EncodeToString(encData),
+		})
+		g.Expect(isSOPSEncryptedResource(secret)).To(BeFalse())
+
+		got, err := d.DecryptResource(secret)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).ToNot(BeNil())
+		g.Expect(got.GetDataMap()).To(HaveKeyWithValue("file.ini", base64.StdEncoding.EncodeToString(plainData)))
+	})
+
+	t.Run("SOPS-encrypted YAML-format Secret data field", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+		d.AddLocalKeyService()
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		plainData := []byte("structured:\n    data:\n        key: value\n")
+		encData, err := d.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, plainData, formats.Yaml, formats.Yaml)
+		g.Expect(err).ToNot(HaveOccurred())
+
+		secret := newSecretResource("test", "secret-data", map[string]interface{}{
+			"key.yaml": base64.StdEncoding.EncodeToString(encData),
+		})
+		g.Expect(isSOPSEncryptedResource(secret)).To(BeFalse())
+
+		got, err := d.DecryptResource(secret)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).ToNot(BeNil())
+		g.Expect(got.GetDataMap()).To(HaveKeyWithValue("key.yaml", base64.StdEncoding.EncodeToString(plainData)))
+	})
+
+	t.Run("SOPS-encrypted Docker config Secret", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+		d.AddLocalKeyService()
+
+		ageID, err := extage.GenerateX25519Identity()
+		g.Expect(err).ToNot(HaveOccurred())
+		t.Setenv(sopsage.SopsAgeKeyEnv, ageID.String())
+
+		plainData := []byte(`{
+	"auths": {
+		"my-registry.example:5000": {
+			"username": "tiger",
+			"password": "pass1234",
+			"email": "tiger@acme.example",
+			"auth": "dGlnZXI6cGFzczEyMzQ="
+		}
+	}
+}`)
+		encData, err := d.sopsEncryptWithFormat(sops.Metadata{
+			KeyGroups: []sops.KeyGroup{
+				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},
+			},
+		}, plainData, formats.Json, formats.Yaml)
+		g.Expect(err).ToNot(HaveOccurred())
+
+		secret := resourceFactory.FromMap(map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"metadata": map[string]interface{}{
+				"name":      "secret",
+				"namespace": "test",
+			},
+			"type": corev1.SecretTypeDockerConfigJson,
+			"data": map[string]interface{}{
+				corev1.DockerConfigJsonKey: base64.StdEncoding.EncodeToString(encData),
+			},
+		})
+		g.Expect(isSOPSEncryptedResource(secret)).To(BeFalse())
+
+		got, err := d.DecryptResource(secret)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).ToNot(BeNil())
+		g.Expect(got.GetDataMap()).To(HaveKeyWithValue(corev1.DockerConfigJsonKey, base64.StdEncoding.EncodeToString(plainData)))
+	})
+
+	t.Run("nil resource", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+
+		got, err := d.DecryptResource(nil)
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).To(BeNil())
+	})
+
+	t.Run("no decryption spec", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+
+		got, err := d.DecryptResource(emptyResource.DeepCopy())
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).To(BeNil())
+	})
+
+	t.Run("unimplemented decryption provider", func(t *testing.T) {
+		g := NewWithT(t)
+
+		d := NewDecryptor("", MaxEncryptedFileSize)
+
+		got, err := d.DecryptResource(emptyResource.DeepCopy())
+		g.Expect(err).ToNot(HaveOccurred())
+		g.Expect(got).To(BeNil())
+	})
+}
+
+func TestDecryptor_decryptKustomizationEnvSources(t *testing.T) {
+	type file struct {
+		name           string
+		symlink        string
+		data           []byte
+		originalFormat *formats.Format
+		encrypt        bool
+		expectData     bool
+	}
+	binaryFormat := formats.Binary
+	tests := []struct {
+		name            string
+		wordirSuffix    string
+		path            string
+		files           []file
+		secretGenerator []kustypes.SecretArgs
+		expectVisited   []string
+		wantErr         error
+	}{
+		{
+			name: "decrypt env sources",
+			path: "subdir",
+			files: []file{
+				{name: "subdir/app.env", data: []byte("var1=value1\n"), encrypt: true, expectData: true},
+				// NB: Despite the file extension representing the SOPS-encrypted JSON output
+				// format, the original data is plain text, or "binary."
+				{name: "subdir/combination.json", data: []byte("The safe combination is ..."), originalFormat: &binaryFormat, encrypt: true, expectData: true},
+				{name: "subdir/file.txt", data: []byte("file"), encrypt: true, expectData: true},
+				{name: "secret.env", data: []byte("var2=value2\n"), encrypt: true, expectData: true},
+			},
+			secretGenerator: []kustypes.SecretArgs{
+				{
+					GeneratorArgs: kustypes.GeneratorArgs{
+						Name: "envSecret",
+						KvPairSources: kustypes.KvPairSources{
+							FileSources: []string{"file.txt", "combo=combination.json"},
+							EnvSources:  []string{"app.env", "../secret.env"},
+						},
+					},
+				},
+			},
+			expectVisited: []string{"subdir/app.env", "subdir/combination.json", "subdir/file.txt", "secret.env"},
+		},
+		{
+			name:  "decryption error",
+			files: []file{},
+			secretGenerator: []kustypes.SecretArgs{
+				{
+					GeneratorArgs: kustypes.GeneratorArgs{
+						Name: "envSecret",
+						KvPairSources: kustypes.KvPairSources{
+							EnvSources: []string{"file.txt"},
+						},
+					},
+				},
+			},
+			expectVisited: []string{},
+			wantErr:       &fs.PathError{Op: "lstat", Path: "file.txt", Err: fmt.Errorf("")},
+		},
+		{
+			name: "follows relative symlink within root",
+			path: "subdir",
+			files: []file{
+				{name: "subdir/symlink", symlink: "../otherdir/data.env"},
+				{name: "otherdir/data.env", data: []byte("key=value\n"), encrypt: true, expectData: true},
+			},
+			secretGenerator: []kustypes.SecretArgs{
+				{
+					GeneratorArgs: kustypes.GeneratorArgs{
+						Name: "envSecret",
+						KvPairSources: kustypes.KvPairSources{
+							EnvSources: []string{"symlink"},
+						},
+					},
+				},
+			},
+			expectVisited: []string{"otherdir/data.env"},
+		},
+		{
+			name:         "error on symlink outside root",
+			wordirSuffix: "subdir",
+			path:         "./",
+			files: []file{
+				{name: "subdir/symlink", symlink: "../otherdir/data.env"},
+				{name: "otherdir/data.env", data: []byte("key=value\n"), encrypt: true, expectData: false},
+			},
+			secretGenerator: []kustypes.SecretArgs{
+				{
+					GeneratorArgs: kustypes.GeneratorArgs{
+						Name: "envSecret",
+						KvPairSources: kustypes.KvPairSources{
+							EnvSources: []string{"symlink"},
+						},
+					},
+				},
+			},
+			wantErr:       &fs.PathError{Op: "lstat", Path: "otherdir/data.env", Err: fmt.Errorf("")},
+			expectVisited: []string{},
+		},
+		{
+			name:         "error on reference outside root",
+			wordirSuffix: "subdir",
+			path:         "./",
+			files: []file{
+				{name: "data.env", data: []byte("key=value\n"), encrypt: true, expectData: false},
+			},
+			secretGenerator: []kustypes.SecretArgs{
+				{
+					GeneratorArgs: kustypes.GeneratorArgs{
+						Name: "envSecret",
+						KvPairSources: kustypes.KvPairSources{
+							EnvSources: []string{"../data.env"},
+						},
+					},
+				},
+			},
+			wantErr:       &fs.PathError{Op: "lstat", Path: "data.env", Err: fmt.Errorf("")},
+			expectVisited: []string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			tmpDir := t.TempDir()
+			root := filepath.Join(tmpDir, tt.wordirSuffix)
+
+			id, err := extage.GenerateX25519Identity()
+			g.Expect(err).ToNot(HaveOccurred())
+			t.Setenv(sopsage.SopsAgeKeyEnv, id.String())
+
+			d := &Decryptor{
+				root: root,
+			}
+			d.AddLocalKeyService()
+
+			for _, f := range tt.files {
+				fPath := filepath.Join(tmpDir, f.name)
+				g.Expect(os.MkdirAll(filepath.Dir(fPath), 0o700)).To(Succeed())
+				if f.symlink != "" {
+					g.Expect(os.Symlink(f.symlink, fPath)).To(Succeed())
+					continue
+				}
+				data := f.data
+				if f.encrypt {
+					var format formats.Format
+					if f.originalFormat != nil {
+						format = *f.originalFormat
+					} else {
+						format = formats.FormatForPath(f.name)
+					}
+					data, err = d.sopsEncryptWithFormat(sops.Metadata{
+						KeyGroups: []sops.KeyGroup{
+							{&sopsage.MasterKey{Recipient: id.Recipient().String()}},
+						},
+					}, f.data, format, format)
+					g.Expect(err).ToNot(HaveOccurred())
+					g.Expect(data).ToNot(Equal(f.data))
+				}
+				g.Expect(os.WriteFile(fPath, data, 0o644)).To(Succeed())
+			}
+
+			visited := make(map[string]struct{}, 0)
+			visit := d.decryptKustomizationEnvSources(visited)
+			kus := &kustypes.Kustomization{SecretGenerator: tt.secretGenerator}
+
+			err = visit(root, tt.path, kus)
+			if tt.wantErr == nil {
+				g.Expect(err).ToNot(HaveOccurred())
+			} else {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(err).To(BeAssignableToTypeOf(tt.wantErr))
+				g.Expect(err.Error()).To(ContainSubstring(tt.wantErr.Error()))
+			}
+
+			for _, f := range tt.files {
+				if f.symlink != "" {
+					continue
+				}
+
+				b, err := os.ReadFile(filepath.Join(tmpDir, f.name))
+				g.Expect(err).ToNot(HaveOccurred())
+				if f.expectData {
+					g.Expect(b).To(Equal(f.data))
+				} else {
+					g.Expect(b).ToNot(Equal(f.data))
+				}
+			}
+
+			absVisited := make(map[string]struct{}, 0)
+			for _, v := range tt.expectVisited {
+				absVisited[filepath.Join(tmpDir, v)] = struct{}{}
+			}
+			g.Expect(visited).To(Equal(absVisited))
+		})
+	}
+}
+
+func TestDecryptor_decryptSopsFile(t *testing.T) {
+	g := NewWithT(t)
+
+	id, err := extage.GenerateX25519Identity()
+	g.Expect(err).ToNot(HaveOccurred())
+	t.Setenv(sopsage.SopsAgeKeyEnv, id.String())
+
+	type file struct {
+		name       string
+		symlink    string
+		data       []byte
+		encrypt    bool
+		format     formats.Format
+		expectData bool
+	}
+	tests := []struct {
+		name        string
+		maxFileSize int64
+		files       []file
+		path        string
+		format      formats.Format
+		wantErr     error
+	}{
+		{
+			name: "decrypt dotenv file",
+			files: []file{
+				{name: "app.env", data: []byte("app=key\n"), encrypt: true, format: formats.Dotenv, expectData: true},
+			},
+			path:   "app.env",
+			format: formats.Dotenv,
+		},
+		{
+			name: "decrypt YAML file",
+			files: []file{
+				{name: "app.yaml", data: []byte("app: key\n"), encrypt: true, format: formats.Yaml, expectData: true},
+			},
+			path:   "app.yaml",
+			format: formats.Yaml,
+		},
+		{
+			name:    "irregular file",
+			files:   []file{},
+			wantErr: fmt.Errorf("cannot decrypt irregular file as it has file mode type bits set"),
+		},
+		{
+			name:        "file exceeds max size",
+			maxFileSize: 5,
+			files: []file{
+				{name: "app.env", data: []byte("app=key\n"), encrypt: true, format: formats.Dotenv, expectData: false},
+			},
+			path:    "app.env",
+			wantErr: fmt.Errorf("cannot decrypt file with size (972 bytes) exceeding limit (5)"),
+		},
+		{
+			name: "wrong file format",
+			files: []file{
+				{name: "app.ini", data: []byte("[app]\nkey = value"), encrypt: true, format: formats.Ini, expectData: false},
+			},
+			path: "app.ini",
+		},
+		{
+			name: "does not follow symlink",
+			files: []file{
+				{name: "link", symlink: "../"},
+			},
+			path:    "link",
+			wantErr: fmt.Errorf("cannot decrypt irregular file as it has file mode type bits set"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			tmpDir := t.TempDir()
+
+			d := &Decryptor{
+				root:        tmpDir,
+				maxFileSize: MaxEncryptedFileSize,
+			}
+			d.AddLocalKeyService()
+			if tt.maxFileSize != 0 {
+				d.maxFileSize = tt.maxFileSize
+			}
+
+			for _, f := range tt.files {
+				fPath := filepath.Join(tmpDir, f.name)
+				if f.symlink != "" {
+					g.Expect(os.Symlink(f.symlink, fPath)).To(Succeed())
+					continue
+				}
+				data := f.data
+				if f.encrypt {
+					b, err := d.sopsEncryptWithFormat(sops.Metadata{
+						KeyGroups: []sops.KeyGroup{
+							{&sopsage.MasterKey{Recipient: id.Recipient().String()}},
+						},
+					}, data, f.format, f.format)
+					g.Expect(err).ToNot(HaveOccurred())
+					g.Expect(b).ToNot(Equal(f.data))
+					data = b
+				}
+				g.Expect(os.MkdirAll(filepath.Dir(fPath), 0o700)).To(Succeed())
+				g.Expect(os.WriteFile(fPath, data, 0o644)).To(Succeed())
+			}
+
+			path := filepath.Join(tmpDir, tt.path)
+			err := d.sopsDecryptFile(path, tt.format, tt.format)
+			if tt.wantErr != nil {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(err).To(BeAssignableToTypeOf(tt.wantErr))
+				g.Expect(err.Error()).To(ContainSubstring(tt.wantErr.Error()))
+			} else {
+				g.Expect(err).ToNot(HaveOccurred())
+			}
+			for _, f := range tt.files {
+				if f.symlink != "" {
+					continue
+				}
+
+				b, err := os.ReadFile(filepath.Join(tmpDir, f.name))
+				g.Expect(err).ToNot(HaveOccurred())
+				g.Expect(bytes.Equal(f.data, b)).To(Equal(f.expectData))
+			}
+		})
+	}
+}
+
+func TestDecryptor_secureLoadKustomizationFile(t *testing.T) {
+	kusType := kustypes.TypeMeta{
+		APIVersion: kustypes.KustomizationVersion,
+		Kind:       kustypes.KustomizationKind,
+	}
+	type file struct {
+		name    string
+		symlink string
+		data    []byte
+	}
+	tests := []struct {
+		name       string
+		rootSuffix string
+		files      []file
+		path       string
+		want       *kustypes.Kustomization
+		wantErr    error
+	}{
+		{
+			name: "loads default kustomization file",
+			files: []file{
+				{name: konfig.DefaultKustomizationFileName(), data: []byte("resources:\n- resource.yaml")},
+			},
+			path: "./",
+			want: &kustypes.Kustomization{
+				TypeMeta:  kusType,
+				Resources: []string{"resource.yaml"},
+			},
+		},
+		{
+			name: "loads recognized kustomization file",
+			files: []file{
+				{name: konfig.RecognizedKustomizationFileNames()[1], data: []byte("resources:\n- resource.yaml")},
+			},
+			path: "./",
+			want: &kustypes.Kustomization{
+				TypeMeta:  kusType,
+				Resources: []string{"resource.yaml"},
+			},
+		},
+		{
+			name: "error on ambitious file match",
+			files: []file{
+				{name: konfig.RecognizedKustomizationFileNames()[0], data: []byte("resources:\n- resource.yaml")},
+				{name: konfig.RecognizedKustomizationFileNames()[1], data: []byte("resources:\n- resource.yaml")},
+			},
+			path:    "./",
+			wantErr: fmt.Errorf("found multiple kustomization files"),
+		},
+		{
+			name:    "error on no file found",
+			files:   []file{},
+			path:    "./",
+			wantErr: fmt.Errorf("no kustomization file found"),
+		},
+		{
+			name:       "error on symlink outside root",
+			rootSuffix: "subdir",
+			files: []file{
+				{name: konfig.DefaultKustomizationFileName(), data: []byte("resources:\n- resource.yaml")},
+				{name: "subdir/" + konfig.DefaultKustomizationFileName(), symlink: "../kustomization.yaml"},
+			},
+			wantErr: fmt.Errorf("no kustomization file found"),
+		},
+		{
+			name: "error on invalid file",
+			files: []file{
+				{name: konfig.DefaultKustomizationFileName(), data: []byte("resources")},
+			},
+			wantErr: fmt.Errorf("failed to unmarshal kustomization file"),
+		},
+		{
+			name:    "error on absolute path",
+			path:    "/absolute/",
+			wantErr: fmt.Errorf("path '/absolute/' must be relative"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			tmpDir := t.TempDir()
+			for _, f := range tt.files {
+				fPath := filepath.Join(tmpDir, f.name)
+				if f.symlink != "" {
+					g.Expect(os.Symlink(f.symlink, fPath))
+					continue
+				}
+				g.Expect(os.MkdirAll(filepath.Dir(fPath), 0o700)).To(Succeed())
+				g.Expect(os.WriteFile(fPath, f.data, 0o644)).To(Succeed())
+			}
+
+			root := filepath.Join(tmpDir, tt.rootSuffix)
+			got, err := secureLoadKustomizationFile(root, tt.path)
+			if wantErr := tt.wantErr; wantErr != nil {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(err.Error()).To(ContainSubstring(wantErr.Error()))
+				g.Expect(got).To(BeNil())
+				return
+			}
+
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(got).To(Equal(tt.want))
+		})
+	}
+}
+
+func TestDecryptor_recurseKustomizationFiles(t *testing.T) {
+	type kusNode struct {
+		path          string
+		symlink       string
+		resources     []string
+		visitErr      error
+		visited       int
+		expectVisited int
+		expectCached  bool
+	}
+	tests := []struct {
+		name         string
+		wordirSuffix string
+		path         string
+		nodes        []*kusNode
+		wantErr      error
+		wantErrStr   string
+	}{
+		{
+			name:         "recurse on resources",
+			wordirSuffix: "foo",
+			path:         "bar",
+			nodes: []*kusNode{
+				{
+					path:          "foo/bar/kustomization.yaml",
+					resources:     []string{"../baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "foo/baz/kustomization.yaml",
+					resources:     []string{"<tmpdir>/foo/bar/baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "foo/bar/baz/kustomization.yaml",
+					resources:     []string{},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name:         "recursive loop",
+			wordirSuffix: "foo",
+			path:         "bar",
+			nodes: []*kusNode{
+				{
+					path:          "foo/bar/kustomization.yaml",
+					resources:     []string{"../baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "foo/baz/kustomization.yaml",
+					resources:     []string{"../foobar"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "foo/foobar/kustomization.yaml",
+					resources:     []string{"../bar"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name: "absolute symlink",
+			path: "bar",
+			nodes: []*kusNode{
+				{
+					path:          "bar/baz/kustomization.yaml",
+					resources:     []string{"../bar/absolute"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:    "bar/absolute",
+					symlink: "<tmpdir>/bar/foo/",
+				},
+				{
+					path:          "bar/foo/kustomization.yaml",
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name: "relative symlink",
+			path: "bar",
+			nodes: []*kusNode{
+				{
+					path:          "bar/baz/kustomization.yaml",
+					resources:     []string{"../bar/relative"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:    "bar/relative",
+					symlink: "../foo/",
+				},
+				{
+					path:          "bar/foo/kustomization.yaml",
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name: "recognized kustomization names",
+			path: "./",
+			nodes: []*kusNode{
+				{
+					path:          konfig.RecognizedKustomizationFileNames()[1],
+					resources:     []string{"bar"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          filepath.Join("bar", konfig.RecognizedKustomizationFileNames()[0]),
+					resources:     []string{"../baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          filepath.Join("baz", konfig.RecognizedKustomizationFileNames()[2]),
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name:       "path does not exist",
+			path:       "./invalid",
+			wantErr:    &errRecurseIgnore{Err: fs.ErrNotExist},
+			wantErrStr: "lstat invalid",
+		},
+		{
+			name: "path is not a directory",
+			path: "./file.txt",
+			nodes: []*kusNode{
+				{
+					path: "file.txt",
+				},
+			},
+			wantErr:    &errRecurseIgnore{Err: fmt.Errorf("not a directory")},
+			wantErrStr: "not a directory",
+		},
+		{
+			name: "recurse error is returned",
+			path: "/foo",
+			nodes: []*kusNode{
+				{
+					path:          "foo/kustomization.yaml",
+					resources:     []string{"../baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "baz/wrongfile.yaml",
+					expectVisited: 0,
+					expectCached:  false,
+				},
+			},
+			wantErr: fmt.Errorf("no kustomization file found"),
+		},
+		{
+			name: "recurse ignores errRecurseIgnore",
+			path: "/foo",
+			nodes: []*kusNode{
+				{
+					path:          "foo/kustomization.yaml",
+					resources:     []string{"../baz"},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "baz",
+					expectVisited: 0,
+					expectCached:  false,
+				},
+			},
+		},
+		{
+			name: "remote build references are ignored",
+			path: "/foo",
+			nodes: []*kusNode{
+				{
+					path: "foo/kustomization.yaml",
+					resources: []string{
+						"../baz",
+						"https://github.com/kubernetes-sigs/kustomize//examples/multibases/dev/?ref=v1.0.6",
+					},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path: "baz/kustomization.yaml",
+					resources: []string{
+						"github.com/Liujingfang1/mysql?ref=test",
+					},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+		},
+		{
+			name: "visit error is returned",
+			path: "/",
+			nodes: []*kusNode{
+				{
+					path: "kustomization.yaml",
+					resources: []string{
+						"baz",
+					},
+					expectVisited: 1,
+					expectCached:  true,
+				},
+				{
+					path:          "baz/kustomization.yaml",
+					visitErr:      fmt.Errorf("visit error"),
+					expectVisited: 1,
+					expectCached:  true,
+				},
+			},
+			wantErr:    fmt.Errorf("visit error"),
+			wantErrStr: "visit error",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			tmpDir := t.TempDir()
+
+			for _, n := range tt.nodes {
+				path := filepath.Join(tmpDir, n.path)
+				if n.symlink != "" {
+					g.Expect(os.Symlink(strings.Replace(n.symlink, "<tmpdir>", tmpDir, 1), path)).To(Succeed())
+					return
+				}
+				kus := kustypes.Kustomization{
+					TypeMeta: kustypes.TypeMeta{
+						APIVersion: kustypes.KustomizationVersion,
+						Kind:       kustypes.KustomizationKind,
+					},
+				}
+				for _, res := range n.resources {
+					res = strings.Replace(res, "<tmpdir>", tmpDir, 1)
+					kus.Resources = append(kus.Resources, res)
+				}
+				b, err := yaml.Marshal(kus)
+				g.Expect(err).ToNot(HaveOccurred())
+				g.Expect(os.MkdirAll(filepath.Dir(path), 0o700)).To(Succeed())
+				g.Expect(os.WriteFile(path, b, 0o644))
+			}
+
+			visit := func(root, path string, kus *kustypes.Kustomization) error {
+				if filepath.IsAbs(path) {
+					path = stripRoot(root, path)
+				}
+				for _, n := range tt.nodes {
+					if dir := filepath.Dir(n.path); filepath.Join(tt.wordirSuffix, path) != dir {
+						continue
+					}
+					n.visited++
+					if n.visitErr != nil {
+						return n.visitErr
+					}
+				}
+				return nil
+			}
+
+			visited := make(map[string]struct{}, 0)
+			err := recurseKustomizationFiles(filepath.Join(tmpDir, tt.wordirSuffix), tt.path, visit, visited)
+			if tt.wantErr != nil {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(err).To(BeAssignableToTypeOf(tt.wantErr))
+				if tt.wantErrStr != "" {
+					g.Expect(err.Error()).To(ContainSubstring(tt.wantErrStr))
+				}
+				return
+			}
+
+			g.Expect(err).ToNot(HaveOccurred())
+			for _, n := range tt.nodes {
+				g.Expect(n.visited).To(Equal(n.expectVisited), n.path)
+
+				haveCache := HaveKey(filepath.Dir(filepath.Join(tmpDir, n.path)))
+				if n.expectCached {
+					g.Expect(visited).To(haveCache)
+				} else {
+					g.Expect(visited).ToNot(haveCache)
+				}
+			}
+		})
+	}
+}
+
+func TestDecryptor_isSOPSEncryptedResource(t *testing.T) {
+	g := NewWithT(t)
+
+	resourceFactory := provider.NewDefaultDepProvider().GetResourceFactory()
+	encrypted := resourceFactory.FromMap(map[string]interface{}{
+		"sops": map[string]string{
+			"mac": "some mac value",
+		},
+	})
+	empty := resourceFactory.FromMap(map[string]interface{}{})
+
+	g.Expect(isSOPSEncryptedResource(encrypted)).To(BeTrue())
+	g.Expect(isSOPSEncryptedResource(empty)).To(BeFalse())
+}
+
+func TestDecryptor_secureAbsPath(t *testing.T) {
+	tests := []struct {
+		name    string
+		root    string
+		path    string
+		wantAbs string
+		wantRel string
+		wantErr bool
+	}{
+		{
+			name:    "absolute to root",
+			root:    "/wordir/",
+			path:    "/wordir/foo/",
+			wantAbs: "/wordir/foo",
+			wantRel: "foo",
+		},
+		{
+			name:    "relative to root",
+			root:    "/wordir",
+			path:    "./foo",
+			wantAbs: "/wordir/foo",
+			wantRel: "foo",
+		},
+		{
+			name:    "illegal traverse",
+			root:    "/wordir/foo",
+			path:    "../../bar",
+			wantAbs: "/wordir/foo/bar",
+			wantRel: "bar",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			gotAbs, gotRel, err := securePaths(tt.root, tt.path)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(gotAbs).To(BeEmpty())
+				g.Expect(gotRel).To(BeEmpty())
+				return
+			}
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(gotAbs).To(Equal(tt.wantAbs))
+			g.Expect(gotRel).To(Equal(tt.wantRel))
+		})
+	}
+}
+
+func TestDecryptor_formatForPath(t *testing.T) {
+	tests := []struct {
+		name string
+		path string
+		want formats.Format
+	}{
+		{
+			name: "docker config",
+			path: corev1.DockerConfigJsonKey,
+			want: formats.Json,
+		},
+		{
+			name: "fallback",
+			path: "foo.yaml",
+			want: formats.Yaml,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			g.Expect(formatForPath(tt.path)).To(Equal(tt.want))
+		})
+	}
+}
+
+func TestDecryptor_detectFormatFromMarkerBytes(t *testing.T) {
+	tests := []struct {
+		name string
+		b    []byte
+		want formats.Format
+	}{
+		{
+			name: "detects format",
+			b:    bytes.Join([][]byte{[]byte("random other bytes"), sopsFormatToMarkerBytes[formats.Yaml], []byte("more random bytes")}, []byte(" ")),
+			want: formats.Yaml,
+		},
+		{
+			name: "returns unsupported format",
+			b:    []byte("no marker bytes present"),
+			want: unsupportedFormat,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := detectFormatFromMarkerBytes(tt.b); got != tt.want {
+				t.Errorf("detectFormatFromMarkerBytes() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/pkg/sops/sops_decryptor.go b/pkg/sops/sops_decryptor.go
deleted file mode 100644
index 474d9872d..000000000
--- a/pkg/sops/sops_decryptor.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package sops
-
-import (
-	"fmt"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
-	"go.mozilla.org/sops/v3/decrypt"
-)
-
-type SopsDecrypter interface {
-	SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) ([]byte, error)
-}
-
-type LocalSopsDecrypter struct {
-}
-
-func (_ LocalSopsDecrypter) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) ([]byte, error) {
-	if inputFormat != outputFormat {
-		return nil, fmt.Errorf("inputFormat and outputFormat must be equal")
-	}
-	return decrypt.DataWithFormat(data, inputFormat)
-}
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
index 5b05e20ca..ab6f881ce 100644
--- a/pkg/sops/utils.go
+++ b/pkg/sops/utils.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"go.mozilla.org/sops/v3"
 	"go.mozilla.org/sops/v3/cmd/sops/formats"
@@ -15,7 +16,7 @@ func IsMaybeSopsFile(s []byte) bool {
 	return bytes.Index(s, []byte("sops")) != -1
 }
 
-func MaybeDecrypt(decrypter SopsDecrypter, encrypted []byte, inputFormat, outputFormat formats.Format) ([]byte, bool, error) {
+func MaybeDecrypt(decrypter *decryptor.Decryptor, encrypted []byte, inputFormat, outputFormat formats.Format) ([]byte, bool, error) {
 	if decrypter == nil {
 		return encrypted, false, nil
 	}
@@ -34,11 +35,11 @@ func MaybeDecrypt(decrypter SopsDecrypter, encrypted []byte, inputFormat, output
 	return d, true, nil
 }
 
-func MaybeDecryptFile(decrypter SopsDecrypter, path string) error {
+func MaybeDecryptFile(decrypter *decryptor.Decryptor, path string) error {
 	return MaybeDecryptFileTo(decrypter, path, path)
 }
 
-func MaybeDecryptFileTo(decrypter SopsDecrypter, path string, to string) error {
+func MaybeDecryptFileTo(decrypter *decryptor.Decryptor, path string, to string) error {
 	format := formats.FormatForPath(path)
 
 	file, err := os.ReadFile(path)
@@ -61,7 +62,7 @@ func MaybeDecryptFileTo(decrypter SopsDecrypter, path string, to string) error {
 	return nil
 }
 
-func MaybeDecryptFileToTmp(ctx context.Context, decrypter SopsDecrypter, path string) (string, error) {
+func MaybeDecryptFileToTmp(ctx context.Context, decrypter *decryptor.Decryptor, path string) (string, error) {
 	tmp, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "sops-decrypt-")
 	if err != nil {
 		return "", err
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 9f070c54d..39161f372 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -32,14 +33,14 @@ type usernamePassword struct {
 type VarsLoader struct {
 	ctx  context.Context
 	k    *k8s.K8sCluster
-	sops sops.SopsDecrypter
+	sops *decryptor.Decryptor
 	rp   *repocache.GitRepoCache
 	aws  aws.AwsClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops sops.SopsDecrypter, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops *decryptor.Decryptor, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index d89772654..f8320e8fd 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -2,6 +2,7 @@ package vars
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -19,7 +20,6 @@ import (
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -48,7 +48,10 @@ func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aw
 	grc := newRP(t)
 	fakeAws := aws.NewFakeClientFactory()
 
-	vl := NewVarsLoader(context.TODO(), k, &sops.LocalSopsDecrypter{}, grc, fakeAws)
+	d := decryptor.NewDecryptor("", decryptor.MaxEncryptedFileSize)
+	d.AddLocalKeyService()
+
+	vl := NewVarsLoader(context.TODO(), k, d, grc, fakeAws)
 	vc := NewVarsCtx(newJinja2Must(t))
 
 	test(vl, vc, fakeAws)

From 9627fbc354debd8febaa7565ce76619051f54df9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Dec 2022 15:14:55 +0100
Subject: [PATCH 0697/2268] fix: Upgrade SOPS to the develop branch

This also upgrades SOPS to use github.com/aws/aws-sdk-go-v2 for AWS KMS,
which is needed to support SSO sessions.
---
 go.mod | 32 +++++++++++------------
 go.sum | 82 ++++++++++++++++++++++++++++------------------------------
 2 files changed, 54 insertions(+), 60 deletions(-)

diff --git a/go.mod b/go.mod
index f4b2b9d17..0368e53c8 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.24.1
 	github.com/otiai10/copy v1.9.0
-	go.mozilla.org/sops/v3 v3.7.3
+	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.0
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/yaml v1.3.0
@@ -74,18 +74,15 @@ require (
 require (
 	cloud.google.com/go/compute v1.14.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.2 // indirect
-	github.com/Azure/azure-sdk-for-go v63.3.0+incompatible // indirect
+	cloud.google.com/go/iam v0.8.0 // indirect
+	cloud.google.com/go/kms v1.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
-	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
-	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@@ -97,7 +94,6 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go v1.43.43 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
@@ -105,6 +101,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 // indirect
@@ -116,8 +113,8 @@ require (
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.0 // indirect
 	github.com/containerd/containerd v1.6.13 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
 	github.com/docker/docker v20.10.21+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
@@ -144,6 +141,7 @@ require (
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -176,14 +174,13 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/vault/sdk v0.6.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
-	github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.15.13 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
@@ -213,6 +210,7 @@ require (
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.2.3 // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
@@ -229,6 +227,7 @@ require (
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
+	github.com/urfave/cli v1.22.7 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -252,7 +251,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	gopkg.in/urfave/cli.v1 v1.20.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
 	k8s.io/apiserver v0.26.0 // indirect
diff --git a/go.sum b/go.sum
index af3d44e15..cb57720fb 100644
--- a/go.sum
+++ b/go.sum
@@ -34,6 +34,10 @@ cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxB
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk=
+cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE=
+cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg=
+cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0=
 cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
@@ -48,37 +52,22 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
 filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
-github.com/Azure/azure-sdk-for-go v63.3.0+incompatible h1:INepVujzUrmArRZjDLHbtER+FkvCoEwyRCXGqOlmDII=
-github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1/go.mod h1:yOYJv0tO0TTNcje8ahhBHQcdAiYqRIp5fsog5FPefr4=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
-github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
-github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
-github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
-github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
-github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
-github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
-github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
-github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg=
-github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
-github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
-github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
-github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
-github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
-github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac=
-github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
-github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
-github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
-github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
-github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 h1:BGX4OiGP9htYSd6M3pAZctcUUSruhIAUVkv2X0Cn9yE=
+github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -129,8 +118,7 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.43.43 h1:1L06qzQvl4aC3Skfh5rV7xVhGHjIZoHcqy16NoyQ1o4=
-github.com/aws/aws-sdk-go v1.43.43/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.7 h1:V94lTcix6jouwmAsgQMAEBozVAGJMFhVj+6/++xfe3E=
@@ -139,14 +127,18 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.7 h1:qUUcNS5Z1092XBFT66IJM7mYkMwg
 github.com/aws/aws-sdk-go-v2/credentials v1.13.7/go.mod h1:AdCcbZXHQCjJh6NaH3pFaw8LUeBFn5+88BZGMVGuBT8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
+github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
+github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11 h1:77V7vnw/NC4DORHVgA97+Ky2p1ri0+ZVYXh6ordUZU0=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 h1:gItLq3zBYyRDPmqAClgzTH8PBjDQGeyptYGHIwtYYNA=
@@ -155,6 +147,7 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 h1:KCacyVSs/wlcPGx37hcbT3I
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 h1:9Mtq1KM6nD8/+HStvWcvYnixJ5N85DX+P+OY3kI3W2k=
 github.com/aws/aws-sdk-go-v2/service/sts v1.17.7/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
+github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -204,7 +197,9 @@ github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvA
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
@@ -214,9 +209,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
-github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
+github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
 github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
@@ -336,8 +330,9 @@ github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
 github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
@@ -505,8 +500,6 @@ github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
-github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -528,9 +521,7 @@ github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
@@ -571,6 +562,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
@@ -660,6 +653,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
+github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -702,6 +696,9 @@ github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9F
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI=
 github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
+github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -814,6 +811,8 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69
 github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
 github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/urfave/cli v1.22.7 h1:aXiFAgRugfJ27UFDsGJ9DB2FvTC73hlVXFSqq5bo9eU=
+github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -849,8 +848,8 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
-go.mozilla.org/sops/v3 v3.7.3 h1:CYx02LnWTATWv6NqWJIt4JCKVKSnGV+MsRiDpvwWQhg=
-go.mozilla.org/sops/v3 v3.7.3/go.mod h1:AutdccISG5Nt/faUigaKPU9aGmhyZuCyUiSx5YCa1O8=
+go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1 h1:4t4bmkosajncfGrQGfg6wXhyf96KdDzx+QxRd+rpQPM=
+go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1/go.mod h1:eC/nw/CfC/v4aFitUY1JyiL+0dP6Drun/cpS/c9mypQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -971,7 +970,6 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
@@ -1058,13 +1056,13 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1296,8 +1294,6 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
-gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

From def1dd4e3bc3144d2970d0566c8d2bdde9b26938 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Dec 2022 13:59:34 +0100
Subject: [PATCH 0698/2268] fix: Disable decryptor tests on windows

---
 pkg/sops/decryptor/decryptor_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/sops/decryptor/decryptor_test.go b/pkg/sops/decryptor/decryptor_test.go
index 9f3c642ec..283901abe 100644
--- a/pkg/sops/decryptor/decryptor_test.go
+++ b/pkg/sops/decryptor/decryptor_test.go
@@ -1,3 +1,5 @@
+//go:build !windows
+
 /*
 Copyright 2021 The Flux authors
 

From b528623135b4d383de71a2707cdeb529902a6f42 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Dec 2022 14:16:43 +0000
Subject: [PATCH 0699/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.14.0 to 0.14.1

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.0 to 0.14.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.0...v0.14.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0368e53c8..48d1c83b1 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/onsi/gomega v1.24.1
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	sigs.k8s.io/controller-runtime v0.14.0
+	sigs.k8s.io/controller-runtime v0.14.1
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/yaml v1.3.0
 )
diff --git a/go.sum b/go.sum
index cb57720fb..6a9d1513e 100644
--- a/go.sum
+++ b/go.sum
@@ -1349,8 +1349,8 @@ oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.14.0 h1:ju2xsov5Ara6FoQuddg+az+rAxsUsTYn2IYyEKCTyDc=
-sigs.k8s.io/controller-runtime v0.14.0/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
+sigs.k8s.io/controller-runtime v0.14.1 h1:vThDes9pzg0Y+UbCPY3Wj34CGIYPgdmspPm2GIpxpzM=
+sigs.k8s.io/controller-runtime v0.14.1/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From 0fc95ad364104ced0c5db0c313c6d2be5d18bdc2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Dec 2022 22:07:22 +0000
Subject: [PATCH 0700/2268] chore(deps): Bump github.com/onsi/gomega from
 1.24.1 to 1.24.2

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.1 to 1.24.2.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.24.1...v1.24.2)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 0368e53c8..6e2520ea5 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.24.1
+	github.com/onsi/gomega v1.24.2
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.0
diff --git a/go.sum b/go.sum
index cb57720fb..e1e13386c 100644
--- a/go.sum
+++ b/go.sum
@@ -665,9 +665,9 @@ github.com/ohler55/ojg v1.15.0/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfli
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.6.0 h1:9t9b9vRUbFq3C4qKFCGkVuq/fIHji802N1nrtkh1mNc=
-github.com/onsi/gomega v1.24.1 h1:KORJXNNTzJXzu4ScJWssJfJMnJ+2QJqhoQSRwNlze9E=
-github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM=
+github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q=
+github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
+github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

From aa440a3043c985e3faea5f7003ffe9834332fb96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Dec 2022 22:07:42 +0000
Subject: [PATCH 0701/2268] chore(deps): Bump filippo.io/age from 1.0.0 to
 1.1.1

Bumps [filippo.io/age](https://github.com/FiloSottile/age) from 1.0.0 to 1.1.1.
- [Release notes](https://github.com/FiloSottile/age/releases)
- [Commits](https://github.com/FiloSottile/age/compare/v1.0.0...v1.1.1)

---
updated-dependencies:
- dependency-name: filippo.io/age
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0368e53c8..82f4a3c6b 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 )
 
 require (
-	filippo.io/age v1.0.0
+	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.7
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11
 	github.com/go-logr/logr v1.2.3
diff --git a/go.sum b/go.sum
index cb57720fb..44ad1ecdc 100644
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-filippo.io/age v1.0.0 h1:V6q14n0mqYU3qKFkZ6oOaF9oXneOviS3ubXsSVBRSzc=
-filippo.io/age v1.0.0/go.mod h1:PaX+Si/Sd5G8LgfCwldsSba3H1DDQZhIhFGkhbHaBq8=
+filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
+filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=

From b5536adc70f04f51a54bfdffaa0276fce1cc0287 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Dec 2022 17:47:39 +0100
Subject: [PATCH 0702/2268] fix: Merge external args after target args

External args are meant to override target args.
---
 pkg/kluctl_project/target_context.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f07436014..f1619b2b9 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -171,7 +171,6 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 
 	allArgs := uo.New()
 
-	allArgs.Merge(externalArgs)
 	if target != nil {
 		if target.Args != nil {
 			allArgs.Merge(target.Args)
@@ -182,6 +181,7 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 			}
 		}
 	}
+	allArgs.Merge(externalArgs)
 
 	deprecatedArgs, err := deployment.LoadDeprecatedDeploymentArgs(p.ctx, p.ProjectDir, varsCtx, allArgs)
 	if err != nil {

From 9ae41582a28cce558ed89e5ed98e9ce39eec828a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Dec 2022 22:07:51 +0000
Subject: [PATCH 0703/2268] chore(deps): Bump github.com/mattn/go-isatty from
 0.0.16 to 0.0.17

Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.16 to 0.0.17.
- [Release notes](https://github.com/mattn/go-isatty/releases)
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.16...v0.0.17)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 8528b8513..59163b399 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1
 	github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mattn/go-isatty v0.0.16
+	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.15.0
diff --git a/go.sum b/go.sum
index c6c400acc..c5d5c3f9b 100644
--- a/go.sum
+++ b/go.sum
@@ -599,8 +599,9 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=

From 5a9371796bd98fe702bca8155b1b7d1126efeef9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Dec 2022 22:08:52 +0000
Subject: [PATCH 0704/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.16.11 to 1.17.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.16.11...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8528b8513..bb8ec023b 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.7
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
diff --git a/go.sum b/go.sum
index c6c400acc..522c00323 100644
--- a/go.sum
+++ b/go.sum
@@ -139,8 +139,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViS
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11 h1:77V7vnw/NC4DORHVgA97+Ky2p1ri0+ZVYXh6ordUZU0=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.16.11/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0 h1:6W6BLZcXytRJsVvc2gGwxKE4wbMSlWqdxZivBP/E+ys=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 h1:gItLq3zBYyRDPmqAClgzTH8PBjDQGeyptYGHIwtYYNA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.28/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 h1:KCacyVSs/wlcPGx37hcbT3IGYO8P8Jx+TgSDhAXtQMY=

From 3e946de42b625c3b39db12d8848a9d4e319cc0fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Jan 2023 22:07:07 +0000
Subject: [PATCH 0705/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.15.0 to 1.16.0

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8528b8513..d91f47188 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/mattn/go-isatty v0.0.16
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.15.0
+	github.com/ohler55/ojg v1.16.0
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index c6c400acc..517a76973 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.15.0 h1:Z95FvBiMsMOOGP9Nzv5OVV4ND2KnEMxk0GOS8Kvcahg=
-github.com/ohler55/ojg v1.15.0/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.16.0 h1:JQMJp/ygkak1YiGFB2ohbks2Y6BAE061i5cq5fECiVA=
+github.com/ohler55/ojg v1.16.0/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=

From 1b7af20ce6c17693eb0ba1d5242f3d3c8e2ed803 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 12:12:39 +0100
Subject: [PATCH 0706/2268] refactor: Implement go routine helper and use it
 whereever possible

---
 cmd/kluctl/commands/cmd_delete.go       |   2 +-
 cmd/kluctl/commands/cmd_helm_pull.go    |  17 +---
 cmd/kluctl/commands/cmd_helm_update.go  |  26 ++----
 cmd/kluctl/commands/cobra_utils.go      |  13 +--
 pkg/deployment/deployment_collection.go | 116 ++++++++----------------
 pkg/deployment/utils/delete_utils.go    |  28 ++----
 pkg/k8s/k8s_cluster.go                  |  40 ++++----
 pkg/utils/go_helper.go                  |  68 ++++++++++++++
 pkg/utils/limited_routine.go            |  42 ---------
 9 files changed, 152 insertions(+), 200 deletions(-)
 create mode 100644 pkg/utils/go_helper.go
 delete mode 100644 pkg/utils/limited_routine.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index ed20376b7..bdac4154e 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -89,5 +89,5 @@ func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.
 		}
 	}
 
-	return utils.DeleteObjects(k, refs, true)
+	return utils.DeleteObjects(ctx, k, refs, true)
 }
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 0931ea0b8..ae0bf7bfd 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -3,17 +3,14 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"golang.org/x/sync/semaphore"
 	"io/fs"
 	"os"
 	"path/filepath"
-	"sync"
 )
 
 type helmPullCmd struct {
@@ -58,10 +55,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		}
 	}
 
-	var errs *multierror.Error
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	sem := semaphore.NewWeighted(8)
+	g := utils.NewGoHelper(ctx, 8)
 
 	for _, chart := range charts {
 		chart := chart
@@ -97,7 +91,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 
 		for version, _ := range versionsToPull {
 			version := version
-			utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+			g.RunE(func() error {
 				s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
 				defer s.Failed()
 
@@ -112,12 +106,9 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 			})
 		}
 	}
-	wg.Wait()
-	if err != nil {
-		errs = multierror.Append(errs, err)
-	}
+	g.Wait()
 
-	if errs.ErrorOrNil() != nil {
+	if g.ErrorOrNil() != nil {
 		return fmt.Errorf("command failed")
 	}
 
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index fd4856c1b..a2df12433 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -5,18 +5,15 @@ import (
 	"fmt"
 	"github.com/fluxcd/go-git/v5"
 	"github.com/fluxcd/go-git/v5/plumbing/format/index"
-	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"golang.org/x/sync/semaphore"
 	"io/fs"
 	"os"
 	"path/filepath"
-	"sync"
 )
 
 type helmUpdateCmd struct {
@@ -70,10 +67,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	var errs *multierror.Error
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	sem := semaphore.NewWeighted(8)
+	g := utils.NewGoHelper(ctx, 8)
 
 	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials)
 	if err != nil {
@@ -94,7 +88,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	for _, chart := range charts {
 		chart := chart
-		utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+		g.RunE(func() error {
 			s := status.Start(ctx, "%s: Querying versions", chart.GetChartName())
 			defer s.Failed()
 			err := chart.QueryVersions(ctx)
@@ -106,9 +100,9 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			return nil
 		})
 	}
-	wg.Wait()
-	if errs.ErrorOrNil() != nil {
-		return errs
+	g.Wait()
+	if g.ErrorOrNil() != nil {
+		return g.ErrorOrNil()
 	}
 
 	for _, chart := range charts {
@@ -124,7 +118,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 		for version, _ := range versionsToPull {
 			version := version
-			utils.GoLimitedMultiError(ctx, sem, &errs, &mutex, &wg, func() error {
+			g.RunE(func() error {
 				s := status.Start(ctx, "%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
 				defer s.Failed()
 				_, err := chart.PullCached(ctx, version)
@@ -137,9 +131,9 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			})
 		}
 	}
-	wg.Wait()
-	if errs.ErrorOrNil() != nil {
-		return errs
+	g.Wait()
+	if g.ErrorOrNil() != nil {
+		return g.ErrorOrNil()
 	}
 
 	versionUseCounts := map[string]map[string]int{}
@@ -212,7 +206,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 	}
 
-	return errs.ErrorOrNil()
+	return nil
 }
 
 func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]bool) error {
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index e8e68f528..173303bfe 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/spf13/cobra"
@@ -229,7 +230,7 @@ func copyViperValuesToCobraCmd(cmd *cobra.Command) error {
 }
 
 func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
-	var retErr []error
+	var errs *multierror.Error
 	flags.VisitAll(func(flag *pflag.Flag) {
 		sliceValue, _ := flag.Value.(pflag.SliceValue)
 		if flag.Changed && sliceValue == nil {
@@ -245,13 +246,13 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 				for _, y := range x {
 					s, ok := y.(string)
 					if !ok {
-						retErr = append(retErr, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
+						errs = multierror.Append(errs, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
 						return
 					}
 					a = append(a, s)
 				}
 			} else {
-				retErr = append(retErr, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
+				errs = multierror.Append(errs, fmt.Errorf("viper flag %s has unexpected type", flag.Name))
 				return
 			}
 		}
@@ -269,18 +270,18 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 			a = append(a, sliceValue.GetSlice()...)
 			err := sliceValue.Replace(a)
 			if err != nil {
-				retErr = append(retErr, err)
+				errs = multierror.Append(errs, err)
 			}
 		} else {
 			for _, x := range a {
 				err := flag.Value.Set(x)
 				if err != nil {
-					retErr = append(retErr, err)
+					errs = multierror.Append(errs, err)
 				}
 			}
 		}
 	})
-	return utils.NewErrorListOrNil(retErr)
+	return errs.ErrorOrNil()
 }
 
 func (c *rootCommand) helpFunc(cg *commandAndGroups, cmd *cobra.Command) {
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index c37a9fc9d..bc442fdc4 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -1,13 +1,11 @@
 package deployment
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"golang.org/x/sync/semaphore"
 	"path/filepath"
 	"sync"
 )
@@ -114,59 +112,38 @@ func (c *DeploymentCollection) RenderDeployments() error {
 	s := status.Start(c.ctx.Ctx, "Rendering templates")
 	defer s.Failed()
 
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	var errors []error
+	g := utils.NewGoHelper(c.ctx.Ctx, 0)
 
 	for _, d := range c.Deployments {
 		d := d
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			err := d.render(c.forSeal)
-			if err != nil {
-				mutex.Lock()
-				errors = append(errors, err)
-				mutex.Unlock()
-			}
-		}()
+		g.RunE(func() error {
+			return d.render(c.forSeal)
+		})
 	}
-	wg.Wait()
-	if len(errors) != 0 {
-		return utils.NewErrorListOrNil(errors)
+	g.Wait()
+	if g.ErrorOrNil() == nil {
+		s.Success()
 	}
-	s.Success()
-	return nil
+	return g.ErrorOrNil()
 }
 
 func (c *DeploymentCollection) renderHelmCharts() error {
 	s := status.Start(c.ctx.Ctx, "Rendering Helm Charts")
 	defer s.Failed()
 
-	var wg sync.WaitGroup
-	var mutex sync.Mutex
-	var errors []error
+	g := utils.NewGoHelper(c.ctx.Ctx, 0)
 
 	for _, d := range c.Deployments {
 		d := d
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			err := d.renderHelmCharts()
-			if err != nil {
-				mutex.Lock()
-				errors = append(errors, err)
-				mutex.Unlock()
-			}
-		}()
+		g.RunE(func() error {
+			return d.renderHelmCharts()
+		})
 	}
-	wg.Wait()
-	if len(errors) != 0 {
-		return utils.NewErrorListOrNil(errors)
+	g.Wait()
+	if g.ErrorOrNil() == nil {
+		s.Success()
 	}
-
-	s.Success()
-	return nil
+	return g.ErrorOrNil()
 }
 
 func (c *DeploymentCollection) resolveSealedSecrets() error {
@@ -184,80 +161,61 @@ func (c *DeploymentCollection) resolveSealedSecrets() error {
 }
 
 func (c *DeploymentCollection) buildKustomizeObjects() error {
-	var wg sync.WaitGroup
-	var errs []error
-	var mutex sync.Mutex
-	sem := semaphore.NewWeighted(16)
-
-	handleError := func(err error) {
-		mutex.Lock()
-		errs = append(errs, err)
-		mutex.Unlock()
-	}
+	g := utils.NewGoHelper(c.ctx.Ctx, 0)
 
 	s := status.Start(c.ctx.Ctx, "Building kustomize objects")
 	for _, d_ := range c.Deployments {
 		d := d_
-
-		wg.Add(1)
-		go func() {
+		g.RunE(func() error {
 			err := d.buildKustomize()
 			if err != nil {
-				handleError(fmt.Errorf("building kustomize objects for %s failed. %w", *d.dir, err))
+				return fmt.Errorf("building kustomize objects for %s failed. %w", *d.dir, err)
 			}
-			wg.Done()
-		}()
+			return nil
+		})
 	}
-	wg.Wait()
+	g.Wait()
 
-	if len(errs) != 0 {
+	if g.ErrorOrNil() != nil {
 		s.Failed()
-		return utils.NewErrorListOrNil(errs)
+		return g.ErrorOrNil()
 	}
 	s.Success()
 
 	s = status.Start(c.ctx.Ctx, "Postprocessing objects")
 	for _, d_ := range c.Deployments {
 		d := d_
-
-		wg.Add(1)
-		go func() {
+		g.RunE(func() error {
 			err := d.postprocessCRDs()
 			if err != nil {
-				handleError(fmt.Errorf("postprocessing CRDs failed: %w", err))
+				return fmt.Errorf("postprocessing CRDs failed: %w", err)
 			}
-			wg.Done()
-		}()
+			return nil
+		})
 	}
-	wg.Wait()
+	g.Wait()
 
+	g = utils.NewGoHelper(c.ctx.Ctx, 16)
 	for _, d_ := range c.Deployments {
 		d := d_
 
-		wg.Add(1)
-		go func() {
-			_ = sem.Acquire(context.Background(), 1)
-			defer sem.Release(1)
-
+		g.RunE(func() error {
 			err := d.postprocessObjects(c.Images)
 			if err != nil {
-				mutex.Lock()
-				errs = append(errs, fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err))
-				mutex.Unlock()
+				return fmt.Errorf("postprocessing kustomize objects for %s failed: %w", *d.dir, err)
 			}
-
-			wg.Done()
-		}()
+			return nil
+		})
 	}
-	wg.Wait()
+	g.Wait()
 
-	if len(errs) == 0 {
+	if g.ErrorOrNil() == nil {
 		s.Success()
 	} else {
 		s.Failed()
 	}
 
-	return utils.NewErrorListOrNil(errs)
+	return g.ErrorOrNil()
 }
 
 func (c *DeploymentCollection) LocalObjectsByRef() map[k8s2.ObjectRef]bool {
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index d79f5d229..00f72ad39 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -7,7 +7,6 @@ import (
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"golang.org/x/sync/semaphore"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
@@ -161,9 +160,8 @@ func FindObjectsForDelete(k *k8s.K8sCluster, allClusterObjects []*uo.Unstructure
 	return ret, nil
 }
 
-func DeleteObjects(k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*types.CommandResult, error) {
-	var wg sync.WaitGroup
-	sem := semaphore.NewWeighted(8)
+func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*types.CommandResult, error) {
+	g := utils.NewGoHelper(ctx, 8)
 
 	var ret types.CommandResult
 	namespaceNames := make(map[string]bool)
@@ -193,18 +191,13 @@ func DeleteObjects(k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*type
 		ref := ref_
 		if ref.GVK.GroupVersion().String() == "v1" && ref.GVK.Kind == "Namespace" {
 			namespaceNames[ref.Name] = true
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
-				_ = sem.Acquire(context.Background(), 1)
-				defer sem.Release(1)
-
+			g.Run(func() {
 				apiWarnings, err := k.DeleteSingleObject(ref, k8s.DeleteOptions{NoWait: !doWait, IgnoreNotFoundError: true})
 				handleResult(ref, apiWarnings, err)
-			}()
+			})
 		}
 	}
-	wg.Wait()
+	g.Wait()
 
 	for _, ref_ := range refs {
 		ref := ref_
@@ -215,17 +208,12 @@ func DeleteObjects(k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*type
 			// already deleted via namespace
 			continue
 		}
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			_ = sem.Acquire(context.Background(), 1)
-			defer sem.Release(1)
-
+		g.Run(func() {
 			apiWarnings, err := k.DeleteSingleObject(ref, k8s.DeleteOptions{NoWait: !doWait, IgnoreNotFoundError: true})
 			handleResult(ref, apiWarnings, err)
-		}()
+		})
 	}
-	wg.Wait()
+	g.Wait()
 
 	return &ret, nil
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 751664902..36af06bd9 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -136,10 +136,8 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 
 func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, map[schema.GroupVersionKind][]ApiWarning, error) {
 	var ret []*uo.UnstructuredObject
-	var errs []error
 	retApiWarnings := make(map[schema.GroupVersionKind][]ApiWarning)
 	var mutex sync.Mutex
-	var wg sync.WaitGroup
 
 	filter := func(ar *v1.APIResource) bool {
 		foundVerb := false
@@ -152,29 +150,27 @@ func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map
 		return foundVerb
 	}
 
+	g := utils.NewGoHelper(k.ctx, 0)
 	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filter) {
 		gvk := gvk
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-
+		g.RunE(func() error {
 			l, apiWarnings, err := k.ListObjects(gvk, namespace, labels)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil && !errors.IsNotFound(err) {
-				errs = append(errs, err)
-				return
+				return err
 			}
 			ret = append(ret, l...)
 			if len(apiWarnings) != 0 {
 				retApiWarnings[gvk] = apiWarnings
 			}
-		}()
+			return nil
+		})
 	}
-	wg.Wait()
+	g.Wait()
 
-	if len(errs) != 0 {
-		return nil, retApiWarnings, utils.NewErrorListOrNil(errs)
+	if g.ErrorOrNil() != nil {
+		return nil, retApiWarnings, g.ErrorOrNil()
 	}
 
 	return ret, retApiWarnings, nil
@@ -196,16 +192,13 @@ func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject,
 
 func (k *K8sCluster) GetObjectsByRefs(refs []k8s.ObjectRef) ([]*uo.UnstructuredObject, map[k8s.ObjectRef][]ApiWarning, error) {
 	var ret []*uo.UnstructuredObject
-	var errs []error
 	retApiWarnings := make(map[k8s.ObjectRef][]ApiWarning)
 	var mutex sync.Mutex
-	var wg sync.WaitGroup
 
+	g := utils.NewGoHelper(k.ctx, 0)
 	for _, ref_ := range refs {
 		ref := ref_
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+		g.RunE(func() error {
 			o, apiWarnings, err := k.GetSingleObject(ref)
 			mutex.Lock()
 			defer mutex.Unlock()
@@ -214,16 +207,17 @@ func (k *K8sCluster) GetObjectsByRefs(refs []k8s.ObjectRef) ([]*uo.UnstructuredO
 			}
 			if err != nil {
 				if !errors.IsNotFound(err) && !meta.IsNoMatchError(err) {
-					errs = append(errs, err)
+					return err
 				}
-				return
+				return nil
 			}
 			ret = append(ret, o)
-		}()
+			return nil
+		})
 	}
-	wg.Wait()
-	if len(errs) != 0 {
-		return nil, retApiWarnings, utils.NewErrorListOrNil(errs)
+	g.Wait()
+	if g.ErrorOrNil() != nil {
+		return nil, retApiWarnings, g.ErrorOrNil()
 	}
 
 	return ret, retApiWarnings, nil
diff --git a/pkg/utils/go_helper.go b/pkg/utils/go_helper.go
new file mode 100644
index 000000000..b37a0a4de
--- /dev/null
+++ b/pkg/utils/go_helper.go
@@ -0,0 +1,68 @@
+package utils
+
+import (
+	"context"
+	"github.com/hashicorp/go-multierror"
+	"golang.org/x/sync/semaphore"
+	"sync"
+)
+
+type goHelper struct {
+	ctx   context.Context
+	sem   *semaphore.Weighted
+	wg    sync.WaitGroup
+	mutex sync.Mutex
+	errs  *multierror.Error
+}
+
+func NewGoHelper(ctx context.Context, max int) *goHelper {
+	g := &goHelper{
+		ctx: ctx,
+	}
+	if max > 0 {
+		g.sem = semaphore.NewWeighted(int64(max))
+	}
+	return g
+}
+
+func (g *goHelper) addError(err error) {
+	g.mutex.Lock()
+	defer g.mutex.Unlock()
+	g.errs = multierror.Append(g.errs, err)
+}
+
+func (g *goHelper) RunE(fn func() error) {
+	g.wg.Add(1)
+	go func() {
+		defer g.wg.Done()
+		if g.sem != nil {
+			err := g.sem.Acquire(g.ctx, 1)
+			if err != nil {
+				g.addError(err)
+				return
+			}
+		}
+		if g.sem != nil {
+			defer g.sem.Release(1)
+		}
+		err := fn()
+		if err != nil {
+			g.addError(err)
+		}
+	}()
+}
+
+func (g *goHelper) Run(fn func()) {
+	g.RunE(func() error {
+		fn()
+		return nil
+	})
+}
+
+func (g *goHelper) Wait() {
+	g.wg.Wait()
+}
+
+func (g *goHelper) ErrorOrNil() error {
+	return g.errs.ErrorOrNil()
+}
diff --git a/pkg/utils/limited_routine.go b/pkg/utils/limited_routine.go
deleted file mode 100644
index f38a1bdde..000000000
--- a/pkg/utils/limited_routine.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package utils
-
-import (
-	"context"
-	"github.com/hashicorp/go-multierror"
-	"golang.org/x/sync/semaphore"
-	"sync"
-)
-
-func GoLimited(ctx context.Context, sem *semaphore.Weighted, wg *sync.WaitGroup, fn func(), errCb func(err error)) {
-	if wg != nil {
-		wg.Add(1)
-	}
-	go func() {
-		if wg != nil {
-			defer wg.Done()
-		}
-		err := sem.Acquire(ctx, 1)
-		if err != nil {
-			if errCb != nil {
-				errCb(err)
-			}
-			return
-		}
-		defer sem.Release(1)
-		fn()
-	}()
-}
-
-func GoLimitedMultiError(ctx context.Context, sem *semaphore.Weighted, merr **multierror.Error, mutex *sync.Mutex, wg *sync.WaitGroup, fn func() error) {
-	errCb := func(err error) {
-		mutex.Lock()
-		defer mutex.Unlock()
-		*merr = multierror.Append(*merr, err)
-	}
-	GoLimited(ctx, sem, wg, func() {
-		err := fn()
-		if err != nil {
-			errCb(err)
-		}
-	}, errCb)
-}

From 4329dbe857bb817f143f2ea443edb9484cdf8cec Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 14:19:55 +0100
Subject: [PATCH 0707/2268] refactor: Replace last uses of NewErrorListOrNil
 with multierror

---
 pkg/deployment/deployment_item.go     |  9 +++++----
 pkg/deployment/utils/errors_holder.go |  4 ++--
 pkg/utils/errorlist.go                | 23 -----------------------
 3 files changed, 7 insertions(+), 29 deletions(-)
 delete mode 100644 pkg/utils/errorlist.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index a9ac22883..af74a2f46 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/fluxcd/pkg/kustomize"
+	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -567,7 +568,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 
 	var objects []interface{}
 
-	var errList []error
+	var errs *multierror.Error
 	for _, o := range di.Objects {
 		commonLabels := di.getCommonLabels()
 		commonAnnotations := di.getCommonAnnotations()
@@ -588,7 +589,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			// Resolve image placeholders
 			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys())
 			if err != nil {
-				errList = append(errList, err)
+				errs = multierror.Append(errs, err)
 			}
 			return nil
 		})
@@ -596,8 +597,8 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 		objects = append(objects, o.Object)
 	}
 
-	if len(errList) != 0 {
-		return utils.NewErrorListOrNil(errList)
+	if errs.ErrorOrNil() != nil {
+		return errs.ErrorOrNil()
 	}
 
 	// Need to write it back to disk in case it is needed externally
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index 9b702a378..bf8faef1d 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -3,10 +3,10 @@ package utils
 import (
 	"errors"
 	"fmt"
+	"github.com/hashicorp/go-multierror"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"sync"
 )
 
@@ -106,5 +106,5 @@ func (dew *DeploymentErrorsAndWarnings) getPlainErrorsList() []error {
 
 func (dew *DeploymentErrorsAndWarnings) GetMultiError() error {
 	l := dew.getPlainErrorsList()
-	return utils.NewErrorListOrNil(l)
+	return multierror.Append(nil, l...).ErrorOrNil()
 }
diff --git a/pkg/utils/errorlist.go b/pkg/utils/errorlist.go
deleted file mode 100644
index 0191aa7d1..000000000
--- a/pkg/utils/errorlist.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package utils
-
-type errorList struct {
-	errors []error
-}
-
-func NewErrorListOrNil(errors []error) error {
-	if len(errors) == 0 {
-		return nil
-	}
-	return &errorList{errors: errors}
-}
-
-func (el *errorList) Error() string {
-	s := ""
-	for _, err := range el.errors {
-		if len(s) != 0 {
-			s += "\n"
-		}
-		s += err.Error()
-	}
-	return s
-}

From f9951a923dfda20ab9eb361cdf25cf9f3ab9708f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Jan 2023 22:06:21 +0000
Subject: [PATCH 0708/2268] chore(deps): Bump golang.org/x/net from 0.4.0 to
 0.5.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index a812c641c..835759cb6 100644
--- a/go.mod
+++ b/go.mod
@@ -39,11 +39,11 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.4.0
-	golang.org/x/net v0.4.0
+	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.3.0
-	golang.org/x/term v0.3.0
-	golang.org/x/text v0.5.0
+	golang.org/x/sys v0.4.0
+	golang.org/x/term v0.4.0
+	golang.org/x/text v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.3
diff --git a/go.sum b/go.sum
index c5d9e9066..39517d07d 100644
--- a/go.sum
+++ b/go.sum
@@ -975,8 +975,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1074,16 +1074,16 @@ golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI=
-golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1094,8 +1094,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 66dfb825d58f9605cf3d1e99b8266a2b9cdcbaa7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 15:21:39 +0100
Subject: [PATCH 0709/2268] refactor: Remove generic
 ListAllObjects/GetObjectsByRefs from K8sCluster

And implement the needed functionality where it is used. Allows for better
error handling later.
---
 pkg/deployment/utils/remote_objects_utils.go | 118 ++++++++++++++-----
 pkg/k8s/k8s_cluster.go                       |  75 ------------
 2 files changed, 89 insertions(+), 104 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 520a786a0..e9fbd99c2 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -2,12 +2,16 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	errors2 "k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sync"
 )
 
 type RemoteObjectUtils struct {
@@ -26,53 +30,109 @@ func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings)
 	}
 }
 
-func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[string]string, refs []k8s2.ObjectRef) error {
-	if k == nil {
+func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]string) error {
+	var mutex sync.Mutex
+	if len(labels) == 0 {
 		return nil
 	}
 
-	s := status.Start(u.ctx, "Getting remote objects by commonLabels")
+	baseStatus := "Getting remote objects by commonLabels"
+	s := status.Start(u.ctx, baseStatus)
 	defer s.Failed()
 
-	if len(labels) != 0 {
-		allObjects, apiWarnings, err := k.ListAllObjects([]string{"get"}, "", labels)
-		for gvk, aw := range apiWarnings {
-			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, aw)
-		}
-		if err != nil {
-			return err
-		}
-		for _, o := range allObjects {
-			u.remoteObjects[o.GetK8sRef()] = o
-		}
+	gvks := k.Resources.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
+		return utils.FindStrInSlice(ar.Verbs, "list") != -1
+	})
+
+	g := utils.NewGoHelper(u.ctx, 0)
+	for _, gvk := range gvks {
+		gvk := gvk
+		g.RunE(func() error {
+			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
+			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, apiWarnings)
+			if err != nil {
+				if errors2.IsNotFound(err) {
+					return nil
+				}
+				return err
+			}
+			mutex.Lock()
+			defer mutex.Unlock()
+			for _, o := range l {
+				u.remoteObjects[o.GetK8sRef()] = o
+			}
+			return nil
+		})
 	}
+	g.Wait()
+	if g.ErrorOrNil() == nil {
+		s.Success()
+	}
+	return g.ErrorOrNil()
+}
 
+func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.ObjectRef) error {
 	notFoundRefsMap := make(map[k8s2.ObjectRef]bool)
-	var notFoundRefsList []k8s2.ObjectRef
 	for _, ref := range refs {
 		if _, ok := u.remoteObjects[ref]; !ok {
 			if _, ok = notFoundRefsMap[ref]; !ok {
 				notFoundRefsMap[ref] = true
-				notFoundRefsList = append(notFoundRefsList, ref)
 			}
 		}
 	}
 
-	if len(notFoundRefsList) != 0 {
-		s.UpdateAndInfoFallback("Getting %d additional remote objects", len(notFoundRefsList))
-		r, apiWarnings, err := k.GetObjectsByRefs(notFoundRefsList)
-		for ref, aw := range apiWarnings {
-			u.dew.AddApiWarnings(ref, aw)
-		}
-		if err != nil {
-			return err
-		}
-		for _, o := range r {
-			u.remoteObjects[o.GetK8sRef()] = o
-		}
+	var mutex sync.Mutex
+	if len(notFoundRefsMap) == 0 {
+		return nil
 	}
 
-	s.UpdateAndInfoFallback("Getting namespaces")
+	baseStatus := fmt.Sprintf("Getting %d additional remote objects", len(notFoundRefsMap))
+	s := status.Start(u.ctx, baseStatus)
+	defer s.Failed()
+
+	g := utils.NewGoHelper(u.ctx, 0)
+	for ref, _ := range notFoundRefsMap {
+		ref := ref
+		g.RunE(func() error {
+			r, apiWarnings, err := k.GetSingleObject(ref)
+			u.dew.AddApiWarnings(ref, apiWarnings)
+			if err != nil {
+				if errors2.IsNotFound(err) {
+					return nil
+				}
+				return err
+			}
+			mutex.Lock()
+			defer mutex.Unlock()
+			u.remoteObjects[r.GetK8sRef()] = r
+			return nil
+		})
+	}
+	g.Wait()
+	if g.ErrorOrNil() == nil {
+		s.Success()
+	}
+	return g.ErrorOrNil()
+}
+
+func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[string]string, refs []k8s2.ObjectRef) error {
+	if k == nil {
+		return nil
+	}
+
+	err := u.getAllByLabels(k, labels)
+	if err != nil {
+		return err
+	}
+
+	err = u.getMissingObjects(k, refs)
+	if err != nil {
+		return err
+	}
+
+	s := status.Start(u.ctx, "Getting namespaces")
+	defer s.Failed()
+
 	r, _, err := k.ListObjects(schema.GroupVersionKind{
 		Group:   "",
 		Version: "v1",
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 36af06bd9..31b5a227c 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -134,48 +134,6 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 	return result, apiWarnings, err
 }
 
-func (k *K8sCluster) ListAllObjects(verbs []string, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, map[schema.GroupVersionKind][]ApiWarning, error) {
-	var ret []*uo.UnstructuredObject
-	retApiWarnings := make(map[schema.GroupVersionKind][]ApiWarning)
-	var mutex sync.Mutex
-
-	filter := func(ar *v1.APIResource) bool {
-		foundVerb := false
-		for _, v := range verbs {
-			if utils.FindStrInSlice(ar.Verbs, v) != -1 {
-				foundVerb = true
-				break
-			}
-		}
-		return foundVerb
-	}
-
-	g := utils.NewGoHelper(k.ctx, 0)
-	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filter) {
-		gvk := gvk
-		g.RunE(func() error {
-			l, apiWarnings, err := k.ListObjects(gvk, namespace, labels)
-			mutex.Lock()
-			defer mutex.Unlock()
-			if err != nil && !errors.IsNotFound(err) {
-				return err
-			}
-			ret = append(ret, l...)
-			if len(apiWarnings) != 0 {
-				retApiWarnings[gvk] = apiWarnings
-			}
-			return nil
-		})
-	}
-	g.Wait()
-
-	if g.ErrorOrNil() != nil {
-		return nil, retApiWarnings, g.ErrorOrNil()
-	}
-
-	return ret, retApiWarnings, nil
-}
-
 func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
@@ -190,39 +148,6 @@ func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject,
 	return result, apiWarnings, err
 }
 
-func (k *K8sCluster) GetObjectsByRefs(refs []k8s.ObjectRef) ([]*uo.UnstructuredObject, map[k8s.ObjectRef][]ApiWarning, error) {
-	var ret []*uo.UnstructuredObject
-	retApiWarnings := make(map[k8s.ObjectRef][]ApiWarning)
-	var mutex sync.Mutex
-
-	g := utils.NewGoHelper(k.ctx, 0)
-	for _, ref_ := range refs {
-		ref := ref_
-		g.RunE(func() error {
-			o, apiWarnings, err := k.GetSingleObject(ref)
-			mutex.Lock()
-			defer mutex.Unlock()
-			if len(apiWarnings) != 0 {
-				retApiWarnings[ref] = apiWarnings
-			}
-			if err != nil {
-				if !errors.IsNotFound(err) && !meta.IsNoMatchError(err) {
-					return err
-				}
-				return nil
-			}
-			ret = append(ret, o)
-			return nil
-		})
-	}
-	g.Wait()
-	if g.ErrorOrNil() != nil {
-		return nil, retApiWarnings, g.ErrorOrNil()
-	}
-
-	return ret, retApiWarnings, nil
-}
-
 type DeleteOptions struct {
 	ForceDryRun         bool
 	NoWait              bool

From 94b68e1ee2bcf7f68e7371aa8963cb17d0d731c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 16:06:37 +0100
Subject: [PATCH 0710/2268] fix: Do not abort when errors occur in
 UpdateRemoteObjects

Instead, record errors and show them later.
---
 pkg/deployment/utils/remote_objects_utils.go | 37 ++++++++++++++------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index e9fbd99c2..f18854073 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -40,6 +40,8 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 	s := status.Start(u.ctx, baseStatus)
 	defer s.Failed()
 
+	errCount := 0
+
 	gvks := k.Resources.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
 		return utils.FindStrInSlice(ar.Verbs, "list") != -1
 	})
@@ -47,26 +49,32 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 	g := utils.NewGoHelper(u.ctx, 0)
 	for _, gvk := range gvks {
 		gvk := gvk
-		g.RunE(func() error {
+		g.Run(func() {
 			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
 			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, apiWarnings)
 			if err != nil {
 				if errors2.IsNotFound(err) {
-					return nil
+					return
 				}
-				return err
+				u.dew.AddError(k8s2.ObjectRef{GVK: gvk}, err)
+				errCount += 1
+				return
 			}
 			mutex.Lock()
 			defer mutex.Unlock()
 			for _, o := range l {
 				u.remoteObjects[o.GetK8sRef()] = o
 			}
-			return nil
 		})
 	}
 	g.Wait()
 	if g.ErrorOrNil() == nil {
-		s.Success()
+		if errCount != 0 {
+			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
+			s.Warning()
+		} else {
+			s.Success()
+		}
 	}
 	return g.ErrorOrNil()
 }
@@ -86,6 +94,8 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 		return nil
 	}
 
+	errCount := 0
+
 	baseStatus := fmt.Sprintf("Getting %d additional remote objects", len(notFoundRefsMap))
 	s := status.Start(u.ctx, baseStatus)
 	defer s.Failed()
@@ -93,24 +103,31 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 	g := utils.NewGoHelper(u.ctx, 0)
 	for ref, _ := range notFoundRefsMap {
 		ref := ref
-		g.RunE(func() error {
+		g.Run(func() {
 			r, apiWarnings, err := k.GetSingleObject(ref)
 			u.dew.AddApiWarnings(ref, apiWarnings)
 			if err != nil {
 				if errors2.IsNotFound(err) {
-					return nil
+					return
 				}
-				return err
+				u.dew.AddError(ref, err)
+				errCount += 1
+				return
 			}
 			mutex.Lock()
 			defer mutex.Unlock()
 			u.remoteObjects[r.GetK8sRef()] = r
-			return nil
+			return
 		})
 	}
 	g.Wait()
 	if g.ErrorOrNil() == nil {
-		s.Success()
+		if errCount != 0 {
+			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
+			s.Warning()
+		} else {
+			s.Success()
+		}
 	}
 	return g.ErrorOrNil()
 }

From 46782658385335515e062833aef982901145bf52 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 17:04:39 +0100
Subject: [PATCH 0711/2268] fix: Properly print errors/warnings without a ref

---
 cmd/kluctl/commands/command_result.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index bc6bb1ca9..1d43fda5c 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -82,7 +82,11 @@ func prettyObjectRefs(buf io.StringWriter, refs []k8s.ObjectRef) {
 
 func prettyErrors(buf io.StringWriter, errors []types.DeploymentError) {
 	for _, e := range errors {
-		_, _ = buf.WriteString(fmt.Sprintf("  %s: %s\n", e.Ref.String(), e.Error))
+		prefix := ""
+		if s := e.Ref.String(); s != "" {
+			prefix = fmt.Sprintf("%s: ", s)
+		}
+		_, _ = buf.WriteString(fmt.Sprintf("  %s%s\n", prefix, e.Error))
 	}
 }
 

From 1a1e63c745f930b9f1c41d5633d7c1001aeca528 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 17:04:54 +0100
Subject: [PATCH 0712/2268] fix: Don't be too verbose about permission errors

---
 pkg/deployment/utils/remote_objects_utils.go | 22 +++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index f18854073..cb378acd9 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -41,6 +41,7 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 	defer s.Failed()
 
 	errCount := 0
+	permissionErrCount := 0
 
 	gvks := k.Resources.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
 		return utils.FindStrInSlice(ar.Verbs, "list") != -1
@@ -52,16 +53,20 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 		g.Run(func() {
 			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
 			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, apiWarnings)
+			mutex.Lock()
+			defer mutex.Unlock()
 			if err != nil {
 				if errors2.IsNotFound(err) {
 					return
 				}
-				u.dew.AddError(k8s2.ObjectRef{GVK: gvk}, err)
 				errCount += 1
+				if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
+					permissionErrCount += 1
+					return
+				}
+				u.dew.AddWarning(k8s2.ObjectRef{GVK: gvk}, err)
 				return
 			}
-			mutex.Lock()
-			defer mutex.Unlock()
 			for _, o := range l {
 				u.remoteObjects[o.GetK8sRef()] = o
 			}
@@ -72,6 +77,9 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 		if errCount != 0 {
 			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
 			s.Warning()
+			if permissionErrCount != 0 {
+				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering objects by labels. This might result in orphan object detection to not work properly"))
+			}
 		} else {
 			s.Success()
 		}
@@ -95,6 +103,7 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 	}
 
 	errCount := 0
+	permissionErrCount := 0
 
 	baseStatus := fmt.Sprintf("Getting %d additional remote objects", len(notFoundRefsMap))
 	s := status.Start(u.ctx, baseStatus)
@@ -110,6 +119,10 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 				if errors2.IsNotFound(err) {
 					return
 				}
+				if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
+					permissionErrCount += 1
+					return
+				}
 				u.dew.AddError(ref, err)
 				errCount += 1
 				return
@@ -125,6 +138,9 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 		if errCount != 0 {
 			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
 			s.Warning()
+			if permissionErrCount != 0 {
+				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering known objects. This might result in orphan object detection and diffs to not work properly"))
+			}
 		} else {
 			s.Success()
 		}

From 8fd992bae1a18e06878ed56ab452b6b0a6b66c2a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 22:41:22 +0100
Subject: [PATCH 0713/2268] tests: Add test for permission errors in
 RemoteObjectUtils

---
 .../utils/remote_objects_utils_test.go        | 48 ++++++++++++
 pkg/k8s/fake_client_factory.go                | 74 +++++++++++++++----
 pkg/k8s/resources.go                          |  7 ++
 3 files changed, 114 insertions(+), 15 deletions(-)
 create mode 100644 pkg/deployment/utils/remote_objects_utils_test.go

diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
new file mode 100644
index 000000000..519c8ebf2
--- /dev/null
+++ b/pkg/deployment/utils/remote_objects_utils_test.go
@@ -0,0 +1,48 @@
+package utils
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"testing"
+)
+
+func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
+	gvr := schema.GroupVersionResource{
+		Group:    "",
+		Version:  "v1",
+		Resource: "secrets",
+	}
+	expectedErr := errors.NewForbidden(gvr.GroupResource(), "secret", nil)
+
+	secret := &corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{Name: "cm1", Namespace: "ns", Labels: map[string]string{"label1": "value1"}},
+		Data: map[string][]byte{
+			"test": []byte(`test`),
+		},
+	}
+
+	f := k8s.NewFakeClientFactory(secret)
+	f.AddError(gvr, "", "", expectedErr)
+	k, err := k8s.NewK8sCluster(context.TODO(), f, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dew := NewDeploymentErrorsAndWarnings()
+	u := NewRemoteObjectsUtil(context.Background(), dew)
+	err = u.UpdateRemoteObjects(k, map[string]string{"l1": "v1"}, []k8s2.ObjectRef{
+		k8s2.NewObjectRef("", "v1", "Secret", "secret", "default"),
+	})
+	assert.NoError(t, err)
+	assert.Equal(t, []types.DeploymentError{{
+		Error: "at least one permission error was encountered while gathering objects by labels. This might result in orphan object detection to not work properly"},
+	}, dew.GetWarningsList())
+	assert.Empty(t, dew.GetErrorsList())
+}
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index cee966194..6ee62d1e4 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -3,6 +3,7 @@ package k8s
 import (
 	v1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -12,15 +13,15 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/testing"
 	"sigs.k8s.io/kustomize/kyaml/openapi"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 	"strings"
 )
 
 type fakeClientFactory struct {
-	clientSet *fake.Clientset
-	objects   []runtime.Object
-	scheme    *runtime.Scheme
+	clientSet     *fake.Clientset
+	dynamicClient *fake_dynamic.FakeDynamicClient
 }
 
 func (f *fakeClientFactory) RESTConfig() *rest.Config {
@@ -43,10 +44,10 @@ func (f *fakeClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1I
 }
 
 func (f *fakeClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error) {
-	return fake_dynamic.NewSimpleDynamicClient(f.scheme, f.objects...), nil
+	return f.dynamicClient, nil
 }
 
-func NewFakeClientFactory(objects ...runtime.Object) ClientFactory {
+func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
 	scheme := runtime.NewScheme()
 	_ = v1.AddToScheme(scheme)
 	_ = apiextensionsv1.AddToScheme(scheme)
@@ -54,30 +55,77 @@ func NewFakeClientFactory(objects ...runtime.Object) ClientFactory {
 
 	clientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
 
+	dynamicClient := fake_dynamic.NewSimpleDynamicClient(scheme, objects...)
+
 	return &fakeClientFactory{
-		clientSet: clientSet,
-		objects:   objects,
-		scheme:    scheme,
+		clientSet:     clientSet,
+		dynamicClient: dynamicClient,
 	}
 }
 
+type HasName interface {
+	GetName() string
+}
+
+func (f *fakeClientFactory) AddError(gvr schema.GroupVersionResource, name string, namespace string, retErr error) {
+	f.dynamicClient.PrependReactor("*", gvr.Resource, func(action testing.Action) (handled bool, ret runtime.Object, err error) {
+		if namespace != "" && namespace != action.GetNamespace() {
+			return false, nil, nil
+		}
+		switch a := action.(type) {
+		case HasName:
+			if name != "" && name != a.GetName() {
+				return false, nil, nil
+			}
+			return true, nil, retErr
+		default:
+			return true, nil, retErr
+		}
+	})
+}
+
 func ConvertSchemeToAPIResources(s *runtime.Scheme) []*metav1.APIResourceList {
 	m := map[schema.GroupVersion][]metav1.APIResource{}
-
+	var allTypes []schema.GroupVersionKind
+	listTypes := map[schema.GroupVersionKind]bool{}
 	for gvk, _ := range s.AllKnownTypes() {
+		if gvk.Version == "__internal" {
+			continue
+		}
+		if strings.HasSuffix(gvk.Kind, "List") {
+			listTypes[gvk] = true
+		}
+		allTypes = append(allTypes, gvk)
+	}
+
+	for _, gvk := range allTypes {
+		if strings.HasSuffix(gvk.Kind, "List") {
+			continue
+		}
 		// we misuse kyaml here
 		n, _ := openapi.IsNamespaceScoped(yaml.TypeMeta{
 			APIVersion: gvk.GroupVersion().String(),
 			Kind:       gvk.Kind,
 		})
 
+		verbs := []string{"delete", "deletecollection", "get", "patch", "create", "update", "watch"}
+		if listTypes[schema.GroupVersionKind{
+			Group:   gvk.Group,
+			Version: gvk.Version,
+			Kind:    gvk.Kind + "List",
+		}] {
+			verbs = append(verbs, "list")
+		}
+
+		singularGvr, _ := meta.UnsafeGuessKindToResource(gvk)
+
 		ar := metav1.APIResource{
-			Name:       buildPluralName(gvk.Kind),
+			Name:       singularGvr.Resource,
 			Namespaced: n,
 			Group:      gvk.Group,
 			Version:    gvk.Version,
 			Kind:       gvk.Kind,
-			Verbs:      []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"},
+			Verbs:      verbs,
 		}
 
 		l, _ := m[gvk.GroupVersion()]
@@ -95,7 +143,3 @@ func ConvertSchemeToAPIResources(s *runtime.Scheme) []*metav1.APIResourceList {
 
 	return ret
 }
-
-func buildPluralName(n string) string {
-	return strings.ToLower(n) + "s"
-}
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index a6a5aac81..47ce75c2b 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/dynamic"
+	"runtime"
 	"sort"
 	"strings"
 	"sync"
@@ -96,6 +97,9 @@ func (k *k8sResources) updateResources() error {
 		}
 
 		for _, ar := range arl.APIResources {
+			if ar.Version == "__internal" {
+				continue
+			}
 			if strings.Index(ar.Name, "/") != -1 {
 				// skip subresources
 				continue
@@ -125,6 +129,9 @@ func (k *k8sResources) updateResources() error {
 			}
 		}
 	}
+	if len(k.preferredResources) == 0 {
+		runtime.Breakpoint()
+	}
 
 	return nil
 }

From 4a3ecce1c599fcbce0568111616221d852d17690 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 4 Jan 2023 23:01:48 +0100
Subject: [PATCH 0714/2268] tests: Print KUBECONFIG on start of tests

---
 e2e/default_clusters.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 0d5479d27..b50159416 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -2,6 +2,7 @@ package e2e
 
 import "C"
 import (
+	"fmt"
 	"github.com/imdario/mergo"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
@@ -59,6 +60,8 @@ func init() {
 
 	mergedKubeconfig = tmpKubeconfig.Name()
 	_ = os.Setenv("KUBECONFIG", mergedKubeconfig)
+
+	_, _ = fmt.Fprintf(os.Stderr, "KUBECONFIG=%s\n", mergedKubeconfig)
 }
 
 func mergeKubeconfig(path string, kubeconfig []byte) {

From 404f185a6921328a03b5ecbf61d3273bfac8d6a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jan 2023 22:10:45 +0000
Subject: [PATCH 0715/2268] chore(deps): Bump golang.org/x/crypto from 0.4.0 to
 0.5.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 835759cb6..d6909f797 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.4.0
+	golang.org/x/crypto v0.5.0
 	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.4.0
diff --git a/go.sum b/go.sum
index 39517d07d..842181df8 100644
--- a/go.sum
+++ b/go.sum
@@ -890,8 +890,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From e7fcb90d1e91b03d2bc5abd64a04763d296c42de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Fri, 6 Jan 2023 17:48:03 +0100
Subject: [PATCH 0716/2268] tests: Add unit tests for the yaml pkg (#241)

* test(yaml): add tests for the yaml pkg

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): switch to temp folder provided by the testing pkg

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): use assert pkg and fix typos

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): remove Fs from func name

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): remove CreateTempFile

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): remove redundant information in messages

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): setup test files without use of temp files

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): use assert.Empty() instead of assert.Nil()

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): test read with two docs in file

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

* test(yaml): use assert.Equal() with equal object instead of extracting the value

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/yaml/yaml_test.go | 375 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 375 insertions(+)
 create mode 100644 pkg/yaml/yaml_test.go

diff --git a/pkg/yaml/yaml_test.go b/pkg/yaml/yaml_test.go
new file mode 100644
index 000000000..bd2d6b772
--- /dev/null
+++ b/pkg/yaml/yaml_test.go
@@ -0,0 +1,375 @@
+package yaml
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"testing/iotest"
+)
+
+type EmptyYamlConfig struct {
+}
+
+type SimpleYamlConfig struct {
+	Value string `yaml:"value"`
+}
+
+func TestReadYamlFile(t *testing.T) {
+	// Setup variables
+	existingEmptyYamlFileName := "file_existing_empty.yaml"
+	var existingEmptyYamlConf EmptyYamlConfig
+	nonExistingEmptyYamlFileName := "non_existing_empty.yaml"
+	var nonExistingEmptyYamlConf EmptyYamlConfig
+
+	// Setup temporary file
+	path := filepath.Join(t.TempDir(), existingEmptyYamlFileName)
+	os.WriteFile(path, nil, 0600)
+
+	//Read existing empty yaml file
+	existingEmptyYamlErr := ReadYamlFile(path, &existingEmptyYamlConf)
+	assert.NoError(t, existingEmptyYamlErr, "Can't read empty yaml file: %s", path)
+
+	//Read non-existing empty yaml file
+	nonExistingEmptyYamlErr := ReadYamlFile(nonExistingEmptyYamlFileName, &nonExistingEmptyYamlConf)
+	assert.Error(t, nonExistingEmptyYamlErr, "Should throw an error because %s doesn't exist", nonExistingEmptyYamlFileName)
+}
+
+func TestReadYamlAllFile(t *testing.T) {
+	// Setup variables
+	twoDocsYamlContent := `value: anyValue1
+---
+value: anyValue2
+`
+	expectedTwoDocsYaml := []any{
+		map[string]any{
+			"value": "anyValue1",
+		},
+		map[string]any{
+			"value": "anyValue2",
+		},
+	}
+	existingEmptyYamlFileName := "file_existing_empty.yaml"
+	existingTwoDocsYamlFileName := "file_existing_two_docs.yaml"
+	nonExistingEmptyYamlFileName := "non_existing_empty.yaml"
+
+	// Setup temporary file
+	path := filepath.Join(t.TempDir(), existingEmptyYamlFileName)
+	os.WriteFile(path, nil, 0600)
+
+	//Read existing empty yaml file
+	existingEmptyYamlAllFileResult, existingEmptyYamlAllFileErr := ReadYamlAllFile(path)
+	assert.NoError(t, existingEmptyYamlAllFileErr, "Can't read empty yaml file: %s", path)
+	assert.Empty(t, existingEmptyYamlAllFileResult, "Empty YAML stream read incorrectly. Value should be empty")
+
+	//Read existing empty yaml file with two documents
+	path = filepath.Join(t.TempDir(), existingTwoDocsYamlFileName)
+	os.WriteFile(path, []byte(twoDocsYamlContent), 0600)
+
+	twoDocsYamlAllFileResult, twoDocsYamlAllFileErr := ReadYamlAllFile(path)
+	assert.NoError(t, twoDocsYamlAllFileErr, "Can't read yaml file: %s", path)
+	assert.Equal(t, expectedTwoDocsYaml, twoDocsYamlAllFileResult)
+
+	//Read non-existing empty yaml file
+	nonExistingEmptyYamlAllFileResult, nonExistingEmptyYamlAllFileErr := ReadYamlAllFile(nonExistingEmptyYamlFileName)
+	assert.Error(t, nonExistingEmptyYamlAllFileErr, "Should throw an error because %s doesn't exist", nonExistingEmptyYamlFileName)
+	assert.Nil(t, nonExistingEmptyYamlAllFileResult, "Empty YAML stream read incorrectly. Value should be nil because file doesn't exist.")
+}
+
+func TestReadYamlStream(t *testing.T) {
+	// Setup variables
+	simpleYamlDataString := `
+    value: anyValue
+    `
+	simpleYamlDataReader := bytes.NewReader([]byte(simpleYamlDataString))
+	var existingSimpleYamlConf SimpleYamlConfig
+
+	existingReadYamlStreamErr := ReadYamlStream(simpleYamlDataReader, &existingSimpleYamlConf)
+	assert.NoError(t, existingReadYamlStreamErr, "Can't read simple yaml stream: %s", existingReadYamlStreamErr)
+
+	//Check if it can handle errors
+	errorReadYamlStreamErr := ReadYamlStream(iotest.ErrReader(errors.New("timeout")), &EmptyYamlConfig{})
+	assert.Error(t, errorReadYamlStreamErr, "It should throw an error because of a timeout")
+}
+
+func TestReadYamlString(t *testing.T) {
+	// Setup variables
+	simpleYamlDataString := `
+    value: anyValue
+    `
+	var existingSimpleYamlConf SimpleYamlConfig
+
+	existingReadYamlStringErr := ReadYamlString(simpleYamlDataString, &existingSimpleYamlConf)
+	assert.NoError(t, existingReadYamlStringErr, "Can't read simple yaml stream: %s", existingReadYamlStringErr)
+}
+
+func TestReadYamlAllString(t *testing.T) {
+	// Setup variables
+	expectedSimpleYamlAllString := []any{
+		map[string]any{
+			"value": "anyValue",
+		},
+	}
+	simpleYamlDataString := `
+    value: anyValue
+    `
+	simpleYamlAllStringResult, simpleYamlAllStringErr := ReadYamlAllString(simpleYamlDataString)
+	assert.NoError(t, simpleYamlAllStringErr, "Can't read simple yaml stream: %s", simpleYamlAllStringErr)
+
+	assert.Equal(t, expectedSimpleYamlAllString, simpleYamlAllStringResult, "Simple YAML stream read incorrectly")
+}
+
+func TestReadYamlBytes(t *testing.T) {
+	// Setup variables
+	simpleYamlDataString := `
+    value: anyValue
+    `
+	var existingSimpleYamlConf SimpleYamlConfig
+	simpleYamlDataBytes := []byte(simpleYamlDataString)
+	existingReadYamlBytesErr := ReadYamlBytes(simpleYamlDataBytes, &existingSimpleYamlConf)
+	assert.NoError(t, existingReadYamlBytesErr, "Can't read simple yaml stream: %s", existingReadYamlBytesErr)
+}
+
+func TestReadYamlAllBytes(t *testing.T) {
+	// Setup variables
+	expectedSimpleYamlAllBytes := []any{
+		map[string]any{
+			"value": "anyValue",
+		},
+	}
+	simpleYamlDataString := `
+    value: anyValue
+    `
+	simpleYamlDataBytes := []byte(simpleYamlDataString)
+	simpleYamlAllBytesResult, simpleYamlAllBytesErr := ReadYamlAllBytes(simpleYamlDataBytes)
+
+	assert.NoError(t, simpleYamlAllBytesErr, "Can't read simple yaml stream: %s", simpleYamlAllBytesErr)
+	assert.Equal(t, expectedSimpleYamlAllBytes, simpleYamlAllBytesResult, "Simple YAML stream read incorrectly")
+}
+
+func TestReadYamlAllStream(t *testing.T) {
+	expectedSimpleYamlAllStream := []any{
+		map[string]any{
+			"value": "anyValue",
+		},
+	}
+	// Setup variables
+	simpleYamlDataReader := bytes.NewReader([]byte("value: 'anyValue'"))
+	emptyYamlDataReader := bytes.NewReader([]byte(""))
+
+	//Read empty yaml from stream
+	emptyYamlAllStreamResult, emptyYamlAllStreamResultErr := ReadYamlAllStream(emptyYamlDataReader)
+	assert.NoError(t, emptyYamlAllStreamResultErr, "Can't read empty yaml stream: %s", emptyYamlAllStreamResultErr)
+	assert.Nil(t, emptyYamlAllStreamResult, "Empty YAML stream read incorrectly. Value should be nil")
+
+	//Read simple yaml from stream
+	simpleYamlAllStreamResult, simpleYamlAllStreamResultErr := ReadYamlAllStream(simpleYamlDataReader)
+	assert.NoError(t, simpleYamlAllStreamResultErr, "Can't read simple yaml stream: %s", simpleYamlAllStreamResultErr)
+
+	assert.Equal(t, expectedSimpleYamlAllStream, simpleYamlAllStreamResult, "Simple YAML stream read incorrectly")
+
+	//Check if it can handle errors
+	_, errorReadYamlAllStreamErr := ReadYamlAllStream(iotest.ErrReader(errors.New("timeout")))
+	assert.Error(t, errorReadYamlAllStreamErr, "It should throw an error because of a timeout")
+}
+
+func TestWriteYamlAllFile(t *testing.T) {
+	// Setup variables
+	yamlFileName := "file.yaml"
+	var yaml []any
+	yaml = append(yaml, SimpleYamlConfig{
+		Value: "anyValue1",
+	}, SimpleYamlConfig{
+		Value: "anyValue2",
+	})
+	expectedString := `value: anyValue1
+---
+value: anyValue2
+`
+
+	// Setup temporary file
+	path := filepath.Join(t.TempDir(), yamlFileName)
+	os.WriteFile(path, nil, 0600)
+
+	//Check if writing multiple YAML works
+	writeYamlAllFileErr := WriteYamlAllFile(path, yaml)
+	assert.NoError(t, writeYamlAllFileErr, "Error while trying to write YAML to file")
+
+	b, err := os.ReadFile(path)
+	assert.NoError(t, err, "Error while reading file for evaluation")
+	assert.Equal(t, expectedString, string(b), "Yaml not written correctly")
+}
+
+func TestWriteYamlFile(t *testing.T) {
+	// Setup variables
+	yamlFileName := "file.yaml"
+	yaml := SimpleYamlConfig{
+		Value: "anyValue1",
+	}
+	expectedString := `value: anyValue1
+`
+
+	// Setup temporary file
+	path := filepath.Join(t.TempDir(), yamlFileName)
+
+	//Check if writing a single YAML works
+	writeYamlFileErr := WriteYamlFile(path, yaml)
+	assert.NoError(t, writeYamlFileErr, "Error while trying to write YAML to file.")
+
+	b, err := os.ReadFile(path)
+	assert.NoError(t, err, "Error while reading file for evaluation")
+	assert.Equal(t, expectedString, string(b), "Yaml not written correctly.")
+}
+
+func TestWriteYamlString(t *testing.T) {
+	// Setup variables
+	yaml := SimpleYamlConfig{
+		Value: "anyValue1",
+	}
+	expectedString := `value: anyValue1
+`
+	// Write YAML to String
+	writeYamlStringResult, writeYamlStringErr := WriteYamlString(yaml)
+	assert.NoError(t, writeYamlStringErr, "Can't write simple yaml string: %s", writeYamlStringErr)
+	assert.Equal(t, expectedString, writeYamlStringResult, "Yaml not written correctly.")
+}
+
+func TestWriteYamlAllString(t *testing.T) {
+	// Setup variables
+	var yaml []any
+	yaml = append(yaml, SimpleYamlConfig{
+		Value: "anyValue1",
+	}, SimpleYamlConfig{
+		Value: "anyValue2",
+	})
+	expectedString := `value: anyValue1
+---
+value: anyValue2
+`
+	// Write multiple YAML to String
+	writeYamlAllStringResult, writeYamlAllStringErr := WriteYamlAllString(yaml)
+	assert.NoError(t, writeYamlAllStringErr, "Can't write simple yaml string: %s", writeYamlAllStringErr)
+	assert.Equal(t, expectedString, writeYamlAllStringResult, "Yaml not written correctly.")
+}
+
+func TestWriteYamlBytes(t *testing.T) {
+	// Setup variables
+	yaml := SimpleYamlConfig{
+		Value: "anyValue1",
+	}
+	expectedString := `value: anyValue1
+`
+	expectedBytes := []byte(expectedString)
+	// Write YAML to bytes
+	writeYamlBytesResult, writeYamlBytesErr := WriteYamlBytes(yaml)
+	assert.NoError(t, writeYamlBytesErr, "Can't write simple yaml string: %s", writeYamlBytesErr)
+	assert.Equal(t, expectedBytes, writeYamlBytesResult, "Yaml not written correctly.")
+}
+
+func TestWriteYamlAllBytes(t *testing.T) {
+	// Setup variables
+	var yaml []any
+	yaml = append(yaml, SimpleYamlConfig{
+		Value: "anyValue1",
+	}, SimpleYamlConfig{
+		Value: "anyValue2",
+	})
+	expectedString := `value: anyValue1
+---
+value: anyValue2
+`
+	expectedBytes := []byte(expectedString)
+	// Write multiple YAML to bytes
+	writeYamlAllBytesResult, writeYamlAllBytesErr := WriteYamlAllBytes(yaml)
+	assert.NoError(t, writeYamlAllBytesErr, "Can't write simple yaml string: %s", writeYamlAllBytesErr)
+	assert.Equal(t, expectedBytes, writeYamlAllBytesResult, "Yaml not written correctly.")
+}
+
+func TestWriteYamlAllStream(t *testing.T) {
+	// Setup variables
+	var yaml []any
+	yaml = append(yaml, SimpleYamlConfig{
+		Value: "anyValue1",
+	}, SimpleYamlConfig{
+		Value: "anyValue2",
+	})
+	expectedString := `value: anyValue1
+---
+value: anyValue2
+`
+	var buffer bytes.Buffer
+	// Write multiple YAML to stream
+	writeYamlAllStreamErr := WriteYamlAllStream(&buffer, yaml)
+	assert.NoError(t, writeYamlAllStreamErr, "Can't write simple yaml string: %s", writeYamlAllStreamErr)
+	assert.Equal(t, expectedString, buffer.String(), "Yaml not written correctly.")
+}
+
+func TestConvertYamlToJson(t *testing.T) {
+	yaml := `value: anyValue1`
+	expectedJson := `{"value":"anyValue1"}`
+	yamlBytes := []byte(yaml)
+	expectedJsonBytes := []byte(expectedJson)
+	jsonBytes, convertYamlToJsonErr := ConvertYamlToJson(yamlBytes)
+	assert.NoError(t, convertYamlToJsonErr, "Can't convert yaml to json: %s", convertYamlToJsonErr)
+	assert.Equal(t, expectedJsonBytes, jsonBytes, "Yaml not converted correctly.")
+}
+
+func TestWriteJsonString(t *testing.T) {
+	yaml := SimpleYamlConfig{
+		Value: "anyValue1",
+	}
+	expectedJson := `{"value":"anyValue1"}`
+	writeJsonStringResult, writeJsonStringErr := WriteJsonString(yaml)
+	assert.NoError(t, writeJsonStringErr, "Can't write yaml to json string: %s", writeJsonStringErr)
+	assert.Equal(t, expectedJson, writeJsonStringResult, "Yaml not converted correctly.")
+}
+
+func TestRemoveDuplicateFields(t *testing.T) {
+	// Check if duplicate field gets removed
+	duplicateYaml := `value: anyValue1
+value: anyValue2
+`
+	expectedDuplicateYaml := `value: anyValue2
+`
+	expectedDuplicateYamlBytes := []byte(expectedDuplicateYaml)
+	duplicateFieldYamlDataReader := bytes.NewReader([]byte(duplicateYaml))
+	removeDuplicateFieldsResult, removeDuplicateFieldsErr := RemoveDuplicateFields(duplicateFieldYamlDataReader)
+	assert.NoError(t, removeDuplicateFieldsErr, "Can't remove duplicate fields: %s", removeDuplicateFieldsErr)
+	assert.Equal(t, expectedDuplicateYamlBytes, removeDuplicateFieldsResult, "Duplicate fields not removed correctly.")
+
+	// Check if non-duplicate fields are untouched
+	nonDuplicateYaml := `value1: anyValue
+value2: anyValue
+`
+	expectedNonDuplicateYaml := `value1: anyValue
+value2: anyValue
+`
+	expectedNonDuplicateYamlBytes := []byte(expectedNonDuplicateYaml)
+
+	nonDuplicateFieldYamlDataReader := bytes.NewReader([]byte(nonDuplicateYaml))
+	removeNonDuplicateFieldsResult, removeNonDuplicateFieldsErr := RemoveDuplicateFields(nonDuplicateFieldYamlDataReader)
+	assert.NoError(t, removeNonDuplicateFieldsErr, "Can't remove duplicate fields: %s", removeNonDuplicateFieldsErr)
+	assert.Equal(t, expectedNonDuplicateYamlBytes, removeNonDuplicateFieldsResult, "Duplicate fields not removed correctly.")
+}
+
+func TestFixPathExt(t *testing.T) {
+	// Check if *.yaml gets converted
+	path := filepath.Join(t.TempDir(), "fix_path_ext.yml")
+	os.WriteFile(path, nil, 0600)
+
+	yamlFileName := fmt.Sprintf("%s.yaml", strings.TrimSuffix(path, filepath.Ext(path)))
+	fixedYamlFileName := FixPathExt(yamlFileName)
+	assert.Equal(t, path, fixedYamlFileName, "Fix of path extension failed!")
+
+	// Check if *.yml gets converted
+	path = filepath.Join(t.TempDir(), "fix_path_ext.yaml")
+	os.WriteFile(path, nil, 0600)
+
+	ymlFileName := fmt.Sprintf("%s.yml", strings.TrimSuffix(path, filepath.Ext(path)))
+	fixedYmlFileName := FixPathExt(ymlFileName)
+	assert.Equal(t, path, fixedYmlFileName, "Fix of path extension failed!")
+}

From 6160c4a1c604630af9c252234a0981b664ed6bf5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Jan 2023 09:21:55 +0100
Subject: [PATCH 0717/2268] fix: Don't crash when encountering nil maps in
 SetNestedField

---
 pkg/utils/uo/nested_fields.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index b3927dc9d..7d3ce0afd 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -28,7 +28,7 @@ func (uo *UnstructuredObject) SetNestedField(value interface{}, keys ...interfac
 		if err != nil {
 			return err
 		}
-		if ok {
+		if ok && val != nil {
 			o = val
 		} else {
 			newVal := make(map[string]interface{})

From 74ccf49860080e01aa028c746c7b60a6009a2c10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Jan 2023 09:41:00 +0100
Subject: [PATCH 0718/2268] fix: Only query for known GroupKinds when calling
 validate

This should remove some load to the apiserver when validate is used
periodically (like in the Kluctl Controller).
---
 pkg/deployment/commands/delete.go             |  2 +-
 pkg/deployment/commands/deploy.go             |  2 +-
 pkg/deployment/commands/diff.go               |  2 +-
 pkg/deployment/commands/poke_images.go        |  2 +-
 pkg/deployment/commands/prune.go              |  2 +-
 pkg/deployment/commands/validate.go           |  2 +-
 pkg/deployment/utils/remote_objects_utils.go  | 24 ++++++++++++++++---
 .../utils/remote_objects_utils_test.go        |  2 +-
 8 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index e32ae759f..6a3040cda 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -42,7 +42,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Ob
 		inclusion = cmd.c.Inclusion
 	}
 
-	err := ru.UpdateRemoteObjects(k, labels, nil)
+	err := ru.UpdateRemoteObjects(k, labels, nil, false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index c82a6a303..bbf4284dc 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -30,7 +30,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
+	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index dd811a84a..890908fc0 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -29,7 +29,7 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.Comm
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
 	ru := utils.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
+	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 3bcaaef36..3c99172d1 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -28,7 +28,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
+	err := ru.UpdateRemoteObjects(k, nil, cmd.c.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index bc2336e74..e3b5f4689 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -22,7 +22,7 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Obj
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), nil)
+	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), nil, false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index a5781f855..010fa9868 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -31,7 +31,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 
 	cmd.dew.Init()
 
-	err := cmd.ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs())
+	err := cmd.ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), true)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index cb378acd9..1ff37177f 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -30,7 +30,7 @@ func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings)
 	}
 }
 
-func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]string) error {
+func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]string, onlyUsedGKs map[schema.GroupKind]bool) error {
 	var mutex sync.Mutex
 	if len(labels) == 0 {
 		return nil
@@ -44,6 +44,15 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 	permissionErrCount := 0
 
 	gvks := k.Resources.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
+		if onlyUsedGKs != nil {
+			gk := schema.GroupKind{
+				Group: ar.Group,
+				Kind:  ar.Kind,
+			}
+			if !onlyUsedGKs[gk] {
+				return false
+			}
+		}
 		return utils.FindStrInSlice(ar.Verbs, "list") != -1
 	})
 
@@ -148,12 +157,21 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 	return g.ErrorOrNil()
 }
 
-func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[string]string, refs []k8s2.ObjectRef) error {
+func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[string]string, refs []k8s2.ObjectRef, onlyUsedGKs bool) error {
 	if k == nil {
 		return nil
 	}
 
-	err := u.getAllByLabels(k, labels)
+	var usedGKs map[schema.GroupKind]bool
+
+	if onlyUsedGKs {
+		usedGKs = map[schema.GroupKind]bool{}
+		for _, ref := range refs {
+			usedGKs[ref.GVK.GroupKind()] = true
+		}
+	}
+
+	err := u.getAllByLabels(k, labels, usedGKs)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
index 519c8ebf2..aaa1671a2 100644
--- a/pkg/deployment/utils/remote_objects_utils_test.go
+++ b/pkg/deployment/utils/remote_objects_utils_test.go
@@ -39,7 +39,7 @@ func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 	u := NewRemoteObjectsUtil(context.Background(), dew)
 	err = u.UpdateRemoteObjects(k, map[string]string{"l1": "v1"}, []k8s2.ObjectRef{
 		k8s2.NewObjectRef("", "v1", "Secret", "secret", "default"),
-	})
+	}, false)
 	assert.NoError(t, err)
 	assert.Equal(t, []types.DeploymentError{{
 		Error: "at least one permission error was encountered while gathering objects by labels. This might result in orphan object detection to not work properly"},

From 8a599de21ef6c3d45749855a302fba641124df22 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Jan 2023 08:54:49 +0100
Subject: [PATCH 0719/2268] Revert "chore: Download kubebuilder-tools for
 windows from kubebuilder-tools-releases-windows repo"

This reverts commit 44982e64a4a974aa27b3ff5f5250043c7f992521.
---
 Makefile | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/Makefile b/Makefile
index dcae8fd0d..69a9805ac 100644
--- a/Makefile
+++ b/Makefile
@@ -64,21 +64,11 @@ setup-envtest: ## Download envtest-setup locally if necessary.
 	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
 # Download the envtest binaries to testbin
-ENVTEST_KUBERNETES_VERSION?=1.25.0
 ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin
-
-ifeq ($(OS),Windows_NT)
-ENVTEST_ASSETS_DIR_WINDOWS=$(ENVTEST_ASSETS_DIR)/k8s/$(ENVTEST_KUBERNETES_VERSION)-windows-amd64
-install-envtest: setup-envtest $(ENVTEST_ASSETS_DIR_WINDOWS)/etcd.exe
-$(ENVTEST_ASSETS_DIR_WINDOWS)/etcd.exe:
-	mkdir -p $(ENVTEST_ASSETS_DIR_WINDOWS)
-	curl -o $(ENVTEST_ASSETS_DIR_WINDOWS)/kubebuilder-tools.tar.gz "https://raw.githubusercontent.com/kluctl/kubebuilder-tools-releases-windows/main/releases/kubebuilder-tools-$(ENVTEST_KUBERNETES_VERSION)_windows_amd64.tar.gz"
-	cd $(ENVTEST_ASSETS_DIR_WINDOWS) && tar xzf kubebuilder-tools.tar.gz && mv kubebuilder/bin/* .
-	rm $(ENVTEST_ASSETS_DIR_WINDOWS)/kubebuilder-tools.tar.gz
-else
+ENVTEST_KUBERNETES_VERSION?=latest
 install-envtest: setup-envtest
+	mkdir -p ${ENVTEST_ASSETS_DIR}
 	$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)
-endif
 
 ## Test:
 test: test-unit test-e2e ## Runs the complete test suite

From 1253253ab097cd2f1aa11b3b0a35e5bc44dcdefb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Jan 2023 10:36:36 +0100
Subject: [PATCH 0720/2268] fix: findCommit did not account for tags

---
 pkg/repocache/cache.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 9d9e70b32..2d5dd519a 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -158,13 +158,14 @@ func (e *CacheEntry) GetRepoInfo() RepoInfo {
 }
 
 func (e *CacheEntry) findCommit(ref string) (string, string, error) {
-	if strings.HasPrefix(ref, "refs/heads") {
+	switch {
+	case strings.HasPrefix(ref, "refs/heads"), strings.HasPrefix(ref, "refs/tags"):
 		c, ok := e.refs[ref]
 		if !ok {
 			return "", "", fmt.Errorf("ref %s not found", ref)
 		}
 		return ref, c, nil
-	} else {
+	default:
 		ref2 := "refs/heads/" + ref
 		c, ok := e.refs[ref2]
 		if ok {

From 712804cd02a6f3291bb43d0c3e3c5b1495f0a4d1 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Thu, 19 Jan 2023 17:09:25 +0100
Subject: [PATCH 0721/2268] refactor(vars): use aws arn parser when region is
 nil

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@posteo.de>
---
 pkg/vars/aws/secrets_manager.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/vars/aws/secrets_manager.go b/pkg/vars/aws/secrets_manager.go
index d3cced231..b258e2c5d 100644
--- a/pkg/vars/aws/secrets_manager.go
+++ b/pkg/vars/aws/secrets_manager.go
@@ -3,12 +3,13 @@ package aws
 import (
 	"context"
 	"fmt"
+	arn2 "github.com/aws/aws-sdk-go-v2/aws/arn"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 )
 
 func GetAwsSecretsManagerSecret(ctx context.Context, aws AwsClientFactory, profile *string, region *string, secretName string) (string, error) {
 	if region == nil {
-		arn, err := ParseArn(secretName)
+		arn, err := arn2.Parse(secretName)
 		if err != nil {
 			return "", fmt.Errorf("when omitting the AWS region, the secret name must be a valid ARN")
 		}

From ec62c3175ad8203b9373e6cb5e0faca0c1833b2c Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Thu, 19 Jan 2023 17:11:01 +0100
Subject: [PATCH 0722/2268] refactor(vars): extract splitting of resource to a
 separate method

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@posteo.de>
---
 pkg/vars/aws/arn.go | 38 ++++++++++----------------------------
 1 file changed, 10 insertions(+), 28 deletions(-)

diff --git a/pkg/vars/aws/arn.go b/pkg/vars/aws/arn.go
index 3b7141e99..8fafed9ec 100644
--- a/pkg/vars/aws/arn.go
+++ b/pkg/vars/aws/arn.go
@@ -1,42 +1,24 @@
 package aws
 
 import (
-	"fmt"
 	"strings"
 )
 
-type Arn struct {
-	Arn          string
-	Partition    string
-	Service      string
-	Region       string
-	Account      string
-	Resource     string
+type Resource struct {
+	ResourceId   string
 	ResourceType string
 }
 
-func ParseArn(arn string) (Arn, error) {
-	// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
-	elements := strings.SplitN(arn, ":", 6)
-	if len(elements) < 6 {
-		return Arn{}, fmt.Errorf("%s is not a valid arn", arn)
-	}
-	var result Arn
-	result.Arn = elements[0]
-	result.Partition = elements[1]
-	result.Service = elements[2]
-	result.Region = elements[3]
-	result.Account = elements[4]
-	result.Resource = elements[5]
-
-	if strings.Index(result.Resource, "/") != -1 {
-		s := strings.SplitN(result.Resource, "/", 2)
+func SplitResource(resource string) (Resource, error) {
+	result := Resource{resource, ""}
+	if strings.Index(resource, "/") != -1 {
+		s := strings.SplitN(resource, "/", 2)
 		result.ResourceType = s[0]
-		result.Resource = s[1]
-	} else if strings.Index(result.Resource, ":") != -1 {
-		s := strings.SplitN(result.Resource, ":", 2)
+		result.ResourceId = s[1]
+	} else if strings.Index(resource, ":") != -1 {
+		s := strings.SplitN(resource, ":", 2)
 		result.ResourceType = s[0]
-		result.Resource = s[1]
+		result.ResourceId = s[1]
 	}
 	return result, nil
 }

From 7ff58f8bd9a28b45b72f2394988c92ce0f782ef5 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Thu, 19 Jan 2023 17:12:10 +0100
Subject: [PATCH 0723/2268] refactor(vars): use aws arn parser in
 FakeAwsClientFactory

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@posteo.de>
---
 pkg/vars/aws/fake_clientfactory.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/pkg/vars/aws/fake_clientfactory.go b/pkg/vars/aws/fake_clientfactory.go
index 18a170338..45859a5e1 100644
--- a/pkg/vars/aws/fake_clientfactory.go
+++ b/pkg/vars/aws/fake_clientfactory.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"context"
 	"fmt"
+	arn2 "github.com/aws/aws-sdk-go-v2/aws/arn"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 )
@@ -14,16 +15,18 @@ type FakeAwsClientFactory struct {
 }
 
 func (f *FakeAwsClientFactory) GetSecretValue(ctx context.Context, params *secretsmanager.GetSecretValueInput, optFns ...func(*secretsmanager.Options)) (*secretsmanager.GetSecretValueOutput, error) {
-	name := *params.SecretId
-	arn, err := ParseArn(*params.SecretId)
+	var arnResource Resource
+	arn, err := arn2.Parse(*params.SecretId)
 	if err == nil {
-		name = arn.Resource
+		arnResource, _ = SplitResource(arn.Resource)
+	} else {
+		arnResource, _ = SplitResource(*params.SecretId)
 	}
 
-	s, ok := f.Secrets[name]
+	s, ok := f.Secrets[arnResource.ResourceId]
 	if ok {
 		return &secretsmanager.GetSecretValueOutput{
-			Name:         &name,
+			Name:         &arnResource.ResourceId,
 			SecretString: &s,
 		}, nil
 	}

From 4bba601909ba0a36dd34d5b27b3285039fbb14f7 Mon Sep 17 00:00:00 2001
From: Petr Michalec <epcim@apealive.net>
Date: Fri, 3 Feb 2023 14:21:44 +0100
Subject: [PATCH 0724/2268] feat: Implement --local-git-group-override with
 group match on repo path (#273)

* improve local-git-override

* mid-work-updates from review

* mid-work-updates from review

* refactor: Move clonded dir calculation to the top

* feat: Implement logic to filter for git group overrides

* update documentation

* update docs, revert subDir validation

* revert ValidateGitProject changes

* update command description

---------

Co-authored-by: Petr Michalec <pmichalec@ves.io>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 cmd/kluctl/args/project.go                  |   3 +-
 cmd/kluctl/commands/utils.go                |  30 +++--
 docs/reference/commands/common-arguments.md |  73 +++++-----
 pkg/helm/helm_release.go                    |   7 +-
 pkg/repocache/cache.go                      | 140 +++++++++++++-------
 5 files changed, 159 insertions(+), 94 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index eff3ec1f0..c14455303 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -27,7 +27,8 @@ type ProjectFlags struct {
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
-	LocalGitOverride       []string      `group:"project" help:"Specify a local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them. To only override a single branch of the repo, use 'github.com:my-org/my-repo:my-branch=/local/path/to/override'"`
+	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them. To only override a single branch of the repo, use 'github.com:my-org/my-repo:my-branch=/local/path/to/override'"`
+	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com:some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com:some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a209d2829..63da52161 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,6 +3,9 @@ package commands
 import (
 	"context"
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
@@ -20,8 +23,6 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
-	"os"
-	"strings"
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
@@ -54,9 +55,16 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	var repoOverrides []repocache.RepoOverride
 	for _, x := range projectFlags.LocalGitOverride {
-		ro, err := parseRepoOverride(x)
+		ro, err := parseRepoOverride(x, false)
 		if err != nil {
-			return err
+			return fmt.Errorf("invalid --local-git-override: %w", err)
+		}
+		repoOverrides = append(repoOverrides, ro)
+	}
+	for _, x := range projectFlags.LocalGitGroupOverride {
+		ro, err := parseRepoOverride(x, true)
+		if err != nil {
+			return fmt.Errorf("invalid --local-git-group-override: %w", err)
 		}
 		repoOverrides = append(repoOverrides, ro)
 	}
@@ -226,23 +234,25 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 	}
 }
 
-func parseRepoOverride(s string) (ret repocache.RepoOverride, err error) {
+func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err error) {
+	ret.IsGroup = isGroup
+
 	sp := strings.SplitN(s, "=", 2)
 	if len(sp) != 2 {
-		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s", s)
+		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
 	sp2 := strings.Split(sp[0], ":")
 	if len(sp2) < 2 || len(sp2) > 3 {
-		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s", s)
+		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
 	u, err := git_url.Parse(fmt.Sprintf("%s:%s", sp2[0], sp2[1]))
 	if err != nil {
-		return repocache.RepoOverride{}, fmt.Errorf("invalid --local-git-override %s: %w", s, err)
+		return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
 	}
-
-	ret.RepoKey = u.NormalizedRepoKey()
+	u = u.Normalize()
+	ret.RepoUrl = *u
 	if len(sp2) == 3 {
 		ret.Ref = sp2[2]
 	}
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 0f3150151..ac7f3d69a 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -39,37 +39,48 @@ They control where and how to load the kluctl project and deployment project.
 Project arguments:
   Define where and how to load the kluctl project and its components from.
 
-  -a, --arg stringArray                      Passes a template argument in the form of name=value. Nested args can
-                                             be set with the '-a my.nested.arg=value' syntax. Values are
-                                             interpreted as yaml values, meaning that 'true' and 'false' will lead
-                                             to boolean values and numbers will be treated as numbers. Use quotes
-                                             if you want these to be treated as strings. If the value starts with
-                                             @, it is treated as a file, meaning that the contents of the file
-                                             will be loaded and treated as yaml.
-      --args-from-file stringArray           Loads a yaml file and makes it available as arguments, meaning that
-                                             they will be available thought the global 'args' variable.
-      --context string                       Overrides the context name specified in the target. If the selected
-                                             target does not specify a context or the no-name target is used,
-                                             --context will override the currently active context.
-      --git-cache-update-interval duration   Specify the time to wait between git cache updates. Defaults to not
-                                             wait at all and always updating caches.
-      --local-git-override stringArray       Specify a local git override in the form of
-                                             'github.com:my-org/my-repo=/local/path/to/override'. This will cause
-                                             kluctl to not use git to clone for the specified repository but
-                                             instead use the local directory. This is useful in case you need to
-                                             test out changes in external git repositories without pushing them.
-                                             To only override a single branch of the repo, use
-                                             'github.com:my-org/my-repo:my-branch=/local/path/to/override'
-  -c, --project-config existingfile          Location of the .kluctl.yaml config file. Defaults to
-                                             $PROJECT/.kluctl.yaml
-      --project-dir existingdir              Specify the project directory. Defaults to the current working directory.
-  -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
-  -T, --target-name-override string          Overrides the target name. If -t is used at the same time, then the
-                                             target will be looked up based on -t <name> and then renamed to the
-                                             value of -T. If no target is specified via -t, then the no-name
-                                             target is renamed to the value of -T.
-      --timeout duration                     Specify timeout for all operations, including loading of the project,
-                                             all external api calls and waiting for readiness. (default 10m0s)
+  -a, --arg stringArray                        Passes a template argument in the form of name=value. Nested args
+                                               can be set with the '-a my.nested.arg=value' syntax. Values are
+                                               interpreted as yaml values, meaning that 'true' and 'false' will
+                                               lead to boolean values and numbers will be treated as numbers. Use
+                                               quotes if you want these to be treated as strings. If the value
+                                               starts with @, it is treated as a file, meaning that the contents
+                                               of the file will be loaded and treated as yaml.
+      --args-from-file stringArray             Loads a yaml file and makes it available as arguments, meaning that
+                                               they will be available thought the global 'args' variable.
+      --context string                         Overrides the context name specified in the target. If the selected
+                                               target does not specify a context or the no-name target is used,
+                                               --context will override the currently active context.
+      --git-cache-update-interval duration     Specify the time to wait between git cache updates. Defaults to not
+                                               wait at all and always updating caches.
+      --local-git-group-override stringArray   Same as --local-git-override, but for a whole group prefix instead
+                                               of a single repository. All repositories that have the given prefix
+                                               will be overridden with the given local path and the repository
+                                               suffix appended. For example,
+                                               'gitlab.com:some-org/sub-org=/local/path/to/my-forks' will override
+                                               all repositories below 'gitlab.com:some-org/sub-org/' with the
+                                               repositories found in '/local/path/to/my-forks'. It will however
+                                               only perform an override if the given repository actually exists
+                                               locally and otherwise revert to the actual (non-overridden) repository.
+      --local-git-override stringArray         Specify a single repository local git override in the form of
+                                               'github.com:my-org/my-repo=/local/path/to/override'. This will
+                                               cause kluctl to not use git to clone for the specified repository
+                                               but instead use the local directory. This is useful in case you
+                                               need to test out changes in external git repositories without
+                                               pushing them. To only override a single branch of the repo, use
+                                               'github.com:my-org/my-repo:my-branch=/local/path/to/override'
+  -c, --project-config existingfile            Location of the .kluctl.yaml config file. Defaults to
+                                               $PROJECT/.kluctl.yaml
+      --project-dir existingdir                Specify the project directory. Defaults to the current working
+                                               directory.
+  -t, --target string                          Target name to run command for. Target must exist in .kluctl.yaml.
+  -T, --target-name-override string            Overrides the target name. If -t is used at the same time, then the
+                                               target will be looked up based on -t <name> and then renamed to the
+                                               value of -T. If no target is specified via -t, then the no-name
+                                               target is renamed to the value of -T.
+      --timeout duration                       Specify timeout for all operations, including loading of the
+                                               project, all external api calls and waiting for readiness. (default
+                                               10m0s)
 
 ```
 <!-- END SECTION -->
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index efdaba29a..7012e00f5 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,6 +3,10 @@ package helm
 import (
 	"context"
 	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
 	"github.com/Masterminds/semver/v3"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -23,9 +27,6 @@ import (
 	"helm.sh/helm/v3/pkg/getter"
 	"helm.sh/helm/v3/pkg/release"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"os"
-	"path/filepath"
-	"strings"
 )
 
 type Release struct {
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 2d5dd519a..131567488 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -3,6 +3,13 @@ package repocache
 import (
 	"context"
 	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
@@ -10,12 +17,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-	"sync"
-	"time"
 )
 
 type GitRepoCache struct {
@@ -35,12 +36,14 @@ type GitRepoCache struct {
 
 type CacheEntry struct {
 	rp         *GitRepoCache
+	url        git_url.GitUrl
 	mr         *git.MirroredGitRepo
 	defaultRef string
 	refs       map[string]string
 
-	clonedDirs  map[string]clonedDir
-	updateMutex sync.Mutex
+	clonedDirs   map[string]clonedDir
+	updateMutex  sync.Mutex
+	overridePath string
 }
 
 type RepoInfo struct {
@@ -50,9 +53,10 @@ type RepoInfo struct {
 }
 
 type RepoOverride struct {
-	RepoKey  string
+	RepoUrl  git_url.GitUrl
 	Ref      string
 	Override string
+	IsGroup  bool
 }
 
 type clonedDir struct {
@@ -85,7 +89,52 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 	rp.reposMutex.Lock()
 	defer rp.reposMutex.Unlock()
 
-	e, ok := rp.repos[url.NormalizedRepoKey()]
+	urlN := url.Normalize()
+	repoKey := url.NormalizedRepoKey()
+
+	// evaluate overrides
+	for _, ro := range rp.repoOverrides {
+		if ro.RepoUrl.Host != urlN.Host {
+			continue
+		}
+
+		var overridePath string
+		if ro.IsGroup {
+			if !strings.HasPrefix(urlN.Path, ro.RepoUrl.Path+"/") {
+				continue
+			}
+			relPath := strings.TrimPrefix(urlN.Path, ro.RepoUrl.Path+"/")
+			overridePath = path.Join(ro.Override, relPath)
+		} else {
+			if ro.Override != urlN.Path {
+				continue
+			}
+			overridePath = ro.Override
+		}
+
+		if st, err := os.Stat(overridePath); err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, fmt.Errorf("can not override repo %s with %s: %w", url.String(), overridePath, err)
+		} else if !st.IsDir() {
+			return nil, fmt.Errorf("can not override repo %s. %s is not a directory", url.String(), overridePath)
+		}
+
+		status.WarningOnce(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
+
+		e := &CacheEntry{
+			rp:           rp,
+			url:          url,
+			mr:           nil, // mark as overridden
+			clonedDirs:   map[string]clonedDir{},
+			overridePath: overridePath,
+		}
+		rp.repos[repoKey] = e
+		return e, nil
+	}
+
+	e, ok := rp.repos[repoKey]
 	if !ok {
 		mr, err := git.NewMirroredGitRepo(rp.ctx, url, filepath.Join(utils.GetTmpBaseDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
 		if err != nil {
@@ -93,10 +142,11 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 		}
 		e = &CacheEntry{
 			rp:         rp,
+			url:        url,
 			mr:         mr,
 			clonedDirs: map[string]clonedDir{},
 		}
-		rp.repos[url.NormalizedRepoKey()] = e
+		rp.repos[repoKey] = e
 	}
 	err := e.Update()
 	if err != nil {
@@ -109,6 +159,10 @@ func (e *CacheEntry) Update() error {
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 
+	if e.mr == nil {
+		return nil
+	}
+
 	err := e.mr.Lock()
 	if err != nil {
 		return err
@@ -149,7 +203,7 @@ func (e *CacheEntry) GetRepoInfo() RepoInfo {
 	defer e.updateMutex.Unlock()
 
 	info := RepoInfo{
-		Url:        e.mr.Url(),
+		Url:        e.url,
 		RemoteRefs: e.refs,
 		DefaultRef: e.defaultRef,
 	}
@@ -184,28 +238,13 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 
-	err := e.mr.Lock()
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-	defer e.mr.Unlock()
-
-	if ref == "" {
-		ref = e.defaultRef
-	}
-
-	ref2, commit, err := e.findCommit(ref)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
 	tmpDir := filepath.Join(utils.GetTmpBaseDir(e.rp.ctx), "git-cloned")
-	err = os.MkdirAll(tmpDir, 0700)
+	err := os.MkdirAll(tmpDir, 0700)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
 
-	url := e.mr.Url()
+	url := e.url
 	repoName := path.Base(url.Normalize().Path) + "-"
 	if ref == "" {
 		repoName += "HEAD-"
@@ -223,29 +262,32 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	e.rp.cleanupDirs = append(e.rp.cleanupDirs, p)
 	e.rp.cleeanupDirsMutex.Unlock()
 
-	var foundRo *RepoOverride
-	for _, ro := range e.rp.repoOverrides {
-		u := e.mr.Url()
-		if ro.RepoKey == u.NormalizedRepoKey() {
-			if ro.Ref == "" || strings.HasSuffix(ref2, "/"+ro.Ref) {
-				foundRo = &ro
-				break
-			}
-		}
-	}
-
-	if foundRo != nil {
-		u := e.mr.Url()
-		status.WarningOnce(e.rp.ctx, fmt.Sprintf("git-override-%s|%s", foundRo.RepoKey, foundRo.Ref), "Overriding git repo %s with local directory %s", u.String(), foundRo.Override)
-		err = cp.Copy(foundRo.Override, p)
-		if err != nil {
-			return "", git.CheckoutInfo{}, err
-		}
-	} else {
-		err = e.mr.CloneProjectByCommit(commit, p)
+	if e.mr == nil { // local override exist
+		err = cp.Copy(e.overridePath, p)
 		if err != nil {
 			return "", git.CheckoutInfo{}, err
 		}
+		return p, git.CheckoutInfo{}, err
+	}
+
+	err = e.mr.Lock()
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+	defer e.mr.Unlock()
+
+	if ref == "" {
+		ref = e.defaultRef
+	}
+
+	ref2, commit, err := e.findCommit(ref)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	err = e.mr.CloneProjectByCommit(commit, p)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
 	}
 
 	repoInfo, err := git.GetCheckoutInfo(p)

From e7ac7c102c6ee8482214c4daf3a8b13972485154 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Feb 2023 14:34:46 +0100
Subject: [PATCH 0725/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#271)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.17.0 to 1.18.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.0...config/v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index d6909f797..e8c0f20ef 100644
--- a/go.mod
+++ b/go.mod
@@ -58,8 +58,9 @@ require (
 
 require (
 	filippo.io/age v1.1.1
+	github.com/aws/aws-sdk-go-v2 v1.17.3
 	github.com/aws/aws-sdk-go-v2/config v1.18.7
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -94,7 +95,6 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
diff --git a/go.sum b/go.sum
index 842181df8..448ad7a51 100644
--- a/go.sum
+++ b/go.sum
@@ -139,8 +139,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViS
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0 h1:6W6BLZcXytRJsVvc2gGwxKE4wbMSlWqdxZivBP/E+ys=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.17.0/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2 h1:QDVKb2VpuwzIslzshumxksayV5GkpqT+rkVvdPVrA9E=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 h1:gItLq3zBYyRDPmqAClgzTH8PBjDQGeyptYGHIwtYYNA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.28/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 h1:KCacyVSs/wlcPGx37hcbT3IGYO8P8Jx+TgSDhAXtQMY=

From 4710e347f8d9881be982cf742f0371500d755492 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Feb 2023 14:35:29 +0100
Subject: [PATCH 0726/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.16.0 to 1.17.3 (#274)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.16.0 to 1.17.3.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.16.0...v1.17.3)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e8c0f20ef..20d85c018 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.16.0
+	github.com/ohler55/ojg v1.17.3
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index 448ad7a51..abaf6b2b5 100644
--- a/go.sum
+++ b/go.sum
@@ -661,8 +661,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.16.0 h1:JQMJp/ygkak1YiGFB2ohbks2Y6BAE061i5cq5fECiVA=
-github.com/ohler55/ojg v1.16.0/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.17.3 h1:NsyfSN+GScWFzXZCVuVimK0xOqUEqTSwuZ+J1WA50nw=
+github.com/ohler55/ojg v1.17.3/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=

From 94acf99a3118c088866869b564a10d44f7da6072 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Feb 2023 14:40:36 +0100
Subject: [PATCH 0727/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#263)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.19.3 to 0.19.4.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.19.3...v0.19.4)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 20d85c018..5774ed81a 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.19.3
+	github.com/bitnami-labs/sealed-secrets v0.19.4
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
diff --git a/go.sum b/go.sum
index abaf6b2b5..9bd56dc4a 100644
--- a/go.sum
+++ b/go.sum
@@ -155,8 +155,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.19.3 h1:D9v0fQt8JNDEoBU6HRKKJ20VhqvGUyaDrK1bl714i4I=
-github.com/bitnami-labs/sealed-secrets v0.19.3/go.mod h1:G7Psbu6s3ed7GCO6ZjZ51zff0GGGSymLxFXb4QkJnRw=
+github.com/bitnami-labs/sealed-secrets v0.19.4 h1:TUad0o/mNp2D53lHMGzjdsdrx+yrHy/fyuEIAbFqj+U=
+github.com/bitnami-labs/sealed-secrets v0.19.4/go.mod h1:rXBdWOdAPbuowgFphH8bcCB3jSVlYXg9mMWRcYY49dc=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -666,7 +666,7 @@ github.com/ohler55/ojg v1.17.3/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfli
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.6.1 h1:1xQPCjcqYw/J5LchOcp4/2q/jzJFjiAOc25chhnDw+Q=
+github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow=
 github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
 github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 31b3c95858eb3e93f0c1e4c98e1adac5fb89ee90 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 15:15:54 +0100
Subject: [PATCH 0728/2268] docs: Add missing documentation about onlyRender

---
 docs/reference/deployments/deployment-yml.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 73e0fb3a5..77115380e 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -196,6 +196,17 @@ deployments:
 - path: kustomizeDeployment2
 ```
 
+### onlyRender
+Causes a path to be rendered only but not treated as a deployment item. This can be useful if you for example want to
+use Kustomize components which you'd refer from other deployment items.
+
+```yaml
+deployments:
+- path: component
+  onlyRender: true
+- path: kustomizeDeployment2
+```
+
 ## vars (deployment project)
 A list of variable sets to be loaded into the templating context, which is then available in all [deployment items](#deployments)
 and [sub-deployments](#includes).

From 7b956a0ce14b82b44ad209d0417a5677f75fb881 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 15:37:25 +0100
Subject: [PATCH 0729/2268] tests: Add test for onlyRender

---
 e2e/deployment_items_test.go | 55 ++++++++++++++++++++++++++++++++++++
 pkg/git/test_git_server.go   |  4 +++
 2 files changed, 59 insertions(+)

diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 71e93a34a..8e07ffcbc 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -1,8 +1,10 @@
 package e2e
 
 import (
+	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
@@ -80,3 +82,56 @@ func TestGeneratedKustomize(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
 }
+
+func TestOnlyRender(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"path":       "only-render",
+		"onlyRender": true,
+	}))
+	p.UpdateFile("only-render/value.txt", func(f string) (string, error) {
+		return "{{ args.a }}\n", nil
+	}, "")
+	p.UpdateFile("only-render/kustomization.yaml", func(f string) (string, error) {
+		return fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- name: %s-cm
+  files:
+  - value.txt
+`, p.TestSlug()), nil
+	}, "")
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"path": "d",
+	}))
+	p.UpdateFile("d/kustomization.yaml", func(f string) (string, error) {
+		return fmt.Sprintf(`
+components:
+- ../only-render
+namespace: %s
+`, p.TestSlug()), nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "a=v1")
+	// it should not appear in the default namespace as that would indicate that the component was treated as a deployment item
+	assertConfigMapNotExists(t, k, "default", p.TestSlug()+"-cm")
+	s := assertConfigMapExists(t, k, p.TestSlug(), p.TestSlug()+"-cm")
+	assert.Equal(t, s.Object["data"], map[string]any{
+		"value.txt": "v1",
+	})
+}
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 7dd0a1614..9ecaf8597 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -183,6 +183,10 @@ func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string
 	if f == newF {
 		return
 	}
+	err = os.MkdirAll(filepath.Dir(fullPath), 0o700)
+	if err != nil {
+		p.t.Fatal(err)
+	}
 	err = os.WriteFile(fullPath, []byte(newF), 0o600)
 	if err != nil {
 		p.t.Fatal(err)

From b5c5a368ba6037e8c09eeeb46120ef5705a64634 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 15:48:38 +0100
Subject: [PATCH 0730/2268] fix: Fix onlyRender to actually not treat the path
 as deployment item

---
 pkg/deployment/deployment_item.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index af74a2f46..3e0f3ec56 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -494,6 +494,9 @@ func (di *DeploymentItem) buildKustomize() error {
 	if di.dir == nil {
 		return nil
 	}
+	if di.Config.OnlyRender {
+		return nil
+	}
 
 	ky, err := di.prepareKustomizationYaml()
 	if err != nil {

From 143c7260bb9b84d487fee766441b4947c6aa543b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 15:50:59 +0100
Subject: [PATCH 0731/2268] feat: Allow to load variables without overriding
 previously loaded variables (#230)

---
 docs/reference/templating/variable-sources.md |   5 +
 pkg/types/vars_source.go                      |   3 +-
 pkg/vars/vars_loader.go                       | 150 +++++++++---------
 pkg/vars/vars_loader_http.go                  |  39 ++---
 pkg/vars/vars_loader_test.go                  |  19 +++
 5 files changed, 115 insertions(+), 101 deletions(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 43c03e071..3f157f400 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -29,6 +29,8 @@ vars:
 - file: vars2.yaml
 - file: optional-vars.yaml
   ignoreMissing: true
+- file: default-vars.yaml
+  noOverride: true
 ```
 
 `vars2.yaml` can now use variables that are defined in `vars1.yaml`. At all times, variables defined by
@@ -37,6 +39,9 @@ parents of the current sub-deployment project can be used in the current vars fi
 Each variable source can have the optional field `ignoreMissing` set to `true`, causing Kluctl to ignore if the source
 can not be found.
 
+When specifying `noOverride: true`, Kluctl will not override variables from the previously loaded variables. This is
+useful if you want to load default values for variables.
+
 Different types of vars entries are possible:
 
 ### file
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index c32578469..e7db5f765 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -55,6 +55,7 @@ type VarsSourceVault struct {
 
 type VarsSource struct {
 	IgnoreMissing *bool `yaml:"ignoreMissing,omitempty"`
+	NoOverride    *bool `yaml:"noOverride,omitempty"`
 
 	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
 	File              *string                             `yaml:"file,omitempty"`
@@ -73,7 +74,7 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	count := 0
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
-		if v.Type().Field(i).Name == "IgnoreMissing" {
+		if v.Type().Field(i).Name == "IgnoreMissing" || v.Type().Field(i).Name == "NoOverride" {
 			continue
 		}
 		if !v.Field(i).IsNil() {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 39161f372..a0dc29267 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -83,27 +83,45 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		ignoreMissing = *source.IgnoreMissing
 	}
 
+	var newVars *uo.UnstructuredObject
 	if source.Values != nil {
-		v.mergeVars(varsCtx, source.Values, rootKey)
-		return nil
+		newVars = source.Values
+		if rootKey != "" {
+			newVars = uo.FromMap(map[string]interface{}{
+				rootKey: newVars.Object,
+			})
+		}
 	} else if source.File != nil {
-		return v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs, rootKey)
+		newVars, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
 	} else if source.Git != nil {
-		return v.loadGit(varsCtx, source.Git, ignoreMissing, rootKey)
+		newVars, err = v.loadGit(varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
-		return v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, rootKey, ignoreMissing, false)
+		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
-		return v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, rootKey, ignoreMissing, true)
+		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, ignoreMissing, true)
 	} else if source.SystemEnvVars != nil {
-		return v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
+		newVars, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
 	} else if source.Http != nil {
-		return v.loadHttp(varsCtx, &source, ignoreMissing, rootKey)
+		newVars, err = v.loadHttp(varsCtx, &source, ignoreMissing)
 	} else if source.AwsSecretsManager != nil {
-		return v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing, rootKey)
+		newVars, err = v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing)
 	} else if source.Vault != nil {
-		return v.loadVault(varsCtx, &source, ignoreMissing, rootKey)
+		newVars, err = v.loadVault(varsCtx, &source, ignoreMissing)
+	} else {
+		return fmt.Errorf("invalid vars source")
+	}
+	if err != nil {
+		return err
 	}
-	return fmt.Errorf("invalid vars source")
+
+	if source.NoOverride == nil || !*source.NoOverride {
+		varsCtx.Vars.Merge(newVars)
+	} else {
+		newVars.Merge(varsCtx.Vars)
+		varsCtx.Vars = newVars
+	}
+
+	return nil
 }
 
 func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject, rootKey string) {
@@ -114,45 +132,35 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 	}
 }
 
-func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string, rootKey string) error {
+func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string) (*uo.UnstructuredObject, error) {
 	rendered, err := varsCtx.RenderFile(path, searchDirs)
 	if err != nil {
 		// TODO the Jinja2 renderer should be able to better report this error
 		if ignoreMissing && err.Error() == fmt.Sprintf("template %s not found", path) {
-			return nil
+			return uo.New(), nil
 		}
-		return fmt.Errorf("failed to render vars file %s: %w", path, err)
+		return nil, fmt.Errorf("failed to render vars file %s: %w", path, err)
 	}
 
 	format := formats.FormatForPath(path)
 	decrypted, _, err := sops.MaybeDecrypt(v.sops, []byte(rendered), format, format)
 	if err != nil {
-		return fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
+		return nil, fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
 	}
 	rendered = string(decrypted)
 
 	newVars := uo.New()
 	err = yaml.ReadYamlString(rendered, newVars)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if err != nil {
-		return fmt.Errorf("failed to load vars from %s: %w", path, err)
+		return nil, fmt.Errorf("failed to load vars from %s: %w", path, err)
 	}
-	if rootKey != "" {
-		newVars, _, err = newVars.GetNestedObject(rootKey)
-		if err != nil {
-			return err
-		}
-		if newVars == nil {
-			return fmt.Errorf("vars from %s have no '%s' root", path, rootKey)
-		}
-	}
-	v.mergeVars(varsCtx, newVars, rootKey)
-	return nil
+	return newVars, nil
 }
 
-func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
+func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) (*uo.UnstructuredObject, error) {
 	newVars := uo.New()
 	err := source.SystemEnvVars.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
 		envName, ok := it.Value().(string)
@@ -196,15 +204,19 @@ func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource,
 		return nil
 	})
 	if err != nil {
-		return err
+		return nil, err
 	}
-	v.mergeVars(varsCtx, newVars, rootKey)
-	return nil
+	if rootKey != "" {
+		newVars = uo.FromMap(map[string]interface{}{
+			rootKey: newVars.Object,
+		})
+	}
+	return newVars, nil
 }
 
-func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
+func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	if v.aws == nil {
-		return fmt.Errorf("no AWS client factory provided")
+		return uo.New(), fmt.Errorf("no AWS client factory provided")
 	}
 
 	secret, err := aws.GetAwsSecretsManagerSecret(v.ctx, v.aws, source.AwsSecretsManager.Profile, source.AwsSecretsManager.Region, source.AwsSecretsManager.SecretName)
@@ -212,45 +224,45 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 		var aerr *types2.ResourceNotFoundException
 		if errors2.As(err, &aerr) {
 			if ignoreMissing {
-				return nil
+				return uo.New(), nil
 			}
 		}
-		return err
+		return nil, err
 	}
-	return v.loadFromString(varsCtx, secret, "awsSecretsManager", rootKey)
+	return v.loadFromString(varsCtx, secret)
 }
 
-func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
+func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	secret, err := vault.GetSecret(source.Vault.Address, source.Vault.Path)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if secret == nil {
 		if ignoreMissing {
-			return nil
+			return uo.New(), nil
 		}
-		return fmt.Errorf("the specified vault secret was not found")
+		return nil, fmt.Errorf("the specified vault secret was not found")
 	}
-	return v.loadFromString(varsCtx, *secret, "vault", rootKey)
+	return v.loadFromString(varsCtx, *secret)
 }
 
-func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool, rootKey string) error {
+func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	ge, err := v.rp.GetEntry(gitFile.Url)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	clonedDir, _, err := ge.GetClonedDir(gitFile.Ref)
 	if err != nil {
-		return fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
+		return nil, fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
 
-	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir}, rootKey)
+	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir})
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, rootKey string, ignoreMissing bool, base64Decode bool) error {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, ignoreMissing bool, base64Decode bool) (*uo.UnstructuredObject, error) {
 	if v.k == nil {
-		return fmt.Errorf("loading vars from cluster is disabled")
+		return nil, fmt.Errorf("loading vars from cluster is disabled")
 	}
 
 	var err error
@@ -260,9 +272,9 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		o, _, err = v.k.GetSingleObject(k8s2.NewObjectRef("", "v1", kind, varsSource.Name, varsSource.Namespace))
 		if err != nil {
 			if ignoreMissing && errors.IsNotFound(err) {
-				return nil
+				return uo.New(), nil
 			}
-			return err
+			return nil, err
 		}
 	} else {
 		objs, _, err := v.k.ListObjects(schema.GroupVersionKind{
@@ -271,16 +283,16 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 			Kind:    kind,
 		}, varsSource.Namespace, varsSource.Labels)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		if len(objs) == 0 {
 			if ignoreMissing {
-				return nil
+				return uo.New(), nil
 			}
-			return fmt.Errorf("no object found with labels %v", varsSource.Labels)
+			return nil, fmt.Errorf("no object found with labels %v", varsSource.Labels)
 		}
 		if len(objs) > 1 {
-			return fmt.Errorf("found more than one objects with labels %v", varsSource.Labels)
+			return nil, fmt.Errorf("found more than one objects with labels %v", varsSource.Labels)
 		}
 		o = objs[0]
 	}
@@ -289,10 +301,10 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 
 	f, found, err := o.GetNestedField("data", key)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if !found {
-		return fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
+		return nil, fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
 	}
 
 	var value string
@@ -302,7 +314,7 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		if base64Decode {
 			b, err := base64.StdEncoding.DecodeString(s)
 			if err != nil {
-				return err
+				return nil, err
 			}
 			value = string(b)
 		} else {
@@ -310,32 +322,20 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		}
 	}
 
-	err = v.loadFromString(varsCtx, value, "k8s", rootKey)
+	newVars, err := v.loadFromString(varsCtx, value)
 	if err != nil {
-		return fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
+		return nil, fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
 	}
-	return nil
+	return newVars, nil
 }
 
-func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string, secretType string, rootKey string) error {
+func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string) (*uo.UnstructuredObject, error) {
 	newVars := uo.New()
 	err := v.renderYamlString(varsCtx, s, newVars)
 	if err != nil {
-		return err
-	}
-
-	if rootKey != "" {
-		newVars, _, err = newVars.GetNestedObject(rootKey)
-		if err != nil {
-			return err
-		}
-		if newVars == nil {
-			return fmt.Errorf("%s secret has no '%s' root", secretType, rootKey)
-		}
+		return nil, err
 	}
-
-	v.mergeVars(varsCtx, newVars, rootKey)
-	return nil
+	return newVars, nil
 }
 
 func (v *VarsLoader) renderYamlString(varsCtx *VarsCtx, s string, out interface{}) error {
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 7de4ca0a2..6e0a68f30 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -64,12 +64,12 @@ func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, ignoreMissing bool
 	return resp, string(respBody), nil
 }
 
-func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) error {
+func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	resp, respBody, err := v.doHttp(source.Http, ignoreMissing, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
-			return err
+			return nil, err
 		}
 
 		var realms []string
@@ -86,7 +86,7 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 		if !ok {
 			username, password, err := status.AskForCredentials(v.ctx, fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
-				return err
+				return nil, err
 			}
 			creds = usernamePassword{
 				username: username,
@@ -97,13 +97,13 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 
 		resp, respBody, err = v.doHttp(source.Http, ignoreMissing, creds.username, creds.password)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	} else if err != nil {
 		if ignoreMissing && resp != nil && resp.StatusCode == http.StatusNotFound {
-			return nil
+			return uo.New(), nil
 		}
-		return err
+		return nil, err
 	}
 
 	var respObj interface{}
@@ -111,45 +111,34 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 
 	err = yaml.ReadYamlString(respBody, &respObj)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if source.Http.JsonPath != nil {
 		p, err := uo.NewMyJsonPath(*source.Http.JsonPath)
 		if err != nil {
-			return err
+			return nil, err
 		}
 		x, ok := p.GetFirstFromAny(respObj)
 		if !ok {
-			return fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
+			return nil, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
 		}
 		s, ok := x.(string)
 		if !ok {
-			return fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
+			return nil, fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
 		}
 		newVars, err = uo.FromString(s)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	} else {
 		x, ok := respObj.(map[string]interface{})
 		if !ok {
-			return fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
+			return nil, fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
 		}
 		newVars = uo.FromMap(x)
 	}
-
-	if rootKey != "" {
-		newVars, _, err = newVars.GetNestedObject(rootKey)
-		if err != nil {
-			return err
-		}
-	}
-
-	if newVars != nil {
-		v.mergeVars(varsCtx, newVars, rootKey)
-	}
-	return nil
+	return newVars, nil
 }
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index f8320e8fd..40c038e99 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -69,6 +69,25 @@ func TestVarsLoader_Values(t *testing.T) {
 	})
 }
 
+func TestVarsLoader_ValuesNoOverrides(t *testing.T) {
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
+		}, nil, "")
+		assert.NoError(t, err)
+
+		b := true
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Values:     uo.FromStringMust(`{"test1": {"test2": 43}}`),
+			NoOverride: &b,
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(t, int64(42), v)
+	})
+}
+
 func TestVarsLoader_File(t *testing.T) {
 	d := t.TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)

From 5bc357c88efa1ff9f7e544c4d00a1da094590fab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 15:51:25 +0100
Subject: [PATCH 0732/2268] fix: Respect IdentityAgent from SSH config (#280)

---
 pkg/git/auth/ssh_auth_provider.go | 36 ++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 5af2d2c0d..c6911e846 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -10,10 +10,13 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/agent"
 	"io"
+	"net"
 	"os"
 	"os/user"
 	"path/filepath"
+	"runtime"
 	"sync"
 )
 
@@ -85,12 +88,43 @@ func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl)
 	}
 }
 
+func (a *sshDefaultIdentityAndAgent) createAgent(gitUrl git_url.GitUrl) (agent.Agent, error) {
+	if runtime.GOOS == "windows" {
+		a, _, err := sshagent.New()
+		return a, err
+	}
+
+	// see `man ssh_config`
+
+	sshAuthSock := ssh_config.Get(gitUrl.Hostname(), "IdentityAgent")
+	if sshAuthSock == "none" {
+		return nil, nil
+	}
+	if sshAuthSock == "" || sshAuthSock == "SSH_AUTH_SOCK" {
+		a, _, err := sshagent.New()
+		return a, err
+	}
+
+	sshAuthSock = os.ExpandEnv(sshAuthSock)
+	sshAuthSock = expandHomeDir(sshAuthSock)
+
+	conn, err := net.Dial("unix", sshAuthSock)
+	if err != nil {
+		return nil, fmt.Errorf("error connecting to unix socket: %v", err)
+	}
+
+	return agent.NewClient(conn), nil
+}
+
 func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add agent keys")
-	agent, _, err := sshagent.New()
+	agent, err := a.createAgent(gitUrl)
 	if err != nil {
 		a.authProvider.MessageCallbacks.Warning("Failed to connect to ssh agent for url %s: %v", gitUrl.String(), err)
 	} else {
+		if agent == nil {
+			return
+		}
 		signers, err := agent.Signers()
 		if err != nil {
 			a.authProvider.MessageCallbacks.Warning("Failed to get signers from ssh agent for url %s: %v", gitUrl.String(), err)

From b5ac47375adc4a0ab6ca9b7720694a797868bfa2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Feb 2023 15:51:46 +0100
Subject: [PATCH 0733/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#277)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.7 to 1.18.11.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.7...config/v1.18.11)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 5774ed81a..c83c9c98b 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.3
-	github.com/aws/aws-sdk-go-v2/config v1.18.7
+	github.com/aws/aws-sdk-go-v2/config v1.18.11
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
@@ -95,16 +95,16 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.7 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.11 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.2 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 9bd56dc4a..58e4aa64c 100644
--- a/go.sum
+++ b/go.sum
@@ -121,10 +121,10 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.7 h1:V94lTcix6jouwmAsgQMAEBozVAGJMFhVj+6/++xfe3E=
-github.com/aws/aws-sdk-go-v2/config v1.18.7/go.mod h1:OZYsyHFL5PB9UpyS78NElgKs11qI/B5KJau2XOJDXHA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.7 h1:qUUcNS5Z1092XBFT66IJM7mYkMwgZ8fcC8YDIbEwXck=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.7/go.mod h1:AdCcbZXHQCjJh6NaH3pFaw8LUeBFn5+88BZGMVGuBT8=
+github.com/aws/aws-sdk-go-v2/config v1.18.11 h1:7dJD4p90OyKYIihuwe/LbHfP7uw4yVm5P1hel+b8UZ8=
+github.com/aws/aws-sdk-go-v2/config v1.18.11/go.mod h1:FTGKr2F7QL7IAg22dUmEB5NWpLPAOuhrONzXe7TVhAI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.11 h1:QnvlTut1XXKkX4aaM1Ydo5X0CHriv0jmLu8PTVQQJJo=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.11/go.mod h1:tqAm4JmQaShel+Qi38hmd1QglSnnxaYt50k/9yGQzzc=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -141,12 +141,12 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3f
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2 h1:QDVKb2VpuwzIslzshumxksayV5GkpqT+rkVvdPVrA9E=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.11.28 h1:gItLq3zBYyRDPmqAClgzTH8PBjDQGeyptYGHIwtYYNA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.11.28/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11 h1:KCacyVSs/wlcPGx37hcbT3IGYO8P8Jx+TgSDhAXtQMY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.13.11/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.17.7 h1:9Mtq1KM6nD8/+HStvWcvYnixJ5N85DX+P+OY3kI3W2k=
-github.com/aws/aws-sdk-go-v2/service/sts v1.17.7/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 h1:/2gzjhQowRLarkkBOGPXSRnb8sQ2RVsjdG1C/UliK/c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.0/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 h1:Jfly6mRxk2ZOSlbCvZfKNS7TukSx1mIzhSsqZ/IGSZI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.2 h1:J/4wIaGInCEYCGhTSruxCxeoA5cy91a+JT7cHFKFSHQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.2/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From be1d16d6c37eb26a9b234029b53c6c72b77d53e3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 16:40:54 +0100
Subject: [PATCH 0734/2268] tests: Allow to set sub dir for test projects

---
 e2e/helm_test.go          |  8 ++++----
 e2e/no_target_test.go     |  2 +-
 e2e/seal_test.go          | 18 +++++++++---------
 e2e/test-utils/project.go | 32 ++++++++++++++++++++++----------
 4 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 9d8f519cb..6993804de 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -486,8 +486,8 @@ func TestHelmLocalChart(t *testing.T) {
 	p.AddHelmDeployment("helm1", "../test-chart1", "", "", "test-helm-1", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", "test-chart2", "", "", "test-helm-2", p.TestSlug(), nil)
 
-	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalRepoDir(), "test-chart1"))
-	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalRepoDir(), "helm2/test-chart2"))
+	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalProjectDir(), "test-chart1"))
+	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalProjectDir(), "helm2/test-chart2"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-1-test-chart1")
@@ -505,9 +505,9 @@ func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName
 	}
 	var dir string
 	if u.Scheme == "oci" {
-		dir = filepath.Join(p.LocalRepoDir(), ".helm-charts", fmt.Sprintf("%s_%s", u.Scheme, u.Hostname()), chartName)
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s", u.Scheme, u.Hostname()), chartName)
 	} else {
-		dir = filepath.Join(p.LocalRepoDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
 	}
 	if chartVersion != "" {
 		dir = filepath.Join(dir, chartVersion)
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 1451d10d8..90c8086c6 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -26,7 +26,7 @@ func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_utils.Test
 		p.AddKustomizeDeployment("cm", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
 	} else {
 		p.AddKustomizeResources("", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}})
-		err := os.Remove(filepath.Join(p.LocalRepoDir(), "deployment.yml"))
+		err := os.Remove(filepath.Join(p.LocalProjectDir(), "deployment.yml"))
 		assert.NoError(t, err)
 	}
 
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 532088948..e0cfab88d 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -178,7 +178,7 @@ func TestSeal_WithOperator(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -213,7 +213,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	test_resources.ApplyYaml("sealed-secrets.yaml", k)
@@ -261,7 +261,7 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -301,7 +301,7 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -352,7 +352,7 @@ func TestSeal_MultipleTargets(t *testing.T) {
 	p.KluctlMust("seal", "-t", "test-target")
 	p.KluctlMust("seal", "-t", "test-target2")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
@@ -395,7 +395,7 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment2/test-target/secret-secret2.yml"))
 
@@ -442,7 +442,7 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -483,7 +483,7 @@ func TestSeal_File(t *testing.T) {
 
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
@@ -538,7 +538,7 @@ func TestSeal_Vault(t *testing.T) {
 	p.AddExtraEnv("VAULT_TOKEN=root")
 	p.KluctlMust("seal", "-t", "test-target")
 
-	sealedSecretsDir := p.LocalRepoDir()
+	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index b824a5223..9da4e2a84 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -17,6 +17,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"reflect"
 	"strings"
@@ -29,6 +30,7 @@ type TestProject struct {
 
 	extraEnv   []string
 	useProcess bool
+	gitSubDir  string
 
 	gitServer *git2.TestGitServer
 }
@@ -41,6 +43,12 @@ func WithUseProcess(useProcess bool) TestProjectOption {
 	}
 }
 
+func WithGitSubDir(subDir string) TestProjectOption {
+	return func(p *TestProject) {
+		p.gitSubDir = subDir
+	}
+}
+
 func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
 		t: t,
@@ -86,8 +94,8 @@ func (p *TestProject) UpdateDeploymentYaml(dir string, update func(o *uo.Unstruc
 	}, "")
 }
 
-func (p *TestProject) UpdateYaml(path string, update func(o *uo.UnstructuredObject) error, message string) {
-	p.gitServer.UpdateYaml("kluctl-project", path, func(o map[string]any) error {
+func (p *TestProject) UpdateYaml(pth string, update func(o *uo.UnstructuredObject) error, message string) {
+	p.gitServer.UpdateYaml("kluctl-project", path.Join(p.gitSubDir, pth), func(o map[string]any) error {
 		u := uo.FromMap(o)
 		err := update(u)
 		if err != nil {
@@ -98,12 +106,12 @@ func (p *TestProject) UpdateYaml(path string, update func(o *uo.UnstructuredObje
 	}, message)
 }
 
-func (p *TestProject) UpdateFile(path string, update func(f string) (string, error), message string) {
-	p.gitServer.UpdateFile("kluctl-project", path, update, message)
+func (p *TestProject) UpdateFile(pth string, update func(f string) (string, error), message string) {
+	p.gitServer.UpdateFile("kluctl-project", path.Join(p.gitSubDir, pth), update, message)
 }
 
 func (p *TestProject) GetYaml(path string) *uo.UnstructuredObject {
-	o, err := uo.FromFile(filepath.Join(p.LocalRepoDir(), path))
+	o, err := uo.FromFile(filepath.Join(p.LocalProjectDir(), path))
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -231,7 +239,7 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 		p.AddDeploymentIncludes(deploymentDir)
 	}
 
-	absKustomizeDir := filepath.Join(p.LocalRepoDir(), dir)
+	absKustomizeDir := filepath.Join(p.LocalProjectDir(), dir)
 
 	err := os.MkdirAll(absKustomizeDir, 0o700)
 	if err != nil {
@@ -334,11 +342,11 @@ func (p *TestProject) AddKustomizeResources(dir string, resources []KustomizeRes
 			}
 			if r.Content != nil {
 				x := p.convertInterfaceToList(r.Content)
-				err := yaml.WriteYamlAllFile(filepath.Join(p.LocalRepoDir(), dir, fileName), x)
+				err := yaml.WriteYamlAllFile(filepath.Join(p.LocalProjectDir(), dir, fileName), x)
 				if err != nil {
 					return err
 				}
-				_, err = wt.Add(filepath.Join(dir, fileName))
+				_, err = wt.Add(filepath.Join(path.Join(p.gitSubDir, dir), fileName))
 				if err != nil {
 					return err
 				}
@@ -372,6 +380,10 @@ func (p *TestProject) LocalRepoDir() string {
 	return p.gitServer.LocalRepoDir("kluctl-project")
 }
 
+func (p *TestProject) LocalProjectDir() string {
+	return path.Join(p.LocalRepoDir(), p.gitSubDir)
+}
+
 func (p *TestProject) GetGitRepo() *git.Repository {
 	return p.gitServer.GetGitRepo("kluctl-project")
 }
@@ -381,7 +393,7 @@ func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
 
-	cwd := p.LocalRepoDir()
+	cwd := p.LocalProjectDir()
 
 	args = append(args, "--debug")
 
@@ -422,7 +434,7 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	}
 
 	var args []string
-	args = append(args, "--project-dir", p.LocalRepoDir())
+	args = append(args, "--project-dir", p.LocalProjectDir())
 	args = append(args, argsIn...)
 
 	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))

From f110cb86e5e8ab1ce7db102738f4bf48e405b902 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 16:41:01 +0100
Subject: [PATCH 0735/2268] tests: Implement git include tests

---
 e2e/git_include_test.go | 55 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 e2e/git_include_test.go

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
new file mode 100644
index 000000000..8eb03fbfe
--- /dev/null
+++ b/e2e/git_include_test.go
@@ -0,0 +1,55 @@
+package e2e
+
+import (
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"testing"
+)
+
+func prepareIncludeProject(t *testing.T, prefix string, subDir string) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t, test_utils.WithGitSubDir(subDir))
+	addConfigMapDeployment(p, "cm", map[string]string{"a": "v"}, resourceOpts{
+		name:      fmt.Sprintf("%s-cm", prefix),
+		namespace: p.TestSlug(),
+	})
+	return p
+}
+
+func prepareGitIncludeTest(t *testing.T) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	ip1 := prepareIncludeProject(t, "include1", "")
+	ip2 := prepareIncludeProject(t, "include2", "subDir")
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url":    ip2.GitUrl(),
+			"subDir": "subDir",
+		},
+	}))
+
+	return p, ip1, ip2
+}
+
+func TestGitInclude(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p, _, _ := prepareGitIncludeTest(t)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+}

From da34b2764dd01602a082816b4935365d8def2158 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 17:20:45 +0100
Subject: [PATCH 0736/2268] tests: Implement --local-git-override tests

---
 e2e/git_include_test.go | 42 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 8eb03fbfe..a78268cb4 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -3,7 +3,12 @@ package e2e
 import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	cp "github.com/otiai10/copy"
+	"github.com/stretchr/testify/assert"
+	"path/filepath"
 	"testing"
 )
 
@@ -53,3 +58,40 @@ func TestGitInclude(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
+
+func TestLocalGitOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	p, ip1, ip2 := prepareGitIncludeTest(t)
+
+	override1 := t.TempDir()
+	err := cp.Copy(ip1.LocalRepoDir(), override1)
+	assert.NoError(t, err)
+
+	override2 := t.TempDir()
+	err = cp.Copy(ip2.LocalRepoDir(), override2)
+	assert.NoError(t, err)
+
+	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o1", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
+
+	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o2", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
+
+	u1, _ := git_url.Parse(ip1.GitUrl())
+	u2, _ := git_url.Parse(ip2.GitUrl())
+
+	p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-git-override", fmt.Sprintf("%s=%s", u1.NormalizedRepoKey(), override1),
+		"--local-git-override", fmt.Sprintf("%s=%s", u2.NormalizedRepoKey(), override2),
+	)
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}

From e60ad8feaa9a1c6c6a54dccb0de90ca3c8cc036a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 17:21:16 +0100
Subject: [PATCH 0737/2268] fix: Fix NormalizedRepoKey() with non-default ports

---
 pkg/git/git-url/url.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/git/git-url/url.go b/pkg/git/git-url/url.go
index 452df12ee..727e8796f 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/git/git-url/url.go
@@ -101,5 +101,5 @@ func (u *GitUrl) NormalizedRepoKey() string {
 	if u.User != nil && u.User.Username() != "" {
 		username = u.User.Username() + "@"
 	}
-	return fmt.Sprintf("%s%s:%s", username, u2.Host, u2.Path)
+	return fmt.Sprintf("%s%s:%s%s", username, u2.Hostname(), u2.Port(), u2.Path)
 }

From 0b0f7271aebf7040dd69ad6119b9e2a8ffe938e7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 17:23:58 +0100
Subject: [PATCH 0738/2268] feat: Remove broken support for branch overriding

---
 cmd/kluctl/args/project.go   |  2 +-
 cmd/kluctl/commands/utils.go | 10 +---------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index c14455303..fc896f813 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -27,7 +27,7 @@ type ProjectFlags struct {
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
-	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them. To only override a single branch of the repo, use 'github.com:my-org/my-repo:my-branch=/local/path/to/override'"`
+	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
 	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com:some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com:some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
 }
 
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 63da52161..c789882ac 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -242,20 +242,12 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	sp2 := strings.Split(sp[0], ":")
-	if len(sp2) < 2 || len(sp2) > 3 {
-		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
-	}
-
-	u, err := git_url.Parse(fmt.Sprintf("%s:%s", sp2[0], sp2[1]))
+	u, err := git_url.Parse(sp[0])
 	if err != nil {
 		return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
 	}
 	u = u.Normalize()
 	ret.RepoUrl = *u
-	if len(sp2) == 3 {
-		ret.Ref = sp2[2]
-	}
 	ret.Override = sp[1]
 	return
 }

From aa9f146cefa0fd77e49e76ed7a14bc27f5b659c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 21:42:16 +0100
Subject: [PATCH 0739/2268] fix: Check corrent path when looking for overrides

---
 pkg/repocache/cache.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 131567488..3db2b00c5 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -106,7 +106,7 @@ func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
 			relPath := strings.TrimPrefix(urlN.Path, ro.RepoUrl.Path+"/")
 			overridePath = path.Join(ro.Override, relPath)
 		} else {
-			if ro.Override != urlN.Path {
+			if ro.RepoUrl.Path != urlN.Path {
 				continue
 			}
 			overridePath = ro.Override

From f314e3eebfcbf7aec7b1789c7252cfef24ce005f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 21:48:20 +0100
Subject: [PATCH 0740/2268] fix: Fix parsing in parseRepoOverride

---
 cmd/kluctl/commands/utils.go | 5 ++++-
 e2e/git_include_test.go      | 6 ++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index c789882ac..2a610fee0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -242,7 +242,10 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	u, err := git_url.Parse(sp[0])
+	// we need to prepend a dummy scheme to the repo key so that it is properly parsed
+	dummyUrl := fmt.Sprintf("git://%s", sp[0])
+
+	u, err := git_url.Parse(dummyUrl)
 	if err != nil {
 		return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
 	}
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index a78268cb4..22afa21f8 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -85,10 +85,12 @@ func TestLocalGitOverride(t *testing.T) {
 
 	u1, _ := git_url.Parse(ip1.GitUrl())
 	u2, _ := git_url.Parse(ip2.GitUrl())
+	k1 := u1.NormalizedRepoKey()
+	k2 := u2.NormalizedRepoKey()
 
 	p.KluctlMust("deploy", "--yes", "-t", "test",
-		"--local-git-override", fmt.Sprintf("%s=%s", u1.NormalizedRepoKey(), override1),
-		"--local-git-override", fmt.Sprintf("%s=%s", u2.NormalizedRepoKey(), override2),
+		"--local-git-override", fmt.Sprintf("%s=%s", k1, override1),
+		"--local-git-override", fmt.Sprintf("%s=%s", k2, override2),
 	)
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertNestedFieldEquals(t, cm, "o1", "data", "a")

From 656e102ac357fd9a962a24389ee6dfbc06b8f9a3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 23:00:30 +0100
Subject: [PATCH 0741/2268] tests: Allow to reuse Git servers for multiple
 projects

---
 e2e/test-utils/project.go    | 42 ++++++++++++++++++++++++++----------
 pkg/git/test_git_server.go   |  8 +++++--
 pkg/vars/vars_loader_test.go |  6 +++---
 3 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 9da4e2a84..63f918dea 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -30,9 +30,10 @@ type TestProject struct {
 
 	extraEnv   []string
 	useProcess bool
-	gitSubDir  string
 
-	gitServer *git2.TestGitServer
+	gitServer   *git2.TestGitServer
+	gitRepoName string
+	gitSubDir   string
 }
 
 type TestProjectOption func(p *TestProject)
@@ -43,6 +44,18 @@ func WithUseProcess(useProcess bool) TestProjectOption {
 	}
 }
 
+func WithGitServer(s *git2.TestGitServer) TestProjectOption {
+	return func(p *TestProject) {
+		p.gitServer = s
+	}
+}
+
+func WithRepoName(n string) TestProjectOption {
+	return func(p *TestProject) {
+		p.gitRepoName = n
+	}
+}
+
 func WithGitSubDir(subDir string) TestProjectOption {
 	return func(p *TestProject) {
 		p.gitSubDir = subDir
@@ -51,15 +64,18 @@ func WithGitSubDir(subDir string) TestProjectOption {
 
 func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
-		t: t,
+		t:           t,
+		gitRepoName: "kluctl-project",
 	}
 
 	for _, o := range opts {
 		o(p)
 	}
 
-	p.gitServer = git2.NewTestGitServer(t)
-	p.gitServer.GitInit("kluctl-project")
+	if p.gitServer == nil {
+		p.gitServer = git2.NewTestGitServer(t)
+	}
+	p.gitServer.GitInit(p.gitRepoName)
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 		return nil
@@ -70,6 +86,10 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	return p
 }
 
+func (p *TestProject) GitServer() *git2.TestGitServer {
+	return p.gitServer
+}
+
 func (p *TestProject) TestSlug() string {
 	n := p.t.Name()
 	n = xstrings.ToKebabCase(n)
@@ -95,7 +115,7 @@ func (p *TestProject) UpdateDeploymentYaml(dir string, update func(o *uo.Unstruc
 }
 
 func (p *TestProject) UpdateYaml(pth string, update func(o *uo.UnstructuredObject) error, message string) {
-	p.gitServer.UpdateYaml("kluctl-project", path.Join(p.gitSubDir, pth), func(o map[string]any) error {
+	p.gitServer.UpdateYaml(p.gitRepoName, path.Join(p.gitSubDir, pth), func(o map[string]any) error {
 		u := uo.FromMap(o)
 		err := update(u)
 		if err != nil {
@@ -107,7 +127,7 @@ func (p *TestProject) UpdateYaml(pth string, update func(o *uo.UnstructuredObjec
 }
 
 func (p *TestProject) UpdateFile(pth string, update func(f string) (string, error), message string) {
-	p.gitServer.UpdateFile("kluctl-project", path.Join(p.gitSubDir, pth), update, message)
+	p.gitServer.UpdateFile(p.gitRepoName, path.Join(p.gitSubDir, pth), update, message)
 }
 
 func (p *TestProject) GetYaml(path string) *uo.UnstructuredObject {
@@ -147,7 +167,7 @@ func (p *TestProject) ListDeploymentItemPathes(dir string, fullPath bool) []stri
 }
 
 func (p *TestProject) UpdateKustomizeDeployment(dir string, update func(o *uo.UnstructuredObject, wt *git.Worktree) error) {
-	wt := p.gitServer.GetWorktree("kluctl-project")
+	wt := p.gitServer.GetWorktree(p.gitRepoName)
 
 	pth := filepath.Join(dir, "kustomization.yml")
 	p.UpdateYaml(pth, func(o *uo.UnstructuredObject) error {
@@ -373,11 +393,11 @@ func (p *TestProject) DeleteKustomizeDeployment(dir string) {
 }
 
 func (p *TestProject) GitUrl() string {
-	return p.gitServer.GitUrl("kluctl-project")
+	return p.gitServer.GitRepoUrl(p.gitRepoName)
 }
 
 func (p *TestProject) LocalRepoDir() string {
-	return p.gitServer.LocalRepoDir("kluctl-project")
+	return p.gitServer.LocalRepoDir(p.gitRepoName)
 }
 
 func (p *TestProject) LocalProjectDir() string {
@@ -385,7 +405,7 @@ func (p *TestProject) LocalProjectDir() string {
 }
 
 func (p *TestProject) GetGitRepo() *git.Repository {
-	return p.gitServer.GetGitRepo("kluctl-project")
+	return p.gitServer.GetGitRepo(p.gitRepoName)
 }
 
 func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 7dd0a1614..fc58d02ab 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -223,8 +223,12 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	p.CommitYaml(repo, pth, message, o)
 }
 
-func (p *TestGitServer) GitUrl(repo string) string {
-	return fmt.Sprintf("http://localhost:%d/%s/.git", p.gitServerPort, repo)
+func (p *TestGitServer) GitUrl() string {
+	return fmt.Sprintf("http://localhost:%d", p.gitServerPort)
+}
+
+func (p *TestGitServer) GitRepoUrl(repo string) string {
+	return fmt.Sprintf("%s/%s/.git", p.GitUrl(), repo)
 }
 
 func (p *TestGitServer) LocalRepoDir(repo string) string {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 40c038e99..a5b774f45 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -199,7 +199,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	}, "")
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitUrl("repo"))
+		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
 		err := vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
@@ -213,7 +213,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitUrl("repo"))
+		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
 		b := true
 		err := vl.LoadVars(vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -250,7 +250,7 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 	assert.NoError(t, err)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitUrl("repo"))
+		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,

From 8f98b33eaf96a80f0807b9de80801f8eb62486d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 23:00:45 +0100
Subject: [PATCH 0742/2268] tests: Implement --local-git-group-override tests

---
 e2e/git_include_test.go | 59 +++++++++++++++++++++++++++++++++++------
 1 file changed, 51 insertions(+), 8 deletions(-)

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 22afa21f8..fc24635e1 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -12,8 +13,12 @@ import (
 	"testing"
 )
 
-func prepareIncludeProject(t *testing.T, prefix string, subDir string) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t, test_utils.WithGitSubDir(subDir))
+func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer *git2.TestGitServer) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t,
+		test_utils.WithGitSubDir(subDir),
+		test_utils.WithGitServer(gitServer),
+		test_utils.WithRepoName(fmt.Sprintf("repos/%s", prefix)),
+	)
 	addConfigMapDeployment(p, "cm", map[string]string{"a": "v"}, resourceOpts{
 		name:      fmt.Sprintf("%s-cm", prefix),
 		namespace: p.TestSlug(),
@@ -21,12 +26,12 @@ func prepareIncludeProject(t *testing.T, prefix string, subDir string) *test_uti
 	return p
 }
 
-func prepareGitIncludeTest(t *testing.T) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
+func prepareGitIncludeTest(t *testing.T, gitServer *git2.TestGitServer) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
-	ip1 := prepareIncludeProject(t, "include1", "")
-	ip2 := prepareIncludeProject(t, "include2", "subDir")
+	p := test_utils.NewTestProject(t, test_utils.WithGitServer(gitServer))
+	ip1 := prepareIncludeProject(t, "include1", "", gitServer)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", gitServer)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -52,7 +57,7 @@ func TestGitInclude(t *testing.T) {
 
 	k := defaultCluster1
 
-	p, _, _ := prepareGitIncludeTest(t)
+	p, _, _ := prepareGitIncludeTest(t, nil)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
@@ -63,7 +68,7 @@ func TestLocalGitOverride(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	p, ip1, ip2 := prepareGitIncludeTest(t)
+	p, ip1, ip2 := prepareGitIncludeTest(t, nil)
 
 	override1 := t.TempDir()
 	err := cp.Copy(ip1.LocalRepoDir(), override1)
@@ -97,3 +102,41 @@ func TestLocalGitOverride(t *testing.T) {
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 	assertNestedFieldEquals(t, cm, "o2", "data", "a")
 }
+
+func TestLocalGitGroupOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	p, ip1, ip2 := prepareGitIncludeTest(t, git2.NewTestGitServer(t))
+
+	overrideGroupDir := t.TempDir()
+
+	override1 := filepath.Join(overrideGroupDir, "include1")
+	err := cp.Copy(ip1.LocalRepoDir(), override1)
+	assert.NoError(t, err)
+
+	override2 := filepath.Join(overrideGroupDir, "include2")
+	err = cp.Copy(ip2.LocalRepoDir(), override2)
+	assert.NoError(t, err)
+
+	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o1", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
+
+	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o2", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
+
+	u1, _ := git_url.Parse(p.GitServer().GitUrl() + "/repos")
+	k1 := u1.NormalizedRepoKey()
+
+	p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-git-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
+	)
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}

From 2444089ee2cd682c000f973fd4e93927d6568a59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 3 Feb 2023 23:05:56 +0100
Subject: [PATCH 0743/2268] docs: Run make replace-commands-help

---
 docs/reference/commands/common-arguments.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index ac7f3d69a..c08d93b4b 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -67,8 +67,7 @@ Project arguments:
                                                cause kluctl to not use git to clone for the specified repository
                                                but instead use the local directory. This is useful in case you
                                                need to test out changes in external git repositories without
-                                               pushing them. To only override a single branch of the repo, use
-                                               'github.com:my-org/my-repo:my-branch=/local/path/to/override'
+                                               pushing them.
   -c, --project-config existingfile            Location of the .kluctl.yaml config file. Defaults to
                                                $PROJECT/.kluctl.yaml
       --project-dir existingdir                Specify the project directory. Defaults to the current working

From 521c62dd6e1d858e11d1a4a6c1d375d886ef36d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 5 Feb 2023 22:21:11 +0100
Subject: [PATCH 0744/2268] chore(deps): Bump k8s.io/apiextensions-apiserver
 from 0.26.0 to 0.26.1 (#286)

Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.26.0 to 0.26.1.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.26.0...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index c83c9c98b..235ac37db 100644
--- a/go.mod
+++ b/go.mod
@@ -47,10 +47,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.3
-	k8s.io/api v0.26.0
-	k8s.io/apiextensions-apiserver v0.26.0
-	k8s.io/apimachinery v0.26.0
-	k8s.io/client-go v0.26.0
+	k8s.io/api v0.26.1
+	k8s.io/apiextensions-apiserver v0.26.1
+	k8s.io/apimachinery v0.26.1
+	k8s.io/client-go v0.26.1
 	k8s.io/klog/v2 v2.80.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
@@ -253,9 +253,9 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
-	k8s.io/apiserver v0.26.0 // indirect
+	k8s.io/apiserver v0.26.1 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
-	k8s.io/component-base v0.26.0 // indirect
+	k8s.io/component-base v0.26.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
diff --git a/go.sum b/go.sum
index 58e4aa64c..5181e8dd0 100644
--- a/go.sum
+++ b/go.sum
@@ -1323,20 +1323,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I=
-k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg=
-k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo=
-k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ=
-k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg=
-k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
-k8s.io/apiserver v0.26.0 h1:q+LqIK5EZwdznGZb8bq0+a+vCqdeEEe4Ux3zsOjbc4o=
-k8s.io/apiserver v0.26.0/go.mod h1:aWhlLD+mU+xRo+zhkvP/gFNbShI4wBDHS33o0+JGI84=
+k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
+k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
+k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=
+k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM=
+k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ=
+k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
+k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc=
+k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
-k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8=
-k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg=
-k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs=
-k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8=
+k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU=
+k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE=
+k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4=
+k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU=
 k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s=

From fc14969e8dedba4f8d700218d05919c0b39ca253 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 5 Feb 2023 22:21:32 +0100
Subject: [PATCH 0745/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#283)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.11 to 1.18.12.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.11...config/v1.18.12)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 41 ++++++++++++++++++++++-------------------
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 235ac37db..f8f74f210 100644
--- a/go.mod
+++ b/go.mod
@@ -58,8 +58,8 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/aws/aws-sdk-go-v2 v1.17.3
-	github.com/aws/aws-sdk-go-v2/config v1.18.11
+	github.com/aws/aws-sdk-go-v2 v1.17.4
+	github.com/aws/aws-sdk-go-v2/config v1.18.12
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
@@ -95,16 +95,16 @@ require (
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.11 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 5181e8dd0..2c9a9ea0c 100644
--- a/go.sum
+++ b/go.sum
@@ -119,34 +119,37 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.11 h1:7dJD4p90OyKYIihuwe/LbHfP7uw4yVm5P1hel+b8UZ8=
-github.com/aws/aws-sdk-go-v2/config v1.18.11/go.mod h1:FTGKr2F7QL7IAg22dUmEB5NWpLPAOuhrONzXe7TVhAI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.11 h1:QnvlTut1XXKkX4aaM1Ydo5X0CHriv0jmLu8PTVQQJJo=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.11/go.mod h1:tqAm4JmQaShel+Qi38hmd1QglSnnxaYt50k/9yGQzzc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg=
+github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY=
+github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw=
+github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.12 h1:Cb+HhuEnV19zHRaYYVglwvdHGMJWbdsyP4oHhw04xws=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFuMO22HkV5VWGLBvmCLBCLPivUAmpdpnp4Vs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2 h1:QDVKb2VpuwzIslzshumxksayV5GkpqT+rkVvdPVrA9E=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 h1:/2gzjhQowRLarkkBOGPXSRnb8sQ2RVsjdG1C/UliK/c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.0/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 h1:Jfly6mRxk2ZOSlbCvZfKNS7TukSx1mIzhSsqZ/IGSZI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.2 h1:J/4wIaGInCEYCGhTSruxCxeoA5cy91a+JT7cHFKFSHQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.2/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From b50bac1e545e641ca38eb364d8efba1ab2e9d049 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 5 Feb 2023 22:21:48 +0100
Subject: [PATCH 0746/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#284)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.1 to 10.11.2.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.11.1...v10.11.2)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 19 +++++++------------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index f8f74f210..1f00bd653 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
 	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
 	github.com/fluxcd/pkg/kustomize v0.12.0
-	github.com/go-playground/validator/v10 v10.11.1
+	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/google/go-containerregistry v0.12.1
@@ -138,8 +138,8 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
diff --git a/go.sum b/go.sum
index 2c9a9ea0c..da078e7e6 100644
--- a/go.sum
+++ b/go.sum
@@ -306,14 +306,13 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
+github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@@ -559,7 +558,6 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -745,7 +743,6 @@ github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
 github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
@@ -887,7 +884,6 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -1063,7 +1059,6 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From c3cbb70d289b83504094166dd65868290de9c06d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Feb 2023 17:38:21 +0100
Subject: [PATCH 0747/2268] fix: Upgrade go-jinja2 and go-embed-python to fix
 Alpine support

---
 go.mod | 10 +++++-----
 go.sum | 21 ++++++++++++---------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 1f00bd653..7ba28228c 100644
--- a/go.mod
+++ b/go.mod
@@ -21,8 +21,8 @@ require (
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1
-	github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1
+	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
+	github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
@@ -132,8 +132,8 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
-	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/go-git/go-git/v5 v5.5.1 // indirect
+	github.com/go-git/go-billy/v5 v5.4.1 // indirect
+	github.com/go-git/go-git/v5 v5.5.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
@@ -179,7 +179,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.13 // indirect
+	github.com/klauspost/compress v1.15.15 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
diff --git a/go.sum b/go.sum
index da078e7e6..a8900a476 100644
--- a/go.sum
+++ b/go.sum
@@ -277,12 +277,14 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
+github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
+github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.5.1 h1:5vtv2TB5PM/gPM+EvsHJ16hJh4uAkdGcKilcwY7FYwo=
-github.com/go-git/go-git/v5 v5.5.1/go.mod h1:uz5PQ3d0gz7mSgzZhSJToM6ALPaKCdSnl58/Xb5hzr8=
+github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw=
+github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4BlxtH7OjI=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -545,12 +547,12 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.15.13 h1:NFn1Wr8cfnenSJSA46lLq4wHCcBzKTSjnBIexDMMOV0=
-github.com/klauspost/compress v1.15.13/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1 h1:PXkdM8Z/Lh1+GIjXVG3dFs5enQoQ1eC7JXMz/Mo4R04=
-github.com/kluctl/go-embed-python v0.0.0-3.10.8-20221106-1/go.mod h1:qVVSnYkq5NSgUuLzz4hTCXvVsRQyF/ic4U5v7DaiCGM=
-github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1 h1:LwFIJE5cb6AAThM8FPbg589Y7zaToSrBCEQ1bxs8eiY=
-github.com/kluctl/go-jinja2 v0.0.0-20221215083015-c3f906953ba1/go.mod h1:hkHz+qOoK67xFAM8M6OkvvXpEsYq8ZKQxkYkat6J058=
+github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
+github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
+github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
+github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
+github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647 h1:H7qN4RcRsFX6OuKn2La0ueu0nSFE9uPI/AMcgF5fXi8=
+github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647/go.mod h1:oGEuC0taLwg20ORdSN7cdrN4rook79mJJ01QZIU858U=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
@@ -1072,6 +1074,7 @@ golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=

From e5ede940642c035c3e01428eef8e0bd6f4bdf1eb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Feb 2023 17:38:33 +0100
Subject: [PATCH 0748/2268] feat: Switch to alpine for docker image

---
 Dockerfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b22c03a9a..f3ee702f7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,6 @@
-# We must use a glibc based distro due to embedded python not supporting musl libc for aarch64
-FROM debian:bullseye-slim
+FROM alpine:3.17.1
 
-RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
+RUN apk add ca-certificates
 
 COPY kluctl /usr/bin/
 ENTRYPOINT ["/usr/bin/kluctl"]

From 6f132f7f808a8d26722d9a6950049ebda4fc6a38 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Feb 2023 08:37:20 +0100
Subject: [PATCH 0749/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#292)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.18.2 to 1.18.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.2...config/v1.18.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 1f00bd653..0e761063f 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.4
 	github.com/aws/aws-sdk-go-v2/config v1.18.12
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
diff --git a/go.sum b/go.sum
index da078e7e6..d98304d6d 100644
--- a/go.sum
+++ b/go.sum
@@ -119,7 +119,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY=
 github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw=
@@ -129,11 +128,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtb
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A=
@@ -142,8 +139,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFu
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2 h1:QDVKb2VpuwzIslzshumxksayV5GkpqT+rkVvdPVrA9E=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.2/go.mod h1:jAeo/PdIJZuDSwsvxJS94G4d6h8tStj7WXVuKwLHWU8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3 h1:Zod/h9QcDvbrrG3jjTUp4lctRb6Qg2nj7ARC/xMsUc4=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8=

From 00a4aa3294696a16eda7fc9a8de6501485f5400a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Feb 2023 08:38:42 +0100
Subject: [PATCH 0750/2268] chore(deps): Bump github.com/spf13/viper from
 1.14.0 to 1.15.0 (#293)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 13 ++++++-------
 go.sum | 26 ++++++++++++--------------
 2 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index 0e761063f..728bec1e9 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.14.0
+	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
@@ -74,7 +74,7 @@ require (
 
 require (
 	cloud.google.com/go/compute v1.14.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.2 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.8.0 // indirect
 	cloud.google.com/go/kms v1.6.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
@@ -205,7 +205,6 @@ require (
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
@@ -226,7 +225,7 @@ require (
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.4.1 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/urfave/cli v1.22.7 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -243,10 +242,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.4.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/api v0.105.0 // indirect
+	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
-	google.golang.org/grpc v1.51.0 // indirect
+	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
+	google.golang.org/grpc v1.52.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index d98304d6d..4796239a1 100644
--- a/go.sum
+++ b/go.sum
@@ -29,8 +29,8 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
 cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
-cloud.google.com/go/compute/metadata v0.2.2 h1:aWKAjYaBaOSrpKl57+jnS/3fJRQnxL7TvR/u1VVbt6k=
-cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM=
+cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
+cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
@@ -684,8 +684,6 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FI
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
-github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -786,8 +784,8 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.14.0 h1:Rg7d3Lo706X9tHsJMUjdiwMpHB7W8WnSVOssIY+JElU=
-github.com/spf13/viper v1.14.0/go.mod h1:WT//axPky3FdvXHzGw33dNdXXXfFQqmEalje+egj8As=
+github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
+github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -806,8 +804,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=
-github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
+github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/urfave/cli v1.22.7 h1:aXiFAgRugfJ27UFDsGJ9DB2FvTC73hlVXFSqq5bo9eU=
 github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
@@ -1180,8 +1178,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.105.0 h1:t6P9Jj+6XTn4U9I2wycQai6Q/Kz7iOT+QzjJ3G2V4x8=
-google.golang.org/api v0.105.0/go.mod h1:qh7eD5FJks5+BcE+cjBIm6Gz8vioK7EHvnlniqXBnqI=
+google.golang.org/api v0.107.0 h1:I2SlFjD8ZWabaIFOfeEDg3pf0BHJDh6iYQ1ic3Yu/UU=
+google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1234,8 +1232,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70=
-google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
+google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1258,8 +1256,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U=
-google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww=
+google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
+google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From c07afbb42fd7daef7cb614a0a8a34521fe73a5b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Feb 2023 08:39:11 +0100
Subject: [PATCH 0751/2268] chore(deps): Bump github.com/fluxcd/pkg/kustomize
 from 0.12.0 to 0.13.0 (#294)

Bumps [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/fluxcd/pkg/releases)
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.12.0...oci/v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 728bec1e9..2ed371303 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
 	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
-	github.com/fluxcd/pkg/kustomize v0.12.0
+	github.com/fluxcd/pkg/kustomize v0.13.0
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -64,7 +64,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.24.2
+	github.com/onsi/gomega v1.26.0
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.1
@@ -128,7 +128,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fluxcd/pkg/apis/kustomize v0.7.0 // indirect
+	github.com/fluxcd/pkg/apis/kustomize v0.8.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
diff --git a/go.sum b/go.sum
index 4796239a1..0b63075c3 100644
--- a/go.sum
+++ b/go.sum
@@ -259,10 +259,10 @@ github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBd
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47Q2oaKDekn+BZVZCmxeCWNi+FyownE=
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
-github.com/fluxcd/pkg/apis/kustomize v0.7.0 h1:X2htBmJ91nGYv4d93gin665MFWKNGiNwUiZ08/Zz0hY=
-github.com/fluxcd/pkg/apis/kustomize v0.7.0/go.mod h1:Mu+KdktsEKWA4l/33CZdY5lB4hz51mqfcLzBZSwAqVg=
-github.com/fluxcd/pkg/kustomize v0.12.0 h1:4MQdbP3M8NTIcr8TgNMxRCN+2xZoMWtCDDS3RiOT+8M=
-github.com/fluxcd/pkg/kustomize v0.12.0/go.mod h1:awHID4OKe2/WAfTFg4u0fURXZPUkrIslSZNSPX9MEFQ=
+github.com/fluxcd/pkg/apis/kustomize v0.8.0 h1:A6aLolxPV2Sll44SOHiX96lbXXmRZmS5BoEerkRHrfM=
+github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJkswhYIaufXla4tB5Y84=
+github.com/fluxcd/pkg/kustomize v0.13.0 h1:oC50lpGdz/04aH4dPS/kRBjo+7PUx7BgGsJtSS0CmmE=
+github.com/fluxcd/pkg/kustomize v0.13.0/go.mod h1:6vAmxEe/41jBEspGq4OZA/4WlnszPyavm74TGSEVpXg=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -665,8 +665,8 @@ github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow=
-github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE=
-github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk=
+github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
+github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

From a3471516ed1812cd357e41ca3d35ac8e2e171dcc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 08:41:17 +0100
Subject: [PATCH 0752/2268] fix: Don't fail known_hosts verification when the
 key-type doesn't match (#287)

Instead, ask for confirmation again.
---
 pkg/git/auth/ssh_known_hosts.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index 9e8017040..ec375b1f2 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -74,9 +74,6 @@ func verifyHost(messageCallbacks messages.MessageCallbacks, host string, remote
 
 	for _, f := range files {
 		hostFound, err := goph.CheckKnownHost(host, remote, key, f)
-		if hostFound && err != nil {
-			return err
-		}
 		if hostFound && err == nil {
 			return nil
 		}

From 01a03d5086bd485686d0f0ebc071695a63e777ff Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 16:30:12 +0100
Subject: [PATCH 0753/2268] feat: Deprecate fixed images from external
 targetConfig

---
 pkg/kluctl_project/targets.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index baa2aa52f..e32f627c8 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -252,6 +252,9 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 	if targetConfig.Args != nil {
 		target.Args.Merge(targetConfig.Args)
 	}
+	if len(targetConfig.Images) != 0 {
+		status.Deprecation(c.ctx, "target-config-images", "specifying fixed images via external 'targetConfig' is deprecated and support for this will be removed in a future kluctl release.")
+	}
 	// We prepend the dynamic images to ensure they get higher priority later
 	target.Images = append(targetConfig.Images, target.Images...)
 

From c257fb112e04e93e2b1c2fc8cbe6dbafcd1f2f2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 16:37:32 +0100
Subject: [PATCH 0754/2268] refactor: Load vars in NewDeploymentItem instead of
 at render time

---
 pkg/deployment/deployment_item.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 3e0f3ec56..6d02374cd 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -27,6 +28,7 @@ type DeploymentItem struct {
 	Project   *DeploymentProject
 	Inclusion *utils.Inclusion
 	Config    *types.DeploymentItemConfig
+	VarsCtx   *vars.VarsCtx
 	dir       *string
 	index     int
 
@@ -51,6 +53,7 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 		Project:   project,
 		Inclusion: collection.Inclusion,
 		Config:    config,
+		VarsCtx:   project.VarsCtx.Copy(),
 		dir:       dir,
 		index:     index,
 	}
@@ -81,6 +84,12 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 		di.RenderedDir = filepath.Join(di.RenderedSourceRootDir, di.RelRenderedDir)
 		di.renderedYamlPath = filepath.Join(di.RenderedDir, ".rendered.yml")
 	}
+
+	err = di.Project.loadVarsList(di.VarsCtx, di.Config.Vars)
+	if err != nil {
+		return nil, err
+	}
+
 	return di, nil
 }
 
@@ -115,13 +124,6 @@ func (di *DeploymentItem) render(forSeal bool) error {
 		return err
 	}
 
-	varsCtx := di.Project.VarsCtx.Copy()
-
-	err = di.Project.loadVarsList(varsCtx, di.Config.Vars)
-	if err != nil {
-		return err
-	}
-
 	var excludePatterns []string
 	excludePatterns = append(excludePatterns, "**/.git")
 
@@ -154,7 +156,7 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	// also add deployment item dir to search dirs
 	searchDirs = append([]string{*di.dir}, searchDirs...)
 
-	return varsCtx.RenderDirectory(
+	return di.VarsCtx.RenderDirectory(
 		filepath.Join(di.Project.source.dir, di.RelToSourceItemDir),
 		di.RenderedDir,
 		excludePatterns,

From 4829488670c5b7e40f1988e1221ca39221c66bbb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 17:25:11 +0100
Subject: [PATCH 0755/2268] fix: Load deprecated args from deployment.yaml
 after .kluctl.yaml

---
 pkg/kluctl_project/target_context.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index f1619b2b9..1ccf21812 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -183,6 +183,11 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 	}
 	allArgs.Merge(externalArgs)
 
+	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
+	if err != nil {
+		return nil, err
+	}
+
 	deprecatedArgs, err := deployment.LoadDeprecatedDeploymentArgs(p.ctx, p.ProjectDir, varsCtx, allArgs)
 	if err != nil {
 		return nil, err
@@ -192,11 +197,6 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 		return nil, fmt.Errorf("mixing deprecated 'args' from deployment.yaml and .kluctl.yaml is not allowed")
 	}
 
-	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
-	if err != nil {
-		return nil, err
-	}
-
 	varsCtx.UpdateChild("args", allArgs)
 
 	return varsCtx, nil

From 405b0b7c39bf3c57c5e62bf4d68e7376c37d4f9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 17:31:14 +0100
Subject: [PATCH 0756/2268] feat: Support fixed images configuration from vars

---
 pkg/deployment/deployment_item.go |  2 +-
 pkg/deployment/images.go          | 77 +++++++++++++++++++++++--------
 2 files changed, 59 insertions(+), 20 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 6d02374cd..05678dd8c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -592,7 +592,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			}
 
 			// Resolve image placeholders
-			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys())
+			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys(), di.VarsCtx.Vars)
 			if err != nil {
 				errs = multierror.Append(errs, err)
 			}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 8dc9c5f77..24964fe94 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -66,24 +66,60 @@ func (images *Images) SeenImages(simple bool) []types.FixedImage {
 	return ret
 }
 
-func (images *Images) GetFixedImage(image string, namespace string, deployment string, container string) *string {
-	for i := len(images.fixedImages) - 1; i >= 0; i-- {
-		fi := &images.fixedImages[i]
-		if fi.Image != image {
-			continue
-		}
-		if fi.Namespace != nil && namespace != *fi.Namespace {
-			continue
-		}
-		if fi.Deployment != nil && deployment != *fi.Deployment {
-			continue
+func (images *Images) parseFixedImagesFromVars(vars *uo.UnstructuredObject) ([]types.FixedImage, error) {
+	fisU, _, err := vars.GetNestedObjectList("images")
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse fixed images from vars: %w", err)
+	}
+	fis := make([]types.FixedImage, 0, len(fisU))
+	for i, u := range fisU {
+		var fi types.FixedImage
+		err = u.ToStruct(&fi)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse fixed image from vars at index %d: %w", i, err)
 		}
-		if fi.Container != nil && container != *fi.Container {
-			continue
+		fis = append(fis, fi)
+	}
+	return fis, nil
+}
+
+func (images *Images) getFixedImage(image string, namespace string, deployment string, container string, vars *uo.UnstructuredObject) (*string, error) {
+	cmpList := func(fis []types.FixedImage) *string {
+		for i := len(fis) - 1; i >= 0; i-- {
+			fi := fis[i]
+			if fi.Image != image {
+				continue
+			}
+			if fi.Namespace != nil && namespace != *fi.Namespace {
+				continue
+			}
+			if fi.Deployment != nil && deployment != *fi.Deployment {
+				continue
+			}
+			if fi.Container != nil && container != *fi.Container {
+				continue
+			}
+
+			return &fi.ResultImage
 		}
-		return &fi.ResultImage
+		return nil
 	}
-	return nil
+
+	fisFromVars, err := images.parseFixedImagesFromVars(vars)
+	if err != nil {
+		return nil, err
+	}
+
+	fi := cmpList(images.fixedImages)
+	if fi != nil {
+		return fi, nil
+	}
+	fi = cmpList(fisFromVars)
+	if fi != nil {
+		return fi, nil
+	}
+
+	return nil, nil
 }
 
 func (images *Images) GetLatestImageFromRegistry(image string, latestVersion string) (*string, error) {
@@ -204,7 +240,7 @@ func (images *Images) FindPlaceholders(o *uo.UnstructuredObject) ([]placeHolder,
 	return ret, nil
 }
 
-func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string) error {
+func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string, vars *uo.UnstructuredObject) error {
 	placeholders, err := images.FindPlaceholders(o)
 	if err != nil {
 		return err
@@ -240,7 +276,7 @@ func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredO
 			}
 		}
 
-		resultImage, err := images.resolveImage(ph, ref, deployment, deployed, deploymentDir, tags)
+		resultImage, err := images.resolveImage(ph, ref, deployment, deployed, deploymentDir, tags, vars)
 		if err != nil {
 			return err
 		}
@@ -257,8 +293,11 @@ func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredO
 	return nil
 }
 
-func (images *Images) resolveImage(ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string) (*string, error) {
-	fixed := images.GetFixedImage(ph.Image, ref.Namespace, deployment, ph.Container)
+func (images *Images) resolveImage(ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string, vars *uo.UnstructuredObject) (*string, error) {
+	fixed, err := images.getFixedImage(ph.Image, ref.Namespace, deployment, ph.Container, vars)
+	if err != nil {
+		return nil, err
+	}
 
 	registry, err := images.GetLatestImageFromRegistry(ph.Image, ph.LatestVersion)
 	if err != nil {

From 9ac3b0fc01706159257c8c393803ca62107916d4 Mon Sep 17 00:00:00 2001
From: Petr Michalec <epcim@apealive.net>
Date: Tue, 7 Feb 2023 20:29:30 +0100
Subject: [PATCH 0757/2268] improve subDir path validation (#279)

Closes: https://github.com/kluctl/kluctl/issues/269
---
 pkg/types/git_project.go     | 27 ++++++++++++++++++++++++---
 pkg/types/validators_test.go | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 pkg/types/validators_test.go

diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index dd8c7bae6..5183cf964 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -1,12 +1,18 @@
 package types
 
 import (
+	"fmt"
+	"regexp"
+	"strings"
+
 	"github.com/go-playground/validator/v10"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"strings"
 )
 
+// gitDirPatternNeg defines forbiden characters on git directory path/subDir
+var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
+
 type GitProject struct {
 	Url    git_url.GitUrl `yaml:"url" validate:"required"`
 	Ref    string         `yaml:"ref,omitempty"`
@@ -22,10 +28,25 @@ func (gp *GitProject) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return unmarshal((*raw)(gp))
 }
 
+// invalidDirName evaluate directory name against forbidden characters
+func invalidDirName(dirName string) bool {
+	return gitDirPatternNeg.MatchString(dirName)
+}
+
+// validateGitSubDir evaluate syntax for subdirectory path
+func validateGitSubDir(path string) bool {
+	for _, dirName := range strings.Split(path, "/") {
+		if invalidDirName(dirName) {
+			return false
+		}
+	}
+	return true
+}
+
 func ValidateGitProject(sl validator.StructLevel) {
 	gp := sl.Current().Interface().(GitProject)
-	if strings.Index(gp.SubDir, "/") != -1 {
-		sl.ReportError(gp.SubDir, "subDir", "SubDir", "/ is not allowed in subDir", "")
+	if !validateGitSubDir(gp.SubDir) {
+		sl.ReportError(gp.SubDir, "subDir", "SubDir", fmt.Sprintf("'%s' is not valid git subdirectory path", gp.SubDir), "")
 	}
 }
 
diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
new file mode 100644
index 000000000..e7c2067f3
--- /dev/null
+++ b/pkg/types/validators_test.go
@@ -0,0 +1,35 @@
+package types
+
+import (
+	"testing"
+
+	validator "github.com/go-playground/validator/v10"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateGitProjectSubDir(t *testing.T) {
+
+	var subDirItems = []struct {
+		have string
+		want bool
+	}{
+		{"subDir", true},
+		{"subDir/../subDir", true},
+		{"subDir?", false},            // wrong characters
+		{"subDir*/Another", false},    // wrong characters
+		{"subDir/../sub?D|ir", false}, // wrong characters
+	}
+
+	validate := validator.New()
+	validate.RegisterStructValidation(ValidateGitProject, GitProject{})
+
+	for _, item := range subDirItems {
+		gp := GitProject{SubDir: item.have}
+		err := validate.Struct(gp)
+		if item.want {
+			assert.Nil(t, err)
+		} else {
+			assert.Error(t, err)
+		}
+	}
+}

From dd4d92ea48b55ddc81e82c438fa2a036755ad850 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 09:00:47 +0100
Subject: [PATCH 0758/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.17.3 to 1.17.4 (#300)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.17.3 to 1.17.4.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.17.3...v1.17.4)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 36e68afe3..953b86b30 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.17.3
+	github.com/ohler55/ojg v1.17.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index 410b73528..c8a2b1211 100644
--- a/go.sum
+++ b/go.sum
@@ -661,8 +661,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.17.3 h1:NsyfSN+GScWFzXZCVuVimK0xOqUEqTSwuZ+J1WA50nw=
-github.com/ohler55/ojg v1.17.3/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
+github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=

From e99b006260cc60ce2b403e3530f4aa25a18086db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 09:01:04 +0100
Subject: [PATCH 0759/2268] chore(deps): Bump k8s.io/klog/v2 from 2.80.1 to
 2.90.0 (#299)

Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.1 to 2.90.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.80.1...v2.90.0)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 953b86b30..d84385a11 100644
--- a/go.mod
+++ b/go.mod
@@ -51,7 +51,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.26.1
 	k8s.io/apimachinery v0.26.1
 	k8s.io/client-go v0.26.1
-	k8s.io/klog/v2 v2.80.1
+	k8s.io/klog/v2 v2.90.0
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
diff --git a/go.sum b/go.sum
index c8a2b1211..bc2ea3b3d 100644
--- a/go.sum
+++ b/go.sum
@@ -1333,8 +1333,8 @@ k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU=
 k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE=
 k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4=
 k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU=
-k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
-k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=
+k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s=
 k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=

From 8082e89fcc666ae25f4699293f03b114667b464b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 09:01:30 +0100
Subject: [PATCH 0760/2268] chore(deps): Bump golang.org/x/sys from 0.4.0 to
 0.5.0 (#298)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d84385a11..9f80ab451 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	golang.org/x/crypto v0.5.0
 	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.4.0
+	golang.org/x/sys v0.5.0
 	golang.org/x/term v0.4.0
 	golang.org/x/text v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index bc2ea3b3d..09f9b9014 100644
--- a/go.sum
+++ b/go.sum
@@ -1070,8 +1070,8 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 6ca2413a25b76826474427be77e654b3c6bf9789 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Feb 2023 09:09:57 +0100
Subject: [PATCH 0761/2268] chore(deps): Bump golang.org/x/term from 0.4.0 to
 0.5.0 (#297)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9f80ab451..0a9e7de6f 100644
--- a/go.mod
+++ b/go.mod
@@ -42,7 +42,7 @@ require (
 	golang.org/x/net v0.5.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.5.0
-	golang.org/x/term v0.4.0
+	golang.org/x/term v0.5.0
 	golang.org/x/text v0.6.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
index 09f9b9014..a8302d9d2 100644
--- a/go.sum
+++ b/go.sum
@@ -1078,8 +1078,8 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg=
-golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 9c19fd968633ab2372304c11207d0defe74bffe4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 17:33:08 +0100
Subject: [PATCH 0762/2268] feat: Deprecate querying latest image tag from
 registries

---
 cmd/kluctl/args/images.go                   |  2 +-
 cmd/kluctl/commands/utils.go                |  6 ++++++
 docs/reference/commands/common-arguments.md |  5 ++++-
 pkg/deployment/deployment_item.go           |  2 +-
 pkg/deployment/images.go                    | 17 ++++++++++++-----
 pkg/kluctl_jinja2/ext/images_ext.py         |  4 ++++
 6 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 13aaf244d..7d0364722 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -11,7 +11,7 @@ type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
 	FixedImagesFile existingFileType `group:"images" help:"Use .yaml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
 	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
-	OfflineImages   bool             `group:"images" help:"Omit contacting image registries and do not query for latest image tags."`
+	OfflineImages   bool             `group:"images" help:"DEPRECATED: Omit contacting image registries and do not query for latest image tags. This flag is by default set to true. At the same time, the whole requesting of image tags from registries functionality is deprecated and will be removed from kluctl in a future release." default:"true"`
 }
 
 func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 2a610fee0..909a14c3b 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -130,6 +130,12 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	if err != nil {
 		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
 	}
+	if args.imageFlags.UpdateImages {
+		status.Deprecation(ctx, "update-images", "--update-images is deprecated and will be removed in a future kluctl release.")
+	}
+	if !args.imageFlags.OfflineImages {
+		status.Deprecation(ctx, "online-images", "--offline-images=false is deprecated and will be removed in a future kluctl release.")
+	}
 	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.imageFlags.OfflineImages || args.forCompletion)
 	if err != nil {
 		return err
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index c08d93b4b..dbdf48621 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -98,7 +98,10 @@ Image arguments:
                                          '--fixed-image=image<:namespace:deployment:container>=result'
       --fixed-images-file existingfile   Use .yaml file to pin image versions. See output of list-images
                                          sub-command or read the documentation for details about the output format
-      --offline-images                   Omit contacting image registries and do not query for latest image tags.
+      --offline-images                   DEPRECATED: Omit contacting image registries and do not query for latest
+                                         image tags. This flag is by default set to true. At the same time, the
+                                         whole requesting of image tags from registries functionality is
+                                         deprecated and will be removed from kluctl in a future release. (default true)
   -u, --update-images                    This causes kluctl to prefer the latest image found in registries, based
                                          on the 'latest_image' filters provided to 'images.get_image(...)' calls.
                                          Use this flag if you want to update to the latest versions/tags of all
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 05678dd8c..6d059e96c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -592,7 +592,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			}
 
 			// Resolve image placeholders
-			err := images.ResolvePlaceholders(di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys(), di.VarsCtx.Vars)
+			err := images.ResolvePlaceholders(di.ctx.Ctx, di.ctx.K, o, di.RelRenderedDir, di.Tags.ListKeys(), di.VarsCtx.Vars)
 			if err != nil {
 				errs = multierror.Append(errs, err)
 			}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 24964fe94..076350faf 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -2,10 +2,12 @@ package deployment
 
 import (
 	"bytes"
+	"context"
 	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -158,8 +160,9 @@ const beginPlaceholder = "XXXXXbegin_get_image_"
 const endPlaceholder = "_end_get_imageXXXXX"
 
 type placeHolder struct {
-	Image         string `yaml:"image"`
-	LatestVersion string `yaml:"latestVersion"`
+	Image            string `yaml:"image"`
+	LatestVersion    string `yaml:"latestVersion"`
+	HasLatestVersion bool   `yaml:"hasLatestVersion"`
 
 	Container string
 
@@ -240,7 +243,7 @@ func (images *Images) FindPlaceholders(o *uo.UnstructuredObject) ([]placeHolder,
 	return ret, nil
 }
 
-func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string, vars *uo.UnstructuredObject) error {
+func (images *Images) ResolvePlaceholders(ctx context.Context, k *k8s.K8sCluster, o *uo.UnstructuredObject, deploymentDir string, tags []string, vars *uo.UnstructuredObject) error {
 	placeholders, err := images.FindPlaceholders(o)
 	if err != nil {
 		return err
@@ -276,7 +279,7 @@ func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredO
 			}
 		}
 
-		resultImage, err := images.resolveImage(ph, ref, deployment, deployed, deploymentDir, tags, vars)
+		resultImage, err := images.resolveImage(ctx, ph, ref, deployment, deployed, deploymentDir, tags, vars)
 		if err != nil {
 			return err
 		}
@@ -293,12 +296,16 @@ func (images *Images) ResolvePlaceholders(k *k8s.K8sCluster, o *uo.UnstructuredO
 	return nil
 }
 
-func (images *Images) resolveImage(ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string, vars *uo.UnstructuredObject) (*string, error) {
+func (images *Images) resolveImage(ctx context.Context, ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string, vars *uo.UnstructuredObject) (*string, error) {
 	fixed, err := images.getFixedImage(ph.Image, ref.Namespace, deployment, ph.Container, vars)
 	if err != nil {
 		return nil, err
 	}
 
+	if ph.HasLatestVersion {
+		status.Deprecation(ctx, "latest-version-filter", "latest_version is deprecated when using images.get_image()")
+	}
+
 	registry, err := images.GetLatestImageFromRegistry(ph.Image, ph.LatestVersion)
 	if err != nil {
 		return nil, err
diff --git a/pkg/kluctl_jinja2/ext/images_ext.py b/pkg/kluctl_jinja2/ext/images_ext.py
index 4c363b194..ba523653a 100644
--- a/pkg/kluctl_jinja2/ext/images_ext.py
+++ b/pkg/kluctl_jinja2/ext/images_ext.py
@@ -12,11 +12,15 @@ def __init__(self, environment):
         environment.globals.update(self.build_images_vars())
 
     def get_image_wrapper(self, image, latest_version=None):
+        has_latest_version = False
         if latest_version is None:
             latest_version = "semver()"
+        else:
+            has_latest_version = True
         placeholder = {
             "image": image,
             "latestVersion": str(latest_version),
+            "hasLatestVersion": has_latest_version,
         }
         j = json.dumps(placeholder)
         j = base64.b64encode(j.encode("utf8")).decode("utf8")

From 7417b33c01dde40f8255aa1b5ea30a2af189125e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 09:11:09 +0100
Subject: [PATCH 0763/2268] feat: Deprecate check-image-updates command

---
 cmd/kluctl/commands/cmd_check_image_updates.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 64471dd3b..7e7966ed0 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -19,10 +19,11 @@ type checkImageUpdatesCmd struct {
 }
 
 func (cmd *checkImageUpdatesCmd) Help() string {
-	return `This is based on a best effort approach and might give many false-positives.`
+	return `DEPRECATED: This is based on a best effort approach and might give many false-positives.`
 }
 
 func (cmd *checkImageUpdatesCmd) Run(ctx context.Context) error {
+	status.Deprecation(ctx, "check-image-updates", "check-image-updates is deprecated and will be removed in a future kluctl release.")
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,

From 8aa562d77d8abb2bb4e97bc94356e39592db2516 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 09:11:59 +0100
Subject: [PATCH 0764/2268] fix: Show deprecation message for sealedSecrets
 config

---
 pkg/deployment/deployment_project.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 9f3909ab7..7ee143f3d 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -60,6 +61,10 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 		return nil, fmt.Errorf("failed to load includes for %s: %w", dir, err)
 	}
 
+	if dp.Config.SealedSecrets != nil {
+		status.Deprecation(ctx.Ctx, "sealed-secrets-config", "'sealedSecrets' is deprecated in deployment projects. Support for it will be removed in a future kluctl release.")
+	}
+
 	return dp, nil
 }
 

From a48e3a3e877e7f503a1164a13243203ae60211c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 09:56:29 +0100
Subject: [PATCH 0765/2268] docs: Update docs in regard to images.get_image
 changes

---
 docs/reference/deployments/images.md          | 127 +++++++-----------
 .../kluctl-project/targets/README.md          |   2 +-
 .../templating/predefined-variables.md        |   3 -
 3 files changed, 50 insertions(+), 82 deletions(-)

diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
index b6270cf7d..0328b5403 100644
--- a/docs/reference/deployments/images.md
+++ b/docs/reference/deployments/images.md
@@ -13,54 +13,26 @@ description: >
 
 There are usually 2 different scenarios where Container Images need to be specified:
 1. When deploying third party applications like nginx, redis, ... (e.g. via the [Helm integration](./helm.md)). <br>
-   * In this case, image versions/tags rarely change, and if they do, this is an explicit change to the deployment.
-1. When deploying your own applications. <br>
-   * In this case, image versions/tags might change very rapidly, sometimes multiple times per hour. It would be too much
-     effort and overhead when this would be managed explicitly via your deployment. Even with Jinja2 templating, this
-     would be hard to maintain.
+   * In this case, image versions/tags rarely change, and if they do, this is an explicit change to the deployment. This
+     means it's fine to have the image versions/tags directly in the deployment manifests.
+2. When deploying your own applications. <br>
+   * In this case, image versions/tags might change very rapidly, sometimes multiple times per hour. Having these
+     versions/tags directly in the deployment manifests can easily lead to commit spam and hard to manage 
+     multi-environment deployments.
      
 kluctl offers a better solution for the second case.
 
-## Dynamic versions/tags
-
-kluctl is able to ask the used container registry for a list of tags/versions available for an image. It then can
-sort the list of images via a configurable order and then use the latest image for your deployment.
-
-It however only does this when the involved resource (e.g. a `Deployment` or `StatefulSet`) is not yet deployed. In case
-it is already deployed, the already deployed image will be reused to avoid undesired re-deployment/re-starting of
-otherwise unchanged resources.
-
 ## images.get_image()
 
 This is solved via a templating function that is available in all templates/resources. The function is part of the global
 `images` object and expects the following arguments:
 
-`images.get_image(image, latest_version)`
+`images.get_image(image)`
 
 * image
-    * The image location, excluding the tag. Please see [supported image registries](#supported-image-registries-and-authentication) to
-      understand which registries are supported.`
-* latest_version
-    * Configures how tags/versions are sorted and thus how the latest image is determined. Can be:
-        * `version.semver()` <br>
-          Filters and sorts by loose semantic versioning. Versions must start with a number. It allows unlimited
-          `.` inside the version. It treats versions with a suffix as less then versions without a suffix
-          (e.g. 1.0-rc1 < 1.0). Two versions which only differ by suffix are sorted semantically.
-        * `version.prefix(prefix)` <br>
-          Only allows tags with the given prefix and then applies the same logic as images.semver() to whatever
-          follows right after the prefix. You can override the handling of the right part by providing `suffix=xxx`,
-          while `xxx` is another version filter, e.g. `version.prefix("master-", suffix=version.number())
-        * `version.number()` <br>
-          Only allows plain numbers as version numbers sorts them accordingly.
-        * `version.regex(regex)` <br>
-          Only allows versions/tags that match the given regex. Sorting is done the same way as in version.semver(),
-          except that versions do not necessarily need to start with a number.
-
-The mentioned version filters must be specified as strings. For example,
-
-`images.get_version("my-image", "prefix('master-', suffix=number())")`.
-
-If no version_filter is specified, then it defaults to `"semver()"`.
+    * The image name/repository. It is looked up the list of fixed images.
+
+The function will lookup the given image in the list of fixed images and return the last match.
 
 Example deployment:
 
@@ -77,59 +49,58 @@ spec:
         image: "{{ images.get_image('registry.gitlab.com/my-group/my-project') }}"
 ```
 
-## Always using the latest images
-If you want to use the latest image no matter if an older version is already deployed, use the `-u` flag to your 
-`deploy`, `diff` or `list-images` commands.
+## Fixed images
 
-You can restrict updating to individual images by using `-I/--include-tag`. This is useful when using CI/CD for example,
-where you often want to perform a deployment that only updates a single application/service from your large deployment.
+Fixed images can be configured multiple methods:
+1. Command line argument `--fixed-image`
+2. Command line argument `--fixed-images-file`
+3. Target definition
+4. Global 'images' variable
 
-## Fixed images via CLI
-The described `images.get_image` logic however leads to a loosely defined state on your target cluster/environment. This
-might be fine in a CI/CD environment, but might be undesired when deploying to production. In that case, it might be
-desirable to explicitly define which versions need to be deployed.
+## Command line argument `--fixed-image`
 
-To achieve this, you can use the `-F FIXED_IMAGE` [argument](../commands/common-arguments.md#image-arguments).
-`FIXED_IMAGE` must be in the form of `-F image<:namespace:deployment:container>=result`. For example, to pin the image
-`registry.gitlab.com/my-group/my-project` to the tag `1.1.2` you'd have to specify
-`-F registry.gitlab.com/my-group/my-project=registry.gitlab.com/my-group/my-project:1.1.2`.
+You can pass fixed images configuration via the `--fixed-image` [argument](../commands/common-arguments.md#image-arguments).
+Due to [environment variables support](../commands/environment-variables.md) in the CLI, you can also use the
+environment variable `KLUCTL_FIXED_IMAGE_XXX` to configure fixed images.
 
-## Fixed images via a yaml file
+The format of the `--fixed-image` argument is `--fixed-image image<:namespace:deployment:container>=result`. The simplest
+example is `--fixed-image registry.gitlab.com/my-group/my-project=registry.gitlab.com/my-group/my-project:1.1.2`.
 
-As an alternative to specifying each fixed image via CLI (`--fixed-images-file=<file>`), you can also specify a single
-yaml file via CLI which then contains a list of entries that define image/deployment -> imageResult mappings.
+## Command line argument `--fixed-images-file`
 
-An example fixed-images files looks like this:
+You can also configure fixed images via a yaml file by using `--fixed-images-file /path/to/fixed-images.yaml`.
+file:
 
 ```yaml
 images:
   - image: registry.gitlab.com/my-group/my-project
-    resultImage: registry.gitlab.com/my-group/my-project:1.1.0
-  - image: registry.gitlab.com/my-group/my-project2
-    resultImage: registry.gitlab.com/my-group/my-project2:2.0.0
-  - deployment: StatefulSet/my-sts
-    resultImage: registry.gitlab.com/my-group/my-project3:1.0.0
+    resultImage: registry.gitlab.com/my-group/my-project:1.1.2
+```
+
+The file must contain a single root list named `images` with each entry having the following form:
+
+```yaml
+images:
+  - image: <image_name>
+    resultImage: <result_image>
+    # optional fields
+    namespace: <namespace>
+    deployment: <kind>/<name>
+    container: <name>
 ```
 
-You can also take an existing deployment and export the already deployed image versions into a fixed-images file by
-using the `list-images` command. It will produce a compatible fixed-images file based on the calls to
-`images.get_image` if a deployment would be performed with the given arguments. The result of that call is quite
-expressive, as it contains all the information gathered while images were collected. Use `--simple` to only return
-a list with image -> resultImage mappings.
+`image` and `resultImage` are required. All the other fields are optional and allow to specify in detail for which
+object the fixed is specified.
+
+## Target definition
 
-## Supported image registries and authentication
-All [v2 API](https://docs.docker.com/registry/spec/api/) based image registries are supported, including the Docker Hub,
-Gitlab, and many more. Private registries will need credentials to be setup correctly. This can be done by locally
-logging in via `docker login <registry>` or by specifying the following environment variables:
+The [target](../kluctl-project/targets/README.md#targets) definition can optionally specify an `images` field that can
+contain the same fixed images configuration as found in the `--fixed-images-file` file.
 
-Simply set the following environment variables to pass credentials to you private repository:
-1. KLUCTL_REGISTRY_HOST=registry.example.com
-2. KLUCTL_REGISTRY_USERNAME=username
-3. KLUCTL_REGISTRY_PASSWORD=password
+## Global 'images' variable
 
-You can also pass credentials for more registries by adding an index to the environment variables,
-e.g. "KLUCTL_REGISTRY_1_HOST=registry.gitlab.com"
+You can also define a global variable named `images` via one of the [variable sources](../templating/variable-sources.md).
+This variable must be a list of the same format as the images list in the `--fixed-images-file` file.
 
-In case your registry uses self-signed TLS certificates, it is currently required to disable TLS verification for these.
-You can do this via `KLUCTL_REGISTRY_TLSVERIFY=1`/`KLUCTL_REGISTRY_<idx>_TLSVERIFY=1` for the corresponding
-`KLUCTL_REGISTRY_HOST`/`KLUCTL_REGISTRY_<idx>_HOST` or by globally disabling it via `KLUCTL_REGISTRY_DEFAULT_TLSVERIFY=1`.
+This option allows to externalize fixed images configuration, meaning that you can maintain image versions outside
+the deployment project, e.g. in another [Git repository](../templating/variable-sources.md#git).
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index 74673d86d..4dc644fc1 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -54,7 +54,7 @@ have higher priority.
 
 ## images
 This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images.md#imagesget_image).
-The format is identical to the [fixed images file](../../deployments/images.md#fixed-images-via-a-yaml-file).
+The format is identical to the [fixed images file](../../deployments/images.md#command-line-argument---fixed-images-file).
 
 The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
 have higher priority.
diff --git a/docs/reference/templating/predefined-variables.md b/docs/reference/templating/predefined-variables.md
index a547e1d86..bb1fe4d53 100644
--- a/docs/reference/templating/predefined-variables.md
+++ b/docs/reference/templating/predefined-variables.md
@@ -23,6 +23,3 @@ This is the target definition of the currently processed target. It contains all
 
 ### images
 This global object provides the dynamic images features described in [images](../deployments/images.md).
-
-### version
-This global object defines latest version filters for `images.get_image(...)`. See [images](../deployments/images.md) for details.

From 777f6875432b322f8d3556ab3f78629fe5c7bea7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:25:05 +0100
Subject: [PATCH 0766/2268] docs: Add docs for sha256 filter

---
 docs/reference/templating/filters.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/templating/filters.md b/docs/reference/templating/filters.md
index 6495f57cd..5fed49201 100644
--- a/docs/reference/templating/filters.md
+++ b/docs/reference/templating/filters.md
@@ -84,5 +84,11 @@ Renders the input string with the current Jinja2 context. Example:
 {{ a | render }}
 ```
 
+### sha256
+Calculates the sha256 digest of the input string. Example:
+```
+{{ "some-string" | sha256 }}
+```
+
 ### slugify
 Slugify a string based on [python-slugify](https://github.com/un33k/python-slugify).

From b34e771907f7f33c205afa3c2b2486e07f529b79 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:26:12 +0100
Subject: [PATCH 0767/2268] feat: Rename kluctl.io/kustomize_dir annotation to
 kluctl.io/deployment-item-dir

---
 pkg/deployment/deployment_item.go            | 3 +--
 pkg/deployment/utils/remote_objects_utils.go | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 6d059e96c..b32964eae 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -104,9 +104,8 @@ func (di *DeploymentItem) getCommonLabels() map[string]string {
 }
 
 func (di *DeploymentItem) getCommonAnnotations() map[string]string {
-	// TODO change it to kluctl.io/deployment_dir
 	a := map[string]string{
-		"kluctl.io/kustomize_dir": filepath.ToSlash(di.RelToSourceItemDir),
+		"kluctl.io/deployment-item-dir": filepath.ToSlash(di.RelToSourceItemDir),
 	}
 	if di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 1ff37177f..ff505702e 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -237,7 +237,7 @@ func (u *RemoteObjectUtils) getInclusionEntries(o *uo.UnstructuredObject) []util
 		})
 	}
 
-	if itemDir := o.GetK8sAnnotation("kluctl.io/kustomize_dir"); itemDir != nil {
+	if itemDir := o.GetK8sAnnotation("kluctl.io/deployment-item-dir"); itemDir != nil {
 		iv = append(iv, utils.InclusionEntry{
 			Type:  "deploymentItemDir",
 			Value: *itemDir,

From 0e4a304ada84217c3d38aa142c1d281151982bd9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:29:58 +0100
Subject: [PATCH 0768/2268] refactor: Pass external args via loadArgs instead
 of TargetContextParams

---
 cmd/kluctl/commands/cmd_list_targets.go |  2 +-
 cmd/kluctl/commands/cmd_seal.go         |  2 +-
 cmd/kluctl/commands/completion.go       | 19 +++++++-----
 cmd/kluctl/commands/utils.go            | 41 +++++++++++++------------
 pkg/kluctl_project/project_load.go      |  2 ++
 pkg/kluctl_project/target_context.go    |  9 +++---
 pkg/kluctl_project/targets.go           |  7 ++---
 7 files changed, 46 insertions(+), 36 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 91eacf231..dca1b646d 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.DynamicTargets {
 			result = append(result, t.Target)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 18fd57647..ec00b4612 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -155,7 +155,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 }
 
 func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		baseTargets := make(map[string]bool)
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 32ffab84f..225ae0fba 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -16,6 +16,7 @@ import (
 func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) error {
 	v := reflect.ValueOf(cmdStruct).Elem()
 	projectFlags := v.FieldByName("ProjectFlags")
+	argsFlags := v.FieldByName("ArgsFlags")
 	targetFlags := v.FieldByName("TargetFlags")
 	inclusionFlags := v.FieldByName("InclusionFlags")
 	imageFlags := v.FieldByName("ImageFlags")
@@ -23,7 +24,11 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	ctx := context.Background()
 
 	if projectFlags.IsValid() && targetFlags.IsValid() {
-		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(ctx, projectFlags.Addr().Interface().(*args.ProjectFlags)))
+		var argsFlag2 *args.ArgsFlags
+		if argsFlags.IsValid() {
+			argsFlag2 = argsFlags.Addr().Interface().(*args.ArgsFlags)
+		}
+		_ = ccmd.RegisterFlagCompletionFunc("target", buildTargetCompletionFunc(ctx, projectFlags.Addr().Interface().(*args.ProjectFlags), argsFlag2))
 	}
 
 	if projectFlags.IsValid() && inclusionFlags.IsValid() {
@@ -42,18 +47,18 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	return nil
 }
 
-func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, *projectArgs, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
 
-func buildTargetCompletionFunc(ctx context.Context, projectArgs *args.ProjectFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+func buildTargetCompletionFunc(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
-		err := withProjectForCompletion(ctx, projectArgs, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, projectArgs, argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			for _, t := range p.DynamicTargets {
 				ret = append(ret, t.Target.Name)
 			}
@@ -99,7 +104,7 @@ func buildInclusionCompletionFunc(ctx context.Context, cmdStruct interface{}, fo
 		var deploymentItemDirs utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
@@ -153,7 +158,7 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 		var images utils.OrderedMap
 		var mutex sync.Mutex
 
-		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
 				for _, t := range p.DynamicTargets {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 909a14c3b..3259ab704 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -25,7 +25,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd/api"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -80,10 +80,30 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	rp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer rp.Clear()
 
+	var externalArgs *uo.UnstructuredObject
+	if argsFlags != nil {
+		optionArgs, err := deployment.ParseArgs(argsFlags.Arg)
+		if err != nil {
+			return err
+		}
+		externalArgs, err = deployment.ConvertArgsToVars(optionArgs, true)
+		if err != nil {
+			return err
+		}
+		for _, a := range argsFlags.ArgsFromFile {
+			optionArgs2, err := uo.FromFile(a)
+			if err != nil {
+				return err
+			}
+			externalArgs.Merge(optionArgs2)
+		}
+	}
+
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
 		RepoRoot:           repoRoot,
 		ProjectDir:         projectDir,
 		ProjectConfig:      projectFlags.ProjectConfig.String(),
+		ExternalArgs:       externalArgs,
 		RP:                 rp,
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
@@ -119,7 +139,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, args.projectFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
@@ -151,22 +171,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		return err
 	}
 
-	optionArgs, err := deployment.ParseArgs(args.argsFlags.Arg)
-	if err != nil {
-		return err
-	}
-	optionArgs2, err := deployment.ConvertArgsToVars(optionArgs, true)
-	if err != nil {
-		return err
-	}
-	for _, a := range args.argsFlags.ArgsFromFile {
-		optionArgs3, err := uo.FromFile(a)
-		if err != nil {
-			return err
-		}
-		optionArgs2.Merge(optionArgs3)
-	}
-
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
 		tmpDir, err := os.MkdirTemp(p.TmpDir, "rendered")
@@ -184,7 +188,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		OfflineK8s:         args.offlineKubernetes,
 		K8sVersion:         args.kubernetesVersion,
 		DryRun:             args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
-		ExternalArgs:       optionArgs2,
 		ForSeal:            args.forSeal,
 		Images:             images,
 		Inclusion:          inclusion,
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index c397e5190..2af17c0d0 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -15,6 +16,7 @@ type LoadKluctlProjectArgs struct {
 	RepoRoot      string
 	ProjectDir    string
 	ProjectConfig string
+	ExternalArgs  *uo.UnstructuredObject
 
 	SopsDecrypter *decryptor.Decryptor
 	RP            *repocache.GitRepoCache
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 1ccf21812..0a5e46627 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -34,7 +34,6 @@ type TargetContextParams struct {
 	OfflineK8s         bool
 	K8sVersion         string
 	DryRun             bool
-	ExternalArgs       *uo.UnstructuredObject
 	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
@@ -73,7 +72,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	}
 	target.Context = &clusterContext
 
-	varsCtx, err := p.buildVars(target, params.ExternalArgs, params.ForSeal)
+	varsCtx, err := p.buildVars(target, params.ForSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -160,7 +159,7 @@ func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s boo
 	return clientConfig, "", nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.UnstructuredObject, forSeal bool) (*vars.VarsCtx, error) {
+func (p *LoadedKluctlProject) buildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
 	varsCtx := vars.NewVarsCtx(p.J2)
 
 	targetVars, err := uo.FromStruct(target)
@@ -181,7 +180,9 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, externalArgs *uo.U
 			}
 		}
 	}
-	allArgs.Merge(externalArgs)
+	if p.loadArgs.ExternalArgs != nil {
+		allArgs.Merge(p.loadArgs.ExternalArgs)
+	}
 
 	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
 	if err != nil {
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index e32f627c8..eda785735 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
 	"regexp"
@@ -52,7 +51,8 @@ func (c *LoadedKluctlProject) loadTargets() error {
 
 		err = c.renderTarget(target)
 		if err != nil {
-			return err
+			status.Warning(c.ctx, "Failed to load target %s: %v", target.Name, err)
+			continue
 		}
 
 		if _, ok := targetNames[target.Name]; ok {
@@ -77,8 +77,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 
 	var errors []error
 	for i := 0; i < 10; i++ {
-		varsCtx := vars.NewVarsCtx(c.J2)
-		err := varsCtx.UpdateChildFromStruct("target", target)
+		varsCtx, err := c.buildVars(target, false)
 		if err != nil {
 			return err
 		}

From ce578df1ffc05554ca2844d56819508d609cc14d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:31:06 +0100
Subject: [PATCH 0769/2268] feat: Implement deployment/target discriminator

---
 cmd/kluctl/commands/cmd_delete.go             | 14 +++-----
 cmd/kluctl/commands/cmd_deploy.go             |  2 +-
 cmd/kluctl/commands/cmd_diff.go               |  2 +-
 cmd/kluctl/commands/cmd_prune.go              |  2 +-
 cmd/kluctl/commands/cmd_validate.go           |  2 +-
 pkg/deployment/commands/delete.go             | 36 ++++++-------------
 pkg/deployment/commands/deploy.go             | 18 +++++++---
 pkg/deployment/commands/diff.go               | 18 +++++++---
 pkg/deployment/commands/prune.go              | 15 +++++---
 pkg/deployment/commands/validate.go           | 13 ++++---
 pkg/deployment/deployment_item.go             |  3 ++
 pkg/deployment/shared_context.go              |  1 +
 pkg/deployment/utils/remote_objects_utils.go  | 20 +++++++----
 .../utils/remote_objects_utils_test.go        |  5 +--
 pkg/kluctl_project/target_context.go          |  1 +
 pkg/kluctl_project/targets.go                 |  3 ++
 pkg/types/kluctl_project.go                   |  2 ++
 17 files changed, 94 insertions(+), 63 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index bdac4154e..751410b04 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -25,7 +24,7 @@ type deleteCmd struct {
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
 
-	DeleteByLabel []string `group:"misc" short:"l" help:"Override the labels used to find objects for deletion."`
+	Discriminator string `group:"misc" help:"Override the discriminator used to find objects for deletion."`
 }
 
 func (cmd *deleteCmd) Help() string {
@@ -48,14 +47,11 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(cmdCtx.targetCtx.DeploymentCollection)
-
-		deleteByLabels, err := deployment.ParseArgs(cmd.DeleteByLabel)
-		if err != nil {
-			return err
+		discriminator := cmdCtx.targetCtx.Target.Discriminator
+		if cmd.Discriminator != "" {
+			discriminator = cmd.Discriminator
 		}
-
-		cmd2.OverrideDeleteByLabels = deleteByLabels
+		cmd2 := commands.NewDeleteCommand(discriminator, cmdCtx.targetCtx.DeploymentCollection.Inclusion)
 
 		objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 624d6b6e3..083a97e26 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -55,7 +55,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
 	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
 
-	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx.DeploymentCollection)
+	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 	cmd2.ForceApply = cmd.ForceApply
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
 	cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index a32991d41..b04ff519d 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -39,7 +39,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 		cmd2.ForceApply = cmd.ForceApply
 		cmd2.ReplaceOnError = cmd.ReplaceOnError
 		cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 9c887eb1c..5b542cd27 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -45,7 +45,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 }
 
 func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
-	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.DeploymentCollection)
+	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 	objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 26b43da2f..532f52e28 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -39,7 +39,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		startTime := time.Now()
-		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 		for true {
 			result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
 			if err != nil {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 6a3040cda..da6d7e5d9 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -11,41 +10,28 @@ import (
 )
 
 type DeleteCommand struct {
-	c                      *deployment.DeploymentCollection
-	OverrideDeleteByLabels map[string]string
+	discriminator string
+	inclusion     *utils.Inclusion
 }
 
-func NewDeleteCommand(c *deployment.DeploymentCollection) *DeleteCommand {
+func NewDeleteCommand(discriminator string, inclusion *utils.Inclusion) *DeleteCommand {
 	return &DeleteCommand{
-		c: c,
+		discriminator: discriminator,
+		inclusion:     inclusion,
 	}
 }
 
 func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
-	dew := utils2.NewDeploymentErrorsAndWarnings()
-
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-
-	var labels map[string]string
-	if len(cmd.OverrideDeleteByLabels) != 0 {
-		labels = cmd.OverrideDeleteByLabels
-	} else {
-		labels = cmd.c.Project.GetCommonLabels()
-	}
-
-	if len(labels) == 0 {
-		return nil, fmt.Errorf("deletion without using commonLabels in the root deployment.yaml is not allowed")
-	}
-
-	var inclusion *utils.Inclusion
-	if cmd.c != nil {
-		inclusion = cmd.c.Inclusion
+	if cmd.discriminator == "" {
+		return nil, fmt.Errorf("deletion without a discriminator is not supported")
 	}
 
-	err := ru.UpdateRemoteObjects(k, labels, nil, false)
+	dew := utils2.NewDeploymentErrorsAndWarnings()
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
+	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
 
-	return utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(inclusion), inclusion.HasType("tags"), nil)
+	return utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(cmd.inclusion), cmd.inclusion.HasType("tags"), nil)
 }
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index bbf4284dc..cb3721b41 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -2,15 +2,19 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"time"
 )
 
 type DeployCommand struct {
-	c *deployment.DeploymentCollection
+	c             *deployment.DeploymentCollection
+	discriminator string
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -20,17 +24,23 @@ type DeployCommand struct {
 	NoWait              bool
 }
 
-func NewDeployCommand(c *deployment.DeploymentCollection) *DeployCommand {
+func NewDeployCommand(discriminator string, c *deployment.DeploymentCollection) *DeployCommand {
 	return &DeployCommand{
-		c: c,
+		discriminator: discriminator,
+		c:             c,
 	}
 }
 
 func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *types.CommandResult) error) (*types.CommandResult, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
+	if cmd.discriminator == "" {
+		status.Warning(ctx, "No discriminator configured. Orphan object detection will not work")
+		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
+	}
+
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), false)
+	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 890908fc0..ff8e8f0ca 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -2,14 +2,18 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
 type DiffCommand struct {
-	c *deployment.DeploymentCollection
+	c             *deployment.DeploymentCollection
+	discriminator string
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -19,17 +23,23 @@ type DiffCommand struct {
 	IgnoreAnnotations   bool
 }
 
-func NewDiffCommand(c *deployment.DeploymentCollection) *DiffCommand {
+func NewDiffCommand(discriminator string, c *deployment.DeploymentCollection) *DiffCommand {
 	return &DiffCommand{
-		c: c,
+		discriminator: discriminator,
+		c:             c,
 	}
 }
 
 func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
+	if cmd.discriminator == "" {
+		status.Warning(ctx, "No discriminator configured. Orphan object detection will not work")
+		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
+	}
+
 	ru := utils.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), false)
+	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index e3b5f4689..4b7a32cfe 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -9,20 +10,26 @@ import (
 )
 
 type PruneCommand struct {
-	c *deployment.DeploymentCollection
+	discriminator string
+	c             *deployment.DeploymentCollection
 }
 
-func NewPruneCommand(c *deployment.DeploymentCollection) *PruneCommand {
+func NewPruneCommand(discriminator string, c *deployment.DeploymentCollection) *PruneCommand {
 	return &PruneCommand{
-		c: c,
+		discriminator: discriminator,
+		c:             c,
 	}
 }
 
 func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
+	if cmd.discriminator == "" {
+		return nil, fmt.Errorf("pruning without a discriminator is not supported")
+	}
+
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), nil, false)
+	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 010fa9868..f279d5042 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -11,15 +11,18 @@ import (
 )
 
 type ValidateCommand struct {
-	c   *deployment.DeploymentCollection
+	c             *deployment.DeploymentCollection
+	discriminator string
+
 	dew *utils2.DeploymentErrorsAndWarnings
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(ctx context.Context, c *deployment.DeploymentCollection) *ValidateCommand {
+func NewValidateCommand(ctx context.Context, discriminator string, c *deployment.DeploymentCollection) *ValidateCommand {
 	cmd := &ValidateCommand{
-		c:   c,
-		dew: utils2.NewDeploymentErrorsAndWarnings(),
+		c:             c,
+		discriminator: discriminator,
+		dew:           utils2.NewDeploymentErrorsAndWarnings(),
 	}
 	cmd.ru = utils2.NewRemoteObjectsUtil(ctx, cmd.dew)
 	return cmd
@@ -31,7 +34,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 
 	cmd.dew.Init()
 
-	err := cmd.ru.UpdateRemoteObjects(k, cmd.c.Project.GetCommonLabels(), cmd.c.LocalObjectRefs(), true)
+	err := cmd.ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), true)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b32964eae..607ded1dd 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -95,6 +95,9 @@ func NewDeploymentItem(ctx SharedContext, project *DeploymentProject, collection
 
 func (di *DeploymentItem) getCommonLabels() map[string]string {
 	l := di.Project.GetCommonLabels()
+	if di.ctx.Discriminator != "" {
+		l["kluctl.io/discriminator"] = di.ctx.Discriminator
+	}
 	i := 0
 	for _, t := range di.Tags.ListKeys() {
 		l[fmt.Sprintf("kluctl.io/tag-%d", i)] = t
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 859f194ae..9b20d151b 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -18,6 +18,7 @@ type SharedContext struct {
 	VarsLoader      *vars.VarsLoader
 	HelmCredentials helm.HelmCredentialsProvider
 
+	Discriminator                     string
 	RenderDir                         string
 	SealedSecretsDir                  string
 	DefaultSealedSecretsOutputPattern string
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index ff505702e..37e078595 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -30,13 +30,21 @@ func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings)
 	}
 }
 
-func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]string, onlyUsedGKs map[schema.GroupKind]bool) error {
+func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminator *string, onlyUsedGKs map[schema.GroupKind]bool) error {
 	var mutex sync.Mutex
-	if len(labels) == 0 {
+	if discriminator == nil {
 		return nil
 	}
+	if *discriminator == "" {
+		status.Warning(u.ctx, "No discriminator configured for target, retrieval of remote objects will be slow.")
+		return nil
+	}
+
+	labels := map[string]string{
+		"kluctl.io/discriminator": *discriminator,
+	}
 
-	baseStatus := "Getting remote objects by commonLabels"
+	baseStatus := "Getting remote objects by discriminator"
 	s := status.Start(u.ctx, baseStatus)
 	defer s.Failed()
 
@@ -87,7 +95,7 @@ func (u *RemoteObjectUtils) getAllByLabels(k *k8s.K8sCluster, labels map[string]
 			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
 			s.Warning()
 			if permissionErrCount != 0 {
-				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering objects by labels. This might result in orphan object detection to not work properly"))
+				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"))
 			}
 		} else {
 			s.Success()
@@ -157,7 +165,7 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 	return g.ErrorOrNil()
 }
 
-func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[string]string, refs []k8s2.ObjectRef, onlyUsedGKs bool) error {
+func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator *string, refs []k8s2.ObjectRef, onlyUsedGKs bool) error {
 	if k == nil {
 		return nil
 	}
@@ -171,7 +179,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, labels map[st
 		}
 	}
 
-	err := u.getAllByLabels(k, labels, usedGKs)
+	err := u.getAllByDiscriminator(k, discriminator, usedGKs)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
index aaa1671a2..8ded2b28c 100644
--- a/pkg/deployment/utils/remote_objects_utils_test.go
+++ b/pkg/deployment/utils/remote_objects_utils_test.go
@@ -37,12 +37,13 @@ func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 
 	dew := NewDeploymentErrorsAndWarnings()
 	u := NewRemoteObjectsUtil(context.Background(), dew)
-	err = u.UpdateRemoteObjects(k, map[string]string{"l1": "v1"}, []k8s2.ObjectRef{
+	discriminator := "d"
+	err = u.UpdateRemoteObjects(k, &discriminator, []k8s2.ObjectRef{
 		k8s2.NewObjectRef("", "v1", "Secret", "secret", "default"),
 	}, false)
 	assert.NoError(t, err)
 	assert.Equal(t, []types.DeploymentError{{
-		Error: "at least one permission error was encountered while gathering objects by labels. This might result in orphan object detection to not work properly"},
+		Error: "at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"},
 	}, dew.GetWarningsList())
 	assert.Empty(t, dew.GetErrorsList())
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 0a5e46627..6ebb6fa86 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -109,6 +109,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		SopsDecrypter:                     p.SopsDecrypter,
 		VarsLoader:                        varsLoader,
 		HelmCredentials:                   params.HelmCredentials,
+		Discriminator:                     target.Discriminator,
 		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index eda785735..1577e230e 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -228,6 +228,9 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 	if err != nil {
 		return nil, err
 	}
+	if target.Discriminator == "" {
+		target.Discriminator = c.Config.Discriminator
+	}
 	if targetInfo.baseTarget.TargetConfig == nil {
 		return &target, nil
 	}
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 0266fa1a0..33078a4ae 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -34,6 +34,7 @@ type Target struct {
 	TargetConfig  *ExternalTargetConfig  `yaml:"targetConfig,omitempty"`
 	SealingConfig *SealingConfig         `yaml:"sealingConfig,omitempty"`
 	Images        []FixedImage           `yaml:"images,omitempty"`
+	Discriminator string                 `yaml:"discriminator,omitempty"`
 }
 
 type DynamicTarget struct {
@@ -66,4 +67,5 @@ type KluctlProject struct {
 	Targets       []*Target        `yaml:"targets,omitempty"`
 	Args          []*DeploymentArg `yaml:"args,omitempty"`
 	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
+	Discriminator string           `yaml:"discriminator,omitempty"`
 }

From 109d3a15d71398200801ad12f28ee984d6bea5fc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:31:20 +0100
Subject: [PATCH 0770/2268] fix: Properly fail if target rendering fails 10
 times

---
 pkg/kluctl_project/targets.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 1577e230e..66a5afb1f 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -75,7 +75,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 	// Try rendering the target multiple times, until all values can be rendered successfully. This allows the target
 	// to reference itself in complex ways. We'll also try loading the cluster vars in each iteration.
 
-	var errors []error
+	var retErr error
 	for i := 0; i < 10; i++ {
 		varsCtx, err := c.buildVars(target, false)
 		if err != nil {
@@ -86,11 +86,9 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 		if err == nil && !changed {
 			return nil
 		}
+		retErr = err
 	}
-	if len(errors) != 0 {
-		return errors[0]
-	}
-	return nil
+	return retErr
 }
 
 func (c *LoadedKluctlProject) prepareDynamicTargets(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {

From 93d346680d05d3cdbc6276d5ab70f2de9d8aca1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 14:02:02 +0100
Subject: [PATCH 0771/2268] chore(deps): Bump golang.org/x/net from 0.5.0 to
 0.6.0 (#305)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 0a9e7de6f..a768ee877 100644
--- a/go.mod
+++ b/go.mod
@@ -39,11 +39,11 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.5.0
-	golang.org/x/net v0.5.0
+	golang.org/x/net v0.6.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.5.0
 	golang.org/x/term v0.5.0
-	golang.org/x/text v0.6.0
+	golang.org/x/text v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.10.3
diff --git a/go.sum b/go.sum
index a8302d9d2..f4d6f2911 100644
--- a/go.sum
+++ b/go.sum
@@ -971,8 +971,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1090,8 +1090,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From da919e0417a9cc8e7110d9f3b1e8dac21e0fed5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 14:02:44 +0100
Subject: [PATCH 0772/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#306)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a768ee877..eda6b6dc8 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
-	github.com/google/go-containerregistry v0.12.1
+	github.com/google/go-containerregistry v0.13.0
 	github.com/hashicorp/vault/api v1.8.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
diff --git a/go.sum b/go.sum
index f4d6f2911..c5834f9a6 100644
--- a/go.sum
+++ b/go.sum
@@ -392,8 +392,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8=
-github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k=
+github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
+github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 086645a5032bc4290254da13a9842f556a91935d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 14:04:41 +0100
Subject: [PATCH 0773/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.14.1 to 0.14.4 (#307)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.1 to 0.14.4.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.1...v0.14.4)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eda6b6dc8..9ca767700 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/onsi/gomega v1.26.0
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	sigs.k8s.io/controller-runtime v0.14.1
+	sigs.k8s.io/controller-runtime v0.14.4
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/yaml v1.3.0
 )
diff --git a/go.sum b/go.sum
index c5834f9a6..56a342515 100644
--- a/go.sum
+++ b/go.sum
@@ -1346,8 +1346,8 @@ oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.14.1 h1:vThDes9pzg0Y+UbCPY3Wj34CGIYPgdmspPm2GIpxpzM=
-sigs.k8s.io/controller-runtime v0.14.1/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU=
+sigs.k8s.io/controller-runtime v0.14.4 h1:Kd/Qgx5pd2XUL08eOV2vwIq3L9GhIbJ5Nxengbd4/0M=
+sigs.k8s.io/controller-runtime v0.14.4/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From 5f8a882f6d5970277d297e66d92299ed5e3bae59 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Feb 2023 14:41:24 +0100
Subject: [PATCH 0774/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.8.2 to 1.8.3 (#308)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 9ca767700..984ecb0dc 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/google/go-containerregistry v0.13.0
-	github.com/hashicorp/vault/api v1.8.2
+	github.com/hashicorp/vault/api v1.8.3
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
@@ -172,7 +172,7 @@ require (
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/sdk v0.6.1 // indirect
+	github.com/hashicorp/vault/sdk v0.7.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
diff --git a/go.sum b/go.sum
index 56a342515..931147457 100644
--- a/go.sum
+++ b/go.sum
@@ -493,10 +493,10 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
-github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
-github.com/hashicorp/vault/sdk v0.6.1 h1:sjZC1z4j5Rh2GXYbkxn5BLK05S1p7+MhW4AgdUmgRUA=
-github.com/hashicorp/vault/sdk v0.6.1/go.mod h1:Ck4JuAC6usTphfrrRJCRH+7/N7O2ozZzkm/fzQFt4uM=
+github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
+github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
+github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
+github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=

From 93853f1132872210c4d7e2e690f46a50ef15953f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 17:42:50 +0100
Subject: [PATCH 0775/2268] tests: Fix pruning tests

---
 e2e/inclusion_test.go     | 3 ++-
 e2e/test-utils/project.go | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 84b427c97..fee93caec 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
 	"reflect"
@@ -14,7 +15,7 @@ func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_utils.T
 
 	createNamespace(t, k, p.TestSlug())
 
-	p.UpdateTarget("test", nil)
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
 
 	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.TestSlug()})
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.TestSlug()})
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 63f918dea..74b64f2e2 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
+	"k8s.io/apimachinery/pkg/util/rand"
 	"net/url"
 	"os"
 	"os/exec"
@@ -78,6 +79,7 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p.gitServer.GitInit(p.gitRepoName)
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name }}", rand.String(16)), "discriminator")
 		return nil
 	})
 	p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {

From a21906e502cab23323b39a1c9971316435e9e945 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 20:12:24 +0100
Subject: [PATCH 0776/2268] docs: Run make replace-commands-help

---
 docs/reference/commands/delete.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index f75f0f77c..e8bb56368 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -34,7 +34,7 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-  -l, --delete-by-label stringArray                 Override the labels used to find objects for deletion.
+      --discriminator string                        Override the discriminator used to find objects for deletion.
       --dry-run                                     Performs all kubernetes API calls in dry-run mode.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where

From 653454c7ec90cbe800928b7fddfbecc05d67741a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 9 Feb 2023 14:55:34 +0100
Subject: [PATCH 0777/2268] docs: Add documentation about discriminators

---
 docs/reference/kluctl-project/README.md       |  9 +++++++
 .../kluctl-project/targets/README.md          | 25 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index e48f33f47..c42783829 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -19,6 +19,8 @@ available to invoke [commands](../commands) on.
 An example .kluctl.yaml looks like this:
 
 ```yaml
+discriminator: "my-project-{{ target.name }}"
+
 targets:
   # test cluster, dev env
   - name: dev
@@ -42,6 +44,13 @@ args:
 
 ## Allowed fields
 
+### discriminator
+
+Specifies a default discriminator template to be used for targets that don't have
+their own discriminator specified.
+
+See [target discriminator](./targets/README.md#discriminator) for details.
+
 ### targets
 
 Please check the [targets](./targets) sub-section for details.
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index 4dc644fc1..d3fea1d5f 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -32,6 +32,7 @@ targets:
     images:
       - image: my-image
         resultImage: my-image:1.2.3
+    discriminator: "my-project-{{ target.name }}"
 ...
 ```
 
@@ -58,3 +59,27 @@ The format is identical to the [fixed images file](../../deployments/images.md#c
 
 The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
 have higher priority.
+
+## discriminator
+
+Specifies a discriminator which is used to uniquely identify all deployed objects on the cluster. It is added to all
+objects as the value of the `kluctl.io/discriminator` label. This label is then later used to identify all objects
+belonging to the deployment project and target, so that Kluctl can determine which objects got orphaned and need to
+be pruned. The discriminator is also used to identify all objects that need to be deleted when
+[kluctl delete](../../commands/delete.md) is called.
+
+If no discriminator is set for a target, [kluctl prune](../../commands/prune.md) and
+[kluctl delete](../../commands/delete.md) are not supported.
+
+The discriminator can be a [template](../../templating/README.md) which is rendered at project loading time. While
+rendering, only the `target` and `args` are available as global variables in the templating context.
+
+The rendered discriminator should be unique on the target cluster to avoid mis-identification of objects from other
+deployments or targets. It's good practice to prefix the discriminator with a project name and at least use the target
+name to make it unique. Example discriminator to achieve this: `my-project-name-{{ target.name }}`.
+
+If a target is meant to be deployed multiple times, e.g. by using external [arguments](../README.md#args), the external
+arguments should be taken into account as well. Example: `my-project-name-{{ target.name }}-{{ args.environment_name }}`.
+
+A [default discriminator](../../kluctl-project/README.md#discriminator) can also be specified which is used whenever
+a target has no discriminator configured.

From 71c5825fa1530b483fb913ae89731d158c6ae468 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Feb 2023 08:08:57 +0100
Subject: [PATCH 0778/2268] chore(deps): Bump golang.org/x/crypto from 0.5.0 to
 0.6.0 (#310)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 984ecb0dc..73a6870d8 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.5.0
+	golang.org/x/crypto v0.6.0
 	golang.org/x/net v0.6.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.5.0
diff --git a/go.sum b/go.sum
index 931147457..555d4eddd 100644
--- a/go.sum
+++ b/go.sum
@@ -886,8 +886,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
-golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 7b0191038d4ba723fe8081e49e8fa64343668548 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Feb 2023 08:11:26 +0100
Subject: [PATCH 0779/2268] chore(deps): Bump helm.sh/helm/v3 from 3.10.3 to
 3.11.1 (#311)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.10.3 to 3.11.1.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.10.3...v3.11.1)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  7 +++----
 go.sum | 21 ++++++++-------------
 2 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 73a6870d8..7963c49ef 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	golang.org/x/text v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.10.3
+	helm.sh/helm/v3 v3.11.1
 	k8s.io/api v0.26.1
 	k8s.io/apiextensions-apiserver v0.26.1
 	k8s.io/apimachinery v0.26.1
@@ -112,7 +112,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.0 // indirect
-	github.com/containerd/containerd v1.6.13 // indirect
+	github.com/containerd/containerd v1.6.15 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
@@ -232,7 +232,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.6 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
@@ -258,6 +257,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
-	oras.land/oras-go v1.2.1 // indirect
+	oras.land/oras-go v1.2.2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 555d4eddd..a2bfbdd9b 100644
--- a/go.sum
+++ b/go.sum
@@ -189,10 +189,9 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4=
-github.com/containerd/containerd v1.6.13 h1:7llWEzjLH/fao0f2lppn1L6NhjsvxqMdUQa2mgVCs+U=
-github.com/containerd/containerd v1.6.13/go.mod h1:vDm+BbU+dD9uvuUlHr+KmcY0HKX8WDyI6dzJjNi4ee8=
+github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA=
+github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLoANrbses=
+github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -209,7 +208,7 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
+github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
 github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -242,7 +241,6 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -840,8 +838,6 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/api/v3 v3.5.6 h1:Cy2qx3npLcYqTKqGJzMypnMv2tiRyifZJ17BlWIWA7A=
-go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
@@ -1258,7 +1254,6 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
 google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1310,8 +1305,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
 gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
-helm.sh/helm/v3 v3.10.3 h1:wL7IUZ7Zyukm5Kz0OUmIFZgKHuAgByCrUcJBtY0kDyw=
-helm.sh/helm/v3 v3.10.3/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI=
+helm.sh/helm/v3 v3.11.1 h1:cmL9fFohOoNQf+wnp2Wa0OhNFH0KFnSzEkVxi3fcc3I=
+helm.sh/helm/v3 v3.11.1/go.mod h1:z/Bu/BylToGno/6dtNGuSmjRqxKq5gaH+FU0BPO+AQ8=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1341,8 +1336,8 @@ k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
 k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go v1.2.1 h1:/VcGS8FUy3eEXLl/1vC4QypLHwrfSmgW7ygsoklqKK8=
-oras.land/oras-go v1.2.1/go.mod h1:3N11Z5E3c4ZzOjroCl1RtAdB4yNAYl7A27j2SVf913A=
+oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
+oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From 01acac9e893ce05f9341afebf4b844e1b9083c5e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Feb 2023 15:53:33 +0100
Subject: [PATCH 0780/2268] feat: Implement skipPrePull for helm-chart.yaml
 (#289)

* refactor: Move pull code into doHelmPull and allow for dryRuns

* refactor: Simplify helm-update implementation by re-using helm-pull internally

* feat: Implement skipPrePull for helm-chart.yaml

* fix: Limit number of parallel Helm renders

* tests: Fix helm tests

* docs: Update documentation about skipPrePull
---
 cmd/kluctl/commands/cmd_helm_pull.go    |  65 ++++++---
 cmd/kluctl/commands/cmd_helm_update.go  | 180 ++++++++++++------------
 cmd/kluctl/commands/root.go             |   2 +-
 docs/reference/commands/helm-pull.md    |   8 +-
 docs/reference/deployments/helm.md      |   7 +-
 e2e/helm_test.go                        | 111 ++++++++++++++-
 e2e/sops_test.go                        |   4 +
 pkg/deployment/deployment_collection.go |   2 +-
 pkg/helm/helm_release.go                |   5 +
 pkg/types/helm_chart.go                 |   1 +
 10 files changed, 260 insertions(+), 125 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index ae0bf7bfd..7bfc1f42a 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -19,9 +19,9 @@ type helmPullCmd struct {
 }
 
 func (cmd *helmPullCmd) Help() string {
-	return `The Helm charts are stored under the sub-directory 'charts/<chart-name>' next to the
-'helm-chart.yaml'. These Helm charts are meant to be added to version control so that
-pulling is only needed when really required (e.g. when the chart version changes).`
+	return `Kluctl requires Helm Charts to be pre-pulled by default, which is handled by this command. It will collect
+all required Charts and versions and pre-pull them into .helm-charts. To disable pre-pulling for individual charts,
+set 'skipPrePull: true' in helm-chart.yaml.`
 }
 
 func (cmd *helmPullCmd) Run(ctx context.Context) error {
@@ -33,24 +33,33 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
 		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
+	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, false, true)
+	return err
+}
+
+func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.HelmCredentials, dryRun bool, force bool) (int, error) {
+	actions := 0
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials)
+	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, helmCredentials)
 	if err != nil {
-		return err
+		return actions, err
 	}
 
 	for _, hr := range releases {
 		if utils.Exists(hr.GetDeprecatedChartDir()) {
+			actions++
 			rel, err := filepath.Rel(projectDir, hr.GetDeprecatedChartDir())
 			if err != nil {
-				return err
+				return actions, err
 			}
-			status.Info(ctx, "Removing deprecated charts dir %s", rel)
-			err = os.RemoveAll(hr.GetDeprecatedChartDir())
-			if err != nil {
-				return err
+			if !dryRun {
+				status.Info(ctx, "Removing deprecated charts dir %s", rel)
+				err = os.RemoveAll(hr.GetDeprecatedChartDir())
+				if err != nil {
+					return actions, err
+				}
 			}
 		}
 	}
@@ -63,34 +72,50 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 
 		versionsToPull := map[string]bool{}
 		for _, hr := range releases {
+			if hr.Config.SkipPrePull {
+				continue
+			}
 			if hr.Chart == chart {
 				versionsToPull[hr.Config.ChartVersion] = true
 			}
 		}
 
-		cleanupDir, err := chart.BuildPulledChartDir(baseChartsDir, "")
+		chartsDir, err := chart.BuildPulledChartDir(baseChartsDir, "")
 		if err != nil {
-			return err
+			return actions, err
 		}
-		des, err := os.ReadDir(cleanupDir)
+		des, err := os.ReadDir(chartsDir)
 		if err != nil && !os.IsNotExist(err) {
-			return err
+			return actions, err
 		}
 		for _, de := range des {
 			if !de.IsDir() {
 				continue
 			}
 			if _, ok := versionsToPull[de.Name()]; !ok {
-				status.Info(ctx, "Removing unused Chart with version %s", de.Name())
-				err = os.RemoveAll(filepath.Join(cleanupDir, de.Name()))
-				if err != nil {
-					return err
+				actions++
+				if !dryRun {
+					status.Info(ctx, "Removing unused Chart with version %s", de.Name())
+					err = os.RemoveAll(filepath.Join(chartsDir, de.Name()))
+					if err != nil {
+						return actions, err
+					}
 				}
 			}
 		}
 
 		for version, _ := range versionsToPull {
 			version := version
+
+			if yaml.Exists(filepath.Join(chartsDir, version, "Chart.yaml")) && !force {
+				continue
+			}
+
+			actions++
+
+			if dryRun {
+				continue
+			}
 			g.RunE(func() error {
 				s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
 				defer s.Failed()
@@ -109,10 +134,10 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	g.Wait()
 
 	if g.ErrorOrNil() != nil {
-		return fmt.Errorf("command failed")
+		return actions, fmt.Errorf("command failed")
 	}
 
-	return nil
+	return actions, nil
 }
 
 func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvider helm.HelmCredentialsProvider) ([]*helm.Release, []*helm.Chart, error) {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index a2df12433..d079ec1b8 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
 	"github.com/fluxcd/go-git/v5/plumbing/format/index"
+	"github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
@@ -14,6 +14,7 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
 type helmUpdateCmd struct {
@@ -58,7 +59,10 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		for _, s := range gitStatus {
+		for pth, s := range gitStatus {
+			if strings.HasPrefix(pth, ".helm-charts/") {
+				return fmt.Errorf("--commit can only be used when .helm-chart directory is clean")
+			}
 			if (s.Staging != git.Untracked && s.Staging != git.Unmodified) || (s.Worktree != git.Untracked && s.Worktree != git.Unmodified) {
 				return fmt.Errorf("--commit can only be used when the git worktree is unmodified")
 			}
@@ -86,6 +90,16 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 	}
 
+	if cmd.Commit {
+		actions, err := doHelmPull(ctx, projectDir, &cmd.HelmCredentials, true, false)
+		if err != nil {
+			return err
+		}
+		if actions != 0 {
+			return fmt.Errorf(".helm-charts is not up-to-date. Please run helm-pull before")
+		}
+	}
+
 	for _, chart := range charts {
 		chart := chart
 		g.RunE(func() error {
@@ -136,16 +150,14 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return g.ErrorOrNil()
 	}
 
-	versionUseCounts := map[string]map[string]int{}
+	upgrades := map[helmUpgradeKey][]*helm.Release{}
+
 	for _, hr := range releases {
-		key := fmt.Sprintf("%s / %s", hr.Chart.GetRepo(), hr.Chart.GetChartName())
-		if _, ok := versionUseCounts[key]; !ok {
-			versionUseCounts[key] = map[string]int{}
+		cd, err := hr.Chart.BuildPulledChartDir(baseChartsDir, "")
+		if err != nil {
+			return err
 		}
-		versionUseCounts[key][hr.Config.ChartVersion]++
-	}
 
-	for _, hr := range releases {
 		relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
 		if err != nil {
 			return err
@@ -183,24 +195,18 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-
 		status.Info(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
 
-		key := fmt.Sprintf("%s / %s", hr.Chart.GetRepo(), hr.Chart.GetChartName())
-		uv := versionUseCounts[key]
-		uv[oldVersion]--
-		uv[latestVersion]++
-
-		pullChart := false
-		deleteChart := false
-		if uv[latestVersion] == 1 {
-			pullChart = true
-		}
-		if uv[oldVersion] == 0 {
-			deleteChart = true
+		k := helmUpgradeKey{
+			chartDir:   cd,
+			oldVersion: oldVersion,
+			newVersion: latestVersion,
 		}
+		upgrades[k] = append(upgrades[k], hr)
+	}
 
-		err = cmd.pullAndCommitCharts(ctx, projectDir, baseChartsDir, gitRootPath, hr, oldVersion, latestVersion, pullChart, deleteChart)
+	for k, hrs := range upgrades {
+		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion)
 		if err != nil {
 			return err
 		}
@@ -209,7 +215,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	return nil
 }
 
-func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]bool) error {
+func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.FileInfo) error {
 	err := filepath.WalkDir(dir, func(p string, d fs.DirEntry, err error) error {
 		if d == nil || d.IsDir() {
 			return nil
@@ -221,7 +227,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]boo
 		if _, ok := m[relToGit]; ok {
 			return nil
 		}
-		m[relToGit] = true
+		m[relToGit], _ = d.Info()
 		return nil
 	})
 	if os.IsNotExist(err) {
@@ -230,17 +236,15 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]boo
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hr *helm.Release, oldVersion string, newVersion string, pullChart bool, deleteChart bool) error {
-	relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
-	if err != nil {
-		return err
-	}
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string) error {
+	chart := hrs[0].Chart
+	newVersion := hrs[0].Config.ChartVersion
 
-	s := status.Start(ctx, "%s: Upgrading Chart %s to version %s", relDir, hr.Chart.GetChartName(), newVersion)
+	s := status.Start(ctx, "Upgrading Chart %s from version %s to %s", chart.GetChartName(), oldVersion, newVersion)
 	defer s.Failed()
 
 	doError := func(err error) error {
-		s.FailedWithMessage("%s: %s", relDir, err.Error())
+		s.FailedWithMessage("%s", err.Error())
 		return err
 	}
 
@@ -254,94 +258,86 @@ func (cmd *helmUpdateCmd) pullAndCommitCharts(ctx context.Context, projectDir st
 	}
 
 	if cmd.Commit {
-		// add helm-chart.yaml
-		relToGit, err := filepath.Rel(gitRootPath, hr.ConfigFile)
-		if err != nil {
-			return doError(err)
-		}
-		_, err = wt.Add(relToGit)
-		if err != nil {
-			return doError(err)
-		}
-	}
-
-	if deleteChart {
-		chartDir, err := hr.Chart.BuildPulledChartDir(baseChartsDir, oldVersion)
-		if err != nil {
-			return doError(err)
-		}
-		relChartDir, err := filepath.Rel(gitRootPath, chartDir)
-		if err != nil {
-			return doError(err)
-		}
-		if cmd.Commit {
-			_, err = wt.Remove(relChartDir)
-			if err != nil && err != index.ErrEntryNotFound {
+		for _, hr := range hrs {
+			// add helm-chart.yaml
+			relToGit, err := filepath.Rel(gitRootPath, hr.ConfigFile)
+			if err != nil {
+				return doError(err)
+			}
+			_, err = wt.Add(relToGit)
+			if err != nil {
 				return doError(err)
 			}
-		}
-		err = os.RemoveAll(chartDir)
-		if err != nil {
-			return doError(err)
 		}
 	}
 
-	if pullChart {
-		chartDir, err := hr.Chart.BuildPulledChartDir(baseChartsDir, newVersion)
-		if err != nil {
-			return doError(err)
-		}
-		relChartDir, err := filepath.Rel(gitRootPath, chartDir)
+	// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
+	// know what got deleted
+	files := map[string]os.FileInfo{}
+	if cmd.Commit {
+		err = cmd.collectFiles(gitRootPath, baseChartsDir, files)
 		if err != nil {
 			return doError(err)
 		}
+	}
 
-		// we need to list all files contained inside the charts dir BEFORE doing the pull, so that we later
-		// know what got deleted
-		files := map[string]bool{}
-		err = cmd.collectFiles(gitRootPath, chartDir, files)
-		if err != nil {
-			return doError(err)
-		}
+	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, false, false)
+	if err != nil {
+		return doError(err)
+	}
 
-		_, err = hr.Chart.PullInProject(ctx, baseChartsDir, newVersion)
+	if cmd.Commit {
+		files2 := map[string]os.FileInfo{}
+		err = cmd.collectFiles(gitRootPath, baseChartsDir, files2)
 		if err != nil {
 			return doError(err)
 		}
 
-		if cmd.Commit {
-			_, err = wt.Add(relChartDir)
-			if err != nil {
-				return doError(err)
+		for pth, st1 := range files {
+			st2, ok := files2[pth]
+			if !ok || st1.Mode() != st2.Mode() || st1.ModTime() != st2.ModTime() || st1.Size() != st2.Size() {
+				// removed or modified
+				if ok {
+					if !st2.IsDir() {
+						_, err = wt.Add(pth)
+					}
+				} else {
+					if !st1.IsDir() {
+						_, err = wt.Remove(pth)
+					}
+				}
+				if err != nil && err != index.ErrEntryNotFound {
+					return doError(err)
+				}
 			}
-
-			// figure out what got deleted
-			for p := range files {
-				_, err := os.Lstat(filepath.Join(gitRootPath, p))
-				if err != nil {
-					if os.IsNotExist(err) {
-						_, err = wt.Remove(p)
-						if err != nil {
-							return doError(err)
-						}
-					} else {
+		}
+		for pth, st1 := range files2 {
+			if _, ok := files[pth]; !ok {
+				if !st1.IsDir() {
+					// added
+					_, err = wt.Add(pth)
+					if err != nil && err != index.ErrEntryNotFound {
 						return doError(err)
 					}
 				}
 			}
 		}
-	}
 
-	if cmd.Commit {
-		commitMsg := fmt.Sprintf("Updated helm chart %s in %s to version %s", hr.Chart.GetChartName(), relDir, newVersion)
+		commitMsg := fmt.Sprintf("Updated helm chart %s from version %s to version %s", chart.GetChartName(), oldVersion, newVersion)
 		_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 		if err != nil {
 			return doError(fmt.Errorf("failed to commit: %w", err))
 		}
 
-		s.UpdateAndInfoFallback("%s: Committed helm chart %s with version %s", relDir, hr.Chart.GetChartName(), newVersion)
+		s.UpdateAndInfoFallback("Committed helm chart %s with version %s", chart.GetChartName(), newVersion)
 	}
 	s.Success()
 
 	return nil
 }
+
+type helmUpgradeKey struct {
+	chartDir   string
+	oldVersion string
+	newVersion string
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index fe314bba0..64e3e772f 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -58,7 +58,7 @@ type cli struct {
 	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
 	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
 	Diff              diffCmd              `cmd:"" help:"Perform a diff between the locally rendered target and the already deployed target"`
-	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pulls the specified Helm charts"`
+	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pre-pulls the specified Helm charts"`
 	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
 	ListImages        listImagesCmd        `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
 	ListTargets       listTargetsCmd       `cmd:"" help:"Outputs a yaml list with all target, including dynamic targets"`
diff --git a/docs/reference/commands/helm-pull.md b/docs/reference/commands/helm-pull.md
index 8cc7ee552..c8c5c8ce9 100644
--- a/docs/reference/commands/helm-pull.md
+++ b/docs/reference/commands/helm-pull.md
@@ -13,10 +13,10 @@ description: >
 <!-- BEGIN SECTION "helm-pull" "Usage" false -->
 Usage: kluctl helm-pull [flags]
 
-Recursively searches for 'helm-chart.yaml' files and pulls the specified Helm charts
-The Helm charts are stored under the sub-directory 'charts/<chart-name>' next to the
-'helm-chart.yaml'. These Helm charts are meant to be added to version control so that
-pulling is only needed when really required (e.g. when the chart version changes).
+Recursively searches for 'helm-chart.yaml' files and pre-pulls the specified Helm charts
+Kluctl requires Helm Charts to be pre-pulled by default, which is handled by this command. It will collect
+all required Charts and versions and pre-pull them into .helm-charts. To disable pre-pulling for individual charts,
+set 'skipPrePull: true' in helm-chart.yaml.
 
 <!-- END SECTION -->
 
diff --git a/docs/reference/deployments/helm.md b/docs/reference/deployments/helm.md
index 665f3ef51..64116a4fe 100644
--- a/docs/reference/deployments/helm.md
+++ b/docs/reference/deployments/helm.md
@@ -70,6 +70,7 @@ helmChart:
   chartVersion: 12.1.1
   updateConstraints: ~12.1.0
   skipUpdate: false
+  skipPrePull: false
   releaseName: redis-cache
   namespace: "{{ my.jinja2.var }}"
   output: helm-rendered.yaml # this is optional
@@ -120,9 +121,13 @@ If omitted, Kluctl will filter out pre-releases by default. Use a `updateConstra
 pre-releases.
 
 ### skipUpdate
-Skip this Helm Chart when the [helm-update](../commands/helm-update.md) command is called.
+If set to `true`, skip this Helm Chart when the [helm-update](../commands/helm-update.md) command is called.
 If omitted, defaults to `false`.
 
+### skipPrePull
+If set to `true`, skip pre-pulling of this Helm Chart when running [helm-pull](../commands/helm-pull.md). This will
+also enable pulling on-demand when the deployment project is rendered/deployed.
+
 ### releaseName
 The name of the Helm Release.
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 6993804de..848645507 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -76,6 +76,11 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 			assert.NoError(t, err)
 			assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
 		}
+	} else {
+		p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+			return nil
+		}, "")
 	}
 
 	args := []string{"deploy", "--yes", "-t", "test"}
@@ -198,6 +203,12 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
 	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart2", "0.1.0"))
 
+	if commit {
+		wt, _ := p.GetGitRepo().Worktree()
+		_, _ = wt.Add(".helm-charts")
+		_, _ = wt.Commit(".helm-charts", &git.CommitOptions{})
+	}
+
 	args := []string{"helm-update"}
 	if upgrade {
 		args = append(args, "--upgrade")
@@ -212,12 +223,12 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
 
 	if upgrade {
-		assert.Contains(t, stderr, "helm1: Upgrading Chart test-chart1 to version 0.2.0")
-		assert.Contains(t, stderr, "helm2: Upgrading Chart test-chart2 to version 0.3.0")
+		assert.Contains(t, stderr, "Upgrading Chart test-chart1 from version 0.1.0 to 0.2.0")
+		assert.Contains(t, stderr, "Upgrading Chart test-chart2 from version 0.1.0 to 0.3.0")
 	}
 	if commit {
-		assert.Contains(t, stderr, "helm1: Committed helm chart test-chart1 with version 0.2.0")
-		assert.Contains(t, stderr, "helm2: Committed helm chart test-chart2 with version 0.3.0")
+		assert.Contains(t, stderr, "Committed helm chart test-chart1 with version 0.2.0")
+		assert.Contains(t, stderr, "Committed helm chart test-chart2 with version 0.3.0")
 	}
 
 	pulledVersions1 := listChartVersions(t, p, repoUrl, "test-chart1")
@@ -248,8 +259,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 			return commitList[i].Message < commitList[j].Message
 		})
 
-		assert.Equal(t, "Updated helm chart test-chart1 in helm1 to version 0.2.0", commitList[0].Message)
-		assert.Equal(t, "Updated helm chart test-chart2 in helm2 to version 0.3.0", commitList[1].Message)
+		assert.Equal(t, "Updated helm chart test-chart1 from version 0.1.0 to version 0.2.0", commitList[0].Message)
+		assert.Equal(t, "Updated helm chart test-chart2 from version 0.1.0 to version 0.3.0", commitList[1].Message)
 	}
 }
 
@@ -451,6 +462,10 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
 
 	stdout, _ := p.KluctlMust("render", "--print-all", "--offline-kubernetes", "-t", "test")
 	cm1 := uo.FromStringMust(stdout)
@@ -498,6 +513,90 @@ func TestHelmLocalChart(t *testing.T) {
 	assert.NotContains(t, stderr, "test-chart2")
 }
 
+func TestHelmSkipPrePull(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.1.1"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
+	}, false, "", "")
+	u, _ := url.Parse(repoUrl)
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repoUrl, "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
+
+	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+
+	args := []string{"helm-pull"}
+
+	_, stderr := p.KluctlMust(args...)
+	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
+	assert.NotContains(t, stderr, "version 0.1.1")
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+	_, stderr = p.KluctlMust(args...)
+	assert.Contains(t, stderr, "Removing unused Chart with version 0.1.0")
+	assert.NotContains(t, stderr, "version 0.1.1")
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+
+	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+	_, stderr = p.KluctlMust(args...)
+	assert.Contains(t, stderr, "test-chart1: Pulling Chart with version 0.1.1")
+	assert.NotContains(t, stderr, "version 0.1.0")
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+	_, stderr = p.KluctlMust(args...)
+	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
+	assert.Contains(t, stderr, "Pulling Chart with version 0.1.1")
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+
+	// not try to update+pull
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+	_, stderr = p.KluctlMust(args...)
+	p.GitServer().CommitFiles("kluctl-project", []string{".helm-charts"}, false, ".helm-charts")
+	args = []string{
+		"helm-update",
+		"--upgrade",
+		"--commit",
+	}
+	_, stderr = p.KluctlMust(args...)
+	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.0")
+	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.1")
+	assert.Contains(t, stderr, "Pulling Chart with version 0.2.0")
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.2.0", u.Port())))
+}
+
 func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
 	u, err := url.Parse(url2)
 	if err != nil {
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 2ea1d9ac7..a7c7c3369 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -109,6 +109,10 @@ func TestSopsHelmValues(t *testing.T) {
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
+	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index bc442fdc4..ad20b3158 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -131,7 +131,7 @@ func (c *DeploymentCollection) renderHelmCharts() error {
 	s := status.Start(c.ctx.Ctx, "Rendering Helm Charts")
 	defer s.Failed()
 
-	g := utils.NewGoHelper(c.ctx.Ctx, 0)
+	g := utils.NewGoHelper(c.ctx.Ctx, 8)
 
 	for _, d := range c.Deployments {
 		d := d
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 7012e00f5..5b21b2215 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -137,6 +137,11 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		return nil, err
 	}
 	if needsPull {
+		if !hr.Config.SkipPrePull {
+			//goland:noinspection ALL
+			return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
+				"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+		}
 		if versionChanged {
 			return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
 				"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index e2c45601f..78011ad58 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -18,6 +18,7 @@ type HelmChartConfig2 struct {
 	Output            *string `yaml:"output,omitempty"`
 	SkipCRDs          bool    `yaml:"skipCRDs,omitempty"`
 	SkipUpdate        bool    `yaml:"skipUpdate,omitempty"`
+	SkipPrePull       bool    `yaml:"skipPrePull,omitempty"`
 }
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {

From cf5930d78a757c66d82100f534be6bd8bb1ead56 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 11:06:46 +0100
Subject: [PATCH 0781/2268] feat: Implement when conditionals

---
 pkg/deployment/deployment_collection.go |  9 ++++
 pkg/deployment/deployment_project.go    | 48 ++++++++++++++++++++
 pkg/kluctl_jinja2/conditionals.go       | 58 +++++++++++++++++++++++++
 pkg/types/deployment.go                 |  3 ++
 4 files changed, 118 insertions(+)
 create mode 100644 pkg/kluctl_jinja2/conditionals.go

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index bc442fdc4..9f62ff75a 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -2,6 +2,7 @@ package deployment
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -81,7 +82,15 @@ func findDeploymentItemIndex(project *DeploymentProject, pth *string, indexes ma
 func (c *DeploymentCollection) collectAllDeployments(project *DeploymentProject, indexes map[string]int) ([]*DeploymentItem, error) {
 	var ret []*DeploymentItem
 
+	if !kluctl_jinja2.IsConditionalTrue(project.Config.When) {
+		return nil, nil
+	}
+
 	for i, diConfig := range project.Config.Deployments {
+		if !kluctl_jinja2.IsConditionalTrue(diConfig.When) {
+			continue
+		}
+
 		if diConfig.Include != nil || diConfig.Git != nil {
 			includedProject, ok := project.includes[i]
 			if !ok {
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 7ee143f3d..3431c0a74 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -56,6 +57,10 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 		return nil, fmt.Errorf("failed to load deployment config for %s: %w", dir, err)
 	}
 
+	if !kluctl_jinja2.IsConditionalTrue(dp.Config.When) {
+		return dp, nil
+	}
+
 	err = dp.loadIncludes()
 	if err != nil {
 		return nil, fmt.Errorf("failed to load includes for %s: %w", dir, err)
@@ -126,6 +131,11 @@ func (p *DeploymentProject) processConfig() error {
 		return err
 	}
 
+	err = p.renderConditionals()
+	if err != nil {
+		return err
+	}
+
 	if len(p.Config.Args) != 0 && p.parentProject != nil {
 		return fmt.Errorf("only the root deployment.yml can define args")
 	}
@@ -157,11 +167,49 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 	return nil
 }
 
+func (p *DeploymentProject) renderConditionals() error {
+	if p.parentProject == nil && p.Config.When != "" {
+		return fmt.Errorf("the root deployment project can not contain 'when'")
+	}
+
+	vars, err := p.VarsCtx.Vars.ToMap()
+	if err != nil {
+		return err
+	}
+	r, err := kluctl_jinja2.RenderConditional(p.VarsCtx.J2, vars, p.Config.When)
+	if err != nil {
+		return err
+	}
+	p.Config.When = r
+
+	if !kluctl_jinja2.IsConditionalTrue(p.Config.When) {
+		// No need to render individual deployment item conditionals
+		return nil
+	}
+
+	conditionals := make([]string, 0, len(p.Config.Deployments))
+	for _, di := range p.Config.Deployments {
+		conditionals = append(conditionals, di.When)
+	}
+	rendered, err := kluctl_jinja2.RenderConditionals(p.VarsCtx.J2, vars, conditionals)
+	if err != nil {
+		return err
+	}
+	for i, r := range rendered {
+		p.Config.Deployments[i].When = r
+	}
+	return nil
+}
+
 func (p *DeploymentProject) loadIncludes() error {
 	for i, inc := range p.Config.Deployments {
 		var err error
 		var newProject *DeploymentProject
 
+		if !kluctl_jinja2.IsConditionalTrue(inc.When) {
+			continue
+		}
+
 		if inc.Include != nil {
 			newProject, err = p.loadLocalInclude(p.source, filepath.Join(p.relDir, *inc.Include), inc.Vars)
 			if err != nil {
diff --git a/pkg/kluctl_jinja2/conditionals.go b/pkg/kluctl_jinja2/conditionals.go
new file mode 100644
index 000000000..7cee13000
--- /dev/null
+++ b/pkg/kluctl_jinja2/conditionals.go
@@ -0,0 +1,58 @@
+package kluctl_jinja2
+
+import (
+	"fmt"
+	"github.com/hashicorp/go-multierror"
+	"github.com/kluctl/go-jinja2"
+	"strings"
+)
+
+func RenderConditionals(j *jinja2.Jinja2, vars map[string]any, conditionals []string) ([]string, error) {
+	ret := make([]string, len(conditionals))
+	jobs := make([]*jinja2.RenderJob, 0, len(conditionals))
+
+	for _, c := range conditionals {
+		job := &jinja2.RenderJob{
+			Template: buildConditionalTemplate(c),
+		}
+		jobs = append(jobs, job)
+	}
+	err := j.RenderStrings(jobs, jinja2.WithGlobals(vars))
+	if err != nil {
+		return nil, err
+	}
+
+	for i, job := range jobs {
+		if job.Error != nil {
+			e := fmt.Errorf("unable to render conditional '%s': %w", conditionals[i], job.Error)
+			err = multierror.Append(err, e)
+		} else {
+			r := strings.TrimSpace(*job.Result)
+			if r != "" && r != "True" && r != "False" {
+				err = multierror.Append(err, fmt.Errorf("unable to evaluate conditional: %s", conditionals[i]))
+			} else {
+				ret[i] = r
+			}
+		}
+	}
+	return ret, err
+}
+
+func RenderConditional(j *jinja2.Jinja2, vars map[string]any, conditional string) (string, error) {
+	rendered, err := RenderConditionals(j, vars, []string{conditional})
+	if err != nil {
+		return "", err
+	}
+	return rendered[0], nil
+}
+
+func buildConditionalTemplate(c string) string {
+	if c == "" {
+		return ""
+	}
+	return fmt.Sprintf("{%% if %s %%} True {%% else %%} False {%% endif %%}", c)
+}
+
+func IsConditionalTrue(c string) bool {
+	return c == "" || c == "True"
+}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index cefcf4b59..f792971bd 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -17,6 +17,7 @@ type DeploymentItemConfig struct {
 	OnlyRender       bool                     `yaml:"onlyRender,omitempty"`
 	AlwaysDeploy     bool                     `yaml:"alwaysDeploy,omitempty"`
 	DeleteObjects    []DeleteObjectItemConfig `yaml:"deleteObjects,omitempty"`
+	When             string                   `yaml:"when,omitempty"`
 }
 
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
@@ -88,6 +89,8 @@ type DeploymentProjectConfig struct {
 	Vars          []*VarsSource        `yaml:"vars,omitempty"`
 	SealedSecrets *SealedSecretsConfig `yaml:"sealedSecrets,omitempty"`
 
+	When string `yaml:"when,omitempty"`
+
 	Deployments []*DeploymentItemConfig `yaml:"deployments,omitempty"`
 
 	CommonLabels      map[string]string `yaml:"commonLabels,omitempty"`

From e88f60c2b73c2eb694eeef8802b03494a3dfa77c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 12:05:41 +0100
Subject: [PATCH 0782/2268] tests: Implement e2e tests for "when" conditionals

---
 e2e/utils_resources.go | 14 +++++++
 e2e/when_test.go       | 91 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 105 insertions(+)
 create mode 100644 e2e/when_test.go

diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 4131374b7..928627aa6 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"path/filepath"
 )
 
 type resourceOpts struct {
@@ -12,6 +13,7 @@ type resourceOpts struct {
 	tags        []string
 	labels      map[string]string
 	annotations map[string]string
+	when        string
 }
 
 func mergeMetadata(o *uo.UnstructuredObject, opts resourceOpts) {
@@ -57,6 +59,12 @@ func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[stri
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
 		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
 	}, opts.tags)
+	if opts.when != "" {
+		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+			_ = items[len(items)-1].SetNestedField(opts.when, "when")
+			return items
+		})
+	}
 }
 
 func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts, sealme bool) {
@@ -69,4 +77,10 @@ func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
 		{fname, fname + sealmeExt, o},
 	}, opts.tags)
+	if opts.when != "" {
+		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+			_ = items[len(items)-1].SetNestedField(opts.when, "when")
+			return items
+		})
+	}
 }
diff --git a/e2e/when_test.go b/e2e/when_test.go
new file mode 100644
index 000000000..1eca921b4
--- /dev/null
+++ b/e2e/when_test.go
@@ -0,0 +1,91 @@
+package e2e
+
+import (
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestWhen(t *testing.T) {
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	type testCase struct {
+		dir     string
+		when    string
+		whenInc string
+		depInc  string
+		want    bool
+		name    string
+	}
+
+	tests := []*testCase{
+		{dir: "cm_empty", when: "", want: true},
+		{dir: "cm_true", when: "True", want: true},
+		{dir: "cm_false", when: "False", want: false},
+		{dir: "cm_eq", when: "args.a == 'test'", want: true},
+		{dir: "cm_ne", when: "args.a != 'test'", want: false},
+		{dir: "cm_eq2", when: "args.b == 'test'", want: false},
+		{dir: "cm_ne2", when: "args.b != 'test'", want: true},
+		{dir: "inc1/cm_empty", when: "", want: true},
+		{dir: "inc2/cm_true", when: "True", want: true},
+		{dir: "inc3/cm_false", when: "False", want: false},
+		{dir: "inc4/cm_eq", when: "args.a == 'test'", want: true},
+		{dir: "inc5/cm_ne", when: "args.a != 'test'", want: false},
+		{dir: "inc_when1/cm_empty", whenInc: "", want: true},
+		{dir: "inc_when2/cm_true", whenInc: "True", want: true},
+		{dir: "inc_when3/cm_false", whenInc: "False", want: false},
+		{dir: "inc_when4/cm_eq", whenInc: "args.a == 'test'", want: true},
+		{dir: "inc_when5/cm_ne", whenInc: "args.a != 'test'", want: false},
+		{dir: "dep_inc_when1/cm_empty", depInc: "", want: true},
+		{dir: "dep_inc_when2/cm_true", depInc: "True", want: true},
+		{dir: "dep_inc_when3/cm_false", depInc: "False", want: false},
+		{dir: "dep_inc_when4/cm_eq", depInc: "args.a == 'test'", want: true},
+		{dir: "dep_inc_when5/cm_ne", depInc: "args.a != 'test'", want: false},
+	}
+
+	for _, test := range tests {
+		test.name = strings.ReplaceAll(test.dir, "/", "_")
+		test.name = strings.ReplaceAll(test.name, "_", "-")
+		addConfigMapDeployment(p, test.dir, nil, resourceOpts{
+			name:      test.name,
+			namespace: p.TestSlug(),
+			when:      test.when,
+		})
+		if test.whenInc != "" {
+			dir := filepath.Dir(test.dir)
+			p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+				for _, it := range items {
+					inc, _, _ := it.GetNestedString("include")
+					if inc == dir {
+						_ = it.SetNestedField(test.whenInc, "when")
+						break
+					}
+				}
+				return items
+			})
+		}
+		if test.depInc != "" {
+			dir := filepath.Dir(test.dir)
+			p.UpdateDeploymentYaml(dir, func(o *uo.UnstructuredObject) error {
+				_ = o.SetNestedField(test.depInc, "when")
+				return nil
+			})
+		}
+	}
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=test", "-ab=test2")
+
+	for _, test := range tests {
+		if test.want {
+			assertConfigMapExists(t, k, p.TestSlug(), test.name)
+		} else {
+			assertConfigMapNotExists(t, k, p.TestSlug(), test.name)
+		}
+	}
+}

From ef4bf54438ab28fec21396de89c3b72343fac7b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 14:23:30 +0100
Subject: [PATCH 0783/2268] feat: Implement "when" conditional for variable
 sources

---
 pkg/types/vars_source.go     |  5 ++++-
 pkg/vars/vars_loader.go      | 11 +++++++++++
 pkg/vars/vars_loader_test.go | 24 ++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index e7db5f765..9e9c3db25 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -66,6 +66,8 @@ type VarsSource struct {
 	Http              *VarsSourceHttp                     `yaml:"http,omitempty"`
 	AwsSecretsManager *VarsSourceAwsSecretsManager        `yaml:"awsSecretsManager,omitempty"`
 	Vault             *VarsSourceVault                    `yaml:"vault,omitempty"`
+
+	When string `yaml:"when,omitempty"`
 }
 
 func ValidateVarsSource(sl validator.StructLevel) {
@@ -74,7 +76,8 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	count := 0
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
-		if v.Type().Field(i).Name == "IgnoreMissing" || v.Type().Field(i).Name == "NoOverride" {
+		switch v.Type().Field(i).Name {
+		case "IgnoreMissing", "NoOverride", "When":
 			continue
 		}
 		if !v.Field(i).IsNil() {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index a0dc29267..9ce0ff997 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,6 +8,7 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -78,6 +79,16 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return err
 	}
 
+	if source.When != "" {
+		r, err := kluctl_jinja2.RenderConditional(varsCtx.J2, globals, source.When)
+		if err != nil {
+			return err
+		}
+		if !kluctl_jinja2.IsConditionalTrue(r) {
+			return nil
+		}
+	}
+
 	ignoreMissing := false
 	if source.IgnoreMissing != nil {
 		ignoreMissing = *source.IgnoreMissing
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index a5b774f45..1764788de 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -88,6 +88,30 @@ func TestVarsLoader_ValuesNoOverrides(t *testing.T) {
 	})
 }
 
+func TestVarsLoader_When(t *testing.T) {
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			Values: uo.FromStringMust(`{"test1": "a"}`),
+		}, nil, "")
+		assert.NoError(t, err)
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Values: uo.FromStringMust(`{"test1": "b"}`),
+			When:   `test1 == "b"`,
+		}, nil, "")
+		assert.NoError(t, err)
+		v, _, _ := vc.Vars.GetNestedString("test1")
+		assert.Equal(t, "a", v)
+
+		err = vl.LoadVars(vc, &types.VarsSource{
+			Values: uo.FromStringMust(`{"test1": "b"}`),
+			When:   `test1 == "a"`,
+		}, nil, "")
+		assert.NoError(t, err)
+		v, _, _ = vc.Vars.GetNestedString("test1")
+		assert.Equal(t, "b", v)
+	})
+}
+
 func TestVarsLoader_File(t *testing.T) {
 	d := t.TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)

From 4a9f246e85c701dee5441e4395b61183d0277f6f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 8 Feb 2023 14:56:34 +0100
Subject: [PATCH 0784/2268] docs: Add documentation for conditional deployments
 and variable sources

---
 docs/reference/deployments/deployment-yml.md  | 16 ++++++++++++++++
 docs/reference/templating/variable-sources.md |  5 +++++
 2 files changed, 21 insertions(+)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 77115380e..013f60ef3 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -34,6 +34,8 @@ The following sub-chapters describe the available fields in the `deployment.yaml
 Individual deployments are performed in parallel, unless a [barrier](#barriers) is encountered which causes kluctl to
 wait for all previous deployments to finish.
 
+Deployments can also be conditional by using the [when](#when) field.
+
 ### Simple deployments
 
 Simple deployments are specified via `path` and are expected to be directories with Kubernetes manifests inside.
@@ -150,6 +152,20 @@ deployments:
     - file: vars2.yaml
 ```
 
+### when
+
+Each deployment item can be conditional with the help of the `when` field. It must be set to a
+[Jinja2 based expression](https://jinja.palletsprojects.com/en/latest/templates/#expressions)
+that evaluates to a boolean.
+
+Example:
+```yaml
+deployments:
+- path: item1
+- path: item2
+  when: my.var == "my-value"
+```
+
 ### tags (deployment item)
 A list of tags the deployment should have. See [tags](./tags.md) for more details. For includes, this means that all
 sub-deployments will get these tags applied to. If not specified, the default tags logic as described in [tags](./tags.md)
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 3f157f400..32d1654b3 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -31,6 +31,8 @@ vars:
   ignoreMissing: true
 - file: default-vars.yaml
   noOverride: true
+- file: vars3.yaml
+  when: some.var == "value"
 ```
 
 `vars2.yaml` can now use variables that are defined in `vars1.yaml`. At all times, variables defined by
@@ -42,6 +44,9 @@ can not be found.
 When specifying `noOverride: true`, Kluctl will not override variables from the previously loaded variables. This is
 useful if you want to load default values for variables.
 
+Variables can also be loaded conditionally by specifying a condition via `when: <condition>`. The condition must be in
+the same format as described in [conditional deployment items](../deployments/deployment-yml.md#when)
+
 Different types of vars entries are possible:
 
 ### file

From e335213e5ec4196a86b57073e554e248637f8577 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 7 Feb 2023 13:57:41 +0100
Subject: [PATCH 0785/2268] feat: Deprecate dynamic targets

---
 pkg/kluctl_project/targets.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 66a5afb1f..dd2eb4ff5 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -126,6 +126,10 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 		return nil, fmt.Errorf("'refPattern' and 'ref' can't be specified together")
 	}
 
+	if baseTarget.TargetConfig.RefPattern != nil {
+		status.Deprecation(c.ctx, "dynamic-targets-ref-pattern", "'refPattern' and corresponding dynamic targets are deprecated and will be removed in an upcoming release.")
+	}
+
 	targetConfigRef := baseTarget.TargetConfig.Ref
 	refPattern := baseTarget.TargetConfig.RefPattern
 

From 66766066ac3db31033093407cddec42d11efd3e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Feb 2023 16:18:24 +0100
Subject: [PATCH 0786/2268] feat: Update deprecation warnings for feature that
 will be removed in the next release

---
 cmd/kluctl/commands/cmd_check_image_updates.go | 2 +-
 cmd/kluctl/commands/utils.go                   | 4 ++--
 pkg/deployment/images.go                       | 2 +-
 pkg/kluctl_project/targets.go                  | 6 +++---
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
index 7e7966ed0..782ed9868 100644
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ b/cmd/kluctl/commands/cmd_check_image_updates.go
@@ -23,7 +23,7 @@ func (cmd *checkImageUpdatesCmd) Help() string {
 }
 
 func (cmd *checkImageUpdatesCmd) Run(ctx context.Context) error {
-	status.Deprecation(ctx, "check-image-updates", "check-image-updates is deprecated and will be removed in a future kluctl release.")
+	status.Deprecation(ctx, "check-image-updates", "check-image-updates is deprecated and will be removed in the next kluctl release.")
 	ptArgs := projectTargetCommandArgs{
 		projectFlags: cmd.ProjectFlags,
 		targetFlags:  cmd.TargetFlags,
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3259ab704..b2807f72b 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -151,10 +151,10 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
 	}
 	if args.imageFlags.UpdateImages {
-		status.Deprecation(ctx, "update-images", "--update-images is deprecated and will be removed in a future kluctl release.")
+		status.Deprecation(ctx, "update-images", "--update-images is deprecated and will be removed in the next kluctl release.")
 	}
 	if !args.imageFlags.OfflineImages {
-		status.Deprecation(ctx, "online-images", "--offline-images=false is deprecated and will be removed in a future kluctl release.")
+		status.Deprecation(ctx, "online-images", "--offline-images=false is deprecated and will be removed in the next kluctl release.")
 	}
 	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.imageFlags.OfflineImages || args.forCompletion)
 	if err != nil {
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 076350faf..11112761a 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -303,7 +303,7 @@ func (images *Images) resolveImage(ctx context.Context, ph placeHolder, ref k8s2
 	}
 
 	if ph.HasLatestVersion {
-		status.Deprecation(ctx, "latest-version-filter", "latest_version is deprecated when using images.get_image()")
+		status.Deprecation(ctx, "latest-version-filter", "latest_version is deprecated when using images.get_image() and will be removed in the next kluctl release.")
 	}
 
 	registry, err := images.GetLatestImageFromRegistry(ph.Image, ph.LatestVersion)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index dd2eb4ff5..9f010b542 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -127,7 +127,7 @@ func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Ta
 	}
 
 	if baseTarget.TargetConfig.RefPattern != nil {
-		status.Deprecation(c.ctx, "dynamic-targets-ref-pattern", "'refPattern' and corresponding dynamic targets are deprecated and will be removed in an upcoming release.")
+		status.Deprecation(c.ctx, "dynamic-targets-ref-pattern", "'refPattern' and corresponding dynamic targets are deprecated and will be removed in the next kluctl release.")
 	}
 
 	targetConfigRef := baseTarget.TargetConfig.Ref
@@ -249,7 +249,7 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 	}
 
 	if len(target.DynamicArgs) != 0 {
-		status.Deprecation(c.ctx, "dynamic-args", "dynamicArgs are deprecated and ignored. The field will be removed in a future kluctl release.")
+		status.Deprecation(c.ctx, "dynamic-args", "dynamicArgs are deprecated and ignored. The field will be removed in the next kluctl release.")
 	}
 
 	// check and merge args
@@ -257,7 +257,7 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 		target.Args.Merge(targetConfig.Args)
 	}
 	if len(targetConfig.Images) != 0 {
-		status.Deprecation(c.ctx, "target-config-images", "specifying fixed images via external 'targetConfig' is deprecated and support for this will be removed in a future kluctl release.")
+		status.Deprecation(c.ctx, "target-config-images", "specifying fixed images via external 'targetConfig' is deprecated and support for this will be removed in the next kluctl release.")
 	}
 	// We prepend the dynamic images to ensure they get higher priority later
 	target.Images = append(targetConfig.Images, target.Images...)

From 08baf43e4ddf5c6faa073dac7335a6539fe7a11a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Feb 2023 16:19:02 +0100
Subject: [PATCH 0787/2268] feat: Deprecate targetConfig

---
 pkg/kluctl_project/targets.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 9f010b542..59c27ee08 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -237,6 +237,8 @@ func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo)
 		return &target, nil
 	}
 
+	status.Deprecation(c.ctx, "target-config", "'targetConfig' in targets is deprecated and will be removed in the next kluctl release.")
+
 	configFile, err := c.loadTargetConfigFile(targetInfo)
 	if err != nil {
 		return nil, err

From 7cf8bbafe4b329988b268296598c697983ad54a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Feb 2023 16:30:08 +0100
Subject: [PATCH 0788/2268] docs: Remove mentions of dynamic targets

---
 cmd/kluctl/commands/cmd_list_targets.go       |   2 +-
 cmd/kluctl/commands/root.go                   |   2 +-
 docs/reference/commands/list-targets.md       |   4 +-
 .../kluctl-project/targets/README.md          |  10 +-
 .../kluctl-project/targets/dynamic-targets.md | 100 ------------------
 5 files changed, 6 insertions(+), 112 deletions(-)
 delete mode 100644 docs/reference/kluctl-project/targets/dynamic-targets.md

diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index dca1b646d..7d2649716 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -13,7 +13,7 @@ type listTargetsCmd struct {
 }
 
 func (cmd *listTargetsCmd) Help() string {
-	return `Outputs a yaml list with all target, including dynamic targets`
+	return `Outputs a yaml list with all targets`
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 64e3e772f..2b37ba7d3 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -61,7 +61,7 @@ type cli struct {
 	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pre-pulls the specified Helm charts"`
 	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
 	ListImages        listImagesCmd        `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
-	ListTargets       listTargetsCmd       `cmd:"" help:"Outputs a yaml list with all target, including dynamic targets"`
+	ListTargets       listTargetsCmd       `cmd:"" help:"Outputs a yaml list with all targets"`
 	PokeImages        pokeImagesCmd        `cmd:"" help:"Replace all images in target"`
 	Prune             pruneCmd             `cmd:"" help:"Searches the target cluster for prunable objects and deletes them"`
 	Render            renderCmd            `cmd:"" help:"Renders all resources and configuration files"`
diff --git a/docs/reference/commands/list-targets.md b/docs/reference/commands/list-targets.md
index f99d5b2e0..52d882321 100644
--- a/docs/reference/commands/list-targets.md
+++ b/docs/reference/commands/list-targets.md
@@ -13,8 +13,8 @@ description: >
 <!-- BEGIN SECTION "list-targets" "Usage" false -->
 Usage: kluctl list-targets [flags]
 
-Outputs a yaml list with all target, including dynamic targets
-Outputs a yaml list with all target, including dynamic targets
+Outputs a yaml list with all targets
+Outputs a yaml list with all targets
 
 <!-- END SECTION -->
 
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/reference/kluctl-project/targets/README.md
index d3fea1d5f..4cb00e161 100644
--- a/docs/reference/kluctl-project/targets/README.md
+++ b/docs/reference/kluctl-project/targets/README.md
@@ -15,9 +15,9 @@ Specifies a list of targets for which commands can be invoked. A target puts tog
 configuration and the target cluster. Multiple targets can exist which target the same cluster but with differing
 configuration (via `args`).
 
-Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target itself.
+Each value found in the target definition is rendered with a simple Jinja2 context that only contains the target and args.
 The rendering process is retried 10 times until it finally succeeds, allowing you to reference
-the target itself in complex ways. This is especially useful when using [dynamic targets](./dynamic-targets.md).
+the target itself in complex ways.
 
 Target entries have the following form:
 ```yaml
@@ -50,16 +50,10 @@ If this field is omitted, Kluctl will always use the currently active context.
 This fields specifies a map of arguments to be passed to the deployment project when it is rendered. Allowed argument names
 are configured via [deployment args](../../deployments/deployment-yml.md#args).
 
-The arguments specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#args)
-have higher priority.
-
 ## images
 This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images.md#imagesget_image).
 The format is identical to the [fixed images file](../../deployments/images.md#command-line-argument---fixed-images-file).
 
-The fixed images specified in the [dynamic target config](../../kluctl-project/targets/dynamic-targets.md#images)
-have higher priority.
-
 ## discriminator
 
 Specifies a discriminator which is used to uniquely identify all deployed objects on the cluster. It is added to all
diff --git a/docs/reference/kluctl-project/targets/dynamic-targets.md b/docs/reference/kluctl-project/targets/dynamic-targets.md
deleted file mode 100644
index 6b18cace4..000000000
--- a/docs/reference/kluctl-project/targets/dynamic-targets.md
+++ /dev/null
@@ -1,100 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "Dynamic Targets"
-linkTitle: "Dynamic Targets"
-weight: 1
-description: >
-    Dynamically defined targets.
----
--->
-
-# Dynamic Targets
-
-Targets can also be "dynamic", meaning that additional configuration can be sourced from another git repository.
-This can be based on a single target repository and branch, or on a target repository and branch/ref pattern, resulting
-in multiple dynamic targets being created from one target definition.
-
-Please note that a single entry in `target` might end up with multiple dynamic targets, meaning that the name must be
-made unique between these dynamic targets. This can be achieved by using templating in the `name` field. As an example,
-`{{ target.targetConfig.ref }}` can be used to set the target name to the branch name of the dynamic target.
-
-Dynamic targets have the following form:
-```yaml
-targets:
-...
-  - name: <dynamic_target_name>
-    context: <cluster_name>
-    args: ...
-      arg1: <value1>
-      arg2: <value2>
-      ...
-    targetConfig:
-      project:
-        url: <git-url>
-      ref: <ref-name>
-      refPattern: <regex-pattern>
-      file: <config-file>
-...
-```
-
-All fields known from normal targets are allowed. In addition, the targetConfig with following fields is available.
-
-## targetConfig
-
-The presence of this field causes the target to become a dynamic target. 
-It specifies where to look for dynamic targets and their addional configuration. It has the following form:
-
-```yaml
-...
-targets:
-...
-- name: <dynamic_target_name>
-  ...
-  targetConfig:
-    project:
-      url: <git-url>
-    ref: <ref-name>
-    refPattern: <regex-pattern>
-...
-```
-
-### project.url
-This field specifies the git clone url of the target configuration project.
-
-### ref
-This field specifies the branch or tag to use. If this field is specified, using `refPattern` is forbidden.
-This will result in one single dynamic target.
-
-### refPattern
-This field specifies a regex pattern to use when looking for candidate branches and tags. If this is specified,
-using `ref` is forbidden. This will result in multiple dynamic targets. Each dynamic target will have `ref` set to
-the actual branch name it belong to. This allows using of `{{ target.targetConfig.ref }}` in all other target fields.
-
-### file
-This field specifies the config file name to read externalized target config from.
-
-## Format of the target config
-The target config file referenced in `targetConfig` must be of the following format:
-
-```yaml
-args:
-  arg1: value1
-  arg2: value2
-images:
-  - image: registry.gitlab.com/my-group/my-project
-    resultImage: registry.gitlab.com/my-group/my-project:1.1.0
-```
-
-### args
-An optional map of arguments, in the same format as in the normal [target args](../../kluctl-project/targets#args).
-
-The arguments specified here have higher priority.
-
-### images
-An optional list of fixed images, in the same format as in the normal [target images](../../kluctl-project/targets#images)
-
-## Simple dynamic targets
-
-A simplified form of dynamic targets is to store target config inside the same directory/project as the `.kluctl.yaml`.
-This can be done by omitting `project`, `ref` and `refPattern` from `targetConfig` and only specify `file`.

From 95bd6ddf45c3f327f4c79a8f6a1eba5332c0a848 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Feb 2023 10:12:38 +0100
Subject: [PATCH 0789/2268] fix: Use default discriminator for deployments
 without targets (#315)

---
 e2e/test-utils/project.go            |  2 +-
 pkg/kluctl_project/target_context.go | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 74b64f2e2..dc1c5daee 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -79,7 +79,7 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p.gitServer.GitInit(p.gitRepoName)
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name }}", rand.String(16)), "discriminator")
+		_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name or 'no-name' }}", rand.String(16)), "discriminator")
 		return nil
 	})
 	p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 6ebb6fa86..a16a9e027 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -48,6 +48,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	}
 
 	var target *types.Target
+	needRender := false
 	if params.TargetName != "" {
 		t, err := p.FindDynamicTarget(params.TargetName)
 		if err != nil {
@@ -55,7 +56,10 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		}
 		target = &*t.Target
 	} else {
-		target = &types.Target{}
+		target = &types.Target{
+			Discriminator: p.Config.Discriminator,
+		}
+		needRender = true
 	}
 	if params.TargetNameOverride != "" {
 		target.Name = params.TargetNameOverride
@@ -64,6 +68,14 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		target.Context = &params.ContextOverride
 	}
 
+	if needRender {
+		// we must render the target after handling overrides
+		err = p.renderTarget(target)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	params.Images.PrependFixedImages(target.Images)
 
 	clientConfig, clusterContext, err := p.loadK8sConfig(target, params.OfflineK8s)

From 9162ce95222d33045e6e1ac7e7efcb6e5cbd7546 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Feb 2023 10:13:38 +0100
Subject: [PATCH 0790/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.8.3 to 1.9.0 (#312)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 18 ++----------------
 go.sum | 53 ++---------------------------------------------------
 2 files changed, 4 insertions(+), 67 deletions(-)

diff --git a/go.mod b/go.mod
index 7963c49ef..eeb038245 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/google/go-containerregistry v0.13.0
-	github.com/hashicorp/vault/api v1.8.3
+	github.com/hashicorp/vault/api v1.9.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.13
 	github.com/jinzhu/copier v0.3.5
@@ -61,6 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.17.4
 	github.com/aws/aws-sdk-go-v2/config v1.18.12
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3
+	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -92,8 +93,6 @@ require (
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
-	github.com/armon/go-metrics v0.4.1 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.12 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect
@@ -133,7 +132,6 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
-	github.com/go-git/go-git/v5 v5.5.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
@@ -144,7 +142,6 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
@@ -160,20 +157,12 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.8 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/sdk v0.7.0 // indirect
-	github.com/hashicorp/yamux v0.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
@@ -191,7 +180,6 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
@@ -202,12 +190,10 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.2.3 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index a2bfbdd9b..a529767df 100644
--- a/go.sum
+++ b/go.sum
@@ -73,7 +73,6 @@ github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
@@ -101,19 +100,13 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA=
-github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
@@ -171,7 +164,6 @@ github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTx
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
@@ -179,8 +171,6 @@ github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHe
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
-github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.0 h1:Anq00jxDtoyX3+aCaYUZ0vXC5r4k4epberfWGDXV1zE=
@@ -252,7 +242,6 @@ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSY
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47Q2oaKDekn+BZVZCmxeCWNi+FyownE=
@@ -287,7 +276,6 @@ github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmnc
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -367,8 +355,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -441,7 +427,6 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@@ -449,22 +434,15 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I=
 github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
-github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.4.8 h1:CHGwpxYDOttQOY7HOWgETU9dyVjOXzniXDqJcYJE1zM=
-github.com/hashicorp/go-plugin v1.4.8/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s=
-github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
 github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ=
-github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
@@ -476,27 +454,18 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
-github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
-github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
-github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
-github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
-github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/hashicorp/vault/api v1.9.0 h1:ab7dI6W8DuCY7yCU8blo0UCYl2oHre/dloCmzMWg9w8=
+github.com/hashicorp/vault/api v1.9.0/go.mod h1:lloELQP4EyhjnCQhF8agKvWIVTmxbpEJj70b98959sM=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -517,7 +486,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -528,7 +496,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -621,8 +588,6 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
-github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
@@ -661,8 +626,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
 github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
-github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
-github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow=
 github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
@@ -681,16 +644,12 @@ github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT9
 github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
 github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
-github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
-github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
-github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI=
 github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
@@ -711,24 +670,20 @@ github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
 github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
 github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
@@ -759,7 +714,6 @@ github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5g
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
@@ -806,7 +760,6 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/urfave/cli v1.22.7 h1:aXiFAgRugfJ27UFDsGJ9DB2FvTC73hlVXFSqq5bo9eU=
 github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
@@ -1005,7 +958,6 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1292,7 +1244,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=

From 0a998d887e52ff157a53c8a62f9f7e7f93fb5fa2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Feb 2023 18:58:29 +0100
Subject: [PATCH 0791/2268] feat: Remove targetConfig and dynamic targets
 related features

---
 cmd/kluctl/commands/cmd_list_targets.go |   4 +-
 cmd/kluctl/commands/cmd_seal.go         |  27 +---
 cmd/kluctl/commands/completion.go       |  12 +-
 pkg/kluctl_project/git.go               |  50 ------
 pkg/kluctl_project/project.go           |  17 +-
 pkg/kluctl_project/project_load.go      |   5 -
 pkg/kluctl_project/target_context.go    |   4 +-
 pkg/kluctl_project/targets.go           | 206 +-----------------------
 pkg/kluctl_project/targets_test.go      |  26 ---
 pkg/types/kluctl_project.go             |  24 +--
 10 files changed, 30 insertions(+), 345 deletions(-)
 delete mode 100644 pkg/kluctl_project/git.go
 delete mode 100644 pkg/kluctl_project/targets_test.go

diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 7d2649716..ce39e8476 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -19,8 +19,8 @@ func (cmd *listTargetsCmd) Help() string {
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
 	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
-		for _, t := range p.DynamicTargets {
-			result = append(result, t.Target)
+		for _, t := range p.Targets {
+			result = append(result, t)
 		}
 		return outputYamlResult(ctx, cmd.Output, result, false)
 	})
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index ec00b4612..69ecad6ee 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -158,35 +158,18 @@ func (cmd *sealCmd) Run(ctx context.Context) error {
 	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
-		baseTargets := make(map[string]bool)
 		noTargetMatch := true
-		for _, target := range p.DynamicTargets {
-			if cmd.Target != "" && cmd.Target != target.Target.Name {
+		for _, target := range p.Targets {
+			if cmd.Target != "" && cmd.Target != target.Name {
 				continue
 			}
-			if target.Target.SealingConfig == nil {
-				status.Info(ctx, "Target %s has no sealingConfig", target.Target.Name)
+			if target.SealingConfig == nil {
+				status.Info(ctx, "Target %s has no sealingConfig", target.Name)
 				continue
 			}
 			noTargetMatch = false
 
-			sealTarget := target.Target
-			dynamicSealing := target.Target.SealingConfig.DynamicSealing == nil || *target.Target.SealingConfig.DynamicSealing
-			isDynamicTarget := target.BaseTargetName != target.Target.Name
-			if !dynamicSealing && isDynamicTarget {
-				baseTarget, err := p.FindBaseTarget(target.BaseTargetName)
-				if err != nil {
-					return err
-				}
-				if baseTargets[target.BaseTargetName] {
-					// Skip this target as it was already sealed
-					continue
-				}
-				baseTargets[target.BaseTargetName] = true
-				sealTarget = baseTarget
-			}
-
-			err := cmd.runCmdSealForTarget(ctx, p, sealTarget.Name)
+			err := cmd.runCmdSealForTarget(ctx, p, target.Name)
 			if err != nil {
 				hadError = true
 				status.Error(ctx, err.Error())
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 225ae0fba..77e7fe978 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -59,8 +59,8 @@ func buildTargetCompletionFunc(ctx context.Context, projectArgs *args.ProjectFla
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		var ret []string
 		err := withProjectForCompletion(ctx, projectArgs, argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
-			for _, t := range p.DynamicTargets {
-				ret = append(ret, t.Target.Name)
+			for _, t := range p.Targets {
+				ret = append(ret, t.Name)
 			}
 			return nil
 		})
@@ -107,8 +107,8 @@ func buildInclusionCompletionFunc(ctx context.Context, cmdStruct interface{}, fo
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
-				for _, t := range p.DynamicTargets {
-					targets = append(targets, t.Target.Name)
+				for _, t := range p.Targets {
+					targets = append(targets, t.Name)
 				}
 			} else {
 				targets = append(targets, ptArgs.targetFlags.Target)
@@ -161,8 +161,8 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 			var targets []string
 			if ptArgs.targetFlags.Target == "" {
-				for _, t := range p.DynamicTargets {
-					targets = append(targets, t.Target.Name)
+				for _, t := range p.Targets {
+					targets = append(targets, t.Name)
 				}
 			} else {
 				targets = append(targets, ptArgs.targetFlags.Target)
diff --git a/pkg/kluctl_project/git.go b/pkg/kluctl_project/git.go
deleted file mode 100644
index 393836704..000000000
--- a/pkg/kluctl_project/git.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package kluctl_project
-
-import (
-	"fmt"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"sync"
-)
-
-func (c *LoadedKluctlProject) updateGitCaches() error {
-	var waitGroup sync.WaitGroup
-	var firstError error
-	var firstErrorLock sync.Mutex
-
-	doError := func(err error) {
-		firstErrorLock.Lock()
-		defer firstErrorLock.Unlock()
-		if firstError == nil {
-			firstError = err
-		}
-	}
-
-	doUpdateGitProject := func(u git_url.GitUrl) error {
-		waitGroup.Add(1)
-		go func() {
-			defer waitGroup.Done()
-
-			_, err := c.RP.GetEntry(u)
-			if err != nil {
-				doError(fmt.Errorf("failed to update git project %v: %v", u.String(), err))
-			}
-		}()
-
-		return nil
-	}
-
-	for _, target := range c.Config.Targets {
-		if target.TargetConfig == nil || target.TargetConfig.Project == nil {
-			continue
-		}
-
-		err := doUpdateGitProject(target.TargetConfig.Project.Url)
-		if err != nil {
-			waitGroup.Wait()
-			return err
-		}
-	}
-
-	waitGroup.Wait()
-	return firstError
-}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index cc3eb603a..d959f5dc3 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -21,28 +21,19 @@ type LoadedKluctlProject struct {
 
 	sealedSecretsDir string
 
-	Config         types2.KluctlProject
-	DynamicTargets []*types2.DynamicTarget
+	Config  types2.KluctlProject
+	Targets []*types2.Target
 
 	J2            *jinja2.Jinja2
 	RP            *repocache.GitRepoCache
 	SopsDecrypter *decryptor.Decryptor
 }
 
-func (c *LoadedKluctlProject) FindBaseTarget(name string) (*types2.Target, error) {
-	for _, target := range c.Config.Targets {
+func (c *LoadedKluctlProject) FindTarget(name string) (*types2.Target, error) {
+	for _, target := range c.Targets {
 		if target.Name == name {
 			return target, nil
 		}
 	}
 	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
 }
-
-func (c *LoadedKluctlProject) FindDynamicTarget(name string) (*types2.DynamicTarget, error) {
-	for _, target := range c.DynamicTargets {
-		if target.Target.Name == name {
-			return target, nil
-		}
-	}
-	return nil, fmt.Errorf("target %s not existent in kluctl project config", name)
-}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 2af17c0d0..0d9648db1 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -57,11 +57,6 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	s := status.Start(c.ctx, "Loading kluctl project")
 	defer s.Failed()
 
-	err = c.updateGitCaches()
-	if err != nil {
-		return err
-	}
-
 	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
 
 	sealedSecretsUsed := false
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index a16a9e027..4985784be 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -50,11 +50,11 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	var target *types.Target
 	needRender := false
 	if params.TargetName != "" {
-		t, err := p.FindDynamicTarget(params.TargetName)
+		t, err := p.FindTarget(params.TargetName)
 		if err != nil {
 			return nil, err
 		}
-		target = &*t.Target
+		target = &*t
 	} else {
 		target = &types.Target{
 			Discriminator: p.Config.Discriminator,
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 59c27ee08..5a7ceb06d 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -1,16 +1,10 @@
 package kluctl_project
 
 import (
-	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"os"
-	"regexp"
 	"sort"
-	"strings"
 )
 
 type dynamicTargetInfo struct {
@@ -27,24 +21,11 @@ func (c *LoadedKluctlProject) loadTargets() error {
 	defer status.Trace(c.ctx, "Done loading targets")
 
 	targetNames := make(map[string]bool)
-	c.DynamicTargets = nil
+	c.Targets = nil
 
-	var targetInfos []*dynamicTargetInfo
-	for _, baseTarget := range c.Config.Targets {
-		l, err := c.prepareDynamicTargets(baseTarget)
+	for _, configTarget := range c.Config.Targets {
+		target, err := c.buildTarget(configTarget)
 		if err != nil {
-			return err
-		}
-		targetInfos = append(targetInfos, l...)
-	}
-
-	for _, targetInfo := range targetInfos {
-		target, err := c.buildDynamicTarget(targetInfo)
-		if err != nil {
-			// Only fail if non-dynamic targets fail to load
-			if targetInfo.refPattern == nil {
-				return err
-			}
 			status.Warning(c.ctx, "Failed to load dynamic target config for project: %v", err)
 			continue
 		}
@@ -59,14 +40,11 @@ func (c *LoadedKluctlProject) loadTargets() error {
 			status.Warning(c.ctx, "Duplicate target %s", target.Name)
 		} else {
 			targetNames[target.Name] = true
-			c.DynamicTargets = append(c.DynamicTargets, &types.DynamicTarget{
-				Target:         target,
-				BaseTargetName: targetInfo.baseTarget.Name,
-			})
+			c.Targets = append(c.Targets, target)
 		}
 	}
-	sort.SliceStable(c.DynamicTargets, func(i, j int) bool {
-		return c.DynamicTargets[i].Target.Name < c.DynamicTargets[j].Target.Name
+	sort.SliceStable(c.Targets, func(i, j int) bool {
+		return c.Targets[i].Name < c.Targets[j].Name
 	})
 	return nil
 }
@@ -91,182 +69,14 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 	return retErr
 }
 
-func (c *LoadedKluctlProject) prepareDynamicTargets(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	if baseTarget.TargetConfig != nil && baseTarget.TargetConfig.Project != nil {
-		return c.prepareDynamicTargetsExternal(baseTarget)
-	} else {
-		return c.prepareDynamicTargetsSimple(baseTarget)
-	}
-}
-
-func (c *LoadedKluctlProject) prepareDynamicTargetsSimple(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	if baseTarget.TargetConfig != nil {
-		if baseTarget.TargetConfig.Ref != nil || baseTarget.TargetConfig.RefPattern != nil {
-			return nil, fmt.Errorf("'ref' and/or 'refPattern' are not allowed for non-external dynamic targets")
-		}
-	}
-	dynamicTargets := []*dynamicTargetInfo{
-		{
-			baseTarget: baseTarget,
-			dir:        c.ProjectDir,
-		},
-	}
-	return dynamicTargets, nil
-}
-
-func (c *LoadedKluctlProject) prepareDynamicTargetsExternal(baseTarget *types.Target) ([]*dynamicTargetInfo, error) {
-	ge, err := c.RP.GetEntry(baseTarget.TargetConfig.Project.Url)
-	if err != nil {
-		return nil, err
-	}
-
-	repoInfo := ge.GetRepoInfo()
-
-	if baseTarget.TargetConfig.Ref != nil && baseTarget.TargetConfig.RefPattern != nil {
-		return nil, fmt.Errorf("'refPattern' and 'ref' can't be specified together")
-	}
-
-	if baseTarget.TargetConfig.RefPattern != nil {
-		status.Deprecation(c.ctx, "dynamic-targets-ref-pattern", "'refPattern' and corresponding dynamic targets are deprecated and will be removed in the next kluctl release.")
-	}
-
-	targetConfigRef := baseTarget.TargetConfig.Ref
-	refPattern := baseTarget.TargetConfig.RefPattern
-
-	defaultBranch := repoInfo.DefaultRef
-	if defaultBranch == "" {
-		return nil, fmt.Errorf("git project %v seems to have no default branch", baseTarget.TargetConfig.Project.Url.String())
-	}
-
-	if baseTarget.TargetConfig.Ref == nil && baseTarget.TargetConfig.RefPattern == nil {
-		// use default branch of repo
-		targetConfigRef = &defaultBranch
-	}
-
-	refs := repoInfo.RemoteRefs
-	if targetConfigRef != nil {
-		if _, ok := refs[fmt.Sprintf("refs/heads/%s", *targetConfigRef)]; !ok {
-			return nil, fmt.Errorf("git project %s has no ref %s", baseTarget.TargetConfig.Project.Url.String(), *targetConfigRef)
-		}
-		refPattern = targetConfigRef
-	}
-
-	var dynamicTargets []*dynamicTargetInfo
-	for ref := range refs {
-		m, refShortName, err := c.matchRef(ref, *refPattern)
-		if err != nil {
-			return nil, err
-		}
-		if !m {
-			continue
-		}
-
-		ge, err := c.RP.GetEntry(baseTarget.TargetConfig.Project.Url)
-		if err != nil {
-			return nil, err
-		}
-
-		dir, _, err := ge.GetClonedDir(refShortName)
-		if err != nil {
-			return nil, err
-		}
-
-		dynamicTargets = append(dynamicTargets, &dynamicTargetInfo{
-			baseTarget:    baseTarget,
-			dir:           dir,
-			gitProject:    baseTarget.TargetConfig.Project,
-			ref:           &refShortName,
-			refPattern:    refPattern,
-			defaultBranch: defaultBranch,
-		})
-	}
-	return dynamicTargets, nil
-}
-
-func (c *LoadedKluctlProject) matchRef(s string, pattern string) (bool, string, error) {
-	if strings.HasPrefix(pattern, "refs/") {
-		p, err := regexp.Compile(fmt.Sprintf("^%s$", pattern))
-		if err != nil {
-			return false, "", err
-		}
-		return p.MatchString(s), s, nil
-	}
-	p1, err := regexp.Compile(fmt.Sprintf("^refs/heads/%s$", pattern))
-	if err != nil {
-		return false, "", err
-	}
-	p2, err := regexp.Compile(fmt.Sprintf("^refs/tags/%s$", pattern))
-	if err != nil {
-		return false, "", err
-	}
-	if p1.MatchString(s) {
-		return true, s[len("refs/heads/"):], nil
-	} else if p2.MatchString(s) {
-		return true, s[len("refs/tags/"):], nil
-	} else {
-		return false, "", nil
-	}
-}
-
-func (c *LoadedKluctlProject) loadTargetConfigFile(targetInfo *dynamicTargetInfo) ([]byte, error) {
-	configFile := yaml.FixNameExt(targetInfo.dir, "target-config.yml")
-	if targetInfo.baseTarget.TargetConfig.File != nil {
-		configFile = *targetInfo.baseTarget.TargetConfig.File
-	}
-	configPath, err := securejoin.SecureJoin(targetInfo.dir, configFile)
-	if err != nil {
-		return nil, err
-	}
-	if !utils.IsFile(configPath) {
-		return nil, fmt.Errorf("no target config file with name %s found in target", configFile)
-	}
-
-	return os.ReadFile(configPath)
-}
-
-func (c *LoadedKluctlProject) buildDynamicTarget(targetInfo *dynamicTargetInfo) (*types.Target, error) {
+func (c *LoadedKluctlProject) buildTarget(configTarget *types.Target) (*types.Target, error) {
 	var target types.Target
-	err := utils.DeepCopy(&target, targetInfo.baseTarget)
+	err := utils.DeepCopy(&target, configTarget)
 	if err != nil {
 		return nil, err
 	}
 	if target.Discriminator == "" {
 		target.Discriminator = c.Config.Discriminator
 	}
-	if targetInfo.baseTarget.TargetConfig == nil {
-		return &target, nil
-	}
-
-	status.Deprecation(c.ctx, "target-config", "'targetConfig' in targets is deprecated and will be removed in the next kluctl release.")
-
-	configFile, err := c.loadTargetConfigFile(targetInfo)
-	if err != nil {
-		return nil, err
-	}
-
-	var targetConfig types.TargetConfig
-	err = yaml.ReadYamlBytes(configFile, &targetConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(target.DynamicArgs) != 0 {
-		status.Deprecation(c.ctx, "dynamic-args", "dynamicArgs are deprecated and ignored. The field will be removed in the next kluctl release.")
-	}
-
-	// check and merge args
-	if targetConfig.Args != nil {
-		target.Args.Merge(targetConfig.Args)
-	}
-	if len(targetConfig.Images) != 0 {
-		status.Deprecation(c.ctx, "target-config-images", "specifying fixed images via external 'targetConfig' is deprecated and support for this will be removed in the next kluctl release.")
-	}
-	// We prepend the dynamic images to ensure they get higher priority later
-	target.Images = append(targetConfig.Images, target.Images...)
-
-	if targetInfo.ref != nil {
-		target.TargetConfig.Ref = targetInfo.ref
-	}
-
 	return &target, nil
 }
diff --git a/pkg/kluctl_project/targets_test.go b/pkg/kluctl_project/targets_test.go
deleted file mode 100644
index 8f1cf30b1..000000000
--- a/pkg/kluctl_project/targets_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package kluctl_project
-
-import (
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/stretchr/testify/assert"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestLoadTargetConfigFile(t *testing.T) {
-	c := LoadedKluctlProject{}
-	ti := &dynamicTargetInfo{
-		baseTarget: &types.Target{
-			TargetConfig: &types.ExternalTargetConfig{},
-		},
-		dir: t.TempDir(),
-	}
-	err := os.WriteFile(filepath.Join(ti.dir, "target-config.yml"), []byte("test"), 0600)
-	assert.NoError(t, err)
-
-	data, err := c.loadTargetConfigFile(ti)
-	assert.NoError(t, err)
-
-	assert.Equal(t, []byte("test"), data)
-}
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 33078a4ae..840542dd6 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -8,22 +8,10 @@ type DynamicArg struct {
 	Name string `yaml:"name" validate:"required"`
 }
 
-type ExternalTargetConfig struct {
-	Project *GitProject `yaml:"project,omitempty"`
-	// Ref Branch/Tag to be used. Can't be combined with 'refPattern'. If 'branch' and 'branchPattern' are not used, 'branch' defaults to the default branch of targetConfig.project
-	Ref *string `yaml:"ref,omitempty"`
-	// RefPattern If set, multiple dynamic targets are created, each with 'ref' being set to the ref that matched the given pattern.
-	RefPattern *string `yaml:"refPattern,omitempty"`
-	// File defaults to 'target-config.yml'
-	File *string `yaml:"file,omitempty"`
-}
-
 type SealingConfig struct {
-	// DynamicSealing Set this to false if you want to disable sealing for every dynamic target
-	DynamicSealing *bool                  `yaml:"dynamicSealing,omitempty"`
-	Args           *uo.UnstructuredObject `yaml:"args,omitempty"`
-	SecretSets     []string               `yaml:"secretSets,omitempty"`
-	CertFile       *string                `yaml:"certFile,omitempty"`
+	Args       *uo.UnstructuredObject `yaml:"args,omitempty"`
+	SecretSets []string               `yaml:"secretSets,omitempty"`
+	CertFile   *string                `yaml:"certFile,omitempty"`
 }
 
 type Target struct {
@@ -31,17 +19,11 @@ type Target struct {
 	Context       *string                `yaml:"context,omitempty"`
 	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
 	DynamicArgs   []DynamicArg           `yaml:"dynamicArgs,omitempty"`
-	TargetConfig  *ExternalTargetConfig  `yaml:"targetConfig,omitempty"`
 	SealingConfig *SealingConfig         `yaml:"sealingConfig,omitempty"`
 	Images        []FixedImage           `yaml:"images,omitempty"`
 	Discriminator string                 `yaml:"discriminator,omitempty"`
 }
 
-type DynamicTarget struct {
-	Target         *Target `yaml:"target" validate:"required"`
-	BaseTargetName string  `yaml:"baseTargetName"`
-}
-
 type DeploymentArg struct {
 	Name    string      `yaml:"name" validate:"required"`
 	Default interface{} `yaml:"default,omitempty"`

From 65ce9dfe09adb391e0c9a0f49c285bd58164f6fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Feb 2023 10:26:38 +0100
Subject: [PATCH 0792/2268] refactor: Use semver lib for checkNewVersion

---
 cmd/kluctl/commands/root.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 2b37ba7d3..3736d00ad 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,6 +18,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/Masterminds/semver/v3"
 	flag "github.com/spf13/pflag"
 	"io"
 	"log"
@@ -28,10 +29,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/mattn/go-colorable"
@@ -184,10 +185,18 @@ func checkNewVersion(ctx context.Context) {
 	if strings.HasPrefix(latestVersionStr, "v") {
 		latestVersionStr = latestVersionStr[1:]
 	}
-	latestVersion := versions.LooseVersion(latestVersionStr)
-	localVersion := versions.LooseVersion(version.GetVersion())
-	if localVersion.Less(latestVersion, true) {
-		s.Update(fmt.Sprintf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion, latestVersion))
+	latestVersion, err := semver.NewVersion(latestVersionStr)
+	if err != nil {
+		s.FailedWithMessage("Failed to parse latest version: %v", err)
+		return
+	}
+	localVersion, err := semver.NewVersion(version.GetVersion())
+	if err != nil {
+		s.FailedWithMessage("Failed to parse local version: %v", err)
+		return
+	}
+	if localVersion.LessThan(latestVersion) {
+		s.Update(fmt.Sprintf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion.String(), latestVersion.String()))
 	} else {
 		s.Update("Your kluctl version is up-to-date")
 	}

From 1114983aa66007752907810b43201c529b469aa5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 11 Feb 2023 13:50:24 +0100
Subject: [PATCH 0793/2268] feat: Remove deprecated code in regard to querying
 latest image versions

---
 cmd/kluctl/args/images.go                     |   2 -
 .../commands/cmd_check_image_updates.go       | 135 --------
 cmd/kluctl/commands/root.go                   |  28 +-
 cmd/kluctl/commands/utils.go                  |  14 +-
 docs/reference/commands/common-arguments.md   |  10 -
 pkg/deployment/images.go                      |  76 +----
 pkg/kluctl_jinja2/ext/images_ext.py           |   5 +-
 pkg/types/target_config.go                    |   2 -
 pkg/utils/versions/latest_version.go          | 160 ----------
 pkg/utils/versions/latest_version_parse.go    | 299 ------------------
 .../versions/latest_version_parse_test.go     |  47 ---
 pkg/utils/versions/looseversion.go            | 171 ----------
 pkg/utils/versions/looseversion_test.go       |  92 ------
 13 files changed, 23 insertions(+), 1018 deletions(-)
 delete mode 100644 cmd/kluctl/commands/cmd_check_image_updates.go
 delete mode 100644 pkg/utils/versions/latest_version.go
 delete mode 100644 pkg/utils/versions/latest_version_parse.go
 delete mode 100644 pkg/utils/versions/latest_version_parse_test.go
 delete mode 100644 pkg/utils/versions/looseversion.go
 delete mode 100644 pkg/utils/versions/looseversion_test.go

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 7d0364722..1c6fe4b79 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -10,8 +10,6 @@ import (
 type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
 	FixedImagesFile existingFileType `group:"images" help:"Use .yaml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
-	UpdateImages    bool             `group:"images" short:"u" help:"This causes kluctl to prefer the latest image found in registries, based on the 'latest_image' filters provided to 'images.get_image(...)' calls. Use this flag if you want to update to the latest versions/tags of all images. '-u' takes precedence over '--fixed-image/--fixed-images-file', meaning that the latest images are used even if an older image is given via fixed images."`
-	OfflineImages   bool             `group:"images" help:"DEPRECATED: Omit contacting image registries and do not query for latest image tags. This flag is by default set to true. At the same time, the whole requesting of image tags from registries functionality is deprecated and will be removed from kluctl in a future release." default:"true"`
 }
 
 func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
diff --git a/cmd/kluctl/commands/cmd_check_image_updates.go b/cmd/kluctl/commands/cmd_check_image_updates.go
deleted file mode 100644
index 782ed9868..000000000
--- a/cmd/kluctl/commands/cmd_check_image_updates.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package commands
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/registries"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
-	"regexp"
-	"sort"
-	"strings"
-	"sync"
-)
-
-type checkImageUpdatesCmd struct {
-	args.ProjectFlags
-	args.TargetFlags
-}
-
-func (cmd *checkImageUpdatesCmd) Help() string {
-	return `DEPRECATED: This is based on a best effort approach and might give many false-positives.`
-}
-
-func (cmd *checkImageUpdatesCmd) Run(ctx context.Context) error {
-	status.Deprecation(ctx, "check-image-updates", "check-image-updates is deprecated and will be removed in the next kluctl release.")
-	ptArgs := projectTargetCommandArgs{
-		projectFlags: cmd.ProjectFlags,
-		targetFlags:  cmd.TargetFlags,
-	}
-	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return runCheckImageUpdates(cmdCtx)
-	})
-}
-
-func runCheckImageUpdates(cmdCtx *commandCtx) error {
-	renderedImages := cmdCtx.targetCtx.DeploymentCollection.FindRenderedImages()
-
-	rh := registries.NewRegistryHelper(cmdCtx.ctx)
-
-	imageTags := make(map[string]interface{})
-	var mutex sync.Mutex
-	var wg sync.WaitGroup
-
-	for _, images := range renderedImages {
-		for _, image := range images {
-			s := strings.SplitN(image, ":", 2)
-			if len(s) == 1 {
-				continue
-			}
-			repo := s[0]
-			if _, ok := imageTags[repo]; !ok {
-				wg.Add(1)
-				go func() {
-					defer wg.Done()
-					tags, err := rh.ListImageTags(repo)
-					mutex.Lock()
-					defer mutex.Unlock()
-					if err != nil {
-						imageTags[repo] = err
-					} else {
-						imageTags[repo] = tags
-					}
-				}()
-			}
-		}
-	}
-	wg.Wait()
-
-	prefixPattern := regexp.MustCompile("^([a-zA-Z]+[a-zA-Z-_.]*)")
-	suffixPattern := regexp.MustCompile("([-][a-zA-Z]+[a-zA-Z-_.]*)$")
-
-	var table utils.PrettyTable
-	table.AddRow("Object", "Image", "Old", "New")
-
-	for ref, images := range renderedImages {
-		for _, image := range images {
-			s := strings.SplitN(image, ":", 2)
-			if len(s) == 1 {
-				status.Warning(cmdCtx.ctx, "%s: Ignoring image %s as it doesn't specify a tag", ref.String(), image)
-				continue
-			}
-			repo := s[0]
-			curTag := s[1]
-			repoTags, _ := imageTags[repo].([]string)
-			err, _ := imageTags[repo].(error)
-			if err != nil {
-				status.Warning(cmdCtx.ctx, "%s: Failed to list tags for %s. %v", ref.String(), repo, err)
-				continue
-			}
-
-			prefix := prefixPattern.FindString(curTag)
-			suffix := suffixPattern.FindString(curTag)
-			hasDot := strings.Index(curTag, ".") != -1
-
-			var filteredTags []string
-			for _, tag := range repoTags {
-				hasDot2 := strings.Index(tag, ".") != -1
-				if hasDot != hasDot2 {
-					continue
-				}
-				if prefix != "" && !strings.HasPrefix(tag, prefix) {
-					continue
-				}
-				if suffix != "" && !strings.HasSuffix(tag, suffix) {
-					continue
-				}
-				filteredTags = append(filteredTags, tag)
-			}
-			doKey := func(tag string) versions.LooseVersion {
-				if prefix != "" {
-					tag = tag[len(prefix):]
-				}
-				if suffix != "" {
-					tag = tag[:len(tag)-len(suffix)]
-				}
-				return versions.LooseVersion(tag)
-			}
-			sort.SliceStable(filteredTags, func(i, j int) bool {
-				a := doKey(filteredTags[i])
-				b := doKey(filteredTags[j])
-				return a.Less(b, true)
-			})
-			latestTag := filteredTags[len(filteredTags)-1]
-
-			if latestTag != curTag {
-				table.AddRow(ref.String(), repo, curTag, latestTag)
-			}
-		}
-	}
-
-	table.SortRows(1)
-	_, _ = getStdout(cmdCtx.ctx).WriteString(table.Render([]int{60}))
-	return nil
-}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 3736d00ad..4b949d272 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,7 +18,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/Masterminds/semver/v3"
 	flag "github.com/spf13/pflag"
 	"io"
 	"log"
@@ -55,20 +54,19 @@ type GlobalFlags struct {
 type cli struct {
 	GlobalFlags
 
-	CheckImageUpdates checkImageUpdatesCmd `cmd:"" help:"Render deployment and check if any images have new tags available"`
-	Delete            deleteCmd            `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
-	Deploy            deployCmd            `cmd:"" help:"Deploys a target to the corresponding cluster"`
-	Diff              diffCmd              `cmd:"" help:"Perform a diff between the locally rendered target and the already deployed target"`
-	HelmPull          helmPullCmd          `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pre-pulls the specified Helm charts"`
-	HelmUpdate        helmUpdateCmd        `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
-	ListImages        listImagesCmd        `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
-	ListTargets       listTargetsCmd       `cmd:"" help:"Outputs a yaml list with all targets"`
-	PokeImages        pokeImagesCmd        `cmd:"" help:"Replace all images in target"`
-	Prune             pruneCmd             `cmd:"" help:"Searches the target cluster for prunable objects and deletes them"`
-	Render            renderCmd            `cmd:"" help:"Renders all resources and configuration files"`
-	Seal              sealCmd              `cmd:"" help:"Seal secrets based on target's sealingConfig"`
-	Validate          validateCmd          `cmd:"" help:"Validates the already deployed deployment"`
-	Flux              fluxCmd              `cmd:"" help:"Flux sub-commands"`
+	Delete      deleteCmd      `cmd:"" help:"Delete a target (or parts of it) from the corresponding cluster"`
+	Deploy      deployCmd      `cmd:"" help:"Deploys a target to the corresponding cluster"`
+	Diff        diffCmd        `cmd:"" help:"Perform a diff between the locally rendered target and the already deployed target"`
+	HelmPull    helmPullCmd    `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and pre-pulls the specified Helm charts"`
+	HelmUpdate  helmUpdateCmd  `cmd:"" help:"Recursively searches for 'helm-chart.yaml' files and checks for new available versions"`
+	ListImages  listImagesCmd  `cmd:"" help:"Renders the target and outputs all images used via 'images.get_image(...)"`
+	ListTargets listTargetsCmd `cmd:"" help:"Outputs a yaml list with all targets"`
+	PokeImages  pokeImagesCmd  `cmd:"" help:"Replace all images in target"`
+	Prune       pruneCmd       `cmd:"" help:"Searches the target cluster for prunable objects and deletes them"`
+	Render      renderCmd      `cmd:"" help:"Renders all resources and configuration files"`
+	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
+	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
+	Flux        fluxCmd        `cmd:"" help:"Flux sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index b2807f72b..35fa12bab 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -15,7 +15,6 @@ import (
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -145,18 +144,7 @@ func withProjectCommandContext(ctx context.Context, args projectTargetCommandArg
 }
 
 func withProjectTargetCommandContext(ctx context.Context, args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(cmdCtx *commandCtx) error) error {
-	rh := registries.NewRegistryHelper(ctx)
-	err := rh.ParseAuthEntriesFromEnv()
-	if err != nil {
-		return fmt.Errorf("failed to parse registry auth from environment: %w", err)
-	}
-	if args.imageFlags.UpdateImages {
-		status.Deprecation(ctx, "update-images", "--update-images is deprecated and will be removed in the next kluctl release.")
-	}
-	if !args.imageFlags.OfflineImages {
-		status.Deprecation(ctx, "online-images", "--offline-images=false is deprecated and will be removed in the next kluctl release.")
-	}
-	images, err := deployment.NewImages(rh, args.imageFlags.UpdateImages, args.imageFlags.OfflineImages || args.forCompletion)
+	images, err := deployment.NewImages()
 	if err != nil {
 		return err
 	}
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index dbdf48621..2f2e85433 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -98,16 +98,6 @@ Image arguments:
                                          '--fixed-image=image<:namespace:deployment:container>=result'
       --fixed-images-file existingfile   Use .yaml file to pin image versions. See output of list-images
                                          sub-command or read the documentation for details about the output format
-      --offline-images                   DEPRECATED: Omit contacting image registries and do not query for latest
-                                         image tags. This flag is by default set to true. At the same time, the
-                                         whole requesting of image tags from registries functionality is
-                                         deprecated and will be removed from kluctl in a future release. (default true)
-  -u, --update-images                    This causes kluctl to prefer the latest image found in registries, based
-                                         on the 'latest_image' filters provided to 'images.get_image(...)' calls.
-                                         Use this flag if you want to update to the latest versions/tags of all
-                                         images. '-u' takes precedence over '--fixed-image/--fixed-images-file',
-                                         meaning that the latest images are used even if an older image is given
-                                         via fixed images.
 
 ```
 <!-- END SECTION -->
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 11112761a..b1af402d6 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -6,13 +6,10 @@ import (
 	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/registries"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/utils/versions"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"sort"
@@ -21,22 +18,13 @@ import (
 )
 
 type Images struct {
-	rh           *registries.RegistryHelper
-	updateImages bool
-	offline      bool
-	fixedImages  []types.FixedImage
-	seenImages   []types.FixedImage
-	mutex        sync.Mutex
-
-	registryCache utils.ThreadSafeMultiCache
+	fixedImages []types.FixedImage
+	seenImages  []types.FixedImage
+	mutex       sync.Mutex
 }
 
-func NewImages(rh *registries.RegistryHelper, updateImages bool, offline bool) (*Images, error) {
-	return &Images{
-		rh:           rh,
-		updateImages: updateImages,
-		offline:      offline,
-	}, nil
+func NewImages() (*Images, error) {
+	return &Images{}, nil
 }
 
 func (images *Images) AddFixedImage(fi types.FixedImage) {
@@ -124,44 +112,11 @@ func (images *Images) getFixedImage(image string, namespace string, deployment s
 	return nil, nil
 }
 
-func (images *Images) GetLatestImageFromRegistry(image string, latestVersion string) (*string, error) {
-	if images.offline {
-		return nil, nil
-	}
-
-	ret, err := images.registryCache.Get(image, "tag", func() (interface{}, error) {
-		return images.rh.ListImageTags(image)
-	})
-	if err != nil {
-		return nil, err
-	}
-	tags, _ := ret.([]string)
-
-	if len(tags) == 0 {
-		return nil, nil
-	}
-
-	lv, err := versions.ParseLatestVersion(latestVersion)
-	if err != nil {
-		return nil, err
-	}
-
-	tags = versions.Filter(lv, tags)
-	if len(tags) == 0 {
-		return nil, fmt.Errorf("no tag matched latest_version: %s", latestVersion)
-	}
-
-	latest := lv.Latest(tags)
-	result := fmt.Sprintf("%s:%s", image, latest)
-	return &result, nil
-}
-
 const beginPlaceholder = "XXXXXbegin_get_image_"
 const endPlaceholder = "_end_get_imageXXXXX"
 
 type placeHolder struct {
 	Image            string `yaml:"image"`
-	LatestVersion    string `yaml:"latestVersion"`
 	HasLatestVersion bool   `yaml:"hasLatestVersion"`
 
 	Container string
@@ -284,7 +239,7 @@ func (images *Images) ResolvePlaceholders(ctx context.Context, k *k8s.K8sCluster
 			return err
 		}
 		if resultImage == nil {
-			return fmt.Errorf("failed to find image for %s and latest version %s", ph.Image, ph.LatestVersion)
+			return fmt.Errorf("failed to find fixed image for %s", ph.Image)
 		}
 
 		ph.FieldValue = ph.FieldValue[:ph.StartOffset] + *resultImage + ph.FieldValue[ph.EndOffset:]
@@ -297,37 +252,22 @@ func (images *Images) ResolvePlaceholders(ctx context.Context, k *k8s.K8sCluster
 }
 
 func (images *Images) resolveImage(ctx context.Context, ph placeHolder, ref k8s2.ObjectRef, deployment string, deployed *string, deploymentDir string, tags []string, vars *uo.UnstructuredObject) (*string, error) {
-	fixed, err := images.getFixedImage(ph.Image, ref.Namespace, deployment, ph.Container, vars)
-	if err != nil {
-		return nil, err
-	}
-
 	if ph.HasLatestVersion {
-		status.Deprecation(ctx, "latest-version-filter", "latest_version is deprecated when using images.get_image() and will be removed in the next kluctl release.")
+		status.Deprecation(ctx, "latest-version-filter", "latest_version is deprecated when using images.get_image() and is completely ignored. Please remove usages of latest_version as it will fail to render in a future kluctl release.")
 	}
 
-	registry, err := images.GetLatestImageFromRegistry(ph.Image, ph.LatestVersion)
+	result, err := images.getFixedImage(ph.Image, ref.Namespace, deployment, ph.Container, vars)
 	if err != nil {
 		return nil, err
 	}
 
-	result := deployed
-	if result == nil || images.updateImages {
-		result = registry
-	}
-	if !images.updateImages && fixed != nil {
-		result = fixed
-	}
-
 	si := types.FixedImage{
 		Image:         ph.Image,
 		DeployedImage: deployed,
-		RegistryImage: registry,
 		Namespace:     &ref.Namespace,
 		Object:        &ref,
 		Deployment:    &deployment,
 		Container:     &ph.Container,
-		VersionFilter: &ph.LatestVersion,
 		DeployTags:    tags,
 		DeploymentDir: &deploymentDir,
 	}
diff --git a/pkg/kluctl_jinja2/ext/images_ext.py b/pkg/kluctl_jinja2/ext/images_ext.py
index ba523653a..0d0fd7ebd 100644
--- a/pkg/kluctl_jinja2/ext/images_ext.py
+++ b/pkg/kluctl_jinja2/ext/images_ext.py
@@ -13,13 +13,10 @@ def __init__(self, environment):
 
     def get_image_wrapper(self, image, latest_version=None):
         has_latest_version = False
-        if latest_version is None:
-            latest_version = "semver()"
-        else:
+        if latest_version is not None:
             has_latest_version = True
         placeholder = {
             "image": image,
-            "latestVersion": str(latest_version),
             "hasLatestVersion": has_latest_version,
         }
         j = json.dumps(placeholder)
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index 4f27a0cf6..7540757f6 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -9,12 +9,10 @@ type FixedImage struct {
 	Image         string         `yaml:"image" validate:"required"`
 	ResultImage   string         `yaml:"resultImage" validate:"required"`
 	DeployedImage *string        `yaml:"deployedImage,omitempty"`
-	RegistryImage *string        `yaml:"registryImage,omitempty"`
 	Namespace     *string        `yaml:"namespace,omitempty"`
 	Object        *k8s.ObjectRef `yaml:"object,omitempty"`
 	Deployment    *string        `yaml:"deployment,omitempty"`
 	Container     *string        `yaml:"container,omitempty"`
-	VersionFilter *string        `yaml:"versionFilter,omitempty"`
 	DeployTags    []string       `yaml:"deployTags,omitempty"`
 	DeploymentDir *string        `yaml:"deploymentDir,omitempty"`
 }
diff --git a/pkg/utils/versions/latest_version.go b/pkg/utils/versions/latest_version.go
deleted file mode 100644
index 24edbc5b2..000000000
--- a/pkg/utils/versions/latest_version.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package versions
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"regexp"
-	"strconv"
-)
-
-type LatestVersionFilter interface {
-	Match(version string) bool
-	Latest(versions []string) string
-	String() string
-}
-
-func Filter(lv LatestVersionFilter, versions []string) []string {
-	var filtered []string
-	for _, v := range versions {
-		if lv.Match(v) {
-			filtered = append(filtered, v)
-		}
-	}
-	return filtered
-}
-
-type regexVersionFilter struct {
-	patternStr string
-	pattern    *regexp.Regexp
-}
-
-func NewRegexVersionFilter(pattern string) (LatestVersionFilter, error) {
-	p, err := regexp.Compile(fmt.Sprintf("^%s$", pattern))
-	if err != nil {
-		return nil, err
-	}
-	return &regexVersionFilter{
-		patternStr: pattern,
-		pattern:    p,
-	}, nil
-}
-
-func NewRegexVersionFilterMust(pattern string) LatestVersionFilter {
-	ret, err := NewRegexVersionFilter(pattern)
-	if err != nil {
-		panic(err)
-	}
-	return ret
-}
-
-func (f *regexVersionFilter) Match(version string) bool {
-	return f.pattern.MatchString(version)
-}
-
-func (f *regexVersionFilter) Latest(versions []string) string {
-	c := SortLooseVersionStrings(versions)
-	return string(c[len(c)-1])
-}
-
-func (f *regexVersionFilter) String() string {
-	return fmt.Sprintf(`regex(pattern="%s")`, f.patternStr)
-}
-
-type looseSemVerVersionFilter struct {
-	allowNoNums bool
-}
-
-func NewLooseSemVerVersionFilter(allowNoNums bool) LatestVersionFilter {
-	return &looseSemVerVersionFilter{allowNoNums: allowNoNums}
-}
-
-func (f *looseSemVerVersionFilter) Match(version string) bool {
-	groups := looseSemverRegex.FindStringSubmatch(version)
-	if groups == nil {
-		return false
-	}
-	if !f.allowNoNums && groups[1] == "" {
-		return false
-	}
-	return true
-}
-
-func (f *looseSemVerVersionFilter) Latest(versions []string) string {
-	c := SortLooseVersionStrings(versions)
-	return string(c[len(c)-1])
-}
-
-func (f *looseSemVerVersionFilter) String() string {
-	return fmt.Sprintf(`semver(allow_no_nums=%s)`, strconv.FormatBool(f.allowNoNums))
-}
-
-type prefixVersionFilter struct {
-	prefix  string
-	suffix  LatestVersionFilter
-	pattern *regexp.Regexp
-}
-
-func NewPrefixVersionFilter(prefix string, suffix LatestVersionFilter) (LatestVersionFilter, error) {
-	if suffix == nil {
-		suffix = NewLooseSemVerVersionFilter(false)
-	}
-
-	p, err := regexp.Compile(fmt.Sprintf(`^%s(.*)$`, prefix))
-	if err != nil {
-		return nil, err
-	}
-	return &prefixVersionFilter{
-		prefix:  prefix,
-		suffix:  suffix,
-		pattern: p,
-	}, nil
-}
-
-func NewPrefixVersionFilterMust(prefix string, suffix LatestVersionFilter) LatestVersionFilter {
-	ret, err := NewPrefixVersionFilter(prefix, suffix)
-	if err != nil {
-		panic(err)
-	}
-	return ret
-}
-
-func (f *prefixVersionFilter) Match(version string) bool {
-	groups := f.pattern.FindStringSubmatch(version)
-	if groups == nil {
-		return false
-	}
-	return f.suffix.Match(groups[1])
-}
-
-func (f *prefixVersionFilter) Latest(versions []string) string {
-	var filteredVersions []string
-	var suffixVersions []string
-	for _, v := range versions {
-		groups := f.pattern.FindStringSubmatch(v)
-		if groups == nil {
-			continue
-		}
-		filteredVersions = append(filteredVersions, v)
-		suffixVersions = append(suffixVersions, groups[1])
-	}
-	latest := f.suffix.Latest(suffixVersions)
-	i := utils.FindStrInSlice(suffixVersions, latest)
-	return filteredVersions[i]
-}
-
-func (f *prefixVersionFilter) String() string {
-	return fmt.Sprintf(`prefix(prefix="%s", suffix=%s)`, f.prefix, f.suffix.String())
-}
-
-type numberVersionFilter struct {
-	LatestVersionFilter
-}
-
-func NewNumberVersionFilter() LatestVersionFilter {
-	f, _ := NewRegexVersionFilter("[0-9]+")
-	return &numberVersionFilter{f}
-}
-
-func (f *numberVersionFilter) String() string {
-	return "number()"
-}
diff --git a/pkg/utils/versions/latest_version_parse.go b/pkg/utils/versions/latest_version_parse.go
deleted file mode 100644
index 8317e46e6..000000000
--- a/pkg/utils/versions/latest_version_parse.go
+++ /dev/null
@@ -1,299 +0,0 @@
-package versions
-
-import (
-	"fmt"
-	scanner "github.com/kluctl/kluctl/v2/pkg/utils/python_scanner"
-	"strconv"
-	"strings"
-)
-
-type tokenAndText struct {
-	tok  rune
-	text string
-}
-
-type preparsed struct {
-	tokens  []tokenAndText
-	nextPos int
-}
-
-func (p *preparsed) CurToken() rune {
-	if p.nextPos > len(p.tokens) {
-		return scanner.EOF
-	}
-	return p.tokens[p.nextPos-1].tok
-}
-
-func (p *preparsed) CurTokenText() string {
-	if p.nextPos > len(p.tokens) {
-		panic("CurTokenText at EOF")
-	}
-	return p.tokens[p.nextPos-1].text
-}
-
-func (p *preparsed) Next() rune {
-	if p.nextPos > len(p.tokens) {
-		return scanner.EOF
-	}
-	p.nextPos += 1
-	return p.CurToken()
-}
-
-func (p *preparsed) Peek() rune {
-	return p.PeekN(0)
-}
-
-func (p *preparsed) PeekN(n int) rune {
-	if p.nextPos+n >= len(p.tokens) {
-		return scanner.EOF
-	}
-	return p.tokens[p.nextPos+n].tok
-}
-
-func ParseLatestVersion(str string) (LatestVersionFilter, error) {
-	var p preparsed
-	var s scanner.Scanner
-	s.Init(strings.NewReader(str))
-	s.Mode |= scanner.ScanIdents | scanner.ScanStrings
-
-	for true {
-		tok := s.Scan()
-		if tok == scanner.EOF {
-			break
-		}
-		p.tokens = append(p.tokens, tokenAndText{
-			tok:  tok,
-			text: s.TokenText(),
-		})
-	}
-
-	return parseFilter(&p)
-}
-
-func parseFilter(p *preparsed) (LatestVersionFilter, error) {
-	tok := p.Next()
-
-	if tok != scanner.Ident {
-		return nil, fmt.Errorf("unexpected token %v, expected ident", p.CurToken())
-	}
-	name := p.CurTokenText()
-
-	tok = p.Next()
-	if tok != '(' {
-		return nil, fmt.Errorf("unexpected token %v, expected (", tok)
-	}
-
-	var f LatestVersionFilter
-
-	var err error
-	switch name {
-	case "regex":
-		f, err = parseRegexFilter(p)
-	case "semver":
-		f, err = parseSemVerFilter(p)
-	case "prefix":
-		f, err = parsePrefixFilter(p)
-	case "number":
-		f, err = parseNumberFilter(p)
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	tok = p.Next()
-	if tok != ')' {
-		return nil, fmt.Errorf("unexpected token %v, expected (", tok)
-	}
-
-	return f, nil
-}
-
-func parseRegexFilter(p *preparsed) (LatestVersionFilter, error) {
-	args := []*arg{
-		{name: "pattern", tok: scanner.String, required: true},
-	}
-	err := parseArgs(p, args)
-	if err != nil {
-		return nil, err
-	}
-
-	if args[0].value == "" {
-		return nil, fmt.Errorf("pattern can't be empty")
-	}
-
-	return NewRegexVersionFilter(args[0].value.(string))
-}
-
-func parseSemVerFilter(p *preparsed) (LatestVersionFilter, error) {
-	args := []*arg{
-		{name: "allow_no_nums", tok: scanner.Ident, value: false, isBool: true},
-	}
-	err := parseArgs(p, args)
-	if err != nil {
-		return nil, err
-	}
-
-	return NewLooseSemVerVersionFilter(args[0].value.(bool)), nil
-}
-
-func parsePrefixFilter(p *preparsed) (LatestVersionFilter, error) {
-	args := []*arg{
-		{name: "prefix", tok: scanner.String, required: true},
-		{name: "suffix", tok: scanner.Ident, value: ""},
-	}
-	err := parseArgs(p, args)
-	if err != nil {
-		return nil, err
-	}
-
-	var suffix LatestVersionFilter
-	if args[1].found {
-		x, ok := args[1].value.(LatestVersionFilter)
-		if !ok {
-			return nil, fmt.Errorf("invalid suffix, must be a filter")
-		}
-		suffix = x
-	}
-
-	return NewPrefixVersionFilter(args[0].value.(string), suffix)
-}
-
-func parseNumberFilter(p *preparsed) (LatestVersionFilter, error) {
-	return NewNumberVersionFilter(), nil
-}
-
-type arg struct {
-	name     string
-	tok      rune
-	value    interface{}
-	required bool
-	isBool   bool
-
-	found bool
-}
-
-func parseArgs(p *preparsed, args []*arg) error {
-	var parsedArgs []arg
-	parsedKvArgs := make(map[string]arg)
-
-	for true {
-		var name string
-
-		if p.Peek() == ')' {
-			break
-		}
-		if len(parsedArgs)+len(parsedKvArgs) != 0 {
-			if tok := p.Next(); tok != ',' {
-				return fmt.Errorf("unexpected token %v, expected ')' or ','", tok)
-			}
-		}
-
-		a, err := parseArg(p)
-		if err != nil {
-			return err
-		}
-
-		if a.name == "" {
-			if len(parsedKvArgs) != 0 {
-				return fmt.Errorf("can't have unnamed args after named args")
-			}
-			parsedArgs = append(parsedArgs, *a)
-		} else {
-			if _, ok := parsedKvArgs[name]; ok {
-				return fmt.Errorf("duplicate named arg %s", name)
-			}
-			parsedKvArgs[a.name] = *a
-		}
-	}
-
-	if len(parsedArgs) > len(args) {
-		return fmt.Errorf("too many arguments")
-	}
-	for i, a := range parsedArgs {
-		if a.tok != args[i].tok {
-			return fmt.Errorf("unexpected argument type for %s, expected %v, got %v", a.name, args[i].tok, a.tok)
-		}
-		args[i].value = a.value
-		args[i].found = true
-	}
-
-	for k, v := range parsedKvArgs {
-		foundArg := false
-		for _, a := range args {
-			if k == a.name {
-				foundArg = true
-				if a.found {
-					return fmt.Errorf("named arg %s has already been provided via unnamed args", k)
-				}
-				a.value = v.value
-				a.found = true
-			}
-		}
-		if !foundArg {
-			return fmt.Errorf("unkown arg %s", k)
-		}
-	}
-
-	for _, a := range args {
-		if a.required && !a.found {
-			return fmt.Errorf("required arg %s not found", a.name)
-		}
-		if a.found && a.isBool {
-			if a.tok != scanner.Ident {
-				return fmt.Errorf("invalid value for arg %s, must be a bool", a.name)
-			}
-			b, err := strconv.ParseBool(a.value.(string))
-			if err != nil {
-				return fmt.Errorf("invalid value for arg %s, must be a bool", a.name)
-			}
-			a.value = b
-		}
-	}
-
-	return nil
-}
-
-func parseArg(p *preparsed) (*arg, error) {
-	parseValue := func() (rune, interface{}, error) {
-		if p.Peek() == scanner.Ident && p.PeekN(1) == '(' {
-			f, err := parseFilter(p)
-			return scanner.Ident, f, err
-		}
-		tok := p.Next()
-		if tok != scanner.String && tok != scanner.Ident && tok != scanner.Int {
-			return 'e', nil, fmt.Errorf("unexpected token %v, expected string, ident or int", tok)
-		}
-		value := p.CurTokenText()
-		if tok == scanner.String {
-			value = value[1 : len(value)-1]
-		}
-		return tok, value, nil
-	}
-
-	if p.Peek() == scanner.Ident && p.PeekN(1) == '=' {
-		p.Next() // consume ident
-		name := p.CurTokenText()
-		p.Next() // consume '='
-
-		valueTok, value, err := parseValue()
-		if err != nil {
-			return nil, err
-		}
-		a := arg{
-			name:  name,
-			tok:   valueTok,
-			value: value,
-		}
-		return &a, nil
-	}
-
-	valueTok, value, err := parseValue()
-	if err != nil {
-		return nil, err
-	}
-	a := arg{
-		tok:   valueTok,
-		value: value,
-	}
-	return &a, nil
-}
diff --git a/pkg/utils/versions/latest_version_parse_test.go b/pkg/utils/versions/latest_version_parse_test.go
deleted file mode 100644
index 31ba9c483..000000000
--- a/pkg/utils/versions/latest_version_parse_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package versions
-
-import (
-	"fmt"
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-
-func TestParse(t *testing.T) {
-
-	type testCase struct {
-		s              string
-		expectedFilter LatestVersionFilter
-		expectedErr    error
-	}
-
-	testCases := []testCase{
-		{s: "regex('a*')", expectedFilter: NewRegexVersionFilterMust("a*")},
-		{s: "regex(\"a*\")", expectedFilter: NewRegexVersionFilterMust("a*")},
-		{s: "regex(a*\")", expectedErr: fmt.Errorf("unexpected token 42, expected ')' or ','")},
-		{s: "semver()", expectedFilter: NewLooseSemVerVersionFilter(false)},
-		{s: "semver(allow_no_nums)", expectedErr: fmt.Errorf("invalid value for arg allow_no_nums, must be a bool")},
-		{s: "semver(allow_no_nums=false)", expectedFilter: NewLooseSemVerVersionFilter(false)},
-		{s: "semver(allow_no_nums=true)", expectedFilter: NewLooseSemVerVersionFilter(true)},
-		{s: "prefix('')", expectedFilter: NewPrefixVersionFilterMust("", NewLooseSemVerVersionFilter(false))},
-		{s: "prefix('a')", expectedFilter: NewPrefixVersionFilterMust("a", NewLooseSemVerVersionFilter(false))},
-		{s: "prefix('a', 'b')", expectedErr: fmt.Errorf("unexpected argument type for , expected -2, got -6")},
-		{s: "prefix('a', regex('a*'))", expectedFilter: NewPrefixVersionFilterMust("a", NewRegexVersionFilterMust("a*"))},
-		{s: "prefix('a', suffi=regex('a*'))", expectedErr: fmt.Errorf("unkown arg suffi")},
-		{s: "prefix('a', suffix=regex('a*'))", expectedFilter: NewPrefixVersionFilterMust("a", NewRegexVersionFilterMust("a*"))},
-		{s: "number()", expectedFilter: NewNumberVersionFilter()},
-		{s: "number(a=1)", expectedErr: fmt.Errorf("unexpected token -2, expected (")},
-	}
-
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.s, func(t *testing.T) {
-			f, err := ParseLatestVersion(tc.s)
-			assert.Equal(t, tc.expectedFilter, f)
-			if tc.expectedErr != nil {
-				assert.Error(t, err, tc.expectedErr)
-			} else if err != nil {
-				assert.Fail(t, "unexpected error", err)
-			}
-		})
-	}
-}
diff --git a/pkg/utils/versions/looseversion.go b/pkg/utils/versions/looseversion.go
deleted file mode 100644
index 0c6bbf529..000000000
--- a/pkg/utils/versions/looseversion.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package versions
-
-import (
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
-)
-
-var looseSemverRegex = regexp.MustCompile(`^v?(([0-9]+)(\.[0-9]+)*)?(.*)$`)
-var suffixComponentRegex = regexp.MustCompile(`\d+|[a-zA-Z]+|\.`)
-
-// Allows to compare ints and strings. Strings are always considered less than ints.
-type LooseVersionSuffixElement struct {
-	v interface{}
-}
-
-func (x LooseVersionSuffixElement) Less(b LooseVersionSuffixElement) bool {
-	ia, iaOk := x.v.(int64)
-	ib, ibOk := b.v.(int64)
-	sa, _ := x.v.(string)
-	sb, _ := b.v.(string)
-	if ibOk == iaOk {
-		if iaOk {
-			return ia < ib
-		} else {
-			return sa < sb
-		}
-	}
-	if iaOk {
-		return false
-	}
-	return true
-}
-
-type LooseVersion string
-
-func (lv LooseVersion) SplitVersion() ([]int, string) {
-	m := looseSemverRegex.FindStringSubmatch(string(lv))
-	numsStr := m[1]
-	suffix := m[4]
-
-	var nums []int
-	for _, x := range strings.Split(numsStr, ".") {
-		i, _ := strconv.ParseInt(x, 10, 32)
-		nums = append(nums, int(i))
-	}
-	return nums, suffix
-}
-
-func regexSplitLikePython(s string, re *regexp.Regexp) []string {
-	ret := []string{s}
-	indexes := re.FindAllStringIndex(s, -1)
-	start := 0
-	for _, se := range indexes {
-		m := s[start:se[0]]
-		if len(m) != 0 {
-			ret = append(ret, m)
-		}
-		m = s[se[0]:se[1]]
-		if len(m) != 0 {
-			ret = append(ret, m)
-		}
-		start = se[1]
-	}
-	if start < len(s) {
-		ret = append(ret, s[start:])
-	}
-	return ret
-}
-
-func splitSuffix(suffix string) []LooseVersionSuffixElement {
-	var components []LooseVersionSuffixElement
-	for i, x := range regexSplitLikePython(suffix, suffixComponentRegex) {
-		if i == 0 {
-			continue
-		}
-		if x != "." {
-			y, err := strconv.ParseInt(x, 10, 32)
-			if err == nil {
-				components = append(components, LooseVersionSuffixElement{v: y})
-			} else {
-				components = append(components, LooseVersionSuffixElement{v: x})
-			}
-		}
-	}
-	return components
-}
-
-func (lv LooseVersion) Less(b LooseVersion, preferLongSuffix bool) bool {
-	aNums, aSuffixStr := lv.SplitVersion()
-	bNums, bSuffixStr := b.SplitVersion()
-
-	cmp := func(a []int, b []int) bool {
-		l := utils.IntMin(len(a), len(b))
-		for i := 0; i < l; i++ {
-			if a[i] < b[i] {
-				return true
-			}
-			if b[i] < a[i] {
-				return false
-			}
-		}
-		if len(a) < len(b) {
-			return true
-		}
-		return false
-	}
-
-	if cmp(aNums, bNums) {
-		return true
-	}
-	if cmp(bNums, aNums) {
-		return false
-	}
-	if len(aSuffixStr) == 0 && len(bSuffixStr) != 0 {
-		return false
-	} else if len(aSuffixStr) != 0 && len(bSuffixStr) == 0 {
-		return true
-	}
-
-	aSuffix := splitSuffix(aSuffixStr)
-	bSuffix := splitSuffix(bSuffixStr)
-	l := utils.IntMin(len(aSuffix), len(bSuffix))
-
-	for i := 0; i < l; i++ {
-		if aSuffix[i].Less(bSuffix[i]) {
-			return true
-		} else if bSuffix[i].Less(aSuffix[i]) {
-			return false
-		}
-	}
-
-	if preferLongSuffix {
-		if len(aSuffix) < len(bSuffix) {
-			return true
-		}
-	} else {
-		if len(bSuffix) < len(aSuffix) {
-			return true
-		}
-	}
-	return false
-}
-
-func (lv LooseVersion) Compare(b LooseVersion) int {
-	if lv.Less(b, true) {
-		return -1
-	} else if b.Less(lv, true) {
-		return 1
-	}
-	return 0
-}
-
-type LooseVersionSlice []LooseVersion
-
-func (x LooseVersionSlice) Less(i, j int) bool {
-	return x[i].Less(x[j], true)
-}
-func (x LooseVersionSlice) Len() int      { return len(x) }
-func (x LooseVersionSlice) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
-
-func SortLooseVersionStrings(versions []string) LooseVersionSlice {
-	var c LooseVersionSlice
-	for _, v := range versions {
-		c = append(c, LooseVersion(v))
-	}
-	sort.Stable(c)
-	return c
-}
diff --git a/pkg/utils/versions/looseversion_test.go b/pkg/utils/versions/looseversion_test.go
deleted file mode 100644
index b25520f8d..000000000
--- a/pkg/utils/versions/looseversion_test.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package versions
-
-import (
-	"testing"
-)
-
-func checkEqual(t *testing.T, a_ string, b_ string) {
-	a := LooseVersion(a_)
-	b := LooseVersion(b_)
-	if a.Less(b, true) {
-		t.Errorf("%s < %s should be false", a, b)
-	}
-	if b.Less(a, true) {
-		t.Errorf("%s > %s should be false", b, a)
-	}
-	if a.Compare(b) != 0 {
-		t.Errorf("%s == %s should be true", a, b)
-	}
-}
-
-func checkLess(t *testing.T, a_ string, b_ string) {
-	a := LooseVersion(a_)
-	b := LooseVersion(b_)
-	if !a.Less(b, true) {
-		t.Errorf("%s < %s should be true", a, b)
-	}
-	if b.Less(a, true) {
-		t.Errorf("%s < %s should be false", b, a)
-	}
-	if a.Compare(b) != -1 {
-		t.Errorf("%s.Compare(%s) should be -1", a, b)
-	}
-	if b.Compare(a) != 1 {
-		t.Errorf("%s.Compare(%s) should be 1", b, a)
-	}
-}
-
-func TestEquality(t *testing.T) {
-	checkEqual(t, "1", "1")
-	checkEqual(t, "1.1", "1.1")
-	checkEqual(t, "1.1a", "1.1a")
-	checkEqual(t, "1.1-a", "1.1-a")
-	checkEqual(t, "1.a-1", "1.a-1")
-}
-
-func TestLess(t *testing.T) {
-	checkLess(t, "1", "2")
-	checkLess(t, "1", "1.1")
-	checkLess(t, "1.1a", "1.1")
-	checkLess(t, "1.1-a", "1.1")
-	checkLess(t, "1.1a", "1.1b")
-	checkLess(t, "1.1-a", "1.1-b")
-	checkLess(t, "1.a-1", "1.a-2")
-}
-
-func TestMavenVersions(t *testing.T) {
-	checkLess(t, "1.1-SNAPSHOT", "1.1")
-	checkLess(t, "1", "1.1")
-	checkLess(t, "1-SNAPSHOT", "1.1")
-	checkLess(t, "1.1", "1.1.1-SNAPSHOT")
-	checkLess(t, "1.1-SNAPSHOT", "1.1.1-SNAPSHOT")
-}
-
-func TestSuffixes(t *testing.T) {
-	checkLess(t, "1.1-1", "1.1-2")
-	checkLess(t, "1.1-suffix-1", "1.1-suffix-2")
-	checkLess(t, "1.1-suffix-2", "1.1-suffix-10")
-	checkLess(t, "1.1-suffix-2", "1.1-suffiy-1")
-	checkLess(t, "1.1-1-1", "1.1-2-1")
-	checkLess(t, "1.1-2-1", "1.1-2-2")
-	checkLess(t, "1.1-2-1", "1.1-100-2")
-	checkLess(t, "1.1-2-1", "1.1")
-	checkLess(t, "1.1-2", "1.1-2-1")
-	checkLess(t, "1.1-a-1", "1.1-1-1")
-}
-
-func TestLooseVersionNoNums(t *testing.T) {
-	checkLess(t, "-snapshot1", "-snapshot2")
-	checkLess(t, "-1", "-2")
-	checkLess(t, "-1.1", "-1.2")
-}
-
-func TestLooseVersionVPrefix(t *testing.T) {
-	checkLess(t, "v1.0", "v1.1")
-	checkLess(t, "v2.0", "v2.1")
-	checkLess(t, "v1.0", "v2.0")
-	checkLess(t, "1.0", "v2.0")
-	checkLess(t, "v1.0suffix", "v1.0")
-	checkLess(t, "v1.0-suffix", "v1.0")
-	checkLess(t, "v1.0suffix1", "v1.0suffix2")
-	checkLess(t, "v1.0-suffix1", "v1.0-suffix2")
-}

From 6f015cc99b5083ae38899b2762759e4d7d5ccb6a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Feb 2023 10:37:14 +0100
Subject: [PATCH 0794/2268] feat: Remove deprecated support of args in
 deployment.yaml

---
 e2e/args_test.go                     | 23 +++++------------
 pkg/deployment/deployment_project.go |  3 ---
 pkg/deployment/external_args.go      | 37 ----------------------------
 pkg/kluctl_project/target_context.go |  9 -------
 pkg/types/deployment.go              |  1 -
 5 files changed, 6 insertions(+), 67 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index d754bf3f6..5f689f624 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-func testArgs(t *testing.T, deprecated bool) {
+func testArgs(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -36,17 +36,10 @@ func testArgs(t *testing.T, deprecated bool) {
 		},
 	}
 
-	if deprecated {
-		p.UpdateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
-			_ = o.SetNestedField(args, "args")
-			return nil
-		})
-	} else {
-		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
-			_ = o.SetNestedField(args, "args")
-			return nil
-		})
-	}
+	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(args, "args")
+		return nil
+	})
 
 	addConfigMapDeployment(p, "cm", map[string]string{
 		"a": `{{ args.a | default("na") }}`,
@@ -119,12 +112,8 @@ d:
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d4"}}`, "data", "d")
 }
 
-func TestDeprecatedArgs(t *testing.T) {
-	testArgs(t, true)
-}
-
 func TestArgs(t *testing.T) {
-	testArgs(t, false)
+	testArgs(t)
 }
 
 func TestArgsFromEnv(t *testing.T) {
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 3431c0a74..8264170d2 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -136,9 +136,6 @@ func (p *DeploymentProject) processConfig() error {
 		return err
 	}
 
-	if len(p.Config.Args) != 0 && p.parentProject != nil {
-		return fmt.Errorf("only the root deployment.yml can define args")
-	}
 	return nil
 }
 
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index c7f0aefcc..e041ebdfb 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -1,15 +1,11 @@
 package deployment
 
 import (
-	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
-	"path/filepath"
 	"regexp"
 	"strings"
 )
@@ -58,39 +54,6 @@ func ConvertArgsToVars(args map[string]string, allowLoadFromFiles bool) (*uo.Uns
 	return vars, nil
 }
 
-func LoadDeprecatedDeploymentArgs(ctx context.Context, dir string, varsCtx *vars.VarsCtx, deployArgs *uo.UnstructuredObject) (bool, error) {
-	// First try to load the config without templating to avoid getting errors while rendering because required
-	// args were not set. Otherwise we won't be able to iterator through the 'args' array in the deployment.yml
-	// when the rendering error is actually args related.
-
-	if !yaml.Exists(filepath.Join(dir, "deployment.yml")) {
-		return false, nil
-	}
-
-	var conf types.DeploymentProjectConfig
-
-	err := yaml.ReadYamlFile(yaml.FixPathExt(filepath.Join(dir, "deployment.yml")), &conf)
-	if err != nil {
-		// If that failed, it might be that conditional jinja blocks are present in the config, so lets try loading
-		// the config in rendered form. If it fails due to missing args now, we can't help much with better error
-		// messages anymore.
-		varsCtx2 := varsCtx.Copy()
-		varsCtx2.UpdateChild("args", deployArgs)
-		err = varsCtx2.RenderYamlFile(yaml.FixNameExt(dir, "deployment.yml"), []string{dir}, &conf)
-		if err != nil {
-			return false, err
-		}
-	}
-
-	if len(conf.Args) == 0 {
-		return false, nil
-	}
-
-	status.Deprecation(ctx, "deployment-args", "'args' in deployment.yaml is deprecated, please use 'args' from .kluctl.yaml instead.")
-
-	return true, LoadDefaultArgs(conf.Args, deployArgs)
-}
-
 func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObject) error {
 	// load defaults
 	defaults := uo.New()
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 4985784be..15df07449 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -202,15 +202,6 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, forSeal bool) (*va
 		return nil, err
 	}
 
-	deprecatedArgs, err := deployment.LoadDeprecatedDeploymentArgs(p.ctx, p.ProjectDir, varsCtx, allArgs)
-	if err != nil {
-		return nil, err
-	}
-
-	if deprecatedArgs && len(p.Config.Args) != 0 {
-		return nil, fmt.Errorf("mixing deprecated 'args' from deployment.yaml and .kluctl.yaml is not allowed")
-	}
-
 	varsCtx.UpdateChild("args", allArgs)
 
 	return varsCtx, nil
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index f792971bd..df656745c 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -85,7 +85,6 @@ type IgnoreForDiffItemConfig struct {
 }
 
 type DeploymentProjectConfig struct {
-	Args          []*DeploymentArg     `yaml:"args,omitempty"`
 	Vars          []*VarsSource        `yaml:"vars,omitempty"`
 	SealedSecrets *SealedSecretsConfig `yaml:"sealedSecrets,omitempty"`
 

From 947c4e60e9478454e20c02662746871678b68f42 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Feb 2023 10:47:06 +0100
Subject: [PATCH 0795/2268] feat: Remove deprecated helm chart location support

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 17 -----------------
 cmd/kluctl/commands/cmd_helm_update.go | 12 ------------
 pkg/helm/helm_release.go               | 11 -----------
 3 files changed, 40 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 7bfc1f42a..f13160c75 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -47,23 +47,6 @@ func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.He
 		return actions, err
 	}
 
-	for _, hr := range releases {
-		if utils.Exists(hr.GetDeprecatedChartDir()) {
-			actions++
-			rel, err := filepath.Rel(projectDir, hr.GetDeprecatedChartDir())
-			if err != nil {
-				return actions, err
-			}
-			if !dryRun {
-				status.Info(ctx, "Removing deprecated charts dir %s", rel)
-				err = os.RemoveAll(hr.GetDeprecatedChartDir())
-				if err != nil {
-					return actions, err
-				}
-			}
-		}
-	}
-
 	g := utils.NewGoHelper(ctx, 8)
 
 	for _, chart := range charts {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index d079ec1b8..82ce4c2f8 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -78,18 +78,6 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	for _, hr := range releases {
-		if utils.Exists(hr.GetDeprecatedChartDir()) {
-			relDir, err := filepath.Rel(projectDir, filepath.Dir(hr.ConfigFile))
-			if err != nil {
-				return err
-			}
-			status.Error(ctx, "%s: Project is using a pre-pulled Helm Chart that is next to the helm-chart.yaml, which is deprecated. "+
-				"Updating is only possible after removing these. Use 'kluctl helm-pull' to remove all deprecated chart folders.", relDir)
-			return fmt.Errorf("detected deprecated chart folder")
-		}
-	}
-
 	if cmd.Commit {
 		actions, err := doHelmPull(ctx, projectDir, &cmd.HelmCredentials, true, false)
 		if err != nil {
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 5b21b2215..26fc8ee08 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -107,11 +107,6 @@ func (hr *Release) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion str
 	return nil
 }
 
-func (hr *Release) GetDeprecatedChartDir() string {
-	dir := filepath.Dir(hr.ConfigFile)
-	return filepath.Join(dir, "charts", hr.Chart.GetChartName())
-}
-
 func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 	if hr.Chart.IsLocalChart() {
 		version, err := hr.Chart.GetLocalChartVersion()
@@ -121,12 +116,6 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
 	}
 
-	deprecatedPC := NewPulledChart(hr.Chart, hr.Config.ChartVersion, hr.GetDeprecatedChartDir(), false)
-	if deprecatedPC.CheckExists() {
-		status.Deprecation(ctx, "helm-charts-dir", "Your project has pre-pulled charts located next to the helm-chart.yaml, which is deprecated. "+
-			"Please run 'kluctl helm-pull' on your project and ensure that the deprecated charts are removed! Future versions of kluctl will ignore these locations.")
-		return deprecatedPC, nil
-	}
 	pc, err := hr.Chart.GetPulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
 	if err != nil {
 		return nil, err

From 7eb4028b724df7de78aa1003dbb28d66cd3a6da2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 13 Feb 2023 11:51:55 +0100
Subject: [PATCH 0796/2268] refactor: Remove unused dynamicTargetInfo struct

---
 pkg/kluctl_project/targets.go | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 5a7ceb06d..cdc3b6d84 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -7,15 +7,6 @@ import (
 	"sort"
 )
 
-type dynamicTargetInfo struct {
-	baseTarget    *types.Target
-	dir           string
-	gitProject    *types.GitProject
-	ref           *string
-	refPattern    *string
-	defaultBranch string
-}
-
 func (c *LoadedKluctlProject) loadTargets() error {
 	status.Trace(c.ctx, "Loading targets")
 	defer status.Trace(c.ctx, "Done loading targets")

From 2523d39bc97045752e78d8b2924bd28ec5e30388 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 14:09:21 +0100
Subject: [PATCH 0797/2268] chore(deps): Bump golang.org/x/net from 0.6.0 to
 0.7.0 (#317)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eeb038245..af0c71f63 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,7 @@ require (
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.6.0
-	golang.org/x/net v0.6.0
+	golang.org/x/net v0.7.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.5.0
 	golang.org/x/term v0.5.0
diff --git a/go.sum b/go.sum
index a529767df..10888f833 100644
--- a/go.sum
+++ b/go.sum
@@ -920,8 +920,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 31d87eb8dc364af9b10328b907973888526f2fc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 08:35:01 +0100
Subject: [PATCH 0798/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#318)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.18.3 to 1.18.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.3...config/v1.18.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index af0c71f63..fa7f3bed3 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.4
 	github.com/aws/aws-sdk-go-v2/config v1.18.12
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4
 	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/go.sum b/go.sum
index 10888f833..5a8ed71b4 100644
--- a/go.sum
+++ b/go.sum
@@ -132,8 +132,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFu
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3 h1:Zod/h9QcDvbrrG3jjTUp4lctRb6Qg2nj7ARC/xMsUc4=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4 h1:0P9VF9miVGT40WSZSuMzHwkwTVIltpDrTrvswMLjbx0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8=

From aeb437a46f89a8d268cb299c0dd15231801b64ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 08:35:27 +0100
Subject: [PATCH 0799/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#319)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.19.4 to 0.19.5.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.19.4...v0.19.5)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index fa7f3bed3..860ee3b02 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.19.4
+	github.com/bitnami-labs/sealed-secrets v0.19.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
@@ -225,7 +225,7 @@ require (
 	golang.org/x/mod v0.7.0 // indirect
 	golang.org/x/oauth2 v0.3.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.4.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 5a8ed71b4..833bc336c 100644
--- a/go.sum
+++ b/go.sum
@@ -148,8 +148,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.19.4 h1:TUad0o/mNp2D53lHMGzjdsdrx+yrHy/fyuEIAbFqj+U=
-github.com/bitnami-labs/sealed-secrets v0.19.4/go.mod h1:rXBdWOdAPbuowgFphH8bcCB3jSVlYXg9mMWRcYY49dc=
+github.com/bitnami-labs/sealed-secrets v0.19.5 h1:Llrs8bm5MdJEoPIQo0xZOHu/2i+Ry8N5bQFpc48UZYc=
+github.com/bitnami-labs/sealed-secrets v0.19.5/go.mod h1:IC5f2r0c8mxjx8nHs+du+gBso2Wsbdb2lcTwVmOOu2Y=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -627,7 +627,7 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
 github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow=
+github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
 github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
 github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -1099,8 +1099,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.4.0 h1:7mTAgkunk3fr4GAloyyCasadO6h9zSsQZbwvcaIciV4=
-golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From a96783669ed32362491757ebbb247bbce0ae4faa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 08:35:50 +0100
Subject: [PATCH 0800/2268] chore(deps): Bump github.com/fluxcd/pkg/kustomize
 from 0.13.0 to 0.13.1 (#320)

Bumps [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) from 0.13.0 to 0.13.1.
- [Release notes](https://github.com/fluxcd/pkg/releases)
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.13.0...runtime/v0.13.1)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 20 ++++++++------------
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index 860ee3b02..45d3955b7 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
 	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
-	github.com/fluxcd/pkg/kustomize v0.13.0
+	github.com/fluxcd/pkg/kustomize v0.13.1
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.4.3
@@ -133,8 +133,8 @@ require (
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
@@ -240,7 +240,7 @@ require (
 	k8s.io/apiserver v0.26.1 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
 	k8s.io/component-base v0.26.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect
+	k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	oras.land/oras-go v1.2.2 // indirect
diff --git a/go.sum b/go.sum
index 833bc336c..e49b58b96 100644
--- a/go.sum
+++ b/go.sum
@@ -248,8 +248,8 @@ github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0 h1:A6aLolxPV2Sll44SOHiX96lbXXmRZmS5BoEerkRHrfM=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJkswhYIaufXla4tB5Y84=
-github.com/fluxcd/pkg/kustomize v0.13.0 h1:oC50lpGdz/04aH4dPS/kRBjo+7PUx7BgGsJtSS0CmmE=
-github.com/fluxcd/pkg/kustomize v0.13.0/go.mod h1:6vAmxEe/41jBEspGq4OZA/4WlnszPyavm74TGSEVpXg=
+github.com/fluxcd/pkg/kustomize v0.13.1 h1:xfDghn/kRaa5vYN64dLTAL1b1B1tDwcXlnOAqmz5W28=
+github.com/fluxcd/pkg/kustomize v0.13.1/go.mod h1:W+Nm9P8yUhTb8n3hpvceUnCAjl6DFsU0k5yI+HT2NE8=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -283,12 +283,10 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
+github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -544,8 +542,6 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
@@ -1281,8 +1277,8 @@ k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4=
 k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU=
 k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=
 k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s=
-k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
+k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 h1:8cNCQs+WqqnSpZ7y0LMQPKD+RZUHU17VqLPMW3qxnxc=
+k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
 k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=

From 1d1dc496bace5fda7d51e86310d9ff9cfaca333a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 16 Feb 2023 08:36:44 +0100
Subject: [PATCH 0801/2268] feat: Remove dynamicArgs from target spec

---
 pkg/types/kluctl_project.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 840542dd6..e00908085 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -4,10 +4,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
-type DynamicArg struct {
-	Name string `yaml:"name" validate:"required"`
-}
-
 type SealingConfig struct {
 	Args       *uo.UnstructuredObject `yaml:"args,omitempty"`
 	SecretSets []string               `yaml:"secretSets,omitempty"`
@@ -18,7 +14,6 @@ type Target struct {
 	Name          string                 `yaml:"name" validate:"required"`
 	Context       *string                `yaml:"context,omitempty"`
 	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
-	DynamicArgs   []DynamicArg           `yaml:"dynamicArgs,omitempty"`
 	SealingConfig *SealingConfig         `yaml:"sealingConfig,omitempty"`
 	Images        []FixedImage           `yaml:"images,omitempty"`
 	Discriminator string                 `yaml:"discriminator,omitempty"`

From af17374463caf2eafcc91e43bef8230ccb0481ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 16 Feb 2023 08:37:02 +0100
Subject: [PATCH 0802/2268] fix: Fix warning message to not talk about dynamic
 targets

---
 pkg/kluctl_project/targets.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index cdc3b6d84..a9a8b714d 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -17,7 +17,7 @@ func (c *LoadedKluctlProject) loadTargets() error {
 	for _, configTarget := range c.Config.Targets {
 		target, err := c.buildTarget(configTarget)
 		if err != nil {
-			status.Warning(c.ctx, "Failed to load dynamic target config for project: %v", err)
+			status.Warning(c.ctx, "Failed to load target config for project: %v", err)
 			continue
 		}
 

From 3f60190c98392ff96b1fdf4fd841fc207ddd0c31 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Feb 2023 09:07:27 +0100
Subject: [PATCH 0803/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#321)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.12 to 1.18.13.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.12...config/v1.18.13)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 45d3955b7..e53d1ad16 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.4
-	github.com/aws/aws-sdk-go-v2/config v1.18.12
+	github.com/aws/aws-sdk-go-v2/config v1.18.13
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4
 	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-logr/logr v1.2.3
@@ -94,15 +94,15 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.13 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
diff --git a/go.sum b/go.sum
index e49b58b96..f411a6e42 100644
--- a/go.sum
+++ b/go.sum
@@ -114,10 +114,10 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY=
 github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw=
-github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.12 h1:Cb+HhuEnV19zHRaYYVglwvdHGMJWbdsyP4oHhw04xws=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA=
+github.com/aws/aws-sdk-go-v2/config v1.18.13 h1:v0xlYqbO6/EVlM8tUn2QEOA7btQxcgidEq2JRDBPTho=
+github.com/aws/aws-sdk-go-v2/config v1.18.13/go.mod h1:r39wGSZB7wPDW1i54JyQXUpc5KsWjh5z/3S5D9eCqDg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.13 h1:zw1KAc1kl00NYd3ofVmFrb09qnYlSQMeh+fmlQRAihI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.13/go.mod h1:DW9nbIIF9MrIja0cBQrUpeWYQMSlNmP8fevLUyF9W38=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -134,10 +134,10 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3f
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4 h1:0P9VF9miVGT40WSZSuMzHwkwTVIltpDrTrvswMLjbx0=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.2 h1:EN102fWY7hI5u/2FPheTrwwMHkSXfl49RYkeEnJsrCU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.2/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2 h1:f1lmlce7r13CX1BPyPqt9oh/H+uqOWc9367lDoGGwNQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k=
 github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw=
 github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From b1a63589e639211c8b15b02a91c72ba61fd41ed7 Mon Sep 17 00:00:00 2001
From: Jochen Saalfeld <jsaalfeld@users.noreply.github.com>
Date: Thu, 16 Feb 2023 09:08:49 +0100
Subject: [PATCH 0804/2268] fix typo in .kluctl.yaml example reference for dev
 env (#322)

---
 docs/reference/kluctl-project/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index c42783829..3eae53d7f 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -24,7 +24,7 @@ discriminator: "my-project-{{ target.name }}"
 targets:
   # test cluster, dev env
   - name: dev
-    context: test.example.com
+    context: dev.example.com
     args:
       environment_name: dev
   # test cluster, test env

From 5b41ff888cff84fc1821b03af2d7d2d4fc4f9bef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 17 Feb 2023 09:03:24 +0100
Subject: [PATCH 0805/2268] chore(deps): Bump github.com/onsi/gomega from
 1.26.0 to 1.27.0 (#323)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index e53d1ad16..a47d9e838 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.26.0
+	github.com/onsi/gomega v1.27.0
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.4
diff --git a/go.sum b/go.sum
index f411a6e42..70544ce08 100644
--- a/go.sum
+++ b/go.sum
@@ -623,9 +623,9 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
 github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
-github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
-github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
+github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU=
+github.com/onsi/gomega v1.27.0 h1:QLidEla4bXUuZVFa4KX6JHCsuGgbi85LC/pCHrt/O08=
+github.com/onsi/gomega v1.27.0/go.mod h1:i189pavgK95OSIipFBa74gC2V4qrQuvjuyGEr3GmbXA=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

From 899bb32cece2cdcff8b7434fe973a8c3d9a3b617 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Feb 2023 08:42:36 +0100
Subject: [PATCH 0806/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.0 to 1.27.1 (#327)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.0 to 1.27.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.0...v1.27.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a47d9e838..3c7f6235c 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.0
+	github.com/onsi/gomega v1.27.1
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.4
diff --git a/go.sum b/go.sum
index 70544ce08..4ed1c2dd8 100644
--- a/go.sum
+++ b/go.sum
@@ -624,8 +624,8 @@ github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
 github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU=
-github.com/onsi/gomega v1.27.0 h1:QLidEla4bXUuZVFa4KX6JHCsuGgbi85LC/pCHrt/O08=
-github.com/onsi/gomega v1.27.0/go.mod h1:i189pavgK95OSIipFBa74gC2V4qrQuvjuyGEr3GmbXA=
+github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=
+github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

From 8be6ec2c0913f3702ff090ea6dde9726dc635a98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Feb 2023 08:42:52 +0100
Subject: [PATCH 0807/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.17.4 to 1.17.5 (#329)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.17.4 to 1.17.5.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.17.4...v1.17.5)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3c7f6235c..db964bf66 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.17.4
+	github.com/ohler55/ojg v1.17.5
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index 4ed1c2dd8..f3ee51966 100644
--- a/go.sum
+++ b/go.sum
@@ -620,8 +620,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.17.4 h1:6Ss87DyAZHU0ODZu6Cmuahj5UiVaRD1n8C4KNm0qMYg=
-github.com/ohler55/ojg v1.17.4/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
+github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU=
 github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=

From bebde018f5c0b2c3d525dfadde0d64472d1b5882 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Feb 2023 08:43:29 +0100
Subject: [PATCH 0808/2268] chore(deps): Bump github.com/golang-jwt/jwt/v4 from
 4.4.3 to 4.5.0 (#331)

Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.3 to 4.5.0.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index db964bf66..5cf83491a 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/fluxcd/pkg/kustomize v0.13.1
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.3
+	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.13.0
 	github.com/hashicorp/vault/api v1.9.0
 	github.com/hexops/gotextdiff v1.0.3
diff --git a/go.sum b/go.sum
index f3ee51966..c58e584e6 100644
--- a/go.sum
+++ b/go.sum
@@ -318,8 +318,8 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
-github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=

From e2ac702205798fa90f5e35cfd2bc42fbd41e50b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 27 Feb 2023 08:43:45 +0100
Subject: [PATCH 0809/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#332)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.13 to 1.18.15.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.13...config/v1.18.15)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 41 ++++++++++++++++++++++-------------------
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 5cf83491a..d64f89087 100644
--- a/go.mod
+++ b/go.mod
@@ -58,8 +58,8 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/aws/aws-sdk-go-v2 v1.17.4
-	github.com/aws/aws-sdk-go-v2/config v1.18.13
+	github.com/aws/aws-sdk-go-v2 v1.17.5
+	github.com/aws/aws-sdk-go-v2/config v1.18.15
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4
 	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-logr/logr v1.2.3
@@ -94,16 +94,16 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.15 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.5 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index c58e584e6..bef14ad07 100644
--- a/go.sum
+++ b/go.sum
@@ -112,34 +112,37 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY=
 github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.13 h1:v0xlYqbO6/EVlM8tUn2QEOA7btQxcgidEq2JRDBPTho=
-github.com/aws/aws-sdk-go-v2/config v1.18.13/go.mod h1:r39wGSZB7wPDW1i54JyQXUpc5KsWjh5z/3S5D9eCqDg=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.13 h1:zw1KAc1kl00NYd3ofVmFrb09qnYlSQMeh+fmlQRAihI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.13/go.mod h1:DW9nbIIF9MrIja0cBQrUpeWYQMSlNmP8fevLUyF9W38=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU=
+github.com/aws/aws-sdk-go-v2 v1.17.5 h1:TzCUW1Nq4H8Xscph5M/skINUitxM5UBAyvm2s7XBzL4=
+github.com/aws/aws-sdk-go-v2 v1.17.5/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.15 h1:509yMO0pJUGUugBP2H9FOFyV+7Mz7sRR+snfDN5W4NY=
+github.com/aws/aws-sdk-go-v2/config v1.18.15/go.mod h1:vS0tddZqpE8cD9CyW0/kITHF5Bq2QasW9Y1DFHD//O0=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.15 h1:0rZQIi6deJFjOEgHI9HI2eZcLPPEGQPictX66oRFLL8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.15/go.mod h1:vRMLMD3/rXU+o6j2MW5YefrGMBmdTvkLLGqFwMLBHQc=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23 h1:Kbiv9PGnQfG/imNI4L/heyUXvzKmcWSBeDvkrQz5pFc=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23/go.mod h1:mOtmAg65GT1HIL/HT/PynwPbS+UG0BgCZ6vhkPqnxWo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29 h1:9/aKwwus0TQxppPXFmf010DFrE+ssSbzroLVYINA+xE=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29/go.mod h1:Dip3sIGv485+xerzVv24emnjX5Sg88utCL8fwGmCeWg=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFuMO22HkV5VWGLBvmCLBCLPivUAmpdpnp4Vs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23 h1:b/Vn141DBuLVgXbhRWIrl9g+ww7G+ScV5SzniWR13jQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23/go.mod h1:mr6c4cHC+S/MMkrjtSlG4QA36kOznDep+0fga5L/fGQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30 h1:IVx9L7YFhpPq0tTnGo8u8TpluFu7nAn9X3sUDMb11c0=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30/go.mod h1:vsbq62AOBwQ1LJ/GWKFxX8beUEYeRp/Agitrxee2/qM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23 h1:QoOybhwRfciWUBbZ0gp9S7XaDnCuSTeK/fySB99V1ls=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23/go.mod h1:9uPh+Hrz2Vn6oMnQYiUi/zbh3ovbnQk19YKINkQny44=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4 h1:0P9VF9miVGT40WSZSuMzHwkwTVIltpDrTrvswMLjbx0=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.2 h1:EN102fWY7hI5u/2FPheTrwwMHkSXfl49RYkeEnJsrCU=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.2/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2 h1:f1lmlce7r13CX1BPyPqt9oh/H+uqOWc9367lDoGGwNQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.2/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 h1:qJdM48OOLl1FBSzI7ZrA1ZfLwOyCYqkXV5lko1hYDBw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.4/go.mod h1:jtLIhd+V+lft6ktxpItycqHqiVXrPIRjWIsFIlzMriw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 h1:YRkWXQveFb0tFC0TLktmmhGsOcCgLwvq88MC2al47AA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4/go.mod h1:zVwRrfdSmbRZWkUkWjOItY7SOalnFnq/Yg2LVPqDjwc=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.5 h1:L1600eLr0YvTT7gNh3Ni24yGI7NSHkq9Gp62vijPRCs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.5/go.mod h1:1mKZHLLpDMHTNSYPJ7qrcnCQdHCWsNQaT0xRvq2u80s=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 328f5f3421b12b8c085a39658e2ad6bafc61a1a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 27 Feb 2023 10:29:51 +0100
Subject: [PATCH 0810/2268] fix: Also add full resource strings to Helm's
 APIVersions (#334)

Helm internally adds GroupVersion strings AND GroupVersionKind strings to
APIVersions. We must replicate this behavior as otherwise things like
`.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress"` will not
work.
---
 pkg/helm/helm_release.go | 35 ++++++++++++++++++++++++-----------
 pkg/k8s/resources.go     |  2 +-
 2 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 26fc8ee08..7295a7f29 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -26,7 +26,6 @@ import (
 	"helm.sh/helm/v3/pkg/cli/values"
 	"helm.sh/helm/v3/pkg/getter"
 	"helm.sh/helm/v3/pkg/release"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
 type Release struct {
@@ -161,13 +160,6 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	}
 	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(hr.ConfigFile), "helm-values.yml"))
 
-	var gvs []schema.GroupVersion
-	if k != nil {
-		gvs, err = k.Resources.GetAllGroupVersions()
-		if err != nil {
-			return err
-		}
-	}
 	cfg, err := buildHelmConfig(k)
 	if err != nil {
 		return err
@@ -211,15 +203,13 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	client.Replace = true
 	client.ClientOnly = true
 	client.KubeVersion = kubeVersion
+	client.APIVersions = hr.getApiVersions(k)
 
 	if hr.Config.SkipCRDs {
 		client.SkipCRDs = true
 	} else {
 		client.IncludeCRDs = true
 	}
-	for _, gv := range gvs {
-		client.APIVersions = append(client.APIVersions, gv.String())
-	}
 
 	p := getter.All(settings)
 	vals, err := valueOpts.MergeValues(p)
@@ -291,6 +281,29 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	return nil
 }
 
+func (hr *Release) getApiVersions(k *k8s.K8sCluster) chartutil.VersionSet {
+	if k == nil {
+		return nil
+	}
+
+	m := map[string]bool{}
+
+	gvks := k.Resources.GetFilteredGVKs(nil)
+	for _, gvk := range gvks {
+		gvStr := gvk.GroupVersion().String()
+		m[gvStr] = true
+		gvkStr := fmt.Sprintf("%s/%s", gvStr, gvk.Kind)
+		m[gvkStr] = true
+	}
+
+	ret := make([]string, 0, len(m))
+	for id, _ := range m {
+		ret = append(ret, id)
+	}
+
+	return ret
+}
+
 func (hr *Release) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
 	var parsed []*uo.UnstructuredObject
 
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 47ce75c2b..9a49b9093 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -310,7 +310,7 @@ func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []s
 
 	var ret []schema.GroupVersionKind
 	for _, ar := range k.allResources {
-		if !filter(&ar) {
+		if filter != nil && !filter(&ar) {
 			continue
 		}
 		gvk := schema.GroupVersionKind{

From 3ac06cea9e7f864a880f53b037dcf5e8b1f58710 Mon Sep 17 00:00:00 2001
From: Jochen Saalfeld <jsaalfeld@users.noreply.github.com>
Date: Mon, 27 Feb 2023 14:47:14 +0100
Subject: [PATCH 0811/2268] docs: change environment args to a working default
 case (#335)

---
 docs/reference/kluctl-project/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 3eae53d7f..7c786c498 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -26,17 +26,17 @@ targets:
   - name: dev
     context: dev.example.com
     args:
-      environment_name: dev
+      environment: dev
   # test cluster, test env
   - name: test
     context: test.example.com
     args:
-      environment_name: test
+      environment: test
   # prod cluster, prod env
   - name: prod
     context: prod.example.com
     args:
-      environment_name: prod
+      environment: prod
 
 args:
   - name: environment

From d16793f80fcf668d56467783d45153e82c2d82cb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Feb 2023 08:46:26 +0100
Subject: [PATCH 0812/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#336)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.18.4 to 1.18.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.4...config/v1.18.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index d64f89087..2e58406b4 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.5
 	github.com/aws/aws-sdk-go-v2/config v1.18.15
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6
 	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/go.sum b/go.sum
index bef14ad07..dff4afac9 100644
--- a/go.sum
+++ b/go.sum
@@ -112,7 +112,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.17.5 h1:TzCUW1Nq4H8Xscph5M/skINUitxM5UBAyvm2s7XBzL4=
 github.com/aws/aws-sdk-go-v2 v1.17.5/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.15 h1:509yMO0pJUGUugBP2H9FOFyV+7Mz7sRR+snfDN5W4NY=
@@ -122,11 +121,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.15/go.mod h1:vRMLMD3/rXU+o6j2MW5Y
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23 h1:Kbiv9PGnQfG/imNI4L/heyUXvzKmcWSBeDvkrQz5pFc=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23/go.mod h1:mOtmAg65GT1HIL/HT/PynwPbS+UG0BgCZ6vhkPqnxWo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29 h1:9/aKwwus0TQxppPXFmf010DFrE+ssSbzroLVYINA+xE=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29/go.mod h1:Dip3sIGv485+xerzVv24emnjX5Sg88utCL8fwGmCeWg=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23 h1:b/Vn141DBuLVgXbhRWIrl9g+ww7G+ScV5SzniWR13jQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23/go.mod h1:mr6c4cHC+S/MMkrjtSlG4QA36kOznDep+0fga5L/fGQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30 h1:IVx9L7YFhpPq0tTnGo8u8TpluFu7nAn9X3sUDMb11c0=
@@ -135,8 +132,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23 h1:QoOybhwRf
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23/go.mod h1:9uPh+Hrz2Vn6oMnQYiUi/zbh3ovbnQk19YKINkQny44=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4 h1:0P9VF9miVGT40WSZSuMzHwkwTVIltpDrTrvswMLjbx0=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.4/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6 h1:VjvQw/1Qf/rhDSl+NNOeybSpdPRjBfH60//5vzveVsY=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6/go.mod h1:CJcdJtrO6ulXfI8l2DotKWmJShhXHCEcd9Wibyx3kC0=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 h1:qJdM48OOLl1FBSzI7ZrA1ZfLwOyCYqkXV5lko1hYDBw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.4/go.mod h1:jtLIhd+V+lft6ktxpItycqHqiVXrPIRjWIsFIlzMriw=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 h1:YRkWXQveFb0tFC0TLktmmhGsOcCgLwvq88MC2al47AA=

From 572c96a12763ba367f722f76812300c19c631096 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Feb 2023 08:46:51 +0100
Subject: [PATCH 0813/2268] chore(deps): Bump github.com/stretchr/testify from
 1.8.1 to 1.8.2 (#337)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 2e58406b4..683361d28 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.2
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.6.0
diff --git a/go.sum b/go.sum
index dff4afac9..ca78af9e0 100644
--- a/go.sum
+++ b/go.sum
@@ -751,8 +751,9 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=

From 37a61b1e0d90eddab494579ce009bc6ed3eaabd0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Feb 2023 08:47:07 +0100
Subject: [PATCH 0814/2268] chore(deps): Bump actions/checkout from 2 to 3
 (#338)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/cross-compile.yaml | 2 +-
 .github/workflows/release.yml        | 2 +-
 .github/workflows/tests.yml          | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cross-compile.yaml b/.github/workflows/cross-compile.yaml
index 556c864d7..6b96e9f56 100644
--- a/.github/workflows/cross-compile.yaml
+++ b/.github/workflows/cross-compile.yaml
@@ -11,7 +11,7 @@ jobs:
     if: github.event_name != 'pull_request'
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - uses: actions/setup-go@v3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4e2a47b9a..b18a49db0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Fetch all tags
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 92f166bb7..5e3e4cc83 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - uses: actions/setup-go@v3
@@ -55,7 +55,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
           go-version: '1.19'

From fc02acdc89e041622fbd3f5d7d23a468ed9079f7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 28 Feb 2023 10:30:44 +0100
Subject: [PATCH 0815/2268] fix: Properly track new objects instead of guessing
 when diffing

---
 pkg/deployment/commands/deploy.go      |  4 +--
 pkg/deployment/commands/diff.go        |  2 +-
 pkg/deployment/commands/poke_images.go |  2 +-
 pkg/deployment/utils/apply_utils.go    | 38 ++++++++++++++++----------
 pkg/deployment/utils/diff_utils.go     | 12 ++------
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index cb3721b41..a349fd103 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -65,7 +65,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &types.CommandResult{
-			NewObjects:     du.NewObjects,
+			NewObjects:     au.GetNewObjects(),
 			ChangedObjects: du.ChangedObjects,
 			DeletedObjects: au.GetDeletedObjects(),
 			HookObjects:    au.GetAppliedHookObjects(),
@@ -99,7 +99,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		return nil, err
 	}
 	return &types.CommandResult{
-		NewObjects:     du.NewObjects,
+		NewObjects:     au.GetNewObjects(),
 		ChangedObjects: du.ChangedObjects,
 		DeletedObjects: au.GetDeletedObjects(),
 		HookObjects:    au.GetAppliedHookObjects(),
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index ff8e8f0ca..6a23ef6fb 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -66,7 +66,7 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.Comm
 		return nil, err
 	}
 	return &types.CommandResult{
-		NewObjects:     du.NewObjects,
+		NewObjects:     au.GetNewObjects(),
 		ChangedObjects: du.ChangedObjects,
 		DeletedObjects: au.GetDeletedObjects(),
 		HookObjects:    au.GetAppliedHookObjects(),
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 3c99172d1..97baf5772 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -95,7 +95,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 	du.Diff()
 
 	return &types.CommandResult{
-		NewObjects:     du.NewObjects,
+		NewObjects:     nil,
 		ChangedObjects: du.ChangedObjects,
 		Errors:         dew.GetErrorsList(),
 		Warnings:       dew.GetWarningsList(),
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 69c6d7fd4..11717629e 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -40,6 +40,7 @@ type ApplyUtil struct {
 	dew                *DeploymentErrorsAndWarnings
 	errorCount         int
 	warningCount       int
+	newObjects         map[k8s2.ObjectRef]*uo.UnstructuredObject
 	appliedObjects     map[k8s2.ObjectRef]*uo.UnstructuredObject
 	appliedHookObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
 	deletedObjects     map[k8s2.ObjectRef]bool
@@ -95,6 +96,7 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *sta
 	ret := &ApplyUtil{
 		ctx:                ctx,
 		dew:                ad.dew,
+		newObjects:         map[k8s2.ObjectRef]*uo.UnstructuredObject{},
 		appliedObjects:     map[k8s2.ObjectRef]*uo.UnstructuredObject{},
 		appliedHookObjects: map[k8s2.ObjectRef]*uo.UnstructuredObject{},
 		deletedObjects:     map[k8s2.ObjectRef]bool{},
@@ -119,6 +121,10 @@ func (a *ApplyUtil) handleResult(appliedObject *uo.UnstructuredObject, hook bool
 		a.appliedHookObjects[ref] = appliedObject
 	}
 	a.appliedObjects[ref] = appliedObject
+
+	if !hook && a.ru.GetRemoteObject(ref) == nil {
+		a.newObjects[ref] = appliedObject
+	}
 }
 
 func (a *ApplyUtil) handleApiWarnings(ref k8s2.ObjectRef, warnings []k8s.ApiWarning) {
@@ -684,13 +690,13 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 	a.HandleError(ref, fmt.Errorf("unexpected end of loop"))
 }
 
-func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*types.RefAndObject {
+func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []*types.RefAndObject {
 	ad.resultsMutex.Lock()
 	defer ad.resultsMutex.Unlock()
 
 	var ret []*types.RefAndObject
 	for _, a := range ad.results {
-		for _, o := range a.appliedObjects {
+		for _, o := range f(a) {
 			ret = append(ret, &types.RefAndObject{
 				Ref:    o.GetK8sRef(),
 				Object: o,
@@ -700,6 +706,18 @@ func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*types.RefAndObject {
 	return ret
 }
 
+func (ad *ApplyDeploymentsUtil) GetNewObjects() []*types.RefAndObject {
+	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
+		return au.newObjects
+	})
+}
+
+func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*types.RefAndObject {
+	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
+		return au.appliedObjects
+	})
+}
+
 func (ad *ApplyDeploymentsUtil) GetAppliedObjectsMap() map[k8s2.ObjectRef]*uo.UnstructuredObject {
 	ret := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, ro := range ad.GetAppliedObjects() {
@@ -709,19 +727,9 @@ func (ad *ApplyDeploymentsUtil) GetAppliedObjectsMap() map[k8s2.ObjectRef]*uo.Un
 }
 
 func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*types.RefAndObject {
-	ad.resultsMutex.Lock()
-	defer ad.resultsMutex.Unlock()
-
-	var ret []*types.RefAndObject
-	for _, a := range ad.results {
-		for _, o := range a.appliedHookObjects {
-			ret = append(ret, &types.RefAndObject{
-				Ref:    o.GetK8sRef(),
-				Object: o,
-			})
-		}
-	}
-	return ret
+	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
+		return au.appliedHookObjects
+	})
 }
 
 func (ad *ApplyDeploymentsUtil) GetDeletedObjects() []k8s2.ObjectRef {
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 77b1e31ad..05f740a8f 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -22,7 +22,6 @@ type diffUtil struct {
 	IgnoreAnnotations bool
 
 	remoteDiffObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
-	NewObjects        []*types.RefAndObject
 	ChangedObjects    []*types.ChangedObject
 	mutex             sync.Mutex
 }
@@ -62,9 +61,6 @@ func (u *diffUtil) Diff() {
 	}
 	wg.Wait()
 
-	sort.Slice(u.NewObjects, func(i, j int) bool {
-		return u.NewObjects[i].Ref.String() < u.NewObjects[j].Ref.String()
-	})
 	sort.Slice(u.ChangedObjects, func(i, j int) bool {
 		return u.ChangedObjects[i].Ref.String() < u.ChangedObjects[j].Ref.String()
 	})
@@ -72,12 +68,8 @@ func (u *diffUtil) Diff() {
 
 func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig) {
 	if ao != nil && ro == nil {
-		u.mutex.Lock()
-		defer u.mutex.Unlock()
-		u.NewObjects = append(u.NewObjects, &types.RefAndObject{
-			Ref:    ao.GetK8sRef(),
-			Object: ao,
-		})
+		// new?
+		return
 	} else if ao == nil && ro != nil {
 		// deleted?
 		return

From f74692f9daa04621008f16f4fb90ec25e4575a95 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 28 Feb 2023 10:48:28 +0100
Subject: [PATCH 0816/2268] fix: Properly simulate deletion of hooks in dryRun
 mode

---
 pkg/deployment/utils/apply_utils.go | 38 ++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 11717629e..67c17f045 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -169,13 +169,45 @@ func (a *ApplyUtil) DeleteObject(ref k8s2.ObjectRef, hook bool) bool {
 	}
 	apiWarnings, err := a.k.DeleteSingleObject(ref, o)
 	a.handleApiWarnings(ref, apiWarnings)
-	if err != nil {
-		if !errors.IsNotFound(err) {
-			a.HandleError(ref, err)
+
+	if err == nil {
+		a.mutex.Lock()
+		defer a.mutex.Unlock()
+		if hook {
+			a.deletedHookObjects[ref] = true
+		} else {
+			a.deletedObjects[ref] = true
 		}
+		return true
+	}
+	if !errors.IsNotFound(err) {
+		a.HandleError(ref, err)
+		return false
+	}
+	if !a.o.DryRun {
+		// just ignore 404 errors
 		return false
 	}
 
+	// now simulate deletion of objects that got applied in the same run
+
+	wasApplied := false
+	if hook {
+		if _, ok := a.appliedObjects[ref]; ok {
+			wasApplied = true
+		}
+	} else {
+		if _, ok := a.appliedHookObjects[ref]; ok {
+			wasApplied = true
+		}
+	}
+	if !wasApplied {
+		// did not get applied, so just ignore the 404
+		return false
+	}
+
+	// it got applied, so we need to pretend it actually got deleted
+
 	a.mutex.Lock()
 	defer a.mutex.Unlock()
 	if hook {

From 9c2a5e85a80edff91867519c11494b0681f879c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 28 Feb 2023 11:24:38 +0100
Subject: [PATCH 0817/2268] tests: Remove obsolete tests in regard to
 du.NewObjects

---
 pkg/deployment/utils/diff_utils_test.go | 47 -------------------------
 1 file changed, 47 deletions(-)

diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 0e1aa9d81..c97d60e62 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -57,34 +57,12 @@ func newTestConfigMap(name string, data map[string]interface{}) *uo.Unstructured
 
 func TestDiff(t *testing.T) {
 	tests := []*diffTestConfig{
-		{
-			name: "One new object",
-			ro:   nil,
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{})},
-			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 1)
-				assert.Len(t, dtc.du.ChangedObjects, 0)
-				assert.Equal(t, dtc.lo[0], dtc.du.NewObjects[0].Object)
-			},
-		},
-		{
-			name: "One deleted object",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{})},
-			lo:   nil,
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{})},
-			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
-				assert.Len(t, dtc.du.ChangedObjects, 0)
-			},
-		},
 		{
 			name: "One changed object (changed field)",
 			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
 			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"})},
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
@@ -98,7 +76,6 @@ func TestDiff(t *testing.T) {
 			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
@@ -112,7 +89,6 @@ func TestDiff(t *testing.T) {
 			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
@@ -126,7 +102,6 @@ func TestDiff(t *testing.T) {
 			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"})},
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
@@ -141,7 +116,6 @@ func TestDiff(t *testing.T) {
 			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"})},
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 0)
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
@@ -151,27 +125,6 @@ func TestDiff(t *testing.T) {
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
-		{
-			name: "Two changed objects + One new object",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test1", map[string]interface{}{"d1": "v1", "d2": "v2"}), newTestConfigMap("test2", map[string]interface{}{"xd1": "xv1", "xd2": "xv2"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test1", map[string]interface{}{"d1": "v1", "d2": "v3"}), newTestConfigMap("test2", map[string]interface{}{"xd3": "xv2"}), newTestConfigMap("test3", map[string]interface{}{"yd3": "yv2"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test1", map[string]interface{}{"d1": "v1", "d2": "v3"}), newTestConfigMap("test2", map[string]interface{}{"xd3": "xv2"}), newTestConfigMap("test3", map[string]interface{}{"yd3": "yv2"})},
-			a: func(t *testing.T, dtc *diffTestConfig) {
-				assert.Len(t, dtc.du.NewObjects, 1)
-				assert.Len(t, dtc.du.ChangedObjects, 2)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, dtc.du.ChangedObjects[1].NewObject, dtc.ao[1])
-				assert.Equal(t, dtc.du.NewObjects[0].Object, dtc.ao[2])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "update", JsonPath: "data.d2", OldValue: "v2", NewValue: "v3", UnifiedDiff: "-v2\n+v3"},
-				}, dtc.du.ChangedObjects[0].Changes)
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "delete", JsonPath: "data.xd1", OldValue: "xv1", NewValue: interface{}(nil), UnifiedDiff: "-xv1"},
-					types.Change{Type: "delete", JsonPath: "data.xd2", OldValue: "xv2", NewValue: interface{}(nil), UnifiedDiff: "-xv2"},
-					types.Change{Type: "insert", JsonPath: "data.xd3", OldValue: interface{}(nil), NewValue: "xv2", UnifiedDiff: "+xv2"},
-				}, dtc.du.ChangedObjects[1].Changes)
-			},
-		},
 	}
 
 	for _, test := range tests {

From ceffd6e9e59788e400dd263df91f920a77369c4e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 28 Feb 2023 11:25:47 +0100
Subject: [PATCH 0818/2268] chore: Remove unused code

---
 pkg/utils/python_scanner/README.md  |   2 -
 pkg/utils/python_scanner/scanner.go | 793 ----------------------------
 2 files changed, 795 deletions(-)
 delete mode 100644 pkg/utils/python_scanner/README.md
 delete mode 100644 pkg/utils/python_scanner/scanner.go

diff --git a/pkg/utils/python_scanner/README.md b/pkg/utils/python_scanner/README.md
deleted file mode 100644
index 645cb1299..000000000
--- a/pkg/utils/python_scanner/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-This package is a copy of golangs text/scanner package, with the difference that it interprets ' and ` the same way as ", so
-that it's a little bit more like python.
\ No newline at end of file
diff --git a/pkg/utils/python_scanner/scanner.go b/pkg/utils/python_scanner/scanner.go
deleted file mode 100644
index 006f9107b..000000000
--- a/pkg/utils/python_scanner/scanner.go
+++ /dev/null
@@ -1,793 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package scanner provides a scanner and tokenizer for UTF-8-encoded text.
-// It takes an io.Reader providing the source, which then can be tokenized
-// through repeated calls to the Scan function. For compatibility with
-// existing tools, the NUL character is not allowed. If the first character
-// in the source is a UTF-8 encoded byte order mark (BOM), it is discarded.
-//
-// By default, a Scanner skips white space and Go comments and recognizes all
-// literals as defined by the Go language specification. It may be
-// customized to recognize only a subset of those literals and to recognize
-// different identifier and white space characters.
-package python_scanner
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"os"
-	"unicode"
-	"unicode/utf8"
-)
-
-// Position is a value that represents a source position.
-// A position is valid if Line > 0.
-type Position struct {
-	Filename string // filename, if any
-	Offset   int    // byte offset, starting at 0
-	Line     int    // line number, starting at 1
-	Column   int    // column number, starting at 1 (character count per line)
-}
-
-// IsValid reports whether the position is valid.
-func (pos *Position) IsValid() bool { return pos.Line > 0 }
-
-func (pos Position) String() string {
-	s := pos.Filename
-	if s == "" {
-		s = "<input>"
-	}
-	if pos.IsValid() {
-		s += fmt.Sprintf(":%d:%d", pos.Line, pos.Column)
-	}
-	return s
-}
-
-// Predefined mode bits to control recognition of tokens. For instance,
-// to configure a Scanner such that it only recognizes (Go) identifiers,
-// integers, and skips comments, set the Scanner's Mode field to:
-//
-//	ScanIdents | ScanInts | SkipComments
-//
-// With the exceptions of comments, which are skipped if SkipComments is
-// set, unrecognized tokens are not ignored. Instead, the scanner simply
-// returns the respective individual characters (or possibly sub-tokens).
-// For instance, if the mode is ScanIdents (not ScanStrings), the string
-// "foo" is scanned as the token sequence '"' Ident '"'.
-//
-// Use GoTokens to configure the Scanner such that it accepts all Go
-// literal tokens including Go identifiers. Comments will be skipped.
-const (
-	ScanIdents     = 1 << -Ident
-	ScanInts       = 1 << -Int
-	ScanFloats     = 1 << -Float // includes Ints and hexadecimal floats
-	ScanChars      = 1 << -Char
-	ScanStrings    = 1 << -String
-	ScanRawStrings = 1 << -RawString
-	ScanComments   = 1 << -Comment
-	SkipComments   = 1 << -skipComment // if set with ScanComments, comments become white space
-	GoTokens       = ScanIdents | ScanFloats | ScanChars | ScanStrings | ScanRawStrings | ScanComments | SkipComments
-)
-
-// The result of Scan is one of these tokens or a Unicode character.
-const (
-	EOF = -(iota + 1)
-	Ident
-	Int
-	Float
-	Char
-	String
-	RawString
-	Comment
-
-	// internal use only
-	skipComment
-)
-
-var tokenString = map[rune]string{
-	EOF:       "EOF",
-	Ident:     "Ident",
-	Int:       "Int",
-	Float:     "Float",
-	Char:      "Char",
-	String:    "String",
-	RawString: "RawString",
-	Comment:   "Comment",
-}
-
-// TokenString returns a printable string for a token or Unicode character.
-func TokenString(tok rune) string {
-	if s, found := tokenString[tok]; found {
-		return s
-	}
-	return fmt.Sprintf("%q", string(tok))
-}
-
-// GoWhitespace is the default value for the Scanner's Whitespace field.
-// Its value selects Go's white space characters.
-const GoWhitespace = 1<<'\t' | 1<<'\n' | 1<<'\r' | 1<<' '
-
-const bufLen = 1024 // at least utf8.UTFMax
-
-// A Scanner implements reading of Unicode characters and tokens from an io.Reader.
-type Scanner struct {
-	// Input
-	src io.Reader
-
-	// Source buffer
-	srcBuf [bufLen + 1]byte // +1 for sentinel for common case of s.next()
-	srcPos int              // reading position (srcBuf index)
-	srcEnd int              // source end (srcBuf index)
-
-	// Source position
-	srcBufOffset int // byte offset of srcBuf[0] in source
-	line         int // line count
-	column       int // character count
-	lastLineLen  int // length of last line in characters (for correct column reporting)
-	lastCharLen  int // length of last character in bytes
-
-	// Token text buffer
-	// Typically, token text is stored completely in srcBuf, but in general
-	// the token text's head may be buffered in tokBuf while the token text's
-	// tail is stored in srcBuf.
-	tokBuf bytes.Buffer // token text head that is not in srcBuf anymore
-	tokPos int          // token text tail position (srcBuf index); valid if >= 0
-	tokEnd int          // token text tail end (srcBuf index)
-
-	// One character look-ahead
-	ch rune // character before current srcPos
-
-	// Error is called for each error encountered. If no Error
-	// function is set, the error is reported to os.Stderr.
-	Error func(s *Scanner, msg string)
-
-	// ErrorCount is incremented by one for each error encountered.
-	ErrorCount int
-
-	// The Mode field controls which tokens are recognized. For instance,
-	// to recognize Ints, set the ScanInts bit in Mode. The field may be
-	// changed at any time.
-	Mode uint
-
-	// The Whitespace field controls which characters are recognized
-	// as white space. To recognize a character ch <= ' ' as white space,
-	// set the ch'th bit in Whitespace (the Scanner's behavior is undefined
-	// for values ch > ' '). The field may be changed at any time.
-	Whitespace uint64
-
-	// IsIdentRune is a predicate controlling the characters accepted
-	// as the ith rune in an identifier. The set of valid characters
-	// must not intersect with the set of white space characters.
-	// If no IsIdentRune function is set, regular Go identifiers are
-	// accepted instead. The field may be changed at any time.
-	IsIdentRune func(ch rune, i int) bool
-
-	// Start position of most recently scanned token; set by Scan.
-	// Calling Init or Next invalidates the position (Line == 0).
-	// The Filename field is always left untouched by the Scanner.
-	// If an error is reported (via Error) and Position is invalid,
-	// the scanner is not inside a token. Call Pos to obtain an error
-	// position in that case, or to obtain the position immediately
-	// after the most recently scanned token.
-	Position
-}
-
-// Init initializes a Scanner with a new source and returns s.
-// Error is set to nil, ErrorCount is set to 0, Mode is set to GoTokens,
-// and Whitespace is set to GoWhitespace.
-func (s *Scanner) Init(src io.Reader) *Scanner {
-	s.src = src
-
-	// initialize source buffer
-	// (the first call to next() will fill it by calling src.Read)
-	s.srcBuf[0] = utf8.RuneSelf // sentinel
-	s.srcPos = 0
-	s.srcEnd = 0
-
-	// initialize source position
-	s.srcBufOffset = 0
-	s.line = 1
-	s.column = 0
-	s.lastLineLen = 0
-	s.lastCharLen = 0
-
-	// initialize token text buffer
-	// (required for first call to next()).
-	s.tokPos = -1
-
-	// initialize one character look-ahead
-	s.ch = -2 // no char read yet, not EOF
-
-	// initialize public fields
-	s.Error = nil
-	s.ErrorCount = 0
-	s.Mode = GoTokens
-	s.Whitespace = GoWhitespace
-	s.Line = 0 // invalidate token position
-
-	return s
-}
-
-// next reads and returns the next Unicode character. It is designed such
-// that only a minimal amount of work needs to be done in the common ASCII
-// case (one test to check for both ASCII and end-of-buffer, and one test
-// to check for newlines).
-func (s *Scanner) next() rune {
-	ch, width := rune(s.srcBuf[s.srcPos]), 1
-
-	if ch >= utf8.RuneSelf {
-		// uncommon case: not ASCII or not enough bytes
-		for s.srcPos+utf8.UTFMax > s.srcEnd && !utf8.FullRune(s.srcBuf[s.srcPos:s.srcEnd]) {
-			// not enough bytes: read some more, but first
-			// save away token text if any
-			if s.tokPos >= 0 {
-				s.tokBuf.Write(s.srcBuf[s.tokPos:s.srcPos])
-				s.tokPos = 0
-				// s.tokEnd is set by Scan()
-			}
-			// move unread bytes to beginning of buffer
-			copy(s.srcBuf[0:], s.srcBuf[s.srcPos:s.srcEnd])
-			s.srcBufOffset += s.srcPos
-			// read more bytes
-			// (an io.Reader must return io.EOF when it reaches
-			// the end of what it is reading - simply returning
-			// n == 0 will make this loop retry forever; but the
-			// error is in the reader implementation in that case)
-			i := s.srcEnd - s.srcPos
-			n, err := s.src.Read(s.srcBuf[i:bufLen])
-			s.srcPos = 0
-			s.srcEnd = i + n
-			s.srcBuf[s.srcEnd] = utf8.RuneSelf // sentinel
-			if err != nil {
-				if err != io.EOF {
-					s.error(err.Error())
-				}
-				if s.srcEnd == 0 {
-					if s.lastCharLen > 0 {
-						// previous character was not EOF
-						s.column++
-					}
-					s.lastCharLen = 0
-					return EOF
-				}
-				// If err == EOF, we won't be getting more
-				// bytes; break to avoid infinite loop. If
-				// err is something else, we don't know if
-				// we can get more bytes; thus also break.
-				break
-			}
-		}
-		// at least one byte
-		ch = rune(s.srcBuf[s.srcPos])
-		if ch >= utf8.RuneSelf {
-			// uncommon case: not ASCII
-			ch, width = utf8.DecodeRune(s.srcBuf[s.srcPos:s.srcEnd])
-			if ch == utf8.RuneError && width == 1 {
-				// advance for correct error position
-				s.srcPos += width
-				s.lastCharLen = width
-				s.column++
-				s.error("invalid UTF-8 encoding")
-				return ch
-			}
-		}
-	}
-
-	// advance
-	s.srcPos += width
-	s.lastCharLen = width
-	s.column++
-
-	// special situations
-	switch ch {
-	case 0:
-		// for compatibility with other tools
-		s.error("invalid character NUL")
-	case '\n':
-		s.line++
-		s.lastLineLen = s.column
-		s.column = 0
-	}
-
-	return ch
-}
-
-// Next reads and returns the next Unicode character.
-// It returns EOF at the end of the source. It reports
-// a read error by calling s.Error, if not nil; otherwise
-// it prints an error message to os.Stderr. Next does not
-// update the Scanner's Position field; use Pos() to
-// get the current position.
-func (s *Scanner) Next() rune {
-	s.tokPos = -1 // don't collect token text
-	s.Line = 0    // invalidate token position
-	ch := s.Peek()
-	if ch != EOF {
-		s.ch = s.next()
-	}
-	return ch
-}
-
-// Peek returns the next Unicode character in the source without advancing
-// the scanner. It returns EOF if the scanner's position is at the last
-// character of the source.
-func (s *Scanner) Peek() rune {
-	if s.ch == -2 {
-		// this code is only run for the very first character
-		s.ch = s.next()
-		if s.ch == '\uFEFF' {
-			s.ch = s.next() // ignore BOM
-		}
-	}
-	return s.ch
-}
-
-func (s *Scanner) error(msg string) {
-	s.tokEnd = s.srcPos - s.lastCharLen // make sure token text is terminated
-	s.ErrorCount++
-	if s.Error != nil {
-		s.Error(s, msg)
-		return
-	}
-	pos := s.Position
-	if !pos.IsValid() {
-		pos = s.Pos()
-	}
-	fmt.Fprintf(os.Stderr, "%s: %s\n", pos, msg)
-}
-
-func (s *Scanner) errorf(format string, args ...interface{}) {
-	s.error(fmt.Sprintf(format, args...))
-}
-
-func (s *Scanner) isIdentRune(ch rune, i int) bool {
-	if s.IsIdentRune != nil {
-		return s.IsIdentRune(ch, i)
-	}
-	return ch == '_' || unicode.IsLetter(ch) || unicode.IsDigit(ch) && i > 0
-}
-
-func (s *Scanner) scanIdentifier() rune {
-	// we know the zero'th rune is OK; start scanning at the next one
-	ch := s.next()
-	for i := 1; s.isIdentRune(ch, i); i++ {
-		ch = s.next()
-	}
-	return ch
-}
-
-func lower(ch rune) rune     { return ('a' - 'A') | ch } // returns lower-case ch iff ch is ASCII letter
-func isDecimal(ch rune) bool { return '0' <= ch && ch <= '9' }
-func isHex(ch rune) bool     { return '0' <= ch && ch <= '9' || 'a' <= lower(ch) && lower(ch) <= 'f' }
-
-// digits accepts the sequence { digit | '_' } starting with ch0.
-// If base <= 10, digits accepts any decimal digit but records
-// the first invalid digit >= base in *invalid if *invalid == 0.
-// digits returns the first rune that is not part of the sequence
-// anymore, and a bitset describing whether the sequence contained
-// digits (bit 0 is set), or separators '_' (bit 1 is set).
-func (s *Scanner) digits(ch0 rune, base int, invalid *rune) (ch rune, digsep int) {
-	ch = ch0
-	if base <= 10 {
-		max := rune('0' + base)
-		for isDecimal(ch) || ch == '_' {
-			ds := 1
-			if ch == '_' {
-				ds = 2
-			} else if ch >= max && *invalid == 0 {
-				*invalid = ch
-			}
-			digsep |= ds
-			ch = s.next()
-		}
-	} else {
-		for isHex(ch) || ch == '_' {
-			ds := 1
-			if ch == '_' {
-				ds = 2
-			}
-			digsep |= ds
-			ch = s.next()
-		}
-	}
-	return
-}
-
-func (s *Scanner) scanNumber(ch rune, seenDot bool) (rune, rune) {
-	base := 10         // number base
-	prefix := rune(0)  // one of 0 (decimal), '0' (0-octal), 'x', 'o', or 'b'
-	digsep := 0        // bit 0: digit present, bit 1: '_' present
-	invalid := rune(0) // invalid digit in literal, or 0
-
-	// integer part
-	var tok rune
-	var ds int
-	if !seenDot {
-		tok = Int
-		if ch == '0' {
-			ch = s.next()
-			switch lower(ch) {
-			case 'x':
-				ch = s.next()
-				base, prefix = 16, 'x'
-			case 'o':
-				ch = s.next()
-				base, prefix = 8, 'o'
-			case 'b':
-				ch = s.next()
-				base, prefix = 2, 'b'
-			default:
-				base, prefix = 8, '0'
-				digsep = 1 // leading 0
-			}
-		}
-		ch, ds = s.digits(ch, base, &invalid)
-		digsep |= ds
-		if ch == '.' && s.Mode&ScanFloats != 0 {
-			ch = s.next()
-			seenDot = true
-		}
-	}
-
-	// fractional part
-	if seenDot {
-		tok = Float
-		if prefix == 'o' || prefix == 'b' {
-			s.error("invalid radix point in " + litname(prefix))
-		}
-		ch, ds = s.digits(ch, base, &invalid)
-		digsep |= ds
-	}
-
-	if digsep&1 == 0 {
-		s.error(litname(prefix) + " has no digits")
-	}
-
-	// exponent
-	if e := lower(ch); (e == 'e' || e == 'p') && s.Mode&ScanFloats != 0 {
-		switch {
-		case e == 'e' && prefix != 0 && prefix != '0':
-			s.errorf("%q exponent requires decimal mantissa", ch)
-		case e == 'p' && prefix != 'x':
-			s.errorf("%q exponent requires hexadecimal mantissa", ch)
-		}
-		ch = s.next()
-		tok = Float
-		if ch == '+' || ch == '-' {
-			ch = s.next()
-		}
-		ch, ds = s.digits(ch, 10, nil)
-		digsep |= ds
-		if ds&1 == 0 {
-			s.error("exponent has no digits")
-		}
-	} else if prefix == 'x' && tok == Float {
-		s.error("hexadecimal mantissa requires a 'p' exponent")
-	}
-
-	if tok == Int && invalid != 0 {
-		s.errorf("invalid digit %q in %s", invalid, litname(prefix))
-	}
-
-	if digsep&2 != 0 {
-		s.tokEnd = s.srcPos - s.lastCharLen // make sure token text is terminated
-		if i := invalidSep(s.TokenText()); i >= 0 {
-			s.error("'_' must separate successive digits")
-		}
-	}
-
-	return tok, ch
-}
-
-func litname(prefix rune) string {
-	switch prefix {
-	default:
-		return "decimal literal"
-	case 'x':
-		return "hexadecimal literal"
-	case 'o', '0':
-		return "octal literal"
-	case 'b':
-		return "binary literal"
-	}
-}
-
-// invalidSep returns the index of the first invalid separator in x, or -1.
-func invalidSep(x string) int {
-	x1 := ' ' // prefix char, we only care if it's 'x'
-	d := '.'  // digit, one of '_', '0' (a digit), or '.' (anything else)
-	i := 0
-
-	// a prefix counts as a digit
-	if len(x) >= 2 && x[0] == '0' {
-		x1 = lower(rune(x[1]))
-		if x1 == 'x' || x1 == 'o' || x1 == 'b' {
-			d = '0'
-			i = 2
-		}
-	}
-
-	// mantissa and exponent
-	for ; i < len(x); i++ {
-		p := d // previous digit
-		d = rune(x[i])
-		switch {
-		case d == '_':
-			if p != '0' {
-				return i
-			}
-		case isDecimal(d) || x1 == 'x' && isHex(d):
-			d = '0'
-		default:
-			if p == '_' {
-				return i - 1
-			}
-			d = '.'
-		}
-	}
-	if d == '_' {
-		return len(x) - 1
-	}
-
-	return -1
-}
-
-func digitVal(ch rune) int {
-	switch {
-	case '0' <= ch && ch <= '9':
-		return int(ch - '0')
-	case 'a' <= lower(ch) && lower(ch) <= 'f':
-		return int(lower(ch) - 'a' + 10)
-	}
-	return 16 // larger than any legal digit val
-}
-
-func (s *Scanner) scanDigits(ch rune, base, n int) rune {
-	for n > 0 && digitVal(ch) < base {
-		ch = s.next()
-		n--
-	}
-	if n > 0 {
-		s.error("invalid char escape")
-	}
-	return ch
-}
-
-func (s *Scanner) scanEscape(quote rune) rune {
-	ch := s.next() // read character after '/'
-	switch ch {
-	case 'a', 'b', 'f', 'n', 'r', 't', 'v', '\\', quote:
-		// nothing to do
-		ch = s.next()
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		ch = s.scanDigits(ch, 8, 3)
-	case 'x':
-		ch = s.scanDigits(s.next(), 16, 2)
-	case 'u':
-		ch = s.scanDigits(s.next(), 16, 4)
-	case 'U':
-		ch = s.scanDigits(s.next(), 16, 8)
-	default:
-		s.error("invalid char escape")
-	}
-	return ch
-}
-
-func (s *Scanner) scanString(quote rune) (n int) {
-	ch := s.next() // read character after quote
-	for ch != quote {
-		if ch == '\n' || ch < 0 {
-			s.error("literal not terminated")
-			return
-		}
-		if ch == '\\' {
-			ch = s.scanEscape(quote)
-		} else {
-			ch = s.next()
-		}
-		n++
-	}
-	return
-}
-
-func (s *Scanner) scanRawString(quote rune) {
-	ch := s.next() // read character after '`'
-	for ch != quote {
-		if ch < 0 {
-			s.error("literal not terminated")
-			return
-		}
-		ch = s.next()
-	}
-}
-
-func (s *Scanner) scanChar() {
-	if s.scanString('\'') != 1 {
-		s.error("invalid char literal")
-	}
-}
-
-func (s *Scanner) scanComment(ch rune) rune {
-	// ch == '/' || ch == '*'
-	if ch == '/' {
-		// line comment
-		ch = s.next() // read character after "//"
-		for ch != '\n' && ch >= 0 {
-			ch = s.next()
-		}
-		return ch
-	}
-
-	// general comment
-	ch = s.next() // read character after "/*"
-	for {
-		if ch < 0 {
-			s.error("comment not terminated")
-			break
-		}
-		ch0 := ch
-		ch = s.next()
-		if ch0 == '*' && ch == '/' {
-			ch = s.next()
-			break
-		}
-	}
-	return ch
-}
-
-// Scan reads the next token or Unicode character from source and returns it.
-// It only recognizes tokens t for which the respective Mode bit (1<<-t) is set.
-// It returns EOF at the end of the source. It reports scanner errors (read and
-// token errors) by calling s.Error, if not nil; otherwise it prints an error
-// message to os.Stderr.
-func (s *Scanner) Scan() rune {
-	ch := s.Peek()
-
-	// reset token text position
-	s.tokPos = -1
-	s.Line = 0
-
-redo:
-	// skip white space
-	for s.Whitespace&(1<<uint(ch)) != 0 {
-		ch = s.next()
-	}
-
-	// start collecting token text
-	s.tokBuf.Reset()
-	s.tokPos = s.srcPos - s.lastCharLen
-
-	// set token position
-	// (this is a slightly optimized version of the code in Pos())
-	s.Offset = s.srcBufOffset + s.tokPos
-	if s.column > 0 {
-		// common case: last character was not a '\n'
-		s.Line = s.line
-		s.Column = s.column
-	} else {
-		// last character was a '\n'
-		// (we cannot be at the beginning of the source
-		// since we have called next() at least once)
-		s.Line = s.line - 1
-		s.Column = s.lastLineLen
-	}
-
-	// determine token value
-	tok := ch
-	switch {
-	case s.isIdentRune(ch, 0):
-		if s.Mode&ScanIdents != 0 {
-			tok = Ident
-			ch = s.scanIdentifier()
-		} else {
-			ch = s.next()
-		}
-	case isDecimal(ch):
-		if s.Mode&(ScanInts|ScanFloats) != 0 {
-			tok, ch = s.scanNumber(ch, false)
-		} else {
-			ch = s.next()
-		}
-	default:
-		switch ch {
-		case EOF:
-			break
-		case '"':
-			if s.Mode&ScanStrings != 0 {
-				s.scanRawString('"')
-				tok = String
-			}
-			ch = s.next()
-		case '\'':
-			// This is the difference to golang's text/scanner package, we handle ' as a string and not as a char
-			if s.Mode&ScanStrings != 0 {
-				s.scanRawString('\'')
-				tok = String
-			}
-			ch = s.next()
-		case '.':
-			ch = s.next()
-			if isDecimal(ch) && s.Mode&ScanFloats != 0 {
-				tok, ch = s.scanNumber(ch, true)
-			}
-		case '/':
-			ch = s.next()
-			if (ch == '/' || ch == '*') && s.Mode&ScanComments != 0 {
-				if s.Mode&SkipComments != 0 {
-					s.tokPos = -1 // don't collect token text
-					ch = s.scanComment(ch)
-					goto redo
-				}
-				ch = s.scanComment(ch)
-				tok = Comment
-			}
-		case '`':
-			if s.Mode&ScanRawStrings != 0 {
-				s.scanRawString('`')
-				tok = RawString
-			}
-			ch = s.next()
-		default:
-			ch = s.next()
-		}
-	}
-
-	// end of token text
-	s.tokEnd = s.srcPos - s.lastCharLen
-
-	s.ch = ch
-	return tok
-}
-
-// Pos returns the position of the character immediately after
-// the character or token returned by the last call to Next or Scan.
-// Use the Scanner's Position field for the start position of the most
-// recently scanned token.
-func (s *Scanner) Pos() (pos Position) {
-	pos.Filename = s.Filename
-	pos.Offset = s.srcBufOffset + s.srcPos - s.lastCharLen
-	switch {
-	case s.column > 0:
-		// common case: last character was not a '\n'
-		pos.Line = s.line
-		pos.Column = s.column
-	case s.lastLineLen > 0:
-		// last character was a '\n'
-		pos.Line = s.line - 1
-		pos.Column = s.lastLineLen
-	default:
-		// at the beginning of the source
-		pos.Line = 1
-		pos.Column = 1
-	}
-	return
-}
-
-// TokenText returns the string corresponding to the most recently scanned token.
-// Valid after calling Scan and in calls of Scanner.Error.
-func (s *Scanner) TokenText() string {
-	if s.tokPos < 0 {
-		// no token text
-		return ""
-	}
-
-	if s.tokEnd < s.tokPos {
-		// if EOF was reached, s.tokEnd is set to -1 (s.srcPos == 0)
-		s.tokEnd = s.tokPos
-	}
-	// s.tokEnd >= s.tokPos
-
-	if s.tokBuf.Len() == 0 {
-		// common case: the entire token text is still in srcBuf
-		return string(s.srcBuf[s.tokPos:s.tokEnd])
-	}
-
-	// part of the token text was saved in tokBuf: save the rest in
-	// tokBuf as well and return its content
-	s.tokBuf.Write(s.srcBuf[s.tokPos:s.tokEnd])
-	s.tokPos = s.tokEnd // ensure idempotency of TokenText() call
-	return s.tokBuf.String()
-}

From c49ee633d28995a88d514b87dd3809d84fdd9585 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 28 Feb 2023 11:32:26 +0100
Subject: [PATCH 0819/2268] fix: Don't consider objects as ready when the
 observedGeneration != generation (#340)

This fixes issues with Deployment objects being marked as ready right after
applying changes that would make in non-ready.
---
 pkg/utils/uo/k8s_fields.go   | 8 ++++++++
 pkg/validation/validation.go | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index 2758945b1..f97296dee 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -186,6 +186,14 @@ func (uo *UnstructuredObject) GetK8sAnnotationsWithRegex(r interface{}) map[stri
 	return ret
 }
 
+func (uo *UnstructuredObject) GetK8sGeneration() int64 {
+	ret, ok, _ := uo.GetNestedInt("metadata", "generation")
+	if !ok {
+		return -1
+	}
+	return ret
+}
+
 func (uo *UnstructuredObject) GetK8sResourceVersion() string {
 	ret, _, _ := uo.GetNestedString("metadata", "resourceVersion")
 	return ret
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 36cf3445e..36a034637 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -258,6 +258,12 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 		return i, nil
 	}
 
+	observedGeneration := getStatusFieldInt("observedGeneration", reactIgnore, false, -1)
+	if observedGeneration != -1 && observedGeneration != o.GetK8sGeneration() {
+		addNotReady("Waiting for reconciliation")
+		return
+	}
+
 	switch o.GetK8sGVK().GroupKind() {
 	case schema.GroupKind{Group: "", Kind: "Pod"}:
 		containerStatuses, _, err := status.GetNestedObjectList("containerStatuses")

From 6af108299f3ae3fbfc11310382fd95b8720c30de Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Mar 2023 15:19:50 +0100
Subject: [PATCH 0820/2268] fix: Also try to parse repo key without dummy
 scheme

---
 cmd/kluctl/commands/utils.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 35fa12bab..32f447dd3 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -239,13 +239,16 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	// we need to prepend a dummy scheme to the repo key so that it is properly parsed
-	dummyUrl := fmt.Sprintf("git://%s", sp[0])
-
-	u, err := git_url.Parse(dummyUrl)
+	u, err := git_url.Parse(sp[0])
 	if err != nil {
-		return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
+		// we need to prepend a dummy scheme to the repo key so that it is properly parsed
+		dummyUrl := fmt.Sprintf("git://%s", sp[0])
+		u, err = git_url.Parse(dummyUrl)
+		if err != nil {
+			return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
+		}
 	}
+
 	u = u.Normalize()
 	ret.RepoUrl = *u
 	ret.Override = sp[1]

From c712cf0b8516dad783ce88f49e67c4da06512f0a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Mar 2023 17:11:43 +0100
Subject: [PATCH 0821/2268] fix: Fix RemoveNestedField to properly delete slice
 elements (#353)

---
 pkg/utils/uo/nested_fields.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 7d3ce0afd..13560b767 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -62,7 +62,7 @@ func (uo *UnstructuredObject) RemoveNestedField(keys ...interface{}) error {
 				return nil
 			}
 			l = append(l[:i], l[i+1:]...)
-			return SetChild(o, i, l)
+			return uo.SetNestedField(l, keys[0:len(keys)-1]...)
 		} else {
 			return fmt.Errorf("key is not an index")
 		}

From 7dd2b430f74f6515f04e55fda376dc91c4c774f2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Mar 2023 17:31:52 +0100
Subject: [PATCH 0822/2268] refactor: Use private copy of giturls

---
 go.mod                               |   1 -
 go.sum                               |   2 -
 pkg/git/auth/git_credentials_file.go |   2 +-
 pkg/git/git-url/giturls/LICENSE      |  21 +++
 pkg/git/git-url/giturls/urls.go      | 150 +++++++++++++++++++
 pkg/git/git-url/giturls/urls_test.go | 215 +++++++++++++++++++++++++++
 pkg/git/git-url/url.go               |   2 +-
 7 files changed, 388 insertions(+), 5 deletions(-)
 create mode 100644 pkg/git/git-url/giturls/LICENSE
 create mode 100644 pkg/git/git-url/giturls/urls.go
 create mode 100644 pkg/git/git-url/giturls/urls_test.go

diff --git a/go.mod b/go.mod
index 683361d28..199e0bb85 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,6 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
-	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.6.0
 	golang.org/x/net v0.7.0
diff --git a/go.sum b/go.sum
index ca78af9e0..46b38de43 100644
--- a/go.sum
+++ b/go.sum
@@ -762,8 +762,6 @@ github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
-github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index eb1696075..3f66d4b45 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -5,8 +5,8 @@ import (
 	"context"
 	"github.com/fluxcd/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
-	giturls "github.com/whilp/git-urls"
 	"os"
 	"path/filepath"
 )
diff --git a/pkg/git/git-url/giturls/LICENSE b/pkg/git/git-url/giturls/LICENSE
new file mode 100644
index 000000000..2aa848db5
--- /dev/null
+++ b/pkg/git/git-url/giturls/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Will Maier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/pkg/git/git-url/giturls/urls.go b/pkg/git/git-url/giturls/urls.go
new file mode 100644
index 000000000..02341030a
--- /dev/null
+++ b/pkg/git/git-url/giturls/urls.go
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2014 Will Maier <wcmaier@m.aier.us>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+Package giturls parses Git URLs.
+
+These URLs include standard RFC 3986 URLs as well as special formats that
+are specific to Git. Examples are provided in the Git documentation at
+https://www.kernel.org/pub/software/scm/git/docs/git-clone.html.
+*/
+package giturls
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+	"strings"
+)
+
+var (
+	// scpSyntax was modified from https://golang.org/src/cmd/go/vcs.go.
+	scpSyntax = regexp.MustCompile(`^([a-zA-Z0-9_]+@)?([a-zA-Z0-9._-]+):([a-zA-Z0-9./._-]+)(?:\?||$)(.*)$`)
+
+	// Transports is a set of known Git URL schemes.
+	Transports = NewTransportSet(
+		"ssh",
+		"git",
+		"git+ssh",
+		"http",
+		"https",
+		"ftp",
+		"ftps",
+		"rsync",
+		"file",
+	)
+)
+
+// Parser converts a string into a URL.
+type Parser func(string) (*url.URL, error)
+
+// Parse parses rawurl into a URL structure. Parse first attempts to
+// find a standard URL with a valid Git transport as its scheme. If
+// that cannot be found, it then attempts to find a SCP-like URL. And
+// if that cannot be found, it assumes rawurl is a local path. If none
+// of these rules apply, Parse returns an error.
+func Parse(rawurl string) (u *url.URL, err error) {
+	parsers := []Parser{
+		ParseTransport,
+		ParseScp,
+		ParseLocal,
+	}
+
+	// Apply each parser in turn; if the parser succeeds, accept its
+	// result and return.
+	for _, p := range parsers {
+		u, err = p(rawurl)
+		if err == nil {
+			return u, err
+		}
+	}
+
+	// It's unlikely that none of the parsers will succeed, since
+	// ParseLocal is very forgiving.
+	return new(url.URL), fmt.Errorf("failed to parse %q", rawurl)
+}
+
+// ParseTransport parses rawurl into a URL object. Unless the URL's
+// scheme is a known Git transport, ParseTransport returns an error.
+func ParseTransport(rawurl string) (*url.URL, error) {
+	u, err := url.Parse(rawurl)
+	if err == nil && !Transports.Valid(u.Scheme) {
+		err = fmt.Errorf("scheme %q is not a valid transport", u.Scheme)
+	}
+	return u, err
+}
+
+// ParseScp parses rawurl into a URL object. The rawurl must be
+// an SCP-like URL, otherwise ParseScp returns an error.
+func ParseScp(rawurl string) (*url.URL, error) {
+	match := scpSyntax.FindAllStringSubmatch(rawurl, -1)
+	if len(match) == 0 {
+		return nil, fmt.Errorf("no scp URL found in %q", rawurl)
+	}
+	m := match[0]
+	user := strings.TrimRight(m[1], "@")
+	var userinfo *url.Userinfo
+	if user != "" {
+		userinfo = url.User(user)
+	}
+	rawquery := ""
+	if len(m) > 3 {
+		rawquery = m[4]
+	}
+	return &url.URL{
+		Scheme:   "ssh",
+		User:     userinfo,
+		Host:     m[2],
+		Path:     m[3],
+		RawQuery: rawquery,
+	}, nil
+}
+
+// ParseLocal parses rawurl into a URL object with a "file"
+// scheme. This will effectively never return an error.
+func ParseLocal(rawurl string) (*url.URL, error) {
+	return &url.URL{
+		Scheme: "file",
+		Host:   "",
+		Path:   rawurl,
+	}, nil
+}
+
+// TransportSet represents a set of valid Git transport schemes. It
+// maps these schemes to empty structs, providing a set-like
+// interface.
+type TransportSet struct {
+	Transports map[string]struct{}
+}
+
+// NewTransportSet returns a TransportSet with the items keys mapped
+// to empty struct values.
+func NewTransportSet(items ...string) *TransportSet {
+	t := &TransportSet{
+		Transports: map[string]struct{}{},
+	}
+	for _, i := range items {
+		t.Transports[i] = struct{}{}
+	}
+	return t
+}
+
+// Valid returns true if transport is a known Git URL scheme and false
+// if not.
+func (t *TransportSet) Valid(transport string) bool {
+	_, ok := t.Transports[transport]
+	return ok
+}
diff --git a/pkg/git/git-url/giturls/urls_test.go b/pkg/git/git-url/giturls/urls_test.go
new file mode 100644
index 000000000..4e3f6cb33
--- /dev/null
+++ b/pkg/git/git-url/giturls/urls_test.go
@@ -0,0 +1,215 @@
+package giturls
+
+import (
+	"net/url"
+	"reflect"
+	"strings"
+	"testing"
+)
+
+var tests []*Test
+
+type Test struct {
+	in      string
+	wantURL *url.URL
+	wantStr string // expected result of reserializing the URL; empty means same as "in".
+}
+
+func NewTest(in, transport, user, host, path, str, rawquery string) *Test {
+	var userinfo *url.Userinfo
+
+	if user != "" {
+		if strings.Contains(user, ":") {
+			username := strings.Split(user, ":")[0]
+			password := strings.Split(user, ":")[1]
+			userinfo = url.UserPassword(username, password)
+		} else {
+			userinfo = url.User(user)
+		}
+	}
+	if str == "" {
+		str = in
+	}
+
+	return &Test{
+		in: in,
+		wantURL: &url.URL{
+			Scheme:   transport,
+			Host:     host,
+			Path:     path,
+			User:     userinfo,
+			RawQuery: rawquery,
+		},
+		wantStr: str,
+	}
+}
+
+func init() {
+	// https://www.kernel.org/pub/software/scm/git/docs/git-clone.html
+	tests = []*Test{
+		NewTest(
+			"user@host.xz:path/to/repo.git/",
+			"ssh", "user", "host.xz", "path/to/repo.git/",
+			"ssh://user@host.xz/path/to/repo.git/", "",
+		),
+		NewTest(
+			"host.xz:path/to/repo.git/",
+			"ssh", "", "host.xz", "path/to/repo.git/",
+			"ssh://host.xz/path/to/repo.git/", "",
+		),
+		NewTest(
+			"host.xz:/path/to/repo.git/",
+			"ssh", "", "host.xz", "/path/to/repo.git/",
+			"ssh://host.xz/path/to/repo.git/", "",
+		),
+		NewTest(
+			"host.xz:path/to/repo-with_specials.git/",
+			"ssh", "", "host.xz", "path/to/repo-with_specials.git/",
+			"ssh://host.xz/path/to/repo-with_specials.git/", "",
+		),
+		NewTest(
+			"git://host.xz/path/to/repo.git/",
+			"git", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"git://host.xz:1234/path/to/repo.git/",
+			"git", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"http://host.xz/path/to/repo.git/",
+			"http", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"http://host.xz:1234/path/to/repo.git/",
+			"http", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"https://host.xz/path/to/repo.git/",
+			"https", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"https://host.xz:1234/path/to/repo.git/",
+			"https", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ftp://host.xz/path/to/repo.git/",
+			"ftp", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ftp://host.xz:1234/path/to/repo.git/",
+			"ftp", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ftps://host.xz/path/to/repo.git/",
+			"ftps", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ftps://host.xz:1234/path/to/repo.git/",
+			"ftps", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"rsync://host.xz/path/to/repo.git/",
+			"rsync", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ssh://user@host.xz:1234/path/to/repo.git/",
+			"ssh", "user", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ssh://host.xz:1234/path/to/repo.git/",
+			"ssh", "", "host.xz:1234", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"ssh://host.xz/path/to/repo.git/",
+			"ssh", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"git+ssh://host.xz/path/to/repo.git/",
+			"git+ssh", "", "host.xz", "/path/to/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"/path/to/repo.git/",
+			"file", "", "", "/path/to/repo.git/",
+			"file:///path/to/repo.git/", "",
+		),
+		NewTest(
+			"file:///path/to/repo.git/",
+			"file", "", "", "/path/to/repo.git/",
+			"", "",
+		),
+		// Tests with query strings
+		NewTest(
+			"https://host.xz/organization/repo.git?ref=",
+			"https", "", "host.xz", "/organization/repo.git",
+			"", "ref=",
+		),
+		NewTest(
+			"https://host.xz/organization/repo.git?ref=test",
+			"https", "", "host.xz", "/organization/repo.git",
+			"", "ref=test",
+		),
+		NewTest(
+			"https://host.xz/organization/repo.git?ref=feature/test",
+			"https", "", "host.xz", "/organization/repo.git",
+			"", "ref=feature/test",
+		),
+		NewTest(
+			"git@host.xz:organization/repo.git?ref=test",
+			"ssh", "git", "host.xz", "organization/repo.git",
+			"ssh://git@host.xz/organization/repo.git?ref=test", "ref=test",
+		),
+		NewTest(
+			"git@host.xz:organization/repo.git?ref=feature/test",
+			"ssh", "git", "host.xz", "organization/repo.git",
+			"ssh://git@host.xz/organization/repo.git?ref=feature/test", "ref=feature/test",
+		),
+		// Tests with user+password and some with query strings
+		NewTest(
+			"https://user:password@host.xz/organization/repo.git/",
+			"https", "user:password", "host.xz", "/organization/repo.git/",
+			"", "",
+		),
+		NewTest(
+			"https://user:password@host.xz/organization/repo.git?ref=test",
+			"https", "user:password", "host.xz", "/organization/repo.git",
+			"", "ref=test",
+		),
+		NewTest(
+			"https://user:password@host.xz/organization/repo.git?ref=feature/test",
+			"https", "user:password", "host.xz", "/organization/repo.git",
+			"", "ref=feature/test",
+		),
+	}
+}
+
+func TestParse(t *testing.T) {
+	for _, tt := range tests {
+		got, err := Parse(tt.in)
+		if err != nil {
+			t.Errorf("Parse(%q) = unexpected err %q, want %q", tt.in, err, tt.wantURL)
+			continue
+		}
+		if !reflect.DeepEqual(got, tt.wantURL) {
+			t.Errorf("Parse(%q) = %q, want %q", tt.in, got, tt.wantURL)
+		}
+		str := got.String()
+		if str != tt.wantStr {
+			t.Errorf("Parse(%q).String() = %q, want %q", tt.in, str, tt.wantStr)
+		}
+	}
+}
diff --git a/pkg/git/git-url/url.go b/pkg/git/git-url/url.go
index 727e8796f..5bf30d9ee 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/git/git-url/url.go
@@ -2,7 +2,7 @@ package git_url
 
 import (
 	"fmt"
-	giturls "github.com/whilp/git-urls"
+	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
 	"net/url"
 	"strings"
 )

From fa04e67501c32b5325b291fa1ee4fcb4f0a8f1e1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 6 Mar 2023 17:50:34 +0100
Subject: [PATCH 0823/2268] fix: Porperly parse SCP urls with ports

---
 pkg/git/git-url/giturls/urls.go      | 18 +++++++++++++-----
 pkg/git/git-url/giturls/urls_test.go |  5 +++++
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/pkg/git/git-url/giturls/urls.go b/pkg/git/git-url/giturls/urls.go
index 02341030a..3fa2ebe80 100644
--- a/pkg/git/git-url/giturls/urls.go
+++ b/pkg/git/git-url/giturls/urls.go
@@ -32,7 +32,7 @@ import (
 
 var (
 	// scpSyntax was modified from https://golang.org/src/cmd/go/vcs.go.
-	scpSyntax = regexp.MustCompile(`^([a-zA-Z0-9_]+@)?([a-zA-Z0-9._-]+):([a-zA-Z0-9./._-]+)(?:\?||$)(.*)$`)
+	scpSyntax = regexp.MustCompile(`^([a-zA-Z0-9_]+@)?([a-zA-Z0-9._-]+):([0-9]+/)?([a-zA-Z0-9./._-]+)(?:\?||$)(.*)$`)
 
 	// Transports is a set of known Git URL schemes.
 	Transports = NewTransportSet(
@@ -101,14 +101,22 @@ func ParseScp(rawurl string) (*url.URL, error) {
 		userinfo = url.User(user)
 	}
 	rawquery := ""
-	if len(m) > 3 {
-		rawquery = m[4]
+	if len(m) > 4 {
+		rawquery = m[5]
+	}
+	host := m[2]
+	path := m[4]
+	if m[3] != "" {
+		port := strings.TrimRight(m[3], "/")
+		host = fmt.Sprintf("%s:%s", host, port)
+		// host.xyz:1234/path/ only supports absolute paths
+		path = "/" + path
 	}
 	return &url.URL{
 		Scheme:   "ssh",
 		User:     userinfo,
-		Host:     m[2],
-		Path:     m[3],
+		Host:     host,
+		Path:     path,
 		RawQuery: rawquery,
 	}, nil
 }
diff --git a/pkg/git/git-url/giturls/urls_test.go b/pkg/git/git-url/giturls/urls_test.go
index 4e3f6cb33..0a8f2cfc7 100644
--- a/pkg/git/git-url/giturls/urls_test.go
+++ b/pkg/git/git-url/giturls/urls_test.go
@@ -67,6 +67,11 @@ func init() {
 			"ssh", "", "host.xz", "path/to/repo-with_specials.git/",
 			"ssh://host.xz/path/to/repo-with_specials.git/", "",
 		),
+		NewTest(
+			"host.xz:1234/path/to/repo-with_specials.git/",
+			"ssh", "", "host.xz:1234", "/path/to/repo-with_specials.git/",
+			"ssh://host.xz:1234/path/to/repo-with_specials.git/", "",
+		),
 		NewTest(
 			"git://host.xz/path/to/repo.git/",
 			"git", "", "host.xz", "/path/to/repo.git/",

From 61ad1ccaa5532249e6204fa6f1114bb31585a65f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Mar 2023 08:55:11 +0100
Subject: [PATCH 0824/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.1 to 1.27.2 (#341)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.1 to 1.27.2.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.1...v1.27.2)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 16 +++++++++-------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index 199e0bb85..ee6420223 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.1
+	github.com/onsi/gomega v1.27.2
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.4
@@ -221,10 +221,10 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/mod v0.7.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/oauth2 v0.3.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.5.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 46b38de43..238912823 100644
--- a/go.sum
+++ b/go.sum
@@ -301,6 +301,7 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
@@ -394,6 +395,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
@@ -623,9 +625,9 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
 github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.8.1 h1:xFTEVwOFa1D/Ty24Ws1npBWkDYEV9BqZrsDxVrVkrrU=
-github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754=
-github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw=
+github.com/onsi/ginkgo/v2 v2.8.4 h1:gf5mIQ8cLFieruNLAdgijHF1PYfLphKm2dxxcUtcqK0=
+github.com/onsi/gomega v1.27.2 h1:SKU0CXeKE/WVgIV1T61kSa3+IRE8Ekrv9rdXDwwTqnY=
+github.com/onsi/gomega v1.27.2/go.mod h1:5mR3phAHpkAVIDkHEUBY6HGVsU+cpcEscrGPB4oPlZI=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -868,8 +870,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
-golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1094,8 +1096,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
-golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From fbfdd91ea2f4a00f4849ea588993458986533ce2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Mar 2023 08:55:18 +0100
Subject: [PATCH 0825/2268] chore(deps): Bump k8s.io/api from 0.26.1 to 0.26.2
 (#342)

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index ee6420223..3dad10915 100644
--- a/go.mod
+++ b/go.mod
@@ -46,9 +46,9 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.1
-	k8s.io/api v0.26.1
+	k8s.io/api v0.26.2
 	k8s.io/apiextensions-apiserver v0.26.1
-	k8s.io/apimachinery v0.26.1
+	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.1
 	k8s.io/klog/v2 v2.90.0
 	sigs.k8s.io/kustomize/kyaml v0.13.9
diff --git a/go.sum b/go.sum
index 238912823..67a41d297 100644
--- a/go.sum
+++ b/go.sum
@@ -1262,12 +1262,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ=
-k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg=
+k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
+k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
 k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=
 k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM=
-k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ=
-k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
+k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
+k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
 k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc=
 k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=

From 731f36fa22fbc80bf565b3c6b32d35bbd1b12f86 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Mar 2023 08:55:28 +0100
Subject: [PATCH 0826/2268] chore(deps): Bump k8s.io/apimachinery from 0.26.1
 to 0.26.2 (#344)

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

From cf467677c7ee999ca9f91190e42953480cf86077 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Mar 2023 09:10:08 +0100
Subject: [PATCH 0827/2268] chore(deps): Bump k8s.io/client-go from 0.26.1 to
 0.26.2 (#343)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3dad10915..bf1c2e2b5 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	k8s.io/api v0.26.2
 	k8s.io/apiextensions-apiserver v0.26.1
 	k8s.io/apimachinery v0.26.2
-	k8s.io/client-go v0.26.1
+	k8s.io/client-go v0.26.2
 	k8s.io/klog/v2 v2.90.0
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
diff --git a/go.sum b/go.sum
index 67a41d297..e06dde8c9 100644
--- a/go.sum
+++ b/go.sum
@@ -1272,8 +1272,8 @@ k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc=
 k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
-k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU=
-k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE=
+k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
+k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
 k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4=
 k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU=
 k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=

From c0119ecf2a8a2e289c0ec7d7ace94b925af08fea Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mathias.gebbe@gmail.com>
Date: Tue, 7 Mar 2023 10:00:19 +0100
Subject: [PATCH 0828/2268] doc: link to target discriminator gives a 404
 (#354)

update link to `target discriminator` target page
---
 docs/reference/kluctl-project/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/kluctl-project/README.md b/docs/reference/kluctl-project/README.md
index 7c786c498..e6c3186d2 100644
--- a/docs/reference/kluctl-project/README.md
+++ b/docs/reference/kluctl-project/README.md
@@ -49,7 +49,7 @@ args:
 Specifies a default discriminator template to be used for targets that don't have
 their own discriminator specified.
 
-See [target discriminator](./targets/README.md#discriminator) for details.
+See [target discriminator](./targets/#discriminator) for details.
 
 ### targets
 

From bb32a90767ddb52bb686be83a372669cb32c9fc9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Mar 2023 09:14:02 +0100
Subject: [PATCH 0829/2268] fix: Trim spaces when extracting hook annotations
 (#359)

---
 pkg/deployment/utils/hooks_util.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 6ebcd928f..6dba39f65 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -149,6 +149,7 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 			return ret
 		}
 		for _, x := range strings.Split(*a, ",") {
+			x = strings.TrimSpace(x)
 			if x != "" {
 				ret[x] = true
 			}

From e46ca90da9c29a591bf2415c389e15a713bcc108 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 10 Mar 2023 12:07:06 +0100
Subject: [PATCH 0830/2268] fix: Upgrade go-jinja2 to get in fixes for to_yaml
 and get_var (#360)

---
 go.mod |  6 +++---
 go.sum | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index bf1c2e2b5..65e8f5caf 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647
+	github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
@@ -60,7 +60,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.17.5
 	github.com/aws/aws-sdk-go-v2/config v1.18.15
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6
-	github.com/go-git/go-git/v5 v5.5.2
+	github.com/go-git/go-git/v5 v5.6.0
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -193,7 +193,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pjbgf/sha1cd v0.2.3 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
diff --git a/go.sum b/go.sum
index e06dde8c9..b82cee1bb 100644
--- a/go.sum
+++ b/go.sum
@@ -267,8 +267,8 @@ github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8
 github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw=
-github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4BlxtH7OjI=
+github.com/go-git/go-git/v5 v5.6.0 h1:JvBdYfcttd+0kdpuWO7KTu0FYgCf5W0t5VwkWGobaa4=
+github.com/go-git/go-git/v5 v5.6.0/go.mod h1:6nmJ0tJ3N4noMV1Omv7rC5FG3/o8Cm51TB4CJp7mRmE=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -513,8 +513,8 @@ github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7y
 github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647 h1:H7qN4RcRsFX6OuKn2La0ueu0nSFE9uPI/AMcgF5fXi8=
-github.com/kluctl/go-jinja2 v0.0.0-20230206202229-6e5a9f576647/go.mod h1:oGEuC0taLwg20ORdSN7cdrN4rook79mJJ01QZIU858U=
+github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a h1:48Mz5ZZmv64Pg/cKR4nIo3Ry49Hqs5YggLPGju0e8PU=
+github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a/go.mod h1:qMY3lmIUPcCfjj5fZm39j+h7FilaqaQFYAze19xG0Dw=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
@@ -599,6 +599,7 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
@@ -648,8 +649,9 @@ github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
-github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI=
 github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
+github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
@@ -813,6 +815,7 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -870,6 +873,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1096,6 +1100,7 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1287,6 +1292,7 @@ k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
 oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/controller-runtime v0.14.4 h1:Kd/Qgx5pd2XUL08eOV2vwIq3L9GhIbJ5Nxengbd4/0M=

From 55858276cc952d6d28ff3a8535e2d3e852275780 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Mar 2023 22:53:21 +0100
Subject: [PATCH 0831/2268] chore(deps): Bump github.com/fluxcd/pkg/kustomize
 from 0.13.1 to 0.13.2 (#355)

Bumps [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/fluxcd/pkg/releases)
- [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.13.1...runtime/v0.13.2)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 65e8f5caf..de2232db8 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/docker/distribution v2.8.1+incompatible
 	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
 	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
-	github.com/fluxcd/pkg/kustomize v0.13.1
+	github.com/fluxcd/pkg/kustomize v0.13.2
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -47,7 +47,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.1
 	k8s.io/api v0.26.2
-	k8s.io/apiextensions-apiserver v0.26.1
+	k8s.io/apiextensions-apiserver v0.26.2
 	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.2
 	k8s.io/klog/v2 v2.90.0
@@ -67,7 +67,7 @@ require (
 	github.com/onsi/gomega v1.27.2
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	sigs.k8s.io/controller-runtime v0.14.4
+	sigs.k8s.io/controller-runtime v0.14.5
 	sigs.k8s.io/kustomize/api v0.12.1
 	sigs.k8s.io/yaml v1.3.0
 )
@@ -236,9 +236,9 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
-	k8s.io/apiserver v0.26.1 // indirect
+	k8s.io/apiserver v0.26.2 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
-	k8s.io/component-base v0.26.1 // indirect
+	k8s.io/component-base v0.26.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
diff --git a/go.sum b/go.sum
index b82cee1bb..cebd71946 100644
--- a/go.sum
+++ b/go.sum
@@ -248,8 +248,8 @@ github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47
 github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0 h1:A6aLolxPV2Sll44SOHiX96lbXXmRZmS5BoEerkRHrfM=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJkswhYIaufXla4tB5Y84=
-github.com/fluxcd/pkg/kustomize v0.13.1 h1:xfDghn/kRaa5vYN64dLTAL1b1B1tDwcXlnOAqmz5W28=
-github.com/fluxcd/pkg/kustomize v0.13.1/go.mod h1:W+Nm9P8yUhTb8n3hpvceUnCAjl6DFsU0k5yI+HT2NE8=
+github.com/fluxcd/pkg/kustomize v0.13.2 h1:isA9yi+m7sSIxdTrFR1U7+LyS2BraG07ZkKLHw3bnGo=
+github.com/fluxcd/pkg/kustomize v0.13.2/go.mod h1:1H9qednPxL/JvZE5at/f6wVHTH4WmxJYqfgVOZJ3uAk=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -1269,18 +1269,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
 k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
-k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI=
-k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM=
+k8s.io/apiextensions-apiserver v0.26.2 h1:/yTG2B9jGY2Q70iGskMf41qTLhL9XeNN2KhI0uDgwko=
+k8s.io/apiextensions-apiserver v0.26.2/go.mod h1:Y7UPgch8nph8mGCuVk0SK83LnS8Esf3n6fUBgew8SH8=
 k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
 k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/apiserver v0.26.1 h1:6vmnAqCDO194SVCPU3MU8NcDgSqsUA62tBUSWrFXhsc=
-k8s.io/apiserver v0.26.1/go.mod h1:wr75z634Cv+sifswE9HlAo5FQ7UoUauIICRlOE+5dCg=
+k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o=
+k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
 k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
 k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
-k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4=
-k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU=
+k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI=
+k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs=
 k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=
 k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 h1:8cNCQs+WqqnSpZ7y0LMQPKD+RZUHU17VqLPMW3qxnxc=
@@ -1295,8 +1295,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.14.4 h1:Kd/Qgx5pd2XUL08eOV2vwIq3L9GhIbJ5Nxengbd4/0M=
-sigs.k8s.io/controller-runtime v0.14.4/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
+sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s=
+sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From ee89808f5be927d2be573031fac8a1645504893d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Mar 2023 22:53:38 +0100
Subject: [PATCH 0832/2268] chore(deps): Bump k8s.io/apiextensions-apiserver
 from 0.26.1 to 0.26.2 (#356)

Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

From 67fdb4bd514bbab0e67a1262134a89ee96997394 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Mar 2023 22:53:54 +0100
Subject: [PATCH 0833/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.14.4 to 0.14.5 (#357)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.4 to 0.14.5.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.4...v0.14.5)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

From b47e54319701d7571970a17308a6784cb3b49d07 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 Mar 2023 22:54:32 +0100
Subject: [PATCH 0834/2268] chore(deps): Bump golang.org/x/sys from 0.5.0 to
 0.6.0 (#358)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index de2232db8..098fbc2bc 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/crypto v0.6.0
 	golang.org/x/net v0.7.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.5.0
+	golang.org/x/sys v0.6.0
 	golang.org/x/term v0.5.0
 	golang.org/x/text v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index cebd71946..0d0c2b615 100644
--- a/go.sum
+++ b/go.sum
@@ -1019,8 +1019,8 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 9aeb4b82bbcfa60c1ea580bcd1eedfc6ddc28a3d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Mar 2023 09:41:57 +0100
Subject: [PATCH 0835/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.2 to 1.27.3 (#361)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.2 to 1.27.3.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.2...v1.27.3)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 098fbc2bc..9951c665a 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.2
+	github.com/onsi/gomega v1.27.3
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
@@ -140,7 +140,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
diff --git a/go.sum b/go.sum
index 0d0c2b615..df06a4abd 100644
--- a/go.sum
+++ b/go.sum
@@ -352,8 +352,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -626,9 +627,9 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
 github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.8.4 h1:gf5mIQ8cLFieruNLAdgijHF1PYfLphKm2dxxcUtcqK0=
-github.com/onsi/gomega v1.27.2 h1:SKU0CXeKE/WVgIV1T61kSa3+IRE8Ekrv9rdXDwwTqnY=
-github.com/onsi/gomega v1.27.2/go.mod h1:5mR3phAHpkAVIDkHEUBY6HGVsU+cpcEscrGPB4oPlZI=
+github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8=
+github.com/onsi/gomega v1.27.3 h1:5VwIwnBY3vbBDOJrNtA4rVdiTZCsq9B5F12pvy1Drmk=
+github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

From c3d59bcea4b4dbae1292dc6957e65d1906c00167 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Mar 2023 09:42:58 +0100
Subject: [PATCH 0836/2268] chore(deps): Bump golang.org/x/crypto from 0.6.0 to
 0.7.0 (#362)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 9951c665a..a91a277e2 100644
--- a/go.mod
+++ b/go.mod
@@ -37,12 +37,12 @@ require (
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.6.0
-	golang.org/x/net v0.7.0
+	golang.org/x/crypto v0.7.0
+	golang.org/x/net v0.8.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.6.0
-	golang.org/x/term v0.5.0
-	golang.org/x/text v0.7.0
+	golang.org/x/term v0.6.0
+	golang.org/x/text v0.8.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.1
diff --git a/go.sum b/go.sum
index df06a4abd..4c9aef3c8 100644
--- a/go.sum
+++ b/go.sum
@@ -836,8 +836,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -922,8 +922,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1028,8 +1028,8 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1040,8 +1040,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From faeff0802b242285e34d20e922fcaafc847dbcf2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Mar 2023 11:15:32 +0100
Subject: [PATCH 0837/2268] chore(deps): Bump helm.sh/helm/v3 from 3.11.1 to
 3.11.2 (#364)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.11.1...v3.11.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 +--
 go.sum | 94 ++++++++++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 81 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index a91a277e2..db9644015 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	golang.org/x/text v0.8.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.11.1
+	helm.sh/helm/v3 v3.11.2
 	k8s.io/api v0.26.2
 	k8s.io/apiextensions-apiserver v0.26.2
 	k8s.io/apimachinery v0.26.2
@@ -201,7 +201,7 @@ require (
 	github.com/prometheus/common v0.39.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
-	github.com/rubenv/sql-migrate v1.2.0 // indirect
+	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
diff --git a/go.sum b/go.sum
index 4c9aef3c8..6df32aa4c 100644
--- a/go.sum
+++ b/go.sum
@@ -75,13 +75,12 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
-github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
+github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
@@ -95,6 +94,7 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
+github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
@@ -105,8 +105,10 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
@@ -184,8 +186,13 @@ github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLo
 github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
@@ -198,6 +205,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
@@ -240,6 +249,7 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
@@ -251,6 +261,8 @@ github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJks
 github.com/fluxcd/pkg/kustomize v0.13.2 h1:isA9yi+m7sSIxdTrFR1U7+LyS2BraG07ZkKLHw3bnGo=
 github.com/fluxcd/pkg/kustomize v0.13.2/go.mod h1:1H9qednPxL/JvZE5at/f6wVHTH4WmxJYqfgVOZJ3uAk=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
@@ -272,7 +284,7 @@ github.com/go-git/go-git/v5 v5.6.0/go.mod h1:6nmJ0tJ3N4noMV1Omv7rC5FG3/o8Cm51TB4
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gorp/gorp/v3 v3.0.2/go.mod h1:BJ3q1ejpV8cVALtcXvXaXyTOlMmJhWDxTmncaR6rwBY=
+github.com/go-gorp/gorp/v3 v3.0.5/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -296,8 +308,6 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
 github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
-github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -314,6 +324,7 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
@@ -323,6 +334,7 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -373,6 +385,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -415,6 +428,7 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORR
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -422,6 +436,9 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
@@ -493,6 +510,7 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -508,6 +526,7 @@ github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
@@ -523,7 +542,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -537,11 +558,11 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6Fm
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
@@ -556,11 +577,14 @@ github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kN
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -570,16 +594,15 @@ github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mN
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
+github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
+github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -623,9 +646,12 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
+github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
 github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8=
 github.com/onsi/gomega v1.27.3 h1:5VwIwnBY3vbBDOJrNtA4rVdiTZCsq9B5F12pvy1Drmk=
@@ -644,6 +670,7 @@ github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT9
 github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
 github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
@@ -666,9 +693,12 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
+github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
@@ -678,27 +708,33 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
 github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
 github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rubenv/sql-migrate v1.2.0 h1:fOXMPLMd41sK7Tg75SXDec15k3zg5WNV6SjuDRiNfcU=
-github.com/rubenv/sql-migrate v1.2.0/go.mod h1:Z5uVnq7vrIrPmHbVFfR4YLHRZquxeHpckCnRq0P/K9Y=
+github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
+github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -723,21 +759,27 @@ github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ys
 github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
 github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
 github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
@@ -762,6 +804,8 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/urfave/cli v1.22.7 h1:aXiFAgRugfJ27UFDsGJ9DB2FvTC73hlVXFSqq5bo9eU=
 github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
@@ -777,8 +821,10 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
 github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -789,7 +835,7 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
@@ -809,11 +855,14 @@ go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA=
 go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
@@ -836,6 +885,7 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -882,12 +932,14 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -922,6 +974,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -956,8 +1009,10 @@ golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1017,9 +1072,11 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1028,6 +1085,7 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1040,6 +1098,7 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1047,6 +1106,7 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1081,6 +1141,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200313205530-4303120df7d8/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -1190,6 +1251,7 @@ google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqd
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -1239,10 +1301,12 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1259,8 +1323,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
 gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
-helm.sh/helm/v3 v3.11.1 h1:cmL9fFohOoNQf+wnp2Wa0OhNFH0KFnSzEkVxi3fcc3I=
-helm.sh/helm/v3 v3.11.1/go.mod h1:z/Bu/BylToGno/6dtNGuSmjRqxKq5gaH+FU0BPO+AQ8=
+helm.sh/helm/v3 v3.11.2 h1:P3cLaFxfoxaGLGJVnoPrhf1j86LC5EDINSpYSpMUkkA=
+helm.sh/helm/v3 v3.11.2/go.mod h1:Hw+09mfpDiRRKAgAIZlFkPSeOkvv7Acl5McBvQyNPVw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From f8d707b3de53ac284eb7d29104743a6dcce6d739 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 08:43:32 +0100
Subject: [PATCH 0838/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.3 to 1.27.4 (#370)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.3 to 1.27.4.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.3...v1.27.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 14 +++++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index db9644015..1d983cdc1 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.3
+	github.com/onsi/gomega v1.27.4
 	github.com/otiai10/copy v1.9.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
@@ -221,10 +221,10 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/oauth2 v0.3.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/tools v0.7.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 6df32aa4c..5013129ba 100644
--- a/go.sum
+++ b/go.sum
@@ -653,9 +653,9 @@ github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
 github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8=
-github.com/onsi/gomega v1.27.3 h1:5VwIwnBY3vbBDOJrNtA4rVdiTZCsq9B5F12pvy1Drmk=
-github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw=
+github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
+github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
+github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -925,8 +925,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
+golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1163,8 +1163,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From d80d25daeedd87a0993f5afc42dc5b96c4dd5066 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 08:43:46 +0100
Subject: [PATCH 0839/2268] chore(deps): Bump k8s.io/klog/v2 from 2.90.0 to
 2.90.1 (#371)

Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.0 to 2.90.1.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.90.0...v2.90.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1d983cdc1..55cc0c6d8 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.26.2
 	k8s.io/apimachinery v0.26.2
 	k8s.io/client-go v0.26.2
-	k8s.io/klog/v2 v2.90.0
+	k8s.io/klog/v2 v2.90.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
diff --git a/go.sum b/go.sum
index 5013129ba..c5ee9e088 100644
--- a/go.sum
+++ b/go.sum
@@ -1346,8 +1346,8 @@ k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
 k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
 k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI=
 k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs=
-k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=
-k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 h1:8cNCQs+WqqnSpZ7y0LMQPKD+RZUHU17VqLPMW3qxnxc=
 k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=

From 6cc003b102a3067226aae523608e5725c18844d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Mar 2023 08:44:07 +0100
Subject: [PATCH 0840/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#376)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.15 to 1.18.18.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.15...config/v1.18.18)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 41 ++++++++++++++++++++++-------------------
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 55cc0c6d8..0496161c6 100644
--- a/go.mod
+++ b/go.mod
@@ -57,8 +57,8 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/aws/aws-sdk-go-v2 v1.17.5
-	github.com/aws/aws-sdk-go-v2/config v1.18.15
+	github.com/aws/aws-sdk-go-v2 v1.17.6
+	github.com/aws/aws-sdk-go-v2/config v1.18.18
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6
 	github.com/go-git/go-git/v5 v5.6.0
 	github.com/go-logr/logr v1.2.3
@@ -93,16 +93,16 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.15 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.17 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index c5ee9e088..d11adf871 100644
--- a/go.sum
+++ b/go.sum
@@ -114,34 +114,37 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.5 h1:TzCUW1Nq4H8Xscph5M/skINUitxM5UBAyvm2s7XBzL4=
 github.com/aws/aws-sdk-go-v2 v1.17.5/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.15 h1:509yMO0pJUGUugBP2H9FOFyV+7Mz7sRR+snfDN5W4NY=
-github.com/aws/aws-sdk-go-v2/config v1.18.15/go.mod h1:vS0tddZqpE8cD9CyW0/kITHF5Bq2QasW9Y1DFHD//O0=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.15 h1:0rZQIi6deJFjOEgHI9HI2eZcLPPEGQPictX66oRFLL8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.15/go.mod h1:vRMLMD3/rXU+o6j2MW5YefrGMBmdTvkLLGqFwMLBHQc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23 h1:Kbiv9PGnQfG/imNI4L/heyUXvzKmcWSBeDvkrQz5pFc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.23/go.mod h1:mOtmAg65GT1HIL/HT/PynwPbS+UG0BgCZ6vhkPqnxWo=
+github.com/aws/aws-sdk-go-v2 v1.17.6 h1:Y773UK7OBqhzi5VDXMi1zVGsoj+CVHs2eaC2bDsLwi0=
+github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.18 h1:/ePABXvXl3ESlzUGnkkvvNnRFw3Gh13dyqaq0Qo3JcU=
+github.com/aws/aws-sdk-go-v2/config v1.18.18/go.mod h1:Lj3E7XcxJnxMa+AYo89YiL68s1cFJRGduChynYU67VA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.17 h1:IubQO/RNeIVKF5Jy77w/LfUvmmCxTnk2TP1UZZIMiF4=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.17/go.mod h1:K9xeFo1g/YPMguMUD69YpwB4Nyi6W/5wn706xIInJFg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 h1:/2Cb3SK3xVOQA7Xfr5nCWCo5H3UiNINtsVvVdk8sQqA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0/go.mod h1:neYVaeKr5eT7BzwULuG2YbLhzWZ22lpjKdCybR7AXrQ=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29 h1:9/aKwwus0TQxppPXFmf010DFrE+ssSbzroLVYINA+xE=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29/go.mod h1:Dip3sIGv485+xerzVv24emnjX5Sg88utCL8fwGmCeWg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 h1:y+8n9AGDjikyXoMBTRaHHHSaFEB8267ykmvyPodJfys=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23 h1:b/Vn141DBuLVgXbhRWIrl9g+ww7G+ScV5SzniWR13jQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23/go.mod h1:mr6c4cHC+S/MMkrjtSlG4QA36kOznDep+0fga5L/fGQ=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30 h1:IVx9L7YFhpPq0tTnGo8u8TpluFu7nAn9X3sUDMb11c0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.30/go.mod h1:vsbq62AOBwQ1LJ/GWKFxX8beUEYeRp/Agitrxee2/qM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23 h1:QoOybhwRfciWUBbZ0gp9S7XaDnCuSTeK/fySB99V1ls=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.23/go.mod h1:9uPh+Hrz2Vn6oMnQYiUi/zbh3ovbnQk19YKINkQny44=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 h1:r+Kv+SEJquhAZXaJ7G4u44cIwXV3f8K+N482NNAzJZA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 h1:hf+Vhp5WtTdcSdE+yEcUz8L73sAzN0R+0jQv+Z51/mI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31/go.mod h1:5zUjguZfG5qjhG9/wqmuyHRyUftl2B5Cp6NNxNC6kRA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCHav6viBwiyDns3OXqhqAbGjfIB4uVu2ayhk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6 h1:VjvQw/1Qf/rhDSl+NNOeybSpdPRjBfH60//5vzveVsY=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6/go.mod h1:CJcdJtrO6ulXfI8l2DotKWmJShhXHCEcd9Wibyx3kC0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.4 h1:qJdM48OOLl1FBSzI7ZrA1ZfLwOyCYqkXV5lko1hYDBw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.4/go.mod h1:jtLIhd+V+lft6ktxpItycqHqiVXrPIRjWIsFIlzMriw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4 h1:YRkWXQveFb0tFC0TLktmmhGsOcCgLwvq88MC2al47AA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.4/go.mod h1:zVwRrfdSmbRZWkUkWjOItY7SOalnFnq/Yg2LVPqDjwc=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.5 h1:L1600eLr0YvTT7gNh3Ni24yGI7NSHkq9Gp62vijPRCs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.5/go.mod h1:1mKZHLLpDMHTNSYPJ7qrcnCQdHCWsNQaT0xRvq2u80s=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 h1:bdKIX6SVF3nc3xJFw6Nf0igzS6Ff/louGq8Z6VP/3Hs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.5/go.mod h1:vuWiaDB30M/QTC+lI3Wj6S/zb7tpUK2MSYgy3Guh2L0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 h1:xLPZMyuZ4GuqRCIec/zWuIhRFPXh2UOJdLXBSi64ZWQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5/go.mod h1:QjxpHmCwAg0ESGtPQnLIVp7SedTOBMYy+Slr3IfMKeI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 h1:rIFn5J3yDoeuKCE9sESXqM5POTAhOP1du3bv/qTL+tE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.6/go.mod h1:48WJ9l3dwP0GSHWGc5sFGGlCkuA82Mc2xnw+T6Q8aDw=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 794a68238db95966ce9273398aed81a2e5775926 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Mar 2023 08:54:23 +0100
Subject: [PATCH 0841/2268] chore(deps): Bump actions/setup-go from 3 to 4
 (#377)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/cross-compile.yaml | 2 +-
 .github/workflows/release.yml        | 2 +-
 .github/workflows/tests.yml          | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/cross-compile.yaml b/.github/workflows/cross-compile.yaml
index 6b96e9f56..e9651b820 100644
--- a/.github/workflows/cross-compile.yaml
+++ b/.github/workflows/cross-compile.yaml
@@ -14,7 +14,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: '1.19'
       - uses: actions/cache@v3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b18a49db0..5289b22a7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Fetch all tags
         run: git fetch --force --tags
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: 1.19
       - name: Setup QEMU
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 5e3e4cc83..e23e52c2b 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: '1.19'
       - uses: actions/cache@v3
@@ -56,7 +56,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: '1.19'
       - uses: actions/cache@v3

From fcbe7896975882d1d36ad17b0291e40416dba664 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Mar 2023 08:55:06 +0100
Subject: [PATCH 0842/2268] chore(deps): Bump github.com/imdario/mergo from
 0.3.13 to 0.3.14 (#379)

Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from 0.3.13 to 0.3.14.
- [Release notes](https://github.com/imdario/mergo/releases)
- [Commits](https://github.com/imdario/mergo/compare/v0.3.13...v0.3.14)

---
updated-dependencies:
- dependency-name: github.com/imdario/mergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 0496161c6..52010cc19 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/google/go-containerregistry v0.13.0
 	github.com/hashicorp/vault/api v1.9.0
 	github.com/hexops/gotextdiff v1.0.3
-	github.com/imdario/mergo v0.3.13
+	github.com/imdario/mergo v0.3.14
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
diff --git a/go.sum b/go.sum
index d11adf871..f29c11df0 100644
--- a/go.sum
+++ b/go.sum
@@ -497,8 +497,9 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/imdario/mergo v0.3.14 h1:fOqeC1+nCuuk6PKQdg9YmosXX7Y7mHX6R/0ZldI9iHo=
+github.com/imdario/mergo v0.3.14/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=

From eff52e78069417dba7ddf70813da7c9cd08faa53 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Mar 2023 08:59:11 +0100
Subject: [PATCH 0843/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.6.0 to 5.6.1 (#380)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.6.0...v5.6.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 17 ++++++++++++-----
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 52010cc19..73986b291 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.17.6
 	github.com/aws/aws-sdk-go-v2/config v1.18.18
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6
-	github.com/go-git/go-git/v5 v5.6.0
+	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -90,8 +90,8 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
-	github.com/acomagu/bufpipe v1.0.3 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.17 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 // indirect
diff --git a/go.sum b/go.sum
index f29c11df0..de7843866 100644
--- a/go.sum
+++ b/go.sum
@@ -91,14 +91,16 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B
 github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I=
 github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk=
 github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
+github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
+github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
@@ -277,13 +279,12 @@ github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3Bop
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.6.0 h1:JvBdYfcttd+0kdpuWO7KTu0FYgCf5W0t5VwkWGobaa4=
-github.com/go-git/go-git/v5 v5.6.0/go.mod h1:6nmJ0tJ3N4noMV1Omv7rC5FG3/o8Cm51TB4CJp7mRmE=
+github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
+github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -890,6 +891,7 @@ golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -979,6 +981,8 @@ golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1081,6 +1085,7 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1090,6 +1095,7 @@ golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1103,6 +1109,7 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From b246b80498009865eaebf21d8811689d4737a274 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 10:05:27 +0100
Subject: [PATCH 0844/2268] fix: Switch back to official go-git version

---
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 e2e/helm_test.go                       |  4 ++--
 e2e/test-utils/project.go              |  2 +-
 go.mod                                 |  2 --
 pkg/git/auth/auth_provider.go          |  4 ++--
 pkg/git/auth/git_credentials_file.go   |  2 +-
 pkg/git/auth/list_auth_provider.go     |  4 ++--
 pkg/git/list_refs.go                   | 10 +++++-----
 pkg/git/mirrored_repo.go               |  8 ++++----
 pkg/git/poor_mans_clone.go             |  4 ++--
 pkg/git/ssh-pool/hostport.go           |  2 +-
 pkg/git/test_git_server.go             |  2 +-
 pkg/git/utils.go                       |  2 +-
 pkg/vars/vars_loader_test.go           |  4 ++--
 14 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 82ce4c2f8..34b75ccf8 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5/plumbing/format/index"
 	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/format/index"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 848645507..a3c8ae976 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -2,8 +2,8 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
-	"github.com/fluxcd/go-git/v5/plumbing/object"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index dc1c5daee..ae402a1b9 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
+	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
diff --git a/go.mod b/go.mod
index 73986b291..d51f94ac4 100644
--- a/go.mod
+++ b/go.mod
@@ -9,8 +9,6 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.19.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	// See https://github.com/fluxcd/pkg/issues/397, especially in regard to skeema/knownhosts breaking compatibility
-	github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df
 	github.com/fluxcd/pkg/kustomize v0.13.2
 	github.com/go-playground/validator/v10 v10.11.2
 	github.com/gobwas/glob v0.2.3 // indirect
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 18809899a..ab2607dba 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -3,8 +3,8 @@ package auth
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5/plumbing/transport"
-	ssh2 "github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
+	"github.com/go-git/go-git/v5/plumbing/transport"
+	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"golang.org/x/crypto/ssh"
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 3f66d4b45..bf754be36 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"bufio"
 	"context"
-	"github.com/fluxcd/go-git/v5/plumbing/transport/http"
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index c6876027e..0e2d2b453 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -2,8 +2,8 @@ package auth
 
 import (
 	"context"
-	"github.com/fluxcd/go-git/v5/plumbing/transport/http"
-	"github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	ssh2 "golang.org/x/crypto/ssh"
diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
index a4a8bb7d5..735234d6b 100644
--- a/pkg/git/list_refs.go
+++ b/pkg/git/list_refs.go
@@ -4,11 +4,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
-	"github.com/fluxcd/go-git/v5/config"
-	"github.com/fluxcd/go-git/v5/plumbing"
-	"github.com/fluxcd/go-git/v5/plumbing/protocol/packp"
-	"github.com/fluxcd/go-git/v5/storage/memory"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
+	"github.com/go-git/go-git/v5/storage/memory"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index e1642cdb9..10e2e805c 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -5,10 +5,10 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
-	"github.com/fluxcd/go-git/v5/config"
-	"github.com/fluxcd/go-git/v5/plumbing"
-	"github.com/fluxcd/go-git/v5/plumbing/object"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
diff --git a/pkg/git/poor_mans_clone.go b/pkg/git/poor_mans_clone.go
index 9804cab66..975112564 100644
--- a/pkg/git/poor_mans_clone.go
+++ b/pkg/git/poor_mans_clone.go
@@ -1,8 +1,8 @@
 package git
 
 import (
-	"github.com/fluxcd/go-git/v5"
-	"github.com/fluxcd/go-git/v5/config"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
 	cp "github.com/otiai10/copy"
 	"os"
 	"path/filepath"
diff --git a/pkg/git/ssh-pool/hostport.go b/pkg/git/ssh-pool/hostport.go
index d4e314ae0..4ca5c5cc7 100644
--- a/pkg/git/ssh-pool/hostport.go
+++ b/pkg/git/ssh-pool/hostport.go
@@ -2,7 +2,7 @@ package ssh_pool
 
 import (
 	"fmt"
-	"github.com/fluxcd/go-git/v5/plumbing/transport/ssh"
+	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"strconv"
 )
 
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index ed737c2ff..3e87f6531 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -11,7 +11,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/fluxcd/go-git/v5"
+	"github.com/go-git/go-git/v5"
 	"github.com/jinzhu/copier"
 	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
 	"gopkg.in/yaml.v3"
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index 121bca567..f007fa3ee 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -2,7 +2,7 @@ package git
 
 import (
 	"fmt"
-	"github.com/fluxcd/go-git/v5"
+	"github.com/go-git/go-git/v5"
 	"os"
 	"path/filepath"
 )
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 1764788de..64b8ba404 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -12,8 +12,8 @@ import (
 	"strings"
 	"testing"
 
-	git2 "github.com/fluxcd/go-git/v5"
-	"github.com/fluxcd/go-git/v5/plumbing"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"

From 86335fd767854e3f94ec1c3f98a48d177a6bdb10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 10:05:49 +0100
Subject: [PATCH 0845/2268] fix: Properly handle HostKeyAlgorithms calls

---
 pkg/git/auth/ssh_known_hosts.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/pkg/git/auth/ssh_known_hosts.go b/pkg/git/auth/ssh_known_hosts.go
index ec375b1f2..4543bad6c 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/pkg/git/auth/ssh_known_hosts.go
@@ -1,10 +1,12 @@
 package auth
 
 import (
+	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
 	"net"
 	"os"
 	"path/filepath"
@@ -72,6 +74,24 @@ func verifyHost(messageCallbacks messages.MessageCallbacks, host string, remote
 		files = append(files, tmpFile.Name())
 	}
 
+	if key.Type() == "fake-public-key" {
+		// this makes us compatible to knownhosts.HostKeyAlgorithms which calls us with a fake public key and expects us
+		// to return all known keys
+		var keyErr knownhosts.KeyError
+		for _, f := range files {
+			hostFound, err := goph.CheckKnownHost(host, remote, key, f)
+			if hostFound && err == nil {
+				return fmt.Errorf("fake-public-key was unexpectadly found")
+			}
+			var tmpKeyErr *knownhosts.KeyError
+			if !errors.As(err, &tmpKeyErr) {
+				return fmt.Errorf("CheckKnownHost did not return expected KeyError: %v", err)
+			}
+			keyErr.Want = append(keyErr.Want, tmpKeyErr.Want...)
+		}
+		return &keyErr
+	}
+
 	for _, f := range files {
 		hostFound, err := goph.CheckKnownHost(host, remote, key, f)
 		if hostFound && err == nil {

From 8b6df3beeee0c983f641ba23b28958e1404fab48 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 21 Mar 2023 10:12:29 +0100
Subject: [PATCH 0846/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#381)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.18.6 to 1.19.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.6...service/s3/v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 73986b291..30f18acf5 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.17.6
 	github.com/aws/aws-sdk-go-v2/config v1.18.18
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.3
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/go.sum b/go.sum
index de7843866..286d2b2e4 100644
--- a/go.sum
+++ b/go.sum
@@ -116,7 +116,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.5/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.17.6 h1:Y773UK7OBqhzi5VDXMi1zVGsoj+CVHs2eaC2bDsLwi0=
 github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.18 h1:/ePABXvXl3ESlzUGnkkvvNnRFw3Gh13dyqaq0Qo3JcU=
@@ -126,11 +125,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.17/go.mod h1:K9xeFo1g/YPMguMUD69Y
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 h1:/2Cb3SK3xVOQA7Xfr5nCWCo5H3UiNINtsVvVdk8sQqA=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0/go.mod h1:neYVaeKr5eT7BzwULuG2YbLhzWZ22lpjKdCybR7AXrQ=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.29/go.mod h1:Dip3sIGv485+xerzVv24emnjX5Sg88utCL8fwGmCeWg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 h1:y+8n9AGDjikyXoMBTRaHHHSaFEB8267ykmvyPodJfys=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.23/go.mod h1:mr6c4cHC+S/MMkrjtSlG4QA36kOznDep+0fga5L/fGQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 h1:r+Kv+SEJquhAZXaJ7G4u44cIwXV3f8K+N482NNAzJZA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 h1:hf+Vhp5WtTdcSdE+yEcUz8L73sAzN0R+0jQv+Z51/mI=
@@ -139,8 +136,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCH
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6 h1:VjvQw/1Qf/rhDSl+NNOeybSpdPRjBfH60//5vzveVsY=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.6/go.mod h1:CJcdJtrO6ulXfI8l2DotKWmJShhXHCEcd9Wibyx3kC0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0 h1:B4LvuBxrxh2WXakqwJL22EPAWgqGGK9/E4YQV/IIkYo=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0/go.mod h1:XF4Gbmcn6V9xIIm6lhwtyX1NXConNJ8x6yizt2Ejx/0=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 h1:bdKIX6SVF3nc3xJFw6Nf0igzS6Ff/louGq8Z6VP/3Hs=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.5/go.mod h1:vuWiaDB30M/QTC+lI3Wj6S/zb7tpUK2MSYgy3Guh2L0=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 h1:xLPZMyuZ4GuqRCIec/zWuIhRFPXh2UOJdLXBSi64ZWQ=

From cdde647e47e1578288c0634f5e9a116988da77b4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 24 Mar 2023 14:52:12 +0100
Subject: [PATCH 0847/2268] fix: Fix .git-credentials checking/loading/matching
 (#386)

* fix: Fix checking of .git-credentials existence

* fix: Fix matching of credentials in .git-credentials
---
 pkg/git/auth/git_credentials_file.go | 44 +++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index bf754be36..cd9231154 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -7,6 +7,7 @@ import (
 	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"net/url"
 	"os"
 	"path/filepath"
 )
@@ -19,6 +20,7 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 	if gitUrl.Scheme != "http" && gitUrl.Scheme != "https" {
 		return AuthMethodAndCA{}
 	}
+	a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: BuildAuth for %s", gitUrl.String())
 
 	home, err := os.UserHomeDir()
 	if err != nil {
@@ -46,10 +48,12 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 
 func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
 	st, err := os.Stat(gitCredentialsPath)
-	if err != nil || !st.Mode().IsDir() {
+	if err != nil || st.Mode().IsDir() {
 		return nil
 	}
 
+	a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: trying file %s", gitCredentialsPath)
+
 	f, err := os.Open(gitCredentialsPath)
 	if err != nil {
 		a.MessageCallbacks.Warning("Failed to open %s: %v", gitCredentialsPath, err)
@@ -59,25 +63,43 @@ func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, git
 
 	s := bufio.NewScanner(f)
 	for s.Scan() {
+		if s.Text() == "" || s.Text()[0] == '#' {
+			continue
+		}
 		u, err := giturls.Parse(s.Text())
 		if err != nil {
 			continue
 		}
+		// create temporary url without password, which can be printed
+		tmpU := *u
+		tmpU.User = url.User(u.User.Username())
+
+		if u.User == nil || u.User.Username() == "" {
+			a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: ignoring %s", tmpU.String())
+			continue
+		}
+		a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: trying %s", tmpU.String())
+
 		if u.Host != gitUrl.Host {
+			a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: host does not match")
 			continue
 		}
-		if u.User == nil {
+		if gitUrl.User != nil && gitUrl.User.Username() != u.User.Username() {
+			a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: user does not match")
 			continue
 		}
-		if password, ok := u.User.Password(); ok {
-			if u.User.Username() != "" {
-				return &AuthMethodAndCA{
-					AuthMethod: &http.BasicAuth{
-						Username: u.User.Username(),
-						Password: password,
-					},
-				}
-			}
+		password, ok := u.User.Password()
+		if !ok {
+			a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: no password provided")
+			continue
+		}
+
+		a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: matched")
+		return &AuthMethodAndCA{
+			AuthMethod: &http.BasicAuth{
+				Username: u.User.Username(),
+				Password: password,
+			},
 		}
 	}
 	return nil

From 01c1318075a29a600c9d972398a351f1afc5c6d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 29 Mar 2023 21:09:42 +0200
Subject: [PATCH 0848/2268] fix: Honor ignore-conflicts even if force-apply is
 active for a field (#387)

---
 pkg/diff/managed_fields.go      | 37 ++++++++++++++++--------------
 pkg/diff/managed_fields_test.go | 40 +++++++++++++++++++++++++++++++--
 2 files changed, 58 insertions(+), 19 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index e2b4e6797..9c7f11cc8 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -229,9 +229,24 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 			panic(fmt.Sprintf("field '%s' not found in remote object...which can't be!", cause.Field))
 		}
 
-		overwrite := true
-		ignoreConflict := ignoreConflictsAll
-		if !forceApplyAll {
+		ignoreConflict := false
+		if ignoreConflictsAll {
+			ignoreConflict = true
+		} else if _, ok := ignoreConflictFields[localKeyPath.ToJsonPath()]; ok {
+			ignoreConflict = true
+		} else if _, ok := ignoreConflictFields[remoteKeyPath.ToJsonPath()]; ok {
+			ignoreConflict = true
+		}
+
+		overwrite := false
+		if !ignoreConflict {
+			if forceApplyAll {
+				overwrite = true
+			} else if _, ok := forceApplyFields[localKeyPath.ToJsonPath()]; ok {
+				overwrite = true
+			} else if _, ok := forceApplyFields[remoteKeyPath.ToJsonPath()]; ok {
+				overwrite = true
+			}
 			for _, mfn := range mf.managers {
 				found := false
 				for _, oa := range overwriteAllowedManagers {
@@ -240,23 +255,11 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 						break
 					}
 				}
-				if !found {
-					overwrite = false
+				if found {
+					overwrite = true
 					break
 				}
 			}
-			if _, ok := forceApplyFields[localKeyPath.ToJsonPath()]; ok {
-				overwrite = true
-			}
-			if _, ok := forceApplyFields[remoteKeyPath.ToJsonPath()]; ok {
-				overwrite = true
-			}
-		}
-		if _, ok := ignoreConflictFields[localKeyPath.ToJsonPath()]; ok {
-			ignoreConflict = true
-		}
-		if _, ok := ignoreConflictFields[remoteKeyPath.ToJsonPath()]; ok {
-			ignoreConflict = true
 		}
 
 		if !overwrite {
diff --git a/pkg/diff/managed_fields_test.go b/pkg/diff/managed_fields_test.go
index 3c6fcd96e..1cae73f91 100644
--- a/pkg/diff/managed_fields_test.go
+++ b/pkg/diff/managed_fields_test.go
@@ -164,6 +164,42 @@ func TestResolveFieldManagerConflicts(t *testing.T) {
 			lost:   buildLost("d1"),
 			anns:   buildAnnotations("kluctl.io/ignore-conflicts-field-123", "data.d3"),
 		},
+		{
+			name:   "force-apply-object-ignore-conflicts",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/force-apply", "true", "kluctl.io/ignore-conflicts", "true"),
+		},
+		{
+			name:   "force-apply-object-ignore-conflicts-field",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/force-apply", "true", "kluctl.io/ignore-conflicts-field", "data.d1"),
+		},
+		{
+			name:   "force-apply-field-ignore-conflicts",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/force-apply-field", "data.d1", "kluctl.io/ignore-conflicts", "true"),
+		},
+		{
+			name:   "force-apply-field-ignore-conflicts-field",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost(),
+			anns:   buildAnnotations("kluctl.io/force-apply-field", "data.d1", "kluctl.io/ignore-conflicts-field", "data.d3"),
+		},
 	}
 
 	for _, tc := range tests {
@@ -185,8 +221,8 @@ func TestResolveFieldManagerConflicts(t *testing.T) {
 
 			r, l, err := ResolveFieldManagerConflicts(tc.local, tc.remote, tc.status)
 			assert.NoError(t, err)
-			assert.Equal(t, r, tc.result)
-			assert.Equal(t, l, tc.lost)
+			assert.Equal(t, tc.result, r)
+			assert.Equal(t, tc.lost, l)
 		})
 	}
 }

From 4e2dff288202e81f8195313327f9927d80e79ba9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 10:00:12 +0200
Subject: [PATCH 0849/2268] chore(deps): Bump k8s.io/client-go from 0.26.2 to
 0.26.3 (#383)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 18 ++++++------------
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index aef2530c4..176c8ebf3 100644
--- a/go.mod
+++ b/go.mod
@@ -44,10 +44,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.2
-	k8s.io/api v0.26.2
+	k8s.io/api v0.26.3
 	k8s.io/apiextensions-apiserver v0.26.2
-	k8s.io/apimachinery v0.26.2
-	k8s.io/client-go v0.26.2
+	k8s.io/apimachinery v0.26.3
+	k8s.io/client-go v0.26.3
 	k8s.io/klog/v2 v2.90.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
diff --git a/go.sum b/go.sum
index 286d2b2e4..2acf695ec 100644
--- a/go.sum
+++ b/go.sum
@@ -91,14 +91,12 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B
 github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -256,8 +254,6 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df h1:2BHXJp1PwX7D47Q2oaKDekn+BZVZCmxeCWNi+FyownE=
-github.com/fluxcd/go-git/v5 v5.0.0-20221206140629-ec778c2c37df/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0 h1:A6aLolxPV2Sll44SOHiX96lbXXmRZmS5BoEerkRHrfM=
 github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJkswhYIaufXla4tB5Y84=
 github.com/fluxcd/pkg/kustomize v0.13.2 h1:isA9yi+m7sSIxdTrFR1U7+LyS2BraG07ZkKLHw3bnGo=
@@ -679,7 +675,6 @@ github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
-github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
@@ -813,7 +808,6 @@ github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1340,18 +1334,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ=
-k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU=
+k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
+k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
 k8s.io/apiextensions-apiserver v0.26.2 h1:/yTG2B9jGY2Q70iGskMf41qTLhL9XeNN2KhI0uDgwko=
 k8s.io/apiextensions-apiserver v0.26.2/go.mod h1:Y7UPgch8nph8mGCuVk0SK83LnS8Esf3n6fUBgew8SH8=
-k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
-k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
+k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
 k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o=
 k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
-k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI=
-k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU=
+k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s=
+k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ=
 k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI=
 k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=

From 7eb0d5123e7622b8c14d7cf0b59f882864af76a0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 10:00:47 +0200
Subject: [PATCH 0850/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.17.5 to 1.18.4 (#392)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.17.5 to 1.18.4.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.17.5...v1.18.4)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 176c8ebf3..5b4218bf7 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/mattn/go-isatty v0.0.17
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.17.5
+	github.com/ohler55/ojg v1.18.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.9.0
diff --git a/go.sum b/go.sum
index 2acf695ec..cc65b2183 100644
--- a/go.sum
+++ b/go.sum
@@ -647,8 +647,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.17.5 h1:SY6/cdhVzsLinNFIBRNSWhJgihvEWco5Y0TJe46XJ1Y=
-github.com/ohler55/ojg v1.17.5/go.mod h1:7Ghirupn8NC8hSSDpI0gcjorPxj+vSVIONDWfliHR1k=
+github.com/ohler55/ojg v1.18.4 h1:FXHUddnBgrx5RwlkTDJnXBL5s3DNOMlZfv4K27nNNtM=
+github.com/ohler55/ojg v1.18.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=

From 6effa40de3a86db9141539f365777928aada95ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Apr 2023 11:17:04 +0200
Subject: [PATCH 0851/2268] chore(deps): Bump k8s.io/apiextensions-apiserver
 from 0.26.2 to 0.26.3 (#385)

Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 5b4218bf7..66e385b36 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.2
 	k8s.io/api v0.26.3
-	k8s.io/apiextensions-apiserver v0.26.2
+	k8s.io/apiextensions-apiserver v0.26.3
 	k8s.io/apimachinery v0.26.3
 	k8s.io/client-go v0.26.3
 	k8s.io/klog/v2 v2.90.1
@@ -234,9 +234,9 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
-	k8s.io/apiserver v0.26.2 // indirect
+	k8s.io/apiserver v0.26.3 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
-	k8s.io/component-base v0.26.2 // indirect
+	k8s.io/component-base v0.26.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
diff --git a/go.sum b/go.sum
index cc65b2183..d11a72886 100644
--- a/go.sum
+++ b/go.sum
@@ -1336,18 +1336,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
 k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
-k8s.io/apiextensions-apiserver v0.26.2 h1:/yTG2B9jGY2Q70iGskMf41qTLhL9XeNN2KhI0uDgwko=
-k8s.io/apiextensions-apiserver v0.26.2/go.mod h1:Y7UPgch8nph8mGCuVk0SK83LnS8Esf3n6fUBgew8SH8=
+k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE=
+k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ=
 k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
 k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
-k8s.io/apiserver v0.26.2 h1:Pk8lmX4G14hYqJd1poHGC08G03nIHVqdJMR0SD3IH3o=
-k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8=
+k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4=
+k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
 k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s=
 k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ=
-k8s.io/component-base v0.26.2 h1:IfWgCGUDzrD6wLLgXEstJKYZKAFS2kO+rBRi0p3LqcI=
-k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs=
+k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g=
+k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 h1:8cNCQs+WqqnSpZ7y0LMQPKD+RZUHU17VqLPMW3qxnxc=

From 6f4352afd5a1823255443859420ab404e5f067e6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Apr 2023 08:59:16 +0200
Subject: [PATCH 0852/2268] fix: Pin markdown-link-check to 3.10.3 until the
 latest version gets fixed (#400)

---
 Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 69a9805ac..d8f9ce4aa 100644
--- a/Makefile
+++ b/Makefile
@@ -115,8 +115,9 @@ endif
 replace-commands-help: ## Replace commands help in docs
 	$(GOCMD) run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
 
+MARKDOWN_LINK_CHECK_VERSION=3.10.3 # warning, 3.11.x is broken
 markdown-link-check: ## Check markdown files for dead links
-	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:stable
+	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
 
 ## Release:
 version: ## Write next version into version file

From a8452df46957c1d691ae6e703eccd1d3ef710e7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Apr 2023 23:53:57 +0200
Subject: [PATCH 0853/2268] chore(deps): Bump golang.org/x/text from 0.8.0 to
 0.9.0 (#397)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 66e385b36..5bd149ad5 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.6.0
 	golang.org/x/term v0.6.0
-	golang.org/x/text v0.8.0
+	golang.org/x/text v0.9.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.11.2
diff --git a/go.sum b/go.sum
index d11a72886..1802c6399 100644
--- a/go.sum
+++ b/go.sum
@@ -1101,8 +1101,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 780d1322338f7906eab9741101f61b6214f855e6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Apr 2023 23:54:19 +0200
Subject: [PATCH 0854/2268] chore(deps): Bump github.com/otiai10/copy from
 1.9.0 to 1.10.0 (#398)

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  2 +-
 go.sum | 10 +++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 5bd149ad5..900c9155a 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.4
-	github.com/otiai10/copy v1.9.0
+	github.com/otiai10/copy v1.10.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
 	sigs.k8s.io/kustomize/api v0.12.1
diff --git a/go.sum b/go.sum
index 1802c6399..466f95ec2 100644
--- a/go.sum
+++ b/go.sum
@@ -660,13 +660,9 @@ github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7X
 github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
-github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
-github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4=
-github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
+github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
+github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=

From 5148c8fdc8928f3bd9ee81e2a5ec8ad5a8b6b6a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 12 Apr 2023 23:54:47 +0200
Subject: [PATCH 0855/2268] chore(deps): Bump k8s.io/apimachinery from 0.26.3
 to 0.27.0 (#399)

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.26.3 to 0.27.0.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.26.3...v0.27.0)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 15 +++++++--------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index 900c9155a..e8e104afa 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	helm.sh/helm/v3 v3.11.2
 	k8s.io/api v0.26.3
 	k8s.io/apiextensions-apiserver v0.26.3
-	k8s.io/apimachinery v0.26.3
+	k8s.io/apimachinery v0.27.0
 	k8s.io/client-go v0.26.3
 	k8s.io/klog/v2 v2.90.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
@@ -237,9 +237,9 @@ require (
 	k8s.io/apiserver v0.26.3 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
 	k8s.io/component-base v0.26.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 // indirect
+	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
 	k8s.io/kubectl v0.26.0 // indirect
-	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
 	oras.land/oras-go v1.2.2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 466f95ec2..1e9193c3d 100644
--- a/go.sum
+++ b/go.sum
@@ -228,7 +228,6 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
 github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
 github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -406,7 +405,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
@@ -1334,8 +1333,8 @@ k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
 k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
 k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE=
 k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ=
-k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
-k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
+k8s.io/apimachinery v0.27.0 h1:vEyy/PVMbPMCPutrssCVHCf0JNZ0Px+YqPi82K2ALlk=
+k8s.io/apimachinery v0.27.0/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
 k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4=
 k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
@@ -1346,12 +1345,12 @@ k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g=
 k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 h1:8cNCQs+WqqnSpZ7y0LMQPKD+RZUHU17VqLPMW3qxnxc=
-k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596/go.mod h1:/BYxry62FuDzmI+i9B+X2pqfySRmSOW2ARmj5Zbqhj0=
+k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
+k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
 k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
-k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
-k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
+k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
 oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 1b833d259bba71d34bf3fee92ca18e7ba88ddc6c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Apr 2023 14:11:44 +0200
Subject: [PATCH 0856/2268] feat: Allow to specify regex based path in
 ignoreForDiff

---
 .../deployments/annotations/all-resources.md  |  6 +++
 docs/reference/deployments/deployment-yml.md  | 15 ++++++-
 pkg/deployment/utils/diff_utils.go            | 12 +++++-
 pkg/diff/normalize.go                         | 41 ++++++++++++-------
 pkg/types/deployment.go                       | 19 ++++++---
 pkg/utils/uo/jsonpath.go                      |  2 +-
 pkg/utils/uo/nested_fields.go                 | 29 +++++++++++++
 7 files changed, 99 insertions(+), 25 deletions(-)

diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/reference/deployments/annotations/all-resources.md
index 9340ebdbf..dacdc5b04 100644
--- a/docs/reference/deployments/annotations/all-resources.md
+++ b/docs/reference/deployments/annotations/all-resources.md
@@ -104,3 +104,9 @@ Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that
 diffs.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
+
+### kluctl.io/ignore-diff-field-regex
+Same as [kluctl.io/ignore-diff-field](#kluctlioignore-diff-field) but specifying a regular expressions instead of a
+JSON Path.
+
+If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 013f60ef3..9d40ee88e 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -294,8 +294,19 @@ This will remove the `spec.replicas` field from every resource that matches the
 `group`, `kind`, `namespace` and `name` can be omitted, which results in all objects matching. `fieldPath` must be a
 valid [JSON Path](https://goessner.net/articles/JsonPath/). `fieldPath` may also be a list of JSON paths.
 
-The JSON Path implementation used in kluctl has extended support for wildcards in field
-names, allowing you to also specify paths like `metadata.labels.my-prefix-*`.
+Using regex expressions instead of JSON Pathes is also supported:
+
+```yaml
+deployments:
+  - ...
+
+ignoreForDiff:
+  - group: apps
+    kind: Deployment
+    namespace: my-namespace
+    name: my-deployment
+    fieldPathRegex: metadata.labels.my-label-.*
+```
 
 As an alternative, [annotations](./annotations/all-resources.md#control-diff-behavior) can be used to control
 diff behavior of individual resources.
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 05f740a8f..e62f33e16 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -77,8 +77,16 @@ func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 		// did not apply? (e.g. in downscale command)
 		return
 	} else {
-		nao := diff.NormalizeObject(ao, ignoreForDiffs, lo)
-		nro := diff.NormalizeObject(ro, ignoreForDiffs, lo)
+		nao, err := diff.NormalizeObject(ao, ignoreForDiffs, lo)
+		if err != nil {
+			u.dew.AddError(lo.GetK8sRef(), err)
+			return
+		}
+		nro, err := diff.NormalizeObject(ro, ignoreForDiffs, lo)
+		if err != nil {
+			u.dew.AddError(lo.GetK8sRef(), err)
+			return
+		}
 		changes, err := diff.Diff(nro, nao)
 		if err != nil {
 			u.dew.AddError(lo.GetK8sRef(), err)
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index 5123a347f..81e94fb4a 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -118,9 +118,10 @@ func normalizeMisc(o *uo.UnstructuredObject) {
 }
 
 var ignoreDiffFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-field(-\d*)?$`)
+var ignoreDiffFieldRegexAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-field-regex(-\d*)?$`)
 
 // NormalizeObject Performs some deterministic sorting and other normalizations to avoid ugly diffs due to order changes
-func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig, localObject *uo.UnstructuredObject) *uo.UnstructuredObject {
+func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig, localObject *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 	gvk := o_.GetK8sGVK()
 	name := o_.GetK8sName()
 	ns := o_.GetK8sNamespace()
@@ -138,6 +139,11 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		normalizeServiceAccount(o)
 	}
 
+	if utils.ParseBoolOrFalse(localObject.GetK8sAnnotation("kluctl.io/ignore-diff")) {
+		// Return empty object so that diffs will always be empty
+		return &uo.UnstructuredObject{Object: map[string]interface{}{}}, nil
+	}
+
 	checkMatch := func(v string, m *string) bool {
 		if v == "" || m == nil {
 			return true
@@ -145,6 +151,18 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		return v == *m
 	}
 
+	ignoreForDiffs = append([]*types.IgnoreForDiffItemConfig{}, ignoreForDiffs...)
+	for _, v := range localObject.GetK8sAnnotationsWithRegex(ignoreDiffFieldAnnotationRegex) {
+		ignoreForDiffs = append(ignoreForDiffs, &types.IgnoreForDiffItemConfig{
+			FieldPath: []string{v},
+		})
+	}
+	for _, v := range localObject.GetK8sAnnotationsWithRegex(ignoreDiffFieldRegexAnnotationRegex) {
+		ignoreForDiffs = append(ignoreForDiffs, &types.IgnoreForDiffItemConfig{
+			FieldPathRegex: []string{v},
+		})
+	}
+
 	for _, ifd := range ignoreForDiffs {
 		if !checkMatch(gvk.Group, ifd.Group) {
 			continue
@@ -162,24 +180,17 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		for _, fp := range ifd.FieldPath {
 			jp, err := uo.NewMyJsonPath(fp)
 			if err != nil {
-				continue
+				return nil, err
 			}
 			_ = jp.Del(o)
 		}
-	}
-
-	if utils.ParseBoolOrFalse(localObject.GetK8sAnnotation("kluctl.io/ignore-diff")) {
-		// Return empty object so that diffs will always be empty
-		return &uo.UnstructuredObject{Object: map[string]interface{}{}}
-	}
-
-	for _, v := range localObject.GetK8sAnnotationsWithRegex(ignoreDiffFieldAnnotationRegex) {
-		j, err := uo.NewMyJsonPath(v)
-		if err != nil {
-			continue
+		for _, fp := range ifd.FieldPathRegex {
+			err := o.RemoveFieldsByPathRegex(fp)
+			if err != nil {
+				return nil, err
+			}
 		}
-		_ = j.Del(o)
 	}
 
-	return o
+	return o, nil
 }
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index df656745c..22e2a1914 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -77,11 +77,19 @@ func (s *SingleStringOrList) UnmarshalYAML(unmarshal func(interface{}) error) er
 }
 
 type IgnoreForDiffItemConfig struct {
-	FieldPath SingleStringOrList `yaml:"fieldPath" validate:"required"`
-	Group     *string            `yaml:"group,omitempty"`
-	Kind      *string            `yaml:"kind,omitempty"`
-	Name      *string            `yaml:"name,omitempty"`
-	Namespace *string            `yaml:"namespace,omitempty"`
+	FieldPath      SingleStringOrList `yaml:"fieldPath" validate:"required"`
+	FieldPathRegex SingleStringOrList `yaml:"fieldPathRegex,omitempty"`
+	Group          *string            `yaml:"group,omitempty"`
+	Kind           *string            `yaml:"kind,omitempty"`
+	Name           *string            `yaml:"name,omitempty"`
+	Namespace      *string            `yaml:"namespace,omitempty"`
+}
+
+func ValidateIgnoreForDiffItemConfig(sl validator.StructLevel) {
+	s := sl.Current().Interface().(IgnoreForDiffItemConfig)
+	if len(s.FieldPath)+len(s.FieldPathRegex) == 0 {
+		sl.ReportError(s, "self", "self", "at least one of fieldPath or fieldPathRegex must be set", "")
+	}
 }
 
 type DeploymentProjectConfig struct {
@@ -102,4 +110,5 @@ type DeploymentProjectConfig struct {
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateDeploymentItemConfig, DeploymentItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
+	yaml.Validator.RegisterStructValidation(ValidateIgnoreForDiffItemConfig, IgnoreForDiffItemConfig{})
 }
diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 5263f8639..44e375534 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 )
 
-var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]+$`)
+var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_-][A-Za-z0-9_-]+$`)
 
 type KeyPath []interface{}
 
diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 13560b767..6da20472a 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -3,6 +3,7 @@ package uo
 import (
 	"fmt"
 	"reflect"
+	"regexp"
 )
 
 func (uo *UnstructuredObject) GetNestedField(keys ...interface{}) (interface{}, bool, error) {
@@ -77,6 +78,34 @@ func (uo *UnstructuredObject) RemoveNestedField(keys ...interface{}) error {
 	return nil
 }
 
+func (uo *UnstructuredObject) RemoveFieldsByPathRegex(path string) error {
+	r, err := regexp.Compile(path)
+	if err != nil {
+		return err
+	}
+
+	var toDelete []KeyPath
+	err = uo.NewIterator().IterateLeafs(func(it *ObjectIterator) error {
+		jp := it.KeyPath().ToJsonPath()
+		if r.MatchString(jp) {
+			toDelete = append(toDelete, it.KeyPathCopy())
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, p := range toDelete {
+		err = uo.RemoveNestedField(p...)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (uo *UnstructuredObject) GetNestedString(keys ...interface{}) (string, bool, error) {
 	v, found, err := uo.GetNestedField(keys...)
 	if err != nil {

From 6aa0469b830757f8c080864425192ffb297ff486 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Apr 2023 14:12:15 +0200
Subject: [PATCH 0857/2268] fix: Fix --ignore-tags to actually work

The JSON Path library used in Kluctl does not support extended wildcards.
---
 pkg/deployment/deployment_project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 8264170d2..49e3263ba 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -344,7 +344,7 @@ func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAn
 		ret = append(ret, e.p.Config.IgnoreForDiff...)
 	}
 	if ignoreTags {
-		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.labels."kluctl.io/tag-*"`}})
+		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.labels\["kluctl\.io/tag-.*"\]`}})
 	}
 	if ignoreLabels {
 		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.labels.*`}})

From 1a4a00722604680806cc05c0ab86f295e265c527 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Apr 2023 15:19:17 +0200
Subject: [PATCH 0858/2268] tests: Add tests for object normalization

---
 pkg/diff/normalize_test.go | 203 +++++++++++++++++++++++++++++++++++++
 1 file changed, 203 insertions(+)
 create mode 100644 pkg/diff/normalize_test.go

diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
new file mode 100644
index 000000000..d380ea9b0
--- /dev/null
+++ b/pkg/diff/normalize_test.go
@@ -0,0 +1,203 @@
+package diff
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func buildObject(j ...string) *uo.UnstructuredObject {
+	o := uo.FromMap(map[string]interface{}{
+		"apiVersion": "apps/v1",
+		"kind":       "Deployment",
+		"metadata": map[string]any{
+			"name":      "test",
+			"namespace": "ns",
+		},
+	})
+
+	for _, x := range j {
+		o2 := uo.FromStringMust(x)
+		o.Merge(o2)
+	}
+	return o
+}
+
+func buildResultObject(j ...string) *uo.UnstructuredObject {
+	o := buildObject(`{"metadata": {"labels": {}, "annotations": {}}}`)
+	for _, x := range j {
+		o2 := uo.FromStringMust(x)
+		o.Merge(o2)
+	}
+	return o
+}
+
+type testCase struct {
+	remote         *uo.UnstructuredObject
+	local          *uo.UnstructuredObject
+	result         *uo.UnstructuredObject
+	ignoreForDiffs []*types.IgnoreForDiffItemConfig
+}
+
+func runTests(t *testing.T, tests []testCase) {
+	for i, tc := range tests {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			r, err := NormalizeObject(tc.remote, tc.ignoreForDiffs, tc.local)
+			if err != nil {
+				t.Error(err)
+			} else {
+				rj, _ := yaml.WriteJsonString(r)
+				ej, _ := yaml.WriteJsonString(tc.result)
+				assert.Equal(t, ej, rj)
+			}
+		})
+	}
+}
+
+func TestNormalizeNoop(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(), local: buildObject(), result: buildResultObject()},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeMetadata(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(`{"metadata": {"labels": null, "annotations": null}}`), local: buildObject(), result: buildResultObject()},
+		{remote: buildObject(`{"metadata": {"managedFields": {}, "creationTimestamp": "test", "generation": "test", "resourceVersion": 123, "selfLink": "test", "uid": "test", "good": "keep"}}`), local: buildObject(), result: buildResultObject(`{"metadata": {"good": "keep"}}`)},
+		{remote: buildObject(`{"metadata": {"annotations": {"kubectl.kubernetes.io/last-applied-configuration": "test", "good": "keep"}}}`), local: buildObject(), result: buildResultObject(`{"metadata": {"annotations": {"good": "keep"}}}`)},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeMisc(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(`{"spec": {"template": {"metadata": {"labels": {"controller-uid": "test", "good": "keep"}}}}, "selector": {"controller-uid": "test", "good": "keep"}}`), local: buildObject(), result: buildResultObject(`{"metadata":{"annotations":{},"labels":{}},"selector":{"controller-uid":"test","good":"keep"},"spec":{"template":{"metadata":{"labels":{"good":"keep"}}}}}`)},
+		{remote: buildObject(`{"status": {"test": "test"}}`), local: buildObject(), result: buildResultObject()},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeContainers(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(`{"spec": {"template": {"spec": {"containers": ["env": [{"name": "a", "value": "x"}]]}}}}`), local: buildObject(), result: buildResultObject(`{"spec": {"template": {"spec": {"containers": ["env": {"a":{"name":"a","value":"x"}}]}}}}`)},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeData(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(`{"apiVersion": "v1", "kind": "ConfigMap", "data": {"good": "keep"}}`), local: buildObject(), result: buildResultObject(`{"apiVersion": "v1", "kind": "ConfigMap", "data": {"good": "keep"}}`)},
+		{remote: buildObject(`{"apiVersion": "v1", "kind": "ConfigMap", "data": {}}`), local: buildObject(), result: buildResultObject(`{"apiVersion": "v1", "kind": "ConfigMap"}`)},
+		{remote: buildObject(`{"apiVersion": "v1", "kind": "ConfigMap", "data": null}`), local: buildObject(), result: buildResultObject(`{"apiVersion": "v1", "kind": "ConfigMap"}`)},
+		{remote: buildObject(`{"apiVersion": "v1", "kind": "ConfigMap"}`), local: buildObject(), result: buildResultObject(`{"apiVersion": "v1", "kind": "ConfigMap"}`)},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeServiceAccounts(t *testing.T) {
+	testCases := []testCase{
+		{remote: buildObject(`{"apiVersion": "v1", "kind": "ServiceAccount", "secrets": [{"name": "test-remove"},{"name": "good"}]}`), local: buildObject(), result: buildResultObject(`{"apiVersion": "v1", "kind": "ServiceAccount", "secrets": [{"name": "good"}]}`)},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeIgnoreForDiffs(t *testing.T) {
+	testCases := []testCase{
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.l1", "metadata.labels.l2"}},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPathRegex: []string{`metadata\.labels\.l.*`}},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("Nope")},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}, Kind: utils.StrPtr("Nope")},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}, Name: utils.StrPtr("Nope")},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}, Namespace: utils.StrPtr("Nope")},
+			},
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2"}}}`),
+			local:  buildObject(),
+			result: buildResultObject(`{"metadata": {"labels": {}}}`),
+			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("apps"), Kind: utils.StrPtr("Deployment"), Name: utils.StrPtr("test"), Namespace: utils.StrPtr("ns")},
+			},
+		},
+	}
+	runTests(t, testCases)
+}
+
+func TestNormalizeIgnoreForDiffsByAnnotations(t *testing.T) {
+	testCases := []testCase{
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
+			local:  buildObject(`{"metadata": {"annotations": {"kluctl.io/ignore-diff": "true"}}}`),
+			result: uo.FromStringMust(`{}`),
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2"}}}`),
+			local:  buildObject(`{"metadata": {"annotations": {"kluctl.io/ignore-diff-field": "metadata.labels.l1"}}}`),
+			result: buildResultObject(`{"metadata": {"labels": {"l2": "l2"}}}`),
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "l3": "l3", "good": "keep"}}}`),
+			local:  buildObject(`{"metadata": {"annotations": {"kluctl.io/ignore-diff-field": "metadata.labels.l1", "kluctl.io/ignore-diff-field-1": "metadata.labels.l2", "kluctl.io/ignore-diff-field-3": "metadata.labels.l3"}}}`),
+			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
+		},
+		{
+			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "l3": "l3", "good": "keep"}}}`),
+			local:  buildObject(`{"metadata": {"annotations": {"kluctl.io/ignore-diff-field-regex": "metadata\\.labels\\.l[12]", "kluctl.io/ignore-diff-field-regex-1": "metadata\\.labels\\.l3"}}}`),
+			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
+		},
+	}
+	runTests(t, testCases)
+}

From 3d9386cf8bce5ec75192ea0ee135e97ef0d80f43 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Apr 2023 15:19:51 +0200
Subject: [PATCH 0859/2268] fix: GetNestedObject should not treat nil fields as
 not found

---
 pkg/utils/uo/nested_fields.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 6da20472a..35e3be0c0 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -182,6 +182,10 @@ func (uo *UnstructuredObject) GetNestedObject(keys ...interface{}) (*Unstructure
 		return nil, false, nil
 	}
 
+	if a == nil {
+		return nil, true, nil
+	}
+
 	m, ok := a.(map[string]interface{})
 	if !ok {
 		return nil, false, fmt.Errorf("nested value is not a map")

From 6064653bf95009cc4fc14949c9b4a2e582fc6225 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Apr 2023 15:20:20 +0200
Subject: [PATCH 0860/2268] fix: Fix multiple issues with normalization found
 while implementing tests

---
 pkg/diff/normalize.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index 81e94fb4a..f32f7a2d7 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -64,8 +64,8 @@ func normalizeContainers(containers []*uo.UnstructuredObject) {
 
 func normalizeSecretAndConfigMaps(o *uo.UnstructuredObject) {
 	data, found, _ := o.GetNestedObject("data")
-	if found && len(data.Object) == 0 {
-		_ = data.RemoveNestedField("data")
+	if found && (data == nil || len(data.Object) == 0) {
+		_ = o.RemoveNestedField("data")
 	}
 }
 
@@ -95,7 +95,7 @@ func normalizeServiceAccount(o *uo.UnstructuredObject) {
 func normalizeMetadata(o *uo.UnstructuredObject) {
 	// We don't care about managedFields when diffing (they just produce noise)
 	_ = o.RemoveNestedField("metadata", "managedFields")
-	_ = o.RemoveNestedField("metadata", "annotations", "managedFields", "kubectl.kubernetes.io/last-applied-configuration")
+	_ = o.RemoveNestedField("metadata", "annotations", "kubectl.kubernetes.io/last-applied-configuration")
 
 	// We don't want to see this in diffs
 	_ = o.RemoveNestedField("metadata", "creationTimestamp")
@@ -105,8 +105,8 @@ func normalizeMetadata(o *uo.UnstructuredObject) {
 	_ = o.RemoveNestedField("metadata", "uid")
 
 	// Ensure empty labels/metadata exist
-	_ = o.SetNestedFieldDefault(map[string]string{}, "metadata", "labels")
-	_ = o.SetNestedFieldDefault(map[string]string{}, "metadata", "annotations")
+	_ = o.SetNestedFieldDefault(map[string]any{}, "metadata", "labels")
+	_ = o.SetNestedFieldDefault(map[string]any{}, "metadata", "annotations")
 }
 
 func normalizeMisc(o *uo.UnstructuredObject) {

From 7daec3454bae322734282127a066a6e8b9f20147 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Apr 2023 15:35:40 +0200
Subject: [PATCH 0861/2268] chore(deps): Bump github.com/mattn/go-isatty from
 0.0.17 to 0.0.18 (#401)

Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.17 to 0.0.18.
- [Release notes](https://github.com/mattn/go-isatty/releases)
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.17...v0.0.18)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index e8e104afa..f002c7f3b 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
 	github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mattn/go-isatty v0.0.17
+	github.com/mattn/go-isatty v0.0.18
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.18.4
diff --git a/go.sum b/go.sum
index 1e9193c3d..5a0c373a8 100644
--- a/go.sum
+++ b/go.sum
@@ -585,8 +585,9 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=

From 2c5b0f9c274b5293a566e20acd2344a4c98dd829 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Apr 2023 15:35:52 +0200
Subject: [PATCH 0862/2268] chore(deps): Bump github.com/Masterminds/semver/v3
 from 3.2.0 to 3.2.1 (#402)

Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index f002c7f3b..429cb1ebb 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/Masterminds/semver/v3 v3.2.0
+	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/bitnami-labs/sealed-secrets v0.19.5
 	github.com/cyphar/filepath-securejoin v0.2.3
diff --git a/go.sum b/go.sum
index 5a0c373a8..548fa93e1 100644
--- a/go.sum
+++ b/go.sum
@@ -78,8 +78,9 @@ github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=

From fb20232ffe962b9dba8ece05fdfe4fe298fcda79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Apr 2023 15:37:36 +0200
Subject: [PATCH 0863/2268] chore(deps): Bump github.com/imdario/mergo from
 0.3.14 to 0.3.15 (#403)

Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from 0.3.14 to 0.3.15.
- [Release notes](https://github.com/imdario/mergo/releases)
- [Commits](https://github.com/imdario/mergo/compare/v0.3.14...v0.3.15)

---
updated-dependencies:
- dependency-name: github.com/imdario/mergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 429cb1ebb..8656e3d5d 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/google/go-containerregistry v0.13.0
 	github.com/hashicorp/vault/api v1.9.0
 	github.com/hexops/gotextdiff v1.0.3
-	github.com/imdario/mergo v0.3.14
+	github.com/imdario/mergo v0.3.15
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
diff --git a/go.sum b/go.sum
index 548fa93e1..942dca7f5 100644
--- a/go.sum
+++ b/go.sum
@@ -492,8 +492,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/imdario/mergo v0.3.14 h1:fOqeC1+nCuuk6PKQdg9YmosXX7Y7mHX6R/0ZldI9iHo=
-github.com/imdario/mergo v0.3.14/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=

From 1379ed7e79a04f773df9e3f0635690cab03dd567 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 14 Apr 2023 09:16:28 +0200
Subject: [PATCH 0864/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#408)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.2 to 10.12.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.11.2...v10.12.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 8656e3d5d..3f5d22cc3 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.13.2
-	github.com/go-playground/validator/v10 v10.11.2
+	github.com/go-playground/validator/v10 v10.12.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.13.0
@@ -169,7 +169,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.2.2 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
diff --git a/go.sum b/go.sum
index 942dca7f5..b6c2847f4 100644
--- a/go.sum
+++ b/go.sum
@@ -303,8 +303,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
-github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
+github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
+github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -553,8 +553,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4=
+github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -732,6 +732,7 @@ github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHur
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=

From 0a4395515a076459f78fa49a52f005638ce4c7ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Apr 2023 09:27:36 +0200
Subject: [PATCH 0865/2268] fix: Revert handling - as "simple identifier" when
 building a json path (#409)

---
 pkg/utils/uo/jsonpath.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 44e375534..5263f8639 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 )
 
-var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_-][A-Za-z0-9_-]+$`)
+var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]+$`)
 
 type KeyPath []interface{}
 

From a4987270fca40079873e626ccc0ac0115cbb104d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Apr 2023 09:14:18 +0200
Subject: [PATCH 0866/2268] chore(deps): Bump k8s.io/apimachinery from 0.27.0
 to 0.27.1 (#410)

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.27.0 to 0.27.1.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.27.0...v0.27.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3f5d22cc3..d1822c4f6 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	helm.sh/helm/v3 v3.11.2
 	k8s.io/api v0.26.3
 	k8s.io/apiextensions-apiserver v0.26.3
-	k8s.io/apimachinery v0.27.0
+	k8s.io/apimachinery v0.27.1
 	k8s.io/client-go v0.26.3
 	k8s.io/klog/v2 v2.90.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
diff --git a/go.sum b/go.sum
index b6c2847f4..239984801 100644
--- a/go.sum
+++ b/go.sum
@@ -1336,8 +1336,8 @@ k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
 k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
 k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE=
 k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ=
-k8s.io/apimachinery v0.27.0 h1:vEyy/PVMbPMCPutrssCVHCf0JNZ0Px+YqPi82K2ALlk=
-k8s.io/apimachinery v0.27.0/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
+k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc=
+k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
 k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4=
 k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=

From 8bb0011d686e85e91bec6b93258a370f013f8edc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Apr 2023 10:08:04 +0200
Subject: [PATCH 0867/2268] feat: Switch to using json tags instead of yaml
 tags (#416)

* refactor: Remove unused TargetConfig

* refactor: Remove unused WriteYamlToTar

* feat: Use k8s yaml parsing based on json for all structs
---
 cmd/kluctl/commands/root.go             |   2 +-
 pkg/deployment/images.go                |   4 +-
 pkg/deployment/utils/diff_utils_test.go |   2 +-
 pkg/git/git-url/url.go                  |   9 +-
 pkg/git/test_git_server.go              |   2 +-
 pkg/git/utils.go                        |   4 +-
 pkg/repocache/cache.go                  |   6 +-
 pkg/types/command_result.go             |  56 ++++-----
 pkg/types/deployment.go                 |  69 +++++------
 pkg/types/git_project.go                |  17 +--
 pkg/types/helm_chart.go                 |  26 ++--
 pkg/types/k8s/ref.go                    |   2 +-
 pkg/types/kluctl_project.go             |  44 +++----
 pkg/types/target_config.go              |  26 ++--
 pkg/types/url.go                        |   9 +-
 pkg/types/vars_source.go                |  58 ++++-----
 pkg/utils/uo/nested_fields.go           |   2 +
 pkg/utils/uo/uo.go                      |  11 +-
 pkg/vars/vars_loader_test.go            |   6 +-
 pkg/vars/vars_test.go                   |   8 +-
 pkg/yaml/yaml.go                        | 150 +++++++++---------------
 pkg/yaml/yaml_test.go                   |  12 +-
 22 files changed, 239 insertions(+), 286 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 4b949d272..291655957 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -141,7 +141,7 @@ func setupProfiling(cpuProfile string) error {
 }
 
 type VersionCheckState struct {
-	LastVersionCheck time.Time `yaml:"lastVersionCheck"`
+	LastVersionCheck time.Time `json:"lastVersionCheck"`
 }
 
 func checkNewVersion(ctx context.Context) {
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index b1af402d6..715f0c327 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -116,8 +116,8 @@ const beginPlaceholder = "XXXXXbegin_get_image_"
 const endPlaceholder = "_end_get_imageXXXXX"
 
 type placeHolder struct {
-	Image            string `yaml:"image"`
-	HasLatestVersion bool   `yaml:"hasLatestVersion"`
+	Image            string `json:"image"`
+	HasLatestVersion bool   `json:"hasLatestVersion"`
 
 	Container string
 
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index c97d60e62..042fd32ef 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -119,9 +119,9 @@ func TestDiff(t *testing.T) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []types.Change{
+					types.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
 					types.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
 					types.Change{Type: "insert", JsonPath: "data.d3", OldValue: interface{}(nil), NewValue: "v3", UnifiedDiff: "+v3"},
-					types.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
diff --git a/pkg/git/git-url/url.go b/pkg/git/git-url/url.go
index 5bf30d9ee..57f5cfa0f 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/git/git-url/url.go
@@ -1,6 +1,7 @@
 package git_url
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
 	"net/url"
@@ -19,9 +20,9 @@ func Parse(u string) (*GitUrl, error) {
 	return &GitUrl{*u2}, nil
 }
 
-func (u *GitUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
+func (u *GitUrl) UnmarshalJSON(b []byte) error {
 	var s string
-	err := unmarshal(&s)
+	err := json.Unmarshal(b, &s)
 	if err != nil {
 		return err
 	}
@@ -33,8 +34,8 @@ func (u *GitUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u GitUrl) MarshalYAML() (interface{}, error) {
-	return u.String(), nil
+func (u GitUrl) MarshalJSON() ([]byte, error) {
+	return json.Marshal(u.String())
 }
 
 func (u *GitUrl) IsSsh() bool {
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 3e87f6531..26b656b5c 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -9,12 +9,12 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
+	"sigs.k8s.io/yaml"
 	"testing"
 
 	"github.com/go-git/go-git/v5"
 	"github.com/jinzhu/copier"
 	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
-	"gopkg.in/yaml.v3"
 )
 
 type TestGitServer struct {
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index f007fa3ee..2fae8fd60 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -8,8 +8,8 @@ import (
 )
 
 type CheckoutInfo struct {
-	CheckedOutRef    string `yaml:"checkedOutRef"`
-	CheckedOutCommit string `yaml:"checkedOutCommit"`
+	CheckedOutRef    string `json:"checkedOutRef"`
+	CheckedOutCommit string `json:"checkedOutCommit"`
 }
 
 func GetCheckoutInfo(path string) (ri CheckoutInfo, err error) {
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 3db2b00c5..b3ca0907f 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -47,9 +47,9 @@ type CacheEntry struct {
 }
 
 type RepoInfo struct {
-	Url        git_url.GitUrl    `yaml:"url"`
-	RemoteRefs map[string]string `yaml:"remoteRefs"`
-	DefaultRef string            `yaml:"defaultRef"`
+	Url        git_url.GitUrl    `json:"url"`
+	RemoteRefs map[string]string `json:"remoteRefs"`
+	DefaultRef string            `json:"defaultRef"`
 }
 
 type RepoOverride struct {
diff --git a/pkg/types/command_result.go b/pkg/types/command_result.go
index 5142d73c0..d6a235c9a 100644
--- a/pkg/types/command_result.go
+++ b/pkg/types/command_result.go
@@ -6,50 +6,50 @@ import (
 )
 
 type Change struct {
-	Type        string      `yaml:"type" validate:"required"`
-	JsonPath    string      `yaml:"jsonPath" validate:"required"`
-	OldValue    interface{} `yaml:"oldValue,omitempty"`
-	NewValue    interface{} `yaml:"newValue,omitempty"`
-	UnifiedDiff string      `yaml:"unifiedDiff,omitempty"`
+	Type        string      `json:"type" validate:"required"`
+	JsonPath    string      `json:"jsonPath" validate:"required"`
+	OldValue    interface{} `json:"oldValue,omitempty"`
+	NewValue    interface{} `json:"newValue,omitempty"`
+	UnifiedDiff string      `json:"unifiedDiff,omitempty"`
 }
 
 type ChangedObject struct {
-	Ref       k8s.ObjectRef          `yaml:"ref"`
-	NewObject *uo.UnstructuredObject `yaml:"newObject,omitempty"`
-	OldObject *uo.UnstructuredObject `yaml:"oldObject,omitempty"`
-	Changes   []Change               `yaml:"changes,omitempty"`
+	Ref       k8s.ObjectRef          `json:"ref"`
+	NewObject *uo.UnstructuredObject `json:"newObject,omitempty"`
+	OldObject *uo.UnstructuredObject `json:"oldObject,omitempty"`
+	Changes   []Change               `json:"changes,omitempty"`
 }
 
 type RefAndObject struct {
-	Ref    k8s.ObjectRef          `yaml:"ref"`
-	Object *uo.UnstructuredObject `yaml:"object,omitempty"`
+	Ref    k8s.ObjectRef          `json:"ref"`
+	Object *uo.UnstructuredObject `json:"object,omitempty"`
 }
 
 type DeploymentError struct {
-	Ref   k8s.ObjectRef `yaml:"ref"`
-	Error string        `yaml:"error"`
+	Ref   k8s.ObjectRef `json:"ref"`
+	Error string        `json:"error"`
 }
 
 type CommandResult struct {
-	NewObjects     []*RefAndObject   `yaml:"newObjects,omitempty"`
-	ChangedObjects []*ChangedObject  `yaml:"changedObjects,omitempty"`
-	HookObjects    []*RefAndObject   `yaml:"hookObjects,omitempty"`
-	OrphanObjects  []k8s.ObjectRef   `yaml:"orphanObjects,omitempty"`
-	DeletedObjects []k8s.ObjectRef   `yaml:"deletedObjects,omitempty"`
-	Errors         []DeploymentError `yaml:"errors,omitempty"`
-	Warnings       []DeploymentError `yaml:"warnings,omitempty"`
-	SeenImages     []FixedImage      `yaml:"seenImages,omitempty"`
+	NewObjects     []*RefAndObject   `json:"newObjects,omitempty"`
+	ChangedObjects []*ChangedObject  `json:"changedObjects,omitempty"`
+	HookObjects    []*RefAndObject   `json:"hookObjects,omitempty"`
+	OrphanObjects  []k8s.ObjectRef   `json:"orphanObjects,omitempty"`
+	DeletedObjects []k8s.ObjectRef   `json:"deletedObjects,omitempty"`
+	Errors         []DeploymentError `json:"errors,omitempty"`
+	Warnings       []DeploymentError `json:"warnings,omitempty"`
+	SeenImages     []FixedImage      `json:"seenImages,omitempty"`
 }
 
 type ValidateResultEntry struct {
-	Ref        k8s.ObjectRef `yaml:"ref"`
-	Annotation string        `yaml:"annotation"`
-	Message    string        `yaml:"message"`
+	Ref        k8s.ObjectRef `json:"ref"`
+	Annotation string        `json:"annotation"`
+	Message    string        `json:"message"`
 }
 
 type ValidateResult struct {
-	Ready    bool                  `yaml:"ready"`
-	Warnings []DeploymentError     `yaml:"warnings,omitempty"`
-	Errors   []DeploymentError     `yaml:"errors,omitempty"`
-	Results  []ValidateResultEntry `yaml:"results,omitempty"`
+	Ready    bool                  `json:"ready"`
+	Warnings []DeploymentError     `json:"warnings,omitempty"`
+	Errors   []DeploymentError     `json:"errors,omitempty"`
+	Results  []ValidateResultEntry `json:"results,omitempty"`
 }
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 22e2a1914..dfa43ce2c 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -1,23 +1,24 @@
 package types
 
 import (
+	"encoding/json"
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DeploymentItemConfig struct {
-	Path             *string                  `yaml:"path,omitempty"`
-	Include          *string                  `yaml:"include,omitempty"`
-	Git              *GitProject              `yaml:"git,omitempty"`
-	Tags             []string                 `yaml:"tags,omitempty"`
-	Barrier          bool                     `yaml:"barrier,omitempty"`
-	WaitReadiness    bool                     `yaml:"waitReadiness,omitempty"`
-	Vars             []*VarsSource            `yaml:"vars,omitempty"`
-	SkipDeleteIfTags bool                     `yaml:"skipDeleteIfTags,omitempty"`
-	OnlyRender       bool                     `yaml:"onlyRender,omitempty"`
-	AlwaysDeploy     bool                     `yaml:"alwaysDeploy,omitempty"`
-	DeleteObjects    []DeleteObjectItemConfig `yaml:"deleteObjects,omitempty"`
-	When             string                   `yaml:"when,omitempty"`
+	Path             *string                  `json:"path,omitempty"`
+	Include          *string                  `json:"include,omitempty"`
+	Git              *GitProject              `json:"git,omitempty"`
+	Tags             []string                 `json:"tags,omitempty"`
+	Barrier          bool                     `json:"barrier,omitempty"`
+	WaitReadiness    bool                     `json:"waitReadiness,omitempty"`
+	Vars             []*VarsSource            `json:"vars,omitempty"`
+	SkipDeleteIfTags bool                     `json:"skipDeleteIfTags,omitempty"`
+	OnlyRender       bool                     `json:"onlyRender,omitempty"`
+	AlwaysDeploy     bool                     `json:"alwaysDeploy,omitempty"`
+	DeleteObjects    []DeleteObjectItemConfig `json:"deleteObjects,omitempty"`
+	When             string                   `json:"when,omitempty"`
 }
 
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
@@ -41,10 +42,10 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 }
 
 type DeleteObjectItemConfig struct {
-	Group     *string `yaml:"group,omitempty"`
-	Kind      *string `yaml:"kind,omitempty"`
-	Name      string  `yaml:"name" validate:"required"`
-	Namespace string  `yaml:"namespace,omitempty"`
+	Group     *string `json:"group,omitempty"`
+	Kind      *string `json:"kind,omitempty"`
+	Name      string  `json:"name" validate:"required"`
+	Namespace string  `json:"namespace,omitempty"`
 }
 
 func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
@@ -55,21 +56,21 @@ func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 }
 
 type SealedSecretsConfig struct {
-	OutputPattern *string `yaml:"outputPattern,omitempty"`
+	OutputPattern *string `json:"outputPattern,omitempty"`
 }
 
 type SingleStringOrList []string
 
-func (s *SingleStringOrList) UnmarshalYAML(unmarshal func(interface{}) error) error {
+func (s *SingleStringOrList) UnmarshalJSON(b []byte) error {
 	var single string
-	if err := unmarshal(&single); err == nil {
+	if err := json.Unmarshal(b, &single); err == nil {
 		// it's a single project
 		*s = []string{single}
 		return nil
 	}
 	// try as array
 	var arr []string
-	if err := unmarshal(&arr); err != nil {
+	if err := json.Unmarshal(b, &arr); err != nil {
 		return err
 	}
 	*s = arr
@@ -77,12 +78,12 @@ func (s *SingleStringOrList) UnmarshalYAML(unmarshal func(interface{}) error) er
 }
 
 type IgnoreForDiffItemConfig struct {
-	FieldPath      SingleStringOrList `yaml:"fieldPath" validate:"required"`
-	FieldPathRegex SingleStringOrList `yaml:"fieldPathRegex,omitempty"`
-	Group          *string            `yaml:"group,omitempty"`
-	Kind           *string            `yaml:"kind,omitempty"`
-	Name           *string            `yaml:"name,omitempty"`
-	Namespace      *string            `yaml:"namespace,omitempty"`
+	FieldPath      SingleStringOrList `json:"fieldPath,omitempty"`
+	FieldPathRegex SingleStringOrList `json:"fieldPathRegex,omitempty"`
+	Group          *string            `json:"group,omitempty"`
+	Kind           *string            `json:"kind,omitempty"`
+	Name           *string            `json:"name,omitempty"`
+	Namespace      *string            `json:"namespace,omitempty"`
 }
 
 func ValidateIgnoreForDiffItemConfig(sl validator.StructLevel) {
@@ -93,18 +94,18 @@ func ValidateIgnoreForDiffItemConfig(sl validator.StructLevel) {
 }
 
 type DeploymentProjectConfig struct {
-	Vars          []*VarsSource        `yaml:"vars,omitempty"`
-	SealedSecrets *SealedSecretsConfig `yaml:"sealedSecrets,omitempty"`
+	Vars          []*VarsSource        `json:"vars,omitempty"`
+	SealedSecrets *SealedSecretsConfig `json:"sealedSecrets,omitempty"`
 
-	When string `yaml:"when,omitempty"`
+	When string `json:"when,omitempty"`
 
-	Deployments []*DeploymentItemConfig `yaml:"deployments,omitempty"`
+	Deployments []*DeploymentItemConfig `json:"deployments,omitempty"`
 
-	CommonLabels      map[string]string `yaml:"commonLabels,omitempty"`
-	OverrideNamespace *string           `yaml:"overrideNamespace,omitempty"`
-	Tags              []string          `yaml:"tags,omitempty"`
+	CommonLabels      map[string]string `json:"commonLabels,omitempty"`
+	OverrideNamespace *string           `json:"overrideNamespace,omitempty"`
+	Tags              []string          `json:"tags,omitempty"`
 
-	IgnoreForDiff []*IgnoreForDiffItemConfig `yaml:"ignoreForDiff,omitempty"`
+	IgnoreForDiff []*IgnoreForDiffItemConfig `json:"ignoreForDiff,omitempty"`
 }
 
 func init() {
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 5183cf964..e43997353 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -1,6 +1,7 @@
 package types
 
 import (
+	"encoding/json"
 	"fmt"
 	"regexp"
 	"strings"
@@ -14,18 +15,18 @@ import (
 var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
 
 type GitProject struct {
-	Url    git_url.GitUrl `yaml:"url" validate:"required"`
-	Ref    string         `yaml:"ref,omitempty"`
-	SubDir string         `yaml:"subDir,omitempty"`
+	Url    git_url.GitUrl `json:"url" validate:"required"`
+	Ref    string         `json:"ref,omitempty"`
+	SubDir string         `json:"subDir,omitempty"`
 }
 
-func (gp *GitProject) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	if err := unmarshal(&gp.Url); err == nil {
+func (gp *GitProject) UnmarshalJSON(b []byte) error {
+	if err := json.Unmarshal(b, &gp.Url); err == nil {
 		// it's a simple string
 		return nil
 	}
 	type raw GitProject
-	return unmarshal((*raw)(gp))
+	return json.Unmarshal(b, (*raw)(gp))
 }
 
 // invalidDirName evaluate directory name against forbidden characters
@@ -51,8 +52,8 @@ func ValidateGitProject(sl validator.StructLevel) {
 }
 
 type ExternalProject struct {
-	Project *GitProject `yaml:"project,omitempty"`
-	Path    *string     `yaml:"path,omitempty"`
+	Project *GitProject `json:"project,omitempty"`
+	Path    *string     `json:"path,omitempty"`
 }
 
 func ValidateExternalProject(sl validator.StructLevel) {
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 78011ad58..fe1260358 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -7,18 +7,18 @@ import (
 )
 
 type HelmChartConfig2 struct {
-	Repo              string  `yaml:"repo,omitempty"`
-	Path              string  `yaml:"path,omitempty"`
-	CredentialsId     *string `yaml:"credentialsId,omitempty"`
-	ChartName         string  `yaml:"chartName,omitempty"`
-	ChartVersion      string  `yaml:"chartVersion,omitempty"`
-	UpdateConstraints *string `yaml:"updateConstraints,omitempty"`
-	ReleaseName       string  `yaml:"releaseName" validate:"required"`
-	Namespace         *string `yaml:"namespace,omitempty"`
-	Output            *string `yaml:"output,omitempty"`
-	SkipCRDs          bool    `yaml:"skipCRDs,omitempty"`
-	SkipUpdate        bool    `yaml:"skipUpdate,omitempty"`
-	SkipPrePull       bool    `yaml:"skipPrePull,omitempty"`
+	Repo              string  `json:"repo,omitempty"`
+	Path              string  `json:"path,omitempty"`
+	CredentialsId     *string `json:"credentialsId,omitempty"`
+	ChartName         string  `json:"chartName,omitempty"`
+	ChartVersion      string  `json:"chartVersion,omitempty"`
+	UpdateConstraints *string `json:"updateConstraints,omitempty"`
+	ReleaseName       string  `json:"releaseName" validate:"required"`
+	Namespace         *string `json:"namespace,omitempty"`
+	Output            *string `json:"output,omitempty"`
+	SkipCRDs          bool    `json:"skipCRDs,omitempty"`
+	SkipUpdate        bool    `json:"skipUpdate,omitempty"`
+	SkipPrePull       bool    `json:"skipPrePull,omitempty"`
 }
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
@@ -54,7 +54,7 @@ func ValidateHelmChartConfig2(sl validator.StructLevel) {
 }
 
 type HelmChartConfig struct {
-	HelmChartConfig2 `yaml:"helmChart" validate:"required"`
+	HelmChartConfig2 `json:"helmChart" validate:"required"`
 }
 
 func init() {
diff --git a/pkg/types/k8s/ref.go b/pkg/types/k8s/ref.go
index d166f88bd..c3e3da2bc 100644
--- a/pkg/types/k8s/ref.go
+++ b/pkg/types/k8s/ref.go
@@ -6,7 +6,7 @@ import (
 )
 
 type ObjectRef struct {
-	GVK       schema.GroupVersionKind `yaml:"gvk,inline"`
+	GVK       schema.GroupVersionKind `json:"gvk,inline"`
 	Name      string
 	Namespace string
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index e00908085..063a41398 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -5,44 +5,44 @@ import (
 )
 
 type SealingConfig struct {
-	Args       *uo.UnstructuredObject `yaml:"args,omitempty"`
-	SecretSets []string               `yaml:"secretSets,omitempty"`
-	CertFile   *string                `yaml:"certFile,omitempty"`
+	Args       *uo.UnstructuredObject `json:"args,omitempty"`
+	SecretSets []string               `json:"secretSets,omitempty"`
+	CertFile   *string                `json:"certFile,omitempty"`
 }
 
 type Target struct {
-	Name          string                 `yaml:"name" validate:"required"`
-	Context       *string                `yaml:"context,omitempty"`
-	Args          *uo.UnstructuredObject `yaml:"args,omitempty"`
-	SealingConfig *SealingConfig         `yaml:"sealingConfig,omitempty"`
-	Images        []FixedImage           `yaml:"images,omitempty"`
-	Discriminator string                 `yaml:"discriminator,omitempty"`
+	Name          string                 `json:"name" validate:"required"`
+	Context       *string                `json:"context,omitempty"`
+	Args          *uo.UnstructuredObject `json:"args,omitempty"`
+	SealingConfig *SealingConfig         `json:"sealingConfig,omitempty"`
+	Images        []FixedImage           `json:"images,omitempty"`
+	Discriminator string                 `json:"discriminator,omitempty"`
 }
 
 type DeploymentArg struct {
-	Name    string      `yaml:"name" validate:"required"`
-	Default interface{} `yaml:"default,omitempty"`
+	Name    string      `json:"name" validate:"required"`
+	Default interface{} `json:"default,omitempty"`
 }
 
 type SecretSet struct {
-	Name string        `yaml:"name" validate:"required"`
-	Vars []*VarsSource `yaml:"vars,omitempty"`
+	Name string        `json:"name" validate:"required"`
+	Vars []*VarsSource `json:"vars,omitempty"`
 }
 
 type GlobalSealedSecretsConfig struct {
-	Bootstrap      *bool   `yaml:"bootstrap,omitempty"`
-	Namespace      *string `yaml:"namespace,omitempty"`
-	ControllerName *string `yaml:"controllerName,omitempty"`
+	Bootstrap      *bool   `json:"bootstrap,omitempty"`
+	Namespace      *string `json:"namespace,omitempty"`
+	ControllerName *string `json:"controllerName,omitempty"`
 }
 
 type SecretsConfig struct {
-	SealedSecrets *GlobalSealedSecretsConfig `yaml:"sealedSecrets,omitempty"`
-	SecretSets    []SecretSet                `yaml:"secretSets,omitempty"`
+	SealedSecrets *GlobalSealedSecretsConfig `json:"sealedSecrets,omitempty"`
+	SecretSets    []SecretSet                `json:"secretSets,omitempty"`
 }
 
 type KluctlProject struct {
-	Targets       []*Target        `yaml:"targets,omitempty"`
-	Args          []*DeploymentArg `yaml:"args,omitempty"`
-	SecretsConfig *SecretsConfig   `yaml:"secretsConfig,omitempty"`
-	Discriminator string           `yaml:"discriminator,omitempty"`
+	Targets       []*Target        `json:"targets,omitempty"`
+	Args          []*DeploymentArg `json:"args,omitempty"`
+	SecretsConfig *SecretsConfig   `json:"secretsConfig,omitempty"`
+	Discriminator string           `json:"discriminator,omitempty"`
 }
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index 7540757f6..262bf793a 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -2,26 +2,20 @@ package types
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type FixedImage struct {
-	Image         string         `yaml:"image" validate:"required"`
-	ResultImage   string         `yaml:"resultImage" validate:"required"`
-	DeployedImage *string        `yaml:"deployedImage,omitempty"`
-	Namespace     *string        `yaml:"namespace,omitempty"`
-	Object        *k8s.ObjectRef `yaml:"object,omitempty"`
-	Deployment    *string        `yaml:"deployment,omitempty"`
-	Container     *string        `yaml:"container,omitempty"`
-	DeployTags    []string       `yaml:"deployTags,omitempty"`
-	DeploymentDir *string        `yaml:"deploymentDir,omitempty"`
+	Image         string         `json:"image" validate:"required"`
+	ResultImage   string         `json:"resultImage" validate:"required"`
+	DeployedImage *string        `json:"deployedImage,omitempty"`
+	Namespace     *string        `json:"namespace,omitempty"`
+	Object        *k8s.ObjectRef `json:"object,omitempty"`
+	Deployment    *string        `json:"deployment,omitempty"`
+	Container     *string        `json:"container,omitempty"`
+	DeployTags    []string       `json:"deployTags,omitempty"`
+	DeploymentDir *string        `json:"deploymentDir,omitempty"`
 }
 
 type FixedImagesConfig struct {
-	Images []FixedImage `yaml:"images,omitempty"`
-}
-
-type TargetConfig struct {
-	FixedImagesConfig `yaml:"fixed_images_config,inline"`
-	Args              *uo.UnstructuredObject `yaml:"args,omitempty"`
+	Images []FixedImage `json:"images,omitempty"`
 }
diff --git a/pkg/types/url.go b/pkg/types/url.go
index 703f8dfba..59560e2df 100644
--- a/pkg/types/url.go
+++ b/pkg/types/url.go
@@ -1,6 +1,7 @@
 package types
 
 import (
+	"encoding/json"
 	"net/url"
 )
 
@@ -8,9 +9,9 @@ type YamlUrl struct {
 	url.URL
 }
 
-func (u *YamlUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
+func (u *YamlUrl) UnmarshalJSON(b []byte) error {
 	var s string
-	err := unmarshal(&s)
+	err := json.Unmarshal(b, &s)
 	if err != nil {
 		return err
 	}
@@ -22,6 +23,6 @@ func (u *YamlUrl) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	return err
 }
 
-func (u YamlUrl) MarshalYAML() (interface{}, error) {
-	return u.String(), nil
+func (u YamlUrl) MarshalJSON() ([]byte, error) {
+	return json.Marshal(u.String())
 }
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 9e9c3db25..942cd6654 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -9,16 +9,16 @@ import (
 )
 
 type VarsSourceGit struct {
-	Url  git_url.GitUrl `yaml:"url" validate:"required"`
-	Ref  string         `yaml:"ref,omitempty"`
-	Path string         `yaml:"path" validate:"required"`
+	Url  git_url.GitUrl `json:"url" validate:"required"`
+	Ref  string         `json:"ref,omitempty"`
+	Path string         `json:"path" validate:"required"`
 }
 
 type VarsSourceClusterConfigMapOrSecret struct {
-	Name      string            `yaml:"name,omitempty"`
-	Labels    map[string]string `yaml:"labels,omitempty"`
-	Namespace string            `yaml:"namespace" validate:"required"`
-	Key       string            `yaml:"key" validate:"required"`
+	Name      string            `json:"name,omitempty"`
+	Labels    map[string]string `json:"labels,omitempty"`
+	Namespace string            `json:"namespace" validate:"required"`
+	Key       string            `json:"key" validate:"required"`
 }
 
 func ValidateVarsSourceClusterConfigMapOrSecret(sl validator.StructLevel) {
@@ -32,42 +32,42 @@ func ValidateVarsSourceClusterConfigMapOrSecret(sl validator.StructLevel) {
 }
 
 type VarsSourceHttp struct {
-	Url      YamlUrl           `yaml:"url,omitempty" validate:"required"`
-	Method   *string           `yaml:"method,omitempty"`
-	Body     *string           `yaml:"body,omitempty"`
-	Headers  map[string]string `yaml:"headers,omitempty"`
-	JsonPath *string           `yaml:"jsonPath,omitempty"`
+	Url      YamlUrl           `json:"url,omitempty" validate:"required"`
+	Method   *string           `json:"method,omitempty"`
+	Body     *string           `json:"body,omitempty"`
+	Headers  map[string]string `json:"headers,omitempty"`
+	JsonPath *string           `json:"jsonPath,omitempty"`
 }
 
 type VarsSourceAwsSecretsManager struct {
 	// Name or ARN of the secret. In case a name is given, the region must be specified as well
-	SecretName string `yaml:"secretName" validate:"required"`
+	SecretName string `json:"secretName" validate:"required"`
 	// The aws region
-	Region *string `yaml:"region,omitempty"`
+	Region *string `json:"region,omitempty"`
 	// AWS credentials profile to use. The AWS_PROFILE environemnt variables will take precedence in case it is also set
-	Profile *string `yaml:"profile,omitempty"`
+	Profile *string `json:"profile,omitempty"`
 }
 
 type VarsSourceVault struct {
-	Address string `yaml:"address" validate:"required"`
-	Path    string `yaml:"path" validate:"required"`
+	Address string `json:"address" validate:"required"`
+	Path    string `json:"path" validate:"required"`
 }
 
 type VarsSource struct {
-	IgnoreMissing *bool `yaml:"ignoreMissing,omitempty"`
-	NoOverride    *bool `yaml:"noOverride,omitempty"`
+	IgnoreMissing *bool `json:"ignoreMissing,omitempty"`
+	NoOverride    *bool `json:"noOverride,omitempty"`
 
-	Values            *uo.UnstructuredObject              `yaml:"values,omitempty"`
-	File              *string                             `yaml:"file,omitempty"`
-	Git               *VarsSourceGit                      `yaml:"git,omitempty"`
-	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `yaml:"clusterConfigMap,omitempty"`
-	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `yaml:"clusterSecret,omitempty"`
-	SystemEnvVars     *uo.UnstructuredObject              `yaml:"systemEnvVars,omitempty"`
-	Http              *VarsSourceHttp                     `yaml:"http,omitempty"`
-	AwsSecretsManager *VarsSourceAwsSecretsManager        `yaml:"awsSecretsManager,omitempty"`
-	Vault             *VarsSourceVault                    `yaml:"vault,omitempty"`
+	Values            *uo.UnstructuredObject              `json:"values,omitempty"`
+	File              *string                             `json:"file,omitempty"`
+	Git               *VarsSourceGit                      `json:"git,omitempty"`
+	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `json:"clusterConfigMap,omitempty"`
+	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `json:"clusterSecret,omitempty"`
+	SystemEnvVars     *uo.UnstructuredObject              `json:"systemEnvVars,omitempty"`
+	Http              *VarsSourceHttp                     `json:"http,omitempty"`
+	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty"`
+	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
 
-	When string `yaml:"when,omitempty"`
+	When string `json:"when,omitempty"`
 }
 
 func ValidateVarsSource(sl validator.StructLevel) {
diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index 35e3be0c0..a30a992a5 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -134,6 +134,8 @@ func (uo *UnstructuredObject) GetNestedInt(keys ...interface{}) (int64, bool, er
 		return vv.Int(), true, nil
 	} else if vv.CanUint() {
 		return int64(vv.Uint()), true, nil
+	} else if vv.CanFloat() {
+		return int64(vv.Float()), true, nil
 	} else {
 		return 0, false, fmt.Errorf("value at %s is not an int", KeyPath(keys).ToJsonPath())
 	}
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index d5190d1ae..7983e3f23 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -1,6 +1,7 @@
 package uo
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/jinzhu/copier"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -9,15 +10,15 @@ import (
 )
 
 type UnstructuredObject struct {
-	Object map[string]interface{} `yaml:"object,omitempty,inline"`
+	Object map[string]interface{} `json:"object,omitempty,inline"`
 }
 
-func (uo *UnstructuredObject) MarshalYAML() (interface{}, error) {
-	return &uo.Object, nil
+func (uo *UnstructuredObject) MarshalJSON() ([]byte, error) {
+	return json.Marshal(uo.Object)
 }
 
-func (uo *UnstructuredObject) UnmarshalYAML(unmarshal func(interface{}) error) error {
-	return unmarshal(&uo.Object)
+func (uo *UnstructuredObject) UnmarshalJSON(b []byte) error {
+	return json.Unmarshal(b, &uo.Object)
 }
 
 func (uo *UnstructuredObject) IsZero() bool {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 64b8ba404..d4387a66d 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -479,19 +479,19 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 		assert.NoError(t, err)
 
 		v, _, _ := vc.Vars.GetNestedField("test1")
-		assert.Equal(t, 42, v)
+		assert.Equal(t, 42., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test2")
 		assert.Equal(t, "43", v)
 
 		v, _, _ = vc.Vars.GetNestedField("test3", "test4")
-		assert.Equal(t, 44, v)
+		assert.Equal(t, 44., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test5")
 		assert.Equal(t, "def", v)
 
 		v, _, _ = vc.Vars.GetNestedField("test6")
-		assert.Equal(t, 42, v)
+		assert.Equal(t, 42., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test7")
 		assert.Equal(t, "", v)
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index 46c822e8b..a69c7077c 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -52,10 +52,12 @@ func TestVarsCtxStruct(t *testing.T) {
 
 	s := struct {
 		Test1 struct {
-			Test2 int
-		}
+			Test2 int `json:"test2"`
+		} `json:"test1"`
 	}{
-		Test1: struct{ Test2 int }{Test2: 42},
+		Test1: struct {
+			Test2 int `json:"test2"`
+		}{Test2: 42},
 	}
 
 	err := varsCtx.UpdateChildFromStruct("child", s)
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 89610c94a..95bfb5a33 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -1,7 +1,6 @@
 package yaml
 
 import (
-	"archive/tar"
 	"bytes"
 	"encoding/json"
 	"errors"
@@ -10,41 +9,14 @@ import (
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
 	yaml2 "gopkg.in/yaml.v2"
-	yaml3 "gopkg.in/yaml.v3"
 	"io"
 	"os"
 	"path/filepath"
+	"regexp"
+	"sigs.k8s.io/yaml"
 	"strings"
 )
 
-type Decoder interface {
-	Decode(v interface{}) error
-}
-
-type decoderWrapper struct {
-	d *yaml3.Decoder
-}
-
-func (w *decoderWrapper) Decode(v interface{}) error {
-	err := w.d.Decode(v)
-	if err != nil {
-		return err
-	}
-
-	err = ValidateStructs(v)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func newDecoder(r io.Reader, out any) Decoder {
-	d := yaml3.NewDecoder(r)
-	d.KnownFields(true)
-	return &decoderWrapper{d: d}
-}
-
 func newUnicodeReader(r io.Reader) io.Reader {
 	utf16bom := unicode.BOMOverride(unicode.UTF8.NewDecoder())
 	return transform.NewReader(r, utf16bom)
@@ -75,13 +47,17 @@ func ReadYamlBytes(b []byte, o interface{}) error {
 func ReadYamlStream(r io.Reader, o interface{}) error {
 	r = newUnicodeReader(r)
 
-	d := newDecoder(r, o)
+	b, err := io.ReadAll(r)
+	if err != nil {
+		return err
+	}
 
-	err := d.Decode(o)
-	if err != nil && errors.Is(err, io.EOF) {
-		return nil
+	err = yaml.UnmarshalStrict(b, o)
+	if err != nil {
+		return err
 	}
-	return err
+
+	return ValidateStructs(o)
 }
 
 func ReadYamlAllFile(p string) ([]interface{}, error) {
@@ -102,27 +78,45 @@ func ReadYamlAllBytes(b []byte) ([]interface{}, error) {
 	return ReadYamlAllStream(bytes.NewReader(b))
 }
 
+var docsSep = regexp.MustCompile("(?:^|\\s*\n)---\\s*")
+
 func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
 	r = newUnicodeReader(r)
 
-	d := newDecoder(r, nil)
+	b, err := io.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+	s := string(b)
+	s = strings.TrimSpace(s)
 
-	var l []interface{}
-	for true {
-		var o interface{}
-		err := d.Decode(&o)
+	if s == "" {
+		return nil, nil
+	}
+
+	docs := docsSep.Split(s, -1)
+
+	ret := make([]any, 0, len(docs))
+	for _, doc := range docs {
+		if doc == "" {
+			continue
+		}
+
+		var x any
+		err = yaml.UnmarshalStrict([]byte(doc), &x)
 		if err != nil {
-			if errors.Is(err, io.EOF) {
-				break
-			}
 			return nil, err
 		}
-		if o != nil {
-			l = append(l, o)
+		if x == nil {
+			continue
 		}
+		err = ValidateStructs(x)
+		if err != nil {
+			return nil, err
+		}
+		ret = append(ret, x)
 	}
-
-	return l, nil
+	return ret, nil
 }
 
 func WriteYamlString(o interface{}) (string, error) {
@@ -166,65 +160,31 @@ func WriteYamlAllString(l []interface{}) (string, error) {
 }
 
 func WriteYamlAllStream(w io.Writer, l []interface{}) error {
-	enc := yaml3.NewEncoder(w)
-	defer enc.Close()
-
-	enc.SetIndent(2)
-
-	for _, o := range l {
-		err := enc.Encode(o)
+	for i, o := range l {
+		if i != 0 {
+			_, err := w.Write([]byte("---\n"))
+			if err != nil {
+				return err
+			}
+		}
+		b, err := yaml.Marshal(o)
+		if err != nil {
+			return err
+		}
+		_, err = w.Write(b)
 		if err != nil {
 			return err
 		}
-	}
-	return nil
-}
-
-func WriteYamlToTar(tw *tar.Writer, o interface{}, name string) error {
-	str, err := WriteYamlBytes(o)
-	if err != nil {
-		return err
-	}
-
-	err = tw.WriteHeader(&tar.Header{
-		Name: name,
-		Size: int64(len(str)),
-		Mode: 0o666 | tar.TypeReg,
-	})
-	if err != nil {
-		return err
-	}
-	_, err = tw.Write(str)
-	if err != nil {
-		return err
 	}
 	return nil
 }
 
 func WriteJsonString(o interface{}) (string, error) {
-	x, err := WriteYamlBytes(o)
-	if err != nil {
-		return "", err
-	}
-
-	x, err = ConvertYamlToJson(x)
+	b, err := json.Marshal(o)
 	if err != nil {
 		return "", err
 	}
-	return string(x), nil
-}
-
-func ConvertYamlToJson(b []byte) ([]byte, error) {
-	var x interface{}
-	err := ReadYamlBytes(b, &x)
-	if err != nil {
-		return nil, err
-	}
-	b, err = json.Marshal(x)
-	if err != nil {
-		return nil, err
-	}
-	return b, nil
+	return string(b), nil
 }
 
 // RemoveDuplicateFields is a helper/hack to remove duplicate fields from yaml maps/structs. The yaml spec explicitly
diff --git a/pkg/yaml/yaml_test.go b/pkg/yaml/yaml_test.go
index bd2d6b772..65144ea1e 100644
--- a/pkg/yaml/yaml_test.go
+++ b/pkg/yaml/yaml_test.go
@@ -16,7 +16,7 @@ type EmptyYamlConfig struct {
 }
 
 type SimpleYamlConfig struct {
-	Value string `yaml:"value"`
+	Value string `json:"value"`
 }
 
 func TestReadYamlFile(t *testing.T) {
@@ -308,16 +308,6 @@ value: anyValue2
 	assert.Equal(t, expectedString, buffer.String(), "Yaml not written correctly.")
 }
 
-func TestConvertYamlToJson(t *testing.T) {
-	yaml := `value: anyValue1`
-	expectedJson := `{"value":"anyValue1"}`
-	yamlBytes := []byte(yaml)
-	expectedJsonBytes := []byte(expectedJson)
-	jsonBytes, convertYamlToJsonErr := ConvertYamlToJson(yamlBytes)
-	assert.NoError(t, convertYamlToJsonErr, "Can't convert yaml to json: %s", convertYamlToJsonErr)
-	assert.Equal(t, expectedJsonBytes, jsonBytes, "Yaml not converted correctly.")
-}
-
 func TestWriteJsonString(t *testing.T) {
 	yaml := SimpleYamlConfig{
 		Value: "anyValue1",

From 545ed5261e981a8c3605d80b9692d23abf46b251 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 20 Apr 2023 08:42:16 +0200
Subject: [PATCH 0868/2268] docs: Update commonLabels documentation to not
 mention the use for deletion/pruning (#419)

---
 docs/reference/deployments/deployment-yml.md | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 9d40ee88e..c9ffb0808 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -231,10 +231,7 @@ See [templating](../templating/variable-sources.md) for more details.
 
 ## commonLabels
 A dictionary of [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) and values to be
-added to all resources deployed by any of the kustomize deployments in this deployment project.
-
-This feature is mainly meant to make it possible to identify all objects in a kubernetes cluster that were once deployed
-through a specific deployment project.
+added to all resources deployed by any of the deployment items in this deployment project.
 
 Consider the following example `deployment.yaml`:
 ```yaml
@@ -249,16 +246,13 @@ commonLabels:
   my.prefix/label-2: value-2
 ```
 
-Every resource deployed by the kustomize deployment `nginx` will now get the two provided labels attached. All included
-sub-deployment projects (e.g. `sub-deployment1`) will also recursively inherit these labels and pass them to further
+Every resource deployed by the kustomize deployment `nginx` will now get the four provided labels attached. All included
+sub-deployment projects (e.g. `sub-deployment1`) will also recursively inherit these labels and pass them further
 down.
 
-In case an included sub-deployment project also contains `commonLabels`, both dictionaries of common labels are merged
+In case an included sub-deployment project also contains `commonLabels`, both dictionaries of commonLabels are merged
 inside the included sub-deployment project. In case of conflicts, the included common labels override the inherited.
 
-The root deployment's `commonLabels` is also used to identify objects to be deleted when performing `kluctl delete`
-or `kluctl prune` operations
-
 Please note that these `commonLabels` are not related to `commonLabels` supported in `kustomization.yaml` files. It was
 decided to not rely on this feature but instead attach labels manually to resources right before sending them to
 kubernetes. This is due to an [implementation detail](https://github.com/kubernetes-sigs/kustomize/issues/1009) in

From 08ad2e31474f8722669669aacda86d419684e00a Mon Sep 17 00:00:00 2001
From: Pat Riehecky <3534830+jcpunk@users.noreply.github.com>
Date: Mon, 24 Apr 2023 02:24:14 -0500
Subject: [PATCH 0869/2268] docs: Add example for Kustomize integration (#421)

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 docs/reference/deployments/kustomize.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/reference/deployments/kustomize.md b/docs/reference/deployments/kustomize.md
index bcf694096..d772b5208 100644
--- a/docs/reference/deployments/kustomize.md
+++ b/docs/reference/deployments/kustomize.md
@@ -20,3 +20,24 @@ Generally, everything is possible via `kustomization.yaml`, is thus possible in
 We advise to read the kustomize
 [reference](https://kubectl.docs.kubernetes.io/references/kustomize/). You can also look into the official kustomize
 [example](https://github.com/kubernetes-sigs/kustomize/tree/master/examples).
+
+One way you might use this is to Kustomize a set of manifests from an external project.
+
+For example:
+```yaml
+# deployment.yml
+deployments:
+- git: git@github.com/example/example.git
+  onlyRender: true
+- path: kustomize_example
+```
+```yaml
+# kustomize_example/kustomization.yml
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+  - ../example
+patches:
+  - # your patches here
+```

From 5533d3b4efb3d9a02cf132cafedad233ea5f19f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Apr 2023 09:13:03 +0200
Subject: [PATCH 0870/2268] chore: Upgrade many k8s api/client related libs to
 latest version

---
 e2e/test-utils/envtest_cluster_callback.go |  4 +-
 go.mod                                     | 33 ++++++------
 go.sum                                     | 62 +++++++++++-----------
 3 files changed, 53 insertions(+), 46 deletions(-)

diff --git a/e2e/test-utils/envtest_cluster_callback.go b/e2e/test-utils/envtest_cluster_callback.go
index 54b95fc02..d28a532a9 100644
--- a/e2e/test-utils/envtest_cluster_callback.go
+++ b/e2e/test-utils/envtest_cluster_callback.go
@@ -26,7 +26,9 @@ func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb
 			return admission.Allowed("")
 		}),
 	}
-	_ = wh.InjectLogger(logr.New(log.NullLogSink{}))
+	wh.LogConstructor = func(base logr.Logger, req *admission.Request) logr.Logger {
+		return logr.New(log.NullLogSink{})
+	}
 	return wh
 }
 
diff --git a/go.mod b/go.mod
index d1822c4f6..4cebb73b0 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/ohler55/ojg v1.18.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.9.0
+	github.com/rogpeppe/go-internal v1.10.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
@@ -38,16 +38,16 @@ require (
 	golang.org/x/crypto v0.7.0
 	golang.org/x/net v0.8.0
 	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.6.0
+	golang.org/x/sys v0.7.0
 	golang.org/x/term v0.6.0
 	golang.org/x/text v0.9.0
 	gopkg.in/yaml.v2 v2.4.0
-	gopkg.in/yaml.v3 v3.0.1
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	helm.sh/helm/v3 v3.11.2
-	k8s.io/api v0.26.3
-	k8s.io/apiextensions-apiserver v0.26.3
+	k8s.io/api v0.27.1
+	k8s.io/apiextensions-apiserver v0.27.1
 	k8s.io/apimachinery v0.27.1
-	k8s.io/client-go v0.26.3
+	k8s.io/client-go v0.27.1
 	k8s.io/klog/v2 v2.90.1
 	sigs.k8s.io/kustomize/kyaml v0.13.9
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
@@ -59,10 +59,10 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.18.18
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0
 	github.com/go-git/go-git/v5 v5.6.1
-	github.com/go-logr/logr v1.2.3
+	github.com/go-logr/logr v1.2.4
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.4
+	github.com/onsi/gomega v1.27.6
 	github.com/otiai10/copy v1.10.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
@@ -70,6 +70,9 @@ require (
 	sigs.k8s.io/yaml v1.3.0
 )
 
+// TODO: when controller-runtime past v0.14.6 is released, remove this line
+replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22
+
 require (
 	cloud.google.com/go/compute v1.14.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
@@ -194,10 +197,10 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_golang v1.15.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.39.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -220,7 +223,7 @@ require (
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/oauth2 v0.3.0 // indirect
+	golang.org/x/oauth2 v0.5.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
@@ -228,15 +231,15 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
 	google.golang.org/grpc v1.52.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
-	k8s.io/apiserver v0.26.3 // indirect
+	k8s.io/apiserver v0.27.1 // indirect
 	k8s.io/cli-runtime v0.26.0 // indirect
-	k8s.io/component-base v0.26.3 // indirect
+	k8s.io/component-base v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
diff --git a/go.sum b/go.sum
index 239984801..4ae3c05a0 100644
--- a/go.sum
+++ b/go.sum
@@ -289,8 +289,8 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
@@ -308,7 +308,7 @@ github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6A
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
@@ -652,9 +652,9 @@ github.com/ohler55/ojg v1.18.4 h1:FXHUddnBgrx5RwlkTDJnXBL5s3DNOMlZfv4K27nNNtM=
 github.com/ohler55/ojg v1.18.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
-github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
-github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ=
+github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
+github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -695,8 +695,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM=
+github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -706,14 +706,14 @@ github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7q
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI=
-github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y=
+github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
+github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
+github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
@@ -725,8 +725,9 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
 github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -986,8 +987,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8=
-golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
+golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
+golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1075,8 +1076,9 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1286,8 +1288,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1332,20 +1334,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU=
-k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE=
-k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE=
-k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ=
+k8s.io/api v0.27.1 h1:Z6zUGQ1Vd10tJ+gHcNNNgkV5emCyW+v2XTmn+CLjSd0=
+k8s.io/api v0.27.1/go.mod h1:z5g/BpAiD+f6AArpqNjkY+cji8ueZDU/WV1jcj5Jk4E=
+k8s.io/apiextensions-apiserver v0.27.1 h1:Hp7B3KxKHBZ/FxmVFVpaDiXI6CCSr49P1OJjxKO6o4g=
+k8s.io/apiextensions-apiserver v0.27.1/go.mod h1:8jEvRDtKjVtWmdkhOqE84EcNWJt/uwF8PC4627UZghY=
 k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc=
 k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
-k8s.io/apiserver v0.26.3 h1:blBpv+yOiozkPH2aqClhJmJY+rp53Tgfac4SKPDJnU4=
-k8s.io/apiserver v0.26.3/go.mod h1:CJe/VoQNcXdhm67EvaVjYXxR3QyfwpceKPuPaeLibTA=
+k8s.io/apiserver v0.27.1 h1:phY+BtXjjzd+ta3a4kYbomC81azQSLa1K8jo9RBw7Lg=
+k8s.io/apiserver v0.27.1/go.mod h1:UGrOjLY2KsieA9Fw6lLiTObxTb8Z1xEba4uqSuMY0WU=
 k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
 k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
-k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s=
-k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ=
-k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g=
-k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E=
+k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8=
+k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA=
+k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
+k8s.io/component-base v0.27.1/go.mod h1:UGEd8+gxE4YWoigz5/lb3af3Q24w98pDseXcXZjw+E0=
 k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
@@ -1360,8 +1362,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s=
-sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0=
+sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22 h1:KnAZ+ITT57UpjlUM9AsuuPzzF0OjZAhtSgEPeQUHRzg=
+sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22/go.mod h1:ujEX5tSkpg5cCOhcwDWLsXwNuMCO+j4rpmmkIn6BGGc=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=

From a63ddcbbc908dcfe2f78dcfaa9ab142054b27ae6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Apr 2023 09:44:12 +0200
Subject: [PATCH 0871/2268] chore: Upgrade kustomize

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 4cebb73b0..1c82bd6db 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	k8s.io/apimachinery v0.27.1
 	k8s.io/client-go v0.27.1
 	k8s.io/klog/v2 v2.90.1
-	sigs.k8s.io/kustomize/kyaml v0.13.9
+	sigs.k8s.io/kustomize/kyaml v0.14.1
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
@@ -66,7 +66,7 @@ require (
 	github.com/otiai10/copy v1.10.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
-	sigs.k8s.io/kustomize/api v0.12.1
+	sigs.k8s.io/kustomize/api v0.13.2
 	sigs.k8s.io/yaml v1.3.0
 )
 
@@ -238,7 +238,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
 	k8s.io/apiserver v0.27.1 // indirect
-	k8s.io/cli-runtime v0.26.0 // indirect
+	k8s.io/cli-runtime v0.27.1 // indirect
 	k8s.io/component-base v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
 	k8s.io/kubectl v0.26.0 // indirect
diff --git a/go.sum b/go.sum
index 4ae3c05a0..3f52a2aab 100644
--- a/go.sum
+++ b/go.sum
@@ -1342,8 +1342,8 @@ k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc=
 k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
 k8s.io/apiserver v0.27.1 h1:phY+BtXjjzd+ta3a4kYbomC81azQSLa1K8jo9RBw7Lg=
 k8s.io/apiserver v0.27.1/go.mod h1:UGrOjLY2KsieA9Fw6lLiTObxTb8Z1xEba4uqSuMY0WU=
-k8s.io/cli-runtime v0.26.0 h1:aQHa1SyUhpqxAw1fY21x2z2OS5RLtMJOCj7tN4oq8mw=
-k8s.io/cli-runtime v0.26.0/go.mod h1:o+4KmwHzO/UK0wepE1qpRk6l3o60/txUZ1fEXWGIKTY=
+k8s.io/cli-runtime v0.27.1 h1:MMzp5Q/Xmr5L1Lrowuc+Y/r95XINC6c6/fE3aN7JDRM=
+k8s.io/cli-runtime v0.27.1/go.mod h1:tEbTB1XP/nTH3wujsi52bw91gWpErtWiS15R6CwYsAI=
 k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8=
 k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA=
 k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
@@ -1366,10 +1366,10 @@ sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22 h1:KnAZ+ITT
 sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22/go.mod h1:ujEX5tSkpg5cCOhcwDWLsXwNuMCO+j4rpmmkIn6BGGc=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM=
-sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s=
-sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk=
-sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4=
+sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=
+sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw=
+sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA=
+sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From c946a2f2ba7a632a52ce5392806a6b0cea50e95f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Apr 2023 10:03:32 +0200
Subject: [PATCH 0872/2268] chore: Upgrade helm

---
 go.mod | 32 +++++++++++++-----------
 go.sum | 78 ++++++++++++++++++++++++++++++++--------------------------
 2 files changed, 61 insertions(+), 49 deletions(-)

diff --git a/go.mod b/go.mod
index 1c82bd6db..4d68198ed 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	golang.org/x/text v0.9.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	helm.sh/helm/v3 v3.11.2
+	helm.sh/helm/v3 v3.11.3
 	k8s.io/api v0.27.1
 	k8s.io/apiextensions-apiserver v0.27.1
 	k8s.io/apimachinery v0.27.1
@@ -74,10 +74,11 @@ require (
 replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22
 
 require (
-	cloud.google.com/go/compute v1.14.0 // indirect
+	cloud.google.com/go/compute v1.18.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.8.0 // indirect
-	cloud.google.com/go/kms v1.6.0 // indirect
+	cloud.google.com/go/iam v0.12.0 // indirect
+	cloud.google.com/go/kms v1.9.0 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
@@ -111,11 +112,11 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.0 // indirect
-	github.com/containerd/containerd v1.6.15 // indirect
+	github.com/containerd/containerd v1.7.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/docker v20.10.21+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -133,6 +134,7 @@ require (
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -148,7 +150,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
@@ -168,7 +170,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.15 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -191,7 +193,7 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -212,7 +214,7 @@ require (
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/urfave/cli v1.22.7 // indirect
+	github.com/urfave/cli v1.22.12 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -220,6 +222,8 @@ require (
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/otel v1.14.0 // indirect
+	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
@@ -227,10 +231,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/api v0.107.0 // indirect
+	google.golang.org/api v0.110.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
-	google.golang.org/grpc v1.52.0 // indirect
+	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
+	google.golang.org/grpc v1.53.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -242,7 +246,7 @@ require (
 	k8s.io/component-base v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
 	k8s.io/kubectl v0.26.0 // indirect
-	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
+	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 3f52a2aab..b7133dd0c 100644
--- a/go.sum
+++ b/go.sum
@@ -20,25 +20,25 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
+cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
-cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
+cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
+cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk=
-cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE=
-cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg=
-cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0=
-cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs=
+cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE=
+cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
+cloud.google.com/go/kms v1.9.0 h1:b0votJQa/9DSsxgHwN33/tTLA7ZHVzfWhDCrfiXijSo=
+cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w=
+cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -52,6 +52,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
@@ -89,7 +91,7 @@ github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
-github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY=
+github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
@@ -182,9 +184,9 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA=
-github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLoANrbses=
-github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c=
+github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
+github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -194,7 +196,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -214,8 +215,8 @@ github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SH
 github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
-github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
+github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -289,8 +290,11 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
@@ -414,8 +418,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg=
-github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
@@ -527,8 +531,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
-github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
+github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
+github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
 github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a h1:48Mz5ZZmv64Pg/cKR4nIo3Ry49Hqs5YggLPGju0e8PU=
@@ -627,7 +631,7 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
-github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI=
+github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
 github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -657,9 +661,9 @@ github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
-github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
-github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw=
+github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8=
+github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
 github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
 github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
@@ -802,8 +806,8 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/urfave/cli v1.22.7 h1:aXiFAgRugfJ27UFDsGJ9DB2FvTC73hlVXFSqq5bo9eU=
-github.com/urfave/cli v1.22.7/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
+github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -847,6 +851,10 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
+go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
+go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
+go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA=
 go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
@@ -1195,8 +1203,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.107.0 h1:I2SlFjD8ZWabaIFOfeEDg3pf0BHJDh6iYQ1ic3Yu/UU=
-google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
+google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU=
+google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1249,8 +1257,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
-google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA=
+google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1273,8 +1281,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
-google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
+google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1325,8 +1333,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
 gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
-helm.sh/helm/v3 v3.11.2 h1:P3cLaFxfoxaGLGJVnoPrhf1j86LC5EDINSpYSpMUkkA=
-helm.sh/helm/v3 v3.11.2/go.mod h1:Hw+09mfpDiRRKAgAIZlFkPSeOkvv7Acl5McBvQyNPVw=
+helm.sh/helm/v3 v3.11.3 h1:n1X5yaQTP5DYywlBOZMl2gX398Gp6YwFp/IAVj6+5D4=
+helm.sh/helm/v3 v3.11.3/go.mod h1:S+sOdQc3BLvt09a9rSlKKVs9x0N/yx+No0y3qFw+FQ8=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1354,8 +1362,8 @@ k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOG
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
 k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
+k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
 oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 5adbddfc4caa641d03308464bc92ede38c5fda65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Apr 2023 10:04:55 +0200
Subject: [PATCH 0873/2268] refactor: Simplify RemoveDuplicateFields

---
 go.mod           |  4 ++--
 pkg/yaml/yaml.go | 41 ++++++++++++++---------------------------
 2 files changed, 16 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 4d68198ed..37d242d34 100644
--- a/go.mod
+++ b/go.mod
@@ -41,8 +41,6 @@ require (
 	golang.org/x/sys v0.7.0
 	golang.org/x/term v0.6.0
 	golang.org/x/text v0.9.0
-	gopkg.in/yaml.v2 v2.4.0
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 	helm.sh/helm/v3 v3.11.3
 	k8s.io/api v0.27.1
 	k8s.io/apiextensions-apiserver v0.27.1
@@ -240,6 +238,8 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.2.0 // indirect
 	k8s.io/apiserver v0.27.1 // indirect
 	k8s.io/cli-runtime v0.27.1 // indirect
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index 95bfb5a33..b28c789eb 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -3,12 +3,10 @@ package yaml
 import (
 	"bytes"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
-	yaml2 "gopkg.in/yaml.v2"
 	"io"
 	"os"
 	"path/filepath"
@@ -81,6 +79,10 @@ func ReadYamlAllBytes(b []byte) ([]interface{}, error) {
 var docsSep = regexp.MustCompile("(?:^|\\s*\n)---\\s*")
 
 func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
+	return readYamlAllStream(r, true)
+}
+
+func readYamlAllStream(r io.Reader, strict bool) ([]interface{}, error) {
 	r = newUnicodeReader(r)
 
 	b, err := io.ReadAll(r)
@@ -103,7 +105,11 @@ func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
 		}
 
 		var x any
-		err = yaml.UnmarshalStrict([]byte(doc), &x)
+		if strict {
+			err = yaml.UnmarshalStrict([]byte(doc), &x)
+		} else {
+			err = yaml.Unmarshal([]byte(doc), &x)
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -188,32 +194,13 @@ func WriteJsonString(o interface{}) (string, error) {
 }
 
 // RemoveDuplicateFields is a helper/hack to remove duplicate fields from yaml maps/structs. The yaml spec explicitly
-// forbids duplicate keys, but yaml.v2 ignored those by default, leading to some tools (e.g. Helm) ignoring these. This
-// forces us to also ignore/remove them in some cases. We do this by loading the yaml via yaml.v2 and then writing them
-// back to a string which can then be parsed by yaml.v3
-// TODO Remove this helper method when https://github.com/go-yaml/yaml/issues/751 is implemented
+// forbids duplicate keys, but yaml.v2 ignored those by default, leading to some tools (e.g. Helm) ignoring these
 func RemoveDuplicateFields(r io.Reader) ([]byte, error) {
-	buf := bytes.NewBuffer(nil)
-	d := yaml2.NewDecoder(r)
-	e := yaml2.NewEncoder(buf)
-
-	for {
-		var o interface{}
-		err := d.Decode(&o)
-		if err != nil {
-			if errors.Is(err, io.EOF) {
-				break
-			}
-			return nil, err
-		}
-		if o != nil {
-			err = e.Encode(o)
-			if err != nil {
-				return nil, err
-			}
-		}
+	docs, err := readYamlAllStream(r, false)
+	if err != nil {
+		return nil, err
 	}
-	return buf.Bytes(), nil
+	return WriteYamlAllBytes(docs)
 }
 
 func FixNameExt(dir string, name string) string {

From 7eded7c74e93c0d380eaf9e1238154f6ec3122a6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 27 Apr 2023 10:17:35 +0200
Subject: [PATCH 0874/2268] chore: Upgrade go-containerregistry

---
 go.mod | 11 +++++------
 go.sum | 26 +++++++++++++-------------
 2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/go.mod b/go.mod
index 37d242d34..fa099ed8a 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/go-playground/validator/v10 v10.12.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/go-containerregistry v0.13.0
+	github.com/google/go-containerregistry v0.14.0
 	github.com/hashicorp/vault/api v1.9.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.15
@@ -113,8 +113,8 @@ require (
 	github.com/containerd/containerd v1.7.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/docker v20.10.24+incompatible // indirect
+	github.com/docker/cli v23.0.1+incompatible // indirect
+	github.com/docker/docker v23.0.1+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -225,7 +225,7 @@ require (
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/oauth2 v0.5.0 // indirect
+	golang.org/x/oauth2 v0.6.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.7.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
@@ -240,13 +240,12 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gotest.tools/v3 v3.2.0 // indirect
 	k8s.io/apiserver v0.27.1 // indirect
 	k8s.io/cli-runtime v0.27.1 // indirect
 	k8s.io/component-base v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
 	k8s.io/kubectl v0.26.0 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
-	oras.land/oras-go v1.2.2 // indirect
+	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index b7133dd0c..df3bf349c 100644
--- a/go.sum
+++ b/go.sum
@@ -188,7 +188,7 @@ github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaD
 github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
 github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
-github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0=
+github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -211,12 +211,12 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
-github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
-github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM=
+github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
-github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY=
+github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -390,8 +390,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
-github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
+github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw=
+github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -995,8 +995,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
-golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
+golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
+golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1331,8 +1331,8 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.2.0 h1:I0DwBVMGAx26dttAj1BtJLAkVGncrkkUXfJLC4Flt/I=
-gotest.tools/v3 v3.2.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 helm.sh/helm/v3 v3.11.3 h1:n1X5yaQTP5DYywlBOZMl2gX398Gp6YwFp/IAVj6+5D4=
 helm.sh/helm/v3 v3.11.3/go.mod h1:S+sOdQc3BLvt09a9rSlKKVs9x0N/yx+No0y3qFw+FQ8=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1364,8 +1364,8 @@ k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
 k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
-oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
+oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
+oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

From 1012a959c32c9e5d12f4c2f75f8c5fbb6dd56aab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Apr 2023 09:16:15 +0200
Subject: [PATCH 0875/2268] chore(deps): Bump golang.org/x/term from 0.6.0 to
 0.7.0 (#431)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/term/releases)
- [Commits](https://github.com/golang/term/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fa099ed8a..3cdeda2d3 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,7 @@ require (
 	golang.org/x/net v0.8.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.7.0
-	golang.org/x/term v0.6.0
+	golang.org/x/term v0.7.0
 	golang.org/x/text v0.9.0
 	helm.sh/helm/v3 v3.11.3
 	k8s.io/api v0.27.1
diff --git a/go.sum b/go.sum
index df3bf349c..c7a8f30d2 100644
--- a/go.sum
+++ b/go.sum
@@ -1095,8 +1095,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From caf94eaefa0d43109b195f453ce65edfd4081776 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Apr 2023 09:16:29 +0200
Subject: [PATCH 0876/2268] chore(deps): Bump golang.org/x/net from 0.8.0 to
 0.9.0 (#432)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3cdeda2d3..801ac99ae 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.7.0
-	golang.org/x/net v0.8.0
+	golang.org/x/net v0.9.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.7.0
 	golang.org/x/term v0.7.0
diff --git a/go.sum b/go.sum
index c7a8f30d2..a436a6384 100644
--- a/go.sum
+++ b/go.sum
@@ -981,8 +981,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From bb95b8269fcd5b191e5561fdc831d3dfa9daa316 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Apr 2023 09:24:24 +0200
Subject: [PATCH 0877/2268] chore(deps): Bump github.com/otiai10/copy from
 1.10.0 to 1.11.0 (#433)

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](https://github.com/otiai10/copy/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 801ac99ae..43dd48a8f 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.6
-	github.com/otiai10/copy v1.10.0
+	github.com/otiai10/copy v1.11.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
 	sigs.k8s.io/kustomize/api v0.13.2
diff --git a/go.sum b/go.sum
index a436a6384..130804335 100644
--- a/go.sum
+++ b/go.sum
@@ -665,8 +665,8 @@ github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1
 github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
 github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
-github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ=
-github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
+github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=

From 080ac65dd5cddd54effcc3ed40f621038ac76ba4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Apr 2023 09:24:37 +0200
Subject: [PATCH 0878/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#434)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.18 to 1.18.22.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.18...config/v1.18.22)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 41 ++++++++++++++++++++++-------------------
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 43dd48a8f..a88d7e4f2 100644
--- a/go.mod
+++ b/go.mod
@@ -53,8 +53,8 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/aws/aws-sdk-go-v2 v1.17.6
-	github.com/aws/aws-sdk-go-v2/config v1.18.18
+	github.com/aws/aws-sdk-go-v2 v1.18.0
+	github.com/aws/aws-sdk-go-v2/config v1.18.22
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
@@ -93,16 +93,16 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.17 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 130804335..8a19761c3 100644
--- a/go.sum
+++ b/go.sum
@@ -117,34 +117,37 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.6 h1:Y773UK7OBqhzi5VDXMi1zVGsoj+CVHs2eaC2bDsLwi0=
 github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.18 h1:/ePABXvXl3ESlzUGnkkvvNnRFw3Gh13dyqaq0Qo3JcU=
-github.com/aws/aws-sdk-go-v2/config v1.18.18/go.mod h1:Lj3E7XcxJnxMa+AYo89YiL68s1cFJRGduChynYU67VA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.17 h1:IubQO/RNeIVKF5Jy77w/LfUvmmCxTnk2TP1UZZIMiF4=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.17/go.mod h1:K9xeFo1g/YPMguMUD69YpwB4Nyi6W/5wn706xIInJFg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0 h1:/2Cb3SK3xVOQA7Xfr5nCWCo5H3UiNINtsVvVdk8sQqA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.0/go.mod h1:neYVaeKr5eT7BzwULuG2YbLhzWZ22lpjKdCybR7AXrQ=
+github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
+github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.22 h1:7vkUEmjjv+giht4wIROqLs+49VWmiQMMHSduxmoNKLU=
+github.com/aws/aws-sdk-go-v2/config v1.18.22/go.mod h1:mN7Li1wxaPxSSy4Xkr6stFuinJGf3VZW3ZSNvO0q6sI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.21 h1:VRiXnPEaaPeGeoFcXvMZOB5K/yfIXOYE3q97Kgb0zbU=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.21/go.mod h1:90Dk1lJoMyspa/EDUrldTxsPns0wn6+KpRKpdAWc0uA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 h1:y+8n9AGDjikyXoMBTRaHHHSaFEB8267ykmvyPodJfys=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 h1:r+Kv+SEJquhAZXaJ7G4u44cIwXV3f8K+N482NNAzJZA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 h1:hf+Vhp5WtTdcSdE+yEcUz8L73sAzN0R+0jQv+Z51/mI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31/go.mod h1:5zUjguZfG5qjhG9/wqmuyHRyUftl2B5Cp6NNxNC6kRA=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 h1:c5qGfdbCHav6viBwiyDns3OXqhqAbGjfIB4uVu2ayhk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24/go.mod h1:HMA4FZG6fyib+NDo5bpIxX1EhYjrAOveZJY2YR0xrNE=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0 h1:B4LvuBxrxh2WXakqwJL22EPAWgqGGK9/E4YQV/IIkYo=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0/go.mod h1:XF4Gbmcn6V9xIIm6lhwtyX1NXConNJ8x6yizt2Ejx/0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 h1:bdKIX6SVF3nc3xJFw6Nf0igzS6Ff/louGq8Z6VP/3Hs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.5/go.mod h1:vuWiaDB30M/QTC+lI3Wj6S/zb7tpUK2MSYgy3Guh2L0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 h1:xLPZMyuZ4GuqRCIec/zWuIhRFPXh2UOJdLXBSi64ZWQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5/go.mod h1:QjxpHmCwAg0ESGtPQnLIVp7SedTOBMYy+Slr3IfMKeI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 h1:rIFn5J3yDoeuKCE9sESXqM5POTAhOP1du3bv/qTL+tE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.6/go.mod h1:48WJ9l3dwP0GSHWGc5sFGGlCkuA82Mc2xnw+T6Q8aDw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 h1:GAiaQWuQhQQui76KjuXeShmyXqECwQ0mGRMc/rwsL+c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.9/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 h1:TraLwncRJkWqtIBVKI/UqBymq4+hL+3MzUOtUATuzkA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 h1:6UbNM/KJhMBfOI5+lpVcJ/8OA7cBSz0O6OX37SRKlSw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.10/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 126666d54b700c660eb451fd17172218c81d0483 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 09:25:08 +0200
Subject: [PATCH 0879/2268] fix: Add support for all known default SSH keys
 (#428)

This includes:
- ~/.ssh/id_rsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ed25519
- ~/.ssh/id_xmss
- ~/.ssh/id_dsa
---
 pkg/git/auth/ssh_auth_provider.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index c6911e846..313e342ef 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -56,13 +56,16 @@ func (a *sshDefaultIdentityAndAgent) Signers() ([]ssh.Signer, error) {
 	return a.signers, nil
 }
 
-func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
+func (a *sshDefaultIdentityAndAgent) addDefaultIdentities(gitUrl git_url.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add default identity")
 	u, err := user.Current()
 	if err != nil {
 		a.authProvider.MessageCallbacks.Trace("No current user: %v", err)
-	} else {
-		path := filepath.Join(u.HomeDir, ".ssh", "id_rsa")
+		return
+	}
+
+	doAdd := func(name string) {
+		path := filepath.Join(u.HomeDir, ".ssh", name)
 		signer, err := a.authProvider.readKey(a.ctx, path)
 		if err != nil && !os.IsNotExist(err) {
 			a.authProvider.MessageCallbacks.Warning("Failed to read default identity file for url %s: %v", gitUrl.String(), err)
@@ -71,6 +74,12 @@ func (a *sshDefaultIdentityAndAgent) addDefaultIdentity(gitUrl git_url.GitUrl) {
 			a.signers = append(a.signers, signer)
 		}
 	}
+
+	doAdd("id_rsa")
+	doAdd("id_ecdsa")
+	doAdd("id_ed25519")
+	doAdd("id_xmss")
+	doAdd("id_dsa")
 }
 
 func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
@@ -152,7 +161,7 @@ func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUr
 
 	// Try agent identities first. They might be unencrypted already, making passphrase prompts unnecessary
 	auth.addAgentIdentities(gitUrl)
-	auth.addDefaultIdentity(gitUrl)
+	auth.addDefaultIdentities(gitUrl)
 	auth.addConfigIdentities(gitUrl)
 
 	return AuthMethodAndCA{

From 544a99e384eb9ddfe0dc695c3c48175ef7f9b001 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 09:25:23 +0200
Subject: [PATCH 0880/2268] feat: Upgrade go-jinja2 to latest main branch to
 implement sha256 prefix_length (#429)

---
 docs/reference/templating/filters.md | 7 ++++++-
 go.mod                               | 2 +-
 go.sum                               | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/docs/reference/templating/filters.md b/docs/reference/templating/filters.md
index 5fed49201..b0050eeab 100644
--- a/docs/reference/templating/filters.md
+++ b/docs/reference/templating/filters.md
@@ -84,11 +84,16 @@ Renders the input string with the current Jinja2 context. Example:
 {{ a | render }}
 ```
 
-### sha256
+### sha256(digest_len)
 Calculates the sha256 digest of the input string. Example:
 ```
 {{ "some-string" | sha256 }}
 ```
 
+`digest_len` is an optional parameter that allows to limit the length of the returned hex digest. Example:
+```
+{{ "some-string" | sha256(6) }}
+```
+
 ### slugify
 Slugify a string based on [python-slugify](https://github.com/un33k/python-slugify).
diff --git a/go.mod b/go.mod
index a88d7e4f2..c556d3c57 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a
+	github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.18
 	github.com/mattn/go-runewidth v0.0.14
diff --git a/go.sum b/go.sum
index 8a19761c3..7648c9561 100644
--- a/go.sum
+++ b/go.sum
@@ -538,8 +538,8 @@ github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw
 github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a h1:48Mz5ZZmv64Pg/cKR4nIo3Ry49Hqs5YggLPGju0e8PU=
-github.com/kluctl/go-jinja2 v0.0.0-20230310104535-8136715a1e5a/go.mod h1:qMY3lmIUPcCfjj5fZm39j+h7FilaqaQFYAze19xG0Dw=
+github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e h1:x5QMWvWLiuwJWojKXSH/3SAVkT2/y35Q5WlMSfnsDGk=
+github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e/go.mod h1:16hIQ1ibrf02WYqeCPggfIBQx23lTUQ+jlk5kJGF0xI=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=

From 03a5f2526b3ccc00c448c213f818eaae7421a8c4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 09:25:39 +0200
Subject: [PATCH 0881/2268] feat: Implement commonAnnotations (#430)

* docs: Remove reference to deleteByLabels from delete command

* feat: Implement commonAnnotations
---
 cmd/kluctl/commands/cmd_delete.go            |  4 ++--
 docs/reference/commands/delete.md            |  4 ++--
 docs/reference/deployments/deployment-yml.md |  6 ++++++
 pkg/deployment/deployment_item.go            |  5 ++---
 pkg/deployment/deployment_project.go         | 10 ++++++++++
 pkg/types/deployment.go                      |  1 +
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 751410b04..e9dbe2091 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -28,10 +28,10 @@ type deleteCmd struct {
 }
 
 func (cmd *deleteCmd) Help() string {
-	return `Objects are located based on 'commonLabels', configured in 'deployment.yaml'
+	return `Objects are located based on the target discriminator.
 
 WARNING: This command will also delete objects which are not part of your deployment
-project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
+project (anymore). It really only decides based on the discriminator and does NOT
 take the local target/state into account!`
 }
 
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index e8bb56368..4b1f73c93 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -14,10 +14,10 @@ description: >
 Usage: kluctl delete [flags]
 
 Delete a target (or parts of it) from the corresponding cluster
-Objects are located based on 'commonLabels', configured in 'deployment.yaml'
+Objects are located based on the target discriminator.
 
 WARNING: This command will also delete objects which are not part of your deployment
-project (anymore). It really only decides based on the 'deleteByLabel' labels and does NOT
+project (anymore). It really only decides based on the discriminator and does NOT
 take the local target/state into account!
 
 <!-- END SECTION -->
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index c9ffb0808..aead29af5 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -259,6 +259,12 @@ kubernetes. This is due to an [implementation detail](https://github.com/kuberne
 kustomize which causes `commonLabels` to also be applied to label selectors, which makes otherwise editable resources
 read-only when it comes to `commonLabels`.
 
+## commonAnnotations
+A dictionary of [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) and values to be
+added to all resources deployed by any of the deployment items in this deployment project.
+
+`commonAnnotations` are handled the same as [commonLabels](#commonlabels) in regard to inheriting, merging and overriding.
+
 ## overrideNamespace
 A string that is used as the default namespace for all kustomize deployments which don't have a `namespace` set in their
 `kustomization.yaml`.
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 607ded1dd..11d769a6e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -107,9 +107,8 @@ func (di *DeploymentItem) getCommonLabels() map[string]string {
 }
 
 func (di *DeploymentItem) getCommonAnnotations() map[string]string {
-	a := map[string]string{
-		"kluctl.io/deployment-item-dir": filepath.ToSlash(di.RelToSourceItemDir),
-	}
+	a := di.Project.GetCommonAnnotations()
+	a["kluctl.io/deployment-item-dir"] = filepath.ToSlash(di.RelToSourceItemDir)
 	if di.Config.SkipDeleteIfTags {
 		a["kluctl.io/skip-delete-if-tags"] = "true"
 	}
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 49e3263ba..88c496924 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -318,6 +318,16 @@ func (p *DeploymentProject) GetCommonLabels() map[string]string {
 	return ret
 }
 
+func (p *DeploymentProject) GetCommonAnnotations() map[string]string {
+	ret := make(map[string]string)
+	parents := p.getParents()
+	for i, _ := range parents {
+		d := parents[len(parents)-i-1]
+		uo.MergeStrMap(ret, d.p.Config.CommonAnnotations)
+	}
+	return ret
+}
+
 func (p *DeploymentProject) getOverrideNamespace() *string {
 	for _, e := range p.getParents() {
 		if e.p.Config.OverrideNamespace != nil {
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index dfa43ce2c..e2a5a4a8d 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -102,6 +102,7 @@ type DeploymentProjectConfig struct {
 	Deployments []*DeploymentItemConfig `json:"deployments,omitempty"`
 
 	CommonLabels      map[string]string `json:"commonLabels,omitempty"`
+	CommonAnnotations map[string]string `json:"commonAnnotations,omitempty"`
 	OverrideNamespace *string           `json:"overrideNamespace,omitempty"`
 	Tags              []string          `json:"tags,omitempty"`
 

From 4ee6d5e47989afeaf11874f8577a8d86e81189ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Apr 2023 09:26:01 +0200
Subject: [PATCH 0882/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#435)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.19.0 to 1.19.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.19.0...service/efs/v1.19.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index c556d3c57..7e1109e3b 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.22
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/go.sum b/go.sum
index 7648c9561..bc154f69f 100644
--- a/go.sum
+++ b/go.sum
@@ -117,7 +117,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.17.6/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.22 h1:7vkUEmjjv+giht4wIROqLs+49VWmiQMMHSduxmoNKLU=
@@ -127,11 +126,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.21/go.mod h1:90Dk1lJoMyspa/EDUrld
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30/go.mod h1:LUBAO3zNXQjoONBKn/kR1y0Q4cj/D02Ts0uHYjcCQLM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24/go.mod h1:gAuCezX/gob6BSMbItsSlMb6WZGV7K2+fWOvk8xBSto=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
@@ -140,8 +137,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAc
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0 h1:B4LvuBxrxh2WXakqwJL22EPAWgqGGK9/E4YQV/IIkYo=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.0/go.mod h1:XF4Gbmcn6V9xIIm6lhwtyX1NXConNJ8x6yizt2Ejx/0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6 h1:xC25kY/HSssnA1lC0GFT8mfhmrpMql/24bkyWYDRgzU=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 h1:GAiaQWuQhQQui76KjuXeShmyXqECwQ0mGRMc/rwsL+c=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.9/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 h1:TraLwncRJkWqtIBVKI/UqBymq4+hL+3MzUOtUATuzkA=

From cfaa3428870b9a134e216703edb6caee7fac5d0b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 14:12:45 +0200
Subject: [PATCH 0883/2268] feat: Allow .templateignore files in parent folders
 (#437)

---
 e2e/deployment_items_test.go      | 55 +++++++++++++++++++++++++++++++
 go.mod                            |  2 +-
 go.sum                            |  4 +--
 pkg/deployment/deployment_item.go |  1 +
 pkg/vars/vars.go                  |  4 +--
 5 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 8e07ffcbc..855e20120 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -135,3 +135,58 @@ namespace: %s
 		"value.txt": "v1",
 	})
 }
+
+func TestTemplateIgnore(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{
+		"k1": `{{ "a" }}`,
+	}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", map[string]string{
+		"k1": `{{ "a" }}`,
+	}, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm3", map[string]string{
+		"k1": `{{ "a" }}`,
+	}, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+	})
+
+	// .templateignore outside of deployment item
+	p.UpdateFile(".templateignore", func(f string) (string, error) {
+		return `cm2/configmap-cm2.yml`, nil
+	}, "")
+	// .templateignore inside of deployment item
+	p.UpdateFile("cm3/.templateignore", func(f string) (string, error) {
+		return `/configmap-cm3.yml`, nil
+	}, "")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	cm3 := assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+
+	assert.Equal(t, map[string]any{
+		"k1": "a",
+	}, cm1.Object["data"])
+	assert.Equal(t, map[string]any{
+		"k1": `{{ "a" }}`,
+	}, cm2.Object["data"])
+	assert.Equal(t, map[string]any{
+		"k1": `{{ "a" }}`,
+	}, cm3.Object["data"])
+}
diff --git a/go.mod b/go.mod
index 7e1109e3b..8ae0028fe 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e
+	github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.18
 	github.com/mattn/go-runewidth v0.0.14
diff --git a/go.sum b/go.sum
index bc154f69f..db7836ad8 100644
--- a/go.sum
+++ b/go.sum
@@ -535,8 +535,8 @@ github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw
 github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e h1:x5QMWvWLiuwJWojKXSH/3SAVkT2/y35Q5WlMSfnsDGk=
-github.com/kluctl/go-jinja2 v0.0.0-20230427204639-8226cd4a231e/go.mod h1:16hIQ1ibrf02WYqeCPggfIBQx23lTUQ+jlk5kJGF0xI=
+github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c h1:qAIvhYamCEU/tY6NaENEIQCynGV5sdON7zgZKnbrhhw=
+github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c/go.mod h1:16hIQ1ibrf02WYqeCPggfIBQx23lTUQ+jlk5kJGF0xI=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 11d769a6e..4ac1d153e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -162,6 +162,7 @@ func (di *DeploymentItem) render(forSeal bool) error {
 		di.RenderedDir,
 		excludePatterns,
 		searchDirs,
+		di.Project.source.dir,
 	)
 }
 
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index cc3599471..11151f24d 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -91,10 +91,10 @@ func (vc *VarsCtx) RenderYamlFile(p string, searchDirs []string, out interface{}
 	return nil
 }
 
-func (vc *VarsCtx) RenderDirectory(sourceDir string, targetDir string, excludePatterns []string, searchDirs []string) error {
+func (vc *VarsCtx) RenderDirectory(sourceDir string, targetDir string, excludePatterns []string, searchDirs []string, templateIgnoreRoot string) error {
 	globals, err := vc.Vars.ToMap()
 	if err != nil {
 		return err
 	}
-	return vc.J2.RenderDirectory(sourceDir, targetDir, excludePatterns, jinja2.WithGlobals(globals), jinja2.WithSearchDirs(searchDirs))
+	return vc.J2.RenderDirectory(sourceDir, targetDir, excludePatterns, jinja2.WithGlobals(globals), jinja2.WithSearchDirs(searchDirs), jinja2.WithTemplateIgnoreRootDir(templateIgnoreRoot))
 }

From ee46c662e6a313940465df662965603d62c41de2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 16:35:36 +0200
Subject: [PATCH 0884/2268] feat: Simulate applying of CRs where the CRD is not
 applied yet (#438)

---
 pkg/deployment/utils/apply_utils.go | 36 +++++++++++++++++++++++++++--
 pkg/yaml/validator.go               |  7 ++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 67c17f045..e77c78c36 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -15,8 +15,10 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
 	"strings"
 	"sync"
@@ -49,6 +51,7 @@ type ApplyUtil struct {
 
 	abortSignal   *atomic.Value
 	allNamespaces *sync.Map
+	allCRDs       *sync.Map
 
 	ru   *RemoteObjectUtils
 	k    *k8s.K8sCluster
@@ -67,10 +70,11 @@ type ApplyDeploymentsUtil struct {
 
 	abortSignal atomic.Value
 
-	// Used to track all created namespaces
+	// Used to track all created namespaces and CRDs
 	// All ApplyUtil instances write to this in parallel and we ignore that order might be unstable
-	// This is only used to simulate dryRun apply into new namespaces
+	// This is only used to simulate dryRun apply
 	allNamespaces sync.Map
+	allCRDs       sync.Map
 
 	resultsMutex sync.Mutex
 	results      []*ApplyUtil
@@ -103,6 +107,7 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *sta
 		deletedHookObjects: map[k8s2.ObjectRef]bool{},
 		abortSignal:        &ad.abortSignal,
 		allNamespaces:      &ad.allNamespaces,
+		allCRDs:            &ad.allCRDs,
 		ru:                 ad.ru,
 		k:                  ad.k,
 		o:                  ad.o,
@@ -371,10 +376,19 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		_ = r.ReplaceKeys(tmpName, ref.Name)
 		_ = r.ReplaceValues(tmpName, ref.Name)
 		r.SetK8sNamespace(ref.Namespace)
+	} else if a.o.DryRun && errors.IsNotFound(err) {
+		if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
+			a.handleResult(x, hook)
+			a.HandleWarning(x.GetK8sRef(), fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
+			return
+		}
 	}
 	if r != nil && ref.GVK.GroupKind().String() == "Namespace" {
 		a.allNamespaces.Store(ref.Name, r)
 	}
+	if r != nil && ref.GVK.GroupKind().String() == "CustomResourceDefinition.apiextensions.k8s.io" {
+		a.handleObservedCRD(r)
+	}
 	a.handleApiWarnings(ref, apiWarnings)
 	if err == nil {
 		a.handleResult(r, hook)
@@ -387,6 +401,24 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 	}
 }
 
+func (a *ApplyUtil) handleObservedCRD(r *uo.UnstructuredObject) {
+	y, err := yaml.WriteYamlBytes(r)
+	if err == nil {
+		var crd *apiextensionsv1.CustomResourceDefinition
+		err = yaml.ReadYamlBytes(y, &crd)
+		if err == nil {
+			for _, v := range crd.Spec.Versions {
+				gvk := schema.GroupVersionKind{
+					Group:   crd.Spec.Group,
+					Version: v.Name,
+					Kind:    crd.Spec.Names.Kind,
+				}
+				a.allCRDs.Store(gvk, &crd)
+			}
+		}
+	}
+}
+
 func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) bool {
 	if a.o.DryRun {
 		return true
diff --git a/pkg/yaml/validator.go b/pkg/yaml/validator.go
index 4c3265da2..45f120744 100644
--- a/pkg/yaml/validator.go
+++ b/pkg/yaml/validator.go
@@ -4,16 +4,23 @@ import (
 	"github.com/go-playground/validator/v10"
 	"github.com/mitchellh/reflectwalk"
 	"reflect"
+	"time"
 )
 
 var (
 	Validator = validator.New()
+	timeType  = reflect.TypeOf(time.Time{})
 )
 
 type structValidationWalker struct {
 }
 
 func (w *structValidationWalker) Struct(v reflect.Value) error {
+	if v.Type().ConvertibleTo(timeType) {
+		// this is for some reason causing validation to fail
+		return reflectwalk.SkipEntry
+	}
+
 	v2 := v.Interface()
 	err := Validator.Struct(v2)
 	if err != nil {

From 6f355698164f76d30e4c570642cc0a1e28edd4fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 16:36:03 +0200
Subject: [PATCH 0885/2268] fix: Ignore ESC in readLine (#439)

---
 pkg/utils/term/read_line.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/utils/term/read_line.go b/pkg/utils/term/read_line.go
index 910b039e7..8f5c9f6fd 100644
--- a/pkg/utils/term/read_line.go
+++ b/pkg/utils/term/read_line.go
@@ -17,6 +17,9 @@ func readLine(reader io.Reader, cb func(ret []byte)) ([]byte, error) {
 		n, err := reader.Read(buf[:])
 		if n > 0 {
 			switch buf[0] {
+			case '':
+				// ignore ESC sequences
+				continue
 			case '', '\b':
 				if len(ret) > 0 {
 					ret = ret[:len(ret)-1]

From 51758273cf141d8395e18f16f92d00b199995e7f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 28 Apr 2023 17:15:38 +0200
Subject: [PATCH 0886/2268] docs: Add docs for deleteObjects (#440)

---
 docs/reference/deployments/deployment-yml.md | 20 ++++++++++++++++++++
 pkg/types/deployment.go                      |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index aead29af5..45d144ad3 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -128,6 +128,26 @@ deployments:
 - path: kustomizeDeployment3
 ```
 
+### deleteObjects
+Causes kluctl to delete matching objects, specified by a list of group/kind/name/namespace dictionaries.
+The order/parallelization of deletion is identical to the order and parallelization of normal deployment items,
+meaning that it happens in parallel by default until a barrier is encountered.
+
+Example:
+```yaml
+deployments:
+  - deleteObjects:
+      - group: apps
+        kind: DaemonSet
+        namespace: kube-system
+        name: kube-proxy
+  - barrier: true
+  - path: my-cni
+```
+
+The above example shows how to delete the kube-proxy DaemonSet before installing a CNI (e.g. Cilium in
+proxy-replacement mode).
+
 ## deployments common properties
 All entries in `deployments` can have the following common properties:
 
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index e2a5a4a8d..f5695951f 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -51,7 +51,7 @@ type DeleteObjectItemConfig struct {
 func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeleteObjectItemConfig)
 	if s.Group == nil && s.Kind == nil {
-		sl.ReportError(s, "self", "self", "at least one of group/version/kind must be set", "")
+		sl.ReportError(s, "self", "self", "at least one of group or kind must be set", "")
 	}
 }
 

From 7701039161c20f8d30679fdae5335710fc59319e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 29 Apr 2023 19:24:43 +0200
Subject: [PATCH 0887/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#441)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.19.5 to 0.20.5.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.19.5...v0.20.5)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 8ae0028fe..cd55454c1 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.19.5
+	github.com/bitnami-labs/sealed-secrets v0.20.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v0.13.2
@@ -35,7 +35,7 @@ require (
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.7.0
+	golang.org/x/crypto v0.8.0
 	golang.org/x/net v0.9.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.7.0
diff --git a/go.sum b/go.sum
index db7836ad8..7c61ef871 100644
--- a/go.sum
+++ b/go.sum
@@ -153,8 +153,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.19.5 h1:Llrs8bm5MdJEoPIQo0xZOHu/2i+Ry8N5bQFpc48UZYc=
-github.com/bitnami-labs/sealed-secrets v0.19.5/go.mod h1:IC5f2r0c8mxjx8nHs+du+gBso2Wsbdb2lcTwVmOOu2Y=
+github.com/bitnami-labs/sealed-secrets v0.20.5 h1:ejHSbd7GcJOWgAjBnkn+QFPTFSsNOZAJOomS4bM/LWk=
+github.com/bitnami-labs/sealed-secrets v0.20.5/go.mod h1:EAN3XxSWbJOi2AwF0wAEo0bCAReAD0ToTP9euRw5nVQ=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -890,8 +890,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From a5700bbc6cfc0d633085f2afcc7141580ec68181 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 29 Apr 2023 19:28:10 +0200
Subject: [PATCH 0888/2268] chore(deps): Bump github.com/spf13/cobra from 1.6.1
 to 1.7.0 (#442)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index cd55454c1..3e681d428 100644
--- a/go.mod
+++ b/go.mod
@@ -30,7 +30,7 @@ require (
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
+	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
diff --git a/go.sum b/go.sum
index 7c61ef871..c4051945a 100644
--- a/go.sum
+++ b/go.sum
@@ -499,7 +499,6 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
@@ -771,8 +770,8 @@ github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=

From a583a31659a182b661b11a91997418e235057bda Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 29 Apr 2023 19:29:21 +0200
Subject: [PATCH 0889/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.18.4 to 1.18.5 (#443)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.18.4 to 1.18.5.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.18.4...v1.18.5)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3e681d428..b0e2715cd 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/mattn/go-isatty v0.0.18
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.18.4
+	github.com/ohler55/ojg v1.18.5
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
diff --git a/go.sum b/go.sum
index c4051945a..c5b2aa562 100644
--- a/go.sum
+++ b/go.sum
@@ -651,8 +651,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.18.4 h1:FXHUddnBgrx5RwlkTDJnXBL5s3DNOMlZfv4K27nNNtM=
-github.com/ohler55/ojg v1.18.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.18.5 h1:tzn5LJtkSyXowCo8SlGieU0zEc7WF4143Ri9MYlQy7Q=
+github.com/ohler55/ojg v1.18.5/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=

From 97075430041c404ab0d1dda5d85e5100ac4bc697 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 29 Apr 2023 19:30:13 +0200
Subject: [PATCH 0890/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.9.0 to 1.9.1 (#445)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b0e2715cd..0aad818e1 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.14.0
-	github.com/hashicorp/vault/api v1.9.0
+	github.com/hashicorp/vault/api v1.9.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.15
 	github.com/jinzhu/copier v0.3.5
diff --git a/go.sum b/go.sum
index c5b2aa562..35c16e215 100644
--- a/go.sum
+++ b/go.sum
@@ -483,8 +483,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.9.0 h1:ab7dI6W8DuCY7yCU8blo0UCYl2oHre/dloCmzMWg9w8=
-github.com/hashicorp/vault/api v1.9.0/go.mod h1:lloELQP4EyhjnCQhF8agKvWIVTmxbpEJj70b98959sM=
+github.com/hashicorp/vault/api v1.9.1 h1:LtY/I16+5jVGU8rufyyAkwopgq/HpUnxFBg+QLOAV38=
+github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=

From b87cc3ee6e03ffdc74f3831be8d9ac746288513f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 29 Apr 2023 23:11:57 +0200
Subject: [PATCH 0891/2268] chore(deps): Bump github.com/fluxcd/pkg/kustomize
 from 0.13.2 to 1.1.1 (#444)

Bumps [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) from 0.13.2 to 1.1.1.
- [Release notes](https://github.com/fluxcd/pkg/releases)
- [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.13.2...kustomize/v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 ++++--
 go.sum | 16 ++++++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 0aad818e1..5fc4bdaf8 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.20.5
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
-	github.com/fluxcd/pkg/kustomize v0.13.2
+	github.com/fluxcd/pkg/kustomize v1.1.1
 	github.com/go-playground/validator/v10 v10.12.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -126,7 +126,9 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fluxcd/pkg/apis/kustomize v0.8.0 // indirect
+	github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4 // indirect
+	github.com/fluxcd/pkg/apis/kustomize v1.0.0 // indirect
+	github.com/fluxcd/pkg/sourceignore v0.3.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
diff --git a/go.sum b/go.sum
index 35c16e215..9ad1ee69d 100644
--- a/go.sum
+++ b/go.sum
@@ -94,12 +94,14 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
+github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -255,10 +257,14 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/pkg/apis/kustomize v0.8.0 h1:A6aLolxPV2Sll44SOHiX96lbXXmRZmS5BoEerkRHrfM=
-github.com/fluxcd/pkg/apis/kustomize v0.8.0/go.mod h1:9DPEVSfVIkiC2H3Dk6Ght4YJkswhYIaufXla4tB5Y84=
-github.com/fluxcd/pkg/kustomize v0.13.2 h1:isA9yi+m7sSIxdTrFR1U7+LyS2BraG07ZkKLHw3bnGo=
-github.com/fluxcd/pkg/kustomize v0.13.2/go.mod h1:1H9qednPxL/JvZE5at/f6wVHTH4WmxJYqfgVOZJ3uAk=
+github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4 h1:Gm5sGGk+/Wq6RhX4xpCZ2IqjDp5XkjlhENaAuAlpdKc=
+github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
+github.com/fluxcd/pkg/apis/kustomize v1.0.0 h1:5T2b/mRZiGWtP7fvSU8gZOApIc06H6SdLX3MlsE6LRo=
+github.com/fluxcd/pkg/apis/kustomize v1.0.0/go.mod h1:XaDYlKxrf9D2zZWcZ0BnSIqGtcm8mdNtJGzZWYjCnQo=
+github.com/fluxcd/pkg/kustomize v1.1.1 h1:hYFJGi+fiaecY4gXvx52fumlvDEq/1RdFbaev67oBhE=
+github.com/fluxcd/pkg/kustomize v1.1.1/go.mod h1:i+Z9iPAoSz28oH0FmDI73iqZ3oXZxQR2O3HfhdsWhfo=
+github.com/fluxcd/pkg/sourceignore v0.3.3 h1:Ue29JAuPECEYdvIqdpXpQaDxpeySn7amarLArp7XoIs=
+github.com/fluxcd/pkg/sourceignore v0.3.3/go.mod h1:yuJzKggph0Bdbk9LgXjJQhvJZSTJV/1vS7mJuB7mPa0=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -675,6 +681,7 @@ github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
+github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
@@ -810,6 +817,7 @@ github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=

From a323315b881463e590544ce4c28b792805531583 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 29 Apr 2023 23:48:14 +0200
Subject: [PATCH 0892/2268] fix: Don't perform version check in completion
 command (#448)

---
 cmd/kluctl/commands/root.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 291655957..5a4b2589d 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -245,7 +245,9 @@ func Main() {
 		}
 		ctx = initStatusHandler(ctxIn, flags.Debug, flags.NoColor)
 		if !flags.NoUpdateCheck {
-			checkNewVersion(ctx)
+			if len(os.Args) < 2 || (os.Args[1] != "completion" && os.Args[1] != "__complete") {
+				checkNewVersion(ctx)
+			}
 		}
 		return ctx, nil
 	})

From 6443ac0a70fcb04c06cb9be51e5d13261459ac69 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 1 May 2023 21:30:24 +0200
Subject: [PATCH 0893/2268] feat: Implement --short-output flag (#451)

* refactor: Pass OutputFormatFlags to outputCommandResult

* feat: Implement --short-output flag
---
 cmd/kluctl/args/misc.go                |  1 +
 cmd/kluctl/commands/cmd_delete.go      |  2 +-
 cmd/kluctl/commands/cmd_deploy.go      | 11 ++++++----
 cmd/kluctl/commands/cmd_diff.go        |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  2 +-
 cmd/kluctl/commands/cmd_prune.go       |  2 +-
 cmd/kluctl/commands/command_result.go  | 28 +++++++++++++++-----------
 docs/reference/commands/delete.md      |  3 +++
 docs/reference/commands/deploy.md      |  3 +++
 docs/reference/commands/diff.md        |  3 +++
 docs/reference/commands/poke-images.md |  3 +++
 docs/reference/commands/prune.md       |  3 +++
 12 files changed, 43 insertions(+), 20 deletions(-)

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 513e71165..45ec1050d 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -43,6 +43,7 @@ type AbortOnErrorFlags struct {
 type OutputFormatFlags struct {
 	OutputFormat []string `group:"misc" short:"o" help:"Specify output format and target file, in the format 'format=path'. Format can either be 'text' or 'yaml'. Can be specified multiple times. The actual format for yaml is currently not documented and subject to change."`
 	NoObfuscate  bool     `group:"misc" help:"Disable obfuscation of sensitive/secret data"`
+	ShortOutput  bool     `group:"misc" help:"When using the 'text' output format (which is the default), only names of changes objects are shown instead of showing all changes."`
 }
 
 type OutputFlags struct {
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index e9dbe2091..91d099332 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -61,7 +61,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
+		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 083a97e26..d6b6a23a3 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -64,7 +64,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	cmd2.NoWait = cmd.NoWait
 
 	cb := func(diffResult *types.CommandResult) error {
-		return cmd.diffResultCb(cmdCtx.ctx, cmd.NoObfuscate, diffResult)
+		return cmd.diffResultCb(cmdCtx.ctx, diffResult)
 	}
 	if cmd.Yes || cmd.DryRun {
 		cb = nil
@@ -74,7 +74,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
 	if err != nil {
 		return err
 	}
@@ -84,8 +84,11 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(ctx context.Context, noObfuscate bool, diffResult *types.CommandResult) error {
-	err := outputCommandResult(ctx, nil, noObfuscate, diffResult)
+func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *types.CommandResult) error {
+	flags := cmd.OutputFormatFlags
+	flags.OutputFormat = nil // use default output format
+
+	err := outputCommandResult(ctx, flags, diffResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index b04ff519d..21edf81f1 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -50,7 +50,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
+		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index c1593e58e..76b69a538 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -51,7 +51,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
+		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 5b542cd27..c975dc8bd 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -54,7 +54,7 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormat, cmd.NoObfuscate, result)
+	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 1d43fda5c..27f648079 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -15,7 +16,7 @@ import (
 	"strings"
 )
 
-func formatCommandResultText(cr *types.CommandResult) string {
+func formatCommandResultText(cr *types.CommandResult, short bool) string {
 	buf := bytes.NewBuffer(nil)
 
 	if len(cr.Warnings) != 0 {
@@ -39,12 +40,15 @@ func formatCommandResultText(cr *types.CommandResult) string {
 		}
 		prettyObjectRefs(buf, refs)
 
-		buf.WriteString("\n")
-		for i, co := range cr.ChangedObjects {
-			if i != 0 {
-				buf.WriteString("\n")
+		if !short {
+			buf.WriteString("\n")
+
+			for i, co := range cr.ChangedObjects {
+				if i != 0 {
+					buf.WriteString("\n")
+				}
+				prettyChanges(buf, co.Ref, co.Changes)
 			}
-			prettyChanges(buf, co.Ref, co.Changes)
 		}
 	}
 
@@ -111,10 +115,10 @@ func formatCommandResultYaml(cr *types.CommandResult) (string, error) {
 	return b, nil
 }
 
-func formatCommandResult(cr *types.CommandResult, format string) (string, error) {
+func formatCommandResult(cr *types.CommandResult, format string, short bool) (string, error) {
 	switch format {
 	case "text":
-		return formatCommandResultText(cr), nil
+		return formatCommandResultText(cr, short), nil
 	case "yaml":
 		return formatCommandResultYaml(cr)
 	default:
@@ -202,10 +206,10 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 	return nil
 }
 
-func outputCommandResult(ctx context.Context, output []string, noObfuscate bool, cr *types.CommandResult) error {
+func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *types.CommandResult) error {
 	status.Flush(ctx)
 
-	if !noObfuscate {
+	if !flags.NoObfuscate {
 		var obfuscator diff.Obfuscator
 		for _, c := range cr.ChangedObjects {
 			err := obfuscator.Obfuscate(c.Ref, c.Changes)
@@ -215,8 +219,8 @@ func outputCommandResult(ctx context.Context, output []string, noObfuscate bool,
 		}
 	}
 
-	return outputHelper(ctx, output, func(format string) (string, error) {
-		return formatCommandResult(cr, format)
+	return outputHelper(ctx, flags.OutputFormat, func(format string) (string, error) {
+		return formatCommandResult(cr, format, flags.ShortOutput)
 	})
 }
 
diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index 4b1f73c93..da4ad7739 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -58,6 +58,9 @@ Misc arguments:
                                                     currently not documented and subject to change.
       --render-output-dir string                    Specifies the target directory to render the project into. If
                                                     omitted, a temporary directory is used.
+      --short-output                                When using the 'text' output format (which is the default),
+                                                    only names of changes objects are shown instead of showing all
+                                                    changes.
   -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
                                                     would answer 'yes'.
 
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index edc7d6544..ea4d88e11 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -68,6 +68,9 @@ Misc arguments:
                                                     omitted, a temporary directory is used.
       --replace-on-error                            When patching an object fails, try to replace it. See
                                                     documentation for more details.
+      --short-output                                When using the 'text' output format (which is the default),
+                                                    only names of changes objects are shown instead of showing all
+                                                    changes.
   -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
                                                     would answer 'yes'.
 
diff --git a/docs/reference/commands/diff.md b/docs/reference/commands/diff.md
index 4441498af..19909b274 100644
--- a/docs/reference/commands/diff.md
+++ b/docs/reference/commands/diff.md
@@ -64,6 +64,9 @@ Misc arguments:
                                                     omitted, a temporary directory is used.
       --replace-on-error                            When patching an object fails, try to replace it. See
                                                     documentation for more details.
+      --short-output                                When using the 'text' output format (which is the default),
+                                                    only names of changes objects are shown instead of showing all
+                                                    changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 77a33c404..55ce70bbc 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -55,6 +55,9 @@ Misc arguments:
                                                     currently not documented and subject to change.
       --render-output-dir string                    Specifies the target directory to render the project into. If
                                                     omitted, a temporary directory is used.
+      --short-output                                When using the 'text' output format (which is the default),
+                                                    only names of changes objects are shown instead of showing all
+                                                    changes.
   -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
                                                     would answer 'yes'.
 
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index 5bb327f3c..6d012920e 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -51,6 +51,9 @@ Misc arguments:
                                                     currently not documented and subject to change.
       --render-output-dir string                    Specifies the target directory to render the project into. If
                                                     omitted, a temporary directory is used.
+      --short-output                                When using the 'text' output format (which is the default),
+                                                    only names of changes objects are shown instead of showing all
+                                                    changes.
   -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
                                                     would answer 'yes'.
 

From 1468e535713cd4696f88d8413ebf74efe6225fa8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 1 May 2023 21:30:36 +0200
Subject: [PATCH 0894/2268] feat: Support SOPS decryption for all files
 involved in Kustomize deployments (#450)

This is solved with the help of the decryptingFs that automatically
decrypts all files that are loaded by Kustomize.
---
 pkg/deployment/deployment_item.go | 16 +++---
 pkg/sops/decrypting_fs.go         | 86 +++++++++++++++++++++++++++++++
 pkg/sops/utils.go                 |  2 +-
 3 files changed, 93 insertions(+), 11 deletions(-)
 create mode 100644 pkg/sops/decrypting_fs.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 4ac1d153e..7c87d24b6 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/fluxcd/pkg/kustomize"
+	securefs "github.com/fluxcd/pkg/kustomize/filesys"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -513,18 +514,13 @@ func (di *DeploymentItem) buildKustomize() error {
 		return err
 	}
 
-	resources, _, _ := ky.GetNestedStringList("resources")
-	for _, r := range resources {
-		p := filepath.Join(di.RenderedDir, r)
-		if utils.IsFile(p) {
-			err = sops.MaybeDecryptFile(di.ctx.SopsDecrypter, p)
-			if err != nil {
-				return err
-			}
-		}
+	fs, err := securefs.MakeFsOnDiskSecureBuild(di.RenderedSourceRootDir)
+	if err != nil {
+		return err
 	}
 
-	rm, err := kustomize.SecureBuild(di.RenderedSourceRootDir, di.RenderedDir, true)
+	fs = sops.NewDecryptingFs(fs, di.ctx.SopsDecrypter)
+	rm, err := kustomize.Build(fs, di.RenderedDir)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/sops/decrypting_fs.go b/pkg/sops/decrypting_fs.go
new file mode 100644
index 000000000..9bfc6f0b5
--- /dev/null
+++ b/pkg/sops/decrypting_fs.go
@@ -0,0 +1,86 @@
+package sops
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	"go.mozilla.org/sops/v3/cmd/sops/formats"
+	"io"
+	"os"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+type decryptingFs struct {
+	filesys.FileSystem
+	decryptor *decryptor.Decryptor
+}
+
+type file struct {
+	os.FileInfo
+	data *bytes.Buffer
+	size int64
+}
+
+func NewDecryptingFs(fs filesys.FileSystem, decryptor *decryptor.Decryptor) filesys.FileSystem {
+	return &decryptingFs{
+		FileSystem: fs,
+		decryptor:  decryptor,
+	}
+}
+
+// Open opens the named file for reading.
+func (fs *decryptingFs) Open(path string) (filesys.File, error) {
+	f, err := fs.FileSystem.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	st, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+	b, err := io.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	format := formats.FormatForPath(path)
+	b2, _, err := MaybeDecrypt(fs.decryptor, b, format, format)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decrypt file %s: %w", path, err)
+	}
+	ret := &file{
+		FileInfo: st,
+		data:     bytes.NewBuffer(b2),
+	}
+	return ret, nil
+}
+
+// ReadFile returns the contents of the file at the given path.
+func (fs *decryptingFs) ReadFile(path string) ([]byte, error) {
+	f, err := fs.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	return io.ReadAll(f)
+}
+
+func (f file) Read(p []byte) (n int, err error) {
+	return f.data.Read(p)
+}
+
+func (f file) Write(p []byte) (n int, err error) {
+	panic("write is not implemented")
+}
+
+func (f file) Close() error {
+	return nil
+}
+
+func (f file) Stat() (os.FileInfo, error) {
+	return f, nil
+}
+
+func (f file) Size() int64 {
+	return int64(f.data.Len())
+}
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
index ab6f881ce..66a733e72 100644
--- a/pkg/sops/utils.go
+++ b/pkg/sops/utils.go
@@ -17,7 +17,7 @@ func IsMaybeSopsFile(s []byte) bool {
 }
 
 func MaybeDecrypt(decrypter *decryptor.Decryptor, encrypted []byte, inputFormat, outputFormat formats.Format) ([]byte, bool, error) {
-	if decrypter == nil {
+	if decrypter == nil || inputFormat == formats.Binary {
 		return encrypted, false, nil
 	}
 

From ae8bb1e78aa395577ceba475086cf4351a17edf0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 1 May 2023 22:47:42 +0200
Subject: [PATCH 0895/2268] feat: Implement targetPath in configMap/secret vars
 sources (#452)

* refactor: Remove unneded key parameter from loadFromK8sObject

* feat: Implement targetPath in configMap/secret vars sources
---
 docs/reference/templating/variable-sources.md | 36 ++++++++++++++---
 pkg/types/vars_source.go                      |  9 +++--
 pkg/utils/uo/jsonpath.go                      |  4 ++
 pkg/vars/vars_loader.go                       | 39 +++++++++++++++----
 pkg/vars/vars_loader_test.go                  | 29 +++++++++++++-
 5 files changed, 98 insertions(+), 19 deletions(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 32d1654b3..4ed5dac62 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -99,10 +99,14 @@ Kluctl also supports variable files encrypted with [SOPS](https://github.com/moz
 [sops integration](../deployments/sops.md) integration for more details.
 
 ### clusterConfigMap
-Loads a configmap from the target's cluster and loads the specified key's value as a yaml file into the jinja2 variables
-context.
+Loads a configmap from the target's cluster and loads the specified key's value into the templating context. The value
+is treated and loaded as YAML and thus can either be a simple value or a complex nested structure. In case of a simple
+value (e.g. a number), you must also specify `targetPath`.
 
-Assume the following configmap to be deployed to the target cluster:
+The referred ConfigMap must already exist while the Kluctl project is loaded, meaning that it is not possible to use
+a ConfigMap that is deployed as part of the Kluctl project itself.
+
+Assume the following ConfigMap to be already deployed to the target cluster:
 ```yaml
 apiVersion: v1
 kind: ConfigMap
@@ -118,7 +122,7 @@ data:
       - l2
 ```
 
-This configmap can be loaded via:
+This ConfigMap can be loaded via:
 
 ```yaml
 vars:
@@ -128,8 +132,28 @@ vars:
       key: vars
 ```
 
-It assumes that the configmap is already deployed before the kluctl deployment happens. This might for example be
-useful to store meta information about the cluster itself and then make it available to kluctl deployments.
+The following example uses a simple value:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-vars
+  namespace: my-namespace
+data:
+  value: 123
+```
+
+This ConfigMap can be loaded via:
+
+```yaml
+vars:
+  - clusterConfigMap:
+      name: my-vars
+      namespace: my-namespace
+      key: value
+      targetPath: deep.nested.path
+```
 
 ### clusterSecret
 Same as clusterConfigMap, but for secrets.
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 942cd6654..c195cdace 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -15,10 +15,11 @@ type VarsSourceGit struct {
 }
 
 type VarsSourceClusterConfigMapOrSecret struct {
-	Name      string            `json:"name,omitempty"`
-	Labels    map[string]string `json:"labels,omitempty"`
-	Namespace string            `json:"namespace" validate:"required"`
-	Key       string            `json:"key" validate:"required"`
+	Name       string            `json:"name,omitempty"`
+	Labels     map[string]string `json:"labels,omitempty"`
+	Namespace  string            `json:"namespace" validate:"required"`
+	Key        string            `json:"key" validate:"required"`
+	TargetPath string            `json:"targetPath,omitempty"`
 }
 
 func ValidateVarsSourceClusterConfigMapOrSecret(sl validator.StructLevel) {
diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 5263f8639..e21876c7f 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -146,3 +146,7 @@ func (j *MyJsonPath) GetFirstListOfObjects(o *UnstructuredObject) ([]*Unstructur
 func (j *MyJsonPath) Del(o *UnstructuredObject) error {
 	return j.exp.Del(o.Object)
 }
+
+func (j *MyJsonPath) Set(o *UnstructuredObject, v any) error {
+	return j.exp.Set(o.Object, v)
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 9ce0ff997..49170f161 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -107,9 +107,9 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 	} else if source.Git != nil {
 		newVars, err = v.loadGit(varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
-		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", source.ClusterConfigMap.Key, ignoreMissing, false)
+		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
-		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", source.ClusterSecret.Key, ignoreMissing, true)
+		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
 	} else if source.SystemEnvVars != nil {
 		newVars, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
 	} else if source.Http != nil {
@@ -271,7 +271,7 @@ func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ign
 	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir})
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, key string, ignoreMissing bool, base64Decode bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, ignoreMissing bool, base64Decode bool) (*uo.UnstructuredObject, error) {
 	if v.k == nil {
 		return nil, fmt.Errorf("loading vars from cluster is disabled")
 	}
@@ -310,12 +310,12 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 
 	ref := o.GetK8sRef()
 
-	f, found, err := o.GetNestedField("data", key)
+	f, found, err := o.GetNestedField("data", varsSource.Key)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
-		return nil, fmt.Errorf("key %s not found in %s on cluster", key, ref.String())
+		return nil, fmt.Errorf("key %s not found in %s on cluster", varsSource.Key, ref.String())
 	}
 
 	var value string
@@ -333,11 +333,34 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		}
 	}
 
-	newVars, err := v.loadFromString(varsCtx, value)
+	doError := func(err error) (*uo.UnstructuredObject, error) {
+		return nil, fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), varsSource.Key, err)
+	}
+
+	var parsed any
+	err = v.renderYamlString(varsCtx, value, &parsed)
 	if err != nil {
-		return nil, fmt.Errorf("failed to load vars from kubernetes object %s and key %s: %w", ref.String(), key, err)
+		return doError(err)
+	}
+
+	if varsSource.TargetPath == "" {
+		m, ok := parsed.(map[string]any)
+		if !ok {
+			return doError(fmt.Errorf("value is not a YAML dictionary"))
+		}
+		return uo.FromMap(m), nil
+	} else {
+		p, err := uo.NewMyJsonPath(varsSource.TargetPath)
+		if err != nil {
+			return doError(err)
+		}
+		newVars := uo.New()
+		err = p.Set(newVars, parsed)
+		if err != nil {
+			return doError(err)
+		}
+		return newVars, nil
 	}
-	return newVars, nil
 }
 
 func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string) (*uo.UnstructuredObject, error) {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index d4387a66d..b119e5278 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -293,7 +293,8 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 	cm := corev1.ConfigMap{
 		ObjectMeta: v1.ObjectMeta{Name: "cm", Namespace: "ns"},
 		Data: map[string]string{
-			"vars": `{"test1": {"test2": 42}}`,
+			"vars":  `{"test1": {"test2": 42}}`,
+			"value": "42",
 		},
 	}
 
@@ -343,6 +344,32 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 		}, nil, "")
 		assert.NoError(t, err)
 	}, &cm)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:      "cm",
+				Namespace: "ns",
+				Key:       "value",
+			},
+		}, nil, "")
+		assert.Errorf(t, err, "failed to load vars from kubernetes object ns/ConfigMap/cm and key value: value is not a YAML dictionary")
+	}, &cm)
+
+	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+		err := vl.LoadVars(vc, &types.VarsSource{
+			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
+				Name:       "cm",
+				Namespace:  "ns",
+				Key:        "value",
+				TargetPath: "deep.nested.path",
+			},
+		}, nil, "")
+		assert.NoError(t, err)
+
+		v, _, _ := vc.Vars.GetNestedInt("deep", "nested", "path")
+		assert.Equal(t, int64(42), v)
+	}, &cm)
 }
 
 func TestVarsLoader_ClusterSecret(t *testing.T) {

From 809c15465025b312d56b2335627d87f2b8c16649 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 May 2023 09:49:49 +0200
Subject: [PATCH 0896/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#453)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.12.0 to 10.13.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.12.0...v10.13.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 5fc4bdaf8..b64d72345 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.1+incompatible
 	github.com/fluxcd/pkg/kustomize v1.1.1
-	github.com/go-playground/validator/v10 v10.12.0
+	github.com/go-playground/validator/v10 v10.13.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.14.0
@@ -174,7 +174,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.2 // indirect
+	github.com/leodido/go-urn v1.2.3 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
diff --git a/go.sum b/go.sum
index 9ad1ee69d..5603be931 100644
--- a/go.sum
+++ b/go.sum
@@ -313,8 +313,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
-github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
+github.com/go-playground/validator/v10 v10.13.0 h1:cFRQdfaSMCOSfGCCLB20MHvuoHb/s5G8L5pu2ppK5AQ=
+github.com/go-playground/validator/v10 v10.13.0/go.mod h1:dwu7+CG8/CtBiJFZDz4e+5Upb6OLw04gtBYw0mcG/z4=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -562,8 +562,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4=
-github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ=
+github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA=
+github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -743,7 +743,6 @@ github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHur
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=

From 60886ec9f02e37a05fbfceb5574814b40be666c3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 May 2023 09:50:02 +0200
Subject: [PATCH 0897/2268] chore(deps): Bump k8s.io/klog/v2 from 2.90.1 to
 2.100.1 (#454)

Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.1 to 2.100.1.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.90.1...v2.100.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b64d72345..99855b111 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.27.1
 	k8s.io/apimachinery v0.27.1
 	k8s.io/client-go v0.27.1
-	k8s.io/klog/v2 v2.90.1
+	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.1
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
diff --git a/go.sum b/go.sum
index 5603be931..c955af503 100644
--- a/go.sum
+++ b/go.sum
@@ -1362,8 +1362,8 @@ k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8=
 k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA=
 k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
 k8s.io/component-base v0.27.1/go.mod h1:UGEd8+gxE4YWoigz5/lb3af3Q24w98pDseXcXZjw+E0=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
+k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
 k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=

From 7ce6b68202b3f08e1df240480f180ce6b7ff7f03 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 May 2023 09:08:04 +0200
Subject: [PATCH 0898/2268] chore(deps): Bump golang.org/x/sync from 0.1.0 to
 0.2.0 (#455)

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 99855b111..ec5a2fb01 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.8.0
 	golang.org/x/net v0.9.0
-	golang.org/x/sync v0.1.0
+	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.7.0
 	golang.org/x/term v0.7.0
 	golang.org/x/text v0.9.0
diff --git a/go.sum b/go.sum
index c955af503..a90cde171 100644
--- a/go.sum
+++ b/go.sum
@@ -1015,8 +1015,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From 4c1edffdd859345e5ae4d82a75909cd3a93fd420 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 May 2023 09:08:32 +0200
Subject: [PATCH 0899/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#456)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.19.6 to 1.19.7.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.19.6...service/efs/v1.19.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ec5a2fb01..b1fb9bc5b 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.22
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
 	github.com/hashicorp/go-multierror v1.1.1
diff --git a/go.sum b/go.sum
index a90cde171..029663850 100644
--- a/go.sum
+++ b/go.sum
@@ -139,8 +139,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAc
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6 h1:xC25kY/HSssnA1lC0GFT8mfhmrpMql/24bkyWYDRgzU=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.6/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7 h1:W88E2kZGo+NHOsyvQbsOZYqxXJdLIqRzKadeVlv5J7k=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 h1:GAiaQWuQhQQui76KjuXeShmyXqECwQ0mGRMc/rwsL+c=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.9/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 h1:TraLwncRJkWqtIBVKI/UqBymq4+hL+3MzUOtUATuzkA=

From 7d39bb7e66cb59d52ee23e1a1dce5059157e4b7c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 May 2023 09:24:22 +0200
Subject: [PATCH 0900/2268] chore(deps): Bump golang.org/x/term from 0.7.0 to
 0.8.0 (#457)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/term/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index b1fb9bc5b..169af2d54 100644
--- a/go.mod
+++ b/go.mod
@@ -38,8 +38,8 @@ require (
 	golang.org/x/crypto v0.8.0
 	golang.org/x/net v0.9.0
 	golang.org/x/sync v0.2.0
-	golang.org/x/sys v0.7.0
-	golang.org/x/term v0.7.0
+	golang.org/x/sys v0.8.0
+	golang.org/x/term v0.8.0
 	golang.org/x/text v0.9.0
 	helm.sh/helm/v3 v3.11.3
 	k8s.io/api v0.27.1
diff --git a/go.sum b/go.sum
index 029663850..926923bc1 100644
--- a/go.sum
+++ b/go.sum
@@ -1091,8 +1091,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1101,8 +1101,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
-golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 6b9590e4773ca8ca5b4ba5a7aea079082af3c9cb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 May 2023 09:24:31 +0200
Subject: [PATCH 0901/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#459)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.22 to 1.18.23.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.22...config/v1.18.23)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 169af2d54..baacdc9e8 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.18.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.22
+	github.com/aws/aws-sdk-go-v2/config v1.18.23
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
@@ -93,16 +93,16 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.21 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.22 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 926923bc1..10c068ca4 100644
--- a/go.sum
+++ b/go.sum
@@ -121,10 +121,10 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.22 h1:7vkUEmjjv+giht4wIROqLs+49VWmiQMMHSduxmoNKLU=
-github.com/aws/aws-sdk-go-v2/config v1.18.22/go.mod h1:mN7Li1wxaPxSSy4Xkr6stFuinJGf3VZW3ZSNvO0q6sI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.21 h1:VRiXnPEaaPeGeoFcXvMZOB5K/yfIXOYE3q97Kgb0zbU=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.21/go.mod h1:90Dk1lJoMyspa/EDUrldTxsPns0wn6+KpRKpdAWc0uA=
+github.com/aws/aws-sdk-go-v2/config v1.18.23 h1:gc3lPsAnZpwfi2exupmgHfva0JiAY2BWDg5JWYlmA28=
+github.com/aws/aws-sdk-go-v2/config v1.18.23/go.mod h1:rx0ruaQ+gk3OrLFHRRx56lA//XxP8K8uPzeNiKNuWVY=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.22 h1:Hp9rwJS4giQ48xqonRV/s7QcDf/wxF6UY7osRmBabvI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.22/go.mod h1:BfNcm6A9nSd+bzejDcMJ5RE+k6WbkCwWkQil7q4heRk=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -141,12 +141,12 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3f
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7 h1:W88E2kZGo+NHOsyvQbsOZYqxXJdLIqRzKadeVlv5J7k=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.9 h1:GAiaQWuQhQQui76KjuXeShmyXqECwQ0mGRMc/rwsL+c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.9/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9 h1:TraLwncRJkWqtIBVKI/UqBymq4+hL+3MzUOtUATuzkA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.9/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.10 h1:6UbNM/KJhMBfOI5+lpVcJ/8OA7cBSz0O6OX37SRKlSw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.10/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 h1:uBE+Zj478pfxV98L6SEpvxYiADNjTlMNY714PJLE7uo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.18.11/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From ca55014c355afc4347099ba10c897cb5c6d62f7a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 20 Mar 2023 20:00:17 +0100
Subject: [PATCH 0902/2268] refactor: Move Command result into its own package

---
 cmd/kluctl/commands/cmd_delete.go             |  4 +--
 cmd/kluctl/commands/cmd_deploy.go             |  6 ++--
 cmd/kluctl/commands/command_result.go         | 24 ++++++++--------
 pkg/deployment/commands/deploy.go             |  8 +++---
 pkg/deployment/commands/diff.go               |  6 ++--
 pkg/deployment/commands/poke_images.go        |  5 ++--
 pkg/deployment/commands/validate.go           | 24 ++++++++--------
 pkg/deployment/utils/apply_utils.go           | 14 +++++-----
 pkg/deployment/utils/delete_utils.go          | 10 +++----
 pkg/deployment/utils/diff_utils.go            |  5 ++--
 pkg/deployment/utils/diff_utils_test.go       | 28 +++++++++----------
 pkg/deployment/utils/errors_holder.go         | 26 ++++++++---------
 .../utils/remote_objects_utils_test.go        |  4 +--
 pkg/diff/diff.go                              | 20 ++++++-------
 pkg/diff/obfuscate.go                         |  6 ++--
 pkg/types/{ => result}/command_result.go      | 19 +++++++------
 pkg/validation/validation.go                  | 14 +++++-----
 17 files changed, 113 insertions(+), 110 deletions(-)
 rename pkg/types/{ => result}/command_result.go (70%)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 91d099332..3dd6f51a1 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -8,8 +8,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type deleteCmd struct {
@@ -72,7 +72,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 	})
 }
 
-func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*types.CommandResult, error) {
+func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*result.CommandResult, error) {
 	if len(refs) != 0 {
 		_, _ = getStderr(ctx).WriteString("The following objects will be deleted:\n")
 		for _, ref := range refs {
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index d6b6a23a3..fba082d2e 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -6,7 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type deployCmd struct {
@@ -63,7 +63,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	cmd2.ReadinessTimeout = cmd.ReadinessTimeout
 	cmd2.NoWait = cmd.NoWait
 
-	cb := func(diffResult *types.CommandResult) error {
+	cb := func(diffResult *result.CommandResult) error {
 		return cmd.diffResultCb(cmdCtx.ctx, diffResult)
 	}
 	if cmd.Yes || cmd.DryRun {
@@ -84,7 +84,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *types.CommandResult) error {
+func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *result.CommandResult) error {
 	flags := cmd.OutputFormatFlags
 	flags.OutputFormat = nil // use default output format
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 27f648079..fe960eae7 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -7,8 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
@@ -16,7 +16,7 @@ import (
 	"strings"
 )
 
-func formatCommandResultText(cr *types.CommandResult, short bool) string {
+func formatCommandResultText(cr *result.CommandResult, short bool) string {
 	buf := bytes.NewBuffer(nil)
 
 	if len(cr.Warnings) != 0 {
@@ -84,7 +84,7 @@ func prettyObjectRefs(buf io.StringWriter, refs []k8s.ObjectRef) {
 	}
 }
 
-func prettyErrors(buf io.StringWriter, errors []types.DeploymentError) {
+func prettyErrors(buf io.StringWriter, errors []result.DeploymentError) {
 	for _, e := range errors {
 		prefix := ""
 		if s := e.Ref.String(); s != "" {
@@ -94,7 +94,7 @@ func prettyErrors(buf io.StringWriter, errors []types.DeploymentError) {
 	}
 }
 
-func prettyChanges(buf io.StringWriter, ref k8s.ObjectRef, changes []types.Change) {
+func prettyChanges(buf io.StringWriter, ref k8s.ObjectRef, changes []result.Change) {
 	_, _ = buf.WriteString(fmt.Sprintf("Diff for object %s\n", ref.String()))
 
 	var t utils.PrettyTable
@@ -107,7 +107,7 @@ func prettyChanges(buf io.StringWriter, ref k8s.ObjectRef, changes []types.Chang
 	_, _ = buf.WriteString(s)
 }
 
-func formatCommandResultYaml(cr *types.CommandResult) (string, error) {
+func formatCommandResultYaml(cr *result.CommandResult) (string, error) {
 	b, err := yaml.WriteYamlString(cr)
 	if err != nil {
 		return "", err
@@ -115,7 +115,7 @@ func formatCommandResultYaml(cr *types.CommandResult) (string, error) {
 	return b, nil
 }
 
-func formatCommandResult(cr *types.CommandResult, format string, short bool) (string, error) {
+func formatCommandResult(cr *result.CommandResult, format string, short bool) (string, error) {
 	switch format {
 	case "text":
 		return formatCommandResultText(cr, short), nil
@@ -126,7 +126,7 @@ func formatCommandResult(cr *types.CommandResult, format string, short bool) (st
 	}
 }
 
-func prettyValidationResults(buf io.StringWriter, results []types.ValidateResultEntry) {
+func prettyValidationResults(buf io.StringWriter, results []result.ValidateResultEntry) {
 	var t utils.PrettyTable
 	t.AddRow("Object", "Message")
 
@@ -137,7 +137,7 @@ func prettyValidationResults(buf io.StringWriter, results []types.ValidateResult
 	_, _ = buf.WriteString(s)
 }
 
-func formatValidateResultText(vr *types.ValidateResult) string {
+func formatValidateResultText(vr *result.ValidateResult) string {
 	buf := bytes.NewBuffer(nil)
 
 	if len(vr.Warnings) != 0 {
@@ -163,7 +163,7 @@ func formatValidateResultText(vr *types.ValidateResult) string {
 	return buf.String()
 }
 
-func formatValidateResultYaml(vr *types.ValidateResult) (string, error) {
+func formatValidateResultYaml(vr *result.ValidateResult) (string, error) {
 	b, err := yaml.WriteYamlString(vr)
 	if err != nil {
 		return "", err
@@ -171,7 +171,7 @@ func formatValidateResultYaml(vr *types.ValidateResult) (string, error) {
 	return string(b), nil
 }
 
-func formatValidateResult(vr *types.ValidateResult, format string) (string, error) {
+func formatValidateResult(vr *result.ValidateResult, format string) (string, error) {
 	switch format {
 	case "text":
 		return formatValidateResultText(vr), nil
@@ -206,7 +206,7 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 	return nil
 }
 
-func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *types.CommandResult) error {
+func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *result.CommandResult) error {
 	status.Flush(ctx)
 
 	if !flags.NoObfuscate {
@@ -224,7 +224,7 @@ func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *
 	})
 }
 
-func outputValidateResult(ctx context.Context, output []string, vr *types.ValidateResult) error {
+func outputValidateResult(ctx context.Context, output []string, vr *result.ValidateResult) error {
 	status.Flush(ctx)
 
 	return outputHelper(ctx, output, func(format string) (string, error) {
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index a349fd103..a1f98531f 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -7,8 +7,8 @@ import (
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"time"
 )
 
@@ -31,7 +31,7 @@ func NewDeployCommand(discriminator string, c *deployment.DeploymentCollection)
 	}
 }
 
-func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *types.CommandResult) error) (*types.CommandResult, error) {
+func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *result.CommandResult) error) (*result.CommandResult, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	if cmd.discriminator == "" {
@@ -64,7 +64,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		du.Diff()
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
-		diffResult := &types.CommandResult{
+		diffResult := &result.CommandResult{
 			NewObjects:     au.GetNewObjects(),
 			ChangedObjects: du.ChangedObjects,
 			DeletedObjects: au.GetDeletedObjects(),
@@ -98,7 +98,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	if err != nil {
 		return nil, err
 	}
-	return &types.CommandResult{
+	return &result.CommandResult{
 		NewObjects:     au.GetNewObjects(),
 		ChangedObjects: du.ChangedObjects,
 		DeletedObjects: au.GetDeletedObjects(),
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 6a23ef6fb..335fecc91 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -7,8 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type DiffCommand struct {
@@ -30,7 +30,7 @@ func NewDiffCommand(discriminator string, c *deployment.DeploymentCollection) *D
 	}
 }
 
-func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
+func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.CommandResult, error) {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
 	if cmd.discriminator == "" {
@@ -65,7 +65,7 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.Comm
 	if err != nil {
 		return nil, err
 	}
-	return &types.CommandResult{
+	return &result.CommandResult{
 		NewObjects:     au.GetNewObjects(),
 		ChangedObjects: du.ChangedObjects,
 		DeletedObjects: au.GetDeletedObjects(),
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 97baf5772..8af5d519d 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sync"
 )
@@ -22,7 +23,7 @@ func NewPokeImagesCommand(c *deployment.DeploymentCollection) *PokeImagesCommand
 	}
 }
 
-func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.CommandResult, error) {
+func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.CommandResult, error) {
 	var wg sync.WaitGroup
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
@@ -94,7 +95,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*type
 	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, ad.GetAppliedObjectsMap())
 	du.Diff()
 
-	return &types.CommandResult{
+	return &result.CommandResult{
 		NewObjects:     nil,
 		ChangedObjects: du.ChangedObjects,
 		Errors:         dew.GetErrorsList(),
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index f279d5042..b2dd91991 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -5,8 +5,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 )
 
@@ -28,9 +28,9 @@ func NewValidateCommand(ctx context.Context, discriminator string, c *deployment
 	return cmd
 }
 
-func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.ValidateResult, error) {
-	var result types.ValidateResult
-	result.Ready = true
+func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.ValidateResult, error) {
+	var r result.ValidateResult
+	r.Ready = true
 
 	cmd.dew.Init()
 
@@ -53,23 +53,23 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*types.
 
 			remoteObject := cmd.ru.GetRemoteObject(ref)
 			if remoteObject == nil {
-				result.Errors = append(result.Errors, types.DeploymentError{Ref: ref, Error: "object not found"})
+				r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Error: "object not found"})
 				continue
 			}
 			r := validation.ValidateObject(k, remoteObject, true, false)
 			if !r.Ready {
-				result.Ready = false
+				r.Ready = false
 			}
-			result.Errors = append(result.Errors, r.Errors...)
-			result.Warnings = append(result.Warnings, r.Warnings...)
-			result.Results = append(result.Results, r.Results...)
+			r.Errors = append(r.Errors, r.Errors...)
+			r.Warnings = append(r.Warnings, r.Warnings...)
+			r.Results = append(r.Results, r.Results...)
 		}
 	}
 
-	result.Warnings = append(result.Warnings, cmd.dew.GetWarningsList()...)
-	result.Errors = append(result.Errors, cmd.dew.GetErrorsList()...)
+	r.Warnings = append(r.Warnings, cmd.dew.GetWarningsList()...)
+	r.Errors = append(r.Errors, cmd.dew.GetErrorsList()...)
 
-	return &result, nil
+	return &r, nil
 }
 
 func (cmd *ValidateCommand) ForgetRemoteObject(ref k8s2.ObjectRef) {
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index e77c78c36..d467c10c3 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -8,8 +8,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
@@ -754,14 +754,14 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 	a.HandleError(ref, fmt.Errorf("unexpected end of loop"))
 }
 
-func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []*types.RefAndObject {
+func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []*result.RefAndObject {
 	ad.resultsMutex.Lock()
 	defer ad.resultsMutex.Unlock()
 
-	var ret []*types.RefAndObject
+	var ret []*result.RefAndObject
 	for _, a := range ad.results {
 		for _, o := range f(a) {
-			ret = append(ret, &types.RefAndObject{
+			ret = append(ret, &result.RefAndObject{
 				Ref:    o.GetK8sRef(),
 				Object: o,
 			})
@@ -770,13 +770,13 @@ func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.Ob
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) GetNewObjects() []*types.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetNewObjects() []*result.RefAndObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.newObjects
 	})
 }
 
-func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*types.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*result.RefAndObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.appliedObjects
 	})
@@ -790,7 +790,7 @@ func (ad *ApplyDeploymentsUtil) GetAppliedObjectsMap() map[k8s2.ObjectRef]*uo.Un
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*types.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*result.RefAndObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.appliedHookObjects
 	})
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 00f72ad39..82a459eac 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -3,8 +3,8 @@ package utils
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -160,10 +160,10 @@ func FindObjectsForDelete(k *k8s.K8sCluster, allClusterObjects []*uo.Unstructure
 	return ret, nil
 }
 
-func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*types.CommandResult, error) {
+func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*result.CommandResult, error) {
 	g := utils.NewGoHelper(ctx, 8)
 
-	var ret types.CommandResult
+	var ret result.CommandResult
 	namespaceNames := make(map[string]bool)
 	var mutex sync.Mutex
 
@@ -174,13 +174,13 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 		if err == nil {
 			ret.DeletedObjects = append(ret.DeletedObjects, ref)
 		} else {
-			ret.Errors = append(ret.Errors, types.DeploymentError{
+			ret.Errors = append(ret.Errors, result.DeploymentError{
 				Ref:   ref,
 				Error: err.Error(),
 			})
 		}
 		for _, w := range apiWarnings {
-			ret.Warnings = append(ret.Warnings, types.DeploymentError{
+			ret.Warnings = append(ret.Warnings, result.DeploymentError{
 				Ref:   ref,
 				Error: w.Text,
 			})
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index e62f33e16..dbfd952c3 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sort"
 	"sync"
@@ -22,7 +23,7 @@ type diffUtil struct {
 	IgnoreAnnotations bool
 
 	remoteDiffObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
-	ChangedObjects    []*types.ChangedObject
+	ChangedObjects    []*result.ChangedObject
 	mutex             sync.Mutex
 }
 
@@ -98,7 +99,7 @@ func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 
 		u.mutex.Lock()
 		defer u.mutex.Unlock()
-		u.ChangedObjects = append(u.ChangedObjects, &types.ChangedObject{
+		u.ChangedObjects = append(u.ChangedObjects, &result.ChangedObject{
 			Ref:       diffRef,
 			NewObject: ao,
 			OldObject: ro,
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 042fd32ef..0f7296e1f 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -3,8 +3,8 @@ package utils
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
@@ -65,8 +65,8 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v2", UnifiedDiff: "-v1\n+v2"},
+				assert.Equal(t, []result.Change{
+					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v2", UnifiedDiff: "-v1\n+v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -78,8 +78,8 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
+				assert.Equal(t, []result.Change{
+					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -91,8 +91,8 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
+				assert.Equal(t, []result.Change{
+					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -104,9 +104,9 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "delete", JsonPath: "data.d1", OldValue: "v1", NewValue: interface{}(nil), UnifiedDiff: "-v1"},
-					types.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
+				assert.Equal(t, []result.Change{
+					result.Change{Type: "delete", JsonPath: "data.d1", OldValue: "v1", NewValue: interface{}(nil), UnifiedDiff: "-v1"},
+					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -118,10 +118,10 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
-				assert.Equal(t, []types.Change{
-					types.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
-					types.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
-					types.Change{Type: "insert", JsonPath: "data.d3", OldValue: interface{}(nil), NewValue: "v3", UnifiedDiff: "+v3"},
+				assert.Equal(t, []result.Change{
+					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
+					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
+					result.Change{Type: "insert", JsonPath: "data.d3", OldValue: interface{}(nil), NewValue: "v3", UnifiedDiff: "+v3"},
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index bf8faef1d..dd3c18a2d 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -5,14 +5,14 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"sync"
 )
 
 type DeploymentErrorsAndWarnings struct {
-	errors   map[k8s.ObjectRef]map[types.DeploymentError]bool
-	warnings map[k8s.ObjectRef]map[types.DeploymentError]bool
+	errors   map[k8s.ObjectRef]map[result.DeploymentError]bool
+	warnings map[k8s.ObjectRef]map[result.DeploymentError]bool
 	mutex    sync.Mutex
 }
 
@@ -25,12 +25,12 @@ func NewDeploymentErrorsAndWarnings() *DeploymentErrorsAndWarnings {
 func (dew *DeploymentErrorsAndWarnings) Init() {
 	dew.mutex.Lock()
 	defer dew.mutex.Unlock()
-	dew.warnings = map[k8s.ObjectRef]map[types.DeploymentError]bool{}
-	dew.errors = map[k8s.ObjectRef]map[types.DeploymentError]bool{}
+	dew.warnings = map[k8s.ObjectRef]map[result.DeploymentError]bool{}
+	dew.errors = map[k8s.ObjectRef]map[result.DeploymentError]bool{}
 }
 
 func (dew *DeploymentErrorsAndWarnings) AddWarning(ref k8s.ObjectRef, warning error) {
-	de := types.DeploymentError{
+	de := result.DeploymentError{
 		Ref:   ref,
 		Error: warning.Error(),
 	}
@@ -38,14 +38,14 @@ func (dew *DeploymentErrorsAndWarnings) AddWarning(ref k8s.ObjectRef, warning er
 	defer dew.mutex.Unlock()
 	m, ok := dew.warnings[ref]
 	if !ok {
-		m = make(map[types.DeploymentError]bool)
+		m = make(map[result.DeploymentError]bool)
 		dew.warnings[ref] = m
 	}
 	m[de] = true
 }
 
 func (dew *DeploymentErrorsAndWarnings) AddError(ref k8s.ObjectRef, err error) {
-	de := types.DeploymentError{
+	de := result.DeploymentError{
 		Ref:   ref,
 		Error: err.Error(),
 	}
@@ -53,7 +53,7 @@ func (dew *DeploymentErrorsAndWarnings) AddError(ref k8s.ObjectRef, err error) {
 	defer dew.mutex.Unlock()
 	m, ok := dew.errors[ref]
 	if !ok {
-		m = make(map[types.DeploymentError]bool)
+		m = make(map[result.DeploymentError]bool)
 		dew.errors[ref] = m
 	}
 	m[de] = true
@@ -72,10 +72,10 @@ func (dew *DeploymentErrorsAndWarnings) HadError(ref k8s.ObjectRef) bool {
 	return ok
 }
 
-func (dew *DeploymentErrorsAndWarnings) GetErrorsList() []types.DeploymentError {
+func (dew *DeploymentErrorsAndWarnings) GetErrorsList() []result.DeploymentError {
 	dew.mutex.Lock()
 	defer dew.mutex.Unlock()
-	var ret []types.DeploymentError
+	var ret []result.DeploymentError
 	for _, m := range dew.errors {
 		for e := range m {
 			ret = append(ret, e)
@@ -84,10 +84,10 @@ func (dew *DeploymentErrorsAndWarnings) GetErrorsList() []types.DeploymentError
 	return ret
 }
 
-func (dew *DeploymentErrorsAndWarnings) GetWarningsList() []types.DeploymentError {
+func (dew *DeploymentErrorsAndWarnings) GetWarningsList() []result.DeploymentError {
 	dew.mutex.Lock()
 	defer dew.mutex.Unlock()
-	var ret []types.DeploymentError
+	var ret []result.DeploymentError
 	for _, m := range dew.warnings {
 		for e := range m {
 			ret = append(ret, e)
diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
index 8ded2b28c..d1ba3a0d8 100644
--- a/pkg/deployment/utils/remote_objects_utils_test.go
+++ b/pkg/deployment/utils/remote_objects_utils_test.go
@@ -3,8 +3,8 @@ package utils
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -42,7 +42,7 @@ func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 		k8s2.NewObjectRef("", "v1", "Secret", "secret", "default"),
 	}, false)
 	assert.NoError(t, err)
-	assert.Equal(t, []types.DeploymentError{{
+	assert.Equal(t, []result.DeploymentError{{
 		Error: "at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"},
 	}, dew.GetWarningsList())
 	assert.Empty(t, dew.GetErrorsList())
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index f9f1a1c55..f654b0507 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -5,7 +5,7 @@ import (
 	"github.com/hexops/gotextdiff"
 	"github.com/hexops/gotextdiff/myers"
 	"github.com/hexops/gotextdiff/span"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	diff2 "github.com/r3labs/diff/v2"
@@ -38,7 +38,7 @@ func convertPath(path []string, o interface{}) (string, error) {
 	return ret.ToJsonPath(), nil
 }
 
-func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([]types.Change, error) {
+func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([]result.Change, error) {
 	differ, err := diff2.NewDiffer(diff2.AllowTypeMismatch(true))
 	if err != nil {
 		return nil, err
@@ -48,7 +48,7 @@ func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([
 		return nil, err
 	}
 
-	var changes []types.Change
+	var changes []result.Change
 	for _, c := range cl {
 		c2, err := convertChange(c, oldObject, newObject)
 		if err != nil {
@@ -66,14 +66,14 @@ func Diff(oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) ([
 	return changes, nil
 }
 
-func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) (*types.Change, error) {
+func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *uo.UnstructuredObject) (*result.Change, error) {
 	switch c.Type {
 	case "create":
 		p, err := convertPath(c.Path, newObject.Object)
 		if err != nil {
 			return nil, err
 		}
-		return &types.Change{
+		return &result.Change{
 			Type:     "insert",
 			JsonPath: p,
 			NewValue: c.To,
@@ -83,7 +83,7 @@ func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *
 		if err != nil {
 			return nil, err
 		}
-		return &types.Change{
+		return &result.Change{
 			Type:     "delete",
 			JsonPath: p,
 			OldValue: c.From,
@@ -93,7 +93,7 @@ func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *
 		if err != nil {
 			return nil, err
 		}
-		return &types.Change{
+		return &result.Change{
 			Type:     "update",
 			JsonPath: p,
 			NewValue: c.To,
@@ -103,7 +103,7 @@ func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *
 	return nil, fmt.Errorf("unknown change type %s", c.Type)
 }
 
-func updateUnifiedDiff(change *types.Change) error {
+func updateUnifiedDiff(change *result.Change) error {
 	switch change.Type {
 	case "insert":
 		ud, err := buildUnifiedDiff(notPresent, change.NewValue, false)
@@ -133,7 +133,7 @@ func updateUnifiedDiff(change *types.Change) error {
 	return nil
 }
 
-func stableSortChanges(changes []types.Change) {
+func stableSortChanges(changes []result.Change) {
 	changesStrs := make([]string, len(changes))
 	changesIndexes := make([]int, len(changes))
 	for i, _ := range changes {
@@ -149,7 +149,7 @@ func stableSortChanges(changes []types.Change) {
 		return changesStrs[changesIndexes[i]] < changesStrs[changesIndexes[j]]
 	})
 
-	changesSorted := make([]types.Change, len(changes))
+	changesSorted := make([]result.Change, len(changes))
 	for i, _ := range changes {
 		changesSorted[i] = changes[changesIndexes[i]]
 	}
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index e576c29b9..89036c142 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -2,8 +2,8 @@ package diff
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/ohler55/ojg/jp"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strings"
@@ -14,7 +14,7 @@ var secretGvk = schema.GroupKind{Group: "", Kind: "Secret"}
 type Obfuscator struct {
 }
 
-func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) error {
+func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []result.Change) error {
 	if ref.GVK.GroupKind() == secretGvk {
 		err := o.obfuscateSecret(ref, changes)
 		if err != nil {
@@ -24,7 +24,7 @@ func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []types.Change) error
 	return nil
 }
 
-func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []types.Change) error {
+func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []result.Change) error {
 	replaceValues := func(x any, v string) any {
 		if x == nil {
 			return nil
diff --git a/pkg/types/command_result.go b/pkg/types/result/command_result.go
similarity index 70%
rename from pkg/types/command_result.go
rename to pkg/types/result/command_result.go
index d6a235c9a..fce09787e 100644
--- a/pkg/types/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -1,6 +1,7 @@
-package types
+package result
 
 import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
@@ -31,14 +32,14 @@ type DeploymentError struct {
 }
 
 type CommandResult struct {
-	NewObjects     []*RefAndObject   `json:"newObjects,omitempty"`
-	ChangedObjects []*ChangedObject  `json:"changedObjects,omitempty"`
-	HookObjects    []*RefAndObject   `json:"hookObjects,omitempty"`
-	OrphanObjects  []k8s.ObjectRef   `json:"orphanObjects,omitempty"`
-	DeletedObjects []k8s.ObjectRef   `json:"deletedObjects,omitempty"`
-	Errors         []DeploymentError `json:"errors,omitempty"`
-	Warnings       []DeploymentError `json:"warnings,omitempty"`
-	SeenImages     []FixedImage      `json:"seenImages,omitempty"`
+	NewObjects     []*RefAndObject    `json:"newObjects,omitempty"`
+	ChangedObjects []*ChangedObject   `json:"changedObjects,omitempty"`
+	HookObjects    []*RefAndObject    `json:"hookObjects,omitempty"`
+	OrphanObjects  []k8s.ObjectRef    `json:"orphanObjects,omitempty"`
+	DeletedObjects []k8s.ObjectRef    `json:"deletedObjects,omitempty"`
+	Errors         []DeploymentError  `json:"errors,omitempty"`
+	Warnings       []DeploymentError  `json:"warnings,omitempty"`
+	SeenImages     []types.FixedImage `json:"seenImages,omitempty"`
 }
 
 type ValidateResultEntry struct {
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 36a034637..94adf5079 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -3,7 +3,7 @@ package validation
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -45,7 +45,7 @@ const (
 	reactNotReady
 )
 
-func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool, forceStatusRequired bool) (ret types.ValidateResult) {
+func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool, forceStatusRequired bool) (ret result.ValidateResult) {
 	ref := o.GetK8sRef()
 
 	// We assume all is good in case no validation is performed
@@ -61,17 +61,17 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 				// all good
 			} else if e, ok := r.(error); ok {
 				err := fmt.Errorf("panic in ValidateObject: %w", e)
-				ret.Errors = append(ret.Errors, types.DeploymentError{Ref: ref, Error: err.Error()})
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Error: err.Error()})
 			} else {
 				err := fmt.Errorf("panic in ValidateObject: %v", e)
-				ret.Errors = append(ret.Errors, types.DeploymentError{Ref: ref, Error: err.Error()})
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Error: err.Error()})
 			}
 			ret.Ready = false
 		}
 	}()
 
 	for k, v := range o.GetK8sAnnotationsWithRegex(resultAnnotation) {
-		ret.Results = append(ret.Results, types.ValidateResultEntry{
+		ret.Results = append(ret.Results, result.ValidateResultEntry{
 			Ref:        ref,
 			Annotation: k,
 			Message:    v,
@@ -79,14 +79,14 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 	}
 
 	addError := func(message string) {
-		ret.Errors = append(ret.Errors, types.DeploymentError{
+		ret.Errors = append(ret.Errors, result.DeploymentError{
 			Ref:   ref,
 			Error: message,
 		})
 		ret.Ready = false
 	}
 	addWarning := func(message string) {
-		ret.Warnings = append(ret.Warnings, types.DeploymentError{
+		ret.Warnings = append(ret.Warnings, result.DeploymentError{
 			Ref:   ref,
 			Error: message,
 		})

From 2f9019be3a8b9f9921d5dedb8077d34773146b9c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 20 Mar 2023 20:18:54 +0100
Subject: [PATCH 0903/2268] feat: Obfuscate new and hook objects

---
 cmd/kluctl/commands/command_result.go | 14 +++++++-
 pkg/diff/obfuscate.go                 | 47 ++++++++++++++++++++++++---
 2 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index fe960eae7..d8203d5c0 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -212,7 +212,19 @@ func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *
 	if !flags.NoObfuscate {
 		var obfuscator diff.Obfuscator
 		for _, c := range cr.ChangedObjects {
-			err := obfuscator.Obfuscate(c.Ref, c.Changes)
+			err := obfuscator.ObfuscateChanges(c.Ref, c.Changes)
+			if err != nil {
+				return err
+			}
+		}
+		for _, n := range cr.NewObjects {
+			err := obfuscator.ObfuscateObject(n.Object)
+			if err != nil {
+				return err
+			}
+		}
+		for _, h := range cr.HookObjects {
+			err := obfuscator.ObfuscateObject(h.Object)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 89036c142..00e9c0deb 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -1,22 +1,24 @@
 package diff
 
 import (
+	"encoding/base64"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/ohler55/ojg/jp"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strings"
 )
 
-var secretGvk = schema.GroupKind{Group: "", Kind: "Secret"}
+var secretGk = schema.GroupKind{Group: "", Kind: "Secret"}
 
 type Obfuscator struct {
 }
 
-func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []result.Change) error {
-	if ref.GVK.GroupKind() == secretGvk {
-		err := o.obfuscateSecret(ref, changes)
+func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change) error {
+	if ref.GVK.GroupKind() == secretGk {
+		err := o.obfuscateSecretChanges(ref, changes)
 		if err != nil {
 			return err
 		}
@@ -24,7 +26,18 @@ func (o *Obfuscator) Obfuscate(ref k8s.ObjectRef, changes []result.Change) error
 	return nil
 }
 
-func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []result.Change) error {
+func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) error {
+	ref := x.GetK8sRef()
+	if ref.GVK.GroupKind() == secretGk {
+		err := o.obfuscateSecret(x)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (o *Obfuscator) obfuscateSecretChanges(ref k8s.ObjectRef, changes []result.Change) error {
 	replaceValues := func(x any, v string) any {
 		if x == nil {
 			return nil
@@ -69,3 +82,27 @@ func (o *Obfuscator) obfuscateSecret(ref k8s.ObjectRef, changes []result.Change)
 	}
 	return nil
 }
+
+func (o *Obfuscator) obfuscateSecret(x *uo.UnstructuredObject) error {
+	data, ok, _ := x.GetNestedField("data")
+	if ok {
+		if m, ok := data.(map[string]any); ok {
+			for k, _ := range m {
+				m[k] = base64.StdEncoding.EncodeToString([]byte("*****"))
+			}
+		} else {
+			return fmt.Errorf("'data' is not a map of strings")
+		}
+	}
+	data, ok, _ = x.GetNestedField("stringData")
+	if ok {
+		if m, ok := data.(map[string]any); ok {
+			for k, _ := range m {
+				m[k] = "*****"
+			}
+		} else {
+			return fmt.Errorf("'data' is not a map of strings")
+		}
+	}
+	return nil
+}

From e62348f04163529ce6e8eae796ebbb3c6d48babc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 20 Mar 2023 20:24:43 +0100
Subject: [PATCH 0904/2268] refactor: Add ObfuscateResult to Obfuscator

---
 cmd/kluctl/commands/command_result.go | 20 +++-----------------
 pkg/diff/obfuscate.go                 | 22 ++++++++++++++++++++++
 2 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index d8203d5c0..bbdfffc7e 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -211,23 +211,9 @@ func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *
 
 	if !flags.NoObfuscate {
 		var obfuscator diff.Obfuscator
-		for _, c := range cr.ChangedObjects {
-			err := obfuscator.ObfuscateChanges(c.Ref, c.Changes)
-			if err != nil {
-				return err
-			}
-		}
-		for _, n := range cr.NewObjects {
-			err := obfuscator.ObfuscateObject(n.Object)
-			if err != nil {
-				return err
-			}
-		}
-		for _, h := range cr.HookObjects {
-			err := obfuscator.ObfuscateObject(h.Object)
-			if err != nil {
-				return err
-			}
+		err := obfuscator.ObfuscateResult(cr)
+		if err != nil {
+			return err
 		}
 	}
 
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 00e9c0deb..1bcb7d96a 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -16,6 +16,28 @@ var secretGk = schema.GroupKind{Group: "", Kind: "Secret"}
 type Obfuscator struct {
 }
 
+func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
+	for _, c := range r.ChangedObjects {
+		err := o.ObfuscateChanges(c.Ref, c.Changes)
+		if err != nil {
+			return err
+		}
+	}
+	for _, n := range r.NewObjects {
+		err := o.ObfuscateObject(n.Object)
+		if err != nil {
+			return err
+		}
+	}
+	for _, h := range r.HookObjects {
+		err := o.ObfuscateObject(h.Object)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change) error {
 	if ref.GVK.GroupKind() == secretGk {
 		err := o.obfuscateSecretChanges(ref, changes)

From 1ad8778d14247e847144c818566dc2195edcc95f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 17:47:23 +0100
Subject: [PATCH 0905/2268] feat: Add rendered objects/inlucdes/vars to types

---
 pkg/deployment/deployment_item.go    |  3 +++
 pkg/deployment/deployment_project.go | 13 +++++++++++++
 pkg/types/deployment.go              |  6 ++++++
 pkg/types/vars_source.go             |  3 +++
 pkg/vars/vars_loader.go              |  6 ++++++
 5 files changed, 31 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 7c87d24b6..23f1192fa 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -225,6 +225,8 @@ func (di *DeploymentItem) renderHelmCharts() error {
 			}
 		}
 
+		di.Config.RenderedHelmChartConfig = hr.Config
+
 		return hr.Render(di.ctx.Ctx, di.ctx.K, di.ctx.K8sVersion, di.ctx.SopsDecrypter)
 	})
 	if err != nil {
@@ -533,6 +535,7 @@ func (di *DeploymentItem) buildKustomize() error {
 		}
 		o := uo.FromMap(y)
 		di.Objects = append(di.Objects, o)
+		di.Config.RenderedObjects = append(di.Config.RenderedObjects, o)
 	}
 
 	return nil
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 88c496924..929073405 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -108,6 +108,18 @@ func (p *DeploymentProject) generateSingleKustomizeProject() error {
 }
 
 func (p *DeploymentProject) processConfig() error {
+	for _, item := range p.Config.Deployments {
+		if len(item.RenderedObjects) != 0 {
+			return fmt.Errorf("renderedObjects is not allowed here")
+		}
+		if item.RenderedHelmChartConfig != nil {
+			return fmt.Errorf("renderedHelmChartConfig is not allowed here")
+		}
+		if item.RenderedInclude != nil {
+			return fmt.Errorf("renderedInclude is not allowed here")
+		}
+	}
+
 	err := p.loadVarsList(p.VarsCtx, p.Config.Vars)
 	if err != nil {
 		return fmt.Errorf("failed to load deployment.yml vars: %w", err)
@@ -228,6 +240,7 @@ func (p *DeploymentProject) loadIncludes() error {
 		} else {
 			continue
 		}
+		inc.RenderedInclude = &newProject.Config
 		newProject.parentProjectInclude = inc
 		p.includes[i] = newProject
 	}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index f5695951f..6b39b7d0f 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -3,6 +3,7 @@ package types
 import (
 	"encoding/json"
 	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
@@ -19,6 +20,11 @@ type DeploymentItemConfig struct {
 	AlwaysDeploy     bool                     `json:"alwaysDeploy,omitempty"`
 	DeleteObjects    []DeleteObjectItemConfig `json:"deleteObjects,omitempty"`
 	When             string                   `json:"when,omitempty"`
+
+	// these are only allowed when writing the command result
+	RenderedHelmChartConfig *HelmChartConfig         `json:"renderedHelmChartConfig,omitempty"`
+	RenderedObjects         []*uo.UnstructuredObject `json:"renderedObjects,omitempty"`
+	RenderedInclude         *DeploymentProjectConfig `json:"renderedInclude,omitempty"`
 }
 
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index c195cdace..f2c520f4e 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -69,6 +69,9 @@ type VarsSource struct {
 	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
 
 	When string `json:"when,omitempty"`
+
+	// these are only allowed when writing the command result
+	RenderedVars *uo.UnstructuredObject `json:"renderedVars,omitempty"`
 }
 
 func ValidateVarsSource(sl validator.StructLevel) {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 49170f161..9c90b4000 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -63,6 +63,10 @@ func (v *VarsLoader) LoadVarsList(varsCtx *VarsCtx, varsList []*types.VarsSource
 }
 
 func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, searchDirs []string, rootKey string) error {
+	if sourceIn.RenderedVars != nil && len(sourceIn.RenderedVars.Object) != 0 {
+		return fmt.Errorf("renderedVars is not allowed here")
+	}
+
 	var source types.VarsSource
 	err := utils.DeepCopy(&source, sourceIn)
 	if err != nil {
@@ -125,6 +129,8 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return err
 	}
 
+	sourceIn.RenderedVars = newVars.Clone()
+
 	if source.NoOverride == nil || !*source.NoOverride {
 		varsCtx.Vars.Merge(newVars)
 	} else {

From 480fbd09737026a8b411d4e875db36fa52d449a3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 17:49:11 +0100
Subject: [PATCH 0906/2268] feat: Add info about the command to CommandResult

---
 cmd/kluctl/commands/cmd_delete.go      |  4 +++
 cmd/kluctl/commands/cmd_deploy.go      |  4 +++
 cmd/kluctl/commands/cmd_diff.go        |  4 +++
 cmd/kluctl/commands/cmd_poke_images.go |  4 +++
 cmd/kluctl/commands/cmd_prune.go       |  4 +++
 cmd/kluctl/commands/utils.go           | 45 ++++++++++++++++++++++++++
 pkg/kluctl_project/load.go             |  2 +-
 pkg/kluctl_project/project.go          |  2 +-
 pkg/kluctl_project/project_load.go     |  6 ++--
 pkg/kluctl_project/target_context.go   |  6 ++--
 pkg/types/result/command_result.go     | 38 ++++++++++++++++++++++
 11 files changed, 111 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 3dd6f51a1..bb238bff3 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -61,6 +61,10 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+		err = addCommandInfo(result, "delete", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+		if err != nil {
+			return err
+		}
 		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index fba082d2e..469d93ae1 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -74,6 +74,10 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
+	err = addCommandInfo(result, "deploy", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, &cmd.AbortOnErrorFlags, cmd.NoWait)
+	if err != nil {
+		return err
+	}
 	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 21edf81f1..46838fcd3 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -50,6 +50,10 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+		err = addCommandInfo(result, "diff", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, nil, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, nil, false)
+		if err != nil {
+			return err
+		}
 		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 76b69a538..ac72efe70 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -51,6 +51,10 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+		err = addCommandInfo(result, "poke-images", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+		if err != nil {
+			return err
+		}
 		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index c975dc8bd..ba60b59a8 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -54,6 +54,10 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
+	err = addCommandInfo(result, "prune", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+	if err != nil {
+		return err
+	}
 	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 32f447dd3..e41e9acd1 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
 	"strings"
 
@@ -204,6 +205,50 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
+func addCommandInfo(r *result.CommandResult, command string, ctx *commandCtx, targetFlags *args.TargetFlags,
+	imageFlags *args.ImageFlags, inclusionFlags *args.InclusionFlags,
+	dryRunFlags *args.DryRunFlags, forceApplyFlags *args.ForceApplyFlags, replaceOnErrorFlags *args.ReplaceOnErrorFlags, abortOnErrorFlags *args.AbortOnErrorFlags, noWait bool) error {
+	r.Command = &result.CommandInfo{
+		Initiator: result.CommandInititiator_CommandLine,
+		Command:   command,
+		Target:    ctx.targetCtx.Target,
+		Args:      ctx.targetCtx.KluctlProject.LoadArgs.ExternalArgs,
+		NoWait:    noWait,
+	}
+	if targetFlags != nil {
+		r.Command.TargetNameOverride = targetFlags.TargetNameOverride
+		r.Command.ContextOverride = targetFlags.Context
+	}
+	if imageFlags != nil {
+		var err error
+		r.Command.Images, err = imageFlags.LoadFixedImagesFromArgs()
+		if err != nil {
+			return err
+		}
+	}
+	if inclusionFlags != nil {
+		r.Command.IncludeTags = inclusionFlags.IncludeTag
+		r.Command.ExcludeTags = inclusionFlags.ExcludeTag
+		r.Command.IncludeDeploymentDirs = inclusionFlags.IncludeDeploymentDir
+		r.Command.ExcludeDeploymentDirs = inclusionFlags.ExcludeDeploymentDir
+	}
+	if dryRunFlags != nil {
+		r.Command.DryRun = dryRunFlags.DryRun
+	}
+	if forceApplyFlags != nil {
+		r.Command.ForceApply = forceApplyFlags.ForceApply
+	}
+	if replaceOnErrorFlags != nil {
+		r.Command.ReplaceOnError = replaceOnErrorFlags.ReplaceOnError
+		r.Command.ForceReplaceOnError = replaceOnErrorFlags.ForceReplaceOnError
+	}
+	if abortOnErrorFlags != nil {
+		r.Command.AbortOnError = abortOnErrorFlags.AbortOnError
+	}
+	r.Deployment = &ctx.targetCtx.DeploymentProject.Config
+	return nil
+}
+
 func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index f320482ba..0535cbc61 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -13,7 +13,7 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 
 	p := &LoadedKluctlProject{
 		ctx:           ctx,
-		loadArgs:      args,
+		LoadArgs:      args,
 		TmpDir:        tmpDir,
 		J2:            j2,
 		RP:            args.RP,
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index d959f5dc3..4fe0161ad 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -12,7 +12,7 @@ import (
 type LoadedKluctlProject struct {
 	ctx context.Context
 
-	loadArgs LoadKluctlProjectArgs
+	LoadArgs LoadKluctlProjectArgs
 
 	TmpDir string
 
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 0d9648db1..2982be334 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -25,7 +25,7 @@ type LoadKluctlProjectArgs struct {
 }
 
 func (c *LoadedKluctlProject) getConfigPath() string {
-	configPath := c.loadArgs.ProjectConfig
+	configPath := c.LoadArgs.ProjectConfig
 	if configPath == "" {
 		p := yaml.FixPathExt(filepath.Join(c.ProjectDir, ".kluctl.yml"))
 		if utils.IsFile(p) {
@@ -38,8 +38,8 @@ func (c *LoadedKluctlProject) getConfigPath() string {
 func (c *LoadedKluctlProject) loadKluctlProject() error {
 	var err error
 
-	c.projectRootDir = c.loadArgs.RepoRoot
-	c.ProjectDir = c.loadArgs.ProjectDir
+	c.projectRootDir = c.LoadArgs.RepoRoot
+	c.ProjectDir = c.LoadArgs.ProjectDir
 	err = utils.CheckInDir(c.projectRootDir, c.ProjectDir)
 	if err != nil {
 		return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 15df07449..c431fc0e0 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -159,7 +159,7 @@ func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s boo
 	var err error
 	var clientConfig *rest.Config
 	var restConfig *api.Config
-	clientConfig, restConfig, err = p.loadArgs.ClientConfigGetter(contextName)
+	clientConfig, restConfig, err = p.LoadArgs.ClientConfigGetter(contextName)
 	if err != nil {
 		return nil, "", err
 	}
@@ -193,8 +193,8 @@ func (p *LoadedKluctlProject) buildVars(target *types.Target, forSeal bool) (*va
 			}
 		}
 	}
-	if p.loadArgs.ExternalArgs != nil {
-		allArgs.Merge(p.loadArgs.ExternalArgs)
+	if p.LoadArgs.ExternalArgs != nil {
+		allArgs.Merge(p.LoadArgs.ExternalArgs)
 	}
 
 	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index fce09787e..414edeec6 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -31,7 +31,45 @@ type DeploymentError struct {
 	Error string        `json:"error"`
 }
 
+type KluctlDeploymentInfo struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
+	GitUrl    string `json:"gitUrl"`
+	GitRef    string `json:"gitRef"`
+}
+
+type CommandInitiator string
+
+const (
+	CommandInititiator_CommandLine      CommandInitiator = "CommandLine"
+	CommandInititiator_KluctlDeployment                  = "KluctlDeployment"
+)
+
+type CommandInfo struct {
+	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
+	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
+	Command               string                 `json:"command,omitempty"`
+	Target                *types.Target          `json:"target,omitempty"`
+	TargetNameOverride    string                 `json:"targetNameOverride,omitempty"`
+	ContextOverride       string                 `json:"contextOverride,omitempty"`
+	Args                  *uo.UnstructuredObject `json:"args,omitempty"`
+	Images                []types.FixedImage     `json:"images,omitempty"`
+	DryRun                bool                   `json:"dryRun,omitempty"`
+	NoWait                bool                   `json:"noWait,omitempty"`
+	ForceApply            bool                   `json:"forceApply,omitempty"`
+	ReplaceOnError        bool                   `json:"replaceOnError,omitempty"`
+	ForceReplaceOnError   bool                   `json:"forceReplaceOnError,omitempty"`
+	AbortOnError          bool                   `json:"abortOnError,omitempty"`
+	IncludeTags           []string               `json:"includeTags,omitempty"`
+	ExcludeTags           []string               `json:"excludeTags,omitempty"`
+	IncludeDeploymentDirs []string               `json:"includeDeploymentDirs,omitempty"`
+	ExcludeDeploymentDirs []string               `json:"excludeDeploymentDirs,omitempty"`
+}
+
 type CommandResult struct {
+	Command    *CommandInfo                   `json:"command,omitempty"`
+	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
+
 	NewObjects     []*RefAndObject    `json:"newObjects,omitempty"`
 	ChangedObjects []*ChangedObject   `json:"changedObjects,omitempty"`
 	HookObjects    []*RefAndObject    `json:"hookObjects,omitempty"`

From ea216f912f6682d79fbf84207fef9521d50d915b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 20:29:12 +0100
Subject: [PATCH 0907/2268] feat: Remove old/new objects from ChangedObject

---
 pkg/deployment/utils/diff_utils.go      | 6 ++----
 pkg/deployment/utils/diff_utils_test.go | 5 -----
 pkg/types/result/command_result.go      | 6 ++----
 3 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index dbfd952c3..edffa3ef5 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -100,10 +100,8 @@ func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 		u.mutex.Lock()
 		defer u.mutex.Unlock()
 		u.ChangedObjects = append(u.ChangedObjects, &result.ChangedObject{
-			Ref:       diffRef,
-			NewObject: ao,
-			OldObject: ro,
-			Changes:   changes,
+			Ref:     diffRef,
+			Changes: changes,
 		})
 	}
 }
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 0f7296e1f..cb319d09a 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -64,7 +64,6 @@ func TestDiff(t *testing.T) {
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []result.Change{
 					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v2", UnifiedDiff: "-v1\n+v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
@@ -77,7 +76,6 @@ func TestDiff(t *testing.T) {
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []result.Change{
 					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
@@ -90,7 +88,6 @@ func TestDiff(t *testing.T) {
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []result.Change{
 					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
 				}, dtc.du.ChangedObjects[0].Changes)
@@ -103,7 +100,6 @@ func TestDiff(t *testing.T) {
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []result.Change{
 					result.Change{Type: "delete", JsonPath: "data.d1", OldValue: "v1", NewValue: interface{}(nil), UnifiedDiff: "-v1"},
 					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
@@ -117,7 +113,6 @@ func TestDiff(t *testing.T) {
 			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"})},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
-				assert.Equal(t, dtc.du.ChangedObjects[0].NewObject, dtc.ao[0])
 				assert.Equal(t, []result.Change{
 					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
 					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 414edeec6..c04523a59 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -15,10 +15,8 @@ type Change struct {
 }
 
 type ChangedObject struct {
-	Ref       k8s.ObjectRef          `json:"ref"`
-	NewObject *uo.UnstructuredObject `json:"newObject,omitempty"`
-	OldObject *uo.UnstructuredObject `json:"oldObject,omitempty"`
-	Changes   []Change               `json:"changes,omitempty"`
+	Ref     k8s.ObjectRef `json:"ref"`
+	Changes []Change      `json:"changes,omitempty"`
 }
 
 type RefAndObject struct {

From 962c0ed66681fb53f76bf674bdcd1074ce3c5c51 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 21 Mar 2023 20:36:36 +0100
Subject: [PATCH 0908/2268] feat: Remove RefAndObject from CommandResult

---
 cmd/kluctl/commands/command_result.go |  4 ++--
 pkg/deployment/utils/apply_utils.go   | 20 ++++++++------------
 pkg/diff/obfuscate.go                 |  4 ++--
 pkg/types/result/command_result.go    | 21 ++++++++-------------
 4 files changed, 20 insertions(+), 29 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index bbdfffc7e..384f2739d 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -28,7 +28,7 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 		buf.WriteString("\nNew objects:\n")
 		var refs []k8s.ObjectRef
 		for _, o := range cr.NewObjects {
-			refs = append(refs, o.Ref)
+			refs = append(refs, o.GetK8sRef())
 		}
 		prettyObjectRefs(buf, refs)
 	}
@@ -61,7 +61,7 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 		buf.WriteString("\nApplied hooks:\n")
 		var refs []k8s.ObjectRef
 		for _, o := range cr.HookObjects {
-			refs = append(refs, o.Ref)
+			refs = append(refs, o.GetK8sRef())
 		}
 		prettyObjectRefs(buf, refs)
 	}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index d467c10c3..6e1b67b75 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -9,7 +9,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
@@ -754,29 +753,26 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 	a.HandleError(ref, fmt.Errorf("unexpected end of loop"))
 }
 
-func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []*result.RefAndObject {
+func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []*uo.UnstructuredObject {
 	ad.resultsMutex.Lock()
 	defer ad.resultsMutex.Unlock()
 
-	var ret []*result.RefAndObject
+	var ret []*uo.UnstructuredObject
 	for _, a := range ad.results {
 		for _, o := range f(a) {
-			ret = append(ret, &result.RefAndObject{
-				Ref:    o.GetK8sRef(),
-				Object: o,
-			})
+			ret = append(ret, o)
 		}
 	}
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) GetNewObjects() []*result.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetNewObjects() []*uo.UnstructuredObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.newObjects
 	})
 }
 
-func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*result.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*uo.UnstructuredObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.appliedObjects
 	})
@@ -784,13 +780,13 @@ func (ad *ApplyDeploymentsUtil) GetAppliedObjects() []*result.RefAndObject {
 
 func (ad *ApplyDeploymentsUtil) GetAppliedObjectsMap() map[k8s2.ObjectRef]*uo.UnstructuredObject {
 	ret := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
-	for _, ro := range ad.GetAppliedObjects() {
-		ret[ro.Ref] = ro.Object
+	for _, o := range ad.GetAppliedObjects() {
+		ret[o.GetK8sRef()] = o
 	}
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*result.RefAndObject {
+func (ad *ApplyDeploymentsUtil) GetAppliedHookObjects() []*uo.UnstructuredObject {
 	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.appliedHookObjects
 	})
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 1bcb7d96a..10f0080d0 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -24,13 +24,13 @@ func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
 		}
 	}
 	for _, n := range r.NewObjects {
-		err := o.ObfuscateObject(n.Object)
+		err := o.ObfuscateObject(n)
 		if err != nil {
 			return err
 		}
 	}
 	for _, h := range r.HookObjects {
-		err := o.ObfuscateObject(h.Object)
+		err := o.ObfuscateObject(h)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index c04523a59..0c1251b5d 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -19,11 +19,6 @@ type ChangedObject struct {
 	Changes []Change      `json:"changes,omitempty"`
 }
 
-type RefAndObject struct {
-	Ref    k8s.ObjectRef          `json:"ref"`
-	Object *uo.UnstructuredObject `json:"object,omitempty"`
-}
-
 type DeploymentError struct {
 	Ref   k8s.ObjectRef `json:"ref"`
 	Error string        `json:"error"`
@@ -68,14 +63,14 @@ type CommandResult struct {
 	Command    *CommandInfo                   `json:"command,omitempty"`
 	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
-	NewObjects     []*RefAndObject    `json:"newObjects,omitempty"`
-	ChangedObjects []*ChangedObject   `json:"changedObjects,omitempty"`
-	HookObjects    []*RefAndObject    `json:"hookObjects,omitempty"`
-	OrphanObjects  []k8s.ObjectRef    `json:"orphanObjects,omitempty"`
-	DeletedObjects []k8s.ObjectRef    `json:"deletedObjects,omitempty"`
-	Errors         []DeploymentError  `json:"errors,omitempty"`
-	Warnings       []DeploymentError  `json:"warnings,omitempty"`
-	SeenImages     []types.FixedImage `json:"seenImages,omitempty"`
+	NewObjects     []*uo.UnstructuredObject `json:"newObjects,omitempty"`
+	ChangedObjects []*ChangedObject         `json:"changedObjects,omitempty"`
+	HookObjects    []*uo.UnstructuredObject `json:"hookObjects,omitempty"`
+	OrphanObjects  []k8s.ObjectRef          `json:"orphanObjects,omitempty"`
+	DeletedObjects []k8s.ObjectRef          `json:"deletedObjects,omitempty"`
+	Errors         []DeploymentError        `json:"errors,omitempty"`
+	Warnings       []DeploymentError        `json:"warnings,omitempty"`
+	SeenImages     []types.FixedImage       `json:"seenImages,omitempty"`
 }
 
 type ValidateResultEntry struct {

From b3bc713e7d6d20c2fc692420e735ceb12114dc5c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 24 Mar 2023 20:57:17 +0100
Subject: [PATCH 0909/2268] fix: Ignore RenderedVars in ValidateVarsSource

---
 pkg/types/vars_source.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index f2c520f4e..6e09d549c 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -81,7 +81,7 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
 		switch v.Type().Field(i).Name {
-		case "IgnoreMissing", "NoOverride", "When":
+		case "IgnoreMissing", "NoOverride", "When", "RenderedVars":
 			continue
 		}
 		if !v.Field(i).IsNil() {

From 4028a41ae7242309e0a76ddb4f1d2d6e2803d7b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 24 Mar 2023 22:59:27 +0100
Subject: [PATCH 0910/2268] fix: Flatten ObjectRef

---
 cmd/kluctl/commands/cmd_flux_reconcile.go    |  4 +-
 cmd/kluctl/commands/cmd_flux_resume.go       |  2 +-
 cmd/kluctl/commands/cmd_flux_suspend.go      |  2 +-
 pkg/deployment/deployment_collection.go      | 15 +++++--
 pkg/deployment/deployment_item.go            |  2 +-
 pkg/deployment/images.go                     |  2 +-
 pkg/deployment/utils/apply_utils.go          |  8 ++--
 pkg/deployment/utils/delete_utils.go         |  8 ++--
 pkg/deployment/utils/remote_objects_utils.go | 14 +++++--
 pkg/diff/obfuscate.go                        |  4 +-
 pkg/k8s/k8s_cluster.go                       |  8 ++--
 pkg/k8s/resources.go                         |  4 +-
 pkg/seal/bootstrap.go                        | 10 +++--
 pkg/types/k8s/ref.go                         | 44 +++++++++++++++-----
 pkg/utils/uo/k8s_fields.go                   |  5 ++-
 pkg/validation/validation.go                 |  2 +-
 16 files changed, 91 insertions(+), 43 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_flux_reconcile.go b/cmd/kluctl/commands/cmd_flux_reconcile.go
index 91e345112..d4d49ed7c 100644
--- a/cmd/kluctl/commands/cmd_flux_reconcile.go
+++ b/cmd/kluctl/commands/cmd_flux_reconcile.go
@@ -36,7 +36,7 @@ func (cmd *fluxReconcileCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
 	patch := []k8s.JsonPatch{{
 		Op:   "replace",
 		Path: "/metadata/annotations",
@@ -59,7 +59,7 @@ func (cmd *fluxReconcileCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		ref2 := k8s2.ObjectRef{GVK: args.GitRepositoryGVK, Name: sourceName, Namespace: sourceNamespace}
+		ref2 := k8s2.NewObjectRef(args.GitRepositoryGVK.Group, args.GitRepositoryGVK.Version, args.GitRepositoryGVK.Kind, sourceName, sourceNamespace)
 
 		s := status.Start(ctx, "Annotating Source %s in %s namespace", sourceName, sourceNamespace)
 		defer s.Failed()
diff --git a/cmd/kluctl/commands/cmd_flux_resume.go b/cmd/kluctl/commands/cmd_flux_resume.go
index d2fbc7d69..8d116bc1e 100644
--- a/cmd/kluctl/commands/cmd_flux_resume.go
+++ b/cmd/kluctl/commands/cmd_flux_resume.go
@@ -27,7 +27,7 @@ func (cmd *fluxResumeCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
 
 	patch := []k8s.JsonPatch{{
 		Op:    "replace",
diff --git a/cmd/kluctl/commands/cmd_flux_suspend.go b/cmd/kluctl/commands/cmd_flux_suspend.go
index dc90d9c2b..d7981c1a6 100644
--- a/cmd/kluctl/commands/cmd_flux_suspend.go
+++ b/cmd/kluctl/commands/cmd_flux_suspend.go
@@ -26,7 +26,7 @@ func (cmd *fluxSuspendCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	ref := k8s2.ObjectRef{GVK: args.KluctlDeploymentGVK, Name: kd, Namespace: ns}
+	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
 	patch := []k8s.JsonPatch{{
 		Op:    "replace",
 		Path:  "/spec/suspend",
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index c89c289f1..dd7bfb426 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"path/filepath"
 	"sync"
 )
@@ -227,11 +228,19 @@ func (c *DeploymentCollection) buildKustomizeObjects() error {
 	return g.ErrorOrNil()
 }
 
-func (c *DeploymentCollection) LocalObjectsByRef() map[k8s2.ObjectRef]bool {
-	ret := make(map[k8s2.ObjectRef]bool)
+func (c *DeploymentCollection) LocalObjects() []*uo.UnstructuredObject {
+	var ret []*uo.UnstructuredObject
+	for _, d := range c.Deployments {
+		ret = append(ret, d.Objects...)
+	}
+	return ret
+}
+
+func (c *DeploymentCollection) LocalObjectsByRef() map[k8s2.ObjectRef]*uo.UnstructuredObject {
+	ret := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, d := range c.Deployments {
 		for _, o := range d.Objects {
-			ret[o.GetK8sRef()] = true
+			ret[o.GetK8sRef()] = o
 		}
 	}
 	return ret
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 23f1192fa..f3cb14777 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -535,7 +535,7 @@ func (di *DeploymentItem) buildKustomize() error {
 		}
 		o := uo.FromMap(y)
 		di.Objects = append(di.Objects, o)
-		di.Config.RenderedObjects = append(di.Config.RenderedObjects, o)
+		di.Config.RenderedObjects = append(di.Config.RenderedObjects, o.GetK8sRef())
 	}
 
 	return nil
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 715f0c327..f9e6df475 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -205,7 +205,7 @@ func (images *Images) ResolvePlaceholders(ctx context.Context, k *k8s.K8sCluster
 	}
 
 	ref := o.GetK8sRef()
-	deployment := fmt.Sprintf("%s/%s", ref.GVK.Kind, ref.Name)
+	deployment := fmt.Sprintf("%s/%s", ref.Kind, ref.Name)
 
 	var remoteObject *uo.UnstructuredObject
 	triedRemoteObject := false
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 6e1b67b75..4f9d84fef 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -382,10 +382,10 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 			return
 		}
 	}
-	if r != nil && ref.GVK.GroupKind().String() == "Namespace" {
+	if r != nil && ref.GroupKind().String() == "Namespace" {
 		a.allNamespaces.Store(ref.Name, r)
 	}
-	if r != nil && ref.GVK.GroupKind().String() == "CustomResourceDefinition.apiextensions.k8s.io" {
+	if r != nil && ref.GroupKind().String() == "CustomResourceDefinition.apiextensions.k8s.io" {
 		a.handleObservedCRD(r)
 	}
 	a.handleApiWarnings(ref, apiWarnings)
@@ -506,7 +506,9 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	for _, x := range d.Config.DeleteObjects {
 		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind)) {
 			ref := k8s2.ObjectRef{
-				GVK:       gvk,
+				Group:     gvk.Group,
+				Version:   gvk.Version,
+				Kind:      gvk.Kind,
 				Name:      x.Name,
 				Namespace: x.Namespace,
 			}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 82a459eac..90a24c04e 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -42,7 +42,7 @@ var deleteOrder = [][]string{
 
 func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef {
 	ref = k.Resources.FixNamespaceInRef(ref)
-	ref.GVK.Version = ""
+	ref.Version = ""
 	return ref
 }
 
@@ -84,7 +84,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 
 	for _, o := range objects {
 		ref := o.GetK8sRef()
-		if _, ok := filteredResources[ref.GVK.GroupKind()]; !ok {
+		if _, ok := filteredResources[ref.GroupKind()]; !ok {
 			continue
 		}
 
@@ -189,7 +189,7 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 
 	for _, ref_ := range refs {
 		ref := ref_
-		if ref.GVK.GroupVersion().String() == "v1" && ref.GVK.Kind == "Namespace" {
+		if ref.GroupVersion().String() == "v1" && ref.Kind == "Namespace" {
 			namespaceNames[ref.Name] = true
 			g.Run(func() {
 				apiWarnings, err := k.DeleteSingleObject(ref, k8s.DeleteOptions{NoWait: !doWait, IgnoreNotFoundError: true})
@@ -201,7 +201,7 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 
 	for _, ref_ := range refs {
 		ref := ref_
-		if ref.GVK.GroupVersion().String() == "v1" && ref.GVK.Kind == "Namespace" {
+		if ref.GroupVersion().String() == "v1" && ref.Kind == "Namespace" {
 			continue
 		}
 		if _, ok := namespaceNames[ref.Namespace]; ok {
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 37e078595..0676f86e8 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -69,7 +69,11 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 		gvk := gvk
 		g.Run(func() {
 			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
-			u.dew.AddApiWarnings(k8s2.ObjectRef{GVK: gvk}, apiWarnings)
+			u.dew.AddApiWarnings(k8s2.ObjectRef{
+				Group:   gvk.Group,
+				Version: gvk.Version,
+				Kind:    gvk.Kind,
+			}, apiWarnings)
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {
@@ -81,7 +85,11 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 					permissionErrCount += 1
 					return
 				}
-				u.dew.AddWarning(k8s2.ObjectRef{GVK: gvk}, err)
+				u.dew.AddWarning(k8s2.ObjectRef{
+					Group:   gvk.Group,
+					Version: gvk.Version,
+					Kind:    gvk.Kind,
+				}, err)
 				return
 			}
 			for _, o := range l {
@@ -175,7 +183,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator
 	if onlyUsedGKs {
 		usedGKs = map[schema.GroupKind]bool{}
 		for _, ref := range refs {
-			usedGKs[ref.GVK.GroupKind()] = true
+			usedGKs[ref.GroupKind()] = true
 		}
 	}
 
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 10f0080d0..80a16e151 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -39,7 +39,7 @@ func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
 }
 
 func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change) error {
-	if ref.GVK.GroupKind() == secretGk {
+	if ref.GroupKind() == secretGk {
 		err := o.obfuscateSecretChanges(ref, changes)
 		if err != nil {
 			return err
@@ -50,7 +50,7 @@ func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change
 
 func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) error {
 	ref := x.GetK8sRef()
-	if ref.GVK.GroupKind() == secretGk {
+	if ref.GroupKind() == secretGk {
 		err := o.obfuscateSecret(x)
 		if err != nil {
 			return err
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 31b5a227c..e76955bb1 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -136,7 +136,7 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 
 func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
 		o := v1.GetOptions{}
 		x, err := r.Get(k.ctx, ref.Name, o)
 		if err != nil {
@@ -165,7 +165,7 @@ func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions
 		o.DryRun = []string{"All"}
 	}
 
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
 		err := r.Delete(k.ctx, ref.Name, o)
 		if err != nil {
 			if options.IgnoreNotFoundError && errors.IsNotFound(err) {
@@ -318,7 +318,7 @@ func (k *K8sCluster) doPatch(ref k8s.ObjectRef, data []byte, patchType types.Pat
 	status.Trace(k.ctx, "patching %s", ref.String())
 
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Patch(k.ctx, ref.Name, patchType, data, po)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
@@ -370,7 +370,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	status.Trace(k.ctx, "updating %s", ref.String())
 
 	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GVK, ref.Namespace, func(r dynamic.ResourceInterface) error {
+	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
 		x, err := r.Update(k.ctx, o.ToUnstructured(), updateOpts)
 		if err != nil {
 			return err
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 9a49b9093..902131e07 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -252,7 +252,7 @@ func (k *k8sResources) IsNamespaced(gv schema.GroupKind) *bool {
 
 func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
 	ref := o.GetK8sRef()
-	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
+	namespaced := k.IsNamespaced(ref.GroupKind())
 	if namespaced == nil {
 		return
 	}
@@ -264,7 +264,7 @@ func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
 }
 
 func (k *k8sResources) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
-	namespaced := k.IsNamespaced(ref.GVK.GroupKind())
+	namespaced := k.IsNamespaced(ref.GroupKind())
 	if namespaced == nil {
 		return ref
 	}
diff --git a/pkg/seal/bootstrap.go b/pkg/seal/bootstrap.go
index 84761159d..81c786346 100644
--- a/pkg/seal/bootstrap.go
+++ b/pkg/seal/bootstrap.go
@@ -24,8 +24,10 @@ const configMapName = "sealed-secrets-key-kluctl-bootstrap"
 
 func BootstrapSealedSecrets(ctx context.Context, k *k8s.K8sCluster, namespace string) error {
 	existing, _, err := k.GetSingleObject(k8s2.ObjectRef{
-		GVK:  schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"},
-		Name: "sealedsecrets.bitnami.com",
+		Group:   "apiextensions.k8s.io",
+		Version: "v1",
+		Kind:    "CustomResourceDefinition",
+		Name:    "sealedsecrets.bitnami.com",
 	})
 	if existing != nil {
 		// no bootstrap needed as the sealed-secrets operator seams to be installed already
@@ -33,7 +35,9 @@ func BootstrapSealedSecrets(ctx context.Context, k *k8s.K8sCluster, namespace st
 	}
 
 	existing, _, err = k.GetSingleObject(k8s2.ObjectRef{
-		GVK:       schema.GroupVersionKind{Group: "", Version: "v1", Kind: "ConfigMap"},
+		Group:     "",
+		Version:   "v1",
+		Kind:      "ConfigMap",
 		Name:      configMapName,
 		Namespace: namespace,
 	})
diff --git a/pkg/types/k8s/ref.go b/pkg/types/k8s/ref.go
index c3e3da2bc..fa91157e3 100644
--- a/pkg/types/k8s/ref.go
+++ b/pkg/types/k8s/ref.go
@@ -6,30 +6,52 @@ import (
 )
 
 type ObjectRef struct {
-	GVK       schema.GroupVersionKind `json:"gvk,inline"`
-	Name      string
-	Namespace string
+	Group     string `json:"group"`
+	Version   string `json:"version"`
+	Kind      string `json:"kind"`
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
 }
 
 func (r ObjectRef) String() string {
 	if r.Namespace != "" {
-		return fmt.Sprintf("%s/%s/%s", r.Namespace, r.GVK.Kind, r.Name)
+		return fmt.Sprintf("%s/%s/%s", r.Namespace, r.Kind, r.Name)
 	} else {
 		if r.Name != "" {
-			return fmt.Sprintf("%s/%s", r.GVK.Kind, r.Name)
+			return fmt.Sprintf("%s/%s", r.Kind, r.Name)
 		} else {
-			return r.GVK.Kind
+			return r.Kind
 		}
 	}
 }
 
+func (r ObjectRef) GroupVersionKind() schema.GroupVersionKind {
+	return schema.GroupVersionKind{
+		Group:   r.Group,
+		Version: r.Version,
+		Kind:    r.Kind,
+	}
+}
+
+func (r ObjectRef) GroupKind() schema.GroupKind {
+	return schema.GroupKind{
+		Group: r.Group,
+		Kind:  r.Kind,
+	}
+}
+
+func (r ObjectRef) GroupVersion() schema.GroupVersion {
+	return schema.GroupVersion{
+		Group:   r.Group,
+		Version: r.Version,
+	}
+}
+
 func NewObjectRef(group string, version string, kind string, name string, namespace string) ObjectRef {
 	return ObjectRef{
-		GVK: schema.GroupVersionKind{
-			Group:   group,
-			Version: version,
-			Kind:    kind,
-		},
+		Group:     group,
+		Version:   version,
+		Kind:      kind,
 		Name:      name,
 		Namespace: namespace,
 	}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index f97296dee..88cc49884 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -83,8 +83,11 @@ func (uo *UnstructuredObject) SetK8sNamespace(namespace string) {
 }
 
 func (uo *UnstructuredObject) GetK8sRef() k8s.ObjectRef {
+	gvk := uo.GetK8sGVK()
 	return k8s.ObjectRef{
-		GVK:       uo.GetK8sGVK(),
+		Group:     gvk.Group,
+		Version:   gvk.Version,
+		Kind:      gvk.Kind,
 		Name:      uo.GetK8sName(),
 		Namespace: uo.GetK8sNamespace(),
 	}
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 94adf5079..eb88b480b 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -126,7 +126,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			// can't really say anything...
 			return
 		}
-		s, err := k.Resources.GetSchemaForGVK(ref.GVK)
+		s, err := k.Resources.GetSchemaForGVK(ref.GroupVersionKind())
 		if err != nil && !errors.IsNotFound(err) {
 			addError(err.Error())
 			return

From 4baec6191bfee28e8956156e8ab57b486d016844 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 27 Mar 2023 09:00:43 +0200
Subject: [PATCH 0911/2268] feat: Only store refs in RenderedObjects of
 DeploymentItems

---
 cmd/kluctl/commands/utils.go       | 1 +
 pkg/types/deployment.go            | 4 ++--
 pkg/types/result/command_result.go | 5 +++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index e41e9acd1..229ecd281 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -246,6 +246,7 @@ func addCommandInfo(r *result.CommandResult, command string, ctx *commandCtx, ta
 		r.Command.AbortOnError = abortOnErrorFlags.AbortOnError
 	}
 	r.Deployment = &ctx.targetCtx.DeploymentProject.Config
+	r.RenderedObjects = ctx.targetCtx.DeploymentCollection.LocalObjects()
 	return nil
 }
 
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 6b39b7d0f..22517edab 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -3,7 +3,7 @@ package types
 import (
 	"encoding/json"
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
@@ -23,7 +23,7 @@ type DeploymentItemConfig struct {
 
 	// these are only allowed when writing the command result
 	RenderedHelmChartConfig *HelmChartConfig         `json:"renderedHelmChartConfig,omitempty"`
-	RenderedObjects         []*uo.UnstructuredObject `json:"renderedObjects,omitempty"`
+	RenderedObjects         []k8s.ObjectRef          `json:"renderedObjects,omitempty"`
 	RenderedInclude         *DeploymentProjectConfig `json:"renderedInclude,omitempty"`
 }
 
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 0c1251b5d..f509cf07e 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -60,8 +60,9 @@ type CommandInfo struct {
 }
 
 type CommandResult struct {
-	Command    *CommandInfo                   `json:"command,omitempty"`
-	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
+	Command         *CommandInfo                   `json:"command,omitempty"`
+	Deployment      *types.DeploymentProjectConfig `json:"deployment,omitempty"`
+	RenderedObjects []*uo.UnstructuredObject       `json:"renderedObjects,omitempty"`
 
 	NewObjects     []*uo.UnstructuredObject `json:"newObjects,omitempty"`
 	ChangedObjects []*ChangedObject         `json:"changedObjects,omitempty"`

From 51c32f7843a71e729025c8acbac16359b167d6ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 27 Mar 2023 21:22:56 +0200
Subject: [PATCH 0912/2268] feat: Rename error to message

---
 cmd/kluctl/commands/command_result.go             |  2 +-
 pkg/deployment/commands/validate.go               |  2 +-
 pkg/deployment/utils/apply_utils.go               |  2 +-
 pkg/deployment/utils/delete_utils.go              |  8 ++++----
 pkg/deployment/utils/errors_holder.go             | 10 +++++-----
 pkg/deployment/utils/remote_objects_utils_test.go |  2 +-
 pkg/types/result/command_result.go                |  4 ++--
 pkg/validation/validation.go                      | 12 ++++++------
 8 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 384f2739d..6815a8b89 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -90,7 +90,7 @@ func prettyErrors(buf io.StringWriter, errors []result.DeploymentError) {
 		if s := e.Ref.String(); s != "" {
 			prefix = fmt.Sprintf("%s: ", s)
 		}
-		_, _ = buf.WriteString(fmt.Sprintf("  %s%s\n", prefix, e.Error))
+		_, _ = buf.WriteString(fmt.Sprintf("  %s%s\n", prefix, e.Message))
 	}
 }
 
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index b2dd91991..08cd62004 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -53,7 +53,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 
 			remoteObject := cmd.ru.GetRemoteObject(ref)
 			if remoteObject == nil {
-				r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Error: "object not found"})
+				r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 				continue
 			}
 			r := validation.ValidateObject(k, remoteObject, true, false)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 4f9d84fef..0b610412e 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -461,7 +461,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 				status.Warning(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
 			}
 			for _, e := range v.Errors {
-				a.HandleError(ref, fmt.Errorf(e.Error))
+				a.HandleError(ref, fmt.Errorf(e.Message))
 			}
 			return false
 		}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 90a24c04e..f247f9f27 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -175,14 +175,14 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 			ret.DeletedObjects = append(ret.DeletedObjects, ref)
 		} else {
 			ret.Errors = append(ret.Errors, result.DeploymentError{
-				Ref:   ref,
-				Error: err.Error(),
+				Ref:     ref,
+				Message: err.Error(),
 			})
 		}
 		for _, w := range apiWarnings {
 			ret.Warnings = append(ret.Warnings, result.DeploymentError{
-				Ref:   ref,
-				Error: w.Text,
+				Ref:     ref,
+				Message: w.Text,
 			})
 		}
 	}
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index dd3c18a2d..363c5eeac 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -31,8 +31,8 @@ func (dew *DeploymentErrorsAndWarnings) Init() {
 
 func (dew *DeploymentErrorsAndWarnings) AddWarning(ref k8s.ObjectRef, warning error) {
 	de := result.DeploymentError{
-		Ref:   ref,
-		Error: warning.Error(),
+		Ref:     ref,
+		Message: warning.Error(),
 	}
 	dew.mutex.Lock()
 	defer dew.mutex.Unlock()
@@ -46,8 +46,8 @@ func (dew *DeploymentErrorsAndWarnings) AddWarning(ref k8s.ObjectRef, warning er
 
 func (dew *DeploymentErrorsAndWarnings) AddError(ref k8s.ObjectRef, err error) {
 	de := result.DeploymentError{
-		Ref:   ref,
-		Error: err.Error(),
+		Ref:     ref,
+		Message: err.Error(),
 	}
 	dew.mutex.Lock()
 	defer dew.mutex.Unlock()
@@ -99,7 +99,7 @@ func (dew *DeploymentErrorsAndWarnings) GetWarningsList() []result.DeploymentErr
 func (dew *DeploymentErrorsAndWarnings) getPlainErrorsList() []error {
 	var ret []error
 	for _, e := range dew.GetErrorsList() {
-		ret = append(ret, errors.New(e.Error))
+		ret = append(ret, errors.New(e.Message))
 	}
 	return ret
 }
diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
index d1ba3a0d8..449cfedf7 100644
--- a/pkg/deployment/utils/remote_objects_utils_test.go
+++ b/pkg/deployment/utils/remote_objects_utils_test.go
@@ -43,7 +43,7 @@ func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 	}, false)
 	assert.NoError(t, err)
 	assert.Equal(t, []result.DeploymentError{{
-		Error: "at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"},
+		Message: "at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"},
 	}, dew.GetWarningsList())
 	assert.Empty(t, dew.GetErrorsList())
 }
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index f509cf07e..ef1737e8e 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -20,8 +20,8 @@ type ChangedObject struct {
 }
 
 type DeploymentError struct {
-	Ref   k8s.ObjectRef `json:"ref"`
-	Error string        `json:"error"`
+	Ref     k8s.ObjectRef `json:"ref"`
+	Message string        `json:"message"`
 }
 
 type KluctlDeploymentInfo struct {
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index eb88b480b..09f23d401 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -61,10 +61,10 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 				// all good
 			} else if e, ok := r.(error); ok {
 				err := fmt.Errorf("panic in ValidateObject: %w", e)
-				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Error: err.Error()})
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: err.Error()})
 			} else {
 				err := fmt.Errorf("panic in ValidateObject: %v", e)
-				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Error: err.Error()})
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: err.Error()})
 			}
 			ret.Ready = false
 		}
@@ -80,15 +80,15 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 
 	addError := func(message string) {
 		ret.Errors = append(ret.Errors, result.DeploymentError{
-			Ref:   ref,
-			Error: message,
+			Ref:     ref,
+			Message: message,
 		})
 		ret.Ready = false
 	}
 	addWarning := func(message string) {
 		ret.Warnings = append(ret.Warnings, result.DeploymentError{
-			Ref:   ref,
-			Error: message,
+			Ref:     ref,
+			Message: message,
 		})
 	}
 	addNotReady := func(message string) {

From 4fe6777744e8f06fa40f5d94ab5de8c79ade24ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 3 Apr 2023 10:08:28 +0200
Subject: [PATCH 0913/2268] refactor: Let delete/prune commands actually
 perform the deletion and return a proper CommandResult

---
 cmd/kluctl/commands/cmd_delete.go    | 20 +++++++-----------
 cmd/kluctl/commands/cmd_prune.go     |  9 ++++----
 pkg/deployment/commands/delete.go    | 31 +++++++++++++++++++++++++---
 pkg/deployment/commands/prune.go     | 26 +++++++++++++++++++++--
 pkg/deployment/utils/delete_utils.go | 21 ++++++-------------
 5 files changed, 69 insertions(+), 38 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index bb238bff3..08c432eac 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -5,11 +5,8 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type deleteCmd struct {
@@ -51,13 +48,11 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if cmd.Discriminator != "" {
 			discriminator = cmd.Discriminator
 		}
-		cmd2 := commands.NewDeleteCommand(discriminator, cmdCtx.targetCtx.DeploymentCollection.Inclusion)
+		cmd2 := commands.NewDeleteCommand(discriminator, cmdCtx.targetCtx.DeploymentCollection, cmdCtx.targetCtx.DeploymentCollection.Inclusion)
 
-		objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
-		if err != nil {
-			return err
-		}
-		result, err := confirmedDeleteObjects(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+		result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
+			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
+		})
 		if err != nil {
 			return err
 		}
@@ -76,7 +71,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 	})
 }
 
-func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) (*result.CommandResult, error) {
+func confirmDeletion(ctx context.Context, refs []k8s2.ObjectRef, dryRun bool, forceYes bool) error {
 	if len(refs) != 0 {
 		_, _ = getStderr(ctx).WriteString("The following objects will be deleted:\n")
 		for _, ref := range refs {
@@ -84,10 +79,9 @@ func confirmedDeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.
 		}
 		if !forceYes && !dryRun {
 			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
-				return nil, fmt.Errorf("aborted")
+				return fmt.Errorf("aborted")
 			}
 		}
 	}
-
-	return utils.DeleteObjects(ctx, k, refs, true)
+	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index ba60b59a8..4c8b86d17 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
 type pruneCmd struct {
@@ -46,11 +47,9 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 
 func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
-	objects, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
-	if err != nil {
-		return err
-	}
-	result, err := confirmedDeleteObjects(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, objects, cmd.DryRun, cmd.Yes)
+	result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
+		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
+	})
 	if err != nil {
 		return err
 	}
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index da6d7e5d9..49a0e27a3 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -3,25 +3,29 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type DeleteCommand struct {
+	c             *deployment.DeploymentCollection
 	discriminator string
 	inclusion     *utils.Inclusion
 }
 
-func NewDeleteCommand(discriminator string, inclusion *utils.Inclusion) *DeleteCommand {
+func NewDeleteCommand(discriminator string, c *deployment.DeploymentCollection, inclusion *utils.Inclusion) *DeleteCommand {
 	return &DeleteCommand{
 		discriminator: discriminator,
+		c:             c,
 		inclusion:     inclusion,
 	}
 }
 
-func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
+func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
 	if cmd.discriminator == "" {
 		return nil, fmt.Errorf("deletion without a discriminator is not supported")
 	}
@@ -33,5 +37,26 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Ob
 		return nil, err
 	}
 
-	return utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(cmd.inclusion), cmd.inclusion.HasType("tags"), nil)
+	deleteRefs, err := utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(cmd.inclusion), cmd.inclusion.HasType("tags"), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if confirmCb != nil {
+		err = confirmCb(deleteRefs)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
+	if err != nil {
+		return nil, err
+	}
+
+	return &result.CommandResult{
+		DeletedObjects: deleted,
+		Errors:         dew.GetErrorsList(),
+		Warnings:       dew.GetWarningsList(),
+	}, nil
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 4b7a32cfe..c285bb12a 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -7,6 +7,7 @@ import (
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type PruneCommand struct {
@@ -21,7 +22,7 @@ func NewPruneCommand(discriminator string, c *deployment.DeploymentCollection) *
 	}
 }
 
-func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.ObjectRef, error) {
+func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
 	if cmd.discriminator == "" {
 		return nil, fmt.Errorf("pruning without a discriminator is not supported")
 	}
@@ -34,7 +35,28 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster) ([]k8s2.Obj
 		return nil, err
 	}
 
-	return FindOrphanObjects(k, ru, cmd.c)
+	deleteRefs, err := FindOrphanObjects(k, ru, cmd.c)
+	if err != nil {
+		return nil, err
+	}
+
+	if confirmCb != nil {
+		err = confirmCb(deleteRefs)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
+	if err != nil {
+		return nil, err
+	}
+
+	return &result.CommandResult{
+		DeletedObjects: deleted,
+		Errors:         dew.GetErrorsList(),
+		Warnings:       dew.GetWarningsList(),
+	}, nil
 }
 
 func FindOrphanObjects(k *k8s.K8sCluster, ru *utils2.RemoteObjectUtils, c *deployment.DeploymentCollection) ([]k8s2.ObjectRef, error) {
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index f247f9f27..0cab9e94e 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -160,10 +159,10 @@ func FindObjectsForDelete(k *k8s.K8sCluster, allClusterObjects []*uo.Unstructure
 	return ret, nil
 }
 
-func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, doWait bool) (*result.CommandResult, error) {
+func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dew *DeploymentErrorsAndWarnings, doWait bool) ([]k8s2.ObjectRef, error) {
 	g := utils.NewGoHelper(ctx, 8)
 
-	var ret result.CommandResult
+	var ret []k8s2.ObjectRef
 	namespaceNames := make(map[string]bool)
 	var mutex sync.Mutex
 
@@ -172,19 +171,11 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 		defer mutex.Unlock()
 
 		if err == nil {
-			ret.DeletedObjects = append(ret.DeletedObjects, ref)
+			ret = append(ret, ref)
 		} else {
-			ret.Errors = append(ret.Errors, result.DeploymentError{
-				Ref:     ref,
-				Message: err.Error(),
-			})
-		}
-		for _, w := range apiWarnings {
-			ret.Warnings = append(ret.Warnings, result.DeploymentError{
-				Ref:     ref,
-				Message: w.Text,
-			})
+			dew.AddError(ref, err)
 		}
+		dew.AddApiWarnings(ref, apiWarnings)
 	}
 
 	for _, ref_ := range refs {
@@ -215,5 +206,5 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 	}
 	g.Wait()
 
-	return &ret, nil
+	return ret, nil
 }

From b7fcc1117075c7891953c21b349c2a5dcb534c1e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 2 Apr 2023 00:46:36 +0200
Subject: [PATCH 0914/2268] fix: Preserve when fields instead of
 rendering+overwriting them

---
 pkg/deployment/deployment_collection.go | 11 +++---
 pkg/deployment/deployment_project.go    | 48 ++++++-------------------
 pkg/vars/vars.go                        | 17 +++++++++
 pkg/vars/vars_loader.go                 | 15 ++++----
 4 files changed, 40 insertions(+), 51 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index dd7bfb426..53f31c0de 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -2,7 +2,6 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -83,12 +82,16 @@ func findDeploymentItemIndex(project *DeploymentProject, pth *string, indexes ma
 func (c *DeploymentCollection) collectAllDeployments(project *DeploymentProject, indexes map[string]int) ([]*DeploymentItem, error) {
 	var ret []*DeploymentItem
 
-	if !kluctl_jinja2.IsConditionalTrue(project.Config.When) {
-		return nil, nil
+	if x, err := project.CheckWhenTrue(); !x || err != nil {
+		return nil, err
 	}
 
 	for i, diConfig := range project.Config.Deployments {
-		if !kluctl_jinja2.IsConditionalTrue(diConfig.When) {
+		whenTrue, err := project.VarsCtx.CheckConditional(diConfig.When)
+		if err != nil {
+			return nil, err
+		}
+		if !whenTrue {
 			continue
 		}
 
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 929073405..34c7d713e 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,7 +3,6 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -57,8 +56,8 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 		return nil, fmt.Errorf("failed to load deployment config for %s: %w", dir, err)
 	}
 
-	if !kluctl_jinja2.IsConditionalTrue(dp.Config.When) {
-		return dp, nil
+	if x, err := dp.CheckWhenTrue(); !x || err != nil {
+		return dp, err
 	}
 
 	err = dp.loadIncludes()
@@ -143,11 +142,6 @@ func (p *DeploymentProject) processConfig() error {
 		return err
 	}
 
-	err = p.renderConditionals()
-	if err != nil {
-		return err
-	}
-
 	return nil
 }
 
@@ -176,38 +170,12 @@ func (p *DeploymentProject) checkDeploymentDirs() error {
 	return nil
 }
 
-func (p *DeploymentProject) renderConditionals() error {
+func (p *DeploymentProject) CheckWhenTrue() (bool, error) {
 	if p.parentProject == nil && p.Config.When != "" {
-		return fmt.Errorf("the root deployment project can not contain 'when'")
-	}
-
-	vars, err := p.VarsCtx.Vars.ToMap()
-	if err != nil {
-		return err
-	}
-	r, err := kluctl_jinja2.RenderConditional(p.VarsCtx.J2, vars, p.Config.When)
-	if err != nil {
-		return err
+		return false, fmt.Errorf("the root deployment project can not contain 'when'")
 	}
-	p.Config.When = r
 
-	if !kluctl_jinja2.IsConditionalTrue(p.Config.When) {
-		// No need to render individual deployment item conditionals
-		return nil
-	}
-
-	conditionals := make([]string, 0, len(p.Config.Deployments))
-	for _, di := range p.Config.Deployments {
-		conditionals = append(conditionals, di.When)
-	}
-	rendered, err := kluctl_jinja2.RenderConditionals(p.VarsCtx.J2, vars, conditionals)
-	if err != nil {
-		return err
-	}
-	for i, r := range rendered {
-		p.Config.Deployments[i].When = r
-	}
-	return nil
+	return p.VarsCtx.CheckConditional(p.Config.When)
 }
 
 func (p *DeploymentProject) loadIncludes() error {
@@ -215,7 +183,11 @@ func (p *DeploymentProject) loadIncludes() error {
 		var err error
 		var newProject *DeploymentProject
 
-		if !kluctl_jinja2.IsConditionalTrue(inc.When) {
+		whenTrue, err := p.VarsCtx.CheckConditional(inc.When)
+		if err != nil {
+			return err
+		}
+		if !whenTrue {
 			continue
 		}
 
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index 11151f24d..826233fb5 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -2,6 +2,7 @@ package vars
 
 import (
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
@@ -98,3 +99,19 @@ func (vc *VarsCtx) RenderDirectory(sourceDir string, targetDir string, excludePa
 	}
 	return vc.J2.RenderDirectory(sourceDir, targetDir, excludePatterns, jinja2.WithGlobals(globals), jinja2.WithSearchDirs(searchDirs), jinja2.WithTemplateIgnoreRootDir(templateIgnoreRoot))
 }
+
+func (vc *VarsCtx) CheckConditional(c string) (bool, error) {
+	if kluctl_jinja2.IsConditionalTrue(c) {
+		return true, nil
+	}
+
+	m, err := vc.Vars.ToMap()
+	if err != nil {
+		return false, err
+	}
+	c, err = kluctl_jinja2.RenderConditional(vc.J2, m, c)
+	if err != nil {
+		return false, err
+	}
+	return kluctl_jinja2.IsConditionalTrue(c), nil
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 9c90b4000..8ef2b6ed5 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,7 +8,6 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -83,14 +82,12 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 		return err
 	}
 
-	if source.When != "" {
-		r, err := kluctl_jinja2.RenderConditional(varsCtx.J2, globals, source.When)
-		if err != nil {
-			return err
-		}
-		if !kluctl_jinja2.IsConditionalTrue(r) {
-			return nil
-		}
+	whenTrue, err := varsCtx.CheckConditional(source.When)
+	if err != nil {
+		return err
+	}
+	if !whenTrue {
+		return nil
 	}
 
 	ignoreMissing := false

From 704b2800159953f7810a1842f68fce7f2518eeb9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Apr 2023 09:16:59 +0200
Subject: [PATCH 0915/2268] feat: Store rendered/remote/applied objects in
 CommandResult

---
 cmd/kluctl/commands/command_result.go  | 10 ++-----
 cmd/kluctl/commands/utils.go           |  1 -
 pkg/deployment/commands/delete.go      |  8 ++++--
 pkg/deployment/commands/deploy.go      | 38 +++++++++++++++-----------
 pkg/deployment/commands/diff.go        | 19 +++++++------
 pkg/deployment/commands/poke_images.go | 27 ++++++++++++------
 pkg/deployment/commands/prune.go       |  8 ++++--
 pkg/deployment/utils/apply_utils.go    | 17 ++++++++++--
 pkg/diff/obfuscate.go                  | 18 ++++++++++--
 pkg/types/result/command_result.go     | 25 +++++++++--------
 10 files changed, 109 insertions(+), 62 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 6815a8b89..f8a874cc3 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -26,11 +26,7 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 
 	if len(cr.NewObjects) != 0 {
 		buf.WriteString("\nNew objects:\n")
-		var refs []k8s.ObjectRef
-		for _, o := range cr.NewObjects {
-			refs = append(refs, o.GetK8sRef())
-		}
-		prettyObjectRefs(buf, refs)
+		prettyObjectRefs(buf, cr.NewObjects)
 	}
 	if len(cr.ChangedObjects) != 0 {
 		buf.WriteString("\nChanged objects:\n")
@@ -57,10 +53,10 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 		prettyObjectRefs(buf, cr.DeletedObjects)
 	}
 
-	if len(cr.HookObjects) != 0 {
+	if len(cr.AppliedHookObjects) != 0 {
 		buf.WriteString("\nApplied hooks:\n")
 		var refs []k8s.ObjectRef
-		for _, o := range cr.HookObjects {
+		for _, o := range cr.AppliedHookObjects {
 			refs = append(refs, o.GetK8sRef())
 		}
 		prettyObjectRefs(buf, refs)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 229ecd281..e41e9acd1 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -246,7 +246,6 @@ func addCommandInfo(r *result.CommandResult, command string, ctx *commandCtx, ta
 		r.Command.AbortOnError = abortOnErrorFlags.AbortOnError
 	}
 	r.Deployment = &ctx.targetCtx.DeploymentProject.Config
-	r.RenderedObjects = ctx.targetCtx.DeploymentCollection.LocalObjects()
 	return nil
 }
 
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 49a0e27a3..6d7ebe07b 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -55,8 +55,10 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 	}
 
 	return &result.CommandResult{
-		DeletedObjects: deleted,
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
+		RenderedObjects: cmd.c.LocalObjects(),
+		RemoteObjects:   ru.GetFilteredRemoteObjects(nil),
+		DeletedObjects:  deleted,
+		Errors:          dew.GetErrorsList(),
+		Warnings:        dew.GetWarningsList(),
 	}, nil
 }
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index a1f98531f..427710916 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -65,14 +65,17 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &result.CommandResult{
-			NewObjects:     au.GetNewObjects(),
-			ChangedObjects: du.ChangedObjects,
-			DeletedObjects: au.GetDeletedObjects(),
-			HookObjects:    au.GetAppliedHookObjects(),
-			OrphanObjects:  orphanObjects,
-			Errors:         dew.GetErrorsList(),
-			Warnings:       dew.GetWarningsList(),
-			SeenImages:     cmd.c.Images.SeenImages(false),
+			RenderedObjects:    cmd.c.LocalObjects(),
+			RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
+			AppliedObjects:     au.GetAppliedObjects(),
+			AppliedHookObjects: au.GetAppliedHookObjects(),
+			NewObjects:         au.GetNewObjectRefs(),
+			ChangedObjects:     du.ChangedObjects,
+			DeletedObjects:     au.GetDeletedObjects(),
+			OrphanObjects:      orphanObjects,
+			Errors:             dew.GetErrorsList(),
+			Warnings:           dew.GetWarningsList(),
+			SeenImages:         cmd.c.Images.SeenImages(false),
 		}
 
 		err = diffResultCb(diffResult)
@@ -99,13 +102,16 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		return nil, err
 	}
 	return &result.CommandResult{
-		NewObjects:     au.GetNewObjects(),
-		ChangedObjects: du.ChangedObjects,
-		DeletedObjects: au.GetDeletedObjects(),
-		HookObjects:    au.GetAppliedHookObjects(),
-		OrphanObjects:  orphanObjects,
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
-		SeenImages:     cmd.c.Images.SeenImages(false),
+		RenderedObjects:    cmd.c.LocalObjects(),
+		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
+		AppliedObjects:     au.GetAppliedObjects(),
+		AppliedHookObjects: au.GetAppliedHookObjects(),
+		NewObjects:         au.GetNewObjectRefs(),
+		ChangedObjects:     du.ChangedObjects,
+		DeletedObjects:     au.GetDeletedObjects(),
+		OrphanObjects:      orphanObjects,
+		Errors:             dew.GetErrorsList(),
+		Warnings:           dew.GetWarningsList(),
+		SeenImages:         cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 335fecc91..c15f97864 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -66,13 +66,16 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.Com
 		return nil, err
 	}
 	return &result.CommandResult{
-		NewObjects:     au.GetNewObjects(),
-		ChangedObjects: du.ChangedObjects,
-		DeletedObjects: au.GetDeletedObjects(),
-		HookObjects:    au.GetAppliedHookObjects(),
-		OrphanObjects:  orphanObjects,
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
-		SeenImages:     cmd.c.Images.SeenImages(false),
+		RenderedObjects:    cmd.c.LocalObjects(),
+		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
+		AppliedObjects:     au.GetAppliedObjects(),
+		AppliedHookObjects: au.GetAppliedHookObjects(),
+		NewObjects:         au.GetNewObjectRefs(),
+		ChangedObjects:     du.ChangedObjects,
+		DeletedObjects:     au.GetDeletedObjects(),
+		OrphanObjects:      orphanObjects,
+		Errors:             dew.GetErrorsList(),
+		Warnings:           dew.GetWarningsList(),
+		SeenImages:         cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 8af5d519d..d2c4de720 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -71,7 +71,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 		return o, nil
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
+	au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
 
 	for ref, containers := range containersAndImages {
 		ref := ref
@@ -79,7 +79,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := ad.NewApplyUtil(ctx, nil)
+			au := au.NewApplyUtil(ctx, nil)
 			remote := ru.GetRemoteObject(ref)
 			if remote == nil {
 				dew.AddWarning(ref, fmt.Errorf("remote object not found, skipped image replacement"))
@@ -92,14 +92,25 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 	}
 	wg.Wait()
 
-	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, ad.GetAppliedObjectsMap())
+	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
 	du.Diff()
 
+	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
+	if err != nil {
+		return nil, err
+	}
+
 	return &result.CommandResult{
-		NewObjects:     nil,
-		ChangedObjects: du.ChangedObjects,
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
-		SeenImages:     cmd.c.Images.SeenImages(false),
+		RenderedObjects:    cmd.c.LocalObjects(),
+		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
+		AppliedObjects:     au.GetAppliedObjects(),
+		AppliedHookObjects: au.GetAppliedHookObjects(),
+		NewObjects:         au.GetNewObjectRefs(),
+		ChangedObjects:     du.ChangedObjects,
+		DeletedObjects:     au.GetDeletedObjects(),
+		OrphanObjects:      orphanObjects,
+		Errors:             dew.GetErrorsList(),
+		Warnings:           dew.GetWarningsList(),
+		SeenImages:         cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index c285bb12a..5791db8d7 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -53,9 +53,11 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb f
 	}
 
 	return &result.CommandResult{
-		DeletedObjects: deleted,
-		Errors:         dew.GetErrorsList(),
-		Warnings:       dew.GetWarningsList(),
+		RenderedObjects: cmd.c.LocalObjects(),
+		RemoteObjects:   ru.GetFilteredRemoteObjects(nil),
+		DeletedObjects:  deleted,
+		Errors:          dew.GetErrorsList(),
+		Warnings:        dew.GetWarningsList(),
 	}, nil
 }
 
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 0b610412e..750195855 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -768,8 +768,21 @@ func (ad *ApplyDeploymentsUtil) collectObjects(f func(au *ApplyUtil) map[k8s2.Ob
 	return ret
 }
 
-func (ad *ApplyDeploymentsUtil) GetNewObjects() []*uo.UnstructuredObject {
-	return ad.collectObjects(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
+func (ad *ApplyDeploymentsUtil) collectObjectRefs(f func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject) []k8s2.ObjectRef {
+	ad.resultsMutex.Lock()
+	defer ad.resultsMutex.Unlock()
+
+	var ret []k8s2.ObjectRef
+	for _, a := range ad.results {
+		for _, o := range f(a) {
+			ret = append(ret, o.GetK8sRef())
+		}
+	}
+	return ret
+}
+
+func (ad *ApplyDeploymentsUtil) GetNewObjectRefs() []k8s2.ObjectRef {
+	return ad.collectObjectRefs(func(au *ApplyUtil) map[k8s2.ObjectRef]*uo.UnstructuredObject {
 		return au.newObjects
 	})
 }
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 80a16e151..d00332960 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -23,14 +23,26 @@ func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
 			return err
 		}
 	}
-	for _, n := range r.NewObjects {
+	for _, n := range r.RenderedObjects {
 		err := o.ObfuscateObject(n)
 		if err != nil {
 			return err
 		}
 	}
-	for _, h := range r.HookObjects {
-		err := o.ObfuscateObject(h)
+	for _, n := range r.RemoteObjects {
+		err := o.ObfuscateObject(n)
+		if err != nil {
+			return err
+		}
+	}
+	for _, n := range r.AppliedObjects {
+		err := o.ObfuscateObject(n)
+		if err != nil {
+			return err
+		}
+	}
+	for _, n := range r.AppliedHookObjects {
+		err := o.ObfuscateObject(n)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index ef1737e8e..ea55be518 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -60,18 +60,21 @@ type CommandInfo struct {
 }
 
 type CommandResult struct {
-	Command         *CommandInfo                   `json:"command,omitempty"`
-	Deployment      *types.DeploymentProjectConfig `json:"deployment,omitempty"`
-	RenderedObjects []*uo.UnstructuredObject       `json:"renderedObjects,omitempty"`
+	Command    *CommandInfo                   `json:"command,omitempty"`
+	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
-	NewObjects     []*uo.UnstructuredObject `json:"newObjects,omitempty"`
-	ChangedObjects []*ChangedObject         `json:"changedObjects,omitempty"`
-	HookObjects    []*uo.UnstructuredObject `json:"hookObjects,omitempty"`
-	OrphanObjects  []k8s.ObjectRef          `json:"orphanObjects,omitempty"`
-	DeletedObjects []k8s.ObjectRef          `json:"deletedObjects,omitempty"`
-	Errors         []DeploymentError        `json:"errors,omitempty"`
-	Warnings       []DeploymentError        `json:"warnings,omitempty"`
-	SeenImages     []types.FixedImage       `json:"seenImages,omitempty"`
+	RenderedObjects    []*uo.UnstructuredObject `json:"renderedObjects,omitempty"`
+	RemoteObjects      []*uo.UnstructuredObject `json:"remoteObjects,omitempty"`
+	AppliedObjects     []*uo.UnstructuredObject `json:"appliedObjects,omitempty"`
+	AppliedHookObjects []*uo.UnstructuredObject `json:"appliedHookObjects,omitempty"`
+
+	NewObjects     []k8s.ObjectRef    `json:"newObjects,omitempty"`
+	ChangedObjects []*ChangedObject   `json:"changedObjects,omitempty"`
+	OrphanObjects  []k8s.ObjectRef    `json:"orphanObjects,omitempty"`
+	DeletedObjects []k8s.ObjectRef    `json:"deletedObjects,omitempty"`
+	Errors         []DeploymentError  `json:"errors,omitempty"`
+	Warnings       []DeploymentError  `json:"warnings,omitempty"`
+	SeenImages     []types.FixedImage `json:"seenImages,omitempty"`
 }
 
 type ValidateResultEntry struct {

From 5532a019649809dab2cd69146221f43ce8551b20 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Apr 2023 09:17:49 +0200
Subject: [PATCH 0916/2268] fix: Fix crash on secrets/configmaps with null data

---
 pkg/diff/obfuscate.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index d00332960..96a8ea254 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -119,7 +119,7 @@ func (o *Obfuscator) obfuscateSecretChanges(ref k8s.ObjectRef, changes []result.
 
 func (o *Obfuscator) obfuscateSecret(x *uo.UnstructuredObject) error {
 	data, ok, _ := x.GetNestedField("data")
-	if ok {
+	if ok && data != nil {
 		if m, ok := data.(map[string]any); ok {
 			for k, _ := range m {
 				m[k] = base64.StdEncoding.EncodeToString([]byte("*****"))
@@ -129,7 +129,7 @@ func (o *Obfuscator) obfuscateSecret(x *uo.UnstructuredObject) error {
 		}
 	}
 	data, ok, _ = x.GetNestedField("stringData")
-	if ok {
+	if ok && data != nil {
 		if m, ok := data.(map[string]any); ok {
 			for k, _ := range m {
 				m[k] = "*****"

From e441a9ad42ff7a3cc50edcb2d5fe46ee927a59c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Apr 2023 09:18:09 +0200
Subject: [PATCH 0917/2268] fix: Omit empty group/namespace from json ObjectRef

---
 pkg/types/k8s/ref.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/types/k8s/ref.go b/pkg/types/k8s/ref.go
index fa91157e3..b257ca428 100644
--- a/pkg/types/k8s/ref.go
+++ b/pkg/types/k8s/ref.go
@@ -6,11 +6,11 @@ import (
 )
 
 type ObjectRef struct {
-	Group     string `json:"group"`
-	Version   string `json:"version"`
+	Group     string `json:"group,omitempty"`
+	Version   string `json:"version,omitempty"`
 	Kind      string `json:"kind"`
 	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
+	Namespace string `json:"namespace,omitempty"`
 }
 
 func (r ObjectRef) String() string {

From 29d1abdd06ad980ca441aeec74df51f9dc69ec43 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Apr 2023 15:54:26 +0200
Subject: [PATCH 0918/2268] feat: Add start/end time to CommandResult

---
 cmd/kluctl/commands/cmd_delete.go      |  4 ++-
 cmd/kluctl/commands/cmd_deploy.go      |  8 ++++--
 cmd/kluctl/commands/cmd_diff.go        |  4 ++-
 cmd/kluctl/commands/cmd_poke_images.go |  4 ++-
 cmd/kluctl/commands/cmd_prune.go       |  8 ++++--
 cmd/kluctl/commands/utils.go           |  6 +++-
 pkg/types/result/command_result.go     |  2 ++
 pkg/types/time.go                      | 39 ++++++++++++++++++++++++++
 8 files changed, 65 insertions(+), 10 deletions(-)
 create mode 100644 pkg/types/time.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 08c432eac..57f7c1a74 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"time"
 )
 
 type deleteCmd struct {
@@ -43,6 +44,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
+	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		discriminator := cmdCtx.targetCtx.Target.Discriminator
 		if cmd.Discriminator != "" {
@@ -56,7 +58,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, "delete", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+		err = addCommandInfo(result, startTime, "delete", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 469d93ae1..e6e918d58 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"time"
 )
 
 type deployCmd struct {
@@ -46,12 +47,13 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
+	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdDeploy(cmdCtx)
+		return cmd.runCmdDeploy(cmdCtx, startTime)
 	})
 }
 
-func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
+func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) error {
 	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
 	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
 
@@ -74,7 +76,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = addCommandInfo(result, "deploy", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, &cmd.AbortOnErrorFlags, cmd.NoWait)
+	err = addCommandInfo(result, startTime, "deploy", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, &cmd.AbortOnErrorFlags, cmd.NoWait)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 46838fcd3..640caecee 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"time"
 )
 
 type diffCmd struct {
@@ -38,6 +39,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
+	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 		cmd2.ForceApply = cmd.ForceApply
@@ -50,7 +52,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, "diff", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, nil, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, nil, false)
+		err = addCommandInfo(result, startTime, "diff", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, nil, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, nil, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index ac72efe70..fccb20bc9 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"time"
 )
 
 type pokeImagesCmd struct {
@@ -38,6 +39,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
+	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
 			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", cmdCtx.targetCtx.ClusterContext)) {
@@ -51,7 +53,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, "poke-images", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+		err = addCommandInfo(result, startTime, "poke-images", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 4c8b86d17..cd19d2e33 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"time"
 )
 
 type pruneCmd struct {
@@ -40,12 +41,13 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
+	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdPrune(cmdCtx)
+		return cmd.runCmdPrune(cmdCtx, startTime)
 	})
 }
 
-func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
+func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error {
 	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
 	result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
 		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
@@ -53,7 +55,7 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	if err != nil {
 		return err
 	}
-	err = addCommandInfo(result, "prune", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
+	err = addCommandInfo(result, startTime, "prune", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index e41e9acd1..91e801504 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,9 +3,11 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
 	"strings"
+	"time"
 
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
@@ -205,11 +207,13 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
-func addCommandInfo(r *result.CommandResult, command string, ctx *commandCtx, targetFlags *args.TargetFlags,
+func addCommandInfo(r *result.CommandResult, startTime time.Time, command string, ctx *commandCtx, targetFlags *args.TargetFlags,
 	imageFlags *args.ImageFlags, inclusionFlags *args.InclusionFlags,
 	dryRunFlags *args.DryRunFlags, forceApplyFlags *args.ForceApplyFlags, replaceOnErrorFlags *args.ReplaceOnErrorFlags, abortOnErrorFlags *args.AbortOnErrorFlags, noWait bool) error {
 	r.Command = &result.CommandInfo{
 		Initiator: result.CommandInititiator_CommandLine,
+		StartTime: types.FromTime(startTime),
+		EndTime:   types.FromTime(time.Now()),
 		Command:   command,
 		Target:    ctx.targetCtx.Target,
 		Args:      ctx.targetCtx.KluctlProject.LoadArgs.ExternalArgs,
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index ea55be518..2596242b2 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -40,6 +40,8 @@ const (
 
 type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
+	StartTime             types.JsonTime         `json:"startTime"`
+	EndTime               types.JsonTime         `json:"endTime"`
 	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
 	Command               string                 `json:"command,omitempty"`
 	Target                *types.Target          `json:"target,omitempty"`
diff --git a/pkg/types/time.go b/pkg/types/time.go
new file mode 100644
index 000000000..1706b8606
--- /dev/null
+++ b/pkg/types/time.go
@@ -0,0 +1,39 @@
+package types
+
+import (
+	"encoding/json"
+	"time"
+)
+
+type JsonTime string
+
+func FromTime(t time.Time) JsonTime {
+	return JsonTime(t.Format(time.RFC3339Nano))
+}
+
+func (t JsonTime) ToTime() (time.Time, error) {
+	t2, err := time.Parse(time.RFC3339Nano, string(t))
+	if err != nil {
+		return time.Time{}, err
+	}
+	return t2, nil
+}
+
+func (t *JsonTime) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+	t2 := JsonTime(s)
+	_, err = t2.ToTime()
+	if err != nil {
+		return err
+	}
+	*t = t2
+	return nil
+}
+
+func (t JsonTime) MarshalJSON() ([]byte, error) {
+	return json.Marshal(string(t))
+}

From 25b32ffeed9d8e1f50375e96de67ae3fdb1b0429 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Apr 2023 21:42:02 +0200
Subject: [PATCH 0919/2268] feat: Add CommandResultSummary

---
 pkg/types/result/summary.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 pkg/types/result/summary.go

diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
new file mode 100644
index 000000000..d8d8adfb7
--- /dev/null
+++ b/pkg/types/result/summary.go
@@ -0,0 +1,20 @@
+package result
+
+type CommandResultSummary struct {
+	Id      string       `json:"id"`
+	Command *CommandInfo `json:"commandInfo"`
+
+	RenderedObjects    int `json:"renderedObjects"`
+	RemoteObjects      int `json:"remoteObjects"`
+	AppliedObjects     int `json:"appliedObjects"`
+	AppliedHookObjects int `json:"appliedHookObjects"`
+
+	NewObjects     int `json:"newObjects"`
+	ChangedObjects int `json:"changedObjects"`
+	OrphanObjects  int `json:"orphanObjects"`
+	DeletedObjects int `json:"deletedObjects"`
+	Errors         int `json:"errors"`
+	Warnings       int `json:"warnings"`
+
+	TotalChanges int `json:"totalChanges"`
+}

From da4121be687e3b9ec05da4de38161e94f8bb9b58 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Apr 2023 23:16:49 +0200
Subject: [PATCH 0920/2268] feat: Compact objects in CommandResult

---
 cmd/kluctl/commands/command_result.go   |  66 ++++++----
 pkg/deployment/commands/delete.go       |   8 +-
 pkg/deployment/commands/deploy.go       |  30 ++---
 pkg/deployment/commands/diff.go         |  15 +--
 pkg/deployment/commands/poke_images.go  |  15 +--
 pkg/deployment/commands/prune.go        |   7 +-
 pkg/deployment/commands/utils.go        |  87 +++++++++++++
 pkg/deployment/utils/diff_utils.go      |  14 +--
 pkg/deployment/utils/diff_utils_test.go |   2 +-
 pkg/diff/obfuscate.go                   |  25 ++--
 pkg/types/result/command_result.go      |  36 ++++--
 pkg/types/result/compact.go             | 155 ++++++++++++++++++++++++
 12 files changed, 347 insertions(+), 113 deletions(-)
 create mode 100644 pkg/deployment/commands/utils.go
 create mode 100644 pkg/types/result/compact.go

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index f8a874cc3..c77356586 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -24,46 +24,64 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 		prettyErrors(buf, cr.Warnings)
 	}
 
-	if len(cr.NewObjects) != 0 {
+	var newObjects []k8s.ObjectRef
+	var changedObjects []k8s.ObjectRef
+	var deletedObjects []k8s.ObjectRef
+	var orphanObjects []k8s.ObjectRef
+	var appliedHookObjects []k8s.ObjectRef
+
+	for _, o := range cr.Objects {
+		if o.New {
+			newObjects = append(newObjects, o.Ref)
+		}
+		if len(o.Changes) != 0 {
+			changedObjects = append(changedObjects, o.Ref)
+		}
+		if o.Deleted {
+			deletedObjects = append(deletedObjects, o.Ref)
+		}
+		if o.Orphan {
+			orphanObjects = append(orphanObjects, o.Ref)
+		}
+		if o.Hook {
+			appliedHookObjects = append(appliedHookObjects, o.Ref)
+		}
+	}
+
+	if len(newObjects) != 0 {
 		buf.WriteString("\nNew objects:\n")
-		prettyObjectRefs(buf, cr.NewObjects)
+		prettyObjectRefs(buf, newObjects)
 	}
-	if len(cr.ChangedObjects) != 0 {
+	if len(changedObjects) != 0 {
 		buf.WriteString("\nChanged objects:\n")
-		var refs []k8s.ObjectRef
-		for _, co := range cr.ChangedObjects {
-			refs = append(refs, co.Ref)
-		}
-		prettyObjectRefs(buf, refs)
+		prettyObjectRefs(buf, changedObjects)
 
 		if !short {
 			buf.WriteString("\n")
-
-			for i, co := range cr.ChangedObjects {
+			for i, o := range cr.Objects {
+				if len(o.Changes) == 0 {
+					continue
+				}
 				if i != 0 {
 					buf.WriteString("\n")
 				}
-				prettyChanges(buf, co.Ref, co.Changes)
+				prettyChanges(buf, o.Ref, o.Changes)
 			}
 		}
 	}
 
-	if len(cr.DeletedObjects) != 0 {
+	if len(deletedObjects) != 0 {
 		buf.WriteString("\nDeleted objects:\n")
-		prettyObjectRefs(buf, cr.DeletedObjects)
+		prettyObjectRefs(buf, deletedObjects)
 	}
 
-	if len(cr.AppliedHookObjects) != 0 {
+	if len(appliedHookObjects) != 0 {
 		buf.WriteString("\nApplied hooks:\n")
-		var refs []k8s.ObjectRef
-		for _, o := range cr.AppliedHookObjects {
-			refs = append(refs, o.GetK8sRef())
-		}
-		prettyObjectRefs(buf, refs)
+		prettyObjectRefs(buf, appliedHookObjects)
 	}
-	if len(cr.OrphanObjects) != 0 {
+	if len(orphanObjects) != 0 {
 		buf.WriteString("\nOrphan objects:\n")
-		prettyObjectRefs(buf, cr.OrphanObjects)
+		prettyObjectRefs(buf, orphanObjects)
 	}
 
 	if len(cr.Errors) != 0 {
@@ -104,7 +122,11 @@ func prettyChanges(buf io.StringWriter, ref k8s.ObjectRef, changes []result.Chan
 }
 
 func formatCommandResultYaml(cr *result.CommandResult) (string, error) {
-	b, err := yaml.WriteYamlString(cr)
+	compactedCr := *cr
+	compactedCr.CompactedObjects = compactedCr.Objects
+	compactedCr.Objects = nil
+
+	b, err := yaml.WriteYamlString(compactedCr)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 6d7ebe07b..970362d97 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -55,10 +55,8 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 	}
 
 	return &result.CommandResult{
-		RenderedObjects: cmd.c.LocalObjects(),
-		RemoteObjects:   ru.GetFilteredRemoteObjects(nil),
-		DeletedObjects:  deleted,
-		Errors:          dew.GetErrorsList(),
-		Warnings:        dew.GetWarningsList(),
+		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
+		Errors:   dew.GetErrorsList(),
+		Warnings: dew.GetWarningsList(),
 	}, nil
 }
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 427710916..6b58c8762 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -65,17 +65,10 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &result.CommandResult{
-			RenderedObjects:    cmd.c.LocalObjects(),
-			RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
-			AppliedObjects:     au.GetAppliedObjects(),
-			AppliedHookObjects: au.GetAppliedHookObjects(),
-			NewObjects:         au.GetNewObjectRefs(),
-			ChangedObjects:     du.ChangedObjects,
-			DeletedObjects:     au.GetDeletedObjects(),
-			OrphanObjects:      orphanObjects,
-			Errors:             dew.GetErrorsList(),
-			Warnings:           dew.GetWarningsList(),
-			SeenImages:         cmd.c.Images.SeenImages(false),
+			Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+			Errors:     dew.GetErrorsList(),
+			Warnings:   dew.GetWarningsList(),
+			SeenImages: cmd.c.Images.SeenImages(false),
 		}
 
 		err = diffResultCb(diffResult)
@@ -102,16 +95,9 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		return nil, err
 	}
 	return &result.CommandResult{
-		RenderedObjects:    cmd.c.LocalObjects(),
-		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
-		AppliedObjects:     au.GetAppliedObjects(),
-		AppliedHookObjects: au.GetAppliedHookObjects(),
-		NewObjects:         au.GetNewObjectRefs(),
-		ChangedObjects:     du.ChangedObjects,
-		DeletedObjects:     au.GetDeletedObjects(),
-		OrphanObjects:      orphanObjects,
-		Errors:             dew.GetErrorsList(),
-		Warnings:           dew.GetWarningsList(),
-		SeenImages:         cmd.c.Images.SeenImages(false),
+		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Errors:     dew.GetErrorsList(),
+		Warnings:   dew.GetWarningsList(),
+		SeenImages: cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index c15f97864..66a5f5fdc 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -66,16 +66,9 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.Com
 		return nil, err
 	}
 	return &result.CommandResult{
-		RenderedObjects:    cmd.c.LocalObjects(),
-		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
-		AppliedObjects:     au.GetAppliedObjects(),
-		AppliedHookObjects: au.GetAppliedHookObjects(),
-		NewObjects:         au.GetNewObjectRefs(),
-		ChangedObjects:     du.ChangedObjects,
-		DeletedObjects:     au.GetDeletedObjects(),
-		OrphanObjects:      orphanObjects,
-		Errors:             dew.GetErrorsList(),
-		Warnings:           dew.GetWarningsList(),
-		SeenImages:         cmd.c.Images.SeenImages(false),
+		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Errors:     dew.GetErrorsList(),
+		Warnings:   dew.GetWarningsList(),
+		SeenImages: cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index d2c4de720..7d8e0d704 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -101,16 +101,9 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 	}
 
 	return &result.CommandResult{
-		RenderedObjects:    cmd.c.LocalObjects(),
-		RemoteObjects:      ru.GetFilteredRemoteObjects(nil),
-		AppliedObjects:     au.GetAppliedObjects(),
-		AppliedHookObjects: au.GetAppliedHookObjects(),
-		NewObjects:         au.GetNewObjectRefs(),
-		ChangedObjects:     du.ChangedObjects,
-		DeletedObjects:     au.GetDeletedObjects(),
-		OrphanObjects:      orphanObjects,
-		Errors:             dew.GetErrorsList(),
-		Warnings:           dew.GetWarningsList(),
-		SeenImages:         cmd.c.Images.SeenImages(false),
+		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Errors:     dew.GetErrorsList(),
+		Warnings:   dew.GetWarningsList(),
+		SeenImages: cmd.c.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 5791db8d7..c60bc6bb4 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -53,11 +53,8 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb f
 	}
 
 	return &result.CommandResult{
-		RenderedObjects: cmd.c.LocalObjects(),
-		RemoteObjects:   ru.GetFilteredRemoteObjects(nil),
-		DeletedObjects:  deleted,
-		Errors:          dew.GetErrorsList(),
-		Warnings:        dew.GetWarningsList(),
+		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
+		Warnings: dew.GetWarningsList(),
 	}, nil
 }
 
diff --git a/pkg/deployment/commands/utils.go b/pkg/deployment/commands/utils.go
new file mode 100644
index 000000000..074d3222d
--- /dev/null
+++ b/pkg/deployment/commands/utils.go
@@ -0,0 +1,87 @@
+package commands
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"sort"
+)
+
+func collectObjects(c *deployment.DeploymentCollection, ru *utils.RemoteObjectUtils, au *utils.ApplyDeploymentsUtil, du *utils.DiffUtil, orphans []k8s.ObjectRef, deleted []k8s.ObjectRef) []result.ResultObject {
+	m := map[k8s.ObjectRef]*result.ResultObject{}
+
+	getOrCreate := func(ref k8s.ObjectRef) *result.ResultObject {
+		x, ok := m[ref]
+		if !ok {
+			x = &result.ResultObject{}
+			x.Ref = ref
+			m[ref] = x
+		}
+		return x
+	}
+
+	if c != nil {
+		for _, x := range c.LocalObjects() {
+			o := getOrCreate(x.GetK8sRef())
+			o.Rendered = x
+		}
+	}
+	if ru != nil {
+		for _, x := range ru.GetFilteredRemoteObjects(nil) {
+			o := getOrCreate(x.GetK8sRef())
+			o.Remote = x
+		}
+	}
+
+	if au != nil {
+		for _, x := range au.GetAppliedObjects() {
+			o := getOrCreate(x.GetK8sRef())
+			o.Applied = x
+		}
+
+		for _, x := range au.GetAppliedHookObjects() {
+			o := getOrCreate(x.GetK8sRef())
+			o.Hook = true
+		}
+		for _, x := range au.GetNewObjectRefs() {
+			o := getOrCreate(x)
+			o.New = true
+		}
+		for _, x := range au.GetDeletedObjects() {
+			o := getOrCreate(x)
+			o.Deleted = true
+		}
+	}
+	if du != nil {
+		for _, x := range du.ChangedObjects {
+			o := getOrCreate(x.Ref)
+			o.Changes = x.Changes
+		}
+	}
+	for _, x := range orphans {
+		o := getOrCreate(x)
+		o.Orphan = true
+	}
+	for _, x := range deleted {
+		o := getOrCreate(x)
+		o.Deleted = true
+	}
+
+	for ref, o := range m {
+		if o.Rendered == nil && o.Applied == nil && !o.Deleted && !o.Orphan {
+			// exclude all objects that are clearly not under our control, but got retrieved anyway because some
+			// controller passed through the discriminator labels
+			delete(m, ref)
+		}
+	}
+
+	ret := make([]result.ResultObject, 0, len(m))
+	for _, o := range m {
+		ret = append(ret, *o)
+	}
+	sort.Slice(ret, func(i, j int) bool {
+		return ret[i].Ref.GroupVersionKind().String() < ret[j].Ref.GroupVersionKind().String()
+	})
+	return ret
+}
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index edffa3ef5..55ca28566 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -12,7 +12,7 @@ import (
 	"time"
 )
 
-type diffUtil struct {
+type DiffUtil struct {
 	dew            *DeploymentErrorsAndWarnings
 	deployments    []*deployment.DeploymentItem
 	appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
@@ -27,8 +27,8 @@ type diffUtil struct {
 	mutex             sync.Mutex
 }
 
-func NewDiffUtil(dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject) *diffUtil {
-	return &diffUtil{
+func NewDiffUtil(dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject) *DiffUtil {
+	return &DiffUtil{
 		dew:            dew,
 		deployments:    deployments,
 		ru:             ru,
@@ -36,7 +36,7 @@ func NewDiffUtil(dew *DeploymentErrorsAndWarnings, deployments []*deployment.Dep
 	}
 }
 
-func (u *diffUtil) Diff() {
+func (u *DiffUtil) Diff() {
 	var wg sync.WaitGroup
 
 	u.calcRemoteObjectsForDiff()
@@ -67,7 +67,7 @@ func (u *diffUtil) Diff() {
 	})
 }
 
-func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig) {
+func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig) {
 	if ao != nil && ro == nil {
 		// new?
 		return
@@ -106,7 +106,7 @@ func (u *diffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 	}
 }
 
-func (u *diffUtil) calcRemoteObjectsForDiff() {
+func (u *DiffUtil) calcRemoteObjectsForDiff() {
 	u.remoteDiffObjects = make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, o := range u.ru.remoteObjects {
 		diffName := o.GetK8sAnnotation("kluctl.io/diff-name")
@@ -126,7 +126,7 @@ func (u *diffUtil) calcRemoteObjectsForDiff() {
 	}
 }
 
-func (u *diffUtil) getRemoteObjectForDiff(localObject *uo.UnstructuredObject) (k8s2.ObjectRef, *uo.UnstructuredObject) {
+func (u *DiffUtil) getRemoteObjectForDiff(localObject *uo.UnstructuredObject) (k8s2.ObjectRef, *uo.UnstructuredObject) {
 	ref := localObject.GetK8sRef()
 	diffName := localObject.GetK8sAnnotation("kluctl.io/diff-name")
 	if diffName != nil {
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index cb319d09a..49bd2c7b7 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -19,7 +19,7 @@ type diffTestConfig struct {
 
 	dew *DeploymentErrorsAndWarnings
 	ru  *RemoteObjectUtils
-	du  *diffUtil
+	du  *DiffUtil
 }
 
 func (dtc *diffTestConfig) newRemoteObjects(dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index 96a8ea254..e2f299019 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -17,32 +17,20 @@ type Obfuscator struct {
 }
 
 func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
-	for _, c := range r.ChangedObjects {
-		err := o.ObfuscateChanges(c.Ref, c.Changes)
+	for _, x := range r.Objects {
+		err := o.ObfuscateObject(x.Rendered)
 		if err != nil {
 			return err
 		}
-	}
-	for _, n := range r.RenderedObjects {
-		err := o.ObfuscateObject(n)
-		if err != nil {
-			return err
-		}
-	}
-	for _, n := range r.RemoteObjects {
-		err := o.ObfuscateObject(n)
+		err = o.ObfuscateObject(x.Remote)
 		if err != nil {
 			return err
 		}
-	}
-	for _, n := range r.AppliedObjects {
-		err := o.ObfuscateObject(n)
+		err = o.ObfuscateObject(x.Applied)
 		if err != nil {
 			return err
 		}
-	}
-	for _, n := range r.AppliedHookObjects {
-		err := o.ObfuscateObject(n)
+		err = o.ObfuscateChanges(x.Ref, x.Changes)
 		if err != nil {
 			return err
 		}
@@ -61,6 +49,9 @@ func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change
 }
 
 func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) error {
+	if x == nil {
+		return nil
+	}
 	ref := x.GetK8sRef()
 	if ref.GroupKind() == secretGk {
 		err := o.obfuscateSecret(x)
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 2596242b2..7990df8ee 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -61,22 +61,34 @@ type CommandInfo struct {
 	ExcludeDeploymentDirs []string               `json:"excludeDeploymentDirs,omitempty"`
 }
 
+type BaseObject struct {
+	Ref     k8s.ObjectRef `json:"ref"`
+	Changes []Change      `json:"changes,omitempty"`
+
+	New     bool `json:"new,omitempty"`
+	Orphan  bool `json:"orphan,omitempty"`
+	Deleted bool `json:"deleted,omitempty"`
+	Hook    bool `json:"hook,omitempty"`
+}
+
+type ResultObject struct {
+	BaseObject
+
+	Rendered *uo.UnstructuredObject `json:"rendered,omitempty"`
+	Remote   *uo.UnstructuredObject `json:"remote,omitempty"`
+	Applied  *uo.UnstructuredObject `json:"applied,omitempty"`
+}
+
 type CommandResult struct {
 	Command    *CommandInfo                   `json:"command,omitempty"`
 	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
-	RenderedObjects    []*uo.UnstructuredObject `json:"renderedObjects,omitempty"`
-	RemoteObjects      []*uo.UnstructuredObject `json:"remoteObjects,omitempty"`
-	AppliedObjects     []*uo.UnstructuredObject `json:"appliedObjects,omitempty"`
-	AppliedHookObjects []*uo.UnstructuredObject `json:"appliedHookObjects,omitempty"`
-
-	NewObjects     []k8s.ObjectRef    `json:"newObjects,omitempty"`
-	ChangedObjects []*ChangedObject   `json:"changedObjects,omitempty"`
-	OrphanObjects  []k8s.ObjectRef    `json:"orphanObjects,omitempty"`
-	DeletedObjects []k8s.ObjectRef    `json:"deletedObjects,omitempty"`
-	Errors         []DeploymentError  `json:"errors,omitempty"`
-	Warnings       []DeploymentError  `json:"warnings,omitempty"`
-	SeenImages     []types.FixedImage `json:"seenImages,omitempty"`
+	Objects          []ResultObject   `json:"objects,omitempty"`
+	CompactedObjects CompactedObjects `json:"compactedObjects,omitempty"`
+
+	Errors     []DeploymentError  `json:"errors,omitempty"`
+	Warnings   []DeploymentError  `json:"warnings,omitempty"`
+	SeenImages []types.FixedImage `json:"seenImages,omitempty"`
 }
 
 type ValidateResultEntry struct {
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
new file mode 100644
index 000000000..6ae9f8dfa
--- /dev/null
+++ b/pkg/types/result/compact.go
@@ -0,0 +1,155 @@
+package result
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/sergi/go-diff/diffmatchpatch"
+	"strings"
+	"sync"
+)
+
+type CompactedObjects []ResultObject
+
+type CompactedObject struct {
+	BaseObject
+
+	Rendered string `json:"rendered,omitempty"`
+	Remote   string `json:"remote,omitempty"`
+	Applied  string `json:"applied,omitempty"`
+}
+
+func (l CompactedObjects) MarshalJSON() ([]byte, error) {
+	compactedList := make([]CompactedObject, len(l))
+
+	d := diffmatchpatch.New()
+
+	createPatchOrFull := func(prevJson *string, o *uo.UnstructuredObject) string {
+		if o == nil {
+			return ""
+		}
+		j, err := yaml.WriteJsonString(o)
+		if err != nil {
+			// we are a point where this was parsed/written so many times, it really shouldn't error
+			panic(err)
+		}
+		if *prevJson == "" {
+			*prevJson = j
+			return "full: " + j
+		}
+
+		diff := d.DiffMain(*prevJson, j, false)
+		delta := d.DiffToDelta(diff)
+		*prevJson = j
+
+		if len(delta) < len(j) {
+			return "delta: " + delta
+		} else {
+			return "full: " + j
+		}
+	}
+
+	var wg sync.WaitGroup
+	for i, o := range l {
+		i := i
+		o := o
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			var prevJson string
+			compactedList[i].BaseObject = o.BaseObject
+			compactedList[i].Rendered = createPatchOrFull(&prevJson, o.Rendered)
+			compactedList[i].Remote = createPatchOrFull(&prevJson, o.Remote)
+			compactedList[i].Applied = createPatchOrFull(&prevJson, o.Applied)
+		}()
+	}
+	wg.Wait()
+
+	return json.Marshal(compactedList)
+}
+
+func (l *CompactedObjects) UnmarshalJSON(b []byte) error {
+	var compactedList []CompactedObject
+	err := json.Unmarshal(b, &compactedList)
+	if err != nil {
+		return err
+	}
+
+	d := diffmatchpatch.New()
+
+	patchAndUnmarshal := func(prevJson *string, s string) (*uo.UnstructuredObject, error) {
+		if s == "" {
+			return nil, nil
+		}
+
+		if strings.HasPrefix(s, "full: ") {
+			full := s[6:]
+			*prevJson = full
+			return uo.FromString(full)
+		} else if strings.HasPrefix(s, "delta: ") {
+			if *prevJson == "" {
+				return nil, fmt.Errorf("prevJson empty")
+			}
+			delta := s[7:]
+			diff, err := d.DiffFromDelta(*prevJson, delta)
+			if err != nil {
+				return nil, err
+			}
+			patch := d.PatchMake(diff)
+			newJson, result := d.PatchApply(patch, *prevJson)
+			for _, b := range result {
+				if !b {
+					return nil, fmt.Errorf("patch did not fully apply")
+				}
+			}
+			o, err := uo.FromString(newJson)
+			if err != nil {
+				return nil, err
+			}
+			*prevJson = newJson
+			return o, nil
+		} else {
+			return nil, fmt.Errorf("unexpected object/delta")
+		}
+	}
+
+	ret := make([]ResultObject, len(compactedList))
+
+	gh := utils.NewGoHelper(context.Background(), -1)
+	for i, o := range compactedList {
+		i := i
+		o := o
+		gh.RunE(func() error {
+			var err error
+
+			o2 := ResultObject{}
+			o2.BaseObject = o.BaseObject
+
+			prevJson := ""
+			o2.Rendered, err = patchAndUnmarshal(&prevJson, o.Rendered)
+			if err != nil {
+				return err
+			}
+			o2.Remote, err = patchAndUnmarshal(&prevJson, o.Remote)
+			if err != nil {
+				return err
+			}
+			o2.Applied, err = patchAndUnmarshal(&prevJson, o.Applied)
+			if err != nil {
+				return err
+			}
+			ret[i] = o2
+			return nil
+		})
+	}
+	gh.Wait()
+	err = gh.ErrorOrNil()
+	if err != nil {
+		return err
+	}
+	*l = ret
+	return nil
+}

From a6a9b0757aeae7fecf070544e0de7993441e7d52 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Apr 2023 16:01:37 +0200
Subject: [PATCH 0921/2268] feat: Add ProjectSummary and GitInfo

---
 cmd/kluctl/commands/utils.go       | 82 +++++++++++++++++++++++++++++-
 pkg/types/result/command_result.go | 19 ++++++-
 pkg/types/result/summary.go        | 15 +++++-
 3 files changed, 112 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 91e801504..bb2d01751 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,9 +3,12 @@ package commands
 import (
 	"context"
 	"fmt"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -210,7 +213,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 func addCommandInfo(r *result.CommandResult, startTime time.Time, command string, ctx *commandCtx, targetFlags *args.TargetFlags,
 	imageFlags *args.ImageFlags, inclusionFlags *args.InclusionFlags,
 	dryRunFlags *args.DryRunFlags, forceApplyFlags *args.ForceApplyFlags, replaceOnErrorFlags *args.ReplaceOnErrorFlags, abortOnErrorFlags *args.AbortOnErrorFlags, noWait bool) error {
-	r.Command = &result.CommandInfo{
+	r.Command = result.CommandInfo{
+		Id:        uuid.New().String(),
 		Initiator: result.CommandInititiator_CommandLine,
 		StartTime: types.FromTime(startTime),
 		EndTime:   types.FromTime(time.Now()),
@@ -250,6 +254,82 @@ func addCommandInfo(r *result.CommandResult, startTime time.Time, command string
 		r.Command.AbortOnError = abortOnErrorFlags.AbortOnError
 	}
 	r.Deployment = &ctx.targetCtx.DeploymentProject.Config
+
+	err := addGitInfo(r, ctx)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func addGitInfo(r *result.CommandResult, ctx *commandCtx) error {
+	if ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
+		return nil
+	}
+
+	projectDirAbs, err := filepath.Abs(ctx.targetCtx.KluctlProject.LoadArgs.ProjectDir)
+	if err != nil {
+		return err
+	}
+
+	subDir, err := filepath.Rel(ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot, projectDirAbs)
+	if err != nil {
+		return err
+	}
+	if subDir == "." {
+		subDir = ""
+	}
+
+	g, err := git2.PlainOpen(ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot)
+	if err != nil {
+		return err
+	}
+
+	w, err := g.Worktree()
+	if err != nil {
+		return err
+	}
+
+	s, err := w.Status()
+	if err != nil {
+		return err
+	}
+
+	head, err := g.Head()
+	if err != nil {
+		return err
+	}
+
+	remotes, err := g.Remotes()
+	if err != nil {
+		return err
+	}
+
+	var originUrl *git_url.GitUrl
+	for _, r := range remotes {
+		if r.Config().Name == "origin" {
+			originUrl, err = git_url.Parse(r.Config().URLs[0])
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var normaliedUrl string
+	if originUrl != nil {
+		normaliedUrl = originUrl.NormalizedRepoKey()
+	}
+
+	r.GitInfo = &result.GitInfo{
+		Url:    originUrl,
+		Ref:    head.Name().String(),
+		SubDir: subDir,
+		Commit: head.Hash().String(),
+		Dirty:  !s.IsClean(),
+	}
+	r.Project.NormalizedGitUrl = normaliedUrl
+	r.Project.SubDir = subDir
 	return nil
 }
 
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 7990df8ee..20efd9906 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -1,6 +1,7 @@
 package result
 
 import (
+	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -38,8 +39,14 @@ const (
 	CommandInititiator_KluctlDeployment                  = "KluctlDeployment"
 )
 
+type ProjectKey struct {
+	NormalizedGitUrl string `json:"normalizedGitUrl,omitempty"`
+	SubDir           string `json:"subDir,omitempty"`
+}
+
 type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
+	Id                    string                 `json:"id"`
 	StartTime             types.JsonTime         `json:"startTime"`
 	EndTime               types.JsonTime         `json:"endTime"`
 	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
@@ -61,6 +68,14 @@ type CommandInfo struct {
 	ExcludeDeploymentDirs []string               `json:"excludeDeploymentDirs,omitempty"`
 }
 
+type GitInfo struct {
+	Url    *git_url.GitUrl `json:"url"`
+	Ref    string          `json:"ref"`
+	SubDir string          `json:"subDir"`
+	Commit string          `json:"commit"`
+	Dirty  bool            `json:"dirty"`
+}
+
 type BaseObject struct {
 	Ref     k8s.ObjectRef `json:"ref"`
 	Changes []Change      `json:"changes,omitempty"`
@@ -80,7 +95,9 @@ type ResultObject struct {
 }
 
 type CommandResult struct {
-	Command    *CommandInfo                   `json:"command,omitempty"`
+	Project    ProjectKey                     `json:"project"`
+	Command    CommandInfo                    `json:"command,omitempty"`
+	GitInfo    *GitInfo                       `json:"gitInfo,omitempty"`
 	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
 	Objects          []ResultObject   `json:"objects,omitempty"`
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index d8d8adfb7..39e1e3765 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -1,8 +1,9 @@
 package result
 
 type CommandResultSummary struct {
-	Id      string       `json:"id"`
-	Command *CommandInfo `json:"commandInfo"`
+	Project ProjectKey  `json:"project"`
+	Command CommandInfo `json:"commandInfo"`
+	GitInfo *GitInfo    `json:"gitInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`
@@ -18,3 +19,13 @@ type CommandResultSummary struct {
 
 	TotalChanges int `json:"totalChanges"`
 }
+
+type ProjectSummary struct {
+	Project ProjectKey `json:"project"`
+
+	LastValidateResult *ValidateResult `json:"lastValidateResult,omitempty"`
+
+	LastDeployCommand *CommandResultSummary `json:"lastDeployCommand,omitempty"`
+	LastDeleteCommand *CommandResultSummary `json:"LastDeleteCommand,omitempty"`
+	LastPruneCommand  *CommandResultSummary `json:"lastPruneCommand,omitempty"`
+}

From bebc2c6e92f350a05196c904af74038b8a028100 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Apr 2023 23:21:08 +0200
Subject: [PATCH 0922/2268] refactor: Clearly separate between CommandResult
 and CompactedCommandResult

---
 cmd/kluctl/commands/command_result.go |  6 +-----
 pkg/types/result/command_result.go    | 24 ++++++++++++++++++++++--
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index c77356586..c9710d7a5 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -122,11 +122,7 @@ func prettyChanges(buf io.StringWriter, ref k8s.ObjectRef, changes []result.Chan
 }
 
 func formatCommandResultYaml(cr *result.CommandResult) (string, error) {
-	compactedCr := *cr
-	compactedCr.CompactedObjects = compactedCr.Objects
-	compactedCr.Objects = nil
-
-	b, err := yaml.WriteYamlString(compactedCr)
+	b, err := yaml.WriteYamlString(cr.ToCompacted())
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 20efd9906..0d3d319e0 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -100,14 +100,34 @@ type CommandResult struct {
 	GitInfo    *GitInfo                       `json:"gitInfo,omitempty"`
 	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
-	Objects          []ResultObject   `json:"objects,omitempty"`
-	CompactedObjects CompactedObjects `json:"compactedObjects,omitempty"`
+	Objects []ResultObject `json:"objects,omitempty"`
 
 	Errors     []DeploymentError  `json:"errors,omitempty"`
 	Warnings   []DeploymentError  `json:"warnings,omitempty"`
 	SeenImages []types.FixedImage `json:"seenImages,omitempty"`
 }
 
+func (cr *CommandResult) ToCompacted() *CompactedCommandResult {
+	ret := &CompactedCommandResult{
+		CommandResult: *cr,
+	}
+	ret.CompactedObjects = ret.Objects
+	ret.Objects = nil
+	return ret
+}
+
+type CompactedCommandResult struct {
+	CommandResult
+
+	CompactedObjects CompactedObjects `json:"compactedObjects,omitempty"`
+}
+
+func (ccr *CompactedCommandResult) ToNonCompacted() *CommandResult {
+	ret := ccr.CommandResult
+	ret.Objects = ccr.CompactedObjects
+	return &ret
+}
+
 type ValidateResultEntry struct {
 	Ref        k8s.ObjectRef `json:"ref"`
 	Annotation string        `json:"annotation"`

From eb19472960a788d0756b940f605d7e1ee1976be0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Apr 2023 23:56:21 +0200
Subject: [PATCH 0923/2268] feat: Store id directly in result

---
 cmd/kluctl/commands/utils.go           | 2 --
 pkg/deployment/commands/delete.go      | 2 ++
 pkg/deployment/commands/deploy.go      | 3 +++
 pkg/deployment/commands/diff.go        | 2 ++
 pkg/deployment/commands/poke_images.go | 2 ++
 pkg/deployment/commands/prune.go       | 2 ++
 pkg/deployment/commands/validate.go    | 7 +++++--
 pkg/types/result/command_result.go     | 3 ++-
 pkg/types/result/summary.go            | 1 +
 9 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index bb2d01751..c9fdcdc1b 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	git2 "github.com/go-git/go-git/v5"
-	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
@@ -214,7 +213,6 @@ func addCommandInfo(r *result.CommandResult, startTime time.Time, command string
 	imageFlags *args.ImageFlags, inclusionFlags *args.InclusionFlags,
 	dryRunFlags *args.DryRunFlags, forceApplyFlags *args.ForceApplyFlags, replaceOnErrorFlags *args.ReplaceOnErrorFlags, abortOnErrorFlags *args.AbortOnErrorFlags, noWait bool) error {
 	r.Command = result.CommandInfo{
-		Id:        uuid.New().String(),
 		Initiator: result.CommandInititiator_CommandLine,
 		StartTime: types.FromTime(startTime),
 		EndTime:   types.FromTime(time.Now()),
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 970362d97..e87cffa50 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -55,6 +56,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 	}
 
 	return &result.CommandResult{
+		Id:       uuid.New().String(),
 		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
 		Errors:   dew.GetErrorsList(),
 		Warnings: dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 6b58c8762..417e2e27d 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -65,6 +66,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &result.CommandResult{
+			Id:         uuid.New().String(),
 			Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
 			Errors:     dew.GetErrorsList(),
 			Warnings:   dew.GetWarningsList(),
@@ -95,6 +97,7 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 		return nil, err
 	}
 	return &result.CommandResult{
+		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 66a5f5fdc..aa2f185c5 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -66,6 +67,7 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.Com
 		return nil, err
 	}
 	return &result.CommandResult{
+		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 7d8e0d704..14fdb9e0c 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -101,6 +102,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 	}
 
 	return &result.CommandResult{
+		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index c60bc6bb4..e989b120c 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -53,6 +54,7 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb f
 	}
 
 	return &result.CommandResult{
+		Id:       uuid.New().String(),
 		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
 		Warnings: dew.GetWarningsList(),
 	}, nil
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 08cd62004..938e9d4f2 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -29,8 +30,10 @@ func NewValidateCommand(ctx context.Context, discriminator string, c *deployment
 }
 
 func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.ValidateResult, error) {
-	var r result.ValidateResult
-	r.Ready = true
+	r := result.ValidateResult{
+		Id:    uuid.New().String(),
+		Ready: true,
+	}
 
 	cmd.dew.Init()
 
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 0d3d319e0..3ae943626 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -46,7 +46,6 @@ type ProjectKey struct {
 
 type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
-	Id                    string                 `json:"id"`
 	StartTime             types.JsonTime         `json:"startTime"`
 	EndTime               types.JsonTime         `json:"endTime"`
 	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
@@ -95,6 +94,7 @@ type ResultObject struct {
 }
 
 type CommandResult struct {
+	Id         string                         `json:"id"`
 	Project    ProjectKey                     `json:"project"`
 	Command    CommandInfo                    `json:"command,omitempty"`
 	GitInfo    *GitInfo                       `json:"gitInfo,omitempty"`
@@ -135,6 +135,7 @@ type ValidateResultEntry struct {
 }
 
 type ValidateResult struct {
+	Id       string                `json:"id"`
 	Ready    bool                  `json:"ready"`
 	Warnings []DeploymentError     `json:"warnings,omitempty"`
 	Errors   []DeploymentError     `json:"errors,omitempty"`
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 39e1e3765..01e4a1b65 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -1,6 +1,7 @@
 package result
 
 type CommandResultSummary struct {
+	Id      string      `json:"id"`
 	Project ProjectKey  `json:"project"`
 	Command CommandInfo `json:"commandInfo"`
 	GitInfo *GitInfo    `json:"gitInfo,omitempty"`

From bbf51bfbc5494a9816434c640987128816f824fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 8 Apr 2023 00:06:40 +0200
Subject: [PATCH 0924/2268] feat: Introduce BuildSummary function

---
 pkg/types/result/summary.go | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 01e4a1b65..1fad0f1cb 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -30,3 +30,36 @@ type ProjectSummary struct {
 	LastDeleteCommand *CommandResultSummary `json:"LastDeleteCommand,omitempty"`
 	LastPruneCommand  *CommandResultSummary `json:"lastPruneCommand,omitempty"`
 }
+
+func (cr *CommandResult) BuildSummary() *CommandResultSummary {
+	count := func(f func(o ResultObject) bool) int {
+		cnt := 0
+		for _, o := range cr.Objects {
+			if f(o) {
+				cnt++
+			}
+		}
+		return cnt
+	}
+
+	ret := &CommandResultSummary{
+		Id:                 cr.Id,
+		Project:            cr.Project,
+		Command:            cr.Command,
+		GitInfo:            cr.GitInfo,
+		RenderedObjects:    count(func(o ResultObject) bool { return o.Rendered != nil }),
+		RemoteObjects:      count(func(o ResultObject) bool { return o.Remote != nil }),
+		AppliedObjects:     count(func(o ResultObject) bool { return o.Applied != nil }),
+		AppliedHookObjects: count(func(o ResultObject) bool { return o.Hook }),
+		NewObjects:         count(func(o ResultObject) bool { return o.New }),
+		ChangedObjects:     count(func(o ResultObject) bool { return len(o.Changes) != 0 }),
+		OrphanObjects:      count(func(o ResultObject) bool { return o.Orphan }),
+		DeletedObjects:     count(func(o ResultObject) bool { return o.Deleted }),
+		Errors:             len(cr.Errors),
+		Warnings:           len(cr.Warnings),
+	}
+	for _, o := range cr.Objects {
+		ret.TotalChanges += len(o.Changes)
+	}
+	return ret
+}

From 4f058a5a5bf291a691dcf50f8e9207ade07826cb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 8 Apr 2023 23:47:44 +0200
Subject: [PATCH 0925/2268] feat: Implement result store

---
 pkg/k8s/client.go                   |  11 +-
 pkg/k8s/client_factory.go           |   8 +
 pkg/k8s/fake_client_factory.go      |  17 +-
 pkg/k8s/k8s_cluster.go              |  36 ++++
 pkg/results/result-store-secrets.go | 290 ++++++++++++++++++++++++++++
 pkg/results/result-store.go         |  27 +++
 pkg/types/result/command_result.go  |  12 ++
 pkg/types/result/compact.go         |  25 +++
 pkg/utils/go_helper.go              |   9 +
 pkg/utils/gzip.go                   |  39 ++++
 10 files changed, 468 insertions(+), 6 deletions(-)
 create mode 100644 pkg/results/result-store-secrets.go
 create mode 100644 pkg/results/result-store.go
 create mode 100644 pkg/utils/gzip.go

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 829240fc5..2d8069549 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -6,6 +6,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
 )
 
 type k8sClients struct {
@@ -16,8 +17,9 @@ type k8sClients struct {
 }
 
 type parallelClientEntry struct {
-	corev1        corev1.CoreV1Interface
-	dynamicClient dynamic.Interface
+	corev1         corev1.CoreV1Interface
+	dynamicClient  dynamic.Interface
+	metadataClient metadata.Interface
 
 	warnings []ApiWarning
 }
@@ -59,6 +61,11 @@ func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int)
 			return nil, err
 		}
 
+		p.metadataClient, err = clientFactory.MetadataClient(p)
+		if err != nil {
+			return nil, err
+		}
+
 		k.clientPool <- p
 	}
 	return k, nil
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index f5e1f4b7a..2edff9b44 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -7,6 +7,7 @@ import (
 	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"net/http"
@@ -24,6 +25,7 @@ type ClientFactory interface {
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
 	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
 	DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error)
+	MetadataClient(wh rest.WarningHandler) (metadata.Interface, error)
 }
 
 type realClientFactory struct {
@@ -65,6 +67,12 @@ func (r *realClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Inter
 	return dynamic.NewForConfigAndClient(config, r.httpClient)
 }
 
+func (r *realClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
+	config := rest.CopyConfig(r.config)
+	config.WarningHandler = wh
+	return metadata.NewForConfigAndClient(config, r.httpClient)
+}
+
 func (r *realClientFactory) CloseIdleConnections() {
 	r.httpClient.CloseIdleConnections()
 }
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 6ee62d1e4..2de043f74 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -12,6 +12,8 @@ import (
 	fake_dynamic "k8s.io/client-go/dynamic/fake"
 	"k8s.io/client-go/kubernetes/fake"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/metadata"
+	fake_metadata "k8s.io/client-go/metadata/fake"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/testing"
 	"sigs.k8s.io/kustomize/kyaml/openapi"
@@ -20,8 +22,9 @@ import (
 )
 
 type fakeClientFactory struct {
-	clientSet     *fake.Clientset
-	dynamicClient *fake_dynamic.FakeDynamicClient
+	clientSet      *fake.Clientset
+	dynamicClient  *fake_dynamic.FakeDynamicClient
+	metadataClient *fake_metadata.FakeMetadataClient
 }
 
 func (f *fakeClientFactory) RESTConfig() *rest.Config {
@@ -47,6 +50,10 @@ func (f *fakeClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Inter
 	return f.dynamicClient, nil
 }
 
+func (f *fakeClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
+	return f.metadataClient, nil
+}
+
 func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
 	scheme := runtime.NewScheme()
 	_ = v1.AddToScheme(scheme)
@@ -56,10 +63,12 @@ func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
 	clientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
 
 	dynamicClient := fake_dynamic.NewSimpleDynamicClient(scheme, objects...)
+	metadataClient := fake_metadata.NewSimpleMetadataClient(scheme, objects...)
 
 	return &fakeClientFactory{
-		clientSet:     clientSet,
-		dynamicClient: dynamicClient,
+		clientSet:      clientSet,
+		dynamicClient:  dynamicClient,
+		metadataClient: metadataClient,
 	}
 }
 
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index e76955bb1..eb7e931f5 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"k8s.io/client-go/metadata"
 	"net/http"
 	"strings"
 	"sync"
@@ -134,6 +135,41 @@ func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string,
 	return result, apiWarnings, err
 }
 
+func (k *K8sCluster) ListMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
+	var result []*uo.UnstructuredObject
+
+	gvr, err := k.Resources.GetGVRForGVK(gvk)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	apiWarnings, err := k.clients.withClientFromPool(func(p *parallelClientEntry) error {
+		var r metadata.ResourceInterface
+		if namespace == "" {
+			r = p.metadataClient.Resource(*gvr)
+		} else {
+			r = p.metadataClient.Resource(*gvr).Namespace(namespace)
+		}
+		o := v1.ListOptions{
+			LabelSelector: k.buildLabelSelector(labels),
+		}
+		x, err := r.List(k.ctx, o)
+		if err != nil {
+			return err
+		}
+		for _, o := range x.Items {
+			u, err := uo.FromStruct(o)
+			if err != nil {
+				return err
+			}
+			u.SetK8sGVK(gvk)
+			result = append(result, u)
+		}
+		return nil
+	})
+	return result, apiWarnings, err
+}
+
 func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
 	var result *uo.UnstructuredObject
 	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
new file mode 100644
index 000000000..c409bf552
--- /dev/null
+++ b/pkg/results/result-store-secrets.go
@@ -0,0 +1,290 @@
+package results
+
+import (
+	"compress/gzip"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"path"
+	"regexp"
+	"sort"
+	"strings"
+)
+
+type ResultStoreSecrets struct {
+	k              *k8s.K8sCluster
+	writeNamespace string
+}
+
+func NewResultStoreSecrets(k *k8s.K8sCluster, writeNamespace string) (*ResultStoreSecrets, error) {
+	s := &ResultStoreSecrets{
+		k:              k,
+		writeNamespace: writeNamespace,
+	}
+
+	if s.writeNamespace != "" {
+		_, _, err := k.GetSingleObject(k8s2.NewObjectRef("", "v1", "Namespace", s.writeNamespace, ""))
+		if err != nil && errors.IsNotFound(err) {
+			ns := uo.FromMap(map[string]interface{}{
+				"apiVersion": "v1",
+				"kind":       "Namespace",
+				"metadata": map[string]any{
+					"name": s.writeNamespace,
+				},
+			})
+			_, _, err = k.ReadWrite().PatchObject(ns, k8s.PatchOptions{})
+			if err != nil {
+				return nil, err
+			}
+		} else if err != nil {
+			return nil, err
+		}
+	}
+
+	return s, nil
+}
+
+var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
+
+func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
+	var name string
+
+	if cr.Project.NormalizedGitUrl != "" {
+		s := path.Base(cr.Project.NormalizedGitUrl)
+		if s != "" {
+			name = s + "-"
+		}
+	}
+
+	name = strings.ReplaceAll(name, "_", "-")
+	name = invalidChars.ReplaceAllString(name, "")
+
+	nameWithId := name + cr.Id
+	if len(nameWithId) > 63 {
+		trimmedName := []byte(name[:63-len(cr.Id)])
+		trimmedName[len(trimmedName)-1] = '-'
+		nameWithId = string(trimmedName) + cr.Id
+	}
+
+	return nameWithId
+}
+
+func (s *ResultStoreSecrets) WriteCommandResult(ctx context.Context, cr *result.CommandResult) error {
+	crJson, err := yaml.WriteJsonString(cr.ToReducedObjects())
+	if err != nil {
+		return err
+	}
+	compressedCr, err := utils.CompressGzip([]byte(crJson), gzip.BestCompression)
+	if err != nil {
+		return err
+	}
+
+	objectsJson, err := yaml.WriteJsonString(result.CompactedObjects(cr.Objects))
+	if err != nil {
+		return err
+	}
+	compressedObjects, err := utils.CompressGzip([]byte(objectsJson), gzip.BestCompression)
+	if err != nil {
+		return err
+	}
+
+	summary := cr.BuildSummary()
+	summaryJson, err := yaml.WriteJsonString(summary)
+	if err != nil {
+		return err
+	}
+
+	secret := uo.FromMap(map[string]interface{}{
+		"apiVersion": "v1",
+		"kind":       "Secret",
+		"metadata": map[string]any{
+			"name":      s.buildName(cr),
+			"namespace": s.writeNamespace,
+			"labels": map[string]any{
+				"kluctl.io/result-id": cr.Id,
+			},
+			"annotations": map[string]any{
+				"kluctl.io/result-summary": summaryJson,
+			},
+		},
+		"data": map[string]any{
+			"reducedResult":    compressedCr,
+			"compactedObjects": compressedObjects,
+		},
+	})
+	if cr.Project.NormalizedGitUrl != "" {
+		secret.SetK8sAnnotation("kluctl.io/result-project-normalized-url", cr.Project.NormalizedGitUrl)
+	}
+	if cr.Project.SubDir != "" {
+		secret.SetK8sAnnotation("kluctl.io/result-project-subdir", cr.Project.SubDir)
+	}
+
+	_, _, err = s.k.ReadWrite().PatchObject(secret, k8s.PatchOptions{})
+	return err
+}
+
+func (s *ResultStoreSecrets) ListProjects(ctx context.Context, options ListProjectsOptions) ([]result.ProjectSummary, error) {
+	summaries, err := s.ListCommandResultSummaries(ctx, ListCommandResultSummariesOptions{
+		ProjectFilter: options.ProjectFilter,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	m := map[result.ProjectKey]result.ProjectSummary{}
+	for _, s := range summaries {
+		if _, ok := m[s.Project]; !ok {
+			m[s.Project] = result.ProjectSummary{Project: s.Project}
+		}
+	}
+
+	ret := make([]result.ProjectSummary, 0, len(m))
+	for _, p := range m {
+		for _, rs := range summaries {
+			switch rs.Command.Command {
+			case "deploy":
+				if p.LastDeployCommand == nil {
+					rs := rs
+					p.LastDeployCommand = &rs
+				}
+			case "delete":
+				if p.LastDeleteCommand == nil {
+					rs := rs
+					p.LastDeleteCommand = &rs
+				}
+			case "prune":
+				if p.LastPruneCommand == nil {
+					rs := rs
+					p.LastPruneCommand = &rs
+				}
+			}
+		}
+		ret = append(ret, p)
+	}
+
+	return ret, nil
+}
+
+func (s *ResultStoreSecrets) ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
+	l, _, err := s.k.ListMetadata(schema.GroupVersionKind{
+		Version: "v1",
+		Kind:    "Secret",
+	}, "", map[string]string{
+		"kluctl.io/result-id": "",
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	ret := make([]result.CommandResultSummary, 0, len(l))
+
+	for _, x := range l {
+		summaryJson := x.GetK8sAnnotation("kluctl.io/result-summary")
+		if summaryJson == nil || *summaryJson == "" {
+			continue
+		}
+
+		var summary result.CommandResultSummary
+		err = yaml.ReadYamlString(*summaryJson, &summary)
+		if err != nil {
+			continue
+		}
+
+		if options.ProjectFilter != nil {
+			if summary.Project != *options.ProjectFilter {
+				continue
+			}
+		}
+
+		ret = append(ret, summary)
+	}
+
+	sort.Slice(ret, func(i, j int) bool {
+		return ret[i].Command.StartTime >= ret[j].Command.StartTime
+	})
+
+	return ret, nil
+}
+
+func (s *ResultStoreSecrets) GetCommandResult(ctx context.Context, options GetCommandResultOptions) (*result.CommandResult, error) {
+	l, _, err := s.k.ListObjects(schema.GroupVersionKind{
+		Version: "v1",
+		Kind:    "Secret",
+	}, "", map[string]string{
+		"kluctl.io/result-id": options.Id,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(l) == 0 {
+		return nil, nil
+	}
+
+	var crJson, objectsJson []byte
+	err = utils.RunParallelE(ctx, func() error {
+		s, ok, err := l[0].GetNestedString("data", "reducedResult")
+		if err != nil {
+			return err
+		}
+		if !ok {
+			return fmt.Errorf("reducedResult field not present for %s", options.Id)
+		}
+		crJson, err = base64.StdEncoding.DecodeString(s)
+		if err != nil {
+			return err
+		}
+		crJson, err = utils.UncompressGzip(crJson)
+		if err != nil {
+			return err
+		}
+		return nil
+	}, func() error {
+		if options.Reduced {
+			return nil
+		}
+		s, ok, err := l[0].GetNestedString("data", "compactedObjects")
+		if err != nil {
+			return err
+		}
+		if !ok {
+			return fmt.Errorf("compactedObjects field not present for %s", options.Id)
+		}
+		objectsJson, err = base64.StdEncoding.DecodeString(s)
+		if err != nil {
+			return err
+		}
+
+		objectsJson, err = utils.UncompressGzip(objectsJson)
+		if err != nil {
+			return err
+		}
+		return err
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var cr result.CommandResult
+	err = yaml.ReadYamlBytes(crJson, &cr)
+	if err != nil {
+		return nil, err
+	}
+	if !options.Reduced {
+		var objects result.CompactedObjects
+		err = yaml.ReadYamlBytes(objectsJson, &objects)
+		if err != nil {
+			return nil, err
+		}
+		cr.Objects = objects
+	}
+
+	return &cr, nil
+}
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
new file mode 100644
index 000000000..6d4b633ee
--- /dev/null
+++ b/pkg/results/result-store.go
@@ -0,0 +1,27 @@
+package results
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+)
+
+type ListProjectsOptions struct {
+	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
+}
+
+type ListCommandResultSummariesOptions struct {
+	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
+}
+
+type GetCommandResultOptions struct {
+	Id      string `json:"id"`
+	Reduced bool   `json:"reduced,omitempty"`
+}
+
+type ResultStore interface {
+	WriteCommandResult(ctx context.Context, cr *result.CommandResult) error
+
+	ListProjects(ctx context.Context, options ListProjectsOptions) ([]result.ProjectSummary, error)
+	ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
+	GetCommandResult(ctx context.Context, options GetCommandResultOptions) (*result.CommandResult, error)
+}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 3ae943626..f5b673122 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -116,6 +116,18 @@ func (cr *CommandResult) ToCompacted() *CompactedCommandResult {
 	return ret
 }
 
+func (cr *CommandResult) ToReducedObjects() *CommandResult {
+	ret := *cr
+	ret.Objects = make([]ResultObject, len(ret.Objects))
+	for i, o := range cr.Objects {
+		ret.Objects[i] = o
+		ret.Objects[i].Rendered = buildReducedObject(o.Rendered)
+		ret.Objects[i].Remote = buildReducedObject(o.Remote)
+		ret.Objects[i].Applied = buildReducedObject(o.Applied)
+	}
+	return &ret
+}
+
 type CompactedCommandResult struct {
 	CommandResult
 
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
index 6ae9f8dfa..ae94847c3 100644
--- a/pkg/types/result/compact.go
+++ b/pkg/types/result/compact.go
@@ -153,3 +153,28 @@ func (l *CompactedObjects) UnmarshalJSON(b []byte) error {
 	*l = ret
 	return nil
 }
+
+func buildReducedObject(o *uo.UnstructuredObject) *uo.UnstructuredObject {
+	if o == nil {
+		return nil
+	}
+	ref := o.GetK8sRef()
+	m := map[string]any{
+		"apiVersion": ref.GroupVersion().String(),
+		"kind":       ref.Kind,
+		"metadata": map[string]any{
+			"name": ref.Name,
+		},
+	}
+	ret := uo.FromMap(m)
+	if ref.Namespace != "" {
+		ret.SetK8sNamespace(ref.Namespace)
+	}
+	if len(o.GetK8sLabels()) != 0 {
+		ret.SetK8sLabels(o.GetK8sLabels())
+	}
+	if len(o.GetK8sAnnotations()) != 0 {
+		ret.SetK8sAnnotations(o.GetK8sAnnotations())
+	}
+	return ret
+}
diff --git a/pkg/utils/go_helper.go b/pkg/utils/go_helper.go
index b37a0a4de..eb10fc9fc 100644
--- a/pkg/utils/go_helper.go
+++ b/pkg/utils/go_helper.go
@@ -66,3 +66,12 @@ func (g *goHelper) Wait() {
 func (g *goHelper) ErrorOrNil() error {
 	return g.errs.ErrorOrNil()
 }
+
+func RunParallelE(ctx context.Context, fs ...func() error) error {
+	g := NewGoHelper(ctx, 0)
+	for _, f := range fs {
+		g.RunE(f)
+	}
+	g.Wait()
+	return g.ErrorOrNil()
+}
diff --git a/pkg/utils/gzip.go b/pkg/utils/gzip.go
new file mode 100644
index 000000000..7d331f5ed
--- /dev/null
+++ b/pkg/utils/gzip.go
@@ -0,0 +1,39 @@
+package utils
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+)
+
+func CompressGzip(input []byte, level int) ([]byte, error) {
+	buf := bytes.NewBuffer(make([]byte, 0, len(input)))
+	w, err := gzip.NewWriterLevel(buf, level)
+	if err != nil {
+		return nil, err
+	}
+	_, err = w.Write(input)
+	if err != nil {
+		return nil, err
+	}
+	err = w.Close()
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func UncompressGzip(input []byte) ([]byte, error) {
+	r, err := gzip.NewReader(bytes.NewReader(input))
+	if err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(nil)
+	_, err = io.Copy(buf, r)
+	if err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}

From 4f07bd54fcae97de6bd5a3b9b11fcaf2d4a8384e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Apr 2023 21:42:25 +0200
Subject: [PATCH 0926/2268] fix: Fix empty label selectors

---
 pkg/k8s/k8s_cluster.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index eb7e931f5..be727ffd8 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -111,7 +111,11 @@ func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
 		if len(ret) != 0 {
 			ret += ","
 		}
-		ret += fmt.Sprintf("%s=%s", k, v)
+		if v == "" {
+			ret += k
+		} else {
+			ret += fmt.Sprintf("%s=%s", k, v)
+		}
 	}
 	return ret
 }

From 5335ca579ba108ded3d59389f251f38bf1a4fe49 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Apr 2023 23:04:44 +0200
Subject: [PATCH 0927/2268] feat: Automatically record results to the
 kluctl-results namespace

---
 cmd/kluctl/commands/cmd_delete.go      |  3 ++-
 cmd/kluctl/commands/cmd_deploy.go      | 13 +++++++------
 cmd/kluctl/commands/cmd_diff.go        |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  3 ++-
 cmd/kluctl/commands/cmd_prune.go       |  3 ++-
 cmd/kluctl/commands/command_result.go  | 16 +++++++++++++---
 cmd/kluctl/commands/utils.go           | 24 ++++++++++++++++++------
 7 files changed, 45 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 57f7c1a74..83ff899ad 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -43,6 +43,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		needsResultStore:     true,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -62,7 +63,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index e6e918d58..f53dd2dfb 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -46,6 +46,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		needsResultStore:     true,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -66,7 +67,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	cmd2.NoWait = cmd.NoWait
 
 	cb := func(diffResult *result.CommandResult) error {
-		return cmd.diffResultCb(cmdCtx.ctx, diffResult)
+		return cmd.diffResultCb(cmdCtx, diffResult)
 	}
 	if cmd.Yes || cmd.DryRun {
 		cb = nil
@@ -80,7 +81,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
+	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
 	if err != nil {
 		return err
 	}
@@ -90,11 +91,11 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *result.CommandResult) error {
+func (cmd *deployCmd) diffResultCb(ctx *commandCtx, diffResult *result.CommandResult) error {
 	flags := cmd.OutputFormatFlags
 	flags.OutputFormat = nil // use default output format
 
-	err := outputCommandResult(ctx, flags, diffResult)
+	err := outputCommandResult(ctx, flags, diffResult, false)
 	if err != nil {
 		return err
 	}
@@ -102,11 +103,11 @@ func (cmd *deployCmd) diffResultCb(ctx context.Context, diffResult *result.Comma
 		return nil
 	}
 	if len(diffResult.Errors) != 0 {
-		if !status.AskForConfirmation(ctx, "The diff resulted in errors, do you still want to proceed?") {
+		if !status.AskForConfirmation(ctx.ctx, "The diff resulted in errors, do you still want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	} else {
-		if !status.AskForConfirmation(ctx, "The diff succeeded, do you want to proceed?") {
+		if !status.AskForConfirmation(ctx.ctx, "The diff succeeded, do you want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 640caecee..91be42dfa 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -56,7 +56,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index fccb20bc9..c08e60966 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -38,6 +38,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		needsResultStore:     true,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -57,7 +58,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(ctx, cmd.OutputFormatFlags, result)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index cd19d2e33..cd3b57697 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -40,6 +40,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		needsResultStore:     true,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -59,7 +60,7 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx.ctx, cmd.OutputFormatFlags, result)
+	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index c9710d7a5..167745f9c 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -220,8 +220,8 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 	return nil
 }
 
-func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *result.CommandResult) error {
-	status.Flush(ctx)
+func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
+	status.Flush(ctx.ctx)
 
 	if !flags.NoObfuscate {
 		var obfuscator diff.Obfuscator
@@ -231,7 +231,17 @@ func outputCommandResult(ctx context.Context, flags args.OutputFormatFlags, cr *
 		}
 	}
 
-	return outputHelper(ctx, flags.OutputFormat, func(format string) (string, error) {
+	if writeToResultStore && ctx.resultStore != nil {
+		s := status.Start(ctx.ctx, "Writing command result")
+		defer s.Failed()
+		err := ctx.resultStore.WriteCommandResult(ctx.ctx, cr)
+		if err != nil {
+			return err
+		}
+		s.Success()
+	}
+
+	return outputHelper(ctx.ctx, flags.OutputFormat, func(format string) (string, error) {
 		return formatCommandResult(cr, format, flags.ShortOutput)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index c9fdcdc1b..adeb7d792 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	git2 "github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
@@ -134,12 +135,14 @@ type projectTargetCommandArgs struct {
 	forCompletion     bool
 	offlineKubernetes bool
 	kubernetesVersion string
+	needsResultStore  bool
 }
 
 type commandCtx struct {
-	ctx       context.Context
-	targetCtx *kluctl_project.TargetContext
-	images    *deployment.Images
+	ctx         context.Context
+	targetCtx   *kluctl_project.TargetContext
+	images      *deployment.Images
+	resultStore results.ResultStore
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
@@ -200,10 +203,19 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		}
 	}
 
+	var resultStore results.ResultStore
+	if args.needsResultStore {
+		resultStore, err = results.NewResultStoreSecrets(targetCtx.SharedContext.K, "kluctl-results")
+		if err != nil {
+			return err
+		}
+	}
+
 	cmdCtx := &commandCtx{
-		ctx:       ctx,
-		targetCtx: targetCtx,
-		images:    images,
+		ctx:         ctx,
+		targetCtx:   targetCtx,
+		images:      images,
+		resultStore: resultStore,
 	}
 
 	return cb(cmdCtx)

From 627e9f353c09bb95c7f861320258a18e1d3e7926 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Apr 2023 11:22:39 +0200
Subject: [PATCH 0928/2268] chore: Run go mod tidy

---
 go.mod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index baacdc9e8..42fbe969b 100644
--- a/go.mod
+++ b/go.mod
@@ -58,10 +58,12 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
+	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.6
 	github.com/otiai10/copy v1.11.0
+	github.com/sergi/go-diff v1.2.0
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
 	sigs.k8s.io/kustomize/api v0.13.2
@@ -149,7 +151,6 @@ require (
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
@@ -207,7 +208,6 @@ require (
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.1.0 // indirect
 	github.com/spf13/afero v1.9.3 // indirect

From b2df735d9a87a22b899790015c00cffd346243e6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Apr 2023 11:50:47 +0200
Subject: [PATCH 0929/2268] fix: Still print result in case storing to the
 result store failed

---
 cmd/kluctl/commands/command_result.go | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 167745f9c..482ff068e 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -231,19 +231,25 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 		}
 	}
 
+	var resultStoreErr error
 	if writeToResultStore && ctx.resultStore != nil {
 		s := status.Start(ctx.ctx, "Writing command result")
 		defer s.Failed()
-		err := ctx.resultStore.WriteCommandResult(ctx.ctx, cr)
-		if err != nil {
-			return err
+		resultStoreErr = ctx.resultStore.WriteCommandResult(ctx.ctx, cr)
+		if resultStoreErr != nil {
+			s.FailedWithMessage("Failed to write result to result store: %s", resultStoreErr.Error())
+		} else {
+			s.Success()
 		}
-		s.Success()
 	}
 
-	return outputHelper(ctx.ctx, flags.OutputFormat, func(format string) (string, error) {
+	err := outputHelper(ctx.ctx, flags.OutputFormat, func(format string) (string, error) {
 		return formatCommandResult(cr, format, flags.ShortOutput)
 	})
+	if err == nil && resultStoreErr != nil {
+		return resultStoreErr
+	}
+	return err
 }
 
 func outputValidateResult(ctx context.Context, output []string, vr *result.ValidateResult) error {

From ecf2220bcac4722b2249c0596d58de0df542e622 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Apr 2023 13:28:22 +0200
Subject: [PATCH 0930/2268] feat: Only write command result when
 --write-command-result is specified

---
 cmd/kluctl/args/project.go                  |  5 +++++
 cmd/kluctl/commands/cmd_delete.go           |  3 ++-
 cmd/kluctl/commands/cmd_deploy.go           |  3 ++-
 cmd/kluctl/commands/cmd_diff.go             |  4 +++-
 cmd/kluctl/commands/cmd_poke_images.go      |  3 ++-
 cmd/kluctl/commands/cmd_prune.go            |  3 ++-
 cmd/kluctl/commands/root.go                 |  1 +
 cmd/kluctl/commands/utils.go                |  6 +++---
 docs/reference/commands/common-arguments.md | 17 +++++++++++++++++
 9 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index fc896f813..272b51723 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -41,3 +41,8 @@ type TargetFlags struct {
 	TargetNameOverride string `group:"project" short:"T" help:"Overrides the target name. If -t is used at the same time, then the target will be looked up based on -t <name> and then renamed to the value of -T. If no target is specified via -t, then the no-name target is renamed to the value of -T."`
 	Context            string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
 }
+
+type CommandResultFlags struct {
+	WriteCommandResult     bool   `group:"results" help:"Enable experimental writing of command results into the cluster. Command results will be written into ConfigMaps in the kluctl-results namespace."`
+	CommandResultNamespace string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
+}
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 83ff899ad..39ab7f6a5 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -21,6 +21,7 @@ type deleteCmd struct {
 	args.DryRunFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+	args.CommandResultFlags
 
 	Discriminator string `group:"misc" help:"Override the discriminator used to find objects for deletion."`
 }
@@ -43,7 +44,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-		needsResultStore:     true,
+		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index f53dd2dfb..c3ba95bd4 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -25,6 +25,7 @@ type deployCmd struct {
 	args.HookFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+	args.CommandResultFlags
 
 	NoWait bool `group:"misc" help:"Don't wait for objects readiness'"`
 }
@@ -46,7 +47,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-		needsResultStore:     true,
+		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 91be42dfa..fd6fb7689 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -20,6 +20,7 @@ type diffCmd struct {
 	args.IgnoreFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+	args.CommandResultFlags
 }
 
 func (cmd *diffCmd) Help() string {
@@ -38,6 +39,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -56,7 +58,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index c08e60966..888ecddde 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -20,6 +20,7 @@ type pokeImagesCmd struct {
 	args.DryRunFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+	args.CommandResultFlags
 }
 
 func (cmd *pokeImagesCmd) Help() string {
@@ -38,7 +39,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-		needsResultStore:     true,
+		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index cd3b57697..567458b99 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -20,6 +20,7 @@ type pruneCmd struct {
 	args.DryRunFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+	args.CommandResultFlags
 }
 
 func (cmd *pruneCmd) Help() string {
@@ -40,7 +41,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-		needsResultStore:     true,
+		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 5a4b2589d..7ec3fb4b1 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -78,6 +78,7 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "flux", title: "Flux arguments:", description: "EXPERIMENTAL: Subcommands for interaction with flux-kluctl-controller"},
+	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
 }
 
 var origStderr = os.Stderr
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index adeb7d792..420624f47 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -130,12 +130,12 @@ type projectTargetCommandArgs struct {
 	helmCredentials      args.HelmCredentials
 	dryRunArgs           *args.DryRunFlags
 	renderOutputDirFlags args.RenderOutputDirFlags
+	commandResultFlags   *args.CommandResultFlags
 
 	forSeal           bool
 	forCompletion     bool
 	offlineKubernetes bool
 	kubernetesVersion string
-	needsResultStore  bool
 }
 
 type commandCtx struct {
@@ -204,8 +204,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	var resultStore results.ResultStore
-	if args.needsResultStore {
-		resultStore, err = results.NewResultStoreSecrets(targetCtx.SharedContext.K, "kluctl-results")
+	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
+		resultStore, err = results.NewResultStoreSecrets(targetCtx.SharedContext.K, args.commandResultFlags.CommandResultNamespace)
 		if err != nil {
 			return err
 		}
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 2f2e85433..2263c15b2 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -124,3 +124,20 @@ Inclusion/Exclusion arguments:
 
 ```
 <!-- END SECTION -->
+
+## Command Results arguments
+
+These arguments control how command results are stored.
+
+<!-- BEGIN SECTION "deploy" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+      --write-command-result              Enable experimental writing of command results into the cluster. Command
+                                          results will be written into ConfigMaps in the kluctl-results namespace.
+
+```
+<!-- END SECTION -->

From cd3d4b786efb0af2d956ea2e73b938b23e2ba3b2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Apr 2023 22:58:58 +0200
Subject: [PATCH 0931/2268] feat: Store cluster info in command result

---
 cmd/kluctl/commands/utils.go       | 23 +++++++++++++++++++++++
 pkg/types/result/command_result.go | 15 ++++++++++-----
 pkg/types/result/summary.go        | 10 ++++++----
 pkg/utils/uo/k8s_fields.go         |  9 ++++++++-
 4 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 420624f47..0b783d808 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -6,6 +6,7 @@ import (
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
 	"path/filepath"
@@ -270,6 +271,11 @@ func addCommandInfo(r *result.CommandResult, startTime time.Time, command string
 		return err
 	}
 
+	err = addClusterInfo(r, ctx)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -343,6 +349,23 @@ func addGitInfo(r *result.CommandResult, ctx *commandCtx) error {
 	return nil
 }
 
+func addClusterInfo(r *result.CommandResult, ctx *commandCtx) error {
+	kubeSystemNs, _, err := ctx.targetCtx.SharedContext.K.GetSingleObject(
+		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
+	if err != nil {
+		return err
+	}
+	// we reuse the kube-system namespace uid as global cluster id
+	clusterId := kubeSystemNs.GetK8sUid()
+	if clusterId == "" {
+		return fmt.Errorf("kube-system namespace has no uid")
+	}
+	r.ClusterInfo = &result.ClusterInfo{
+		ClusterId: clusterId,
+	}
+	return nil
+}
+
 func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index f5b673122..c7047fa63 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -75,6 +75,10 @@ type GitInfo struct {
 	Dirty  bool            `json:"dirty"`
 }
 
+type ClusterInfo struct {
+	ClusterId string `json:"clusterId"`
+}
+
 type BaseObject struct {
 	Ref     k8s.ObjectRef `json:"ref"`
 	Changes []Change      `json:"changes,omitempty"`
@@ -94,11 +98,12 @@ type ResultObject struct {
 }
 
 type CommandResult struct {
-	Id         string                         `json:"id"`
-	Project    ProjectKey                     `json:"project"`
-	Command    CommandInfo                    `json:"command,omitempty"`
-	GitInfo    *GitInfo                       `json:"gitInfo,omitempty"`
-	Deployment *types.DeploymentProjectConfig `json:"deployment,omitempty"`
+	Id          string                         `json:"id"`
+	Project     ProjectKey                     `json:"project"`
+	Command     CommandInfo                    `json:"command,omitempty"`
+	GitInfo     *GitInfo                       `json:"gitInfo,omitempty"`
+	ClusterInfo *ClusterInfo                   `json:"clusterInfo,omitempty"`
+	Deployment  *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
 	Objects []ResultObject `json:"objects,omitempty"`
 
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 1fad0f1cb..3dfa79a75 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -1,10 +1,11 @@
 package result
 
 type CommandResultSummary struct {
-	Id      string      `json:"id"`
-	Project ProjectKey  `json:"project"`
-	Command CommandInfo `json:"commandInfo"`
-	GitInfo *GitInfo    `json:"gitInfo,omitempty"`
+	Id          string       `json:"id"`
+	Project     ProjectKey   `json:"project"`
+	Command     CommandInfo  `json:"commandInfo"`
+	GitInfo     *GitInfo     `json:"gitInfo,omitempty"`
+	ClusterInfo *ClusterInfo `json:"clusterInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`
@@ -47,6 +48,7 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 		Project:            cr.Project,
 		Command:            cr.Command,
 		GitInfo:            cr.GitInfo,
+		ClusterInfo:        cr.ClusterInfo,
 		RenderedObjects:    count(func(o ResultObject) bool { return o.Rendered != nil }),
 		RemoteObjects:      count(func(o ResultObject) bool { return o.Remote != nil }),
 		AppliedObjects:     count(func(o ResultObject) bool { return o.Applied != nil }),
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index 88cc49884..c45e23f57 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -79,7 +79,6 @@ func (uo *UnstructuredObject) SetK8sNamespace(namespace string) {
 			panic(err)
 		}
 	}
-
 }
 
 func (uo *UnstructuredObject) GetK8sRef() k8s.ObjectRef {
@@ -93,6 +92,14 @@ func (uo *UnstructuredObject) GetK8sRef() k8s.ObjectRef {
 	}
 }
 
+func (uo *UnstructuredObject) GetK8sUid() string {
+	s, _, err := uo.GetNestedString("metadata", "uid")
+	if err != nil {
+		panic(err)
+	}
+	return s
+}
+
 func (uo *UnstructuredObject) GetK8sLabels() map[string]string {
 	ret, ok, err := uo.GetNestedStringMapCopy("metadata", "labels")
 	if err != nil {

From 39bfb51a0539090c67d9ffa403044c4ab11d1b8a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Apr 2023 21:46:27 +0200
Subject: [PATCH 0932/2268] refactor: Move ListProjects out of the ResultStore
 interface

---
 pkg/results/result-store-secrets.go | 42 ----------------------------
 pkg/results/result-store.go         | 43 ++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 43 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index c409bf552..bc4782a1c 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -131,48 +131,6 @@ func (s *ResultStoreSecrets) WriteCommandResult(ctx context.Context, cr *result.
 	return err
 }
 
-func (s *ResultStoreSecrets) ListProjects(ctx context.Context, options ListProjectsOptions) ([]result.ProjectSummary, error) {
-	summaries, err := s.ListCommandResultSummaries(ctx, ListCommandResultSummariesOptions{
-		ProjectFilter: options.ProjectFilter,
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	m := map[result.ProjectKey]result.ProjectSummary{}
-	for _, s := range summaries {
-		if _, ok := m[s.Project]; !ok {
-			m[s.Project] = result.ProjectSummary{Project: s.Project}
-		}
-	}
-
-	ret := make([]result.ProjectSummary, 0, len(m))
-	for _, p := range m {
-		for _, rs := range summaries {
-			switch rs.Command.Command {
-			case "deploy":
-				if p.LastDeployCommand == nil {
-					rs := rs
-					p.LastDeployCommand = &rs
-				}
-			case "delete":
-				if p.LastDeleteCommand == nil {
-					rs := rs
-					p.LastDeleteCommand = &rs
-				}
-			case "prune":
-				if p.LastPruneCommand == nil {
-					rs := rs
-					p.LastPruneCommand = &rs
-				}
-			}
-		}
-		ret = append(ret, p)
-	}
-
-	return ret, nil
-}
-
 func (s *ResultStoreSecrets) ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	l, _, err := s.k.ListMetadata(schema.GroupVersionKind{
 		Version: "v1",
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 6d4b633ee..464dc6594 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -21,7 +21,48 @@ type GetCommandResultOptions struct {
 type ResultStore interface {
 	WriteCommandResult(ctx context.Context, cr *result.CommandResult) error
 
-	ListProjects(ctx context.Context, options ListProjectsOptions) ([]result.ProjectSummary, error)
 	ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
 	GetCommandResult(ctx context.Context, options GetCommandResultOptions) (*result.CommandResult, error)
 }
+
+func ListProjects(ctx context.Context, rs ResultStore, options ListProjectsOptions) ([]result.ProjectSummary, error) {
+	summaries, err := rs.ListCommandResultSummaries(ctx, ListCommandResultSummariesOptions{
+		ProjectFilter: options.ProjectFilter,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	m := map[result.ProjectKey]result.ProjectSummary{}
+	for _, s := range summaries {
+		if _, ok := m[s.Project]; !ok {
+			m[s.Project] = result.ProjectSummary{Project: s.Project}
+		}
+	}
+
+	ret := make([]result.ProjectSummary, 0, len(m))
+	for _, p := range m {
+		for _, rs := range summaries {
+			switch rs.Command.Command {
+			case "deploy":
+				if p.LastDeployCommand == nil {
+					rs := rs
+					p.LastDeployCommand = &rs
+				}
+			case "delete":
+				if p.LastDeleteCommand == nil {
+					rs := rs
+					p.LastDeleteCommand = &rs
+				}
+			case "prune":
+				if p.LastPruneCommand == nil {
+					rs := rs
+					p.LastPruneCommand = &rs
+				}
+			}
+		}
+		ret = append(ret, p)
+	}
+
+	return ret, nil
+}

From a6f27f9b63a940fa3ab52a26b9c6c29c99556d86 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Apr 2023 09:38:10 +0200
Subject: [PATCH 0933/2268] fix: Fix error message when apply gets cancelled

---
 pkg/deployment/utils/apply_utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 750195855..d66580227 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -492,7 +492,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			a.HandleError(ref, err)
 			return false
 		case <-a.ctx.Done():
-			err := fmt.Errorf("failed waiting for readiness of %s: %w", ref.String(), err)
+			err := fmt.Errorf("context cancelled while waiting for readiness of %s", ref.String())
 			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
 			a.HandleError(ref, err)
 			return false

From a040aee28fcaccbed5ce74683bb92aae26b65dac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Apr 2023 09:38:35 +0200
Subject: [PATCH 0934/2268] fix: Clone object before obfuscating to avoid
 manipulating reused objects

---
 pkg/diff/obfuscate.go | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index e2f299019..ea16017d9 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -18,15 +18,16 @@ type Obfuscator struct {
 
 func (o *Obfuscator) ObfuscateResult(r *result.CommandResult) error {
 	for _, x := range r.Objects {
-		err := o.ObfuscateObject(x.Rendered)
+		var err error
+		x.Rendered, err = o.ObfuscateObject(x.Rendered)
 		if err != nil {
 			return err
 		}
-		err = o.ObfuscateObject(x.Remote)
+		x.Remote, err = o.ObfuscateObject(x.Remote)
 		if err != nil {
 			return err
 		}
-		err = o.ObfuscateObject(x.Applied)
+		x.Applied, err = o.ObfuscateObject(x.Applied)
 		if err != nil {
 			return err
 		}
@@ -48,18 +49,19 @@ func (o *Obfuscator) ObfuscateChanges(ref k8s.ObjectRef, changes []result.Change
 	return nil
 }
 
-func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) error {
+func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 	if x == nil {
-		return nil
+		return nil, nil
 	}
 	ref := x.GetK8sRef()
 	if ref.GroupKind() == secretGk {
-		err := o.obfuscateSecret(x)
+		var err error
+		x, err = o.obfuscateSecret(x)
 		if err != nil {
-			return err
+			return x, err
 		}
 	}
-	return nil
+	return x, nil
 }
 
 func (o *Obfuscator) obfuscateSecretChanges(ref k8s.ObjectRef, changes []result.Change) error {
@@ -108,26 +110,30 @@ func (o *Obfuscator) obfuscateSecretChanges(ref k8s.ObjectRef, changes []result.
 	return nil
 }
 
-func (o *Obfuscator) obfuscateSecret(x *uo.UnstructuredObject) error {
+func (o *Obfuscator) obfuscateSecret(x *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 	data, ok, _ := x.GetNestedField("data")
 	if ok && data != nil {
+		x = x.Clone()
+		data, _, _ = x.GetNestedField("data")
 		if m, ok := data.(map[string]any); ok {
 			for k, _ := range m {
 				m[k] = base64.StdEncoding.EncodeToString([]byte("*****"))
 			}
 		} else {
-			return fmt.Errorf("'data' is not a map of strings")
+			return x, fmt.Errorf("'data' is not a map of strings")
 		}
 	}
 	data, ok, _ = x.GetNestedField("stringData")
 	if ok && data != nil {
+		x = x.Clone()
+		data, _, _ = x.GetNestedField("stringData")
 		if m, ok := data.(map[string]any); ok {
 			for k, _ := range m {
 				m[k] = "*****"
 			}
 		} else {
-			return fmt.Errorf("'data' is not a map of strings")
+			return x, fmt.Errorf("'data' is not a map of strings")
 		}
 	}
-	return nil
+	return x, nil
 }

From a26c175f92c3d8b425243c727e9d1b1c4694ddde Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 20 Apr 2023 17:14:52 +0200
Subject: [PATCH 0935/2268] fix: Fix merging of validate results

---
 pkg/deployment/commands/validate.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 938e9d4f2..64223b2fe 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -30,7 +30,7 @@ func NewValidateCommand(ctx context.Context, discriminator string, c *deployment
 }
 
 func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.ValidateResult, error) {
-	r := result.ValidateResult{
+	ret := result.ValidateResult{
 		Id:    uuid.New().String(),
 		Ready: true,
 	}
@@ -56,23 +56,23 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 
 			remoteObject := cmd.ru.GetRemoteObject(ref)
 			if remoteObject == nil {
-				r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 				continue
 			}
 			r := validation.ValidateObject(k, remoteObject, true, false)
 			if !r.Ready {
-				r.Ready = false
+				ret.Ready = false
 			}
-			r.Errors = append(r.Errors, r.Errors...)
-			r.Warnings = append(r.Warnings, r.Warnings...)
-			r.Results = append(r.Results, r.Results...)
+			ret.Errors = append(ret.Errors, r.Errors...)
+			ret.Warnings = append(ret.Warnings, r.Warnings...)
+			ret.Results = append(ret.Results, r.Results...)
 		}
 	}
 
-	r.Warnings = append(r.Warnings, cmd.dew.GetWarningsList()...)
-	r.Errors = append(r.Errors, cmd.dew.GetErrorsList()...)
+	ret.Warnings = append(ret.Warnings, cmd.dew.GetWarningsList()...)
+	ret.Errors = append(ret.Errors, cmd.dew.GetErrorsList()...)
 
-	return &r, nil
+	return &ret, nil
 }
 
 func (cmd *ValidateCommand) ForgetRemoteObject(ref k8s2.ObjectRef) {

From b1a0d8c78f60e66812a681e932d4170fdbf747e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 24 Apr 2023 23:52:54 +0200
Subject: [PATCH 0936/2268] refactor: Allow to create DiffUtil and
 ApplyDeploymentsUtil without a deployment collection

---
 pkg/deployment/commands/deploy.go       | 16 +++----
 pkg/deployment/commands/diff.go         |  8 ++--
 pkg/deployment/commands/poke_images.go  |  6 +--
 pkg/deployment/utils/apply_utils.go     | 28 ++++++------
 pkg/deployment/utils/diff_utils.go      | 61 +++++++++++++++----------
 pkg/deployment/utils/diff_utils_test.go |  4 +-
 6 files changed, 67 insertions(+), 56 deletions(-)

diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 417e2e27d..ec814632c 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -58,11 +58,11 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	}
 
 	if diffResultCb != nil {
-		au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
-		au.ApplyDeployments()
+		au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
+		au.ApplyDeployments(cmd.c.Deployments)
 
-		du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
-		du.Diff()
+		du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
+		du.DiffDeploymentItems(cmd.c.Deployments)
 
 		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 		diffResult := &result.CommandResult{
@@ -86,11 +86,11 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	o.DryRun = k.DryRun
 	o.AbortOnError = cmd.AbortOnError
 
-	au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
-	au.ApplyDeployments()
+	au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
+	au.ApplyDeployments(cmd.c.Deployments)
 
-	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
-	du.Diff()
+	du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
+	du.DiffDeploymentItems(cmd.c.Deployments)
 
 	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 	if err != nil {
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index aa2f185c5..dd4a4ecd3 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -53,14 +53,14 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.Com
 		AbortOnError:        false,
 		ReadinessTimeout:    0,
 	}
-	au := utils.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, o)
-	au.ApplyDeployments()
+	au := utils.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
+	au.ApplyDeployments(cmd.c.Deployments)
 
-	du := utils.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
+	du := utils.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
 	du.IgnoreTags = cmd.IgnoreTags
 	du.IgnoreLabels = cmd.IgnoreLabels
 	du.IgnoreAnnotations = cmd.IgnoreAnnotations
-	du.Diff()
+	du.DiffDeploymentItems(cmd.c.Deployments)
 
 	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 	if err != nil {
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 14fdb9e0c..7144f2c2f 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -72,7 +72,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 		return o, nil
 	}
 
-	au := utils2.NewApplyDeploymentsUtil(ctx, dew, cmd.c.Deployments, ru, k, &utils2.ApplyUtilOptions{})
+	au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, &utils2.ApplyUtilOptions{})
 
 	for ref, containers := range containersAndImages {
 		ref := ref
@@ -93,8 +93,8 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 	}
 	wg.Wait()
 
-	du := utils2.NewDiffUtil(dew, cmd.c.Deployments, ru, au.GetAppliedObjectsMap())
-	du.Diff()
+	du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
+	du.DiffDeploymentItems(cmd.c.Deployments)
 
 	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
 	if err != nil {
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index d66580227..6a7847e51 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -61,11 +61,10 @@ type ApplyUtil struct {
 type ApplyDeploymentsUtil struct {
 	ctx context.Context
 
-	dew         *DeploymentErrorsAndWarnings
-	deployments []*deployment.DeploymentItem
-	ru          *RemoteObjectUtils
-	k           *k8s.K8sCluster
-	o           *ApplyUtilOptions
+	dew *DeploymentErrorsAndWarnings
+	ru  *RemoteObjectUtils
+	k   *k8s.K8sCluster
+	o   *ApplyUtilOptions
 
 	abortSignal atomic.Value
 
@@ -79,14 +78,13 @@ type ApplyDeploymentsUtil struct {
 	results      []*ApplyUtil
 }
 
-func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, k *k8s.K8sCluster, o *ApplyUtilOptions) *ApplyDeploymentsUtil {
+func NewApplyDeploymentsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings, ru *RemoteObjectUtils, k *k8s.K8sCluster, o *ApplyUtilOptions) *ApplyDeploymentsUtil {
 	ret := &ApplyDeploymentsUtil{
-		ctx:         ctx,
-		dew:         dew,
-		deployments: deployments,
-		ru:          ru,
-		k:           k,
-		o:           o,
+		ctx: ctx,
+		dew: dew,
+		ru:  ru,
+		k:   k,
+		o:   o,
 	}
 	ret.abortSignal.Store(false)
 	return ret
@@ -642,7 +640,7 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 	return nil
 }
 
-func (a *ApplyDeploymentsUtil) ApplyDeployments() {
+func (a *ApplyDeploymentsUtil) ApplyDeployments(deployments []*deployment.DeploymentItem) {
 	s := status.Start(a.ctx, "Running server-side apply for all objects")
 	defer s.Failed()
 
@@ -650,7 +648,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 	sem := semaphore.NewWeighted(8)
 
 	maxNameLen := 0
-	for _, d := range a.deployments {
+	for _, d := range deployments {
 		name := a.buildProgressName(d)
 		if name != nil {
 			if len(*name) > maxNameLen {
@@ -659,7 +657,7 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments() {
 		}
 	}
 
-	for _, d_ := range a.deployments {
+	for _, d_ := range deployments {
 		d := d_
 		if a.abortSignal.Load().(bool) {
 			break
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 55ca28566..8e0b00bc2 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -14,7 +14,6 @@ import (
 
 type DiffUtil struct {
 	dew            *DeploymentErrorsAndWarnings
-	deployments    []*deployment.DeploymentItem
 	appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
 	ru             *RemoteObjectUtils
 
@@ -27,46 +26,60 @@ type DiffUtil struct {
 	mutex             sync.Mutex
 }
 
-func NewDiffUtil(dew *DeploymentErrorsAndWarnings, deployments []*deployment.DeploymentItem, ru *RemoteObjectUtils, appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject) *DiffUtil {
-	return &DiffUtil{
+func NewDiffUtil(dew *DeploymentErrorsAndWarnings, ru *RemoteObjectUtils, appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject) *DiffUtil {
+	u := &DiffUtil{
 		dew:            dew,
-		deployments:    deployments,
 		ru:             ru,
 		appliedObjects: appliedObjects,
 	}
+	u.calcRemoteObjectsForDiff()
+	return u
 }
 
-func (u *DiffUtil) Diff() {
+func (u *DiffUtil) DiffDeploymentItems(deployments []*deployment.DeploymentItem) {
 	var wg sync.WaitGroup
 
-	u.calcRemoteObjectsForDiff()
-
-	for _, d := range u.deployments {
+	for _, d := range deployments {
 		ignoreForDiffs := d.Project.GetIgnoreForDiffs(u.IgnoreTags, u.IgnoreLabels, u.IgnoreAnnotations)
-		for _, o := range d.Objects {
-			o := o
-			ref := o.GetK8sRef()
-			ao, ok := u.appliedObjects[ref]
-			if !ok {
-				// if we can't even find it in appliedObjects, it probably ran into an error
-				continue
-			}
-			diffRef, ro := u.getRemoteObjectForDiff(o)
-
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
-				u.diffObject(o, diffRef, ao, ro, ignoreForDiffs)
-			}()
-		}
+		u.diffObjects(d.Objects, ignoreForDiffs, &wg)
 	}
 	wg.Wait()
 
+	u.sortChanges()
+}
+
+func (u *DiffUtil) DiffObjects(objects []*uo.UnstructuredObject) {
+	var wg sync.WaitGroup
+	u.diffObjects(objects, nil, &wg)
+	wg.Wait()
+	u.sortChanges()
+}
+
+func (u *DiffUtil) sortChanges() {
 	sort.Slice(u.ChangedObjects, func(i, j int) bool {
 		return u.ChangedObjects[i].Ref.String() < u.ChangedObjects[j].Ref.String()
 	})
 }
 
+func (u *DiffUtil) diffObjects(objects []*uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig, wg *sync.WaitGroup) {
+	for _, o := range objects {
+		o := o
+		ref := o.GetK8sRef()
+		ao, ok := u.appliedObjects[ref]
+		if !ok {
+			// if we can't even find it in appliedObjects, it probably ran into an error
+			continue
+		}
+		diffRef, ro := u.getRemoteObjectForDiff(o)
+
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			u.diffObject(o, diffRef, ao, ro, ignoreForDiffs)
+		}()
+	}
+}
+
 func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig) {
 	if ao != nil && ro == nil {
 		// new?
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 49bd2c7b7..430d39427 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -126,8 +126,8 @@ func TestDiff(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			test.dew = NewDeploymentErrorsAndWarnings()
 			test.ru = test.newRemoteObjects(test.dew)
-			test.du = NewDiffUtil(test.dew, test.newDeploymentItems(), test.ru, test.appliedObjectsMap())
-			test.du.Diff()
+			test.du = NewDiffUtil(test.dew, test.ru, test.appliedObjectsMap())
+			test.du.DiffDeploymentItems(test.newDeploymentItems())
 			test.a(t, test)
 		})
 	}

From 9b850a6b6d955153a93e756385310b538e7f42f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Apr 2023 00:02:43 +0200
Subject: [PATCH 0937/2268] refactor: Make ExistingXXXTypes public

---
 cmd/kluctl/args/cobra_types.go | 30 +++++++++++++++---------------
 cmd/kluctl/args/images.go      |  2 +-
 cmd/kluctl/args/project.go     |  4 ++--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/cmd/kluctl/args/cobra_types.go b/cmd/kluctl/args/cobra_types.go
index c6907ea51..ade735c6e 100644
--- a/cmd/kluctl/args/cobra_types.go
+++ b/cmd/kluctl/args/cobra_types.go
@@ -5,27 +5,27 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
-type existingPathType string
+type ExistingPathType string
 
-func (s *existingPathType) Set(val string) error {
+func (s *ExistingPathType) Set(val string) error {
 	if val != "-" {
 		val = utils.ExpandPath(val)
 	}
 	if !utils.Exists(val) {
 		return fmt.Errorf("%s does not exist", val)
 	}
-	*s = existingPathType(val)
+	*s = ExistingPathType(val)
 	return nil
 }
-func (s *existingPathType) Type() string {
+func (s *ExistingPathType) Type() string {
 	return "existingpath"
 }
 
-func (s *existingPathType) String() string { return string(*s) }
+func (s *ExistingPathType) String() string { return string(*s) }
 
-type existingFileType string
+type ExistingFileType string
 
-func (s *existingFileType) Set(val string) error {
+func (s *ExistingFileType) Set(val string) error {
 	if val != "-" {
 		val = utils.ExpandPath(val)
 	}
@@ -35,18 +35,18 @@ func (s *existingFileType) Set(val string) error {
 	if utils.IsDirectory(val) {
 		return fmt.Errorf("%s exists but is a directory", val)
 	}
-	*s = existingFileType(val)
+	*s = ExistingFileType(val)
 	return nil
 }
-func (s *existingFileType) Type() string {
+func (s *ExistingFileType) Type() string {
 	return "existingfile"
 }
 
-func (s *existingFileType) String() string { return string(*s) }
+func (s *ExistingFileType) String() string { return string(*s) }
 
-type existingDirType string
+type ExistingDirType string
 
-func (s *existingDirType) Set(val string) error {
+func (s *ExistingDirType) Set(val string) error {
 	if val != "-" {
 		val = utils.ExpandPath(val)
 	}
@@ -56,11 +56,11 @@ func (s *existingDirType) Set(val string) error {
 	if !utils.IsDirectory(val) {
 		return fmt.Errorf("%s exists but is not a directory", val)
 	}
-	*s = existingDirType(val)
+	*s = ExistingDirType(val)
 	return nil
 }
-func (s *existingDirType) Type() string {
+func (s *ExistingDirType) Type() string {
 	return "existingdir"
 }
 
-func (s *existingDirType) String() string { return string(*s) }
+func (s *ExistingDirType) String() string { return string(*s) }
diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 1c6fe4b79..6c19f0f8d 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -9,7 +9,7 @@ import (
 
 type ImageFlags struct {
 	FixedImage      []string         `group:"images" short:"F" help:"Pin an image to a given version. Expects '--fixed-image=image<:namespace:deployment:container>=result'"`
-	FixedImagesFile existingFileType `group:"images" help:"Use .yaml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
+	FixedImagesFile ExistingFileType `group:"images" help:"Use .yaml file to pin image versions. See output of list-images sub-command or read the documentation for details about the output format" exts:"yml,yaml"`
 }
 
 func (args *ImageFlags) LoadFixedImagesFromArgs() ([]types.FixedImage, error) {
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 272b51723..e3ed5ab0e 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -6,7 +6,7 @@ import (
 )
 
 type ProjectDir struct {
-	ProjectDir existingDirType `group:"project" help:"Specify the project directory. Defaults to the current working directory."`
+	ProjectDir ExistingDirType `group:"project" help:"Specify the project directory. Defaults to the current working directory."`
 }
 
 func (a ProjectDir) GetProjectDir() (string, error) {
@@ -23,7 +23,7 @@ func (a ProjectDir) GetProjectDir() (string, error) {
 type ProjectFlags struct {
 	ProjectDir
 
-	ProjectConfig existingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
+	ProjectConfig ExistingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`

From f47553fe6bf7e7f06ca29f2f525437566e1e3d8a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Apr 2023 01:25:07 +0200
Subject: [PATCH 0938/2268] feat: Implement drift detection via validate
 command

---
 cmd/kluctl/commands/cmd_validate.go   | 114 ++++++++++------
 cmd/kluctl/commands/command_result.go |  17 +++
 e2e/utils.go                          |   8 +-
 e2e/validate_test.go                  | 183 ++++++++++++++++++++++++++
 pkg/deployment/commands/validate.go   |  88 +++++++++----
 pkg/deployment/utils/diff_utils.go    |  11 +-
 pkg/types/result/command_result.go    |   6 +-
 pkg/yaml/yaml.go                      |   8 ++
 8 files changed, 369 insertions(+), 66 deletions(-)
 create mode 100644 e2e/validate_test.go

diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 532f52e28..03471c507 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -5,6 +5,9 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"time"
 )
 
@@ -17,6 +20,8 @@ type validateCmd struct {
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
+	CommandResult args.ExistingFileType `group:"misc" help:"Specify a command result to use instead of loading a project. This will also perform drift detection."`
+
 	Wait             time.Duration `group:"misc" help:"Wait for the given amount of time until the deployment validates"`
 	Sleep            time.Duration `group:"misc" help:"Sleep duration between validation attempts" default:"5s"`
 	WarningsAsErrors bool          `group:"misc" help:"Consider warnings as failures"`
@@ -37,43 +42,76 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		startTime := time.Now()
-		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
-		for true {
-			result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
-			if err != nil {
-				return err
-			}
-			failed := len(result.Errors) != 0 || (cmd.WarningsAsErrors && len(result.Warnings) != 0)
-
-			err = outputValidateResult(ctx, cmd.Output, result)
-			if err != nil {
-				return err
-			}
-
-			if !failed {
-				_, _ = getStderr(ctx).WriteString("Validation succeeded\n")
-				return nil
-			}
-
-			if cmd.Wait <= 0 || time.Now().Sub(startTime) > cmd.Wait {
-				return fmt.Errorf("Validation failed")
-			}
-
-			time.Sleep(cmd.Sleep)
-
-			// Need to force re-requesting these objects
-			for _, e := range result.Results {
-				cmd2.ForgetRemoteObject(e.Ref)
-			}
-			for _, e := range result.Warnings {
-				cmd2.ForgetRemoteObject(e.Ref)
-			}
-			for _, e := range result.Errors {
-				cmd2.ForgetRemoteObject(e.Ref)
-			}
+
+	if cmd.CommandResult.String() != "" {
+		var ccr result.CompactedCommandResult
+		err := yaml.ReadYamlFile(cmd.CommandResult.String(), &ccr)
+		if err != nil {
+			return err
+		}
+		commandResult := ccr.ToNonCompacted()
+
+		var k8sContext *string
+		if cmd.Context != "" {
+			k8sContext = &cmd.Context
+		} else if commandResult.Command.Target != nil {
+			k8sContext = commandResult.Command.Target.Context
+		}
+		clientFactory, err := k8s2.NewClientFactoryFromDefaultConfig(ctx, k8sContext)
+		if err != nil {
+			return err
+		}
+		k, err := k8s2.NewK8sCluster(ctx, clientFactory, true)
+		if err != nil {
+			return err
+		}
+
+		cmd2 := commands.NewValidateCommand(ctx, "", nil, commandResult)
+		return cmd.doValidate(ctx, k, cmd2)
+
+	} else {
+		return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+			cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection, nil)
+			return cmd.doValidate(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, cmd2)
+		})
+	}
+}
+
+func (cmd *validateCmd) doValidate(ctx context.Context, k *k8s2.K8sCluster, cmd2 *commands.ValidateCommand) error {
+	startTime := time.Now()
+	for true {
+		result, err := cmd2.Run(ctx, k)
+		if err != nil {
+			return err
 		}
-		return nil
-	})
+		failed := len(result.Errors) != 0 || (cmd.WarningsAsErrors && len(result.Warnings) != 0)
+
+		err = outputValidateResult(ctx, cmd.Output, result)
+		if err != nil {
+			return err
+		}
+
+		if !failed {
+			_, _ = getStderr(ctx).WriteString("Validation succeeded\n")
+			return nil
+		}
+
+		if cmd.Wait <= 0 || time.Now().Sub(startTime) > cmd.Wait {
+			return fmt.Errorf("Validation failed")
+		}
+
+		time.Sleep(cmd.Sleep)
+
+		// Need to force re-requesting these objects
+		for _, e := range result.Results {
+			cmd2.ForgetRemoteObject(e.Ref)
+		}
+		for _, e := range result.Warnings {
+			cmd2.ForgetRemoteObject(e.Ref)
+		}
+		for _, e := range result.Errors {
+			cmd2.ForgetRemoteObject(e.Ref)
+		}
+	}
+	return nil
 }
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 482ff068e..cedfb9319 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -174,6 +174,23 @@ func formatValidateResultText(vr *result.ValidateResult) string {
 		buf.WriteString("Results:\n")
 		prettyValidationResults(buf, vr.Results)
 	}
+
+	if len(vr.Drift) != 0 {
+		if buf.Len() != 0 {
+			buf.WriteString("\n")
+		}
+		buf.WriteString("Drift:\n")
+		for i, o := range vr.Drift {
+			if len(o.Changes) == 0 {
+				continue
+			}
+			if i != 0 {
+				buf.WriteString("\n")
+			}
+			prettyChanges(buf, o.Ref, o.Changes)
+		}
+	}
+
 	return buf.String()
 }
 
diff --git a/e2e/utils.go b/e2e/utils.go
index 270c273fa..9909bc07a 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -25,14 +25,18 @@ func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace strin
 	}
 }
 
-func assertConfigMapExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
-	x, err := k.Get(v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+func assertObjectExists(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVersionResource, namespace string, name string) *uo.UnstructuredObject {
+	x, err := k.Get(gvr, namespace, name)
 	if err != nil {
 		t.Fatalf("unexpected error '%v' while getting ConfigMap %s/%s", err, namespace, name)
 	}
 	return x
 }
 
+func assertConfigMapExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
+	return assertObjectExists(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+}
+
 func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) {
 	_, err := k.Get(v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
 	if err == nil {
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
new file mode 100644
index 000000000..9fdb6cf5c
--- /dev/null
+++ b/e2e/validate_test.go
@@ -0,0 +1,183 @@
+package e2e
+
+import (
+	"context"
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"path/filepath"
+	"testing"
+)
+
+func buildDeployment(name string, namespace string, ready bool) *uo.UnstructuredObject {
+	deployment := uo.FromStringMust(fmt.Sprintf(`
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: %s
+  namespace: %s
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+`, name, namespace))
+	if ready {
+		deployment.Merge(uo.FromStringMust(`
+status:
+  availableReplicas: 1
+  conditions:
+  - lastTransitionTime: "2023-03-29T19:23:12Z"
+    lastUpdateTime: "2023-03-29T19:23:12Z"
+    message: Deployment has minimum availability.
+    reason: MinimumReplicasAvailable
+    status: "True"
+    type: Available
+  - lastTransitionTime: "2023-03-29T19:22:30Z"
+    lastUpdateTime: "2023-03-29T19:23:12Z"
+    message: ReplicaSet "argocd-redis-8f7689686" has successfully progressed.
+    reason: NewReplicaSetAvailable
+    status: "True"
+    type: Progressing
+  observedGeneration: 1
+  readyReplicas: 1
+  replicas: 1
+`))
+	}
+	return deployment
+}
+
+func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_utils.TestProject {
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{fmt.Sprintf("configmap-%s.yml", "d1"), "", buildDeployment("d1", p.TestSlug(), false)},
+	}, nil)
+
+	return p
+}
+
+func assertValidate(t *testing.T, p *test_utils.TestProject, commandResult *string, succeed bool) (string, string) {
+	args := []string{"validate"}
+	if commandResult != nil {
+		args = append(args, "--command-result", *commandResult)
+	} else {
+		args = append(args, "-t", "test")
+	}
+	stdout, stderr, err := p.Kluctl(args...)
+
+	if succeed {
+		assert.NoError(t, err)
+		assert.NotContains(t, stdout, fmt.Sprintf("%s/Deployment/d1: readyReplicas field not in status or empty", p.TestSlug()))
+		assert.NotContains(t, stderr, "Validation failed")
+	} else {
+		assert.Error(t, err)
+		assert.Contains(t, stdout, fmt.Sprintf("%s/Deployment/d1: readyReplicas field not in status or empty", p.TestSlug()))
+		assert.Contains(t, stderr, "Validation failed")
+	}
+
+	return stdout, stderr
+}
+
+func TestValidate(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	assertValidate(t, p, nil, false)
+
+	readyDeployment := buildDeployment("d1", p.TestSlug(), true)
+
+	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
+		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(readyDeployment)), metav1.PatchOptions{
+			FieldManager: "test",
+		}, "status")
+	assert.NoError(t, err)
+
+	assertValidate(t, p, nil, true)
+}
+
+func TestValidateCommandResult(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k)
+
+	resultPath := filepath.Join(t.TempDir(), "result.yaml")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-oyaml="+resultPath)
+	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	assertValidate(t, p, &resultPath, false)
+
+	readyDeployment := buildDeployment("d1", p.TestSlug(), true)
+
+	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
+		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(readyDeployment)), metav1.PatchOptions{
+			FieldManager: "test",
+		}, "status")
+	assert.NoError(t, err)
+
+	assertValidate(t, p, &resultPath, true)
+}
+
+func TestValidateDrift(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k)
+
+	resultPath := filepath.Join(t.TempDir(), "result.yaml")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-oyaml="+resultPath)
+	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	stdout, _ := assertValidate(t, p, &resultPath, false)
+	assert.NotContains(t, stdout, "Drift:")
+
+	changedDeployment := buildDeployment("d1", p.TestSlug(), false)
+	changedDeployment.Merge(uo.FromStringMust(`
+spec:
+  replicas: 2
+`))
+
+	b := true
+	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
+		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(changedDeployment)), metav1.PatchOptions{
+			FieldManager: "test",
+			Force:        &b,
+		})
+	assert.NoError(t, err)
+
+	stdout, _ = assertValidate(t, p, &resultPath, false)
+	assert.Contains(t, stdout, "Drift:")
+	assert.Contains(t, stdout, "spec.replicas")
+}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 64223b2fe..e3000a09d 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -2,26 +2,30 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 )
 
 type ValidateCommand struct {
 	c             *deployment.DeploymentCollection
+	r             *result.CommandResult
 	discriminator string
 
 	dew *utils2.DeploymentErrorsAndWarnings
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(ctx context.Context, discriminator string, c *deployment.DeploymentCollection) *ValidateCommand {
+func NewValidateCommand(ctx context.Context, discriminator string, c *deployment.DeploymentCollection, r *result.CommandResult) *ValidateCommand {
 	cmd := &ValidateCommand{
 		c:             c,
+		r:             r,
 		discriminator: discriminator,
 		dew:           utils2.NewDeploymentErrorsAndWarnings(),
 	}
@@ -37,41 +41,81 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 
 	cmd.dew.Init()
 
-	err := cmd.ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), true)
+	var refs []k8s2.ObjectRef
+	var renderedObjects []*uo.UnstructuredObject
+	appliedObjects := map[k8s2.ObjectRef]*uo.UnstructuredObject{}
+	var discriminator string
+
+	if cmd.c != nil && cmd.r != nil {
+		return nil, fmt.Errorf("passing both deployment collection and command result is not allowed")
+	} else if cmd.c != nil {
+		for _, d := range cmd.c.Deployments {
+			for _, o := range d.Objects {
+				ref := o.GetK8sRef()
+				refs = append(refs, ref)
+				renderedObjects = append(renderedObjects, o)
+			}
+		}
+	} else if cmd.r != nil {
+		for _, o := range cmd.r.Objects {
+			refs = append(refs, o.Ref)
+			if o.Rendered != nil {
+				renderedObjects = append(renderedObjects, o.Rendered)
+			}
+			if o.Applied != nil {
+				appliedObjects[o.Ref] = o.Applied
+			}
+		}
+		discriminator = cmd.r.Target.Discriminator
+	} else {
+		return nil, fmt.Errorf("either deployment collection or command result must be passed")
+	}
+
+	if discriminator == "" {
+		discriminator = cmd.discriminator
+	}
+
+	err := cmd.ru.UpdateRemoteObjects(k, &cmd.discriminator, refs, true)
 	if err != nil {
 		return nil, err
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.c.Deployments, cmd.ru, k, &utils2.ApplyUtilOptions{})
-	for _, d := range cmd.c.Deployments {
+	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, k, &utils2.ApplyUtilOptions{})
+	for _, o := range renderedObjects {
 		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
-		for _, o := range d.Objects {
-			hook := h.GetHook(o)
-			if hook != nil && !hook.IsPersistent() {
-				continue
-			}
+		hook := h.GetHook(o)
+		if hook != nil && !hook.IsPersistent() {
+			continue
+		}
 
-			ref := o.GetK8sRef()
+		ref := o.GetK8sRef()
 
-			remoteObject := cmd.ru.GetRemoteObject(ref)
-			if remoteObject == nil {
-				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
-				continue
-			}
-			r := validation.ValidateObject(k, remoteObject, true, false)
-			if !r.Ready {
-				ret.Ready = false
-			}
-			ret.Errors = append(ret.Errors, r.Errors...)
-			ret.Warnings = append(ret.Warnings, r.Warnings...)
-			ret.Results = append(ret.Results, r.Results...)
+		remoteObject := cmd.ru.GetRemoteObject(ref)
+		if remoteObject == nil {
+			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
+			continue
 		}
+		r := validation.ValidateObject(k, remoteObject, true, false)
+		if !r.Ready {
+			ret.Ready = false
+		}
+		ret.Errors = append(ret.Errors, r.Errors...)
+		ret.Warnings = append(ret.Warnings, r.Warnings...)
+		ret.Results = append(ret.Results, r.Results...)
 	}
 
+	du := utils2.NewDiffUtil(cmd.dew, cmd.ru, appliedObjects)
+	du.Swapped = true
+	du.DiffObjects(renderedObjects)
+
 	ret.Warnings = append(ret.Warnings, cmd.dew.GetWarningsList()...)
 	ret.Errors = append(ret.Errors, cmd.dew.GetErrorsList()...)
 
+	if len(du.ChangedObjects) != 0 {
+		ret.Drift = du.ChangedObjects
+	}
+
 	return &ret, nil
 }
 
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 8e0b00bc2..57c37b981 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -20,9 +20,10 @@ type DiffUtil struct {
 	IgnoreTags        bool
 	IgnoreLabels      bool
 	IgnoreAnnotations bool
+	Swapped           bool
 
 	remoteDiffObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
-	ChangedObjects    []*result.ChangedObject
+	ChangedObjects    []result.ChangedObject
 	mutex             sync.Mutex
 }
 
@@ -75,7 +76,11 @@ func (u *DiffUtil) diffObjects(objects []*uo.UnstructuredObject, ignoreForDiffs
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			u.diffObject(o, diffRef, ao, ro, ignoreForDiffs)
+			if u.Swapped {
+				u.diffObject(o, diffRef, ro, ao, ignoreForDiffs)
+			} else {
+				u.diffObject(o, diffRef, ao, ro, ignoreForDiffs)
+			}
 		}()
 	}
 }
@@ -112,7 +117,7 @@ func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 
 		u.mutex.Lock()
 		defer u.mutex.Unlock()
-		u.ChangedObjects = append(u.ChangedObjects, &result.ChangedObject{
+		u.ChangedObjects = append(u.ChangedObjects, result.ChangedObject{
 			Ref:     diffRef,
 			Changes: changes,
 		})
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index c7047fa63..59dbddf81 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -141,7 +141,9 @@ type CompactedCommandResult struct {
 
 func (ccr *CompactedCommandResult) ToNonCompacted() *CommandResult {
 	ret := ccr.CommandResult
-	ret.Objects = ccr.CompactedObjects
+	if ccr.CompactedObjects != nil {
+		ret.Objects = ccr.CompactedObjects
+	}
 	return &ret
 }
 
@@ -157,4 +159,6 @@ type ValidateResult struct {
 	Warnings []DeploymentError     `json:"warnings,omitempty"`
 	Errors   []DeploymentError     `json:"errors,omitempty"`
 	Results  []ValidateResultEntry `json:"results,omitempty"`
+
+	Drift []ChangedObject `json:"drift,omitempty"`
 }
diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index b28c789eb..029c968bb 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -193,6 +193,14 @@ func WriteJsonString(o interface{}) (string, error) {
 	return string(b), nil
 }
 
+func WriteJsonStringMust(o interface{}) string {
+	b, err := json.Marshal(o)
+	if err != nil {
+		panic(err)
+	}
+	return string(b)
+}
+
 // RemoveDuplicateFields is a helper/hack to remove duplicate fields from yaml maps/structs. The yaml spec explicitly
 // forbids duplicate keys, but yaml.v2 ignored those by default, leading to some tools (e.g. Helm) ignoring these
 func RemoveDuplicateFields(r io.Reader) ([]byte, error) {

From bc4b8df7398b6b5e165ff5d09b3972ec830bb8e6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Apr 2023 01:25:37 +0200
Subject: [PATCH 0939/2268] fix: Normalize float64 values to be interpreted as
 ints if possible

---
 pkg/diff/normalize.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index f32f7a2d7..08555cef5 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -117,6 +117,18 @@ func normalizeMisc(o *uo.UnstructuredObject) {
 	_ = o.RemoveNestedField("status")
 }
 
+func normalizeFloats(o *uo.UnstructuredObject) {
+	_ = o.NewIterator().IterateLeafs(func(it *uo.ObjectIterator) error {
+		if f, ok := it.Value().(float64); ok {
+			i := int64(f)
+			if f == float64(i) {
+				_ = it.SetValue(i)
+			}
+		}
+		return nil
+	})
+}
+
 var ignoreDiffFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-field(-\d*)?$`)
 var ignoreDiffFieldRegexAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-field-regex(-\d*)?$`)
 
@@ -127,6 +139,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 	ns := o_.GetK8sNamespace()
 
 	o := o_.Clone()
+	normalizeFloats(o)
 	normalizeMetadata(o)
 	normalizeMisc(o)
 

From edcee7cb22c97a7fbf6d0db6260960b068fcace0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 25 Apr 2023 13:48:07 +0200
Subject: [PATCH 0940/2268] fix: Make target name optional via json tags and
 verify it later

This allows to represent no-target deployments in command results.
---
 pkg/kluctl_project/targets.go | 7 ++++++-
 pkg/types/kluctl_project.go   | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index a9a8b714d..9ef106813 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -14,7 +14,12 @@ func (c *LoadedKluctlProject) loadTargets() error {
 	targetNames := make(map[string]bool)
 	c.Targets = nil
 
-	for _, configTarget := range c.Config.Targets {
+	for i, configTarget := range c.Config.Targets {
+		if configTarget.Name == "" {
+			status.Error(c.ctx, "Target at index %d has no name", i)
+			continue
+		}
+
 		target, err := c.buildTarget(configTarget)
 		if err != nil {
 			status.Warning(c.ctx, "Failed to load target config for project: %v", err)
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 063a41398..cde09e90c 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -11,7 +11,7 @@ type SealingConfig struct {
 }
 
 type Target struct {
-	Name          string                 `json:"name" validate:"required"`
+	Name          string                 `json:"name,omitempty"`
 	Context       *string                `json:"context,omitempty"`
 	Args          *uo.UnstructuredObject `json:"args,omitempty"`
 	SealingConfig *SealingConfig         `json:"sealingConfig,omitempty"`

From 7a6b68e2c96b785facd2b50ef9b666b0cd1def03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Apr 2023 08:41:44 +0200
Subject: [PATCH 0941/2268] feat: Implement TargetSummary and use it inside
 ProjectSummary

---
 cmd/kluctl/commands/utils.go       | 14 ++++++-
 pkg/types/result/command_result.go | 30 +++++++++++++++
 pkg/types/result/summary.go        | 60 +++++++++++++++++++++++++++---
 3 files changed, 98 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0b783d808..23375c1e8 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -206,7 +206,11 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	var resultStore results.ResultStore
 	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
-		resultStore, err = results.NewResultStoreSecrets(targetCtx.SharedContext.K, args.commandResultFlags.CommandResultNamespace)
+		rc, err := targetCtx.SharedContext.K.ToRESTConfig()
+		if err != nil {
+			return err
+		}
+		resultStore, err = results.NewResultStoreSecrets(ctx, rc, args.commandResultFlags.CommandResultNamespace)
 		if err != nil {
 			return err
 		}
@@ -276,6 +280,14 @@ func addCommandInfo(r *result.CommandResult, startTime time.Time, command string
 		return err
 	}
 
+	if ctx.targetCtx.Target != nil {
+		r.Target.TargetName = ctx.targetCtx.Target.Name
+		r.Target.Discriminator = ctx.targetCtx.Target.Discriminator
+	}
+	if r.ClusterInfo != nil {
+		r.Target.ClusterId = r.ClusterInfo.ClusterId
+	}
+
 	return nil
 }
 
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 59dbddf81..b84b552f4 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -44,6 +44,35 @@ type ProjectKey struct {
 	SubDir           string `json:"subDir,omitempty"`
 }
 
+func (k ProjectKey) Less(o ProjectKey) bool {
+	if k.NormalizedGitUrl != o.NormalizedGitUrl {
+		return k.NormalizedGitUrl < o.NormalizedGitUrl
+	}
+	if k.SubDir != o.SubDir {
+		return k.SubDir < o.SubDir
+	}
+	return false
+}
+
+type TargetKey struct {
+	TargetName    string `json:"targetName,omitempty"`
+	ClusterId     string `json:"clusterId"`
+	Discriminator string `json:"discriminator,omitempty"`
+}
+
+func (k TargetKey) Less(o TargetKey) bool {
+	if k.TargetName != o.TargetName {
+		return k.TargetName < o.TargetName
+	}
+	if k.ClusterId != o.ClusterId {
+		return k.ClusterId < o.ClusterId
+	}
+	if k.Discriminator != o.Discriminator {
+		return k.Discriminator < o.Discriminator
+	}
+	return false
+}
+
 type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
 	StartTime             types.JsonTime         `json:"startTime"`
@@ -100,6 +129,7 @@ type ResultObject struct {
 type CommandResult struct {
 	Id          string                         `json:"id"`
 	Project     ProjectKey                     `json:"project"`
+	Target      TargetKey                      `json:"target"`
 	Command     CommandInfo                    `json:"command,omitempty"`
 	GitInfo     *GitInfo                       `json:"gitInfo,omitempty"`
 	ClusterInfo *ClusterInfo                   `json:"clusterInfo,omitempty"`
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 3dfa79a75..fbc4c25b2 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -1,8 +1,13 @@
 package result
 
+import (
+	"sort"
+)
+
 type CommandResultSummary struct {
 	Id          string       `json:"id"`
 	Project     ProjectKey   `json:"project"`
+	Target      TargetKey    `json:"target"`
 	Command     CommandInfo  `json:"commandInfo"`
 	GitInfo     *GitInfo     `json:"gitInfo,omitempty"`
 	ClusterInfo *ClusterInfo `json:"clusterInfo,omitempty"`
@@ -22,14 +27,17 @@ type CommandResultSummary struct {
 	TotalChanges int `json:"totalChanges"`
 }
 
+type TargetSummary struct {
+	Target TargetKey `json:"target"`
+
+	LastValidateResult *ValidateResult        `json:"lastValidateResult,omitempty"`
+	CommandResults     []CommandResultSummary `json:"commandResults,omitempty"`
+}
+
 type ProjectSummary struct {
 	Project ProjectKey `json:"project"`
 
-	LastValidateResult *ValidateResult `json:"lastValidateResult,omitempty"`
-
-	LastDeployCommand *CommandResultSummary `json:"lastDeployCommand,omitempty"`
-	LastDeleteCommand *CommandResultSummary `json:"LastDeleteCommand,omitempty"`
-	LastPruneCommand  *CommandResultSummary `json:"lastPruneCommand,omitempty"`
+	Targets []*TargetSummary `json:"targets"`
 }
 
 func (cr *CommandResult) BuildSummary() *CommandResultSummary {
@@ -46,6 +54,7 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 	ret := &CommandResultSummary{
 		Id:                 cr.Id,
 		Project:            cr.Project,
+		Target:             cr.Target,
 		Command:            cr.Command,
 		GitInfo:            cr.GitInfo,
 		ClusterInfo:        cr.ClusterInfo,
@@ -65,3 +74,44 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 	}
 	return ret
 }
+
+func BuildProjectSummaries(summaries []CommandResultSummary) []*ProjectSummary {
+	m := map[ProjectKey]*ProjectSummary{}
+	for _, rs := range summaries {
+		p, ok := m[rs.Project]
+		if !ok {
+			p = &ProjectSummary{Project: rs.Project}
+			m[rs.Project] = p
+		}
+
+		var target *TargetSummary
+		for i, t := range p.Targets {
+			if t.Target == rs.Target {
+				target = p.Targets[i]
+				break
+			}
+		}
+		if target == nil {
+			target = &TargetSummary{
+				Target: rs.Target,
+			}
+			p.Targets = append(p.Targets, target)
+		}
+
+		target.CommandResults = append(target.CommandResults, rs)
+	}
+
+	ret := make([]*ProjectSummary, 0, len(m))
+	for _, p := range m {
+		sort.Slice(p.Targets, func(i, j int) bool {
+			return p.Targets[i].Target.Less(p.Targets[j].Target)
+		})
+		ret = append(ret, p)
+	}
+
+	sort.Slice(ret, func(i, j int) bool {
+		return ret[i].Project.Less(ret[j].Project)
+	})
+
+	return ret
+}

From e2de36f7b0591e2ae89e8fce9d7d5e77bd4e1797 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 2 May 2023 21:40:18 +0200
Subject: [PATCH 0942/2268] feat: Implement ResultCollector

---
 cmd/kluctl/commands/command_result.go |   2 +-
 pkg/results/result-store-secrets.go   | 346 +++++++++++++++++++-------
 pkg/results/result-store.go           |  59 ++---
 pkg/results/results-collector.go      | 174 +++++++++++++
 4 files changed, 454 insertions(+), 127 deletions(-)
 create mode 100644 pkg/results/results-collector.go

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index cedfb9319..25e4a9e5e 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -252,7 +252,7 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 	if writeToResultStore && ctx.resultStore != nil {
 		s := status.Start(ctx.ctx, "Writing command result")
 		defer s.Failed()
-		resultStoreErr = ctx.resultStore.WriteCommandResult(ctx.ctx, cr)
+		resultStoreErr = ctx.resultStore.WriteCommandResult(cr)
 		if resultStoreErr != nil {
 			s.FailedWithMessage("Failed to write result to result store: %s", resultStoreErr.Error())
 		} else {
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index bc4782a1c..4eb5f9ead 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -3,53 +3,92 @@ package results
 import (
 	"compress/gzip"
 	"context"
-	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/rest"
+	toolscache "k8s.io/client-go/tools/cache"
 	"path"
 	"regexp"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sort"
 	"strings"
+	"sync"
 )
 
 type ResultStoreSecrets struct {
-	k              *k8s.K8sCluster
+	ctx context.Context
+
+	config         *rest.Config
 	writeNamespace string
+
+	mutex       sync.Mutex
+	client      client.Client
+	cache       cache.Cache
+	informer    cache.Informer
+	cancelCache context.CancelFunc
 }
 
-func NewResultStoreSecrets(k *k8s.K8sCluster, writeNamespace string) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, config *rest.Config, writeNamespace string) (*ResultStoreSecrets, error) {
 	s := &ResultStoreSecrets{
-		k:              k,
+		ctx:            ctx,
+		config:         config,
 		writeNamespace: writeNamespace,
 	}
+	return s, nil
+}
 
-	if s.writeNamespace != "" {
-		_, _, err := k.GetSingleObject(k8s2.NewObjectRef("", "v1", "Namespace", s.writeNamespace, ""))
-		if err != nil && errors.IsNotFound(err) {
-			ns := uo.FromMap(map[string]interface{}{
-				"apiVersion": "v1",
-				"kind":       "Namespace",
-				"metadata": map[string]any{
-					"name": s.writeNamespace,
-				},
-			})
-			_, _, err = k.ReadWrite().PatchObject(ns, k8s.PatchOptions{})
-			if err != nil {
-				return nil, err
-			}
-		} else if err != nil {
-			return nil, err
-		}
+func (s *ResultStoreSecrets) ensureClientAndCache() error {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
+
+	if s.client != nil {
+		return nil
 	}
 
-	return s, nil
+	c, err := client.New(s.config, client.Options{})
+	if err != nil {
+		return err
+	}
+
+	labelSelector, _ := labels.Parse("kluctl.io/result-id")
+
+	var partialSecret metav1.PartialObjectMetadata
+	partialSecret.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "Secret"})
+
+	ca, err := cache.New(s.config, cache.Options{
+		DefaultLabelSelector: labelSelector,
+	})
+	if err != nil {
+		return err
+	}
+
+	informer, err := ca.GetInformer(s.ctx, &partialSecret)
+	if err != nil {
+		return err
+	}
+
+	s.client = c
+	s.cache = ca
+	s.informer = informer
+
+	newCtx, cancel := context.WithCancel(s.ctx)
+	s.cancelCache = cancel
+
+	go func() {
+		_ = ca.Start(newCtx)
+	}()
+
+	s.cache.WaitForCacheSync(s.ctx)
+
+	return nil
 }
 
 var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
@@ -77,7 +116,40 @@ func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
 	return nameWithId
 }
 
-func (s *ResultStoreSecrets) WriteCommandResult(ctx context.Context, cr *result.CommandResult) error {
+func (s *ResultStoreSecrets) ensureWriteNamespace() error {
+	if s.writeNamespace == "" {
+		return fmt.Errorf("missing writeNamespace")
+	}
+	var ns corev1.Namespace
+	err := s.client.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
+	if err != nil && errors.IsNotFound(err) {
+		ns := &corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: s.writeNamespace,
+			},
+		}
+		err = s.client.Create(s.ctx, ns)
+		if err != nil {
+			return err
+		}
+	} else if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error {
+	err := s.ensureClientAndCache()
+	if err != nil {
+		return err
+	}
+
+	err = s.ensureWriteNamespace()
+	if err != nil {
+		return err
+	}
+
 	crJson, err := yaml.WriteJsonString(cr.ToReducedObjects())
 	if err != nil {
 		return err
@@ -102,67 +174,65 @@ func (s *ResultStoreSecrets) WriteCommandResult(ctx context.Context, cr *result.
 		return err
 	}
 
-	secret := uo.FromMap(map[string]interface{}{
-		"apiVersion": "v1",
-		"kind":       "Secret",
-		"metadata": map[string]any{
-			"name":      s.buildName(cr),
-			"namespace": s.writeNamespace,
-			"labels": map[string]any{
+	secret := corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      s.buildName(cr),
+			Namespace: s.writeNamespace,
+			Labels: map[string]string{
 				"kluctl.io/result-id": cr.Id,
 			},
-			"annotations": map[string]any{
+			Annotations: map[string]string{
 				"kluctl.io/result-summary": summaryJson,
 			},
 		},
-		"data": map[string]any{
+		Data: map[string][]byte{
 			"reducedResult":    compressedCr,
 			"compactedObjects": compressedObjects,
 		},
-	})
+	}
 	if cr.Project.NormalizedGitUrl != "" {
-		secret.SetK8sAnnotation("kluctl.io/result-project-normalized-url", cr.Project.NormalizedGitUrl)
+		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.Project.NormalizedGitUrl
 	}
 	if cr.Project.SubDir != "" {
-		secret.SetK8sAnnotation("kluctl.io/result-project-subdir", cr.Project.SubDir)
+		secret.Annotations["kluctl.io/result-project-subdir"] = cr.Project.SubDir
 	}
 
-	_, _, err = s.k.ReadWrite().PatchObject(secret, k8s.PatchOptions{})
-	return err
+	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
-func (s *ResultStoreSecrets) ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
-	l, _, err := s.k.ListMetadata(schema.GroupVersionKind{
-		Version: "v1",
-		Kind:    "Secret",
-	}, "", map[string]string{
-		"kluctl.io/result-id": "",
-	})
+func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
+	err := s.ensureClientAndCache()
 	if err != nil {
 		return nil, err
 	}
 
-	ret := make([]result.CommandResultSummary, 0, len(l))
+	var l metav1.PartialObjectMetadataList
+	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
+	err = s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
+	if err != nil {
+		return nil, err
+	}
 
-	for _, x := range l {
-		summaryJson := x.GetK8sAnnotation("kluctl.io/result-summary")
-		if summaryJson == nil || *summaryJson == "" {
-			continue
-		}
+	ret := make([]result.CommandResultSummary, 0, len(l.Items))
 
-		var summary result.CommandResultSummary
-		err = yaml.ReadYamlString(*summaryJson, &summary)
+	for _, x := range l.Items {
+		summary, err := s.parseSummary(&x)
 		if err != nil {
 			continue
 		}
-
-		if options.ProjectFilter != nil {
-			if summary.Project != *options.ProjectFilter {
-				continue
-			}
+		if !s.filterSummary(summary, options.ProjectFilter) {
+			continue
 		}
 
-		ret = append(ret, summary)
+		ret = append(ret, *summary)
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
@@ -172,33 +242,146 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(ctx context.Context, opt
 	return ret, nil
 }
 
-func (s *ResultStoreSecrets) GetCommandResult(ctx context.Context, options GetCommandResultOptions) (*result.CommandResult, error) {
-	l, _, err := s.k.ListObjects(schema.GroupVersionKind{
-		Version: "v1",
-		Kind:    "Secret",
-	}, "", map[string]string{
+func (s *ResultStoreSecrets) parseSummary(obj client.Object) (*result.CommandResultSummary, error) {
+	if len(obj.GetAnnotations()) == 0 {
+		return nil, nil
+	}
+	summaryJson := obj.GetAnnotations()["kluctl.io/result-summary"]
+	if summaryJson == "" {
+		return nil, nil
+	}
+
+	var summary result.CommandResultSummary
+	err := yaml.ReadYamlString(summaryJson, &summary)
+	if err != nil {
+		return nil, err
+	}
+
+	return &summary, nil
+}
+
+func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary, project *result.ProjectKey) bool {
+	if project != nil {
+		if project.NormalizedGitUrl != "" && summary.Project.NormalizedGitUrl != project.NormalizedGitUrl {
+			return false
+		}
+		if project.SubDir != "" && summary.Project.SubDir != project.SubDir {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error) {
+	err := s.ensureClientAndCache()
+	if err != nil {
+		return nil, err
+	}
+
+	handler := func(obj any, deleted bool) {
+		obj2, ok := obj.(client.Object)
+		if !ok {
+			return
+		}
+		summary, err := s.parseSummary(obj2)
+		if err != nil {
+			return
+		}
+		if !s.filterSummary(summary, options.ProjectFilter) {
+			return
+		}
+		if deleted {
+			delete(summary.Id)
+		} else {
+			update(summary)
+		}
+	}
+
+	r, err := s.informer.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			handler(obj, false)
+		},
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			handler(newObj, false)
+		},
+		DeleteFunc: func(obj interface{}) {
+			handler(obj, true)
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	cancel := func() {
+		_ = s.informer.RemoveEventHandler(r)
+	}
+	return cancel, nil
+}
+
+func (s *ResultStoreSecrets) getCommandResultSecret(id string) (*metav1.PartialObjectMetadata, error) {
+	err := s.ensureClientAndCache()
+	if err != nil {
+		return nil, err
+	}
+
+	var l metav1.PartialObjectMetadataList
+	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
+	err = s.cache.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
+	if err != nil {
+		return nil, err
+	}
+	if len(l.Items) == 0 {
+		return nil, nil
+	}
+	return &l.Items[0], nil
+}
+
+func (s *ResultStoreSecrets) HasCommandResult(id string) (bool, error) {
+	secret, err := s.getCommandResultSecret(id)
+	if err != nil {
+		return false, err
+	}
+	return secret != nil, nil
+}
+
+func (s *ResultStoreSecrets) GetCommandResultSummary(id string) (*result.CommandResultSummary, error) {
+	secret, err := s.getCommandResultSecret(id)
+	if err != nil {
+		return nil, err
+	}
+	return s.parseSummary(secret)
+}
+
+func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
+	has, err := s.HasCommandResult(options.Id)
+	if err != nil {
+		return nil, err
+	}
+	if !has {
+		return nil, nil
+	}
+
+	var l corev1.SecretList
+	err = s.client.List(s.ctx, &l, client.MatchingLabels{
 		"kluctl.io/result-id": options.Id,
 	})
 	if err != nil {
 		return nil, err
 	}
-	if len(l) == 0 {
+	if len(l.Items) == 0 {
 		return nil, nil
 	}
 
+	secret := l.Items[0]
+
 	var crJson, objectsJson []byte
-	err = utils.RunParallelE(ctx, func() error {
-		s, ok, err := l[0].GetNestedString("data", "reducedResult")
-		if err != nil {
-			return err
-		}
+	err = utils.RunParallelE(s.ctx, func() error {
+		var ok bool
+		crJson, ok = secret.Data["reducedResult"]
 		if !ok {
 			return fmt.Errorf("reducedResult field not present for %s", options.Id)
 		}
-		crJson, err = base64.StdEncoding.DecodeString(s)
-		if err != nil {
-			return err
-		}
 		crJson, err = utils.UncompressGzip(crJson)
 		if err != nil {
 			return err
@@ -208,18 +391,11 @@ func (s *ResultStoreSecrets) GetCommandResult(ctx context.Context, options GetCo
 		if options.Reduced {
 			return nil
 		}
-		s, ok, err := l[0].GetNestedString("data", "compactedObjects")
-		if err != nil {
-			return err
-		}
+		var ok bool
+		objectsJson, ok = secret.Data["compactedObjects"]
 		if !ok {
 			return fmt.Errorf("compactedObjects field not present for %s", options.Id)
 		}
-		objectsJson, err = base64.StdEncoding.DecodeString(s)
-		if err != nil {
-			return err
-		}
-
 		objectsJson, err = utils.UncompressGzip(objectsJson)
 		if err != nil {
 			return err
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 464dc6594..46d002d5d 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -1,7 +1,6 @@
 package results
 
 import (
-	"context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
@@ -9,6 +8,10 @@ type ListProjectsOptions struct {
 	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
 }
 
+type ListTargetsOptions struct {
+	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
+}
+
 type ListCommandResultSummariesOptions struct {
 	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
 }
@@ -19,50 +22,24 @@ type GetCommandResultOptions struct {
 }
 
 type ResultStore interface {
-	WriteCommandResult(ctx context.Context, cr *result.CommandResult) error
+	WriteCommandResult(cr *result.CommandResult) error
 
-	ListCommandResultSummaries(ctx context.Context, options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
-	GetCommandResult(ctx context.Context, options GetCommandResultOptions) (*result.CommandResult, error)
+	ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
+	WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error)
+	HasCommandResult(id string) (bool, error)
+	GetCommandResultSummary(id string) (*result.CommandResultSummary, error)
+	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
 }
 
-func ListProjects(ctx context.Context, rs ResultStore, options ListProjectsOptions) ([]result.ProjectSummary, error) {
-	summaries, err := rs.ListCommandResultSummaries(ctx, ListCommandResultSummariesOptions{
-		ProjectFilter: options.ProjectFilter,
-	})
-	if err != nil {
-		return nil, err
+func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bool {
+	if filter == nil {
+		return true
 	}
-
-	m := map[result.ProjectKey]result.ProjectSummary{}
-	for _, s := range summaries {
-		if _, ok := m[s.Project]; !ok {
-			m[s.Project] = result.ProjectSummary{Project: s.Project}
-		}
+	if x.Project.NormalizedGitUrl != filter.NormalizedGitUrl {
+		return false
 	}
-
-	ret := make([]result.ProjectSummary, 0, len(m))
-	for _, p := range m {
-		for _, rs := range summaries {
-			switch rs.Command.Command {
-			case "deploy":
-				if p.LastDeployCommand == nil {
-					rs := rs
-					p.LastDeployCommand = &rs
-				}
-			case "delete":
-				if p.LastDeleteCommand == nil {
-					rs := rs
-					p.LastDeleteCommand = &rs
-				}
-			case "prune":
-				if p.LastPruneCommand == nil {
-					rs := rs
-					p.LastPruneCommand = &rs
-				}
-			}
-		}
-		ret = append(ret, p)
+	if x.Project.SubDir != filter.SubDir {
+		return false
 	}
-
-	return ret, nil
+	return true
 }
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
new file mode 100644
index 000000000..583a5b9b2
--- /dev/null
+++ b/pkg/results/results-collector.go
@@ -0,0 +1,174 @@
+package results
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"sort"
+	"sync"
+	"time"
+)
+
+type ResultsCollector struct {
+	ctx context.Context
+
+	stores []ResultStore
+
+	resultSummaries map[string]summaryEntry
+	handlers        []*handlerEntry
+
+	mutex sync.Mutex
+}
+
+type summaryEntry struct {
+	store   ResultStore
+	summary *result.CommandResultSummary
+}
+
+type handlerEntry struct {
+	options ListCommandResultSummariesOptions
+	update  func(result *result.CommandResultSummary)
+	delete  func(id string)
+}
+
+func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsCollector {
+	ret := &ResultsCollector{
+		ctx:             ctx,
+		stores:          stores,
+		resultSummaries: map[string]summaryEntry{},
+	}
+
+	return ret
+}
+
+func (rc *ResultsCollector) Start() {
+	rc.startWatchResults()
+}
+
+func (rc *ResultsCollector) startWatchResults() {
+	for _, store := range rc.stores {
+		go rc.runWatchResults(store)
+	}
+}
+
+func (rc *ResultsCollector) runWatchResults(store ResultStore) {
+	for {
+		_, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{}, func(summary *result.CommandResultSummary) {
+			rc.handleUpdate(store, summary)
+		}, func(id string) {
+			rc.handleDelete(store, id)
+		})
+		if err == nil {
+			break
+		}
+		time.Sleep(5 * time.Second)
+	}
+}
+
+func (rc *ResultsCollector) handleUpdate(store ResultStore, summary *result.CommandResultSummary) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	rc.resultSummaries[summary.Id] = summaryEntry{
+		store:   store,
+		summary: summary,
+	}
+	for _, h := range rc.handlers {
+		if FilterSummary(summary, h.options.ProjectFilter) {
+			h.update(summary)
+		}
+	}
+}
+
+func (rc *ResultsCollector) handleDelete(store ResultStore, id string) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	se, ok := rc.resultSummaries[id]
+	if !ok {
+		return
+	}
+
+	delete(rc.resultSummaries, id)
+	for _, h := range rc.handlers {
+		if FilterSummary(se.summary, h.options.ProjectFilter) {
+			h.delete(id)
+		}
+	}
+}
+
+func (rc *ResultsCollector) WriteCommandResult(cr *result.CommandResult) error {
+	return fmt.Errorf("WriteCommandResult is not supported in ResultsCollector")
+}
+
+func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	summaries := make([]result.CommandResultSummary, 0, len(rc.resultSummaries))
+	for _, x := range rc.resultSummaries {
+		if !FilterSummary(x.summary, options.ProjectFilter) {
+			continue
+		}
+		summaries = append(summaries, *x.summary)
+	}
+	sort.Slice(summaries, func(i, j int) bool {
+		return summaries[i].Command.StartTime >= summaries[j].Command.StartTime
+	})
+	return summaries, nil
+}
+
+func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	h := &handlerEntry{
+		options: options,
+		update:  update,
+		delete:  delete,
+	}
+
+	rc.handlers = append(rc.handlers, h)
+
+	for _, se := range rc.resultSummaries {
+		if FilterSummary(se.summary, h.options.ProjectFilter) {
+			h.update(se.summary)
+		}
+	}
+
+	return func() {
+		rc.mutex.Lock()
+		defer rc.mutex.Unlock()
+		for i, h2 := range rc.handlers {
+			if h2 == h {
+				rc.handlers = append(rc.handlers[:i], rc.handlers[i+1:]...)
+				break
+			}
+		}
+	}, nil
+}
+
+func (rc *ResultsCollector) HasCommandResult(id string) (bool, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	_, ok := rc.resultSummaries[id]
+	return ok, nil
+}
+
+func (rc *ResultsCollector) GetCommandResultSummary(id string) (*result.CommandResultSummary, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	rs, ok := rc.resultSummaries[id]
+	if !ok {
+		return nil, nil
+	}
+	return rs.summary, nil
+}
+
+func (rc *ResultsCollector) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
+	rc.mutex.Lock()
+	se, ok := rc.resultSummaries[options.Id]
+	rc.mutex.Unlock()
+	if !ok {
+		return nil, nil
+	}
+	return se.store.GetCommandResult(options)
+}

From 3636581d43cace6dd3e3c8f77dafa40e321d34fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 2 May 2023 21:40:38 +0200
Subject: [PATCH 0943/2268] fix: Exclude hooks from validation

---
 pkg/deployment/commands/validate.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index e3000a09d..32a3dda68 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -59,6 +59,9 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 	} else if cmd.r != nil {
 		for _, o := range cmd.r.Objects {
 			refs = append(refs, o.Ref)
+			if o.Hook {
+				continue
+			}
 			if o.Rendered != nil {
 				renderedObjects = append(renderedObjects, o.Rendered)
 			}

From 8ab60327ae39e5c8d6edaab54a6a7c4a806ce755 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 2 May 2023 21:48:27 +0200
Subject: [PATCH 0944/2268] feat: Enable writing of command results by default

---
 cmd/kluctl/args/project.go   | 2 +-
 cmd/kluctl/commands/utils.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index e3ed5ab0e..b2b7c6189 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -43,6 +43,6 @@ type TargetFlags struct {
 }
 
 type CommandResultFlags struct {
-	WriteCommandResult     bool   `group:"results" help:"Enable experimental writing of command results into the cluster. Command results will be written into ConfigMaps in the kluctl-results namespace."`
+	NoWriteCommandResult   bool   `group:"results" help:"Disable writing of command results into the cluster."`
 	CommandResultNamespace string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 23375c1e8..9857b57b2 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -205,7 +205,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	var resultStore results.ResultStore
-	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
+	if args.commandResultFlags != nil && !args.commandResultFlags.NoWriteCommandResult {
 		rc, err := targetCtx.SharedContext.K.ToRESTConfig()
 		if err != nil {
 			return err

From 7daee7ff209551276ed37376e770fd11dc08ad13 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 May 2023 22:58:24 +0200
Subject: [PATCH 0945/2268] fix: Make ClusterInfo mandatory

---
 cmd/kluctl/commands/utils.go       |  6 ++----
 pkg/types/result/command_result.go |  2 +-
 pkg/types/result/summary.go        | 12 ++++++------
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 9857b57b2..d0fa4450e 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -284,9 +284,7 @@ func addCommandInfo(r *result.CommandResult, startTime time.Time, command string
 		r.Target.TargetName = ctx.targetCtx.Target.Name
 		r.Target.Discriminator = ctx.targetCtx.Target.Discriminator
 	}
-	if r.ClusterInfo != nil {
-		r.Target.ClusterId = r.ClusterInfo.ClusterId
-	}
+	r.Target.ClusterId = r.ClusterInfo.ClusterId
 
 	return nil
 }
@@ -372,7 +370,7 @@ func addClusterInfo(r *result.CommandResult, ctx *commandCtx) error {
 	if clusterId == "" {
 		return fmt.Errorf("kube-system namespace has no uid")
 	}
-	r.ClusterInfo = &result.ClusterInfo{
+	r.ClusterInfo = result.ClusterInfo{
 		ClusterId: clusterId,
 	}
 	return nil
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index b84b552f4..06cee1183 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -132,7 +132,7 @@ type CommandResult struct {
 	Target      TargetKey                      `json:"target"`
 	Command     CommandInfo                    `json:"command,omitempty"`
 	GitInfo     *GitInfo                       `json:"gitInfo,omitempty"`
-	ClusterInfo *ClusterInfo                   `json:"clusterInfo,omitempty"`
+	ClusterInfo ClusterInfo                    `json:"clusterInfo"`
 	Deployment  *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
 	Objects []ResultObject `json:"objects,omitempty"`
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index fbc4c25b2..900645e66 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -5,12 +5,12 @@ import (
 )
 
 type CommandResultSummary struct {
-	Id          string       `json:"id"`
-	Project     ProjectKey   `json:"project"`
-	Target      TargetKey    `json:"target"`
-	Command     CommandInfo  `json:"commandInfo"`
-	GitInfo     *GitInfo     `json:"gitInfo,omitempty"`
-	ClusterInfo *ClusterInfo `json:"clusterInfo,omitempty"`
+	Id          string      `json:"id"`
+	Project     ProjectKey  `json:"project"`
+	Target      TargetKey   `json:"target"`
+	Command     CommandInfo `json:"commandInfo"`
+	GitInfo     *GitInfo    `json:"gitInfo,omitempty"`
+	ClusterInfo ClusterInfo `json:"clusterInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`

From 36396a03b27f5a7543e704a94a7dd8db9c46daea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 May 2023 23:04:30 +0200
Subject: [PATCH 0946/2268] feat: Don't write CommandResult in diff command or
 dryRun mode

---
 cmd/kluctl/args/project.go             | 5 +++--
 cmd/kluctl/commands/cmd_delete.go      | 2 +-
 cmd/kluctl/commands/cmd_deploy.go      | 2 +-
 cmd/kluctl/commands/cmd_diff.go        | 4 +---
 cmd/kluctl/commands/cmd_poke_images.go | 2 +-
 cmd/kluctl/commands/cmd_prune.go       | 2 +-
 6 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index b2b7c6189..3714186cb 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -43,6 +43,7 @@ type TargetFlags struct {
 }
 
 type CommandResultFlags struct {
-	NoWriteCommandResult   bool   `group:"results" help:"Disable writing of command results into the cluster."`
-	CommandResultNamespace string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
+	NoWriteCommandResult    bool   `group:"results" help:"Disable writing of command results into the cluster."`
+	ForceWriteCommandResult bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
+	CommandResultNamespace  string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
 }
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 39ab7f6a5..70d455375 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -64,7 +64,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index c3ba95bd4..7b70de7a2 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -82,7 +82,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
+	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index fd6fb7689..91be42dfa 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -20,7 +20,6 @@ type diffCmd struct {
 	args.IgnoreFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
-	args.CommandResultFlags
 }
 
 func (cmd *diffCmd) Help() string {
@@ -39,7 +38,6 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
-		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
@@ -58,7 +56,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 888ecddde..571b501cd 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -59,7 +59,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
+		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 567458b99..3fe34a470 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -61,7 +61,7 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error
 	if err != nil {
 		return err
 	}
-	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, true)
+	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}

From 6de4583de1e7a006eeff1c0e8c348da99219c88f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 May 2023 23:14:16 +0200
Subject: [PATCH 0947/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/common-arguments.md | 4 ++--
 docs/reference/commands/validate.md         | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 2263c15b2..e77bf78e3 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -136,8 +136,8 @@ Command Results:
 
       --command-result-namespace string   Override the namespace to be used when writing command results. (default
                                           "kluctl-results")
-      --write-command-result              Enable experimental writing of command results into the cluster. Command
-                                          results will be written into ConfigMaps in the kluctl-results namespace.
+      --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
+      --no-write-command-result           Disable writing of command results into the cluster.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index 77a0abb98..ef79bc0ba 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -31,6 +31,8 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --command-result existingfile                 Specify a command result to use instead of loading a project.
+                                                    This will also perform drift detection.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.

From 9ba8da18f526c9fb34686e0f0e7103421430eabc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 May 2023 23:25:22 +0200
Subject: [PATCH 0948/2268] fix: Don't omit empty target name

---
 pkg/types/kluctl_project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index cde09e90c..83aa87f8d 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -11,7 +11,7 @@ type SealingConfig struct {
 }
 
 type Target struct {
-	Name          string                 `json:"name,omitempty"`
+	Name          string                 `json:"name"`
 	Context       *string                `json:"context,omitempty"`
 	Args          *uo.UnstructuredObject `json:"args,omitempty"`
 	SealingConfig *SealingConfig         `json:"sealingConfig,omitempty"`

From c1b599039eb74d6fa7637ac3812a3e9c4be21564 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 7 May 2023 22:36:54 +0200
Subject: [PATCH 0949/2268] chore(deps): Bump sigs.k8s.io/kustomize/kyaml from
 0.14.1 to 0.14.2 (#460)

Bumps [sigs.k8s.io/kustomize/kyaml](https://github.com/kubernetes-sigs/kustomize) from 0.14.1 to 0.14.2.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/kyaml/v0.14.1...kyaml/v0.14.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/kyaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index baacdc9e8..8a38efb6a 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	k8s.io/apimachinery v0.27.1
 	k8s.io/client-go v0.27.1
 	k8s.io/klog/v2 v2.100.1
-	sigs.k8s.io/kustomize/kyaml v0.14.1
+	sigs.k8s.io/kustomize/kyaml v0.14.2
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
 )
 
diff --git a/go.sum b/go.sum
index 10c068ca4..6ff437002 100644
--- a/go.sum
+++ b/go.sum
@@ -1382,8 +1382,8 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=
 sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw=
-sigs.k8s.io/kustomize/kyaml v0.14.1 h1:c8iibius7l24G2wVAGZn/Va2wNys03GXLjYVIcFVxKA=
-sigs.k8s.io/kustomize/kyaml v0.14.1/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
+sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=
+sigs.k8s.io/kustomize/kyaml v0.14.2/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From 751a0f181eaa5ac48f51fd27ebebd5abf66b1176 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 7 May 2023 22:37:43 +0200
Subject: [PATCH 0950/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#462)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.0 to 0.15.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.14.0...v0.15.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 34 +++++++++++++++--------------
 go.sum | 69 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 54 insertions(+), 49 deletions(-)

diff --git a/go.mod b/go.mod
index 8a38efb6a..a4dcb7e46 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/go-playground/validator/v10 v10.13.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/go-containerregistry v0.14.0
+	github.com/google/go-containerregistry v0.15.1
 	github.com/hashicorp/vault/api v1.9.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.15
@@ -72,10 +72,10 @@ require (
 replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22
 
 require (
-	cloud.google.com/go/compute v1.18.0 // indirect
+	cloud.google.com/go/compute v1.19.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.12.0 // indirect
-	cloud.google.com/go/kms v1.9.0 // indirect
+	cloud.google.com/go/iam v0.13.0 // indirect
+	cloud.google.com/go/kms v1.10.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
@@ -89,7 +89,7 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
@@ -111,10 +111,11 @@ require (
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/cloudflare/circl v1.3.0 // indirect
 	github.com/containerd/containerd v1.7.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v23.0.1+incompatible // indirect
-	github.com/docker/docker v23.0.1+incompatible // indirect
+	github.com/docker/cli v23.0.5+incompatible // indirect
+	github.com/docker/docker v23.0.5+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -151,7 +152,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
@@ -170,7 +171,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -193,7 +194,7 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -215,6 +216,7 @@ require (
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/urfave/cli v1.22.12 // indirect
+	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -226,15 +228,15 @@ require (
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/oauth2 v0.6.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/api v0.110.0 // indirect
+	google.golang.org/api v0.114.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
-	google.golang.org/grpc v1.53.0 // indirect
+	google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 // indirect
+	google.golang.org/grpc v1.54.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 6ff437002..356be0ab3 100644
--- a/go.sum
+++ b/go.sum
@@ -27,17 +27,17 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
-cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
+cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
+cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE=
-cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
-cloud.google.com/go/kms v1.9.0 h1:b0votJQa/9DSsxgHwN33/tTLA7ZHVzfWhDCrfiXijSo=
-cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w=
+cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
+cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
+cloud.google.com/go/kms v1.10.0 h1:Imrtp8792uqNP9bdfPrjtUkjjqOMBcAJ2bdFaAnLhnk=
+cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24=
 cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
@@ -89,8 +89,8 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
-github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
@@ -191,6 +191,7 @@ github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXT
 github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
 github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
+github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -213,12 +214,12 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
-github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM=
-github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
+github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY=
-github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
+github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -396,8 +397,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw=
-github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk=
+github.com/google/go-containerregistry v0.15.1 h1:RsJ9NbfxYWF8Wl4VmvkpN3zYATwuvlPq2j20zmcs63E=
+github.com/google/go-containerregistry v0.15.1/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -428,8 +429,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9
 github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=
-github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
+github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
+github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -536,8 +537,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
-github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
+github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
 github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c h1:qAIvhYamCEU/tY6NaENEIQCynGV5sdON7zgZKnbrhhw=
@@ -666,8 +667,8 @@ github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8=
-github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
+github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
 github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
@@ -813,7 +814,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
 github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
+github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
+github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
@@ -935,8 +937,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
-golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
-golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1001,8 +1003,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
+golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
+golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1083,6 +1085,7 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1179,8 +1182,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1209,8 +1212,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU=
-google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI=
+google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
+google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1263,8 +1266,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA=
-google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
+google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 h1:VmCWItVXcKboEMCwZaWge+1JLiTCQSngZeINF+wzO+g=
+google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1287,8 +1290,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
-google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
+google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 17918dad58867dc5a4645a37112e979b1f80cc65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 7 May 2023 21:54:29 +0200
Subject: [PATCH 0951/2268] feat: Clean up old command results

---
 cmd/kluctl/args/project.go                  |  1 +
 cmd/kluctl/commands/utils.go                |  2 +-
 docs/reference/commands/common-arguments.md |  1 +
 pkg/results/result-store-secrets.go         | 52 ++++++++++++++++++---
 4 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 3714186cb..893c5062e 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -46,4 +46,5 @@ type CommandResultFlags struct {
 	NoWriteCommandResult    bool   `group:"results" help:"Disable writing of command results into the cluster."`
 	ForceWriteCommandResult bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
 	CommandResultNamespace  string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
+	KeepCommandResultsCount int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index d0fa4450e..949db7a20 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -210,7 +210,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		if err != nil {
 			return err
 		}
-		resultStore, err = results.NewResultStoreSecrets(ctx, rc, args.commandResultFlags.CommandResultNamespace)
+		resultStore, err = results.NewResultStoreSecrets(ctx, rc, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index e77bf78e3..055c8e2cb 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -137,6 +137,7 @@ Command Results:
       --command-result-namespace string   Override the namespace to be used when writing command results. (default
                                           "kluctl-results")
       --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
+      --keep-command-results-count int    Configure how many old command results to keep. (default 10)
       --no-write-command-result           Disable writing of command results into the cluster.
 
 ```
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 4eb5f9ead..7edb7a87d 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -4,6 +4,7 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -26,8 +27,9 @@ import (
 type ResultStoreSecrets struct {
 	ctx context.Context
 
-	config         *rest.Config
-	writeNamespace string
+	config           *rest.Config
+	writeNamespace   string
+	keepResultsCount int
 
 	mutex       sync.Mutex
 	client      client.Client
@@ -36,11 +38,12 @@ type ResultStoreSecrets struct {
 	cancelCache context.CancelFunc
 }
 
-func NewResultStoreSecrets(ctx context.Context, config *rest.Config, writeNamespace string) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, config *rest.Config, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
 	s := &ResultStoreSecrets{
-		ctx:            ctx,
-		config:         config,
-		writeNamespace: writeNamespace,
+		ctx:              ctx,
+		config:           config,
+		writeNamespace:   writeNamespace,
+		keepResultsCount: keepResultsCount,
 	}
 	return s, nil
 }
@@ -205,6 +208,43 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 	if err != nil {
 		return err
 	}
+
+	err = s.cleanupResults(cr.Project, cr.Target)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target result.TargetKey) error {
+	results, err := s.ListCommandResultSummaries(ListCommandResultSummariesOptions{
+		ProjectFilter: &project,
+	})
+	if err != nil {
+		return err
+	}
+
+	cnt := 0
+	for _, rs := range results {
+		rs := rs
+
+		if rs.Target != target {
+			continue
+		}
+		cnt++
+
+		if cnt > s.keepResultsCount {
+			err := s.client.DeleteAllOf(s.ctx, &corev1.Secret{}, client.InNamespace(s.writeNamespace), client.MatchingLabels{
+				"kluctl.io/result-id": rs.Id,
+			})
+			if err != nil {
+				status.Warning(s.ctx, "Failed to delete old command result %s: %s", rs.Id, err)
+			} else {
+				status.Info(s.ctx, "Deleted old command result %s", rs.Id)
+			}
+		}
+	}
 	return nil
 }
 

From 9d6dc946578a35a11c8a598103317496d64e4f69 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 7 May 2023 22:47:40 +0200
Subject: [PATCH 0952/2268] fix: Use apimachinery YAMLReader utils to parsy
 multi-doc YAML (#463)

This fixes issues with new-lines being lost in ConfigMaps.
---
 pkg/yaml/yaml.go | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/pkg/yaml/yaml.go b/pkg/yaml/yaml.go
index b28c789eb..7ce32045d 100644
--- a/pkg/yaml/yaml.go
+++ b/pkg/yaml/yaml.go
@@ -1,6 +1,7 @@
 package yaml
 
 import (
+	"bufio"
 	"bytes"
 	"encoding/json"
 	"fmt"
@@ -8,6 +9,7 @@ import (
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
 	"io"
+	apimachinery_yaml "k8s.io/apimachinery/pkg/util/yaml"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -85,30 +87,23 @@ func ReadYamlAllStream(r io.Reader) ([]interface{}, error) {
 func readYamlAllStream(r io.Reader, strict bool) ([]interface{}, error) {
 	r = newUnicodeReader(r)
 
-	b, err := io.ReadAll(r)
-	if err != nil {
-		return nil, err
-	}
-	s := string(b)
-	s = strings.TrimSpace(s)
-
-	if s == "" {
-		return nil, nil
-	}
+	yr := apimachinery_yaml.NewYAMLReader(bufio.NewReader(r))
 
-	docs := docsSep.Split(s, -1)
-
-	ret := make([]any, 0, len(docs))
-	for _, doc := range docs {
-		if doc == "" {
-			continue
+	var ret []any
+	for {
+		doc, err := yr.Read()
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return nil, err
 		}
 
 		var x any
 		if strict {
-			err = yaml.UnmarshalStrict([]byte(doc), &x)
+			err = yaml.UnmarshalStrict(doc, &x)
 		} else {
-			err = yaml.Unmarshal([]byte(doc), &x)
+			err = yaml.Unmarshal(doc, &x)
 		}
 		if err != nil {
 			return nil, err

From f927c26d2e9efcde65269e5d4ba293a3180e2b01 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 17:26:47 +0200
Subject: [PATCH 0953/2268] chore(deps): Bump github.com/sergi/go-diff from
 1.2.0 to 1.3.1 (#465)

Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.2.0 to 1.3.1.
- [Commits](https://github.com/sergi/go-diff/compare/v1.2.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/sergi/go-diff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d32c66cd1..c9b74a84d 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.6
 	github.com/otiai10/copy v1.11.0
-	github.com/sergi/go-diff v1.2.0
+	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
 	sigs.k8s.io/kustomize/api v0.13.2
diff --git a/go.sum b/go.sum
index 356be0ab3..d736f2c84 100644
--- a/go.sum
+++ b/go.sum
@@ -750,8 +750,8 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
-github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
+github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=

From 13e464033128153c64f57c35f724856867689040 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 17:26:59 +0200
Subject: [PATCH 0954/2268] chore(deps): Bump golang.org/x/net from 0.9.0 to
 0.10.0 (#467)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c9b74a84d..fdee8993b 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/stretchr/testify v1.8.2
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.8.0
-	golang.org/x/net v0.9.0
+	golang.org/x/net v0.10.0
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.8.0
 	golang.org/x/term v0.8.0
diff --git a/go.sum b/go.sum
index d736f2c84..856909ddd 100644
--- a/go.sum
+++ b/go.sum
@@ -989,8 +989,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 9fd93f4c980d3ce03ea03f545da386609cca32b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 17:27:08 +0200
Subject: [PATCH 0955/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#471)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.23 to 1.18.25.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.23...config/v1.18.25)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index fdee8993b..44f28861a 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.18.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.23
+	github.com/aws/aws-sdk-go-v2/config v1.18.25
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
@@ -95,7 +95,7 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.22 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
@@ -104,7 +104,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 856909ddd..85288bd3f 100644
--- a/go.sum
+++ b/go.sum
@@ -121,10 +121,10 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.23 h1:gc3lPsAnZpwfi2exupmgHfva0JiAY2BWDg5JWYlmA28=
-github.com/aws/aws-sdk-go-v2/config v1.18.23/go.mod h1:rx0ruaQ+gk3OrLFHRRx56lA//XxP8K8uPzeNiKNuWVY=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.22 h1:Hp9rwJS4giQ48xqonRV/s7QcDf/wxF6UY7osRmBabvI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.22/go.mod h1:BfNcm6A9nSd+bzejDcMJ5RE+k6WbkCwWkQil7q4heRk=
+github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q=
+github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -145,8 +145,8 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGX
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 h1:uBE+Zj478pfxV98L6SEpvxYiADNjTlMNY714PJLE7uo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.11/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 71748e3a9d20f9a24aa6ee8e5350aa9b794a8702 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 17:27:34 +0200
Subject: [PATCH 0956/2268] chore(deps): Bump sigs.k8s.io/kustomize/api from
 0.13.2 to 0.13.4 (#472)

Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.13.2 to 0.13.4.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.13.2...api/v0.13.4)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 44f28861a..27a4a39d1 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/controller-runtime v0.14.5
-	sigs.k8s.io/kustomize/api v0.13.2
+	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
 )
 
diff --git a/go.sum b/go.sum
index 85288bd3f..a55c70084 100644
--- a/go.sum
+++ b/go.sum
@@ -1383,8 +1383,8 @@ sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22 h1:KnAZ+ITT
 sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22/go.mod h1:ujEX5tSkpg5cCOhcwDWLsXwNuMCO+j4rpmmkIn6BGGc=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.13.2 h1:kejWfLeJhUsTGioDoFNJET5LQe/ajzXhJGYoU+pJsiA=
-sigs.k8s.io/kustomize/api v0.13.2/go.mod h1:DUp325VVMFVcQSq+ZxyDisA8wtldwHxLZbr1g94UHsw=
+sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI=
+sigs.k8s.io/kustomize/api v0.13.4/go.mod h1:Bkaavz5RKK6ZzP0zgPrB7QbpbBJKiHuD3BB0KujY7Ls=
 sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=
 sigs.k8s.io/kustomize/kyaml v0.14.2/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=

From f9a5c0ef531eb4f0174b4b6bcb0a5df330969847 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 May 2023 22:18:44 +0200
Subject: [PATCH 0957/2268] chore(deps): Bump golang.org/x/crypto from 0.8.0 to
 0.9.0 (#473)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 27a4a39d1..39a495786 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.8.0
+	golang.org/x/crypto v0.9.0
 	golang.org/x/net v0.10.0
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.8.0
diff --git a/go.sum b/go.sum
index a55c70084..e7da825eb 100644
--- a/go.sum
+++ b/go.sum
@@ -898,8 +898,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From 22ae21caac010a7b9a23dcd1ab00fba1b1b4b6ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 May 2023 16:44:32 +0200
Subject: [PATCH 0958/2268] chore(deps): Bump helm.sh/helm/v3 from 3.11.3 to
 3.12.0 (#475)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.11.3 to 3.12.0.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.11.3...v3.12.0)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 10 ++++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 39a495786..0b8c91a8f 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	golang.org/x/sys v0.8.0
 	golang.org/x/term v0.8.0
 	golang.org/x/text v0.9.0
-	helm.sh/helm/v3 v3.11.3
+	helm.sh/helm/v3 v3.12.0
 	k8s.io/api v0.27.1
 	k8s.io/apiextensions-apiserver v0.27.1
 	k8s.io/apimachinery v0.27.1
@@ -248,7 +248,7 @@ require (
 	k8s.io/cli-runtime v0.27.1 // indirect
 	k8s.io/component-base v0.27.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
-	k8s.io/kubectl v0.26.0 // indirect
+	k8s.io/kubectl v0.27.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index e7da825eb..f98f646a7 100644
--- a/go.sum
+++ b/go.sum
@@ -266,6 +266,7 @@ github.com/fluxcd/pkg/kustomize v1.1.1 h1:hYFJGi+fiaecY4gXvx52fumlvDEq/1RdFbaev6
 github.com/fluxcd/pkg/kustomize v1.1.1/go.mod h1:i+Z9iPAoSz28oH0FmDI73iqZ3oXZxQR2O3HfhdsWhfo=
 github.com/fluxcd/pkg/sourceignore v0.3.3 h1:Ue29JAuPECEYdvIqdpXpQaDxpeySn7amarLArp7XoIs=
 github.com/fluxcd/pkg/sourceignore v0.3.3/go.mod h1:yuJzKggph0Bdbk9LgXjJQhvJZSTJV/1vS7mJuB7mPa0=
+github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -610,6 +611,7 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
@@ -1342,8 +1344,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-helm.sh/helm/v3 v3.11.3 h1:n1X5yaQTP5DYywlBOZMl2gX398Gp6YwFp/IAVj6+5D4=
-helm.sh/helm/v3 v3.11.3/go.mod h1:S+sOdQc3BLvt09a9rSlKKVs9x0N/yx+No0y3qFw+FQ8=
+helm.sh/helm/v3 v3.12.0 h1:rOq2TPVzg5jt4q5ermAZGZFxNW2uQhKjRhBneAutMEM=
+helm.sh/helm/v3 v3.12.0/go.mod h1:8K/469yxjUMu6BaD2EagCitkPjELUL/l2AgCO142G94=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1369,8 +1371,8 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
 k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
-k8s.io/kubectl v0.26.0 h1:xmrzoKR9CyNdzxBmXV7jW9Ln8WMrwRK6hGbbf69o4T0=
-k8s.io/kubectl v0.26.0/go.mod h1:eInP0b+U9XUJWSYeU9XZnTA+cVYuWyl3iYPGtru0qhQ=
+k8s.io/kubectl v0.27.1 h1:9T5c5KdpburYiW8XKQSH0Uly1kMNE90aGSnbYUZNdcA=
+k8s.io/kubectl v0.27.1/go.mod h1:QsAkSmrRsKTPlAFzF8kODGDl4p35BIwQnc9XFhkcsy8=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=

From f818c01f563a25c633f3d97f39bfa9f7f301579b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 May 2023 16:45:03 +0200
Subject: [PATCH 0959/2268] chore(deps): Bump github.com/docker/distribution
 (#476)

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0b8c91a8f..53d6566c9 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/bitnami-labs/sealed-secrets v0.20.5
 	github.com/cyphar/filepath-securejoin v0.2.3
-	github.com/docker/distribution v2.8.1+incompatible
+	github.com/docker/distribution v2.8.2+incompatible
 	github.com/fluxcd/pkg/kustomize v1.1.1
 	github.com/go-playground/validator/v10 v10.13.0
 	github.com/gobwas/glob v0.2.3 // indirect
diff --git a/go.sum b/go.sum
index f98f646a7..992d6212a 100644
--- a/go.sum
+++ b/go.sum
@@ -216,8 +216,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
 github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
 github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=

From e44bcc2b5da2e64356062ded13e0918488f8ac62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 07:18:29 +0200
Subject: [PATCH 0960/2268] chore(deps): Bump k8s.io/api from 0.27.1 to 0.27.2
 (#487)

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.27.1 to 0.27.2.
- [Commits](https://github.com/kubernetes/api/compare/v0.27.1...v0.27.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 53d6566c9..8343b592c 100644
--- a/go.mod
+++ b/go.mod
@@ -42,9 +42,9 @@ require (
 	golang.org/x/term v0.8.0
 	golang.org/x/text v0.9.0
 	helm.sh/helm/v3 v3.12.0
-	k8s.io/api v0.27.1
+	k8s.io/api v0.27.2
 	k8s.io/apiextensions-apiserver v0.27.1
-	k8s.io/apimachinery v0.27.1
+	k8s.io/apimachinery v0.27.2
 	k8s.io/client-go v0.27.1
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
@@ -247,7 +247,7 @@ require (
 	k8s.io/apiserver v0.27.1 // indirect
 	k8s.io/cli-runtime v0.27.1 // indirect
 	k8s.io/component-base v0.27.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	k8s.io/kubectl v0.27.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
diff --git a/go.sum b/go.sum
index 992d6212a..3d3691e21 100644
--- a/go.sum
+++ b/go.sum
@@ -1353,12 +1353,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.1 h1:Z6zUGQ1Vd10tJ+gHcNNNgkV5emCyW+v2XTmn+CLjSd0=
-k8s.io/api v0.27.1/go.mod h1:z5g/BpAiD+f6AArpqNjkY+cji8ueZDU/WV1jcj5Jk4E=
+k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo=
+k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4=
 k8s.io/apiextensions-apiserver v0.27.1 h1:Hp7B3KxKHBZ/FxmVFVpaDiXI6CCSr49P1OJjxKO6o4g=
 k8s.io/apiextensions-apiserver v0.27.1/go.mod h1:8jEvRDtKjVtWmdkhOqE84EcNWJt/uwF8PC4627UZghY=
-k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc=
-k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
+k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg=
+k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
 k8s.io/apiserver v0.27.1 h1:phY+BtXjjzd+ta3a4kYbomC81azQSLa1K8jo9RBw7Lg=
 k8s.io/apiserver v0.27.1/go.mod h1:UGrOjLY2KsieA9Fw6lLiTObxTb8Z1xEba4uqSuMY0WU=
 k8s.io/cli-runtime v0.27.1 h1:MMzp5Q/Xmr5L1Lrowuc+Y/r95XINC6c6/fE3aN7JDRM=
@@ -1369,8 +1369,8 @@ k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
 k8s.io/component-base v0.27.1/go.mod h1:UGEd8+gxE4YWoigz5/lb3af3Q24w98pDseXcXZjw+E0=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
-k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
+k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
+k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
 k8s.io/kubectl v0.27.1 h1:9T5c5KdpburYiW8XKQSH0Uly1kMNE90aGSnbYUZNdcA=
 k8s.io/kubectl v0.27.1/go.mod h1:QsAkSmrRsKTPlAFzF8kODGDl4p35BIwQnc9XFhkcsy8=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=

From 87b267ae546a120145b8a8b67b9faa054ad12316 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 07:18:42 +0200
Subject: [PATCH 0961/2268] chore(deps): Bump github.com/sirupsen/logrus from
 1.9.0 to 1.9.2 (#485)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 8343b592c..f97c74f98 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.2
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
diff --git a/go.sum b/go.sum
index 3d3691e21..6eacedad4 100644
--- a/go.sum
+++ b/go.sum
@@ -761,8 +761,9 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
+github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
 github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=

From 7af7c84e0dabff9708e94663fc41355ead3178d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 07:18:56 +0200
Subject: [PATCH 0962/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#483)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.19.7 to 1.19.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.19.7...service/efs/v1.19.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f97c74f98..d28c52fb1 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.25
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
diff --git a/go.sum b/go.sum
index 6eacedad4..8ac7cac3a 100644
--- a/go.sum
+++ b/go.sum
@@ -139,8 +139,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAc
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7 h1:W88E2kZGo+NHOsyvQbsOZYqxXJdLIqRzKadeVlv5J7k=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.7/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8 h1:eB91eEYUlh8+O2dXr189W8GJJd+/T8N/c5HocH2KzVo=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=

From da97e257d9621a5642dfb5c072bc3ddc33d17f81 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 07:19:11 +0200
Subject: [PATCH 0963/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#482)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d28c52fb1..21eccb931 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/go-playground/validator/v10 v10.13.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/go-containerregistry v0.15.1
+	github.com/google/go-containerregistry v0.15.2
 	github.com/hashicorp/vault/api v1.9.1
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.15
diff --git a/go.sum b/go.sum
index 8ac7cac3a..5f809c948 100644
--- a/go.sum
+++ b/go.sum
@@ -398,8 +398,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.15.1 h1:RsJ9NbfxYWF8Wl4VmvkpN3zYATwuvlPq2j20zmcs63E=
-github.com/google/go-containerregistry v0.15.1/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
+github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
+github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 786baf47050bb626354177f305257deb0c696141 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 May 2023 07:19:49 +0200
Subject: [PATCH 0964/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#480)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.20.5 to 0.21.0.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.20.5...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 21eccb931..0095a9bbc 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.20.5
+	github.com/bitnami-labs/sealed-secrets v0.21.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
 	github.com/fluxcd/pkg/kustomize v1.1.1
@@ -201,7 +201,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.15.0 // indirect
+	github.com/prometheus/client_golang v1.15.1 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
diff --git a/go.sum b/go.sum
index 5f809c948..d29697d79 100644
--- a/go.sum
+++ b/go.sum
@@ -155,8 +155,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.20.5 h1:ejHSbd7GcJOWgAjBnkn+QFPTFSsNOZAJOomS4bM/LWk=
-github.com/bitnami-labs/sealed-secrets v0.20.5/go.mod h1:EAN3XxSWbJOi2AwF0wAEo0bCAReAD0ToTP9euRw5nVQ=
+github.com/bitnami-labs/sealed-secrets v0.21.0 h1:oFghyEDmsPjXgEOgBnplBjA0NqpMUFMj3BNFs4E1lZ4=
+github.com/bitnami-labs/sealed-secrets v0.21.0/go.mod h1:+nLA44ZWp/05ILUN7Fu3UiqNZJBwdTi/FHfEJ5btN7I=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -664,7 +664,7 @@ github.com/ohler55/ojg v1.18.5 h1:tzn5LJtkSyXowCo8SlGieU0zEc7WF4143Ri9MYlQy7Q=
 github.com/ohler55/ojg v1.18.5/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
+github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -708,8 +708,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM=
-github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
+github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
+github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=

From 5f359220a068059668984841ccdc9379225e461a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 20 May 2023 22:04:05 +0200
Subject: [PATCH 0965/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.6 to 1.27.7 (#489)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 0095a9bbc..ba7e8fa79 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.6
+	github.com/onsi/gomega v1.27.7
 	github.com/otiai10/copy v1.11.0
 	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
@@ -231,7 +231,7 @@ require (
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/api v0.114.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index d29697d79..5226d801a 100644
--- a/go.sum
+++ b/go.sum
@@ -664,9 +664,9 @@ github.com/ohler55/ojg v1.18.5 h1:tzn5LJtkSyXowCo8SlGieU0zEc7WF4143Ri9MYlQy7Q=
 github.com/ohler55/ojg v1.18.5/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
-github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
+github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
+github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
@@ -1185,8 +1185,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
-golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 38f09f037c229ff576ba71e5f9aa7f8abb34b643 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 20 May 2023 22:04:19 +0200
Subject: [PATCH 0966/2268] chore(deps): Bump github.com/stretchr/testify from
 1.8.2 to 1.8.3 (#488)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index ba7e8fa79..4dae43c9f 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.3
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.9.0
 	golang.org/x/net v0.10.0
diff --git a/go.sum b/go.sum
index 5226d801a..df231b097 100644
--- a/go.sum
+++ b/go.sum
@@ -808,8 +808,9 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=

From c6475a23ca3667d08f013c3c52906ca724c05bc9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 20 May 2023 22:04:42 +0200
Subject: [PATCH 0967/2268] chore(deps): Bump k8s.io/client-go from 0.27.1 to
 0.27.2 (#490)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.1 to 0.27.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.27.1...v0.27.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4dae43c9f..5cdf9ca67 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	k8s.io/api v0.27.2
 	k8s.io/apiextensions-apiserver v0.27.1
 	k8s.io/apimachinery v0.27.2
-	k8s.io/client-go v0.27.1
+	k8s.io/client-go v0.27.2
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
diff --git a/go.sum b/go.sum
index df231b097..948d07f7c 100644
--- a/go.sum
+++ b/go.sum
@@ -1365,8 +1365,8 @@ k8s.io/apiserver v0.27.1 h1:phY+BtXjjzd+ta3a4kYbomC81azQSLa1K8jo9RBw7Lg=
 k8s.io/apiserver v0.27.1/go.mod h1:UGrOjLY2KsieA9Fw6lLiTObxTb8Z1xEba4uqSuMY0WU=
 k8s.io/cli-runtime v0.27.1 h1:MMzp5Q/Xmr5L1Lrowuc+Y/r95XINC6c6/fE3aN7JDRM=
 k8s.io/cli-runtime v0.27.1/go.mod h1:tEbTB1XP/nTH3wujsi52bw91gWpErtWiS15R6CwYsAI=
-k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8=
-k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA=
+k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE=
+k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ=
 k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
 k8s.io/component-base v0.27.1/go.mod h1:UGEd8+gxE4YWoigz5/lb3af3Q24w98pDseXcXZjw+E0=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=

From 59dd1f01985272a026f01583125694ce273038fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 22 May 2023 12:07:30 +0200
Subject: [PATCH 0968/2268] chore: Upgrade controller-runtime to v0.15.0-beta.0

---
 e2e/test-utils/envtest_cluster_callback.go | 49 +++++++++++++++-------
 go.mod                                     | 13 +++---
 go.sum                                     | 22 +++++-----
 3 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/e2e/test-utils/envtest_cluster_callback.go b/e2e/test-utils/envtest_cluster_callback.go
index d28a532a9..17d9518e0 100644
--- a/e2e/test-utils/envtest_cluster_callback.go
+++ b/e2e/test-utils/envtest_cluster_callback.go
@@ -7,10 +7,12 @@ import (
 	admissionv1 "k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"net"
 	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+	"time"
 )
 
 type CallbackHandler func(request admission.Request)
@@ -19,10 +21,10 @@ type CallbackHandlerEntry struct {
 	Callback CallbackHandler
 }
 
-func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb CallbackHandler) http.Handler {
+func (k *EnvTestCluster) buildServeCallback() http.Handler {
 	wh := &webhook.Admission{
 		Handler: admission.HandlerFunc(func(ctx context.Context, request admission.Request) admission.Response {
-			k.serveCallback(gvr, request, cb)
+			k.handleWebhook(request)
 			return admission.Allowed("")
 		}),
 	}
@@ -32,18 +34,17 @@ func (k *EnvTestCluster) buildServeCallback(gvr schema.GroupVersionResource, cb
 	return wh
 }
 
-func (k *EnvTestCluster) serveCallback(gvr schema.GroupVersionResource, request admission.Request, cb CallbackHandler) {
-	if request.Resource.Group != gvr.Group || request.Resource.Version != gvr.Version || request.Resource.Resource != gvr.Resource {
-		return
-	}
-
-	cb(request)
-}
-
 func (k *EnvTestCluster) startCallbackServer() error {
-	k.callbackServer.Host = k.env.WebhookInstallOptions.LocalServingHost
-	k.callbackServer.Port = k.env.WebhookInstallOptions.LocalServingPort
-	k.callbackServer.CertDir = k.env.WebhookInstallOptions.LocalServingCertDir
+	k.callbackServer = webhook.NewServer(webhook.Options{
+		Host:    k.env.WebhookInstallOptions.LocalServingHost,
+		Port:    k.env.WebhookInstallOptions.LocalServingPort,
+		CertDir: k.env.WebhookInstallOptions.LocalServingCertDir,
+	})
+
+	for _, vwh := range k.env.WebhookInstallOptions.ValidatingWebhooks {
+		path := "/" + vwh.Name
+		k.callbackServer.Register(path, k.buildServeCallback())
+	}
 
 	ctx, cancel := context.WithCancel(context.Background())
 	k.callbackServerStop = cancel
@@ -52,6 +53,25 @@ func (k *EnvTestCluster) startCallbackServer() error {
 		_ = k.callbackServer.Start(ctx)
 	}()
 
+	tcpAddr, err := net.ResolveTCPAddr("tcp", net.JoinHostPort(k.env.WebhookInstallOptions.LocalServingHost, fmt.Sprintf("%d", k.env.WebhookInstallOptions.LocalServingPort)))
+	if err != nil {
+		return err
+	}
+
+	endTime := time.Now().Add(time.Second * 10)
+	for true {
+		if time.Now().After(endTime) {
+			return fmt.Errorf("timeout while waiting for webhook server")
+		}
+		c, err := net.DialTCP("tcp", nil, tcpAddr)
+		if err != nil {
+			time.Sleep(100 * time.Millisecond)
+			continue
+		}
+		_ = c.Close()
+		break
+	}
+
 	return nil
 }
 
@@ -71,7 +91,6 @@ func (k *EnvTestCluster) InitWebhookCallback(gvr schema.GroupVersionResource, is
 		group = "none"
 	}
 	name := fmt.Sprintf("%s-%s-%s-callback", group, gvr.Version, gvr.Resource)
-	path := "/" + name
 
 	k.env.WebhookInstallOptions.ValidatingWebhooks = append(k.env.WebhookInstallOptions.ValidatingWebhooks, &admissionv1.ValidatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
@@ -108,8 +127,6 @@ func (k *EnvTestCluster) InitWebhookCallback(gvr schema.GroupVersionResource, is
 			},
 		},
 	})
-
-	k.callbackServer.Register(path, k.buildServeCallback(gvr, k.handleWebhook))
 }
 
 func (k *EnvTestCluster) handleWebhook(request admission.Request) {
diff --git a/go.mod b/go.mod
index 5cdf9ca67..a815bcfcb 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	golang.org/x/text v0.9.0
 	helm.sh/helm/v3 v3.12.0
 	k8s.io/api v0.27.2
-	k8s.io/apiextensions-apiserver v0.27.1
+	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.27.2
 	k8s.io/client-go v0.27.2
 	k8s.io/klog/v2 v2.100.1
@@ -65,14 +65,11 @@ require (
 	github.com/otiai10/copy v1.11.0
 	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	sigs.k8s.io/controller-runtime v0.14.5
+	sigs.k8s.io/controller-runtime v0.15.0-beta.0
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
 )
 
-// TODO: when controller-runtime past v0.14.6 is released, remove this line
-replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22
-
 require (
 	cloud.google.com/go/compute v1.19.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
@@ -202,7 +199,7 @@ require (
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.15.1 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
@@ -244,9 +241,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.27.1 // indirect
+	k8s.io/apiserver v0.27.2 // indirect
 	k8s.io/cli-runtime v0.27.1 // indirect
-	k8s.io/component-base v0.27.1 // indirect
+	k8s.io/component-base v0.27.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	k8s.io/kubectl v0.27.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
diff --git a/go.sum b/go.sum
index 948d07f7c..40eb65340 100644
--- a/go.sum
+++ b/go.sum
@@ -303,7 +303,7 @@ github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A=
+github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
@@ -713,8 +713,8 @@ github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
@@ -1357,18 +1357,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo=
 k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4=
-k8s.io/apiextensions-apiserver v0.27.1 h1:Hp7B3KxKHBZ/FxmVFVpaDiXI6CCSr49P1OJjxKO6o4g=
-k8s.io/apiextensions-apiserver v0.27.1/go.mod h1:8jEvRDtKjVtWmdkhOqE84EcNWJt/uwF8PC4627UZghY=
+k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
+k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
 k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg=
 k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/apiserver v0.27.1 h1:phY+BtXjjzd+ta3a4kYbomC81azQSLa1K8jo9RBw7Lg=
-k8s.io/apiserver v0.27.1/go.mod h1:UGrOjLY2KsieA9Fw6lLiTObxTb8Z1xEba4uqSuMY0WU=
+k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
+k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
 k8s.io/cli-runtime v0.27.1 h1:MMzp5Q/Xmr5L1Lrowuc+Y/r95XINC6c6/fE3aN7JDRM=
 k8s.io/cli-runtime v0.27.1/go.mod h1:tEbTB1XP/nTH3wujsi52bw91gWpErtWiS15R6CwYsAI=
 k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE=
 k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ=
-k8s.io/component-base v0.27.1 h1:kEB8p8lzi4gCs5f2SPU242vOumHJ6EOsOnDM3tTuDTM=
-k8s.io/component-base v0.27.1/go.mod h1:UGEd8+gxE4YWoigz5/lb3af3Q24w98pDseXcXZjw+E0=
+k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
+k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
@@ -1383,8 +1383,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22 h1:KnAZ+ITT57UpjlUM9AsuuPzzF0OjZAhtSgEPeQUHRzg=
-sigs.k8s.io/controller-runtime v0.13.1-0.20230426175615-dca0be70fd22/go.mod h1:ujEX5tSkpg5cCOhcwDWLsXwNuMCO+j4rpmmkIn6BGGc=
+sigs.k8s.io/controller-runtime v0.15.0-beta.0 h1:pkhYMops8jZrVuI0kBHeF6q9UVu1JljIGGG4Ox5ZJmk=
+sigs.k8s.io/controller-runtime v0.15.0-beta.0/go.mod h1:YUTa+du31rqOu4mJaijiuhGFax9ecCJgO/v0/yW09gE=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI=

From 69f9ed1d67efcc4d89cff9fadf3eff51d4c08e57 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 22 May 2023 14:23:47 +0200
Subject: [PATCH 0969/2268] fix: Ignore AlreadyExists errors in
 ensureWriteNamespace

---
 pkg/results/result-store-secrets.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 7edb7a87d..206c3c2d0 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -132,7 +132,7 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 			},
 		}
 		err = s.client.Create(s.ctx, ns)
-		if err != nil {
+		if err != nil && !errors.IsAlreadyExists(err) {
 			return err
 		}
 	} else if err != nil {

From 40993d0ee3a6c5dc4ab3d941ad44e79e10044882 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 May 2023 15:40:45 +0200
Subject: [PATCH 0970/2268] refactor: Move GitUrl into types package

---
 cmd/kluctl/commands/utils.go                 |  9 ++++-----
 e2e/git_include_test.go                      |  8 ++++----
 pkg/git/auth/auth_provider.go                |  6 +++---
 pkg/git/auth/env_auth_provider.go            |  4 ++--
 pkg/git/auth/git_credentials_file.go         |  8 ++++----
 pkg/git/auth/list_auth_provider.go           |  4 ++--
 pkg/git/auth/ssh_auth_provider.go            | 12 ++++++------
 pkg/git/{git-url => }/giturls/LICENSE        |  0
 pkg/git/{git-url => }/giturls/urls.go        |  0
 pkg/git/{git-url => }/giturls/urls_test.go   |  0
 pkg/git/list_refs.go                         |  8 ++++----
 pkg/git/mirrored_repo.go                     | 10 +++++-----
 pkg/repocache/cache.go                       | 10 +++++-----
 pkg/types/git_project.go                     |  7 +++----
 pkg/{git/git-url/url.go => types/git_url.go} | 18 +++++++++++++-----
 pkg/types/result/command_result.go           | 11 +++++------
 pkg/types/vars_source.go                     |  7 +++----
 pkg/types/{url.go => yaml_url.go}            |  0
 pkg/vars/vars_loader_test.go                 |  7 +++----
 19 files changed, 66 insertions(+), 63 deletions(-)
 rename pkg/git/{git-url => }/giturls/LICENSE (100%)
 rename pkg/git/{git-url => }/giturls/urls.go (100%)
 rename pkg/git/{git-url => }/giturls/urls_test.go (100%)
 rename pkg/{git/git-url/url.go => types/git_url.go} (86%)
 rename pkg/types/{url.go => yaml_url.go} (100%)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 949db7a20..046f5609c 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -17,7 +17,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
@@ -332,10 +331,10 @@ func addGitInfo(r *result.CommandResult, ctx *commandCtx) error {
 		return err
 	}
 
-	var originUrl *git_url.GitUrl
+	var originUrl *types.GitUrl
 	for _, r := range remotes {
 		if r.Config().Name == "origin" {
-			originUrl, err = git_url.Parse(r.Config().URLs[0])
+			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
 			if err != nil {
 				return err
 			}
@@ -411,11 +410,11 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	u, err := git_url.Parse(sp[0])
+	u, err := types.ParseGitUrl(sp[0])
 	if err != nil {
 		// we need to prepend a dummy scheme to the repo key so that it is properly parsed
 		dummyUrl := fmt.Sprintf("git://%s", sp[0])
-		u, err = git_url.Parse(dummyUrl)
+		u, err = types.ParseGitUrl(dummyUrl)
 		if err != nil {
 			return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
 		}
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index fc24635e1..5330ff33f 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
@@ -88,8 +88,8 @@ func TestLocalGitOverride(t *testing.T) {
 	_ = cm.SetNestedField("o2", "data", "a")
 	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
 
-	u1, _ := git_url.Parse(ip1.GitUrl())
-	u2, _ := git_url.Parse(ip2.GitUrl())
+	u1, _ := types.ParseGitUrl(ip1.GitUrl())
+	u2, _ := types.ParseGitUrl(ip2.GitUrl())
 	k1 := u1.NormalizedRepoKey()
 	k2 := u2.NormalizedRepoKey()
 
@@ -129,7 +129,7 @@ func TestLocalGitGroupOverride(t *testing.T) {
 	_ = cm.SetNestedField("o2", "data", "a")
 	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
 
-	u1, _ := git_url.Parse(p.GitServer().GitUrl() + "/repos")
+	u1, _ := types.ParseGitUrl(p.GitServer().GitUrl() + "/repos")
 	k1 := u1.NormalizedRepoKey()
 
 	p.KluctlMust("deploy", "--yes", "-t", "test",
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index ab2607dba..8e9c3430b 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"golang.org/x/crypto/ssh"
 )
 
@@ -26,7 +26,7 @@ func (a *AuthMethodAndCA) SshClientConfig() (*ssh.ClientConfig, error) {
 }
 
 type GitAuthProvider interface {
-	BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA
+	BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA
 }
 
 type GitAuthProviders struct {
@@ -41,7 +41,7 @@ func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider, last bool) {
 	}
 }
 
-func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	for _, p := range a.authProviders {
 		auth := p.BuildAuth(ctx, gitUrl)
 		if auth.AuthMethod != nil {
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index d88c54e89..359aaa224 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -3,8 +3,8 @@ package auth
 import (
 	"context"
 	"fmt"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 )
@@ -15,7 +15,7 @@ type GitEnvAuthProvider struct {
 	Prefix string
 }
 
-func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	var la ListAuthProvider
 
 	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index cd9231154..58fff60c3 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -4,9 +4,9 @@ import (
 	"bufio"
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
-	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
+	"github.com/kluctl/kluctl/v2/pkg/git/giturls"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -16,7 +16,7 @@ type GitCredentialsFileAuthProvider struct {
 	MessageCallbacks messages.MessageCallbacks
 }
 
-func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	if gitUrl.Scheme != "http" && gitUrl.Scheme != "https" {
 		return AuthMethodAndCA{}
 	}
@@ -46,7 +46,7 @@ func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl g
 	return AuthMethodAndCA{}
 }
 
-func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl git_url.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl types.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
 	st, err := os.Stat(gitCredentialsPath)
 	if err != nil || st.Mode().IsDir() {
 		return nil
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 0e2d2b453..b69f0b2df 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
-	"github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	ssh2 "golang.org/x/crypto/ssh"
 	"strings"
 )
@@ -54,7 +54,7 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	a.MessageCallbacks.Trace("ListAuthProvider: BuildAuth for %s", gitUrl.String())
 	a.MessageCallbacks.Trace("ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
 	for _, e := range a.entries {
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 313e342ef..7793f5747 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -6,8 +6,8 @@ import (
 	"encoding/binary"
 	"fmt"
 	"github.com/kevinburke/ssh_config"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
@@ -56,7 +56,7 @@ func (a *sshDefaultIdentityAndAgent) Signers() ([]ssh.Signer, error) {
 	return a.signers, nil
 }
 
-func (a *sshDefaultIdentityAndAgent) addDefaultIdentities(gitUrl git_url.GitUrl) {
+func (a *sshDefaultIdentityAndAgent) addDefaultIdentities(gitUrl types.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add default identity")
 	u, err := user.Current()
 	if err != nil {
@@ -82,7 +82,7 @@ func (a *sshDefaultIdentityAndAgent) addDefaultIdentities(gitUrl git_url.GitUrl)
 	doAdd("id_dsa")
 }
 
-func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl) {
+func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl types.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add identities from ssh config")
 	for _, id := range ssh_config.GetAll(gitUrl.Hostname(), "IdentityFile") {
 		expanded := expandHomeDir(id)
@@ -97,7 +97,7 @@ func (a *sshDefaultIdentityAndAgent) addConfigIdentities(gitUrl git_url.GitUrl)
 	}
 }
 
-func (a *sshDefaultIdentityAndAgent) createAgent(gitUrl git_url.GitUrl) (agent.Agent, error) {
+func (a *sshDefaultIdentityAndAgent) createAgent(gitUrl types.GitUrl) (agent.Agent, error) {
 	if runtime.GOOS == "windows" {
 		a, _, err := sshagent.New()
 		return a, err
@@ -125,7 +125,7 @@ func (a *sshDefaultIdentityAndAgent) createAgent(gitUrl git_url.GitUrl) (agent.A
 	return agent.NewClient(conn), nil
 }
 
-func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
+func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl types.GitUrl) {
 	a.authProvider.MessageCallbacks.Trace("trying to add agent keys")
 	agent, err := a.createAgent(gitUrl)
 	if err != nil {
@@ -144,7 +144,7 @@ func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl git_url.GitUrl) {
 	}
 }
 
-func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl git_url.GitUrl) AuthMethodAndCA {
+func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	if !gitUrl.IsSsh() {
 		return AuthMethodAndCA{}
 	}
diff --git a/pkg/git/git-url/giturls/LICENSE b/pkg/git/giturls/LICENSE
similarity index 100%
rename from pkg/git/git-url/giturls/LICENSE
rename to pkg/git/giturls/LICENSE
diff --git a/pkg/git/git-url/giturls/urls.go b/pkg/git/giturls/urls.go
similarity index 100%
rename from pkg/git/git-url/giturls/urls.go
rename to pkg/git/giturls/urls.go
diff --git a/pkg/git/git-url/giturls/urls_test.go b/pkg/git/giturls/urls_test.go
similarity index 100%
rename from pkg/git/git-url/giturls/urls_test.go
rename to pkg/git/giturls/urls_test.go
diff --git a/pkg/git/list_refs.go b/pkg/git/list_refs.go
index 735234d6b..d5a199fc5 100644
--- a/pkg/git/list_refs.go
+++ b/pkg/git/list_refs.go
@@ -10,13 +10,13 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
 	"github.com/go-git/go-git/v5/storage/memory"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strconv"
 )
 
 // ListRemoteRefsFastSsh will reuse existing ssh connections from a pool
-func ListRemoteRefsFastSsh(ctx context.Context, url git_url.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+func ListRemoteRefsFastSsh(ctx context.Context, url types.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
 	var portInt int64 = 22
 	if url.Port() != "" {
 		var err error
@@ -75,7 +75,7 @@ func ListRemoteRefsFastSsh(ctx context.Context, url git_url.GitUrl, sshPool *ssh
 	return resultRefs, nil
 }
 
-func ListRemoteRefsSlow(ctx context.Context, url git_url.GitUrl, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+func ListRemoteRefsSlow(ctx context.Context, url types.GitUrl, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
 	storage := memory.NewStorage()
 	remote := git.NewRemote(storage, &config.RemoteConfig{
 		Name:  "origin",
@@ -93,7 +93,7 @@ func ListRemoteRefsSlow(ctx context.Context, url git_url.GitUrl, auth auth2.Auth
 	return remoteRefs, nil
 }
 
-func ListRemoteRefs(ctx context.Context, url git_url.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
+func ListRemoteRefs(ctx context.Context, url types.GitUrl, sshPool *ssh_pool.SshPool, auth auth2.AuthMethodAndCA) ([]*plumbing.Reference, error) {
 	if url.IsSsh() {
 		refs, err := ListRemoteRefsFastSsh(ctx, url, sshPool, auth)
 		if err == nil {
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 10e2e805c..b00becabb 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -10,9 +10,9 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
 	"path/filepath"
@@ -33,7 +33,7 @@ type MirroredGitRepo struct {
 	sshPool       *ssh_pool.SshPool
 	authProviders *auth2.GitAuthProviders
 
-	url       git_url.GitUrl
+	url       types.GitUrl
 	mirrorDir string
 
 	hasUpdated bool
@@ -44,7 +44,7 @@ type MirroredGitRepo struct {
 	mutex sync.Mutex
 }
 
-func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl, baseDir string, sshPool *ssh_pool.SshPool, authProviders *auth2.GitAuthProviders) (*MirroredGitRepo, error) {
+func NewMirroredGitRepo(ctx context.Context, u types.GitUrl, baseDir string, sshPool *ssh_pool.SshPool, authProviders *auth2.GitAuthProviders) (*MirroredGitRepo, error) {
 	mirrorRepoName := buildMirrorRepoName(u)
 	o := &MirroredGitRepo{
 		ctx:           ctx,
@@ -69,7 +69,7 @@ func NewMirroredGitRepo(ctx context.Context, u git_url.GitUrl, baseDir string, s
 	return o, nil
 }
 
-func (g *MirroredGitRepo) Url() git_url.GitUrl {
+func (g *MirroredGitRepo) Url() types.GitUrl {
 	return g.url
 }
 
@@ -389,7 +389,7 @@ func (g *MirroredGitRepo) GetGitTreeByCommit(commitHash string) (*object.Tree, e
 	return tree, nil
 }
 
-func buildMirrorRepoName(u git_url.GitUrl) string {
+func buildMirrorRepoName(u types.GitUrl) string {
 	h := sha256.New()
 	h.Write([]byte(u.String()))
 	h2 := hex.EncodeToString(h.Sum(nil))
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index b3ca0907f..a31d37938 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -3,6 +3,7 @@ package repocache
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"path"
 	"path/filepath"
@@ -12,7 +13,6 @@ import (
 
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -36,7 +36,7 @@ type GitRepoCache struct {
 
 type CacheEntry struct {
 	rp         *GitRepoCache
-	url        git_url.GitUrl
+	url        types.GitUrl
 	mr         *git.MirroredGitRepo
 	defaultRef string
 	refs       map[string]string
@@ -47,13 +47,13 @@ type CacheEntry struct {
 }
 
 type RepoInfo struct {
-	Url        git_url.GitUrl    `json:"url"`
+	Url        types.GitUrl      `json:"url"`
 	RemoteRefs map[string]string `json:"remoteRefs"`
 	DefaultRef string            `json:"defaultRef"`
 }
 
 type RepoOverride struct {
-	RepoUrl  git_url.GitUrl
+	RepoUrl  types.GitUrl
 	Ref      string
 	Override string
 	IsGroup  bool
@@ -85,7 +85,7 @@ func (rp *GitRepoCache) Clear() {
 	rp.cleanupDirs = nil
 }
 
-func (rp *GitRepoCache) GetEntry(url git_url.GitUrl) (*CacheEntry, error) {
+func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 	rp.reposMutex.Lock()
 	defer rp.reposMutex.Unlock()
 
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index e43997353..32a785541 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 
 	"github.com/go-playground/validator/v10"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
@@ -15,9 +14,9 @@ import (
 var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
 
 type GitProject struct {
-	Url    git_url.GitUrl `json:"url" validate:"required"`
-	Ref    string         `json:"ref,omitempty"`
-	SubDir string         `json:"subDir,omitempty"`
+	Url    GitUrl `json:"url" validate:"required"`
+	Ref    string `json:"ref,omitempty"`
+	SubDir string `json:"subDir,omitempty"`
 }
 
 func (gp *GitProject) UnmarshalJSON(b []byte) error {
diff --git a/pkg/git/git-url/url.go b/pkg/types/git_url.go
similarity index 86%
rename from pkg/git/git-url/url.go
rename to pkg/types/git_url.go
index 57f5cfa0f..f7fa8c6a7 100644
--- a/pkg/git/git-url/url.go
+++ b/pkg/types/git_url.go
@@ -1,18 +1,18 @@
-package git_url
+package types
 
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/git-url/giturls"
+	"github.com/kluctl/kluctl/v2/pkg/git/giturls"
 	"net/url"
 	"strings"
 )
 
 type GitUrl struct {
-	url.URL
+	url.URL `json:"-"`
 }
 
-func Parse(u string) (*GitUrl, error) {
+func ParseGitUrl(u string) (*GitUrl, error) {
 	u2, err := giturls.Parse(u)
 	if err != nil {
 		return nil, err
@@ -20,13 +20,21 @@ func Parse(u string) (*GitUrl, error) {
 	return &GitUrl{*u2}, nil
 }
 
+func ParseGitUrlMust(u string) *GitUrl {
+	u2, err := ParseGitUrl(u)
+	if err != nil {
+		panic(err)
+	}
+	return u2
+}
+
 func (u *GitUrl) UnmarshalJSON(b []byte) error {
 	var s string
 	err := json.Unmarshal(b, &s)
 	if err != nil {
 		return err
 	}
-	u2, err := Parse(s)
+	u2, err := ParseGitUrl(s)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 06cee1183..4d2ec8dcb 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -1,7 +1,6 @@
 package result
 
 import (
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -97,11 +96,11 @@ type CommandInfo struct {
 }
 
 type GitInfo struct {
-	Url    *git_url.GitUrl `json:"url"`
-	Ref    string          `json:"ref"`
-	SubDir string          `json:"subDir"`
-	Commit string          `json:"commit"`
-	Dirty  bool            `json:"dirty"`
+	Url    *types.GitUrl `json:"url"`
+	Ref    string        `json:"ref"`
+	SubDir string        `json:"subDir"`
+	Commit string        `json:"commit"`
+	Dirty  bool          `json:"dirty"`
 }
 
 type ClusterInfo struct {
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 6e09d549c..7eacffe4e 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -2,16 +2,15 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"reflect"
 )
 
 type VarsSourceGit struct {
-	Url  git_url.GitUrl `json:"url" validate:"required"`
-	Ref  string         `json:"ref,omitempty"`
-	Path string         `json:"path" validate:"required"`
+	Url  GitUrl `json:"url" validate:"required"`
+	Ref  string `json:"ref,omitempty"`
+	Path string `json:"path" validate:"required"`
 }
 
 type VarsSourceClusterConfigMapOrSecret struct {
diff --git a/pkg/types/url.go b/pkg/types/yaml_url.go
similarity index 100%
rename from pkg/types/url.go
rename to pkg/types/yaml_url.go
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index b119e5278..205a68c2c 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -16,7 +16,6 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	git_url "github.com/kluctl/kluctl/v2/pkg/git/git-url"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -223,7 +222,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	}, "")
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err := vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
@@ -237,7 +236,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		b := true
 		err := vl.LoadVars(vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -274,7 +273,7 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 	assert.NoError(t, err)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		url, _ := git_url.Parse(gs.GitRepoUrl("repo"))
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,

From 6f4ecf337a79d11b0fea532ff8cc917ddd8c5787 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 May 2023 16:28:30 +0200
Subject: [PATCH 0971/2268] refactor: Pass targetCtx to command objects

---
 cmd/kluctl/commands/cmd_delete.go      |  8 ++---
 cmd/kluctl/commands/cmd_deploy.go      |  4 +--
 cmd/kluctl/commands/cmd_diff.go        |  4 +--
 cmd/kluctl/commands/cmd_poke_images.go |  4 +--
 cmd/kluctl/commands/cmd_prune.go       |  4 +--
 pkg/deployment/commands/delete.go      | 32 ++++++++---------
 pkg/deployment/commands/deploy.go      | 48 ++++++++++++--------------
 pkg/deployment/commands/diff.go        | 34 ++++++++----------
 pkg/deployment/commands/poke_images.go | 32 ++++++++---------
 pkg/deployment/commands/prune.go       | 20 +++++------
 pkg/kluctl_project/target_context.go   |  2 +-
 11 files changed, 89 insertions(+), 103 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 70d455375..28aafcd2d 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -48,13 +48,9 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		discriminator := cmdCtx.targetCtx.Target.Discriminator
-		if cmd.Discriminator != "" {
-			discriminator = cmd.Discriminator
-		}
-		cmd2 := commands.NewDeleteCommand(discriminator, cmdCtx.targetCtx.DeploymentCollection, cmdCtx.targetCtx.DeploymentCollection.Inclusion)
+		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx)
 
-		result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
+		result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 7b70de7a2..da8f92439 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -59,7 +59,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
 	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
 
-	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
+	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx)
 	cmd2.ForceApply = cmd.ForceApply
 	cmd2.ReplaceOnError = cmd.ReplaceOnError
 	cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
@@ -74,7 +74,7 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 		cb = nil
 	}
 
-	result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, cb)
+	result, err := cmd2.Run(cb)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 91be42dfa..429d61b39 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -41,14 +41,14 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 	}
 	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx)
 		cmd2.ForceApply = cmd.ForceApply
 		cmd2.ReplaceOnError = cmd.ReplaceOnError
 		cmd2.ForceReplaceOnError = cmd.ForceReplaceOnError
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K)
+		result, err := cmd2.Run()
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 571b501cd..4d3f2a982 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -49,9 +49,9 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 			}
 		}
 
-		cmd2 := commands.NewPokeImagesCommand(cmdCtx.targetCtx.DeploymentCollection)
+		cmd2 := commands.NewPokeImagesCommand(cmdCtx.targetCtx)
 
-		result, err := cmd2.Run(ctx, cmdCtx.targetCtx.SharedContext.K)
+		result, err := cmd2.Run()
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 3fe34a470..43b785ed1 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -50,8 +50,8 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 }
 
 func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error {
-	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection)
-	result, err := cmd2.Run(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
+	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx)
+	result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
 		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
 	})
 	if err != nil {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index e87cffa50..349028e96 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -1,44 +1,44 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/google/uuid"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 type DeleteCommand struct {
-	c             *deployment.DeploymentCollection
 	discriminator string
-	inclusion     *utils.Inclusion
+	targetCtx     *kluctl_project.TargetContext
 }
 
-func NewDeleteCommand(discriminator string, c *deployment.DeploymentCollection, inclusion *utils.Inclusion) *DeleteCommand {
+func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext) *DeleteCommand {
 	return &DeleteCommand{
 		discriminator: discriminator,
-		c:             c,
-		inclusion:     inclusion,
+		targetCtx:     targetCtx,
 	}
 }
 
-func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
-	if cmd.discriminator == "" {
+func (cmd *DeleteCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
+	discriminator := cmd.targetCtx.Target.Discriminator
+	if cmd.discriminator != "" {
+		discriminator = cmd.discriminator
+	}
+
+	if discriminator == "" {
 		return nil, fmt.Errorf("deletion without a discriminator is not supported")
 	}
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, nil, false)
+	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
 
-	deleteRefs, err := utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(cmd.inclusion), cmd.inclusion.HasType("tags"), nil)
+	deleteRefs, err := utils2.FindObjectsForDelete(cmd.targetCtx.SharedContext.K, ru.GetFilteredRemoteObjects(cmd.targetCtx.DeploymentCollection.Inclusion), cmd.targetCtx.DeploymentCollection.Inclusion.HasType("tags"), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -50,14 +50,14 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
+	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, true)
 	if err != nil {
 		return nil, err
 	}
 
 	return &result.CommandResult{
 		Id:       uuid.New().String(),
-		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
+		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
 		Errors:   dew.GetErrorsList(),
 		Warnings: dew.GetWarningsList(),
 	}, nil
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index ec814632c..291d05464 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -1,12 +1,10 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/google/uuid"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -14,8 +12,7 @@ import (
 )
 
 type DeployCommand struct {
-	c             *deployment.DeploymentCollection
-	discriminator string
+	targetCtx *kluctl_project.TargetContext
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -25,23 +22,22 @@ type DeployCommand struct {
 	NoWait              bool
 }
 
-func NewDeployCommand(discriminator string, c *deployment.DeploymentCollection) *DeployCommand {
+func NewDeployCommand(targetCtx *kluctl_project.TargetContext) *DeployCommand {
 	return &DeployCommand{
-		discriminator: discriminator,
-		c:             c,
+		targetCtx: targetCtx,
 	}
 }
 
-func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResultCb func(diffResult *result.CommandResult) error) (*result.CommandResult, error) {
+func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult) error) (*result.CommandResult, error) {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	if cmd.discriminator == "" {
-		status.Warning(ctx, "No discriminator configured. Orphan object detection will not work")
+	if cmd.targetCtx.Target.Discriminator == "" {
+		status.Warning(cmd.targetCtx.SharedContext.Ctx, "No discriminator configured. Orphan object detection will not work")
 		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
 	}
 
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), false)
+	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.targetCtx.Target.Discriminator, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
@@ -58,19 +54,19 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	}
 
 	if diffResultCb != nil {
-		au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
-		au.ApplyDeployments(cmd.c.Deployments)
+		au := utils2.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, o)
+		au.ApplyDeployments(cmd.targetCtx.DeploymentCollection.Deployments)
 
 		du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
-		du.DiffDeploymentItems(cmd.c.Deployments)
+		du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
-		orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
+		orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 		diffResult := &result.CommandResult{
 			Id:         uuid.New().String(),
-			Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+			Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 			Errors:     dew.GetErrorsList(),
 			Warnings:   dew.GetWarningsList(),
-			SeenImages: cmd.c.Images.SeenImages(false),
+			SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 		}
 
 		err = diffResultCb(diffResult)
@@ -83,24 +79,24 @@ func (cmd *DeployCommand) Run(ctx context.Context, k *k8s.K8sCluster, diffResult
 	dew.Init()
 
 	// modify options to become a deploy
-	o.DryRun = k.DryRun
+	o.DryRun = cmd.targetCtx.SharedContext.K.DryRun
 	o.AbortOnError = cmd.AbortOnError
 
-	au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
-	au.ApplyDeployments(cmd.c.Deployments)
+	au := utils2.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, o)
+	au.ApplyDeployments(cmd.targetCtx.DeploymentCollection.Deployments)
 
 	du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
-	du.DiffDeploymentItems(cmd.c.Deployments)
+	du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
-	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
+	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
 		return nil, err
 	}
 	return &result.CommandResult{
 		Id:         uuid.New().String(),
-		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.c.Images.SeenImages(false),
+		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index dd4a4ecd3..7ce43d317 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -1,20 +1,17 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/google/uuid"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type DiffCommand struct {
-	c             *deployment.DeploymentCollection
-	discriminator string
+	targetCtx *kluctl_project.TargetContext
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -24,23 +21,22 @@ type DiffCommand struct {
 	IgnoreAnnotations   bool
 }
 
-func NewDiffCommand(discriminator string, c *deployment.DeploymentCollection) *DiffCommand {
+func NewDiffCommand(targetCtx *kluctl_project.TargetContext) *DiffCommand {
 	return &DiffCommand{
-		discriminator: discriminator,
-		c:             c,
+		targetCtx: targetCtx,
 	}
 }
 
-func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.CommandResult, error) {
+func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
-	if cmd.discriminator == "" {
-		status.Warning(ctx, "No discriminator configured. Orphan object detection will not work")
+	if cmd.targetCtx.Target.Discriminator == "" {
+		status.Warning(cmd.targetCtx.SharedContext.Ctx, "No discriminator configured. Orphan object detection will not work")
 		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
 	}
 
-	ru := utils.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, cmd.c.LocalObjectRefs(), false)
+	ru := utils.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.targetCtx.Target.Discriminator, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
@@ -53,24 +49,24 @@ func (cmd *DiffCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.Com
 		AbortOnError:        false,
 		ReadinessTimeout:    0,
 	}
-	au := utils.NewApplyDeploymentsUtil(ctx, dew, ru, k, o)
-	au.ApplyDeployments(cmd.c.Deployments)
+	au := utils.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, o)
+	au.ApplyDeployments(cmd.targetCtx.DeploymentCollection.Deployments)
 
 	du := utils.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
 	du.IgnoreTags = cmd.IgnoreTags
 	du.IgnoreLabels = cmd.IgnoreLabels
 	du.IgnoreAnnotations = cmd.IgnoreAnnotations
-	du.DiffDeploymentItems(cmd.c.Deployments)
+	du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
-	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
+	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
 		return nil, err
 	}
 	return &result.CommandResult{
 		Id:         uuid.New().String(),
-		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.c.Images.SeenImages(false),
+		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 7144f2c2f..994b1bca1 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -1,12 +1,10 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/google/uuid"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -15,35 +13,35 @@ import (
 )
 
 type PokeImagesCommand struct {
-	c *deployment.DeploymentCollection
+	targetCtx *kluctl_project.TargetContext
 }
 
-func NewPokeImagesCommand(c *deployment.DeploymentCollection) *PokeImagesCommand {
+func NewPokeImagesCommand(targetCtx *kluctl_project.TargetContext) *PokeImagesCommand {
 	return &PokeImagesCommand{
-		c: c,
+		targetCtx: targetCtx,
 	}
 }
 
-func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.CommandResult, error) {
+func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
 	var wg sync.WaitGroup
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, nil, cmd.c.LocalObjectRefs(), false)
+	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, nil, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
 		return nil, err
 	}
 
 	allObjects := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
-	for _, d := range cmd.c.Deployments {
+	for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
 		for _, o := range d.Objects {
 			allObjects[o.GetK8sRef()] = o
 		}
 	}
 
 	containersAndImages := make(map[k8s2.ObjectRef][]types.FixedImage)
-	for _, fi := range cmd.c.Images.SeenImages(false) {
+	for _, fi := range cmd.targetCtx.DeploymentCollection.Images.SeenImages(false) {
 		_, ok := allObjects[*fi.Object]
 		if !ok {
 			dew.AddError(*fi.Object, fmt.Errorf("object not found while trying to associate image with deployed object"))
@@ -72,7 +70,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 		return o, nil
 	}
 
-	au := utils2.NewApplyDeploymentsUtil(ctx, dew, ru, k, &utils2.ApplyUtilOptions{})
+	au := utils2.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
 
 	for ref, containers := range containersAndImages {
 		ref := ref
@@ -80,7 +78,7 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			au := au.NewApplyUtil(ctx, nil)
+			au := au.NewApplyUtil(cmd.targetCtx.SharedContext.Ctx, nil)
 			remote := ru.GetRemoteObject(ref)
 			if remote == nil {
 				dew.AddWarning(ref, fmt.Errorf("remote object not found, skipped image replacement"))
@@ -94,18 +92,18 @@ func (cmd *PokeImagesCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*resu
 	wg.Wait()
 
 	du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
-	du.DiffDeploymentItems(cmd.c.Deployments)
+	du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
-	orphanObjects, err := FindOrphanObjects(k, ru, cmd.c)
+	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
 		return nil, err
 	}
 
 	return &result.CommandResult{
 		Id:         uuid.New().String(),
-		Objects:    collectObjects(cmd.c, ru, au, du, orphanObjects, nil),
+		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.c.Images.SeenImages(false),
+		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 	}, nil
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index e989b120c..595582298 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -1,42 +1,42 @@
 package commands
 
 import (
-	"context"
 	"fmt"
 	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type PruneCommand struct {
 	discriminator string
-	c             *deployment.DeploymentCollection
+	targetCtx     *kluctl_project.TargetContext
 }
 
-func NewPruneCommand(discriminator string, c *deployment.DeploymentCollection) *PruneCommand {
+func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetContext) *PruneCommand {
 	return &PruneCommand{
 		discriminator: discriminator,
-		c:             c,
+		targetCtx:     targetCtx,
 	}
 }
 
-func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
+func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
 	if cmd.discriminator == "" {
 		return nil, fmt.Errorf("pruning without a discriminator is not supported")
 	}
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
-	err := ru.UpdateRemoteObjects(k, &cmd.discriminator, nil, false)
+	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
 
-	deleteRefs, err := FindOrphanObjects(k, ru, cmd.c)
+	deleteRefs, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
 		return nil, err
 	}
@@ -48,14 +48,14 @@ func (cmd *PruneCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb f
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
+	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, true)
 	if err != nil {
 		return nil, err
 	}
 
 	return &result.CommandResult{
 		Id:       uuid.New().String(),
-		Objects:  collectObjects(cmd.c, ru, nil, nil, nil, deleted),
+		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
 		Warnings: dew.GetWarningsList(),
 	}, nil
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index c431fc0e0..453bfa022 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -21,7 +21,7 @@ type TargetContext struct {
 	SharedContext deployment.SharedContext
 
 	KluctlProject        *LoadedKluctlProject
-	Target               *types.Target
+	Target               types.Target
 	ClusterContext       string
 	DeploymentProject    *deployment.DeploymentProject
 	DeploymentCollection *deployment.DeploymentCollection

From 229bc58bde2dc9d84bbec1f81721d92a61901458 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 May 2023 17:04:16 +0200
Subject: [PATCH 0972/2268] refactor: Move command info gathering into command
 objects

---
 cmd/kluctl/commands/cmd_delete.go       |   6 -
 cmd/kluctl/commands/cmd_deploy.go       |  10 +-
 cmd/kluctl/commands/cmd_diff.go         |   6 -
 cmd/kluctl/commands/cmd_poke_images.go  |   6 -
 cmd/kluctl/commands/cmd_prune.go        |  10 +-
 cmd/kluctl/commands/cmd_validate.go     |   4 +-
 cmd/kluctl/commands/command_result.go   |   2 +
 cmd/kluctl/commands/utils.go            | 164 +-----------------------
 pkg/deployment/commands/delete.go       |   9 +-
 pkg/deployment/commands/deploy.go       |  14 +-
 pkg/deployment/commands/diff.go         |  12 +-
 pkg/deployment/commands/poke_images.go  |   9 +-
 pkg/deployment/commands/prune.go        |  17 ++-
 pkg/deployment/commands/result_utils.go | 134 +++++++++++++++++++
 pkg/deployment/commands/validate.go     |   2 +-
 pkg/deployment/images.go                |  10 ++
 pkg/kluctl_project/load.go              |   2 +
 pkg/kluctl_project/project.go           |   2 +
 pkg/kluctl_project/target_context.go    |   5 +-
 pkg/results/result-store-secrets.go     |  14 +-
 pkg/types/result/command_result.go      |   7 +-
 pkg/types/result/summary.go             |   4 +-
 pkg/utils/inclusion.go                  |  26 ++++
 23 files changed, 253 insertions(+), 222 deletions(-)
 create mode 100644 pkg/deployment/commands/result_utils.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 28aafcd2d..f485c134c 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"time"
 )
 
 type deleteCmd struct {
@@ -46,7 +45,6 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
-	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx)
 
@@ -56,10 +54,6 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, startTime, "delete", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
-		if err != nil {
-			return err
-		}
 		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index da8f92439..e292dc27d 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"time"
 )
 
 type deployCmd struct {
@@ -49,13 +48,12 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
-	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdDeploy(cmdCtx, startTime)
+		return cmd.runCmdDeploy(cmdCtx)
 	})
 }
 
-func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) error {
+func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
 	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
 
@@ -78,10 +76,6 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx, startTime time.Time) erro
 	if err != nil {
 		return err
 	}
-	err = addCommandInfo(result, startTime, "deploy", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, &cmd.AbortOnErrorFlags, cmd.NoWait)
-	if err != nil {
-		return err
-	}
 	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 429d61b39..c0801e80c 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"time"
 )
 
 type diffCmd struct {
@@ -39,7 +38,6 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
-	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx)
 		cmd2.ForceApply = cmd.ForceApply
@@ -52,10 +50,6 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, startTime, "diff", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, nil, &cmd.ForceApplyFlags, &cmd.ReplaceOnErrorFlags, nil, false)
-		if err != nil {
-			return err
-		}
 		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 4d3f2a982..35df34c91 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"time"
 )
 
 type pokeImagesCmd struct {
@@ -41,7 +40,6 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
-	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
 			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", cmdCtx.targetCtx.ClusterContext)) {
@@ -55,10 +53,6 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		err = addCommandInfo(result, startTime, "poke-images", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
-		if err != nil {
-			return err
-		}
 		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 43b785ed1..9e3eea413 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"time"
 )
 
 type pruneCmd struct {
@@ -43,13 +42,12 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
-	startTime := time.Now()
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdPrune(cmdCtx, startTime)
+		return cmd.runCmdPrune(cmdCtx)
 	})
 }
 
-func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error {
+func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx)
 	result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
 		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
@@ -57,10 +55,6 @@ func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx, startTime time.Time) error
 	if err != nil {
 		return err
 	}
-	err = addCommandInfo(result, startTime, "prune", cmdCtx, &cmd.TargetFlags, &cmd.ImageFlags, &cmd.InclusionFlags, &cmd.DryRunFlags, nil, nil, nil, false)
-	if err != nil {
-		return err
-	}
 	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 03471c507..80387c674 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -54,8 +54,8 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 		var k8sContext *string
 		if cmd.Context != "" {
 			k8sContext = &cmd.Context
-		} else if commandResult.Command.Target != nil {
-			k8sContext = commandResult.Command.Target.Context
+		} else if commandResult.Target.Context != nil {
+			k8sContext = commandResult.Target.Context
 		}
 		clientFactory, err := k8s2.NewClientFactoryFromDefaultConfig(ctx, k8sContext)
 		if err != nil {
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 25e4a9e5e..a08e79722 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -240,6 +240,8 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
 	status.Flush(ctx.ctx)
 
+	cr.Command.Initiator = result.CommandInititiator_CommandLine
+
 	if !flags.NoObfuscate {
 		var obfuscator diff.Obfuscator
 		err := obfuscator.ObfuscateResult(cr)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 046f5609c..cd2e6a923 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,16 +3,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	git2 "github.com/go-git/go-git/v5"
-	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
@@ -22,12 +12,16 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
+	"os"
+	"strings"
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
@@ -225,156 +219,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
-func addCommandInfo(r *result.CommandResult, startTime time.Time, command string, ctx *commandCtx, targetFlags *args.TargetFlags,
-	imageFlags *args.ImageFlags, inclusionFlags *args.InclusionFlags,
-	dryRunFlags *args.DryRunFlags, forceApplyFlags *args.ForceApplyFlags, replaceOnErrorFlags *args.ReplaceOnErrorFlags, abortOnErrorFlags *args.AbortOnErrorFlags, noWait bool) error {
-	r.Command = result.CommandInfo{
-		Initiator: result.CommandInititiator_CommandLine,
-		StartTime: types.FromTime(startTime),
-		EndTime:   types.FromTime(time.Now()),
-		Command:   command,
-		Target:    ctx.targetCtx.Target,
-		Args:      ctx.targetCtx.KluctlProject.LoadArgs.ExternalArgs,
-		NoWait:    noWait,
-	}
-	if targetFlags != nil {
-		r.Command.TargetNameOverride = targetFlags.TargetNameOverride
-		r.Command.ContextOverride = targetFlags.Context
-	}
-	if imageFlags != nil {
-		var err error
-		r.Command.Images, err = imageFlags.LoadFixedImagesFromArgs()
-		if err != nil {
-			return err
-		}
-	}
-	if inclusionFlags != nil {
-		r.Command.IncludeTags = inclusionFlags.IncludeTag
-		r.Command.ExcludeTags = inclusionFlags.ExcludeTag
-		r.Command.IncludeDeploymentDirs = inclusionFlags.IncludeDeploymentDir
-		r.Command.ExcludeDeploymentDirs = inclusionFlags.ExcludeDeploymentDir
-	}
-	if dryRunFlags != nil {
-		r.Command.DryRun = dryRunFlags.DryRun
-	}
-	if forceApplyFlags != nil {
-		r.Command.ForceApply = forceApplyFlags.ForceApply
-	}
-	if replaceOnErrorFlags != nil {
-		r.Command.ReplaceOnError = replaceOnErrorFlags.ReplaceOnError
-		r.Command.ForceReplaceOnError = replaceOnErrorFlags.ForceReplaceOnError
-	}
-	if abortOnErrorFlags != nil {
-		r.Command.AbortOnError = abortOnErrorFlags.AbortOnError
-	}
-	r.Deployment = &ctx.targetCtx.DeploymentProject.Config
-
-	err := addGitInfo(r, ctx)
-	if err != nil {
-		return err
-	}
-
-	err = addClusterInfo(r, ctx)
-	if err != nil {
-		return err
-	}
-
-	if ctx.targetCtx.Target != nil {
-		r.Target.TargetName = ctx.targetCtx.Target.Name
-		r.Target.Discriminator = ctx.targetCtx.Target.Discriminator
-	}
-	r.Target.ClusterId = r.ClusterInfo.ClusterId
-
-	return nil
-}
-
-func addGitInfo(r *result.CommandResult, ctx *commandCtx) error {
-	if ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
-		return nil
-	}
-
-	projectDirAbs, err := filepath.Abs(ctx.targetCtx.KluctlProject.LoadArgs.ProjectDir)
-	if err != nil {
-		return err
-	}
-
-	subDir, err := filepath.Rel(ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot, projectDirAbs)
-	if err != nil {
-		return err
-	}
-	if subDir == "." {
-		subDir = ""
-	}
-
-	g, err := git2.PlainOpen(ctx.targetCtx.KluctlProject.LoadArgs.RepoRoot)
-	if err != nil {
-		return err
-	}
-
-	w, err := g.Worktree()
-	if err != nil {
-		return err
-	}
-
-	s, err := w.Status()
-	if err != nil {
-		return err
-	}
-
-	head, err := g.Head()
-	if err != nil {
-		return err
-	}
-
-	remotes, err := g.Remotes()
-	if err != nil {
-		return err
-	}
-
-	var originUrl *types.GitUrl
-	for _, r := range remotes {
-		if r.Config().Name == "origin" {
-			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	var normaliedUrl string
-	if originUrl != nil {
-		normaliedUrl = originUrl.NormalizedRepoKey()
-	}
-
-	r.GitInfo = &result.GitInfo{
-		Url:    originUrl,
-		Ref:    head.Name().String(),
-		SubDir: subDir,
-		Commit: head.Hash().String(),
-		Dirty:  !s.IsClean(),
-	}
-	r.Project.NormalizedGitUrl = normaliedUrl
-	r.Project.SubDir = subDir
-	return nil
-}
-
-func addClusterInfo(r *result.CommandResult, ctx *commandCtx) error {
-	kubeSystemNs, _, err := ctx.targetCtx.SharedContext.K.GetSingleObject(
-		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
-	if err != nil {
-		return err
-	}
-	// we reuse the kube-system namespace uid as global cluster id
-	clusterId := kubeSystemNs.GetK8sUid()
-	if clusterId == "" {
-		return fmt.Errorf("kube-system namespace has no uid")
-	}
-	r.ClusterInfo = result.ClusterInfo{
-		ClusterId: clusterId,
-	}
-	return nil
-}
-
 func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 349028e96..ffd08dae1 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -55,10 +55,15 @@ func (cmd *DeleteCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*res
 		return nil, err
 	}
 
-	return &result.CommandResult{
+	r := &result.CommandResult{
 		Id:       uuid.New().String(),
 		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
 		Errors:   dew.GetErrorsList(),
 		Warnings: dew.GetWarningsList(),
-	}, nil
+	}
+	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "delete")
+	if err != nil {
+		return r, err
+	}
+	return r, nil
 }
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 291d05464..f2fd0a5b7 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -92,11 +92,21 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	if err != nil {
 		return nil, err
 	}
-	return &result.CommandResult{
+	r := &result.CommandResult{
 		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
 		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}, nil
+	}
+	r.Command.ForceApply = cmd.ForceApply
+	r.Command.ReplaceOnError = cmd.ReplaceOnError
+	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
+	r.Command.AbortOnError = cmd.AbortOnError
+	r.Command.NoWait = cmd.NoWait
+	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "deploy")
+	if err != nil {
+		return r, err
+	}
+	return r, nil
 }
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 7ce43d317..188937786 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -62,11 +62,19 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &result.CommandResult{
+	r := &result.CommandResult{
 		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
 		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}, nil
+	}
+	r.Command.ForceApply = cmd.ForceApply
+	r.Command.ReplaceOnError = cmd.ReplaceOnError
+	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
+	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "diff")
+	if err != nil {
+		return r, err
+	}
+	return r, nil
 }
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 994b1bca1..5197687b3 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -99,11 +99,16 @@ func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
 		return nil, err
 	}
 
-	return &result.CommandResult{
+	r := &result.CommandResult{
 		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
 		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}, nil
+	}
+	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "deploy")
+	if err != nil {
+		return r, err
+	}
+	return r, nil
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 595582298..1c3bed093 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -24,14 +24,18 @@ func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetConte
 }
 
 func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
-	if cmd.discriminator == "" {
+	discriminator := cmd.discriminator
+	if discriminator == "" && cmd.targetCtx != nil {
+		discriminator = cmd.targetCtx.Target.Discriminator
+	}
+	if discriminator == "" {
 		return nil, fmt.Errorf("pruning without a discriminator is not supported")
 	}
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
 	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
-	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.discriminator, nil, false)
+	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
@@ -53,11 +57,16 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 		return nil, err
 	}
 
-	return &result.CommandResult{
+	r := &result.CommandResult{
 		Id:       uuid.New().String(),
 		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
 		Warnings: dew.GetWarningsList(),
-	}, nil
+	}
+	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "prune")
+	if err != nil {
+		return r, err
+	}
+	return r, nil
 }
 
 func FindOrphanObjects(k *k8s.K8sCluster, ru *utils2.RemoteObjectUtils, c *deployment.DeploymentCollection) ([]k8s2.ObjectRef, error) {
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
new file mode 100644
index 000000000..dba10686f
--- /dev/null
+++ b/pkg/deployment/commands/result_utils.go
@@ -0,0 +1,134 @@
+package commands
+
+import (
+	"fmt"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"path/filepath"
+	"time"
+)
+
+func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *result.CommandResult, command string) error {
+	r.Target = targetCtx.Target
+	r.Command = result.CommandInfo{
+		StartTime: types.FromTime(targetCtx.KluctlProject.LoadTime),
+		EndTime:   types.FromTime(time.Now()),
+		Command:   command,
+		Args:      targetCtx.KluctlProject.LoadArgs.ExternalArgs,
+	}
+	r.Command.TargetNameOverride = targetCtx.Params.TargetNameOverride
+	r.Command.ContextOverride = targetCtx.Params.ContextOverride
+	r.Command.Images = targetCtx.Params.Images.FixedImages()
+	r.Command.IncludeTags = targetCtx.Params.Inclusion.GetIncludes("tags")
+	r.Command.ExcludeTags = targetCtx.Params.Inclusion.GetExcludes("tags")
+	r.Command.IncludeDeploymentDirs = targetCtx.Params.Inclusion.GetIncludes("deploymentItemDir")
+	r.Command.ExcludeDeploymentDirs = targetCtx.Params.Inclusion.GetExcludes("deploymentItemDir")
+	r.Command.DryRun = targetCtx.Params.DryRun
+
+	r.Deployment = &targetCtx.DeploymentProject.Config
+
+	err := addGitInfo(targetCtx, r)
+	if err != nil {
+		return err
+	}
+
+	err = addClusterInfo(targetCtx, r)
+	if err != nil {
+		return err
+	}
+
+	r.TargetKey.TargetName = targetCtx.Target.Name
+	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
+	r.TargetKey.ClusterId = r.ClusterInfo.ClusterId
+	return nil
+}
+
+func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult) error {
+	if targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
+		return nil
+	}
+
+	projectDirAbs, err := filepath.Abs(targetCtx.KluctlProject.LoadArgs.ProjectDir)
+	if err != nil {
+		return err
+	}
+
+	subDir, err := filepath.Rel(targetCtx.KluctlProject.LoadArgs.RepoRoot, projectDirAbs)
+	if err != nil {
+		return err
+	}
+	if subDir == "." {
+		subDir = ""
+	}
+
+	g, err := git2.PlainOpen(targetCtx.KluctlProject.LoadArgs.RepoRoot)
+	if err != nil {
+		return err
+	}
+
+	w, err := g.Worktree()
+	if err != nil {
+		return err
+	}
+
+	s, err := w.Status()
+	if err != nil {
+		return err
+	}
+
+	head, err := g.Head()
+	if err != nil {
+		return err
+	}
+
+	remotes, err := g.Remotes()
+	if err != nil {
+		return err
+	}
+
+	var originUrl *types.GitUrl
+	for _, r := range remotes {
+		if r.Config().Name == "origin" {
+			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var normaliedUrl string
+	if originUrl != nil {
+		normaliedUrl = originUrl.NormalizedRepoKey()
+	}
+
+	r.GitInfo = &result.GitInfo{
+		Url:    originUrl,
+		Ref:    head.Name().String(),
+		SubDir: subDir,
+		Commit: head.Hash().String(),
+		Dirty:  !s.IsClean(),
+	}
+	r.ProjectKey.NormalizedGitUrl = normaliedUrl
+	r.ProjectKey.SubDir = subDir
+	return nil
+}
+
+func addClusterInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult) error {
+	kubeSystemNs, _, err := targetCtx.SharedContext.K.GetSingleObject(
+		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
+	if err != nil {
+		return err
+	}
+	// we reuse the kube-system namespace uid as global cluster id
+	clusterId := kubeSystemNs.GetK8sUid()
+	if clusterId == "" {
+		return fmt.Errorf("kube-system namespace has no uid")
+	}
+	r.ClusterInfo = result.ClusterInfo{
+		ClusterId: clusterId,
+	}
+	return nil
+}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 32a3dda68..1a1fee162 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -69,7 +69,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 				appliedObjects[o.Ref] = o.Applied
 			}
 		}
-		discriminator = cmd.r.Target.Discriminator
+		discriminator = cmd.r.TargetKey.Discriminator
 	} else {
 		return nil, fmt.Errorf("either deployment collection or command result must be passed")
 	}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index f9e6df475..5eb899b59 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -38,7 +38,17 @@ func (images *Images) PrependFixedImages(fis []types.FixedImage) {
 	images.fixedImages = newFixedImages
 }
 
+func (images *Images) FixedImages() []types.FixedImage {
+	if images == nil {
+		return nil
+	}
+	return images.fixedImages
+}
+
 func (images *Images) SeenImages(simple bool) []types.FixedImage {
+	if images == nil {
+		return nil
+	}
 	var ret []types.FixedImage
 	for _, fi := range images.seenImages {
 		if simple {
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 0535cbc61..5c98eff20 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"time"
 )
 
 func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
@@ -14,6 +15,7 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 	p := &LoadedKluctlProject{
 		ctx:           ctx,
 		LoadArgs:      args,
+		LoadTime:      time.Now(),
 		TmpDir:        tmpDir,
 		J2:            j2,
 		RP:            args.RP,
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 4fe0161ad..ad2d230c9 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -7,12 +7,14 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"time"
 )
 
 type LoadedKluctlProject struct {
 	ctx context.Context
 
 	LoadArgs LoadKluctlProjectArgs
+	LoadTime time.Time
 
 	TmpDir string
 
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 453bfa022..93d92ca94 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -18,6 +18,8 @@ import (
 )
 
 type TargetContext struct {
+	Params TargetContextParams
+
 	SharedContext deployment.SharedContext
 
 	KluctlProject        *LoadedKluctlProject
@@ -138,9 +140,10 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	}
 
 	targetCtx := &TargetContext{
+		Params:               params,
 		SharedContext:        dctx,
 		KluctlProject:        p,
-		Target:               target,
+		Target:               *target,
 		ClusterContext:       clusterContext,
 		DeploymentProject:    d,
 		DeploymentCollection: c,
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 206c3c2d0..ab1db402a 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -99,8 +99,8 @@ var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
 	var name string
 
-	if cr.Project.NormalizedGitUrl != "" {
-		s := path.Base(cr.Project.NormalizedGitUrl)
+	if cr.ProjectKey.NormalizedGitUrl != "" {
+		s := path.Base(cr.ProjectKey.NormalizedGitUrl)
 		if s != "" {
 			name = s + "-"
 		}
@@ -197,11 +197,11 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			"compactedObjects": compressedObjects,
 		},
 	}
-	if cr.Project.NormalizedGitUrl != "" {
-		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.Project.NormalizedGitUrl
+	if cr.ProjectKey.NormalizedGitUrl != "" {
+		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.ProjectKey.NormalizedGitUrl
 	}
-	if cr.Project.SubDir != "" {
-		secret.Annotations["kluctl.io/result-project-subdir"] = cr.Project.SubDir
+	if cr.ProjectKey.SubDir != "" {
+		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
 	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
@@ -209,7 +209,7 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 		return err
 	}
 
-	err = s.cleanupResults(cr.Project, cr.Target)
+	err = s.cleanupResults(cr.ProjectKey, cr.TargetKey)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 4d2ec8dcb..141bd055d 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -78,7 +78,7 @@ type CommandInfo struct {
 	EndTime               types.JsonTime         `json:"endTime"`
 	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
 	Command               string                 `json:"command,omitempty"`
-	Target                *types.Target          `json:"target,omitempty"`
+	Target                string                 `json:"target,omitempty"`
 	TargetNameOverride    string                 `json:"targetNameOverride,omitempty"`
 	ContextOverride       string                 `json:"contextOverride,omitempty"`
 	Args                  *uo.UnstructuredObject `json:"args,omitempty"`
@@ -127,8 +127,9 @@ type ResultObject struct {
 
 type CommandResult struct {
 	Id          string                         `json:"id"`
-	Project     ProjectKey                     `json:"project"`
-	Target      TargetKey                      `json:"target"`
+	ProjectKey  ProjectKey                     `json:"projectKey"`
+	TargetKey   TargetKey                      `json:"targetKey"`
+	Target      types.Target                   `json:"target"`
 	Command     CommandInfo                    `json:"command,omitempty"`
 	GitInfo     *GitInfo                       `json:"gitInfo,omitempty"`
 	ClusterInfo ClusterInfo                    `json:"clusterInfo"`
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 900645e66..dc05e095a 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -53,8 +53,8 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 
 	ret := &CommandResultSummary{
 		Id:                 cr.Id,
-		Project:            cr.Project,
-		Target:             cr.Target,
+		Project:            cr.ProjectKey,
+		Target:             cr.TargetKey,
 		Command:            cr.Command,
 		GitInfo:            cr.GitInfo,
 		ClusterInfo:        cr.ClusterInfo,
diff --git a/pkg/utils/inclusion.go b/pkg/utils/inclusion.go
index 5300f269f..41de49e69 100644
--- a/pkg/utils/inclusion.go
+++ b/pkg/utils/inclusion.go
@@ -42,6 +42,32 @@ func (inc *Inclusion) HasType(typ string) bool {
 	return false
 }
 
+func (inc *Inclusion) GetIncludes(typ string) []string {
+	if inc == nil {
+		return nil
+	}
+	var ret []string
+	for e, _ := range inc.includes {
+		if e.Type == typ {
+			ret = append(ret, e.Value)
+		}
+	}
+	return ret
+}
+
+func (inc *Inclusion) GetExcludes(typ string) []string {
+	if inc == nil {
+		return nil
+	}
+	var ret []string
+	for e, _ := range inc.excludes {
+		if e.Type == typ {
+			ret = append(ret, e.Value)
+		}
+	}
+	return ret
+}
+
 func (inc *Inclusion) checkList(l []InclusionEntry, m map[InclusionEntry]bool) bool {
 	for _, e := range l {
 		if _, ok := m[e]; ok {

From edb5bf7eab38a89a9bb22502a3745646adc383e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 14 May 2023 22:27:37 +0200
Subject: [PATCH 0973/2268] refactor: Get rid of fluxcd dependency

---
 pkg/deployment/deployment_item.go             |   4 +-
 .../flux_utils/kustomize/filesys/fs_secure.go | 286 ++++++++++++++++++
 .../kustomize/kustomize_generator.go          |  81 +++++
 3 files changed, 369 insertions(+), 2 deletions(-)
 create mode 100644 pkg/utils/flux_utils/kustomize/filesys/fs_secure.go
 create mode 100644 pkg/utils/flux_utils/kustomize/kustomize_generator.go

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index f3cb14777..982be5d05 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -2,14 +2,14 @@ package deployment
 
 import (
 	"fmt"
-	"github.com/fluxcd/pkg/kustomize"
-	securefs "github.com/fluxcd/pkg/kustomize/filesys"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/kustomize"
+	securefs "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/kustomize/filesys"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
diff --git a/pkg/utils/flux_utils/kustomize/filesys/fs_secure.go b/pkg/utils/flux_utils/kustomize/filesys/fs_secure.go
new file mode 100644
index 000000000..267d72616
--- /dev/null
+++ b/pkg/utils/flux_utils/kustomize/filesys/fs_secure.go
@@ -0,0 +1,286 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package filesys
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+var (
+	// tmpConfirmedDirPrefix is the prefix used by filesys.NewTmpConfirmedDir(),
+	// the absolute prefix is the value prefixed with os.TempDir().
+	tmpConfirmedDirPrefix = "kustomize-"
+)
+
+// MakeFsOnDiskSecure returns a secure file system which asserts any paths it
+// handles to be inside root. When allowed prefixes are provided, followed
+// absolute links are allowed to traverse into these directories.
+// The root is not allowed to match an allowed prefix, this to ensure an FS
+// instance can not reach into another FS when the allowed prefix configuration
+// is static.
+func MakeFsOnDiskSecure(root string, allowPrefixes ...string) (filesys.FileSystem, error) {
+	unsafeFS := filesys.MakeFsOnDisk()
+	cleanedAbs, _, err := unsafeFS.CleanedAbs(root)
+	if err != nil {
+		return nil, err
+	}
+	if ok, prefix := hasOneOfPrefixes(cleanedAbs.String(), allowPrefixes); ok {
+		return nil, fmt.Errorf("root '%s' cannot be prefixed with '%s'", root, prefix)
+	}
+	return fsSecure{root: cleanedAbs, unsafeFS: unsafeFS, allowPrefixes: allowPrefixes}, nil
+}
+
+// TmpConfirmedDirPrefix returns the absolute prefix path as constructed by
+// filesys.NewTmpConfirmedDir().
+func TmpConfirmedDirPrefix() (string, error) {
+	// Some OS-es seem to symlink TempDir.
+	evaluated, err := filepath.EvalSymlinks(os.TempDir())
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(evaluated, tmpConfirmedDirPrefix), nil
+}
+
+// MakeFsOnDiskSecureBuild calls MakeFsOnDiskSecure, but configures the
+// TmpConfirmedDirPrefix as an allowed prefix.
+// NOTE: When e.g. being able to load remote bases is not a concern, opt to use
+// MakeFsOnDiskSecure instead, unless running into specific traversal issues.
+func MakeFsOnDiskSecureBuild(root string, allowPrefixes ...string) (filesys.FileSystem, error) {
+	dirPrefix, err := TmpConfirmedDirPrefix()
+	if err != nil {
+		return nil, err
+	}
+	allowPrefixes = append([]string{dirPrefix}, allowPrefixes...)
+	return MakeFsOnDiskSecure(root, allowPrefixes...)
+}
+
+// fsSecure wraps an unsafe FileSystem implementation, and secures it
+// by confirming paths are inside root.
+type fsSecure struct {
+	root          filesys.ConfirmedDir
+	unsafeFS      filesys.FileSystem
+	allowPrefixes []string
+}
+
+// ConstraintError records an error and the operation and file that
+// violated it.
+type ConstraintError struct {
+	Op   string
+	Path string
+	Err  error
+}
+
+func (e *ConstraintError) Error() string {
+	return "fs-security-constraint " + e.Op + " " + e.Path + ": " + e.Err.Error()
+}
+
+func (e *ConstraintError) Unwrap() error { return e.Err }
+
+// Create delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// of type ConstraintError is returned.
+func (fs fsSecure) Create(path string) (filesys.File, error) {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return nil, &ConstraintError{Op: "create", Path: path, Err: err}
+	}
+	return fs.unsafeFS.Create(path)
+}
+
+// Mkdir delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// of type ConstraintError is returned.
+func (fs fsSecure) Mkdir(path string) error {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return &ConstraintError{Op: "mkdir", Path: path, Err: err}
+	}
+	return fs.unsafeFS.Mkdir(path)
+}
+
+// MkdirAll delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// type ConstraintError is returned.
+func (fs fsSecure) MkdirAll(path string) error {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return &ConstraintError{Op: "mkdir", Path: path, Err: err}
+	}
+	return fs.unsafeFS.MkdirAll(path)
+}
+
+// RemoveAll delegates to the embedded unsafe FS after having confirmed the
+// path to be inside root. If the provided path violates this constraint, an
+// error of type ConstraintError is returned.
+func (fs fsSecure) RemoveAll(path string) error {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return &ConstraintError{Op: "remove", Path: path, Err: err}
+	}
+	return fs.unsafeFS.RemoveAll(path)
+}
+
+// Open delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// of type ConstraintError is returned.
+func (fs fsSecure) Open(path string) (filesys.File, error) {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return nil, &ConstraintError{Op: "open", Path: path, Err: err}
+	}
+	return fs.unsafeFS.Open(path)
+}
+
+// IsDir delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, it returns
+// false.
+func (fs fsSecure) IsDir(path string) bool {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return false
+	}
+	return fs.unsafeFS.IsDir(path)
+}
+
+// ReadDir delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// of type ConstraintError is returned.
+func (fs fsSecure) ReadDir(path string) ([]string, error) {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return nil, &ConstraintError{Op: "open", Path: path, Err: err}
+	}
+	return fs.unsafeFS.ReadDir(path)
+}
+
+// CleanedAbs delegates to the embedded unsafe FS, but confirms the returned
+// result to be within root. If the results violates this constraint, an error
+// of type ConstraintError is returned.
+// In essence, it functions the same as Kustomize's loader.RestrictionRootOnly,
+// but on FS levels, and while allowing file paths.
+func (fs fsSecure) CleanedAbs(path string) (filesys.ConfirmedDir, string, error) {
+	d, f, err := fs.unsafeFS.CleanedAbs(path)
+	if err != nil {
+		return d, f, err
+	}
+	if ok, _ := hasOneOfPrefixes(d.String(), fs.allowPrefixes); ok {
+		return d, f, err
+	}
+	if !d.HasPrefix(fs.root) {
+		return "", "", &ConstraintError{Op: "abs", Path: path, Err: rootConstraintErr(path, fs.root.String())}
+	}
+	return d, f, err
+}
+
+// Exists delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, it returns
+// false.
+func (fs fsSecure) Exists(path string) bool {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return false
+	}
+	return fs.unsafeFS.Exists(path)
+}
+
+// Glob delegates to the embedded unsafe FS, but filters the returned paths to
+// only include items inside root.
+func (fs fsSecure) Glob(pattern string) ([]string, error) {
+	paths, err := fs.unsafeFS.Glob(pattern)
+	if err != nil {
+		return nil, err
+	}
+	var securePaths []string
+	for _, p := range paths {
+		if err := isSecurePath(fs.unsafeFS, fs.root, p, fs.allowPrefixes...); err == nil {
+			securePaths = append(securePaths, p)
+		}
+	}
+	return securePaths, err
+}
+
+// ReadFile delegates to the embedded unsafe FS after having confirmed the path
+// to be inside root. If the provided path violates this constraint, an error
+// of type ConstraintError is returned.
+func (fs fsSecure) ReadFile(path string) ([]byte, error) {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return nil, &ConstraintError{Op: "read", Path: path, Err: err}
+	}
+	return fs.unsafeFS.ReadFile(path)
+}
+
+// WriteFile delegates to the embedded unsafe FS after having confirmed the
+// path to be inside root. If the provided path violates this constraint, an
+// error of type ConstraintError is returned.
+func (fs fsSecure) WriteFile(path string, data []byte) error {
+	if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+		return &ConstraintError{Op: "write", Path: path, Err: err}
+	}
+	return fs.unsafeFS.WriteFile(path, data)
+}
+
+// Walk delegates to the embedded unsafe FS, wrapping falkFn in a callback which
+// confirms the path to be inside root. If the path violates this constraint,
+// an error of type ConstraintError is returned and walkFn is not called.
+func (fs fsSecure) Walk(path string, walkFn filepath.WalkFunc) error {
+	wrapWalkFn := func(path string, info os.FileInfo, err error) error {
+		if err := isSecurePath(fs.unsafeFS, fs.root, path, fs.allowPrefixes...); err != nil {
+			return &ConstraintError{Op: "walk", Path: path, Err: err}
+		}
+		return walkFn(path, info, err)
+	}
+	return fs.unsafeFS.Walk(path, wrapWalkFn)
+}
+
+// isSecurePath confirms the given path is inside root using the provided file
+// system. At present, it assumes the file system implementation to be on disk
+// and makes use of filepath.EvalSymlinks.
+func isSecurePath(fs filesys.FileSystem, root filesys.ConfirmedDir, path string, allowedPrefixes ...string) error {
+	absRoot, err := filepath.Abs(path)
+	if err != nil {
+		return fmt.Errorf("abs path error on '%s': %v", path, err)
+	}
+	d := filesys.ConfirmedDir(absRoot)
+	if fs.Exists(absRoot) {
+		evaluated, err := filepath.EvalSymlinks(absRoot)
+		if err != nil {
+			return fmt.Errorf("evalsymlink failure on '%s': %w", path, err)
+		}
+		evaluatedDir := evaluated
+		if !fs.IsDir(evaluatedDir) {
+			evaluatedDir = filepath.Dir(evaluatedDir)
+		}
+		d = filesys.ConfirmedDir(evaluatedDir)
+	}
+	if ok, _ := hasOneOfPrefixes(d.String(), allowedPrefixes); ok {
+		return nil
+	}
+	if !d.HasPrefix(root) {
+		return rootConstraintErr(path, root.String())
+	}
+	return nil
+}
+
+func rootConstraintErr(path, root string) error {
+	return fmt.Errorf("path '%s' is not in or below '%s'", path, root)
+}
+
+func hasOneOfPrefixes(s string, prefixes []string) (bool, string) {
+	for _, p := range prefixes {
+		if strings.HasPrefix(s, p) {
+			return true, p
+		}
+	}
+	return false, ""
+}
diff --git a/pkg/utils/flux_utils/kustomize/kustomize_generator.go b/pkg/utils/flux_utils/kustomize/kustomize_generator.go
new file mode 100644
index 000000000..2a21e8b69
--- /dev/null
+++ b/pkg/utils/flux_utils/kustomize/kustomize_generator.go
@@ -0,0 +1,81 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kustomize
+
+import (
+	"fmt"
+	"sync"
+
+	securefs "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/kustomize/filesys"
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/api/resmap"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+// buildMutex protects against kustomize concurrent map read/write panic
+var kustomizeBuildMutex sync.Mutex
+
+// Secure Build wraps krusty.MakeKustomizer with the following settings:
+//   - secure on-disk FS denying operations outside root
+//   - load files from outside the kustomization dir path
+//     (but not outside root)
+//   - disable plugins except for the builtin ones
+func SecureBuild(root, dirPath string, allowRemoteBases bool) (res resmap.ResMap, err error) {
+	var fs filesys.FileSystem
+
+	// Create secure FS for root with or without remote base support
+	if allowRemoteBases {
+		fs, err = securefs.MakeFsOnDiskSecureBuild(root)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		fs, err = securefs.MakeFsOnDiskSecure(root)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return Build(fs, dirPath)
+}
+
+// Build wraps krusty.MakeKustomizer with the following settings:
+// - load files from outside the kustomization.yaml root
+// - disable plugins except for the builtin ones
+func Build(fs filesys.FileSystem, dirPath string) (res resmap.ResMap, err error) {
+	// temporary workaround for concurrent map read and map write bug
+	// https://github.com/kubernetes-sigs/kustomize/issues/3659
+	kustomizeBuildMutex.Lock()
+	defer kustomizeBuildMutex.Unlock()
+
+	// Kustomize tends to panic in unpredicted ways due to (accidental)
+	// invalid object data; recover when this happens to ensure continuity of
+	// operations
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("recovered from kustomize build panic: %v", r)
+		}
+	}()
+
+	buildOptions := &krusty.Options{
+		LoadRestrictions: kustypes.LoadRestrictionsNone,
+		PluginConfig:     kustypes.DisabledPluginConfig(),
+	}
+
+	k := krusty.MakeKustomizer(buildOptions)
+	return k.Run(fs, dirPath)
+}

From 51a0116e3a286b9316031cb55cbba23123276675 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 14 May 2023 22:33:50 +0200
Subject: [PATCH 0974/2268] refactor: Use metav1.Time instead of own JsonTime

---
 pkg/deployment/commands/result_utils.go |  5 ++--
 pkg/types/result/command_result.go      |  5 ++--
 pkg/types/time.go                       | 39 -------------------------
 3 files changed, 6 insertions(+), 43 deletions(-)
 delete mode 100644 pkg/types/time.go

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index dba10686f..9e06da59d 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"path/filepath"
 	"time"
 )
@@ -14,8 +15,8 @@ import (
 func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *result.CommandResult, command string) error {
 	r.Target = targetCtx.Target
 	r.Command = result.CommandInfo{
-		StartTime: types.FromTime(targetCtx.KluctlProject.LoadTime),
-		EndTime:   types.FromTime(time.Now()),
+		StartTime: metav1.NewTime(targetCtx.KluctlProject.LoadTime),
+		EndTime:   metav1.Now(),
 		Command:   command,
 		Args:      targetCtx.KluctlProject.LoadArgs.ExternalArgs,
 	}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 141bd055d..44629c3d5 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -4,6 +4,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type Change struct {
@@ -74,8 +75,8 @@ func (k TargetKey) Less(o TargetKey) bool {
 
 type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
-	StartTime             types.JsonTime         `json:"startTime"`
-	EndTime               types.JsonTime         `json:"endTime"`
+	StartTime             metav1.Time            `json:"startTime"`
+	EndTime               metav1.Time            `json:"endTime"`
 	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
 	Command               string                 `json:"command,omitempty"`
 	Target                string                 `json:"target,omitempty"`
diff --git a/pkg/types/time.go b/pkg/types/time.go
deleted file mode 100644
index 1706b8606..000000000
--- a/pkg/types/time.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package types
-
-import (
-	"encoding/json"
-	"time"
-)
-
-type JsonTime string
-
-func FromTime(t time.Time) JsonTime {
-	return JsonTime(t.Format(time.RFC3339Nano))
-}
-
-func (t JsonTime) ToTime() (time.Time, error) {
-	t2, err := time.Parse(time.RFC3339Nano, string(t))
-	if err != nil {
-		return time.Time{}, err
-	}
-	return t2, nil
-}
-
-func (t *JsonTime) UnmarshalJSON(b []byte) error {
-	var s string
-	err := json.Unmarshal(b, &s)
-	if err != nil {
-		return err
-	}
-	t2 := JsonTime(s)
-	_, err = t2.ToTime()
-	if err != nil {
-		return err
-	}
-	*t = t2
-	return nil
-}
-
-func (t JsonTime) MarshalJSON() ([]byte, error) {
-	return json.Marshal(string(t))
-}

From 54822d5869a0a3e9298cf8d97c9109b376e3660b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 14 May 2023 22:35:29 +0200
Subject: [PATCH 0975/2268] refactor: Allow delete command without targetCtx

---
 cmd/kluctl/commands/cmd_delete.go       |  4 +-
 pkg/deployment/commands/delete.go       | 52 ++++++++++++++++++-------
 pkg/deployment/commands/result_utils.go | 29 ++++++++++++--
 3 files changed, 67 insertions(+), 18 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index f485c134c..f93e08d14 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -46,9 +46,9 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx)
+		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil)
 
-		result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
+		result, err := cmd2.Run(cmdCtx.targetCtx.SharedContext.Ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
 		})
 		if err != nil {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index ffd08dae1..11c49e8bb 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -1,30 +1,44 @@
 package commands
 
 import (
+	"context"
 	"fmt"
 	"github.com/google/uuid"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"time"
 )
 
 type DeleteCommand struct {
 	discriminator string
 	targetCtx     *kluctl_project.TargetContext
+	inclusion     *utils.Inclusion
 }
 
-func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext) *DeleteCommand {
+func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext, inclusion *utils.Inclusion) *DeleteCommand {
 	return &DeleteCommand{
 		discriminator: discriminator,
 		targetCtx:     targetCtx,
+		inclusion:     inclusion,
 	}
 }
 
-func (cmd *DeleteCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
-	discriminator := cmd.targetCtx.Target.Discriminator
-	if cmd.discriminator != "" {
-		discriminator = cmd.discriminator
+func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
+	startTime := time.Now()
+
+	inclusion := cmd.inclusion
+	if inclusion == nil && cmd.targetCtx != nil {
+		inclusion = cmd.targetCtx.DeploymentCollection.Inclusion
+	}
+
+	discriminator := cmd.discriminator
+	if discriminator == "" && cmd.targetCtx != nil {
+		discriminator = cmd.targetCtx.Target.Discriminator
 	}
 
 	if discriminator == "" {
@@ -32,13 +46,13 @@ func (cmd *DeleteCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*res
 	}
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
-	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
-	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, nil, false)
+	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
+	err := ru.UpdateRemoteObjects(k, &discriminator, nil, false)
 	if err != nil {
 		return nil, err
 	}
 
-	deleteRefs, err := utils2.FindObjectsForDelete(cmd.targetCtx.SharedContext.K, ru.GetFilteredRemoteObjects(cmd.targetCtx.DeploymentCollection.Inclusion), cmd.targetCtx.DeploymentCollection.Inclusion.HasType("tags"), nil)
+	deleteRefs, err := utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(inclusion), inclusion.HasType("tags"), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -50,20 +64,32 @@ func (cmd *DeleteCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*res
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, true)
+	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
 	if err != nil {
 		return nil, err
 	}
 
+	var c *deployment.DeploymentCollection
+	if cmd.targetCtx != nil {
+		c = cmd.targetCtx.DeploymentCollection
+	}
+
 	r := &result.CommandResult{
 		Id:       uuid.New().String(),
-		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
+		Objects:  collectObjects(c, ru, nil, nil, nil, deleted),
 		Errors:   dew.GetErrorsList(),
 		Warnings: dew.GetWarningsList(),
 	}
-	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "delete")
-	if err != nil {
-		return r, err
+	if cmd.targetCtx != nil {
+		err = addBaseCommandInfoToResult(cmd.targetCtx, r, "delete")
+		if err != nil {
+			return r, err
+		}
+	} else {
+		err = addDeleteCommandInfoToResult(r, k, startTime, inclusion)
+		if err != nil {
+			return r, err
+		}
 	}
 	return r, nil
 }
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 9e06da59d..ecd108d56 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -3,10 +3,12 @@ package commands
 import (
 	"fmt"
 	git2 "github.com/go-git/go-git/v5"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"path/filepath"
 	"time"
@@ -36,7 +38,7 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *resu
 		return err
 	}
 
-	err = addClusterInfo(targetCtx, r)
+	err = addClusterInfo(targetCtx.SharedContext.K, r)
 	if err != nil {
 		return err
 	}
@@ -44,6 +46,27 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *resu
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
 	r.TargetKey.ClusterId = r.ClusterInfo.ClusterId
+
+	return nil
+}
+
+func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) error {
+	r.Command = result.CommandInfo{
+		StartTime: metav1.NewTime(startTime),
+		EndTime:   metav1.Now(),
+		Command:   "delete",
+	}
+
+	r.Command.IncludeTags = inclusion.GetIncludes("tags")
+	r.Command.ExcludeTags = inclusion.GetExcludes("tags")
+	r.Command.IncludeDeploymentDirs = inclusion.GetIncludes("deploymentItemDir")
+	r.Command.ExcludeDeploymentDirs = inclusion.GetExcludes("deploymentItemDir")
+
+	err := addClusterInfo(k, r)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -117,8 +140,8 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 	return nil
 }
 
-func addClusterInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult) error {
-	kubeSystemNs, _, err := targetCtx.SharedContext.K.GetSingleObject(
+func addClusterInfo(k *k8s2.K8sCluster, r *result.CommandResult) error {
+	kubeSystemNs, _, err := k.GetSingleObject(
 		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
 	if err != nil {
 		return err

From 1b7645e261aa2804aa912a4ab7b87568eaaafbf2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 14 May 2023 22:55:45 +0200
Subject: [PATCH 0976/2268] refactor: Use apiextensionsv1.JSON for any types

---
 e2e/args_test.go                        | 12 ++++----
 pkg/deployment/external_args.go         |  8 ++++-
 pkg/deployment/utils/diff_utils_test.go | 40 ++++++++++++++++++++-----
 pkg/diff/diff.go                        | 40 ++++++++++++++++++++++---
 pkg/diff/obfuscate.go                   | 25 ++++++++++++----
 pkg/results/result-store-secrets.go     |  2 +-
 pkg/results/results-collector.go        |  2 +-
 pkg/types/kluctl_project.go             |  5 ++--
 pkg/types/result/command_result.go      | 11 +++----
 9 files changed, 113 insertions(+), 32 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 5f689f624..b52698b47 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"
 )
 
-func testArgs(t *testing.T) {
+func TestArgs(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -34,6 +34,10 @@ func testArgs(t *testing.T) {
 				"nested": "default",
 			},
 		},
+		map[string]any{
+			"name":    "e",
+			"default": 42,
+		},
 	}
 
 	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
@@ -46,6 +50,7 @@ func testArgs(t *testing.T) {
 		"b": `{{ args.b | default("na") }}`,
 		"c": `{{ args.c | default("na") }}`,
 		"d": "{{ args.d | to_json }}",
+		"e": "{{ args.e + 1 }}",
 	}, resourceOpts{
 		name:      "cm",
 		namespace: p.TestSlug(),
@@ -57,6 +62,7 @@ func testArgs(t *testing.T) {
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
+	assertNestedFieldEquals(t, cm, `43`, "data", "e")
 
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
@@ -112,10 +118,6 @@ d:
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d4"}}`, "data", "d")
 }
 
-func TestArgs(t *testing.T) {
-	testArgs(t)
-}
-
 func TestArgsFromEnv(t *testing.T) {
 	k := defaultCluster1
 
diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index e041ebdfb..808d65dbf 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -1,6 +1,7 @@
 package deployment
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -59,8 +60,13 @@ func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObj
 	defaults := uo.New()
 	for _, a := range args {
 		if a.Default != nil {
+			var v any
+			err := json.Unmarshal(a.Default.Raw, &v)
+			if err != nil {
+				return err
+			}
 			a2 := uo.FromMap(map[string]interface{}{
-				a.Name: a.Default,
+				a.Name: v,
 			})
 			defaults.Merge(a2)
 		}
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 430d39427..60e3fa6e9 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -2,11 +2,13 @@ package utils
 
 import (
 	"context"
+	"encoding/json"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"testing"
 )
 
@@ -56,6 +58,28 @@ func newTestConfigMap(name string, data map[string]interface{}) *uo.Unstructured
 }
 
 func TestDiff(t *testing.T) {
+	buildRaw := func(x any) *apiextensionsv1.JSON {
+		if x == nil {
+			return nil
+		}
+		b, err := json.Marshal(x)
+		if err != nil {
+			t.Fatal(err)
+		}
+		return &apiextensionsv1.JSON{
+			Raw: b,
+		}
+	}
+	buildChange := func(typ string, jsonPath string, oldValue any, newValue any, unifiedDiff string) result.Change {
+		return result.Change{
+			Type:        typ,
+			JsonPath:    jsonPath,
+			NewValue:    buildRaw(newValue),
+			OldValue:    buildRaw(oldValue),
+			UnifiedDiff: unifiedDiff,
+		}
+	}
+
 	tests := []*diffTestConfig{
 		{
 			name: "One changed object (changed field)",
@@ -65,7 +89,7 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
-					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v2", UnifiedDiff: "-v1\n+v2"},
+					buildChange("update", "data.d1", buildRaw("v1"), buildRaw("v2"), "-v1\n+v2"),
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -77,7 +101,7 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
-					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
+					buildChange("insert", "data.d2", nil, buildRaw("v2"), "+v2"),
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -89,7 +113,7 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
-					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
+					buildChange("delete", "data.d2", buildRaw("v2"), nil, "-v2"),
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -101,8 +125,8 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
-					result.Change{Type: "delete", JsonPath: "data.d1", OldValue: "v1", NewValue: interface{}(nil), UnifiedDiff: "-v1"},
-					result.Change{Type: "insert", JsonPath: "data.d2", OldValue: interface{}(nil), NewValue: "v2", UnifiedDiff: "+v2"},
+					buildChange("delete", "data.d1", buildRaw("v1"), nil, "-v1"),
+					buildChange("insert", "data.d2", nil, buildRaw("v2"), "+v2"),
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
@@ -114,9 +138,9 @@ func TestDiff(t *testing.T) {
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
-					result.Change{Type: "update", JsonPath: "data.d1", OldValue: "v1", NewValue: "v12", UnifiedDiff: "-v1\n+v12"},
-					result.Change{Type: "delete", JsonPath: "data.d2", OldValue: "v2", NewValue: interface{}(nil), UnifiedDiff: "-v2"},
-					result.Change{Type: "insert", JsonPath: "data.d3", OldValue: interface{}(nil), NewValue: "v3", UnifiedDiff: "+v3"},
+					buildChange("update", "data.d1", buildRaw("v1"), buildRaw("v12"), "-v1\n+v12"),
+					buildChange("delete", "data.d2", buildRaw("v2"), nil, "-v2"),
+					buildChange("insert", "data.d3", nil, buildRaw("v3"), "+v3"),
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index f654b0507..0d9accd67 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	diff2 "github.com/r3labs/diff/v2"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"reflect"
 	"sort"
 	"strconv"
@@ -73,31 +74,47 @@ func convertChange(c diff2.Change, oldObject *uo.UnstructuredObject, newObject *
 		if err != nil {
 			return nil, err
 		}
+		jto, err := yaml.WriteJsonString(c.To)
+		if err != nil {
+			return nil, err
+		}
 		return &result.Change{
 			Type:     "insert",
 			JsonPath: p,
-			NewValue: c.To,
+			NewValue: &apiextensionsv1.JSON{Raw: []byte(jto)},
 		}, nil
 	case "delete":
 		p, err := convertPath(c.Path, oldObject.Object)
 		if err != nil {
 			return nil, err
 		}
+		jfrom, err := yaml.WriteJsonString(c.From)
+		if err != nil {
+			return nil, err
+		}
 		return &result.Change{
 			Type:     "delete",
 			JsonPath: p,
-			OldValue: c.From,
+			OldValue: &apiextensionsv1.JSON{Raw: []byte(jfrom)},
 		}, nil
 	case "update":
 		p, err := convertPath(c.Path, newObject.Object)
 		if err != nil {
 			return nil, err
 		}
+		jto, err := yaml.WriteJsonString(c.To)
+		if err != nil {
+			return nil, err
+		}
+		jfrom, err := yaml.WriteJsonString(c.From)
+		if err != nil {
+			return nil, err
+		}
 		return &result.Change{
 			Type:     "update",
 			JsonPath: p,
-			NewValue: c.To,
-			OldValue: c.From,
+			NewValue: &apiextensionsv1.JSON{Raw: []byte(jto)},
+			OldValue: &apiextensionsv1.JSON{Raw: []byte(jfrom)},
 		}, nil
 	}
 	return nil, fmt.Errorf("unknown change type %s", c.Type)
@@ -204,6 +221,21 @@ func objectToDiffableStringNoType(o interface{}) (string, error) {
 	if o == notPresent {
 		return "", nil
 	}
+
+	if reflect.TypeOf(reflect.Indirect(reflect.ValueOf(o))).Kind() == reflect.Struct {
+		// writing and re-reading yaml to normalise custom serialization
+		s, err := yaml.WriteYamlString(o)
+		if err != nil {
+			return "", err
+		}
+		var o2 any
+		err = yaml.ReadYamlString(s, &o2)
+		if err != nil {
+			return "", err
+		}
+		o = o2
+	}
+
 	if v, ok := o.(string); ok {
 		return v, nil
 	}
diff --git a/pkg/diff/obfuscate.go b/pkg/diff/obfuscate.go
index ea16017d9..f8f1a7fc8 100644
--- a/pkg/diff/obfuscate.go
+++ b/pkg/diff/obfuscate.go
@@ -2,11 +2,13 @@ package diff
 
 import (
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/ohler55/ojg/jp"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"strings"
 )
@@ -65,22 +67,35 @@ func (o *Obfuscator) ObfuscateObject(x *uo.UnstructuredObject) (*uo.Unstructured
 }
 
 func (o *Obfuscator) obfuscateSecretChanges(ref k8s.ObjectRef, changes []result.Change) error {
-	replaceValues := func(x any, v string) any {
-		if x == nil {
+	replaceValues := func(j *apiextensionsv1.JSON, v string) *apiextensionsv1.JSON {
+		if j == nil {
 			return nil
 		}
+
+		var x any
+		err := json.Unmarshal(j.Raw, &x)
+		if err != nil {
+			return nil
+		}
+
 		if m, ok := x.(map[string]any); ok {
 			for k, _ := range m {
 				m[k] = v
 			}
-			return m
 		} else if a, ok := x.([]any); ok {
 			for i, _ := range a {
 				a[i] = v
 			}
-			return a
+		} else {
+			x = v
 		}
-		return v
+
+		b, err := json.Marshal(x)
+		if err != nil {
+			return nil
+		}
+
+		return &apiextensionsv1.JSON{Raw: b}
 	}
 
 	for i, _ := range changes {
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index ab1db402a..f918e5b2e 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -276,7 +276,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
-		return ret[i].Command.StartTime >= ret[j].Command.StartTime
+		return ret[i].Command.StartTime.After(ret[j].Command.StartTime.Time)
 	})
 
 	return ret, nil
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 583a5b9b2..5ae9cbd4a 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -111,7 +111,7 @@ func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResult
 		summaries = append(summaries, *x.summary)
 	}
 	sort.Slice(summaries, func(i, j int) bool {
-		return summaries[i].Command.StartTime >= summaries[j].Command.StartTime
+		return summaries[i].Command.StartTime.After(summaries[j].Command.StartTime.Time)
 	})
 	return summaries, nil
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 83aa87f8d..c8293da48 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 type SealingConfig struct {
@@ -20,8 +21,8 @@ type Target struct {
 }
 
 type DeploymentArg struct {
-	Name    string      `json:"name" validate:"required"`
-	Default interface{} `json:"default,omitempty"`
+	Name    string                `json:"name" validate:"required"`
+	Default *apiextensionsv1.JSON `json:"default,omitempty"`
 }
 
 type SecretSet struct {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 44629c3d5..80d30e378 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -4,15 +4,16 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type Change struct {
-	Type        string      `json:"type" validate:"required"`
-	JsonPath    string      `json:"jsonPath" validate:"required"`
-	OldValue    interface{} `json:"oldValue,omitempty"`
-	NewValue    interface{} `json:"newValue,omitempty"`
-	UnifiedDiff string      `json:"unifiedDiff,omitempty"`
+	Type        string                `json:"type" validate:"required"`
+	JsonPath    string                `json:"jsonPath" validate:"required"`
+	OldValue    *apiextensionsv1.JSON `json:"oldValue,omitempty"`
+	NewValue    *apiextensionsv1.JSON `json:"newValue,omitempty"`
+	UnifiedDiff string                `json:"unifiedDiff,omitempty"`
 }
 
 type ChangedObject struct {

From 2618516cb084cc0591ccfa9830fedd53cf370de7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 12:05:19 +0200
Subject: [PATCH 0977/2268] refactor: Allow to call KluctlExecute without a
 project

---
 e2e/test-utils/kluctl_execute.go | 46 ++++++++++++++++++++++++++++++++
 e2e/test-utils/project.go        | 38 +-------------------------
 2 files changed, 47 insertions(+), 37 deletions(-)
 create mode 100644 e2e/test-utils/kluctl_execute.go

diff --git a/e2e/test-utils/kluctl_execute.go b/e2e/test-utils/kluctl_execute.go
new file mode 100644
index 000000000..bab9a76e2
--- /dev/null
+++ b/e2e/test-utils/kluctl_execute.go
@@ -0,0 +1,46 @@
+package test_utils
+
+import (
+	"bytes"
+	"context"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"strings"
+	"sync"
+	"testing"
+)
+
+func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, string, error) {
+	t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
+
+	var m sync.Mutex
+	stdoutBuf := bytes.NewBuffer(nil)
+	stdout := status.NewLineRedirector(func(line string) {
+		m.Lock()
+		defer m.Unlock()
+		t.Log(line)
+		stdoutBuf.WriteString(line + "\n")
+	})
+	stderrBuf := bytes.NewBuffer(nil)
+
+	ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
+	ctx = commands.WithStdStreams(ctx, stdout, stderrBuf)
+	sh := status.NewSimpleStatusHandler(func(message string) {
+		m.Lock()
+		defer m.Unlock()
+		t.Log(message)
+		stderrBuf.WriteString(message + "\n")
+	}, false, true)
+	defer func() {
+		if sh != nil {
+			sh.Stop()
+		}
+	}()
+	ctx = status.NewContext(ctx, sh)
+	err := commands.Execute(ctx, args, nil)
+	sh.Stop()
+	sh = nil
+	_ = stdout.Close()
+	return stdoutBuf.String(), stderrBuf.String(), err
+}
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index ae402a1b9..e8c33d1ec 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -1,16 +1,12 @@
 package test_utils
 
 import (
-	"bytes"
 	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
@@ -22,7 +18,6 @@ import (
 	"path/filepath"
 	"reflect"
 	"strings"
-	"sync"
 	"testing"
 )
 
@@ -459,38 +454,7 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	args = append(args, "--project-dir", p.LocalProjectDir())
 	args = append(args, argsIn...)
 
-	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
-
-	var m sync.Mutex
-	stdoutBuf := bytes.NewBuffer(nil)
-	stdout := status.NewLineRedirector(func(line string) {
-		m.Lock()
-		defer m.Unlock()
-		p.t.Log(line)
-		stdoutBuf.WriteString(line + "\n")
-	})
-	stderrBuf := bytes.NewBuffer(nil)
-
-	ctx := context.Background()
-	ctx = utils.WithTmpBaseDir(ctx, p.t.TempDir())
-	ctx = commands.WithStdStreams(ctx, stdout, stderrBuf)
-	sh := status.NewSimpleStatusHandler(func(message string) {
-		m.Lock()
-		defer m.Unlock()
-		p.t.Log(message)
-		stderrBuf.WriteString(message + "\n")
-	}, false, true)
-	defer func() {
-		if sh != nil {
-			sh.Stop()
-		}
-	}()
-	ctx = status.NewContext(ctx, sh)
-	err := commands.Execute(ctx, args, nil)
-	sh.Stop()
-	sh = nil
-	_ = stdout.Close()
-	return stdoutBuf.String(), stderrBuf.String(), err
+	return KluctlExecute(p.t, context.Background(), args...)
 }
 
 func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {

From 732378e75386212cb697759a7486036498928b59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 May 2023 23:59:56 +0200
Subject: [PATCH 0978/2268] fix: Allow to use non-exported fields in command
 structs

---
 cmd/kluctl/commands/cobra_utils.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 173303bfe..d4b4fb013 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -100,6 +100,9 @@ func (c *rootCommand) buildCobraSubCommands(cg *commandAndGroups, cmdStruct inte
 	t := v.Type()
 	for i := 0; i < t.NumField(); i++ {
 		f := t.Field(i)
+		if !f.IsExported() {
+			continue
+		}
 		v2 := v.Field(i).Addr().Interface()
 		name := buildCobraName(f.Name)
 
@@ -126,6 +129,9 @@ func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}
 	t := v.Type()
 	for i := 0; i < t.NumField(); i++ {
 		f := t.Field(i)
+		if !f.IsExported() {
+			continue
+		}
 		if _, ok := f.Tag.Lookup("cmd"); ok {
 			continue
 		}

From 4a6aee2e7054cb7940ff4ce092dbfdc14e59559e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 14:07:21 +0200
Subject: [PATCH 0979/2268] refactor: Move main.go to cmd/

---
 main.go => cmd/main.go | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename main.go => cmd/main.go (100%)

diff --git a/main.go b/cmd/main.go
similarity index 100%
rename from main.go
rename to cmd/main.go

From b1c73cc7ed05e042062fb56e602a4b4435a06a4c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 14:09:37 +0200
Subject: [PATCH 0980/2268] fix: Make code controller-gen compatible

---
 e2e/default_clusters.go    |  1 -
 e2e/hooks_test.go          |  2 +-
 e2e/utils_resources.go     |  4 ++--
 e2e/validate_test.go       |  2 +-
 pkg/types/doc.go           | 19 +++++++++++++++++++
 pkg/types/git_url.go       |  8 ++++++++
 pkg/types/k8s/ref.go       |  1 +
 pkg/types/result/doc.go    | 19 +++++++++++++++++++
 pkg/types/yaml_url.go      |  7 +++++++
 pkg/utils/uo/k8s_fields.go |  1 -
 pkg/utils/uo/uo.go         | 11 ++++++++++-
 11 files changed, 68 insertions(+), 7 deletions(-)
 create mode 100644 pkg/types/doc.go
 create mode 100644 pkg/types/result/doc.go

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index b50159416..373957a89 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -1,6 +1,5 @@
 package e2e
 
-import "C"
 import (
 	"fmt"
 	"github.com/imdario/mergo"
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 504559c23..994174ff3 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -96,7 +96,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
 	s.p.AddKustomizeResources(dir, []test_utils.KustomizeResource{
-		{fmt.Sprintf("%s.yml", opts.name), "", o},
+		{Name: fmt.Sprintf("%s.yml", opts.name), Content: o},
 	})
 }
 
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 928627aa6..a78a2d0fd 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -57,7 +57,7 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
-		{fmt.Sprintf("configmap-%s.yml", opts.name), "", o},
+		{Name: fmt.Sprintf("configmap-%s.yml", opts.name), Content: o},
 	}, opts.tags)
 	if opts.when != "" {
 		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
@@ -75,7 +75,7 @@ func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
-		{fname, fname + sealmeExt, o},
+		{Name: fname, FileName: fname + sealmeExt, Content: o},
 	}, opts.tags)
 	if opts.when != "" {
 		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 9fdb6cf5c..1eec3fd3e 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -72,7 +72,7 @@ func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_utils
 	p.UpdateTarget("test", nil)
 
 	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
-		{fmt.Sprintf("configmap-%s.yml", "d1"), "", buildDeployment("d1", p.TestSlug(), false)},
+		{Name: fmt.Sprintf("configmap-%s.yml", "d1"), Content: buildDeployment("d1", p.TestSlug(), false)},
 	}, nil)
 
 	return p
diff --git a/pkg/types/doc.go b/pkg/types/doc.go
new file mode 100644
index 000000000..b4756cc8a
--- /dev/null
+++ b/pkg/types/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package types contains types used in Kluctl projects
+// +kubebuilder:object:generate=true
+package types
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index f7fa8c6a7..44db3e65c 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 )
 
+// +kubebuilder:validation:Type=string
 type GitUrl struct {
 	url.URL `json:"-"`
 }
@@ -28,6 +29,13 @@ func ParseGitUrlMust(u string) *GitUrl {
 	return u2
 }
 
+func (in *GitUrl) DeepCopyInto(out *GitUrl) {
+	out.URL = in.URL
+	if out.URL.User != nil {
+		out.URL.User = &*in.URL.User
+	}
+}
+
 func (u *GitUrl) UnmarshalJSON(b []byte) error {
 	var s string
 	err := json.Unmarshal(b, &s)
diff --git a/pkg/types/k8s/ref.go b/pkg/types/k8s/ref.go
index b257ca428..478e2bc42 100644
--- a/pkg/types/k8s/ref.go
+++ b/pkg/types/k8s/ref.go
@@ -1,3 +1,4 @@
+// +kubebuilder:object:generate=true
 package k8s
 
 import (
diff --git a/pkg/types/result/doc.go b/pkg/types/result/doc.go
new file mode 100644
index 000000000..ec02a69c4
--- /dev/null
+++ b/pkg/types/result/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package result contains result types used in Kluctl projects
+// +kubebuilder:object:generate=true
+package result
diff --git a/pkg/types/yaml_url.go b/pkg/types/yaml_url.go
index 59560e2df..f2ffac1df 100644
--- a/pkg/types/yaml_url.go
+++ b/pkg/types/yaml_url.go
@@ -26,3 +26,10 @@ func (u *YamlUrl) UnmarshalJSON(b []byte) error {
 func (u YamlUrl) MarshalJSON() ([]byte, error) {
 	return json.Marshal(u.String())
 }
+
+func (in *YamlUrl) DeepCopyInto(out *YamlUrl) {
+	out.URL = in.URL
+	if out.URL.User != nil {
+		out.URL.User = &*in.URL.User
+	}
+}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index c45e23f57..e3b507121 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -251,5 +251,4 @@ func (ui *UnstructuredObject) getRegexp(r interface{}) *regexp.Regexp {
 		}
 	}
 	panic(fmt.Sprintf("unknown type %s", reflect.TypeOf(r).String()))
-	return nil
 }
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 7983e3f23..92d2e73d7 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -9,8 +9,9 @@ import (
 	"reflect"
 )
 
+// +kubebuilder:pruning:PreserveUnknownFields
 type UnstructuredObject struct {
-	Object map[string]interface{} `json:"object,omitempty,inline"`
+	Object map[string]interface{} `json:"-"`
 }
 
 func (uo *UnstructuredObject) MarshalJSON() ([]byte, error) {
@@ -145,6 +146,14 @@ func (uo *UnstructuredObject) Clone() *UnstructuredObject {
 	return FromMap(c)
 }
 
+func (uo *UnstructuredObject) DeepCopyInto(out *UnstructuredObject) {
+	*out = *uo.Clone()
+}
+
+func (uo *UnstructuredObject) DeepCopy() *UnstructuredObject {
+	return uo.Clone()
+}
+
 func (uo *UnstructuredObject) Merge(other *UnstructuredObject) {
 	MergeMap(uo.Object, other.Object)
 }

From dc3e5fa3a3031691187573f0861026213be828c4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 14:10:42 +0200
Subject: [PATCH 0981/2268] tests: Add controller-runtime client and CRD
 loading to EnvTestCluster

---
 e2e/test-utils/envtest_cluster.go | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index df6893c7d..158b79e65 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -13,6 +14,7 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/util/flowcontrol"
 	"net/http"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sync"
@@ -20,6 +22,8 @@ import (
 )
 
 type EnvTestCluster struct {
+	CRDDirectoryPaths []string
+
 	env     envtest.Environment
 	started bool
 
@@ -30,6 +34,7 @@ type EnvTestCluster struct {
 
 	HttpClient    *http.Client
 	DynamicClient dynamic.Interface
+	Client        client.Client
 	ServerVersion *version.Info
 
 	callbackServer     webhook.Server
@@ -47,12 +52,16 @@ func CreateEnvTestCluster(context string) *EnvTestCluster {
 }
 
 func (k *EnvTestCluster) Start() error {
+	k.env.CRDDirectoryPaths = k.CRDDirectoryPaths
+
 	_, err := k.env.Start()
 	if err != nil {
 		return err
 	}
 	k.started = true
 
+	_ = kluctlv1.AddToScheme(k.env.Scheme)
+
 	err = k.startCallbackServer()
 	if err != nil {
 		return err
@@ -76,11 +85,11 @@ func (k *EnvTestCluster) Start() error {
 
 	k.Kubeconfig = kcfg
 
-	client, err := rest.HTTPClientFor(k.config)
+	httpClient, err := rest.HTTPClientFor(k.config)
 	if err != nil {
 		return err
 	}
-	k.HttpClient = client
+	k.HttpClient = httpClient
 
 	dynamicClient, err := dynamic.NewForConfigAndClient(k.config, k.HttpClient)
 	if err != nil {
@@ -88,7 +97,12 @@ func (k *EnvTestCluster) Start() error {
 	}
 	k.DynamicClient = dynamicClient
 
-	discoveryClient, err := discovery.NewDiscoveryClientForConfigAndClient(k.config, client)
+	c, err := client.New(k.config, client.Options{
+		HTTPClient: httpClient,
+	})
+	k.Client = c
+
+	discoveryClient, err := discovery.NewDiscoveryClientForConfigAndClient(k.config, httpClient)
 	if err != nil {
 		return err
 	}

From 3ce754edbcc1b912fbb04ad3efb8649a9bda86c2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 14:12:50 +0200
Subject: [PATCH 0982/2268] feat: Remove flux subcommands

---
 cmd/kluctl/commands/cmd_flux.go           |   70 -
 cmd/kluctl/commands/cmd_flux_reconcile.go |  108 -
 cmd/kluctl/commands/cmd_flux_resume.go    |   48 -
 cmd/kluctl/commands/cmd_flux_suspend.go   |   47 -
 cmd/kluctl/commands/root.go               |    2 -
 e2e/flux_test.go                          |   94 -
 e2e/test_resources/README.md              |   15 -
 e2e/test_resources/flux-source-crd.yaml   | 2623 ---------------------
 e2e/test_resources/kluctl-crds.yaml       |  567 -----
 e2e/test_resources/kluctl-deployment.yaml |   35 -
 10 files changed, 3609 deletions(-)
 delete mode 100644 cmd/kluctl/commands/cmd_flux.go
 delete mode 100644 cmd/kluctl/commands/cmd_flux_reconcile.go
 delete mode 100644 cmd/kluctl/commands/cmd_flux_resume.go
 delete mode 100644 cmd/kluctl/commands/cmd_flux_suspend.go
 delete mode 100644 e2e/flux_test.go
 delete mode 100644 e2e/test_resources/flux-source-crd.yaml
 delete mode 100644 e2e/test_resources/kluctl-crds.yaml
 delete mode 100644 e2e/test_resources/kluctl-deployment.yaml

diff --git a/cmd/kluctl/commands/cmd_flux.go b/cmd/kluctl/commands/cmd_flux.go
deleted file mode 100644
index 2b68aa514..000000000
--- a/cmd/kluctl/commands/cmd_flux.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package commands
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	kube "github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-)
-
-type fluxCmd struct {
-	Reconcile fluxReconcileCmd `cmd:"" help:"Reconcile KluctlDeployment"`
-	Suspend   fluxSuspendCmd   `cmd:"" help:"Suspend KluctlDeployment"`
-	Resume    fluxResumeCmd    `cmd:"" help:"Resume KluctlDeployment"`
-}
-
-func WaitForReady(k *kube.K8sCluster, ref k8s.ObjectRef) (bool, error) {
-	o, _, err := k.GetSingleObject(ref)
-	if o == nil {
-		return false, err
-	}
-	retry := 0
-	finalStatus := true
-	var errorMsg error
-	for s, err := GetObjectStatus(o); s != true; {
-		if retry >= 5 || err != nil {
-			finalStatus = false
-			errorMsg = err
-			break
-		}
-		retry++
-		time.Sleep(8 * time.Second)
-	}
-	return finalStatus, errorMsg
-}
-
-func GetObjectStatus(o *uo.UnstructuredObject) (bool, error) {
-	conditions, ok, err := o.GetNestedField("status", "conditions")
-	if !ok {
-		return false, err
-	}
-	for _, v := range conditions.([]interface{}) {
-		if (v.(map[string]interface{})["type"]) == "Ready" {
-			return true, nil
-		}
-	}
-
-	return false, err
-}
-
-func GetObjectSource(o *uo.UnstructuredObject, name string, namespace string, ctx context.Context) (string, string, error) {
-	status.Trace(ctx, "fetching %s in %s", name, namespace)
-
-	sourceName, ok, err := o.GetNestedField("spec", "sourceRef", "name")
-	if !ok {
-		return "", "", err
-	}
-
-	sourceNamespace, ok, err := o.GetNestedField("spec", "sourceRef", "namespace")
-	if !ok {
-		return "", "", err
-	}
-
-	return fmt.Sprintf("%v", sourceName),
-		fmt.Sprintf("%v", sourceNamespace),
-		err
-}
diff --git a/cmd/kluctl/commands/cmd_flux_reconcile.go b/cmd/kluctl/commands/cmd_flux_reconcile.go
deleted file mode 100644
index d4d49ed7c..000000000
--- a/cmd/kluctl/commands/cmd_flux_reconcile.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package commands
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-)
-
-type fluxReconcileCmd struct {
-	args.KluctlDeploymentFlags
-}
-
-func (cmd *fluxReconcileCmd) Run(ctx context.Context) error {
-	var (
-		sourceNamespace string
-		sourceName      string
-	)
-	ns := cmd.KluctlDeploymentFlags.Namespace
-	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
-	source := cmd.KluctlDeploymentFlags.WithSource
-	noWait := cmd.KluctlDeploymentFlags.NoWait
-	timestamp := time.Now().Format(time.RFC3339)
-
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
-	if err != nil {
-		return err
-	}
-	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
-	if err != nil {
-		return err
-	}
-
-	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
-	patch := []k8s.JsonPatch{{
-		Op:   "replace",
-		Path: "/metadata/annotations",
-		Value: map[string]string{
-			"fluxcd.io/reconcileAt": timestamp,
-		},
-	}}
-
-	if source {
-		if !cmd.VerifyFlags() {
-			fmt.Println("KluctlDeployment name flag not provided..")
-			os.Exit(1)
-		}
-		o, _, err := k.GetSingleObject(ref)
-		if o == nil {
-			return err
-		}
-
-		sourceName, sourceNamespace, err = GetObjectSource(o, kd, ns, context.TODO())
-		if err != nil {
-			return err
-		}
-		ref2 := k8s2.NewObjectRef(args.GitRepositoryGVK.Group, args.GitRepositoryGVK.Version, args.GitRepositoryGVK.Kind, sourceName, sourceNamespace)
-
-		s := status.Start(ctx, "Annotating Source %s in %s namespace", sourceName, sourceNamespace)
-		defer s.Failed()
-
-		_, _, err = k.PatchObjectWithJsonPatch(ref2, patch, k8s.PatchOptions{})
-		if err != nil {
-			return err
-		}
-		s.Success()
-
-		s = status.Start(ctx, "Waiting for Source %s to finish reconciliation", sourceName)
-
-		if !noWait {
-			ready, err := WaitForReady(k, ref2)
-			if !ready {
-				s.FailedWithMessage("Failed while waiting for Source %s to get ready..", sourceName)
-				return err
-			}
-		}
-
-		s.Success()
-	}
-
-	s := status.Start(ctx, "Annotating KluctlDeployment %s in %s namespace", kd, ns)
-	defer s.Failed()
-
-	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
-	if err != nil {
-		return err
-	}
-	s.Success()
-
-	s = status.Start(ctx, "Waiting for KluctlDeployment %s in %s namespace to finish reconciliation", kd, ns)
-
-	if !noWait {
-		ready, err := WaitForReady(k, ref)
-		if !ready {
-			s.FailedWithMessage("Failed while waiting for KluctlDeployment %s to get ready..", kd)
-			return err
-		}
-	}
-
-	s.Success()
-
-	return err
-}
diff --git a/cmd/kluctl/commands/cmd_flux_resume.go b/cmd/kluctl/commands/cmd_flux_resume.go
deleted file mode 100644
index 8d116bc1e..000000000
--- a/cmd/kluctl/commands/cmd_flux_resume.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package commands
-
-import (
-	"context"
-
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-)
-
-type fluxResumeCmd struct {
-	args.KluctlDeploymentFlags
-}
-
-// TODO add reconciliation after resume
-func (cmd *fluxResumeCmd) Run(ctx context.Context) error {
-	ns := cmd.KluctlDeploymentFlags.Namespace
-	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
-
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
-	if err != nil {
-		return err
-	}
-	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
-	if err != nil {
-		return err
-	}
-
-	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
-
-	patch := []k8s.JsonPatch{{
-		Op:    "replace",
-		Path:  "/spec/suspend",
-		Value: false,
-	}}
-
-	s := status.Start(ctx, "Resuming KluctlDeployment %s in %s namespace", kd, ns)
-	defer s.Failed()
-
-	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
-	if err != nil {
-		return err
-	}
-	s.Success()
-
-	return err
-}
diff --git a/cmd/kluctl/commands/cmd_flux_suspend.go b/cmd/kluctl/commands/cmd_flux_suspend.go
deleted file mode 100644
index d7981c1a6..000000000
--- a/cmd/kluctl/commands/cmd_flux_suspend.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package commands
-
-import (
-	"context"
-
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-)
-
-type fluxSuspendCmd struct {
-	args.KluctlDeploymentFlags
-}
-
-func (cmd *fluxSuspendCmd) Run(ctx context.Context) error {
-	ns := cmd.KluctlDeploymentFlags.Namespace
-	kd := cmd.KluctlDeploymentFlags.KluctlDeployment
-
-	cf, err := k8s.NewClientFactoryFromDefaultConfig(ctx, nil)
-	if err != nil {
-		return err
-	}
-	k, err := k8s.NewK8sCluster(context.TODO(), cf, false)
-	if err != nil {
-		return err
-	}
-
-	ref := k8s2.NewObjectRef(args.KluctlDeploymentGVK.Group, args.KluctlDeploymentGVK.Version, args.KluctlDeploymentGVK.Kind, kd, ns)
-	patch := []k8s.JsonPatch{{
-		Op:    "replace",
-		Path:  "/spec/suspend",
-		Value: true,
-	}}
-
-	s := status.Start(ctx, "Suspending KluctlDeployment %s in %s namespace", kd, ns)
-	defer s.Failed()
-
-	_, _, err = k.PatchObjectWithJsonPatch(ref, patch, k8s.PatchOptions{})
-	if err != nil {
-		return err
-	}
-
-	s.Success()
-
-	return err
-}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 7ec3fb4b1..200d0b9d7 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -66,7 +66,6 @@ type cli struct {
 	Render      renderCmd      `cmd:"" help:"Renders all resources and configuration files"`
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
-	Flux        fluxCmd        `cmd:"" help:"Flux sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
@@ -77,7 +76,6 @@ var flagGroups = []groupInfo{
 	{group: "images", title: "Image arguments:", description: "Control fixed images and update behaviour."},
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
-	{group: "flux", title: "Flux arguments:", description: "EXPERIMENTAL: Subcommands for interaction with flux-kluctl-controller"},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
 }
 
diff --git a/e2e/flux_test.go b/e2e/flux_test.go
deleted file mode 100644
index 5967270c4..000000000
--- a/e2e/flux_test.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package e2e
-
-import (
-	"context"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sync"
-	"testing"
-
-	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	"github.com/stretchr/testify/assert"
-)
-
-var kluctlDeploymentGVR = schema.GroupVersionResource{
-	Group:    "flux.kluctl.io",
-	Version:  "v1alpha1",
-	Resource: "kluctldeployments",
-}
-
-func getKluctlDeploymentObject(t *testing.T, k *test_utils.EnvTestCluster) *uo.UnstructuredObject {
-	kd, err := k.DynamicClient.Resource(kluctlDeploymentGVR).Namespace("flux-test").Get(context.Background(), "microservices-demo-test", v1.GetOptions{})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if kd == nil {
-		t.Fatal("kluctldeployment not found")
-	}
-	return uo.FromUnstructured(kd)
-}
-
-func TestFluxCommands(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
-
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		test_resources.ApplyYaml("flux-source-crd.yaml", k)
-		wg.Done()
-	}()
-	go func() {
-		test_resources.ApplyYaml("kluctl-crds.yaml", k)
-		wg.Done()
-	}()
-	wg.Wait()
-	test_resources.ApplyYaml("kluctl-deployment.yaml", k)
-
-	// assert that it was created
-	_ = getKluctlDeploymentObject(t, k)
-
-	p.KluctlMust("flux", "suspend", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test")
-	suspend := getKluctlSuspendField(t, k)
-	assert.Equal(t, true, suspend, "Field status.suspend is not false")
-
-	p.KluctlMust("flux", "resume", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test", "--no-wait")
-	resume := getKluctlSuspendField(t, k)
-	assert.Equal(t, false, resume, "Field status.suspend is not true")
-
-	p.KluctlMust("flux", "reconcile", "--namespace", "flux-test", "--kluctl-deployment", "microservices-demo-test", "--with-source", "--no-wait")
-	annotation := getKluctlAnnotations(t, k)
-	assert.Len(t, annotation, 1, "Annotation not present")
-}
-
-func getKluctlSuspendField(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
-	o := getKluctlDeploymentObject(t, k)
-	result, ok, err := o.GetNestedField("spec", "suspend")
-	fmt.Println(result)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !ok {
-		t.Fatalf("result not found")
-	}
-	return result
-}
-
-func getKluctlAnnotations(t *testing.T, k *test_utils.EnvTestCluster) interface{} {
-	o := getKluctlDeploymentObject(t, k)
-	result, ok, err := o.GetNestedField("metadata", "annotations")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !ok {
-		t.Fatalf("result not found")
-	}
-	fmt.Println(result)
-	return result
-}
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
index 742fd70c2..9be43ed76 100644
--- a/e2e/test_resources/README.md
+++ b/e2e/test_resources/README.md
@@ -3,18 +3,3 @@
 helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
 helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds --skip-tests > sealed-secrets.yaml
 ```
-
-# kluctl-crds.yaml
-Fetches flux-kluctl-controller crd definitions
-```bash
-kustomize build https://github.com/kluctl/flux-kluctl-controller/config/crd > kluctl-crds.yaml
-```
-
-# kluctl-deployment.yaml
-This is a simple KluctlDeployment that is not really valid. It points to a non-existing GitRepository. This object is only used to test `kluctl flux` subcommands (which only sets annotations and updates field 'suspend').
-
-# flux-source-crd.yaml
-Fetches flux-source-controller crd definitions
-```bash
-kustomize build https://github.com/fluxcd/source-controller/config/crd > flux-source-crd.yaml
-```
\ No newline at end of file
diff --git a/e2e/test_resources/flux-source-crd.yaml b/e2e/test_resources/flux-source-crd.yaml
deleted file mode 100644
index 4eda189ac..000000000
--- a/e2e/test_resources/flux-source-crd.yaml
+++ /dev/null
@@ -1,2623 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: buckets.source.toolkit.fluxcd.io
-spec:
-  group: source.toolkit.fluxcd.io
-  names:
-    kind: Bucket
-    listKind: BucketList
-    plural: buckets
-    singular: bucket
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.endpoint
-      name: Endpoint
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Bucket is the Schema for the buckets API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BucketSpec defines the desired state of an S3 compatible
-              bucket
-            properties:
-              accessFrom:
-                description: AccessFrom defines an Access Control List for allowing
-                  cross-namespace references to this object.
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              bucketName:
-                description: The bucket name.
-                type: string
-              endpoint:
-                description: The bucket endpoint address.
-                type: string
-              ignore:
-                description: Ignore overrides the set of excluded patterns in the
-                  .sourceignore format (which is the same as .gitignore). If not provided,
-                  a default will be used, consult the documentation for your version
-                  to find out what those are.
-                type: string
-              insecure:
-                description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
-                type: boolean
-              interval:
-                description: The interval at which to check for bucket updates.
-                type: string
-              provider:
-                default: generic
-                description: The S3 compatible storage provider name, default ('generic').
-                enum:
-                - generic
-                - aws
-                - gcp
-                type: string
-              region:
-                description: The bucket region.
-                type: string
-              secretRef:
-                description: The name of the secret containing authentication credentials
-                  for the Bucket.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              timeout:
-                default: 60s
-                description: The timeout for download operations, defaults to 60s.
-                type: string
-            required:
-            - bucketName
-            - endpoint
-            - interval
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: BucketStatus defines the observed state of a bucket
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  Bucket sync.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the artifact.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of this artifact.
-                    format: date-time
-                    type: string
-                  path:
-                    description: Path is the relative file path of this artifact.
-                    type: string
-                  revision:
-                    description: Revision is a human readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm index timestamp, a Helm chart version, etc.
-                    type: string
-                  url:
-                    description: URL is the HTTP address of this artifact.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the Bucket.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation.
-                format: int64
-                type: integer
-              url:
-                description: URL is the download link for the artifact output of the
-                  last Bucket sync.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.endpoint
-      name: Endpoint
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: Bucket is the Schema for the buckets API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: BucketSpec specifies the required configuration to produce
-              an Artifact for an object storage bucket.
-            properties:
-              accessFrom:
-                description: 'AccessFrom specifies an Access Control List for allowing
-                  cross-namespace references to this object. NOTE: Not implemented,
-                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              bucketName:
-                description: BucketName is the name of the object storage bucket.
-                type: string
-              endpoint:
-                description: Endpoint is the object storage address the BucketName
-                  is located at.
-                type: string
-              ignore:
-                description: Ignore overrides the set of excluded patterns in the
-                  .sourceignore format (which is the same as .gitignore). If not provided,
-                  a default will be used, consult the documentation for your version
-                  to find out what those are.
-                type: string
-              insecure:
-                description: Insecure allows connecting to a non-TLS HTTP Endpoint.
-                type: boolean
-              interval:
-                description: Interval at which to check the Endpoint for updates.
-                type: string
-              provider:
-                default: generic
-                description: Provider of the object storage bucket. Defaults to 'generic',
-                  which expects an S3 (API) compatible object storage.
-                enum:
-                - generic
-                - aws
-                - gcp
-                - azure
-                type: string
-              region:
-                description: Region of the Endpoint where the BucketName is located
-                  in.
-                type: string
-              secretRef:
-                description: SecretRef specifies the Secret containing authentication
-                  credentials for the Bucket.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: Suspend tells the controller to suspend the reconciliation
-                  of this Bucket.
-                type: boolean
-              timeout:
-                default: 60s
-                description: Timeout for fetch operations, defaults to 60s.
-                type: string
-            required:
-            - bucketName
-            - endpoint
-            - interval
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: BucketStatus records the observed state of a Bucket.
-            properties:
-              artifact:
-                description: Artifact represents the last successful Bucket reconciliation.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the Artifact file.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of the Artifact.
-                    format: date-time
-                    type: string
-                  metadata:
-                    additionalProperties:
-                      type: string
-                    description: Metadata holds upstream information such as OCI annotations.
-                    type: object
-                  path:
-                    description: Path is the relative file path of the Artifact. It
-                      can be used to locate the file in the root of the Artifact storage
-                      on the local file system of the controller managing the Source.
-                    type: string
-                  revision:
-                    description: Revision is a human-readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm chart version, etc.
-                    type: string
-                  size:
-                    description: Size is the number of bytes in the file.
-                    format: int64
-                    type: integer
-                  url:
-                    description: URL is the HTTP address of the Artifact as exposed
-                      by the controller managing the Source. It can be used to retrieve
-                      the Artifact for consumption, e.g. by another controller applying
-                      the Artifact contents.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the Bucket.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation of
-                  the Bucket object.
-                format: int64
-                type: integer
-              url:
-                description: URL is the dynamic fetch link for the latest Artifact.
-                  It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
-                  data is recommended.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: gitrepositories.source.toolkit.fluxcd.io
-spec:
-  group: source.toolkit.fluxcd.io
-  names:
-    kind: GitRepository
-    listKind: GitRepositoryList
-    plural: gitrepositories
-    shortNames:
-    - gitrepo
-    singular: gitrepository
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.url
-      name: URL
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: GitRepository is the Schema for the gitrepositories API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: GitRepositorySpec defines the desired state of a Git repository.
-            properties:
-              accessFrom:
-                description: AccessFrom defines an Access Control List for allowing
-                  cross-namespace references to this object.
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              gitImplementation:
-                default: go-git
-                description: Determines which git client library to use. Defaults
-                  to go-git, valid values are ('go-git', 'libgit2').
-                enum:
-                - go-git
-                - libgit2
-                type: string
-              ignore:
-                description: Ignore overrides the set of excluded patterns in the
-                  .sourceignore format (which is the same as .gitignore). If not provided,
-                  a default will be used, consult the documentation for your version
-                  to find out what those are.
-                type: string
-              include:
-                description: Extra git repositories to map into the repository
-                items:
-                  description: GitRepositoryInclude defines a source with a from and
-                    to path.
-                  properties:
-                    fromPath:
-                      description: The path to copy contents from, defaults to the
-                        root directory.
-                      type: string
-                    repository:
-                      description: Reference to a GitRepository to include.
-                      properties:
-                        name:
-                          description: Name of the referent.
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    toPath:
-                      description: The path to copy contents to, defaults to the name
-                        of the source ref.
-                      type: string
-                  required:
-                  - repository
-                  type: object
-                type: array
-              interval:
-                description: The interval at which to check for repository updates.
-                type: string
-              recurseSubmodules:
-                description: When enabled, after the clone is created, initializes
-                  all submodules within, using their default settings. This option
-                  is available only when using the 'go-git' GitImplementation.
-                type: boolean
-              ref:
-                description: The Git reference to checkout and monitor for changes,
-                  defaults to master branch.
-                properties:
-                  branch:
-                    description: The Git branch to checkout, defaults to master.
-                    type: string
-                  commit:
-                    description: The Git commit SHA to checkout, if specified Tag
-                      filters will be ignored.
-                    type: string
-                  semver:
-                    description: The Git tag semver expression, takes precedence over
-                      Tag.
-                    type: string
-                  tag:
-                    description: The Git tag to checkout, takes precedence over Branch.
-                    type: string
-                type: object
-              secretRef:
-                description: The secret name containing the Git credentials. For HTTPS
-                  repositories the secret must contain username and password fields.
-                  For SSH repositories the secret must contain identity and known_hosts
-                  fields.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              timeout:
-                default: 60s
-                description: The timeout for remote Git operations like cloning, defaults
-                  to 60s.
-                type: string
-              url:
-                description: The repository URL, can be a HTTP/S or SSH address.
-                pattern: ^(http|https|ssh)://.*$
-                type: string
-              verify:
-                description: Verify OpenPGP signature for the Git commit HEAD points
-                  to.
-                properties:
-                  mode:
-                    description: Mode describes what git object should be verified,
-                      currently ('head').
-                    enum:
-                    - head
-                    type: string
-                  secretRef:
-                    description: The secret name containing the public keys of all
-                      trusted Git authors.
-                    properties:
-                      name:
-                        description: Name of the referent.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                required:
-                - mode
-                type: object
-            required:
-            - interval
-            - url
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: GitRepositoryStatus defines the observed state of a Git repository.
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  repository sync.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the artifact.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of this artifact.
-                    format: date-time
-                    type: string
-                  path:
-                    description: Path is the relative file path of this artifact.
-                    type: string
-                  revision:
-                    description: Revision is a human readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm index timestamp, a Helm chart version, etc.
-                    type: string
-                  url:
-                    description: URL is the HTTP address of this artifact.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the GitRepository.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              includedArtifacts:
-                description: IncludedArtifacts represents the included artifacts from
-                  the last successful repository sync.
-                items:
-                  description: Artifact represents the output of a source synchronisation.
-                  properties:
-                    checksum:
-                      description: Checksum is the SHA256 checksum of the artifact.
-                      type: string
-                    lastUpdateTime:
-                      description: LastUpdateTime is the timestamp corresponding to
-                        the last update of this artifact.
-                      format: date-time
-                      type: string
-                    path:
-                      description: Path is the relative file path of this artifact.
-                      type: string
-                    revision:
-                      description: Revision is a human readable identifier traceable
-                        in the origin source system. It can be a Git commit SHA, Git
-                        tag, a Helm index timestamp, a Helm chart version, etc.
-                      type: string
-                    url:
-                      description: URL is the HTTP address of this artifact.
-                      type: string
-                  required:
-                  - path
-                  - url
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation.
-                format: int64
-                type: integer
-              url:
-                description: URL is the download link for the artifact output of the
-                  last repository sync.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.url
-      name: URL
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: GitRepository is the Schema for the gitrepositories API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: GitRepositorySpec specifies the required configuration to
-              produce an Artifact for a Git repository.
-            properties:
-              accessFrom:
-                description: 'AccessFrom specifies an Access Control List for allowing
-                  cross-namespace references to this object. NOTE: Not implemented,
-                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              gitImplementation:
-                default: go-git
-                description: GitImplementation specifies which Git client library
-                  implementation to use. Defaults to 'go-git', valid values are ('go-git',
-                  'libgit2').
-                enum:
-                - go-git
-                - libgit2
-                type: string
-              ignore:
-                description: Ignore overrides the set of excluded patterns in the
-                  .sourceignore format (which is the same as .gitignore). If not provided,
-                  a default will be used, consult the documentation for your version
-                  to find out what those are.
-                type: string
-              include:
-                description: Include specifies a list of GitRepository resources which
-                  Artifacts should be included in the Artifact produced for this GitRepository.
-                items:
-                  description: GitRepositoryInclude specifies a local reference to
-                    a GitRepository which Artifact (sub-)contents must be included,
-                    and where they should be placed.
-                  properties:
-                    fromPath:
-                      description: FromPath specifies the path to copy contents from,
-                        defaults to the root of the Artifact.
-                      type: string
-                    repository:
-                      description: GitRepositoryRef specifies the GitRepository which
-                        Artifact contents must be included.
-                      properties:
-                        name:
-                          description: Name of the referent.
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    toPath:
-                      description: ToPath specifies the path to copy contents to,
-                        defaults to the name of the GitRepositoryRef.
-                      type: string
-                  required:
-                  - repository
-                  type: object
-                type: array
-              interval:
-                description: Interval at which to check the GitRepository for updates.
-                type: string
-              recurseSubmodules:
-                description: RecurseSubmodules enables the initialization of all submodules
-                  within the GitRepository as cloned from the URL, using their default
-                  settings. This option is available only when using the 'go-git'
-                  GitImplementation.
-                type: boolean
-              ref:
-                description: Reference specifies the Git reference to resolve and
-                  monitor for changes, defaults to the 'master' branch.
-                properties:
-                  branch:
-                    description: "Branch to check out, defaults to 'master' if no
-                      other field is defined. \n When GitRepositorySpec.GitImplementation
-                      is set to 'go-git', a shallow clone of the specified branch
-                      is performed."
-                    type: string
-                  commit:
-                    description: "Commit SHA to check out, takes precedence over all
-                      reference fields. \n When GitRepositorySpec.GitImplementation
-                      is set to 'go-git', this can be combined with Branch to shallow
-                      clone the branch, in which the commit is expected to exist."
-                    type: string
-                  semver:
-                    description: SemVer tag expression to check out, takes precedence
-                      over Tag.
-                    type: string
-                  tag:
-                    description: Tag to check out, takes precedence over Branch.
-                    type: string
-                type: object
-              secretRef:
-                description: SecretRef specifies the Secret containing authentication
-                  credentials for the GitRepository. For HTTPS repositories the Secret
-                  must contain 'username' and 'password' fields. For SSH repositories
-                  the Secret must contain 'identity' and 'known_hosts' fields.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: Suspend tells the controller to suspend the reconciliation
-                  of this GitRepository.
-                type: boolean
-              timeout:
-                default: 60s
-                description: Timeout for Git operations like cloning, defaults to
-                  60s.
-                type: string
-              url:
-                description: URL specifies the Git repository URL, it can be an HTTP/S
-                  or SSH address.
-                pattern: ^(http|https|ssh)://.*$
-                type: string
-              verify:
-                description: Verification specifies the configuration to verify the
-                  Git commit signature(s).
-                properties:
-                  mode:
-                    description: Mode specifies what Git object should be verified,
-                      currently ('head').
-                    enum:
-                    - head
-                    type: string
-                  secretRef:
-                    description: SecretRef specifies the Secret containing the public
-                      keys of trusted Git authors.
-                    properties:
-                      name:
-                        description: Name of the referent.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                required:
-                - mode
-                type: object
-            required:
-            - interval
-            - url
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: GitRepositoryStatus records the observed state of a Git repository.
-            properties:
-              artifact:
-                description: Artifact represents the last successful GitRepository
-                  reconciliation.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the Artifact file.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of the Artifact.
-                    format: date-time
-                    type: string
-                  metadata:
-                    additionalProperties:
-                      type: string
-                    description: Metadata holds upstream information such as OCI annotations.
-                    type: object
-                  path:
-                    description: Path is the relative file path of the Artifact. It
-                      can be used to locate the file in the root of the Artifact storage
-                      on the local file system of the controller managing the Source.
-                    type: string
-                  revision:
-                    description: Revision is a human-readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm chart version, etc.
-                    type: string
-                  size:
-                    description: Size is the number of bytes in the file.
-                    format: int64
-                    type: integer
-                  url:
-                    description: URL is the HTTP address of the Artifact as exposed
-                      by the controller managing the Source. It can be used to retrieve
-                      the Artifact for consumption, e.g. by another controller applying
-                      the Artifact contents.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the GitRepository.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              contentConfigChecksum:
-                description: 'ContentConfigChecksum is a checksum of all the configurations
-                  related to the content of the source artifact:  - .spec.ignore  -
-                  .spec.recurseSubmodules  - .spec.included and the checksum of the
-                  included artifacts observed in .status.observedGeneration version
-                  of the object. This can be used to determine if the content of the
-                  included repository has changed. It has the format of `<algo>:<checksum>`,
-                  for example: `sha256:<checksum>`.'
-                type: string
-              includedArtifacts:
-                description: IncludedArtifacts contains a list of the last successfully
-                  included Artifacts as instructed by GitRepositorySpec.Include.
-                items:
-                  description: Artifact represents the output of a Source reconciliation.
-                  properties:
-                    checksum:
-                      description: Checksum is the SHA256 checksum of the Artifact
-                        file.
-                      type: string
-                    lastUpdateTime:
-                      description: LastUpdateTime is the timestamp corresponding to
-                        the last update of the Artifact.
-                      format: date-time
-                      type: string
-                    metadata:
-                      additionalProperties:
-                        type: string
-                      description: Metadata holds upstream information such as OCI
-                        annotations.
-                      type: object
-                    path:
-                      description: Path is the relative file path of the Artifact.
-                        It can be used to locate the file in the root of the Artifact
-                        storage on the local file system of the controller managing
-                        the Source.
-                      type: string
-                    revision:
-                      description: Revision is a human-readable identifier traceable
-                        in the origin source system. It can be a Git commit SHA, Git
-                        tag, a Helm chart version, etc.
-                      type: string
-                    size:
-                      description: Size is the number of bytes in the file.
-                      format: int64
-                      type: integer
-                    url:
-                      description: URL is the HTTP address of the Artifact as exposed
-                        by the controller managing the Source. It can be used to retrieve
-                        the Artifact for consumption, e.g. by another controller applying
-                        the Artifact contents.
-                      type: string
-                  required:
-                  - path
-                  - url
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation of
-                  the GitRepository object.
-                format: int64
-                type: integer
-              url:
-                description: URL is the dynamic fetch link for the latest Artifact.
-                  It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact
-                  data is recommended.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: helmcharts.source.toolkit.fluxcd.io
-spec:
-  group: source.toolkit.fluxcd.io
-  names:
-    kind: HelmChart
-    listKind: HelmChartList
-    plural: helmcharts
-    shortNames:
-    - hc
-    singular: helmchart
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.chart
-      name: Chart
-      type: string
-    - jsonPath: .spec.version
-      name: Version
-      type: string
-    - jsonPath: .spec.sourceRef.kind
-      name: Source Kind
-      type: string
-    - jsonPath: .spec.sourceRef.name
-      name: Source Name
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: HelmChart is the Schema for the helmcharts API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HelmChartSpec defines the desired state of a Helm chart.
-            properties:
-              accessFrom:
-                description: AccessFrom defines an Access Control List for allowing
-                  cross-namespace references to this object.
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              chart:
-                description: The name or path the Helm chart is available at in the
-                  SourceRef.
-                type: string
-              interval:
-                description: The interval at which to check the Source for updates.
-                type: string
-              reconcileStrategy:
-                default: ChartVersion
-                description: Determines what enables the creation of a new artifact.
-                  Valid values are ('ChartVersion', 'Revision'). See the documentation
-                  of the values for an explanation on their behavior. Defaults to
-                  ChartVersion when omitted.
-                enum:
-                - ChartVersion
-                - Revision
-                type: string
-              sourceRef:
-                description: The reference to the Source the chart is available at.
-                properties:
-                  apiVersion:
-                    description: APIVersion of the referent.
-                    type: string
-                  kind:
-                    description: Kind of the referent, valid values are ('HelmRepository',
-                      'GitRepository', 'Bucket').
-                    enum:
-                    - HelmRepository
-                    - GitRepository
-                    - Bucket
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              valuesFile:
-                description: Alternative values file to use as the default chart values,
-                  expected to be a relative path in the SourceRef. Deprecated in favor
-                  of ValuesFiles, for backwards compatibility the file defined here
-                  is merged before the ValuesFiles items. Ignored when omitted.
-                type: string
-              valuesFiles:
-                description: Alternative list of values files to use as the chart
-                  values (values.yaml is not included by default), expected to be
-                  a relative path in the SourceRef. Values files are merged in the
-                  order of this list with the last file overriding the first. Ignored
-                  when omitted.
-                items:
-                  type: string
-                type: array
-              version:
-                default: '*'
-                description: The chart version semver expression, ignored for charts
-                  from GitRepository and Bucket sources. Defaults to latest when omitted.
-                type: string
-            required:
-            - chart
-            - interval
-            - sourceRef
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: HelmChartStatus defines the observed state of the HelmChart.
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  chart sync.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the artifact.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of this artifact.
-                    format: date-time
-                    type: string
-                  path:
-                    description: Path is the relative file path of this artifact.
-                    type: string
-                  revision:
-                    description: Revision is a human readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm index timestamp, a Helm chart version, etc.
-                    type: string
-                  url:
-                    description: URL is the HTTP address of this artifact.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the HelmChart.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation.
-                format: int64
-                type: integer
-              url:
-                description: URL is the download link for the last chart pulled.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.chart
-      name: Chart
-      type: string
-    - jsonPath: .spec.version
-      name: Version
-      type: string
-    - jsonPath: .spec.sourceRef.kind
-      name: Source Kind
-      type: string
-    - jsonPath: .spec.sourceRef.name
-      name: Source Name
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: HelmChart is the Schema for the helmcharts API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HelmChartSpec specifies the desired state of a Helm chart.
-            properties:
-              accessFrom:
-                description: 'AccessFrom specifies an Access Control List for allowing
-                  cross-namespace references to this object. NOTE: Not implemented,
-                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              chart:
-                description: Chart is the name or path the Helm chart is available
-                  at in the SourceRef.
-                type: string
-              interval:
-                description: Interval is the interval at which to check the Source
-                  for updates.
-                type: string
-              reconcileStrategy:
-                default: ChartVersion
-                description: ReconcileStrategy determines what enables the creation
-                  of a new artifact. Valid values are ('ChartVersion', 'Revision').
-                  See the documentation of the values for an explanation on their
-                  behavior. Defaults to ChartVersion when omitted.
-                enum:
-                - ChartVersion
-                - Revision
-                type: string
-              sourceRef:
-                description: SourceRef is the reference to the Source the chart is
-                  available at.
-                properties:
-                  apiVersion:
-                    description: APIVersion of the referent.
-                    type: string
-                  kind:
-                    description: Kind of the referent, valid values are ('HelmRepository',
-                      'GitRepository', 'Bucket').
-                    enum:
-                    - HelmRepository
-                    - GitRepository
-                    - Bucket
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: Suspend tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              valuesFile:
-                description: ValuesFile is an alternative values file to use as the
-                  default chart values, expected to be a relative path in the SourceRef.
-                  Deprecated in favor of ValuesFiles, for backwards compatibility
-                  the file specified here is merged before the ValuesFiles items.
-                  Ignored when omitted.
-                type: string
-              valuesFiles:
-                description: ValuesFiles is an alternative list of values files to
-                  use as the chart values (values.yaml is not included by default),
-                  expected to be a relative path in the SourceRef. Values files are
-                  merged in the order of this list with the last file overriding the
-                  first. Ignored when omitted.
-                items:
-                  type: string
-                type: array
-              version:
-                default: '*'
-                description: Version is the chart version semver expression, ignored
-                  for charts from GitRepository and Bucket sources. Defaults to latest
-                  when omitted.
-                type: string
-            required:
-            - chart
-            - interval
-            - sourceRef
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: HelmChartStatus records the observed state of the HelmChart.
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  reconciliation.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the Artifact file.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of the Artifact.
-                    format: date-time
-                    type: string
-                  metadata:
-                    additionalProperties:
-                      type: string
-                    description: Metadata holds upstream information such as OCI annotations.
-                    type: object
-                  path:
-                    description: Path is the relative file path of the Artifact. It
-                      can be used to locate the file in the root of the Artifact storage
-                      on the local file system of the controller managing the Source.
-                    type: string
-                  revision:
-                    description: Revision is a human-readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm chart version, etc.
-                    type: string
-                  size:
-                    description: Size is the number of bytes in the file.
-                    format: int64
-                    type: integer
-                  url:
-                    description: URL is the HTTP address of the Artifact as exposed
-                      by the controller managing the Source. It can be used to retrieve
-                      the Artifact for consumption, e.g. by another controller applying
-                      the Artifact contents.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the HelmChart.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedChartName:
-                description: ObservedChartName is the last observed chart name as
-                  specified by the resolved chart reference.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation of
-                  the HelmChart object.
-                format: int64
-                type: integer
-              observedSourceArtifactRevision:
-                description: ObservedSourceArtifactRevision is the last observed Artifact.Revision
-                  of the HelmChartSpec.SourceRef.
-                type: string
-              url:
-                description: URL is the dynamic fetch link for the latest Artifact.
-                  It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact
-                  data is recommended.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: helmrepositories.source.toolkit.fluxcd.io
-spec:
-  group: source.toolkit.fluxcd.io
-  names:
-    kind: HelmRepository
-    listKind: HelmRepositoryList
-    plural: helmrepositories
-    shortNames:
-    - helmrepo
-    singular: helmrepository
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.url
-      name: URL
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: HelmRepository is the Schema for the helmrepositories API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HelmRepositorySpec defines the reference to a Helm repository.
-            properties:
-              accessFrom:
-                description: AccessFrom defines an Access Control List for allowing
-                  cross-namespace references to this object.
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              interval:
-                description: The interval at which to check the upstream for updates.
-                type: string
-              passCredentials:
-                description: PassCredentials allows the credentials from the SecretRef
-                  to be passed on to a host that does not match the host as defined
-                  in URL. This may be required if the host of the advertised chart
-                  URLs in the index differ from the defined URL. Enabling this should
-                  be done with caution, as it can potentially result in credentials
-                  getting stolen in a MITM-attack.
-                type: boolean
-              secretRef:
-                description: The name of the secret containing authentication credentials
-                  for the Helm repository. For HTTP/S basic auth the secret must contain
-                  username and password fields. For TLS the secret must contain a
-                  certFile and keyFile, and/or caCert fields.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              timeout:
-                default: 60s
-                description: The timeout of index downloading, defaults to 60s.
-                type: string
-              url:
-                description: The Helm repository URL, a valid URL contains at least
-                  a protocol and host.
-                type: string
-            required:
-            - interval
-            - url
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: HelmRepositoryStatus defines the observed state of the HelmRepository.
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  repository sync.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the artifact.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of this artifact.
-                    format: date-time
-                    type: string
-                  path:
-                    description: Path is the relative file path of this artifact.
-                    type: string
-                  revision:
-                    description: Revision is a human readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm index timestamp, a Helm chart version, etc.
-                    type: string
-                  url:
-                    description: URL is the HTTP address of this artifact.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the HelmRepository.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation.
-                format: int64
-                type: integer
-              url:
-                description: URL is the download link for the last index fetched.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - additionalPrinterColumns:
-    - jsonPath: .spec.url
-      name: URL
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: HelmRepository is the Schema for the helmrepositories API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: HelmRepositorySpec specifies the required configuration to
-              produce an Artifact for a Helm repository index YAML.
-            properties:
-              accessFrom:
-                description: 'AccessFrom specifies an Access Control List for allowing
-                  cross-namespace references to this object. NOTE: Not implemented,
-                  provisional as of https://github.com/fluxcd/flux2/pull/2092'
-                properties:
-                  namespaceSelectors:
-                    description: NamespaceSelectors is the list of namespace selectors
-                      to which this ACL applies. Items in this list are evaluated
-                      using a logical OR operation.
-                    items:
-                      description: NamespaceSelector selects the namespaces to which
-                        this ACL applies. An empty map of MatchLabels matches all
-                        namespaces in a cluster.
-                      properties:
-                        matchLabels:
-                          additionalProperties:
-                            type: string
-                          description: MatchLabels is a map of {key,value} pairs.
-                            A single {key,value} in the matchLabels map is equivalent
-                            to an element of matchExpressions, whose key field is
-                            "key", the operator is "In", and the values array contains
-                            only "value". The requirements are ANDed.
-                          type: object
-                      type: object
-                    type: array
-                required:
-                - namespaceSelectors
-                type: object
-              interval:
-                description: Interval at which to check the URL for updates.
-                type: string
-              passCredentials:
-                description: PassCredentials allows the credentials from the SecretRef
-                  to be passed on to a host that does not match the host as defined
-                  in URL. This may be required if the host of the advertised chart
-                  URLs in the index differ from the defined URL. Enabling this should
-                  be done with caution, as it can potentially result in credentials
-                  getting stolen in a MITM-attack.
-                type: boolean
-              provider:
-                default: generic
-                description: Provider used for authentication, can be 'aws', 'azure',
-                  'gcp' or 'generic'. This field is optional, and only taken into
-                  account if the .spec.type field is set to 'oci'. When not specified,
-                  defaults to 'generic'.
-                enum:
-                - generic
-                - aws
-                - azure
-                - gcp
-                type: string
-              secretRef:
-                description: SecretRef specifies the Secret containing authentication
-                  credentials for the HelmRepository. For HTTP/S basic auth the secret
-                  must contain 'username' and 'password' fields. For TLS the secret
-                  must contain a 'certFile' and 'keyFile', and/or 'caCert' fields.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              suspend:
-                description: Suspend tells the controller to suspend the reconciliation
-                  of this HelmRepository.
-                type: boolean
-              timeout:
-                default: 60s
-                description: Timeout is used for the index fetch operation for an
-                  HTTPS helm repository, and for remote OCI Repository operations
-                  like pulling for an OCI helm repository. Its default value is 60s.
-                type: string
-              type:
-                description: Type of the HelmRepository. When this field is set to  "oci",
-                  the URL field value must be prefixed with "oci://".
-                enum:
-                - default
-                - oci
-                type: string
-              url:
-                description: URL of the Helm repository, a valid URL contains at least
-                  a protocol and host.
-                type: string
-            required:
-            - interval
-            - url
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: HelmRepositoryStatus records the observed state of the HelmRepository.
-            properties:
-              artifact:
-                description: Artifact represents the last successful HelmRepository
-                  reconciliation.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the Artifact file.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of the Artifact.
-                    format: date-time
-                    type: string
-                  metadata:
-                    additionalProperties:
-                      type: string
-                    description: Metadata holds upstream information such as OCI annotations.
-                    type: object
-                  path:
-                    description: Path is the relative file path of the Artifact. It
-                      can be used to locate the file in the root of the Artifact storage
-                      on the local file system of the controller managing the Source.
-                    type: string
-                  revision:
-                    description: Revision is a human-readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm chart version, etc.
-                    type: string
-                  size:
-                    description: Size is the number of bytes in the file.
-                    format: int64
-                    type: integer
-                  url:
-                    description: URL is the HTTP address of the Artifact as exposed
-                      by the controller managing the Source. It can be used to retrieve
-                      the Artifact for consumption, e.g. by another controller applying
-                      the Artifact contents.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the HelmRepository.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation of
-                  the HelmRepository object.
-                format: int64
-                type: integer
-              url:
-                description: URL is the dynamic fetch link for the latest Artifact.
-                  It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact
-                  data is recommended.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: ocirepositories.source.toolkit.fluxcd.io
-spec:
-  group: source.toolkit.fluxcd.io
-  names:
-    kind: OCIRepository
-    listKind: OCIRepositoryList
-    plural: ocirepositories
-    shortNames:
-    - ocirepo
-    singular: ocirepository
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.url
-      name: URL
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1beta2
-    schema:
-      openAPIV3Schema:
-        description: OCIRepository is the Schema for the ocirepositories API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: OCIRepositorySpec defines the desired state of OCIRepository
-            properties:
-              certSecretRef:
-                description: "CertSecretRef can be given the name of a secret containing
-                  either or both of \n  - a PEM-encoded client certificate (`certFile`)
-                  and private  key (`keyFile`);  - a PEM-encoded CA certificate (`caFile`)
-                  \n  and whichever are supplied, will be used for connecting to the
-                  \ registry. The client cert and key are useful if you are  authenticating
-                  with a certificate; the CA cert is useful if  you are using a self-signed
-                  server certificate."
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              ignore:
-                description: Ignore overrides the set of excluded patterns in the
-                  .sourceignore format (which is the same as .gitignore). If not provided,
-                  a default will be used, consult the documentation for your version
-                  to find out what those are.
-                type: string
-              insecure:
-                description: Insecure allows connecting to a non-TLS HTTP container
-                  registry.
-                type: boolean
-              interval:
-                description: The interval at which to check for image updates.
-                type: string
-              layerSelector:
-                description: LayerSelector specifies which layer should be extracted
-                  from the OCI artifact. When not specified, the first layer found
-                  in the artifact is selected.
-                properties:
-                  mediaType:
-                    description: MediaType specifies the OCI media type of the layer
-                      which should be extracted from the OCI Artifact. The first layer
-                      matching this type is selected.
-                    type: string
-                type: object
-              provider:
-                default: generic
-                description: The provider used for authentication, can be 'aws', 'azure',
-                  'gcp' or 'generic'. When not specified, defaults to 'generic'.
-                enum:
-                - generic
-                - aws
-                - azure
-                - gcp
-                type: string
-              ref:
-                description: The OCI reference to pull and monitor for changes, defaults
-                  to the latest tag.
-                properties:
-                  digest:
-                    description: Digest is the image digest to pull, takes precedence
-                      over SemVer. The value should be in the format 'sha256:<HASH>'.
-                    type: string
-                  semver:
-                    description: SemVer is the range of tags to pull selecting the
-                      latest within the range, takes precedence over Tag.
-                    type: string
-                  tag:
-                    description: Tag is the image tag to pull, defaults to latest.
-                    type: string
-                type: object
-              secretRef:
-                description: SecretRef contains the secret name containing the registry
-                  login credentials to resolve image metadata. The secret must be
-                  of type kubernetes.io/dockerconfigjson.
-                properties:
-                  name:
-                    description: Name of the referent.
-                    type: string
-                required:
-                - name
-                type: object
-              serviceAccountName:
-                description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount
-                  used to authenticate the image pull if the service account has attached
-                  pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account'
-                type: string
-              suspend:
-                description: This flag tells the controller to suspend the reconciliation
-                  of this source.
-                type: boolean
-              timeout:
-                default: 60s
-                description: The timeout for remote OCI Repository operations like
-                  pulling, defaults to 60s.
-                type: string
-              url:
-                description: URL is a reference to an OCI artifact repository hosted
-                  on a remote container registry.
-                pattern: ^oci://.*$
-                type: string
-            required:
-            - interval
-            - url
-            type: object
-          status:
-            default:
-              observedGeneration: -1
-            description: OCIRepositoryStatus defines the observed state of OCIRepository
-            properties:
-              artifact:
-                description: Artifact represents the output of the last successful
-                  OCI Repository sync.
-                properties:
-                  checksum:
-                    description: Checksum is the SHA256 checksum of the Artifact file.
-                    type: string
-                  lastUpdateTime:
-                    description: LastUpdateTime is the timestamp corresponding to
-                      the last update of the Artifact.
-                    format: date-time
-                    type: string
-                  metadata:
-                    additionalProperties:
-                      type: string
-                    description: Metadata holds upstream information such as OCI annotations.
-                    type: object
-                  path:
-                    description: Path is the relative file path of the Artifact. It
-                      can be used to locate the file in the root of the Artifact storage
-                      on the local file system of the controller managing the Source.
-                    type: string
-                  revision:
-                    description: Revision is a human-readable identifier traceable
-                      in the origin source system. It can be a Git commit SHA, Git
-                      tag, a Helm chart version, etc.
-                    type: string
-                  size:
-                    description: Size is the number of bytes in the file.
-                    format: int64
-                    type: integer
-                  url:
-                    description: URL is the HTTP address of the Artifact as exposed
-                      by the controller managing the Source. It can be used to retrieve
-                      the Artifact for consumption, e.g. by another controller applying
-                      the Artifact contents.
-                    type: string
-                required:
-                - path
-                - url
-                type: object
-              conditions:
-                description: Conditions holds the conditions for the OCIRepository.
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              observedGeneration:
-                description: ObservedGeneration is the last observed generation.
-                format: int64
-                type: integer
-              url:
-                description: URL is the download link for the artifact output of the
-                  last OCI Repository sync.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/e2e/test_resources/kluctl-crds.yaml b/e2e/test_resources/kluctl-crds.yaml
deleted file mode 100644
index 83b9cffcc..000000000
--- a/e2e/test_resources/kluctl-crds.yaml
+++ /dev/null
@@ -1,567 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: kluctldeployments.flux.kluctl.io
-spec:
-  group: flux.kluctl.io
-  names:
-    kind: KluctlDeployment
-    listKind: KluctlDeploymentList
-    plural: kluctldeployments
-    singular: kluctldeployment
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.lastDeployResult.time
-      name: Deployed
-      type: date
-    - jsonPath: .status.lastPruneResult.time
-      name: Pruned
-      type: date
-    - jsonPath: .status.lastValidateResult.time
-      name: Validated
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: KluctlDeployment is the Schema for the kluctldeployments API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              abortOnError:
-                default: false
-                description: ForceReplaceOnError instructs kluctl to abort deployments
-                  immediately when something fails. Equivalent to using '--abort-on-error'
-                  when calling kluctl.
-                type: boolean
-              args:
-                description: Args specifies dynamic target args.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              context:
-                description: If specified, overrides the context to be used. This
-                  will effectively make kluctl ignore the context specified in the
-                  target.
-                type: string
-              decryption:
-                description: Decrypt Kubernetes secrets before applying them on the
-                  cluster.
-                properties:
-                  provider:
-                    description: Provider is the name of the decryption engine.
-                    enum:
-                    - sops
-                    type: string
-                  secretRef:
-                    description: The secret name containing the private OpenPGP keys
-                      used for decryption.
-                    properties:
-                      name:
-                        description: Name of the referent.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                required:
-                - provider
-                type: object
-              deployInterval:
-                description: DeployInterval specifies the interval at which to deploy
-                  the KluctlDeployment. It defaults to the Interval value, meaning
-                  that it will re-deploy on every reconciliation. If you set DeployInterval
-                  to a different value,
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
-                type: string
-              deployMode:
-                default: full-deploy
-                description: DeployMode specifies what deploy mode should be used
-                enum:
-                - full-deploy
-                - poke-images
-                type: string
-              deployOnChanges:
-                default: true
-                description: DeployOnChanges will cause a re-deployment whenever the
-                  rendered resources change in the deployment. This check is performed
-                  on every reconciliation. This means that a deployment will be triggered
-                  even before the DeployInterval has passed in case something has
-                  changed in the rendered resources.
-                type: boolean
-              dryRun:
-                default: false
-                description: DryRun instructs kluctl to run everything in dry-run
-                  mode. Equivalent to using '--dry-run' when calling kluctl.
-                type: boolean
-              excludeDeploymentDirs:
-                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
-                  with the given dir. Equivalent to using '--exclude-deployment-dir'
-                  when calling kluctl.
-                items:
-                  type: string
-                type: array
-              excludeTags:
-                description: ExcludeTags instructs kluctl to exclude deployments with
-                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
-                items:
-                  type: string
-                type: array
-              forceApply:
-                default: false
-                description: ForceApply instructs kluctl to force-apply in case of
-                  SSA conflicts. Equivalent to using '--force-apply' when calling
-                  kluctl.
-                type: boolean
-              forceReplaceOnError:
-                default: false
-                description: ForceReplaceOnError instructs kluctl to force-replace
-                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
-                  when calling kluctl.
-                type: boolean
-              images:
-                description: Images contains a list of fixed image overrides. Equivalent
-                  to using '--fixed-images-file' when calling kluctl.
-                items:
-                  properties:
-                    container:
-                      type: string
-                    deployTags:
-                      items:
-                        type: string
-                      type: array
-                    deployedImage:
-                      type: string
-                    deployment:
-                      type: string
-                    deploymentDir:
-                      type: string
-                    image:
-                      type: string
-                    namespace:
-                      type: string
-                    object:
-                      description: ObjectRef contains the information necessary to
-                        locate a resource within a cluster.
-                      properties:
-                        group:
-                          type: string
-                        kind:
-                          type: string
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                        version:
-                          type: string
-                      required:
-                      - group
-                      - kind
-                      - name
-                      - namespace
-                      - version
-                      type: object
-                    registryImage:
-                      type: string
-                    resultImage:
-                      type: string
-                    versionFilter:
-                      type: string
-                  required:
-                  - image
-                  - resultImage
-                  type: object
-                type: array
-              includeDeploymentDirs:
-                description: IncludeDeploymentDirs instructs kluctl to only include
-                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
-                  when calling kluctl.
-                items:
-                  type: string
-                type: array
-              includeTags:
-                description: IncludeTags instructs kluctl to only include deployments
-                  with given tags. Equivalent to using '--include-tag' when calling
-                  kluctl.
-                items:
-                  type: string
-                type: array
-              interval:
-                description: The interval at which to reconcile the KluctlDeployment.
-                  By default, the controller will re-deploy and validate the deployment
-                  on each reconciliation. To override this behavior, change the DeployInterval
-                  and/or ValidateInterval values.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              kubeConfig:
-                description: The KubeConfig for deploying to the target cluster. Specifies
-                  the kubeconfig to be used when invoking kluctl. Contexts in this
-                  kubeconfig must match the context found in the kluctl target. As
-                  an alternative, specify the context to be used via 'context'
-                properties:
-                  secretRef:
-                    description: SecretRef holds the name of a secret that contains
-                      a key with the kubeconfig file as the value. If no key is set,
-                      the key will default to 'value'. The secret must be in the same
-                      namespace as the Kustomization. It is recommended that the kubeconfig
-                      is self-contained, and the secret is regularly updated if credentials
-                      such as a cloud-access-token expire. Cloud specific `cmd-path`
-                      auth helpers will not function without adding binaries and credentials
-                      to the Pod that is responsible for reconciling the KluctlDeployment.
-                    properties:
-                      key:
-                        description: Key in the Secret, when not specified an implementation-specific
-                          default key is used.
-                        type: string
-                      name:
-                        description: Name of the Secret.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                type: object
-              noWait:
-                default: false
-                description: NoWait instructs kluctl to not wait for any resources
-                  to become ready, including hooks. Equivalent to using '--no-wait'
-                  when calling kluctl.
-                type: boolean
-              path:
-                description: Path to the directory containing the .kluctl.yaml file,
-                  or the Defaults to 'None', which translates to the root path of
-                  the SourceRef.
-                type: string
-              prune:
-                default: false
-                description: Prune enables pruning after deploying.
-                type: boolean
-              registrySecrets:
-                description: RegistrySecrets is a list of secret references to be
-                  used for image registry authentication. The secrets must either
-                  have ".dockerconfigjson" included or "registry", "username" and
-                  "password". Additionally, "caFile" and "insecure" can be specified.
-                items:
-                  description: LocalObjectReference contains enough information to
-                    locate the referenced Kubernetes resource object.
-                  properties:
-                    name:
-                      description: Name of the referent.
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              renameContexts:
-                description: RenameContexts specifies a list of context rename operations.
-                  This is useful when the kluctl target's context does not match with
-                  the contexts found in the kubeconfig while deploying. This is the
-                  case when using kubeconfigs generated from service accounts, in
-                  which case the context name is always "default".
-                items:
-                  description: RenameContext specifies a single rename of a context
-                  properties:
-                    newContext:
-                      description: NewContext is the new name of the context
-                      type: string
-                    oldContext:
-                      description: OldContext is the name of the context to be renamed
-                      type: string
-                  required:
-                  - newContext
-                  - oldContext
-                  type: object
-                type: array
-              replaceOnError:
-                default: false
-                description: ReplaceOnError instructs kluctl to replace resources
-                  on error. Equivalent to using '--replace-on-error' when calling
-                  kluctl.
-                type: boolean
-              retryInterval:
-                description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the Interval value to retry
-                  failures.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              serviceAccountName:
-                description: The name of the Kubernetes service account to use while
-                  deploying. If not specified, the default service account is used.
-                type: string
-              sourceRef:
-                description: Reference of the source where the kluctl project is.
-                  The authentication secrets from the source are also used to authenticate
-                  dependent git repositories which are cloned while deploying the
-                  kluctl project.
-                properties:
-                  apiVersion:
-                    description: API version of the referent, if not specified the
-                      Kubernetes preferred version will be used.
-                    type: string
-                  kind:
-                    description: Kind of the referent.
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                  namespace:
-                    description: Namespace of the referent, when not specified it
-                      acts as LocalObjectReference.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend subsequent
-                  kluctl executions, it does not apply to already started executions.
-                  Defaults to false.
-                type: boolean
-              target:
-                description: Target specifies the kluctl target to deploy. If not
-                  specified, an empty target is used that has no name and no context.
-                  Use 'TargetName' and 'Context' to specify the name and context in
-                  that case.
-                maxLength: 63
-                minLength: 1
-                type: string
-              targetNameOverride:
-                description: TargetNameOverride sets or overrides the target name.
-                  This is especially useful when deployment without a target.
-                maxLength: 63
-                minLength: 1
-                type: string
-              timeout:
-                description: Timeout for all operations. Defaults to 'Interval' duration.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              updateImages:
-                default: false
-                description: UpdateImages instructs kluctl to update dynamic images.
-                  Equivalent to using '-u' when calling kluctl.
-                type: boolean
-              validate:
-                default: true
-                description: Validate enables validation after deploying
-                type: boolean
-              validateInterval:
-                description: ValidateInterval specifies the interval at which to validate
-                  the KluctlDeployment. Validation is performed the same way as with
-                  'kluctl validate -t <target>'. Defaults to the same value as specified
-                  in Interval. Validate is also performed whenever a deployment is
-                  performed, independent of the value of ValidateInterval
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
-                type: string
-            required:
-            - interval
-            - sourceRef
-            type: object
-          status:
-            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
-            properties:
-              commonLabels:
-                additionalProperties:
-                  type: string
-                description: CommonLabels are the commonLabels found in the deployment
-                  project when the last deployment was done. This is used to perform
-                  cleanup/deletion in case the KluctlDeployment project is deleted
-                type: object
-              conditions:
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              lastAttemptedRevision:
-                description: LastAttemptedRevision is the revision of the last reconciliation
-                  attempt.
-                type: string
-              lastDeployResult:
-                description: LastDeployResult is the result of the last deploy command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              lastHandledDeployAt:
-                type: string
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              lastPruneResult:
-                description: LastDeployResult is the result of the last prune command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              lastValidateResult:
-                description: LastValidateResult is the result of the last validate
-                  command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              observedGeneration:
-                description: ObservedGeneration is the last reconciled generation.
-                format: int64
-                type: integer
-              rawTarget:
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/e2e/test_resources/kluctl-deployment.yaml b/e2e/test_resources/kluctl-deployment.yaml
deleted file mode 100644
index eae1bec80..000000000
--- a/e2e/test_resources/kluctl-deployment.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flux-test
----
-apiVersion: flux.kluctl.io/v1alpha1
-kind: KluctlDeployment
-metadata:
-  name: microservices-demo-test
-  namespace: flux-test
-spec:
-  interval: 10m
-  path: ./simple
-  prune: true
-  renameContexts:
-  - newContext: kind-kind
-    oldContext: default
-  sourceRef:
-    kind: GitRepository
-    name: microservices-demo
-    namespace: flux-test
-  target: simple
-  timeout: 2m
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
-metadata:
-  name: microservices-demo
-  namespace: flux-test
-spec:
-  interval: 5m
-  ref:
-    branch: main
-  url: https://github.com/gitbluf/kluctl-examples.git

From 39b6b2e11ed12869a2b1c5c28b7db0f62e980ec6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 14:25:45 +0200
Subject: [PATCH 0983/2268] chore: Add flux_utils package

This package contains some code from the flux codebase. It is used to
keep some compatibility to the old flux-kluctl-controller codebase.

The plan is to remove this code as well in the long-term.
---
 pkg/utils/flux_utils/client.go            |  84 +++++++++++++++++
 pkg/utils/flux_utils/conditions/doc.go    |  24 +++++
 pkg/utils/flux_utils/conditions/getter.go |  52 +++++++++++
 pkg/utils/flux_utils/conditions/setter.go |  16 ++++
 pkg/utils/flux_utils/meta/conditions.go   |  93 +++++++++++++++++++
 pkg/utils/flux_utils/metrics.go           | 106 +++++++++++++++++++++
 pkg/utils/flux_utils/metrics/doc.go       |  18 ++++
 pkg/utils/flux_utils/metrics/recorder.go  | 108 ++++++++++++++++++++++
 8 files changed, 501 insertions(+)
 create mode 100644 pkg/utils/flux_utils/client.go
 create mode 100644 pkg/utils/flux_utils/conditions/doc.go
 create mode 100644 pkg/utils/flux_utils/conditions/getter.go
 create mode 100644 pkg/utils/flux_utils/conditions/setter.go
 create mode 100644 pkg/utils/flux_utils/meta/conditions.go
 create mode 100644 pkg/utils/flux_utils/metrics.go
 create mode 100644 pkg/utils/flux_utils/metrics/doc.go
 create mode 100644 pkg/utils/flux_utils/metrics/recorder.go

diff --git a/pkg/utils/flux_utils/client.go b/pkg/utils/flux_utils/client.go
new file mode 100644
index 000000000..05e796cc7
--- /dev/null
+++ b/pkg/utils/flux_utils/client.go
@@ -0,0 +1,84 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flux_utils
+
+import (
+	"context"
+
+	"github.com/spf13/pflag"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+const (
+	flagQPS   = "kube-api-qps"
+	flagBurst = "kube-api-burst"
+)
+
+// Options contains the runtime configuration for a Kubernetes client.
+//
+// The struct can be used in the main.go file of your controller by binding it to the main flag set, and then utilizing
+// the configured options later:
+//
+//	func main() {
+//		var (
+//			// other controller specific configuration variables
+//			clientOptions client.Options
+//		)
+//
+//		// Bind the options to the main flag set, and parse it
+//		clientOptions.BindFlags(flag.CommandLine)
+//		flag.Parse()
+//
+//		// Get a runtime Kubernetes client configuration with the options set
+//		restConfig := client.GetConfigOrDie(clientOptions)
+//	}
+type Options struct {
+	// QPS indicates the maximum queries-per-second of requests sent to the Kubernetes API, defaults to 50.
+	QPS float32
+
+	// Burst indicates the maximum burst queries-per-second of requests sent to the Kubernetes API, defaults to 300.
+	Burst int
+}
+
+// BindFlags will parse the given pflag.FlagSet for Kubernetes client option flags and set the Options accordingly.
+func (o *Options) BindFlags(fs *pflag.FlagSet) {
+	fs.Float32Var(&o.QPS, flagQPS, 50.0,
+		"The maximum queries-per-second of requests sent to the Kubernetes API.")
+	fs.IntVar(&o.Burst, flagBurst, 300,
+		"The maximum burst queries-per-second of requests sent to the Kubernetes API.")
+}
+
+// GetConfigOrDie wraps ctrl.GetConfigOrDie and checks if the Kubernetes apiserver
+// has PriorityAndFairness flow control filter enabled. If true, it returns a rest.Config
+// with client side throttling disabled. Otherwise, it returns a modified rest.Config
+// configured with the provided Options.
+func GetConfigOrDie(opts Options) *rest.Config {
+	config := ctrl.GetConfigOrDie()
+	enabled, err := flowcontrol.IsEnabled(context.Background(), config)
+	if err == nil && enabled {
+		// A negative QPS and Burst indicates that the client should not have a rate limiter.
+		// Ref: https://github.com/kubernetes/kubernetes/blob/v1.24.0/staging/src/k8s.io/client-go/rest/config.go#L354-L364
+		config.QPS = -1
+		config.Burst = -1
+		return config
+	}
+	config.QPS = opts.QPS
+	config.Burst = opts.Burst
+	return config
+}
diff --git a/pkg/utils/flux_utils/conditions/doc.go b/pkg/utils/flux_utils/conditions/doc.go
new file mode 100644
index 000000000..9dfbc882f
--- /dev/null
+++ b/pkg/utils/flux_utils/conditions/doc.go
@@ -0,0 +1,24 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package conditions provides utilities for manipulating the status conditions of Kubernetes resource objects that
+// implement the Getter and/or Setter interfaces.
+//
+// Usage of this package within GitOps Toolkit components working with conditions is RECOMMENDED, as it provides a wide
+// range of helpers to work around common reconciler problems, like setting a Condition status based on a
+// summarization of other conditions, producing an aggregate Condition based on the conditions of a list of Kubernetes
+// resources objects, recognition of negative polarity or "abnormal-true" conditions, etc.
+package conditions
diff --git a/pkg/utils/flux_utils/conditions/getter.go b/pkg/utils/flux_utils/conditions/getter.go
new file mode 100644
index 000000000..594625f39
--- /dev/null
+++ b/pkg/utils/flux_utils/conditions/getter.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+This file is modified from the source at
+https://github.com/kubernetes-sigs/cluster-api/tree/7478817225e0a75acb6e14fc7b438231578073d2/util/conditions/getter.go,
+and initially adapted to work with the `metav1.Condition` and `metav1.ConditionStatus` types.
+More concretely, this includes the removal of "condition severity" related functionalities, as this is not supported by
+the `metav1.Condition` type.
+*/
+
+package conditions
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// Getter interface defines methods that a Kubernetes resource object should implement in order to use the conditions
+// package for getting conditions.
+type Getter interface {
+	client.Object
+	meta.ObjectWithConditions
+}
+
+// Get returns the condition with the given type, if the condition does not exists, it returns nil.
+func Get(from Getter, t string) *metav1.Condition {
+	conditions := from.GetConditions()
+	if conditions == nil {
+		return nil
+	}
+
+	for _, condition := range conditions {
+		if condition.Type == t {
+			return &condition
+		}
+	}
+	return nil
+}
diff --git a/pkg/utils/flux_utils/conditions/setter.go b/pkg/utils/flux_utils/conditions/setter.go
new file mode 100644
index 000000000..85aab127e
--- /dev/null
+++ b/pkg/utils/flux_utils/conditions/setter.go
@@ -0,0 +1,16 @@
+package conditions
+
+import (
+	"fmt"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// UnknownCondition returns a condition with Status=Unknown and the given type, reason and message.
+func UnknownCondition(t, reason, messageFormat string, messageArgs ...interface{}) *metav1.Condition {
+	return &metav1.Condition{
+		Type:    t,
+		Status:  metav1.ConditionUnknown,
+		Reason:  reason,
+		Message: fmt.Sprintf(messageFormat, messageArgs...),
+	}
+}
diff --git a/pkg/utils/flux_utils/meta/conditions.go b/pkg/utils/flux_utils/meta/conditions.go
new file mode 100644
index 000000000..fe798792f
--- /dev/null
+++ b/pkg/utils/flux_utils/meta/conditions.go
@@ -0,0 +1,93 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package meta
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// These constants define generic Condition types to be used by GitOps Toolkit components.
+//
+// The ReadyCondition SHOULD be implemented by all components' Kubernetes resources to indicate they have been fully
+// reconciled by their respective reconciler. This MAY suffice for simple resources, e.g. a resource that just declares
+// state once and is not expected to receive any updates afterwards.
+//
+// For Kubernetes resources that are expected to receive spec updates over time, take a longer time to reconcile, or
+// deal with more complex logic in which for example a finite error state can be observed, it is RECOMMENDED to
+// implement the StalledCondition and ReconcilingCondition.
+//
+// By doing this, observers making use of kstatus to determine the current state of the resource will have a better
+// experience while they are e.g. waiting for a change to be reconciled, and will be able to stop waiting for a change
+// if a StalledCondition is observed, without having to rely on a timeout.
+//
+// For more information on kstatus, see:
+// https://github.com/kubernetes-sigs/cli-utils/blob/v0.25.0/pkg/kstatus/README.md
+const (
+	// ReadyCondition indicates the resource is ready and fully reconciled.
+	// If the Condition is False, the resource SHOULD be considered to be in the process of reconciling and not a
+	// representation of actual state.
+	ReadyCondition string = "Ready"
+
+	// StalledCondition indicates the reconciliation of the resource has stalled, e.g. because the controller has
+	// encountered an error during the reconcile process or it has made insufficient progress (timeout).
+	// The Condition adheres to an "abnormal-true" polarity pattern, and MUST only be present on the resource if the
+	// Condition is True.
+	// For more information about polarity patterns, see:
+	// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+	StalledCondition string = "Stalled"
+
+	// ReconcilingCondition indicates the controller is currently working on reconciling the latest changes. This MAY be
+	// True for multiple reconciliation attempts, e.g. when an transient error occurred.
+	// The Condition adheres to an "abnormal-true" polarity pattern, and MUST only be present on the resource if the
+	// Condition is True.
+	// For more information about polarity patterns, see:
+	// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+	ReconcilingCondition string = "Reconciling"
+)
+
+// These constants define generic Condition reasons to be used by GitOps Toolkit components.
+//
+// Making use of a generic Reason is RECOMMENDED whenever it can be applied to a Condition in which it provides
+// sufficient context together with the type to summarize the meaning of the Condition cause.
+//
+// Where any of the generic Condition reasons does not suffice, GitOps Toolkit components can introduce new reasons to
+// their API specification, or use an arbitrary PascalCase string when setting the Condition.
+// Declaration of domain common Condition reasons in the API specification is RECOMMENDED, as it eases observations
+// for user and computer.
+//
+// For more information on Condition reason conventions, see:
+// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
+const (
+
+	// ProgressingReason indicates a condition or event observed progression, for example when the reconciliation of a
+	// resource or an action has started.
+	//
+	// When this reason is given, other conditions and types MAY no longer be considered as an up-to-date observation.
+	// Producers of the specific condition type or event SHOULD provide more information about the expectations and
+	// precise meaning in their API specification.
+	//
+	// More information about the reason or the current state of the progression MAY be available as additional metadata
+	// in an attached message.
+	ProgressingReason string = "Progressing"
+)
+
+// ObjectWithConditions describes a Kubernetes resource object with status conditions.
+// +k8s:deepcopy-gen=false
+type ObjectWithConditions interface {
+	// GetConditions returns a slice of metav1.Condition
+	GetConditions() []metav1.Condition
+}
diff --git a/pkg/utils/flux_utils/metrics.go b/pkg/utils/flux_utils/metrics.go
new file mode 100644
index 000000000..afb122d74
--- /dev/null
+++ b/pkg/utils/flux_utils/metrics.go
@@ -0,0 +1,106 @@
+/*
+Copyright 2020 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flux_utils
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/conditions"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	"time"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/reference"
+)
+
+// Metrics is a helper struct that adds the capability for recording GitOps Toolkit standard metrics to a reconciler.
+//
+// Use it by embedding it in your reconciler struct:
+//
+//		type MyTypeReconciler {
+//	 	client.Client
+//	     // ... etc.
+//	     controller.Metrics
+//		}
+//
+// Following the GitOps Toolkit conventions, API types used in GOTK SHOULD implement conditions.Getter to work with
+// status condition types, and this convention MUST be followed to be able to record metrics using this helper.
+//
+// Use MustMakeMetrics to create a working Metrics value; you can supply the same value to all reconcilers.
+//
+// Once initialised, metrics can be recorded by calling one of the available `Record*` methods.
+type Metrics struct {
+	Scheme          *runtime.Scheme
+	MetricsRecorder *metrics.Recorder
+}
+
+// RecordDuration records the duration of a reconcile attempt for the given obj based on the given startTime.
+func (m Metrics) RecordDuration(ctx context.Context, obj conditions.Getter, startTime time.Time) {
+	if m.MetricsRecorder != nil {
+		ref, err := reference.GetReference(m.Scheme, obj)
+		if err != nil {
+			logr.FromContextOrDiscard(ctx).Error(err, "unable to get object reference to record duration")
+			return
+		}
+		m.MetricsRecorder.RecordDuration(*ref, startTime)
+	}
+}
+
+// RecordSuspend records the suspension of the given obj based on the given suspend value.
+func (m Metrics) RecordSuspend(ctx context.Context, obj conditions.Getter, suspend bool) {
+	if m.MetricsRecorder != nil {
+		ref, err := reference.GetReference(m.Scheme, obj)
+		if err != nil {
+			logr.FromContextOrDiscard(ctx).Error(err, "unable to get object reference to record suspend")
+			return
+		}
+		m.MetricsRecorder.RecordSuspend(*ref, suspend)
+	}
+}
+
+// RecordReadiness records the flux_utils.ReadyCondition status for the given obj.
+func (m Metrics) RecordReadiness(ctx context.Context, obj conditions.Getter) {
+	m.RecordCondition(ctx, obj, meta.ReadyCondition)
+}
+
+// RecordReconciling records the flux_utils.ReconcilingCondition status for the given obj.
+func (m Metrics) RecordReconciling(ctx context.Context, obj conditions.Getter) {
+	m.RecordCondition(ctx, obj, meta.ReconcilingCondition)
+}
+
+// RecordStalled records the flux_utils.StalledCondition status for the given obj.
+func (m Metrics) RecordStalled(ctx context.Context, obj conditions.Getter) {
+	m.RecordCondition(ctx, obj, meta.StalledCondition)
+}
+
+// RecordCondition records the status of the given conditionType for the given obj.
+func (m Metrics) RecordCondition(ctx context.Context, obj conditions.Getter, conditionType string) {
+	if m.MetricsRecorder == nil {
+		return
+	}
+	ref, err := reference.GetReference(m.Scheme, obj)
+	if err != nil {
+		logr.FromContextOrDiscard(ctx).Error(err, "unable to get object reference to record condition metric")
+		return
+	}
+	rc := conditions.Get(obj, conditionType)
+	if rc == nil {
+		rc = conditions.UnknownCondition(conditionType, "", "")
+	}
+	m.MetricsRecorder.RecordCondition(*ref, *rc, !obj.GetDeletionTimestamp().IsZero())
+}
diff --git a/pkg/utils/flux_utils/metrics/doc.go b/pkg/utils/flux_utils/metrics/doc.go
new file mode 100644
index 000000000..19e456747
--- /dev/null
+++ b/pkg/utils/flux_utils/metrics/doc.go
@@ -0,0 +1,18 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package metrics contains a Recorder and helpers for recoding standard metrics for all GitOps Toolkit components.
+package metrics
diff --git a/pkg/utils/flux_utils/metrics/recorder.go b/pkg/utils/flux_utils/metrics/recorder.go
new file mode 100644
index 000000000..88ead2fe6
--- /dev/null
+++ b/pkg/utils/flux_utils/metrics/recorder.go
@@ -0,0 +1,108 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package metrics
+
+import (
+	"time"
+
+	"github.com/prometheus/client_golang/prometheus"
+	corev1 "k8s.io/api/core/v1"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	ConditionDeleted = "Deleted"
+)
+
+// Recorder is a struct for recording GitOps Toolkit metrics for a controller.
+//
+// Use NewRecorder to initialise it with properly configured metric names.
+type Recorder struct {
+	conditionGauge    *prometheus.GaugeVec
+	suspendGauge      *prometheus.GaugeVec
+	durationHistogram *prometheus.HistogramVec
+}
+
+// NewRecorder returns a new Recorder with all metric names configured confirm GitOps Toolkit standards.
+func NewRecorder() *Recorder {
+	return &Recorder{
+		conditionGauge: prometheus.NewGaugeVec(
+			prometheus.GaugeOpts{
+				Name: "gotk_reconcile_condition",
+				Help: "The current condition status of a GitOps Toolkit resource reconciliation.",
+			},
+			[]string{"kind", "name", "namespace", "type", "status"},
+		),
+		suspendGauge: prometheus.NewGaugeVec(
+			prometheus.GaugeOpts{
+				Name: "gotk_suspend_status",
+				Help: "The current suspend status of a GitOps Toolkit resource.",
+			},
+			[]string{"kind", "name", "namespace"},
+		),
+		durationHistogram: prometheus.NewHistogramVec(
+			prometheus.HistogramOpts{
+				Name: "gotk_reconcile_duration_seconds",
+				Help: "The duration in seconds of a GitOps Toolkit resource reconciliation.",
+				// Use a histogram with 10 count buckets between 1ms - 1hour
+				Buckets: prometheus.ExponentialBucketsRange(10e-3, 1800, 10),
+			},
+			[]string{"kind", "name", "namespace"},
+		),
+	}
+}
+
+// Collectors returns a slice of Prometheus collectors, which can be used to register them in a metrics registry.
+func (r *Recorder) Collectors() []prometheus.Collector {
+	return []prometheus.Collector{
+		r.conditionGauge,
+		r.suspendGauge,
+		r.durationHistogram,
+	}
+}
+
+// RecordCondition records the condition as given for the ref.
+func (r *Recorder) RecordCondition(ref corev1.ObjectReference, condition metav1.Condition, deleted bool) {
+	for _, status := range []string{string(metav1.ConditionTrue), string(metav1.ConditionFalse), string(metav1.ConditionUnknown), ConditionDeleted} {
+		var value float64
+		if deleted {
+			if status == ConditionDeleted {
+				value = 1
+			}
+		} else {
+			if status == string(condition.Status) {
+				value = 1
+			}
+		}
+		r.conditionGauge.WithLabelValues(ref.Kind, ref.Name, ref.Namespace, condition.Type, status).Set(value)
+	}
+}
+
+// RecordSuspend records the suspend status as given for the ref.
+func (r *Recorder) RecordSuspend(ref corev1.ObjectReference, suspend bool) {
+	var value float64
+	if suspend {
+		value = 1
+	}
+	r.suspendGauge.WithLabelValues(ref.Kind, ref.Name, ref.Namespace).Set(value)
+}
+
+// RecordDuration records the duration since start for the given ref.
+func (r *Recorder) RecordDuration(ref corev1.ObjectReference, start time.Time) {
+	r.durationHistogram.WithLabelValues(ref.Kind, ref.Name, ref.Namespace).Observe(time.Since(start).Seconds())
+}

From 0a5e70197573b8d035a2f90ed21019dde3870555 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:20:00 +0200
Subject: [PATCH 0984/2268] feat: Implement Kluctl controller inside Kluctl
 itself

---
 PROJECT                                       |   20 +
 api/v1beta1/condition_types.go                |   38 +
 api/v1beta1/doc.go                            |   20 +
 api/v1beta1/groupversion_info.go              |   36 +
 api/v1beta1/kluctldeployment_types.go         |  370 ++++++
 api/v1beta1/util_types.go                     |   60 +
 cmd/kluctl/commands/cmd_controller.go         |  140 +++
 cmd/kluctl/commands/root.go                   |    5 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   | 1015 +++++++++++++++++
 config/crd/kustomization.yaml                 |   21 +
 config/crd/kustomizeconfig.yaml               |   19 +
 .../cainjection_in_kluctldeployments.yaml     |    7 +
 .../patches/webhook_in_kluctldeployments.yaml |   16 +
 config/default/kustomization.yaml             |  137 +++
 config/default/manager_config_patch.yaml      |   10 +
 config/manager/kustomization.yaml             |    2 +
 config/manager/manager.yaml                   |  102 ++
 config/prometheus/kustomization.yaml          |    2 +
 config/prometheus/monitor.yaml                |   26 +
 config/rbac/kluctldeployment_editor_role.yaml |   31 +
 config/rbac/kluctldeployment_viewer_role.yaml |   27 +
 config/rbac/kustomization.yaml                |   11 +
 config/rbac/leader_election_role.yaml         |   44 +
 config/rbac/leader_election_role_binding.yaml |   19 +
 config/rbac/role.yaml                         |   54 +
 config/rbac/role_binding.yaml                 |   19 +
 config/rbac/service_account.yaml              |   12 +
 docs/reference/commands/controller.md         |   25 +
 hack/boilerplate.go.txt                       |   15 +
 .../internal/metrics/kluctl_project.go        |  122 ++
 .../metrics/kluctldeployment_controller.go    |   89 ++
 pkg/controllers/internal/sops/LICENSE         |  373 ++++++
 pkg/controllers/internal/sops/aws_config.go   |   24 +
 pkg/controllers/internal/sops/azure_config.go |  156 +++
 .../internal/sops/key_server_from_secret.go   |  106 ++
 .../sops/key_server_from_service_account.go   |   91 ++
 .../internal/sops/keyservice/keyservice.go    |   23 +
 .../internal/sops/keyservice/options.go       |   87 ++
 .../internal/sops/keyservice/server.go        |  363 ++++++
 .../internal/sops/keyservice/server_test.go   |  249 ++++
 .../sops/keyservice/testdata/private.gpg      |   81 ++
 .../sops/keyservice/testdata/public.gpg       |   41 +
 .../internal/sops/keyservice/utils_test.go    |  105 ++
 pkg/controllers/kluctl_project.go             |  820 +++++++++++++
 .../kluctldeployment_controller.go            |  506 ++++++++
 .../kluctldeployment_controller_setup.go      |   28 +
 .../kluctldeployment_controller_source.go     |  109 ++
 .../kluctldeployment_controller_utils.go      |   72 ++
 pkg/controllers/predicates.go                 |   66 ++
 pkg/controllers/utils.go                      |   31 +
 pkg/deployment/commands/result_utils.go       |    2 +-
 pkg/deployment/deployment_collection.go       |   41 +
 pkg/types/result/command_result.go            |    2 +-
 pkg/types/result/summary.go                   |    6 +-
 54 files changed, 5892 insertions(+), 4 deletions(-)
 create mode 100644 PROJECT
 create mode 100644 api/v1beta1/condition_types.go
 create mode 100644 api/v1beta1/doc.go
 create mode 100644 api/v1beta1/groupversion_info.go
 create mode 100644 api/v1beta1/kluctldeployment_types.go
 create mode 100644 api/v1beta1/util_types.go
 create mode 100644 cmd/kluctl/commands/cmd_controller.go
 create mode 100644 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
 create mode 100644 config/crd/kustomization.yaml
 create mode 100644 config/crd/kustomizeconfig.yaml
 create mode 100644 config/crd/patches/cainjection_in_kluctldeployments.yaml
 create mode 100644 config/crd/patches/webhook_in_kluctldeployments.yaml
 create mode 100644 config/default/kustomization.yaml
 create mode 100644 config/default/manager_config_patch.yaml
 create mode 100644 config/manager/kustomization.yaml
 create mode 100644 config/manager/manager.yaml
 create mode 100644 config/prometheus/kustomization.yaml
 create mode 100644 config/prometheus/monitor.yaml
 create mode 100644 config/rbac/kluctldeployment_editor_role.yaml
 create mode 100644 config/rbac/kluctldeployment_viewer_role.yaml
 create mode 100644 config/rbac/kustomization.yaml
 create mode 100644 config/rbac/leader_election_role.yaml
 create mode 100644 config/rbac/leader_election_role_binding.yaml
 create mode 100644 config/rbac/role.yaml
 create mode 100644 config/rbac/role_binding.yaml
 create mode 100644 config/rbac/service_account.yaml
 create mode 100644 docs/reference/commands/controller.md
 create mode 100644 hack/boilerplate.go.txt
 create mode 100644 pkg/controllers/internal/metrics/kluctl_project.go
 create mode 100644 pkg/controllers/internal/metrics/kluctldeployment_controller.go
 create mode 100644 pkg/controllers/internal/sops/LICENSE
 create mode 100644 pkg/controllers/internal/sops/aws_config.go
 create mode 100644 pkg/controllers/internal/sops/azure_config.go
 create mode 100644 pkg/controllers/internal/sops/key_server_from_secret.go
 create mode 100644 pkg/controllers/internal/sops/key_server_from_service_account.go
 create mode 100644 pkg/controllers/internal/sops/keyservice/keyservice.go
 create mode 100644 pkg/controllers/internal/sops/keyservice/options.go
 create mode 100644 pkg/controllers/internal/sops/keyservice/server.go
 create mode 100644 pkg/controllers/internal/sops/keyservice/server_test.go
 create mode 100644 pkg/controllers/internal/sops/keyservice/testdata/private.gpg
 create mode 100644 pkg/controllers/internal/sops/keyservice/testdata/public.gpg
 create mode 100644 pkg/controllers/internal/sops/keyservice/utils_test.go
 create mode 100644 pkg/controllers/kluctl_project.go
 create mode 100644 pkg/controllers/kluctldeployment_controller.go
 create mode 100644 pkg/controllers/kluctldeployment_controller_setup.go
 create mode 100644 pkg/controllers/kluctldeployment_controller_source.go
 create mode 100644 pkg/controllers/kluctldeployment_controller_utils.go
 create mode 100644 pkg/controllers/predicates.go
 create mode 100644 pkg/controllers/utils.go

diff --git a/PROJECT b/PROJECT
new file mode 100644
index 000000000..9a4660f2d
--- /dev/null
+++ b/PROJECT
@@ -0,0 +1,20 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
+domain: kluctl.io
+layout:
+- go.kubebuilder.io/v4
+projectName: controller
+repo: github.com/kluctl/kluctl/v2
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: kluctl.io
+  group: gitops
+  kind: KluctlDeployment
+  path: github.com/kluctl/kluctl/v2/api/v1beta1
+  version: v1beta1
+version: "3"
diff --git a/api/v1beta1/condition_types.go b/api/v1beta1/condition_types.go
new file mode 100644
index 000000000..e559651c3
--- /dev/null
+++ b/api/v1beta1/condition_types.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+const (
+	// DeployFailedReason represents the fact that the
+	// kluctl deploy command failed.
+	DeployFailedReason string = "DeployFailed"
+
+	// PruneFailedReason represents the fact that the
+	// pruning of the KluctlDeployment failed.
+	PruneFailedReason string = "PruneFailed"
+
+	// ValidateFailedReason represents the fact that the
+	// validate of the KluctlDeployment failed.
+	ValidateFailedReason string = "ValidateFailed"
+
+	// PrepareFailedReason represents failure in the kluctl preparation phase
+	PrepareFailedReason string = "PrepareFailed"
+
+	// ReconciliationSucceededReason represents the fact that
+	// the reconciliation succeeded.
+	ReconciliationSucceededReason string = "ReconciliationSucceeded"
+)
diff --git a/api/v1beta1/doc.go b/api/v1beta1/doc.go
new file mode 100644
index 000000000..7dae3af55
--- /dev/null
+++ b/api/v1beta1/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta1 contains API Schema definitions for the flux.kluctl.io v1beta1 API group.
+// +kubebuilder:object:generate=true
+// +groupName=gitops.kluctl.io
+package v1beta1
diff --git a/api/v1beta1/groupversion_info.go b/api/v1beta1/groupversion_info.go
new file mode 100644
index 000000000..1092fbc63
--- /dev/null
+++ b/api/v1beta1/groupversion_info.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta1 contains API Schema definitions for the  v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=gitops.kluctl.io
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "gitops.kluctl.io", Version: "v1beta1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
new file mode 100644
index 000000000..3da415e20
--- /dev/null
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -0,0 +1,370 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"time"
+)
+
+const (
+	KluctlDeploymentKind      = "KluctlDeployment"
+	KluctlDeploymentFinalizer = "finalizers.gitops.kluctl.io"
+	MaxConditionMessageLength = 20000
+
+	KluctlDeployModeFull   = "full-deploy"
+	KluctlDeployPokeImages = "poke-images"
+
+	KluctlRequestReconcileAnnotation = "kluctl.io/request-reconcile"
+	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
+)
+
+type KluctlDeploymentSpec struct {
+	// Specifies the project source location
+	Source ProjectSource `json:"source"`
+
+	// Decrypt Kubernetes secrets before applying them on the cluster.
+	// +optional
+	Decryption *Decryption `json:"decryption,omitempty"`
+
+	// The interval at which to reconcile the KluctlDeployment.
+	// Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared
+	// to the last deployment.
+	// To override this behavior, set the DeployInterval value.
+	// +required
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
+	Interval metav1.Duration `json:"interval"`
+
+	// The interval at which to retry a previously failed reconciliation.
+	// When not specified, the controller uses the Interval
+	// value to retry failures.
+	// +optional
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
+	RetryInterval *metav1.Duration `json:"retryInterval,omitempty"`
+
+	// DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered
+	// result does not change.
+	// +optional
+	DeployInterval *SafeDuration `json:"deployInterval,omitempty"`
+
+	// ValidateInterval specifies the interval at which to validate the KluctlDeployment.
+	// Validation is performed the same way as with 'kluctl validate -t <target>'.
+	// Defaults to the same value as specified in Interval.
+	// Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval
+	// +optional
+	ValidateInterval *SafeDuration `json:"validateInterval,omitempty"`
+
+	// Timeout for all operations.
+	// Defaults to 'Interval' duration.
+	// +optional
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
+
+	// This flag tells the controller to suspend subsequent kluctl executions,
+	// it does not apply to already started executions. Defaults to false.
+	// +optional
+	Suspend bool `json:"suspend,omitempty"`
+
+	// HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
+	// Kluctl deployment.
+	// +optional
+	HelmCredentials []HelmCredentials `json:"helmCredentials,omitempty"`
+
+	// The name of the Kubernetes service account to use while deploying.
+	// If not specified, the default service account is used.
+	// +optional
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+
+	// The KubeConfig for deploying to the target cluster.
+	// Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
+	// the context found in the kluctl target. As an alternative, specify the context to be used via 'context'
+	// +optional
+	KubeConfig *KubeConfig `json:"kubeConfig"`
+
+	// Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
+	// context. Use 'TargetName' and 'Context' to specify the name and context in that case.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +optional
+	Target *string `json:"target,omitempty"`
+
+	// TargetNameOverride sets or overrides the target name. This is especially useful when deployment without a target.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +optional
+	TargetNameOverride *string `json:"targetNameOverride,omitempty"`
+
+	// If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified
+	// in the target.
+	// +optional
+	Context *string `json:"context,omitempty"`
+
+	// Args specifies dynamic target args.
+	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Args runtime.RawExtension `json:"args,omitempty"`
+
+	// Images contains a list of fixed image overrides.
+	// Equivalent to using '--fixed-images-file' when calling kluctl.
+	// +optional
+	Images []types.FixedImage `json:"images,omitempty"`
+
+	// DryRun instructs kluctl to run everything in dry-run mode.
+	// Equivalent to using '--dry-run' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	DryRun bool `json:"dryRun,omitempty"`
+
+	// NoWait instructs kluctl to not wait for any resources to become ready, including hooks.
+	// Equivalent to using '--no-wait' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	NoWait bool `json:"noWait,omitempty"`
+
+	// ForceApply instructs kluctl to force-apply in case of SSA conflicts.
+	// Equivalent to using '--force-apply' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	ForceApply bool `json:"forceApply,omitempty"`
+
+	// ReplaceOnError instructs kluctl to replace resources on error.
+	// Equivalent to using '--replace-on-error' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	ReplaceOnError bool `json:"replaceOnError,omitempty"`
+
+	// ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails.
+	// Equivalent to using '--force-replace-on-error' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	ForceReplaceOnError bool `json:"forceReplaceOnError,omitempty"`
+
+	// ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails.
+	// Equivalent to using '--abort-on-error' when calling kluctl.
+	// +kubebuilder:default:=false
+	// +optional
+	AbortOnError bool `json:"abortOnError,omitempty"`
+
+	// IncludeTags instructs kluctl to only include deployments with given tags.
+	// Equivalent to using '--include-tag' when calling kluctl.
+	// +optional
+	IncludeTags []string `json:"includeTags,omitempty"`
+
+	// ExcludeTags instructs kluctl to exclude deployments with given tags.
+	// Equivalent to using '--exclude-tag' when calling kluctl.
+	// +optional
+	ExcludeTags []string `json:"excludeTags,omitempty"`
+
+	// IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir.
+	// Equivalent to using '--include-deployment-dir' when calling kluctl.
+	// +optional
+	IncludeDeploymentDirs []string `json:"includeDeploymentDirs,omitempty"`
+
+	// ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir.
+	// Equivalent to using '--exclude-deployment-dir' when calling kluctl.
+	// +optional
+	ExcludeDeploymentDirs []string `json:"excludeDeploymentDirs,omitempty"`
+
+	// DeployMode specifies what deploy mode should be used.
+	// The options 'full-deploy' and 'poke-images' are supported.
+	// With the 'poke-images' option, only images are patched into the target without performing a full deployment.
+	// +kubebuilder:default:=full-deploy
+	// +kubebuilder:validation:Enum=full-deploy;poke-images
+	// +optional
+	DeployMode string `json:"deployMode,omitempty"`
+
+	// Validate enables validation after deploying
+	// +kubebuilder:default:=true
+	// +optional
+	Validate bool `json:"validate"`
+
+	// Prune enables pruning after deploying.
+	// +kubebuilder:default:=false
+	// +optional
+	Prune bool `json:"prune,omitempty"`
+
+	// Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.
+	// +kubebuilder:default:=false
+	// +optional
+	Delete bool `json:"delete,omitempty"`
+}
+
+// GetRetryInterval returns the retry interval
+func (in KluctlDeploymentSpec) GetRetryInterval() time.Duration {
+	if in.RetryInterval != nil {
+		return in.RetryInterval.Duration
+	}
+	return in.Interval.Duration
+}
+
+type ProjectSource struct {
+	// Url specifies the Git url where the project source is located
+	// +required
+	URL types.GitUrl `json:"url"`
+
+	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+	// +optional
+	Ref *GitRef `json:"ref,omitempty"`
+
+	// Path specifies the sub-directory to be used as project directory
+	// +optional
+	Path string `json:"path,omitempty"`
+
+	// SecretRef specifies the Secret containing authentication credentials for
+	// the git repository.
+	// For HTTPS repositories the Secret must contain 'username' and 'password'
+	// fields.
+	// For SSH repositories the Secret must contain 'identity'
+	// and 'known_hosts' fields.
+	// +optional
+	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
+}
+
+// Decryption defines how decryption is handled for Kubernetes manifests.
+type Decryption struct {
+	// Provider is the name of the decryption engine.
+	// +kubebuilder:validation:Enum=sops
+	// +required
+	Provider string `json:"provider"`
+
+	// The secret name containing the private OpenPGP keys used for decryption.
+	// +optional
+	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
+
+	// ServiceAccount specifies the service account used to authenticate against cloud providers.
+	// This is currently only usable for AWS KMS keys. The specified service account will be used to authenticate to AWS
+	// by signing a token in an IRSA compliant way.
+	// +optional
+	ServiceAccount string `json:"serviceAccount,omitempty"`
+}
+
+type HelmCredentials struct {
+	// SecretRef holds the name of a secret that contains the Helm credentials.
+	// The secret must either contain the fields `credentialsId` which refers to the credentialsId
+	// found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories or an `url` used
+	// to match the credentials found in Kluctl projects helm-chart.yaml files.
+	// The secret can either container basic authentication credentials via `username` and `password` or
+	// TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+	// contacting the repository.
+	// The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+	// `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+	// the hostname changes in-between.
+	// +required
+	SecretRef LocalObjectReference `json:"secretRef,omitempty"`
+}
+
+// KubeConfig references a Kubernetes secret that contains a kubeconfig file.
+type KubeConfig struct {
+	// SecretRef holds the name of a secret that contains a key with
+	// the kubeconfig file as the value. If no key is set, the key will default
+	// to 'value'. The secret must be in the same namespace as
+	// the Kustomization.
+	// It is recommended that the kubeconfig is self-contained, and the secret
+	// is regularly updated if credentials such as a cloud-access-token expire.
+	// Cloud specific `cmd-path` auth helpers will not function without adding
+	// binaries and credentials to the Pod that is responsible for reconciling
+	// the KluctlDeployment.
+	// +required
+	SecretRef SecretKeyReference `json:"secretRef,omitempty"`
+}
+
+// KluctlDeploymentStatus defines the observed state of KluctlDeployment
+type KluctlDeploymentStatus struct {
+	// LastHandledReconcileAt holds the value of the most recent
+	// reconcile request value, so a change of the annotation value
+	// can be detected.
+	// +optional
+	LastHandledReconcileAt string `json:"lastHandledReconcileAt,omitempty"`
+
+	// +optional
+	LastHandledDeployAt string `json:"LastHandledDeployAt,omitempty"`
+
+	// ObservedGeneration is the last reconciled generation.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// +optional
+	ProjectKey *result.ProjectKey `json:"projectKey,omitempty"`
+
+	// +optional
+	TargetKey *result.TargetKey `json:"targetKey,omitempty"`
+
+	// +optional
+	LastObjectsHash string `json:"lastObjectsHash,omitempty"`
+
+	// LastDeployResult is the result of the last deploy command
+	// +optional
+	LastDeployResult *result.CommandResultSummary `json:"lastDeployResult,omitempty"`
+
+	// LastDeployResult is the result of the last prune command
+	// +optional
+	LastPruneResult *result.CommandResultSummary `json:"lastPruneResult,omitempty"`
+
+	// LastValidateResult is the result of the last validate command
+	// +optional
+	LastValidateResult *result.ValidateResult `json:"lastValidateResult,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="DryRun",type="boolean",JSONPath=".spec.dryRun",description=""
+//+kubebuilder:printcolumn:name="Deployed",type="date",JSONPath=".status.lastDeployResult.command.endTime",description=""
+//+kubebuilder:printcolumn:name="Pruned",type="date",JSONPath=".status.lastPruneResult.command.endTime",description=""
+//+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
+//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
+
+// KluctlDeployment is the Schema for the kluctldeployments API
+type KluctlDeployment struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   KluctlDeploymentSpec   `json:"spec,omitempty"`
+	Status KluctlDeploymentStatus `json:"status,omitempty"`
+}
+
+// GetConditions returns the status conditions of the object.
+func (in *KluctlDeployment) GetConditions() []metav1.Condition {
+	return in.Status.Conditions
+}
+
+// SetConditions sets the status conditions on the object.
+func (in *KluctlDeployment) SetConditions(conditions []metav1.Condition) {
+	in.Status.Conditions = conditions
+}
+
+//+kubebuilder:object:root=true
+
+// KluctlDeploymentList contains a list of KluctlDeployment
+type KluctlDeploymentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []KluctlDeployment `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&KluctlDeployment{}, &KluctlDeploymentList{})
+}
diff --git a/api/v1beta1/util_types.go b/api/v1beta1/util_types.go
new file mode 100644
index 000000000..efe1e987a
--- /dev/null
+++ b/api/v1beta1/util_types.go
@@ -0,0 +1,60 @@
+package v1beta1
+
+import (
+	"fmt"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type LocalObjectReference struct {
+	// Name of the referent.
+	// +required
+	Name string `json:"name"`
+}
+
+// SecretKeyReference contains enough information to locate the referenced Kubernetes Secret object in the same
+// namespace. Optionally a key can be specified.
+// Use this type instead of core/v1 SecretKeySelector when the Key is optional and the Optional field is not
+// applicable.
+type SecretKeyReference struct {
+	// Name of the Secret.
+	// +required
+	Name string `json:"name"`
+
+	// Key in the Secret, when not specified an implementation-specific default key is used.
+	// +optional
+	Key string `json:"key,omitempty"`
+}
+
+// +kubebuilder:validation:Type=string
+// +kubebuilder:validation:Pattern="^(([0-9]+(\\.[0-9]+)?(ms|s|m|h))+)|never$"
+type SafeDuration struct {
+	metav1.Duration
+}
+
+type GitRef struct {
+	// Branch to filter for. Can also be a regex.
+	// +optional
+	Branch string `json:"branch,omitempty"`
+
+	// Branch to filter for. Can also be a regex.
+	// +optional
+	Tag string `json:"tag,omitempty"`
+
+	// TODO
+	// Commit SHA to check out, takes precedence over all reference fields.
+	// +optional
+	// Commit string `json:"commit,omitempty"`
+}
+
+func (r *GitRef) String() string {
+	if r == nil {
+		return ""
+	}
+	if r.Tag != "" {
+		return fmt.Sprintf("refs/tags/%s", r.Tag)
+	} else if r.Branch != "" {
+		return fmt.Sprintf("refs/heads/%s", r.Branch)
+	} else {
+		return ""
+	}
+}
diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
new file mode 100644
index 000000000..655a5071d
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -0,0 +1,140 @@
+package commands
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/controllers"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/client-go/kubernetes"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"os"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
+)
+
+var (
+	setupLog        = ctrl.Log.WithName("setup")
+	metricsRecorder = metrics.NewRecorder()
+)
+
+func init() {
+	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
+}
+
+const controllerName = "kluctl-controller"
+
+type controllerCmd struct {
+	scheme *runtime.Scheme
+
+	MetricsBindAddress     string `group:"controller" help:"The address the metric endpoint binds to." default:":8080"`
+	HealthProbeBindAddress string `group:"controller" help:"The address the probe endpoint binds to." default:":8081"`
+	LeaderElect            bool   `group:"controller" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
+
+	DefaultServiceAccount string `group:"controller" help:"Default service account used for impersonation."`
+	DryRun                bool   `group:"controller" help:"Run all deployments in dryRun=true mode."`
+}
+
+func (cmd *controllerCmd) Help() string {
+	return `This command will run the Kluctl Controller. This is usually meant to be run inside a cluster and not from your local machine.
+`
+}
+
+func (cmd *controllerCmd) initScheme() {
+	cmd.scheme = runtime.NewScheme()
+	scheme := cmd.scheme
+
+	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+
+	utilruntime.Must(kluctlv1.AddToScheme(scheme))
+
+	//+kubebuilder:scaffold:scheme
+}
+
+func (cmd *controllerCmd) Run(ctx context.Context) error {
+	cmd.initScheme()
+
+	opts := zap.Options{
+		Development: true,
+	}
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+
+	restConfig := flux_utils.GetConfigOrDie(flux_utils.Options{})
+	clientSet, err := kubernetes.NewForConfig(restConfig)
+	if err != nil {
+		setupLog.Error(err, "unable to start manager")
+		os.Exit(1)
+	}
+
+	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+		Scheme:                 cmd.scheme,
+		MetricsBindAddress:     cmd.MetricsBindAddress,
+		Port:                   9443,
+		HealthProbeBindAddress: cmd.HealthProbeBindAddress,
+		LeaderElection:         cmd.LeaderElect,
+		LeaderElectionID:       "5ab5d0f9.kluctl.io",
+		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
+		// when the Manager ends. This requires the binary to immediately end when the
+		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+		// speeds up voluntary leader transitions as the new leader don't have to wait
+		// LeaseDuration time first.
+		//
+		// In the default scaffold provided, the program ends immediately after
+		// the manager stops, so would be fine to enable this option. However,
+		// if you are doing or is intended to do any operation such as perform cleanups
+		// after the manager stops then its usage might be unsafe.
+		// LeaderElectionReleaseOnCancel: true,
+	})
+	if err != nil {
+		setupLog.Error(err, "unable to start manager")
+		os.Exit(1)
+	}
+
+	eventRecorder := mgr.GetEventRecorderFor(controllerName)
+
+	sshPool := &ssh_pool.SshPool{}
+
+	r := controllers.KluctlDeploymentReconciler{
+		ControllerName:        controllerName,
+		DefaultServiceAccount: cmd.DefaultServiceAccount,
+		DryRun:                cmd.DryRun,
+		RestConfig:            restConfig,
+		Client:                mgr.GetClient(),
+		ClientSet:             clientSet,
+		Scheme:                mgr.GetScheme(),
+		EventRecorder:         eventRecorder,
+		MetricsRecorder:       metricsRecorder,
+		SshPool:               sshPool,
+	}
+
+	if err = r.SetupWithManager(mgr, controllers.KluctlDeploymentReconcilerOpts{
+		HTTPRetry: 9,
+	}); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", kluctlv1.KluctlDeploymentKind)
+		os.Exit(1)
+	}
+
+	//+kubebuilder:scaffold:builder
+
+	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up health check")
+		os.Exit(1)
+	}
+	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up ready check")
+		os.Exit(1)
+	}
+
+	setupLog.Info("starting manager")
+	if err := mgr.Start(ctx); err != nil {
+		setupLog.Error(err, "problem running manager")
+		os.Exit(1)
+	}
+
+	return nil
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 200d0b9d7..51b37957c 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -25,6 +25,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime/pprof"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"strings"
 	"time"
 
@@ -66,6 +67,7 @@ type cli struct {
 	Render      renderCmd      `cmd:"" help:"Renders all resources and configuration files"`
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
+	Controller  controllerCmd  `cmd:"" help:"Run the Kluctl controller"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
@@ -77,6 +79,7 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
+	{group: "controller", title: "Controller:", description: "Controller arguments."},
 }
 
 var origStderr = os.Stderr
@@ -219,7 +222,7 @@ func initViper(ctx context.Context) {
 
 func Main() {
 	colorable.EnableColorsStdout(nil)
-	ctx := context.Background()
+	ctx := ctrl.SetupSignalHandler()
 
 	ctx = initStatusHandler(ctx, false, true)
 	redirectLogsAndStderr(func() context.Context {
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
new file mode 100644
index 000000000..3e81ebc5e
--- /dev/null
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -0,0 +1,1015 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.3
+  creationTimestamp: null
+  name: kluctldeployments.gitops.kluctl.io
+spec:
+  group: gitops.kluctl.io
+  names:
+    kind: KluctlDeployment
+    listKind: KluctlDeploymentList
+    plural: kluctldeployments
+    singular: kluctldeployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.dryRun
+      name: DryRun
+      type: boolean
+    - jsonPath: .status.lastDeployResult.command.endTime
+      name: Deployed
+      type: date
+    - jsonPath: .status.lastPruneResult.command.endTime
+      name: Pruned
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KluctlDeployment is the Schema for the kluctldeployments API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              abortOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to abort deployments
+                  immediately when something fails. Equivalent to using '--abort-on-error'
+                  when calling kluctl.
+                type: boolean
+              args:
+                description: Args specifies dynamic target args.
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              context:
+                description: If specified, overrides the context to be used. This
+                  will effectively make kluctl ignore the context specified in the
+                  target.
+                type: string
+              decryption:
+                description: Decrypt Kubernetes secrets before applying them on the
+                  cluster.
+                properties:
+                  provider:
+                    description: Provider is the name of the decryption engine.
+                    enum:
+                    - sops
+                    type: string
+                  secretRef:
+                    description: The secret name containing the private OpenPGP keys
+                      used for decryption.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  serviceAccount:
+                    description: ServiceAccount specifies the service account used
+                      to authenticate against cloud providers. This is currently only
+                      usable for AWS KMS keys. The specified service account will
+                      be used to authenticate to AWS by signing a token in an IRSA
+                      compliant way.
+                    type: string
+                required:
+                - provider
+                type: object
+              delete:
+                default: false
+                description: Delete enables deletion of the specified target when
+                  the KluctlDeployment object gets deleted.
+                type: boolean
+              deployInterval:
+                description: DeployInterval specifies the interval at which to deploy
+                  the KluctlDeployment, even in cases the rendered result does not
+                  change.
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+              deployMode:
+                default: full-deploy
+                description: DeployMode specifies what deploy mode should be used.
+                  The options 'full-deploy' and 'poke-images' are supported. With
+                  the 'poke-images' option, only images are patched into the target
+                  without performing a full deployment.
+                enum:
+                - full-deploy
+                - poke-images
+                type: string
+              dryRun:
+                default: false
+                description: DryRun instructs kluctl to run everything in dry-run
+                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                type: boolean
+              excludeDeploymentDirs:
+                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
+                  with the given dir. Equivalent to using '--exclude-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              excludeTags:
+                description: ExcludeTags instructs kluctl to exclude deployments with
+                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                items:
+                  type: string
+                type: array
+              forceApply:
+                default: false
+                description: ForceApply instructs kluctl to force-apply in case of
+                  SSA conflicts. Equivalent to using '--force-apply' when calling
+                  kluctl.
+                type: boolean
+              forceReplaceOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to force-replace
+                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
+                  when calling kluctl.
+                type: boolean
+              helmCredentials:
+                description: HelmCredentials is a list of Helm credentials used when
+                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
+                items:
+                  properties:
+                    secretRef:
+                      description: 'SecretRef holds the name of a secret that contains
+                        the Helm credentials. The secret must either contain the fields
+                        `credentialsId` which refers to the credentialsId found in
+                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
+                        or an `url` used to match the credentials found in Kluctl
+                        projects helm-chart.yaml files. The secret can either container
+                        basic authentication credentials via `username` and `password`
+                        or TLS authentication via `certFile` and `keyFile`. `caFile`
+                        can be specified to override the CA to use while contacting
+                        the repository. The secret can also contain `insecureSkipTlsVerify:
+                        "true"`, which will disable TLS verification. `passCredentialsAll:
+                        "true"` can be specified to make the controller pass credentials
+                        to all requests, even if the hostname changes in-between.'
+                      properties:
+                        name:
+                          description: Name of the referent.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  type: object
+                type: array
+              images:
+                description: Images contains a list of fixed image overrides. Equivalent
+                  to using '--fixed-images-file' when calling kluctl.
+                items:
+                  properties:
+                    container:
+                      type: string
+                    deployTags:
+                      items:
+                        type: string
+                      type: array
+                    deployedImage:
+                      type: string
+                    deployment:
+                      type: string
+                    deploymentDir:
+                      type: string
+                    image:
+                      type: string
+                    namespace:
+                      type: string
+                    object:
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                        version:
+                          type: string
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    resultImage:
+                      type: string
+                  required:
+                  - image
+                  - resultImage
+                  type: object
+                type: array
+              includeDeploymentDirs:
+                description: IncludeDeploymentDirs instructs kluctl to only include
+                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              includeTags:
+                description: IncludeTags instructs kluctl to only include deployments
+                  with given tags. Equivalent to using '--include-tag' when calling
+                  kluctl.
+                items:
+                  type: string
+                type: array
+              interval:
+                description: The interval at which to reconcile the KluctlDeployment.
+                  Reconciliation means that the deployment is fully rendered and only
+                  deployed when the result changes compared to the last deployment.
+                  To override this behavior, set the DeployInterval value.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              kubeConfig:
+                description: The KubeConfig for deploying to the target cluster. Specifies
+                  the kubeconfig to be used when invoking kluctl. Contexts in this
+                  kubeconfig must match the context found in the kluctl target. As
+                  an alternative, specify the context to be used via 'context'
+                properties:
+                  secretRef:
+                    description: SecretRef holds the name of a secret that contains
+                      a key with the kubeconfig file as the value. If no key is set,
+                      the key will default to 'value'. The secret must be in the same
+                      namespace as the Kustomization. It is recommended that the kubeconfig
+                      is self-contained, and the secret is regularly updated if credentials
+                      such as a cloud-access-token expire. Cloud specific `cmd-path`
+                      auth helpers will not function without adding binaries and credentials
+                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    properties:
+                      key:
+                        description: Key in the Secret, when not specified an implementation-specific
+                          default key is used.
+                        type: string
+                      name:
+                        description: Name of the Secret.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+              noWait:
+                default: false
+                description: NoWait instructs kluctl to not wait for any resources
+                  to become ready, including hooks. Equivalent to using '--no-wait'
+                  when calling kluctl.
+                type: boolean
+              prune:
+                default: false
+                description: Prune enables pruning after deploying.
+                type: boolean
+              replaceOnError:
+                default: false
+                description: ReplaceOnError instructs kluctl to replace resources
+                  on error. Equivalent to using '--replace-on-error' when calling
+                  kluctl.
+                type: boolean
+              retryInterval:
+                description: The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the Interval value to retry
+                  failures.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              serviceAccountName:
+                description: The name of the Kubernetes service account to use while
+                  deploying. If not specified, the default service account is used.
+                type: string
+              source:
+                description: Specifies the project source location
+                properties:
+                  path:
+                    description: Path specifies the sub-directory to be used as project
+                      directory
+                    type: string
+                  ref:
+                    description: Ref specifies the branch, tag or commit that should
+                      be used. If omitted, the default branch of the repo is used.
+                    properties:
+                      branch:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                      tag:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                    type: object
+                  secretRef:
+                    description: SecretRef specifies the Secret containing authentication
+                      credentials for the git repository. For HTTPS repositories the
+                      Secret must contain 'username' and 'password' fields. For SSH
+                      repositories the Secret must contain 'identity' and 'known_hosts'
+                      fields.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  url:
+                    description: Url specifies the Git url where the project source
+                      is located
+                    type: string
+                required:
+                - url
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend subsequent
+                  kluctl executions, it does not apply to already started executions.
+                  Defaults to false.
+                type: boolean
+              target:
+                description: Target specifies the kluctl target to deploy. If not
+                  specified, an empty target is used that has no name and no context.
+                  Use 'TargetName' and 'Context' to specify the name and context in
+                  that case.
+                maxLength: 63
+                minLength: 1
+                type: string
+              targetNameOverride:
+                description: TargetNameOverride sets or overrides the target name.
+                  This is especially useful when deployment without a target.
+                maxLength: 63
+                minLength: 1
+                type: string
+              timeout:
+                description: Timeout for all operations. Defaults to 'Interval' duration.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              validate:
+                default: true
+                description: Validate enables validation after deploying
+                type: boolean
+              validateInterval:
+                description: ValidateInterval specifies the interval at which to validate
+                  the KluctlDeployment. Validation is performed the same way as with
+                  'kluctl validate -t <target>'. Defaults to the same value as specified
+                  in Interval. Validate is also performed whenever a deployment is
+                  performed, independent of the value of ValidateInterval
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+            required:
+            - interval
+            - source
+            type: object
+          status:
+            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
+            properties:
+              LastHandledDeployAt:
+                type: string
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastDeployResult:
+                description: LastDeployResult is the result of the last deploy command
+                properties:
+                  appliedHookObjects:
+                    type: integer
+                  appliedObjects:
+                    type: integer
+                  changedObjects:
+                    type: integer
+                  clusterInfo:
+                    properties:
+                      clusterId:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  commandInfo:
+                    properties:
+                      abortOnError:
+                        type: boolean
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      command:
+                        type: string
+                      contextOverride:
+                        type: string
+                      dryRun:
+                        type: boolean
+                      endTime:
+                        format: date-time
+                        type: string
+                      excludeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      excludeTags:
+                        items:
+                          type: string
+                        type: array
+                      forceApply:
+                        type: boolean
+                      forceReplaceOnError:
+                        type: boolean
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      includeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      includeTags:
+                        items:
+                          type: string
+                        type: array
+                      initiator:
+                        type: string
+                      kluctlDeployment:
+                        properties:
+                          gitRef:
+                            type: string
+                          gitUrl:
+                            type: string
+                          name:
+                            type: string
+                          namespace:
+                            type: string
+                        required:
+                        - gitRef
+                        - gitUrl
+                        - name
+                        - namespace
+                        type: object
+                      noWait:
+                        type: boolean
+                      replaceOnError:
+                        type: boolean
+                      startTime:
+                        format: date-time
+                        type: string
+                      target:
+                        type: string
+                      targetNameOverride:
+                        type: string
+                    required:
+                    - endTime
+                    - initiator
+                    - startTime
+                    type: object
+                  deletedObjects:
+                    type: integer
+                  errors:
+                    type: integer
+                  gitInfo:
+                    properties:
+                      commit:
+                        type: string
+                      dirty:
+                        type: boolean
+                      ref:
+                        type: string
+                      subDir:
+                        type: string
+                      url:
+                        type: string
+                    required:
+                    - commit
+                    - dirty
+                    - ref
+                    - subDir
+                    - url
+                    type: object
+                  id:
+                    type: string
+                  newObjects:
+                    type: integer
+                  orphanObjects:
+                    type: integer
+                  project:
+                    properties:
+                      normalizedGitUrl:
+                        type: string
+                      subDir:
+                        type: string
+                    type: object
+                  remoteObjects:
+                    type: integer
+                  renderedObjects:
+                    type: integer
+                  target:
+                    properties:
+                      clusterId:
+                        type: string
+                      discriminator:
+                        type: string
+                      targetName:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  totalChanges:
+                    type: integer
+                  warnings:
+                    type: integer
+                required:
+                - appliedHookObjects
+                - appliedObjects
+                - changedObjects
+                - commandInfo
+                - deletedObjects
+                - errors
+                - id
+                - newObjects
+                - orphanObjects
+                - project
+                - remoteObjects
+                - renderedObjects
+                - target
+                - totalChanges
+                - warnings
+                type: object
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              lastObjectsHash:
+                type: string
+              lastPruneResult:
+                description: LastDeployResult is the result of the last prune command
+                properties:
+                  appliedHookObjects:
+                    type: integer
+                  appliedObjects:
+                    type: integer
+                  changedObjects:
+                    type: integer
+                  clusterInfo:
+                    properties:
+                      clusterId:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  commandInfo:
+                    properties:
+                      abortOnError:
+                        type: boolean
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      command:
+                        type: string
+                      contextOverride:
+                        type: string
+                      dryRun:
+                        type: boolean
+                      endTime:
+                        format: date-time
+                        type: string
+                      excludeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      excludeTags:
+                        items:
+                          type: string
+                        type: array
+                      forceApply:
+                        type: boolean
+                      forceReplaceOnError:
+                        type: boolean
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      includeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      includeTags:
+                        items:
+                          type: string
+                        type: array
+                      initiator:
+                        type: string
+                      kluctlDeployment:
+                        properties:
+                          gitRef:
+                            type: string
+                          gitUrl:
+                            type: string
+                          name:
+                            type: string
+                          namespace:
+                            type: string
+                        required:
+                        - gitRef
+                        - gitUrl
+                        - name
+                        - namespace
+                        type: object
+                      noWait:
+                        type: boolean
+                      replaceOnError:
+                        type: boolean
+                      startTime:
+                        format: date-time
+                        type: string
+                      target:
+                        type: string
+                      targetNameOverride:
+                        type: string
+                    required:
+                    - endTime
+                    - initiator
+                    - startTime
+                    type: object
+                  deletedObjects:
+                    type: integer
+                  errors:
+                    type: integer
+                  gitInfo:
+                    properties:
+                      commit:
+                        type: string
+                      dirty:
+                        type: boolean
+                      ref:
+                        type: string
+                      subDir:
+                        type: string
+                      url:
+                        type: string
+                    required:
+                    - commit
+                    - dirty
+                    - ref
+                    - subDir
+                    - url
+                    type: object
+                  id:
+                    type: string
+                  newObjects:
+                    type: integer
+                  orphanObjects:
+                    type: integer
+                  project:
+                    properties:
+                      normalizedGitUrl:
+                        type: string
+                      subDir:
+                        type: string
+                    type: object
+                  remoteObjects:
+                    type: integer
+                  renderedObjects:
+                    type: integer
+                  target:
+                    properties:
+                      clusterId:
+                        type: string
+                      discriminator:
+                        type: string
+                      targetName:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  totalChanges:
+                    type: integer
+                  warnings:
+                    type: integer
+                required:
+                - appliedHookObjects
+                - appliedObjects
+                - changedObjects
+                - commandInfo
+                - deletedObjects
+                - errors
+                - id
+                - newObjects
+                - orphanObjects
+                - project
+                - remoteObjects
+                - renderedObjects
+                - target
+                - totalChanges
+                - warnings
+                type: object
+              lastValidateResult:
+                description: LastValidateResult is the result of the last validate
+                  command
+                properties:
+                  drift:
+                    items:
+                      properties:
+                        changes:
+                          items:
+                            properties:
+                              jsonPath:
+                                type: string
+                              newValue:
+                                x-kubernetes-preserve-unknown-fields: true
+                              oldValue:
+                                x-kubernetes-preserve-unknown-fields: true
+                              type:
+                                type: string
+                              unifiedDiff:
+                                type: string
+                            required:
+                            - jsonPath
+                            - type
+                            type: object
+                          type: array
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - ref
+                      type: object
+                    type: array
+                  errors:
+                    items:
+                      properties:
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                  id:
+                    type: string
+                  ready:
+                    type: boolean
+                  results:
+                    items:
+                      properties:
+                        annotation:
+                          type: string
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - annotation
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                  warnings:
+                    items:
+                      properties:
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                required:
+                - id
+                - ready
+                type: object
+              observedGeneration:
+                description: ObservedGeneration is the last reconciled generation.
+                format: int64
+                type: integer
+              projectKey:
+                properties:
+                  normalizedGitUrl:
+                    type: string
+                  subDir:
+                    type: string
+                type: object
+              targetKey:
+                properties:
+                  clusterId:
+                    type: string
+                  discriminator:
+                    type: string
+                  targetName:
+                    type: string
+                required:
+                - clusterId
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
new file mode 100644
index 000000000..d5f5b903f
--- /dev/null
+++ b/config/crd/kustomization.yaml
@@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/gitops.kluctl.io_kluctldeployments.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_kluctldeployments.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_kluctldeployments.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml
diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml
new file mode 100644
index 000000000..ec5c150a9
--- /dev/null
+++ b/config/crd/kustomizeconfig.yaml
@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations
diff --git a/config/crd/patches/cainjection_in_kluctldeployments.yaml b/config/crd/patches/cainjection_in_kluctldeployments.yaml
new file mode 100644
index 000000000..4adca8433
--- /dev/null
+++ b/config/crd/patches/cainjection_in_kluctldeployments.yaml
@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: kluctldeployments.gitops.kluctl.io
diff --git a/config/crd/patches/webhook_in_kluctldeployments.yaml b/config/crd/patches/webhook_in_kluctldeployments.yaml
new file mode 100644
index 000000000..fa1689a1d
--- /dev/null
+++ b/config/crd/patches/webhook_in_kluctldeployments.yaml
@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: kluctldeployments.gitops.kluctl.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 000000000..fc2356a99
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,137 @@
+# Adds namespace to all resources.
+namespace: controller-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: controller-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- manager_webhook_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+#- webhookcainjection_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+# Uncomment the following replacements to add the cert-manager CA injection annotations
+#replacements:
+#  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.namespace # namespace of the certificate CR
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.name
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#  - source: # Add cert-manager annotation to the webhook Service
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.name # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.namespace # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 1
+#          create: true
diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
new file mode 100644
index 000000000..f6f589169
--- /dev/null
+++ b/config/default/manager_config_patch.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
new file mode 100644
index 000000000..5c5f0b84c
--- /dev/null
+++ b/config/manager/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- manager.yaml
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
new file mode 100644
index 000000000..d0a98b913
--- /dev/null
+++ b/config/manager/manager.yaml
@@ -0,0 +1,102 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: namespace
+    app.kubernetes.io/instance: system
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
+      # according to the platforms which are supported by your solution.
+      # It is considered best practice to support multiple architectures. You can
+      # build your manager image using the makefile target docker-buildx.
+      # affinity:
+      #   nodeAffinity:
+      #     requiredDuringSchedulingIgnoredDuringExecution:
+      #       nodeSelectorTerms:
+      #         - matchExpressions:
+      #           - key: kubernetes.io/arch
+      #             operator: In
+      #             values:
+      #               - amd64
+      #               - arm64
+      #               - ppc64le
+      #               - s390x
+      #           - key: kubernetes.io/os
+      #             operator: In
+      #             values:
+      #               - linux
+      securityContext:
+        runAsNonRoot: true
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
+      containers:
+      - command:
+        - /manager
+        args:
+        - --leader-elect
+        image: controller:latest
+        name: manager
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # TODO(user): Configure the resources accordingly based on the project requirements.
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+      serviceAccountName: controller-manager
+      terminationGracePeriodSeconds: 10
diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
new file mode 100644
index 000000000..ed137168a
--- /dev/null
+++ b/config/prometheus/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- monitor.yaml
diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
new file mode 100644
index 000000000..62e8a7ccb
--- /dev/null
+++ b/config/prometheus/monitor.yaml
@@ -0,0 +1,26 @@
+
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: servicemonitor
+    app.kubernetes.io/instance: controller-manager-metrics-monitor
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager
diff --git a/config/rbac/kluctldeployment_editor_role.yaml b/config/rbac/kluctldeployment_editor_role.yaml
new file mode 100644
index 000000000..8304fdd0c
--- /dev/null
+++ b/config/rbac/kluctldeployment_editor_role.yaml
@@ -0,0 +1,31 @@
+# permissions for end users to edit kluctldeployments.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: kluctldeployment-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: kluctldeployment-editor-role
+rules:
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
diff --git a/config/rbac/kluctldeployment_viewer_role.yaml b/config/rbac/kluctldeployment_viewer_role.yaml
new file mode 100644
index 000000000..50685c666
--- /dev/null
+++ b/config/rbac/kluctldeployment_viewer_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to view kluctldeployments.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: kluctldeployment-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: kluctldeployment-viewer-role
+rules:
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
new file mode 100644
index 000000000..166fe7986
--- /dev/null
+++ b/config/rbac/kustomization.yaml
@@ -0,0 +1,11 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
new file mode 100644
index 000000000..9bf1a8ac0
--- /dev/null
+++ b/config/rbac/leader_election_role.yaml
@@ -0,0 +1,44 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: leader-election-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
new file mode 100644
index 000000000..d8cfaffd6
--- /dev/null
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
new file mode 100644
index 000000000..5e7aaeef7
--- /dev/null
+++ b/config/rbac/role.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - serviceaccounts
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
+  - patch
+  - update
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
new file mode 100644
index 000000000..5c650c9a8
--- /dev/null
+++ b/config/rbac/role_binding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
new file mode 100644
index 000000000..a0e977167
--- /dev/null
+++ b/config/rbac/service_account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/instance: controller-manager-sa
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: controller
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager
+  namespace: system
diff --git a/docs/reference/commands/controller.md b/docs/reference/commands/controller.md
new file mode 100644
index 000000000..ff5fe4938
--- /dev/null
+++ b/docs/reference/commands/controller.md
@@ -0,0 +1,25 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "controller"
+linkTitle: "controller"
+weight: 10
+description: >
+    controller command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "controller" "Usage" false -->
+Usage: kluctl controller [flags]
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "controller" "Controller" true -->
+```
+
+```
+<!-- END SECTION -->
diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt
new file mode 100644
index 000000000..65b862271
--- /dev/null
+++ b/hack/boilerplate.go.txt
@@ -0,0 +1,15 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
\ No newline at end of file
diff --git a/pkg/controllers/internal/metrics/kluctl_project.go b/pkg/controllers/internal/metrics/kluctl_project.go
new file mode 100644
index 000000000..c1cdcde09
--- /dev/null
+++ b/pkg/controllers/internal/metrics/kluctl_project.go
@@ -0,0 +1,122 @@
+package metrics
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
+)
+
+const (
+	DeploymentDurationKey     = "deployment_duration_seconds"
+	NumberOfChangedObjectsKey = "number_of_changed_objects"
+	NumberOfDeletedObjectsKey = "number_of_deleted_objects"
+	NumberOfErrorsKey         = "number_of_errors"
+	NumberOfOrphanObjectsKey  = "number_of_orphan_objects"
+	NumberOfWarningsKey       = "number_of_warnings"
+	PruneDurationKey          = "prune_duration_seconds"
+	DeleteDurationKey         = "delete_duration_seconds"
+	ValidateDurationKey       = "validate_duration_seconds"
+)
+
+var (
+	deploymentDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      DeploymentDurationKey,
+		Help:      "How long a single deployment takes in seconds.",
+	}, []string{"namespace", "name", "mode"})
+
+	numberOfChangedObjects = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      NumberOfChangedObjectsKey,
+		Help:      "How many objects have been changed by a single project.",
+	}, []string{"namespace", "name"})
+
+	numberOfDeletedObjects = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      NumberOfDeletedObjectsKey,
+		Help:      "How many things has been deleted by a single project.",
+	}, []string{"namespace", "name"})
+
+	numberOfErrors = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      NumberOfErrorsKey,
+		Help:      "How many errors are related to a single project.",
+	}, []string{"namespace", "name", "action"})
+
+	numberOfOrphanObjects = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      NumberOfOrphanObjectsKey,
+		Help:      "How many orphans are related to a single project.",
+	}, []string{"namespace", "name"})
+
+	numberOfWarnings = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      NumberOfWarningsKey,
+		Help:      "How many warnings are related to a single project.",
+	}, []string{"namespace", "name", "action"})
+
+	pruneDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      PruneDurationKey,
+		Help:      "How long a single prune takes in seconds.",
+	}, []string{"namespace", "name"})
+
+	deleteDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      DeleteDurationKey,
+		Help:      "How long a single delete takes in seconds.",
+	}, []string{"namespace", "name"})
+
+	validateDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      ValidateDurationKey,
+		Help:      "How long a single validate takes in seconds.",
+	}, []string{"namespace", "name"})
+)
+
+func init() {
+	metrics.Registry.MustRegister(deploymentDuration)
+	metrics.Registry.MustRegister(numberOfChangedObjects)
+	metrics.Registry.MustRegister(numberOfDeletedObjects)
+	metrics.Registry.MustRegister(numberOfErrors)
+	metrics.Registry.MustRegister(numberOfOrphanObjects)
+	metrics.Registry.MustRegister(numberOfWarnings)
+	metrics.Registry.MustRegister(pruneDuration)
+	metrics.Registry.MustRegister(deleteDuration)
+	metrics.Registry.MustRegister(validateDuration)
+}
+
+func NewKluctlDeploymentDuration(namespace string, name string, mode string) prometheus.Observer {
+	return deploymentDuration.WithLabelValues(namespace, name, mode)
+}
+
+func NewKluctlNumberOfChangedObjects(namespace string, name string) prometheus.Gauge {
+	return numberOfChangedObjects.WithLabelValues(namespace, name)
+}
+
+func NewKluctlNumberOfDeletedObjects(namespace string, name string) prometheus.Gauge {
+	return numberOfDeletedObjects.WithLabelValues(namespace, name)
+}
+
+func NewKluctlNumberOfErrors(namespace string, name string, action string) prometheus.Gauge {
+	return numberOfErrors.WithLabelValues(namespace, name, action)
+}
+
+func NewKluctlNumberOfOrphanObjects(namespace string, name string) prometheus.Gauge {
+	return numberOfOrphanObjects.WithLabelValues(namespace, name)
+}
+
+func NewKluctlNumberOfWarnings(namespace string, name string, action string) prometheus.Gauge {
+	return numberOfWarnings.WithLabelValues(namespace, name, action)
+}
+
+func NewKluctlPruneDuration(namespace string, name string) prometheus.Observer {
+	return pruneDuration.WithLabelValues(namespace, name)
+}
+
+func NewKluctlDeleteDuration(namespace string, name string) prometheus.Observer {
+	return deleteDuration.WithLabelValues(namespace, name)
+}
+
+func NewKluctlValidateDuration(namespace string, name string) prometheus.Observer {
+	return validateDuration.WithLabelValues(namespace, name)
+}
diff --git a/pkg/controllers/internal/metrics/kluctldeployment_controller.go b/pkg/controllers/internal/metrics/kluctldeployment_controller.go
new file mode 100644
index 000000000..8900146ad
--- /dev/null
+++ b/pkg/controllers/internal/metrics/kluctldeployment_controller.go
@@ -0,0 +1,89 @@
+package metrics
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
+)
+
+// Metrics subsystem and all keys used by the kluctldeployment controller.
+const (
+	KluctlDeploymentControllerSubsystem = "kluctldeployments"
+
+	DeploymentIntervalKey = "deployment_interval_seconds"
+	DryRunEnabledKey      = "dry_run_enabled"
+	LastObjectStatusKey   = "last_object_status"
+	PruneEnabledKey       = "prune_enabled"
+	DeleteEnabledKey      = "delete_enabled"
+	SourceSpecKey         = "source_spec"
+)
+
+var (
+	deploymentInterval = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      DeploymentIntervalKey,
+		Help:      "The configured deployment interval of a single deployment.",
+	}, []string{"namespace", "name"})
+
+	dryRunEnabled = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      DryRunEnabledKey,
+		Help:      "Is dry-run enabled for a single deployment.",
+	}, []string{"namespace", "name"})
+
+	lastObjectStatus = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      LastObjectStatusKey,
+		Help:      "Last object status of a single deployment.",
+	}, []string{"namespace", "name"})
+
+	pruneEnabled = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      PruneEnabledKey,
+		Help:      "Is pruning enabled for a single deployment.",
+	}, []string{"namespace", "name"})
+
+	deleteEnabled = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      DeleteEnabledKey,
+		Help:      "Is deletion enabled for a single deployment.",
+	}, []string{"namespace", "name"})
+
+	sourceSpec = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      SourceSpecKey,
+		Help:      "The configured source spec of a single deployment.",
+	}, []string{"namespace", "name", "url", "path", "ref"})
+)
+
+func init() {
+	metrics.Registry.MustRegister(deploymentInterval)
+	metrics.Registry.MustRegister(dryRunEnabled)
+	metrics.Registry.MustRegister(lastObjectStatus)
+	metrics.Registry.MustRegister(pruneEnabled)
+	metrics.Registry.MustRegister(deleteEnabled)
+	metrics.Registry.MustRegister(sourceSpec)
+}
+
+func NewKluctlDeploymentInterval(namespace string, name string) prometheus.Gauge {
+	return dryRunEnabled.WithLabelValues(namespace, name)
+}
+
+func NewKluctlDryRunEnabled(namespace string, name string) prometheus.Gauge {
+	return dryRunEnabled.WithLabelValues(namespace, name)
+}
+
+func NewKluctlLastObjectStatus(namespace string, name string) prometheus.Gauge {
+	return lastObjectStatus.WithLabelValues(namespace, name)
+}
+
+func NewKluctlPruneEnabled(namespace string, name string) prometheus.Gauge {
+	return pruneEnabled.WithLabelValues(namespace, name)
+}
+
+func NewKluctlDeleteEnabled(namespace string, name string) prometheus.Gauge {
+	return deleteEnabled.WithLabelValues(namespace, name)
+}
+
+func NewKluctlSourceSpec(namespace string, name string, url string, path string, ref string) prometheus.Gauge {
+	return sourceSpec.WithLabelValues(namespace, name, url, path, ref)
+}
diff --git a/pkg/controllers/internal/sops/LICENSE b/pkg/controllers/internal/sops/LICENSE
new file mode 100644
index 000000000..a612ad981
--- /dev/null
+++ b/pkg/controllers/internal/sops/LICENSE
@@ -0,0 +1,373 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
diff --git a/pkg/controllers/internal/sops/aws_config.go b/pkg/controllers/internal/sops/aws_config.go
new file mode 100644
index 000000000..fe00c00c2
--- /dev/null
+++ b/pkg/controllers/internal/sops/aws_config.go
@@ -0,0 +1,24 @@
+package sops
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"go.mozilla.org/sops/v3/kms"
+	"sigs.k8s.io/yaml"
+)
+
+// LoadCredsProviderFromYaml parses the given YAML returns a CredsProvider object
+// which contains the credentials provider used for authenticating towards AWS KMS.
+func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error) {
+	credInfo := struct {
+		AccessKeyID     string `json:"aws_access_key_id"`
+		SecretAccessKey string `json:"aws_secret_access_key"`
+		SessionToken    string `json:"aws_session_token"`
+	}{}
+	if err := yaml.Unmarshal(b, &credInfo); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal AWS credentials file: %w", err)
+	}
+	cp := kms.NewCredentialsProvider(credentials.NewStaticCredentialsProvider(credInfo.AccessKeyID, credInfo.SecretAccessKey, credInfo.SessionToken))
+
+	return cp, nil
+}
diff --git a/pkg/controllers/internal/sops/azure_config.go b/pkg/controllers/internal/sops/azure_config.go
new file mode 100644
index 000000000..0b654b7b0
--- /dev/null
+++ b/pkg/controllers/internal/sops/azure_config.go
@@ -0,0 +1,156 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package sops
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"github.com/dimchansky/utfbom"
+	"io/ioutil"
+	"unicode/utf16"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"sigs.k8s.io/yaml"
+)
+
+// LoadAADConfigFromBytes attempts to load the given bytes into the given AADConfig.
+// By first decoding it if UTF-16, and then unmarshalling it into the given struct.
+// It returns an error for any failure.
+func LoadAADConfigFromBytes(b []byte, s *AADConfig) error {
+	b, err := decode(b)
+	if err != nil {
+		return fmt.Errorf("failed to decode Azure authentication file bytes: %w", err)
+	}
+	if err = yaml.Unmarshal(b, s); err != nil {
+		err = fmt.Errorf("failed to unmarshal Azure authentication file: %w", err)
+	}
+	return err
+}
+
+// AADConfig contains the selection of fields from an Azure authentication file
+// required for Active Directory authentication.
+type AADConfig struct {
+	AZConfig
+	TenantID                   string `json:"tenantId,omitempty"`
+	ClientID                   string `json:"clientId,omitempty"`
+	ClientSecret               string `json:"clientSecret,omitempty"`
+	ClientCertificate          string `json:"clientCertificate,omitempty"`
+	ClientCertificatePassword  string `json:"clientCertificatePassword,omitempty"`
+	ClientCertificateSendChain bool   `json:"clientCertificateSendChain,omitempty"`
+	AuthorityHost              string `json:"authorityHost,omitempty"`
+}
+
+// AZConfig contains the Service Principal fields as generated by `az`.
+// Ref: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#manually-create-a-service-principal
+type AZConfig struct {
+	AppID    string `json:"appId,omitempty"`
+	Tenant   string `json:"tenant,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+// TokenFromAADConfig attempts to construct a Token using the AADConfig values.
+// It detects credentials in the following order:
+//
+//   - azidentity.ClientSecretCredential when `tenantId`, `clientId` and
+//     `clientSecret` fields are found.
+//   - azidentity.ClientCertificateCredential when `tenantId`,
+//     `clientCertificate` (and optionally `clientCertificatePassword`) fields
+//     are found.
+//   - azidentity.ClientSecretCredential when AZConfig fields are found.
+//   - azidentity.ManagedIdentityCredential for a User ID, when a `clientId`
+//     field but no `tenantId` is found.
+//
+// If no set of credentials is found or the azcore.TokenCredential can not be
+// created, an error is returned.
+func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error) {
+	var token azcore.TokenCredential
+	if c.TenantID != "" && c.ClientID != "" {
+		if c.ClientSecret != "" {
+			if token, err = azidentity.NewClientSecretCredential(c.TenantID, c.ClientID, c.ClientSecret, &azidentity.ClientSecretCredentialOptions{
+				ClientOptions: azcore.ClientOptions{
+					Cloud: c.GetCloudConfig(),
+				},
+			}); err != nil {
+				return
+			}
+			return token, nil
+		}
+		if c.ClientCertificate != "" {
+			certs, pk, err := azidentity.ParseCertificates([]byte(c.ClientCertificate), []byte(c.ClientCertificatePassword))
+			if err != nil {
+				return nil, err
+			}
+			if token, err = azidentity.NewClientCertificateCredential(c.TenantID, c.ClientID, certs, pk, &azidentity.ClientCertificateCredentialOptions{
+				SendCertificateChain: c.ClientCertificateSendChain,
+				ClientOptions: azcore.ClientOptions{
+					Cloud: c.GetCloudConfig(),
+				},
+			}); err != nil {
+				return nil, err
+			}
+			return token, nil
+		}
+	}
+
+	switch {
+	case c.Tenant != "" && c.AppID != "" && c.Password != "":
+		if token, err = azidentity.NewClientSecretCredential(c.Tenant, c.AppID, c.Password, &azidentity.ClientSecretCredentialOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: c.GetCloudConfig(),
+			},
+		}); err != nil {
+			return
+		}
+		return token, nil
+	case c.ClientID != "":
+		if token, err = azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
+			ID: azidentity.ClientID(c.ClientID),
+		}); err != nil {
+			return
+		}
+		return token, nil
+	default:
+		return nil, fmt.Errorf("invalid data: requires a '%s' field, a combination of '%s', '%s' and '%s', or '%s', '%s' and '%s'",
+			"clientId", "tenantId", "clientId", "clientSecret", "tenantId", "clientId", "clientCertificate")
+	}
+}
+
+// GetCloudConfig returns a cloud.Configuration with the AuthorityHost, or the
+// Azure Public Cloud default.
+func (s AADConfig) GetCloudConfig() cloud.Configuration {
+	if s.AuthorityHost != "" {
+		return cloud.Configuration{
+			ActiveDirectoryAuthorityHost: s.AuthorityHost,
+			Services:                     map[cloud.ServiceName]cloud.ServiceConfiguration{},
+		}
+	}
+	return cloud.AzurePublic
+}
+
+func decode(b []byte) ([]byte, error) {
+	reader, enc := utfbom.Skip(bytes.NewReader(b))
+	switch enc {
+	case utfbom.UTF16LittleEndian:
+		u16 := make([]uint16, (len(b)/2)-1)
+		err := binary.Read(reader, binary.LittleEndian, &u16)
+		if err != nil {
+			return nil, err
+		}
+		return []byte(string(utf16.Decode(u16))), nil
+	case utfbom.UTF16BigEndian:
+		u16 := make([]uint16, (len(b)/2)-1)
+		err := binary.Read(reader, binary.BigEndian, &u16)
+		if err != nil {
+			return nil, err
+		}
+		return []byte(string(utf16.Decode(u16))), nil
+	}
+	return ioutil.ReadAll(reader)
+}
diff --git a/pkg/controllers/internal/sops/key_server_from_secret.go b/pkg/controllers/internal/sops/key_server_from_secret.go
new file mode 100644
index 000000000..f687825d9
--- /dev/null
+++ b/pkg/controllers/internal/sops/key_server_from_secret.go
@@ -0,0 +1,106 @@
+package sops
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/azkv"
+	"go.mozilla.org/sops/v3/hcvault"
+	"go.mozilla.org/sops/v3/keyservice"
+	"go.mozilla.org/sops/v3/kms"
+	"go.mozilla.org/sops/v3/pgp"
+	corev1 "k8s.io/api/core/v1"
+	"path/filepath"
+	"strings"
+)
+
+const (
+	// DecryptionPGPExt is the extension of the file containing an armored PGP
+	// key.
+	DecryptionPGPExt = ".asc"
+	// DecryptionAgeExt is the extension of the file containing an age key
+	// file.
+	DecryptionAgeExt = ".agekey"
+	// DecryptionVaultTokenFileName is the name of the file containing the
+	// Hashicorp Vault token.
+	DecryptionVaultTokenFileName = "sops.vault-token"
+	// DecryptionAWSKmsFile is the name of the file containing the AWS KMS
+	// credentials.
+	DecryptionAWSKmsFile = "sops.aws-kms"
+	// DecryptionAzureAuthFile is the name of the file containing the Azure
+	// credentials.
+	DecryptionAzureAuthFile = "sops.azure-kv"
+	// DecryptionGCPCredsFile is the name of the file containing the GCP
+	// credentials.
+	DecryptionGCPCredsFile = "sops.gcp-kms"
+)
+
+func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, opts ...intkeyservice.ServerOption) (keyservice.KeyServiceClient, error) {
+	gnuPGHome := pgp.GnuPGHome(gnuPGHomeDir)
+
+	var ageIdentities age.ParsedIdentities
+	var vaultToken hcvault.Token
+	var awsCredsProvider *kms.CredentialsProvider
+	var azureToken azcore.TokenCredential
+	var gcpCredsJSON []byte
+
+	var err error
+
+	for name, value := range secret.Data {
+		switch filepath.Ext(name) {
+		case DecryptionPGPExt:
+			if err = gnuPGHome.Import(value); err != nil {
+				return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
+			}
+		case DecryptionAgeExt:
+			if err = ageIdentities.Import(string(value)); err != nil {
+				return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
+			}
+		case filepath.Ext(DecryptionVaultTokenFileName):
+			// Make sure we have the absolute name
+			if name == DecryptionVaultTokenFileName {
+				token := string(value)
+				token = strings.Trim(strings.TrimSpace(token), "\n")
+				vaultToken = hcvault.Token(token)
+			}
+		case filepath.Ext(DecryptionAWSKmsFile):
+			if name == DecryptionAWSKmsFile {
+				if awsCredsProvider, err = LoadCredsProviderFromYaml(value); err != nil {
+					return nil, fmt.Errorf("failed to import data from decryption Secret '%s': %w", name, err)
+				}
+			}
+		case filepath.Ext(DecryptionAzureAuthFile):
+			// Make sure we have the absolute name
+			if name == DecryptionAzureAuthFile {
+				conf := AADConfig{}
+				if err = LoadAADConfigFromBytes(value, &conf); err != nil {
+					return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
+				}
+				if azureToken, err = TokenFromAADConfig(conf); err != nil {
+					return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
+				}
+			}
+		case filepath.Ext(DecryptionGCPCredsFile):
+			if name == DecryptionGCPCredsFile {
+				gcpCredsJSON = bytes.Trim(value, "\n")
+			}
+		}
+	}
+
+	serverOpts := []intkeyservice.ServerOption{
+		intkeyservice.WithGnuPGHome(gnuPGHome),
+		intkeyservice.WithVaultToken(vaultToken),
+		intkeyservice.WithAgeIdentities(ageIdentities),
+		intkeyservice.WithGCPCredsJSON(gcpCredsJSON),
+	}
+	serverOpts = append(serverOpts, opts...)
+	if azureToken != nil {
+		serverOpts = append(serverOpts, intkeyservice.WithAzureToken{Token: azkv.NewTokenCredential(azureToken)})
+	}
+	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: awsCredsProvider})
+	server := intkeyservice.NewServer(serverOpts...)
+
+	return keyservice.NewCustomLocalClient(server), nil
+}
diff --git a/pkg/controllers/internal/sops/key_server_from_service_account.go b/pkg/controllers/internal/sops/key_server_from_service_account.go
new file mode 100644
index 000000000..105e27ea5
--- /dev/null
+++ b/pkg/controllers/internal/sops/key_server_from_service_account.go
@@ -0,0 +1,91 @@
+package sops
+
+import (
+	"context"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/arn"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/smithy-go/logging"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
+	"go.mozilla.org/sops/v3/kms"
+	authenticationv1 "k8s.io/api/authentication/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error) {
+	var serverOpts []intkeyservice.ServerOption
+
+	x, err := withAWSWebIdentity(ctx, client, sa)
+	if err != nil {
+		return nil, err
+	}
+	serverOpts = append(serverOpts, x...)
+
+	server := intkeyservice.NewServer(serverOpts...)
+	return keyservice.NewCustomLocalClient(server), nil
+}
+
+type webIdentityToken string
+
+func (t webIdentityToken) GetIdentityToken() ([]byte, error) {
+	return []byte(t), nil
+}
+
+func withAWSWebIdentity(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) ([]intkeyservice.ServerOption, error) {
+	roleArnStr := ""
+	if sa.GetAnnotations() != nil {
+		roleArnStr, _ = sa.GetAnnotations()["eks.amazonaws.com/role-arn"]
+	}
+	if roleArnStr == "" {
+		return nil, nil
+	}
+	roleArn, err := arn.Parse(roleArnStr)
+	if err != nil {
+		return nil, err
+	}
+
+	exp := int64(60 * 10)
+
+	tokenRequest := authenticationv1.TokenRequest{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      sa.Name,
+			Namespace: sa.Namespace,
+		},
+		Spec: authenticationv1.TokenRequestSpec{
+			Audiences:         []string{"sts.amazonaws.com"},
+			ExpirationSeconds: &exp,
+		},
+	}
+
+	err = client.SubResource("token").Create(ctx, sa, &tokenRequest)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create token for AWS STS: %w", err)
+	}
+
+	cfg := aws.Config{
+		Credentials: aws.AnonymousCredentials{},
+		Logger:      logging.NewStandardLogger(os.Stderr),
+		Region:      roleArn.Region,
+	}
+	if cfg.Region == "" {
+		cfg.Region = "aws-global"
+	}
+
+	optFns := []func(*stscreds.WebIdentityRoleOptions){
+		func(options *stscreds.WebIdentityRoleOptions) {
+			options.RoleSessionName = "kluctl-sops-decrypter"
+		},
+	}
+
+	provider := stscreds.NewWebIdentityRoleProvider(sts.NewFromConfig(cfg), roleArnStr, webIdentityToken(tokenRequest.Status.Token), optFns...)
+
+	var serverOpts []intkeyservice.ServerOption
+	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(provider)})
+	return serverOpts, nil
+}
diff --git a/pkg/controllers/internal/sops/keyservice/keyservice.go b/pkg/controllers/internal/sops/keyservice/keyservice.go
new file mode 100644
index 000000000..4d2dda569
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/keyservice.go
@@ -0,0 +1,23 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package keyservice
+
+import (
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/keys"
+	"go.mozilla.org/sops/v3/pgp"
+)
+
+// IsOfflineMethod returns true for offline decrypt methods or false otherwise
+func IsOfflineMethod(mk keys.MasterKey) bool {
+	switch mk.(type) {
+	case *pgp.MasterKey, *age.MasterKey:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/pkg/controllers/internal/sops/keyservice/options.go b/pkg/controllers/internal/sops/keyservice/options.go
new file mode 100644
index 000000000..555452ceb
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/options.go
@@ -0,0 +1,87 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package keyservice
+
+import (
+	extage "filippo.io/age"
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/azkv"
+	"go.mozilla.org/sops/v3/gcpkms"
+	"go.mozilla.org/sops/v3/hcvault"
+	"go.mozilla.org/sops/v3/keyservice"
+	"go.mozilla.org/sops/v3/kms"
+	"go.mozilla.org/sops/v3/pgp"
+)
+
+// ServerOption is some configuration that modifies the Server.
+type ServerOption interface {
+	// ApplyToServer applies this configuration to the given Server.
+	ApplyToServer(s *Server)
+}
+
+// WithGnuPGHome configures the GnuPG home directory on the Server.
+type WithGnuPGHome string
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithGnuPGHome) ApplyToServer(s *Server) {
+	s.gnuPGHome = pgp.GnuPGHome(o)
+}
+
+// WithVaultToken configures the Hashicorp Vault token on the Server.
+type WithVaultToken string
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithVaultToken) ApplyToServer(s *Server) {
+	s.vaultToken = hcvault.Token(o)
+}
+
+// WithAgeIdentities configures the parsed age identities on the Server.
+type WithAgeIdentities []extage.Identity
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithAgeIdentities) ApplyToServer(s *Server) {
+	s.ageIdentities = age.ParsedIdentities(o)
+}
+
+// WithAWSKeys configures the AWS credentials on the Server
+type WithAWSKeys struct {
+	CredsProvider *kms.CredentialsProvider
+}
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithAWSKeys) ApplyToServer(s *Server) {
+	s.awsCredsProvider = o.CredsProvider
+}
+
+// WithGCPCredsJSON configures the GCP service account credentials JSON on the
+// Server.
+type WithGCPCredsJSON []byte
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithGCPCredsJSON) ApplyToServer(s *Server) {
+	s.gcpCredsJSON = gcpkms.CredentialJSON(o)
+}
+
+// WithAzureToken configures the Azure credential token on the Server.
+type WithAzureToken struct {
+	Token *azkv.TokenCredential
+}
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithAzureToken) ApplyToServer(s *Server) {
+	s.azureToken = o.Token
+}
+
+// WithDefaultServer configures the fallback default server on the Server.
+type WithDefaultServer struct {
+	Server keyservice.KeyServiceServer
+}
+
+// ApplyToServer applies this configuration to the given Server.
+func (o WithDefaultServer) ApplyToServer(s *Server) {
+	s.defaultServer = o.Server
+}
diff --git a/pkg/controllers/internal/sops/keyservice/server.go b/pkg/controllers/internal/sops/keyservice/server.go
new file mode 100644
index 000000000..584516957
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/server.go
@@ -0,0 +1,363 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package keyservice
+
+import (
+	"fmt"
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/azkv"
+	"go.mozilla.org/sops/v3/gcpkms"
+	"go.mozilla.org/sops/v3/hcvault"
+	"go.mozilla.org/sops/v3/keyservice"
+	"go.mozilla.org/sops/v3/kms"
+	"go.mozilla.org/sops/v3/pgp"
+
+	"golang.org/x/net/context"
+)
+
+// Server is a key service server that uses SOPS MasterKeys to fulfill
+// requests. It intercepts Encrypt and Decrypt requests made for key types
+// that need to run in a contained environment, instead of the default
+// implementation which heavily utilizes environment variables or the runtime
+// environment. Any request not handled by the Server is forwarded to the
+// embedded default server.
+type Server struct {
+	// gnuPGHome is the GnuPG home directory used for the Encrypt and Decrypt
+	// operations for PGP key types.
+	// When empty, the requests will be handled using the systems' runtime
+	// keyring.
+	gnuPGHome pgp.GnuPGHome
+
+	// ageIdentities are the parsed age identities used for Decrypt
+	// operations for age key types.
+	ageIdentities age.ParsedIdentities
+
+	// vaultToken is the token used for Encrypt and Decrypt operations of
+	// Hashicorp Vault requests.
+	// When empty, the request will be handled by defaultServer.
+	vaultToken hcvault.Token
+
+	// azureToken is the credential token used for Encrypt and Decrypt
+	// operations of Azure Key Vault requests.
+	// When nil, the request will be handled by defaultServer.
+	azureToken *azkv.TokenCredential
+
+	// awsCredsProvider is the Credentials object used for Encrypt and Decrypt
+	// operations of AWS KMS requests.
+	// When nil, the request will be handled by defaultServer.
+	awsCredsProvider *kms.CredentialsProvider
+
+	// gcpCredsJSON is the JSON credentials used for Decrypt and Encrypt
+	// operations of GCP KMS requests. When nil, a default client with
+	// environmental runtime settings will be used.
+	gcpCredsJSON gcpkms.CredentialJSON
+
+	// defaultServer is the fallback server, used to handle any request that
+	// is not eligible to be handled by this Server.
+	defaultServer keyservice.KeyServiceServer
+}
+
+// NewServer constructs a new Server, configuring it with the provided options
+// before returning the result.
+// When WithDefaultServer() is not provided as an option, the SOPS server
+// implementation is configured as default.
+func NewServer(options ...ServerOption) keyservice.KeyServiceServer {
+	s := &Server{}
+	for _, opt := range options {
+		opt.ApplyToServer(s)
+	}
+	if s.defaultServer == nil {
+		s.defaultServer = &keyservice.Server{
+			Prompt: false,
+		}
+	}
+	return s
+}
+
+// Encrypt takes an encrypt request and encrypts the provided plaintext with
+// the provided key, returning the encrypted result.
+func (ks Server) Encrypt(ctx context.Context, req *keyservice.EncryptRequest) (*keyservice.EncryptResponse, error) {
+	key := req.Key
+	switch k := key.KeyType.(type) {
+	case *keyservice.Key_PgpKey:
+		ciphertext, err := ks.encryptWithPgp(k.PgpKey, req.Plaintext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.EncryptResponse{
+			Ciphertext: ciphertext,
+		}, nil
+	case *keyservice.Key_AgeKey:
+		ciphertext, err := ks.encryptWithAge(k.AgeKey, req.Plaintext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.EncryptResponse{
+			Ciphertext: ciphertext,
+		}, nil
+	case *keyservice.Key_VaultKey:
+		if ks.vaultToken != "" {
+			ciphertext, err := ks.encryptWithHCVault(k.VaultKey, req.Plaintext)
+			if err != nil {
+				return nil, err
+			}
+			return &keyservice.EncryptResponse{
+				Ciphertext: ciphertext,
+			}, nil
+		}
+	case *keyservice.Key_KmsKey:
+		cipherText, err := ks.encryptWithAWSKMS(k.KmsKey, req.Plaintext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.EncryptResponse{
+			Ciphertext: cipherText,
+		}, nil
+	case *keyservice.Key_AzureKeyvaultKey:
+		if ks.azureToken != nil {
+			ciphertext, err := ks.encryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Plaintext)
+			if err != nil {
+				return nil, err
+			}
+			return &keyservice.EncryptResponse{
+				Ciphertext: ciphertext,
+			}, nil
+		}
+	case *keyservice.Key_GcpKmsKey:
+		ciphertext, err := ks.encryptWithGCPKMS(k.GcpKmsKey, req.Plaintext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.EncryptResponse{
+			Ciphertext: ciphertext,
+		}, nil
+	case nil:
+		return nil, fmt.Errorf("must provide a key")
+	}
+	// Fallback to default server for any other request.
+	return ks.defaultServer.Encrypt(ctx, req)
+}
+
+// Decrypt takes a decrypt request and decrypts the provided ciphertext with
+// the provided key, returning the decrypted result.
+func (ks Server) Decrypt(ctx context.Context, req *keyservice.DecryptRequest) (*keyservice.DecryptResponse, error) {
+	key := req.Key
+	switch k := key.KeyType.(type) {
+	case *keyservice.Key_PgpKey:
+		plaintext, err := ks.decryptWithPgp(k.PgpKey, req.Ciphertext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.DecryptResponse{
+			Plaintext: plaintext,
+		}, nil
+	case *keyservice.Key_AgeKey:
+		plaintext, err := ks.decryptWithAge(k.AgeKey, req.Ciphertext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.DecryptResponse{
+			Plaintext: plaintext,
+		}, nil
+	case *keyservice.Key_VaultKey:
+		if ks.vaultToken != "" {
+			plaintext, err := ks.decryptWithHCVault(k.VaultKey, req.Ciphertext)
+			if err != nil {
+				return nil, err
+			}
+			return &keyservice.DecryptResponse{
+				Plaintext: plaintext,
+			}, nil
+		}
+	case *keyservice.Key_KmsKey:
+		plaintext, err := ks.decryptWithAWSKMS(k.KmsKey, req.Ciphertext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.DecryptResponse{
+			Plaintext: plaintext,
+		}, nil
+	case *keyservice.Key_AzureKeyvaultKey:
+		if ks.azureToken != nil {
+			plaintext, err := ks.decryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Ciphertext)
+			if err != nil {
+				return nil, err
+			}
+			return &keyservice.DecryptResponse{
+				Plaintext: plaintext,
+			}, nil
+		}
+	case *keyservice.Key_GcpKmsKey:
+		plaintext, err := ks.decryptWithGCPKMS(k.GcpKmsKey, req.Ciphertext)
+		if err != nil {
+			return nil, err
+		}
+		return &keyservice.DecryptResponse{
+			Plaintext: plaintext,
+		}, nil
+	case nil:
+		return nil, fmt.Errorf("must provide a key")
+	}
+	// Fallback to default server for any other request.
+	return ks.defaultServer.Decrypt(ctx, req)
+}
+
+func (ks *Server) encryptWithPgp(key *keyservice.PgpKey, plaintext []byte) ([]byte, error) {
+	pgpKey := pgp.NewMasterKeyFromFingerprint(key.Fingerprint)
+	if ks.gnuPGHome != "" {
+		ks.gnuPGHome.ApplyToMasterKey(pgpKey)
+	}
+	err := pgpKey.Encrypt(plaintext)
+	if err != nil {
+		return nil, err
+	}
+	return []byte(pgpKey.EncryptedKey), nil
+}
+
+func (ks *Server) decryptWithPgp(key *keyservice.PgpKey, ciphertext []byte) ([]byte, error) {
+	pgpKey := pgp.NewMasterKeyFromFingerprint(key.Fingerprint)
+	if ks.gnuPGHome != "" {
+		ks.gnuPGHome.ApplyToMasterKey(pgpKey)
+	}
+	pgpKey.EncryptedKey = string(ciphertext)
+	plaintext, err := pgpKey.Decrypt()
+	return plaintext, err
+}
+
+func (ks Server) encryptWithAge(key *keyservice.AgeKey, plaintext []byte) ([]byte, error) {
+	// Unlike the other encrypt and decrypt methods, validation of configuration
+	// is not required here. As the encryption happens purely based on the
+	// Recipient from the key.
+
+	ageKey := age.MasterKey{
+		Recipient: key.Recipient,
+	}
+	if err := ageKey.Encrypt(plaintext); err != nil {
+		return nil, err
+	}
+	return []byte(ageKey.EncryptedKey), nil
+}
+
+func (ks *Server) decryptWithAge(key *keyservice.AgeKey, ciphertext []byte) ([]byte, error) {
+	ageKey := age.MasterKey{
+		Recipient: key.Recipient,
+	}
+	ks.ageIdentities.ApplyToMasterKey(&ageKey)
+	ageKey.EncryptedKey = string(ciphertext)
+	plaintext, err := ageKey.Decrypt()
+	return plaintext, err
+}
+
+func (ks *Server) encryptWithHCVault(key *keyservice.VaultKey, plaintext []byte) ([]byte, error) {
+	vaultKey := hcvault.MasterKey{
+		VaultAddress: key.VaultAddress,
+		EnginePath:   key.EnginePath,
+		KeyName:      key.KeyName,
+	}
+	ks.vaultToken.ApplyToMasterKey(&vaultKey)
+	if err := vaultKey.Encrypt(plaintext); err != nil {
+		return nil, err
+	}
+	return []byte(vaultKey.EncryptedKey), nil
+}
+
+func (ks *Server) decryptWithHCVault(key *keyservice.VaultKey, ciphertext []byte) ([]byte, error) {
+	vaultKey := hcvault.MasterKey{
+		VaultAddress: key.VaultAddress,
+		EnginePath:   key.EnginePath,
+		KeyName:      key.KeyName,
+	}
+	vaultKey.EncryptedKey = string(ciphertext)
+	ks.vaultToken.ApplyToMasterKey(&vaultKey)
+	plaintext, err := vaultKey.Decrypt()
+	return plaintext, err
+}
+
+func (ks *Server) encryptWithAWSKMS(key *keyservice.KmsKey, plaintext []byte) ([]byte, error) {
+	context := make(map[string]*string)
+	for key, val := range key.Context {
+		val := val
+		context[key] = &val
+	}
+	awsKey := kms.MasterKey{
+		Arn:               key.Arn,
+		Role:              key.Role,
+		EncryptionContext: context,
+	}
+	if ks.awsCredsProvider != nil {
+		ks.awsCredsProvider.ApplyToMasterKey(&awsKey)
+	}
+	if err := awsKey.Encrypt(plaintext); err != nil {
+		return nil, err
+	}
+	return []byte(awsKey.EncryptedKey), nil
+}
+
+func (ks *Server) decryptWithAWSKMS(key *keyservice.KmsKey, cipherText []byte) ([]byte, error) {
+	context := make(map[string]*string)
+	for key, val := range key.Context {
+		val := val
+		context[key] = &val
+	}
+	awsKey := kms.MasterKey{
+		Arn:               key.Arn,
+		Role:              key.Role,
+		EncryptionContext: context,
+	}
+	awsKey.EncryptedKey = string(cipherText)
+
+	if ks.awsCredsProvider != nil {
+		ks.awsCredsProvider.ApplyToMasterKey(&awsKey)
+	}
+	return awsKey.Decrypt()
+}
+
+func (ks *Server) encryptWithAzureKeyVault(key *keyservice.AzureKeyVaultKey, plaintext []byte) ([]byte, error) {
+	azureKey := azkv.MasterKey{
+		VaultURL: key.VaultUrl,
+		Name:     key.Name,
+		Version:  key.Version,
+	}
+	ks.azureToken.ApplyToMasterKey(&azureKey)
+	if err := azureKey.Encrypt(plaintext); err != nil {
+		return nil, err
+	}
+	return []byte(azureKey.EncryptedKey), nil
+}
+
+func (ks *Server) decryptWithAzureKeyVault(key *keyservice.AzureKeyVaultKey, ciphertext []byte) ([]byte, error) {
+	azureKey := azkv.MasterKey{
+		VaultURL: key.VaultUrl,
+		Name:     key.Name,
+		Version:  key.Version,
+	}
+	ks.azureToken.ApplyToMasterKey(&azureKey)
+	azureKey.EncryptedKey = string(ciphertext)
+	plaintext, err := azureKey.Decrypt()
+	return plaintext, err
+}
+
+func (ks *Server) encryptWithGCPKMS(key *keyservice.GcpKmsKey, plaintext []byte) ([]byte, error) {
+	gcpKey := gcpkms.MasterKey{
+		ResourceID: key.ResourceId,
+	}
+	ks.gcpCredsJSON.ApplyToMasterKey(&gcpKey)
+	if err := gcpKey.Encrypt(plaintext); err != nil {
+		return nil, err
+	}
+	return gcpKey.EncryptedDataKey(), nil
+}
+
+func (ks *Server) decryptWithGCPKMS(key *keyservice.GcpKmsKey, ciphertext []byte) ([]byte, error) {
+	gcpKey := gcpkms.MasterKey{
+		ResourceID: key.ResourceId,
+	}
+	ks.gcpCredsJSON.ApplyToMasterKey(&gcpKey)
+	gcpKey.EncryptedKey = string(ciphertext)
+	plaintext, err := gcpKey.Decrypt()
+	return plaintext, err
+}
diff --git a/pkg/controllers/internal/sops/keyservice/server_test.go b/pkg/controllers/internal/sops/keyservice/server_test.go
new file mode 100644
index 000000000..d7e0b7b33
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/server_test.go
@@ -0,0 +1,249 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package keyservice
+
+import (
+	"fmt"
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/azkv"
+	"go.mozilla.org/sops/v3/gcpkms"
+	"go.mozilla.org/sops/v3/hcvault"
+	"go.mozilla.org/sops/v3/kms"
+	"go.mozilla.org/sops/v3/pgp"
+	"os"
+	"testing"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	. "github.com/onsi/gomega"
+	"go.mozilla.org/sops/v3/keyservice"
+	"golang.org/x/net/context"
+)
+
+func TestServer_EncryptDecrypt_PGP(t *testing.T) {
+	const (
+		mockPublicKey   = "testdata/public.gpg"
+		mockPrivateKey  = "testdata/private.gpg"
+		mockFingerprint = "B59DAF469E8C948138901A649732075EA221A7EA"
+	)
+
+	g := NewWithT(t)
+
+	gnuPGHome, err := pgp.NewGnuPGHome()
+	g.Expect(err).ToNot(HaveOccurred())
+	t.Cleanup(func() {
+		_ = os.RemoveAll(gnuPGHome.String())
+	})
+	g.Expect(gnuPGHome.ImportFile(mockPublicKey)).To(Succeed())
+
+	s := NewServer(WithGnuPGHome(gnuPGHome))
+	key := KeyFromMasterKey(pgp.NewMasterKeyFromFingerprint(mockFingerprint))
+	dataKey := []byte("some data key")
+	encResp, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key:       &key,
+		Plaintext: dataKey,
+	})
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(encResp.Ciphertext).ToNot(BeEmpty())
+	g.Expect(encResp.Ciphertext).ToNot(Equal(dataKey))
+
+	g.Expect(gnuPGHome.ImportFile(mockPrivateKey)).To(Succeed())
+	decResp, err := s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key:        &key,
+		Ciphertext: encResp.Ciphertext,
+	})
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(decResp.Plaintext).To(Equal(dataKey))
+}
+
+func TestServer_EncryptDecrypt_age(t *testing.T) {
+	g := NewWithT(t)
+
+	const (
+		mockRecipient string = "age1lzd99uklcjnc0e7d860axevet2cz99ce9pq6tzuzd05l5nr28ams36nvun"
+		mockIdentity  string = "AGE-SECRET-KEY-1G0Q5K9TV4REQ3ZSQRMTMG8NSWQGYT0T7TZ33RAZEE0GZYVZN0APSU24RK7"
+	)
+
+	s := NewServer()
+	key := KeyFromMasterKey(&age.MasterKey{Recipient: mockRecipient})
+	dataKey := []byte("some data key")
+	encResp, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key:       &key,
+		Plaintext: dataKey,
+	})
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(encResp.Ciphertext).ToNot(BeEmpty())
+	g.Expect(encResp.Ciphertext).ToNot(Equal(dataKey))
+
+	i := make(age.ParsedIdentities, 0)
+	g.Expect(i.Import(mockIdentity)).To(Succeed())
+
+	s = NewServer(WithAgeIdentities(i))
+	decResp, err := s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key:        &key,
+		Ciphertext: encResp.Ciphertext,
+	})
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(decResp.Plaintext).To(Equal(dataKey))
+}
+
+func TestServer_EncryptDecrypt_HCVault(t *testing.T) {
+	g := NewWithT(t)
+
+	s := NewServer(WithVaultToken("token"))
+	key := KeyFromMasterKey(hcvault.NewMasterKey("https://example.com", "engine-path", "key-name"))
+	_, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to encrypt sops data key to Vault transit backend"))
+
+	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to decrypt sops data key from Vault transit backend"))
+}
+
+func TestServer_EncryptDecrypt_HCVault_Fallback(t *testing.T) {
+	g := NewWithT(t)
+
+	fallback := NewMockKeyServer()
+	s := NewServer(WithDefaultServer{Server: fallback})
+
+	key := KeyFromMasterKey(hcvault.NewMasterKey("https://example.com", "engine-path", "key-name"))
+	encReq := &keyservice.EncryptRequest{
+		Key:       &key,
+		Plaintext: []byte("some data key"),
+	}
+	_, err := s.Encrypt(context.TODO(), encReq)
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(fallback.encryptReqs).To(HaveLen(1))
+	g.Expect(fallback.encryptReqs).To(ContainElement(encReq))
+	g.Expect(fallback.decryptReqs).To(HaveLen(0))
+
+	fallback = NewMockKeyServer()
+	s = NewServer(WithDefaultServer{Server: fallback})
+	decReq := &keyservice.DecryptRequest{
+		Key:        &key,
+		Ciphertext: []byte("some ciphertext"),
+	}
+	_, err = s.Decrypt(context.TODO(), decReq)
+	g.Expect(fallback.decryptReqs).To(HaveLen(1))
+	g.Expect(fallback.decryptReqs).To(ContainElement(decReq))
+	g.Expect(fallback.encryptReqs).To(HaveLen(0))
+}
+
+func TestServer_EncryptDecrypt_awskms(t *testing.T) {
+	g := NewWithT(t)
+	s := NewServer(WithAWSKeys{
+		CredsProvider: kms.NewCredentialsProvider(credentials.StaticCredentialsProvider{}),
+	})
+
+	key := KeyFromMasterKey(kms.NewMasterKeyFromArn("arn:aws:kms:us-west-2:107501996527:key/612d5f0p-p1l3-45e6-aca6-a5b005693a48", nil, ""))
+	_, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to encrypt sops data key with AWS KMS"))
+
+	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to decrypt sops data key with AWS KMS"))
+}
+
+func TestServer_EncryptDecrypt_azkv(t *testing.T) {
+	g := NewWithT(t)
+
+	identity, err := azidentity.NewDefaultAzureCredential(nil)
+	g.Expect(err).ToNot(HaveOccurred())
+	s := NewServer(WithAzureToken{Token: azkv.NewTokenCredential(identity)})
+
+	key := KeyFromMasterKey(azkv.NewMasterKey("", "", ""))
+	_, err = s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to encrypt sops data key with Azure Key Vault"))
+
+	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to decrypt sops data key with Azure Key Vault"))
+
+}
+
+func TestServer_EncryptDecrypt_azkv_Fallback(t *testing.T) {
+	g := NewWithT(t)
+
+	fallback := NewMockKeyServer()
+	s := NewServer(WithDefaultServer{Server: fallback})
+
+	key := KeyFromMasterKey(azkv.NewMasterKey("", "", ""))
+	encReq := &keyservice.EncryptRequest{
+		Key:       &key,
+		Plaintext: []byte("some data key"),
+	}
+	_, err := s.Encrypt(context.TODO(), encReq)
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(fallback.encryptReqs).To(HaveLen(1))
+	g.Expect(fallback.encryptReqs).To(ContainElement(encReq))
+	g.Expect(fallback.decryptReqs).To(HaveLen(0))
+
+	fallback = NewMockKeyServer()
+	s = NewServer(WithDefaultServer{Server: fallback})
+
+	decReq := &keyservice.DecryptRequest{
+		Key:        &key,
+		Ciphertext: []byte("some ciphertext"),
+	}
+	_, err = s.Decrypt(context.TODO(), decReq)
+	g.Expect(fallback.decryptReqs).To(HaveLen(1))
+	g.Expect(fallback.decryptReqs).To(ContainElement(decReq))
+	g.Expect(fallback.encryptReqs).To(HaveLen(0))
+}
+
+func TestServer_EncryptDecrypt_gcpkms(t *testing.T) {
+	g := NewWithT(t)
+
+	creds := `{ "client_id": "<client-id>.apps.googleusercontent.com",
+ 		"client_secret": "<secret>",
+		"type": "authorized_user"}`
+	s := NewServer(WithGCPCredsJSON([]byte(creds)))
+
+	resourceID := "projects/test-flux/locations/global/keyRings/test-flux/cryptoKeys/sops"
+	key := KeyFromMasterKey(gcpkms.NewMasterKeyFromResourceID(resourceID))
+	_, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to encrypt sops data key with GCP KMS"))
+
+	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
+		Key: &key,
+	})
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err.Error()).To(ContainSubstring("failed to decrypt sops data key with GCP KMS"))
+
+}
+
+func TestServer_EncryptDecrypt_Nil_KeyType(t *testing.T) {
+	g := NewWithT(t)
+
+	s := NewServer(WithDefaultServer{NewMockKeyServer()})
+
+	expectErr := fmt.Errorf("must provide a key")
+
+	_, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{Key: &keyservice.Key{KeyType: nil}})
+	g.Expect(err).To(Equal(expectErr))
+
+	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{Key: &keyservice.Key{KeyType: nil}})
+	g.Expect(err).To(Equal(expectErr))
+}
diff --git a/pkg/controllers/internal/sops/keyservice/testdata/private.gpg b/pkg/controllers/internal/sops/keyservice/testdata/private.gpg
new file mode 100644
index 000000000..f3ca23e77
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/testdata/private.gpg
@@ -0,0 +1,81 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQVYBGJGqrsBDAC7OxFP6Z2E+AkVZpQySjLFAeYJWdnadx0GOHnckOOFkQvVJauz
+9KibgzLUkO9h0oIoP7dLyPEiRPhKgmbrktyCDfysvNeKCgI5XemJCJqCmwA/vWwp
+GnVltcgsVVjVZ3vvD8VMfhKF77pkmMDj7mnCPw9x39R8SVpe2K9RO0QLk/Dt+o8t
+MO+sXTz4ba4aMdjJvMoaoQKw6RXAouZa4H09i6tiAgXrRLxQDxJ58sGg/ZCWa5G4
+aI6PdObY41fzQlcobtifCbktbICVb1Ms1s0iZWttFmr0oTSkJTv3FPWhf6n126w4
+LEkF9d6YW+/0H9cqXa4GMfxXg4XBmJNJfYkLDVUlbp3xi+I+Lg1Sit6QlqkW93EW
+etpYPK1KmDcW3IA6ausYnkyrcQbt1m5/hh9KJoQb6He/RytXEBxp90+v9y7THZGr
+2U49ZEHQg6DAIj4j1p9NAGgqjKr9am6yk2pvpK3ZWmHQ6CZfCiBrEPCvdmEhrx4U
+lj6wyd00YJknpDkAEQEAAQAL/iU3C+1g55TvAks1LP7D/cxn4LP6HpHMfEHoxtwf
+FoJNftcamkL2Pe9PSDK1Lke44nMimwnewoNHxzx0KAXqFpdpNVCWZpdC/wctEgbR
+ZXjRW17QBWg0IKKbW9LoEfS1EY7GiTZ3lrH1oQxuymRj1rSr+SNu1Jrxr5tLoalZ
+SOCuQsTiuUPHxtPxYnWUw3bkco1Cz780QscsRU0ZdAUbOvmZQfMEqO2HJ5EYNdl0
+daVM0Uj8z6Wibre4CkyQ/8HT7Qy+Z7fgGzcSfwSzqqVJ5GtJimHK8CfX3HnHovHm
+o7MtZGnr9fiug8m3XN8b1zM/ADXbVMXAmQY+QsI44bQPMxocLij3/HL5/oJvXGJ8
+rBc5xFbzvclteD2MPTHx7hpZP+ys84LpieMw9Fojk9/k1tfNNJEESVp1OTI42YFA
+bmQ52Qgehn6skcs1oAygsSjaoCkhFMnhHVNtOnoSUG+2O7xpaT6cSNV4ySo/0stQ
+85RrEu0skjzChI0D1Tb4o2qI2wYAyUQtUxwN46uqfo/NpzzBHujpizdQ9VJxfof5
+2xCrLZ2AzLAhhpiqUiNTu7PPC+fXh3T1ru4pOg6JZYc6Ok0R3Huu16S51wpK66LE
+xgSkzGRET1kZFYg4G99g7jgmhhOyKOeh7J1LL5raOETX7hoPfO9M99tmRSVBuHFr
+48e0SQpb/mf6yYEr5ndsX3uvONo+86rerWDigZhOyvIYY8OyMzof0h7UP1jOg0uG
+JGj80rQDdqb48mTZW+d4ZC+1EstzBgDuJcG+Z/ufe2cymUwZUS6gpWuFddhab09a
+ZeS4ojlg40Jv8LcBtX29tuFSk228YWWa10u7KOzVSc9MIIVYyfTNhUXyKr+tyAFg
+jwVXWqKsDo53uwWClCwB7cvmep0sArR2hx/JdO2zAOrc0Myhx0XhwFdvV3lnNzZr
+8hbXcwLtT/HGJVl3ivmiXyfWo2MZDlY7mAw5+84WaBqcmKe0+ugRFIOhvO9GR5cU
+NysXNfEur7qRuEKqFU6BPePg8olc/qMF/3undrcOcPfyME1VG1mKkBJDFek15VxZ
+URiLhKyQtDSR1BJKeicGiVPVVeLoqyQvslXihm3c7EPPnz+Q8fQiR4sUWbh2BgPv
+Ckv0CP5a4RqiuV9B9pXqew2voJtRB1fU95JWIV08CLlcqLVArZFlxvUAVmQDF64Z
+EW+2dvXr42+KwBWIteyblvlirVztknqoO3gyk3AvYe16uX9K1Mu+7xLUByg6Rv83
+duS2YUjm6xj/ogYD6wU0zUXQ5Lx0JhKzA+jktBVGbHV4IDxzb3BzQGZsdXhjZC5p
+bz6JAc4EEwEIADgWIQS1na9GnoyUgTiQGmSXMgdeoiGn6gUCYkaquwIbAwULCQgH
+AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCXMgdeoiGn6ppqDACakBksOfI9xkcV2J4o
+KkElDPzPMVlWeuulegHbS8R6srEJDxdR4jUpFVIlDp88xwMurpAZkwJdxzWLWj8N
+GuW5Z0s3WuM1h17BYE/ZKGc4pBf7/A2OzDhS8IrqNuE7kNfupPgorVwbuNs5C8ho
+w6MP7yqrxVOkWRcz1lx29FJIes+I46P+H/5rAv+4fiGWLj33wHhHpxTo4JWViYyl
+8S3aKN0yrpNqzU/b/cQoEydsNks8cuHBh4QMjH+1sh3s0ery2Z5VPBBccxGe94Sp
+vbh1fkhe2LIZKdfrh47WVPJVyUaUJC/JzCcINCNpGjpOxAIM8NxfUIF2k+SlgREN
+TQztXAnHYWHcTSP8ojbN8vODka6LMgEtOo0WB/H7/NvBDuc09izP1HwdNM2dTkPu
+plbmEdg9NkFgp+H8QgAxHGWVN22gzYaxJVO9PFrpF2D83Zch4zAYt/wYEWC/SK9A
+cdbevVdetFPCCV5dSJCWq+e9llnJaxR4bDbTf3EQW7aulg2dBVgEYkaquwEMAMQV
+snEOeBV1iX6hCiMWwgjnyS+ggIZN2F15NgM76VMLYMyOt7Y3nkBAFCZgEA9IymrC
+UiPSk+YzDtebWgprqAgNgqovSl2c1xuacjuHgpG7DQiV20sb752BMMDDEUY05YyQ
+a5NmCUqJIB2F0mxtIqbUpPgdHLSidgRX/5VjugKSlkD+JqURIpW6lmAaJ5RgbWbX
+Puuy8yFsHtd75jp5fQFDSMxSG30ZBQAky+4vw8zTxbOLdXS3FrZr6YvLfmAMafoG
+aZKAKEOxAZCp152JxUm6yvgXGIlgDDPLHyt5tpWwi98vw633NVE3MkKwic0HuSHE
+PXemwZJi3z4yaBsofv7HCo9KtGx4I+t/cqEk8qri3dPqsEkiWKfN3FdzKndgd894
+GtFlO22y9/8pcjpeG3ErTq4rTmo3lkLnxbGxgENDoPEcJ8Q/xu+ZAdjqs5kRnivQ
+57Qk0KCRU8HrzBDBWs13Sac8qbgR+Hvyq29UQJOQo0phKVOfb6oqym9ZsB8q7wAR
+AQABAAv/VMgu2exQJrMl6o8V03slFXWmywWCXM+u1CezH23ZojMCvR+eNlbRAWXT
+cI5Lk1g9UTDJFD0Z/sgnzDibE3Nd+XFiBFSjOlu0tHYwmyWp4nn2ljY5Vb3z+m2g
+F1CgmPMJJ6BQKzDMpqIotSsmAwSjHXBHDhKEVWQDVDh6RW0TwcYA2oQpUGjaw9Oj
+7lSQtXqGAxfhWEcNEe/uW+xx7OmXj6K4iMOdqBbXzyqZ1FhpuBf+3PVZKUh6tRBu
+sCeh8kSbEOh4xpPFcs17EAcZfXTfdo9vtqjQkRUASuEzctR/91qI3c7IPMFilSHo
+HdVQLyUiJTuY0k/00Je1QtPgh7lZtffkq6Bd11I53cfD+44l7g7Lcc2zFzuHjpyp
+F+SDBs3tD8uKqbam8Hnop49/BRe1mgNdzobUEem39zKNSXWqUFemr15sAW2J4SKM
+m657y0hdpGDE/QlD0ruE6sFFa8zk+92UElnzgyLl69YO139Sbjm+jSZfMVxm+nO6
+vrW16U75BgDIIH6PgZshXxMO1LzWxMP+d+6MWKpgeWYes/tkI6bfmM+LBh5/zzd2
+lV+9Zae/YJYMn30BrpWfE1uVcWVxlAilHYM92wtH8CjXIYkLhez5uTQQ7UKcLqyS
+3nmO+u5ADqwPeaygS+gTTWhRFX0F5dTYhXFQABiK94lfyMJ8tzmjAuwWxPINLL0m
+IdilK8crZayDarDBe2amiP/gG6W7zzIV8DvJn2ZZtlraFxTV8+mqq9Lh0cKJHT6/
+1/Lt90eubhcGAPrUTKv/jvMEZWlsw1HNzPfP+VyAtebmgDY0o2Rkpikaie/bsnAR
+umPuRdGNMct5UAG8WLrgO/RIFb0dsJy1CA+zvZdluAHFaq89ikwFrvcvegc0325w
+Iom8xiH0C9pLPiPcyFoFedQ3ZRaQB4oLhhikNDvD2ANA9HIY+k7dpfXP8LWY5jSs
+UM3NdXC8RIdBW7DllfDNjWi/xaAyBDxcXRBPuWjIYWlLcHjmqablB/xdmZgIEJoU
+VMPCRf7JAl3I6QX9Htkv4ocJyzRDxmhTuFdc7YOc3zmTqwx7/q+kuJDGROA1VeFT
+HCtWrSF7Ax5WNIIRRFH1AEk8j//2yoycVCWKNMXV0d8xeHblyGVX+Huhq8rsokNU
+MFbDY4wFDTzTK8F8fCa6Z0Q1nts6HOf5ZXv2xYMjyh93gJKF2/NhobX7noDMe/oR
+CUzbd6Ogg3JLqnlrfIhR/Kh3yk+w/FhGRiQsV1rIqx4FrWvA3CTkr2zHTAH/gQvt
+1CKrnh3iKiqJ9uV26yiJAbYEGAEIACAWIQS1na9GnoyUgTiQGmSXMgdeoiGn6gUC
+YkaquwIbDAAKCRCXMgdeoiGn6jSVDACYkZWrhX/TM6bBVCGvhzl3EmwHqMuMT/Qx
+N5Sc5QVawRD36+L/yuFYzK+MK9s9p5Z/9VmTsO/KQxcaPiuYub5vsJ38AxsaSiPE
+VCtXY1QH0R3AYMh7tCGW+qhyf8IZyynkiOIZmo8PdrSwRnBCWGPvHYqJEr7c5LJD
+0RYZFwR+ujPhr5mavERVziF2EfUor33la5vpax+CD+XLeMQaWorGegFN6wEpoGoQ
+1rP10xtM+txU7/w0fkYHaEzvQfnRN4QVNg/EgQx7U+HyklAM36tGYgj2CRF5qm+K
+Whv+ipymfmAngrjNMqcM15uXi1MF3UGFG7QkbKUBqpeK9UfG4lnZKHcSwhffcgL6
+clz1mGfriCEJvw9CfvlLm7RDM2m/MRxFr2yNQgpIJFoXgDVCthBCuH1dIMvhgCYA
+frIIYzTK2ZKLJlTv3O8SCTf1Zhjru2f3z85YAqOXmQUGYKrQZL2T9NE2mQnXL0n+
+sgS+XwT2h+fdCBJHJYmboxXpxC02xHY=
+=G8JF
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/pkg/controllers/internal/sops/keyservice/testdata/public.gpg b/pkg/controllers/internal/sops/keyservice/testdata/public.gpg
new file mode 100644
index 000000000..c59ba01a6
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/testdata/public.gpg
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGJGqrsBDAC7OxFP6Z2E+AkVZpQySjLFAeYJWdnadx0GOHnckOOFkQvVJauz
+9KibgzLUkO9h0oIoP7dLyPEiRPhKgmbrktyCDfysvNeKCgI5XemJCJqCmwA/vWwp
+GnVltcgsVVjVZ3vvD8VMfhKF77pkmMDj7mnCPw9x39R8SVpe2K9RO0QLk/Dt+o8t
+MO+sXTz4ba4aMdjJvMoaoQKw6RXAouZa4H09i6tiAgXrRLxQDxJ58sGg/ZCWa5G4
+aI6PdObY41fzQlcobtifCbktbICVb1Ms1s0iZWttFmr0oTSkJTv3FPWhf6n126w4
+LEkF9d6YW+/0H9cqXa4GMfxXg4XBmJNJfYkLDVUlbp3xi+I+Lg1Sit6QlqkW93EW
+etpYPK1KmDcW3IA6ausYnkyrcQbt1m5/hh9KJoQb6He/RytXEBxp90+v9y7THZGr
+2U49ZEHQg6DAIj4j1p9NAGgqjKr9am6yk2pvpK3ZWmHQ6CZfCiBrEPCvdmEhrx4U
+lj6wyd00YJknpDkAEQEAAbQVRmx1eCA8c29wc0BmbHV4Y2QuaW8+iQHOBBMBCAA4
+FiEEtZ2vRp6MlIE4kBpklzIHXqIhp+oFAmJGqrsCGwMFCwkIBwIGFQoJCAsCBBYC
+AwECHgECF4AACgkQlzIHXqIhp+qaagwAmpAZLDnyPcZHFdieKCpBJQz8zzFZVnrr
+pXoB20vEerKxCQ8XUeI1KRVSJQ6fPMcDLq6QGZMCXcc1i1o/DRrluWdLN1rjNYde
+wWBP2ShnOKQX+/wNjsw4UvCK6jbhO5DX7qT4KK1cG7jbOQvIaMOjD+8qq8VTpFkX
+M9ZcdvRSSHrPiOOj/h/+awL/uH4hli4998B4R6cU6OCVlYmMpfEt2ijdMq6Tas1P
+2/3EKBMnbDZLPHLhwYeEDIx/tbId7NHq8tmeVTwQXHMRnveEqb24dX5IXtiyGSnX
+64eO1lTyVclGlCQvycwnCDQjaRo6TsQCDPDcX1CBdpPkpYERDU0M7VwJx2Fh3E0j
+/KI2zfLzg5GuizIBLTqNFgfx+/zbwQ7nNPYsz9R8HTTNnU5D7qZW5hHYPTZBYKfh
+/EIAMRxllTdtoM2GsSVTvTxa6Rdg/N2XIeMwGLf8GBFgv0ivQHHW3r1XXrRTwgle
+XUiQlqvnvZZZyWsUeGw2039xEFu2rpYNuQGNBGJGqrsBDADEFbJxDngVdYl+oQoj
+FsII58kvoICGTdhdeTYDO+lTC2DMjre2N55AQBQmYBAPSMpqwlIj0pPmMw7Xm1oK
+a6gIDYKqL0pdnNcbmnI7h4KRuw0IldtLG++dgTDAwxFGNOWMkGuTZglKiSAdhdJs
+bSKm1KT4HRy0onYEV/+VY7oCkpZA/ialESKVupZgGieUYG1m1z7rsvMhbB7Xe+Y6
+eX0BQ0jMUht9GQUAJMvuL8PM08Wzi3V0txa2a+mLy35gDGn6BmmSgChDsQGQqded
+icVJusr4FxiJYAwzyx8rebaVsIvfL8Ot9zVRNzJCsInNB7khxD13psGSYt8+Mmgb
+KH7+xwqPSrRseCPrf3KhJPKq4t3T6rBJIlinzdxXcyp3YHfPeBrRZTttsvf/KXI6
+XhtxK06uK05qN5ZC58WxsYBDQ6DxHCfEP8bvmQHY6rOZEZ4r0Oe0JNCgkVPB68wQ
+wVrNd0mnPKm4Efh78qtvVECTkKNKYSlTn2+qKspvWbAfKu8AEQEAAYkBtgQYAQgA
+IBYhBLWdr0aejJSBOJAaZJcyB16iIafqBQJiRqq7AhsMAAoJEJcyB16iIafqNJUM
+AJiRlauFf9MzpsFUIa+HOXcSbAeoy4xP9DE3lJzlBVrBEPfr4v/K4VjMr4wr2z2n
+ln/1WZOw78pDFxo+K5i5vm+wnfwDGxpKI8RUK1djVAfRHcBgyHu0IZb6qHJ/whnL
+KeSI4hmajw92tLBGcEJYY+8diokSvtzkskPRFhkXBH66M+GvmZq8RFXOIXYR9Siv
+feVrm+lrH4IP5ct4xBpaisZ6AU3rASmgahDWs/XTG0z63FTv/DR+RgdoTO9B+dE3
+hBU2D8SBDHtT4fKSUAzfq0ZiCPYJEXmqb4paG/6KnKZ+YCeCuM0ypwzXm5eLUwXd
+QYUbtCRspQGql4r1R8biWdkodxLCF99yAvpyXPWYZ+uIIQm/D0J++UubtEMzab8x
+HEWvbI1CCkgkWheANUK2EEK4fV0gy+GAJgB+sghjNMrZkosmVO/c7xIJN/VmGOu7
+Z/fPzlgCo5eZBQZgqtBkvZP00TaZCdcvSf6yBL5fBPaH590IEkcliZujFenELTbE
+dg==
+=05GI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/pkg/controllers/internal/sops/keyservice/utils_test.go b/pkg/controllers/internal/sops/keyservice/utils_test.go
new file mode 100644
index 000000000..097dc5fbd
--- /dev/null
+++ b/pkg/controllers/internal/sops/keyservice/utils_test.go
@@ -0,0 +1,105 @@
+// Copyright (C) 2022 The Flux authors
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package keyservice
+
+import (
+	"context"
+	"fmt"
+	"go.mozilla.org/sops/v3/kms"
+
+	"go.mozilla.org/sops/v3/keys"
+	"go.mozilla.org/sops/v3/keyservice"
+
+	"go.mozilla.org/sops/v3/age"
+	"go.mozilla.org/sops/v3/azkv"
+	"go.mozilla.org/sops/v3/gcpkms"
+	"go.mozilla.org/sops/v3/hcvault"
+	"go.mozilla.org/sops/v3/pgp"
+)
+
+// KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can
+// be serialized with Protocol Buffers.
+func KeyFromMasterKey(k keys.MasterKey) keyservice.Key {
+	switch mk := k.(type) {
+	case *pgp.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_PgpKey{
+				PgpKey: &keyservice.PgpKey{
+					Fingerprint: mk.Fingerprint,
+				},
+			},
+		}
+	case *hcvault.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_VaultKey{
+				VaultKey: &keyservice.VaultKey{
+					VaultAddress: mk.VaultAddress,
+					EnginePath:   mk.EnginePath,
+					KeyName:      mk.KeyName,
+				},
+			},
+		}
+	case *kms.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_KmsKey{
+				KmsKey: &keyservice.KmsKey{
+					Arn: mk.Arn,
+				},
+			},
+		}
+	case *azkv.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_AzureKeyvaultKey{
+				AzureKeyvaultKey: &keyservice.AzureKeyVaultKey{
+					VaultUrl: mk.VaultURL,
+					Name:     mk.Name,
+					Version:  mk.Version,
+				},
+			},
+		}
+	case *age.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_AgeKey{
+				AgeKey: &keyservice.AgeKey{
+					Recipient: mk.Recipient,
+				},
+			},
+		}
+	case *gcpkms.MasterKey:
+		return keyservice.Key{
+			KeyType: &keyservice.Key_GcpKmsKey{
+				GcpKmsKey: &keyservice.GcpKmsKey{
+					ResourceId: mk.ResourceID,
+				},
+			},
+		}
+	default:
+		panic(fmt.Sprintf("tried to convert unknown MasterKey type %T to keyservice.Key", mk))
+	}
+}
+
+type MockKeyServer struct {
+	encryptReqs []*keyservice.EncryptRequest
+	decryptReqs []*keyservice.DecryptRequest
+}
+
+func NewMockKeyServer() *MockKeyServer {
+	return &MockKeyServer{
+		encryptReqs: make([]*keyservice.EncryptRequest, 0),
+		decryptReqs: make([]*keyservice.DecryptRequest, 0),
+	}
+}
+
+func (ks *MockKeyServer) Encrypt(_ context.Context, req *keyservice.EncryptRequest) (*keyservice.EncryptResponse, error) {
+	ks.encryptReqs = append(ks.encryptReqs, req)
+	return nil, fmt.Errorf("not actually implemented")
+}
+
+func (ks *MockKeyServer) Decrypt(_ context.Context, req *keyservice.DecryptRequest) (*keyservice.DecryptResponse, error) {
+	ks.decryptReqs = append(ks.decryptReqs, req)
+	return nil, fmt.Errorf("not actually implemented")
+}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
new file mode 100644
index 000000000..41396bd18
--- /dev/null
+++ b/pkg/controllers/kluctl_project.go
@@ -0,0 +1,820 @@
+package controllers
+
+import (
+	"context"
+	"fmt"
+	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
+	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/prometheus/client_golang/prometheus"
+	"helm.sh/helm/v3/pkg/repo"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	securejoin "github.com/cyphar/filepath-securejoin"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+type preparedProject struct {
+	r   *KluctlDeploymentReconciler
+	obj *kluctlv1.KluctlDeployment
+
+	startTime time.Time
+
+	rp *repocache.GitRepoCache
+
+	tmpDir     string
+	repoDir    string
+	projectDir string
+}
+
+type preparedTarget struct {
+	pp *preparedProject
+}
+
+func prepareProject(ctx context.Context,
+	r *KluctlDeploymentReconciler,
+	obj *kluctlv1.KluctlDeployment,
+	doCloneSource bool) (*preparedProject, error) {
+
+	pp := &preparedProject{
+		r:         r,
+		obj:       obj,
+		startTime: time.Now(),
+	}
+
+	// create tmp dir
+	tmpDir, err := os.MkdirTemp("", obj.GetName()+"-")
+	if err != nil {
+		return pp, fmt.Errorf("failed to create temp dir for kluctl project: %w", err)
+	}
+	cleanup := true
+	defer func() {
+		if !cleanup {
+			return
+		}
+		pp.cleanup()
+	}()
+
+	pp.tmpDir = tmpDir
+
+	gitSecret, err := r.getGitSecret(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
+	if err != nil {
+		return nil, err
+	}
+
+	pp.rp, err = r.buildRepoCache(ctx, gitSecret)
+	if err != nil {
+		return nil, err
+	}
+
+	if doCloneSource {
+		rpEntry, err := pp.rp.GetEntry(pp.obj.Spec.Source.URL)
+		if err != nil {
+			return nil, fmt.Errorf("failed clone source: %w", err)
+		}
+
+		clonedDir, _, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref.String())
+		if err != nil {
+			return nil, err
+		}
+
+		pp.repoDir = clonedDir
+
+		// check kluctl project path exists
+		pp.projectDir, err = securejoin.SecureJoin(pp.repoDir, pp.obj.Spec.Source.Path)
+		if err != nil {
+			return pp, err
+		}
+		if _, err := os.Stat(pp.projectDir); err != nil {
+			return pp, fmt.Errorf("kluctlDeployment path not found: %w", err)
+		}
+	}
+
+	cleanup = false
+	return pp, nil
+}
+
+func (pp *preparedProject) cleanup() {
+	_ = os.RemoveAll(pp.tmpDir)
+	if pp.rp != nil {
+		pp.rp.Clear()
+		pp.rp = nil
+	}
+}
+
+func (pp *preparedProject) newTarget() (*preparedTarget, error) {
+	pt := preparedTarget{
+		pp: pp,
+	}
+
+	return &pt, nil
+}
+
+func (pt *preparedTarget) restConfigToKubeconfig(restConfig *rest.Config) *api.Config {
+	kubeConfig := api.NewConfig()
+	cluster := api.NewCluster()
+	cluster.Server = restConfig.Host
+	cluster.CertificateAuthority = restConfig.TLSClientConfig.CAFile
+	cluster.CertificateAuthorityData = restConfig.TLSClientConfig.CAData
+	cluster.InsecureSkipTLSVerify = restConfig.TLSClientConfig.Insecure
+	kubeConfig.Clusters["default"] = cluster
+
+	user := api.NewAuthInfo()
+	user.ClientKey = restConfig.KeyFile
+	user.ClientKeyData = restConfig.KeyData
+	user.ClientCertificate = restConfig.CertFile
+	user.ClientCertificateData = restConfig.CertData
+	user.TokenFile = restConfig.BearerTokenFile
+	user.Token = restConfig.BearerToken
+	user.Impersonate = restConfig.Impersonate.UserName
+	user.ImpersonateUID = restConfig.Impersonate.UID
+	user.ImpersonateUserExtra = restConfig.Impersonate.Extra
+	user.ImpersonateGroups = restConfig.Impersonate.Groups
+	user.Username = restConfig.Username
+	user.Password = restConfig.Password
+	user.AuthProvider = restConfig.AuthProvider
+	user.Exec = restConfig.ExecProvider
+	kubeConfig.AuthInfos["default"] = user
+
+	kctx := api.NewContext()
+	kctx.Cluster = "default"
+	kctx.AuthInfo = "default"
+	kubeConfig.Contexts["default"] = kctx
+	kubeConfig.CurrentContext = "default"
+
+	return kubeConfig
+}
+
+func (pt *preparedTarget) getKubeconfigFromSecret(ctx context.Context) ([]byte, error) {
+	secretName := types.NamespacedName{
+		Namespace: pt.pp.obj.GetNamespace(),
+		Name:      pt.pp.obj.Spec.KubeConfig.SecretRef.Name,
+	}
+
+	var secret corev1.Secret
+	if err := pt.pp.r.Get(ctx, secretName, &secret); err != nil {
+		return nil, fmt.Errorf("unable to read KubeConfig secret '%s' error: %w", secretName.String(), err)
+	}
+
+	var kubeConfig []byte
+	switch {
+	case pt.pp.obj.Spec.KubeConfig.SecretRef.Key != "":
+		key := pt.pp.obj.Spec.KubeConfig.SecretRef.Key
+		kubeConfig = secret.Data[key]
+		if kubeConfig == nil {
+			return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a '%s' key with a kubeconfig", secretName, key)
+		}
+	case secret.Data["value"] != nil:
+		kubeConfig = secret.Data["value"]
+	case secret.Data["value.yaml"] != nil:
+		kubeConfig = secret.Data["value.yaml"]
+	default:
+		// User did not specify a key, and the 'value' key was not defined.
+		return nil, fmt.Errorf("KubeConfig secret '%s' does not contain a 'value' key with a kubeconfig", secretName)
+	}
+
+	return kubeConfig, nil
+}
+
+func (pt *preparedTarget) setImpersonationConfig(restConfig *rest.Config) {
+	name := pt.pp.r.DefaultServiceAccount
+	if sa := pt.pp.obj.Spec.ServiceAccountName; sa != "" {
+		name = sa
+	}
+	if name != "" {
+		username := fmt.Sprintf("system:serviceaccount:%s:%s", pt.pp.obj.GetNamespace(), name)
+		restConfig.Impersonate = rest.ImpersonationConfig{UserName: username}
+	}
+}
+
+func (pt *preparedTarget) buildRestConfig(ctx context.Context) (*rest.Config, error) {
+	var restConfig *rest.Config
+
+	if pt.pp.obj.Spec.KubeConfig != nil {
+		kubeConfig, err := pt.getKubeconfigFromSecret(ctx)
+		if err != nil {
+			return nil, err
+		}
+		restConfig, err = clientcmd.RESTConfigFromKubeConfig(kubeConfig)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		restConfig = rest.CopyConfig(pt.pp.r.RestConfig)
+	}
+
+	pt.setImpersonationConfig(restConfig)
+
+	return restConfig, nil
+}
+
+func (pt *preparedTarget) buildKubeconfig(ctx context.Context) (*api.Config, error) {
+	restConfig, err := pt.buildRestConfig(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	kubeConfig := pt.restConfigToKubeconfig(restConfig)
+	return kubeConfig, nil
+}
+
+/*
+func (pt *preparedTarget) getRegistrySecrets(ctx context.Context) ([]*corev1.Secret, error) {
+	var ret []*corev1.Secret
+	for _, ref := range pt.pp.obj.Spec.RegistrySecrets {
+		name := types.NamespacedName{
+			Namespace: pt.pp.obj.GetNamespace(),
+			Name:      ref.Name,
+		}
+		var secret corev1.Secret
+		if err := pt.pp.r.Get(ctx, name, &secret); err != nil {
+			return nil, fmt.Errorf("failed to get secret '%s': %w", name.String(), err)
+		}
+		ret = append(ret, &secret)
+	}
+	return ret, nil
+}
+
+func (pt *preparedTarget) buildRegistryHelper(ctx context.Context) (*registries.RegistryHelper, error) {
+	secrets, err := pt.getRegistrySecrets(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	rh := registries.NewRegistryHelper(ctx)
+	err = rh.ParseAuthEntriesFromEnv()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, s := range secrets {
+		caFile := s.Data["caFile"]
+		insecure := false
+		if x, ok := s.Data["insecure"]; ok {
+			insecure, err = strconv.ParseBool(string(x))
+			if err != nil {
+				return nil, fmt.Errorf("failed parsing insecure flag from secret %s: %w", s.Name, err)
+			}
+		}
+
+		if dockerConfig, ok := s.Data[".dockerconfigjson"]; ok {
+			maxFields := 1
+			if _, ok := s.Data["caFile"]; ok {
+				maxFields++
+			}
+			if _, ok := s.Data["insecure"]; ok {
+				maxFields++
+			}
+			if len(s.Data) != maxFields {
+				return nil, fmt.Errorf("when using .dockerconfigjson in registry secret, only caFile and insecure fields are allowed additionally")
+			}
+
+			c := configfile.New(".dockerconfigjson")
+			err = c.LoadFromReader(bytes.NewReader(dockerConfig))
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse .dockerconfigjson from secret %s: %w", s.Name, err)
+			}
+			for registry, ac := range c.GetAuthConfigs() {
+				var e registries.AuthEntry
+				e.Registry = registry
+				e.Username = ac.Username
+				e.Password = ac.Password
+				e.Auth = ac.Auth
+				e.CABundle = caFile
+				e.Insecure = insecure
+
+				rh.AddAuthEntry(e)
+			}
+		} else {
+			var e registries.AuthEntry
+			e.Registry = string(s.Data["registry"])
+			e.Username = string(s.Data["username"])
+			e.Password = string(s.Data["password"])
+			e.Auth = string(s.Data["auth"])
+			e.CABundle = caFile
+			e.Insecure = insecure
+
+			if e.Registry == "" || (e.Username == "" && e.Auth == "") {
+				return nil, fmt.Errorf("registry secret is incomplete")
+			}
+			rh.AddAuthEntry(e)
+		}
+	}
+	return rh, nil
+}
+*/
+
+func (pt *preparedTarget) buildImages(ctx context.Context) (*deployment.Images, error) {
+	/*rh, err := pt.buildRegistryHelper(ctx)
+	if err != nil {
+		return nil, err
+	}
+	offline := !pt.pp.obj.Spec.UpdateImages
+	images, err := deployment.NewImages(rh, pt.pp.obj.Spec.UpdateImages, offline)*/
+
+	images, err := deployment.NewImages()
+	if err != nil {
+		return nil, err
+	}
+	for _, fi := range pt.pp.obj.Spec.Images {
+		images.AddFixedImage(fi)
+	}
+	return images, nil
+}
+
+type helmCredentialsProvider []repo.Entry
+
+func (p helmCredentialsProvider) FindCredentials(repoUrl string, credentialsId *string) *repo.Entry {
+	if credentialsId != nil {
+		for _, e := range p {
+			if e.Name != "" && e.Name == *credentialsId {
+				return &e
+			}
+		}
+	}
+	if repoUrl == "" {
+		return nil
+	}
+	for _, e := range p {
+		if e.URL == repoUrl {
+			return &e
+		}
+	}
+	return nil
+}
+
+func (pt *preparedTarget) buildHelmCredentials(ctx context.Context) (helm.HelmCredentialsProvider, error) {
+	var creds []repo.Entry
+
+	tmpDirBase := filepath.Join(pt.pp.tmpDir, "helm-certs")
+	_ = os.MkdirAll(tmpDirBase, 0o700)
+
+	var writeTmpFilErr error
+	writeTmpFile := func(secretData map[string][]byte, name string) string {
+		b, ok := secretData["certFile"]
+		if ok {
+			tmpFile, err := os.CreateTemp(tmpDirBase, name+"-")
+			if err != nil {
+				writeTmpFilErr = err
+				return ""
+			}
+			defer tmpFile.Close()
+			_, err = tmpFile.Write(b)
+			if err != nil {
+				writeTmpFilErr = err
+			}
+			return tmpFile.Name()
+		}
+		return ""
+	}
+
+	for _, e := range pt.pp.obj.Spec.HelmCredentials {
+		var secret corev1.Secret
+		err := pt.pp.r.Client.Get(ctx, types.NamespacedName{
+			Namespace: pt.pp.obj.GetNamespace(),
+			Name:      e.SecretRef.Name,
+		}, &secret)
+		if err != nil {
+			return nil, err
+		}
+
+		var entry repo.Entry
+
+		credentialsId := string(secret.Data["credentialsId"])
+		url := string(secret.Data["url"])
+		if credentialsId == "" && url == "" {
+			return nil, fmt.Errorf("secret %s must at least contain 'credentialsId' or 'url'", e.SecretRef.Name)
+		}
+		entry.Name = credentialsId
+		entry.URL = url
+		entry.Username = string(secret.Data["username"])
+		entry.Password = string(secret.Data["password"])
+		entry.CertFile = writeTmpFile(secret.Data, "certFile")
+		entry.KeyFile = writeTmpFile(secret.Data, "keyFile")
+		entry.CAFile = writeTmpFile(secret.Data, "caFile")
+		if writeTmpFilErr != nil {
+			return nil, writeTmpFilErr
+		}
+
+		b, _ := secret.Data["insecureSkipTlsVerify"]
+		s := string(b)
+		if utils.ParseBoolOrFalse(&s) {
+			entry.InsecureSkipTLSverify = true
+		}
+		b, _ = secret.Data["passCredentialsAll"]
+		s = string(b)
+		if utils.ParseBoolOrFalse(&s) {
+			entry.PassCredentialsAll = true
+		}
+		creds = append(creds, entry)
+	}
+
+	return helmCredentialsProvider(creds), nil
+}
+
+func (pt *preparedTarget) buildInclusion() *utils.Inclusion {
+	inc := utils.NewInclusion()
+	for _, x := range pt.pp.obj.Spec.IncludeTags {
+		inc.AddInclude("tag", x)
+	}
+	for _, x := range pt.pp.obj.Spec.ExcludeTags {
+		inc.AddExclude("tag", x)
+	}
+	for _, x := range pt.pp.obj.Spec.IncludeDeploymentDirs {
+		inc.AddInclude("deploymentItemDir", x)
+	}
+	for _, x := range pt.pp.obj.Spec.ExcludeDeploymentDirs {
+		inc.AddExclude("deploymentItemDir", x)
+	}
+	return inc
+}
+
+func (pt *preparedTarget) clientConfigGetter(ctx context.Context) func(context *string) (*rest.Config, *api.Config, error) {
+	return func(context *string) (*rest.Config, *api.Config, error) {
+		kubeConfig, err := pt.buildKubeconfig(ctx)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		configOverrides := &clientcmd.ConfigOverrides{}
+		if context != nil {
+			configOverrides.CurrentContext = *context
+		}
+		clientConfig := clientcmd.NewDefaultClientConfig(*kubeConfig, configOverrides)
+		rawConfig, err := clientConfig.RawConfig()
+		if err != nil {
+			return nil, nil, err
+		}
+		if context != nil {
+			rawConfig.CurrentContext = *context
+		}
+		restConfig, err := clientConfig.ClientConfig()
+		if err != nil {
+			return nil, nil, err
+		}
+		return restConfig, &rawConfig, nil
+	}
+}
+
+func (pp *preparedProject) buildSopsDecrypter(ctx context.Context) (*decryptor.Decryptor, error) {
+	if pp.obj.Spec.Decryption == nil {
+		return nil, nil
+	}
+	if pp.obj.Spec.Decryption.Provider != "sops" {
+		return nil, fmt.Errorf("not supported decryption provider %s", pp.obj.Spec.Decryption.Provider)
+	}
+
+	d := decryptor.NewDecryptor(filepath.Join(pp.tmpDir, "project"), decryptor.MaxEncryptedFileSize)
+
+	err := pp.addSecretBasedKeyServers(ctx, d)
+	if err != nil {
+		return nil, err
+	}
+	err = pp.addServiceAccountBasedKeyServers(ctx, d)
+	if err != nil {
+		return nil, err
+	}
+	return d, nil
+}
+
+func (pp *preparedProject) addSecretBasedKeyServers(ctx context.Context, d *decryptor.Decryptor) error {
+	if pp.obj.Spec.Decryption.SecretRef == nil {
+		return nil
+	}
+
+	secretName := types.NamespacedName{
+		Namespace: pp.obj.GetNamespace(),
+		Name:      pp.obj.Spec.Decryption.SecretRef.Name,
+	}
+
+	var secret corev1.Secret
+	if err := pp.r.Get(ctx, secretName, &secret); err != nil {
+		if apierrors.IsNotFound(err) {
+			return err
+		}
+		return fmt.Errorf("cannot get decryption Secret '%s': %w", secretName, err)
+	}
+
+	gnuPGHome := filepath.Join(pp.tmpDir, "sops-gnupghome")
+	err := os.MkdirAll(gnuPGHome, 0o700)
+	if err != nil {
+		return err
+	}
+
+	ks, err := sops.BuildSopsKeyServerFromSecret(&secret, gnuPGHome)
+	if err != nil {
+		return err
+	}
+	if ks != nil {
+		d.AddKeyServiceClient(ks)
+	}
+	return nil
+}
+
+func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context, d *decryptor.Decryptor) error {
+	name := pp.r.DefaultServiceAccount
+	if pp.obj.Spec.Decryption != nil && pp.obj.Spec.Decryption.ServiceAccount != "" {
+		name = pp.obj.Spec.Decryption.ServiceAccount
+	} else if sa := pp.obj.Spec.ServiceAccountName; sa != "" {
+		name = sa
+	}
+	if name == "" {
+		return nil
+	}
+	sa, err := pp.r.ClientSet.CoreV1().ServiceAccounts(pp.obj.Namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to retrieve service account %s: %w", name, err)
+	}
+
+	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, sa)
+	if err != nil {
+		return err
+	}
+	if ks != nil {
+		d.AddKeyServiceClient(ks)
+	}
+	return nil
+}
+
+func (pp *preparedProject) withKluctlProject(ctx context.Context, pt *preparedTarget, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
+	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
+	if err != nil {
+		return err
+	}
+	defer j2.Close()
+
+	var sopsDecrypter *decryptor.Decryptor
+	if pp.obj.Spec.Decryption != nil {
+		sopsDecrypter, err = pp.buildSopsDecrypter(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	externalArgs, err := uo.FromString(string(pt.pp.obj.Spec.Args.Raw))
+	if err != nil {
+		return err
+	}
+
+	loadArgs := kluctl_project.LoadKluctlProjectArgs{
+		RepoRoot:      pp.repoDir,
+		ExternalArgs:  externalArgs,
+		ProjectDir:    pp.projectDir,
+		RP:            pp.rp,
+		SopsDecrypter: sopsDecrypter,
+	}
+	if pt != nil {
+		loadArgs.ClientConfigGetter = pt.clientConfigGetter(ctx)
+	}
+
+	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, filepath.Join(pp.tmpDir, "project"), j2)
+	if err != nil {
+		return err
+	}
+
+	return cb(p)
+}
+
+func (pt *preparedTarget) withKluctlProjectTarget(ctx context.Context, cb func(targetContext *kluctl_project.TargetContext) error) error {
+	return pt.pp.withKluctlProject(ctx, pt, func(p *kluctl_project.LoadedKluctlProject) error {
+		renderOutputDir, err := os.MkdirTemp(pt.pp.tmpDir, "render-")
+		if err != nil {
+			return err
+		}
+		images, err := pt.buildImages(ctx)
+		if err != nil {
+			return err
+		}
+		helmCredentials, err := pt.buildHelmCredentials(ctx)
+		if err != nil {
+			return err
+		}
+		inclusion := pt.buildInclusion()
+
+		props := kluctl_project.TargetContextParams{
+			DryRun:          pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
+			Images:          images,
+			Inclusion:       inclusion,
+			HelmCredentials: helmCredentials,
+			RenderOutputDir: renderOutputDir,
+		}
+		if pt.pp.obj.Spec.Target != nil {
+			props.TargetName = *pt.pp.obj.Spec.Target
+		}
+		if pt.pp.obj.Spec.TargetNameOverride != nil {
+			props.TargetNameOverride = *pt.pp.obj.Spec.TargetNameOverride
+		}
+		if pt.pp.obj.Spec.Context != nil {
+			props.ContextOverride = *pt.pp.obj.Spec.Context
+		}
+		targetContext, err := p.NewTargetContext(ctx, props)
+		if err != nil {
+			return err
+		}
+		err = targetContext.DeploymentCollection.Prepare()
+		if err != nil {
+			return err
+		}
+		return cb(targetContext)
+	})
+}
+
+func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string) error {
+	log := ctrl.LoggerFrom(ctx)
+
+	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
+	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
+	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
+	cmdResult.ProjectKey.NormalizedGitUrl = pt.pp.obj.Spec.Source.URL.NormalizedRepoKey()
+
+	summary := cmdResult.BuildSummary()
+
+	log.Info(fmt.Sprintf("command finished with err=%v", cmdErr))
+	defer pt.exportCommandResultMetricsToProm(summary)
+	if cmdErr != nil {
+		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
+		return cmdErr
+	}
+
+	msg := fmt.Sprintf("%s succeeded.", commandName)
+	if summary.NewObjects != 0 {
+		msg += fmt.Sprintf(" %d new objects.", summary.NewObjects)
+	}
+	if summary.ChangedObjects != 0 {
+		msg += fmt.Sprintf(" %d changed objects.", summary.ChangedObjects)
+	}
+	if summary.AppliedHookObjects != 0 {
+		msg += fmt.Sprintf(" %d hooks run.", summary.AppliedHookObjects)
+	}
+	if summary.DeletedObjects != 0 {
+		msg += fmt.Sprintf(" %d deleted objects.", summary.DeletedObjects)
+	}
+	if summary.OrphanObjects != 0 {
+		msg += fmt.Sprintf(" %d orphan objects.", summary.OrphanObjects)
+	}
+	if len(cmdResult.Errors) != 0 {
+		msg += fmt.Sprintf(" %d errors.", len(cmdResult.Errors))
+	}
+	if len(cmdResult.Warnings) != 0 {
+		msg += fmt.Sprintf(" %d warnings.", len(cmdResult.Warnings))
+	}
+
+	warning := false
+	var err error
+	if len(cmdResult.Errors) != 0 {
+		warning = true
+		err = fmt.Errorf("%s failed with %d errors", commandName, len(cmdResult.Errors))
+	}
+	pt.pp.r.event(ctx, pt.pp.obj, warning, msg, nil)
+
+	return err
+}
+
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
+	defer timer.ObserveDuration()
+	cmd := commands.NewDeployCommand(targetContext)
+	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
+	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
+	cmd.ForceReplaceOnError = pt.pp.obj.Spec.ForceReplaceOnError
+	cmd.AbortOnError = pt.pp.obj.Spec.AbortOnError
+	cmd.ReadinessTimeout = time.Minute * 10
+	cmd.NoWait = pt.pp.obj.Spec.NoWait
+
+	cmdResult, err := cmd.Run(nil)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy")
+	return cmdResult, err
+}
+
+func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
+	defer timer.ObserveDuration()
+	cmd := commands.NewPokeImagesCommand(targetContext)
+
+	cmdResult, err := cmd.Run()
+	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images")
+	return cmdResult, err
+}
+
+func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+	if !pt.pp.obj.Spec.Prune {
+		return nil, nil
+	}
+
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlPruneDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
+	defer timer.ObserveDuration()
+
+	cmd := commands.NewPruneCommand("", targetContext)
+	cmdResult, err := cmd.Run(func(refs []k8s.ObjectRef) error {
+		pt.printDeletedRefs(ctx, refs)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = pt.handleCommandResult(ctx, err, cmdResult, "prune")
+	return cmdResult, err
+}
+
+func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) (*result.ValidateResult, error) {
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
+	defer timer.ObserveDuration()
+
+	c := targetContext.DeploymentCollection
+	if cmdResult != nil {
+		c = nil
+	}
+	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, c, cmdResult)
+
+	validateResult, err := cmd.Run(ctx, targetContext.SharedContext.K)
+	return validateResult, err
+}
+
+func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string) (*result.CommandResult, error) {
+	if !pt.pp.obj.Spec.Delete {
+		return nil, nil
+	}
+
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeleteDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
+	defer timer.ObserveDuration()
+
+	inclusion := pt.buildInclusion()
+
+	cmd := commands.NewDeleteCommand(discriminator, nil, inclusion)
+
+	restConfig, err := pt.buildRestConfig(ctx)
+	if err != nil {
+		return nil, err
+	}
+	clientFactory, err := k8s2.NewClientFactory(ctx, restConfig)
+	if err != nil {
+		return nil, err
+	}
+	k, err := k8s2.NewK8sCluster(ctx, clientFactory, pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun)
+	if err != nil {
+		return nil, err
+	}
+
+	cmdResult, err := cmd.Run(ctx, k, func(refs []k8s.ObjectRef) error {
+		pt.printDeletedRefs(ctx, refs)
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if pt.pp.obj.Spec.Target != nil {
+		cmdResult.TargetKey.TargetName = *pt.pp.obj.Spec.Target
+	}
+	if pt.pp.obj.Spec.TargetNameOverride != nil {
+		cmdResult.TargetKey.TargetName = *pt.pp.obj.Spec.TargetNameOverride
+	}
+
+	cmdResult.TargetKey.Discriminator = discriminator
+	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
+
+	err = pt.handleCommandResult(ctx, err, cmdResult, "delete")
+	return cmdResult, err
+}
+
+func (pt *preparedTarget) printDeletedRefs(ctx context.Context, refs []k8s.ObjectRef) {
+	log := ctrl.LoggerFrom(ctx)
+
+	var refStrs []string
+	for _, ref := range refs {
+		refStrs = append(refStrs, ref.String())
+	}
+	if len(refStrs) != 0 {
+		log.Info(fmt.Sprintf("deleting (without waiting): %s", strings.Join(refStrs, ", ")))
+	}
+}
+
+func (pt *preparedTarget) exportCommandResultMetricsToProm(summary *result.CommandResultSummary) {
+	internal_metrics.NewKluctlNumberOfDeletedObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.DeletedObjects))
+	internal_metrics.NewKluctlNumberOfChangedObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.ChangedObjects))
+	internal_metrics.NewKluctlNumberOfOrphanObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.OrphanObjects))
+	internal_metrics.NewKluctlNumberOfWarnings(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(summary.Warnings))
+	internal_metrics.NewKluctlNumberOfErrors(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(summary.Errors))
+}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
new file mode 100644
index 000000000..69670165a
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -0,0 +1,506 @@
+package controllers
+
+import (
+	"context"
+	"fmt"
+	"github.com/hashicorp/go-retryablehttp"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	kuberecorder "k8s.io/client-go/tools/record"
+	"k8s.io/client-go/tools/reference"
+	"path"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"time"
+)
+
+type KluctlDeploymentReconciler struct {
+	client.Client
+	RestConfig            *rest.Config
+	ClientSet             *kubernetes.Clientset
+	httpClient            *retryablehttp.Client
+	requeueDependency     time.Duration
+	Scheme                *runtime.Scheme
+	EventRecorder         kuberecorder.EventRecorder
+	MetricsRecorder       *metrics.Recorder
+	ControllerName        string
+	DefaultServiceAccount string
+	DryRun                bool
+
+	SshPool *ssh_pool.SshPool
+}
+
+// KluctlDeploymentReconcilerOpts contains options for the BaseReconciler.
+type KluctlDeploymentReconcilerOpts struct {
+	HTTPRetry int
+}
+
+// +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/finalizers,verbs=get;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=configmaps;secrets;serviceaccounts,verbs=get;list;watch
+// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+
+func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	log := ctrl.LoggerFrom(ctx)
+	reconcileStart := time.Now()
+
+	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(message string) {
+		log.Info(message)
+	}, false, false))
+
+	obj := &kluctlv1.KluctlDeployment{}
+	if err := r.Get(ctx, req.NamespacedName, obj); err != nil {
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithTimeout(ctx, r.calcTimeout(obj))
+	defer cancel()
+
+	retryInterval := obj.Spec.GetRetryInterval()
+	interval := obj.Spec.Interval.Duration
+
+	// Record suspended status metric
+	defer r.recordSuspension(ctx, obj)
+
+	// Add our finalizer if it does not exist
+	if !controllerutil.ContainsFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer) {
+		patch := client.MergeFrom(obj.DeepCopy())
+		controllerutil.AddFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
+		if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+			log.Error(err, "unable to register finalizer")
+			return ctrl.Result{}, err
+		}
+	}
+
+	// Examine if the object is under deletion
+	if !obj.GetDeletionTimestamp().IsZero() {
+		return r.finalize(ctx, obj)
+	}
+
+	// Return early if the KluctlDeployment is suspended.
+	if obj.Spec.Suspend {
+		log.Info("Reconciliation is suspended for this object")
+		return ctrl.Result{}, nil
+	}
+
+	// record reconciliation duration
+	if r.MetricsRecorder != nil {
+		objRef, err := reference.GetReference(r.Scheme, obj)
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+		defer r.MetricsRecorder.RecordDuration(*objRef, reconcileStart)
+	}
+
+	// set the reconciliation status to progressing
+	if obj.Status.ObservedGeneration == 0 {
+		patch := client.MergeFrom(obj.DeepCopy())
+		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
+		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+			return ctrl.Result{Requeue: true}, err
+		}
+
+		r.recordReadiness(ctx, obj)
+	}
+
+	// record the value of the reconciliation request, if any
+	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
+		obj.Status.LastHandledReconcileAt = v
+	}
+
+	// reconcile kluctlDeployment by applying the latest revision
+	patch := client.MergeFrom(obj.DeepCopy())
+	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
+	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+		return ctrl.Result{Requeue: true}, err
+	}
+
+	r.recordReadiness(ctx, obj)
+
+	if ctrlResult == nil {
+		if reconcileErr != nil {
+			ctrlResult = &ctrl.Result{RequeueAfter: retryInterval}
+		} else {
+			ctrlResult = &ctrl.Result{RequeueAfter: interval}
+		}
+	}
+
+	// broadcast the reconciliation failure and requeue at the specified retry interval
+	if reconcileErr != nil {
+		log.Info(fmt.Sprintf("Reconciliation failed after %s, next try in %s: %s",
+			time.Since(reconcileStart).String(),
+			ctrlResult.RequeueAfter.String(), reconcileErr.Error(),
+		))
+		r.event(ctx, obj, true,
+			reconcileErr.Error(), nil)
+		return *ctrlResult, nil
+	}
+
+	// broadcast the reconciliation result and requeue at the specified interval
+	msg := fmt.Sprintf("Reconciliation finished in %s, next run in %s",
+		time.Since(reconcileStart).String(),
+		ctrlResult.RequeueAfter.String())
+	log.Info(msg)
+	r.event(ctx, obj, true,
+		msg, map[string]string{kluctlv1.GroupVersion.Group + "/commit_status": "update"})
+	return *ctrlResult, nil
+}
+
+func (r *KluctlDeploymentReconciler) doReconcile(
+	ctx context.Context,
+	obj *kluctlv1.KluctlDeployment) (*ctrl.Result, error) {
+
+	r.exportDeploymentObjectToProm(obj)
+
+	pp, err := prepareProject(ctx, r, obj, true)
+	if err != nil {
+		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
+		return nil, err
+	}
+	defer pp.cleanup()
+
+	pt, err := pp.newTarget()
+	if err != nil {
+		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
+		return nil, err
+	}
+
+	err = pt.withKluctlProjectTarget(ctx, func(targetContext *kluctl_project.TargetContext) error {
+		obj.Status.ProjectKey = &result.ProjectKey{
+			NormalizedGitUrl: obj.Spec.Source.URL.NormalizedRepoKey(),
+			SubDir:           path.Clean(obj.Spec.Source.Path),
+		}
+		obj.Status.TargetKey = &result.TargetKey{
+			TargetName:    targetContext.Target.Name,
+			Discriminator: targetContext.Target.Discriminator,
+		}
+
+		if obj.Status.ProjectKey.SubDir == "." {
+			obj.Status.ProjectKey.SubDir = ""
+		}
+
+		objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
+		if err != nil {
+			return err
+		}
+
+		needDeploy := false
+		needPrune := false
+		needValidate := false
+
+		if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
+			// either never deployed or source code changed
+			needDeploy = true
+		} else if r.checkRequestedDeploy(obj) {
+			// explicitly requested a deploy
+			needDeploy = true
+		} else if obj.Status.ObservedGeneration != obj.GetGeneration() {
+			// spec has changed
+			needDeploy = true
+		} else {
+			// was deployed before, let's check if we need to do periodic deployments
+			nextDeployTime := r.nextDeployTime(obj)
+			if nextDeployTime != nil {
+				needDeploy = nextDeployTime.Before(time.Now())
+			}
+		}
+
+		if obj.Spec.Validate {
+			if obj.Status.LastValidateResult == nil || needDeploy {
+				// either never validated before or a deployment requested (which required re-validation)
+				needValidate = true
+			} else {
+				nextValidateTime := r.nextValidateTime(obj)
+				if nextValidateTime != nil {
+					needValidate = nextValidateTime.Before(time.Now())
+				}
+			}
+		} else {
+			obj.Status.LastValidateResult = nil
+		}
+
+		if obj.Spec.Prune {
+			needPrune = needDeploy
+		} else {
+			obj.Status.LastPruneResult = nil
+		}
+
+		obj.Status.LastObjectsHash = objectsHash
+
+		var deployResult *result.CommandResult
+		if needDeploy {
+			// deploy the kluctl project
+			if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
+				deployResult, err = pt.kluctlDeploy(ctx, targetContext)
+			} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
+				deployResult, err = pt.kluctlPokeImages(ctx, targetContext)
+			} else {
+				err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
+				setReadiness(obj, metav1.ConditionFalse, kluctlv1.DeployFailedReason, err.Error())
+				return nil
+			}
+			obj.Status.LastDeployResult = deployResult.BuildSummary()
+			if err != nil {
+				setReadiness(obj, metav1.ConditionFalse, kluctlv1.DeployFailedReason, err.Error())
+				return nil
+			}
+		}
+
+		if needPrune {
+			// run garbage collection for stale objects that do not have pruning disabled
+			pruneResult, err := pt.kluctlPrune(ctx, targetContext)
+			obj.Status.LastPruneResult = pruneResult.BuildSummary()
+			if err != nil {
+				setReadiness(obj, metav1.ConditionFalse, kluctlv1.PruneFailedReason, err.Error())
+				return nil
+			}
+		}
+
+		if needValidate {
+			validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
+			obj.Status.LastValidateResult = validateResult
+			if err != nil {
+				setReadiness(obj, metav1.ConditionFalse, kluctlv1.ValidateFailedReason, err.Error())
+				return nil
+			}
+		}
+		return nil
+	})
+	obj.Status.ObservedGeneration = obj.GetGeneration()
+	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
+		obj.Status.LastHandledDeployAt = v
+	}
+	if err != nil {
+		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
+		return nil, err
+	}
+
+	var ctrlResult ctrl.Result
+	ctrlResult.RequeueAfter = r.nextReconcileTime(obj).Sub(time.Now())
+	if ctrlResult.RequeueAfter < 0 {
+		ctrlResult.RequeueAfter = 0
+		ctrlResult.Requeue = true
+	}
+
+	finalStatus, reason := r.buildFinalStatus(obj)
+	if reason != kluctlv1.ReconciliationSucceededReason {
+		setReadiness(obj, metav1.ConditionFalse, reason, finalStatus)
+		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
+		return &ctrlResult, fmt.Errorf(finalStatus)
+	}
+	setReadiness(obj, metav1.ConditionTrue, reason, finalStatus)
+	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(1.0)
+	return &ctrlResult, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildFinalStatus(obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
+	deployOk := obj.Status.LastDeployResult != nil && obj.Status.LastDeployResult.Errors == 0
+	pruneOk := obj.Status.LastPruneResult != nil && obj.Status.LastPruneResult.Errors == 0
+	validateOk := obj.Status.LastValidateResult != nil && len(obj.Status.LastValidateResult.Errors) == 0 && obj.Status.LastValidateResult.Ready
+
+	if !obj.Spec.Prune {
+		pruneOk = true
+	}
+	if !obj.Spec.Validate {
+		validateOk = true
+	}
+
+	if obj.Status.LastDeployResult != nil {
+		finalStatus += "deploy: "
+		if deployOk {
+			finalStatus += "ok"
+		} else {
+			finalStatus += "failed"
+		}
+	}
+	if obj.Spec.Prune && obj.Status.LastPruneResult != nil {
+		if finalStatus != "" {
+			finalStatus += ", "
+		}
+		finalStatus += "prune: "
+		if pruneOk {
+			finalStatus += "ok"
+		} else {
+			finalStatus += "failed"
+		}
+	}
+	if obj.Spec.Validate && obj.Status.LastValidateResult != nil {
+		if finalStatus != "" {
+			finalStatus += ", "
+		}
+		finalStatus += "validate: "
+		if validateOk {
+			finalStatus += "ok"
+		} else {
+			finalStatus += "failed"
+		}
+	}
+
+	if deployOk && pruneOk {
+		if validateOk {
+			reason = kluctlv1.ReconciliationSucceededReason
+		} else {
+			reason = kluctlv1.ValidateFailedReason
+			return
+		}
+	} else {
+		reason = kluctlv1.DeployFailedReason
+		return
+	}
+	return
+}
+
+func (r *KluctlDeploymentReconciler) calcTimeout(obj *kluctlv1.KluctlDeployment) time.Duration {
+	var d time.Duration
+	if obj.Spec.Timeout != nil {
+		d = obj.Spec.Timeout.Duration
+	} else if obj.Spec.DeployInterval != nil {
+		d = obj.Spec.DeployInterval.Duration.Duration
+	} else {
+		d = obj.Spec.Interval.Duration
+	}
+	if d < time.Second*30 {
+		d = time.Second * 30
+	}
+	return d
+}
+
+func (r *KluctlDeploymentReconciler) nextReconcileTime(obj *kluctlv1.KluctlDeployment) time.Time {
+	t1 := time.Now().Add(obj.Spec.Interval.Duration)
+	t2 := r.nextDeployTime(obj)
+	t3 := r.nextValidateTime(obj)
+	if t2 != nil && t2.Before(t1) {
+		t1 = *t2
+	}
+	if obj.Spec.Validate && t3 != nil && t3.Before(t1) {
+		t1 = *t3
+	}
+	return t1
+}
+
+func (r *KluctlDeploymentReconciler) nextDeployTime(obj *kluctlv1.KluctlDeployment) *time.Time {
+	if obj.Status.LastDeployResult == nil {
+		// was never deployed before. Return early.
+		return nil
+	}
+	if obj.Spec.DeployInterval == nil {
+		// periodic deployments disabled
+		return nil
+	}
+
+	t := obj.Status.LastDeployResult.Command.EndTime.Add(obj.Spec.DeployInterval.Duration.Duration)
+	return &t
+}
+
+func (r *KluctlDeploymentReconciler) checkRequestedDeploy(obj *kluctlv1.KluctlDeployment) bool {
+	v, ok := obj.Annotations[kluctlv1.KluctlRequestDeployAnnotation]
+	if !ok {
+		return false
+	}
+	if v != obj.Status.LastHandledDeployAt {
+		return true
+	}
+	return false
+}
+
+func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeployment) *time.Time {
+	if obj.Status.LastValidateResult == nil {
+		// was never validated before. Return early.
+		return nil
+	}
+	d := obj.Spec.Interval.Duration
+	if obj.Spec.ValidateInterval != nil {
+		d = obj.Spec.ValidateInterval.Duration.Duration
+	}
+
+	t := obj.Status.LastValidateResult.EndTime.Add(d)
+	return &t
+}
+
+func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) (ctrl.Result, error) {
+	r.doFinalize(ctx, obj)
+
+	// Record deleted status
+	r.recordReadiness(ctx, obj)
+
+	// Remove our finalizer from the list and update it
+	patch := client.MergeFrom(obj.DeepCopy())
+	controllerutil.RemoveFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
+	if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+		return ctrl.Result{}, err
+	}
+
+	// Stop reconciliation as the object is being deleted
+	return ctrl.Result{}, nil
+}
+
+func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) {
+	log := ctrl.LoggerFrom(ctx)
+
+	if !obj.Spec.Delete || obj.Spec.Suspend {
+		return
+	}
+
+	if obj.Status.ProjectKey == nil || obj.Status.TargetKey == nil {
+		log.V(1).Info("No project/target key set, skipping deletion")
+		return
+	}
+
+	log.V(1).Info("Deleting target")
+
+	pp, err := prepareProject(ctx, r, obj, false)
+	if err != nil {
+		return
+	}
+	defer pp.cleanup()
+
+	pt, err := pp.newTarget()
+	if err != nil {
+		return
+	}
+
+	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator)
+}
+
+func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.KluctlDeployment) {
+	pruneEnabled := 0.0
+	deleteEnabled := 0.0
+	dryRunEnabled := 0.0
+	deploymentInterval := 0.0
+
+	if obj.Spec.Prune {
+		pruneEnabled = 1.0
+	}
+	if obj.Spec.Delete {
+		deleteEnabled = 1.0
+	}
+	if obj.Spec.DryRun {
+		dryRunEnabled = 1.0
+	}
+	//If not set, it defaults to interval
+	if obj.Spec.DeployInterval == nil {
+		deploymentInterval = obj.Spec.Interval.Seconds()
+	} else {
+		deploymentInterval = obj.Spec.DeployInterval.Duration.Seconds()
+	}
+
+	//Export as Prometheus metric
+	internal_metrics.NewKluctlPruneEnabled(obj.Namespace, obj.Name).Set(pruneEnabled)
+	internal_metrics.NewKluctlDeleteEnabled(obj.Namespace, obj.Name).Set(deleteEnabled)
+	internal_metrics.NewKluctlDryRunEnabled(obj.Namespace, obj.Name).Set(dryRunEnabled)
+	internal_metrics.NewKluctlDeploymentInterval(obj.Namespace, obj.Name).Set(deploymentInterval)
+	internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name, obj.Spec.Source.URL.String(), obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
+}
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
new file mode 100644
index 000000000..cb6af53f7
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -0,0 +1,28 @@
+package controllers
+
+import (
+	"github.com/hashicorp/go-retryablehttp"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"time"
+)
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *KluctlDeploymentReconciler) SetupWithManager(mgr ctrl.Manager, opts KluctlDeploymentReconcilerOpts) error {
+	// Configure the retryable http client used for fetching artifacts.
+	// By default it retries 10 times within a 3.5 minutes window.
+	httpClient := retryablehttp.NewClient()
+	httpClient.RetryWaitMin = 5 * time.Second
+	httpClient.RetryWaitMax = 30 * time.Second
+	httpClient.RetryMax = opts.HTTPRetry
+	httpClient.Logger = nil
+	r.httpClient = httpClient
+
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&kluctlv1.KluctlDeployment{}, builder.WithPredicates(
+			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}, DeployRequestedPredicate{}),
+		)).
+		Complete(r)
+}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
new file mode 100644
index 000000000..d206217b4
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -0,0 +1,109 @@
+package controllers
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"os"
+	"path/filepath"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+func (r *KluctlDeploymentReconciler) getGitSecret(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) (*corev1.Secret, error) {
+	if source == nil || source.SecretRef == nil {
+		return nil, nil
+	}
+
+	// Attempt to retrieve secret
+	name := types.NamespacedName{
+		Namespace: objNs,
+		Name:      source.SecretRef.Name,
+	}
+	var secret corev1.Secret
+	if err := r.Get(ctx, name, &secret); err != nil {
+		return nil, fmt.Errorf("failed to get secret '%s': %w", name.String(), err)
+	}
+	return &secret, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret *corev1.Secret) (*auth.GitAuthProviders, error) {
+	log := ctrl.LoggerFrom(ctx)
+	ga := auth.NewDefaultAuthProviders("KLUCTL_GIT", &messages.MessageCallbacks{
+		WarningFn: func(s string) {
+			log.Info(s)
+		},
+		TraceFn: func(s string) {
+			log.V(1).Info(s)
+		},
+	})
+
+	if gitSecret == nil {
+		return ga, nil
+	}
+
+	e := auth.AuthEntry{
+		Host:     "*",
+		Username: "*",
+	}
+
+	if x, ok := gitSecret.Data["username"]; ok {
+		e.Username = string(x)
+	}
+	if x, ok := gitSecret.Data["password"]; ok {
+		e.Password = string(x)
+	}
+	if x, ok := gitSecret.Data["caFile"]; ok {
+		e.CABundle = x
+	}
+	if x, ok := gitSecret.Data["known_hosts"]; ok {
+		e.KnownHosts = x
+	}
+	if x, ok := gitSecret.Data["identity"]; ok {
+		e.SshKey = x
+	}
+
+	var la auth.ListAuthProvider
+	la.AddEntry(e)
+	ga.RegisterAuthProvider(&la, false)
+	return ga, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildRepoCache(ctx context.Context, secret *corev1.Secret) (*repocache.GitRepoCache, error) {
+	// make sure we use a unique repo cache per set of credentials
+	h := sha256.New()
+	if secret == nil {
+		h.Write([]byte("no-secret"))
+	} else {
+		m := json.NewEncoder(h)
+		err := m.Encode(secret.Data)
+		if err != nil {
+			return nil, err
+		}
+	}
+	h2 := hex.EncodeToString(h.Sum(nil))
+
+	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-repo-cache", h2)
+	err := os.MkdirAll(tmpBaseDir, 0o700)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
+
+	ga, err := r.buildGitAuth(ctx, secret)
+	if err != nil {
+		return nil, err
+	}
+
+	rc := repocache.NewGitRepoCache(ctx, r.SshPool, ga, nil, 0)
+	return rc, nil
+}
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
new file mode 100644
index 000000000..7489c3b2d
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -0,0 +1,72 @@
+package controllers
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/reference"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+func (r *KluctlDeploymentReconciler) event(ctx context.Context, obj *kluctlv1.KluctlDeployment, warning bool, msg string, metadata map[string]string) {
+	if metadata == nil {
+		metadata = map[string]string{}
+	}
+
+	reason := "info"
+	if warning {
+		reason = "warning"
+	}
+	if c := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition); c != nil {
+		reason = c.Reason
+	}
+
+	eventtype := "Normal"
+	if warning {
+		eventtype = "Warning"
+	}
+
+	r.EventRecorder.AnnotatedEventf(obj, metadata, eventtype, reason, msg)
+}
+
+func (r *KluctlDeploymentReconciler) recordReadiness(ctx context.Context, obj *kluctlv1.KluctlDeployment) {
+	if r.MetricsRecorder == nil {
+		return
+	}
+	log := ctrl.LoggerFrom(ctx)
+
+	objRef, err := reference.GetReference(r.Scheme, obj)
+	if err != nil {
+		log.Error(err, "unable to record readiness metric")
+		return
+	}
+	if rc := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition); rc != nil {
+		r.MetricsRecorder.RecordCondition(*objRef, *rc, !obj.GetDeletionTimestamp().IsZero())
+	} else {
+		r.MetricsRecorder.RecordCondition(*objRef, metav1.Condition{
+			Type:   meta.ReadyCondition,
+			Status: metav1.ConditionUnknown,
+		}, !obj.GetDeletionTimestamp().IsZero())
+	}
+}
+
+func (r *KluctlDeploymentReconciler) recordSuspension(ctx context.Context, obj *kluctlv1.KluctlDeployment) {
+	if r.MetricsRecorder == nil {
+		return
+	}
+	log := ctrl.LoggerFrom(ctx)
+
+	objRef, err := reference.GetReference(r.Scheme, obj)
+	if err != nil {
+		log.Error(err, "unable to record suspended metric")
+		return
+	}
+
+	if !obj.GetDeletionTimestamp().IsZero() {
+		r.MetricsRecorder.RecordSuspend(*objRef, false)
+	} else {
+		r.MetricsRecorder.RecordSuspend(*objRef, obj.Spec.Suspend)
+	}
+}
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
new file mode 100644
index 000000000..1c6f52c30
--- /dev/null
+++ b/pkg/controllers/predicates.go
@@ -0,0 +1,66 @@
+/*
+Copyright 2020 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+)
+
+type ReconcileRequestedPredicate struct {
+	predicate.Funcs
+}
+
+// Update implements the default UpdateEvent filter for validating flux_utils.ReconcileRequestAnnotation changes.
+func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
+	if e.ObjectOld == nil || e.ObjectNew == nil {
+		return false
+	}
+
+	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
+		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; okOld {
+			return val != valOld
+		}
+		return true
+	}
+	return false
+}
+
+type DeployRequestedPredicate struct {
+	predicate.Funcs
+}
+
+func (DeployRequestedPredicate) Update(e event.UpdateEvent) bool {
+	if e.ObjectOld == nil || e.ObjectNew == nil {
+		return false
+	}
+
+	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
+		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; okOld {
+			return val != valOld
+		}
+		return true
+	}
+	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
+		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; okOld {
+			return val != valOld
+		}
+		return true
+	}
+	return false
+}
diff --git a/pkg/controllers/utils.go b/pkg/controllers/utils.go
new file mode 100644
index 000000000..7d4476e8d
--- /dev/null
+++ b/pkg/controllers/utils.go
@@ -0,0 +1,31 @@
+package controllers
+
+import (
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	meta "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func setReadiness(obj *kluctlv1.KluctlDeployment, status metav1.ConditionStatus, reason, message string) {
+	newCondition := metav1.Condition{
+		Type:    meta.ReadyCondition,
+		Status:  status,
+		Reason:  reason,
+		Message: trimString(message, kluctlv1.MaxConditionMessageLength),
+	}
+
+	c := obj.GetConditions()
+	apimeta.SetStatusCondition(&c, newCondition)
+	obj.SetConditions(c)
+
+	obj.Status.ObservedGeneration = obj.GetGeneration()
+}
+
+func trimString(str string, limit int) string {
+	if len(str) <= limit {
+		return str
+	}
+
+	return str[0:limit] + "..."
+}
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index ecd108d56..43c26f685 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -128,7 +128,7 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		normaliedUrl = originUrl.NormalizedRepoKey()
 	}
 
-	r.GitInfo = &result.GitInfo{
+	r.GitInfo = result.GitInfo{
 		Url:    originUrl,
 		Ref:    head.Name().String(),
 		SubDir: subDir,
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 53f31c0de..17faff1a6 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -1,12 +1,16 @@
 package deployment
 
 import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 	"sync"
 )
@@ -297,3 +301,40 @@ func (c *DeploymentCollection) FindRenderedImages() map[k8s2.ObjectRef][]string
 	}
 	return ret
 }
+
+func (c *DeploymentCollection) CalcObjectsHash() (string, error) {
+	cnt := 0
+	for _, di := range c.Deployments {
+		cnt += len(di.Objects)
+	}
+
+	hashes := make([][32]byte, cnt)
+	gh := utils.NewGoHelper(context.Background(), 8)
+	i := 0
+	for _, di := range c.Deployments {
+		for _, o := range di.Objects {
+			i2 := i
+			o := o
+			gh.RunE(func() error {
+				j, err := yaml.WriteJsonString(o)
+				if err != nil {
+					return err
+				}
+				hashes[i2] = sha256.Sum256([]byte(j))
+				return nil
+			})
+			i++
+		}
+	}
+	gh.Wait()
+	if gh.ErrorOrNil() != nil {
+		return "", gh.ErrorOrNil()
+	}
+
+	h := sha256.New()
+	for _, x := range hashes {
+		h.Write(x[:])
+	}
+
+	return hex.EncodeToString(h.Sum(nil)), nil
+}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 80d30e378..3f8a948ac 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -133,7 +133,7 @@ type CommandResult struct {
 	TargetKey   TargetKey                      `json:"targetKey"`
 	Target      types.Target                   `json:"target"`
 	Command     CommandInfo                    `json:"command,omitempty"`
-	GitInfo     *GitInfo                       `json:"gitInfo,omitempty"`
+	GitInfo     GitInfo                        `json:"gitInfo,omitempty"`
 	ClusterInfo ClusterInfo                    `json:"clusterInfo"`
 	Deployment  *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index dc05e095a..5cf639762 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -9,7 +9,7 @@ type CommandResultSummary struct {
 	Project     ProjectKey  `json:"project"`
 	Target      TargetKey   `json:"target"`
 	Command     CommandInfo `json:"commandInfo"`
-	GitInfo     *GitInfo    `json:"gitInfo,omitempty"`
+	GitInfo     GitInfo     `json:"gitInfo,omitempty"`
 	ClusterInfo ClusterInfo `json:"clusterInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
@@ -41,6 +41,10 @@ type ProjectSummary struct {
 }
 
 func (cr *CommandResult) BuildSummary() *CommandResultSummary {
+	if cr == nil {
+		return nil
+	}
+
 	count := func(f func(o ResultObject) bool) int {
 		cnt := 0
 		for _, o := range cr.Objects {

From 6c38f31d751882a0098989c23fec3be1089adf29 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:34:16 +0200
Subject: [PATCH 0985/2268] chore: Run make generate

---
 api/v1beta1/zz_generated.deepcopy.go          | 369 ++++++++
 .../gitops.kluctl.io_kluctldeployments.yaml   |   3 +-
 config/rbac/role.yaml                         |   1 -
 pkg/types/k8s/zz_generated.deepcopy.go        |  39 +
 pkg/types/result/zz_generated.deepcopy.go     | 512 +++++++++++
 pkg/types/zz_generated.deepcopy.go            | 863 ++++++++++++++++++
 6 files changed, 1784 insertions(+), 3 deletions(-)
 create mode 100644 api/v1beta1/zz_generated.deepcopy.go
 create mode 100644 pkg/types/k8s/zz_generated.deepcopy.go
 create mode 100644 pkg/types/result/zz_generated.deepcopy.go
 create mode 100644 pkg/types/zz_generated.deepcopy.go

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
new file mode 100644
index 000000000..79c1afc75
--- /dev/null
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -0,0 +1,369 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Decryption) DeepCopyInto(out *Decryption) {
+	*out = *in
+	if in.SecretRef != nil {
+		in, out := &in.SecretRef, &out.SecretRef
+		*out = new(LocalObjectReference)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Decryption.
+func (in *Decryption) DeepCopy() *Decryption {
+	if in == nil {
+		return nil
+	}
+	out := new(Decryption)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitRef) DeepCopyInto(out *GitRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRef.
+func (in *GitRef) DeepCopy() *GitRef {
+	if in == nil {
+		return nil
+	}
+	out := new(GitRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HelmCredentials) DeepCopyInto(out *HelmCredentials) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmCredentials.
+func (in *HelmCredentials) DeepCopy() *HelmCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(HelmCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlDeployment) DeepCopyInto(out *KluctlDeployment) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeployment.
+func (in *KluctlDeployment) DeepCopy() *KluctlDeployment {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlDeployment)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *KluctlDeployment) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlDeploymentList) DeepCopyInto(out *KluctlDeploymentList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]KluctlDeployment, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentList.
+func (in *KluctlDeploymentList) DeepCopy() *KluctlDeploymentList {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlDeploymentList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *KluctlDeploymentList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlDeploymentSpec) DeepCopyInto(out *KluctlDeploymentSpec) {
+	*out = *in
+	in.Source.DeepCopyInto(&out.Source)
+	if in.Decryption != nil {
+		in, out := &in.Decryption, &out.Decryption
+		*out = new(Decryption)
+		(*in).DeepCopyInto(*out)
+	}
+	out.Interval = in.Interval
+	if in.RetryInterval != nil {
+		in, out := &in.RetryInterval, &out.RetryInterval
+		*out = new(v1.Duration)
+		**out = **in
+	}
+	if in.DeployInterval != nil {
+		in, out := &in.DeployInterval, &out.DeployInterval
+		*out = new(SafeDuration)
+		**out = **in
+	}
+	if in.ValidateInterval != nil {
+		in, out := &in.ValidateInterval, &out.ValidateInterval
+		*out = new(SafeDuration)
+		**out = **in
+	}
+	if in.Timeout != nil {
+		in, out := &in.Timeout, &out.Timeout
+		*out = new(v1.Duration)
+		**out = **in
+	}
+	if in.HelmCredentials != nil {
+		in, out := &in.HelmCredentials, &out.HelmCredentials
+		*out = make([]HelmCredentials, len(*in))
+		copy(*out, *in)
+	}
+	if in.KubeConfig != nil {
+		in, out := &in.KubeConfig, &out.KubeConfig
+		*out = new(KubeConfig)
+		**out = **in
+	}
+	if in.Target != nil {
+		in, out := &in.Target, &out.Target
+		*out = new(string)
+		**out = **in
+	}
+	if in.TargetNameOverride != nil {
+		in, out := &in.TargetNameOverride, &out.TargetNameOverride
+		*out = new(string)
+		**out = **in
+	}
+	if in.Context != nil {
+		in, out := &in.Context, &out.Context
+		*out = new(string)
+		**out = **in
+	}
+	in.Args.DeepCopyInto(&out.Args)
+	if in.Images != nil {
+		in, out := &in.Images, &out.Images
+		*out = make([]types.FixedImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.IncludeTags != nil {
+		in, out := &in.IncludeTags, &out.IncludeTags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExcludeTags != nil {
+		in, out := &in.ExcludeTags, &out.ExcludeTags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.IncludeDeploymentDirs != nil {
+		in, out := &in.IncludeDeploymentDirs, &out.IncludeDeploymentDirs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExcludeDeploymentDirs != nil {
+		in, out := &in.ExcludeDeploymentDirs, &out.ExcludeDeploymentDirs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentSpec.
+func (in *KluctlDeploymentSpec) DeepCopy() *KluctlDeploymentSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlDeploymentSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.ProjectKey != nil {
+		in, out := &in.ProjectKey, &out.ProjectKey
+		*out = new(result.ProjectKey)
+		**out = **in
+	}
+	if in.TargetKey != nil {
+		in, out := &in.TargetKey, &out.TargetKey
+		*out = new(result.TargetKey)
+		**out = **in
+	}
+	if in.LastDeployResult != nil {
+		in, out := &in.LastDeployResult, &out.LastDeployResult
+		*out = new(result.CommandResultSummary)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.LastPruneResult != nil {
+		in, out := &in.LastPruneResult, &out.LastPruneResult
+		*out = new(result.CommandResultSummary)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.LastValidateResult != nil {
+		in, out := &in.LastValidateResult, &out.LastValidateResult
+		*out = new(result.ValidateResult)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentStatus.
+func (in *KluctlDeploymentStatus) DeepCopy() *KluctlDeploymentStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlDeploymentStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubeConfig) DeepCopyInto(out *KubeConfig) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig.
+func (in *KubeConfig) DeepCopy() *KubeConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(KubeConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference.
+func (in *LocalObjectReference) DeepCopy() *LocalObjectReference {
+	if in == nil {
+		return nil
+	}
+	out := new(LocalObjectReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
+	*out = *in
+	in.URL.DeepCopyInto(&out.URL)
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(GitRef)
+		**out = **in
+	}
+	if in.SecretRef != nil {
+		in, out := &in.SecretRef, &out.SecretRef
+		*out = new(LocalObjectReference)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSource.
+func (in *ProjectSource) DeepCopy() *ProjectSource {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSource)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
+	*out = *in
+	out.Duration = in.Duration
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SafeDuration.
+func (in *SafeDuration) DeepCopy() *SafeDuration {
+	if in == nil {
+		return nil
+	}
+	out := new(SafeDuration)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretKeyReference) DeepCopyInto(out *SecretKeyReference) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReference.
+func (in *SecretKeyReference) DeepCopy() *SecretKeyReference {
+	if in == nil {
+		return nil
+	}
+	out := new(SecretKeyReference)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 3e81ebc5e..4abd9c5ce 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.3
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.12.0
   name: kluctldeployments.gitops.kluctl.io
 spec:
   group: gitops.kluctl.io
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 5e7aaeef7..e043f192e 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -2,7 +2,6 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: manager-role
 rules:
 - apiGroups:
diff --git a/pkg/types/k8s/zz_generated.deepcopy.go b/pkg/types/k8s/zz_generated.deepcopy.go
new file mode 100644
index 000000000..a753e48cd
--- /dev/null
+++ b/pkg/types/k8s/zz_generated.deepcopy.go
@@ -0,0 +1,39 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package k8s
+
+import ()
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObjectRef) DeepCopyInto(out *ObjectRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectRef.
+func (in *ObjectRef) DeepCopy() *ObjectRef {
+	if in == nil {
+		return nil
+	}
+	out := new(ObjectRef)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
new file mode 100644
index 000000000..c7c90926a
--- /dev/null
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -0,0 +1,512 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package result
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BaseObject) DeepCopyInto(out *BaseObject) {
+	*out = *in
+	out.Ref = in.Ref
+	if in.Changes != nil {
+		in, out := &in.Changes, &out.Changes
+		*out = make([]Change, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BaseObject.
+func (in *BaseObject) DeepCopy() *BaseObject {
+	if in == nil {
+		return nil
+	}
+	out := new(BaseObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Change) DeepCopyInto(out *Change) {
+	*out = *in
+	if in.OldValue != nil {
+		in, out := &in.OldValue, &out.OldValue
+		*out = new(v1.JSON)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.NewValue != nil {
+		in, out := &in.NewValue, &out.NewValue
+		*out = new(v1.JSON)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Change.
+func (in *Change) DeepCopy() *Change {
+	if in == nil {
+		return nil
+	}
+	out := new(Change)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ChangedObject) DeepCopyInto(out *ChangedObject) {
+	*out = *in
+	out.Ref = in.Ref
+	if in.Changes != nil {
+		in, out := &in.Changes, &out.Changes
+		*out = make([]Change, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChangedObject.
+func (in *ChangedObject) DeepCopy() *ChangedObject {
+	if in == nil {
+		return nil
+	}
+	out := new(ChangedObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterInfo) DeepCopyInto(out *ClusterInfo) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInfo.
+func (in *ClusterInfo) DeepCopy() *ClusterInfo {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterInfo)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CommandInfo) DeepCopyInto(out *CommandInfo) {
+	*out = *in
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	in.EndTime.DeepCopyInto(&out.EndTime)
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = (*in).DeepCopy()
+	}
+	if in.Images != nil {
+		in, out := &in.Images, &out.Images
+		*out = make([]types.FixedImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.IncludeTags != nil {
+		in, out := &in.IncludeTags, &out.IncludeTags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExcludeTags != nil {
+		in, out := &in.ExcludeTags, &out.ExcludeTags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.IncludeDeploymentDirs != nil {
+		in, out := &in.IncludeDeploymentDirs, &out.IncludeDeploymentDirs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ExcludeDeploymentDirs != nil {
+		in, out := &in.ExcludeDeploymentDirs, &out.ExcludeDeploymentDirs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommandInfo.
+func (in *CommandInfo) DeepCopy() *CommandInfo {
+	if in == nil {
+		return nil
+	}
+	out := new(CommandInfo)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CommandResult) DeepCopyInto(out *CommandResult) {
+	*out = *in
+	out.ProjectKey = in.ProjectKey
+	out.TargetKey = in.TargetKey
+	in.Target.DeepCopyInto(&out.Target)
+	in.Command.DeepCopyInto(&out.Command)
+	in.GitInfo.DeepCopyInto(&out.GitInfo)
+	out.ClusterInfo = in.ClusterInfo
+	if in.Deployment != nil {
+		in, out := &in.Deployment, &out.Deployment
+		*out = new(types.DeploymentProjectConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Objects != nil {
+		in, out := &in.Objects, &out.Objects
+		*out = make([]ResultObject, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Errors != nil {
+		in, out := &in.Errors, &out.Errors
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.SeenImages != nil {
+		in, out := &in.SeenImages, &out.SeenImages
+		*out = make([]types.FixedImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommandResult.
+func (in *CommandResult) DeepCopy() *CommandResult {
+	if in == nil {
+		return nil
+	}
+	out := new(CommandResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CommandResultSummary) DeepCopyInto(out *CommandResultSummary) {
+	*out = *in
+	out.Project = in.Project
+	out.Target = in.Target
+	in.Command.DeepCopyInto(&out.Command)
+	in.GitInfo.DeepCopyInto(&out.GitInfo)
+	out.ClusterInfo = in.ClusterInfo
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommandResultSummary.
+func (in *CommandResultSummary) DeepCopy() *CommandResultSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(CommandResultSummary)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CompactedCommandResult) DeepCopyInto(out *CompactedCommandResult) {
+	*out = *in
+	in.CommandResult.DeepCopyInto(&out.CommandResult)
+	if in.CompactedObjects != nil {
+		in, out := &in.CompactedObjects, &out.CompactedObjects
+		*out = make(CompactedObjects, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompactedCommandResult.
+func (in *CompactedCommandResult) DeepCopy() *CompactedCommandResult {
+	if in == nil {
+		return nil
+	}
+	out := new(CompactedCommandResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CompactedObject) DeepCopyInto(out *CompactedObject) {
+	*out = *in
+	in.BaseObject.DeepCopyInto(&out.BaseObject)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompactedObject.
+func (in *CompactedObject) DeepCopy() *CompactedObject {
+	if in == nil {
+		return nil
+	}
+	out := new(CompactedObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in CompactedObjects) DeepCopyInto(out *CompactedObjects) {
+	{
+		in := &in
+		*out = make(CompactedObjects, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompactedObjects.
+func (in CompactedObjects) DeepCopy() CompactedObjects {
+	if in == nil {
+		return nil
+	}
+	out := new(CompactedObjects)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DeploymentError) DeepCopyInto(out *DeploymentError) {
+	*out = *in
+	out.Ref = in.Ref
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentError.
+func (in *DeploymentError) DeepCopy() *DeploymentError {
+	if in == nil {
+		return nil
+	}
+	out := new(DeploymentError)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitInfo) DeepCopyInto(out *GitInfo) {
+	*out = *in
+	if in.Url != nil {
+		in, out := &in.Url, &out.Url
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitInfo.
+func (in *GitInfo) DeepCopy() *GitInfo {
+	if in == nil {
+		return nil
+	}
+	out := new(GitInfo)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlDeploymentInfo) DeepCopyInto(out *KluctlDeploymentInfo) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentInfo.
+func (in *KluctlDeploymentInfo) DeepCopy() *KluctlDeploymentInfo {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlDeploymentInfo)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
+func (in *ProjectKey) DeepCopy() *ProjectKey {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectKey)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSummary) DeepCopyInto(out *ProjectSummary) {
+	*out = *in
+	out.Project = in.Project
+	if in.Targets != nil {
+		in, out := &in.Targets, &out.Targets
+		*out = make([]*TargetSummary, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(TargetSummary)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSummary.
+func (in *ProjectSummary) DeepCopy() *ProjectSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSummary)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ResultObject) DeepCopyInto(out *ResultObject) {
+	*out = *in
+	in.BaseObject.DeepCopyInto(&out.BaseObject)
+	if in.Rendered != nil {
+		in, out := &in.Rendered, &out.Rendered
+		*out = (*in).DeepCopy()
+	}
+	if in.Remote != nil {
+		in, out := &in.Remote, &out.Remote
+		*out = (*in).DeepCopy()
+	}
+	if in.Applied != nil {
+		in, out := &in.Applied, &out.Applied
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResultObject.
+func (in *ResultObject) DeepCopy() *ResultObject {
+	if in == nil {
+		return nil
+	}
+	out := new(ResultObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TargetKey) DeepCopyInto(out *TargetKey) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetKey.
+func (in *TargetKey) DeepCopy() *TargetKey {
+	if in == nil {
+		return nil
+	}
+	out := new(TargetKey)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TargetSummary) DeepCopyInto(out *TargetSummary) {
+	*out = *in
+	out.Target = in.Target
+	if in.LastValidateResult != nil {
+		in, out := &in.LastValidateResult, &out.LastValidateResult
+		*out = new(ValidateResult)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.CommandResults != nil {
+		in, out := &in.CommandResults, &out.CommandResults
+		*out = make([]CommandResultSummary, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSummary.
+func (in *TargetSummary) DeepCopy() *TargetSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(TargetSummary)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
+	*out = *in
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Errors != nil {
+		in, out := &in.Errors, &out.Errors
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]ValidateResultEntry, len(*in))
+		copy(*out, *in)
+	}
+	if in.Drift != nil {
+		in, out := &in.Drift, &out.Drift
+		*out = make([]ChangedObject, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidateResult.
+func (in *ValidateResult) DeepCopy() *ValidateResult {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidateResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidateResultEntry) DeepCopyInto(out *ValidateResultEntry) {
+	*out = *in
+	out.Ref = in.Ref
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidateResultEntry.
+func (in *ValidateResultEntry) DeepCopy() *ValidateResultEntry {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidateResultEntry)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
new file mode 100644
index 000000000..ec75fae41
--- /dev/null
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -0,0 +1,863 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package types
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DeleteObjectItemConfig) DeepCopyInto(out *DeleteObjectItemConfig) {
+	*out = *in
+	if in.Group != nil {
+		in, out := &in.Group, &out.Group
+		*out = new(string)
+		**out = **in
+	}
+	if in.Kind != nil {
+		in, out := &in.Kind, &out.Kind
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteObjectItemConfig.
+func (in *DeleteObjectItemConfig) DeepCopy() *DeleteObjectItemConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(DeleteObjectItemConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DeploymentArg) DeepCopyInto(out *DeploymentArg) {
+	*out = *in
+	if in.Default != nil {
+		in, out := &in.Default, &out.Default
+		*out = new(v1.JSON)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentArg.
+func (in *DeploymentArg) DeepCopy() *DeploymentArg {
+	if in == nil {
+		return nil
+	}
+	out := new(DeploymentArg)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
+	*out = *in
+	if in.Path != nil {
+		in, out := &in.Path, &out.Path
+		*out = new(string)
+		**out = **in
+	}
+	if in.Include != nil {
+		in, out := &in.Include, &out.Include
+		*out = new(string)
+		**out = **in
+	}
+	if in.Git != nil {
+		in, out := &in.Git, &out.Git
+		*out = new(GitProject)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Tags != nil {
+		in, out := &in.Tags, &out.Tags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Vars != nil {
+		in, out := &in.Vars, &out.Vars
+		*out = make([]*VarsSource, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(VarsSource)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.DeleteObjects != nil {
+		in, out := &in.DeleteObjects, &out.DeleteObjects
+		*out = make([]DeleteObjectItemConfig, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.RenderedHelmChartConfig != nil {
+		in, out := &in.RenderedHelmChartConfig, &out.RenderedHelmChartConfig
+		*out = new(HelmChartConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.RenderedObjects != nil {
+		in, out := &in.RenderedObjects, &out.RenderedObjects
+		*out = make([]k8s.ObjectRef, len(*in))
+		copy(*out, *in)
+	}
+	if in.RenderedInclude != nil {
+		in, out := &in.RenderedInclude, &out.RenderedInclude
+		*out = new(DeploymentProjectConfig)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentItemConfig.
+func (in *DeploymentItemConfig) DeepCopy() *DeploymentItemConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(DeploymentItemConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
+	*out = *in
+	if in.Vars != nil {
+		in, out := &in.Vars, &out.Vars
+		*out = make([]*VarsSource, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(VarsSource)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.SealedSecrets != nil {
+		in, out := &in.SealedSecrets, &out.SealedSecrets
+		*out = new(SealedSecretsConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Deployments != nil {
+		in, out := &in.Deployments, &out.Deployments
+		*out = make([]*DeploymentItemConfig, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(DeploymentItemConfig)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.CommonLabels != nil {
+		in, out := &in.CommonLabels, &out.CommonLabels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.CommonAnnotations != nil {
+		in, out := &in.CommonAnnotations, &out.CommonAnnotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.OverrideNamespace != nil {
+		in, out := &in.OverrideNamespace, &out.OverrideNamespace
+		*out = new(string)
+		**out = **in
+	}
+	if in.Tags != nil {
+		in, out := &in.Tags, &out.Tags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.IgnoreForDiff != nil {
+		in, out := &in.IgnoreForDiff, &out.IgnoreForDiff
+		*out = make([]*IgnoreForDiffItemConfig, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(IgnoreForDiffItemConfig)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentProjectConfig.
+func (in *DeploymentProjectConfig) DeepCopy() *DeploymentProjectConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(DeploymentProjectConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalProject) DeepCopyInto(out *ExternalProject) {
+	*out = *in
+	if in.Project != nil {
+		in, out := &in.Project, &out.Project
+		*out = new(GitProject)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Path != nil {
+		in, out := &in.Path, &out.Path
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProject.
+func (in *ExternalProject) DeepCopy() *ExternalProject {
+	if in == nil {
+		return nil
+	}
+	out := new(ExternalProject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FixedImage) DeepCopyInto(out *FixedImage) {
+	*out = *in
+	if in.DeployedImage != nil {
+		in, out := &in.DeployedImage, &out.DeployedImage
+		*out = new(string)
+		**out = **in
+	}
+	if in.Namespace != nil {
+		in, out := &in.Namespace, &out.Namespace
+		*out = new(string)
+		**out = **in
+	}
+	if in.Object != nil {
+		in, out := &in.Object, &out.Object
+		*out = new(k8s.ObjectRef)
+		**out = **in
+	}
+	if in.Deployment != nil {
+		in, out := &in.Deployment, &out.Deployment
+		*out = new(string)
+		**out = **in
+	}
+	if in.Container != nil {
+		in, out := &in.Container, &out.Container
+		*out = new(string)
+		**out = **in
+	}
+	if in.DeployTags != nil {
+		in, out := &in.DeployTags, &out.DeployTags
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.DeploymentDir != nil {
+		in, out := &in.DeploymentDir, &out.DeploymentDir
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixedImage.
+func (in *FixedImage) DeepCopy() *FixedImage {
+	if in == nil {
+		return nil
+	}
+	out := new(FixedImage)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FixedImagesConfig) DeepCopyInto(out *FixedImagesConfig) {
+	*out = *in
+	if in.Images != nil {
+		in, out := &in.Images, &out.Images
+		*out = make([]FixedImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FixedImagesConfig.
+func (in *FixedImagesConfig) DeepCopy() *FixedImagesConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(FixedImagesConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitProject) DeepCopyInto(out *GitProject) {
+	*out = *in
+	in.Url.DeepCopyInto(&out.Url)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitProject.
+func (in *GitProject) DeepCopy() *GitProject {
+	if in == nil {
+		return nil
+	}
+	out := new(GitProject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitUrl.
+func (in *GitUrl) DeepCopy() *GitUrl {
+	if in == nil {
+		return nil
+	}
+	out := new(GitUrl)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalSealedSecretsConfig) DeepCopyInto(out *GlobalSealedSecretsConfig) {
+	*out = *in
+	if in.Bootstrap != nil {
+		in, out := &in.Bootstrap, &out.Bootstrap
+		*out = new(bool)
+		**out = **in
+	}
+	if in.Namespace != nil {
+		in, out := &in.Namespace, &out.Namespace
+		*out = new(string)
+		**out = **in
+	}
+	if in.ControllerName != nil {
+		in, out := &in.ControllerName, &out.ControllerName
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalSealedSecretsConfig.
+func (in *GlobalSealedSecretsConfig) DeepCopy() *GlobalSealedSecretsConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalSealedSecretsConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HelmChartConfig) DeepCopyInto(out *HelmChartConfig) {
+	*out = *in
+	in.HelmChartConfig2.DeepCopyInto(&out.HelmChartConfig2)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartConfig.
+func (in *HelmChartConfig) DeepCopy() *HelmChartConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(HelmChartConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HelmChartConfig2) DeepCopyInto(out *HelmChartConfig2) {
+	*out = *in
+	if in.CredentialsId != nil {
+		in, out := &in.CredentialsId, &out.CredentialsId
+		*out = new(string)
+		**out = **in
+	}
+	if in.UpdateConstraints != nil {
+		in, out := &in.UpdateConstraints, &out.UpdateConstraints
+		*out = new(string)
+		**out = **in
+	}
+	if in.Namespace != nil {
+		in, out := &in.Namespace, &out.Namespace
+		*out = new(string)
+		**out = **in
+	}
+	if in.Output != nil {
+		in, out := &in.Output, &out.Output
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartConfig2.
+func (in *HelmChartConfig2) DeepCopy() *HelmChartConfig2 {
+	if in == nil {
+		return nil
+	}
+	out := new(HelmChartConfig2)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IgnoreForDiffItemConfig) DeepCopyInto(out *IgnoreForDiffItemConfig) {
+	*out = *in
+	if in.FieldPath != nil {
+		in, out := &in.FieldPath, &out.FieldPath
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+	if in.FieldPathRegex != nil {
+		in, out := &in.FieldPathRegex, &out.FieldPathRegex
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+	if in.Group != nil {
+		in, out := &in.Group, &out.Group
+		*out = new(string)
+		**out = **in
+	}
+	if in.Kind != nil {
+		in, out := &in.Kind, &out.Kind
+		*out = new(string)
+		**out = **in
+	}
+	if in.Name != nil {
+		in, out := &in.Name, &out.Name
+		*out = new(string)
+		**out = **in
+	}
+	if in.Namespace != nil {
+		in, out := &in.Namespace, &out.Namespace
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IgnoreForDiffItemConfig.
+func (in *IgnoreForDiffItemConfig) DeepCopy() *IgnoreForDiffItemConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(IgnoreForDiffItemConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlProject) DeepCopyInto(out *KluctlProject) {
+	*out = *in
+	if in.Targets != nil {
+		in, out := &in.Targets, &out.Targets
+		*out = make([]*Target, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(Target)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = make([]*DeploymentArg, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(DeploymentArg)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.SecretsConfig != nil {
+		in, out := &in.SecretsConfig, &out.SecretsConfig
+		*out = new(SecretsConfig)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlProject.
+func (in *KluctlProject) DeepCopy() *KluctlProject {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlProject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SealedSecretsConfig) DeepCopyInto(out *SealedSecretsConfig) {
+	*out = *in
+	if in.OutputPattern != nil {
+		in, out := &in.OutputPattern, &out.OutputPattern
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretsConfig.
+func (in *SealedSecretsConfig) DeepCopy() *SealedSecretsConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(SealedSecretsConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SealingConfig) DeepCopyInto(out *SealingConfig) {
+	*out = *in
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = (*in).DeepCopy()
+	}
+	if in.SecretSets != nil {
+		in, out := &in.SecretSets, &out.SecretSets
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.CertFile != nil {
+		in, out := &in.CertFile, &out.CertFile
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealingConfig.
+func (in *SealingConfig) DeepCopy() *SealingConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(SealingConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretSet) DeepCopyInto(out *SecretSet) {
+	*out = *in
+	if in.Vars != nil {
+		in, out := &in.Vars, &out.Vars
+		*out = make([]*VarsSource, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(VarsSource)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSet.
+func (in *SecretSet) DeepCopy() *SecretSet {
+	if in == nil {
+		return nil
+	}
+	out := new(SecretSet)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretsConfig) DeepCopyInto(out *SecretsConfig) {
+	*out = *in
+	if in.SealedSecrets != nil {
+		in, out := &in.SealedSecrets, &out.SealedSecrets
+		*out = new(GlobalSealedSecretsConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.SecretSets != nil {
+		in, out := &in.SecretSets, &out.SecretSets
+		*out = make([]SecretSet, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsConfig.
+func (in *SecretsConfig) DeepCopy() *SecretsConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(SecretsConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in SingleStringOrList) DeepCopyInto(out *SingleStringOrList) {
+	{
+		in := &in
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleStringOrList.
+func (in SingleStringOrList) DeepCopy() SingleStringOrList {
+	if in == nil {
+		return nil
+	}
+	out := new(SingleStringOrList)
+	in.DeepCopyInto(out)
+	return *out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Target) DeepCopyInto(out *Target) {
+	*out = *in
+	if in.Context != nil {
+		in, out := &in.Context, &out.Context
+		*out = new(string)
+		**out = **in
+	}
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = (*in).DeepCopy()
+	}
+	if in.SealingConfig != nil {
+		in, out := &in.SealingConfig, &out.SealingConfig
+		*out = new(SealingConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Images != nil {
+		in, out := &in.Images, &out.Images
+		*out = make([]FixedImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.
+func (in *Target) DeepCopy() *Target {
+	if in == nil {
+		return nil
+	}
+	out := new(Target)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSource) DeepCopyInto(out *VarsSource) {
+	*out = *in
+	if in.IgnoreMissing != nil {
+		in, out := &in.IgnoreMissing, &out.IgnoreMissing
+		*out = new(bool)
+		**out = **in
+	}
+	if in.NoOverride != nil {
+		in, out := &in.NoOverride, &out.NoOverride
+		*out = new(bool)
+		**out = **in
+	}
+	if in.Values != nil {
+		in, out := &in.Values, &out.Values
+		*out = (*in).DeepCopy()
+	}
+	if in.File != nil {
+		in, out := &in.File, &out.File
+		*out = new(string)
+		**out = **in
+	}
+	if in.Git != nil {
+		in, out := &in.Git, &out.Git
+		*out = new(VarsSourceGit)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ClusterConfigMap != nil {
+		in, out := &in.ClusterConfigMap, &out.ClusterConfigMap
+		*out = new(VarsSourceClusterConfigMapOrSecret)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ClusterSecret != nil {
+		in, out := &in.ClusterSecret, &out.ClusterSecret
+		*out = new(VarsSourceClusterConfigMapOrSecret)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.SystemEnvVars != nil {
+		in, out := &in.SystemEnvVars, &out.SystemEnvVars
+		*out = (*in).DeepCopy()
+	}
+	if in.Http != nil {
+		in, out := &in.Http, &out.Http
+		*out = new(VarsSourceHttp)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.AwsSecretsManager != nil {
+		in, out := &in.AwsSecretsManager, &out.AwsSecretsManager
+		*out = new(VarsSourceAwsSecretsManager)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Vault != nil {
+		in, out := &in.Vault, &out.Vault
+		*out = new(VarsSourceVault)
+		**out = **in
+	}
+	if in.RenderedVars != nil {
+		in, out := &in.RenderedVars, &out.RenderedVars
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSource.
+func (in *VarsSource) DeepCopy() *VarsSource {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSource)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceAwsSecretsManager) DeepCopyInto(out *VarsSourceAwsSecretsManager) {
+	*out = *in
+	if in.Region != nil {
+		in, out := &in.Region, &out.Region
+		*out = new(string)
+		**out = **in
+	}
+	if in.Profile != nil {
+		in, out := &in.Profile, &out.Profile
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceAwsSecretsManager.
+func (in *VarsSourceAwsSecretsManager) DeepCopy() *VarsSourceAwsSecretsManager {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceAwsSecretsManager)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceClusterConfigMapOrSecret) DeepCopyInto(out *VarsSourceClusterConfigMapOrSecret) {
+	*out = *in
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceClusterConfigMapOrSecret.
+func (in *VarsSourceClusterConfigMapOrSecret) DeepCopy() *VarsSourceClusterConfigMapOrSecret {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceClusterConfigMapOrSecret)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceGit) DeepCopyInto(out *VarsSourceGit) {
+	*out = *in
+	in.Url.DeepCopyInto(&out.Url)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceGit.
+func (in *VarsSourceGit) DeepCopy() *VarsSourceGit {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceGit)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceHttp) DeepCopyInto(out *VarsSourceHttp) {
+	*out = *in
+	in.Url.DeepCopyInto(&out.Url)
+	if in.Method != nil {
+		in, out := &in.Method, &out.Method
+		*out = new(string)
+		**out = **in
+	}
+	if in.Body != nil {
+		in, out := &in.Body, &out.Body
+		*out = new(string)
+		**out = **in
+	}
+	if in.Headers != nil {
+		in, out := &in.Headers, &out.Headers
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.JsonPath != nil {
+		in, out := &in.JsonPath, &out.JsonPath
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceHttp.
+func (in *VarsSourceHttp) DeepCopy() *VarsSourceHttp {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceHttp)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceVault) DeepCopyInto(out *VarsSourceVault) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceVault.
+func (in *VarsSourceVault) DeepCopy() *VarsSourceVault {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceVault)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YamlUrl.
+func (in *YamlUrl) DeepCopy() *YamlUrl {
+	if in == nil {
+		return nil
+	}
+	out := new(YamlUrl)
+	in.DeepCopyInto(out)
+	return out
+}

From 011e330c56767a9259cdd2617a80d8876fcc9a41 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:34:30 +0200
Subject: [PATCH 0986/2268] tests: Add controller tests

---
 e2e/default_clusters.go |   3 +
 e2e/gitops_test.go      | 609 ++++++++++++++++++++++++++++++++++++++++
 e2e/utils.go            |  15 +-
 3 files changed, 626 insertions(+), 1 deletion(-)
 create mode 100644 e2e/gitops_test.go

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 373957a89..8765afb63 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -22,6 +22,9 @@ func init() {
 		return
 	}
 
+	defaultCluster1.CRDDirectoryPaths = []string{"../config/crd/bases"}
+	defaultCluster2.CRDDirectoryPaths = []string{"../config/crd/bases"}
+
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
new file mode 100644
index 000000000..56d1cdfe0
--- /dev/null
+++ b/e2e/gitops_test.go
@@ -0,0 +1,609 @@
+package e2e
+
+import (
+	"context"
+	"encoding/json"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/onsi/gomega"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
+	"testing"
+	"time"
+
+	. "github.com/onsi/gomega"
+)
+
+const (
+	timeout  = time.Second * 300
+	interval = time.Second * 5
+)
+
+func startKluctlController(t *testing.T) context.CancelFunc {
+	ctx, ctxCancel := context.WithCancel(context.Background())
+	args := []string{
+		"controller",
+	}
+	done := make(chan struct{})
+	go func() {
+		_, _, err := test_utils.KluctlExecute(t, ctx, args...)
+		if err != nil {
+			t.Error(err)
+		}
+		close(done)
+	}()
+
+	cancel := func() {
+		ctxCancel()
+		<-done
+	}
+
+	t.Cleanup(cancel)
+	return cancel
+}
+
+func waitForReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey) {
+	g := gomega.NewWithT(t)
+
+	var kd kluctlv1.KluctlDeployment
+	err := k.Client.Get(context.TODO(), key, &kd)
+	assert.NoError(t, err)
+
+	var lastReconcileTime metav1.Time
+	if kd.Status.LastDeployResult != nil {
+		lastReconcileTime = kd.Status.LastDeployResult.Command.StartTime
+	}
+	g.Eventually(func() bool {
+		err = k.Client.Get(context.TODO(), key, &kd)
+		g.Expect(err).To(Succeed())
+		if kd.Status.LastDeployResult == nil {
+			return false
+		}
+		return kd.Status.LastDeployResult.Command.StartTime != lastReconcileTime
+	}, timeout, time.Second).Should(BeTrue())
+}
+
+func waitForCommit(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, commit string) {
+	g := gomega.NewWithT(t)
+
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		_ = k.Client.Get(context.Background(), key, &obj)
+		if obj.Status.LastDeployResult == nil {
+			return false
+		}
+		return obj.Status.LastDeployResult.GitInfo.Commit == commit
+	}, timeout, time.Second).Should(BeTrue())
+}
+
+func createKluctlDeployment(t *testing.T, p *test_utils.TestProject, k *test_utils.EnvTestCluster, target string, args map[string]any) client.ObjectKey {
+	gitopsNs := p.TestSlug() + "-gitops"
+	createNamespace(t, k, gitopsNs)
+
+	jargs, err := json.Marshal(args)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	kluctlDeployment := &kluctlv1.KluctlDeployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      p.TestSlug(),
+			Namespace: gitopsNs,
+		},
+		Spec: kluctlv1.KluctlDeploymentSpec{
+			Interval: metav1.Duration{Duration: interval},
+			Timeout:  &metav1.Duration{Duration: timeout},
+			Target:   &target,
+			Args: runtime.RawExtension{
+				Raw: jargs,
+			},
+			Source: kluctlv1.ProjectSource{
+				URL: *types2.ParseGitUrlMust(p.GitUrl()),
+			},
+		},
+	}
+
+	err = k.Client.Create(context.Background(), kluctlDeployment)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return client.ObjectKeyFromObject(kluctlDeployment)
+}
+
+func TestGitOpsFieldManager(t *testing.T) {
+	g := NewWithT(t)
+
+	startKluctlController(t)
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+  k2: "{{ args.k2 + 1 }}"
+`)},
+	}, nil)
+
+	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+		"k2":        42,
+	})
+
+	t.Run("initial deployment", func(t *testing.T) {
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	var kd kluctlv1.KluctlDeployment
+	err := k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
+	err = k.Client.Update(context.TODO(), &kd)
+	g.Expect(err).To(Succeed())
+
+	cm := &corev1.ConfigMap{}
+
+	t.Run("cm1 is deployed", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v1"))
+		g.Expect(cm.Data).To(HaveKeyWithValue("k2", "43"))
+	})
+
+	t.Run("cm1 is modified and restored", func(t *testing.T) {
+		cm.Data["k1"] = "v2"
+		err := k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	t.Run("cm1 gets a key added which is not modified by the controller", func(t *testing.T) {
+		cm.Data["k1"] = "v2"
+		cm.Data["k3"] = "v3"
+		err := k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+
+		g.Expect(cm.Data).To(HaveKeyWithValue("k3", "v3"))
+	})
+
+	t.Run("cm1 gets modified with another field manager", func(t *testing.T) {
+		patch := client.MergeFrom(cm.DeepCopy())
+		cm.Data["k1"] = "v2"
+
+		err := k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		g.Expect(err).To(Succeed())
+
+		for i := 0; i < 2; i++ {
+			waitForReconcile(t, k, key)
+		}
+
+		err = k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v2"))
+	})
+
+	err = k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	kd.Spec.ForceApply = true
+	err = k.Client.Update(context.TODO(), &kd)
+	g.Expect(err).To(Succeed())
+
+	t.Run("forceApply is true and cm1 gets restored even with another field manager", func(t *testing.T) {
+		patch := client.MergeFrom(cm.DeepCopy())
+		cm.Data["k1"] = "v2"
+
+		err := k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+	})
+}
+
+func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
+	g := NewWithT(t)
+	startKluctlController(t)
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+	}, "", "")
+	repoUrlWithCreds := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart2", Version: "0.1.0"},
+	}, "test-user", "test-password")
+	ociRepoUrlWithCreds := test_utils.CreateOciRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart3", Version: "0.1.0"},
+	}, "test-user", "test-password")
+
+	p.AddHelmDeployment("d1", repoUrl, "test-chart1", "0.1.0", "test-helm-1", p.TestSlug(), nil)
+	p.UpdateYaml("d1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+
+	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	waitForCommit(t, k, key, getHeadRevision(t, p))
+
+	cm := &corev1.ConfigMap{}
+
+	t.Run("chart got deployed", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "test-helm-1-test-chart1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
+	})
+
+	p.AddHelmDeployment("d2", repoUrlWithCreds, "test-chart2", "0.1.0", "test-helm-2", p.TestSlug(), nil)
+	p.UpdateYaml("d2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+
+	kd := &kluctlv1.KluctlDeployment{}
+
+	t.Run("chart with credentials fails with 401", func(t *testing.T) {
+		g.Eventually(func() bool {
+			err := k.Client.Get(context.TODO(), key, kd)
+			g.Expect(err).To(Succeed())
+			for _, c := range kd.Status.Conditions {
+				_ = c
+				if c.Type == "Ready" && c.Reason == "PrepareFailed" && strings.Contains(c.Message, "401 Unauthorized") {
+					return true
+				}
+			}
+			return false
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	credsSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: key.Namespace,
+			Name:      "helm-secrets-1",
+		},
+		Data: map[string][]byte{
+			"url":      []byte(repoUrlWithCreds),
+			"username": []byte("test-user"),
+			"password": []byte("test-password"),
+		},
+	}
+	err := k.Client.Create(context.TODO(), credsSecret)
+	g.Expect(err).To(Succeed())
+
+	kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"}})
+	err = k.Client.Update(context.TODO(), kd)
+	g.Expect(err).To(Succeed())
+
+	t.Run("chart with credentials succeeds", func(t *testing.T) {
+		g.Eventually(func() bool {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "test-helm-2-test-chart2",
+				Namespace: p.TestSlug(),
+			}, cm)
+			if err != nil {
+				return false
+			}
+			g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
+			return true
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	p.AddHelmDeployment("d3", ociRepoUrlWithCreds, "test-chart3", "0.1.0", "test-helm-3", p.TestSlug(), nil)
+	p.UpdateYaml("d3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
+		return nil
+	}, "")
+
+	t.Run("OCI chart with credentials fails with 401", func(t *testing.T) {
+		g.Eventually(func() bool {
+			err = k.Client.Get(context.TODO(), key, kd)
+			g.Expect(err).To(Succeed())
+			for _, c := range kd.Status.Conditions {
+				_ = c
+				if c.Type == "Ready" && c.Reason == "PrepareFailed" && strings.Contains(c.Message, "401 Unauthorized") {
+					return true
+				}
+			}
+			return false
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	/*
+		TODO enable this when Kluctl supports OCI authentication
+		url, err := url2.Parse(ociRepoUrlWithCreds)
+		g.Expect(err).To(Succeed())
+
+		dockerJson := map[string]any{
+			"auths": map[string]any{
+				url.Host: map[string]any{
+					"username": "test-user",
+					"password": "test-password,",
+					"auth":     base64.StdEncoding.EncodeToString([]byte("test-user:test-password")),
+				},
+			},
+		}
+		dockerJsonStr, err := json.Marshal(dockerJson)
+		g.Expect(err).To(Succeed())
+
+		credsSecret2 := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: namespace,
+				Name:      "helm-secrets-2",
+			},
+			Data: map[string][]byte{
+				"url":               []byte(ociRepoUrlWithCreds),
+				".dockerconfigjson": dockerJsonStr,
+			},
+		}
+		err = k.Client.Create(context.TODO(), credsSecret2)
+		g.Expect(err).To(Succeed())
+
+		kluctlDeployment.Spec.HelmCredentials = append(kluctlDeployment.Spec.HelmCredentials, flux_utils.LocalObjectReference{Name: "helm-secrets-2"})
+		err = k.Client.Update(context.TODO(), kluctlDeployment)
+		g.Expect(err).To(Succeed())
+
+		t.Run("OCI chart with credentials succeeds", func(t *testing.T) {
+			g.Eventually(func() bool {
+				err := k.Client.Get(context.TODO(), client.ObjectKey{
+					Name:      "test-helm-3-test-chart3",
+					Namespace: namespace,
+				}, cm)
+				if err != nil {
+					return false
+				}
+				g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
+				return true
+			}, timeout, time.Second).Should(BeTrue())
+		})*/
+}
+
+func TestKluctlDeploymentReconciler_Prune(t *testing.T) {
+	g := NewWithT(t)
+	startKluctlController(t)
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+	p.AddKustomizeDeployment("d2", []test_utils.KustomizeResource{
+		{Name: "cm2.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm2
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+
+	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	waitForCommit(t, k, key, getHeadRevision(t, p))
+
+	cm := &corev1.ConfigMap{}
+
+	t.Run("cm1 and cm2 got deployed", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.RemoveNestedField("deployments", 1)
+		return nil
+	})
+
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		_ = k.Client.Get(context.Background(), key, &obj)
+		if obj.Status.LastDeployResult == nil {
+			return false
+		}
+		return obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(t, p)
+	}, timeout, time.Second).Should(BeTrue())
+
+	t.Run("cm1 and cm2 were not deleted", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	kd := &kluctlv1.KluctlDeployment{}
+	g.Expect(k.Client.Get(context.TODO(), key, kd)).To(Succeed())
+	kd.Spec.Prune = true
+
+	g.Expect(k.Client.Update(context.TODO(), kd)).To(Succeed())
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		_ = k.Client.Get(context.Background(), key, &obj)
+		if obj.Status.LastDeployResult == nil {
+			return false
+		}
+		return obj.Status.ObservedGeneration == obj.Generation && obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(t, p)
+	}, timeout, time.Second).Should(BeTrue())
+
+	t.Run("cm1 did not get deleted and cm2 got deleted", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(MatchError("configmaps \"cm2\" not found"))
+	})
+}
+
+func doTestDelete(t *testing.T, delete bool) {
+	g := NewWithT(t)
+	startKluctlController(t)
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+
+	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	kd := &kluctlv1.KluctlDeployment{}
+	err := k.Client.Get(context.TODO(), key, kd)
+	g.Expect(err).To(Succeed())
+
+	kd.Spec.Delete = delete
+	g.Expect(k.Client.Update(context.TODO(), kd)).To(Succeed())
+
+	waitForCommit(t, k, key, getHeadRevision(t, p))
+
+	cm := &corev1.ConfigMap{}
+
+	t.Run("cm1 got deployed", func(t *testing.T) {
+		err := k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	g.Expect(k.Client.Delete(context.TODO(), kd)).To(Succeed())
+
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		err := k.Client.Get(context.Background(), key, &obj)
+		if err == nil {
+			return false
+		}
+		if !errors.IsNotFound(err) {
+			return false
+		}
+		return true
+	}, timeout, time.Second).Should(BeTrue())
+
+	if delete {
+		t.Run("cm1 was deleted", func(t *testing.T) {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(MatchError("configmaps \"cm1\" not found"))
+		})
+	} else {
+		t.Run("cm1 was not deleted", func(t *testing.T) {
+			err := k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+		})
+	}
+}
+
+func TestKluctlDeploymentReconciler_Delete_True(t *testing.T) {
+	doTestDelete(t, true)
+}
+
+func TestKluctlDeploymentReconciler_Delete_False(t *testing.T) {
+	doTestDelete(t, false)
+}
diff --git a/e2e/utils.go b/e2e/utils.go
index 9909bc07a..061402c77 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -15,14 +15,27 @@ import (
 )
 
 func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
+	r := k.DynamicClient.Resource(v1.SchemeGroupVersion.WithResource("namespaces"))
+	if _, err := r.Get(context.Background(), namespace, metav1.GetOptions{}); err == nil {
+		return
+	}
+
 	var ns unstructured.Unstructured
 	ns.SetName(namespace)
+	_, err := r.Create(context.Background(), &ns, metav1.CreateOptions{})
 
-	_, err := k.DynamicClient.Resource(v1.SchemeGroupVersion.WithResource("namespaces")).Create(context.Background(), &ns, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
 
+func getHeadRevision(t *testing.T, p *test_utils.TestProject) string {
+	r := p.GetGitRepo()
+	h, err := r.Head()
 	if err != nil {
 		t.Fatal(err)
 	}
+	return h.Hash().String()
 }
 
 func assertObjectExists(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVersionResource, namespace string, name string) *uo.UnstructuredObject {

From 676725d274ad2225e831a0d13270f574f2df44db Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:34:57 +0200
Subject: [PATCH 0987/2268] chore: Run go mod tidy

---
 go.mod | 24 ++++++++++++------------
 go.sum | 26 ++++++++++++--------------
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/go.mod b/go.mod
index a815bcfcb..fb641e2f3 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,6 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.21.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/fluxcd/pkg/kustomize v1.1.1
 	github.com/go-playground/validator/v10 v10.13.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -53,18 +52,27 @@ require (
 
 require (
 	filippo.io/age v1.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.25
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.24
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
+	github.com/aws/smithy-go v1.13.5
+	github.com/dimchansky/utfbom v1.1.1
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
+	github.com/hashicorp/go-retryablehttp v0.7.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.7
 	github.com/otiai10/copy v1.11.0
+	github.com/prometheus/client_golang v1.15.1
 	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
+	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.15.0-beta.0
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
@@ -76,8 +84,6 @@ require (
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/kms v1.10.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
@@ -92,7 +98,6 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
@@ -101,8 +106,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
@@ -119,22 +122,19 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/drone/envsubst v1.0.3 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4 // indirect
-	github.com/fluxcd/pkg/apis/kustomize v1.0.0 // indirect
-	github.com/fluxcd/pkg/sourceignore v0.3.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -158,7 +158,6 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
@@ -198,7 +197,6 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.15.1 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
@@ -225,6 +223,8 @@ require (
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
diff --git a/go.sum b/go.sum
index 40eb65340..e6e48f5e8 100644
--- a/go.sum
+++ b/go.sum
@@ -94,14 +94,12 @@ github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -150,6 +148,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jely
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -212,6 +212,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
+github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
@@ -231,8 +233,6 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g=
-github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g=
 github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
 github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -258,14 +258,6 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4 h1:Gm5sGGk+/Wq6RhX4xpCZ2IqjDp5XkjlhENaAuAlpdKc=
-github.com/fluxcd/go-git/v5 v5.0.0-20221219190809-2e5c9d01cfc4/go.mod h1:raWgfUV7lDQVXp4QXUaeNNJkRVKz97UQuF+0kdY7Vmo=
-github.com/fluxcd/pkg/apis/kustomize v1.0.0 h1:5T2b/mRZiGWtP7fvSU8gZOApIc06H6SdLX3MlsE6LRo=
-github.com/fluxcd/pkg/apis/kustomize v1.0.0/go.mod h1:XaDYlKxrf9D2zZWcZ0BnSIqGtcm8mdNtJGzZWYjCnQo=
-github.com/fluxcd/pkg/kustomize v1.1.1 h1:hYFJGi+fiaecY4gXvx52fumlvDEq/1RdFbaev67oBhE=
-github.com/fluxcd/pkg/kustomize v1.1.1/go.mod h1:i+Z9iPAoSz28oH0FmDI73iqZ3oXZxQR2O3HfhdsWhfo=
-github.com/fluxcd/pkg/sourceignore v0.3.3 h1:Ue29JAuPECEYdvIqdpXpQaDxpeySn7amarLArp7XoIs=
-github.com/fluxcd/pkg/sourceignore v0.3.3/go.mod h1:yuJzKggph0Bdbk9LgXjJQhvJZSTJV/1vS7mJuB7mPa0=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
@@ -304,6 +296,7 @@ github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
+github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
@@ -684,7 +677,6 @@ github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
-github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
@@ -822,7 +814,6 @@ github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RV
 github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -874,12 +865,16 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
+go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1183,6 +1178,7 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
@@ -1383,6 +1379,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=
+sigs.k8s.io/cli-utils v0.34.0/go.mod h1:EXyMwPMu9OL+LRnj0JEMsGG/fRvbgFadcVlSnE8RhFs=
 sigs.k8s.io/controller-runtime v0.15.0-beta.0 h1:pkhYMops8jZrVuI0kBHeF6q9UVu1JljIGGG4Ox5ZJmk=
 sigs.k8s.io/controller-runtime v0.15.0-beta.0/go.mod h1:YUTa+du31rqOu4mJaijiuhGFax9ecCJgO/v0/yW09gE=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

From 07fd5e2fd17397f75c2e1eb0d66e47bd85f55de8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:43:36 +0200
Subject: [PATCH 0988/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/controller.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/reference/commands/controller.md b/docs/reference/commands/controller.md
index ff5fe4938..a7584c0b7 100644
--- a/docs/reference/commands/controller.md
+++ b/docs/reference/commands/controller.md
@@ -13,6 +13,9 @@ description: >
 <!-- BEGIN SECTION "controller" "Usage" false -->
 Usage: kluctl controller [flags]
 
+Run the Kluctl controller
+This command will run the Kluctl Controller. This is usually meant to be run inside a cluster and not from your local machine.
+
 <!-- END SECTION -->
 
 ## Arguments
@@ -20,6 +23,15 @@ Usage: kluctl controller [flags]
 The following arguments are available:
 <!-- BEGIN SECTION "controller" "Controller" true -->
 ```
+Controller:
+  Controller arguments.
+
+      --default-service-account string     Default service account used for impersonation.
+      --dry-run                            Run all deployments in dryRun=true mode.
+      --health-probe-bind-address string   The address the probe endpoint binds to. (default ":8081")
+      --leader-elect                       Enable leader election for controller manager. Enabling this will
+                                           ensure there is only one active controller manager.
+      --metrics-bind-address string        The address the metric endpoint binds to. (default ":8080")
 
 ```
 <!-- END SECTION -->

From 805f2bfc66f1550a86dadaa59824eb39846a86ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 15:58:48 +0200
Subject: [PATCH 0989/2268] ci: Update Makefile to be controller-gen based

---
 Makefile | 231 +++++++++++++++++++++++++++----------------------------
 1 file changed, 113 insertions(+), 118 deletions(-)

diff --git a/Makefile b/Makefile
index d8f9ce4aa..aa370ad74 100644
--- a/Makefile
+++ b/Makefile
@@ -13,144 +13,139 @@ ifeq ($(GOOS), linux)
 RACE=-race
 endif
 
-GOCMD=go
-GOTEST=$(GOCMD) test
-GOVET=$(GOCMD) vet
-BINARY_NAME=kluctl$(EXE)
-TEST_BINARY_NAME=kluctl-e2e$(EXE)
-EXPORT_RESULT?=false
-
-# If gobin not set, create one on ./build and add to path.
+# Image URL to use all building/pushing image targets
+IMG ?= kluctl/kluctl:latest
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.26.1
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
-GOBIN=$(BUILD_DIR)/gobin
+GOBIN=$(shell go env GOPATH)/bin
 else
 GOBIN=$(shell go env GOBIN)
 endif
-export PATH:=$(GOBIN):${PATH}
 
-# Architecture to use envtest with
-ENVTEST_ARCH ?= amd64
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
 
-GREEN  := $(shell tput -Txterm setaf 2)
-YELLOW := $(shell tput -Txterm setaf 3)
-WHITE  := $(shell tput -Txterm setaf 7)
-CYAN   := $(shell tput -Txterm setaf 6)
-RESET  := $(shell tput -Txterm sgr0)
+.PHONY: all
+all: build
 
-.PHONY: all test build
+##@ General
 
-all: help
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
 
-## Build:
-build: build-go ## Run the complete build pipeline
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-build-go:  ## Build your project and put the output binary in ./bin/
-	mkdir -p ./bin
-	$(GOCMD) build -o ./bin/$(BINARY_NAME)
+##@ Development
 
-clean: ## Remove build related file
-	rm -fr ./bin
-	rm -fr ./out
-	rm -fr ./reports
-	rm -fr ./download-python
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
-## Envtest setup
-# Repository root based on Git metadata
-REPOSITORY_ROOT := $(shell git rev-parse --show-toplevel)
-BUILD_DIR := $(REPOSITORY_ROOT)/build
-ENVTEST = $(GOBIN)/setup-envtest
-.PHONY: envtest
-setup-envtest: ## Download envtest-setup locally if necessary.
-	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
-# Download the envtest binaries to testbin
-ENVTEST_ASSETS_DIR=$(BUILD_DIR)/testbin
-ENVTEST_KUBERNETES_VERSION?=latest
-install-envtest: setup-envtest
-	mkdir -p ${ENVTEST_ASSETS_DIR}
-	$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
 
-## Test:
-test: test-unit test-e2e ## Runs the complete test suite
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
 
-KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)"
-test-e2e: test-e2e-build test-e2e-pre-built ## Runs the end to end tests
+.PHONY: test
+test: manifests generate fmt vet envtest ## Run tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(RACE) ./... -coverprofile cover.out
 
-test-e2e-build: ## Builds the end to end tests
-	$(GOCMD) test $(RACE) -c ./e2e -o ./bin/$(TEST_BINARY_NAME)
+replace-commands-help: ## Replace commands help in docs
+	go run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
 
-test-e2e-pre-built: install-envtest
-	KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) ./bin/$(TEST_BINARY_NAME) -test.v
+MARKDOWN_LINK_CHECK_VERSION=3.11.2
+markdown-link-check: ## Check markdown files for dead links
+	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
 
-test-unit: ## Run the unit tests of the project
-ifeq ($(EXPORT_RESULT), true)
-	mkdir -p reports/test-unit
-	GO111MODULE=off $(GOCMD) get -u github.com/jstemmer/go-junit-report
-	$(eval OUTPUT_OPTIONS = | tee /dev/tty | go-junit-report -set-exit-code > reports/test-unit/junit-report.xml)
-endif
-	$(GOTEST) -v $(RACE) $(shell go list ./... | grep -v 'v2/e2e') $(OUTPUT_OPTIONS)
-
-coverage-unit: ## Run the unit tests of the project and export the coverage
-	$(GOTEST) -cover -covermode=count -coverprofile=reports/coverage-unit/profile.cov $(shell go list ./... | grep -v /e2e/)
-	$(GOCMD) tool cover -func profile.cov
-ifeq ($(EXPORT_RESULT), true)
-	mkdir -p reports/coverage-unit
-	GO111MODULE=off $(GOCMD) get -u github.com/AlekSi/gocov-xml
-	GO111MODULE=off $(GOCMD) get -u github.com/axw/gocov/gocov
-	gocov convert  reports/coverage-unit/profile.cov | gocov-xml > reports/coverage-unit/coverage.xml
-endif
+##@ Build
 
-## Lint:
-lint: lint-go ## Run all available linters
+.PHONY: build
+build: manifests generate fmt vet ## Build manager binary.
+	go build -o bin/kluctl$(EXE) cmd/main.go
 
-lint-go: ## Use golintci-lint on your project
-ifeq ($(EXPORT_RESULT), true)
-	mkdir -p reports/lint-go
-	$(eval OUTPUT_OPTIONS = $(shell echo "--out-format checkstyle ./... | tee /dev/tty > reports/lint-go/checkstyle-report.xml" ))
-else
-	$(eval OUTPUT_OPTIONS = $(shell echo ""))
-endif
-	docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:latest-alpine golangci-lint run $(OUTPUT_OPTIONS)
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./cmd/main.go
 
-replace-commands-help: ## Replace commands help in docs
-	$(GOCMD) run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
 
-MARKDOWN_LINK_CHECK_VERSION=3.10.3 # warning, 3.11.x is broken
-markdown-link-check: ## Check markdown files for dead links
-	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
+##@ Deployment
 
-## Release:
-version: ## Write next version into version file
-	$(GOCMD) install github.com/bvieira/sv4git/v2/cmd/git-sv@v2.7.0
-	$(eval KLUCTL_VERSION:=$(shell git sv next-version))
-	sed -ibak "s/0.0.0/$(KLUCTL_VERSION)/g" pkg/version/version.go
-
-changelog: ## Generating changelog
-	git sv changelog -n 1 > CHANGELOG.md
-
-## Help:
-help: ## Show this help.
-	@echo ''
-	@echo 'Usage:'
-	@echo '  ${YELLOW}make${RESET} ${GREEN}<target>${RESET}'
-	@echo ''
-	@echo 'Targets:'
-	@awk 'BEGIN {FS = ":.*?## "} { \
-		if (/^[0-9a-zA-Z_-]+:.*?##.*$$/) {printf "    ${YELLOW}%-20s${GREEN}%s${RESET}\n", $$1, $$2} \
-		else if (/^## .*$$/) {printf "  ${CYAN}%s${RESET}\n", substr($$1,4)} \
-		}' $(MAKEFILE_LIST)
-
-## Tools
-# go-install-tool will 'go install' any package $2 and install it to $1.
-PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
-define go-install-tool
-@[ -f $(1) ] || { \
-set -e ;\
-TMP_DIR=$$(mktemp -d) ;\
-cd $$TMP_DIR ;\
-go mod init tmp ;\
-echo "Downloading $(2)" ;\
-GOBIN=$(GOBIN) go install $(2) ;\
-rm -rf $$TMP_DIR ;\
-}
-endef
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
+
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+##@ Build Dependencies
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v5.0.3
+CONTROLLER_TOOLS_VERSION ?= v0.12.0
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
+$(KUSTOMIZE): $(LOCALBIN)
+	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
+		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
+		rm -rf $(LOCALBIN)/kustomize; \
+	fi
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

From e9936ce67d1e8053a0f3d11eb667ad13104ffff1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:15:56 +0200
Subject: [PATCH 0990/2268] ci: Verify that make generate was called and
 committed

---
 .github/workflows/tests.yml | 11 ++++++++++-
 Makefile                    |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e23e52c2b..b4d09f840 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ on:
       - main
 
 jobs:
-  docs-checks:
+  generate-checks:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -39,6 +39,15 @@ jobs:
             git diff
             exit 1
           fi
+      - name: Verify generated source is up-to-date
+        run: |
+          make generate
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "make generate must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   tests:
     strategy:
diff --git a/Makefile b/Makefile
index aa370ad74..28db1bfd4 100644
--- a/Makefile
+++ b/Makefile
@@ -58,6 +58,7 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	go generate ./...
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 .PHONY: fmt

From 8b0eafb86205b6a0758ecce933625c25f5c12a1a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:16:07 +0200
Subject: [PATCH 0991/2268] ci: Fix .goreleaser.yaml to use correct main

---
 .goreleaser.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 43a80732f..8d657a092 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -6,6 +6,7 @@ builds:
       binary: kluctl
       env:
         - CGO_ENABLED=0
+      main: ./cmd
     id: linux
     goos:
       - linux

From 0415b74d67f77e13232ba810a6782b88c40c2ebb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 17:19:25 +0200
Subject: [PATCH 0992/2268] ci: Add .dockerignore

---
 .dockerignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..9b1c8b133
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1 @@
+/dist

From 84f09fcf161e6c9e811085dd8f2063eeff9ee2fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:22:16 +0200
Subject: [PATCH 0993/2268] fix: Upgrade to alpine 3.18.0 to fix DNS resolver
 issues

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f3ee702f7..478b37095 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.1
+FROM alpine:3.18.0
 
 RUN apk add ca-certificates
 

From ad6241a2a8b76d0392206e74ea127abb74160078 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:22:42 +0200
Subject: [PATCH 0994/2268] fix: Add git to docker images and set
 HELM_CACHE_HOME=/tmp/helm-cache

---
 Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 478b37095..6a31351b5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,5 +2,11 @@ FROM alpine:3.18.0
 
 RUN apk add ca-certificates
 
+# We need git for kustomize to support overlays from git
+RUN apk add git
+
+# Ensure helm is not trying to access /
+ENV HELM_CACHE_HOME=/tmp/helm-cache
+
 COPY kluctl /usr/bin/
 ENTRYPOINT ["/usr/bin/kluctl"]

From ccedfb7ffed23e8736ffa1e40228f94324c49b85 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:56:40 +0200
Subject: [PATCH 0995/2268] fix: Run as non-root user

---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 6a31351b5..847404a86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,4 +9,7 @@ RUN apk add git
 ENV HELM_CACHE_HOME=/tmp/helm-cache
 
 COPY kluctl /usr/bin/
+
+USER 65532:65532
+
 ENTRYPOINT ["/usr/bin/kluctl"]

From 0a6a5c1a9d554ea872f098812802cb89f187bcb1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 16:57:22 +0200
Subject: [PATCH 0996/2268] chore: Easy/Fast way to deploy to kind

---
 Dockerfile                        | 3 ++-
 Makefile                          | 8 ++++++++
 config/default/kustomization.yaml | 2 +-
 config/manager/manager.yaml       | 4 +++-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 847404a86..77958da58 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,8 @@ RUN apk add git
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache
 
-COPY kluctl /usr/bin/
+ARG BIN_PATH=kluctl
+COPY $BIN_PATH /usr/bin/
 
 USER 65532:65532
 
diff --git a/Makefile b/Makefile
index 28db1bfd4..d640b9f2b 100644
--- a/Makefile
+++ b/Makefile
@@ -110,6 +110,14 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
 
+.PHONY: deploy-kind
+deploy-kind: manifests kustomize
+	GOOS=linux GOARCH=amd64 make build
+	docker build -t kluctl-kind:latest --build-arg BIN_PATH=./bin/kluctl .
+	kind load docker-image kluctl-kind:latest
+	cd config/manager && $(KUSTOMIZE) edit set image controller=kluctl-kind
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index fc2356a99..ce073d33f 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -6,7 +6,7 @@ namespace: controller-system
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: controller-
+namePrefix: kluctl-
 
 # Labels to add to all resources and selectors.
 #labels:
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index d0a98b913..0eaa207d9 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -67,10 +67,12 @@ spec:
         #   type: RuntimeDefault
       containers:
       - command:
-        - /manager
+        - kluctl
+        - controller
         args:
         - --leader-elect
         image: controller:latest
+        imagePullPolicy: IfNotPresent
         name: manager
         securityContext:
           allowPrivilegeEscalation: false

From 01370abdfd5b0b0cd9aef6db8f346a84b8667643 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 May 2023 17:19:12 +0200
Subject: [PATCH 0997/2268] feat: Add full target object to result summary

---
 pkg/results/result-store-secrets.go |  6 +++---
 pkg/results/result-store.go         |  4 ++--
 pkg/types/result/summary.go         | 29 ++++++++++++++++-------------
 3 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index f918e5b2e..82713e27f 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -229,7 +229,7 @@ func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target re
 	for _, rs := range results {
 		rs := rs
 
-		if rs.Target != target {
+		if rs.TargetKey != target {
 			continue
 		}
 		cnt++
@@ -302,10 +302,10 @@ func (s *ResultStoreSecrets) parseSummary(obj client.Object) (*result.CommandRes
 
 func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary, project *result.ProjectKey) bool {
 	if project != nil {
-		if project.NormalizedGitUrl != "" && summary.Project.NormalizedGitUrl != project.NormalizedGitUrl {
+		if project.NormalizedGitUrl != "" && summary.ProjectKey.NormalizedGitUrl != project.NormalizedGitUrl {
 			return false
 		}
-		if project.SubDir != "" && summary.Project.SubDir != project.SubDir {
+		if project.SubDir != "" && summary.ProjectKey.SubDir != project.SubDir {
 			return false
 		}
 	}
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 46d002d5d..baa5e7313 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -35,10 +35,10 @@ func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bo
 	if filter == nil {
 		return true
 	}
-	if x.Project.NormalizedGitUrl != filter.NormalizedGitUrl {
+	if x.ProjectKey.NormalizedGitUrl != filter.NormalizedGitUrl {
 		return false
 	}
-	if x.Project.SubDir != filter.SubDir {
+	if x.ProjectKey.SubDir != filter.SubDir {
 		return false
 	}
 	return true
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 5cf639762..85327294a 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -1,16 +1,18 @@
 package result
 
 import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"sort"
 )
 
 type CommandResultSummary struct {
-	Id          string      `json:"id"`
-	Project     ProjectKey  `json:"project"`
-	Target      TargetKey   `json:"target"`
-	Command     CommandInfo `json:"commandInfo"`
-	GitInfo     GitInfo     `json:"gitInfo,omitempty"`
-	ClusterInfo ClusterInfo `json:"clusterInfo,omitempty"`
+	Id          string       `json:"id"`
+	ProjectKey  ProjectKey   `json:"projectKey"`
+	TargetKey   TargetKey    `json:"targetKey"`
+	Target      types.Target `json:"target"`
+	Command     CommandInfo  `json:"commandInfo"`
+	GitInfo     GitInfo      `json:"gitInfo,omitempty"`
+	ClusterInfo ClusterInfo  `json:"clusterInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`
@@ -57,8 +59,9 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 
 	ret := &CommandResultSummary{
 		Id:                 cr.Id,
-		Project:            cr.ProjectKey,
-		Target:             cr.TargetKey,
+		ProjectKey:         cr.ProjectKey,
+		TargetKey:          cr.TargetKey,
+		Target:             cr.Target,
 		Command:            cr.Command,
 		GitInfo:            cr.GitInfo,
 		ClusterInfo:        cr.ClusterInfo,
@@ -82,22 +85,22 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 func BuildProjectSummaries(summaries []CommandResultSummary) []*ProjectSummary {
 	m := map[ProjectKey]*ProjectSummary{}
 	for _, rs := range summaries {
-		p, ok := m[rs.Project]
+		p, ok := m[rs.ProjectKey]
 		if !ok {
-			p = &ProjectSummary{Project: rs.Project}
-			m[rs.Project] = p
+			p = &ProjectSummary{Project: rs.ProjectKey}
+			m[rs.ProjectKey] = p
 		}
 
 		var target *TargetSummary
 		for i, t := range p.Targets {
-			if t.Target == rs.Target {
+			if t.Target == rs.TargetKey {
 				target = p.Targets[i]
 				break
 			}
 		}
 		if target == nil {
 			target = &TargetSummary{
-				Target: rs.Target,
+				Target: rs.TargetKey,
 			}
 			p.Targets = append(p.Targets, target)
 		}

From 6e1a948d1eb7e06893afab573c68912afa7f2bcb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 12:44:17 +0200
Subject: [PATCH 0998/2268] feat: Let the controller write command results

---
 cmd/kluctl/commands/cmd_controller.go                |  2 +-
 pkg/controllers/kluctl_project.go                    |  7 ++++++-
 pkg/controllers/kluctldeployment_controller.go       |  3 +++
 pkg/controllers/kluctldeployment_controller_setup.go | 10 +++++++++-
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index 655a5071d..3e3f9df86 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -112,7 +112,7 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 		SshPool:               sshPool,
 	}
 
-	if err = r.SetupWithManager(mgr, controllers.KluctlDeploymentReconcilerOpts{
+	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
 		HTTPRetry: 9,
 	}); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", kluctlv1.KluctlDeploymentKind)
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 41396bd18..3eee59d44 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -649,6 +649,12 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
 	cmdResult.ProjectKey.NormalizedGitUrl = pt.pp.obj.Spec.Source.URL.NormalizedRepoKey()
 
+	log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
+	err := pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
+	if err != nil {
+		log.Error(err, "Writing command result failed")
+	}
+
 	summary := cmdResult.BuildSummary()
 
 	log.Info(fmt.Sprintf("command finished with err=%v", cmdErr))
@@ -682,7 +688,6 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	}
 
 	warning := false
-	var err error
 	if len(cmdResult.Errors) != 0 {
 		warning = true
 		err = fmt.Errorf("%s failed with %d errors", commandName, len(cmdResult.Errors))
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 69670165a..cb4cfa953 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -8,6 +8,7 @@ import (
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
@@ -39,6 +40,8 @@ type KluctlDeploymentReconciler struct {
 	DryRun                bool
 
 	SshPool *ssh_pool.SshPool
+
+	ResultStore results.ResultStore
 }
 
 // KluctlDeploymentReconcilerOpts contains options for the BaseReconciler.
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index cb6af53f7..61f66cba1 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -1,8 +1,10 @@
 package controllers
 
 import (
+	"context"
 	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
@@ -10,7 +12,7 @@ import (
 )
 
 // SetupWithManager sets up the controller with the Manager.
-func (r *KluctlDeploymentReconciler) SetupWithManager(mgr ctrl.Manager, opts KluctlDeploymentReconcilerOpts) error {
+func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, opts KluctlDeploymentReconcilerOpts) error {
 	// Configure the retryable http client used for fetching artifacts.
 	// By default it retries 10 times within a 3.5 minutes window.
 	httpClient := retryablehttp.NewClient()
@@ -20,6 +22,12 @@ func (r *KluctlDeploymentReconciler) SetupWithManager(mgr ctrl.Manager, opts Klu
 	httpClient.Logger = nil
 	r.httpClient = httpClient
 
+	resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetConfig(), "kluctl-results", 10)
+	if err != nil {
+		return err
+	}
+	r.ResultStore = resultStore
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&kluctlv1.KluctlDeployment{}, builder.WithPredicates(
 			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}, DeployRequestedPredicate{}),

From 322350b80a3c73632a0720a765e5b113789f8f22 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 12:45:45 +0200
Subject: [PATCH 0999/2268] fix: Make summary sorting more stable

---
 pkg/results/result-store-secrets.go |  2 +-
 pkg/results/result-store.go         | 10 ++++++++++
 pkg/results/results-collector.go    |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 82713e27f..038133321 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -276,7 +276,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
-		return ret[i].Command.StartTime.After(ret[j].Command.StartTime.Time)
+		return lessSummary(&ret[i], &ret[j])
 	})
 
 	return ret, nil
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index baa5e7313..fae620b41 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -43,3 +43,13 @@ func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bo
 	}
 	return true
 }
+
+func lessSummary(a *result.CommandResultSummary, b *result.CommandResultSummary) bool {
+	if a.Command.StartTime != b.Command.StartTime {
+		return a.Command.StartTime.After(b.Command.StartTime.Time)
+	}
+	if a.Command.EndTime != b.Command.EndTime {
+		return a.Command.EndTime.After(b.Command.EndTime.Time)
+	}
+	return a.Command.Command < b.Command.Command
+}
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 5ae9cbd4a..053cbbe37 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -111,7 +111,7 @@ func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResult
 		summaries = append(summaries, *x.summary)
 	}
 	sort.Slice(summaries, func(i, j int) bool {
-		return summaries[i].Command.StartTime.After(summaries[j].Command.StartTime.Time)
+		return lessSummary(&summaries[i], &summaries[j])
 	})
 	return summaries, nil
 }

From c5ea94913f77b9e1e366ee5ad86e92a25d043ca9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 12:46:06 +0200
Subject: [PATCH 1000/2268] feat: Add start/stop time to validation results

---
 pkg/deployment/commands/validate.go |  8 ++++++--
 pkg/types/result/command_result.go  | 12 +++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 1a1fee162..deb477af1 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type ValidateCommand struct {
@@ -35,8 +36,9 @@ func NewValidateCommand(ctx context.Context, discriminator string, c *deployment
 
 func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.ValidateResult, error) {
 	ret := result.ValidateResult{
-		Id:    uuid.New().String(),
-		Ready: true,
+		Id:        uuid.New().String(),
+		StartTime: metav1.Now(),
+		Ready:     true,
 	}
 
 	cmd.dew.Init()
@@ -119,6 +121,8 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 		ret.Drift = du.ChangedObjects
 	}
 
+	ret.EndTime = metav1.Now()
+
 	return &ret, nil
 }
 
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 3f8a948ac..ec899dbcf 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -186,11 +186,13 @@ type ValidateResultEntry struct {
 }
 
 type ValidateResult struct {
-	Id       string                `json:"id"`
-	Ready    bool                  `json:"ready"`
-	Warnings []DeploymentError     `json:"warnings,omitempty"`
-	Errors   []DeploymentError     `json:"errors,omitempty"`
-	Results  []ValidateResultEntry `json:"results,omitempty"`
+	Id        string                `json:"id"`
+	StartTime metav1.Time           `json:"startTime"`
+	EndTime   metav1.Time           `json:"endTime"`
+	Ready     bool                  `json:"ready"`
+	Warnings  []DeploymentError     `json:"warnings,omitempty"`
+	Errors    []DeploymentError     `json:"errors,omitempty"`
+	Results   []ValidateResultEntry `json:"results,omitempty"`
 
 	Drift []ChangedObject `json:"drift,omitempty"`
 }

From a3f4d2c7ea1bbaa64c7fcacbff4bff8a342e1b34 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 12:46:48 +0200
Subject: [PATCH 1001/2268] refactor: Rename NormalizedGitUrl -> GitRepoKey

---
 pkg/controllers/kluctl_project.go              |  2 +-
 pkg/controllers/kluctldeployment_controller.go |  4 ++--
 pkg/deployment/commands/result_utils.go        |  2 +-
 pkg/results/result-store-secrets.go            | 10 +++++-----
 pkg/results/result-store.go                    |  2 +-
 pkg/types/result/command_result.go             |  8 ++++----
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 3eee59d44..2317adce4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -647,7 +647,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
-	cmdResult.ProjectKey.NormalizedGitUrl = pt.pp.obj.Spec.Source.URL.NormalizedRepoKey()
+	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.NormalizedRepoKey()
 
 	log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
 	err := pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index cb4cfa953..7f432a097 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -183,8 +183,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	err = pt.withKluctlProjectTarget(ctx, func(targetContext *kluctl_project.TargetContext) error {
 		obj.Status.ProjectKey = &result.ProjectKey{
-			NormalizedGitUrl: obj.Spec.Source.URL.NormalizedRepoKey(),
-			SubDir:           path.Clean(obj.Spec.Source.Path),
+			GitRepoKey: obj.Spec.Source.URL.NormalizedRepoKey(),
+			SubDir:     path.Clean(obj.Spec.Source.Path),
 		}
 		obj.Status.TargetKey = &result.TargetKey{
 			TargetName:    targetContext.Target.Name,
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 43c26f685..ee128c9cd 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -135,7 +135,7 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		Commit: head.Hash().String(),
 		Dirty:  !s.IsClean(),
 	}
-	r.ProjectKey.NormalizedGitUrl = normaliedUrl
+	r.ProjectKey.GitRepoKey = normaliedUrl
 	r.ProjectKey.SubDir = subDir
 	return nil
 }
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 038133321..8425d11bd 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -99,8 +99,8 @@ var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
 	var name string
 
-	if cr.ProjectKey.NormalizedGitUrl != "" {
-		s := path.Base(cr.ProjectKey.NormalizedGitUrl)
+	if cr.ProjectKey.GitRepoKey != "" {
+		s := path.Base(cr.ProjectKey.GitRepoKey)
 		if s != "" {
 			name = s + "-"
 		}
@@ -197,8 +197,8 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			"compactedObjects": compressedObjects,
 		},
 	}
-	if cr.ProjectKey.NormalizedGitUrl != "" {
-		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.ProjectKey.NormalizedGitUrl
+	if cr.ProjectKey.GitRepoKey != "" {
+		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.ProjectKey.GitRepoKey
 	}
 	if cr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
@@ -302,7 +302,7 @@ func (s *ResultStoreSecrets) parseSummary(obj client.Object) (*result.CommandRes
 
 func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary, project *result.ProjectKey) bool {
 	if project != nil {
-		if project.NormalizedGitUrl != "" && summary.ProjectKey.NormalizedGitUrl != project.NormalizedGitUrl {
+		if project.GitRepoKey != "" && summary.ProjectKey.GitRepoKey != project.GitRepoKey {
 			return false
 		}
 		if project.SubDir != "" && summary.ProjectKey.SubDir != project.SubDir {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index fae620b41..ad01a76cd 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -35,7 +35,7 @@ func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bo
 	if filter == nil {
 		return true
 	}
-	if x.ProjectKey.NormalizedGitUrl != filter.NormalizedGitUrl {
+	if x.ProjectKey.GitRepoKey != filter.GitRepoKey {
 		return false
 	}
 	if x.ProjectKey.SubDir != filter.SubDir {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index ec899dbcf..e8b8bef4d 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -41,13 +41,13 @@ const (
 )
 
 type ProjectKey struct {
-	NormalizedGitUrl string `json:"normalizedGitUrl,omitempty"`
-	SubDir           string `json:"subDir,omitempty"`
+	GitRepoKey string `json:"gitRepoKey,omitempty"`
+	SubDir     string `json:"subDir,omitempty"`
 }
 
 func (k ProjectKey) Less(o ProjectKey) bool {
-	if k.NormalizedGitUrl != o.NormalizedGitUrl {
-		return k.NormalizedGitUrl < o.NormalizedGitUrl
+	if k.GitRepoKey != o.GitRepoKey {
+		return k.GitRepoKey < o.GitRepoKey
 	}
 	if k.SubDir != o.SubDir {
 		return k.SubDir < o.SubDir

From cfdf3a69edc28eec84bf2daefb3f4e82e054567b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 17:07:04 +0200
Subject: [PATCH 1002/2268] refactor: Introduce dedicated GitRepoKey struct

---
 cmd/kluctl/commands/utils.go                  |  3 +-
 e2e/git_include_test.go                       |  6 +-
 pkg/controllers/kluctl_project.go             |  2 +-
 .../kluctldeployment_controller.go            |  2 +-
 pkg/deployment/commands/result_utils.go       |  6 +-
 pkg/repocache/cache.go                        | 17 +++---
 pkg/results/result-store-secrets.go           | 10 +--
 pkg/types/git_url.go                          | 61 +++++++++++++++----
 pkg/types/result/command_result.go            |  6 +-
 9 files changed, 76 insertions(+), 37 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index cd2e6a923..83c566afd 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -264,8 +264,7 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		}
 	}
 
-	u = u.Normalize()
-	ret.RepoUrl = *u
+	ret.RepoKey = u.RepoKey()
 	ret.Override = sp[1]
 	return
 }
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 5330ff33f..61ab9c593 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -90,8 +90,8 @@ func TestLocalGitOverride(t *testing.T) {
 
 	u1, _ := types.ParseGitUrl(ip1.GitUrl())
 	u2, _ := types.ParseGitUrl(ip2.GitUrl())
-	k1 := u1.NormalizedRepoKey()
-	k2 := u2.NormalizedRepoKey()
+	k1 := u1.RepoKey().String()
+	k2 := u2.RepoKey().String()
 
 	p.KluctlMust("deploy", "--yes", "-t", "test",
 		"--local-git-override", fmt.Sprintf("%s=%s", k1, override1),
@@ -130,7 +130,7 @@ func TestLocalGitGroupOverride(t *testing.T) {
 	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
 
 	u1, _ := types.ParseGitUrl(p.GitServer().GitUrl() + "/repos")
-	k1 := u1.NormalizedRepoKey()
+	k1 := u1.RepoKey().String()
 
 	p.KluctlMust("deploy", "--yes", "-t", "test",
 		"--local-git-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 2317adce4..840b7b048 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -647,7 +647,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
-	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.NormalizedRepoKey()
+	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.RepoKey()
 
 	log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
 	err := pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 7f432a097..4bf07cefa 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -183,7 +183,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	err = pt.withKluctlProjectTarget(ctx, func(targetContext *kluctl_project.TargetContext) error {
 		obj.Status.ProjectKey = &result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.URL.NormalizedRepoKey(),
+			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
 			SubDir:     path.Clean(obj.Spec.Source.Path),
 		}
 		obj.Status.TargetKey = &result.TargetKey{
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index ee128c9cd..4b987d949 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -123,9 +123,9 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		}
 	}
 
-	var normaliedUrl string
+	var repoKey types.GitRepoKey
 	if originUrl != nil {
-		normaliedUrl = originUrl.NormalizedRepoKey()
+		repoKey = originUrl.RepoKey()
 	}
 
 	r.GitInfo = result.GitInfo{
@@ -135,7 +135,7 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		Commit: head.Hash().String(),
 		Dirty:  !s.IsClean(),
 	}
-	r.ProjectKey.GitRepoKey = normaliedUrl
+	r.ProjectKey.GitRepoKey = repoKey
 	r.ProjectKey.SubDir = subDir
 	return nil
 }
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index a31d37938..782c8a4b0 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -25,7 +25,7 @@ type GitRepoCache struct {
 	sshPool        *ssh_pool.SshPool
 	updateInterval time.Duration
 
-	repos      map[string]*CacheEntry
+	repos      map[types.GitRepoKey]*CacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides []RepoOverride
@@ -53,7 +53,7 @@ type RepoInfo struct {
 }
 
 type RepoOverride struct {
-	RepoUrl  types.GitUrl
+	RepoKey  types.GitRepoKey
 	Ref      string
 	Override string
 	IsGroup  bool
@@ -70,7 +70,7 @@ func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProvide
 		sshPool:        sshPool,
 		authProviders:  authProviders,
 		updateInterval: updateInterval,
-		repos:          map[string]*CacheEntry{},
+		repos:          map[types.GitRepoKey]*CacheEntry{},
 		repoOverrides:  repoOverrides,
 	}
 }
@@ -90,23 +90,24 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 	defer rp.reposMutex.Unlock()
 
 	urlN := url.Normalize()
-	repoKey := url.NormalizedRepoKey()
+	repoKey := url.RepoKey()
 
 	// evaluate overrides
 	for _, ro := range rp.repoOverrides {
-		if ro.RepoUrl.Host != urlN.Host {
+		if ro.RepoKey.Host != urlN.Host {
 			continue
 		}
 
 		var overridePath string
 		if ro.IsGroup {
-			if !strings.HasPrefix(urlN.Path, ro.RepoUrl.Path+"/") {
+			prefix := "/" + ro.RepoKey.Path + "/"
+			if !strings.HasPrefix(urlN.Path, prefix) {
 				continue
 			}
-			relPath := strings.TrimPrefix(urlN.Path, ro.RepoUrl.Path+"/")
+			relPath := strings.TrimPrefix(urlN.Path, prefix)
 			overridePath = path.Join(ro.Override, relPath)
 		} else {
-			if ro.RepoUrl.Path != urlN.Path {
+			if "/"+ro.RepoKey.Path != urlN.Path {
 				continue
 			}
 			overridePath = ro.Override
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 8425d11bd..7c09464d8 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -99,8 +99,8 @@ var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
 	var name string
 
-	if cr.ProjectKey.GitRepoKey != "" {
-		s := path.Base(cr.ProjectKey.GitRepoKey)
+	if cr.ProjectKey.GitRepoKey.Path != "" {
+		s := path.Base(cr.ProjectKey.GitRepoKey.Path)
 		if s != "" {
 			name = s + "-"
 		}
@@ -197,8 +197,8 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			"compactedObjects": compressedObjects,
 		},
 	}
-	if cr.ProjectKey.GitRepoKey != "" {
-		secret.Annotations["kluctl.io/result-project-normalized-url"] = cr.ProjectKey.GitRepoKey
+	if cr.ProjectKey.GitRepoKey.String() != "" {
+		secret.Annotations["kluctl.io/result-project-repo-key"] = cr.ProjectKey.GitRepoKey.String()
 	}
 	if cr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
@@ -302,7 +302,7 @@ func (s *ResultStoreSecrets) parseSummary(obj client.Object) (*result.CommandRes
 
 func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary, project *result.ProjectKey) bool {
 	if project != nil {
-		if project.GitRepoKey != "" && summary.ProjectKey.GitRepoKey != project.GitRepoKey {
+		if project.GitRepoKey.String() != "" && summary.ProjectKey.GitRepoKey != project.GitRepoKey {
 			return false
 		}
 		if project.SubDir != "" && summary.ProjectKey.SubDir != project.SubDir {
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 44db3e65c..c88947750 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -94,12 +94,9 @@ func (u *GitUrl) NormalizePort() string {
 
 func (u *GitUrl) Normalize() *GitUrl {
 	path := strings.ToLower(u.Path)
-	if strings.HasSuffix(path, ".git") {
-		path = path[:len(path)-len(".git")]
-	}
-	if strings.HasSuffix(path, "/") {
-		path = path[:len(path)-1]
-	}
+	path = strings.TrimSuffix(path, ".git")
+	path = strings.TrimSuffix(path, "/")
+
 	hostname := strings.ToLower(u.Hostname())
 	port := u.NormalizePort()
 
@@ -112,11 +109,53 @@ func (u *GitUrl) Normalize() *GitUrl {
 	return &u2
 }
 
-func (u *GitUrl) NormalizedRepoKey() string {
+func (u *GitUrl) RepoKey() GitRepoKey {
 	u2 := u.Normalize()
-	username := ""
-	if u.User != nil && u.User.Username() != "" {
-		username = u.User.Username() + "@"
+	path := strings.TrimPrefix(u2.Path, "/")
+	return GitRepoKey{
+		Host: u2.Host,
+		Path: path,
 	}
-	return fmt.Sprintf("%s%s:%s%s", username, u2.Hostname(), u2.Port(), u2.Path)
+}
+
+// +kubebuilder:validation:Type=string
+type GitRepoKey struct {
+	Host string `json:"-"`
+	Path string `json:"-"`
+}
+
+func (u GitRepoKey) String() string {
+	if u.Host == "" && u.Path == "" {
+		return ""
+	}
+	return fmt.Sprintf("%s/%s", u.Host, u.Path)
+}
+
+func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+	if s == "" {
+		u.Host = ""
+		u.Path = ""
+		return nil
+	}
+	s2 := strings.SplitN(s, "/", 2)
+	if len(s2) != 2 {
+		return fmt.Errorf("invalid git repo key: %s", s)
+	}
+	u.Host = s2[0]
+	u.Path = s2[1]
+	return nil
+}
+
+func (u GitRepoKey) MarshalJSON() ([]byte, error) {
+	b, err := json.Marshal(u.String())
+	if err != nil {
+		return nil, err
+	}
+
+	return b, err
 }
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index e8b8bef4d..7bc46c032 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -41,13 +41,13 @@ const (
 )
 
 type ProjectKey struct {
-	GitRepoKey string `json:"gitRepoKey,omitempty"`
-	SubDir     string `json:"subDir,omitempty"`
+	GitRepoKey types.GitRepoKey `json:"gitRepoKey,omitempty"`
+	SubDir     string           `json:"subDir,omitempty"`
 }
 
 func (k ProjectKey) Less(o ProjectKey) bool {
 	if k.GitRepoKey != o.GitRepoKey {
-		return k.GitRepoKey < o.GitRepoKey
+		return k.GitRepoKey.String() < o.GitRepoKey.String()
 	}
 	if k.SubDir != o.SubDir {
 		return k.SubDir < o.SubDir

From 25622069dfc87ef0ca3c215494c38be13838b0f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 17:07:17 +0200
Subject: [PATCH 1003/2268] fix: Don't accept local Git urls in ParseGitUrl

---
 pkg/git/auth/git_credentials_file.go |  3 +--
 pkg/types/git_url.go                 | 13 +++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index 58fff60c3..ca89766a8 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/kluctl/kluctl/v2/pkg/git/giturls"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
@@ -66,7 +65,7 @@ func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl types.GitUrl, gitCr
 		if s.Text() == "" || s.Text()[0] == '#' {
 			continue
 		}
-		u, err := giturls.Parse(s.Text())
+		u, err := types.ParseGitUrl(s.Text())
 		if err != nil {
 			continue
 		}
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index c88947750..68dbc5ff1 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -14,11 +14,16 @@ type GitUrl struct {
 }
 
 func ParseGitUrl(u string) (*GitUrl, error) {
-	u2, err := giturls.Parse(u)
-	if err != nil {
-		return nil, err
+	// we explicitly only test ParseTransport and ParseScp to avoid parsing local Git urls (as done by giturls.Parse)
+	u2, err := giturls.ParseTransport(u)
+	if err == nil {
+		return &GitUrl{*u2}, nil
+	}
+	u2, err = giturls.ParseScp(u)
+	if err == nil {
+		return &GitUrl{*u2}, nil
 	}
-	return &GitUrl{*u2}, nil
+	return nil, fmt.Errorf("failed to parse git url: %s", u)
 }
 
 func ParseGitUrlMust(u string) *GitUrl {

From 424cc67544e3f2f53bad729447e8282547910dd0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 17 May 2023 17:08:25 +0200
Subject: [PATCH 1004/2268] chore: Run make generate manifest

---
 .../gitops.kluctl.io_kluctldeployments.yaml   | 160 +++++++++++++++++-
 pkg/types/result/zz_generated.deepcopy.go     |   8 +-
 pkg/types/zz_generated.deepcopy.go            |  15 ++
 3 files changed, 174 insertions(+), 9 deletions(-)

diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 4abd9c5ce..100a3e89a 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -600,9 +600,9 @@ spec:
                     type: integer
                   orphanObjects:
                     type: integer
-                  project:
+                  projectKey:
                     properties:
-                      normalizedGitUrl:
+                      gitRepoKey:
                         type: string
                       subDir:
                         type: string
@@ -612,6 +612,74 @@ spec:
                   renderedObjects:
                     type: integer
                   target:
+                    properties:
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      context:
+                        type: string
+                      discriminator:
+                        type: string
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      sealingConfig:
+                        properties:
+                          args:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          certFile:
+                            type: string
+                          secretSets:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  targetKey:
                     properties:
                       clusterId:
                         type: string
@@ -636,10 +704,11 @@ spec:
                 - id
                 - newObjects
                 - orphanObjects
-                - project
+                - projectKey
                 - remoteObjects
                 - renderedObjects
                 - target
+                - targetKey
                 - totalChanges
                 - warnings
                 type: object
@@ -807,9 +876,9 @@ spec:
                     type: integer
                   orphanObjects:
                     type: integer
-                  project:
+                  projectKey:
                     properties:
-                      normalizedGitUrl:
+                      gitRepoKey:
                         type: string
                       subDir:
                         type: string
@@ -819,6 +888,74 @@ spec:
                   renderedObjects:
                     type: integer
                   target:
+                    properties:
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      context:
+                        type: string
+                      discriminator:
+                        type: string
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      sealingConfig:
+                        properties:
+                          args:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          certFile:
+                            type: string
+                          secretSets:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  targetKey:
                     properties:
                       clusterId:
                         type: string
@@ -843,10 +980,11 @@ spec:
                 - id
                 - newObjects
                 - orphanObjects
-                - project
+                - projectKey
                 - remoteObjects
                 - renderedObjects
                 - target
+                - targetKey
                 - totalChanges
                 - warnings
                 type: object
@@ -895,6 +1033,9 @@ spec:
                       - ref
                       type: object
                     type: array
+                  endTime:
+                    format: date-time
+                    type: string
                   errors:
                     items:
                       properties:
@@ -954,6 +1095,9 @@ spec:
                       - ref
                       type: object
                     type: array
+                  startTime:
+                    format: date-time
+                    type: string
                   warnings:
                     items:
                       properties:
@@ -981,8 +1125,10 @@ spec:
                       type: object
                     type: array
                 required:
+                - endTime
                 - id
                 - ready
+                - startTime
                 type: object
               observedGeneration:
                 description: ObservedGeneration is the last reconciled generation.
@@ -990,7 +1136,7 @@ spec:
                 type: integer
               projectKey:
                 properties:
-                  normalizedGitUrl:
+                  gitRepoKey:
                     type: string
                   subDir:
                     type: string
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index c7c90926a..40ade0029 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -218,8 +218,9 @@ func (in *CommandResult) DeepCopy() *CommandResult {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CommandResultSummary) DeepCopyInto(out *CommandResultSummary) {
 	*out = *in
-	out.Project = in.Project
-	out.Target = in.Target
+	out.ProjectKey = in.ProjectKey
+	out.TargetKey = in.TargetKey
+	in.Target.DeepCopyInto(&out.Target)
 	in.Command.DeepCopyInto(&out.Command)
 	in.GitInfo.DeepCopyInto(&out.GitInfo)
 	out.ClusterInfo = in.ClusterInfo
@@ -348,6 +349,7 @@ func (in *KluctlDeploymentInfo) DeepCopy() *KluctlDeploymentInfo {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
 	*out = *in
+	out.GitRepoKey = in.GitRepoKey
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
@@ -461,6 +463,8 @@ func (in *TargetSummary) DeepCopy() *TargetSummary {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
 	*out = *in
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	in.EndTime.DeepCopyInto(&out.EndTime)
 	if in.Warnings != nil {
 		in, out := &in.Warnings, &out.Warnings
 		*out = make([]DeploymentError, len(*in))
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index ec75fae41..59a658fca 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -329,6 +329,21 @@ func (in *GitProject) DeepCopy() *GitProject {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitRepoKey) DeepCopyInto(out *GitRepoKey) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepoKey.
+func (in *GitRepoKey) DeepCopy() *GitRepoKey {
+	if in == nil {
+		return nil
+	}
+	out := new(GitRepoKey)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitUrl.
 func (in *GitUrl) DeepCopy() *GitUrl {
 	if in == nil {

From 7c0f3bfc397f5d8972fc6e50daf8b6497d13706f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 May 2023 08:27:32 +0200
Subject: [PATCH 1005/2268] ci: Fix Github tests workflow

---
 .github/workflows/tests.yml |  5 -----
 Makefile                    | 11 +++++++++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index b4d09f840..851719d81 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -80,11 +80,6 @@ jobs:
         shell: bash
         run: |
           make test-unit
-      - name: setup-envtest
-        if: matrix.run_on_pull_requests || github.event_name != 'pull_request'
-        shell: bash
-        run: |
-          make install-envtest
       - name: Run e2e tests
         if: matrix.run_on_pull_requests || github.event_name != 'pull_request'
         shell: bash
diff --git a/Makefile b/Makefile
index d640b9f2b..c30be6440 100644
--- a/Makefile
+++ b/Makefile
@@ -70,8 +70,15 @@ vet: ## Run go vet against code.
 	go vet ./...
 
 .PHONY: test
-test: manifests generate fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(RACE) ./... -coverprofile cover.out
+test: test-unit test-e2e fmt vet ## Run all tests.
+
+.PHONY: test-unit
+test-unit: generate ## Run unit tests.
+	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out
+
+.PHONY: test-e2e
+test-e2e: manifests generate envtest ## Run e2e tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(RACE) ./e2e -coverprofile cover.out
 
 replace-commands-help: ## Replace commands help in docs
 	go run ./internal/replace-commands-help --docs-dir ./docs/reference/commands

From a19fc52e2765d4b517bf1a3ca118e78f8dd1443f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 May 2023 22:20:25 +0200
Subject: [PATCH 1006/2268] fix: Url normalizing should also normalize leading
 /

---
 pkg/types/git_url.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 68dbc5ff1..4c649bb04 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -105,6 +105,10 @@ func (u *GitUrl) Normalize() *GitUrl {
 	hostname := strings.ToLower(u.Hostname())
 	port := u.NormalizePort()
 
+	if path != "" && hostname != "" && !strings.HasPrefix(path, "/") {
+		path = "/" + path
+	}
+
 	u2 := *u
 	u2.Path = path
 	u2.Host = hostname

From e224bd610b2bce5d00000cc9e8e5fb035fd449c8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 May 2023 22:21:34 +0200
Subject: [PATCH 1007/2268] tests: Fix EnvTestCluster race condition

---
 e2e/test-utils/envtest_cluster.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index 158b79e65..c6e6d9fd6 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -6,7 +6,9 @@ import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
@@ -47,6 +49,9 @@ type EnvTestCluster struct {
 func CreateEnvTestCluster(context string) *EnvTestCluster {
 	k := &EnvTestCluster{
 		Context: context,
+		env: envtest.Environment{
+			Scheme: runtime.NewScheme(),
+		},
 	}
 	return k
 }
@@ -61,6 +66,7 @@ func (k *EnvTestCluster) Start() error {
 	k.started = true
 
 	_ = kluctlv1.AddToScheme(k.env.Scheme)
+	_ = corev1.AddToScheme(k.env.Scheme)
 
 	err = k.startCallbackServer()
 	if err != nil {
@@ -99,6 +105,7 @@ func (k *EnvTestCluster) Start() error {
 
 	c, err := client.New(k.config, client.Options{
 		HTTPClient: httpClient,
+		Scheme:     k.env.Scheme,
 	})
 	k.Client = c
 

From 99fbf56ce97d3c6668ecdf14d116d2edc0861df5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 May 2023 22:57:01 +0200
Subject: [PATCH 1008/2268] ci: Don't run generate for unit tests

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index c30be6440..a2bbf37e2 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,7 @@ vet: ## Run go vet against code.
 test: test-unit test-e2e fmt vet ## Run all tests.
 
 .PHONY: test-unit
-test-unit: generate ## Run unit tests.
+test-unit: ## Run unit tests.
 	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out
 
 .PHONY: test-e2e

From e3359a935cb9703f57bd46b3266b50173695c4e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 00:02:06 +0200
Subject: [PATCH 1009/2268] tests: Skip TestServer_EncryptDecrypt_PGP on
 windows

---
 pkg/controllers/internal/sops/keyservice/server_test.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/controllers/internal/sops/keyservice/server_test.go b/pkg/controllers/internal/sops/keyservice/server_test.go
index d7e0b7b33..ea34cecaf 100644
--- a/pkg/controllers/internal/sops/keyservice/server_test.go
+++ b/pkg/controllers/internal/sops/keyservice/server_test.go
@@ -15,6 +15,7 @@ import (
 	"go.mozilla.org/sops/v3/kms"
 	"go.mozilla.org/sops/v3/pgp"
 	"os"
+	"runtime"
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
@@ -25,6 +26,11 @@ import (
 )
 
 func TestServer_EncryptDecrypt_PGP(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// skipping due to error: cannot import armored key data into GnuPG keyring: GNUPGHOME has invalid permissions: got 0777 wanted 0700
+		return
+	}
+
 	const (
 		mockPublicKey   = "testdata/public.gpg"
 		mockPrivateKey  = "testdata/private.gpg"

From 27f4beb3ebe49f6df5d85423944b909d00d1f43d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 08:12:50 +0200
Subject: [PATCH 1010/2268] refactor: Pass initialized client/cache instead of
 RESTConfig to ResultStoreSecrets

---
 cmd/kluctl/commands/utils.go                  | 19 ++++-
 .../kluctldeployment_controller_setup.go      |  2 +-
 pkg/results/result-store-secrets.go           | 72 +++++++------------
 3 files changed, 46 insertions(+), 47 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 83c566afd..0bcb6bcbf 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -21,6 +21,8 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
+	cache2 "sigs.k8s.io/controller-runtime/pkg/cache"
+	client2 "sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 )
 
@@ -203,7 +205,22 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		if err != nil {
 			return err
 		}
-		resultStore, err = results.NewResultStoreSecrets(ctx, rc, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
+		client, err := client2.New(rc, client2.Options{})
+		if err != nil {
+			return err
+		}
+		cache, err := cache2.New(rc, cache2.Options{})
+		if err != nil {
+			return err
+		}
+
+		cancelCtx, cancelFunc := context.WithCancel(ctx)
+		defer cancelFunc()
+		go func() {
+			_ = cache.Start(cancelCtx)
+		}()
+
+		resultStore, err = results.NewResultStoreSecrets(cancelCtx, client, cache, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index 61f66cba1..0f8fe2e73 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -22,7 +22,7 @@ func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr c
 	httpClient.Logger = nil
 	r.httpClient = httpClient
 
-	resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetConfig(), "kluctl-results", 10)
+	resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), "kluctl-results", 10)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 7c09464d8..88527503c 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -11,9 +11,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/rest"
 	toolscache "k8s.io/client-go/tools/cache"
 	"path"
 	"regexp"
@@ -25,70 +23,54 @@ import (
 )
 
 type ResultStoreSecrets struct {
-	ctx context.Context
+	ctx    context.Context
+	client client.Client
+	cache  cache.Cache
+	reader client.Reader
 
-	config           *rest.Config
 	writeNamespace   string
 	keepResultsCount int
 
-	mutex       sync.Mutex
-	client      client.Client
-	cache       cache.Cache
-	informer    cache.Informer
-	cancelCache context.CancelFunc
+	mutex    sync.Mutex
+	informer cache.Informer
 }
 
-func NewResultStoreSecrets(ctx context.Context, config *rest.Config, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, client client.Client, cache cache.Cache, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
 	s := &ResultStoreSecrets{
 		ctx:              ctx,
-		config:           config,
+		client:           client,
+		cache:            cache,
 		writeNamespace:   writeNamespace,
 		keepResultsCount: keepResultsCount,
 	}
+	if cache != nil {
+		s.reader = cache
+	} else {
+		s.reader = client
+	}
 	return s, nil
 }
 
-func (s *ResultStoreSecrets) ensureClientAndCache() error {
+func (s *ResultStoreSecrets) ensureInformer() error {
 	s.mutex.Lock()
 	defer s.mutex.Unlock()
 
-	if s.client != nil {
+	if s.informer != nil {
 		return nil
 	}
-
-	c, err := client.New(s.config, client.Options{})
-	if err != nil {
-		return err
+	if s.cache == nil {
+		return nil
 	}
 
-	labelSelector, _ := labels.Parse("kluctl.io/result-id")
-
 	var partialSecret metav1.PartialObjectMetadata
 	partialSecret.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "Secret"})
 
-	ca, err := cache.New(s.config, cache.Options{
-		DefaultLabelSelector: labelSelector,
-	})
-	if err != nil {
-		return err
-	}
-
-	informer, err := ca.GetInformer(s.ctx, &partialSecret)
+	informer, err := s.cache.GetInformer(s.ctx, &partialSecret)
 	if err != nil {
 		return err
 	}
 
-	s.client = c
-	s.cache = ca
 	s.informer = informer
-
-	newCtx, cancel := context.WithCancel(s.ctx)
-	s.cancelCache = cancel
-
-	go func() {
-		_ = ca.Start(newCtx)
-	}()
-
 	s.cache.WaitForCacheSync(s.ctx)
 
 	return nil
@@ -124,7 +106,7 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 		return fmt.Errorf("missing writeNamespace")
 	}
 	var ns corev1.Namespace
-	err := s.client.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
+	err := s.reader.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
 	if err != nil && errors.IsNotFound(err) {
 		ns := &corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
@@ -143,7 +125,7 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 }
 
 func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error {
-	err := s.ensureClientAndCache()
+	err := s.ensureInformer()
 	if err != nil {
 		return err
 	}
@@ -249,14 +231,14 @@ func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target re
 }
 
 func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
-	err := s.ensureClientAndCache()
+	err := s.ensureInformer()
 	if err != nil {
 		return nil, err
 	}
 
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err = s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
+	err = s.reader.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -314,7 +296,7 @@ func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary,
 }
 
 func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error) {
-	err := s.ensureClientAndCache()
+	err := s.ensureInformer()
 	if err != nil {
 		return nil, err
 	}
@@ -360,14 +342,14 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 }
 
 func (s *ResultStoreSecrets) getCommandResultSecret(id string) (*metav1.PartialObjectMetadata, error) {
-	err := s.ensureClientAndCache()
+	err := s.ensureInformer()
 	if err != nil {
 		return nil, err
 	}
 
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err = s.cache.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
+	err = s.reader.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
 	if err != nil {
 		return nil, err
 	}
@@ -403,7 +385,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 	}
 
 	var l corev1.SecretList
-	err = s.client.List(s.ctx, &l, client.MatchingLabels{
+	err = s.reader.List(s.ctx, &l, client.MatchingLabels{
 		"kluctl.io/result-id": options.Id,
 	})
 	if err != nil {

From 5f36b04bbe4a5d8e7b8721ae25234a25d24fe7ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 11:55:14 +0200
Subject: [PATCH 1011/2268] fix: Fix controller swallowing errors

---
 api/v1beta1/kluctldeployment_types.go         |  10 +
 .../gitops.kluctl.io_kluctldeployments.yaml   |   9 +
 pkg/controllers/kluctl_project.go             | 109 ++++----
 .../kluctldeployment_controller.go            | 238 ++++++++++--------
 pkg/controllers/utils.go                      |  11 +-
 5 files changed, 209 insertions(+), 168 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 3da415e20..b5021142c 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -303,6 +303,9 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
 
+	// ObservedCommit is the last commit observed
+	ObservedCommit string `json:"observedCommit,omitempty"`
+
 	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
@@ -315,6 +318,13 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastObjectsHash string `json:"lastObjectsHash,omitempty"`
 
+	// +optional
+	LastDeployError string `json:"lastDeployError,omitempty"`
+	// +optional
+	LastPruneError string `json:"lastPruneError,omitempty"`
+	// +optional
+	LastValidateError string `json:"lastValidateError,omitempty"`
+
 	// LastDeployResult is the result of the last deploy command
 	// +optional
 	LastDeployResult *result.CommandResultSummary `json:"lastDeployResult,omitempty"`
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 100a3e89a..d07ed9349 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -443,6 +443,8 @@ spec:
                   - type
                   type: object
                 type: array
+              lastDeployError:
+                type: string
               lastDeployResult:
                 description: LastDeployResult is the result of the last deploy command
                 properties:
@@ -719,6 +721,8 @@ spec:
                 type: string
               lastObjectsHash:
                 type: string
+              lastPruneError:
+                type: string
               lastPruneResult:
                 description: LastDeployResult is the result of the last prune command
                 properties:
@@ -988,6 +992,8 @@ spec:
                 - totalChanges
                 - warnings
                 type: object
+              lastValidateError:
+                type: string
               lastValidateResult:
                 description: LastValidateResult is the result of the last validate
                   command
@@ -1130,6 +1136,9 @@ spec:
                 - ready
                 - startTime
                 type: object
+              observedCommit:
+                description: ObservedCommit is the last commit observed
+                type: string
               observedGeneration:
                 description: ObservedGeneration is the last reconciled generation.
                 format: int64
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 840b7b048..d0c306032 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -3,10 +3,10 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/go-jinja2"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -44,6 +44,7 @@ type preparedProject struct {
 
 	rp *repocache.GitRepoCache
 
+	commit     string
 	tmpDir     string
 	repoDir    string
 	projectDir string
@@ -95,11 +96,12 @@ func prepareProject(ctx context.Context,
 			return nil, fmt.Errorf("failed clone source: %w", err)
 		}
 
-		clonedDir, _, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref.String())
+		clonedDir, gi, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref.String())
 		if err != nil {
 			return nil, err
 		}
 
+		pp.commit = gi.CheckedOutCommit
 		pp.repoDir = clonedDir
 
 		// check kluctl project path exists
@@ -124,12 +126,12 @@ func (pp *preparedProject) cleanup() {
 	}
 }
 
-func (pp *preparedProject) newTarget() (*preparedTarget, error) {
+func (pp *preparedProject) newTarget() *preparedTarget {
 	pt := preparedTarget{
 		pp: pp,
 	}
 
-	return &pt, nil
+	return &pt
 }
 
 func (pt *preparedTarget) restConfigToKubeconfig(restConfig *rest.Config) *api.Config {
@@ -558,24 +560,19 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 	return nil
 }
 
-func (pp *preparedProject) withKluctlProject(ctx context.Context, pt *preparedTarget, cb func(p *kluctl_project.LoadedKluctlProject) error) error {
-	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
-	if err != nil {
-		return err
-	}
-	defer j2.Close()
-
+func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTarget, j2 *jinja2.Jinja2) (*kluctl_project.LoadedKluctlProject, error) {
+	var err error
 	var sopsDecrypter *decryptor.Decryptor
 	if pp.obj.Spec.Decryption != nil {
 		sopsDecrypter, err = pp.buildSopsDecrypter(ctx)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	}
 
 	externalArgs, err := uo.FromString(string(pt.pp.obj.Spec.Args.Raw))
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
@@ -591,54 +588,52 @@ func (pp *preparedProject) withKluctlProject(ctx context.Context, pt *preparedTa
 
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, filepath.Join(pp.tmpDir, "project"), j2)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	return cb(p)
+	return p, nil
 }
 
-func (pt *preparedTarget) withKluctlProjectTarget(ctx context.Context, cb func(targetContext *kluctl_project.TargetContext) error) error {
-	return pt.pp.withKluctlProject(ctx, pt, func(p *kluctl_project.LoadedKluctlProject) error {
-		renderOutputDir, err := os.MkdirTemp(pt.pp.tmpDir, "render-")
-		if err != nil {
-			return err
-		}
-		images, err := pt.buildImages(ctx)
-		if err != nil {
-			return err
-		}
-		helmCredentials, err := pt.buildHelmCredentials(ctx)
-		if err != nil {
-			return err
-		}
-		inclusion := pt.buildInclusion()
-
-		props := kluctl_project.TargetContextParams{
-			DryRun:          pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
-			Images:          images,
-			Inclusion:       inclusion,
-			HelmCredentials: helmCredentials,
-			RenderOutputDir: renderOutputDir,
-		}
-		if pt.pp.obj.Spec.Target != nil {
-			props.TargetName = *pt.pp.obj.Spec.Target
-		}
-		if pt.pp.obj.Spec.TargetNameOverride != nil {
-			props.TargetNameOverride = *pt.pp.obj.Spec.TargetNameOverride
-		}
-		if pt.pp.obj.Spec.Context != nil {
-			props.ContextOverride = *pt.pp.obj.Spec.Context
-		}
-		targetContext, err := p.NewTargetContext(ctx, props)
-		if err != nil {
-			return err
-		}
-		err = targetContext.DeploymentCollection.Prepare()
-		if err != nil {
-			return err
-		}
-		return cb(targetContext)
-	})
+func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject) (*kluctl_project.TargetContext, error) {
+	renderOutputDir, err := os.MkdirTemp(pt.pp.tmpDir, "render-")
+	if err != nil {
+		return nil, err
+	}
+	images, err := pt.buildImages(ctx)
+	if err != nil {
+		return nil, err
+	}
+	helmCredentials, err := pt.buildHelmCredentials(ctx)
+	if err != nil {
+		return nil, err
+	}
+	inclusion := pt.buildInclusion()
+
+	props := kluctl_project.TargetContextParams{
+		DryRun:          pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
+		Images:          images,
+		Inclusion:       inclusion,
+		HelmCredentials: helmCredentials,
+		RenderOutputDir: renderOutputDir,
+	}
+	if pt.pp.obj.Spec.Target != nil {
+		props.TargetName = *pt.pp.obj.Spec.Target
+	}
+	if pt.pp.obj.Spec.TargetNameOverride != nil {
+		props.TargetNameOverride = *pt.pp.obj.Spec.TargetNameOverride
+	}
+	if pt.pp.obj.Spec.Context != nil {
+		props.ContextOverride = *pt.pp.obj.Spec.Context
+	}
+	targetContext, err := p.NewTargetContext(ctx, props)
+	if err != nil {
+		return nil, err
+	}
+	err = targetContext.DeploymentCollection.Prepare()
+	if err != nil {
+		return nil, err
+	}
+	return targetContext, nil
 }
 
 func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string) error {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 4bf07cefa..5e9653f2d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -7,7 +7,7 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -68,6 +68,8 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
+	patch := client.MergeFrom(obj.DeepCopy())
+
 	var cancel context.CancelFunc
 	ctx, cancel = context.WithTimeout(ctx, r.calcTimeout(obj))
 	defer cancel()
@@ -80,7 +82,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// Add our finalizer if it does not exist
 	if !controllerutil.ContainsFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer) {
-		patch := client.MergeFrom(obj.DeepCopy())
 		controllerutil.AddFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
 		if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 			log.Error(err, "unable to register finalizer")
@@ -110,7 +111,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// set the reconciliation status to progressing
 	if obj.Status.ObservedGeneration == 0 {
-		patch := client.MergeFrom(obj.DeepCopy())
 		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
 		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 			return ctrl.Result{Requeue: true}, err
@@ -125,7 +125,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	// reconcile kluctlDeployment by applying the latest revision
-	patch := client.MergeFrom(obj.DeepCopy())
 	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
 	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 		return ctrl.Result{Requeue: true}, err
@@ -168,127 +167,145 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	r.exportDeploymentObjectToProm(obj)
 
+	doFail := func(reason string, err error) (*ctrl.Result, error) {
+		setReadiness(obj, metav1.ConditionFalse, reason, err.Error())
+		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
+		return nil, err
+	}
+
+	doFailPrepare := func(err error) (*ctrl.Result, error) {
+		return doFail(kluctlv1.PrepareFailedReason, err)
+	}
+
+	oldGeneration := obj.Status.ObservedGeneration
+	obj.Status.ObservedGeneration = obj.GetGeneration()
+	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
+		obj.Status.LastHandledDeployAt = v
+	}
+
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
-		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
-		return nil, err
+		return doFailPrepare(err)
 	}
 	defer pp.cleanup()
 
-	pt, err := pp.newTarget()
+	obj.Status.ObservedCommit = pp.commit
+
+	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
-		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
-		return nil, err
+		return doFailPrepare(err)
 	}
+	defer j2.Close()
 
-	err = pt.withKluctlProjectTarget(ctx, func(targetContext *kluctl_project.TargetContext) error {
-		obj.Status.ProjectKey = &result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
-			SubDir:     path.Clean(obj.Spec.Source.Path),
-		}
-		obj.Status.TargetKey = &result.TargetKey{
-			TargetName:    targetContext.Target.Name,
-			Discriminator: targetContext.Target.Discriminator,
-		}
+	pt := pp.newTarget()
 
-		if obj.Status.ProjectKey.SubDir == "." {
-			obj.Status.ProjectKey.SubDir = ""
-		}
+	lp, err := pp.loadKluctlProject(ctx, pt, j2)
+	if err != nil {
+		return doFailPrepare(err)
+	}
 
-		objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
-		if err != nil {
-			return err
+	targetContext, err := pt.loadTarget(ctx, lp)
+	if err != nil {
+		return doFailPrepare(err)
+	}
+
+	obj.Status.ProjectKey = &result.ProjectKey{
+		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
+		SubDir:     path.Clean(obj.Spec.Source.Path),
+	}
+	obj.Status.TargetKey = &result.TargetKey{
+		TargetName:    targetContext.Target.Name,
+		Discriminator: targetContext.Target.Discriminator,
+	}
+
+	if obj.Status.ProjectKey.SubDir == "." {
+		obj.Status.ProjectKey.SubDir = ""
+	}
+
+	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
+	if err != nil {
+		return doFailPrepare(err)
+	}
+
+	needDeploy := false
+	needPrune := false
+	needValidate := false
+
+	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
+		// either never deployed or source code changed
+		needDeploy = true
+	} else if r.checkRequestedDeploy(obj) {
+		// explicitly requested a deploy
+		needDeploy = true
+	} else if oldGeneration != obj.GetGeneration() {
+		// spec has changed
+		needDeploy = true
+	} else {
+		// was deployed before, let's check if we need to do periodic deployments
+		nextDeployTime := r.nextDeployTime(obj)
+		if nextDeployTime != nil {
+			needDeploy = nextDeployTime.Before(time.Now())
 		}
+	}
 
-		needDeploy := false
-		needPrune := false
-		needValidate := false
-
-		if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
-			// either never deployed or source code changed
-			needDeploy = true
-		} else if r.checkRequestedDeploy(obj) {
-			// explicitly requested a deploy
-			needDeploy = true
-		} else if obj.Status.ObservedGeneration != obj.GetGeneration() {
-			// spec has changed
-			needDeploy = true
+	if obj.Spec.Validate {
+		if obj.Status.LastValidateResult == nil || needDeploy {
+			// either never validated before or a deployment requested (which required re-validation)
+			needValidate = true
 		} else {
-			// was deployed before, let's check if we need to do periodic deployments
-			nextDeployTime := r.nextDeployTime(obj)
-			if nextDeployTime != nil {
-				needDeploy = nextDeployTime.Before(time.Now())
+			nextValidateTime := r.nextValidateTime(obj)
+			if nextValidateTime != nil {
+				needValidate = nextValidateTime.Before(time.Now())
 			}
 		}
+	} else {
+		obj.Status.LastValidateResult = nil
+		obj.Status.LastValidateError = ""
+	}
 
-		if obj.Spec.Validate {
-			if obj.Status.LastValidateResult == nil || needDeploy {
-				// either never validated before or a deployment requested (which required re-validation)
-				needValidate = true
-			} else {
-				nextValidateTime := r.nextValidateTime(obj)
-				if nextValidateTime != nil {
-					needValidate = nextValidateTime.Before(time.Now())
-				}
-			}
-		} else {
-			obj.Status.LastValidateResult = nil
-		}
+	if obj.Spec.Prune {
+		needPrune = needDeploy
+	} else {
+		obj.Status.LastPruneResult = nil
+		obj.Status.LastPruneError = ""
+	}
 
-		if obj.Spec.Prune {
-			needPrune = needDeploy
+	obj.Status.LastObjectsHash = objectsHash
+
+	var deployResult *result.CommandResult
+	if needDeploy {
+		// deploy the kluctl project
+		if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
+			deployResult, err = pt.kluctlDeploy(ctx, targetContext)
+		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
+			deployResult, err = pt.kluctlPokeImages(ctx, targetContext)
 		} else {
-			obj.Status.LastPruneResult = nil
+			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}
-
-		obj.Status.LastObjectsHash = objectsHash
-
-		var deployResult *result.CommandResult
-		if needDeploy {
-			// deploy the kluctl project
-			if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
-				deployResult, err = pt.kluctlDeploy(ctx, targetContext)
-			} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
-				deployResult, err = pt.kluctlPokeImages(ctx, targetContext)
-			} else {
-				err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
-				setReadiness(obj, metav1.ConditionFalse, kluctlv1.DeployFailedReason, err.Error())
-				return nil
-			}
-			obj.Status.LastDeployResult = deployResult.BuildSummary()
-			if err != nil {
-				setReadiness(obj, metav1.ConditionFalse, kluctlv1.DeployFailedReason, err.Error())
-				return nil
-			}
+		obj.Status.LastDeployResult = deployResult.BuildSummary()
+		obj.Status.LastDeployError = ""
+		if err != nil {
+			obj.Status.LastDeployError = err.Error()
 		}
+	}
 
-		if needPrune {
-			// run garbage collection for stale objects that do not have pruning disabled
-			pruneResult, err := pt.kluctlPrune(ctx, targetContext)
-			obj.Status.LastPruneResult = pruneResult.BuildSummary()
-			if err != nil {
-				setReadiness(obj, metav1.ConditionFalse, kluctlv1.PruneFailedReason, err.Error())
-				return nil
-			}
+	if needPrune {
+		// run garbage collection for stale objects that do not have pruning disabled
+		pruneResult, err := pt.kluctlPrune(ctx, targetContext)
+		obj.Status.LastPruneResult = pruneResult.BuildSummary()
+		obj.Status.LastPruneError = ""
+		if err != nil {
+			obj.Status.LastPruneError = err.Error()
 		}
+	}
 
-		if needValidate {
-			validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
-			obj.Status.LastValidateResult = validateResult
-			if err != nil {
-				setReadiness(obj, metav1.ConditionFalse, kluctlv1.ValidateFailedReason, err.Error())
-				return nil
-			}
+	if needValidate {
+		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
+		obj.Status.LastValidateResult = validateResult
+		obj.Status.LastValidateError = ""
+		if err != nil {
+			obj.Status.LastValidateError = err.Error()
 		}
-		return nil
-	})
-	obj.Status.ObservedGeneration = obj.GetGeneration()
-	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
-		obj.Status.LastHandledDeployAt = v
-	}
-	if err != nil {
-		setReadiness(obj, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, err.Error())
-		return nil, err
 	}
 
 	var ctrlResult ctrl.Result
@@ -310,6 +327,20 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 }
 
 func (r *KluctlDeploymentReconciler) buildFinalStatus(obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
+	if obj.Status.LastDeployError != "" {
+		finalStatus = obj.Status.LastDeployError
+		reason = kluctlv1.DeployFailedReason
+		return
+	} else if obj.Status.LastPruneError != "" {
+		finalStatus = obj.Status.LastPruneError
+		reason = kluctlv1.PruneFailedReason
+		return
+	} else if obj.Status.LastValidateError != "" {
+		finalStatus = obj.Status.LastValidateError
+		reason = kluctlv1.ValidateFailedReason
+		return
+	}
+
 	deployOk := obj.Status.LastDeployResult != nil && obj.Status.LastDeployResult.Errors == 0
 	pruneOk := obj.Status.LastPruneResult != nil && obj.Status.LastPruneResult.Errors == 0
 	validateOk := obj.Status.LastValidateResult != nil && len(obj.Status.LastValidateResult.Errors) == 0 && obj.Status.LastValidateResult.Ready
@@ -470,10 +501,7 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 	}
 	defer pp.cleanup()
 
-	pt, err := pp.newTarget()
-	if err != nil {
-		return
-	}
+	pt := pp.newTarget()
 
 	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator)
 }
diff --git a/pkg/controllers/utils.go b/pkg/controllers/utils.go
index 7d4476e8d..050f21805 100644
--- a/pkg/controllers/utils.go
+++ b/pkg/controllers/utils.go
@@ -9,17 +9,16 @@ import (
 
 func setReadiness(obj *kluctlv1.KluctlDeployment, status metav1.ConditionStatus, reason, message string) {
 	newCondition := metav1.Condition{
-		Type:    meta.ReadyCondition,
-		Status:  status,
-		Reason:  reason,
-		Message: trimString(message, kluctlv1.MaxConditionMessageLength),
+		Type:               meta.ReadyCondition,
+		Status:             status,
+		Reason:             reason,
+		Message:            trimString(message, kluctlv1.MaxConditionMessageLength),
+		ObservedGeneration: obj.Generation,
 	}
 
 	c := obj.GetConditions()
 	apimeta.SetStatusCondition(&c, newCondition)
 	obj.SetConditions(c)
-
-	obj.Status.ObservedGeneration = obj.GetGeneration()
 }
 
 func trimString(str string, limit int) string {

From 0c5f350c1a60c44d7eb2fd1fa0be4d5a7dad01f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 11:55:25 +0200
Subject: [PATCH 1012/2268] tests: Implement controller error tests

---
 e2e/gitops_errors_test.go | 243 ++++++++++++++++++++++++++++++++++++++
 e2e/gitops_test.go        | 111 ++++++++---------
 2 files changed, 301 insertions(+), 53 deletions(-)
 create mode 100644 e2e/gitops_errors_test.go

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
new file mode 100644
index 000000000..ffbc0e008
--- /dev/null
+++ b/e2e/gitops_errors_test.go
@@ -0,0 +1,243 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
+)
+
+func getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
+	for _, c := range obj.Status.Conditions {
+		if c.Type == meta.ReadyCondition {
+			return &c
+		}
+	}
+	return nil
+}
+
+func assertErrors(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
+	g := NewWithT(t)
+
+	var kd kluctlv1.KluctlDeployment
+	err := k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
+
+	readinessCondition := getReadiness(&kd)
+	g.Expect(readinessCondition).ToNot(BeNil())
+
+	g.Expect(readinessCondition.Status).To(Equal(rstatus))
+	g.Expect(readinessCondition.Reason).To(Equal(rreason))
+	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
+
+	rs, err := results.NewResultStoreSecrets(context.TODO(), k.Client, nil, "", 0)
+	g.Expect(err).To(Succeed())
+
+	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
+		Id: kd.Status.LastDeployResult.Id,
+	})
+	g.Expect(err).To(Succeed())
+
+	g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
+	g.Expect(cr.Warnings).To(ConsistOf(expectedWarnings))
+
+	g.Expect(kd.Status.LastDeployResult.Errors).To(Equal(len(expectedErrors)))
+	g.Expect(kd.Status.LastDeployResult.Warnings).To(Equal(len(expectedWarnings)))
+}
+
+func TestGitOpsErrors(t *testing.T) {
+	g := NewWithT(t)
+	_ = g
+
+	startKluctlController(t)
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	goodCm1 := `apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`
+	badCm1_1 := `apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data_error:
+  k1: v1
+`
+	badCm1_2 := `apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: {
+`
+
+	p.UpdateTarget("target1", nil)
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(goodCm1)},
+	}, nil)
+
+	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	t.Run("initial deployment", func(t *testing.T) {
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	cm1Ref := k8s.NewObjectRef("", "v1", "ConfigMap", "cm1", p.TestSlug())
+
+	t.Run("cm1 causes error while applying", func(t *testing.T) {
+		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
+			return badCm1_1, nil
+		}, "")
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+			{
+				Ref:     cm1Ref,
+				Message: "failed to patch test-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (test-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
+			},
+		}, nil)
+		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
+			return goodCm1, nil
+		}, "")
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("cm1 causes error while loading", func(t *testing.T) {
+		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
+			return badCm1_2, nil
+		}, "")
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
+		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
+			return goodCm1, nil
+		}, "")
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("project can't be loaded", func(t *testing.T) {
+		kluctlBackup := ""
+		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
+			kluctlBackup = f
+			return "a: b", nil
+		}, "")
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
+			return kluctlBackup, nil
+		}, "")
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("deployment can't be loaded", func(t *testing.T) {
+		deploymentBackup := ""
+		p.UpdateFile("deployment.yml", func(f string) (string, error) {
+			deploymentBackup = f
+			return "a: b", nil
+		}, "")
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		p.UpdateFile("deployment.yml", func(f string) (string, error) {
+			return deploymentBackup, nil
+		}, "")
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("invalid target", func(t *testing.T) {
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Target = utils.StrPtr("invalid")
+		})
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Target = utils.StrPtr("target1")
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("invalid context", func(t *testing.T) {
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Context = utils.StrPtr("invalid")
+		})
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Context = utils.StrPtr("default")
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("non existing git repo", func(t *testing.T) {
+		var backup types.GitUrl
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			backup = kd.Spec.Source.URL
+			kd.Spec.Source.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
+		})
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed clone source: repository not found", nil, nil)
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Source.URL = backup
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+	t.Run("non existing git branch", func(t *testing.T) {
+		var backup *kluctlv1.GitRef
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			backup = kd.Spec.Source.Ref
+			kd.Spec.Source.Ref = &kluctlv1.GitRef{
+				Branch: "invalid",
+			}
+		})
+		waitForReconcile(t, k, key)
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Source.Ref = backup
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+	})
+
+	t.Run("prune without discriminator", func(t *testing.T) {
+		var backup any
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Prune = true
+		})
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			backup, _, _ = o.GetNestedField("discriminator")
+			_ = o.RemoveNestedField("discriminator")
+			return nil
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PruneFailedReason, "pruning without a discriminator is not supported", nil, nil)
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField(backup, "discriminator")
+			return nil
+		})
+		waitForCommit(t, k, key, getHeadRevision(t, p))
+		assertErrors(t, k, key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok, prune: ok", nil, nil)
+		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Prune = false
+		})
+	})
+}
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 56d1cdfe0..95e2b3631 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -3,16 +3,17 @@ package e2e
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/onsi/gomega"
-	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"math/rand"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"testing"
@@ -49,37 +50,42 @@ func startKluctlController(t *testing.T) context.CancelFunc {
 	return cancel
 }
 
+func triggerReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey) string {
+	reconcileId := fmt.Sprintf("%d", rand.Int63())
+
+	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		a := kd.GetAnnotations()
+		if a == nil {
+			a = map[string]string{}
+		}
+		a[kluctlv1.KluctlRequestReconcileAnnotation] = reconcileId
+		kd.SetAnnotations(a)
+	})
+	return reconcileId
+}
+
 func waitForReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey) {
 	g := gomega.NewWithT(t)
 
-	var kd kluctlv1.KluctlDeployment
-	err := k.Client.Get(context.TODO(), key, &kd)
-	assert.NoError(t, err)
+	reconcileId := triggerReconcile(t, k, key)
 
-	var lastReconcileTime metav1.Time
-	if kd.Status.LastDeployResult != nil {
-		lastReconcileTime = kd.Status.LastDeployResult.Command.StartTime
-	}
 	g.Eventually(func() bool {
-		err = k.Client.Get(context.TODO(), key, &kd)
+		var kd kluctlv1.KluctlDeployment
+		err := k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
-		if kd.Status.LastDeployResult == nil {
-			return false
-		}
-		return kd.Status.LastDeployResult.Command.StartTime != lastReconcileTime
+		return kd.Status.LastHandledReconcileAt == reconcileId
 	}, timeout, time.Second).Should(BeTrue())
 }
 
 func waitForCommit(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, commit string) {
 	g := gomega.NewWithT(t)
 
+	reconcileId := triggerReconcile(t, k, key)
+
 	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		_ = k.Client.Get(context.Background(), key, &obj)
-		if obj.Status.LastDeployResult == nil {
-			return false
-		}
-		return obj.Status.LastDeployResult.GitInfo.Commit == commit
+		var kd kluctlv1.KluctlDeployment
+		_ = k.Client.Get(context.Background(), key, &kd)
+		return kd.Status.LastHandledReconcileAt == reconcileId && kd.Status.ObservedCommit == commit
 	}, timeout, time.Second).Should(BeTrue())
 }
 
@@ -118,6 +124,23 @@ func createKluctlDeployment(t *testing.T, p *test_utils.TestProject, k *test_uti
 	return client.ObjectKeyFromObject(kluctlDeployment)
 }
 
+func updateKluctlDeployment(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
+	g := NewWithT(t)
+
+	var kd kluctlv1.KluctlDeployment
+	err := k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	patch := client.MergeFrom(kd.DeepCopy())
+
+	update(&kd)
+
+	err = k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
+	g.Expect(err).To(Succeed())
+
+	return &kd
+}
+
 func TestGitOpsFieldManager(t *testing.T) {
 	g := NewWithT(t)
 
@@ -150,13 +173,9 @@ data:
 		waitForCommit(t, k, key, getHeadRevision(t, p))
 	})
 
-	var kd kluctlv1.KluctlDeployment
-	err := k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
-	err = k.Client.Update(context.TODO(), &kd)
-	g.Expect(err).To(Succeed())
+	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
+	})
 
 	cm := &corev1.ConfigMap{}
 
@@ -222,12 +241,9 @@ data:
 		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v2"))
 	})
 
-	err = k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	kd.Spec.ForceApply = true
-	err = k.Client.Update(context.TODO(), &kd)
-	g.Expect(err).To(Succeed())
+	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.ForceApply = true
+	})
 
 	t.Run("forceApply is true and cm1 gets restored even with another field manager", func(t *testing.T) {
 		patch := client.MergeFrom(cm.DeepCopy())
@@ -327,9 +343,9 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 	err := k.Client.Create(context.TODO(), credsSecret)
 	g.Expect(err).To(Succeed())
 
-	kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"}})
-	err = k.Client.Update(context.TODO(), kd)
-	g.Expect(err).To(Succeed())
+	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"}})
+	})
 
 	t.Run("chart with credentials succeeds", func(t *testing.T) {
 		g.Eventually(func() bool {
@@ -494,19 +510,11 @@ data:
 		g.Expect(err).To(Succeed())
 	})
 
-	kd := &kluctlv1.KluctlDeployment{}
-	g.Expect(k.Client.Get(context.TODO(), key, kd)).To(Succeed())
-	kd.Spec.Prune = true
+	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Prune = true
+	})
 
-	g.Expect(k.Client.Update(context.TODO(), kd)).To(Succeed())
-	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		_ = k.Client.Get(context.Background(), key, &obj)
-		if obj.Status.LastDeployResult == nil {
-			return false
-		}
-		return obj.Status.ObservedGeneration == obj.Generation && obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(t, p)
-	}, timeout, time.Second).Should(BeTrue())
+	waitForReconcile(t, k, key)
 
 	t.Run("cm1 did not get deleted and cm2 got deleted", func(t *testing.T) {
 		err := k.Client.Get(context.TODO(), client.ObjectKey{
@@ -548,12 +556,9 @@ data:
 		"namespace": p.TestSlug(),
 	})
 
-	kd := &kluctlv1.KluctlDeployment{}
-	err := k.Client.Get(context.TODO(), key, kd)
-	g.Expect(err).To(Succeed())
-
-	kd.Spec.Delete = delete
-	g.Expect(k.Client.Update(context.TODO(), kd)).To(Succeed())
+	kd := updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Delete = delete
+	})
 
 	waitForCommit(t, k, key, getHeadRevision(t, p))
 

From ae204b7b1e28ad5fdd9ae7d09000ca4219a62daa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 12:59:57 +0200
Subject: [PATCH 1013/2268] fix: Fix race condition in GetCommandResult

---
 pkg/results/result-store-secrets.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 88527503c..5d244d538 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -399,30 +399,30 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 
 	var crJson, objectsJson []byte
 	err = utils.RunParallelE(s.ctx, func() error {
-		var ok bool
-		crJson, ok = secret.Data["reducedResult"]
+		j, ok := secret.Data["reducedResult"]
 		if !ok {
 			return fmt.Errorf("reducedResult field not present for %s", options.Id)
 		}
-		crJson, err = utils.UncompressGzip(crJson)
+		j, err := utils.UncompressGzip(j)
 		if err != nil {
 			return err
 		}
+		crJson = j
 		return nil
 	}, func() error {
 		if options.Reduced {
 			return nil
 		}
-		var ok bool
-		objectsJson, ok = secret.Data["compactedObjects"]
+		j, ok := secret.Data["compactedObjects"]
 		if !ok {
 			return fmt.Errorf("compactedObjects field not present for %s", options.Id)
 		}
-		objectsJson, err = utils.UncompressGzip(objectsJson)
+		j, err := utils.UncompressGzip(j)
 		if err != nil {
 			return err
 		}
-		return err
+		objectsJson = j
+		return nil
 	})
 	if err != nil {
 		return nil, err

From 07bedd0505273994e92ab331d7812afe7b812b74 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 15:22:17 +0200
Subject: [PATCH 1014/2268] feat: Allow to override kubeconfig and context

---
 cmd/kluctl/commands/cmd_controller.go | 84 ++++++++++++++++++++++++++-
 pkg/utils/flux_utils/client.go        | 84 ---------------------------
 2 files changed, 81 insertions(+), 87 deletions(-)
 delete mode 100644 pkg/utils/flux_utils/client.go

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index 3e3f9df86..132e7a55b 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -2,16 +2,23 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"os"
+	"os/user"
+	"path/filepath"
+	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -32,6 +39,9 @@ const controllerName = "kluctl-controller"
 type controllerCmd struct {
 	scheme *runtime.Scheme
 
+	Kubeconfig string `group:"controller" help:"Override the kubeconfig to use."`
+	Context    string `group:"controller" help:"Override the context to use."`
+
 	MetricsBindAddress     string `group:"controller" help:"The address the metric endpoint binds to." default:":8080"`
 	HealthProbeBindAddress string `group:"controller" help:"The address the probe endpoint binds to." default:":8081"`
 	LeaderElect            bool   `group:"controller" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
@@ -64,14 +74,27 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 	}
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
-	restConfig := flux_utils.GetConfigOrDie(flux_utils.Options{})
+	restConfig, err := cmd.loadConfig(cmd.Kubeconfig, cmd.Context)
+	if err != nil {
+		setupLog.Error(err, "unable to load kubeconfig")
+		os.Exit(1)
+	}
+
+	enabled, err := flowcontrol.IsEnabled(context.Background(), restConfig)
+	if err == nil && enabled {
+		// A negative QPS and Burst indicates that the client should not have a rate limiter.
+		// Ref: https://github.com/kubernetes/kubernetes/blob/v1.24.0/staging/src/k8s.io/client-go/rest/config.go#L354-L364
+		restConfig.QPS = -1
+		restConfig.Burst = -1
+	}
+
 	clientSet, err := kubernetes.NewForConfig(restConfig)
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
 
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme:                 cmd.scheme,
 		MetricsBindAddress:     cmd.MetricsBindAddress,
 		Port:                   9443,
@@ -138,3 +161,58 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 
 	return nil
 }
+
+// taken from clientcmd
+func (cmd *controllerCmd) loadConfig(kubeconfig string, context string) (config *rest.Config, configErr error) {
+	// If a flag is specified with the config location, use that
+	if len(kubeconfig) > 0 {
+		return cmd.loadConfigWithContext("", &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, context)
+	}
+
+	// If the recommended kubeconfig env variable is not specified,
+	// try the in-cluster config.
+	kubeconfigPath := os.Getenv(clientcmd.RecommendedConfigPathEnvVar)
+	if len(kubeconfigPath) == 0 {
+		c, err := rest.InClusterConfig()
+		if err == nil {
+			return c, nil
+		}
+
+		defer func() {
+			if configErr != nil {
+				log.Error(err, "unable to load in-cluster config")
+			}
+		}()
+	}
+
+	// If the recommended kubeconfig env variable is set, or there
+	// is no in-cluster config, try the default recommended locations.
+	//
+	// NOTE: For default config file locations, upstream only checks
+	// $HOME for the user's home directory, but we can also try
+	// os/user.HomeDir when $HOME is unset.
+	//
+	// TODO(jlanford): could this be done upstream?
+	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+	if _, ok := os.LookupEnv("HOME"); !ok {
+		u, err := user.Current()
+		if err != nil {
+			return nil, fmt.Errorf("could not get current user: %w", err)
+		}
+		loadingRules.Precedence = append(loadingRules.Precedence, filepath.Join(u.HomeDir, clientcmd.RecommendedHomeDir, clientcmd.RecommendedFileName))
+	}
+
+	return cmd.loadConfigWithContext("", loadingRules, context)
+}
+
+// taken from clientcmd
+func (cmd *controllerCmd) loadConfigWithContext(apiServerURL string, loader clientcmd.ClientConfigLoader, context string) (*rest.Config, error) {
+	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		loader,
+		&clientcmd.ConfigOverrides{
+			ClusterInfo: clientcmdapi.Cluster{
+				Server: apiServerURL,
+			},
+			CurrentContext: context,
+		}).ClientConfig()
+}
diff --git a/pkg/utils/flux_utils/client.go b/pkg/utils/flux_utils/client.go
deleted file mode 100644
index 05e796cc7..000000000
--- a/pkg/utils/flux_utils/client.go
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
-Copyright 2021 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package flux_utils
-
-import (
-	"context"
-
-	"github.com/spf13/pflag"
-	"k8s.io/client-go/rest"
-	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
-	ctrl "sigs.k8s.io/controller-runtime"
-)
-
-const (
-	flagQPS   = "kube-api-qps"
-	flagBurst = "kube-api-burst"
-)
-
-// Options contains the runtime configuration for a Kubernetes client.
-//
-// The struct can be used in the main.go file of your controller by binding it to the main flag set, and then utilizing
-// the configured options later:
-//
-//	func main() {
-//		var (
-//			// other controller specific configuration variables
-//			clientOptions client.Options
-//		)
-//
-//		// Bind the options to the main flag set, and parse it
-//		clientOptions.BindFlags(flag.CommandLine)
-//		flag.Parse()
-//
-//		// Get a runtime Kubernetes client configuration with the options set
-//		restConfig := client.GetConfigOrDie(clientOptions)
-//	}
-type Options struct {
-	// QPS indicates the maximum queries-per-second of requests sent to the Kubernetes API, defaults to 50.
-	QPS float32
-
-	// Burst indicates the maximum burst queries-per-second of requests sent to the Kubernetes API, defaults to 300.
-	Burst int
-}
-
-// BindFlags will parse the given pflag.FlagSet for Kubernetes client option flags and set the Options accordingly.
-func (o *Options) BindFlags(fs *pflag.FlagSet) {
-	fs.Float32Var(&o.QPS, flagQPS, 50.0,
-		"The maximum queries-per-second of requests sent to the Kubernetes API.")
-	fs.IntVar(&o.Burst, flagBurst, 300,
-		"The maximum burst queries-per-second of requests sent to the Kubernetes API.")
-}
-
-// GetConfigOrDie wraps ctrl.GetConfigOrDie and checks if the Kubernetes apiserver
-// has PriorityAndFairness flow control filter enabled. If true, it returns a rest.Config
-// with client side throttling disabled. Otherwise, it returns a modified rest.Config
-// configured with the provided Options.
-func GetConfigOrDie(opts Options) *rest.Config {
-	config := ctrl.GetConfigOrDie()
-	enabled, err := flowcontrol.IsEnabled(context.Background(), config)
-	if err == nil && enabled {
-		// A negative QPS and Burst indicates that the client should not have a rate limiter.
-		// Ref: https://github.com/kubernetes/kubernetes/blob/v1.24.0/staging/src/k8s.io/client-go/rest/config.go#L354-L364
-		config.QPS = -1
-		config.Burst = -1
-		return config
-	}
-	config.QPS = opts.QPS
-	config.Burst = opts.Burst
-	return config
-}

From eebfafc9ca0c37306112f4efd2e4bae59be98252 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 15:22:35 +0200
Subject: [PATCH 1015/2268] tests: Run gitops tests in own test suite with own
 cluster

---
 e2e/default_clusters.go   |   3 -
 e2e/gitops_errors_test.go | 127 ++++++++--------
 e2e/gitops_test.go        | 309 +++++++++++++++++++++++---------------
 3 files changed, 252 insertions(+), 187 deletions(-)

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 8765afb63..373957a89 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -22,9 +22,6 @@ func init() {
 		return
 	}
 
-	defaultCluster1.CRDDirectoryPaths = []string{"../config/crd/bases"}
-	defaultCluster2.CRDDirectoryPaths = []string{"../config/crd/bases"}
-
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index ffbc0e008..56249cf9b 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -14,10 +14,9 @@ import (
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"testing"
 )
 
-func getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
+func (suite *GitopsTestSuite) getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
 	for _, c := range obj.Status.Conditions {
 		if c.Type == meta.ReadyCondition {
 			return &c
@@ -26,23 +25,23 @@ func getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
 	return nil
 }
 
-func assertErrors(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
-	g := NewWithT(t)
+func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
+	g := NewWithT(suite.T())
 
 	var kd kluctlv1.KluctlDeployment
-	err := k.Client.Get(context.TODO(), key, &kd)
+	err := suite.k.Client.Get(context.TODO(), key, &kd)
 	g.Expect(err).To(Succeed())
 
 	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
 
-	readinessCondition := getReadiness(&kd)
+	readinessCondition := suite.getReadiness(&kd)
 	g.Expect(readinessCondition).ToNot(BeNil())
 
 	g.Expect(readinessCondition.Status).To(Equal(rstatus))
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
-	rs, err := results.NewResultStoreSecrets(context.TODO(), k.Client, nil, "", 0)
+	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, nil, "", 0)
 	g.Expect(err).To(Succeed())
 
 	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
@@ -57,16 +56,12 @@ func assertErrors(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectK
 	g.Expect(kd.Status.LastDeployResult.Warnings).To(Equal(len(expectedWarnings)))
 }
 
-func TestGitOpsErrors(t *testing.T) {
-	g := NewWithT(t)
+func (suite *GitopsTestSuite) TestGitOpsErrors() {
+	g := NewWithT(suite.T())
 	_ = g
 
-	startKluctlController(t)
-
-	k := defaultCluster1
-
-	p := test_utils.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	goodCm1 := `apiVersion: v1
 kind: ConfigMap
@@ -98,129 +93,129 @@ data:
 		{Name: "cm1.yaml", Content: uo.FromStringMust(goodCm1)},
 	}, nil)
 
-	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 	})
 
-	t.Run("initial deployment", func(t *testing.T) {
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
 	cm1Ref := k8s.NewObjectRef("", "v1", "ConfigMap", "cm1", p.TestSlug())
 
-	t.Run("cm1 causes error while applying", func(t *testing.T) {
+	suite.Run("cm1 causes error while applying", func() {
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return badCm1_1, nil
 		}, "")
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
 			{
 				Ref:     cm1Ref,
-				Message: "failed to patch test-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (test-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
+				Message: "failed to patch test-git-ops-test-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (test-git-ops-test-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
 			},
 		}, nil)
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return goodCm1, nil
 		}, "")
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("cm1 causes error while loading", func(t *testing.T) {
+	suite.Run("cm1 causes error while loading", func() {
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return badCm1_2, nil
 		}, "")
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return goodCm1, nil
 		}, "")
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("project can't be loaded", func(t *testing.T) {
+	suite.Run("project can't be loaded", func() {
 		kluctlBackup := ""
 		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
 			kluctlBackup = f
 			return "a: b", nil
 		}, "")
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
 			return kluctlBackup, nil
 		}, "")
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("deployment can't be loaded", func(t *testing.T) {
+	suite.Run("deployment can't be loaded", func() {
 		deploymentBackup := ""
 		p.UpdateFile("deployment.yml", func(f string) (string, error) {
 			deploymentBackup = f
 			return "a: b", nil
 		}, "")
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile("deployment.yml", func(f string) (string, error) {
 			return deploymentBackup, nil
 		}, "")
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("invalid target", func(t *testing.T) {
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.Run("invalid target", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Target = utils.StrPtr("invalid")
 		})
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Target = utils.StrPtr("target1")
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("invalid context", func(t *testing.T) {
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.Run("invalid context", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Context = utils.StrPtr("invalid")
 		})
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Context = utils.StrPtr("default")
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("non existing git repo", func(t *testing.T) {
+	suite.Run("non existing git repo", func() {
 		var backup types.GitUrl
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			backup = kd.Spec.Source.URL
 			kd.Spec.Source.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
 		})
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed clone source: repository not found", nil, nil)
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed clone source: repository not found", nil, nil)
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.URL = backup
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
-	t.Run("non existing git branch", func(t *testing.T) {
+	suite.Run("non existing git branch", func() {
 		var backup *kluctlv1.GitRef
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			backup = kd.Spec.Source.Ref
 			kd.Spec.Source.Ref = &kluctlv1.GitRef{
 				Branch: "invalid",
 			}
 		})
-		waitForReconcile(t, k, key)
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.waitForReconcile(key)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.Ref = backup
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	t.Run("prune without discriminator", func(t *testing.T) {
+	suite.Run("prune without discriminator", func() {
 		var backup any
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = true
 		})
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
@@ -228,15 +223,15 @@ data:
 			_ = o.RemoveNestedField("discriminator")
 			return nil
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
-		assertErrors(t, k, key, metav1.ConditionFalse, kluctlv1.PruneFailedReason, "pruning without a discriminator is not supported", nil, nil)
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PruneFailedReason, "pruning without a discriminator is not supported", nil, nil)
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 			_ = o.SetNestedField(backup, "discriminator")
 			return nil
 		})
-		waitForCommit(t, k, key, getHeadRevision(t, p))
-		assertErrors(t, k, key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok, prune: ok", nil, nil)
-		updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		suite.assertErrors(key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok, prune: ok", nil, nil)
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
 	})
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 95e2b3631..191a65c5b 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -9,11 +9,14 @@ import (
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"math/rand"
+	"os"
+	"path/filepath"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"testing"
@@ -27,16 +30,82 @@ const (
 	interval = time.Second * 5
 )
 
-func startKluctlController(t *testing.T) context.CancelFunc {
+type GitopsTestSuite struct {
+	suite.Suite
+
+	k *test_utils.EnvTestCluster
+
+	cancelController context.CancelFunc
+
+	deployments []client.ObjectKey
+}
+
+func (suite *GitopsTestSuite) SetupSuite() {
+	suite.startCluster()
+	suite.startController()
+}
+
+func (suite *GitopsTestSuite) TearDownSuite() {
+	if suite.cancelController != nil {
+		suite.cancelController()
+	}
+
+	if suite.k != nil {
+		suite.k.Stop()
+	}
+}
+
+func (suite *GitopsTestSuite) TearDownTest() {
+	g := NewWithT(suite.T())
+
+	for _, key := range suite.deployments {
+		suite.deleteKluctlDeployment(key)
+	}
+
+	g.Eventually(func() bool {
+		for _, key := range suite.deployments {
+			var kd kluctlv1.KluctlDeployment
+			err := suite.k.Client.Get(context.TODO(), key, &kd)
+			if err == nil {
+				return false
+			}
+		}
+		return true
+	}, timeout, time.Second).Should(BeTrue())
+
+	suite.deployments = nil
+}
+
+func (suite *GitopsTestSuite) startCluster() {
+	suite.k = test_utils.CreateEnvTestCluster("context1")
+	suite.k.CRDDirectoryPaths = []string{"../config/crd/bases"}
+
+	err := suite.k.Start()
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+}
+
+func (suite *GitopsTestSuite) startController() {
+	tmpKubeconfig := filepath.Join(suite.T().TempDir(), "kubeconfig")
+	err := os.WriteFile(tmpKubeconfig, suite.k.Kubeconfig, 0o600)
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
 	ctx, ctxCancel := context.WithCancel(context.Background())
 	args := []string{
 		"controller",
+		"--kubeconfig",
+		tmpKubeconfig,
+		"--context",
+		"context1",
 	}
 	done := make(chan struct{})
 	go func() {
-		_, _, err := test_utils.KluctlExecute(t, ctx, args...)
+		_, _, err := test_utils.KluctlExecute(suite.T(), ctx, args...)
 		if err != nil {
-			t.Error(err)
+			suite.T().Error(err)
 		}
 		close(done)
 	}()
@@ -45,15 +114,13 @@ func startKluctlController(t *testing.T) context.CancelFunc {
 		ctxCancel()
 		<-done
 	}
-
-	t.Cleanup(cancel)
-	return cancel
+	suite.cancelController = cancel
 }
 
-func triggerReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey) string {
+func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
 	reconcileId := fmt.Sprintf("%d", rand.Int63())
 
-	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		a := kd.GetAnnotations()
 		if a == nil {
 			a = map[string]string{}
@@ -64,38 +131,38 @@ func triggerReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.Obj
 	return reconcileId
 }
 
-func waitForReconcile(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey) {
-	g := gomega.NewWithT(t)
+func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
+	g := gomega.NewWithT(suite.T())
 
-	reconcileId := triggerReconcile(t, k, key)
+	reconcileId := suite.triggerReconcile(key)
 
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
-		err := k.Client.Get(context.TODO(), key, &kd)
+		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
 		return kd.Status.LastHandledReconcileAt == reconcileId
 	}, timeout, time.Second).Should(BeTrue())
 }
 
-func waitForCommit(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, commit string) {
-	g := gomega.NewWithT(t)
+func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) {
+	g := gomega.NewWithT(suite.T())
 
-	reconcileId := triggerReconcile(t, k, key)
+	reconcileId := suite.triggerReconcile(key)
 
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
-		_ = k.Client.Get(context.Background(), key, &kd)
+		_ = suite.k.Client.Get(context.Background(), key, &kd)
 		return kd.Status.LastHandledReconcileAt == reconcileId && kd.Status.ObservedCommit == commit
 	}, timeout, time.Second).Should(BeTrue())
 }
 
-func createKluctlDeployment(t *testing.T, p *test_utils.TestProject, k *test_utils.EnvTestCluster, target string, args map[string]any) client.ObjectKey {
+func (suite *GitopsTestSuite) createKluctlDeployment(p *test_utils.TestProject, target string, args map[string]any) client.ObjectKey {
 	gitopsNs := p.TestSlug() + "-gitops"
-	createNamespace(t, k, gitopsNs)
+	createNamespace(suite.T(), suite.k, gitopsNs)
 
 	jargs, err := json.Marshal(args)
 	if err != nil {
-		t.Fatal(err)
+		suite.T().Fatal(err)
 	}
 
 	kluctlDeployment := &kluctlv1.KluctlDeployment{
@@ -116,40 +183,50 @@ func createKluctlDeployment(t *testing.T, p *test_utils.TestProject, k *test_uti
 		},
 	}
 
-	err = k.Client.Create(context.Background(), kluctlDeployment)
+	err = suite.k.Client.Create(context.Background(), kluctlDeployment)
 	if err != nil {
-		t.Fatal(err)
+		suite.T().Fatal(err)
 	}
 
-	return client.ObjectKeyFromObject(kluctlDeployment)
+	key := client.ObjectKeyFromObject(kluctlDeployment)
+	suite.deployments = append(suite.deployments, key)
+	return key
 }
 
-func updateKluctlDeployment(t *testing.T, k *test_utils.EnvTestCluster, key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
-	g := NewWithT(t)
+func (suite *GitopsTestSuite) updateKluctlDeployment(key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
+	g := NewWithT(suite.T())
 
 	var kd kluctlv1.KluctlDeployment
-	err := k.Client.Get(context.TODO(), key, &kd)
+	err := suite.k.Client.Get(context.TODO(), key, &kd)
 	g.Expect(err).To(Succeed())
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
 	update(&kd)
 
-	err = k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
+	err = suite.k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
 	g.Expect(err).To(Succeed())
 
 	return &kd
 }
 
-func TestGitOpsFieldManager(t *testing.T) {
-	g := NewWithT(t)
+func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
+	g := NewWithT(suite.T())
 
-	startKluctlController(t)
+	var kd kluctlv1.KluctlDeployment
+	kd.Name = key.Name
+	kd.Namespace = key.Namespace
+	err := suite.k.Client.Delete(context.Background(), &kd)
+	if err != nil && !errors.IsNotFound(err) {
+		g.Expect(err).To(Succeed())
+	}
+}
 
-	k := defaultCluster1
+func (suite *GitopsTestSuite) TestGitOpsFieldManager() {
+	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
@@ -164,23 +241,23 @@ data:
 `)},
 	}, nil)
 
-	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 		"k2":        42,
 	})
 
-	t.Run("initial deployment", func(t *testing.T) {
-		waitForCommit(t, k, key, getHeadRevision(t, p))
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
-	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
 	})
 
 	cm := &corev1.ConfigMap{}
 
-	t.Run("cm1 is deployed", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("cm1 is deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
@@ -189,13 +266,13 @@ data:
 		g.Expect(cm.Data).To(HaveKeyWithValue("k2", "43"))
 	})
 
-	t.Run("cm1 is modified and restored", func(t *testing.T) {
+	suite.Run("cm1 is modified and restored", func() {
 		cm.Data["k1"] = "v2"
-		err := k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
 		g.Expect(err).To(Succeed())
 
 		g.Eventually(func() bool {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "cm1",
 				Namespace: p.TestSlug(),
 			}, cm)
@@ -204,14 +281,14 @@ data:
 		}, timeout, time.Second).Should(BeTrue())
 	})
 
-	t.Run("cm1 gets a key added which is not modified by the controller", func(t *testing.T) {
+	suite.Run("cm1 gets a key added which is not modified by the controller", func() {
 		cm.Data["k1"] = "v2"
 		cm.Data["k3"] = "v3"
-		err := k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
 		g.Expect(err).To(Succeed())
 
 		g.Eventually(func() bool {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "cm1",
 				Namespace: p.TestSlug(),
 			}, cm)
@@ -222,18 +299,18 @@ data:
 		g.Expect(cm.Data).To(HaveKeyWithValue("k3", "v3"))
 	})
 
-	t.Run("cm1 gets modified with another field manager", func(t *testing.T) {
+	suite.Run("cm1 gets modified with another field manager", func() {
 		patch := client.MergeFrom(cm.DeepCopy())
 		cm.Data["k1"] = "v2"
 
-		err := k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
 		g.Expect(err).To(Succeed())
 
 		for i := 0; i < 2; i++ {
-			waitForReconcile(t, k, key)
+			suite.waitForReconcile(key)
 		}
 
-		err = k.Client.Get(context.TODO(), client.ObjectKey{
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
@@ -241,19 +318,19 @@ data:
 		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v2"))
 	})
 
-	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.ForceApply = true
 	})
 
-	t.Run("forceApply is true and cm1 gets restored even with another field manager", func(t *testing.T) {
+	suite.Run("forceApply is true and cm1 gets restored even with another field manager", func() {
 		patch := client.MergeFrom(cm.DeepCopy())
 		cm.Data["k1"] = "v2"
 
-		err := k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
 		g.Expect(err).To(Succeed())
 
 		g.Eventually(func() bool {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "cm1",
 				Namespace: p.TestSlug(),
 			}, cm)
@@ -263,24 +340,21 @@ data:
 	})
 }
 
-func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
-	g := NewWithT(t)
-	startKluctlController(t)
+func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Helm() {
+	g := NewWithT(suite.T())
 
-	k := defaultCluster1
-
-	p := test_utils.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+	repoUrl := test_utils.CreateHelmRepo(suite.T(), []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 	}, "", "")
-	repoUrlWithCreds := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+	repoUrlWithCreds := test_utils.CreateHelmRepo(suite.T(), []test_utils.RepoChart{
 		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "test-user", "test-password")
-	ociRepoUrlWithCreds := test_utils.CreateOciRepo(t, []test_utils.RepoChart{
+	ociRepoUrlWithCreds := test_utils.CreateOciRepo(suite.T(), []test_utils.RepoChart{
 		{ChartName: "test-chart3", Version: "0.1.0"},
 	}, "test-user", "test-password")
 
@@ -290,16 +364,16 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 		return nil
 	}, "")
 
-	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 	})
 
-	waitForCommit(t, k, key, getHeadRevision(t, p))
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 	cm := &corev1.ConfigMap{}
 
-	t.Run("chart got deployed", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("chart got deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "test-helm-1-test-chart1",
 			Namespace: p.TestSlug(),
 		}, cm)
@@ -315,9 +389,9 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 
 	kd := &kluctlv1.KluctlDeployment{}
 
-	t.Run("chart with credentials fails with 401", func(t *testing.T) {
+	suite.Run("chart with credentials fails with 401", func() {
 		g.Eventually(func() bool {
-			err := k.Client.Get(context.TODO(), key, kd)
+			err := suite.k.Client.Get(context.TODO(), key, kd)
 			g.Expect(err).To(Succeed())
 			for _, c := range kd.Status.Conditions {
 				_ = c
@@ -340,16 +414,16 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 			"password": []byte("test-password"),
 		},
 	}
-	err := k.Client.Create(context.TODO(), credsSecret)
+	err := suite.k.Client.Create(context.TODO(), credsSecret)
 	g.Expect(err).To(Succeed())
 
-	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"}})
 	})
 
-	t.Run("chart with credentials succeeds", func(t *testing.T) {
+	suite.Run("chart with credentials succeeds", func() {
 		g.Eventually(func() bool {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "test-helm-2-test-chart2",
 				Namespace: p.TestSlug(),
 			}, cm)
@@ -367,9 +441,9 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 		return nil
 	}, "")
 
-	t.Run("OCI chart with credentials fails with 401", func(t *testing.T) {
+	suite.Run("OCI chart with credentials fails with 401", func() {
 		g.Eventually(func() bool {
-			err = k.Client.Get(context.TODO(), key, kd)
+			err = suite.k.Client.Get(context.TODO(), key, kd)
 			g.Expect(err).To(Succeed())
 			for _, c := range kd.Status.Conditions {
 				_ = c
@@ -430,14 +504,11 @@ func TestKluctlDeploymentReconciler_Helm(t *testing.T) {
 		})*/
 }
 
-func TestKluctlDeploymentReconciler_Prune(t *testing.T) {
-	g := NewWithT(t)
-	startKluctlController(t)
-
-	k := defaultCluster1
+func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Prune() {
+	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 
@@ -462,21 +533,21 @@ data:
 `)},
 	}, nil)
 
-	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 	})
 
-	waitForCommit(t, k, key, getHeadRevision(t, p))
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 	cm := &corev1.ConfigMap{}
 
-	t.Run("cm1 and cm2 got deployed", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("cm1 and cm2 got deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
 		g.Expect(err).To(Succeed())
-		err = k.Client.Get(context.TODO(), client.ObjectKey{
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm2",
 			Namespace: p.TestSlug(),
 		}, cm)
@@ -490,39 +561,39 @@ data:
 
 	g.Eventually(func() bool {
 		var obj kluctlv1.KluctlDeployment
-		_ = k.Client.Get(context.Background(), key, &obj)
+		_ = suite.k.Client.Get(context.Background(), key, &obj)
 		if obj.Status.LastDeployResult == nil {
 			return false
 		}
-		return obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(t, p)
+		return obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(suite.T(), p)
 	}, timeout, time.Second).Should(BeTrue())
 
-	t.Run("cm1 and cm2 were not deleted", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("cm1 and cm2 were not deleted", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
 		g.Expect(err).To(Succeed())
-		err = k.Client.Get(context.TODO(), client.ObjectKey{
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm2",
 			Namespace: p.TestSlug(),
 		}, cm)
 		g.Expect(err).To(Succeed())
 	})
 
-	updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.Prune = true
 	})
 
-	waitForReconcile(t, k, key)
+	suite.waitForReconcile(key)
 
-	t.Run("cm1 did not get deleted and cm2 got deleted", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("cm1 did not get deleted and cm2 got deleted", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
 		g.Expect(err).To(Succeed())
-		err = k.Client.Get(context.TODO(), client.ObjectKey{
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm2",
 			Namespace: p.TestSlug(),
 		}, cm)
@@ -530,14 +601,11 @@ data:
 	})
 }
 
-func doTestDelete(t *testing.T, delete bool) {
-	g := NewWithT(t)
-	startKluctlController(t)
-
-	k := defaultCluster1
+func (suite *GitopsTestSuite) doTestDelete(delete bool) {
+	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 
@@ -552,31 +620,31 @@ data:
 `)},
 	}, nil)
 
-	key := createKluctlDeployment(t, p, k, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 	})
 
-	kd := updateKluctlDeployment(t, k, key, func(kd *kluctlv1.KluctlDeployment) {
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.Delete = delete
 	})
 
-	waitForCommit(t, k, key, getHeadRevision(t, p))
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 	cm := &corev1.ConfigMap{}
 
-	t.Run("cm1 got deployed", func(t *testing.T) {
-		err := k.Client.Get(context.TODO(), client.ObjectKey{
+	suite.Run("cm1 got deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 			Name:      "cm1",
 			Namespace: p.TestSlug(),
 		}, cm)
 		g.Expect(err).To(Succeed())
 	})
 
-	g.Expect(k.Client.Delete(context.TODO(), kd)).To(Succeed())
+	suite.deleteKluctlDeployment(key)
 
 	g.Eventually(func() bool {
 		var obj kluctlv1.KluctlDeployment
-		err := k.Client.Get(context.Background(), key, &obj)
+		err := suite.k.Client.Get(context.Background(), key, &obj)
 		if err == nil {
 			return false
 		}
@@ -587,16 +655,16 @@ data:
 	}, timeout, time.Second).Should(BeTrue())
 
 	if delete {
-		t.Run("cm1 was deleted", func(t *testing.T) {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+		suite.Run("cm1 was deleted", func() {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "cm1",
 				Namespace: p.TestSlug(),
 			}, cm)
 			g.Expect(err).To(MatchError("configmaps \"cm1\" not found"))
 		})
 	} else {
-		t.Run("cm1 was not deleted", func(t *testing.T) {
-			err := k.Client.Get(context.TODO(), client.ObjectKey{
+		suite.Run("cm1 was not deleted", func() {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
 				Name:      "cm1",
 				Namespace: p.TestSlug(),
 			}, cm)
@@ -605,10 +673,15 @@ data:
 	}
 }
 
-func TestKluctlDeploymentReconciler_Delete_True(t *testing.T) {
-	doTestDelete(t, true)
+func (suite *GitopsTestSuite) Test_Delete_True() {
+	suite.doTestDelete(true)
+}
+
+func (suite *GitopsTestSuite) Test_Delete_False() {
+	suite.doTestDelete(false)
 }
 
-func TestKluctlDeploymentReconciler_Delete_False(t *testing.T) {
-	doTestDelete(t, false)
+func TestGitOps(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitopsTestSuite))
 }

From 8047bed47e72d36291ee86ddbc9e4a2153dacfac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 May 2023 15:34:17 +0200
Subject: [PATCH 1016/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/controller.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/commands/controller.md b/docs/reference/commands/controller.md
index a7584c0b7..588b04f6e 100644
--- a/docs/reference/commands/controller.md
+++ b/docs/reference/commands/controller.md
@@ -26,9 +26,11 @@ The following arguments are available:
 Controller:
   Controller arguments.
 
+      --context string                     Override the context to use.
       --default-service-account string     Default service account used for impersonation.
       --dry-run                            Run all deployments in dryRun=true mode.
       --health-probe-bind-address string   The address the probe endpoint binds to. (default ":8081")
+      --kubeconfig string                  Override the kubeconfig to use.
       --leader-elect                       Enable leader election for controller manager. Enabling this will
                                            ensure there is only one active controller manager.
       --metrics-bind-address string        The address the metric endpoint binds to. (default ":8080")

From 8faca6ef582d41045b3e0ca92bf7852f94a5805e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 May 2023 16:13:18 +0200
Subject: [PATCH 1017/2268] chore(deps): Bump github.com/mattn/go-isatty from
 0.0.18 to 0.0.19 (#493)

Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.18 to 0.0.19.
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.18...v0.0.19)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fb641e2f3..0c06edca2 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
 	github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mattn/go-isatty v0.0.18
+	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.18.5
diff --git a/go.sum b/go.sum
index e6e48f5e8..1d9641d4f 100644
--- a/go.sum
+++ b/go.sum
@@ -591,8 +591,8 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
-github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=

From b14d199eb218ba1ff70533d9138238dcd797599d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 22 May 2023 17:02:42 +0200
Subject: [PATCH 1018/2268] ci: Only run manifests/generate targets on test
 target (#494)

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index a2bbf37e2..adc7a5a7c 100644
--- a/Makefile
+++ b/Makefile
@@ -70,14 +70,14 @@ vet: ## Run go vet against code.
 	go vet ./...
 
 .PHONY: test
-test: test-unit test-e2e fmt vet ## Run all tests.
+test: manifests generate test-unit test-e2e fmt vet ## Run all tests.
 
 .PHONY: test-unit
 test-unit: ## Run unit tests.
 	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out
 
 .PHONY: test-e2e
-test-e2e: manifests generate envtest ## Run e2e tests.
+test-e2e: envtest ## Run e2e tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(RACE) ./e2e -coverprofile cover.out
 
 replace-commands-help: ## Replace commands help in docs

From f35f839e22d781c7b6cbb8f67229e035e38441b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 07:35:17 +0200
Subject: [PATCH 1019/2268] chore(deps): Bump
 github.com/hashicorp/go-retryablehttp (#496)

Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.2.
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0c06edca2..0cd0314ef 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/go-retryablehttp v0.7.1
+	github.com/hashicorp/go-retryablehttp v0.7.2
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.7
 	github.com/otiai10/copy v1.11.0
diff --git a/go.sum b/go.sum
index 1d9641d4f..4bcbe7a52 100644
--- a/go.sum
+++ b/go.sum
@@ -458,8 +458,8 @@ github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
+github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=

From 832624cd973a65fe8717a9aec6b42d31380a24b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 07:35:56 +0200
Subject: [PATCH 1020/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azidentity (#497)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v1.1...sdk/azcore/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  9 ++++-----
 go.sum | 23 +++++++++--------------
 2 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/go.mod b/go.mod
index 0cd0314ef..6864047a7 100644
--- a/go.mod
+++ b/go.mod
@@ -52,8 +52,8 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.25
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.24
@@ -84,11 +84,11 @@ require (
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/kms v1.10.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@@ -141,7 +141,6 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
diff --git a/go.sum b/go.sum
index 4bcbe7a52..48f663318 100644
--- a/go.sum
+++ b/go.sum
@@ -54,12 +54,12 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1/go.mod h1:yOYJv0tO0TTNcje8ahhBHQcdAiYqRIp5fsog5FPefr4=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
@@ -68,8 +68,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2 h1:BGX4OiGP9htYSd6M3pAZctcUUSruhIAUVkv2X0Cn9yE=
-github.com/AzureAD/microsoft-authentication-library-for-go v0.5.2/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -215,7 +215,7 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
-github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
+github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
 github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
@@ -329,9 +329,6 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
@@ -644,7 +641,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
-github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -679,7 +675,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
-github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=

From 1fb3178e51752d85635684798264051a63918f94 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 07:36:17 +0200
Subject: [PATCH 1021/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#492)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.13.0 to 10.14.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.13.0...v10.14.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  5 +++--
 go.sum | 10 ++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 6864047a7..825eafab4 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.21.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.13.0
+	github.com/go-playground/validator/v10 v10.14.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.15.2
@@ -129,6 +129,7 @@ require (
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
@@ -171,7 +172,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.3 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
diff --git a/go.sum b/go.sum
index 48f663318..b868dcef2 100644
--- a/go.sum
+++ b/go.sum
@@ -265,6 +265,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
@@ -308,8 +310,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.13.0 h1:cFRQdfaSMCOSfGCCLB20MHvuoHb/s5G8L5pu2ppK5AQ=
-github.com/go-playground/validator/v10 v10.13.0/go.mod h1:dwu7+CG8/CtBiJFZDz4e+5Upb6OLw04gtBYw0mcG/z4=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -554,8 +556,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA=
-github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=

From e3ae4f140e14bba9305a5762a5ff3d4b6f6a5d7f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 08:20:15 +0200
Subject: [PATCH 1022/2268] ci: Fix windows tests (#495)

* ci: Fix windows path being used in Makefile

* ci: Reset caches
---
 .github/workflows/tests.yml | 4 ++--
 Makefile                    | 9 +++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 851719d81..8559911f4 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -73,9 +73,9 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: tests1-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+          key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            tests1-go-${{ runner.os }}-
+            tests-go-${{ runner.os }}-
       - name: Run unit tests
         shell: bash
         run: |
diff --git a/Makefile b/Makefile
index adc7a5a7c..46c182d03 100644
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,11 @@ ifeq ($(GOOS), linux)
 RACE=-race
 endif
 
+PATHCONF=cat
+ifeq ($(GOOS), windows)
+PATHCONF=cygpath -f- -u
+endif
+
 # Image URL to use all building/pushing image targets
 IMG ?= kluctl/kluctl:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
@@ -74,11 +79,11 @@ test: manifests generate test-unit test-e2e fmt vet ## Run all tests.
 
 .PHONY: test-unit
 test-unit: ## Run unit tests.
-	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out
+	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out -test.v
 
 .PHONY: test-e2e
 test-e2e: envtest ## Run e2e tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $(RACE) ./e2e -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -coverprofile cover.out -test.v
 
 replace-commands-help: ## Replace commands help in docs
 	go run ./internal/replace-commands-help --docs-dir ./docs/reference/commands

From 53df330aba232e23910d8feca77d226070636bc7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 09:23:09 +0200
Subject: [PATCH 1023/2268] fix: Make metrics package non-internal and don't
 register metrics on init (#499)

* chore: Move metrics out of internal package

It needs to be used by the legacy flux-kluctl-controller

* fix: Don't register metrics collectors in global init()
---
 cmd/kluctl/commands/cmd_controller.go                  | 10 ++++------
 pkg/controllers/kluctl_project.go                      |  2 +-
 pkg/controllers/kluctldeployment_controller.go         |  2 +-
 .../{internal => }/metrics/kluctl_project.go           |  0
 .../metrics/kluctldeployment_controller.go             |  0
 5 files changed, 6 insertions(+), 8 deletions(-)
 rename pkg/controllers/{internal => }/metrics/kluctl_project.go (100%)
 rename pkg/controllers/{internal => }/metrics/kluctldeployment_controller.go (100%)

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index 132e7a55b..e96e67773 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -26,14 +26,9 @@ import (
 )
 
 var (
-	setupLog        = ctrl.Log.WithName("setup")
-	metricsRecorder = metrics.NewRecorder()
+	setupLog = ctrl.Log.WithName("setup")
 )
 
-func init() {
-	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
-}
-
 const controllerName = "kluctl-controller"
 
 type controllerCmd struct {
@@ -69,6 +64,9 @@ func (cmd *controllerCmd) initScheme() {
 func (cmd *controllerCmd) Run(ctx context.Context) error {
 	cmd.initScheme()
 
+	metricsRecorder := metrics.NewRecorder()
+	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
+
 	opts := zap.Options{
 		Development: true,
 	}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index d0c306032..d6ca5372e 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/go-jinja2"
-	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
+	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 5e9653f2d..86dd5e118 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/internal/metrics"
+	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
diff --git a/pkg/controllers/internal/metrics/kluctl_project.go b/pkg/controllers/metrics/kluctl_project.go
similarity index 100%
rename from pkg/controllers/internal/metrics/kluctl_project.go
rename to pkg/controllers/metrics/kluctl_project.go
diff --git a/pkg/controllers/internal/metrics/kluctldeployment_controller.go b/pkg/controllers/metrics/kluctldeployment_controller.go
similarity index 100%
rename from pkg/controllers/internal/metrics/kluctldeployment_controller.go
rename to pkg/controllers/metrics/kluctldeployment_controller.go

From 83639459e7bc8123e39309d8a8c08ddc0149122b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 10:29:51 +0200
Subject: [PATCH 1024/2268] feat: Disable writing of command results by default

---
 cmd/kluctl/args/project.go   | 2 +-
 cmd/kluctl/commands/utils.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 893c5062e..21468a46b 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -43,7 +43,7 @@ type TargetFlags struct {
 }
 
 type CommandResultFlags struct {
-	NoWriteCommandResult    bool   `group:"results" help:"Disable writing of command results into the cluster."`
+	WriteCommandResult      bool   `group:"results" help:"Enable writing of command results into the cluster."`
 	ForceWriteCommandResult bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
 	CommandResultNamespace  string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
 	KeepCommandResultsCount int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0bcb6bcbf..630199ca5 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -200,7 +200,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	var resultStore results.ResultStore
-	if args.commandResultFlags != nil && !args.commandResultFlags.NoWriteCommandResult {
+	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
 		rc, err := targetCtx.SharedContext.K.ToRESTConfig()
 		if err != nil {
 			return err

From 0a694c74758d13585b13959aec8c4ab75d9dc0c2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 10:34:21 +0200
Subject: [PATCH 1025/2268] feat: Make writing of results configurable in the
 controller

---
 cmd/kluctl/commands/cmd_controller.go                | 12 ++++++++++++
 pkg/controllers/kluctldeployment_controller_setup.go |  7 -------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index e96e67773..c0baaa66a 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -4,8 +4,10 @@ import (
 	"context"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -43,6 +45,8 @@ type controllerCmd struct {
 
 	DefaultServiceAccount string `group:"controller" help:"Default service account used for impersonation."`
 	DryRun                bool   `group:"controller" help:"Run all deployments in dryRun=true mode."`
+
+	args.CommandResultFlags
 }
 
 func (cmd *controllerCmd) Help() string {
@@ -133,6 +137,14 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 		SshPool:               sshPool,
 	}
 
+	if cmd.WriteCommandResult {
+		resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
+		if err != nil {
+			return err
+		}
+		r.ResultStore = resultStore
+	}
+
 	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
 		HTTPRetry: 9,
 	}); err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index 0f8fe2e73..c0ca400d8 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/pkg/results"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
@@ -22,12 +21,6 @@ func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr c
 	httpClient.Logger = nil
 	r.httpClient = httpClient
 
-	resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), "kluctl-results", 10)
-	if err != nil {
-		return err
-	}
-	r.ResultStore = resultStore
-
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&kluctlv1.KluctlDeployment{}, builder.WithPredicates(
 			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}, DeployRequestedPredicate{}),

From fd1b7ee1b1b034b546aea81f51879e99ceaa2dea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 13:39:36 +0200
Subject: [PATCH 1026/2268] fix: Don't use ctrl.SetupSignalHandler()

This caused ctrl+c not reacting as expected, as one needed 2 strokes to
make it work.
---
 cmd/kluctl/commands/root.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 51b37957c..74559d894 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -25,7 +25,6 @@ import (
 	"os"
 	"path/filepath"
 	"runtime/pprof"
-	ctrl "sigs.k8s.io/controller-runtime"
 	"strings"
 	"time"
 
@@ -111,6 +110,7 @@ func redirectLogsAndStderr(ctxGetter func() context.Context) {
 	klog.LogToStderr(false)
 	klog.SetOutput(lr1)
 	log.SetOutput(lr2)
+	//ctrl.SetLogger(klog.NewKlogr())
 
 	pr, pw, err := os.Pipe()
 	if err != nil {
@@ -222,7 +222,7 @@ func initViper(ctx context.Context) {
 
 func Main() {
 	colorable.EnableColorsStdout(nil)
-	ctx := ctrl.SetupSignalHandler()
+	ctx := context.Background()
 
 	ctx = initStatusHandler(ctx, false, true)
 	redirectLogsAndStderr(func() context.Context {

From 5fc26667b33744ec6a58208f5665b1501572a080 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 13:39:49 +0200
Subject: [PATCH 1027/2268] tests: Add command results tests

---
 e2e/gitops_test.go  |   1 +
 e2e/results_test.go | 100 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 101 insertions(+)
 create mode 100644 e2e/results_test.go

diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 191a65c5b..1df30c7fa 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -100,6 +100,7 @@ func (suite *GitopsTestSuite) startController() {
 		tmpKubeconfig,
 		"--context",
 		"context1",
+		"--write-command-result",
 	}
 	done := make(chan struct{})
 	go func() {
diff --git a/e2e/results_test.go b/e2e/results_test.go
new file mode 100644
index 000000000..b2ceea17d
--- /dev/null
+++ b/e2e/results_test.go
@@ -0,0 +1,100 @@
+package e2e
+
+import (
+	"context"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func assertSummary(t *testing.T, expected result.CommandResultSummary, actual result.CommandResultSummary) {
+	assert.Equal(t, expected.AppliedObjects, actual.AppliedObjects)
+	assert.Equal(t, expected.NewObjects, actual.NewObjects)
+	assert.Equal(t, expected.ChangedObjects, actual.ChangedObjects)
+	assert.Equal(t, expected.OrphanObjects, actual.OrphanObjects)
+	assert.Equal(t, expected.DeletedObjects, actual.DeletedObjects)
+	assert.Equal(t, expected.Errors, actual.Errors)
+	assert.Equal(t, expected.Warnings, actual.Warnings)
+	assert.Equal(t, expected.TotalChanges, actual.TotalChanges)
+}
+
+func TestWriteResult(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"d1": "v1",
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm")
+
+	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, nil, "kluctl-results", 0)
+	assert.NoError(t, err)
+
+	summaries, err := rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	assert.NoError(t, err)
+	assert.Len(t, summaries, 1)
+	assertSummary(t, result.CommandResultSummary{
+		AppliedObjects: 1,
+		NewObjects:     1,
+	}, summaries[0])
+
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateYaml("cm/configmap-cm.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v2", "data", "d1")
+		return nil
+	}, "")
+	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+
+	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	assert.NoError(t, err)
+	assert.Len(t, summaries, 2)
+	assertSummary(t, result.CommandResultSummary{
+		AppliedObjects: 2,
+		NewObjects:     1,
+		ChangedObjects: 1,
+		TotalChanges:   1,
+	}, summaries[0])
+
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.RemoveNestedField("deployments", 1)
+		return nil
+	})
+	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+
+	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	assert.NoError(t, err)
+	assert.Len(t, summaries, 3)
+	assertSummary(t, result.CommandResultSummary{
+		AppliedObjects: 1,
+		OrphanObjects:  1,
+	}, summaries[0])
+
+	p.KluctlMust("prune", "--yes", "-t", "test", "--write-command-result")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+
+	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	assert.NoError(t, err)
+	assert.Len(t, summaries, 4)
+	assertSummary(t, result.CommandResultSummary{
+		DeletedObjects: 1,
+	}, summaries[0])
+}

From 863004016fac114154d1335e836bb6b23e8ecc23 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 13:49:50 +0200
Subject: [PATCH 1028/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/common-arguments.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 055c8e2cb..192cf6433 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -138,7 +138,7 @@ Command Results:
                                           "kluctl-results")
       --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
       --keep-command-results-count int    Configure how many old command results to keep. (default 10)
-      --no-write-command-result           Disable writing of command results into the cluster.
+      --write-command-result              Enable writing of command results into the cluster.
 
 ```
 <!-- END SECTION -->

From 756c528769045e1eaefb04404245ee648d17345d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 15:15:32 +0200
Subject: [PATCH 1029/2268] refactor: Add controller-runtime client to
 K8sCluster

---
 pkg/k8s/client.go              |  8 ++++++++
 pkg/k8s/client_factory.go      | 13 +++++++++++++
 pkg/k8s/fake_client_factory.go | 12 ++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 2d8069549..32beb055f 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -7,6 +7,7 @@ import (
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type k8sClients struct {
@@ -17,6 +18,8 @@ type k8sClients struct {
 }
 
 type parallelClientEntry struct {
+	client client.Client
+
 	corev1         corev1.CoreV1Interface
 	dynamicClient  dynamic.Interface
 	metadataClient metadata.Interface
@@ -51,6 +54,11 @@ func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int)
 	for i := 0; i < count; i++ {
 		p := &parallelClientEntry{}
 
+		p.client, err = clientFactory.Client(p)
+		if err != nil {
+			return nil, err
+		}
+
 		p.corev1, err = clientFactory.CoreV1Client(p)
 		if err != nil {
 			return nil, err
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 2edff9b44..594ddecc1 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -13,6 +13,7 @@ import (
 	"net/http"
 	"net/url"
 	"path/filepath"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
@@ -22,6 +23,8 @@ type ClientFactory interface {
 
 	CloseIdleConnections()
 
+	Client(wh rest.WarningHandler) (client.Client, error)
+
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
 	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
 	DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error)
@@ -42,6 +45,16 @@ func (r *realClientFactory) GetCA() []byte {
 	return r.config.CAData
 }
 
+func (r *realClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
+	config := rest.CopyConfig(r.config)
+	config.WarningHandler = wh
+	return client.New(config, client.Options{
+		WarningHandler: client.WarningHandlerOptions{
+			SuppressWarnings: true,
+		},
+	})
+}
+
 func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
 	apiHost, err := url.Parse(r.config.Host)
 	if err != nil {
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 2de043f74..6ea0dd26d 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -16,6 +16,8 @@ import (
 	fake_metadata "k8s.io/client-go/metadata/fake"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/testing"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	fake2 "sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/kustomize/kyaml/openapi"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 	"strings"
@@ -25,6 +27,7 @@ type fakeClientFactory struct {
 	clientSet      *fake.Clientset
 	dynamicClient  *fake_dynamic.FakeDynamicClient
 	metadataClient *fake_metadata.FakeMetadataClient
+	clientBuilder  *fake2.ClientBuilder
 }
 
 func (f *fakeClientFactory) RESTConfig() *rest.Config {
@@ -38,6 +41,10 @@ func (f *fakeClientFactory) GetCA() []byte {
 func (f *fakeClientFactory) CloseIdleConnections() {
 }
 
+func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
+	return f.clientBuilder.Build(), nil
+}
+
 func (f *fakeClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
 	return f.clientSet.Discovery(), nil
 }
@@ -65,10 +72,15 @@ func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
 	dynamicClient := fake_dynamic.NewSimpleDynamicClient(scheme, objects...)
 	metadataClient := fake_metadata.NewSimpleMetadataClient(scheme, objects...)
 
+	clientBuilder := fake2.NewClientBuilder().
+		WithScheme(scheme).
+		WithRuntimeObjects(objects...)
+
 	return &fakeClientFactory{
 		clientSet:      clientSet,
 		dynamicClient:  dynamicClient,
 		metadataClient: metadataClient,
+		clientBuilder:  clientBuilder,
 	}
 }
 

From 1e8daf502bfdb5e8fff3853e585e10a46b1cb3e9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 16:34:27 +0200
Subject: [PATCH 1030/2268] refactor: Use controller-runtime client for
 Get/List/Patch/Update/Delete

---
 pkg/deployment/utils/apply_utils.go |   6 +-
 pkg/k8s/client.go                   |  18 +--
 pkg/k8s/k8s_cluster.go              | 205 +++++++++++-----------------
 pkg/seal/bootstrap.go               |   4 +-
 4 files changed, 94 insertions(+), 139 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 6a7847e51..72e1c0289 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -250,7 +250,7 @@ func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool,
 		o := k8s.PatchOptions{
 			ForceDryRun: a.o.DryRun,
 		}
-		r, apiWarnings, err := a.k.PatchObject(x, o)
+		r, apiWarnings, err := a.k.ApplyObject(x, o)
 		a.handleApiWarnings(ref, apiWarnings)
 		if err != nil {
 			a.HandleError(ref, err)
@@ -324,7 +324,7 @@ func (a *ApplyUtil) retryApplyWithConflicts(x *uo.UnstructuredObject, hook bool,
 		ForceDryRun: a.o.DryRun,
 		ForceApply:  true,
 	}
-	r, apiWarnings, err := a.k.PatchObject(x2, options)
+	r, apiWarnings, err := a.k.ApplyObject(x2, options)
 	a.handleApiWarnings(ref, apiWarnings)
 	if err != nil {
 		// We didn't manage to solve it, better to abort (and not retry with replace!)
@@ -367,7 +367,7 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 	options := k8s.PatchOptions{
 		ForceDryRun: a.o.DryRun,
 	}
-	r, apiWarnings, err := a.k.PatchObject(x, options)
+	r, apiWarnings, err := a.k.ApplyObject(x, options)
 	if r != nil && usesDummyName {
 		tmpName := r.GetK8sName()
 		_ = r.ReplaceKeys(tmpName, ref.Name)
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 32beb055f..fe0044ebc 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -102,6 +102,16 @@ func (k *k8sClients) withClientFromPool(cb func(p *parallelClientEntry) error) (
 	}
 }
 
+func (k *k8sClients) withCClientFromPool(dryRun bool, cb func(c client.Client) error) ([]ApiWarning, error) {
+	return k.withClientFromPool(func(p *parallelClientEntry) error {
+		c := p.client
+		if dryRun {
+			c = client.NewDryRunClient(c)
+		}
+		return cb(c)
+	})
+}
+
 func (k *k8sClients) withDynamicClientForGVR(gvr *schema.GroupVersionResource, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
 	return k.withClientFromPool(func(p *parallelClientEntry) error {
 		if namespace != "" {
@@ -111,11 +121,3 @@ func (k *k8sClients) withDynamicClientForGVR(gvr *schema.GroupVersionResource, n
 		}
 	})
 }
-
-func (k *k8sClients) withDynamicClientForGVK(resources *k8sResources, gvk schema.GroupVersionKind, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
-	gvr, err := resources.GetGVRForGVK(gvk)
-	if err != nil {
-		return nil, err
-	}
-	return k.withDynamicClientForGVR(gvr, namespace, cb)
-}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index be727ffd8..4353326ad 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -2,11 +2,11 @@ package k8s
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"io"
-	"k8s.io/client-go/metadata"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"net/http"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"sync"
 	"time"
@@ -17,15 +17,12 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/dynamic"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/restmapper"
@@ -120,72 +117,57 @@ func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
 	return ret
 }
 
-func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
-	var result []*uo.UnstructuredObject
-
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, gvk, namespace, func(r dynamic.ResourceInterface) error {
-		o := v1.ListOptions{
-			LabelSelector: k.buildLabelSelector(labels),
-		}
-		x, err := r.List(k.ctx, o)
-		if err != nil {
-			return err
-		}
-		for _, o := range x.Items {
-			result = append(result, uo.FromUnstructured(&o))
-		}
-		return nil
+func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
+	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+		return c.List(k.ctx, l, client.InNamespace(namespace), client.MatchingLabels(labels))
 	})
-	return result, apiWarnings, err
-}
-
-func (k *K8sCluster) ListMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
-	var result []*uo.UnstructuredObject
-
-	gvr, err := k.Resources.GetGVRForGVK(gvk)
 	if err != nil {
-		return nil, nil, err
+		return nil, apiWarnings, err
 	}
 
-	apiWarnings, err := k.clients.withClientFromPool(func(p *parallelClientEntry) error {
-		var r metadata.ResourceInterface
-		if namespace == "" {
-			r = p.metadataClient.Resource(*gvr)
-		} else {
-			r = p.metadataClient.Resource(*gvr).Namespace(namespace)
-		}
-		o := v1.ListOptions{
-			LabelSelector: k.buildLabelSelector(labels),
-		}
-		x, err := r.List(k.ctx, o)
-		if err != nil {
-			return err
+	var result []*uo.UnstructuredObject
+	if l2, ok := l.(*unstructured.UnstructuredList); ok {
+		for _, o := range l2.Items {
+			result = append(result, uo.FromUnstructured(&o))
 		}
-		for _, o := range x.Items {
-			u, err := uo.FromStruct(o)
+	} else if l2, ok := l.(*v1.PartialObjectMetadataList); ok {
+		for _, o := range l2.Items {
+			x, err := uo.FromStruct(&o)
 			if err != nil {
-				return err
+				return nil, apiWarnings, err
 			}
-			u.SetK8sGVK(gvk)
-			result = append(result, u)
+			result = append(result, x)
 		}
-		return nil
-	})
+	}
 	return result, apiWarnings, err
 }
+func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
+	var l unstructured.UnstructuredList
+	l.SetGroupVersionKind(gvk)
+	return k.doList(&l, namespace, labels)
+}
+
+func (k *K8sCluster) ListMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
+	var l v1.PartialObjectMetadataList
+	l.SetGroupVersionKind(gvk)
+	return k.doList(&l, namespace, labels)
+}
 
 func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
-	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
-		o := v1.GetOptions{}
-		x, err := r.Get(k.ctx, ref.Name, o)
-		if err != nil {
-			return err
-		}
-		result = uo.FromUnstructured(x)
-		return nil
+	var o unstructured.Unstructured
+	o.SetGroupVersionKind(ref.GroupVersionKind())
+
+	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+		return c.Get(k.ctx, client.ObjectKey{
+			Name:      ref.Name,
+			Namespace: ref.Namespace,
+		}, &o)
+
 	})
-	return result, apiWarnings, err
+	if err != nil {
+		return nil, apiWarnings, err
+	}
+	return uo.FromUnstructured(&o), apiWarnings, nil
 }
 
 type DeleteOptions struct {
@@ -197,25 +179,19 @@ type DeleteOptions struct {
 func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions) ([]ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
 
-	pp := v1.DeletePropagationBackground
-	o := v1.DeleteOptions{
-		PropagationPolicy: &pp,
-	}
-	if dryRun {
-		o.DryRun = []string{"All"}
-	}
+	var o unstructured.Unstructured
+	o.SetGroupVersionKind(ref.GroupVersionKind())
+	o.SetName(ref.Name)
+	o.SetNamespace(ref.Namespace)
 
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
-		err := r.Delete(k.ctx, ref.Name, o)
-		if err != nil {
-			if options.IgnoreNotFoundError && errors.IsNotFound(err) {
-				return nil
-			}
-			return err
-		}
-		return nil
+	apiWarnings, err := k.clients.withCClientFromPool(dryRun, func(c client.Client) error {
+		return c.Delete(k.ctx, &o, client.PropagationPolicy(v1.DeletePropagationBackground))
 	})
+
 	if err != nil {
+		if options.IgnoreNotFoundError && errors.IsNotFound(err) {
+			return apiWarnings, nil
+		}
 		return apiWarnings, err
 	}
 
@@ -342,54 +318,35 @@ type PatchOptions struct {
 	ForceApply  bool
 }
 
-func (k *K8sCluster) doPatch(ref k8s.ObjectRef, data []byte, patchType types.PatchType, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
-	dryRun := k.DryRun || options.ForceDryRun
+func (k *K8sCluster) doPatch(ref k8s.ObjectRef, obj client.Object, patch client.Patch, options PatchOptions) ([]ApiWarning, error) {
+	status.Trace(k.ctx, "patching %s", ref.String())
 
-	po := v1.PatchOptions{
-		FieldManager: "kluctl",
-	}
-	if dryRun {
-		po.DryRun = []string{"All"}
-	}
+	var opts []client.PatchOption
 	if options.ForceApply {
-		po.Force = &options.ForceApply
+		opts = append(opts, client.ForceOwnership)
 	}
+	if options.ForceDryRun {
+		opts = append(opts, client.DryRunAll)
+	}
+	opts = append(opts, client.FieldOwner("kluctl"))
 
-	status.Trace(k.ctx, "patching %s", ref.String())
-
-	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
-		x, err := r.Patch(k.ctx, ref.Name, patchType, data, po)
+	apiWarnings, err := k.clients.withCClientFromPool(k.DryRun, func(c client.Client) error {
+		err := c.Patch(k.ctx, obj, patch, opts...)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
 		}
-		result = uo.FromUnstructured(x)
 		return nil
 	})
-	return result, apiWarnings, err
+	return apiWarnings, err
 }
 
-func (k *K8sCluster) PatchObject(o *uo.UnstructuredObject, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
-	data, err := yaml.WriteYamlBytes(o)
+func (k *K8sCluster) ApplyObject(o *uo.UnstructuredObject, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
+	obj := o.Clone().ToUnstructured()
+	apiWarnings, err := k.doPatch(o.GetK8sRef(), obj, client.Apply, options)
 	if err != nil {
-		return nil, nil, err
+		return nil, apiWarnings, err
 	}
-
-	return k.doPatch(o.GetK8sRef(), data, types.ApplyPatchType, options)
-}
-
-type JsonPatch struct {
-	Op    string `json:"op"`
-	Path  string `json:"path"`
-	Value any    `json:"value"`
-}
-
-func (k *K8sCluster) PatchObjectWithJsonPatch(ref k8s.ObjectRef, patch interface{}, options PatchOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
-	data, err := json.Marshal(patch)
-	if err != nil {
-		return nil, nil, err
-	}
-	return k.doPatch(ref, data, types.JSONPatchType, options)
+	return uo.FromUnstructured(obj), apiWarnings, nil
 }
 
 type UpdateOptions struct {
@@ -397,28 +354,24 @@ type UpdateOptions struct {
 }
 
 func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOptions) (*uo.UnstructuredObject, []ApiWarning, error) {
-	dryRun := k.DryRun || options.ForceDryRun
 	ref := o.GetK8sRef()
-
-	updateOpts := v1.UpdateOptions{
-		FieldManager: "kluctl",
-	}
-	if dryRun {
-		updateOpts.DryRun = []string{"All"}
-	}
+	obj := o.Clone().ToUnstructured()
 
 	status.Trace(k.ctx, "updating %s", ref.String())
 
-	var result *uo.UnstructuredObject
-	apiWarnings, err := k.clients.withDynamicClientForGVK(k.Resources, ref.GroupVersionKind(), ref.Namespace, func(r dynamic.ResourceInterface) error {
-		x, err := r.Update(k.ctx, o.ToUnstructured(), updateOpts)
-		if err != nil {
-			return err
-		}
-		result = uo.FromUnstructured(x)
-		return nil
+	var opts []client.UpdateOption
+	if options.ForceDryRun {
+		opts = append(opts, client.DryRunAll)
+	}
+	opts = append(opts, client.FieldOwner("kluctl"))
+
+	apiWarnings, err := k.clients.withCClientFromPool(k.DryRun, func(c client.Client) error {
+		return c.Update(k.ctx, obj, opts...)
 	})
-	return result, apiWarnings, err
+	if err != nil {
+		return nil, apiWarnings, err
+	}
+	return uo.FromUnstructured(obj), apiWarnings, nil
 }
 
 // envtestProxyGet checks the environment variables KLUCTL_K8S_SERVICE_PROXY_XXX to enable testing of proxy requests with envtest
diff --git a/pkg/seal/bootstrap.go b/pkg/seal/bootstrap.go
index 81c786346..94932cafb 100644
--- a/pkg/seal/bootstrap.go
+++ b/pkg/seal/bootstrap.go
@@ -87,11 +87,11 @@ func writeKey(k *k8s.K8sCluster, key *rsa.PrivateKey, certs []*x509.Certificate,
 		v1.TLSCertKey: string(certbytes),
 	}
 
-	_, _, err := k.ReadWrite().PatchObject(secret, k8s.PatchOptions{})
+	_, _, err := k.ReadWrite().ApplyObject(secret, k8s.PatchOptions{})
 	if err != nil {
 		return err
 	}
-	_, _, err = k.ReadWrite().PatchObject(configMap, k8s.PatchOptions{})
+	_, _, err = k.ReadWrite().ApplyObject(configMap, k8s.PatchOptions{})
 	if err != nil {
 		return err
 	}

From 2f6772e14bcd33ffa956ca00215e57c7cee571fc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 16:34:54 +0200
Subject: [PATCH 1031/2268] refactor: Move IsNamespae/FixNamespace into
 K8sCluster

---
 pkg/deployment/deployment_item.go    |  2 +-
 pkg/deployment/utils/delete_utils.go |  2 +-
 pkg/helm/helm_release.go             |  2 +-
 pkg/k8s/k8s_cluster.go               | 45 ++++++++++++++++++++++++++++
 pkg/k8s/resources.go                 | 35 ----------------------
 5 files changed, 48 insertions(+), 38 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 982be5d05..b1ef0acba 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -581,7 +581,7 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 
 		_ = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
 			if di.ctx.K != nil {
-				di.ctx.K.Resources.FixNamespace(o, "default")
+				di.ctx.K.FixNamespace(o, "default")
 			}
 
 			// Set common labels/annotations
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 0cab9e94e..1ca1f49f5 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -40,7 +40,7 @@ var deleteOrder = [][]string{
 }
 
 func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef {
-	ref = k.Resources.FixNamespaceInRef(ref)
+	ref = k.FixNamespaceInRef(ref)
 	ref.Version = ""
 	return ref
 }
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 7295a7f29..2f6bd364a 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -260,7 +260,7 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 		// add the necessary namespace in the rendered resources
 		if k != nil {
 			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-				k.Resources.FixNamespace(o, namespace)
+				k.FixNamespace(o, namespace)
 				return nil
 			})
 			if err != nil {
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 4353326ad..8f0805761 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -424,6 +424,51 @@ func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params
 	return ret.Stream(k.ctx)
 }
 
+func (k *K8sCluster) IsNamespaced(gvk schema.GroupVersionKind) *bool {
+	var obj unstructured.Unstructured
+	obj.SetGroupVersionKind(gvk)
+
+	ret := false
+	_, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+		x, err := c.IsObjectNamespaced(&obj)
+		if err != nil {
+			return err
+		}
+		ret = x
+		return nil
+	})
+	if err != nil {
+		return nil
+	}
+	return &ret
+}
+
+func (k *K8sCluster) FixNamespace(o *uo.UnstructuredObject, def string) {
+	ref := o.GetK8sRef()
+	namespaced := k.IsNamespaced(ref.GroupVersionKind())
+	if namespaced == nil {
+		return
+	}
+	if !*namespaced && ref.Namespace != "" {
+		o.SetK8sNamespace("")
+	} else if *namespaced && ref.Namespace == "" {
+		o.SetK8sNamespace(def)
+	}
+}
+
+func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
+	namespaced := k.IsNamespaced(ref.GroupVersionKind())
+	if namespaced == nil {
+		return ref
+	}
+	if !*namespaced && ref.Namespace != "" {
+		ref.Namespace = ""
+	} else if *namespaced && ref.Namespace == "" {
+		ref.Namespace = "default"
+	}
+	return ref
+}
+
 func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
 	return k.clientFactory.RESTConfig(), nil
 }
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 902131e07..ec5188a7b 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -3,7 +3,6 @@ package k8s
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -242,40 +241,6 @@ func (k *k8sResources) UpdateResourcesFromCRD(crd *uo.UnstructuredObject) error
 	return nil
 }
 
-func (k *k8sResources) IsNamespaced(gv schema.GroupKind) *bool {
-	ar := k.GetPreferredResource(gv)
-	if ar == nil {
-		return nil
-	}
-	return &ar.Namespaced
-}
-
-func (k *k8sResources) FixNamespace(o *uo.UnstructuredObject, def string) {
-	ref := o.GetK8sRef()
-	namespaced := k.IsNamespaced(ref.GroupKind())
-	if namespaced == nil {
-		return
-	}
-	if !*namespaced && ref.Namespace != "" {
-		o.SetK8sNamespace("")
-	} else if *namespaced && ref.Namespace == "" {
-		o.SetK8sNamespace(def)
-	}
-}
-
-func (k *k8sResources) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
-	namespaced := k.IsNamespaced(ref.GroupKind())
-	if namespaced == nil {
-		return ref
-	}
-	if !*namespaced && ref.Namespace != "" {
-		ref.Namespace = ""
-	} else if *namespaced && ref.Namespace == "" {
-		ref.Namespace = "default"
-	}
-	return ref
-}
-
 func (k *k8sResources) GetAllGroupVersions() ([]schema.GroupVersion, error) {
 	k.mutex.Lock()
 	defer k.mutex.Unlock()

From 0c7ce866024b148c203a50d22e751201db505515 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 23 May 2023 23:28:30 +0200
Subject: [PATCH 1032/2268] refactor: Use RESTMapper instead of custom
 k8sResources implementation

---
 pkg/deployment/deployment_collection.go      |  11 -
 pkg/deployment/deployment_item.go            |  27 --
 pkg/deployment/utils/apply_utils.go          |  20 +-
 pkg/deployment/utils/delete_utils.go         |   6 +-
 pkg/deployment/utils/remote_objects_utils.go |   8 +-
 pkg/helm/helm_release.go                     |  16 +-
 pkg/k8s/client.go                            |  11 -
 pkg/k8s/client_factory.go                    |  51 ++-
 pkg/k8s/fake_client_factory.go               |   4 +
 pkg/k8s/k8s_cluster.go                       |  93 +++--
 pkg/k8s/resources.go                         | 347 ++-----------------
 pkg/validation/validation.go                 |   2 +-
 12 files changed, 183 insertions(+), 413 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 17faff1a6..7e099c31e 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -200,17 +200,6 @@ func (c *DeploymentCollection) buildKustomizeObjects() error {
 	s.Success()
 
 	s = status.Start(c.ctx.Ctx, "Postprocessing objects")
-	for _, d_ := range c.Deployments {
-		d := d_
-		g.RunE(func() error {
-			err := d.postprocessCRDs()
-			if err != nil {
-				return fmt.Errorf("postprocessing CRDs failed: %w", err)
-			}
-			return nil
-		})
-	}
-	g.Wait()
 
 	g = utils.NewGoHelper(c.ctx.Ctx, 16)
 	for _, d_ := range c.Deployments {
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b1ef0acba..d291acbd0 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -14,7 +14,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
 	"path"
 	"path/filepath"
@@ -541,32 +540,6 @@ func (di *DeploymentItem) buildKustomize() error {
 	return nil
 }
 
-var crdGV = schema.GroupKind{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition"}
-
-// postprocessCRDs will update api resources from freshly deployed CRDs
-// value even if the CRD is not deployed yet.
-func (di *DeploymentItem) postprocessCRDs() error {
-	if di.dir == nil {
-		return nil
-	}
-	if di.ctx.K == nil {
-		return nil
-	}
-
-	for _, o := range di.Objects {
-		gvk := o.GetK8sGVK()
-		if gvk.GroupKind() != crdGV {
-			continue
-		}
-
-		err := di.ctx.K.Resources.UpdateResourcesFromCRD(o)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (di *DeploymentItem) postprocessObjects(images *Images) error {
 	if di.dir == nil {
 		return nil
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 72e1c0289..a4d928ba9 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -373,11 +373,17 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		_ = r.ReplaceKeys(tmpName, ref.Name)
 		_ = r.ReplaceValues(tmpName, ref.Name)
 		r.SetK8sNamespace(ref.Namespace)
-	} else if a.o.DryRun && errors.IsNotFound(err) {
+	} else if meta.IsNoMatchError(err) {
 		if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
-			a.handleResult(x, hook)
-			a.HandleWarning(x.GetK8sRef(), fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
-			return
+			if a.o.DryRun {
+				a.handleResult(x, hook)
+				a.HandleWarning(x.GetK8sRef(), fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
+				return
+			} else {
+				// retry with invalidated discovery
+				a.k.ResetMapper()
+				r, apiWarnings, err = a.k.ApplyObject(x, options)
+			}
 		}
 	}
 	if r != nil && ref.GroupKind().String() == "Namespace" {
@@ -502,7 +508,11 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	toDelete := map[k8s2.ObjectRef]bool{}
 	for _, x := range d.Config.DeleteObjects {
-		for _, gvk := range a.k.Resources.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind)) {
+		gvks, err := a.k.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind))
+		if err != nil {
+			a.HandleError(k8s2.ObjectRef{}, err)
+		}
+		for _, gvk := range gvks {
 			ref := k8s2.ObjectRef{
 				Group:     gvk.Group,
 				Version:   gvk.Version,
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 1ca1f49f5..c32f41358 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -75,7 +75,11 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 	}
 
 	filteredResources := make(map[schema.GroupKind]bool)
-	for _, gvk := range k.Resources.GetFilteredPreferredGVKs(filterFunc) {
+	gvks, err := k.GetFilteredPreferredGVKs(filterFunc)
+	if err != nil {
+		return nil, err
+	}
+	for _, gvk := range gvks {
 		filteredResources[gvk.GroupKind()] = true
 	}
 
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 0676f86e8..6cee1e0b7 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	errors2 "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sync"
@@ -51,7 +52,7 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 	errCount := 0
 	permissionErrCount := 0
 
-	gvks := k.Resources.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
+	gvks, err := k.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
 		if onlyUsedGKs != nil {
 			gk := schema.GroupKind{
 				Group: ar.Group,
@@ -63,6 +64,9 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 		}
 		return utils.FindStrInSlice(ar.Verbs, "list") != -1
 	})
+	if err != nil {
+		return err
+	}
 
 	g := utils.NewGoHelper(u.ctx, 0)
 	for _, gvk := range gvks {
@@ -141,7 +145,7 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 			r, apiWarnings, err := k.GetSingleObject(ref)
 			u.dew.AddApiWarnings(ref, apiWarnings)
 			if err != nil {
-				if errors2.IsNotFound(err) {
+				if errors2.IsNotFound(err) || meta.IsNoMatchError(err) {
 					return
 				}
 				if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 2f6bd364a..a5f741722 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -203,7 +203,10 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	client.Replace = true
 	client.ClientOnly = true
 	client.KubeVersion = kubeVersion
-	client.APIVersions = hr.getApiVersions(k)
+	client.APIVersions, err = hr.getApiVersions(k)
+	if err != nil {
+		return err
+	}
 
 	if hr.Config.SkipCRDs {
 		client.SkipCRDs = true
@@ -281,14 +284,17 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	return nil
 }
 
-func (hr *Release) getApiVersions(k *k8s.K8sCluster) chartutil.VersionSet {
+func (hr *Release) getApiVersions(k *k8s.K8sCluster) (chartutil.VersionSet, error) {
 	if k == nil {
-		return nil
+		return nil, nil
 	}
 
 	m := map[string]bool{}
 
-	gvks := k.Resources.GetFilteredGVKs(nil)
+	gvks, err := k.GetFilteredGVKs(nil)
+	if err != nil {
+		return nil, err
+	}
 	for _, gvk := range gvks {
 		gvStr := gvk.GroupVersion().String()
 		m[gvStr] = true
@@ -301,7 +307,7 @@ func (hr *Release) getApiVersions(k *k8s.K8sCluster) chartutil.VersionSet {
 		ret = append(ret, id)
 	}
 
-	return ret
+	return ret, nil
 }
 
 func (hr *Release) parseRenderedManifests(s string) ([]*uo.UnstructuredObject, error) {
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index fe0044ebc..8cf3b6b75 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -3,7 +3,6 @@ package k8s
 import (
 	"context"
 	"fmt"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
@@ -111,13 +110,3 @@ func (k *k8sClients) withCClientFromPool(dryRun bool, cb func(c client.Client) e
 		return cb(c)
 	})
 }
-
-func (k *k8sClients) withDynamicClientForGVR(gvr *schema.GroupVersionResource, namespace string, cb func(r dynamic.ResourceInterface) error) ([]ApiWarning, error) {
-	return k.withClientFromPool(func(p *parallelClientEntry) error {
-		if namespace != "" {
-			return cb(p.dynamicClient.Resource(*gvr).Namespace(namespace))
-		} else {
-			return cb(p.dynamicClient.Resource(*gvr))
-		}
-	})
-}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 594ddecc1..049575e8e 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -3,12 +3,14 @@ package k8s
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/discovery/cached/disk"
 	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/metadata"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/restmapper"
 	"k8s.io/client-go/tools/clientcmd"
 	"net/http"
 	"net/url"
@@ -23,6 +25,7 @@ type ClientFactory interface {
 
 	CloseIdleConnections()
 
+	Mapper() meta.ResettableRESTMapper
 	Client(wh rest.WarningHandler) (client.Client, error)
 
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
@@ -35,6 +38,9 @@ type realClientFactory struct {
 	ctx        context.Context
 	config     *rest.Config
 	httpClient *http.Client
+
+	discoveryClient discovery.DiscoveryInterface
+	mapper          meta.ResettableRESTMapper
 }
 
 func (r *realClientFactory) RESTConfig() *rest.Config {
@@ -45,10 +51,16 @@ func (r *realClientFactory) GetCA() []byte {
 	return r.config.CAData
 }
 
+func (r *realClientFactory) Mapper() meta.ResettableRESTMapper {
+	return r.mapper
+}
+
 func (r *realClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
 	config := rest.CopyConfig(r.config)
 	config.WarningHandler = wh
+
 	return client.New(config, client.Options{
+		Mapper: r.mapper,
 		WarningHandler: client.WarningHandlerOptions{
 			SuppressWarnings: true,
 		},
@@ -56,16 +68,7 @@ func (r *realClientFactory) Client(wh rest.WarningHandler) (client.Client, error
 }
 
 func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
-	apiHost, err := url.Parse(r.config.Host)
-	if err != nil {
-		return nil, err
-	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(r.ctx), "kube-cache/discovery", apiHost.Hostname())
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(r.config), discoveryCacheDir, "", time.Hour*24)
-	if err != nil {
-		return nil, err
-	}
-	return discovery2, nil
+	return r.discoveryClient, nil
 }
 
 func (r *realClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
@@ -90,6 +93,19 @@ func (r *realClientFactory) CloseIdleConnections() {
 	r.httpClient.CloseIdleConnections()
 }
 
+func initDiscoveryClient(ctx context.Context, config *rest.Config) (discovery.CachedDiscoveryInterface, error) {
+	apiHost, err := url.Parse(config.Host)
+	if err != nil {
+		return nil, err
+	}
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", apiHost.Hostname())
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
+	if err != nil {
+		return nil, err
+	}
+	return discovery2, nil
+}
+
 func NewClientFactory(ctx context.Context, configIn *rest.Config) (ClientFactory, error) {
 	restConfig := rest.CopyConfig(configIn)
 	restConfig.QPS = 10
@@ -100,10 +116,19 @@ func NewClientFactory(ctx context.Context, configIn *rest.Config) (ClientFactory
 		return nil, err
 	}
 
+	dc, err := initDiscoveryClient(ctx, restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	mapper := restmapper.NewDeferredDiscoveryRESTMapper(dc)
+
 	return &realClientFactory{
-		ctx:        ctx,
-		config:     restConfig,
-		httpClient: httpClient,
+		ctx:             ctx,
+		config:          restConfig,
+		httpClient:      httpClient,
+		discoveryClient: dc,
+		mapper:          mapper,
 	}, nil
 }
 
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 6ea0dd26d..31abd072d 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -41,6 +41,10 @@ func (f *fakeClientFactory) GetCA() []byte {
 func (f *fakeClientFactory) CloseIdleConnections() {
 }
 
+func (f *fakeClientFactory) Mapper() meta.ResettableRESTMapper {
+	return nil
+}
+
 func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
 	return f.clientBuilder.Build(), nil
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 8f0805761..810e495f3 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -4,11 +4,12 @@ import (
 	"context"
 	"fmt"
 	"io"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"net/http"
+	"runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
-	"sync"
 	"time"
 
 	"github.com/Masterminds/semver/v3"
@@ -34,11 +35,11 @@ type K8sCluster struct {
 	DryRun bool
 
 	clientFactory ClientFactory
-	clients       *k8sClients
 
-	ServerVersion *version.Info
+	discovery discovery.DiscoveryInterface
+	clients   *k8sClients
 
-	Resources *k8sResources
+	ServerVersion *version.Info
 }
 
 func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool) (*K8sCluster, error) {
@@ -50,7 +51,7 @@ func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool
 		clientFactory: clientFactory,
 	}
 
-	k.Resources, err = newK8sResources(ctx, clientFactory)
+	k.discovery, err = clientFactory.DiscoveryClient()
 	if err != nil {
 		return nil, err
 	}
@@ -60,34 +61,12 @@ func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool
 		return nil, err
 	}
 
-	v, err := k.Resources.discovery.ServerVersion()
+	v, err := k.discovery.ServerVersion()
 	if err != nil {
 		return nil, err
 	}
 	k.ServerVersion = v
 
-	var wg sync.WaitGroup
-	wg.Add(2)
-
-	var err1 error
-	var err2 error
-	go func() {
-		err1 = k.Resources.updateResources()
-		wg.Done()
-	}()
-	go func() {
-		err2 = k.Resources.updateResourcesFromCRDs(k.clients)
-		wg.Done()
-	}()
-	wg.Wait()
-
-	if err1 != nil {
-		return nil, err1
-	}
-	if err2 != nil {
-		return nil, err2
-	}
-
 	return k, nil
 }
 
@@ -201,6 +180,7 @@ func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions
 			return apiWarnings, err
 		}
 	}
+
 	return apiWarnings, nil
 }
 
@@ -469,6 +449,63 @@ func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 	return ref
 }
 
+func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
+	if gvk.Kind == "KluctlDeployment" {
+		runtime.Breakpoint()
+	}
+
+	rms, err := k.clientFactory.Mapper().RESTMappings(gvk.GroupKind(), gvk.Version)
+	if err != nil {
+		return nil, err
+	}
+
+	var rm *meta.RESTMapping
+	for _, x := range rms {
+		if x.GroupVersionKind == gvk {
+			rm = x
+			break
+		}
+	}
+	if rm == nil {
+		return nil, fmt.Errorf("rest mapping not found")
+	}
+
+	ref := k8s.NewObjectRef(apiextensionsv1.GroupName, "v1", "CustomResourceDefinition", fmt.Sprintf("%s.%s", rm.Resource.Resource, gvk.Group), "")
+
+	crd, _, err := k.GetSingleObject(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	versions, ok, err := crd.GetNestedObjectList("spec", "versions")
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, fmt.Errorf("versions not found in CRD")
+	}
+
+	for _, v := range versions {
+		name, _, _ := v.GetNestedString("name")
+		if name != gvk.Version {
+			continue
+		}
+		s, ok, err := v.GetNestedObject("schema", "openAPIV3Schema")
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			return nil, fmt.Errorf("version %s has no schema", name)
+		}
+		return s, nil
+	}
+	return nil, fmt.Errorf("schema for %s not found", gvk.String())
+}
+
+func (k *K8sCluster) ResetMapper() {
+	k.clientFactory.Mapper().Reset()
+}
+
 func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
 	return k.clientFactory.RESTConfig(), nil
 }
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index ec5188a7b..8295b7498 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -1,20 +1,12 @@
 package k8s
 
 import (
-	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"k8s.io/apimachinery/pkg/api/meta"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/dynamic"
-	"runtime"
-	"sort"
+	"k8s.io/client-go/restmapper"
 	"strings"
-	"sync"
 )
 
 var (
@@ -24,49 +16,14 @@ var (
 	}
 )
 
-type k8sResources struct {
-	ctx       context.Context
-	discovery discovery.DiscoveryInterface
-
-	allResources       map[schema.GroupVersionKind]v1.APIResource
-	preferredResources map[schema.GroupKind]v1.APIResource
-	crds               map[schema.GroupKind]*uo.UnstructuredObject
-	mutex              sync.Mutex
-}
-
-func newK8sResources(ctx context.Context, clientFactory ClientFactory) (*k8sResources, error) {
-	k := &k8sResources{
-		ctx:                ctx,
-		allResources:       map[schema.GroupVersionKind]v1.APIResource{},
-		preferredResources: map[schema.GroupKind]v1.APIResource{},
-		crds:               map[schema.GroupKind]*uo.UnstructuredObject{},
-		mutex:              sync.Mutex{},
-	}
-
-	var err error
-	k.discovery, err = clientFactory.DiscoveryClient()
-	if err != nil {
-		return nil, err
-	}
-
-	return k, nil
-}
-
-func (k *k8sResources) updateResources() error {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	k.allResources = map[schema.GroupVersionKind]v1.APIResource{}
-	k.preferredResources = map[schema.GroupKind]v1.APIResource{}
-	k.crds = map[schema.GroupKind]*uo.UnstructuredObject{}
+func (k *K8sCluster) doGetApiGroupResources() ([]*restmapper.APIGroupResources, error) {
+	var ret []*restmapper.APIGroupResources
 
 	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
-	var ags []*v1.APIGroup
-	var arls []*v1.APIResourceList
 	finished := make(chan error)
 	go func() {
 		var err error
-		ags, arls, err = k.discovery.ServerGroupsAndResources()
+		ret, err = restmapper.GetAPIGroupResources(k.discovery)
 		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {
 			finished <- err
 			return
@@ -77,234 +34,65 @@ func (k *k8sResources) updateResources() error {
 	select {
 	case err := <-finished:
 		if err != nil {
-			return err
+			return nil, err
 		}
 	case <-k.ctx.Done():
-		return fmt.Errorf("failed listing api resources: %w", k.ctx.Err())
+		return nil, fmt.Errorf("failed listing api resources: %w", k.ctx.Err())
 	}
-
-	for _, arl := range arls {
-		var ag *v1.APIGroup
-		for _, x := range ags {
-			if x.Name == arl.GroupVersionKind().Group {
-				ag = x
-				break
-			}
-		}
-		if ag == nil {
-			continue
-		}
-
-		for _, ar := range arl.APIResources {
-			if ar.Version == "__internal" {
-				continue
-			}
-			if strings.Index(ar.Name, "/") != -1 {
-				// skip subresources
-				continue
-			}
-			gv, err := schema.ParseGroupVersion(arl.GroupVersion)
-			if err != nil {
-				continue
-			}
-
-			ar := ar
-			ar.Group = gv.Group
-			ar.Version = gv.Version
-
-			gvk := schema.GroupVersionKind{
-				Group:   ar.Group,
-				Version: ar.Version,
-				Kind:    ar.Kind,
-			}
-			if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
-				continue
-			}
-
-			k.allResources[gvk] = ar
-
-			if gvk.Version == ag.PreferredVersion.Version {
-				k.preferredResources[gvk.GroupKind()] = ar
-			}
-		}
-	}
-	if len(k.preferredResources) == 0 {
-		runtime.Breakpoint()
-	}
-
-	return nil
+	return ret, nil
 }
 
-var crdGVR = schema.GroupVersionResource{Group: "apiextensions.k8s.io", Version: "v1", Resource: "customresourcedefinitions"}
-
-func (k *k8sResources) updateResourcesFromCRDs(clients *k8sClients) error {
-	var crdList *unstructured.UnstructuredList
-	_, err := clients.withDynamicClientForGVR(&crdGVR, "", func(r dynamic.ResourceInterface) error {
-		var err error
-		crdList, err = r.List(k.ctx, v1.ListOptions{})
-		return err
-	})
-	if err != nil {
-		return err
-	}
-
-	for _, x := range crdList.Items {
-		x := x
-		crd := uo.FromUnstructured(&x)
-		err = k.UpdateResourcesFromCRD(crd)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (k *k8sResources) UpdateResourcesFromCRD(crd *uo.UnstructuredObject) error {
-	var err error
-	var ar v1.APIResource
-	ar.Group, _, err = crd.GetNestedString("spec", "group")
-	if err != nil {
-		return err
-	}
-	ar.Name, _, err = crd.GetNestedString("spec", "names", "plural")
-	if err != nil {
-		return err
-	}
-	ar.Kind, _, err = crd.GetNestedString("spec", "names", "kind")
-	if err != nil {
-		return err
-	}
-	ar.SingularName, _, err = crd.GetNestedString("spec", "names", "singular")
-	if err != nil {
-		return err
-	}
-	scope, _, err := crd.GetNestedString("spec", "scope")
-	if err != nil {
-		return err
-	}
-	ar.Namespaced = strings.ToLower(scope) == "namespaced"
-	ar.ShortNames, _, err = crd.GetNestedStringList("spec", "names", "shortNames")
-	if err != nil {
-		return err
-	}
-	ar.Categories, _, err = crd.GetNestedStringList("spec", "names", "categories")
-	if err != nil {
-		return err
-	}
-	versions, _, err := crd.GetNestedObjectList("spec", "versions")
-	if err != nil {
-		return err
-	}
-
-	ar.Verbs = []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}
-
-	gk := schema.GroupKind{
-		Group: ar.Group,
-		Kind:  ar.Kind,
-	}
-
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	k.crds[gk] = crd
-
-	var versionStrs []string
-	for _, v := range versions {
-		name, _, err := v.GetNestedString("name")
-		if err != nil {
-			return err
+func (k *K8sCluster) doGetFilteredGVKs(ret *[]schema.GroupVersionKind, g v1.APIGroup, v string, vrs []v1.APIResource, filter func(ar *v1.APIResource) bool) {
+	for _, vr := range vrs {
+		if strings.Index(vr.Name, "/") != -1 {
+			// skip sub-resources
+			continue
 		}
-		versionStrs = append(versionStrs, name)
-	}
-
-	// Sort the same way as api discovery does it. The first entry is then the preferred version
-	sort.Slice(versionStrs, func(i, j int) bool {
-		return version.CompareKubeAwareVersionStrings(versionStrs[i], versionStrs[j]) > 0
-	})
-
-	for i, v := range versionStrs {
-		ar2 := ar
-		ar2.Version = v
 		gvk := schema.GroupVersionKind{
-			Group:   gk.Group,
-			Version: ar2.Version,
-			Kind:    gk.Kind,
+			Group:   g.Name,
+			Version: v,
+			Kind:    vr.Kind,
 		}
-		k.allResources[gvk] = ar2
-
-		if i == 0 {
-			k.preferredResources[gk] = ar2
+		if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
+			continue
 		}
-	}
-
-	return nil
-}
-
-func (k *k8sResources) GetAllGroupVersions() ([]schema.GroupVersion, error) {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	m := make(map[schema.GroupVersion]bool)
-	var l []schema.GroupVersion
-
-	for gvk, _ := range k.allResources {
-		gv := gvk.GroupVersion()
-		if _, ok := m[gv]; !ok {
-			m[gv] = true
-			l = append(l, gv)
+		if filter != nil && !filter(&vr) {
+			continue
 		}
+		*ret = append(*ret, gvk)
 	}
-	return l, nil
 }
 
-func (k *k8sResources) GetPreferredResource(gk schema.GroupKind) *v1.APIResource {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	ar, ok := k.preferredResources[gk]
-	if !ok {
-		return nil
+func (k *K8sCluster) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) ([]schema.GroupVersionKind, error) {
+	agrs, err := k.doGetApiGroupResources()
+	if err != nil {
+		return nil, err
 	}
-	return &ar
-}
-
-func (k *k8sResources) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
 
 	var ret []schema.GroupVersionKind
-	for _, ar := range k.allResources {
-		if filter != nil && !filter(&ar) {
-			continue
+	for _, agr := range agrs {
+		for v, vrs := range agr.VersionedResources {
+			k.doGetFilteredGVKs(&ret, agr.Group, v, vrs, filter)
 		}
-		gvk := schema.GroupVersionKind{
-			Group:   ar.Group,
-			Version: ar.Version,
-			Kind:    ar.Kind,
-		}
-		ret = append(ret, gvk)
 	}
-	return ret
+	return ret, nil
 }
 
-func (k *k8sResources) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) []schema.GroupVersionKind {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
+func (k *K8sCluster) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) ([]schema.GroupVersionKind, error) {
+	agrs, err := k.doGetApiGroupResources()
+	if err != nil {
+		return nil, err
+	}
 
 	var ret []schema.GroupVersionKind
-	for _, ar := range k.preferredResources {
-		if !filter(&ar) {
+	for _, agr := range agrs {
+		vrs, ok := agr.VersionedResources[agr.Group.PreferredVersion.Version]
+		if !ok {
 			continue
 		}
-		gvk := schema.GroupVersionKind{
-			Group:   ar.Group,
-			Version: ar.Version,
-			Kind:    ar.Kind,
-		}
-		ret = append(ret, gvk)
+		k.doGetFilteredGVKs(&ret, agr.Group, agr.Group.PreferredVersion.Version, vrs, filter)
 	}
-	return ret
+	return ret, nil
 }
 
 func BuildGVKFilter(group *string, version *string, kind *string) func(ar *v1.APIResource) bool {
@@ -321,62 +109,3 @@ func BuildGVKFilter(group *string, version *string, kind *string) func(ar *v1.AP
 		return true
 	}
 }
-
-func (k *k8sResources) GetGVRForGVK(gvk schema.GroupVersionKind) (*schema.GroupVersionResource, error) {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	ar, ok := k.allResources[gvk]
-	if !ok {
-		return nil, &meta.NoKindMatchError{
-			GroupKind:        gvk.GroupKind(),
-			SearchedVersions: []string{gvk.Version},
-		}
-	}
-
-	return &schema.GroupVersionResource{
-		Group:    ar.Group,
-		Version:  ar.Version,
-		Resource: ar.Name,
-	}, nil
-}
-
-func (k *k8sResources) GetCRDForGK(gk schema.GroupKind) *uo.UnstructuredObject {
-	k.mutex.Lock()
-	defer k.mutex.Unlock()
-
-	crd, _ := k.crds[gk]
-
-	return crd
-}
-
-func (k *k8sResources) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	crd := k.GetCRDForGK(gvk.GroupKind())
-	if crd == nil {
-		return nil, nil
-	}
-
-	versions, ok, err := crd.GetNestedObjectList("spec", "versions")
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return nil, fmt.Errorf("versions not found in CRD")
-	}
-
-	for _, v := range versions {
-		name, _, _ := v.GetNestedString("name")
-		if name != gvk.Version {
-			continue
-		}
-		s, ok, err := v.GetNestedObject("schema", "openAPIV3Schema")
-		if err != nil {
-			return nil, err
-		}
-		if !ok {
-			return nil, fmt.Errorf("version %s has no schema", name)
-		}
-		return s, nil
-	}
-	return nil, fmt.Errorf("schema for %s not found", gvk.String())
-}
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 09f23d401..673a346ba 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -126,7 +126,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			// can't really say anything...
 			return
 		}
-		s, err := k.Resources.GetSchemaForGVK(ref.GroupVersionKind())
+		s, err := k.GetSchemaForGVK(ref.GroupVersionKind())
 		if err != nil && !errors.IsNotFound(err) {
 			addError(err.Error())
 			return

From d21e6b7d815e4475c143f592b2c00771ded7b3a2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 09:38:06 +0200
Subject: [PATCH 1033/2268] fix: Use client from K8sCluster for ResultStore

---
 cmd/kluctl/commands/utils.go | 20 ++------------------
 pkg/k8s/client.go            | 17 +----------------
 pkg/k8s/client_factory.go    |  6 ++----
 pkg/k8s/k8s_cluster.go       | 24 +++++++++---------------
 4 files changed, 14 insertions(+), 53 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 630199ca5..66e6103b0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -21,8 +21,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
-	cache2 "sigs.k8s.io/controller-runtime/pkg/cache"
-	client2 "sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 )
 
@@ -201,26 +199,12 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	var resultStore results.ResultStore
 	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
-		rc, err := targetCtx.SharedContext.K.ToRESTConfig()
+		client, err := targetCtx.SharedContext.K.ToClient()
 		if err != nil {
 			return err
 		}
-		client, err := client2.New(rc, client2.Options{})
-		if err != nil {
-			return err
-		}
-		cache, err := cache2.New(rc, cache2.Options{})
-		if err != nil {
-			return err
-		}
-
-		cancelCtx, cancelFunc := context.WithCancel(ctx)
-		defer cancelFunc()
-		go func() {
-			_ = cache.Start(cancelCtx)
-		}()
 
-		resultStore, err = results.NewResultStoreSecrets(cancelCtx, client, cache, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
+		resultStore, err = results.NewResultStoreSecrets(ctx, client, nil, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 8cf3b6b75..b65df6d28 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -3,9 +3,7 @@ package k8s
 import (
 	"context"
 	"fmt"
-	"k8s.io/client-go/dynamic"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -18,10 +16,7 @@ type k8sClients struct {
 
 type parallelClientEntry struct {
 	client client.Client
-
-	corev1         corev1.CoreV1Interface
-	dynamicClient  dynamic.Interface
-	metadataClient metadata.Interface
+	corev1 corev1.CoreV1Interface
 
 	warnings []ApiWarning
 }
@@ -63,16 +58,6 @@ func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int)
 			return nil, err
 		}
 
-		p.dynamicClient, err = clientFactory.DynamicClient(p)
-		if err != nil {
-			return nil, err
-		}
-
-		p.metadataClient, err = clientFactory.MetadataClient(p)
-		if err != nil {
-			return nil, err
-		}
-
 		k.clientPool <- p
 	}
 	return k, nil
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 049575e8e..46786fc21 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -25,13 +25,11 @@ type ClientFactory interface {
 
 	CloseIdleConnections()
 
-	Mapper() meta.ResettableRESTMapper
+	Mapper() meta.RESTMapper
 	Client(wh rest.WarningHandler) (client.Client, error)
 
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
 	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
-	DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error)
-	MetadataClient(wh rest.WarningHandler) (metadata.Interface, error)
 }
 
 type realClientFactory struct {
@@ -51,7 +49,7 @@ func (r *realClientFactory) GetCA() []byte {
 	return r.config.CAData
 }
 
-func (r *realClientFactory) Mapper() meta.ResettableRESTMapper {
+func (r *realClientFactory) Mapper() meta.RESTMapper {
 	return r.mapper
 }
 
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 810e495f3..f5a974eb0 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -26,7 +26,6 @@ import (
 	"k8s.io/client-go/discovery"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
-	"k8s.io/client-go/restmapper"
 )
 
 type K8sCluster struct {
@@ -503,7 +502,13 @@ func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.Unstructu
 }
 
 func (k *K8sCluster) ResetMapper() {
-	k.clientFactory.Mapper().Reset()
+	if m, ok := k.clientFactory.Mapper().(meta.ResettableRESTMapper); ok {
+		m.Reset()
+	}
+}
+
+func (k *K8sCluster) ToClient() (client.Client, error) {
+	return k.clientFactory.Client(nil)
 }
 
 func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
@@ -511,11 +516,7 @@ func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
 }
 
 func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
-	d, err := k.clientFactory.DiscoveryClient()
-	if err != nil {
-		return nil, err
-	}
-	cd, ok := d.(discovery.CachedDiscoveryInterface)
+	cd, ok := k.discovery.(discovery.CachedDiscoveryInterface)
 	if !ok {
 		return nil, fmt.Errorf("not a CachedDiscoveryInterface")
 	}
@@ -523,12 +524,5 @@ func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, er
 }
 
 func (k *K8sCluster) ToRESTMapper() (meta.RESTMapper, error) {
-	discoveryClient, err := k.ToDiscoveryClient()
-	if err != nil {
-		return nil, err
-	}
-
-	mapper := restmapper.NewDeferredDiscoveryRESTMapper(discoveryClient)
-	expander := restmapper.NewShortcutExpander(mapper, discoveryClient)
-	return expander, nil
+	return k.clientFactory.Mapper(), nil
 }

From c42efce9c6898c7ad9b9b8eb24df06219da1cf4b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 09:38:33 +0200
Subject: [PATCH 1034/2268] refactor: Use meta.ExtractList

---
 pkg/k8s/k8s_cluster.go | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index f5a974eb0..363054b6e 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -103,20 +103,24 @@ func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[st
 		return nil, apiWarnings, err
 	}
 
-	var result []*uo.UnstructuredObject
-	if l2, ok := l.(*unstructured.UnstructuredList); ok {
-		for _, o := range l2.Items {
-			result = append(result, uo.FromUnstructured(&o))
-		}
-	} else if l2, ok := l.(*v1.PartialObjectMetadataList); ok {
-		for _, o := range l2.Items {
-			x, err := uo.FromStruct(&o)
+	items, err := meta.ExtractList(l)
+	if err != nil {
+		return nil, apiWarnings, err
+	}
+
+	result := make([]*uo.UnstructuredObject, len(items))
+	for i, o := range items {
+		if u, ok := o.(*unstructured.Unstructured); ok {
+			result[i] = uo.FromUnstructured(u)
+		} else {
+			x, err := uo.FromStruct(o)
 			if err != nil {
 				return nil, apiWarnings, err
 			}
-			result = append(result, x)
+			result[i] = x
 		}
 	}
+
 	return result, apiWarnings, err
 }
 func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {

From 932a1dc08737d4a60f1094424f8841763f4bab4a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 09:38:44 +0200
Subject: [PATCH 1035/2268] tests: Fix fake K8sCluster tests

---
 pkg/k8s/fake_client_factory.go | 172 ++++++++++++++++++++++++---------
 1 file changed, 124 insertions(+), 48 deletions(-)

diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index 31abd072d..f5e191d32 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -1,6 +1,7 @@
 package k8s
 
 import (
+	"context"
 	v1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -8,26 +9,37 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/dynamic"
-	fake_dynamic "k8s.io/client-go/dynamic/fake"
+	fake4 "k8s.io/client-go/discovery/fake"
+	fake3 "k8s.io/client-go/dynamic/fake"
 	"k8s.io/client-go/kubernetes/fake"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
-	fake_metadata "k8s.io/client-go/metadata/fake"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/restmapper"
 	"k8s.io/client-go/testing"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	fake2 "sigs.k8s.io/controller-runtime/pkg/client/fake"
+	"sigs.k8s.io/controller-runtime/pkg/client/interceptor"
 	"sigs.k8s.io/kustomize/kyaml/openapi"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 	"strings"
 )
 
 type fakeClientFactory struct {
-	clientSet      *fake.Clientset
-	dynamicClient  *fake_dynamic.FakeDynamicClient
-	metadataClient *fake_metadata.FakeMetadataClient
-	clientBuilder  *fake2.ClientBuilder
+	scheme           *runtime.Scheme
+	mapper           meta.RESTMapper
+	objects          []runtime.Object
+	simpleClientSet  *fake.Clientset
+	dynamicClientSet *fake3.FakeDynamicClient
+	discovery        discovery.DiscoveryInterface
+
+	errors []errorEntry
+}
+
+type errorEntry struct {
+	gvr       schema.GroupVersionResource
+	name      string
+	namespace string
+	retErr    error
 }
 
 func (f *fakeClientFactory) RESTConfig() *rest.Config {
@@ -41,71 +53,135 @@ func (f *fakeClientFactory) GetCA() []byte {
 func (f *fakeClientFactory) CloseIdleConnections() {
 }
 
-func (f *fakeClientFactory) Mapper() meta.ResettableRESTMapper {
-	return nil
+func (f *fakeClientFactory) Mapper() meta.RESTMapper {
+	return f.mapper
 }
 
 func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
-	return f.clientBuilder.Build(), nil
+	return fake2.NewClientBuilder().
+		WithScheme(f.scheme).
+		WithRESTMapper(f.mapper).
+		WithObjectTracker(f.dynamicClientSet.Tracker()).
+		WithInterceptorFuncs(f.buildErrorInterceptor()).
+		Build(), nil
 }
 
 func (f *fakeClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
-	return f.clientSet.Discovery(), nil
+	return f.discovery, nil
 }
 
 func (f *fakeClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
-	return f.clientSet.CoreV1(), nil
-}
-
-func (f *fakeClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error) {
-	return f.dynamicClient, nil
-}
-
-func (f *fakeClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
-	return f.metadataClient, nil
+	return f.simpleClientSet.CoreV1(), nil
 }
 
 func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
 	scheme := runtime.NewScheme()
 	_ = v1.AddToScheme(scheme)
 	_ = apiextensionsv1.AddToScheme(scheme)
-	clientSet := fake.NewSimpleClientset(objects...)
-
-	clientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
-
-	dynamicClient := fake_dynamic.NewSimpleDynamicClient(scheme, objects...)
-	metadataClient := fake_metadata.NewSimpleMetadataClient(scheme, objects...)
-
-	clientBuilder := fake2.NewClientBuilder().
-		WithScheme(scheme).
-		WithRuntimeObjects(objects...)
 
-	return &fakeClientFactory{
-		clientSet:      clientSet,
-		dynamicClient:  dynamicClient,
-		metadataClient: metadataClient,
-		clientBuilder:  clientBuilder,
+	simpleClientSet := fake.NewSimpleClientset(objects...)
+	dynamicClientSet := fake3.NewSimpleDynamicClient(scheme, objects...)
+	dynamicClientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
+	dc := &fake4.FakeDiscovery{Fake: &dynamicClientSet.Fake}
+
+	agrs, _ := restmapper.GetAPIGroupResources(dc)
+	mapper := restmapper.NewDiscoveryRESTMapper(agrs)
+
+	f := &fakeClientFactory{
+		scheme:           scheme,
+		mapper:           mapper,
+		objects:          objects,
+		simpleClientSet:  simpleClientSet,
+		dynamicClientSet: dynamicClientSet,
+		discovery:        dc,
 	}
+	simpleClientSet.PrependReactor("*", "*", f.errorReactor)
+	dynamicClientSet.PrependReactor("*", "*", f.errorReactor)
+	return f
 }
 
 type HasName interface {
 	GetName() string
 }
 
-func (f *fakeClientFactory) AddError(gvr schema.GroupVersionResource, name string, namespace string, retErr error) {
-	f.dynamicClient.PrependReactor("*", gvr.Resource, func(action testing.Action) (handled bool, ret runtime.Object, err error) {
-		if namespace != "" && namespace != action.GetNamespace() {
-			return false, nil, nil
+func (f *fakeClientFactory) findError(gvr schema.GroupVersionResource, name string, namespace string) error {
+	for _, ee := range f.errors {
+		if ee.gvr != gvr {
+			continue
 		}
-		switch a := action.(type) {
-		case HasName:
-			if name != "" && name != a.GetName() {
-				return false, nil, nil
-			}
-			return true, nil, retErr
-		default:
-			return true, nil, retErr
+		if ee.namespace != "" && ee.namespace != namespace {
+			continue
+		}
+
+		if ee.name != "" && ee.namespace != name {
+			continue
 		}
+
+		return ee.retErr
+	}
+	return nil
+}
+
+func (f *fakeClientFactory) buildErrorInterceptor() interceptor.Funcs {
+	h := func(key *client.ObjectKey, obj runtime.Object) error {
+		name := ""
+		namespace := ""
+		if key != nil {
+			name = key.Name
+			namespace = key.Namespace
+		} else if o, ok := obj.(client.Object); ok {
+			name = o.GetName()
+			namespace = o.GetNamespace()
+		}
+
+		gk := obj.GetObjectKind().GroupVersionKind().GroupKind()
+		rm, err := f.mapper.RESTMapping(gk, obj.GetObjectKind().GroupVersionKind().Version)
+		if err != nil {
+			return nil
+		}
+		return f.findError(rm.Resource, name, namespace)
+	}
+
+	return interceptor.Funcs{
+		Get: func(ctx context.Context, client client.WithWatch, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error {
+			err := h(&key, obj)
+			if err != nil {
+				return err
+			}
+			return client.Get(ctx, key, obj)
+		},
+		List: func(ctx context.Context, client client.WithWatch, list client.ObjectList, opts ...client.ListOption) error {
+			err := h(nil, list)
+			if err != nil {
+				return err
+			}
+			return client.List(ctx, list, opts...)
+		},
+	}
+}
+
+func (f *fakeClientFactory) errorReactor(action testing.Action) (handled bool, ret runtime.Object, err error) {
+	a, ok := action.(HasName)
+	if !ok {
+		return false, nil, nil
+	}
+	if err != nil {
+		return false, nil, nil
+	}
+
+	err = f.findError(action.GetResource(), a.GetName(), action.GetNamespace())
+	if err != nil {
+		return true, nil, err
+	}
+	return false, nil, err
+}
+
+func (f *fakeClientFactory) AddError(gvr schema.GroupVersionResource, name string, namespace string, retErr error) {
+	f.errors = append(f.errors, errorEntry{
+		gvr:       gvr,
+		name:      name,
+		namespace: namespace,
+		retErr:    retErr,
 	})
 }
 

From 7f8cad0b211770beb07dd710b35b1601edaebf5e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 09:49:48 +0200
Subject: [PATCH 1036/2268] chore: Upgrade controller-runtime to v0.15.0

---
 go.mod | 4 ++--
 go.sum | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 825eafab4..005915bda 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/cli-utils v0.34.0
-	sigs.k8s.io/controller-runtime v0.15.0-beta.0
+	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
 )
@@ -229,7 +229,7 @@ require (
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/api v0.114.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 // indirect
diff --git a/go.sum b/go.sum
index b868dcef2..55fc6f5d6 100644
--- a/go.sum
+++ b/go.sum
@@ -245,7 +245,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
@@ -1185,8 +1184,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY=
-gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
+gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
+gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1378,8 +1377,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=
 sigs.k8s.io/cli-utils v0.34.0/go.mod h1:EXyMwPMu9OL+LRnj0JEMsGG/fRvbgFadcVlSnE8RhFs=
-sigs.k8s.io/controller-runtime v0.15.0-beta.0 h1:pkhYMops8jZrVuI0kBHeF6q9UVu1JljIGGG4Ox5ZJmk=
-sigs.k8s.io/controller-runtime v0.15.0-beta.0/go.mod h1:YUTa+du31rqOu4mJaijiuhGFax9ecCJgO/v0/yW09gE=
+sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
+sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI=

From 7189adad8e89da1de8279d7e2a123fc6609e2416 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 10:23:31 +0200
Subject: [PATCH 1037/2268] fix: Fix race condition in parallel discovery

---
 pkg/k8s/k8s_cluster.go | 7 +++++--
 pkg/k8s/resources.go   | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 363054b6e..a6991b95e 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -10,6 +10,7 @@ import (
 	"runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/Masterminds/semver/v3"
@@ -35,8 +36,10 @@ type K8sCluster struct {
 
 	clientFactory ClientFactory
 
-	discovery discovery.DiscoveryInterface
-	clients   *k8sClients
+	discovery      discovery.DiscoveryInterface
+	discoveryMutex sync.Mutex
+
+	clients *k8sClients
 
 	ServerVersion *version.Info
 }
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 8295b7498..d9dce9c21 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -22,6 +22,11 @@ func (k *K8sCluster) doGetApiGroupResources() ([]*restmapper.APIGroupResources,
 	// the discovery client doesn't support cancellation, so we need to run it in the background and wait for it
 	finished := make(chan error)
 	go func() {
+		// there is a race deep inside the cached discovery client
+		// see https://github.com/kubernetes/apimachinery/issues/156
+		k.discoveryMutex.Lock()
+		defer k.discoveryMutex.Unlock()
+
 		var err error
 		ret, err = restmapper.GetAPIGroupResources(k.discovery)
 		if err != nil && !discovery.IsGroupDiscoveryFailedError(err) {

From 1c653d0a34b673a6a589b99836c2b2e331754002 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 May 2023 11:00:18 +0200
Subject: [PATCH 1038/2268] fix: Don't copy mutex by value (#504)

---
 pkg/k8s/k8s_cluster.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index a6991b95e..b7b37d515 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -37,7 +37,7 @@ type K8sCluster struct {
 	clientFactory ClientFactory
 
 	discovery      discovery.DiscoveryInterface
-	discoveryMutex sync.Mutex
+	discoveryMutex *sync.Mutex
 
 	clients *k8sClients
 
@@ -48,9 +48,10 @@ func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool
 	var err error
 
 	k := &K8sCluster{
-		ctx:           ctx,
-		DryRun:        dryRun,
-		clientFactory: clientFactory,
+		ctx:            ctx,
+		DryRun:         dryRun,
+		clientFactory:  clientFactory,
+		discoveryMutex: &sync.Mutex{},
 	}
 
 	k.discovery, err = clientFactory.DiscoveryClient()

From b292ea24bb109aed2f09372cfe91f10518ffc305 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 May 2023 11:03:09 +0200
Subject: [PATCH 1039/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.6.1 to 5.7.0 (#502)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 56 +++++++++++++++++++-------------------------------------
 2 files changed, 24 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index 005915bda..0a686c573 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/go-git/go-git/v5 v5.6.1
+	github.com/go-git/go-git/v5 v5.7.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
@@ -95,7 +95,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
@@ -111,7 +111,7 @@ require (
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/cloudflare/circl v1.3.0 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/containerd/containerd v1.7.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
@@ -131,7 +131,7 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -205,7 +205,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/skeema/knownhosts v1.1.0 // indirect
+	github.com/skeema/knownhosts v1.1.1 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 55fc6f5d6..6afa7e683 100644
--- a/go.sum
+++ b/go.sum
@@ -94,8 +94,8 @@ github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek=
+github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -105,7 +105,6 @@ github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
-github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -113,7 +112,6 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
@@ -180,8 +178,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.3.0 h1:Anq00jxDtoyX3+aCaYUZ0vXC5r4k4epberfWGDXV1zE=
-github.com/cloudflare/circl v1.3.0/go.mod h1:+CauBF6R70Jqcyl8N2hC8pAXYbWkGIezuSbuGLtRhnw=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -233,6 +231,7 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
 github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
 github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -268,18 +267,15 @@ github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
-github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
-github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
-github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
+github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE=
+github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -503,7 +499,6 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -625,7 +620,6 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
@@ -739,7 +733,6 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -752,8 +745,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
 github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
-github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
+github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE=
+github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -871,7 +864,6 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -886,13 +878,10 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -931,7 +920,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -978,12 +967,10 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1012,6 +999,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1077,13 +1065,10 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1094,11 +1079,10 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1113,6 +1097,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1177,7 +1162,7 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
 golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1307,7 +1292,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@@ -1325,7 +1309,6 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
@@ -1372,7 +1355,6 @@ k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=

From dfec936ddffec51318bf1fb125261608df1b78d6 Mon Sep 17 00:00:00 2001
From: Marcel Frehe <43266827+devMarci@users.noreply.github.com>
Date: Thu, 25 May 2023 13:06:43 +0200
Subject: [PATCH 1040/2268] feat: Add ability to include custom message in
 barriers (#506)

* feat: Add ability to include custom message in barriers

* docs: Update documentation for optional custom messages in barriers

* chore: remove debug code

* refactor: Remove unnecessary property

* refactor: Handle non-provided message property
---
 docs/reference/deployments/deployment-yml.md | 18 ++++++++++++++++++
 pkg/deployment/utils/apply_utils.go          |  6 +++++-
 pkg/types/deployment.go                      |  1 +
 pkg/types/zz_generated.deepcopy.go           |  5 +++++
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 45d144ad3..8689ada5a 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -128,6 +128,24 @@ deployments:
 - path: kustomizeDeployment3
 ```
 
+To create a barrier with a custom message, include the message parameter when creating the barrier. The message parameter accepts a string value that represents the custom message.
+
+Example:
+```yaml
+deployments:
+- path: kustomizeDeployment1
+- path: kustomizeDeployment2
+- include: subDeployment1
+- barrier: true
+  message: "Waiting for subDeployment1 to be finished"
+# At this point, it's ensured that kustomizeDeployment1, kustomizeDeployment2 and all sub-deployments from
+# subDeployment1 are fully deployed.
+- path: kustomizeDeployment3
+```
+If no custom message is provided, the barrier will be created without a specific message, and the default behavior will be applied.
+
+When viewing the `kluctl deploy` status, the custom message, if provided, will be displayed along with default barrier information.
+
 ### deleteObjects
 Causes kluctl to delete matching objects, specified by a list of group/kind/name/namespace dictionaries.
 The order/parallelization of deletion is identical to the order and parallelization of normal deployment items,
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index a4d928ba9..f0e323d00 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -699,7 +699,11 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments(deployments []*deployment.Deploy
 
 		barrier := d.Config.Barrier || d.Barrier
 		if barrier {
-			sctx := status.StartWithOptions(a.ctx, status.WithStatus("Waiting on barrier..."), status.WithTotal(1))
+			barrierMessage := "Waiting on barrier..."
+			if d.Config.Message != nil {
+				barrierMessage = fmt.Sprintf("Waiting on barrier: %s", *d.Config.Message)
+			}
+			sctx := status.StartWithOptions(a.ctx, status.WithStatus(barrierMessage), status.WithTotal(1))
 			wg.Wait()
 			sctx.UpdateAndInfoFallback(fmt.Sprintf("Finished waiting"))
 			sctx.Success()
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 22517edab..a4f8ee8ee 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -13,6 +13,7 @@ type DeploymentItemConfig struct {
 	Git              *GitProject              `json:"git,omitempty"`
 	Tags             []string                 `json:"tags,omitempty"`
 	Barrier          bool                     `json:"barrier,omitempty"`
+	Message          *string                  `json:"message,omitempty"`
 	WaitReadiness    bool                     `json:"waitReadiness,omitempty"`
 	Vars             []*VarsSource            `json:"vars,omitempty"`
 	SkipDeleteIfTags bool                     `json:"skipDeleteIfTags,omitempty"`
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 59a658fca..4f8c638e0 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -94,6 +94,11 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Message != nil {
+		in, out := &in.Message, &out.Message
+		*out = new(string)
+		**out = **in
+	}
 	if in.Vars != nil {
 		in, out := &in.Vars, &out.Vars
 		*out = make([]*VarsSource, len(*in))

From 138ae848b8d88ee195b0a6c77c7b8be61d6fb703 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 13:09:07 +0200
Subject: [PATCH 1041/2268] feat: Implement migration checks for legacy
 flux-kluctl-controller (#507)

* refactor: Get rid of ClientSet

* feat: Implement migration checks for legacy flux-kluctl-controller
---
 cmd/kluctl/commands/cmd_controller.go         |  8 ---
 config/rbac/role.yaml                         | 14 +++++
 pkg/controllers/kluctl_project.go             |  7 +--
 .../kluctldeployment_controller.go            | 53 ++++++++++++++++++-
 pkg/utils/uo/nested_fields.go                 | 20 +++++++
 5 files changed, 89 insertions(+), 13 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index c0baaa66a..241169b7f 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -12,7 +12,6 @@ import (
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/kubernetes"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -90,12 +89,6 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 		restConfig.Burst = -1
 	}
 
-	clientSet, err := kubernetes.NewForConfig(restConfig)
-	if err != nil {
-		setupLog.Error(err, "unable to start manager")
-		os.Exit(1)
-	}
-
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme:                 cmd.scheme,
 		MetricsBindAddress:     cmd.MetricsBindAddress,
@@ -130,7 +123,6 @@ func (cmd *controllerCmd) Run(ctx context.Context) error {
 		DryRun:                cmd.DryRun,
 		RestConfig:            restConfig,
 		Client:                mgr.GetClient(),
-		ClientSet:             clientSet,
 		Scheme:                mgr.GetScheme(),
 		EventRecorder:         eventRecorder,
 		MetricsRecorder:       metricsRecorder,
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index e043f192e..14fffd85c 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -21,6 +21,20 @@ rules:
   verbs:
   - create
   - patch
+- apiGroups:
+  - flux.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flux.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
 - apiGroups:
   - gitops.kluctl.io
   resources:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index d6ca5372e..7af6cda94 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -14,9 +14,9 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"helm.sh/helm/v3/pkg/repo"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"os"
 	"path/filepath"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"time"
 
@@ -545,12 +545,13 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 	if name == "" {
 		return nil
 	}
-	sa, err := pp.r.ClientSet.CoreV1().ServiceAccounts(pp.obj.Namespace).Get(ctx, name, metav1.GetOptions{})
+	var sa corev1.ServiceAccount
+	err := pp.r.Client.Get(ctx, client.ObjectKey{Name: name, Namespace: pp.obj.Namespace}, &sa)
 	if err != nil {
 		return fmt.Errorf("failed to retrieve service account %s: %w", name, err)
 	}
 
-	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, sa)
+	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, &sa)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 86dd5e118..2e6532208 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"context"
+	errors2 "errors"
 	"fmt"
 	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
@@ -13,9 +14,13 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/apimachinery/pkg/api/errors"
+	meta2 "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/kubernetes"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/rest"
 	kuberecorder "k8s.io/client-go/tools/record"
 	"k8s.io/client-go/tools/reference"
@@ -29,7 +34,6 @@ import (
 type KluctlDeploymentReconciler struct {
 	client.Client
 	RestConfig            *rest.Config
-	ClientSet             *kubernetes.Clientset
 	httpClient            *retryablehttp.Client
 	requeueDependency     time.Duration
 	Scheme                *runtime.Scheme
@@ -52,6 +56,8 @@ type KluctlDeploymentReconcilerOpts struct {
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/finalizers,verbs=get;create;update;patch;delete
+// +kubebuilder:rbac:groups=flux.kluctl.io,resources=kluctldeployments,verbs=get;list;watch
+// +kubebuilder:rbac:groups=flux.kluctl.io,resources=kluctldeployments/status,verbs=get
 // +kubebuilder:rbac:groups="",resources=configmaps;secrets;serviceaccounts,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
 
@@ -94,6 +100,10 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return r.finalize(ctx, obj)
 	}
 
+	if r.checkLegacyKluctlDeployment(ctx, obj) {
+		return ctrl.Result{}, nil
+	}
+
 	// Return early if the KluctlDeployment is suspended.
 	if obj.Spec.Suspend {
 		log.Info("Reconciliation is suspended for this object")
@@ -506,6 +516,45 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator)
 }
 
+// checkLegacyKluctlDeployment checks if a legacy KluctlDeployment from the old flux.kluctl.io group is present. If yes
+// we must ensure that this object is served by a recent legacy controller version which understands that it should stop
+// reconciliation in case the new gitops.kluctl.io object is present
+func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Context, obj *kluctlv1.KluctlDeployment) bool {
+	log := ctrl.LoggerFrom(ctx)
+
+	obj2 := uo.New()
+	obj2.SetK8sGVK(schema.GroupVersionKind{
+		Group:   "flux.kluctl.io",
+		Version: "v1alpha1",
+		Kind:    "KluctlDeployment",
+	})
+	err := r.Get(ctx, client.ObjectKeyFromObject(obj), obj2.ToUnstructured())
+	if err != nil {
+		err = errors2.Unwrap(err)
+		if meta2.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
+			// legacy object not present, we're safe to continue
+			return false
+		}
+		log.Error(err, "Failed to retrieve legacy KluctlDeployment. Skipping reconciliation.")
+		// some unexpected error...we should be on the safe side and bail out reconciliation
+		return true
+	}
+
+	readyForMigration, _, err := obj2.GetNestedBool("")
+	if err != nil {
+		// some unexpected error...we should be on the safe side and bail out reconciliation
+		log.Error(err, "Failed to retrieve readyForMigration value. Skipping reconciliation.")
+		return true
+	}
+	if !readyForMigration {
+		log.V(1).Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
+			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
+		return true
+	}
+
+	return false
+}
+
 func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.KluctlDeployment) {
 	pruneEnabled := 0.0
 	deleteEnabled := 0.0
diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index a30a992a5..da3c05758 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -270,3 +270,23 @@ func (uo *UnstructuredObject) SetNestedFieldDefault(defaultValue interface{}, ke
 	}
 	return uo.SetNestedField(defaultValue, keys...)
 }
+
+func (uo *UnstructuredObject) GetNestedBool(keys ...interface{}) (bool, bool, error) {
+	v, found, err := uo.GetNestedField(keys...)
+	if err != nil {
+		return false, false, err
+	}
+	if !found {
+		return false, true, nil
+	}
+	if x, ok := v.(bool); ok {
+		return x, true, nil
+	} else if x, ok := v.(*bool); ok {
+		if x == nil {
+			return false, true, nil
+		}
+		return *x, true, nil
+	} else {
+		return false, false, fmt.Errorf("field is not a bool")
+	}
+}

From 81aae0ef249582c4aedc60f2c4f516381434993b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 14:31:05 +0200
Subject: [PATCH 1042/2268] fix: Cleanup config dir to use fixed name

---
 Makefile                                      |   2 +-
 .../patches/webhook_in_kluctldeployments.yaml |   2 +-
 config/default/kustomization.yaml             | 132 ------------------
 config/default/manager_config_patch.yaml      |  10 --
 config/manager/manager.yaml                   |  24 ++--
 config/prometheus/kustomization.yaml          |   2 -
 config/prometheus/monitor.yaml                |  26 ----
 config/rbac/kluctldeployment_editor_role.yaml |   2 +-
 config/rbac/kluctldeployment_viewer_role.yaml |   2 +-
 config/rbac/leader_election_role.yaml         |   5 +-
 config/rbac/leader_election_role_binding.yaml |  11 +-
 config/rbac/role.yaml                         |   2 +-
 config/rbac/role_binding.yaml                 |  12 +-
 config/rbac/service_account.yaml              |   8 +-
 14 files changed, 36 insertions(+), 204 deletions(-)
 delete mode 100644 config/default/manager_config_patch.yaml
 delete mode 100644 config/prometheus/kustomization.yaml
 delete mode 100644 config/prometheus/monitor.yaml

diff --git a/Makefile b/Makefile
index 46c182d03..bb1058f15 100644
--- a/Makefile
+++ b/Makefile
@@ -59,7 +59,7 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=kluctl-controller-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
diff --git a/config/crd/patches/webhook_in_kluctldeployments.yaml b/config/crd/patches/webhook_in_kluctldeployments.yaml
index fa1689a1d..07d04c73e 100644
--- a/config/crd/patches/webhook_in_kluctldeployments.yaml
+++ b/config/crd/patches/webhook_in_kluctldeployments.yaml
@@ -9,7 +9,7 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
+          namespace: kluctl-system
           name: webhook-service
           path: /convert
       conversionReviewVersions:
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index ce073d33f..98deb64cd 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -1,137 +1,5 @@
-# Adds namespace to all resources.
-namespace: controller-system
-
-# Value of this field is prepended to the
-# names of all resources, e.g. a deployment named
-# "wordpress" becomes "alices-wordpress".
-# Note that it should also match with the prefix (text before '-') of the namespace
-# field above.
-namePrefix: kluctl-
-
-# Labels to add to all resources and selectors.
-#labels:
-#- includeSelectors: true
-#  pairs:
-#    someName: someValue
 
 resources:
 - ../crd
 - ../rbac
 - ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- ../webhook
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
-# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-#- ../prometheus
-
-
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
-# crd/kustomization.yaml
-#- manager_webhook_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
-# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
-# 'CERTMANAGER' needs to be enabled to use ca injection
-#- webhookcainjection_patch.yaml
-
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-# Uncomment the following replacements to add the cert-manager CA injection annotations
-#replacements:
-#  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
-#      kind: Certificate
-#      group: cert-manager.io
-#      version: v1
-#      name: serving-cert # this name should match the one in certificate.yaml
-#      fieldPath: .metadata.namespace # namespace of the certificate CR
-#    targets:
-#      - select:
-#          kind: ValidatingWebhookConfiguration
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 0
-#          create: true
-#      - select:
-#          kind: MutatingWebhookConfiguration
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 0
-#          create: true
-#      - select:
-#          kind: CustomResourceDefinition
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 0
-#          create: true
-#  - source:
-#      kind: Certificate
-#      group: cert-manager.io
-#      version: v1
-#      name: serving-cert # this name should match the one in certificate.yaml
-#      fieldPath: .metadata.name
-#    targets:
-#      - select:
-#          kind: ValidatingWebhookConfiguration
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 1
-#          create: true
-#      - select:
-#          kind: MutatingWebhookConfiguration
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 1
-#          create: true
-#      - select:
-#          kind: CustomResourceDefinition
-#        fieldPaths:
-#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#        options:
-#          delimiter: '/'
-#          index: 1
-#          create: true
-#  - source: # Add cert-manager annotation to the webhook Service
-#      kind: Service
-#      version: v1
-#      name: webhook-service
-#      fieldPath: .metadata.name # namespace of the service
-#    targets:
-#      - select:
-#          kind: Certificate
-#          group: cert-manager.io
-#          version: v1
-#        fieldPaths:
-#          - .spec.dnsNames.0
-#          - .spec.dnsNames.1
-#        options:
-#          delimiter: '.'
-#          index: 0
-#          create: true
-#  - source:
-#      kind: Service
-#      version: v1
-#      name: webhook-service
-#      fieldPath: .metadata.namespace # namespace of the service
-#    targets:
-#      - select:
-#          kind: Certificate
-#          group: cert-manager.io
-#          version: v1
-#        fieldPaths:
-#          - .spec.dnsNames.0
-#          - .spec.dnsNames.1
-#        options:
-#          delimiter: '.'
-#          index: 1
-#          create: true
diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
deleted file mode 100644
index f6f589169..000000000
--- a/config/default/manager_config_patch.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-      - name: manager
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 0eaa207d9..60bc2cbf5 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -8,33 +8,33 @@ metadata:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: system
+    app.kubernetes.io/managed-by: kluctl
+  name: kluctl-system
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: kluctl-controller
+  namespace: kluctl-system
   labels:
-    control-plane: controller-manager
+    control-plane: kluctl-controller
     app.kubernetes.io/name: deployment
-    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/instance: kluctl-controller
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/managed-by: kluctl
 spec:
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: kluctl-controller
   replicas: 1
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        control-plane: kluctl-controller
     spec:
       # TODO(user): Uncomment the following code to configure the nodeAffinity expression
       # according to the platforms which are supported by your solution.
@@ -71,9 +71,9 @@ spec:
         - controller
         args:
         - --leader-elect
-        image: controller:latest
+        image: ghcr.io/kluctl/kluctl:latest
         imagePullPolicy: IfNotPresent
-        name: manager
+        name: controller
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -100,5 +100,5 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
-      serviceAccountName: controller-manager
+      serviceAccountName: kluctl-controller
       terminationGracePeriodSeconds: 10
diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml
deleted file mode 100644
index ed137168a..000000000
--- a/config/prometheus/kustomization.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-resources:
-- monitor.yaml
diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
deleted file mode 100644
index 62e8a7ccb..000000000
--- a/config/prometheus/monitor.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-# Prometheus Monitor Service (Metrics)
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: servicemonitor
-    app.kubernetes.io/instance: controller-manager-metrics-monitor
-    app.kubernetes.io/component: metrics
-    app.kubernetes.io/created-by: controller
-    app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-monitor
-  namespace: system
-spec:
-  endpoints:
-    - path: /metrics
-      port: https
-      scheme: https
-      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-      tlsConfig:
-        insecureSkipVerify: true
-  selector:
-    matchLabels:
-      control-plane: controller-manager
diff --git a/config/rbac/kluctldeployment_editor_role.yaml b/config/rbac/kluctldeployment_editor_role.yaml
index 8304fdd0c..bdd62da70 100644
--- a/config/rbac/kluctldeployment_editor_role.yaml
+++ b/config/rbac/kluctldeployment_editor_role.yaml
@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/managed-by: kluctl
   name: kluctldeployment-editor-role
 rules:
 - apiGroups:
diff --git a/config/rbac/kluctldeployment_viewer_role.yaml b/config/rbac/kluctldeployment_viewer_role.yaml
index 50685c666..bee8b81ea 100644
--- a/config/rbac/kluctldeployment_viewer_role.yaml
+++ b/config/rbac/kluctldeployment_viewer_role.yaml
@@ -8,7 +8,7 @@ metadata:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/managed-by: kluctl
   name: kluctldeployment-viewer-role
 rules:
 - apiGroups:
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
index 9bf1a8ac0..4d4c486d0 100644
--- a/config/rbac/leader_election_role.yaml
+++ b/config/rbac/leader_election_role.yaml
@@ -8,8 +8,9 @@ metadata:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: leader-election-role
+    app.kubernetes.io/managed-by: kluctl
+  name: kluctl-controller-leader-election-role
+  namespace: kluctl-system
 rules:
 - apiGroups:
   - ""
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
index d8cfaffd6..1ddbed5d3 100644
--- a/config/rbac/leader_election_role_binding.yaml
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -7,13 +7,14 @@ metadata:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: leader-election-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+  name: kluctl-controller-leader-election-rolebinding
+  namespace: kluctl-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: leader-election-role
+  name: kluctl-controller-leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
-  namespace: system
+  name: kluctl-controller
+  namespace: kluctl-system
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 14fffd85c..5f7215c78 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: manager-role
+  name: kluctl-controller-role
 rules:
 - apiGroups:
   - ""
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
index 5c650c9a8..7381f094e 100644
--- a/config/rbac/role_binding.yaml
+++ b/config/rbac/role_binding.yaml
@@ -3,17 +3,17 @@ kind: ClusterRoleBinding
 metadata:
   labels:
     app.kubernetes.io/name: clusterrolebinding
-    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/instance: kluctl-controller-rolebinding
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: manager-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+  name: kluctl-controller-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: kluctl-controller-role
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
-  namespace: system
+  name: kluctl-controller
+  namespace: kluctl-system
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
index a0e977167..b5f5dd8fc 100644
--- a/config/rbac/service_account.yaml
+++ b/config/rbac/service_account.yaml
@@ -3,10 +3,10 @@ kind: ServiceAccount
 metadata:
   labels:
     app.kubernetes.io/name: serviceaccount
-    app.kubernetes.io/instance: controller-manager-sa
+    app.kubernetes.io/instance: kluctl-controller-sa
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: controller
     app.kubernetes.io/part-of: controller
-    app.kubernetes.io/managed-by: kustomize
-  name: controller-manager
-  namespace: system
+    app.kubernetes.io/managed-by: kluctl
+  name: kluctl-controller
+  namespace: kluctl-system

From 1ac87b7a1af0f3db13c39a0fbfb1b23f01a1abc2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 14:32:21 +0200
Subject: [PATCH 1043/2268] feat: Add embedded controller deployment

---
 .github/workflows/tests.yml                   |    9 +
 Makefile                                      |    5 +-
 install/controller/.kluctl.yaml               |    5 +
 .../controller/controller-version-patch.yaml  |    0
 install/controller/controller/crd.yaml        | 1168 +++++++++++++++++
 .../controller/controller/kustomization.yaml  |   13 +
 install/controller/controller/manager.yaml    |   75 ++
 install/controller/controller/rbac.yaml       |  165 +++
 install/controller/deployment.yaml            |    3 +
 install/controller/embed.go                   |    6 +
 10 files changed, 1448 insertions(+), 1 deletion(-)
 create mode 100644 install/controller/.kluctl.yaml
 create mode 100644 install/controller/controller/controller-version-patch.yaml
 create mode 100644 install/controller/controller/crd.yaml
 create mode 100644 install/controller/controller/kustomization.yaml
 create mode 100644 install/controller/controller/manager.yaml
 create mode 100644 install/controller/controller/rbac.yaml
 create mode 100644 install/controller/deployment.yaml
 create mode 100644 install/controller/embed.go

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 8559911f4..fd0338d69 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -48,6 +48,15 @@ jobs:
             git diff
             exit 1
           fi
+      - name: Verify generated manifests are up-to-date
+        run: |
+          make manifests
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "make manifests must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   tests:
     strategy:
diff --git a/Makefile b/Makefile
index bb1058f15..c8d2eb5a3 100644
--- a/Makefile
+++ b/Makefile
@@ -58,8 +58,11 @@ help: ## Display this help.
 ##@ Development
 
 .PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=kluctl-controller-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(KUSTOMIZE) build config/crd > install/controller/controller/crd.yaml
+	$(KUSTOMIZE) build config/rbac > install/controller/controller/rbac.yaml
+	$(KUSTOMIZE) build config/manager > install/controller/controller/manager.yaml
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
new file mode 100644
index 000000000..7f7283c68
--- /dev/null
+++ b/install/controller/.kluctl.yaml
@@ -0,0 +1,5 @@
+discriminator: kluctl.io-controller
+
+args:
+  - name: controller_version
+    default: v0.0.0
\ No newline at end of file
diff --git a/install/controller/controller/controller-version-patch.yaml b/install/controller/controller/controller-version-patch.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
new file mode 100644
index 000000000..11208546d
--- /dev/null
+++ b/install/controller/controller/crd.yaml
@@ -0,0 +1,1168 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: kluctldeployments.gitops.kluctl.io
+spec:
+  group: gitops.kluctl.io
+  names:
+    kind: KluctlDeployment
+    listKind: KluctlDeploymentList
+    plural: kluctldeployments
+    singular: kluctldeployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.dryRun
+      name: DryRun
+      type: boolean
+    - jsonPath: .status.lastDeployResult.command.endTime
+      name: Deployed
+      type: date
+    - jsonPath: .status.lastPruneResult.command.endTime
+      name: Pruned
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: KluctlDeployment is the Schema for the kluctldeployments API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              abortOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to abort deployments
+                  immediately when something fails. Equivalent to using '--abort-on-error'
+                  when calling kluctl.
+                type: boolean
+              args:
+                description: Args specifies dynamic target args.
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              context:
+                description: If specified, overrides the context to be used. This
+                  will effectively make kluctl ignore the context specified in the
+                  target.
+                type: string
+              decryption:
+                description: Decrypt Kubernetes secrets before applying them on the
+                  cluster.
+                properties:
+                  provider:
+                    description: Provider is the name of the decryption engine.
+                    enum:
+                    - sops
+                    type: string
+                  secretRef:
+                    description: The secret name containing the private OpenPGP keys
+                      used for decryption.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  serviceAccount:
+                    description: ServiceAccount specifies the service account used
+                      to authenticate against cloud providers. This is currently only
+                      usable for AWS KMS keys. The specified service account will
+                      be used to authenticate to AWS by signing a token in an IRSA
+                      compliant way.
+                    type: string
+                required:
+                - provider
+                type: object
+              delete:
+                default: false
+                description: Delete enables deletion of the specified target when
+                  the KluctlDeployment object gets deleted.
+                type: boolean
+              deployInterval:
+                description: DeployInterval specifies the interval at which to deploy
+                  the KluctlDeployment, even in cases the rendered result does not
+                  change.
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+              deployMode:
+                default: full-deploy
+                description: DeployMode specifies what deploy mode should be used.
+                  The options 'full-deploy' and 'poke-images' are supported. With
+                  the 'poke-images' option, only images are patched into the target
+                  without performing a full deployment.
+                enum:
+                - full-deploy
+                - poke-images
+                type: string
+              dryRun:
+                default: false
+                description: DryRun instructs kluctl to run everything in dry-run
+                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                type: boolean
+              excludeDeploymentDirs:
+                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
+                  with the given dir. Equivalent to using '--exclude-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              excludeTags:
+                description: ExcludeTags instructs kluctl to exclude deployments with
+                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                items:
+                  type: string
+                type: array
+              forceApply:
+                default: false
+                description: ForceApply instructs kluctl to force-apply in case of
+                  SSA conflicts. Equivalent to using '--force-apply' when calling
+                  kluctl.
+                type: boolean
+              forceReplaceOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to force-replace
+                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
+                  when calling kluctl.
+                type: boolean
+              helmCredentials:
+                description: HelmCredentials is a list of Helm credentials used when
+                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
+                items:
+                  properties:
+                    secretRef:
+                      description: 'SecretRef holds the name of a secret that contains
+                        the Helm credentials. The secret must either contain the fields
+                        `credentialsId` which refers to the credentialsId found in
+                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
+                        or an `url` used to match the credentials found in Kluctl
+                        projects helm-chart.yaml files. The secret can either container
+                        basic authentication credentials via `username` and `password`
+                        or TLS authentication via `certFile` and `keyFile`. `caFile`
+                        can be specified to override the CA to use while contacting
+                        the repository. The secret can also contain `insecureSkipTlsVerify:
+                        "true"`, which will disable TLS verification. `passCredentialsAll:
+                        "true"` can be specified to make the controller pass credentials
+                        to all requests, even if the hostname changes in-between.'
+                      properties:
+                        name:
+                          description: Name of the referent.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  type: object
+                type: array
+              images:
+                description: Images contains a list of fixed image overrides. Equivalent
+                  to using '--fixed-images-file' when calling kluctl.
+                items:
+                  properties:
+                    container:
+                      type: string
+                    deployTags:
+                      items:
+                        type: string
+                      type: array
+                    deployedImage:
+                      type: string
+                    deployment:
+                      type: string
+                    deploymentDir:
+                      type: string
+                    image:
+                      type: string
+                    namespace:
+                      type: string
+                    object:
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                        version:
+                          type: string
+                      required:
+                      - kind
+                      - name
+                      type: object
+                    resultImage:
+                      type: string
+                  required:
+                  - image
+                  - resultImage
+                  type: object
+                type: array
+              includeDeploymentDirs:
+                description: IncludeDeploymentDirs instructs kluctl to only include
+                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              includeTags:
+                description: IncludeTags instructs kluctl to only include deployments
+                  with given tags. Equivalent to using '--include-tag' when calling
+                  kluctl.
+                items:
+                  type: string
+                type: array
+              interval:
+                description: The interval at which to reconcile the KluctlDeployment.
+                  Reconciliation means that the deployment is fully rendered and only
+                  deployed when the result changes compared to the last deployment.
+                  To override this behavior, set the DeployInterval value.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              kubeConfig:
+                description: The KubeConfig for deploying to the target cluster. Specifies
+                  the kubeconfig to be used when invoking kluctl. Contexts in this
+                  kubeconfig must match the context found in the kluctl target. As
+                  an alternative, specify the context to be used via 'context'
+                properties:
+                  secretRef:
+                    description: SecretRef holds the name of a secret that contains
+                      a key with the kubeconfig file as the value. If no key is set,
+                      the key will default to 'value'. The secret must be in the same
+                      namespace as the Kustomization. It is recommended that the kubeconfig
+                      is self-contained, and the secret is regularly updated if credentials
+                      such as a cloud-access-token expire. Cloud specific `cmd-path`
+                      auth helpers will not function without adding binaries and credentials
+                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    properties:
+                      key:
+                        description: Key in the Secret, when not specified an implementation-specific
+                          default key is used.
+                        type: string
+                      name:
+                        description: Name of the Secret.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+              noWait:
+                default: false
+                description: NoWait instructs kluctl to not wait for any resources
+                  to become ready, including hooks. Equivalent to using '--no-wait'
+                  when calling kluctl.
+                type: boolean
+              prune:
+                default: false
+                description: Prune enables pruning after deploying.
+                type: boolean
+              replaceOnError:
+                default: false
+                description: ReplaceOnError instructs kluctl to replace resources
+                  on error. Equivalent to using '--replace-on-error' when calling
+                  kluctl.
+                type: boolean
+              retryInterval:
+                description: The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the Interval value to retry
+                  failures.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              serviceAccountName:
+                description: The name of the Kubernetes service account to use while
+                  deploying. If not specified, the default service account is used.
+                type: string
+              source:
+                description: Specifies the project source location
+                properties:
+                  path:
+                    description: Path specifies the sub-directory to be used as project
+                      directory
+                    type: string
+                  ref:
+                    description: Ref specifies the branch, tag or commit that should
+                      be used. If omitted, the default branch of the repo is used.
+                    properties:
+                      branch:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                      tag:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                    type: object
+                  secretRef:
+                    description: SecretRef specifies the Secret containing authentication
+                      credentials for the git repository. For HTTPS repositories the
+                      Secret must contain 'username' and 'password' fields. For SSH
+                      repositories the Secret must contain 'identity' and 'known_hosts'
+                      fields.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  url:
+                    description: Url specifies the Git url where the project source
+                      is located
+                    type: string
+                required:
+                - url
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend subsequent
+                  kluctl executions, it does not apply to already started executions.
+                  Defaults to false.
+                type: boolean
+              target:
+                description: Target specifies the kluctl target to deploy. If not
+                  specified, an empty target is used that has no name and no context.
+                  Use 'TargetName' and 'Context' to specify the name and context in
+                  that case.
+                maxLength: 63
+                minLength: 1
+                type: string
+              targetNameOverride:
+                description: TargetNameOverride sets or overrides the target name.
+                  This is especially useful when deployment without a target.
+                maxLength: 63
+                minLength: 1
+                type: string
+              timeout:
+                description: Timeout for all operations. Defaults to 'Interval' duration.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              validate:
+                default: true
+                description: Validate enables validation after deploying
+                type: boolean
+              validateInterval:
+                description: ValidateInterval specifies the interval at which to validate
+                  the KluctlDeployment. Validation is performed the same way as with
+                  'kluctl validate -t <target>'. Defaults to the same value as specified
+                  in Interval. Validate is also performed whenever a deployment is
+                  performed, independent of the value of ValidateInterval
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+            required:
+            - interval
+            - source
+            type: object
+          status:
+            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
+            properties:
+              LastHandledDeployAt:
+                type: string
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastDeployError:
+                type: string
+              lastDeployResult:
+                description: LastDeployResult is the result of the last deploy command
+                properties:
+                  appliedHookObjects:
+                    type: integer
+                  appliedObjects:
+                    type: integer
+                  changedObjects:
+                    type: integer
+                  clusterInfo:
+                    properties:
+                      clusterId:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  commandInfo:
+                    properties:
+                      abortOnError:
+                        type: boolean
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      command:
+                        type: string
+                      contextOverride:
+                        type: string
+                      dryRun:
+                        type: boolean
+                      endTime:
+                        format: date-time
+                        type: string
+                      excludeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      excludeTags:
+                        items:
+                          type: string
+                        type: array
+                      forceApply:
+                        type: boolean
+                      forceReplaceOnError:
+                        type: boolean
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      includeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      includeTags:
+                        items:
+                          type: string
+                        type: array
+                      initiator:
+                        type: string
+                      kluctlDeployment:
+                        properties:
+                          gitRef:
+                            type: string
+                          gitUrl:
+                            type: string
+                          name:
+                            type: string
+                          namespace:
+                            type: string
+                        required:
+                        - gitRef
+                        - gitUrl
+                        - name
+                        - namespace
+                        type: object
+                      noWait:
+                        type: boolean
+                      replaceOnError:
+                        type: boolean
+                      startTime:
+                        format: date-time
+                        type: string
+                      target:
+                        type: string
+                      targetNameOverride:
+                        type: string
+                    required:
+                    - endTime
+                    - initiator
+                    - startTime
+                    type: object
+                  deletedObjects:
+                    type: integer
+                  errors:
+                    type: integer
+                  gitInfo:
+                    properties:
+                      commit:
+                        type: string
+                      dirty:
+                        type: boolean
+                      ref:
+                        type: string
+                      subDir:
+                        type: string
+                      url:
+                        type: string
+                    required:
+                    - commit
+                    - dirty
+                    - ref
+                    - subDir
+                    - url
+                    type: object
+                  id:
+                    type: string
+                  newObjects:
+                    type: integer
+                  orphanObjects:
+                    type: integer
+                  projectKey:
+                    properties:
+                      gitRepoKey:
+                        type: string
+                      subDir:
+                        type: string
+                    type: object
+                  remoteObjects:
+                    type: integer
+                  renderedObjects:
+                    type: integer
+                  target:
+                    properties:
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      context:
+                        type: string
+                      discriminator:
+                        type: string
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      sealingConfig:
+                        properties:
+                          args:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          certFile:
+                            type: string
+                          secretSets:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  targetKey:
+                    properties:
+                      clusterId:
+                        type: string
+                      discriminator:
+                        type: string
+                      targetName:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  totalChanges:
+                    type: integer
+                  warnings:
+                    type: integer
+                required:
+                - appliedHookObjects
+                - appliedObjects
+                - changedObjects
+                - commandInfo
+                - deletedObjects
+                - errors
+                - id
+                - newObjects
+                - orphanObjects
+                - projectKey
+                - remoteObjects
+                - renderedObjects
+                - target
+                - targetKey
+                - totalChanges
+                - warnings
+                type: object
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              lastObjectsHash:
+                type: string
+              lastPruneError:
+                type: string
+              lastPruneResult:
+                description: LastDeployResult is the result of the last prune command
+                properties:
+                  appliedHookObjects:
+                    type: integer
+                  appliedObjects:
+                    type: integer
+                  changedObjects:
+                    type: integer
+                  clusterInfo:
+                    properties:
+                      clusterId:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  commandInfo:
+                    properties:
+                      abortOnError:
+                        type: boolean
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      command:
+                        type: string
+                      contextOverride:
+                        type: string
+                      dryRun:
+                        type: boolean
+                      endTime:
+                        format: date-time
+                        type: string
+                      excludeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      excludeTags:
+                        items:
+                          type: string
+                        type: array
+                      forceApply:
+                        type: boolean
+                      forceReplaceOnError:
+                        type: boolean
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      includeDeploymentDirs:
+                        items:
+                          type: string
+                        type: array
+                      includeTags:
+                        items:
+                          type: string
+                        type: array
+                      initiator:
+                        type: string
+                      kluctlDeployment:
+                        properties:
+                          gitRef:
+                            type: string
+                          gitUrl:
+                            type: string
+                          name:
+                            type: string
+                          namespace:
+                            type: string
+                        required:
+                        - gitRef
+                        - gitUrl
+                        - name
+                        - namespace
+                        type: object
+                      noWait:
+                        type: boolean
+                      replaceOnError:
+                        type: boolean
+                      startTime:
+                        format: date-time
+                        type: string
+                      target:
+                        type: string
+                      targetNameOverride:
+                        type: string
+                    required:
+                    - endTime
+                    - initiator
+                    - startTime
+                    type: object
+                  deletedObjects:
+                    type: integer
+                  errors:
+                    type: integer
+                  gitInfo:
+                    properties:
+                      commit:
+                        type: string
+                      dirty:
+                        type: boolean
+                      ref:
+                        type: string
+                      subDir:
+                        type: string
+                      url:
+                        type: string
+                    required:
+                    - commit
+                    - dirty
+                    - ref
+                    - subDir
+                    - url
+                    type: object
+                  id:
+                    type: string
+                  newObjects:
+                    type: integer
+                  orphanObjects:
+                    type: integer
+                  projectKey:
+                    properties:
+                      gitRepoKey:
+                        type: string
+                      subDir:
+                        type: string
+                    type: object
+                  remoteObjects:
+                    type: integer
+                  renderedObjects:
+                    type: integer
+                  target:
+                    properties:
+                      args:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      context:
+                        type: string
+                      discriminator:
+                        type: string
+                      images:
+                        items:
+                          properties:
+                            container:
+                              type: string
+                            deployTags:
+                              items:
+                                type: string
+                              type: array
+                            deployedImage:
+                              type: string
+                            deployment:
+                              type: string
+                            deploymentDir:
+                              type: string
+                            image:
+                              type: string
+                            namespace:
+                              type: string
+                            object:
+                              properties:
+                                group:
+                                  type: string
+                                kind:
+                                  type: string
+                                name:
+                                  type: string
+                                namespace:
+                                  type: string
+                                version:
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            resultImage:
+                              type: string
+                          required:
+                          - image
+                          - resultImage
+                          type: object
+                        type: array
+                      name:
+                        type: string
+                      sealingConfig:
+                        properties:
+                          args:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          certFile:
+                            type: string
+                          secretSets:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  targetKey:
+                    properties:
+                      clusterId:
+                        type: string
+                      discriminator:
+                        type: string
+                      targetName:
+                        type: string
+                    required:
+                    - clusterId
+                    type: object
+                  totalChanges:
+                    type: integer
+                  warnings:
+                    type: integer
+                required:
+                - appliedHookObjects
+                - appliedObjects
+                - changedObjects
+                - commandInfo
+                - deletedObjects
+                - errors
+                - id
+                - newObjects
+                - orphanObjects
+                - projectKey
+                - remoteObjects
+                - renderedObjects
+                - target
+                - targetKey
+                - totalChanges
+                - warnings
+                type: object
+              lastValidateError:
+                type: string
+              lastValidateResult:
+                description: LastValidateResult is the result of the last validate
+                  command
+                properties:
+                  drift:
+                    items:
+                      properties:
+                        changes:
+                          items:
+                            properties:
+                              jsonPath:
+                                type: string
+                              newValue:
+                                x-kubernetes-preserve-unknown-fields: true
+                              oldValue:
+                                x-kubernetes-preserve-unknown-fields: true
+                              type:
+                                type: string
+                              unifiedDiff:
+                                type: string
+                            required:
+                            - jsonPath
+                            - type
+                            type: object
+                          type: array
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - ref
+                      type: object
+                    type: array
+                  endTime:
+                    format: date-time
+                    type: string
+                  errors:
+                    items:
+                      properties:
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                  id:
+                    type: string
+                  ready:
+                    type: boolean
+                  results:
+                    items:
+                      properties:
+                        annotation:
+                          type: string
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - annotation
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                  startTime:
+                    format: date-time
+                    type: string
+                  warnings:
+                    items:
+                      properties:
+                        message:
+                          type: string
+                        ref:
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                          - kind
+                          - name
+                          type: object
+                      required:
+                      - message
+                      - ref
+                      type: object
+                    type: array
+                required:
+                - endTime
+                - id
+                - ready
+                - startTime
+                type: object
+              observedCommit:
+                description: ObservedCommit is the last commit observed
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the last reconciled generation.
+                format: int64
+                type: integer
+              projectKey:
+                properties:
+                  gitRepoKey:
+                    type: string
+                  subDir:
+                    type: string
+                type: object
+              targetKey:
+                properties:
+                  clusterId:
+                    type: string
+                  discriminator:
+                    type: string
+                  targetName:
+                    type: string
+                required:
+                - clusterId
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
new file mode 100644
index 000000000..4c41784cc
--- /dev/null
+++ b/install/controller/controller/kustomization.yaml
@@ -0,0 +1,13 @@
+resources:
+  - crd.yaml
+  - manager.yaml
+  - rbac.yaml
+
+patches:
+  - target:
+      kind: Deployment
+      name: kluctl-controller
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/image
+        value: ghcr.io/kluctl/kluctl:{{ args.controller_version }}
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
new file mode 100644
index 000000000..02f78bc76
--- /dev/null
+++ b/install/controller/controller/manager.yaml
@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: system
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: namespace
+    app.kubernetes.io/part-of: controller
+    control-plane: controller-manager
+  name: kluctl-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-controller
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/part-of: controller
+    control-plane: kluctl-controller
+  name: kluctl-controller
+  namespace: kluctl-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: kluctl-controller
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: kluctl-controller
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        command:
+        - kluctl
+        - controller
+        image: ghcr.io/kluctl/kluctl:latest
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: controller
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: kluctl-controller
+      terminationGracePeriodSeconds: 10
diff --git a/install/controller/controller/rbac.yaml b/install/controller/controller/rbac.yaml
new file mode 100644
index 000000000..1845b4548
--- /dev/null
+++ b/install/controller/controller/rbac.yaml
@@ -0,0 +1,165 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-controller-sa
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/part-of: controller
+  name: kluctl-controller
+  namespace: kluctl-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: leader-election-role
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: role
+    app.kubernetes.io/part-of: controller
+  name: kluctl-controller-leader-election-role
+  namespace: kluctl-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kluctl-controller-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - serviceaccounts
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - flux.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - flux.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - gitops.kluctl.io
+  resources:
+  - kluctldeployments/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-controller-leader-election-rolebinding
+  namespace: kluctl-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kluctl-controller-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: kluctl-controller
+  namespace: kluctl-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-controller-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-controller-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kluctl-controller-role
+subjects:
+- kind: ServiceAccount
+  name: kluctl-controller
+  namespace: kluctl-system
diff --git a/install/controller/deployment.yaml b/install/controller/deployment.yaml
new file mode 100644
index 000000000..1ab7a6d3e
--- /dev/null
+++ b/install/controller/deployment.yaml
@@ -0,0 +1,3 @@
+
+deployments:
+  - path: controller
diff --git a/install/controller/embed.go b/install/controller/embed.go
new file mode 100644
index 000000000..3bf3cd004
--- /dev/null
+++ b/install/controller/embed.go
@@ -0,0 +1,6 @@
+package controller
+
+import "embed"
+
+//go:embed all:*
+var Config embed.FS

From 201449734ad6189499e3a2e1a5fbf887a3840aa8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 14:33:51 +0200
Subject: [PATCH 1044/2268] chore: Add prepeare-release.sh script

---
 hack/prepare-release.sh | 45 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 hack/prepare-release.sh

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
new file mode 100755
index 000000000..609c006d5
--- /dev/null
+++ b/hack/prepare-release.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+set -e
+
+VERSION=$1
+
+VERSION_REGEX='v([0-9]*)\.([0-9]*)\.([0-9]*)'
+VERSION_REGEX_SED='v\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)'
+
+if [ ! -z "$(git status --porcelain)" ]; then
+  echo "working directory is dirty!"
+  exit 1
+fi
+
+if [ -z "$VERSION" ]; then
+  echo "No version specified, using 'git sv next-version'"
+  VERSION=v$(git sv next-version)
+fi
+
+if [[ ! ($VERSION =~ $VERSION_REGEX) ]]; then
+  echo "version is invalid"
+  exit 1
+fi
+
+echo VERSION=$VERSION
+
+FILES="install/controller/.kluctl.yaml"
+
+for f in $FILES; do
+  cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp
+  mv $f.tmp $f
+
+  git add $f
+done
+
+if [ -z "$(git status --porcelain)" ]; then
+  echo "nothing has changed!"
+  exit 1
+fi
+
+echo "committing"
+git commit -o -m "build: Preparing release $VERSION" -- $FILES
+
+echo "tagging"
+git tag -f $VERSION

From 47bf5a0b4bcbda41536f8524edfc7e26c2ab32b1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 14:37:00 +0200
Subject: [PATCH 1045/2268] ci: Increment minor version instead of patch
 version when building snapshots

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 8d657a092..ba0d196f9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -52,7 +52,7 @@ sboms:
 checksum:
   name_template: '{{ .ProjectName }}_v{{ .Version }}_checksums.txt'
 snapshot:
-  name_template: "{{ incpatch .Version }}-next"
+  name_template: "{{ incminor .Version }}-next"
 changelog:
   sort: asc
   filters:

From 29e4b21cef922c971c536799610b5b7c08a7fab0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 May 2023 14:43:50 +0200
Subject: [PATCH 1046/2268] feat: Move "controller" sub-command to "controller
 run"

---
 cmd/kluctl/commands/cmd_controller.go      | 217 +-------------------
 cmd/kluctl/commands/cmd_controller_run.go  | 220 +++++++++++++++++++++
 cmd/kluctl/commands/cobra_utils.go         |   5 +-
 cmd/kluctl/commands/root.go                |   2 +-
 config/manager/manager.yaml                |   1 +
 e2e/gitops_test.go                         |   1 +
 install/controller/controller/manager.yaml |   1 +
 7 files changed, 229 insertions(+), 218 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_controller_run.go

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index 241169b7f..508c75220 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -1,220 +1,5 @@
 package commands
 
-import (
-	"context"
-	"fmt"
-	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/controllers"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
-	log "github.com/sirupsen/logrus"
-	"k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-	"os"
-	"os/user"
-	"path/filepath"
-	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
-)
-
-var (
-	setupLog = ctrl.Log.WithName("setup")
-)
-
-const controllerName = "kluctl-controller"
-
 type controllerCmd struct {
-	scheme *runtime.Scheme
-
-	Kubeconfig string `group:"controller" help:"Override the kubeconfig to use."`
-	Context    string `group:"controller" help:"Override the context to use."`
-
-	MetricsBindAddress     string `group:"controller" help:"The address the metric endpoint binds to." default:":8080"`
-	HealthProbeBindAddress string `group:"controller" help:"The address the probe endpoint binds to." default:":8081"`
-	LeaderElect            bool   `group:"controller" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
-
-	DefaultServiceAccount string `group:"controller" help:"Default service account used for impersonation."`
-	DryRun                bool   `group:"controller" help:"Run all deployments in dryRun=true mode."`
-
-	args.CommandResultFlags
-}
-
-func (cmd *controllerCmd) Help() string {
-	return `This command will run the Kluctl Controller. This is usually meant to be run inside a cluster and not from your local machine.
-`
-}
-
-func (cmd *controllerCmd) initScheme() {
-	cmd.scheme = runtime.NewScheme()
-	scheme := cmd.scheme
-
-	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-
-	utilruntime.Must(kluctlv1.AddToScheme(scheme))
-
-	//+kubebuilder:scaffold:scheme
-}
-
-func (cmd *controllerCmd) Run(ctx context.Context) error {
-	cmd.initScheme()
-
-	metricsRecorder := metrics.NewRecorder()
-	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
-
-	opts := zap.Options{
-		Development: true,
-	}
-	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
-
-	restConfig, err := cmd.loadConfig(cmd.Kubeconfig, cmd.Context)
-	if err != nil {
-		setupLog.Error(err, "unable to load kubeconfig")
-		os.Exit(1)
-	}
-
-	enabled, err := flowcontrol.IsEnabled(context.Background(), restConfig)
-	if err == nil && enabled {
-		// A negative QPS and Burst indicates that the client should not have a rate limiter.
-		// Ref: https://github.com/kubernetes/kubernetes/blob/v1.24.0/staging/src/k8s.io/client-go/rest/config.go#L354-L364
-		restConfig.QPS = -1
-		restConfig.Burst = -1
-	}
-
-	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
-		Scheme:                 cmd.scheme,
-		MetricsBindAddress:     cmd.MetricsBindAddress,
-		Port:                   9443,
-		HealthProbeBindAddress: cmd.HealthProbeBindAddress,
-		LeaderElection:         cmd.LeaderElect,
-		LeaderElectionID:       "5ab5d0f9.kluctl.io",
-		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
-		// when the Manager ends. This requires the binary to immediately end when the
-		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
-		// speeds up voluntary leader transitions as the new leader don't have to wait
-		// LeaseDuration time first.
-		//
-		// In the default scaffold provided, the program ends immediately after
-		// the manager stops, so would be fine to enable this option. However,
-		// if you are doing or is intended to do any operation such as perform cleanups
-		// after the manager stops then its usage might be unsafe.
-		// LeaderElectionReleaseOnCancel: true,
-	})
-	if err != nil {
-		setupLog.Error(err, "unable to start manager")
-		os.Exit(1)
-	}
-
-	eventRecorder := mgr.GetEventRecorderFor(controllerName)
-
-	sshPool := &ssh_pool.SshPool{}
-
-	r := controllers.KluctlDeploymentReconciler{
-		ControllerName:        controllerName,
-		DefaultServiceAccount: cmd.DefaultServiceAccount,
-		DryRun:                cmd.DryRun,
-		RestConfig:            restConfig,
-		Client:                mgr.GetClient(),
-		Scheme:                mgr.GetScheme(),
-		EventRecorder:         eventRecorder,
-		MetricsRecorder:       metricsRecorder,
-		SshPool:               sshPool,
-	}
-
-	if cmd.WriteCommandResult {
-		resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
-		if err != nil {
-			return err
-		}
-		r.ResultStore = resultStore
-	}
-
-	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
-		HTTPRetry: 9,
-	}); err != nil {
-		setupLog.Error(err, "unable to create controller", "controller", kluctlv1.KluctlDeploymentKind)
-		os.Exit(1)
-	}
-
-	//+kubebuilder:scaffold:builder
-
-	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up health check")
-		os.Exit(1)
-	}
-	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
-		setupLog.Error(err, "unable to set up ready check")
-		os.Exit(1)
-	}
-
-	setupLog.Info("starting manager")
-	if err := mgr.Start(ctx); err != nil {
-		setupLog.Error(err, "problem running manager")
-		os.Exit(1)
-	}
-
-	return nil
-}
-
-// taken from clientcmd
-func (cmd *controllerCmd) loadConfig(kubeconfig string, context string) (config *rest.Config, configErr error) {
-	// If a flag is specified with the config location, use that
-	if len(kubeconfig) > 0 {
-		return cmd.loadConfigWithContext("", &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, context)
-	}
-
-	// If the recommended kubeconfig env variable is not specified,
-	// try the in-cluster config.
-	kubeconfigPath := os.Getenv(clientcmd.RecommendedConfigPathEnvVar)
-	if len(kubeconfigPath) == 0 {
-		c, err := rest.InClusterConfig()
-		if err == nil {
-			return c, nil
-		}
-
-		defer func() {
-			if configErr != nil {
-				log.Error(err, "unable to load in-cluster config")
-			}
-		}()
-	}
-
-	// If the recommended kubeconfig env variable is set, or there
-	// is no in-cluster config, try the default recommended locations.
-	//
-	// NOTE: For default config file locations, upstream only checks
-	// $HOME for the user's home directory, but we can also try
-	// os/user.HomeDir when $HOME is unset.
-	//
-	// TODO(jlanford): could this be done upstream?
-	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
-	if _, ok := os.LookupEnv("HOME"); !ok {
-		u, err := user.Current()
-		if err != nil {
-			return nil, fmt.Errorf("could not get current user: %w", err)
-		}
-		loadingRules.Precedence = append(loadingRules.Precedence, filepath.Join(u.HomeDir, clientcmd.RecommendedHomeDir, clientcmd.RecommendedFileName))
-	}
-
-	return cmd.loadConfigWithContext("", loadingRules, context)
-}
-
-// taken from clientcmd
-func (cmd *controllerCmd) loadConfigWithContext(apiServerURL string, loader clientcmd.ClientConfigLoader, context string) (*rest.Config, error) {
-	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		loader,
-		&clientcmd.ConfigOverrides{
-			ClusterInfo: clientcmdapi.Cluster{
-				Server: apiServerURL,
-			},
-			CurrentContext: context,
-		}).ClientConfig()
+	Run_ controllerRunCmd `cmd:"run" help:"Run the Kluctl controller"`
 }
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
new file mode 100644
index 000000000..6d9cb40b2
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -0,0 +1,220 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/controllers"
+	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	log "github.com/sirupsen/logrus"
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	"os"
+	"os/user"
+	"path/filepath"
+	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
+)
+
+var (
+	setupLog = ctrl.Log.WithName("setup")
+)
+
+const controllerName = "kluctl-controller"
+
+type controllerRunCmd struct {
+	scheme *runtime.Scheme
+
+	Kubeconfig string `group:"controller" help:"Override the kubeconfig to use."`
+	Context    string `group:"controller" help:"Override the context to use."`
+
+	MetricsBindAddress     string `group:"controller" help:"The address the metric endpoint binds to." default:":8080"`
+	HealthProbeBindAddress string `group:"controller" help:"The address the probe endpoint binds to." default:":8081"`
+	LeaderElect            bool   `group:"controller" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
+
+	DefaultServiceAccount string `group:"controller" help:"Default service account used for impersonation."`
+	DryRun                bool   `group:"controller" help:"Run all deployments in dryRun=true mode."`
+
+	args.CommandResultFlags
+}
+
+func (cmd *controllerRunCmd) Help() string {
+	return `This command will run the Kluctl Controller. This is usually meant to be run inside a cluster and not from your local machine.
+`
+}
+
+func (cmd *controllerRunCmd) initScheme() {
+	cmd.scheme = runtime.NewScheme()
+	scheme := cmd.scheme
+
+	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+
+	utilruntime.Must(kluctlv1.AddToScheme(scheme))
+
+	//+kubebuilder:scaffold:scheme
+}
+
+func (cmd *controllerRunCmd) Run(ctx context.Context) error {
+	cmd.initScheme()
+
+	metricsRecorder := metrics.NewRecorder()
+	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
+
+	opts := zap.Options{
+		Development: true,
+	}
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+
+	restConfig, err := cmd.loadConfig(cmd.Kubeconfig, cmd.Context)
+	if err != nil {
+		setupLog.Error(err, "unable to load kubeconfig")
+		os.Exit(1)
+	}
+
+	enabled, err := flowcontrol.IsEnabled(context.Background(), restConfig)
+	if err == nil && enabled {
+		// A negative QPS and Burst indicates that the client should not have a rate limiter.
+		// Ref: https://github.com/kubernetes/kubernetes/blob/v1.24.0/staging/src/k8s.io/client-go/rest/config.go#L354-L364
+		restConfig.QPS = -1
+		restConfig.Burst = -1
+	}
+
+	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
+		Scheme:                 cmd.scheme,
+		MetricsBindAddress:     cmd.MetricsBindAddress,
+		Port:                   9443,
+		HealthProbeBindAddress: cmd.HealthProbeBindAddress,
+		LeaderElection:         cmd.LeaderElect,
+		LeaderElectionID:       "5ab5d0f9.kluctl.io",
+		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
+		// when the Manager ends. This requires the binary to immediately end when the
+		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+		// speeds up voluntary leader transitions as the new leader don't have to wait
+		// LeaseDuration time first.
+		//
+		// In the default scaffold provided, the program ends immediately after
+		// the manager stops, so would be fine to enable this option. However,
+		// if you are doing or is intended to do any operation such as perform cleanups
+		// after the manager stops then its usage might be unsafe.
+		// LeaderElectionReleaseOnCancel: true,
+	})
+	if err != nil {
+		setupLog.Error(err, "unable to start manager")
+		os.Exit(1)
+	}
+
+	eventRecorder := mgr.GetEventRecorderFor(controllerName)
+
+	sshPool := &ssh_pool.SshPool{}
+
+	r := controllers.KluctlDeploymentReconciler{
+		ControllerName:        controllerName,
+		DefaultServiceAccount: cmd.DefaultServiceAccount,
+		DryRun:                cmd.DryRun,
+		RestConfig:            restConfig,
+		Client:                mgr.GetClient(),
+		Scheme:                mgr.GetScheme(),
+		EventRecorder:         eventRecorder,
+		MetricsRecorder:       metricsRecorder,
+		SshPool:               sshPool,
+	}
+
+	if cmd.WriteCommandResult {
+		resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
+		if err != nil {
+			return err
+		}
+		r.ResultStore = resultStore
+	}
+
+	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
+		HTTPRetry: 9,
+	}); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", kluctlv1.KluctlDeploymentKind)
+		os.Exit(1)
+	}
+
+	//+kubebuilder:scaffold:builder
+
+	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up health check")
+		os.Exit(1)
+	}
+	if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to set up ready check")
+		os.Exit(1)
+	}
+
+	setupLog.Info("starting manager")
+	if err := mgr.Start(ctx); err != nil {
+		setupLog.Error(err, "problem running manager")
+		os.Exit(1)
+	}
+
+	return nil
+}
+
+// taken from clientcmd
+func (cmd *controllerRunCmd) loadConfig(kubeconfig string, context string) (config *rest.Config, configErr error) {
+	// If a flag is specified with the config location, use that
+	if len(kubeconfig) > 0 {
+		return cmd.loadConfigWithContext("", &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, context)
+	}
+
+	// If the recommended kubeconfig env variable is not specified,
+	// try the in-cluster config.
+	kubeconfigPath := os.Getenv(clientcmd.RecommendedConfigPathEnvVar)
+	if len(kubeconfigPath) == 0 {
+		c, err := rest.InClusterConfig()
+		if err == nil {
+			return c, nil
+		}
+
+		defer func() {
+			if configErr != nil {
+				log.Error(err, "unable to load in-cluster config")
+			}
+		}()
+	}
+
+	// If the recommended kubeconfig env variable is set, or there
+	// is no in-cluster config, try the default recommended locations.
+	//
+	// NOTE: For default config file locations, upstream only checks
+	// $HOME for the user's home directory, but we can also try
+	// os/user.HomeDir when $HOME is unset.
+	//
+	// TODO(jlanford): could this be done upstream?
+	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+	if _, ok := os.LookupEnv("HOME"); !ok {
+		u, err := user.Current()
+		if err != nil {
+			return nil, fmt.Errorf("could not get current user: %w", err)
+		}
+		loadingRules.Precedence = append(loadingRules.Precedence, filepath.Join(u.HomeDir, clientcmd.RecommendedHomeDir, clientcmd.RecommendedFileName))
+	}
+
+	return cmd.loadConfigWithContext("", loadingRules, context)
+}
+
+// taken from clientcmd
+func (cmd *controllerRunCmd) loadConfigWithContext(apiServerURL string, loader clientcmd.ClientConfigLoader, context string) (*rest.Config, error) {
+	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		loader,
+		&clientcmd.ConfigOverrides{
+			ClusterInfo: clientcmdapi.Cluster{
+				Server: apiServerURL,
+			},
+			CurrentContext: context,
+		}).ClientConfig()
+}
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index d4b4fb013..de630a332 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -106,7 +106,10 @@ func (c *rootCommand) buildCobraSubCommands(cg *commandAndGroups, cmdStruct inte
 		v2 := v.Field(i).Addr().Interface()
 		name := buildCobraName(f.Name)
 
-		if _, ok := f.Tag.Lookup("cmd"); ok {
+		if cmd, ok := f.Tag.Lookup("cmd"); ok {
+			if cmd != "" {
+				name = cmd
+			}
 			// subcommand
 			shortHelp := f.Tag.Get("help")
 			longHelp := ""
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 74559d894..14b15c02e 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -66,7 +66,7 @@ type cli struct {
 	Render      renderCmd      `cmd:"" help:"Renders all resources and configuration files"`
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
-	Controller  controllerCmd  `cmd:"" help:"Run the Kluctl controller"`
+	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 60bc2cbf5..c1f1d3e68 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -69,6 +69,7 @@ spec:
       - command:
         - kluctl
         - controller
+        - run
         args:
         - --leader-elect
         image: ghcr.io/kluctl/kluctl:latest
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 1df30c7fa..edb46e916 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -96,6 +96,7 @@ func (suite *GitopsTestSuite) startController() {
 	ctx, ctxCancel := context.WithCancel(context.Background())
 	args := []string{
 		"controller",
+		"run",
 		"--kubeconfig",
 		tmpKubeconfig,
 		"--context",
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 02f78bc76..7cee4bf75 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -42,6 +42,7 @@ spec:
         command:
         - kluctl
         - controller
+        - run
         image: ghcr.io/kluctl/kluctl:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:

From f6e30a1129cc6a4191eccaa30f0a07cae23d3d9e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 00:16:54 +0200
Subject: [PATCH 1047/2268] feat: Add controller install sub-command

---
 cmd/kluctl/commands/cmd_controller.go         |  3 +-
 cmd/kluctl/commands/cmd_controller_install.go | 54 +++++++++++++++++++
 cmd/kluctl/commands/cmd_deploy.go             |  3 ++
 cmd/kluctl/commands/cmd_list_targets.go       |  2 +-
 cmd/kluctl/commands/cmd_seal.go               |  2 +-
 cmd/kluctl/commands/completion.go             |  2 +-
 cmd/kluctl/commands/utils.go                  | 14 +++--
 install/controller/embed.go                   |  2 +-
 pkg/kluctl_project/project.go                 |  3 +-
 pkg/kluctl_project/project_load.go            | 10 ++--
 10 files changed, 79 insertions(+), 16 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_controller_install.go

diff --git a/cmd/kluctl/commands/cmd_controller.go b/cmd/kluctl/commands/cmd_controller.go
index 508c75220..5a49c5187 100644
--- a/cmd/kluctl/commands/cmd_controller.go
+++ b/cmd/kluctl/commands/cmd_controller.go
@@ -1,5 +1,6 @@
 package commands
 
 type controllerCmd struct {
-	Run_ controllerRunCmd `cmd:"run" help:"Run the Kluctl controller"`
+	Install controllerInstallCmd `cmd:"" help:"Install the Kluctl controller"`
+	Run_    controllerRunCmd     `cmd:"run" help:"Run the Kluctl controller"`
 }
diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
new file mode 100644
index 000000000..319a0f496
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -0,0 +1,54 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/go-embed-python/embed_util"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/install/controller"
+	"time"
+)
+
+type controllerInstallCmd struct {
+	args.YesFlags
+	args.DryRunFlags
+	args.CommandResultFlags
+
+	Context           string `group:"controller" help:"Override the context to use."`
+	ControllerVersion string `group:"controller" help:"Specify the controller version to install."`
+}
+
+func (cmd *controllerInstallCmd) Help() string {
+	return `This command will install the kluctl-controller to the current Kubernetes clusters.`
+}
+
+func (cmd *controllerInstallCmd) Run(ctx context.Context) error {
+	src, err := embed_util.NewEmbeddedFiles(controller.Project, "kluctl-controller-deployment")
+	if err != nil {
+		return err
+	}
+
+	var deployArgs []string
+	if cmd.ControllerVersion != "" {
+		deployArgs = append(deployArgs, fmt.Sprintf("controller_version=%s", cmd.ControllerVersion))
+	}
+
+	cmd2 := deployCmd{
+		ProjectFlags: args.ProjectFlags{
+			ProjectDir: args.ProjectDir{
+				ProjectDir: args.ExistingDirType(src.GetExtractedPath()),
+			},
+			Timeout: 10 * time.Minute,
+		},
+		TargetFlags: args.TargetFlags{
+			Context: cmd.Context,
+		},
+		ArgsFlags: args.ArgsFlags{
+			Arg: deployArgs,
+		},
+		DryRunFlags:        cmd.DryRunFlags,
+		CommandResultFlags: cmd.CommandResultFlags,
+		internal:           true,
+	}
+	return cmd2.Run(ctx)
+}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index e292dc27d..e86f1a53d 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -27,6 +27,8 @@ type deployCmd struct {
 	args.CommandResultFlags
 
 	NoWait bool `group:"misc" help:"Don't wait for objects readiness'"`
+
+	internal bool
 }
 
 func (cmd *deployCmd) Help() string {
@@ -47,6 +49,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
+		internalDeploy:       cmd.internal,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		return cmd.runCmdDeploy(cmdCtx)
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index ce39e8476..8df9d4373 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.Targets {
 			result = append(result, t)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 69ecad6ee..c081a61f8 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -155,7 +155,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 }
 
 func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		noTargetMatch := true
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 77e7fe978..653b032f7 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -50,7 +50,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 66e6103b0..a03b70b77 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -24,7 +24,7 @@ import (
 	"strings"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -42,9 +42,12 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		return err
 	}
 
-	repoRoot, err := git.DetectGitRepositoryRoot(projectDir)
-	if err != nil {
-		status.Warning(ctx, "Failed to detect git project root. This might cause follow-up errors")
+	var repoRoot string
+	if !internalDeploy {
+		repoRoot, err = git.DetectGitRepositoryRoot(projectDir)
+		if err != nil {
+			status.Warning(ctx, "Failed to detect git project root. This might cause follow-up errors")
+		}
 	}
 
 	ctx, cancel := context.WithTimeout(ctx, projectFlags.Timeout)
@@ -126,6 +129,7 @@ type projectTargetCommandArgs struct {
 	renderOutputDirFlags args.RenderOutputDirFlags
 	commandResultFlags   *args.CommandResultFlags
 
+	internalDeploy    bool
 	forSeal           bool
 	forCompletion     bool
 	offlineKubernetes bool
@@ -140,7 +144,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
diff --git a/install/controller/embed.go b/install/controller/embed.go
index 3bf3cd004..dc5e78645 100644
--- a/install/controller/embed.go
+++ b/install/controller/embed.go
@@ -3,4 +3,4 @@ package controller
 import "embed"
 
 //go:embed all:*
-var Config embed.FS
+var Project embed.FS
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index ad2d230c9..7afc4918f 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -18,8 +18,7 @@ type LoadedKluctlProject struct {
 
 	TmpDir string
 
-	projectRootDir string
-	ProjectDir     string
+	ProjectDir string
 
 	sealedSecretsDir string
 
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 2982be334..5ed7aa53f 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -38,11 +38,13 @@ func (c *LoadedKluctlProject) getConfigPath() string {
 func (c *LoadedKluctlProject) loadKluctlProject() error {
 	var err error
 
-	c.projectRootDir = c.LoadArgs.RepoRoot
 	c.ProjectDir = c.LoadArgs.ProjectDir
-	err = utils.CheckInDir(c.projectRootDir, c.ProjectDir)
-	if err != nil {
-		return err
+
+	if c.LoadArgs.RepoRoot != "" {
+		err = utils.CheckInDir(c.LoadArgs.RepoRoot, c.ProjectDir)
+		if err != nil {
+			return err
+		}
 	}
 
 	configPath := c.getConfigPath()

From be6d540f683a0a5b7eee85b2a7a272e1b10c485e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 08:27:27 +0200
Subject: [PATCH 1048/2268] docs: Add links to command results arguments

---
 docs/reference/commands/delete.md      | 1 +
 docs/reference/commands/deploy.md      | 1 +
 docs/reference/commands/poke-images.md | 1 +
 docs/reference/commands/prune.md       | 1 +
 4 files changed, 4 insertions(+)

diff --git a/docs/reference/commands/delete.md b/docs/reference/commands/delete.md
index da4ad7739..058367db7 100644
--- a/docs/reference/commands/delete.md
+++ b/docs/reference/commands/delete.md
@@ -27,6 +27,7 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [command results arguments](./common-arguments.md#command-results-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "delete" "Misc arguments" true -->
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index ea4d88e11..344fb448b 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -25,6 +25,7 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [command results arguments](./common-arguments.md#command-results-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "deploy" "Misc arguments" true -->
diff --git a/docs/reference/commands/poke-images.md b/docs/reference/commands/poke-images.md
index 55ce70bbc..6dc316676 100644
--- a/docs/reference/commands/poke-images.md
+++ b/docs/reference/commands/poke-images.md
@@ -25,6 +25,7 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [command results arguments](./common-arguments.md#command-results-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "poke-images" "Misc arguments" true -->
diff --git a/docs/reference/commands/prune.md b/docs/reference/commands/prune.md
index 6d012920e..40b7f211f 100644
--- a/docs/reference/commands/prune.md
+++ b/docs/reference/commands/prune.md
@@ -21,6 +21,7 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [command results arguments](./common-arguments.md#command-results-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "prune" "Misc arguments" true -->

From 9de8794983f23e0c779959b9847d3b9b2ab27cff Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 08:31:55 +0200
Subject: [PATCH 1049/2268] docs: Add docs about new subcommands

---
 cmd/kluctl/commands/cmd_controller_install.go |  4 +-
 cmd/kluctl/commands/cmd_controller_run.go     | 14 +++----
 cmd/kluctl/commands/root.go                   |  1 -
 docs/reference/commands/controller-install.md | 37 +++++++++++++++++++
 .../{controller.md => controller-run.md}      | 14 +++----
 internal/replace-commands-help/main.go        |  5 ++-
 6 files changed, 57 insertions(+), 18 deletions(-)
 create mode 100644 docs/reference/commands/controller-install.md
 rename docs/reference/commands/{controller.md => controller-run.md} (81%)

diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
index 319a0f496..d5e3db490 100644
--- a/cmd/kluctl/commands/cmd_controller_install.go
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -14,8 +14,8 @@ type controllerInstallCmd struct {
 	args.DryRunFlags
 	args.CommandResultFlags
 
-	Context           string `group:"controller" help:"Override the context to use."`
-	ControllerVersion string `group:"controller" help:"Specify the controller version to install."`
+	Context           string `group:"misc" help:"Override the context to use."`
+	ControllerVersion string `group:"misc" help:"Specify the controller version to install."`
 }
 
 func (cmd *controllerInstallCmd) Help() string {
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 6d9cb40b2..bc83b0a5d 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -35,15 +35,15 @@ const controllerName = "kluctl-controller"
 type controllerRunCmd struct {
 	scheme *runtime.Scheme
 
-	Kubeconfig string `group:"controller" help:"Override the kubeconfig to use."`
-	Context    string `group:"controller" help:"Override the context to use."`
+	Kubeconfig string `group:"misc" help:"Override the kubeconfig to use."`
+	Context    string `group:"misc" help:"Override the context to use."`
 
-	MetricsBindAddress     string `group:"controller" help:"The address the metric endpoint binds to." default:":8080"`
-	HealthProbeBindAddress string `group:"controller" help:"The address the probe endpoint binds to." default:":8081"`
-	LeaderElect            bool   `group:"controller" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
+	MetricsBindAddress     string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
+	HealthProbeBindAddress string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
+	LeaderElect            bool   `group:"misc" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
 
-	DefaultServiceAccount string `group:"controller" help:"Default service account used for impersonation."`
-	DryRun                bool   `group:"controller" help:"Run all deployments in dryRun=true mode."`
+	DefaultServiceAccount string `group:"misc" help:"Default service account used for impersonation."`
+	DryRun                bool   `group:"misc" help:"Run all deployments in dryRun=true mode."`
 
 	args.CommandResultFlags
 }
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 14b15c02e..cc629d689 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -78,7 +78,6 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
-	{group: "controller", title: "Controller:", description: "Controller arguments."},
 }
 
 var origStderr = os.Stderr
diff --git a/docs/reference/commands/controller-install.md b/docs/reference/commands/controller-install.md
new file mode 100644
index 000000000..516e9ee91
--- /dev/null
+++ b/docs/reference/commands/controller-install.md
@@ -0,0 +1,37 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "controller install"
+linkTitle: "controller install"
+weight: 10
+description: >
+    controller command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "controller install" "Usage" false -->
+Usage: kluctl controller install [flags]
+
+Install the Kluctl controller
+This command will install the kluctl-controller to the current Kubernetes clusters.
+
+<!-- END SECTION -->
+
+## Arguments
+The following sets of arguments are available:
+1. [command results arguments](./common-arguments.md#command-results-arguments)
+
+In addition, the following arguments are available:
+<!-- BEGIN SECTION "controller install" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string              Override the context to use.
+      --controller-version string   Specify the controller version to install.
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+
+```
+<!-- END SECTION -->
diff --git a/docs/reference/commands/controller.md b/docs/reference/commands/controller-run.md
similarity index 81%
rename from docs/reference/commands/controller.md
rename to docs/reference/commands/controller-run.md
index 588b04f6e..53589381f 100644
--- a/docs/reference/commands/controller.md
+++ b/docs/reference/commands/controller-run.md
@@ -1,8 +1,8 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "controller"
-linkTitle: "controller"
+title: "controller run"
+linkTitle: "controller run"
 weight: 10
 description: >
     controller command
@@ -10,8 +10,8 @@ description: >
 -->
 
 ## Command
-<!-- BEGIN SECTION "controller" "Usage" false -->
-Usage: kluctl controller [flags]
+<!-- BEGIN SECTION "controller run" "Usage" false -->
+Usage: kluctl controller run [flags]
 
 Run the Kluctl controller
 This command will run the Kluctl Controller. This is usually meant to be run inside a cluster and not from your local machine.
@@ -21,10 +21,10 @@ This command will run the Kluctl Controller. This is usually meant to be run ins
 ## Arguments
 
 The following arguments are available:
-<!-- BEGIN SECTION "controller" "Controller" true -->
+<!-- BEGIN SECTION "controller run" "Misc arguments" true -->
 ```
-Controller:
-  Controller arguments.
+Misc arguments:
+  Command specific arguments.
 
       --context string                     Override the context to use.
       --default-service-account string     Default service account used for impersonation.
diff --git a/internal/replace-commands-help/main.go b/internal/replace-commands-help/main.go
index 2f47f1c08..6fbbf7924 100644
--- a/internal/replace-commands-help/main.go
+++ b/internal/replace-commands-help/main.go
@@ -135,7 +135,10 @@ func getHelpSection(command string, section string) []string {
 		log.Fatal(err)
 	}
 
-	helpCmd := exec.Command(exe, command, "--help")
+	args := strings.Split(command, " ")
+	args = append(args, "--help")
+
+	helpCmd := exec.Command(exe, args...)
 	helpCmd.Env = os.Environ()
 	helpCmd.Env = append(helpCmd.Env, "CALL_KLUCTL=true")
 

From 211d65eecd10a8011dc7dd9de3b67eac8ae20b90 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 May 2023 08:39:19 +0200
Subject: [PATCH 1050/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.18.5 to 1.18.6 (#508)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.18.5 to 1.18.6.
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.18.5...v1.18.6)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0a686c573..03f26806f 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.18.5
+	github.com/ohler55/ojg v1.18.6
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
diff --git a/go.sum b/go.sum
index 6afa7e683..8c298eb8c 100644
--- a/go.sum
+++ b/go.sum
@@ -644,8 +644,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.18.5 h1:tzn5LJtkSyXowCo8SlGieU0zEc7WF4143Ri9MYlQy7Q=
-github.com/ohler55/ojg v1.18.5/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.18.6 h1:ZY5I/8I+zW8s+/QpX9E/P9QJwECi4lNx67VgdOzTTno=
+github.com/ohler55/ojg v1.18.6/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=

From 7ecd12bfeb6c7913b7e3e19f21befc51fae2fb5e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 11:56:37 +0200
Subject: [PATCH 1051/2268] fix: Use strict yaml unmarshalling in custom
 unmarshallers (#510)

* chore: Add .gitignore for webui

* fix: Use strict yaml unmarshalling in custom unmarshallers
---
 pkg/deployment/external_args.go |  3 +--
 pkg/types/deployment.go         |  5 ++---
 pkg/types/git_project.go        |  5 ++---
 pkg/types/git_url.go            |  5 +++--
 pkg/types/result/compact.go     |  2 +-
 pkg/types/yaml_url.go           |  3 ++-
 pkg/utils/uo/uo.go              |  2 +-
 pkg/webui/ui/.gitignore         | 23 +++++++++++++++++++++++
 8 files changed, 35 insertions(+), 13 deletions(-)
 create mode 100644 pkg/webui/ui/.gitignore

diff --git a/pkg/deployment/external_args.go b/pkg/deployment/external_args.go
index 808d65dbf..17c003d84 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/deployment/external_args.go
@@ -1,7 +1,6 @@
 package deployment
 
 import (
-	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -61,7 +60,7 @@ func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObj
 	for _, a := range args {
 		if a.Default != nil {
 			var v any
-			err := json.Unmarshal(a.Default.Raw, &v)
+			err := yaml.ReadYamlBytes(a.Default.Raw, &v)
 			if err != nil {
 				return err
 			}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index a4f8ee8ee..843186106 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -1,7 +1,6 @@
 package types
 
 import (
-	"encoding/json"
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -70,14 +69,14 @@ type SingleStringOrList []string
 
 func (s *SingleStringOrList) UnmarshalJSON(b []byte) error {
 	var single string
-	if err := json.Unmarshal(b, &single); err == nil {
+	if err := yaml.ReadYamlBytes(b, &single); err == nil {
 		// it's a single project
 		*s = []string{single}
 		return nil
 	}
 	// try as array
 	var arr []string
-	if err := json.Unmarshal(b, &arr); err != nil {
+	if err := yaml.ReadYamlBytes(b, &arr); err != nil {
 		return err
 	}
 	*s = arr
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 32a785541..e73cff058 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -1,7 +1,6 @@
 package types
 
 import (
-	"encoding/json"
 	"fmt"
 	"regexp"
 	"strings"
@@ -20,12 +19,12 @@ type GitProject struct {
 }
 
 func (gp *GitProject) UnmarshalJSON(b []byte) error {
-	if err := json.Unmarshal(b, &gp.Url); err == nil {
+	if err := yaml.ReadYamlBytes(b, &gp.Url); err == nil {
 		// it's a simple string
 		return nil
 	}
 	type raw GitProject
-	return json.Unmarshal(b, (*raw)(gp))
+	return yaml.ReadYamlBytes(b, (*raw)(gp))
 }
 
 // invalidDirName evaluate directory name against forbidden characters
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 4c649bb04..8392967bf 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/giturls"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/url"
 	"strings"
 )
@@ -43,7 +44,7 @@ func (in *GitUrl) DeepCopyInto(out *GitUrl) {
 
 func (u *GitUrl) UnmarshalJSON(b []byte) error {
 	var s string
-	err := json.Unmarshal(b, &s)
+	err := yaml.ReadYamlBytes(b, &s)
 	if err != nil {
 		return err
 	}
@@ -142,7 +143,7 @@ func (u GitRepoKey) String() string {
 
 func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
 	var s string
-	err := json.Unmarshal(b, &s)
+	err := yaml.ReadYamlBytes(b, &s)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
index ae94847c3..6caa48aaf 100644
--- a/pkg/types/result/compact.go
+++ b/pkg/types/result/compact.go
@@ -73,7 +73,7 @@ func (l CompactedObjects) MarshalJSON() ([]byte, error) {
 
 func (l *CompactedObjects) UnmarshalJSON(b []byte) error {
 	var compactedList []CompactedObject
-	err := json.Unmarshal(b, &compactedList)
+	err := yaml.ReadYamlBytes(b, &compactedList)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/types/yaml_url.go b/pkg/types/yaml_url.go
index f2ffac1df..0f7ffda06 100644
--- a/pkg/types/yaml_url.go
+++ b/pkg/types/yaml_url.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/json"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/url"
 )
 
@@ -11,7 +12,7 @@ type YamlUrl struct {
 
 func (u *YamlUrl) UnmarshalJSON(b []byte) error {
 	var s string
-	err := json.Unmarshal(b, &s)
+	err := yaml.ReadYamlBytes(b, &s)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 92d2e73d7..c9ab95bf1 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -19,7 +19,7 @@ func (uo *UnstructuredObject) MarshalJSON() ([]byte, error) {
 }
 
 func (uo *UnstructuredObject) UnmarshalJSON(b []byte) error {
-	return json.Unmarshal(b, &uo.Object)
+	return yaml.ReadYamlBytes(b, &uo.Object)
 }
 
 func (uo *UnstructuredObject) IsZero() bool {
diff --git a/pkg/webui/ui/.gitignore b/pkg/webui/ui/.gitignore
new file mode 100644
index 000000000..4d29575de
--- /dev/null
+++ b/pkg/webui/ui/.gitignore
@@ -0,0 +1,23 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# production
+/build
+
+# misc
+.DS_Store
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*

From c2fc47f0f26ed8981e5a8f4c4556d7e47ee42e2d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 09:11:06 +0200
Subject: [PATCH 1052/2268] refactor: Introduce ParseGitRepoKey

---
 pkg/types/git_url.go | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 8392967bf..5ab73fdd0 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -134,6 +134,21 @@ type GitRepoKey struct {
 	Path string `json:"-"`
 }
 
+func ParseGitRepoKey(s string) (GitRepoKey, error) {
+	if s == "" {
+		return GitRepoKey{}, nil
+	}
+
+	s2 := strings.SplitN(s, "/", 2)
+	if len(s2) != 2 {
+		return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+	}
+	return GitRepoKey{
+		Host: s2[0],
+		Path: s2[1],
+	}, nil
+}
+
 func (u GitRepoKey) String() string {
 	if u.Host == "" && u.Path == "" {
 		return ""
@@ -152,12 +167,11 @@ func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
 		u.Path = ""
 		return nil
 	}
-	s2 := strings.SplitN(s, "/", 2)
-	if len(s2) != 2 {
-		return fmt.Errorf("invalid git repo key: %s", s)
+	x, err := ParseGitRepoKey(s)
+	if err != nil {
+		return err
 	}
-	u.Host = s2[0]
-	u.Path = s2[1]
+	*u = x
 	return nil
 }
 

From 9ec07a6fdc2fa54d777c6757247f81269f093fa0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 13:58:36 +0200
Subject: [PATCH 1053/2268] fix: Fix crash in WatchCommandResultSummaries
 handlers

---
 pkg/results/result-store-secrets.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 5d244d538..1389db4ab 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -310,6 +310,9 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 		if err != nil {
 			return
 		}
+		if summary == nil {
+			return
+		}
 		if !s.filterSummary(summary, options.ProjectFilter) {
 			return
 		}

From 10fa182d84ebcdac8b23bc317dd4f23086fbb8c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 13:59:06 +0200
Subject: [PATCH 1054/2268] fix: Use imagePullPolicy: Always for snapshot
 builds

---
 install/controller/controller/kustomization.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 4c41784cc..d4711bbb7 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -11,3 +11,12 @@ patches:
       - op: add
         path: /spec/template/spec/containers/0/image
         value: ghcr.io/kluctl/kluctl:{{ args.controller_version }}
+{% if args.controller_version.endswith("-next-amd64") or args.controller_version.endswith("-next-arm64") %}
+  - target:
+      kind: Deployment
+      name: kluctl-controller
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/imagePullPolicy
+        value: Always
+{% endif %}

From 00ba739db2996a1509c9dda1ee5af99d97e74d3f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 13:59:18 +0200
Subject: [PATCH 1055/2268] fix: Fix crash in handleCommandResult

---
 pkg/controllers/kluctl_project.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 7af6cda94..5c9a946bc 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -640,6 +640,11 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string) error {
 	log := ctrl.LoggerFrom(ctx)
 
+	if cmdErr != nil {
+		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
+		return cmdErr
+	}
+
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
@@ -655,10 +660,6 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 
 	log.Info(fmt.Sprintf("command finished with err=%v", cmdErr))
 	defer pt.exportCommandResultMetricsToProm(summary)
-	if cmdErr != nil {
-		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
-		return cmdErr
-	}
 
 	msg := fmt.Sprintf("%s succeeded.", commandName)
 	if summary.NewObjects != 0 {

From 0616517baca3d6f692996a916a9e60c8fb36f96b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 13:59:28 +0200
Subject: [PATCH 1056/2268] fix: Give the controller more cpu+memory

---
 config/manager/manager.yaml                | 6 +++---
 install/controller/controller/manager.yaml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index c1f1d3e68..f544bbcee 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -97,9 +97,9 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 512Mi
           requests:
-            cpu: 10m
-            memory: 64Mi
+            cpu: 500m
+            memory: 512Mi
       serviceAccountName: kluctl-controller
       terminationGracePeriodSeconds: 10
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 7cee4bf75..ed9e00985 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -61,10 +61,10 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 512Mi
           requests:
-            cpu: 10m
-            memory: 64Mi
+            cpu: 500m
+            memory: 512Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

From 23fe48ab5a4e554717deae92f9e4714f3ecefc03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 14:35:20 +0200
Subject: [PATCH 1057/2268] fix: Add missing cluster-admin binding for the
 controller (#512)

---
 config/rbac/kustomization.yaml          |  1 +
 config/rbac/reconciler_binding.yaml     | 12 ++++++++++++
 install/controller/controller/rbac.yaml | 13 +++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 config/rbac/reconciler_binding.yaml

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 166fe7986..588dbee4b 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -9,3 +9,4 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- reconciler_binding.yaml
diff --git a/config/rbac/reconciler_binding.yaml b/config/rbac/reconciler_binding.yaml
new file mode 100644
index 000000000..f85f09807
--- /dev/null
+++ b/config/rbac/reconciler_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kluctl-controller-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: kluctl-controller
+    namespace: kluctl-system
diff --git a/install/controller/controller/rbac.yaml b/install/controller/controller/rbac.yaml
index 1845b4548..aa7d7bccb 100644
--- a/install/controller/controller/rbac.yaml
+++ b/install/controller/controller/rbac.yaml
@@ -146,6 +146,19 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
+metadata:
+  name: kluctl-controller-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: kluctl-controller
+  namespace: kluctl-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   labels:
     app.kubernetes.io/component: rbac

From b8af67f8213a8ab60d896a6631d2e74077e14936 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 30 May 2023 13:31:59 +0200
Subject: [PATCH 1058/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.9.1 to 1.9.2 (#513)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.1...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 03f26806f..f4c9b9273 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.15.2
-	github.com/hashicorp/vault/api v1.9.1
+	github.com/hashicorp/vault/api v1.9.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.15
 	github.com/jinzhu/copier v0.3.5
@@ -134,6 +134,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
@@ -237,7 +238,6 @@ require (
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 8c298eb8c..332d6da82 100644
--- a/go.sum
+++ b/go.sum
@@ -282,6 +282,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
 github.com/go-gorp/gorp/v3 v3.0.5/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -478,8 +480,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.9.1 h1:LtY/I16+5jVGU8rufyyAkwopgq/HpUnxFBg+QLOAV38=
-github.com/hashicorp/vault/api v1.9.1/go.mod h1:78kktNcQYbBGSrOjQfHjXN32OhhxXnbYl3zxpd2uPUs=
+github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
+github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -871,6 +873,7 @@ golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1301,8 +1304,6 @@ gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=

From c01a2f623b7a999ab6e44264155f493baa08b799 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 30 May 2023 13:32:31 +0200
Subject: [PATCH 1059/2268] chore(deps): Bump github.com/imdario/mergo from
 0.3.15 to 0.3.16 (#514)

Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from 0.3.15 to 0.3.16.
- [Release notes](https://github.com/imdario/mergo/releases)
- [Commits](https://github.com/imdario/mergo/compare/v0.3.15...v0.3.16)

---
updated-dependencies:
- dependency-name: github.com/imdario/mergo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f4c9b9273..3fc55f456 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/google/go-containerregistry v0.15.2
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/hexops/gotextdiff v1.0.3
-	github.com/imdario/mergo v0.3.15
+	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
diff --git a/go.sum b/go.sum
index 332d6da82..845de9aaa 100644
--- a/go.sum
+++ b/go.sum
@@ -493,8 +493,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=

From 2c1b544f63e160c7ca72e48f21e4e60de52cbee9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 14:11:23 +0200
Subject: [PATCH 1060/2268] fix: Fix bogus breakpoint (#515)

* fix: Fix bogus breakpoint

* chore: Add .gitignore entry for public/staticdata
---
 pkg/k8s/k8s_cluster.go  | 5 -----
 pkg/webui/ui/.gitignore | 2 ++
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b7b37d515..50063ca8e 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -7,7 +7,6 @@ import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"net/http"
-	"runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"sync"
@@ -457,10 +456,6 @@ func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 }
 
 func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	if gvk.Kind == "KluctlDeployment" {
-		runtime.Breakpoint()
-	}
-
 	rms, err := k.clientFactory.Mapper().RESTMappings(gvk.GroupKind(), gvk.Version)
 	if err != nil {
 		return nil, err
diff --git a/pkg/webui/ui/.gitignore b/pkg/webui/ui/.gitignore
index 4d29575de..b2ba12633 100644
--- a/pkg/webui/ui/.gitignore
+++ b/pkg/webui/ui/.gitignore
@@ -21,3 +21,5 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+
+/public/staticdata

From 89b0cfaef2f17cc43e62e3cec6560868806576f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 14:17:11 +0200
Subject: [PATCH 1061/2268] fix: Give controller more CPU limits (#516)

---
 config/manager/manager.yaml                                 | 2 +-
 install/controller/controller/controller-version-patch.yaml | 0
 install/controller/controller/manager.yaml                  | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)
 delete mode 100644 install/controller/controller/controller-version-patch.yaml

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index f544bbcee..83c13b50a 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -96,7 +96,7 @@ spec:
         # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           limits:
-            cpu: 500m
+            cpu: 2000m
             memory: 512Mi
           requests:
             cpu: 500m
diff --git a/install/controller/controller/controller-version-patch.yaml b/install/controller/controller/controller-version-patch.yaml
deleted file mode 100644
index e69de29bb..000000000
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index ed9e00985..5544b30e2 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -60,7 +60,7 @@ spec:
           periodSeconds: 10
         resources:
           limits:
-            cpu: 500m
+            cpu: 2000m
             memory: 512Mi
           requests:
             cpu: 500m

From 9985d95aba8f55d5165368d5e9fe27dcae069516 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 14:34:34 +0200
Subject: [PATCH 1062/2268] fix: Don't write result when ResultStore is not
 initialized (#517)

---
 pkg/controllers/kluctl_project.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 5c9a946bc..52dfdc8fe 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -650,10 +650,13 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
 	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.RepoKey()
 
-	log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
-	err := pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
-	if err != nil {
-		log.Error(err, "Writing command result failed")
+	var err error
+	if pt.pp.r.ResultStore != nil {
+		log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
+		err = pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
+		if err != nil {
+			log.Error(err, "Writing command result failed")
+		}
 	}
 
 	summary := cmdResult.BuildSummary()

From adea0679900faac66a81f751eb7b5ab7f891f379 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 14:42:55 +0200
Subject: [PATCH 1063/2268] fix: Don't wait for deletion when performed by the
 controller (#518)

---
 cmd/kluctl/commands/cmd_delete.go | 2 +-
 cmd/kluctl/commands/cmd_prune.go  | 2 +-
 pkg/controllers/kluctl_project.go | 4 ++--
 pkg/deployment/commands/delete.go | 6 ++++--
 pkg/deployment/commands/prune.go  | 6 ++++--
 5 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index f93e08d14..d60bcc85e 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -46,7 +46,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil)
+		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil, true)
 
 		result, err := cmd2.Run(cmdCtx.targetCtx.SharedContext.Ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 9e3eea413..f6bbd79fe 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -48,7 +48,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 }
 
 func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
-	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx)
+	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx, true)
 	result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
 		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
 	})
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 52dfdc8fe..715fbf36b 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -731,7 +731,7 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlPruneDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
-	cmd := commands.NewPruneCommand("", targetContext)
+	cmd := commands.NewPruneCommand("", targetContext, false)
 	cmdResult, err := cmd.Run(func(refs []k8s.ObjectRef) error {
 		pt.printDeletedRefs(ctx, refs)
 		return nil
@@ -767,7 +767,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 
 	inclusion := pt.buildInclusion()
 
-	cmd := commands.NewDeleteCommand(discriminator, nil, inclusion)
+	cmd := commands.NewDeleteCommand(discriminator, nil, inclusion, false)
 
 	restConfig, err := pt.buildRestConfig(ctx)
 	if err != nil {
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 11c49e8bb..28794cb9a 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -18,13 +18,15 @@ type DeleteCommand struct {
 	discriminator string
 	targetCtx     *kluctl_project.TargetContext
 	inclusion     *utils.Inclusion
+	wait          bool
 }
 
-func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext, inclusion *utils.Inclusion) *DeleteCommand {
+func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext, inclusion *utils.Inclusion, wait bool) *DeleteCommand {
 	return &DeleteCommand{
 		discriminator: discriminator,
 		targetCtx:     targetCtx,
 		inclusion:     inclusion,
+		wait:          wait,
 	}
 }
 
@@ -64,7 +66,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, true)
+	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, cmd.wait)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 1c3bed093..e48093d7b 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -14,12 +14,14 @@ import (
 type PruneCommand struct {
 	discriminator string
 	targetCtx     *kluctl_project.TargetContext
+	wait          bool
 }
 
-func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetContext) *PruneCommand {
+func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetContext, wait bool) *PruneCommand {
 	return &PruneCommand{
 		discriminator: discriminator,
 		targetCtx:     targetCtx,
+		wait:          wait,
 	}
 }
 
@@ -52,7 +54,7 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, true)
+	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, cmd.wait)
 	if err != nil {
 		return nil, err
 	}

From a46f4f8a801c7192b5e405641f1621ceadcad5dc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 23:36:21 +0200
Subject: [PATCH 1064/2268] fix: Create patch object right before the actual
 modification (#519)

---
 pkg/controllers/kluctldeployment_controller.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 2e6532208..201c3ab8d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -74,8 +74,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
-	patch := client.MergeFrom(obj.DeepCopy())
-
 	var cancel context.CancelFunc
 	ctx, cancel = context.WithTimeout(ctx, r.calcTimeout(obj))
 	defer cancel()
@@ -88,6 +86,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// Add our finalizer if it does not exist
 	if !controllerutil.ContainsFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer) {
+		patch := client.MergeFrom(obj.DeepCopy())
 		controllerutil.AddFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
 		if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 			log.Error(err, "unable to register finalizer")
@@ -121,6 +120,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// set the reconciliation status to progressing
 	if obj.Status.ObservedGeneration == 0 {
+		patch := client.MergeFrom(obj.DeepCopy())
 		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
 		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 			return ctrl.Result{Requeue: true}, err
@@ -129,6 +129,8 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		r.recordReadiness(ctx, obj)
 	}
 
+	patch := client.MergeFrom(obj.DeepCopy())
+
 	// record the value of the reconciliation request, if any
 	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
 		obj.Status.LastHandledReconcileAt = v

From 62b305cb9629733cab50434dec488fc55642ecb9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 May 2023 09:14:36 +0200
Subject: [PATCH 1065/2268] chore(deps): Bump github.com/spf13/viper from
 1.15.0 to 1.16.0 (#520)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 19 ++++++++++---------
 go.sum | 50 +++++++++++++++++++++++++++++++-------------------
 2 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/go.mod b/go.mod
index 3fc55f456..ad7176a81 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/sirupsen/logrus v1.9.2
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.15.0
+	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.3
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.9.0
@@ -82,7 +82,7 @@ require (
 	cloud.google.com/go/compute v1.19.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
-	cloud.google.com/go/kms v1.10.0 // indirect
+	cloud.google.com/go/kms v1.10.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
@@ -149,9 +149,10 @@ require (
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/s2a-go v0.1.3 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
@@ -193,7 +194,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
@@ -207,8 +208,8 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.1.1 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/urfave/cli v1.22.12 // indirect
@@ -231,10 +232,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.1 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
-	google.golang.org/api v0.114.0 // indirect
+	google.golang.org/api v0.122.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 // indirect
-	google.golang.org/grpc v1.54.0 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 845de9aaa..d229ef45a 100644
--- a/go.sum
+++ b/go.sum
@@ -36,8 +36,8 @@ cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
 cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
-cloud.google.com/go/kms v1.10.0 h1:Imrtp8792uqNP9bdfPrjtUkjjqOMBcAJ2bdFaAnLhnk=
-cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24=
+cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
+cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
 cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
@@ -169,6 +169,7 @@ github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTx
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
@@ -183,7 +184,11 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
 github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
@@ -243,6 +248,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -257,8 +263,8 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -409,6 +415,8 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
+github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -419,8 +427,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9
 github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
-github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
+github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -665,8 +673,8 @@ github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
+github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -755,12 +763,13 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
-github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
+github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
 github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
@@ -773,8 +782,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
-github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
-github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
+github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
+github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -880,8 +889,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
@@ -1097,6 +1107,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
@@ -1196,8 +1207,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
-google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/api v0.122.0 h1:zDobeejm3E7pEG1mNHvdxvjs5XJoCMzyNH+CmwL94Es=
+google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1250,8 +1261,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230323212658-478b75c54725 h1:VmCWItVXcKboEMCwZaWge+1JLiTCQSngZeINF+wzO+g=
-google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
+google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1274,8 +1285,9 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
-google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
+google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 483e6f5c33b4a5706f11f9d0774aeee86ca85aba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 May 2023 09:44:19 +0200
Subject: [PATCH 1066/2268] chore(deps): Bump github.com/stretchr/testify from
 1.8.3 to 1.8.4 (#521)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index ad7176a81..c7d16d423 100644
--- a/go.mod
+++ b/go.mod
@@ -32,7 +32,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.16.0
-	github.com/stretchr/testify v1.8.3
+	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.9.0
 	golang.org/x/net v0.10.0
diff --git a/go.sum b/go.sum
index d229ef45a..77124abb6 100644
--- a/go.sum
+++ b/go.sum
@@ -801,8 +801,9 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
 github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=

From a9f3eac34673c86969ab4b5f2d0fde05c1494f68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 11:14:40 +0200
Subject: [PATCH 1067/2268] fix: Directly use unstructured.Unstructured when
 getting legacy KD object (#522)

---
 pkg/controllers/kluctldeployment_controller.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 201c3ab8d..cd7b4ce47 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -14,10 +14,10 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
 	meta2 "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
@@ -524,15 +524,17 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Context, obj *kluctlv1.KluctlDeployment) bool {
 	log := ctrl.LoggerFrom(ctx)
 
-	obj2 := uo.New()
-	obj2.SetK8sGVK(schema.GroupVersionKind{
+	var obj2 unstructured.Unstructured
+	obj2.SetGroupVersionKind(schema.GroupVersionKind{
 		Group:   "flux.kluctl.io",
 		Version: "v1alpha1",
 		Kind:    "KluctlDeployment",
 	})
-	err := r.Get(ctx, client.ObjectKeyFromObject(obj), obj2.ToUnstructured())
+	err := r.Get(ctx, client.ObjectKeyFromObject(obj), &obj2)
 	if err != nil {
-		err = errors2.Unwrap(err)
+		if errors2.Unwrap(err) != nil {
+			err = errors2.Unwrap(err)
+		}
 		if meta2.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
 			// legacy object not present, we're safe to continue
 			return false
@@ -542,7 +544,7 @@ func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Con
 		return true
 	}
 
-	readyForMigration, _, err := obj2.GetNestedBool("")
+	readyForMigration, _, err := unstructured.NestedBool(obj2.Object, "status", "readyForMigration")
 	if err != nil {
 		// some unexpected error...we should be on the safe side and bail out reconciliation
 		log.Error(err, "Failed to retrieve readyForMigration value. Skipping reconciliation.")

From 8ef0c58c3452d91ac3094cdb6dc479830445bade Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 13:26:48 +0200
Subject: [PATCH 1068/2268] fix: Update LastHandledReconcileAt much earlier

---
 pkg/controllers/kluctldeployment_controller.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index cd7b4ce47..2aa95c042 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -118,6 +118,15 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		defer r.MetricsRecorder.RecordDuration(*objRef, reconcileStart)
 	}
 
+	// record the value of the reconciliation request, if any
+	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
+		patch := client.MergeFrom(obj.DeepCopy())
+		obj.Status.LastHandledReconcileAt = v
+		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+			return ctrl.Result{}, err
+		}
+	}
+
 	// set the reconciliation status to progressing
 	if obj.Status.ObservedGeneration == 0 {
 		patch := client.MergeFrom(obj.DeepCopy())
@@ -130,12 +139,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	patch := client.MergeFrom(obj.DeepCopy())
-
-	// record the value of the reconciliation request, if any
-	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
-		obj.Status.LastHandledReconcileAt = v
-	}
-
 	// reconcile kluctlDeployment by applying the latest revision
 	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
 	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {

From af2f67edceaf0402660b9a476f6a12f9cf7e5d1a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 13:27:19 +0200
Subject: [PATCH 1069/2268] feat: Set readiness status while migrating

---
 api/v1beta1/condition_types.go                |  3 ++
 .../kluctldeployment_controller.go            | 47 ++++++++++++++-----
 2 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/api/v1beta1/condition_types.go b/api/v1beta1/condition_types.go
index e559651c3..9bd45ed52 100644
--- a/api/v1beta1/condition_types.go
+++ b/api/v1beta1/condition_types.go
@@ -35,4 +35,7 @@ const (
 	// ReconciliationSucceededReason represents the fact that
 	// the reconciliation succeeded.
 	ReconciliationSucceededReason string = "ReconciliationSucceeded"
+
+	// WaitingForLegacyMigrationReason means that the controller is waiting for the legacy controller to set `readyForMigration=true`
+	WaitingForLegacyMigrationReason string = "WaitingForLegacyMigration"
 )
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 2aa95c042..cdfa9f903 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	meta2 "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -62,7 +63,6 @@ type KluctlDeploymentReconcilerOpts struct {
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
 
 func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	log := ctrl.LoggerFrom(ctx)
 	reconcileStart := time.Now()
 
 	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(message string) {
@@ -99,10 +99,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return r.finalize(ctx, obj)
 	}
 
-	if r.checkLegacyKluctlDeployment(ctx, obj) {
-		return ctrl.Result{}, nil
-	}
-
 	// Return early if the KluctlDeployment is suspended.
 	if obj.Spec.Suspend {
 		log.Info("Reconciliation is suspended for this object")
@@ -180,6 +176,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	ctx context.Context,
 	obj *kluctlv1.KluctlDeployment) (*ctrl.Result, error) {
 
+	log := ctrl.LoggerFrom(ctx)
+
 	r.exportDeploymentObjectToProm(obj)
 
 	doFail := func(reason string, err error) (*ctrl.Result, error) {
@@ -192,6 +190,31 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFail(kluctlv1.PrepareFailedReason, err)
 	}
 
+	legacyKd, err := r.checkLegacyKluctlDeployment(ctx, obj)
+	if err != nil {
+		return nil, err
+	}
+	if legacyKd {
+		c := meta2.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
+		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
+			log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. ")
+			return &ctrl.Result{RequeueAfter: 5 * time.Second}, err
+		}
+		log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
+			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
+		setReadiness(obj, metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
+		r.recordReadiness(ctx, obj)
+		return &ctrl.Result{Requeue: true}, nil
+	} else {
+		c := meta2.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
+		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
+			log.Info("legacy KluctlDeployment has the readyForMigration status set now")
+			setReadiness(obj, metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
+			r.recordReadiness(ctx, obj)
+			return &ctrl.Result{Requeue: true}, nil
+		}
+	}
+
 	oldGeneration := obj.Status.ObservedGeneration
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
@@ -524,7 +547,7 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 // checkLegacyKluctlDeployment checks if a legacy KluctlDeployment from the old flux.kluctl.io group is present. If yes
 // we must ensure that this object is served by a recent legacy controller version which understands that it should stop
 // reconciliation in case the new gitops.kluctl.io object is present
-func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Context, obj *kluctlv1.KluctlDeployment) bool {
+func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Context, obj *kluctlv1.KluctlDeployment) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
 	var obj2 unstructured.Unstructured
@@ -540,26 +563,24 @@ func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Con
 		}
 		if meta2.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
 			// legacy object not present, we're safe to continue
-			return false
+			return false, nil
 		}
 		log.Error(err, "Failed to retrieve legacy KluctlDeployment. Skipping reconciliation.")
 		// some unexpected error...we should be on the safe side and bail out reconciliation
-		return true
+		return true, err
 	}
 
 	readyForMigration, _, err := unstructured.NestedBool(obj2.Object, "status", "readyForMigration")
 	if err != nil {
 		// some unexpected error...we should be on the safe side and bail out reconciliation
 		log.Error(err, "Failed to retrieve readyForMigration value. Skipping reconciliation.")
-		return true
+		return true, err
 	}
 	if !readyForMigration {
-		log.V(1).Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
-			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
-		return true
+		return true, nil
 	}
 
-	return false
+	return false, nil
 }
 
 func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.KluctlDeployment) {

From 330d9f418c8af9d8caee28efaf199853f77243ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 13:54:17 +0200
Subject: [PATCH 1070/2268] fix: Move LastHandledReconcileAt and
 ObservedGeneration handling into doReconcile

---
 .../kluctldeployment_controller.go            | 31 +++++++------------
 1 file changed, 11 insertions(+), 20 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index cdfa9f903..2f584b49d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -114,26 +114,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		defer r.MetricsRecorder.RecordDuration(*objRef, reconcileStart)
 	}
 
-	// record the value of the reconciliation request, if any
-	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
-		patch := client.MergeFrom(obj.DeepCopy())
-		obj.Status.LastHandledReconcileAt = v
-		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
-			return ctrl.Result{}, err
-		}
-	}
-
-	// set the reconciliation status to progressing
-	if obj.Status.ObservedGeneration == 0 {
-		patch := client.MergeFrom(obj.DeepCopy())
-		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
-		if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
-			return ctrl.Result{Requeue: true}, err
-		}
-
-		r.recordReadiness(ctx, obj)
-	}
-
 	patch := client.MergeFrom(obj.DeepCopy())
 	// reconcile kluctlDeployment by applying the latest revision
 	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
@@ -190,6 +170,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFail(kluctlv1.PrepareFailedReason, err)
 	}
 
+	// record the value of the reconciliation request, if any
+	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
+		obj.Status.LastHandledReconcileAt = v
+	}
+
 	legacyKd, err := r.checkLegacyKluctlDeployment(ctx, obj)
 	if err != nil {
 		return nil, err
@@ -215,6 +200,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
+	// set the reconciliation status to progressing
+	if obj.Status.ObservedGeneration == 0 {
+		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
+		r.recordReadiness(ctx, obj)
+	}
+
 	oldGeneration := obj.Status.ObservedGeneration
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {

From bdc40813ea7ab7e7cad471788e6cbe4a3ef8ccdb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 13:27:35 +0200
Subject: [PATCH 1071/2268] tests: Add migration tests

---
 e2e/default_clusters.go                       |   4 +-
 e2e/gitops_migration_test.go                  | 119 ++++
 e2e/seal_test.go                              |   2 +-
 .../flux.kluctl.io_kluctldeployments.yaml     | 659 ++++++++++++++++++
 e2e/test_resources/resources.go               |  20 +-
 5 files changed, 796 insertions(+), 8 deletions(-)
 create mode 100644 e2e/gitops_migration_test.go
 create mode 100644 e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 373957a89..964029bcd 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -30,7 +30,7 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
-		test_resources.ApplyYaml("sealed-secrets.yaml", defaultCluster1)
+		test_resources.ApplyYaml(nil, "sealed-secrets.yaml", defaultCluster1)
 	}()
 	go func() {
 		defer wg.Done()
@@ -41,7 +41,7 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
-		test_resources.ApplyYaml("sealed-secrets.yaml", defaultCluster2)
+		test_resources.ApplyYaml(nil, "sealed-secrets.yaml", defaultCluster2)
 	}()
 	wg.Wait()
 
diff --git a/e2e/gitops_migration_test.go b/e2e/gitops_migration_test.go
new file mode 100644
index 000000000..283f459aa
--- /dev/null
+++ b/e2e/gitops_migration_test.go
@@ -0,0 +1,119 @@
+package e2e
+
+import (
+	"context"
+	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	meta2 "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
+)
+import . "github.com/onsi/gomega"
+
+var legacyGvk = schema.GroupVersionKind{
+	Group:   "flux.kluctl.io",
+	Version: "v1alpha1",
+	Kind:    "KluctlDeployment",
+}
+
+func (suite *GitopsTestSuite) createLegacyKluctlDeployment(p *test_utils.TestProject, target string) client.ObjectKey {
+	gitopsNs := p.TestSlug() + "-gitops"
+	createNamespace(suite.T(), suite.k, gitopsNs)
+
+	kluctlDeployment := uo.New()
+	kluctlDeployment.SetK8sGVK(legacyGvk)
+
+	kluctlDeployment.SetK8sName(p.TestSlug())
+	kluctlDeployment.SetK8sNamespace(gitopsNs)
+	_ = kluctlDeployment.SetNestedField(map[string]any{
+		"interval":       interval.String(),
+		"deployInterval": "never",
+		"timeout":        timeout.String(),
+		"target":         target,
+		"source": map[string]any{
+			"url": p.GitUrl(),
+		},
+	}, "spec")
+
+	err := suite.k.Client.Create(context.Background(), kluctlDeployment.ToUnstructured())
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
+	key := client.ObjectKeyFromObject(kluctlDeployment.ToUnstructured())
+	return key
+}
+
+func (suite *GitopsTestSuite) TestGitOpsLegacyMigration() {
+	g := NewWithT(suite.T())
+
+	test_resources.ApplyYaml(suite.T(), "flux.kluctl.io_kluctldeployments.yaml", suite.k)
+	suite.T().Cleanup(func() {
+		obj := uo.New()
+		obj.SetK8sGVK(apiextensionsv1.SchemeGroupVersion.WithKind("CustomResourceDefinition"))
+		obj.SetK8sName("kluctldeployments.flux.kluctl.io")
+		_ = suite.k.Client.Delete(context.TODO(), obj.ToUnstructured())
+	})
+
+	p := test_utils.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(fmt.Sprintf(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "%s"
+data:
+  k1: v1
+`, p.TestSlug()))},
+	}, nil)
+
+	key := suite.createLegacyKluctlDeployment(p, "target1")
+	key2 := suite.createKluctlDeployment(p, "target1", nil)
+	assert.Equal(suite.T(), key, key2)
+
+	checkMigrationStatus := func() bool {
+		var kd kluctlv1.KluctlDeployment
+		_ = suite.k.Client.Get(context.Background(), key, &kd)
+		c := meta.FindStatusCondition(kd.Status.Conditions, meta2.ReadyCondition)
+		return c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason
+	}
+
+	suite.Run("wait for migration to start", func() {
+		g.Eventually(checkMigrationStatus, timeout, time.Second).Should(BeTrue())
+	})
+
+	suite.Run("stays in migration state", func() {
+		suite.triggerReconcile(key)
+		g.Consistently(checkMigrationStatus, 3*time.Second, time.Second).Should(BeTrue())
+	})
+
+	suite.Run("legacy controller marks the deployment with readyForMigration", func() {
+		var obj unstructured.Unstructured
+		obj.SetGroupVersionKind(legacyGvk)
+		err := suite.k.Client.Get(context.TODO(), key, &obj)
+		g.Expect(err).To(Succeed())
+
+		_ = unstructured.SetNestedField(obj.Object, true, "status", "readyForMigration")
+		err = suite.k.Client.Status().Update(context.TODO(), &obj)
+		g.Expect(err).To(Succeed())
+	})
+
+	suite.Run("wait for migration to end", func() {
+		g.Eventually(checkMigrationStatus, timeout, time.Second).Should(BeFalse())
+	})
+
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+	})
+}
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index e0cfab88d..aa21459fb 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -216,7 +216,7 @@ func TestSeal_WithBootstrap(t *testing.T) {
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	test_resources.ApplyYaml("sealed-secrets.yaml", k)
+	test_resources.ApplyYaml(t, "sealed-secrets.yaml", k)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test-target")
 
diff --git a/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml b/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml
new file mode 100644
index 000000000..fe7d3b8d6
--- /dev/null
+++ b/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml
@@ -0,0 +1,659 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.7.0
+  creationTimestamp: null
+  name: kluctldeployments.flux.kluctl.io
+spec:
+  group: flux.kluctl.io
+  names:
+    kind: KluctlDeployment
+    listKind: KluctlDeploymentList
+    plural: kluctldeployments
+    singular: kluctldeployment
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.dryRun
+      name: DryRun
+      type: boolean
+    - jsonPath: .status.lastDeployResult.time
+      name: Deployed
+      type: date
+    - jsonPath: .status.lastPruneResult.time
+      name: Pruned
+      type: date
+    - jsonPath: .status.lastValidateResult.time
+      name: Validated
+      type: date
+    - jsonPath: .status.conditions[?(@.type=="Ready")].status
+      name: Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: KluctlDeployment is the Schema for the kluctldeployments API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              abortOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to abort deployments
+                  immediately when something fails. Equivalent to using '--abort-on-error'
+                  when calling kluctl.
+                type: boolean
+              args:
+                description: Args specifies dynamic target args.
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              context:
+                description: If specified, overrides the context to be used. This
+                  will effectively make kluctl ignore the context specified in the
+                  target.
+                type: string
+              decryption:
+                description: Decrypt Kubernetes secrets before applying them on the
+                  cluster.
+                properties:
+                  provider:
+                    description: Provider is the name of the decryption engine.
+                    enum:
+                    - sops
+                    type: string
+                  secretRef:
+                    description: The secret name containing the private OpenPGP keys
+                      used for decryption.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  serviceAccount:
+                    description: ServiceAccount specifies the service account used
+                      to authenticate against cloud providers. This is currently only
+                      usable for AWS KMS keys. The specified service account will
+                      be used to authenticate to AWS by signing a token in an IRSA
+                      compliant way.
+                    type: string
+                required:
+                - provider
+                type: object
+              delete:
+                default: false
+                description: Delete enables deletion of the specified target when
+                  the KluctlDeployment object gets deleted.
+                type: boolean
+              deployInterval:
+                description: DeployInterval specifies the interval at which to deploy
+                  the KluctlDeployment. It defaults to the Interval value, meaning
+                  that it will re-deploy on every reconciliation. If you set DeployInterval
+                  to a different value,
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+              deployMode:
+                default: full-deploy
+                description: DeployMode specifies what deploy mode should be used.
+                  The options 'full-deploy' and 'poke-images' are supported. With
+                  'poke images' option, only the images from the fixed images are
+                  exchanged and no complete deployment is triggered.
+                enum:
+                - full-deploy
+                - poke-images
+                type: string
+              deployOnChanges:
+                default: true
+                description: DeployOnChanges will cause a re-deployment whenever the
+                  rendered resources change in the deployment. This check is performed
+                  on every reconciliation. This means that a deployment will be triggered
+                  even before the DeployInterval has passed in case something has
+                  changed in the rendered resources.
+                type: boolean
+              dryRun:
+                default: false
+                description: DryRun instructs kluctl to run everything in dry-run
+                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                type: boolean
+              excludeDeploymentDirs:
+                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
+                  with the given dir. Equivalent to using '--exclude-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              excludeTags:
+                description: ExcludeTags instructs kluctl to exclude deployments with
+                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                items:
+                  type: string
+                type: array
+              forceApply:
+                default: false
+                description: ForceApply instructs kluctl to force-apply in case of
+                  SSA conflicts. Equivalent to using '--force-apply' when calling
+                  kluctl.
+                type: boolean
+              forceReplaceOnError:
+                default: false
+                description: ForceReplaceOnError instructs kluctl to force-replace
+                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
+                  when calling kluctl.
+                type: boolean
+              helmCredentials:
+                description: HelmCredentials is a list of Helm credentials used when
+                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
+                items:
+                  properties:
+                    secretRef:
+                      description: 'SecretRef holds the name of a secret that contains
+                        the Helm credentials. The secret must either contain the fields
+                        `credentialsId` which refers to the credentialsId found in
+                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
+                        or an `url` used to match the credentials found in Kluctl
+                        projects helm-chart.yaml files. The secret can either container
+                        basic authentication credentials via `username` and `password`
+                        or TLS authentication via `certFile` and `keyFile`. `caFile`
+                        can be specified to override the CA to use while contacting
+                        the repository. The secret can also contain `insecureSkipTlsVerify:
+                        "true"`, which will disable TLS verification. `passCredentialsAll:
+                        "true"` can be specified to make the controller pass credentials
+                        to all requests, even if the hostname changes in-between.'
+                      properties:
+                        name:
+                          description: Name of the referent.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                  type: object
+                type: array
+              images:
+                description: Images contains a list of fixed image overrides. Equivalent
+                  to using '--fixed-images-file' when calling kluctl.
+                items:
+                  properties:
+                    container:
+                      type: string
+                    deployTags:
+                      items:
+                        type: string
+                      type: array
+                    deployedImage:
+                      type: string
+                    deployment:
+                      type: string
+                    deploymentDir:
+                      type: string
+                    image:
+                      type: string
+                    namespace:
+                      type: string
+                    object:
+                      description: ObjectRef contains the information necessary to
+                        locate a resource within a cluster.
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                        version:
+                          type: string
+                      required:
+                      - group
+                      - kind
+                      - name
+                      - namespace
+                      - version
+                      type: object
+                    registryImage:
+                      type: string
+                    resultImage:
+                      type: string
+                    versionFilter:
+                      type: string
+                  required:
+                  - image
+                  - resultImage
+                  type: object
+                type: array
+              includeDeploymentDirs:
+                description: IncludeDeploymentDirs instructs kluctl to only include
+                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
+                  when calling kluctl.
+                items:
+                  type: string
+                type: array
+              includeTags:
+                description: IncludeTags instructs kluctl to only include deployments
+                  with given tags. Equivalent to using '--include-tag' when calling
+                  kluctl.
+                items:
+                  type: string
+                type: array
+              interval:
+                description: The interval at which to reconcile the KluctlDeployment.
+                  By default, the controller will re-deploy and validate the deployment
+                  on each reconciliation. To override this behavior, change the DeployInterval
+                  and/or ValidateInterval values.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              kubeConfig:
+                description: The KubeConfig for deploying to the target cluster. Specifies
+                  the kubeconfig to be used when invoking kluctl. Contexts in this
+                  kubeconfig must match the context found in the kluctl target. As
+                  an alternative, specify the context to be used via 'context'
+                properties:
+                  secretRef:
+                    description: SecretRef holds the name of a secret that contains
+                      a key with the kubeconfig file as the value. If no key is set,
+                      the key will default to 'value'. The secret must be in the same
+                      namespace as the Kustomization. It is recommended that the kubeconfig
+                      is self-contained, and the secret is regularly updated if credentials
+                      such as a cloud-access-token expire. Cloud specific `cmd-path`
+                      auth helpers will not function without adding binaries and credentials
+                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    properties:
+                      key:
+                        description: Key in the Secret, when not specified an implementation-specific
+                          default key is used.
+                        type: string
+                      name:
+                        description: Name of the Secret.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+              noWait:
+                default: false
+                description: NoWait instructs kluctl to not wait for any resources
+                  to become ready, including hooks. Equivalent to using '--no-wait'
+                  when calling kluctl.
+                type: boolean
+              path:
+                description: 'Path to the directory containing the .kluctl.yaml file,
+                  or the Defaults to ''None'', which translates to the root path of
+                  the SourceRef. Deprecated: Use source.path instead'
+                type: string
+              prune:
+                default: false
+                description: Prune enables pruning after deploying.
+                type: boolean
+              registrySecrets:
+                description: DEPRECATED RegistrySecrets is a list of secret references
+                  to be used for image registry authentication. The secrets must either
+                  have ".dockerconfigjson" included or "registry", "username" and
+                  "password". Additionally, "caFile" and "insecure" can be specified.
+                  Kluctl has deprecated querying the registry at deploy time and thus
+                  this field is also deprecated.
+                items:
+                  description: LocalObjectReference contains enough information to
+                    locate the referenced Kubernetes resource object.
+                  properties:
+                    name:
+                      description: Name of the referent.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              renameContexts:
+                description: RenameContexts specifies a list of context rename operations.
+                  This is useful when the kluctl target's context does not match with
+                  the contexts found in the kubeconfig while deploying. This is the
+                  case when using kubeconfigs generated from service accounts, in
+                  which case the context name is always "default".
+                items:
+                  description: RenameContext specifies a single rename of a context
+                  properties:
+                    newContext:
+                      description: NewContext is the new name of the context
+                      type: string
+                    oldContext:
+                      description: OldContext is the name of the context to be renamed
+                      type: string
+                  required:
+                  - newContext
+                  - oldContext
+                  type: object
+                type: array
+              replaceOnError:
+                default: false
+                description: ReplaceOnError instructs kluctl to replace resources
+                  on error. Equivalent to using '--replace-on-error' when calling
+                  kluctl.
+                type: boolean
+              retryInterval:
+                description: The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the Interval value to retry
+                  failures.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              serviceAccountName:
+                description: The name of the Kubernetes service account to use while
+                  deploying. If not specified, the default service account is used.
+                type: string
+              source:
+                description: Specifies the project source location
+                properties:
+                  path:
+                    description: Path specifies the sub-directory to be used as project
+                      directory
+                    type: string
+                  ref:
+                    description: Ref specifies the branch, tag or commit that should
+                      be used. If omitted, the default branch of the repo is used.
+                    properties:
+                      branch:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                      tag:
+                        description: Branch to filter for. Can also be a regex.
+                        type: string
+                    type: object
+                  secretRef:
+                    description: SecretRef specifies the Secret containing authentication
+                      credentials for the git repository. For HTTPS repositories the
+                      Secret must contain 'username' and 'password' fields. For SSH
+                      repositories the Secret must contain 'identity' and 'known_hosts'
+                      fields.
+                    properties:
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  url:
+                    description: Url specifies the Git url where the project source
+                      is located
+                    type: string
+                required:
+                - url
+                type: object
+              sourceRef:
+                description: 'Reference of the source where the kluctl project is.
+                  The authentication secrets from the source are also used to authenticate
+                  dependent git repositories which are cloned while deploying the
+                  kluctl project. Deprecated: Use source instead'
+                properties:
+                  apiVersion:
+                    description: API version of the referent, if not specified the
+                      Kubernetes preferred version will be used.
+                    type: string
+                  kind:
+                    description: Kind of the referent.
+                    type: string
+                  name:
+                    description: Name of the referent.
+                    type: string
+                  namespace:
+                    description: Namespace of the referent, when not specified it
+                      acts as LocalObjectReference.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              suspend:
+                description: This flag tells the controller to suspend subsequent
+                  kluctl executions, it does not apply to already started executions.
+                  Defaults to false.
+                type: boolean
+              target:
+                description: Target specifies the kluctl target to deploy. If not
+                  specified, an empty target is used that has no name and no context.
+                  Use 'TargetName' and 'Context' to specify the name and context in
+                  that case.
+                maxLength: 63
+                minLength: 1
+                type: string
+              targetNameOverride:
+                description: TargetNameOverride sets or overrides the target name.
+                  This is especially useful when deployment without a target.
+                maxLength: 63
+                minLength: 1
+                type: string
+              timeout:
+                description: Timeout for all operations. Defaults to 'Interval' duration.
+                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                type: string
+              updateImages:
+                default: false
+                description: DEPRECATED UpdateImages instructs kluctl to update dynamic
+                  images. Equivalent to using '-u' when calling kluctl. Setting this
+                  field to true is deprecated.
+                type: boolean
+              validate:
+                default: true
+                description: Validate enables validation after deploying
+                type: boolean
+              validateInterval:
+                description: ValidateInterval specifies the interval at which to validate
+                  the KluctlDeployment. Validation is performed the same way as with
+                  'kluctl validate -t <target>'. Defaults to the same value as specified
+                  in Interval. Validate is also performed whenever a deployment is
+                  performed, independent of the value of ValidateInterval
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                type: string
+            required:
+            - interval
+            type: object
+          status:
+            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
+            properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n \ttype FooStatus struct{ \t    // Represents the observations
+                    of a foo's current state. \t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
+                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
+                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
+                    \t}"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              discriminator:
+                description: Discriminator is the discriminator found in the target
+                  when the last deployment was done. This is used to perform cleanup/deletion
+                  in case the KluctlDeployment project is deleted
+                type: string
+              lastAttemptedRevision:
+                description: LastAttemptedRevision is the revision of the last reconciliation
+                  attempt.
+                type: string
+              lastDeployResult:
+                description: LastDeployResult is the result of the last deploy command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  rawResult:
+                    type: string
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  target:
+                    type: string
+                  targetNameOverride:
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - time
+                type: object
+              lastHandledDeployAt:
+                type: string
+              lastHandledReconcileAt:
+                description: LastHandledReconcileAt holds the value of the most recent
+                  reconcile request value, so a change of the annotation value can
+                  be detected.
+                type: string
+              lastPruneResult:
+                description: LastDeployResult is the result of the last prune command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  rawResult:
+                    type: string
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  target:
+                    type: string
+                  targetNameOverride:
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - time
+                type: object
+              lastValidateResult:
+                description: LastValidateResult is the result of the last validate
+                  command
+                properties:
+                  error:
+                    type: string
+                  objectsHash:
+                    description: ObjectsHash is the hash of all rendered objects
+                    type: string
+                  rawResult:
+                    type: string
+                  revision:
+                    description: Revision is the source revision. Please note that
+                      kluctl projects have dependent git repositories which are not
+                      considered in the source revision
+                    type: string
+                  target:
+                    type: string
+                  targetNameOverride:
+                    type: string
+                  time:
+                    description: AttemptedAt is the time when the attempt was performed
+                    format: date-time
+                    type: string
+                required:
+                - time
+                type: object
+              observedGeneration:
+                description: ObservedGeneration is the last reconciled generation.
+                format: int64
+                type: integer
+              rawTarget:
+                type: string
+              readyForMigration:
+                description: ReadyForMigration is used to signal the new controller
+                  that this object is handled by a legacy controller version that
+                  will honor the existence of KluctlDeployment objects from the gitops.kluctl.io
+                  group.
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 23dad66c9..0d7b050c2 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -3,6 +3,7 @@ package test_resources
 import (
 	"context"
 	"embed"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
@@ -14,6 +15,7 @@ import (
 	"sort"
 	"strings"
 	"sync"
+	"testing"
 	"time"
 )
 
@@ -79,20 +81,28 @@ func waitReadiness(k *test_utils.EnvTestCluster, x *uo.UnstructuredObject) {
 	}
 }
 
-func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
+func ApplyYaml(t *testing.T, name string, k *test_utils.EnvTestCluster) {
 	tmpFile := GetYamlTmpFile(name)
 	defer os.Remove(tmpFile)
 
+	doPanic := func(err error) {
+		if t != nil {
+			t.Fatal(err)
+		} else {
+			panic(err)
+		}
+	}
+
 	docs, err := yaml.ReadYamlAllFile(tmpFile)
 	if err != nil {
-		panic(err)
+		doPanic(err)
 	}
 
 	var objects []*uo.UnstructuredObject
 	for _, doc := range docs {
 		m, ok := doc.(map[string]any)
 		if !ok {
-			panic("not a map!")
+			doPanic(fmt.Errorf("not a map!"))
 		}
 		x := uo.FromMap(m)
 		objects = append(objects, x)
@@ -119,7 +129,7 @@ func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 
 			data, err := yaml.WriteYamlBytes(x)
 			if err != nil {
-				panic(err)
+				doPanic(err)
 			}
 
 			gvr := guessGVR(x.GetK8sGVK())
@@ -129,7 +139,7 @@ func ApplyYaml(name string, k *test_utils.EnvTestCluster) {
 					FieldManager: "e2e-tests",
 				})
 			if err != nil {
-				panic(err)
+				doPanic(err)
 			}
 
 			// wait for CRDs to get accepted

From c31d6a201833cb1f615de406566a94647eb7ff70 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 15:37:59 +0200
Subject: [PATCH 1072/2268] fix: Fix inclusion of relative base dirs when the
 project is not at the repo root (#525)

* refactor: Use LoadArgs directly instead of copying the ProjectDir into LoadedKluctlProject

* fix: Allow all includes inside the same repo root

* tests: Add tests for local includes
---
 cmd/kluctl/commands/cmd_seal.go      |  2 +-
 e2e/deployment_items_test.go         | 69 ++++++++++++++++++++++++++++
 e2e/test-utils/project.go            | 23 +++++++---
 pkg/kluctl_project/project.go        |  2 -
 pkg/kluctl_project/project_load.go   |  8 ++--
 pkg/kluctl_project/target_context.go | 10 ++--
 6 files changed, 96 insertions(+), 18 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index c081a61f8..b272c5966 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -93,7 +93,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 	var certFile string
 
 	if sealingConfig != nil && sealingConfig.CertFile != nil {
-		path, err := securejoin.SecureJoin(cmdCtx.targetCtx.KluctlProject.ProjectDir, *sealingConfig.CertFile)
+		path, err := securejoin.SecureJoin(cmdCtx.targetCtx.KluctlProject.LoadArgs.ProjectDir, *sealingConfig.CertFile)
 		if err != nil {
 			return nil, err
 		}
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 855e20120..9f8dfdd96 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
+	"path/filepath"
 	"testing"
 )
 
@@ -190,3 +191,71 @@ func TestTemplateIgnore(t *testing.T) {
 		"k1": `{{ "a" }}`,
 	}, cm3.Object["data"])
 }
+
+func testLocalIncludes(t *testing.T, projectDir string) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t, test_utils.WithBareProject())
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateDeploymentYaml("base", func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"deployments": []map[string]any{
+				{"path": "cm"},
+			},
+		})
+		return nil
+	})
+	p.UpdateYaml("base/cm/cm.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *createConfigMapObject(map[string]string{
+			"d1": "v1",
+		}, resourceOpts{name: "{{ name }}", namespace: p.TestSlug()})
+		return nil
+	}, "")
+
+	baseDir, _ := filepath.Rel(filepath.Join(p.LocalProjectDir(), projectDir), filepath.Join(p.LocalRepoDir(), "base"))
+	baseDir = filepath.ToSlash(baseDir)
+
+	p.UpdateDeploymentYaml(projectDir, func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"deployments": []map[string]any{
+				{
+					"include": baseDir,
+					"vars": []map[string]any{
+						{
+							"values": map[string]any{
+								"name": "cm-inc1",
+							},
+						},
+					},
+				},
+				{
+					"include": baseDir,
+					"vars": []map[string]any{
+						{
+							"values": map[string]any{
+								"name": "cm-inc2",
+							},
+						},
+					},
+				},
+			},
+		})
+		return nil
+	})
+
+	p.KluctlMust("deploy", "--yes", "--project-dir", filepath.Join(p.LocalProjectDir(), projectDir))
+	assertConfigMapExists(t, k, p.TestSlug(), "cm-inc1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm-inc2")
+}
+
+func TestIncludeLocalFromRoot(t *testing.T) {
+	testLocalIncludes(t, ".")
+}
+
+func TestIncludeLocalFromSubdir(t *testing.T) {
+	testLocalIncludes(t, "foo")
+}
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index e8c33d1ec..358fe1dfe 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -26,6 +26,7 @@ type TestProject struct {
 
 	extraEnv   []string
 	useProcess bool
+	bare       bool
 
 	gitServer   *git2.TestGitServer
 	gitRepoName string
@@ -58,6 +59,12 @@ func WithGitSubDir(subDir string) TestProjectOption {
 	}
 }
 
+func WithBareProject() TestProjectOption {
+	return func(p *TestProject) {
+		p.bare = true
+	}
+}
+
 func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
 		t:           t,
@@ -73,13 +80,15 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	}
 	p.gitServer.GitInit(p.gitRepoName)
 
-	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name or 'no-name' }}", rand.String(16)), "discriminator")
-		return nil
-	})
-	p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
-		return nil
-	})
+	if !p.bare {
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name or 'no-name' }}", rand.String(16)), "discriminator")
+			return nil
+		})
+		p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
+			return nil
+		})
+	}
 	return p
 }
 
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 7afc4918f..50aea59fc 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -18,8 +18,6 @@ type LoadedKluctlProject struct {
 
 	TmpDir string
 
-	ProjectDir string
-
 	sealedSecretsDir string
 
 	Config  types2.KluctlProject
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 5ed7aa53f..04493fb1d 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -27,7 +27,7 @@ type LoadKluctlProjectArgs struct {
 func (c *LoadedKluctlProject) getConfigPath() string {
 	configPath := c.LoadArgs.ProjectConfig
 	if configPath == "" {
-		p := yaml.FixPathExt(filepath.Join(c.ProjectDir, ".kluctl.yml"))
+		p := yaml.FixPathExt(filepath.Join(c.LoadArgs.ProjectDir, ".kluctl.yml"))
 		if utils.IsFile(p) {
 			configPath = p
 		}
@@ -38,10 +38,8 @@ func (c *LoadedKluctlProject) getConfigPath() string {
 func (c *LoadedKluctlProject) loadKluctlProject() error {
 	var err error
 
-	c.ProjectDir = c.LoadArgs.ProjectDir
-
 	if c.LoadArgs.RepoRoot != "" {
-		err = utils.CheckInDir(c.LoadArgs.RepoRoot, c.ProjectDir)
+		err = utils.CheckInDir(c.LoadArgs.RepoRoot, c.LoadArgs.ProjectDir)
 		if err != nil {
 			return err
 		}
@@ -59,7 +57,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 	s := status.Start(c.ctx, "Loading kluctl project")
 	defer s.Failed()
 
-	c.sealedSecretsDir = filepath.Join(c.ProjectDir, ".sealed-secrets")
+	c.sealedSecretsDir = filepath.Join(c.LoadArgs.ProjectDir, ".sealed-secrets")
 
 	sealedSecretsUsed := false
 	if c.Config.SecretsConfig != nil {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 93d92ca94..4761c9a0d 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -44,7 +44,11 @@ type TargetContextParams struct {
 }
 
 func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params TargetContextParams) (*TargetContext, error) {
-	deploymentDir, err := filepath.Abs(p.ProjectDir)
+	repoRoot, err := filepath.Abs(p.LoadArgs.RepoRoot)
+	if err != nil {
+		return nil, err
+	}
+	relProjectDir, err := filepath.Rel(repoRoot, p.LoadArgs.ProjectDir)
 	if err != nil {
 		return nil, err
 	}
@@ -129,7 +133,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		DefaultSealedSecretsOutputPattern: target.Name,
 	}
 
-	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(deploymentDir), ".", nil)
+	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(repoRoot), relProjectDir, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -220,7 +224,7 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 }
 
 func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
-	searchDirs := []string{p.ProjectDir}
+	searchDirs := []string{p.LoadArgs.ProjectDir}
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
 		secretEntry, err := p.findSecretsEntry(secretSetName)

From 1e8d63d562b3584294698912f45f33427b9ca036 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 15:48:32 +0200
Subject: [PATCH 1073/2268] build: Preparing release v2.20.0

---
 install/controller/.kluctl.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 7f7283c68..481c21a87 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,4 +2,4 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v0.0.0
\ No newline at end of file
+    default: v2.20.0
\ No newline at end of file

From 600160b98a5ddd0c30d2c1524966e24f89dd7f1b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 16:48:12 +0200
Subject: [PATCH 1074/2268] docs: Remove mentions of flux from source

---
 api/v1beta1/doc.go            |  2 +-
 pkg/controllers/predicates.go | 16 ----------------
 2 files changed, 1 insertion(+), 17 deletions(-)

diff --git a/api/v1beta1/doc.go b/api/v1beta1/doc.go
index 7dae3af55..5d3a94b0e 100644
--- a/api/v1beta1/doc.go
+++ b/api/v1beta1/doc.go
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package v1beta1 contains API Schema definitions for the flux.kluctl.io v1beta1 API group.
+// Package v1beta1 contains API Schema definitions for the gitops.kluctl.io v1beta1 API group.
 // +kubebuilder:object:generate=true
 // +groupName=gitops.kluctl.io
 package v1beta1
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index 1c6f52c30..feec05a2c 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -1,19 +1,3 @@
-/*
-Copyright 2020 The Flux authors
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
 package controllers
 
 import (

From d1c2ef53fe21160bd3f10d52ac481c46dfc9dccd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 16:48:22 +0200
Subject: [PATCH 1075/2268] chore: Remove unused code

---
 cmd/kluctl/args/flux.go | 34 ----------------------------------
 1 file changed, 34 deletions(-)
 delete mode 100644 cmd/kluctl/args/flux.go

diff --git a/cmd/kluctl/args/flux.go b/cmd/kluctl/args/flux.go
deleted file mode 100644
index a1307a16a..000000000
--- a/cmd/kluctl/args/flux.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package args
-
-import (
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-type KluctlDeploymentFlags struct {
-	KluctlDeployment string `group:"flux" short:"k" help:"Name of the KluctlDeployment to interact with"`
-	Namespace        string `group:"flux" short:"n" help:"Namespace where KluctlDeployment is located"`
-	WithSource       bool   `group:"flux" help:"--with-source will annotate Source object as well, triggering pulling"`
-	NoWait           bool   `group:"flux" help:"Don't wait for objects readiness'"`
-}
-
-var KluctlDeploymentGVK = schema.GroupVersionKind{
-	Group:   "flux.kluctl.io",
-	Version: "v1alpha1",
-	Kind:    "KluctlDeployment",
-}
-
-var GitRepositoryGVK = schema.GroupVersionKind{
-	Group:   "source.toolkit.fluxcd.io",
-	Version: "v1beta2",
-	Kind:    "GitRepository",
-}
-
-func (cmd *KluctlDeploymentFlags) VerifyFlags() bool {
-	if cmd.KluctlDeployment == "" {
-		return false
-	}
-	if cmd.Namespace == "" {
-		cmd.Namespace = "default"
-	}
-	return true
-}

From 68deddec416e75d0bbcd88d166f876194541bce5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 26 May 2023 16:48:41 +0200
Subject: [PATCH 1076/2268] docs: Update readme to mention that
 flux-kluctl-controller is deprecated

---
 README.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 51c58facb..33ed42f81 100644
--- a/README.md
+++ b/README.md
@@ -17,11 +17,16 @@ Kluctl is centered around "targets", which can be a cluster or a specific enviro
 or multiple clusters. Targets can be deployed, diffed, pruned, deleted, and so on. The idea is to have the same set of
 operations for every target, no matter how simple or complex the deployment and/or target is.
 
-Kluctl does not depend on external operators/controllers and allows to use the same deployment wherever you want,
+Kluctl does not strictly depend on a controller and allows to use the same deployment wherever you want,
 as long as access to the kluctl project and clusters is available. This means, that you can use it from your
 local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
 
-Flux support is in alpha stadium and available via the [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
+If you want to follow a pull based GitOps flow, then you can use the Kluctl Controller, which then allows you to use
+`KluctlDeployment` custom resources to define your Kluctl deployments.
+
+Please note: GitOps support was previously implemented via the now deprecated [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
+Historically, the flux-kluctl-controller depended on the Flux ecosystem (the source-controller to be specific), which
+has changed in the meantime, meaning that it runs completely independent and thus is not part of the Flux ecosystem anymore.
 
 ## What can I do with Kluctl?
 

From 88a0bf0b67ae351213556d1b71eaca460c56424f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 27 May 2023 23:52:01 +0200
Subject: [PATCH 1077/2268] docs: Add installation instructions for new
 controller

---
 docs/installation.md    | 38 ++++++++++++++++++++++++++++++++------
 hack/prepare-release.sh |  2 +-
 2 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index bd42145bf..656d3d93c 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -10,13 +10,17 @@ description: "Installing kluctl."
 
 # Installation
 
-## Binaries
+Kluctl is available as a CLI and as a GitOps controller.
+
+## Installing the CLI
+
+### Binaries
 
 The kluctl CLI is available as a binary executable for all major platforms,
 the binaries can be downloaded form GitHub
 [releases page](https://github.com/kluctl/kluctl/releases).
 
-## Installation with Homebrew
+### Installation with Homebrew
 
 With [Homebrew](https://brew.sh) for macOS and Linux:
 
@@ -24,7 +28,7 @@ With [Homebrew](https://brew.sh) for macOS and Linux:
 brew install kluctl/tap/kluctl
 ```
 
-## Installation with Bash
+### Installation with Bash
 
 With [Bash](https://www.gnu.org/software/bash/) for macOS and Linux:
 
@@ -38,7 +42,7 @@ The install script does the following:
 * copies the kluctl binary to `/usr/local/bin`
 * removes the temporary directory
 
-## Build from source
+### Build from source
 
 Clone the repository:
 
@@ -61,7 +65,7 @@ Run the binary:
 
 
 <!-- TODO uncomment when chocolatey support is implemented
-## Chocolatey
+### Chocolatey
 
 With [Chocolatey](https://chocolatey.org/) for Windows:
 
@@ -84,8 +88,30 @@ are also supported with their own sub-commands.
 
 -->
 
-## Container images
+### Container images
 
 A container image with `kluctl` is available on GitHub:
 
 * `ghcr.io/kluctl/kluctl:<version>`
+
+## Installing the GitOps Controller
+
+The controller can be installed via two available options.
+
+### Using the "install" sub-command
+
+The [`kluctl controller install`](./reference/commands/controller-install.md) command can be used to install the
+controller. It will use an embedded version of the Controller Kluctl deployment project
+found [here](https://github.com/kluctl/kluctl/tree/main/install/controller).
+
+### Using a Kluctl deployment
+
+To manage and install the controller via Kluctl, you can use a Git include in your own deployment:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/controller
+      ref: v0.0.0
+```
diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 609c006d5..496c9b6bd 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -24,7 +24,7 @@ fi
 
 echo VERSION=$VERSION
 
-FILES="install/controller/.kluctl.yaml"
+FILES="install/controller/.kluctl.yaml docs/installation.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp

From 3fffac350b59b01ce710b4147a176e38fd28ad15 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 28 May 2023 00:10:14 +0200
Subject: [PATCH 1078/2268] docs: Add GitOps docs

---
 docs/reference/README.md                      |   3 +-
 docs/reference/gitops/README.md               | 107 ++++
 docs/reference/gitops/metrics/README.md       |   9 +
 .../gitops/metrics/v1beta1/README.md          |  19 +
 .../v1beta1/kluctldeployment_controller.md    |  29 +
 docs/reference/gitops/migration/README.md     |  71 +++
 docs/reference/gitops/spec/README.md          |   9 +
 docs/reference/gitops/spec/v1beta1/README.md  |  25 +
 .../gitops/spec/v1beta1/kluctldeployment.md   | 551 ++++++++++++++++++
 9 files changed, 822 insertions(+), 1 deletion(-)
 create mode 100644 docs/reference/gitops/README.md
 create mode 100644 docs/reference/gitops/metrics/README.md
 create mode 100644 docs/reference/gitops/metrics/v1beta1/README.md
 create mode 100644 docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md
 create mode 100644 docs/reference/gitops/migration/README.md
 create mode 100644 docs/reference/gitops/spec/README.md
 create mode 100644 docs/reference/gitops/spec/v1beta1/README.md
 create mode 100644 docs/reference/gitops/spec/v1beta1/kluctldeployment.md

diff --git a/docs/reference/README.md b/docs/reference/README.md
index 19695290e..729f8fb45 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -13,4 +13,5 @@ weight: 110
 
 1. [.kluctl.yaml](./kluctl-project)
 2. [Deployments](./deployments)
-3. [Kluctl Commands](./commands)
+3. [GitOps](./gitops)
+4. [Kluctl Commands](./commands)
diff --git a/docs/reference/gitops/README.md b/docs/reference/gitops/README.md
new file mode 100644
index 000000000..63c6fd4ae
--- /dev/null
+++ b/docs/reference/gitops/README.md
@@ -0,0 +1,107 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "GitOps"
+linkTitle: "GitOps"
+description: "Kluctl Controller documentation."
+weight: 3
+---
+-->
+
+# GitOps
+
+GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](../../installation.md#installing-the-gitops-controller)
+to your target cluster.
+
+The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#kluctldeployment)
+custom resource. This resource allows to define a Kluctl deployment that should be constantly reconciled (re-deployed)
+whenever the deployment changes.
+
+## Motivation and Philosophy
+
+Kluctl tries its best to implement all its features via [Kluctl projects](../kluctl-project/README.md), meaning that
+the deployments are, at least theoretically, deployable from the CLI at all times. The Kluctl Controller does not
+add functionality on top of that and thus does not couple your deployments to a running controller.
+
+Instead, the `KluctlDeployment` custom resource acts as an interface to the deployment. It tries to offer the same
+functionality and options as offered by the CLI, but through a custom resource instead of a CLI invocation.
+
+As an example, arguments passed via `-a arg=value` can be passed to the custom resource via the `spec.args` field.
+The same applies to options like `--dry-run`, which equals to `spec.dryRun: true` in the custom resource. Check the
+documentation of [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
+
+## Installation
+
+Installation instructions can be found [here](../../installation.md#installing-the-gitops-controller)
+
+## Design
+
+The reconciliation process consists of multiple steps which are constantly repeated:
+
+- **clone** the root Kluctl project via Git
+- **prepare** the Kluctl deployment by rendering the whole deployment
+- **deploy** the specified target via [kluctl deploy](../commands/deploy.md) if the rendered resources changed
+- **prune** orphaned objects via [kluctl prune](../commands/prune.md)
+- **validate** the deployment status via [kluctl validate](../commands/validate.md)
+
+Reconciliation is performed on a configurable [interval](./spec/v1beta1/kluctldeployment.md#interval). A single
+reconciliation iteration will first clone and prepare the project. Only when the rendered resources indicate a change
+(by using a hash internally), the controller will initiate a deployment. After the deployment, the controller will
+also perform pruning (only if [prune: true](./spec/v1beta1/kluctldeployment.md#prune) is set).
+
+When the `KluctlDeployment` is removed from the cluster, the controller cal also delete all resources belonging to
+that deployment. This will only happen if [delete: true](./spec/v1beta1/kluctldeployment.md#delete) is set.
+
+Deletion and pruning is based on the [discriminator](../kluctl-project/README.md#discriminator) of the given target.
+
+A `KluctlDeployment` can be [suspended](./spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
+will skip reconciliation, including deletion and pruning.
+
+The API design of the controller can be found at [kluctldeployment.gitops.kluctl.io/v1beta1](./spec/v1beta1/README.md).
+
+## Example
+
+After installing the Kluctl Controller, we can create a `KluctlDeployment` that automatically deploys the
+[Microservices Demo](https://kluctl.io/docs/guides/tutorials/microservices-demo/3-templating-and-multi-env/).
+
+Create a KluctlDeployment that uses the demo project source to deploy the `test` target to the same cluster that the
+controller runs on.
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: microservices-demo-test
+  namespace: kluctl-system
+spec:
+  interval: 10m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  timeout: 2m
+  target: test
+  context: default
+  prune: true
+```
+
+This example will deploy a fully-fledged microservices application with multiple backend services, frontends and
+databases, all via one single `KluctlDeployment`.
+
+To deploy the same Kluctl project to another target (e.g. prod), simply create the following resource.
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: microservices-demo-prod
+  namespace: kluctl-system
+spec:
+  interval: 10m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  timeout: 2m
+  target: prod
+  context: default
+  prune: true
+```
diff --git a/docs/reference/gitops/metrics/README.md b/docs/reference/gitops/metrics/README.md
new file mode 100644
index 000000000..2ae19f029
--- /dev/null
+++ b/docs/reference/gitops/metrics/README.md
@@ -0,0 +1,9 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Metrics
+linkTitle: Metrics
+description: OpenMetrics-compatible export of controller metrics
+weight: 10
+---
+-->
diff --git a/docs/reference/gitops/metrics/v1beta1/README.md b/docs/reference/gitops/metrics/v1beta1/README.md
new file mode 100644
index 000000000..d13eb0dc2
--- /dev/null
+++ b/docs/reference/gitops/metrics/v1beta1/README.md
@@ -0,0 +1,19 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: v1beta1 metrics
+linkTitle: v1beta1 metrics
+description: gitops.kluctl.io/v1beta1 metrics
+weight: 10
+---
+-->
+
+# Prometheus Metrics
+
+The controller exports several metrics in the [OpenMetrics compatible format](https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md).
+They can be scraped by all sorts of monitoring solutions (e.g. Prometheus) or stored in a database. Because the
+controller is based on [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime), all
+the [default metrics](https://book.kubebuilder.io/reference/metrics-reference.html) as well as the
+following controller-specific custom metrics are exported:
+
+- [kluctldeployment_controller](kluctldeployment_controller.md)
diff --git a/docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md b/docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md
new file mode 100644
index 000000000..9c5163f5f
--- /dev/null
+++ b/docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md
@@ -0,0 +1,29 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Metrics of the KluctlDeployment Controller
+linkTitle: KluctlDeployment Controller Metrics
+description: KluctlDeployment documentation
+weight: 20
+---
+-->
+
+# Exported Metrics References
+
+| Metrics name                | Type      | Description                                                                          |
+|-----------------------------|-----------|--------------------------------------------------------------------------------------|
+| deployment_duration_seconds | Histogram | How long a single deployment takes in seconds.                                       |
+| number_of_changed_objects   | Gauge     | How many objects have been changed by a single deployment.                           |
+| number_of_deleted_objects   | Gauge     | How many objects have been deleted by a single deployment.                           |
+| number_of_errors            | Gauge     | How many errors are related to a single deployment.                                  |
+| number_of_images            | Gauge     | Number of images of a single deployment.                                             |
+| number_of_orphan_objects    | Gauge     | How many orphans are related to a single deployment.                                 |
+| number_of_warnings          | Gauge     | How many warnings are related to a single deployment.                                |
+| prune_duration_seconds      | Histogram | How long a single prune takes in seconds.                                            |
+| validate_duration_seconds   | Histogram | How long a single validate takes in seconds.                                         |
+| deployment_interval_seconds | Gauge     | The configured deployment interval of a single deployment.                           |
+| dry_run_enabled             | Gauge     | Is dry-run enabled for a single deployment.                                          |
+| last_object_status          | Gauge     | Last object status of a single deployment. Zero means failure and one means success. |
+| prune_enabled               | Gauge     | Is pruning enabled for a single deployment.                                          |
+| delete_enabled              | Gauge     | Is deletion enabled for a single deployment.                                         |
+| source_spec                 | Gauge     | The configured source spec of a single deployment exported via labels.               |
diff --git a/docs/reference/gitops/migration/README.md b/docs/reference/gitops/migration/README.md
new file mode 100644
index 000000000..9fb8d394c
--- /dev/null
+++ b/docs/reference/gitops/migration/README.md
@@ -0,0 +1,71 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Legacy Controller Migration
+linkTitle: Legacy Controller Migration
+description: Legacy Controller Migration
+weight: 100
+---
+-->
+
+# Legacy Controller Migration
+
+Older versions of Kluctl (pre v2.20.0) relied on a legacy version of the Kluctl controller, named
+[flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller). If you upgraded from such an older
+version and were already using `KluctlDeployments` from the `flux.kluctl.io` API group, you must migrate these
+deployments to the new `gitops.kluctl.io` group.
+
+To do this, follow the following steps:
+
+1. Upgrade the legacy flux-kluctl-controller to at least v0.16.0. This version will introduce a special marker field
+into the legacy `KluctlDeployment` status and set it to true. This marker field is used to inform the new Kluctl Controller
+that the legacy controller is now aware of the existence of the new controller.
+2. If not already done, [install](../../../installation.md#installing-the-gitops-controller) the new Kluctl Controller.
+3. To be on the safe side, disable [pruning](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#prune) and
+[deletion](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#delete) for all legacy `KluctlDeployment` objects.
+Don't forget to deploy/apply these changes before continuing with the next step.
+4. Modify your `KluctlDeployment` manifests to use the `gitops.kluctl.io/v1beta1` as `apiVersion`. It's important
+to use the same name and namespace as used in the legacy resources. Also read the [breaking changes](#breaking-changes)
+section.
+5. Deploy/Apply the modified `KluctlDeployment` resources.
+6. At this point, the legacy controller will detect that the `KluctlDeployment` exists twice, once for the legacy
+API group/version and once for the new group/version. Based on that knowledge, the legacy controller will stop reconciling
+the legacy `KluctlDeployment`.
+7. At the same time, the new controller will detect that the legacy `KluctlDeployment` has the marker field set, which
+means that the legacy controller is known to honor the new controller's existence.
+8. This will lead to the new controller taking over and reconciling the new `KluctlDeployment`.
+9. If you disabled deletion/pruning in step 3., you should undo this on the new `KluctlDeployments` now.
+
+After these steps, the legacy `KluctlDeployment` resources will be excluded from reconciliation by the legacy controller.
+This means, you can safely remove/prune the legacy resources.
+
+# Breaking changes
+
+There exist some breaking changes between the legacy `flux.kluctl.io/v1alpha1` and `gitops.kluctl.io/v1beta1` custom
+resources and controllers. These are:
+
+### Only deploy when resources change
+
+The legacy controller did a full deploy on each reconciliation, following the Flux way of reconciliations. This
+behaviour was configurable by allowing you to set `spec.deployInterval: never`, which disabled full deployments and
+caused the controller to only deploy when the resulting rendered resources actually changed.
+
+The new controller will behave this way by default, unless you explicitly set `spec.deployInterval` to some interval
+value.
+
+This means, you will have to introduce `spec.deployInterval` in case you expect the controller to behave as before or
+remove `spec.deployInterval: never` if you already used the Kluctl specific behavior.
+
+### renameContexts has been removed
+
+The `spec.renameContexts` field is not available anymore. Use `spec.context` instead.
+
+### status will not contain full result anymore
+
+The legacy controller wrote the full command result (with objects, diffs, ...) into the status field. The new
+controller will instead only write a summary of the result.
+
+# Why no fully automated migration?
+
+I have decided against a fully automated migration as the move of the API group causes resources to have a different
+identity. This can easily lead to unexpected behaviour and does not play well with GitOps.
diff --git a/docs/reference/gitops/spec/README.md b/docs/reference/gitops/spec/README.md
new file mode 100644
index 000000000..cb95e02f6
--- /dev/null
+++ b/docs/reference/gitops/spec/README.md
@@ -0,0 +1,9 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Specs
+linkTitle: Specs
+description: Kluctl Controller specs
+weight: 10
+---
+-->
diff --git a/docs/reference/gitops/spec/v1beta1/README.md b/docs/reference/gitops/spec/v1beta1/README.md
new file mode 100644
index 000000000..19271ca12
--- /dev/null
+++ b/docs/reference/gitops/spec/v1beta1/README.md
@@ -0,0 +1,25 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: v1beta1 specs
+linkTitle: v1beta1 specs
+description: gitops.kluctl.io/v1beta1 documentation
+weight: 10
+---
+-->
+
+# gitops.kluctl.io/v1beta1
+
+This is the v1beta1 API specification for defining continuous delivery pipelines
+of Kluctl Deployments.
+
+## Specification
+
+- [KluctlDeployment CRD](kluctldeployment.md)
+    + [Spec fields](kluctldeployment.md#spec-fields)
+    + [Reconciliation](kluctldeployment.md#reconciliation)
+    + [Kubeconfigs and RBAC](kluctldeployment.md#kubeconfigs-and-rbac)
+    + [Git authentication](kluctldeployment.md#git-authentication)
+    + [Helm Repository authentication](kluctldeployment.md#helm-repository-authentication)
+    + [Secrets Decryption](kluctldeployment.md#secrets-decryption)
+    + [Status](kluctldeployment.md#status)
diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
new file mode 100644
index 000000000..db46f4cf0
--- /dev/null
+++ b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
@@ -0,0 +1,551 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: KluctlDeployment
+linkTitle: KluctlDeployment
+description: KluctlDeployment documentation
+weight: 20
+---
+-->
+
+# KluctlDeployment
+
+The `KluctlDeployment` API defines a deployment of a [target](../../../kluctl-project/targets)
+from a [Kluctl Project](../../../kluctl-project).
+
+## Example
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: microservices-demo-prod
+spec:
+  interval: 5m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  timeout: 2m
+  target: prod
+  context: default
+  prune: true
+  delete: true
+```
+
+In the above example a KluctlDeployment is being created that defines the deployment based on the Kluctl project.
+
+The deployment is performed every 5 minutes. It will deploy the `prod`
+[target](../../../kluctl-project/targets) and then prune orphaned objects afterward.
+
+When the KluctlDeployment gets deleted, `delete: true` will cause the controller to actually delete the target
+resources.
+
+It uses the `default` context provided by the default service account and thus overrides the context specified in the
+target definition.
+
+## Spec fields
+
+### source
+
+The KluctlDeployment `spec.source` specifies the source repository to be used. Example:
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+spec:
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: path/to/project
+    secretRef:
+      name: git-credentials
+    ref:
+      branch: my-branch
+  ...
+```
+
+The `url` specifies the git clone url. It can either be a https or a git/ssh url. Git/Ssh url will require a secret
+to be provided with credentials.
+
+The `path` specifies the sub-directory where the Kluctl project is located.
+
+The `ref` provides the Git reference to be used. It can either be a branch or a tag.
+
+See [Git authentication](#git-authentication) for details on authentication.
+
+### interval
+See [Reconciliation](#reconciliation).
+
+### suspend
+See [Reconciliation](#reconciliation).
+
+### target
+`spec.target` specifies the target to be deployed. It must exist in the Kluctl projects
+[kluctl.yaml targets](../../../kluctl-project/targets) list.
+
+This field is optional and can be omitted if the referenced Kluctl project allows deployments without targets.
+
+### targetNameOverride
+`spec.targetNameOverride` will set or override the name of the target. This is equivalent to passing
+`--target-name-override` to `kluctl deploy`.
+
+### context
+`spec.context` will override the context used while deploying. This is equivalent to passing `--context` to
+`kluctl deploy`.
+
+### deployMode
+By default, the operator will perform a full deployment, which is equivalent to using the `kluctl deploy` command.
+As an alternative, the controller can be instructed to only perform a `kluctl poke-images` command. Please
+see [poke-images](../../../commands/poke-images.md) for details on the command. To do so, set `spec.deployMode`
+field to `poke-images`.
+
+Example:
+```
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: microservices-demo-prod
+spec:
+  interval: 5m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  timeout: 2m
+  target: prod
+  context: default
+  deployMode: poke-images
+```
+
+### prune
+
+To enable pruning, set `spec.prune` to `true`. This will cause the controller to run `kluctl prune` after each
+successful deployment.
+
+### delete
+
+To enable deletion, set `spec.delete` to `true`. This will cause the controller to run `kluctl delete` when the
+KluctlDeployment gets deleted.
+
+### args
+`spec.args` is an object representing [arguments](../../../kluctl-project/#args)
+passed to the deployment. Example:
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+spec:
+  interval: 5m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  timeout: 2m
+  target: prod
+  context: default
+  args:
+    arg1: value1
+    arg2: value2
+    arg3:
+      k1: v1
+      k2: v2
+```
+
+The above example is equivalent to calling `kluctl deploy -t prod -a arg1=value1 -a arg2=value2`.
+
+### images
+`spec.images` specifies a list of fixed images to be used by
+[`image.get_image(...)`](../../../deployments/images#imagesget_image). Example:
+
+```
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+spec:
+  interval: 5m
+  source:
+    url: https://example.com
+  timeout: 2m
+  target: prod
+  images:
+    - image: nginx
+      resultImage: nginx:1.21.6
+      namespace: example-namespace
+      deployment: Deployment/example
+    - image: registry.gitlab.com/my-org/my-repo/image
+      resultImage: registry.gitlab.com/my-org/my-repo/image:1.2.3
+```
+
+The above example will cause the `images.get_image("nginx")` invocations of the `example` Deployment to return
+`nginx:1.21.6`. It will also cause all `images.get_image("registry.gitlab.com/my-org/my-repo/image")` invocations
+to return `registry.gitlab.com/my-org/my-repo/image:1.2.3`.
+
+The fixed images provided here take precedence over the ones provided in the
+[target definition](../../../kluctl-project/targets#images).
+
+`spec.images` is equivalent to calling `kluctl deploy -t prod --fixed-image=nginx:example-namespace:Deployment/example=nginx:1.21.6 ...`
+and to `kluctl deploy -t prod --fixed-images-file=fixed-images.yaml` with `fixed-images.yaml` containing:
+
+```yaml
+images:
+- image: nginx
+  resultImage: nginx:1.21.6
+  namespace: example-namespace
+  deployment: Deployment/example
+- image: registry.gitlab.com/my-org/my-repo/image
+  resultImage: registry.gitlab.com/my-org/my-repo/image:1.2.3
+```
+
+### dryRun
+`spec.dryRun` is a boolean value that turns the deployment into a dry-run deployment. This is equivalent to calling
+`kluctl deploy -t prod --dry-run`.
+
+### noWait
+`spec.noWait` is a boolean value that disables all internal waiting (hooks and readiness). This is equivalent to calling
+`kluctl deploy -t prod --no-wait`.
+
+### forceApply
+`spec.forceApply` is a boolean value that causes kluctl to solve conflicts via force apply. This is equivalent to calling
+`kluctl deploy -t prod --force-apply`.
+
+### replaceOnError and forceReplaceOnError
+`spec.replaceOnError` and `spec.forceReplaceOnError` are both boolean values that cause kluctl to perform a replace
+after a failed apply. `forceReplaceOnError` goes a step further and deletes and recreates the object in question.
+These are equivalent to calling `kluctl deploy -t prod --replace-on-error` and `kluctl deploy -t prod --force-replace-on-error`.
+
+### abortOnError
+`spec.abortOnError` is a boolean value that causes kluctl to abort as fast as possible in case of errors. This is equivalent to calling
+`kluctl deploy -t prod --abort-on-error`.
+
+### includeTags, excludeTags, includeDeploymentDirs and excludeDeploymentDirs
+`spec.includeTags` and `spec.excludeTags` are lists of tags to be used in inclusion/exclusion logic while deploying.
+These are equivalent to calling `kluctl deploy -t prod --include-tag <tag1>` and `kluctl deploy -t prod --exclude-tag <tag2>`.
+
+`spec.includeDeploymentDirs` and `spec.excludeDeploymentDirs` are lists of relative deployment directories to be used in
+inclusion/exclusion logic while deploying. These are equivalent to calling `kluctl deploy -t prod --include-tag <tag1>`
+and `kluctl deploy -t prod --exclude-tag <tag2>`.
+
+## Reconciliation
+
+The KluctlDeployment `spec.interval` tells the controller at which interval to try reconciliations.
+The interval time units are `s`, `m` and `h` e.g. `interval: 5m`, the minimum value should be over 60 seconds.
+
+At each reconciliation run, the controller will check if any rendered objects have been changes since the last
+deployment and then perform a new deployment if changes are detected. Changes are tracked via a hash consisting of
+all rendered objects.
+
+To enforce periodic full deployments even if nothing has changed, `spec.deployInterval` can be used to specify an
+interval at which forced deployments must be performed by the controller.
+
+The KluctlDeployment reconciliation can be suspended by setting `spec.suspend` to `true`.
+
+The controller can be told to reconcile the KluctlDeployment outside of the specified interval
+by annotating the KluctlDeployment object with `kluctl.io/request-reconcile`.
+
+On-demand reconciliation example:
+
+```bash
+kubectl annotate --overwrite kluctldeployment/microservices-demo-prod kluctl.io/request-reconcile="$(date +%s)"
+```
+
+Similarly, a deployment can be forced even if the source has not changed by using the  `kluctl.io/request-deploy`
+annotation:
+
+```bash
+kubectl annotate --overwrite kluctldeployment/microservices-demo-prod kluctl.io/request-deploy="$(date +%s)"
+```
+
+
+## Kubeconfigs and RBAC
+
+As Kluctl is meant to be a CLI-first tool, it expects a kubeconfig to be present while deployments are
+performed. The controller will generate such kubeconfigs on-the-fly before performing the actual deployment.
+
+The kubeconfig can be generated from 3 different sources:
+1. The default impersonation service account specified at controller startup (via `--default-service-account`)
+2. The service account specified via `spec.serviceAccountName` in the KluctlDeployment
+3. The secret specified via `spec.kubeConfig` in the KluctlDeployment.
+
+The behavior/functionality of 1. and 2. is comparable to how the [kustomize-controller](https://fluxcd.io/docs/components/kustomize/kustomization/#role-based-access-control)
+handles impersonation, with the difference that a kubeconfig with a "default" context is created in-between.
+
+`spec.kubeConfig` will simply load the kubeconfig from `data.value` of the specified secret.
+
+Kluctl [targets](../../../kluctl-project/targets) specify a context name that is expected to
+be present in the kubeconfig while deploying. As the context found in the generated kubeconfig does not necessarily
+have the correct name, `spec.context` can be used to while deploying. This is especially useful
+when using service account based kubeconfigs, as these always have the same context with the name "default".
+
+Here is an example of a deployment that uses the service account "prod-service-account" and overrides the context
+appropriately (assuming the Kluctl cluster config for the given target expects a "prod" context):
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+  namespace: kluctl-system
+spec:
+  interval: 10m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  target: prod
+  serviceAccountName: prod-service-account
+  context: default
+```
+
+## Git authentication
+
+The `spec.source` can optionally specify a `spec.source.secretRef` (see [here](#source)) which must point to an existing
+secret (in the same namespace) containing Git credentials.
+
+### Basic access authentication
+
+To authenticate towards a Git repository over HTTPS using basic access
+authentication (in other words: using a username and password), the referenced
+Secret is expected to contain `.data.username` and `.data.password` values.
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-access-auth
+type: Opaque
+data:
+  username: <BASE64>
+  password: <BASE64>
+```
+
+### HTTPS Certificate Authority
+
+To provide a Certificate Authority to trust while connecting with a Git
+repository over HTTPS, the referenced Secret can contain a `.data.caFile`
+value.
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: https-ca-credentials
+  namespace: default
+type: Opaque
+data:
+  caFile: <BASE64>
+```
+
+### SSH authentication
+
+To authenticate towards a Git repository over SSH, the referenced Secret is
+expected to contain `identity` and `known_hosts` fields. With the respective
+private key of the SSH key pair, and the host keys of the Git repository.
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-credentials
+type: Opaque
+stringData:
+  identity: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    ...
+    -----END OPENSSH PRIVATE KEY-----
+  known_hosts: |
+    github.com ecdsa-sha2-nistp256 AAAA...
+```
+
+## Helm Repository authentication
+
+Kluctl allows to [integrate Helm Charts](../../../deployments/helm) in two different ways.
+One is to [pre-pull charts](../../../commands/helm-pull) and put them into version control,
+making it unnecessary to pull them at deploy time. This option also means that you don't have to take any special care
+on the controller side.
+
+The other way is to let Kluctl pull Helm Charts at deploy time. In that case, you have to ensure that the controller
+has the necessary access to the Helm repositories. To add credentials for authentication, set the `spec.helmCredentials`
+field to a list of secret references:
+
+### Basic access authentication
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+  namespace: kluctl-system
+spec:
+  interval: 10m
+  source:
+    url: https://github.com/kluctl/kluctl-examples.git
+    path: "./microservices-demo/3-templating-and-multi-env/"
+  target: prod
+  serviceAccountName: prod-service-account
+  context: default
+
+  helmCredentials:
+    - secretRef:
+        name: helm-creds
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: helm-creds
+  namespace: kluctl-system
+stringData:
+  url: https://example-repo.com
+  username: my-user
+  password: my-password
+```
+
+### TLS authentication
+
+For TLS authentication, see the following example secret:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: helm-creds
+  namespace: kluctl-system
+data:
+  certFile: <BASE64>
+  keyFile: <BASE64>
+  # NOTE: Can be supplied without the above values
+  caFile: <BASE64>
+```
+
+### Disabling TLS verification
+
+In case you need to disable TLS verification (not recommended!), add the key `insecureSkipTlsVerify` with the value
+`"true"` (make sure it's a string, so surround it with `"`).
+
+### Pass credentials
+
+To enable passing of credentials to all requests, add the key `passCredentialsAll` with the value `"true"`.
+This will pass the credentials to all requests, even if the hostname changes.
+
+## Secrets Decryption
+
+Kluctl offers a [SOPS Integration](../../../deployments/sops) that allows to use encrypted
+manifests and variable sources in Kluctl deployments. Decryption by the controller is also supported and currently
+mirrors how the [Secrets Decryption configuration](https://fluxcd.io/flux/components/kustomize/kustomization/#secrets-decryption)
+of the Flux Kustomize Controller. To configure it in the `KluctlDeployment`, simply set the `decryption` field in the
+spec:
+
+```
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+  namespace: kluctl-system
+spec:
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-keys
+  ...
+```
+
+The `sops-keys` Secret has the same format as in the
+[Flux Kustomize Controller](https://fluxcd.io/flux/components/kustomize/kustomization/#decryption-secret-reference).
+
+### AWS KMS with IRSA
+
+In addition to the [AWS KMS Secret Entry](https://fluxcd.io/flux/components/kustomize/kustomization/#aws-kms-secret-entry)
+in the secret and the [global AWS KMS](https://fluxcd.io/flux/components/kustomize/kustomization/#aws-kms)
+authentication via the controller's service account, the Kluctl controller also supports using the IRSA role of the
+impersonated service account of the `KluctlDeployment` (specified via `serviceAccountName` in the spec or
+`--default-service-account`):
+
+```yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kluctl-deployment
+  namespace: kluctl-system
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::123456:role/my-irsa-enabled-role
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kluctl-deployment
+  namespace: kluctl-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  # watch out, don't use cluster-admin if you don't trust the deployment
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: kluctl-deployment
+    namespace: kluctl-system
+---
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+  namespace: kluctl-system
+spec:
+  serviceAccountName: kluctl-deployment
+  decryption:
+    provider: sops
+    # you can also leave out the secretRef if you don't provide addinional keys
+    secretRef:
+      name: sops-keys
+  ...
+```
+
+## Status
+
+When the controller completes a deployments, it reports the result in the `status` sub-resource.
+
+A successful reconciliation sets the ready condition to `true`.
+
+```yaml
+status:
+  conditions:
+  - lastTransitionTime: "2022-07-07T11:48:14Z"
+    message: "deploy: ok"
+    reason: ReconciliationSucceeded
+    status: "True"
+    type: Ready
+  lastDeployResult:
+    ...
+  lastPruneResult:
+    ...
+  lastValidateResult:
+    ...
+```
+
+You can wait for the controller to complete a reconciliation with:
+
+```bash
+kubectl wait kluctldeployment/backend --for=condition=ready
+```
+
+A failed reconciliation sets the ready condition to `false`:
+
+```yaml
+status:
+  conditions:
+  - lastTransitionTime: "2022-05-04T10:18:11Z"
+    message: target invalid-name not found in kluctl project
+    reason: PrepareFailed
+    status: "False"
+    type: Ready
+  lastDeployResult:
+    ...
+  lastPruneResult:
+    ...
+  lastValidateResult:
+    ...
+```
+
+> **Note** that the lastDeployResult, lastPruneResult and lastValidateResult are only updated on a successful reconciliation.

From 28b0ef4b02c6deaba9988bf47bf96b2660702926 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 16:21:56 +0200
Subject: [PATCH 1079/2268] docs: Add api docs generation

---
 .github/workflows/tests.yml                   |    9 +
 Makefile                                      |   10 +
 .../api/kluctl-controller.front-matter.yaml   |    4 +
 .../reference/gitops/api/kluctl-controller.md | 1465 +++++++++++++++++
 hack/api-docs/config.json                     |   29 +
 hack/api-docs/template/members.tpl            |   46 +
 hack/api-docs/template/pkg.tpl                |   46 +
 hack/api-docs/template/type.tpl               |   60 +
 8 files changed, 1669 insertions(+)
 create mode 100644 docs/reference/gitops/api/kluctl-controller.front-matter.yaml
 create mode 100644 docs/reference/gitops/api/kluctl-controller.md
 create mode 100644 hack/api-docs/config.json
 create mode 100644 hack/api-docs/template/members.tpl
 create mode 100644 hack/api-docs/template/pkg.tpl
 create mode 100644 hack/api-docs/template/type.tpl

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index fd0338d69..2a4ffa48f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -57,6 +57,15 @@ jobs:
             git diff
             exit 1
           fi
+      - name: Verify generated api-docs are up-to-date
+        run: |
+          make api-docs
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "make api-docs must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   tests:
     strategy:
diff --git a/Makefile b/Makefile
index c8d2eb5a3..58d9424aa 100644
--- a/Makefile
+++ b/Makefile
@@ -64,6 +64,10 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol
 	$(KUSTOMIZE) build config/rbac > install/controller/controller/rbac.yaml
 	$(KUSTOMIZE) build config/manager > install/controller/controller/manager.yaml
 
+# Generate API reference documentation
+api-docs: gen-crd-api-reference-docs
+	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/reference/controller/api/kluctl-controller.md
+
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	go generate ./...
@@ -169,6 +173,12 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
 
+# Find or download gen-crd-api-reference-docs
+GEN_CRD_API_REFERENCE_DOCS = $(LOCALBIN)/gen-crd-api-reference-docs
+.PHONY: gen-crd-api-reference-docs
+gen-crd-api-reference-docs:
+	GOBIN=$(LOCALBIN) go install github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0
+
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
diff --git a/docs/reference/gitops/api/kluctl-controller.front-matter.yaml b/docs/reference/gitops/api/kluctl-controller.front-matter.yaml
new file mode 100644
index 000000000..be96cbbcb
--- /dev/null
+++ b/docs/reference/gitops/api/kluctl-controller.front-matter.yaml
@@ -0,0 +1,4 @@
+title: Kluctl Controller API reference
+linkTitle: Kluctl Controller API
+description: Kluctl Controller API reference
+weight: 300
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
new file mode 100644
index 000000000..f1c1d35ee
--- /dev/null
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -0,0 +1,1465 @@
+<h1>Kluctl Controller API reference</h1>
+<p>Packages:</p>
+<ul class="simple">
+<li>
+<a href="#gitops.kluctl.io%2fv1beta1">gitops.kluctl.io/v1beta1</a>
+</li>
+</ul>
+<h2 id="gitops.kluctl.io/v1beta1">gitops.kluctl.io/v1beta1</h2>
+<p>Package v1beta1 contains API Schema definitions for the gitops.kluctl.io v1beta1 API group.</p>
+Resource Types:
+<ul class="simple"></ul>
+<h3 id="gitops.kluctl.io/v1beta1.Decryption">Decryption
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<p>Decryption defines how decryption is handled for Kubernetes manifests.</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>provider</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Provider is the name of the decryption engine.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The secret name containing the private OpenPGP keys used for decryption.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serviceAccount</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServiceAccount specifies the service account used to authenticate against cloud providers.
+This is currently only usable for AWS KMS keys. The specified service account will be used to authenticate to AWS
+by signing a token in an IRSA compliant way.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.GitRef">GitRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>branch</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Branch to filter for. Can also be a regex.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>tag</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Branch to filter for. Can also be a regex.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef holds the name of a secret that contains the Helm credentials.
+The secret must either contain the fields <code>credentialsId</code> which refers to the credentialsId
+found in <a href="https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories">https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories</a> or an <code>url</code> used
+to match the credentials found in Kluctl projects helm-chart.yaml files.
+The secret can either container basic authentication credentials via <code>username</code> and <code>password</code> or
+TLS authentication via <code>certFile</code> and <code>keyFile</code>. <code>caFile</code> can be specified to override the CA to use while
+contacting the repository.
+The secret can also contain <code>insecureSkipTlsVerify: &quot;true&quot;</code>, which will disable TLS verification.
+<code>passCredentialsAll: &quot;true&quot;</code> can be specified to make the controller pass credentials to all requests, even if
+the hostname changes in-between.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.KluctlDeployment">KluctlDeployment
+</h3>
+<p>KluctlDeployment is the Schema for the kluctldeployments API</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>metadata</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">
+KluctlDeploymentSpec
+</a>
+</em>
+</td>
+<td>
+<br/>
+<br/>
+<table>
+<tr>
+<td>
+<code>source</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">
+ProjectSource
+</a>
+</em>
+</td>
+<td>
+<p>Specifies the project source location</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>decryption</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.Decryption">
+Decryption
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Decrypt Kubernetes secrets before applying them on the cluster.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>interval</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<p>The interval at which to reconcile the KluctlDeployment.
+Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared
+to the last deployment.
+To override this behavior, set the DeployInterval value.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>retryInterval</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The interval at which to retry a previously failed reconciliation.
+When not specified, the controller uses the Interval
+value to retry failures.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>deployInterval</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SafeDuration">
+SafeDuration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered
+result does not change.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>validateInterval</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SafeDuration">
+SafeDuration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ValidateInterval specifies the interval at which to validate the KluctlDeployment.
+Validation is performed the same way as with &lsquo;kluctl validate -t <target>&rsquo;.
+Defaults to the same value as specified in Interval.
+Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>timeout</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Timeout for all operations.
+Defaults to &lsquo;Interval&rsquo; duration.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>suspend</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>This flag tells the controller to suspend subsequent kluctl executions,
+it does not apply to already started executions. Defaults to false.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>helmCredentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.HelmCredentials">
+[]HelmCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
+Kluctl deployment.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serviceAccountName</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The name of the Kubernetes service account to use while deploying.
+If not specified, the default service account is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>kubeConfig</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.KubeConfig">
+KubeConfig
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The KubeConfig for deploying to the target cluster.
+Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
+the context found in the kluctl target. As an alternative, specify the context to be used via &lsquo;context&rsquo;</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>target</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
+context. Use &lsquo;TargetName&rsquo; and &lsquo;Context&rsquo; to specify the name and context in that case.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>targetNameOverride</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>TargetNameOverride sets or overrides the target name. This is especially useful when deployment without a target.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>context</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified
+in the target.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>args</code><br>
+<em>
+k8s.io/apimachinery/pkg/runtime.RawExtension
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Args specifies dynamic target args.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>images</code><br>
+<em>
+[]github.com/kluctl/kluctl/v2/pkg/types.FixedImage
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Images contains a list of fixed image overrides.
+Equivalent to using &lsquo;&ndash;fixed-images-file&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>dryRun</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DryRun instructs kluctl to run everything in dry-run mode.
+Equivalent to using &lsquo;&ndash;dry-run&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>noWait</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>NoWait instructs kluctl to not wait for any resources to become ready, including hooks.
+Equivalent to using &lsquo;&ndash;no-wait&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>forceApply</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceApply instructs kluctl to force-apply in case of SSA conflicts.
+Equivalent to using &lsquo;&ndash;force-apply&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>replaceOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ReplaceOnError instructs kluctl to replace resources on error.
+Equivalent to using &lsquo;&ndash;replace-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>forceReplaceOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails.
+Equivalent to using &lsquo;&ndash;force-replace-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>abortOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails.
+Equivalent to using &lsquo;&ndash;abort-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>includeTags</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IncludeTags instructs kluctl to only include deployments with given tags.
+Equivalent to using &lsquo;&ndash;include-tag&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>excludeTags</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeTags instructs kluctl to exclude deployments with given tags.
+Equivalent to using &lsquo;&ndash;exclude-tag&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>includeDeploymentDirs</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir.
+Equivalent to using &lsquo;&ndash;include-deployment-dir&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>excludeDeploymentDirs</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir.
+Equivalent to using &lsquo;&ndash;exclude-deployment-dir&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>deployMode</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeployMode specifies what deploy mode should be used.
+The options &lsquo;full-deploy&rsquo; and &lsquo;poke-images&rsquo; are supported.
+With the &lsquo;poke-images&rsquo; option, only images are patched into the target without performing a full deployment.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>validate</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Validate enables validation after deploying</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>prune</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Prune enables pruning after deploying.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>delete</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentStatus">
+KluctlDeploymentStatus
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeployment">KluctlDeployment</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>source</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">
+ProjectSource
+</a>
+</em>
+</td>
+<td>
+<p>Specifies the project source location</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>decryption</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.Decryption">
+Decryption
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Decrypt Kubernetes secrets before applying them on the cluster.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>interval</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<p>The interval at which to reconcile the KluctlDeployment.
+Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared
+to the last deployment.
+To override this behavior, set the DeployInterval value.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>retryInterval</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The interval at which to retry a previously failed reconciliation.
+When not specified, the controller uses the Interval
+value to retry failures.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>deployInterval</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SafeDuration">
+SafeDuration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered
+result does not change.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>validateInterval</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SafeDuration">
+SafeDuration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ValidateInterval specifies the interval at which to validate the KluctlDeployment.
+Validation is performed the same way as with &lsquo;kluctl validate -t <target>&rsquo;.
+Defaults to the same value as specified in Interval.
+Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>timeout</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Timeout for all operations.
+Defaults to &lsquo;Interval&rsquo; duration.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>suspend</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>This flag tells the controller to suspend subsequent kluctl executions,
+it does not apply to already started executions. Defaults to false.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>helmCredentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.HelmCredentials">
+[]HelmCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
+Kluctl deployment.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serviceAccountName</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The name of the Kubernetes service account to use while deploying.
+If not specified, the default service account is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>kubeConfig</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.KubeConfig">
+KubeConfig
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The KubeConfig for deploying to the target cluster.
+Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
+the context found in the kluctl target. As an alternative, specify the context to be used via &lsquo;context&rsquo;</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>target</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
+context. Use &lsquo;TargetName&rsquo; and &lsquo;Context&rsquo; to specify the name and context in that case.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>targetNameOverride</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>TargetNameOverride sets or overrides the target name. This is especially useful when deployment without a target.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>context</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified
+in the target.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>args</code><br>
+<em>
+k8s.io/apimachinery/pkg/runtime.RawExtension
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Args specifies dynamic target args.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>images</code><br>
+<em>
+[]github.com/kluctl/kluctl/v2/pkg/types.FixedImage
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Images contains a list of fixed image overrides.
+Equivalent to using &lsquo;&ndash;fixed-images-file&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>dryRun</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DryRun instructs kluctl to run everything in dry-run mode.
+Equivalent to using &lsquo;&ndash;dry-run&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>noWait</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>NoWait instructs kluctl to not wait for any resources to become ready, including hooks.
+Equivalent to using &lsquo;&ndash;no-wait&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>forceApply</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceApply instructs kluctl to force-apply in case of SSA conflicts.
+Equivalent to using &lsquo;&ndash;force-apply&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>replaceOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ReplaceOnError instructs kluctl to replace resources on error.
+Equivalent to using &lsquo;&ndash;replace-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>forceReplaceOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails.
+Equivalent to using &lsquo;&ndash;force-replace-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>abortOnError</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails.
+Equivalent to using &lsquo;&ndash;abort-on-error&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>includeTags</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IncludeTags instructs kluctl to only include deployments with given tags.
+Equivalent to using &lsquo;&ndash;include-tag&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>excludeTags</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeTags instructs kluctl to exclude deployments with given tags.
+Equivalent to using &lsquo;&ndash;exclude-tag&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>includeDeploymentDirs</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir.
+Equivalent to using &lsquo;&ndash;include-deployment-dir&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>excludeDeploymentDirs</code><br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir.
+Equivalent to using &lsquo;&ndash;exclude-deployment-dir&rsquo; when calling kluctl.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>deployMode</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>DeployMode specifies what deploy mode should be used.
+The options &lsquo;full-deploy&rsquo; and &lsquo;poke-images&rsquo; are supported.
+With the &lsquo;poke-images&rsquo; option, only images are patched into the target without performing a full deployment.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>validate</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Validate enables validation after deploying</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>prune</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Prune enables pruning after deploying.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>delete</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.KluctlDeploymentStatus">KluctlDeploymentStatus
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeployment">KluctlDeployment</a>)
+</p>
+<p>KluctlDeploymentStatus defines the observed state of KluctlDeployment</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>lastHandledReconcileAt</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>LastHandledReconcileAt holds the value of the most recent
+reconcile request value, so a change of the annotation value
+can be detected.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>LastHandledDeployAt</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>observedGeneration</code><br>
+<em>
+int64
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ObservedGeneration is the last reconciled generation.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>observedCommit</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>ObservedCommit is the last commit observed</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>conditions</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#condition-v1-meta">
+[]Kubernetes meta/v1.Condition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>projectKey</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types/result.ProjectKey
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>targetKey</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types/result.TargetKey
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastObjectsHash</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastDeployError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastPruneError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastValidateError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastDeployResult</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>LastDeployResult is the result of the last deploy command</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastPruneResult</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>LastDeployResult is the result of the last prune command</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastValidateResult</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types/result.ValidateResult
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>LastValidateResult is the result of the last validate command</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.KubeConfig">KubeConfig
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<p>KubeConfig references a Kubernetes secret that contains a kubeconfig file.</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SecretKeyReference">
+SecretKeyReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef holds the name of a secret that contains a key with
+the kubeconfig file as the value. If no key is set, the key will default
+to &lsquo;value&rsquo;. The secret must be in the same namespace as
+the Kustomization.
+It is recommended that the kubeconfig is self-contained, and the secret
+is regularly updated if credentials such as a cloud-access-token expire.
+Cloud specific <code>cmd-path</code> auth helpers will not function without adding
+binaries and credentials to the Pod that is responsible for reconciling
+the KluctlDeployment.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.LocalObjectReference">LocalObjectReference
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
+<a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Name of the referent.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+</em>
+</td>
+<td>
+<p>Url specifies the Git url where the project source is located</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>ref</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.GitRef">
+GitRef
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the sub-directory to be used as project directory</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the git repository.
+For HTTPS repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
+fields.
+For SSH repositories the Secret must contain &lsquo;identity&rsquo;
+and &lsquo;known_hosts&rsquo; fields.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.SafeDuration">SafeDuration
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>Duration</code><br>
+<em>
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration">
+Kubernetes meta/v1.Duration
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.SecretKeyReference">SecretKeyReference
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KubeConfig">KubeConfig</a>)
+</p>
+<p>SecretKeyReference contains enough information to locate the referenced Kubernetes Secret object in the same
+namespace. Optionally a key can be specified.
+Use this type instead of core/v1 SecretKeySelector when the Key is optional and the Optional field is not
+applicable.</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Name of the Secret.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>key</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Key in the Secret, when not specified an implementation-specific default key is used.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<div class="admonition note">
+<p class="last">This page was automatically generated with <code>gen-crd-api-reference-docs</code></p>
+</div>
diff --git a/hack/api-docs/config.json b/hack/api-docs/config.json
new file mode 100644
index 000000000..ae9d840f1
--- /dev/null
+++ b/hack/api-docs/config.json
@@ -0,0 +1,29 @@
+{
+  "hideMemberFields": [
+    "TypeMeta"
+  ],
+  "hideTypePatterns": [
+    "ParseError$",
+    "List$"
+  ],
+  "externalPackages": [
+    {
+      "typeMatchPrefix": "^k8s\\.io/apimachinery/pkg/apis/meta/v1\\.Duration$",
+      "docsURLTemplate": "https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"
+    },
+    {
+      "typeMatchPrefix": "^k8s\\.io/apiextensions-apiserver/pkg/apis/apiextensions/v1\\.JSON$",
+      "docsURLTemplate": "https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1?tab=doc#JSON"
+    },
+    {
+      "typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/",
+      "docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}"
+    }
+  ],
+  "typeDisplayNamePrefixOverrides": {
+    "k8s.io/api/": "Kubernetes ",
+    "k8s.io/apimachinery/pkg/apis/": "Kubernetes ",
+    "k8s.io/apiextensions-apiserver/": "Kubernetes "
+  },
+  "markdownDisabled": false
+}
diff --git a/hack/api-docs/template/members.tpl b/hack/api-docs/template/members.tpl
new file mode 100644
index 000000000..26e7251e4
--- /dev/null
+++ b/hack/api-docs/template/members.tpl
@@ -0,0 +1,46 @@
+{{ define "members" }}
+    {{ range .Members }}
+        {{ if not (hiddenMember .)}}
+            <tr>
+                <td>
+                    <code>{{ fieldName . }}</code><br>
+                    <em>
+                        {{ if linkForType .Type }}
+                            <a href="{{ linkForType .Type }}">
+                                {{ typeDisplayName .Type }}
+                            </a>
+                        {{ else }}
+                            {{ typeDisplayName .Type }}
+                        {{ end }}
+                    </em>
+                </td>
+                <td>
+                    {{ if fieldEmbedded . }}
+                        <p>
+                            (Members of <code>{{ fieldName . }}</code> are embedded into this type.)
+                        </p>
+                    {{ end}}
+
+                    {{ if isOptionalMember .}}
+                        <em>(Optional)</em>
+                    {{ end }}
+
+                    {{ safe (renderComments .CommentLines) }}
+
+                    {{ if and (eq (.Type.Name.Name) "ObjectMeta") }}
+                        Refer to the Kubernetes API documentation for the fields of the
+                        <code>metadata</code> field.
+                    {{ end }}
+
+                    {{ if or (eq (fieldName .) "spec") }}
+                        <br/>
+                        <br/>
+                        <table>
+                            {{ template "members" .Type }}
+                        </table>
+                    {{ end }}
+                </td>
+            </tr>
+        {{ end }}
+    {{ end }}
+{{ end }}
diff --git a/hack/api-docs/template/pkg.tpl b/hack/api-docs/template/pkg.tpl
new file mode 100644
index 000000000..0a4c0224e
--- /dev/null
+++ b/hack/api-docs/template/pkg.tpl
@@ -0,0 +1,46 @@
+{{ define "packages" }}
+    <h1>Kluctl Controller API reference</h1>
+
+    {{ with .packages}}
+        <p>Packages:</p>
+        <ul class="simple">
+            {{ range . }}
+                <li>
+                    <a href="#{{- packageAnchorID . -}}">{{ packageDisplayName . }}</a>
+                </li>
+            {{ end }}
+        </ul>
+    {{ end}}
+
+    {{ range .packages }}
+        <h2 id="{{- packageAnchorID . -}}">
+            {{- packageDisplayName . -}}
+        </h2>
+
+        {{ with (index .GoPackages 0 )}}
+            {{ with .DocComments }}
+                {{ safe (renderComments .) }}
+            {{ end }}
+        {{ end }}
+
+        Resource Types:
+
+        <ul class="simple">
+            {{- range (visibleTypes (sortedTypes .Types)) -}}
+                {{ if isExportedType . -}}
+                    <li>
+                        <a href="{{ linkForType . }}">{{ typeDisplayName . }}</a>
+                    </li>
+                {{- end }}
+            {{- end -}}
+        </ul>
+
+        {{ range (visibleTypes (sortedTypes .Types))}}
+            {{ template "type" .  }}
+        {{ end }}
+    {{ end }}
+
+    <div class="admonition note">
+        <p class="last">This page was automatically generated with <code>gen-crd-api-reference-docs</code></p>
+    </div>
+{{ end }}
diff --git a/hack/api-docs/template/type.tpl b/hack/api-docs/template/type.tpl
new file mode 100644
index 000000000..cd2fa6981
--- /dev/null
+++ b/hack/api-docs/template/type.tpl
@@ -0,0 +1,60 @@
+{{ define "type" }}
+    <h3 id="{{ anchorIDForType . }}">
+        {{- .Name.Name }}
+        {{ if eq .Kind "Alias" }}(<code>{{.Underlying}}</code> alias){{ end -}}
+    </h3>
+
+    {{ with (typeReferences .) }}
+        <p>
+            (<em>Appears on:</em>
+            {{- $prev := "" -}}
+            {{- range . -}}
+                {{- if $prev -}}, {{ end -}}
+                {{ $prev = . }}
+                <a href="{{ linkForType . }}">{{ typeDisplayName . }}</a>
+            {{- end -}}
+            )
+        </p>
+    {{ end }}
+
+    {{ with .CommentLines }}
+        {{ safe (renderComments .) }}
+    {{ end }}
+
+    {{ if .Members }}
+        <div class="md-typeset__scrollwrap">
+            <div class="md-typeset__table">
+                <table>
+                    <thead>
+                    <tr>
+                        <th>Field</th>
+                        <th>Description</th>
+                    </tr>
+                    </thead>
+                    <tbody>
+                    {{ if isExportedType . }}
+                        <tr>
+                            <td>
+                                <code>apiVersion</code><br>
+                                string</td>
+                            <td>
+                                <code>{{ apiGroup . }}</code>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td>
+                                <code>kind</code><br>
+                                string
+                            </td>
+                            <td>
+                                <code>{{ .Name.Name }}</code>
+                            </td>
+                        </tr>
+                    {{ end }}
+                    {{ template "members" . }}
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    {{ end }}
+{{ end }}

From f79ca8222c187193a19ce2a2f511ba6d911f2e10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 16:22:35 +0200
Subject: [PATCH 1080/2268] docs: Update Kluctl version in installation.md

---
 docs/installation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/installation.md b/docs/installation.md
index 656d3d93c..31c012d25 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,5 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v0.0.0
+      ref: v2.20.0
 ```

From a143ba523a50be5e3f69eb4256803a8c007cdec9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 16:32:04 +0200
Subject: [PATCH 1081/2268] docs: Fix links to .md files

---
 docs/reference/gitops/spec/v1beta1/kluctldeployment.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
index db46f4cf0..85396a984 100644
--- a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
@@ -362,8 +362,8 @@ stringData:
 
 ## Helm Repository authentication
 
-Kluctl allows to [integrate Helm Charts](../../../deployments/helm) in two different ways.
-One is to [pre-pull charts](../../../commands/helm-pull) and put them into version control,
+Kluctl allows to [integrate Helm Charts](../../../deployments/helm.md) in two different ways.
+One is to [pre-pull charts](../../../commands/helm-pull.md) and put them into version control,
 making it unnecessary to pull them at deploy time. This option also means that you don't have to take any special care
 on the controller side.
 
@@ -432,7 +432,7 @@ This will pass the credentials to all requests, even if the hostname changes.
 
 ## Secrets Decryption
 
-Kluctl offers a [SOPS Integration](../../../deployments/sops) that allows to use encrypted
+Kluctl offers a [SOPS Integration](../../../deployments/sops.md) that allows to use encrypted
 manifests and variable sources in Kluctl deployments. Decryption by the controller is also supported and currently
 mirrors how the [Secrets Decryption configuration](https://fluxcd.io/flux/components/kustomize/kustomization/#secrets-decryption)
 of the Flux Kustomize Controller. To configure it in the `KluctlDeployment`, simply set the `decryption` field in the

From 442e3f675766929d2c2bbd091b55bf7f09ed1815 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 16:42:04 +0200
Subject: [PATCH 1082/2268] build: Preparing release v2.20.1

---
 docs/installation.md            | 2 +-
 install/controller/.kluctl.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index 31c012d25..c899bccd5 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,5 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v2.20.0
+      ref: v2.20.1
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 481c21a87..f74304426 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,4 +2,4 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v2.20.0
\ No newline at end of file
+    default: v2.20.1
\ No newline at end of file

From c61c60d907f49dbc6d6c604f9bcf5fef3913cfe0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 18:08:04 +0200
Subject: [PATCH 1083/2268] fix: Use projectDir as repoRoot in case there is no
 Git repo involved

---
 cmd/kluctl/commands/utils.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a03b70b77..0f524badc 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -50,6 +50,10 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		}
 	}
 
+	if repoRoot == "" {
+		repoRoot = projectDir
+	}
+
 	ctx, cancel := context.WithTimeout(ctx, projectFlags.Timeout)
 	defer cancel()
 

From c3636d2556b28233fc6719789e05a30e83b53230 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 18:13:00 +0200
Subject: [PATCH 1084/2268] docs: Fix link to images.md

---
 docs/reference/gitops/spec/v1beta1/kluctldeployment.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
index 85396a984..391bbd7cb 100644
--- a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
@@ -156,7 +156,7 @@ The above example is equivalent to calling `kluctl deploy -t prod -a arg1=value1
 
 ### images
 `spec.images` specifies a list of fixed images to be used by
-[`image.get_image(...)`](../../../deployments/images#imagesget_image). Example:
+[`image.get_image(...)`](../../../deployments/images.md#imagesget_image). Example:
 
 ```
 apiVersion: gitops.kluctl.io/v1beta1

From 4bff0959cd734a2bc6e80f4ed53e157d6b6ac5c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 19:49:56 +0200
Subject: [PATCH 1085/2268] fix: Fix pre-pulled helm chart pathes

---
 pkg/deployment/deployment_item.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index d291acbd0..9ad65c80c 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -180,7 +180,16 @@ func (di *DeploymentItem) isHelmValuesYaml(p string) bool {
 
 func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
 	configPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, subDir, "helm-chart.yaml"))
-	helmChartsDir := filepath.Join(di.Project.source.dir, ".helm-charts")
+
+	var helmChartsDir string
+	if di.Project.source == di.Project.getRootProject().source {
+		// deployment item is part of the root project repo, so it's allowed to be in a relative dir
+		helmChartsDir = filepath.Join(di.Project.source.dir, di.Project.getRootProject().relDir, ".helm-charts")
+	} else {
+		// deployment item is part of a git-included project, so it must be at the repo root
+		// TODO this limitation should be lifted in some way (search multiple pathes?)
+		helmChartsDir = filepath.Join(di.Project.source.dir, ".helm-charts")
+	}
 
 	hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmCredentials)
 	if err != nil {

From f80248ea7cc2a810db8210612af6095be0410c5c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 19:58:21 +0200
Subject: [PATCH 1086/2268] build: Preparing release v2.20.2

---
 docs/installation.md            | 2 +-
 install/controller/.kluctl.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index c899bccd5..7e40fabdb 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,5 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v2.20.1
+      ref: v2.20.2
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index f74304426..166bbf0ae 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,4 +2,4 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v2.20.1
\ No newline at end of file
+    default: v2.20.2
\ No newline at end of file

From cbb7fc433c5c333aa26c027fd76a92be41d2c80e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 31 May 2023 22:48:13 +0200
Subject: [PATCH 1087/2268] build: Multiple fixes to docs generation and checks
 (#527)

* build: Write api-docs result to correct directory

* build: Exclude api-docs from markdown-link-check
---
 Makefile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 58d9424aa..c7bea97f0 100644
--- a/Makefile
+++ b/Makefile
@@ -66,7 +66,7 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol
 
 # Generate API reference documentation
 api-docs: gen-crd-api-reference-docs
-	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/reference/controller/api/kluctl-controller.md
+	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/reference/gitops/api/kluctl-controller.md
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -97,7 +97,11 @@ replace-commands-help: ## Replace commands help in docs
 
 MARKDOWN_LINK_CHECK_VERSION=3.11.2
 markdown-link-check: ## Check markdown files for dead links
-	find . -name '*.md' | xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
+	find . -name '*.md' \
+		-and -not -path './docs/reference/gitops/api/kluctl-controller.md' \
+		-and -not -path './pkg/webui/ui/node_modules/*' \
+		-and -not -path './pkg/webui/ui/build/*' | \
+		xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
 
 ##@ Build
 

From cb6b4f62be770e8a6758c86032a5f5063a2216f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Jun 2023 12:38:14 +0200
Subject: [PATCH 1088/2268] fix: Don't show error when addGitInfo fails (#528)

---
 pkg/deployment/commands/result_utils.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 4b987d949..52e210d98 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -90,6 +90,9 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 
 	g, err := git2.PlainOpen(targetCtx.KluctlProject.LoadArgs.RepoRoot)
 	if err != nil {
+		if err == git2.ErrRepositoryNotExists {
+			return nil
+		}
 		return err
 	}
 

From 932661e4d57505eebb60f90aebaa3cb737c12251 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Jun 2023 13:03:43 +0200
Subject: [PATCH 1089/2268] fix: Allow to specify controller_version via args
 and via vars

---
 hack/prepare-release.sh                          | 2 +-
 install/controller/controller/kustomization.yaml | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 496c9b6bd..f63be7543 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -24,7 +24,7 @@ fi
 
 echo VERSION=$VERSION
 
-FILES="install/controller/.kluctl.yaml docs/installation.md"
+FILES="install/controller/.kluctl.yaml install/controller/controller/kustomization.yaml docs/installation.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index d4711bbb7..961e9fca4 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,3 +1,5 @@
+{% set controller_version = (args.controller_version if args.controller_version is defined else controller_version) | default("v2.20.2") %}
+
 resources:
   - crd.yaml
   - manager.yaml
@@ -10,8 +12,8 @@ patches:
     patch: |-
       - op: add
         path: /spec/template/spec/containers/0/image
-        value: ghcr.io/kluctl/kluctl:{{ args.controller_version }}
-{% if args.controller_version.endswith("-next-amd64") or args.controller_version.endswith("-next-arm64") %}
+        value: ghcr.io/kluctl/kluctl:{{ controller_version }}
+{% if controller_version.endswith("-next-amd64") or controller_version.endswith("-next-arm64") %}
   - target:
       kind: Deployment
       name: kluctl-controller

From 3ac2dfae67c70b481375794428a044ffb58e9adc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Jun 2023 13:36:07 +0200
Subject: [PATCH 1090/2268] fix: Switch back to debian based base images due to
 missing arm+musl support

---
 Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 77958da58..233c596fe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,11 @@
-FROM alpine:3.18.0
+# We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
+# see https://github.com/indygreg/python-build-standalone/issues/87
+FROM debian:bullseye-slim
 
-RUN apk add ca-certificates
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # We need git for kustomize to support overlays from git
-RUN apk add git
+RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/*
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache

From 3d6033ceb99d9cc156310e645b2c3f4993a0ece2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Jun 2023 14:07:38 +0200
Subject: [PATCH 1091/2268] fix: Properly pass hostkey callback to ssh auth
 method

The KnownHostsWrapper used in the past is not needed anymore and actually
caused host key verification to fail when ~/.ssh/known_hosts was missing,
even if known_hosts were explicitely passed.
---
 pkg/git/auth/list_auth_provider.go | 29 ++---------------------------
 1 file changed, 2 insertions(+), 27 deletions(-)

diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index b69f0b2df..444e38d4d 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -6,7 +6,6 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	ssh2 "golang.org/x/crypto/ssh"
 	"strings"
 )
 
@@ -28,28 +27,6 @@ type AuthEntry struct {
 	CABundle []byte
 }
 
-type KnownHostsWrapper struct {
-	authMethod      ssh.AuthMethod
-	hostKeyCallback ssh2.HostKeyCallback
-}
-
-func (w *KnownHostsWrapper) String() string {
-	return w.authMethod.String()
-}
-
-func (w *KnownHostsWrapper) Name() string {
-	return w.authMethod.Name()
-}
-
-func (w *KnownHostsWrapper) ClientConfig() (*ssh2.ClientConfig, error) {
-	ccfg, err := w.authMethod.ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-	ccfg.HostKeyCallback = w.hostKeyCallback
-	return ccfg, nil
-}
-
 func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
@@ -102,11 +79,9 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) A
 			if err != nil {
 				a.MessageCallbacks.Trace("ListAuthProvider: failed to parse private key: %v", err)
 			} else {
+				pk.HostKeyCallback = buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts)
 				return AuthMethodAndCA{
-					AuthMethod: &KnownHostsWrapper{
-						authMethod:      pk,
-						hostKeyCallback: buildVerifyHostCallback(a.MessageCallbacks, e.KnownHosts),
-					},
+					AuthMethod: pk,
 					Hash: func() ([]byte, error) {
 						return buildHash(pk.Signer)
 					},

From 8a93c5785eaeff25623f5daea0c78fd0ca358121 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 1 Jun 2023 14:29:14 +0200
Subject: [PATCH 1092/2268] build: Preparing release v2.20.3

---
 docs/installation.md                             | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index 7e40fabdb..ffb8a3055 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,5 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v2.20.2
+      ref: v2.20.3
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 166bbf0ae..aa23bb3d9 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,4 +2,4 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v2.20.2
\ No newline at end of file
+    default: v2.20.3
\ No newline at end of file
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 961e9fca4..77c7fc8cf 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,4 +1,4 @@
-{% set controller_version = (args.controller_version if args.controller_version is defined else controller_version) | default("v2.20.2") %}
+{% set controller_version = (args.controller_version if args.controller_version is defined else controller_version) | default("v2.20.3") %}
 
 resources:
   - crd.yaml

From 198f4db40069ad7e7e2f691a0683431429c5fcac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 10:10:18 +0200
Subject: [PATCH 1093/2268] ci: Add nightly/devel builds for main branch (#530)

---
 .github/workflows/nightly.yml | 56 +++++++++++++++++++++++++++++++++++
 .github/workflows/release.yml | 11 +++----
 .goreleaser.yaml              |  9 ++++--
 3 files changed, 69 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 000000000..1aa476299
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,56 @@
+name: goreleaser-release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Fetch all tags
+        run: git fetch --force --tags
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Setup Syft
+        uses: anchore/sbom-action/download-syft@v0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: kluctlbot
+          password: ${{ secrets.GHCR_TOKEN }}
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ${{ runner.os }}-goreleaser-nightly-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-goreleaser-nightly-
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: release --nightly --clean
+        env:
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5289b22a7..56a929fcc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: goreleaser
+name: goreleaser-release
 
 on:
   push:
@@ -42,15 +42,16 @@ jobs:
           path: |
             ~/go/pkg/mod
             ~/.cache/go-build
-          key: ${{ runner.os }}-goreleaser-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-goreleaser-release-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-goreleaser-
+            ${{ runner.os }}-goreleaser-release-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
-          distribution: goreleaser
+          distribution: goreleaser-pro
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index ba0d196f9..2a6f9fc00 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -52,7 +52,12 @@ sboms:
 checksum:
   name_template: '{{ .ProjectName }}_v{{ .Version }}_checksums.txt'
 snapshot:
-  name_template: "{{ incminor .Version }}-next"
+  name_template: "{{ incminor .Version }}-snapshot"
+nightly:
+  name_template: 'devel'
+  tag_name: devel
+  publish_release: true
+  keep_single_release: true
 changelog:
   sort: asc
   filters:
@@ -100,7 +105,7 @@ dockers:
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"
 
 docker_manifests:
-  - name_template: ghcr.io/kluctl/kluctl:{{ .Tag }}
+  - name_template: ghcr.io/kluctl/kluctl:{{ .Version }}
     image_templates:
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-amd64"
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"

From 6b8d0cb991d2f6a61009948f762626bc38e3a43a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 10:14:41 +0200
Subject: [PATCH 1094/2268] ci: Fix name of nightly release workflow (#531)

---
 .github/workflows/nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 1aa476299..7419b12ca 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -1,4 +1,4 @@
-name: goreleaser-release
+name: goreleaser-nightly
 
 on:
   push:

From d3bbc566328a862d3899db86250f5bf481b2462b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 10:35:14 +0200
Subject: [PATCH 1095/2268] ci: Use next version number in devel version (#532)

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 2a6f9fc00..53c42dfc4 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -54,7 +54,7 @@ checksum:
 snapshot:
   name_template: "{{ incminor .Version }}-snapshot"
 nightly:
-  name_template: 'devel'
+  name_template: '{{ incminor .Version }}-devel'
   tag_name: devel
   publish_release: true
   keep_single_release: true

From 8d37f7842d7c1c1026f9a36db7c7fbda3d8b807d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 11:10:44 +0200
Subject: [PATCH 1096/2268] ci: Fix missing version in nightlies and mark as
 non-draft (#533)

* ci: Use .Version instead of .Tag for release name_template

This fixes missing versions in nightlies.

* ci: Set draft=false for nightlies
---
 .github/workflows/nightly.yml | 4 ++++
 .goreleaser.yaml              | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 7419b12ca..54fb5e8c3 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -44,6 +44,10 @@ jobs:
           key: ${{ runner.os }}-goreleaser-nightly-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-goreleaser-nightly-
+      - name: Set .goreleaser.yaml's release.draft=false
+        shell: bash
+        run: |
+          cat .goreleaser.yaml | sed 's/draft: true/draft: false/g' > .goreleaser.yaml.tmp && mv .goreleaser.yaml.tmp .goreleaser.yaml
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 53c42dfc4..9bb7f9c57 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -72,7 +72,7 @@ changelog:
 release:
   draft: true
   prerelease: auto
-  name_template: "{{.ProjectName}}-{{.Tag}}"
+  name_template: "{{ .ProjectName }}-v{{ .Version }}"
 
 dockers:
   - id: linux-amd64

From 8ce7fcbaa3f9abc35e49b0beebaa683fdfe35dbe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 11:27:26 +0200
Subject: [PATCH 1097/2268] ci: Fix docker tags and add header to nightly
 releases (#534)

* ci: Fix docker tag of releases

* ci: Add header to nightly releases
---
 .goreleaser.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 9bb7f9c57..c8ebae4c9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -73,6 +73,12 @@ release:
   draft: true
   prerelease: auto
   name_template: "{{ .ProjectName }}-v{{ .Version }}"
+  header: |
+    {{- if .IsNightly -}}
+    ## Development build
+    This is a development build of the main branch and not meant for production use.
+    Docker images are also available via: `ghcr.io/kluctl/kluctl:v{{ .Version }}`
+    {{- end -}}
 
 dockers:
   - id: linux-amd64
@@ -105,7 +111,7 @@ dockers:
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"
 
 docker_manifests:
-  - name_template: ghcr.io/kluctl/kluctl:{{ .Version }}
+  - name_template: ghcr.io/kluctl/kluctl:v{{ .Version }}
     image_templates:
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-amd64"
       - "ghcr.io/kluctl/kluctl:v{{ .Version }}-arm64"

From 5ecc3aca34fdeef2432001d871c75fd32a169320 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 13:58:43 +0200
Subject: [PATCH 1098/2268] docs: Don't include pre-releases in version badge
 (#535)

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 33ed42f81..1347f626b 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![tests](https://github.com/kluctl/kluctl/workflows/tests/badge.svg)](https://github.com/kluctl/kluctl/actions)
 [![license](https://img.shields.io/github/license/kluctl/kluctl.svg)](https://github.com/kluctl/kluctl/blob/main/LICENSE)
-[![release](https://img.shields.io/github/release/kluctl/kluctl/all.svg)](https://github.com/kluctl/kluctl/releases)
+[![release](https://img.shields.io/github/release/kluctl/kluctl.svg)](https://github.com/kluctl/kluctl/releases)
 
 <img alt="kluctl" src="logo/kluctl.svg" width="200"/>
 

From 5648bb9294888be9779528af7eb582d7498b1fad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 15:00:37 +0200
Subject: [PATCH 1099/2268] fix: Use absolute version of --project-dir (#537)

---
 cmd/kluctl/args/project.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 21468a46b..880426843 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -2,6 +2,7 @@ package args
 
 import (
 	"os"
+	"path/filepath"
 	"time"
 )
 
@@ -11,7 +12,7 @@ type ProjectDir struct {
 
 func (a ProjectDir) GetProjectDir() (string, error) {
 	if a.ProjectDir != "" {
-		return a.ProjectDir.String(), nil
+		return filepath.Abs(a.ProjectDir.String())
 	}
 	cwd, err := os.Getwd()
 	if err != nil {

From 29e2b9b45cf2b7133b575897822e4a68bde85c26 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 15:01:30 +0200
Subject: [PATCH 1100/2268] feat: Use chainguards wolfi-base image as base
 (#536)

This gives us a very slim alpine-like image with glibc instead of musl.
---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 233c596fe..5c2caa191 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
-FROM debian:bullseye-slim
+FROM cgr.dev/chainguard/wolfi-base
 
-RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*
+RUN apk add ca-certificates
 
 # We need git for kustomize to support overlays from git
-RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/*
+RUN apk add git
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache

From 41e5b749cd42cc2a3b0e3a192133b5346aba0c15 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 15:11:52 +0200
Subject: [PATCH 1101/2268] ci: Only allow a single nightly workflow to run
 (#538)

---
 .github/workflows/nightly.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 54fb5e8c3..24933597b 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -9,6 +9,8 @@ permissions:
   contents: write
   packages: write
 
+concurrency: goreleaser-nightly
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest

From 0c4b3a36ab13478aca5e0841a73367f2170ca01e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 16:05:29 +0200
Subject: [PATCH 1102/2268] chore: Remove unneeded ca-certificates installation
 from Dockerfile (#539)

wolfi-base already has this installed.
---
 Dockerfile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5c2caa191..91818c999 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,8 +2,6 @@
 # see https://github.com/indygreg/python-build-standalone/issues/87
 FROM cgr.dev/chainguard/wolfi-base
 
-RUN apk add ca-certificates
-
 # We need git for kustomize to support overlays from git
 RUN apk add git
 

From 225cc331eeeafe03a164c87009eced9e53187ef6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 16:33:30 +0200
Subject: [PATCH 1103/2268] fix: Check for proper suffix when deciding on
 imagePullPolicy: Always

---
 install/controller/controller/kustomization.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 77c7fc8cf..c159e432b 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -13,7 +13,7 @@ patches:
       - op: add
         path: /spec/template/spec/containers/0/image
         value: ghcr.io/kluctl/kluctl:{{ controller_version }}
-{% if controller_version.endswith("-next-amd64") or controller_version.endswith("-next-arm64") %}
+{% if "-devel" in controller_version %}
   - target:
       kind: Deployment
       name: kluctl-controller

From 03ac5bee4b7c69bdf9fe0cc20fcb1a9b3752f4ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 16:58:28 +0200
Subject: [PATCH 1104/2268] refactor: Use get_var to simplify
 controller_version defaulting

---
 install/controller/controller/kustomization.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index c159e432b..4d84df07c 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,4 +1,4 @@
-{% set controller_version = (args.controller_version if args.controller_version is defined else controller_version) | default("v2.20.3") %}
+{% set controller_version = get_var("args.controller_version", "v2.20.3") %}
 
 resources:
   - crd.yaml

From 53d56edde0f504daf12a3f046ed5ddd0a8a8b431 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 16:59:07 +0200
Subject: [PATCH 1105/2268] feat: Allow to specify controller args and env vars

---
 config/manager/manager.yaml                      |  9 +++++----
 install/controller/.kluctl.yaml                  |  6 +++++-
 install/controller/controller/kustomization.yaml | 15 ++++++++++++++-
 install/controller/controller/manager.yaml       |  1 +
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 83c13b50a..4700ace09 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -66,15 +66,16 @@ spec:
         # seccompProfile:
         #   type: RuntimeDefault
       containers:
-      - command:
+      - name: controller
+        image: ghcr.io/kluctl/kluctl:latest
+        imagePullPolicy: IfNotPresent
+        command:
         - kluctl
         - controller
         - run
         args:
         - --leader-elect
-        image: ghcr.io/kluctl/kluctl:latest
-        imagePullPolicy: IfNotPresent
-        name: controller
+        env: []
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index aa23bb3d9..d45892605 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,4 +2,8 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v2.20.3
\ No newline at end of file
+    default: v2.20.3
+  - name: controller_args
+    default: []
+  - name: controller_envs
+    default: []
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 4d84df07c..06923f9bd 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -13,12 +13,25 @@ patches:
       - op: add
         path: /spec/template/spec/containers/0/image
         value: ghcr.io/kluctl/kluctl:{{ controller_version }}
-{% if "-devel" in controller_version %}
   - target:
       kind: Deployment
       name: kluctl-controller
     patch: |-
+      - op: test
+        path: /kind
+        value: Deployment # this is just a dummy test to avoid empty patches
+{% if "-devel" in controller_version %}
       - op: add
         path: /spec/template/spec/containers/0/imagePullPolicy
         value: Always
 {% endif %}
+{% for a in get_var("args.controller_args", []) %}
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: "{{ a }}"
+{% endfor %}
+{% for a in get_var("args.controller_envs", []) %}
+      - op: add
+        path: /spec/template/spec/containers/0/env/-
+        value: {{ a | to_json }}
+{% endfor %}
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 5544b30e2..8ef9d3e81 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -43,6 +43,7 @@ spec:
         - kluctl
         - controller
         - run
+        env: []
         image: ghcr.io/kluctl/kluctl:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:

From bdb1b4a5f647093be2d9196fa1bbdfc0aa3fe5bb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 17:28:16 +0200
Subject: [PATCH 1106/2268] fix: Use runtime.RawExtension for
 deploy/prune/validate results

This removes the need to stay strictly compatible in results
---
 api/v1beta1/kluctldeployment_types.go         |  95 ++-
 api/v1beta1/zz_generated.deepcopy.go          |   6 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   | 673 +-----------------
 .../reference/gitops/api/kluctl-controller.md |   6 +-
 e2e/gitops_errors_test.go                     |   4 +-
 install/controller/controller/crd.yaml        | 673 +-----------------
 .../kluctldeployment_controller.go            |  66 +-
 7 files changed, 157 insertions(+), 1366 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index b5021142c..30bfa45cc 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -19,6 +19,7 @@ package v1beta1
 import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"time"
@@ -327,15 +328,103 @@ type KluctlDeploymentStatus struct {
 
 	// LastDeployResult is the result of the last deploy command
 	// +optional
-	LastDeployResult *result.CommandResultSummary `json:"lastDeployResult,omitempty"`
+	// +kubebuilder:pruning:PreserveUnknownFields
+	LastDeployResult *runtime.RawExtension `json:"lastDeployResult,omitempty"`
 
 	// LastDeployResult is the result of the last prune command
 	// +optional
-	LastPruneResult *result.CommandResultSummary `json:"lastPruneResult,omitempty"`
+	LastPruneResult *runtime.RawExtension `json:"lastPruneResult,omitempty"`
 
 	// LastValidateResult is the result of the last validate command
 	// +optional
-	LastValidateResult *result.ValidateResult `json:"lastValidateResult,omitempty"`
+	LastValidateResult *runtime.RawExtension `json:"lastValidateResult,omitempty"`
+}
+
+func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSummary, err error) error {
+	s.LastDeployError = ""
+	if err != nil {
+		s.LastDeployError = err.Error()
+	}
+	if crs == nil {
+		s.LastDeployResult = nil
+	} else {
+		b, err := yaml.WriteJsonString(crs)
+		if err != nil {
+			return err
+		}
+		s.LastDeployResult = &runtime.RawExtension{Raw: []byte(b)}
+	}
+	return nil
+}
+
+func (s *KluctlDeploymentStatus) SetLastPruneResult(crs *result.CommandResultSummary, err error) error {
+	s.LastPruneError = ""
+	if err != nil {
+		s.LastPruneError = err.Error()
+	}
+	if crs == nil {
+		s.LastPruneResult = nil
+	} else {
+		b, err := yaml.WriteJsonString(crs)
+		if err != nil {
+			return err
+		}
+		s.LastPruneResult = &runtime.RawExtension{Raw: []byte(b)}
+	}
+	return nil
+}
+
+func (s *KluctlDeploymentStatus) SetLastValidateResult(crs *result.ValidateResult, err error) error {
+	s.LastValidateError = ""
+	if err != nil {
+		s.LastValidateError = err.Error()
+	}
+	if crs == nil {
+		s.LastValidateResult = nil
+	} else {
+		b, err := yaml.WriteJsonString(crs)
+		if err != nil {
+			return err
+		}
+		s.LastValidateResult = &runtime.RawExtension{Raw: []byte(b)}
+	}
+	return nil
+}
+
+func (s *KluctlDeploymentStatus) GetLastDeployResult() (*result.CommandResultSummary, error) {
+	if s.LastDeployResult == nil {
+		return nil, nil
+	}
+	var ret result.CommandResultSummary
+	err := yaml.ReadYamlBytes(s.LastDeployResult.Raw, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return &ret, nil
+}
+
+func (s *KluctlDeploymentStatus) GetLastPruneResult() (*result.CommandResultSummary, error) {
+	if s.LastPruneResult == nil {
+		return nil, nil
+	}
+	var ret result.CommandResultSummary
+	err := yaml.ReadYamlBytes(s.LastPruneResult.Raw, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return &ret, nil
+}
+
+func (s *KluctlDeploymentStatus) GetLastValidateResult() (*result.ValidateResult, error) {
+	if s.LastValidateResult == nil {
+		return nil, nil
+	}
+	var ret result.ValidateResult
+	err := yaml.ReadYamlBytes(s.LastValidateResult.Raw, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return &ret, nil
 }
 
 //+kubebuilder:object:root=true
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 79c1afc75..1483d24ad 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -255,17 +255,17 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 	}
 	if in.LastDeployResult != nil {
 		in, out := &in.LastDeployResult, &out.LastDeployResult
-		*out = new(result.CommandResultSummary)
+		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.LastPruneResult != nil {
 		in, out := &in.LastPruneResult, &out.LastPruneResult
-		*out = new(result.CommandResultSummary)
+		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.LastValidateResult != nil {
 		in, out := &in.LastValidateResult, &out.LastValidateResult
-		*out = new(result.ValidateResult)
+		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
 }
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index d07ed9349..3254ed420 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -447,273 +447,8 @@ spec:
                 type: string
               lastDeployResult:
                 description: LastDeployResult is the result of the last deploy command
-                properties:
-                  appliedHookObjects:
-                    type: integer
-                  appliedObjects:
-                    type: integer
-                  changedObjects:
-                    type: integer
-                  clusterInfo:
-                    properties:
-                      clusterId:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  commandInfo:
-                    properties:
-                      abortOnError:
-                        type: boolean
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      command:
-                        type: string
-                      contextOverride:
-                        type: string
-                      dryRun:
-                        type: boolean
-                      endTime:
-                        format: date-time
-                        type: string
-                      excludeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      excludeTags:
-                        items:
-                          type: string
-                        type: array
-                      forceApply:
-                        type: boolean
-                      forceReplaceOnError:
-                        type: boolean
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      includeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      includeTags:
-                        items:
-                          type: string
-                        type: array
-                      initiator:
-                        type: string
-                      kluctlDeployment:
-                        properties:
-                          gitRef:
-                            type: string
-                          gitUrl:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                        required:
-                        - gitRef
-                        - gitUrl
-                        - name
-                        - namespace
-                        type: object
-                      noWait:
-                        type: boolean
-                      replaceOnError:
-                        type: boolean
-                      startTime:
-                        format: date-time
-                        type: string
-                      target:
-                        type: string
-                      targetNameOverride:
-                        type: string
-                    required:
-                    - endTime
-                    - initiator
-                    - startTime
-                    type: object
-                  deletedObjects:
-                    type: integer
-                  errors:
-                    type: integer
-                  gitInfo:
-                    properties:
-                      commit:
-                        type: string
-                      dirty:
-                        type: boolean
-                      ref:
-                        type: string
-                      subDir:
-                        type: string
-                      url:
-                        type: string
-                    required:
-                    - commit
-                    - dirty
-                    - ref
-                    - subDir
-                    - url
-                    type: object
-                  id:
-                    type: string
-                  newObjects:
-                    type: integer
-                  orphanObjects:
-                    type: integer
-                  projectKey:
-                    properties:
-                      gitRepoKey:
-                        type: string
-                      subDir:
-                        type: string
-                    type: object
-                  remoteObjects:
-                    type: integer
-                  renderedObjects:
-                    type: integer
-                  target:
-                    properties:
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      context:
-                        type: string
-                      discriminator:
-                        type: string
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      name:
-                        type: string
-                      sealingConfig:
-                        properties:
-                          args:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          certFile:
-                            type: string
-                          secretSets:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  targetKey:
-                    properties:
-                      clusterId:
-                        type: string
-                      discriminator:
-                        type: string
-                      targetName:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  totalChanges:
-                    type: integer
-                  warnings:
-                    type: integer
-                required:
-                - appliedHookObjects
-                - appliedObjects
-                - changedObjects
-                - commandInfo
-                - deletedObjects
-                - errors
-                - id
-                - newObjects
-                - orphanObjects
-                - projectKey
-                - remoteObjects
-                - renderedObjects
-                - target
-                - targetKey
-                - totalChanges
-                - warnings
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
@@ -725,417 +460,15 @@ spec:
                 type: string
               lastPruneResult:
                 description: LastDeployResult is the result of the last prune command
-                properties:
-                  appliedHookObjects:
-                    type: integer
-                  appliedObjects:
-                    type: integer
-                  changedObjects:
-                    type: integer
-                  clusterInfo:
-                    properties:
-                      clusterId:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  commandInfo:
-                    properties:
-                      abortOnError:
-                        type: boolean
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      command:
-                        type: string
-                      contextOverride:
-                        type: string
-                      dryRun:
-                        type: boolean
-                      endTime:
-                        format: date-time
-                        type: string
-                      excludeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      excludeTags:
-                        items:
-                          type: string
-                        type: array
-                      forceApply:
-                        type: boolean
-                      forceReplaceOnError:
-                        type: boolean
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      includeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      includeTags:
-                        items:
-                          type: string
-                        type: array
-                      initiator:
-                        type: string
-                      kluctlDeployment:
-                        properties:
-                          gitRef:
-                            type: string
-                          gitUrl:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                        required:
-                        - gitRef
-                        - gitUrl
-                        - name
-                        - namespace
-                        type: object
-                      noWait:
-                        type: boolean
-                      replaceOnError:
-                        type: boolean
-                      startTime:
-                        format: date-time
-                        type: string
-                      target:
-                        type: string
-                      targetNameOverride:
-                        type: string
-                    required:
-                    - endTime
-                    - initiator
-                    - startTime
-                    type: object
-                  deletedObjects:
-                    type: integer
-                  errors:
-                    type: integer
-                  gitInfo:
-                    properties:
-                      commit:
-                        type: string
-                      dirty:
-                        type: boolean
-                      ref:
-                        type: string
-                      subDir:
-                        type: string
-                      url:
-                        type: string
-                    required:
-                    - commit
-                    - dirty
-                    - ref
-                    - subDir
-                    - url
-                    type: object
-                  id:
-                    type: string
-                  newObjects:
-                    type: integer
-                  orphanObjects:
-                    type: integer
-                  projectKey:
-                    properties:
-                      gitRepoKey:
-                        type: string
-                      subDir:
-                        type: string
-                    type: object
-                  remoteObjects:
-                    type: integer
-                  renderedObjects:
-                    type: integer
-                  target:
-                    properties:
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      context:
-                        type: string
-                      discriminator:
-                        type: string
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      name:
-                        type: string
-                      sealingConfig:
-                        properties:
-                          args:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          certFile:
-                            type: string
-                          secretSets:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  targetKey:
-                    properties:
-                      clusterId:
-                        type: string
-                      discriminator:
-                        type: string
-                      targetName:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  totalChanges:
-                    type: integer
-                  warnings:
-                    type: integer
-                required:
-                - appliedHookObjects
-                - appliedObjects
-                - changedObjects
-                - commandInfo
-                - deletedObjects
-                - errors
-                - id
-                - newObjects
-                - orphanObjects
-                - projectKey
-                - remoteObjects
-                - renderedObjects
-                - target
-                - targetKey
-                - totalChanges
-                - warnings
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastValidateError:
                 type: string
               lastValidateResult:
                 description: LastValidateResult is the result of the last validate
                   command
-                properties:
-                  drift:
-                    items:
-                      properties:
-                        changes:
-                          items:
-                            properties:
-                              jsonPath:
-                                type: string
-                              newValue:
-                                x-kubernetes-preserve-unknown-fields: true
-                              oldValue:
-                                x-kubernetes-preserve-unknown-fields: true
-                              type:
-                                type: string
-                              unifiedDiff:
-                                type: string
-                            required:
-                            - jsonPath
-                            - type
-                            type: object
-                          type: array
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - ref
-                      type: object
-                    type: array
-                  endTime:
-                    format: date-time
-                    type: string
-                  errors:
-                    items:
-                      properties:
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                  id:
-                    type: string
-                  ready:
-                    type: boolean
-                  results:
-                    items:
-                      properties:
-                        annotation:
-                          type: string
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - annotation
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                  startTime:
-                    format: date-time
-                    type: string
-                  warnings:
-                    items:
-                      properties:
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                required:
-                - endTime
-                - id
-                - ready
-                - startTime
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               observedCommit:
                 description: ObservedCommit is the last commit observed
                 type: string
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index f1c1d35ee..7d64b8644 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -1194,7 +1194,7 @@ string
 <td>
 <code>lastDeployResult</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
+k8s.io/apimachinery/pkg/runtime.RawExtension
 </em>
 </td>
 <td>
@@ -1206,7 +1206,7 @@ github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
 <td>
 <code>lastPruneResult</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
+k8s.io/apimachinery/pkg/runtime.RawExtension
 </em>
 </td>
 <td>
@@ -1218,7 +1218,7 @@ github.com/kluctl/kluctl/v2/pkg/types/result.CommandResultSummary
 <td>
 <code>lastValidateResult</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types/result.ValidateResult
+k8s.io/apimachinery/pkg/runtime.RawExtension
 </em>
 </td>
 <td>
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 56249cf9b..d3ddf8a71 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -44,8 +44,10 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, nil, "", 0)
 	g.Expect(err).To(Succeed())
 
+	lastDeployResult, err := kd.Status.GetLastDeployResult()
+	g.Expect(err).To(Succeed())
 	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
-		Id: kd.Status.LastDeployResult.Id,
+		Id: lastDeployResult.Id,
 	})
 	g.Expect(err).To(Succeed())
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 11208546d..0515fbe6e 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -446,273 +446,8 @@ spec:
                 type: string
               lastDeployResult:
                 description: LastDeployResult is the result of the last deploy command
-                properties:
-                  appliedHookObjects:
-                    type: integer
-                  appliedObjects:
-                    type: integer
-                  changedObjects:
-                    type: integer
-                  clusterInfo:
-                    properties:
-                      clusterId:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  commandInfo:
-                    properties:
-                      abortOnError:
-                        type: boolean
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      command:
-                        type: string
-                      contextOverride:
-                        type: string
-                      dryRun:
-                        type: boolean
-                      endTime:
-                        format: date-time
-                        type: string
-                      excludeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      excludeTags:
-                        items:
-                          type: string
-                        type: array
-                      forceApply:
-                        type: boolean
-                      forceReplaceOnError:
-                        type: boolean
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      includeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      includeTags:
-                        items:
-                          type: string
-                        type: array
-                      initiator:
-                        type: string
-                      kluctlDeployment:
-                        properties:
-                          gitRef:
-                            type: string
-                          gitUrl:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                        required:
-                        - gitRef
-                        - gitUrl
-                        - name
-                        - namespace
-                        type: object
-                      noWait:
-                        type: boolean
-                      replaceOnError:
-                        type: boolean
-                      startTime:
-                        format: date-time
-                        type: string
-                      target:
-                        type: string
-                      targetNameOverride:
-                        type: string
-                    required:
-                    - endTime
-                    - initiator
-                    - startTime
-                    type: object
-                  deletedObjects:
-                    type: integer
-                  errors:
-                    type: integer
-                  gitInfo:
-                    properties:
-                      commit:
-                        type: string
-                      dirty:
-                        type: boolean
-                      ref:
-                        type: string
-                      subDir:
-                        type: string
-                      url:
-                        type: string
-                    required:
-                    - commit
-                    - dirty
-                    - ref
-                    - subDir
-                    - url
-                    type: object
-                  id:
-                    type: string
-                  newObjects:
-                    type: integer
-                  orphanObjects:
-                    type: integer
-                  projectKey:
-                    properties:
-                      gitRepoKey:
-                        type: string
-                      subDir:
-                        type: string
-                    type: object
-                  remoteObjects:
-                    type: integer
-                  renderedObjects:
-                    type: integer
-                  target:
-                    properties:
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      context:
-                        type: string
-                      discriminator:
-                        type: string
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      name:
-                        type: string
-                      sealingConfig:
-                        properties:
-                          args:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          certFile:
-                            type: string
-                          secretSets:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  targetKey:
-                    properties:
-                      clusterId:
-                        type: string
-                      discriminator:
-                        type: string
-                      targetName:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  totalChanges:
-                    type: integer
-                  warnings:
-                    type: integer
-                required:
-                - appliedHookObjects
-                - appliedObjects
-                - changedObjects
-                - commandInfo
-                - deletedObjects
-                - errors
-                - id
-                - newObjects
-                - orphanObjects
-                - projectKey
-                - remoteObjects
-                - renderedObjects
-                - target
-                - targetKey
-                - totalChanges
-                - warnings
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
@@ -724,417 +459,15 @@ spec:
                 type: string
               lastPruneResult:
                 description: LastDeployResult is the result of the last prune command
-                properties:
-                  appliedHookObjects:
-                    type: integer
-                  appliedObjects:
-                    type: integer
-                  changedObjects:
-                    type: integer
-                  clusterInfo:
-                    properties:
-                      clusterId:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  commandInfo:
-                    properties:
-                      abortOnError:
-                        type: boolean
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      command:
-                        type: string
-                      contextOverride:
-                        type: string
-                      dryRun:
-                        type: boolean
-                      endTime:
-                        format: date-time
-                        type: string
-                      excludeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      excludeTags:
-                        items:
-                          type: string
-                        type: array
-                      forceApply:
-                        type: boolean
-                      forceReplaceOnError:
-                        type: boolean
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      includeDeploymentDirs:
-                        items:
-                          type: string
-                        type: array
-                      includeTags:
-                        items:
-                          type: string
-                        type: array
-                      initiator:
-                        type: string
-                      kluctlDeployment:
-                        properties:
-                          gitRef:
-                            type: string
-                          gitUrl:
-                            type: string
-                          name:
-                            type: string
-                          namespace:
-                            type: string
-                        required:
-                        - gitRef
-                        - gitUrl
-                        - name
-                        - namespace
-                        type: object
-                      noWait:
-                        type: boolean
-                      replaceOnError:
-                        type: boolean
-                      startTime:
-                        format: date-time
-                        type: string
-                      target:
-                        type: string
-                      targetNameOverride:
-                        type: string
-                    required:
-                    - endTime
-                    - initiator
-                    - startTime
-                    type: object
-                  deletedObjects:
-                    type: integer
-                  errors:
-                    type: integer
-                  gitInfo:
-                    properties:
-                      commit:
-                        type: string
-                      dirty:
-                        type: boolean
-                      ref:
-                        type: string
-                      subDir:
-                        type: string
-                      url:
-                        type: string
-                    required:
-                    - commit
-                    - dirty
-                    - ref
-                    - subDir
-                    - url
-                    type: object
-                  id:
-                    type: string
-                  newObjects:
-                    type: integer
-                  orphanObjects:
-                    type: integer
-                  projectKey:
-                    properties:
-                      gitRepoKey:
-                        type: string
-                      subDir:
-                        type: string
-                    type: object
-                  remoteObjects:
-                    type: integer
-                  renderedObjects:
-                    type: integer
-                  target:
-                    properties:
-                      args:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      context:
-                        type: string
-                      discriminator:
-                        type: string
-                      images:
-                        items:
-                          properties:
-                            container:
-                              type: string
-                            deployTags:
-                              items:
-                                type: string
-                              type: array
-                            deployedImage:
-                              type: string
-                            deployment:
-                              type: string
-                            deploymentDir:
-                              type: string
-                            image:
-                              type: string
-                            namespace:
-                              type: string
-                            object:
-                              properties:
-                                group:
-                                  type: string
-                                kind:
-                                  type: string
-                                name:
-                                  type: string
-                                namespace:
-                                  type: string
-                                version:
-                                  type: string
-                              required:
-                              - kind
-                              - name
-                              type: object
-                            resultImage:
-                              type: string
-                          required:
-                          - image
-                          - resultImage
-                          type: object
-                        type: array
-                      name:
-                        type: string
-                      sealingConfig:
-                        properties:
-                          args:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                          certFile:
-                            type: string
-                          secretSets:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                    required:
-                    - name
-                    type: object
-                  targetKey:
-                    properties:
-                      clusterId:
-                        type: string
-                      discriminator:
-                        type: string
-                      targetName:
-                        type: string
-                    required:
-                    - clusterId
-                    type: object
-                  totalChanges:
-                    type: integer
-                  warnings:
-                    type: integer
-                required:
-                - appliedHookObjects
-                - appliedObjects
-                - changedObjects
-                - commandInfo
-                - deletedObjects
-                - errors
-                - id
-                - newObjects
-                - orphanObjects
-                - projectKey
-                - remoteObjects
-                - renderedObjects
-                - target
-                - targetKey
-                - totalChanges
-                - warnings
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastValidateError:
                 type: string
               lastValidateResult:
                 description: LastValidateResult is the result of the last validate
                   command
-                properties:
-                  drift:
-                    items:
-                      properties:
-                        changes:
-                          items:
-                            properties:
-                              jsonPath:
-                                type: string
-                              newValue:
-                                x-kubernetes-preserve-unknown-fields: true
-                              oldValue:
-                                x-kubernetes-preserve-unknown-fields: true
-                              type:
-                                type: string
-                              unifiedDiff:
-                                type: string
-                            required:
-                            - jsonPath
-                            - type
-                            type: object
-                          type: array
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - ref
-                      type: object
-                    type: array
-                  endTime:
-                    format: date-time
-                    type: string
-                  errors:
-                    items:
-                      properties:
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                  id:
-                    type: string
-                  ready:
-                    type: boolean
-                  results:
-                    items:
-                      properties:
-                        annotation:
-                          type: string
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - annotation
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                  startTime:
-                    format: date-time
-                    type: string
-                  warnings:
-                    items:
-                      properties:
-                        message:
-                          type: string
-                        ref:
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            name:
-                              type: string
-                            namespace:
-                              type: string
-                            version:
-                              type: string
-                          required:
-                          - kind
-                          - name
-                          type: object
-                      required:
-                      - message
-                      - ref
-                      type: object
-                    type: array
-                required:
-                - endTime
-                - id
-                - ready
-                - startTime
                 type: object
+                x-kubernetes-preserve-unknown-fields: true
               observedCommit:
                 description: ObservedCommit is the last commit observed
                 type: string
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 2f584b49d..3a7a4428f 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	meta2 "k8s.io/apimachinery/pkg/api/meta"
@@ -311,29 +312,26 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}
-		obj.Status.LastDeployResult = deployResult.BuildSummary()
-		obj.Status.LastDeployError = ""
+		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), err)
 		if err != nil {
-			obj.Status.LastDeployError = err.Error()
+			log.Error(err, "Failed to write deploy result")
 		}
 	}
 
 	if needPrune {
 		// run garbage collection for stale objects that do not have pruning disabled
 		pruneResult, err := pt.kluctlPrune(ctx, targetContext)
-		obj.Status.LastPruneResult = pruneResult.BuildSummary()
-		obj.Status.LastPruneError = ""
+		err = obj.Status.SetLastPruneResult(pruneResult.BuildSummary(), err)
 		if err != nil {
-			obj.Status.LastPruneError = err.Error()
+			log.Error(err, "Failed to write prune result")
 		}
 	}
 
 	if needValidate {
 		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
-		obj.Status.LastValidateResult = validateResult
-		obj.Status.LastValidateError = ""
+		err = obj.Status.SetLastValidateResult(validateResult, err)
 		if err != nil {
-			obj.Status.LastValidateError = err.Error()
+			log.Error(err, "Failed to write validate result")
 		}
 	}
 
@@ -344,7 +342,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		ctrlResult.Requeue = true
 	}
 
-	finalStatus, reason := r.buildFinalStatus(obj)
+	finalStatus, reason := r.buildFinalStatus(ctx, obj)
 	if reason != kluctlv1.ReconciliationSucceededReason {
 		setReadiness(obj, metav1.ConditionFalse, reason, finalStatus)
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
@@ -355,7 +353,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	return &ctrlResult, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildFinalStatus(obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
+func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
+	log := ctrl.LoggerFrom(ctx)
+
 	if obj.Status.LastDeployError != "" {
 		finalStatus = obj.Status.LastDeployError
 		reason = kluctlv1.DeployFailedReason
@@ -370,9 +370,31 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(obj *kluctlv1.KluctlDeploy
 		return
 	}
 
-	deployOk := obj.Status.LastDeployResult != nil && obj.Status.LastDeployResult.Errors == 0
-	pruneOk := obj.Status.LastPruneResult != nil && obj.Status.LastPruneResult.Errors == 0
-	validateOk := obj.Status.LastValidateResult != nil && len(obj.Status.LastValidateResult.Errors) == 0 && obj.Status.LastValidateResult.Ready
+	var lastDeployResult *result.CommandResultSummary
+	var lastPruneResult *result.CommandResultSummary
+	var lastValidateResult *result.ValidateResult
+	if obj.Status.LastDeployResult != nil {
+		err := yaml.ReadYamlBytes(obj.Status.LastDeployResult.Raw, &lastDeployResult)
+		if err != nil {
+			log.Info(fmt.Sprintf("Failed to parse last deploy result: %s", err.Error()))
+		}
+	}
+	if obj.Status.LastPruneResult != nil {
+		err := yaml.ReadYamlBytes(obj.Status.LastPruneResult.Raw, &lastPruneResult)
+		if err != nil {
+			log.Info(fmt.Sprintf("Failed to parse last prune result: %s", err.Error()))
+		}
+	}
+	if obj.Status.LastValidateResult != nil {
+		err := yaml.ReadYamlBytes(obj.Status.LastValidateResult.Raw, &lastValidateResult)
+		if err != nil {
+			log.Info(fmt.Sprintf("Failed to parse last validate result: %s", err.Error()))
+		}
+	}
+
+	deployOk := lastDeployResult != nil && lastDeployResult.Errors == 0
+	pruneOk := lastPruneResult != nil && lastPruneResult.Errors == 0
+	validateOk := lastValidateResult != nil && len(lastValidateResult.Errors) == 0 && lastValidateResult.Ready
 
 	if !obj.Spec.Prune {
 		pruneOk = true
@@ -464,7 +486,13 @@ func (r *KluctlDeploymentReconciler) nextDeployTime(obj *kluctlv1.KluctlDeployme
 		return nil
 	}
 
-	t := obj.Status.LastDeployResult.Command.EndTime.Add(obj.Spec.DeployInterval.Duration.Duration)
+	var lastDeployResult result.CommandResultSummary
+	err := yaml.ReadYamlBytes(obj.Status.LastDeployResult.Raw, &lastDeployResult)
+	if err != nil {
+		return nil
+	}
+
+	t := lastDeployResult.Command.EndTime.Add(obj.Spec.DeployInterval.Duration.Duration)
 	return &t
 }
 
@@ -489,7 +517,13 @@ func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeploy
 		d = obj.Spec.ValidateInterval.Duration.Duration
 	}
 
-	t := obj.Status.LastValidateResult.EndTime.Add(d)
+	var lastValidateResult result.ValidateResult
+	err := yaml.ReadYamlBytes(obj.Status.LastValidateResult.Raw, &lastValidateResult)
+	if err != nil {
+		return nil
+	}
+
+	t := lastValidateResult.EndTime.Add(d)
 	return &t
 }
 

From 505991b8efb6f8fa08b57bbf97f99fcb106aeef5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 2 Jun 2023 17:30:55 +0200
Subject: [PATCH 1107/2268] fix: Actually write errors and not only error count
 into status

---
 e2e/gitops_errors_test.go                      |  4 ++--
 e2e/gitops_test.go                             |  4 +++-
 pkg/controllers/kluctl_project.go              |  4 ++--
 pkg/controllers/kluctldeployment_controller.go |  4 ++--
 pkg/types/result/summary.go                    |  9 +++++----
 pkg/types/result/zz_generated.deepcopy.go      | 10 ++++++++++
 6 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index d3ddf8a71..a243b0edc 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -54,8 +54,8 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
 	g.Expect(cr.Warnings).To(ConsistOf(expectedWarnings))
 
-	g.Expect(kd.Status.LastDeployResult.Errors).To(Equal(len(expectedErrors)))
-	g.Expect(kd.Status.LastDeployResult.Warnings).To(Equal(len(expectedWarnings)))
+	g.Expect(lastDeployResult.Errors).To(ConsistOf(expectedErrors))
+	g.Expect(lastDeployResult.Warnings).To(ConsistOf(expectedWarnings))
 }
 
 func (suite *GitopsTestSuite) TestGitOpsErrors() {
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index edb46e916..72d4dc89f 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -567,7 +567,9 @@ data:
 		if obj.Status.LastDeployResult == nil {
 			return false
 		}
-		return obj.Status.LastDeployResult.GitInfo.Commit == getHeadRevision(suite.T(), p)
+		ldr, err := obj.Status.GetLastDeployResult()
+		g.Expect(err).To(Succeed())
+		return ldr.GitInfo.Commit == getHeadRevision(suite.T(), p)
 	}, timeout, time.Second).Should(BeTrue())
 
 	suite.Run("cm1 and cm2 were not deleted", func() {
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 715fbf36b..10f1e589c 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -820,6 +820,6 @@ func (pt *preparedTarget) exportCommandResultMetricsToProm(summary *result.Comma
 	internal_metrics.NewKluctlNumberOfDeletedObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.DeletedObjects))
 	internal_metrics.NewKluctlNumberOfChangedObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.ChangedObjects))
 	internal_metrics.NewKluctlNumberOfOrphanObjects(pt.pp.obj.Namespace, pt.pp.obj.Name).Set(float64(summary.OrphanObjects))
-	internal_metrics.NewKluctlNumberOfWarnings(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(summary.Warnings))
-	internal_metrics.NewKluctlNumberOfErrors(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(summary.Errors))
+	internal_metrics.NewKluctlNumberOfWarnings(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(len(summary.Warnings)))
+	internal_metrics.NewKluctlNumberOfErrors(pt.pp.obj.Namespace, pt.pp.obj.Name, summary.Command.Command).Set(float64(len(summary.Errors)))
 }
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 3a7a4428f..9759d04d2 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -392,8 +392,8 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 		}
 	}
 
-	deployOk := lastDeployResult != nil && lastDeployResult.Errors == 0
-	pruneOk := lastPruneResult != nil && lastPruneResult.Errors == 0
+	deployOk := lastDeployResult != nil && len(lastDeployResult.Errors) == 0
+	pruneOk := lastPruneResult != nil && len(lastPruneResult.Errors) == 0
 	validateOk := lastValidateResult != nil && len(lastValidateResult.Errors) == 0 && lastValidateResult.Ready
 
 	if !obj.Spec.Prune {
diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index 85327294a..dc4c38b74 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -23,8 +23,9 @@ type CommandResultSummary struct {
 	ChangedObjects int `json:"changedObjects"`
 	OrphanObjects  int `json:"orphanObjects"`
 	DeletedObjects int `json:"deletedObjects"`
-	Errors         int `json:"errors"`
-	Warnings       int `json:"warnings"`
+
+	Errors   []DeploymentError `json:"errors"`
+	Warnings []DeploymentError `json:"warnings"`
 
 	TotalChanges int `json:"totalChanges"`
 }
@@ -73,8 +74,8 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 		ChangedObjects:     count(func(o ResultObject) bool { return len(o.Changes) != 0 }),
 		OrphanObjects:      count(func(o ResultObject) bool { return o.Orphan }),
 		DeletedObjects:     count(func(o ResultObject) bool { return o.Deleted }),
-		Errors:             len(cr.Errors),
-		Warnings:           len(cr.Warnings),
+		Errors:             cr.Errors,
+		Warnings:           cr.Warnings,
 	}
 	for _, o := range cr.Objects {
 		ret.TotalChanges += len(o.Changes)
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 40ade0029..a461c0278 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -224,6 +224,16 @@ func (in *CommandResultSummary) DeepCopyInto(out *CommandResultSummary) {
 	in.Command.DeepCopyInto(&out.Command)
 	in.GitInfo.DeepCopyInto(&out.GitInfo)
 	out.ClusterInfo = in.ClusterInfo
+	if in.Errors != nil {
+		in, out := &in.Errors, &out.Errors
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommandResultSummary.

From 4ba9b138804da6b877e5e8dc0623a4e644c3bc03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 3 Jun 2023 00:08:33 +0200
Subject: [PATCH 1108/2268] ci: Add .sv4git.yml to filter tags (#543)

---
 .sv4git.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .sv4git.yml

diff --git a/.sv4git.yml b/.sv4git.yml
new file mode 100644
index 000000000..92d3bea10
--- /dev/null
+++ b/.sv4git.yml
@@ -0,0 +1,2 @@
+tag:
+  filter: 'v[0-9]*'

From 7a2096d2e8db253e3ea363bfe7df325a9e9a1599 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 3 Jun 2023 00:09:28 +0200
Subject: [PATCH 1109/2268] build: Preparing release v2.20.4

---
 docs/installation.md                             | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index ffb8a3055..d1f2bbc17 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,5 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v2.20.3
+      ref: v2.20.4
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index d45892605..61be49c62 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -2,7 +2,7 @@ discriminator: kluctl.io-controller
 
 args:
   - name: controller_version
-    default: v2.20.3
+    default: v2.20.4
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 06923f9bd..be62c808a 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,4 +1,4 @@
-{% set controller_version = get_var("args.controller_version", "v2.20.3") %}
+{% set controller_version = get_var("args.controller_version", "v2.20.4") %}
 
 resources:
   - crd.yaml

From 556a3e951b03534fed8fc5f384a6718a9d280bc2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Jun 2023 08:36:22 +0200
Subject: [PATCH 1110/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.18.6 to 1.18.7 (#544)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.18.6 to 1.18.7.
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.18.6...v1.18.7)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c7d16d423..ecbb99ab8 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.18.6
+	github.com/ohler55/ojg v1.18.7
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
diff --git a/go.sum b/go.sum
index 77124abb6..45dbf8ec4 100644
--- a/go.sum
+++ b/go.sum
@@ -654,8 +654,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.18.6 h1:ZY5I/8I+zW8s+/QpX9E/P9QJwECi4lNx67VgdOzTTno=
-github.com/ohler55/ojg v1.18.6/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.18.7 h1:sC7zy0usEiWa6bvx3NU1yZH4kCA2F3Qzs6iiDX4+xdk=
+github.com/ohler55/ojg v1.18.7/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=

From 8b09e0fec9718962dc820737ab1bd9829cd3b968 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 18:31:45 +0200
Subject: [PATCH 1111/2268] fix: Properly convert viber bool/int to string args
 (#548)

---
 cmd/kluctl/commands/cobra_utils.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index de630a332..8ecf0fbf2 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -251,6 +251,10 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 		if v != nil {
 			if x, ok := v.(string); ok {
 				a = []string{x}
+			} else if x, ok := v.(bool); ok {
+				a = []string{strconv.FormatBool(x)}
+			} else if x, ok := v.(int); ok {
+				a = []string{strconv.FormatInt(int64(x), 10)}
 			} else if x, ok := v.([]any); ok {
 				for _, y := range x {
 					s, ok := y.(string)

From 189264cbaebdbd0ee7d421e03643255ba441686a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 23:10:25 +0200
Subject: [PATCH 1112/2268] tests: Add origin remote to test git repos

---
 pkg/git/test_git_server.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index 26b656b5c..eee519037 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -3,6 +3,7 @@ package git
 import (
 	"context"
 	"fmt"
+	config2 "github.com/go-git/go-git/v5/config"
 	"log"
 	"net"
 	"net/http"
@@ -84,6 +85,15 @@ func (p *TestGitServer) GitInit(repo string) {
 	if err != nil {
 		p.t.Fatal(err)
 	}
+
+	_, err = r.CreateRemote(&config2.RemoteConfig{
+		Name: "origin",
+		URLs: []string{p.GitRepoUrl(repo)},
+	})
+	if err != nil {
+		p.t.Fatal(err)
+	}
+
 	config, err := r.Config()
 	if err != nil {
 		p.t.Fatal(err)

From d560e337c77a0380ca46836f7df63990d404aee0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 23:11:06 +0200
Subject: [PATCH 1113/2268] tests: Filter for project key in TestWriteResult

---
 e2e/results_test.go | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/e2e/results_test.go b/e2e/results_test.go
index b2ceea17d..000265647 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
@@ -44,7 +45,13 @@ func TestWriteResult(t *testing.T) {
 	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, nil, "kluctl-results", 0)
 	assert.NoError(t, err)
 
-	summaries, err := rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	opts := results.ListCommandResultSummariesOptions{
+		ProjectFilter: &result.ProjectKey{
+			GitRepoKey: types.ParseGitUrlMust(p.GitUrl()).RepoKey(),
+		},
+	}
+
+	summaries, err := rs.ListCommandResultSummaries(opts)
 	assert.NoError(t, err)
 	assert.Len(t, summaries, 1)
 	assertSummary(t, result.CommandResultSummary{
@@ -63,7 +70,7 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
-	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	summaries, err = rs.ListCommandResultSummaries(opts)
 	assert.NoError(t, err)
 	assert.Len(t, summaries, 2)
 	assertSummary(t, result.CommandResultSummary{
@@ -80,7 +87,7 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
-	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	summaries, err = rs.ListCommandResultSummaries(opts)
 	assert.NoError(t, err)
 	assert.Len(t, summaries, 3)
 	assertSummary(t, result.CommandResultSummary{
@@ -91,7 +98,7 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("prune", "--yes", "-t", "test", "--write-command-result")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 
-	summaries, err = rs.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	summaries, err = rs.ListCommandResultSummaries(opts)
 	assert.NoError(t, err)
 	assert.Len(t, summaries, 4)
 	assertSummary(t, result.CommandResultSummary{

From fde5c6e065412d196bbe6c6d62e6b2d996da3d5c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 23:12:09 +0200
Subject: [PATCH 1114/2268] feat: Implement --prune flag for deploy command

---
 cmd/kluctl/commands/cmd_deploy.go    |  3 ++
 docs/reference/commands/deploy.md    |  2 +
 e2e/prune_test.go                    | 73 ++++++++++++++++++++++++++++
 pkg/deployment/commands/delete.go    |  5 +-
 pkg/deployment/commands/deploy.go    | 25 +++++++++-
 pkg/deployment/commands/prune.go     |  5 +-
 pkg/deployment/utils/delete_utils.go |  4 +-
 7 files changed, 106 insertions(+), 11 deletions(-)
 create mode 100644 e2e/prune_test.go

diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index e86f1a53d..fbd88f62c 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -27,6 +27,7 @@ type deployCmd struct {
 	args.CommandResultFlags
 
 	NoWait bool `group:"misc" help:"Don't wait for objects readiness'"`
+	Prune  bool `group:"misc" help:"Prune orphaned objects directly after deploying. See the help for the 'prune' sub-command for details.'"`
 
 	internal bool
 }
@@ -67,6 +68,8 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	cmd2.AbortOnError = cmd.AbortOnError
 	cmd2.ReadinessTimeout = cmd.ReadinessTimeout
 	cmd2.NoWait = cmd.NoWait
+	cmd2.Prune = cmd.Prune
+	cmd2.WaitPrune = !cmd.NoWait
 
 	cb := func(diffResult *result.CommandResult) error {
 		return cmd.diffResultCb(cmdCtx, diffResult)
diff --git a/docs/reference/commands/deploy.md b/docs/reference/commands/deploy.md
index 344fb448b..ff964cf64 100644
--- a/docs/reference/commands/deploy.md
+++ b/docs/reference/commands/deploy.md
@@ -61,6 +61,8 @@ Misc arguments:
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is
                                                     currently not documented and subject to change.
+      --prune                                       Prune orphaned objects directly after deploying. See the help
+                                                    for the 'prune' sub-command for details.'
       --readiness-timeout duration                  Maximum time to wait for object readiness. The timeout is
                                                     meant per-object. Timeouts are in the duration format (1s, 1m,
                                                     1h, ...). If not specified, a default timeout of 5m is used.
diff --git a/e2e/prune_test.go b/e2e/prune_test.go
new file mode 100644
index 000000000..d70c55fb6
--- /dev/null
+++ b/e2e/prune_test.go
@@ -0,0 +1,73 @@
+package e2e
+
+import (
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"testing"
+)
+
+func TestPrune(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", map[string]string{}, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+
+	p.DeleteKustomizeDeployment("cm2")
+
+	p.KluctlMust("prune", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+}
+
+func TestDeployWithPrune(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", map[string]string{}, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+
+	p.DeleteKustomizeDeployment("cm2")
+	addConfigMapDeployment(p, "cm3", map[string]string{}, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "--prune")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+}
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 28794cb9a..6edf12e0c 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -66,10 +66,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(ctx, k, deleteRefs, dew, cmd.wait)
-	if err != nil {
-		return nil, err
-	}
+	deleted := utils2.DeleteObjects(ctx, k, deleteRefs, dew, cmd.wait)
 
 	var c *deployment.DeploymentCollection
 	if cmd.targetCtx != nil {
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index f2fd0a5b7..2d0979c7a 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -20,6 +20,8 @@ type DeployCommand struct {
 	AbortOnError        bool
 	ReadinessTimeout    time.Duration
 	NoWait              bool
+	Prune               bool
+	WaitPrune           bool
 }
 
 func NewDeployCommand(targetCtx *kluctl_project.TargetContext) *DeployCommand {
@@ -92,9 +94,30 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	if err != nil {
 		return nil, err
 	}
+
+	var deleted []k8s2.ObjectRef
+	if cmd.Prune && cmd.targetCtx.Target.Discriminator == "" {
+		dew.AddError(k8s2.ObjectRef{}, fmt.Errorf("pruning without a discriminator is not supported"))
+	} else if cmd.Prune {
+		deleted = utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, orphanObjects, dew, cmd.WaitPrune)
+
+		// now clean up the list of orphan objects (remove the ones that got deleted)
+		ds := map[k8s2.ObjectRef]bool{}
+		for _, x := range deleted {
+			ds[x] = true
+		}
+		var tmp []k8s2.ObjectRef
+		for _, x := range orphanObjects {
+			if _, ok := ds[x]; !ok {
+				tmp = append(tmp, x)
+			}
+		}
+		orphanObjects = tmp
+	}
+
 	r := &result.CommandResult{
 		Id:         uuid.New().String(),
-		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
+		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, deleted),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
 		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index e48093d7b..fa851d0d9 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -54,10 +54,7 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 		}
 	}
 
-	deleted, err := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, cmd.wait)
-	if err != nil {
-		return nil, err
-	}
+	deleted := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, cmd.wait)
 
 	r := &result.CommandResult{
 		Id:       uuid.New().String(),
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index c32f41358..8e02c38a1 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -163,7 +163,7 @@ func FindObjectsForDelete(k *k8s.K8sCluster, allClusterObjects []*uo.Unstructure
 	return ret, nil
 }
 
-func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dew *DeploymentErrorsAndWarnings, doWait bool) ([]k8s2.ObjectRef, error) {
+func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef, dew *DeploymentErrorsAndWarnings, doWait bool) []k8s2.ObjectRef {
 	g := utils.NewGoHelper(ctx, 8)
 
 	var ret []k8s2.ObjectRef
@@ -210,5 +210,5 @@ func DeleteObjects(ctx context.Context, k *k8s.K8sCluster, refs []k8s2.ObjectRef
 	}
 	g.Wait()
 
-	return ret, nil
+	return ret
 }

From 89be6d63900c1809f3d09fe1c0f7a4833b273ff5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 23:23:42 +0200
Subject: [PATCH 1115/2268] feat: Use new prune feature of deploy command in
 controller

---
 api/v1beta1/condition_types.go                |  4 --
 api/v1beta1/kluctldeployment_types.go         | 35 ---------------
 api/v1beta1/zz_generated.deepcopy.go          |  5 ---
 .../gitops.kluctl.io_kluctldeployments.yaml   |  6 ---
 .../reference/gitops/api/kluctl-controller.md | 23 ----------
 e2e/gitops_errors_test.go                     |  6 ++-
 install/controller/controller/crd.yaml        |  6 ---
 pkg/controllers/kluctl_project.go             | 22 +--------
 .../kluctldeployment_controller.go            | 45 +------------------
 9 files changed, 7 insertions(+), 145 deletions(-)

diff --git a/api/v1beta1/condition_types.go b/api/v1beta1/condition_types.go
index 9bd45ed52..6a0711228 100644
--- a/api/v1beta1/condition_types.go
+++ b/api/v1beta1/condition_types.go
@@ -21,10 +21,6 @@ const (
 	// kluctl deploy command failed.
 	DeployFailedReason string = "DeployFailed"
 
-	// PruneFailedReason represents the fact that the
-	// pruning of the KluctlDeployment failed.
-	PruneFailedReason string = "PruneFailed"
-
 	// ValidateFailedReason represents the fact that the
 	// validate of the KluctlDeployment failed.
 	ValidateFailedReason string = "ValidateFailed"
diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 30bfa45cc..3150f4130 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -322,8 +322,6 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastDeployError string `json:"lastDeployError,omitempty"`
 	// +optional
-	LastPruneError string `json:"lastPruneError,omitempty"`
-	// +optional
 	LastValidateError string `json:"lastValidateError,omitempty"`
 
 	// LastDeployResult is the result of the last deploy command
@@ -331,10 +329,6 @@ type KluctlDeploymentStatus struct {
 	// +kubebuilder:pruning:PreserveUnknownFields
 	LastDeployResult *runtime.RawExtension `json:"lastDeployResult,omitempty"`
 
-	// LastDeployResult is the result of the last prune command
-	// +optional
-	LastPruneResult *runtime.RawExtension `json:"lastPruneResult,omitempty"`
-
 	// LastValidateResult is the result of the last validate command
 	// +optional
 	LastValidateResult *runtime.RawExtension `json:"lastValidateResult,omitempty"`
@@ -357,23 +351,6 @@ func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSu
 	return nil
 }
 
-func (s *KluctlDeploymentStatus) SetLastPruneResult(crs *result.CommandResultSummary, err error) error {
-	s.LastPruneError = ""
-	if err != nil {
-		s.LastPruneError = err.Error()
-	}
-	if crs == nil {
-		s.LastPruneResult = nil
-	} else {
-		b, err := yaml.WriteJsonString(crs)
-		if err != nil {
-			return err
-		}
-		s.LastPruneResult = &runtime.RawExtension{Raw: []byte(b)}
-	}
-	return nil
-}
-
 func (s *KluctlDeploymentStatus) SetLastValidateResult(crs *result.ValidateResult, err error) error {
 	s.LastValidateError = ""
 	if err != nil {
@@ -403,18 +380,6 @@ func (s *KluctlDeploymentStatus) GetLastDeployResult() (*result.CommandResultSum
 	return &ret, nil
 }
 
-func (s *KluctlDeploymentStatus) GetLastPruneResult() (*result.CommandResultSummary, error) {
-	if s.LastPruneResult == nil {
-		return nil, nil
-	}
-	var ret result.CommandResultSummary
-	err := yaml.ReadYamlBytes(s.LastPruneResult.Raw, &ret)
-	if err != nil {
-		return nil, err
-	}
-	return &ret, nil
-}
-
 func (s *KluctlDeploymentStatus) GetLastValidateResult() (*result.ValidateResult, error) {
 	if s.LastValidateResult == nil {
 		return nil, nil
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 1483d24ad..338ac5635 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -258,11 +258,6 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.LastPruneResult != nil {
-		in, out := &in.LastPruneResult, &out.LastPruneResult
-		*out = new(runtime.RawExtension)
-		(*in).DeepCopyInto(*out)
-	}
 	if in.LastValidateResult != nil {
 		in, out := &in.LastValidateResult, &out.LastValidateResult
 		*out = new(runtime.RawExtension)
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 3254ed420..535e56610 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -456,12 +456,6 @@ spec:
                 type: string
               lastObjectsHash:
                 type: string
-              lastPruneError:
-                type: string
-              lastPruneResult:
-                description: LastDeployResult is the result of the last prune command
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
               lastValidateError:
                 type: string
               lastValidateResult:
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index 7d64b8644..9a87889ce 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -1170,17 +1170,6 @@ string
 </tr>
 <tr>
 <td>
-<code>lastPruneError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
 <code>lastValidateError</code><br>
 <em>
 string
@@ -1204,18 +1193,6 @@ k8s.io/apimachinery/pkg/runtime.RawExtension
 </tr>
 <tr>
 <td>
-<code>lastPruneResult</code><br>
-<em>
-k8s.io/apimachinery/pkg/runtime.RawExtension
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>LastDeployResult is the result of the last prune command</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>lastValidateResult</code><br>
 <em>
 k8s.io/apimachinery/pkg/runtime.RawExtension
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index a243b0edc..c2df3e467 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -226,13 +226,15 @@ data:
 			return nil
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PruneFailedReason, "pruning without a discriminator is not supported", nil, nil)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+			{Message: "pruning without a discriminator is not supported"},
+		}, nil)
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 			_ = o.SetNestedField(backup, "discriminator")
 			return nil
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok, prune: ok", nil, nil)
+		suite.assertErrors(key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 0515fbe6e..b8c794f09 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -455,12 +455,6 @@ spec:
                 type: string
               lastObjectsHash:
                 type: string
-              lastPruneError:
-                type: string
-              lastPruneResult:
-                description: LastDeployResult is the result of the last prune command
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
               lastValidateError:
                 type: string
               lastValidateResult:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 10f1e589c..ccbf7fd04 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -707,6 +707,8 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.AbortOnError = pt.pp.obj.Spec.AbortOnError
 	cmd.ReadinessTimeout = time.Minute * 10
 	cmd.NoWait = pt.pp.obj.Spec.NoWait
+	cmd.Prune = pt.pp.obj.Spec.Prune
+	cmd.WaitPrune = false
 
 	cmdResult, err := cmd.Run(nil)
 	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy")
@@ -723,26 +725,6 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
-	if !pt.pp.obj.Spec.Prune {
-		return nil, nil
-	}
-
-	timer := prometheus.NewTimer(internal_metrics.NewKluctlPruneDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
-	defer timer.ObserveDuration()
-
-	cmd := commands.NewPruneCommand("", targetContext, false)
-	cmdResult, err := cmd.Run(func(refs []k8s.ObjectRef) error {
-		pt.printDeletedRefs(ctx, refs)
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	err = pt.handleCommandResult(ctx, err, cmdResult, "prune")
-	return cmdResult, err
-}
-
 func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) (*result.ValidateResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 9759d04d2..bd1aded1d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -258,7 +258,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	needDeploy := false
-	needPrune := false
 	needValidate := false
 
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
@@ -293,13 +292,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		obj.Status.LastValidateError = ""
 	}
 
-	if obj.Spec.Prune {
-		needPrune = needDeploy
-	} else {
-		obj.Status.LastPruneResult = nil
-		obj.Status.LastPruneError = ""
-	}
-
 	obj.Status.LastObjectsHash = objectsHash
 
 	var deployResult *result.CommandResult
@@ -318,15 +310,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
-	if needPrune {
-		// run garbage collection for stale objects that do not have pruning disabled
-		pruneResult, err := pt.kluctlPrune(ctx, targetContext)
-		err = obj.Status.SetLastPruneResult(pruneResult.BuildSummary(), err)
-		if err != nil {
-			log.Error(err, "Failed to write prune result")
-		}
-	}
-
 	if needValidate {
 		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
 		err = obj.Status.SetLastValidateResult(validateResult, err)
@@ -360,10 +343,6 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 		finalStatus = obj.Status.LastDeployError
 		reason = kluctlv1.DeployFailedReason
 		return
-	} else if obj.Status.LastPruneError != "" {
-		finalStatus = obj.Status.LastPruneError
-		reason = kluctlv1.PruneFailedReason
-		return
 	} else if obj.Status.LastValidateError != "" {
 		finalStatus = obj.Status.LastValidateError
 		reason = kluctlv1.ValidateFailedReason
@@ -371,7 +350,6 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 	}
 
 	var lastDeployResult *result.CommandResultSummary
-	var lastPruneResult *result.CommandResultSummary
 	var lastValidateResult *result.ValidateResult
 	if obj.Status.LastDeployResult != nil {
 		err := yaml.ReadYamlBytes(obj.Status.LastDeployResult.Raw, &lastDeployResult)
@@ -379,12 +357,6 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 			log.Info(fmt.Sprintf("Failed to parse last deploy result: %s", err.Error()))
 		}
 	}
-	if obj.Status.LastPruneResult != nil {
-		err := yaml.ReadYamlBytes(obj.Status.LastPruneResult.Raw, &lastPruneResult)
-		if err != nil {
-			log.Info(fmt.Sprintf("Failed to parse last prune result: %s", err.Error()))
-		}
-	}
 	if obj.Status.LastValidateResult != nil {
 		err := yaml.ReadYamlBytes(obj.Status.LastValidateResult.Raw, &lastValidateResult)
 		if err != nil {
@@ -393,12 +365,8 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 	}
 
 	deployOk := lastDeployResult != nil && len(lastDeployResult.Errors) == 0
-	pruneOk := lastPruneResult != nil && len(lastPruneResult.Errors) == 0
 	validateOk := lastValidateResult != nil && len(lastValidateResult.Errors) == 0 && lastValidateResult.Ready
 
-	if !obj.Spec.Prune {
-		pruneOk = true
-	}
 	if !obj.Spec.Validate {
 		validateOk = true
 	}
@@ -411,17 +379,6 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 			finalStatus += "failed"
 		}
 	}
-	if obj.Spec.Prune && obj.Status.LastPruneResult != nil {
-		if finalStatus != "" {
-			finalStatus += ", "
-		}
-		finalStatus += "prune: "
-		if pruneOk {
-			finalStatus += "ok"
-		} else {
-			finalStatus += "failed"
-		}
-	}
 	if obj.Spec.Validate && obj.Status.LastValidateResult != nil {
 		if finalStatus != "" {
 			finalStatus += ", "
@@ -434,7 +391,7 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 		}
 	}
 
-	if deployOk && pruneOk {
+	if deployOk {
 		if validateOk {
 			reason = kluctlv1.ReconciliationSucceededReason
 		} else {

From 5329041e6cf84ac885679e4fe6c7de5fe0cde7e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 21:32:28 +0200
Subject: [PATCH 1116/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#551)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.14.0 to 10.14.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.14.0...v10.14.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ecbb99ab8..0f9fb0fba 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.21.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.14.0
+	github.com/go-playground/validator/v10 v10.14.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.15.2
diff --git a/go.sum b/go.sum
index 45dbf8ec4..3e300ece1 100644
--- a/go.sum
+++ b/go.sum
@@ -313,8 +313,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
-github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
+github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From fca4d93868dcb6f84a99e1c4c22a72de8c5eb3ee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Jun 2023 21:32:42 +0200
Subject: [PATCH 1117/2268] chore(deps): Bump github.com/sirupsen/logrus from
 1.9.2 to 1.9.3 (#552)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0f9fb0fba..8a1c1250a 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.10.0
-	github.com/sirupsen/logrus v1.9.2
+	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.16.0
diff --git a/go.sum b/go.sum
index 3e300ece1..92bed86a7 100644
--- a/go.sum
+++ b/go.sum
@@ -753,8 +753,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
-github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE=
 github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=

From 52dcf1cc7d7b1234327db169dc1272393f082bea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 6 Jun 2023 22:21:15 +0200
Subject: [PATCH 1118/2268] feat: Remove GitUrl/GitRef from
 KluctlDeploymentInfo

This is duplicated info.
---
 pkg/types/result/command_result.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 7bc46c032..683086d98 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -29,8 +29,6 @@ type DeploymentError struct {
 type KluctlDeploymentInfo struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
-	GitUrl    string `json:"gitUrl"`
-	GitRef    string `json:"gitRef"`
 }
 
 type CommandInitiator string

From 67e301c3553ab9e9828efbd7688b28d6bf7c5618 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 6 Jun 2023 22:21:43 +0200
Subject: [PATCH 1119/2268] fix: Fill KluctlDeploymentInfo in CommandResult

---
 pkg/controllers/kluctl_project.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index ccbf7fd04..4b426668b 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -646,6 +646,11 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	}
 
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
+	cmdResult.Command.KluctlDeployment = &result.KluctlDeploymentInfo{
+		Name:      pt.pp.obj.Name,
+		Namespace: pt.pp.obj.Namespace,
+	}
+
 	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
 	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
 	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.RepoKey()

From e21886e3581a6c3b5fa0be870e15c79ad4151d88 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Jun 2023 16:38:49 +0200
Subject: [PATCH 1120/2268] fix: Fix check for request-deploy annotation

---
 .../kluctldeployment_controller.go            | 19 +++--------
 .../kluctldeployment_controller_setup.go      |  2 +-
 pkg/controllers/predicates.go                 | 34 +++----------------
 3 files changed, 10 insertions(+), 45 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index bd1aded1d..6612a18fd 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -208,10 +208,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	oldGeneration := obj.Status.ObservedGeneration
+	oldDeployRequest := obj.Status.LastHandledDeployAt
+	curDeployRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]
 	obj.Status.ObservedGeneration = obj.GetGeneration()
-	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
-		obj.Status.LastHandledDeployAt = v
-	}
+	obj.Status.LastHandledDeployAt = curDeployRequest
 
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
@@ -263,7 +263,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
 		// either never deployed or source code changed
 		needDeploy = true
-	} else if r.checkRequestedDeploy(obj) {
+	} else if curDeployRequest != "" && oldDeployRequest != curDeployRequest {
 		// explicitly requested a deploy
 		needDeploy = true
 	} else if oldGeneration != obj.GetGeneration() {
@@ -453,17 +453,6 @@ func (r *KluctlDeploymentReconciler) nextDeployTime(obj *kluctlv1.KluctlDeployme
 	return &t
 }
 
-func (r *KluctlDeploymentReconciler) checkRequestedDeploy(obj *kluctlv1.KluctlDeployment) bool {
-	v, ok := obj.Annotations[kluctlv1.KluctlRequestDeployAnnotation]
-	if !ok {
-		return false
-	}
-	if v != obj.Status.LastHandledDeployAt {
-		return true
-	}
-	return false
-}
-
 func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeployment) *time.Time {
 	if obj.Status.LastValidateResult == nil {
 		// was never validated before. Return early.
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index c0ca400d8..fd549f1f2 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -23,7 +23,7 @@ func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr c
 
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&kluctlv1.KluctlDeployment{}, builder.WithPredicates(
-			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}, DeployRequestedPredicate{}),
+			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}),
 		)).
 		Complete(r)
 }
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index feec05a2c..ec5964016 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -16,35 +16,11 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 		return false
 	}
 
-	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
-		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; okOld {
-			return val != valOld
-		}
-		return true
-	}
-	return false
-}
-
-type DeployRequestedPredicate struct {
-	predicate.Funcs
-}
-
-func (DeployRequestedPredicate) Update(e event.UpdateEvent) bool {
-	if e.ObjectOld == nil || e.ObjectNew == nil {
-		return false
+	check := func(aname string) bool {
+		v1, ok1 := e.ObjectNew.GetAnnotations()[aname]
+		v2, ok2 := e.ObjectOld.GetAnnotations()[aname]
+		return ok1 != ok2 || v1 != v2
 	}
 
-	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
-		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; okOld {
-			return val != valOld
-		}
-		return true
-	}
-	if val, ok := e.ObjectNew.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; ok {
-		if valOld, okOld := e.ObjectOld.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]; okOld {
-			return val != valOld
-		}
-		return true
-	}
-	return false
+	return check(kluctlv1.KluctlRequestReconcileAnnotation) || check(kluctlv1.KluctlRequestDeployAnnotation)
 }

From 118fc5224d5866710db7001e8111153c7e7d024f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Jun 2023 10:25:46 +0200
Subject: [PATCH 1121/2268] chore(deps): Bump
 github.com/hashicorp/go-retryablehttp (#554)

Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.2 to 0.7.4.
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.2...v0.7.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8a1c1250a..958bb7456 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/go-retryablehttp v0.7.2
+	github.com/hashicorp/go-retryablehttp v0.7.4
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.7
 	github.com/otiai10/copy v1.11.0
diff --git a/go.sum b/go.sum
index 92bed86a7..f7ffc0052 100644
--- a/go.sum
+++ b/go.sum
@@ -462,8 +462,8 @@ github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
-github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
+github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=

From b627f4d752ab0583ae58788914f5a06a19dac08d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Jun 2023 10:26:09 +0200
Subject: [PATCH 1122/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore (#555)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 958bb7456..f0f0aab43 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.18.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.25
diff --git a/go.sum b/go.sum
index f7ffc0052..a9b491fba 100644
--- a/go.sum
+++ b/go.sum
@@ -54,8 +54,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 h1:SEy2xmstIphdPwNBUi7uhvjyjhVKISfwjfOJmuy7kg4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=

From 949f8c3c6a7265f23b2262d9c61b78b34186062d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 18:30:40 +0200
Subject: [PATCH 1123/2268] fix: Honor kluctl.io/diff-name again

---
 pkg/deployment/commands/utils.go   | 47 +++++++++++++++++++++++-------
 pkg/deployment/utils/diff_utils.go | 21 +++++++------
 2 files changed, 47 insertions(+), 21 deletions(-)

diff --git a/pkg/deployment/commands/utils.go b/pkg/deployment/commands/utils.go
index 074d3222d..ebb2b08b2 100644
--- a/pkg/deployment/commands/utils.go
+++ b/pkg/deployment/commands/utils.go
@@ -10,6 +10,8 @@ import (
 
 func collectObjects(c *deployment.DeploymentCollection, ru *utils.RemoteObjectUtils, au *utils.ApplyDeploymentsUtil, du *utils.DiffUtil, orphans []k8s.ObjectRef, deleted []k8s.ObjectRef) []result.ResultObject {
 	m := map[k8s.ObjectRef]*result.ResultObject{}
+	remoteDiffNames := map[k8s.ObjectRef]k8s.ObjectRef{}
+	appliedDiffNames := map[k8s.ObjectRef]k8s.ObjectRef{}
 
 	getOrCreate := func(ref k8s.ObjectRef) *result.ResultObject {
 		x, ok := m[ref]
@@ -23,42 +25,67 @@ func collectObjects(c *deployment.DeploymentCollection, ru *utils.RemoteObjectUt
 
 	if c != nil {
 		for _, x := range c.LocalObjects() {
-			o := getOrCreate(x.GetK8sRef())
+			dn := du.GetDiffRef(x)
+			o := getOrCreate(dn)
 			o.Rendered = x
 		}
 	}
 	if ru != nil {
 		for _, x := range ru.GetFilteredRemoteObjects(nil) {
-			o := getOrCreate(x.GetK8sRef())
+			dn := du.GetDiffRef(x)
+			remoteDiffNames[x.GetK8sRef()] = dn
+
+			o := getOrCreate(dn)
 			o.Remote = x
 		}
 	}
 
 	if au != nil {
 		for _, x := range au.GetAppliedObjects() {
-			o := getOrCreate(x.GetK8sRef())
+			dn := du.GetDiffRef(x)
+			appliedDiffNames[x.GetK8sRef()] = dn
+			o := getOrCreate(dn)
 			o.Applied = x
 		}
 
 		for _, x := range au.GetAppliedHookObjects() {
-			o := getOrCreate(x.GetK8sRef())
+			dn := du.GetDiffRef(x)
+			appliedDiffNames[x.GetK8sRef()] = dn
+			o := getOrCreate(dn)
 			o.Hook = true
 		}
-		for _, x := range au.GetNewObjectRefs() {
-			o := getOrCreate(x)
-			o.New = true
-		}
 		for _, x := range au.GetDeletedObjects() {
-			o := getOrCreate(x)
+			dn, ok := remoteDiffNames[x]
+			if !ok {
+				dn = x
+			}
+			o := getOrCreate(dn)
 			o.Deleted = true
 		}
 	}
 	if du != nil {
 		for _, x := range du.ChangedObjects {
-			o := getOrCreate(x.Ref)
+			dn, ok := appliedDiffNames[x.Ref]
+			if !ok {
+				dn = x.Ref
+			}
+			o := getOrCreate(dn)
 			o.Changes = x.Changes
 		}
 	}
+	if au != nil {
+		for _, x := range au.GetNewObjectRefs() {
+			dn, ok := appliedDiffNames[x]
+			if !ok {
+				dn = x
+			}
+			o := getOrCreate(dn)
+			if len(o.Changes) != 0 {
+				continue
+			}
+			o.New = true
+		}
+	}
 	for _, x := range orphans {
 		o := getOrCreate(x)
 		o.Orphan = true
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 57c37b981..074020ace 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -127,13 +127,7 @@ func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef,
 func (u *DiffUtil) calcRemoteObjectsForDiff() {
 	u.remoteDiffObjects = make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, o := range u.ru.remoteObjects {
-		diffName := o.GetK8sAnnotation("kluctl.io/diff-name")
-		if diffName == nil {
-			x := o.GetK8sName()
-			diffName = &x
-		}
-		diffRef := o.GetK8sRef()
-		diffRef.Name = *diffName
+		diffRef := u.GetDiffRef(o)
 		oldCreationTime := time.Time{}
 		if old, ok := u.remoteDiffObjects[diffRef]; ok {
 			oldCreationTime = old.GetK8sCreationTime()
@@ -145,11 +139,16 @@ func (u *DiffUtil) calcRemoteObjectsForDiff() {
 }
 
 func (u *DiffUtil) getRemoteObjectForDiff(localObject *uo.UnstructuredObject) (k8s2.ObjectRef, *uo.UnstructuredObject) {
-	ref := localObject.GetK8sRef()
-	diffName := localObject.GetK8sAnnotation("kluctl.io/diff-name")
+	ref := u.GetDiffRef(localObject)
+	o, _ := u.remoteDiffObjects[ref]
+	return ref, o
+}
+
+func (u *DiffUtil) GetDiffRef(o *uo.UnstructuredObject) k8s2.ObjectRef {
+	ref := o.GetK8sRef()
+	diffName := o.GetK8sAnnotation("kluctl.io/diff-name")
 	if diffName != nil {
 		ref.Name = *diffName
 	}
-	o, _ := u.remoteDiffObjects[ref]
-	return ref, o
+	return ref
 }

From 9765e19a0565c149dbb881ec7976476494d8404c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 11:18:39 +0200
Subject: [PATCH 1124/2268] test: Add tests for kluctl.io/diff-name

---
 e2e/diff_name_test.go                   | 87 +++++++++++++++++++++++++
 e2e/utils_resources.go                  |  7 +-
 pkg/deployment/utils/diff_utils_test.go | 46 ++++++++-----
 3 files changed, 123 insertions(+), 17 deletions(-)
 create mode 100644 e2e/diff_name_test.go

diff --git a/e2e/diff_name_test.go b/e2e/diff_name_test.go
new file mode 100644
index 000000000..aee6ad745
--- /dev/null
+++ b/e2e/diff_name_test.go
@@ -0,0 +1,87 @@
+package e2e
+
+import (
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"sort"
+	"testing"
+)
+
+func TestDiffName(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"d1": "{{ args.v }}",
+	}, resourceOpts{
+		name:      "{{ args.cm_name }}",
+		fname:     "cm.yaml",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"kluctl.io/diff-name": "cm",
+		},
+	})
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-1", "-a", "v=a")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm-1")
+
+	resultStr, _ := p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-2", "-a", "v=b", "-oyaml")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
+
+	var cr result.CompactedCommandResult
+	err := yaml.ReadYamlString(resultStr, &cr)
+	assert.NoError(t, err)
+
+	r := cr.ToNonCompacted()
+	sort.Slice(r.Objects, func(i, j int) bool {
+		return r.Objects[i].Ref.String() < r.Objects[j].Ref.String()
+	})
+
+	assert.Len(t, r.Objects, 2)
+	assert.Equal(t, result.BaseObject{
+		Ref: k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm", Namespace: p.TestSlug()},
+		Changes: []result.Change{
+			{Type: "update", JsonPath: "data.d1", OldValue: &v1.JSON{Raw: []byte("\"a\"")}, NewValue: &v1.JSON{Raw: []byte("\"b\"")}, UnifiedDiff: "-a\n+b"},
+			{Type: "update", JsonPath: "metadata.name", OldValue: &v1.JSON{Raw: []byte("\"cm-1\"")}, NewValue: &v1.JSON{Raw: []byte("\"cm-2\"")}, UnifiedDiff: "-cm-1\n+cm-2"}},
+	}, r.Objects[0].BaseObject)
+	assert.Equal(t, result.BaseObject{
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: "test-diff-name"},
+		Orphan: true,
+	}, r.Objects[1].BaseObject)
+
+	resultStr, _ = p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-3", "-a", "v=c", "-oyaml")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
+	err = yaml.ReadYamlString(resultStr, &cr)
+	assert.NoError(t, err)
+
+	r = cr.ToNonCompacted()
+	sort.Slice(r.Objects, func(i, j int) bool {
+		return r.Objects[i].Ref.String() < r.Objects[j].Ref.String()
+	})
+
+	assert.Len(t, r.Objects, 3)
+	assert.Equal(t, result.BaseObject{
+		Ref: k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm", Namespace: p.TestSlug()},
+		Changes: []result.Change{
+			{Type: "update", JsonPath: "data.d1", OldValue: &v1.JSON{Raw: []byte("\"b\"")}, NewValue: &v1.JSON{Raw: []byte("\"c\"")}, UnifiedDiff: "-b\n+c"},
+			{Type: "update", JsonPath: "metadata.name", OldValue: &v1.JSON{Raw: []byte("\"cm-2\"")}, NewValue: &v1.JSON{Raw: []byte("\"cm-3\"")}, UnifiedDiff: "-cm-2\n+cm-3"}},
+	}, r.Objects[0].BaseObject)
+	assert.Equal(t, result.BaseObject{
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: "test-diff-name"},
+		Orphan: true,
+	}, r.Objects[1].BaseObject)
+	assert.Equal(t, result.BaseObject{
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-2", Namespace: "test-diff-name"},
+		Orphan: true,
+	}, r.Objects[2].BaseObject)
+}
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index a78a2d0fd..5595851bb 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -9,6 +9,7 @@ import (
 
 type resourceOpts struct {
 	name        string
+	fname       string
 	namespace   string
 	tags        []string
 	labels      map[string]string
@@ -56,8 +57,12 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 
 func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
+	fname := opts.fname
+	if fname == "" {
+		fname = fmt.Sprintf("configmap-%s.yml", opts.name)
+	}
 	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
-		{Name: fmt.Sprintf("configmap-%s.yml", opts.name), Content: o},
+		{Name: fname, Content: o},
 	}, opts.tags)
 	if opts.when != "" {
 		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
diff --git a/pkg/deployment/utils/diff_utils_test.go b/pkg/deployment/utils/diff_utils_test.go
index 60e3fa6e9..8f69247d9 100644
--- a/pkg/deployment/utils/diff_utils_test.go
+++ b/pkg/deployment/utils/diff_utils_test.go
@@ -48,12 +48,13 @@ func (dtc *diffTestConfig) appliedObjectsMap() map[k8s2.ObjectRef]*uo.Unstructur
 	return ret
 }
 
-func newTestConfigMap(name string, data map[string]interface{}) *uo.UnstructuredObject {
+func newTestConfigMap(name string, data map[string]interface{}, annotations map[string]string) *uo.UnstructuredObject {
 	o := uo.New()
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	o.SetK8sName(name)
 	o.SetK8sNamespace("default")
 	o.SetNestedField(data, "data")
+	o.SetK8sAnnotations(annotations)
 	return o
 }
 
@@ -83,9 +84,9 @@ func TestDiff(t *testing.T) {
 	tests := []*diffTestConfig{
 		{
 			name: "One changed object (changed field)",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"})},
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"}, nil)},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"}, nil)},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v2"}, nil)},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
@@ -95,9 +96,9 @@ func TestDiff(t *testing.T) {
 		},
 		{
 			name: "One changed object (new field)",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"}, nil)},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"}, nil)},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"}, nil)},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
@@ -107,9 +108,9 @@ func TestDiff(t *testing.T) {
 		},
 		{
 			name: "One changed object (removed field)",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"}, nil)},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"}, nil)},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"}, nil)},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
@@ -119,9 +120,9 @@ func TestDiff(t *testing.T) {
 		},
 		{
 			name: "One changed object (new + removed field)",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"})},
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1"}, nil)},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"}, nil)},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d2": "v2"}, nil)},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
@@ -132,9 +133,9 @@ func TestDiff(t *testing.T) {
 		},
 		{
 			name: "One changed object (mixed changes)",
-			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"})},
-			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"})},
-			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"})},
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v1", "d2": "v2"}, nil)},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"}, nil)},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test", map[string]interface{}{"d1": "v12", "d3": "v3"}, nil)},
 			a: func(t *testing.T, dtc *diffTestConfig) {
 				assert.Len(t, dtc.du.ChangedObjects, 1)
 				assert.Equal(t, []result.Change{
@@ -144,6 +145,19 @@ func TestDiff(t *testing.T) {
 				}, dtc.du.ChangedObjects[0].Changes)
 			},
 		},
+		{
+			name: "kluctl.io/diff-name being set",
+			ro:   []*uo.UnstructuredObject{newTestConfigMap("test1", map[string]interface{}{"d1": "v1"}, map[string]string{"kluctl.io/diff-name": "test"})},
+			lo:   []*uo.UnstructuredObject{newTestConfigMap("test2", map[string]interface{}{"d1": "v2"}, map[string]string{"kluctl.io/diff-name": "test"})},
+			ao:   []*uo.UnstructuredObject{newTestConfigMap("test2", map[string]interface{}{"d1": "v2"}, map[string]string{"kluctl.io/diff-name": "test"})},
+			a: func(t *testing.T, dtc *diffTestConfig) {
+				assert.Len(t, dtc.du.ChangedObjects, 1)
+				assert.Equal(t, []result.Change{
+					buildChange("update", "data.d1", buildRaw("v1"), buildRaw("v2"), "-v1\n+v2"),
+					buildChange("update", "metadata.name", buildRaw("test1"), buildRaw("test2"), "-test1\n+test2"),
+				}, dtc.du.ChangedObjects[0].Changes)
+			},
+		},
 	}
 
 	for _, test := range tests {

From cdd50760bdf1a657f04adecca09c4b7576417bde Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Jun 2023 11:19:05 +0200
Subject: [PATCH 1125/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.7 to 1.27.8 (#557)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index f0f0aab43..1b51519b1 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.7.4
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.7
+	github.com/onsi/gomega v1.27.8
 	github.com/otiai10/copy v1.11.0
 	github.com/prometheus/client_golang v1.15.1
 	github.com/sergi/go-diff v1.3.1
diff --git a/go.sum b/go.sum
index a9b491fba..63ad11bf5 100644
--- a/go.sum
+++ b/go.sum
@@ -658,9 +658,9 @@ github.com/ohler55/ojg v1.18.7 h1:sC7zy0usEiWa6bvx3NU1yZH4kCA2F3Qzs6iiDX4+xdk=
 github.com/ohler55/ojg v1.18.7/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
-github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
-github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
+github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
+github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
+github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=

From abb03226dded6642d229fd719b9868220042ccd5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Apr 2023 23:46:11 +0200
Subject: [PATCH 1126/2268] feat: Add initial implementation of webui

---
 cmd/kluctl/commands/cmd_webui.go              |   112 +
 cmd/kluctl/commands/root.go                   |     1 +
 go.mod                                        |    11 +
 go.sum                                        |    25 +
 pkg/results/result-store-secrets.go           |     3 +
 pkg/results/results-collector.go              |    14 +-
 pkg/utils/fs_copy.go                          |    84 +
 pkg/webui/clusteraccessor.go                  |   110 +
 pkg/webui/embed.go                            |    19 +
 pkg/webui/generate-ts/main.go                 |    32 +
 pkg/webui/generate.go                         |     3 +
 pkg/webui/server.go                           |   280 +
 pkg/webui/shortnames.go                       |   217 +
 pkg/webui/staticbuilder.go                    |   144 +
 pkg/webui/ui/build.js                         |     5 +
 pkg/webui/ui/package-lock.json                | 18441 ++++++++++++++++
 pkg/webui/ui/package.json                     |    67 +
 pkg/webui/ui/public/.gitignore                |     1 +
 pkg/webui/ui/public/favicon.ico               |   Bin 0 -> 15406 bytes
 pkg/webui/ui/public/index.html                |    44 +
 pkg/webui/ui/public/logo192.png               |   Bin 0 -> 13703 bytes
 pkg/webui/ui/public/logo512.png               |   Bin 0 -> 26403 bytes
 pkg/webui/ui/public/manifest.json             |    25 +
 pkg/webui/ui/public/robots.txt                |     3 +
 pkg/webui/ui/public/staticbuild.js            |     2 +
 pkg/webui/ui/src/api.tsx                      |   251 +
 pkg/webui/ui/src/components/ActionsMenu.tsx   |    93 +
 pkg/webui/ui/src/components/App.css           |    38 +
 pkg/webui/ui/src/components/App.test.tsx      |     9 +
 pkg/webui/ui/src/components/App.tsx           |    30 +
 pkg/webui/ui/src/components/CodeViewer.tsx    |    29 +
 pkg/webui/ui/src/components/ErrorsTable.tsx   |    56 +
 pkg/webui/ui/src/components/Jdenticon.tsx     |    17 +
 pkg/webui/ui/src/components/LeftDrawer.tsx    |   170 +
 pkg/webui/ui/src/components/Loading.tsx       |    15 +
 pkg/webui/ui/src/components/ObjectYaml.tsx    |    26 +
 .../ui/src/components/PropertiesTable.tsx     |    31 +
 pkg/webui/ui/src/components/Router.tsx        |    41 +
 .../components/result-view/ChangesTable.tsx   |   105 +
 .../result-view/CommandResultStatusLine.tsx   |    59 +
 .../result-view/CommandResultTree.tsx         |    95 +
 .../result-view/CommandResultView.tsx         |    53 +
 .../result-view/NodeStatusFilter.tsx          |    97 +
 .../src/components/result-view/SidePanel.tsx  |    78 +
 .../result-view/nodes/CommandResultNode.tsx   |    60 +
 .../DeletedOrOrphanObjectsCollectionNode.tsx  |    54 +
 .../nodes/DeploymentItemIncludeNode.tsx       |    78 +
 .../result-view/nodes/DeploymentItemNode.tsx  |    72 +
 .../result-view/nodes/NodeBuilder.ts          |   194 +
 .../components/result-view/nodes/NodeData.tsx |   188 +
 .../result-view/nodes/ObjectNode.tsx          |   101 +
 .../nodes/VarsSourceCollectionNode.tsx        |    26 +
 .../result-view/nodes/VarsSourceNode.tsx      |   238 +
 .../CommandResultDetailsDrawer.tsx            |    54 +
 .../targets-view/CommandResultItem.tsx        |    91 +
 .../src/components/targets-view/Projects.tsx  |    50 +
 .../targets-view/TargetDetailsDrawer.tsx      |   108 +
 .../src/components/targets-view/Targets.tsx   |   147 +
 .../components/targets-view/TargetsView.tsx   |    96 +
 pkg/webui/ui/src/icons/GitIcon.tsx            |     6 +
 pkg/webui/ui/src/icons/KluctlLogo.tsx         |     6 +
 pkg/webui/ui/src/icons/git.svg                |     1 +
 pkg/webui/ui/src/icons/kluctl-logo.svg        |     1 +
 pkg/webui/ui/src/index.css                    |    25 +
 pkg/webui/ui/src/index.tsx                    |    27 +
 pkg/webui/ui/src/loadscript.ts                |    35 +
 pkg/webui/ui/src/logo.svg                     |     1 +
 pkg/webui/ui/src/models.ts                    |   900 +
 pkg/webui/ui/src/react-app-env.d.ts           |     1 +
 pkg/webui/ui/src/reportWebVitals.ts           |    15 +
 pkg/webui/ui/src/setupTests.ts                |     5 +
 pkg/webui/ui/src/staticbuild.d.ts             |     7 +
 pkg/webui/ui/src/utils/duration.ts            |    30 +
 pkg/webui/ui/src/utils/misc.ts                |    14 +
 pkg/webui/ui/tsconfig.json                    |    26 +
 pkg/webui/validator.go                        |   223 +
 76 files changed, 23815 insertions(+), 1 deletion(-)
 create mode 100644 cmd/kluctl/commands/cmd_webui.go
 create mode 100644 pkg/utils/fs_copy.go
 create mode 100644 pkg/webui/clusteraccessor.go
 create mode 100644 pkg/webui/embed.go
 create mode 100644 pkg/webui/generate-ts/main.go
 create mode 100644 pkg/webui/generate.go
 create mode 100644 pkg/webui/server.go
 create mode 100644 pkg/webui/shortnames.go
 create mode 100644 pkg/webui/staticbuilder.go
 create mode 100644 pkg/webui/ui/build.js
 create mode 100644 pkg/webui/ui/package-lock.json
 create mode 100644 pkg/webui/ui/package.json
 create mode 100644 pkg/webui/ui/public/.gitignore
 create mode 100644 pkg/webui/ui/public/favicon.ico
 create mode 100644 pkg/webui/ui/public/index.html
 create mode 100644 pkg/webui/ui/public/logo192.png
 create mode 100644 pkg/webui/ui/public/logo512.png
 create mode 100644 pkg/webui/ui/public/manifest.json
 create mode 100644 pkg/webui/ui/public/robots.txt
 create mode 100644 pkg/webui/ui/public/staticbuild.js
 create mode 100644 pkg/webui/ui/src/api.tsx
 create mode 100644 pkg/webui/ui/src/components/ActionsMenu.tsx
 create mode 100644 pkg/webui/ui/src/components/App.css
 create mode 100644 pkg/webui/ui/src/components/App.test.tsx
 create mode 100644 pkg/webui/ui/src/components/App.tsx
 create mode 100644 pkg/webui/ui/src/components/CodeViewer.tsx
 create mode 100644 pkg/webui/ui/src/components/ErrorsTable.tsx
 create mode 100644 pkg/webui/ui/src/components/Jdenticon.tsx
 create mode 100644 pkg/webui/ui/src/components/LeftDrawer.tsx
 create mode 100644 pkg/webui/ui/src/components/Loading.tsx
 create mode 100644 pkg/webui/ui/src/components/ObjectYaml.tsx
 create mode 100644 pkg/webui/ui/src/components/PropertiesTable.tsx
 create mode 100644 pkg/webui/ui/src/components/Router.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/ChangesTable.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/CommandResultView.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/SidePanel.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
 create mode 100644 pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/Projects.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/Targets.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/TargetsView.tsx
 create mode 100644 pkg/webui/ui/src/icons/GitIcon.tsx
 create mode 100644 pkg/webui/ui/src/icons/KluctlLogo.tsx
 create mode 100644 pkg/webui/ui/src/icons/git.svg
 create mode 100644 pkg/webui/ui/src/icons/kluctl-logo.svg
 create mode 100644 pkg/webui/ui/src/index.css
 create mode 100644 pkg/webui/ui/src/index.tsx
 create mode 100644 pkg/webui/ui/src/loadscript.ts
 create mode 100644 pkg/webui/ui/src/logo.svg
 create mode 100644 pkg/webui/ui/src/models.ts
 create mode 100644 pkg/webui/ui/src/react-app-env.d.ts
 create mode 100644 pkg/webui/ui/src/reportWebVitals.ts
 create mode 100644 pkg/webui/ui/src/setupTests.ts
 create mode 100644 pkg/webui/ui/src/staticbuild.d.ts
 create mode 100644 pkg/webui/ui/src/utils/duration.ts
 create mode 100644 pkg/webui/ui/src/utils/misc.ts
 create mode 100644 pkg/webui/ui/tsconfig.json
 create mode 100644 pkg/webui/validator.go

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
new file mode 100644
index 000000000..73838107a
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -0,0 +1,112 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/webui"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type webuiCmd struct {
+	Port        int      `group:"misc" help:"Port to serve the api and webui." default:"8080"`
+	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
+	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
+	StaticPath  string   `group:"misc" help:"Build static webui."`
+}
+
+func (cmd *webuiCmd) Help() string {
+	return `TODO`
+}
+
+func (cmd *webuiCmd) Run(ctx context.Context) error {
+
+	stores, configs, err := cmd.createResultStores(ctx)
+	if err != nil {
+		return err
+	}
+
+	collector := results.NewResultsCollector(ctx, stores)
+	collector.Start()
+
+	if cmd.StaticPath != "" {
+		collector.WaitForInitialSync()
+		sbw := webui.NewStaticWebuiBuilder(collector)
+		return sbw.Build(cmd.StaticPath)
+	} else {
+		server := webui.NewCommandResultsServer(ctx, collector, configs)
+		return server.Run(cmd.Port)
+	}
+}
+
+func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultStore, []*rest.Config, error) {
+	r := clientcmd.NewDefaultClientConfigLoadingRules()
+
+	kcfg, err := r.Load()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var stores []results.ResultStore
+	var configs []*rest.Config
+
+	var contexts []string
+	if cmd.AllContexts {
+		for name, _ := range kcfg.Contexts {
+			contexts = append(contexts, name)
+		}
+	} else {
+		if len(cmd.Context) == 0 {
+			// placeholder for current context
+			contexts = append(contexts, "")
+		}
+		for _, c := range cmd.Context {
+			found := false
+			for name, _ := range kcfg.Contexts {
+				if c == name {
+					contexts = append(contexts, name)
+					found = true
+					break
+				}
+			}
+			if !found {
+				return nil, nil, fmt.Errorf("context '%s' not found in kubeconfig", c)
+			}
+		}
+	}
+
+	for _, c := range contexts {
+		configOverrides := &clientcmd.ConfigOverrides{
+			CurrentContext: c,
+		}
+		config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+			r,
+			configOverrides).ClientConfig()
+		if err != nil {
+			return nil, nil, err
+		}
+
+		client, err := client.New(config, client.Options{})
+		if err != nil {
+			return nil, nil, err
+		}
+
+		cache, err := cache.New(config, cache.Options{})
+		if err != nil {
+			return nil, nil, err
+		}
+		go cache.Start(ctx)
+
+		store, err := results.NewResultStoreSecrets(ctx, client, cache, "", 0)
+		if err != nil {
+			return nil, nil, err
+		}
+		stores = append(stores, store)
+		configs = append(configs, config)
+	}
+
+	return stores, configs, nil
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index cc629d689..67dbc8cfe 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -67,6 +67,7 @@ type cli struct {
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
 	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
+	Webui       webuiCmd       `cmd:"" help:"TODO"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
diff --git a/go.mod b/go.mod
index 1b51519b1..4fa6e6eff 100644
--- a/go.mod
+++ b/go.mod
@@ -61,6 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
+	github.com/gin-gonic/gin v1.9.0
 	github.com/go-git/go-git/v5 v5.7.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
@@ -71,6 +72,7 @@ require (
 	github.com/otiai10/copy v1.11.0
 	github.com/prometheus/client_golang v1.15.1
 	github.com/sergi/go-diff v1.3.1
+	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.15.0
@@ -108,9 +110,11 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/bytedance/sonic v1.8.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/containerd/containerd v1.7.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
@@ -130,6 +134,7 @@ require (
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
@@ -142,6 +147,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/goccy/go-json v0.10.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
@@ -171,6 +177,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -212,6 +219,9 @@ require (
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/tkrajina/go-reflector v0.5.5 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/urfave/cli v1.22.12 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
@@ -227,6 +237,7 @@ require (
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
+	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
diff --git a/go.sum b/go.sum
index 63ad11bf5..992fed9f8 100644
--- a/go.sum
+++ b/go.sum
@@ -164,6 +164,9 @@ github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZ
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
+github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
@@ -174,6 +177,9 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -272,6 +278,10 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
+github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -328,6 +338,8 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
+github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -536,6 +548,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
 github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c h1:qAIvhYamCEU/tY6NaENEIQCynGV5sdON7zgZKnbrhhw=
@@ -807,8 +821,16 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/tkrajina/go-reflector v0.5.5 h1:gwoQFNye30Kk7NrExj8zm3zFtrGPqOkzFMLuQZg1DtQ=
+github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
+github.com/tkrajina/typescriptify-golang-structs v0.1.10 h1:W/Ta9Kqo2lV+7bVXuQoUhZ0bDlnjwtPpKsy3A9M1nYg=
+github.com/tkrajina/typescriptify-golang-structs v0.1.10/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
 github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
@@ -876,6 +898,8 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1369,6 +1393,7 @@ k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 1389db4ab..9b62f35c0 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -338,6 +338,9 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 		return nil, err
 	}
 
+	stopCh := make(chan struct{})
+	toolscache.WaitForCacheSync(stopCh, r.HasSynced)
+
 	cancel := func() {
 		_ = s.informer.RemoveEventHandler(r)
 	}
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 053cbbe37..f5376ad28 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -17,7 +17,8 @@ type ResultsCollector struct {
 	resultSummaries map[string]summaryEntry
 	handlers        []*handlerEntry
 
-	mutex sync.Mutex
+	initialWG sync.WaitGroup
+	mutex     sync.Mutex
 }
 
 type summaryEntry struct {
@@ -38,6 +39,8 @@ func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsColl
 		resultSummaries: map[string]summaryEntry{},
 	}
 
+	ret.initialWG.Add(len(stores))
+
 	return ret
 }
 
@@ -45,6 +48,10 @@ func (rc *ResultsCollector) Start() {
 	rc.startWatchResults()
 }
 
+func (rc *ResultsCollector) WaitForInitialSync() {
+	rc.initialWG.Wait()
+}
+
 func (rc *ResultsCollector) startWatchResults() {
 	for _, store := range rc.stores {
 		go rc.runWatchResults(store)
@@ -52,12 +59,17 @@ func (rc *ResultsCollector) startWatchResults() {
 }
 
 func (rc *ResultsCollector) runWatchResults(store ResultStore) {
+	initial := true
 	for {
 		_, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{}, func(summary *result.CommandResultSummary) {
 			rc.handleUpdate(store, summary)
 		}, func(id string) {
 			rc.handleDelete(store, id)
 		})
+		if initial {
+			rc.initialWG.Done()
+			initial = false
+		}
 		if err == nil {
 			break
 		}
diff --git a/pkg/utils/fs_copy.go b/pkg/utils/fs_copy.go
new file mode 100644
index 000000000..ef5fef165
--- /dev/null
+++ b/pkg/utils/fs_copy.go
@@ -0,0 +1,84 @@
+package utils
+
+import (
+	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"path"
+	"path/filepath"
+)
+
+// TODO get rid of all this when https://github.com/otiai10/copy/issues/71 gets implemented
+
+func CopyFile(src string, dst string) error {
+	if !IsFile(src) {
+		return fmt.Errorf("%s is not a regular file", src)
+	}
+	f, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	return CopyFileStream(f, dst)
+}
+
+func FsCopyFile(srcFs fs.FS, src, dst string) error {
+	src = filepath.ToSlash(src)
+	source, err := srcFs.Open(src)
+	if err != nil {
+		return err
+	}
+	defer source.Close()
+
+	sourceFileStat, err := source.Stat()
+	if err != nil {
+		return err
+	}
+
+	if !sourceFileStat.Mode().IsRegular() {
+		return fmt.Errorf("%s is not a regular file", src)
+	}
+
+	return CopyFileStream(source, dst)
+}
+
+func CopyFileStream(src io.Reader, dst string) error {
+	destination, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer destination.Close()
+
+	_, err = io.Copy(destination, src)
+	return err
+}
+
+func FsCopyDir(srcFs fs.FS, src string, dst string) error {
+	var err error
+	var fds []fs.DirEntry
+
+	src = filepath.ToSlash(src)
+
+	if fds, err = fs.ReadDir(srcFs, src); err != nil {
+		return err
+	}
+	if err = os.MkdirAll(dst, 0o700); err != nil {
+		return err
+	}
+	for _, fd := range fds {
+		srcfp := path.Join(src, fd.Name())
+		dstfp := filepath.Join(dst, fd.Name())
+
+		if fd.IsDir() {
+			if err = FsCopyDir(srcFs, srcfp, dstfp); err != nil {
+				return err
+			}
+		} else {
+			if err = FsCopyFile(srcFs, srcfp, dstfp); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
new file mode 100644
index 000000000..fe83386f2
--- /dev/null
+++ b/pkg/webui/clusteraccessor.go
@@ -0,0 +1,110 @@
+package webui
+
+import (
+	"context"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/rest"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sync"
+	"time"
+)
+
+type clusterAccessorManager struct {
+	ctx       context.Context
+	accessors []*clusterAccessor
+}
+
+type clusterAccessor struct {
+	ctx       context.Context
+	config    *rest.Config
+	client    client.Client
+	k         *k8s2.K8sCluster
+	clusterId string
+	mutex     sync.Mutex
+}
+
+func (cam *clusterAccessorManager) add(config *rest.Config) {
+	cam.accessors = append(cam.accessors, &clusterAccessor{
+		ctx:    cam.ctx,
+		config: config,
+	})
+}
+
+func (cam *clusterAccessorManager) start() {
+	for _, ca := range cam.accessors {
+		ca.start()
+	}
+}
+
+func (cam *clusterAccessorManager) getForClusterId(clusterId string) *clusterAccessor {
+	for _, ca := range cam.accessors {
+		if ca.getClusterId() == clusterId {
+			return ca
+		}
+	}
+	return nil
+}
+
+func (ca *clusterAccessor) start() {
+	go ca.initClient()
+}
+
+func (ca *clusterAccessor) initClient() {
+	for {
+		err := ca.tryInitClient()
+		if err == nil {
+			break
+		}
+		time.Sleep(5 * time.Second)
+	}
+}
+
+func (ca *clusterAccessor) tryInitClient() error {
+	var err error
+	c, err := client.New(ca.config, client.Options{})
+	if err != nil {
+		return err
+	}
+	var ns corev1.Namespace
+	err = c.Get(context.Background(), client.ObjectKey{Name: "kube-system"}, &ns)
+	if err != nil {
+		return err
+	}
+
+	cf, err := k8s2.NewClientFactory(context.Background(), ca.config)
+	if err != nil {
+		return err
+	}
+
+	k, err := k8s2.NewK8sCluster(context.Background(), cf, true)
+	if err != nil {
+		return err
+	}
+
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+	ca.client = c
+	ca.k = k
+	ca.clusterId = string(ns.UID)
+
+	return nil
+}
+
+func (ca *clusterAccessor) getClusterId() string {
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+	return ca.clusterId
+}
+
+func (ca *clusterAccessor) getClient() client.Client {
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+	return ca.client
+}
+
+func (ca *clusterAccessor) getK() *k8s2.K8sCluster {
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+	return ca.k
+}
diff --git a/pkg/webui/embed.go b/pkg/webui/embed.go
new file mode 100644
index 000000000..be8818c85
--- /dev/null
+++ b/pkg/webui/embed.go
@@ -0,0 +1,19 @@
+package webui
+
+import (
+	"embed"
+	log "github.com/sirupsen/logrus"
+	"io/fs"
+)
+
+//go:embed ui/build
+var uiBuildFS embed.FS
+var uiFS fs.FS
+
+func init() {
+	var err error
+	uiFS, err = fs.Sub(uiBuildFS, "ui/build")
+	if err != nil {
+		log.Fatal("failed to get ui fs", err)
+	}
+}
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
new file mode 100644
index 000000000..23a26e7ee
--- /dev/null
+++ b/pkg/webui/generate-ts/main.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/webui"
+	"github.com/tkrajina/typescriptify-golang-structs/typescriptify"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func main() {
+	converter := typescriptify.New().
+		WithBackupDir("").
+		Add(result.CommandResult{}).
+		Add(result.ProjectSummary{}).
+		Add(result.CommandResultSummary{}).
+		Add(webui.ShortName{}).
+		Add(uo.UnstructuredObject{}).
+		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(types.GitRepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(types.YamlUrl{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(uo.UnstructuredObject{}, typescriptify.TypeOptions{TSType: "any"}).
+		ManageType(metav1.Time{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(apiextensionsv1.JSON{}, typescriptify.TypeOptions{TSType: "any"})
+
+	err := converter.ConvertToFile("ui/src/models.ts")
+	if err != nil {
+		panic(err.Error())
+	}
+}
diff --git a/pkg/webui/generate.go b/pkg/webui/generate.go
new file mode 100644
index 000000000..f4aa787b8
--- /dev/null
+++ b/pkg/webui/generate.go
@@ -0,0 +1,3 @@
+package webui
+
+//go:generate go run github.com/kluctl/kluctl/v2/pkg/webui/generate-ts
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
new file mode 100644
index 000000000..746f3b0da
--- /dev/null
+++ b/pkg/webui/server.go
@@ -0,0 +1,280 @@
+package webui
+
+import (
+	"context"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/client-go/rest"
+	"net"
+	"net/http"
+)
+
+type CommandResultsServer struct {
+	ctx       context.Context
+	collector *results.ResultsCollector
+	cam       *clusterAccessorManager
+	vam       *validatorManager
+}
+
+func NewCommandResultsServer(ctx context.Context, collector *results.ResultsCollector, configs []*rest.Config) *CommandResultsServer {
+	ret := &CommandResultsServer{
+		ctx:       ctx,
+		collector: collector,
+		cam: &clusterAccessorManager{
+			ctx: ctx,
+		},
+	}
+
+	for _, config := range configs {
+		ret.cam.add(config)
+	}
+
+	ret.vam = newValidatorManager(ctx, collector, ret.cam)
+
+	return ret
+}
+
+func (s *CommandResultsServer) Run(port int) error {
+	_, _ = s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{}, func(summary *result.CommandResultSummary) {
+		status.Info(s.ctx, "Updated result summary for %s", summary.Id)
+	}, func(id string) {
+		status.Info(s.ctx, "Deleted result summary for %s", id)
+	})
+
+	s.cam.start()
+	s.vam.start()
+
+	router := gin.Default()
+
+	router.StaticFS("/webui", http.FS(uiFS))
+
+	api := router.Group("/api")
+	api.GET("/getShortNames", s.getShortNames)
+	api.GET("/listProjects", s.listProjects)
+	api.GET("/listResults", s.listResults)
+	api.GET("/getResult", s.getResult)
+	api.GET("/getResultObject", s.getResultObject)
+	api.POST("/validateNow", s.validateNow)
+
+	address := fmt.Sprintf(":%d", port)
+	listener, err := net.Listen("tcp", address)
+	if err != nil {
+		return err
+	}
+
+	httpServer := http.Server{
+		Addr: address,
+		BaseContext: func(listener net.Listener) context.Context {
+			return s.ctx
+		},
+		Handler: router.Handler(),
+	}
+
+	return httpServer.Serve(listener)
+}
+
+func (s *CommandResultsServer) getShortNames(c *gin.Context) {
+	c.JSON(http.StatusOK, GetShortNames())
+}
+
+func (s *CommandResultsServer) listResults(c *gin.Context) {
+	args := struct {
+		FilterProject string `form:"filterProject"`
+		FilterSubDir  string `form:"filterSubDir"`
+	}{}
+	err := c.BindQuery(&args)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	var filter *result.ProjectKey
+	if args.FilterProject != "" {
+		filter = &result.ProjectKey{
+			GitRepoKey: repoKey,
+			SubDir:     args.FilterSubDir,
+		}
+	}
+
+	summaries, err := s.collector.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{
+		ProjectFilter: filter,
+	})
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	c.JSON(http.StatusOK, summaries)
+}
+
+func (s *CommandResultsServer) listProjects(c *gin.Context) {
+	summaries, err := s.collector.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	projects := result.BuildProjectSummaries(summaries)
+
+	for _, p := range projects {
+		for _, t := range p.Targets {
+			key := projectTargetKey{
+				Project: p.Project,
+				Target:  t.Target,
+			}
+			vr, err := s.vam.getValidateResult(key)
+			if err == nil {
+				t.LastValidateResult = vr
+			}
+		}
+	}
+
+	c.JSON(http.StatusOK, projects)
+}
+
+type resultIdParam struct {
+	ResultId string `form:"resultId"`
+}
+type refParam struct {
+	Group     string `form:"group"`
+	Version   string `form:"version"`
+	Kind      string `form:"kind"`
+	Name      string `form:"name"`
+	Namespace string `form:"namespace"`
+}
+type objectTypeParams struct {
+	ObjectType string `form:"objectType"`
+}
+
+func (ref refParam) toK8sRef() k8s.ObjectRef {
+	return k8s.ObjectRef{
+		Group:     ref.Group,
+		Version:   ref.Version,
+		Kind:      ref.Kind,
+		Name:      ref.Name,
+		Namespace: ref.Namespace,
+	}
+}
+
+func (s *CommandResultsServer) getResult(c *gin.Context) {
+	var params resultIdParam
+
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	sr, err := s.collector.GetCommandResult(results.GetCommandResultOptions{
+		Id:      params.ResultId,
+		Reduced: true,
+	})
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	if sr == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	c.JSON(http.StatusOK, sr)
+}
+
+func (s *CommandResultsServer) getResultObject(c *gin.Context) {
+	var params resultIdParam
+	var ref refParam
+	var objectType objectTypeParams
+
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	err = c.Bind(&ref)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	err = c.Bind(&objectType)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	sr, err := s.collector.GetCommandResult(results.GetCommandResultOptions{
+		Id:      params.ResultId,
+		Reduced: false,
+	})
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	if sr == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	ref2 := ref.toK8sRef()
+
+	var found *result.ResultObject
+	for _, o := range sr.Objects {
+		if o.Ref == ref2 {
+			found = &o
+			break
+		}
+	}
+	if found == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	var o2 *uo.UnstructuredObject
+	switch objectType.ObjectType {
+	case "rendered":
+		o2 = found.Rendered
+	case "remote":
+		o2 = found.Remote
+	case "applied":
+		o2 = found.Applied
+	}
+	if o2 == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	c.JSON(http.StatusOK, o2)
+}
+
+func (s *CommandResultsServer) validateNow(c *gin.Context) {
+	var params projectTargetKey
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	key := projectTargetKey{
+		Project: params.Project,
+		Target:  params.Target,
+	}
+
+	if !s.vam.validateNow(key) {
+		_ = c.AbortWithError(http.StatusNotFound, err)
+		return
+	}
+
+	c.Status(http.StatusOK)
+}
diff --git a/pkg/webui/shortnames.go b/pkg/webui/shortnames.go
new file mode 100644
index 000000000..04ce897cb
--- /dev/null
+++ b/pkg/webui/shortnames.go
@@ -0,0 +1,217 @@
+package webui
+
+import (
+	"strings"
+)
+
+// output of "kubectl api-resources"
+const apiResourcesOutput = `
+bindings                                                      v1                                          true         Binding
+componentstatuses                         cs                  v1                                          false        ComponentStatus
+configmaps                                cm                  v1                                          true         ConfigMap
+endpoints                                 ep                  v1                                          true         Endpoints
+events                                    ev                  v1                                          true         Event
+limitranges                               limits              v1                                          true         LimitRange
+namespaces                                ns                  v1                                          false        Namespace
+nodes                                     no                  v1                                          false        Node
+persistentvolumeclaims                    pvc                 v1                                          true         PersistentVolumeClaim
+persistentvolumes                         pv                  v1                                          false        PersistentVolume
+pods                                      po                  v1                                          true         Pod
+podtemplates                                                  v1                                          true         PodTemplate
+replicationcontrollers                    rc                  v1                                          true         ReplicationController
+resourcequotas                            quota               v1                                          true         ResourceQuota
+secrets                                                       v1                                          true         Secret
+serviceaccounts                           sa                  v1                                          true         ServiceAccount
+services                                  svc                 v1                                          true         Service
+postgresqls                               pg                  acid.zalan.do/v1                            true         postgresql
+challenges                                                    acme.cert-manager.io/v1                     true         Challenge
+orders                                                        acme.cert-manager.io/v1                     true         Order
+mutatingwebhookconfigurations                                 admissionregistration.k8s.io/v1             false        MutatingWebhookConfiguration
+validatingwebhookconfigurations                               admissionregistration.k8s.io/v1             false        ValidatingWebhookConfiguration
+agents                                    agent               agent.k8s.elastic.co/v1alpha1               true         Agent
+customresourcedefinitions                 crd,crds            apiextensions.k8s.io/v1                     false        CustomResourceDefinition
+apiservices                                                   apiregistration.k8s.io/v1                   false        APIService
+apmservers                                apm                 apm.k8s.elastic.co/v1                       true         ApmServer
+controllerrevisions                                           apps/v1                                     true         ControllerRevision
+daemonsets                                ds                  apps/v1                                     true         DaemonSet
+deployments                               deploy              apps/v1                                     true         Deployment
+replicasets                               rs                  apps/v1                                     true         ReplicaSet
+statefulsets                              sts                 apps/v1                                     true         StatefulSet
+tokenreviews                                                  authentication.k8s.io/v1                    false        TokenReview
+localsubjectaccessreviews                                     authorization.k8s.io/v1                     true         LocalSubjectAccessReview
+selfsubjectaccessreviews                                      authorization.k8s.io/v1                     false        SelfSubjectAccessReview
+selfsubjectrulesreviews                                       authorization.k8s.io/v1                     false        SelfSubjectRulesReview
+subjectaccessreviews                                          authorization.k8s.io/v1                     false        SubjectAccessReview
+horizontalpodautoscalers                  hpa                 autoscaling/v2                              true         HorizontalPodAutoscaler
+elasticsearchautoscalers                  esa                 autoscaling.k8s.elastic.co/v1alpha1         true         ElasticsearchAutoscaler
+cronjobs                                  cj                  batch/v1                                    true         CronJob
+jobs                                                          batch/v1                                    true         Job
+beats                                     beat                beat.k8s.elastic.co/v1beta1                 true         Beat
+sealedsecrets                                                 bitnami.com/v1alpha1                        true         SealedSecret
+certificaterequests                       cr,crs              cert-manager.io/v1                          true         CertificateRequest
+certificates                              cert,certs          cert-manager.io/v1                          true         Certificate
+clusterissuers                                                cert-manager.io/v1                          false        ClusterIssuer
+issuers                                                       cert-manager.io/v1                          true         Issuer
+certificatesigningrequests                csr                 certificates.k8s.io/v1                      false        CertificateSigningRequest
+ciliumclusterwidenetworkpolicies          ccnp                cilium.io/v2                                false        CiliumClusterwideNetworkPolicy
+ciliumendpoints                           cep,ciliumep        cilium.io/v2                                true         CiliumEndpoint
+ciliumexternalworkloads                   cew                 cilium.io/v2                                false        CiliumExternalWorkload
+ciliumidentities                          ciliumid            cilium.io/v2                                false        CiliumIdentity
+ciliumnetworkpolicies                     cnp,ciliumnp        cilium.io/v2                                true         CiliumNetworkPolicy
+ciliumnodes                               cn,ciliumn          cilium.io/v2                                false        CiliumNode
+configs                                                       config.gatekeeper.sh/v1alpha1               true         Config
+k8sallowedingressclasses                                      constraints.gatekeeper.sh/v1beta1           false        K8sAllowedIngressClasses
+k8spspallowedusers                                            constraints.gatekeeper.sh/v1beta1           false        K8sPSPAllowedUsers
+k8spspallowprivilegeescalationcontainer                       constraints.gatekeeper.sh/v1beta1           false        K8sPSPAllowPrivilegeEscalationContainer
+k8spspapparmor                                                constraints.gatekeeper.sh/v1beta1           false        K8sPSPAppArmor
+k8spspcapabilities                                            constraints.gatekeeper.sh/v1beta1           false        K8sPSPCapabilities
+k8spspflexvolumes                                             constraints.gatekeeper.sh/v1beta1           false        K8sPSPFlexVolumes
+k8spspforbiddensysctls                                        constraints.gatekeeper.sh/v1beta1           false        K8sPSPForbiddenSysctls
+k8spspfsgroup                                                 constraints.gatekeeper.sh/v1beta1           false        K8sPSPFSGroup
+k8spsphostfilesystem                                          constraints.gatekeeper.sh/v1beta1           false        K8sPSPHostFilesystem
+k8spsphostnamespace                                           constraints.gatekeeper.sh/v1beta1           false        K8sPSPHostNamespace
+k8spsphostnetworkingports                                     constraints.gatekeeper.sh/v1beta1           false        K8sPSPHostNetworkingPorts
+k8spspprivilegedcontainer                                     constraints.gatekeeper.sh/v1beta1           false        K8sPSPPrivilegedContainer
+k8spspprocmount                                               constraints.gatekeeper.sh/v1beta1           false        K8sPSPProcMount
+k8spspreadonlyrootfilesystem                                  constraints.gatekeeper.sh/v1beta1           false        K8sPSPReadOnlyRootFilesystem
+k8spspseccomp                                                 constraints.gatekeeper.sh/v1beta1           false        K8sPSPSeccomp
+k8spspselinuxv2                                               constraints.gatekeeper.sh/v1beta1           false        K8sPSPSELinuxV2
+k8spspvolumetypes                                             constraints.gatekeeper.sh/v1beta1           false        K8sPSPVolumeTypes
+leases                                                        coordination.k8s.io/v1                      true         Lease
+strimzipodsets                            sps                 core.strimzi.io/v1beta2                     true         StrimziPodSet
+eniconfigs                                                    crd.k8s.amazonaws.com/v1alpha1              false        ENIConfig
+endpointslices                                                discovery.k8s.io/v1                         true         EndpointSlice
+elasticsearches                           es                  elasticsearch.k8s.elastic.co/v1             true         Elasticsearch
+ingressclassparams                                            elbv2.k8s.aws/v1beta1                       false        IngressClassParams
+targetgroupbindings                                           elbv2.k8s.aws/v1beta1                       true         TargetGroupBinding
+enterprisesearches                        ent                 enterprisesearch.k8s.elastic.co/v1          true         EnterpriseSearch
+events                                    ev                  events.k8s.io/v1                            true         Event
+expansiontemplate                                             expansion.gatekeeper.sh/v1alpha1            false        ExpansionTemplate
+providers                                                     externaldata.gatekeeper.sh/v1beta1          false        Provider
+flowschemas                                                   flowcontrol.apiserver.k8s.io/v1beta2        false        FlowSchema
+prioritylevelconfigurations                                   flowcontrol.apiserver.k8s.io/v1beta2        false        PriorityLevelConfiguration
+kluctldeployments                                             flux.kluctl.io/v1alpha1                     true         KluctlDeployment
+jaegers                                                       jaegertracing.io/v1                         true         Jaeger
+kafkabridges                              kb                  kafka.strimzi.io/v1beta2                    true         KafkaBridge
+kafkaconnectors                           kctr                kafka.strimzi.io/v1beta2                    true         KafkaConnector
+kafkaconnects                             kc                  kafka.strimzi.io/v1beta2                    true         KafkaConnect
+kafkamirrormaker2s                        kmm2                kafka.strimzi.io/v1beta2                    true         KafkaMirrorMaker2
+kafkamirrormakers                         kmm                 kafka.strimzi.io/v1beta2                    true         KafkaMirrorMaker
+kafkarebalances                           kr                  kafka.strimzi.io/v1beta2                    true         KafkaRebalance
+kafkas                                    k                   kafka.strimzi.io/v1beta2                    true         Kafka
+kafkatopics                               kt                  kafka.strimzi.io/v1beta2                    true         KafkaTopic
+kafkausers                                ku                  kafka.strimzi.io/v1beta2                    true         KafkaUser
+kibanas                                   kb                  kibana.k8s.elastic.co/v1                    true         Kibana
+elasticmapsservers                        ems                 maps.k8s.elastic.co/v1alpha1                true         ElasticMapsServer
+nodes                                                         metrics.k8s.io/v1beta1                      false        NodeMetrics
+pods                                                          metrics.k8s.io/v1beta1                      true         PodMetrics
+tenants                                   tenant              minio.min.io/v2                             true         Tenant
+alertmanagerconfigs                       amcfg               monitoring.coreos.com/v1alpha1              true         AlertmanagerConfig
+alertmanagers                             am                  monitoring.coreos.com/v1                    true         Alertmanager
+podmonitors                               pmon                monitoring.coreos.com/v1                    true         PodMonitor
+probes                                    prb                 monitoring.coreos.com/v1                    true         Probe
+prometheuses                              prom                monitoring.coreos.com/v1                    true         Prometheus
+prometheusrules                           promrule            monitoring.coreos.com/v1                    true         PrometheusRule
+servicemonitors                           smon                monitoring.coreos.com/v1                    true         ServiceMonitor
+thanosrulers                              ruler               monitoring.coreos.com/v1                    true         ThanosRuler
+assign                                                        mutations.gatekeeper.sh/v1                  false        Assign
+assignmetadata                                                mutations.gatekeeper.sh/v1                  false        AssignMetadata
+modifyset                                                     mutations.gatekeeper.sh/v1                  false        ModifySet
+ingressclasses                                                networking.k8s.io/v1                        false        IngressClass
+ingresses                                 ing                 networking.k8s.io/v1                        true         Ingress
+networkpolicies                           netpol              networking.k8s.io/v1                        true         NetworkPolicy
+runtimeclasses                                                node.k8s.io/v1                              false        RuntimeClass
+poddisruptionbudgets                      pdb                 policy/v1                                   true         PodDisruptionBudget
+podsecuritypolicies                       psp                 policy/v1beta1                              false        PodSecurityPolicy
+clusterrolebindings                                           rbac.authorization.k8s.io/v1                false        ClusterRoleBinding
+clusterroles                                                  rbac.authorization.k8s.io/v1                false        ClusterRole
+rolebindings                                                  rbac.authorization.k8s.io/v1                true         RoleBinding
+roles                                                         rbac.authorization.k8s.io/v1                true         Role
+dbclusterparametergroups                                      rds.services.k8s.aws/v1alpha1               true         DBClusterParameterGroup
+dbclusters                                                    rds.services.k8s.aws/v1alpha1               true         DBCluster
+dbinstances                                                   rds.services.k8s.aws/v1alpha1               true         DBInstance
+dbparametergroups                                             rds.services.k8s.aws/v1alpha1               true         DBParameterGroup
+dbproxies                                                     rds.services.k8s.aws/v1alpha1               true         DBProxy
+dbsecuritygroups                                              rds.services.k8s.aws/v1alpha1               true         DBSecurityGroup
+dbsubnetgroups                                                rds.services.k8s.aws/v1alpha1               true         DBSubnetGroup
+globalclusters                                                rds.services.k8s.aws/v1alpha1               true         GlobalCluster
+buckets                                                       s3.services.k8s.aws/v1alpha1                true         Bucket
+priorityclasses                           pc                  scheduling.k8s.io/v1                        false        PriorityClass
+basicauths                                                    secretgenerator.mittwald.de/v1alpha1        true         BasicAuth
+sshkeypairs                                                   secretgenerator.mittwald.de/v1alpha1        true         SSHKeyPair
+stringsecrets                                                 secretgenerator.mittwald.de/v1alpha1        true         StringSecret
+adoptedresources                                              services.k8s.aws/v1alpha1                   true         AdoptedResource
+fieldexports                                                  services.k8s.aws/v1alpha1                   true         FieldExport
+volumesnapshotclasses                     vsclass,vsclasses   snapshot.storage.k8s.io/v1                  false        VolumeSnapshotClass
+volumesnapshotcontents                    vsc,vscs            snapshot.storage.k8s.io/v1                  false        VolumeSnapshotContent
+volumesnapshots                           vs                  snapshot.storage.k8s.io/v1                  true         VolumeSnapshot
+stackconfigpolicies                       scp                 stackconfigpolicy.k8s.elastic.co/v1alpha1   true         StackConfigPolicy
+constraintpodstatuses                                         status.gatekeeper.sh/v1beta1                true         ConstraintPodStatus
+constrainttemplatepodstatuses                                 status.gatekeeper.sh/v1beta1                true         ConstraintTemplatePodStatus
+mutatorpodstatuses                                            status.gatekeeper.sh/v1beta1                true         MutatorPodStatus
+csidrivers                                                    storage.k8s.io/v1                           false        CSIDriver
+csinodes                                                      storage.k8s.io/v1                           false        CSINode
+csistoragecapacities                                          storage.k8s.io/v1beta1                      true         CSIStorageCapacity
+storageclasses                            sc                  storage.k8s.io/v1                           false        StorageClass
+volumeattachments                                             storage.k8s.io/v1                           false        VolumeAttachment
+constrainttemplates                                           templates.gatekeeper.sh/v1                  false        ConstraintTemplate
+githubcomments                                                templates.kluctl.io/v1alpha1                true         GithubComment
+gitlabcomments                                                templates.kluctl.io/v1alpha1                true         GitlabComment
+gitprojectors                                                 templates.kluctl.io/v1alpha1                true         GitProjector
+listgithubpullrequests                                        templates.kluctl.io/v1alpha1                true         ListGithubPullRequests
+listgitlabmergerequests                                       templates.kluctl.io/v1alpha1                true         ListGitlabMergeRequests
+objecthandlers                                                templates.kluctl.io/v1alpha1                true         ObjectHandler
+objecttemplates                                               templates.kluctl.io/v1alpha1                true         ObjectTemplate
+texttemplates                                                 templates.kluctl.io/v1alpha1                true         TextTemplate
+backuprepositories                                            velero.io/v1                                true         BackupRepository
+backups                                                       velero.io/v1                                true         Backup
+backupstoragelocations                    bsl                 velero.io/v1                                true         BackupStorageLocation
+deletebackuprequests                                          velero.io/v1                                true         DeleteBackupRequest
+downloadrequests                                              velero.io/v1                                true         DownloadRequest
+podvolumebackups                                              velero.io/v1                                true         PodVolumeBackup
+podvolumerestores                                             velero.io/v1                                true         PodVolumeRestore
+resticrepositories                                            velero.io/v1                                true         ResticRepository
+restores                                                      velero.io/v1                                true         Restore
+schedules                                                     velero.io/v1                                true         Schedule
+serverstatusrequests                      ssr                 velero.io/v1                                true         ServerStatusRequest
+volumesnapshotlocations                   vsl                 velero.io/v1                                true         VolumeSnapshotLocation
+securitygrouppolicies                     sgp                 vpcresources.k8s.aws/v1beta1                true         SecurityGroupPolicy
+`
+
+type ShortName struct {
+	Group     string `json:"group,omitempty"`
+	Kind      string `json:"kind"`
+	ShortName string `json:"shortName"`
+}
+
+var shortNames []ShortName
+
+func init() {
+	for _, l := range strings.Split(apiResourcesOutput, "\n") {
+		if l == "" {
+			continue
+		}
+		s := strings.Fields(l)
+		if len(s) == 5 {
+			sns := strings.Split(s[1], ",")
+			apiVersion := s[2]
+			kind := s[4]
+
+			group := ""
+			s2 := strings.Split(apiVersion, "/")
+			if len(s2) == 2 {
+				group = s2[0]
+			}
+
+			shortNames = append(shortNames, ShortName{
+				Group:     group,
+				Kind:      kind,
+				ShortName: sns[0],
+			})
+		}
+	}
+}
+
+func GetShortNames() []ShortName {
+	return shortNames
+}
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
new file mode 100644
index 000000000..fd7f95726
--- /dev/null
+++ b/pkg/webui/staticbuilder.go
@@ -0,0 +1,144 @@
+package webui
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	cp "github.com/otiai10/copy"
+	"os"
+	"path/filepath"
+)
+
+type StaticWebuiBuilder struct {
+	store results.ResultStore
+}
+
+func NewStaticWebuiBuilder(store results.ResultStore) *StaticWebuiBuilder {
+	ret := &StaticWebuiBuilder{
+		store: store,
+	}
+	return ret
+}
+
+func (swb *StaticWebuiBuilder) Build(path string) error {
+	tmpDir, err := os.MkdirTemp("", "")
+	if err != nil {
+		return err
+	}
+	//defer os.RemoveAll(tmpDir)
+
+	summaries, err := swb.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+
+	projects := result.BuildProjectSummaries(summaries)
+
+	err = os.MkdirAll(filepath.Join(tmpDir, "staticdata"), 0o700)
+	if err != nil {
+		return err
+	}
+
+	gh := utils.NewGoHelper(context.Background(), 8)
+	for _, rs := range summaries {
+		rs := rs
+		gh.RunE(func() error {
+			cr, err := swb.store.GetCommandResult(results.GetCommandResultOptions{
+				Id: rs.Id,
+			})
+
+			var js string
+
+			if err != nil {
+				jerr := struct {
+					Error string `json:"error"`
+				}{
+					Error: err.Error(),
+				}
+				j, err := yaml.WriteJsonString(jerr)
+				if err != nil {
+					return err
+				}
+				js = fmt.Sprintf("staticResults.set(\"%s\", %s)\n", rs.Id, j)
+			} else {
+				j, err := yaml.WriteJsonString(cr)
+				if err != nil {
+					return err
+				}
+				js = fmt.Sprintf("staticResults.set(\"%s\", %s)\n", rs.Id, j)
+			}
+			err = os.WriteFile(filepath.Join(tmpDir, fmt.Sprintf("staticdata/result-%s.js", rs.Id)), []byte(js), 0o600)
+			if err != nil {
+				return err
+			}
+			return nil
+		})
+	}
+	gh.Wait()
+
+	j, err := yaml.WriteJsonString(summaries)
+	if err != nil {
+		return err
+	}
+	j = `const staticSummaries=` + j
+	err = os.WriteFile(filepath.Join(tmpDir, "staticdata/summaries.js"), []byte(j), 0o600)
+	if err != nil {
+		return err
+	}
+
+	j, err = yaml.WriteJsonString(projects)
+	if err != nil {
+		return err
+	}
+	j = `const staticProjects=` + j
+	err = os.WriteFile(filepath.Join(tmpDir, "staticdata/projects.js"), []byte(j), 0o600)
+	if err != nil {
+		return err
+	}
+
+	j, err = yaml.WriteJsonString(GetShortNames())
+	if err != nil {
+		return err
+	}
+	j = `const staticShortNames=` + j
+	err = os.WriteFile(filepath.Join(tmpDir, "staticdata/shortnames.js"), []byte(j), 0o600)
+	if err != nil {
+		return err
+	}
+
+	err = utils.FsCopyDir(uiFS, ".", tmpDir)
+	if err != nil {
+		return err
+	}
+
+	indexHtml, err := os.ReadFile(filepath.Join(tmpDir, "index.html"))
+	if err != nil {
+		return err
+	}
+	indexHtml = bytes.ReplaceAll(indexHtml, []byte("/webui/"), []byte("./"))
+	err = os.WriteFile(filepath.Join(tmpDir, "index.html"), indexHtml, 0)
+	if err != nil {
+		return err
+	}
+
+	staticbuildJsBytes, err := os.ReadFile(filepath.Join(tmpDir, "staticbuild.js"))
+	if err != nil {
+		return err
+	}
+	staticbuildJs := string(staticbuildJsBytes) + "\nisStaticBuild = true\n"
+	err = os.WriteFile(filepath.Join(tmpDir, "staticbuild.js"), []byte(staticbuildJs), 0)
+	if err != nil {
+		return err
+	}
+
+	err = cp.Copy(tmpDir, path)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/webui/ui/build.js b/pkg/webui/ui/build.js
new file mode 100644
index 000000000..0386a1a3c
--- /dev/null
+++ b/pkg/webui/ui/build.js
@@ -0,0 +1,5 @@
+const rewire = require('rewire');
+const defaults = rewire('react-scripts/scripts/build.js');
+const config = defaults.__get__('config');
+
+config.optimization.minimize = false
diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
new file mode 100644
index 000000000..014cd172d
--- /dev/null
+++ b/pkg/webui/ui/package-lock.json
@@ -0,0 +1,18441 @@
+{
+  "name": "react-demo",
+  "version": "0.1.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "react-demo",
+      "version": "0.1.0",
+      "dependencies": {
+        "@emotion/react": "^11.10.6",
+        "@emotion/styled": "^11.10.6",
+        "@fontsource/roboto": "^4.5.8",
+        "@mui/icons-material": "^5.11.11",
+        "@mui/lab": "^5.0.0-alpha.124",
+        "@mui/material": "^5.11.14",
+        "@testing-library/jest-dom": "^5.16.5",
+        "@testing-library/react": "^13.4.0",
+        "@testing-library/user-event": "^13.5.0",
+        "@types/jest": "^27.5.2",
+        "@types/node": "^16.18.18",
+        "@types/react": "^18.0.28",
+        "@types/react-dom": "^18.0.11",
+        "jdenticon": "^3.2.0",
+        "js-sha256": "^0.9.0",
+        "js-yaml": "^4.1.0",
+        "localforage": "^1.10.0",
+        "lodash-core": "^4.17.19",
+        "match-sorter": "^6.3.1",
+        "react": "^18.2.0",
+        "react-dom": "^18.2.0",
+        "react-router": "^6.10.0",
+        "react-router-dom": "^6.10.0",
+        "react-scripts": "5.0.1",
+        "react-syntax-highlighter": "^15.5.0",
+        "sort-by": "^1.2.0",
+        "typescript": "^4.9.5",
+        "web-vitals": "^2.1.4"
+      },
+      "devDependencies": {
+        "@types/js-yaml": "^4.0.5",
+        "@types/lodash": "^4.14.192",
+        "@types/react-syntax-highlighter": "^15.5.6",
+        "rewire": "^6.0.0"
+      }
+    },
+    "node_modules/@adobe/css-tools": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.2.0.tgz",
+      "integrity": "sha512-E09FiIft46CmH5Qnjb0wsW54/YQd69LsxeKUOWawmws1XWvyFGURnAChH0mlr7YPFR1ofwvUQfcL0J3lMxXqPA=="
+    },
+    "node_modules/@ampproject/remapping": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.0.tgz",
+      "integrity": "sha512-qRmjj8nj9qmLTQXXmaR1cck3UXSRMPrbsLJAasZpF+t3riI71BXed5ebIOYwQntykeZuhjsdweEc9BxH5Jc26w==",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.1.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/code-frame": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz",
+      "integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
+      "dependencies": {
+        "@babel/highlight": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/compat-data": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.21.0.tgz",
+      "integrity": "sha512-gMuZsmsgxk/ENC3O/fRw5QY8A9/uxQbbCEypnLIiYYc/qVJtEV7ouxC3EllIIwNzMqAQee5tanFabWsUOutS7g==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/core": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.21.3.tgz",
+      "integrity": "sha512-qIJONzoa/qiHghnm0l1n4i/6IIziDpzqc36FBs4pzMhDUraHqponwJLiAKm1hGLP3OSB/TVNz6rMwVGpwxxySw==",
+      "dependencies": {
+        "@ampproject/remapping": "^2.2.0",
+        "@babel/code-frame": "^7.18.6",
+        "@babel/generator": "^7.21.3",
+        "@babel/helper-compilation-targets": "^7.20.7",
+        "@babel/helper-module-transforms": "^7.21.2",
+        "@babel/helpers": "^7.21.0",
+        "@babel/parser": "^7.21.3",
+        "@babel/template": "^7.20.7",
+        "@babel/traverse": "^7.21.3",
+        "@babel/types": "^7.21.3",
+        "convert-source-map": "^1.7.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.2",
+        "json5": "^2.2.2",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/babel"
+      }
+    },
+    "node_modules/@babel/core/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/eslint-parser": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.21.3.tgz",
+      "integrity": "sha512-kfhmPimwo6k4P8zxNs8+T7yR44q1LdpsZdE1NkCsVlfiuTPRfnGgjaF8Qgug9q9Pou17u6wneYF0lDCZJATMFg==",
+      "dependencies": {
+        "@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
+        "eslint-visitor-keys": "^2.1.0",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || >=14.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": ">=7.11.0",
+        "eslint": "^7.5.0 || ^8.0.0"
+      }
+    },
+    "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz",
+      "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@babel/eslint-parser/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/generator": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.21.3.tgz",
+      "integrity": "sha512-QS3iR1GYC/YGUnW7IdggFeN5c1poPUurnGttOV/bZgPGV+izC/D8HnD6DLwod0fsatNyVn1G3EVWMYIF0nHbeA==",
+      "dependencies": {
+        "@babel/types": "^7.21.3",
+        "@jridgewell/gen-mapping": "^0.3.2",
+        "@jridgewell/trace-mapping": "^0.3.17",
+        "jsesc": "^2.5.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/generator/node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
+      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
+      "dependencies": {
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/helper-annotate-as-pure": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.18.6.tgz",
+      "integrity": "sha512-duORpUiYrEpzKIop6iNbjnwKLAKnJ47csTyRACyEmWj0QdUrm5aqNJGHSSEQSUAvNW0ojX0dOmK9dZduvkfeXA==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.18.9.tgz",
+      "integrity": "sha512-yFQ0YCHoIqarl8BCRwBL8ulYUaZpz3bNsA7oFepAzee+8/+ImtADXNOmO5vJvsPff3qi+hvpkY/NYBTrBQgdNw==",
+      "dependencies": {
+        "@babel/helper-explode-assignable-expression": "^7.18.6",
+        "@babel/types": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-compilation-targets": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.20.7.tgz",
+      "integrity": "sha512-4tGORmfQcrc+bvrjb5y3dG9Mx1IOZjsHqQVUz7XCNHO+iTmqxWnVg3KRygjGmpRLJGdQSKuvFinbIb0CnZwHAQ==",
+      "dependencies": {
+        "@babel/compat-data": "^7.20.5",
+        "@babel/helper-validator-option": "^7.18.6",
+        "browserslist": "^4.21.3",
+        "lru-cache": "^5.1.1",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-compilation-targets/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/helper-create-class-features-plugin": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.21.0.tgz",
+      "integrity": "sha512-Q8wNiMIdwsv5la5SPxNYzzkPnjgC0Sy0i7jLkVOCdllu/xcVNkr3TeZzbHBJrj+XXRqzX5uCyCoV9eu6xUG7KQ==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-function-name": "^7.21.0",
+        "@babel/helper-member-expression-to-functions": "^7.21.0",
+        "@babel/helper-optimise-call-expression": "^7.18.6",
+        "@babel/helper-replace-supers": "^7.20.7",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0",
+        "@babel/helper-split-export-declaration": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-create-regexp-features-plugin": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.21.0.tgz",
+      "integrity": "sha512-N+LaFW/auRSWdx7SHD/HiARwXQju1vXTW4fKr4u5SgBUTm51OKEjKgj+cs00ggW3kEvNqwErnlwuq7Y3xBe4eg==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "regexpu-core": "^5.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-define-polyfill-provider": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.3.3.tgz",
+      "integrity": "sha512-z5aQKU4IzbqCC1XH0nAqfsFLMVSo22SBKUc0BxGrLkolTdPTructy0ToNnlO2zA4j9Q/7pjMZf0DSY+DSTYzww==",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.17.7",
+        "@babel/helper-plugin-utils": "^7.16.7",
+        "debug": "^4.1.1",
+        "lodash.debounce": "^4.0.8",
+        "resolve": "^1.14.2",
+        "semver": "^6.1.2"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.4.0-0"
+      }
+    },
+    "node_modules/@babel/helper-define-polyfill-provider/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/helper-environment-visitor": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz",
+      "integrity": "sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-explode-assignable-expression": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.18.6.tgz",
+      "integrity": "sha512-eyAYAsQmB80jNfg4baAtLeWAQHfHFiR483rzFK+BhETlGZaQC9bsfrugfXDCbRHLQbIA7U5NxhhOxN7p/dWIcg==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-function-name": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.21.0.tgz",
+      "integrity": "sha512-HfK1aMRanKHpxemaY2gqBmL04iAPOPRj7DxtNbiDOrJK+gdwkiNRVpCpUJYbUT+aZyemKN8brqTOxzCaG6ExRg==",
+      "dependencies": {
+        "@babel/template": "^7.20.7",
+        "@babel/types": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-hoist-variables": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz",
+      "integrity": "sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-member-expression-to-functions": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.21.0.tgz",
+      "integrity": "sha512-Muu8cdZwNN6mRRNG6lAYErJ5X3bRevgYR2O8wN0yn7jJSnGDu6eG59RfT29JHxGUovyfrh6Pj0XzmR7drNVL3Q==",
+      "dependencies": {
+        "@babel/types": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-imports": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.18.6.tgz",
+      "integrity": "sha512-0NFvs3VkuSYbFi1x2Vd6tKrywq+z/cLeYC/RJNFrIX/30Bf5aiGYbtvGXolEktzJH8o5E5KJ3tT+nkxuuZFVlA==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-transforms": {
+      "version": "7.21.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.21.2.tgz",
+      "integrity": "sha512-79yj2AR4U/Oqq/WOV7Lx6hUjau1Zfo4cI+JLAVYeMV5XIlbOhmjEk5ulbTc9fMpmlojzZHkUUxAiK+UKn+hNQQ==",
+      "dependencies": {
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-module-imports": "^7.18.6",
+        "@babel/helper-simple-access": "^7.20.2",
+        "@babel/helper-split-export-declaration": "^7.18.6",
+        "@babel/helper-validator-identifier": "^7.19.1",
+        "@babel/template": "^7.20.7",
+        "@babel/traverse": "^7.21.2",
+        "@babel/types": "^7.21.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-optimise-call-expression": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.18.6.tgz",
+      "integrity": "sha512-HP59oD9/fEHQkdcbgFCnbmgH5vIQTJbxh2yf+CdM89/glUNnuzr87Q8GIjGEnOktTROemO0Pe0iPAYbqZuOUiA==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-plugin-utils": {
+      "version": "7.20.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.20.2.tgz",
+      "integrity": "sha512-8RvlJG2mj4huQ4pZ+rU9lqKi9ZKiRmuvGuM2HlWmkmgOhbs6zEAw6IEiJ5cQqGbDzGZOhwuOQNtZMi/ENLjZoQ==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-remap-async-to-generator": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.18.9.tgz",
+      "integrity": "sha512-dI7q50YKd8BAv3VEfgg7PS7yD3Rtbi2J1XMXaalXO0W0164hYLnh8zpjRS0mte9MfVp/tltvr/cfdXPvJr1opA==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-wrap-function": "^7.18.9",
+        "@babel/types": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-replace-supers": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.20.7.tgz",
+      "integrity": "sha512-vujDMtB6LVfNW13jhlCrp48QNslK6JXi7lQG736HVbHz/mbf4Dc7tIRh1Xf5C0rF7BP8iiSxGMCmY6Ci1ven3A==",
+      "dependencies": {
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-member-expression-to-functions": "^7.20.7",
+        "@babel/helper-optimise-call-expression": "^7.18.6",
+        "@babel/template": "^7.20.7",
+        "@babel/traverse": "^7.20.7",
+        "@babel/types": "^7.20.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-simple-access": {
+      "version": "7.20.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.20.2.tgz",
+      "integrity": "sha512-+0woI/WPq59IrqDYbVGfshjT5Dmk/nnbdpcF8SnMhhXObpTq2KNBdLFRFrkVdbDOyUmHBCxzm5FHV1rACIkIbA==",
+      "dependencies": {
+        "@babel/types": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-skip-transparent-expression-wrappers": {
+      "version": "7.20.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.20.0.tgz",
+      "integrity": "sha512-5y1JYeNKfvnT8sZcK9DVRtpTbGiomYIHviSP3OQWmDPU3DeH4a1ZlT/N2lyQ5P8egjcRaT/Y9aNqUxK0WsnIIg==",
+      "dependencies": {
+        "@babel/types": "^7.20.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-split-export-declaration": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.18.6.tgz",
+      "integrity": "sha512-bde1etTx6ZyTmobl9LLMMQsaizFVZrquTEHOqKeQESMKo4PlObf+8+JA25ZsIpZhT/WEd39+vOdLXAFG/nELpA==",
+      "dependencies": {
+        "@babel/types": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-string-parser": {
+      "version": "7.19.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.19.4.tgz",
+      "integrity": "sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-identifier": {
+      "version": "7.19.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz",
+      "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-option": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.21.0.tgz",
+      "integrity": "sha512-rmL/B8/f0mKS2baE9ZpyTcTavvEuWhTTW8amjzXNvYG4AwBsqTLikfXsEofsJEfKHf+HQVQbFOHy6o+4cnC/fQ==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-wrap-function": {
+      "version": "7.20.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.20.5.tgz",
+      "integrity": "sha512-bYMxIWK5mh+TgXGVqAtnu5Yn1un+v8DDZtqyzKRLUzrh70Eal2O3aZ7aPYiMADO4uKlkzOiRiZ6GX5q3qxvW9Q==",
+      "dependencies": {
+        "@babel/helper-function-name": "^7.19.0",
+        "@babel/template": "^7.18.10",
+        "@babel/traverse": "^7.20.5",
+        "@babel/types": "^7.20.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helpers": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.21.0.tgz",
+      "integrity": "sha512-XXve0CBtOW0pd7MRzzmoyuSj0e3SEzj8pgyFxnTT1NJZL38BD1MK7yYrm8yefRPIDvNNe14xR4FdbHwpInD4rA==",
+      "dependencies": {
+        "@babel/template": "^7.20.7",
+        "@babel/traverse": "^7.21.0",
+        "@babel/types": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/highlight": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz",
+      "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==",
+      "dependencies": {
+        "@babel/helper-validator-identifier": "^7.18.6",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/parser": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.21.3.tgz",
+      "integrity": "sha512-lobG0d7aOfQRXh8AyklEAgZGvA4FShxo6xQbUrrT/cNBPUdIDojlokwJsQyCC/eKia7ifqM0yP+2DRZ4WKw2RQ==",
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.18.6.tgz",
+      "integrity": "sha512-Dgxsyg54Fx1d4Nge8UnvTrED63vrwOdPmyvPzlNN/boaliRP54pm3pGzZD1SJUwrBA+Cs/xdG8kXX6Mn/RfISQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.20.7.tgz",
+      "integrity": "sha512-sbr9+wNE5aXMBBFBICk01tt7sBf2Oc9ikRFEcem/ZORup9IMUdNhW7/wVLEbbtlWOsEubJet46mHAL2C8+2jKQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0",
+        "@babel/plugin-proposal-optional-chaining": "^7.20.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.13.0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-async-generator-functions": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.20.7.tgz",
+      "integrity": "sha512-xMbiLsn/8RK7Wq7VeVytytS2L6qE69bXPB10YCmMdDZbKF4okCqY74pI/jJQ/8U0b/F6NrT2+14b8/P9/3AMGA==",
+      "dependencies": {
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-remap-async-to-generator": "^7.18.9",
+        "@babel/plugin-syntax-async-generators": "^7.8.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-class-properties": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.18.6.tgz",
+      "integrity": "sha512-cumfXOF0+nzZrrN8Rf0t7M+tF6sZc7vhQwYQck9q1/5w2OExlD+b4v4RpMJFaV1Z7WcDRgO6FqvxqxGlwo+RHQ==",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-class-static-block": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-static-block/-/plugin-proposal-class-static-block-7.21.0.tgz",
+      "integrity": "sha512-XP5G9MWNUskFuP30IfFSEFB0Z6HzLIUcjYM4bYOPHXl7eiJ9HFv8tWj6TXTN5QODiEhDZAeI4hLok2iHFFV4hw==",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.21.0",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.12.0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-decorators": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.21.0.tgz",
+      "integrity": "sha512-MfgX49uRrFUTL/HvWtmx3zmpyzMMr4MTj3d527MLlr/4RTT9G/ytFFP7qet2uM2Ve03b+BkpWUpK+lRXnQ+v9w==",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.21.0",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-replace-supers": "^7.20.7",
+        "@babel/helper-split-export-declaration": "^7.18.6",
+        "@babel/plugin-syntax-decorators": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-dynamic-import": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-dynamic-import/-/plugin-proposal-dynamic-import-7.18.6.tgz",
+      "integrity": "sha512-1auuwmK+Rz13SJj36R+jqFPMJWyKEDd7lLSdOj4oJK0UTgGueSAtkrCvz9ewmgyU/P941Rv2fQwZJN8s6QruXw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/plugin-syntax-dynamic-import": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-export-namespace-from": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-export-namespace-from/-/plugin-proposal-export-namespace-from-7.18.9.tgz",
+      "integrity": "sha512-k1NtHyOMvlDDFeb9G5PhUXuGj8m/wiwojgQVEhJ/fsVsMCpLyOP4h0uGEjYJKrRI+EVPlb5Jk+Gt9P97lOGwtA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9",
+        "@babel/plugin-syntax-export-namespace-from": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-json-strings": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-json-strings/-/plugin-proposal-json-strings-7.18.6.tgz",
+      "integrity": "sha512-lr1peyn9kOdbYc0xr0OdHTZ5FMqS6Di+H0Fz2I/JwMzGmzJETNeOFq2pBySw6X/KFL5EWDjlJuMsUGRFb8fQgQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/plugin-syntax-json-strings": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-logical-assignment-operators": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-logical-assignment-operators/-/plugin-proposal-logical-assignment-operators-7.20.7.tgz",
+      "integrity": "sha512-y7C7cZgpMIjWlKE5T7eJwp+tnRYM89HmRvWM5EQuB5BoHEONjmQ8lSNmBUwOyy/GFRsohJED51YBF79hE1djug==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-nullish-coalescing-operator": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-nullish-coalescing-operator/-/plugin-proposal-nullish-coalescing-operator-7.18.6.tgz",
+      "integrity": "sha512-wQxQzxYeJqHcfppzBDnm1yAY0jSRkUXR2z8RePZYrKwMKgMlE8+Z6LUno+bd6LvbGh8Gltvy74+9pIYkr+XkKA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-numeric-separator": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.18.6.tgz",
+      "integrity": "sha512-ozlZFogPqoLm8WBr5Z8UckIoE4YQ5KESVcNudyXOR8uqIkliTEgJ3RoketfG6pmzLdeZF0H/wjE9/cCEitBl7Q==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-object-rest-spread": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.20.7.tgz",
+      "integrity": "sha512-d2S98yCiLxDVmBmE8UjGcfPvNEUbA1U5q5WxaWFUGRzJSVAZqm5W6MbPct0jxnegUZ0niLeNX+IOzEs7wYg9Dg==",
+      "dependencies": {
+        "@babel/compat-data": "^7.20.5",
+        "@babel/helper-compilation-targets": "^7.20.7",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-transform-parameters": "^7.20.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-optional-catch-binding": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-catch-binding/-/plugin-proposal-optional-catch-binding-7.18.6.tgz",
+      "integrity": "sha512-Q40HEhs9DJQyaZfUjjn6vE8Cv4GmMHCYuMGIWUnlxH6400VGxOuwWsPt4FxXxJkC/5eOzgn0z21M9gMT4MOhbw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-optional-chaining": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.21.0.tgz",
+      "integrity": "sha512-p4zeefM72gpmEe2fkUr/OnOXpWEf8nAgk7ZYVqqfFiyIG7oFfVZcCrU64hWn5xp4tQ9LkV4bTIa5rD0KANpKNA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-private-methods": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-methods/-/plugin-proposal-private-methods-7.18.6.tgz",
+      "integrity": "sha512-nutsvktDItsNn4rpGItSNV2sz1XwS+nfU0Rg8aCx3W3NOKVzdMjJRu0O5OkgDp3ZGICSTbgRpxZoWsxoKRvbeA==",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-private-property-in-object": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0.tgz",
+      "integrity": "sha512-ha4zfehbJjc5MmXBlHec1igel5TJXXLDDRbuJ4+XT2TJcyD9/V1919BA8gMvsdHcNMBy4WBUBiRb3nw/EQUtBw==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-create-class-features-plugin": "^7.21.0",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-proposal-unicode-property-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-unicode-property-regex/-/plugin-proposal-unicode-property-regex-7.18.6.tgz",
+      "integrity": "sha512-2BShG/d5yoZyXZfVePH91urL5wTG6ASZU9M4o03lKK8u8UW1y08OMttBSOADTcJrnPMpvDXRG3G8fyLh4ovs8w==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-async-generators": {
+      "version": "7.8.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz",
+      "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-bigint": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz",
+      "integrity": "sha512-wnTnFlG+YxQm3vDxpGE57Pj0srRU4sHE/mDkt1qv2YJJSeUAec2ma4WLUnUPeKjyrfntVwe/N6dCXpU+zL3Npg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-class-properties": {
+      "version": "7.12.13",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz",
+      "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.12.13"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-class-static-block": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz",
+      "integrity": "sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-decorators": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.21.0.tgz",
+      "integrity": "sha512-tIoPpGBR8UuM4++ccWN3gifhVvQu7ZizuR1fklhRJrd5ewgbkUS+0KVFeWWxELtn18NTLoW32XV7zyOgIAiz+w==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-dynamic-import": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz",
+      "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-export-namespace-from": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.8.3.tgz",
+      "integrity": "sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.3"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-flow": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.18.6.tgz",
+      "integrity": "sha512-LUbR+KNTBWCUAqRG9ex5Gnzu2IOkt8jRJbHHXFT9q+L9zm7M/QQbEqXyw1n1pohYvOyWC8CjeyjrSaIwiYjK7A==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-assertions": {
+      "version": "7.20.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.20.0.tgz",
+      "integrity": "sha512-IUh1vakzNoWalR8ch/areW7qFopR2AEw03JlG7BbrDqmQ4X3q9uuipQwSGrUn7oGiemKjtSLDhNtQHzMHr1JdQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.19.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-meta": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz",
+      "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-json-strings": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz",
+      "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-jsx": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.18.6.tgz",
+      "integrity": "sha512-6mmljtAedFGTWu2p/8WIORGwy+61PLgOMPOdazc7YoJ9ZCWUyFy3A6CpPkRKLKD1ToAesxX8KGEViAiLo9N+7Q==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-logical-assignment-operators": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz",
+      "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz",
+      "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-numeric-separator": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz",
+      "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.10.4"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-object-rest-spread": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz",
+      "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-optional-catch-binding": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz",
+      "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-optional-chaining": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz",
+      "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.8.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-private-property-in-object": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz",
+      "integrity": "sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-top-level-await": {
+      "version": "7.14.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz",
+      "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.14.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-typescript": {
+      "version": "7.20.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.20.0.tgz",
+      "integrity": "sha512-rd9TkG+u1CExzS4SM1BlMEhMXwFLKVjOAFFCDx9PbX5ycJWDoWMcwdJH9RhkPu1dOgn5TrxLot/Gx6lWFuAUNQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.19.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-arrow-functions": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.20.7.tgz",
+      "integrity": "sha512-3poA5E7dzDomxj9WXWwuD6A5F3kc7VXwIJO+E+J8qtDtS+pXPAhrgEyh+9GBwBgPq1Z+bB+/JD60lp5jsN7JPQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-async-to-generator": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.20.7.tgz",
+      "integrity": "sha512-Uo5gwHPT9vgnSXQxqGtpdufUiWp96gk7yiP4Mp5bm1QMkEmLXBO7PAGYbKoJ6DhAwiNkcHFBol/x5zZZkL/t0Q==",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-remap-async-to-generator": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-block-scoped-functions": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.18.6.tgz",
+      "integrity": "sha512-ExUcOqpPWnliRcPqves5HJcJOvHvIIWfuS4sroBUenPuMdmW+SMHDakmtS7qOo13sVppmUijqeTv7qqGsvURpQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-block-scoping": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.21.0.tgz",
+      "integrity": "sha512-Mdrbunoh9SxwFZapeHVrwFmri16+oYotcZysSzhNIVDwIAb1UV+kvnxULSYq9J3/q5MDG+4X6w8QVgD1zhBXNQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-classes": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.21.0.tgz",
+      "integrity": "sha512-RZhbYTCEUAe6ntPehC4hlslPWosNHDox+vAs4On/mCLRLfoDVHf6hVEd7kuxr1RnHwJmxFfUM3cZiZRmPxJPXQ==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-compilation-targets": "^7.20.7",
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-function-name": "^7.21.0",
+        "@babel/helper-optimise-call-expression": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-replace-supers": "^7.20.7",
+        "@babel/helper-split-export-declaration": "^7.18.6",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-computed-properties": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.20.7.tgz",
+      "integrity": "sha512-Lz7MvBK6DTjElHAmfu6bfANzKcxpyNPeYBGEafyA6E5HtRpjpZwU+u7Qrgz/2OR0z+5TvKYbPdphfSaAcZBrYQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/template": "^7.20.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-destructuring": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.21.3.tgz",
+      "integrity": "sha512-bp6hwMFzuiE4HqYEyoGJ/V2LeIWn+hLVKc4pnj++E5XQptwhtcGmSayM029d/j2X1bPKGTlsyPwAubuU22KhMA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-dotall-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.18.6.tgz",
+      "integrity": "sha512-6S3jpun1eEbAxq7TdjLotAsl4WpQI9DxfkycRcKrjhQYzU87qpXdknpBg/e+TdcMehqGnLFi7tnFUBR02Vq6wg==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-duplicate-keys": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.18.9.tgz",
+      "integrity": "sha512-d2bmXCtZXYc59/0SanQKbiWINadaJXqtvIQIzd4+hNwkWBgyCd5F/2t1kXoUdvPMrxzPvhK6EMQRROxsue+mfw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-exponentiation-operator": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.18.6.tgz",
+      "integrity": "sha512-wzEtc0+2c88FVR34aQmiz56dxEkxr2g8DQb/KfaFa1JYXOFVsbhvAonFN6PwVWj++fKmku8NP80plJ5Et4wqHw==",
+      "dependencies": {
+        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-flow-strip-types": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.21.0.tgz",
+      "integrity": "sha512-FlFA2Mj87a6sDkW4gfGrQQqwY/dLlBAyJa2dJEZ+FHXUVHBflO2wyKvg+OOEzXfrKYIa4HWl0mgmbCzt0cMb7w==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-flow": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-for-of": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.21.0.tgz",
+      "integrity": "sha512-LlUYlydgDkKpIY7mcBWvyPPmMcOphEyYA27Ef4xpbh1IiDNLr0kZsos2nf92vz3IccvJI25QUwp86Eo5s6HmBQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-function-name": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.18.9.tgz",
+      "integrity": "sha512-WvIBoRPaJQ5yVHzcnJFor7oS5Ls0PYixlTYE63lCj2RtdQEl15M68FXQlxnG6wdraJIXRdR7KI+hQ7q/9QjrCQ==",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.18.9",
+        "@babel/helper-function-name": "^7.18.9",
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-literals": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.18.9.tgz",
+      "integrity": "sha512-IFQDSRoTPnrAIrI5zoZv73IFeZu2dhu6irxQjY9rNjTT53VmKg9fenjvoiOWOkJ6mm4jKVPtdMzBY98Fp4Z4cg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-member-expression-literals": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.18.6.tgz",
+      "integrity": "sha512-qSF1ihLGO3q+/g48k85tUjD033C29TNTVB2paCwZPVmOsjn9pClvYYrM2VeJpBY2bcNkuny0YUyTNRyRxJ54KA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-amd": {
+      "version": "7.20.11",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.20.11.tgz",
+      "integrity": "sha512-NuzCt5IIYOW0O30UvqktzHYR2ud5bOWbY0yaxWZ6G+aFzOMJvrs5YHNikrbdaT15+KNO31nPOy5Fim3ku6Zb5g==",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.20.11",
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-commonjs": {
+      "version": "7.21.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.21.2.tgz",
+      "integrity": "sha512-Cln+Yy04Gxua7iPdj6nOV96smLGjpElir5YwzF0LBPKoPlLDNJePNlrGGaybAJkd0zKRnOVXOgizSqPYMNYkzA==",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.21.2",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-simple-access": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-systemjs": {
+      "version": "7.20.11",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.20.11.tgz",
+      "integrity": "sha512-vVu5g9BPQKSFEmvt2TA4Da5N+QVS66EX21d8uoOihC+OCpUoGvzVsXeqFdtAEfVa5BILAeFt+U7yVmLbQnAJmw==",
+      "dependencies": {
+        "@babel/helper-hoist-variables": "^7.18.6",
+        "@babel/helper-module-transforms": "^7.20.11",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-validator-identifier": "^7.19.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-modules-umd": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.18.6.tgz",
+      "integrity": "sha512-dcegErExVeXcRqNtkRU/z8WlBLnvD4MRnHgNs3MytRO1Mn1sHRyhbcpYbVMGclAqOjdW+9cfkdZno9dFdfKLfQ==",
+      "dependencies": {
+        "@babel/helper-module-transforms": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-named-capturing-groups-regex": {
+      "version": "7.20.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.20.5.tgz",
+      "integrity": "sha512-mOW4tTzi5iTLnw+78iEq3gr8Aoq4WNRGpmSlrogqaiCBoR1HFhpU4JkpQFOHfeYx3ReVIFWOQJS4aZBRvuZ6mA==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.20.5",
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-new-target": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.18.6.tgz",
+      "integrity": "sha512-DjwFA/9Iu3Z+vrAn+8pBUGcjhxKguSMlsFqeCKbhb9BAV756v0krzVK04CRDi/4aqmk8BsHb4a/gFcaA5joXRw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-object-super": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.18.6.tgz",
+      "integrity": "sha512-uvGz6zk+pZoS1aTZrOvrbj6Pp/kK2mp45t2B+bTDre2UgsZZ8EZLSJtUg7m/no0zOJUWgFONpB7Zv9W2tSaFlA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/helper-replace-supers": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-parameters": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.21.3.tgz",
+      "integrity": "sha512-Wxc+TvppQG9xWFYatvCGPvZ6+SIUxQ2ZdiBP+PHYMIjnPXD+uThCshaz4NZOnODAtBjjcVQQ/3OKs9LW28purQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-property-literals": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.18.6.tgz",
+      "integrity": "sha512-cYcs6qlgafTud3PAzrrRNbQtfpQ8+y/+M5tKmksS9+M1ckbH6kzY8MrexEM9mcA6JDsukE19iIRvAyYl463sMg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-constant-elements": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.21.3.tgz",
+      "integrity": "sha512-4DVcFeWe/yDYBLp0kBmOGFJ6N2UYg7coGid1gdxb4co62dy/xISDMaYBXBVXEDhfgMk7qkbcYiGtwd5Q/hwDDQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-display-name": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.18.6.tgz",
+      "integrity": "sha512-TV4sQ+T013n61uMoygyMRm+xf04Bd5oqFpv2jAEQwSZ8NwQA7zeRPg1LMVg2PWi3zWBz+CLKD+v5bcpZ/BS0aA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.21.0.tgz",
+      "integrity": "sha512-6OAWljMvQrZjR2DaNhVfRz6dkCAVV+ymcLUmaf8bccGOHn2v5rHJK3tTpij0BuhdYWP4LLaqj5lwcdlpAAPuvg==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-module-imports": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-jsx": "^7.18.6",
+        "@babel/types": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx-development": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.18.6.tgz",
+      "integrity": "sha512-SA6HEjwYFKF7WDjWcMcMGUimmw/nhNRDWxr+KaLSCrkD/LMDBvWRmHAYgE1HDeF8KUuI8OAu+RT6EOtKxSW2qA==",
+      "dependencies": {
+        "@babel/plugin-transform-react-jsx": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-pure-annotations": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.18.6.tgz",
+      "integrity": "sha512-I8VfEPg9r2TRDdvnHgPepTKvuRomzA8+u+nhY7qSI1fR2hRNebasZEETLyM5mAUr0Ku56OkXJ0I7NHJnO6cJiQ==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-regenerator": {
+      "version": "7.20.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.20.5.tgz",
+      "integrity": "sha512-kW/oO7HPBtntbsahzQ0qSE3tFvkFwnbozz3NWFhLGqH75vLEg+sCGngLlhVkePlCs3Jv0dBBHDzCHxNiFAQKCQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "regenerator-transform": "^0.15.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-reserved-words": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.18.6.tgz",
+      "integrity": "sha512-oX/4MyMoypzHjFrT1CdivfKZ+XvIPMFXwwxHp/r0Ddy2Vuomt4HDFGmft1TAY2yiTKiNSsh3kjBAzcM8kSdsjA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-runtime": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.21.0.tgz",
+      "integrity": "sha512-ReY6pxwSzEU0b3r2/T/VhqMKg/AkceBT19X0UptA3/tYi5Pe2eXgEUH+NNMC5nok6c6XQz5tyVTUpuezRfSMSg==",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "babel-plugin-polyfill-corejs2": "^0.3.3",
+        "babel-plugin-polyfill-corejs3": "^0.6.0",
+        "babel-plugin-polyfill-regenerator": "^0.4.1",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-runtime/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/plugin-transform-shorthand-properties": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.18.6.tgz",
+      "integrity": "sha512-eCLXXJqv8okzg86ywZJbRn19YJHU4XUa55oz2wbHhaQVn/MM+XhukiT7SYqp/7o00dg52Rj51Ny+Ecw4oyoygw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-spread": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.20.7.tgz",
+      "integrity": "sha512-ewBbHQ+1U/VnH1fxltbJqDeWBU1oNLG8Dj11uIv3xVf7nrQu0bPGe5Rf716r7K5Qz+SqtAOVswoVunoiBtGhxw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-sticky-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.18.6.tgz",
+      "integrity": "sha512-kfiDrDQ+PBsQDO85yj1icueWMfGfJFKN1KCkndygtu/C9+XUfydLC8Iv5UYJqRwy4zk8EcplRxEOeLyjq1gm6Q==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-template-literals": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.18.9.tgz",
+      "integrity": "sha512-S8cOWfT82gTezpYOiVaGHrCbhlHgKhQt8XH5ES46P2XWmX92yisoZywf5km75wv5sYcXDUCLMmMxOLCtthDgMA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-typeof-symbol": {
+      "version": "7.18.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.18.9.tgz",
+      "integrity": "sha512-SRfwTtF11G2aemAZWivL7PD+C9z52v9EvMqH9BuYbabyPuKUvSWks3oCg6041pT925L4zVFqaVBeECwsmlguEw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-typescript": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.21.3.tgz",
+      "integrity": "sha512-RQxPz6Iqt8T0uw/WsJNReuBpWpBqs/n7mNo18sKLoTbMp+UrEekhH+pKSVC7gWz+DNjo9gryfV8YzCiT45RgMw==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.18.6",
+        "@babel/helper-create-class-features-plugin": "^7.21.0",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/plugin-syntax-typescript": "^7.20.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-escapes": {
+      "version": "7.18.10",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.18.10.tgz",
+      "integrity": "sha512-kKAdAI+YzPgGY/ftStBFXTI1LZFju38rYThnfMykS+IXy8BVx+res7s2fxf1l8I35DV2T97ezo6+SGrXz6B3iQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.18.6.tgz",
+      "integrity": "sha512-gE7A6Lt7YLnNOL3Pb9BNeZvi+d8l7tcRrG4+pwJjK9hD2xX4mEvjlQW60G9EEmfXVYRPv9VRQcyegIVHCql/AA==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-env": {
+      "version": "7.20.2",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.20.2.tgz",
+      "integrity": "sha512-1G0efQEWR1EHkKvKHqbG+IN/QdgwfByUpM5V5QroDzGV2t3S/WXNQd693cHiHTlCFMpr9B6FkPFXDA2lQcKoDg==",
+      "dependencies": {
+        "@babel/compat-data": "^7.20.1",
+        "@babel/helper-compilation-targets": "^7.20.0",
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-validator-option": "^7.18.6",
+        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.18.6",
+        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.18.9",
+        "@babel/plugin-proposal-async-generator-functions": "^7.20.1",
+        "@babel/plugin-proposal-class-properties": "^7.18.6",
+        "@babel/plugin-proposal-class-static-block": "^7.18.6",
+        "@babel/plugin-proposal-dynamic-import": "^7.18.6",
+        "@babel/plugin-proposal-export-namespace-from": "^7.18.9",
+        "@babel/plugin-proposal-json-strings": "^7.18.6",
+        "@babel/plugin-proposal-logical-assignment-operators": "^7.18.9",
+        "@babel/plugin-proposal-nullish-coalescing-operator": "^7.18.6",
+        "@babel/plugin-proposal-numeric-separator": "^7.18.6",
+        "@babel/plugin-proposal-object-rest-spread": "^7.20.2",
+        "@babel/plugin-proposal-optional-catch-binding": "^7.18.6",
+        "@babel/plugin-proposal-optional-chaining": "^7.18.9",
+        "@babel/plugin-proposal-private-methods": "^7.18.6",
+        "@babel/plugin-proposal-private-property-in-object": "^7.18.6",
+        "@babel/plugin-proposal-unicode-property-regex": "^7.18.6",
+        "@babel/plugin-syntax-async-generators": "^7.8.4",
+        "@babel/plugin-syntax-class-properties": "^7.12.13",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5",
+        "@babel/plugin-syntax-dynamic-import": "^7.8.3",
+        "@babel/plugin-syntax-export-namespace-from": "^7.8.3",
+        "@babel/plugin-syntax-import-assertions": "^7.20.0",
+        "@babel/plugin-syntax-json-strings": "^7.8.3",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5",
+        "@babel/plugin-syntax-top-level-await": "^7.14.5",
+        "@babel/plugin-transform-arrow-functions": "^7.18.6",
+        "@babel/plugin-transform-async-to-generator": "^7.18.6",
+        "@babel/plugin-transform-block-scoped-functions": "^7.18.6",
+        "@babel/plugin-transform-block-scoping": "^7.20.2",
+        "@babel/plugin-transform-classes": "^7.20.2",
+        "@babel/plugin-transform-computed-properties": "^7.18.9",
+        "@babel/plugin-transform-destructuring": "^7.20.2",
+        "@babel/plugin-transform-dotall-regex": "^7.18.6",
+        "@babel/plugin-transform-duplicate-keys": "^7.18.9",
+        "@babel/plugin-transform-exponentiation-operator": "^7.18.6",
+        "@babel/plugin-transform-for-of": "^7.18.8",
+        "@babel/plugin-transform-function-name": "^7.18.9",
+        "@babel/plugin-transform-literals": "^7.18.9",
+        "@babel/plugin-transform-member-expression-literals": "^7.18.6",
+        "@babel/plugin-transform-modules-amd": "^7.19.6",
+        "@babel/plugin-transform-modules-commonjs": "^7.19.6",
+        "@babel/plugin-transform-modules-systemjs": "^7.19.6",
+        "@babel/plugin-transform-modules-umd": "^7.18.6",
+        "@babel/plugin-transform-named-capturing-groups-regex": "^7.19.1",
+        "@babel/plugin-transform-new-target": "^7.18.6",
+        "@babel/plugin-transform-object-super": "^7.18.6",
+        "@babel/plugin-transform-parameters": "^7.20.1",
+        "@babel/plugin-transform-property-literals": "^7.18.6",
+        "@babel/plugin-transform-regenerator": "^7.18.6",
+        "@babel/plugin-transform-reserved-words": "^7.18.6",
+        "@babel/plugin-transform-shorthand-properties": "^7.18.6",
+        "@babel/plugin-transform-spread": "^7.19.0",
+        "@babel/plugin-transform-sticky-regex": "^7.18.6",
+        "@babel/plugin-transform-template-literals": "^7.18.9",
+        "@babel/plugin-transform-typeof-symbol": "^7.18.9",
+        "@babel/plugin-transform-unicode-escapes": "^7.18.10",
+        "@babel/plugin-transform-unicode-regex": "^7.18.6",
+        "@babel/preset-modules": "^0.1.5",
+        "@babel/types": "^7.20.2",
+        "babel-plugin-polyfill-corejs2": "^0.3.3",
+        "babel-plugin-polyfill-corejs3": "^0.6.0",
+        "babel-plugin-polyfill-regenerator": "^0.4.1",
+        "core-js-compat": "^3.25.1",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-env/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/@babel/preset-modules": {
+      "version": "0.1.5",
+      "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.5.tgz",
+      "integrity": "sha512-A57th6YRG7oR3cq/yt/Y84MvGgE0eJG2F1JLhKuyG+jFxEgrd/HAMJatiFtmOiZurz+0DkrvbheCLaV5f2JfjA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.0.0",
+        "@babel/plugin-proposal-unicode-property-regex": "^7.4.4",
+        "@babel/plugin-transform-dotall-regex": "^7.4.4",
+        "@babel/types": "^7.4.4",
+        "esutils": "^2.0.2"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-react": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.18.6.tgz",
+      "integrity": "sha512-zXr6atUmyYdiWRVLOZahakYmOBHtWc2WGCkP8PYTgZi0iJXDY2CN180TdrIW4OGOAdLc7TifzDIvtx6izaRIzg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.18.6",
+        "@babel/helper-validator-option": "^7.18.6",
+        "@babel/plugin-transform-react-display-name": "^7.18.6",
+        "@babel/plugin-transform-react-jsx": "^7.18.6",
+        "@babel/plugin-transform-react-jsx-development": "^7.18.6",
+        "@babel/plugin-transform-react-pure-annotations": "^7.18.6"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/preset-typescript": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.21.0.tgz",
+      "integrity": "sha512-myc9mpoVA5m1rF8K8DgLEatOYFDpwC+RkMkjZ0Du6uI62YvDe8uxIEYVs/VCdSJ097nlALiU/yBC7//3nI+hNg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-validator-option": "^7.21.0",
+        "@babel/plugin-transform-typescript": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/regjsgen": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@babel/regjsgen/-/regjsgen-0.8.0.tgz",
+      "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA=="
+    },
+    "node_modules/@babel/runtime": {
+      "version": "7.21.0",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.21.0.tgz",
+      "integrity": "sha512-xwII0//EObnq89Ji5AKYQaRYiW/nZ3llSv29d49IuxPhKbtJoLP+9QUUZ4nVragQVtaVGeZrpB+ZtG/Pdy/POw==",
+      "dependencies": {
+        "regenerator-runtime": "^0.13.11"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/template": {
+      "version": "7.20.7",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.20.7.tgz",
+      "integrity": "sha512-8SegXApWe6VoNw0r9JHpSteLKTpTiLZ4rMlGIm9JQ18KiCtyQiAMEazujAHrUS5flrcqYZa75ukev3P6QmUwUw==",
+      "dependencies": {
+        "@babel/code-frame": "^7.18.6",
+        "@babel/parser": "^7.20.7",
+        "@babel/types": "^7.20.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/traverse": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.21.3.tgz",
+      "integrity": "sha512-XLyopNeaTancVitYZe2MlUEvgKb6YVVPXzofHgqHijCImG33b/uTurMS488ht/Hbsb2XK3U2BnSTxKVNGV3nGQ==",
+      "dependencies": {
+        "@babel/code-frame": "^7.18.6",
+        "@babel/generator": "^7.21.3",
+        "@babel/helper-environment-visitor": "^7.18.9",
+        "@babel/helper-function-name": "^7.21.0",
+        "@babel/helper-hoist-variables": "^7.18.6",
+        "@babel/helper-split-export-declaration": "^7.18.6",
+        "@babel/parser": "^7.21.3",
+        "@babel/types": "^7.21.3",
+        "debug": "^4.1.0",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/types": {
+      "version": "7.21.3",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.21.3.tgz",
+      "integrity": "sha512-sBGdETxC+/M4o/zKC0sl6sjWv62WFR/uzxrJ6uYyMLZOUlPnwzw0tKgVHOXxaAd5l2g8pEDM5RZ495GPQI77kg==",
+      "dependencies": {
+        "@babel/helper-string-parser": "^7.19.4",
+        "@babel/helper-validator-identifier": "^7.19.1",
+        "to-fast-properties": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@bcoe/v8-coverage": {
+      "version": "0.2.3",
+      "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz",
+      "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw=="
+    },
+    "node_modules/@csstools/normalize.css": {
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/normalize.css/-/normalize.css-12.0.0.tgz",
+      "integrity": "sha512-M0qqxAcwCsIVfpFQSlGN5XjXWu8l5JDZN+fPt1LeW5SZexQTgnaEvgXAY+CeygRw0EeppWHi12JxESWiWrB0Sg=="
+    },
+    "node_modules/@csstools/postcss-cascade-layers": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-1.1.1.tgz",
+      "integrity": "sha512-+KdYrpKC5TgomQr2DlZF4lDEpHcoxnj5IGddYYfBWJAKfj1JtuHUIqMa+E1pJJ+z3kvDViWMqyqPlG4Ja7amQA==",
+      "dependencies": {
+        "@csstools/selector-specificity": "^2.0.2",
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-color-function": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-color-function/-/postcss-color-function-1.1.1.tgz",
+      "integrity": "sha512-Bc0f62WmHdtRDjf5f3e2STwRAl89N2CLb+9iAwzrv4L2hncrbDwnQD9PCq0gtAt7pOI2leIV08HIBUd4jxD8cw==",
+      "dependencies": {
+        "@csstools/postcss-progressive-custom-properties": "^1.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-font-format-keywords": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-1.0.1.tgz",
+      "integrity": "sha512-ZgrlzuUAjXIOc2JueK0X5sZDjCtgimVp/O5CEqTcs5ShWBa6smhWYbS0x5cVc/+rycTDbjjzoP0KTDnUneZGOg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-hwb-function": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-hwb-function/-/postcss-hwb-function-1.0.2.tgz",
+      "integrity": "sha512-YHdEru4o3Rsbjmu6vHy4UKOXZD+Rn2zmkAmLRfPet6+Jz4Ojw8cbWxe1n42VaXQhD3CQUXXTooIy8OkVbUcL+w==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-ic-unit": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-ic-unit/-/postcss-ic-unit-1.0.1.tgz",
+      "integrity": "sha512-Ot1rcwRAaRHNKC9tAqoqNZhjdYBzKk1POgWfhN4uCOE47ebGcLRqXjKkApVDpjifL6u2/55ekkpnFcp+s/OZUw==",
+      "dependencies": {
+        "@csstools/postcss-progressive-custom-properties": "^1.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-is-pseudo-class": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-2.0.7.tgz",
+      "integrity": "sha512-7JPeVVZHd+jxYdULl87lvjgvWldYu+Bc62s9vD/ED6/QTGjy0jy0US/f6BG53sVMTBJ1lzKZFpYmofBN9eaRiA==",
+      "dependencies": {
+        "@csstools/selector-specificity": "^2.0.0",
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-nested-calc": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-nested-calc/-/postcss-nested-calc-1.0.0.tgz",
+      "integrity": "sha512-JCsQsw1wjYwv1bJmgjKSoZNvf7R6+wuHDAbi5f/7MbFhl2d/+v+TvBTU4BJH3G1X1H87dHl0mh6TfYogbT/dJQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-normalize-display-values": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-1.0.1.tgz",
+      "integrity": "sha512-jcOanIbv55OFKQ3sYeFD/T0Ti7AMXc9nM1hZWu8m/2722gOTxFg7xYu4RDLJLeZmPUVQlGzo4jhzvTUq3x4ZUw==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-oklab-function": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-oklab-function/-/postcss-oklab-function-1.1.1.tgz",
+      "integrity": "sha512-nJpJgsdA3dA9y5pgyb/UfEzE7W5Ka7u0CX0/HIMVBNWzWemdcTH3XwANECU6anWv/ao4vVNLTMxhiPNZsTK6iA==",
+      "dependencies": {
+        "@csstools/postcss-progressive-custom-properties": "^1.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-progressive-custom-properties": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-1.3.0.tgz",
+      "integrity": "sha512-ASA9W1aIy5ygskZYuWams4BzafD12ULvSypmaLJT2jvQ8G0M3I8PRQhC0h7mG0Z3LI05+agZjqSR9+K9yaQQjA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.3"
+      }
+    },
+    "node_modules/@csstools/postcss-stepped-value-functions": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-1.0.1.tgz",
+      "integrity": "sha512-dz0LNoo3ijpTOQqEJLY8nyaapl6umbmDcgj4AD0lgVQ572b2eqA1iGZYTTWhrcrHztWDDRAX2DGYyw2VBjvCvQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-text-decoration-shorthand": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-1.0.0.tgz",
+      "integrity": "sha512-c1XwKJ2eMIWrzQenN0XbcfzckOLLJiczqy+YvfGmzoVXd7pT9FfObiSEfzs84bpE/VqfpEuAZ9tCRbZkZxxbdw==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-trigonometric-functions": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-1.0.2.tgz",
+      "integrity": "sha512-woKaLO///4bb+zZC2s80l+7cm07M7268MsyG3M0ActXXEFi6SuhvriQYcb58iiKGbjwwIU7n45iRLEHypB47Og==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/postcss-unset-value": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/postcss-unset-value/-/postcss-unset-value-1.0.2.tgz",
+      "integrity": "sha512-c8J4roPBILnelAsdLr4XOAR/GsTm0GJi4XpcfvoWk3U6KiTCqiFYc63KhRMQQX35jYMp4Ao8Ij9+IZRgMfJp1g==",
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/@csstools/selector-specificity": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-2.2.0.tgz",
+      "integrity": "sha512-+OJ9konv95ClSTOJCmMZqpd5+YGsB2S+x6w3E1oaM8UuR5j8nTNHYSz8c9BEPGDOCMQYIEEGlVPj/VY64iTbGw==",
+      "engines": {
+        "node": "^14 || ^16 || >=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      }
+    },
+    "node_modules/@emotion/babel-plugin": {
+      "version": "11.10.6",
+      "resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.10.6.tgz",
+      "integrity": "sha512-p2dAqtVrkhSa7xz1u/m9eHYdLi+en8NowrmXeF/dKtJpU8lCWli8RUAati7NcSl0afsBott48pdnANuD0wh9QQ==",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.16.7",
+        "@babel/runtime": "^7.18.3",
+        "@emotion/hash": "^0.9.0",
+        "@emotion/memoize": "^0.8.0",
+        "@emotion/serialize": "^1.1.1",
+        "babel-plugin-macros": "^3.1.0",
+        "convert-source-map": "^1.5.0",
+        "escape-string-regexp": "^4.0.0",
+        "find-root": "^1.1.0",
+        "source-map": "^0.5.7",
+        "stylis": "4.1.3"
+      }
+    },
+    "node_modules/@emotion/babel-plugin/node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@emotion/babel-plugin/node_modules/source-map": {
+      "version": "0.5.7",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
+      "integrity": "sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/@emotion/cache": {
+      "version": "11.10.5",
+      "resolved": "https://registry.npmjs.org/@emotion/cache/-/cache-11.10.5.tgz",
+      "integrity": "sha512-dGYHWyzTdmK+f2+EnIGBpkz1lKc4Zbj2KHd4cX3Wi8/OWr5pKslNjc3yABKH4adRGCvSX4VDC0i04mrrq0aiRA==",
+      "dependencies": {
+        "@emotion/memoize": "^0.8.0",
+        "@emotion/sheet": "^1.2.1",
+        "@emotion/utils": "^1.2.0",
+        "@emotion/weak-memoize": "^0.3.0",
+        "stylis": "4.1.3"
+      }
+    },
+    "node_modules/@emotion/hash": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/@emotion/hash/-/hash-0.9.0.tgz",
+      "integrity": "sha512-14FtKiHhy2QoPIzdTcvh//8OyBlknNs2nXRwIhG904opCby3l+9Xaf/wuPvICBF0rc1ZCNBd3nKe9cd2mecVkQ=="
+    },
+    "node_modules/@emotion/is-prop-valid": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-1.2.0.tgz",
+      "integrity": "sha512-3aDpDprjM0AwaxGE09bOPkNxHpBd+kA6jty3RnaEXdweX1DF1U3VQpPYb0g1IStAuK7SVQ1cy+bNBBKp4W3Fjg==",
+      "dependencies": {
+        "@emotion/memoize": "^0.8.0"
+      }
+    },
+    "node_modules/@emotion/memoize": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.8.0.tgz",
+      "integrity": "sha512-G/YwXTkv7Den9mXDO7AhLWkE3q+I92B+VqAE+dYG4NGPaHZGvt3G8Q0p9vmE+sq7rTGphUbAvmQ9YpbfMQGGlA=="
+    },
+    "node_modules/@emotion/react": {
+      "version": "11.10.6",
+      "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.10.6.tgz",
+      "integrity": "sha512-6HT8jBmcSkfzO7mc+N1L9uwvOnlcGoix8Zn7srt+9ga0MjREo6lRpuVX0kzo6Jp6oTqDhREOFsygN6Ew4fEQbw==",
+      "dependencies": {
+        "@babel/runtime": "^7.18.3",
+        "@emotion/babel-plugin": "^11.10.6",
+        "@emotion/cache": "^11.10.5",
+        "@emotion/serialize": "^1.1.1",
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@emotion/utils": "^1.2.0",
+        "@emotion/weak-memoize": "^0.3.0",
+        "hoist-non-react-statics": "^3.3.1"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@emotion/serialize": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@emotion/serialize/-/serialize-1.1.1.tgz",
+      "integrity": "sha512-Zl/0LFggN7+L1liljxXdsVSVlg6E/Z/olVWpfxUTxOAmi8NU7YoeWeLfi1RmnB2TATHoaWwIBRoL+FvAJiTUQA==",
+      "dependencies": {
+        "@emotion/hash": "^0.9.0",
+        "@emotion/memoize": "^0.8.0",
+        "@emotion/unitless": "^0.8.0",
+        "@emotion/utils": "^1.2.0",
+        "csstype": "^3.0.2"
+      }
+    },
+    "node_modules/@emotion/sheet": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@emotion/sheet/-/sheet-1.2.1.tgz",
+      "integrity": "sha512-zxRBwl93sHMsOj4zs+OslQKg/uhF38MB+OMKoCrVuS0nyTkqnau+BM3WGEoOptg9Oz45T/aIGs1qbVAsEFo3nA=="
+    },
+    "node_modules/@emotion/styled": {
+      "version": "11.10.6",
+      "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.10.6.tgz",
+      "integrity": "sha512-OXtBzOmDSJo5Q0AFemHCfl+bUueT8BIcPSxu0EGTpGk6DmI5dnhSzQANm1e1ze0YZL7TDyAyy6s/b/zmGOS3Og==",
+      "dependencies": {
+        "@babel/runtime": "^7.18.3",
+        "@emotion/babel-plugin": "^11.10.6",
+        "@emotion/is-prop-valid": "^1.2.0",
+        "@emotion/serialize": "^1.1.1",
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@emotion/utils": "^1.2.0"
+      },
+      "peerDependencies": {
+        "@emotion/react": "^11.0.0-rc.0",
+        "react": ">=16.8.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@emotion/unitless": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.8.0.tgz",
+      "integrity": "sha512-VINS5vEYAscRl2ZUDiT3uMPlrFQupiKgHz5AA4bCH1miKBg4qtwkim1qPmJj/4WG6TreYMY111rEFsjupcOKHw=="
+    },
+    "node_modules/@emotion/use-insertion-effect-with-fallbacks": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@emotion/use-insertion-effect-with-fallbacks/-/use-insertion-effect-with-fallbacks-1.0.0.tgz",
+      "integrity": "sha512-1eEgUGmkaljiBnRMTdksDV1W4kUnmwgp7X9G8B++9GYwl1lUdqSndSriIrTJ0N7LQaoauY9JJ2yhiOYK5+NI4A==",
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@emotion/utils": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@emotion/utils/-/utils-1.2.0.tgz",
+      "integrity": "sha512-sn3WH53Kzpw8oQ5mgMmIzzyAaH2ZqFEbozVVBSYp538E06OSE6ytOp7pRAjNQR+Q/orwqdQYJSe2m3hCOeznkw=="
+    },
+    "node_modules/@emotion/weak-memoize": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@emotion/weak-memoize/-/weak-memoize-0.3.0.tgz",
+      "integrity": "sha512-AHPmaAx+RYfZz0eYu6Gviiagpmiyw98ySSlQvCUhVGDRtDFe4DBS0x1bSjdF3gqUDYOczB+yYvBTtEylYSdRhg=="
+    },
+    "node_modules/@eslint-community/eslint-utils": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.3.0.tgz",
+      "integrity": "sha512-v3oplH6FYCULtFuCeqyuTd9D2WKO937Dxdq+GmHOLL72TTRriLxz2VLlNfkZRsvj6PKnOPAtuT6dwrs/pA5DvA==",
+      "dependencies": {
+        "eslint-visitor-keys": "^3.3.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
+      }
+    },
+    "node_modules/@eslint-community/regexpp": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.4.0.tgz",
+      "integrity": "sha512-A9983Q0LnDGdLPjxyXQ00sbV+K+O+ko2Dr+CZigbHWtX9pNfxlaBkMR8X1CztI73zuEyEBXTVjx7CE+/VSwDiQ==",
+      "engines": {
+        "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
+      }
+    },
+    "node_modules/@eslint/eslintrc": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.1.tgz",
+      "integrity": "sha512-eFRmABvW2E5Ho6f5fHLqgena46rOj7r7OKHYfLElqcBfGFHHpjBhivyi5+jOEQuSpdc/1phIZJlbC2te+tZNIw==",
+      "dependencies": {
+        "ajv": "^6.12.4",
+        "debug": "^4.3.2",
+        "espree": "^9.5.0",
+        "globals": "^13.19.0",
+        "ignore": "^5.2.0",
+        "import-fresh": "^3.2.1",
+        "js-yaml": "^4.1.0",
+        "minimatch": "^3.1.2",
+        "strip-json-comments": "^3.1.1"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/@eslint/eslintrc/node_modules/globals": {
+      "version": "13.20.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
+      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "dependencies": {
+        "type-fest": "^0.20.2"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@eslint/eslintrc/node_modules/type-fest": {
+      "version": "0.20.2",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
+      "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@eslint/js": {
+      "version": "8.36.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.36.0.tgz",
+      "integrity": "sha512-lxJ9R5ygVm8ZWgYdUweoq5ownDlJ4upvoWmO4eLxBYHdMo+vZ/Rx0EN6MbKWDJOSUGrqJy2Gt+Dyv/VKml0fjg==",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      }
+    },
+    "node_modules/@fontsource/roboto": {
+      "version": "4.5.8",
+      "resolved": "https://registry.npmjs.org/@fontsource/roboto/-/roboto-4.5.8.tgz",
+      "integrity": "sha512-CnD7zLItIzt86q4Sj3kZUiLcBk1dSk81qcqgMGaZe7SQ1P8hFNxhMl5AZthK1zrDM5m74VVhaOpuMGIL4gagaA=="
+    },
+    "node_modules/@humanwhocodes/config-array": {
+      "version": "0.11.8",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.8.tgz",
+      "integrity": "sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==",
+      "dependencies": {
+        "@humanwhocodes/object-schema": "^1.2.1",
+        "debug": "^4.1.1",
+        "minimatch": "^3.0.5"
+      },
+      "engines": {
+        "node": ">=10.10.0"
+      }
+    },
+    "node_modules/@humanwhocodes/module-importer": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz",
+      "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==",
+      "engines": {
+        "node": ">=12.22"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/nzakas"
+      }
+    },
+    "node_modules/@humanwhocodes/object-schema": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz",
+      "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA=="
+    },
+    "node_modules/@istanbuljs/load-nyc-config": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
+      "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==",
+      "dependencies": {
+        "camelcase": "^5.3.1",
+        "find-up": "^4.1.0",
+        "get-package-type": "^0.1.0",
+        "js-yaml": "^3.13.1",
+        "resolve-from": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "dependencies": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+      "dependencies": {
+        "p-locate": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+      "dependencies": {
+        "p-limit": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@istanbuljs/schema": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz",
+      "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/console": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/console/-/console-27.5.1.tgz",
+      "integrity": "sha512-kZ/tNpS3NXn0mlXXXPNuDZnb4c0oZ20r4K5eemM2k30ZC3G0T02nXUvyhf5YdbXWHPEJLc9qGLxEZ216MdL+Zg==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "jest-message-util": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/console/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/console/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/console/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/console/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/console/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/console/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/core": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/core/-/core-27.5.1.tgz",
+      "integrity": "sha512-AK6/UTrvQD0Cd24NSqmIA6rKsu0tKIxfiCducZvqxYdmMisOYAsdItspT+fQDQYARPf8XgjAFZi0ogW2agH5nQ==",
+      "dependencies": {
+        "@jest/console": "^27.5.1",
+        "@jest/reporters": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "emittery": "^0.8.1",
+        "exit": "^0.1.2",
+        "graceful-fs": "^4.2.9",
+        "jest-changed-files": "^27.5.1",
+        "jest-config": "^27.5.1",
+        "jest-haste-map": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-regex-util": "^27.5.1",
+        "jest-resolve": "^27.5.1",
+        "jest-resolve-dependencies": "^27.5.1",
+        "jest-runner": "^27.5.1",
+        "jest-runtime": "^27.5.1",
+        "jest-snapshot": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-validate": "^27.5.1",
+        "jest-watcher": "^27.5.1",
+        "micromatch": "^4.0.4",
+        "rimraf": "^3.0.0",
+        "slash": "^3.0.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@jest/core/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/core/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/core/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/core/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/core/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/core/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/environment": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-27.5.1.tgz",
+      "integrity": "sha512-/WQjhPJe3/ghaol/4Bq480JKXV/Rfw8nQdN7f41fM8VDHLcxKXou6QyXAh3EFr9/bVG3x74z1NWDkP87EiY8gA==",
+      "dependencies": {
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "jest-mock": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/fake-timers": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-27.5.1.tgz",
+      "integrity": "sha512-/aPowoolwa07k7/oM3aASneNeBGCmGQsc3ugN4u6s4C/+s5M64MFo/+djTdiwcbQlRfFElGuDXWzaWj6QgKObQ==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@sinonjs/fake-timers": "^8.0.1",
+        "@types/node": "*",
+        "jest-message-util": "^27.5.1",
+        "jest-mock": "^27.5.1",
+        "jest-util": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/globals": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-27.5.1.tgz",
+      "integrity": "sha512-ZEJNB41OBQQgGzgyInAv0UUfDDj3upmHydjieSxFvTRuZElrx7tXg/uVQ5hYVEwiXs3+aMsAeEc9X7xiSKCm4Q==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "expect": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/reporters": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-27.5.1.tgz",
+      "integrity": "sha512-cPXh9hWIlVJMQkVk84aIvXuBB4uQQmFqZiacloFuGiP3ah1sbCxCosidXFDfqG8+6fO1oR2dTJTlsOy4VFmUfw==",
+      "dependencies": {
+        "@bcoe/v8-coverage": "^0.2.3",
+        "@jest/console": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "collect-v8-coverage": "^1.0.0",
+        "exit": "^0.1.2",
+        "glob": "^7.1.2",
+        "graceful-fs": "^4.2.9",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-instrument": "^5.1.0",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.0",
+        "istanbul-reports": "^3.1.3",
+        "jest-haste-map": "^27.5.1",
+        "jest-resolve": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-worker": "^27.5.1",
+        "slash": "^3.0.0",
+        "source-map": "^0.6.0",
+        "string-length": "^4.0.1",
+        "terminal-link": "^2.0.0",
+        "v8-to-istanbul": "^8.1.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/reporters/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/schemas": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz",
+      "integrity": "sha512-/l/VWsdt/aBXgjshLWOFyFt3IVdYypu5y2Wn2rOO1un6nkqIn8SLXzgIMYXFyYsRWDyF5EthmKJMIdJvk08grg==",
+      "dependencies": {
+        "@sinclair/typebox": "^0.24.1"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/@jest/source-map": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/source-map/-/source-map-27.5.1.tgz",
+      "integrity": "sha512-y9NIHUYF3PJRlHk98NdC/N1gl88BL08aQQgu4k4ZopQkCw9t9cV8mtl3TV8b/YCB8XaVTFrmUTAJvjsntDireg==",
+      "dependencies": {
+        "callsites": "^3.0.0",
+        "graceful-fs": "^4.2.9",
+        "source-map": "^0.6.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/source-map/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/@jest/test-result": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-27.5.1.tgz",
+      "integrity": "sha512-EW35l2RYFUcUQxFJz5Cv5MTOxlJIQs4I7gxzi2zVU7PJhOwfYq1MdC5nhSmYjX1gmMmLPvB3sIaC+BkcHRBfag==",
+      "dependencies": {
+        "@jest/console": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "collect-v8-coverage": "^1.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/test-sequencer": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-27.5.1.tgz",
+      "integrity": "sha512-LCheJF7WB2+9JuCS7VB/EmGIdQuhtqjRNI9A43idHv3E4KltCTsPsLxvdaubFHSYwY/fNjMWjl6vNRhDiN7vpQ==",
+      "dependencies": {
+        "@jest/test-result": "^27.5.1",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^27.5.1",
+        "jest-runtime": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/transform": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-27.5.1.tgz",
+      "integrity": "sha512-ipON6WtYgl/1329g5AIJVbUuEh0wZVbdpGwC99Jw4LwuoBNS95MVphU6zOeD9pDkon+LLbFL7lOQRapbB8SCHw==",
+      "dependencies": {
+        "@babel/core": "^7.1.0",
+        "@jest/types": "^27.5.1",
+        "babel-plugin-istanbul": "^6.1.1",
+        "chalk": "^4.0.0",
+        "convert-source-map": "^1.4.0",
+        "fast-json-stable-stringify": "^2.0.0",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^27.5.1",
+        "jest-regex-util": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "micromatch": "^4.0.4",
+        "pirates": "^4.0.4",
+        "slash": "^3.0.0",
+        "source-map": "^0.6.1",
+        "write-file-atomic": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/transform/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/types": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz",
+      "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==",
+      "dependencies": {
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "@types/istanbul-reports": "^3.0.0",
+        "@types/node": "*",
+        "@types/yargs": "^16.0.0",
+        "chalk": "^4.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/types/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/types/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/types/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/types/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/types/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/types/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jridgewell/gen-mapping": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.1.1.tgz",
+      "integrity": "sha512-sQXCasFk+U8lWYEe66WxRDOE9PjVz4vSM51fTu3Hw+ClTpUSQb718772vH3pyS5pShp6lvQM7SxgIDXXXmOX7w==",
+      "dependencies": {
+        "@jridgewell/set-array": "^1.0.0",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
+      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/set-array": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
+      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/source-map": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
+      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
+    "node_modules/@jridgewell/source-map/node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
+      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
+      "dependencies": {
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.4.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
+      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.17",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz",
+      "integrity": "sha512-MCNzAp77qzKca9+W/+I0+sEpaUnZoeasnghNeVc41VZCEKaCH73Vq3BZZ/SzWIgrqE4H4ceI+p+b6C0mHf9T4g==",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "3.1.0",
+        "@jridgewell/sourcemap-codec": "1.4.14"
+      }
+    },
+    "node_modules/@leichtgewicht/ip-codec": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz",
+      "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A=="
+    },
+    "node_modules/@mui/base": {
+      "version": "5.0.0-alpha.122",
+      "resolved": "https://registry.npmjs.org/@mui/base/-/base-5.0.0-alpha.122.tgz",
+      "integrity": "sha512-IgZEFQyHa39J1+Q3tekVdhPuUm1fr3icddaNLmiAIeYTVXmR7KR5FhBAIL0P+4shlPq0liUPGlXryoTm0iCeFg==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@emotion/is-prop-valid": "^1.2.0",
+        "@mui/types": "^7.2.3",
+        "@mui/utils": "^5.11.13",
+        "@popperjs/core": "^2.11.6",
+        "clsx": "^1.2.1",
+        "prop-types": "^15.8.1",
+        "react-is": "^18.2.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0",
+        "react-dom": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/base/node_modules/react-is": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
+    },
+    "node_modules/@mui/core-downloads-tracker": {
+      "version": "5.11.14",
+      "resolved": "https://registry.npmjs.org/@mui/core-downloads-tracker/-/core-downloads-tracker-5.11.14.tgz",
+      "integrity": "sha512-rfc08z6+3Fif+Gopx2/qmk+MEQlwYeA+gOcSK048BHkTty/ol/boHuVeL2BNC/cf9OVRjJLYHtVb/DeW791LSQ==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      }
+    },
+    "node_modules/@mui/icons-material": {
+      "version": "5.11.11",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.11.11.tgz",
+      "integrity": "sha512-Eell3ADmQVE8HOpt/LZ3zIma8JSvPh3XgnhwZLT0k5HRqZcd6F/QDHc7xsWtgz09t+UEFvOYJXjtrwKmLdwwpw==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@mui/material": "^5.0.0",
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/lab": {
+      "version": "5.0.0-alpha.124",
+      "resolved": "https://registry.npmjs.org/@mui/lab/-/lab-5.0.0-alpha.124.tgz",
+      "integrity": "sha512-K/XEv1zYyLi3tS63tyDta1mqWql+at5w7rWp5Yd63Jx1NjPUtgopAvyRZG2SVYPs/yBwfyDPW1iqQXpRw8h9Xw==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@mui/base": "5.0.0-alpha.122",
+        "@mui/system": "^5.11.14",
+        "@mui/types": "^7.2.3",
+        "@mui/utils": "^5.11.13",
+        "clsx": "^1.2.1",
+        "prop-types": "^15.8.1",
+        "react-is": "^18.2.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@emotion/react": "^11.5.0",
+        "@emotion/styled": "^11.3.0",
+        "@mui/material": "^5.0.0",
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0",
+        "react-dom": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@emotion/react": {
+          "optional": true
+        },
+        "@emotion/styled": {
+          "optional": true
+        },
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/lab/node_modules/react-is": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
+    },
+    "node_modules/@mui/material": {
+      "version": "5.11.14",
+      "resolved": "https://registry.npmjs.org/@mui/material/-/material-5.11.14.tgz",
+      "integrity": "sha512-uoiUyybmo+M+nYARBygmbXgX6s/hH0NKD56LCAv9XvmdGVoXhEGjOvxI5/Bng6FS3NNybnA8V+rgZW1Z/9OJtA==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@mui/base": "5.0.0-alpha.122",
+        "@mui/core-downloads-tracker": "^5.11.14",
+        "@mui/system": "^5.11.14",
+        "@mui/types": "^7.2.3",
+        "@mui/utils": "^5.11.13",
+        "@types/react-transition-group": "^4.4.5",
+        "clsx": "^1.2.1",
+        "csstype": "^3.1.1",
+        "prop-types": "^15.8.1",
+        "react-is": "^18.2.0",
+        "react-transition-group": "^4.4.5"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@emotion/react": "^11.5.0",
+        "@emotion/styled": "^11.3.0",
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0",
+        "react-dom": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@emotion/react": {
+          "optional": true
+        },
+        "@emotion/styled": {
+          "optional": true
+        },
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/material/node_modules/react-is": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
+    },
+    "node_modules/@mui/private-theming": {
+      "version": "5.11.13",
+      "resolved": "https://registry.npmjs.org/@mui/private-theming/-/private-theming-5.11.13.tgz",
+      "integrity": "sha512-PJnYNKzW5LIx3R+Zsp6WZVPs6w5sEKJ7mgLNnUXuYB1zo5aX71FVLtV7geyPXRcaN2tsoRNK7h444ED0t7cIjA==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@mui/utils": "^5.11.13",
+        "prop-types": "^15.8.1"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/styled-engine": {
+      "version": "5.11.11",
+      "resolved": "https://registry.npmjs.org/@mui/styled-engine/-/styled-engine-5.11.11.tgz",
+      "integrity": "sha512-wV0UgW4lN5FkDBXefN8eTYeuE9sjyQdg5h94vtwZCUamGQEzmCOtir4AakgmbWMy0x8OLjdEUESn9wnf5J9MOg==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@emotion/cache": "^11.10.5",
+        "csstype": "^3.1.1",
+        "prop-types": "^15.8.1"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@emotion/react": "^11.4.1",
+        "@emotion/styled": "^11.3.0",
+        "react": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@emotion/react": {
+          "optional": true
+        },
+        "@emotion/styled": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/system": {
+      "version": "5.11.14",
+      "resolved": "https://registry.npmjs.org/@mui/system/-/system-5.11.14.tgz",
+      "integrity": "sha512-/MBv5dUoijJNEKEGi5tppIszGN0o2uejmeISi5vl0CLcaQsI1cd+uBgK+JYUP1VWvI/MtkWRLVSWtF2FWhu5Nw==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@mui/private-theming": "^5.11.13",
+        "@mui/styled-engine": "^5.11.11",
+        "@mui/types": "^7.2.3",
+        "@mui/utils": "^5.11.13",
+        "clsx": "^1.2.1",
+        "csstype": "^3.1.1",
+        "prop-types": "^15.8.1"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@emotion/react": "^11.5.0",
+        "@emotion/styled": "^11.3.0",
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@emotion/react": {
+          "optional": true
+        },
+        "@emotion/styled": {
+          "optional": true
+        },
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/types": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/@mui/types/-/types-7.2.3.tgz",
+      "integrity": "sha512-tZ+CQggbe9Ol7e/Fs5RcKwg/woU+o8DCtOnccX6KmbBc7YrfqMYEYuaIcXHuhpT880QwNkZZ3wQwvtlDFA2yOw==",
+      "peerDependencies": {
+        "@types/react": "*"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@mui/utils": {
+      "version": "5.11.13",
+      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.11.13.tgz",
+      "integrity": "sha512-5ltA58MM9euOuUcnvwFJqpLdEugc9XFsRR8Gt4zZNb31XzMfSKJPR4eumulyhsOTK1rWf7K4D63NKFPfX0AxqA==",
+      "dependencies": {
+        "@babel/runtime": "^7.21.0",
+        "@types/prop-types": "^15.7.5",
+        "@types/react-is": "^16.7.1 || ^17.0.0",
+        "prop-types": "^15.8.1",
+        "react-is": "^18.2.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "react": "^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@mui/utils/node_modules/react-is": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
+    },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals": {
+      "version": "5.1.1-v1",
+      "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz",
+      "integrity": "sha512-54/JRvkLIzzDWshCWfuhadfrfZVPiElY8Fcgmg1HroEly/EDSszzhBAsarCux+D/kOslTRquNzuyGSmUSTTHGg==",
+      "dependencies": {
+        "eslint-scope": "5.1.1"
+      }
+    },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
+      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
+      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+      "dependencies": {
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
+      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
+      "dependencies": {
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@pmmmwh/react-refresh-webpack-plugin": {
+      "version": "0.5.10",
+      "resolved": "https://registry.npmjs.org/@pmmmwh/react-refresh-webpack-plugin/-/react-refresh-webpack-plugin-0.5.10.tgz",
+      "integrity": "sha512-j0Ya0hCFZPd4x40qLzbhGsh9TMtdb+CJQiso+WxLOPNasohq9cc5SNUcwsZaRH6++Xh91Xkm/xHCkuIiIu0LUA==",
+      "dependencies": {
+        "ansi-html-community": "^0.0.8",
+        "common-path-prefix": "^3.0.0",
+        "core-js-pure": "^3.23.3",
+        "error-stack-parser": "^2.0.6",
+        "find-up": "^5.0.0",
+        "html-entities": "^2.1.0",
+        "loader-utils": "^2.0.4",
+        "schema-utils": "^3.0.0",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">= 10.13"
+      },
+      "peerDependencies": {
+        "@types/webpack": "4.x || 5.x",
+        "react-refresh": ">=0.10.0 <1.0.0",
+        "sockjs-client": "^1.4.0",
+        "type-fest": ">=0.17.0 <4.0.0",
+        "webpack": ">=4.43.0 <6.0.0",
+        "webpack-dev-server": "3.x || 4.x",
+        "webpack-hot-middleware": "2.x",
+        "webpack-plugin-serve": "0.x || 1.x"
+      },
+      "peerDependenciesMeta": {
+        "@types/webpack": {
+          "optional": true
+        },
+        "sockjs-client": {
+          "optional": true
+        },
+        "type-fest": {
+          "optional": true
+        },
+        "webpack-dev-server": {
+          "optional": true
+        },
+        "webpack-hot-middleware": {
+          "optional": true
+        },
+        "webpack-plugin-serve": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@popperjs/core": {
+      "version": "2.11.6",
+      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.6.tgz",
+      "integrity": "sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
+      }
+    },
+    "node_modules/@remix-run/router": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.5.0.tgz",
+      "integrity": "sha512-bkUDCp8o1MvFO+qxkODcbhSqRa6P2GXgrGZVpt0dCXNW2HCSCqYI0ZoAqEOSAjRWmmlKcYgFvN4B4S+zo/f8kg==",
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@rollup/plugin-babel": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-babel/-/plugin-babel-5.3.1.tgz",
+      "integrity": "sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.10.4",
+        "@rollup/pluginutils": "^3.1.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0",
+        "@types/babel__core": "^7.1.9",
+        "rollup": "^1.20.0||^2.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/babel__core": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@rollup/plugin-node-resolve": {
+      "version": "11.2.1",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-11.2.1.tgz",
+      "integrity": "sha512-yc2n43jcqVyGE2sqV5/YCmocy9ArjVAP/BeXyTtADTBBX6V0e5UMqwO8CdQ0kzjb6zu5P1qMzsScCMRvE9OlVg==",
+      "dependencies": {
+        "@rollup/pluginutils": "^3.1.0",
+        "@types/resolve": "1.17.1",
+        "builtin-modules": "^3.1.0",
+        "deepmerge": "^4.2.2",
+        "is-module": "^1.0.0",
+        "resolve": "^1.19.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^1.20.0||^2.0.0"
+      }
+    },
+    "node_modules/@rollup/plugin-replace": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/@rollup/plugin-replace/-/plugin-replace-2.4.2.tgz",
+      "integrity": "sha512-IGcu+cydlUMZ5En85jxHH4qj2hta/11BHq95iHEyb2sbgiN0eCdzvUcHw5gt9pBL5lTi4JDYJ1acCoMGpTvEZg==",
+      "dependencies": {
+        "@rollup/pluginutils": "^3.1.0",
+        "magic-string": "^0.25.7"
+      },
+      "peerDependencies": {
+        "rollup": "^1.20.0 || ^2.0.0"
+      }
+    },
+    "node_modules/@rollup/pluginutils": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-3.1.0.tgz",
+      "integrity": "sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==",
+      "dependencies": {
+        "@types/estree": "0.0.39",
+        "estree-walker": "^1.0.1",
+        "picomatch": "^2.2.2"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^1.20.0||^2.0.0"
+      }
+    },
+    "node_modules/@rollup/pluginutils/node_modules/@types/estree": {
+      "version": "0.0.39",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.39.tgz",
+      "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw=="
+    },
+    "node_modules/@rushstack/eslint-patch": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz",
+      "integrity": "sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg=="
+    },
+    "node_modules/@sinclair/typebox": {
+      "version": "0.24.51",
+      "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz",
+      "integrity": "sha512-1P1OROm/rdubP5aFDSZQILU0vrLCJ4fvHt6EoqHEM+2D/G5MK3bIaymUKLit8Js9gbns5UyJnkP/TZROLw4tUA=="
+    },
+    "node_modules/@sinonjs/commons": {
+      "version": "1.8.6",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz",
+      "integrity": "sha512-Ky+XkAkqPZSm3NLBeUng77EBQl3cmeJhITaGHdYH8kjVB+aun3S4XBRti2zt17mtt0mIUDiNxYeoJm6drVvBJQ==",
+      "dependencies": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "node_modules/@sinonjs/fake-timers": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-8.1.0.tgz",
+      "integrity": "sha512-OAPJUAtgeINhh/TAlUID4QTs53Njm7xzddaVlEs/SXwgtiD1tW22zAB/W1wdqfrpmikgaWQ9Fw6Ws+hsiRm5Vg==",
+      "dependencies": {
+        "@sinonjs/commons": "^1.7.0"
+      }
+    },
+    "node_modules/@surma/rollup-plugin-off-main-thread": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@surma/rollup-plugin-off-main-thread/-/rollup-plugin-off-main-thread-2.2.3.tgz",
+      "integrity": "sha512-lR8q/9W7hZpMWweNiAKU7NQerBnzQQLvi8qnTDU/fxItPhtZVMbPV3lbCwjhIlNBe9Bbr5V+KHshvWmVSG9cxQ==",
+      "dependencies": {
+        "ejs": "^3.1.6",
+        "json5": "^2.2.0",
+        "magic-string": "^0.25.0",
+        "string.prototype.matchall": "^4.0.6"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-add-jsx-attribute": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-5.4.0.tgz",
+      "integrity": "sha512-ZFf2gs/8/6B8PnSofI0inYXr2SDNTDScPXhN7k5EqD4aZ3gi6u+rbmZHVB8IM3wDyx8ntKACZbtXSm7oZGRqVg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-remove-jsx-attribute": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-5.4.0.tgz",
+      "integrity": "sha512-yaS4o2PgUtwLFGTKbsiAy6D0o3ugcUhWK0Z45umJ66EPWunAz9fuFw2gJuje6wqQvQWOTJvIahUwndOXb7QCPg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-remove-jsx-empty-expression": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-5.0.1.tgz",
+      "integrity": "sha512-LA72+88A11ND/yFIMzyuLRSMJ+tRKeYKeQ+mR3DcAZ5I4h5CPWN9AHyUzJbWSYp/u2u0xhmgOe0+E41+GjEueA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-replace-jsx-attribute-value": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-5.0.1.tgz",
+      "integrity": "sha512-PoiE6ZD2Eiy5mK+fjHqwGOS+IXX0wq/YDtNyIgOrc6ejFnxN4b13pRpiIPbtPwHEc+NT2KCjteAcq33/F1Y9KQ==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-svg-dynamic-title": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-5.4.0.tgz",
+      "integrity": "sha512-zSOZH8PdZOpuG1ZVx/cLVePB2ibo3WPpqo7gFIjLV9a0QsuQAzJiwwqmuEdTaW2pegyBE17Uu15mOgOcgabQZg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-svg-em-dimensions": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-5.4.0.tgz",
+      "integrity": "sha512-cPzDbDA5oT/sPXDCUYoVXEmm3VIoAWAPT6mSPTJNbQaBNUuEKVKyGH93oDY4e42PYHRW67N5alJx/eEol20abw==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-transform-react-native-svg": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-5.4.0.tgz",
+      "integrity": "sha512-3eYP/SaopZ41GHwXma7Rmxcv9uRslRDTY1estspeB1w1ueZWd/tPlMfEOoccYpEMZU3jD4OU7YitnXcF5hLW2Q==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-plugin-transform-svg-component": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-5.5.0.tgz",
+      "integrity": "sha512-q4jSH1UUvbrsOtlo/tKcgSeiCHRSBdXoIoqX1pgcKK/aU3JD27wmMKwGtpB8qRYUYoyXvfGxUVKchLuR5pB3rQ==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/babel-preset": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-5.5.0.tgz",
+      "integrity": "sha512-4FiXBjvQ+z2j7yASeGPEi8VD/5rrGQk4Xrq3EdJmoZgz/tpqChpo5hgXDvmEauwtvOc52q8ghhZK4Oy7qph4ig==",
+      "dependencies": {
+        "@svgr/babel-plugin-add-jsx-attribute": "^5.4.0",
+        "@svgr/babel-plugin-remove-jsx-attribute": "^5.4.0",
+        "@svgr/babel-plugin-remove-jsx-empty-expression": "^5.0.1",
+        "@svgr/babel-plugin-replace-jsx-attribute-value": "^5.0.1",
+        "@svgr/babel-plugin-svg-dynamic-title": "^5.4.0",
+        "@svgr/babel-plugin-svg-em-dimensions": "^5.4.0",
+        "@svgr/babel-plugin-transform-react-native-svg": "^5.4.0",
+        "@svgr/babel-plugin-transform-svg-component": "^5.5.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/core": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/core/-/core-5.5.0.tgz",
+      "integrity": "sha512-q52VOcsJPvV3jO1wkPtzTuKlvX7Y3xIcWRpCMtBF3MrteZJtBfQw/+u0B1BHy5ColpQc1/YVTrPEtSYIMNZlrQ==",
+      "dependencies": {
+        "@svgr/plugin-jsx": "^5.5.0",
+        "camelcase": "^6.2.0",
+        "cosmiconfig": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/hast-util-to-babel-ast": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-5.5.0.tgz",
+      "integrity": "sha512-cAaR/CAiZRB8GP32N+1jocovUtvlj0+e65TB50/6Lcime+EA49m/8l+P2ko+XPJ4dw3xaPS3jOL4F2X4KWxoeQ==",
+      "dependencies": {
+        "@babel/types": "^7.12.6"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/plugin-jsx": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-5.5.0.tgz",
+      "integrity": "sha512-V/wVh33j12hGh05IDg8GpIUXbjAPnTdPTKuP4VNLggnwaHMPNQNae2pRnyTAILWCQdz5GyMqtO488g7CKM8CBA==",
+      "dependencies": {
+        "@babel/core": "^7.12.3",
+        "@svgr/babel-preset": "^5.5.0",
+        "@svgr/hast-util-to-babel-ast": "^5.5.0",
+        "svg-parser": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/plugin-svgo": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-5.5.0.tgz",
+      "integrity": "sha512-r5swKk46GuQl4RrVejVwpeeJaydoxkdwkM1mBKOgJLBUJPGaLci6ylg/IjhrRsREKDkr4kbMWdgOtbXEh0fyLQ==",
+      "dependencies": {
+        "cosmiconfig": "^7.0.0",
+        "deepmerge": "^4.2.2",
+        "svgo": "^1.2.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@svgr/webpack": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/@svgr/webpack/-/webpack-5.5.0.tgz",
+      "integrity": "sha512-DOBOK255wfQxguUta2INKkzPj6AIS6iafZYiYmHn6W3pHlycSRRlvWKCfLDG10fXfLWqE3DJHgRUOyJYmARa7g==",
+      "dependencies": {
+        "@babel/core": "^7.12.3",
+        "@babel/plugin-transform-react-constant-elements": "^7.12.1",
+        "@babel/preset-env": "^7.12.1",
+        "@babel/preset-react": "^7.12.5",
+        "@svgr/core": "^5.5.0",
+        "@svgr/plugin-jsx": "^5.5.0",
+        "@svgr/plugin-svgo": "^5.5.0",
+        "loader-utils": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/gregberge"
+      }
+    },
+    "node_modules/@testing-library/dom": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.0.1.tgz",
+      "integrity": "sha512-fTOVsMY9QLFCCXRHG3Ese6cMH5qIWwSbgxZsgeF5TNsy81HKaZ4kgehnSF8FsR3OF+numlIV2YcU79MzbnhSig==",
+      "peer": true,
+      "dependencies": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/runtime": "^7.12.5",
+        "@types/aria-query": "^5.0.1",
+        "aria-query": "^5.0.0",
+        "chalk": "^4.1.0",
+        "dom-accessibility-api": "^0.5.9",
+        "lz-string": "^1.5.0",
+        "pretty-format": "^27.0.2"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "peer": true,
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "peer": true,
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "peer": true,
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "peer": true
+    },
+    "node_modules/@testing-library/dom/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "peer": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "peer": true,
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/jest-dom": {
+      "version": "5.16.5",
+      "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-5.16.5.tgz",
+      "integrity": "sha512-N5ixQ2qKpi5OLYfwQmUb/5mSV9LneAcaUfp32pn4yCnpb8r/Yz0pXFPck21dIicKmi+ta5WRAknkZCfA8refMA==",
+      "dependencies": {
+        "@adobe/css-tools": "^4.0.1",
+        "@babel/runtime": "^7.9.2",
+        "@types/testing-library__jest-dom": "^5.9.1",
+        "aria-query": "^5.0.0",
+        "chalk": "^3.0.0",
+        "css.escape": "^1.5.1",
+        "dom-accessibility-api": "^0.5.6",
+        "lodash": "^4.17.15",
+        "redent": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8",
+        "npm": ">=6",
+        "yarn": ">=1"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/chalk": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz",
+      "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/react": {
+      "version": "13.4.0",
+      "resolved": "https://registry.npmjs.org/@testing-library/react/-/react-13.4.0.tgz",
+      "integrity": "sha512-sXOGON+WNTh3MLE9rve97ftaZukN3oNf2KjDy7YTx6hcTO2uuLHuCGynMDhFwGw/jYf4OJ2Qk0i4i79qMNNkyw==",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5",
+        "@testing-library/dom": "^8.5.0",
+        "@types/react-dom": "^18.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "peerDependencies": {
+        "react": "^18.0.0",
+        "react-dom": "^18.0.0"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/@testing-library/dom": {
+      "version": "8.20.0",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-8.20.0.tgz",
+      "integrity": "sha512-d9ULIT+a4EXLX3UU8FBjauG9NnsZHkHztXoIcTsOKoOw030fyjheN9svkTULjJxtYag9DZz5Jz5qkWZDPxTFwA==",
+      "dependencies": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/runtime": "^7.12.5",
+        "@types/aria-query": "^5.0.1",
+        "aria-query": "^5.0.0",
+        "chalk": "^4.1.0",
+        "dom-accessibility-api": "^0.5.9",
+        "lz-string": "^1.4.4",
+        "pretty-format": "^27.0.2"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@testing-library/react/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/user-event": {
+      "version": "13.5.0",
+      "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-13.5.0.tgz",
+      "integrity": "sha512-5Kwtbo3Y/NowpkbRuSepbyMFkZmHgD+vPzYB/RJ4oxt5Gj/avFFBYjhw27cqSVPVw/3a67NK1PbiIr9k4Gwmdg==",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5"
+      },
+      "engines": {
+        "node": ">=10",
+        "npm": ">=6"
+      },
+      "peerDependencies": {
+        "@testing-library/dom": ">=7.21.4"
+      }
+    },
+    "node_modules/@tootallnate/once": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz",
+      "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/@trysound/sax": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
+      "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/@types/aria-query": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.1.tgz",
+      "integrity": "sha512-XTIieEY+gvJ39ChLcB4If5zHtPxt3Syj5rgZR+e1ctpmK8NjPf0zFqsz4JpLJT0xla9GFDKjy8Cpu331nrmE1Q=="
+    },
+    "node_modules/@types/babel__core": {
+      "version": "7.20.0",
+      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.0.tgz",
+      "integrity": "sha512-+n8dL/9GWblDO0iU6eZAwEIJVr5DWigtle+Q6HLOrh/pdbXOhOtqzq8VPPE2zvNJzSKY4vH/z3iT3tn0A3ypiQ==",
+      "dependencies": {
+        "@babel/parser": "^7.20.7",
+        "@babel/types": "^7.20.7",
+        "@types/babel__generator": "*",
+        "@types/babel__template": "*",
+        "@types/babel__traverse": "*"
+      }
+    },
+    "node_modules/@types/babel__generator": {
+      "version": "7.6.4",
+      "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.4.tgz",
+      "integrity": "sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==",
+      "dependencies": {
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "node_modules/@types/babel__template": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.1.tgz",
+      "integrity": "sha512-azBFKemX6kMg5Io+/rdGT0dkGreboUVR0Cdm3fz9QJWpaQGJRQXl7C+6hOTCZcMll7KFyEQpgbYI2lHdsS4U7g==",
+      "dependencies": {
+        "@babel/parser": "^7.1.0",
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "node_modules/@types/babel__traverse": {
+      "version": "7.18.3",
+      "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.18.3.tgz",
+      "integrity": "sha512-1kbcJ40lLB7MHsj39U4Sh1uTd2E7rLEa79kmDpI6cy+XiXsteB3POdQomoq4FxszMrO3ZYchkhYJw7A2862b3w==",
+      "dependencies": {
+        "@babel/types": "^7.3.0"
+      }
+    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.2",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz",
+      "integrity": "sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/bonjour": {
+      "version": "3.5.10",
+      "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.10.tgz",
+      "integrity": "sha512-p7ienRMiS41Nu2/igbJxxLDWrSZ0WxM8UQgCeO9KhoVF7cOVFkrKsiDr1EsJIla8vV3oEEjGcz11jc5yimhzZw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/connect": {
+      "version": "3.4.35",
+      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.35.tgz",
+      "integrity": "sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/connect-history-api-fallback": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.3.5.tgz",
+      "integrity": "sha512-h8QJa8xSb1WD4fpKBDcATDNGXghFj6/3GRWG6dhmRcu0RX1Ubasur2Uvx5aeEwlf0MwblEC2bMzzMQntxnw/Cw==",
+      "dependencies": {
+        "@types/express-serve-static-core": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/eslint": {
+      "version": "8.21.3",
+      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.21.3.tgz",
+      "integrity": "sha512-fa7GkppZVEByMWGbTtE5MbmXWJTVbrjjaS8K6uQj+XtuuUv1fsuPAxhygfqLmsb/Ufb3CV8deFCpiMfAgi00Sw==",
+      "dependencies": {
+        "@types/estree": "*",
+        "@types/json-schema": "*"
+      }
+    },
+    "node_modules/@types/eslint-scope": {
+      "version": "3.7.4",
+      "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.4.tgz",
+      "integrity": "sha512-9K4zoImiZc3HlIp6AVUDE4CWYx22a+lhSZMYNpbjW04+YF0KWj4pJXnEMjdnFTiQibFFmElcsasJXDbdI/EPhA==",
+      "dependencies": {
+        "@types/eslint": "*",
+        "@types/estree": "*"
+      }
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.0.tgz",
+      "integrity": "sha512-WulqXMDUTYAXCjZnk6JtIHPigp55cVtDgDrO2gHRwhyJto21+1zbVCtOYB2L1F9w4qCQ0rOGWBnBe0FNTiEJIQ=="
+    },
+    "node_modules/@types/express": {
+      "version": "4.17.17",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz",
+      "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==",
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^4.17.33",
+        "@types/qs": "*",
+        "@types/serve-static": "*"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "4.17.33",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.33.tgz",
+      "integrity": "sha512-TPBqmR/HRYI3eC2E5hmiivIzv+bidAfXofM+sbonAGvyDhySGw9/PQZFt2BLOrjUUR++4eJVpx6KnLQK1Fk9tA==",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*"
+      }
+    },
+    "node_modules/@types/graceful-fs": {
+      "version": "4.1.6",
+      "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.6.tgz",
+      "integrity": "sha512-Sig0SNORX9fdW+bQuTEovKj3uHcUL6LQKbCrrqb1X7J6/ReAbhCXRAhc+SMejhLELFj2QcyuxmUooZ4bt5ReSw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/hast": {
+      "version": "2.3.4",
+      "resolved": "https://registry.npmjs.org/@types/hast/-/hast-2.3.4.tgz",
+      "integrity": "sha512-wLEm0QvaoawEDoTRwzTXp4b4jpwiJDvR5KMnFnVodm3scufTlBOWRD6N1OBf9TZMhjlNsSfcO5V+7AF4+Vy+9g==",
+      "dependencies": {
+        "@types/unist": "*"
+      }
+    },
+    "node_modules/@types/html-minifier-terser": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz",
+      "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg=="
+    },
+    "node_modules/@types/http-proxy": {
+      "version": "1.17.10",
+      "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.10.tgz",
+      "integrity": "sha512-Qs5aULi+zV1bwKAg5z1PWnDXWmsn+LxIvUGv6E2+OOMYhclZMO+OXd9pYVf2gLykf2I7IV2u7oTHwChPNsvJ7g==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/istanbul-lib-coverage": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz",
+      "integrity": "sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g=="
+    },
+    "node_modules/@types/istanbul-lib-report": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz",
+      "integrity": "sha512-plGgXAPfVKFoYfa9NpYDAkseG+g6Jr294RqeqcqDixSbU34MZVJRi/P+7Y8GDpzkEwLaGZZOpKIEmeVZNtKsrg==",
+      "dependencies": {
+        "@types/istanbul-lib-coverage": "*"
+      }
+    },
+    "node_modules/@types/istanbul-reports": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.1.tgz",
+      "integrity": "sha512-c3mAZEuK0lvBp8tmuL74XRKn1+y2dcwOUpH7x4WrF6gk1GIgiluDRgMYQtw2OFcBvAJWlt6ASU3tSqxp0Uu0Aw==",
+      "dependencies": {
+        "@types/istanbul-lib-report": "*"
+      }
+    },
+    "node_modules/@types/jest": {
+      "version": "27.5.2",
+      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-27.5.2.tgz",
+      "integrity": "sha512-mpT8LJJ4CMeeahobofYWIjFo0xonRS/HfxnVEPMPFSQdGUt1uHCnoPT7Zhb+sjDU2wz0oKV0OLUR0WzrHNgfeA==",
+      "dependencies": {
+        "jest-matcher-utils": "^27.0.0",
+        "pretty-format": "^27.0.0"
+      }
+    },
+    "node_modules/@types/js-yaml": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.5.tgz",
+      "integrity": "sha512-FhpRzf927MNQdRZP0J5DLIdTXhjLYzeUTmLAu69mnVksLH9CJY3IuSeEgbKUki7GQZm0WqDkGzyxju2EZGD2wA==",
+      "dev": true
+    },
+    "node_modules/@types/json-schema": {
+      "version": "7.0.11",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz",
+      "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ=="
+    },
+    "node_modules/@types/json5": {
+      "version": "0.0.29",
+      "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz",
+      "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ=="
+    },
+    "node_modules/@types/lodash": {
+      "version": "4.14.192",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.192.tgz",
+      "integrity": "sha512-km+Vyn3BYm5ytMO13k9KTp27O75rbQ0NFw+U//g+PX7VZyjCioXaRFisqSIJRECljcTv73G3i6BpglNGHgUQ5A==",
+      "dev": true
+    },
+    "node_modules/@types/mime": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz",
+      "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA=="
+    },
+    "node_modules/@types/node": {
+      "version": "16.18.18",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.18.tgz",
+      "integrity": "sha512-fwGw1uvQAzabxL1pyoknPlJIF2t7+K90uTqynleKRx24n3lYcxWa3+KByLhgkF8GEAK2c7hC8Ki0RkNM5H15jQ=="
+    },
+    "node_modules/@types/parse-json": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz",
+      "integrity": "sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA=="
+    },
+    "node_modules/@types/prettier": {
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.2.tgz",
+      "integrity": "sha512-KufADq8uQqo1pYKVIYzfKbJfBAc0sOeXqGbFaSpv8MRmC/zXgowNZmFcbngndGk922QDmOASEXUZCaY48gs4cg=="
+    },
+    "node_modules/@types/prop-types": {
+      "version": "15.7.5",
+      "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz",
+      "integrity": "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w=="
+    },
+    "node_modules/@types/q": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmjs.org/@types/q/-/q-1.5.5.tgz",
+      "integrity": "sha512-L28j2FcJfSZOnL1WBjDYp2vUHCeIFlyYI/53EwD/rKUBQ7MtUUfbQWiyKJGpcnv4/WgrhWsFKrcPstcAt/J0tQ=="
+    },
+    "node_modules/@types/qs": {
+      "version": "6.9.7",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.7.tgz",
+      "integrity": "sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw=="
+    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.4.tgz",
+      "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw=="
+    },
+    "node_modules/@types/react": {
+      "version": "18.0.28",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.0.28.tgz",
+      "integrity": "sha512-RD0ivG1kEztNBdoAK7lekI9M+azSnitIn85h4iOiaLjaTrMjzslhaqCGaI4IyCJ1RljWiLCEu4jyrLLgqxBTew==",
+      "dependencies": {
+        "@types/prop-types": "*",
+        "@types/scheduler": "*",
+        "csstype": "^3.0.2"
+      }
+    },
+    "node_modules/@types/react-dom": {
+      "version": "18.0.11",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.11.tgz",
+      "integrity": "sha512-O38bPbI2CWtgw/OoQoY+BRelw7uysmXbWvw3nLWO21H1HSh+GOlqPuXshJfjmpNlKiiSDG9cc1JZAaMmVdcTlw==",
+      "dependencies": {
+        "@types/react": "*"
+      }
+    },
+    "node_modules/@types/react-is": {
+      "version": "17.0.3",
+      "resolved": "https://registry.npmjs.org/@types/react-is/-/react-is-17.0.3.tgz",
+      "integrity": "sha512-aBTIWg1emtu95bLTLx0cpkxwGW3ueZv71nE2YFBpL8k/z5czEW8yYpOo8Dp+UUAFAtKwNaOsh/ioSeQnWlZcfw==",
+      "dependencies": {
+        "@types/react": "*"
+      }
+    },
+    "node_modules/@types/react-syntax-highlighter": {
+      "version": "15.5.6",
+      "resolved": "https://registry.npmjs.org/@types/react-syntax-highlighter/-/react-syntax-highlighter-15.5.6.tgz",
+      "integrity": "sha512-i7wFuLbIAFlabTeD2I1cLjEOrG/xdMa/rpx2zwzAoGHuXJDhSqp9BSfDlMHSh9JSuNfxHk9eEmMX6D55GiyjGg==",
+      "dev": true,
+      "dependencies": {
+        "@types/react": "*"
+      }
+    },
+    "node_modules/@types/react-transition-group": {
+      "version": "4.4.5",
+      "resolved": "https://registry.npmjs.org/@types/react-transition-group/-/react-transition-group-4.4.5.tgz",
+      "integrity": "sha512-juKD/eiSM3/xZYzjuzH6ZwpP+/lejltmiS3QEzV/vmb/Q8+HfDmxu+Baga8UEMGBqV88Nbg4l2hY/K2DkyaLLA==",
+      "dependencies": {
+        "@types/react": "*"
+      }
+    },
+    "node_modules/@types/resolve": {
+      "version": "1.17.1",
+      "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz",
+      "integrity": "sha512-yy7HuzQhj0dhGpD8RLXSZWEkLsV9ibvxvi6EiJ3bkqLAO1RGo0WbkWQiwpRlSFymTJRz0d3k5LM3kkx8ArDbLw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/retry": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.0.tgz",
+      "integrity": "sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA=="
+    },
+    "node_modules/@types/scheduler": {
+      "version": "0.16.2",
+      "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz",
+      "integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="
+    },
+    "node_modules/@types/semver": {
+      "version": "7.3.13",
+      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.3.13.tgz",
+      "integrity": "sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw=="
+    },
+    "node_modules/@types/serve-index": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.1.tgz",
+      "integrity": "sha512-d/Hs3nWDxNL2xAczmOVZNj92YZCS6RGxfBPjKzuu/XirCgXdpKEb88dYNbrYGint6IVWLNP+yonwVAuRC0T2Dg==",
+      "dependencies": {
+        "@types/express": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "1.15.1",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz",
+      "integrity": "sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==",
+      "dependencies": {
+        "@types/mime": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/sockjs": {
+      "version": "0.3.33",
+      "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.33.tgz",
+      "integrity": "sha512-f0KEEe05NvUnat+boPTZ0dgaLZ4SfSouXUgv5noUiefG2ajgKjmETo9ZJyuqsl7dfl2aHlLJUiki6B4ZYldiiw==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/stack-utils": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.1.tgz",
+      "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw=="
+    },
+    "node_modules/@types/testing-library__jest-dom": {
+      "version": "5.14.5",
+      "resolved": "https://registry.npmjs.org/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.14.5.tgz",
+      "integrity": "sha512-SBwbxYoyPIvxHbeHxTZX2Pe/74F/tX2/D3mMvzabdeJ25bBojfW0TyB8BHrbq/9zaaKICJZjLP+8r6AeZMFCuQ==",
+      "dependencies": {
+        "@types/jest": "*"
+      }
+    },
+    "node_modules/@types/trusted-types": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.3.tgz",
+      "integrity": "sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g=="
+    },
+    "node_modules/@types/unist": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.6.tgz",
+      "integrity": "sha512-PBjIUxZHOuj0R15/xuwJYjFi+KZdNFrehocChv4g5hu6aFroHue8m0lBP0POdK2nKzbw0cgV1mws8+V/JAcEkQ=="
+    },
+    "node_modules/@types/ws": {
+      "version": "8.5.4",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.4.tgz",
+      "integrity": "sha512-zdQDHKUgcX/zBc4GrwsE/7dVdAD8JR4EuiAXiiUhhfyIJXXb2+PrGshFyeXWQPMmmZ2XxgaqclgpIC7eTXc1mg==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/yargs": {
+      "version": "16.0.5",
+      "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.5.tgz",
+      "integrity": "sha512-AxO/ADJOBFJScHbWhq2xAhlWP24rY4aCEG/NFaMvbT3X2MgRsLjhjQwsn0Zi5zn0LG9jUhCCZMeX9Dkuw6k+vQ==",
+      "dependencies": {
+        "@types/yargs-parser": "*"
+      }
+    },
+    "node_modules/@types/yargs-parser": {
+      "version": "21.0.0",
+      "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.0.tgz",
+      "integrity": "sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA=="
+    },
+    "node_modules/@typescript-eslint/eslint-plugin": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.56.0.tgz",
+      "integrity": "sha512-ZNW37Ccl3oMZkzxrYDUX4o7cnuPgU+YrcaYXzsRtLB16I1FR5SHMqga3zGsaSliZADCWo2v8qHWqAYIj8nWCCg==",
+      "dependencies": {
+        "@eslint-community/regexpp": "^4.4.0",
+        "@typescript-eslint/scope-manager": "5.56.0",
+        "@typescript-eslint/type-utils": "5.56.0",
+        "@typescript-eslint/utils": "5.56.0",
+        "debug": "^4.3.4",
+        "grapheme-splitter": "^1.0.4",
+        "ignore": "^5.2.0",
+        "natural-compare-lite": "^1.4.0",
+        "semver": "^7.3.7",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "@typescript-eslint/parser": "^5.0.0",
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@typescript-eslint/experimental-utils": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.56.0.tgz",
+      "integrity": "sha512-sxWuj0eO5nItmKgZmsBbChVt90EhfkuncDCPbLAVeEJ+SCjXMcZN3AhhNbxed7IeGJ4XwsdL3/FMvD4r+FLqqA==",
+      "dependencies": {
+        "@typescript-eslint/utils": "5.56.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      }
+    },
+    "node_modules/@typescript-eslint/parser": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.56.0.tgz",
+      "integrity": "sha512-sn1OZmBxUsgxMmR8a8U5QM/Wl+tyqlH//jTqCg8daTAmhAk26L2PFhcqPLlYBhYUJMZJK276qLXlHN3a83o2cg==",
+      "dependencies": {
+        "@typescript-eslint/scope-manager": "5.56.0",
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/typescript-estree": "5.56.0",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@typescript-eslint/scope-manager": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.56.0.tgz",
+      "integrity": "sha512-jGYKyt+iBakD0SA5Ww8vFqGpoV2asSjwt60Gl6YcO8ksQ8s2HlUEyHBMSa38bdLopYqGf7EYQMUIGdT/Luw+sw==",
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/visitor-keys": "5.56.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/type-utils": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.56.0.tgz",
+      "integrity": "sha512-8WxgOgJjWRy6m4xg9KoSHPzBNZeQbGlQOH7l2QEhQID/+YseaFxg5J/DLwWSsi9Axj4e/cCiKx7PVzOq38tY4A==",
+      "dependencies": {
+        "@typescript-eslint/typescript-estree": "5.56.0",
+        "@typescript-eslint/utils": "5.56.0",
+        "debug": "^4.3.4",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@typescript-eslint/types": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.56.0.tgz",
+      "integrity": "sha512-JyAzbTJcIyhuUhogmiu+t79AkdnqgPUEsxMTMc/dCZczGMJQh1MK2wgrju++yMN6AWroVAy2jxyPcPr3SWCq5w==",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/typescript-estree": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.56.0.tgz",
+      "integrity": "sha512-41CH/GncsLXOJi0jb74SnC7jVPWeVJ0pxQj8bOjH1h2O26jXN3YHKDT1ejkVz5YeTEQPeLCCRY0U2r68tfNOcg==",
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/visitor-keys": "5.56.0",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "semver": "^7.3.7",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@typescript-eslint/utils": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.56.0.tgz",
+      "integrity": "sha512-XhZDVdLnUJNtbzaJeDSCIYaM+Tgr59gZGbFuELgF7m0IY03PlciidS7UQNKLE0+WpUTn1GlycEr6Ivb/afjbhA==",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.2.0",
+        "@types/json-schema": "^7.0.9",
+        "@types/semver": "^7.3.12",
+        "@typescript-eslint/scope-manager": "5.56.0",
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/typescript-estree": "5.56.0",
+        "eslint-scope": "^5.1.1",
+        "semver": "^7.3.7"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      }
+    },
+    "node_modules/@typescript-eslint/utils/node_modules/eslint-scope": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
+      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@typescript-eslint/utils/node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/@typescript-eslint/visitor-keys": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.56.0.tgz",
+      "integrity": "sha512-1mFdED7u5bZpX6Xxf5N9U2c18sb+8EvU3tyOIj6LQZ5OOvnmj8BVeNNP603OFPm5KkS1a7IvCIcwrdHXaEMG/Q==",
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "eslint-visitor-keys": "^3.3.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@webassemblyjs/ast": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz",
+      "integrity": "sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw==",
+      "dependencies": {
+        "@webassemblyjs/helper-numbers": "1.11.1",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/floating-point-hex-parser": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz",
+      "integrity": "sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ=="
+    },
+    "node_modules/@webassemblyjs/helper-api-error": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz",
+      "integrity": "sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg=="
+    },
+    "node_modules/@webassemblyjs/helper-buffer": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz",
+      "integrity": "sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA=="
+    },
+    "node_modules/@webassemblyjs/helper-numbers": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz",
+      "integrity": "sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ==",
+      "dependencies": {
+        "@webassemblyjs/floating-point-hex-parser": "1.11.1",
+        "@webassemblyjs/helper-api-error": "1.11.1",
+        "@xtuc/long": "4.2.2"
+      }
+    },
+    "node_modules/@webassemblyjs/helper-wasm-bytecode": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz",
+      "integrity": "sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q=="
+    },
+    "node_modules/@webassemblyjs/helper-wasm-section": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz",
+      "integrity": "sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/helper-buffer": "1.11.1",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
+        "@webassemblyjs/wasm-gen": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/ieee754": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz",
+      "integrity": "sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ==",
+      "dependencies": {
+        "@xtuc/ieee754": "^1.2.0"
+      }
+    },
+    "node_modules/@webassemblyjs/leb128": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.1.tgz",
+      "integrity": "sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw==",
+      "dependencies": {
+        "@xtuc/long": "4.2.2"
+      }
+    },
+    "node_modules/@webassemblyjs/utf8": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.1.tgz",
+      "integrity": "sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ=="
+    },
+    "node_modules/@webassemblyjs/wasm-edit": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz",
+      "integrity": "sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/helper-buffer": "1.11.1",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
+        "@webassemblyjs/helper-wasm-section": "1.11.1",
+        "@webassemblyjs/wasm-gen": "1.11.1",
+        "@webassemblyjs/wasm-opt": "1.11.1",
+        "@webassemblyjs/wasm-parser": "1.11.1",
+        "@webassemblyjs/wast-printer": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/wasm-gen": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz",
+      "integrity": "sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
+        "@webassemblyjs/ieee754": "1.11.1",
+        "@webassemblyjs/leb128": "1.11.1",
+        "@webassemblyjs/utf8": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/wasm-opt": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz",
+      "integrity": "sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/helper-buffer": "1.11.1",
+        "@webassemblyjs/wasm-gen": "1.11.1",
+        "@webassemblyjs/wasm-parser": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/wasm-parser": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz",
+      "integrity": "sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/helper-api-error": "1.11.1",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
+        "@webassemblyjs/ieee754": "1.11.1",
+        "@webassemblyjs/leb128": "1.11.1",
+        "@webassemblyjs/utf8": "1.11.1"
+      }
+    },
+    "node_modules/@webassemblyjs/wast-printer": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz",
+      "integrity": "sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg==",
+      "dependencies": {
+        "@webassemblyjs/ast": "1.11.1",
+        "@xtuc/long": "4.2.2"
+      }
+    },
+    "node_modules/@xtuc/ieee754": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz",
+      "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA=="
+    },
+    "node_modules/@xtuc/long": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz",
+      "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ=="
+    },
+    "node_modules/abab": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz",
+      "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA=="
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.8.2",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
+      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-globals": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-6.0.0.tgz",
+      "integrity": "sha512-ZQl7LOWaF5ePqqcX4hLuv/bLXYQNfNWw2c0/yX/TsPRKamzHcTGQnlCjHT3TsmkOUVEPS3crCxiPfdzE/Trlhg==",
+      "dependencies": {
+        "acorn": "^7.1.1",
+        "acorn-walk": "^7.1.1"
+      }
+    },
+    "node_modules/acorn-globals/node_modules/acorn": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-import-assertions": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
+      "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==",
+      "peerDependencies": {
+        "acorn": "^8"
+      }
+    },
+    "node_modules/acorn-jsx": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
+      "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
+      "peerDependencies": {
+        "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      }
+    },
+    "node_modules/acorn-node": {
+      "version": "1.8.2",
+      "resolved": "https://registry.npmjs.org/acorn-node/-/acorn-node-1.8.2.tgz",
+      "integrity": "sha512-8mt+fslDufLYntIoPAaIMUe/lrbrehIiwmR3t2k9LljIzoigEPF27eLk2hy8zSGzmR/ogr7zbRKINMo1u0yh5A==",
+      "dependencies": {
+        "acorn": "^7.0.0",
+        "acorn-walk": "^7.0.0",
+        "xtend": "^4.0.2"
+      }
+    },
+    "node_modules/acorn-node/node_modules/acorn": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-walk": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz",
+      "integrity": "sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/address": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/address/-/address-1.2.2.tgz",
+      "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/adjust-sourcemap-loader": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/adjust-sourcemap-loader/-/adjust-sourcemap-loader-4.0.0.tgz",
+      "integrity": "sha512-OXwN5b9pCUXNQHJpwwD2qP40byEmSgzj8B4ydSN0uMNYWiFmJ6x6KwUllMmfk8Rwu/HJDFR7U8ubsWBoN0Xp0A==",
+      "dependencies": {
+        "loader-utils": "^2.0.0",
+        "regex-parser": "^2.2.11"
+      },
+      "engines": {
+        "node": ">=8.9"
+      }
+    },
+    "node_modules/agent-base": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+      "dependencies": {
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/ajv-formats": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz",
+      "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==",
+      "dependencies": {
+        "ajv": "^8.0.0"
+      },
+      "peerDependencies": {
+        "ajv": "^8.0.0"
+      },
+      "peerDependenciesMeta": {
+        "ajv": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/ajv-formats/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/ajv-formats/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/ajv-keywords": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz",
+      "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==",
+      "peerDependencies": {
+        "ajv": "^6.9.1"
+      }
+    },
+    "node_modules/ansi-colors": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz",
+      "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==",
+      "dev": true,
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/ansi-escapes": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
+      "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==",
+      "dependencies": {
+        "type-fest": "^0.21.3"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/ansi-html-community": {
+      "version": "0.0.8",
+      "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz",
+      "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==",
+      "engines": [
+        "node >= 0.8.0"
+      ],
+      "bin": {
+        "ansi-html": "bin/ansi-html"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/arg": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz",
+      "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
+    },
+    "node_modules/aria-query": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.1.3.tgz",
+      "integrity": "sha512-R5iJ5lkuHybztUfuOAznmboyjWq8O6sqNqtK7CLOqdydi54VNbORp49mb14KbWgG1QD3JFO9hJdZ+y4KutfdOQ==",
+      "dependencies": {
+        "deep-equal": "^2.0.5"
+      }
+    },
+    "node_modules/array-buffer-byte-length": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz",
+      "integrity": "sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "is-array-buffer": "^3.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-2.1.2.tgz",
+      "integrity": "sha512-hNfzcOV8W4NdualtqBFPyVO+54DSJuZGY9qT4pRroB6S9e3iiido2ISIC5h9R2sPJ8H3FHCIiEnsv1lPXO3KtQ=="
+    },
+    "node_modules/array-includes": {
+      "version": "3.1.6",
+      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz",
+      "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "get-intrinsic": "^1.1.3",
+        "is-string": "^1.0.7"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array-union": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/array.prototype.flat": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz",
+      "integrity": "sha512-roTU0KWIOmJ4DRLmwKd19Otg0/mT3qPNt0Qb3GWW8iObuZXxrjB/pzn0R3hqpRSWg4HCwqx+0vwOnWnvlOyeIA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "es-shim-unscopables": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array.prototype.flatmap": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.1.tgz",
+      "integrity": "sha512-8UGn9O1FDVvMNB0UlLv4voxRMze7+FpHyF5mSMRjWHUMlpoDViniy05870VlxhfgTnLbpuwTzvD76MTtWxB/mQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "es-shim-unscopables": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array.prototype.reduce": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/array.prototype.reduce/-/array.prototype.reduce-1.0.5.tgz",
+      "integrity": "sha512-kDdugMl7id9COE8R7MHF5jWk7Dqt/fs4Pv+JXoICnYwqpjjjbUurz6w5fT5IG6brLdJhv6/VoHB0H7oyIBXd+Q==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "es-array-method-boxes-properly": "^1.0.0",
+        "is-string": "^1.0.7"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array.prototype.tosorted": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array.prototype.tosorted/-/array.prototype.tosorted-1.1.1.tgz",
+      "integrity": "sha512-pZYPXPRl2PqWcsUs6LOMn+1f1532nEoPTYowBtqLwAW+W8vSVhkIGnmOX1t/UQjD6YGI0vcD2B1U7ZFGQH9jnQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "es-shim-unscopables": "^1.0.0",
+        "get-intrinsic": "^1.1.3"
+      }
+    },
+    "node_modules/asap": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
+      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA=="
+    },
+    "node_modules/ast-types-flow": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.7.tgz",
+      "integrity": "sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag=="
+    },
+    "node_modules/astral-regex": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
+      "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/async": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
+      "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ=="
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    },
+    "node_modules/at-least-node": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
+      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/autoprefixer": {
+      "version": "10.4.14",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.14.tgz",
+      "integrity": "sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/autoprefixer"
+        }
+      ],
+      "dependencies": {
+        "browserslist": "^4.21.5",
+        "caniuse-lite": "^1.0.30001464",
+        "fraction.js": "^4.2.0",
+        "normalize-range": "^0.1.2",
+        "picocolors": "^1.0.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "bin": {
+        "autoprefixer": "bin/autoprefixer"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/available-typed-arrays": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz",
+      "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/axe-core": {
+      "version": "4.6.3",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.6.3.tgz",
+      "integrity": "sha512-/BQzOX780JhsxDnPpH4ZiyrJAzcd8AfzFPkv+89veFSr1rcMjuq2JDCwypKaPeB6ljHp9KjXhPpjgCvQlWYuqg==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/axobject-query": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.1.1.tgz",
+      "integrity": "sha512-goKlv8DZrK9hUh975fnHzhNIO4jUnFCfv/dszV5VwUGDFjI6vQ2VwoyjYjYNEbBE8AH87TduWP5uyDR1D+Iteg==",
+      "dependencies": {
+        "deep-equal": "^2.0.5"
+      }
+    },
+    "node_modules/babel-jest": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-27.5.1.tgz",
+      "integrity": "sha512-cdQ5dXjGRd0IBRATiQ4mZGlGlRE8kJpjPOixdNRdT+m3UcNqmYWN6rK6nvtXYfY3D76cb8s/O1Ss8ea24PIwcg==",
+      "dependencies": {
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/babel__core": "^7.1.14",
+        "babel-plugin-istanbul": "^6.1.1",
+        "babel-preset-jest": "^27.5.1",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.8.0"
+      }
+    },
+    "node_modules/babel-jest/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/babel-jest/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/babel-jest/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/babel-jest/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/babel-jest/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/babel-jest/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/babel-loader": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz",
+      "integrity": "sha512-H8SvsMF+m9t15HNLMipppzkC+Y2Yq+v3SonZyU70RBL/h1gxPkH08Ot8pEE9Z4Kd+czyWJClmFS8qzIP9OZ04Q==",
+      "dependencies": {
+        "find-cache-dir": "^3.3.1",
+        "loader-utils": "^2.0.0",
+        "make-dir": "^3.1.0",
+        "schema-utils": "^2.6.5"
+      },
+      "engines": {
+        "node": ">= 8.9"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0",
+        "webpack": ">=2"
+      }
+    },
+    "node_modules/babel-loader/node_modules/schema-utils": {
+      "version": "2.7.1",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.1.tgz",
+      "integrity": "sha512-SHiNtMOUGWBQJwzISiVYKu82GiV4QYGePp3odlY1tuKO7gPtphAT5R/py0fA6xtbgLL/RvtJZnU9b8s0F1q0Xg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.5",
+        "ajv": "^6.12.4",
+        "ajv-keywords": "^3.5.2"
+      },
+      "engines": {
+        "node": ">= 8.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/babel-plugin-istanbul": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz",
+      "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.0.0",
+        "@istanbuljs/load-nyc-config": "^1.0.0",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-instrument": "^5.0.4",
+        "test-exclude": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/babel-plugin-jest-hoist": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-27.5.1.tgz",
+      "integrity": "sha512-50wCwD5EMNW4aRpOwtqzyZHIewTYNxLA4nhB+09d8BIssfNfzBRhkBIHiaPv1Si226TQSvp8gxAJm2iY2qs2hQ==",
+      "dependencies": {
+        "@babel/template": "^7.3.3",
+        "@babel/types": "^7.3.3",
+        "@types/babel__core": "^7.0.0",
+        "@types/babel__traverse": "^7.0.6"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/babel-plugin-macros": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-macros/-/babel-plugin-macros-3.1.0.tgz",
+      "integrity": "sha512-Cg7TFGpIr01vOQNODXOOaGz2NpCU5gl8x1qJFbb6hbZxR7XrcE2vtbAsTAbJ7/xwJtUuJEw8K8Zr/AE0LHlesg==",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5",
+        "cosmiconfig": "^7.0.0",
+        "resolve": "^1.19.0"
+      },
+      "engines": {
+        "node": ">=10",
+        "npm": ">=6"
+      }
+    },
+    "node_modules/babel-plugin-named-asset-import": {
+      "version": "0.3.8",
+      "resolved": "https://registry.npmjs.org/babel-plugin-named-asset-import/-/babel-plugin-named-asset-import-0.3.8.tgz",
+      "integrity": "sha512-WXiAc++qo7XcJ1ZnTYGtLxmBCVbddAml3CEXgWaBzNzLNoxtQ8AiGEFDMOhot9XjTCQbvP5E77Fj9Gk924f00Q==",
+      "peerDependencies": {
+        "@babel/core": "^7.1.0"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-corejs2": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.3.3.tgz",
+      "integrity": "sha512-8hOdmFYFSZhqg2C/JgLUQ+t52o5nirNwaWM2B9LWteozwIvM14VSwdsCAUET10qT+kmySAlseadmfeeSWFCy+Q==",
+      "dependencies": {
+        "@babel/compat-data": "^7.17.7",
+        "@babel/helper-define-polyfill-provider": "^0.3.3",
+        "semver": "^6.1.1"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-corejs3": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.6.0.tgz",
+      "integrity": "sha512-+eHqR6OPcBhJOGgsIar7xoAB1GcSwVUA3XjAd7HJNzOXT4wv6/H7KIdA/Nc60cvUlDbKApmqNvD1B1bzOt4nyA==",
+      "dependencies": {
+        "@babel/helper-define-polyfill-provider": "^0.3.3",
+        "core-js-compat": "^3.25.1"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/babel-plugin-polyfill-regenerator": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.4.1.tgz",
+      "integrity": "sha512-NtQGmyQDXjQqQ+IzRkBVwEOz9lQ4zxAQZgoAYEtU9dJjnl1Oc98qnN7jcp+bE7O7aYzVpavXE3/VKXNzUbh7aw==",
+      "dependencies": {
+        "@babel/helper-define-polyfill-provider": "^0.3.3"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/babel-plugin-transform-react-remove-prop-types": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-react-remove-prop-types/-/babel-plugin-transform-react-remove-prop-types-0.4.24.tgz",
+      "integrity": "sha512-eqj0hVcJUR57/Ug2zE1Yswsw4LhuqqHhD+8v120T1cl3kjg76QwtyBrdIk4WVwK+lAhBJVYCd/v+4nc4y+8JsA=="
+    },
+    "node_modules/babel-preset-current-node-syntax": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz",
+      "integrity": "sha512-M7LQ0bxarkxQoN+vz5aJPsLBn77n8QgTFmo8WK0/44auK2xlCXrYcUxHFxgU7qW5Yzw/CjmLRK2uJzaCd7LvqQ==",
+      "dependencies": {
+        "@babel/plugin-syntax-async-generators": "^7.8.4",
+        "@babel/plugin-syntax-bigint": "^7.8.3",
+        "@babel/plugin-syntax-class-properties": "^7.8.3",
+        "@babel/plugin-syntax-import-meta": "^7.8.3",
+        "@babel/plugin-syntax-json-strings": "^7.8.3",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.8.3",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3",
+        "@babel/plugin-syntax-numeric-separator": "^7.8.3",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3",
+        "@babel/plugin-syntax-top-level-await": "^7.8.3"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/babel-preset-jest": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-27.5.1.tgz",
+      "integrity": "sha512-Nptf2FzlPCWYuJg41HBqXVT8ym6bXOevuCTbhxlUpjwtysGaIWFvDEjp4y+G7fl13FgOdjs7P/DmErqH7da0Ag==",
+      "dependencies": {
+        "babel-plugin-jest-hoist": "^27.5.1",
+        "babel-preset-current-node-syntax": "^1.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/babel-preset-react-app": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/babel-preset-react-app/-/babel-preset-react-app-10.0.1.tgz",
+      "integrity": "sha512-b0D9IZ1WhhCWkrTXyFuIIgqGzSkRIH5D5AmB0bXbzYAB1OBAwHcUeyWW2LorutLWF5btNo/N7r/cIdmvvKJlYg==",
+      "dependencies": {
+        "@babel/core": "^7.16.0",
+        "@babel/plugin-proposal-class-properties": "^7.16.0",
+        "@babel/plugin-proposal-decorators": "^7.16.4",
+        "@babel/plugin-proposal-nullish-coalescing-operator": "^7.16.0",
+        "@babel/plugin-proposal-numeric-separator": "^7.16.0",
+        "@babel/plugin-proposal-optional-chaining": "^7.16.0",
+        "@babel/plugin-proposal-private-methods": "^7.16.0",
+        "@babel/plugin-transform-flow-strip-types": "^7.16.0",
+        "@babel/plugin-transform-react-display-name": "^7.16.0",
+        "@babel/plugin-transform-runtime": "^7.16.4",
+        "@babel/preset-env": "^7.16.4",
+        "@babel/preset-react": "^7.16.0",
+        "@babel/preset-typescript": "^7.16.0",
+        "@babel/runtime": "^7.16.3",
+        "babel-plugin-macros": "^3.1.0",
+        "babel-plugin-transform-react-remove-prop-types": "^0.4.24"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
+    },
+    "node_modules/batch": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz",
+      "integrity": "sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw=="
+    },
+    "node_modules/bfj": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/bfj/-/bfj-7.0.2.tgz",
+      "integrity": "sha512-+e/UqUzwmzJamNF50tBV6tZPTORow7gQ96iFow+8b562OdMpEK0BcJEq2OSPEDmAbSMBQ7PKZ87ubFkgxpYWgw==",
+      "dependencies": {
+        "bluebird": "^3.5.5",
+        "check-types": "^11.1.1",
+        "hoopy": "^0.1.4",
+        "tryer": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      }
+    },
+    "node_modules/big.js": {
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
+      "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/bluebird": {
+      "version": "3.7.2",
+      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz",
+      "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg=="
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.1",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "content-type": "~1.0.4",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "http-errors": "2.0.0",
+        "iconv-lite": "0.4.24",
+        "on-finished": "2.4.1",
+        "qs": "6.11.0",
+        "raw-body": "2.5.1",
+        "type-is": "~1.6.18",
+        "unpipe": "1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/body-parser/node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/body-parser/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/body-parser/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/body-parser/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/bonjour-service": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.1.1.tgz",
+      "integrity": "sha512-Z/5lQRMOG9k7W+FkeGTNjh7htqn/2LMnfOvBZ8pynNZCM9MwkQkI3zeI4oz09uWdcgmgHugVvBqxGg4VQJ5PCg==",
+      "dependencies": {
+        "array-flatten": "^2.1.2",
+        "dns-equal": "^1.0.0",
+        "fast-deep-equal": "^3.1.3",
+        "multicast-dns": "^7.2.5"
+      }
+    },
+    "node_modules/boolbase": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
+      "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww=="
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dependencies": {
+        "fill-range": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/browser-process-hrtime": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/browser-process-hrtime/-/browser-process-hrtime-1.0.0.tgz",
+      "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow=="
+    },
+    "node_modules/browserslist": {
+      "version": "4.21.5",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.5.tgz",
+      "integrity": "sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        }
+      ],
+      "dependencies": {
+        "caniuse-lite": "^1.0.30001449",
+        "electron-to-chromium": "^1.4.284",
+        "node-releases": "^2.0.8",
+        "update-browserslist-db": "^1.0.10"
+      },
+      "bin": {
+        "browserslist": "cli.js"
+      },
+      "engines": {
+        "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7"
+      }
+    },
+    "node_modules/bser": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz",
+      "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==",
+      "dependencies": {
+        "node-int64": "^0.4.0"
+      }
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
+      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="
+    },
+    "node_modules/builtin-modules": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz",
+      "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==",
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz",
+      "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
+      "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+      "dependencies": {
+        "function-bind": "^1.1.1",
+        "get-intrinsic": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/callsites": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/camel-case": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz",
+      "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==",
+      "dependencies": {
+        "pascal-case": "^3.1.2",
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/camelcase": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz",
+      "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/camelcase-css": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz",
+      "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/caniuse-api": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz",
+      "integrity": "sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==",
+      "dependencies": {
+        "browserslist": "^4.0.0",
+        "caniuse-lite": "^1.0.0",
+        "lodash.memoize": "^4.1.2",
+        "lodash.uniq": "^4.5.0"
+      }
+    },
+    "node_modules/caniuse-lite": {
+      "version": "1.0.30001469",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001469.tgz",
+      "integrity": "sha512-Rcp7221ScNqQPP3W+lVOYDyjdR6dC+neEQCttoNr5bAyz54AboB4iwpnWgyi8P4YUsPybVzT4LgWiBbI3drL4g==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/caniuse-lite"
+        }
+      ]
+    },
+    "node_modules/canvas-renderer": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/canvas-renderer/-/canvas-renderer-2.2.1.tgz",
+      "integrity": "sha512-RrBgVL5qCEDIXpJ6NrzyRNoTnXxYarqm/cS/W6ERhUJts5UQtt/XPEosGN3rqUkZ4fjBArlnCbsISJ+KCFnIAg==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/case-sensitive-paths-webpack-plugin": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/case-sensitive-paths-webpack-plugin/-/case-sensitive-paths-webpack-plugin-2.4.0.tgz",
+      "integrity": "sha512-roIFONhcxog0JSSWbvVAh3OocukmSgpqOH6YpMkCvav/ySIV3JKg4Dc8vYtQjYi/UxpNE36r/9v+VqTQqgkYmw==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/char-regex": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz",
+      "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/character-entities": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.4.tgz",
+      "integrity": "sha512-iBMyeEHxfVnIakwOuDXpVkc54HijNgCyQB2w0VfGQThle6NXn50zU6V/u+LDhxHcDUPojn6Kpga3PTAD8W1bQw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/character-entities-legacy": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-1.1.4.tgz",
+      "integrity": "sha512-3Xnr+7ZFS1uxeiUDvV02wQ+QDbc55o97tIV5zHScSPJpcLm/r0DFPcoY3tYRp+VZukxuMeKgXYmsXQHO05zQeA==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/character-reference-invalid": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-1.1.4.tgz",
+      "integrity": "sha512-mKKUkUbhPpQlCOfIuZkvSEgktjPFIsZKRRbC6KWVEMvlzblj3i3asQv5ODsrwt0N3pHAEvjP8KTQPHkp0+6jOg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/check-types": {
+      "version": "11.2.2",
+      "resolved": "https://registry.npmjs.org/check-types/-/check-types-11.2.2.tgz",
+      "integrity": "sha512-HBiYvXvn9Z70Z88XKjz3AEKd4HJhBXsa3j7xFnITAzoS8+q6eIGi8qDB8FKPBAjtuxjI/zFpwuiCb8oDtKOYrA=="
+    },
+    "node_modules/chokidar": {
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://paulmillr.com/funding/"
+        }
+      ],
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/chokidar/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/chrome-trace-event": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz",
+      "integrity": "sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg==",
+      "engines": {
+        "node": ">=6.0"
+      }
+    },
+    "node_modules/ci-info": {
+      "version": "3.8.0",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.8.0.tgz",
+      "integrity": "sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/sibiraj-s"
+        }
+      ],
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cjs-module-lexer": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.2.tgz",
+      "integrity": "sha512-cOU9usZw8/dXIXKtwa8pM0OTJQuJkxMN6w30csNRUerHfeQ5R6U3kkU/FtJeIf3M202OHfY2U8ccInBG7/xogA=="
+    },
+    "node_modules/clean-css": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.3.2.tgz",
+      "integrity": "sha512-JVJbM+f3d3Q704rF4bqQ5UUyTtuJ0JRKNbTKVEeujCCBoMdkEi+V+e8oktO9qGQNSvHrFTM6JZRXrUvGR1czww==",
+      "dependencies": {
+        "source-map": "~0.6.0"
+      },
+      "engines": {
+        "node": ">= 10.0"
+      }
+    },
+    "node_modules/clean-css/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "7.0.4",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
+      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^7.0.0"
+      }
+    },
+    "node_modules/clsx": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/clsx/-/clsx-1.2.1.tgz",
+      "integrity": "sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/co": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
+      "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==",
+      "engines": {
+        "iojs": ">= 1.0.0",
+        "node": ">= 0.12.0"
+      }
+    },
+    "node_modules/coa": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/coa/-/coa-2.0.2.tgz",
+      "integrity": "sha512-q5/jG+YQnSy4nRTV4F7lPepBJZ8qBNJJDBuJdoejDyLXgmL7IEo+Le2JDZudFTFt7mrCqIRaSjws4ygRCTCAXA==",
+      "dependencies": {
+        "@types/q": "^1.5.1",
+        "chalk": "^2.4.1",
+        "q": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 4.0"
+      }
+    },
+    "node_modules/collect-v8-coverage": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz",
+      "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg=="
+    },
+    "node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
+    },
+    "node_modules/colord": {
+      "version": "2.9.3",
+      "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz",
+      "integrity": "sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw=="
+    },
+    "node_modules/colorette": {
+      "version": "2.0.19",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz",
+      "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ=="
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/comma-separated-tokens": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-1.0.8.tgz",
+      "integrity": "sha512-GHuDRO12Sypu2cV70d1dkA2EUmXHgntrzbpvOB+Qy+49ypNfGgFQIC2fhhXbnyrJRynDCAARsT7Ou0M6hirpfw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/commander": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
+      "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/common-path-prefix": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz",
+      "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w=="
+    },
+    "node_modules/common-tags": {
+      "version": "1.8.2",
+      "resolved": "https://registry.npmjs.org/common-tags/-/common-tags-1.8.2.tgz",
+      "integrity": "sha512-gk/Z852D2Wtb//0I+kRFNKKE9dIIVirjoqPoA1wJU+XePVXZfGeBpk45+A1rKO4Q43prqWBNY/MiIeRLbPWUaA==",
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/commondir": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz",
+      "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg=="
+    },
+    "node_modules/compressible": {
+      "version": "2.0.18",
+      "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz",
+      "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==",
+      "dependencies": {
+        "mime-db": ">= 1.43.0 < 2"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/compression": {
+      "version": "1.7.4",
+      "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.4.tgz",
+      "integrity": "sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==",
+      "dependencies": {
+        "accepts": "~1.3.5",
+        "bytes": "3.0.0",
+        "compressible": "~2.0.16",
+        "debug": "2.6.9",
+        "on-headers": "~1.0.2",
+        "safe-buffer": "5.1.2",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/compression/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/compression/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/compression/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
+    },
+    "node_modules/confusing-browser-globals": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.11.tgz",
+      "integrity": "sha512-JsPKdmh8ZkmnHxDk55FZ1TqVLvEQTvoByJZRN9jzI0UjxK/QgAmsphz7PGtqgPieQZ/CQcHWXCR7ATDNhGe+YA=="
+    },
+    "node_modules/connect-history-api-fallback": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz",
+      "integrity": "sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==",
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/convert-source-map": {
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz",
+      "integrity": "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A=="
+    },
+    "node_modules/cookie": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
+      "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
+    },
+    "node_modules/core-js": {
+      "version": "3.29.1",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.29.1.tgz",
+      "integrity": "sha512-+jwgnhg6cQxKYIIjGtAHq2nwUOolo9eoFZ4sHfUH09BLXBgxnH4gA0zEd+t+BO2cNB8idaBtZFcFTRjQJRJmAw==",
+      "hasInstallScript": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/core-js"
+      }
+    },
+    "node_modules/core-js-compat": {
+      "version": "3.29.1",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.29.1.tgz",
+      "integrity": "sha512-QmchCua884D8wWskMX8tW5ydINzd8oSJVx38lx/pVkFGqztxt73GYre3pm/hyYq8bPf+MW5In4I/uRShFDsbrA==",
+      "dependencies": {
+        "browserslist": "^4.21.5"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/core-js"
+      }
+    },
+    "node_modules/core-js-pure": {
+      "version": "3.29.1",
+      "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.29.1.tgz",
+      "integrity": "sha512-4En6zYVi0i0XlXHVz/bi6l1XDjCqkKRq765NXuX+SnaIatlE96Odt5lMLjdxUiNI1v9OXI5DSLWYPlmTfkTktg==",
+      "hasInstallScript": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/core-js"
+      }
+    },
+    "node_modules/core-util-is": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
+      "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
+    },
+    "node_modules/cosmiconfig": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.1.0.tgz",
+      "integrity": "sha512-AdmX6xUzdNASswsFtmwSt7Vj8po9IuqXm0UXz7QKPuEUmPB4XyjGfaAr2PSuELMwkRMVH1EpIkX5bTZGRB3eCA==",
+      "dependencies": {
+        "@types/parse-json": "^4.0.0",
+        "import-fresh": "^3.2.1",
+        "parse-json": "^5.0.0",
+        "path-type": "^4.0.0",
+        "yaml": "^1.10.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/crypto-random-string": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz",
+      "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/css-blank-pseudo": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/css-blank-pseudo/-/css-blank-pseudo-3.0.3.tgz",
+      "integrity": "sha512-VS90XWtsHGqoM0t4KpH053c4ehxZ2E6HtGI7x68YFV0pTo/QmkV/YFA+NnlvK8guxZVNWGQhVNJGC39Q8XF4OQ==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.9"
+      },
+      "bin": {
+        "css-blank-pseudo": "dist/cli.cjs"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/css-declaration-sorter": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-6.3.1.tgz",
+      "integrity": "sha512-fBffmak0bPAnyqc/HO8C3n2sHrp9wcqQz6ES9koRF2/mLOVAx9zIQ3Y7R29sYCteTPqMCwns4WYQoCX91Xl3+w==",
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.0.9"
+      }
+    },
+    "node_modules/css-has-pseudo": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/css-has-pseudo/-/css-has-pseudo-3.0.4.tgz",
+      "integrity": "sha512-Vse0xpR1K9MNlp2j5w1pgWIJtm1a8qS0JwS9goFYcImjlHEmywP9VUF05aGBXzGpDJF86QXk4L0ypBmwPhGArw==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.9"
+      },
+      "bin": {
+        "css-has-pseudo": "dist/cli.cjs"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/css-loader": {
+      "version": "6.7.3",
+      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.7.3.tgz",
+      "integrity": "sha512-qhOH1KlBMnZP8FzRO6YCH9UHXQhVMcEGLyNdb7Hv2cpcmJbW0YrddO+tG1ab5nT41KpHIYGsbeHqxB9xPu1pKQ==",
+      "dependencies": {
+        "icss-utils": "^5.1.0",
+        "postcss": "^8.4.19",
+        "postcss-modules-extract-imports": "^3.0.0",
+        "postcss-modules-local-by-default": "^4.0.0",
+        "postcss-modules-scope": "^3.0.0",
+        "postcss-modules-values": "^4.0.0",
+        "postcss-value-parser": "^4.2.0",
+        "semver": "^7.3.8"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/css-minimizer-webpack-plugin": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-3.4.1.tgz",
+      "integrity": "sha512-1u6D71zeIfgngN2XNRJefc/hY7Ybsxd74Jm4qngIXyUEk7fss3VUzuHxLAq/R8NAba4QU9OUSaMZlbpRc7bM4Q==",
+      "dependencies": {
+        "cssnano": "^5.0.6",
+        "jest-worker": "^27.0.2",
+        "postcss": "^8.3.5",
+        "schema-utils": "^4.0.0",
+        "serialize-javascript": "^6.0.0",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@parcel/css": {
+          "optional": true
+        },
+        "clean-css": {
+          "optional": true
+        },
+        "csso": {
+          "optional": true
+        },
+        "esbuild": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/css-minimizer-webpack-plugin/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/css-minimizer-webpack-plugin/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/css-minimizer-webpack-plugin/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/css-minimizer-webpack-plugin/node_modules/schema-utils": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
+      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.8.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/css-minimizer-webpack-plugin/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/css-prefers-color-scheme": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/css-prefers-color-scheme/-/css-prefers-color-scheme-6.0.3.tgz",
+      "integrity": "sha512-4BqMbZksRkJQx2zAjrokiGMd07RqOa2IxIrrN10lyBe9xhn9DEvjUK79J6jkeiv9D9hQFXKb6g1jwU62jziJZA==",
+      "bin": {
+        "css-prefers-color-scheme": "dist/cli.cjs"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/css-select": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz",
+      "integrity": "sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==",
+      "dependencies": {
+        "boolbase": "^1.0.0",
+        "css-what": "^6.0.1",
+        "domhandler": "^4.3.1",
+        "domutils": "^2.8.0",
+        "nth-check": "^2.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/css-select-base-adapter": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/css-select-base-adapter/-/css-select-base-adapter-0.1.1.tgz",
+      "integrity": "sha512-jQVeeRG70QI08vSTwf1jHxp74JoZsr2XSgETae8/xC8ovSnL2WF87GTLO86Sbwdt2lK4Umg4HnnwMO4YF3Ce7w=="
+    },
+    "node_modules/css-tree": {
+      "version": "1.0.0-alpha.37",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.37.tgz",
+      "integrity": "sha512-DMxWJg0rnz7UgxKT0Q1HU/L9BeJI0M6ksor0OgqOnF+aRCDWg/N2641HmVyU9KVIu0OVVWOb2IpC9A+BJRnejg==",
+      "dependencies": {
+        "mdn-data": "2.0.4",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/css-tree/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/css-what": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz",
+      "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==",
+      "engines": {
+        "node": ">= 6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/css.escape": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz",
+      "integrity": "sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg=="
+    },
+    "node_modules/cssdb": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-7.4.1.tgz",
+      "integrity": "sha512-0Q8NOMpXJ3iTDDbUv9grcmQAfdDx4qz+fN/+Md2FGbevT+6+bJNQ2LjB2YIUlLbpBTM32idU1Sb+tb/uGt6/XQ==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      }
+    },
+    "node_modules/cssesc": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz",
+      "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==",
+      "bin": {
+        "cssesc": "bin/cssesc"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/cssnano": {
+      "version": "5.1.15",
+      "resolved": "https://registry.npmjs.org/cssnano/-/cssnano-5.1.15.tgz",
+      "integrity": "sha512-j+BKgDcLDQA+eDifLx0EO4XSA56b7uut3BQFH+wbSaSTuGLuiyTa/wbRYthUXX8LC9mLg+WWKe8h+qJuwTAbHw==",
+      "dependencies": {
+        "cssnano-preset-default": "^5.2.14",
+        "lilconfig": "^2.0.3",
+        "yaml": "^1.10.2"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/cssnano"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/cssnano-preset-default": {
+      "version": "5.2.14",
+      "resolved": "https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-5.2.14.tgz",
+      "integrity": "sha512-t0SFesj/ZV2OTylqQVOrFgEh5uanxbO6ZAdeCrNsUQ6fVuXwYTxJPNAGvGTxHbD68ldIJNec7PyYZDBrfDQ+6A==",
+      "dependencies": {
+        "css-declaration-sorter": "^6.3.1",
+        "cssnano-utils": "^3.1.0",
+        "postcss-calc": "^8.2.3",
+        "postcss-colormin": "^5.3.1",
+        "postcss-convert-values": "^5.1.3",
+        "postcss-discard-comments": "^5.1.2",
+        "postcss-discard-duplicates": "^5.1.0",
+        "postcss-discard-empty": "^5.1.1",
+        "postcss-discard-overridden": "^5.1.0",
+        "postcss-merge-longhand": "^5.1.7",
+        "postcss-merge-rules": "^5.1.4",
+        "postcss-minify-font-values": "^5.1.0",
+        "postcss-minify-gradients": "^5.1.1",
+        "postcss-minify-params": "^5.1.4",
+        "postcss-minify-selectors": "^5.2.1",
+        "postcss-normalize-charset": "^5.1.0",
+        "postcss-normalize-display-values": "^5.1.0",
+        "postcss-normalize-positions": "^5.1.1",
+        "postcss-normalize-repeat-style": "^5.1.1",
+        "postcss-normalize-string": "^5.1.0",
+        "postcss-normalize-timing-functions": "^5.1.0",
+        "postcss-normalize-unicode": "^5.1.1",
+        "postcss-normalize-url": "^5.1.0",
+        "postcss-normalize-whitespace": "^5.1.1",
+        "postcss-ordered-values": "^5.1.3",
+        "postcss-reduce-initial": "^5.1.2",
+        "postcss-reduce-transforms": "^5.1.0",
+        "postcss-svgo": "^5.1.0",
+        "postcss-unique-selectors": "^5.1.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/cssnano-utils": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-3.1.0.tgz",
+      "integrity": "sha512-JQNR19/YZhz4psLX/rQ9M83e3z2Wf/HdJbryzte4a3NSuafyp9w/I4U+hx5C2S9g41qlstH7DEWnZaaj83OuEA==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/csso": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/csso/-/csso-4.2.0.tgz",
+      "integrity": "sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==",
+      "dependencies": {
+        "css-tree": "^1.1.2"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/csso/node_modules/css-tree": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz",
+      "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==",
+      "dependencies": {
+        "mdn-data": "2.0.14",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/csso/node_modules/mdn-data": {
+      "version": "2.0.14",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz",
+      "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow=="
+    },
+    "node_modules/csso/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/cssom": {
+      "version": "0.4.4",
+      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.4.4.tgz",
+      "integrity": "sha512-p3pvU7r1MyyqbTk+WbNJIgJjG2VmTIaB10rI93LzVPrmDJKkzKYMtxxyAvQXR/NS6otuzveI7+7BBq3SjBS2mw=="
+    },
+    "node_modules/cssstyle": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz",
+      "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==",
+      "dependencies": {
+        "cssom": "~0.3.6"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cssstyle/node_modules/cssom": {
+      "version": "0.3.8",
+      "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz",
+      "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg=="
+    },
+    "node_modules/csstype": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz",
+      "integrity": "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw=="
+    },
+    "node_modules/damerau-levenshtein": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz",
+      "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA=="
+    },
+    "node_modules/data-urls": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-2.0.0.tgz",
+      "integrity": "sha512-X5eWTSXO/BJmpdIKCRuKUgSCgAN0OwliVK3yPKbwIWU1Tdw5BRajxlzMidvh+gwko9AfQ9zIj52pzF91Q3YAvQ==",
+      "dependencies": {
+        "abab": "^2.0.3",
+        "whatwg-mimetype": "^2.3.0",
+        "whatwg-url": "^8.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.3.4",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+      "dependencies": {
+        "ms": "2.1.2"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/decimal.js": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.3.tgz",
+      "integrity": "sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA=="
+    },
+    "node_modules/dedent": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz",
+      "integrity": "sha512-Q6fKUPqnAHAyhiUgFU7BUzLiv0kd8saH9al7tnu5Q/okj6dnupxyTgFIBjVzJATdfIAm9NAsvXNzjaKa+bxVyA=="
+    },
+    "node_modules/deep-equal": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.2.0.tgz",
+      "integrity": "sha512-RdpzE0Hv4lhowpIUKKMJfeH6C1pXdtT1/it80ubgWqwI3qpuxUBpC1S4hnHg+zjnuOoDkzUtUCEEkG+XG5l3Mw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "es-get-iterator": "^1.1.2",
+        "get-intrinsic": "^1.1.3",
+        "is-arguments": "^1.1.1",
+        "is-array-buffer": "^3.0.1",
+        "is-date-object": "^1.0.5",
+        "is-regex": "^1.1.4",
+        "is-shared-array-buffer": "^1.0.2",
+        "isarray": "^2.0.5",
+        "object-is": "^1.1.5",
+        "object-keys": "^1.1.1",
+        "object.assign": "^4.1.4",
+        "regexp.prototype.flags": "^1.4.3",
+        "side-channel": "^1.0.4",
+        "which-boxed-primitive": "^1.0.2",
+        "which-collection": "^1.0.1",
+        "which-typed-array": "^1.1.9"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/deep-is": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
+      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ=="
+    },
+    "node_modules/deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/default-gateway": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/default-gateway/-/default-gateway-6.0.3.tgz",
+      "integrity": "sha512-fwSOJsbbNzZ/CUFpqFBqYfYNLj1NbMPm8MMCIzHjC83iSJRBEGmDUxU+WP661BaBQImeC2yHwXtz+P/O9o+XEg==",
+      "dependencies": {
+        "execa": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/define-lazy-prop": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz",
+      "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/define-properties": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.0.tgz",
+      "integrity": "sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA==",
+      "dependencies": {
+        "has-property-descriptors": "^1.0.0",
+        "object-keys": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/defined": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/defined/-/defined-1.0.1.tgz",
+      "integrity": "sha512-hsBd2qSVCRE+5PmNdHt1uzyrFu5d3RwmFDKzyNZMFq/EwDNJF7Ee5+D5oEKF0hU6LhtoUF1macFvOe4AskQC1Q==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/detect-newline": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz",
+      "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/detect-node": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz",
+      "integrity": "sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g=="
+    },
+    "node_modules/detect-port-alt": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/detect-port-alt/-/detect-port-alt-1.1.6.tgz",
+      "integrity": "sha512-5tQykt+LqfJFBEYaDITx7S7cR7mJ/zQmLXZ2qt5w04ainYZw6tBf9dBunMjVeVOdYVRUzUOE4HkY5J7+uttb5Q==",
+      "dependencies": {
+        "address": "^1.0.1",
+        "debug": "^2.6.0"
+      },
+      "bin": {
+        "detect": "bin/detect-port",
+        "detect-port": "bin/detect-port"
+      },
+      "engines": {
+        "node": ">= 4.2.1"
+      }
+    },
+    "node_modules/detect-port-alt/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/detect-port-alt/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/detective": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/detective/-/detective-5.2.1.tgz",
+      "integrity": "sha512-v9XE1zRnz1wRtgurGu0Bs8uHKFSTdteYZNbIPFVhUZ39L/S79ppMpdmVOZAnoz1jfEFodc48n6MX483Xo3t1yw==",
+      "dependencies": {
+        "acorn-node": "^1.8.2",
+        "defined": "^1.0.0",
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "detective": "bin/detective.js"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/didyoumean": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz",
+      "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw=="
+    },
+    "node_modules/diff-sequences": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz",
+      "integrity": "sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==",
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/dir-glob": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
+      "dependencies": {
+        "path-type": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/dlv": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz",
+      "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
+    },
+    "node_modules/dns-equal": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/dns-equal/-/dns-equal-1.0.0.tgz",
+      "integrity": "sha512-z+paD6YUQsk+AbGCEM4PrOXSss5gd66QfcVBFTKR/HpFL9jCqikS94HYwKww6fQyO7IxrIIyUu+g0Ka9tUS2Cg=="
+    },
+    "node_modules/dns-packet": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.4.0.tgz",
+      "integrity": "sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==",
+      "dependencies": {
+        "@leichtgewicht/ip-codec": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/doctrine": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
+      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
+      "dependencies": {
+        "esutils": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/dom-accessibility-api": {
+      "version": "0.5.16",
+      "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz",
+      "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg=="
+    },
+    "node_modules/dom-converter": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/dom-converter/-/dom-converter-0.2.0.tgz",
+      "integrity": "sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA==",
+      "dependencies": {
+        "utila": "~0.4"
+      }
+    },
+    "node_modules/dom-helpers": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz",
+      "integrity": "sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==",
+      "dependencies": {
+        "@babel/runtime": "^7.8.7",
+        "csstype": "^3.0.2"
+      }
+    },
+    "node_modules/dom-serializer": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz",
+      "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==",
+      "dependencies": {
+        "domelementtype": "^2.0.1",
+        "domhandler": "^4.2.0",
+        "entities": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
+      }
+    },
+    "node_modules/domelementtype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
+      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ]
+    },
+    "node_modules/domexception": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/domexception/-/domexception-2.0.1.tgz",
+      "integrity": "sha512-yxJ2mFy/sibVQlu5qHjOkf9J3K6zgmCxgJ94u2EdvDOV09H+32LtRswEcUsmUWN72pVLOEnTSRaIVVzVQgS0dg==",
+      "dependencies": {
+        "webidl-conversions": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/domexception/node_modules/webidl-conversions": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-5.0.0.tgz",
+      "integrity": "sha512-VlZwKPCkYKxQgeSbH5EyngOmRp7Ww7I9rQLERETtf5ofd9pGeswWiOtogpEO850jziPRarreGxn5QIiTqpb2wA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/domhandler": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz",
+      "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==",
+      "dependencies": {
+        "domelementtype": "^2.2.0"
+      },
+      "engines": {
+        "node": ">= 4"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domhandler?sponsor=1"
+      }
+    },
+    "node_modules/domutils": {
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz",
+      "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==",
+      "dependencies": {
+        "dom-serializer": "^1.0.1",
+        "domelementtype": "^2.2.0",
+        "domhandler": "^4.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domutils?sponsor=1"
+      }
+    },
+    "node_modules/dot-case": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz",
+      "integrity": "sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==",
+      "dependencies": {
+        "no-case": "^3.0.4",
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/dotenv": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
+      "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/dotenv-expand": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/dotenv-expand/-/dotenv-expand-5.1.0.tgz",
+      "integrity": "sha512-YXQl1DSa4/PQyRfgrv6aoNjhasp/p4qs9FjJ4q4cQk+8m4r6k4ZSiEyytKG8f8W9gi8WsQtIObNmKd+tMzNTmA=="
+    },
+    "node_modules/duplexer": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
+      "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg=="
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
+    },
+    "node_modules/ejs": {
+      "version": "3.1.9",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz",
+      "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/electron-to-chromium": {
+      "version": "1.4.335",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.335.tgz",
+      "integrity": "sha512-l/eowQqTnrq3gu+WSrdfkhfNHnPgYqlKAwxz7MTOj6mom19vpEDHNXl6dxDxyTiYuhemydprKr/HCrHfgk+OfQ=="
+    },
+    "node_modules/emittery": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.8.1.tgz",
+      "integrity": "sha512-uDfvUjVrfGJJhymx/kz6prltenw1u7WrCg1oa94zYY8xxVpLLUu045LAT0dhDZdXG58/EpPL/5kA180fQ/qudg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/emittery?sponsor=1"
+      }
+    },
+    "node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
+    },
+    "node_modules/emojis-list": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz",
+      "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/encodeurl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/enhanced-resolve": {
+      "version": "5.12.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz",
+      "integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==",
+      "dependencies": {
+        "graceful-fs": "^4.2.4",
+        "tapable": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/enquirer": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
+      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
+      "dev": true,
+      "dependencies": {
+        "ansi-colors": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/entities": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz",
+      "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==",
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/error-ex": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
+      "dependencies": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "node_modules/error-stack-parser": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/error-stack-parser/-/error-stack-parser-2.1.4.tgz",
+      "integrity": "sha512-Sk5V6wVazPhq5MhpO+AUxJn5x7XSXGl1R93Vn7i+zS15KDVxQijejNCrz8340/2bgLBjR9GtEG8ZVKONDjcqGQ==",
+      "dependencies": {
+        "stackframe": "^1.3.4"
+      }
+    },
+    "node_modules/es-abstract": {
+      "version": "1.21.2",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.21.2.tgz",
+      "integrity": "sha512-y/B5POM2iBnIxCiernH1G7rC9qQoM77lLIMQLuob0zhp8C56Po81+2Nj0WFKnd0pNReDTnkYryc+zhOzpEIROg==",
+      "dependencies": {
+        "array-buffer-byte-length": "^1.0.0",
+        "available-typed-arrays": "^1.0.5",
+        "call-bind": "^1.0.2",
+        "es-set-tostringtag": "^2.0.1",
+        "es-to-primitive": "^1.2.1",
+        "function.prototype.name": "^1.1.5",
+        "get-intrinsic": "^1.2.0",
+        "get-symbol-description": "^1.0.0",
+        "globalthis": "^1.0.3",
+        "gopd": "^1.0.1",
+        "has": "^1.0.3",
+        "has-property-descriptors": "^1.0.0",
+        "has-proto": "^1.0.1",
+        "has-symbols": "^1.0.3",
+        "internal-slot": "^1.0.5",
+        "is-array-buffer": "^3.0.2",
+        "is-callable": "^1.2.7",
+        "is-negative-zero": "^2.0.2",
+        "is-regex": "^1.1.4",
+        "is-shared-array-buffer": "^1.0.2",
+        "is-string": "^1.0.7",
+        "is-typed-array": "^1.1.10",
+        "is-weakref": "^1.0.2",
+        "object-inspect": "^1.12.3",
+        "object-keys": "^1.1.1",
+        "object.assign": "^4.1.4",
+        "regexp.prototype.flags": "^1.4.3",
+        "safe-regex-test": "^1.0.0",
+        "string.prototype.trim": "^1.2.7",
+        "string.prototype.trimend": "^1.0.6",
+        "string.prototype.trimstart": "^1.0.6",
+        "typed-array-length": "^1.0.4",
+        "unbox-primitive": "^1.0.2",
+        "which-typed-array": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/es-array-method-boxes-properly": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-array-method-boxes-properly/-/es-array-method-boxes-properly-1.0.0.tgz",
+      "integrity": "sha512-wd6JXUmyHmt8T5a2xreUwKcGPq6f1f+WwIJkijUqiGcJz1qqnZgP6XIK+QyIWU5lT7imeNxUll48bziG+TSYcA=="
+    },
+    "node_modules/es-get-iterator": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/es-get-iterator/-/es-get-iterator-1.1.3.tgz",
+      "integrity": "sha512-sPZmqHBe6JIiTfN5q2pEi//TwxmAFHwj/XEuYjTuse78i8KxaqMTTzxPoFKuzRpDpTJ+0NAbpfenkmH2rePtuw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.1.3",
+        "has-symbols": "^1.0.3",
+        "is-arguments": "^1.1.1",
+        "is-map": "^2.0.2",
+        "is-set": "^2.0.2",
+        "is-string": "^1.0.7",
+        "isarray": "^2.0.5",
+        "stop-iteration-iterator": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/es-module-lexer": {
+      "version": "0.9.3",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz",
+      "integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ=="
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.1.tgz",
+      "integrity": "sha512-g3OMbtlwY3QewlqAiMLI47KywjWZoEytKr8pf6iTC8uJq5bIAH52Z9pnQ8pVL6whrCto53JZDuUIsifGeLorTg==",
+      "dependencies": {
+        "get-intrinsic": "^1.1.3",
+        "has": "^1.0.3",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-shim-unscopables": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.0.tgz",
+      "integrity": "sha512-Jm6GPcCdC30eMLbZ2x8z2WuRwAws3zTBBKuusffYVUrNj/GVSUAZ+xKMaUpfNDR5IbyNA5LJbaecoUVbmUcB1w==",
+      "dependencies": {
+        "has": "^1.0.3"
+      }
+    },
+    "node_modules/es-to-primitive": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz",
+      "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==",
+      "dependencies": {
+        "is-callable": "^1.1.4",
+        "is-date-object": "^1.0.1",
+        "is-symbol": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/escalade": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
+      "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/escodegen": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.0.0.tgz",
+      "integrity": "sha512-mmHKys/C8BFUGI+MAWNcSYoORYLMdPzjrknd2Vc+bUsjN5bXcr8EhrNB+UTqfL1y3I9c4fw2ihgtMPQLBRiQxw==",
+      "dependencies": {
+        "esprima": "^4.0.1",
+        "estraverse": "^5.2.0",
+        "esutils": "^2.0.2",
+        "optionator": "^0.8.1"
+      },
+      "bin": {
+        "escodegen": "bin/escodegen.js",
+        "esgenerate": "bin/esgenerate.js"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "optionalDependencies": {
+        "source-map": "~0.6.1"
+      }
+    },
+    "node_modules/escodegen/node_modules/levn": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+      "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/escodegen/node_modules/optionator": {
+      "version": "0.8.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz",
+      "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==",
+      "dependencies": {
+        "deep-is": "~0.1.3",
+        "fast-levenshtein": "~2.0.6",
+        "levn": "~0.3.0",
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2",
+        "word-wrap": "~1.2.3"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/escodegen/node_modules/prelude-ls": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+      "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/escodegen/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "optional": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/escodegen/node_modules/type-check": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+      "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/eslint": {
+      "version": "8.36.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.36.0.tgz",
+      "integrity": "sha512-Y956lmS7vDqomxlaaQAHVmeb4tNMp2FWIvU/RnU5BD3IKMD/MJPr76xdyr68P8tV1iNMvN2mRK0yy3c+UjL+bw==",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/regexpp": "^4.4.0",
+        "@eslint/eslintrc": "^2.0.1",
+        "@eslint/js": "8.36.0",
+        "@humanwhocodes/config-array": "^0.11.8",
+        "@humanwhocodes/module-importer": "^1.0.1",
+        "@nodelib/fs.walk": "^1.2.8",
+        "ajv": "^6.10.0",
+        "chalk": "^4.0.0",
+        "cross-spawn": "^7.0.2",
+        "debug": "^4.3.2",
+        "doctrine": "^3.0.0",
+        "escape-string-regexp": "^4.0.0",
+        "eslint-scope": "^7.1.1",
+        "eslint-visitor-keys": "^3.3.0",
+        "espree": "^9.5.0",
+        "esquery": "^1.4.2",
+        "esutils": "^2.0.2",
+        "fast-deep-equal": "^3.1.3",
+        "file-entry-cache": "^6.0.1",
+        "find-up": "^5.0.0",
+        "glob-parent": "^6.0.2",
+        "globals": "^13.19.0",
+        "grapheme-splitter": "^1.0.4",
+        "ignore": "^5.2.0",
+        "import-fresh": "^3.0.0",
+        "imurmurhash": "^0.1.4",
+        "is-glob": "^4.0.0",
+        "is-path-inside": "^3.0.3",
+        "js-sdsl": "^4.1.4",
+        "js-yaml": "^4.1.0",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.4.1",
+        "lodash.merge": "^4.6.2",
+        "minimatch": "^3.1.2",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.9.1",
+        "strip-ansi": "^6.0.1",
+        "strip-json-comments": "^3.1.0",
+        "text-table": "^0.2.0"
+      },
+      "bin": {
+        "eslint": "bin/eslint.js"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint-config-react-app": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-config-react-app/-/eslint-config-react-app-7.0.1.tgz",
+      "integrity": "sha512-K6rNzvkIeHaTd8m/QEh1Zko0KI7BACWkkneSs6s9cKZC/J27X3eZR6Upt1jkmZ/4FK+XUOPPxMEN7+lbUXfSlA==",
+      "dependencies": {
+        "@babel/core": "^7.16.0",
+        "@babel/eslint-parser": "^7.16.3",
+        "@rushstack/eslint-patch": "^1.1.0",
+        "@typescript-eslint/eslint-plugin": "^5.5.0",
+        "@typescript-eslint/parser": "^5.5.0",
+        "babel-preset-react-app": "^10.0.1",
+        "confusing-browser-globals": "^1.0.11",
+        "eslint-plugin-flowtype": "^8.0.3",
+        "eslint-plugin-import": "^2.25.3",
+        "eslint-plugin-jest": "^25.3.0",
+        "eslint-plugin-jsx-a11y": "^6.5.1",
+        "eslint-plugin-react": "^7.27.1",
+        "eslint-plugin-react-hooks": "^4.3.0",
+        "eslint-plugin-testing-library": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "peerDependencies": {
+        "eslint": "^8.0.0"
+      }
+    },
+    "node_modules/eslint-import-resolver-node": {
+      "version": "0.3.7",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.7.tgz",
+      "integrity": "sha512-gozW2blMLJCeFpBwugLTGyvVjNoeo1knonXAcatC6bjPBZitotxdWf7Gimr25N4c0AAOo4eOUfaG82IJPDpqCA==",
+      "dependencies": {
+        "debug": "^3.2.7",
+        "is-core-module": "^2.11.0",
+        "resolve": "^1.22.1"
+      }
+    },
+    "node_modules/eslint-import-resolver-node/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/eslint-module-utils": {
+      "version": "2.7.4",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.4.tgz",
+      "integrity": "sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA==",
+      "dependencies": {
+        "debug": "^3.2.7"
+      },
+      "engines": {
+        "node": ">=4"
+      },
+      "peerDependenciesMeta": {
+        "eslint": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-module-utils/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/eslint-plugin-flowtype": {
+      "version": "8.0.3",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-flowtype/-/eslint-plugin-flowtype-8.0.3.tgz",
+      "integrity": "sha512-dX8l6qUL6O+fYPtpNRideCFSpmWOUVx5QcaGLVqe/vlDiBSe4vYljDWDETwnyFzpl7By/WVIu6rcrniCgH9BqQ==",
+      "dependencies": {
+        "lodash": "^4.17.21",
+        "string-natural-compare": "^3.0.1"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "@babel/plugin-syntax-flow": "^7.14.5",
+        "@babel/plugin-transform-react-jsx": "^7.14.9",
+        "eslint": "^8.1.0"
+      }
+    },
+    "node_modules/eslint-plugin-import": {
+      "version": "2.27.5",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.27.5.tgz",
+      "integrity": "sha512-LmEt3GVofgiGuiE+ORpnvP+kAm3h6MLZJ4Q5HCyHADofsb4VzXFsRiWj3c0OFiV+3DWFh0qg3v9gcPlfc3zRow==",
+      "dependencies": {
+        "array-includes": "^3.1.6",
+        "array.prototype.flat": "^1.3.1",
+        "array.prototype.flatmap": "^1.3.1",
+        "debug": "^3.2.7",
+        "doctrine": "^2.1.0",
+        "eslint-import-resolver-node": "^0.3.7",
+        "eslint-module-utils": "^2.7.4",
+        "has": "^1.0.3",
+        "is-core-module": "^2.11.0",
+        "is-glob": "^4.0.3",
+        "minimatch": "^3.1.2",
+        "object.values": "^1.1.6",
+        "resolve": "^1.22.1",
+        "semver": "^6.3.0",
+        "tsconfig-paths": "^3.14.1"
+      },
+      "engines": {
+        "node": ">=4"
+      },
+      "peerDependencies": {
+        "eslint": "^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8"
+      }
+    },
+    "node_modules/eslint-plugin-import/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/eslint-plugin-import/node_modules/doctrine": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "dependencies": {
+        "esutils": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/eslint-plugin-import/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/eslint-plugin-jest": {
+      "version": "25.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-jest/-/eslint-plugin-jest-25.7.0.tgz",
+      "integrity": "sha512-PWLUEXeeF7C9QGKqvdSbzLOiLTx+bno7/HC9eefePfEb257QFHg7ye3dh80AZVkaa/RQsBB1Q/ORQvg2X7F0NQ==",
+      "dependencies": {
+        "@typescript-eslint/experimental-utils": "^5.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      },
+      "peerDependencies": {
+        "@typescript-eslint/eslint-plugin": "^4.0.0 || ^5.0.0",
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@typescript-eslint/eslint-plugin": {
+          "optional": true
+        },
+        "jest": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-plugin-jsx-a11y": {
+      "version": "6.7.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.7.1.tgz",
+      "integrity": "sha512-63Bog4iIethyo8smBklORknVjB0T2dwB8Mr/hIC+fBS0uyHdYYpzM/Ed+YC8VxTjlXHEWFOdmgwcDn1U2L9VCA==",
+      "dependencies": {
+        "@babel/runtime": "^7.20.7",
+        "aria-query": "^5.1.3",
+        "array-includes": "^3.1.6",
+        "array.prototype.flatmap": "^1.3.1",
+        "ast-types-flow": "^0.0.7",
+        "axe-core": "^4.6.2",
+        "axobject-query": "^3.1.1",
+        "damerau-levenshtein": "^1.0.8",
+        "emoji-regex": "^9.2.2",
+        "has": "^1.0.3",
+        "jsx-ast-utils": "^3.3.3",
+        "language-tags": "=1.0.5",
+        "minimatch": "^3.1.2",
+        "object.entries": "^1.1.6",
+        "object.fromentries": "^2.0.6",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependencies": {
+        "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8"
+      }
+    },
+    "node_modules/eslint-plugin-jsx-a11y/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/eslint-plugin-react": {
+      "version": "7.32.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.32.2.tgz",
+      "integrity": "sha512-t2fBMa+XzonrrNkyVirzKlvn5RXzzPwRHtMvLAtVZrt8oxgnTQaYbU6SXTOO1mwQgp1y5+toMSKInnzGr0Knqg==",
+      "dependencies": {
+        "array-includes": "^3.1.6",
+        "array.prototype.flatmap": "^1.3.1",
+        "array.prototype.tosorted": "^1.1.1",
+        "doctrine": "^2.1.0",
+        "estraverse": "^5.3.0",
+        "jsx-ast-utils": "^2.4.1 || ^3.0.0",
+        "minimatch": "^3.1.2",
+        "object.entries": "^1.1.6",
+        "object.fromentries": "^2.0.6",
+        "object.hasown": "^1.1.2",
+        "object.values": "^1.1.6",
+        "prop-types": "^15.8.1",
+        "resolve": "^2.0.0-next.4",
+        "semver": "^6.3.0",
+        "string.prototype.matchall": "^4.0.8"
+      },
+      "engines": {
+        "node": ">=4"
+      },
+      "peerDependencies": {
+        "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8"
+      }
+    },
+    "node_modules/eslint-plugin-react-hooks": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz",
+      "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==",
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/doctrine": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "dependencies": {
+        "esutils": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/resolve": {
+      "version": "2.0.0-next.4",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.4.tgz",
+      "integrity": "sha512-iMDbmAWtfU+MHpxt/I5iWI7cY6YVEZUQ3MBgPQ++XD1PELuJHIl82xBmObyP2KyQmkNB2dsqF7seoQQiAn5yDQ==",
+      "dependencies": {
+        "is-core-module": "^2.9.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/eslint-plugin-react/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/eslint-plugin-testing-library": {
+      "version": "5.10.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-testing-library/-/eslint-plugin-testing-library-5.10.2.tgz",
+      "integrity": "sha512-f1DmDWcz5SDM+IpCkEX0lbFqrrTs8HRsEElzDEqN/EBI0hpRj8Cns5+IVANXswE8/LeybIJqPAOQIFu2j5Y5sw==",
+      "dependencies": {
+        "@typescript-eslint/utils": "^5.43.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0",
+        "npm": ">=6"
+      },
+      "peerDependencies": {
+        "eslint": "^7.5.0 || ^8.0.0"
+      }
+    },
+    "node_modules/eslint-scope": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz",
+      "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      }
+    },
+    "node_modules/eslint-utils": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz",
+      "integrity": "sha512-w94dQYoauyvlDc43XnGB8lU3Zt713vNChgt4EWwhXAP2XkBvndfxF0AgIqKOOasjPIPzj9JqgwkwbCYD0/V3Zg==",
+      "dev": true,
+      "dependencies": {
+        "eslint-visitor-keys": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mysticatea"
+      }
+    },
+    "node_modules/eslint-utils/node_modules/eslint-visitor-keys": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
+      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/eslint-visitor-keys": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
+      "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      }
+    },
+    "node_modules/eslint-webpack-plugin": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-webpack-plugin/-/eslint-webpack-plugin-3.2.0.tgz",
+      "integrity": "sha512-avrKcGncpPbPSUHX6B3stNGzkKFto3eL+DKM4+VyMrVnhPc3vRczVlCq3uhuFOdRvDHTVXuzwk1ZKUrqDQHQ9w==",
+      "dependencies": {
+        "@types/eslint": "^7.29.0 || ^8.4.1",
+        "jest-worker": "^28.0.2",
+        "micromatch": "^4.0.5",
+        "normalize-path": "^3.0.0",
+        "schema-utils": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "eslint": "^7.0.0 || ^8.0.0",
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/jest-worker": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz",
+      "integrity": "sha512-CqRA220YV/6jCo8VWvAt1KKx6eek1VIHMPeLEbpcfSfkEeWyBNppynM/o6q+Wmw+sOhos2ml34wZbSX3G13//g==",
+      "dependencies": {
+        "@types/node": "*",
+        "merge-stream": "^2.0.0",
+        "supports-color": "^8.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/schema-utils": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
+      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.8.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/eslint-webpack-plugin/node_modules/supports-color": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/eslint/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/eslint/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/eslint/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/eslint/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/eslint/node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/eslint/node_modules/globals": {
+      "version": "13.20.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
+      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "dependencies": {
+        "type-fest": "^0.20.2"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/eslint/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/eslint/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/eslint/node_modules/type-fest": {
+      "version": "0.20.2",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
+      "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/espree": {
+      "version": "9.5.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.0.tgz",
+      "integrity": "sha512-JPbJGhKc47++oo4JkEoTe2wjy4fmMwvFpgJT9cQzmfXKp22Dr6Hf1tdCteLz1h0P3t+mGvWZ+4Uankvh8+c6zw==",
+      "dependencies": {
+        "acorn": "^8.8.0",
+        "acorn-jsx": "^5.3.2",
+        "eslint-visitor-keys": "^3.3.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/esquery": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz",
+      "integrity": "sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==",
+      "dependencies": {
+        "estraverse": "^5.1.0"
+      },
+      "engines": {
+        "node": ">=0.10"
+      }
+    },
+    "node_modules/esrecurse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz",
+      "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==",
+      "dependencies": {
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/estraverse": {
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz",
+      "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/estree-walker": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-1.0.1.tgz",
+      "integrity": "sha512-1fMXF3YP4pZZVozF8j/ZLfvnR8NSIljt56UhbZ5PeeDmmGHpgpdwQt7ITlGvYaQukCvuBRMLEiKiYC+oeIg4cg=="
+    },
+    "node_modules/esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/eventemitter3": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
+      "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw=="
+    },
+    "node_modules/events": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz",
+      "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==",
+      "engines": {
+        "node": ">=0.8.x"
+      }
+    },
+    "node_modules/execa": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz",
+      "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==",
+      "dependencies": {
+        "cross-spawn": "^7.0.3",
+        "get-stream": "^6.0.0",
+        "human-signals": "^2.1.0",
+        "is-stream": "^2.0.0",
+        "merge-stream": "^2.0.0",
+        "npm-run-path": "^4.0.1",
+        "onetime": "^5.1.2",
+        "signal-exit": "^3.0.3",
+        "strip-final-newline": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/execa?sponsor=1"
+      }
+    },
+    "node_modules/exit": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz",
+      "integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/expect": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/expect/-/expect-27.5.1.tgz",
+      "integrity": "sha512-E1q5hSUG2AmYQwQJ041nvgpkODHQvB+RKlB4IYdru6uJsyFTRyZAP463M+1lINorwbqAmUggi6+WwkD8lCS/Dw==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "jest-matcher-utils": "^27.5.1",
+        "jest-message-util": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.18.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
+      "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "1.20.1",
+        "content-disposition": "0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "0.5.0",
+        "cookie-signature": "1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "1.2.0",
+        "fresh": "0.5.2",
+        "http-errors": "2.0.0",
+        "merge-descriptors": "1.0.1",
+        "methods": "~1.1.2",
+        "on-finished": "2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "0.1.7",
+        "proxy-addr": "~2.0.7",
+        "qs": "6.11.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "0.18.0",
+        "serve-static": "1.15.0",
+        "setprototypeof": "1.2.0",
+        "statuses": "2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      }
+    },
+    "node_modules/express/node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
+    },
+    "node_modules/express/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/express/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+    },
+    "node_modules/fast-glob": {
+      "version": "3.2.12",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.12.tgz",
+      "integrity": "sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==",
+      "dependencies": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.4"
+      },
+      "engines": {
+        "node": ">=8.6.0"
+      }
+    },
+    "node_modules/fast-glob/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="
+    },
+    "node_modules/fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw=="
+    },
+    "node_modules/fastq": {
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz",
+      "integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==",
+      "dependencies": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "node_modules/fault": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/fault/-/fault-1.0.4.tgz",
+      "integrity": "sha512-CJ0HCB5tL5fYTEA7ToAq5+kTwd++Borf1/bifxd9iT70QcXr4MRrO3Llf8Ifs70q+SJcGHFtnIE/Nw6giCtECA==",
+      "dependencies": {
+        "format": "^0.2.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/faye-websocket": {
+      "version": "0.11.4",
+      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz",
+      "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==",
+      "dependencies": {
+        "websocket-driver": ">=0.5.1"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/fb-watchman": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz",
+      "integrity": "sha512-p5161BqbuCaSnB8jIbzQHOlpgsPmK5rJVDfDKO91Axs5NC1uu3HRQm6wt9cd9/+GtQQIO53JdGXXoyDpTAsgYA==",
+      "dependencies": {
+        "bser": "2.1.1"
+      }
+    },
+    "node_modules/file-entry-cache": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz",
+      "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==",
+      "dependencies": {
+        "flat-cache": "^3.0.4"
+      },
+      "engines": {
+        "node": "^10.12.0 || >=12.0.0"
+      }
+    },
+    "node_modules/file-loader": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz",
+      "integrity": "sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==",
+      "dependencies": {
+        "loader-utils": "^2.0.0",
+        "schema-utils": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^4.0.0 || ^5.0.0"
+      }
+    },
+    "node_modules/filelist": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
+      "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "node_modules/filelist/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/filelist/node_modules/minimatch": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+      "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/filesize": {
+      "version": "8.0.7",
+      "resolved": "https://registry.npmjs.org/filesize/-/filesize-8.0.7.tgz",
+      "integrity": "sha512-pjmC+bkIF8XI7fWaH8KxHcZL3DPybs1roSKP4rKDvy20tAWwIObE4+JIseG2byfGKhud5ZnM4YSGKBz7Sh0ndQ==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
+      "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "on-finished": "2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "2.0.1",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/finalhandler/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/finalhandler/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/find-cache-dir": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz",
+      "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==",
+      "dependencies": {
+        "commondir": "^1.0.1",
+        "make-dir": "^3.0.2",
+        "pkg-dir": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/avajs/find-cache-dir?sponsor=1"
+      }
+    },
+    "node_modules/find-root": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
+      "integrity": "sha512-NKfW6bec6GfKc0SGx1e07QZY9PE99u0Bft/0rzSD5k3sO/vwkVUpDUKVm5Gpp5Ue3YfShPFTX2070tDs5kB9Ng=="
+    },
+    "node_modules/find-up": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz",
+      "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
+      "dependencies": {
+        "locate-path": "^6.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/flat-cache": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.0.4.tgz",
+      "integrity": "sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==",
+      "dependencies": {
+        "flatted": "^3.1.0",
+        "rimraf": "^3.0.2"
+      },
+      "engines": {
+        "node": "^10.12.0 || >=12.0.0"
+      }
+    },
+    "node_modules/flatted": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.7.tgz",
+      "integrity": "sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ=="
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.15.2",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
+      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/for-each": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz",
+      "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==",
+      "dependencies": {
+        "is-callable": "^1.1.3"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin": {
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz",
+      "integrity": "sha512-SbH/l9ikmMWycd5puHJKTkZJKddF4iRLyW3DeZ08HTI7NGyLS38MXd/KGgeWumQO7YNQbW2u/NtPT2YowbPaGQ==",
+      "dependencies": {
+        "@babel/code-frame": "^7.8.3",
+        "@types/json-schema": "^7.0.5",
+        "chalk": "^4.1.0",
+        "chokidar": "^3.4.2",
+        "cosmiconfig": "^6.0.0",
+        "deepmerge": "^4.2.2",
+        "fs-extra": "^9.0.0",
+        "glob": "^7.1.6",
+        "memfs": "^3.1.2",
+        "minimatch": "^3.0.4",
+        "schema-utils": "2.7.0",
+        "semver": "^7.3.2",
+        "tapable": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=10",
+        "yarn": ">=1.0.0"
+      },
+      "peerDependencies": {
+        "eslint": ">= 6",
+        "typescript": ">= 2.7",
+        "vue-template-compiler": "*",
+        "webpack": ">= 4"
+      },
+      "peerDependenciesMeta": {
+        "eslint": {
+          "optional": true
+        },
+        "vue-template-compiler": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/cosmiconfig": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz",
+      "integrity": "sha512-xb3ZL6+L8b9JLLCx3ZdoZy4+2ECphCMo2PwqgP1tlfVq6M6YReyzBJtvWWtbDSpNr9hn96pkCiZqUcFEc+54Qg==",
+      "dependencies": {
+        "@types/parse-json": "^4.0.0",
+        "import-fresh": "^3.1.0",
+        "parse-json": "^5.0.0",
+        "path-type": "^4.0.0",
+        "yaml": "^1.7.2"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz",
+      "integrity": "sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.4",
+        "ajv": "^6.12.2",
+        "ajv-keywords": "^3.4.1"
+      },
+      "engines": {
+        "node": ">= 8.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
+      "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/form-data": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz",
+      "integrity": "sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/format": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz",
+      "integrity": "sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==",
+      "engines": {
+        "node": ">=0.4.x"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fraction.js": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.2.0.tgz",
+      "integrity": "sha512-MhLuK+2gUcnZe8ZHlaaINnQLl0xRIGRfcGk2yl8xoQAfHrSsL3rYu6FCmBdkdbhc9EPlwyGHewaRsvwRMJtAlA==",
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "type": "patreon",
+        "url": "https://www.patreon.com/infusion"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fs-extra": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
+      "integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/fs-monkey": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.3.tgz",
+      "integrity": "sha512-cybjIfiiE+pTWicSCLFHSrXZ6EilF30oh91FDP9S2B051prEa7QWfrVTQm10/dDpswBDXZugPa1Ogu8Yh+HV0Q=="
+    },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "hasInstallScript": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+    },
+    "node_modules/function.prototype.name": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz",
+      "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.3",
+        "es-abstract": "^1.19.0",
+        "functions-have-names": "^1.2.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==",
+      "dev": true
+    },
+    "node_modules/functions-have-names": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz",
+      "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/gensync": {
+      "version": "1.0.0-beta.2",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz",
+      "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz",
+      "integrity": "sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==",
+      "dependencies": {
+        "function-bind": "^1.1.1",
+        "has": "^1.0.3",
+        "has-symbols": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-own-enumerable-property-symbols": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz",
+      "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g=="
+    },
+    "node_modules/get-package-type": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz",
+      "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/get-stream": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz",
+      "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/get-symbol-description": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz",
+      "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
+      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
+      "dependencies": {
+        "is-glob": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/glob-to-regexp": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz",
+      "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw=="
+    },
+    "node_modules/global-modules": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-2.0.0.tgz",
+      "integrity": "sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==",
+      "dependencies": {
+        "global-prefix": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/global-prefix": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-3.0.0.tgz",
+      "integrity": "sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==",
+      "dependencies": {
+        "ini": "^1.3.5",
+        "kind-of": "^6.0.2",
+        "which": "^1.3.1"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/global-prefix/node_modules/which": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz",
+      "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "which": "bin/which"
+      }
+    },
+    "node_modules/globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/globalthis": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.3.tgz",
+      "integrity": "sha512-sFdI5LyBiNTHjRd7cGPWapiHWMOXKyuBNX/cWJ3NfzrZQVa8GI/8cofCl74AOVqq9W5kNmguTIzJ/1s2gyI9wA==",
+      "dependencies": {
+        "define-properties": "^1.1.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/globby": {
+      "version": "11.1.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz",
+      "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==",
+      "dependencies": {
+        "array-union": "^2.1.0",
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.2.9",
+        "ignore": "^5.2.0",
+        "merge2": "^1.4.1",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
+      "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+      "dependencies": {
+        "get-intrinsic": "^1.1.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
+    },
+    "node_modules/grapheme-splitter": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz",
+      "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ=="
+    },
+    "node_modules/gzip-size": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz",
+      "integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==",
+      "dependencies": {
+        "duplexer": "^0.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/handle-thing": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz",
+      "integrity": "sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg=="
+    },
+    "node_modules/harmony-reflect": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/harmony-reflect/-/harmony-reflect-1.6.2.tgz",
+      "integrity": "sha512-HIp/n38R9kQjDEziXyDTuW3vvoxxyxjxFzXLrBr18uB47GnSt+G9D29fqrpM5ZkspMcPICud3XsBJQ4Y2URg8g=="
+    },
+    "node_modules/has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dependencies": {
+        "function-bind": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/has-bigints": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz",
+      "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/has-property-descriptors": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz",
+      "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==",
+      "dependencies": {
+        "get-intrinsic": "^1.1.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz",
+      "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
+      "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz",
+      "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==",
+      "dependencies": {
+        "has-symbols": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hast-util-parse-selector": {
+      "version": "2.2.5",
+      "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz",
+      "integrity": "sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/hastscript": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-6.0.0.tgz",
+      "integrity": "sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w==",
+      "dependencies": {
+        "@types/hast": "^2.0.0",
+        "comma-separated-tokens": "^1.0.0",
+        "hast-util-parse-selector": "^2.0.0",
+        "property-information": "^5.0.0",
+        "space-separated-tokens": "^1.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/he": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz",
+      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
+      "bin": {
+        "he": "bin/he"
+      }
+    },
+    "node_modules/highlight.js": {
+      "version": "10.7.3",
+      "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-10.7.3.tgz",
+      "integrity": "sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A==",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/hoist-non-react-statics": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz",
+      "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==",
+      "dependencies": {
+        "react-is": "^16.7.0"
+      }
+    },
+    "node_modules/hoist-non-react-statics/node_modules/react-is": {
+      "version": "16.13.1",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+    },
+    "node_modules/hoopy": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/hoopy/-/hoopy-0.1.4.tgz",
+      "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==",
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/hpack.js": {
+      "version": "2.1.6",
+      "resolved": "https://registry.npmjs.org/hpack.js/-/hpack.js-2.1.6.tgz",
+      "integrity": "sha512-zJxVehUdMGIKsRaNt7apO2Gqp0BdqW5yaiGHXXmbpvxgBYVZnAql+BJb4RO5ad2MgpbZKn5G6nMnegrH1FcNYQ==",
+      "dependencies": {
+        "inherits": "^2.0.1",
+        "obuf": "^1.0.0",
+        "readable-stream": "^2.0.1",
+        "wbuf": "^1.1.0"
+      }
+    },
+    "node_modules/hpack.js/node_modules/isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
+    },
+    "node_modules/hpack.js/node_modules/readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "dependencies": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "node_modules/hpack.js/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "node_modules/hpack.js/node_modules/string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "dependencies": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "node_modules/html-encoding-sniffer": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-2.0.1.tgz",
+      "integrity": "sha512-D5JbOMBIR/TVZkubHT+OyT2705QvogUW4IBn6nHd756OwieSF9aDYFj4dv6HHEVGYbHaLETa3WggZYWWMyy3ZQ==",
+      "dependencies": {
+        "whatwg-encoding": "^1.0.5"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/html-entities": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz",
+      "integrity": "sha512-DV5Ln36z34NNTDgnz0EWGBLZENelNAtkiFA4kyNOG2tDI6Mz1uSWiq1wAKdyjnJwyDiDO7Fa2SO1CTxPXL8VxA=="
+    },
+    "node_modules/html-escaper": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
+      "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg=="
+    },
+    "node_modules/html-minifier-terser": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz",
+      "integrity": "sha512-YXxSlJBZTP7RS3tWnQw74ooKa6L9b9i9QYXY21eUEvhZ3u9XLfv6OnFsQq6RxkhHygsaUMvYsZRV5rU/OVNZxw==",
+      "dependencies": {
+        "camel-case": "^4.1.2",
+        "clean-css": "^5.2.2",
+        "commander": "^8.3.0",
+        "he": "^1.2.0",
+        "param-case": "^3.0.4",
+        "relateurl": "^0.2.7",
+        "terser": "^5.10.0"
+      },
+      "bin": {
+        "html-minifier-terser": "cli.js"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/html-webpack-plugin": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.0.tgz",
+      "integrity": "sha512-sy88PC2cRTVxvETRgUHFrL4No3UxvcH8G1NepGhqaTT+GXN2kTamqasot0inS5hXeg1cMbFDt27zzo9p35lZVw==",
+      "dependencies": {
+        "@types/html-minifier-terser": "^6.0.0",
+        "html-minifier-terser": "^6.0.2",
+        "lodash": "^4.17.21",
+        "pretty-error": "^4.0.0",
+        "tapable": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/html-webpack-plugin"
+      },
+      "peerDependencies": {
+        "webpack": "^5.20.0"
+      }
+    },
+    "node_modules/htmlparser2": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz",
+      "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==",
+      "funding": [
+        "https://github.com/fb55/htmlparser2?sponsor=1",
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "dependencies": {
+        "domelementtype": "^2.0.1",
+        "domhandler": "^4.0.0",
+        "domutils": "^2.5.2",
+        "entities": "^2.0.0"
+      }
+    },
+    "node_modules/http-deceiver": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz",
+      "integrity": "sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw=="
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
+      "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+      "dependencies": {
+        "depd": "2.0.0",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": "2.0.1",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/http-parser-js": {
+      "version": "0.5.8",
+      "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.8.tgz",
+      "integrity": "sha512-SGeBX54F94Wgu5RH3X5jsDtf4eHyRogWX1XGT3b4HuW3tQPM4AaBzoUji/4AAJNXCEOWZ5O0DgZmJw1947gD5Q=="
+    },
+    "node_modules/http-proxy": {
+      "version": "1.18.1",
+      "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz",
+      "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==",
+      "dependencies": {
+        "eventemitter3": "^4.0.0",
+        "follow-redirects": "^1.0.0",
+        "requires-port": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/http-proxy-agent": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz",
+      "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==",
+      "dependencies": {
+        "@tootallnate/once": "1",
+        "agent-base": "6",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/http-proxy-middleware": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz",
+      "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==",
+      "dependencies": {
+        "@types/http-proxy": "^1.17.8",
+        "http-proxy": "^1.18.1",
+        "is-glob": "^4.0.1",
+        "is-plain-obj": "^3.0.0",
+        "micromatch": "^4.0.2"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "@types/express": "^4.17.13"
+      },
+      "peerDependenciesMeta": {
+        "@types/express": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+      "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+      "dependencies": {
+        "agent-base": "6",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/human-signals": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz",
+      "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==",
+      "engines": {
+        "node": ">=10.17.0"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/icss-utils": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz",
+      "integrity": "sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA==",
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/idb": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/idb/-/idb-7.1.1.tgz",
+      "integrity": "sha512-gchesWBzyvGHRO9W8tzUWFDycow5gwjvFKfyV9FF32Y7F50yZMp7mP+T2mJIWFx49zicqyC4uefHM17o6xKIVQ=="
+    },
+    "node_modules/identity-obj-proxy": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/identity-obj-proxy/-/identity-obj-proxy-3.0.0.tgz",
+      "integrity": "sha512-00n6YnVHKrinT9t0d9+5yZC6UBNJANpYEQvL2LlX6Ab9lnmxzIRcEmTPuyGScvl1+jKuCICX1Z0Ab1pPKKdikA==",
+      "dependencies": {
+        "harmony-reflect": "^1.4.6"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/ignore": {
+      "version": "5.2.4",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz",
+      "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/immediate": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz",
+      "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ=="
+    },
+    "node_modules/immer": {
+      "version": "9.0.19",
+      "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.19.tgz",
+      "integrity": "sha512-eY+Y0qcsB4TZKwgQzLaE/lqYMlKhv5J9dyd2RhhtGhNo2njPXDqU9XPfcNfa3MIDsdtZt5KlkIsirlo4dHsWdQ==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/immer"
+      }
+    },
+    "node_modules/import-fresh": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz",
+      "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==",
+      "dependencies": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/import-fresh/node_modules/resolve-from": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/import-local": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz",
+      "integrity": "sha512-ASB07uLtnDs1o6EHjKpX34BKYDSqnFerfTOJL2HvMqF70LnxpjkzDB8J44oT9pu4AMPkQwf8jl6szgvNd2tRIg==",
+      "dependencies": {
+        "pkg-dir": "^4.2.0",
+        "resolve-cwd": "^3.0.0"
+      },
+      "bin": {
+        "import-local-fixture": "fixtures/cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==",
+      "engines": {
+        "node": ">=0.8.19"
+      }
+    },
+    "node_modules/indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/ini": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
+      "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew=="
+    },
+    "node_modules/internal-slot": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.5.tgz",
+      "integrity": "sha512-Y+R5hJrzs52QCG2laLn4udYVnxsfny9CpOhNhUvk/SSSVyF6T27FzRbF0sroPidSu3X8oEAkOn2K804mjpt6UQ==",
+      "dependencies": {
+        "get-intrinsic": "^1.2.0",
+        "has": "^1.0.3",
+        "side-channel": "^1.0.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ipaddr.js": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.0.1.tgz",
+      "integrity": "sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/is-alphabetical": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.4.tgz",
+      "integrity": "sha512-DwzsA04LQ10FHTZuL0/grVDk4rFoVH1pjAToYwBrHSxcrBIGQuXrQMtD5U1b0U2XVgKZCTLLP8u2Qxqhy3l2Vg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/is-alphanumerical": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-1.0.4.tgz",
+      "integrity": "sha512-UzoZUr+XfVz3t3v4KyGEniVL9BDRoQtY7tOyrRybkVNjDFWyo1yhXNGrrBTQxp3ib9BLAWs7k2YKBQsFRkZG9A==",
+      "dependencies": {
+        "is-alphabetical": "^1.0.0",
+        "is-decimal": "^1.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/is-arguments": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz",
+      "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-array-buffer": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.2.tgz",
+      "integrity": "sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.2.0",
+        "is-typed-array": "^1.1.10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-arrayish": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
+      "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg=="
+    },
+    "node_modules/is-bigint": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz",
+      "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==",
+      "dependencies": {
+        "has-bigints": "^1.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-boolean-object": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz",
+      "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-callable": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz",
+      "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-core-module": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz",
+      "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==",
+      "dependencies": {
+        "has": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-date-object": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz",
+      "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-decimal": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-1.0.4.tgz",
+      "integrity": "sha512-RGdriMmQQvZ2aqaQq3awNA6dCGtKpiDFcOzrTWrDAT2MiWrKQVPmxLGHl7Y2nNu6led0kEyoX0enY0qXYsv9zw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/is-docker": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz",
+      "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==",
+      "bin": {
+        "is-docker": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-generator-fn": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz",
+      "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-hexadecimal": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-1.0.4.tgz",
+      "integrity": "sha512-gyPJuv83bHMpocVYoqof5VDiZveEoGoFL8m3BXNb2VW8Xs+rz9kqO8LOQ5DH6EsuvilT1ApazU0pyl+ytbPtlw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/is-map": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/is-map/-/is-map-2.0.2.tgz",
+      "integrity": "sha512-cOZFQQozTha1f4MxLFzlgKYPTyj26picdZTx82hbc/Xf4K/tZOOXSCkMvU4pKioRXGDLJRn0GM7Upe7kR721yg==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-module": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-module/-/is-module-1.0.0.tgz",
+      "integrity": "sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g=="
+    },
+    "node_modules/is-negative-zero": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz",
+      "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/is-number-object": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz",
+      "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-obj": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz",
+      "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-path-inside": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz",
+      "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-plain-obj": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz",
+      "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-potential-custom-element-name": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
+      "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ=="
+    },
+    "node_modules/is-regex": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz",
+      "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-regexp": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz",
+      "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-root": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-root/-/is-root-2.1.0.tgz",
+      "integrity": "sha512-AGOriNp96vNBd3HtU+RzFEc75FfR5ymiYv8E553I71SCeXBiMsVDUtdio1OEFvrPyLIQ9tVR5RxXIFe5PUFjMg==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/is-set": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/is-set/-/is-set-2.0.2.tgz",
+      "integrity": "sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-shared-array-buffer": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz",
+      "integrity": "sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==",
+      "dependencies": {
+        "call-bind": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-stream": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz",
+      "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-string": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz",
+      "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-symbol": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz",
+      "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==",
+      "dependencies": {
+        "has-symbols": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-typed-array": {
+      "version": "1.1.10",
+      "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.10.tgz",
+      "integrity": "sha512-PJqgEHiWZvMpaFZ3uTc8kHPM4+4ADTlDniuQL7cU/UDA0Ql7F70yGfHph3cLNe+c9toaigv+DFzTJKhc2CtO6A==",
+      "dependencies": {
+        "available-typed-arrays": "^1.0.5",
+        "call-bind": "^1.0.2",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA=="
+    },
+    "node_modules/is-weakmap": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/is-weakmap/-/is-weakmap-2.0.1.tgz",
+      "integrity": "sha512-NSBR4kH5oVj1Uwvv970ruUkCV7O1mzgVFO4/rev2cLRda9Tm9HrL70ZPut4rOHgY0FNrUu9BCbXA2sdQ+x0chA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-weakref": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz",
+      "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-weakset": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/is-weakset/-/is-weakset-2.0.2.tgz",
+      "integrity": "sha512-t2yVvttHkQktwnNNmBQ98AhENLdPUTDTE21uPqAQ0ARwQfGeQKRVS0NNurH7bTf7RrvcVn1OOge45CnBeHCSmg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.1.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-wsl": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz",
+      "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==",
+      "dependencies": {
+        "is-docker": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/isarray": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz",
+      "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw=="
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
+    },
+    "node_modules/istanbul-lib-coverage": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz",
+      "integrity": "sha512-eOeJ5BHCmHYvQK7xt9GkdHuzuCGS1Y6g9Gvnx3Ym33fz/HpLRYxiS0wHNr+m/MBC8B647Xt608vCDEvhl9c6Mw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-instrument": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz",
+      "integrity": "sha512-pzqtp31nLv/XFOzXGuvhCb8qhjmTVo5vjVk19XE4CRlSWz0KoeJ3bw9XsA7nOp9YBf4qHjwBxkDzKcME/J29Yg==",
+      "dependencies": {
+        "@babel/core": "^7.12.3",
+        "@babel/parser": "^7.14.7",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-coverage": "^3.2.0",
+        "semver": "^6.3.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-instrument/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/istanbul-lib-report": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz",
+      "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==",
+      "dependencies": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^3.0.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-source-maps": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz",
+      "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-lib-source-maps/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/istanbul-reports": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.5.tgz",
+      "integrity": "sha512-nUsEMa9pBt/NOHqbcbeJEgqIlY/K7rVWUX6Lql2orY5e9roQOthbR3vtY4zzf2orPELg80fnxxk9zUyPlgwD1w==",
+      "dependencies": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jake": {
+      "version": "10.8.5",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.5.tgz",
+      "integrity": "sha512-sVpxYeuAhWt0OTWITwT98oyV0GsXyMlXCF+3L1SuafBVUIr/uILGRB+NqwkzhgXKvoJpDIpQvqkUALgdmQsQxw==",
+      "dependencies": {
+        "async": "^3.2.3",
+        "chalk": "^4.0.2",
+        "filelist": "^1.0.1",
+        "minimatch": "^3.0.4"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/jake/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jake/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jake/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jake/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jake/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jake/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jdenticon": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/jdenticon/-/jdenticon-3.2.0.tgz",
+      "integrity": "sha512-z6Iq3fTODUMSOiR2nNYrqigS6Y0GvdXfyQWrUby7htDHvX7GNEwaWR4hcaL+FmhEgBe08Xkup/BKxXQhDJByPA==",
+      "dependencies": {
+        "canvas-renderer": "~2.2.0"
+      },
+      "bin": {
+        "jdenticon": "bin/jdenticon.js"
+      },
+      "engines": {
+        "node": ">=6.4.0"
+      }
+    },
+    "node_modules/jest": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest/-/jest-27.5.1.tgz",
+      "integrity": "sha512-Yn0mADZB89zTtjkPJEXwrac3LHudkQMR+Paqa8uxJHCBr9agxztUifWCyiYrjhMPBoUVBjyny0I7XH6ozDr7QQ==",
+      "dependencies": {
+        "@jest/core": "^27.5.1",
+        "import-local": "^3.0.2",
+        "jest-cli": "^27.5.1"
+      },
+      "bin": {
+        "jest": "bin/jest.js"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jest-changed-files": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-27.5.1.tgz",
+      "integrity": "sha512-buBLMiByfWGCoMsLLzGUUSpAmIAGnbR2KJoMN10ziLhOLvP4e0SlypHnAel8iqQXTrcbmfEY9sSqae5sgUsTvw==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "execa": "^5.0.0",
+        "throat": "^6.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-circus": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-circus/-/jest-circus-27.5.1.tgz",
+      "integrity": "sha512-D95R7x5UtlMA5iBYsOHFFbMD/GVA4R/Kdq15f7xYWUfWHBto9NYRsOvnSauTgdF+ogCpJ4tyKOXhUifxS65gdw==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "co": "^4.6.0",
+        "dedent": "^0.7.0",
+        "expect": "^27.5.1",
+        "is-generator-fn": "^2.0.0",
+        "jest-each": "^27.5.1",
+        "jest-matcher-utils": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-runtime": "^27.5.1",
+        "jest-snapshot": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "pretty-format": "^27.5.1",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3",
+        "throat": "^6.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-circus/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-circus/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-circus/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-circus/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-circus/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-circus/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-cli": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-27.5.1.tgz",
+      "integrity": "sha512-Hc6HOOwYq4/74/c62dEE3r5elx8wjYqxY0r0G/nFrLDPMFRu6RA/u8qINOIkvhxG7mMQ5EJsOGfRpI8L6eFUVw==",
+      "dependencies": {
+        "@jest/core": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "chalk": "^4.0.0",
+        "exit": "^0.1.2",
+        "graceful-fs": "^4.2.9",
+        "import-local": "^3.0.2",
+        "jest-config": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-validate": "^27.5.1",
+        "prompts": "^2.0.1",
+        "yargs": "^16.2.0"
+      },
+      "bin": {
+        "jest": "bin/jest.js"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jest-cli/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-cli/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-cli/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-cli/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-cli/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-cli/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-config": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz",
+      "integrity": "sha512-5sAsjm6tGdsVbW9ahcChPAFCk4IlkQUknH5AvKjuLTSlcO/wCZKyFdn7Rg0EkC+OGgWODEy2hDpWB1PgzH0JNA==",
+      "dependencies": {
+        "@babel/core": "^7.8.0",
+        "@jest/test-sequencer": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "babel-jest": "^27.5.1",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "deepmerge": "^4.2.2",
+        "glob": "^7.1.1",
+        "graceful-fs": "^4.2.9",
+        "jest-circus": "^27.5.1",
+        "jest-environment-jsdom": "^27.5.1",
+        "jest-environment-node": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "jest-jasmine2": "^27.5.1",
+        "jest-regex-util": "^27.5.1",
+        "jest-resolve": "^27.5.1",
+        "jest-runner": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-validate": "^27.5.1",
+        "micromatch": "^4.0.4",
+        "parse-json": "^5.2.0",
+        "pretty-format": "^27.5.1",
+        "slash": "^3.0.0",
+        "strip-json-comments": "^3.1.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "peerDependencies": {
+        "ts-node": ">=9.0.0"
+      },
+      "peerDependenciesMeta": {
+        "ts-node": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jest-config/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-config/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-config/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-config/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-config/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-config/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-diff": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz",
+      "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "diff-sequences": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-diff/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-diff/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-diff/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-diff/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-diff/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-diff/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-docblock": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz",
+      "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==",
+      "dependencies": {
+        "detect-newline": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-each": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-27.5.1.tgz",
+      "integrity": "sha512-1Ff6p+FbhT/bXQnEouYy00bkNSY7OUpfIcmdl8vZ31A1UUaurOLPA8a8BbJOF2RDUElwJhmeaV7LnagI+5UwNQ==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "chalk": "^4.0.0",
+        "jest-get-type": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-each/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-each/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-each/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-each/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-each/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-each/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-environment-jsdom": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-27.5.1.tgz",
+      "integrity": "sha512-TFBvkTC1Hnnnrka/fUb56atfDtJ9VMZ94JkjTbggl1PEpwrYtUBKMezB3inLmWqQsXYLcMwNoDQwoBTAvFfsfw==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "jest-mock": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jsdom": "^16.6.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-environment-node": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-27.5.1.tgz",
+      "integrity": "sha512-Jt4ZUnxdOsTGwSRAfKEnE6BcwsSPNOijjwifq5sDFSA2kesnXTvNqKHYgM0hDq3549Uf/KzdXNYn4wMZJPlFLw==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "jest-mock": "^27.5.1",
+        "jest-util": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-get-type": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-27.5.1.tgz",
+      "integrity": "sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==",
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-haste-map": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-27.5.1.tgz",
+      "integrity": "sha512-7GgkZ4Fw4NFbMSDSpZwXeBiIbx+t/46nJ2QitkOjvwPYyZmqttu2TDSimMHP1EkPOi4xUZAN1doE5Vd25H4Jng==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@types/graceful-fs": "^4.1.2",
+        "@types/node": "*",
+        "anymatch": "^3.0.3",
+        "fb-watchman": "^2.0.0",
+        "graceful-fs": "^4.2.9",
+        "jest-regex-util": "^27.5.1",
+        "jest-serializer": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-worker": "^27.5.1",
+        "micromatch": "^4.0.4",
+        "walker": "^1.0.7"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "^2.3.2"
+      }
+    },
+    "node_modules/jest-jasmine2": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-jasmine2/-/jest-jasmine2-27.5.1.tgz",
+      "integrity": "sha512-jtq7VVyG8SqAorDpApwiJJImd0V2wv1xzdheGHRGyuT7gZm6gG47QEskOlzsN1PG/6WNaCo5pmwMHDf3AkG2pQ==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/source-map": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "co": "^4.6.0",
+        "expect": "^27.5.1",
+        "is-generator-fn": "^2.0.0",
+        "jest-each": "^27.5.1",
+        "jest-matcher-utils": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-runtime": "^27.5.1",
+        "jest-snapshot": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "pretty-format": "^27.5.1",
+        "throat": "^6.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-jasmine2/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-leak-detector": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-27.5.1.tgz",
+      "integrity": "sha512-POXfWAMvfU6WMUXftV4HolnJfnPOGEu10fscNCA76KBpRRhcMN2c8d3iT2pxQS3HLbA+5X4sOUPzYO2NUyIlHQ==",
+      "dependencies": {
+        "jest-get-type": "^27.5.1",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-matcher-utils": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-27.5.1.tgz",
+      "integrity": "sha512-z2uTx/T6LBaCoNWNFWwChLBKYxTMcGBRjAt+2SbP929/Fflb9aa5LGma654Rz8z9HLxsrUaYzxE9T/EFIL/PAw==",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "jest-diff": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-matcher-utils/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-message-util": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz",
+      "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.13",
+        "@jest/types": "^27.5.1",
+        "@types/stack-utils": "^2.0.0",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^27.5.1",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-message-util/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-mock": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-27.5.1.tgz",
+      "integrity": "sha512-K4jKbY1d4ENhbrG2zuPWaQBvDly+iZ2yAW+T1fATN78hc0sInwn7wZB8XtlNnvHug5RMwV897Xm4LqmPM4e2Og==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@types/node": "*"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-pnp-resolver": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz",
+      "integrity": "sha512-+3NpwQEnRoIBtx4fyhblQDPgJI0H1IEIkX7ShLUjPGA7TtUTvI1oiKi3SR4oBR0hQhQR80l4WAe5RrXBwWMA8w==",
+      "engines": {
+        "node": ">=6"
+      },
+      "peerDependencies": {
+        "jest-resolve": "*"
+      },
+      "peerDependenciesMeta": {
+        "jest-resolve": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jest-regex-util": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-27.5.1.tgz",
+      "integrity": "sha512-4bfKq2zie+x16okqDXjXn9ql2B0dScQu+vcwe4TvFVhkVyuWLqpZrZtXxLLWoXYgn0E87I6r6GRYHF7wFZBUvg==",
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-resolve": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-27.5.1.tgz",
+      "integrity": "sha512-FFDy8/9E6CV83IMbDpcjOhumAQPDyETnU2KZ1O98DwTnz8AOBsW/Xv3GySr1mOZdItLR+zDZ7I/UdTFbgSOVCw==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^27.5.1",
+        "jest-pnp-resolver": "^1.2.2",
+        "jest-util": "^27.5.1",
+        "jest-validate": "^27.5.1",
+        "resolve": "^1.20.0",
+        "resolve.exports": "^1.1.0",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-resolve-dependencies": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-27.5.1.tgz",
+      "integrity": "sha512-QQOOdY4PE39iawDn5rzbIePNigfe5B9Z91GDD1ae/xNDlu9kaat8QQ5EKnNmVWPV54hUdxCVwwj6YMgR2O7IOg==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "jest-regex-util": "^27.5.1",
+        "jest-snapshot": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-resolve/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runner": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-27.5.1.tgz",
+      "integrity": "sha512-g4NPsM4mFCOwFKXO4p/H/kWGdJp9V8kURY2lX8Me2drgXqG7rrZAx5kv+5H7wtt/cdFIjhqYx1HrlqWHaOvDaQ==",
+      "dependencies": {
+        "@jest/console": "^27.5.1",
+        "@jest/environment": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "emittery": "^0.8.1",
+        "graceful-fs": "^4.2.9",
+        "jest-docblock": "^27.5.1",
+        "jest-environment-jsdom": "^27.5.1",
+        "jest-environment-node": "^27.5.1",
+        "jest-haste-map": "^27.5.1",
+        "jest-leak-detector": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-resolve": "^27.5.1",
+        "jest-runtime": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jest-worker": "^27.5.1",
+        "source-map-support": "^0.5.6",
+        "throat": "^6.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-runner/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-runner/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-runner/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-runner/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-runner/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runner/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runtime": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-27.5.1.tgz",
+      "integrity": "sha512-o7gxw3Gf+H2IGt8fv0RiyE1+r83FJBRruoA+FXrlHw6xEyBsU8ugA6IPfTdVyA0w8HClpbK+DGJxH59UrNMx8A==",
+      "dependencies": {
+        "@jest/environment": "^27.5.1",
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/globals": "^27.5.1",
+        "@jest/source-map": "^27.5.1",
+        "@jest/test-result": "^27.5.1",
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "chalk": "^4.0.0",
+        "cjs-module-lexer": "^1.0.0",
+        "collect-v8-coverage": "^1.0.0",
+        "execa": "^5.0.0",
+        "glob": "^7.1.3",
+        "graceful-fs": "^4.2.9",
+        "jest-haste-map": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-mock": "^27.5.1",
+        "jest-regex-util": "^27.5.1",
+        "jest-resolve": "^27.5.1",
+        "jest-snapshot": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "slash": "^3.0.0",
+        "strip-bom": "^4.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-runtime/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-serializer": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-27.5.1.tgz",
+      "integrity": "sha512-jZCyo6iIxO1aqUxpuBlwTDMkzOAJS4a3eYz3YzgxxVQFwLeSA7Jfq5cbqCY+JLvTDrWirgusI/0KwxKMgrdf7w==",
+      "dependencies": {
+        "@types/node": "*",
+        "graceful-fs": "^4.2.9"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-snapshot": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-27.5.1.tgz",
+      "integrity": "sha512-yYykXI5a0I31xX67mgeLw1DZ0bJB+gpq5IpSuCAoyDi0+BhgU/RIrL+RTzDmkNTchvDFWKP8lp+w/42Z3us5sA==",
+      "dependencies": {
+        "@babel/core": "^7.7.2",
+        "@babel/generator": "^7.7.2",
+        "@babel/plugin-syntax-typescript": "^7.7.2",
+        "@babel/traverse": "^7.7.2",
+        "@babel/types": "^7.0.0",
+        "@jest/transform": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/babel__traverse": "^7.0.4",
+        "@types/prettier": "^2.1.5",
+        "babel-preset-current-node-syntax": "^1.0.0",
+        "chalk": "^4.0.0",
+        "expect": "^27.5.1",
+        "graceful-fs": "^4.2.9",
+        "jest-diff": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "jest-haste-map": "^27.5.1",
+        "jest-matcher-utils": "^27.5.1",
+        "jest-message-util": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "natural-compare": "^1.4.0",
+        "pretty-format": "^27.5.1",
+        "semver": "^7.3.2"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-snapshot/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-util": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-27.5.1.tgz",
+      "integrity": "sha512-Kv2o/8jNvX1MQ0KGtw480E/w4fBCDOnH6+6DmeKi6LZUIlKA5kwY0YNdlzaWTiVgxqAqik11QyxDOKk543aKXw==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "graceful-fs": "^4.2.9",
+        "picomatch": "^2.2.3"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-util/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-util/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-util/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-util/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-util/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-util/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-validate": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-27.5.1.tgz",
+      "integrity": "sha512-thkNli0LYTmOI1tDB3FI1S1RTp/Bqyd9pTarJwL87OIBFuqEb5Apv5EaApEudYg4g86e3CT6kM0RowkhtEnCBQ==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "camelcase": "^6.2.0",
+        "chalk": "^4.0.0",
+        "jest-get-type": "^27.5.1",
+        "leven": "^3.1.0",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-validate/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-validate/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-validate/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-validate/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-validate/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-validate/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watch-typeahead": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/jest-watch-typeahead/-/jest-watch-typeahead-1.1.0.tgz",
+      "integrity": "sha512-Va5nLSJTN7YFtC2jd+7wsoe1pNe5K4ShLux/E5iHEwlB9AxaxmggY7to9KUqKojhaJw3aXqt5WAb4jGPOolpEw==",
+      "dependencies": {
+        "ansi-escapes": "^4.3.1",
+        "chalk": "^4.0.0",
+        "jest-regex-util": "^28.0.0",
+        "jest-watcher": "^28.0.0",
+        "slash": "^4.0.0",
+        "string-length": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "peerDependencies": {
+        "jest": "^27.0.0 || ^28.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/@jest/console": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz",
+      "integrity": "sha512-QPAkP5EwKdK/bxIr6C1I4Vs0rm2nHiANzj/Z5X2JQkrZo6IqvC4ldZ9K95tF0HdidhA8Bo6egxSzUFPYKcEXLw==",
+      "dependencies": {
+        "@jest/types": "^28.1.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "jest-message-util": "^28.1.3",
+        "jest-util": "^28.1.3",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/@jest/console/node_modules/slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/@jest/test-result": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz",
+      "integrity": "sha512-kZAkxnSE+FqE8YjW8gNuoVkkC9I7S1qmenl8sGcDOLropASP+BkcGKwhXoyqQuGOGeYY0y/ixjrd/iERpEXHNg==",
+      "dependencies": {
+        "@jest/console": "^28.1.3",
+        "@jest/types": "^28.1.3",
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "collect-v8-coverage": "^1.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/@jest/types": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz",
+      "integrity": "sha512-RyjiyMUZrKz/c+zlMFO1pm70DcIlST8AeWTkoUdZevew44wcNZQHsEVOiCVtgVnlFFD82FPaXycys58cf2muVQ==",
+      "dependencies": {
+        "@jest/schemas": "^28.1.3",
+        "@types/istanbul-lib-coverage": "^2.0.0",
+        "@types/istanbul-reports": "^3.0.0",
+        "@types/node": "*",
+        "@types/yargs": "^17.0.8",
+        "chalk": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/@types/yargs": {
+      "version": "17.0.23",
+      "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.23.tgz",
+      "integrity": "sha512-yuogunc04OnzGQCrfHx+Kk883Q4X0aSwmYZhKjI21m+SVYzjIbrWl8dOOwSv5hf2Um2pdCOXWo9isteZTNXUZQ==",
+      "dependencies": {
+        "@types/yargs-parser": "*"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-watch-typeahead/node_modules/emittery": {
+      "version": "0.10.2",
+      "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz",
+      "integrity": "sha512-aITqOwnLanpHLNXZJENbOgjUBeHocD+xsSJmNrjovKBW5HbSpW3d1pEls7GFQPUWXiwG9+0P4GtHfEqC/4M0Iw==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/emittery?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-message-util": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz",
+      "integrity": "sha512-PFdn9Iewbt575zKPf1286Ht9EPoJmYT7P0kY+RibeYZ2XtOr53pDLEFoTWXbd1h4JiGiWpTBC84fc8xMXQMb7g==",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.13",
+        "@jest/types": "^28.1.3",
+        "@types/stack-utils": "^2.0.0",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^28.1.3",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-message-util/node_modules/slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-regex-util": {
+      "version": "28.0.2",
+      "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz",
+      "integrity": "sha512-4s0IgyNIy0y9FK+cjoVYoxamT7Zeo7MhzqRGx7YDYmaQn1wucY9rotiGkBzzcMXTtjrCAP/f7f+E0F7+fxPNdw==",
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-util": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz",
+      "integrity": "sha512-XdqfpHwpcSRko/C35uLYFM2emRAltIIKZiJ9eAmhjsj0CqZMa0p1ib0R5fWIqGhn1a103DebTbpqIaP1qCQ6tQ==",
+      "dependencies": {
+        "@jest/types": "^28.1.3",
+        "@types/node": "*",
+        "chalk": "^4.0.0",
+        "ci-info": "^3.2.0",
+        "graceful-fs": "^4.2.9",
+        "picomatch": "^2.2.3"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-watcher": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz",
+      "integrity": "sha512-t4qcqj9hze+jviFPUN3YAtAEeFnr/azITXQEMARf5cMwKY2SMBRnCQTXLixTl20OR6mLh9KLMrgVJgJISym+1g==",
+      "dependencies": {
+        "@jest/test-result": "^28.1.3",
+        "@jest/types": "^28.1.3",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "emittery": "^0.10.2",
+        "jest-util": "^28.1.3",
+        "string-length": "^4.0.1"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-watcher/node_modules/string-length": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz",
+      "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==",
+      "dependencies": {
+        "char-regex": "^1.0.2",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/jest-watcher/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/pretty-format": {
+      "version": "28.1.3",
+      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz",
+      "integrity": "sha512-8gFb/To0OmxHR9+ZTb14Df2vNxdGCX8g1xWGUTqUw5TiZvcQf5sHKObd5UcPyLLyowNwDAMTF3XWOG1B6mxl1Q==",
+      "dependencies": {
+        "@jest/schemas": "^28.1.3",
+        "ansi-regex": "^5.0.1",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^18.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/react-is": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
+    },
+    "node_modules/jest-watch-typeahead/node_modules/slash": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
+      "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/string-length": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/string-length/-/string-length-5.0.1.tgz",
+      "integrity": "sha512-9Ep08KAMUn0OadnVaBuRdE2l615CQ508kr0XMadjClfYpdCyvrbFp6Taebo8yyxokQ4viUd/xPPUA4FGgUa0ow==",
+      "dependencies": {
+        "char-regex": "^2.0.0",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12.20"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/string-length/node_modules/char-regex": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-2.0.1.tgz",
+      "integrity": "sha512-oSvEeo6ZUD7NepqAat3RqoucZ5SeqLJgOvVIwkafu6IP3V0pO38s/ypdVUmDDK6qIIHNlYHJAKX9E7R7HoKElw==",
+      "engines": {
+        "node": ">=12.20"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/strip-ansi": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.0.1.tgz",
+      "integrity": "sha512-cXNxvT8dFNRVfhVME3JAe98mkXDYN2O1l7jmcwMnOslDeESg1rF/OZMtK0nRAhiari1unG5cD4jG3rapUAkLbw==",
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watcher": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz",
+      "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==",
+      "dependencies": {
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "jest-util": "^27.5.1",
+        "string-length": "^4.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-watcher/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-worker": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz",
+      "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==",
+      "dependencies": {
+        "@types/node": "*",
+        "merge-stream": "^2.0.0",
+        "supports-color": "^8.0.0"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      }
+    },
+    "node_modules/jest-worker/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-worker/node_modules/supports-color": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/js-sdsl": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/js-sdsl/-/js-sdsl-4.4.0.tgz",
+      "integrity": "sha512-FfVSdx6pJ41Oa+CF7RDaFmTnCaFhua+SNYQX74riGOpl96x+2jQCqEfQ2bnXu/5DPCqlRuiqyvTJM0Qjz26IVg==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/js-sdsl"
+      }
+    },
+    "node_modules/js-sha256": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz",
+      "integrity": "sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA=="
+    },
+    "node_modules/js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/jsdom": {
+      "version": "16.7.0",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-16.7.0.tgz",
+      "integrity": "sha512-u9Smc2G1USStM+s/x1ru5Sxrl6mPYCbByG1U/hUmqaVsm4tbNyS7CicOSRyuGQYZhTu0h84qkZZQ/I+dzizSVw==",
+      "dependencies": {
+        "abab": "^2.0.5",
+        "acorn": "^8.2.4",
+        "acorn-globals": "^6.0.0",
+        "cssom": "^0.4.4",
+        "cssstyle": "^2.3.0",
+        "data-urls": "^2.0.0",
+        "decimal.js": "^10.2.1",
+        "domexception": "^2.0.1",
+        "escodegen": "^2.0.0",
+        "form-data": "^3.0.0",
+        "html-encoding-sniffer": "^2.0.1",
+        "http-proxy-agent": "^4.0.1",
+        "https-proxy-agent": "^5.0.0",
+        "is-potential-custom-element-name": "^1.0.1",
+        "nwsapi": "^2.2.0",
+        "parse5": "6.0.1",
+        "saxes": "^5.0.1",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^4.0.0",
+        "w3c-hr-time": "^1.0.2",
+        "w3c-xmlserializer": "^2.0.0",
+        "webidl-conversions": "^6.1.0",
+        "whatwg-encoding": "^1.0.5",
+        "whatwg-mimetype": "^2.3.0",
+        "whatwg-url": "^8.5.0",
+        "ws": "^7.4.6",
+        "xml-name-validator": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "canvas": "^2.5.0"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jsesc": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
+      "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
+      "bin": {
+        "jsesc": "bin/jsesc"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/json-parse-even-better-errors": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
+      "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w=="
+    },
+    "node_modules/json-schema": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+      "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="
+    },
+    "node_modules/json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+    },
+    "node_modules/json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw=="
+    },
+    "node_modules/json5": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
+      "bin": {
+        "json5": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/jsonfile": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
+      "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
+      "dependencies": {
+        "universalify": "^2.0.0"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/jsonpointer": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz",
+      "integrity": "sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/jsx-ast-utils": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.3.tgz",
+      "integrity": "sha512-fYQHZTZ8jSfmWZ0iyzfwiU4WDX4HpHbMCZ3gPlWYiCl3BoeOTsqKBqnTVfH2rYT7eP5c3sVbeSPHnnJOaTrWiw==",
+      "dependencies": {
+        "array-includes": "^3.1.5",
+        "object.assign": "^4.1.3"
+      },
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/kind-of": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz",
+      "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/kleur": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz",
+      "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/klona": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/klona/-/klona-2.0.6.tgz",
+      "integrity": "sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/language-subtag-registry": {
+      "version": "0.3.22",
+      "resolved": "https://registry.npmjs.org/language-subtag-registry/-/language-subtag-registry-0.3.22.tgz",
+      "integrity": "sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w=="
+    },
+    "node_modules/language-tags": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/language-tags/-/language-tags-1.0.5.tgz",
+      "integrity": "sha512-qJhlO9cGXi6hBGKoxEG/sKZDAHD5Hnu9Hs4WbOY3pCWXDhw0N8x1NenNzm2EnNLkLkk7J2SdxAkDSbb6ftT+UQ==",
+      "dependencies": {
+        "language-subtag-registry": "~0.3.2"
+      }
+    },
+    "node_modules/launch-editor": {
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.6.0.tgz",
+      "integrity": "sha512-JpDCcQnyAAzZZaZ7vEiSqL690w7dAEyLao+KC96zBplnYbJS7TYNjvM3M7y3dGz+v7aIsJk3hllWuc0kWAjyRQ==",
+      "dependencies": {
+        "picocolors": "^1.0.0",
+        "shell-quote": "^1.7.3"
+      }
+    },
+    "node_modules/leven": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz",
+      "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/levn": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
+      "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==",
+      "dependencies": {
+        "prelude-ls": "^1.2.1",
+        "type-check": "~0.4.0"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/lie": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/lie/-/lie-3.1.1.tgz",
+      "integrity": "sha512-RiNhHysUjhrDQntfYSfY4MU24coXXdEOgw9WGcKHNeEwffDYbF//u87M1EWaMGzuFoSbqW0C9C6lEEhDOAswfw==",
+      "dependencies": {
+        "immediate": "~3.0.5"
+      }
+    },
+    "node_modules/lilconfig": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
+      "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/lines-and-columns": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz",
+      "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg=="
+    },
+    "node_modules/loader-runner": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz",
+      "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==",
+      "engines": {
+        "node": ">=6.11.5"
+      }
+    },
+    "node_modules/loader-utils": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz",
+      "integrity": "sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==",
+      "dependencies": {
+        "big.js": "^5.2.2",
+        "emojis-list": "^3.0.0",
+        "json5": "^2.1.2"
+      },
+      "engines": {
+        "node": ">=8.9.0"
+      }
+    },
+    "node_modules/localforage": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/localforage/-/localforage-1.10.0.tgz",
+      "integrity": "sha512-14/H1aX7hzBBmmh7sGPd+AOMkkIrHM3Z1PAyGgZigA1H1p5O5ANnMyWzvpAETtG68/dC4pC0ncy3+PPGzXZHPg==",
+      "dependencies": {
+        "lie": "3.1.1"
+      }
+    },
+    "node_modules/locate-path": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
+      "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
+      "dependencies": {
+        "p-locate": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+    },
+    "node_modules/lodash-core": {
+      "version": "4.17.19",
+      "resolved": "https://registry.npmjs.org/lodash-core/-/lodash-core-4.17.19.tgz",
+      "integrity": "sha512-FpSbOooU9HcASpL7oJ/ZQGxR7oGzeqlVe1M/iAhnUMTk7eMJBkszS5tUPZCnRtNGPWe8ChswdByFTzW58iGQEQ=="
+    },
+    "node_modules/lodash.debounce": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
+      "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow=="
+    },
+    "node_modules/lodash.memoize": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz",
+      "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag=="
+    },
+    "node_modules/lodash.merge": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
+      "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ=="
+    },
+    "node_modules/lodash.sortby": {
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
+      "integrity": "sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA=="
+    },
+    "node_modules/lodash.truncate": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz",
+      "integrity": "sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw==",
+      "dev": true
+    },
+    "node_modules/lodash.uniq": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
+      "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ=="
+    },
+    "node_modules/loose-envify": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
+      "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
+      "dependencies": {
+        "js-tokens": "^3.0.0 || ^4.0.0"
+      },
+      "bin": {
+        "loose-envify": "cli.js"
+      }
+    },
+    "node_modules/lower-case": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz",
+      "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==",
+      "dependencies": {
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/lowlight": {
+      "version": "1.20.0",
+      "resolved": "https://registry.npmjs.org/lowlight/-/lowlight-1.20.0.tgz",
+      "integrity": "sha512-8Ktj+prEb1RoCPkEOrPMYUN/nCggB7qAWe3a7OpMjWQkh3l2RD5wKRQ+o8Q8YuI9RG/xs95waaI/E6ym/7NsTw==",
+      "dependencies": {
+        "fault": "^1.0.0",
+        "highlight.js": "~10.7.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/lru-cache": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+      "dependencies": {
+        "yallist": "^3.0.2"
+      }
+    },
+    "node_modules/lz-string": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz",
+      "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==",
+      "bin": {
+        "lz-string": "bin/bin.js"
+      }
+    },
+    "node_modules/magic-string": {
+      "version": "0.25.9",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.25.9.tgz",
+      "integrity": "sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==",
+      "dependencies": {
+        "sourcemap-codec": "^1.4.8"
+      }
+    },
+    "node_modules/make-dir": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
+      "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==",
+      "dependencies": {
+        "semver": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/make-dir/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/makeerror": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz",
+      "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==",
+      "dependencies": {
+        "tmpl": "1.0.5"
+      }
+    },
+    "node_modules/match-sorter": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/match-sorter/-/match-sorter-6.3.1.tgz",
+      "integrity": "sha512-mxybbo3pPNuA+ZuCUhm5bwNkXrJTbsk5VWbR5wiwz/GC6LIiegBGn2w3O08UG/jdbYLinw51fSQ5xNU1U3MgBw==",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5",
+        "remove-accents": "0.4.2"
+      }
+    },
+    "node_modules/mdn-data": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz",
+      "integrity": "sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA=="
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/memfs": {
+      "version": "3.4.13",
+      "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.4.13.tgz",
+      "integrity": "sha512-omTM41g3Skpvx5dSYeZIbXKcXoAVc/AoMNwn9TKx++L/gaen/+4TTttmu8ZSch5vfVJ8uJvGbroTsIlslRg6lg==",
+      "dependencies": {
+        "fs-monkey": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+      "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w=="
+    },
+    "node_modules/merge-stream": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
+      "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w=="
+    },
+    "node_modules/merge2": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/micromatch": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "dependencies": {
+        "braces": "^3.0.2",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mimic-fn": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
+      "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/min-indent": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
+      "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mini-css-extract-plugin": {
+      "version": "2.7.5",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.5.tgz",
+      "integrity": "sha512-9HaR++0mlgom81s95vvNjxkg52n2b5s//3ZTI1EtzFb98awsLSivs2LMsVqnQ3ay0PVhqWcGNyDaTE961FOcjQ==",
+      "dependencies": {
+        "schema-utils": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/mini-css-extract-plugin/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/mini-css-extract-plugin/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/mini-css-extract-plugin/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/mini-css-extract-plugin/node_modules/schema-utils": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
+      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.8.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/minimalistic-assert": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
+    },
+    "node_modules/minimatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/mkdirp": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
+      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
+      "dependencies": {
+        "minimist": "^1.2.6"
+      },
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+    },
+    "node_modules/multicast-dns": {
+      "version": "7.2.5",
+      "resolved": "https://registry.npmjs.org/multicast-dns/-/multicast-dns-7.2.5.tgz",
+      "integrity": "sha512-2eznPJP8z2BFLX50tf0LuODrpINqP1RVIm/CObbTcBRITQgmC/TjcREF1NeTBzIcR5XO/ukWo+YHOjBbFwIupg==",
+      "dependencies": {
+        "dns-packet": "^5.2.2",
+        "thunky": "^1.0.2"
+      },
+      "bin": {
+        "multicast-dns": "cli.js"
+      }
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.4",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
+      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw=="
+    },
+    "node_modules/natural-compare-lite": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare-lite/-/natural-compare-lite-1.4.0.tgz",
+      "integrity": "sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g=="
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/neo-async": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz",
+      "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw=="
+    },
+    "node_modules/no-case": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz",
+      "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==",
+      "dependencies": {
+        "lower-case": "^2.0.2",
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/node-forge": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz",
+      "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==",
+      "engines": {
+        "node": ">= 6.13.0"
+      }
+    },
+    "node_modules/node-int64": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz",
+      "integrity": "sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw=="
+    },
+    "node_modules/node-releases": {
+      "version": "2.0.10",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz",
+      "integrity": "sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w=="
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/normalize-range": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz",
+      "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/normalize-url": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz",
+      "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/npm-run-path": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz",
+      "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==",
+      "dependencies": {
+        "path-key": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/nth-check": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz",
+      "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==",
+      "dependencies": {
+        "boolbase": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/nth-check?sponsor=1"
+      }
+    },
+    "node_modules/nwsapi": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.2.tgz",
+      "integrity": "sha512-90yv+6538zuvUMnN+zCr8LuV6bPFdq50304114vJYJ8RDyK8D5O9Phpbd6SZWgI7PwzmmfN1upeOJlvybDSgCw=="
+    },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-hash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
+      "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.12.3",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
+      "integrity": "sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object-is": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz",
+      "integrity": "sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object-keys": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz",
+      "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/object-path": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/object-path/-/object-path-0.6.0.tgz",
+      "integrity": "sha512-fxrwsCFi3/p+LeLOAwo/wyRMODZxdGBtUlWRzsEpsUVrisZbEfZ21arxLGfaWfcnqb8oHPNihIb4XPE8CQPN5A==",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/object.assign": {
+      "version": "4.1.4",
+      "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz",
+      "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "has-symbols": "^1.0.3",
+        "object-keys": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.entries": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.6.tgz",
+      "integrity": "sha512-leTPzo4Zvg3pmbQ3rDK69Rl8GQvIqMWubrkxONG9/ojtFE2rD9fjMKfSI5BxW3osRH1m6VdzmqK8oAY9aT4x5w==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/object.fromentries": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.6.tgz",
+      "integrity": "sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.getownpropertydescriptors": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.5.tgz",
+      "integrity": "sha512-yDNzckpM6ntyQiGTik1fKV1DcVDRS+w8bvpWNCBanvH5LfRX9O8WTHqQzG4RZwRAM4I0oU7TV11Lj5v0g20ibw==",
+      "dependencies": {
+        "array.prototype.reduce": "^1.0.5",
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.hasown": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.2.tgz",
+      "integrity": "sha512-B5UIT3J1W+WuWIU55h0mjlwaqxiE5vYENJXIXZ4VFe05pNYrkKuK0U/6aFcb0pKywYJh7IhfoqUfKVmrJJHZHw==",
+      "dependencies": {
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.values": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.6.tgz",
+      "integrity": "sha512-FVVTkD1vENCsAcwNs9k6jea2uHC/X0+JcjG8YA60FN5CMaJmG95wT9jek/xX9nornqGRrBkKtzuAu2wuHpKqvw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/obuf": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz",
+      "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg=="
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/on-headers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
+      "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/onetime": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz",
+      "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==",
+      "dependencies": {
+        "mimic-fn": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/open": {
+      "version": "8.4.2",
+      "resolved": "https://registry.npmjs.org/open/-/open-8.4.2.tgz",
+      "integrity": "sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==",
+      "dependencies": {
+        "define-lazy-prop": "^2.0.0",
+        "is-docker": "^2.1.1",
+        "is-wsl": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/optionator": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
+      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "dependencies": {
+        "deep-is": "^0.1.3",
+        "fast-levenshtein": "^2.0.6",
+        "levn": "^0.4.1",
+        "prelude-ls": "^1.2.1",
+        "type-check": "^0.4.0",
+        "word-wrap": "^1.2.3"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/p-limit": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
+      "dependencies": {
+        "yocto-queue": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-locate": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
+      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
+      "dependencies": {
+        "p-limit": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-retry": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-4.6.2.tgz",
+      "integrity": "sha512-312Id396EbJdvRONlngUx0NydfrIQ5lsYu0znKVUzVvArzEIt08V1qhtyESbGVd1FGX7UKtiFp5uwKZdM8wIuQ==",
+      "dependencies": {
+        "@types/retry": "0.12.0",
+        "retry": "^0.13.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/param-case": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz",
+      "integrity": "sha512-RXlj7zCYokReqWpOPH9oYivUzLYZ5vAPIfEmCTNViosC78F8F0H9y7T7gG2M39ymgutxF5gcFEsyZQSph9Bp3A==",
+      "dependencies": {
+        "dot-case": "^3.0.4",
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/parent-module": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
+      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
+      "dependencies": {
+        "callsites": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/parse-entities": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-2.0.0.tgz",
+      "integrity": "sha512-kkywGpCcRYhqQIchaWqZ875wzpS/bMKhz5HnN3p7wveJTkTtyAB/AlnS0f8DFSqYW1T82t6yEAkEcB+A1I3MbQ==",
+      "dependencies": {
+        "character-entities": "^1.0.0",
+        "character-entities-legacy": "^1.0.0",
+        "character-reference-invalid": "^1.0.0",
+        "is-alphanumerical": "^1.0.0",
+        "is-decimal": "^1.0.0",
+        "is-hexadecimal": "^1.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/parse-json": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz",
+      "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==",
+      "dependencies": {
+        "@babel/code-frame": "^7.0.0",
+        "error-ex": "^1.3.1",
+        "json-parse-even-better-errors": "^2.3.0",
+        "lines-and-columns": "^1.1.6"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/parse5": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
+      "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw=="
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/pascal-case": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz",
+      "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==",
+      "dependencies": {
+        "no-case": "^3.0.4",
+        "tslib": "^2.0.3"
+      }
+    },
+    "node_modules/path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+      "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+    },
+    "node_modules/path-type": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
+      "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow=="
+    },
+    "node_modules/picocolors": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
+      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ=="
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/pify": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
+      "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/pirates": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.5.tgz",
+      "integrity": "sha512-8V9+HQPupnaXMA23c5hvl69zXvTwTzyAYasnkb0Tts4XvO4CliqONMOnvlq26rkhLC3nWDFBJf73LU1e1VZLaQ==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/pkg-dir": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz",
+      "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==",
+      "dependencies": {
+        "find-up": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/pkg-dir/node_modules/find-up": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "dependencies": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/pkg-dir/node_modules/locate-path": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+      "dependencies": {
+        "p-locate": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/pkg-dir/node_modules/p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/pkg-dir/node_modules/p-locate": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+      "dependencies": {
+        "p-limit": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/pkg-up": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/pkg-up/-/pkg-up-3.1.0.tgz",
+      "integrity": "sha512-nDywThFk1i4BQK4twPQ6TA4RT8bDY96yeuCVBWL3ePARCiEKDRSrNGbFIgUJpLp+XeIR65v8ra7WuJOFUBtkMA==",
+      "dependencies": {
+        "find-up": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/pkg-up/node_modules/find-up": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz",
+      "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==",
+      "dependencies": {
+        "locate-path": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/pkg-up/node_modules/locate-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz",
+      "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==",
+      "dependencies": {
+        "p-locate": "^3.0.0",
+        "path-exists": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/pkg-up/node_modules/p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/pkg-up/node_modules/p-locate": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz",
+      "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==",
+      "dependencies": {
+        "p-limit": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/pkg-up/node_modules/path-exists": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
+      "integrity": "sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/postcss": {
+      "version": "8.4.21",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
+      "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        }
+      ],
+      "dependencies": {
+        "nanoid": "^3.3.4",
+        "picocolors": "^1.0.0",
+        "source-map-js": "^1.0.2"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/postcss-attribute-case-insensitive": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-5.0.2.tgz",
+      "integrity": "sha512-XIidXV8fDr0kKt28vqki84fRK8VW8eTuIa4PChv2MqKuT6C9UjmSKzen6KaWhWEoYvwxFCa7n/tC1SZ3tyq4SQ==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-browser-comments": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-browser-comments/-/postcss-browser-comments-4.0.0.tgz",
+      "integrity": "sha512-X9X9/WN3KIvY9+hNERUqX9gncsgBA25XaeR+jshHz2j8+sYyHktHw1JdKuMjeLpGktXidqDhA7b/qm1mrBDmgg==",
+      "engines": {
+        "node": ">=8"
+      },
+      "peerDependencies": {
+        "browserslist": ">=4",
+        "postcss": ">=8"
+      }
+    },
+    "node_modules/postcss-calc": {
+      "version": "8.2.4",
+      "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-8.2.4.tgz",
+      "integrity": "sha512-SmWMSJmB8MRnnULldx0lQIyhSNvuDl9HfrZkaqqE/WHAhToYsAvDq+yAsA/kIyINDszOp3Rh0GFoNuH5Ypsm3Q==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.9",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.2"
+      }
+    },
+    "node_modules/postcss-clamp": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-clamp/-/postcss-clamp-4.1.0.tgz",
+      "integrity": "sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": ">=7.6.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4.6"
+      }
+    },
+    "node_modules/postcss-color-functional-notation": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/postcss-color-functional-notation/-/postcss-color-functional-notation-4.2.4.tgz",
+      "integrity": "sha512-2yrTAUZUab9s6CpxkxC4rVgFEVaR6/2Pipvi6qcgvnYiVqZcbDHEoBDhrXzyb7Efh2CCfHQNtcqWcIruDTIUeg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-color-hex-alpha": {
+      "version": "8.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-color-hex-alpha/-/postcss-color-hex-alpha-8.0.4.tgz",
+      "integrity": "sha512-nLo2DCRC9eE4w2JmuKgVA3fGL3d01kGq752pVALF68qpGLmx2Qrk91QTKkdUqqp45T1K1XV8IhQpcu1hoAQflQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/postcss-color-rebeccapurple": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-7.1.1.tgz",
+      "integrity": "sha512-pGxkuVEInwLHgkNxUc4sdg4g3py7zUeCQ9sMfwyHAT+Ezk8a4OaaVZ8lIY5+oNqA/BXXgLyXv0+5wHP68R79hg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-colormin": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-5.3.1.tgz",
+      "integrity": "sha512-UsWQG0AqTFQmpBegeLLc1+c3jIqBNB0zlDGRWR+dQ3pRKJL1oeMzyqmH3o2PIfn9MBdNrVPWhDbT769LxCTLJQ==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "caniuse-api": "^3.0.0",
+        "colord": "^2.9.1",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-convert-values": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-5.1.3.tgz",
+      "integrity": "sha512-82pC1xkJZtcJEfiLw6UXnXVXScgtBrjlO5CBmuDQc+dlb88ZYheFsjTn40+zBVi3DkfF7iezO0nJUPLcJK3pvA==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-custom-media": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-8.0.2.tgz",
+      "integrity": "sha512-7yi25vDAoHAkbhAzX9dHx2yc6ntS4jQvejrNcC+csQJAXjj15e7VcWfMgLqBNAbOvqi5uIa9huOVwdHbf+sKqg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.3"
+      }
+    },
+    "node_modules/postcss-custom-properties": {
+      "version": "12.1.11",
+      "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-12.1.11.tgz",
+      "integrity": "sha512-0IDJYhgU8xDv1KY6+VgUwuQkVtmYzRwu+dMjnmdMafXYv86SWqfxkc7qdDvWS38vsjaEtv8e0vGOUQrAiMBLpQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-custom-selectors": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/postcss-custom-selectors/-/postcss-custom-selectors-6.0.3.tgz",
+      "integrity": "sha512-fgVkmyiWDwmD3JbpCmB45SvvlCD6z9CG6Ie6Iere22W5aHea6oWa7EM2bpnv2Fj3I94L3VbtvX9KqwSi5aFzSg==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.4"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.3"
+      }
+    },
+    "node_modules/postcss-dir-pseudo-class": {
+      "version": "6.0.5",
+      "resolved": "https://registry.npmjs.org/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-6.0.5.tgz",
+      "integrity": "sha512-eqn4m70P031PF7ZQIvSgy9RSJ5uI2171O/OO/zcRNYpJbvaeKFUlar1aJ7rmgiQtbm0FSPsRewjpdS0Oew7MPA==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-discard-comments": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-5.1.2.tgz",
+      "integrity": "sha512-+L8208OVbHVF2UQf1iDmRcbdjJkuBF6IS29yBDSiWUIzpYaAhtNl6JYnYm12FnkeCwQqF5LeklOu6rAqgfBZqQ==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-discard-duplicates": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-5.1.0.tgz",
+      "integrity": "sha512-zmX3IoSI2aoenxHV6C7plngHWWhUOV3sP1T8y2ifzxzbtnuhk1EdPwm0S1bIUNaJ2eNbWeGLEwzw8huPD67aQw==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-discard-empty": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-5.1.1.tgz",
+      "integrity": "sha512-zPz4WljiSuLWsI0ir4Mcnr4qQQ5e1Ukc3i7UfE2XcrwKK2LIPIqE5jxMRxO6GbI3cv//ztXDsXwEWT3BHOGh3A==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-discard-overridden": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-5.1.0.tgz",
+      "integrity": "sha512-21nOL7RqWR1kasIVdKs8HNqQJhFxLsyRfAnUDm4Fe4t4mCWL9OJiHvlHPjcd8zc5Myu89b/7wZDnOSjFgeWRtw==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-double-position-gradients": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-double-position-gradients/-/postcss-double-position-gradients-3.1.2.tgz",
+      "integrity": "sha512-GX+FuE/uBR6eskOK+4vkXgT6pDkexLokPaz/AbJna9s5Kzp/yl488pKPjhy0obB475ovfT1Wv8ho7U/cHNaRgQ==",
+      "dependencies": {
+        "@csstools/postcss-progressive-custom-properties": "^1.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-env-function": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/postcss-env-function/-/postcss-env-function-4.0.6.tgz",
+      "integrity": "sha512-kpA6FsLra+NqcFnL81TnsU+Z7orGtDTxcOhl6pwXeEq1yFPpRMkCDpHhrz8CFQDr/Wfm0jLiNQ1OsGGPjlqPwA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/postcss-flexbugs-fixes": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/postcss-flexbugs-fixes/-/postcss-flexbugs-fixes-5.0.2.tgz",
+      "integrity": "sha512-18f9voByak7bTktR2QgDveglpn9DTbBWPUzSOe9g0N4WR/2eSt6Vrcbf0hmspvMI6YWGywz6B9f7jzpFNJJgnQ==",
+      "peerDependencies": {
+        "postcss": "^8.1.4"
+      }
+    },
+    "node_modules/postcss-focus-visible": {
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-focus-visible/-/postcss-focus-visible-6.0.4.tgz",
+      "integrity": "sha512-QcKuUU/dgNsstIK6HELFRT5Y3lbrMLEOwG+A4s5cA+fx3A3y/JTq3X9LaOj3OC3ALH0XqyrgQIgey/MIZ8Wczw==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.9"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/postcss-focus-within": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-focus-within/-/postcss-focus-within-5.0.4.tgz",
+      "integrity": "sha512-vvjDN++C0mu8jz4af5d52CB184ogg/sSxAFS+oUJQq2SuCe7T5U2iIsVJtsCp2d6R4j0jr5+q3rPkBVZkXD9fQ==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.9"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/postcss-font-variant": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz",
+      "integrity": "sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==",
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-gap-properties": {
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/postcss-gap-properties/-/postcss-gap-properties-3.0.5.tgz",
+      "integrity": "sha512-IuE6gKSdoUNcvkGIqdtjtcMtZIFyXZhmFd5RUlg97iVEvp1BZKV5ngsAjCjrVy+14uhGBQl9tzmi1Qwq4kqVOg==",
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-image-set-function": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/postcss-image-set-function/-/postcss-image-set-function-4.0.7.tgz",
+      "integrity": "sha512-9T2r9rsvYzm5ndsBE8WgtrMlIT7VbtTfE7b3BQnudUqnBcBo7L758oc+o+pdj/dUV0l5wjwSdjeOH2DZtfv8qw==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-import": {
+      "version": "14.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz",
+      "integrity": "sha512-flwI+Vgm4SElObFVPpTIT7SU7R3qk2L7PyduMcokiaVKuWv9d/U+Gm/QAd8NDLuykTWTkcrjOeD2Pp1rMeBTGw==",
+      "dependencies": {
+        "postcss-value-parser": "^4.0.0",
+        "read-cache": "^1.0.0",
+        "resolve": "^1.1.7"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.0.0"
+      }
+    },
+    "node_modules/postcss-initial": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-initial/-/postcss-initial-4.0.1.tgz",
+      "integrity": "sha512-0ueD7rPqX8Pn1xJIjay0AZeIuDoF+V+VvMt/uOnn+4ezUKhZM/NokDeP6DwMNyIoYByuN/94IQnt5FEkaN59xQ==",
+      "peerDependencies": {
+        "postcss": "^8.0.0"
+      }
+    },
+    "node_modules/postcss-js": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz",
+      "integrity": "sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==",
+      "dependencies": {
+        "camelcase-css": "^2.0.1"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >= 16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/postcss/"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4.21"
+      }
+    },
+    "node_modules/postcss-lab-function": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/postcss-lab-function/-/postcss-lab-function-4.2.1.tgz",
+      "integrity": "sha512-xuXll4isR03CrQsmxyz92LJB2xX9n+pZJ5jE9JgcnmsCammLyKdlzrBin+25dy6wIjfhJpKBAN80gsTlCgRk2w==",
+      "dependencies": {
+        "@csstools/postcss-progressive-custom-properties": "^1.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-load-config": {
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz",
+      "integrity": "sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==",
+      "dependencies": {
+        "lilconfig": "^2.0.5",
+        "yaml": "^1.10.2"
+      },
+      "engines": {
+        "node": ">= 10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/postcss/"
+      },
+      "peerDependencies": {
+        "postcss": ">=8.0.9",
+        "ts-node": ">=9.0.0"
+      },
+      "peerDependenciesMeta": {
+        "postcss": {
+          "optional": true
+        },
+        "ts-node": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/postcss-loader": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-6.2.1.tgz",
+      "integrity": "sha512-WbbYpmAaKcux/P66bZ40bpWsBucjx/TTgVVzRZ9yUO8yQfVBlameJ0ZGVaPfH64hNSBh63a+ICP5nqOpBA0w+Q==",
+      "dependencies": {
+        "cosmiconfig": "^7.0.0",
+        "klona": "^2.0.5",
+        "semver": "^7.3.5"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "postcss": "^7.0.0 || ^8.0.1",
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/postcss-logical": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-logical/-/postcss-logical-5.0.4.tgz",
+      "integrity": "sha512-RHXxplCeLh9VjinvMrZONq7im4wjWGlRJAqmAVLXyZaXwfDWP73/oq4NdIp+OZwhQUMj0zjqDfM5Fj7qby+B4g==",
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4"
+      }
+    },
+    "node_modules/postcss-media-minmax": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-media-minmax/-/postcss-media-minmax-5.0.0.tgz",
+      "integrity": "sha512-yDUvFf9QdFZTuCUg0g0uNSHVlJ5X1lSzDZjPSFaiCWvjgsvu8vEVxtahPrLMinIDEEGnx6cBe6iqdx5YWz08wQ==",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-merge-longhand": {
+      "version": "5.1.7",
+      "resolved": "https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-5.1.7.tgz",
+      "integrity": "sha512-YCI9gZB+PLNskrK0BB3/2OzPnGhPkBEwmwhfYk1ilBHYVAZB7/tkTHFBAnCrvBBOmeYyMYw3DMjT55SyxMBzjQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0",
+        "stylehacks": "^5.1.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-merge-rules": {
+      "version": "5.1.4",
+      "resolved": "https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-5.1.4.tgz",
+      "integrity": "sha512-0R2IuYpgU93y9lhVbO/OylTtKMVcHb67zjWIfCiKR9rWL3GUk1677LAqD/BcHizukdZEjT8Ru3oHRoAYoJy44g==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "caniuse-api": "^3.0.0",
+        "cssnano-utils": "^3.1.0",
+        "postcss-selector-parser": "^6.0.5"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-minify-font-values": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-minify-font-values/-/postcss-minify-font-values-5.1.0.tgz",
+      "integrity": "sha512-el3mYTgx13ZAPPirSVsHqFzl+BBBDrXvbySvPGFnQcTI4iNslrPaFq4muTkLZmKlGk4gyFAYUBMH30+HurREyA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-minify-gradients": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-minify-gradients/-/postcss-minify-gradients-5.1.1.tgz",
+      "integrity": "sha512-VGvXMTpCEo4qHTNSa9A0a3D+dxGFZCYwR6Jokk+/3oB6flu2/PnPXAh2x7x52EkY5xlIHLm+Le8tJxe/7TNhzw==",
+      "dependencies": {
+        "colord": "^2.9.1",
+        "cssnano-utils": "^3.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-minify-params": {
+      "version": "5.1.4",
+      "resolved": "https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-5.1.4.tgz",
+      "integrity": "sha512-+mePA3MgdmVmv6g+30rn57USjOGSAyuxUmkfiWpzalZ8aiBkdPYjXWtHuwJGm1v5Ojy0Z0LaSYhHaLJQB0P8Jw==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "cssnano-utils": "^3.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-minify-selectors": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-5.2.1.tgz",
+      "integrity": "sha512-nPJu7OjZJTsVUmPdm2TcaiohIwxP+v8ha9NehQ2ye9szv4orirRU3SDdtUmKH+10nzn0bAyOXZ0UEr7OpvLehg==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.5"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-modules-extract-imports": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.0.0.tgz",
+      "integrity": "sha512-bdHleFnP3kZ4NYDhuGlVK+CMrQ/pqUm8bx/oGL93K6gVwiclvX5x0n76fYMKuIGKzlABOy13zsvqjb0f92TEXw==",
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-modules-local-by-default": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.0.tgz",
+      "integrity": "sha512-sT7ihtmGSF9yhm6ggikHdV0hlziDTX7oFoXtuVWeDd3hHObNkcHRo9V3yg7vCAY7cONyxJC/XXCmmiHHcvX7bQ==",
+      "dependencies": {
+        "icss-utils": "^5.0.0",
+        "postcss-selector-parser": "^6.0.2",
+        "postcss-value-parser": "^4.1.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-modules-scope": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.0.0.tgz",
+      "integrity": "sha512-hncihwFA2yPath8oZ15PZqvWGkWf+XUfQgUGamS4LqoP1anQLOsOJw0vr7J7IwLpoY9fatA2qiGUGmuZL0Iqlg==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.4"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-modules-values": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz",
+      "integrity": "sha512-RDxHkAiEGI78gS2ofyvCsu7iycRv7oqw5xMWn9iMoR0N/7mf9D50ecQqUo5BZ9Zh2vH4bCUR/ktCqbB9m8vJjQ==",
+      "dependencies": {
+        "icss-utils": "^5.0.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >= 14"
+      },
+      "peerDependencies": {
+        "postcss": "^8.1.0"
+      }
+    },
+    "node_modules/postcss-nested": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz",
+      "integrity": "sha512-0DkamqrPcmkBDsLn+vQDIrtkSbNkv5AD/M322ySo9kqFkCIYklym2xEmWkwo+Y3/qZo34tzEPNUw4y7yMCdv5w==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": ">=12.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/postcss/"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.14"
+      }
+    },
+    "node_modules/postcss-nesting": {
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-10.2.0.tgz",
+      "integrity": "sha512-EwMkYchxiDiKUhlJGzWsD9b2zvq/r2SSubcRrgP+jujMXFzqvANLt16lJANC+5uZ6hjI7lpRmI6O8JIl+8l1KA==",
+      "dependencies": {
+        "@csstools/selector-specificity": "^2.0.0",
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-normalize": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-normalize/-/postcss-normalize-10.0.1.tgz",
+      "integrity": "sha512-+5w18/rDev5mqERcG3W5GZNMJa1eoYYNGo8gB7tEwaos0ajk3ZXAI4mHGcNT47NE+ZnZD1pEpUOFLvltIwmeJA==",
+      "dependencies": {
+        "@csstools/normalize.css": "*",
+        "postcss-browser-comments": "^4",
+        "sanitize.css": "*"
+      },
+      "engines": {
+        "node": ">= 12"
+      },
+      "peerDependencies": {
+        "browserslist": ">= 4",
+        "postcss": ">= 8"
+      }
+    },
+    "node_modules/postcss-normalize-charset": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-5.1.0.tgz",
+      "integrity": "sha512-mSgUJ+pd/ldRGVx26p2wz9dNZ7ji6Pn8VWBajMXFf8jk7vUoSrZ2lt/wZR7DtlZYKesmZI680qjr2CeFF2fbUg==",
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-display-values": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-display-values/-/postcss-normalize-display-values-5.1.0.tgz",
+      "integrity": "sha512-WP4KIM4o2dazQXWmFaqMmcvsKmhdINFblgSeRgn8BJ6vxaMyaJkwAzpPpuvSIoG/rmX3M+IrRZEz2H0glrQNEA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-positions": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-positions/-/postcss-normalize-positions-5.1.1.tgz",
+      "integrity": "sha512-6UpCb0G4eofTCQLFVuI3EVNZzBNPiIKcA1AKVka+31fTVySphr3VUgAIULBhxZkKgwLImhzMR2Bw1ORK+37INg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-repeat-style": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-5.1.1.tgz",
+      "integrity": "sha512-mFpLspGWkQtBcWIRFLmewo8aC3ImN2i/J3v8YCFUwDnPu3Xz4rLohDO26lGjwNsQxB3YF0KKRwspGzE2JEuS0g==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-string": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-string/-/postcss-normalize-string-5.1.0.tgz",
+      "integrity": "sha512-oYiIJOf4T9T1N4i+abeIc7Vgm/xPCGih4bZz5Nm0/ARVJ7K6xrDlLwvwqOydvyL3RHNf8qZk6vo3aatiw/go3w==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-timing-functions": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-5.1.0.tgz",
+      "integrity": "sha512-DOEkzJ4SAXv5xkHl0Wa9cZLF3WCBhF3o1SKVxKQAa+0pYKlueTpCgvkFAHfk+Y64ezX9+nITGrDZeVGgITJXjg==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-unicode": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-5.1.1.tgz",
+      "integrity": "sha512-qnCL5jzkNUmKVhZoENp1mJiGNPcsJCs1aaRmURmeJGES23Z/ajaln+EPTD+rBeNkSryI+2WTdW+lwcVdOikrpA==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-url": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-url/-/postcss-normalize-url-5.1.0.tgz",
+      "integrity": "sha512-5upGeDO+PVthOxSmds43ZeMeZfKH+/DKgGRD7TElkkyS46JXAUhMzIKiCa7BabPeIy3AQcTkXwVVN7DbqsiCew==",
+      "dependencies": {
+        "normalize-url": "^6.0.1",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-normalize-whitespace": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-normalize-whitespace/-/postcss-normalize-whitespace-5.1.1.tgz",
+      "integrity": "sha512-83ZJ4t3NUDETIHTa3uEg6asWjSBYL5EdkVB0sDncx9ERzOKBVJIUeDO9RyA9Zwtig8El1d79HBp0JEi8wvGQnA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-opacity-percentage": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/postcss-opacity-percentage/-/postcss-opacity-percentage-1.1.3.tgz",
+      "integrity": "sha512-An6Ba4pHBiDtyVpSLymUUERMo2cU7s+Obz6BTrS+gxkbnSBNKSuD0AVUc+CpBMrpVPKKfoVz0WQCX+Tnst0i4A==",
+      "funding": [
+        {
+          "type": "kofi",
+          "url": "https://ko-fi.com/mrcgrtz"
+        },
+        {
+          "type": "liberapay",
+          "url": "https://liberapay.com/mrcgrtz"
+        }
+      ],
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-ordered-values": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-5.1.3.tgz",
+      "integrity": "sha512-9UO79VUhPwEkzbb3RNpqqghc6lcYej1aveQteWY+4POIwlqkYE21HKWaLDF6lWNuqCobEAyTovVhtI32Rbv2RQ==",
+      "dependencies": {
+        "cssnano-utils": "^3.1.0",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-overflow-shorthand": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-overflow-shorthand/-/postcss-overflow-shorthand-3.0.4.tgz",
+      "integrity": "sha512-otYl/ylHK8Y9bcBnPLo3foYFLL6a6Ak+3EQBPOTR7luMYCOsiVTUk1iLvNf6tVPNGXcoL9Hoz37kpfriRIFb4A==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-page-break": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-page-break/-/postcss-page-break-3.0.4.tgz",
+      "integrity": "sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==",
+      "peerDependencies": {
+        "postcss": "^8"
+      }
+    },
+    "node_modules/postcss-place": {
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/postcss-place/-/postcss-place-7.0.5.tgz",
+      "integrity": "sha512-wR8igaZROA6Z4pv0d+bvVrvGY4GVHihBCBQieXFY3kuSuMyOmEnnfFzHl/tQuqHZkfkIVBEbDvYcFfHmpSet9g==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-preset-env": {
+      "version": "7.8.3",
+      "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-7.8.3.tgz",
+      "integrity": "sha512-T1LgRm5uEVFSEF83vHZJV2z19lHg4yJuZ6gXZZkqVsqv63nlr6zabMH3l4Pc01FQCyfWVrh2GaUeCVy9Po+Aag==",
+      "dependencies": {
+        "@csstools/postcss-cascade-layers": "^1.1.1",
+        "@csstools/postcss-color-function": "^1.1.1",
+        "@csstools/postcss-font-format-keywords": "^1.0.1",
+        "@csstools/postcss-hwb-function": "^1.0.2",
+        "@csstools/postcss-ic-unit": "^1.0.1",
+        "@csstools/postcss-is-pseudo-class": "^2.0.7",
+        "@csstools/postcss-nested-calc": "^1.0.0",
+        "@csstools/postcss-normalize-display-values": "^1.0.1",
+        "@csstools/postcss-oklab-function": "^1.1.1",
+        "@csstools/postcss-progressive-custom-properties": "^1.3.0",
+        "@csstools/postcss-stepped-value-functions": "^1.0.1",
+        "@csstools/postcss-text-decoration-shorthand": "^1.0.0",
+        "@csstools/postcss-trigonometric-functions": "^1.0.2",
+        "@csstools/postcss-unset-value": "^1.0.2",
+        "autoprefixer": "^10.4.13",
+        "browserslist": "^4.21.4",
+        "css-blank-pseudo": "^3.0.3",
+        "css-has-pseudo": "^3.0.4",
+        "css-prefers-color-scheme": "^6.0.3",
+        "cssdb": "^7.1.0",
+        "postcss-attribute-case-insensitive": "^5.0.2",
+        "postcss-clamp": "^4.1.0",
+        "postcss-color-functional-notation": "^4.2.4",
+        "postcss-color-hex-alpha": "^8.0.4",
+        "postcss-color-rebeccapurple": "^7.1.1",
+        "postcss-custom-media": "^8.0.2",
+        "postcss-custom-properties": "^12.1.10",
+        "postcss-custom-selectors": "^6.0.3",
+        "postcss-dir-pseudo-class": "^6.0.5",
+        "postcss-double-position-gradients": "^3.1.2",
+        "postcss-env-function": "^4.0.6",
+        "postcss-focus-visible": "^6.0.4",
+        "postcss-focus-within": "^5.0.4",
+        "postcss-font-variant": "^5.0.0",
+        "postcss-gap-properties": "^3.0.5",
+        "postcss-image-set-function": "^4.0.7",
+        "postcss-initial": "^4.0.1",
+        "postcss-lab-function": "^4.2.1",
+        "postcss-logical": "^5.0.4",
+        "postcss-media-minmax": "^5.0.0",
+        "postcss-nesting": "^10.2.0",
+        "postcss-opacity-percentage": "^1.1.2",
+        "postcss-overflow-shorthand": "^3.0.4",
+        "postcss-page-break": "^3.0.4",
+        "postcss-place": "^7.0.5",
+        "postcss-pseudo-class-any-link": "^7.1.6",
+        "postcss-replace-overflow-wrap": "^4.0.0",
+        "postcss-selector-not": "^6.0.1",
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-pseudo-class-any-link": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-7.1.6.tgz",
+      "integrity": "sha512-9sCtZkO6f/5ML9WcTLcIyV1yz9D1rf0tWc+ulKcvV30s0iZKS/ONyETvoWsr6vnrmW+X+KmuK3gV/w5EWnT37w==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-reduce-initial": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-5.1.2.tgz",
+      "integrity": "sha512-dE/y2XRaqAi6OvjzD22pjTUQ8eOfc6m/natGHgKFBK9DxFmIm69YmaRVQrGgFlEfc1HePIurY0TmDeROK05rIg==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "caniuse-api": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-reduce-transforms": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-reduce-transforms/-/postcss-reduce-transforms-5.1.0.tgz",
+      "integrity": "sha512-2fbdbmgir5AvpW9RLtdONx1QoYG2/EtqpNQbFASDlixBbAYuTcJ0dECwlqNqH7VbaUnEnh8SrxOe2sRIn24XyQ==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-replace-overflow-wrap": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz",
+      "integrity": "sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==",
+      "peerDependencies": {
+        "postcss": "^8.0.3"
+      }
+    },
+    "node_modules/postcss-selector-not": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-selector-not/-/postcss-selector-not-6.0.1.tgz",
+      "integrity": "sha512-1i9affjAe9xu/y9uqWH+tD4r6/hDaXJruk8xn2x1vzxC2U3J3LKO3zJW4CyxlNhA56pADJ/djpEwpH1RClI2rQ==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.10"
+      },
+      "engines": {
+        "node": "^12 || ^14 || >=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/csstools"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2"
+      }
+    },
+    "node_modules/postcss-selector-parser": {
+      "version": "6.0.11",
+      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.11.tgz",
+      "integrity": "sha512-zbARubNdogI9j7WY4nQJBiNqQf3sLS3wCP4WfOidu+p28LofJqDH1tcXypGrcmMHhDk2t9wGhCsYe/+szLTy1g==",
+      "dependencies": {
+        "cssesc": "^3.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/postcss-svgo": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-5.1.0.tgz",
+      "integrity": "sha512-D75KsH1zm5ZrHyxPakAxJWtkyXew5qwS70v56exwvw542d9CRtTo78K0WeFxZB4G7JXKKMbEZtZayTGdIky/eA==",
+      "dependencies": {
+        "postcss-value-parser": "^4.2.0",
+        "svgo": "^2.7.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-svgo/node_modules/commander": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz",
+      "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/postcss-svgo/node_modules/css-tree": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.3.tgz",
+      "integrity": "sha512-tRpdppF7TRazZrjJ6v3stzv93qxRcSsFmW6cX0Zm2NVKpxE1WV1HblnghVv9TreireHkqI/VDEsfolRF1p6y7Q==",
+      "dependencies": {
+        "mdn-data": "2.0.14",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/postcss-svgo/node_modules/mdn-data": {
+      "version": "2.0.14",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz",
+      "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow=="
+    },
+    "node_modules/postcss-svgo/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/postcss-svgo/node_modules/svgo": {
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-2.8.0.tgz",
+      "integrity": "sha512-+N/Q9kV1+F+UeWYoSiULYo4xYSDQlTgb+ayMobAXPwMnLvop7oxKMo9OzIrX5x3eS4L4f2UHhc9axXwY8DpChg==",
+      "dependencies": {
+        "@trysound/sax": "0.2.0",
+        "commander": "^7.2.0",
+        "css-select": "^4.1.3",
+        "css-tree": "^1.1.3",
+        "csso": "^4.2.0",
+        "picocolors": "^1.0.0",
+        "stable": "^0.1.8"
+      },
+      "bin": {
+        "svgo": "bin/svgo"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/postcss-unique-selectors": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-5.1.1.tgz",
+      "integrity": "sha512-5JiODlELrz8L2HwxfPnhOWZYWDxVHWL83ufOv84NrcgipI7TaeRsatAhK4Tr2/ZiYldpK/wBvw5BD3qfaK96GA==",
+      "dependencies": {
+        "postcss-selector-parser": "^6.0.5"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/postcss-value-parser": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
+      "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
+    },
+    "node_modules/prelude-ls": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
+      "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/pretty-bytes": {
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.6.0.tgz",
+      "integrity": "sha512-FFw039TmrBqFK8ma/7OL3sDz/VytdtJr044/QUJtH0wK9lb9jLq9tJyIxUwtQJHwar2BqtiA4iCWSwo9JLkzFg==",
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/pretty-error": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/pretty-error/-/pretty-error-4.0.0.tgz",
+      "integrity": "sha512-AoJ5YMAcXKYxKhuJGdcvse+Voc6v1RgnsR3nWcYU7q4t6z0Q6T86sv5Zq8VIRbOWWFpvdGE83LtdSMNd+6Y0xw==",
+      "dependencies": {
+        "lodash": "^4.17.20",
+        "renderkid": "^3.0.0"
+      }
+    },
+    "node_modules/pretty-format": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz",
+      "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
+      "dependencies": {
+        "ansi-regex": "^5.0.1",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^17.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/prismjs": {
+      "version": "1.29.0",
+      "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz",
+      "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/process-nextick-args": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
+      "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
+    },
+    "node_modules/progress": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
+      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/promise": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/promise/-/promise-8.3.0.tgz",
+      "integrity": "sha512-rZPNPKTOYVNEEKFaq1HqTgOwZD+4/YHS5ukLzQCypkj+OkYx7iv0mA91lJlpPPZ8vMau3IIGj5Qlwrx+8iiSmg==",
+      "dependencies": {
+        "asap": "~2.0.6"
+      }
+    },
+    "node_modules/prompts": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz",
+      "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==",
+      "dependencies": {
+        "kleur": "^3.0.3",
+        "sisteransi": "^1.0.5"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/prop-types": {
+      "version": "15.8.1",
+      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
+      "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==",
+      "dependencies": {
+        "loose-envify": "^1.4.0",
+        "object-assign": "^4.1.1",
+        "react-is": "^16.13.1"
+      }
+    },
+    "node_modules/prop-types/node_modules/react-is": {
+      "version": "16.13.1",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+    },
+    "node_modules/property-information": {
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/property-information/-/property-information-5.6.0.tgz",
+      "integrity": "sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA==",
+      "dependencies": {
+        "xtend": "^4.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/proxy-addr/node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/psl": {
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz",
+      "integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag=="
+    },
+    "node_modules/punycode": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.0.tgz",
+      "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/q": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
+      "integrity": "sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw==",
+      "engines": {
+        "node": ">=0.6.0",
+        "teleport": ">=0.2.0"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.11.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
+      "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+      "dependencies": {
+        "side-channel": "^1.0.4"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/querystringify": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
+      "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ=="
+    },
+    "node_modules/queue-microtask": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
+      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/quick-lru": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz",
+      "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/raf": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/raf/-/raf-3.4.1.tgz",
+      "integrity": "sha512-Sq4CW4QhwOHE8ucn6J34MqtZCeWFP2aQSmrlroYgqAV1PjStIhJXxYuTgUIfkEk7zTLjmIjLmU5q+fbD1NnOJA==",
+      "dependencies": {
+        "performance-now": "^2.1.0"
+      }
+    },
+    "node_modules/randombytes": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
+      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
+      "dependencies": {
+        "safe-buffer": "^5.1.0"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "http-errors": "2.0.0",
+        "iconv-lite": "0.4.24",
+        "unpipe": "1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/raw-body/node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/raw-body/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/react": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react/-/react-18.2.0.tgz",
+      "integrity": "sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ==",
+      "dependencies": {
+        "loose-envify": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/react-app-polyfill": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/react-app-polyfill/-/react-app-polyfill-3.0.0.tgz",
+      "integrity": "sha512-sZ41cxiU5llIB003yxxQBYrARBqe0repqPTTYBTmMqTz9szeBbE37BehCE891NZsmdZqqP+xWKdT3eo3vOzN8w==",
+      "dependencies": {
+        "core-js": "^3.19.2",
+        "object-assign": "^4.1.1",
+        "promise": "^8.1.0",
+        "raf": "^3.4.1",
+        "regenerator-runtime": "^0.13.9",
+        "whatwg-fetch": "^3.6.2"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/react-dev-utils": {
+      "version": "12.0.1",
+      "resolved": "https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-12.0.1.tgz",
+      "integrity": "sha512-84Ivxmr17KjUupyqzFode6xKhjwuEJDROWKJy/BthkL7Wn6NJ8h4WE6k/exAv6ImS+0oZLRRW5j/aINMHyeGeQ==",
+      "dependencies": {
+        "@babel/code-frame": "^7.16.0",
+        "address": "^1.1.2",
+        "browserslist": "^4.18.1",
+        "chalk": "^4.1.2",
+        "cross-spawn": "^7.0.3",
+        "detect-port-alt": "^1.1.6",
+        "escape-string-regexp": "^4.0.0",
+        "filesize": "^8.0.6",
+        "find-up": "^5.0.0",
+        "fork-ts-checker-webpack-plugin": "^6.5.0",
+        "global-modules": "^2.0.0",
+        "globby": "^11.0.4",
+        "gzip-size": "^6.0.0",
+        "immer": "^9.0.7",
+        "is-root": "^2.1.0",
+        "loader-utils": "^3.2.0",
+        "open": "^8.4.0",
+        "pkg-up": "^3.1.0",
+        "prompts": "^2.4.2",
+        "react-error-overlay": "^6.0.11",
+        "recursive-readdir": "^2.2.2",
+        "shell-quote": "^1.7.3",
+        "strip-ansi": "^6.0.1",
+        "text-table": "^0.2.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/react-dev-utils/node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/loader-utils": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz",
+      "integrity": "sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==",
+      "engines": {
+        "node": ">= 12.13.0"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/react-dom": {
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.2.0.tgz",
+      "integrity": "sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g==",
+      "dependencies": {
+        "loose-envify": "^1.1.0",
+        "scheduler": "^0.23.0"
+      },
+      "peerDependencies": {
+        "react": "^18.2.0"
+      }
+    },
+    "node_modules/react-error-overlay": {
+      "version": "6.0.11",
+      "resolved": "https://registry.npmjs.org/react-error-overlay/-/react-error-overlay-6.0.11.tgz",
+      "integrity": "sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg=="
+    },
+    "node_modules/react-is": {
+      "version": "17.0.2",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
+      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w=="
+    },
+    "node_modules/react-refresh": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.11.0.tgz",
+      "integrity": "sha512-F27qZr8uUqwhWZboondsPx8tnC3Ct3SxZA3V5WyEvujRyyNv0VYPhoBg1gZ8/MV5tubQp76Trw8lTv9hzRBa+A==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/react-router": {
+      "version": "6.10.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.10.0.tgz",
+      "integrity": "sha512-Nrg0BWpQqrC3ZFFkyewrflCud9dio9ME3ojHCF/WLsprJVzkq3q3UeEhMCAW1dobjeGbWgjNn/PVF6m46ANxXQ==",
+      "dependencies": {
+        "@remix-run/router": "1.5.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "react": ">=16.8"
+      }
+    },
+    "node_modules/react-router-dom": {
+      "version": "6.10.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.10.0.tgz",
+      "integrity": "sha512-E5dfxRPuXKJqzwSe/qGcqdwa18QiWC6f3H3cWXM24qj4N0/beCIf/CWTipop2xm7mR0RCS99NnaqPNjHtrAzCg==",
+      "dependencies": {
+        "@remix-run/router": "1.5.0",
+        "react-router": "6.10.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "react": ">=16.8",
+        "react-dom": ">=16.8"
+      }
+    },
+    "node_modules/react-scripts": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/react-scripts/-/react-scripts-5.0.1.tgz",
+      "integrity": "sha512-8VAmEm/ZAwQzJ+GOMLbBsTdDKOpuZh7RPs0UymvBR2vRk4iZWCskjbFnxqjrzoIvlNNRZ3QJFx6/qDSi6zSnaQ==",
+      "dependencies": {
+        "@babel/core": "^7.16.0",
+        "@pmmmwh/react-refresh-webpack-plugin": "^0.5.3",
+        "@svgr/webpack": "^5.5.0",
+        "babel-jest": "^27.4.2",
+        "babel-loader": "^8.2.3",
+        "babel-plugin-named-asset-import": "^0.3.8",
+        "babel-preset-react-app": "^10.0.1",
+        "bfj": "^7.0.2",
+        "browserslist": "^4.18.1",
+        "camelcase": "^6.2.1",
+        "case-sensitive-paths-webpack-plugin": "^2.4.0",
+        "css-loader": "^6.5.1",
+        "css-minimizer-webpack-plugin": "^3.2.0",
+        "dotenv": "^10.0.0",
+        "dotenv-expand": "^5.1.0",
+        "eslint": "^8.3.0",
+        "eslint-config-react-app": "^7.0.1",
+        "eslint-webpack-plugin": "^3.1.1",
+        "file-loader": "^6.2.0",
+        "fs-extra": "^10.0.0",
+        "html-webpack-plugin": "^5.5.0",
+        "identity-obj-proxy": "^3.0.0",
+        "jest": "^27.4.3",
+        "jest-resolve": "^27.4.2",
+        "jest-watch-typeahead": "^1.0.0",
+        "mini-css-extract-plugin": "^2.4.5",
+        "postcss": "^8.4.4",
+        "postcss-flexbugs-fixes": "^5.0.2",
+        "postcss-loader": "^6.2.1",
+        "postcss-normalize": "^10.0.1",
+        "postcss-preset-env": "^7.0.1",
+        "prompts": "^2.4.2",
+        "react-app-polyfill": "^3.0.0",
+        "react-dev-utils": "^12.0.1",
+        "react-refresh": "^0.11.0",
+        "resolve": "^1.20.0",
+        "resolve-url-loader": "^4.0.0",
+        "sass-loader": "^12.3.0",
+        "semver": "^7.3.5",
+        "source-map-loader": "^3.0.0",
+        "style-loader": "^3.3.1",
+        "tailwindcss": "^3.0.2",
+        "terser-webpack-plugin": "^5.2.5",
+        "webpack": "^5.64.4",
+        "webpack-dev-server": "^4.6.0",
+        "webpack-manifest-plugin": "^4.0.2",
+        "workbox-webpack-plugin": "^6.4.1"
+      },
+      "bin": {
+        "react-scripts": "bin/react-scripts.js"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "^2.3.2"
+      },
+      "peerDependencies": {
+        "react": ">= 16",
+        "typescript": "^3.2.1 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/react-syntax-highlighter": {
+      "version": "15.5.0",
+      "resolved": "https://registry.npmjs.org/react-syntax-highlighter/-/react-syntax-highlighter-15.5.0.tgz",
+      "integrity": "sha512-+zq2myprEnQmH5yw6Gqc8lD55QHnpKaU8TOcFeC/Lg/MQSs8UknEA0JC4nTZGFAXC2J2Hyj/ijJ7NlabyPi2gg==",
+      "dependencies": {
+        "@babel/runtime": "^7.3.1",
+        "highlight.js": "^10.4.1",
+        "lowlight": "^1.17.0",
+        "prismjs": "^1.27.0",
+        "refractor": "^3.6.0"
+      },
+      "peerDependencies": {
+        "react": ">= 0.14.0"
+      }
+    },
+    "node_modules/react-transition-group": {
+      "version": "4.4.5",
+      "resolved": "https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz",
+      "integrity": "sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==",
+      "dependencies": {
+        "@babel/runtime": "^7.5.5",
+        "dom-helpers": "^5.0.1",
+        "loose-envify": "^1.4.0",
+        "prop-types": "^15.6.2"
+      },
+      "peerDependencies": {
+        "react": ">=16.6.0",
+        "react-dom": ">=16.6.0"
+      }
+    },
+    "node_modules/read-cache": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
+      "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==",
+      "dependencies": {
+        "pify": "^2.3.0"
+      }
+    },
+    "node_modules/readable-stream": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+      "dependencies": {
+        "inherits": "^2.0.3",
+        "string_decoder": "^1.1.1",
+        "util-deprecate": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/recursive-readdir": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-2.2.3.tgz",
+      "integrity": "sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA==",
+      "dependencies": {
+        "minimatch": "^3.0.5"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/redent": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
+      "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==",
+      "dependencies": {
+        "indent-string": "^4.0.0",
+        "strip-indent": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/refractor": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/refractor/-/refractor-3.6.0.tgz",
+      "integrity": "sha512-MY9W41IOWxxk31o+YvFCNyNzdkc9M20NoZK5vq6jkv4I/uh2zkWcfudj0Q1fovjUQJrNewS9NMzeTtqPf+n5EA==",
+      "dependencies": {
+        "hastscript": "^6.0.0",
+        "parse-entities": "^2.0.0",
+        "prismjs": "~1.27.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/refractor/node_modules/prismjs": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.27.0.tgz",
+      "integrity": "sha512-t13BGPUlFDR7wRB5kQDG4jjl7XeuH6jbJGt11JHPL96qwsEHNX2+68tFXqc1/k+/jALsbSWJKUOT/hcYAZ5LkA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/regenerate": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz",
+      "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A=="
+    },
+    "node_modules/regenerate-unicode-properties": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.0.tgz",
+      "integrity": "sha512-d1VudCLoIGitcU/hEg2QqvyGZQmdC0Lf8BqdOMXGFSvJP4bNV1+XqbPQeHHLD51Jh4QJJ225dlIFvY4Ly6MXmQ==",
+      "dependencies": {
+        "regenerate": "^1.4.2"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/regenerator-runtime": {
+      "version": "0.13.11",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz",
+      "integrity": "sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg=="
+    },
+    "node_modules/regenerator-transform": {
+      "version": "0.15.1",
+      "resolved": "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.1.tgz",
+      "integrity": "sha512-knzmNAcuyxV+gQCufkYcvOqX/qIIfHLv0u5x79kRxuGojfYVky1f15TzZEu2Avte8QGepvUNTnLskf8E6X6Vyg==",
+      "dependencies": {
+        "@babel/runtime": "^7.8.4"
+      }
+    },
+    "node_modules/regex-parser": {
+      "version": "2.2.11",
+      "resolved": "https://registry.npmjs.org/regex-parser/-/regex-parser-2.2.11.tgz",
+      "integrity": "sha512-jbD/FT0+9MBU2XAZluI7w2OBs1RBi6p9M83nkoZayQXXU9e8Robt69FcZc7wU4eJD/YFTjn1JdCk3rbMJajz8Q=="
+    },
+    "node_modules/regexp.prototype.flags": {
+      "version": "1.4.3",
+      "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz",
+      "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.3",
+        "functions-have-names": "^1.2.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/regexpp": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz",
+      "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==",
+      "dev": true,
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mysticatea"
+      }
+    },
+    "node_modules/regexpu-core": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz",
+      "integrity": "sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==",
+      "dependencies": {
+        "@babel/regjsgen": "^0.8.0",
+        "regenerate": "^1.4.2",
+        "regenerate-unicode-properties": "^10.1.0",
+        "regjsparser": "^0.9.1",
+        "unicode-match-property-ecmascript": "^2.0.0",
+        "unicode-match-property-value-ecmascript": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/regjsparser": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.9.1.tgz",
+      "integrity": "sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ==",
+      "dependencies": {
+        "jsesc": "~0.5.0"
+      },
+      "bin": {
+        "regjsparser": "bin/parser"
+      }
+    },
+    "node_modules/regjsparser/node_modules/jsesc": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz",
+      "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==",
+      "bin": {
+        "jsesc": "bin/jsesc"
+      }
+    },
+    "node_modules/relateurl": {
+      "version": "0.2.7",
+      "resolved": "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz",
+      "integrity": "sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog==",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/remove-accents": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/remove-accents/-/remove-accents-0.4.2.tgz",
+      "integrity": "sha512-7pXIJqJOq5tFgG1A2Zxti3Ht8jJF337m4sowbuHsW30ZnkQFnDzy9qBNhgzX8ZLW4+UBcXiiR7SwR6pokHsxiA=="
+    },
+    "node_modules/renderkid": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/renderkid/-/renderkid-3.0.0.tgz",
+      "integrity": "sha512-q/7VIQA8lmM1hF+jn+sFSPWGlMkSAeNYcPLmDQx2zzuiDfaLrOmumR8iaUKlenFgh0XRPIUeSPlH3A+AW3Z5pg==",
+      "dependencies": {
+        "css-select": "^4.1.3",
+        "dom-converter": "^0.2.0",
+        "htmlparser2": "^6.1.0",
+        "lodash": "^4.17.21",
+        "strip-ansi": "^6.0.1"
+      }
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/require-from-string": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
+      "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/requires-port": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
+      "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
+    },
+    "node_modules/resolve": {
+      "version": "1.22.1",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
+      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
+      "dependencies": {
+        "is-core-module": "^2.9.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/resolve-cwd": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz",
+      "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==",
+      "dependencies": {
+        "resolve-from": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/resolve-from": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
+      "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/resolve-url-loader": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-url-loader/-/resolve-url-loader-4.0.0.tgz",
+      "integrity": "sha512-05VEMczVREcbtT7Bz+C+96eUO5HDNvdthIiMB34t7FcF8ehcu4wC0sSgPUubs3XW2Q3CNLJk/BJrCU9wVRymiA==",
+      "dependencies": {
+        "adjust-sourcemap-loader": "^4.0.0",
+        "convert-source-map": "^1.7.0",
+        "loader-utils": "^2.0.0",
+        "postcss": "^7.0.35",
+        "source-map": "0.6.1"
+      },
+      "engines": {
+        "node": ">=8.9"
+      },
+      "peerDependencies": {
+        "rework": "1.0.1",
+        "rework-visit": "1.0.0"
+      },
+      "peerDependenciesMeta": {
+        "rework": {
+          "optional": true
+        },
+        "rework-visit": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/resolve-url-loader/node_modules/picocolors": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz",
+      "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA=="
+    },
+    "node_modules/resolve-url-loader/node_modules/postcss": {
+      "version": "7.0.39",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.39.tgz",
+      "integrity": "sha512-yioayjNbHn6z1/Bywyb2Y4s3yvDAeXGOyxqD+LnVOinq6Mdmd++SW2wUNVzavyyHxd6+DxzWGIuosg6P1Rj8uA==",
+      "dependencies": {
+        "picocolors": "^0.2.1",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/postcss/"
+      }
+    },
+    "node_modules/resolve-url-loader/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/resolve.exports": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz",
+      "integrity": "sha512-/NtpHNDN7jWhAaQ9BvBUYZ6YTXsRBgfqWFWP7BZBaoMJO/I3G5OFzvTuWNlZC3aPjins1F+TNrLKsGbH4rfsRQ==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/retry": {
+      "version": "0.13.1",
+      "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
+      "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/reusify": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "engines": {
+        "iojs": ">=1.0.0",
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/rewire": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/rewire/-/rewire-6.0.0.tgz",
+      "integrity": "sha512-7sZdz5dptqBCapJYocw9EcppLU62KMEqDLIILJnNET2iqzXHaQfaVP5SOJ06XvjX+dNIDJbzjw0ZWzrgDhtjYg==",
+      "dev": true,
+      "dependencies": {
+        "eslint": "^7.32.0"
+      }
+    },
+    "node_modules/rewire/node_modules/@babel/code-frame": {
+      "version": "7.12.11",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz",
+      "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==",
+      "dev": true,
+      "dependencies": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "node_modules/rewire/node_modules/@eslint/eslintrc": {
+      "version": "0.4.3",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
+      "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
+      "dev": true,
+      "dependencies": {
+        "ajv": "^6.12.4",
+        "debug": "^4.1.1",
+        "espree": "^7.3.0",
+        "globals": "^13.9.0",
+        "ignore": "^4.0.6",
+        "import-fresh": "^3.2.1",
+        "js-yaml": "^3.13.1",
+        "minimatch": "^3.0.4",
+        "strip-json-comments": "^3.1.1"
+      },
+      "engines": {
+        "node": "^10.12.0 || >=12.0.0"
+      }
+    },
+    "node_modules/rewire/node_modules/@humanwhocodes/config-array": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz",
+      "integrity": "sha512-FagtKFz74XrTl7y6HCzQpwDfXP0yhxe9lHLD1UZxjvZIcbyRz8zTFF/yYNfSfzU414eDwZ1SrO0Qvtyf+wFMQg==",
+      "dev": true,
+      "dependencies": {
+        "@humanwhocodes/object-schema": "^1.2.0",
+        "debug": "^4.1.1",
+        "minimatch": "^3.0.4"
+      },
+      "engines": {
+        "node": ">=10.10.0"
+      }
+    },
+    "node_modules/rewire/node_modules/acorn": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "dev": true,
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/rewire/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dev": true,
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/rewire/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/rewire/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/rewire/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dev": true,
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/rewire/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true
+    },
+    "node_modules/rewire/node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "dev": true,
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/rewire/node_modules/eslint": {
+      "version": "7.32.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz",
+      "integrity": "sha512-VHZ8gX+EDfz+97jGcgyGCyRia/dPOd6Xh9yPv8Bl1+SoaIwD+a/vlrOmGRUyOYu7MwUhc7CxqeaDZU13S4+EpA==",
+      "dev": true,
+      "dependencies": {
+        "@babel/code-frame": "7.12.11",
+        "@eslint/eslintrc": "^0.4.3",
+        "@humanwhocodes/config-array": "^0.5.0",
+        "ajv": "^6.10.0",
+        "chalk": "^4.0.0",
+        "cross-spawn": "^7.0.2",
+        "debug": "^4.0.1",
+        "doctrine": "^3.0.0",
+        "enquirer": "^2.3.5",
+        "escape-string-regexp": "^4.0.0",
+        "eslint-scope": "^5.1.1",
+        "eslint-utils": "^2.1.0",
+        "eslint-visitor-keys": "^2.0.0",
+        "espree": "^7.3.1",
+        "esquery": "^1.4.0",
+        "esutils": "^2.0.2",
+        "fast-deep-equal": "^3.1.3",
+        "file-entry-cache": "^6.0.1",
+        "functional-red-black-tree": "^1.0.1",
+        "glob-parent": "^5.1.2",
+        "globals": "^13.6.0",
+        "ignore": "^4.0.6",
+        "import-fresh": "^3.0.0",
+        "imurmurhash": "^0.1.4",
+        "is-glob": "^4.0.0",
+        "js-yaml": "^3.13.1",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.4.1",
+        "lodash.merge": "^4.6.2",
+        "minimatch": "^3.0.4",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.9.1",
+        "progress": "^2.0.0",
+        "regexpp": "^3.1.0",
+        "semver": "^7.2.1",
+        "strip-ansi": "^6.0.0",
+        "strip-json-comments": "^3.1.0",
+        "table": "^6.0.9",
+        "text-table": "^0.2.0",
+        "v8-compile-cache": "^2.0.3"
+      },
+      "bin": {
+        "eslint": "bin/eslint.js"
+      },
+      "engines": {
+        "node": "^10.12.0 || >=12.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/rewire/node_modules/eslint-scope": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
+      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
+      "dev": true,
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/rewire/node_modules/eslint-visitor-keys": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz",
+      "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==",
+      "dev": true,
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/rewire/node_modules/espree": {
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz",
+      "integrity": "sha512-v3JCNCE64umkFpmkFGqzVKsOT0tN1Zr+ueqLZfpV1Ob8e+CEgPWa+OxCoGH3tnhimMKIaBm4m/vaRpJ/krRz2g==",
+      "dev": true,
+      "dependencies": {
+        "acorn": "^7.4.0",
+        "acorn-jsx": "^5.3.1",
+        "eslint-visitor-keys": "^1.3.0"
+      },
+      "engines": {
+        "node": "^10.12.0 || >=12.0.0"
+      }
+    },
+    "node_modules/rewire/node_modules/espree/node_modules/eslint-visitor-keys": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
+      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/rewire/node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "dev": true,
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/rewire/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/rewire/node_modules/globals": {
+      "version": "13.20.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
+      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "dev": true,
+      "dependencies": {
+        "type-fest": "^0.20.2"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/rewire/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/rewire/node_modules/ignore": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
+      "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
+      "dev": true,
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/rewire/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dev": true,
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/rewire/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/rewire/node_modules/type-fest": {
+      "version": "0.20.2",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
+      "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "dependencies": {
+        "glob": "^7.1.3"
+      },
+      "bin": {
+        "rimraf": "bin.js"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "2.79.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.1.tgz",
+      "integrity": "sha512-uKxbd0IhMZOhjAiD5oAFp7BqvkA4Dv47qpOCtaNvng4HBwdbWtdOh8f5nZNuk2rp51PMGk3bzfWu5oayNEuYnw==",
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/rollup-plugin-terser": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/rollup-plugin-terser/-/rollup-plugin-terser-7.0.2.tgz",
+      "integrity": "sha512-w3iIaU4OxcF52UUXiZNsNeuXIMDvFrr+ZXK6bFZ0Q60qyVfq4uLptoS4bbq3paG3x216eQllFZX7zt6TIImguQ==",
+      "deprecated": "This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser",
+      "dependencies": {
+        "@babel/code-frame": "^7.10.4",
+        "jest-worker": "^26.2.1",
+        "serialize-javascript": "^4.0.0",
+        "terser": "^5.0.0"
+      },
+      "peerDependencies": {
+        "rollup": "^2.0.0"
+      }
+    },
+    "node_modules/rollup-plugin-terser/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/rollup-plugin-terser/node_modules/jest-worker": {
+      "version": "26.6.2",
+      "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz",
+      "integrity": "sha512-KWYVV1c4i+jbMpaBC+U++4Va0cp8OisU185o73T1vo99hqi7w8tSJfUXYswwqqrjzwxa6KpRK54WhPvwf5w6PQ==",
+      "dependencies": {
+        "@types/node": "*",
+        "merge-stream": "^2.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      }
+    },
+    "node_modules/rollup-plugin-terser/node_modules/serialize-javascript": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-4.0.0.tgz",
+      "integrity": "sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==",
+      "dependencies": {
+        "randombytes": "^2.1.0"
+      }
+    },
+    "node_modules/rollup-plugin-terser/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/run-parallel": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
+      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "dependencies": {
+        "queue-microtask": "^1.2.2"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/safe-regex-test": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz",
+      "integrity": "sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.1.3",
+        "is-regex": "^1.1.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "node_modules/sanitize.css": {
+      "version": "13.0.0",
+      "resolved": "https://registry.npmjs.org/sanitize.css/-/sanitize.css-13.0.0.tgz",
+      "integrity": "sha512-ZRwKbh/eQ6w9vmTjkuG0Ioi3HBwPFce0O+v//ve+aOq1oeCy7jMV2qzzAlpsNuqpqCBjjriM1lbtZbF/Q8jVyA=="
+    },
+    "node_modules/sass-loader": {
+      "version": "12.6.0",
+      "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-12.6.0.tgz",
+      "integrity": "sha512-oLTaH0YCtX4cfnJZxKSLAyglED0naiYfNG1iXfU5w1LNZ+ukoA5DtyDIN5zmKVZwYNJP4KRc5Y3hkWga+7tYfA==",
+      "dependencies": {
+        "klona": "^2.0.4",
+        "neo-async": "^2.6.2"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "fibers": ">= 3.1.0",
+        "node-sass": "^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0",
+        "sass": "^1.3.0",
+        "sass-embedded": "*",
+        "webpack": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "fibers": {
+          "optional": true
+        },
+        "node-sass": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "node_modules/saxes": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/saxes/-/saxes-5.0.1.tgz",
+      "integrity": "sha512-5LBh1Tls8c9xgGjw3QrMwETmTMVk0oFgvrFSvWx62llR2hcEInrKNZ2GZCCuuy2lvWrdl5jhbpeqc5hRYKFOcw==",
+      "dependencies": {
+        "xmlchars": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/scheduler": {
+      "version": "0.23.0",
+      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.0.tgz",
+      "integrity": "sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw==",
+      "dependencies": {
+        "loose-envify": "^1.1.0"
+      }
+    },
+    "node_modules/schema-utils": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.1.tgz",
+      "integrity": "sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.8",
+        "ajv": "^6.12.5",
+        "ajv-keywords": "^3.5.2"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/select-hose": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/select-hose/-/select-hose-2.0.0.tgz",
+      "integrity": "sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg=="
+    },
+    "node_modules/selfsigned": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.1.1.tgz",
+      "integrity": "sha512-GSL3aowiF7wa/WtSFwnUrludWFoNhftq8bUkH9pkzjpN2XSPOAYEgg6e0sS9s0rZwgJzJiQRPU18A6clnoW5wQ==",
+      "dependencies": {
+        "node-forge": "^1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/semver": {
+      "version": "7.3.8",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
+      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/semver/node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/semver/node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
+    },
+    "node_modules/send": {
+      "version": "0.18.0",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
+      "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "0.5.2",
+        "http-errors": "2.0.0",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "2.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/send/node_modules/debug/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/serialize-javascript": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.1.tgz",
+      "integrity": "sha512-owoXEFjWRllis8/M1Q+Cw5k8ZH40e3zhp/ovX+Xr/vi1qj6QesbyXXViFbpNvWvPNAD62SutwEXavefrLJWj7w==",
+      "dependencies": {
+        "randombytes": "^2.1.0"
+      }
+    },
+    "node_modules/serve-index": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz",
+      "integrity": "sha512-pXHfKNP4qujrtteMrSBb0rc8HJ9Ms/GrXwcUtUtD5s4ewDJI8bT3Cz2zTVRMKtri49pLx2e0Ya8ziP5Ya2pZZw==",
+      "dependencies": {
+        "accepts": "~1.3.4",
+        "batch": "0.6.1",
+        "debug": "2.6.9",
+        "escape-html": "~1.0.3",
+        "http-errors": "~1.6.2",
+        "mime-types": "~2.1.17",
+        "parseurl": "~1.3.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/serve-index/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/serve-index/node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/serve-index/node_modules/http-errors": {
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
+      "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.3",
+        "setprototypeof": "1.1.0",
+        "statuses": ">= 1.4.0 < 2"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/serve-index/node_modules/inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw=="
+    },
+    "node_modules/serve-index/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+    },
+    "node_modules/serve-index/node_modules/setprototypeof": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz",
+      "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ=="
+    },
+    "node_modules/serve-index/node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/serve-static": {
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz",
+      "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==",
+      "dependencies": {
+        "encodeurl": "~1.0.2",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "0.18.0"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shell-quote": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.0.tgz",
+      "integrity": "sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
+      "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+      "dependencies": {
+        "call-bind": "^1.0.0",
+        "get-intrinsic": "^1.0.2",
+        "object-inspect": "^1.9.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/signal-exit": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
+      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ=="
+    },
+    "node_modules/sisteransi": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
+      "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="
+    },
+    "node_modules/slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/slice-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz",
+      "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "astral-regex": "^2.0.0",
+        "is-fullwidth-code-point": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "node_modules/slice-ansi/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dev": true,
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/slice-ansi/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dev": true,
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/slice-ansi/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true
+    },
+    "node_modules/sockjs": {
+      "version": "0.3.24",
+      "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz",
+      "integrity": "sha512-GJgLTZ7vYb/JtPSSZ10hsOYIvEYsjbNU+zPdIHcUaWVNUEPivzxku31865sSSud0Da0W4lEeOPlmw93zLQchuQ==",
+      "dependencies": {
+        "faye-websocket": "^0.11.3",
+        "uuid": "^8.3.2",
+        "websocket-driver": "^0.7.4"
+      }
+    },
+    "node_modules/sort-by": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/sort-by/-/sort-by-1.2.0.tgz",
+      "integrity": "sha512-aRyW65r3xMnf4nxJRluCg0H/woJpksU1dQxRtXYzau30sNBOmf5HACpDd9MZDhKh7ALQ5FgSOfMPwZEtUmMqcg==",
+      "dependencies": {
+        "object-path": "0.6.0"
+      }
+    },
+    "node_modules/source-list-map": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/source-list-map/-/source-list-map-2.0.1.tgz",
+      "integrity": "sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw=="
+    },
+    "node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
+      "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/source-map-loader": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/source-map-loader/-/source-map-loader-3.0.2.tgz",
+      "integrity": "sha512-BokxPoLjyl3iOrgkWaakaxqnelAJSS+0V+De0kKIq6lyWrXuiPgYTGp6z3iHmqljKAaLXwZa+ctD8GccRJeVvg==",
+      "dependencies": {
+        "abab": "^2.0.5",
+        "iconv-lite": "^0.6.3",
+        "source-map-js": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/source-map-support": {
+      "version": "0.5.21",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
+      "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "source-map": "^0.6.0"
+      }
+    },
+    "node_modules/source-map-support/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/sourcemap-codec": {
+      "version": "1.4.8",
+      "resolved": "https://registry.npmjs.org/sourcemap-codec/-/sourcemap-codec-1.4.8.tgz",
+      "integrity": "sha512-9NykojV5Uih4lgo5So5dtw+f0JgJX30KCNI8gwhz2J9A15wD0Ml6tjHKwf6fTSa6fAdVBdZeNOs9eJ71qCk8vA==",
+      "deprecated": "Please use @jridgewell/sourcemap-codec instead"
+    },
+    "node_modules/space-separated-tokens": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-1.1.5.tgz",
+      "integrity": "sha512-q/JSVd1Lptzhf5bkYm4ob4iWPjx0KiRe3sRFBNrVqbJkFaBm5vbbowy1mymoPNLRa52+oadOhJ+K49wsSeSjTA==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/spdy": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/spdy/-/spdy-4.0.2.tgz",
+      "integrity": "sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==",
+      "dependencies": {
+        "debug": "^4.1.0",
+        "handle-thing": "^2.0.0",
+        "http-deceiver": "^1.2.7",
+        "select-hose": "^2.0.0",
+        "spdy-transport": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/spdy-transport": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdy-transport/-/spdy-transport-3.0.0.tgz",
+      "integrity": "sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw==",
+      "dependencies": {
+        "debug": "^4.1.0",
+        "detect-node": "^2.0.4",
+        "hpack.js": "^2.1.6",
+        "obuf": "^1.1.2",
+        "readable-stream": "^3.0.6",
+        "wbuf": "^1.7.3"
+      }
+    },
+    "node_modules/sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g=="
+    },
+    "node_modules/stable": {
+      "version": "0.1.8",
+      "resolved": "https://registry.npmjs.org/stable/-/stable-0.1.8.tgz",
+      "integrity": "sha512-ji9qxRnOVfcuLDySj9qzhGSEFVobyt1kIOSkj1qZzYLzq7Tos/oUUWvotUPQLlrsidqsK6tBH89Bc9kL5zHA6w==",
+      "deprecated": "Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility"
+    },
+    "node_modules/stack-utils": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz",
+      "integrity": "sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==",
+      "dependencies": {
+        "escape-string-regexp": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/stack-utils/node_modules/escape-string-regexp": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz",
+      "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/stackframe": {
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/stackframe/-/stackframe-1.3.4.tgz",
+      "integrity": "sha512-oeVtt7eWQS+Na6F//S4kJ2K2VbRlS9D43mAlMyVpVWovy9o+jfgH8O9agzANzaiLjclA0oYzUXEM4PurhSUChw=="
+    },
+    "node_modules/statuses": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
+      "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/stop-iteration-iterator": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/stop-iteration-iterator/-/stop-iteration-iterator-1.0.0.tgz",
+      "integrity": "sha512-iCGQj+0l0HOdZ2AEeBADlsRC+vsnDsZsbdSiH1yNSjcfKM7fdpCMfqAL/dwF5BLiw/XhRft/Wax6zQbhq2BcjQ==",
+      "dependencies": {
+        "internal-slot": "^1.0.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/string_decoder": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+      "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+      "dependencies": {
+        "safe-buffer": "~5.2.0"
+      }
+    },
+    "node_modules/string-length": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz",
+      "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==",
+      "dependencies": {
+        "char-regex": "^1.0.2",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/string-natural-compare": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/string-natural-compare/-/string-natural-compare-3.0.1.tgz",
+      "integrity": "sha512-n3sPwynL1nwKi3WJ6AIsClwBMa0zTi54fn2oLU6ndfTSIO05xaznjSf15PcBZU6FNWbmN5Q6cxT4V5hGvB4taw=="
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+    },
+    "node_modules/string.prototype.matchall": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/string.prototype.matchall/-/string.prototype.matchall-4.0.8.tgz",
+      "integrity": "sha512-6zOCOcJ+RJAQshcTvXPHoxoQGONa3e/Lqx90wUA+wEzX78sg5Bo+1tQo4N0pohS0erG9qtCqJDjNCQBjeWVxyg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "get-intrinsic": "^1.1.3",
+        "has-symbols": "^1.0.3",
+        "internal-slot": "^1.0.3",
+        "regexp.prototype.flags": "^1.4.3",
+        "side-channel": "^1.0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/string.prototype.trim": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.7.tgz",
+      "integrity": "sha512-p6TmeT1T3411M8Cgg9wBTMRtY2q9+PNy9EV1i2lIXUN/btt763oIfxwN3RR8VU6wHX8j/1CFy0L+YuThm6bgOg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/string.prototype.trimend": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz",
+      "integrity": "sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/string.prototype.trimstart": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz",
+      "integrity": "sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/stringify-object": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz",
+      "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==",
+      "dependencies": {
+        "get-own-enumerable-property-symbols": "^3.0.0",
+        "is-obj": "^1.0.1",
+        "is-regexp": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-bom": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz",
+      "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-comments/-/strip-comments-2.0.1.tgz",
+      "integrity": "sha512-ZprKx+bBLXv067WTCALv8SSz5l2+XhpYCsVtSqlMnkAXMWDq+/ekVbl1ghqP9rUHTzv6sm/DwCOiYutU/yp1fw==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/strip-final-newline": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz",
+      "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/strip-indent": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz",
+      "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==",
+      "dependencies": {
+        "min-indent": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/style-loader": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/style-loader/-/style-loader-3.3.2.tgz",
+      "integrity": "sha512-RHs/vcrKdQK8wZliteNK4NKzxvLBzpuHMqYmUVWeKa6MkaIQ97ZTOS0b+zapZhy6GcrgWnvWYCMHRirC3FsUmw==",
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.0.0"
+      }
+    },
+    "node_modules/stylehacks": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/stylehacks/-/stylehacks-5.1.1.tgz",
+      "integrity": "sha512-sBpcd5Hx7G6seo7b1LkpttvTz7ikD0LlH5RmdcBNb6fFR0Fl7LQwHDFr300q4cwUqi+IYrFGmsIHieMBfnN/Bw==",
+      "dependencies": {
+        "browserslist": "^4.21.4",
+        "postcss-selector-parser": "^6.0.4"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.2.15"
+      }
+    },
+    "node_modules/stylis": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.1.3.tgz",
+      "integrity": "sha512-GP6WDNWf+o403jrEp9c5jibKavrtLW+/qYGhFxFrG8maXhwTBI7gLLhiBb0o7uFccWN+EOS9aMO6cGHWAO07OA=="
+    },
+    "node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/supports-hyperlinks": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz",
+      "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==",
+      "dependencies": {
+        "has-flag": "^4.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-hyperlinks/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-hyperlinks/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
+      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/svg-parser": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/svg-parser/-/svg-parser-2.0.4.tgz",
+      "integrity": "sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ=="
+    },
+    "node_modules/svgo": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.3.2.tgz",
+      "integrity": "sha512-yhy/sQYxR5BkC98CY7o31VGsg014AKLEPxdfhora76l36hD9Rdy5NZA/Ocn6yayNPgSamYdtX2rFJdcv07AYVw==",
+      "deprecated": "This SVGO version is no longer supported. Upgrade to v2.x.x.",
+      "dependencies": {
+        "chalk": "^2.4.1",
+        "coa": "^2.0.2",
+        "css-select": "^2.0.0",
+        "css-select-base-adapter": "^0.1.1",
+        "css-tree": "1.0.0-alpha.37",
+        "csso": "^4.0.2",
+        "js-yaml": "^3.13.1",
+        "mkdirp": "~0.5.1",
+        "object.values": "^1.1.0",
+        "sax": "~1.2.4",
+        "stable": "^0.1.8",
+        "unquote": "~1.1.1",
+        "util.promisify": "~1.0.0"
+      },
+      "bin": {
+        "svgo": "bin/svgo"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/svgo/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/svgo/node_modules/css-select": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz",
+      "integrity": "sha512-Dqk7LQKpwLoH3VovzZnkzegqNSuAziQyNZUcrdDM401iY+R5NkGBXGmtO05/yaXQziALuPogeG0b7UAgjnTJTQ==",
+      "dependencies": {
+        "boolbase": "^1.0.0",
+        "css-what": "^3.2.1",
+        "domutils": "^1.7.0",
+        "nth-check": "^1.0.2"
+      }
+    },
+    "node_modules/svgo/node_modules/css-what": {
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz",
+      "integrity": "sha512-ACUm3L0/jiZTqfzRM3Hi9Q8eZqd6IK37mMWPLz9PJxkLWllYeRf+EHUSHYEtFop2Eqytaq1FizFVh7XfBnXCDQ==",
+      "engines": {
+        "node": ">= 6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/svgo/node_modules/dom-serializer": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-0.2.2.tgz",
+      "integrity": "sha512-2/xPb3ORsQ42nHYiSunXkDjPLBaEj/xTwUO4B7XCZQTRk7EBtTOPaygh10YAAh2OI1Qrp6NWfpAhzswj0ydt9g==",
+      "dependencies": {
+        "domelementtype": "^2.0.1",
+        "entities": "^2.0.0"
+      }
+    },
+    "node_modules/svgo/node_modules/domutils": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.7.0.tgz",
+      "integrity": "sha512-Lgd2XcJ/NjEw+7tFvfKxOzCYKZsdct5lczQ2ZaQY8Djz7pfAD3Gbp8ySJWtreII/vDlMVmxwa6pHmdxIYgttDg==",
+      "dependencies": {
+        "dom-serializer": "0",
+        "domelementtype": "1"
+      }
+    },
+    "node_modules/svgo/node_modules/domutils/node_modules/domelementtype": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz",
+      "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w=="
+    },
+    "node_modules/svgo/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/svgo/node_modules/nth-check": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz",
+      "integrity": "sha512-WeBOdju8SnzPN5vTUJYxYUxLeXpCaVP5i5e0LF8fg7WORF2Wd7wFX/pk0tYZk7s8T+J7VLy0Da6J1+wCT0AtHg==",
+      "dependencies": {
+        "boolbase": "~1.0.0"
+      }
+    },
+    "node_modules/symbol-tree": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
+      "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw=="
+    },
+    "node_modules/table": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/table/-/table-6.8.1.tgz",
+      "integrity": "sha512-Y4X9zqrCftUhMeH2EptSSERdVKt/nEdijTOacGD/97EKjhQ/Qs8RTlEGABSJNNN8lac9kheH+af7yAkEWlgneA==",
+      "dev": true,
+      "dependencies": {
+        "ajv": "^8.0.1",
+        "lodash.truncate": "^4.4.2",
+        "slice-ansi": "^4.0.0",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/table/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dev": true,
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/table/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
+      "dev": true
+    },
+    "node_modules/tailwindcss": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.2.7.tgz",
+      "integrity": "sha512-B6DLqJzc21x7wntlH/GsZwEXTBttVSl1FtCzC8WP4oBc/NKef7kaax5jeihkkCEWc831/5NDJ9gRNDK6NEioQQ==",
+      "dependencies": {
+        "arg": "^5.0.2",
+        "chokidar": "^3.5.3",
+        "color-name": "^1.1.4",
+        "detective": "^5.2.1",
+        "didyoumean": "^1.2.2",
+        "dlv": "^1.1.3",
+        "fast-glob": "^3.2.12",
+        "glob-parent": "^6.0.2",
+        "is-glob": "^4.0.3",
+        "lilconfig": "^2.0.6",
+        "micromatch": "^4.0.5",
+        "normalize-path": "^3.0.0",
+        "object-hash": "^3.0.0",
+        "picocolors": "^1.0.0",
+        "postcss": "^8.0.9",
+        "postcss-import": "^14.1.0",
+        "postcss-js": "^4.0.0",
+        "postcss-load-config": "^3.1.4",
+        "postcss-nested": "6.0.0",
+        "postcss-selector-parser": "^6.0.11",
+        "postcss-value-parser": "^4.2.0",
+        "quick-lru": "^5.1.1",
+        "resolve": "^1.22.1"
+      },
+      "bin": {
+        "tailwind": "lib/cli.js",
+        "tailwindcss": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=12.13.0"
+      },
+      "peerDependencies": {
+        "postcss": "^8.0.9"
+      }
+    },
+    "node_modules/tailwindcss/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/tapable": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
+      "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/temp-dir": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/temp-dir/-/temp-dir-2.0.0.tgz",
+      "integrity": "sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/tempy": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tempy/-/tempy-0.6.0.tgz",
+      "integrity": "sha512-G13vtMYPT/J8A4X2SjdtBTphZlrp1gKv6hZiOjw14RCWg6GbHuQBGtjlx75xLbYV/wEc0D7G5K4rxKP/cXk8Bw==",
+      "dependencies": {
+        "is-stream": "^2.0.0",
+        "temp-dir": "^2.0.0",
+        "type-fest": "^0.16.0",
+        "unique-string": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/tempy/node_modules/type-fest": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.16.0.tgz",
+      "integrity": "sha512-eaBzG6MxNzEn9kiwvtre90cXaNLkmadMWa1zQMs3XORCXNbsH/OewwbxC5ia9dCxIxnTAsSxXJaa/p5y8DlvJg==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/terminal-link": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz",
+      "integrity": "sha512-un0FmiRUQNr5PJqy9kP7c40F5BOfpGlYTrxonDChEZB7pzZxRNp/bt+ymiy9/npwXya9KH99nJ/GXFIiUkYGFQ==",
+      "dependencies": {
+        "ansi-escapes": "^4.2.1",
+        "supports-hyperlinks": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/terser": {
+      "version": "5.16.6",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.16.6.tgz",
+      "integrity": "sha512-IBZ+ZQIA9sMaXmRZCUMDjNH0D5AQQfdn4WUjHL0+1lF4TP1IHRJbrhb6fNaXWikrYQTSkb7SLxkeXAiy1p7mbg==",
+      "dependencies": {
+        "@jridgewell/source-map": "^0.3.2",
+        "acorn": "^8.5.0",
+        "commander": "^2.20.0",
+        "source-map-support": "~0.5.20"
+      },
+      "bin": {
+        "terser": "bin/terser"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/terser-webpack-plugin": {
+      "version": "5.3.7",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.7.tgz",
+      "integrity": "sha512-AfKwIktyP7Cu50xNjXF/6Qb5lBNzYaWpU6YfoX3uZicTx0zTy0stDDCsvjDapKsSDvOeWo5MEq4TmdBy2cNoHw==",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.17",
+        "jest-worker": "^27.4.5",
+        "schema-utils": "^3.1.1",
+        "serialize-javascript": "^6.0.1",
+        "terser": "^5.16.5"
+      },
+      "engines": {
+        "node": ">= 10.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^5.1.0"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "esbuild": {
+          "optional": true
+        },
+        "uglify-js": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/terser/node_modules/commander": {
+      "version": "2.20.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
+    },
+    "node_modules/test-exclude": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz",
+      "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==",
+      "dependencies": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^7.1.4",
+        "minimatch": "^3.0.4"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/text-table": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
+      "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw=="
+    },
+    "node_modules/throat": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/throat/-/throat-6.0.2.tgz",
+      "integrity": "sha512-WKexMoJj3vEuK0yFEapj8y64V0A6xcuPuK9Gt1d0R+dzCSJc0lHqQytAbSB4cDAK0dWh4T0E2ETkoLE2WZ41OQ=="
+    },
+    "node_modules/thunky": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz",
+      "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA=="
+    },
+    "node_modules/tmpl": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz",
+      "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw=="
+    },
+    "node_modules/to-fast-properties": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
+      "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/tough-cookie": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.2.tgz",
+      "integrity": "sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==",
+      "dependencies": {
+        "psl": "^1.1.33",
+        "punycode": "^2.1.1",
+        "universalify": "^0.2.0",
+        "url-parse": "^1.5.3"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/tough-cookie/node_modules/universalify": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz",
+      "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/tr46": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz",
+      "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==",
+      "dependencies": {
+        "punycode": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/tryer": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz",
+      "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA=="
+    },
+    "node_modules/tsconfig-paths": {
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz",
+      "integrity": "sha512-o/9iXgCYc5L/JxCHPe3Hvh8Q/2xm5Z+p18PESBU6Ff33695QnCHBEjcytY2q19ua7Mbl/DavtBOLq+oG0RCL+g==",
+      "dependencies": {
+        "@types/json5": "^0.0.29",
+        "json5": "^1.0.2",
+        "minimist": "^1.2.6",
+        "strip-bom": "^3.0.0"
+      }
+    },
+    "node_modules/tsconfig-paths/node_modules/json5": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+      "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
+      "dependencies": {
+        "minimist": "^1.2.0"
+      },
+      "bin": {
+        "json5": "lib/cli.js"
+      }
+    },
+    "node_modules/tsconfig-paths/node_modules/strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
+      "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
+    },
+    "node_modules/tsutils": {
+      "version": "3.21.0",
+      "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz",
+      "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==",
+      "dependencies": {
+        "tslib": "^1.8.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      },
+      "peerDependencies": {
+        "typescript": ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta"
+      }
+    },
+    "node_modules/tsutils/node_modules/tslib": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
+      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
+    },
+    "node_modules/type-check": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
+      "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==",
+      "dependencies": {
+        "prelude-ls": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/type-detect": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
+      "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/type-fest": {
+      "version": "0.21.3",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz",
+      "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typed-array-length": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.4.tgz",
+      "integrity": "sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "for-each": "^0.3.3",
+        "is-typed-array": "^1.1.9"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/typedarray-to-buffer": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz",
+      "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==",
+      "dependencies": {
+        "is-typedarray": "^1.0.0"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "4.9.5",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz",
+      "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=4.2.0"
+      }
+    },
+    "node_modules/unbox-primitive": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz",
+      "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-bigints": "^1.0.2",
+        "has-symbols": "^1.0.3",
+        "which-boxed-primitive": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/unicode-canonical-property-names-ecmascript": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz",
+      "integrity": "sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-match-property-ecmascript": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz",
+      "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==",
+      "dependencies": {
+        "unicode-canonical-property-names-ecmascript": "^2.0.0",
+        "unicode-property-aliases-ecmascript": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-match-property-value-ecmascript": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz",
+      "integrity": "sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unicode-property-aliases-ecmascript": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz",
+      "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/unique-string": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-2.0.0.tgz",
+      "integrity": "sha512-uNaeirEPvpZWSgzwsPGtU2zVSTrn/8L5q/IexZmH0eH6SA73CmAA5U4GwORTxQAZs95TAXLNqeLoPPNO5gZfWg==",
+      "dependencies": {
+        "crypto-random-string": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/universalify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
+      "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/unquote": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/unquote/-/unquote-1.1.1.tgz",
+      "integrity": "sha512-vRCqFv6UhXpWxZPyGDh/F3ZpNv8/qo7w6iufLpQg9aKnQ71qM4B5KiI7Mia9COcjEhrO9LueHpMYjYzsWH3OIg=="
+    },
+    "node_modules/upath": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz",
+      "integrity": "sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg==",
+      "engines": {
+        "node": ">=4",
+        "yarn": "*"
+      }
+    },
+    "node_modules/update-browserslist-db": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.10.tgz",
+      "integrity": "sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        }
+      ],
+      "dependencies": {
+        "escalade": "^3.1.1",
+        "picocolors": "^1.0.0"
+      },
+      "bin": {
+        "browserslist-lint": "cli.js"
+      },
+      "peerDependencies": {
+        "browserslist": ">= 4.21.0"
+      }
+    },
+    "node_modules/uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "dependencies": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "node_modules/url-parse": {
+      "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz",
+      "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==",
+      "dependencies": {
+        "querystringify": "^2.1.1",
+        "requires-port": "^1.0.0"
+      }
+    },
+    "node_modules/util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
+    },
+    "node_modules/util.promisify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz",
+      "integrity": "sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==",
+      "dependencies": {
+        "define-properties": "^1.1.3",
+        "es-abstract": "^1.17.2",
+        "has-symbols": "^1.0.1",
+        "object.getownpropertydescriptors": "^2.1.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/utila": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/utila/-/utila-0.4.0.tgz",
+      "integrity": "sha512-Z0DbgELS9/L/75wZbro8xAnT50pBVFQZ+hUEueGDU5FN51YSCYM+jdxsfCiHjwNP/4LCDD0i/graKpeBnOXKRA=="
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/uuid": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
+    "node_modules/v8-compile-cache": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz",
+      "integrity": "sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==",
+      "dev": true
+    },
+    "node_modules/v8-to-istanbul": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-8.1.1.tgz",
+      "integrity": "sha512-FGtKtv3xIpR6BYhvgH8MI/y78oT7d8Au3ww4QIxymrCtZEh5b8gCw2siywE+puhEmuWKDtmfrvF5UlB298ut3w==",
+      "dependencies": {
+        "@types/istanbul-lib-coverage": "^2.0.1",
+        "convert-source-map": "^1.6.0",
+        "source-map": "^0.7.3"
+      },
+      "engines": {
+        "node": ">=10.12.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/w3c-hr-time": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz",
+      "integrity": "sha512-z8P5DvDNjKDoFIHK7q8r8lackT6l+jo/Ye3HOle7l9nICP9lf1Ci25fy9vHd0JOWewkIFzXIEig3TdKT7JQ5fQ==",
+      "deprecated": "Use your platform's native performance.now() and performance.timeOrigin.",
+      "dependencies": {
+        "browser-process-hrtime": "^1.0.0"
+      }
+    },
+    "node_modules/w3c-xmlserializer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-2.0.0.tgz",
+      "integrity": "sha512-4tzD0mF8iSiMiNs30BiLO3EpfGLZUT2MSX/G+o7ZywDzliWQ3OPtTZ0PTC3B3ca1UAf4cJMHB+2Bf56EriJuRA==",
+      "dependencies": {
+        "xml-name-validator": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/walker": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz",
+      "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==",
+      "dependencies": {
+        "makeerror": "1.0.12"
+      }
+    },
+    "node_modules/watchpack": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.0.tgz",
+      "integrity": "sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg==",
+      "dependencies": {
+        "glob-to-regexp": "^0.4.1",
+        "graceful-fs": "^4.1.2"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/wbuf": {
+      "version": "1.7.3",
+      "resolved": "https://registry.npmjs.org/wbuf/-/wbuf-1.7.3.tgz",
+      "integrity": "sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA==",
+      "dependencies": {
+        "minimalistic-assert": "^1.0.0"
+      }
+    },
+    "node_modules/web-vitals": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/web-vitals/-/web-vitals-2.1.4.tgz",
+      "integrity": "sha512-sVWcwhU5mX6crfI5Vd2dC4qchyTqxV8URinzt25XqVh+bHEPGH4C3NPrNionCP7Obx59wrYEbNlw4Z8sjALzZg=="
+    },
+    "node_modules/webidl-conversions": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz",
+      "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==",
+      "engines": {
+        "node": ">=10.4"
+      }
+    },
+    "node_modules/webpack": {
+      "version": "5.76.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.2.tgz",
+      "integrity": "sha512-Th05ggRm23rVzEOlX8y67NkYCHa9nTNcwHPBhdg+lKG+mtiW7XgggjAeeLnADAe7mLjJ6LUNfgHAuRRh+Z6J7w==",
+      "dependencies": {
+        "@types/eslint-scope": "^3.7.3",
+        "@types/estree": "^0.0.51",
+        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/wasm-edit": "1.11.1",
+        "@webassemblyjs/wasm-parser": "1.11.1",
+        "acorn": "^8.7.1",
+        "acorn-import-assertions": "^1.7.6",
+        "browserslist": "^4.14.5",
+        "chrome-trace-event": "^1.0.2",
+        "enhanced-resolve": "^5.10.0",
+        "es-module-lexer": "^0.9.0",
+        "eslint-scope": "5.1.1",
+        "events": "^3.2.0",
+        "glob-to-regexp": "^0.4.1",
+        "graceful-fs": "^4.2.9",
+        "json-parse-even-better-errors": "^2.3.1",
+        "loader-runner": "^4.2.0",
+        "mime-types": "^2.1.27",
+        "neo-async": "^2.6.2",
+        "schema-utils": "^3.1.0",
+        "tapable": "^2.1.1",
+        "terser-webpack-plugin": "^5.1.3",
+        "watchpack": "^2.4.0",
+        "webpack-sources": "^3.2.3"
+      },
+      "bin": {
+        "webpack": "bin/webpack.js"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependenciesMeta": {
+        "webpack-cli": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/webpack-dev-middleware": {
+      "version": "5.3.3",
+      "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz",
+      "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==",
+      "dependencies": {
+        "colorette": "^2.0.10",
+        "memfs": "^3.4.3",
+        "mime-types": "^2.1.31",
+        "range-parser": "^1.2.1",
+        "schema-utils": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^4.0.0 || ^5.0.0"
+      }
+    },
+    "node_modules/webpack-dev-middleware/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/webpack-dev-middleware/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/webpack-dev-middleware/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/webpack-dev-middleware/node_modules/schema-utils": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
+      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.8.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/webpack-dev-server": {
+      "version": "4.13.1",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.13.1.tgz",
+      "integrity": "sha512-5tWg00bnWbYgkN+pd5yISQKDejRBYGEw15RaEEslH+zdbNDxxaZvEAO2WulaSaFKb5n3YG8JXsGaDsut1D0xdA==",
+      "dependencies": {
+        "@types/bonjour": "^3.5.9",
+        "@types/connect-history-api-fallback": "^1.3.5",
+        "@types/express": "^4.17.13",
+        "@types/serve-index": "^1.9.1",
+        "@types/serve-static": "^1.13.10",
+        "@types/sockjs": "^0.3.33",
+        "@types/ws": "^8.5.1",
+        "ansi-html-community": "^0.0.8",
+        "bonjour-service": "^1.0.11",
+        "chokidar": "^3.5.3",
+        "colorette": "^2.0.10",
+        "compression": "^1.7.4",
+        "connect-history-api-fallback": "^2.0.0",
+        "default-gateway": "^6.0.3",
+        "express": "^4.17.3",
+        "graceful-fs": "^4.2.6",
+        "html-entities": "^2.3.2",
+        "http-proxy-middleware": "^2.0.3",
+        "ipaddr.js": "^2.0.1",
+        "launch-editor": "^2.6.0",
+        "open": "^8.0.9",
+        "p-retry": "^4.5.0",
+        "rimraf": "^3.0.2",
+        "schema-utils": "^4.0.0",
+        "selfsigned": "^2.1.1",
+        "serve-index": "^1.9.1",
+        "sockjs": "^0.3.24",
+        "spdy": "^4.0.2",
+        "webpack-dev-middleware": "^5.3.1",
+        "ws": "^8.13.0"
+      },
+      "bin": {
+        "webpack-dev-server": "bin/webpack-dev-server.js"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      },
+      "peerDependencies": {
+        "webpack": "^4.37.0 || ^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "webpack": {
+          "optional": true
+        },
+        "webpack-cli": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/ajv-keywords": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz",
+      "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.3"
+      },
+      "peerDependencies": {
+        "ajv": "^8.8.2"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/webpack-dev-server/node_modules/schema-utils": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
+      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.9",
+        "ajv": "^8.8.0",
+        "ajv-formats": "^2.1.1",
+        "ajv-keywords": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/webpack-dev-server/node_modules/ws": {
+      "version": "8.13.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
+      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/webpack-manifest-plugin": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/webpack-manifest-plugin/-/webpack-manifest-plugin-4.1.1.tgz",
+      "integrity": "sha512-YXUAwxtfKIJIKkhg03MKuiFAD72PlrqCiwdwO4VEXdRO5V0ORCNwaOwAZawPZalCbmH9kBDmXnNeQOw+BIEiow==",
+      "dependencies": {
+        "tapable": "^2.0.0",
+        "webpack-sources": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=12.22.0"
+      },
+      "peerDependencies": {
+        "webpack": "^4.44.2 || ^5.47.0"
+      }
+    },
+    "node_modules/webpack-manifest-plugin/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/webpack-manifest-plugin/node_modules/webpack-sources": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-2.3.1.tgz",
+      "integrity": "sha512-y9EI9AO42JjEcrTJFOYmVywVZdKVUfOvDUPsJea5GIr1JOEGFVqwlY2K098fFoIjOkDzHn2AjRvM8dsBZu+gCA==",
+      "dependencies": {
+        "source-list-map": "^2.0.1",
+        "source-map": "^0.6.1"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/webpack-sources": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz",
+      "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==",
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/webpack/node_modules/@types/estree": {
+      "version": "0.0.51",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz",
+      "integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ=="
+    },
+    "node_modules/webpack/node_modules/eslint-scope": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
+      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^4.1.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/webpack/node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/websocket-driver": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz",
+      "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==",
+      "dependencies": {
+        "http-parser-js": ">=0.5.1",
+        "safe-buffer": ">=5.1.0",
+        "websocket-extensions": ">=0.1.1"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/websocket-extensions": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz",
+      "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/whatwg-encoding": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-1.0.5.tgz",
+      "integrity": "sha512-b5lim54JOPN9HtzvK9HFXvBma/rnfFeqsic0hSpjtDbVxR3dJKLc+KB4V6GgiGOvl7CY/KNh8rxSo9DKQrnUEw==",
+      "dependencies": {
+        "iconv-lite": "0.4.24"
+      }
+    },
+    "node_modules/whatwg-encoding/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/whatwg-fetch": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/whatwg-fetch/-/whatwg-fetch-3.6.2.tgz",
+      "integrity": "sha512-bJlen0FcuU/0EMLrdbJ7zOnW6ITZLrZMIarMUVmdKtsGvZna8vxKYaexICWPfZ8qwf9fzNq+UEIZrnSaApt6RA=="
+    },
+    "node_modules/whatwg-mimetype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz",
+      "integrity": "sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g=="
+    },
+    "node_modules/whatwg-url": {
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz",
+      "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==",
+      "dependencies": {
+        "lodash": "^4.7.0",
+        "tr46": "^2.1.0",
+        "webidl-conversions": "^6.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/which-boxed-primitive": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz",
+      "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==",
+      "dependencies": {
+        "is-bigint": "^1.0.1",
+        "is-boolean-object": "^1.1.0",
+        "is-number-object": "^1.0.4",
+        "is-string": "^1.0.5",
+        "is-symbol": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/which-collection": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.1.tgz",
+      "integrity": "sha512-W8xeTUwaln8i3K/cY1nGXzdnVZlidBcagyNFtBdD5kxnb4TvGKR7FfSIS3mYpwWS1QUCutfKz8IY8RjftB0+1A==",
+      "dependencies": {
+        "is-map": "^2.0.1",
+        "is-set": "^2.0.1",
+        "is-weakmap": "^2.0.1",
+        "is-weakset": "^2.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/which-typed-array": {
+      "version": "1.1.9",
+      "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.9.tgz",
+      "integrity": "sha512-w9c4xkx6mPidwp7180ckYWfMmvxpjlZuIudNtDf4N/tTAUB8VJbX25qZoAsrtGuYNnGw3pa0AXgbGKRB8/EceA==",
+      "dependencies": {
+        "available-typed-arrays": "^1.0.5",
+        "call-bind": "^1.0.2",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-tostringtag": "^1.0.0",
+        "is-typed-array": "^1.1.10"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/word-wrap": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
+      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/workbox-background-sync": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-background-sync/-/workbox-background-sync-6.5.4.tgz",
+      "integrity": "sha512-0r4INQZMyPky/lj4Ou98qxcThrETucOde+7mRGJl13MPJugQNKeZQOdIJe/1AchOP23cTqHcN/YVpD6r8E6I8g==",
+      "dependencies": {
+        "idb": "^7.0.1",
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-broadcast-update": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-broadcast-update/-/workbox-broadcast-update-6.5.4.tgz",
+      "integrity": "sha512-I/lBERoH1u3zyBosnpPEtcAVe5lwykx9Yg1k6f8/BGEPGaMMgZrwVrqL1uA9QZ1NGGFoyE6t9i7lBjOlDhFEEw==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-build": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-build/-/workbox-build-6.5.4.tgz",
+      "integrity": "sha512-kgRevLXEYvUW9WS4XoziYqZ8Q9j/2ziJYEtTrjdz5/L/cTUa2XfyMP2i7c3p34lgqJ03+mTiz13SdFef2POwbA==",
+      "dependencies": {
+        "@apideck/better-ajv-errors": "^0.3.1",
+        "@babel/core": "^7.11.1",
+        "@babel/preset-env": "^7.11.0",
+        "@babel/runtime": "^7.11.2",
+        "@rollup/plugin-babel": "^5.2.0",
+        "@rollup/plugin-node-resolve": "^11.2.1",
+        "@rollup/plugin-replace": "^2.4.1",
+        "@surma/rollup-plugin-off-main-thread": "^2.2.3",
+        "ajv": "^8.6.0",
+        "common-tags": "^1.8.0",
+        "fast-json-stable-stringify": "^2.1.0",
+        "fs-extra": "^9.0.1",
+        "glob": "^7.1.6",
+        "lodash": "^4.17.20",
+        "pretty-bytes": "^5.3.0",
+        "rollup": "^2.43.1",
+        "rollup-plugin-terser": "^7.0.0",
+        "source-map": "^0.8.0-beta.0",
+        "stringify-object": "^3.3.0",
+        "strip-comments": "^2.0.1",
+        "tempy": "^0.6.0",
+        "upath": "^1.2.0",
+        "workbox-background-sync": "6.5.4",
+        "workbox-broadcast-update": "6.5.4",
+        "workbox-cacheable-response": "6.5.4",
+        "workbox-core": "6.5.4",
+        "workbox-expiration": "6.5.4",
+        "workbox-google-analytics": "6.5.4",
+        "workbox-navigation-preload": "6.5.4",
+        "workbox-precaching": "6.5.4",
+        "workbox-range-requests": "6.5.4",
+        "workbox-recipes": "6.5.4",
+        "workbox-routing": "6.5.4",
+        "workbox-strategies": "6.5.4",
+        "workbox-streams": "6.5.4",
+        "workbox-sw": "6.5.4",
+        "workbox-window": "6.5.4"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/workbox-build/node_modules/@apideck/better-ajv-errors": {
+      "version": "0.3.6",
+      "resolved": "https://registry.npmjs.org/@apideck/better-ajv-errors/-/better-ajv-errors-0.3.6.tgz",
+      "integrity": "sha512-P+ZygBLZtkp0qqOAJJVX4oX/sFo5JR3eBWwwuqHHhK0GIgQOKWrAfiAaWX0aArHkRWHMuggFEgAZNxVPwPZYaA==",
+      "dependencies": {
+        "json-schema": "^0.4.0",
+        "jsonpointer": "^5.0.0",
+        "leven": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "peerDependencies": {
+        "ajv": ">=8"
+      }
+    },
+    "node_modules/workbox-build/node_modules/ajv": {
+      "version": "8.12.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
+      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/workbox-build/node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/workbox-build/node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/workbox-build/node_modules/source-map": {
+      "version": "0.8.0-beta.0",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.8.0-beta.0.tgz",
+      "integrity": "sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==",
+      "dependencies": {
+        "whatwg-url": "^7.0.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/workbox-build/node_modules/tr46": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz",
+      "integrity": "sha512-dTpowEjclQ7Kgx5SdBkqRzVhERQXov8/l9Ft9dVM9fmg0W0KQSVaXX9T4i6twCPNtYiZM53lpSSUAwJbFPOHxA==",
+      "dependencies": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "node_modules/workbox-build/node_modules/webidl-conversions": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz",
+      "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg=="
+    },
+    "node_modules/workbox-build/node_modules/whatwg-url": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz",
+      "integrity": "sha512-WUu7Rg1DroM7oQvGWfOiAK21n74Gg+T4elXEQYkOhtyLeWiJFoOGLXPKI/9gzIie9CtwVLm8wtw6YJdKyxSjeg==",
+      "dependencies": {
+        "lodash.sortby": "^4.7.0",
+        "tr46": "^1.0.1",
+        "webidl-conversions": "^4.0.2"
+      }
+    },
+    "node_modules/workbox-cacheable-response": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-cacheable-response/-/workbox-cacheable-response-6.5.4.tgz",
+      "integrity": "sha512-DCR9uD0Fqj8oB2TSWQEm1hbFs/85hXXoayVwFKLVuIuxwJaihBsLsp4y7J9bvZbqtPJ1KlCkmYVGQKrBU4KAug==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-core": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-core/-/workbox-core-6.5.4.tgz",
+      "integrity": "sha512-OXYb+m9wZm8GrORlV2vBbE5EC1FKu71GGp0H4rjmxmF4/HLbMCoTFws87M3dFwgpmg0v00K++PImpNQ6J5NQ6Q=="
+    },
+    "node_modules/workbox-expiration": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-expiration/-/workbox-expiration-6.5.4.tgz",
+      "integrity": "sha512-jUP5qPOpH1nXtjGGh1fRBa1wJL2QlIb5mGpct3NzepjGG2uFFBn4iiEBiI9GUmfAFR2ApuRhDydjcRmYXddiEQ==",
+      "dependencies": {
+        "idb": "^7.0.1",
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-google-analytics": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-google-analytics/-/workbox-google-analytics-6.5.4.tgz",
+      "integrity": "sha512-8AU1WuaXsD49249Wq0B2zn4a/vvFfHkpcFfqAFHNHwln3jK9QUYmzdkKXGIZl9wyKNP+RRX30vcgcyWMcZ9VAg==",
+      "dependencies": {
+        "workbox-background-sync": "6.5.4",
+        "workbox-core": "6.5.4",
+        "workbox-routing": "6.5.4",
+        "workbox-strategies": "6.5.4"
+      }
+    },
+    "node_modules/workbox-navigation-preload": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-navigation-preload/-/workbox-navigation-preload-6.5.4.tgz",
+      "integrity": "sha512-IIwf80eO3cr8h6XSQJF+Hxj26rg2RPFVUmJLUlM0+A2GzB4HFbQyKkrgD5y2d84g2IbJzP4B4j5dPBRzamHrng==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-precaching": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-precaching/-/workbox-precaching-6.5.4.tgz",
+      "integrity": "sha512-hSMezMsW6btKnxHB4bFy2Qfwey/8SYdGWvVIKFaUm8vJ4E53JAY+U2JwLTRD8wbLWoP6OVUdFlXsTdKu9yoLTg==",
+      "dependencies": {
+        "workbox-core": "6.5.4",
+        "workbox-routing": "6.5.4",
+        "workbox-strategies": "6.5.4"
+      }
+    },
+    "node_modules/workbox-range-requests": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-range-requests/-/workbox-range-requests-6.5.4.tgz",
+      "integrity": "sha512-Je2qR1NXCFC8xVJ/Lux6saH6IrQGhMpDrPXWZWWS8n/RD+WZfKa6dSZwU+/QksfEadJEr/NfY+aP/CXFFK5JFg==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-recipes": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-recipes/-/workbox-recipes-6.5.4.tgz",
+      "integrity": "sha512-QZNO8Ez708NNwzLNEXTG4QYSKQ1ochzEtRLGaq+mr2PyoEIC1xFW7MrWxrONUxBFOByksds9Z4//lKAX8tHyUA==",
+      "dependencies": {
+        "workbox-cacheable-response": "6.5.4",
+        "workbox-core": "6.5.4",
+        "workbox-expiration": "6.5.4",
+        "workbox-precaching": "6.5.4",
+        "workbox-routing": "6.5.4",
+        "workbox-strategies": "6.5.4"
+      }
+    },
+    "node_modules/workbox-routing": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-routing/-/workbox-routing-6.5.4.tgz",
+      "integrity": "sha512-apQswLsbrrOsBUWtr9Lf80F+P1sHnQdYodRo32SjiByYi36IDyL2r7BH1lJtFX8fwNHDa1QOVY74WKLLS6o5Pg==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-strategies": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-strategies/-/workbox-strategies-6.5.4.tgz",
+      "integrity": "sha512-DEtsxhx0LIYWkJBTQolRxG4EI0setTJkqR4m7r4YpBdxtWJH1Mbg01Cj8ZjNOO8etqfA3IZaOPHUxCs8cBsKLw==",
+      "dependencies": {
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/workbox-streams": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-streams/-/workbox-streams-6.5.4.tgz",
+      "integrity": "sha512-FXKVh87d2RFXkliAIheBojBELIPnWbQdyDvsH3t74Cwhg0fDheL1T8BqSM86hZvC0ZESLsznSYWw+Va+KVbUzg==",
+      "dependencies": {
+        "workbox-core": "6.5.4",
+        "workbox-routing": "6.5.4"
+      }
+    },
+    "node_modules/workbox-sw": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-sw/-/workbox-sw-6.5.4.tgz",
+      "integrity": "sha512-vo2RQo7DILVRoH5LjGqw3nphavEjK4Qk+FenXeUsknKn14eCNedHOXWbmnvP4ipKhlE35pvJ4yl4YYf6YsJArA=="
+    },
+    "node_modules/workbox-webpack-plugin": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-webpack-plugin/-/workbox-webpack-plugin-6.5.4.tgz",
+      "integrity": "sha512-LmWm/zoaahe0EGmMTrSLUi+BjyR3cdGEfU3fS6PN1zKFYbqAKuQ+Oy/27e4VSXsyIwAw8+QDfk1XHNGtZu9nQg==",
+      "dependencies": {
+        "fast-json-stable-stringify": "^2.1.0",
+        "pretty-bytes": "^5.4.1",
+        "upath": "^1.2.0",
+        "webpack-sources": "^1.4.3",
+        "workbox-build": "6.5.4"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "webpack": "^4.4.0 || ^5.9.0"
+      }
+    },
+    "node_modules/workbox-webpack-plugin/node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/workbox-webpack-plugin/node_modules/webpack-sources": {
+      "version": "1.4.3",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.4.3.tgz",
+      "integrity": "sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==",
+      "dependencies": {
+        "source-list-map": "^2.0.0",
+        "source-map": "~0.6.1"
+      }
+    },
+    "node_modules/workbox-window": {
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/workbox-window/-/workbox-window-6.5.4.tgz",
+      "integrity": "sha512-HnLZJDwYBE+hpG25AQBO8RUWBJRaCsI9ksQJEp3aCOFCaG5kqaToAYXFRAHxzRluM2cQbGzdQF5rjKPWPA1fug==",
+      "dependencies": {
+        "@types/trusted-types": "^2.0.2",
+        "workbox-core": "6.5.4"
+      }
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
+    },
+    "node_modules/write-file-atomic": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz",
+      "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==",
+      "dependencies": {
+        "imurmurhash": "^0.1.4",
+        "is-typedarray": "^1.0.0",
+        "signal-exit": "^3.0.2",
+        "typedarray-to-buffer": "^3.1.5"
+      }
+    },
+    "node_modules/ws": {
+      "version": "7.5.9",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.9.tgz",
+      "integrity": "sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==",
+      "engines": {
+        "node": ">=8.3.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": "^5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/xml-name-validator": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-3.0.0.tgz",
+      "integrity": "sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw=="
+    },
+    "node_modules/xmlchars": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
+      "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw=="
+    },
+    "node_modules/xtend": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
+      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+      "engines": {
+        "node": ">=0.4"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yallist": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
+    },
+    "node_modules/yaml": {
+      "version": "1.10.2",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
+      "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/yargs": {
+      "version": "16.2.0",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
+      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
+      "dependencies": {
+        "cliui": "^7.0.2",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.0",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^20.2.2"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "20.2.9",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
+      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    }
+  }
+}
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
new file mode 100644
index 000000000..eea5b6cc0
--- /dev/null
+++ b/pkg/webui/ui/package.json
@@ -0,0 +1,67 @@
+{
+  "name": "react-demo",
+  "version": "0.1.0",
+  "homepage": "/",
+  "private": true,
+  "proxy": "http://localhost:8080",
+  "dependencies": {
+    "@emotion/react": "^11.10.6",
+    "@emotion/styled": "^11.10.6",
+    "@fontsource/roboto": "^4.5.8",
+    "@mui/icons-material": "^5.11.11",
+    "@mui/lab": "^5.0.0-alpha.124",
+    "@mui/material": "^5.11.14",
+    "@testing-library/jest-dom": "^5.16.5",
+    "@testing-library/react": "^13.4.0",
+    "@testing-library/user-event": "^13.5.0",
+    "@types/jest": "^27.5.2",
+    "@types/node": "^16.18.18",
+    "@types/react": "^18.0.28",
+    "@types/react-dom": "^18.0.11",
+    "jdenticon": "^3.2.0",
+    "js-sha256": "^0.9.0",
+    "js-yaml": "^4.1.0",
+    "localforage": "^1.10.0",
+    "lodash-core": "^4.17.19",
+    "match-sorter": "^6.3.1",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
+    "react-router": "^6.10.0",
+    "react-router-dom": "^6.10.0",
+    "react-scripts": "5.0.1",
+    "react-syntax-highlighter": "^15.5.0",
+    "sort-by": "^1.2.0",
+    "typescript": "^4.9.5",
+    "web-vitals": "^2.1.4"
+  },
+  "scripts": {
+    "start": "react-scripts start",
+    "build": "node build",
+    "test": "react-scripts test",
+    "eject": "react-scripts eject"
+  },
+  "eslintConfig": {
+    "extends": [
+      "react-app",
+      "react-app/jest"
+    ]
+  },
+  "browserslist": {
+    "production": [
+      ">0.2%",
+      "not dead",
+      "not op_mini all"
+    ],
+    "development": [
+      "last 1 chrome version",
+      "last 1 firefox version",
+      "last 1 safari version"
+    ]
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.5",
+    "@types/lodash": "^4.14.192",
+    "@types/react-syntax-highlighter": "^15.5.6",
+    "rewire": "^6.0.0"
+  }
+}
diff --git a/pkg/webui/ui/public/.gitignore b/pkg/webui/ui/public/.gitignore
new file mode 100644
index 000000000..c9e9f1beb
--- /dev/null
+++ b/pkg/webui/ui/public/.gitignore
@@ -0,0 +1 @@
+staticdata
\ No newline at end of file
diff --git a/pkg/webui/ui/public/favicon.ico b/pkg/webui/ui/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..496bbc69cabfce158be2fbc7e709e8a81a5bc95e
GIT binary patch
literal 15406
zcmeHO3v^V)8D6vxTWwWZwYJ*gQCn+UYisN2sUD@R)x%@&y$Qy*0*Z(SJr#<I4`j{0
z0uj{kkSHdQWS@|P@REmsJT&E@fPln8h#&z4l!u^znCbW3-Pug;-n+X5RC?My=VtDm
z`Cs$TKmYvm&&1{G;5ylL#u+Y@om~CC;c{K+a=AKnN_<~(rpr}^y2~$5w*TDadgCmY
z>k_~K1sI8X6j^_Pc$c$$5q)hSqBj@C_1{Q@LcIGU`Zm<B4U}~Ob^D($q!j>8@bQIo
zzk~u!KkI6i3>TnrqpY`<!BDp|0sD@LAJ)rcyFaW?EQ;MI;)}cugpu`jr9Z5l;|uHW
zfyO(s9q;S$Z1GL({u5az%aQSdj=rc{_rwcMlXbpu_p1T_MPb<eD?WS=#I&nqyJt-2
z(|jSfPF#OPTa9+%i)fnyF~a~%2g2cd3hLJ+9;4dC6|N41AuMt55O-Jd-P9ZCQPv_n
zTU+ZjzO#;PVnp@r;)Ut`#DqDI?kI}qUG0zRCH|29s6T8x7>Mdm0cH{5ED!1ok3XvY
zW7L#BgJX;QCBv(4O7+Q<FZl=Kc#Q>DKo8fdFm~@AkLM(R#N7+HyD*LmAlGiZ?+HY-
zc^H?EeNm&YXF+FJYug{k6#Xs)?1m)Yk%WMrMqw<+B;NJnM4Pr5_Tcl>8Z>Y72i#J&
zjhWh4JU^xP3;{i}0X$=T_|7`en?|_eNjHn}vj>i2J%7HiG2+>pyTts}6$ge+?Ece4
zE$|~+BX~8)Z}jQ>XKU^}Fnh&|A~b)<2w7h;v&*-^=MFrV$+|$5erZBpT?C?en3ahi
zVF*hcS!Y)UqQ?Eiub4X+_{RNqFq!H+5u?-db-fzv>Yv->jk_<%1bZxP^fR6CbjCyf
z)ZU*zYCMSkHp6BPKtGj5@#{`^qQy4AhA=*#(N_`I2{xB{)o;l$gA5TTT-Z@K1&1-h
z_zKui4=4C+^_Z8{D!t_U=MR>o+X(#Bx6poAg<st`k8^!eHa<@6u<?jWPriG`-_X&D
z;|aTeDBES(xa}>0adXs{m4@{jy8b(8wMcrh^hUe=(gyZ2+0Js#n=gsj!on8Pu)-eA
zcOb0w1id3F?LbJ&x6*(QxLLxCs=G(TUh}pD!uowyxb}SeBJMjuyHyWieYlkl+DA(M
z$+Eu{=2*UA+ujuYu(sMt3+v0<vfUTfQa;cM*WT}fc)`h_zeMs-eJ9^#J;vd6k0*UC
z$;3Ah(z{}=Rl-)s`9lUGCi`C??7jqi4v`nupP+;SPcx38-|>dJUo7jbWnpFa-(pUU
z16(C}vK>78NZHLY%sH$Lby^3wCMDtaVQs(5w2iR7FG0fySb6fBw7enB0~k~G1T5kJ
zlQ-5)^e6q%8hsJtPOB~pqwYVZ!zS>95$$&>f3E425&dbj#fj?V-Nt97!)co_kDj9L
zO&bX5qtjs${1H!#B1~eOw4s1==$mfFNoYR=9n5l~XH$RBrp~H6TNuWvm9IW7%I6Fc
zQ|q4-4O{9N8%_&iJqArPR!q_+KILXiw+YY3c&t2f`%c(J6Y!gc$8Xv?{*?iTYF;lE
zQ{EUUiYMQ^YFJhNc^ogsK=i5JsBxjk<2p$lL%t8I)4o?&rCkMGt;{A1#$XlW<f3>%
z+B(g#ArJDh<74G({l<EHdp7>?_jg$Fj?*{e#PQkq!!MM%l5ys7;_LE6v>$`-^lZFS
z?O|<>FO>hYW95&1%y+Oaco_ZOD`}&DlNr;XTqx^ME`krtV{DYFGvhVgmu+8WC!;@_
z_iOr8JRhd$nR7rJD`R-tkZj{#EJ>#WY_vqyn`M-~Q5#LaWyedc!y526;Bd~R%`dEP
zRqD9X&r3MQ^a`C!cCyhMcK=m@O}#>Q=YZZPlBO)jPP-4XX!VTmQowkDkGodFSZS7)
zUhz$|+3ocN)}MWzioCN`T6_omZIYfWm#mG8aWfv+>kD;Fvn4NL8wm%ReXR5_cITsg
zPYMP)9Y1S;Sg^VhYp45GD?InVD(u2F5mCRsmg6wM3d?WU-%Apne%~I({g8xVIrpuX
z#p1Ow5eS?6@ir&}XzLMuBjIXae@1NDzEX^=zJ0w_?-B`iCikTD<Ev!7S|(%i^|6IM
zv9zI1Y;1lLH1BBSyi(!hdqQVgCG<%@TkfyUKUcP?Wik#?ZM0=*ymf!7!jgtBs+W-_
z*7FJEp|-c@9lC#-dQu;Z!ISNw)gB!1Ro6@G+i#&PX)$SgXy<|hU9OXTFN*aLyFd9r
z1Y>#Ya=|?wFw`~omgRFE7H>B#5KGoh65fdBIUclgp}}?B7uAN1p4w;k=&ASaX1s5g
zzsZHx|2howB;0WH!gDNn5}>#Fc`Mu(aExH5+hDJUkq=qmuhhDE%6pyC1~9`1VPRJq
zXmH>4IqYsbXbmUr3~0yPl#Jh($vLK!pJI(3;^dQ6#tGkR48hv@nSw8U)>3b!_6rsM
zc)iEDPYr8zHatz<h$FW9W7=P`@$*KE&hXXSt#pFXeB{av(yH+YPg<;=jc&Gf>K-yW
z?wc_FU*LHHbUI|9)d4x@#~@>yyb1d<W9euyYk4W<-yDc`P31o`&^oH7<o<LUd1ZJ;
zGDdPD+!t;1X?FON7Z-{5cdqAoMKjj@KRD57Z+&t<*ks2$RfiZi(;V=WcRs}*(q2fx
zE4rAmY>Zg9c`<d<L|*NcGZP;7NzhMgzDnVrkV&hA{Hb#lD=kk|m+#}8C~B2|?6iK6
zeUT`eJrK0Dm#uim>w6gXTbN@!6G*dP%7pl5F7usE{1{)u2fU`r|IFlD#mbGdaaQGT
zDT?-(X?N!2M6W&d>;qy{?#I4R<w(B2TjUTgl9!zgR=he`Oq@HoB^b$@UZk9bv`4mF
zar~7xoQrXulV(fIkyYmZ-ieMcWL$}Ues0t6dhZ0|LMOa0qn`1$x%OJ;Kv;X&i63l-
zzSHWzmc!;4E_~&`!YcEe_uaNKY4uKm0B&hpSiPw*WL)6{|7F+n{1LIsy^v|YDwmo=
zmNKZh<Rt8V__KbbAz_ZSq)jkqF*wVawaSM+5k4ud%FkS|3d48U&NC_u*6Ijxt#D4?
zo^s=iKwQ7nZl7rS1)RZw{wC0UA5TLtqCe^>b${21o?6d50_JmTJ~OH}$Q&f$=o3Mk
zc~8^!;b%XjA5&>Ky>m~EHT#hy{+5J{TBTg$$OrV)oRyqk^zk(uk6iXJIIDgD@Y1&&
z#NPU84{66KyP0E8=6?;u+{Qgl^2&PhByXJM@~kgyy`jvM9p@6v-)CA=kz+T8Fuy8u
zWRizkQr5P4T%46g^%dZ=0`w7ICv*?lm%+!{<{wCpJc4oUBH%p*zTlnaucUq<vnhL1
z1{eu@m^Ov{%p=7W*Pp7&E#DJ&K@#Wnndxa$)Vlx@pJnmv>raK;gMm+<mgW3`{W8x;
z(#9qefB1~;fr$HY<^~b#bmYE(Id5}q;@ol8m(;};!V<^C1r5$ijNKE!{U8T?!7~Ts
z{Ymc#)}Xby;H1N7JD{r>7#AP(Fcj^)yCP-GR<6NbXDD$=13qPEuDHYE1!k@=w$RI*
zCG%nZbH#OlLmXt-#X?#7VB%!N<DRSnXFJ^2Oj}wa>gq>|4b98N&OKY0KLxIKH*Fvp
zk6HJloYV9f`_a#RfZ<sl*D2Oz<csz!vfH+k-yzrod6-Wy*5km-vj!fjePcumbG~ce
zTV&>5N7dc^8DyHsHG%WSQ{MGQ!0C^%tU_6XwwE}!z2?{$y@JT=qW(7c;hrWO@>Iw<
zjzXVm@%=vh40*RhX7ip?9enK=(*|)@34D8z4<Bz-?~VNq>a;@cJ;0*|yeMOTtcT}N
z_S6r4i+d0DiEBnCU&(ww?^>8^Vj|z(e6;dI&&^naI@53Q95xd_&ULP(<Y(@Wj`KMZ
z_T*f<k4pd4V@h{l?+edWCLFE&@HrI_J5#RWtLRmS#CeTr$48}q^tYM0ps%YBi91!@
zc{Y?Sr{dTz_=^v5UevoiXMyb<9L80?n05_pCJfmRDRx7j%DaNh;oGh0iM29n#<;Ei
zHw@UYUK@z%T`@P?oW-?QMkl<)d9OB>dV`FuGH~v~mvWE7_#C-e?r9F-k-GnscaDZt
z=by*e4D}(UjW8|1`v`ur+8^$bx|8T6N3QkMb)Y8i2k^C*fqpTb)OoSOpX*sUV;M=8
zevUd#!G!gxs*MyBAeS07&-tutCi`*_{31mW{m=CAr7QY6=JO;!Yf0bEJHF6a5HimO
zuiYtGT6IcZhhRr9QeKtDAjGI>E0;LPSyk{3unJRDT5vkrN8@4tNz3vuKdmi>9)@GQ
z-MQKp?__{hIdCX*TN|<Rz#W%Byx=TVF1{!Blxm($tG2thk&L-{Z`mSyn{Ud1yS#eY
zm<+i+@}&)6T^s~>2c77G`7$%tjeBLm>9?IpJnN4(XO3G^F6<lTIo(4qD!uM>=xRj{
zF$nGIpQ@dv@r5oS{{km{RJ{6_n7M2$`f$re*w>$|`10G_GvY2?D;;e$>twsN3?hdD
zTlse@d>j3X=WBb3@B)v(S^7NQ*|*}$Z{7h${M2Yir)vI_$Zt1@QB&{X9oj*e_Qc*$
zkBgJ`m$VCQN3c@6Nb<3k)G6Y%f#`$Xd^UCV!R{u3xU(_S{T1deA-g3XrHj&;4~VV1
z-W4;KzW{lRWr(F5bF`H0=_+>@s}6X_-72^G?TO#e5p&g=-!kv|u56qmcJAFGo~`Yf
zF~7=r2OEp2yyLhdK-stKSSOyV>4|ko>!$Lxd&k|Jwz(e8gT&d49eApaYZ%~;aE@`G
z6^!NMuB=b&JFrX4Uo{alv{<H`5o1`BhVnlOOB<$&4O^Fs@vl6@d+B4X_XbnUl^67X
zy{ZGg!_O{OKx|)08@_r>$&}t=>H0czpS5GpX58;66T>Inw2QjS6lY7K@Ev)k3}O7Q
z1^g)N9eWg`q$G!Y8Sf}rW#>2i%aKfTSn?(h@&XR>Xa;@wPV{LVWs)$tl*Ki9XM3aF
zuje|(`<J<{AK;VxzlpX!#OxDt47u<oFW#3WZ*NS$F4LJvF7$GRp>M-@rS4#uGAGvn
zzGDpD{;FijRb~|q|Ci7O`bQj=u6yQeQ2&v<AFSe?DDSY-yC5TT2T8x5D0x2jFWlL}
z`PP2!%TE+}t#Z&_+pb$WVvRhp2zSm79zK8=+t`i$nqkE|QNEccr;Stp^xyd3BT+T)
zNkJdDcn$8iA=l@0AMAwbLo`o^9c|_RX3bbOTD-YomUw0PIL3X*n>zn5;E5tX&w~m>
k-LAl1ECQML7Eiu)AL7+G?;m^__cBhDe*a&N|4t432jt`J!vFvP

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/public/index.html b/pkg/webui/ui/public/index.html
new file mode 100644
index 000000000..42dfc725c
--- /dev/null
+++ b/pkg/webui/ui/public/index.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta name="theme-color" content="#000000" />
+    <meta
+      name="description"
+      content="Web site created using create-react-app"
+    />
+    <link rel="apple-touch-icon" href="%PUBLIC_URL%/logo192.png" />
+    <!--
+      manifest.json provides metadata used when your web app is installed on a
+      user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
+    -->
+    <link rel="manifest" href="%PUBLIC_URL%/manifest.json" />
+    <!--
+      Notice the use of %PUBLIC_URL% in the tags above.
+      It will be replaced with the URL of the `public` folder during the build.
+      Only files inside the `public` folder can be referenced from the HTML.
+
+      Unlike "/favicon.ico" or "favicon.ico", "%PUBLIC_URL%/favicon.ico" will
+      work correctly both with client-side routing and a non-root public URL.
+      Learn how to configure a non-root public URL by running `npm run build`.
+    -->
+    <title>React App</title>
+  </head>
+  <body>
+    <noscript>You need to enable JavaScript to run this app.</noscript>
+    <script src="%PUBLIC_URL%/staticbuild.js"></script>
+    <div id="root"></div>
+    <!--
+      This HTML file is a template.
+      If you open it directly in the browser, you will see an empty page.
+
+      You can add webfonts, meta tags, or analytics to this file.
+      The build step will place the bundled scripts into the <body> tag.
+
+      To begin the development, run `npm start` or `yarn start`.
+      To create a production bundle, use `npm run build` or `yarn build`.
+    -->
+  </body>
+</html>
diff --git a/pkg/webui/ui/public/logo192.png b/pkg/webui/ui/public/logo192.png
new file mode 100644
index 0000000000000000000000000000000000000000..11f22322c00fe673d7aa1530ecfd53fbc82b2373
GIT binary patch
literal 13703
zcmXY&V|3tLw1!h#Q@c}RYE3(}+o|oTt*LE$YTLGL+qP}@_Ph7~NY2X2TFFk<IXinl
z@0$==X;B1N99RGV5X8lV<iEzQ|2AmIuf6=51=QC7Vka*u08~ui9RmOnATGqO=&XIN
z1!J$E^z!L(NoG3QF`7d}#6(OD8adjuH9~9&D{)MG5gNJsf*D^R7FQ6=$;rt~chm$}
zN?>QfeI4yI5rx8rLi^(Sp1sbHxjepRrplYlV8kRo&iEf>^m3#fc#ghbythAIJiJ0*
z>$!qgq+BcBVwf31A&eY@uAqnJq`?n}A(sV(yTRNw=zPe@nKFXYR?bm7(X~u8FWMib
zG=Z4yoU_+I_inoKbhj9P%0gHeZ+!#W{aBvhn0Zu!F-&Mn4id<IAwg1MR$}OZ?*Pz@
zI^D{IN=GO3;0509V4Vm6cl8F+KqLH`T*~nix$5e*Yquz$Od)t>JIq3x$MWdH_-Vr*
z!Ei6Y#99^_k!g1t{Pzr;-3$RGyO^<N#6+PymkoljH-GU(8w`8~^bPm@DJ_1CdXC*_
zgJ-AZMkCzn=p#ODgB#Fhr0~eYMq!!q=GBIU?DK@%<xR9uBt~nq&$!J4i2ImXmOvaj
z{z6yD<ixT>)gYQSyDgR9F7CMq1#>oDS9#iNoG+T=x_3E%$kma_H-6hmO+$xl*)UM*
z2hrhMjH05Jr{OmL5C~;rwYj1Z`dQu^B6jJ8($aXmS8F7P#!^e}jgy37vD^s9-0=*I
zvVVqyWsLA4je@w^_ij8)dT@BUw^K4^iA#wH;{lNN_3P<QbY0K)<u^kVUXyGTT_q(!
zwDnbFIc}$sNAnHL(x!{p_$l=jy8$XDPX_OglrI<h7Hf^OmrjrkRLG|N*s&P6Tb{AX
zC{W%Y>zO-_?Z3O?vrEjZr1(<%FtAqKfWUifaF~P@;i|3&Key|ro#mw}>!428ftwh~
z!R73g@Wsa{K0H7-GI$PD1qanAs2Gxa)m~tNOn;iE*brZd_j1jDkS8r-J^o`AByX#G
zr#iAT(7csubPxnt<T8rNwxM*UEDU&Kgl7#BmN8v~a7t$e<zCI$DwOs_q*c9zfK~oL
zQc8IovJPjp^($wYt?q|@m68+vy5*g#ME9JokY0k^>AR5st<2de7{8rHPNp#wcf9k}
z`r>u#r@Iak<EDICGBbO)5sT^cPr%->Gd6wXM!=j74Ar5;MAqVDf7eERF!tn)$7`O#
z`8E{^?2~7_fX-=5JT({lTvTBS6Uuu+n?QZfBC$x#7-&*242A5U;M_Lgax^tc-(<gB
z4f%!9f%X&IQ}kMP;SIM2%xGA|&B6U742;jXGxEpCc>%QHcgD<o1z|ruYAWZO65Q!l
z%R^3w0W>K;(K**8=E`ZVj8crXt0mXmcN5r`9bjsC^g+$#J!=QoJL<>P>6}t#(i-bW
zC!GB0j|k4sUvQ(1FHsKN>Yp`ZqMgiB?y+*{Um;dV(>cG{2h7ED_D4}A7*uaR_^52h
zWEk^ZkT1rCe7b;bUOuhM@F05Y2iA7O{soT0)0cs0t9z4mlql_($cORBGX%|FuQ1MP
zeIQx2o1pz)abORL0emeB?Mk9~nSW8F&E`SuR6Kn9I~U$(LOMb09rfOR)_rsd!vd@X
z)I`uW?TCXQS)GKt)<AkSF1M2zeYu1?d{&q=I%LSTwA7UgTn%|StC()AJnC1x7X;dI
zi_;|`0-#z23IU9I;YcMvSRCclAK3KK*l20L0zA896rLniGK0z_nX=?m!Xg=XYcV-~
z|NXYp)?qUMl0|RDL*?dks*Idbc?qeCWhRJHPLu-`I$Qe(UYJt*QS84QqR*me9eBM8
zoDi(R2wFqubW-`F+|J?`oQwKz{gzaY03#Z+s>R$J2mPy@WOf&V+Nm9rVOPtu-4qx8
zzmwW;ugCO|>P+if0gl#=I(lZ)R$y90i~p`b2Xr5ZP8VNQt5zwHX5?LxrG&hsmG)2J
zamZu}X9s;3U@(DSg1Z^;`?-}?!#{GWAXr37N!5Rhy2&~%5i5)D1%@>>o(p>`jV|C0
zo@2IwdOIo~WhUi8bDlkZkjmLX%K{6;jHZo$8?_t<6KwrMS9oUD>E;@Kz5a9o=|;=U
z&q55^D~!xw*o8B>D_uDIsi+Aa9;DxMY)?(&y0W4klQp-XuwB06!K?GAS6I6caA@-b
zf*zL<fd9)$Yx$~1KM$VHKV}TL+h(PL3o|%F_<70tzX<<b=%e?umdIVmi|bi?4LOF{
zV%TryKxA};3$Xt2dy<NA(ED0l6rINtqt=iC_0hje2btnYP1l)URXXo254j_mo$VEM
zx4r03?lFL+uve$#Ogjua?Jw9T7sEW82~c#gLsCQ6q4t@J?TUuh+VVsx^4+b7Q`u;V
z`-1}bcPG#ik<|t9i)<zb_o#^AN}VV)5o43@xdJvQ)22jq5V^~YYyViBTS3Z5bZV5e
zI+o5_CkjBi24mjdCkPDCKLLFc=XbtOMb>+m`31Y#w7R;Ywl~^il+rrF4q!;LhPr3-
z_YD4{Kc>uWo*`acNoK3Fk~JHMQ=ooG$N|+9!AV`=tZOY#m=p-#&FF-Y+3!<Y$vCho
zMpVH9>tv2fyG=y9LZnD(>9IJ_#aN+eYtGqFi4nrXe3`c%7BF4P1f+H;UW-;`A0`x1
zUONOTjo|H>2bT{ewv8vD?*#zSe7Z(gmH|Ku55phvZNN%7t~0JcCXOpjPNiZZb7eFq
zm{7|8EGPzkkkA{F4l>E)C)PYwfI_WUuoqqgj`qpFysq)G`Q>axSFSC6c4J<jkx=Fu
zgw00=G(bNzjh32qwG%oGL$b^4M66-YuH~T{o8rz}boQ$M(){|ig7%(~L?sN_>gRSG
z;)RJj>JpqLF8>jZ#H(KgO<!G1nRpbq7Ow!hM`o*eL;gR37}7FnQ^Vgq!<N5vWfOUt
z&h|b`l8<=Nb&T3xcWukoUT8X28wgrQ4E54l0{HBNnC}zhUwcKR@{lEJ5x~6RdlKqb
zFCdPtWo1M&R?CqtIM|;Va94avVBK5yRovS=(K}Y&P)TW0{^*`T?rtEwdO3J;c)BXe
z`LDv+5`s<VX4?x?Ij}C!sYXAW<l?oO3=Q(rZ(4B|D?Qp9x$;~MXByP&>Ktw~)hwzV
zEnbr@{b1z)!L_=M`o+GTdtX}hlo;RP4pR@uOdY&cSDaydn8#7-8?iclf(_}7_BdAy
zv*Q7L6wCNt-T2(b{JkD_;KknW^7<@9ANqU{RCInH<nUQ^RT@Qyn;{6H=1H3lP?(%n
z#p*B<?ot6w*qaFtdZ+sC8(f*JB!a;`t%bhQs&iLvNinV0?_jLyJL;OgKN^56G40=V
za*lhoNJh4Vox~dC!rrE*I(#2RhahY$=zsv?-G(Q>&)tM3)I!b^OE2BKtR-Vw#r@~A
z196g8OEw4}Tk`p<P;&5Kv4oCrx3hJcH}k+0@&qG3n;?#JVcic5P(yVJC?6$)u+=wr
z`E!~Iuc@MuuO#<(*8BHgvsct=gI*kq<<8YdH4U}YCCsjTZt1~iig%EA&U^2%WMoy(
z^;(1|TDmeg&>d?_iCVjep+qBS;0&VK3v!zGe&9Zapiuv9OIOrG{>N(50+g?Z(g(*5
z_-u5|*cqpPva1J-iq+E(W13Puj{xZJ<9?A=iCEyq;;s#EZQ&^~F_$fIXm9LO*$Xh^
zQ^hX0WvkDxjD?Lc5Y{@0+E^>E7VsAfh0?3amahn2?{!$eKsUgJ+@1cqMoJ1{DZ}6b
zB%5RB1uJn*0FPEB1%_}x#8=>r2raO*mJT!K&vO!?S8vuBxz6{8AEl7tWNcx^!E&4a
zuB$exk;(F~T2ZKb->Mh`pnpN^zRbW63h1*0RtkH*W-iqX1`(wZcCck>$-{*cvcMl^
zIG1E{MnFiY&<l4re!^w>_fe1cssy;<aajQ2)MNN0N!k!o)N6coHDo)Hb|N}Di5t<I
z(LVc)+^dZHUbWTt-hX2Hxci#gf0DQ%2A>=vz${iH?~9@zM4*ku{AAyImIW(dgONWo
zoUZw}91TqVm4fbyzGlNVhTMAq)}5Oe-al;lc1to;*lAadTk{#kWl|;MJ(y^C&?H!|
z(CVoQL?=&Kx;+fTlQ{+K3Ry0L&xg{uWd?+QU@mSCCEja)zHrBt!6fN_>oino+datR
zc#k#3-d7BEJ*!Q7&r*+Qr5;vQiut$Bs}6WNe9SeJ<ct$d4IvBKjh%o=AHf{vV>_J0
zmp|iuzPxaMb~1O$&KJysg^8>wP{eLABH))GV*oL585dcyhTpwM{aCRixtr-3n#>8g
zY`0k*N=D<eQ^PVv1H5pisr4qp6NFGY^ilNA*>&#V3flSST#8A1Q5LFwi7ddi$nqJi
zSr|v{WU^^5!A-Y6CuI7Cx!(j;j_--=E@r2eF3CPSbYxuB3ThWhzl)KG07UsFCscW+
zzX7IwVCk9SzQ6sDoMd_@Q=!q|-q_i$9}2nNm)}2Lx!>+1jir!FY5l1G!f_ZT<-4`W
zcZQB1qm1p-xDZ{9JB9dfcv&At&$EplDw6Fxki7Cbrsgk+ms{oao>2Z?kFfhWUkk}=
z=Ja=xHDHGwvwtXS^ciO3uxUp`F~TZbfzbM);!o)GTsWXtU@XC0`zd415FYpY>zgI&
zpDc2OcE(ZuW43t(T5J16%%PQ>c?(`;a(eF<i#fz$G<@1pN&BDrD6e-!8TxBp2m(4<
z164qb$|hahAKeI2u;APKXfugNbFEpZ`%P!PBeqf5Qx~r(o(T<{H2t`(yH0^j_ff)V
zHrxCOy9Sa-MF%Gtc4XCyc;z}@v*2^IAy18!$Z?rWl%`1fRiWI`W^vHw<msbDFL#*s
z^{YlMsE&QMdDcMiP=35PW<>Y0mYZPq$*9l`EyI5A@{`NsLKoIYtMF+;<6cygab<Ek
zTDVo~FDE2E-SWt4-++95{6HBtzw1uNbThuy0x&K%#bw#kQK@RTN&FDImS_5q1t_5C
zB$>=K${n{PBIQMwTWwE@u=~WeeL(QvY4qGTujk$QpQUy(Ll&VmWlMLcX@nS%Rt;z0
zuh#pqIRf21{de@&DGE*<0QSIKurc~Lg99w4MCie&J>ND(;qAo;%?FDi!enHFwPZnt
z6P8cfz&}pb{q5GH=#M1*r`_0am5Va)7#IMtI0_y9`9cXdxh4ZF_X=LK9ufQCLD>rn
zLqaQBPk+RC65B}n;kT_b8%Tn#V=`<GU5XvV!Js`*V<_TNYEaI=Tne=1yAMqMk5VlO
z6|ca>gjZ`W_7jS!q8_S3nCvnj*&V4t8Eu7(ZLk+Ja)9c*g<lD66QlVJ?S*VhA-EgP
zW-3L^HSDjbvEVVE+F~%2P!m30$)wM{^;=hRlX<ODhg2nkiVEe;p*=UmV@9IwQ+Tu_
zGS748^OI)~A(Cpd4vuO<a=DuiQ5n1UC6<3YhBpII+(3XvqotnR8p9To=2AQ1p4vAT
zi<f>wYbb(LI^&+bi9-7)4gGaoF}k5wFcdE-zV%q`Zg8J!899@yx4Sb!-(oBK^zVc}
zX=xi(t(CnCyMM+M4x0$xADO2vfuerIg?i$*>U$|c9C&?VA9!AV78q}#GE`8F+dt7m
z1#bOO1%mhbD66EHVq54#)`s6bjD<3^<b7qlZoQBhs-#H%4)@%NZw4Ww_Lf9a+B!Cv
zEj$Agv-xq=eG13e?+a2BBHN$Ut#&e?N9kg<8}of7TJpc^#7z!X@75f3qCVA#)P@1G
zrz(KRLyXE^ifBL)D9D53Ug*M}*|lF|xss@h^QL^IXdo=JQ!^nWV{0vPo_mk6B+3yc
zpRO{^fzJB=0)MNQT9P+z>c59++dG;YpU7a7&$B6&cmv8(O-k~5Z1W=k!TTSx7MK#;
z2oPHVLXhiVOE6X0E8f&HsZ%Fm5m?BZ9+kfTk=hOKsZe~iq2eCPoI})PHlQ$`sz&oU
zoP~Sm@NK+ero`%xeL8c_?-oIAC-MgADoIGWIjv4EJkgwc0UeW{o1gM3OTg7SlvXQA
zW|#h*Lk*+6?Rk^TDxFE{93J6k1E-E3e0-mcDy_!{hN*hIV&mv=mjQRVfsK`E%kH!o
zp>J*LZ3TpC1$)E7u9J{K(ye6zI=lZUE*cwPpf5UZbC0P!L}NBc%o8eRal$UpS?gOj
z16>m-&MUuOAr9{fzZI=d8-*8V^phaWU<$EZbC}(AQfvibdO=&6*6W9qo3m7~twTxB
z8WjSzB$bU6sQ}&9<SSN%ALQt#S+#m)n%lV`%4kuNIs>a8`nBy*DP^9Iu(Y^QWS&O2
znD}3r(~_=NYOr1sJ=shY7ml}&82F$I+~E3g97w=LWGyFju}f@zu_9QUcDlq_vWY#!
z_nvK@+c4N$K2IOj6ceo@+rT2y9Vb<L&z)>oos500f^A*Z8S-FN@xFk=Gz!ahVuS&B
z;t42WANW9EI>U2!&Nkyq;j=0&Su<5cjyl*IN>&Ig!f<dbf_JfnQE?Vt@%<Z%k^0SF
zU80oAvVpe?p5osGH(YIc*}`Xpin9pqnC%JA2i{RZHV{1$3s<0Bz{dsClQq;wYEKjM
z2U4hFCfwqA*vL#g<Nk>wv}A<2?K|0ABq?xawWy^t0r8KNE^^_fIcG-jb~c=hj{y&0
za;0J}%m590D8p7cfImyOWyqi!w#RaGY3JD-7<aCE*8ZJJFIXV1yD<{Zn6Jk1$y_z=
zptyWns0kwcFV$gSMiu9nB|Dtxf?hh);OBWB6>#N~)#c!uGet7Sh3Ne`4oTvNno;4`
z=WO7FIT;p4&q~kXx1Qd}WWNBv0w`glOvr8K1`G@y&kiyrDWyQMJ-T;J(CK+Mf{eg-
zE6w&aKRC0z7Jy_8m`HTT>B7o!`iWq7<7G1^iK4D{b>SPyM;?Iz%3<vp{6-AKuLQCe
zYu$Z!5_yw<A(p*xvEMMz#;EblFL0;qfg#9I^uPl)8TN?i5@>0|t+gX{y8QCIo2ea^
zASx%^I}q=VTSopQ*@_IteU>n#e`V<FQnHmYWP-@s3f>!6&@X(;f0~znTrD~>5ChQR
z!S3&#9wqli$aKQ2SbKZFKg{E9g@WEz#e7APR8O^xSmtxq&tn!vCgCj&k^n$_Wq;zA
zAM`Dv;VH~GnZEgN+f{tP6GI?QJ%CAn<L4l`z7(E@MlO)mpmEce*I$YVP#uE06QI0P
z-AU!@v$GW8`0rE4twu=m>C)TK!g(l-IRitx%djDsAT3SP8(raAI-V-XJPO#E7uu)q
zC5$n<^Wi}vP<#<2(vH+LMoTN9q}D1A)V(1`*&-=i){4-*;cZeF2-e<cjkPp7v?K$7
z?4HwUay1TeC9FvCz)FI!+Jr}zzI+hm{Tghc{2Y+gA+mI<wdm)(_I<(BtE0_E-NRxz
zf|@FKLR0J6uqjh8$V$-zfzQYhrUThinYF`STX~|g8*W}<_E=Hmy?Z4JJEq@7N3}%&
z#RwX?0i`M?SUV{*gO;~7r$UGoFsL)=V9bv<1d`<WtH7eUPCQ+Vq(Vw0SBtNoY?u`b
zFr?c<11N!jHncVs1}mCTd$fSrj=8r%sOp>!U<;2#`V;balnGP<`|Sh9?U$#nvTrMq
z2ZvdG(bpSzWSX=I^9<1%KE*Fq^dfkU9l%0~;KTQi(2=GY9xApw<-xM+u)7awFa<t^
zp}x}bi+%Ort@p-!v|K>N$5>r(HwEOb^^?O96vocq-^A~aW7ganJsxg>my^}3eei%8
zyRcD;3X-a|zRxQ5k>SmA{5kCO)4khDq6fAfq+9E22pk~A(|!L<{M-<tIA33o<b|_s
zI6wOBY|8v~DYvjCu&wMCA6%Py*j7yBEQy*C#ybT%>Wi!yUC)@1i*f2chw_?%TD5bN
zOzu;LoAxIo4*TOPVjnwdRe;6}{8+QQ$A!4o$~Fj;p&j~dsOJ(z)R(`Qm7=T_@|~jk
z5`=4&X3i;>%1#Qp9Qsp4m2zOLh$ho9^HGo@wMrANpx9y~Il-2JS7p8+{?^2PEe5;A
z*Gp0%DHEub!<9;f9=fP&6#S^}C{$Rh7zQ5_S~(vJe*B(3nne_Z=$at%l2SZv8G6jl
zr^Ddx^bPGAek=6{ZhRVX7d&mi;x8Xs7+&(C6ys0NEMd4Tyq*G+BLPXoXj3QRy*}Ge
z*=lh=`GAs=5utG-2&LjOb!j7E7hr4Jn~F<H+vp8mm`fvt=U6xwN>BgzR|P=iceE;#
zWQp4yeu~XCS9UAPWKQDu_zkTa8P;zF#U@4EukzvPioqG3@f`eGnW0`+fEdKqZnW$p
zu8zsN#22ntJHfK---fqVE$G70I3CaGvof2*<-SfEcn*nXXvBq@B!?_wPbr4fn}?Or
zM2py;i727GNDW{Pe9~!tQu&!FNhIk}4K1W1G!5a8fLXvIHK<ocX7cUdy&s|*Gk=i)
zY<ZV`>)953L3E>LudT@@oaZFbR$=kpCmi<LHd!-kF70_Sh+=Udi#+Kj2JxRQ2@yGn
z2|+Q@U^sq(`*@Cl)A_ukg8p@}2&b~t7j*2dKa{}+QHmdpYhhXyZHXn;xfF%aQx`s6
zVD1@i!UEw%V4o%hA<8{k6`CFD4u_Ba+iZn!`JEa4+XKq%s`d^AM&7Rurdh?h6RR2^
z8lU(UPven5>^sIyRT5P)U2grZ$FJrs(Gq_r<-BImTq<%Y9Do)7J5mJ976Nn{_OJnA
z1QRk=jM_Pc>KvnyR+Dv{<1q^kR9AKv{)VuT0e&M<v|ncQW$~4yMOhjc=U}m^-d|u2
z*7D?Zf-TJ;K4dE=eM4^3TgNkux?Qc>(^K@%?rCBu7!eU&hg&VI*M`YsOvIU%mlhOy
zPqT>jJ<H_$kZB}XR)*>-Tmcu1Jh@N>?pUKxmKU0_!KP(L{!$Gx6d(8dK1l?q2a1N4
zi@i0ryR@muM9prolt>*JqW8-NaIqGPbw?NA`foj$fRP^x43{-qvyH(#N4IQ*ylI(|
zdKW07IMWZk;ZzQYU#pONxuF!nrC-*r6DFR@{0Zy;!4HgPC0<`ofx00V;8F;CFqz9K
zu4&Rsd=`F^og9|F@^uQzn|Lu^ptrSpHe&EW5m_WI{}%>+tI=!;3KU=aXjXHj_tC<x
zDdkX|Y(MsL@}NR$xXEuk07S0Mb)atchw>#gi7&1t=g#kJ2RBkgZ*@lO4|Q!(^KX;i
zw_;3i+eDsvy9P1FV;L_w4<SkJ@R2xofS+?=F_w{ts+xWFD&R@@IOb>0Fn6I!<*p{u
zDRy4^94Jzbsayb}ai#7xu@7BX!35(dCTM~)*G__?m?rP-3k=j)4Jw?g14vd%wHk-u
zt-QPr3A&ELag(@iVHG=#^Ub$#!@~>a<l<&CIeML7g^(dcE8E5%L~n*fY+j%Ee9#ro
z{ALGXmOuWDlOv~v)yhFTfn|#SikwwWTuKALz2^iLZMwzcNhRT}z+}_oL`cPFf*-v5
zZM)wBgyp;{OzMw$!$jWNXUh23qc<3ZCotlB$d8AAmGW7WYmP{Y3z>|22b9#Rq{!40
z90vwj$rMoEfG&aMNa$&I`*uzRBl`9S!QuFzn#{Eoa{hJMmyMXp2&N<6Qf#L0ElM3q
z?MlJ36MFJj9m~w*G3BrN{*xRKX-{6%CcV-5HU!7q?JJpdl|6<gFgE7PUc~kS?d#|k
zFd&N8V6p&SA`noZq(<A(sllS`4-2PMEk&u#n@NkIp^<HRSjA^eTwq4vi33U$1H<YY
z;q+rMmVKBMcLP?>IhiQwI#;4CP3aVIyZjp`&Z18iJg6N#@t@0jvSjwi;#x$ldZ8n8
zO0H><4Eir>;Y1*%;s-Rn?<baPXjr$$sr?fwRS7zjy_$iqAey2Bph%_jNKw>~$ZQir
z?j&`+5jT3B$5lfB5Hg(E+Rn?@{aN}!nM9yM0SBDVEc?_EV+ib7H8ASAAUHm&@7+Qk
z1sSk3?n%!_$TKNnt{Oz+o?gjy`5ej8NKq`>iHI11F3QVFrUk)}pJw`wqTKIGN4t`x
zP^-M8)<M{Lu?`Y-rT52><3TC@wPW<eYi71QewA%p-9GA5a}EixrPW+Eb`a?1)*%%#
z6xxx-Peh3ZtNsE^X;V40ds&xrZLFLu))Ay(=oF2|{s#*}ccz>58x1O^+GXq2D5Z_o
zeWIr-+llKMr=^WSe4mTOGOyV6YL{<7H0Q5J9E>}oG`6cIJbk&vB8&#1HI^;g&8~z}
zOtyJn@Gzx`=jbAJk58m}i;Ye=IL{~0%a10!Z&)CPi6X=v{4aUEQ20n-I!`|iLtsko
zMIkM+aUvF@MER`2Asvn*{u(3jzZ#WK^`so(zWE4y&M7*V$dX0En?U#<G=Nhoeo{Yt
zda8viCUi!vqx-zNzu}Xybyj^fVy*f3ne{ZG87Av%PGF&xGpo@}np~i+BvYK(*shJI
zz8jXm1eMSzg{opgM+CvNJr}K48c|!RBhxmb?R+vUe`Ws}y!ctGfV6btqT&Ah%K3I)
z%e1-H)j35&hP~WK2+1d*yJ4c|dH%Bn$Z4eCv6Vvxc~(rY_6;PjtJjLll%r@ci_(D7
z4p3NexW3(>VQKrge^qU2K*a1K=TB+>@jgv&B00@0uC&s92(-|`t`InVCjikxiAFu*
zMIwj<(Q@t1!Q;rPvOTSIK8bx^QgE4)p-160RgxYrP<)(=#op<J%)6c2ch;mN0Ldke
zHmLrd`zeeyZOrh)j1~GpC4M*ivn^!v@!1-hd7Gw+EcxtWkREjI6MJ6>{&abA%n<xc
zPk<g&3nptqtq{vH6PR{G)=R%^0-=1Kns5zgE7Wb=r<lg~3)=3vct=!eF`l+B+pOi5
zEt2@o=>5fCKf$LnqguuA+WF&kHo%0R5ymcI7K{=Md0w<E|83W%m6s{6s(wpD5NS*z
z87n96Sr-!uiweU60Cd*>yZ|!l==nO*D<p1ajWSGn=AesyHXJ_E;D1kd4KGDK5xL(A
zr;k>*h5p1|YO~;X&O-oQJ;IJo7sTFytPlWlRe}#XfKj_;{kzsS^7#NaJ#$r%<g4e!
z&@&Ecf)#oem@bIRmwI_t_4rjnboosR#TfbZLNE<sYfpbz==D-dqpn}e3(w~Z`)<Eg
zA+I7`l%LjYB^x-k?lJD~dYpffkb5qdZtor_k6v^YZdY?E)QFHwGo|zEM=G&Xdm3l_
zj^EG_H1w&kG8Vwa*wItAp#V7)7Iw4e{GO<?f3OmH<8fa}$#@wL6n$R#OXtcFlheCd
zfbMepGL`?--=P<IidWxqO@y(vLLT3L|B_PBMSdnR*_}|y)&~WPox~1~rebHar`Y3J
z13&q)yujL)N|oQ8_*e8#Bj6ovbuV0CXSsk6xCs#)7*R}pFtOGK(%tF&?IM^sDY}#y
zg?SrnW-VCa<X_uO!&NS6fOjLReqhzrU1(?@!exs6Wc^E3);=Lo%kU70Q5>DPk9M==
zte+1BLBz~ut1eVMuIY#ePzXXAH8N=b4_LyBZ7hV2*Re3lS;nY*d30Ii#zQGVYF#B$
zBl&<8S~p#O?`x|4Im<}%jl|Yq8g-pk`!7A}A2_~^t<Yu{QV=)Fd?F`Kxv_IlFLH0a
z8*01XgHoE9A&8aLjJ5}H-$R9|h_m!b&mncq!xl>;)P7z}NBI_+tHzrVD1GO*q2;rM
zph_6QHE=rQhQ3l@+_^`ROgd943qz{lZ1Sj{RXc1eT|N(12N>9(i+V?x2(MQs8GaGS
ze?}vvB`BxHau$bTk^3ir$xezbAuK||WeDZM7N(J_su9#zR-GWEkHfcRD^J_qS`Q__
zLq;g)U;tg0INzJAQMF%fX`K7PIy_KC4k<VI$~IsK<n9cN!w!-O^UXU>RfFBh>#Ke+
zyE)`Wyr>5%+}I69`>KGLp(A|EJ@Iw1W$RcRs}4d<ZzW!K!%75Y;qo1!An?pT_;}N!
z(Vwvtn1rkEbJJi7MG3{m3cb+__oB_8tg}#ztDz%we6esdV-A?TV1XQfo{@lR!hQ(G
zRWXiHSUOeo_Yrm0aMC(5x-|Y@y%eeQ-7BqNjySXmaK86MI+8;d4!%;>D}M-VL>B?p
z61HQJN!tucMRW0_H?afZ*z3rh?6QFm$+B5KBZ>6)zIb>>gzygFgaI}MGtQOub3&(8
z636-JBYB;BABNB6XHVoDTVo0|J+x2GjO1W~$Xzb~>@Y<0BbCr(;6AQCAu5joRw+2#
zW<6Jt1e_iZSU3n#iQqe?Z@aB`tpt<pK@bsYb%~&{k&}2G3oh6bbTHYhMlKrpTRqGA
zbry>!77#<qHZ0!^E@UjUMl+yEyw6|yGH-1+b6|qfNa)Ys`s<O@TN!lf^_)H=`5-#9
zkfqXCFbBfToacOxT4GhJVPPk$k*4^><1Cf0hE5rA_+BmL_y}Jp7AJosDTlZ|M^DPB
zW}0PZ;HO4Ejb+K>8xDb7C+-lH@a#*>L3}LbZQ~1e4D~g|_owcfGQ8(!^m^f%Jxi<l
zcUI7f*<%9^=*hUeU$(yg8Zq~HAc>#-XB-{^lL+Z1#$1@NG$Pa}`qL9ZF=SAS*oWLB
zl_9N_L+Dd8d5&LG9A82B9PbhqR+)*e@P-r{42BgxV+J-7K_|D_je=MVGzc&;z{PR0
z4sQ*Rm^Jg0BcmVG<za0JiKa-?->+!g`ln2cjw?dy4cy6<)`s)e3LeWb=aO{K0)5?N
zmS(%TJ>H&rSwb9sQd<3asByS$DIe||>6B7Geu}_uBvp;!$%uX6+j4l%TKP6Car5>&
zzKRR!p<K^@j8sa<j=Ei`@yqR`HtBO0s6l-0%5oZ3c3Gawcx#uzR$hY{(L}LRwwC=6
z)t0DT5&tI(^b=H4jmePwujQcvXZ$>Q|4k|wI4Aea7dw*}sny}2&>^XS9D!Mp_jQex
z8;li1sLOaEfwQGo4A~1+Jo+IOz7F0}{FAv=HOlh!j7o)%(h9)0ANr4592EZAYa=5c
z8Oj-6SE{`KL-Z2MNF$u*^Q;lk_YTKIPFq0_ElSpYZ)pU*FO4h$c2vL{`o_)JzNG2A
zF@|(4UbJcS6w@1a!@1Jd2JO$^QpcDen{O;sgsEU=F>Id9HZN}*e8FviiA6~@ZZoty
z%BWBhTd8X88<m<cIdi+fJ+~AAj4O$`6+f_h=@3N@zi<^CedNJj!n6n1wL&*B3K>`t
z>2UgORu$8DMlGOc1d0T;ciodhquxal7;&MUG<s!~?+GlP!|ocU^DrcR%Eu(%`bs~G
zpxAMykJMx&(3L=7=S`)<-@&e+^zbuiW0rL!nJnLYsr|-LFUcN~z#Lne=7TM>;pf9O
zd`mcy>*y}Psu;?241vZ8_}D^vNl7wWDo;X9*M#BP14v4ev?-jytaK2nn+HVtPT~c*
zmPL-IrPfY|mQbojwbKfoeiFSBGd225_obS|R@Kw4AthI;(Y7GW6evv)qv1Hwic_Rf
z{iE&i4r6cpIr+<@*<-YVpnT^?uL~88q!}02&hF`Dl%)RiH=|oh=(uUpg&7v#T{#!g
zur~{X^gOVI^g$LdNeYI^l9!`!w{;|Z%t2A^=*(RK*XlL>akkT(XcS9$2`J`>jQB-0
zKgUo=`TZmXrPGFIeL{5vVy!~RI|nP-jRC9t6EJHQu=~AS*cv6<<J+CD#KO+Mz-z|Z
ztOy;yFQjR`QV0e_g)QLgk?7^Ad>N=f{{5!2ag-gR9wzPO=x(ao@jiTUvf_62EYbOO
ze)3jqsT5$0>}*iQ<ZyygE^pD~{BbnEEnTtd6$}2=D59&1!x4X@ou%S>iKX_Yh%?yZ
zvNp)f$7s4R>Y3eMTh+-DE4~U}Y^63daLW-^!2{}DiOG1`!_Zu*Bv-m<O9U3ja8uty
z{-s+u9clye2fiF>@S#xHO|2}w-;=v``}5K_lHe`w*Oe1+l?wxwy~)0$FSwpLxk~4f
zUzZAynS>cu>h!AE(^x7Ly|=4)$4|I`x2BW!#-j4jR#oyQ+E&6dIk&FDTC)@KkuX?b
zk3j!!v&+Z*gzJ|;n#F6R*arf1X>W}{=;~p$Mh0=FH7WfvA59jd06*AgG~mm7Ggtp@
zc7Sj!Dd!i6?L|LqKZG|W)xu&53{iY07LvouWi|J<1<P{>2mhfLpKM+pLy13`pk)fo
zjU)Bg`%G_dIf+-@Y=oiM_@V|Rp=s&mDGqdiU&pdb-Lm=lSE|Q`mE-@Ju1zvJwuus=
z5ndqA($gq*Y%&9UiHHYGI_#7v15qVgqlbq3Z)Qe^WRpoV3f0s%2Kr8ZXJrk=;$VUt
zJUY?qMY6MBgyWLS;$3(3U6N(INLxoBBxdStAmuJq<QQR&x!@?-F<$-o2WTL!p`VWn
zOo^*qQQfu3vb7|)6e1v)CjI-gV}XU?qxiN#$>W`jKFc6cWD6%Jt<imc@g}Kz?uU}M
z^FjfeS6Oj8ObQ-AT3lLU`pFm<?_CWRUKaCX@Yg@*l;zu75x(tYAY9*={EVcV9o_g~
zh(j)x>Wk6nhi05<=DX}|U0T~9eHM`}(IxS^3J5LC$HEctYWcjdLC=d<!T*5Qm63g=
zON&jwh(E)FWUF`Go-hfRE}`$|E~n|Hk#W|xs*AdL?PTGuVXr(3s36nXRls7@&F$G~
z*$EdX6v1Uoo_=320A$nQ+t$cXAwjFK@Wr~_z0`~*Hp3U(SUetl*F^bP=D}0p2UJo5
z&f#Wk*;2B2OB4wnt%1$0#{^zLphE4RiscdKCC(su?cHLblfm{}sUn8a1c$Pj5|>3c
z!XP_zq&e_ZLqM)Z&NM4nfFRw|5@Rn)ID1DZT)lo?!oZ<0emK@NUKGY1fs(7g%w+{)
zvwJ$xrv=k6Oyo(F#(XyjOO*77c6hA$Jn3GtDEh>4+=yr#e4drsFz}hIBxrC97jv0C
zEyVIh!9x?YYtSIup-B{EkG-bY(g0#tVo-#fUS%umYj)gVbqKoaCdR5ec)vYuRyA6E
zpg{7-p<3jU)Q_M$>I=x~oNPgNBlVWNSUHfXk$;QLV`gmiAPDGF6WvW`EYrQG#8HcO
z>X3LVMq#TsbHEVEbmY<g^TETj+0;-Waqy@kcM+lF7!s&w@BlF8So<#gHR*Z9@_r@$
zmlEV%3I1a^9~<eDpe`0t`A%yGgdQx{u*q!lVhs){%~~}6pg(LBLwETSq#24Vx!RX(
zETe7)-Z;08eT{8_!fOrCnM-v!4?uVFQ3WMp3V7xQu@+G)uyZqjf6=(!-<@&KYZvUP
z-(;(XAZTR)Ti0;vOL%X+9*fZ{TbA4Wd01IbO-e{#DmVxM$lq##`S&P5=Vh|;PeK#F
ztrs{GSp2xDoO_;N%jtQ6RLV3#XoWxZV7vHP_!7SUb(yOXmCxc=@}h<t4w!KI3EQE)
zP)031g8#Rgm=Jh(Z*LyKmeZ>R4@%UMa|p&VRWxv6Jv#guMf0wSm@-qKb>3=2OLLkb
zbU$&#TMJ6;bZ_n8@FC^VC{VgSQuRXZV*%u0H7Ss{xltz`z?n0MQ<B@i2b~4bL18I`
zr(8A4n1!5$4P>dbqVf@0@HSz3X~~CQHd+=<2E><Os`TG{GaUovixE~+%z!vR=?+)U
zJ*|@beS&TZH!v^LYFXC~39>cOim{~vQpeU)fQM{sf8z5x@teQZXx{D=fB%)iWBHeA
z%XLr-dD4agmsnIwpF2M!iSk#))OgAR$RxE4JIoQy81bJJ)!YT~!Z9rrDE@Yk!6wc^
zLz$YU1cOC^bUa2F6xJuAGBI3M>L8@2b!+88b`GX8?m|+M8QfXlNdoVhf1c3Bs7dgd
znk<q=QbW>3pirBjs^@K^H&6qEkiWJ29D)_+A?dwsNnboyT=TdPV`(IN;o4B^K$7uN
z4_8|Cyfp`5u0$VGp&v?7oP_lCiD2bdk_7GgvToQ{+#GKP2XuUC4s0*l{6ps)Lh;1S
zk_a-t%;eBC*K&ESu$>`NG@`t9ZlEBZXmtjYe5mrVBSi(R_(<UTr~v~{Ex`_#`$1k#
zfatxk^;Q|wz2&2U<%g-9;u_l(EIjwVSWMddDqGjR9Lj^zaIJF?tp1<*hjDz&_1njy
zNpa=YdPb=KVBPu{L!7hnVwWyjf&nL!{V>jtul7|L_&KXn?|EXBw-KfsGVbA3I>Y6B
ze)@Pd(X!uhD_Ac}B<@4zV?7p^1m^uE-$8Hb${}xyN-*ICR!jKLW}r2ivn9Jxqa{9a
z&9V~~QT=9r^FB<Z>jIG}Zv>qGii=F-Z`YB{)G$JL|Ff39s93RxK`k`S14B2FVc1l{
zAZu=v|MJB##q8vFEIC?DL%JkJ3AW~)<WEbC`$28EAmF|qf_6Fw9Nq+|O=RM<dimB9
zY5++bhQWG_j>Ggze8S9MJ|5f8GURs!YYpFj=IK-Ls2?n_@4xVeafvB<X&T;aRk_q3
zM0`zUq|%c>`EGtJ+6Y^D`h@3#!H}ufpNP!jW>o{SEv{7B8XunL&=)!wi}6O%t{TRw
zBy<=GKow?_6~r@nmpDq4qIdUCz+2e7vv2gzi`H)*u`aEC>`3<i3rgY3{bIlV`)oA9
z1g^oyXg&-KczSfo)LCeZ;oi5Q!t{R~nZchO4{e=x)rSQhdZ^fa;=dgIM)pJk3xhk6
zF=OJcsH#C07bc*NjWnoy9oZ6Kal@~m%a~eWJm*n)Ql4MF?<%XqgB8|Cz}{S3<e_u?
zu3v1u8p8YSt4RLN&W9fk@5`fQul;pO-lJwf0-yMuDZclxPx<`%Y)V5%snj%n;d~8z
zQPj@e*xxKP4P3B$X{I_7DcmyKWknAb`2QMwR@k~j(~nqOGv;48R^Avgt7GG+Ir6w$
z`^TN-Cc<n*TlZrsIk=HWEmnUi@9ioim`Uxx#xxugp_ZOlE^!uV0l?5kS(z(!Rj8Bp
z&1Z?l#J8J9g4q_5r2xsN;XI%Msk>?EN9I7f3rxlFBSq$mlE&h0u}oNX>CVvX<|CNC
zRP!PmWdhU8AR1s0uCU(R56`p*n|0CM^CtAA-G8?yZSjCcmZY_jG7!j+djY-wGP|Mm
zzQXsEly~kNljV2BX8Qy{bSkFA+ZC$uBxSQ70MVLT5(?0@<Ip0}oTCu4U0*i8dH#hc
zvHCAJ4liZjpOkvODe5o2SAXmuzq-&%vllVc5`e7|Z^TLZ>iFNZ2hybbHx{XpyjVx%
z3?L=qgeD{UbJK2w%;w_$gI3=ZS4&0mT<4dI48JNlJNpr~6xA~jK2J#WJ?-B4*ln>y
zKlqkP7LT1$q7n~yrWwz<+b4*8j05e#E;yh*xK0qqrr#GnXtTj4&tpoTo*d*W;Iph~
zGQupHh!%JPgR2Dj0Atl_sp<Q>%Io(MY$P_Bng)->rm{qS;Q(yPaz$?T&e(%B>^LDb
zrBHET=!p!oC6ESh+KxXJz(J=q|3rw${y)1&Jczr&;K&@v;3`a<HlCl17j{Atgg5={
zZp%44WAEL%DkwPE?td$L?~v7jOL-HyHK8kpW96<LHrrH93o(ts_~q%Epmx<T@FNL=
zPl`bv*6t5k!Kvi#u<=mjd+K-$3x_fjrARPIy>Id#>hZDW&2S%Vs&qyqp!r2tp$v(?
zn_DEh4-&j1CL~i~q+KERzO^&khghwKqdNt`cPuIkhcgTMmFP*$%F3gqT8**CQe_N`
z50a1Pnrp+4B&les3r`0(xxXAHA)RnS+^vCYjgLLBE&O-DqfUvy9h$cl<ntEU!5y1c
z8{B5ooZ2f-9{&kR=|K~~Cp9F3#=X3pqtq@Sgy}miVod4eQ>6(#nK{aoE?2*tU&}2<
z=l+HlFyHC(7gCHOo>P|{E3=4g4dd9|#B~)veC;m;u&lEg7_HYDjt&nNMgyFnj~Qfs
zsU%fNXmoVqqiO)`&qH)cmfR-kdyN{V_-ri%VsQ}sv2sqMfk~ksi;tMgilbhKdE7M=
zp{dw4=7acv88O42gR$PP)O~RJqQsmjlfa+x{E5iXHbs$=;94W$_p+vu{WNUO4{nX|
z5l#f~9HG@Dd|!U(@lkFwOt|S}c+G(<U7={Ckdz$8D@I1I!7V1Z*~gOl<potW0J@&$
bgK+1F=^KA)H~80|Re-p#v`~eBj_>~fqly^;

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/public/logo512.png b/pkg/webui/ui/public/logo512.png
new file mode 100644
index 0000000000000000000000000000000000000000..2bc3b0b03aa840a3beb5879dafeaa47c65dd1ce7
GIT binary patch
literal 26403
zcmb@tbySpV8#nsQFvt+XP?EwBItWTBEi#0pgft={NOw0gC@~-<DWM>UG=g*qBB3JP
zUDDkR=V9;te&0F&pS4)RTHencSI6%PRa23>PDD=x0Kjzxc^P#8fP#NQ0r)lW*Pdtp
z3HS@*qAn)|6m>E#0{{|Gkdf5%G+cX6=*ehy-iFz<k74RgNMSwHD?rAb?x<GJTi(9I
zKB3T_t1ct?xY+J?Ay<cO`#gjr1nTUHQno6MeMS9PatjR;fk7mrYZ=u?rJ~qtH!nw+
z-c=~LM|zk~dMu<YZg2N|YgpYqU0?H<OnUz!Pyzu2=u&nUaFL-BzQqc!OQl{T&(xH_
zPZZAPHrbncFgLaIvuwEJ+Ur>~at5Z`v?_OuL~udNT{`B}ZzZ>fR!~15M%|Isaeo<Z
z13L{81GmG$(SQt$>4hYkDnOKLs54Xux3l<%4D)+XpVYbHMm`#Vy<`U<NK>6?O1LIc
zEv@UOp2=C4Gj?`p%)7nv?@xR^EC3h21wf|bs0IVDFj!f|ILYi80mY|Y9iq*V8b0;j
z@#q_HY@;j;3Gh-N(}94R3OyQU!<xqdnxVq?DpSH|6#s^?OCrC63n<2Y<G3XPo^hRu
z$PPHPr&$@%?WBPR1z9gd7Dys5z$LR&rkXh%kPiOpj9iCkcPqU^b7GW*PV>hb{Q%U7
z6@VbJ?K2W|5tf#hozX?Jf+Z(Se`Pk^W-qY1e^6mKG6)=dv_}!&jK!KKeIf6$=i|ug
zqOhH4<U<v8JT~}E-Wc+<I)P=TiUQZ3fXTXWrLL8`n;d7LZFTeFCJc?#g(86OJ3$_Z
zoF`b9&*k%q@ieU#_-yVfk`CX*9#Ma!K&V9lFs!$@bSob#??L3+H2Ld%oz@)o#Vp5~
z@AmxMZuZ!CBmiY4L<6`_ght5eSB<|s3`$3$SBg}hzpFB=nV9ad9G@iUtKwmt`|Uon
zi}`eFcq~?5$=|()!x`ADcIZ?olD?4yV1WoMfOti&f^NJSfb2RWW2hDrh#Hu<rTL=#
ze2sZ25_6%D)76#gWL=U%a-Vi_iwKJBW`@9lKiA-a%1Eru#X#<Z4!f#X>IDr#=V4qs
zsgcZmUk6MuSwBNNm--`4Tg(Vm!JEc|BBIF}h#`P{hsjK>PrXf&4R5;S=<=L)_jdnf
z^1{`+cjCu_fcfih3&^`h!cfQnVIZbo?LF-d0fZU$p#3hz+vvVMuj^BpE3WZTw$1Mb
z%jcVgSy>;V(6oxe(10+Ishq4$Py|96UHXg}X@WZ4KPbnG%<hxG1R4oRttWmtiR<J(
zlfkLt02bOA7>ttw3*_M7#OOv)R95r4_*O#yW<3hoC?*i_o1q=`OL>1rqyGIhZURtw
z>9HbfF#U@afU~CpFmw|EFdrg~-gCo9=#eStJZ<N*=%H~R{t=bpZ-+S<3fdbRx|nGf
zGI}adx67rGaOw;-1(gH>^2!*EMjAuQ6OM1Njq*+NewdhYZ*3{tU(olg*lgd5Kb%T$
z$6%s((yFMYiJ8MC(^)||3&RxyusX_|TDDqz=I8azwIN$~Etn<V9!%Klynxht*W_$Z
z+K8Xd$&9E>90gbq@WLR7MpD2WfMu{E`vw~{t_>zlWw8vrPUU8Hoam))UmovdczD{x
zjkR#)g@J@C##19Fzk$UHLEY?1RTk>@utKYrg~3__-4hlD-0YzZ=Zhlz%&U7VtN8jt
zvOWUAH{n?HB}i}Hn@9u#Lfv&CB>VK|1LBYO=Y%TzN}0WUED`RIz%oDuZA=LYIxP_b
z{J`Lw)?)ZPp5x7$b{~dsa#~O(Vb_ImJ<Y%4eix~RUsJ;UCK#HaFtjle{Nx?k)hCRd
z7e1!dmD@g=@jI9Ol3%(A8@bVdG*MzG3V=i(kpn;v%zDfs(xj#TO~$$Gx@z-0w$1RA
zpyOgyiY$xw$6!i}xXZBgHC{+S6*(5b>B~J;{R^9QKbT_3fs<nmus`Lf2(gXyS9gRV
z5KoYuP~*iH`aRdPjsCtF&d%5AZjNNGJt#T<YG-Z#{$cf4ISUDB%1%I2hW!pe0$?k5
zT|`ke>gh_$&qF=Wi?a;?71c52R@!AOk_Dj_2WoIeg!HI01#Wkw;inR$!T&<lbywnI
zx+b)Wu3Lbg7K?7UA|oRb84a#=d1vSjK?13}EsBU7833A2!Ez=B7iL#W6k-s`tR_w5
zs<-vrH?CRz)9yRqI5<Ai|3j(Bmp4NXe*&@V%Bu6Wgcdd{2SAbj;*TGblXu^B5g;Fs
zp?b7e?2jSeO4LdFn9tNO<u*Bt?-)UH4cUzXwV31@9L^dYw|==_wf8inCy)<yk`dAl
zeB1g?3-bkOwiQIyirkWbDo_IRzt1<IXkeNW2JN|`W~4Z48?N!_xb%R-J^tcmW(;Gz
z^XhV}RqYFXv1emL87CEt)qY|Cn`lWoL&Gj3RWN7;Y(Ohuj6kCSNQbpRs4lC6%5Ev~
zR>!Hs=gI`k-y*!!(Y4#s9u|QE;93SsEYSD_iv^(N+N-tU!}5@#IG64AQHS0e(jh*-
zPdnQ%k8gf?v_5)62wEe14G%FK2*7|~C=7;>pWVNl9Io4do~_njb{{f1Uk<*60}yFq
zn*Sp?<ggfSfd7<HHtF^FCF^wItvAalWaAq(_z0lr?RNlF3M?HEfP}Lf0C7p)Blw={
zKPs2R$R_7&ZvD3cWE>t60RxGc!I_ZZgL>i?L~{sKH3hXGk#PVw1l~eup#ZwH;)>nH
z^~+m%r%j2BQQw0OuJ2v^o{t>*VuZU14E;0)pu><x5-b`4O2UPl+eT7iU%Iu0s?5O-
zGToUSjzxZ^eH1GThye<#!YkLoCpHG_irs#~*2>9j2vUhoP8c5|2jj#@-K_r3ijWrs
zEr#-`M1vD&mPW2WLFPw4LAS*5`s;{9Am&^|df(*AW6Tpe5P~=B_LvJ9Ao*C^hOvmn
zoL#*3=(*4QZQkpdBVprxQQB9H7FWVaf<$6Ln`ed_yG|#or1K?xAj@RFg<2a89Ld57
zkXR3h@ijF1iVWmb?@zISV<!=pWV*!Ft8A~BhX4h##t{OUhTcecg_gM5lK!79K@sA9
zjs~i*L0L#pp+IU+!!5mbhnkn-rdb<Zc%YYG-At))U|?{>hP?@3&Wx{v^3&fTz~B|S
z0F|SK4O3T4`r6UHMc~0^pMa-yPCT~zNYQA9b#yd6m0;||QDDH+w>SAXNkYLF2&c0E
zO*7#f+o174Try=gMT5c^h(`}a{(qNZ&F42*XDvdgxIex)(x{kpR+D-oH*&>O7*;LS
zG2taN+Ys|BJ=spKNRj__x{Ye$kv;M4iaI7&#v_6NcF>*5OC>%vwS+m+A$9wQFUS&j
z>QHaM3w%9^u*SQcuD4*qI{Iju_m^u|?wCElb&TG_ylaqckTA{ngW6z}!ly+xg8JGM
z`wFkfVLIM#{l0(bKkJ%?Hr|J`|8E;<B(@#+j&41`@IIdrs0P1{8S~L(LO=>T>OKe?
zP(+`~)R;9FyqX-3`#Jmc0UQRJ6C|?OF~t@-jE@+@q@KS4WdNym8zj645CDLbfCv7z
ztbWfIOuPrz0p$v`!4L#I80|N<hNoC}<jOl4JMVT{UzuCIAN_0MS04SqEA$qqC5VTn
zGV&adH7L&NVZ~*OV;~J;_#LQ+=1>@vHGRHgF|=n1JC16)hw`_~p4^dP4SW0+iQosN
zG&+Fo`B%6xO`}nR)4^sGbAjalG5uH8(4#8+C<4D8Um|-i5|M!9MP6AeI2<OAZcn+!
zXMLSl#@1kNO`@Xk@rxLc=Fy+X<=MW$iixKSD-pnC)psITD(K)H6^T~SjcnkzhttAZ
z>%+OKUTyWa?t)hQ|NXyqoqs6r#Ge$(?aCz2tVz7Jlj~sttq+_|xan3b;0{SWd{5p`
zo?iLH-98{5B#t3SFVBzH7!ZyM0JKqrH}zc1A}Ag?9Rl8)*}E7Y5&|nb7`NoyS-i=u
zy2lU4%2YD9gvf(DkQs)@U-2LZG&(#?Zbp6K4Vs3b)Zm`}pkf}~g8LvG!FB2U9I59z
z=7H2mWEi+7N6Z!;lo}qM)>mW0*K&cUc7A0WU9o6Skn<0}4i=2-$@tzTUtjIP=gS}y
z?h&uBf4(q4u-4BCI=PEet+iRP2@m`BF>5!f5${`SL-tHR-?)mSMB~V>A51SA$+*@R
zGDz$j6H{jFcpxrP5jkCpk@vDZ1BC5nUe*r@)HUmip(>snT9b)Y6Iv!z$Kit8-<v%c
z0ZB!_@#68o!k>o`v?<cz`0gZTGL<y0b6hV5K6x|3u@F(uh14XU!%ym$>=}6+^aiu8
z%T2fEf;mjs%z0tfg=>qnT61?jH0m5iYf6-O`)33=q5F1)&q7P3sJ7{PGG5uI-gs=Q
zWg-Ra_2kxwEVzEi;L5UMUEGX1*6AW0v8`ZNR*`SM4|#rVn94xe`^}48`iAXLiyYp#
zFzn#q$z7+4hPw(`y=ys<t>$MnFEfMDz#dfHCduP|hQe18J0maK2HTWmeU$1(f{5H-
zL0&K)(4l;KUHCi-sJI+R3nq4`&N``|VRrxZoKOi&0Rk7~-PvFMg+kCW<=PuI^KDVT
zhtn^dn;;rl_IB@V-V4|WsbmfH7ot5EzKqqBq&R+Yq`d+8toK>HHuhHMqlV(#<CbFJ
z7d>hlir!uyPO+OfswwypRCj_(KN=^rTmQY0+<|fFq)sDpBeM92=-#=%$(|sJiZh15
z6iz}lP4KY^LTN}@0s>x*kF`%u5Fw<`(P%hedr3^2DR0nh9xQ_Cwzn3!qyCN@U-c7!
z>zF>Er*B<G1>K$-Bkv$@s$o}45o-8JD?ZnIH@N*+u43}58wv3nJB8!{Z!YrFXMc$P
zR@i?s(bi~jrnm*H>{hcWg<n>)QoGR<l)0Ja)GVX8c7=(aR^EK#=HW2qq;lX_>8{Is
z{fcaeo@mPq0%n1hk*7D6e;t>jO<?~SQUVF79=XO_0ZTs9?09g1^-o@`!dp{i=Y{wQ
zyVZ{0lS9+y&nQ>`FypIjK9(0U)-+0?Z?0ITojNlbSjD+qxVik<^$gp<xkSWUzXoz-
zI8HEMjH1VC%91g(ez#f78;4EA`s$={<ZOi0K9F=h^W%+K8T&Wcv<w4pt+*w47%(vu
z@|}7EpRaQyD4vcBIi0k}R9v$nf9j`ipGL9B6GUk0xsMzzFz3CV%On%d_pGNp?9uwO
z$L%%kQC;wThxkH<lKSzdx9MykYBot+;@@7f#@%6vE6NyX`Cx2H{l=&a)o~<OEIB>F
z6~Immq@Me{Pj*}@^C=on>s_{Z9i|<t*ms;6^;zRktW^WIVIpL(ldo^JojpHf1KV#4
ztC(c`l{x)7FQ;;9m<Z5oIE!GjUhbYaSS_t|v#UmX8?LR4?tgQ^Y{?=!XZmRZp0%Gb
zu!%M&Qa+Ag0sh*JSLuJ1*7%W+=Orl3(#I%2(^a?6>USAM9C*4QlP_voLy1s=q?adk
zQD*lvp}uEJqh1@$-b(KF7jSbaAscM^K4`HE<^NK@p7+Amvg<2$ynQucn``|^`{BGY
z??_VUWK!PL93XmF+$SCITO_-5(MTz65AJ8;eb-2vS`4C=nC3-jk-I9L^ngY()%Vz8
zZDSRTa5jF=b7zp$QL%!_*~ds3X4|0KG|{DeJZ{<B&iUBs6IU*0rhUJtbV35A&HHSd
z3r6clgnm`ehGko$Y$vMz_z3RkwW<I(M#HD;C#~-&mp?rX@pAV#I9s)>PG<n!#KTG!
zUTHcD!D5pkkygfQ%EKv`r=`LL-iQgm1&{h$EW>$q`J(<Cwk(D=z0$#*Hg&dH2n!0~
z(0BkLP?vE!JHLjRV|=7n|LV5enXZhr!*ESWK3r~#B^W)Csz<P^xlG76*}nyaAdS+%
z)N^XRA!_Q6y|^F0ozRnSA!40=3oKs^w=QL;g*)tRVc3E%x;ImcGAe>MkI$d@nPaX(
z^SRRtz`v}pviUd^*W?*8FR#5#|K!}4M&H5fKJC=jN)Q$&r;)h1;^2@vd&}2SaH56D
z`khDll;>l8A(QQPtS%f2Rya^DhTe@1I<Jc*%oe-)hN6mSR=h{?D*K3)Zk+DWp{Q4h
z1KC>@D1dk33c*D>^!|$ud)jPwJa+JRs0USLzhRtOmTcTxkAnE|4`VIw!mv{_*T04)
zGI~Pa7jMoqNuR9*N%R$VJzQ(sRM!`(*qQ?>X5p3z$3*1ocRDlcJ|Ka=D-q^N^QEEd
z_2ya)hb*oe-%*D)7d>I~4>ofNta?&-sz{xFNuqkTPZ_1|V&w+=D?3<K#@$p_ug~(f
z{U!$PIk=N&T6Y<c3_DhWnN^f(14lH+<?)u?$-!$6?}G@j67ft*d(V?pJ$>ygMP@>e
zyJ<gkFH#jB{UN<Sn`&hz($ygH!TE^J_3wt!ICA(k&qG<EN4q{Dgu+Jd+mN=NUuhD(
z)d8>LFWjO182RWEXd{2Uk}v@tt4Sy>1vqV=o5*7B9io|75$O=l(d}wcGUwP;N#M{F
z&+6AcR86griIX_mmTT<#V|E}O&QI{6>UMyOsJ~3Rc8H71+1s&A6^+QgbLz?V(I~ju
z`B82euywz#>2q5^CK4Yla>i`r7hL3b=1-7hTf^S+M$YX)#}>w>AbW{-MHwCMb<ig;
zK=#hxI<ceT5oZ4Ft%L*D`&&gR4v*s$dsf>seB`>7v;8C7X-f(n3j8s*b9SCc14m40
zze&}bEhWvL%?CZwe&PkzM}Eyk1aOiSlfCRsvQF?~BlnZ8X@=bn)T4y=W#<dSJJ&-<
zGWE-pd}EL&tE-ov^e}fkclzSZ$L?9%UNpu!HOu}c0tSLTO7pCfT?VNGD#li|wL?q0
zcx<ix`MUp3*Rci!AJ{7El!)%>e9(IGq#LTTCyV+Z$%6YVAyj_&H`3hdLJnj2x8z1i
z`{?kalp4iJ`w%s)Va_|i*Ad&5+@}MNy;{4xZo72Vq+Zh+5EgPQ`Krm;bL8%zTBq)Y
zHJE;Cl55>Gc)dT_)%%TCgvM)Mx0DoDih99FmqET4qsc=Ar^mbA6k4&9wbq8Fna)!R
z7na8?>puiZe{e~a90YCcJeJ7TN$?(tFp(Sf-Zk<o!~YD0H@~Pj{Q<naV~mDXb&q}-
zPYe5Azo3H-`(SV+Ui7VWPr7D!PI-W{QwWA#e7fr(?BB)b+W9g2#G~vj!52>L7RU`!
z9+QyK)WP;UEk&Wi5$Gn<Z_w{6qgJVp&FO-T$fG~aWjjOBHa7L|gimu<a}$RfHyiDr
zk9MW$${aTA#I1(WEm}|~KU=633=H6fnlk^^j?jI6Z%_PlQ_SunZmj0*&LVWspRm7j
zG4d{Tb+*{$c`Iq(WEbDS>K7>OoDL2DJ!c7Gugu#yD1ho{q9IYT;owN2Y{<RVlW)E6
zwgRU%?E?kImTeN{d9kcpbi^!H%}y03P?sLi9JW82Y)p=uL&31oQSr1WHX#N{p(x5-
zu40A@lfF$u%%q!1YLDA{x;f{eU|xhQGLpawj1d^fx*}J`%;|0!TJNu+`J^Rkfr%D-
z>vxM6imBEvMR7oP!Js#51-eAU^?gy=_w}21?{E$Z82`FnR_Aq}FZr%la#63wdgD@_
z@Z%e8PjyKHCpX6k>lr2V!fsRDrd<yUmjN7f;l(@b*Nfrgj{9uudy5{wH{Us(9~Klc
z5L8vX3PAkd)QMvD2?YuP^ax6o{vilm3bZVROPth$<-NSJN}<DV-(K?htp<!4pbC2n
zxGM0FmoAqEs_novRv9b}wZ4i%7R!xa&u<uQQ`DX<f+^a^ySB0K<mwiF84#Q^%7J&%
z5_RWf12p}QqH3Kc9Lv*Y?)m(F<VhobKBI4_uKQxO)!dNe#atRXm2_BOc|&rSzSQ6%
zxA8R%^jS)Epzy7OfhqsUkBdA<<oA}H4`bNGOyklnxX+bVewTg<2XJGVTob<0=Om6I
zk>G7A#{5SF1u9iOFt(+As{YRW>)E}j6DGb21NQIu1X|1C@{Y^uRc~V7?Lqf&HxEAL
zwyA8HD00>6#6G$dO|1CGCG=%IWp9rs2Nal1Bv_~0FsZ6!4f`?KkRRX2C<Uiv=j?xx
zDqsI{(O=0%$Y>m#Ve<+!${}N1E~#W;acOheW0V}7OY5ECB^qkwxV`*8#$eTAP2AU}
zX5qo6P;l+d*{<O5MDF60&r>YUOVjOi0abq<!my?OZw%d5#7AZXmaXf2zAyGc>KVnf
zlDyzRPg)Idt}K#~5IJrqp-R5tzap7@**o{aR*TMDwMD^}iU87xGpBMj{oMS{H02rN
zf}Exczmae<|0(n8uL(PhfjqI%X$Y6TR%8-bEE%OgpRFxZvO0?H5WhA1_*Vj+Q^u|L
zH6`)c>AX8nkfa2TT2nC#)mAaI)?T}Z%}c@xy>D5se@TQqdR7w7y;RqubsgNrQOl4q
z<n@br&i947ye~Mj-krAPU9NY~{5;bLDMd0As+*;YQ=@X98ce3P(#^9gcRhXfjzR8S
zAWze_v&JVweDp}{SS(6w!7%hDHu&JcRcCviX(o*#=%)8g^UBxb3~xE53mx@^<i$x{
zqLK(P^aAa78xkka>7<TwgXw!#`6!{tenC5W5~0$)34jN$-gX}48tGS`9qHWKFqUL>
z{1IhJ>&2RWlEetZW>@$K(kFJ=$C?Z<d%7b`rFq)g_l3tl2<P%2hOGgAn0mDC`ZLar
z>^)CT{Ah365LTl&9}7Fg<dIaI{{CC0rUy9AHf;3ktHj6JJ}g!DGJLgxOEk^WfpiO)
z3{OAKHmDI@N<KT$kpfajKa5p;{yBB1Z_Bt|S-|wfBh@QuwRfCzbP|GuKA$_VP2YhS
zWT7&=?4xCZ%fZ}@{CXnCtz7jaaqVnBxs8oGsLD1aIH3CORPYr*OS>RBwjpz0MYxT6
zyEg6YdI#p1P)Bf;#zloqEG7K#A>EIk)L@6_kXq%8rYM|UkK`k*A=}r7Dc*U7qhl3@
zo>sE-x%T}pTqoaAiq8X(X~Gm*wsAbQB-8WBknU=NwC7$gzEInT(ANS*TSWQ=E8Jjm
zTTGs_BtJlxtNX4Izt*+_-#}u+M3rfRiAyWV?-n=YLD{9FypGd6k?MP;=%;;4nK|2U
zOmFJc`R)^m*3Pv>4mp$+w+%*Ee`zgtQ9%#9uH__<TzntxVpeE&5l-%B(7E>a_wQ9d
z00EF6J{@>%JUm<^?8|tw{`4a9#|M|q^0I=qu{Wbfs0UwnZNRcSZADv<V&|jmn2DF4
z#1lyFXT!dZ#0e7VU#d8Hkpu18eo~86<LAzb)Z6*Zr0D8uMJCvLm8@yEdva0P((aQ(
zB|4QW6_uu1*CzN#2x$iO%-?by)NW8&RJuM8Fk)xv)XfT<%cyntCI>3TE23{)5JW-U
z<(_R>lhlZ%Co(^ZjC87^+}a^<=%sF`9W%fh=CeQ_X1cu0(W@3@-B|bg9Lb6^3QR(D
zxtd0md+idnF0D+nwV+<nK&Izm3h~Enq-bArpIAk1(JjxDoo{l&d0T&~OLKl!XO=VY
zD3<gtMgG~Nxnd(ZWB^voNr0Byy7fG+!(2o4#p;xs1vkA5tDjf@i=s6o@O*~Iyu_NI
z(U_y^FnQ$A@i(LAD>iAK*WV`jNRJ{BK8Bx0&rF#fR*t^?XuUg~lM{WTdIY~};l-Pa
zvLk`YBqx2LI8Ullelg(Rc1MpLs`$fF^xImEcHMf`FpH^Up$^ZN_APFH+{WQ!N#?hL
zC-nn*p5?kXh5&GTLon=?h&&bh{uozjAp~vgQ+S%|8YAv>@|sgkQx@o-ik~RbG>8c4
z@=VQpFUTw@^kF+9Z1BT1|MxnwuKtoj{(5}y8&$W{-vJz>HBaYj<Y_h8c@I9?4&Yh_
zCa7slBpYDd54Su;JHBW2Y`a)I{q@7FXFbtQ!)5jFFU381I*8iFXA=U+<wvii^Q}2B
zgY(q8J8aO_y8ic_=A~I-lEsbGS6MH44^l_=?Y#x&QSbJOw?R=(#*BC^4=Q`P8-+G%
zLnkj@hGrXcuKP;@p4KI!vhl%}L5GH!R%Ch~-e@l4O;`VnzAn(7sw|@+MY?(~RZ2g7
zk|?}Yu|1`WGP9>gCd#P)TjXm4&_$<uM0_#P61|WFj;zaTTH|G~X$FAoS<<UX=kyxa
zzki;`mrBHwVx8T+`wIT8sx%ZTe&d|4?(3e}8w@jhrM}QmLG6wASsj{Qw7w!Pvg!X=
zEt_I<p(eI7OT2R9@|&UrYkC~_dP%WU&FYv1<y0I5Km+U^qMFNo&SGU1JCzCbhP!|N
z>c>}I7<KC0fvBm_GQ&!kOYkZt-}*cDR{Mz>jMOLZ9S?bt;_gd!EuB2jG&|@ye0gAC
zJ7DdtVRyg+^rzmR(L3}|NMD|`u?lMQz>ka7T*qT!EI@~VHR2bXvx=pEcDl}gOPu~l
zJA=jfNG5wjrw<0-Tfu##FZ9%SejJo?XD8<+D^nc0+`-Bh+L-WrD3|^jkSViz{a3N(
z<*FxPG%jHpg<<6gUNl|)xv>%w)qW62(}Q83hXLGpM-C@wrV6Gyx(V&W!s`i+ow@!S
zce?`UvfO!=`Yz^1AS6QwwZAWP)4*Dk$g_nsET`C`3$BO|0%{L27GRdorzyY6bX>@?
zy+hV_;jjlIp*(cHuJd6o=V)f@xh*=le6WBoToFU|v!0_;qTFpRB_s9LK$LkB7tT^%
zeO0H>UiLv|I>UYHKl<fyLx0;Jv^W1ShuRyY>T=cm4-1f-WqA>poA!9y;|_3$hqFvv
zvk3ZMc*1I}oEHT)*PBAQ4$Wfv{o_})_hE9sZesZzN5}%5PI$vd%q>nXLM^`B`4t5>
zmg%B)HN6xrA*{VIvS>Jf_hQ&@jmL1}=E%LHX={h5^w=z1;QaT{Nw7t0pmkSY4+4-Q
zE~?fm=jE-%=b=WdSPp^7!ECp{G{1+eQb2QN)VUUm4`xnzO5ct1jbRo(`n}l=5%Nj&
zqMbckX`TW`*wt_@N?SGo+Z14S`AY5Bn08<H=j2$<u{{0dP0$qhDHZlYfm$HOpPlhj
z5DyVS^oec;XdT&a)Gy^PetRS(W3*#_JwFGY^Jw!oG4@&hzJaXmOHDj%)g)og#mu&0
zwTDt+$8)LFimeS6U8TK#@hMT81znZgka7JcRz+y|@E%z0rZ*$?H|631z%sB0EThb#
zYs`Ds|EYQUvo+E7x)e&~m<OBO`a)D*W+e|{CHp+8JmW7Z2uc`;A>G}Nd}MS=j!IG%
zUKBFIgtJRQf9Lb}r|iYu&Tp&99SK?<eymoXm24-56??}&Js~!_P_M``QFl7p;h~`;
zh7{Y=81s?a8I`!`B5wv1nH=IC$9~P2Y`bINmq8hGp!9lMZ0$)qe#UA<zC;IqdsKvS
zTlu%D!4}*NYS+0k;eHwh2v!MV9cB8Q%8k|_S_>$4U5S>OD?|M-PWL9cm*(?|Rzi1Q
zl;RzxVA7483*=V%K^r-1qu%99YG5g?@1opLvDtstRzUlg4ATBSlNk6SFfz#hIhAN-
z8U4l-S{3>S!U+cmqS+1jxiRa4cPdWs6#Ar};UREiiJ0pCVM451Euew36#T5G0975X
zamtBF3W<9FL(8W>4w<=1#p`~^JQ(6V%UWtbfXxN)N(IreB|wb};g$yI=9M3Tp}Mc&
zj#nrFjp)kZ>bLtZ&`uAfDMTKAB@%io(Ar0{S-hXH?No5D0-8Qv@T}c8nB0#qGUAPo
z@*QpZiML4?Qsb+8>S=@K+-xd8>V~gb;X%434DLDH2%RaJm+Uk`d=uF|728j^|7z>r
z>n>eltQ%{3Bklp6F&lvgY%8c&h^K>p>UKs~btc`J^<KV1E9iC}v5g8Iks@EoL&J{>
z@$1dL%BOuj4yy-rQBZDUnaW?+n2$AYV|n70=>{t2KPL#MX(bs}adqb_d)Xv-F_XV%
zvPU60cp%ytyTp_cMko7hwSKHHbTy%y-TlMA5BI~?u1or-P&CrC2R~tdZ+7;|G_z-5
zXF(^lr)xV&I|7($8PuQDyl2C6d|MVM2zkxmR2QzWCy0PB9H47N%*)0*X@6v<QHk&i
z-%lH>3~?I&!73-lXz{je?#V0+?M3k*f1jGQB6}{kQHl=kYqA>bD)j9!zU(7N<BhST
zg_{|(EE?mx8$U@6`K!FMo`|p{62XKq&0qmo&?=SU4)9yq-tuxr+n^=>Qu)~r>Mw_&
z9=dDRU1M2pM*)`K-t%=*sHgr`xr%S{YI2+j723tEEY9msQ*<HSt1;-~XI&}^4Bl?5
z^9?2Y2^#$!Mo$*L5(2HuJ5sSu@87NT@3ZO~_1~iNUHCWG+?i(k#lW%+ayPkz%q(B_
zZqY_UrSi`LAxP&jnOMrRZz(T1d;NN-{w<gic*neiTK9M247rzDA6dU-uuVV!^+$qb
z7DAhx+B{@8MC#rk8*ynG-TE6hW|ST?e<j4SJ7gv-5_~y`ztm{PofoDHG2g~~o-u<%
zx(QZ;4}!svzHulNK9uq!<?+y4-Q-p(`iN`;hSo*^ivDnWaG@hUyvNv!U+Q)}A#Xy>
zr|2Yiwj5hUu-Ve2*<YTN?X1$!wDnUVy}7p1U^wnvt#j>FI|z0WuCRY-lW<H<ZnxZe
z%|@DKOKOPVN9*01z21S3G8$lO4g025psaFZc;LrQ^U~$>cQ33OVHHLd${mHVDAWoQ
zDIALp`5oW`YW<h}iPrDxcL@Ukwu{p!qZN_)8QTg}pkoOfY>#F}lpkpQ7!KQzK$P%3
z8gJAD0<w7AbWqE$$skB$OW&%Tj>?NSd=-^sG`!Sktka3Y$6rSkfKI3@1cEGHzk+A!
zzO^;ksn1n5PU@{u?2WJl!~K}I4~O1Uwmh0TVKudlD`O7yL}{DI7~NUg#;9Ou?E(RK
z^jGuwNw(QBd|GIc5C{d}Vg1+4Mw<aKP4$9PH8{QlGrcMlJ6WfaukB)Uf*ggqgQb}i
z5E%HZz48J}n?kN$B@?31l=#+mC@r?JZqVA!qM4rJe1@p>h(c`Q!*Do5G2Tm32m(2N
z@!Upx!<p4z8TOHql7GWUK6&7To1Ec}lC)`;n8W0gaFcU;&pYO!u~tHK_tgK!VA+uX
ztG%<q<R2&5K2{aBgqgXstUx7TCZfPR$px2lrw&K>rg@pA_LuOZ7g|bBxnWo;JKdB(
z^CU8g9zu$&PrjT^)R1Je1kBWPHl^3I?bZ7znKgAi;kMgkDp?Oy*XxaE%XCaNVqXQJ
z0r}yw(Yk7JQ%!%086;t!26vXQzsQUQ_IuQe_h2eP=_h_9uMpNqqVLdoE7v5+CJ2bG
z7MnK+5Ztw%bq)G!rI=<oE(5lCi`jIB5^5t|{Pl{TQp}wT=nEalKPe}oCW54^m6rLg
zQkXnRPV>JLXs?{-L;(Rciq*S+Fhchsi$>{_6r8nIio?i`SvdE-m*EUA+li0Qu7F^#
z`qXU7FJj2WbiVhqsfv)YrgvJ`2T-1x|K$}@M3UOt>=t(MwSGe~=m+gAe|5u4<fgWw
zg<)AER=7GeHh+<RQPAPhstS}>ue{%J$0S^i;yGH4u<OFK<OkRdbKt9k^p6EPa}F!Z
z)(e^HK7I@~DmizcbCDh9`Lf}8hEg&q#I6iBI-Ct+Xl)4k?!JK7{dF2n(n#}ie{}Pf
z33FnH(hgU(K}L+T2n-u%xBVf`yu5<Egm6-vz3r<_bMf~#DjKV9AD^Wh^E-_y4RYst
z(xJg%k9*WnFX{I?9i0-N<_v`qGya9()Ksvu>DZ~58=q|EAA<AG(d;E>Pucj`bx(NA
zQ|MLq2Ps9LgNCBy59-$WrzjP!P1!r!C^6M)<W9D2{XDYTSxV3!Y|b8i%*NUo_?zFf
z$R)*BkGR`HF(=3Ur|jVkJt!$2D1*wZ-(r8vzrCknMgtgKbjk)&PK@R<c#?d*|6H-~
z6`+=9Fd18DmnITMt-<4ch;V49nsd9El(5s)@abG*p7;%U2gg$D6D!Fgzm?Blg#v<G
z<9DsxHQLv@XIa#iz@Ds>9FtvR-{POqubf&Z9HVz%MsyYx?=RSx{ZT3BxvS>^`Cs9b
z&gZU@O1NSh_1-dBdkonQJQ9>3N879e-%06_?@BjxzQl?Cg2$N3G~8Qi{Y4(QA@m6>
z{qPjTJrNQ4^;nR+cw>lvLd98iHaXdKpA>9=Rtkrfqsq<U*iY{M1{1^N!>)jEPoByI
zE$a_U5M9yLyd+QOyd8~K=_XAyqmI#WuT^*3_hGWe)hpz^vFmfP-^G|3aS)CFgQYRK
z9&ms0&v-2={)EQSR~EU0O182yCveKss79ss<#m3xY|&g#9rsL_-PKy4mDyOPn6mrc
zoUo(Rww0&`LI?=$d@*KGHZ}w5snl4rdjUBWB?6%1$9<zsd?eG#H|5R4=WhO7I4p;)
zrI*0{<>!P&VhrIGwrdNr^u@QZaG#)ggk+k~2$tjiBdw2)E_PYPLa*YlYyFfPsMJ#e
z4YfuRP9>^Nf)$y$$7D{q1a3#**VAb)3dAk#s;4LxQLQ!dsFrwj)Cgs^_|nVVApy4p
zFD6vYkNkQH_f-3ml<+sNIt7YYe-l?yEiSq}C?8*Lxgod>!Xglx7ex6grGHdIEpvE7
z!bFKoxM~NJ1%jV0Z-%jMzY{!_(0B0f&va@qPc~CwVLfwyj}zWb^H{k@6J}0=*=7NE
zNHYvpC+sZvO`!cukfZ)kdzYTU@BD-B^G6=GVcRm7lQqpF!$HuBtkqHT4}ZK?0@NPC
zb_l!%2P5$Qs#4O)DuY_MLdrpFRErWy?mhFu*P!{pk4hHdINu{%5a@Jazt(B#Fu`Z=
z(t%Kw{TiuF@AAC`0Ts71Z_pR6E#$u$VCK#E&c|USLkMOx0Yb0BkVyz;kSA8I2s6+b
zF4AT8NFHeqqB5CgHE-a}Uw#@AZ_Iu+;+>&X7lNz7Jw4|Co@q0Q{pod+uY!&|U{ThO
z@bp^yQY-ZBV-Q$@P`Ll`o2H+-fz(*gSJTJXO_SAo4y}3YRFw1}wxe6EO-${-cKEEp
ztvo!40-RT{qw~R>xtzl2M{9Znkms(_Teo_5*Iwm;Lhl|3?&VOy);p|rjBy#ldJ{qM
z!?H)<^yxu9f0;@65->*wL!*HJr2i{U<h?325MqLD>WCHJKk?ldR&T;A-1doz2Gd5`
z5*H%x-H9EGFcK{`0FwT!jp~mMXlm*qwRhf$s$UD>AgnW4ZJm628$0|Tn-#TgGO@C2
ziA9Gu!-^+(oLo%e=waya<Xovc<;R0^bf#@N(Ok~3fMUW=w3qgBpXWnfv^}nS3DQ8`
ze2T5G=A*cNpH_k4O)CmGDKv(>QLo|Ubp^C2NNLNj1-HPGrniY}Xu&ZH4+8!g9ZGYk
zKl}hMYLFC9(8LxEqQmjX?||)>f9jDts@Jv&pbBhT4xrCaeAbhr!vreP&K_$|l4XJy
zB{}}Zha(wj+3jA0yxWlNlv5}5rcx||LV+EmxJ-q?WX84<#LMUPpFo6X(_n;jkmoB(
z#MTu;1%-b129>T?EkU`>*5VT^hrmUmm1}&u>soDfT<MVfa9a>_0#LHtf}E+Ne^(&y
zkimp|+QAZS6oJM&EIJ*uXwVkoMSsHS7_8B&;;0z(5bnimn)mK^{CDWhC=s<r;5}(c
zmkIkjt<EJ9Ofb=pp0dNCt8m9o9XG*p5(okjodk01&xEA?C0nCN->CB~Bm^=-7#G&^
z<AzG|w$R9~jQ>9<Ff|alk+6#FT#Zwt|8+YU_^^=pPP;8b4UW|<<I{T_-hisr;4?Tk
z|C%RT9z$96doUt5W)ZiCHpaWU0^E#n`kJJfK23hJQ>IbDXi|;|2nQe7IHJziD<sD0
z`kiq~KklWRKJ%;1HS<~Cm3f8i2C>{gc<>I)+M(8(mSME?$+46gRurbVXXcZ!jTI$i
z(?AS^*e~ESt02r#0V!A*SA!T|Lb>@wrxJr_avQ(MJ%b^ke>dO$rkiayn%`hKjJSgO
z-Zqf~Sds4c;xmxG$4Wid*jcV%P3U)yx5ywkz{{IF<jH^aBu|7EV{$0{BT!(mFL1X4
zoGM?2d=A#Z(6`U3Y39Jx!w)up(sl*WQ+-DxVc?N0Xjz;k*r%<2hugYeXt~vPo3rA=
zv`>-hEBV!1WC{qU)zJlG44z<iO2)_smAOJ5Ngcs&K7@4qJ`cnh(fhK?;20oan=jjb
zjlQx*jSOA@8cwVpP8>vXHGgXfpu&}2qKlhyWkA-mTVGQr3<muY@AJ70YAAB!rmP<b
z4+|Kkw6t`P_n;<Q3-$ZRp+@_^wAZt)j5ouP{R(tNSNke8kg|~*>-ed}9o$m4lBT8b
z>X}dFLBt?drc6)wEdpp#YkJ#!b&x%&I;C9tAit5hj8Et;T$S&(+E+KWn{y{>^zZ`E
zq+%uIVF9I^HRh#e0|sgA8M;)<Q2>{LvBl@9nJ&TtNwhymot;BC9T6*tk9&n~9lu_2
zX*y{fcSr|bhD6!~3=P;n4}2pE`Ulub1j1O=a`fZ}uJG)bvlx@>kmxv-OcfB^j{g5)
zsaQZw9SDwat@j`+enJ9iT^vhFD5cQgAyU2zzP-8PkzSBZf?ksgPt1S|^MJFykou#w
z7er7+5Y48Rp)B9a1F^k4z4h*{&+}{Y+6}SK?!nONVrj)SEC9uzW7@nFa0G+9+ybA(
z(Q})9IRq{3<5QD=#BWHjMqtuptF)XfenZf3`&rX(*=j<N=F!E$sFLTY=ctm^3!7GM
zEGBphDFi;e`t<c03_KG7@C9&#+A_Qs7*F!g>ca7pioswCi*<#3hW!&%W9Y<iu8`5}
z6y-xKHWlR8-!<Z|6f%It<ty~<{_E}#iqWIMIFN?XvZ#_jHNLA!sU<$Kx?<KhWT&$$
z?0q%f34yr&Q1HU?{Uo1Q6M)W(mYpYgLTga=^4;w(3{d2SxXR0*qaD?kV|ZNjtVrH6
zM@ANqRPY%#5UJieZ^4vik~@Vzchitk0o!BX-YP8gwmfrb7&OH=JDXU&;s3BO63XWL
zIim8=tc_kK;;y8~5IlTBx^L1T;uXPZ4<n9g^zwK~z(e=Ep8qH9)_Ys1t>a-r(8*fc
zug}<(IVn(AxZgkVym@_HCu)t;y&=VsghK)bt&?f<P<g;a#6l(Ye=Xt*MEB@33_7&~
z&UV8D+xQH6HUxGfIW4i+-ynT7Hw=4S7Qxa<wR$gK`o$95HG)>qv&Sm2D3Tjb<{D%Z
zTvJ#2+AI*ZQZU|^dITZ=jO|8l(FI%qWlBfxHglLu-2o+9v7Bq<*Z(qORY81Bp8El=
zcgh!Eh4vZ7gTS?G(A6u0bK}!(5a^>yp3Ot?RB=V-EhF4k(O6(E>&ZteZ-^rrEelmA
zx+<*Egy#g{t{+0yB?@HrgF;*T9{DytV28T7JZt!+VarLrPOB~-2npbTyOQ_xg~ulo
zB`se@vO=0&RY28LwU7}a@9FF;6ny?mq|hY%LOa&~q{=H|H_Y%H_5u|I<dpxZ4$tAk
zL4~YaG?pKvd`s`Ck~q@Eb<+fhwx@Q6uF9<Kf>!M6nG|f^F}Ml!?i2^SL`TAKFxv=@
z%KH{TK0w)X5Flr<rt1Fr_+8_iCLECjz&Di|_)S_ZB}026-cxRkP5v&sX2|#7WDGaE
z2_<fcqv67s42mocZZy3$OMIuJFet*4{^L+mcft5fxT4Wwb1Qj|w&6LveC|xLHg}%=
z<D;9R#9Dx*_G+ih+Vzm?U&U*bCcaFjxt-R6M*&_DiMKB9xXdjsL~<t_@ih;Jf>0j*
z2ZSP6bT6Uf>=(Wag3#d~Ev_d~hXN{E%feg*es1ffq}=;)krv@9EE$x6BBZ~b{tssH
z$&o4y$Vut*rd2Iz2-ebk=OnzCuYSiJQ_{ScO<VtgzJFJ-?P%@v#lkd7TiVAx|AYGe
zqG#y3mdP1X_Ux{0*C`8;J|a35$d1wr^VgZ(Q%%T_$P%ts7MR#<_Z-hNik>K{^6rk*
z<c!FmiZD+dA~!u%QW^H}E@&p>d1C7|UYSWm3Z(|-HU&L6w0p!PX+G9qRL*jpuisHT
zuRohg4YRrM$dZs<=Cc{<t4LK8yKmw{*|QM8wzUcRe(-09(m21S@@^_Km<>QF0Z-=I
zvmZeu;QSB>rTv5|{xcXsF8T7#^DAm*$*iFy*@@Hs{SX-~15M3yU+d3?PdugJ1Xk{r
zzM<4Ym5AifU40AwKyPm`gOw>7YH1uGystAvmZw+a8=v!On&7_$=yV5Yg+2Uu<6!+0
zx5O?*r}|Ll)Bkn{pfiXZ1rM_1p?CKr^m=#GcpxC^c#1M}?x9==3mgRTUj1NE&^y`!
zHEj3i@l{)8Ce!dh6t;~_S;|mjF&+c~+64d-4=2gb`#4cC90{VziAQaQ2g`PGc8`=U
zJ3s^xSNo;XrtcZ#e0A=yi7P+*2y-xUpJ|_>yN?tsgnu)-Sg%gR7DN8qDhZ4fGczSB
zh5QbcEC>~Li%|Z`H@}?KpZ!TNz6fjK8I3hR`%&mJ1O=1eM4TmaWk500e@}hM#%t28
zR%6^?x-?u*MtG}S&d@)`|L8AXld0Q(Gh_>`C0ti;H0m3*xO){A|3kz$mg1oW{hqiI
zO3Sg1$~e}=`TR#&rNk!8NplB7kVt%VYT6=C%L63gzpw3rxsUlOiQ4QvExRQ3>0Njo
ztS%bAv&Qx02hG$enX(@T&)rW9<kPyqbkDb@6Fj+psm)EOYhfrWokvhxrfzXe{l;H~
zhv&Qz(-iK#7Cy5S;2Q}8zMY*P!kGTOQyt~fJKhLdm%aFTarx#11M!J|&rN}gQsXm8
zu|8+@TXNJ^)^-c4%~pwuk^hr3B!WFa>a&RaVeiq0gA}o)ps30Hc-0|-Hv~L2d%**E
zB6Mm%c)LZVLWwoRhvM4`mhV3v7qB=EY*SkGyVtgUXuZE#_hbt5^1~NVt_d>Ubf9st
zf#-nt+CTh(;~Mv~pQCGSMfj1M&Q<4IvA6aHPVINzl3>0M>dPK3rW=7M(&{$c(aa;(
zA5{O*7m9M+CycfHV(0#O2haEH%#Fs!@^~eFZ`h`*xA5}lwW-dc-wcPS+f=5dnp=b^
zLpE`m@9wSS<LqOVM2D~T=>}K`3`;jG{pO(#RQg{YfavjQoZZl5>%lOALsi*cg|Gjd
z=0^$Xvq3+hp4GIw+X*C3e+@>s8nyZn0Ui98N;3Lh5!b+Z%YU9BFB;HJCLR$vvWsS+
zT^V)$aK2Yb+?@tAjx<>GU(JABEep6L{~6T~9z1yD6Z~CFNh19X&G|T&w*6}BZB^M(
z8KD2!!YK*Q$u<$4`+xdWOc+o|a6M~mrD6R|_>uuu83t^e9S$(lzW!H}z=@>=A(fA=
zd0k37)VcL1Q<ckKrzZ8B3?zudD(p4)FDkEtz~Ayo#pZ7d17d6c3Ih1=wc8+jVlDgK
zCqH~aInx-kL9k+%d{zIQig*w}m`RHA`$Jgt!?%2{ZEt3Ux@dinmiJ`1lQylMlpNZ~
zAgc?`Dg2|%JW$kT1+#&#Od%Ju1Llm$Z*Hiv`s;Fi)gce`5hd_!^0{nyu-5_6|L6=r
zbYRwpjM6lW-g#UMX^D{E4cBycl^QMy0phXCB2jG1f7d`_8->V3lT^kR5p5sN;6SI9
zmPITd4BE(NfA@bBoraG){>CpW{o%m?PN2;b4H{k3EyYWpcZm(%PI=9B{evVp-5EaY
zYWNBN;L`%;AX4+H$kLmh_aj$c2w}R73DPZoM>+HUK4$}Dzt>f{V^gfvXxo1?qa2(V
z(EhZYdh|!85&iZf#Xl&Q;oDuSBkTkvAg<8|_j8PlQo7}}F|zmr&@efu|7|`<uF!0O
zw&wv)MR6z!BI~LlDa3uC{vIq54V4@G1xp#oVm?rvs#&QTpjgU@$y^2_y;?l%>Lqo6
zspMZ+LNUdq^9z&qxeR`~DRU;xzk8oJFk6|(0L>M4pQbW`$7V%()jZ_eK{5}d;#7|m
zm;w}88@~V?Q!ris2fQ%!j=54+*roMqE4d`9KyM*JW-lUruCYNAwo_sMghVt`wB0v`
z@+K8H7!ySkaL?vi-_1Fm)k+Qs)VSjckg=W2u%AD(hn;xoD-tGEOnC!;f6J6~&wmeD
z+OxBe7TWVxvK6~|gb=p<%hdl+uv9^k*{>#!TlYv~DyWDYNFI2m+I-{a;2HsPIv&Ut
zto_wppZun*Z^xX5FYm@O<+o2P-J3o=KRVUgQyNgRZ9z9_w)<Jt8V<jMFxG6_=rS-N
z`TD~R+W1^qM!@=oWCb5`OG&KH7s7XYB0n1}P54C$nY0==dnY#P412emf2AJio{ZjD
z5!rgWM)Grz&TD7Hr@6wlBiF{L$7M?5QmVo8fQ98(36;S84t}M2W;lEE{ZuS^3dZzB
z!2@GuXj-A<js`2<5b`nEgNJX^*q~gt6VV&(n7Ka;qZr{&`BghpGG(tb^NQiHGjfgu
ze5|X5@rCuP@|Q5}Y#+-*d<%w6#RQ!e*R7EpoO~$$Q-j?@yzC0U1rF^e^-FC8wvy>k
z2q`#8MHmRoofSxFw4b3<Lzbvm!Ko8Sp!#+@#+0PouKLUUPRtE}sp^R^7+MFCVW)RC
zE8XTuzCU7f)4^ESuc}|a<n3igj8j5nb0>&T$}T<m6Z&&H`I#4GLKKskdey_hG}h#L
zEZ>A{=w^knN&71Q!fjR**rQCKoiYmKIf6$tQdZbEAH4b6nJkc?q3~zI_+vRN;3b%Y
zAob<?e=UO05K<kK0VZiy9V_AgLca~fp4<UxW^^lK;(bw@C_+~iEJu`1hoM!ij;~<4
z_0925Np9HK6>5Z*>hW>hI=Hn(CHC1xYB$ZqXh{}-aPiB-isoK2RH1$U>U;2Z9_|WX
z{|YSE=PwEf-iX!QYb`gSK}T$$me(4-L_R39u&D_fm|v`&CWBqOn&pHnCjzE>u~Mx^
zf{4Of>GS%VEUi$C|3gn7RJ4ihbGgsQk2aZR&Gc-NFfV1~+VVLy+5Vl%;oFIwJyW`=
zd=C@;RG~@nJ2#d$E<jlEWCVjz+x~foZdLZmHiM{54l3U<A|%>UO7GWDv~#&^whFEN
zws{Q%iZMKU@n!yvT|K^P4+G${ezF1`{2vxzqV&K-D=YEG2Fa{~0``7khwoeAh!}ox
zcIt<aR<QqP&iLSF%;3(#`{pIakoJ<hGGK)BZyy!M5>J{{o|KR4LuS1}@A$*1^bBgf
zkUYH_{&kJo;?VG=P5cRA-TFV7U9`18&tdu(lH&8tLLRWx#+*==FJz;etB8#cTP$_n
z5l+t?l_K+U@ou)~kK8vVjCF%;dA)U^LIP*|k4yhxD0&vpy#mTPVS{y~v`}=s`|+RH
zl2`AoiVm0Y7Z87XJ3(f=8|>FxkPz<iH>vynrT|QNUap6C*A4GiOrG8Q$W6IHA_h>9
z0@<kb+j9uQ`x=6`z)l&NhN$8QH2Me&^CrgHv*tm+(2`G|DS}b^DPNv^vN{s@WYuC3
z%F9}t&fvCV_Ss(+?DlfWy5^n4r@y)+H-4<|Q1r}&F#VCk2ThYbhUuqifazLW(34${
z{x33<L`Z;r?RsX~2;Ce5h53z?IP1c}DL#|7w$JG>nkHJm+Gsxiud+bgrK6gL554gA
zspx)!leNxA*@L5kpF^lMAaIDX!}?r|oPp9%MutM!`23t70c89NUXSYQbB_%mGsTUw
z08)YLyi}%Z4&bRTNE1zy0O+$x-w@gvI##G|@OlOhWDA_wqH<@&EhaUFRM^|Dj?f2x
z0P{FcS(+Rce|!YTr2l&xFBdvK`WwowGH%M)o;LT^;jgxbBc$kK%yi=dy&2UtaMDXt
zj+~Znh@x>(rc(h-go}9ogCZMzOJc;tP%fQ|1OU->di8zz3S@MmU$(!-6J;^hY6`U5
zvSx^saNWIzFA2y@HQyiA_jp1xqTgfjisXci7YkU{hvE!iu3yPHF479SJT)r{V%~vp
zmVDgSnJb-78n^a(opCRf@3DM0W8poaB;f|VSDMjH!7wHe`*JyWX~eJw82e~^)q8P9
zF4p&|?Le{rhV7+Nf4H)S*U(@@m%{rOO)-51gBS|FhlaW_-yG_cDslnK`-$Xj*Ka;O
zZ11GKW73@2iMM?zhfXp5Aa&<N;N4FpAQAF+Rar1aSzI8m=4{mK>@ipgAQCgR9TW=!
zLlt*O#u|cLf1uuM=4`F4$2?%kj~on$&Ro9JHGI0?=bU+#bel)I!+IhKSO2!|_k2zj
zkJES>a1@9WR3mbZLrmQjUepjxc~%tZ5M-?r{5nze{0BF7ygsk|4<lRhZI6VKc6)Fh
zNLsKcPZa{r)@>zs;S70}TJ2{Z%dqpn91k{wo@ol6>4QZ8Kg}NUAv$o*`5cS0n*)Iv
z$1L4x98B`S^mnvBPOP|4LBc@bixX2(gorWqe9Zmb(uVFIVO@`t@Jwpium*rfUB<JC
zD}TeuG)$>=7TE09H5l>MZ(#Hb(8!H;%>0fszu{^s>qtJW#~z@YdhT-JPn{L{eyaa$
z7HvyES}I`Bva(}iOg8!dG<DTsQ8v;3WvQi?25C@Q5KsXDsYQBekVa`~L0VWsBo$CP
zr9(=Pl#~!@MM_dqx;yUhec!#$<>AlScb}O#@60*p7ke!Igf%H-c8%LmI4=Z&%Yua{
zsO%LJ8S;V|wRSwh!Xf*LiI3iKD3PZSJtGLkXKkUm1_`C7XW6k}FHVvYoZ~fJ#gc#~
zD6&~k#_q_dPBQoBKnU8v6TS|E%ipM#ExE17+K+o~f-fFMgKdUf1_Ho@i#To4Dyt-8
zWU&0eDLp<)N6dXyYkKD|&Jqi``p&wf@w*Av)})^%lwqsGKA*nY{rIIUcS<-(osYZD
zKHn42B@KPR>aVSQ(d9;z&b~s&{SO}#cUMaTdLN}D4nGay=$CFDHEn-|&S!?(=$1x>
zs=?bl5D)dkRk>7bi1!n2PE6`^Xcq4OX5J-f<8a3a%)Iet0I*KtNH-W!RmXBJf@g2A
zT4*;aJrt=U%DPB2$|+0MOUKWJmyLF8%Qa>tIAPp)Gr4RH#Y_+R=qCEKi^}JaW$vq;
z>C%1ha~$Q_g@)2`dxaNzC)R(DU8T_#KTKZr?)&Qry4-|DHekHWS*J?GJ6p)q<CkgP
zJtF1m3Fr~4CWX{Th3Wz1xlBj~gX!~V8V818r<jM?f7m{S<edHBb!8+?i*qAJty&`^
z@atWYzkWu=ml$UQN!yKC=VhvH!>}M#aqrS^w2n0;boVsKMkjhl!+!E<EU9zd=P>v+
z-X*KfJw7+H$d>tSS@3~#Wc+X1uR9)9^9<+%O51q-X)F5e&cKzTw|93hsvT2FZE@gy
z!N9--Fx1}VTj9Cz4TkYP)p}(v1F(UyFP*&AvDp2l+NIC-O1wG~8FhTa=Hu;O&Zb=6
z@1Ob%J+352XFRiS(TK;aXb&n>dA8<<+iY+cY?&fT+23nn&VClzot}X&M14c{t)##a
zSQTSph4YkEnxP)-sWFZ!b~g1{ENzj3?GHL%#XfWOV7{JXMdLg9nzuI@fR2!>235Qg
z3TS=(nIB~|&Y0}FVJZ(4*B<afv3#%)k5PL+;mvIl`^;=-qu=-KSm$$nvO+i5^F~P;
zQfN#@Mi%>Ci)NcQj)hpV@idgLzBNzP@_%uWnVj3B*HLkw<K9V<ttreb4Zgyj#my1c
z`IIQ%1KdBZ6$RLG_EJ)>D*Yvy4)08qKwp;u<4cl|DwLED1F-se1>$q2569}~)>vLP
zVYl2MjTXLAiX<kenVOTIfB&FBE8|f6IEGZf2IvS*C|n-gSrPF&7kWBCv2RuAI{Ys+
z=wg_*s$`v&d*u|!mjwns&h6JuS<r9RB*<V%iH4n4PtxA%r#@9x&^*g3q3a%BjIP3y
z&dY5{;wjwi$c2=B(}T|MD9##I_P!0ZQO46GO@}S#YKf)fT^R(MKY^LO6vX#EHg++O
zG&TNKrQ%{4+@S=lAS!)F{d1c0Jzy#<80Cqf)gGE!+IHnB)RZUNe?Sc`+WxnHn-zyi
zabG~H7UE<ZoOmuwzWgqzi_{)#s642TYPu0Y<6l!JTM?e)uc$Tl_Vl3bQ%w{;2khAQ
zY~$07!(>Zt|BM@K^@W*q)Di5Aq0q`_I`t+Y*XWfT%%iUEs+7q1mU(8W1uX63EN)rN
zjUFYu(tlk)*qCH)B1ABLnLPbP@J-23I0OfqQypVa8D6l{3!$z)r$jmg1`;(t2b0(<
zL+;LeN&b^d{vbK;%7o7w)B5M&bowTD6a7R_*q2Wls*k-&$ldMmhV`ui$Zff|;pX>c
zNg>Oz{DGv;mO4e+O#-s@lBj(HfO@bPKULsVhbg7za(f<@C2lVR;VX>cu1LZgbZ^<I
zRZv3>@36HbF{XhHSW<yC#))l4(kOU#3x@ff2c!Ko9&+ipWbib!%qVu;Mc|JK1F<ln
zlbP`DaXELbz1ts1SYVG(neL98HoAZOBgILxj^f{}PjmI^c_-Kr8$<gzCI8e_@@=mM
zmfm<37IUTa#kWO8*nC11IQ493{W-s-ze~&c_D(fM&;r^xp80QEjRI)U_VTI?9m$=3
zT!_fkdQEX7Uqav3SpABz5Lz)F=4$@tc+Ych)s&2*!kRD=APvSwHi9|+?RM&_Au~jH
z1-rT0{RUnb(ZUh!3YWLtQB&?(Rb{%J%i4@EI}}Q^If*8UDuuGy=WkIu0n<ZCo{sE@
zTvF(z^vGs+R35h<sf!;WDV^2_(k-$fbL6?Bq0?W)@4KE61OQWNRBZRq{E$we%rq90
zbQ+0YNBlmUJFs{xZW<_8^P4_Aa9Us@3^={-+Dx{bAovv5H7n>eqAiRcMe0+eu>U&!
z>5*y#yJZ6QyBPm6O#<j@u@w_OyDqs(t1bt%Kk2%)YQolJ05ZqnRq9U%(o(tntbeK|
z9R)+qIQ4F5^$9YuvCa(KCMjf|;eU+Br522VF#`tsvIS#O!iN|8)<m<FwZGkaW1Ynv
zR(9Q5cX?ONok6ki_dmJ5P6%4bR7!vnS~Q*Fbp4`nv7~JIFj3*IChWT}Gh1%(tP;8U
zMo)%Iebu1FWai!ds8}XR>k-Bd?Y}elzp6mzb0tG33vnl>h!LPE2i_r(#$Xriekr9=
z8YLo|?v`3-e8;QMnKGp6Cs_`&k0D_oQ}`FLl@OIHKFpOx7CTJQ(038r{*&zGX*#%2
znsXmObvV~vE+W<2^a2>z&F69c+iJP-*&K23xfy9@aR3X<RXoZ;;0=Esc#ue~tQHKq
z_64;WE=8OWXWC`fl*j>-%nd>gX69>5Ff2JhyPZ^hHzH(36|`DO<)t60fowE}CMuS{
zGC(N2;f_`b(>FarFjRnkPL358?swAVcjkW)nkh;4@^Q3M7D!BQ)?e)KG&!Qyo``o`
z7Cp686z$R0fpTavMq+G}O8(fhSR+<|K?StLs*9z4@tg(a;QsDIR}t+6g_iZ_>9#QA
zf~O_QrmLlXA}Jdh0v-#5|5?1WhoC>1UJ7__l>KIrDVrqw>Wx5v0#Hg^%QN!YUrQ@g
zVSHme$Ns9=kEvzie4MU&`imWw`J3qf^W>ny4yYIh+<uK;QyT45WbbyI#**SQ@OE-T
z$!}+*C`Arv-kehXv5-o<VlSAkbI*SPIEm!&-a(^Rv9zaAe3fbw<No6A7@_MbuHiKE
zMgD%#{?D%`Tys=WVAPYMhR6=0<O>0kK1~t-fkM0Z!eKht8TZ}7KYgx0pKwxwRV$nb
zu$V*?G_NIZDE%_ts;h``a7bQ>#IAQ~w)c7!qxQ1t;1iko=qpm50-Dqn;M63-%z3p<
z0FwsT6+D*D7gtH@pycYN(^c1^pj6$Pbj_pmBemY98!P2sMd6?Y30m+4&a?o(73>kd
z(7|TnYJsOJxxb4cz7x1#I?w!vc_D{M=;qkJSoU))?W^vYD|97}p;MDy9S&UOv0YCe
zYkxkz8*LKLBng7n8|x5Y!YynfiE^@L>kQ+qY&d#lk?i$j1;=fVdxZEJAmn~(3Ef#l
z8kr|1@MQrFye_JAV0V+vAJKk!?lfN!s-;Fd6ox%@Yz$?SBrr1rUn~IfI@3`6D~rg?
zJb(RHxMRhKfp$Lmj`{Z+#Uq0LUqex`_atk)9R71%&^>C^b|mQZwghX<`MciYmdU7<
z$v4p{vV@|Fi{>XB^Hl`urGytzJskI@Ur0gi4b2q=j_b1HMWhjwe#1^o#x2yyFW3-L
zikDcTf*%HBKD@2l+)|syKvv=7&{!vZ(H~m;UyI#^F?ZXoxrEMIAqFoN3U~-+WX22d
zGJPv*QXS>AoSp^e!)C7Xe|50lpOxSL;J3E*^ZZb;=<=6bE-(zV38KGM7i(0-3*UbF
zUW3hWSs$2E^l|%%N!YC+o74R7mkSzQzmvO<?*2dX4?P>&f11iX@11Q5J6&q5CB#F~
zgPrgIBLKKMV-P5RWkZZswkEqBWqL&c+8@!m15&DInVo!IxQmhyDP<&9>}ZUDRuB2A
zle!Lin0~j$$=~m9v__VJ+<)LZML7(s?V4&tY>jkLxTe%ancX8!D6akp6j6_-20807
zT&N&R-BcwZv4g)tNY@}q#5MppTL|urVaa6n3og56?F5J<v~cmnH5nv|T-?XgjJf{`
zV1%}h)*)MRis;An??Iy8ZtMB79Ex|IyXGQF`jt~5GaqJ%Rkt614V+Z`i!+L5sCxB}
zjUBNrcOzD1rrX)mcj8!5_CU?U;xco3+XEN(rL|CUuzriUNDB5x{CEIal>5$2VFV!Q
zw?!o!glWy`XBEz4k-cB*`D7{B{U+J4!K}Fau++Y{HnB@stbFP0(aoBV!y8^Q^zWt-
ztJzgL&~whxNvjt?UMQ*m<Nl_-ZlLmfgm;geb%K|Dk?=82|Ni6)QLZ*;hPdk_Zia#7
zBM!#3ZP~d{FfIw!>O^msXuhmOBDXCJW46=*j~r?byZWN#R5!?Q3yk!?9=Q|r85d??
zxJLMA9hXss^4=3yhelENt-J6~v<4~Ts;NbRkt``rD3!J06fsLc)@)AzGxPP~v9z3!
zs65Jd+tKHGN5ILIdeMMeyl7}mYOXb9SmZF&Smg8CG%dsUqdVm{6G{*^MQ+^eUhEEb
zHIw(@kki+ccKy~bo+*@%y+F@wHj3_}IHCn(3bP6;<>m_$W*C|HK1%{1)Cz9rgeY&e
zrWym<)Qr-znTz4H$s~PcA~AWtJltv&h;fk*!S|ZrH&3MA1l1l56@Ko`5XdU?Im&Fh
zwIqMR_}vI#61`Jl(vFIkyIuOJR~V?%bF+~10fhMebqDSzDGdhwmx`!0kJ>x3b~7yY
z!nC%{yiZ8}JGZf9K*TY!DjiBkXr)Y9tOP))P%Sum;6~&3PPQO&!GpOtJPZWmT062W
z;c7y6{<P#OW^@<O^5!{Ck0>xnQsaSF+BS`LAlXe2!_10oe_}(fixD`#Z~%l5{9#=+
zFn!CIw~4P^pFY+3vSMoZlO?^9G|>>Ch=w-dR&;}}e;W$N&40nrL5xlu>a;|wiZnT_
zb)ufGv?<44AK-OoFgs8rS+?6IN+pCh`~iB99=~vE7P(Ud^s;)+wAwK;HcMJTMj!0K
z_i9vn`{(<vcrFt%>5*9j!2%CTq6MhrGQv)20oNur6sOp<djcOn$*Rb%=Y;?D&`<YH
zn)w-0@tbjA(>2BT3pN3NIJV-LJ{9{(D-k+NiY&$|sWQwaTq+@^?ndQC|NaGezX`c%
zD4hAUvV=}vUKau50W3eMzlU-uzG;^3E?KKKmC-^EO0Oa|l#Tc>tLSyqUa#+-+;dj?
zf}CHD{~Wc|JTqP&V5)T7nJA8nfV$V}qQikum6UWTpD7su$#kv@ak!8|ql}VahZBwo
z1FPKe;cixEIxw>xYWqgZDoEZrh8ZS;<|r7?Qi|$neN6H8;rXP~S|=^Wsaon<ZLg74
zGrz`(WaE{tdkO2yR+5)T?_Do_t;rq54~PV%i2*%i*q$`Eb5V*nP|p9MrbGv(SbzGC
zO0+=ik{GI4kZT63c4sEMG;X+RR-SdDet3jvGMXpQ0_F=gBeOe8sXd`tD0b}9qqDoO
zXrg-ZEzR<byE)t1L=&ieMsM-N51ph5hb#DmmCzZ6Ib$*XFB7wnFQqRp{f3S)#UEY_
z6mZHC_WJi8C~oNRA)c8xev$BFyEWyA)^q36)epJm`VJ4x)RiFA)L4HFn@H$A(CL0$
zGwSbh;IUNA_iLNv!bj;1E*x#<&5*!QaM%2<e_NFw%Y{dW=Bd)Mnw->n^^5FB!EDE&
zz#<Rrd8nhH^TJ{2RqDH|pQJ3~obwBKpn<K!Zup8UDgqQsTU&xHr|w^B&e@WEuli)_
zF{Qb&%z4wmh4rcAGUCU?^X6M`YRc=_yH||F%qJHoh;b<K+7%(~N{YUeJ1<(2B_Cgs
zz9eGJ{9|Mm-~j@0dc0#q5QRHYo)TPHG8;Oozw|YAWo(u;c<m(N^Gwd|5aM(9nYX&U
z*#zyAG@<!gA-_#-Wk~}TP~LVdSYOEz1ax^!WMM3sufvo3n57mz=Tqv&m6<vO91VZ8
z6SGK?2E*aa9h&mNP;|Y-9Q$j2|En)7;8>*pCOc{6wy!IuzPYf+BeS;oH!sAetgyDf
z8wSWp$o9049m$^8FQ11$gC2DaX7PL*Hh(aLAarB%a7q37ug1H{pK7e(TxZJoeUg6(
zq9sv_g(l7ehLPz@a6yge3M%sF-jukLHACe#Z*de~?ySUITDiKQDU~#|n$DN(%#TF>
z^lGgSxPEzkW&U_eMdg)<o3Gt=%??Y8EO1F1r7*8DLtA6+Z#t?~yzWo-_#7Q#&LIVV
zWC_-r^Y??RFgvfx2pW^+wTuM=5|PAk*70Vh+fEOqBZ-M0Y95n5B4$7dkNW-8m?c}j
z3-o{Tc09M+CUsdUX8d16p-xV?A3ydBZY?3-ks0_gTh2?}fR7NRj#Mx5nWvgk`{vlN
zrq=(yyn7Pr@+N5X^CErOh7$|hp^CKA!$A;d>VUkBetvr|WBd4IiMWH$yQ`VQbLE=H
zd+Y^_WdAN1cf3u&W#X!b&pcSre&ARp@P-`00u$Mh1-d2<dfbk-#~>{Tm7|-YBpqEV
z*yIc~CBk4%w>4#acc*zY&6#+kZUgluAYIghin6ZR^zexv1K{Y(z|mt>KlE7uVO|L-
zn^w}vEsW(1y^!rWn*jEKf@$Z+TZ4niEN`Uaw(vM-=w_Emgw|iDdsl<B;-J^HbAERe
z=+uiPx7VSN3v#n{0L}Z7A+Xh$xnP+ppBm?$7b%MQf5@2W!KkG`oS%QEz<^2RIbx+M
z#}cPvWKXtBa9kds8s&P|ez&1aDm)ca=DmpY)L+z3xFoFpe%{2m_u3fhDu^?MUxz>%
zWu|^f0$D|dh+&kDBVG>9FZ&sR%kZPAi6@Od*S@F^*d{s}bL**4OcYg3GLm8#kt=zD
zjz%AW9Afj@fKN*^yi9pQUu$fmO<&8ieQkH?t!TE>D{7553QxkJ-b#82k_QBEbS9qi
ztZ7e8KWitB-$^Z&S5YdAIC1VpS-+s#ERrOIS|eTINf?CMe+`K7JZg*I09h3QNvp^8
za`ayYIe~<GJJLs9VOOPr6eDdwLa9dbs33pIEKlNz)^|8es?fboO}Em315t7RI)r5*
zTxH>^^D@;>5RHM3>Pcm(GvUt1!|`D)Zc&pNyE&a|N3-QY0#P}8W{AS}{pj6yzM1>q
zdm|XI(A3YS9bzAjQZqTzr=6d$F<|a{YcVfP2t2(-Edz0m-(ObbxRCmr`o1|%ME!Jr
zdE|zx>cWy{%Z!PCdT;ZXqX4;D!r_K}>Se5*EDfhLxJttAdns#HK6fH>Ssoxipu*8j
zWdtO5a}3t&f)VLx!eX=;*=39doh6;Q7gRBAAg@KRZ$z8VG1HPc_gnu~z5P=rJmd~C
zc-%w`$91(?HHGN;p~Y65aj}Bww(RI$(A4eGZ|?;FLorWhlT6~^aI*TItO%pZJaJ0?
zuhd-j7gl+FI~Ig&YFN*1@4b9fRl+f!NLyD&F>6W9{EszQpMMzb{r9p+z&2#S1f&K<
zWX4-tFU`1)0-vM6^ozIJiXGy#w`aU11>6mKd)&0s=`gnEIFwh4kERyBIhD!rI7~TL
z_sxz7jmQJ(7PIDgD|Q!^t+T!GVdU)}+mFlMYKvK0#pi0ykVt;=B?T0#`kJAWvV$+{
zFtg6ZwT940W(cYNeh^TLJXKp;1;j_z*na5?bv;*-pzyO0Wvd4g_I<sYLAsvHwIW1s
zEsxQ6-jM6b_LKiwO3YUe_uH6+@mwHUT8Bs^oT}%St2PZ(1dQDEUzf27MI}b?)R%f-
zD7lqN4Au4+)|lPm0kxsN*gPA5-**Z5_U75I*eb^Vr2fjYn(NOmNS30Do_#VBXBhkp
zF?)lgodLU=r1U0WLNiN~BlFRi**002XMlQ<aCB;uxJOjiP)9f`4I!4qlSN4cxv`|8
z-Pm@cFwJXcUCam*gt4S%zD&W<TMwPZE_}M5>P3A`ZD`AFe+q|gO)T&!!U3poUfLNj
z#4qi1nCQAC1`RY`2!0lSFhJ?qTgPLhbUoE9)y>%UfFTC{=3*DKedWOviKWQ~h|{pX
zkq|9<bU$CvP#XF+$v{%~t51Mrfy?`Q5SNNLSxdkWn@ENgD1h)GrAq#>sJ=zq$T@y?
zkVHTI@$JAeveL@$mRzA}`$yiwo&YE`PvW1U=}(tmplq6ik{#KeT^pc+F8v2JP~#4q
zeBo@PAfpE6oXPRBP%tkP`YEk`C&;Egsz4g7A3X3`@WZu_M(O0EY$_}+A6TF)TTv{j
zS{ORi&vvczWXO$9BM7V_0_zw2<ulz)7S@ON|KIa~Te*<eP8j~RMx(S4kP**AfSzr@
zcjIG<c=EUBk6!H2qk&P|z21gS2bM7mXJwV$0|XQ+{LR4|0Xc@9n34dI$p>l@a94Xk
zR+2wZZyWc*4cGO?>*vlt2RSyHzx+=GWG~exxW$~c7Z?TGY6N#0Qt0|K*e&|5)><U|
zb<d2#_O^KKpPf|ju<^zxgY#{8!zIJW0a%#OECO9~+jaPqEu4@4(qDR)y29*l^5=<h
zn$piNom_7sT+R@gpXRlbqc&{pFN5ZpA9G58(SHpW_*zd7Co6JU{m0TMb$!@dR_=+J
zug{G$0(21|u>&GQqY`4FF>|+Y)1^4peQLAA>mwwF?`%DjxAWmI0#v$`(Zq{(V0D}W
z2(!!%c3(I`N;J0CCk_AgP~Y4zn@f-a-g&-ZdnbMu?XA;&L}=9`6ImYbdgFwsG``Vq
zIl{n?vq^4~JQ#8w=q<+PiAQm%Bwx~%9hUFOLzPYO8FU!4mS@fMn6Q?akKb*;C1<YZ
zyA&LhrH1C~by0W2;6djmzVLvVJztL6pANT7e-NO5b#+*JA6djr*layARXsdK!O9l&
z$@C(o4Ya6qk({C)!@Z63u>tQd;oPnEM<~&iNmWd?i#QyvYB7(vhfAe$x}Esa7vHe(
z)`M2wsrdipF8L$kDx>(_AT7yfpz%oJNc{5Q)*kq$-x6P*9v2I+FgFf{S|-xX7MwK*
z^9-Z8jVOW&@=9@h(hB1EAsmT|d17?EL=PSw2KpUcc<tkKpV-iP%2tdeZhU6wW&;TD
zP{y<u90$`v%^yf3Je+b2BK%K1@U#&dA7}5i5ZxPbz<{A0-`r~zUMBh&eRC%Qt!hL0
zyc=)EJ@0k9lvh(<#9au&sk{D-066w@6WjcoK(rownA<0Qb+w(sZ}WR@sHIX#QRvZb
z|4s|UX;BC&Hf6)McWvFAUqXmT1qIjmZ?8Ml5)-g$nN6Ej6la&b<o$$m0}{rEK6^(|
zZH-erBb)q-e~an&Q!J=@B$zD(LZF(hid;18ALXu$CN_=IVWaO1T=3VuZe+Z8h|0o*
zNs$$G4gTbASXNN?AuNe>2#8=MStEr`Iqu4IbYH>BnI}vt(&EG?aR}nT8Wd>1Bh_`Z
zxu8$775f&dSyTX5bkg1J57#Ej{d;Hp!w<n2(xBuYB&t4HVo=6~bM$>C?LBXNtf@h&
z3T)7xu~YSYnwJsT#^Y&;Wkiv!UGu{J-I2GRJjaGX)oGSZ_Kd%xA@R!}^=Q4q785;g
z4xT$$kgj{dE%Uf3t(!JQ2HKg%>JYV@$yv(+gvceA`4O))?REb<V+#re%HD;lw_o;R
zCFmLkem$d}#zXrnQ6iLm8?GF3qalLambN(}k73It1x^ITl^O=tl$#Si7TWDhS%kJw
zn1)*JAh}4Y-9+!hpGBInwbgrz!J$w~cNDzVqQ|iev9F6YXeEPRH?zehZn3oeCBOQ+
zV;Gj`7yZ?*C^y}F9V#jpTn(lk1FLXo@RP+U<*Y?czffxEuq`b%*<t+yor=+4w%wE<
ztcr#3y%s~JtaEZkDP(To-3s%&QIV$qh`6kKFkWv0bu)c9n9nddP_Ra4y(wdy3`^h^
zSar^r7)dzl(VRqE7>ENGX0x)_dbB<gUqT)*Geax0v9LFy125IdHuNA%_TU@`ziEBT
zrEPCjhd5l_*yysgj%1SGr|(x68VSPZeQ5#|wZS8ixxBJQsgZ#xf#e#_8?goLCL{&*
zneY7G3f(rl_x-LGgdrvLwQVp>%pi66<;TVwIA7Z*s=b#EJrWKsZ2qj*_eXk|VYw1Z
z3nx0(>#{&At431O@ykt0$N_9#;fnQOC$XQZ^hQTXw+AFtkd-eo*!V63SC918sY%*@
zk-Uu61ILgT$y00e@9aM1H{=?71};Wnjng?iv8Xez{NnCkkK@UJZMWuAi(>QHwz0<o
zUQ;=xq;?yBJ9#Psi(z}!j*WTqAwR9_cIVp&q!S{@cXp+qP(7#nQ=cr49<i*@(8;Wa
z!n<nDaL0yVAL1#$5!Xqu%9`}N3ZaO6splZ6&YLc5VHA17559zOnz)YT2ruaa1CFwD
z?ogNS?>ff%9C?i5^>k+G?fvHXk!O_`(+N$ew?7keD8UB|G<aUwxtjddQv4G@@rKIt
z<|Hu@FT<LQ_+kAd<M}ZE+Qtn6Aewz_u{71bJ82rWLN(1h|Kv5vm8To3h(M<0*5cxF
zlW{FS7t>(EYZx37_f<%JrQ`lKHZz5cBbFJ%_n3pzFS10H1Vd&}FOG3}ljfE@PafE`
zJNMY}3`WWu-rkf*MQ-Kz{P`+ri~DE8$q^oX=G$<G-{kX9R55s<QJP|Cf(t)>toFek
zN?zu9wnHF(A{9(fX1{UtXS0BG_fT>Y7}iTTCuKck=3-S+av@A?#Jb3AJ3JtE4712#
z-NO-HJmZgLpAvssCh`3@QF(+Rc)@BZM+;1o)f7IvK3_WPA!xR<z%6)`)6(|DL)G{P
z4{0k0aYUD4m|;siIJOM!JP|$Kxsq66wBln0W-K{QN7mZR7;JL*3S1xO0=&c7Sry%U
z+ub$y{e@LGw-d23(6328>i14*tgmm{OMXqZ5L(DFT3#ktOVJO%XT=?TFexCNb0M}f
zpe>f?dw!fO+2=;8C0q;v#<kKDhQ;r>eVU=a9w-I;&U{cGPq_TC*|vyA(w{qN^GU;Z
zVc&*r?Z*_uDIXvhn)V@2nr40%?11Z6w+}T%R~$ZchmE2fM_IX0mC#Or*RM~FAf+}2
z3C%8rKJw)qkdQ%oIOjw<Nw~VnsiE`-j5$KXdB>GcA~N_VzsJ%kRDfVcH_DykS-n<H
z38okjGCM7C663|h!*q~h$$^b*2ApUoFa-x|Xz|&mWO(QnVqk_Bg56A9^+mcGn*2q?
z)bg+%hnaO1j<}c2oWcBtcpnX^I>ikd3XwXi&Ul6|%R}nCoU@l2%*%CaYe+jRjeI5J
z;7r*#M(a09DrV9FnfMDKN^};F_DMAi)g$rNZvM)R-ijQ1)%E@lj1d341Z+pO%tw5S
z#vj})?L9a7LjrklFr~HQ0{dfgjGH#Z8F&=$2EkY;zj<#uO7Fu-jg^s6rIoQ*X)KCN
kC)Jgl7IyDt1M(=32|CI*DI7{v>LBo^D2GCp%9sWI59Y;SdH?_b

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/public/manifest.json b/pkg/webui/ui/public/manifest.json
new file mode 100644
index 000000000..080d6c77a
--- /dev/null
+++ b/pkg/webui/ui/public/manifest.json
@@ -0,0 +1,25 @@
+{
+  "short_name": "React App",
+  "name": "Create React App Sample",
+  "icons": [
+    {
+      "src": "favicon.ico",
+      "sizes": "64x64 32x32 24x24 16x16",
+      "type": "image/x-icon"
+    },
+    {
+      "src": "logo192.png",
+      "type": "image/png",
+      "sizes": "192x192"
+    },
+    {
+      "src": "logo512.png",
+      "type": "image/png",
+      "sizes": "512x512"
+    }
+  ],
+  "start_url": ".",
+  "display": "standalone",
+  "theme_color": "#000000",
+  "background_color": "#ffffff"
+}
diff --git a/pkg/webui/ui/public/robots.txt b/pkg/webui/ui/public/robots.txt
new file mode 100644
index 000000000..e9e57dc4d
--- /dev/null
+++ b/pkg/webui/ui/public/robots.txt
@@ -0,0 +1,3 @@
+# https://www.robotstxt.org/robotstxt.html
+User-agent: *
+Disallow:
diff --git a/pkg/webui/ui/public/staticbuild.js b/pkg/webui/ui/public/staticbuild.js
new file mode 100644
index 000000000..58271d740
--- /dev/null
+++ b/pkg/webui/ui/public/staticbuild.js
@@ -0,0 +1,2 @@
+let isStaticBuild = false;
+const staticResults = new Map()
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
new file mode 100644
index 000000000..173f2a42d
--- /dev/null
+++ b/pkg/webui/ui/src/api.tsx
@@ -0,0 +1,251 @@
+import {
+    CommandResult,
+    CommandResultSummary,
+    ObjectRef,
+    ProjectKey,
+    ProjectSummary,
+    ResultObject,
+    ShortName,
+    TargetKey
+} from "./models";
+import _ from "lodash";
+import React from "react";
+import { Box, Typography } from "@mui/material";
+import Tooltip from "@mui/material/Tooltip";
+import "./staticbuild.d.ts"
+import { loadScript } from "./loadscript";
+
+const apiUrl = "/api"
+const staticPath = "./staticdata"
+
+export enum ObjectType {
+    Rendered = "rendered",
+    Remote = "remote",
+    Applied = "applied",
+}
+
+export interface Api {
+    getShortNames(): Promise<ShortName[]>
+    listProjects(): Promise<ProjectSummary[]>
+    listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]>
+    getResult(resultId: string): Promise<CommandResult>
+    getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
+    validateNow(project: ProjectKey, target: TargetKey): Promise<Response>
+}
+
+class RealApi implements Api {
+    async getShortNames(): Promise<ShortName[]> {
+        let url = `${apiUrl}/getShortNames`
+        return fetch(url)
+            .then(handleErrors)
+            .then((response) => response.json());
+    }
+
+    async listProjects(): Promise<ProjectSummary[]> {
+        let url = `${apiUrl}/listProjects`
+        return fetch(url)
+            .then(handleErrors)
+            .then((response) => response.json());
+    }
+
+    async listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]> {
+        let url = `${apiUrl}/listResults`
+        const params = new URLSearchParams()
+        if (filterProject) {
+            params.set("filterProject", filterProject)
+        }
+        if (filterSubDir) {
+            params.set("filterSubDir", filterSubDir)
+        }
+        url += "?" + params.toString()
+        return fetch(url)
+            .then(handleErrors)
+            .then((response) => response.json());
+    }
+
+    async getResult(resultId: string) {
+        let url = `${apiUrl}/getResult?resultId=${resultId}`
+        return fetch(url)
+            .then(handleErrors)
+            .then(response => response.text())
+            .then(json => {
+                return new CommandResult(json)
+            });
+    }
+
+    async getResultObject(resultId: string, ref: ObjectRef, objectType: string) {
+        let url = `${apiUrl}/getResultObject?resultId=${resultId}&${buildRefParams(ref)}&objectType=${objectType}`
+        return fetch(url)
+            .then(handleErrors)
+            .then(response => response.json());
+    }
+
+    async validateNow(project: ProjectKey, target: TargetKey) {
+        const key = {
+            "project": project,
+            "target": target,
+        }
+
+        let url = `${apiUrl}/validateNow`
+        return fetch(url, {
+            method: "POST",
+            body: JSON.stringify(key),
+            headers: {
+                'Accept': 'application/json',
+                'Content-Type': 'application/json'
+            },
+        }).then(handleErrors);
+    }
+}
+
+class StaticApi implements Api {
+    async getShortNames(): Promise<ShortName[]> {
+        await loadScript(staticPath + "/shortnames.js")
+        return staticShortNames
+    }
+    async listProjects(): Promise<ProjectSummary[]> {
+        await loadScript(staticPath + "/projects.js")
+        return staticProjects
+    }
+    async listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]> {
+        await loadScript(staticPath + "/summaries.js")
+        return staticSummaries.filter(s => {
+            if (filterProject && filterProject != s.project.normalizedGitUrl) {
+                return false
+            }
+            if (filterSubDir && filterSubDir != s.project.subDir) {
+                return false
+            }
+            return true
+        })
+    }
+    async getResult(resultId: string): Promise<CommandResult> {
+        await loadScript(staticPath + `/result-${resultId}.js`)
+        return staticResults.get(resultId)
+    }
+    async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
+        const result = await this.getResult(resultId)
+        const object = result.objects?.find(x => _.isEqual(x.ref, ref))
+        if (!object) {
+            throw new Error("object not found")
+        }
+        switch (objectType) {
+            case ObjectType.Rendered:
+                return object.rendered
+            case ObjectType.Remote:
+                return object.remote
+            case ObjectType.Applied:
+                return object.applied
+            default:
+                throw new Error("unknown object type " + objectType)
+        }
+    }
+    validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
+        throw new Error("not implemented")
+    }
+}
+
+export let api: Api
+if (isStaticBuild) {
+    api = new StaticApi()
+} else {
+    api = new RealApi()
+}
+
+function handleErrors(response: Response) {
+    if (!response.ok) {
+        throw Error(response.statusText)
+    }
+    return response
+}
+
+function buildRefParams(ref: ObjectRef): string {
+    const params = new URLSearchParams()
+    params.set("kind", ref.kind)
+    params.set("name", ref.name)
+    if (ref.group) {
+        params.set("group", ref.group)
+    }
+    if (ref.version) {
+        params.set("version", ref.version)
+    }
+    if (ref.namespace) {
+        params.set("namespace", ref.namespace)
+    }
+    return params.toString()
+}
+
+export function buildRefString(ref: ObjectRef): string {
+    if (ref.namespace) {
+        return `${ref.namespace}/${ref.kind}/${ref.name}`
+    } else {
+        if (ref.name) {
+            return `${ref.kind}/${ref.name}`
+        } else {
+            return ref.kind
+        }
+    }
+}
+
+export function buildRefKindElement(ref: ObjectRef, element?: React.ReactElement): React.ReactElement {
+    const tooltip = <Box zIndex={1000}>
+        <Typography>ApiVersion: {[ref.group, ref.version].filter(x => x).join("/")}</Typography><br/>
+        <Typography>Kind: {ref.kind}</Typography>
+    </Box>
+    return <Tooltip title={tooltip}>
+        {element ? element : <Typography>{ref.kind}</Typography>}
+    </Tooltip>
+}
+
+export function buildObjectRefFromObject(obj: any): ObjectRef {
+    const apiVersion: string = obj.apiVersion
+    const s = apiVersion.split("/", 2)
+    let ref = new ObjectRef()
+    if (s.length === 1) {
+        ref.version = s[0]
+    } else {
+        ref.group = s[0]
+        ref.version = s[1]
+    }
+    ref.kind = obj.kind
+    ref.namespace = obj.metadata.namespace
+    ref.name = obj.metadata.name
+    return ref
+}
+
+export function findObjectByRef(l: ResultObject[] | undefined, ref: ObjectRef, filter?: (o: ResultObject) => boolean): ResultObject | undefined {
+    return l?.find(x => {
+        if (filter && !filter(x)) {
+            return false
+        }
+        return _.isEqual(x.ref, ref)
+    })
+}
+
+export function usePromise<T>(p?: Promise<T>): T  {
+    if (p === undefined) {
+        throw new Promise<T>(() => undefined)
+    }
+
+    const promise = p as any
+    if (promise.status === 'fulfilled') {
+        return promise.value;
+    } else if (promise.status === 'rejected') {
+        throw promise.reason;
+    } else if (promise.status === 'pending') {
+        throw promise;
+    } else {
+        promise.status = 'pending';
+        p.then(
+            result => {
+                promise.status = 'fulfilled';
+                promise.value = result;
+            },
+            reason => {
+                promise.status = 'rejected';
+                promise.reason = reason;
+            },
+        );
+        throw promise;
+    }
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/ActionsMenu.tsx b/pkg/webui/ui/src/components/ActionsMenu.tsx
new file mode 100644
index 000000000..8247b7ed8
--- /dev/null
+++ b/pkg/webui/ui/src/components/ActionsMenu.tsx
@@ -0,0 +1,93 @@
+import React from "react";
+import { MoreVert } from "@mui/icons-material";
+import { IconButton, Menu, MenuItem } from "@mui/material";
+import { Link } from "react-router-dom";
+
+export interface ActionMenuItem {
+    icon: React.ReactNode
+    text: string
+    handler?: () => void
+    to?: string
+}
+
+export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMenuItem[] }) => {
+    const [anchorEl, setAnchorEl] = React.useState<null | HTMLElement>(null);
+    const menuOpen = Boolean(anchorEl);
+
+    const handleMenuClick = (e: React.MouseEvent<HTMLElement>) => {
+        e.stopPropagation()
+        setAnchorEl(e.currentTarget);
+    };
+    const handleMenuClose = () => {
+        setAnchorEl(null);
+    };
+
+    const icon = props.icon || <MoreVert/>
+
+    return <React.Fragment>
+        <IconButton
+            onClick={handleMenuClick}
+            size="small"
+            aria-controls={menuOpen ? 'account-menu' : undefined}
+            aria-haspopup="true"
+            aria-expanded={menuOpen ? 'true' : undefined}
+        >
+            {icon}
+        </IconButton>
+        <Menu
+            anchorEl={anchorEl}
+            id="account-menu"
+            open={menuOpen}
+            onClose={handleMenuClose}
+            onClick={ e => {e.stopPropagation(); handleMenuClose()}}
+            PaperProps={{
+                elevation: 0,
+                sx: {
+                    overflow: 'visible',
+                    filter: 'drop-shadow(0px 2px 8px rgba(0,0,0,0.32))',
+                    mt: 1.5,
+                    '& .MuiAvatar-root': {
+                        width: 32,
+                        height: 32,
+                        ml: -0.5,
+                        mr: 1,
+                    },
+                    '&:before': {
+                        content: '""',
+                        display: 'block',
+                        position: 'absolute',
+                        top: 0,
+                        right: 14,
+                        width: 10,
+                        height: 10,
+                        bgcolor: 'background.paper',
+                        transform: 'translateY(-50%) rotate(45deg)',
+                        zIndex: 0,
+                    },
+                },
+            }}
+            transformOrigin={{ horizontal: 'right', vertical: 'top' }}
+            anchorOrigin={{ horizontal: 'right', vertical: 'bottom' }}
+        >
+            {props.menuItems.map((item, i) => {
+                const handler = (e: React.SyntheticEvent) => {
+                    e.stopPropagation()
+                    if (item.handler) {
+                        item.handler()
+                    }
+                    handleMenuClose()
+                }
+                if (item.to) {
+                    return <MenuItem key={i} component={Link} to={item.to} onClick={handler}>
+                        {item.icon} {item.text}
+                    </MenuItem>
+                } else {
+                    return <MenuItem key={i} onClick={handler}>
+                        {item.icon} {item.text}
+                    </MenuItem>
+                }
+            })}
+
+        </Menu>
+    </React.Fragment>
+}
diff --git a/pkg/webui/ui/src/components/App.css b/pkg/webui/ui/src/components/App.css
new file mode 100644
index 000000000..78b8850cf
--- /dev/null
+++ b/pkg/webui/ui/src/components/App.css
@@ -0,0 +1,38 @@
+.App {
+    text-align: center;
+}
+
+.App-logo {
+    height: 40vmin;
+    pointer-events: none;
+}
+
+@media (prefers-reduced-motion: no-preference) {
+    .App-logo {
+        animation: App-logo-spin infinite 20s linear;
+    }
+}
+
+.App-header {
+    background-color: #282c34;
+    min-height: 100vh;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    font-size: calc(10px + 2vmin);
+    color: white;
+}
+
+.App-link {
+    color: #61dafb;
+}
+
+@keyframes App-logo-spin {
+    from {
+        transform: rotate(0deg);
+    }
+    to {
+        transform: rotate(360deg);
+    }
+}
diff --git a/pkg/webui/ui/src/components/App.test.tsx b/pkg/webui/ui/src/components/App.test.tsx
new file mode 100644
index 000000000..2a68616d9
--- /dev/null
+++ b/pkg/webui/ui/src/components/App.test.tsx
@@ -0,0 +1,9 @@
+import React from 'react';
+import { render, screen } from '@testing-library/react';
+import App from './App';
+
+test('renders learn react link', () => {
+  render(<App />);
+  const linkElement = screen.getByText(/learn react/i);
+  expect(linkElement).toBeInTheDocument();
+});
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
new file mode 100644
index 000000000..ce3a71aa9
--- /dev/null
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -0,0 +1,30 @@
+import React, { useState } from 'react';
+
+import '../index.css';
+import { Box } from "@mui/material";
+import { Outlet, useOutletContext } from "react-router-dom";
+import LeftDrawer from "./LeftDrawer";
+
+export interface AppOutletContext {
+    filters?: React.ReactNode
+    setFilters: (filter: React.ReactNode) => void
+}
+
+export function useAppOutletContext(): AppOutletContext {
+    return useOutletContext<AppOutletContext>()
+}
+
+const App = () => {
+    const [filters, setFilters] = useState<React.ReactNode>()
+
+    const context: AppOutletContext = {
+        filters: filters,
+        setFilters: setFilters,
+    }
+
+    return <Box width={"100%"} height={"100%"}>
+        <LeftDrawer content={<Outlet context={context}/>} context={context}/>
+    </Box>
+};
+
+export default App;
diff --git a/pkg/webui/ui/src/components/CodeViewer.tsx b/pkg/webui/ui/src/components/CodeViewer.tsx
new file mode 100644
index 000000000..2e55a82c0
--- /dev/null
+++ b/pkg/webui/ui/src/components/CodeViewer.tsx
@@ -0,0 +1,29 @@
+import React from 'react';
+
+import { Light as SyntaxHighlighter } from 'react-syntax-highlighter';
+import { docco } from 'react-syntax-highlighter/dist/esm/styles/hljs';
+
+import yamlLanguage from 'react-syntax-highlighter/dist/esm/languages/hljs/yaml';
+import diffLanguage from 'react-syntax-highlighter/dist/esm/languages/hljs/diff';
+
+SyntaxHighlighter.registerLanguage('yaml', yamlLanguage);
+SyntaxHighlighter.registerLanguage('diff', diffLanguage);
+
+export function CodeViewer(props: { code: string, language: string }) {
+    return <SyntaxHighlighter language={props.language} style={docco}>
+            {props.code!}
+        </SyntaxHighlighter>
+
+
+    /*return <Box height={"100%"}><Box sx={{
+        overflowY: 'scroll', // Enable vertical scrolling
+        height: "100%",
+        //maxHeight: '100%', // Set a fixed height
+        border: '1px solid #ccc', // Optional border
+        padding: '10px', // Optional padding
+    }}>
+        <SyntaxHighlighter language={props.language} style={docco}>
+            {props.code!}
+        </SyntaxHighlighter>
+    </Box></Box>*/
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/ErrorsTable.tsx b/pkg/webui/ui/src/components/ErrorsTable.tsx
new file mode 100644
index 000000000..f15abf73a
--- /dev/null
+++ b/pkg/webui/ui/src/components/ErrorsTable.tsx
@@ -0,0 +1,56 @@
+import React from 'react';
+import Table from '@mui/material/Table';
+import TableBody from '@mui/material/TableBody';
+import TableCell from '@mui/material/TableCell';
+import TableContainer from '@mui/material/TableContainer';
+import TableHead from '@mui/material/TableHead';
+import TableRow from '@mui/material/TableRow';
+import Paper from '@mui/material/Paper';
+import { DeploymentError } from "../models";
+import { Box, Divider, List, ListItem, ListItemText } from "@mui/material";
+import { buildRefKindElement } from "../api";
+
+export function ErrorsTable(props: { errors: DeploymentError[] }) {
+    return <>
+        <Box height={"100%"}>
+            <TableContainer component={Paper}>
+                <Table>
+                    <TableHead>
+                        <TableRow>
+                            <TableCell>Ref</TableCell>
+                            <TableCell>Message</TableCell>
+                        </TableRow>
+                    </TableHead>
+                    <TableBody>
+                        {props.errors?.map((e, i) => (
+                            <TableRow key={i}>
+                                <TableCell sx={{ minWidth: "150px" }}>
+                                    <List>
+                                        {buildRefKindElement(e.ref, <>
+                                            <ListItem>
+                                                <ListItemText primary={e.ref.kind}/>
+                                            </ListItem>
+                                        </>)}
+                                        <Divider/>
+                                        <ListItem>
+                                            <ListItemText primary={e.ref.name}/>
+                                        </ListItem>
+                                        {e.ref.namespace && <>
+                                            <Divider/>
+                                            <ListItem>
+                                                <ListItemText primary={e.ref.namespace}/>
+                                            </ListItem>
+                                        </>}
+                                    </List>
+                                </TableCell>
+                                <TableCell>
+                                    {e.message}
+                                </TableCell>
+                            </TableRow>
+                        ))}
+                    </TableBody>
+                </Table>
+            </TableContainer>
+        </Box>
+    </>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/Jdenticon.tsx b/pkg/webui/ui/src/components/Jdenticon.tsx
new file mode 100644
index 000000000..b46d01ffd
--- /dev/null
+++ b/pkg/webui/ui/src/components/Jdenticon.tsx
@@ -0,0 +1,17 @@
+import React, { useEffect, useRef } from 'react';
+import * as jdenticon from 'jdenticon';
+import { Box, SvgIcon } from "@mui/material";
+
+export const Jdenticon = (props: { value: string, size: string }) => {
+    const icon = useRef<SVGSVGElement>(null);
+    useEffect(() => {
+        if (icon.current === null) {
+            return
+        }
+        jdenticon.update(icon.current, props.value);
+    }, [props, icon])
+
+    return <Box>
+        <SvgIcon ref={icon} height={props.size} width={props.size}/>
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
new file mode 100644
index 000000000..7c23a7be3
--- /dev/null
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -0,0 +1,170 @@
+import * as React from 'react';
+import { useState } from 'react';
+import { CSSObject, styled, Theme, useTheme } from '@mui/material/styles';
+import Box from '@mui/material/Box';
+import MuiDrawer from '@mui/material/Drawer';
+import MuiAppBar, { AppBarProps as MuiAppBarProps } from '@mui/material/AppBar';
+import Toolbar from '@mui/material/Toolbar';
+import List from '@mui/material/List';
+import Divider from '@mui/material/Divider';
+import IconButton from '@mui/material/IconButton';
+import MenuIcon from '@mui/icons-material/Menu';
+import ChevronLeftIcon from '@mui/icons-material/ChevronLeft';
+import ChevronRightIcon from '@mui/icons-material/ChevronRight';
+import ListItem from '@mui/material/ListItem';
+import ListItemButton from '@mui/material/ListItemButton';
+import ListItemIcon from '@mui/material/ListItemIcon';
+import ListItemText from '@mui/material/ListItemText';
+import { Adjust } from "@mui/icons-material";
+import { Link } from "react-router-dom";
+import { AppOutletContext } from "./App";
+import { KluctlLogo } from "../icons/KluctlLogo";
+
+const drawerWidth = 240;
+
+const openedMixin = (theme: Theme): CSSObject => ({
+    width: drawerWidth,
+    transition: theme.transitions.create('width', {
+        easing: theme.transitions.easing.sharp,
+        duration: theme.transitions.duration.enteringScreen,
+    }),
+    overflowX: 'hidden',
+});
+
+const closedMixin = (theme: Theme): CSSObject => ({
+    transition: theme.transitions.create('width', {
+        easing: theme.transitions.easing.sharp,
+        duration: theme.transitions.duration.leavingScreen,
+    }),
+    overflowX: 'hidden',
+    width: `calc(${theme.spacing(7)} + 1px)`,
+    [theme.breakpoints.up('sm')]: {
+        width: `calc(${theme.spacing(8)} + 1px)`,
+    },
+});
+
+const DrawerHeader = styled('div')(({ theme }) => ({
+    display: 'flex',
+    alignItems: 'center',
+    justifyContent: 'flex-end',
+    padding: theme.spacing(0, 1),
+    // necessary for content to be below app bar
+    ...theme.mixins.toolbar,
+}));
+
+interface AppBarProps extends MuiAppBarProps {
+    open?: boolean;
+}
+
+const AppBar = styled(MuiAppBar, {
+    shouldForwardProp: (prop) => prop !== 'open',
+})<AppBarProps>(({ theme, open }) => ({
+    zIndex: theme.zIndex.drawer + 1,
+    transition: theme.transitions.create(['width', 'margin'], {
+        easing: theme.transitions.easing.sharp,
+        duration: theme.transitions.duration.leavingScreen,
+    }),
+    ...(open && {
+        marginLeft: drawerWidth,
+        width: `calc(100% - ${drawerWidth}px)`,
+        transition: theme.transitions.create(['width', 'margin'], {
+            easing: theme.transitions.easing.sharp,
+            duration: theme.transitions.duration.enteringScreen,
+        }),
+    }),
+}));
+
+const Drawer = styled(MuiDrawer, { shouldForwardProp: (prop) => prop !== 'open' })(
+    ({ theme, open }) => ({
+        width: drawerWidth,
+        flexShrink: 0,
+        whiteSpace: 'nowrap',
+        boxSizing: 'border-box',
+        ...(open && {
+            ...openedMixin(theme),
+            '& .MuiDrawer-paper': openedMixin(theme),
+        }),
+        ...(!open && {
+            ...closedMixin(theme),
+            '& .MuiDrawer-paper': closedMixin(theme),
+        }),
+    }),
+);
+
+function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: string }) {
+    return <ListItem component={Link} to={props.to} key={props.text} disablePadding sx={{ display: 'block' }}>
+        <ListItemButton
+            sx={{
+                minHeight: 48,
+                justifyContent: props.open ? 'initial' : 'center',
+                px: 2.5,
+            }}
+        >
+            <ListItemIcon
+                sx={{
+                    minWidth: 0,
+                    mr: props.open ? 3 : 'auto',
+                    justifyContent: 'center',
+                }}
+            >
+                {props.icon}
+            </ListItemIcon>
+            <ListItemText primary={props.text} sx={{ opacity: props.open ? 1 : 0 }}/>
+        </ListItemButton>
+    </ListItem>
+}
+
+export default function LeftDrawer(props: { content: React.ReactNode, context: AppOutletContext }) {
+    const context = props.context
+
+    const theme = useTheme();
+    const [open, setOpen] = useState(true);
+
+    const handleDrawerOpen = () => {
+        setOpen(true);
+    };
+
+    const handleDrawerClose = () => {
+        setOpen(false);
+    };
+
+    return (
+        <Box sx={{ display: 'flex' }} height={"100%"}>
+            <AppBar position="fixed" open={open}>
+                <Toolbar>
+                    <IconButton
+                        color="inherit"
+                        aria-label="open drawer"
+                        onClick={handleDrawerOpen}
+                        edge="start"
+                        sx={{
+                            marginRight: 5,
+                            ...(open && { display: 'none' }),
+                        }}
+                    >
+                        <MenuIcon/>
+                    </IconButton>
+                    <KluctlLogo/>
+                </Toolbar>
+            </AppBar>
+            <Drawer variant="permanent" open={open}>
+                <DrawerHeader>
+                    <IconButton onClick={handleDrawerClose}>
+                        {theme.direction === 'rtl' ? <ChevronRightIcon/> : <ChevronLeftIcon/>}
+                    </IconButton>
+                </DrawerHeader>
+                <Divider/>
+                <List>
+                    <Item text={"Targets"} open={open} icon={<Adjust/>} to={"targets"}/>
+                    <Divider/>
+                    {context.filters}
+                </List>
+                <Divider/>
+            </Drawer>
+            <Box component="main" sx={{ flexGrow: 1 }} minWidth={0}>
+                <DrawerHeader/>
+                {props.content}
+            </Box>
+        </Box>
+    );
+}
diff --git a/pkg/webui/ui/src/components/Loading.tsx b/pkg/webui/ui/src/components/Loading.tsx
new file mode 100644
index 000000000..9b26bf95e
--- /dev/null
+++ b/pkg/webui/ui/src/components/Loading.tsx
@@ -0,0 +1,15 @@
+import { Box, CircularProgress } from "@mui/material";
+
+export const Loading = () => {
+    return <Box display={"flex"} height={"100%"}>
+        <Box
+            display={"flex"}
+            width={"100%"}
+            height={"100%"}
+            alignItems={"center"}
+            justifyContent={"center"}
+        >
+            <CircularProgress/>
+        </Box>
+    </Box>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
new file mode 100644
index 000000000..11f50f428
--- /dev/null
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -0,0 +1,26 @@
+import { CommandResultProps } from "./result-view/CommandResultView";
+import { ObjectRef } from "../models";
+import { api, ObjectType, usePromise } from "../api";
+import React, { Suspense, useEffect, useState } from "react";
+import { CodeViewer } from "./CodeViewer";
+
+import * as yaml from 'js-yaml';
+import { Loading } from "./Loading";
+
+export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType}) => {
+    const [promise, setPromise] = useState<Promise<string>>()
+
+    useEffect(() => {
+        const p = api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+            .then(yaml.dump)
+        setPromise(p)
+    }, [props.treeProps, props.objectRef, props.objectType])
+
+    const Content = () => {
+        return <CodeViewer code={usePromise(promise)} language={"yaml"}/>
+    }
+
+    return <Suspense fallback={<Loading/>}>
+        <Content/>
+    </Suspense>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/PropertiesTable.tsx b/pkg/webui/ui/src/components/PropertiesTable.tsx
new file mode 100644
index 000000000..20cdd967e
--- /dev/null
+++ b/pkg/webui/ui/src/components/PropertiesTable.tsx
@@ -0,0 +1,31 @@
+import React from 'react';
+import Table from '@mui/material/Table';
+import TableBody from '@mui/material/TableBody';
+import TableCell from '@mui/material/TableCell';
+import TableContainer from '@mui/material/TableContainer';
+import TableHead from '@mui/material/TableHead';
+import TableRow from '@mui/material/TableRow';
+import Paper from '@mui/material/Paper';
+
+export function PropertiesTable(props: {properties: {name: string, value: React.ReactNode}[]}) {
+    return (
+        <TableContainer component={Paper}>
+            <Table>
+                <TableHead>
+                    <TableRow>
+                        <TableCell>Name</TableCell>
+                        <TableCell>Value</TableCell>
+                    </TableRow>
+                </TableHead>
+                <TableBody>
+                    {props.properties.map((row) => (
+                        <TableRow key={row.name}>
+                            <TableCell>{row.name}</TableCell>
+                            <TableCell>{row.value}</TableCell>
+                        </TableRow>
+                    ))}
+                </TableBody>
+            </Table>
+        </TableContainer>
+    );
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
new file mode 100644
index 000000000..ee3417a1a
--- /dev/null
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -0,0 +1,41 @@
+import { createBrowserRouter, createHashRouter, useRouteError } from "react-router-dom";
+import React from "react";
+import App from "./App";
+import { projectsLoader, TargetsView } from "./targets-view/TargetsView";
+import { commandResultLoader, CommandResultView } from "./result-view/CommandResultView";
+
+function ErrorPage() {
+    const error = useRouteError() as any;
+
+    return (
+        <div id="error-page">
+            <h1>Oops!</h1>
+            <p>Sorry, an unexpected error has occurred.</p>
+            <p>
+                <i>{error.statusText || error.message}</i>
+            </p>
+        </div>
+    );
+}
+
+export const Router = createHashRouter([
+    {
+        path: "/",
+        element: <App />,
+        errorElement: <ErrorPage />,
+        children: [
+            {
+                path: "targets",
+                element: <TargetsView/>,
+                loader: projectsLoader,
+                errorElement: <ErrorPage/>,
+            },
+            {
+                path: "results/:id",
+                element: <CommandResultView/>,
+                loader: commandResultLoader,
+                errorElement: <ErrorPage/>,
+            },
+        ],
+    },
+]);
diff --git a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
new file mode 100644
index 000000000..b802201f3
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
@@ -0,0 +1,105 @@
+import React from 'react';
+import Table from '@mui/material/Table';
+import TableBody from '@mui/material/TableBody';
+import TableCell from '@mui/material/TableCell';
+import TableContainer from '@mui/material/TableContainer';
+import TableHead from '@mui/material/TableHead';
+import TableRow from '@mui/material/TableRow';
+import Paper from '@mui/material/Paper';
+import { buildRefKindElement, buildRefString } from "../../api";
+import { Box, Typography } from "@mui/material";
+import { CodeViewer } from "../CodeViewer";
+import { DiffStatus } from "./nodes/NodeData";
+import Divider from "@mui/material/Divider";
+import { ObjectRef } from "../../models";
+
+const RefList = (props: { title: string, refs: ObjectRef[] }) => {
+    return <Box>
+        <Typography align={"center"} variant={"h5"}>{props.title}</Typography>
+        <TableContainer component={Paper}>
+            <Table>
+                <TableHead>
+                    <TableRow>
+                        <TableCell align="left">
+                            <Typography>Kind</Typography>
+                        </TableCell>
+                        <TableCell align="left">
+                            <Typography>Namespace</Typography>
+                        </TableCell>
+                        <TableCell align="left">
+                            <Typography>Name</Typography>
+                        </TableCell>
+                    </TableRow>
+                </TableHead>
+                <TableBody>
+                    {props.refs.map((ref, i) => {
+                        return <TableRow key={i}>
+                            <TableCell>
+                                {buildRefKindElement(ref)}
+                            </TableCell>
+                            <TableCell>
+                                <Typography>{ref.namespace}</Typography>
+                            </TableCell>
+                            <TableCell>
+                                <Typography>{ref.name}</Typography>
+                            </TableCell>
+                        </TableRow>
+                    })}
+                </TableBody>
+            </Table>
+        </TableContainer>
+        <Box height={"20px"}></Box>
+    </Box>
+}
+
+export function ChangesTable(props: { diffStatus: DiffStatus }) {
+    let changedObjects: React.ReactElement | undefined
+
+    if (props.diffStatus.changedObjects.length) {
+        changedObjects = <Box>
+            <Typography align={"center"} variant={"h5"}>Changed Objects</Typography>
+            {props.diffStatus.changedObjects.map((co, i) => (
+                <TableContainer key={i} component={Paper}>
+                    <Table>
+                        <TableHead>
+                            <TableRow>
+                                <TableCell align="left" colSpan={2}>
+                                    <Typography variant="h6">{buildRefString(co.ref)}</Typography>
+                                </TableCell>
+                            </TableRow>
+                            <TableRow>
+                                <TableCell>Path</TableCell>
+                                <TableCell>Changes</TableCell>
+                            </TableRow>
+                        </TableHead>
+                        <TableBody>
+                            {co.changes?.map((c, i) => (
+                                <TableRow key={i}>
+                                    <TableCell>
+                                        <Box minWidth={"100px"} sx={{ overflowWrap: "anywhere" }}>
+                                            <Typography>{c.jsonPath}</Typography>
+                                        </Box>
+                                    </TableCell>
+                                    <TableCell>
+                                        <CodeViewer code={c.unifiedDiff || ""} language={"diff"}/>
+                                    </TableCell>
+                                </TableRow>
+                            ))}
+                        </TableBody>
+                    </Table>
+                </TableContainer>
+            ))}
+            <Divider/>
+        </Box>
+    }
+
+    return <Box width={"100%"} display={"flex"} flexDirection={"column"}>
+        {props.diffStatus.newObjects.length ?
+            <RefList title={"New Objects"} refs={props.diffStatus.newObjects}/> : <></>}
+        {props.diffStatus.deletedObjects.length ?
+            <RefList title={"Deleted Objects"} refs={props.diffStatus.deletedObjects}/> : <></>}
+        {props.diffStatus.orphanObjects.length ?
+            <RefList title={"Orphan Objects"} refs={props.diffStatus.orphanObjects}/> : <></>}
+        {changedObjects}
+    </Box>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
new file mode 100644
index 000000000..d5a48a05b
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -0,0 +1,59 @@
+import { CommandResultSummary, ValidateResult } from "../../models";
+import { Box, Tooltip, Typography } from "@mui/material";
+import { Dangerous, Delete, Difference, LibraryAdd, LinkOff, Warning } from "@mui/icons-material";
+import React from "react";
+
+export interface StatusLineProps {
+    errors?: number
+    warnings?: number
+    changedObjects?: number
+    newObjects?: number
+    deletedObjects?: number
+    orphanObjects?: number
+}
+
+export const StatusLine = (props: StatusLineProps) => {
+    const children: React.ReactElement[] = []
+
+    const doPush = (n: number | undefined, t: string, icon: React.ReactElement) => {
+        if (n) {
+            children.push(
+                <Box key={children.length} display={"flex"} flexDirection={"column"}>
+                    <Tooltip title={n + " " + t}>
+                        {icon}
+                    </Tooltip>
+                    <Typography fontSize={"10px"} align={"center"}>{n}</Typography>
+                </Box>
+            )
+        }
+    }
+
+    doPush(props.errors, "total errors.", <Dangerous color={"error"}/>)
+    doPush(props.warnings, "total warnings.", <Warning color={"warning"}/>)
+    doPush(props.newObjects, "new objects.", <LibraryAdd color={"info"}/>)
+    doPush(props.deletedObjects, "deleted objects.", <Delete color={"info"}/>)
+    doPush(props.orphanObjects, "orphan objects.", <LinkOff color={"info"}/>)
+    doPush(props.changedObjects, "changed objects.", <Difference color={"info"}/>)
+
+    return <Box display="flex" width={"100%"}>
+        {children}
+    </Box>
+}
+
+export const CommandResultStatusLine = (props: { rs: CommandResultSummary }) => {
+    return <StatusLine errors={props.rs.errors}
+                       warnings={props.rs.warnings}
+                       changedObjects={props.rs.changedObjects}
+                       newObjects={props.rs.newObjects}
+                       deletedObjects={props.rs.deletedObjects}
+                       orphanObjects={props.rs.orphanObjects}
+    />
+}
+
+
+export const ValidateResultStatusLine = (props: { vr?: ValidateResult }) => {
+    return <StatusLine errors={props.vr?.errors?.length}
+                       warnings={props.vr?.warnings?.length}
+                       changedObjects={props.vr?.drift?.length}
+    />
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
new file mode 100644
index 000000000..d1986046a
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -0,0 +1,95 @@
+import * as React from 'react';
+import { useEffect, useMemo, useState } from 'react';
+import TreeView from '@mui/lab/TreeView';
+import { TreeItem } from "@mui/lab";
+import ExpandMoreIcon from '@mui/icons-material/ExpandMore';
+import ChevronRightIcon from '@mui/icons-material/ChevronRight';
+import { NodeBuilder } from "./nodes/NodeBuilder";
+import { NodeData } from "./nodes/NodeData";
+import { ActiveFilters, FilterNode } from "./NodeStatusFilter";
+import { CommandResultProps } from "./CommandResultView";
+import { Loading } from "../Loading";
+
+export interface CommandResultTreeProps {
+    commandResultProps?: CommandResultProps
+
+    onSelectNode: (node?: NodeData) => void
+    activeFilters?: ActiveFilters
+}
+
+const CommandResultTree = (props: CommandResultTreeProps) => {
+    const [expanded, setExpanded] = useState<string[]>(["root"]);
+    const [selectedNodeId, setSelectedNodeId] = useState<string>()
+
+    const [rootNode, nodeMap] = useMemo(() => {
+        if (!props.commandResultProps) {
+            return [undefined, undefined]
+        }
+
+        const builder = new NodeBuilder(props.commandResultProps)
+        return builder.buildRoot()
+    }, [props.commandResultProps])
+
+    const handleToggle = (event: React.SyntheticEvent, nodeIds: string[]) => {
+        setExpanded(nodeIds);
+    };
+
+    const handleDoubleClick = (e: React.SyntheticEvent, node: NodeData) => {
+        if (expanded.includes(node.id)) {
+            setExpanded(expanded.filter((item) => item !== node.id));
+        } else {
+            setExpanded([...expanded, node.id]);
+        }
+        e.stopPropagation()
+    };
+
+    const handleItemClick = (e: React.SyntheticEvent, node: NodeData) => {
+        setSelectedNodeId(node.id)
+        e.stopPropagation()
+    }
+
+    const onSelectNode = props.onSelectNode
+    useEffect(() => {
+        if (!nodeMap || !selectedNodeId) {
+            return
+        }
+        const node = nodeMap.get(selectedNodeId)
+        if (!node) {
+            setSelectedNodeId(undefined)
+        }
+        onSelectNode(node)
+    }, [nodeMap, selectedNodeId, onSelectNode])
+
+    const renderTree = (nodes: NodeData) => {
+        if (!FilterNode(nodes, props.activeFilters)) {
+            return null
+        }
+        return <TreeItem
+            key={nodes.id}
+            nodeId={nodes.id}
+            label={<div onClick={(e: React.SyntheticEvent) => handleItemClick(e, nodes)}>{nodes.buildTreeItem()}</div>}
+            sx={{ marginBottom: "5px", marginTop: "5px" }}
+            onDoubleClick={(e: React.SyntheticEvent) => handleDoubleClick(e, nodes)}
+        >
+            {Array.isArray(nodes.children)
+                ? nodes.children.map((node) => renderTree(node))
+                : null}
+        </TreeItem>
+    };
+
+    if (!rootNode) {
+        return <Loading/>
+    }
+
+    return <TreeView expanded={expanded}
+                     onNodeToggle={handleToggle}
+                     aria-label="rich object"
+                     defaultCollapseIcon={<ExpandMoreIcon/>}
+                     defaultExpandIcon={<ChevronRightIcon/>}
+                     sx={{ width: "100%" }}
+    >
+        {renderTree(rootNode)}
+    </TreeView>
+}
+
+export default CommandResultTree;
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
new file mode 100644
index 000000000..607bc925b
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -0,0 +1,53 @@
+import * as React from 'react';
+import { useEffect, useState } from 'react';
+import { Box, Divider } from "@mui/material";
+import { CommandResult, CommandResultSummary, ShortName } from "../../models";
+import { NodeData } from "./nodes/NodeData";
+import { SidePanel } from "./SidePanel";
+import { ActiveFilters, NodeStatusFilter } from "./NodeStatusFilter";
+import CommandResultTree from "./CommandResultTree";
+import { useLoaderData } from "react-router-dom";
+import { api } from "../../api";
+import { useAppOutletContext } from "../App";
+
+export interface CommandResultProps {
+    shortNames: ShortName[]
+    summary: CommandResultSummary
+    commandResult: CommandResult
+}
+
+export async function commandResultLoader({ params }: any) {
+    const result = api.getResult(params.id)
+    const shortNames = api.getShortNames()
+    const summaries = api.listResults()
+
+    return {
+        shortNames: await shortNames,
+        summary: (await summaries).find(x => x.id === params.id),
+        commandResult: await result,
+    }
+}
+
+export const CommandResultView = () => {
+    const context = useAppOutletContext()
+    const commandResultProps = useLoaderData() as CommandResultProps
+    const [activeFilters, setActiveFilters] = useState<ActiveFilters>()
+    const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>()
+
+    useEffect(() => {
+        context.setFilters(<>
+            <NodeStatusFilter onFilterChange={setActiveFilters}/>
+        </>)
+    }, [])
+
+    return <Box display="flex" justifyContent={"space-between"} width={"100%"} height={"100%"}>
+        <Box width={"50%"} minWidth={0} overflow={"auto"}>
+            <CommandResultTree commandResultProps={commandResultProps} onSelectNode={setSidePanelNode}
+                               activeFilters={activeFilters}/>
+        </Box>
+        <Divider orientation="vertical" flexItem/>
+        <Box width={"50%"} minWidth={0}>
+            <SidePanel provider={sidePanelNode}/>
+        </Box>
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx b/pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx
new file mode 100644
index 000000000..3c78613aa
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx
@@ -0,0 +1,97 @@
+import React, { useState } from "react";
+import { Box, Chip } from "@mui/material";
+import { AutoFixHigh, ErrorOutline, Grade } from "@mui/icons-material";
+import { OverridableComponent } from "@mui/material/OverridableComponent";
+import Tooltip from "@mui/material/Tooltip";
+import { NodeData } from "./nodes/NodeData";
+
+export interface ActiveFilters {
+    onlyImportant: boolean
+    onlyChanged: boolean
+    onlyWithErrorsOrWarnings: boolean
+}
+
+export function FilterNode(node: NodeData, activeFilters?: ActiveFilters) {
+    const hasChanges = node.diffStatus?.hasDiffs()
+    const hasErrorsOrWarnings = node.healthStatus?.errors.length || node.healthStatus?.warnings.length
+    if (activeFilters?.onlyImportant && !hasChanges && !hasErrorsOrWarnings) {
+        return false
+    }
+    if (activeFilters?.onlyChanged && !hasChanges) {
+        return false
+    }
+    if (activeFilters?.onlyWithErrorsOrWarnings && !hasErrorsOrWarnings) {
+        return false
+    }
+    return true
+}
+
+const FilterButton = (props: { Icon: OverridableComponent<any>, tooltip: string, color: any, active: boolean, handler: (active: boolean) => void }) => {
+    const handleClick = () => {
+        props.handler(!props.active)
+    }
+
+    const Icon = props.Icon
+    const chipColor = props.active ? props.color : "default";
+    return <Tooltip title={props.tooltip}>
+        <Chip
+            variant="filled"
+            color={chipColor}
+            label={
+                <Icon
+                    color={props.active ? undefined : props.color}
+                    htmlColor={props.active ? "white" : undefined}
+                />
+            }
+            onClick={handleClick}
+            sx={{
+                "& .MuiChip-label": {
+                    display: "flex",
+                    justifyContent: "center",
+                    alignItems: "center"
+                }
+            }}
+        />
+    </Tooltip>
+}
+
+export const NodeStatusFilter = (props: { onFilterChange: (f: ActiveFilters) => void }) => {
+    const [activeFilters, setActiveFilters] = useState<ActiveFilters>({
+        onlyImportant: false,
+        onlyChanged: false,
+        onlyWithErrorsOrWarnings: false,
+    })
+
+    const doSetActiveFilters = (newActiveFilters: ActiveFilters) => {
+        setActiveFilters(newActiveFilters)
+        props.onFilterChange(newActiveFilters)
+    }
+
+    return (
+        <Box display={"flex"} flexDirection={"column"} alignItems={"center"}>
+            Filters
+            <Box
+                display="flex"
+                alignItems="center"
+                gap="5px"
+            >
+                <FilterButton Icon={Grade} tooltip={"Only important (changed or with errors/warnings)"}
+                              color={"secondary"}
+                              active={activeFilters.onlyImportant}
+                              handler={(active: boolean) => {
+                                  doSetActiveFilters({ ...activeFilters, onlyImportant: active });
+                              }}/>
+                <FilterButton Icon={AutoFixHigh} tooltip={"Only with changed"} color={"secondary"}
+                              active={activeFilters.onlyChanged}
+                              handler={(active: boolean) => {
+                                  doSetActiveFilters({ ...activeFilters, onlyChanged: active });
+                              }}/>
+                <FilterButton Icon={ErrorOutline} tooltip={"Only with errors or warnings"} color={"error"}
+                              active={activeFilters.onlyWithErrorsOrWarnings}
+                              handler={(active: boolean) => {
+                                  doSetActiveFilters({ ...activeFilters, onlyWithErrorsOrWarnings: active });
+                              }}/>
+            </Box>
+        </Box>
+    )
+}
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
new file mode 100644
index 000000000..da68288f9
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -0,0 +1,78 @@
+import { Box, Tab, Typography } from "@mui/material";
+import React, { useEffect, useState } from "react";
+import { TabContext, TabList, TabPanel } from "@mui/lab";
+
+export interface SidePanelTab {
+    label: string
+    content: React.ReactNode
+}
+
+export interface SidePanelProvider {
+    buildSidePanelTitle(): React.ReactNode
+    buildSidePanelTabs(): SidePanelTab[]
+}
+
+export interface SidePanelProps {
+    provider?: SidePanelProvider;
+}
+
+export const SidePanel = (props: SidePanelProps) => {
+    let [selectedTab, setSelectedTab] = useState<string>();
+
+    function handleTabChange(_e: React.SyntheticEvent, value: string) {
+        setSelectedTab(value);
+    }
+
+    let tabs = props.provider?.buildSidePanelTabs()
+    if (!tabs) {
+        tabs = []
+    }
+
+    useEffect(() => {
+        if (!tabs?.length) {
+            setSelectedTab("")
+            return
+        }
+
+        if (!selectedTab) {
+            setSelectedTab(tabs[0].label)
+            return
+        }
+
+        if (!tabs.find(x => x.label === selectedTab)) {
+            // reset it after the type of selected item has changed
+            setSelectedTab(tabs[0].label)
+        }
+        // ignore that it wants us to add selectedTab to the deps (it would cause and endless loop)
+        // eslint-disable-next-line
+    }, [props.provider])
+
+    if (!selectedTab || !tabs.find(x => x.label === selectedTab)) {
+        return <></>
+    }
+
+    if (!props.provider) {
+        return <></>
+    }
+
+    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" p={3}>
+        <Typography variant="h4" mb={1} component="div">
+            {props.provider.buildSidePanelTitle()}
+        </Typography>
+
+        <TabContext value={selectedTab}>
+            <Box flex="0 0 auto" sx={{ borderBottom: 1, borderColor: 'divider' }}>
+                <TabList onChange={handleTabChange}>
+                    {tabs.map((tab, i) => {
+                        return <Tab label={tab.label} value={tab.label} key={tab.label}/>
+                    })}
+                </TabList>
+            </Box>
+            {tabs.map((tab, index) => {
+                return <TabPanel value={tab.label} key={index} sx={{ overflowY: "auto" }}>
+                    {tab.content}
+                </TabPanel>
+            })}
+        </TabContext>
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
new file mode 100644
index 000000000..170b653af
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
@@ -0,0 +1,60 @@
+import React from 'react';
+
+import { NodeData } from "./NodeData";
+import { CloudSync } from "@mui/icons-material";
+import { PropertiesTable } from "../../PropertiesTable";
+import { CodeViewer } from "../../CodeViewer";
+import { CommandResultProps } from "../CommandResultView";
+
+import * as yaml from 'js-yaml';
+import { SidePanelTab } from "../SidePanel";
+
+export class CommandResultNodeData extends NodeData {
+    dumpedTargetYaml?: string
+
+    constructor(props: CommandResultProps, id: string) {
+        super(props, id, true, true);
+
+        if (this.props.commandResult.command?.target) {
+            this.dumpedTargetYaml = yaml.dump(this.props.commandResult.command.target)
+        }
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return "CommandResult";
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        return [<CloudSync fontSize={"large"}/>, "result"]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()}
+        ]
+
+        if (this.dumpedTargetYaml) {
+            const page = this.buildTargetPage()
+            tabs.push({label: "Target", content: page})
+        }
+
+        this.buildDiffAndHealthPages(tabs)
+
+        return tabs
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const props = [
+            {name: "Initiator", value: this.props.commandResult.command?.initiator},
+            {name: "Command", value: this.props.commandResult.command?.command},
+        ]
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+
+    buildTargetPage(): React.ReactNode {
+        return <CodeViewer code={this.dumpedTargetYaml!} language={"yaml"}/>
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
new file mode 100644
index 000000000..5b3cba216
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
@@ -0,0 +1,54 @@
+import { NodeData } from "./NodeData";
+import React from "react";
+import { Delete, LinkOff } from "@mui/icons-material";
+import { CommandResultProps } from "../CommandResultView";
+import { PropertiesTable } from "../../PropertiesTable";
+import { SidePanelTab } from "../SidePanel";
+
+export class DeletedOrOrphanObjectsCollectionNode extends NodeData {
+    deleted: boolean
+
+    constructor(props: CommandResultProps, id: string, deleted: boolean) {
+        super(props, id, false, true);
+        this.deleted = deleted
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        if (this.deleted) {
+            return `${this.diffStatus?.deletedObjects.length} objects deleted`
+        } else {
+            return `${this.diffStatus?.orphanObjects.length} objects orphaned`
+        }
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        if (this.deleted) {
+            return [<Delete fontSize={"large"}/>, "deleted"]
+        } else {
+            return [<LinkOff fontSize={"large"}/>, "orphans"]
+        }
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()}
+        ]
+
+        return tabs
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const props = []
+
+        if (this.diffStatus?.deletedObjects.length) {
+            props.push({ name: "Deleted", value: this.diffStatus?.deletedObjects.length })
+        }
+        if (this.diffStatus?.orphanObjects.length) {
+            props.push({ name: "Orphaned", value: this.diffStatus?.orphanObjects.length })
+        }
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
new file mode 100644
index 000000000..8d5ecc36c
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
@@ -0,0 +1,78 @@
+import React from 'react';
+
+import { DeploymentItemConfig, DeploymentProjectConfig } from "../../../models";
+import { NodeData } from "./NodeData";
+import { FolderZip } from "@mui/icons-material";
+import { GitIcon } from "../../../icons/GitIcon";
+import { CommandResultProps } from "../CommandResultView";
+import { PropertiesTable } from "../../PropertiesTable";
+import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
+import { SidePanelTab } from "../SidePanel";
+
+
+export class DeploymentItemIncludeNodeData extends NodeData {
+    deploymentItem: DeploymentItemConfig
+    includedDeployment: DeploymentProjectConfig
+
+    constructor(props: CommandResultProps, id: string, deploymentItem: DeploymentItemConfig, includedDeployment: DeploymentProjectConfig) {
+        super(props, id, true, true);
+        this.deploymentItem = deploymentItem
+        this.includedDeployment = includedDeployment
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        if (this.deploymentItem.include) {
+            return this.deploymentItem.include
+        } else if (this.deploymentItem.git) {
+            const s = this.deploymentItem.git!.url.split("/")
+            const name = s[s.length-1]
+            return <>
+                {name}
+                {this.deploymentItem.git!.subDir && (<><br/>{this.deploymentItem.git!.subDir}</>)}
+            </>
+        } else {
+            return "unknown include"
+        }
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        if (this.deploymentItem.git) {
+            return [<GitIcon/>, "git"]
+        }
+        return [<FolderZip fontSize={"large"}/>, "include"]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()},
+        ]
+        this.buildDiffAndHealthPages(tabs)
+        return tabs;
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const props = []
+
+        if (this.deploymentItem.include) {
+            props.push({ name: "Type", value: "LocalInclude" })
+            props.push({ name: "Path", value: this.deploymentItem.include })
+        } else if (this.deploymentItem.git) {
+            props.push({name: "Type", value: "GitInclude"})
+            props.push({name: "Url", value: this.deploymentItem.git.url})
+            props.push({name: "SubDir", value: this.deploymentItem.git.subDir})
+            let ref = "HEAD"
+            if (this.deploymentItem.git.ref) {
+                ref = this.deploymentItem.git.ref!
+            }
+            props.push({name: "Ref", value: ref})
+        } else {
+            props.push({name: "Type", value: "Unknown"})
+        }
+
+        buildDeploymentItemSummaryProps(this.deploymentItem, props)
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx
new file mode 100644
index 000000000..bebab6f96
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx
@@ -0,0 +1,72 @@
+import React from 'react';
+
+import { DeploymentItemConfig } from "../../../models";
+import { NodeData } from "./NodeData";
+import { Source } from "@mui/icons-material";
+import { PropertiesTable } from "../../PropertiesTable";
+import { CommandResultProps } from "../CommandResultView";
+import { SidePanelTab } from "../SidePanel";
+
+
+export class DeploymentItemNodeData extends NodeData {
+    deploymentItem: DeploymentItemConfig
+
+    constructor(props: CommandResultProps, id: string, deploymentItem: DeploymentItemConfig) {
+        super(props, id, true, true);
+        this.deploymentItem = deploymentItem
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return this.deploymentItem.path
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        let iconText = "di"
+        return [<Source fontSize={"large"}/>, iconText]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()},
+        ]
+        this.buildDiffAndHealthPages(tabs)
+        return tabs
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const props = []
+
+        props.push({name: "Path", value: this.deploymentItem.path})
+
+        buildDeploymentItemSummaryProps(this.deploymentItem, props)
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+}
+
+export function buildDeploymentItemSummaryProps(di: DeploymentItemConfig, props: {name: string, value: React.ReactNode}[]) {
+    if (di.barrier !== undefined) {
+        props.push({name: "Barrier", value: di.barrier + ""})
+    }
+    if (di.waitReadiness !== undefined) {
+        props.push({name: "WaitReadiness", value: di.waitReadiness + ""})
+    }
+    if (di.skipDeleteIfTags !== undefined) {
+        props.push({name: "SkipDeleteIfTags", value: di.skipDeleteIfTags + ""})
+    }
+    if (di.onlyRender !== undefined) {
+        props.push({name: "OnlyRender", value: di.onlyRender + ""})
+    }
+    if (di.alwaysDeploy !== undefined) {
+        props.push({name: "AlwaysDeploy", value: di.alwaysDeploy + ""})
+    }
+    if (di.deleteObjects) {
+        // TODO this is ugly
+        props.push({name: "DeleteObjects", value: JSON.stringify(di.deleteObjects)})
+    }
+    if (di.when) {
+        props.push({name: "When", value: di.when})
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts b/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
new file mode 100644
index 000000000..c3ab9769b
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
@@ -0,0 +1,194 @@
+import {
+    DeploymentError,
+    DeploymentItemConfig,
+    DeploymentProjectConfig,
+    ObjectRef,
+    ResultObject,
+    VarsSource
+} from "../../../models";
+import { VarsSourceNodeData } from "./VarsSourceNode";
+import { DeploymentItemNodeData } from "./DeploymentItemNode";
+import { ObjectNodeData } from "./ObjectNode";
+import { NodeData } from "./NodeData";
+import { CommandResultNodeData } from "./CommandResultNode";
+import { VarsSourceCollectionNodeData } from "./VarsSourceCollectionNode";
+import { DeploymentItemIncludeNodeData } from "./DeploymentItemIncludeNode";
+import { CommandResultProps } from "../CommandResultView";
+import { DeletedOrOrphanObjectsCollectionNode } from "./DeletedOrOrphanObjectsCollectionNode";
+
+export class NodeBuilder {
+    private props: CommandResultProps
+    private changedObjectsMap: Map<string, ResultObject> = new Map()
+    private newObjectsMap: Map<string, ObjectRef> = new Map()
+    private orphanObjectsMap: Map<string, ObjectRef> = new Map()
+    private deletedObjectsMap: Map<string, ObjectRef> = new Map()
+    private errorsMap: Map<string, DeploymentError[]> = new Map()
+    private warningsMap: Map<string, DeploymentError[]> = new Map()
+
+    constructor(props: CommandResultProps) {
+        this.props = props
+
+        props.commandResult.objects?.forEach(o => {
+            const key = buildObjectRefKey(o.ref)
+            if (o.changes?.length) {
+                this.changedObjectsMap.set(key, o)
+            }
+            if (o.new) {
+                this.newObjectsMap.set(key, o.ref)
+            }
+            if (o.orphan) {
+                this.orphanObjectsMap.set(key, o.ref)
+            }
+            if (o.deleted) {
+                this.deletedObjectsMap.set(key, o.ref)
+            }
+        })
+        props.commandResult.errors?.forEach(e => {
+            const key = buildObjectRefKey(e.ref)
+            let l = this.errorsMap.get(key)
+            if (!l) {
+                l = [e]
+                this.errorsMap.set(key, l)
+            } else {
+                l.push(e)
+            }
+        })
+        props.commandResult.warnings?.forEach(e => {
+            const key = buildObjectRefKey(e.ref)
+            let l = this.warningsMap.get(key)
+            if (!l) {
+                l = [e]
+                this.warningsMap.set(key, l)
+            } else {
+                l.push(e)
+            }
+        })
+    }
+
+    buildRoot(): [CommandResultNodeData, Map<string, NodeData>] {
+        const rootNode = new CommandResultNodeData(this.props, "root")
+
+        this.buildDeploymentProjectChildren(rootNode, this.props.commandResult.deployment!)
+
+        if (this.deletedObjectsMap.size) {
+            this.buildDeletedOrOrphanNode(rootNode, true, Array.from(this.deletedObjectsMap.values()))
+        }
+        if (this.orphanObjectsMap.size) {
+            this.buildDeletedOrOrphanNode(rootNode, false, Array.from(this.orphanObjectsMap.values()))
+        }
+
+        const nodeMap: Map<string, NodeData> = new Map()
+        function collect(n: NodeData) {
+            nodeMap.set(n.id, n)
+            n.children.forEach(c => {
+                collect(c)
+            })
+        }
+        collect(rootNode)
+
+        return [rootNode, nodeMap]
+    }
+
+    buildDeploymentProjectChildren(node: NodeData, deploymentProject: DeploymentProjectConfig) {
+        if (deploymentProject.vars) {
+            this.buildVarsSourceCollectionNode(node, deploymentProject.vars)
+        }
+        deploymentProject.deployments?.forEach((deploymentItem, i) => {
+            this.buildDeploymentItemNode(node, deploymentItem, i)
+        })
+    }
+
+    buildVarsSourceCollectionNode(parentNode: NodeData, varsSources?: VarsSource[]) {
+        if (varsSources === undefined) {
+            return
+        }
+
+        const newId = `${parentNode.id}/(vars)`
+        const node = new VarsSourceCollectionNodeData(this.props, newId)
+        node.varsSources.push(...varsSources)
+
+        varsSources.forEach((vs, i) => {
+            this.buildVarsSourceNode(node, vs, i)
+        })
+
+        parentNode.pushChild(node)
+
+        return node
+    }
+
+    buildVarsSourceNode(parentNode: NodeData, varsSource: VarsSource, index: number): VarsSourceNodeData {
+        const newId = `${parentNode.id}/${index}}`
+        const node = new VarsSourceNodeData(this.props, newId, varsSource)
+        parentNode.pushChild(node)
+        return node
+    }
+
+    buildDeploymentItemNode(parentNode: NodeData, deploymentItem: DeploymentItemConfig, index: number): NodeData | undefined{
+        let node: NodeData | undefined
+        const newId = `${parentNode.id}/(dis)/${index}`
+        if (deploymentItem.path) {
+            node = new DeploymentItemNodeData(this.props, newId, deploymentItem)
+            this.buildVarsSourceCollectionNode(node, deploymentItem.vars)
+            deploymentItem.renderedObjects?.forEach(renderedObject => {
+                this.buildObjectNode(node!, renderedObject)
+            })
+        } else if (deploymentItem.include || deploymentItem.git) {
+            node = new DeploymentItemIncludeNodeData(this.props, newId, deploymentItem, deploymentItem.renderedInclude!)
+            this.buildVarsSourceCollectionNode(node, deploymentItem.vars)
+            if (deploymentItem.renderedInclude) {
+                this.buildDeploymentProjectChildren(node, deploymentItem.renderedInclude)
+            }
+        } else {
+            return node
+        }
+
+        parentNode.pushChild(node)
+
+        return node
+    }
+
+    buildObjectNode(parentNode: NodeData, objectRef: ObjectRef): ObjectNodeData {
+        const newId = `${parentNode.id}/(obj)/${buildObjectRefKey(objectRef)}`
+        const node = new ObjectNodeData(this.props, newId, objectRef)
+
+        const key = buildObjectRefKey(objectRef)
+        if (this.changedObjectsMap.has(key)) {
+            node.diffStatus?.addChangedObject(this.changedObjectsMap.get(key)!)
+        }
+        if (this.newObjectsMap.has(key)) {
+            node.diffStatus?.newObjects.push(objectRef)
+        }
+        if (this.deletedObjectsMap.has(key)) {
+            node.diffStatus?.deletedObjects.push(objectRef)
+        }
+        if (this.orphanObjectsMap.has(key)) {
+            node.diffStatus?.orphanObjects.push(objectRef)
+        }
+
+        this.errorsMap.get(key)?.forEach(e => {
+            node.healthStatus?.errors.push(e)
+        })
+        this.warningsMap.get(key)?.forEach(e => {
+            node.healthStatus?.warnings.push(e)
+        })
+
+        parentNode.pushChild(node)
+
+        return node
+    }
+
+    buildDeletedOrOrphanNode(parentNode: NodeData, deleted: boolean, refs: ObjectRef[]): DeletedOrOrphanObjectsCollectionNode {
+        const idType = deleted ? "deleted" : "orphaned"
+        const newId = `${parentNode.id}/(${idType})`
+        const node = new DeletedOrOrphanObjectsCollectionNode(this.props, newId, deleted)
+        refs.forEach(ref => {
+            this.buildObjectNode(node, ref)
+        })
+        parentNode.pushChild(node, true)
+        return node
+    }
+}
+
+function buildObjectRefKey(ref: ObjectRef): string {
+    return [ref.group, ref.version, ref.kind, ref.namespace, ref.name].join("+")
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
new file mode 100644
index 000000000..55c3d66d4
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
@@ -0,0 +1,188 @@
+import { ChangedObject, DeploymentError, ObjectRef, ResultObject } from "../../../models";
+import React from "react";
+import { Box, Typography } from "@mui/material";
+import { CommandResultProps } from "../CommandResultView";
+import { ChangesTable } from "../ChangesTable";
+import { ErrorsTable } from "../../ErrorsTable";
+import { ObjectType } from "../../../api";
+import { ObjectYaml } from "../../ObjectYaml";
+import { StatusLine } from "../CommandResultStatusLine";
+import { SidePanelProvider, SidePanelTab } from "../SidePanel";
+
+export class DiffStatus {
+    newObjects: ObjectRef[] = [];
+    deletedObjects: ObjectRef[] = [];
+    orphanObjects: ObjectRef[] = [];
+    changedObjects: ChangedObject[] = [];
+
+    totalInsertions: number = 0;
+    totalDeletions: number = 0;
+    totalUpdates: number = 0;
+
+    addChangedObject(co: ResultObject) {
+        this.changedObjects.push(co)
+        co.changes?.forEach(x => {
+            switch (x.type) {
+                case "insert":
+                    this.totalInsertions++
+                    break
+                case "delete":
+                    this.totalDeletions++
+                    break
+                case "update":
+                    this.totalUpdates++
+                    break
+            }
+        })
+    }
+
+    merge(other: DiffStatus) {
+        this.newObjects = this.newObjects.concat(other.newObjects)
+        this.deletedObjects = this.deletedObjects.concat(other.deletedObjects)
+        this.orphanObjects = this.orphanObjects.concat(other.orphanObjects)
+        this.changedObjects = this.changedObjects.concat(other.changedObjects)
+
+        this.totalInsertions += other.totalInsertions
+        this.totalDeletions += other.totalDeletions
+        this.totalUpdates += other.totalUpdates
+    }
+
+    hasDiffs() {
+        if (this.newObjects.length || this.deletedObjects.length || this.orphanObjects.length) {
+            return true
+        }
+        if (this.changedObjects.find(co => co.changes?.length !== 0)) {
+            return true
+        }
+        return false
+    }
+}
+
+export class HealthStatus {
+    errors: DeploymentError[] = []
+    warnings: DeploymentError[] = []
+
+    merge(other: HealthStatus) {
+        this.errors = this.errors.concat(other.errors)
+        this.warnings = this.warnings.concat(other.warnings)
+    }
+}
+
+export abstract class NodeData implements SidePanelProvider {
+    props: CommandResultProps
+
+    id: string
+    children: NodeData[] = []
+
+    healthStatus?: HealthStatus;
+    diffStatus?: DiffStatus;
+
+    protected constructor(props: CommandResultProps, id: string, hasHealthStatus: boolean, hasDiffStatus: boolean) {
+        this.props = props
+        this.id = id
+        if (hasHealthStatus) {
+            this.healthStatus = new HealthStatus()
+        }
+        if (hasDiffStatus) {
+            this.diffStatus = new DiffStatus()
+        }
+    }
+
+    pushChild(child: NodeData, front?: boolean) {
+        if (front) {
+            this.children.unshift(child)
+        } else {
+            this.children.push(child)
+        }
+        this.merge(child)
+    }
+
+    merge(other: NodeData) {
+        if (this.diffStatus && other.diffStatus) {
+            this.diffStatus.merge(other.diffStatus)
+        }
+        if (this.healthStatus && other.healthStatus) {
+            this.healthStatus.merge(other.healthStatus)
+        }
+    }
+
+    abstract buildSidePanelTitle(): React.ReactNode
+
+    abstract buildIcon(): [React.ReactNode, string]
+
+    abstract buildSidePanelTabs(): SidePanelTab[]
+
+    buildStatusLine(): React.ReactNode {
+        return <StatusLine
+            errors={this.healthStatus?.errors.length}
+            warnings={this.healthStatus?.warnings.length}
+            changedObjects={this.diffStatus?.changedObjects.length}
+            newObjects={this.diffStatus?.newObjects.length}
+            deletedObjects={this.diffStatus?.deletedObjects.length}
+            orphanObjects={this.diffStatus?.orphanObjects.length}
+        />
+    }
+
+    buildTreeItem(): React.ReactNode {
+        const [icon, iconText] = this.buildIcon()
+
+        return <Box>
+            <Box display={"flex"}>
+                <Box display="flex" justifyContent="center" alignItems="center">
+                    <Box display="flex" flexDirection={"column"} alignItems={"center"}>
+                        {icon}
+                        <Typography fontSize={"10px"} color={"gray"}>{iconText}</Typography>
+                    </Box>
+                </Box>
+                <Box display={"flex"} flexDirection={"column"}>
+                    <Box>
+                        {this.buildSidePanelTitle()}<br/>
+                    </Box>
+                    <Box>
+                        {this.buildStatusLine()}
+                    </Box>
+                </Box>
+            </Box>
+        </Box>
+    }
+
+    buildDiffAndHealthPages(tabs: { label: string, content: React.ReactNode }[]) {
+        this.buildChangesPage(tabs)
+        this.buildErrorsPage(tabs)
+        this.buildWarningsPage(tabs)
+    }
+
+    buildObjectPage(ref: ObjectRef, objectType: ObjectType): React.ReactNode {
+        return <ObjectYaml treeProps={this.props} objectRef={ref} objectType={objectType}/>
+    }
+
+    buildChangesPage(tabs: { label: string, content: React.ReactNode }[]) {
+        if (!this.diffStatus?.hasDiffs()) {
+            return undefined
+        }
+        tabs.push({
+            label: "Changes",
+            content: <ChangesTable diffStatus={this.diffStatus}/>
+        })
+    }
+
+    buildErrorsPage(tabs: { label: string, content: React.ReactNode }[]) {
+        if (!this.healthStatus?.errors.length) {
+            return undefined
+        }
+        tabs.push({
+            label: "Errors",
+            content: <ErrorsTable errors={this.healthStatus.errors}/>
+        })
+    }
+
+    buildWarningsPage(tabs: { label: string, content: React.ReactNode }[]) {
+        if (!this.healthStatus?.warnings.length) {
+            return undefined
+        }
+        tabs.push({
+            label: "Warnings",
+            content: <ErrorsTable errors={this.healthStatus.warnings}/>
+        })
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
new file mode 100644
index 000000000..62a5b133f
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
@@ -0,0 +1,101 @@
+import React from 'react';
+
+import { ObjectRef } from "../../../models";
+import { NodeData } from "./NodeData";
+import {
+    DataObject,
+    PublishedWithChanges,
+    Settings,
+    SettingsEthernet,
+    SmartToy,
+    SvgIconComponent
+} from "@mui/icons-material";
+import { PropertiesTable } from "../../PropertiesTable";
+import { findObjectByRef, ObjectType } from "../../../api";
+import { CommandResultProps } from "../CommandResultView";
+import { SidePanelTab } from "../SidePanel";
+
+const kindMapping: {[key: string]: {icon: SvgIconComponent}} = {
+    "/ConfigMap": {icon: Settings},
+    "apps/Deployment": {icon: PublishedWithChanges},
+    "Service": {icon: SettingsEthernet},
+    "ServiceAccount": {icon: SmartToy}
+}
+
+export class ObjectNodeData extends NodeData {
+    objectRef: ObjectRef
+
+    constructor(props: CommandResultProps, id: string, objectRef: ObjectRef) {
+        super(props, id, true, true);
+        this.objectRef = objectRef
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return this.objectRef.name
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        const sn = this.props.shortNames.find(sn => sn.group === this.objectRef.group && sn.kind === this.objectRef.kind)
+        const snStr = sn?.shortName || ""
+
+        const m = kindMapping[this.objectRef.group + "/" + this.objectRef.kind]
+        if (m !== undefined) {
+            return [React.createElement(m.icon, {fontSize: "large"}), snStr]
+        }
+
+        return [<DataObject fontSize={"large"}/>, snStr]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()}
+        ]
+
+        this.buildDiffAndHealthPages(tabs)
+
+        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.rendered) {
+            tabs.push({ label: "Rendered", content: this.buildObjectPage(this.objectRef, ObjectType.Rendered) })
+        }
+
+        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.remote) {
+            tabs.push({label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote)})
+        }
+        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.applied) {
+            tabs.push({label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied)})
+        }
+
+        return tabs
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const props = []
+
+        let apiVersion = this.objectRef.version
+        if (this.objectRef.group) {
+            apiVersion = this.objectRef.group + "/" + this.objectRef.version
+        }
+        props.push({name: "ApiVersion", value: apiVersion})
+        props.push({name: "Kind", value: this.objectRef.kind})
+
+        props.push({name: "Name", value: this.objectRef.name})
+        if (this.objectRef.namespace) {
+            props.push({ name: "Namespace", value: this.objectRef.namespace })
+        }
+
+        const o = findObjectByRef(this.props.commandResult.objects, this.objectRef)
+        const annotations: {[key: string]: string} = o?.rendered?.metadata.annotations
+        if (annotations) {
+            Object.keys(annotations).forEach(k => {
+                    if (k.indexOf("kluctl.io/") !== -1) {
+                        props.push({ name: k, value: annotations[k] })
+                    }
+                }
+            )
+        }
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+}
+
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
new file mode 100644
index 000000000..20af76274
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
@@ -0,0 +1,26 @@
+import { VarsSource } from "../../../models";
+import { NodeData } from "./NodeData";
+import React from "react";
+import { DataArray } from "@mui/icons-material";
+import { CommandResultProps } from "../CommandResultView";
+import { SidePanelTab } from "../SidePanel";
+
+export class VarsSourceCollectionNodeData extends NodeData {
+    varsSources: VarsSource[] = []
+
+    constructor(props: CommandResultProps, id: string) {
+        super(props, id, false, false);
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return "vars: " + this.varsSources.length
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        return [<DataArray fontSize={"large"}/>, "vars"]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        return [];
+    }
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
new file mode 100644
index 000000000..d53838eeb
--- /dev/null
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
@@ -0,0 +1,238 @@
+import { VarsSource } from "../../../models";
+import { NodeData } from "./NodeData";
+import React from "react";
+import { Category, Cloud, Dvr, Http, Lock, Settings, Source } from "@mui/icons-material";
+import { GitIcon } from "../../../icons/GitIcon";
+import { PropertiesTable } from "../../PropertiesTable";
+import { CodeViewer } from "../../CodeViewer";
+import { Box } from "@mui/material";
+import { CommandResultProps } from "../CommandResultView";
+
+import * as yaml from 'js-yaml';
+import { SidePanelTab } from "../SidePanel";
+
+interface VarsSourceHandler {
+    type: string
+    label: () => React.ReactNode
+    icon: () => React.ReactNode
+    sourceProps: () => {name: string, value: React.ReactNode}[]
+}
+
+export class VarsSourceNodeData extends NodeData {
+    varsSource: VarsSource
+
+    labelsYaml?: string
+    renderedVarsYaml: string
+
+    constructor(props: CommandResultProps, id: string, varsSource: VarsSource) {
+        super(props, id, false, false);
+        this.varsSource = varsSource
+
+        let labels = this.varsSource.clusterConfigMap?.labels
+        if (!labels) {
+            labels = this.varsSource.clusterSecret?.labels
+        }
+        if (labels) {
+            this.labelsYaml = yaml.dump(labels)
+        }
+
+        this.renderedVarsYaml = yaml.dump(this.varsSource.renderedVars)
+    }
+
+    getVarsSourceHandler(): VarsSourceHandler {
+        if (this.varsSource.values) {
+            return {
+                type: "values",
+                label: () => {
+                    if (this.varsSource.renderedVars) {
+                        return "values: " + Object.keys(this.varsSource.renderedVars).length
+                    } else {
+                        return "empty values"
+                    }
+                },
+                icon: () => <Category fontSize={"large"}/>,
+                sourceProps: () => []
+            }
+        } else if (this.varsSource.file) {
+            return {
+                type: "file",
+                label: () => {
+                    return this.varsSource.file
+                },
+                icon: () => <Source fontSize={"large"}/>,
+                sourceProps: () => [
+                    {name: "File", value: this.varsSource.file}
+                ]
+            }
+        } else if (this.varsSource.git) {
+            return {
+                type: "git",
+                label: () => {
+                    const s = this.varsSource.git!.url.split("/")
+                    const name = s[s.length-1]
+                    return <>
+                        {name}<br/>
+                        {this.varsSource.git!.path}
+                    </>
+                },
+                icon: () => <GitIcon/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({name: "Url", value: this.varsSource.git!.url})
+                    sourceProps.push({name: "Path", value: this.varsSource.git!.path})
+                    let ref = "HEAD"
+                    if (this.varsSource.git!.ref) {
+                        ref = this.varsSource.git!.ref!
+                    }
+                    sourceProps.push({name: "Ref", value: ref})
+                    return sourceProps
+                }
+            }
+        } else if (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret) {
+            const vs = (this.varsSource.clusterConfigMap ? this.varsSource.clusterConfigMap : this.varsSource.clusterSecret)!
+            const type = this.varsSource.clusterConfigMap ? "cm" : "secret"
+            const icon = this.varsSource.clusterConfigMap ? <Settings fontSize={"large"}/> : <Lock fontSize={"large"}/>
+            return {
+                type: type,
+                label: () => {
+                    return this.varsSource.clusterConfigMap?.name!
+                },
+                icon: () => icon,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({name: "Name", value: vs.name})
+                    sourceProps.push({name: "Namespace", value: vs.namespace})
+                    sourceProps.push({name: "Key", value: vs.key})
+                    if (vs.labels) {
+                        sourceProps.push({name: "Labels", value: <CodeViewer code={this.labelsYaml!} language={"yaml"}/>})
+                    }
+                    return sourceProps
+                }
+            }
+        } else if (this.varsSource.systemEnvVars) {
+            return {
+                type: "systemEnvVar",
+                label: () => {
+                    return "systemEnvVars"
+                },
+                icon: () => <Dvr fontSize={"large"}/>,
+                sourceProps: () => {
+                    // TODO
+                    return []
+                }
+            }
+        } else if (this.varsSource.http) {
+            return {
+                type: "http",
+                label: () => {
+                    return this.varsSource.http!.url
+                },
+                icon: () => <Http fontSize={"large"}/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({name: "Url", value: this.varsSource.http!.url})
+                    sourceProps.push({name: "Method", value: this.varsSource.http!.method || "GET"})
+                    if (this.varsSource.http!.jsonPath) {
+                        sourceProps.push({name: "JsonPath", value: this.varsSource.http!.jsonPath})
+                    }
+                    return sourceProps
+                }
+            }
+        } else if (this.varsSource.awsSecretsManager) {
+            return {
+                type: "awsSecretsManager",
+                label: () => {
+                    return this.varsSource.awsSecretsManager!.secretName
+                },
+                icon: () => <Cloud fontSize={"large"}/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({name: "SecretName", value: this.varsSource.awsSecretsManager!.secretName})
+                    if (this.varsSource.awsSecretsManager!.region) {
+                        sourceProps.push({ name: "Region", value: this.varsSource.awsSecretsManager!.region })
+                    }
+                    if (this.varsSource.awsSecretsManager!.profile) {
+                        sourceProps.push({ name: "Profile", value: this.varsSource.awsSecretsManager!.profile })
+                    }
+                    return sourceProps
+                }
+            }
+        } else if (this.varsSource.vault) {
+            return {
+                type: "vault",
+                label: () => {
+                    return <>
+                        {this.varsSource.vault!.address}<br/>
+                        {this.varsSource.vault!.path}
+                    </>
+                },
+                icon: () => <Cloud fontSize={"large"}/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({name: "Address", value: this.varsSource.vault!.address})
+                    sourceProps.push({name: "Path", value: this.varsSource.vault!.path})
+                    return sourceProps
+                }
+            }
+        } else {
+            return {
+                type: "unknown",
+                label: () => {
+                    return "values: " + Object.keys(this.varsSource.renderedVars).length
+                },
+                icon: () => <Category fontSize={"large"}/>,
+                sourceProps: () => []
+            }
+        }
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return this.getVarsSourceHandler().label()
+    }
+
+    buildIcon(): [React.ReactNode, string] {
+        const h = this.getVarsSourceHandler()
+        return [h.icon(), h.type]
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryPage()},
+            {label: "Vars", content: this.buildVarsPage()}
+        ]
+        this.buildDiffAndHealthPages(tabs)
+        return tabs
+    }
+
+    buildSummaryPage(): React.ReactNode {
+        const h = this.getVarsSourceHandler()
+
+        const props = [
+            {name: "Type", value: h.type},
+            ...h.sourceProps(),
+            {name: "IgnoreMissing", value: (!!this.varsSource.ignoreMissing) + ""},
+            {name: "NoOverride", value: (!!this.varsSource.noOverride) + ""},
+        ]
+
+        if (this.varsSource.when) {
+            props.push({name: "When", value: this.varsSource.when})
+        }
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+
+    buildVarsPage(): React.ReactNode {
+        return <Box sx={{
+            overflowY: 'scroll', // Enable vertical scrolling
+            //maxHeight: '400px', // Set a fixed height
+            border: '1px solid #ccc', // Optional border
+            padding: '10px', // Optional padding
+        }}>
+            <pre>
+                <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
+            </pre>
+        </Box>
+    }
+}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
new file mode 100644
index 000000000..298fbe66a
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -0,0 +1,54 @@
+import { CommandResultSummary } from "../../models";
+import { api, usePromise } from "../../api";
+import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
+import React, { Suspense, useEffect, useState } from "react";
+import { NodeData } from "../result-view/nodes/NodeData";
+import { SidePanel } from "../result-view/SidePanel";
+import { Box, Drawer } from "@mui/material";
+import { Loading } from "../Loading";
+
+async function doGetRootNode(rs: CommandResultSummary) {
+    const shortNames = api.getShortNames()
+    const r = api.getResult(rs.id)
+    const builder = new NodeBuilder({
+        shortNames: await shortNames,
+        summary: rs,
+        commandResult: await r,
+    })
+    const [node, nodeMap] = builder.buildRoot()
+    return node
+}
+
+export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, onClose: () => void }) => {
+    const [prevId, setPrevId] = useState<string>()
+    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined))
+
+    useEffect(() => {
+        if (props.rs === undefined) {
+            return
+        }
+        if (props.rs.id === prevId) {
+            return
+        }
+        setPrevId(props.rs.id)
+        setPromise(doGetRootNode(props.rs))
+    }, [props.rs])
+
+    const Content = () => {
+        const node = usePromise(promise)
+        return <SidePanel provider={node}/>
+    }
+
+    return <Drawer
+        sx={{ zIndex: 1300 }}
+        anchor={"right"}
+        open={props.rs !== undefined}
+        onClose={() => props.onClose()}
+    >
+        <Box width={"800px"} height={"100%"}>
+            <Suspense fallback={<Loading/>}>
+                <Content/>
+            </Suspense>
+        </Box>
+    </Drawer>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
new file mode 100644
index 000000000..8c23fb84e
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -0,0 +1,91 @@
+import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
+import { AccountTree, CleaningServices, CloudSync, Delete, Difference } from "@mui/icons-material";
+import React, { useEffect, useMemo, useState } from "react";
+import * as yaml from "js-yaml";
+import { CodeViewer } from "../CodeViewer";
+import Paper from "@mui/material/Paper";
+import { Box, IconButton, Tooltip, Typography } from "@mui/material";
+import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
+import { useNavigate } from "react-router";
+import { formatDurationShort } from "../../utils/duration";
+
+export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs?: CommandResultSummary) => void }) => {
+    const calcAgo = () => {
+        const t1 = new Date(props.rs.commandInfo.startTime)
+        const t2 = new Date()
+        const d = t2.getTime() - t1.getTime()
+        return formatDurationShort(d)
+    }
+
+    const navigate = useNavigate()
+    const [ago, setAgo] = useState(calcAgo())
+
+    let Icon = Difference
+    switch (props.rs.commandInfo?.command) {
+        case "delete":
+            Icon = Delete
+            break
+        case "deploy":
+            Icon = CloudSync
+            break
+        case "diff":
+            Icon = Difference
+            break
+        case "poke-images":
+            Icon = CloudSync
+            break
+        case "prune":
+            Icon = CleaningServices
+            break
+    }
+
+    const cmdInfoYaml = useMemo(() => {
+        return yaml.dump(props.rs.commandInfo)
+    }, [props.rs])
+    let iconTooltip = <CodeViewer code={cmdInfoYaml} language={"yaml"}/>
+
+    useEffect(() => {
+        const interval = setInterval(() => setAgo(calcAgo()), 5000);
+        return () => clearInterval(interval);
+    }, [])
+
+    return <Paper
+        elevation={5}
+        sx={{width: "100%", height: "100%"}}
+        onClick={e => props.onSelectCommandResult(props.rs)}
+    >
+        <Box display={"flex"} width={"100%"} height={"100%"}>
+            <Box display="flex" justifyContent="center" alignItems="center" m={1}>
+                <Box display="flex" flexDirection={"column"} alignItems={"center"}>
+                    <Tooltip title={iconTooltip}>
+                        <Icon fontSize={"large"}/>
+                    </Tooltip>
+                    <Tooltip title={props.rs.commandInfo.startTime}>
+                        <Typography fontSize={"10px"} color={"gray"} align={"center"}>{ago}</Typography>
+                    </Tooltip>
+                </Box>
+            </Box>
+            <Box display="flex" flexDirection={"column"} width={"100%"} m={1}>
+                <Typography variant={"h6"}>{props.rs.commandInfo?.command}</Typography>
+                <Box display={"flex"} marginTop={"auto"}>
+                    <Box width={"100%"}>
+                        <CommandResultStatusLine rs={props.rs}/>
+                    </Box>
+                    <Box marginLeft={"auto"} marginBottom={0}>
+                        <Box display={"flex"}>
+                            <IconButton onClick={e => {
+                                e.stopPropagation();
+                                navigate(`/results/${props.rs.id}`)
+
+                            }}>
+                                <Tooltip title={"Open Result Tree"}>
+                                    <AccountTree/>
+                                </Tooltip>
+                            </IconButton>
+                        </Box>
+                    </Box>
+                </Box>
+            </Box>
+        </Box>
+    </Paper>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
new file mode 100644
index 000000000..390fb9ee1
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/Projects.tsx
@@ -0,0 +1,50 @@
+import { ProjectSummary } from "../../models";
+import { getLastPathElement } from "../../utils/misc";
+import Paper from "@mui/material/Paper";
+import { Box, Typography } from "@mui/material";
+import React from "react";
+import Tooltip from "@mui/material/Tooltip";
+
+export const ProjectItem = (props: { ps: ProjectSummary }) => {
+    const name = getLastPathElement(props.ps.project.gitRepoKey)
+    const subDir = props.ps.project.subDir
+
+    const projectInfo = <Box>
+        {props.ps.project.gitRepoKey}<br/>
+        {props.ps.project.subDir ? <>
+            SubDir: {props.ps.project.subDir}<br/>
+        </> : <></>}
+    </Box>
+
+    return <Paper elevation={5} sx={{width: "100%", height: "100%"}}>
+        <Box display="flex" flexDirection={"column"} justifyContent={"space-between"} height={"100%"}>
+            <Box m={1}>
+                {name ?
+                    <Tooltip title={projectInfo}>
+                        <Typography
+                            variant={"h6"}
+                            textAlign={"center"}
+                            textOverflow={"ellipsis"}
+                            overflow={"hidden"}
+                            whiteSpace={"nowrap"}
+                        >
+                            {name}
+                        </Typography>
+                    </Tooltip>
+                    : <></>}
+            </Box>
+            <Box>
+                {subDir ?
+                    <Typography textAlign={"center"}>{subDir}</Typography>
+                    : <></>}
+            </Box>
+            <Box marginTop={"auto"}>
+                <Box display={"flex"}>
+                    <Box marginLeft={"auto"}>
+                        {/*<ActionsMenu menuItems={actionMenuItems}/>*/}
+                    </Box>
+                </Box>
+            </Box>
+        </Box>
+    </Paper>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
new file mode 100644
index 000000000..6c76ebbc4
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
@@ -0,0 +1,108 @@
+import { TargetSummary } from "../../models";
+import { Box, Drawer } from "@mui/material";
+import { SidePanel, SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
+import React from "react";
+import { PropertiesTable } from "../PropertiesTable";
+import { DiffStatus } from "../result-view/nodes/NodeData";
+import { ChangesTable } from "../result-view/ChangesTable";
+import { ErrorsTable } from "../ErrorsTable";
+
+class MyProvider implements SidePanelProvider {
+    private ts?: TargetSummary;
+    private diffStatus: DiffStatus;
+
+    constructor(ts?: TargetSummary) {
+        this.ts = ts
+        this.diffStatus = new DiffStatus()
+
+        this.ts?.lastValidateResult?.drift?.forEach(co => {
+            this.diffStatus.addChangedObject(co)
+        })
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        if (!this.ts) {
+            return []
+        }
+
+        const tabs = [
+            {label: "Summary", content: this.buildSummaryTab()}
+        ]
+
+        if (this.ts.target)
+
+        if (this.diffStatus.changedObjects.length) {
+            tabs.push({
+                label: "Drift",
+                content: <ChangesTable diffStatus={this.diffStatus}/>
+            })
+        }
+        if (this.ts.lastValidateResult?.errors?.length) {
+            tabs.push({
+                label: "Errors",
+                content: <ErrorsTable errors={this.ts.lastValidateResult.errors}/>
+            })
+        }
+        if (this.ts.lastValidateResult?.warnings?.length) {
+            tabs.push({
+                label: "Warnings",
+                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings}/>
+            })
+        }
+
+        return tabs
+    }
+
+    buildSummaryTab(): React.ReactNode {
+        const props = [
+            {name: "Target Name", value: this.getTargetName()},
+            {name: "Discriminator", value: this.ts?.target.discriminator},
+        ]
+
+        if (this.ts?.lastValidateResult) {
+            props.push({name: "Ready", value: this.ts.lastValidateResult.ready + ""})
+        }
+        if (this.ts?.lastValidateResult?.errors?.length) {
+            props.push({name: "Errors", value: this.ts.lastValidateResult.errors.length + ""})
+        }
+        if (this.ts?.lastValidateResult?.warnings?.length) {
+            props.push({name: "Warnings", value: this.ts.lastValidateResult.warnings.length + ""})
+        }
+        if (this.ts?.lastValidateResult?.drift?.length) {
+            props.push({name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + ""})
+        }
+
+        return <>
+            <PropertiesTable properties={props}/>
+        </>
+    }
+
+    getTargetName() {
+        if (!this.ts) {
+            return ""
+        }
+
+        let name = "<no-name>"
+        if (this.ts.target.targetName) {
+            name = this.ts.target.targetName
+        }
+        return name
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return this.getTargetName()
+    }
+}
+
+export const TargetDetailsDrawer = (props: { ts?: TargetSummary, onClose: () => void }) => {
+    return <Drawer
+        sx={{ zIndex: 1300 }}
+        anchor={"right"}
+        open={props.ts !== undefined}
+        onClose={() => props.onClose()}
+    >
+        <Box width={"800px"} height={"100%"}>
+            <SidePanel provider={new MyProvider(props.ts)}/>
+        </Box>
+    </Drawer>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
new file mode 100644
index 000000000..b7b99849f
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -0,0 +1,147 @@
+import { ProjectSummary, TargetSummary } from "../../models";
+import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
+import Paper from "@mui/material/Paper";
+import { Box, Typography } from "@mui/material";
+import React from "react";
+import { Jdenticon } from "../Jdenticon";
+import Tooltip from "@mui/material/Tooltip";
+import { Favorite, Fingerprint, HeartBroken, PublishedWithChanges, QuestionMark } from "@mui/icons-material";
+import { api } from "../../api";
+
+const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
+    let icon: React.ReactElement
+
+    if (props.ts.lastValidateResult === undefined) {
+        icon = <QuestionMark color={"error"}/>
+    } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
+        if (props.ts.lastValidateResult.warnings?.length) {
+            icon = <Favorite color={"warning"}/>
+        } else if (props.ts.lastValidateResult.drift?.length) {
+            icon = <Favorite color={"primary"}/>
+        } else {
+            icon = <Favorite color={"success"}/>
+        }
+    } else {
+        icon = <HeartBroken color={"error"}/>
+    }
+
+    const tooltip: string[] = []
+    if (props.ts.lastValidateResult === undefined) {
+        tooltip.push("No validation result available.")
+    } else {
+        if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors?.length) {
+            tooltip.push("Target is ready.")
+        } else {
+            tooltip.push("Target is not ready.")
+        }
+        if (props.ts.lastValidateResult.errors?.length) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.errors.length} validation errors.`)
+        }
+        if (props.ts.lastValidateResult.warnings?.length) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.warnings.length} validation warnings.`)
+        }
+        if (props.ts.lastValidateResult.drift?.length) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
+        }
+    }
+
+    return <Tooltip title={tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}>
+        {icon}
+    </Tooltip>
+}
+
+export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSelectTarget: (ts?: TargetSummary) => void }) => {
+    const actionMenuItems: ActionMenuItem[] = []
+
+    actionMenuItems.push({
+        icon: <PublishedWithChanges/>,
+        text: "Validate now",
+        handler: () => {
+            api.validateNow(props.ps.project, props.ts.target)
+        }
+    })
+
+    const allContexts: string[] = []
+
+    const handleContext = (c?: string) => {
+        if (!c) {
+            return
+        }
+        if (allContexts.find(x => x === c)) {
+            return
+        }
+        allContexts.push(c)
+    }
+
+    props.ts.commandResults?.forEach(rs => {
+        handleContext(rs.commandInfo.contextOverride)
+        handleContext(rs.target.context)
+    })
+
+    const contextTooltip = <Box textAlign={"center"}>
+        <Typography>All known contexts:</Typography>
+        {allContexts.map((context, i) => (
+            <Typography key={i}>{context}</Typography>
+        ))}
+    </Box>
+
+    let targetName = props.ts.target.targetName
+    if (!targetName) {
+        targetName = "<no-name>"
+    }
+
+    return <Paper
+        elevation={5}
+        sx={{ width: "100%", height: "100%" }}
+        onClick={e => props.onSelectTarget(props.ts)}
+    >
+        <Box display="flex" flexDirection={"column"} justifyContent={"space-between"} height={"100%"}>
+            <Box p={1} paddingBottom={0}>
+                <Typography
+                    variant={"subtitle2"}
+                    textAlign={"center"}
+                    textOverflow={"ellipsis"}
+                    overflow={"hidden"}
+                    whiteSpace={"nowrap"}
+                >
+                    {targetName}
+                </Typography>
+                {allContexts.length ?
+                    <Tooltip title={contextTooltip}>
+                        <Typography
+                            variant={"subtitle1"}
+                            textAlign={"center"}
+                            textOverflow={"ellipsis"}
+                            overflow={"hidden"}
+                            whiteSpace={"nowrap"}
+                            fontSize={"10px"}
+                        >
+                            {allContexts[0]}
+                        </Typography>
+
+                    </Tooltip>
+                    : <></>}
+            </Box>
+            <Box>
+                <Box display={"flex"} alignItems={"center"}>
+                    <Box display={"flex"} width={"100%"}>
+                        <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
+                            <div>
+                                <Jdenticon value={props.ts.target.clusterId} size={"24px"}/>
+                            </div>
+                        </Tooltip>
+                        <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
+                            <div>
+                                <Fingerprint/>
+                            </div>
+                        </Tooltip>
+                    </Box>
+                    <StatusIcon {...props}/>
+                    <Box marginLeft={"auto"} alignItems={"center"}>
+                        <ActionsMenu menuItems={actionMenuItems}/>
+                    </Box>
+                </Box>
+            </Box>
+        </Box>
+    </Paper>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
new file mode 100644
index 000000000..581d8ce82
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -0,0 +1,96 @@
+import { useLoaderData } from "react-router-dom";
+import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
+import { Box, Typography } from "@mui/material";
+import React, { useEffect, useState } from "react";
+import { useAppOutletContext } from "../App";
+import { api } from "../../api";
+import { ProjectItem } from "./Projects";
+import { TargetItem } from "./Targets";
+import Divider from "@mui/material/Divider";
+import { CommandResultItem } from "./CommandResultItem";
+import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
+import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
+
+const targetWidth = "220px"
+const targetHeight = "110px"
+
+export async function projectsLoader() {
+    const projects = await api.listProjects()
+    return projects
+}
+
+export const TargetsView = () => {
+    const context = useAppOutletContext()
+    const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary>()
+    const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary>()
+
+    const projects = useLoaderData() as ProjectSummary[];
+
+    useEffect(() => {
+        context.setFilters(undefined)
+    })
+
+    const doSetSelectedCommandResult = (rs?: CommandResultSummary) => {
+        setSelectedCommandResult(rs)
+        setSelectedTargetSummary(undefined)
+    }
+    const doSetSelectedTargetSummary = (ts?: TargetSummary) => {
+        setSelectedCommandResult(undefined)
+        setSelectedTargetSummary(ts)
+    }
+
+    return <Box width={"max-content"}>
+        <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)}/>
+        <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)}/>
+        <Box display={"flex"} alignItems={"center"} p={1}>
+            <Box minWidth={targetWidth} width={targetWidth}>
+                <Typography variant={"h6"} textAlign={"center"}>Projects</Typography>
+            </Box>
+            <Box minWidth={"20px"}/>
+            <Box minWidth={targetWidth} width={targetWidth}>
+                <Typography variant={"h6"} textAlign={"center"}>Targets</Typography>
+            </Box>
+            <Box minWidth={"20px"}/>
+            <Box minWidth={targetWidth} width={targetWidth}>
+                <Typography variant={"h6"} textAlign={"center"}>History</Typography>
+            </Box>
+        </Box>
+        <Divider/>
+        {projects.map((ps, i) => {
+            return <Box key={i}>
+                <Box display={"flex"} alignItems={"center"} p={1}>
+                    <Box minWidth={targetWidth} width={targetWidth}>
+                        <Box display={"flex"} minWidth={"220px"} height={targetHeight} p={1}>
+                            <ProjectItem ps={ps}/>
+                        </Box>
+                    </Box>
+                    <Box minWidth={"20px"}/>
+
+                    <Box minWidth={targetWidth} width={targetWidth}>
+                        {ps.targets.map((ts, i) => {
+                            return <Box key={i} display={"flex"} height={targetHeight} p={1}>
+                                <TargetItem ps={ps} ts={ts}
+                                            onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)}/>
+                            </Box>
+                        })}
+                    </Box>
+                    <Box minWidth={"20px"}/>
+
+                    <Box>
+                        {ps.targets.map((ts, i) => {
+                            return <Box key={i} display={"flex"} height={targetHeight} paddingY={1}>
+                                {ts.commandResults?.map((rs, i) => {
+                                    return <Box key={i} height={"100%"} paddingX={1}>
+                                        <CommandResultItem ps={ps} ts={ts} rs={rs}
+                                                           onSelectCommandResult={(rs) => doSetSelectedCommandResult(rs)}/>
+                                    </Box>
+                                })}
+                            </Box>
+                        })}
+                    </Box>
+                </Box>
+                <Divider/>
+            </Box>
+        })}
+    </Box>
+}
diff --git a/pkg/webui/ui/src/icons/GitIcon.tsx b/pkg/webui/ui/src/icons/GitIcon.tsx
new file mode 100644
index 000000000..6948ffe5a
--- /dev/null
+++ b/pkg/webui/ui/src/icons/GitIcon.tsx
@@ -0,0 +1,6 @@
+import { ReactComponent as GitIconSvg } from './git.svg';
+import React from "react";
+
+export const GitIcon = () => {
+    return <GitIconSvg width={"35px"} height={"35px"}/>
+}
diff --git a/pkg/webui/ui/src/icons/KluctlLogo.tsx b/pkg/webui/ui/src/icons/KluctlLogo.tsx
new file mode 100644
index 000000000..b89f71f95
--- /dev/null
+++ b/pkg/webui/ui/src/icons/KluctlLogo.tsx
@@ -0,0 +1,6 @@
+import { ReactComponent as KluctlLogoSvg } from './kluctl-logo.svg';
+import React from "react";
+
+export const KluctlLogo = () => {
+    return <KluctlLogoSvg width={"200px"} height={"56px"}/>
+}
diff --git a/pkg/webui/ui/src/icons/git.svg b/pkg/webui/ui/src/icons/git.svg
new file mode 100644
index 000000000..6b6a26a2b
--- /dev/null
+++ b/pkg/webui/ui/src/icons/git.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="92pt" height="92pt" viewBox="0 0 92 92"><defs><clipPath id="a"><path d="M0 .113h91.887V92H0Zm0 0"/></clipPath></defs><g clip-path="url(#a)"><path style="stroke:none;fill-rule:nonzero;fill:#100f0d;fill-opacity:1" d="M90.156 41.965 50.036 1.848a5.913 5.913 0 0 0-8.368 0l-8.332 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.043 7.043 0 0 1 1.673 7.277l10.183 10.184a7.026 7.026 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.045 7.045 0 0 1-9.961 0 7.038 7.038 0 0 1-1.532-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.034 7.034 0 0 1 2.308-1.539V33.926a7.001 7.001 0 0 1-2.308-1.535 7.049 7.049 0 0 1-1.516-7.7L29.242 14.273 1.734 41.777a5.918 5.918 0 0 0 0 8.371L41.855 90.27a5.92 5.92 0 0 0 8.368 0l39.933-39.934a5.925 5.925 0 0 0 0-8.371"/></g></svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/src/icons/kluctl-logo.svg b/pkg/webui/ui/src/icons/kluctl-logo.svg
new file mode 100644
index 000000000..d61023e05
--- /dev/null
+++ b/pkg/webui/ui/src/icons/kluctl-logo.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><svg id="a" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2139.382 599.108"><defs><style>.b{fill:#fff;}.c{fill:#3f4443;}.d{fill:#51a684;}</style></defs><g><polygon class="c" points="1013.888 211.273 943.794 211.273 820.298 348.297 820.298 116.407 764.435 116.407 764.174 495.861 820.298 495.861 820.298 358.837 939.408 495.861 1014.245 495.861 884.07 353.567 1013.888 211.273"/><rect class="c" x="1066.445" y="115.736" width="55.073" height="380.124"/><path class="c" d="M1948.135,115.341h-55.338v95.932h-54.542v44.27h54.542v128.328c0,15.46,.221,29.293,.66,41.501,.436,12.214,3.732,24.201,9.88,35.972,6.856,13.174,17.042,22.836,30.573,28.984,13.524,6.148,28.892,9.486,46.115,10.01,17.209,.531,34.778-.966,52.702-4.477v-46.639c-18.628,2.637-34.833,3.209-48.623,1.712-13.793-1.487-23.843-7.679-30.168-18.577-3.341-5.801-5.144-12.912-5.407-21.343-.261-8.434-.394-18.359-.394-29.777v-125.694h84.592v-44.27h-84.592V115.341Z"/><rect class="c" x="2084.312" y="115.736" width="55.07" height="380.124"/><path class="c" d="M1643.317,268.059c11.591-8.523,26.432-12.785,44.529-12.785,15.984,0,30.175,4.443,42.556,13.313,12.388,8.873,21.302,21.302,26.749,37.286l54.811-15.81c-7.03-26.882-21.571-48.044-43.611-63.504-22.05-15.463-48.619-23.19-79.715-23.19-28.811,0-53.491,6.41-74.044,19.237-16.498,10.295-29.794,23.881-40.178,40.453l-.156-.193s-6.753,12.861-26.657,17.45c-24.37,3.3-46.407,3.33-65.198,1.885-43.219-6.529-50.418-43.825-51.354-61.541v-9.386h-58.543v148.088c0,16.868-1.888,31.193-5.665,42.957-3.777,11.768-8.961,21.254-15.549,28.46-6.587,7.206-14.272,12.429-23.057,15.678-8.785,3.249-18.097,4.872-27.933,4.872-15.11,0-27.361-3.072-36.755-9.224-9.404-6.144-16.695-14.229-21.874-24.238-5.182-10.016-8.699-20.862-10.54-32.542-1.844-11.684-2.77-23.058-2.77-34.128V211.272h-55.862v158.104c0,8.788,.793,18.972,2.372,30.566,1.582,11.598,4.566,23.455,8.961,35.575,4.386,12.119,10.754,23.319,19.104,33.598,8.339,10.278,19.186,18.579,32.543,24.904,13.343,6.322,29.862,9.486,49.538,9.486,25.65,0,47.52-5.533,65.616-16.603,11.15-6.822,20.506-15.501,28.46-25.629v34.591h51.953v-44.781c.908-3.477,5.917-15.151,31.591-20.461,19.417-3.427,44.274-3.987,74.187,2.643,15.511,3.437,29.94,10.411,41.913,20.849,4.056,3.535,8.455,7.329,13.139,12.299,6.55,6.628,13.623,12.728,21.659,17.852,20.376,13,45.148,19.502,74.309,19.502,30.569,0,56.566-7.42,78.001-22.264,21.431-14.841,36.798-36.143,46.115-63.899l-55.866-13.177c-5.794,15.28-14.191,27.011-25.163,35.176-10.983,8.169-25.341,12.255-43.087,12.255-26,0-45.631-9.046-58.893-27.143-13.265-18.09-19.985-41.808-20.162-71.149,.177-18.967,3.072-35.837,8.699-50.592,5.62-14.759,14.232-26.392,25.827-34.914Zm-192.318,37.367c14.797,2.671,33.227,4.808,54.505,4.808,10.976,0,22.717-.592,35.071-1.943,.347-.004,.697-.007,.84,.038,.626,.184,1.834,1.82-4.181,4.59-10.414,3.409-24.653,5.719-44.632,5.719-19.427,0-32.696-3.81-41.814-9.074-1.306-.963-2.436-2.096-2.307-3.246,.088-.816,1.31-.956,2.517-.892Zm80.75,27.354c-6.999,4.532-16.835,8.125-31.002,9.577-13.776,1.412-23.619-1.851-30.682-7.019-1.034-.976-1.963-2.15-2.004-3.433-.027-.915,.824-1.157,1.684-1.173,10.799,1.888,24.109,2.919,39.198,1.375,7.785-.796,16.045-2.303,24.649-4.699,.249-.03,.497-.058,.599-.02,.466,.156,1.507,1.885-2.443,5.392Zm1.987,67.516c-29.838-5.552-55.382-4.661-76.171-.905-3.708,.088-7.247-.977-7.247-3.117,0-1.3,1.296-2.647,2.667-3.759,16.12-10.289,36.201-11.221,44.029-11.221,17.042,0,30.155,3.631,40.287,9.067l-.024,.034s5.699,3.603,4.78,6.26c-.877,2.538-2.708,4.311-8.322,3.641Z"/></g><path class="d" d="M571.593,316.392c-8.727-2.476-17.504-2.709-25.758-1.089-54.422,10.683-108.39,3.741-135.825-1.374-10.448-1.948-18.316-10.12-20.628-20.494-.047-.213-.096-.426-.145-.638-2.389-10.345,1.056-21.148,9.617-27.427,21.392-15.688,64.618-43.451,121.836-60.157,13.114-3.829,25.688-11.424,33.96-26.243,9.591-17.182,9.61-38.682-.614-55.496-17.636-29.003-55.949-35.146-81.607-14.678-6.389,5.097-11.387,11.303-14.804,18.171-24.26,48.756-64.065,86.797-85.497,105.04-8.064,6.864-19.299,7.853-28.818,3.213-.219-.107-.438-.213-.658-.317-9.578-4.568-15.778-14.035-15.381-24.639,1.059-28.284,6.205-83.429,28.9-132.762,3.466-7.534,5.093-16.051,4.685-24.97-1.239-27.077-21.056-48.732-47.953-52.089-33.6-4.193-62.201,21.895-62.201,54.662,0,7.152,1.331,13.997,3.843,20.254,24.153,60.159,29.356,109.21,30.187,134.75,.344,10.591-5.796,20.098-15.383,24.612-.269,.127-.537,.254-.804,.384-9.631,4.658-20.983,3.6-29.055-3.42-21.761-18.927-62.404-58.175-85.782-105.183-3.673-7.385-9.311-13.919-16.485-19.147-21.817-15.9-51.012-14.075-70.456,4.653-24.532,23.63-22.048,62.479,3.672,82.989,6.39,5.096,13.541,8.637,21.008,10.392,52.608,12.368,98.8,43.003,121.433,59.964,8.461,6.34,11.914,17.053,9.523,27.352-.063,.27-.124,.541-.184,.812-2.296,10.35-10.141,18.503-20.556,20.485-27.642,5.26-82.171,12.469-135.877,1.343-8.142-1.687-16.828-1.391-25.456,1.009-26.17,7.28-42.836,31.511-40.022,58.529,3.498,33.576,35.233,55.549,67.115,48.271,6.973-1.592,13.388-4.361,18.892-8.255,51.592-36.507,99.72-52.772,124.95-59.402,10.167-2.672,20.687,1.349,27.174,9.622,.188,.24,.377,.479,.568,.716,6.659,8.308,8.139,19.561,3.143,28.963-13.417,25.252-42.326,73.24-83.534,107.028-6.384,5.234-11.507,12.189-15.008,20.355-10.643,24.83-2.335,52.895,20.283,67.667,28.49,18.607,65.773,7.533,80.034-22.087,3.546-7.364,5.456-15.123,5.456-22.794,0-52.077,19.989-105.228,31.562-131.637,4.206-9.598,13.749-15.564,24.227-15.436,.608,.007,1.217,.01,1.827,.007,10.32-.051,19.642,6.027,23.778,15.482,11.145,25.477,29.986,76.37,31.514,132.131,.23,8.378,2.425,16.849,6.751,24.78,13.093,24.003,40.677,34.691,66.462,25.597,31.537-11.123,45.63-46.69,31.527-75.968-3.104-6.443-7.236-12.074-12.251-16.579-47.763-42.902-73.997-85.72-85.849-108.606-4.811-9.291-3.216-20.394,3.374-28.52,.291-.359,.579-.72,.865-1.084,6.496-8.281,17.034-12.306,27.209-9.616,25.153,6.65,73.095,22.92,124.943,59.344,5.517,3.876,11.92,6.661,18.893,8.252,30.183,6.885,60.23-12.446,66.311-43.013,5.513-27.718-11.746-55.991-38.934-63.706Z"/><path class="b" d="M581.392,337.87c-2.696-1.955-6.605-4.242-9.18-5.403,0,0-10.865-5.984-29.506-1.554,0,0-18.892,3.472-33.01,4.11,0,0,1.405,6.542,17.976,7.057,15.273,.475,26.975-5.935,41.02,3.802,.49,.362,.952,.713,1.462,1.083,.191,.139,.373,.293,.561,.436,.471,.374,.938,.722,1.415,1.134,7.851,6.678,12.874,16.641,15.904,13.878,4.647-4.237,2.357-18.017-6.643-24.543Z"/><path class="b" d="M544.736,138.609c-1.894-4.674-3.642-8.048-6.09-11.079,0,0-8.412-14.335-29.328-15.642-21.663-1.354-33.236,14.063-33.236,14.063,0,0,12.009-4.987,24.894-4.666,14.756,.368,26.593,12.207,28.378,26.86,1.192,9.787,1.665,18.269,7.599,18.269,10.665,0,12.392-16.437,7.783-27.805Z"/><path class="b" d="M336.667,29.013c-1.564-1.657-13.864-17.164-37.979-13.461-2.21,.339-4.385,.949-6.479,1.733-2.592,.971-6.056,2.519-9.222,4.751,0,0,30.886-3.756,40.193,17.658,0,0,7.852,21.643,17.385,18.788,.304-.015,.609-.085,.916-.275,5.818-3.587,3.48-20.406-4.815-29.195Z"/><path class="b" d="M110.314,129.318c-9.788-5.176-2.627-19.844,7.512-15.395,1.926,.845,7.488,3.231,9.337,4.56,18.592,13.363,7.088,14.06,41.217,59.228,0,0-16.177-4.929-41.275-34.79-4.599-5.472-10.104-10.069-16.423-13.409l-.367-.194Z"/><path class="b" d="M457.24,541.329c-.117-3.196,1.095-16.089-17.835-31.753,0,0-13.808-12.864-21.959-21.655,0,0-4.803,4.056,4.615,16.893,8.681,11.833,20.454,16.888,21.402,33.273,.016,.585,.024,1.144,.046,1.748,.009,.229,0,.459,.002,.688-.004,.576,.01,1.134-.02,1.737-.404,9.89-4.966,19.586-1.083,20.242,5.954,1.006,15.222-10.504,14.831-21.174Z"/></svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/src/index.css b/pkg/webui/ui/src/index.css
new file mode 100644
index 000000000..63775a2e6
--- /dev/null
+++ b/pkg/webui/ui/src/index.css
@@ -0,0 +1,25 @@
+body {
+    margin: 0;
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen',
+    'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue',
+    sans-serif;
+    -webkit-font-smoothing: antialiased;
+    -moz-osx-font-smoothing: grayscale;
+}
+
+code {
+    font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
+    monospace;
+}
+
+* {
+    box-sizing: border-box;
+}
+
+html, body, #root {
+    width: 100%;
+    height: 100%;
+    margin: 0;
+    padding: 0;
+    font-family: sans-serif;
+}
diff --git a/pkg/webui/ui/src/index.tsx b/pkg/webui/ui/src/index.tsx
new file mode 100644
index 000000000..f7e132268
--- /dev/null
+++ b/pkg/webui/ui/src/index.tsx
@@ -0,0 +1,27 @@
+import React from 'react';
+import ReactDOM from 'react-dom/client';
+import { RouterProvider } from "react-router-dom";
+
+import './index.css';
+import reportWebVitals from './reportWebVitals';
+
+import '@fontsource/roboto/300.css';
+import '@fontsource/roboto/400.css';
+import '@fontsource/roboto/500.css';
+import '@fontsource/roboto/700.css';
+
+import { Router } from "./components/Router";
+
+const root = ReactDOM.createRoot(
+    document.getElementById('root') as HTMLElement
+);
+root.render(
+    <React.StrictMode>
+        <RouterProvider router={Router}/>
+    </React.StrictMode>
+);
+
+// If you want to start measuring performance in your app, pass a function
+// to log results (for example: reportWebVitals(console.log))
+// or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals
+reportWebVitals();
diff --git a/pkg/webui/ui/src/loadscript.ts b/pkg/webui/ui/src/loadscript.ts
new file mode 100644
index 000000000..e8db35596
--- /dev/null
+++ b/pkg/webui/ui/src/loadscript.ts
@@ -0,0 +1,35 @@
+const loadedScripts = new Map<string, any>()
+
+export const loadScript = (fileUrl: string, async = true, type = "text/javascript") => {
+    if (loadedScripts.has(fileUrl)) {
+        return loadedScripts.get(fileUrl)
+    }
+
+    const p = new Promise((resolve, reject) => {
+        try {
+            const scriptEle = document.createElement("script");
+            scriptEle.type = type;
+            scriptEle.async = async;
+            scriptEle.src = fileUrl;
+
+            scriptEle.addEventListener("load", (ev) => {
+                resolve({ status: true });
+            });
+
+            scriptEle.addEventListener("error", (ev) => {
+                reject({
+                    status: false,
+                    message: `Failed to load the script ＄{FILE_URL}`
+                });
+            });
+
+            document.body.appendChild(scriptEle);
+        } catch (error) {
+            reject(error);
+        }
+    });
+
+    loadedScripts.set(fileUrl, p)
+
+    return p
+};
diff --git a/pkg/webui/ui/src/logo.svg b/pkg/webui/ui/src/logo.svg
new file mode 100644
index 000000000..9dfc1c058
--- /dev/null
+++ b/pkg/webui/ui/src/logo.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 841.9 595.3"><g fill="#61DAFB"><path d="M666.3 296.5c0-32.5-40.7-63.3-103.1-82.4 14.4-63.6 8-114.2-20.2-130.4-6.5-3.8-14.1-5.6-22.4-5.6v22.3c4.6 0 8.3.9 11.4 2.6 13.6 7.8 19.5 37.5 14.9 75.7-1.1 9.4-2.9 19.3-5.1 29.4-19.6-4.8-41-8.5-63.5-10.9-13.5-18.5-27.5-35.3-41.6-50 32.6-30.3 63.2-46.9 84-46.9V78c-27.5 0-63.5 19.6-99.9 53.6-36.4-33.8-72.4-53.2-99.9-53.2v22.3c20.7 0 51.4 16.5 84 46.6-14 14.7-28 31.4-41.3 49.9-22.6 2.4-44 6.1-63.6 11-2.3-10-4-19.7-5.2-29-4.7-38.2 1.1-67.9 14.6-75.8 3-1.8 6.9-2.6 11.5-2.6V78.5c-8.4 0-16 1.8-22.6 5.6-28.1 16.2-34.4 66.7-19.9 130.1-62.2 19.2-102.7 49.9-102.7 82.3 0 32.5 40.7 63.3 103.1 82.4-14.4 63.6-8 114.2 20.2 130.4 6.5 3.8 14.1 5.6 22.5 5.6 27.5 0 63.5-19.6 99.9-53.6 36.4 33.8 72.4 53.2 99.9 53.2 8.4 0 16-1.8 22.6-5.6 28.1-16.2 34.4-66.7 19.9-130.1 62-19.1 102.5-49.9 102.5-82.3zm-130.2-66.7c-3.7 12.9-8.3 26.2-13.5 39.5-4.1-8-8.4-16-13.1-24-4.6-8-9.5-15.8-14.4-23.4 14.2 2.1 27.9 4.7 41 7.9zm-45.8 106.5c-7.8 13.5-15.8 26.3-24.1 38.2-14.9 1.3-30 2-45.2 2-15.1 0-30.2-.7-45-1.9-8.3-11.9-16.4-24.6-24.2-38-7.6-13.1-14.5-26.4-20.8-39.8 6.2-13.4 13.2-26.8 20.7-39.9 7.8-13.5 15.8-26.3 24.1-38.2 14.9-1.3 30-2 45.2-2 15.1 0 30.2.7 45 1.9 8.3 11.9 16.4 24.6 24.2 38 7.6 13.1 14.5 26.4 20.8 39.8-6.3 13.4-13.2 26.8-20.7 39.9zm32.3-13c5.4 13.4 10 26.8 13.8 39.8-13.1 3.2-26.9 5.9-41.2 8 4.9-7.7 9.8-15.6 14.4-23.7 4.6-8 8.9-16.1 13-24.1zM421.2 430c-9.3-9.6-18.6-20.3-27.8-32 9 .4 18.2.7 27.5.7 9.4 0 18.7-.2 27.8-.7-9 11.7-18.3 22.4-27.5 32zm-74.4-58.9c-14.2-2.1-27.9-4.7-41-7.9 3.7-12.9 8.3-26.2 13.5-39.5 4.1 8 8.4 16 13.1 24 4.7 8 9.5 15.8 14.4 23.4zM420.7 163c9.3 9.6 18.6 20.3 27.8 32-9-.4-18.2-.7-27.5-.7-9.4 0-18.7.2-27.8.7 9-11.7 18.3-22.4 27.5-32zm-74 58.9c-4.9 7.7-9.8 15.6-14.4 23.7-4.6 8-8.9 16-13 24-5.4-13.4-10-26.8-13.8-39.8 13.1-3.1 26.9-5.8 41.2-7.9zm-90.5 125.2c-35.4-15.1-58.3-34.9-58.3-50.6 0-15.7 22.9-35.6 58.3-50.6 8.6-3.7 18-7 27.7-10.1 5.7 19.6 13.2 40 22.5 60.9-9.2 20.8-16.6 41.1-22.2 60.6-9.9-3.1-19.3-6.5-28-10.2zM310 490c-13.6-7.8-19.5-37.5-14.9-75.7 1.1-9.4 2.9-19.3 5.1-29.4 19.6 4.8 41 8.5 63.5 10.9 13.5 18.5 27.5 35.3 41.6 50-32.6 30.3-63.2 46.9-84 46.9-4.5-.1-8.3-1-11.3-2.7zm237.2-76.2c4.7 38.2-1.1 67.9-14.6 75.8-3 1.8-6.9 2.6-11.5 2.6-20.7 0-51.4-16.5-84-46.6 14-14.7 28-31.4 41.3-49.9 22.6-2.4 44-6.1 63.6-11 2.3 10.1 4.1 19.8 5.2 29.1zm38.5-66.7c-8.6 3.7-18 7-27.7 10.1-5.7-19.6-13.2-40-22.5-60.9 9.2-20.8 16.6-41.1 22.2-60.6 9.9 3.1 19.3 6.5 28.1 10.2 35.4 15.1 58.3 34.9 58.3 50.6-.1 15.7-23 35.6-58.4 50.6zM320.8 78.4z"/><circle cx="420.9" cy="296.5" r="45.7"/><path d="M520.5 78.1z"/></g></svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
new file mode 100644
index 000000000..2aa413ce5
--- /dev/null
+++ b/pkg/webui/ui/src/models.ts
@@ -0,0 +1,900 @@
+/* Do not change, this code is generated from Golang structs */
+
+
+export class DeploymentError {
+    ref: ObjectRef;
+    message: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.message = source["message"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class Change {
+    type: string;
+    jsonPath: string;
+    oldValue?: any;
+    newValue?: any;
+    unifiedDiff?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.type = source["type"];
+        this.jsonPath = source["jsonPath"];
+        this.oldValue = source["oldValue"];
+        this.newValue = source["newValue"];
+        this.unifiedDiff = source["unifiedDiff"];
+    }
+}
+export class ResultObject {
+    ref: ObjectRef;
+    changes?: Change[];
+    new?: boolean;
+    orphan?: boolean;
+    deleted?: boolean;
+    hook?: boolean;
+    rendered?: any;
+    remote?: any;
+    applied?: any;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.changes = this.convertValues(source["changes"], Change);
+        this.new = source["new"];
+        this.orphan = source["orphan"];
+        this.deleted = source["deleted"];
+        this.hook = source["hook"];
+        this.rendered = source["rendered"];
+        this.remote = source["remote"];
+        this.applied = source["applied"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class IgnoreForDiffItemConfig {
+    fieldPath?: string[];
+    fieldPathRegex?: string[];
+    group?: string;
+    kind?: string;
+    name?: string;
+    namespace?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.fieldPath = source["fieldPath"];
+        this.fieldPathRegex = source["fieldPathRegex"];
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+    }
+}
+export class HelmChartConfig {
+    repo?: string;
+    path?: string;
+    credentialsId?: string;
+    chartName?: string;
+    chartVersion?: string;
+    updateConstraints?: string;
+    releaseName: string;
+    namespace?: string;
+    output?: string;
+    skipCRDs?: boolean;
+    skipUpdate?: boolean;
+    skipPrePull?: boolean;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.repo = source["repo"];
+        this.path = source["path"];
+        this.credentialsId = source["credentialsId"];
+        this.chartName = source["chartName"];
+        this.chartVersion = source["chartVersion"];
+        this.updateConstraints = source["updateConstraints"];
+        this.releaseName = source["releaseName"];
+        this.namespace = source["namespace"];
+        this.output = source["output"];
+        this.skipCRDs = source["skipCRDs"];
+        this.skipUpdate = source["skipUpdate"];
+        this.skipPrePull = source["skipPrePull"];
+    }
+}
+export class DeleteObjectItemConfig {
+    group?: string;
+    kind?: string;
+    name: string;
+    namespace?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+    }
+}
+export class GitProject {
+    url: string;
+    ref?: string;
+    subDir?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.ref = source["ref"];
+        this.subDir = source["subDir"];
+    }
+}
+export class DeploymentItemConfig {
+    path?: string;
+    include?: string;
+    git?: GitProject;
+    tags?: string[];
+    barrier?: boolean;
+    message?: string;
+    waitReadiness?: boolean;
+    vars?: VarsSource[];
+    skipDeleteIfTags?: boolean;
+    onlyRender?: boolean;
+    alwaysDeploy?: boolean;
+    deleteObjects?: DeleteObjectItemConfig[];
+    when?: string;
+    renderedHelmChartConfig?: HelmChartConfig;
+    renderedObjects?: ObjectRef[];
+    renderedInclude?: DeploymentProjectConfig;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.path = source["path"];
+        this.include = source["include"];
+        this.git = this.convertValues(source["git"], GitProject);
+        this.tags = source["tags"];
+        this.barrier = source["barrier"];
+        this.message = source["message"];
+        this.waitReadiness = source["waitReadiness"];
+        this.vars = this.convertValues(source["vars"], VarsSource);
+        this.skipDeleteIfTags = source["skipDeleteIfTags"];
+        this.onlyRender = source["onlyRender"];
+        this.alwaysDeploy = source["alwaysDeploy"];
+        this.deleteObjects = this.convertValues(source["deleteObjects"], DeleteObjectItemConfig);
+        this.when = source["when"];
+        this.renderedHelmChartConfig = this.convertValues(source["renderedHelmChartConfig"], HelmChartConfig);
+        this.renderedObjects = this.convertValues(source["renderedObjects"], ObjectRef);
+        this.renderedInclude = this.convertValues(source["renderedInclude"], DeploymentProjectConfig);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class SealedSecretsConfig {
+    outputPattern?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.outputPattern = source["outputPattern"];
+    }
+}
+export class VarsSourceVault {
+    address: string;
+    path: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.address = source["address"];
+        this.path = source["path"];
+    }
+}
+export class VarsSourceAwsSecretsManager {
+    secretName: string;
+    region?: string;
+    profile?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.secretName = source["secretName"];
+        this.region = source["region"];
+        this.profile = source["profile"];
+    }
+}
+export class VarsSourceHttp {
+    url?: string;
+    method?: string;
+    body?: string;
+    headers?: {[key: string]: string};
+    jsonPath?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.method = source["method"];
+        this.body = source["body"];
+        this.headers = source["headers"];
+        this.jsonPath = source["jsonPath"];
+    }
+}
+export class VarsSourceClusterConfigMapOrSecret {
+    name?: string;
+    labels?: {[key: string]: string};
+    namespace: string;
+    key: string;
+    targetPath?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.name = source["name"];
+        this.labels = source["labels"];
+        this.namespace = source["namespace"];
+        this.key = source["key"];
+        this.targetPath = source["targetPath"];
+    }
+}
+export class VarsSourceGit {
+    url: string;
+    ref?: string;
+    path: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.ref = source["ref"];
+        this.path = source["path"];
+    }
+}
+export class VarsSource {
+    ignoreMissing?: boolean;
+    noOverride?: boolean;
+    values?: any;
+    file?: string;
+    git?: VarsSourceGit;
+    clusterConfigMap?: VarsSourceClusterConfigMapOrSecret;
+    clusterSecret?: VarsSourceClusterConfigMapOrSecret;
+    systemEnvVars?: any;
+    http?: VarsSourceHttp;
+    awsSecretsManager?: VarsSourceAwsSecretsManager;
+    vault?: VarsSourceVault;
+    when?: string;
+    renderedVars?: any;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ignoreMissing = source["ignoreMissing"];
+        this.noOverride = source["noOverride"];
+        this.values = source["values"];
+        this.file = source["file"];
+        this.git = this.convertValues(source["git"], VarsSourceGit);
+        this.clusterConfigMap = this.convertValues(source["clusterConfigMap"], VarsSourceClusterConfigMapOrSecret);
+        this.clusterSecret = this.convertValues(source["clusterSecret"], VarsSourceClusterConfigMapOrSecret);
+        this.systemEnvVars = source["systemEnvVars"];
+        this.http = this.convertValues(source["http"], VarsSourceHttp);
+        this.awsSecretsManager = this.convertValues(source["awsSecretsManager"], VarsSourceAwsSecretsManager);
+        this.vault = this.convertValues(source["vault"], VarsSourceVault);
+        this.when = source["when"];
+        this.renderedVars = source["renderedVars"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class DeploymentProjectConfig {
+    vars?: VarsSource[];
+    sealedSecrets?: SealedSecretsConfig;
+    when?: string;
+    deployments?: DeploymentItemConfig[];
+    commonLabels?: {[key: string]: string};
+    commonAnnotations?: {[key: string]: string};
+    overrideNamespace?: string;
+    tags?: string[];
+    ignoreForDiff?: IgnoreForDiffItemConfig[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.vars = this.convertValues(source["vars"], VarsSource);
+        this.sealedSecrets = this.convertValues(source["sealedSecrets"], SealedSecretsConfig);
+        this.when = source["when"];
+        this.deployments = this.convertValues(source["deployments"], DeploymentItemConfig);
+        this.commonLabels = source["commonLabels"];
+        this.commonAnnotations = source["commonAnnotations"];
+        this.overrideNamespace = source["overrideNamespace"];
+        this.tags = source["tags"];
+        this.ignoreForDiff = this.convertValues(source["ignoreForDiff"], IgnoreForDiffItemConfig);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ClusterInfo {
+    clusterId: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.clusterId = source["clusterId"];
+    }
+}
+export class GitInfo {
+    url?: string;
+    ref: string;
+    subDir: string;
+    commit: string;
+    dirty: boolean;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.ref = source["ref"];
+        this.subDir = source["subDir"];
+        this.commit = source["commit"];
+        this.dirty = source["dirty"];
+    }
+}
+export class KluctlDeploymentInfo {
+    name: string;
+    namespace: string;
+    gitUrl: string;
+    gitRef: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+        this.gitUrl = source["gitUrl"];
+        this.gitRef = source["gitRef"];
+    }
+}
+export class CommandInfo {
+    initiator: string;
+    startTime: string;
+    endTime: string;
+    kluctlDeployment?: KluctlDeploymentInfo;
+    command?: string;
+    target?: string;
+    targetNameOverride?: string;
+    contextOverride?: string;
+    args?: any;
+    images?: FixedImage[];
+    dryRun?: boolean;
+    noWait?: boolean;
+    forceApply?: boolean;
+    replaceOnError?: boolean;
+    forceReplaceOnError?: boolean;
+    abortOnError?: boolean;
+    includeTags?: string[];
+    excludeTags?: string[];
+    includeDeploymentDirs?: string[];
+    excludeDeploymentDirs?: string[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.initiator = source["initiator"];
+        this.startTime = source["startTime"];
+        this.endTime = source["endTime"];
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.command = source["command"];
+        this.target = source["target"];
+        this.targetNameOverride = source["targetNameOverride"];
+        this.contextOverride = source["contextOverride"];
+        this.args = source["args"];
+        this.images = this.convertValues(source["images"], FixedImage);
+        this.dryRun = source["dryRun"];
+        this.noWait = source["noWait"];
+        this.forceApply = source["forceApply"];
+        this.replaceOnError = source["replaceOnError"];
+        this.forceReplaceOnError = source["forceReplaceOnError"];
+        this.abortOnError = source["abortOnError"];
+        this.includeTags = source["includeTags"];
+        this.excludeTags = source["excludeTags"];
+        this.includeDeploymentDirs = source["includeDeploymentDirs"];
+        this.excludeDeploymentDirs = source["excludeDeploymentDirs"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ObjectRef {
+    group?: string;
+    version?: string;
+    kind: string;
+    name: string;
+    namespace?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.group = source["group"];
+        this.version = source["version"];
+        this.kind = source["kind"];
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+    }
+}
+export class FixedImage {
+    image: string;
+    resultImage: string;
+    deployedImage?: string;
+    namespace?: string;
+    object?: ObjectRef;
+    deployment?: string;
+    container?: string;
+    deployTags?: string[];
+    deploymentDir?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.image = source["image"];
+        this.resultImage = source["resultImage"];
+        this.deployedImage = source["deployedImage"];
+        this.namespace = source["namespace"];
+        this.object = this.convertValues(source["object"], ObjectRef);
+        this.deployment = source["deployment"];
+        this.container = source["container"];
+        this.deployTags = source["deployTags"];
+        this.deploymentDir = source["deploymentDir"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class SealingConfig {
+    args?: any;
+    secretSets?: string[];
+    certFile?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.args = source["args"];
+        this.secretSets = source["secretSets"];
+        this.certFile = source["certFile"];
+    }
+}
+export class Target {
+    name: string;
+    context?: string;
+    args?: any;
+    sealingConfig?: SealingConfig;
+    images?: FixedImage[];
+    discriminator?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.name = source["name"];
+        this.context = source["context"];
+        this.args = source["args"];
+        this.sealingConfig = this.convertValues(source["sealingConfig"], SealingConfig);
+        this.images = this.convertValues(source["images"], FixedImage);
+        this.discriminator = source["discriminator"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class TargetKey {
+    targetName?: string;
+    clusterId: string;
+    discriminator?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.targetName = source["targetName"];
+        this.clusterId = source["clusterId"];
+        this.discriminator = source["discriminator"];
+    }
+}
+export class ProjectKey {
+    gitRepoKey?: string;
+    subDir?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.gitRepoKey = source["gitRepoKey"];
+        this.subDir = source["subDir"];
+    }
+}
+export class CommandResult {
+    id: string;
+    projectKey: ProjectKey;
+    targetKey: TargetKey;
+    target: Target;
+    command?: CommandInfo;
+    gitInfo?: GitInfo;
+    clusterInfo: ClusterInfo;
+    deployment?: DeploymentProjectConfig;
+    objects?: ResultObject[];
+    errors?: DeploymentError[];
+    warnings?: DeploymentError[];
+    seenImages?: FixedImage[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.id = source["id"];
+        this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
+        this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.target = this.convertValues(source["target"], Target);
+        this.command = this.convertValues(source["command"], CommandInfo);
+        this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
+        this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
+        this.deployment = this.convertValues(source["deployment"], DeploymentProjectConfig);
+        this.objects = this.convertValues(source["objects"], ResultObject);
+        this.errors = this.convertValues(source["errors"], DeploymentError);
+        this.warnings = this.convertValues(source["warnings"], DeploymentError);
+        this.seenImages = this.convertValues(source["seenImages"], FixedImage);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class CommandResultSummary {
+    id: string;
+    projectKey: ProjectKey;
+    targetKey: TargetKey;
+    target: Target;
+    commandInfo: CommandInfo;
+    gitInfo?: GitInfo;
+    clusterInfo?: ClusterInfo;
+    renderedObjects: number;
+    remoteObjects: number;
+    appliedObjects: number;
+    appliedHookObjects: number;
+    newObjects: number;
+    changedObjects: number;
+    orphanObjects: number;
+    deletedObjects: number;
+    errors: number;
+    warnings: number;
+    totalChanges: number;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.id = source["id"];
+        this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
+        this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.target = this.convertValues(source["target"], Target);
+        this.commandInfo = this.convertValues(source["commandInfo"], CommandInfo);
+        this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
+        this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
+        this.renderedObjects = source["renderedObjects"];
+        this.remoteObjects = source["remoteObjects"];
+        this.appliedObjects = source["appliedObjects"];
+        this.appliedHookObjects = source["appliedHookObjects"];
+        this.newObjects = source["newObjects"];
+        this.changedObjects = source["changedObjects"];
+        this.orphanObjects = source["orphanObjects"];
+        this.deletedObjects = source["deletedObjects"];
+        this.errors = source["errors"];
+        this.warnings = source["warnings"];
+        this.totalChanges = source["totalChanges"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ChangedObject {
+    ref: ObjectRef;
+    changes?: Change[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.changes = this.convertValues(source["changes"], Change);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ValidateResultEntry {
+    ref: ObjectRef;
+    annotation: string;
+    message: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.annotation = source["annotation"];
+        this.message = source["message"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ValidateResult {
+    id: string;
+    startTime: string;
+    endTime: string;
+    ready: boolean;
+    warnings?: DeploymentError[];
+    errors?: DeploymentError[];
+    results?: ValidateResultEntry[];
+    drift?: ChangedObject[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.id = source["id"];
+        this.startTime = source["startTime"];
+        this.endTime = source["endTime"];
+        this.ready = source["ready"];
+        this.warnings = this.convertValues(source["warnings"], DeploymentError);
+        this.errors = this.convertValues(source["errors"], DeploymentError);
+        this.results = this.convertValues(source["results"], ValidateResultEntry);
+        this.drift = this.convertValues(source["drift"], ChangedObject);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class TargetSummary {
+    target: TargetKey;
+    lastValidateResult?: ValidateResult;
+    commandResults?: CommandResultSummary[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.target = this.convertValues(source["target"], TargetKey);
+        this.lastValidateResult = this.convertValues(source["lastValidateResult"], ValidateResult);
+        this.commandResults = this.convertValues(source["commandResults"], CommandResultSummary);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class ProjectSummary {
+    project: ProjectKey;
+    targets: TargetSummary[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.project = this.convertValues(source["project"], ProjectKey);
+        this.targets = this.convertValues(source["targets"], TargetSummary);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+
+export class ShortName {
+    group?: string;
+    kind: string;
+    shortName: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.shortName = source["shortName"];
+    }
+}
+export class UnstructuredObject {
+
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+
+    }
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/react-app-env.d.ts b/pkg/webui/ui/src/react-app-env.d.ts
new file mode 100644
index 000000000..6431bc5fc
--- /dev/null
+++ b/pkg/webui/ui/src/react-app-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="react-scripts" />
diff --git a/pkg/webui/ui/src/reportWebVitals.ts b/pkg/webui/ui/src/reportWebVitals.ts
new file mode 100644
index 000000000..ffeb31f00
--- /dev/null
+++ b/pkg/webui/ui/src/reportWebVitals.ts
@@ -0,0 +1,15 @@
+import { ReportHandler } from 'web-vitals';
+
+const reportWebVitals = (onPerfEntry?: ReportHandler) => {
+    if (onPerfEntry && onPerfEntry instanceof Function) {
+        import('web-vitals').then(({getCLS, getFID, getFCP, getLCP, getTTFB}) => {
+            getCLS(onPerfEntry);
+            getFID(onPerfEntry);
+            getFCP(onPerfEntry);
+            getLCP(onPerfEntry);
+            getTTFB(onPerfEntry);
+        });
+    }
+};
+
+export default reportWebVitals;
diff --git a/pkg/webui/ui/src/setupTests.ts b/pkg/webui/ui/src/setupTests.ts
new file mode 100644
index 000000000..b28b91057
--- /dev/null
+++ b/pkg/webui/ui/src/setupTests.ts
@@ -0,0 +1,5 @@
+// jest-dom adds custom jest matchers for asserting on DOM nodes.
+// allows you to do things like:
+// expect(element).toHaveTextContent(/react/i)
+// learn more: https://github.com/testing-library/jest-dom
+import '@testing-library/jest-dom';
\ No newline at end of file
diff --git a/pkg/webui/ui/src/staticbuild.d.ts b/pkg/webui/ui/src/staticbuild.d.ts
new file mode 100644
index 000000000..511b2c96a
--- /dev/null
+++ b/pkg/webui/ui/src/staticbuild.d.ts
@@ -0,0 +1,7 @@
+declare var isStaticBuild: bool;
+
+declare const staticResults: Map<string, any>;
+
+declare const staticShortNames: any[];
+declare const staticProjects: any[];
+declare const staticSummaries: any[];
diff --git a/pkg/webui/ui/src/utils/duration.ts b/pkg/webui/ui/src/utils/duration.ts
new file mode 100644
index 000000000..5dd95c4dc
--- /dev/null
+++ b/pkg/webui/ui/src/utils/duration.ts
@@ -0,0 +1,30 @@
+export function formatDuration(ms: number, withMs?: boolean) {
+    if (ms < 0) ms = -ms;
+    const time = {
+        day: Math.floor(ms / 86400000),
+        hour: Math.floor(ms / 3600000) % 24,
+        minute: Math.floor(ms / 60000) % 60,
+        second: Math.floor(ms / 1000) % 60,
+        millisecond: withMs ? Math.floor(ms) % 1000 : 0
+    };
+    return Object.entries(time)
+        .filter(val => val[1] !== 0)
+        .map(val => val[1] + ' ' + (val[1] !== 1 ? val[0] + 's' : val[0]))
+        .join(', ');
+}
+
+export function formatDurationShort(ms: number) {
+    if (ms < 0) ms = -ms;
+    const time = {
+        d: Math.floor(ms / 86400000),
+        h: Math.floor(ms / 3600000) % 24,
+        m: Math.floor(ms / 60000) % 60,
+        s: Math.floor(ms / 1000) % 60,
+        ms: Math.floor(ms) % 1000
+    };
+    const f = Object.entries(time).find(val => val[1] > 0)
+    if (f === undefined) {
+        return "0s"
+    }
+    return f[1] + f[0]
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/utils/misc.ts b/pkg/webui/ui/src/utils/misc.ts
new file mode 100644
index 000000000..5543c1436
--- /dev/null
+++ b/pkg/webui/ui/src/utils/misc.ts
@@ -0,0 +1,14 @@
+export function getLastPathElement(url?: string): string | undefined {
+    if (url === undefined) {
+        return undefined
+    }
+    if (!url) {
+        return ""
+    }
+    const s= url.split("/")
+    return s[s.length - 1]
+}
+
+export function sleep(ms: number) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
diff --git a/pkg/webui/ui/tsconfig.json b/pkg/webui/ui/tsconfig.json
new file mode 100644
index 000000000..a273b0cfc
--- /dev/null
+++ b/pkg/webui/ui/tsconfig.json
@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "target": "es5",
+    "lib": [
+      "dom",
+      "dom.iterable",
+      "esnext"
+    ],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "strict": true,
+    "forceConsistentCasingInFileNames": true,
+    "noFallthroughCasesInSwitch": true,
+    "module": "esnext",
+    "moduleResolution": "node",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx"
+  },
+  "include": [
+    "src"
+  ]
+}
diff --git a/pkg/webui/validator.go b/pkg/webui/validator.go
new file mode 100644
index 000000000..78ba366bf
--- /dev/null
+++ b/pkg/webui/validator.go
@@ -0,0 +1,223 @@
+package webui
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"sync"
+	"time"
+)
+
+const shortValidationInterval = time.Second * 15
+const longValidationInterval = time.Minute * 5
+
+type validatorManager struct {
+	ctx context.Context
+
+	store results.ResultStore
+	cam   *clusterAccessorManager
+
+	validators map[projectTargetKey]*validatorEntry
+	mutex      sync.Mutex
+}
+
+type projectTargetKey struct {
+	Project result.ProjectKey `json:"project"`
+	Target  result.TargetKey  `json:"target"`
+}
+
+type validatorEntry struct {
+	vm             *validatorManager
+	key            projectTargetKey
+	ch             chan bool
+	validateResult *result.ValidateResult
+	err            error
+	mutex          sync.Mutex
+}
+
+func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager) *validatorManager {
+	return &validatorManager{
+		ctx:        ctx,
+		store:      store,
+		cam:        cam,
+		validators: map[projectTargetKey]*validatorEntry{},
+	}
+}
+
+func (vm *validatorManager) start() {
+	runOnce := func() {
+		summaries, err := vm.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+		if err != nil {
+			return
+		}
+
+		projects := result.BuildProjectSummaries(summaries)
+
+		found := map[projectTargetKey]bool{}
+		for _, project := range projects {
+			for _, target := range project.Targets {
+				k := projectTargetKey{
+					Project: project.Project,
+					Target:  target.Target,
+				}
+
+				vm.mutex.Lock()
+				_, ok := vm.validators[k]
+				if !ok {
+					v := &validatorEntry{
+						vm:  vm,
+						key: k,
+						ch:  make(chan bool),
+					}
+					vm.validators[k] = v
+					go v.run()
+				}
+				vm.mutex.Unlock()
+
+				found[k] = true
+			}
+		}
+
+		vm.mutex.Lock()
+		for k, v := range vm.validators {
+			if _, ok := found[k]; !ok {
+				delete(vm.validators, k)
+				close(v.ch)
+			}
+		}
+		vm.mutex.Unlock()
+	}
+
+	go func() {
+		for {
+			runOnce()
+			time.Sleep(5 * time.Second)
+		}
+	}()
+}
+
+func (vm *validatorManager) getValidateResult(key projectTargetKey) (*result.ValidateResult, error) {
+	vm.mutex.Lock()
+	defer vm.mutex.Unlock()
+	v := vm.validators[key]
+	if v == nil {
+		return nil, nil
+	}
+	return v.validateResult, v.err
+}
+
+func (vm *validatorManager) validateNow(key projectTargetKey) bool {
+	vm.mutex.Lock()
+	defer vm.mutex.Unlock()
+	v := vm.validators[key]
+	if v == nil {
+		return false
+	}
+	v.ch <- true
+	return true
+}
+
+func (v *validatorEntry) run() {
+	status.Info(v.vm.ctx, "Started validator for: %v", v.key)
+	defer status.Info(v.vm.ctx, "Stopped validator for: %v", v.key)
+
+	for {
+		summaries, err := v.vm.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{
+			ProjectFilter: &v.key.Project,
+		})
+		if err != nil {
+			return
+		}
+		projects := result.BuildProjectSummaries(summaries)
+
+		longWait := false
+	outer:
+		for _, p := range projects {
+			if p.Project == v.key.Project {
+				for _, t := range p.Targets {
+					if t.Target == v.key.Target {
+						longWait = v.runOnce(t)
+						break outer
+					}
+				}
+			}
+		}
+
+		waitTime := shortValidationInterval
+		if longWait {
+			waitTime = longValidationInterval
+		}
+
+		select {
+		case _, ok := <-v.ch:
+			if !ok {
+				break
+			}
+			continue
+		case <-time.After(waitTime):
+		}
+	}
+}
+
+func (v *validatorEntry) findFullProjectResult(summaries []result.CommandResultSummary) *result.CommandResultSummary {
+	for _, summary := range summaries {
+		if len(summary.Command.IncludeTags) != 0 || len(summary.Command.ExcludeTags) != 0 {
+			continue
+		}
+		if summary.Command.Command == "deploy" || summary.Command.Command == "diff" {
+			return &summary
+		}
+	}
+	return nil
+}
+
+func (v *validatorEntry) runOnce(target *result.TargetSummary) bool {
+	s := status.Start(v.vm.ctx, "Validating: %v", v.key)
+	defer s.Failed()
+
+	summary := v.findFullProjectResult(target.CommandResults)
+	if summary == nil {
+		s.FailedWithMessage("No result summaries for %v", v.key)
+		return false
+	}
+
+	ca := v.vm.cam.getForClusterId(summary.ClusterInfo.ClusterId)
+	if ca == nil {
+		s.FailedWithMessage("No cluster accessor for %v", v.key)
+		return false
+	}
+	k := ca.getK()
+	if k == nil {
+		return false
+	}
+
+	cr, err := v.vm.store.GetCommandResult(results.GetCommandResultOptions{
+		Id:      summary.Id,
+		Reduced: false,
+	})
+	if err != nil {
+		s.FailedWithMessage("Failed to get command result for %v: %v", v.key, err)
+		return false
+	}
+
+	discriminator := summary.Target.Discriminator
+
+	cmd := commands.NewValidateCommand(v.vm.ctx, discriminator, nil, cr)
+	vr, err := cmd.Run(v.vm.ctx, k)
+
+	if err != nil {
+		s.UpdateAndInfoFallback("Finished validation with error: %v", v.key)
+	} else {
+		s.UpdateAndInfoFallback("Finished validation: %v", v.key)
+	}
+	s.Success()
+
+	v.mutex.Lock()
+	defer v.mutex.Unlock()
+	v.validateResult = vr
+	v.err = err
+
+	return true
+}

From 5970e0cacb2499e5c89d355b84a234ef31c6116c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 30 May 2023 13:31:25 +0200
Subject: [PATCH 1127/2268] fix: Server ui from /

---
 pkg/webui/server.go | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 746f3b0da..8d854718b 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"io/fs"
 	"k8s.io/client-go/rest"
 	"net"
 	"net/http"
@@ -52,7 +53,30 @@ func (s *CommandResultsServer) Run(port int) error {
 
 	router := gin.Default()
 
-	router.StaticFS("/webui", http.FS(uiFS))
+	dis, err := fs.ReadDir(uiFS, ".")
+	if err != nil {
+		return err
+	}
+
+	for _, di := range dis {
+		if di.IsDir() {
+			x, err := fs.Sub(uiFS, di.Name())
+			if err != nil {
+				return err
+			}
+			router.StaticFS("/"+di.Name(), http.FS(x))
+		} else {
+			router.StaticFileFS("/"+di.Name(), di.Name(), http.FS(uiFS))
+		}
+	}
+	router.GET("/", func(c *gin.Context) {
+		b, err := fs.ReadFile(uiFS, "index.html")
+		if err != nil {
+			_ = c.AbortWithError(http.StatusInternalServerError, err)
+			return
+		}
+		c.Data(http.StatusOK, "text/html; charset=utf-8", b)
+	})
 
 	api := router.Group("/api")
 	api.GET("/getShortNames", s.getShortNames)

From 6dd85526abcf77f468445649715487c35cbba107 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 27 May 2023 00:12:05 +0600
Subject: [PATCH 1128/2268] WIP Main Page.

---
 pkg/webui/ui/public/staticbuild.js            |   2 +-
 pkg/webui/ui/src/components/App.tsx           |  13 +-
 pkg/webui/ui/src/components/LeftDrawer.tsx    | 115 +++++++++---------
 .../components/targets-view/TargetsView.tsx   |   2 +-
 pkg/webui/ui/src/components/theme.ts          |  72 +++++++++++
 pkg/webui/ui/src/icons/KluctlLogo.tsx         |   2 +-
 pkg/webui/ui/src/icons/KluctlText.tsx         |   6 +
 pkg/webui/ui/src/icons/Targets.tsx            |   5 +
 pkg/webui/ui/src/icons/kluctl-logo.svg        |   4 +-
 pkg/webui/ui/src/icons/kluctl-text.svg        |   7 ++
 pkg/webui/ui/src/icons/targets.svg            |   6 +
 pkg/webui/ui/src/index.css                    |   2 +
 12 files changed, 172 insertions(+), 64 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/theme.ts
 create mode 100644 pkg/webui/ui/src/icons/KluctlText.tsx
 create mode 100644 pkg/webui/ui/src/icons/Targets.tsx
 create mode 100644 pkg/webui/ui/src/icons/kluctl-text.svg
 create mode 100644 pkg/webui/ui/src/icons/targets.svg

diff --git a/pkg/webui/ui/public/staticbuild.js b/pkg/webui/ui/public/staticbuild.js
index 58271d740..a653e44b6 100644
--- a/pkg/webui/ui/public/staticbuild.js
+++ b/pkg/webui/ui/public/staticbuild.js
@@ -1,2 +1,2 @@
-let isStaticBuild = false;
+let isStaticBuild = true;
 const staticResults = new Map()
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index ce3a71aa9..ba36ddc4a 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,9 +1,10 @@
 import React, { useState } from 'react';
 
 import '../index.css';
-import { Box } from "@mui/material";
+import { Box, ThemeProvider } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
+import { light } from './theme';
 
 export interface AppOutletContext {
     filters?: React.ReactNode
@@ -22,9 +23,13 @@ const App = () => {
         setFilters: setFilters,
     }
 
-    return <Box width={"100%"} height={"100%"}>
-        <LeftDrawer content={<Outlet context={context}/>} context={context}/>
-    </Box>
+    return (
+        <ThemeProvider theme={light}>
+            <Box width={"100%"} height={"100%"}>
+                <LeftDrawer content={<Outlet context={context} />} context={context} />
+            </Box>
+        </ThemeProvider>
+    );
 };
 
 export default App;
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 7c23a7be3..cd712c4b5 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -1,6 +1,6 @@
 import * as React from 'react';
 import { useState } from 'react';
-import { CSSObject, styled, Theme, useTheme } from '@mui/material/styles';
+import { CSSObject, styled, Theme, ThemeProvider, useTheme } from '@mui/material/styles';
 import Box from '@mui/material/Box';
 import MuiDrawer from '@mui/material/Drawer';
 import MuiAppBar, { AppBarProps as MuiAppBarProps } from '@mui/material/AppBar';
@@ -15,15 +15,19 @@ import ListItem from '@mui/material/ListItem';
 import ListItemButton from '@mui/material/ListItemButton';
 import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
-import { Adjust } from "@mui/icons-material";
 import { Link } from "react-router-dom";
 import { AppOutletContext } from "./App";
 import { KluctlLogo } from "../icons/KluctlLogo";
+import { Targets } from '../icons/Targets';
+import { dark } from './theme';
+import { KluctlText } from '../icons/KluctlText';
+import { Typography } from '@mui/material';
 
-const drawerWidth = 240;
+const drawerWidthOpen = 224;
+const drawerWidthClosed = 96;
 
 const openedMixin = (theme: Theme): CSSObject => ({
-    width: drawerWidth,
+    width: drawerWidthOpen,
     transition: theme.transitions.create('width', {
         easing: theme.transitions.easing.sharp,
         duration: theme.transitions.duration.enteringScreen,
@@ -37,17 +41,12 @@ const closedMixin = (theme: Theme): CSSObject => ({
         duration: theme.transitions.duration.leavingScreen,
     }),
     overflowX: 'hidden',
-    width: `calc(${theme.spacing(7)} + 1px)`,
-    [theme.breakpoints.up('sm')]: {
-        width: `calc(${theme.spacing(8)} + 1px)`,
-    },
+    width: drawerWidthClosed,
 });
 
 const DrawerHeader = styled('div')(({ theme }) => ({
-    display: 'flex',
-    alignItems: 'center',
-    justifyContent: 'flex-end',
-    padding: theme.spacing(0, 1),
+    height: '106px',
+    padding: '31px 23px 0 23px',
     // necessary for content to be below app bar
     ...theme.mixins.toolbar,
 }));
@@ -59,14 +58,22 @@ interface AppBarProps extends MuiAppBarProps {
 const AppBar = styled(MuiAppBar, {
     shouldForwardProp: (prop) => prop !== 'open',
 })<AppBarProps>(({ theme, open }) => ({
+    height: 106,
+    border: 'none',
+    boxShadow: 'none',
+    background: 'transparent',
+    padding: '40px 40px 0 40px',
+    marginLeft: drawerWidthClosed,
+    justifyContent: 'space-between',
+    width: `calc(100% - ${drawerWidthClosed}px)`,
     zIndex: theme.zIndex.drawer + 1,
     transition: theme.transitions.create(['width', 'margin'], {
         easing: theme.transitions.easing.sharp,
         duration: theme.transitions.duration.leavingScreen,
     }),
     ...(open && {
-        marginLeft: drawerWidth,
-        width: `calc(100% - ${drawerWidth}px)`,
+        marginLeft: drawerWidthOpen,
+        width: `calc(100% - ${drawerWidthOpen}px)`,
         transition: theme.transitions.create(['width', 'margin'], {
             easing: theme.transitions.easing.sharp,
             duration: theme.transitions.duration.enteringScreen,
@@ -76,17 +83,24 @@ const AppBar = styled(MuiAppBar, {
 
 const Drawer = styled(MuiDrawer, { shouldForwardProp: (prop) => prop !== 'open' })(
     ({ theme, open }) => ({
-        width: drawerWidth,
+        width: drawerWidthOpen,
         flexShrink: 0,
         whiteSpace: 'nowrap',
         boxSizing: 'border-box',
+        borderRadius: '0px 20px 20px 0px',
         ...(open && {
             ...openedMixin(theme),
-            '& .MuiDrawer-paper': openedMixin(theme),
+            '& .MuiDrawer-paper': {
+                ...openedMixin(theme),
+                borderRadius: '0px 20px 20px 0px',
+            }
         }),
         ...(!open && {
             ...closedMixin(theme),
-            '& .MuiDrawer-paper': closedMixin(theme),
+            '& .MuiDrawer-paper': {
+                ...closedMixin(theme),
+                borderRadius: '0px 20px 20px 0px',
+            }
         }),
     }),
 );
@@ -97,7 +111,7 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
             sx={{
                 minHeight: 48,
                 justifyContent: props.open ? 'initial' : 'center',
-                px: 2.5,
+                px: '24px',
             }}
         >
             <ListItemIcon
@@ -109,7 +123,7 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
             >
                 {props.icon}
             </ListItemIcon>
-            <ListItemText primary={props.text} sx={{ opacity: props.open ? 1 : 0 }}/>
+            <ListItemText primary={props.text} sx={{ opacity: props.open ? 1 : 0 }} />
         </ListItemButton>
     </ListItem>
 }
@@ -117,52 +131,41 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
 export default function LeftDrawer(props: { content: React.ReactNode, context: AppOutletContext }) {
     const context = props.context
 
-    const theme = useTheme();
     const [open, setOpen] = useState(true);
 
-    const handleDrawerOpen = () => {
-        setOpen(true);
-    };
-
-    const handleDrawerClose = () => {
-        setOpen(false);
+    const toggleDrawer = () => {
+        setOpen(o => !o);
     };
 
     return (
         <Box sx={{ display: 'flex' }} height={"100%"}>
             <AppBar position="fixed" open={open}>
-                <Toolbar>
-                    <IconButton
-                        color="inherit"
-                        aria-label="open drawer"
-                        onClick={handleDrawerOpen}
-                        edge="start"
-                        sx={{
-                            marginRight: 5,
-                            ...(open && { display: 'none' }),
-                        }}
-                    >
-                        <MenuIcon/>
-                    </IconButton>
-                    <KluctlLogo/>
-                </Toolbar>
+                <Typography variant='h1' fontSize='32px' fontWeight='bold'>
+                    Dashboard
+                </Typography>
+                <Divider />
             </AppBar>
-            <Drawer variant="permanent" open={open}>
-                <DrawerHeader>
-                    <IconButton onClick={handleDrawerClose}>
-                        {theme.direction === 'rtl' ? <ChevronRightIcon/> : <ChevronLeftIcon/>}
-                    </IconButton>
-                </DrawerHeader>
-                <Divider/>
-                <List>
-                    <Item text={"Targets"} open={open} icon={<Adjust/>} to={"targets"}/>
-                    <Divider/>
-                    {context.filters}
-                </List>
-                <Divider/>
-            </Drawer>
+            <ThemeProvider theme={dark}>
+                <Drawer variant="permanent" open={open}>
+                    <DrawerHeader>
+                        <IconButton
+                            onClick={toggleDrawer}
+                            sx={{ gap: '13px', padding: 0 }}>
+                            <KluctlLogo />
+                            {open && <KluctlText />}
+                        </IconButton>
+                    </DrawerHeader>
+                    <Divider />
+                    <List>
+                        <Item text={"Targets"} open={open} icon={<Targets />} to={"targets"} />
+                        <Divider />
+                        {context.filters}
+                    </List>
+                    {context.filters && <Divider />}
+                </Drawer>
+            </ThemeProvider>
             <Box component="main" sx={{ flexGrow: 1 }} minWidth={0}>
-                <DrawerHeader/>
+                <DrawerHeader />
                 {props.content}
             </Box>
         </Box>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 581d8ce82..3f44afc91 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -39,7 +39,7 @@ export const TargetsView = () => {
         setSelectedTargetSummary(ts)
     }
 
-    return <Box width={"max-content"}>
+    return <Box width={"max-content"} p='0 40px'>
         <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)}/>
         <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)}/>
         <Box display={"flex"} alignItems={"center"} p={1}>
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
new file mode 100644
index 000000000..a552fab79
--- /dev/null
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -0,0 +1,72 @@
+import { PaletteOptions, createTheme } from '@mui/material/styles';
+
+const paletteDark = {
+    primary: { main: '#DFEBE9' },
+    background: { default: '#222222', paper: '#222222' }
+} satisfies PaletteOptions;
+
+const paletteLight = {
+    primary: { main: '#222222' },
+    secondary: { main: '#39403E'}
+} satisfies PaletteOptions;
+
+export const light = createTheme({
+    palette: paletteLight,
+    components: {
+        MuiDivider: {
+            styleOverrides: {
+                root: {
+                    borderColor: 'rgba(0, 0, 0, 0.5)'
+                }
+            }
+        },
+        MuiAppBar: {
+            styleOverrides: {
+                root: {
+                    color: paletteLight.primary.main
+                }
+            }
+        }
+    }
+});
+
+export const dark = createTheme({
+    palette: paletteDark,
+    components: {
+        MuiListItem: {
+            styleOverrides: {
+                root: {
+                    color: paletteDark.primary.main,
+                    background: paletteDark.background.default
+                }
+            }
+        },
+        MuiButtonBase: {
+            styleOverrides: {
+                root: {
+                    color: paletteDark.primary.main,
+                    background: paletteDark.background.default
+                }
+            }
+        },
+        MuiDrawer: {
+            styleOverrides: {
+                root: {
+                    border: 'none'
+                }, 
+                paper: {
+                    border: 'none'
+                }, 
+            }
+        },
+        MuiDivider: {
+            styleOverrides: {
+                root: {
+                    background: paletteDark.primary.main,
+                    opacity: 0.2,
+                    margin: '0 13px'
+                }
+            }
+        }
+    }
+})
\ No newline at end of file
diff --git a/pkg/webui/ui/src/icons/KluctlLogo.tsx b/pkg/webui/ui/src/icons/KluctlLogo.tsx
index b89f71f95..f7c3d0665 100644
--- a/pkg/webui/ui/src/icons/KluctlLogo.tsx
+++ b/pkg/webui/ui/src/icons/KluctlLogo.tsx
@@ -2,5 +2,5 @@ import { ReactComponent as KluctlLogoSvg } from './kluctl-logo.svg';
 import React from "react";
 
 export const KluctlLogo = () => {
-    return <KluctlLogoSvg width={"200px"} height={"56px"}/>
+    return <KluctlLogoSvg width="50px" height="50px" />
 }
diff --git a/pkg/webui/ui/src/icons/KluctlText.tsx b/pkg/webui/ui/src/icons/KluctlText.tsx
new file mode 100644
index 000000000..6122532ab
--- /dev/null
+++ b/pkg/webui/ui/src/icons/KluctlText.tsx
@@ -0,0 +1,6 @@
+import { ReactComponent as KluctlTextSvg } from './kluctl-text.svg';
+import React from "react";
+
+export const KluctlText = () => {
+    return <KluctlTextSvg width="115px" height="33px" />
+}
diff --git a/pkg/webui/ui/src/icons/Targets.tsx b/pkg/webui/ui/src/icons/Targets.tsx
new file mode 100644
index 000000000..d1ba0a421
--- /dev/null
+++ b/pkg/webui/ui/src/icons/Targets.tsx
@@ -0,0 +1,5 @@
+import { ReactComponent as TargetsSvg } from './targets.svg';
+
+export const Targets = () => {
+    return <TargetsSvg width="48px" height="48px" />
+}
diff --git a/pkg/webui/ui/src/icons/kluctl-logo.svg b/pkg/webui/ui/src/icons/kluctl-logo.svg
index d61023e05..2248dffe2 100644
--- a/pkg/webui/ui/src/icons/kluctl-logo.svg
+++ b/pkg/webui/ui/src/icons/kluctl-logo.svg
@@ -1 +1,3 @@
-<?xml version="1.0" encoding="UTF-8"?><svg id="a" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2139.382 599.108"><defs><style>.b{fill:#fff;}.c{fill:#3f4443;}.d{fill:#51a684;}</style></defs><g><polygon class="c" points="1013.888 211.273 943.794 211.273 820.298 348.297 820.298 116.407 764.435 116.407 764.174 495.861 820.298 495.861 820.298 358.837 939.408 495.861 1014.245 495.861 884.07 353.567 1013.888 211.273"/><rect class="c" x="1066.445" y="115.736" width="55.073" height="380.124"/><path class="c" d="M1948.135,115.341h-55.338v95.932h-54.542v44.27h54.542v128.328c0,15.46,.221,29.293,.66,41.501,.436,12.214,3.732,24.201,9.88,35.972,6.856,13.174,17.042,22.836,30.573,28.984,13.524,6.148,28.892,9.486,46.115,10.01,17.209,.531,34.778-.966,52.702-4.477v-46.639c-18.628,2.637-34.833,3.209-48.623,1.712-13.793-1.487-23.843-7.679-30.168-18.577-3.341-5.801-5.144-12.912-5.407-21.343-.261-8.434-.394-18.359-.394-29.777v-125.694h84.592v-44.27h-84.592V115.341Z"/><rect class="c" x="2084.312" y="115.736" width="55.07" height="380.124"/><path class="c" d="M1643.317,268.059c11.591-8.523,26.432-12.785,44.529-12.785,15.984,0,30.175,4.443,42.556,13.313,12.388,8.873,21.302,21.302,26.749,37.286l54.811-15.81c-7.03-26.882-21.571-48.044-43.611-63.504-22.05-15.463-48.619-23.19-79.715-23.19-28.811,0-53.491,6.41-74.044,19.237-16.498,10.295-29.794,23.881-40.178,40.453l-.156-.193s-6.753,12.861-26.657,17.45c-24.37,3.3-46.407,3.33-65.198,1.885-43.219-6.529-50.418-43.825-51.354-61.541v-9.386h-58.543v148.088c0,16.868-1.888,31.193-5.665,42.957-3.777,11.768-8.961,21.254-15.549,28.46-6.587,7.206-14.272,12.429-23.057,15.678-8.785,3.249-18.097,4.872-27.933,4.872-15.11,0-27.361-3.072-36.755-9.224-9.404-6.144-16.695-14.229-21.874-24.238-5.182-10.016-8.699-20.862-10.54-32.542-1.844-11.684-2.77-23.058-2.77-34.128V211.272h-55.862v158.104c0,8.788,.793,18.972,2.372,30.566,1.582,11.598,4.566,23.455,8.961,35.575,4.386,12.119,10.754,23.319,19.104,33.598,8.339,10.278,19.186,18.579,32.543,24.904,13.343,6.322,29.862,9.486,49.538,9.486,25.65,0,47.52-5.533,65.616-16.603,11.15-6.822,20.506-15.501,28.46-25.629v34.591h51.953v-44.781c.908-3.477,5.917-15.151,31.591-20.461,19.417-3.427,44.274-3.987,74.187,2.643,15.511,3.437,29.94,10.411,41.913,20.849,4.056,3.535,8.455,7.329,13.139,12.299,6.55,6.628,13.623,12.728,21.659,17.852,20.376,13,45.148,19.502,74.309,19.502,30.569,0,56.566-7.42,78.001-22.264,21.431-14.841,36.798-36.143,46.115-63.899l-55.866-13.177c-5.794,15.28-14.191,27.011-25.163,35.176-10.983,8.169-25.341,12.255-43.087,12.255-26,0-45.631-9.046-58.893-27.143-13.265-18.09-19.985-41.808-20.162-71.149,.177-18.967,3.072-35.837,8.699-50.592,5.62-14.759,14.232-26.392,25.827-34.914Zm-192.318,37.367c14.797,2.671,33.227,4.808,54.505,4.808,10.976,0,22.717-.592,35.071-1.943,.347-.004,.697-.007,.84,.038,.626,.184,1.834,1.82-4.181,4.59-10.414,3.409-24.653,5.719-44.632,5.719-19.427,0-32.696-3.81-41.814-9.074-1.306-.963-2.436-2.096-2.307-3.246,.088-.816,1.31-.956,2.517-.892Zm80.75,27.354c-6.999,4.532-16.835,8.125-31.002,9.577-13.776,1.412-23.619-1.851-30.682-7.019-1.034-.976-1.963-2.15-2.004-3.433-.027-.915,.824-1.157,1.684-1.173,10.799,1.888,24.109,2.919,39.198,1.375,7.785-.796,16.045-2.303,24.649-4.699,.249-.03,.497-.058,.599-.02,.466,.156,1.507,1.885-2.443,5.392Zm1.987,67.516c-29.838-5.552-55.382-4.661-76.171-.905-3.708,.088-7.247-.977-7.247-3.117,0-1.3,1.296-2.647,2.667-3.759,16.12-10.289,36.201-11.221,44.029-11.221,17.042,0,30.155,3.631,40.287,9.067l-.024,.034s5.699,3.603,4.78,6.26c-.877,2.538-2.708,4.311-8.322,3.641Z"/></g><path class="d" d="M571.593,316.392c-8.727-2.476-17.504-2.709-25.758-1.089-54.422,10.683-108.39,3.741-135.825-1.374-10.448-1.948-18.316-10.12-20.628-20.494-.047-.213-.096-.426-.145-.638-2.389-10.345,1.056-21.148,9.617-27.427,21.392-15.688,64.618-43.451,121.836-60.157,13.114-3.829,25.688-11.424,33.96-26.243,9.591-17.182,9.61-38.682-.614-55.496-17.636-29.003-55.949-35.146-81.607-14.678-6.389,5.097-11.387,11.303-14.804,18.171-24.26,48.756-64.065,86.797-85.497,105.04-8.064,6.864-19.299,7.853-28.818,3.213-.219-.107-.438-.213-.658-.317-9.578-4.568-15.778-14.035-15.381-24.639,1.059-28.284,6.205-83.429,28.9-132.762,3.466-7.534,5.093-16.051,4.685-24.97-1.239-27.077-21.056-48.732-47.953-52.089-33.6-4.193-62.201,21.895-62.201,54.662,0,7.152,1.331,13.997,3.843,20.254,24.153,60.159,29.356,109.21,30.187,134.75,.344,10.591-5.796,20.098-15.383,24.612-.269,.127-.537,.254-.804,.384-9.631,4.658-20.983,3.6-29.055-3.42-21.761-18.927-62.404-58.175-85.782-105.183-3.673-7.385-9.311-13.919-16.485-19.147-21.817-15.9-51.012-14.075-70.456,4.653-24.532,23.63-22.048,62.479,3.672,82.989,6.39,5.096,13.541,8.637,21.008,10.392,52.608,12.368,98.8,43.003,121.433,59.964,8.461,6.34,11.914,17.053,9.523,27.352-.063,.27-.124,.541-.184,.812-2.296,10.35-10.141,18.503-20.556,20.485-27.642,5.26-82.171,12.469-135.877,1.343-8.142-1.687-16.828-1.391-25.456,1.009-26.17,7.28-42.836,31.511-40.022,58.529,3.498,33.576,35.233,55.549,67.115,48.271,6.973-1.592,13.388-4.361,18.892-8.255,51.592-36.507,99.72-52.772,124.95-59.402,10.167-2.672,20.687,1.349,27.174,9.622,.188,.24,.377,.479,.568,.716,6.659,8.308,8.139,19.561,3.143,28.963-13.417,25.252-42.326,73.24-83.534,107.028-6.384,5.234-11.507,12.189-15.008,20.355-10.643,24.83-2.335,52.895,20.283,67.667,28.49,18.607,65.773,7.533,80.034-22.087,3.546-7.364,5.456-15.123,5.456-22.794,0-52.077,19.989-105.228,31.562-131.637,4.206-9.598,13.749-15.564,24.227-15.436,.608,.007,1.217,.01,1.827,.007,10.32-.051,19.642,6.027,23.778,15.482,11.145,25.477,29.986,76.37,31.514,132.131,.23,8.378,2.425,16.849,6.751,24.78,13.093,24.003,40.677,34.691,66.462,25.597,31.537-11.123,45.63-46.69,31.527-75.968-3.104-6.443-7.236-12.074-12.251-16.579-47.763-42.902-73.997-85.72-85.849-108.606-4.811-9.291-3.216-20.394,3.374-28.52,.291-.359,.579-.72,.865-1.084,6.496-8.281,17.034-12.306,27.209-9.616,25.153,6.65,73.095,22.92,124.943,59.344,5.517,3.876,11.92,6.661,18.893,8.252,30.183,6.885,60.23-12.446,66.311-43.013,5.513-27.718-11.746-55.991-38.934-63.706Z"/><path class="b" d="M581.392,337.87c-2.696-1.955-6.605-4.242-9.18-5.403,0,0-10.865-5.984-29.506-1.554,0,0-18.892,3.472-33.01,4.11,0,0,1.405,6.542,17.976,7.057,15.273,.475,26.975-5.935,41.02,3.802,.49,.362,.952,.713,1.462,1.083,.191,.139,.373,.293,.561,.436,.471,.374,.938,.722,1.415,1.134,7.851,6.678,12.874,16.641,15.904,13.878,4.647-4.237,2.357-18.017-6.643-24.543Z"/><path class="b" d="M544.736,138.609c-1.894-4.674-3.642-8.048-6.09-11.079,0,0-8.412-14.335-29.328-15.642-21.663-1.354-33.236,14.063-33.236,14.063,0,0,12.009-4.987,24.894-4.666,14.756,.368,26.593,12.207,28.378,26.86,1.192,9.787,1.665,18.269,7.599,18.269,10.665,0,12.392-16.437,7.783-27.805Z"/><path class="b" d="M336.667,29.013c-1.564-1.657-13.864-17.164-37.979-13.461-2.21,.339-4.385,.949-6.479,1.733-2.592,.971-6.056,2.519-9.222,4.751,0,0,30.886-3.756,40.193,17.658,0,0,7.852,21.643,17.385,18.788,.304-.015,.609-.085,.916-.275,5.818-3.587,3.48-20.406-4.815-29.195Z"/><path class="b" d="M110.314,129.318c-9.788-5.176-2.627-19.844,7.512-15.395,1.926,.845,7.488,3.231,9.337,4.56,18.592,13.363,7.088,14.06,41.217,59.228,0,0-16.177-4.929-41.275-34.79-4.599-5.472-10.104-10.069-16.423-13.409l-.367-.194Z"/><path class="b" d="M457.24,541.329c-.117-3.196,1.095-16.089-17.835-31.753,0,0-13.808-12.864-21.959-21.655,0,0-4.803,4.056,4.615,16.893,8.681,11.833,20.454,16.888,21.402,33.273,.016,.585,.024,1.144,.046,1.748,.009,.229,0,.459,.002,.688-.004,.576,.01,1.134-.02,1.737-.404,9.89-4.966,19.586-1.083,20.242,5.954,1.006,15.222-10.504,14.831-21.174Z"/></svg>
\ No newline at end of file
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M46.7332 26.4052C46.0197 26.1986 45.3021 26.1791 44.6273 26.3143C40.1777 27.2059 35.7653 26.6265 33.5223 26.1996C32.668 26.0371 32.0248 25.3551 31.8357 24.4893C31.8319 24.4715 31.8279 24.4537 31.8239 24.436C31.6286 23.5727 31.9102 22.6711 32.6102 22.1471C34.3592 20.8378 37.8933 18.5208 42.5714 17.1265C43.6436 16.807 44.6717 16.1731 45.348 14.9364C46.1321 13.5024 46.1337 11.7081 45.2978 10.3048C43.8559 7.88432 40.7234 7.37165 38.6256 9.07985C38.1033 9.50523 37.6946 10.0232 37.4152 10.5963C35.4318 14.6654 32.1773 17.8402 30.4251 19.3627C29.7657 19.9355 28.8472 20.0181 28.0689 19.6308C28.051 19.6219 28.0331 19.613 28.0151 19.6044C27.232 19.2231 26.7251 18.433 26.7576 17.5481C26.8442 15.1876 27.2649 10.5853 29.1204 6.46814C29.4038 5.83938 29.5368 5.12857 29.5035 4.38422C29.4022 2.12445 27.7819 0.317189 25.5829 0.0370233C22.8357 -0.312912 20.4973 1.86432 20.4973 4.59895C20.4973 5.19584 20.6062 5.7671 20.8115 6.28929C22.7863 11.31 23.2117 15.4036 23.2796 17.5351C23.3077 18.419 22.8057 19.2125 22.0219 19.5892C21.9999 19.5998 21.978 19.6104 21.9562 19.6212C21.1687 20.01 20.2406 19.9217 19.5806 19.3358C17.8015 17.7562 14.4785 14.4807 12.5671 10.5575C12.2668 9.94121 11.8059 9.3959 11.2193 8.95959C9.4356 7.63262 7.04863 7.78493 5.4589 9.34791C3.45317 11.32 3.65626 14.5622 5.75912 16.2739C6.28156 16.6992 6.86622 16.9947 7.47672 17.1412C11.7779 18.1734 15.5546 20.7301 17.405 22.1456C18.0968 22.6748 18.3791 23.5688 18.1836 24.4284C18.1785 24.4509 18.1735 24.4735 18.1686 24.4961C17.9809 25.3599 17.3395 26.0403 16.4879 26.2057C14.2279 26.6447 9.76967 27.2464 5.37869 26.3178C4.71301 26.177 4.00284 26.2017 3.29742 26.402C1.15778 27.0096 -0.204829 29.0318 0.0252425 31.2867C0.311237 34.0888 2.90587 35.9226 5.51253 35.3152C6.08264 35.1824 6.60713 34.9513 7.05713 34.6263C11.2753 31.5795 15.2102 30.2221 17.273 29.6688C18.1042 29.4458 18.9643 29.7814 19.4947 30.4718C19.5101 30.4918 19.5255 30.5118 19.5412 30.5316C20.0856 31.2249 20.2066 32.1641 19.7981 32.9487C18.7012 35.0562 16.3376 39.0611 12.9684 41.881C12.4465 42.3178 12.0276 42.8982 11.7414 43.5798C10.8712 45.652 11.5505 47.9942 13.3997 49.227C15.729 50.7799 18.7773 49.8557 19.9432 47.3837C20.2332 46.7691 20.3893 46.1216 20.3893 45.4814C20.3893 41.1352 22.0236 36.6994 22.9698 34.4954C23.3137 33.6943 24.0939 33.1964 24.9506 33.2071C25.0003 33.2077 25.0501 33.208 25.1 33.2077C25.9437 33.2034 26.7059 33.7107 27.0441 34.4998C27.9553 36.626 29.4957 40.8734 29.6206 45.527C29.6394 46.2262 29.8189 46.9332 30.1726 47.5951C31.2431 49.5983 33.4983 50.4903 35.6065 49.7314C38.1849 48.8031 39.3372 45.8348 38.1841 43.3913C37.9303 42.8536 37.5925 42.3836 37.1825 42.0077C33.2774 38.4272 31.1325 34.8537 30.1635 32.9437C29.7702 32.1683 29.9006 31.2417 30.4394 30.5635C30.4632 30.5336 30.4867 30.5034 30.5101 30.4731C31.0412 29.782 31.9028 29.446 32.7347 29.6705C34.7912 30.2255 38.7109 31.5834 42.95 34.6232C43.401 34.9467 43.9245 35.1791 44.4946 35.3119C46.9624 35.8865 49.419 34.2732 49.9162 31.7222C50.3669 29.4089 48.9558 27.0493 46.733 26.4054L46.7332 26.4052Z" fill="#59A588"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/kluctl-text.svg b/pkg/webui/ui/src/icons/kluctl-text.svg
new file mode 100644
index 000000000..ec60048e9
--- /dev/null
+++ b/pkg/webui/ui/src/icons/kluctl-text.svg
@@ -0,0 +1,7 @@
+<svg width="115" height="34" viewBox="0 0 115 34" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.3567 8.6323H15.5247L5.24968 20.068V0.715027H0.601793L0.580078 32.3833H5.24968V20.9476L15.1598 32.3833H21.3864L10.5556 20.5078L21.3567 8.6323Z" fill="#DFEBE9"/>
+<path d="M30.3117 0.658997H25.7295V32.3832H30.3117V0.658997Z" fill="#DFEBE9"/>
+<path d="M99.0875 0.626038H94.4833V8.63227H89.9453V12.3269H94.4833V23.0369C94.4833 24.3271 94.5017 25.4816 94.5382 26.5004C94.5745 27.5198 94.8487 28.5202 95.3602 29.5025C95.9307 30.602 96.7782 31.4084 97.904 31.9215C99.0292 32.4346 100.308 32.7132 101.741 32.7569C103.173 32.8012 104.634 32.6763 106.126 32.3832V28.4909C104.576 28.711 103.228 28.7587 102.08 28.6338C100.933 28.5097 100.096 27.9929 99.5702 27.0834C99.2922 26.5992 99.1422 26.0058 99.1203 25.3021C99.0986 24.5983 99.0875 23.7699 99.0875 22.817V12.3269H106.126V8.63227H99.0875V0.626038Z" fill="#DFEBE9"/>
+<path d="M115 0.658997H110.418V32.3832H115V0.658997Z" fill="#DFEBE9"/>
+<path d="M73.7264 13.3715C74.6907 12.6602 75.9255 12.3045 77.4312 12.3045C78.7611 12.3045 79.9418 12.6753 80.972 13.4156C82.0027 14.1561 82.7443 15.1934 83.1975 16.5274L87.7579 15.2079C87.173 12.9644 85.9631 11.1983 84.1294 9.90803C82.2948 8.61753 80.0842 7.97266 77.497 7.97266C75.0998 7.97266 73.0464 8.50762 71.3364 9.57813C69.9637 10.4373 68.8575 11.5712 67.9935 12.9542L67.9805 12.9381C67.9805 12.9381 67.4187 14.0115 65.7626 14.3945C63.735 14.6699 61.9015 14.6724 60.338 14.5518C56.7422 14.0069 56.1432 10.8942 56.0653 9.41572V8.63239H51.1944V20.9914C51.1944 22.3992 51.0374 23.5947 50.7231 24.5765C50.4089 25.5586 49.9775 26.3503 49.4294 26.9517C48.8814 27.5531 48.242 27.989 47.511 28.2602C46.7801 28.5313 46.0053 28.6668 45.187 28.6668C43.9298 28.6668 42.9105 28.4104 42.1289 27.8969C41.3465 27.3842 40.7398 26.7094 40.3089 25.8741C39.8778 25.0382 39.5852 24.133 39.432 23.1582C39.2786 22.1831 39.2015 21.2339 39.2015 20.31V8.63222H34.5537V21.8272C34.5537 22.5606 34.6197 23.4105 34.7511 24.3781C34.8827 25.3461 35.131 26.3356 35.4966 27.3471C35.8616 28.3585 36.3914 29.2933 37.0861 30.1511C37.7799 31.0089 38.6824 31.7017 39.7937 32.2296C40.9039 32.7572 42.2783 33.0212 43.9154 33.0212C46.0495 33.0212 47.8691 32.5595 49.3747 31.6356C50.3024 31.0662 51.0809 30.3419 51.7427 29.4967V32.3835H56.0652V28.6462C56.1408 28.356 56.5575 27.3818 58.6937 26.9386C60.3092 26.6526 62.3773 26.6059 64.8661 27.1592C66.1567 27.446 67.3572 28.0281 68.3534 28.8992C68.6908 29.1942 69.0568 29.5108 69.4466 29.9256C69.9915 30.4788 70.58 30.9879 71.2486 31.4155C72.9439 32.5005 75.005 33.0431 77.4312 33.0431C79.9746 33.0431 82.1376 32.4238 83.9211 31.185C85.7041 29.9464 86.9827 28.1686 87.7579 25.8522L83.1097 24.7524C82.6277 26.0277 81.929 27.0067 81.0161 27.6881C80.1023 28.3699 78.9077 28.7109 77.4312 28.7109C75.268 28.7109 73.6347 27.9559 72.5312 26.4456C71.4276 24.9359 70.8685 22.9564 70.8537 20.5077C70.8685 18.9248 71.1093 17.5168 71.5775 16.2854C72.0451 15.0537 72.7616 14.0828 73.7264 13.3716V13.3715ZM57.7252 16.4901C58.9563 16.713 60.4897 16.8913 62.2601 16.8913C63.1733 16.8913 64.1502 16.8419 65.1781 16.7292C65.2069 16.7288 65.2361 16.7286 65.2479 16.7323C65.3 16.7477 65.4005 16.8842 64.9001 17.1154C64.0336 17.3999 62.8489 17.5927 61.1866 17.5927C59.5703 17.5927 58.4663 17.2747 57.7076 16.8354C57.599 16.755 57.505 16.6605 57.5157 16.5645C57.523 16.4964 57.6248 16.4847 57.7252 16.4901ZM64.4437 18.773C63.8614 19.1512 63.043 19.4511 61.8643 19.5722C60.7181 19.6901 59.8992 19.4178 59.3115 18.9864C59.2255 18.905 59.1482 18.807 59.1448 18.6999C59.1425 18.6236 59.2133 18.6034 59.2849 18.602C60.1834 18.7596 61.2908 18.8457 62.5462 18.7168C63.1939 18.6504 63.8812 18.5246 64.5971 18.3246C64.6178 18.3221 64.6384 18.3198 64.6469 18.323C64.6857 18.336 64.7724 18.4803 64.4437 18.773ZM64.609 24.4077C62.1265 23.9443 60.0012 24.0187 58.2715 24.3321C57.963 24.3395 57.6685 24.2506 57.6685 24.072C57.6685 23.9635 57.7764 23.8511 57.8904 23.7583C59.2316 22.8996 60.9024 22.8218 61.5537 22.8218C62.9716 22.8218 64.0627 23.1248 64.9057 23.5785L64.9037 23.5814C64.9037 23.5814 65.3778 23.8821 65.3014 24.1038C65.2284 24.3156 65.0761 24.4636 64.609 24.4077Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/targets.svg b/pkg/webui/ui/src/icons/targets.svg
new file mode 100644
index 000000000..e6a6ad8c9
--- /dev/null
+++ b/pkg/webui/ui/src/icons/targets.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48" fill="none">
+<circle cx="24" cy="24" r="24" fill="#222222"/>
+<path d="M14.9336 19.2H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+<path opacity="0.34" d="M14.9336 24.5334H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+<path d="M14.9336 29.8667H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+</svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/src/index.css b/pkg/webui/ui/src/index.css
index 63775a2e6..738f22103 100644
--- a/pkg/webui/ui/src/index.css
+++ b/pkg/webui/ui/src/index.css
@@ -5,6 +5,8 @@ body {
     sans-serif;
     -webkit-font-smoothing: antialiased;
     -moz-osx-font-smoothing: grayscale;
+    background: linear-gradient(180deg, #59A588 0%, #404846 100%);
+    background-attachment: fixed;
 }
 
 code {

From 5b463de1026cdd4866ab3c38bfc7df8dd2544cab Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Tue, 30 May 2023 01:57:55 +0600
Subject: [PATCH 1129/2268] WIP Main Page.

---
 pkg/webui/ui/package-lock.json                |  10 +-
 pkg/webui/ui/package.json                     |   2 +-
 pkg/webui/ui/src/components/ActionsMenu.tsx   |   5 +-
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  64 ++++++---
 pkg/webui/ui/src/components/Router.tsx        |   2 +-
 .../result-view/CommandResultStatusLine.tsx   |  36 +++--
 .../nodes/DeploymentItemIncludeNode.tsx       |   2 +-
 .../result-view/nodes/VarsSourceNode.tsx      |   2 +-
 .../targets-view/CommandResultItem.tsx        |  88 +++++++++----
 .../src/components/targets-view/Projects.tsx  |  54 +++++---
 .../src/components/targets-view/Targets.tsx   | 123 ++++++++++--------
 .../components/targets-view/TargetsView.tsx   | 120 +++++++++++------
 pkg/webui/ui/src/components/theme.ts          |  18 ++-
 pkg/webui/ui/src/icons/GitIcon.tsx            |   6 -
 pkg/webui/ui/src/icons/Icons.tsx              |  64 +++++++++
 pkg/webui/ui/src/icons/KluctlLogo.tsx         |   6 -
 pkg/webui/ui/src/icons/KluctlText.tsx         |   6 -
 pkg/webui/ui/src/icons/Targets.tsx            |   5 -
 pkg/webui/ui/src/icons/cpu.svg                |  16 +++
 pkg/webui/ui/src/icons/finger-scan.svg        |   8 ++
 pkg/webui/ui/src/icons/project.svg            |   5 +
 pkg/webui/ui/src/icons/relation-hline.svg     |   5 +
 pkg/webui/ui/src/icons/search.svg             |   4 +
 pkg/webui/ui/src/icons/target.svg             |   5 +
 pkg/webui/ui/src/icons/tree-view.svg          |   7 +
 pkg/webui/ui/src/index.css                    |  22 ++--
 pkg/webui/ui/src/index.tsx                    |   5 +-
 27 files changed, 465 insertions(+), 225 deletions(-)
 delete mode 100644 pkg/webui/ui/src/icons/GitIcon.tsx
 create mode 100644 pkg/webui/ui/src/icons/Icons.tsx
 delete mode 100644 pkg/webui/ui/src/icons/KluctlLogo.tsx
 delete mode 100644 pkg/webui/ui/src/icons/KluctlText.tsx
 delete mode 100644 pkg/webui/ui/src/icons/Targets.tsx
 create mode 100644 pkg/webui/ui/src/icons/cpu.svg
 create mode 100644 pkg/webui/ui/src/icons/finger-scan.svg
 create mode 100644 pkg/webui/ui/src/icons/project.svg
 create mode 100644 pkg/webui/ui/src/icons/relation-hline.svg
 create mode 100644 pkg/webui/ui/src/icons/search.svg
 create mode 100644 pkg/webui/ui/src/icons/target.svg
 create mode 100644 pkg/webui/ui/src/icons/tree-view.svg

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index 014cd172d..a31048de4 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -10,7 +10,7 @@
       "dependencies": {
         "@emotion/react": "^11.10.6",
         "@emotion/styled": "^11.10.6",
-        "@fontsource/roboto": "^4.5.8",
+        "@fontsource-variable/nunito": "^5.0.2",
         "@mui/icons-material": "^5.11.11",
         "@mui/lab": "^5.0.0-alpha.124",
         "@mui/material": "^5.11.14",
@@ -2386,10 +2386,10 @@
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       }
     },
-    "node_modules/@fontsource/roboto": {
-      "version": "4.5.8",
-      "resolved": "https://registry.npmjs.org/@fontsource/roboto/-/roboto-4.5.8.tgz",
-      "integrity": "sha512-CnD7zLItIzt86q4Sj3kZUiLcBk1dSk81qcqgMGaZe7SQ1P8hFNxhMl5AZthK1zrDM5m74VVhaOpuMGIL4gagaA=="
+    "node_modules/@fontsource-variable/nunito": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.0.2.tgz",
+      "integrity": "sha512-ztW98DGVZbq77ITkqg5+C5O8CI/SoaiqWOFBfbyE7CHMkU8XaBOXFe2l6H7YREE15mMIKCGA/icztQuoLi21lA=="
     },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.8",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index eea5b6cc0..e658c5ed9 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -7,7 +7,7 @@
   "dependencies": {
     "@emotion/react": "^11.10.6",
     "@emotion/styled": "^11.10.6",
-    "@fontsource/roboto": "^4.5.8",
+    "@fontsource-variable/nunito": "^5.0.2",
     "@mui/icons-material": "^5.11.11",
     "@mui/lab": "^5.0.0-alpha.124",
     "@mui/material": "^5.11.14",
diff --git a/pkg/webui/ui/src/components/ActionsMenu.tsx b/pkg/webui/ui/src/components/ActionsMenu.tsx
index 8247b7ed8..4b297e5ca 100644
--- a/pkg/webui/ui/src/components/ActionsMenu.tsx
+++ b/pkg/webui/ui/src/components/ActionsMenu.tsx
@@ -22,7 +22,7 @@ export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMe
         setAnchorEl(null);
     };
 
-    const icon = props.icon || <MoreVert/>
+    const icon = props.icon || <MoreVert />
 
     return <React.Fragment>
         <IconButton
@@ -31,6 +31,7 @@ export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMe
             aria-controls={menuOpen ? 'account-menu' : undefined}
             aria-haspopup="true"
             aria-expanded={menuOpen ? 'true' : undefined}
+            sx={{ padding: 0 }}
         >
             {icon}
         </IconButton>
@@ -39,7 +40,7 @@ export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMe
             id="account-menu"
             open={menuOpen}
             onClose={handleMenuClose}
-            onClick={ e => {e.stopPropagation(); handleMenuClose()}}
+            onClick={e => { e.stopPropagation(); handleMenuClose() }}
             PaperProps={{
                 elevation: 0,
                 sx: {
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index cd712c4b5..5c1c61859 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -4,27 +4,22 @@ import { CSSObject, styled, Theme, ThemeProvider, useTheme } from '@mui/material
 import Box from '@mui/material/Box';
 import MuiDrawer from '@mui/material/Drawer';
 import MuiAppBar, { AppBarProps as MuiAppBarProps } from '@mui/material/AppBar';
-import Toolbar from '@mui/material/Toolbar';
 import List from '@mui/material/List';
 import Divider from '@mui/material/Divider';
 import IconButton from '@mui/material/IconButton';
-import MenuIcon from '@mui/icons-material/Menu';
-import ChevronLeftIcon from '@mui/icons-material/ChevronLeft';
-import ChevronRightIcon from '@mui/icons-material/ChevronRight';
 import ListItem from '@mui/material/ListItem';
 import ListItemButton from '@mui/material/ListItemButton';
 import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
 import { Link } from "react-router-dom";
 import { AppOutletContext } from "./App";
-import { KluctlLogo } from "../icons/KluctlLogo";
-import { Targets } from '../icons/Targets';
+import { KluctlLogo, TargetsIcon, KluctlText, SearchIcon } from '../icons/Icons';
 import { dark } from './theme';
-import { KluctlText } from '../icons/KluctlText';
 import { Typography } from '@mui/material';
 
 const drawerWidthOpen = 224;
 const drawerWidthClosed = 96;
+const appBarHeight = 106;
 
 const openedMixin = (theme: Theme): CSSObject => ({
     width: drawerWidthOpen,
@@ -45,7 +40,7 @@ const closedMixin = (theme: Theme): CSSObject => ({
 });
 
 const DrawerHeader = styled('div')(({ theme }) => ({
-    height: '106px',
+    height: appBarHeight,
     padding: '31px 23px 0 23px',
     // necessary for content to be below app bar
     ...theme.mixins.toolbar,
@@ -58,7 +53,7 @@ interface AppBarProps extends MuiAppBarProps {
 const AppBar = styled(MuiAppBar, {
     shouldForwardProp: (prop) => prop !== 'open',
 })<AppBarProps>(({ theme, open }) => ({
-    height: 106,
+    height: appBarHeight,
     border: 'none',
     boxShadow: 'none',
     background: 'transparent',
@@ -133,16 +128,47 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
 
     const [open, setOpen] = useState(true);
 
+    const theme = useTheme();
+
     const toggleDrawer = () => {
         setOpen(o => !o);
     };
 
     return (
-        <Box sx={{ display: 'flex' }} height={"100%"}>
-            <AppBar position="fixed" open={open}>
-                <Typography variant='h1' fontSize='32px' fontWeight='bold'>
-                    Dashboard
-                </Typography>
+        <Box display='flex' height='100%'>
+            <AppBar position='fixed' open={open}>
+                <Box display='flex' justifyContent='space-between'>
+                    <Typography variant='h1' fontSize='32px' fontWeight='bold' lineHeight='40px'>
+                        Dashboard
+                    </Typography>
+                    <Box
+                        height='40px'
+                        maxWidth='314px'
+                        flexGrow={1}
+                        borderRadius='10px'
+                        display='flex'
+                        justifyContent='space-between'
+                        alignItems='center'
+                        padding='0 9px 0 15px'
+                        sx={{ background: theme.palette.background.default }}
+                    >
+                        <input
+                            type='text'
+                            style={{
+                                background: 'none',
+                                border: 'none',
+                                outline: 'none',
+                                height: '20px',
+                                lineHeight: '20px',
+                                fontSize: '18px'
+                            }}
+                            placeholder='Search'
+                        />
+                        <IconButton sx={{ padding: 0, height: 40, width: 40 }}>
+                            <SearchIcon />
+                        </IconButton>
+                    </Box>
+                </Box>
                 <Divider />
             </AppBar>
             <ThemeProvider theme={dark}>
@@ -156,17 +182,19 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                         </IconButton>
                     </DrawerHeader>
                     <Divider />
-                    <List>
-                        <Item text={"Targets"} open={open} icon={<Targets />} to={"targets"} />
+                    <List sx={{ padding: 0 }}>
+                        <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} />
                         <Divider />
                         {context.filters}
                     </List>
                     {context.filters && <Divider />}
                 </Drawer>
             </ThemeProvider>
-            <Box component="main" sx={{ flexGrow: 1 }} minWidth={0}>
+            <Box component="main" sx={{ flexGrow: 1, height: '100%', overflow: 'hidden' }} minWidth={0}>
                 <DrawerHeader />
-                {props.content}
+                <Box width='100%' height={`calc(100% - ${appBarHeight}px)`} overflow='auto'>
+                    {props.content}
+                </Box>
             </Box>
         </Box>
     );
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index ee3417a1a..0c908fdb7 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,4 +1,4 @@
-import { createBrowserRouter, createHashRouter, useRouteError } from "react-router-dom";
+import { createHashRouter, useRouteError } from "react-router-dom";
 import React from "react";
 import App from "./App";
 import { projectsLoader, TargetsView } from "./targets-view/TargetsView";
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index d5a48a05b..11b9721d6 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -20,7 +20,15 @@ export const StatusLine = (props: StatusLineProps) => {
             children.push(
                 <Box key={children.length} display={"flex"} flexDirection={"column"}>
                     <Tooltip title={n + " " + t}>
-                        {icon}
+                        <Box
+                            display='flex'
+                            alignItems='center'
+                            justifyContent='center'
+                            width='24px'
+                            height='24px'
+                        >
+                            {icon}
+                        </Box>
                     </Tooltip>
                     <Typography fontSize={"10px"} align={"center"}>{n}</Typography>
                 </Box>
@@ -28,12 +36,12 @@ export const StatusLine = (props: StatusLineProps) => {
         }
     }
 
-    doPush(props.errors, "total errors.", <Dangerous color={"error"}/>)
-    doPush(props.warnings, "total warnings.", <Warning color={"warning"}/>)
-    doPush(props.newObjects, "new objects.", <LibraryAdd color={"info"}/>)
-    doPush(props.deletedObjects, "deleted objects.", <Delete color={"info"}/>)
-    doPush(props.orphanObjects, "orphan objects.", <LinkOff color={"info"}/>)
-    doPush(props.changedObjects, "changed objects.", <Difference color={"info"}/>)
+    doPush(props.errors, "total errors.", <Dangerous color={"error"} />)
+    doPush(props.warnings, "total warnings.", <Warning color={"warning"} />)
+    doPush(props.newObjects, "new objects.", <LibraryAdd color={"info"} />)
+    doPush(props.deletedObjects, "deleted objects.", <Delete color={"info"} />)
+    doPush(props.orphanObjects, "orphan objects.", <LinkOff color={"info"} />)
+    doPush(props.changedObjects, "changed objects.", <Difference color={"info"} />)
 
     return <Box display="flex" width={"100%"}>
         {children}
@@ -42,18 +50,18 @@ export const StatusLine = (props: StatusLineProps) => {
 
 export const CommandResultStatusLine = (props: { rs: CommandResultSummary }) => {
     return <StatusLine errors={props.rs.errors}
-                       warnings={props.rs.warnings}
-                       changedObjects={props.rs.changedObjects}
-                       newObjects={props.rs.newObjects}
-                       deletedObjects={props.rs.deletedObjects}
-                       orphanObjects={props.rs.orphanObjects}
+        warnings={props.rs.warnings}
+        changedObjects={props.rs.changedObjects}
+        newObjects={props.rs.newObjects}
+        deletedObjects={props.rs.deletedObjects}
+        orphanObjects={props.rs.orphanObjects}
     />
 }
 
 
 export const ValidateResultStatusLine = (props: { vr?: ValidateResult }) => {
     return <StatusLine errors={props.vr?.errors?.length}
-                       warnings={props.vr?.warnings?.length}
-                       changedObjects={props.vr?.drift?.length}
+        warnings={props.vr?.warnings?.length}
+        changedObjects={props.vr?.drift?.length}
     />
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
index 8d5ecc36c..1d33bf8b6 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
@@ -3,7 +3,7 @@ import React from 'react';
 import { DeploymentItemConfig, DeploymentProjectConfig } from "../../../models";
 import { NodeData } from "./NodeData";
 import { FolderZip } from "@mui/icons-material";
-import { GitIcon } from "../../../icons/GitIcon";
+import { GitIcon } from "../../../icons/Icons";
 import { CommandResultProps } from "../CommandResultView";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
index d53838eeb..3b5674e5c 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
@@ -2,7 +2,7 @@ import { VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
 import { Category, Cloud, Dvr, Http, Lock, Settings, Source } from "@mui/icons-material";
-import { GitIcon } from "../../../icons/GitIcon";
+import { GitIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
 import { Box } from "@mui/material";
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 8c23fb84e..6eb2dec6e 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,6 +1,6 @@
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { AccountTree, CleaningServices, CloudSync, Delete, Difference } from "@mui/icons-material";
-import React, { useEffect, useMemo, useState } from "react";
+import { CleaningServices, CloudSync, Delete, Difference } from "@mui/icons-material";
+import { useEffect, useMemo, useState } from "react";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
 import Paper from "@mui/material/Paper";
@@ -8,6 +8,7 @@ import { Box, IconButton, Tooltip, Typography } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { formatDurationShort } from "../../utils/duration";
+import { TreeViewIcon } from "../../icons/Icons";
 
 export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs?: CommandResultSummary) => void }) => {
     const calcAgo = () => {
@@ -42,7 +43,7 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
     const cmdInfoYaml = useMemo(() => {
         return yaml.dump(props.rs.commandInfo)
     }, [props.rs])
-    let iconTooltip = <CodeViewer code={cmdInfoYaml} language={"yaml"}/>
+    let iconTooltip = <CodeViewer code={cmdInfoYaml} language={"yaml"} />
 
     useEffect(() => {
         const interval = setInterval(() => setAgo(calcAgo()), 5000);
@@ -51,39 +52,70 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
 
     return <Paper
         elevation={5}
-        sx={{width: "100%", height: "100%"}}
+        sx={{
+            width: "100%",
+            height: "100%",
+            borderRadius: '12px',
+            border: '1px solid #59A588',
+            boxShadow: '4px 4px 10px #1E617A',
+            padding: '20px 16px 5px 16px'
+        }}
         onClick={e => props.onSelectCommandResult(props.rs)}
     >
-        <Box display={"flex"} width={"100%"} height={"100%"}>
-            <Box display="flex" justifyContent="center" alignItems="center" m={1}>
-                <Box display="flex" flexDirection={"column"} alignItems={"center"}>
+        <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
+            <Box display='flex' gap='15px'>
+                <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
                     <Tooltip title={iconTooltip}>
-                        <Icon fontSize={"large"}/>
+                        <Icon fontSize={"large"} />
                     </Tooltip>
+                </Box>
+                <Box flexGrow={1}>
+                    <Typography
+                        variant='h6'
+                        textAlign='left'
+                        textOverflow='ellipsis'
+                        overflow='hidden'
+                        lineHeight='27.28px'
+                        flexGrow={1}
+                        fontSize='20px'
+                        fontWeight={800}
+                    >
+                        {props.rs.commandInfo?.command}
+                    </Typography>
                     <Tooltip title={props.rs.commandInfo.startTime}>
-                        <Typography fontSize={"10px"} color={"gray"} align={"center"}>{ago}</Typography>
+                        <Typography
+                            variant='subtitle1'
+                            textAlign='left'
+                            textOverflow='ellipsis'
+                            overflow='hidden'
+                            whiteSpace='nowrap'
+                            fontSize='14px'
+                            fontWeight={500}
+                            lineHeight='19px'
+                        >{ago}</Typography>
                     </Tooltip>
                 </Box>
             </Box>
-            <Box display="flex" flexDirection={"column"} width={"100%"} m={1}>
-                <Typography variant={"h6"}>{props.rs.commandInfo?.command}</Typography>
-                <Box display={"flex"} marginTop={"auto"}>
-                    <Box width={"100%"}>
-                        <CommandResultStatusLine rs={props.rs}/>
-                    </Box>
-                    <Box marginLeft={"auto"} marginBottom={0}>
-                        <Box display={"flex"}>
-                            <IconButton onClick={e => {
-                                e.stopPropagation();
-                                navigate(`/results/${props.rs.id}`)
-
-                            }}>
-                                <Tooltip title={"Open Result Tree"}>
-                                    <AccountTree/>
-                                </Tooltip>
-                            </IconButton>
-                        </Box>
-                    </Box>
+            <Box display='flex' alignItems='center' justifyContent='space-between'>
+                <Box display='flex' gap='6px' alignItems='center'>
+                    <CommandResultStatusLine rs={props.rs} />
+                </Box>
+                <Box display='flex' gap='6px' alignItems='center' height='39px'>
+                    <IconButton
+                        onClick={e => {
+                            e.stopPropagation();
+                            navigate(`/results/${props.rs.id}`);
+                        }}
+                        sx={{
+                            padding: 0,
+                            width: 26,
+                            height: 26
+                        }}
+                    >
+                        <Tooltip title={"Open Result Tree"}>
+                            <Box display='flex'><TreeViewIcon /></Box>
+                        </Tooltip>
+                    </IconButton>
                 </Box>
             </Box>
         </Box>
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
index 390fb9ee1..4756cf046 100644
--- a/pkg/webui/ui/src/components/targets-view/Projects.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Projects.tsx
@@ -4,41 +4,57 @@ import Paper from "@mui/material/Paper";
 import { Box, Typography } from "@mui/material";
 import React from "react";
 import Tooltip from "@mui/material/Tooltip";
+import { ProjectIcon } from "../../icons/Icons";
 
 export const ProjectItem = (props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
     const subDir = props.ps.project.subDir
 
     const projectInfo = <Box>
-        {props.ps.project.gitRepoKey}<br/>
+        {props.ps.project.gitRepoKey}<br />
         {props.ps.project.subDir ? <>
-            SubDir: {props.ps.project.subDir}<br/>
+            SubDir: {props.ps.project.subDir}<br />
         </> : <></>}
     </Box>
 
-    return <Paper elevation={5} sx={{width: "100%", height: "100%"}}>
-        <Box display="flex" flexDirection={"column"} justifyContent={"space-between"} height={"100%"}>
-            <Box m={1}>
-                {name ?
-                    <Tooltip title={projectInfo}>
-                        <Typography
-                            variant={"h6"}
-                            textAlign={"center"}
-                            textOverflow={"ellipsis"}
-                            overflow={"hidden"}
-                            whiteSpace={"nowrap"}
-                        >
-                            {name}
-                        </Typography>
-                    </Tooltip>
-                    : <></>}
+    return <Paper
+        elevation={5}
+        sx={{
+            width: "100%",
+            height: "100%",
+            borderRadius: '12px',
+            border: '1px solid #59A588',
+            boxShadow: '4px 4px 10px #1E617A',
+            padding: '5px 16px'
+        }}>
+        <Box display="flex" flexDirection={"column"} justifyContent='center' height={"100%"}>
+            <Box display='flex' alignItems='center' gap='15px'>
+                {name && (
+                    <>
+                        <Box flexShrink={0}><ProjectIcon /></Box>
+                        <Tooltip title={projectInfo}>
+                            <Typography
+                                variant='h6'
+                                textAlign='left'
+                                textOverflow='ellipsis'
+                                overflow='hidden'
+                                lineHeight={1.2}
+                                flexGrow={1}
+                                fontSize='20px'
+                                fontWeight={800}
+                            >
+                                {name}
+                            </Typography>
+                        </Tooltip>
+                    </>
+                )}
             </Box>
             <Box>
                 {subDir ?
                     <Typography textAlign={"center"}>{subDir}</Typography>
                     : <></>}
             </Box>
-            <Box marginTop={"auto"}>
+            <Box>
                 <Box display={"flex"}>
                     <Box marginLeft={"auto"}>
                         {/*<ActionsMenu menuItems={actionMenuItems}/>*/}
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index b7b99849f..729cf98ff 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -1,28 +1,29 @@
 import { ProjectSummary, TargetSummary } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import Paper from "@mui/material/Paper";
-import { Box, Typography } from "@mui/material";
+import { Box, Typography, useTheme } from "@mui/material";
 import React from "react";
-import { Jdenticon } from "../Jdenticon";
 import Tooltip from "@mui/material/Tooltip";
-import { Favorite, Fingerprint, HeartBroken, PublishedWithChanges, QuestionMark } from "@mui/icons-material";
+import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
 import { api } from "../../api";
+import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
+    const theme = useTheme();
 
     if (props.ts.lastValidateResult === undefined) {
-        icon = <QuestionMark color={"error"}/>
+        icon = <MessageQuestionIcon color={theme.palette.error.main} />
     } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
         if (props.ts.lastValidateResult.warnings?.length) {
-            icon = <Favorite color={"warning"}/>
+            icon = <Favorite color={"warning"} />
         } else if (props.ts.lastValidateResult.drift?.length) {
-            icon = <Favorite color={"primary"}/>
+            icon = <Favorite color={"primary"} />
         } else {
-            icon = <Favorite color={"success"}/>
+            icon = <Favorite color={"success"} />
         }
     } else {
-        icon = <HeartBroken color={"error"}/>
+        icon = <HeartBroken color={"error"} />
     }
 
     const tooltip: string[] = []
@@ -46,7 +47,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     }
 
     return <Tooltip title={tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}>
-        {icon}
+        <Box display='flex'>{icon}</Box>
     </Tooltip>
 }
 
@@ -54,7 +55,7 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
     const actionMenuItems: ActionMenuItem[] = []
 
     actionMenuItems.push({
-        icon: <PublishedWithChanges/>,
+        icon: <PublishedWithChanges />,
         text: "Validate now",
         handler: () => {
             api.validateNow(props.ps.project, props.ts.target)
@@ -79,9 +80,9 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
     })
 
     const contextTooltip = <Box textAlign={"center"}>
-        <Typography>All known contexts:</Typography>
+        <Typography variant="subtitle2">All known contexts:</Typography>
         {allContexts.map((context, i) => (
-            <Typography key={i}>{context}</Typography>
+            <Typography key={i} variant="subtitle2">{context}</Typography>
         ))}
     </Box>
 
@@ -92,54 +93,62 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
 
     return <Paper
         elevation={5}
-        sx={{ width: "100%", height: "100%" }}
+        sx={{
+            width: "100%",
+            height: "100%",
+            borderRadius: '12px',
+            border: '1px solid #59A588',
+            boxShadow: '4px 4px 10px #1E617A',
+            padding: '20px 16px 12px 16px'
+        }}
         onClick={e => props.onSelectTarget(props.ts)}
     >
-        <Box display="flex" flexDirection={"column"} justifyContent={"space-between"} height={"100%"}>
-            <Box p={1} paddingBottom={0}>
-                <Typography
-                    variant={"subtitle2"}
-                    textAlign={"center"}
-                    textOverflow={"ellipsis"}
-                    overflow={"hidden"}
-                    whiteSpace={"nowrap"}
-                >
-                    {targetName}
-                </Typography>
-                {allContexts.length ?
-                    <Tooltip title={contextTooltip}>
-                        <Typography
-                            variant={"subtitle1"}
-                            textAlign={"center"}
-                            textOverflow={"ellipsis"}
-                            overflow={"hidden"}
-                            whiteSpace={"nowrap"}
-                            fontSize={"10px"}
-                        >
-                            {allContexts[0]}
-                        </Typography>
-
-                    </Tooltip>
-                    : <></>}
-            </Box>
-            <Box>
-                <Box display={"flex"} alignItems={"center"}>
-                    <Box display={"flex"} width={"100%"}>
-                        <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
-                            <div>
-                                <Jdenticon value={props.ts.target.clusterId} size={"24px"}/>
-                            </div>
+        <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
+            <Box display='flex' gap='15px'>
+                <Box flexShrink={0}><TargetIcon /></Box>
+                <Box flexGrow={1}>
+                    <Typography
+                        variant='h6'
+                        textAlign='left'
+                        textOverflow='ellipsis'
+                        overflow='hidden'
+                        lineHeight='27.28px'
+                        flexGrow={1}
+                        fontSize='20px'
+                        fontWeight={800}
+                    >
+                        {targetName}
+                    </Typography>
+                    {allContexts.length ?
+                        <Tooltip title={contextTooltip}>
+                            <Typography
+                                variant='subtitle1'
+                                textAlign='left'
+                                textOverflow='ellipsis'
+                                overflow='hidden'
+                                whiteSpace='nowrap'
+                                fontSize='14px'
+                                fontWeight={500}
+                                lineHeight='19px'
+                            >
+                                {allContexts[0]}
+                            </Typography>
                         </Tooltip>
-                        <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
-                            <div>
-                                <Fingerprint/>
-                            </div>
-                        </Tooltip>
-                    </Box>
-                    <StatusIcon {...props}/>
-                    <Box marginLeft={"auto"} alignItems={"center"}>
-                        <ActionsMenu menuItems={actionMenuItems}/>
-                    </Box>
+                        : <></>}
+                </Box>
+            </Box>
+            <Box display='flex' alignItems='center' justifyContent='space-between'>
+                <Box display='flex' gap='6px' alignItems='center'>
+                    <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
+                        <Box display='flex'><CpuIcon /></Box>
+                    </Tooltip>
+                    <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
+                        <Box display='flex'><FingerScanIcon /></Box>
+                    </Tooltip>
+                </Box>
+                <Box display='flex' gap='6px' alignItems='center'>
+                    <StatusIcon {...props} />
+                    <ActionsMenu menuItems={actionMenuItems} />
                 </Box>
             </Box>
         </Box>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 3f44afc91..991546840 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,6 +1,6 @@
 import { useLoaderData } from "react-router-dom";
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { Box, Typography } from "@mui/material";
+import { Box, BoxProps, Typography } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { useAppOutletContext } from "../App";
 import { api } from "../../api";
@@ -10,15 +10,56 @@ import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
+import { RelationHLine } from "../../icons/Icons";
 
-const targetWidth = "220px"
-const targetHeight = "110px"
+const colWidth = 433;
+const cardWidth = 247;
+const projectCardHeight = 80;
+const cardHeight = 126;
 
 export async function projectsLoader() {
     const projects = await api.listProjects()
     return projects
 }
 
+function ColHeader({ children }: { children: React.ReactNode }) {
+    return <Box
+        minWidth={colWidth}
+        width={colWidth}
+        height='42px'
+        display='flex'
+        alignItems='center'
+        sx={{
+            borderLeft: '0.8px solid rgba(0,0,0,0.5)',
+            paddingLeft: '15px',
+            '&:first-of-type': {
+                borderLeft: 'none',
+                paddingLeft: 0
+            }
+        }}
+    >
+        <Typography variant={"h6"} textAlign='left' fontSize='20px' fontWeight={700}>{children}</Typography>
+    </Box>
+}
+
+function Card({ children, ...rest }: BoxProps) {
+    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...rest}>
+        {children}
+    </Box>
+}
+
+function CardCol({ children, ...rest }: BoxProps) {
+    return <Box display='flex' flexDirection='column' gap='20px' {...rest}>
+        {children}
+    </Box>
+}
+
+function CardRow({ children, ...rest }: BoxProps) {
+    return <Box display='flex' gap='20px' {...rest}>
+        {children}
+    </Box>
+}
+
 export const TargetsView = () => {
     const context = useAppOutletContext()
     const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary>()
@@ -39,57 +80,58 @@ export const TargetsView = () => {
         setSelectedTargetSummary(ts)
     }
 
+    useEffect(() => {
+        if (projects[2].targets.length < 3) {
+            projects[2].targets.push(projects[2].targets[0])
+        }
+    })
+
     return <Box width={"max-content"} p='0 40px'>
-        <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)}/>
-        <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)}/>
-        <Box display={"flex"} alignItems={"center"} p={1}>
-            <Box minWidth={targetWidth} width={targetWidth}>
-                <Typography variant={"h6"} textAlign={"center"}>Projects</Typography>
-            </Box>
-            <Box minWidth={"20px"}/>
-            <Box minWidth={targetWidth} width={targetWidth}>
-                <Typography variant={"h6"} textAlign={"center"}>Targets</Typography>
-            </Box>
-            <Box minWidth={"20px"}/>
-            <Box minWidth={targetWidth} width={targetWidth}>
-                <Typography variant={"h6"} textAlign={"center"}>History</Typography>
-            </Box>
+        <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)} />
+        <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)} />
+        <Box display={"flex"} alignItems={"center"} height='70px'>
+            <ColHeader>Projects</ColHeader>
+            <ColHeader>Targets</ColHeader>
+            <ColHeader>History</ColHeader>
         </Box>
-        <Divider/>
+        <Divider />
         {projects.map((ps, i) => {
             return <Box key={i}>
-                <Box display={"flex"} alignItems={"center"} p={1}>
-                    <Box minWidth={targetWidth} width={targetWidth}>
-                        <Box display={"flex"} minWidth={"220px"} height={targetHeight} p={1}>
-                            <ProjectItem ps={ps}/>
-                        </Box>
-                    </Box>
-                    <Box minWidth={"20px"}/>
+                <Box key={i} display={"flex"} alignItems={"center"} margin='40px 0'>
+                    <CardCol width={colWidth}>
+                        <Card height={projectCardHeight}>
+                            <ProjectItem ps={ps} />
+                        </Card>
+                    </CardCol>
 
-                    <Box minWidth={targetWidth} width={targetWidth}>
+                    <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={i} display={"flex"} height={targetHeight} p={1}>
-                                <TargetItem ps={ps} ts={ts}
-                                            onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)}/>
+                            return <Box key={i} display='flex'>
+                                <Card>
+                                    <TargetItem ps={ps} ts={ts}
+                                        onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)} />
+                                </Card>
+                                <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center'>
+                                    <RelationHLine />
+                                </Box>
                             </Box>
                         })}
-                    </Box>
-                    <Box minWidth={"20px"}/>
+                    </CardCol>
 
-                    <Box>
+                    <CardCol>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={i} display={"flex"} height={targetHeight} paddingY={1}>
+                            return <CardRow key={i}>
                                 {ts.commandResults?.map((rs, i) => {
-                                    return <Box key={i} height={"100%"} paddingX={1}>
+                                    return <Card key={i}>
                                         <CommandResultItem ps={ps} ts={ts} rs={rs}
-                                                           onSelectCommandResult={(rs) => doSetSelectedCommandResult(rs)}/>
-                                    </Box>
+                                            onSelectCommandResult={(rs) => doSetSelectedCommandResult(rs)} />
+                                    </Card>
                                 })}
-                            </Box>
+                            </CardRow>
                         })}
-                    </Box>
+                    </CardCol>
                 </Box>
-                <Divider/>
+                <Divider />
             </Box>
         })}
     </Box>
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index a552fab79..bc1c18469 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -7,11 +7,20 @@ const paletteDark = {
 
 const paletteLight = {
     primary: { main: '#222222' },
-    secondary: { main: '#39403E'}
+    secondary: { main: '#39403E' },
+    background: { default: '#DFEBE9', paper: '#DFEBE9' },
+    text: { primary: '#222222' }
 } satisfies PaletteOptions;
 
 export const light = createTheme({
     palette: paletteLight,
+    typography: {
+        fontFamily: 'Nunito Variable',
+        h1: { color: '#222222' },
+        h6: { color: '#39403E' },
+        subtitle1: { color: '#39403E' },
+        subtitle2: { fontSize: '14px', lineHeight: 1.2 }
+    },
     components: {
         MuiDivider: {
             styleOverrides: {
@@ -32,6 +41,9 @@ export const light = createTheme({
 
 export const dark = createTheme({
     palette: paletteDark,
+    typography: {
+        fontFamily: 'Nunito Variable'
+    },
     components: {
         MuiListItem: {
             styleOverrides: {
@@ -53,10 +65,10 @@ export const dark = createTheme({
             styleOverrides: {
                 root: {
                     border: 'none'
-                }, 
+                },
                 paper: {
                     border: 'none'
-                }, 
+                },
             }
         },
         MuiDivider: {
diff --git a/pkg/webui/ui/src/icons/GitIcon.tsx b/pkg/webui/ui/src/icons/GitIcon.tsx
deleted file mode 100644
index 6948ffe5a..000000000
--- a/pkg/webui/ui/src/icons/GitIcon.tsx
+++ /dev/null
@@ -1,6 +0,0 @@
-import { ReactComponent as GitIconSvg } from './git.svg';
-import React from "react";
-
-export const GitIcon = () => {
-    return <GitIconSvg width={"35px"} height={"35px"}/>
-}
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
new file mode 100644
index 000000000..18921d8bc
--- /dev/null
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -0,0 +1,64 @@
+import { ReactComponent as KluctlTextSvg } from './kluctl-text.svg';
+import { ReactComponent as GitIconSvg } from './git.svg';
+import { ReactComponent as KluctlLogoSvg } from './kluctl-logo.svg';
+import { ReactComponent as SearchIconSvg } from './search.svg';
+import { ReactComponent as TargetsIconSvg } from './targets.svg';
+import { ReactComponent as TargetIconSvg } from './target.svg';
+import { ReactComponent as RelationHLineSvg } from './relation-hline.svg';
+import { ReactComponent as ProjectIconSvg } from './project.svg';
+import { ReactComponent as CpuIconSvg } from './cpu.svg';
+import { ReactComponent as FingerScanIconSvg } from './finger-scan.svg';
+import { ReactComponent as TreeViewIconSvg } from './tree-view.svg';
+
+export const KluctlText = () => {
+    return <KluctlTextSvg width="115px" height="33px" />
+}
+
+export const GitIcon = () => {
+    return <GitIconSvg width={"35px"} height={"35px"} />
+}
+
+export const KluctlLogo = () => {
+    return <KluctlLogoSvg width="50px" height="50px" />
+}
+
+export const SearchIcon = () => {
+    return <SearchIconSvg width="27px" height="27px" />
+}
+
+export const TargetsIcon = () => {
+    return <TargetsIconSvg width="48px" height="48px" />
+}
+
+export const TargetIcon = () => {
+    return <TargetIconSvg width="45px" height="45px" />
+}
+export const RelationHLine = () => {
+    return <RelationHLineSvg width="169px" height="12px" />
+}
+
+export const ProjectIcon = () => {
+    return <ProjectIconSvg width="45px" height="45px" />
+}
+
+export const CpuIcon = () => {
+    return <CpuIconSvg width="24px" height="24px" />
+}
+
+export const FingerScanIcon = () => {
+    return <FingerScanIconSvg width="24px" height="24px" />
+}
+
+export const MessageQuestionIcon = (props: { color: string }) => {
+    return <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+        <path
+            d="M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z"
+            fill={props.color}
+        />
+    </svg>
+
+}
+
+export const TreeViewIcon = () => {
+    return <TreeViewIconSvg width="26px" height="26px" />
+}
diff --git a/pkg/webui/ui/src/icons/KluctlLogo.tsx b/pkg/webui/ui/src/icons/KluctlLogo.tsx
deleted file mode 100644
index f7c3d0665..000000000
--- a/pkg/webui/ui/src/icons/KluctlLogo.tsx
+++ /dev/null
@@ -1,6 +0,0 @@
-import { ReactComponent as KluctlLogoSvg } from './kluctl-logo.svg';
-import React from "react";
-
-export const KluctlLogo = () => {
-    return <KluctlLogoSvg width="50px" height="50px" />
-}
diff --git a/pkg/webui/ui/src/icons/KluctlText.tsx b/pkg/webui/ui/src/icons/KluctlText.tsx
deleted file mode 100644
index 6122532ab..000000000
--- a/pkg/webui/ui/src/icons/KluctlText.tsx
+++ /dev/null
@@ -1,6 +0,0 @@
-import { ReactComponent as KluctlTextSvg } from './kluctl-text.svg';
-import React from "react";
-
-export const KluctlText = () => {
-    return <KluctlTextSvg width="115px" height="33px" />
-}
diff --git a/pkg/webui/ui/src/icons/Targets.tsx b/pkg/webui/ui/src/icons/Targets.tsx
deleted file mode 100644
index d1ba0a421..000000000
--- a/pkg/webui/ui/src/icons/Targets.tsx
+++ /dev/null
@@ -1,5 +0,0 @@
-import { ReactComponent as TargetsSvg } from './targets.svg';
-
-export const Targets = () => {
-    return <TargetsSvg width="48px" height="48px" />
-}
diff --git a/pkg/webui/ui/src/icons/cpu.svg b/pkg/webui/ui/src/icons/cpu.svg
new file mode 100644
index 000000000..b30baa518
--- /dev/null
+++ b/pkg/webui/ui/src/icons/cpu.svg
@@ -0,0 +1,16 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M15 4H9C6.24 4 4 6.24 4 9V15C4 17.76 6.24 20 9 20H15C17.76 20 20 17.76 20 15V9C20 6.24 17.76 4 15 4ZM17.26 14.26C17.26 15.92 15.92 17.26 14.26 17.26H9.74C8.08 17.26 6.74 15.92 6.74 14.26V9.74C6.74 8.08 8.08 6.74 9.74 6.74H14.25C15.91 6.74 17.25 8.08 17.25 9.74V14.26H17.26Z" fill="#39403E"/>
+<path d="M9.06006 2.75V4H9.00006C8.50006 4 8.02006 4.07 7.56006 4.21V2.75C7.56006 2.34 7.89006 2 8.31006 2C8.72006 2 9.06006 2.34 9.06006 2.75Z" fill="#39403E"/>
+<path d="M12.75 2.75V4H11.25V2.75C11.25 2.34 11.59 2 12 2C12.41 2 12.75 2.34 12.75 2.75Z" fill="#39403E"/>
+<path d="M16.4502 2.75V4.21C15.9902 4.07 15.5002 4 15.0002 4H14.9502V2.75C14.9502 2.34 15.2902 2 15.7002 2C16.1102 2 16.4502 2.34 16.4502 2.75Z" fill="#39403E"/>
+<path d="M22 8.3C22 8.72 21.67 9.05 21.25 9.05H20V9C20 8.5 19.93 8.01 19.79 7.55H21.25C21.67 7.55 22 7.89 22 8.3Z" fill="#39403E"/>
+<path d="M22 12C22 12.41 21.67 12.75 21.25 12.75H20V11.25H21.25C21.67 11.25 22 11.58 22 12Z" fill="#39403E"/>
+<path d="M22 15.7C22 16.11 21.67 16.45 21.25 16.45H19.79C19.93 15.99 20 15.5 20 15V14.95H21.25C21.67 14.95 22 15.28 22 15.7Z" fill="#39403E"/>
+<path d="M16.4502 19.79V21.25C16.4502 21.66 16.1102 22 15.7002 22C15.2902 22 14.9502 21.66 14.9502 21.25V20H15.0002C15.5002 20 15.9902 19.93 16.4502 19.79Z" fill="#39403E"/>
+<path d="M12.7598 20V21.25C12.7598 21.66 12.4198 22 12.0098 22C11.5898 22 11.2598 21.66 11.2598 21.25V20H12.7598Z" fill="#39403E"/>
+<path d="M9.06006 20V21.25C9.06006 21.66 8.72006 22 8.31006 22C7.89006 22 7.56006 21.66 7.56006 21.25V19.79C8.02006 19.93 8.50006 20 9.00006 20H9.06006Z" fill="#39403E"/>
+<path d="M4.21 7.55C4.07 8.01 4 8.5 4 9V9.05H2.75C2.34 9.05 2 8.72 2 8.3C2 7.89 2.34 7.55 2.75 7.55H4.21Z" fill="#39403E"/>
+<path d="M4 11.25V12.75H2.75C2.34 12.75 2 12.41 2 12C2 11.58 2.34 11.25 2.75 11.25H4Z" fill="#39403E"/>
+<path d="M4.21 16.45H2.75C2.34 16.45 2 16.11 2 15.7C2 15.28 2.34 14.95 2.75 14.95H4V15C4 15.5 4.07 15.99 4.21 16.45Z" fill="#39403E"/>
+<path d="M17.2602 9.74001V14.25C17.2602 15.91 15.9202 17.25 14.2602 17.25H9.74023C8.08023 17.25 6.74023 15.91 6.74023 14.25V9.74001C6.74023 8.08001 8.08023 6.74001 9.74023 6.74001H14.2502C15.9102 6.74001 17.2602 8.09001 17.2602 9.74001Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/finger-scan.svg b/pkg/webui/ui/src/icons/finger-scan.svg
new file mode 100644
index 000000000..8f7fd351f
--- /dev/null
+++ b/pkg/webui/ui/src/icons/finger-scan.svg
@@ -0,0 +1,8 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M12.0001 14.88C11.0901 14.88 10.3501 14.14 10.3501 13.23V10.76C10.3501 9.85001 11.0901 9.10999 12.0001 9.10999C12.9101 9.10999 13.6501 9.85001 13.6501 10.76V13.23C13.6501 14.14 12.9101 14.88 12.0001 14.88Z" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
+<path opacity="0.4" d="M16.98 13.47C16.78 16.05 14.62 18.07 12 18.07C9.24 18.07 7 15.83 7 13.07V10.93C7 8.16999 9.24 5.92999 12 5.92999C14.59 5.92999 16.72 7.89998 16.97 10.42" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
+<path d="M15 2H17C20 2 22 4 22 7V9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2 9V7C2 4 4 2 7 2H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M15 22H17C20 22 22 20 22 17V15" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2 15V17C2 20 4 22 7 22H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/project.svg b/pkg/webui/ui/src/icons/project.svg
new file mode 100644
index 000000000..4a0c505c9
--- /dev/null
+++ b/pkg/webui/ui/src/icons/project.svg
@@ -0,0 +1,5 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
+<path d="M19.9919 33H17.9927C13.9942 33 12.9946 32 12.9946 28V18C12.9946 14 13.9942 13 17.9927 13H19.4921C20.9915 13 21.3214 13.44 21.8911 14.2L23.3905 16.2C23.7704 16.7 23.9903 17 24.9899 17H27.9887C31.9871 17 32.9867 18 32.9867 22V24" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M24.7501 29.32C22.401 29.49 22.401 32.89 24.7501 33.06H30.3079C30.9776 33.06 31.6374 32.81 32.1272 32.36C33.7765 30.92 32.8968 28.04 30.7277 27.77C29.948 23.08 23.1707 24.86 24.7701 29.33" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/relation-hline.svg b/pkg/webui/ui/src/icons/relation-hline.svg
new file mode 100644
index 000000000..0835a6c9f
--- /dev/null
+++ b/pkg/webui/ui/src/icons/relation-hline.svg
@@ -0,0 +1,5 @@
+<svg width="169" height="12" viewBox="0 0 169 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6 6H163" stroke="#39403E" stroke-width="2"/>
+<circle cx="6" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
+<circle cx="163" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/search.svg b/pkg/webui/ui/src/icons/search.svg
new file mode 100644
index 000000000..1a9508cbd
--- /dev/null
+++ b/pkg/webui/ui/src/icons/search.svg
@@ -0,0 +1,4 @@
+<svg width="27" height="27" viewBox="0 0 27 27" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M12.9375 23.625C18.84 23.625 23.625 18.84 23.625 12.9375C23.625 7.03496 18.84 2.25 12.9375 2.25C7.03496 2.25 2.25 7.03496 2.25 12.9375C2.25 18.84 7.03496 23.625 12.9375 23.625Z" fill="#39403E"/>
+<path d="M23.9624 24.75C23.7599 24.75 23.5574 24.6713 23.4111 24.525L21.3186 22.4325C21.0149 22.1288 21.0149 21.6338 21.3186 21.3188C21.6224 21.015 22.1174 21.015 22.4324 21.3188L24.5249 23.4113C24.8286 23.715 24.8286 24.21 24.5249 24.525C24.3674 24.6713 24.1649 24.75 23.9624 24.75Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/target.svg b/pkg/webui/ui/src/icons/target.svg
new file mode 100644
index 000000000..eb93030dc
--- /dev/null
+++ b/pkg/webui/ui/src/icons/target.svg
@@ -0,0 +1,5 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
+<path d="M32.9867 23V20C32.9867 15 30.9875 13 25.9895 13H19.9919C14.9938 13 12.9946 15 12.9946 20V26C12.9946 31 14.9938 33 19.9919 33H22.9907" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M31.9473 28.84L30.3179 29.39C29.8681 29.54 29.5082 29.89 29.3583 30.35L28.8085 31.98C28.3387 33.39 26.3595 33.36 25.9196 31.95L24.0704 26C23.7105 24.82 24.8001 23.72 25.9696 24.09L31.9273 25.94C33.3267 26.38 33.3467 28.37 31.9473 28.84Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/tree-view.svg b/pkg/webui/ui/src/icons/tree-view.svg
new file mode 100644
index 000000000..225712f63
--- /dev/null
+++ b/pkg/webui/ui/src/icons/tree-view.svg
@@ -0,0 +1,7 @@
+<svg width="26" height="26" viewBox="0 0 26 26" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M7.58317 8.66666H4.33317C3.1415 8.66666 2.1665 7.69166 2.1665 6.5V4.33333C2.1665 3.14166 3.1415 2.16666 4.33317 2.16666H7.58317C8.77484 2.16666 9.74984 3.14166 9.74984 4.33333V6.5C9.74984 7.69166 8.77484 8.66666 7.58317 8.66666Z" fill="#59A588"/>
+<path d="M22.5335 7.58333H18.6335C17.9185 7.58333 17.3335 6.99832 17.3335 6.28332V4.55001C17.3335 3.83501 17.9185 3.25 18.6335 3.25H22.5335C23.2485 3.25 23.8335 3.83501 23.8335 4.55001V6.28332C23.8335 6.99832 23.2485 7.58333 22.5335 7.58333Z" fill="#59A588"/>
+<path d="M22.5335 15.7083H18.6335C17.9185 15.7083 17.3335 15.1233 17.3335 14.4083V12.675C17.3335 11.96 17.9185 11.375 18.6335 11.375H22.5335C23.2485 11.375 23.8335 11.96 23.8335 12.675V14.4083C23.8335 15.1233 23.2485 15.7083 22.5335 15.7083Z" fill="#59A588"/>
+<path opacity="0.37" d="M17.3333 14.3542C17.7775 14.3542 18.1458 13.9858 18.1458 13.5417C18.1458 13.0975 17.7775 12.7292 17.3333 12.7292H14.3542V6.22916H17.3333C17.7775 6.22916 18.1458 5.86083 18.1458 5.41666C18.1458 4.9725 17.7775 4.60416 17.3333 4.60416H9.75C9.30583 4.60416 8.9375 4.9725 8.9375 5.41666C8.9375 5.86083 9.30583 6.22916 9.75 6.22916H12.7292V19.5C12.7292 21.1467 14.0617 22.4792 15.7083 22.4792H17.3333C17.7775 22.4792 18.1458 22.1108 18.1458 21.6667C18.1458 21.2225 17.7775 20.8542 17.3333 20.8542H15.7083C14.9608 20.8542 14.3542 20.2475 14.3542 19.5V14.3542H17.3333Z" fill="#59A588"/>
+<path d="M22.5335 23.8333H18.6335C17.9185 23.8333 17.3335 23.2483 17.3335 22.5333V20.8C17.3335 20.085 17.9185 19.5 18.6335 19.5H22.5335C23.2485 19.5 23.8335 20.085 23.8335 20.8V22.5333C23.8335 23.2483 23.2485 23.8333 22.5335 23.8333Z" fill="#59A588"/>
+</svg>
diff --git a/pkg/webui/ui/src/index.css b/pkg/webui/ui/src/index.css
index 738f22103..e1ba40f42 100644
--- a/pkg/webui/ui/src/index.css
+++ b/pkg/webui/ui/src/index.css
@@ -1,27 +1,31 @@
 body {
     margin: 0;
-    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Oxygen',
-    'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue',
-    sans-serif;
-    -webkit-font-smoothing: antialiased;
-    -moz-osx-font-smoothing: grayscale;
     background: linear-gradient(180deg, #59A588 0%, #404846 100%);
     background-attachment: fixed;
 }
 
+body, input {
+    font-family: 'Nunito Variable', 'Segoe UI', 'Oxygen',
+        'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue', -apple-system, BlinkMacSystemFont,
+        sans-serif;
+    -webkit-font-smoothing: antialiased;
+    -moz-osx-font-smoothing: grayscale;
+}
+
 code {
     font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
-    monospace;
+        monospace;
 }
 
 * {
     box-sizing: border-box;
 }
 
-html, body, #root {
+html,
+body,
+#root {
     width: 100%;
     height: 100%;
     margin: 0;
     padding: 0;
-    font-family: sans-serif;
-}
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/index.tsx b/pkg/webui/ui/src/index.tsx
index f7e132268..391fce39b 100644
--- a/pkg/webui/ui/src/index.tsx
+++ b/pkg/webui/ui/src/index.tsx
@@ -5,10 +5,7 @@ import { RouterProvider } from "react-router-dom";
 import './index.css';
 import reportWebVitals from './reportWebVitals';
 
-import '@fontsource/roboto/300.css';
-import '@fontsource/roboto/400.css';
-import '@fontsource/roboto/500.css';
-import '@fontsource/roboto/700.css';
+import '@fontsource-variable/nunito';
 
 import { Router } from "./components/Router";
 

From 776729c327d7907227d4131abe0067ab9f6bef4a Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Tue, 30 May 2023 22:47:24 +0600
Subject: [PATCH 1130/2268] Main Page: Added lines from projects to targets.

---
 .../components/targets-view/TargetsView.tsx   | 111 ++++++++++++++++--
 1 file changed, 100 insertions(+), 11 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 991546840..8a88ca741 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,6 +1,6 @@
 import { useLoaderData } from "react-router-dom";
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { Box, BoxProps, Typography } from "@mui/material";
+import { Box, BoxProps, Typography, useTheme } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { useAppOutletContext } from "../App";
 import { api } from "../../api";
@@ -16,6 +16,7 @@ const colWidth = 433;
 const cardWidth = 247;
 const projectCardHeight = 80;
 const cardHeight = 126;
+const cardGap = 20;
 
 export async function projectsLoader() {
     const projects = await api.listProjects()
@@ -49,17 +50,102 @@ function Card({ children, ...rest }: BoxProps) {
 }
 
 function CardCol({ children, ...rest }: BoxProps) {
-    return <Box display='flex' flexDirection='column' gap='20px' {...rest}>
+    return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...rest}>
         {children}
     </Box>
 }
 
 function CardRow({ children, ...rest }: BoxProps) {
-    return <Box display='flex' gap='20px' {...rest}>
+    return <Box display='flex' gap={`${cardGap}px`} {...rest}>
         {children}
     </Box>
 }
 
+const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
+    const theme = useTheme();
+    const height = targetCount * cardHeight + (targetCount - 1) * cardGap
+    const width = 169;
+    const curveRadius = 12;
+    const circleRadius = 5;
+    const strokeWidth = 2;
+
+    if (targetCount <= 0) {
+        return null;
+    }
+
+    const targetsCenterYs = Array(targetCount).fill(0).map((_, i) =>
+        cardHeight / 2 + i * (cardHeight + cardGap)
+    );
+    const rootCenterY = height / 2;
+
+    return <svg
+        width='169'
+        height={height}
+        viewBox={`0 0 169 ${height}`}
+        fill='none'
+    >
+        {targetsCenterYs.map((cy, i) => {
+            let d: React.SVGAttributes<SVGPathElement>['d'];
+            if (targetCount % 2 === 1 && i === Math.floor(targetCount / 2)) {
+                // target is in the middle.
+                d = `
+                        M ${circleRadius},${rootCenterY}
+                        h ${width - circleRadius}
+                    `;
+            } else if (i < targetCount / 2) {
+                // target is higher than root.
+                d = `
+                        M ${circleRadius},${rootCenterY}
+                        h ${width / 2 - curveRadius - circleRadius}
+                        a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} -${curveRadius}
+                        v ${cy - rootCenterY + curveRadius * 2}
+                        a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} -${curveRadius}
+                        h ${width / 2 - curveRadius - circleRadius}
+                    `;
+            } else {
+                // target is lower than root.
+                d = `
+                    M ${circleRadius},${rootCenterY}
+                    h ${width / 2 - curveRadius - circleRadius}
+                    a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} ${curveRadius}
+                    v ${cy - rootCenterY - curveRadius * 2}
+                    a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} ${curveRadius}
+                    h ${width / 2 - curveRadius - circleRadius}
+                `;
+            }
+
+            return [
+                <path
+                    key={`path-${i}`}
+                    d={d}
+                    stroke={theme.palette.secondary.main}
+                    strokeWidth={strokeWidth}
+                    strokeLinecap='round'
+                    strokeLinejoin='round'
+                />,
+                <circle
+                    key={`circle-${i}`}
+                    cx={width - circleRadius - strokeWidth / 2}
+                    cy={cy}
+                    r={circleRadius}
+                    fill={theme.palette.background.default}
+                    stroke={theme.palette.secondary.main}
+                    strokeWidth={strokeWidth}
+                />
+            ]
+        })}
+        <circle
+            key='circle-root'
+            cx={circleRadius + strokeWidth / 2}
+            cy={rootCenterY}
+            r={circleRadius}
+            fill={theme.palette.background.default}
+            stroke={theme.palette.secondary.main}
+            strokeWidth={strokeWidth}
+        />
+    </svg>
+});
+
 export const TargetsView = () => {
     const context = useAppOutletContext()
     const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary>()
@@ -80,12 +166,6 @@ export const TargetsView = () => {
         setSelectedTargetSummary(ts)
     }
 
-    useEffect(() => {
-        if (projects[2].targets.length < 3) {
-            projects[2].targets.push(projects[2].targets[0])
-        }
-    })
-
     return <Box width={"max-content"} p='0 40px'>
         <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)} />
         <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)} />
@@ -98,11 +178,20 @@ export const TargetsView = () => {
         {projects.map((ps, i) => {
             return <Box key={i}>
                 <Box key={i} display={"flex"} alignItems={"center"} margin='40px 0'>
-                    <CardCol width={colWidth}>
+                    <Box display='flex' alignItems='center' width={colWidth}>
                         <Card height={projectCardHeight}>
                             <ProjectItem ps={ps} />
                         </Card>
-                    </CardCol>
+                        <Box
+                            flexGrow={1}
+                            height={ps.targets.length * cardHeight + (ps.targets.length - 1) * cardGap}
+                            display='flex'
+                            justifyContent='center'
+                            alignItems='center'
+                        >
+                            <RelationTree targetCount={ps.targets.length} />
+                        </Box>
+                    </Box>
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {

From f17ee24b4b8c12e96dca3fba120adf7d93d9cf3e Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Wed, 31 May 2023 01:55:39 +0600
Subject: [PATCH 1131/2268] Main Page: added side panel for target nodes.

---
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  11 +-
 .../ui/src/components/PropertiesTable.tsx     |   2 +-
 .../src/components/result-view/SidePanel.tsx  |  55 +++++---
 .../targets-view/CommandResultItem.tsx        |   3 -
 .../src/components/targets-view/Projects.tsx  |   3 -
 .../targets-view/TargetDetailsDrawer.tsx      |  58 ++++----
 .../src/components/targets-view/Targets.tsx   |   3 -
 .../components/targets-view/TargetsView.tsx   |   6 +-
 pkg/webui/ui/src/components/theme.ts          | 126 ++++++++++++++++--
 pkg/webui/ui/src/icons/Icons.tsx              |   5 +
 pkg/webui/ui/src/icons/close.svg              |   3 +
 11 files changed, 200 insertions(+), 75 deletions(-)
 create mode 100644 pkg/webui/ui/src/icons/close.svg

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 5c1c61859..a5bd4e5fe 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -19,7 +19,6 @@ import { Typography } from '@mui/material';
 
 const drawerWidthOpen = 224;
 const drawerWidthClosed = 96;
-const appBarHeight = 106;
 
 const openedMixin = (theme: Theme): CSSObject => ({
     width: drawerWidthOpen,
@@ -40,7 +39,7 @@ const closedMixin = (theme: Theme): CSSObject => ({
 });
 
 const DrawerHeader = styled('div')(({ theme }) => ({
-    height: appBarHeight,
+    height: theme.consts.appBarHeight,
     padding: '31px 23px 0 23px',
     // necessary for content to be below app bar
     ...theme.mixins.toolbar,
@@ -53,7 +52,7 @@ interface AppBarProps extends MuiAppBarProps {
 const AppBar = styled(MuiAppBar, {
     shouldForwardProp: (prop) => prop !== 'open',
 })<AppBarProps>(({ theme, open }) => ({
-    height: appBarHeight,
+    height: theme.consts.appBarHeight,
     border: 'none',
     boxShadow: 'none',
     background: 'transparent',
@@ -138,7 +137,7 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
         <Box display='flex' height='100%'>
             <AppBar position='fixed' open={open}>
                 <Box display='flex' justifyContent='space-between'>
-                    <Typography variant='h1' fontSize='32px' fontWeight='bold' lineHeight='40px'>
+                    <Typography variant='h1'>
                         Dashboard
                     </Typography>
                     <Box
@@ -169,7 +168,6 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                         </IconButton>
                     </Box>
                 </Box>
-                <Divider />
             </AppBar>
             <ThemeProvider theme={dark}>
                 <Drawer variant="permanent" open={open}>
@@ -192,7 +190,8 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
             </ThemeProvider>
             <Box component="main" sx={{ flexGrow: 1, height: '100%', overflow: 'hidden' }} minWidth={0}>
                 <DrawerHeader />
-                <Box width='100%' height={`calc(100% - ${appBarHeight}px)`} overflow='auto'>
+                <Divider sx={{ margin: '0 40px' }}/>
+                <Box width='100%' height={`calc(100% - ${theme.consts.appBarHeight}px)`} overflow='auto'>
                     {props.content}
                 </Box>
             </Box>
diff --git a/pkg/webui/ui/src/components/PropertiesTable.tsx b/pkg/webui/ui/src/components/PropertiesTable.tsx
index 20cdd967e..61237aefb 100644
--- a/pkg/webui/ui/src/components/PropertiesTable.tsx
+++ b/pkg/webui/ui/src/components/PropertiesTable.tsx
@@ -9,7 +9,7 @@ import Paper from '@mui/material/Paper';
 
 export function PropertiesTable(props: {properties: {name: string, value: React.ReactNode}[]}) {
     return (
-        <TableContainer component={Paper}>
+        <TableContainer component={Paper} sx={{ padding: '10px 0' }}>
             <Table>
                 <TableHead>
                     <TableRow>
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index da68288f9..9a2047a7c 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -1,6 +1,8 @@
-import { Box, Tab, Typography } from "@mui/material";
+import { Box, Divider, IconButton, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
+import { CloseIcon } from "../../icons/Icons";
+import { light } from "../theme";
 
 export interface SidePanelTab {
     label: string
@@ -14,10 +16,12 @@ export interface SidePanelProvider {
 
 export interface SidePanelProps {
     provider?: SidePanelProvider;
+    onClose?: () => void;
 }
 
 export const SidePanel = (props: SidePanelProps) => {
-    let [selectedTab, setSelectedTab] = useState<string>();
+    const [selectedTab, setSelectedTab] = useState<string>();
+    const theme = useTheme();
 
     function handleTabChange(_e: React.SyntheticEvent, value: string) {
         setSelectedTab(value);
@@ -55,24 +59,39 @@ export const SidePanel = (props: SidePanelProps) => {
         return <></>
     }
 
-    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" p={3}>
-        <Typography variant="h4" mb={1} component="div">
-            {props.provider.buildSidePanelTitle()}
-        </Typography>
-
+    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column">
         <TabContext value={selectedTab}>
-            <Box flex="0 0 auto" sx={{ borderBottom: 1, borderColor: 'divider' }}>
-                <TabList onChange={handleTabChange}>
-                    {tabs.map((tab, i) => {
-                        return <Tab label={tab.label} value={tab.label} key={tab.label}/>
-                    })}
-                </TabList>
+            <Box height={theme.consts.appBarHeight} display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
+                <Box flex='1 1 auto' display='flex' justifyContent='space-between'>
+                    <Box flex='1 1 auto' pt='25px' pl='35px'>
+                        <Typography variant="h4">
+                            {props.provider.buildSidePanelTitle()}
+                        </Typography>
+                    </Box>
+                    <Box flex='0 0 auto' pt='10px' pr='10px'>
+                        <IconButton onClick={props.onClose}>
+                            <CloseIcon />
+                        </IconButton>
+                    </Box>
+                </Box>
+                <Box height='36px' flex='0 0 auto' p='0 30px'>
+                    <TabList onChange={handleTabChange}>
+                        {tabs.map((tab, i) => {
+                            return <Tab label={tab.label} value={tab.label} key={tab.label} />
+                        })}
+                    </TabList>
+                </Box>
+            </Box>
+            <Divider sx={{ margin: 0 }} />
+            <Box>
+                {tabs.map((tab, index) => {
+                    return <ThemeProvider theme={light}>
+                        <TabPanel value={tab.label} key={index} sx={{ overflowY: "auto", padding: '30px' }}>
+                            {tab.content}
+                        </TabPanel>
+                    </ThemeProvider>
+                })}
             </Box>
-            {tabs.map((tab, index) => {
-                return <TabPanel value={tab.label} key={index} sx={{ overflowY: "auto" }}>
-                    {tab.content}
-                </TabPanel>
-            })}
         </TabContext>
     </Box>
 }
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 6eb2dec6e..3c5a1a5d2 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -75,10 +75,7 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
                         textAlign='left'
                         textOverflow='ellipsis'
                         overflow='hidden'
-                        lineHeight='27.28px'
                         flexGrow={1}
-                        fontSize='20px'
-                        fontWeight={800}
                     >
                         {props.rs.commandInfo?.command}
                     </Typography>
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
index 4756cf046..c5ebb34f9 100644
--- a/pkg/webui/ui/src/components/targets-view/Projects.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Projects.tsx
@@ -38,10 +38,7 @@ export const ProjectItem = (props: { ps: ProjectSummary }) => {
                                 textAlign='left'
                                 textOverflow='ellipsis'
                                 overflow='hidden'
-                                lineHeight={1.2}
                                 flexGrow={1}
-                                fontSize='20px'
-                                fontWeight={800}
                             >
                                 {name}
                             </Typography>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
index 6c76ebbc4..874779b74 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
@@ -1,11 +1,12 @@
 import { TargetSummary } from "../../models";
-import { Box, Drawer } from "@mui/material";
+import { Box, Drawer, ThemeProvider } from "@mui/material";
 import { SidePanel, SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import React from "react";
 import { PropertiesTable } from "../PropertiesTable";
 import { DiffStatus } from "../result-view/nodes/NodeData";
 import { ChangesTable } from "../result-view/ChangesTable";
 import { ErrorsTable } from "../ErrorsTable";
+import { dark } from "../theme";
 
 class MyProvider implements SidePanelProvider {
     private ts?: TargetSummary;
@@ -26,27 +27,27 @@ class MyProvider implements SidePanelProvider {
         }
 
         const tabs = [
-            {label: "Summary", content: this.buildSummaryTab()}
+            { label: "Summary", content: this.buildSummaryTab() }
         ]
 
         if (this.ts.target)
 
-        if (this.diffStatus.changedObjects.length) {
-            tabs.push({
-                label: "Drift",
-                content: <ChangesTable diffStatus={this.diffStatus}/>
-            })
-        }
+            if (this.diffStatus.changedObjects.length) {
+                tabs.push({
+                    label: "Drift",
+                    content: <ChangesTable diffStatus={this.diffStatus} />
+                })
+            }
         if (this.ts.lastValidateResult?.errors?.length) {
             tabs.push({
                 label: "Errors",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.errors}/>
+                content: <ErrorsTable errors={this.ts.lastValidateResult.errors} />
             })
         }
         if (this.ts.lastValidateResult?.warnings?.length) {
             tabs.push({
                 label: "Warnings",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings}/>
+                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings} />
             })
         }
 
@@ -55,25 +56,25 @@ class MyProvider implements SidePanelProvider {
 
     buildSummaryTab(): React.ReactNode {
         const props = [
-            {name: "Target Name", value: this.getTargetName()},
-            {name: "Discriminator", value: this.ts?.target.discriminator},
+            { name: "Target Name", value: this.getTargetName() },
+            { name: "Discriminator", value: this.ts?.target.discriminator },
         ]
 
         if (this.ts?.lastValidateResult) {
-            props.push({name: "Ready", value: this.ts.lastValidateResult.ready + ""})
+            props.push({ name: "Ready", value: this.ts.lastValidateResult.ready + "" })
         }
         if (this.ts?.lastValidateResult?.errors?.length) {
-            props.push({name: "Errors", value: this.ts.lastValidateResult.errors.length + ""})
+            props.push({ name: "Errors", value: this.ts.lastValidateResult.errors.length + "" })
         }
         if (this.ts?.lastValidateResult?.warnings?.length) {
-            props.push({name: "Warnings", value: this.ts.lastValidateResult.warnings.length + ""})
+            props.push({ name: "Warnings", value: this.ts.lastValidateResult.warnings.length + "" })
         }
         if (this.ts?.lastValidateResult?.drift?.length) {
-            props.push({name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + ""})
+            props.push({ name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + "" })
         }
 
         return <>
-            <PropertiesTable properties={props}/>
+            <PropertiesTable properties={props} />
         </>
     }
 
@@ -95,14 +96,17 @@ class MyProvider implements SidePanelProvider {
 }
 
 export const TargetDetailsDrawer = (props: { ts?: TargetSummary, onClose: () => void }) => {
-    return <Drawer
-        sx={{ zIndex: 1300 }}
-        anchor={"right"}
-        open={props.ts !== undefined}
-        onClose={() => props.onClose()}
-    >
-        <Box width={"800px"} height={"100%"}>
-            <SidePanel provider={new MyProvider(props.ts)}/>
-        </Box>
-    </Drawer>
+    return <ThemeProvider theme={dark}>
+        <Drawer
+            sx={{ zIndex: 1300 }}
+            anchor={"right"}
+            open={props.ts !== undefined}
+            onClose={props.onClose}
+            ModalProps={{ BackdropProps: { invisible: true }}}
+        >
+            <Box width={"382px"} height={"100%"}>
+                <SidePanel provider={new MyProvider(props.ts)} onClose={props.onClose}/>
+            </Box>
+        </Drawer>
+    </ThemeProvider>;
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 729cf98ff..d6f891c37 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -112,10 +112,7 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
                         textAlign='left'
                         textOverflow='ellipsis'
                         overflow='hidden'
-                        lineHeight='27.28px'
                         flexGrow={1}
-                        fontSize='20px'
-                        fontWeight={800}
                     >
                         {targetName}
                     </Typography>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 8a88ca741..52178ed7f 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -39,7 +39,7 @@ function ColHeader({ children }: { children: React.ReactNode }) {
             }
         }}
     >
-        <Typography variant={"h6"} textAlign='left' fontSize='20px' fontWeight={700}>{children}</Typography>
+        <Typography variant='h2' textAlign='left'>{children}</Typography>
     </Box>
 }
 
@@ -79,9 +79,9 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
     const rootCenterY = height / 2;
 
     return <svg
-        width='169'
+        width={width}
         height={height}
-        viewBox={`0 0 169 ${height}`}
+        viewBox={`0 0 ${width} ${height}`}
         fill='none'
     >
         {targetsCenterYs.map((cy, i) => {
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index bc1c18469..c599bf1cd 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -1,8 +1,9 @@
-import { PaletteOptions, createTheme } from '@mui/material/styles';
+import { PaletteOptions, ThemeOptions, createTheme } from '@mui/material/styles';
 
 const paletteDark = {
     primary: { main: '#DFEBE9' },
-    background: { default: '#222222', paper: '#222222' }
+    background: { default: '#222222', paper: '#222222' },
+    text: { primary: '#DFEBE9' }
 } satisfies PaletteOptions;
 
 const paletteLight = {
@@ -12,13 +13,53 @@ const paletteLight = {
     text: { primary: '#222222' }
 } satisfies PaletteOptions;
 
-export const light = createTheme({
-    palette: paletteLight,
+declare module '@mui/material/styles' {
+    interface Theme {
+        consts: {
+            appBarHeight: number;
+        };
+    }
+    // allow configuration using `createTheme`
+    interface ThemeOptions {
+        consts?: {
+            appBarHeight?: number;
+        };
+    }
+}
+
+export const common = createTheme({
+    consts: {
+        appBarHeight: 106
+    },
     typography: {
         fontFamily: 'Nunito Variable',
-        h1: { color: '#222222' },
-        h6: { color: '#39403E' },
-        subtitle1: { color: '#39403E' },
+    }
+});
+
+export const light = createTheme(common, {
+    palette: paletteLight,
+    typography: {
+        h1: {
+            color: paletteLight.text.primary,
+            fontWeight: 700,
+            fontSize: '32px',
+            lineHeight: '44px',
+            letterSpacing: '1px',
+        },
+        h2: {
+            color: paletteLight.text.primary,
+            fontWeight: 700,
+            fontSize: '20px',
+            lineHeight: '27px',
+            letterSpacing: '1px',
+        },
+        h6: {
+            color: paletteLight.secondary.main,
+            fontWeight: 800,
+            fontSize: '20px',
+            lineHeight: '27px'
+        },
+        subtitle1: { color: paletteLight.secondary.main },
         subtitle2: { fontSize: '14px', lineHeight: 1.2 }
     },
     components: {
@@ -35,14 +76,51 @@ export const light = createTheme({
                     color: paletteLight.primary.main
                 }
             }
+        },
+        MuiTableCell: {
+            styleOverrides: {
+                root: {
+                    border: 'none',
+                    borderTop: `0.5px solid ${paletteLight.secondary.main}`,
+                    fontWeight: 400,
+                    fontSize: '16px',
+                    lineHeight: '22px',
+                    letterSpacing: '1px',
+                    position: 'relative',
+                    ':after': {
+                        content: '""',
+                        position: 'absolute',
+                        top: '10px',
+                        right: 0,
+                        bottom: '10px',
+                        display: 'block',
+                        borderRight: '0.5px solid #39403E',
+                    },
+                    ':last-of-type:after': {
+                        content: 'none'
+                    }
+                },
+                head: {
+                    border: 'none',
+                }
+            }
         }
     }
-});
+} satisfies ThemeOptions);
 
-export const dark = createTheme({
+export const dark = createTheme(common, {
     palette: paletteDark,
     typography: {
-        fontFamily: 'Nunito Variable'
+        allVariants: {
+            color: paletteDark.text.primary
+        },
+        h4: { 
+            color: paletteDark.text.primary,
+            fontWeight: 700,
+            fontSize: '24px',
+            lineHeight: '33px',
+            letterSpacing: '1px',
+        }
     },
     components: {
         MuiListItem: {
@@ -79,6 +157,32 @@ export const dark = createTheme({
                     margin: '0 13px'
                 }
             }
+        },
+        MuiTabs: {
+            styleOverrides: {
+                root: {
+                    height: '36px',
+                    minHeight: 0,
+                    textTransform: 'none'
+                },
+                indicator: {
+                    backgroundColor: '#59A588'
+                }
+            }
+        },
+        MuiTab: {
+            styleOverrides: {
+                root: {
+                    height: '36px',
+                    minHeight: 0,
+                    fontWeight: 400,
+                    fontSize: '16px',
+                    lineHeight: '22px',
+                    letterSpacing: '1px',
+                    textTransform: 'none',
+                    padding: '7px 5px'
+                }
+            }
         }
     }
-})
\ No newline at end of file
+} satisfies ThemeOptions)
\ No newline at end of file
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 18921d8bc..156c0233f 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -9,6 +9,7 @@ import { ReactComponent as ProjectIconSvg } from './project.svg';
 import { ReactComponent as CpuIconSvg } from './cpu.svg';
 import { ReactComponent as FingerScanIconSvg } from './finger-scan.svg';
 import { ReactComponent as TreeViewIconSvg } from './tree-view.svg';
+import { ReactComponent as CloseIconSvg } from './close.svg';
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -62,3 +63,7 @@ export const MessageQuestionIcon = (props: { color: string }) => {
 export const TreeViewIcon = () => {
     return <TreeViewIconSvg width="26px" height="26px" />
 }
+
+export const CloseIcon = () => {
+    return <CloseIconSvg width="24px" height="24px" />
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/icons/close.svg b/pkg/webui/ui/src/icons/close.svg
new file mode 100644
index 000000000..f3ce4ed70
--- /dev/null
+++ b/pkg/webui/ui/src/icons/close.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#DFEBE9"/>
+</svg>

From 4eed4f3b6d5252fea1de39fcaa0599b919d87fd8 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 1 Jun 2023 01:27:26 +0600
Subject: [PATCH 1132/2268] Main Page: added side panel for command result
 nodes.

---
 pkg/webui/ui/src/components/ErrorsTable.tsx   |  5 ++-
 .../ui/src/components/PropertiesTable.tsx     |  3 +-
 .../components/result-view/ChangesTable.tsx   | 36 ++++++++++---------
 .../src/components/result-view/SidePanel.tsx  | 14 ++++----
 .../CommandResultDetailsDrawer.tsx            | 34 ++++++++++--------
 pkg/webui/ui/src/components/theme.ts          | 20 +++++++++--
 6 files changed, 67 insertions(+), 45 deletions(-)

diff --git a/pkg/webui/ui/src/components/ErrorsTable.tsx b/pkg/webui/ui/src/components/ErrorsTable.tsx
index f15abf73a..a7875b858 100644
--- a/pkg/webui/ui/src/components/ErrorsTable.tsx
+++ b/pkg/webui/ui/src/components/ErrorsTable.tsx
@@ -5,7 +5,6 @@ import TableCell from '@mui/material/TableCell';
 import TableContainer from '@mui/material/TableContainer';
 import TableHead from '@mui/material/TableHead';
 import TableRow from '@mui/material/TableRow';
-import Paper from '@mui/material/Paper';
 import { DeploymentError } from "../models";
 import { Box, Divider, List, ListItem, ListItemText } from "@mui/material";
 import { buildRefKindElement } from "../api";
@@ -13,7 +12,7 @@ import { buildRefKindElement } from "../api";
 export function ErrorsTable(props: { errors: DeploymentError[] }) {
     return <>
         <Box height={"100%"}>
-            <TableContainer component={Paper}>
+            <TableContainer>
                 <Table>
                     <TableHead>
                         <TableRow>
@@ -25,7 +24,7 @@ export function ErrorsTable(props: { errors: DeploymentError[] }) {
                         {props.errors?.map((e, i) => (
                             <TableRow key={i}>
                                 <TableCell sx={{ minWidth: "150px" }}>
-                                    <List>
+                                    <List disablePadding>
                                         {buildRefKindElement(e.ref, <>
                                             <ListItem>
                                                 <ListItemText primary={e.ref.kind}/>
diff --git a/pkg/webui/ui/src/components/PropertiesTable.tsx b/pkg/webui/ui/src/components/PropertiesTable.tsx
index 61237aefb..0f189fab6 100644
--- a/pkg/webui/ui/src/components/PropertiesTable.tsx
+++ b/pkg/webui/ui/src/components/PropertiesTable.tsx
@@ -5,11 +5,10 @@ import TableCell from '@mui/material/TableCell';
 import TableContainer from '@mui/material/TableContainer';
 import TableHead from '@mui/material/TableHead';
 import TableRow from '@mui/material/TableRow';
-import Paper from '@mui/material/Paper';
 
 export function PropertiesTable(props: {properties: {name: string, value: React.ReactNode}[]}) {
     return (
-        <TableContainer component={Paper} sx={{ padding: '10px 0' }}>
+        <TableContainer>
             <Table>
                 <TableHead>
                     <TableRow>
diff --git a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
index b802201f3..0082446be 100644
--- a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
+++ b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
@@ -5,18 +5,16 @@ import TableCell from '@mui/material/TableCell';
 import TableContainer from '@mui/material/TableContainer';
 import TableHead from '@mui/material/TableHead';
 import TableRow from '@mui/material/TableRow';
-import Paper from '@mui/material/Paper';
 import { buildRefKindElement, buildRefString } from "../../api";
 import { Box, Typography } from "@mui/material";
 import { CodeViewer } from "../CodeViewer";
 import { DiffStatus } from "./nodes/NodeData";
-import Divider from "@mui/material/Divider";
 import { ObjectRef } from "../../models";
 
 const RefList = (props: { title: string, refs: ObjectRef[] }) => {
-    return <Box>
+    return <Box py='10px'>
         <Typography align={"center"} variant={"h5"}>{props.title}</Typography>
-        <TableContainer component={Paper}>
+        <TableContainer>
             <Table>
                 <TableHead>
                     <TableRow>
@@ -48,7 +46,6 @@ const RefList = (props: { title: string, refs: ObjectRef[] }) => {
                 </TableBody>
             </Table>
         </TableContainer>
-        <Box height={"20px"}></Box>
     </Box>
 }
 
@@ -56,15 +53,22 @@ export function ChangesTable(props: { diffStatus: DiffStatus }) {
     let changedObjects: React.ReactElement | undefined
 
     if (props.diffStatus.changedObjects.length) {
-        changedObjects = <Box>
+        changedObjects = <Box py='10px'>
             <Typography align={"center"} variant={"h5"}>Changed Objects</Typography>
             {props.diffStatus.changedObjects.map((co, i) => (
-                <TableContainer key={i} component={Paper}>
+                <TableContainer key={i}>
                     <Table>
                         <TableHead>
                             <TableRow>
-                                <TableCell align="left" colSpan={2}>
-                                    <Typography variant="h6">{buildRefString(co.ref)}</Typography>
+                                <TableCell align="left" colSpan={2} sx={{ padding: '24px 16px 5px 16px' }}>
+                                    <Typography
+                                        sx={{
+                                            fontWeight: 500,
+                                            fontSize: '20px',
+                                            lineHeight: '27px',
+                                            letterSpacing: '1px',
+                                        }}
+                                    >{buildRefString(co.ref)}</Typography>
                                 </TableCell>
                             </TableRow>
                             <TableRow>
@@ -81,25 +85,25 @@ export function ChangesTable(props: { diffStatus: DiffStatus }) {
                                         </Box>
                                     </TableCell>
                                     <TableCell>
-                                        <CodeViewer code={c.unifiedDiff || ""} language={"diff"}/>
+                                        <CodeViewer code={c.unifiedDiff || ""} language={"diff"} />
                                     </TableCell>
                                 </TableRow>
                             ))}
                         </TableBody>
                     </Table>
                 </TableContainer>
-            ))}
-            <Divider/>
-        </Box>
+            ))
+            }
+        </Box >
     }
 
     return <Box width={"100%"} display={"flex"} flexDirection={"column"}>
         {props.diffStatus.newObjects.length ?
-            <RefList title={"New Objects"} refs={props.diffStatus.newObjects}/> : <></>}
+            <RefList title={"New Objects"} refs={props.diffStatus.newObjects} /> : <></>}
         {props.diffStatus.deletedObjects.length ?
-            <RefList title={"Deleted Objects"} refs={props.diffStatus.deletedObjects}/> : <></>}
+            <RefList title={"Deleted Objects"} refs={props.diffStatus.deletedObjects} /> : <></>}
         {props.diffStatus.orphanObjects.length ?
-            <RefList title={"Orphan Objects"} refs={props.diffStatus.orphanObjects}/> : <></>}
+            <RefList title={"Orphan Objects"} refs={props.diffStatus.orphanObjects} /> : <></>}
         {changedObjects}
     </Box>
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index 9a2047a7c..bfb5c17b0 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -1,4 +1,4 @@
-import { Box, Divider, IconButton, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
+import { Box, Divider, IconButton, Paper, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { CloseIcon } from "../../icons/Icons";
@@ -59,7 +59,7 @@ export const SidePanel = (props: SidePanelProps) => {
         return <></>
     }
 
-    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column">
+    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" overflow='hidden'>
         <TabContext value={selectedTab}>
             <Box height={theme.consts.appBarHeight} display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
                 <Box flex='1 1 auto' display='flex' justifyContent='space-between'>
@@ -83,11 +83,13 @@ export const SidePanel = (props: SidePanelProps) => {
                 </Box>
             </Box>
             <Divider sx={{ margin: 0 }} />
-            <Box>
+            <Box overflow='auto' p='30px'>
                 {tabs.map((tab, index) => {
-                    return <ThemeProvider theme={light}>
-                        <TabPanel value={tab.label} key={index} sx={{ overflowY: "auto", padding: '30px' }}>
-                            {tab.content}
+                    return <ThemeProvider theme={light} key={index}>
+                        <TabPanel value={tab.label} sx={{ padding: 0 }}>
+                            <Paper sx={{ padding: '10px 0' }}>
+                                {tab.content}
+                            </Paper>
                         </TabPanel>
                     </ThemeProvider>
                 })}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index 298fbe66a..5820d9dab 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -4,8 +4,9 @@ import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import React, { Suspense, useEffect, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
 import { SidePanel } from "../result-view/SidePanel";
-import { Box, Drawer } from "@mui/material";
+import { Box, Drawer, ThemeProvider } from "@mui/material";
 import { Loading } from "../Loading";
+import { dark } from "../theme";
 
 async function doGetRootNode(rs: CommandResultSummary) {
     const shortNames = api.getShortNames()
@@ -34,21 +35,24 @@ export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, o
         setPromise(doGetRootNode(props.rs))
     }, [props.rs])
 
-    const Content = () => {
+    const Content = (props: { onClose: () => void }) => {
         const node = usePromise(promise)
-        return <SidePanel provider={node}/>
+        return <SidePanel provider={node} onClose={props.onClose} />
     }
 
-    return <Drawer
-        sx={{ zIndex: 1300 }}
-        anchor={"right"}
-        open={props.rs !== undefined}
-        onClose={() => props.onClose()}
-    >
-        <Box width={"800px"} height={"100%"}>
-            <Suspense fallback={<Loading/>}>
-                <Content/>
-            </Suspense>
-        </Box>
-    </Drawer>
+    return <ThemeProvider theme={dark}>
+        <Drawer
+            sx={{ zIndex: 1300 }}
+            anchor={"right"}
+            open={props.rs !== undefined}
+            onClose={props.onClose}
+            ModalProps={{ BackdropProps: { invisible: true } }}
+        >
+            <Box width={"720px"} height={"100%"}>
+                <Suspense fallback={<Loading />}>
+                    <Content onClose={props.onClose} />
+                </Suspense>
+            </Box>
+        </Drawer>
+    </ThemeProvider>
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index c599bf1cd..86d328802 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -53,6 +53,13 @@ export const light = createTheme(common, {
             lineHeight: '27px',
             letterSpacing: '1px',
         },
+        h5: {
+            color: paletteLight.secondary.main,
+            fontWeight: 700,
+            fontSize: '22px',
+            lineHeight: '30px',
+            letterSpacing: '1px',
+        },
         h6: {
             color: paletteLight.secondary.main,
             fontWeight: 800,
@@ -94,10 +101,13 @@ export const light = createTheme(common, {
                         right: 0,
                         bottom: '10px',
                         display: 'block',
-                        borderRight: '0.5px solid #39403E',
+                        borderRight: `0.5px solid ${paletteLight.secondary.main}`,
                     },
                     ':last-of-type:after': {
                         content: 'none'
+                    },
+                    ':last-of-type': {
+                        overflowWrap: 'anywhere'
                     }
                 },
                 head: {
@@ -114,7 +124,7 @@ export const dark = createTheme(common, {
         allVariants: {
             color: paletteDark.text.primary
         },
-        h4: { 
+        h4: {
             color: paletteDark.text.primary,
             fontWeight: 700,
             fontSize: '24px',
@@ -180,7 +190,11 @@ export const dark = createTheme(common, {
                     lineHeight: '22px',
                     letterSpacing: '1px',
                     textTransform: 'none',
-                    padding: '7px 5px'
+                    padding: '7px 5px',
+                    color: '#8A8E91',
+                    '&.Mui-selected': {
+                        color: paletteDark.text.primary
+                    }
                 }
             }
         }

From 333507ebad348f8aa111e5c7a18432f0d89e9181 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 1 Jun 2023 03:25:52 +0600
Subject: [PATCH 1133/2268] Main Page: replaced all icons.

---
 .../result-view/CommandResultStatusLine.tsx   | 14 +++---
 .../targets-view/CommandResultItem.tsx        | 17 ++++---
 pkg/webui/ui/src/icons/Icons.tsx              | 47 ++++++++++++++++++-
 pkg/webui/ui/src/icons/added.svg              |  4 ++
 pkg/webui/ui/src/icons/changed.svg            |  5 ++
 pkg/webui/ui/src/icons/deploy.svg             |  8 ++++
 pkg/webui/ui/src/icons/diff.svg               |  8 ++++
 pkg/webui/ui/src/icons/error.svg              |  4 ++
 pkg/webui/ui/src/icons/orphan.svg             |  6 +++
 pkg/webui/ui/src/icons/prune.svg              |  8 ++++
 pkg/webui/ui/src/icons/trash.svg              |  6 +++
 pkg/webui/ui/src/icons/warning.svg            |  5 ++
 12 files changed, 115 insertions(+), 17 deletions(-)
 create mode 100644 pkg/webui/ui/src/icons/added.svg
 create mode 100644 pkg/webui/ui/src/icons/changed.svg
 create mode 100644 pkg/webui/ui/src/icons/deploy.svg
 create mode 100644 pkg/webui/ui/src/icons/diff.svg
 create mode 100644 pkg/webui/ui/src/icons/error.svg
 create mode 100644 pkg/webui/ui/src/icons/orphan.svg
 create mode 100644 pkg/webui/ui/src/icons/prune.svg
 create mode 100644 pkg/webui/ui/src/icons/trash.svg
 create mode 100644 pkg/webui/ui/src/icons/warning.svg

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index 11b9721d6..4794f31ae 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -1,7 +1,7 @@
 import { CommandResultSummary, ValidateResult } from "../../models";
 import { Box, Tooltip, Typography } from "@mui/material";
-import { Dangerous, Delete, Difference, LibraryAdd, LinkOff, Warning } from "@mui/icons-material";
 import React from "react";
+import { AddedIcon, ChangedIcon, ErrorIcon, OrphanIcon, TrashIcon, WarningIcon } from "../../icons/Icons";
 
 export interface StatusLineProps {
     errors?: number
@@ -36,12 +36,12 @@ export const StatusLine = (props: StatusLineProps) => {
         }
     }
 
-    doPush(props.errors, "total errors.", <Dangerous color={"error"} />)
-    doPush(props.warnings, "total warnings.", <Warning color={"warning"} />)
-    doPush(props.newObjects, "new objects.", <LibraryAdd color={"info"} />)
-    doPush(props.deletedObjects, "deleted objects.", <Delete color={"info"} />)
-    doPush(props.orphanObjects, "orphan objects.", <LinkOff color={"info"} />)
-    doPush(props.changedObjects, "changed objects.", <Difference color={"info"} />)
+    doPush(props.errors, "total errors.", <ErrorIcon />)
+    doPush(props.warnings, "total warnings.", <WarningIcon />)
+    doPush(props.newObjects, "new objects.", <AddedIcon />)
+    doPush(props.deletedObjects, "deleted objects.", <TrashIcon />)
+    doPush(props.orphanObjects, "orphan objects.", <OrphanIcon />)
+    doPush(props.changedObjects, "changed objects.", <ChangedIcon />)
 
     return <Box display="flex" width={"100%"}>
         {children}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 3c5a1a5d2..3e305c9b2 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,5 +1,4 @@
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { CleaningServices, CloudSync, Delete, Difference } from "@mui/icons-material";
 import { useEffect, useMemo, useState } from "react";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
@@ -8,7 +7,7 @@ import { Box, IconButton, Tooltip, Typography } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { formatDurationShort } from "../../utils/duration";
-import { TreeViewIcon } from "../../icons/Icons";
+import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 
 export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs?: CommandResultSummary) => void }) => {
     const calcAgo = () => {
@@ -21,22 +20,22 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
     const navigate = useNavigate()
     const [ago, setAgo] = useState(calcAgo())
 
-    let Icon = Difference
+    let Icon: () => JSX.Element = DiffIcon
     switch (props.rs.commandInfo?.command) {
         case "delete":
-            Icon = Delete
+            Icon = PruneIcon
             break
         case "deploy":
-            Icon = CloudSync
+            Icon = DeployIcon
             break
         case "diff":
-            Icon = Difference
+            Icon = DiffIcon
             break
         case "poke-images":
-            Icon = CloudSync
+            Icon = DeployIcon
             break
         case "prune":
-            Icon = CleaningServices
+            Icon = PruneIcon
             break
     }
 
@@ -66,7 +65,7 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
             <Box display='flex' gap='15px'>
                 <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
                     <Tooltip title={iconTooltip}>
-                        <Icon fontSize={"large"} />
+                        <Icon />
                     </Tooltip>
                 </Box>
                 <Box flexGrow={1}>
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 156c0233f..34c9fca56 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -10,6 +10,15 @@ import { ReactComponent as CpuIconSvg } from './cpu.svg';
 import { ReactComponent as FingerScanIconSvg } from './finger-scan.svg';
 import { ReactComponent as TreeViewIconSvg } from './tree-view.svg';
 import { ReactComponent as CloseIconSvg } from './close.svg';
+import { ReactComponent as DeployIconSvg } from './deploy.svg';
+import { ReactComponent as PruneIconSvg } from './prune.svg';
+import { ReactComponent as DiffIconSvg } from './diff.svg';
+import { ReactComponent as WarningIconSvg } from './warning.svg';
+import { ReactComponent as ErrorIconSvg } from './error.svg';
+import { ReactComponent as TrashIconSvg } from './trash.svg';
+import { ReactComponent as OrphanIconSvg } from './orphan.svg';
+import { ReactComponent as AddedIconSvg } from './added.svg';
+import { ReactComponent as ChangedIconSvg } from './changed.svg';
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -42,6 +51,18 @@ export const ProjectIcon = () => {
     return <ProjectIconSvg width="45px" height="45px" />
 }
 
+export const DeployIcon = () => {
+    return <DeployIconSvg width="45px" height="45px" />
+}
+
+export const PruneIcon = () => {
+    return <PruneIconSvg width="45px" height="45px" />
+}
+
+export const DiffIcon = () => {
+    return <DiffIconSvg width="45px" height="45px" />
+}
+
 export const CpuIcon = () => {
     return <CpuIconSvg width="24px" height="24px" />
 }
@@ -66,4 +87,28 @@ export const TreeViewIcon = () => {
 
 export const CloseIcon = () => {
     return <CloseIconSvg width="24px" height="24px" />
-}
\ No newline at end of file
+}
+
+export const WarningIcon = () => {
+    return <WarningIconSvg width="24px" height="24px" />
+}
+
+export const ErrorIcon = () => {
+    return <ErrorIconSvg width="24px" height="24px" />
+}
+
+export const TrashIcon = () => {
+    return <TrashIconSvg width="24px" height="24px" />
+}
+
+export const OrphanIcon = () => {
+    return <OrphanIconSvg width="24px" height="24px" />
+}
+
+export const AddedIcon = () => {
+    return <AddedIconSvg width="24px" height="24px" />
+}
+
+export const ChangedIcon = () => {
+    return <ChangedIconSvg width="24px" height="24px" />
+}
diff --git a/pkg/webui/ui/src/icons/added.svg b/pkg/webui/ui/src/icons/added.svg
new file mode 100644
index 000000000..1086507eb
--- /dev/null
+++ b/pkg/webui/ui/src/icons/added.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M21.74 9.44H2V6.42C2 3.98 3.98 2 6.42 2H8.75C10.38 2 10.89 2.53 11.54 3.4L12.94 5.26C13.25 5.67 13.29 5.73 13.87 5.73H16.66C19.03 5.72 21.05 7.28 21.74 9.44Z" fill="#39403E"/>
+<path d="M21.99 10.84C21.97 10.35 21.89 9.89 21.74 9.44H2V16.65C2 19.6 4.4 22 7.35 22H16.65C19.6 22 22 19.6 22 16.65V11.07C22 11 22 10.91 21.99 10.84ZM14.5 16.25H12.81V18C12.81 18.41 12.47 18.75 12.06 18.75C11.65 18.75 11.31 18.41 11.31 18V16.25H9.5C9.09 16.25 8.75 15.91 8.75 15.5C8.75 15.09 9.09 14.75 9.5 14.75H11.31V13C11.31 12.59 11.65 12.25 12.06 12.25C12.47 12.25 12.81 12.59 12.81 13V14.75H14.5C14.91 14.75 15.25 15.09 15.25 15.5C15.25 15.91 14.91 16.25 14.5 16.25Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/changed.svg b/pkg/webui/ui/src/icons/changed.svg
new file mode 100644
index 000000000..5ee26bbe6
--- /dev/null
+++ b/pkg/webui/ui/src/icons/changed.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M18.5698 22H13.9998C11.7098 22 10.5698 20.86 10.5698 18.57V11.43C10.5698 9.14 11.7098 8 13.9998 8H18.5698C20.8598 8 21.9998 9.14 21.9998 11.43V18.57C21.9998 20.86 20.8598 22 18.5698 22Z" fill="#39403E"/>
+<path d="M13.43 5.43V6.77C10.81 6.98 9.32 8.66 9.32 11.43V16H5.43C3.14 16 2 14.86 2 12.57V5.43C2 3.14 3.14 2 5.43 2H10C12.29 2 13.43 3.14 13.43 5.43Z" fill="#39403E"/>
+<path d="M18.1301 14.25H17.2501V13.37C17.2501 12.96 16.9101 12.62 16.5001 12.62C16.0901 12.62 15.7501 12.96 15.7501 13.37V14.25H14.8701C14.4601 14.25 14.1201 14.59 14.1201 15C14.1201 15.41 14.4601 15.75 14.8701 15.75H15.7501V16.63C15.7501 17.04 16.0901 17.38 16.5001 17.38C16.9101 17.38 17.2501 17.04 17.2501 16.63V15.75H18.1301C18.5401 15.75 18.8801 15.41 18.8801 15C18.8801 14.59 18.5401 14.25 18.1301 14.25Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/deploy.svg b/pkg/webui/ui/src/icons/deploy.svg
new file mode 100644
index 000000000..a3be467e3
--- /dev/null
+++ b/pkg/webui/ui/src/icons/deploy.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<path d="M18.1237 22.3313C14.9512 22.5563 14.9624 27.1688 18.1237 27.3938H25.6275C26.5387 27.405 27.4162 27.0563 28.0912 26.4488C30.3187 24.5025 29.1262 20.5988 26.2012 20.2275C25.155 13.8825 15.9862 16.29 18.1575 22.3313" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<g opacity="0.4">
+<path d="M11.25 25.875C11.25 30.2287 14.7713 33.75 19.125 33.75L17.9438 31.7812" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M33.75 19.125C33.75 14.7713 30.2287 11.25 25.875 11.25L27.0562 13.2188" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+</svg>
diff --git a/pkg/webui/ui/src/icons/diff.svg b/pkg/webui/ui/src/icons/diff.svg
new file mode 100644
index 000000000..ad1b92774
--- /dev/null
+++ b/pkg/webui/ui/src/icons/diff.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<g opacity="0.4">
+<path d="M19 22H27" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M23 26V18" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M20 32H26C31 32 33 30 33 25V19C33 14 31 12 26 12H20C15 12 13 14 13 19V25C13 30 15 32 20 32Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/error.svg b/pkg/webui/ui/src/icons/error.svg
new file mode 100644
index 000000000..2f9a8cd4b
--- /dev/null
+++ b/pkg/webui/ui/src/icons/error.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M14.9 2H9.10001C8.42001 2 7.46 2.4 6.98 2.88L2.88 6.98001C2.4 7.46001 2 8.42001 2 9.10001V14.9C2 15.58 2.4 16.54 2.88 17.02L6.98 21.12C7.46 21.6 8.42001 22 9.10001 22H14.9C15.58 22 16.54 21.6 17.02 21.12L21.12 17.02C21.6 16.54 22 15.58 22 14.9V9.10001C22 8.42001 21.6 7.46001 21.12 6.98001L17.02 2.88C16.54 2.4 15.58 2 14.9 2Z" fill="#d32f2f"/>
+<path d="M13.0599 12L16.0299 9.03C16.3199 8.74 16.3199 8.26 16.0299 7.97C15.7399 7.68 15.2599 7.68 14.9699 7.97L11.9999 10.94L9.02994 7.97C8.73994 7.68 8.25994 7.68 7.96994 7.97C7.67994 8.26 7.67994 8.74 7.96994 9.03L10.9399 12L7.96994 14.97C7.67994 15.26 7.67994 15.74 7.96994 16.03C8.11994 16.18 8.30994 16.25 8.49994 16.25C8.68994 16.25 8.87994 16.18 9.02994 16.03L11.9999 13.06L14.9699 16.03C15.1199 16.18 15.3099 16.25 15.4999 16.25C15.6899 16.25 15.8799 16.18 16.0299 16.03C16.3199 15.74 16.3199 15.26 16.0299 14.97L13.0599 12Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/orphan.svg b/pkg/webui/ui/src/icons/orphan.svg
new file mode 100644
index 000000000..43e777661
--- /dev/null
+++ b/pkg/webui/ui/src/icons/orphan.svg
@@ -0,0 +1,6 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3.13 16.7114C3.28 16.8614 3.47 16.9314 3.66 16.9314C3.85 16.9314 4.03999 16.8614 4.17999 16.7214C4.46999 16.4314 4.46999 15.9514 4.17999 15.6614C3.08999 14.5714 2.49001 13.1214 2.49001 11.5914C2.49001 8.41143 5.07001 5.82141 8.24001 5.82141L16.19 5.84143C16.5 5.84143 16.78 5.6514 16.89 5.3714C17 5.0914 17 4.5 16.19 4.3114H8.25C4.25 4.3114 1 7.57142 1 11.5814C1 13.5114 1.76 15.3314 3.13 16.7114Z" fill="#39403E"/>
+<path d="M7.30984 19.1613H9.18985L15.2598 19.1814C19.2598 19.1814 22.5098 15.9213 22.5098 11.9113C22.5098 9.98135 21.7498 8.1614 20.3798 6.7814C20.0898 6.4914 19.6099 6.4914 19.3199 6.7814C19.0299 7.0714 19.0299 7.5514 19.3199 7.8414C20.4099 8.9314 21.0098 10.3813 21.0098 11.9113C21.0098 15.0913 18.4298 17.6814 15.2598 17.6814L7.30984 17.6613C6.99984 17.6613 6.71984 17.8514 6.60984 18.1314C6.49984 18.4114 6.49994 18.9999 7.30984 19.1613Z" fill="#39403E"/>
+<path opacity="0.4" d="M8.5 15H14.5C16.43 15 18 13.6457 18 12C18 10.3543 16.43 9 14.5 9H8.5C6.57 9 5 10.3543 5 12C5 13.6457 6.57 15 8.5 15Z" fill="#39403E"/>
+<path d="M21 3L3 20" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/prune.svg b/pkg/webui/ui/src/icons/prune.svg
new file mode 100644
index 000000000..7c4784206
--- /dev/null
+++ b/pkg/webui/ui/src/icons/prune.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<path d="M32 15.98C28.67 15.65 25.32 15.48 21.98 15.48C20 15.48 18.02 15.58 16.04 15.78L14 15.98" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M19.5 14.97L19.72 13.66C19.88 12.71 20 12 21.69 12H24.31C26 12 26.13 12.75 26.28 13.67L26.5 14.97" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M29.8499 19.14L29.1999 29.21C29.0899 30.78 28.9999 32 26.2099 32H19.7899C16.9999 32 16.9099 30.78 16.7999 29.21L16.1499 19.14" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M21.3301 26.5H24.6601" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M20.5 22.5H25.5" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/trash.svg b/pkg/webui/ui/src/icons/trash.svg
new file mode 100644
index 000000000..426eec953
--- /dev/null
+++ b/pkg/webui/ui/src/icons/trash.svg
@@ -0,0 +1,6 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.0702 5.23C19.4602 5.07 17.8502 4.95 16.2302 4.86V4.85L16.0102 3.55C15.8602 2.63 15.6402 1.25 13.3002 1.25H10.6802C8.35016 1.25 8.13016 2.57 7.97016 3.54L7.76016 4.82C6.83016 4.88 5.90016 4.94 4.97016 5.03L2.93016 5.23C2.51016 5.27 2.21016 5.64 2.25016 6.05C2.29016 6.46 2.65016 6.76 3.07016 6.72L5.11016 6.52C10.3502 6 15.6302 6.2 20.9302 6.73C20.9602 6.73 20.9802 6.73 21.0102 6.73C21.3902 6.73 21.7202 6.44 21.7602 6.05C21.7902 5.64 21.4902 5.27 21.0702 5.23Z" fill="#39403E"/>
+<path opacity="0.3991" d="M19.2302 8.14C18.9902 7.89 18.6602 7.75 18.3202 7.75H5.68024C5.34024 7.75 5.00024 7.89 4.77024 8.14C4.54024 8.39 4.41024 8.73 4.43024 9.08L5.05024 19.34C5.16024 20.86 5.30024 22.76 8.79024 22.76H15.2102C18.7002 22.76 18.8402 20.87 18.9502 19.34L19.5702 9.09C19.5902 8.73 19.4602 8.39 19.2302 8.14Z" fill="#39403E"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M9.58008 17C9.58008 16.5858 9.91586 16.25 10.3301 16.25H13.6601C14.0743 16.25 14.4101 16.5858 14.4101 17C14.4101 17.4142 14.0743 17.75 13.6601 17.75H10.3301C9.91586 17.75 9.58008 17.4142 9.58008 17Z" fill="#39403E"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M8.75 13C8.75 12.5858 9.08579 12.25 9.5 12.25H14.5C14.9142 12.25 15.25 12.5858 15.25 13C15.25 13.4142 14.9142 13.75 14.5 13.75H9.5C9.08579 13.75 8.75 13.4142 8.75 13Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/warning.svg b/pkg/webui/ui/src/icons/warning.svg
new file mode 100644
index 000000000..788515486
--- /dev/null
+++ b/pkg/webui/ui/src/icons/warning.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.0802 8.58003V15.42C21.0802 16.54 20.4802 17.58 19.5102 18.15L13.5702 21.58C12.6002 22.14 11.4002 22.14 10.4202 21.58L4.48016 18.15C3.51016 17.59 2.91016 16.55 2.91016 15.42V8.58003C2.91016 7.46003 3.51016 6.41999 4.48016 5.84999L10.4202 2.42C11.3902 1.86 12.5902 1.86 13.5702 2.42L19.5102 5.84999C20.4802 6.41999 21.0802 7.45003 21.0802 8.58003Z" fill="#ed6c02"/>
+<path d="M12 13.75C11.59 13.75 11.25 13.41 11.25 13V7.75C11.25 7.34 11.59 7 12 7C12.41 7 12.75 7.34 12.75 7.75V13C12.75 13.41 12.41 13.75 12 13.75Z" fill="#DFEBE9"/>
+<path d="M12 17.25C11.87 17.25 11.74 17.22 11.62 17.17C11.49 17.12 11.39 17.05 11.29 16.96C11.2 16.86 11.13 16.75 11.07 16.63C11.02 16.51 11 16.38 11 16.25C11 15.99 11.1 15.73 11.29 15.54C11.39 15.45 11.49 15.38 11.62 15.33C11.99 15.17 12.43 15.26 12.71 15.54C12.8 15.64 12.87 15.74 12.92 15.87C12.97 15.99 13 16.12 13 16.25C13 16.38 12.97 16.51 12.92 16.63C12.87 16.75 12.8 16.86 12.71 16.96C12.52 17.15 12.27 17.25 12 17.25Z" fill="#DFEBE9"/>
+</svg>

From 378b76bdecb62e3477a190ff9aa91fc74da75bdb Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 1 Jun 2023 21:22:17 +0600
Subject: [PATCH 1134/2268] Updated left drawer styles.

---
 pkg/webui/ui/src/components/LeftDrawer.tsx | 29 +++++++++++++++-------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index a5bd4e5fe..85df4d530 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -100,24 +100,36 @@ const Drawer = styled(MuiDrawer, { shouldForwardProp: (prop) => prop !== 'open'
 );
 
 function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: string }) {
-    return <ListItem component={Link} to={props.to} key={props.text} disablePadding sx={{ display: 'block' }}>
+    return <ListItem component={Link} to={props.to} key={props.text} disablePadding sx={{ display: 'block', margin: '14px 0' }}>
         <ListItemButton
             sx={{
-                minHeight: 48,
-                justifyContent: props.open ? 'initial' : 'center',
-                px: '24px',
+                height: '60px',
+                justifyContent: 'start',
+                alignItems: 'center',
+                gap: '15px',
+                padding: '0 24px'
             }}
         >
             <ListItemIcon
                 sx={{
                     minWidth: 0,
-                    mr: props.open ? 3 : 'auto',
+                    flex: '0 0 auto',
                     justifyContent: 'center',
+                    alignItems: 'center',
                 }}
             >
                 {props.icon}
             </ListItemIcon>
-            <ListItemText primary={props.text} sx={{ opacity: props.open ? 1 : 0 }} />
+            <ListItemText
+                primary={props.text}
+                sx={{ display: props.open ? 'block' : 'none', margin: 0 }}
+                primaryTypographyProps={{
+                    fontWeight: 500,
+                    fontSize: '24px',
+                    lineHeight: '33px',
+                    letterSpacing: '1px',
+                }}
+            />
         </ListItemButton>
     </ListItem>
 }
@@ -180,9 +192,8 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                         </IconButton>
                     </DrawerHeader>
                     <Divider />
-                    <List sx={{ padding: 0 }}>
+                    <List sx={{ padding: '10px 0 0 0' }}>
                         <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} />
-                        <Divider />
                         {context.filters}
                     </List>
                     {context.filters && <Divider />}
@@ -190,7 +201,7 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
             </ThemeProvider>
             <Box component="main" sx={{ flexGrow: 1, height: '100%', overflow: 'hidden' }} minWidth={0}>
                 <DrawerHeader />
-                <Divider sx={{ margin: '0 40px' }}/>
+                <Divider sx={{ margin: '0 40px' }} />
                 <Box width='100%' height={`calc(100% - ${theme.consts.appBarHeight}px)`} overflow='auto'>
                     {props.content}
                 </Box>

From ecdf0c49a94fabe31d646661635dfd7c09dee8f2 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 1 Jun 2023 22:00:50 +0600
Subject: [PATCH 1135/2268] Fix tooltips for icons of Command result nodes.

---
 .../ui/src/components/targets-view/CommandResultItem.tsx  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 3e305c9b2..8812d8181 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -63,11 +63,11 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
     >
         <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
             <Box display='flex' gap='15px'>
-                <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
-                    <Tooltip title={iconTooltip}>
+                <Tooltip title={iconTooltip}>
+                    <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
                         <Icon />
-                    </Tooltip>
-                </Box>
+                    </Box>
+                </Tooltip>
                 <Box flexGrow={1}>
                     <Typography
                         variant='h6'

From 77190344f3414e41d5c1aa4cb1959d602fe954fa Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Fri, 2 Jun 2023 01:26:42 +0600
Subject: [PATCH 1136/2268] Result tree page: added filters.

---
 pkg/webui/ui/src/components/App.tsx           |   9 +-
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  96 ++++++++------
 .../result-view/CommandResultView.tsx         | 123 +++++++++++++++---
 pkg/webui/ui/src/icons/Icons.tsx              |  35 +++++
 pkg/webui/ui/src/icons/arrow-left.svg         |   4 +
 pkg/webui/ui/src/icons/changes.svg            |   5 +
 pkg/webui/ui/src/icons/checkbox-checked.svg   |   5 +
 pkg/webui/ui/src/icons/checkbox-disabled.svg  |   4 +
 pkg/webui/ui/src/icons/checkbox.svg           |   3 +
 pkg/webui/ui/src/icons/star.svg               |   4 +
 pkg/webui/ui/src/icons/warning-sign.svg       |   5 +
 11 files changed, 236 insertions(+), 57 deletions(-)
 create mode 100644 pkg/webui/ui/src/icons/arrow-left.svg
 create mode 100644 pkg/webui/ui/src/icons/changes.svg
 create mode 100644 pkg/webui/ui/src/icons/checkbox-checked.svg
 create mode 100644 pkg/webui/ui/src/icons/checkbox-disabled.svg
 create mode 100644 pkg/webui/ui/src/icons/checkbox.svg
 create mode 100644 pkg/webui/ui/src/icons/star.svg
 create mode 100644 pkg/webui/ui/src/icons/warning-sign.svg

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index ba36ddc4a..7c326111b 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,14 +1,15 @@
-import React, { useState } from 'react';
+import React, { Dispatch, SetStateAction, useState } from 'react';
 
 import '../index.css';
 import { Box, ThemeProvider } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
 import { light } from './theme';
+import { ActiveFilters } from './result-view/NodeStatusFilter';
 
 export interface AppOutletContext {
-    filters?: React.ReactNode
-    setFilters: (filter: React.ReactNode) => void
+    filters?: ActiveFilters
+    setFilters: Dispatch<SetStateAction<ActiveFilters | undefined>>
 }
 
 export function useAppOutletContext(): AppOutletContext {
@@ -16,7 +17,7 @@ export function useAppOutletContext(): AppOutletContext {
 }
 
 const App = () => {
-    const [filters, setFilters] = useState<React.ReactNode>()
+    const [filters, setFilters] = useState<ActiveFilters>()
 
     const context: AppOutletContext = {
         filters: filters,
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 85df4d530..62cacf4a5 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -11,9 +11,9 @@ import ListItem from '@mui/material/ListItem';
 import ListItemButton from '@mui/material/ListItemButton';
 import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
-import { Link } from "react-router-dom";
+import { Link, useLocation, useNavigate } from "react-router-dom";
 import { AppOutletContext } from "./App";
-import { KluctlLogo, TargetsIcon, KluctlText, SearchIcon } from '../icons/Icons';
+import { KluctlLogo, TargetsIcon, KluctlText, SearchIcon, ArrowLeftIcon } from '../icons/Icons';
 import { dark } from './theme';
 import { Typography } from '@mui/material';
 
@@ -135,50 +135,74 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
 }
 
 export default function LeftDrawer(props: { content: React.ReactNode, context: AppOutletContext }) {
-    const context = props.context
-
     const [open, setOpen] = useState(true);
-
+    const location = useLocation()
+    const navigate = useNavigate();
     const theme = useTheme();
 
     const toggleDrawer = () => {
         setOpen(o => !o);
     };
 
+    const path = location.pathname.split('/')[1];
+    let header: JSX.Element | null = null;
+    switch (path) {
+        case 'targets':
+            header = <>
+                <Typography variant='h1'>
+                    Dashboard
+                </Typography>
+                <Box
+                    height='40px'
+                    maxWidth='314px'
+                    flexGrow={1}
+                    borderRadius='10px'
+                    display='flex'
+                    justifyContent='space-between'
+                    alignItems='center'
+                    padding='0 9px 0 15px'
+                    sx={{ background: theme.palette.background.default }}
+                >
+                    <input
+                        type='text'
+                        style={{
+                            background: 'none',
+                            border: 'none',
+                            outline: 'none',
+                            height: '20px',
+                            lineHeight: '20px',
+                            fontSize: '18px'
+                        }}
+                        placeholder='Search'
+                    />
+                    <IconButton sx={{ padding: 0, height: 40, width: 40 }}>
+                        <SearchIcon />
+                    </IconButton>
+                </Box>
+            </>
+            break;
+        case 'results':
+            header = <Box
+                display='flex'
+                alignItems='center'
+                justifyContent='start'
+                gap='12px'
+            >
+                <IconButton sx={{ padding: 0 }} onClick={() => navigate('/targets')}>
+                    <ArrowLeftIcon />
+                </IconButton>
+                <Typography variant='h1'>
+                    Result Tree
+                </Typography>
+            </Box>
+            break;
+    }
+
     return (
         <Box display='flex' height='100%'>
             <AppBar position='fixed' open={open}>
                 <Box display='flex' justifyContent='space-between'>
-                    <Typography variant='h1'>
-                        Dashboard
-                    </Typography>
-                    <Box
-                        height='40px'
-                        maxWidth='314px'
-                        flexGrow={1}
-                        borderRadius='10px'
-                        display='flex'
-                        justifyContent='space-between'
-                        alignItems='center'
-                        padding='0 9px 0 15px'
-                        sx={{ background: theme.palette.background.default }}
-                    >
-                        <input
-                            type='text'
-                            style={{
-                                background: 'none',
-                                border: 'none',
-                                outline: 'none',
-                                height: '20px',
-                                lineHeight: '20px',
-                                fontSize: '18px'
-                            }}
-                            placeholder='Search'
-                        />
-                        <IconButton sx={{ padding: 0, height: 40, width: 40 }}>
-                            <SearchIcon />
-                        </IconButton>
-                    </Box>
+                    {header}
                 </Box>
             </AppBar>
             <ThemeProvider theme={dark}>
@@ -194,9 +218,7 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                     <Divider />
                     <List sx={{ padding: '10px 0 0 0' }}>
                         <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} />
-                        {context.filters}
                     </List>
-                    {context.filters && <Divider />}
                 </Drawer>
             </ThemeProvider>
             <Box component="main" sx={{ flexGrow: 1, height: '100%', overflow: 'hidden' }} minWidth={0}>
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 607bc925b..a09a061f5 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,6 +1,6 @@
 import * as React from 'react';
 import { useEffect, useState } from 'react';
-import { Box, Divider } from "@mui/material";
+import { Box, Checkbox, CheckboxProps, Divider, FormControlLabel, FormLabel, Typography } from "@mui/material";
 import { CommandResult, CommandResultSummary, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
@@ -9,6 +9,7 @@ import CommandResultTree from "./CommandResultTree";
 import { useLoaderData } from "react-router-dom";
 import { api } from "../../api";
 import { useAppOutletContext } from "../App";
+import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -28,26 +29,116 @@ export async function commandResultLoader({ params }: any) {
     }
 }
 
+const FilterCheckbox = (props: {
+    text: string,
+    checked: boolean,
+    Icon: () => JSX.Element,
+    onChange: CheckboxProps['onChange']
+}) => {
+    const { text, checked, Icon, onChange } = props;
+    return <FormControlLabel
+        sx={{
+            display: 'flex',
+            justifyContent: 'center',
+            alignItems: 'center',
+            margin: 0,
+            padding: 0
+        }}
+        control={
+            <Checkbox
+                checked={checked}
+                sx={{
+                    display: 'flex',
+                    justifyContent: 'center',
+                    alignItems: 'center'
+                }}
+                onChange={onChange}
+                icon={<CheckboxIcon />}
+                checkedIcon={<CheckboxCheckedIcon />}
+            />
+        }
+        slotProps={{
+            typography: {
+                sx: {
+                    display: 'flex',
+                    justifyContent: 'center',
+                    alignItems: 'center',
+                    gap: '10px',
+                }
+            }
+        }}
+        label={
+            <>
+                <Typography variant='h2'>{text}</Typography>
+                <Box
+                    flex='0 0 auto'
+                    display='flex'
+                    alignItems='center'
+                    justifyContent='center'
+                >
+                    <Icon />
+                </Box>
+            </>
+        }
+    />
+}
+
+const defaultFilters = {
+    onlyImportant: false,
+    onlyChanged: false,
+    onlyWithErrorsOrWarnings: false
+}
+
 export const CommandResultView = () => {
-    const context = useAppOutletContext()
-    const commandResultProps = useLoaderData() as CommandResultProps
-    const [activeFilters, setActiveFilters] = useState<ActiveFilters>()
-    const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>()
-
-    useEffect(() => {
-        context.setFilters(<>
-            <NodeStatusFilter onFilterChange={setActiveFilters}/>
-        </>)
-    }, [])
-
-    return <Box display="flex" justifyContent={"space-between"} width={"100%"} height={"100%"}>
+    const context = useAppOutletContext();
+    const commandResultProps = useLoaderData() as CommandResultProps;
+    const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>();
+
+    const divider = <Divider
+        orientation='vertical'
+        sx={{
+            height: '40px',
+            margin: '0 20px 0 30px'
+        }}
+    />;
+
+    const handleFilterChange = (filter: keyof ActiveFilters) => (_: React.ChangeEvent, checked: boolean) => {
+        context.setFilters(fs => ({
+            ...(fs || defaultFilters),
+            [filter]: checked
+        }));
+    }
+
+    return <Box width={"100%"} height={"100%"} p='0 40px'>
+        <Box display={"flex"} alignItems={"center"} minHeight='70px'>
+            <FilterCheckbox
+                text='Only important'
+                checked={!!context.filters?.onlyImportant}
+                Icon={StarIcon}
+                onChange={handleFilterChange('onlyImportant')}
+            />
+            {divider}
+            <FilterCheckbox
+                text='Only with changes'
+                checked={!!context.filters?.onlyChanged}
+                Icon={ChangesIcon}
+                onChange={handleFilterChange('onlyChanged')}
+            />
+            {divider}
+            <FilterCheckbox
+                text='Only with errors and warnings'
+                checked={!!context.filters?.onlyWithErrorsOrWarnings}
+                Icon={WarningSignIcon}
+                onChange={handleFilterChange('onlyWithErrorsOrWarnings')}
+            />
+        </Box>
+        <Divider />
         <Box width={"50%"} minWidth={0} overflow={"auto"}>
             <CommandResultTree commandResultProps={commandResultProps} onSelectNode={setSidePanelNode}
-                               activeFilters={activeFilters}/>
+                activeFilters={context.filters} />
         </Box>
-        <Divider orientation="vertical" flexItem/>
         <Box width={"50%"} minWidth={0}>
-            <SidePanel provider={sidePanelNode}/>
+            <SidePanel provider={sidePanelNode} />
         </Box>
     </Box>
 }
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 34c9fca56..19227081e 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -19,6 +19,13 @@ import { ReactComponent as TrashIconSvg } from './trash.svg';
 import { ReactComponent as OrphanIconSvg } from './orphan.svg';
 import { ReactComponent as AddedIconSvg } from './added.svg';
 import { ReactComponent as ChangedIconSvg } from './changed.svg';
+import { ReactComponent as CheckboxIconSvg } from './checkbox.svg';
+import { ReactComponent as CheckboxCheckedIconSvg } from './checkbox-checked.svg';
+import { ReactComponent as CheckboxDisabledIconSvg } from './checkbox-disabled.svg';
+import { ReactComponent as ArrowLeftIconSvg } from './arrow-left.svg';
+import { ReactComponent as WarningSignIconSvg } from './warning-sign.svg';
+import { ReactComponent as ChangesIconSvg } from './changes.svg';
+import { ReactComponent as StarIconSvg } from './star.svg';
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -112,3 +119,31 @@ export const AddedIcon = () => {
 export const ChangedIcon = () => {
     return <ChangedIconSvg width="24px" height="24px" />
 }
+
+export const CheckboxIcon = () => {
+    return <CheckboxIconSvg width="24px" height="24px" />
+}
+
+export const CheckboxCheckedIcon = () => {
+    return <CheckboxCheckedIconSvg width="24px" height="24px" />
+}
+
+export const CheckboxDisabledIcon = () => {
+    return <CheckboxDisabledIconSvg width="24px" height="24px" />
+}
+
+export const ArrowLeftIcon = () => {
+    return <ArrowLeftIconSvg width="40px" height="40px" />
+}
+
+export const WarningSignIcon = () => {
+    return <WarningSignIconSvg width="21px" height="21px" />
+}
+
+export const ChangesIcon = () => {
+    return <ChangesIconSvg width="21px" height="21px" />
+}
+
+export const StarIcon = () => {
+    return <StarIconSvg width="21px" height="21px" />
+}
diff --git a/pkg/webui/ui/src/icons/arrow-left.svg b/pkg/webui/ui/src/icons/arrow-left.svg
new file mode 100644
index 000000000..5f8ccdd11
--- /dev/null
+++ b/pkg/webui/ui/src/icons/arrow-left.svg
@@ -0,0 +1,4 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M20.0002 36.6666C29.2049 36.6666 36.6668 29.2047 36.6668 19.9999C36.6668 10.7952 29.2049 3.33325 20.0002 3.33325C10.7954 3.33325 3.3335 10.7952 3.3335 19.9999C3.3335 29.2047 10.7954 36.6666 20.0002 36.6666Z" fill="#222222"/>
+<path d="M25.8334 18.75L17.1834 18.75L20.0501 15.8833C20.5334 15.4 20.5334 14.6 20.0501 14.1167C19.5667 13.6333 18.7667 13.6333 18.2834 14.1167L13.2834 19.1166C12.8001 19.6 12.8001 20.4 13.2834 20.8833L18.2834 25.8833C18.5334 26.1333 18.8501 26.25 19.1667 26.25C19.4834 26.25 19.8001 26.1333 20.0501 25.8833C20.5334 25.4 20.5334 24.6 20.0501 24.1166L17.1834 21.25L25.8334 21.25C26.5167 21.25 27.0834 20.6833 27.0834 20C27.0834 19.3166 26.5167 18.75 25.8334 18.75Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/changes.svg b/pkg/webui/ui/src/icons/changes.svg
new file mode 100644
index 000000000..fe25e1e1f
--- /dev/null
+++ b/pkg/webui/ui/src/icons/changes.svg
@@ -0,0 +1,5 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M18.375 19.25H2.625C2.26625 19.25 1.96875 18.9525 1.96875 18.5938C1.96875 18.235 2.26625 17.9375 2.625 17.9375H18.375C18.7337 17.9375 19.0312 18.235 19.0312 18.5938C19.0312 18.9525 18.7337 19.25 18.375 19.25Z" fill="#222222"/>
+<path opacity="0.4" d="M16.6423 3.04495C14.9448 1.34745 13.2823 1.3037 11.541 3.04495L10.4823 4.1037C10.3948 4.1912 10.3598 4.3312 10.3948 4.4537C11.0598 6.77245 12.9148 8.62745 15.2335 9.29245C15.2685 9.3012 15.3035 9.30995 15.3385 9.30995C15.4348 9.30995 15.5223 9.27495 15.5923 9.20496L16.6423 8.1462C17.5085 7.2887 17.9285 6.45745 17.9285 5.61745C17.9373 4.7512 17.5173 3.9112 16.6423 3.04495Z" fill="#222222"/>
+<path d="M13.6588 10.0887C13.405 9.9662 13.16 9.8437 12.9238 9.7037C12.7313 9.58995 12.5475 9.46745 12.3638 9.3362C12.215 9.23995 12.04 9.09995 11.8738 8.95995C11.8563 8.9512 11.795 8.8987 11.725 8.8287C11.4363 8.5837 11.1125 8.2687 10.8238 7.9187C10.7975 7.9012 10.7538 7.83995 10.6925 7.7612C10.605 7.6562 10.4563 7.4812 10.325 7.27995C10.22 7.1487 10.0975 6.9562 9.98378 6.7637C9.84378 6.52745 9.72129 6.2912 9.59879 6.0462C9.47629 5.7837 9.38003 5.52995 9.29253 5.2937L3.79753 10.7887C3.68378 10.9025 3.57878 11.1212 3.55253 11.27L3.08003 14.6212C2.99253 15.2162 3.15878 15.7762 3.52628 16.1524C3.84129 16.4587 4.27878 16.625 4.75128 16.625C4.85628 16.625 4.96128 16.6162 5.06628 16.5987L8.42629 16.1262C8.58379 16.1 8.80254 15.995 8.90754 15.8812L14.4025 10.3862C14.1575 10.2987 13.9213 10.2025 13.6588 10.0887Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/checkbox-checked.svg b/pkg/webui/ui/src/icons/checkbox-checked.svg
new file mode 100644
index 000000000..f9e6a1557
--- /dev/null
+++ b/pkg/webui/ui/src/icons/checkbox-checked.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="3" y="3" width="18" height="18" rx="5" fill="#001628"/>
+<path d="M9.70711 11.2929C9.31658 10.9024 8.68342 10.9024 8.29289 11.2929C7.90237 11.6834 7.90237 12.3166 8.29289 12.7071L10.2929 14.7071C10.6834 15.0976 11.3166 15.0976 11.7071 14.7071L15.7071 10.7071C16.0976 10.3166 16.0976 9.68342 15.7071 9.29289C15.3166 8.90237 14.6834 8.90237 14.2929 9.29289L11 12.5858L9.70711 11.2929Z" fill="#DFEBE9"/>
+<rect x="3" y="3" width="18" height="18" rx="5" stroke="#001628" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/checkbox-disabled.svg b/pkg/webui/ui/src/icons/checkbox-disabled.svg
new file mode 100644
index 000000000..9922728ac
--- /dev/null
+++ b/pkg/webui/ui/src/icons/checkbox-disabled.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="2" y="2" width="20" height="20" rx="6" fill="black" fill-opacity="0.08"/>
+<rect x="3" y="3" width="18" height="18" rx="5" stroke="black" stroke-opacity="0.16" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/checkbox.svg b/pkg/webui/ui/src/icons/checkbox.svg
new file mode 100644
index 000000000..f9f5f7b78
--- /dev/null
+++ b/pkg/webui/ui/src/icons/checkbox.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect opacity="0.8" x="3" y="3.5" width="18" height="18" rx="3" stroke="#222222" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/star.svg b/pkg/webui/ui/src/icons/star.svg
new file mode 100644
index 000000000..0fda929ba
--- /dev/null
+++ b/pkg/webui/ui/src/icons/star.svg
@@ -0,0 +1,4 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M5.02268 14C5.11893 13.5712 4.94393 12.9587 4.63768 12.6525L2.51143 10.5262C1.84643 9.86125 1.58393 9.1525 1.77643 8.54C1.97768 7.9275 2.59893 7.5075 3.52643 7.35L6.25643 6.895C6.65018 6.825 7.13143 6.475 7.31518 6.11625L8.82018 3.0975C9.25768 2.23125 9.85268 1.75 10.5002 1.75C11.1477 1.75 11.7427 2.23125 12.1802 3.0975L13.6852 6.11625C13.7989 6.34375 14.0352 6.5625 14.2889 6.71125L4.86518 16.135C4.74268 16.2575 4.53268 16.1437 4.56768 15.9687L5.02268 14Z" fill="#222222"/>
+<path d="M16.3627 12.6524C16.0477 12.9674 15.8727 13.5712 15.9777 13.9999L16.5814 16.6337C16.8352 17.7274 16.6777 18.5499 16.1352 18.9437C15.9164 19.1012 15.6539 19.1799 15.3477 19.1799C14.9014 19.1799 14.3764 19.0137 13.7989 18.6724L11.2352 17.1499C10.8327 16.9137 10.1677 16.9137 9.76519 17.1499L7.20144 18.6724C6.23019 19.2412 5.39895 19.3374 4.8652 18.9437C4.66395 18.7949 4.5152 18.5937 4.41895 18.3312L15.0589 7.69116C15.4614 7.28866 16.0302 7.10491 16.5814 7.20116L17.4652 7.34991C18.3927 7.50741 19.0139 7.92741 19.2152 8.53991C19.4077 9.15241 19.1452 9.86116 18.4802 10.5262L16.3627 12.6524Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/warning-sign.svg b/pkg/webui/ui/src/icons/warning-sign.svg
new file mode 100644
index 000000000..e38fa71b2
--- /dev/null
+++ b/pkg/webui/ui/src/icons/warning-sign.svg
@@ -0,0 +1,5 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M19.0402 13.93L13.4402 3.85C12.6877 2.49375 11.6464 1.75 10.5002 1.75C9.35391 1.75 8.31266 2.49375 7.56016 3.85L1.96016 13.93C1.25141 15.2162 1.17266 16.45 1.74141 17.4212C2.31016 18.3925 3.43016 18.9262 4.90016 18.9262H16.1002C17.5702 18.9262 18.6902 18.3925 19.2589 17.4212C19.8277 16.45 19.7489 15.2075 19.0402 13.93Z" fill="#222222"/>
+<path d="M10.5 12.9062C10.1413 12.9062 9.84375 12.6087 9.84375 12.25V7.875C9.84375 7.51625 10.1413 7.21875 10.5 7.21875C10.8587 7.21875 11.1562 7.51625 11.1562 7.875V12.25C11.1562 12.6087 10.8587 12.9062 10.5 12.9062Z" fill="#222222"/>
+<path d="M10.5 15.75C10.4475 15.75 10.3863 15.7412 10.325 15.7325C10.2725 15.7237 10.22 15.7062 10.1675 15.68C10.115 15.6625 10.0625 15.6362 10.01 15.6012C9.96625 15.5662 9.9225 15.5312 9.87875 15.4962C9.72125 15.33 9.625 15.1025 9.625 14.875C9.625 14.6475 9.72125 14.42 9.87875 14.2537C9.9225 14.2187 9.96625 14.1837 10.01 14.1487C10.0625 14.1137 10.115 14.0875 10.1675 14.07C10.22 14.0437 10.2725 14.0262 10.325 14.0175C10.4388 13.9912 10.5612 13.9912 10.6662 14.0175C10.7275 14.0262 10.78 14.0437 10.8325 14.07C10.885 14.0875 10.9375 14.1137 10.99 14.1487C11.0338 14.1837 11.0775 14.2187 11.1213 14.2537C11.2788 14.42 11.375 14.6475 11.375 14.875C11.375 15.1025 11.2788 15.33 11.1213 15.4962C11.0775 15.5312 11.0338 15.5662 10.99 15.6012C10.9375 15.6362 10.885 15.6625 10.8325 15.68C10.78 15.7062 10.7275 15.7237 10.6662 15.7325C10.6137 15.7412 10.5525 15.75 10.5 15.75Z" fill="#222222"/>
+</svg>

From 97975b31430abc2cee5021fe6c21d492ef81b031 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Fri, 2 Jun 2023 05:08:05 +0600
Subject: [PATCH 1137/2268] WIP Result tree page.

---
 .../result-view/CommandResultTree.tsx         | 70 +++++++++++++++----
 .../result-view/CommandResultView.tsx         | 29 +++++---
 pkg/webui/ui/src/components/theme.ts          |  2 +-
 3 files changed, 78 insertions(+), 23 deletions(-)

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index d1986046a..f9c00216d 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -9,6 +9,7 @@ import { NodeData } from "./nodes/NodeData";
 import { ActiveFilters, FilterNode } from "./NodeStatusFilter";
 import { CommandResultProps } from "./CommandResultView";
 import { Loading } from "../Loading";
+import { Box, Divider, Paper, useTheme } from '@mui/material';
 
 export interface CommandResultTreeProps {
     commandResultProps?: CommandResultProps
@@ -18,6 +19,7 @@ export interface CommandResultTreeProps {
 }
 
 const CommandResultTree = (props: CommandResultTreeProps) => {
+    const theme = useTheme();
     const [expanded, setExpanded] = useState<string[]>(["root"]);
     const [selectedNodeId, setSelectedNodeId] = useState<string>()
 
@@ -67,8 +69,50 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
         return <TreeItem
             key={nodes.id}
             nodeId={nodes.id}
-            label={<div onClick={(e: React.SyntheticEvent) => handleItemClick(e, nodes)}>{nodes.buildTreeItem()}</div>}
-            sx={{ marginBottom: "5px", marginTop: "5px" }}
+            label={
+                <Box
+                    display='flex'
+                    alignItems='center'
+                    onClick={(e: React.SyntheticEvent) => handleItemClick(e, nodes)}
+                    pl='22px'
+                    position='relative'
+                >
+                    {nodes.children.length !== 0 &&
+                        <Divider
+                            orientation='vertical'
+                            sx={{
+                                height: '40px',
+                                position: 'absolute',
+                                left: 0
+                            }}
+                        />
+                    }
+                    {nodes.buildTreeItem()}
+                </Box>
+            }
+            sx={{
+                '& .MuiTreeItem-content': {
+                    height: '78px',
+                    borderBottom: `0.5px solid ${theme.palette.secondary.main}`,
+                    padding: 0,
+                    '& .MuiTreeItem-iconContainer': {
+                        width: '50px',
+                        height: '50px',
+                        margin: 0,
+                        padding: 0,
+                        display: nodes.children.length !== 0 ? 'flex' : 'none',
+                        justifyContent: 'center',
+                        alignItems: 'center',
+                    },
+                    '& .MuiTreeItem-label': {
+                        margin: 0,
+                        padding: 0
+                    }
+                },
+                '& .MuiTreeItem-group': {
+                    margin: '0 0 0 38px'
+                },
+            }}
             onDoubleClick={(e: React.SyntheticEvent) => handleDoubleClick(e, nodes)}
         >
             {Array.isArray(nodes.children)
@@ -78,18 +122,20 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
     };
 
     if (!rootNode) {
-        return <Loading/>
+        return <Loading />
     }
 
-    return <TreeView expanded={expanded}
-                     onNodeToggle={handleToggle}
-                     aria-label="rich object"
-                     defaultCollapseIcon={<ExpandMoreIcon/>}
-                     defaultExpandIcon={<ChevronRightIcon/>}
-                     sx={{ width: "100%" }}
-    >
-        {renderTree(rootNode)}
-    </TreeView>
+    return <Paper sx={{ padding: '20px 40px' }}>
+        <TreeView expanded={expanded}
+            onNodeToggle={handleToggle}
+            aria-label="rich object"
+            defaultCollapseIcon={<ExpandMoreIcon />}
+            defaultExpandIcon={<ChevronRightIcon />}
+            sx={{ width: "100%" }}
+        >
+            {renderTree(rootNode)}
+        </TreeView>
+    </Paper>
 }
 
 export default CommandResultTree;
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index a09a061f5..b9186b71e 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,10 +1,10 @@
 import * as React from 'react';
-import { useEffect, useState } from 'react';
-import { Box, Checkbox, CheckboxProps, Divider, FormControlLabel, FormLabel, Typography } from "@mui/material";
+import { useState } from 'react';
+import { Box, Checkbox, CheckboxProps, Divider, FormControlLabel, Typography } from "@mui/material";
 import { CommandResult, CommandResultSummary, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
-import { ActiveFilters, NodeStatusFilter } from "./NodeStatusFilter";
+import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useLoaderData } from "react-router-dom";
 import { api } from "../../api";
@@ -109,8 +109,14 @@ export const CommandResultView = () => {
         }));
     }
 
-    return <Box width={"100%"} height={"100%"} p='0 40px'>
-        <Box display={"flex"} alignItems={"center"} minHeight='70px'>
+    return <Box
+        width='100%'
+        height='100%'
+        display='flex'
+        flexDirection='column'
+        overflow='hidden'
+    >
+        <Box display='flex' alignItems='center' minHeight='70px' p='0 40px'>
             <FilterCheckbox
                 text='Only important'
                 checked={!!context.filters?.onlyImportant}
@@ -132,12 +138,15 @@ export const CommandResultView = () => {
                 onChange={handleFilterChange('onlyWithErrorsOrWarnings')}
             />
         </Box>
-        <Divider />
-        <Box width={"50%"} minWidth={0} overflow={"auto"}>
-            <CommandResultTree commandResultProps={commandResultProps} onSelectNode={setSidePanelNode}
-                activeFilters={context.filters} />
+        <Divider sx={{ margin: '0 40px' }} />
+        <Box p='25px 40px' overflow='auto'>
+            <CommandResultTree
+                commandResultProps={commandResultProps}
+                onSelectNode={setSidePanelNode}
+                activeFilters={context.filters}
+            />
         </Box>
-        <Box width={"50%"} minWidth={0}>
+        <Box>
             <SidePanel provider={sidePanelNode} />
         </Box>
     </Box>
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index 86d328802..14680cd0a 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -73,7 +73,7 @@ export const light = createTheme(common, {
         MuiDivider: {
             styleOverrides: {
                 root: {
-                    borderColor: 'rgba(0, 0, 0, 0.5)'
+                    borderColor: paletteLight.secondary.main,
                 }
             }
         },

From 876f49e34c60ae317c62629c5349e24c06bfaa78 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 3 Jun 2023 02:19:11 +0600
Subject: [PATCH 1138/2268] Result tree styling.

---
 .../result-view/CommandResultTree.tsx         |  19 ++-
 .../result-view/nodes/CommandResultNode.tsx   |   4 +-
 .../nodes/DeploymentItemIncludeNode.tsx       |   5 +-
 .../components/result-view/nodes/NodeData.tsx | 108 ++++++++++++++----
 .../result-view/nodes/ObjectNode.tsx          |  38 +++---
 .../nodes/VarsSourceCollectionNode.tsx        |   4 +-
 .../result-view/nodes/VarsSourceNode.tsx      |   6 +-
 pkg/webui/ui/src/icons/Icons.tsx              |  35 ++++++
 pkg/webui/ui/src/icons/brackets-curly.svg     |   3 +
 pkg/webui/ui/src/icons/brackets-square.svg    |   3 +
 pkg/webui/ui/src/icons/file.svg               |   5 +
 pkg/webui/ui/src/icons/include.svg            |   7 ++
 pkg/webui/ui/src/icons/result.svg             |   8 ++
 pkg/webui/ui/src/icons/triangle-down.svg      |   4 +
 pkg/webui/ui/src/icons/triangle-right.svg     |   4 +
 15 files changed, 194 insertions(+), 59 deletions(-)
 create mode 100644 pkg/webui/ui/src/icons/brackets-curly.svg
 create mode 100644 pkg/webui/ui/src/icons/brackets-square.svg
 create mode 100644 pkg/webui/ui/src/icons/file.svg
 create mode 100644 pkg/webui/ui/src/icons/include.svg
 create mode 100644 pkg/webui/ui/src/icons/result.svg
 create mode 100644 pkg/webui/ui/src/icons/triangle-down.svg
 create mode 100644 pkg/webui/ui/src/icons/triangle-right.svg

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index f9c00216d..56c3174b7 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -2,14 +2,13 @@ import * as React from 'react';
 import { useEffect, useMemo, useState } from 'react';
 import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
-import ExpandMoreIcon from '@mui/icons-material/ExpandMore';
-import ChevronRightIcon from '@mui/icons-material/ChevronRight';
 import { NodeBuilder } from "./nodes/NodeBuilder";
 import { NodeData } from "./nodes/NodeData";
 import { ActiveFilters, FilterNode } from "./NodeStatusFilter";
 import { CommandResultProps } from "./CommandResultView";
 import { Loading } from "../Loading";
 import { Box, Divider, Paper, useTheme } from '@mui/material';
+import { TriangleDownIcon, TriangleRightIcon } from '../../icons/Icons';
 
 export interface CommandResultTreeProps {
     commandResultProps?: CommandResultProps
@@ -75,6 +74,8 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
                     alignItems='center'
                     onClick={(e: React.SyntheticEvent) => handleItemClick(e, nodes)}
                     pl='22px'
+                    height='100%'
+                    flex='1 1 auto'
                     position='relative'
                 >
                     {nodes.children.length !== 0 &&
@@ -87,7 +88,7 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
                             }}
                         />
                     }
-                    {nodes.buildTreeItem()}
+                    {nodes.buildTreeItem(nodes.children.length !== 0)}
                 </Box>
             }
             sx={{
@@ -95,9 +96,11 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
                     height: '78px',
                     borderBottom: `0.5px solid ${theme.palette.secondary.main}`,
                     padding: 0,
+                    overflow: 'hidden',
                     '& .MuiTreeItem-iconContainer': {
                         width: '50px',
                         height: '50px',
+                        flex: '0 0 auto',
                         margin: 0,
                         padding: 0,
                         display: nodes.children.length !== 0 ? 'flex' : 'none',
@@ -105,8 +108,12 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
                         alignItems: 'center',
                     },
                     '& .MuiTreeItem-label': {
+                        height: '100%',
                         margin: 0,
-                        padding: 0
+                        padding: 0,
+                        flex: '1 1 auto',
+                        display: 'flex',
+                        alignItems: 'center'
                     }
                 },
                 '& .MuiTreeItem-group': {
@@ -129,8 +136,8 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
         <TreeView expanded={expanded}
             onNodeToggle={handleToggle}
             aria-label="rich object"
-            defaultCollapseIcon={<ExpandMoreIcon />}
-            defaultExpandIcon={<ChevronRightIcon />}
+            defaultCollapseIcon={<TriangleDownIcon />}
+            defaultExpandIcon={<TriangleRightIcon />}
             sx={{ width: "100%" }}
         >
             {renderTree(rootNode)}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
index 170b653af..9e5e37266 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
@@ -1,13 +1,13 @@
 import React from 'react';
 
 import { NodeData } from "./NodeData";
-import { CloudSync } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
 import { CommandResultProps } from "../CommandResultView";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
+import { DeployIcon } from '../../../icons/Icons';
 
 export class CommandResultNodeData extends NodeData {
     dumpedTargetYaml?: string
@@ -25,7 +25,7 @@ export class CommandResultNodeData extends NodeData {
     }
 
     buildIcon(): [React.ReactNode, string] {
-        return [<CloudSync fontSize={"large"}/>, "result"]
+        return [<DeployIcon />, "result"]
     }
 
     buildSidePanelTabs(): SidePanelTab[] {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
index 1d33bf8b6..096917f17 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
@@ -2,8 +2,7 @@ import React from 'react';
 
 import { DeploymentItemConfig, DeploymentProjectConfig } from "../../../models";
 import { NodeData } from "./NodeData";
-import { FolderZip } from "@mui/icons-material";
-import { GitIcon } from "../../../icons/Icons";
+import { GitIcon, IncludeIcon } from "../../../icons/Icons";
 import { CommandResultProps } from "../CommandResultView";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
@@ -39,7 +38,7 @@ export class DeploymentItemIncludeNodeData extends NodeData {
         if (this.deploymentItem.git) {
             return [<GitIcon/>, "git"]
         }
-        return [<FolderZip fontSize={"large"}/>, "include"]
+        return [<IncludeIcon />, "include"]
     }
 
     buildSidePanelTabs(): SidePanelTab[] {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
index 55c3d66d4..771c5fdce 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
@@ -1,6 +1,6 @@
 import { ChangedObject, DeploymentError, ObjectRef, ResultObject } from "../../../models";
 import React from "react";
-import { Box, Typography } from "@mui/material";
+import { Box, Divider, Typography } from "@mui/material";
 import { CommandResultProps } from "../CommandResultView";
 import { ChangesTable } from "../ChangesTable";
 import { ErrorsTable } from "../../ErrorsTable";
@@ -123,26 +123,86 @@ export abstract class NodeData implements SidePanelProvider {
         />
     }
 
-    buildTreeItem(): React.ReactNode {
-        const [icon, iconText] = this.buildIcon()
-
-        return <Box>
-            <Box display={"flex"}>
-                <Box display="flex" justifyContent="center" alignItems="center">
-                    <Box display="flex" flexDirection={"column"} alignItems={"center"}>
-                        {icon}
-                        <Typography fontSize={"10px"} color={"gray"}>{iconText}</Typography>
-                    </Box>
-                </Box>
-                <Box display={"flex"} flexDirection={"column"}>
-                    <Box>
-                        {this.buildSidePanelTitle()}<br/>
-                    </Box>
-                    <Box>
-                        {this.buildStatusLine()}
-                    </Box>
-                </Box>
+    buildTreeItem(hasChildren?: boolean): React.ReactNode {
+        const [icon, iconText] = this.buildIcon();
+
+        const hasStatusLine = [
+            this.healthStatus?.errors.length,
+            this.healthStatus?.warnings.length,
+            this.diffStatus?.changedObjects.length,
+            this.diffStatus?.newObjects.length,
+            this.diffStatus?.deletedObjects.length,
+            this.diffStatus?.orphanObjects.length,
+        ].some(x => (x || 0) > 0);
+
+        return <Box
+            display='flex'
+            height='100%'
+            flex='1 1 auto'
+        >
+            <Box
+                display='flex'
+                flexDirection='column'
+                alignItems='center'
+                justifyContent='center'
+                width='30px'
+                height='100%'
+                flex='0 0 auto'
+                mr='13px'
+                sx={{
+                    '& svg': {
+                        width: '30px',
+                        height: '30px'
+                    }
+                }}
+            >
+                {icon}
+                <Typography
+                    variant='subtitle1'
+                    component='div'
+                    fontSize='12px'
+                    fontWeight={400}
+                    lineHeight='16px'
+                    height='16px'
+                >
+                    {iconText}
+                </Typography>
             </Box>
+            <Box
+                display='flex'
+                height='100%'
+                flex='1 1 auto'
+                py='15px'
+            >
+                <Typography
+                    variant='h6'
+                    component='div'
+                    sx={{ wordBreak: 'break-all' }}
+                    {...(hasChildren ? {} : { fontSize: '16px', lineHeight: '22px' })}
+                >
+                    {this.buildSidePanelTitle()}
+                </Typography>
+            </Box>
+            {hasStatusLine && <Box
+                height='100%'
+                width='172px'
+                flex='0 0 auto'
+                display='flex'
+                alignItems='center'
+                px='14px'
+                ml='14px'
+                position='relative'
+            >
+                <Divider
+                    orientation='vertical'
+                    sx={{
+                        height: '40px',
+                        position: 'absolute',
+                        left: 0
+                    }}
+                />
+                {this.buildStatusLine()}
+            </Box>}
         </Box>
     }
 
@@ -153,7 +213,7 @@ export abstract class NodeData implements SidePanelProvider {
     }
 
     buildObjectPage(ref: ObjectRef, objectType: ObjectType): React.ReactNode {
-        return <ObjectYaml treeProps={this.props} objectRef={ref} objectType={objectType}/>
+        return <ObjectYaml treeProps={this.props} objectRef={ref} objectType={objectType} />
     }
 
     buildChangesPage(tabs: { label: string, content: React.ReactNode }[]) {
@@ -162,7 +222,7 @@ export abstract class NodeData implements SidePanelProvider {
         }
         tabs.push({
             label: "Changes",
-            content: <ChangesTable diffStatus={this.diffStatus}/>
+            content: <ChangesTable diffStatus={this.diffStatus} />
         })
     }
 
@@ -172,7 +232,7 @@ export abstract class NodeData implements SidePanelProvider {
         }
         tabs.push({
             label: "Errors",
-            content: <ErrorsTable errors={this.healthStatus.errors}/>
+            content: <ErrorsTable errors={this.healthStatus.errors} />
         })
     }
 
@@ -182,7 +242,7 @@ export abstract class NodeData implements SidePanelProvider {
         }
         tabs.push({
             label: "Warnings",
-            content: <ErrorsTable errors={this.healthStatus.warnings}/>
+            content: <ErrorsTable errors={this.healthStatus.warnings} />
         })
     }
 }
diff --git a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
index 62a5b133f..ec851d53f 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
@@ -3,7 +3,6 @@ import React from 'react';
 import { ObjectRef } from "../../../models";
 import { NodeData } from "./NodeData";
 import {
-    DataObject,
     PublishedWithChanges,
     Settings,
     SettingsEthernet,
@@ -14,12 +13,13 @@ import { PropertiesTable } from "../../PropertiesTable";
 import { findObjectByRef, ObjectType } from "../../../api";
 import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
+import { BracketsCurlyIcon } from '../../../icons/Icons';
 
-const kindMapping: {[key: string]: {icon: SvgIconComponent}} = {
-    "/ConfigMap": {icon: Settings},
-    "apps/Deployment": {icon: PublishedWithChanges},
-    "Service": {icon: SettingsEthernet},
-    "ServiceAccount": {icon: SmartToy}
+const kindMapping: { [key: string]: { icon: SvgIconComponent } } = {
+    "/ConfigMap": { icon: Settings },
+    "apps/Deployment": { icon: PublishedWithChanges },
+    "Service": { icon: SettingsEthernet },
+    "ServiceAccount": { icon: SmartToy }
 }
 
 export class ObjectNodeData extends NodeData {
@@ -40,15 +40,15 @@ export class ObjectNodeData extends NodeData {
 
         const m = kindMapping[this.objectRef.group + "/" + this.objectRef.kind]
         if (m !== undefined) {
-            return [React.createElement(m.icon, {fontSize: "large"}), snStr]
+            return [React.createElement(m.icon, { fontSize: "large" }), snStr]
         }
 
-        return [<DataObject fontSize={"large"}/>, snStr]
+        return [<BracketsCurlyIcon />, snStr]
     }
 
     buildSidePanelTabs(): SidePanelTab[] {
         const tabs = [
-            {label: "Summary", content: this.buildSummaryPage()}
+            { label: "Summary", content: this.buildSummaryPage() }
         ]
 
         this.buildDiffAndHealthPages(tabs)
@@ -58,10 +58,10 @@ export class ObjectNodeData extends NodeData {
         }
 
         if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.remote) {
-            tabs.push({label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote)})
+            tabs.push({ label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote) })
         }
         if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.applied) {
-            tabs.push({label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied)})
+            tabs.push({ label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied) })
         }
 
         return tabs
@@ -74,27 +74,27 @@ export class ObjectNodeData extends NodeData {
         if (this.objectRef.group) {
             apiVersion = this.objectRef.group + "/" + this.objectRef.version
         }
-        props.push({name: "ApiVersion", value: apiVersion})
-        props.push({name: "Kind", value: this.objectRef.kind})
+        props.push({ name: "ApiVersion", value: apiVersion })
+        props.push({ name: "Kind", value: this.objectRef.kind })
 
-        props.push({name: "Name", value: this.objectRef.name})
+        props.push({ name: "Name", value: this.objectRef.name })
         if (this.objectRef.namespace) {
             props.push({ name: "Namespace", value: this.objectRef.namespace })
         }
 
         const o = findObjectByRef(this.props.commandResult.objects, this.objectRef)
-        const annotations: {[key: string]: string} = o?.rendered?.metadata.annotations
+        const annotations: { [key: string]: string } = o?.rendered?.metadata.annotations
         if (annotations) {
             Object.keys(annotations).forEach(k => {
-                    if (k.indexOf("kluctl.io/") !== -1) {
-                        props.push({ name: k, value: annotations[k] })
-                    }
+                if (k.indexOf("kluctl.io/") !== -1) {
+                    props.push({ name: k, value: annotations[k] })
                 }
+            }
             )
         }
 
         return <>
-            <PropertiesTable properties={props}/>
+            <PropertiesTable properties={props} />
         </>
     }
 }
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
index 20af76274..dfa9b5e4d 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
@@ -1,9 +1,9 @@
 import { VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
-import { DataArray } from "@mui/icons-material";
 import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
+import { BracketsSquareIcon } from "../../../icons/Icons";
 
 export class VarsSourceCollectionNodeData extends NodeData {
     varsSources: VarsSource[] = []
@@ -17,7 +17,7 @@ export class VarsSourceCollectionNodeData extends NodeData {
     }
 
     buildIcon(): [React.ReactNode, string] {
-        return [<DataArray fontSize={"large"}/>, "vars"]
+        return [<BracketsSquareIcon />, "vars"]
     }
 
     buildSidePanelTabs(): SidePanelTab[] {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
index 3b5674e5c..e337cd4fd 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
@@ -1,8 +1,8 @@
 import { VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
-import { Category, Cloud, Dvr, Http, Lock, Settings, Source } from "@mui/icons-material";
-import { GitIcon } from "../../../icons/Icons";
+import { Category, Cloud, Dvr, Http, Lock, Settings } from "@mui/icons-material";
+import { FileIcon, GitIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
 import { Box } from "@mui/material";
@@ -59,7 +59,7 @@ export class VarsSourceNodeData extends NodeData {
                 label: () => {
                     return this.varsSource.file
                 },
-                icon: () => <Source fontSize={"large"}/>,
+                icon: () => <FileIcon />,
                 sourceProps: () => [
                     {name: "File", value: this.varsSource.file}
                 ]
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 19227081e..7abba98ce 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -26,6 +26,13 @@ import { ReactComponent as ArrowLeftIconSvg } from './arrow-left.svg';
 import { ReactComponent as WarningSignIconSvg } from './warning-sign.svg';
 import { ReactComponent as ChangesIconSvg } from './changes.svg';
 import { ReactComponent as StarIconSvg } from './star.svg';
+import { ReactComponent as TriangleDownIconSvg } from './triangle-down.svg';
+import { ReactComponent as TriangleRightIconSvg } from './triangle-right.svg';
+import { ReactComponent as BracketsCurlyIconSvg } from './brackets-curly.svg';
+import { ReactComponent as BracketsSquareIconSvg } from './brackets-square.svg';
+import { ReactComponent as FileIconSvg } from './file.svg';
+import { ReactComponent as ResultIconSvg } from './result.svg';
+import { ReactComponent as IncludeIconSvg } from './include.svg';
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -147,3 +154,31 @@ export const ChangesIcon = () => {
 export const StarIcon = () => {
     return <StarIconSvg width="21px" height="21px" />
 }
+
+export const TriangleDownIcon = () => {
+    return <TriangleDownIconSvg width="50px" height="50px" />
+}
+
+export const TriangleRightIcon = () => {
+    return <TriangleRightIconSvg width="50px" height="50px" />
+}
+
+export const BracketsCurlyIcon = () => {
+    return <BracketsCurlyIconSvg width="22px" height="18px" />
+}
+
+export const BracketsSquareIcon = () => {
+    return <BracketsSquareIconSvg width="22px" height="18px" />
+}
+
+export const FileIcon = () => {
+    return <FileIconSvg width="40px" height="40px" />
+}
+
+export const ResultIcon = () => {
+    return <ResultIconSvg width="30px" height="30px" />
+}
+
+export const IncludeIcon = () => {
+    return <IncludeIconSvg width="30px" height="30px" />
+}
diff --git a/pkg/webui/ui/src/icons/brackets-curly.svg b/pkg/webui/ui/src/icons/brackets-curly.svg
new file mode 100644
index 000000000..c0ead2b85
--- /dev/null
+++ b/pkg/webui/ui/src/icons/brackets-curly.svg
@@ -0,0 +1,3 @@
+<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M5.23739 16.24C4.78139 16.24 4.38539 16.156 4.04939 15.988C3.72539 15.82 3.47939 15.568 3.31139 15.232C3.14339 14.908 3.05939 14.518 3.05939 14.062V10.57C3.05939 10.078 2.96939 9.724 2.78939 9.508C2.62139 9.28 2.30939 9.16 1.85339 9.148C1.62539 9.136 1.44539 9.046 1.31339 8.878C1.18139 8.71 1.11539 8.506 1.11539 8.266C1.11539 8.026 1.18139 7.828 1.31339 7.672C1.44539 7.504 1.62539 7.414 1.85339 7.402C2.30939 7.378 2.62139 7.258 2.78939 7.042C2.96939 6.814 3.05939 6.46 3.05939 5.98V2.488C3.05939 1.792 3.24539 1.258 3.61739 0.885999C4.00139 0.501999 4.54139 0.309999 5.23739 0.309999H6.51539C6.79139 0.309999 7.01339 0.393999 7.18139 0.561999C7.36139 0.717999 7.45139 0.915999 7.45139 1.156C7.45139 1.396 7.37939 1.6 7.23539 1.768C7.09139 1.924 6.89939 2.002 6.65939 2.002H6.02939C5.78939 2.002 5.60939 2.068 5.48939 2.2C5.36939 2.332 5.30939 2.53 5.30939 2.794V6.25C5.30939 6.622 5.23139 6.964 5.07539 7.276C4.91939 7.588 4.70939 7.84 4.44539 8.032C4.19339 8.224 3.90539 8.32 3.58139 8.32V8.248C3.90539 8.248 4.19339 8.344 4.44539 8.536C4.70939 8.716 4.91939 8.962 5.07539 9.274C5.23139 9.586 5.30939 9.928 5.30939 10.3V13.756C5.30939 14.02 5.36939 14.218 5.48939 14.35C5.60939 14.482 5.78939 14.548 6.02939 14.548H6.65939C6.89939 14.548 7.09139 14.626 7.23539 14.782C7.37939 14.95 7.45139 15.154 7.45139 15.394C7.45139 15.634 7.36139 15.832 7.18139 15.988C7.01339 16.156 6.79139 16.24 6.51539 16.24H5.23739ZM14.4914 16.24C14.2274 16.24 14.0054 16.156 13.8254 15.988C13.6454 15.832 13.5554 15.634 13.5554 15.394C13.5554 15.154 13.6274 14.95 13.7714 14.782C13.9154 14.626 14.1074 14.548 14.3474 14.548H14.9774C15.2174 14.548 15.3974 14.482 15.5174 14.35C15.6374 14.218 15.6974 14.02 15.6974 13.756V10.3C15.6974 9.928 15.7754 9.586 15.9314 9.274C16.0874 8.962 16.2974 8.71 16.5614 8.518C16.8254 8.326 17.1134 8.23 17.4254 8.23V8.302C17.1134 8.302 16.8254 8.212 16.5614 8.032C16.2974 7.84 16.0874 7.588 15.9314 7.276C15.7754 6.964 15.6974 6.622 15.6974 6.25V2.794C15.6974 2.53 15.6374 2.332 15.5174 2.2C15.3974 2.068 15.2174 2.002 14.9774 2.002H14.3474C14.1074 2.002 13.9154 1.924 13.7714 1.768C13.6274 1.6 13.5554 1.396 13.5554 1.156C13.5554 0.915999 13.6454 0.717999 13.8254 0.561999C14.0054 0.393999 14.2274 0.309999 14.4914 0.309999H15.7694C16.2374 0.309999 16.6334 0.393999 16.9574 0.561999C17.2814 0.729999 17.5274 0.975999 17.6954 1.3C17.8634 1.624 17.9474 2.02 17.9474 2.488V5.98C17.9474 6.46 18.0374 6.814 18.2174 7.042C18.3974 7.258 18.7094 7.378 19.1534 7.402C19.3934 7.414 19.5734 7.504 19.6934 7.672C19.8254 7.84 19.8914 8.044 19.8914 8.284C19.8914 8.512 19.8254 8.71 19.6934 8.878C19.5734 9.046 19.3934 9.136 19.1534 9.148C18.7094 9.16 18.3974 9.28 18.2174 9.508C18.0374 9.724 17.9474 10.078 17.9474 10.57V14.062C17.9474 14.758 17.7554 15.292 17.3714 15.664C16.9994 16.048 16.4654 16.24 15.7694 16.24H14.4914Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/brackets-square.svg b/pkg/webui/ui/src/icons/brackets-square.svg
new file mode 100644
index 000000000..ab82bf02c
--- /dev/null
+++ b/pkg/webui/ui/src/icons/brackets-square.svg
@@ -0,0 +1,3 @@
+<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3.79484 17.8617C3.50151 17.8617 3.24818 17.7617 3.03484 17.5617C2.83484 17.3617 2.73484 17.1151 2.73484 16.8217V1.20172C2.73484 0.895051 2.83484 0.648384 3.03484 0.461718C3.24818 0.261718 3.50151 0.161718 3.79484 0.161718H6.65484C6.96151 0.161718 7.19484 0.255051 7.35484 0.441718C7.52818 0.615051 7.61484 0.835051 7.61484 1.10172C7.61484 1.36838 7.52818 1.59505 7.35484 1.78172C7.19484 1.95505 6.96151 2.04172 6.65484 2.04172H5.23484V15.9817H6.65484C6.96151 15.9817 7.19484 16.0684 7.35484 16.2417C7.52818 16.4284 7.61484 16.6551 7.61484 16.9217C7.61484 17.1884 7.52818 17.4084 7.35484 17.5817C7.19484 17.7684 6.96151 17.8617 6.65484 17.8617H3.79484ZM15.3548 17.8617C15.0615 17.8617 14.8282 17.7684 14.6548 17.5817C14.4815 17.4084 14.3948 17.1884 14.3948 16.9217C14.3948 16.6551 14.4815 16.4284 14.6548 16.2417C14.8282 16.0684 15.0615 15.9817 15.3548 15.9817H16.7748V2.04172H15.3548C15.0615 2.04172 14.8282 1.95505 14.6548 1.78172C14.4815 1.59505 14.3948 1.36838 14.3948 1.10172C14.3948 0.835051 14.4815 0.615051 14.6548 0.441718C14.8282 0.255051 15.0615 0.161718 15.3548 0.161718H18.2148C18.5215 0.161718 18.7748 0.261718 18.9748 0.461718C19.1748 0.648384 19.2748 0.895051 19.2748 1.20172V16.8217C19.2748 17.1151 19.1748 17.3617 18.9748 17.5617C18.7748 17.7617 18.5215 17.8617 18.2148 17.8617H15.3548Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/file.svg b/pkg/webui/ui/src/icons/file.svg
new file mode 100644
index 000000000..698087505
--- /dev/null
+++ b/pkg/webui/ui/src/icons/file.svg
@@ -0,0 +1,5 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M26.9833 3.3335H13.0166C6.94992 3.3335 3.33325 6.95016 3.33325 13.0168V26.9668C3.33325 33.0502 6.94992 36.6668 13.0166 36.6668H26.9666C33.0333 36.6668 36.6499 33.0502 36.6499 26.9835V13.0168C36.6666 6.95016 33.0499 3.3335 26.9833 3.3335Z" fill="#151B33"/>
+<path d="M26.25 16.25H13.75C13.0667 16.25 12.5 15.6833 12.5 15C12.5 14.3167 13.0667 13.75 13.75 13.75H26.25C26.9333 13.75 27.5 14.3167 27.5 15C27.5 15.6833 26.9333 16.25 26.25 16.25Z" fill="#151B33"/>
+<path d="M26.25 26.25H13.75C13.0667 26.25 12.5 25.6833 12.5 25C12.5 24.3167 13.0667 23.75 13.75 23.75H26.25C26.9333 23.75 27.5 24.3167 27.5 25C27.5 25.6833 26.9333 26.25 26.25 26.25Z" fill="#151B33"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/include.svg b/pkg/webui/ui/src/icons/include.svg
new file mode 100644
index 000000000..f17e9d604
--- /dev/null
+++ b/pkg/webui/ui/src/icons/include.svg
@@ -0,0 +1,7 @@
+<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="15" cy="15" r="15" fill="#39403E"/>
+<path d="M21.75 11.25V18.75C21.75 21 20.625 22.5 18 22.5H12C9.375 22.5 8.25 21 8.25 18.75V11.25C8.25 9 9.375 7.5 12 7.5H18C20.625 7.5 21.75 9 21.75 11.25Z" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M16.875 9.375V10.875C16.875 11.7 17.55 12.375 18.375 12.375H19.875" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M12 15.75H15" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M12 18.75H18" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/result.svg b/pkg/webui/ui/src/icons/result.svg
new file mode 100644
index 000000000..013fab63e
--- /dev/null
+++ b/pkg/webui/ui/src/icons/result.svg
@@ -0,0 +1,8 @@
+<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="15" cy="15" r="15" fill="#DFEBE9"/>
+<path d="M12.0825 14.8876C9.96746 15.0376 9.97496 18.1126 12.0825 18.2626H17.085C17.6925 18.2701 18.2775 18.0376 18.7275 17.6326C20.2125 16.3351 19.4175 13.7326 17.4675 13.4851C16.77 9.25507 10.6575 10.8601 12.105 14.8876" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<g opacity="0.4">
+<path d="M7.5 17.25C7.5 20.1525 9.8475 22.5 12.75 22.5L11.9625 21.1875" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M22.5 12.75C22.5 9.8475 20.1525 7.5 17.25 7.5L18.0375 8.8125" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+</svg>
diff --git a/pkg/webui/ui/src/icons/triangle-down.svg b/pkg/webui/ui/src/icons/triangle-down.svg
new file mode 100644
index 000000000..d9c2677ca
--- /dev/null
+++ b/pkg/webui/ui/src/icons/triangle-down.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
+<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/triangle-right.svg b/pkg/webui/ui/src/icons/triangle-right.svg
new file mode 100644
index 000000000..ad10f4ccc
--- /dev/null
+++ b/pkg/webui/ui/src/icons/triangle-right.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none"  transform="rotate(-90)"  xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
+<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
+</svg>

From 653cea0f4f8c214788f07db2d72c99f603103feb Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 3 Jun 2023 03:17:50 +0600
Subject: [PATCH 1139/2268] Result Tree page: Added right drawer.

---
 .../result-view/CommandResultTree.tsx         | 17 ++---------
 .../result-view/CommandResultView.tsx         | 28 +++++++++++++++----
 .../src/components/result-view/SidePanel.tsx  |  2 +-
 3 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index 56c3174b7..58bd404b6 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -45,22 +45,11 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
     };
 
     const handleItemClick = (e: React.SyntheticEvent, node: NodeData) => {
-        setSelectedNodeId(node.id)
-        e.stopPropagation()
+        setSelectedNodeId(node.id);
+        props.onSelectNode(node);
+        e.stopPropagation();
     }
 
-    const onSelectNode = props.onSelectNode
-    useEffect(() => {
-        if (!nodeMap || !selectedNodeId) {
-            return
-        }
-        const node = nodeMap.get(selectedNodeId)
-        if (!node) {
-            setSelectedNodeId(undefined)
-        }
-        onSelectNode(node)
-    }, [nodeMap, selectedNodeId, onSelectNode])
-
     const renderTree = (nodes: NodeData) => {
         if (!FilterNode(nodes, props.activeFilters)) {
             return null
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index b9186b71e..0790dfe13 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,15 +1,16 @@
 import * as React from 'react';
 import { useState } from 'react';
-import { Box, Checkbox, CheckboxProps, Divider, FormControlLabel, Typography } from "@mui/material";
+import { Box, Checkbox, CheckboxProps, Divider, Drawer, FormControlLabel, ThemeProvider, Typography } from "@mui/material";
 import { CommandResult, CommandResultSummary, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
-import { SidePanel } from "./SidePanel";
+import { SidePanel, SidePanelProvider } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useLoaderData } from "react-router-dom";
 import { api } from "../../api";
 import { useAppOutletContext } from "../App";
 import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
+import { dark } from '../theme';
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -83,6 +84,22 @@ const FilterCheckbox = (props: {
     />
 }
 
+function DetailsDrawer(props: { nodeData?: NodeData, onClose?: () => void }) {
+    return <ThemeProvider theme={dark}>
+        <Drawer
+            sx={{ zIndex: 1300 }}
+            anchor={"right"}
+            open={props.nodeData !== undefined}
+            onClose={props.onClose}
+            ModalProps={{ BackdropProps: { invisible: true } }}
+        >
+            <Box width={"720px"} height={"100%"}>
+                <SidePanel provider={props.nodeData} onClose={props.onClose} />
+            </Box>
+        </Drawer>
+    </ThemeProvider>;
+}
+
 const defaultFilters = {
     onlyImportant: false,
     onlyChanged: false,
@@ -116,6 +133,10 @@ export const CommandResultView = () => {
         flexDirection='column'
         overflow='hidden'
     >
+        <DetailsDrawer 
+            nodeData={sidePanelNode}
+            onClose={() => setSidePanelNode(undefined)}
+        />
         <Box display='flex' alignItems='center' minHeight='70px' p='0 40px'>
             <FilterCheckbox
                 text='Only important'
@@ -146,8 +167,5 @@ export const CommandResultView = () => {
                 activeFilters={context.filters}
             />
         </Box>
-        <Box>
-            <SidePanel provider={sidePanelNode} />
-        </Box>
     </Box>
 }
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index bfb5c17b0..049c9ddf1 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -61,7 +61,7 @@ export const SidePanel = (props: SidePanelProps) => {
 
     return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" overflow='hidden'>
         <TabContext value={selectedTab}>
-            <Box height={theme.consts.appBarHeight} display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
+            <Box minHeight={theme.consts.appBarHeight} display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
                 <Box flex='1 1 auto' display='flex' justifyContent='space-between'>
                     <Box flex='1 1 auto' pt='25px' pl='35px'>
                         <Typography variant="h4">

From bdf318a6a795b244cf3735ce4b10d2917ab80ba4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 21:43:35 +0200
Subject: [PATCH 1140/2268] fix: Fix crash in buildDeploymentProjectChildren

---
 pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts b/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
index c3ab9769b..b5bbe43e3 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
+++ b/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
@@ -68,7 +68,9 @@ export class NodeBuilder {
     buildRoot(): [CommandResultNodeData, Map<string, NodeData>] {
         const rootNode = new CommandResultNodeData(this.props, "root")
 
-        this.buildDeploymentProjectChildren(rootNode, this.props.commandResult.deployment!)
+        if (this.props.commandResult.deployment) {
+            this.buildDeploymentProjectChildren(rootNode, this.props.commandResult.deployment)
+        }
 
         if (this.deletedObjectsMap.size) {
             this.buildDeletedOrOrphanNode(rootNode, true, Array.from(this.deletedObjectsMap.values()))

From c6fd95dd9d9746d8870e4bb9cfff55e9d4d9c6a3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 21:46:05 +0200
Subject: [PATCH 1141/2268] fix: Use ./ as homepage

---
 pkg/webui/staticbuilder.go | 11 -----------
 pkg/webui/ui/package.json  |  2 +-
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index fd7f95726..7cb3aad78 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -1,7 +1,6 @@
 package webui
 
 import (
-	"bytes"
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
@@ -115,16 +114,6 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
-	indexHtml, err := os.ReadFile(filepath.Join(tmpDir, "index.html"))
-	if err != nil {
-		return err
-	}
-	indexHtml = bytes.ReplaceAll(indexHtml, []byte("/webui/"), []byte("./"))
-	err = os.WriteFile(filepath.Join(tmpDir, "index.html"), indexHtml, 0)
-	if err != nil {
-		return err
-	}
-
 	staticbuildJsBytes, err := os.ReadFile(filepath.Join(tmpDir, "staticbuild.js"))
 	if err != nil {
 		return err
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index e658c5ed9..68d21f982 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "react-demo",
   "version": "0.1.0",
-  "homepage": "/",
+  "homepage": "./",
   "private": true,
   "proxy": "http://localhost:8080",
   "dependencies": {

From 3ebb6c0e87780b11f1967ddad42b76f29c33da3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 5 Jun 2023 23:41:10 +0200
Subject: [PATCH 1142/2268] fix: update models.ts

---
 .../components/result-view/CommandResultStatusLine.tsx    | 4 ++--
 pkg/webui/ui/src/models.ts                                | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index 4794f31ae..8187e6f9e 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -49,8 +49,8 @@ export const StatusLine = (props: StatusLineProps) => {
 }
 
 export const CommandResultStatusLine = (props: { rs: CommandResultSummary }) => {
-    return <StatusLine errors={props.rs.errors}
-        warnings={props.rs.warnings}
+    return <StatusLine errors={props.rs.errors?.length}
+        warnings={props.rs.warnings?.length}
         changedObjects={props.rs.changedObjects}
         newObjects={props.rs.newObjects}
         deletedObjects={props.rs.deletedObjects}
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 2aa413ce5..8e420682d 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -677,8 +677,8 @@ export class CommandResultSummary {
     changedObjects: number;
     orphanObjects: number;
     deletedObjects: number;
-    errors: number;
-    warnings: number;
+    errors: DeploymentError[];
+    warnings: DeploymentError[];
     totalChanges: number;
 
     constructor(source: any = {}) {
@@ -698,8 +698,8 @@ export class CommandResultSummary {
         this.changedObjects = source["changedObjects"];
         this.orphanObjects = source["orphanObjects"];
         this.deletedObjects = source["deletedObjects"];
-        this.errors = source["errors"];
-        this.warnings = source["warnings"];
+        this.errors = this.convertValues(source["errors"], DeploymentError);
+        this.warnings = this.convertValues(source["warnings"], DeploymentError);
         this.totalChanges = source["totalChanges"];
     }
 

From a9ba551a99834f72f13cc642b1b0965ec1742223 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Jun 2023 16:39:43 +0200
Subject: [PATCH 1143/2268] feat: Add support for reconcile/deploy now

---
 pkg/webui/clusteraccessor.go                  | 18 +++++-
 pkg/webui/server.go                           | 62 +++++++++++++++++++
 pkg/webui/ui/src/api.tsx                      | 42 ++++++++++---
 .../src/components/targets-view/Targets.tsx   | 34 +++++++++-
 4 files changed, 145 insertions(+), 11 deletions(-)

diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
index fe83386f2..1e44dcdbb 100644
--- a/pkg/webui/clusteraccessor.go
+++ b/pkg/webui/clusteraccessor.go
@@ -2,8 +2,11 @@ package webui
 
 import (
 	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sync"
@@ -61,8 +64,19 @@ func (ca *clusterAccessor) initClient() {
 }
 
 func (ca *clusterAccessor) tryInitClient() error {
-	var err error
-	c, err := client.New(ca.config, client.Options{})
+	scheme := runtime.NewScheme()
+	err := clientgoscheme.AddToScheme(scheme)
+	if err != nil {
+		return err
+	}
+	err = kluctlv1.AddToScheme(scheme)
+	if err != nil {
+		return err
+	}
+
+	c, err := client.New(ca.config, client.Options{
+		Scheme: scheme,
+	})
 	if err != nil {
 		return err
 	}
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 8d854718b..90523fba0 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/gin-gonic/gin"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -11,11 +12,17 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io/fs"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/rest"
 	"net"
 	"net/http"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
+const webuiManager = "kluctl-webui"
+
 type CommandResultsServer struct {
 	ctx       context.Context
 	collector *results.ResultsCollector
@@ -85,6 +92,8 @@ func (s *CommandResultsServer) Run(port int) error {
 	api.GET("/getResult", s.getResult)
 	api.GET("/getResultObject", s.getResultObject)
 	api.POST("/validateNow", s.validateNow)
+	api.POST("/reconcileNow", s.reconcileNow)
+	api.POST("/deployNow", s.deployNow)
 
 	address := fmt.Sprintf(":%d", port)
 	listener, err := net.Listen("tcp", address)
@@ -302,3 +311,56 @@ func (s *CommandResultsServer) validateNow(c *gin.Context) {
 
 	c.Status(http.StatusOK)
 }
+
+type kluctlDeploymentParam struct {
+	Cluster   string `json:"cluster"`
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
+}
+
+func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, avalue string) {
+	var params kluctlDeploymentParam
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	ca := s.cam.getForClusterId(params.Cluster)
+	if ca == nil {
+		_ = c.AbortWithError(http.StatusNotFound, err)
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+
+	var kd kluctlv1.KluctlDeployment
+	err = ca.getClient().Get(ctx, client.ObjectKey{Name: params.Name, Namespace: params.Namespace}, &kd)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			_ = c.AbortWithError(http.StatusNotFound, err)
+			return
+		}
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+
+	patch := client.MergeFrom(kd.DeepCopy())
+	metav1.SetMetaDataAnnotation(&kd.ObjectMeta, aname, avalue)
+	err = ca.getClient().Patch(ctx, &kd, patch, client.FieldOwner(webuiManager))
+	if err != nil {
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+
+	c.Status(http.StatusOK)
+}
+
+func (s *CommandResultsServer) reconcileNow(c *gin.Context) {
+	s.doSetAnnotation(c, kluctlv1.KluctlRequestReconcileAnnotation, time.Now().Format(time.RFC3339Nano))
+}
+
+func (s *CommandResultsServer) deployNow(c *gin.Context) {
+	s.doSetAnnotation(c, kluctlv1.KluctlRequestDeployAnnotation, time.Now().Format(time.RFC3339Nano))
+}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 173f2a42d..5b4ea4678 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -31,6 +31,8 @@ export interface Api {
     getResult(resultId: string): Promise<CommandResult>
     getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response>
+    reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
+    deployNow(cluster: string, name: string, namespace: string): Promise<Response>
 }
 
 class RealApi implements Api {
@@ -80,22 +82,40 @@ class RealApi implements Api {
             .then(response => response.json());
     }
 
-    async validateNow(project: ProjectKey, target: TargetKey) {
-        const key = {
-            "project": project,
-            "target": target,
-        }
-
-        let url = `${apiUrl}/validateNow`
+    async doPost(f: string, body: any) {
+        let url = `${apiUrl}/${f}`
         return fetch(url, {
             method: "POST",
-            body: JSON.stringify(key),
+            body: JSON.stringify(body),
             headers: {
                 'Accept': 'application/json',
                 'Content-Type': 'application/json'
             },
         }).then(handleErrors);
     }
+
+    async validateNow(project: ProjectKey, target: TargetKey) {
+        return this.doPost("validateNow", {
+            "project": project,
+            "target": target,
+        })
+    }
+
+    async deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        return this.doPost("deployNow", {
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
+        })
+    }
+
+    async reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        return this.doPost("reconcileNow", {
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
+        })
+    }
 }
 
 class StaticApi implements Api {
@@ -143,6 +163,12 @@ class StaticApi implements Api {
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
         throw new Error("not implemented")
     }
+    reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        throw new Error("not implemented")
+    }
+    deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        throw new Error("not implemented")
+    }
 }
 
 export let api: Api
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index d6f891c37..607b1ade6 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -1,4 +1,4 @@
-import { ProjectSummary, TargetSummary } from "../../models";
+import { KluctlDeploymentInfo, ProjectSummary, TargetSummary } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import Paper from "@mui/material/Paper";
 import { Box, Typography, useTheme } from "@mui/material";
@@ -62,6 +62,38 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
         }
     })
 
+    let kd: KluctlDeploymentInfo | undefined
+    let allKdEqual = true
+    props.ts.commandResults?.forEach(rs => {
+        console.log(rs)
+        if (rs.commandInfo.kluctlDeployment) {
+            if (!kd) {
+                kd = rs.commandInfo.kluctlDeployment
+            } else {
+                if (kd.name !== rs.commandInfo.kluctlDeployment.name || kd.namespace !== rs.commandInfo.kluctlDeployment.namespace) {
+                    allKdEqual = false
+                }
+            }
+        }
+    })
+
+    if (kd && allKdEqual) {
+        actionMenuItems.push({
+            icon: <PublishedWithChanges />,
+            text: "Reconcile",
+            handler: () => {
+                api.reconcileNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+            }
+        })
+        actionMenuItems.push({
+            icon: <PublishedWithChanges />,
+            text: "Deploy",
+            handler: () => {
+                api.deployNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+            }
+        })
+    }
+
     const allContexts: string[] = []
 
     const handleContext = (c?: string) => {

From a253a129720e0ebfa8405c090acd5c0c9d559557 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Jun 2023 16:39:49 +0200
Subject: [PATCH 1144/2268] fix: Update models.ts

---
 pkg/webui/ui/src/models.ts | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 8e420682d..d0eed1881 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -410,15 +410,11 @@ export class GitInfo {
 export class KluctlDeploymentInfo {
     name: string;
     namespace: string;
-    gitUrl: string;
-    gitRef: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.name = source["name"];
         this.namespace = source["namespace"];
-        this.gitUrl = source["gitUrl"];
-        this.gitRef = source["gitRef"];
     }
 }
 export class CommandInfo {

From 29196a8a397449db892b69fc27b581e20dbd5973 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Jun 2023 21:49:50 +0200
Subject: [PATCH 1145/2268] feat: Determine static build by looking for
 existence of projects.js

---
 pkg/webui/ui/public/staticbuild.js            |  1 -
 pkg/webui/ui/src/api.tsx                      | 23 +++++++++++++------
 pkg/webui/ui/src/components/ObjectYaml.tsx    | 12 ++++++----
 .../result-view/CommandResultView.tsx         |  3 ++-
 .../CommandResultDetailsDrawer.tsx            |  3 ++-
 .../src/components/targets-view/Targets.tsx   | 12 ++++++----
 .../components/targets-view/TargetsView.tsx   |  3 ++-
 pkg/webui/ui/src/staticbuild.d.ts             |  2 --
 8 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/pkg/webui/ui/public/staticbuild.js b/pkg/webui/ui/public/staticbuild.js
index a653e44b6..af1b72ec3 100644
--- a/pkg/webui/ui/public/staticbuild.js
+++ b/pkg/webui/ui/public/staticbuild.js
@@ -1,2 +1 @@
-let isStaticBuild = true;
 const staticResults = new Map()
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 5b4ea4678..6e29ca97c 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -35,6 +35,22 @@ export interface Api {
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
 }
 
+let apiPromise: Promise<any> | undefined = undefined
+export async function getApi(): Promise<Api> {
+    if (!apiPromise) {
+        apiPromise = loadScript(staticPath + "/projects.js")
+    }
+
+    try {
+        await apiPromise
+        return new StaticApi()
+    } catch (error) {
+        return new RealApi()
+    }
+}
+
+export let api = getApi()
+
 class RealApi implements Api {
     async getShortNames(): Promise<ShortName[]> {
         let url = `${apiUrl}/getShortNames`
@@ -171,13 +187,6 @@ class StaticApi implements Api {
     }
 }
 
-export let api: Api
-if (isStaticBuild) {
-    api = new StaticApi()
-} else {
-    api = new RealApi()
-}
-
 function handleErrors(response: Response) {
     if (!response.ok) {
         throw Error(response.statusText)
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 11f50f428..2d3fee8fe 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -1,6 +1,6 @@
 import { CommandResultProps } from "./result-view/CommandResultView";
 import { ObjectRef } from "../models";
-import { api, ObjectType, usePromise } from "../api";
+import { getApi, ObjectType, usePromise } from "../api";
 import React, { Suspense, useEffect, useState } from "react";
 import { CodeViewer } from "./CodeViewer";
 
@@ -10,10 +10,14 @@ import { Loading } from "./Loading";
 export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType}) => {
     const [promise, setPromise] = useState<Promise<string>>()
 
+    const getData = async () => {
+        const api = await getApi()
+        const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+        return yaml.dump(o)
+    }
+
     useEffect(() => {
-        const p = api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
-            .then(yaml.dump)
-        setPromise(p)
+        setPromise(getData())
     }, [props.treeProps, props.objectRef, props.objectType])
 
     const Content = () => {
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 0790dfe13..c1e8ffd96 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -7,10 +7,10 @@ import { SidePanel, SidePanelProvider } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useLoaderData } from "react-router-dom";
-import { api } from "../../api";
 import { useAppOutletContext } from "../App";
 import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 import { dark } from '../theme';
+import { getApi } from "../../api";
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -19,6 +19,7 @@ export interface CommandResultProps {
 }
 
 export async function commandResultLoader({ params }: any) {
+    const api = await getApi()
     const result = api.getResult(params.id)
     const shortNames = api.getShortNames()
     const summaries = api.listResults()
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index 5820d9dab..a7c7f7705 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,5 +1,5 @@
 import { CommandResultSummary } from "../../models";
-import { api, usePromise } from "../../api";
+import { getApi, usePromise } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import React, { Suspense, useEffect, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
@@ -9,6 +9,7 @@ import { Loading } from "../Loading";
 import { dark } from "../theme";
 
 async function doGetRootNode(rs: CommandResultSummary) {
+    const api = await getApi()
     const shortNames = api.getShortNames()
     const r = api.getResult(rs.id)
     const builder = new NodeBuilder({
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 607b1ade6..530874065 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -5,7 +5,7 @@ import { Box, Typography, useTheme } from "@mui/material";
 import React from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
-import { api } from "../../api";
+import { getApi } from "../../api";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
@@ -57,7 +57,8 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
     actionMenuItems.push({
         icon: <PublishedWithChanges />,
         text: "Validate now",
-        handler: () => {
+        handler: async () => {
+            const api = await getApi()
             api.validateNow(props.ps.project, props.ts.target)
         }
     })
@@ -65,7 +66,6 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
     let kd: KluctlDeploymentInfo | undefined
     let allKdEqual = true
     props.ts.commandResults?.forEach(rs => {
-        console.log(rs)
         if (rs.commandInfo.kluctlDeployment) {
             if (!kd) {
                 kd = rs.commandInfo.kluctlDeployment
@@ -81,14 +81,16 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
             text: "Reconcile",
-            handler: () => {
+            handler: async () => {
+                const api = await getApi()
                 api.reconcileNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
             text: "Deploy",
-            handler: () => {
+            handler: async () => {
+                const api = await getApi()
                 api.deployNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
             }
         })
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 52178ed7f..3a71b9fa8 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -3,7 +3,7 @@ import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../model
 import { Box, BoxProps, Typography, useTheme } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { useAppOutletContext } from "../App";
-import { api } from "../../api";
+import { getApi } from "../../api";
 import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
@@ -19,6 +19,7 @@ const cardHeight = 126;
 const cardGap = 20;
 
 export async function projectsLoader() {
+    const api = await getApi()
     const projects = await api.listProjects()
     return projects
 }
diff --git a/pkg/webui/ui/src/staticbuild.d.ts b/pkg/webui/ui/src/staticbuild.d.ts
index 511b2c96a..f8d60218d 100644
--- a/pkg/webui/ui/src/staticbuild.d.ts
+++ b/pkg/webui/ui/src/staticbuild.d.ts
@@ -1,5 +1,3 @@
-declare var isStaticBuild: bool;
-
 declare const staticResults: Map<string, any>;
 
 declare const staticShortNames: any[];

From 5ce0efa13822f8392ff3e79e2b596d4dc3ddb019 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Wed, 7 Jun 2023 06:20:57 +0600
Subject: [PATCH 1146/2268] WIP expanding/collapsing nodes.

---
 .../ui/src/components/targets-view/Card.tsx   |  24 +++
 .../CommandResultDetailsDrawer.tsx            |  47 +++++-
 .../targets-view/CommandResultItem.tsx        |   2 +-
 .../components/targets-view/TargetsView.tsx   | 151 +++++++++++-------
 4 files changed, 159 insertions(+), 65 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/Card.tsx

diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
new file mode 100644
index 000000000..5c550fc9e
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -0,0 +1,24 @@
+import { Box, BoxProps } from "@mui/material"
+
+export const cardWidth = 247;
+export const projectCardHeight = 80;
+export const cardHeight = 126;
+export const cardGap = 20;
+
+export function Card({ children, ...rest }: BoxProps) {
+    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...rest}>
+        {children}
+    </Box>
+}
+
+export function CardCol({ children, ...rest }: BoxProps) {
+    return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...rest}>
+        {children}
+    </Box>
+}
+
+export function CardRow({ children, ...rest }: BoxProps) {
+    return <Box display='flex' gap={`${cardGap}px`} {...rest}>
+        {children}
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index a7c7f7705..e5d997038 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,12 +1,16 @@
-import { CommandResultSummary } from "../../models";
+import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
 import { getApi, usePromise } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import React, { Suspense, useEffect, useState } from "react";
+import { Suspense, useEffect, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
 import { SidePanel } from "../result-view/SidePanel";
 import { Box, Drawer, ThemeProvider } from "@mui/material";
 import { Loading } from "../Loading";
-import { dark } from "../theme";
+import { dark, light } from "../theme";
+import { Card, CardCol } from "./Card";
+import { CommandResultItem } from "./CommandResultItem";
+
+const sidePanelWidth = 720;
 
 async function doGetRootNode(rs: CommandResultSummary) {
     const api = await getApi()
@@ -21,7 +25,7 @@ async function doGetRootNode(rs: CommandResultSummary) {
     return node
 }
 
-export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, onClose: () => void }) => {
+export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, ts?: TargetSummary, ps?: ProjectSummary, onClose: () => void }) => {
     const [prevId, setPrevId] = useState<string>()
     const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined))
 
@@ -34,26 +38,55 @@ export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, o
         }
         setPrevId(props.rs.id)
         setPromise(doGetRootNode(props.rs))
-    }, [props.rs])
+    }, [props.rs, prevId])
 
     const Content = (props: { onClose: () => void }) => {
         const node = usePromise(promise)
         return <SidePanel provider={node} onClose={props.onClose} />
     }
 
+    const { ps, ts } = props;
+
     return <ThemeProvider theme={dark}>
         <Drawer
             sx={{ zIndex: 1300 }}
             anchor={"right"}
             open={props.rs !== undefined}
             onClose={props.onClose}
-            ModalProps={{ BackdropProps: { invisible: true } }}
         >
-            <Box width={"720px"} height={"100%"}>
+            <Box width={sidePanelWidth} height={"100%"}>
                 <Suspense fallback={<Loading />}>
                     <Content onClose={props.onClose} />
                 </Suspense>
             </Box>
+            <ThemeProvider theme={light}>
+                <Box
+                    sx={{
+                        position: 'fixed',
+                        top: 0,
+                        bottom: 0,
+                        left: 0,
+                        right: sidePanelWidth,
+                        padding: '30px',
+                        overflow: 'auto',
+                        display: 'flex',
+                        justifyContent: 'center'
+                    }}
+                >
+                    <CardCol>
+                        {ps && ts?.commandResults?.map((rs, i) => {
+                            return <Card key={i} >
+                                <CommandResultItem
+                                    ps={ps}
+                                    ts={ts}
+                                    rs={rs}
+                                    onSelectCommandResult={() => { }}
+                                />
+                            </Card>
+                        })}
+                    </CardCol>
+                </Box>
+            </ThemeProvider>
         </Drawer>
     </ThemeProvider>
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 8812d8181..937768958 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -9,7 +9,7 @@ import { useNavigate } from "react-router";
 import { formatDurationShort } from "../../utils/duration";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 
-export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs?: CommandResultSummary) => void }) => {
+export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs: CommandResultSummary) => void }) => {
     const calcAgo = () => {
         const t1 = new Date(props.rs.commandInfo.startTime)
         const t2 = new Date()
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 3a71b9fa8..2d37a3f7a 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,6 +1,6 @@
 import { useLoaderData } from "react-router-dom";
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { Box, BoxProps, Typography, useTheme } from "@mui/material";
+import { Box, Typography, useTheme } from "@mui/material";
 import React, { useEffect, useState } from "react";
 import { useAppOutletContext } from "../App";
 import { getApi } from "../../api";
@@ -10,13 +10,12 @@ import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
-import { RelationHLine } from "../../icons/Icons";
+import { Card, CardCol, CardRow, cardGap, cardHeight, cardWidth, projectCardHeight } from "./Card";
 
-const colWidth = 433;
-const cardWidth = 247;
-const projectCardHeight = 80;
-const cardHeight = 126;
-const cardGap = 20;
+const colWidth = 416;
+const curveRadius = 12;
+const circleRadius = 5;
+const strokeWidth = 2;
 
 export async function projectsLoader() {
     const api = await getApi()
@@ -44,31 +43,21 @@ function ColHeader({ children }: { children: React.ReactNode }) {
     </Box>
 }
 
-function Card({ children, ...rest }: BoxProps) {
-    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...rest}>
-        {children}
-    </Box>
-}
-
-function CardCol({ children, ...rest }: BoxProps) {
-    return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...rest}>
-        {children}
-    </Box>
-}
-
-function CardRow({ children, ...rest }: BoxProps) {
-    return <Box display='flex' gap={`${cardGap}px`} {...rest}>
-        {children}
-    </Box>
-}
+const Circle = React.memo((props: React.SVGProps<SVGCircleElement>) => {
+    const theme = useTheme();
+    return <circle
+        r={circleRadius}
+        fill={theme.palette.background.default}
+        stroke={theme.palette.secondary.main}
+        strokeWidth={strokeWidth}
+        {...props}
+    />
+})
 
 const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
     const theme = useTheme();
     const height = targetCount * cardHeight + (targetCount - 1) * cardGap
-    const width = 169;
-    const curveRadius = 12;
-    const circleRadius = 5;
-    const strokeWidth = 2;
+    const width = 152;
 
     if (targetCount <= 0) {
         return null;
@@ -124,33 +113,26 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
                     strokeLinecap='round'
                     strokeLinejoin='round'
                 />,
-                <circle
+                <Circle
                     key={`circle-${i}`}
                     cx={width - circleRadius - strokeWidth / 2}
                     cy={cy}
-                    r={circleRadius}
-                    fill={theme.palette.background.default}
-                    stroke={theme.palette.secondary.main}
-                    strokeWidth={strokeWidth}
                 />
             ]
         })}
-        <circle
+        <Circle
             key='circle-root'
             cx={circleRadius + strokeWidth / 2}
             cy={rootCenterY}
-            r={circleRadius}
-            fill={theme.palette.background.default}
-            stroke={theme.palette.secondary.main}
-            strokeWidth={strokeWidth}
         />
     </svg>
 });
 
 export const TargetsView = () => {
+    const theme = useTheme();
     const context = useAppOutletContext()
-    const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary>()
-    const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary>()
+    const [selectedCommandResult, setSelectedCommandResult] = useState<{rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary} | undefined>();
+    const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
 
     const projects = useLoaderData() as ProjectSummary[];
 
@@ -158,18 +140,26 @@ export const TargetsView = () => {
         context.setFilters(undefined)
     })
 
-    const doSetSelectedCommandResult = (rs?: CommandResultSummary) => {
-        setSelectedCommandResult(rs)
-        setSelectedTargetSummary(undefined)
+    const doSetSelectedCommandResult = (o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
+        setSelectedCommandResult(o);
+        setSelectedTargetSummary(undefined);
     }
     const doSetSelectedTargetSummary = (ts?: TargetSummary) => {
-        setSelectedCommandResult(undefined)
-        setSelectedTargetSummary(ts)
+        setSelectedCommandResult(undefined);
+        setSelectedTargetSummary(ts);
     }
 
-    return <Box width={"max-content"} p='0 40px'>
-        <CommandResultDetailsDrawer rs={selectedCommandResult} onClose={() => setSelectedCommandResult(undefined)} />
-        <TargetDetailsDrawer ts={selectedTargetSummary} onClose={() => setSelectedTargetSummary(undefined)} />
+    return <Box minWidth={colWidth * 3} p='0 40px'>
+        <CommandResultDetailsDrawer
+            rs={selectedCommandResult?.rs}
+            ts={selectedCommandResult?.ts}
+            ps={selectedCommandResult?.ps}
+            onClose={() => doSetSelectedCommandResult(undefined)}
+        />
+        <TargetDetailsDrawer
+            ts={selectedTargetSummary}
+            onClose={() => setSelectedTargetSummary(undefined)}
+        />
         <Box display={"flex"} alignItems={"center"} height='70px'>
             <ColHeader>Projects</ColHeader>
             <ColHeader>Targets</ColHeader>
@@ -179,7 +169,7 @@ export const TargetsView = () => {
         {projects.map((ps, i) => {
             return <Box key={i}>
                 <Box key={i} display={"flex"} alignItems={"center"} margin='40px 0'>
-                    <Box display='flex' alignItems='center' width={colWidth}>
+                    <Box display='flex' alignItems='center' width={colWidth} flex='0 0 auto'>
                         <Card height={projectCardHeight}>
                             <ProjectItem ps={ps} />
                         </Card>
@@ -194,27 +184,74 @@ export const TargetsView = () => {
                         </Box>
                     </Box>
 
-                    <CardCol width={colWidth}>
+                    <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
                             return <Box key={i} display='flex'>
                                 <Card>
                                     <TargetItem ps={ps} ts={ts}
                                         onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)} />
                                 </Card>
-                                <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center'>
-                                    <RelationHLine />
+                                <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
+                                    <svg
+                                        xmlns='http://www.w3.org/2000/svg'
+                                        fill='none'
+                                        style={{
+                                            height: `${2 * circleRadius + strokeWidth}`,
+                                            width: '100%'
+                                        }}
+                                    >
+                                        <svg
+                                            viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
+                                            fill='none'
+                                            preserveAspectRatio='none'
+                                        >
+                                            <path
+                                                d={`
+                                                  M ${circleRadius + strokeWidth / 2} ${circleRadius + strokeWidth / 2}
+                                                  H ${100 - circleRadius - strokeWidth / 2}
+                                                `}
+                                                stroke={theme.palette.secondary.main}
+                                                strokeWidth={strokeWidth}
+                                            />
+                                        </svg>
+                                        <svg
+                                            viewBox={`0 0 ${2 * circleRadius + strokeWidth} ${2 * circleRadius + strokeWidth}`}
+                                            fill='none'
+                                            x={`calc(-50% + ${circleRadius + strokeWidth / 2}px)`}
+                                        >
+                                            <Circle cx='50%' cy='50%' />
+                                        </svg>
+                                        <svg
+                                            viewBox={`0 0 ${2 * circleRadius + strokeWidth} ${2 * circleRadius + strokeWidth}`}
+                                            fill='none'
+                                            x={`calc(50% - ${circleRadius + strokeWidth / 2}px)`}
+                                        >
+                                            <Circle cx={circleRadius + strokeWidth / 2} cy={circleRadius + strokeWidth / 2} />
+                                        </svg>
+                                    </svg>
                                 </Box>
                             </Box>
                         })}
                     </CardCol>
 
-                    <CardCol>
+                    <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <CardRow key={i}>
+                            return <CardRow key={i} height={cardHeight}>
                                 {ts.commandResults?.map((rs, i) => {
-                                    return <Card key={i}>
-                                        <CommandResultItem ps={ps} ts={ts} rs={rs}
-                                            onSelectCommandResult={(rs) => doSetSelectedCommandResult(rs)} />
+                                    return <Card
+                                        key={i}
+                                        sx={{
+                                            translate: i === 0 ? 'none' : `-${i * (cardWidth + cardGap / 2)}px`,
+                                            zIndex: -i,
+                                            display: i < 4 ? 'flex' : 'none'
+                                        }}
+                                    >
+                                        <CommandResultItem
+                                            ps={ps}
+                                            ts={ts}
+                                            rs={rs}
+                                            onSelectCommandResult={(rs) => doSetSelectedCommandResult({rs, ts, ps})}
+                                        />
                                     </Card>
                                 })}
                             </CardRow>

From 1c5419fc5405a4a26b421ce5999b24f825becdbe Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 8 Jun 2023 05:06:24 +0600
Subject: [PATCH 1147/2268] Added card selection when card stack is expanded.

---
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  17 +--
 .../CommandResultDetailsDrawer.tsx            | 124 ++++++++++--------
 .../targets-view/CommandResultItem.tsx        |  32 +++--
 .../targets-view/TargetDetailsDrawer.tsx      |   8 +-
 .../components/targets-view/TargetsView.tsx   |  23 +++-
 pkg/webui/ui/src/components/theme.ts          |  20 ++-
 6 files changed, 135 insertions(+), 89 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 62cacf4a5..5bd0db728 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -17,11 +17,8 @@ import { KluctlLogo, TargetsIcon, KluctlText, SearchIcon, ArrowLeftIcon } from '
 import { dark } from './theme';
 import { Typography } from '@mui/material';
 
-const drawerWidthOpen = 224;
-const drawerWidthClosed = 96;
-
 const openedMixin = (theme: Theme): CSSObject => ({
-    width: drawerWidthOpen,
+    width: theme.consts.leftDrawerWidthOpen,
     transition: theme.transitions.create('width', {
         easing: theme.transitions.easing.sharp,
         duration: theme.transitions.duration.enteringScreen,
@@ -35,7 +32,7 @@ const closedMixin = (theme: Theme): CSSObject => ({
         duration: theme.transitions.duration.leavingScreen,
     }),
     overflowX: 'hidden',
-    width: drawerWidthClosed,
+    width: theme.consts.leftDrawerWidthClosed,
 });
 
 const DrawerHeader = styled('div')(({ theme }) => ({
@@ -57,17 +54,17 @@ const AppBar = styled(MuiAppBar, {
     boxShadow: 'none',
     background: 'transparent',
     padding: '40px 40px 0 40px',
-    marginLeft: drawerWidthClosed,
+    marginLeft: theme.consts.leftDrawerWidthClosed,
     justifyContent: 'space-between',
-    width: `calc(100% - ${drawerWidthClosed}px)`,
+    width: `calc(100% - ${theme.consts.leftDrawerWidthClosed}px)`,
     zIndex: theme.zIndex.drawer + 1,
     transition: theme.transitions.create(['width', 'margin'], {
         easing: theme.transitions.easing.sharp,
         duration: theme.transitions.duration.leavingScreen,
     }),
     ...(open && {
-        marginLeft: drawerWidthOpen,
-        width: `calc(100% - ${drawerWidthOpen}px)`,
+        marginLeft: theme.consts.leftDrawerWidthOpen,
+        width: `calc(100% - ${theme.consts.leftDrawerWidthOpen}px)`,
         transition: theme.transitions.create(['width', 'margin'], {
             easing: theme.transitions.easing.sharp,
             duration: theme.transitions.duration.enteringScreen,
@@ -77,7 +74,7 @@ const AppBar = styled(MuiAppBar, {
 
 const Drawer = styled(MuiDrawer, { shouldForwardProp: (prop) => prop !== 'open' })(
     ({ theme, open }) => ({
-        width: drawerWidthOpen,
+        width: theme.consts.leftDrawerWidthOpen,
         flexShrink: 0,
         whiteSpace: 'nowrap',
         boxSizing: 'border-box',
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index e5d997038..37c3e11a9 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -4,11 +4,12 @@ import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { Suspense, useEffect, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
 import { SidePanel } from "../result-view/SidePanel";
-import { Box, Drawer, ThemeProvider } from "@mui/material";
+import { Box, Drawer, ThemeProvider, useTheme } from "@mui/material";
 import { Loading } from "../Loading";
-import { dark, light } from "../theme";
+import { dark } from "../theme";
 import { Card, CardCol } from "./Card";
 import { CommandResultItem } from "./CommandResultItem";
+import React from "react";
 
 const sidePanelWidth = 720;
 
@@ -25,68 +26,81 @@ async function doGetRootNode(rs: CommandResultSummary) {
     return node
 }
 
-export const CommandResultDetailsDrawer = (props: { rs?: CommandResultSummary, ts?: TargetSummary, ps?: ProjectSummary, onClose: () => void }) => {
-    const [prevId, setPrevId] = useState<string>()
-    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined))
+export const CommandResultDetailsDrawer = React.memo((props: {
+    rs?: CommandResultSummary,
+    ts?: TargetSummary,
+    ps?: ProjectSummary,
+    onClose: () => void
+}) => {
+    const { ps, ts } = props;
+    const theme = useTheme();
+    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined));
+    const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary | undefined>();
+    const [prevTargetSummary, setPrevTargetSummary] = useState<TargetSummary | undefined>(ts);
+
+    if (prevTargetSummary !== ts) {
+        setPrevTargetSummary(ts);
+        setSelectedCommandResult(ts?.commandResults?.[0]);
+    }
 
     useEffect(() => {
-        if (props.rs === undefined) {
-            return
-        }
-        if (props.rs.id === prevId) {
+        if (selectedCommandResult === undefined) {
             return
         }
-        setPrevId(props.rs.id)
-        setPromise(doGetRootNode(props.rs))
-    }, [props.rs, prevId])
+        setPromise(doGetRootNode(selectedCommandResult));
+    }, [selectedCommandResult])
 
     const Content = (props: { onClose: () => void }) => {
         const node = usePromise(promise)
         return <SidePanel provider={node} onClose={props.onClose} />
     }
 
-    const { ps, ts } = props;
-
-    return <ThemeProvider theme={dark}>
-        <Drawer
-            sx={{ zIndex: 1300 }}
-            anchor={"right"}
-            open={props.rs !== undefined}
-            onClose={props.onClose}
-        >
-            <Box width={sidePanelWidth} height={"100%"}>
-                <Suspense fallback={<Loading />}>
-                    <Content onClose={props.onClose} />
-                </Suspense>
+    return <>
+        {ps && ts &&
+            <Box
+                sx={{
+                    position: 'fixed',
+                    top: 0,
+                    bottom: 0,
+                    right: sidePanelWidth,
+                    width: `calc(100% - ${sidePanelWidth}px)`,
+                    overflow: 'auto',
+                    display: 'flex',
+                    flexDirection: 'column',
+                    alignItems: 'center',
+                    padding: '25px 0',
+                    zIndex: theme.zIndex.modal + 1
+                }}
+                onClick={props.onClose}
+            >
+                <CardCol onClick={(e) => e.stopPropagation()} flexGrow={1} justifyContent='center'>
+                    {ts.commandResults?.map((rs, i) => {
+                        return <Card key={i}>
+                            <CommandResultItem
+                                ps={ps}
+                                ts={ts}
+                                rs={rs}
+                                onSelectCommandResult={setSelectedCommandResult}
+                                selected={rs === selectedCommandResult}
+                            />
+                        </Card>
+                    })}
+                </CardCol>
             </Box>
-            <ThemeProvider theme={light}>
-                <Box
-                    sx={{
-                        position: 'fixed',
-                        top: 0,
-                        bottom: 0,
-                        left: 0,
-                        right: sidePanelWidth,
-                        padding: '30px',
-                        overflow: 'auto',
-                        display: 'flex',
-                        justifyContent: 'center'
-                    }}
-                >
-                    <CardCol>
-                        {ps && ts?.commandResults?.map((rs, i) => {
-                            return <Card key={i} >
-                                <CommandResultItem
-                                    ps={ps}
-                                    ts={ts}
-                                    rs={rs}
-                                    onSelectCommandResult={() => { }}
-                                />
-                            </Card>
-                        })}
-                    </CardCol>
+        }
+        <ThemeProvider theme={dark}>
+            <Drawer
+                sx={{ zIndex: 1300 }}
+                anchor={"right"}
+                open={props.rs !== undefined}
+                onClose={props.onClose}
+            >
+                <Box width={sidePanelWidth} height={"100%"}>
+                    <Suspense fallback={<Loading />}>
+                        <Content onClose={props.onClose} />
+                    </Suspense>
                 </Box>
-            </ThemeProvider>
-        </Drawer>
-    </ThemeProvider>
-}
\ No newline at end of file
+            </Drawer>
+        </ThemeProvider>
+    </>
+});
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 937768958..bf3ff6a52 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,3 +1,4 @@
+import React from "react";
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
 import { useEffect, useMemo, useState } from "react";
 import * as yaml from "js-yaml";
@@ -9,16 +10,22 @@ import { useNavigate } from "react-router";
 import { formatDurationShort } from "../../utils/duration";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 
-export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary, onSelectCommandResult: (rs: CommandResultSummary) => void }) => {
-    const calcAgo = () => {
-        const t1 = new Date(props.rs.commandInfo.startTime)
-        const t2 = new Date()
-        const d = t2.getTime() - t1.getTime()
-        return formatDurationShort(d)
-    }
+const calcAgo = (startTime: string) => {
+    const t1 = new Date(startTime)
+    const t2 = new Date()
+    const d = t2.getTime() - t1.getTime()
+    return formatDurationShort(d)
+}
 
+export const CommandResultItem = React.memo((props: { 
+    ps: ProjectSummary, 
+    ts: TargetSummary, 
+    rs: CommandResultSummary, 
+    onSelectCommandResult: (rs: CommandResultSummary) => void,
+    selected?: boolean;
+}) => {
     const navigate = useNavigate()
-    const [ago, setAgo] = useState(calcAgo())
+    const [ago, setAgo] = useState(calcAgo(props.rs.commandInfo.startTime))
 
     let Icon: () => JSX.Element = DiffIcon
     switch (props.rs.commandInfo?.command) {
@@ -45,9 +52,9 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
     let iconTooltip = <CodeViewer code={cmdInfoYaml} language={"yaml"} />
 
     useEffect(() => {
-        const interval = setInterval(() => setAgo(calcAgo()), 5000);
+        const interval = setInterval(() => setAgo(calcAgo(props.rs.commandInfo.startTime)), 5000);
         return () => clearInterval(interval);
-    }, [])
+    }, [props.rs.commandInfo.startTime])
 
     return <Paper
         elevation={5}
@@ -57,7 +64,8 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
             borderRadius: '12px',
             border: '1px solid #59A588',
             boxShadow: '4px 4px 10px #1E617A',
-            padding: '20px 16px 5px 16px'
+            padding: '20px 16px 5px 16px',
+            outline: props.selected ? '8px solid #59A588' : 'none'
         }}
         onClick={e => props.onSelectCommandResult(props.rs)}
     >
@@ -116,4 +124,4 @@ export const CommandResultItem = (props: { ps: ProjectSummary, ts: TargetSummary
             </Box>
         </Box>
     </Paper>
-}
\ No newline at end of file
+});
diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
index 874779b74..b3d45a96b 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
@@ -95,18 +95,18 @@ class MyProvider implements SidePanelProvider {
     }
 }
 
-export const TargetDetailsDrawer = (props: { ts?: TargetSummary, onClose: () => void }) => {
+export const TargetDetailsDrawer = React.memo((props: { ts?: TargetSummary, onClose: () => void }) => {
     return <ThemeProvider theme={dark}>
         <Drawer
             sx={{ zIndex: 1300 }}
             anchor={"right"}
             open={props.ts !== undefined}
             onClose={props.onClose}
-            ModalProps={{ BackdropProps: { invisible: true }}}
+            ModalProps={{ BackdropProps: { invisible: true } }}
         >
             <Box width={"382px"} height={"100%"}>
-                <SidePanel provider={new MyProvider(props.ts)} onClose={props.onClose}/>
+                <SidePanel provider={new MyProvider(props.ts)} onClose={props.onClose} />
             </Box>
         </Drawer>
     </ThemeProvider>;
-}
\ No newline at end of file
+});
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 2d37a3f7a..f480f39f9 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,7 +1,7 @@
 import { useLoaderData } from "react-router-dom";
 import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useEffect, useState } from "react";
+import React, { useCallback, useEffect, useState } from "react";
 import { useAppOutletContext } from "../App";
 import { getApi } from "../../api";
 import { ProjectItem } from "./Projects";
@@ -140,25 +140,34 @@ export const TargetsView = () => {
         context.setFilters(undefined)
     })
 
-    const doSetSelectedCommandResult = (o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
+    const doSetSelectedCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
         setSelectedCommandResult(o);
         setSelectedTargetSummary(undefined);
-    }
-    const doSetSelectedTargetSummary = (ts?: TargetSummary) => {
+    }, []);
+
+    const doSetSelectedTargetSummary = useCallback((ts?: TargetSummary) => {
         setSelectedCommandResult(undefined);
         setSelectedTargetSummary(ts);
-    }
+    }, []);
+
+    const onCommandResultDetailsDrawerClose = useCallback(() => {
+        doSetSelectedCommandResult(undefined);
+    }, [doSetSelectedCommandResult]);
+
+    const onTargetDetailsDrawerClose = useCallback(() => {
+        setSelectedTargetSummary(undefined);
+    }, [setSelectedTargetSummary]);
 
     return <Box minWidth={colWidth * 3} p='0 40px'>
         <CommandResultDetailsDrawer
             rs={selectedCommandResult?.rs}
             ts={selectedCommandResult?.ts}
             ps={selectedCommandResult?.ps}
-            onClose={() => doSetSelectedCommandResult(undefined)}
+            onClose={onCommandResultDetailsDrawerClose}
         />
         <TargetDetailsDrawer
             ts={selectedTargetSummary}
-            onClose={() => setSelectedTargetSummary(undefined)}
+            onClose={onTargetDetailsDrawerClose}
         />
         <Box display={"flex"} alignItems={"center"} height='70px'>
             <ColHeader>Projects</ColHeader>
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index 14680cd0a..701d20a15 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -17,22 +17,40 @@ declare module '@mui/material/styles' {
     interface Theme {
         consts: {
             appBarHeight: number;
+            leftDrawerWidthOpen: number;
+            leftDrawerWidthClosed: number;
         };
     }
     // allow configuration using `createTheme`
     interface ThemeOptions {
         consts?: {
             appBarHeight?: number;
+            leftDrawerWidthOpen?: number;
+            leftDrawerWidthClosed?: number;
         };
     }
 }
 
 export const common = createTheme({
     consts: {
-        appBarHeight: 106
+        appBarHeight: 106,
+        leftDrawerWidthOpen: 224,
+        leftDrawerWidthClosed: 96
     },
     typography: {
         fontFamily: 'Nunito Variable',
+    },
+    components: {
+        MuiBackdrop: {
+            styleOverrides: {
+                root: {
+                    backgroundColor: 'rgba(0, 0, 0, 0.65)'
+                },
+                invisible: {
+                    backgroundColor: 'transparent'
+                }
+            }
+        }
     }
 });
 

From 12662156a12448467d0eacacf4c712e571e2200f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Jun 2023 22:20:06 +0200
Subject: [PATCH 1148/2268] refactor: Remove unused
 TargetSummary/ProjectSummary

---
 pkg/types/result/summary.go               | 55 -----------------------
 pkg/types/result/zz_generated.deepcopy.go | 55 -----------------------
 2 files changed, 110 deletions(-)

diff --git a/pkg/types/result/summary.go b/pkg/types/result/summary.go
index dc4c38b74..3ad691bcd 100644
--- a/pkg/types/result/summary.go
+++ b/pkg/types/result/summary.go
@@ -2,7 +2,6 @@ package result
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"sort"
 )
 
 type CommandResultSummary struct {
@@ -30,19 +29,6 @@ type CommandResultSummary struct {
 	TotalChanges int `json:"totalChanges"`
 }
 
-type TargetSummary struct {
-	Target TargetKey `json:"target"`
-
-	LastValidateResult *ValidateResult        `json:"lastValidateResult,omitempty"`
-	CommandResults     []CommandResultSummary `json:"commandResults,omitempty"`
-}
-
-type ProjectSummary struct {
-	Project ProjectKey `json:"project"`
-
-	Targets []*TargetSummary `json:"targets"`
-}
-
 func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 	if cr == nil {
 		return nil
@@ -82,44 +68,3 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 	}
 	return ret
 }
-
-func BuildProjectSummaries(summaries []CommandResultSummary) []*ProjectSummary {
-	m := map[ProjectKey]*ProjectSummary{}
-	for _, rs := range summaries {
-		p, ok := m[rs.ProjectKey]
-		if !ok {
-			p = &ProjectSummary{Project: rs.ProjectKey}
-			m[rs.ProjectKey] = p
-		}
-
-		var target *TargetSummary
-		for i, t := range p.Targets {
-			if t.Target == rs.TargetKey {
-				target = p.Targets[i]
-				break
-			}
-		}
-		if target == nil {
-			target = &TargetSummary{
-				Target: rs.TargetKey,
-			}
-			p.Targets = append(p.Targets, target)
-		}
-
-		target.CommandResults = append(target.CommandResults, rs)
-	}
-
-	ret := make([]*ProjectSummary, 0, len(m))
-	for _, p := range m {
-		sort.Slice(p.Targets, func(i, j int) bool {
-			return p.Targets[i].Target.Less(p.Targets[j].Target)
-		})
-		ret = append(ret, p)
-	}
-
-	sort.Slice(ret, func(i, j int) bool {
-		return ret[i].Project.Less(ret[j].Project)
-	})
-
-	return ret
-}
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index a461c0278..3c35c8174 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -372,33 +372,6 @@ func (in *ProjectKey) DeepCopy() *ProjectKey {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectSummary) DeepCopyInto(out *ProjectSummary) {
-	*out = *in
-	out.Project = in.Project
-	if in.Targets != nil {
-		in, out := &in.Targets, &out.Targets
-		*out = make([]*TargetSummary, len(*in))
-		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(TargetSummary)
-				(*in).DeepCopyInto(*out)
-			}
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSummary.
-func (in *ProjectSummary) DeepCopy() *ProjectSummary {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectSummary)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ResultObject) DeepCopyInto(out *ResultObject) {
 	*out = *in
@@ -442,34 +415,6 @@ func (in *TargetKey) DeepCopy() *TargetKey {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TargetSummary) DeepCopyInto(out *TargetSummary) {
-	*out = *in
-	out.Target = in.Target
-	if in.LastValidateResult != nil {
-		in, out := &in.LastValidateResult, &out.LastValidateResult
-		*out = new(ValidateResult)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.CommandResults != nil {
-		in, out := &in.CommandResults, &out.CommandResults
-		*out = make([]CommandResultSummary, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSummary.
-func (in *TargetSummary) DeepCopy() *TargetSummary {
-	if in == nil {
-		return nil
-	}
-	out := new(TargetSummary)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
 	*out = *in

From da2c7bc518fb0b443a32a8c08c7d7c6fe4769fb3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Jun 2023 22:21:51 +0200
Subject: [PATCH 1149/2268] fix: Use proper keys

---
 pkg/webui/ui/src/components/targets-view/TargetsView.tsx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index f480f39f9..f0d2a073c 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -176,8 +176,8 @@ export const TargetsView = () => {
         </Box>
         <Divider />
         {projects.map((ps, i) => {
-            return <Box key={i}>
-                <Box key={i} display={"flex"} alignItems={"center"} margin='40px 0'>
+            return <Box key={JSON.stringify(ps.project)}>
+                <Box display={"flex"} alignItems={"center"} margin='40px 0'>
                     <Box display='flex' alignItems='center' width={colWidth} flex='0 0 auto'>
                         <Card height={projectCardHeight}>
                             <ProjectItem ps={ps} />
@@ -195,7 +195,7 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={i} display='flex'>
+                            return <Box key={JSON.stringify(ts.target)} display='flex'>
                                 <Card>
                                     <TargetItem ps={ps} ts={ts}
                                         onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)} />
@@ -245,7 +245,7 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <CardRow key={i} height={cardHeight}>
+                            return <CardRow key={JSON.stringify(ts.target)} height={cardHeight}>
                                 {ts.commandResults?.map((rs, i) => {
                                     return <Card
                                         key={i}

From e92c3e4bf7ac027005af86ea303f7b0710babc9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 8 Jun 2023 22:26:54 +0200
Subject: [PATCH 1150/2268] feat: Use websockets to get updates for summaries
 and validation results

---
 go.mod                                        |   1 +
 go.sum                                        |  16 ++
 pkg/webui/generate-ts/main.go                 |   3 +-
 pkg/webui/server.go                           |  92 +++-------
 pkg/webui/staticbuilder.go                    |  13 --
 pkg/webui/ui/src/api.tsx                      | 160 ++++++++++++++----
 pkg/webui/ui/src/components/App.tsx           |  85 +++++++++-
 pkg/webui/ui/src/components/ObjectYaml.tsx    |   3 +-
 pkg/webui/ui/src/components/Router.tsx        |   3 +-
 .../result-view/CommandResultTree.tsx         |   2 +-
 .../result-view/CommandResultView.tsx         |   7 +-
 .../CommandResultDetailsDrawer.tsx            |   6 +-
 .../targets-view/CommandResultItem.tsx        |   7 +-
 .../src/components/targets-view/Projects.tsx  |   2 +-
 .../targets-view/TargetDetailsDrawer.tsx      |   2 +-
 .../src/components/targets-view/Targets.tsx   |  14 +-
 .../components/targets-view/TargetsView.tsx   |  24 +--
 pkg/webui/ui/src/models.ts                    |  65 ++-----
 pkg/webui/ui/src/project-summaries.ts         |  77 +++++++++
 pkg/webui/validator.go                        | 118 ++++++++-----
 pkg/webui/websocket.go                        | 108 ++++++++++++
 21 files changed, 549 insertions(+), 259 deletions(-)
 create mode 100644 pkg/webui/ui/src/project-summaries.ts
 create mode 100644 pkg/webui/websocket.go

diff --git a/go.mod b/go.mod
index 4fa6e6eff..d79fdb2ba 100644
--- a/go.mod
+++ b/go.mod
@@ -259,6 +259,7 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	k8s.io/kubectl v0.27.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	nhooyr.io/websocket v1.8.7 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 992fed9f8..7e2749e3d 100644
--- a/go.sum
+++ b/go.sum
@@ -280,6 +280,7 @@ github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
 github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
@@ -318,11 +319,15 @@ github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTr
 github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
 github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@@ -338,6 +343,9 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
 github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -447,6 +455,7 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -532,6 +541,7 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -546,6 +556,7 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
@@ -574,6 +585,7 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -829,6 +841,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
@@ -1390,6 +1404,8 @@ k8s.io/kubectl v0.27.1 h1:9T5c5KdpburYiW8XKQSH0Uly1kMNE90aGSnbYUZNdcA=
 k8s.io/kubectl v0.27.1/go.mod h1:QsAkSmrRsKTPlAFzF8kODGDl4p35BIwQnc9XFhkcsy8=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
+nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index 23a26e7ee..591a4b819 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -14,10 +14,11 @@ func main() {
 	converter := typescriptify.New().
 		WithBackupDir("").
 		Add(result.CommandResult{}).
-		Add(result.ProjectSummary{}).
 		Add(result.CommandResultSummary{}).
+		Add(result.ValidateResult{}).
 		Add(webui.ShortName{}).
 		Add(uo.UnstructuredObject{}).
+		Add(webui.ProjectTargetKey{}).
 		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.GitRepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.YamlUrl{}, typescriptify.TypeOptions{TSType: "string"}).
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 90523fba0..bd49f200d 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -7,7 +7,6 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -87,13 +86,13 @@ func (s *CommandResultsServer) Run(port int) error {
 
 	api := router.Group("/api")
 	api.GET("/getShortNames", s.getShortNames)
-	api.GET("/listProjects", s.listProjects)
-	api.GET("/listResults", s.listResults)
 	api.GET("/getResult", s.getResult)
+	api.GET("/getResultSummary", s.getResultSummary)
 	api.GET("/getResultObject", s.getResultObject)
 	api.POST("/validateNow", s.validateNow)
 	api.POST("/reconcileNow", s.reconcileNow)
 	api.POST("/deployNow", s.deployNow)
+	api.Any("/ws", s.ws)
 
 	address := fmt.Sprintf(":%d", port)
 	listener, err := net.Listen("tcp", address)
@@ -116,67 +115,6 @@ func (s *CommandResultsServer) getShortNames(c *gin.Context) {
 	c.JSON(http.StatusOK, GetShortNames())
 }
 
-func (s *CommandResultsServer) listResults(c *gin.Context) {
-	args := struct {
-		FilterProject string `form:"filterProject"`
-		FilterSubDir  string `form:"filterSubDir"`
-	}{}
-	err := c.BindQuery(&args)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	var filter *result.ProjectKey
-	if args.FilterProject != "" {
-		filter = &result.ProjectKey{
-			GitRepoKey: repoKey,
-			SubDir:     args.FilterSubDir,
-		}
-	}
-
-	summaries, err := s.collector.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{
-		ProjectFilter: filter,
-	})
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, summaries)
-}
-
-func (s *CommandResultsServer) listProjects(c *gin.Context) {
-	summaries, err := s.collector.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	projects := result.BuildProjectSummaries(summaries)
-
-	for _, p := range projects {
-		for _, t := range p.Targets {
-			key := projectTargetKey{
-				Project: p.Project,
-				Target:  t.Target,
-			}
-			vr, err := s.vam.getValidateResult(key)
-			if err == nil {
-				t.LastValidateResult = vr
-			}
-		}
-	}
-
-	c.JSON(http.StatusOK, projects)
-}
-
 type resultIdParam struct {
 	ResultId string `form:"resultId"`
 }
@@ -226,6 +164,28 @@ func (s *CommandResultsServer) getResult(c *gin.Context) {
 	c.JSON(http.StatusOK, sr)
 }
 
+func (s *CommandResultsServer) getResultSummary(c *gin.Context) {
+	var params resultIdParam
+
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	sr, err := s.collector.GetCommandResultSummary(params.ResultId)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	if sr == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	c.JSON(http.StatusOK, sr)
+}
+
 func (s *CommandResultsServer) getResultObject(c *gin.Context) {
 	var params resultIdParam
 	var ref refParam
@@ -292,14 +252,14 @@ func (s *CommandResultsServer) getResultObject(c *gin.Context) {
 }
 
 func (s *CommandResultsServer) validateNow(c *gin.Context) {
-	var params projectTargetKey
+	var params ProjectTargetKey
 	err := c.Bind(&params)
 	if err != nil {
 		_ = c.AbortWithError(http.StatusBadRequest, err)
 		return
 	}
 
-	key := projectTargetKey{
+	key := ProjectTargetKey{
 		Project: params.Project,
 		Target:  params.Target,
 	}
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index 7cb3aad78..142b5f148 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
@@ -35,8 +34,6 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
-	projects := result.BuildProjectSummaries(summaries)
-
 	err = os.MkdirAll(filepath.Join(tmpDir, "staticdata"), 0o700)
 	if err != nil {
 		return err
@@ -89,16 +86,6 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
-	j, err = yaml.WriteJsonString(projects)
-	if err != nil {
-		return err
-	}
-	j = `const staticProjects=` + j
-	err = os.WriteFile(filepath.Join(tmpDir, "staticdata/projects.js"), []byte(j), 0o600)
-	if err != nil {
-		return err
-	}
-
 	j, err = yaml.WriteJsonString(GetShortNames())
 	if err != nil {
 		return err
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 6e29ca97c..150c4223f 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -3,7 +3,6 @@ import {
     CommandResultSummary,
     ObjectRef,
     ProjectKey,
-    ProjectSummary,
     ResultObject,
     ShortName,
     TargetKey
@@ -14,6 +13,7 @@ import { Box, Typography } from "@mui/material";
 import Tooltip from "@mui/material/Tooltip";
 import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
+import { sleep } from "./utils/misc";
 
 const apiUrl = "/api"
 const staticPath = "./staticdata"
@@ -26,30 +26,66 @@ export enum ObjectType {
 
 export interface Api {
     getShortNames(): Promise<ShortName[]>
-    listProjects(): Promise<ProjectSummary[]>
-    listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]>
+    listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
     getResult(resultId: string): Promise<CommandResult>
+    getResultSummary(resultId: string): Promise<CommandResultSummary>
     getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response>
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
 }
 
-let apiPromise: Promise<any> | undefined = undefined
-export async function getApi(): Promise<Api> {
-    if (!apiPromise) {
-        apiPromise = loadScript(staticPath + "/projects.js")
+class RealOrStaticApi implements Api {
+    api: Promise<Api>
+
+    constructor() {
+        this.api = this.buildApi()
+    }
+
+    async buildApi(): Promise<Api> {
+        const p = loadScript(staticPath + "/summaries.js")
+        try {
+            await p
+            return new StaticApi()
+        } catch (error) {
+            return new RealApi()
+        }
+    }
+
+    async deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        return (await this.api).deployNow(cluster, name, namespace)
+    }
+
+    async getResult(resultId: string): Promise<CommandResult> {
+        return (await this.api).getResult(resultId)
+    }
+
+    async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
+        return (await this.api).getResultObject(resultId, ref, objectType)
+    }
+
+    async getResultSummary(resultId: string): Promise<CommandResultSummary> {
+        return (await this.api).getResultSummary(resultId)
     }
 
-    try {
-        await apiPromise
-        return new StaticApi()
-    } catch (error) {
-        return new RealApi()
+    async getShortNames(): Promise<ShortName[]> {
+        return (await this.api).getShortNames()
+    }
+
+    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
+        return (await this.api).listenUpdates(filterProject, filterSubDir, handle)
+    }
+
+    async reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        return (await this.api).reconcileNow(cluster, name, namespace)
+    }
+
+    async validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
+        return (await this.api).validateNow(project, target)
     }
 }
 
-export let api = getApi()
+export const api = new RealOrStaticApi()
 
 class RealApi implements Api {
     async getShortNames(): Promise<ShortName[]> {
@@ -59,15 +95,12 @@ class RealApi implements Api {
             .then((response) => response.json());
     }
 
-    async listProjects(): Promise<ProjectSummary[]> {
-        let url = `${apiUrl}/listProjects`
-        return fetch(url)
-            .then(handleErrors)
-            .then((response) => response.json());
-    }
-
-    async listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]> {
-        let url = `${apiUrl}/listResults`
+    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
+        let host = window.location.host
+        if (process.env.NODE_ENV === 'development') {
+            host = "localhost:9090"
+        }
+        let url = `ws://${host}${apiUrl}/ws`
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)
@@ -76,9 +109,44 @@ class RealApi implements Api {
             params.set("filterSubDir", filterSubDir)
         }
         url += "?" + params.toString()
-        return fetch(url)
-            .then(handleErrors)
-            .then((response) => response.json());
+
+        let ws: WebSocket | undefined;
+        let cancelled = false
+
+        const connect = () => {
+            if (cancelled) {
+                return
+            }
+
+            console.log("ws connect: " + url)
+            ws = new WebSocket(url);
+            ws.onopen = function () {
+                console.log("ws connected")
+            }
+            ws.onclose = function (event) {
+                console.log("ws close")
+                if (!cancelled) {
+                    sleep(5000).then(connect)
+                }
+            }
+            ws.onmessage = function (event: MessageEvent) {
+                if (cancelled) {
+                    return
+                }
+                const msg = JSON.parse(event.data)
+                handle(msg)
+            }
+        }
+
+        connect()
+
+        return () => {
+            console.log("ws cancel")
+            cancelled = true
+            if (ws) {
+                ws.close()
+            }
+        }
     }
 
     async getResult(resultId: string) {
@@ -91,6 +159,16 @@ class RealApi implements Api {
             });
     }
 
+    async getResultSummary(resultId: string) {
+        let url = `${apiUrl}/getResultSummary?resultId=${resultId}`
+        return fetch(url)
+            .then(handleErrors)
+            .then(response => response.text())
+            .then(json => {
+                return new CommandResultSummary(json)
+            });
+    }
+
     async getResultObject(resultId: string, ref: ObjectRef, objectType: string) {
         let url = `${apiUrl}/getResultObject?resultId=${resultId}&${buildRefParams(ref)}&objectType=${objectType}`
         return fetch(url)
@@ -139,26 +217,36 @@ class StaticApi implements Api {
         await loadScript(staticPath + "/shortnames.js")
         return staticShortNames
     }
-    async listProjects(): Promise<ProjectSummary[]> {
-        await loadScript(staticPath + "/projects.js")
-        return staticProjects
-    }
-    async listResults(filterProject?: string, filterSubDir?: string): Promise<CommandResultSummary[]> {
+
+    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
         await loadScript(staticPath + "/summaries.js")
-        return staticSummaries.filter(s => {
-            if (filterProject && filterProject != s.project.normalizedGitUrl) {
-                return false
+
+        staticSummaries.forEach(rs => {
+            if (filterProject && filterProject != rs.project.normalizedGitUrl) {
+                return
             }
-            if (filterSubDir && filterSubDir != s.project.subDir) {
-                return false
+            if (filterSubDir && filterSubDir != rs.project.subDir) {
+                return
             }
-            return true
+            handle({
+                "type": "update_summary",
+                "summary": rs,
+            })
         })
+        return () => {
+        }
     }
+
     async getResult(resultId: string): Promise<CommandResult> {
         await loadScript(staticPath + `/result-${resultId}.js`)
         return staticResults.get(resultId)
     }
+    async getResultSummary(resultId: string): Promise<CommandResultSummary> {
+        await loadScript(staticPath + "/summaries.js")
+        return staticSummaries.filter(s => {
+            return s.id == resultId
+        }).at(0)
+    }
     async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
         const result = await this.getResult(resultId)
         const object = result.objects?.find(x => _.isEqual(x.ref, ref))
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 7c326111b..3c6fa4a20 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,4 @@
-import React, { Dispatch, SetStateAction, useState } from 'react';
+import React, { createContext, Dispatch, SetStateAction, useCallback, useEffect, useMemo, useState } from 'react';
 
 import '../index.css';
 import { Box, ThemeProvider } from "@mui/material";
@@ -6,30 +6,99 @@ import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
 import { light } from './theme';
 import { ActiveFilters } from './result-view/NodeStatusFilter';
+import { CommandResultSummary, ProjectTargetKey, ValidateResult } from "../models";
+import { api } from "../api";
+import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
 
 export interface AppOutletContext {
     filters?: ActiveFilters
     setFilters: Dispatch<SetStateAction<ActiveFilters | undefined>>
 }
-
 export function useAppOutletContext(): AppOutletContext {
     return useOutletContext<AppOutletContext>()
 }
 
+export interface AppContextProps {
+    summaries: Map<string, CommandResultSummary>
+    projects: ProjectSummary[]
+    validateResults: Map<string, ValidateResult>
+}
+export const AppContext = createContext<AppContextProps>({
+    summaries: new Map(),
+    projects: [],
+    validateResults: new Map(),
+});
+
 const App = () => {
+    let [summaries, setSummaries] = useState<Map<string, CommandResultSummary>>(new Map())
+    let [validateResults, setValidateResults] = useState<Map<string, ValidateResult>>(new Map())
     const [filters, setFilters] = useState<ActiveFilters>()
 
-    const context: AppOutletContext = {
+    const updateSummary = (rs: CommandResultSummary) => {
+        console.log("update_summary", rs.id, rs.commandInfo.startTime)
+        summaries.set(rs.id, rs)
+        summaries = new Map(summaries)
+        setSummaries(summaries)
+    }
+
+    const deleteSummary = (id: string) => {
+        console.log("delete_summary", id)
+        summaries.delete(id)
+        summaries = new Map(summaries)
+        setSummaries(summaries)
+    }
+
+    const updateValidateResult = (key: ProjectTargetKey, vr: ValidateResult) => {
+        console.log("validate_result", key)
+        validateResults.set(JSON.stringify(key), vr)
+        validateResults = new Map(validateResults)
+        setValidateResults(validateResults)
+    }
+
+    useEffect(() => {
+        console.log("starting listenResults")
+        const cancel = api.listenUpdates(undefined, undefined, msg => {
+            switch(msg.type) {
+                case "update_summary":
+                    updateSummary(msg.summary)
+                    break
+                case "delete_summary":
+                    deleteSummary(msg.id)
+                    break
+                case "validate_result":
+                    updateValidateResult(msg.key, msg.result)
+                    break
+            }
+        })
+        return () => {
+            console.log("cancel listenResults")
+            cancel.then(c => c())
+        }
+    }, [])
+
+    const projects = useMemo(() => {
+        return buildProjectSummaries(summaries, validateResults)
+    }, [summaries, validateResults])
+
+    const appContext = {
+        summaries: summaries,
+        projects: projects,
+        validateResults: validateResults,
+    }
+
+    const outletContext: AppOutletContext = {
         filters: filters,
         setFilters: setFilters,
     }
 
     return (
-        <ThemeProvider theme={light}>
-            <Box width={"100%"} height={"100%"}>
-                <LeftDrawer content={<Outlet context={context} />} context={context} />
-            </Box>
-        </ThemeProvider>
+        <AppContext.Provider value={appContext}>
+            <ThemeProvider theme={light}>
+                <Box width={"100%"} height={"100%"}>
+                    <LeftDrawer content={<Outlet context={outletContext}/>} context={outletContext}/>
+                </Box>
+            </ThemeProvider>
+        </AppContext.Provider>
     );
 };
 
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 2d3fee8fe..cf4c9ebc1 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -1,6 +1,6 @@
 import { CommandResultProps } from "./result-view/CommandResultView";
 import { ObjectRef } from "../models";
-import { getApi, ObjectType, usePromise } from "../api";
+import { api, ObjectType, usePromise } from "../api";
 import React, { Suspense, useEffect, useState } from "react";
 import { CodeViewer } from "./CodeViewer";
 
@@ -11,7 +11,6 @@ export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: Obj
     const [promise, setPromise] = useState<Promise<string>>()
 
     const getData = async () => {
-        const api = await getApi()
         const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
         return yaml.dump(o)
     }
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 0c908fdb7..a08c8abd5 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,7 +1,7 @@
 import { createHashRouter, useRouteError } from "react-router-dom";
 import React from "react";
 import App from "./App";
-import { projectsLoader, TargetsView } from "./targets-view/TargetsView";
+import { TargetsView } from "./targets-view/TargetsView";
 import { commandResultLoader, CommandResultView } from "./result-view/CommandResultView";
 
 function ErrorPage() {
@@ -27,7 +27,6 @@ export const Router = createHashRouter([
             {
                 path: "targets",
                 element: <TargetsView/>,
-                loader: projectsLoader,
                 errorElement: <ErrorPage/>,
             },
             {
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index 58bd404b6..eead2b7fa 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -1,5 +1,5 @@
 import * as React from 'react';
-import { useEffect, useMemo, useState } from 'react';
+import { useMemo, useState } from 'react';
 import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
 import { NodeBuilder } from "./nodes/NodeBuilder";
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index c1e8ffd96..d5a02d6c7 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -10,7 +10,7 @@ import { useLoaderData } from "react-router-dom";
 import { useAppOutletContext } from "../App";
 import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 import { dark } from '../theme';
-import { getApi } from "../../api";
+import { api } from "../../api";
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -19,14 +19,13 @@ export interface CommandResultProps {
 }
 
 export async function commandResultLoader({ params }: any) {
-    const api = await getApi()
     const result = api.getResult(params.id)
     const shortNames = api.getShortNames()
-    const summaries = api.listResults()
+    const rs = api.getResult(params.id)
 
     return {
         shortNames: await shortNames,
-        summary: (await summaries).find(x => x.id === params.id),
+        summary: await rs,
         commandResult: await result,
     }
 }
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index 37c3e11a9..ee83051a1 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,5 +1,5 @@
-import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
-import { getApi, usePromise } from "../../api";
+import { CommandResultSummary } from "../../models";
+import { api, usePromise } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { Suspense, useEffect, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
@@ -10,11 +10,11 @@ import { dark } from "../theme";
 import { Card, CardCol } from "./Card";
 import { CommandResultItem } from "./CommandResultItem";
 import React from "react";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
 
 const sidePanelWidth = 720;
 
 async function doGetRootNode(rs: CommandResultSummary) {
-    const api = await getApi()
     const shortNames = api.getShortNames()
     const r = api.getResult(rs.id)
     const builder = new NodeBuilder({
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index bf3ff6a52..f4b400e7f 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,5 +1,5 @@
 import React from "react";
-import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
+import { CommandResultSummary } from "../../models";
 import { useEffect, useMemo, useState } from "react";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
@@ -9,6 +9,7 @@ import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine"
 import { useNavigate } from "react-router";
 import { formatDurationShort } from "../../utils/duration";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
 
 const calcAgo = (startTime: string) => {
     const t1 = new Date(startTime)
@@ -18,8 +19,8 @@ const calcAgo = (startTime: string) => {
 }
 
 export const CommandResultItem = React.memo((props: { 
-    ps: ProjectSummary, 
-    ts: TargetSummary, 
+    ps: ProjectSummary,
+    ts: TargetSummary,
     rs: CommandResultSummary, 
     onSelectCommandResult: (rs: CommandResultSummary) => void,
     selected?: boolean;
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
index c5ebb34f9..1ead486b3 100644
--- a/pkg/webui/ui/src/components/targets-view/Projects.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Projects.tsx
@@ -1,10 +1,10 @@
-import { ProjectSummary } from "../../models";
 import { getLastPathElement } from "../../utils/misc";
 import Paper from "@mui/material/Paper";
 import { Box, Typography } from "@mui/material";
 import React from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { ProjectIcon } from "../../icons/Icons";
+import { ProjectSummary } from "../../project-summaries";
 
 export const ProjectItem = (props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
index b3d45a96b..848db14bc 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
@@ -1,4 +1,3 @@
-import { TargetSummary } from "../../models";
 import { Box, Drawer, ThemeProvider } from "@mui/material";
 import { SidePanel, SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import React from "react";
@@ -7,6 +6,7 @@ import { DiffStatus } from "../result-view/nodes/NodeData";
 import { ChangesTable } from "../result-view/ChangesTable";
 import { ErrorsTable } from "../ErrorsTable";
 import { dark } from "../theme";
+import { TargetSummary } from "../../project-summaries";
 
 class MyProvider implements SidePanelProvider {
     private ts?: TargetSummary;
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 530874065..281622fd0 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -1,12 +1,13 @@
-import { KluctlDeploymentInfo, ProjectSummary, TargetSummary } from "../../models";
+import { KluctlDeploymentInfo } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import Paper from "@mui/material/Paper";
 import { Box, Typography, useTheme } from "@mui/material";
 import React from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
-import { getApi } from "../../api";
+import { api } from "../../api";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -57,8 +58,7 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
     actionMenuItems.push({
         icon: <PublishedWithChanges />,
         text: "Validate now",
-        handler: async () => {
-            const api = await getApi()
+        handler: () => {
             api.validateNow(props.ps.project, props.ts.target)
         }
     })
@@ -81,16 +81,14 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
             text: "Reconcile",
-            handler: async () => {
-                const api = await getApi()
+            handler: () => {
                 api.reconcileNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
             text: "Deploy",
-            handler: async () => {
-                const api = await getApi()
+            handler: () => {
                 api.deployNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
             }
         })
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index f0d2a073c..5eb732de9 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,9 +1,8 @@
-import { useLoaderData } from "react-router-dom";
-import { CommandResultSummary, ProjectSummary, TargetSummary } from "../../models";
+import { CommandResultSummary } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useEffect, useState } from "react";
-import { useAppOutletContext } from "../App";
-import { getApi } from "../../api";
+import React, { useCallback, useContext, useEffect, useState } from "react";
+import { AppContext, useAppOutletContext } from "../App";
+import { api } from "../../api";
 import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
@@ -11,18 +10,14 @@ import { CommandResultItem } from "./CommandResultItem";
 import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { Card, CardCol, CardRow, cardGap, cardHeight, cardWidth, projectCardHeight } from "./Card";
+import { buildProjectSummaries, ProjectSummary, TargetSummary } from "../../project-summaries";
+import { sum } from "lodash";
 
 const colWidth = 416;
 const curveRadius = 12;
 const circleRadius = 5;
 const strokeWidth = 2;
 
-export async function projectsLoader() {
-    const api = await getApi()
-    const projects = await api.listProjects()
-    return projects
-}
-
 function ColHeader({ children }: { children: React.ReactNode }) {
     return <Box
         minWidth={colWidth}
@@ -134,11 +129,8 @@ export const TargetsView = () => {
     const [selectedCommandResult, setSelectedCommandResult] = useState<{rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary} | undefined>();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
 
-    const projects = useLoaderData() as ProjectSummary[];
-
-    useEffect(() => {
-        context.setFilters(undefined)
-    })
+    const appContext = useContext(AppContext)
+    const projects = appContext.projects
 
     const doSetSelectedCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
         setSelectedCommandResult(o);
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index d0eed1881..333a71ee5 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -815,44 +815,34 @@ export class ValidateResult {
 	    return a;
 	}
 }
-export class TargetSummary {
-    target: TargetKey;
-    lastValidateResult?: ValidateResult;
-    commandResults?: CommandResultSummary[];
+export class ShortName {
+    group?: string;
+    kind: string;
+    shortName: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
-        this.target = this.convertValues(source["target"], TargetKey);
-        this.lastValidateResult = this.convertValues(source["lastValidateResult"], ValidateResult);
-        this.commandResults = this.convertValues(source["commandResults"], CommandResultSummary);
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.shortName = source["shortName"];
     }
+}
+export class UnstructuredObject {
 
-	convertValues(a: any, classs: any, asMap: boolean = false): any {
-	    if (!a) {
-	        return a;
-	    }
-	    if (a.slice) {
-	        return (a as any[]).map(elem => this.convertValues(elem, classs));
-	    } else if ("object" === typeof a) {
-	        if (asMap) {
-	            for (const key of Object.keys(a)) {
-	                a[key] = new classs(a[key]);
-	            }
-	            return a;
-	        }
-	        return new classs(a);
-	    }
-	    return a;
-	}
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+
+    }
 }
-export class ProjectSummary {
+export class ProjectTargetKey {
     project: ProjectKey;
-    targets: TargetSummary[];
+    target: TargetKey;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.project = this.convertValues(source["project"], ProjectKey);
-        this.targets = this.convertValues(source["targets"], TargetSummary);
+        this.target = this.convertValues(source["target"], TargetKey);
     }
 
 	convertValues(a: any, classs: any, asMap: boolean = false): any {
@@ -872,25 +862,4 @@ export class ProjectSummary {
 	    }
 	    return a;
 	}
-}
-
-export class ShortName {
-    group?: string;
-    kind: string;
-    shortName: string;
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-        this.group = source["group"];
-        this.kind = source["kind"];
-        this.shortName = source["shortName"];
-    }
-}
-export class UnstructuredObject {
-
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-
-    }
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
new file mode 100644
index 000000000..17d4a526c
--- /dev/null
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -0,0 +1,77 @@
+import {
+    CommandResultSummary,
+    ProjectKey,
+    ProjectTargetKey, TargetKey, ValidateResult,
+} from "./models";
+import _ from "lodash";
+
+export interface TargetSummary {
+    target: TargetKey;
+    lastValidateResult?: ValidateResult;
+    commandResults: CommandResultSummary[];
+}
+
+export interface ProjectSummary {
+    project: ProjectKey;
+    targets: TargetSummary[];
+}
+
+export function compareSummaries(a: CommandResultSummary, b: CommandResultSummary) {
+    return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime) ||
+        b.commandInfo.endTime.localeCompare(b.commandInfo.endTime) ||
+        (b.commandInfo.command || "").localeCompare(a.commandInfo.command || "")
+}
+
+export function buildProjectSummaries(summaries: Map<string, CommandResultSummary>, validateResults: Map<string, ValidateResult>) {
+    const sorted = Array.from(summaries.values())
+    sorted.sort(compareSummaries)
+
+    const m = new Map<string, ProjectSummary>()
+    sorted.forEach(rs => {
+        const projectKey = JSON.stringify(rs.projectKey)
+
+        let p = m.get(projectKey)
+        if (!p) {
+            p = {
+                project: rs.projectKey,
+                targets: []
+            }
+            m.set(projectKey, p)
+        }
+
+        const ptKey = new ProjectTargetKey()
+        ptKey.project = rs.projectKey
+        ptKey.target = rs.targetKey
+
+        const vr = validateResults.get(JSON.stringify(ptKey))
+
+        let target = p.targets.find(t => _.isEqual(t.target, rs.targetKey))
+        if (!target) {
+            target = {
+                target: rs.targetKey,
+                lastValidateResult: vr,
+                commandResults: []
+            }
+            p.targets.push(target)
+        }
+
+        target.commandResults.push(rs)
+    })
+
+    const ret: ProjectSummary[] = []
+    m.forEach(p => {
+        p.targets.sort((a, b) => {
+            return (a.target.targetName || "").localeCompare(b.target.targetName || "") ||
+                a.target.clusterId.localeCompare(b.target.clusterId) ||
+                (a.target.discriminator || "")?.localeCompare(b.target.discriminator || "")
+        })
+        ret.push(p)
+    })
+
+    ret.sort((a, b) => {
+        return (a.project.gitRepoKey || "").localeCompare(b.project.gitRepoKey || "") ||
+            (a.project.subDir || "").localeCompare(b.project.subDir || "")
+    })
+
+    return ret
+}
\ No newline at end of file
diff --git a/pkg/webui/validator.go b/pkg/webui/validator.go
index 78ba366bf..6b524ca76 100644
--- a/pkg/webui/validator.go
+++ b/pkg/webui/validator.go
@@ -11,7 +11,9 @@ import (
 )
 
 const shortValidationInterval = time.Second * 15
-const longValidationInterval = time.Minute * 5
+const longValidationInterval = time.Minute * 1
+
+type validateResultHandler func(key ProjectTargetKey, r *result.ValidateResult)
 
 type validatorManager struct {
 	ctx context.Context
@@ -19,22 +21,23 @@ type validatorManager struct {
 	store results.ResultStore
 	cam   *clusterAccessorManager
 
-	validators map[projectTargetKey]*validatorEntry
+	validators map[ProjectTargetKey]*validatorEntry
+	handlers   map[int]validateResultHandler
+	nextId     int
 	mutex      sync.Mutex
 }
 
-type projectTargetKey struct {
+type ProjectTargetKey struct {
 	Project result.ProjectKey `json:"project"`
 	Target  result.TargetKey  `json:"target"`
 }
 
 type validatorEntry struct {
 	vm             *validatorManager
-	key            projectTargetKey
+	key            ProjectTargetKey
 	ch             chan bool
 	validateResult *result.ValidateResult
 	err            error
-	mutex          sync.Mutex
 }
 
 func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager) *validatorManager {
@@ -42,7 +45,8 @@ func newValidatorManager(ctx context.Context, store results.ResultStore, cam *cl
 		ctx:        ctx,
 		store:      store,
 		cam:        cam,
-		validators: map[projectTargetKey]*validatorEntry{},
+		validators: map[ProjectTargetKey]*validatorEntry{},
+		handlers:   map[int]validateResultHandler{},
 	}
 }
 
@@ -53,31 +57,29 @@ func (vm *validatorManager) start() {
 			return
 		}
 
-		projects := result.BuildProjectSummaries(summaries)
-
-		found := map[projectTargetKey]bool{}
-		for _, project := range projects {
-			for _, target := range project.Targets {
-				k := projectTargetKey{
-					Project: project.Project,
-					Target:  target.Target,
-				}
-
-				vm.mutex.Lock()
-				_, ok := vm.validators[k]
-				if !ok {
-					v := &validatorEntry{
-						vm:  vm,
-						key: k,
-						ch:  make(chan bool),
-					}
-					vm.validators[k] = v
-					go v.run()
+		found := map[ProjectTargetKey]bool{}
+		for _, rs := range summaries {
+			k := ProjectTargetKey{
+				Project: rs.ProjectKey,
+				Target:  rs.TargetKey,
+			}
+			if _, ok := found[k]; ok {
+				continue
+			}
+			vm.mutex.Lock()
+			_, ok := vm.validators[k]
+			if !ok {
+				v := &validatorEntry{
+					vm:  vm,
+					key: k,
+					ch:  make(chan bool),
 				}
-				vm.mutex.Unlock()
-
-				found[k] = true
+				vm.validators[k] = v
+				go v.run()
 			}
+			vm.mutex.Unlock()
+
+			found[k] = true
 		}
 
 		vm.mutex.Lock()
@@ -98,7 +100,29 @@ func (vm *validatorManager) start() {
 	}()
 }
 
-func (vm *validatorManager) getValidateResult(key projectTargetKey) (*result.ValidateResult, error) {
+func (vm *validatorManager) addHandler(h validateResultHandler) func() {
+	vm.mutex.Lock()
+	defer vm.mutex.Unlock()
+
+	id := vm.nextId
+	vm.nextId++
+
+	vm.handlers[id] = h
+
+	for _, v := range vm.validators {
+		if v.validateResult != nil {
+			h(v.key, v.validateResult)
+		}
+	}
+
+	return func() {
+		vm.mutex.Lock()
+		defer vm.mutex.Unlock()
+		delete(vm.handlers, id)
+	}
+}
+
+func (vm *validatorManager) getValidateResult(key ProjectTargetKey) (*result.ValidateResult, error) {
 	vm.mutex.Lock()
 	defer vm.mutex.Unlock()
 	v := vm.validators[key]
@@ -108,7 +132,7 @@ func (vm *validatorManager) getValidateResult(key projectTargetKey) (*result.Val
 	return v.validateResult, v.err
 }
 
-func (vm *validatorManager) validateNow(key projectTargetKey) bool {
+func (vm *validatorManager) validateNow(key ProjectTargetKey) bool {
 	vm.mutex.Lock()
 	defer vm.mutex.Unlock()
 	v := vm.validators[key]
@@ -130,21 +154,19 @@ func (v *validatorEntry) run() {
 		if err != nil {
 			return
 		}
-		projects := result.BuildProjectSummaries(summaries)
 
-		longWait := false
-	outer:
-		for _, p := range projects {
-			if p.Project == v.key.Project {
-				for _, t := range p.Targets {
-					if t.Target == v.key.Target {
-						longWait = v.runOnce(t)
-						break outer
-					}
-				}
+		var targetSummaries []result.CommandResultSummary
+		for _, rs := range summaries {
+			if rs.TargetKey == v.key.Target {
+				targetSummaries = append(targetSummaries, rs)
 			}
 		}
 
+		longWait := false
+		if len(targetSummaries) != 0 {
+			longWait = v.runOnce(targetSummaries)
+		}
+
 		waitTime := shortValidationInterval
 		if longWait {
 			waitTime = longValidationInterval
@@ -173,11 +195,11 @@ func (v *validatorEntry) findFullProjectResult(summaries []result.CommandResultS
 	return nil
 }
 
-func (v *validatorEntry) runOnce(target *result.TargetSummary) bool {
+func (v *validatorEntry) runOnce(summaries []result.CommandResultSummary) bool {
 	s := status.Start(v.vm.ctx, "Validating: %v", v.key)
 	defer s.Failed()
 
-	summary := v.findFullProjectResult(target.CommandResults)
+	summary := v.findFullProjectResult(summaries)
 	if summary == nil {
 		s.FailedWithMessage("No result summaries for %v", v.key)
 		return false
@@ -214,10 +236,14 @@ func (v *validatorEntry) runOnce(target *result.TargetSummary) bool {
 	}
 	s.Success()
 
-	v.mutex.Lock()
-	defer v.mutex.Unlock()
+	v.vm.mutex.Lock()
+	defer v.vm.mutex.Unlock()
 	v.validateResult = vr
 	v.err = err
 
+	for _, h := range v.vm.handlers {
+		h(v.key, vr)
+	}
+
 	return true
 }
diff --git a/pkg/webui/websocket.go b/pkg/webui/websocket.go
new file mode 100644
index 000000000..978642ffb
--- /dev/null
+++ b/pkg/webui/websocket.go
@@ -0,0 +1,108 @@
+package webui
+
+import (
+	"context"
+	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"net/http"
+	"nhooyr.io/websocket"
+	"time"
+)
+
+func (s *CommandResultsServer) ws(c *gin.Context) {
+	args := struct {
+		FilterProject string `form:"filterProject"`
+		FilterSubDir  string `form:"filterSubDir"`
+	}{}
+	err := c.BindQuery(&args)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	conn, err := websocket.Accept(c.Writer, c.Request, &websocket.AcceptOptions{
+		InsecureSkipVerify: true,
+	})
+	if err != nil {
+		//s.logf("%v", err)
+		return
+	}
+	defer conn.Close(websocket.StatusInternalError, "the sky is falling")
+
+	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	var filter *result.ProjectKey
+	if args.FilterProject != "" {
+		filter = &result.ProjectKey{
+			GitRepoKey: repoKey,
+			SubDir:     args.FilterSubDir,
+		}
+	}
+
+	sendMessage := func(msg string) error {
+		ctx, cancel := context.WithTimeout(s.ctx, 500*time.Millisecond)
+		defer cancel()
+		w, err := conn.Writer(ctx, websocket.MessageText)
+		if err != nil {
+			return err
+		}
+		_, err = w.Write([]byte(msg))
+		if err != nil {
+			_ = w.Close()
+			return err
+		}
+		err = w.Close()
+		if err != nil {
+			ctx = nil
+		}
+		return err
+	}
+
+	cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter},
+		func(summary *result.CommandResultSummary) {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type":    "update_summary",
+				"summary": summary,
+			})
+			_ = sendMessage(x)
+		}, func(id string) {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type": "delete_summary",
+				"id":   id,
+			})
+			_ = sendMessage(x)
+		},
+	)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+	defer cancel()
+
+	h := s.vam.addHandler(func(key ProjectTargetKey, r *result.ValidateResult) {
+		x := yaml.WriteJsonStringMust(map[string]any{
+			"type":   "validate_result",
+			"key":    key,
+			"result": r,
+		})
+		_ = sendMessage(x)
+	})
+	defer h()
+
+	_, _, err = conn.Read(s.ctx)
+	if err != nil {
+		cs := websocket.CloseStatus(err)
+		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
+			return
+		}
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+}

From 64758af361ce666712744198fb9bf93e5db233a5 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Fri, 9 Jun 2023 06:51:52 +0600
Subject: [PATCH 1151/2268] Added animations.

---
 .../result-view/CommandResultView.tsx         |   2 +-
 .../CommandResultDetailsDrawer.tsx            | 117 ++++++++++++++----
 .../targets-view/CommandResultItem.tsx        |  33 ++---
 .../components/targets-view/TargetsView.tsx   |  29 +++--
 4 files changed, 132 insertions(+), 49 deletions(-)

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index d5a02d6c7..79fa85254 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -3,7 +3,7 @@ import { useState } from 'react';
 import { Box, Checkbox, CheckboxProps, Divider, Drawer, FormControlLabel, ThemeProvider, Typography } from "@mui/material";
 import { CommandResult, CommandResultSummary, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
-import { SidePanel, SidePanelProvider } from "./SidePanel";
+import { SidePanel } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useLoaderData } from "react-router-dom";
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index ee83051a1..be88c7ecf 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,16 +1,17 @@
 import { CommandResultSummary } from "../../models";
 import { api, usePromise } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import { Suspense, useEffect, useState } from "react";
+import { Suspense, useEffect, useMemo, useRef, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
 import { SidePanel } from "../result-view/SidePanel";
 import { Box, Drawer, ThemeProvider, useTheme } from "@mui/material";
 import { Loading } from "../Loading";
 import { dark } from "../theme";
-import { Card, CardCol } from "./Card";
+import { Card, cardGap, cardHeight } from "./Card";
 import { CommandResultItem } from "./CommandResultItem";
 import React from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { cardWidth } from "./Card";
 
 const sidePanelWidth = 720;
 
@@ -22,7 +23,7 @@ async function doGetRootNode(rs: CommandResultSummary) {
         summary: rs,
         commandResult: await r,
     })
-    const [node, nodeMap] = builder.buildRoot()
+    const [node] = builder.buildRoot()
     return node
 }
 
@@ -30,13 +31,16 @@ export const CommandResultDetailsDrawer = React.memo((props: {
     rs?: CommandResultSummary,
     ts?: TargetSummary,
     ps?: ProjectSummary,
-    onClose: () => void
+    onClose: () => void,
+    selectedCardRect?: DOMRect
 }) => {
-    const { ps, ts } = props;
+    const { ps, ts, selectedCardRect } = props;
     const theme = useTheme();
     const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined));
     const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary | undefined>();
     const [prevTargetSummary, setPrevTargetSummary] = useState<TargetSummary | undefined>(ts);
+    const [cardsCoords, setCardsCoords] = useState<{ left: number, top: number }[]>([]);
+    const [transitionRunning, setTransitionRunning] = useState(false);
 
     if (prevTargetSummary !== ts) {
         setPrevTargetSummary(ts);
@@ -55,8 +59,81 @@ export const CommandResultDetailsDrawer = React.memo((props: {
         return <SidePanel provider={node} onClose={props.onClose} />
     }
 
+    const cardsContainerElem = useRef<HTMLElement>();
+
+    useEffect(() => {
+        const rect = cardsContainerElem.current?.getBoundingClientRect();
+        if (!rect || !selectedCardRect || !ts?.commandResults) {
+            setCardsCoords([]);
+            return;
+        }
+
+        const initialCoords = ts.commandResults.map(() => ({
+            left: selectedCardRect.left - rect.left,
+            top: selectedCardRect.top - rect.top
+        }));
+
+        setCardsCoords(initialCoords);
+        setTransitionRunning(true);
+    }, [selectedCardRect, ts?.commandResults]);
+
+    useEffect(() => {
+        if (cardsCoords.length > 0) {
+            const targetCoords = cardsCoords.map((_, i) => ({
+                left: 0,
+                top: i * (cardHeight + cardGap)
+            }));
+
+            if (cardsCoords.length === targetCoords.length
+                && cardsCoords.every(({ left, top }, i) =>
+                    targetCoords[i].left === left && targetCoords[i].top === top
+                )
+            ) {
+                return;
+            }
+
+            setTimeout(() => {
+                setCardsCoords(targetCoords);
+                setTimeout(() => {
+                    setTransitionRunning(false);
+                }, theme.transitions.duration.enteringScreen)
+            }, 10);
+        }
+    }, [cardsCoords, theme.transitions.duration.enteringScreen])
+
+    const zIndex = theme.zIndex.modal + 1;
+
+    const cards = useMemo(() => {
+        if (!(ps && ts && ts.commandResults && ts.commandResults.length > 0 && cardsCoords.length > 0)) {
+            return null;
+        }
+
+        return ts.commandResults.map((rs, i) => {
+            return <Card
+                key={i}
+                sx={{
+                    position: 'absolute',
+                    translate: `${cardsCoords[i].left}px ${cardsCoords[i].top}px`,
+                    zIndex: zIndex,
+                    transition: theme.transitions.create(['translate'], {
+                        easing: theme.transitions.easing.sharp,
+                        duration: theme.transitions.duration.enteringScreen,
+                    })
+                }}
+            >
+                <CommandResultItem
+                    ps={ps}
+                    ts={ts}
+                    rs={rs}
+                    onSelectCommandResult={setSelectedCommandResult}
+                    selected={rs === selectedCommandResult}
+                />
+            </Card>
+        })
+    }, [ps, ts, cardsCoords, zIndex, theme.transitions, selectedCommandResult])
+
     return <>
-        {ps && ts &&
+        {ps && ts && ts.commandResults && ts.commandResults.length > 0 &&
             <Box
                 sx={{
                     position: 'fixed',
@@ -64,28 +141,26 @@ export const CommandResultDetailsDrawer = React.memo((props: {
                     bottom: 0,
                     right: sidePanelWidth,
                     width: `calc(100% - ${sidePanelWidth}px)`,
-                    overflow: 'auto',
+                    overflowX: 'visible',
+                    overflowY: transitionRunning ? 'visible' : 'auto',
                     display: 'flex',
                     flexDirection: 'column',
                     alignItems: 'center',
+                    justifyContent: 'center',
                     padding: '25px 0',
-                    zIndex: theme.zIndex.modal + 1
+                    zIndex: zIndex
                 }}
                 onClick={props.onClose}
             >
-                <CardCol onClick={(e) => e.stopPropagation()} flexGrow={1} justifyContent='center'>
-                    {ts.commandResults?.map((rs, i) => {
-                        return <Card key={i}>
-                            <CommandResultItem
-                                ps={ps}
-                                ts={ts}
-                                rs={rs}
-                                onSelectCommandResult={setSelectedCommandResult}
-                                selected={rs === selectedCommandResult}
-                            />
-                        </Card>
-                    })}
-                </CardCol>
+                <Box
+                    onClick={(e) => e.stopPropagation()}
+                    position='relative'
+                    width={cardWidth}
+                    height={cardHeight * ts.commandResults.length + cardGap * (ts.commandResults.length - 1)}
+                    ref={cardsContainerElem}
+                >
+                    {cards}
+                </Box>
             </Box>
         }
         <ThemeProvider theme={dark}>
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index f4b400e7f..0dee155bd 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -18,18 +18,19 @@ const calcAgo = (startTime: string) => {
     return formatDurationShort(d)
 }
 
-export const CommandResultItem = React.memo((props: { 
+export const CommandResultItem = React.memo((props: {
     ps: ProjectSummary,
     ts: TargetSummary,
-    rs: CommandResultSummary, 
+    rs: CommandResultSummary,
     onSelectCommandResult: (rs: CommandResultSummary) => void,
     selected?: boolean;
 }) => {
+    const { rs, onSelectCommandResult, selected } = props;
     const navigate = useNavigate()
-    const [ago, setAgo] = useState(calcAgo(props.rs.commandInfo.startTime))
+    const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
 
     let Icon: () => JSX.Element = DiffIcon
-    switch (props.rs.commandInfo?.command) {
+    switch (rs.commandInfo?.command) {
         case "delete":
             Icon = PruneIcon
             break
@@ -47,15 +48,15 @@ export const CommandResultItem = React.memo((props: {
             break
     }
 
-    const cmdInfoYaml = useMemo(() => {
-        return yaml.dump(props.rs.commandInfo)
-    }, [props.rs])
-    let iconTooltip = <CodeViewer code={cmdInfoYaml} language={"yaml"} />
+    const iconTooltip = useMemo(() => {
+        const cmdInfoYaml = yaml.dump(rs.commandInfo);
+        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
+    }, [rs.commandInfo]);
 
     useEffect(() => {
-        const interval = setInterval(() => setAgo(calcAgo(props.rs.commandInfo.startTime)), 5000);
+        const interval = setInterval(() => setAgo(calcAgo(rs.commandInfo.startTime)), 5000);
         return () => clearInterval(interval);
-    }, [props.rs.commandInfo.startTime])
+    }, [rs.commandInfo.startTime]);
 
     return <Paper
         elevation={5}
@@ -66,9 +67,9 @@ export const CommandResultItem = React.memo((props: {
             border: '1px solid #59A588',
             boxShadow: '4px 4px 10px #1E617A',
             padding: '20px 16px 5px 16px',
-            outline: props.selected ? '8px solid #59A588' : 'none'
+            outline: selected ? '8px solid #59A588' : 'none'
         }}
-        onClick={e => props.onSelectCommandResult(props.rs)}
+        onClick={() => onSelectCommandResult(rs)}
     >
         <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
             <Box display='flex' gap='15px'>
@@ -85,9 +86,9 @@ export const CommandResultItem = React.memo((props: {
                         overflow='hidden'
                         flexGrow={1}
                     >
-                        {props.rs.commandInfo?.command}
+                        {rs.commandInfo?.command}
                     </Typography>
-                    <Tooltip title={props.rs.commandInfo.startTime}>
+                    <Tooltip title={rs.commandInfo.startTime}>
                         <Typography
                             variant='subtitle1'
                             textAlign='left'
@@ -103,13 +104,13 @@ export const CommandResultItem = React.memo((props: {
             </Box>
             <Box display='flex' alignItems='center' justifyContent='space-between'>
                 <Box display='flex' gap='6px' alignItems='center'>
-                    <CommandResultStatusLine rs={props.rs} />
+                    <CommandResultStatusLine rs={rs} />
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center' height='39px'>
                     <IconButton
                         onClick={e => {
                             e.stopPropagation();
-                            navigate(`/results/${props.rs.id}`);
+                            navigate(`/results/${rs.id}`);
                         }}
                         sx={{
                             padding: 0,
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 5eb732de9..2ed8c3982 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -128,27 +128,29 @@ export const TargetsView = () => {
     const context = useAppOutletContext()
     const [selectedCommandResult, setSelectedCommandResult] = useState<{rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary} | undefined>();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
+    const [selectedCardRect, setSelectedCardRect] = useState<DOMRect | undefined>();
 
     const appContext = useContext(AppContext)
     const projects = appContext.projects
 
-    const doSetSelectedCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
-        setSelectedCommandResult(o);
+    const onTargetDetailsDrawerClose = useCallback(() => {
         setSelectedTargetSummary(undefined);
     }, []);
 
-    const doSetSelectedTargetSummary = useCallback((ts?: TargetSummary) => {
+    const onCommandResultDetailsDrawerClose = useCallback(() => {
         setSelectedCommandResult(undefined);
-        setSelectedTargetSummary(ts);
+        setSelectedCardRect(undefined);
     }, []);
 
-    const onCommandResultDetailsDrawerClose = useCallback(() => {
-        doSetSelectedCommandResult(undefined);
-    }, [doSetSelectedCommandResult]);
-
-    const onTargetDetailsDrawerClose = useCallback(() => {
-        setSelectedTargetSummary(undefined);
-    }, [setSelectedTargetSummary]);
+    const doSetSelectedCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
+        onTargetDetailsDrawerClose();
+        setSelectedCommandResult(o);
+    }, [onTargetDetailsDrawerClose]);
+    
+    const doSetSelectedTargetSummary = useCallback((ts?: TargetSummary) => {
+        onCommandResultDetailsDrawerClose();
+        setSelectedTargetSummary(ts);
+    }, [onCommandResultDetailsDrawerClose]);
 
     return <Box minWidth={colWidth * 3} p='0 40px'>
         <CommandResultDetailsDrawer
@@ -156,6 +158,7 @@ export const TargetsView = () => {
             ts={selectedCommandResult?.ts}
             ps={selectedCommandResult?.ps}
             onClose={onCommandResultDetailsDrawerClose}
+            selectedCardRect={selectedCardRect}
         />
         <TargetDetailsDrawer
             ts={selectedTargetSummary}
@@ -246,6 +249,10 @@ export const TargetsView = () => {
                                             zIndex: -i,
                                             display: i < 4 ? 'flex' : 'none'
                                         }}
+                                        onClick={(e) => {
+                                            const rect = e.currentTarget.getBoundingClientRect();
+                                            setSelectedCardRect(rect);
+                                        }}
                                     >
                                         <CommandResultItem
                                             ps={ps}

From e3d53a45446de2d29418b2b1fee2495ebfb00738 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 10:08:59 +0200
Subject: [PATCH 1152/2268] fix: Enlarge TargetDetailsDrawer

---
 .../ui/src/components/targets-view/TargetDetailsDrawer.tsx      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
index 848db14bc..7b60afdea 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
@@ -104,7 +104,7 @@ export const TargetDetailsDrawer = React.memo((props: { ts?: TargetSummary, onCl
             onClose={props.onClose}
             ModalProps={{ BackdropProps: { invisible: true } }}
         >
-            <Box width={"382px"} height={"100%"}>
+            <Box width={"600px"} height={"100%"}>
                 <SidePanel provider={new MyProvider(props.ts)} onClose={props.onClose} />
             </Box>
         </Drawer>

From 5574285f7f57d3c30b8b75c064b21a93ab712149 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 11:33:22 +0200
Subject: [PATCH 1153/2268] chore: Optimize imports

---
 pkg/webui/ui/src/components/App.tsx                   |  2 +-
 pkg/webui/ui/src/components/LeftDrawer.tsx            |  2 +-
 .../src/components/result-view/CommandResultView.tsx  | 11 ++++++++++-
 .../src/components/result-view/nodes/ObjectNode.tsx   |  8 +-------
 .../targets-view/CommandResultDetailsDrawer.tsx       |  6 ++----
 .../src/components/targets-view/CommandResultItem.tsx |  3 +--
 .../ui/src/components/targets-view/TargetsView.tsx    |  8 +++-----
 pkg/webui/ui/src/components/theme.ts                  |  2 +-
 pkg/webui/ui/src/project-summaries.ts                 |  6 +-----
 9 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 3c6fa4a20..e41af9bd3 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,4 @@
-import React, { createContext, Dispatch, SetStateAction, useCallback, useEffect, useMemo, useState } from 'react';
+import React, { createContext, Dispatch, SetStateAction, useEffect, useMemo, useState } from 'react';
 
 import '../index.css';
 import { Box, ThemeProvider } from "@mui/material";
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 5bd0db728..75e4d18bb 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -13,7 +13,7 @@ import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
 import { Link, useLocation, useNavigate } from "react-router-dom";
 import { AppOutletContext } from "./App";
-import { KluctlLogo, TargetsIcon, KluctlText, SearchIcon, ArrowLeftIcon } from '../icons/Icons';
+import { ArrowLeftIcon, KluctlLogo, KluctlText, SearchIcon, TargetsIcon } from '../icons/Icons';
 import { dark } from './theme';
 import { Typography } from '@mui/material';
 
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 79fa85254..70c16cb4b 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,6 +1,15 @@
 import * as React from 'react';
 import { useState } from 'react';
-import { Box, Checkbox, CheckboxProps, Divider, Drawer, FormControlLabel, ThemeProvider, Typography } from "@mui/material";
+import {
+    Box,
+    Checkbox,
+    CheckboxProps,
+    Divider,
+    Drawer,
+    FormControlLabel,
+    ThemeProvider,
+    Typography
+} from "@mui/material";
 import { CommandResult, CommandResultSummary, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
diff --git a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
index ec851d53f..24b14c524 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
@@ -2,13 +2,7 @@ import React from 'react';
 
 import { ObjectRef } from "../../../models";
 import { NodeData } from "./NodeData";
-import {
-    PublishedWithChanges,
-    Settings,
-    SettingsEthernet,
-    SmartToy,
-    SvgIconComponent
-} from "@mui/icons-material";
+import { PublishedWithChanges, Settings, SettingsEthernet, SmartToy, SvgIconComponent } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
 import { findObjectByRef, ObjectType } from "../../../api";
 import { CommandResultProps } from "../CommandResultView";
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index be88c7ecf..d4c7aee8c 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,17 +1,15 @@
 import { CommandResultSummary } from "../../models";
 import { api, usePromise } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import { Suspense, useEffect, useMemo, useRef, useState } from "react";
+import React, { Suspense, useEffect, useMemo, useRef, useState } from "react";
 import { NodeData } from "../result-view/nodes/NodeData";
 import { SidePanel } from "../result-view/SidePanel";
 import { Box, Drawer, ThemeProvider, useTheme } from "@mui/material";
 import { Loading } from "../Loading";
 import { dark } from "../theme";
-import { Card, cardGap, cardHeight } from "./Card";
+import { Card, cardGap, cardHeight, cardWidth } from "./Card";
 import { CommandResultItem } from "./CommandResultItem";
-import React from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { cardWidth } from "./Card";
 
 const sidePanelWidth = 720;
 
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 0dee155bd..76c86de0c 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,6 +1,5 @@
-import React from "react";
+import React, { useEffect, useMemo, useState } from "react";
 import { CommandResultSummary } from "../../models";
-import { useEffect, useMemo, useState } from "react";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
 import Paper from "@mui/material/Paper";
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 2ed8c3982..ef04d8c9c 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,17 +1,15 @@
 import { CommandResultSummary } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useContext, useEffect, useState } from "react";
+import React, { useCallback, useContext, useState } from "react";
 import { AppContext, useAppOutletContext } from "../App";
-import { api } from "../../api";
 import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
-import { Card, CardCol, CardRow, cardGap, cardHeight, cardWidth, projectCardHeight } from "./Card";
-import { buildProjectSummaries, ProjectSummary, TargetSummary } from "../../project-summaries";
-import { sum } from "lodash";
+import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
 
 const colWidth = 416;
 const curveRadius = 12;
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index 701d20a15..85c0250e6 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -1,4 +1,4 @@
-import { PaletteOptions, ThemeOptions, createTheme } from '@mui/material/styles';
+import { createTheme, PaletteOptions, ThemeOptions } from '@mui/material/styles';
 
 const paletteDark = {
     primary: { main: '#DFEBE9' },
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 17d4a526c..62a6a5011 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,8 +1,4 @@
-import {
-    CommandResultSummary,
-    ProjectKey,
-    ProjectTargetKey, TargetKey, ValidateResult,
-} from "./models";
+import { CommandResultSummary, ProjectKey, ProjectTargetKey, TargetKey, ValidateResult, } from "./models";
 import _ from "lodash";
 
 export interface TargetSummary {

From 9fd6b036b40bb511c9d868e9d754b5ee1fb28d64 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 12:42:10 +0200
Subject: [PATCH 1154/2268] fix: Rename react app to kluctl-webui

---
 pkg/webui/ui/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 68d21f982..2efb3d9b1 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "react-demo",
+  "name": "kluctl-webui",
   "version": "0.1.0",
   "homepage": "./",
   "private": true,

From 5faeb119a8807c535c5eb8fecf3ab66ebab14ae0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 12:43:25 +0200
Subject: [PATCH 1155/2268] feat: Introduce fix-assets

---
 pkg/webui/ui/fix-assets/main.go | 119 ++++++++++++++++++++++++++++++++
 pkg/webui/ui/package.json       |   5 +-
 2 files changed, 122 insertions(+), 2 deletions(-)
 create mode 100644 pkg/webui/ui/fix-assets/main.go

diff --git a/pkg/webui/ui/fix-assets/main.go b/pkg/webui/ui/fix-assets/main.go
new file mode 100644
index 000000000..76132b6a9
--- /dev/null
+++ b/pkg/webui/ui/fix-assets/main.go
@@ -0,0 +1,119 @@
+package main
+
+import (
+	"encoding/json"
+	"io/fs"
+	"k8s.io/apimachinery/pkg/util/rand"
+	"os"
+	"path"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+type assetManifest struct {
+	Files       map[string]string `json:"files"`
+	Entrypoints []string          `json:"entrypoints"`
+}
+
+func main() {
+	doError := func(err error) {
+		if err == nil {
+			return
+		}
+		os.Stderr.WriteString(err.Error() + "\n")
+		os.Exit(1)
+	}
+
+	err := os.Chdir("build")
+	doError(err)
+
+	s, err := os.ReadFile("asset-manifest.json")
+	doError(err)
+
+	var manifest assetManifest
+	err = json.Unmarshal(s, &manifest)
+	doError(err)
+
+	hashRegex := regexp.MustCompile(`([a-z-0-9-_]*)(\.[a-f0-9]*)(\.chunk)?\.(js|css)(\.map)?`)
+
+	newEntries := map[string]string{}
+	for p1, p2 := range manifest.Files {
+		oldName := path.Base(p2)
+		newName := path.Base(p1)
+		oldPath := path.Join(path.Dir(p2), oldName)
+		newPath := path.Join(path.Dir(p2), newName)
+
+		m := hashRegex.FindSubmatch([]byte(newName))
+		if m != nil {
+			s := strings.Split(newName, ".")
+			// get rid of hash
+			s = append(s[0:1], s[2:]...)
+			newName = strings.Join(s, ".")
+			newPath = path.Join(path.Dir(p2), newName)
+
+			delete(manifest.Files, p1)
+			newEntries[newName] = newPath
+		} else {
+			manifest.Files[p1] = newPath
+		}
+
+		// we assume that .map files are implicitly replaced by the non-.map versions
+		if !strings.HasSuffix(oldName, ".map") {
+			err = replaceInFiles(".", oldName, newName+"?f="+oldName)
+			doError(err)
+		}
+
+		err = os.Rename(oldPath, newPath)
+		doError(err)
+
+		for i, e := range manifest.Entrypoints {
+			if path.Base(e) == oldName {
+				manifest.Entrypoints[i] = path.Join(path.Dir(e), newName)
+			}
+		}
+	}
+	for k, v := range newEntries {
+		manifest.Files[k] = v
+	}
+
+	s, err = json.MarshalIndent(&manifest, "", "  ")
+	doError(err)
+	err = os.WriteFile("asset-manifest.json", s, 0o600)
+	doError(err)
+}
+
+func replaceInFiles(dir string, s string, r string) error {
+	return filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
+		if d.IsDir() {
+			return nil
+		}
+		f, err := os.ReadFile(path)
+		if err != nil {
+			return err
+		}
+
+		dummy1 := rand.String(32)
+		dummy2 := rand.String(32)
+
+		f2 := string(f)
+
+		f2 = strings.ReplaceAll(f2, "f="+s, dummy1)
+		f2 = strings.ReplaceAll(f2, s+".map", dummy2)
+
+		f2 = strings.ReplaceAll(f2, s, r)
+
+		f2 = strings.ReplaceAll(f2, dummy1, "f="+s)
+		f2 = strings.ReplaceAll(f2, dummy2, s+".map")
+
+		if strings.Compare(string(f), f2) == 0 {
+			return nil
+		}
+
+		err = os.WriteFile(path, []byte(f2), 0o600)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+}
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 2efb3d9b1..610d3ae1a 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -36,9 +36,10 @@
   },
   "scripts": {
     "start": "react-scripts start",
-    "build": "node build",
+    "build": "node build && npm run fix-assets",
     "test": "react-scripts test",
-    "eject": "react-scripts eject"
+    "eject": "react-scripts eject",
+    "fix-assets": "go run ./fix-assets"
   },
   "eslintConfig": {
     "extends": [

From 7c6388774d4f6d745bbbf3cd9fad7a27b94d94b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 13:58:05 +0200
Subject: [PATCH 1156/2268] ci: Check for up-to-date webui build

---
 .github/workflows/tests.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2a4ffa48f..cb0239ea7 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -19,6 +19,11 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: '1.19'
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: pkg/webui/ui/package-lock.json
       - uses: actions/cache@v3
         with:
           path: |
@@ -66,6 +71,17 @@ jobs:
             git diff
             exit 1
           fi
+      - name: Verify webui build is up-to-date
+        run: |
+          cd pkg/webui/ui
+          npm install
+          npm run build
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "npm run build must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   tests:
     strategy:

From 52b6f6e84948d94861beb0258ce5934554d780db Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 14:25:17 +0200
Subject: [PATCH 1157/2268] chore: Update all npm packages

---
 pkg/webui/ui/package-lock.json | 5917 ++++++++++++--------------------
 pkg/webui/ui/package.json      |   23 +-
 2 files changed, 2152 insertions(+), 3788 deletions(-)

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index a31048de4..fa6d08424 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -1,26 +1,27 @@
 {
-  "name": "react-demo",
+  "name": "kluctl-webui",
   "version": "0.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "react-demo",
+      "name": "kluctl-webui",
       "version": "0.1.0",
       "dependencies": {
-        "@emotion/react": "^11.10.6",
-        "@emotion/styled": "^11.10.6",
-        "@fontsource-variable/nunito": "^5.0.2",
-        "@mui/icons-material": "^5.11.11",
+        "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
+        "@emotion/react": "^11.11.1",
+        "@emotion/styled": "^11.11.0",
+        "@fontsource-variable/nunito": "^5.0.3",
+        "@mui/icons-material": "^5.11.16",
         "@mui/lab": "^5.0.0-alpha.124",
-        "@mui/material": "^5.11.14",
+        "@mui/material": "^5.13.4",
         "@testing-library/jest-dom": "^5.16.5",
         "@testing-library/react": "^13.4.0",
         "@testing-library/user-event": "^13.5.0",
         "@types/jest": "^27.5.2",
-        "@types/node": "^16.18.18",
-        "@types/react": "^18.0.28",
-        "@types/react-dom": "^18.0.11",
+        "@types/node": "^16.18.34",
+        "@types/react": "^18.2.9",
+        "@types/react-dom": "^18.2.4",
         "jdenticon": "^3.2.0",
         "js-sha256": "^0.9.0",
         "js-yaml": "^4.1.0",
@@ -30,7 +31,7 @@
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
         "react-router": "^6.10.0",
-        "react-router-dom": "^6.10.0",
+        "react-router-dom": "^6.12.1",
         "react-scripts": "5.0.1",
         "react-syntax-highlighter": "^15.5.0",
         "sort-by": "^1.2.0",
@@ -39,8 +40,8 @@
       },
       "devDependencies": {
         "@types/js-yaml": "^4.0.5",
-        "@types/lodash": "^4.14.192",
-        "@types/react-syntax-highlighter": "^15.5.6",
+        "@types/lodash": "^4.14.195",
+        "@types/react-syntax-highlighter": "^15.5.7",
         "rewire": "^6.0.0"
       }
     },
@@ -49,12 +50,23 @@
       "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.2.0.tgz",
       "integrity": "sha512-E09FiIft46CmH5Qnjb0wsW54/YQd69LsxeKUOWawmws1XWvyFGURnAChH0mlr7YPFR1ofwvUQfcL0J3lMxXqPA=="
     },
+    "node_modules/@alloc/quick-lru": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz",
+      "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@ampproject/remapping": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.0.tgz",
-      "integrity": "sha512-qRmjj8nj9qmLTQXXmaR1cck3UXSRMPrbsLJAasZpF+t3riI71BXed5ebIOYwQntykeZuhjsdweEc9BxH5Jc26w==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz",
+      "integrity": "sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==",
       "dependencies": {
-        "@jridgewell/gen-mapping": "^0.1.0",
+        "@jridgewell/gen-mapping": "^0.3.0",
         "@jridgewell/trace-mapping": "^0.3.9"
       },
       "engines": {
@@ -62,39 +74,39 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.18.6.tgz",
-      "integrity": "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.5.tgz",
+      "integrity": "sha512-Xmwn266vad+6DAqEB2A6V/CcZVp62BbwVmcOJc2RPuwih1kw02TjQvWVWlcKGbBPd+8/0V5DEkOcizRGYsspYQ==",
       "dependencies": {
-        "@babel/highlight": "^7.18.6"
+        "@babel/highlight": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.21.0.tgz",
-      "integrity": "sha512-gMuZsmsgxk/ENC3O/fRw5QY8A9/uxQbbCEypnLIiYYc/qVJtEV7ouxC3EllIIwNzMqAQee5tanFabWsUOutS7g==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.22.5.tgz",
+      "integrity": "sha512-4Jc/YuIaYqKnDDz892kPIledykKg12Aw1PYX5i/TY28anJtacvM1Rrr8wbieB9GfEJwlzqT0hUEao0CxEebiDA==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.21.3.tgz",
-      "integrity": "sha512-qIJONzoa/qiHghnm0l1n4i/6IIziDpzqc36FBs4pzMhDUraHqponwJLiAKm1hGLP3OSB/TVNz6rMwVGpwxxySw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.22.5.tgz",
+      "integrity": "sha512-SBuTAjg91A3eKOvD+bPEz3LlhHZRNu1nFOVts9lzDJTXshHTjII0BAtDS3Y2DAkdZdDKWVZGVwkDfc4Clxn1dg==",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
-        "@babel/code-frame": "^7.18.6",
-        "@babel/generator": "^7.21.3",
-        "@babel/helper-compilation-targets": "^7.20.7",
-        "@babel/helper-module-transforms": "^7.21.2",
-        "@babel/helpers": "^7.21.0",
-        "@babel/parser": "^7.21.3",
-        "@babel/template": "^7.20.7",
-        "@babel/traverse": "^7.21.3",
-        "@babel/types": "^7.21.3",
+        "@babel/code-frame": "^7.22.5",
+        "@babel/generator": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-module-transforms": "^7.22.5",
+        "@babel/helpers": "^7.22.5",
+        "@babel/parser": "^7.22.5",
+        "@babel/template": "^7.22.5",
+        "@babel/traverse": "^7.22.5",
+        "@babel/types": "^7.22.5",
         "convert-source-map": "^1.7.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
@@ -118,9 +130,9 @@
       }
     },
     "node_modules/@babel/eslint-parser": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.21.3.tgz",
-      "integrity": "sha512-kfhmPimwo6k4P8zxNs8+T7yR44q1LdpsZdE1NkCsVlfiuTPRfnGgjaF8Qgug9q9Pou17u6wneYF0lDCZJATMFg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.22.5.tgz",
+      "integrity": "sha512-C69RWYNYtrgIRE5CmTd77ZiLDXqgBipahJc/jHP3sLcAGj6AJzxNIuKNpVnICqbyK7X3pFUfEvL++rvtbQpZkQ==",
       "dependencies": {
         "@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
         "eslint-visitor-keys": "^2.1.0",
@@ -151,11 +163,11 @@
       }
     },
     "node_modules/@babel/generator": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.21.3.tgz",
-      "integrity": "sha512-QS3iR1GYC/YGUnW7IdggFeN5c1poPUurnGttOV/bZgPGV+izC/D8HnD6DLwod0fsatNyVn1G3EVWMYIF0nHbeA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.22.5.tgz",
+      "integrity": "sha512-+lcUbnTRhd0jOewtFSedLyiPsD5tswKkbgcezOqqWFUVNEwoUTlpPOBmvhG7OXWLR4jMdv0czPGH5XbflnD1EA==",
       "dependencies": {
-        "@babel/types": "^7.21.3",
+        "@babel/types": "^7.22.5",
         "@jridgewell/gen-mapping": "^0.3.2",
         "@jridgewell/trace-mapping": "^0.3.17",
         "jsesc": "^2.5.1"
@@ -164,49 +176,35 @@
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/generator/node_modules/@jridgewell/gen-mapping": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
-      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
-      "dependencies": {
-        "@jridgewell/set-array": "^1.0.1",
-        "@jridgewell/sourcemap-codec": "^1.4.10",
-        "@jridgewell/trace-mapping": "^0.3.9"
-      },
-      "engines": {
-        "node": ">=6.0.0"
-      }
-    },
     "node_modules/@babel/helper-annotate-as-pure": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.18.6.tgz",
-      "integrity": "sha512-duORpUiYrEpzKIop6iNbjnwKLAKnJ47csTyRACyEmWj0QdUrm5aqNJGHSSEQSUAvNW0ojX0dOmK9dZduvkfeXA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz",
+      "integrity": "sha512-LvBTxu8bQSQkcyKOU+a1btnNFQ1dMAd0R6PyW3arXes06F6QLWLIrd681bxRPIXlrMGR3XYnW9JyML7dP3qgxg==",
       "dependencies": {
-        "@babel/types": "^7.18.6"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.18.9.tgz",
-      "integrity": "sha512-yFQ0YCHoIqarl8BCRwBL8ulYUaZpz3bNsA7oFepAzee+8/+ImtADXNOmO5vJvsPff3qi+hvpkY/NYBTrBQgdNw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.5.tgz",
+      "integrity": "sha512-m1EP3lVOPptR+2DwD125gziZNcmoNSHGmJROKoy87loWUQyJaVXDgpmruWqDARZSmtYQ+Dl25okU8+qhVzuykw==",
       "dependencies": {
-        "@babel/helper-explode-assignable-expression": "^7.18.6",
-        "@babel/types": "^7.18.9"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-compilation-targets": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.20.7.tgz",
-      "integrity": "sha512-4tGORmfQcrc+bvrjb5y3dG9Mx1IOZjsHqQVUz7XCNHO+iTmqxWnVg3KRygjGmpRLJGdQSKuvFinbIb0CnZwHAQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.5.tgz",
+      "integrity": "sha512-Ji+ywpHeuqxB8WDxraCiqR0xfhYjiDE/e6k7FuIaANnoOFxAHskHChz4vA1mJC9Lbm01s1PVAGhQY4FUKSkGZw==",
       "dependencies": {
-        "@babel/compat-data": "^7.20.5",
-        "@babel/helper-validator-option": "^7.18.6",
+        "@babel/compat-data": "^7.22.5",
+        "@babel/helper-validator-option": "^7.22.5",
         "browserslist": "^4.21.3",
         "lru-cache": "^5.1.1",
         "semver": "^6.3.0"
@@ -227,18 +225,19 @@
       }
     },
     "node_modules/@babel/helper-create-class-features-plugin": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.21.0.tgz",
-      "integrity": "sha512-Q8wNiMIdwsv5la5SPxNYzzkPnjgC0Sy0i7jLkVOCdllu/xcVNkr3TeZzbHBJrj+XXRqzX5uCyCoV9eu6xUG7KQ==",
-      "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-function-name": "^7.21.0",
-        "@babel/helper-member-expression-to-functions": "^7.21.0",
-        "@babel/helper-optimise-call-expression": "^7.18.6",
-        "@babel/helper-replace-supers": "^7.20.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0",
-        "@babel/helper-split-export-declaration": "^7.18.6"
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.5.tgz",
+      "integrity": "sha512-xkb58MyOYIslxu3gKmVXmjTtUPvBU4odYzbiIQbWwLKIHCsx6UGZGX6F1IznMFVnDdirseUZopzN+ZRt8Xb33Q==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-function-name": "^7.22.5",
+        "@babel/helper-member-expression-to-functions": "^7.22.5",
+        "@babel/helper-optimise-call-expression": "^7.22.5",
+        "@babel/helper-replace-supers": "^7.22.5",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.5",
+        "semver": "^6.3.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -247,13 +246,22 @@
         "@babel/core": "^7.0.0"
       }
     },
+    "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
     "node_modules/@babel/helper-create-regexp-features-plugin": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.21.0.tgz",
-      "integrity": "sha512-N+LaFW/auRSWdx7SHD/HiARwXQju1vXTW4fKr4u5SgBUTm51OKEjKgj+cs00ggW3kEvNqwErnlwuq7Y3xBe4eg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.5.tgz",
+      "integrity": "sha512-1VpEFOIbMRaXyDeUwUfmTIxExLwQ+zkW+Bh5zXpApA3oQedBx9v/updixWxnx/bZpKw7u8VxWjb/qWpIcmPq8A==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "regexpu-core": "^5.3.1"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "regexpu-core": "^5.3.1",
+        "semver": "^6.3.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -262,10 +270,18 @@
         "@babel/core": "^7.0.0"
       }
     },
+    "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
     "node_modules/@babel/helper-define-polyfill-provider": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.3.3.tgz",
-      "integrity": "sha512-z5aQKU4IzbqCC1XH0nAqfsFLMVSo22SBKUc0BxGrLkolTdPTructy0ToNnlO2zA4j9Q/7pjMZf0DSY+DSTYzww==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.0.tgz",
+      "integrity": "sha512-RnanLx5ETe6aybRi1cO/edaRH+bNYWaryCEmjDDYyNr4wnSzyOp8T0dWipmqVHKEY3AbVKUom50AKSlj1zmKbg==",
       "dependencies": {
         "@babel/helper-compilation-targets": "^7.17.7",
         "@babel/helper-plugin-utils": "^7.16.7",
@@ -287,115 +303,104 @@
       }
     },
     "node_modules/@babel/helper-environment-visitor": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.18.9.tgz",
-      "integrity": "sha512-3r/aACDJ3fhQ/EVgFy0hpj8oHyHpQc+LPtJoY9SzTThAsStm4Ptegq92vqKoE3vD706ZVFWITnMnxucw+S9Ipg==",
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/helper-explode-assignable-expression": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-explode-assignable-expression/-/helper-explode-assignable-expression-7.18.6.tgz",
-      "integrity": "sha512-eyAYAsQmB80jNfg4baAtLeWAQHfHFiR483rzFK+BhETlGZaQC9bsfrugfXDCbRHLQbIA7U5NxhhOxN7p/dWIcg==",
-      "dependencies": {
-        "@babel/types": "^7.18.6"
-      },
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.5.tgz",
+      "integrity": "sha512-XGmhECfVA/5sAt+H+xpSg0mfrHq6FzNr9Oxh7PSEBBRUb/mL7Kz3NICXb194rCqAEdxkhPT1a88teizAFyvk8Q==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-function-name": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.21.0.tgz",
-      "integrity": "sha512-HfK1aMRanKHpxemaY2gqBmL04iAPOPRj7DxtNbiDOrJK+gdwkiNRVpCpUJYbUT+aZyemKN8brqTOxzCaG6ExRg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.22.5.tgz",
+      "integrity": "sha512-wtHSq6jMRE3uF2otvfuD3DIvVhOsSNshQl0Qrd7qC9oQJzHvOL4qQXlQn2916+CXGywIjpGuIkoyZRRxHPiNQQ==",
       "dependencies": {
-        "@babel/template": "^7.20.7",
-        "@babel/types": "^7.21.0"
+        "@babel/template": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-hoist-variables": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz",
-      "integrity": "sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz",
+      "integrity": "sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw==",
       "dependencies": {
-        "@babel/types": "^7.18.6"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-member-expression-to-functions": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.21.0.tgz",
-      "integrity": "sha512-Muu8cdZwNN6mRRNG6lAYErJ5X3bRevgYR2O8wN0yn7jJSnGDu6eG59RfT29JHxGUovyfrh6Pj0XzmR7drNVL3Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.22.5.tgz",
+      "integrity": "sha512-aBiH1NKMG0H2cGZqspNvsaBe6wNGjbJjuLy29aU+eDZjSbbN53BaxlpB02xm9v34pLTZ1nIQPFYn2qMZoa5BQQ==",
       "dependencies": {
-        "@babel/types": "^7.21.0"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-module-imports": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.18.6.tgz",
-      "integrity": "sha512-0NFvs3VkuSYbFi1x2Vd6tKrywq+z/cLeYC/RJNFrIX/30Bf5aiGYbtvGXolEktzJH8o5E5KJ3tT+nkxuuZFVlA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.22.5.tgz",
+      "integrity": "sha512-8Dl6+HD/cKifutF5qGd/8ZJi84QeAKh+CEe1sBzz8UayBBGg1dAIJrdHOcOM5b2MpzWL2yuotJTtGjETq0qjXg==",
       "dependencies": {
-        "@babel/types": "^7.18.6"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-module-transforms": {
-      "version": "7.21.2",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.21.2.tgz",
-      "integrity": "sha512-79yj2AR4U/Oqq/WOV7Lx6hUjau1Zfo4cI+JLAVYeMV5XIlbOhmjEk5ulbTc9fMpmlojzZHkUUxAiK+UKn+hNQQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.22.5.tgz",
+      "integrity": "sha512-+hGKDt/Ze8GFExiVHno/2dvG5IdstpzCq0y4Qc9OJ25D4q3pKfiIP/4Vp3/JvhDkLKsDK2api3q3fpIgiIF5bw==",
       "dependencies": {
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-module-imports": "^7.18.6",
-        "@babel/helper-simple-access": "^7.20.2",
-        "@babel/helper-split-export-declaration": "^7.18.6",
-        "@babel/helper-validator-identifier": "^7.19.1",
-        "@babel/template": "^7.20.7",
-        "@babel/traverse": "^7.21.2",
-        "@babel/types": "^7.21.2"
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-module-imports": "^7.22.5",
+        "@babel/helper-simple-access": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.5",
+        "@babel/helper-validator-identifier": "^7.22.5",
+        "@babel/template": "^7.22.5",
+        "@babel/traverse": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-optimise-call-expression": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.18.6.tgz",
-      "integrity": "sha512-HP59oD9/fEHQkdcbgFCnbmgH5vIQTJbxh2yf+CdM89/glUNnuzr87Q8GIjGEnOktTROemO0Pe0iPAYbqZuOUiA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz",
+      "integrity": "sha512-HBwaojN0xFRx4yIvpwGqxiV2tUfl7401jlok564NgB9EHS1y6QT17FmKWm4ztqjeVdXLuC4fSvHc5ePpQjoTbw==",
       "dependencies": {
-        "@babel/types": "^7.18.6"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-plugin-utils": {
-      "version": "7.20.2",
-      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.20.2.tgz",
-      "integrity": "sha512-8RvlJG2mj4huQ4pZ+rU9lqKi9ZKiRmuvGuM2HlWmkmgOhbs6zEAw6IEiJ5cQqGbDzGZOhwuOQNtZMi/ENLjZoQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.22.5.tgz",
+      "integrity": "sha512-uLls06UVKgFG9QD4OeFYLEGteMIAa5kpTPcFL28yuCIIzsf6ZyKZMllKVOCZFhiZ5ptnwX4mtKdWCBE/uT4amg==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-remap-async-to-generator": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.18.9.tgz",
-      "integrity": "sha512-dI7q50YKd8BAv3VEfgg7PS7yD3Rtbi2J1XMXaalXO0W0164hYLnh8zpjRS0mte9MfVp/tltvr/cfdXPvJr1opA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.5.tgz",
+      "integrity": "sha512-cU0Sq1Rf4Z55fgz7haOakIyM7+x/uCFwXpLPaeRzfoUtAEAuUZjZvFPjL/rk5rW693dIgn2hng1W7xbT7lWT4g==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-wrap-function": "^7.18.9",
-        "@babel/types": "^7.18.9"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-wrap-function": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -405,111 +410,111 @@
       }
     },
     "node_modules/@babel/helper-replace-supers": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.20.7.tgz",
-      "integrity": "sha512-vujDMtB6LVfNW13jhlCrp48QNslK6JXi7lQG736HVbHz/mbf4Dc7tIRh1Xf5C0rF7BP8iiSxGMCmY6Ci1ven3A==",
-      "dependencies": {
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-member-expression-to-functions": "^7.20.7",
-        "@babel/helper-optimise-call-expression": "^7.18.6",
-        "@babel/template": "^7.20.7",
-        "@babel/traverse": "^7.20.7",
-        "@babel/types": "^7.20.7"
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.22.5.tgz",
+      "integrity": "sha512-aLdNM5I3kdI/V9xGNyKSF3X/gTyMUBohTZ+/3QdQKAA9vxIiy12E+8E2HoOP1/DjeqU+g6as35QHJNMDDYpuCg==",
+      "dependencies": {
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-member-expression-to-functions": "^7.22.5",
+        "@babel/helper-optimise-call-expression": "^7.22.5",
+        "@babel/template": "^7.22.5",
+        "@babel/traverse": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-simple-access": {
-      "version": "7.20.2",
-      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.20.2.tgz",
-      "integrity": "sha512-+0woI/WPq59IrqDYbVGfshjT5Dmk/nnbdpcF8SnMhhXObpTq2KNBdLFRFrkVdbDOyUmHBCxzm5FHV1rACIkIbA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz",
+      "integrity": "sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==",
       "dependencies": {
-        "@babel/types": "^7.20.2"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-skip-transparent-expression-wrappers": {
-      "version": "7.20.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.20.0.tgz",
-      "integrity": "sha512-5y1JYeNKfvnT8sZcK9DVRtpTbGiomYIHviSP3OQWmDPU3DeH4a1ZlT/N2lyQ5P8egjcRaT/Y9aNqUxK0WsnIIg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz",
+      "integrity": "sha512-tK14r66JZKiC43p8Ki33yLBVJKlQDFoA8GYN67lWCDCqoL6EMMSuM9b+Iff2jHaM/RRFYl7K+iiru7hbRqNx8Q==",
       "dependencies": {
-        "@babel/types": "^7.20.0"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-split-export-declaration": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.18.6.tgz",
-      "integrity": "sha512-bde1etTx6ZyTmobl9LLMMQsaizFVZrquTEHOqKeQESMKo4PlObf+8+JA25ZsIpZhT/WEd39+vOdLXAFG/nELpA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.5.tgz",
+      "integrity": "sha512-thqK5QFghPKWLhAV321lxF95yCg2K3Ob5yw+M3VHWfdia0IkPXUtoLH8x/6Fh486QUvzhb8YOWHChTVen2/PoQ==",
       "dependencies": {
-        "@babel/types": "^7.18.6"
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.19.4",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.19.4.tgz",
-      "integrity": "sha512-nHtDoQcuqFmwYNYPz3Rah5ph2p8PFeFCsZk9A/48dPc/rGocJ5J3hAAZ7pb76VWX3fZKu+uEr/FhH5jLx7umrw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz",
+      "integrity": "sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.19.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz",
-      "integrity": "sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.5.tgz",
+      "integrity": "sha512-aJXu+6lErq8ltp+JhkJUfk1MTGyuA4v7f3pA+BJ5HLfNC6nAQ0Cpi9uOquUj8Hehg0aUiHzWQbOVJGao6ztBAQ==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-option": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.21.0.tgz",
-      "integrity": "sha512-rmL/B8/f0mKS2baE9ZpyTcTavvEuWhTTW8amjzXNvYG4AwBsqTLikfXsEofsJEfKHf+HQVQbFOHy6o+4cnC/fQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.22.5.tgz",
+      "integrity": "sha512-R3oB6xlIVKUnxNUxbmgq7pKjxpru24zlimpE8WK47fACIlM0II/Hm1RS8IaOI7NgCr6LNS+jl5l75m20npAziw==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-wrap-function": {
-      "version": "7.20.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.20.5.tgz",
-      "integrity": "sha512-bYMxIWK5mh+TgXGVqAtnu5Yn1un+v8DDZtqyzKRLUzrh70Eal2O3aZ7aPYiMADO4uKlkzOiRiZ6GX5q3qxvW9Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.22.5.tgz",
+      "integrity": "sha512-bYqLIBSEshYcYQyfks8ewYA8S30yaGSeRslcvKMvoUk6HHPySbxHq9YRi6ghhzEU+yhQv9bP/jXnygkStOcqZw==",
       "dependencies": {
-        "@babel/helper-function-name": "^7.19.0",
-        "@babel/template": "^7.18.10",
-        "@babel/traverse": "^7.20.5",
-        "@babel/types": "^7.20.5"
+        "@babel/helper-function-name": "^7.22.5",
+        "@babel/template": "^7.22.5",
+        "@babel/traverse": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.21.0.tgz",
-      "integrity": "sha512-XXve0CBtOW0pd7MRzzmoyuSj0e3SEzj8pgyFxnTT1NJZL38BD1MK7yYrm8yefRPIDvNNe14xR4FdbHwpInD4rA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.22.5.tgz",
+      "integrity": "sha512-pSXRmfE1vzcUIDFQcSGA5Mr+GxBV9oiRKDuDxXvWQQBCh8HoIjs/2DlDB7H8smac1IVrB9/xdXj2N3Wol9Cr+Q==",
       "dependencies": {
-        "@babel/template": "^7.20.7",
-        "@babel/traverse": "^7.21.0",
-        "@babel/types": "^7.21.0"
+        "@babel/template": "^7.22.5",
+        "@babel/traverse": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/highlight": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.18.6.tgz",
-      "integrity": "sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.5.tgz",
+      "integrity": "sha512-BSKlD1hgnedS5XRnGOljZawtag7H1yPfQp0tdNJCHoH6AZ+Pcm9VvkrK59/Yy593Ypg0zMxH2BxD1VPYUQ7UIw==",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.18.6",
+        "@babel/helper-validator-identifier": "^7.22.5",
         "chalk": "^2.0.0",
         "js-tokens": "^4.0.0"
       },
@@ -517,150 +522,118 @@
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/parser": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.21.3.tgz",
-      "integrity": "sha512-lobG0d7aOfQRXh8AyklEAgZGvA4FShxo6xQbUrrT/cNBPUdIDojlokwJsQyCC/eKia7ifqM0yP+2DRZ4WKw2RQ==",
-      "bin": {
-        "parser": "bin/babel-parser.js"
+    "node_modules/@babel/highlight/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dependencies": {
+        "color-convert": "^1.9.0"
       },
       "engines": {
-        "node": ">=6.0.0"
+        "node": ">=4"
       }
     },
-    "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.18.6.tgz",
-      "integrity": "sha512-Dgxsyg54Fx1d4Nge8UnvTrED63vrwOdPmyvPzlNN/boaliRP54pm3pGzZD1SJUwrBA+Cs/xdG8kXX6Mn/RfISQ==",
+    "node_modules/@babel/highlight/node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
       },
       "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0"
+        "node": ">=4"
       }
     },
-    "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.20.7.tgz",
-      "integrity": "sha512-sbr9+wNE5aXMBBFBICk01tt7sBf2Oc9ikRFEcem/ZORup9IMUdNhW7/wVLEbbtlWOsEubJet46mHAL2C8+2jKQ==",
+    "node_modules/@babel/highlight/node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0",
-        "@babel/plugin-proposal-optional-chaining": "^7.20.7"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.13.0"
+        "color-name": "1.1.3"
       }
     },
-    "node_modules/@babel/plugin-proposal-async-generator-functions": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-async-generator-functions/-/plugin-proposal-async-generator-functions-7.20.7.tgz",
-      "integrity": "sha512-xMbiLsn/8RK7Wq7VeVytytS2L6qE69bXPB10YCmMdDZbKF4okCqY74pI/jJQ/8U0b/F6NrT2+14b8/P9/3AMGA==",
-      "dependencies": {
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-remap-async-to-generator": "^7.18.9",
-        "@babel/plugin-syntax-async-generators": "^7.8.4"
-      },
+    "node_modules/@babel/highlight/node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
+    },
+    "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
       "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "node": ">=0.8.0"
       }
     },
-    "node_modules/@babel/plugin-proposal-class-properties": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.18.6.tgz",
-      "integrity": "sha512-cumfXOF0+nzZrrN8Rf0t7M+tF6sZc7vhQwYQck9q1/5w2OExlD+b4v4RpMJFaV1Z7WcDRgO6FqvxqxGlwo+RHQ==",
-      "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
-      },
+    "node_modules/@babel/highlight/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
       "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "node": ">=4"
       }
     },
-    "node_modules/@babel/plugin-proposal-class-static-block": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-static-block/-/plugin-proposal-class-static-block-7.21.0.tgz",
-      "integrity": "sha512-XP5G9MWNUskFuP30IfFSEFB0Z6HzLIUcjYM4bYOPHXl7eiJ9HFv8tWj6TXTN5QODiEhDZAeI4hLok2iHFFV4hw==",
+    "node_modules/@babel/highlight/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.21.0",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-class-static-block": "^7.14.5"
+        "has-flag": "^3.0.0"
       },
       "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.12.0"
+        "node": ">=4"
       }
     },
-    "node_modules/@babel/plugin-proposal-decorators": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.21.0.tgz",
-      "integrity": "sha512-MfgX49uRrFUTL/HvWtmx3zmpyzMMr4MTj3d527MLlr/4RTT9G/ytFFP7qet2uM2Ve03b+BkpWUpK+lRXnQ+v9w==",
-      "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.21.0",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-replace-supers": "^7.20.7",
-        "@babel/helper-split-export-declaration": "^7.18.6",
-        "@babel/plugin-syntax-decorators": "^7.21.0"
+    "node_modules/@babel/parser": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.22.5.tgz",
+      "integrity": "sha512-DFZMC9LJUG9PLOclRC32G63UXwzqS2koQC8dkx+PLdmt1xSePYpbT/NbsrJy8Q/muXz7o/h/d4A7Fuyixm559Q==",
+      "bin": {
+        "parser": "bin/babel-parser.js"
       },
       "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "node": ">=6.0.0"
       }
     },
-    "node_modules/@babel/plugin-proposal-dynamic-import": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-dynamic-import/-/plugin-proposal-dynamic-import-7.18.6.tgz",
-      "integrity": "sha512-1auuwmK+Rz13SJj36R+jqFPMJWyKEDd7lLSdOj4oJK0UTgGueSAtkrCvz9ewmgyU/P941Rv2fQwZJN8s6QruXw==",
+    "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.22.5.tgz",
+      "integrity": "sha512-NP1M5Rf+u2Gw9qfSO4ihjcTGW5zXTi36ITLd4/EoAcEhIZ0yjMqmftDNl3QC19CX7olhrjpyU454g/2W7X0jvQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6",
-        "@babel/plugin-syntax-dynamic-import": "^7.8.3"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       },
       "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "@babel/core": "^7.0.0"
       }
     },
-    "node_modules/@babel/plugin-proposal-export-namespace-from": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-export-namespace-from/-/plugin-proposal-export-namespace-from-7.18.9.tgz",
-      "integrity": "sha512-k1NtHyOMvlDDFeb9G5PhUXuGj8m/wiwojgQVEhJ/fsVsMCpLyOP4h0uGEjYJKrRI+EVPlb5Jk+Gt9P97lOGwtA==",
+    "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.22.5.tgz",
+      "integrity": "sha512-31Bb65aZaUwqCbWMnZPduIZxCBngHFlzyN6Dq6KAJjtx+lx6ohKHubc61OomYi7XwVD4Ol0XCVz4h+pYFR048g==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9",
-        "@babel/plugin-syntax-export-namespace-from": "^7.8.3"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5",
+        "@babel/plugin-transform-optional-chaining": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       },
       "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "@babel/core": "^7.13.0"
       }
     },
-    "node_modules/@babel/plugin-proposal-json-strings": {
+    "node_modules/@babel/plugin-proposal-class-properties": {
       "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-json-strings/-/plugin-proposal-json-strings-7.18.6.tgz",
-      "integrity": "sha512-lr1peyn9kOdbYc0xr0OdHTZ5FMqS6Di+H0Fz2I/JwMzGmzJETNeOFq2pBySw6X/KFL5EWDjlJuMsUGRFb8fQgQ==",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-class-properties/-/plugin-proposal-class-properties-7.18.6.tgz",
+      "integrity": "sha512-cumfXOF0+nzZrrN8Rf0t7M+tF6sZc7vhQwYQck9q1/5w2OExlD+b4v4RpMJFaV1Z7WcDRgO6FqvxqxGlwo+RHQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6",
-        "@babel/plugin-syntax-json-strings": "^7.8.3"
+        "@babel/helper-create-class-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -669,13 +642,16 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-proposal-logical-assignment-operators": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-logical-assignment-operators/-/plugin-proposal-logical-assignment-operators-7.20.7.tgz",
-      "integrity": "sha512-y7C7cZgpMIjWlKE5T7eJwp+tnRYM89HmRvWM5EQuB5BoHEONjmQ8lSNmBUwOyy/GFRsohJED51YBF79hE1djug==",
+    "node_modules/@babel/plugin-proposal-decorators": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.22.5.tgz",
+      "integrity": "sha512-h8hlezQ4dl6ixodgXkH8lUfcD7x+WAuIqPUjwGoItynrXOAv4a4Tci1zA/qjzQjjcl0v3QpLdc2LM6ZACQuY7A==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4"
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-replace-supers": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.5",
+        "@babel/plugin-syntax-decorators": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -714,39 +690,6 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-proposal-object-rest-spread": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-object-rest-spread/-/plugin-proposal-object-rest-spread-7.20.7.tgz",
-      "integrity": "sha512-d2S98yCiLxDVmBmE8UjGcfPvNEUbA1U5q5WxaWFUGRzJSVAZqm5W6MbPct0jxnegUZ0niLeNX+IOzEs7wYg9Dg==",
-      "dependencies": {
-        "@babel/compat-data": "^7.20.5",
-        "@babel/helper-compilation-targets": "^7.20.7",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
-        "@babel/plugin-transform-parameters": "^7.20.7"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
-      }
-    },
-    "node_modules/@babel/plugin-proposal-optional-catch-binding": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-catch-binding/-/plugin-proposal-optional-catch-binding-7.18.6.tgz",
-      "integrity": "sha512-Q40HEhs9DJQyaZfUjjn6vE8Cv4GmMHCYuMGIWUnlxH6400VGxOuwWsPt4FxXxJkC/5eOzgn0z21M9gMT4MOhbw==",
-      "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6",
-        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      },
-      "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
-      }
-    },
     "node_modules/@babel/plugin-proposal-optional-chaining": {
       "version": "7.21.0",
       "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.21.0.tgz",
@@ -779,9 +722,9 @@
       }
     },
     "node_modules/@babel/plugin-proposal-private-property-in-object": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0.tgz",
-      "integrity": "sha512-ha4zfehbJjc5MmXBlHec1igel5TJXXLDDRbuJ4+XT2TJcyD9/V1919BA8gMvsdHcNMBy4WBUBiRb3nw/EQUtBw==",
+      "version": "7.21.11",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.11.tgz",
+      "integrity": "sha512-0QZ8qP/3RLDVBwBFoWAwCtgcDZJVwA5LUJRZU8x2YFfKNuFq161wK3cuGrALu5yiPu+vzwTAg/sMWVNeWeNyaw==",
       "dependencies": {
         "@babel/helper-annotate-as-pure": "^7.18.6",
         "@babel/helper-create-class-features-plugin": "^7.21.0",
@@ -858,11 +801,11 @@
       }
     },
     "node_modules/@babel/plugin-syntax-decorators": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.21.0.tgz",
-      "integrity": "sha512-tIoPpGBR8UuM4++ccWN3gifhVvQu7ZizuR1fklhRJrd5ewgbkUS+0KVFeWWxELtn18NTLoW32XV7zyOgIAiz+w==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-decorators/-/plugin-syntax-decorators-7.22.5.tgz",
+      "integrity": "sha512-avpUOBS7IU6al8MmF1XpAyj9QYeLPuSDJI5D4pVMSMdL7xQokKqJPYQC67RCT0aCTashUXPiGwMJ0DEXXCEmMA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -894,11 +837,11 @@
       }
     },
     "node_modules/@babel/plugin-syntax-flow": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.18.6.tgz",
-      "integrity": "sha512-LUbR+KNTBWCUAqRG9ex5Gnzu2IOkt8jRJbHHXFT9q+L9zm7M/QQbEqXyw1n1pohYvOyWC8CjeyjrSaIwiYjK7A==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.22.5.tgz",
+      "integrity": "sha512-9RdCl0i+q0QExayk2nOS7853w08yLucnnPML6EN9S8fgMPVtdLDCdx/cOQ/i44Lb9UeQX9A35yaqBBOMMZxPxQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -908,11 +851,25 @@
       }
     },
     "node_modules/@babel/plugin-syntax-import-assertions": {
-      "version": "7.20.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.20.0.tgz",
-      "integrity": "sha512-IUh1vakzNoWalR8ch/areW7qFopR2AEw03JlG7BbrDqmQ4X3q9uuipQwSGrUn7oGiemKjtSLDhNtQHzMHr1JdQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.22.5.tgz",
+      "integrity": "sha512-rdV97N7KqsRzeNGoWUOK6yUsWarLjE5Su/Snk9IYPU9CwkWHs4t+rTGOvffTR8XGkJMTAdLfO0xVnXm8wugIJg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-syntax-import-attributes": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.22.5.tgz",
+      "integrity": "sha512-KwvoWDeNKPETmozyFE0P2rOLqh39EoQHNjqizrI5B8Vt0ZNS7M56s7dAiAqbYfiAYOuIzIh96z3iR2ktgu3tEg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.19.0"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -944,11 +901,11 @@
       }
     },
     "node_modules/@babel/plugin-syntax-jsx": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.18.6.tgz",
-      "integrity": "sha512-6mmljtAedFGTWu2p/8WIORGwy+61PLgOMPOdazc7YoJ9ZCWUyFy3A6CpPkRKLKD1ToAesxX8KGEViAiLo9N+7Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.22.5.tgz",
+      "integrity": "sha512-gvyP4hZrgrs/wWMaocvxZ44Hw0b3W8Pe+cMxc8V1ULQ07oh8VNbIRaoD1LRZVTvD+0nieDKjfgKg89sD7rrKrg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1052,11 +1009,11 @@
       }
     },
     "node_modules/@babel/plugin-syntax-typescript": {
-      "version": "7.20.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.20.0.tgz",
-      "integrity": "sha512-rd9TkG+u1CExzS4SM1BlMEhMXwFLKVjOAFFCDx9PbX5ycJWDoWMcwdJH9RhkPu1dOgn5TrxLot/Gx6lWFuAUNQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.22.5.tgz",
+      "integrity": "sha512-1mS2o03i7t1c6VzH6fdQ3OA8tcEIxwG18zIPRp+UY1Ihv6W+XZzBCVxExF9upussPXJ0xE9XRHwMoNs1ep/nRQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.19.0"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1065,28 +1022,27 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-arrow-functions": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.20.7.tgz",
-      "integrity": "sha512-3poA5E7dzDomxj9WXWwuD6A5F3kc7VXwIJO+E+J8qtDtS+pXPAhrgEyh+9GBwBgPq1Z+bB+/JD60lp5jsN7JPQ==",
+    "node_modules/@babel/plugin-syntax-unicode-sets-regex": {
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz",
+      "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
+        "@babel/helper-plugin-utils": "^7.18.6"
       },
       "engines": {
         "node": ">=6.9.0"
       },
       "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "@babel/core": "^7.0.0"
       }
     },
-    "node_modules/@babel/plugin-transform-async-to-generator": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.20.7.tgz",
-      "integrity": "sha512-Uo5gwHPT9vgnSXQxqGtpdufUiWp96gk7yiP4Mp5bm1QMkEmLXBO7PAGYbKoJ6DhAwiNkcHFBol/x5zZZkL/t0Q==",
+    "node_modules/@babel/plugin-transform-arrow-functions": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.22.5.tgz",
+      "integrity": "sha512-26lTNXoVRdAnsaDXPpvCNUq+OVWEVC6bx7Vvz9rC53F2bagUWW4u4ii2+h8Fejfh7RYqPxn+libeFBBck9muEw==",
       "dependencies": {
-        "@babel/helper-module-imports": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-remap-async-to-generator": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1095,12 +1051,15 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-block-scoped-functions": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.18.6.tgz",
-      "integrity": "sha512-ExUcOqpPWnliRcPqves5HJcJOvHvIIWfuS4sroBUenPuMdmW+SMHDakmtS7qOo13sVppmUijqeTv7qqGsvURpQ==",
+    "node_modules/@babel/plugin-transform-async-generator-functions": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.22.5.tgz",
+      "integrity": "sha512-gGOEvFzm3fWoyD5uZq7vVTD57pPJ3PczPUD/xCFGjzBpUosnklmXyKnGQbbbGs1NPNPskFex0j93yKbHt0cHyg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-remap-async-to-generator": "^7.22.5",
+        "@babel/plugin-syntax-async-generators": "^7.8.4"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1109,12 +1068,14 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-block-scoping": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.21.0.tgz",
-      "integrity": "sha512-Mdrbunoh9SxwFZapeHVrwFmri16+oYotcZysSzhNIVDwIAb1UV+kvnxULSYq9J3/q5MDG+4X6w8QVgD1zhBXNQ==",
+    "node_modules/@babel/plugin-transform-async-to-generator": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.22.5.tgz",
+      "integrity": "sha512-b1A8D8ZzE/VhNDoV1MSJTnpKkCG5bJo+19R4o4oy03zM7ws8yEMK755j61Dc3EyvdysbqH5BOOTquJ7ZX9C6vQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-module-imports": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-remap-async-to-generator": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1123,20 +1084,12 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-classes": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.21.0.tgz",
-      "integrity": "sha512-RZhbYTCEUAe6ntPehC4hlslPWosNHDox+vAs4On/mCLRLfoDVHf6hVEd7kuxr1RnHwJmxFfUM3cZiZRmPxJPXQ==",
+    "node_modules/@babel/plugin-transform-block-scoped-functions": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.22.5.tgz",
+      "integrity": "sha512-tdXZ2UdknEKQWKJP1KMNmuF5Lx3MymtMN/pvA+p/VEkhK8jVcQ1fzSy8KM9qRYhAf2/lV33hoMPKI/xaI9sADA==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-compilation-targets": "^7.20.7",
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-function-name": "^7.21.0",
-        "@babel/helper-optimise-call-expression": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-replace-supers": "^7.20.7",
-        "@babel/helper-split-export-declaration": "^7.18.6",
-        "globals": "^11.1.0"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1145,13 +1098,12 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-computed-properties": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.20.7.tgz",
-      "integrity": "sha512-Lz7MvBK6DTjElHAmfu6bfANzKcxpyNPeYBGEafyA6E5HtRpjpZwU+u7Qrgz/2OR0z+5TvKYbPdphfSaAcZBrYQ==",
+    "node_modules/@babel/plugin-transform-block-scoping": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.22.5.tgz",
+      "integrity": "sha512-EcACl1i5fSQ6bt+YGuU/XGCeZKStLmyVGytWkpyhCLeQVA0eu6Wtiw92V+I1T/hnezUv7j74dA/Ro69gWcU+hg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/template": "^7.20.7"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1160,12 +1112,13 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-destructuring": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.21.3.tgz",
-      "integrity": "sha512-bp6hwMFzuiE4HqYEyoGJ/V2LeIWn+hLVKc4pnj++E5XQptwhtcGmSayM029d/j2X1bPKGTlsyPwAubuU22KhMA==",
+    "node_modules/@babel/plugin-transform-class-properties": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.22.5.tgz",
+      "integrity": "sha512-nDkQ0NfkOhPTq8YCLiWNxp1+f9fCobEjCb0n8WdbNUBc4IB5V7P1QnX9IjpSoquKrXF5SKojHleVNs2vGeHCHQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1174,28 +1127,110 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-dotall-regex": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.18.6.tgz",
-      "integrity": "sha512-6S3jpun1eEbAxq7TdjLotAsl4WpQI9DxfkycRcKrjhQYzU87qpXdknpBg/e+TdcMehqGnLFi7tnFUBR02Vq6wg==",
+    "node_modules/@babel/plugin-transform-class-static-block": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.5.tgz",
+      "integrity": "sha512-SPToJ5eYZLxlnp1UzdARpOGeC2GbHvr9d/UV0EukuVx8atktg194oe+C5BqQ8jRTkgLRVOPYeXRSBg1IlMoVRA==",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-class-static-block": "^7.14.5"
       },
       "engines": {
         "node": ">=6.9.0"
       },
       "peerDependencies": {
-        "@babel/core": "^7.0.0-0"
+        "@babel/core": "^7.12.0"
       }
     },
-    "node_modules/@babel/plugin-transform-duplicate-keys": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.18.9.tgz",
-      "integrity": "sha512-d2bmXCtZXYc59/0SanQKbiWINadaJXqtvIQIzd4+hNwkWBgyCd5F/2t1kXoUdvPMrxzPvhK6EMQRROxsue+mfw==",
-      "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9"
-      },
+    "node_modules/@babel/plugin-transform-classes": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.5.tgz",
+      "integrity": "sha512-2edQhLfibpWpsVBx2n/GKOz6JdGQvLruZQfGr9l1qes2KQaWswjBzhQF7UDUZMNaMMQeYnQzxwOMPsbYF7wqPQ==",
+      "dependencies": {
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-function-name": "^7.22.5",
+        "@babel/helper-optimise-call-expression": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-replace-supers": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.5",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-computed-properties": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.22.5.tgz",
+      "integrity": "sha512-4GHWBgRf0krxPX+AaPtgBAlTgTeZmqDynokHOX7aqqAB4tHs3U2Y02zH6ETFdLZGcg9UQSD1WCmkVrE9ErHeOg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/template": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-destructuring": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.22.5.tgz",
+      "integrity": "sha512-GfqcFuGW8vnEqTUBM7UtPd5A4q797LTvvwKxXTgRsFjoqaJiEg9deBG6kWeQYkVEL569NpnmpC0Pkr/8BLKGnQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-dotall-regex": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.22.5.tgz",
+      "integrity": "sha512-5/Yk9QxCQCl+sOIB1WelKnVRxTJDSAIxtJLL2/pqL14ZVlbH0fUQUZa/T5/UnQtBNgghR7mfB8ERBKyKPCi7Vw==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-duplicate-keys": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.22.5.tgz",
+      "integrity": "sha512-dEnYD+9BBgld5VBXHnF/DbYGp3fqGMsyxKbtD1mDyIA7AkTSpKXFhCVuj/oQVOoALfBs77DudA0BE4d5mcpmqw==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-dynamic-import": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.5.tgz",
+      "integrity": "sha512-0MC3ppTB1AMxd8fXjSrbPa7LT9hrImt+/fcj+Pg5YMD7UQyWp/02+JWpdnCymmsXwIx5Z+sYn1bwCn4ZJNvhqQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-dynamic-import": "^7.8.3"
+      },
       "engines": {
         "node": ">=6.9.0"
       },
@@ -1204,12 +1239,27 @@
       }
     },
     "node_modules/@babel/plugin-transform-exponentiation-operator": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.18.6.tgz",
-      "integrity": "sha512-wzEtc0+2c88FVR34aQmiz56dxEkxr2g8DQb/KfaFa1JYXOFVsbhvAonFN6PwVWj++fKmku8NP80plJ5Et4wqHw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.22.5.tgz",
+      "integrity": "sha512-vIpJFNM/FjZ4rh1myqIya9jXwrwwgFRHPjT3DkUA9ZLHuzox8jiXkOLvwm1H+PQIP3CqfC++WPKeuDi0Sjdj1g==",
       "dependencies": {
-        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-export-namespace-from": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.5.tgz",
+      "integrity": "sha512-X4hhm7FRnPgd4nDA4b/5V280xCx6oL7Oob5+9qVS5C13Zq4bh1qq7LU0GgRU6b5dBWBvhGaXYVB4AcN6+ol6vg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-export-namespace-from": "^7.8.3"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1219,12 +1269,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-flow-strip-types": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.21.0.tgz",
-      "integrity": "sha512-FlFA2Mj87a6sDkW4gfGrQQqwY/dLlBAyJa2dJEZ+FHXUVHBflO2wyKvg+OOEzXfrKYIa4HWl0mgmbCzt0cMb7w==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.22.5.tgz",
+      "integrity": "sha512-tujNbZdxdG0/54g/oua8ISToaXTFBf8EnSb5PgQSciIXWOWKX3S4+JR7ZE9ol8FZwf9kxitzkGQ+QWeov/mCiA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-flow": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-flow": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1234,11 +1284,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-for-of": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.21.0.tgz",
-      "integrity": "sha512-LlUYlydgDkKpIY7mcBWvyPPmMcOphEyYA27Ef4xpbh1IiDNLr0kZsos2nf92vz3IccvJI25QUwp86Eo5s6HmBQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.22.5.tgz",
+      "integrity": "sha512-3kxQjX1dU9uudwSshyLeEipvrLjBCVthCgeTp6CzE/9JYrlAIaeekVxRpCWsDDfYTfRZRoCeZatCQvwo+wvK8A==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1248,13 +1298,28 @@
       }
     },
     "node_modules/@babel/plugin-transform-function-name": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.18.9.tgz",
-      "integrity": "sha512-WvIBoRPaJQ5yVHzcnJFor7oS5Ls0PYixlTYE63lCj2RtdQEl15M68FXQlxnG6wdraJIXRdR7KI+hQ7q/9QjrCQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.22.5.tgz",
+      "integrity": "sha512-UIzQNMS0p0HHiQm3oelztj+ECwFnj+ZRV4KnguvlsD2of1whUeM6o7wGNj6oLwcDoAXQ8gEqfgC24D+VdIcevg==",
+      "dependencies": {
+        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-function-name": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-json-strings": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.5.tgz",
+      "integrity": "sha512-DuCRB7fu8MyTLbEQd1ew3R85nx/88yMoqo2uPSjevMj3yoN7CDM8jkgrY0wmVxfJZyJ/B9fE1iq7EQppWQmR5A==",
       "dependencies": {
-        "@babel/helper-compilation-targets": "^7.18.9",
-        "@babel/helper-function-name": "^7.18.9",
-        "@babel/helper-plugin-utils": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-json-strings": "^7.8.3"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1264,11 +1329,26 @@
       }
     },
     "node_modules/@babel/plugin-transform-literals": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.18.9.tgz",
-      "integrity": "sha512-IFQDSRoTPnrAIrI5zoZv73IFeZu2dhu6irxQjY9rNjTT53VmKg9fenjvoiOWOkJ6mm4jKVPtdMzBY98Fp4Z4cg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.22.5.tgz",
+      "integrity": "sha512-fTLj4D79M+mepcw3dgFBTIDYpbcB9Sm0bpm4ppXPaO+U+PKFFyV9MGRvS0gvGw62sd10kT5lRMKXAADb9pWy8g==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-logical-assignment-operators": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.5.tgz",
+      "integrity": "sha512-MQQOUW1KL8X0cDWfbwYP+TbVbZm16QmQXJQ+vndPtH/BoO0lOKpVoEDMI7+PskYxH+IiE0tS8xZye0qr1lGzSA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1278,11 +1358,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-member-expression-literals": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.18.6.tgz",
-      "integrity": "sha512-qSF1ihLGO3q+/g48k85tUjD033C29TNTVB2paCwZPVmOsjn9pClvYYrM2VeJpBY2bcNkuny0YUyTNRyRxJ54KA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.22.5.tgz",
+      "integrity": "sha512-RZEdkNtzzYCFl9SE9ATaUMTj2hqMb4StarOJLrZRbqqU4HSBE7UlBw9WBWQiDzrJZJdUWiMTVDI6Gv/8DPvfew==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1292,12 +1372,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-amd": {
-      "version": "7.20.11",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.20.11.tgz",
-      "integrity": "sha512-NuzCt5IIYOW0O30UvqktzHYR2ud5bOWbY0yaxWZ6G+aFzOMJvrs5YHNikrbdaT15+KNO31nPOy5Fim3ku6Zb5g==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.22.5.tgz",
+      "integrity": "sha512-R+PTfLTcYEmb1+kK7FNkhQ1gP4KgjpSO6HfH9+f8/yfp2Nt3ggBjiVpRwmwTlfqZLafYKJACy36yDXlEmI9HjQ==",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.20.11",
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-module-transforms": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1307,13 +1387,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-commonjs": {
-      "version": "7.21.2",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.21.2.tgz",
-      "integrity": "sha512-Cln+Yy04Gxua7iPdj6nOV96smLGjpElir5YwzF0LBPKoPlLDNJePNlrGGaybAJkd0zKRnOVXOgizSqPYMNYkzA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.22.5.tgz",
+      "integrity": "sha512-B4pzOXj+ONRmuaQTg05b3y/4DuFz3WcCNAXPLb2Q0GT0TrGKGxNKV4jwsXts+StaM0LQczZbOpj8o1DLPDJIiA==",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.21.2",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-simple-access": "^7.20.2"
+        "@babel/helper-module-transforms": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-simple-access": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1323,14 +1403,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-systemjs": {
-      "version": "7.20.11",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.20.11.tgz",
-      "integrity": "sha512-vVu5g9BPQKSFEmvt2TA4Da5N+QVS66EX21d8uoOihC+OCpUoGvzVsXeqFdtAEfVa5BILAeFt+U7yVmLbQnAJmw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.22.5.tgz",
+      "integrity": "sha512-emtEpoaTMsOs6Tzz+nbmcePl6AKVtS1yC4YNAeMun9U8YCsgadPNxnOPQ8GhHFB2qdx+LZu9LgoC0Lthuu05DQ==",
       "dependencies": {
-        "@babel/helper-hoist-variables": "^7.18.6",
-        "@babel/helper-module-transforms": "^7.20.11",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-validator-identifier": "^7.19.1"
+        "@babel/helper-hoist-variables": "^7.22.5",
+        "@babel/helper-module-transforms": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-validator-identifier": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1340,12 +1420,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-umd": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.18.6.tgz",
-      "integrity": "sha512-dcegErExVeXcRqNtkRU/z8WlBLnvD4MRnHgNs3MytRO1Mn1sHRyhbcpYbVMGclAqOjdW+9cfkdZno9dFdfKLfQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.22.5.tgz",
+      "integrity": "sha512-+S6kzefN/E1vkSsKx8kmQuqeQsvCKCd1fraCM7zXm4SFoggI099Tr4G8U81+5gtMdUeMQ4ipdQffbKLX0/7dBQ==",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-module-transforms": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1355,12 +1435,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-named-capturing-groups-regex": {
-      "version": "7.20.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.20.5.tgz",
-      "integrity": "sha512-mOW4tTzi5iTLnw+78iEq3gr8Aoq4WNRGpmSlrogqaiCBoR1HFhpU4JkpQFOHfeYx3ReVIFWOQJS4aZBRvuZ6mA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz",
+      "integrity": "sha512-YgLLKmS3aUBhHaxp5hi1WJTgOUb/NCuDHzGT9z9WTt3YG+CPRhJs6nprbStx6DnWM4dh6gt7SU3sZodbZ08adQ==",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.20.5",
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-create-regexp-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1370,11 +1450,59 @@
       }
     },
     "node_modules/@babel/plugin-transform-new-target": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.18.6.tgz",
-      "integrity": "sha512-DjwFA/9Iu3Z+vrAn+8pBUGcjhxKguSMlsFqeCKbhb9BAV756v0krzVK04CRDi/4aqmk8BsHb4a/gFcaA5joXRw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.22.5.tgz",
+      "integrity": "sha512-AsF7K0Fx/cNKVyk3a+DW0JLo+Ua598/NxMRvxDnkpCIGFh43+h/v2xyhRUYf6oD8gE4QtL83C7zZVghMjHd+iw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-nullish-coalescing-operator": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.5.tgz",
+      "integrity": "sha512-6CF8g6z1dNYZ/VXok5uYkkBBICHZPiGEl7oDnAx2Mt1hlHVHOSIKWJaXHjQJA5VB43KZnXZDIexMchY4y2PGdA==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-numeric-separator": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.5.tgz",
+      "integrity": "sha512-NbslED1/6M+sXiwwtcAB/nieypGw02Ejf4KtDeMkCEpP6gWFMX1wI9WKYua+4oBneCCEmulOkRpwywypVZzs/g==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-numeric-separator": "^7.10.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-object-rest-spread": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.5.tgz",
+      "integrity": "sha512-Kk3lyDmEslH9DnvCDA1s1kkd3YWQITiBOHngOtDL9Pt6BZjzqb6hiOlb8VfjiiQJ2unmegBqZu0rx5RxJb5vmQ==",
+      "dependencies": {
+        "@babel/compat-data": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
+        "@babel/plugin-transform-parameters": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1384,12 +1512,43 @@
       }
     },
     "node_modules/@babel/plugin-transform-object-super": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.18.6.tgz",
-      "integrity": "sha512-uvGz6zk+pZoS1aTZrOvrbj6Pp/kK2mp45t2B+bTDre2UgsZZ8EZLSJtUg7m/no0zOJUWgFONpB7Zv9W2tSaFlA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.22.5.tgz",
+      "integrity": "sha512-klXqyaT9trSjIUrcsYIfETAzmOEZL3cBYqOYLJxBHfMFFggmXOv+NYSX/Jbs9mzMVESw/WycLFPRx8ba/b2Ipw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6",
-        "@babel/helper-replace-supers": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-replace-supers": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-optional-catch-binding": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.5.tgz",
+      "integrity": "sha512-pH8orJahy+hzZje5b8e2QIlBWQvGpelS76C63Z+jhZKsmzfNaPQ+LaW6dcJ9bxTpo1mtXbgHwy765Ro3jftmUg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-optional-catch-binding": "^7.8.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-optional-chaining": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.22.5.tgz",
+      "integrity": "sha512-AconbMKOMkyG+xCng2JogMCDcqW8wedQAqpVIL4cOSescZ7+iW8utC6YDZLMCSUIReEA733gzRSaOSXMAt/4WQ==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5",
+        "@babel/plugin-syntax-optional-chaining": "^7.8.3"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1399,11 +1558,43 @@
       }
     },
     "node_modules/@babel/plugin-transform-parameters": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.21.3.tgz",
-      "integrity": "sha512-Wxc+TvppQG9xWFYatvCGPvZ6+SIUxQ2ZdiBP+PHYMIjnPXD+uThCshaz4NZOnODAtBjjcVQQ/3OKs9LW28purQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.22.5.tgz",
+      "integrity": "sha512-AVkFUBurORBREOmHRKo06FjHYgjrabpdqRSwq6+C7R5iTCZOsM4QbcB27St0a4U6fffyAOqh3s/qEfybAhfivg==",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-private-methods": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.22.5.tgz",
+      "integrity": "sha512-PPjh4gyrQnGe97JTalgRGMuU4icsZFnWkzicB/fUtzlKUqvsWBKEpPPfr5a2JiyirZkHxnAqkQMO5Z5B2kK3fA==",
+      "dependencies": {
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-private-property-in-object": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.5.tgz",
+      "integrity": "sha512-/9xnaTTJcVoBtSSmrVyhtSvO3kbqS2ODoh2juEU72c3aYonNF0OMGiaz2gjukyKM2wBBYJP38S4JiE0Wfb5VMQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-private-property-in-object": "^7.14.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1413,11 +1604,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-property-literals": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.18.6.tgz",
-      "integrity": "sha512-cYcs6qlgafTud3PAzrrRNbQtfpQ8+y/+M5tKmksS9+M1ckbH6kzY8MrexEM9mcA6JDsukE19iIRvAyYl463sMg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.22.5.tgz",
+      "integrity": "sha512-TiOArgddK3mK/x1Qwf5hay2pxI6wCZnvQqrFSqbtg1GLl2JcNMitVH/YnqjP+M31pLUeTfzY1HAXFDnUBV30rQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1427,11 +1618,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-react-constant-elements": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.21.3.tgz",
-      "integrity": "sha512-4DVcFeWe/yDYBLp0kBmOGFJ6N2UYg7coGid1gdxb4co62dy/xISDMaYBXBVXEDhfgMk7qkbcYiGtwd5Q/hwDDQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.22.5.tgz",
+      "integrity": "sha512-BF5SXoO+nX3h5OhlN78XbbDrBOffv+AxPP2ENaJOVqjWCgBDeOY3WcaUcddutGSfoap+5NEQ/q/4I3WZIvgkXA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1441,11 +1632,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-react-display-name": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.18.6.tgz",
-      "integrity": "sha512-TV4sQ+T013n61uMoygyMRm+xf04Bd5oqFpv2jAEQwSZ8NwQA7zeRPg1LMVg2PWi3zWBz+CLKD+v5bcpZ/BS0aA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.22.5.tgz",
+      "integrity": "sha512-PVk3WPYudRF5z4GKMEYUrLjPl38fJSKNaEOkFuoprioowGuWN6w2RKznuFNSlJx7pzzXXStPUnNSOEO0jL5EVw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1455,15 +1646,15 @@
       }
     },
     "node_modules/@babel/plugin-transform-react-jsx": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.21.0.tgz",
-      "integrity": "sha512-6OAWljMvQrZjR2DaNhVfRz6dkCAVV+ymcLUmaf8bccGOHn2v5rHJK3tTpij0BuhdYWP4LLaqj5lwcdlpAAPuvg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.22.5.tgz",
+      "integrity": "sha512-rog5gZaVbUip5iWDMTYbVM15XQq+RkUKhET/IHR6oizR+JEoN6CAfTTuHcK4vwUyzca30qqHqEpzBOnaRMWYMA==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-module-imports": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-jsx": "^7.18.6",
-        "@babel/types": "^7.21.0"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-module-imports": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-jsx": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1473,11 +1664,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-react-jsx-development": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.18.6.tgz",
-      "integrity": "sha512-SA6HEjwYFKF7WDjWcMcMGUimmw/nhNRDWxr+KaLSCrkD/LMDBvWRmHAYgE1HDeF8KUuI8OAu+RT6EOtKxSW2qA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz",
+      "integrity": "sha512-bDhuzwWMuInwCYeDeMzyi7TaBgRQei6DqxhbyniL7/VG4RSS7HtSL2QbY4eESy1KJqlWt8g3xeEBGPuo+XqC8A==",
       "dependencies": {
-        "@babel/plugin-transform-react-jsx": "^7.18.6"
+        "@babel/plugin-transform-react-jsx": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1487,12 +1678,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-react-pure-annotations": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.18.6.tgz",
-      "integrity": "sha512-I8VfEPg9r2TRDdvnHgPepTKvuRomzA8+u+nhY7qSI1fR2hRNebasZEETLyM5mAUr0Ku56OkXJ0I7NHJnO6cJiQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.22.5.tgz",
+      "integrity": "sha512-gP4k85wx09q+brArVinTXhWiyzLl9UpmGva0+mWyKxk6JZequ05x3eUcIUE+FyttPKJFRRVtAvQaJ6YF9h1ZpA==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1502,11 +1693,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-regenerator": {
-      "version": "7.20.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.20.5.tgz",
-      "integrity": "sha512-kW/oO7HPBtntbsahzQ0qSE3tFvkFwnbozz3NWFhLGqH75vLEg+sCGngLlhVkePlCs3Jv0dBBHDzCHxNiFAQKCQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.22.5.tgz",
+      "integrity": "sha512-rR7KePOE7gfEtNTh9Qw+iO3Q/e4DEsoQ+hdvM6QUDH7JRJ5qxq5AA52ZzBWbI5i9lfNuvySgOGP8ZN7LAmaiPw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
+        "@babel/helper-plugin-utils": "^7.22.5",
         "regenerator-transform": "^0.15.1"
       },
       "engines": {
@@ -1517,11 +1708,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-reserved-words": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.18.6.tgz",
-      "integrity": "sha512-oX/4MyMoypzHjFrT1CdivfKZ+XvIPMFXwwxHp/r0Ddy2Vuomt4HDFGmft1TAY2yiTKiNSsh3kjBAzcM8kSdsjA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.22.5.tgz",
+      "integrity": "sha512-DTtGKFRQUDm8svigJzZHzb/2xatPc6TzNvAIJ5GqOKDsGFYgAskjRulbR/vGsPKq3OPqtexnz327qYpP57RFyA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1531,15 +1722,15 @@
       }
     },
     "node_modules/@babel/plugin-transform-runtime": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.21.0.tgz",
-      "integrity": "sha512-ReY6pxwSzEU0b3r2/T/VhqMKg/AkceBT19X0UptA3/tYi5Pe2eXgEUH+NNMC5nok6c6XQz5tyVTUpuezRfSMSg==",
-      "dependencies": {
-        "@babel/helper-module-imports": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "babel-plugin-polyfill-corejs2": "^0.3.3",
-        "babel-plugin-polyfill-corejs3": "^0.6.0",
-        "babel-plugin-polyfill-regenerator": "^0.4.1",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.22.5.tgz",
+      "integrity": "sha512-bg4Wxd1FWeFx3daHFTWk1pkSWK/AyQuiyAoeZAOkAOUBjnZPH6KT7eMxouV47tQ6hl6ax2zyAWBdWZXbrvXlaw==",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "babel-plugin-polyfill-corejs2": "^0.4.3",
+        "babel-plugin-polyfill-corejs3": "^0.8.1",
+        "babel-plugin-polyfill-regenerator": "^0.5.0",
         "semver": "^6.3.0"
       },
       "engines": {
@@ -1558,11 +1749,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-shorthand-properties": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.18.6.tgz",
-      "integrity": "sha512-eCLXXJqv8okzg86ywZJbRn19YJHU4XUa55oz2wbHhaQVn/MM+XhukiT7SYqp/7o00dg52Rj51Ny+Ecw4oyoygw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.22.5.tgz",
+      "integrity": "sha512-vM4fq9IXHscXVKzDv5itkO1X52SmdFBFcMIBZ2FRn2nqVYqw6dBexUgMvAjHW+KXpPPViD/Yo3GrDEBaRC0QYA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1572,12 +1763,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-spread": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.20.7.tgz",
-      "integrity": "sha512-ewBbHQ+1U/VnH1fxltbJqDeWBU1oNLG8Dj11uIv3xVf7nrQu0bPGe5Rf716r7K5Qz+SqtAOVswoVunoiBtGhxw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.22.5.tgz",
+      "integrity": "sha512-5ZzDQIGyvN4w8+dMmpohL6MBo+l2G7tfC/O2Dg7/hjpgeWvUx8FzfeOKxGog9IimPa4YekaQ9PlDqTLOljkcxg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.20.0"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1587,11 +1778,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-sticky-regex": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.18.6.tgz",
-      "integrity": "sha512-kfiDrDQ+PBsQDO85yj1icueWMfGfJFKN1KCkndygtu/C9+XUfydLC8Iv5UYJqRwy4zk8EcplRxEOeLyjq1gm6Q==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.22.5.tgz",
+      "integrity": "sha512-zf7LuNpHG0iEeiyCNwX4j3gDg1jgt1k3ZdXBKbZSoA3BbGQGvMiSvfbZRR3Dr3aeJe3ooWFZxOOG3IRStYp2Bw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1601,11 +1792,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-template-literals": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.18.9.tgz",
-      "integrity": "sha512-S8cOWfT82gTezpYOiVaGHrCbhlHgKhQt8XH5ES46P2XWmX92yisoZywf5km75wv5sYcXDUCLMmMxOLCtthDgMA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.22.5.tgz",
+      "integrity": "sha512-5ciOehRNf+EyUeewo8NkbQiUs4d6ZxiHo6BcBcnFlgiJfu16q0bQUw9Jvo0b0gBKFG1SMhDSjeKXSYuJLeFSMA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1615,11 +1806,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-typeof-symbol": {
-      "version": "7.18.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.18.9.tgz",
-      "integrity": "sha512-SRfwTtF11G2aemAZWivL7PD+C9z52v9EvMqH9BuYbabyPuKUvSWks3oCg6041pT925L4zVFqaVBeECwsmlguEw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.22.5.tgz",
+      "integrity": "sha512-bYkI5lMzL4kPii4HHEEChkD0rkc+nvnlR6+o/qdqR6zrm0Sv/nodmyLhlq2DO0YKLUNd2VePmPRjJXSBh9OIdA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1629,14 +1820,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-typescript": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.21.3.tgz",
-      "integrity": "sha512-RQxPz6Iqt8T0uw/WsJNReuBpWpBqs/n7mNo18sKLoTbMp+UrEekhH+pKSVC7gWz+DNjo9gryfV8YzCiT45RgMw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.22.5.tgz",
+      "integrity": "sha512-SMubA9S7Cb5sGSFFUlqxyClTA9zWJ8qGQrppNUm05LtFuN1ELRFNndkix4zUJrC9F+YivWwa1dHMSyo0e0N9dA==",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.18.6",
-        "@babel/helper-create-class-features-plugin": "^7.21.0",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/plugin-syntax-typescript": "^7.20.0"
+        "@babel/helper-annotate-as-pure": "^7.22.5",
+        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/plugin-syntax-typescript": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1646,11 +1837,26 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-escapes": {
-      "version": "7.18.10",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.18.10.tgz",
-      "integrity": "sha512-kKAdAI+YzPgGY/ftStBFXTI1LZFju38rYThnfMykS+IXy8BVx+res7s2fxf1l8I35DV2T97ezo6+SGrXz6B3iQ==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.22.5.tgz",
+      "integrity": "sha512-biEmVg1IYB/raUO5wT1tgfacCef15Fbzhkx493D3urBI++6hpJ+RFG4SrWMn0NEZLfvilqKf3QDrRVZHo08FYg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.9"
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-unicode-property-regex": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.22.5.tgz",
+      "integrity": "sha512-HCCIb+CbJIAE6sXn5CjFQXMwkCClcOfPCzTlilJ8cUatfzwHlWQkbtV0zD338u9dZskwvuOYTuuaMaA8J5EI5A==",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1660,12 +1866,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-regex": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.18.6.tgz",
-      "integrity": "sha512-gE7A6Lt7YLnNOL3Pb9BNeZvi+d8l7tcRrG4+pwJjK9hD2xX4mEvjlQW60G9EEmfXVYRPv9VRQcyegIVHCql/AA==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.22.5.tgz",
+      "integrity": "sha512-028laaOKptN5vHJf9/Arr/HiJekMd41hOEZYvNsrsXqJ7YPYuX2bQxh31fkZzGmq3YqHRJzYFFAVYvKfMPKqyg==",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.18.6",
-        "@babel/helper-plugin-utils": "^7.18.6"
+        "@babel/helper-create-regexp-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1674,38 +1880,41 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/preset-env": {
-      "version": "7.20.2",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.20.2.tgz",
-      "integrity": "sha512-1G0efQEWR1EHkKvKHqbG+IN/QdgwfByUpM5V5QroDzGV2t3S/WXNQd693cHiHTlCFMpr9B6FkPFXDA2lQcKoDg==",
+    "node_modules/@babel/plugin-transform-unicode-sets-regex": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.22.5.tgz",
+      "integrity": "sha512-lhMfi4FC15j13eKrh3DnYHjpGj6UKQHtNKTbtc1igvAhRy4+kLhV07OpLcsN0VgDEw/MjAvJO4BdMJsHwMhzCg==",
       "dependencies": {
-        "@babel/compat-data": "^7.20.1",
-        "@babel/helper-compilation-targets": "^7.20.0",
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-validator-option": "^7.18.6",
-        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.18.6",
-        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.18.9",
-        "@babel/plugin-proposal-async-generator-functions": "^7.20.1",
-        "@babel/plugin-proposal-class-properties": "^7.18.6",
-        "@babel/plugin-proposal-class-static-block": "^7.18.6",
-        "@babel/plugin-proposal-dynamic-import": "^7.18.6",
-        "@babel/plugin-proposal-export-namespace-from": "^7.18.9",
-        "@babel/plugin-proposal-json-strings": "^7.18.6",
-        "@babel/plugin-proposal-logical-assignment-operators": "^7.18.9",
-        "@babel/plugin-proposal-nullish-coalescing-operator": "^7.18.6",
-        "@babel/plugin-proposal-numeric-separator": "^7.18.6",
-        "@babel/plugin-proposal-object-rest-spread": "^7.20.2",
-        "@babel/plugin-proposal-optional-catch-binding": "^7.18.6",
-        "@babel/plugin-proposal-optional-chaining": "^7.18.9",
-        "@babel/plugin-proposal-private-methods": "^7.18.6",
-        "@babel/plugin-proposal-private-property-in-object": "^7.18.6",
-        "@babel/plugin-proposal-unicode-property-regex": "^7.18.6",
+        "@babel/helper-create-regexp-features-plugin": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/preset-env": {
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.22.5.tgz",
+      "integrity": "sha512-fj06hw89dpiZzGZtxn+QybifF07nNiZjZ7sazs2aVDcysAZVGjW7+7iFYxg6GLNM47R/thYfLdrXc+2f11Vi9A==",
+      "dependencies": {
+        "@babel/compat-data": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-validator-option": "^7.22.5",
+        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.22.5",
+        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.22.5",
+        "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2",
         "@babel/plugin-syntax-async-generators": "^7.8.4",
         "@babel/plugin-syntax-class-properties": "^7.12.13",
         "@babel/plugin-syntax-class-static-block": "^7.14.5",
         "@babel/plugin-syntax-dynamic-import": "^7.8.3",
         "@babel/plugin-syntax-export-namespace-from": "^7.8.3",
-        "@babel/plugin-syntax-import-assertions": "^7.20.0",
+        "@babel/plugin-syntax-import-assertions": "^7.22.5",
+        "@babel/plugin-syntax-import-attributes": "^7.22.5",
+        "@babel/plugin-syntax-import-meta": "^7.10.4",
         "@babel/plugin-syntax-json-strings": "^7.8.3",
         "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4",
         "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3",
@@ -1715,44 +1924,61 @@
         "@babel/plugin-syntax-optional-chaining": "^7.8.3",
         "@babel/plugin-syntax-private-property-in-object": "^7.14.5",
         "@babel/plugin-syntax-top-level-await": "^7.14.5",
-        "@babel/plugin-transform-arrow-functions": "^7.18.6",
-        "@babel/plugin-transform-async-to-generator": "^7.18.6",
-        "@babel/plugin-transform-block-scoped-functions": "^7.18.6",
-        "@babel/plugin-transform-block-scoping": "^7.20.2",
-        "@babel/plugin-transform-classes": "^7.20.2",
-        "@babel/plugin-transform-computed-properties": "^7.18.9",
-        "@babel/plugin-transform-destructuring": "^7.20.2",
-        "@babel/plugin-transform-dotall-regex": "^7.18.6",
-        "@babel/plugin-transform-duplicate-keys": "^7.18.9",
-        "@babel/plugin-transform-exponentiation-operator": "^7.18.6",
-        "@babel/plugin-transform-for-of": "^7.18.8",
-        "@babel/plugin-transform-function-name": "^7.18.9",
-        "@babel/plugin-transform-literals": "^7.18.9",
-        "@babel/plugin-transform-member-expression-literals": "^7.18.6",
-        "@babel/plugin-transform-modules-amd": "^7.19.6",
-        "@babel/plugin-transform-modules-commonjs": "^7.19.6",
-        "@babel/plugin-transform-modules-systemjs": "^7.19.6",
-        "@babel/plugin-transform-modules-umd": "^7.18.6",
-        "@babel/plugin-transform-named-capturing-groups-regex": "^7.19.1",
-        "@babel/plugin-transform-new-target": "^7.18.6",
-        "@babel/plugin-transform-object-super": "^7.18.6",
-        "@babel/plugin-transform-parameters": "^7.20.1",
-        "@babel/plugin-transform-property-literals": "^7.18.6",
-        "@babel/plugin-transform-regenerator": "^7.18.6",
-        "@babel/plugin-transform-reserved-words": "^7.18.6",
-        "@babel/plugin-transform-shorthand-properties": "^7.18.6",
-        "@babel/plugin-transform-spread": "^7.19.0",
-        "@babel/plugin-transform-sticky-regex": "^7.18.6",
-        "@babel/plugin-transform-template-literals": "^7.18.9",
-        "@babel/plugin-transform-typeof-symbol": "^7.18.9",
-        "@babel/plugin-transform-unicode-escapes": "^7.18.10",
-        "@babel/plugin-transform-unicode-regex": "^7.18.6",
+        "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6",
+        "@babel/plugin-transform-arrow-functions": "^7.22.5",
+        "@babel/plugin-transform-async-generator-functions": "^7.22.5",
+        "@babel/plugin-transform-async-to-generator": "^7.22.5",
+        "@babel/plugin-transform-block-scoped-functions": "^7.22.5",
+        "@babel/plugin-transform-block-scoping": "^7.22.5",
+        "@babel/plugin-transform-class-properties": "^7.22.5",
+        "@babel/plugin-transform-class-static-block": "^7.22.5",
+        "@babel/plugin-transform-classes": "^7.22.5",
+        "@babel/plugin-transform-computed-properties": "^7.22.5",
+        "@babel/plugin-transform-destructuring": "^7.22.5",
+        "@babel/plugin-transform-dotall-regex": "^7.22.5",
+        "@babel/plugin-transform-duplicate-keys": "^7.22.5",
+        "@babel/plugin-transform-dynamic-import": "^7.22.5",
+        "@babel/plugin-transform-exponentiation-operator": "^7.22.5",
+        "@babel/plugin-transform-export-namespace-from": "^7.22.5",
+        "@babel/plugin-transform-for-of": "^7.22.5",
+        "@babel/plugin-transform-function-name": "^7.22.5",
+        "@babel/plugin-transform-json-strings": "^7.22.5",
+        "@babel/plugin-transform-literals": "^7.22.5",
+        "@babel/plugin-transform-logical-assignment-operators": "^7.22.5",
+        "@babel/plugin-transform-member-expression-literals": "^7.22.5",
+        "@babel/plugin-transform-modules-amd": "^7.22.5",
+        "@babel/plugin-transform-modules-commonjs": "^7.22.5",
+        "@babel/plugin-transform-modules-systemjs": "^7.22.5",
+        "@babel/plugin-transform-modules-umd": "^7.22.5",
+        "@babel/plugin-transform-named-capturing-groups-regex": "^7.22.5",
+        "@babel/plugin-transform-new-target": "^7.22.5",
+        "@babel/plugin-transform-nullish-coalescing-operator": "^7.22.5",
+        "@babel/plugin-transform-numeric-separator": "^7.22.5",
+        "@babel/plugin-transform-object-rest-spread": "^7.22.5",
+        "@babel/plugin-transform-object-super": "^7.22.5",
+        "@babel/plugin-transform-optional-catch-binding": "^7.22.5",
+        "@babel/plugin-transform-optional-chaining": "^7.22.5",
+        "@babel/plugin-transform-parameters": "^7.22.5",
+        "@babel/plugin-transform-private-methods": "^7.22.5",
+        "@babel/plugin-transform-private-property-in-object": "^7.22.5",
+        "@babel/plugin-transform-property-literals": "^7.22.5",
+        "@babel/plugin-transform-regenerator": "^7.22.5",
+        "@babel/plugin-transform-reserved-words": "^7.22.5",
+        "@babel/plugin-transform-shorthand-properties": "^7.22.5",
+        "@babel/plugin-transform-spread": "^7.22.5",
+        "@babel/plugin-transform-sticky-regex": "^7.22.5",
+        "@babel/plugin-transform-template-literals": "^7.22.5",
+        "@babel/plugin-transform-typeof-symbol": "^7.22.5",
+        "@babel/plugin-transform-unicode-escapes": "^7.22.5",
+        "@babel/plugin-transform-unicode-property-regex": "^7.22.5",
+        "@babel/plugin-transform-unicode-regex": "^7.22.5",
+        "@babel/plugin-transform-unicode-sets-regex": "^7.22.5",
         "@babel/preset-modules": "^0.1.5",
-        "@babel/types": "^7.20.2",
-        "babel-plugin-polyfill-corejs2": "^0.3.3",
-        "babel-plugin-polyfill-corejs3": "^0.6.0",
-        "babel-plugin-polyfill-regenerator": "^0.4.1",
-        "core-js-compat": "^3.25.1",
+        "@babel/types": "^7.22.5",
+        "babel-plugin-polyfill-corejs2": "^0.4.3",
+        "babel-plugin-polyfill-corejs3": "^0.8.1",
+        "babel-plugin-polyfill-regenerator": "^0.5.0",
+        "core-js-compat": "^3.30.2",
         "semver": "^6.3.0"
       },
       "engines": {
@@ -1762,6 +1988,17 @@
         "@babel/core": "^7.0.0-0"
       }
     },
+    "node_modules/@babel/preset-env/node_modules/@babel/plugin-proposal-private-property-in-object": {
+      "version": "7.21.0-placeholder-for-preset-env.2",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz",
+      "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==",
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
     "node_modules/@babel/preset-env/node_modules/semver": {
       "version": "6.3.0",
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
@@ -1786,16 +2023,16 @@
       }
     },
     "node_modules/@babel/preset-react": {
-      "version": "7.18.6",
-      "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.18.6.tgz",
-      "integrity": "sha512-zXr6atUmyYdiWRVLOZahakYmOBHtWc2WGCkP8PYTgZi0iJXDY2CN180TdrIW4OGOAdLc7TifzDIvtx6izaRIzg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.22.5.tgz",
+      "integrity": "sha512-M+Is3WikOpEJHgR385HbuCITPTaPRaNkibTEa9oiofmJvIsrceb4yp9RL9Kb+TE8LznmeyZqpP+Lopwcx59xPQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.18.6",
-        "@babel/helper-validator-option": "^7.18.6",
-        "@babel/plugin-transform-react-display-name": "^7.18.6",
-        "@babel/plugin-transform-react-jsx": "^7.18.6",
-        "@babel/plugin-transform-react-jsx-development": "^7.18.6",
-        "@babel/plugin-transform-react-pure-annotations": "^7.18.6"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-validator-option": "^7.22.5",
+        "@babel/plugin-transform-react-display-name": "^7.22.5",
+        "@babel/plugin-transform-react-jsx": "^7.22.5",
+        "@babel/plugin-transform-react-jsx-development": "^7.22.5",
+        "@babel/plugin-transform-react-pure-annotations": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1805,13 +2042,15 @@
       }
     },
     "node_modules/@babel/preset-typescript": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.21.0.tgz",
-      "integrity": "sha512-myc9mpoVA5m1rF8K8DgLEatOYFDpwC+RkMkjZ0Du6uI62YvDe8uxIEYVs/VCdSJ097nlALiU/yBC7//3nI+hNg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.22.5.tgz",
+      "integrity": "sha512-YbPaal9LxztSGhmndR46FmAbkJ/1fAsw293tSU+I5E5h+cnJ3d4GTwyUgGYmOXJYdGA+uNePle4qbaRzj2NISQ==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.20.2",
-        "@babel/helper-validator-option": "^7.21.0",
-        "@babel/plugin-transform-typescript": "^7.21.0"
+        "@babel/helper-plugin-utils": "^7.22.5",
+        "@babel/helper-validator-option": "^7.22.5",
+        "@babel/plugin-syntax-jsx": "^7.22.5",
+        "@babel/plugin-transform-modules-commonjs": "^7.22.5",
+        "@babel/plugin-transform-typescript": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1826,9 +2065,9 @@
       "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA=="
     },
     "node_modules/@babel/runtime": {
-      "version": "7.21.0",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.21.0.tgz",
-      "integrity": "sha512-xwII0//EObnq89Ji5AKYQaRYiW/nZ3llSv29d49IuxPhKbtJoLP+9QUUZ4nVragQVtaVGeZrpB+ZtG/Pdy/POw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.5.tgz",
+      "integrity": "sha512-ecjvYlnAaZ/KVneE/OdKYBYfgXV3Ptu6zQWmgEF7vwKhQnvVS6bjMD2XYgj+SNvQ1GfK/pjgokfPkC/2CO8CuA==",
       "dependencies": {
         "regenerator-runtime": "^0.13.11"
       },
@@ -1837,31 +2076,31 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.20.7",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.20.7.tgz",
-      "integrity": "sha512-8SegXApWe6VoNw0r9JHpSteLKTpTiLZ4rMlGIm9JQ18KiCtyQiAMEazujAHrUS5flrcqYZa75ukev3P6QmUwUw==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.5.tgz",
+      "integrity": "sha512-X7yV7eiwAxdj9k94NEylvbVHLiVG1nvzCV2EAowhxLTwODV1jl9UzZ48leOC0sH7OnuHrIkllaBgneUykIcZaw==",
       "dependencies": {
-        "@babel/code-frame": "^7.18.6",
-        "@babel/parser": "^7.20.7",
-        "@babel/types": "^7.20.7"
+        "@babel/code-frame": "^7.22.5",
+        "@babel/parser": "^7.22.5",
+        "@babel/types": "^7.22.5"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.21.3.tgz",
-      "integrity": "sha512-XLyopNeaTancVitYZe2MlUEvgKb6YVVPXzofHgqHijCImG33b/uTurMS488ht/Hbsb2XK3U2BnSTxKVNGV3nGQ==",
-      "dependencies": {
-        "@babel/code-frame": "^7.18.6",
-        "@babel/generator": "^7.21.3",
-        "@babel/helper-environment-visitor": "^7.18.9",
-        "@babel/helper-function-name": "^7.21.0",
-        "@babel/helper-hoist-variables": "^7.18.6",
-        "@babel/helper-split-export-declaration": "^7.18.6",
-        "@babel/parser": "^7.21.3",
-        "@babel/types": "^7.21.3",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.22.5.tgz",
+      "integrity": "sha512-7DuIjPgERaNo6r+PZwItpjCZEa5vyw4eJGufeLxrPdBXBoLcCJCIasvK6pK/9DVNrLZTLFhUGqaC6X/PA007TQ==",
+      "dependencies": {
+        "@babel/code-frame": "^7.22.5",
+        "@babel/generator": "^7.22.5",
+        "@babel/helper-environment-visitor": "^7.22.5",
+        "@babel/helper-function-name": "^7.22.5",
+        "@babel/helper-hoist-variables": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.5",
+        "@babel/parser": "^7.22.5",
+        "@babel/types": "^7.22.5",
         "debug": "^4.1.0",
         "globals": "^11.1.0"
       },
@@ -1870,12 +2109,12 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.21.3",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.21.3.tgz",
-      "integrity": "sha512-sBGdETxC+/M4o/zKC0sl6sjWv62WFR/uzxrJ6uYyMLZOUlPnwzw0tKgVHOXxaAd5l2g8pEDM5RZ495GPQI77kg==",
+      "version": "7.22.5",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.22.5.tgz",
+      "integrity": "sha512-zo3MIHGOkPOfoRXitsgHLjEXmlDaD/5KU1Uzuc9GNiZPhSqVxVRtxuPaSBZDsYZ9qV88AjtMtWW7ww98loJ9KA==",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.19.4",
-        "@babel/helper-validator-identifier": "^7.19.1",
+        "@babel/helper-string-parser": "^7.22.5",
+        "@babel/helper-validator-identifier": "^7.22.5",
         "to-fast-properties": "^2.0.0"
       },
       "engines": {
@@ -2158,84 +2397,65 @@
       }
     },
     "node_modules/@emotion/babel-plugin": {
-      "version": "11.10.6",
-      "resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.10.6.tgz",
-      "integrity": "sha512-p2dAqtVrkhSa7xz1u/m9eHYdLi+en8NowrmXeF/dKtJpU8lCWli8RUAati7NcSl0afsBott48pdnANuD0wh9QQ==",
+      "version": "11.11.0",
+      "resolved": "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.11.0.tgz",
+      "integrity": "sha512-m4HEDZleaaCH+XgDDsPF15Ht6wTLsgDTeR3WYj9Q/k76JtWhrJjcP4+/XlG8LGT/Rol9qUfOIztXeA84ATpqPQ==",
       "dependencies": {
         "@babel/helper-module-imports": "^7.16.7",
         "@babel/runtime": "^7.18.3",
-        "@emotion/hash": "^0.9.0",
-        "@emotion/memoize": "^0.8.0",
-        "@emotion/serialize": "^1.1.1",
+        "@emotion/hash": "^0.9.1",
+        "@emotion/memoize": "^0.8.1",
+        "@emotion/serialize": "^1.1.2",
         "babel-plugin-macros": "^3.1.0",
         "convert-source-map": "^1.5.0",
         "escape-string-regexp": "^4.0.0",
         "find-root": "^1.1.0",
         "source-map": "^0.5.7",
-        "stylis": "4.1.3"
-      }
-    },
-    "node_modules/@emotion/babel-plugin/node_modules/escape-string-regexp": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
-      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/@emotion/babel-plugin/node_modules/source-map": {
-      "version": "0.5.7",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
-      "integrity": "sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==",
-      "engines": {
-        "node": ">=0.10.0"
+        "stylis": "4.2.0"
       }
     },
     "node_modules/@emotion/cache": {
-      "version": "11.10.5",
-      "resolved": "https://registry.npmjs.org/@emotion/cache/-/cache-11.10.5.tgz",
-      "integrity": "sha512-dGYHWyzTdmK+f2+EnIGBpkz1lKc4Zbj2KHd4cX3Wi8/OWr5pKslNjc3yABKH4adRGCvSX4VDC0i04mrrq0aiRA==",
+      "version": "11.11.0",
+      "resolved": "https://registry.npmjs.org/@emotion/cache/-/cache-11.11.0.tgz",
+      "integrity": "sha512-P34z9ssTCBi3e9EI1ZsWpNHcfY1r09ZO0rZbRO2ob3ZQMnFI35jB536qoXbkdesr5EUhYi22anuEJuyxifaqAQ==",
       "dependencies": {
-        "@emotion/memoize": "^0.8.0",
-        "@emotion/sheet": "^1.2.1",
-        "@emotion/utils": "^1.2.0",
-        "@emotion/weak-memoize": "^0.3.0",
-        "stylis": "4.1.3"
+        "@emotion/memoize": "^0.8.1",
+        "@emotion/sheet": "^1.2.2",
+        "@emotion/utils": "^1.2.1",
+        "@emotion/weak-memoize": "^0.3.1",
+        "stylis": "4.2.0"
       }
     },
     "node_modules/@emotion/hash": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/@emotion/hash/-/hash-0.9.0.tgz",
-      "integrity": "sha512-14FtKiHhy2QoPIzdTcvh//8OyBlknNs2nXRwIhG904opCby3l+9Xaf/wuPvICBF0rc1ZCNBd3nKe9cd2mecVkQ=="
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/@emotion/hash/-/hash-0.9.1.tgz",
+      "integrity": "sha512-gJB6HLm5rYwSLI6PQa+X1t5CFGrv1J1TWG+sOyMCeKz2ojaj6Fnl/rZEspogG+cvqbt4AE/2eIyD2QfLKTBNlQ=="
     },
     "node_modules/@emotion/is-prop-valid": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-1.2.0.tgz",
-      "integrity": "sha512-3aDpDprjM0AwaxGE09bOPkNxHpBd+kA6jty3RnaEXdweX1DF1U3VQpPYb0g1IStAuK7SVQ1cy+bNBBKp4W3Fjg==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-1.2.1.tgz",
+      "integrity": "sha512-61Mf7Ufx4aDxx1xlDeOm8aFFigGHE4z+0sKCa+IHCeZKiyP9RLD0Mmx7m8b9/Cf37f7NAvQOOJAbQQGVr5uERw==",
       "dependencies": {
-        "@emotion/memoize": "^0.8.0"
+        "@emotion/memoize": "^0.8.1"
       }
     },
     "node_modules/@emotion/memoize": {
-      "version": "0.8.0",
-      "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.8.0.tgz",
-      "integrity": "sha512-G/YwXTkv7Den9mXDO7AhLWkE3q+I92B+VqAE+dYG4NGPaHZGvt3G8Q0p9vmE+sq7rTGphUbAvmQ9YpbfMQGGlA=="
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.8.1.tgz",
+      "integrity": "sha512-W2P2c/VRW1/1tLox0mVUalvnWXxavmv/Oum2aPsRcoDJuob75FC3Y8FbpfLwUegRcxINtGUMPq0tFCvYNTBXNA=="
     },
     "node_modules/@emotion/react": {
-      "version": "11.10.6",
-      "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.10.6.tgz",
-      "integrity": "sha512-6HT8jBmcSkfzO7mc+N1L9uwvOnlcGoix8Zn7srt+9ga0MjREo6lRpuVX0kzo6Jp6oTqDhREOFsygN6Ew4fEQbw==",
+      "version": "11.11.1",
+      "resolved": "https://registry.npmjs.org/@emotion/react/-/react-11.11.1.tgz",
+      "integrity": "sha512-5mlW1DquU5HaxjLkfkGN1GA/fvVGdyHURRiX/0FHl2cfIfRxSOfmxEH5YS43edp0OldZrZ+dkBKbngxcNCdZvA==",
       "dependencies": {
         "@babel/runtime": "^7.18.3",
-        "@emotion/babel-plugin": "^11.10.6",
-        "@emotion/cache": "^11.10.5",
-        "@emotion/serialize": "^1.1.1",
-        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
-        "@emotion/utils": "^1.2.0",
-        "@emotion/weak-memoize": "^0.3.0",
+        "@emotion/babel-plugin": "^11.11.0",
+        "@emotion/cache": "^11.11.0",
+        "@emotion/serialize": "^1.1.2",
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.1",
+        "@emotion/utils": "^1.2.1",
+        "@emotion/weak-memoize": "^0.3.1",
         "hoist-non-react-statics": "^3.3.1"
       },
       "peerDependencies": {
@@ -2248,33 +2468,33 @@
       }
     },
     "node_modules/@emotion/serialize": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@emotion/serialize/-/serialize-1.1.1.tgz",
-      "integrity": "sha512-Zl/0LFggN7+L1liljxXdsVSVlg6E/Z/olVWpfxUTxOAmi8NU7YoeWeLfi1RmnB2TATHoaWwIBRoL+FvAJiTUQA==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@emotion/serialize/-/serialize-1.1.2.tgz",
+      "integrity": "sha512-zR6a/fkFP4EAcCMQtLOhIgpprZOwNmCldtpaISpvz348+DP4Mz8ZoKaGGCQpbzepNIUWbq4w6hNZkwDyKoS+HA==",
       "dependencies": {
-        "@emotion/hash": "^0.9.0",
-        "@emotion/memoize": "^0.8.0",
-        "@emotion/unitless": "^0.8.0",
-        "@emotion/utils": "^1.2.0",
+        "@emotion/hash": "^0.9.1",
+        "@emotion/memoize": "^0.8.1",
+        "@emotion/unitless": "^0.8.1",
+        "@emotion/utils": "^1.2.1",
         "csstype": "^3.0.2"
       }
     },
     "node_modules/@emotion/sheet": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@emotion/sheet/-/sheet-1.2.1.tgz",
-      "integrity": "sha512-zxRBwl93sHMsOj4zs+OslQKg/uhF38MB+OMKoCrVuS0nyTkqnau+BM3WGEoOptg9Oz45T/aIGs1qbVAsEFo3nA=="
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/@emotion/sheet/-/sheet-1.2.2.tgz",
+      "integrity": "sha512-0QBtGvaqtWi+nx6doRwDdBIzhNdZrXUppvTM4dtZZWEGTXL/XE/yJxLMGlDT1Gt+UHH5IX1n+jkXyytE/av7OA=="
     },
     "node_modules/@emotion/styled": {
-      "version": "11.10.6",
-      "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.10.6.tgz",
-      "integrity": "sha512-OXtBzOmDSJo5Q0AFemHCfl+bUueT8BIcPSxu0EGTpGk6DmI5dnhSzQANm1e1ze0YZL7TDyAyy6s/b/zmGOS3Og==",
+      "version": "11.11.0",
+      "resolved": "https://registry.npmjs.org/@emotion/styled/-/styled-11.11.0.tgz",
+      "integrity": "sha512-hM5Nnvu9P3midq5aaXj4I+lnSfNi7Pmd4EWk1fOZ3pxookaQTNew6bp4JaCBYM4HVFZF9g7UjJmsUmC2JlxOng==",
       "dependencies": {
         "@babel/runtime": "^7.18.3",
-        "@emotion/babel-plugin": "^11.10.6",
-        "@emotion/is-prop-valid": "^1.2.0",
-        "@emotion/serialize": "^1.1.1",
-        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
-        "@emotion/utils": "^1.2.0"
+        "@emotion/babel-plugin": "^11.11.0",
+        "@emotion/is-prop-valid": "^1.2.1",
+        "@emotion/serialize": "^1.1.2",
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.1",
+        "@emotion/utils": "^1.2.1"
       },
       "peerDependencies": {
         "@emotion/react": "^11.0.0-rc.0",
@@ -2287,32 +2507,32 @@
       }
     },
     "node_modules/@emotion/unitless": {
-      "version": "0.8.0",
-      "resolved": "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.8.0.tgz",
-      "integrity": "sha512-VINS5vEYAscRl2ZUDiT3uMPlrFQupiKgHz5AA4bCH1miKBg4qtwkim1qPmJj/4WG6TreYMY111rEFsjupcOKHw=="
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.8.1.tgz",
+      "integrity": "sha512-KOEGMu6dmJZtpadb476IsZBclKvILjopjUii3V+7MnXIQCYh8W3NgNcgwo21n9LXZX6EDIKvqfjYxXebDwxKmQ=="
     },
     "node_modules/@emotion/use-insertion-effect-with-fallbacks": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@emotion/use-insertion-effect-with-fallbacks/-/use-insertion-effect-with-fallbacks-1.0.0.tgz",
-      "integrity": "sha512-1eEgUGmkaljiBnRMTdksDV1W4kUnmwgp7X9G8B++9GYwl1lUdqSndSriIrTJ0N7LQaoauY9JJ2yhiOYK5+NI4A==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@emotion/use-insertion-effect-with-fallbacks/-/use-insertion-effect-with-fallbacks-1.0.1.tgz",
+      "integrity": "sha512-jT/qyKZ9rzLErtrjGgdkMBn2OP8wl0G3sQlBb3YPryvKHsjvINUhVaPFfP+fpBcOkmrVOVEEHQFJ7nbj2TH2gw==",
       "peerDependencies": {
         "react": ">=16.8.0"
       }
     },
     "node_modules/@emotion/utils": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@emotion/utils/-/utils-1.2.0.tgz",
-      "integrity": "sha512-sn3WH53Kzpw8oQ5mgMmIzzyAaH2ZqFEbozVVBSYp538E06OSE6ytOp7pRAjNQR+Q/orwqdQYJSe2m3hCOeznkw=="
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@emotion/utils/-/utils-1.2.1.tgz",
+      "integrity": "sha512-Y2tGf3I+XVnajdItskUCn6LX+VUDmP6lTL4fcqsXAv43dnlbZiuW4MWQW38rW/BVWSE7Q/7+XQocmpnRYILUmg=="
     },
     "node_modules/@emotion/weak-memoize": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@emotion/weak-memoize/-/weak-memoize-0.3.0.tgz",
-      "integrity": "sha512-AHPmaAx+RYfZz0eYu6Gviiagpmiyw98ySSlQvCUhVGDRtDFe4DBS0x1bSjdF3gqUDYOczB+yYvBTtEylYSdRhg=="
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/@emotion/weak-memoize/-/weak-memoize-0.3.1.tgz",
+      "integrity": "sha512-EsBwpc7hBUJWAsNPBmJy4hxWx12v6bshQsldrVmjxJoc3isbxhOrF2IcCpaXxfvq03NwkI7sbsOLXbYuqF/8Ww=="
     },
     "node_modules/@eslint-community/eslint-utils": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.3.0.tgz",
-      "integrity": "sha512-v3oplH6FYCULtFuCeqyuTd9D2WKO937Dxdq+GmHOLL72TTRriLxz2VLlNfkZRsvj6PKnOPAtuT6dwrs/pA5DvA==",
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz",
+      "integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==",
       "dependencies": {
         "eslint-visitor-keys": "^3.3.0"
       },
@@ -2324,21 +2544,21 @@
       }
     },
     "node_modules/@eslint-community/regexpp": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.4.0.tgz",
-      "integrity": "sha512-A9983Q0LnDGdLPjxyXQ00sbV+K+O+ko2Dr+CZigbHWtX9pNfxlaBkMR8X1CztI73zuEyEBXTVjx7CE+/VSwDiQ==",
+      "version": "4.5.1",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.5.1.tgz",
+      "integrity": "sha512-Z5ba73P98O1KUYCCJTUeVpja9RcGoMdncZ6T49FCUl2lN38JtCJ+3WgIDBv0AuY4WChU5PmtJmOCTlN6FZTFKQ==",
       "engines": {
         "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
       }
     },
     "node_modules/@eslint/eslintrc": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.1.tgz",
-      "integrity": "sha512-eFRmABvW2E5Ho6f5fHLqgena46rOj7r7OKHYfLElqcBfGFHHpjBhivyi5+jOEQuSpdc/1phIZJlbC2te+tZNIw==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.3.tgz",
+      "integrity": "sha512-+5gy6OQfk+xx3q0d6jGZZC3f3KzAkXc/IanVxd1is/VIIziRqqt3ongQz0FiTUXqTk0c7aDB3OaFuKnuSoJicQ==",
       "dependencies": {
         "ajv": "^6.12.4",
         "debug": "^4.3.2",
-        "espree": "^9.5.0",
+        "espree": "^9.5.2",
         "globals": "^13.19.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
@@ -2379,22 +2599,22 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "8.36.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.36.0.tgz",
-      "integrity": "sha512-lxJ9R5ygVm8ZWgYdUweoq5ownDlJ4upvoWmO4eLxBYHdMo+vZ/Rx0EN6MbKWDJOSUGrqJy2Gt+Dyv/VKml0fjg==",
+      "version": "8.42.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.42.0.tgz",
+      "integrity": "sha512-6SWlXpWU5AvId8Ac7zjzmIOqMOba/JWY8XZ4A7q7Gn1Vlfg/SFFIlrtHXt9nPn4op9ZPAkl91Jao+QQv3r/ukw==",
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       }
     },
     "node_modules/@fontsource-variable/nunito": {
-      "version": "5.0.2",
-      "resolved": "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.0.2.tgz",
-      "integrity": "sha512-ztW98DGVZbq77ITkqg5+C5O8CI/SoaiqWOFBfbyE7CHMkU8XaBOXFe2l6H7YREE15mMIKCGA/icztQuoLi21lA=="
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.0.3.tgz",
+      "integrity": "sha512-yxQ+IPeqA43DXNigCdU4rAziyeeKqm7VkAaJ9/o/h/qBA6w/dKsAH/YWmNB04PFJ6n84+3IAS7AKiOFs+4yZsw=="
     },
     "node_modules/@humanwhocodes/config-array": {
-      "version": "0.11.8",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.8.tgz",
-      "integrity": "sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==",
+      "version": "0.11.10",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.10.tgz",
+      "integrity": "sha512-KVVjQmNUepDVGXNuoRRdmmEjruj0KfiGSbS8LVc12LMsWDQzRXJ0qdhN8L8uUigKpfEHRhlaQFY0ib1tnUbNeQ==",
       "dependencies": {
         "@humanwhocodes/object-schema": "^1.2.1",
         "debug": "^4.1.1",
@@ -2512,6 +2732,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
+      "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@istanbuljs/schema": {
       "version": "0.1.3",
       "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz",
@@ -2536,70 +2764,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/@jest/console/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@jest/console/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@jest/console/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@jest/console/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@jest/console/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@jest/console/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/core": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/core/-/core-27.5.1.tgz",
@@ -2646,70 +2810,6 @@
         }
       }
     },
-    "node_modules/@jest/core/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@jest/core/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@jest/core/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@jest/core/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@jest/core/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@jest/core/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/environment": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-27.5.1.tgz",
@@ -2796,59 +2896,6 @@
         }
       }
     },
-    "node_modules/@jest/reporters/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@jest/reporters/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@jest/reporters/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@jest/reporters/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@jest/reporters/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/reporters/node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -2857,17 +2904,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/@jest/reporters/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/schemas": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz",
@@ -2953,59 +2989,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/@jest/transform/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@jest/transform/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@jest/transform/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@jest/transform/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@jest/transform/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/transform/node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -3014,17 +2997,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/@jest/transform/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jest/types": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz",
@@ -3040,77 +3012,14 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/@jest/types/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@jest/types/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@jest/types/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@jest/types/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@jest/types/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@jest/types/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@jridgewell/gen-mapping": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.1.1.tgz",
-      "integrity": "sha512-sQXCasFk+U8lWYEe66WxRDOE9PjVz4vSM51fTu3Hw+ClTpUSQb718772vH3pyS5pShp6lvQM7SxgIDXXXmOX7w==",
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz",
+      "integrity": "sha512-HLhSWOLRi875zjjMG/r+Nv0oCW8umGb0BgEhyX3dDX3egwZtB8PqLnjz3yedt8R5StBrzcg4aBpnh8UA9D1BoQ==",
       "dependencies": {
-        "@jridgewell/set-array": "^1.0.0",
-        "@jridgewell/sourcemap-codec": "^1.4.10"
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
       },
       "engines": {
         "node": ">=6.0.0"
@@ -3133,56 +3042,48 @@
       }
     },
     "node_modules/@jridgewell/source-map": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
-      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.3.tgz",
+      "integrity": "sha512-b+fsZXeLYi9fEULmfBrhxn4IrPlINf8fiNarzTof004v3lFdntdwa9PF7vFJqm3mg7s+ScJMxXaE3Acp1irZcg==",
       "dependencies": {
         "@jridgewell/gen-mapping": "^0.3.0",
         "@jridgewell/trace-mapping": "^0.3.9"
       }
     },
-    "node_modules/@jridgewell/source-map/node_modules/@jridgewell/gen-mapping": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
-      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
-      "dependencies": {
-        "@jridgewell/set-array": "^1.0.1",
-        "@jridgewell/sourcemap-codec": "^1.4.10",
-        "@jridgewell/trace-mapping": "^0.3.9"
-      },
-      "engines": {
-        "node": ">=6.0.0"
-      }
-    },
     "node_modules/@jridgewell/sourcemap-codec": {
-      "version": "1.4.14",
-      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
-      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+      "version": "1.4.15",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
+      "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg=="
     },
     "node_modules/@jridgewell/trace-mapping": {
-      "version": "0.3.17",
-      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz",
-      "integrity": "sha512-MCNzAp77qzKca9+W/+I0+sEpaUnZoeasnghNeVc41VZCEKaCH73Vq3BZZ/SzWIgrqE4H4ceI+p+b6C0mHf9T4g==",
+      "version": "0.3.18",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.18.tgz",
+      "integrity": "sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==",
       "dependencies": {
         "@jridgewell/resolve-uri": "3.1.0",
         "@jridgewell/sourcemap-codec": "1.4.14"
       }
     },
+    "node_modules/@jridgewell/trace-mapping/node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.4.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
+      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+    },
     "node_modules/@leichtgewicht/ip-codec": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz",
       "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A=="
     },
     "node_modules/@mui/base": {
-      "version": "5.0.0-alpha.122",
-      "resolved": "https://registry.npmjs.org/@mui/base/-/base-5.0.0-alpha.122.tgz",
-      "integrity": "sha512-IgZEFQyHa39J1+Q3tekVdhPuUm1fr3icddaNLmiAIeYTVXmR7KR5FhBAIL0P+4shlPq0liUPGlXryoTm0iCeFg==",
+      "version": "5.0.0-beta.4",
+      "resolved": "https://registry.npmjs.org/@mui/base/-/base-5.0.0-beta.4.tgz",
+      "integrity": "sha512-ejhtqYJpjDgHGEljjMBQWZ22yEK0OzIXNa7toJmmXsP4TT3W7xVy8bTJ0TniPDf+JNjrsgfgiFTDGdlEhV1E+g==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@emotion/is-prop-valid": "^1.2.0",
-        "@mui/types": "^7.2.3",
-        "@mui/utils": "^5.11.13",
-        "@popperjs/core": "^2.11.6",
+        "@emotion/is-prop-valid": "^1.2.1",
+        "@mui/types": "^7.2.4",
+        "@mui/utils": "^5.13.1",
+        "@popperjs/core": "^2.11.8",
         "clsx": "^1.2.1",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0"
@@ -3205,24 +3106,19 @@
         }
       }
     },
-    "node_modules/@mui/base/node_modules/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
-    },
     "node_modules/@mui/core-downloads-tracker": {
-      "version": "5.11.14",
-      "resolved": "https://registry.npmjs.org/@mui/core-downloads-tracker/-/core-downloads-tracker-5.11.14.tgz",
-      "integrity": "sha512-rfc08z6+3Fif+Gopx2/qmk+MEQlwYeA+gOcSK048BHkTty/ol/boHuVeL2BNC/cf9OVRjJLYHtVb/DeW791LSQ==",
+      "version": "5.13.4",
+      "resolved": "https://registry.npmjs.org/@mui/core-downloads-tracker/-/core-downloads-tracker-5.13.4.tgz",
+      "integrity": "sha512-yFrMWcrlI0TqRN5jpb6Ma9iI7sGTHpytdzzL33oskFHNQ8UgrtPas33Y1K7sWAMwCrr1qbWDrOHLAQG4tAzuSw==",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/mui"
       }
     },
     "node_modules/@mui/icons-material": {
-      "version": "5.11.11",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.11.11.tgz",
-      "integrity": "sha512-Eell3ADmQVE8HOpt/LZ3zIma8JSvPh3XgnhwZLT0k5HRqZcd6F/QDHc7xsWtgz09t+UEFvOYJXjtrwKmLdwwpw==",
+      "version": "5.11.16",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.11.16.tgz",
+      "integrity": "sha512-oKkx9z9Kwg40NtcIajF9uOXhxiyTZrrm9nmIJ4UjkU2IdHpd4QVLbCc/5hZN/y0C6qzi2Zlxyr9TGddQx2vx2A==",
       "dependencies": {
         "@babel/runtime": "^7.21.0"
       },
@@ -3245,15 +3141,15 @@
       }
     },
     "node_modules/@mui/lab": {
-      "version": "5.0.0-alpha.124",
-      "resolved": "https://registry.npmjs.org/@mui/lab/-/lab-5.0.0-alpha.124.tgz",
-      "integrity": "sha512-K/XEv1zYyLi3tS63tyDta1mqWql+at5w7rWp5Yd63Jx1NjPUtgopAvyRZG2SVYPs/yBwfyDPW1iqQXpRw8h9Xw==",
+      "version": "5.0.0-alpha.133",
+      "resolved": "https://registry.npmjs.org/@mui/lab/-/lab-5.0.0-alpha.133.tgz",
+      "integrity": "sha512-pPL5/f6si8eCXlsnOZrO+/zg5Yv6qKa9OpI6nGP77Mpn7iYHm9qrcsWFIBs6YjgxqJf6dA2IqtHaSNOSndrXDw==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@mui/base": "5.0.0-alpha.122",
-        "@mui/system": "^5.11.14",
-        "@mui/types": "^7.2.3",
-        "@mui/utils": "^5.11.13",
+        "@mui/base": "5.0.0-beta.4",
+        "@mui/system": "^5.13.2",
+        "@mui/types": "^7.2.4",
+        "@mui/utils": "^5.13.1",
         "clsx": "^1.2.1",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0"
@@ -3285,25 +3181,20 @@
         }
       }
     },
-    "node_modules/@mui/lab/node_modules/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
-    },
     "node_modules/@mui/material": {
-      "version": "5.11.14",
-      "resolved": "https://registry.npmjs.org/@mui/material/-/material-5.11.14.tgz",
-      "integrity": "sha512-uoiUyybmo+M+nYARBygmbXgX6s/hH0NKD56LCAv9XvmdGVoXhEGjOvxI5/Bng6FS3NNybnA8V+rgZW1Z/9OJtA==",
+      "version": "5.13.4",
+      "resolved": "https://registry.npmjs.org/@mui/material/-/material-5.13.4.tgz",
+      "integrity": "sha512-Yq+4f1KLPa/Szd3xqra2hbOAf2Usl8GbubncArM6LIp40mBLtXIdPE29MNtHsbtuzz4g+eidrETgoi3wdbEYfQ==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@mui/base": "5.0.0-alpha.122",
-        "@mui/core-downloads-tracker": "^5.11.14",
-        "@mui/system": "^5.11.14",
-        "@mui/types": "^7.2.3",
-        "@mui/utils": "^5.11.13",
-        "@types/react-transition-group": "^4.4.5",
+        "@mui/base": "5.0.0-beta.4",
+        "@mui/core-downloads-tracker": "^5.13.4",
+        "@mui/system": "^5.13.2",
+        "@mui/types": "^7.2.4",
+        "@mui/utils": "^5.13.1",
+        "@types/react-transition-group": "^4.4.6",
         "clsx": "^1.2.1",
-        "csstype": "^3.1.1",
+        "csstype": "^3.1.2",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0",
         "react-transition-group": "^4.4.5"
@@ -3334,18 +3225,13 @@
         }
       }
     },
-    "node_modules/@mui/material/node_modules/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
-    },
     "node_modules/@mui/private-theming": {
-      "version": "5.11.13",
-      "resolved": "https://registry.npmjs.org/@mui/private-theming/-/private-theming-5.11.13.tgz",
-      "integrity": "sha512-PJnYNKzW5LIx3R+Zsp6WZVPs6w5sEKJ7mgLNnUXuYB1zo5aX71FVLtV7geyPXRcaN2tsoRNK7h444ED0t7cIjA==",
+      "version": "5.13.1",
+      "resolved": "https://registry.npmjs.org/@mui/private-theming/-/private-theming-5.13.1.tgz",
+      "integrity": "sha512-HW4npLUD9BAkVppOUZHeO1FOKUJWAwbpy0VQoGe3McUYTlck1HezGHQCfBQ5S/Nszi7EViqiimECVl9xi+/WjQ==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@mui/utils": "^5.11.13",
+        "@mui/utils": "^5.13.1",
         "prop-types": "^15.8.1"
       },
       "engines": {
@@ -3366,13 +3252,13 @@
       }
     },
     "node_modules/@mui/styled-engine": {
-      "version": "5.11.11",
-      "resolved": "https://registry.npmjs.org/@mui/styled-engine/-/styled-engine-5.11.11.tgz",
-      "integrity": "sha512-wV0UgW4lN5FkDBXefN8eTYeuE9sjyQdg5h94vtwZCUamGQEzmCOtir4AakgmbWMy0x8OLjdEUESn9wnf5J9MOg==",
+      "version": "5.13.2",
+      "resolved": "https://registry.npmjs.org/@mui/styled-engine/-/styled-engine-5.13.2.tgz",
+      "integrity": "sha512-VCYCU6xVtXOrIN8lcbuPmoG+u7FYuOERG++fpY74hPpEWkyFQG97F+/XfTQVYzlR2m7nPjnwVUgATcTCMEaMvw==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@emotion/cache": "^11.10.5",
-        "csstype": "^3.1.1",
+        "@emotion/cache": "^11.11.0",
+        "csstype": "^3.1.2",
         "prop-types": "^15.8.1"
       },
       "engines": {
@@ -3397,17 +3283,17 @@
       }
     },
     "node_modules/@mui/system": {
-      "version": "5.11.14",
-      "resolved": "https://registry.npmjs.org/@mui/system/-/system-5.11.14.tgz",
-      "integrity": "sha512-/MBv5dUoijJNEKEGi5tppIszGN0o2uejmeISi5vl0CLcaQsI1cd+uBgK+JYUP1VWvI/MtkWRLVSWtF2FWhu5Nw==",
+      "version": "5.13.2",
+      "resolved": "https://registry.npmjs.org/@mui/system/-/system-5.13.2.tgz",
+      "integrity": "sha512-TPyWmRJPt0JPVxacZISI4o070xEJ7ftxpVtu6LWuYVOUOINlhoGOclam4iV8PDT3EMQEHuUrwU49po34UdWLlw==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
-        "@mui/private-theming": "^5.11.13",
-        "@mui/styled-engine": "^5.11.11",
-        "@mui/types": "^7.2.3",
-        "@mui/utils": "^5.11.13",
+        "@mui/private-theming": "^5.13.1",
+        "@mui/styled-engine": "^5.13.2",
+        "@mui/types": "^7.2.4",
+        "@mui/utils": "^5.13.1",
         "clsx": "^1.2.1",
-        "csstype": "^3.1.1",
+        "csstype": "^3.1.2",
         "prop-types": "^15.8.1"
       },
       "engines": {
@@ -3436,9 +3322,9 @@
       }
     },
     "node_modules/@mui/types": {
-      "version": "7.2.3",
-      "resolved": "https://registry.npmjs.org/@mui/types/-/types-7.2.3.tgz",
-      "integrity": "sha512-tZ+CQggbe9Ol7e/Fs5RcKwg/woU+o8DCtOnccX6KmbBc7YrfqMYEYuaIcXHuhpT880QwNkZZ3wQwvtlDFA2yOw==",
+      "version": "7.2.4",
+      "resolved": "https://registry.npmjs.org/@mui/types/-/types-7.2.4.tgz",
+      "integrity": "sha512-LBcwa8rN84bKF+f5sDyku42w1NTxaPgPyYKODsh01U1fVstTClbUoSA96oyRBnSNyEiAVjKm6Gwx9vjR+xyqHA==",
       "peerDependencies": {
         "@types/react": "*"
       },
@@ -3449,13 +3335,13 @@
       }
     },
     "node_modules/@mui/utils": {
-      "version": "5.11.13",
-      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.11.13.tgz",
-      "integrity": "sha512-5ltA58MM9euOuUcnvwFJqpLdEugc9XFsRR8Gt4zZNb31XzMfSKJPR4eumulyhsOTK1rWf7K4D63NKFPfX0AxqA==",
+      "version": "5.13.1",
+      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.13.1.tgz",
+      "integrity": "sha512-6lXdWwmlUbEU2jUI8blw38Kt+3ly7xkmV9ljzY4Q20WhsJMWiNry9CX8M+TaP/HbtuyR8XKsdMgQW7h7MM3n3A==",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
         "@types/prop-types": "^15.7.5",
-        "@types/react-is": "^16.7.1 || ^17.0.0",
+        "@types/react-is": "^18.2.0",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0"
       },
@@ -3470,11 +3356,6 @@
         "react": "^17.0.0 || ^18.0.0"
       }
     },
-    "node_modules/@mui/utils/node_modules/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
-    },
     "node_modules/@nicolo-ribaudo/eslint-scope-5-internals": {
       "version": "5.1.1-v1",
       "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz",
@@ -3584,19 +3465,27 @@
         }
       }
     },
+    "node_modules/@pmmmwh/react-refresh-webpack-plugin/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/@popperjs/core": {
-      "version": "2.11.6",
-      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.6.tgz",
-      "integrity": "sha512-50/17A98tWUfQ176raKiOGXuYpLyyVMkxxG6oylzL3BPOlA6ADGdK7EYunSa4I064xerltq9TGXs8HmOk5E+vw==",
+      "version": "2.11.8",
+      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz",
+      "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/popperjs"
       }
     },
     "node_modules/@remix-run/router": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.5.0.tgz",
-      "integrity": "sha512-bkUDCp8o1MvFO+qxkODcbhSqRa6P2GXgrGZVpt0dCXNW2HCSCqYI0ZoAqEOSAjRWmmlKcYgFvN4B4S+zo/f8kg==",
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.6.3.tgz",
+      "integrity": "sha512-EXJysQ7J3veRECd0kZFQwYYd5sJMcq2O/m60zu1W2l3oVQ9xtub8jTOtYRE0+M2iomyG/W3Ps7+vp2kna0C27Q==",
       "engines": {
         "node": ">=14"
       }
@@ -3676,9 +3565,9 @@
       "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw=="
     },
     "node_modules/@rushstack/eslint-patch": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz",
-      "integrity": "sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg=="
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.3.1.tgz",
+      "integrity": "sha512-RkmuBcqiNioeeBKbgzMlOdreUkJfYaSjwgx9XDgGGpjvWgyaxWvDmZVSN9CS6LjEASadhgPv2BcFp+SeouWXXA=="
     },
     "node_modules/@sinclair/typebox": {
       "version": "0.24.51",
@@ -3920,9 +3809,9 @@
       }
     },
     "node_modules/@testing-library/dom": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.0.1.tgz",
-      "integrity": "sha512-fTOVsMY9QLFCCXRHG3Ese6cMH5qIWwSbgxZsgeF5TNsy81HKaZ4kgehnSF8FsR3OF+numlIV2YcU79MzbnhSig==",
+      "version": "9.3.0",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.3.0.tgz",
+      "integrity": "sha512-Dffe68pGwI6WlLRYR2I0piIkyole9cSBH5jGQKCGMRpHW5RHCqAUaqc2Kv0tUyd4dU4DLPKhJIjyKOnjv4tuUw==",
       "peer": true,
       "dependencies": {
         "@babel/code-frame": "^7.10.4",
@@ -3938,76 +3827,6 @@
         "node": ">=14"
       }
     },
-    "node_modules/@testing-library/dom/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "peer": true,
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/@testing-library/dom/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "peer": true,
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/@testing-library/dom/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "peer": true,
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@testing-library/dom/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "peer": true
-    },
-    "node_modules/@testing-library/dom/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "peer": true,
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@testing-library/dom/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "peer": true,
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@testing-library/jest-dom": {
       "version": "5.16.5",
       "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-5.16.5.tgz",
@@ -4029,20 +3848,6 @@
         "yarn": ">=1"
       }
     },
-    "node_modules/@testing-library/jest-dom/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
     "node_modules/@testing-library/jest-dom/node_modules/chalk": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz",
@@ -4055,41 +3860,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/@testing-library/jest-dom/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@testing-library/jest-dom/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@testing-library/jest-dom/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@testing-library/jest-dom/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/@testing-library/react": {
       "version": "13.4.0",
       "resolved": "https://registry.npmjs.org/@testing-library/react/-/react-13.4.0.tgz",
@@ -4125,99 +3895,35 @@
         "node": ">=12"
       }
     },
-    "node_modules/@testing-library/react/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+    "node_modules/@testing-library/user-event": {
+      "version": "13.5.0",
+      "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-13.5.0.tgz",
+      "integrity": "sha512-5Kwtbo3Y/NowpkbRuSepbyMFkZmHgD+vPzYB/RJ4oxt5Gj/avFFBYjhw27cqSVPVw/3a67NK1PbiIr9k4Gwmdg==",
       "dependencies": {
-        "color-convert": "^2.0.1"
+        "@babel/runtime": "^7.12.5"
       },
       "engines": {
-        "node": ">=8"
+        "node": ">=10",
+        "npm": ">=6"
       },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      "peerDependencies": {
+        "@testing-library/dom": ">=7.21.4"
       }
     },
-    "node_modules/@testing-library/react/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
+    "node_modules/@tootallnate/once": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz",
+      "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==",
       "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
+        "node": ">= 6"
       }
     },
-    "node_modules/@testing-library/react/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
+    "node_modules/@trysound/sax": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
+      "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
       "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/@testing-library/react/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/@testing-library/react/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@testing-library/react/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@testing-library/user-event": {
-      "version": "13.5.0",
-      "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-13.5.0.tgz",
-      "integrity": "sha512-5Kwtbo3Y/NowpkbRuSepbyMFkZmHgD+vPzYB/RJ4oxt5Gj/avFFBYjhw27cqSVPVw/3a67NK1PbiIr9k4Gwmdg==",
-      "dependencies": {
-        "@babel/runtime": "^7.12.5"
-      },
-      "engines": {
-        "node": ">=10",
-        "npm": ">=6"
-      },
-      "peerDependencies": {
-        "@testing-library/dom": ">=7.21.4"
-      }
-    },
-    "node_modules/@tootallnate/once": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz",
-      "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw==",
-      "engines": {
-        "node": ">= 6"
-      }
-    },
-    "node_modules/@trysound/sax": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
-      "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
-      "engines": {
-        "node": ">=10.13.0"
+        "node": ">=10.13.0"
       }
     },
     "node_modules/@types/aria-query": {
@@ -4226,9 +3932,9 @@
       "integrity": "sha512-XTIieEY+gvJ39ChLcB4If5zHtPxt3Syj5rgZR+e1ctpmK8NjPf0zFqsz4JpLJT0xla9GFDKjy8Cpu331nrmE1Q=="
     },
     "node_modules/@types/babel__core": {
-      "version": "7.20.0",
-      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.0.tgz",
-      "integrity": "sha512-+n8dL/9GWblDO0iU6eZAwEIJVr5DWigtle+Q6HLOrh/pdbXOhOtqzq8VPPE2zvNJzSKY4vH/z3iT3tn0A3ypiQ==",
+      "version": "7.20.1",
+      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.1.tgz",
+      "integrity": "sha512-aACu/U/omhdk15O4Nfb+fHgH/z3QsfQzpnvRZhYhThms83ZnAOZz7zZAWO7mn2yyNQaA4xTO8GLK3uqFU4bYYw==",
       "dependencies": {
         "@babel/parser": "^7.20.7",
         "@babel/types": "^7.20.7",
@@ -4255,11 +3961,11 @@
       }
     },
     "node_modules/@types/babel__traverse": {
-      "version": "7.18.3",
-      "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.18.3.tgz",
-      "integrity": "sha512-1kbcJ40lLB7MHsj39U4Sh1uTd2E7rLEa79kmDpI6cy+XiXsteB3POdQomoq4FxszMrO3ZYchkhYJw7A2862b3w==",
+      "version": "7.20.1",
+      "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.1.tgz",
+      "integrity": "sha512-MitHFXnhtgwsGZWtT68URpOvLN4EREih1u3QtQiN4VdAxWKRVvGCSvw/Qth0M0Qq3pJpnGOu5JaM/ydK7OGbqg==",
       "dependencies": {
-        "@babel/types": "^7.3.0"
+        "@babel/types": "^7.20.7"
       }
     },
     "node_modules/@types/body-parser": {
@@ -4288,18 +3994,18 @@
       }
     },
     "node_modules/@types/connect-history-api-fallback": {
-      "version": "1.3.5",
-      "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.3.5.tgz",
-      "integrity": "sha512-h8QJa8xSb1WD4fpKBDcATDNGXghFj6/3GRWG6dhmRcu0RX1Ubasur2Uvx5aeEwlf0MwblEC2bMzzMQntxnw/Cw==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.0.tgz",
+      "integrity": "sha512-4x5FkPpLipqwthjPsF7ZRbOv3uoLUFkTA9G9v583qi4pACvq0uTELrB8OLUzPWUI4IJIyvM85vzkV1nyiI2Lig==",
       "dependencies": {
         "@types/express-serve-static-core": "*",
         "@types/node": "*"
       }
     },
     "node_modules/@types/eslint": {
-      "version": "8.21.3",
-      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.21.3.tgz",
-      "integrity": "sha512-fa7GkppZVEByMWGbTtE5MbmXWJTVbrjjaS8K6uQj+XtuuUv1fsuPAxhygfqLmsb/Ufb3CV8deFCpiMfAgi00Sw==",
+      "version": "8.40.1",
+      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.40.1.tgz",
+      "integrity": "sha512-vRb792M4mF1FBT+eoLecmkpLXwxsBHvWWRGJjzbYANBM6DtiJc6yETyv4rqDA6QNjF1pkj1U7LMA6dGb3VYlHw==",
       "dependencies": {
         "@types/estree": "*",
         "@types/json-schema": "*"
@@ -4315,9 +4021,9 @@
       }
     },
     "node_modules/@types/estree": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.0.tgz",
-      "integrity": "sha512-WulqXMDUTYAXCjZnk6JtIHPigp55cVtDgDrO2gHRwhyJto21+1zbVCtOYB2L1F9w4qCQ0rOGWBnBe0FNTiEJIQ=="
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.1.tgz",
+      "integrity": "sha512-LG4opVs2ANWZ1TJoKc937iMmNstM/d0ae1vNbnBvBhqCSezgVUOzcLCqbI5elV8Vy6WKwKjaqR+zO9VKirBBCA=="
     },
     "node_modules/@types/express": {
       "version": "4.17.17",
@@ -4331,13 +4037,14 @@
       }
     },
     "node_modules/@types/express-serve-static-core": {
-      "version": "4.17.33",
-      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.33.tgz",
-      "integrity": "sha512-TPBqmR/HRYI3eC2E5hmiivIzv+bidAfXofM+sbonAGvyDhySGw9/PQZFt2BLOrjUUR++4eJVpx6KnLQK1Fk9tA==",
+      "version": "4.17.35",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.35.tgz",
+      "integrity": "sha512-wALWQwrgiB2AWTT91CB62b6Yt0sNHpznUXeZEcnPU3DRdlDIz74x8Qg1UUYKSVFi+va5vKOLYRBI1bRKiLLKIg==",
       "dependencies": {
         "@types/node": "*",
         "@types/qs": "*",
-        "@types/range-parser": "*"
+        "@types/range-parser": "*",
+        "@types/send": "*"
       }
     },
     "node_modules/@types/graceful-fs": {
@@ -4362,9 +4069,9 @@
       "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg=="
     },
     "node_modules/@types/http-proxy": {
-      "version": "1.17.10",
-      "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.10.tgz",
-      "integrity": "sha512-Qs5aULi+zV1bwKAg5z1PWnDXWmsn+LxIvUGv6E2+OOMYhclZMO+OXd9pYVf2gLykf2I7IV2u7oTHwChPNsvJ7g==",
+      "version": "1.17.11",
+      "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.11.tgz",
+      "integrity": "sha512-HC8G7c1WmaF2ekqpnFq626xd3Zz0uvaqFmBJNRZCGEZCXkvSdJoNFn/8Ygbd9fKNQj8UzLdCETaI0UWPAjK7IA==",
       "dependencies": {
         "@types/node": "*"
       }
@@ -4406,9 +4113,9 @@
       "dev": true
     },
     "node_modules/@types/json-schema": {
-      "version": "7.0.11",
-      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.11.tgz",
-      "integrity": "sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ=="
+      "version": "7.0.12",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.12.tgz",
+      "integrity": "sha512-Hr5Jfhc9eYOQNPYO5WLDq/n4jqijdHNlDXjuAQkkt+mWdQR+XJToOHrsD4cPaMXpn6KO7y2+wM8AZEs8VpBLVA=="
     },
     "node_modules/@types/json5": {
       "version": "0.0.29",
@@ -4416,20 +4123,20 @@
       "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ=="
     },
     "node_modules/@types/lodash": {
-      "version": "4.14.192",
-      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.192.tgz",
-      "integrity": "sha512-km+Vyn3BYm5ytMO13k9KTp27O75rbQ0NFw+U//g+PX7VZyjCioXaRFisqSIJRECljcTv73G3i6BpglNGHgUQ5A==",
+      "version": "4.14.195",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.195.tgz",
+      "integrity": "sha512-Hwx9EUgdwf2GLarOjQp5ZH8ZmblzcbTBC2wtQWNKARBSxM9ezRIAUpeDTgoQRAFB0+8CNWXVA9+MaSOzOF3nPg==",
       "dev": true
     },
     "node_modules/@types/mime": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz",
-      "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA=="
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz",
+      "integrity": "sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw=="
     },
     "node_modules/@types/node": {
-      "version": "16.18.18",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.18.tgz",
-      "integrity": "sha512-fwGw1uvQAzabxL1pyoknPlJIF2t7+K90uTqynleKRx24n3lYcxWa3+KByLhgkF8GEAK2c7hC8Ki0RkNM5H15jQ=="
+      "version": "16.18.34",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.34.tgz",
+      "integrity": "sha512-VmVm7gXwhkUimRfBwVI1CHhwp86jDWR04B5FGebMMyxV90SlCmFujwUHrxTD4oO+SOYU86SoxvhgeRQJY7iXFg=="
     },
     "node_modules/@types/parse-json": {
       "version": "4.0.0",
@@ -4437,9 +4144,9 @@
       "integrity": "sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA=="
     },
     "node_modules/@types/prettier": {
-      "version": "2.7.2",
-      "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.2.tgz",
-      "integrity": "sha512-KufADq8uQqo1pYKVIYzfKbJfBAc0sOeXqGbFaSpv8MRmC/zXgowNZmFcbngndGk922QDmOASEXUZCaY48gs4cg=="
+      "version": "2.7.3",
+      "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz",
+      "integrity": "sha512-+68kP9yzs4LMp7VNh8gdzMSPZFL44MLGqiHWvttYJe+6qnuVr4Ek9wSBQoveqY/r+LwjCcU29kNVkidwim+kYA=="
     },
     "node_modules/@types/prop-types": {
       "version": "15.7.5",
@@ -4462,9 +4169,9 @@
       "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw=="
     },
     "node_modules/@types/react": {
-      "version": "18.0.28",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.0.28.tgz",
-      "integrity": "sha512-RD0ivG1kEztNBdoAK7lekI9M+azSnitIn85h4iOiaLjaTrMjzslhaqCGaI4IyCJ1RljWiLCEu4jyrLLgqxBTew==",
+      "version": "18.2.9",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.9.tgz",
+      "integrity": "sha512-pL3JAesUkF7PEQGxh5XOwdXGV907te6m1/Qe1ERJLgomojS6Ne790QiA7GUl434JEkFA2aAaB6qJ5z4e1zJn/w==",
       "dependencies": {
         "@types/prop-types": "*",
         "@types/scheduler": "*",
@@ -4472,34 +4179,34 @@
       }
     },
     "node_modules/@types/react-dom": {
-      "version": "18.0.11",
-      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.11.tgz",
-      "integrity": "sha512-O38bPbI2CWtgw/OoQoY+BRelw7uysmXbWvw3nLWO21H1HSh+GOlqPuXshJfjmpNlKiiSDG9cc1JZAaMmVdcTlw==",
+      "version": "18.2.4",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.2.4.tgz",
+      "integrity": "sha512-G2mHoTMTL4yoydITgOGwWdWMVd8sNgyEP85xVmMKAPUBwQWm9wBPQUmvbeF4V3WBY1P7mmL4BkjQ0SqUpf1snw==",
       "dependencies": {
         "@types/react": "*"
       }
     },
     "node_modules/@types/react-is": {
-      "version": "17.0.3",
-      "resolved": "https://registry.npmjs.org/@types/react-is/-/react-is-17.0.3.tgz",
-      "integrity": "sha512-aBTIWg1emtu95bLTLx0cpkxwGW3ueZv71nE2YFBpL8k/z5czEW8yYpOo8Dp+UUAFAtKwNaOsh/ioSeQnWlZcfw==",
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/@types/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-1vz2yObaQkLL7YFe/pme2cpvDsCwI1WXIfL+5eLz0MI9gFG24Re16RzUsI8t9XZn9ZWvgLNDrJBmrqXJO7GNQQ==",
       "dependencies": {
         "@types/react": "*"
       }
     },
     "node_modules/@types/react-syntax-highlighter": {
-      "version": "15.5.6",
-      "resolved": "https://registry.npmjs.org/@types/react-syntax-highlighter/-/react-syntax-highlighter-15.5.6.tgz",
-      "integrity": "sha512-i7wFuLbIAFlabTeD2I1cLjEOrG/xdMa/rpx2zwzAoGHuXJDhSqp9BSfDlMHSh9JSuNfxHk9eEmMX6D55GiyjGg==",
+      "version": "15.5.7",
+      "resolved": "https://registry.npmjs.org/@types/react-syntax-highlighter/-/react-syntax-highlighter-15.5.7.tgz",
+      "integrity": "sha512-bo5fEO5toQeyCp0zVHBeggclqf5SQ/Z5blfFmjwO5dkMVGPgmiwZsJh9nu/Bo5L7IHTuGWrja6LxJVE2uB5ZrQ==",
       "dev": true,
       "dependencies": {
         "@types/react": "*"
       }
     },
     "node_modules/@types/react-transition-group": {
-      "version": "4.4.5",
-      "resolved": "https://registry.npmjs.org/@types/react-transition-group/-/react-transition-group-4.4.5.tgz",
-      "integrity": "sha512-juKD/eiSM3/xZYzjuzH6ZwpP+/lejltmiS3QEzV/vmb/Q8+HfDmxu+Baga8UEMGBqV88Nbg4l2hY/K2DkyaLLA==",
+      "version": "4.4.6",
+      "resolved": "https://registry.npmjs.org/@types/react-transition-group/-/react-transition-group-4.4.6.tgz",
+      "integrity": "sha512-VnCdSxfcm08KjsJVQcfBmhEQAPnLB8G08hAxn39azX1qYBQ/5RVQuoHuKIcfKOdncuaUvEpFKFzEvbtIMsfVew==",
       "dependencies": {
         "@types/react": "*"
       }
@@ -4518,14 +4225,23 @@
       "integrity": "sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA=="
     },
     "node_modules/@types/scheduler": {
-      "version": "0.16.2",
-      "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz",
-      "integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew=="
+      "version": "0.16.3",
+      "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.3.tgz",
+      "integrity": "sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ=="
     },
     "node_modules/@types/semver": {
-      "version": "7.3.13",
-      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.3.13.tgz",
-      "integrity": "sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw=="
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.0.tgz",
+      "integrity": "sha512-G8hZ6XJiHnuhQKR7ZmysCeJWE08o8T0AXtk5darsCaTVsYZhhgUrq53jizaR2FvsoeCwJhlmwTjkXBY5Pn/ZHw=="
+    },
+    "node_modules/@types/send": {
+      "version": "0.17.1",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.1.tgz",
+      "integrity": "sha512-Cwo8LE/0rnvX7kIIa3QHCkcuF21c05Ayb0ZfxPiv0W8VRiZiNW/WuRupHKpqqGVGf7SUA44QSOUKaEd9lIrd/Q==",
+      "dependencies": {
+        "@types/mime": "^1",
+        "@types/node": "*"
+      }
     },
     "node_modules/@types/serve-index": {
       "version": "1.9.1",
@@ -4558,9 +4274,9 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw=="
     },
     "node_modules/@types/testing-library__jest-dom": {
-      "version": "5.14.5",
-      "resolved": "https://registry.npmjs.org/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.14.5.tgz",
-      "integrity": "sha512-SBwbxYoyPIvxHbeHxTZX2Pe/74F/tX2/D3mMvzabdeJ25bBojfW0TyB8BHrbq/9zaaKICJZjLP+8r6AeZMFCuQ==",
+      "version": "5.14.6",
+      "resolved": "https://registry.npmjs.org/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.14.6.tgz",
+      "integrity": "sha512-FkHXCb+ikSoUP4Y4rOslzTdX5sqYwMxfefKh1GmZ8ce1GOkEHntSp6b5cGadmNfp5e4BMEWOMx+WSKd5/MqlDA==",
       "dependencies": {
         "@types/jest": "*"
       }
@@ -4576,9 +4292,9 @@
       "integrity": "sha512-PBjIUxZHOuj0R15/xuwJYjFi+KZdNFrehocChv4g5hu6aFroHue8m0lBP0POdK2nKzbw0cgV1mws8+V/JAcEkQ=="
     },
     "node_modules/@types/ws": {
-      "version": "8.5.4",
-      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.4.tgz",
-      "integrity": "sha512-zdQDHKUgcX/zBc4GrwsE/7dVdAD8JR4EuiAXiiUhhfyIJXXb2+PrGshFyeXWQPMmmZ2XxgaqclgpIC7eTXc1mg==",
+      "version": "8.5.5",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.5.tgz",
+      "integrity": "sha512-lwhs8hktwxSjf9UaZ9tG5M03PGogvFaH8gUgLNbN9HKIg0dvv6q+gkSuJ8HN4/VbyxkuLzCjlN7GquQ0gUJfIg==",
       "dependencies": {
         "@types/node": "*"
       }
@@ -4597,14 +4313,14 @@
       "integrity": "sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.56.0.tgz",
-      "integrity": "sha512-ZNW37Ccl3oMZkzxrYDUX4o7cnuPgU+YrcaYXzsRtLB16I1FR5SHMqga3zGsaSliZADCWo2v8qHWqAYIj8nWCCg==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.59.9.tgz",
+      "integrity": "sha512-4uQIBq1ffXd2YvF7MAvehWKW3zVv/w+mSfRAu+8cKbfj3nwzyqJLNcZJpQ/WZ1HLbJDiowwmQ6NO+63nCA+fqA==",
       "dependencies": {
         "@eslint-community/regexpp": "^4.4.0",
-        "@typescript-eslint/scope-manager": "5.56.0",
-        "@typescript-eslint/type-utils": "5.56.0",
-        "@typescript-eslint/utils": "5.56.0",
+        "@typescript-eslint/scope-manager": "5.59.9",
+        "@typescript-eslint/type-utils": "5.59.9",
+        "@typescript-eslint/utils": "5.59.9",
         "debug": "^4.3.4",
         "grapheme-splitter": "^1.0.4",
         "ignore": "^5.2.0",
@@ -4630,11 +4346,11 @@
       }
     },
     "node_modules/@typescript-eslint/experimental-utils": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.56.0.tgz",
-      "integrity": "sha512-sxWuj0eO5nItmKgZmsBbChVt90EhfkuncDCPbLAVeEJ+SCjXMcZN3AhhNbxed7IeGJ4XwsdL3/FMvD4r+FLqqA==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.59.9.tgz",
+      "integrity": "sha512-eZTK/Ci0QAqNc/q2MqMwI2+QI5ZI9HM12FcfGwbEvKif5ev/CIIYLmrlckvgPrC8XSbl39HtErR5NJiQkRkvWg==",
       "dependencies": {
-        "@typescript-eslint/utils": "5.56.0"
+        "@typescript-eslint/utils": "5.59.9"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4648,13 +4364,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.56.0.tgz",
-      "integrity": "sha512-sn1OZmBxUsgxMmR8a8U5QM/Wl+tyqlH//jTqCg8daTAmhAk26L2PFhcqPLlYBhYUJMZJK276qLXlHN3a83o2cg==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.59.9.tgz",
+      "integrity": "sha512-FsPkRvBtcLQ/eVK1ivDiNYBjn3TGJdXy2fhXX+rc7czWl4ARwnpArwbihSOHI2Peg9WbtGHrbThfBUkZZGTtvQ==",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.56.0",
-        "@typescript-eslint/types": "5.56.0",
-        "@typescript-eslint/typescript-estree": "5.56.0",
+        "@typescript-eslint/scope-manager": "5.59.9",
+        "@typescript-eslint/types": "5.59.9",
+        "@typescript-eslint/typescript-estree": "5.59.9",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -4674,12 +4390,12 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.56.0.tgz",
-      "integrity": "sha512-jGYKyt+iBakD0SA5Ww8vFqGpoV2asSjwt60Gl6YcO8ksQ8s2HlUEyHBMSa38bdLopYqGf7EYQMUIGdT/Luw+sw==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.59.9.tgz",
+      "integrity": "sha512-8RA+E+w78z1+2dzvK/tGZ2cpGigBZ58VMEHDZtpE1v+LLjzrYGc8mMaTONSxKyEkz3IuXFM0IqYiGHlCsmlZxQ==",
       "dependencies": {
-        "@typescript-eslint/types": "5.56.0",
-        "@typescript-eslint/visitor-keys": "5.56.0"
+        "@typescript-eslint/types": "5.59.9",
+        "@typescript-eslint/visitor-keys": "5.59.9"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4690,12 +4406,12 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.56.0.tgz",
-      "integrity": "sha512-8WxgOgJjWRy6m4xg9KoSHPzBNZeQbGlQOH7l2QEhQID/+YseaFxg5J/DLwWSsi9Axj4e/cCiKx7PVzOq38tY4A==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.59.9.tgz",
+      "integrity": "sha512-ksEsT0/mEHg9e3qZu98AlSrONAQtrSTljL3ow9CGej8eRo7pe+yaC/mvTjptp23Xo/xIf2mLZKC6KPv4Sji26Q==",
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "5.56.0",
-        "@typescript-eslint/utils": "5.56.0",
+        "@typescript-eslint/typescript-estree": "5.59.9",
+        "@typescript-eslint/utils": "5.59.9",
         "debug": "^4.3.4",
         "tsutils": "^3.21.0"
       },
@@ -4716,9 +4432,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.56.0.tgz",
-      "integrity": "sha512-JyAzbTJcIyhuUhogmiu+t79AkdnqgPUEsxMTMc/dCZczGMJQh1MK2wgrju++yMN6AWroVAy2jxyPcPr3SWCq5w==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.59.9.tgz",
+      "integrity": "sha512-uW8H5NRgTVneSVTfiCVffBb8AbwWSKg7qcA4Ot3JI3MPCJGsB4Db4BhvAODIIYE5mNj7Q+VJkK7JxmRhk2Lyjw==",
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
@@ -4728,12 +4444,12 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.56.0.tgz",
-      "integrity": "sha512-41CH/GncsLXOJi0jb74SnC7jVPWeVJ0pxQj8bOjH1h2O26jXN3YHKDT1ejkVz5YeTEQPeLCCRY0U2r68tfNOcg==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.59.9.tgz",
+      "integrity": "sha512-pmM0/VQ7kUhd1QyIxgS+aRvMgw+ZljB3eDb+jYyp6d2bC0mQWLzUDF+DLwCTkQ3tlNyVsvZRXjFyV0LkU/aXjA==",
       "dependencies": {
-        "@typescript-eslint/types": "5.56.0",
-        "@typescript-eslint/visitor-keys": "5.56.0",
+        "@typescript-eslint/types": "5.59.9",
+        "@typescript-eslint/visitor-keys": "5.59.9",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -4754,16 +4470,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.56.0.tgz",
-      "integrity": "sha512-XhZDVdLnUJNtbzaJeDSCIYaM+Tgr59gZGbFuELgF7m0IY03PlciidS7UQNKLE0+WpUTn1GlycEr6Ivb/afjbhA==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.59.9.tgz",
+      "integrity": "sha512-1PuMYsju/38I5Ggblaeb98TOoUvjhRvLpLa1DoTOFaLWqaXl/1iQ1eGurTXgBY58NUdtfTXKP5xBq7q9NDaLKg==",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@types/json-schema": "^7.0.9",
         "@types/semver": "^7.3.12",
-        "@typescript-eslint/scope-manager": "5.56.0",
-        "@typescript-eslint/types": "5.56.0",
-        "@typescript-eslint/typescript-estree": "5.56.0",
+        "@typescript-eslint/scope-manager": "5.59.9",
+        "@typescript-eslint/types": "5.59.9",
+        "@typescript-eslint/typescript-estree": "5.59.9",
         "eslint-scope": "^5.1.1",
         "semver": "^7.3.7"
       },
@@ -4799,11 +4515,11 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "5.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.56.0.tgz",
-      "integrity": "sha512-1mFdED7u5bZpX6Xxf5N9U2c18sb+8EvU3tyOIj6LQZ5OOvnmj8BVeNNP603OFPm5KkS1a7IvCIcwrdHXaEMG/Q==",
+      "version": "5.59.9",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.59.9.tgz",
+      "integrity": "sha512-bT7s0td97KMaLwpEBckbzj/YohnvXtqbe2XgqNvTl6RJVakY5mvENOTPvw5u66nljfZxthESpDozs86U+oLY8Q==",
       "dependencies": {
-        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/types": "5.59.9",
         "eslint-visitor-keys": "^3.3.0"
       },
       "engines": {
@@ -4815,133 +4531,133 @@
       }
     },
     "node_modules/@webassemblyjs/ast": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.1.tgz",
-      "integrity": "sha512-ukBh14qFLjxTQNTXocdyksN5QdM28S1CxHt2rdskFyL+xFV7VremuBLVbmCePj+URalXBENx/9Lm7lnhihtCSw==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.6.tgz",
+      "integrity": "sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q==",
       "dependencies": {
-        "@webassemblyjs/helper-numbers": "1.11.1",
-        "@webassemblyjs/helper-wasm-bytecode": "1.11.1"
+        "@webassemblyjs/helper-numbers": "1.11.6",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/floating-point-hex-parser": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.1.tgz",
-      "integrity": "sha512-iGRfyc5Bq+NnNuX8b5hwBrRjzf0ocrJPI6GWFodBFzmFnyvrQ83SHKhmilCU/8Jv67i4GJZBMhEzltxzcNagtQ=="
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz",
+      "integrity": "sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw=="
     },
     "node_modules/@webassemblyjs/helper-api-error": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.1.tgz",
-      "integrity": "sha512-RlhS8CBCXfRUR/cwo2ho9bkheSXG0+NwooXcc3PAILALf2QLdFyj7KGsKRbVc95hZnhnERon4kW/D3SZpp6Tcg=="
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz",
+      "integrity": "sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q=="
     },
     "node_modules/@webassemblyjs/helper-buffer": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.1.tgz",
-      "integrity": "sha512-gwikF65aDNeeXa8JxXa2BAk+REjSyhrNC9ZwdT0f8jc4dQQeDQ7G4m0f2QCLPJiMTTO6wfDmRmj/pW0PsUvIcA=="
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz",
+      "integrity": "sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA=="
     },
     "node_modules/@webassemblyjs/helper-numbers": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.1.tgz",
-      "integrity": "sha512-vDkbxiB8zfnPdNK9Rajcey5C0w+QJugEglN0of+kmO8l7lDb77AnlKYQF7aarZuCrv+l0UvqL+68gSDr3k9LPQ==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz",
+      "integrity": "sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g==",
       "dependencies": {
-        "@webassemblyjs/floating-point-hex-parser": "1.11.1",
-        "@webassemblyjs/helper-api-error": "1.11.1",
+        "@webassemblyjs/floating-point-hex-parser": "1.11.6",
+        "@webassemblyjs/helper-api-error": "1.11.6",
         "@xtuc/long": "4.2.2"
       }
     },
     "node_modules/@webassemblyjs/helper-wasm-bytecode": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.1.tgz",
-      "integrity": "sha512-PvpoOGiJwXeTrSf/qfudJhwlvDQxFgelbMqtq52WWiXC6Xgg1IREdngmPN3bs4RoO83PnL/nFrxucXj1+BX62Q=="
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz",
+      "integrity": "sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA=="
     },
     "node_modules/@webassemblyjs/helper-wasm-section": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.1.tgz",
-      "integrity": "sha512-10P9No29rYX1j7F3EVPX3JvGPQPae+AomuSTPiF9eBQeChHI6iqjMIwR9JmOJXwpnn/oVGDk7I5IlskuMwU/pg==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz",
+      "integrity": "sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/helper-buffer": "1.11.1",
-        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
-        "@webassemblyjs/wasm-gen": "1.11.1"
+        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/helper-buffer": "1.11.6",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
+        "@webassemblyjs/wasm-gen": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/ieee754": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.1.tgz",
-      "integrity": "sha512-hJ87QIPtAMKbFq6CGTkZYJivEwZDbQUgYd3qKSadTNOhVY7p+gfP6Sr0lLRVTaG1JjFj+r3YchoqRYxNH3M0GQ==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz",
+      "integrity": "sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg==",
       "dependencies": {
         "@xtuc/ieee754": "^1.2.0"
       }
     },
     "node_modules/@webassemblyjs/leb128": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.1.tgz",
-      "integrity": "sha512-BJ2P0hNZ0u+Th1YZXJpzW6miwqQUGcIHT1G/sf72gLVD9DZ5AdYTqPNbHZh6K1M5VmKvFXwGSWZADz+qBWxeRw==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.11.6.tgz",
+      "integrity": "sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ==",
       "dependencies": {
         "@xtuc/long": "4.2.2"
       }
     },
     "node_modules/@webassemblyjs/utf8": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.1.tgz",
-      "integrity": "sha512-9kqcxAEdMhiwQkHpkNiorZzqpGrodQQ2IGrHHxCy+Ozng0ofyMA0lTqiLkVs1uzTRejX+/O0EOT7KxqVPuXosQ=="
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz",
+      "integrity": "sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA=="
     },
     "node_modules/@webassemblyjs/wasm-edit": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.1.tgz",
-      "integrity": "sha512-g+RsupUC1aTHfR8CDgnsVRVZFJqdkFHpsHMfJuWQzWU3tvnLC07UqHICfP+4XyL2tnr1amvl1Sdp06TnYCmVkA==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz",
+      "integrity": "sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/helper-buffer": "1.11.1",
-        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
-        "@webassemblyjs/helper-wasm-section": "1.11.1",
-        "@webassemblyjs/wasm-gen": "1.11.1",
-        "@webassemblyjs/wasm-opt": "1.11.1",
-        "@webassemblyjs/wasm-parser": "1.11.1",
-        "@webassemblyjs/wast-printer": "1.11.1"
+        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/helper-buffer": "1.11.6",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
+        "@webassemblyjs/helper-wasm-section": "1.11.6",
+        "@webassemblyjs/wasm-gen": "1.11.6",
+        "@webassemblyjs/wasm-opt": "1.11.6",
+        "@webassemblyjs/wasm-parser": "1.11.6",
+        "@webassemblyjs/wast-printer": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/wasm-gen": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.1.tgz",
-      "integrity": "sha512-F7QqKXwwNlMmsulj6+O7r4mmtAlCWfO/0HdgOxSklZfQcDu0TpLiD1mRt/zF25Bk59FIjEuGAIyn5ei4yMfLhA==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz",
+      "integrity": "sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
-        "@webassemblyjs/ieee754": "1.11.1",
-        "@webassemblyjs/leb128": "1.11.1",
-        "@webassemblyjs/utf8": "1.11.1"
+        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
+        "@webassemblyjs/ieee754": "1.11.6",
+        "@webassemblyjs/leb128": "1.11.6",
+        "@webassemblyjs/utf8": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/wasm-opt": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.1.tgz",
-      "integrity": "sha512-VqnkNqnZlU5EB64pp1l7hdm3hmQw7Vgqa0KF/KCNO9sIpI6Fk6brDEiX+iCOYrvMuBWDws0NkTOxYEb85XQHHw==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz",
+      "integrity": "sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/helper-buffer": "1.11.1",
-        "@webassemblyjs/wasm-gen": "1.11.1",
-        "@webassemblyjs/wasm-parser": "1.11.1"
+        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/helper-buffer": "1.11.6",
+        "@webassemblyjs/wasm-gen": "1.11.6",
+        "@webassemblyjs/wasm-parser": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/wasm-parser": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.1.tgz",
-      "integrity": "sha512-rrBujw+dJu32gYB7/Lup6UhdkPx9S9SnobZzRVL7VcBH9Bt9bCBLEuX/YXOOtBsOZ4NQrRykKhffRWHvigQvOA==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz",
+      "integrity": "sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/helper-api-error": "1.11.1",
-        "@webassemblyjs/helper-wasm-bytecode": "1.11.1",
-        "@webassemblyjs/ieee754": "1.11.1",
-        "@webassemblyjs/leb128": "1.11.1",
-        "@webassemblyjs/utf8": "1.11.1"
+        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/helper-api-error": "1.11.6",
+        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
+        "@webassemblyjs/ieee754": "1.11.6",
+        "@webassemblyjs/leb128": "1.11.6",
+        "@webassemblyjs/utf8": "1.11.6"
       }
     },
     "node_modules/@webassemblyjs/wast-printer": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.1.tgz",
-      "integrity": "sha512-IQboUWM4eKzWW+N/jij2sRatKMh99QEelo3Eb2q0qXkvPRISAj8Qxtmw5itwqK+TTkBuUIE45AxYPToqPtL5gg==",
+      "version": "1.11.6",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz",
+      "integrity": "sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A==",
       "dependencies": {
-        "@webassemblyjs/ast": "1.11.1",
+        "@webassemblyjs/ast": "1.11.6",
         "@xtuc/long": "4.2.2"
       }
     },
@@ -5004,9 +4720,9 @@
       }
     },
     "node_modules/acorn-import-assertions": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
-      "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz",
+      "integrity": "sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA==",
       "peerDependencies": {
         "acorn": "^8"
       }
@@ -5019,27 +4735,6 @@
         "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
       }
     },
-    "node_modules/acorn-node": {
-      "version": "1.8.2",
-      "resolved": "https://registry.npmjs.org/acorn-node/-/acorn-node-1.8.2.tgz",
-      "integrity": "sha512-8mt+fslDufLYntIoPAaIMUe/lrbrehIiwmR3t2k9LljIzoigEPF27eLk2hy8zSGzmR/ogr7zbRKINMo1u0yh5A==",
-      "dependencies": {
-        "acorn": "^7.0.0",
-        "acorn-walk": "^7.0.0",
-        "xtend": "^4.0.2"
-      }
-    },
-    "node_modules/acorn-node/node_modules/acorn": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
-      "bin": {
-        "acorn": "bin/acorn"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/acorn-walk": {
       "version": "7.2.0",
       "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-7.2.0.tgz",
@@ -5181,16 +4876,24 @@
       }
     },
     "node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dependencies": {
-        "color-convert": "^1.9.0"
+        "color-convert": "^2.0.1"
       },
       "engines": {
-        "node": ">=4"
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
+    "node_modules/any-promise": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
+      "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A=="
+    },
     "node_modules/anymatch": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
@@ -5409,9 +5112,9 @@
       }
     },
     "node_modules/axe-core": {
-      "version": "4.6.3",
-      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.6.3.tgz",
-      "integrity": "sha512-/BQzOX780JhsxDnPpH4ZiyrJAzcd8AfzFPkv+89veFSr1rcMjuq2JDCwypKaPeB6ljHp9KjXhPpjgCvQlWYuqg==",
+      "version": "4.7.2",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.7.2.tgz",
+      "integrity": "sha512-zIURGIS1E1Q4pcrMjp+nnEh+16G56eG/MUllJH8yEvw7asDo7Ac9uhC9KIH5jzpITueEZolfYglnCGIuSBz39g==",
       "engines": {
         "node": ">=4"
       }
@@ -5445,70 +5148,6 @@
         "@babel/core": "^7.8.0"
       }
     },
-    "node_modules/babel-jest/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/babel-jest/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/babel-jest/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/babel-jest/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/babel-jest/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/babel-jest/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/babel-loader": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz",
@@ -5596,12 +5235,12 @@
       }
     },
     "node_modules/babel-plugin-polyfill-corejs2": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.3.3.tgz",
-      "integrity": "sha512-8hOdmFYFSZhqg2C/JgLUQ+t52o5nirNwaWM2B9LWteozwIvM14VSwdsCAUET10qT+kmySAlseadmfeeSWFCy+Q==",
+      "version": "0.4.3",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.3.tgz",
+      "integrity": "sha512-bM3gHc337Dta490gg+/AseNB9L4YLHxq1nGKZZSHbhXv4aTYU2MD2cjza1Ru4S6975YLTaL1K8uJf6ukJhhmtw==",
       "dependencies": {
         "@babel/compat-data": "^7.17.7",
-        "@babel/helper-define-polyfill-provider": "^0.3.3",
+        "@babel/helper-define-polyfill-provider": "^0.4.0",
         "semver": "^6.1.1"
       },
       "peerDependencies": {
@@ -5617,23 +5256,23 @@
       }
     },
     "node_modules/babel-plugin-polyfill-corejs3": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.6.0.tgz",
-      "integrity": "sha512-+eHqR6OPcBhJOGgsIar7xoAB1GcSwVUA3XjAd7HJNzOXT4wv6/H7KIdA/Nc60cvUlDbKApmqNvD1B1bzOt4nyA==",
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.1.tgz",
+      "integrity": "sha512-ikFrZITKg1xH6pLND8zT14UPgjKHiGLqex7rGEZCH2EvhsneJaJPemmpQaIZV5AL03II+lXylw3UmddDK8RU5Q==",
       "dependencies": {
-        "@babel/helper-define-polyfill-provider": "^0.3.3",
-        "core-js-compat": "^3.25.1"
+        "@babel/helper-define-polyfill-provider": "^0.4.0",
+        "core-js-compat": "^3.30.1"
       },
       "peerDependencies": {
         "@babel/core": "^7.0.0-0"
       }
     },
     "node_modules/babel-plugin-polyfill-regenerator": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.4.1.tgz",
-      "integrity": "sha512-NtQGmyQDXjQqQ+IzRkBVwEOz9lQ4zxAQZgoAYEtU9dJjnl1Oc98qnN7jcp+bE7O7aYzVpavXE3/VKXNzUbh7aw==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.0.tgz",
+      "integrity": "sha512-hDJtKjMLVa7Z+LwnTCxoDLQj6wdc+B8dun7ayF2fYieI6OzfuvcLMB32ihJZ4UhCBwNYGl5bg/x/P9cMdnkc2g==",
       "dependencies": {
-        "@babel/helper-define-polyfill-provider": "^0.3.3"
+        "@babel/helper-define-polyfill-provider": "^0.4.0"
       },
       "peerDependencies": {
         "@babel/core": "^7.0.0-0"
@@ -5846,9 +5485,9 @@
       "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow=="
     },
     "node_modules/browserslist": {
-      "version": "4.21.5",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.5.tgz",
-      "integrity": "sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==",
+      "version": "4.21.7",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.7.tgz",
+      "integrity": "sha512-BauCXrQ7I2ftSqd2mvKHGo85XR0u7Ru3C/Hxsy/0TkfCtjrmAbPdzLGasmoiBxplpDXlPvdjX9u7srIMfgasNA==",
       "funding": [
         {
           "type": "opencollective",
@@ -5857,13 +5496,17 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "caniuse-lite": "^1.0.30001449",
-        "electron-to-chromium": "^1.4.284",
-        "node-releases": "^2.0.8",
-        "update-browserslist-db": "^1.0.10"
+        "caniuse-lite": "^1.0.30001489",
+        "electron-to-chromium": "^1.4.411",
+        "node-releases": "^2.0.12",
+        "update-browserslist-db": "^1.0.11"
       },
       "bin": {
         "browserslist": "cli.js"
@@ -5964,9 +5607,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001469",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001469.tgz",
-      "integrity": "sha512-Rcp7221ScNqQPP3W+lVOYDyjdR6dC+neEQCttoNr5bAyz54AboB4iwpnWgyi8P4YUsPybVzT4LgWiBbI3drL4g==",
+      "version": "1.0.30001497",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001497.tgz",
+      "integrity": "sha512-I4/duVK4wL6rAK/aKZl3HXB4g+lIZvaT4VLAn2rCgJ38jVLb0lv2Xug6QuqmxXFVRJMF74SPPWPJ/1Sdm3vCzw==",
       "funding": [
         {
           "type": "opencollective",
@@ -5975,6 +5618,10 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/caniuse-lite"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ]
     },
@@ -5995,16 +5642,18 @@
       }
     },
     "node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
       },
       "engines": {
-        "node": ">=4"
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
       }
     },
     "node_modules/char-regex": {
@@ -6170,12 +5819,31 @@
         "node": ">= 4.0"
       }
     },
-    "node_modules/collect-v8-coverage": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz",
-      "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg=="
+    "node_modules/coa/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
     },
-    "node_modules/color-convert": {
+    "node_modules/coa/node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/coa/node_modules/color-convert": {
       "version": "1.9.3",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
@@ -6183,20 +5851,68 @@
         "color-name": "1.1.3"
       }
     },
-    "node_modules/color-name": {
+    "node_modules/coa/node_modules/color-name": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
       "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
     },
+    "node_modules/coa/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/coa/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/coa/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/collect-v8-coverage": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz",
+      "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg=="
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
     "node_modules/colord": {
       "version": "2.9.3",
       "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz",
       "integrity": "sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw=="
     },
     "node_modules/colorette": {
-      "version": "2.0.19",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz",
-      "integrity": "sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ=="
+      "version": "2.0.20",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
+      "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w=="
     },
     "node_modules/combined-stream": {
       "version": "1.0.8",
@@ -6346,9 +6062,9 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "node_modules/core-js": {
-      "version": "3.29.1",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.29.1.tgz",
-      "integrity": "sha512-+jwgnhg6cQxKYIIjGtAHq2nwUOolo9eoFZ4sHfUH09BLXBgxnH4gA0zEd+t+BO2cNB8idaBtZFcFTRjQJRJmAw==",
+      "version": "3.30.2",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.30.2.tgz",
+      "integrity": "sha512-uBJiDmwqsbJCWHAwjrx3cvjbMXP7xD72Dmsn5LOJpiRmE3WbBbN5rCqQ2Qh6Ek6/eOrjlWngEynBWo4VxerQhg==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -6356,9 +6072,9 @@
       }
     },
     "node_modules/core-js-compat": {
-      "version": "3.29.1",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.29.1.tgz",
-      "integrity": "sha512-QmchCua884D8wWskMX8tW5ydINzd8oSJVx38lx/pVkFGqztxt73GYre3pm/hyYq8bPf+MW5In4I/uRShFDsbrA==",
+      "version": "3.30.2",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.30.2.tgz",
+      "integrity": "sha512-nriW1nuJjUgvkEjIot1Spwakz52V9YkYHZAQG6A1eCgC8AA1p0zngrQEP9R0+V6hji5XilWKG1Bd0YRppmGimA==",
       "dependencies": {
         "browserslist": "^4.21.5"
       },
@@ -6368,9 +6084,9 @@
       }
     },
     "node_modules/core-js-pure": {
-      "version": "3.29.1",
-      "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.29.1.tgz",
-      "integrity": "sha512-4En6zYVi0i0XlXHVz/bi6l1XDjCqkKRq765NXuX+SnaIatlE96Odt5lMLjdxUiNI1v9OXI5DSLWYPlmTfkTktg==",
+      "version": "3.30.2",
+      "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.30.2.tgz",
+      "integrity": "sha512-p/npFUJXXBkCCTIlEGBdghofn00jWG6ZOtdoIXSJmAu2QBvN0IqpZXWweOytcwE6cfx8ZvVUy1vw8zxhe4Y2vg==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -6436,9 +6152,9 @@
       }
     },
     "node_modules/css-declaration-sorter": {
-      "version": "6.3.1",
-      "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-6.3.1.tgz",
-      "integrity": "sha512-fBffmak0bPAnyqc/HO8C3n2sHrp9wcqQz6ES9koRF2/mLOVAx9zIQ3Y7R29sYCteTPqMCwns4WYQoCX91Xl3+w==",
+      "version": "6.4.0",
+      "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-6.4.0.tgz",
+      "integrity": "sha512-jDfsatwWMWN0MODAFuHszfjphEXfNw9JUAhmY4pLu3TyTU+ohUpsbVtbU+1MZn4a47D9kqh03i4eyOm+74+zew==",
       "engines": {
         "node": "^10 || ^12 || >=14"
       },
@@ -6464,14 +6180,14 @@
       }
     },
     "node_modules/css-loader": {
-      "version": "6.7.3",
-      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.7.3.tgz",
-      "integrity": "sha512-qhOH1KlBMnZP8FzRO6YCH9UHXQhVMcEGLyNdb7Hv2cpcmJbW0YrddO+tG1ab5nT41KpHIYGsbeHqxB9xPu1pKQ==",
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.8.1.tgz",
+      "integrity": "sha512-xDAXtEVGlD0gJ07iclwWVkLoZOpEvAWaSyf6W18S2pOC//K8+qUDIx8IIT3D+HjnmkJPQeesOPv5aiUaJsCM2g==",
       "dependencies": {
         "icss-utils": "^5.1.0",
-        "postcss": "^8.4.19",
+        "postcss": "^8.4.21",
         "postcss-modules-extract-imports": "^3.0.0",
-        "postcss-modules-local-by-default": "^4.0.0",
+        "postcss-modules-local-by-default": "^4.0.3",
         "postcss-modules-scope": "^3.0.0",
         "postcss-modules-values": "^4.0.0",
         "postcss-value-parser": "^4.2.0",
@@ -6557,14 +6273,14 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/css-minimizer-webpack-plugin/node_modules/schema-utils": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
-      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
+      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
-        "ajv": "^8.8.0",
+        "ajv": "^8.9.0",
         "ajv-formats": "^2.1.1",
-        "ajv-keywords": "^5.0.0"
+        "ajv-keywords": "^5.1.0"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -6653,13 +6369,19 @@
       "integrity": "sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg=="
     },
     "node_modules/cssdb": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-7.4.1.tgz",
-      "integrity": "sha512-0Q8NOMpXJ3iTDDbUv9grcmQAfdDx4qz+fN/+Md2FGbevT+6+bJNQ2LjB2YIUlLbpBTM32idU1Sb+tb/uGt6/XQ==",
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/csstools"
-      }
+      "version": "7.6.0",
+      "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-7.6.0.tgz",
+      "integrity": "sha512-Nna7rph8V0jC6+JBY4Vk4ndErUmfJfV6NJCaZdurL0omggabiy+QB2HCQtu5c/ACLZ0I7REv7A4QyPIoYzZx0w==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        }
+      ]
     },
     "node_modules/cssesc": {
       "version": "3.0.0",
@@ -6803,9 +6525,9 @@
       "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg=="
     },
     "node_modules/csstype": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz",
-      "integrity": "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw=="
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz",
+      "integrity": "sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ=="
     },
     "node_modules/damerau-levenshtein": {
       "version": "1.0.8",
@@ -6852,15 +6574,16 @@
       "integrity": "sha512-Q6fKUPqnAHAyhiUgFU7BUzLiv0kd8saH9al7tnu5Q/okj6dnupxyTgFIBjVzJATdfIAm9NAsvXNzjaKa+bxVyA=="
     },
     "node_modules/deep-equal": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.2.0.tgz",
-      "integrity": "sha512-RdpzE0Hv4lhowpIUKKMJfeH6C1pXdtT1/it80ubgWqwI3qpuxUBpC1S4hnHg+zjnuOoDkzUtUCEEkG+XG5l3Mw==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.2.1.tgz",
+      "integrity": "sha512-lKdkdV6EOGoVn65XaOsPdH4rMxTZOnmFyuIkMjM1i5HHCbfjC97dawgTAy0deYNfuqUqW+Q5VrVaQYtUpSd6yQ==",
       "dependencies": {
+        "array-buffer-byte-length": "^1.0.0",
         "call-bind": "^1.0.2",
-        "es-get-iterator": "^1.1.2",
-        "get-intrinsic": "^1.1.3",
+        "es-get-iterator": "^1.1.3",
+        "get-intrinsic": "^1.2.0",
         "is-arguments": "^1.1.1",
-        "is-array-buffer": "^3.0.1",
+        "is-array-buffer": "^3.0.2",
         "is-date-object": "^1.0.5",
         "is-regex": "^1.1.4",
         "is-shared-array-buffer": "^1.0.2",
@@ -6868,7 +6591,7 @@
         "object-is": "^1.1.5",
         "object-keys": "^1.1.1",
         "object.assign": "^4.1.4",
-        "regexp.prototype.flags": "^1.4.3",
+        "regexp.prototype.flags": "^1.5.0",
         "side-channel": "^1.0.4",
         "which-boxed-primitive": "^1.0.2",
         "which-collection": "^1.0.1",
@@ -6925,14 +6648,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/defined": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/defined/-/defined-1.0.1.tgz",
-      "integrity": "sha512-hsBd2qSVCRE+5PmNdHt1uzyrFu5d3RwmFDKzyNZMFq/EwDNJF7Ee5+D5oEKF0hU6LhtoUF1macFvOe4AskQC1Q==",
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/delayed-stream": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
@@ -7000,22 +6715,6 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
     },
-    "node_modules/detective": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/detective/-/detective-5.2.1.tgz",
-      "integrity": "sha512-v9XE1zRnz1wRtgurGu0Bs8uHKFSTdteYZNbIPFVhUZ39L/S79ppMpdmVOZAnoz1jfEFodc48n6MX483Xo3t1yw==",
-      "dependencies": {
-        "acorn-node": "^1.8.2",
-        "defined": "^1.0.0",
-        "minimist": "^1.2.6"
-      },
-      "bin": {
-        "detective": "bin/detective.js"
-      },
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
     "node_modules/didyoumean": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz",
@@ -7051,9 +6750,9 @@
       "integrity": "sha512-z+paD6YUQsk+AbGCEM4PrOXSss5gd66QfcVBFTKR/HpFL9jCqikS94HYwKww6fQyO7IxrIIyUu+g0Ka9tUS2Cg=="
     },
     "node_modules/dns-packet": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.4.0.tgz",
-      "integrity": "sha512-EgqGeaBB8hLiHLZtp/IbaDQTL8pZ0+IvwzSHA6d7VyMDM+B9hgddEMa9xjK5oYnw0ci0JQ6g2XCD7/f6cafU6g==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.0.tgz",
+      "integrity": "sha512-rza3UH1LwdHh9qyPXp8lkwpjSNk/AMD3dPytUoRoqnypDUhY0xvbdmVhWOfxO68frEfV9BU8V12Ez7ZsHGZpCQ==",
       "dependencies": {
         "@leichtgewicht/ip-codec": "^2.0.1"
       },
@@ -7211,9 +6910,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.4.335",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.335.tgz",
-      "integrity": "sha512-l/eowQqTnrq3gu+WSrdfkhfNHnPgYqlKAwxz7MTOj6mom19vpEDHNXl6dxDxyTiYuhemydprKr/HCrHfgk+OfQ=="
+      "version": "1.4.425",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.425.tgz",
+      "integrity": "sha512-wv1NufHxu11zfDbY4fglYQApMswleE9FL/DSeyOyauVXDZ+Kco96JK/tPfBUaDqfRarYp2WH2hJ/5UnVywp9Jg=="
     },
     "node_modules/emittery": {
       "version": "0.8.1",
@@ -7248,9 +6947,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.12.0",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz",
-      "integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==",
+      "version": "5.14.1",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.14.1.tgz",
+      "integrity": "sha512-Vklwq2vDKtl0y/vtwjSesgJ5MYS7Etuk5txS8VdKL4AOS1aUlD96zqIfsOSLQsdv3xgMRbtkWM8eG9XDfKUPow==",
       "dependencies": {
         "graceful-fs": "^4.2.4",
         "tapable": "^2.2.0"
@@ -7367,9 +7066,9 @@
       }
     },
     "node_modules/es-module-lexer": {
-      "version": "0.9.3",
-      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz",
-      "integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ=="
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.2.1.tgz",
+      "integrity": "sha512-9978wrXM50Y4rTMmW5kXIC09ZdXQZqkE4mxhwkd8VbzsGkXGPgV4zWuqQJgCEzYngdo2dYDa0l8xhX4fkSwJSg=="
     },
     "node_modules/es-set-tostringtag": {
       "version": "2.0.1",
@@ -7422,11 +7121,14 @@
       "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
     },
     "node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
       "engines": {
-        "node": ">=0.8.0"
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
       }
     },
     "node_modules/escodegen": {
@@ -7507,15 +7209,15 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.36.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.36.0.tgz",
-      "integrity": "sha512-Y956lmS7vDqomxlaaQAHVmeb4tNMp2FWIvU/RnU5BD3IKMD/MJPr76xdyr68P8tV1iNMvN2mRK0yy3c+UjL+bw==",
+      "version": "8.42.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.42.0.tgz",
+      "integrity": "sha512-ulg9Ms6E1WPf67PHaEY4/6E2tEn5/f7FXGzr3t9cBMugOmf1INYvuUwwh1aXQN4MfJ6a5K2iNwP3w4AColvI9A==",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.4.0",
-        "@eslint/eslintrc": "^2.0.1",
-        "@eslint/js": "8.36.0",
-        "@humanwhocodes/config-array": "^0.11.8",
+        "@eslint/eslintrc": "^2.0.3",
+        "@eslint/js": "8.42.0",
+        "@humanwhocodes/config-array": "^0.11.10",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
         "ajv": "^6.10.0",
@@ -7524,9 +7226,9 @@
         "debug": "^4.3.2",
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^7.1.1",
-        "eslint-visitor-keys": "^3.3.0",
-        "espree": "^9.5.0",
+        "eslint-scope": "^7.2.0",
+        "eslint-visitor-keys": "^3.4.1",
+        "espree": "^9.5.2",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
         "fast-deep-equal": "^3.1.3",
@@ -7534,13 +7236,12 @@
         "find-up": "^5.0.0",
         "glob-parent": "^6.0.2",
         "globals": "^13.19.0",
-        "grapheme-splitter": "^1.0.4",
+        "graphemer": "^1.4.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.0.0",
         "imurmurhash": "^0.1.4",
         "is-glob": "^4.0.0",
         "is-path-inside": "^3.0.3",
-        "js-sdsl": "^4.1.4",
         "js-yaml": "^4.1.0",
         "json-stable-stringify-without-jsonify": "^1.0.1",
         "levn": "^0.4.1",
@@ -7608,9 +7309,9 @@
       }
     },
     "node_modules/eslint-module-utils": {
-      "version": "2.7.4",
-      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.4.tgz",
-      "integrity": "sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA==",
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.0.tgz",
+      "integrity": "sha512-aWajIYfsqCKRDgUfjEXNN/JlrzauMuSEy5sbd7WXbtW3EH6A6MpwEh42c7qD+MqQo9QMJ6fWLAeIJynx0g6OAw==",
       "dependencies": {
         "debug": "^3.2.7"
       },
@@ -7838,11 +7539,11 @@
       }
     },
     "node_modules/eslint-plugin-testing-library": {
-      "version": "5.10.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-testing-library/-/eslint-plugin-testing-library-5.10.2.tgz",
-      "integrity": "sha512-f1DmDWcz5SDM+IpCkEX0lbFqrrTs8HRsEElzDEqN/EBI0hpRj8Cns5+IVANXswE8/LeybIJqPAOQIFu2j5Y5sw==",
+      "version": "5.11.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-testing-library/-/eslint-plugin-testing-library-5.11.0.tgz",
+      "integrity": "sha512-ELY7Gefo+61OfXKlQeXNIDVVLPcvKTeiQOoMZG9TeuWa7Ln4dUNRv8JdRWBQI9Mbb427XGlVB1aa1QPZxBJM8Q==",
       "dependencies": {
-        "@typescript-eslint/utils": "^5.43.0"
+        "@typescript-eslint/utils": "^5.58.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0",
@@ -7853,15 +7554,18 @@
       }
     },
     "node_modules/eslint-scope": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz",
-      "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.0.tgz",
+      "integrity": "sha512-DYj5deGlHBfMt15J7rdtyKNq/Nqlv5KfU4iodrQ019XESsRnwXH9KAE0y3cwtUHDo2ob7CypAnCqefh6vioWRw==",
       "dependencies": {
         "esrecurse": "^4.3.0",
         "estraverse": "^5.2.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
       }
     },
     "node_modules/eslint-utils": {
@@ -7889,11 +7593,14 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
-      "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.1.tgz",
+      "integrity": "sha512-pZnmmLwYzf+kWaM/Qgrvpen51upAktaaiI01nsJD/Yr3lMOdNtq0cxkrrg16w64VtisN6okbs7Q8AfGqj4c9fA==",
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
       }
     },
     "node_modules/eslint-webpack-plugin": {
@@ -7945,14 +7652,6 @@
         "ajv": "^8.8.2"
       }
     },
-    "node_modules/eslint-webpack-plugin/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/eslint-webpack-plugin/node_modules/jest-worker": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz",
@@ -7972,14 +7671,14 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/eslint-webpack-plugin/node_modules/schema-utils": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
-      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
+      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
-        "ajv": "^8.8.0",
+        "ajv": "^8.9.0",
         "ajv-formats": "^2.1.1",
-        "ajv-keywords": "^5.0.0"
+        "ajv-keywords": "^5.1.0"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -8003,62 +7702,6 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
-    "node_modules/eslint/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/eslint/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/eslint/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/eslint/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/eslint/node_modules/escape-string-regexp": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
-      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/eslint/node_modules/globals": {
       "version": "13.20.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
@@ -8073,25 +7716,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/eslint/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/eslint/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/eslint/node_modules/type-fest": {
       "version": "0.20.2",
       "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
@@ -8104,13 +7728,13 @@
       }
     },
     "node_modules/espree": {
-      "version": "9.5.0",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.0.tgz",
-      "integrity": "sha512-JPbJGhKc47++oo4JkEoTe2wjy4fmMwvFpgJT9cQzmfXKp22Dr6Hf1tdCteLz1h0P3t+mGvWZ+4Uankvh8+c6zw==",
+      "version": "9.5.2",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.2.tgz",
+      "integrity": "sha512-7OASN1Wma5fum5SrNhFMAMJxOUAbhyfQ8dQ//PJaJbNw0URTPWqIghHWt1MmAANKhHZIYOHruW4Kw4ruUWOdGw==",
       "dependencies": {
         "acorn": "^8.8.0",
         "acorn-jsx": "^5.3.2",
-        "eslint-visitor-keys": "^3.3.0"
+        "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -8602,51 +8226,6 @@
         }
       }
     },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
     "node_modules/fork-ts-checker-webpack-plugin/node_modules/cosmiconfig": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz",
@@ -8676,14 +8255,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz",
@@ -8701,17 +8272,6 @@
         "url": "https://opencollective.com/webpack"
       }
     },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
@@ -8783,9 +8343,9 @@
       }
     },
     "node_modules/fs-monkey": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.3.tgz",
-      "integrity": "sha512-cybjIfiiE+pTWicSCLFHSrXZ6EilF30oh91FDP9S2B051prEa7QWfrVTQm10/dDpswBDXZugPa1Ogu8Yh+HV0Q=="
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.4.tgz",
+      "integrity": "sha512-INM/fWAxMICjttnD0DX1rBvinKskj5G1w+oy/pnm9u/tSlnBrzFonJMcalKJ30P8RRsPzKcCG7Q8l0jx5Fh9YQ=="
     },
     "node_modules/fs.realpath": {
       "version": "1.0.0",
@@ -8858,12 +8418,13 @@
       }
     },
     "node_modules/get-intrinsic": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.0.tgz",
-      "integrity": "sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz",
+      "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==",
       "dependencies": {
         "function-bind": "^1.1.1",
         "has": "^1.0.3",
+        "has-proto": "^1.0.1",
         "has-symbols": "^1.0.3"
       },
       "funding": {
@@ -9041,6 +8602,11 @@
       "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz",
       "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ=="
     },
+    "node_modules/graphemer": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz",
+      "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag=="
+    },
     "node_modules/gzip-size": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz",
@@ -9085,11 +8651,11 @@
       }
     },
     "node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
       "engines": {
-        "node": ">=4"
+        "node": ">=8"
       }
     },
     "node_modules/has-property-descriptors": {
@@ -9256,9 +8822,9 @@
       }
     },
     "node_modules/html-entities": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.3.tgz",
-      "integrity": "sha512-DV5Ln36z34NNTDgnz0EWGBLZENelNAtkiFA4kyNOG2tDI6Mz1uSWiq1wAKdyjnJwyDiDO7Fa2SO1CTxPXL8VxA=="
+      "version": "2.3.5",
+      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.5.tgz",
+      "integrity": "sha512-72TJlcMkYsEJASa/3HnX7VT59htM7iSHbH59NSZbtc+22Ap0Txnlx91sfeB+/A7wNZg7UxtZdhAW4y+/jimrdg=="
     },
     "node_modules/html-escaper": {
       "version": "2.0.2",
@@ -9286,9 +8852,9 @@
       }
     },
     "node_modules/html-webpack-plugin": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.0.tgz",
-      "integrity": "sha512-sy88PC2cRTVxvETRgUHFrL4No3UxvcH8G1NepGhqaTT+GXN2kTamqasot0inS5hXeg1cMbFDt27zzo9p35lZVw==",
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.1.tgz",
+      "integrity": "sha512-cTUzZ1+NqjGEKjmVgZKLMdiFg3m9MdRXkZW2OEe69WYVi5ONLMmlnSZdXzGGMOq0C8jGDrL6EWyEDDUioHO/pA==",
       "dependencies": {
         "@types/html-minifier-terser": "^6.0.0",
         "html-minifier-terser": "^6.0.2",
@@ -9471,9 +9037,9 @@
       "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ=="
     },
     "node_modules/immer": {
-      "version": "9.0.19",
-      "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.19.tgz",
-      "integrity": "sha512-eY+Y0qcsB4TZKwgQzLaE/lqYMlKhv5J9dyd2RhhtGhNo2njPXDqU9XPfcNfa3MIDsdtZt5KlkIsirlo4dHsWdQ==",
+      "version": "9.0.21",
+      "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz",
+      "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/immer"
@@ -9494,14 +9060,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/import-fresh/node_modules/resolve-from": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
-      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/import-local": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz",
@@ -9569,9 +9127,9 @@
       }
     },
     "node_modules/ipaddr.js": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.0.1.tgz",
-      "integrity": "sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz",
+      "integrity": "sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==",
       "engines": {
         "node": ">= 10"
       }
@@ -9680,9 +9238,9 @@
       }
     },
     "node_modules/is-core-module": {
-      "version": "2.11.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz",
-      "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==",
+      "version": "2.12.1",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.1.tgz",
+      "integrity": "sha512-Q4ZuBAe2FUsKtyQJoQHlvP8OvBERxO3jEmy1I7hcRXcJBGGHFh/aJBswbXuS9sgrDH2QUO8ilkwNPHvHMd8clg==",
       "dependencies": {
         "has": "^1.0.3"
       },
@@ -10057,25 +9615,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/istanbul-lib-report/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/istanbul-lib-report/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/istanbul-lib-source-maps": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz",
@@ -10110,14 +9649,14 @@
       }
     },
     "node_modules/jake": {
-      "version": "10.8.5",
-      "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.5.tgz",
-      "integrity": "sha512-sVpxYeuAhWt0OTWITwT98oyV0GsXyMlXCF+3L1SuafBVUIr/uILGRB+NqwkzhgXKvoJpDIpQvqkUALgdmQsQxw==",
+      "version": "10.8.7",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz",
+      "integrity": "sha512-ZDi3aP+fG/LchyBzUM804VjddnwfSfsdeYkwt8NcbKRvo4rFkjhs456iLFn3k2ZUWvNe4i48WACDbza8fhq2+w==",
       "dependencies": {
         "async": "^3.2.3",
         "chalk": "^4.0.2",
-        "filelist": "^1.0.1",
-        "minimatch": "^3.0.4"
+        "filelist": "^1.0.4",
+        "minimatch": "^3.1.2"
       },
       "bin": {
         "jake": "bin/cli.js"
@@ -10126,79 +9665,15 @@
         "node": ">=10"
       }
     },
-    "node_modules/jake/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+    "node_modules/jdenticon": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/jdenticon/-/jdenticon-3.2.0.tgz",
+      "integrity": "sha512-z6Iq3fTODUMSOiR2nNYrqigS6Y0GvdXfyQWrUby7htDHvX7GNEwaWR4hcaL+FmhEgBe08Xkup/BKxXQhDJByPA==",
       "dependencies": {
-        "color-convert": "^2.0.1"
+        "canvas-renderer": "~2.2.0"
       },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jake/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jake/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jake/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jake/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jake/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jdenticon": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/jdenticon/-/jdenticon-3.2.0.tgz",
-      "integrity": "sha512-z6Iq3fTODUMSOiR2nNYrqigS6Y0GvdXfyQWrUby7htDHvX7GNEwaWR4hcaL+FmhEgBe08Xkup/BKxXQhDJByPA==",
-      "dependencies": {
-        "canvas-renderer": "~2.2.0"
-      },
-      "bin": {
-        "jdenticon": "bin/jdenticon.js"
+      "bin": {
+        "jdenticon": "bin/jdenticon.js"
       },
       "engines": {
         "node": ">=6.4.0"
@@ -10270,70 +9745,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-circus/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-circus/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-circus/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-circus/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-circus/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-circus/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-cli": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-27.5.1.tgz",
@@ -10367,70 +9778,6 @@
         }
       }
     },
-    "node_modules/jest-cli/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-cli/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-cli/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-cli/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-cli/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-cli/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-config": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz",
@@ -10473,259 +9820,67 @@
         }
       }
     },
-    "node_modules/jest-config/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+    "node_modules/jest-diff": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz",
+      "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==",
       "dependencies": {
-        "color-convert": "^2.0.1"
+        "chalk": "^4.0.0",
+        "diff-sequences": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "pretty-format": "^27.5.1"
       },
       "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-config/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+    "node_modules/jest-docblock": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz",
+      "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==",
       "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
+        "detect-newline": "^3.0.0"
       },
       "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-config/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+    "node_modules/jest-each": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-27.5.1.tgz",
+      "integrity": "sha512-1Ff6p+FbhT/bXQnEouYy00bkNSY7OUpfIcmdl8vZ31A1UUaurOLPA8a8BbJOF2RDUElwJhmeaV7LnagI+5UwNQ==",
       "dependencies": {
-        "color-name": "~1.1.4"
+        "@jest/types": "^27.5.1",
+        "chalk": "^4.0.0",
+        "jest-get-type": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "pretty-format": "^27.5.1"
       },
       "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-config/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-config/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-config/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+    "node_modules/jest-environment-jsdom": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-27.5.1.tgz",
+      "integrity": "sha512-TFBvkTC1Hnnnrka/fUb56atfDtJ9VMZ94JkjTbggl1PEpwrYtUBKMezB3inLmWqQsXYLcMwNoDQwoBTAvFfsfw==",
       "dependencies": {
-        "has-flag": "^4.0.0"
+        "@jest/environment": "^27.5.1",
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "jest-mock": "^27.5.1",
+        "jest-util": "^27.5.1",
+        "jsdom": "^16.6.0"
       },
       "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-diff": {
+    "node_modules/jest-environment-node": {
       "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz",
-      "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==",
-      "dependencies": {
-        "chalk": "^4.0.0",
-        "diff-sequences": "^27.5.1",
-        "jest-get-type": "^27.5.1",
-        "pretty-format": "^27.5.1"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-diff/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-diff/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-diff/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-diff/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-diff/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-diff/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-docblock": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz",
-      "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==",
-      "dependencies": {
-        "detect-newline": "^3.0.0"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-each": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-27.5.1.tgz",
-      "integrity": "sha512-1Ff6p+FbhT/bXQnEouYy00bkNSY7OUpfIcmdl8vZ31A1UUaurOLPA8a8BbJOF2RDUElwJhmeaV7LnagI+5UwNQ==",
-      "dependencies": {
-        "@jest/types": "^27.5.1",
-        "chalk": "^4.0.0",
-        "jest-get-type": "^27.5.1",
-        "jest-util": "^27.5.1",
-        "pretty-format": "^27.5.1"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-each/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-each/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-each/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-each/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-each/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-each/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-environment-jsdom": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-27.5.1.tgz",
-      "integrity": "sha512-TFBvkTC1Hnnnrka/fUb56atfDtJ9VMZ94JkjTbggl1PEpwrYtUBKMezB3inLmWqQsXYLcMwNoDQwoBTAvFfsfw==",
-      "dependencies": {
-        "@jest/environment": "^27.5.1",
-        "@jest/fake-timers": "^27.5.1",
-        "@jest/types": "^27.5.1",
-        "@types/node": "*",
-        "jest-mock": "^27.5.1",
-        "jest-util": "^27.5.1",
-        "jsdom": "^16.6.0"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-environment-node": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-27.5.1.tgz",
-      "integrity": "sha512-Jt4ZUnxdOsTGwSRAfKEnE6BcwsSPNOijjwifq5sDFSA2kesnXTvNqKHYgM0hDq3549Uf/KzdXNYn4wMZJPlFLw==",
+      "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-27.5.1.tgz",
+      "integrity": "sha512-Jt4ZUnxdOsTGwSRAfKEnE6BcwsSPNOijjwifq5sDFSA2kesnXTvNqKHYgM0hDq3549Uf/KzdXNYn4wMZJPlFLw==",
       "dependencies": {
         "@jest/environment": "^27.5.1",
         "@jest/fake-timers": "^27.5.1",
@@ -10798,70 +9953,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-jasmine2/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-jasmine2/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-jasmine2/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-jasmine2/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-jasmine2/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-jasmine2/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-leak-detector": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-27.5.1.tgz",
@@ -10882,157 +9973,29 @@
         "chalk": "^4.0.0",
         "jest-diff": "^27.5.1",
         "jest-get-type": "^27.5.1",
-        "pretty-format": "^27.5.1"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-matcher-utils/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-matcher-utils/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-matcher-utils/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-matcher-utils/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-matcher-utils/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-matcher-utils/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-message-util": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz",
-      "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==",
-      "dependencies": {
-        "@babel/code-frame": "^7.12.13",
-        "@jest/types": "^27.5.1",
-        "@types/stack-utils": "^2.0.0",
-        "chalk": "^4.0.0",
-        "graceful-fs": "^4.2.9",
-        "micromatch": "^4.0.4",
-        "pretty-format": "^27.5.1",
-        "slash": "^3.0.0",
-        "stack-utils": "^2.0.3"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-message-util/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-message-util/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-message-util/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-message-util/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-message-util/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+        "pretty-format": "^27.5.1"
+      },
       "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-message-util/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+    "node_modules/jest-message-util": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz",
+      "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==",
       "dependencies": {
-        "has-flag": "^4.0.0"
+        "@babel/code-frame": "^7.12.13",
+        "@jest/types": "^27.5.1",
+        "@types/stack-utils": "^2.0.0",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^27.5.1",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
       },
       "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
     "node_modules/jest-mock": {
@@ -11104,70 +10067,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-resolve/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-resolve/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-resolve/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-resolve/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-resolve/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-resolve/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-runner": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-27.5.1.tgz",
@@ -11199,70 +10098,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-runner/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-runner/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-runner/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-runner/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-runner/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-runner/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-runtime": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-27.5.1.tgz",
@@ -11295,70 +10130,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-runtime/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-runtime/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-runtime/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-runtime/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-runtime/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-runtime/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-serializer": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-27.5.1.tgz",
@@ -11397,74 +10168,10 @@
         "jest-util": "^27.5.1",
         "natural-compare": "^1.4.0",
         "pretty-format": "^27.5.1",
-        "semver": "^7.3.2"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-snapshot/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-snapshot/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-snapshot/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-snapshot/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-snapshot/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-snapshot/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
+        "semver": "^7.3.2"
       },
       "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
     "node_modules/jest-util": {
@@ -11483,70 +10190,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-util/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-util/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-util/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-util/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-util/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-util/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-validate": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-27.5.1.tgz",
@@ -11563,70 +10206,6 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
-    "node_modules/jest-validate/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-validate/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-validate/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-validate/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-validate/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-validate/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-watch-typeahead": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/jest-watch-typeahead/-/jest-watch-typeahead-1.1.0.tgz",
@@ -11702,58 +10281,24 @@
       }
     },
     "node_modules/jest-watch-typeahead/node_modules/@types/yargs": {
-      "version": "17.0.23",
-      "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.23.tgz",
-      "integrity": "sha512-yuogunc04OnzGQCrfHx+Kk883Q4X0aSwmYZhKjI21m+SVYzjIbrWl8dOOwSv5hf2Um2pdCOXWo9isteZTNXUZQ==",
+      "version": "17.0.24",
+      "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.24.tgz",
+      "integrity": "sha512-6i0aC7jV6QzQB8ne1joVZ0eSFIstHsCrobmOtghM11yGlH0j43FKL2UhWdELkyps0zuf7qVTUVCCR+tgSlyLLw==",
       "dependencies": {
         "@types/yargs-parser": "*"
       }
     },
     "node_modules/jest-watch-typeahead/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-watch-typeahead/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
       "engines": {
         "node": ">=10"
       },
       "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-watch-typeahead/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/jest-watch-typeahead/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
     "node_modules/jest-watch-typeahead/node_modules/emittery": {
       "version": "0.10.2",
       "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz",
@@ -11765,14 +10310,6 @@
         "url": "https://github.com/sindresorhus/emittery?sponsor=1"
       }
     },
-    "node_modules/jest-watch-typeahead/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-watch-typeahead/node_modules/jest-message-util": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz",
@@ -11879,22 +10416,6 @@
         "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
       }
     },
-    "node_modules/jest-watch-typeahead/node_modules/pretty-format/node_modules/ansi-styles": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
-      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-watch-typeahead/node_modules/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
-    },
     "node_modules/jest-watch-typeahead/node_modules/slash": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
@@ -11930,9 +10451,9 @@
       }
     },
     "node_modules/jest-watch-typeahead/node_modules/strip-ansi": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.0.1.tgz",
-      "integrity": "sha512-cXNxvT8dFNRVfhVME3JAe98mkXDYN2O1l7jmcwMnOslDeESg1rF/OZMtK0nRAhiari1unG5cD4jG3rapUAkLbw==",
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
+      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
       "dependencies": {
         "ansi-regex": "^6.0.1"
       },
@@ -11943,107 +10464,32 @@
         "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
-    "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/jest-watch-typeahead/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/jest-watcher": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz",
-      "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==",
-      "dependencies": {
-        "@jest/test-result": "^27.5.1",
-        "@jest/types": "^27.5.1",
-        "@types/node": "*",
-        "ansi-escapes": "^4.2.1",
-        "chalk": "^4.0.0",
-        "jest-util": "^27.5.1",
-        "string-length": "^4.0.1"
-      },
-      "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
-      }
-    },
-    "node_modules/jest-watcher/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/jest-watcher/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/jest-watcher/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/jest-watcher/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/jest-watcher/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+    "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
       "engines": {
-        "node": ">=8"
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
       }
     },
-    "node_modules/jest-watcher/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+    "node_modules/jest-watcher": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz",
+      "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==",
       "dependencies": {
-        "has-flag": "^4.0.0"
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "jest-util": "^27.5.1",
+        "string-length": "^4.0.1"
       },
       "engines": {
-        "node": ">=8"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
     "node_modules/jest-worker": {
@@ -12059,14 +10505,6 @@
         "node": ">= 10.13.0"
       }
     },
-    "node_modules/jest-worker/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/jest-worker/node_modules/supports-color": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
@@ -12081,13 +10519,12 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
-    "node_modules/js-sdsl": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/js-sdsl/-/js-sdsl-4.4.0.tgz",
-      "integrity": "sha512-FfVSdx6pJ41Oa+CF7RDaFmTnCaFhua+SNYQX74riGOpl96x+2jQCqEfQ2bnXu/5DPCqlRuiqyvTJM0Qjz26IVg==",
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/js-sdsl"
+    "node_modules/jiti": {
+      "version": "1.18.2",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.18.2.tgz",
+      "integrity": "sha512-QAdOptna2NYiSSpv0O/BwoHBSmz4YhpzJHyi+fnMRTXFjp7B8i/YG5Z8IfusxB1ufjcD2Sre1F3R+nX3fvy7gg==",
+      "bin": {
+        "jiti": "bin/jiti.js"
       }
     },
     "node_modules/js-sha256": {
@@ -12509,11 +10946,11 @@
       }
     },
     "node_modules/memfs": {
-      "version": "3.4.13",
-      "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.4.13.tgz",
-      "integrity": "sha512-omTM41g3Skpvx5dSYeZIbXKcXoAVc/AoMNwn9TKx++L/gaen/+4TTttmu8ZSch5vfVJ8uJvGbroTsIlslRg6lg==",
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.5.3.tgz",
+      "integrity": "sha512-UERzLsxzllchadvbPs5aolHh65ISpKpM+ccLbOJ8/vvpBKmAWf+la7dXFy7Mr0ySHbdHrFv5kGFCUHHe6GFEmw==",
       "dependencies": {
-        "fs-monkey": "^1.0.3"
+        "fs-monkey": "^1.0.4"
       },
       "engines": {
         "node": ">= 4.0.0"
@@ -12604,9 +11041,9 @@
       }
     },
     "node_modules/mini-css-extract-plugin": {
-      "version": "2.7.5",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.5.tgz",
-      "integrity": "sha512-9HaR++0mlgom81s95vvNjxkg52n2b5s//3ZTI1EtzFb98awsLSivs2LMsVqnQ3ay0PVhqWcGNyDaTE961FOcjQ==",
+      "version": "2.7.6",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.6.tgz",
+      "integrity": "sha512-Qk7HcgaPkGG6eD77mLvZS1nmxlao3j+9PkrT9Uc7HAE1id3F41+DdBRYRYkbyfNRGzm8/YWtzhw7nVPmwhqTQw==",
       "dependencies": {
         "schema-utils": "^4.0.0"
       },
@@ -12653,14 +11090,14 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/mini-css-extract-plugin/node_modules/schema-utils": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
-      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
+      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
-        "ajv": "^8.8.0",
+        "ajv": "^8.9.0",
         "ajv-formats": "^2.1.1",
-        "ajv-keywords": "^5.0.0"
+        "ajv-keywords": "^5.1.0"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -12722,10 +11159,26 @@
         "multicast-dns": "cli.js"
       }
     },
+    "node_modules/mz": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz",
+      "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==",
+      "dependencies": {
+        "any-promise": "^1.0.0",
+        "object-assign": "^4.0.1",
+        "thenify-all": "^1.0.0"
+      }
+    },
     "node_modules/nanoid": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+      "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
       "bin": {
         "nanoid": "bin/nanoid.cjs"
       },
@@ -12779,9 +11232,9 @@
       "integrity": "sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw=="
     },
     "node_modules/node-releases": {
-      "version": "2.0.10",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz",
-      "integrity": "sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w=="
+      "version": "2.0.12",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.12.tgz",
+      "integrity": "sha512-QzsYKWhXTWx8h1kIvqfnC++o0pEmpRQA/aenALsL2F4pqNVr7YzcdMlDij5WBnwftRbJCNJL/O7zdKaxKPHqgQ=="
     },
     "node_modules/normalize-path": {
       "version": "3.0.0",
@@ -12833,9 +11286,9 @@
       }
     },
     "node_modules/nwsapi": {
-      "version": "2.2.2",
-      "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.2.tgz",
-      "integrity": "sha512-90yv+6538zuvUMnN+zCr8LuV6bPFdq50304114vJYJ8RDyK8D5O9Phpbd6SZWgI7PwzmmfN1upeOJlvybDSgCw=="
+      "version": "2.2.5",
+      "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.5.tgz",
+      "integrity": "sha512-6xpotnECFy/og7tKSBVmUNft7J3jyXAka4XvG6AUhFWRz+Q/Ljus7znJAA3bxColfQLdS+XsjoodtJfCgeTEFQ=="
     },
     "node_modules/object-assign": {
       "version": "4.1.1",
@@ -12939,14 +11392,15 @@
       }
     },
     "node_modules/object.getownpropertydescriptors": {
-      "version": "2.1.5",
-      "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.5.tgz",
-      "integrity": "sha512-yDNzckpM6ntyQiGTik1fKV1DcVDRS+w8bvpWNCBanvH5LfRX9O8WTHqQzG4RZwRAM4I0oU7TV11Lj5v0g20ibw==",
+      "version": "2.1.6",
+      "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.6.tgz",
+      "integrity": "sha512-lq+61g26E/BgHv0ZTFgRvi7NMEPuAxLkFU7rukXjc/AlwH4Am5xXVnIXy3un1bg/JPbXHrixRkK1itUzzPiIjQ==",
       "dependencies": {
         "array.prototype.reduce": "^1.0.5",
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4"
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.21.2",
+        "safe-array-concat": "^1.0.0"
       },
       "engines": {
         "node": ">= 0.8"
@@ -13391,9 +11845,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.21",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
-      "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+      "version": "8.4.24",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
+      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
       "funding": [
         {
           "type": "opencollective",
@@ -13402,10 +11856,14 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "nanoid": "^3.3.4",
+        "nanoid": "^3.3.6",
         "picocolors": "^1.0.0",
         "source-map-js": "^1.0.2"
       },
@@ -13782,16 +12240,16 @@
       }
     },
     "node_modules/postcss-import": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz",
-      "integrity": "sha512-flwI+Vgm4SElObFVPpTIT7SU7R3qk2L7PyduMcokiaVKuWv9d/U+Gm/QAd8NDLuykTWTkcrjOeD2Pp1rMeBTGw==",
+      "version": "15.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz",
+      "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==",
       "dependencies": {
         "postcss-value-parser": "^4.0.0",
         "read-cache": "^1.0.0",
         "resolve": "^1.1.7"
       },
       "engines": {
-        "node": ">=10.0.0"
+        "node": ">=14.0.0"
       },
       "peerDependencies": {
         "postcss": "^8.0.0"
@@ -13843,15 +12301,15 @@
       }
     },
     "node_modules/postcss-load-config": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz",
-      "integrity": "sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.1.tgz",
+      "integrity": "sha512-vEJIc8RdiBRu3oRAI0ymerOn+7rPuMvRXslTvZUKZonDHFIczxztIyJ1urxM1x9JXEikvpWWTUUqal5j/8QgvA==",
       "dependencies": {
         "lilconfig": "^2.0.5",
-        "yaml": "^1.10.2"
+        "yaml": "^2.1.1"
       },
       "engines": {
-        "node": ">= 10"
+        "node": ">= 14"
       },
       "funding": {
         "type": "opencollective",
@@ -13870,6 +12328,14 @@
         }
       }
     },
+    "node_modules/postcss-load-config/node_modules/yaml": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz",
+      "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
     "node_modules/postcss-loader": {
       "version": "6.2.1",
       "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-6.2.1.tgz",
@@ -14017,9 +12483,9 @@
       }
     },
     "node_modules/postcss-modules-local-by-default": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.0.tgz",
-      "integrity": "sha512-sT7ihtmGSF9yhm6ggikHdV0hlziDTX7oFoXtuVWeDd3hHObNkcHRo9V3yg7vCAY7cONyxJC/XXCmmiHHcvX7bQ==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.0.3.tgz",
+      "integrity": "sha512-2/u2zraspoACtrbFRnTijMiQtb4GW4BvatjaG/bCjYQo8kLTdevCUlwuBHx2sCnSyrI3x3qj4ZK1j5LQBgzmwA==",
       "dependencies": {
         "icss-utils": "^5.0.0",
         "postcss-selector-parser": "^6.0.2",
@@ -14061,11 +12527,11 @@
       }
     },
     "node_modules/postcss-nested": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz",
-      "integrity": "sha512-0DkamqrPcmkBDsLn+vQDIrtkSbNkv5AD/M322ySo9kqFkCIYklym2xEmWkwo+Y3/qZo34tzEPNUw4y7yMCdv5w==",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz",
+      "integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==",
       "dependencies": {
-        "postcss-selector-parser": "^6.0.10"
+        "postcss-selector-parser": "^6.0.11"
       },
       "engines": {
         "node": ">=12.0"
@@ -14459,9 +12925,9 @@
       }
     },
     "node_modules/postcss-selector-parser": {
-      "version": "6.0.11",
-      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.11.tgz",
-      "integrity": "sha512-zbARubNdogI9j7WY4nQJBiNqQf3sLS3wCP4WfOidu+p28LofJqDH1tcXypGrcmMHhDk2t9wGhCsYe/+szLTy1g==",
+      "version": "6.0.13",
+      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.13.tgz",
+      "integrity": "sha512-EaV1Gl4mUEV4ddhDnv/xtj7sxwrwxdetHdWUGnT4VJQf+4d05v6lHYZr8N573k5Z0BViss7BDhfWtKS3+sfAqQ==",
       "dependencies": {
         "cssesc": "^3.0.0",
         "util-deprecate": "^1.0.2"
@@ -14609,6 +13075,11 @@
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
+    "node_modules/pretty-format/node_modules/react-is": {
+      "version": "17.0.2",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
+      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w=="
+    },
     "node_modules/prismjs": {
       "version": "1.29.0",
       "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz",
@@ -14758,17 +13229,6 @@
         }
       ]
     },
-    "node_modules/quick-lru": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz",
-      "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/raf": {
       "version": "3.4.1",
       "resolved": "https://registry.npmjs.org/raf/-/raf-3.4.1.tgz",
@@ -14887,70 +13347,6 @@
         "node": ">=14"
       }
     },
-    "node_modules/react-dev-utils/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/react-dev-utils/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/react-dev-utils/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/react-dev-utils/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
-    "node_modules/react-dev-utils/node_modules/escape-string-regexp": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
-      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/react-dev-utils/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/react-dev-utils/node_modules/loader-utils": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz",
@@ -14959,17 +13355,6 @@
         "node": ">= 12.13.0"
       }
     },
-    "node_modules/react-dev-utils/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/react-dom": {
       "version": "18.2.0",
       "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.2.0.tgz",
@@ -14988,9 +13373,9 @@
       "integrity": "sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg=="
     },
     "node_modules/react-is": {
-      "version": "17.0.2",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
-      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w=="
+      "version": "18.2.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
+      "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
     },
     "node_modules/react-refresh": {
       "version": "0.11.0",
@@ -15001,11 +13386,11 @@
       }
     },
     "node_modules/react-router": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.10.0.tgz",
-      "integrity": "sha512-Nrg0BWpQqrC3ZFFkyewrflCud9dio9ME3ojHCF/WLsprJVzkq3q3UeEhMCAW1dobjeGbWgjNn/PVF6m46ANxXQ==",
+      "version": "6.12.1",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.12.1.tgz",
+      "integrity": "sha512-evd/GrKJOeOypD0JB9e1r7pQh2gWCsTbUfq059Wm1AFT/K2MNZuDo19lFtAgIhlBrp0MmpgpqtvZC7LPAs7vSw==",
       "dependencies": {
-        "@remix-run/router": "1.5.0"
+        "@remix-run/router": "1.6.3"
       },
       "engines": {
         "node": ">=14"
@@ -15015,12 +13400,12 @@
       }
     },
     "node_modules/react-router-dom": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.10.0.tgz",
-      "integrity": "sha512-E5dfxRPuXKJqzwSe/qGcqdwa18QiWC6f3H3cWXM24qj4N0/beCIf/CWTipop2xm7mR0RCS99NnaqPNjHtrAzCg==",
+      "version": "6.12.1",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.12.1.tgz",
+      "integrity": "sha512-POIZN9UDKWwEDga054LvYr2KnK8V+0HR4Ny4Bwv8V7/FZCPxJgsCjYxXGxqxzHs7VBxMKZfgvtKhafuJkJSPGA==",
       "dependencies": {
-        "@remix-run/router": "1.5.0",
-        "react-router": "6.10.0"
+        "@remix-run/router": "1.6.3",
+        "react-router": "6.12.1"
       },
       "engines": {
         "node": ">=14"
@@ -15244,13 +13629,13 @@
       "integrity": "sha512-jbD/FT0+9MBU2XAZluI7w2OBs1RBi6p9M83nkoZayQXXU9e8Robt69FcZc7wU4eJD/YFTjn1JdCk3rbMJajz8Q=="
     },
     "node_modules/regexp.prototype.flags": {
-      "version": "1.4.3",
-      "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz",
-      "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.0.tgz",
+      "integrity": "sha512-0SutC3pNudRKgquxGoRGIz946MZVHqbNfPjBdxeOhBrdgDKlRoXmYLQN9xRbrR09ZXWeGAdPuif7egofn6v5LA==",
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.3",
-        "functions-have-names": "^1.2.2"
+        "define-properties": "^1.2.0",
+        "functions-have-names": "^1.2.3"
       },
       "engines": {
         "node": ">= 0.4"
@@ -15353,11 +13738,11 @@
       "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
     },
     "node_modules/resolve": {
-      "version": "1.22.1",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz",
-      "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==",
+      "version": "1.22.2",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.2.tgz",
+      "integrity": "sha512-Sb+mjNHOULsBv818T40qSPeRiuWLyaGMa5ewydRLFimneixmVy2zdivRl+AF6jaYPC8ERxGDmFSiqui6SfPd+g==",
       "dependencies": {
-        "is-core-module": "^2.9.0",
+        "is-core-module": "^2.11.0",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
       },
@@ -15379,7 +13764,7 @@
         "node": ">=8"
       }
     },
-    "node_modules/resolve-from": {
+    "node_modules/resolve-cwd/node_modules/resolve-from": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
       "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
@@ -15387,6 +13772,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/resolve-from": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/resolve-url-loader": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/resolve-url-loader/-/resolve-url-loader-4.0.0.tgz",
@@ -15532,21 +13925,6 @@
         "node": ">=0.4.0"
       }
     },
-    "node_modules/rewire/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dev": true,
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
     "node_modules/rewire/node_modules/argparse": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
@@ -15556,52 +13934,6 @@
         "sprintf-js": "~1.0.2"
       }
     },
-    "node_modules/rewire/node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
-      }
-    },
-    "node_modules/rewire/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dev": true,
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/rewire/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "dev": true
-    },
-    "node_modules/rewire/node_modules/escape-string-regexp": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
-      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/rewire/node_modules/eslint": {
       "version": "7.32.0",
       "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz",
@@ -15740,15 +14072,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/rewire/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/rewire/node_modules/ignore": {
       "version": "4.0.6",
       "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
@@ -15764,23 +14087,11 @@
       "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
       "dev": true,
       "dependencies": {
-        "argparse": "^1.0.7",
-        "esprima": "^4.0.0"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
-      }
-    },
-    "node_modules/rewire/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dev": true,
-      "dependencies": {
-        "has-flag": "^4.0.0"
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
       },
-      "engines": {
-        "node": ">=8"
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
       }
     },
     "node_modules/rewire/node_modules/type-fest": {
@@ -15838,14 +14149,6 @@
         "rollup": "^2.0.0"
       }
     },
-    "node_modules/rollup-plugin-terser/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/rollup-plugin-terser/node_modules/jest-worker": {
       "version": "26.6.2",
       "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz",
@@ -15867,17 +14170,6 @@
         "randombytes": "^2.1.0"
       }
     },
-    "node_modules/rollup-plugin-terser/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dependencies": {
-        "has-flag": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/run-parallel": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
@@ -15900,6 +14192,23 @@
         "queue-microtask": "^1.2.2"
       }
     },
+    "node_modules/safe-array-concat": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.0.tgz",
+      "integrity": "sha512-9dVEFruWIsnie89yym+xWTAYASdpw3CJV7Li/6zBewGf9z2i1j31rP6jnY0pHEO4QZh6N0K11bFjWmdR8UGdPQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.2.0",
+        "has-symbols": "^1.0.3",
+        "isarray": "^2.0.5"
+      },
+      "engines": {
+        "node": ">=0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -16004,9 +14313,9 @@
       }
     },
     "node_modules/schema-utils": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.1.tgz",
-      "integrity": "sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==",
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.2.0.tgz",
+      "integrity": "sha512-0zTyLGyDJYd/MBxG1AhJkKa6fpEBds4OQO2ut0w7OYG+ZGhGea09lijvzsqegYSik88zc7cUtIlnnO+/BvD6gQ==",
       "dependencies": {
         "@types/json-schema": "^7.0.8",
         "ajv": "^6.12.5",
@@ -16037,9 +14346,9 @@
       }
     },
     "node_modules/semver": {
-      "version": "7.3.8",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
-      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "version": "7.5.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
+      "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
       "dependencies": {
         "lru-cache": "^6.0.0"
       },
@@ -16224,9 +14533,9 @@
       }
     },
     "node_modules/shell-quote": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.0.tgz",
-      "integrity": "sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.1.tgz",
+      "integrity": "sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA==",
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
       }
@@ -16279,39 +14588,6 @@
         "url": "https://github.com/chalk/slice-ansi?sponsor=1"
       }
     },
-    "node_modules/slice-ansi/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dev": true,
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/slice-ansi/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dev": true,
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/slice-ansi/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-      "dev": true
-    },
     "node_modules/sockjs": {
       "version": "0.3.24",
       "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz",
@@ -16336,11 +14612,11 @@
       "integrity": "sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw=="
     },
     "node_modules/source-map": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
-      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "version": "0.5.7",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
+      "integrity": "sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==",
       "engines": {
-        "node": ">= 8"
+        "node": ">=0.10.0"
       }
     },
     "node_modules/source-map-js": {
@@ -16659,9 +14935,9 @@
       }
     },
     "node_modules/style-loader": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/style-loader/-/style-loader-3.3.2.tgz",
-      "integrity": "sha512-RHs/vcrKdQK8wZliteNK4NKzxvLBzpuHMqYmUVWeKa6MkaIQ97ZTOS0b+zapZhy6GcrgWnvWYCMHRirC3FsUmw==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/style-loader/-/style-loader-3.3.3.tgz",
+      "integrity": "sha512-53BiGLXAcll9maCYtZi2RCQZKa8NQQai5C4horqKyRmHj9H7QmcUyucrH+4KW/gBQbXM2AsB0axoEcFZPlfPcw==",
       "engines": {
         "node": ">= 12.13.0"
       },
@@ -16689,42 +14965,59 @@
       }
     },
     "node_modules/stylis": {
-      "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.1.3.tgz",
-      "integrity": "sha512-GP6WDNWf+o403jrEp9c5jibKavrtLW+/qYGhFxFrG8maXhwTBI7gLLhiBb0o7uFccWN+EOS9aMO6cGHWAO07OA=="
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.2.0.tgz",
+      "integrity": "sha512-Orov6g6BB1sDfYgzWfTHDOxamtX1bE/zo104Dh9e6fqJ3PooipYyfJ0pUmrZO2wAvO8YbEyeFrkV91XTsGMSrw=="
     },
-    "node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+    "node_modules/sucrase": {
+      "version": "3.32.0",
+      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.32.0.tgz",
+      "integrity": "sha512-ydQOU34rpSyj2TGyz4D2p8rbktIOZ8QY9s+DGLvFU1i5pWJE8vkpruCjGCMHsdXwnD7JDcS+noSwM/a7zyNFDQ==",
       "dependencies": {
-        "has-flag": "^3.0.0"
+        "@jridgewell/gen-mapping": "^0.3.2",
+        "commander": "^4.0.0",
+        "glob": "7.1.6",
+        "lines-and-columns": "^1.1.6",
+        "mz": "^2.7.0",
+        "pirates": "^4.0.1",
+        "ts-interface-checker": "^0.1.9"
+      },
+      "bin": {
+        "sucrase": "bin/sucrase",
+        "sucrase-node": "bin/sucrase-node"
       },
       "engines": {
-        "node": ">=4"
+        "node": ">=8"
       }
     },
-    "node_modules/supports-hyperlinks": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz",
-      "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==",
-      "dependencies": {
-        "has-flag": "^4.0.0",
-        "supports-color": "^7.0.0"
-      },
+    "node_modules/sucrase/node_modules/commander": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz",
+      "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==",
       "engines": {
-        "node": ">=8"
+        "node": ">= 6"
       }
     },
-    "node_modules/supports-hyperlinks/node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+    "node_modules/sucrase/node_modules/glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
       "engines": {
-        "node": ">=8"
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/supports-hyperlinks/node_modules/supports-color": {
+    "node_modules/supports-color": {
       "version": "7.2.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
       "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
@@ -16735,6 +15028,18 @@
         "node": ">=8"
       }
     },
+    "node_modules/supports-hyperlinks": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz",
+      "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==",
+      "dependencies": {
+        "has-flag": "^4.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/supports-preserve-symlinks-flag": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
@@ -16778,6 +15083,17 @@
         "node": ">=4.0.0"
       }
     },
+    "node_modules/svgo/node_modules/ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dependencies": {
+        "color-convert": "^1.9.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/svgo/node_modules/argparse": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
@@ -16786,6 +15102,32 @@
         "sprintf-js": "~1.0.2"
       }
     },
+    "node_modules/svgo/node_modules/chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dependencies": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/svgo/node_modules/color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dependencies": {
+        "color-name": "1.1.3"
+      }
+    },
+    "node_modules/svgo/node_modules/color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
+    },
     "node_modules/svgo/node_modules/css-select": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz",
@@ -16831,6 +15173,22 @@
       "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz",
       "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w=="
     },
+    "node_modules/svgo/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/svgo/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/svgo/node_modules/js-yaml": {
       "version": "3.14.1",
       "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
@@ -16851,6 +15209,17 @@
         "boolbase": "~1.0.0"
       }
     },
+    "node_modules/svgo/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -16895,50 +15264,42 @@
       "dev": true
     },
     "node_modules/tailwindcss": {
-      "version": "3.2.7",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.2.7.tgz",
-      "integrity": "sha512-B6DLqJzc21x7wntlH/GsZwEXTBttVSl1FtCzC8WP4oBc/NKef7kaax5jeihkkCEWc831/5NDJ9gRNDK6NEioQQ==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.2.tgz",
+      "integrity": "sha512-9jPkMiIBXvPc2KywkraqsUfbfj+dHDb+JPWtSJa9MLFdrPyazI7q6WX2sUrm7R9eVR7qqv3Pas7EvQFzxKnI6w==",
       "dependencies": {
+        "@alloc/quick-lru": "^5.2.0",
         "arg": "^5.0.2",
         "chokidar": "^3.5.3",
-        "color-name": "^1.1.4",
-        "detective": "^5.2.1",
         "didyoumean": "^1.2.2",
         "dlv": "^1.1.3",
         "fast-glob": "^3.2.12",
         "glob-parent": "^6.0.2",
         "is-glob": "^4.0.3",
-        "lilconfig": "^2.0.6",
+        "jiti": "^1.18.2",
+        "lilconfig": "^2.1.0",
         "micromatch": "^4.0.5",
         "normalize-path": "^3.0.0",
         "object-hash": "^3.0.0",
         "picocolors": "^1.0.0",
-        "postcss": "^8.0.9",
-        "postcss-import": "^14.1.0",
-        "postcss-js": "^4.0.0",
-        "postcss-load-config": "^3.1.4",
-        "postcss-nested": "6.0.0",
+        "postcss": "^8.4.23",
+        "postcss-import": "^15.1.0",
+        "postcss-js": "^4.0.1",
+        "postcss-load-config": "^4.0.1",
+        "postcss-nested": "^6.0.1",
         "postcss-selector-parser": "^6.0.11",
         "postcss-value-parser": "^4.2.0",
-        "quick-lru": "^5.1.1",
-        "resolve": "^1.22.1"
+        "resolve": "^1.22.2",
+        "sucrase": "^3.32.0"
       },
       "bin": {
         "tailwind": "lib/cli.js",
         "tailwindcss": "lib/cli.js"
       },
       "engines": {
-        "node": ">=12.13.0"
-      },
-      "peerDependencies": {
-        "postcss": "^8.0.9"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/tailwindcss/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
     "node_modules/tapable": {
       "version": "2.2.1",
       "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
@@ -16999,12 +15360,12 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.16.6",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.16.6.tgz",
-      "integrity": "sha512-IBZ+ZQIA9sMaXmRZCUMDjNH0D5AQQfdn4WUjHL0+1lF4TP1IHRJbrhb6fNaXWikrYQTSkb7SLxkeXAiy1p7mbg==",
+      "version": "5.17.7",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.17.7.tgz",
+      "integrity": "sha512-/bi0Zm2C6VAexlGgLlVxA0P2lru/sdLyfCVaRMfKVo9nWxbmz7f/sD8VPybPeSUJaJcwmCJis9pBIhcVcG1QcQ==",
       "dependencies": {
-        "@jridgewell/source-map": "^0.3.2",
-        "acorn": "^8.5.0",
+        "@jridgewell/source-map": "^0.3.3",
+        "acorn": "^8.8.2",
         "commander": "^2.20.0",
         "source-map-support": "~0.5.20"
       },
@@ -17016,15 +15377,15 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.7",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.7.tgz",
-      "integrity": "sha512-AfKwIktyP7Cu50xNjXF/6Qb5lBNzYaWpU6YfoX3uZicTx0zTy0stDDCsvjDapKsSDvOeWo5MEq4TmdBy2cNoHw==",
+      "version": "5.3.9",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.9.tgz",
+      "integrity": "sha512-ZuXsqE07EcggTWQjXUj+Aot/OMcD0bMKGgF63f7UxYcu5/AJF53aIpK1YoP5xR9l6s/Hy2b+t1AM0bLNPRuhwA==",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.17",
         "jest-worker": "^27.4.5",
         "schema-utils": "^3.1.1",
         "serialize-javascript": "^6.0.1",
-        "terser": "^5.16.5"
+        "terser": "^5.16.8"
       },
       "engines": {
         "node": ">= 10.13.0"
@@ -17071,6 +15432,25 @@
       "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
       "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw=="
     },
+    "node_modules/thenify": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz",
+      "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==",
+      "dependencies": {
+        "any-promise": "^1.0.0"
+      }
+    },
+    "node_modules/thenify-all": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz",
+      "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==",
+      "dependencies": {
+        "thenify": ">= 3.1.0 < 4"
+      },
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
     "node_modules/throat": {
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/throat/-/throat-6.0.2.tgz",
@@ -17114,9 +15494,9 @@
       }
     },
     "node_modules/tough-cookie": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.2.tgz",
-      "integrity": "sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==",
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz",
+      "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==",
       "dependencies": {
         "psl": "^1.1.33",
         "punycode": "^2.1.1",
@@ -17151,6 +15531,11 @@
       "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz",
       "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA=="
     },
+    "node_modules/ts-interface-checker": {
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz",
+      "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA=="
+    },
     "node_modules/tsconfig-paths": {
       "version": "3.14.2",
       "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.2.tgz",
@@ -17182,9 +15567,9 @@
       }
     },
     "node_modules/tslib": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
-      "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.3.tgz",
+      "integrity": "sha512-mSxlJJwl3BMEQCUNnxXBU9jP4JBktcEGhURcPR6VQVlnP0FdDEsIaz0C35dXNGLyRfrATNofF0F5p2KPxQgB+w=="
     },
     "node_modules/tsutils": {
       "version": "3.21.0",
@@ -17372,9 +15757,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.10.tgz",
-      "integrity": "sha512-OztqDenkfFkbSG+tRxBeAnCVPckDBcvibKd35yDONx6OU8N7sqgwc7rCbkJ/WcYtVRZ4ba68d6byhC21GFh7sQ==",
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.11.tgz",
+      "integrity": "sha512-dCwEFf0/oT85M1fHBg4F0jtLwJrutGoHSQXCh7u4o2t1drG+c0a9Flnqww6XUKSfQMPpJBRjU8d4RXB09qtvaA==",
       "funding": [
         {
           "type": "opencollective",
@@ -17383,6 +15768,10 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
@@ -17390,7 +15779,7 @@
         "picocolors": "^1.0.0"
       },
       "bin": {
-        "browserslist-lint": "cli.js"
+        "update-browserslist-db": "cli.js"
       },
       "peerDependencies": {
         "browserslist": ">= 4.21.0"
@@ -17472,6 +15861,14 @@
         "node": ">=10.12.0"
       }
     },
+    "node_modules/v8-to-istanbul/node_modules/source-map": {
+      "version": "0.7.4",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
+      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/vary": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@@ -17542,21 +15939,21 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.76.2",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.2.tgz",
-      "integrity": "sha512-Th05ggRm23rVzEOlX8y67NkYCHa9nTNcwHPBhdg+lKG+mtiW7XgggjAeeLnADAe7mLjJ6LUNfgHAuRRh+Z6J7w==",
+      "version": "5.86.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.86.0.tgz",
+      "integrity": "sha512-3BOvworZ8SO/D4GVP+GoRC3fVeg5MO4vzmq8TJJEkdmopxyazGDxN8ClqN12uzrZW9Tv8EED8v5VSb6Sqyi0pg==",
       "dependencies": {
         "@types/eslint-scope": "^3.7.3",
-        "@types/estree": "^0.0.51",
-        "@webassemblyjs/ast": "1.11.1",
-        "@webassemblyjs/wasm-edit": "1.11.1",
-        "@webassemblyjs/wasm-parser": "1.11.1",
+        "@types/estree": "^1.0.0",
+        "@webassemblyjs/ast": "^1.11.5",
+        "@webassemblyjs/wasm-edit": "^1.11.5",
+        "@webassemblyjs/wasm-parser": "^1.11.5",
         "acorn": "^8.7.1",
-        "acorn-import-assertions": "^1.7.6",
+        "acorn-import-assertions": "^1.9.0",
         "browserslist": "^4.14.5",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.10.0",
-        "es-module-lexer": "^0.9.0",
+        "enhanced-resolve": "^5.14.1",
+        "es-module-lexer": "^1.2.1",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
         "glob-to-regexp": "^0.4.1",
@@ -17565,9 +15962,9 @@
         "loader-runner": "^4.2.0",
         "mime-types": "^2.1.27",
         "neo-async": "^2.6.2",
-        "schema-utils": "^3.1.0",
+        "schema-utils": "^3.1.2",
         "tapable": "^2.1.1",
-        "terser-webpack-plugin": "^5.1.3",
+        "terser-webpack-plugin": "^5.3.7",
         "watchpack": "^2.4.0",
         "webpack-sources": "^3.2.3"
       },
@@ -17641,14 +16038,14 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/webpack-dev-middleware/node_modules/schema-utils": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
-      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
+      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
-        "ajv": "^8.8.0",
+        "ajv": "^8.9.0",
         "ajv-formats": "^2.1.1",
-        "ajv-keywords": "^5.0.0"
+        "ajv-keywords": "^5.1.0"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -17659,9 +16056,9 @@
       }
     },
     "node_modules/webpack-dev-server": {
-      "version": "4.13.1",
-      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.13.1.tgz",
-      "integrity": "sha512-5tWg00bnWbYgkN+pd5yISQKDejRBYGEw15RaEEslH+zdbNDxxaZvEAO2WulaSaFKb5n3YG8JXsGaDsut1D0xdA==",
+      "version": "4.15.0",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.0.tgz",
+      "integrity": "sha512-HmNB5QeSl1KpulTBQ8UT4FPrByYyaLxpJoQ0+s7EvUrMc16m0ZS1sgb1XGqzmgCPk0c9y+aaXxn11tbLzuM7NQ==",
       "dependencies": {
         "@types/bonjour": "^3.5.9",
         "@types/connect-history-api-fallback": "^1.3.5",
@@ -17748,14 +16145,14 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/webpack-dev-server/node_modules/schema-utils": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.0.0.tgz",
-      "integrity": "sha512-1edyXKgh6XnJsJSQ8mKWXnN/BVaIbFMLpouRUrXgVq7WYne5kw3MW7UPhO44uRXQSIpTSXoJbmrR2X0w9kUTyg==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
+      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
-        "ajv": "^8.8.0",
+        "ajv": "^8.9.0",
         "ajv-formats": "^2.1.1",
-        "ajv-keywords": "^5.0.0"
+        "ajv-keywords": "^5.1.0"
       },
       "engines": {
         "node": ">= 12.13.0"
@@ -17828,11 +16225,6 @@
         "node": ">=10.13.0"
       }
     },
-    "node_modules/webpack/node_modules/@types/estree": {
-      "version": "0.0.51",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz",
-      "integrity": "sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ=="
-    },
     "node_modules/webpack/node_modules/eslint-scope": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
@@ -17987,26 +16379,26 @@
       }
     },
     "node_modules/workbox-background-sync": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-background-sync/-/workbox-background-sync-6.5.4.tgz",
-      "integrity": "sha512-0r4INQZMyPky/lj4Ou98qxcThrETucOde+7mRGJl13MPJugQNKeZQOdIJe/1AchOP23cTqHcN/YVpD6r8E6I8g==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-background-sync/-/workbox-background-sync-6.6.0.tgz",
+      "integrity": "sha512-jkf4ZdgOJxC9u2vztxLuPT/UjlH7m/nWRQ/MgGL0v8BJHoZdVGJd18Kck+a0e55wGXdqyHO+4IQTk0685g4MUw==",
       "dependencies": {
         "idb": "^7.0.1",
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-broadcast-update": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-broadcast-update/-/workbox-broadcast-update-6.5.4.tgz",
-      "integrity": "sha512-I/lBERoH1u3zyBosnpPEtcAVe5lwykx9Yg1k6f8/BGEPGaMMgZrwVrqL1uA9QZ1NGGFoyE6t9i7lBjOlDhFEEw==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-broadcast-update/-/workbox-broadcast-update-6.6.0.tgz",
+      "integrity": "sha512-nm+v6QmrIFaB/yokJmQ/93qIJ7n72NICxIwQwe5xsZiV2aI93MGGyEyzOzDPVz5THEr5rC3FJSsO3346cId64Q==",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-build": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-build/-/workbox-build-6.5.4.tgz",
-      "integrity": "sha512-kgRevLXEYvUW9WS4XoziYqZ8Q9j/2ziJYEtTrjdz5/L/cTUa2XfyMP2i7c3p34lgqJ03+mTiz13SdFef2POwbA==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-build/-/workbox-build-6.6.0.tgz",
+      "integrity": "sha512-Tjf+gBwOTuGyZwMz2Nk/B13Fuyeo0Q84W++bebbVsfr9iLkDSo6j6PST8tET9HYA58mlRXwlMGpyWO8ETJiXdQ==",
       "dependencies": {
         "@apideck/better-ajv-errors": "^0.3.1",
         "@babel/core": "^7.11.1",
@@ -18030,21 +16422,21 @@
         "strip-comments": "^2.0.1",
         "tempy": "^0.6.0",
         "upath": "^1.2.0",
-        "workbox-background-sync": "6.5.4",
-        "workbox-broadcast-update": "6.5.4",
-        "workbox-cacheable-response": "6.5.4",
-        "workbox-core": "6.5.4",
-        "workbox-expiration": "6.5.4",
-        "workbox-google-analytics": "6.5.4",
-        "workbox-navigation-preload": "6.5.4",
-        "workbox-precaching": "6.5.4",
-        "workbox-range-requests": "6.5.4",
-        "workbox-recipes": "6.5.4",
-        "workbox-routing": "6.5.4",
-        "workbox-strategies": "6.5.4",
-        "workbox-streams": "6.5.4",
-        "workbox-sw": "6.5.4",
-        "workbox-window": "6.5.4"
+        "workbox-background-sync": "6.6.0",
+        "workbox-broadcast-update": "6.6.0",
+        "workbox-cacheable-response": "6.6.0",
+        "workbox-core": "6.6.0",
+        "workbox-expiration": "6.6.0",
+        "workbox-google-analytics": "6.6.0",
+        "workbox-navigation-preload": "6.6.0",
+        "workbox-precaching": "6.6.0",
+        "workbox-range-requests": "6.6.0",
+        "workbox-recipes": "6.6.0",
+        "workbox-routing": "6.6.0",
+        "workbox-strategies": "6.6.0",
+        "workbox-streams": "6.6.0",
+        "workbox-sw": "6.6.0",
+        "workbox-window": "6.6.0"
       },
       "engines": {
         "node": ">=10.0.0"
@@ -18135,117 +16527,118 @@
       }
     },
     "node_modules/workbox-cacheable-response": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-cacheable-response/-/workbox-cacheable-response-6.5.4.tgz",
-      "integrity": "sha512-DCR9uD0Fqj8oB2TSWQEm1hbFs/85hXXoayVwFKLVuIuxwJaihBsLsp4y7J9bvZbqtPJ1KlCkmYVGQKrBU4KAug==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-cacheable-response/-/workbox-cacheable-response-6.6.0.tgz",
+      "integrity": "sha512-JfhJUSQDwsF1Xv3EV1vWzSsCOZn4mQ38bWEBR3LdvOxSPgB65gAM6cS2CX8rkkKHRgiLrN7Wxoyu+TuH67kHrw==",
+      "deprecated": "workbox-background-sync@6.6.0",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-core": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-core/-/workbox-core-6.5.4.tgz",
-      "integrity": "sha512-OXYb+m9wZm8GrORlV2vBbE5EC1FKu71GGp0H4rjmxmF4/HLbMCoTFws87M3dFwgpmg0v00K++PImpNQ6J5NQ6Q=="
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-core/-/workbox-core-6.6.0.tgz",
+      "integrity": "sha512-GDtFRF7Yg3DD859PMbPAYPeJyg5gJYXuBQAC+wyrWuuXgpfoOrIQIvFRZnQ7+czTIQjIr1DhLEGFzZanAT/3bQ=="
     },
     "node_modules/workbox-expiration": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-expiration/-/workbox-expiration-6.5.4.tgz",
-      "integrity": "sha512-jUP5qPOpH1nXtjGGh1fRBa1wJL2QlIb5mGpct3NzepjGG2uFFBn4iiEBiI9GUmfAFR2ApuRhDydjcRmYXddiEQ==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-expiration/-/workbox-expiration-6.6.0.tgz",
+      "integrity": "sha512-baplYXcDHbe8vAo7GYvyAmlS4f6998Jff513L4XvlzAOxcl8F620O91guoJ5EOf5qeXG4cGdNZHkkVAPouFCpw==",
       "dependencies": {
         "idb": "^7.0.1",
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-google-analytics": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-google-analytics/-/workbox-google-analytics-6.5.4.tgz",
-      "integrity": "sha512-8AU1WuaXsD49249Wq0B2zn4a/vvFfHkpcFfqAFHNHwln3jK9QUYmzdkKXGIZl9wyKNP+RRX30vcgcyWMcZ9VAg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-google-analytics/-/workbox-google-analytics-6.6.0.tgz",
+      "integrity": "sha512-p4DJa6OldXWd6M9zRl0H6vB9lkrmqYFkRQ2xEiNdBFp9U0LhsGO7hsBscVEyH9H2/3eZZt8c97NB2FD9U2NJ+Q==",
       "dependencies": {
-        "workbox-background-sync": "6.5.4",
-        "workbox-core": "6.5.4",
-        "workbox-routing": "6.5.4",
-        "workbox-strategies": "6.5.4"
+        "workbox-background-sync": "6.6.0",
+        "workbox-core": "6.6.0",
+        "workbox-routing": "6.6.0",
+        "workbox-strategies": "6.6.0"
       }
     },
     "node_modules/workbox-navigation-preload": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-navigation-preload/-/workbox-navigation-preload-6.5.4.tgz",
-      "integrity": "sha512-IIwf80eO3cr8h6XSQJF+Hxj26rg2RPFVUmJLUlM0+A2GzB4HFbQyKkrgD5y2d84g2IbJzP4B4j5dPBRzamHrng==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-navigation-preload/-/workbox-navigation-preload-6.6.0.tgz",
+      "integrity": "sha512-utNEWG+uOfXdaZmvhshrh7KzhDu/1iMHyQOV6Aqup8Mm78D286ugu5k9MFD9SzBT5TcwgwSORVvInaXWbvKz9Q==",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-precaching": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-precaching/-/workbox-precaching-6.5.4.tgz",
-      "integrity": "sha512-hSMezMsW6btKnxHB4bFy2Qfwey/8SYdGWvVIKFaUm8vJ4E53JAY+U2JwLTRD8wbLWoP6OVUdFlXsTdKu9yoLTg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-precaching/-/workbox-precaching-6.6.0.tgz",
+      "integrity": "sha512-eYu/7MqtRZN1IDttl/UQcSZFkHP7dnvr/X3Vn6Iw6OsPMruQHiVjjomDFCNtd8k2RdjLs0xiz9nq+t3YVBcWPw==",
       "dependencies": {
-        "workbox-core": "6.5.4",
-        "workbox-routing": "6.5.4",
-        "workbox-strategies": "6.5.4"
+        "workbox-core": "6.6.0",
+        "workbox-routing": "6.6.0",
+        "workbox-strategies": "6.6.0"
       }
     },
     "node_modules/workbox-range-requests": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-range-requests/-/workbox-range-requests-6.5.4.tgz",
-      "integrity": "sha512-Je2qR1NXCFC8xVJ/Lux6saH6IrQGhMpDrPXWZWWS8n/RD+WZfKa6dSZwU+/QksfEadJEr/NfY+aP/CXFFK5JFg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-range-requests/-/workbox-range-requests-6.6.0.tgz",
+      "integrity": "sha512-V3aICz5fLGq5DpSYEU8LxeXvsT//mRWzKrfBOIxzIdQnV/Wj7R+LyJVTczi4CQ4NwKhAaBVaSujI1cEjXW+hTw==",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-recipes": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-recipes/-/workbox-recipes-6.5.4.tgz",
-      "integrity": "sha512-QZNO8Ez708NNwzLNEXTG4QYSKQ1ochzEtRLGaq+mr2PyoEIC1xFW7MrWxrONUxBFOByksds9Z4//lKAX8tHyUA==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-recipes/-/workbox-recipes-6.6.0.tgz",
+      "integrity": "sha512-TFi3kTgYw73t5tg73yPVqQC8QQjxJSeqjXRO4ouE/CeypmP2O/xqmB/ZFBBQazLTPxILUQ0b8aeh0IuxVn9a6A==",
       "dependencies": {
-        "workbox-cacheable-response": "6.5.4",
-        "workbox-core": "6.5.4",
-        "workbox-expiration": "6.5.4",
-        "workbox-precaching": "6.5.4",
-        "workbox-routing": "6.5.4",
-        "workbox-strategies": "6.5.4"
+        "workbox-cacheable-response": "6.6.0",
+        "workbox-core": "6.6.0",
+        "workbox-expiration": "6.6.0",
+        "workbox-precaching": "6.6.0",
+        "workbox-routing": "6.6.0",
+        "workbox-strategies": "6.6.0"
       }
     },
     "node_modules/workbox-routing": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-routing/-/workbox-routing-6.5.4.tgz",
-      "integrity": "sha512-apQswLsbrrOsBUWtr9Lf80F+P1sHnQdYodRo32SjiByYi36IDyL2r7BH1lJtFX8fwNHDa1QOVY74WKLLS6o5Pg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-routing/-/workbox-routing-6.6.0.tgz",
+      "integrity": "sha512-x8gdN7VDBiLC03izAZRfU+WKUXJnbqt6PG9Uh0XuPRzJPpZGLKce/FkOX95dWHRpOHWLEq8RXzjW0O+POSkKvw==",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-strategies": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-strategies/-/workbox-strategies-6.5.4.tgz",
-      "integrity": "sha512-DEtsxhx0LIYWkJBTQolRxG4EI0setTJkqR4m7r4YpBdxtWJH1Mbg01Cj8ZjNOO8etqfA3IZaOPHUxCs8cBsKLw==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-strategies/-/workbox-strategies-6.6.0.tgz",
+      "integrity": "sha512-eC07XGuINAKUWDnZeIPdRdVja4JQtTuc35TZ8SwMb1ztjp7Ddq2CJ4yqLvWzFWGlYI7CG/YGqaETntTxBGdKgQ==",
       "dependencies": {
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/workbox-streams": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-streams/-/workbox-streams-6.5.4.tgz",
-      "integrity": "sha512-FXKVh87d2RFXkliAIheBojBELIPnWbQdyDvsH3t74Cwhg0fDheL1T8BqSM86hZvC0ZESLsznSYWw+Va+KVbUzg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-streams/-/workbox-streams-6.6.0.tgz",
+      "integrity": "sha512-rfMJLVvwuED09CnH1RnIep7L9+mj4ufkTyDPVaXPKlhi9+0czCu+SJggWCIFbPpJaAZmp2iyVGLqS3RUmY3fxg==",
       "dependencies": {
-        "workbox-core": "6.5.4",
-        "workbox-routing": "6.5.4"
+        "workbox-core": "6.6.0",
+        "workbox-routing": "6.6.0"
       }
     },
     "node_modules/workbox-sw": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-sw/-/workbox-sw-6.5.4.tgz",
-      "integrity": "sha512-vo2RQo7DILVRoH5LjGqw3nphavEjK4Qk+FenXeUsknKn14eCNedHOXWbmnvP4ipKhlE35pvJ4yl4YYf6YsJArA=="
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-sw/-/workbox-sw-6.6.0.tgz",
+      "integrity": "sha512-R2IkwDokbtHUE4Kus8pKO5+VkPHD2oqTgl+XJwh4zbF1HyjAbgNmK/FneZHVU7p03XUt9ICfuGDYISWG9qV/CQ=="
     },
     "node_modules/workbox-webpack-plugin": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-webpack-plugin/-/workbox-webpack-plugin-6.5.4.tgz",
-      "integrity": "sha512-LmWm/zoaahe0EGmMTrSLUi+BjyR3cdGEfU3fS6PN1zKFYbqAKuQ+Oy/27e4VSXsyIwAw8+QDfk1XHNGtZu9nQg==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-webpack-plugin/-/workbox-webpack-plugin-6.6.0.tgz",
+      "integrity": "sha512-xNZIZHalboZU66Wa7x1YkjIqEy1gTR+zPM+kjrYJzqN7iurYZBctBLISyScjhkJKYuRrZUP0iqViZTh8rS0+3A==",
       "dependencies": {
         "fast-json-stable-stringify": "^2.1.0",
         "pretty-bytes": "^5.4.1",
         "upath": "^1.2.0",
         "webpack-sources": "^1.4.3",
-        "workbox-build": "6.5.4"
+        "workbox-build": "6.6.0"
       },
       "engines": {
         "node": ">=10.0.0"
@@ -18272,12 +16665,12 @@
       }
     },
     "node_modules/workbox-window": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/workbox-window/-/workbox-window-6.5.4.tgz",
-      "integrity": "sha512-HnLZJDwYBE+hpG25AQBO8RUWBJRaCsI9ksQJEp3aCOFCaG5kqaToAYXFRAHxzRluM2cQbGzdQF5rjKPWPA1fug==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/workbox-window/-/workbox-window-6.6.0.tgz",
+      "integrity": "sha512-L4N9+vka17d16geaJXXRjENLFldvkWy7JyGxElRD0JvBxvFEd8LOhr+uXCcar/NzAmIBRv9EZ+M+Qr4mOoBITw==",
       "dependencies": {
         "@types/trusted-types": "^2.0.2",
-        "workbox-core": "6.5.4"
+        "workbox-core": "6.6.0"
       }
     },
     "node_modules/wrap-ansi": {
@@ -18296,36 +16689,6 @@
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
       }
     },
-    "node_modules/wrap-ansi/node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-      "dependencies": {
-        "color-convert": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
-    "node_modules/wrap-ansi/node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/wrap-ansi/node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 610d3ae1a..22e326feb 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -5,19 +5,20 @@
   "private": true,
   "proxy": "http://localhost:8080",
   "dependencies": {
-    "@emotion/react": "^11.10.6",
-    "@emotion/styled": "^11.10.6",
-    "@fontsource-variable/nunito": "^5.0.2",
-    "@mui/icons-material": "^5.11.11",
+    "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
+    "@emotion/react": "^11.11.1",
+    "@emotion/styled": "^11.11.0",
+    "@fontsource-variable/nunito": "^5.0.3",
+    "@mui/icons-material": "^5.11.16",
     "@mui/lab": "^5.0.0-alpha.124",
-    "@mui/material": "^5.11.14",
+    "@mui/material": "^5.13.4",
     "@testing-library/jest-dom": "^5.16.5",
     "@testing-library/react": "^13.4.0",
     "@testing-library/user-event": "^13.5.0",
     "@types/jest": "^27.5.2",
-    "@types/node": "^16.18.18",
-    "@types/react": "^18.0.28",
-    "@types/react-dom": "^18.0.11",
+    "@types/node": "^16.18.34",
+    "@types/react": "^18.2.9",
+    "@types/react-dom": "^18.2.4",
     "jdenticon": "^3.2.0",
     "js-sha256": "^0.9.0",
     "js-yaml": "^4.1.0",
@@ -27,7 +28,7 @@
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-router": "^6.10.0",
-    "react-router-dom": "^6.10.0",
+    "react-router-dom": "^6.12.1",
     "react-scripts": "5.0.1",
     "react-syntax-highlighter": "^15.5.0",
     "sort-by": "^1.2.0",
@@ -61,8 +62,8 @@
   },
   "devDependencies": {
     "@types/js-yaml": "^4.0.5",
-    "@types/lodash": "^4.14.192",
-    "@types/react-syntax-highlighter": "^15.5.6",
+    "@types/lodash": "^4.14.195",
+    "@types/react-syntax-highlighter": "^15.5.7",
     "rewire": "^6.0.0"
   }
 }

From 46911515d786f7a27b409e9c50d224bbde59805e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 14:28:22 +0200
Subject: [PATCH 1158/2268] fix: Fix all build warnings

---
 pkg/webui/ui/src/api.tsx                      |  6 +--
 pkg/webui/ui/src/components/App.tsx           | 46 +++++++++----------
 pkg/webui/ui/src/components/ObjectYaml.tsx    |  9 ++--
 .../result-view/CommandResultTree.tsx         |  4 +-
 .../components/targets-view/TargetsView.tsx   |  3 +-
 5 files changed, 30 insertions(+), 38 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 150c4223f..4145b0f5f 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -222,10 +222,10 @@ class StaticApi implements Api {
         await loadScript(staticPath + "/summaries.js")
 
         staticSummaries.forEach(rs => {
-            if (filterProject && filterProject != rs.project.normalizedGitUrl) {
+            if (filterProject && filterProject !== rs.project.normalizedGitUrl) {
                 return
             }
-            if (filterSubDir && filterSubDir != rs.project.subDir) {
+            if (filterSubDir && filterSubDir !== rs.project.subDir) {
                 return
             }
             handle({
@@ -244,7 +244,7 @@ class StaticApi implements Api {
     async getResultSummary(resultId: string): Promise<CommandResultSummary> {
         await loadScript(staticPath + "/summaries.js")
         return staticSummaries.filter(s => {
-            return s.id == resultId
+            return s.id === resultId
         }).at(0)
     }
     async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index e41af9bd3..e4f6fa347 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,4 @@
-import React, { createContext, Dispatch, SetStateAction, useEffect, useMemo, useState } from 'react';
+import React, { createContext, Dispatch, SetStateAction, useEffect, useMemo, useRef, useState } from 'react';
 
 import '../index.css';
 import { Box, ThemeProvider } from "@mui/material";
@@ -30,32 +30,27 @@ export const AppContext = createContext<AppContextProps>({
 });
 
 const App = () => {
-    let [summaries, setSummaries] = useState<Map<string, CommandResultSummary>>(new Map())
-    let [validateResults, setValidateResults] = useState<Map<string, ValidateResult>>(new Map())
     const [filters, setFilters] = useState<ActiveFilters>()
 
-    const updateSummary = (rs: CommandResultSummary) => {
-        console.log("update_summary", rs.id, rs.commandInfo.startTime)
-        summaries.set(rs.id, rs)
-        summaries = new Map(summaries)
-        setSummaries(summaries)
-    }
+    const summaries = useRef<Map<string, CommandResultSummary>>(new Map())
+    const validateResults = useRef<Map<string, ValidateResult>>(new Map())
 
-    const deleteSummary = (id: string) => {
-        console.log("delete_summary", id)
-        summaries.delete(id)
-        summaries = new Map(summaries)
-        setSummaries(summaries)
-    }
+    useEffect(() => {
+        const updateSummary = (rs: CommandResultSummary) => {
+            console.log("update_summary", rs.id, rs.commandInfo.startTime)
+            summaries.current.set(rs.id, rs)
+        }
 
-    const updateValidateResult = (key: ProjectTargetKey, vr: ValidateResult) => {
-        console.log("validate_result", key)
-        validateResults.set(JSON.stringify(key), vr)
-        validateResults = new Map(validateResults)
-        setValidateResults(validateResults)
-    }
+        const deleteSummary = (id: string) => {
+            console.log("delete_summary", id)
+            summaries.current.delete(id)
+        }
+
+        const updateValidateResult = (key: ProjectTargetKey, vr: ValidateResult) => {
+            console.log("validate_result", key)
+            validateResults.current.set(JSON.stringify(key), vr)
+        }
 
-    useEffect(() => {
         console.log("starting listenResults")
         const cancel = api.listenUpdates(undefined, undefined, msg => {
             switch(msg.type) {
@@ -77,13 +72,14 @@ const App = () => {
     }, [])
 
     const projects = useMemo(() => {
-        return buildProjectSummaries(summaries, validateResults)
+        console.log("buildProjectSummaries")
+        return buildProjectSummaries(summaries.current, validateResults.current)
     }, [summaries, validateResults])
 
     const appContext = {
-        summaries: summaries,
+        summaries: summaries.current,
         projects: projects,
-        validateResults: validateResults,
+        validateResults: validateResults.current,
     }
 
     const outletContext: AppOutletContext = {
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index cf4c9ebc1..80a71a2b8 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -10,12 +10,11 @@ import { Loading } from "./Loading";
 export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType}) => {
     const [promise, setPromise] = useState<Promise<string>>()
 
-    const getData = async () => {
-        const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
-        return yaml.dump(o)
-    }
-
     useEffect(() => {
+        const getData = async () => {
+            const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+            return yaml.dump(o)
+        }
         setPromise(getData())
     }, [props.treeProps, props.objectRef, props.objectType])
 
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index eead2b7fa..396cd16fa 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -20,9 +20,8 @@ export interface CommandResultTreeProps {
 const CommandResultTree = (props: CommandResultTreeProps) => {
     const theme = useTheme();
     const [expanded, setExpanded] = useState<string[]>(["root"]);
-    const [selectedNodeId, setSelectedNodeId] = useState<string>()
 
-    const [rootNode, nodeMap] = useMemo(() => {
+    const [rootNode] = useMemo(() => {
         if (!props.commandResultProps) {
             return [undefined, undefined]
         }
@@ -45,7 +44,6 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
     };
 
     const handleItemClick = (e: React.SyntheticEvent, node: NodeData) => {
-        setSelectedNodeId(node.id);
         props.onSelectNode(node);
         e.stopPropagation();
     }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index ef04d8c9c..7cb5a8fd9 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,7 +1,7 @@
 import { CommandResultSummary } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
 import React, { useCallback, useContext, useState } from "react";
-import { AppContext, useAppOutletContext } from "../App";
+import { AppContext } from "../App";
 import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
@@ -123,7 +123,6 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
 
 export const TargetsView = () => {
     const theme = useTheme();
-    const context = useAppOutletContext()
     const [selectedCommandResult, setSelectedCommandResult] = useState<{rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary} | undefined>();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
     const [selectedCardRect, setSelectedCardRect] = useState<DOMRect | undefined>();

From 4a493e2026ab33abee5f697821f7e9c0815437fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 11:37:39 +0200
Subject: [PATCH 1159/2268] chore: Add current/initial version of built webui

---
 pkg/webui/ui/.gitignore                       |     6 +-
 pkg/webui/ui/build.js                         |     2 +
 pkg/webui/ui/build/.gitignore                 |     1 +
 pkg/webui/ui/build/asset-manifest.json        |    55 +
 pkg/webui/ui/build/favicon.ico                |   Bin 0 -> 15406 bytes
 pkg/webui/ui/build/index.html                 |     1 +
 pkg/webui/ui/build/logo192.png                |   Bin 0 -> 13703 bytes
 pkg/webui/ui/build/logo512.png                |   Bin 0 -> 26403 bytes
 pkg/webui/ui/build/manifest.json              |    25 +
 pkg/webui/ui/build/robots.txt                 |     3 +
 pkg/webui/ui/build/static/css/main.css        |    87 +
 pkg/webui/ui/build/static/js/787.chunk.js     |   239 +
 pkg/webui/ui/build/static/js/main.js          | 60971 ++++++++++++++++
 pkg/webui/ui/build/static/media/added.svg     |     4 +
 .../ui/build/static/media/arrow-left.svg      |     4 +
 .../ui/build/static/media/brackets-curly.svg  |     3 +
 .../ui/build/static/media/brackets-square.svg |     3 +
 pkg/webui/ui/build/static/media/changed.svg   |     5 +
 pkg/webui/ui/build/static/media/changes.svg   |     5 +
 .../build/static/media/checkbox-checked.svg   |     5 +
 .../build/static/media/checkbox-disabled.svg  |     4 +
 pkg/webui/ui/build/static/media/checkbox.svg  |     3 +
 pkg/webui/ui/build/static/media/close.svg     |     3 +
 pkg/webui/ui/build/static/media/cpu.svg       |    16 +
 pkg/webui/ui/build/static/media/deploy.svg    |     8 +
 pkg/webui/ui/build/static/media/diff.svg      |     8 +
 pkg/webui/ui/build/static/media/error.svg     |     4 +
 pkg/webui/ui/build/static/media/file.svg      |     5 +
 .../ui/build/static/media/finger-scan.svg     |     8 +
 pkg/webui/ui/build/static/media/git.svg       |     1 +
 pkg/webui/ui/build/static/media/include.svg   |     7 +
 .../ui/build/static/media/kluctl-logo.svg     |     3 +
 .../ui/build/static/media/kluctl-text.svg     |     7 +
 .../nunito-cyrillic-ext-wght-normal.woff2     |   Bin 0 -> 28960 bytes
 .../media/nunito-cyrillic-wght-normal.woff2   |   Bin 0 -> 20824 bytes
 .../media/nunito-latin-ext-wght-normal.woff2  |   Bin 0 -> 32720 bytes
 .../media/nunito-latin-wght-normal.woff2      |   Bin 0 -> 35904 bytes
 .../media/nunito-vietnamese-wght-normal.woff2 |   Bin 0 -> 10632 bytes
 pkg/webui/ui/build/static/media/orphan.svg    |     6 +
 pkg/webui/ui/build/static/media/project.svg   |     5 +
 pkg/webui/ui/build/static/media/prune.svg     |     8 +
 .../ui/build/static/media/relation-hline.svg  |     5 +
 pkg/webui/ui/build/static/media/result.svg    |     8 +
 pkg/webui/ui/build/static/media/search.svg    |     4 +
 pkg/webui/ui/build/static/media/star.svg      |     4 +
 pkg/webui/ui/build/static/media/target.svg    |     5 +
 pkg/webui/ui/build/static/media/targets.svg   |     6 +
 pkg/webui/ui/build/static/media/trash.svg     |     6 +
 pkg/webui/ui/build/static/media/tree-view.svg |     7 +
 .../ui/build/static/media/triangle-down.svg   |     4 +
 .../ui/build/static/media/triangle-right.svg  |     4 +
 .../ui/build/static/media/warning-sign.svg    |     5 +
 pkg/webui/ui/build/static/media/warning.svg   |     5 +
 pkg/webui/ui/build/staticbuild.js             |     1 +
 54 files changed, 61576 insertions(+), 3 deletions(-)
 create mode 100644 pkg/webui/ui/build/.gitignore
 create mode 100644 pkg/webui/ui/build/asset-manifest.json
 create mode 100644 pkg/webui/ui/build/favicon.ico
 create mode 100644 pkg/webui/ui/build/index.html
 create mode 100644 pkg/webui/ui/build/logo192.png
 create mode 100644 pkg/webui/ui/build/logo512.png
 create mode 100644 pkg/webui/ui/build/manifest.json
 create mode 100644 pkg/webui/ui/build/robots.txt
 create mode 100644 pkg/webui/ui/build/static/css/main.css
 create mode 100644 pkg/webui/ui/build/static/js/787.chunk.js
 create mode 100644 pkg/webui/ui/build/static/js/main.js
 create mode 100644 pkg/webui/ui/build/static/media/added.svg
 create mode 100644 pkg/webui/ui/build/static/media/arrow-left.svg
 create mode 100644 pkg/webui/ui/build/static/media/brackets-curly.svg
 create mode 100644 pkg/webui/ui/build/static/media/brackets-square.svg
 create mode 100644 pkg/webui/ui/build/static/media/changed.svg
 create mode 100644 pkg/webui/ui/build/static/media/changes.svg
 create mode 100644 pkg/webui/ui/build/static/media/checkbox-checked.svg
 create mode 100644 pkg/webui/ui/build/static/media/checkbox-disabled.svg
 create mode 100644 pkg/webui/ui/build/static/media/checkbox.svg
 create mode 100644 pkg/webui/ui/build/static/media/close.svg
 create mode 100644 pkg/webui/ui/build/static/media/cpu.svg
 create mode 100644 pkg/webui/ui/build/static/media/deploy.svg
 create mode 100644 pkg/webui/ui/build/static/media/diff.svg
 create mode 100644 pkg/webui/ui/build/static/media/error.svg
 create mode 100644 pkg/webui/ui/build/static/media/file.svg
 create mode 100644 pkg/webui/ui/build/static/media/finger-scan.svg
 create mode 100644 pkg/webui/ui/build/static/media/git.svg
 create mode 100644 pkg/webui/ui/build/static/media/include.svg
 create mode 100644 pkg/webui/ui/build/static/media/kluctl-logo.svg
 create mode 100644 pkg/webui/ui/build/static/media/kluctl-text.svg
 create mode 100644 pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2
 create mode 100644 pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2
 create mode 100644 pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2
 create mode 100644 pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2
 create mode 100644 pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2
 create mode 100644 pkg/webui/ui/build/static/media/orphan.svg
 create mode 100644 pkg/webui/ui/build/static/media/project.svg
 create mode 100644 pkg/webui/ui/build/static/media/prune.svg
 create mode 100644 pkg/webui/ui/build/static/media/relation-hline.svg
 create mode 100644 pkg/webui/ui/build/static/media/result.svg
 create mode 100644 pkg/webui/ui/build/static/media/search.svg
 create mode 100644 pkg/webui/ui/build/static/media/star.svg
 create mode 100644 pkg/webui/ui/build/static/media/target.svg
 create mode 100644 pkg/webui/ui/build/static/media/targets.svg
 create mode 100644 pkg/webui/ui/build/static/media/trash.svg
 create mode 100644 pkg/webui/ui/build/static/media/tree-view.svg
 create mode 100644 pkg/webui/ui/build/static/media/triangle-down.svg
 create mode 100644 pkg/webui/ui/build/static/media/triangle-right.svg
 create mode 100644 pkg/webui/ui/build/static/media/warning-sign.svg
 create mode 100644 pkg/webui/ui/build/static/media/warning.svg
 create mode 100644 pkg/webui/ui/build/staticbuild.js

diff --git a/pkg/webui/ui/.gitignore b/pkg/webui/ui/.gitignore
index b2ba12633..f471c1a59 100644
--- a/pkg/webui/ui/.gitignore
+++ b/pkg/webui/ui/.gitignore
@@ -8,9 +8,6 @@
 # testing
 /coverage
 
-# production
-/build
-
 # misc
 .DS_Store
 .env.local
@@ -22,4 +19,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 
+*.css.map
+*.js.map
+
 /public/staticdata
diff --git a/pkg/webui/ui/build.js b/pkg/webui/ui/build.js
index 0386a1a3c..17db0e576 100644
--- a/pkg/webui/ui/build.js
+++ b/pkg/webui/ui/build.js
@@ -2,4 +2,6 @@ const rewire = require('rewire');
 const defaults = rewire('react-scripts/scripts/build.js');
 const config = defaults.__get__('config');
 
+// we disable minimize as we're actually committing the build folder into git, so that people who don't want to deal
+// with the UI while working on Go code don't have to use npm and friends
 config.optimization.minimize = false
diff --git a/pkg/webui/ui/build/.gitignore b/pkg/webui/ui/build/.gitignore
new file mode 100644
index 000000000..c9e9f1beb
--- /dev/null
+++ b/pkg/webui/ui/build/.gitignore
@@ -0,0 +1 @@
+staticdata
\ No newline at end of file
diff --git a/pkg/webui/ui/build/asset-manifest.json b/pkg/webui/ui/build/asset-manifest.json
new file mode 100644
index 000000000..351d6bcf7
--- /dev/null
+++ b/pkg/webui/ui/build/asset-manifest.json
@@ -0,0 +1,55 @@
+{
+  "files": {
+    "787.chunk.js": "static/js/787.chunk.js",
+    "787.chunk.js.map": "static/js/787.chunk.js.map",
+    "index.html": "index.html",
+    "main.css": "static/css/main.css",
+    "main.css.map": "static/css/main.css.map",
+    "main.js": "static/js/main.js",
+    "main.js.map": "static/js/main.js.map",
+    "static/media/added.svg": "static/media/added.svg",
+    "static/media/arrow-left.svg": "static/media/arrow-left.svg",
+    "static/media/brackets-curly.svg": "static/media/brackets-curly.svg",
+    "static/media/brackets-square.svg": "static/media/brackets-square.svg",
+    "static/media/changed.svg": "static/media/changed.svg",
+    "static/media/changes.svg": "static/media/changes.svg",
+    "static/media/checkbox-checked.svg": "static/media/checkbox-checked.svg",
+    "static/media/checkbox-disabled.svg": "static/media/checkbox-disabled.svg",
+    "static/media/checkbox.svg": "static/media/checkbox.svg",
+    "static/media/close.svg": "static/media/close.svg",
+    "static/media/cpu.svg": "static/media/cpu.svg",
+    "static/media/deploy.svg": "static/media/deploy.svg",
+    "static/media/diff.svg": "static/media/diff.svg",
+    "static/media/error.svg": "static/media/error.svg",
+    "static/media/file.svg": "static/media/file.svg",
+    "static/media/finger-scan.svg": "static/media/finger-scan.svg",
+    "static/media/git.svg": "static/media/git.svg",
+    "static/media/include.svg": "static/media/include.svg",
+    "static/media/kluctl-logo.svg": "static/media/kluctl-logo.svg",
+    "static/media/kluctl-text.svg": "static/media/kluctl-text.svg",
+    "static/media/nunito-cyrillic-ext-wght-normal.woff2": "static/media/nunito-cyrillic-ext-wght-normal.woff2",
+    "static/media/nunito-cyrillic-wght-normal.woff2": "static/media/nunito-cyrillic-wght-normal.woff2",
+    "static/media/nunito-latin-ext-wght-normal.woff2": "static/media/nunito-latin-ext-wght-normal.woff2",
+    "static/media/nunito-latin-wght-normal.woff2": "static/media/nunito-latin-wght-normal.woff2",
+    "static/media/nunito-vietnamese-wght-normal.woff2": "static/media/nunito-vietnamese-wght-normal.woff2",
+    "static/media/orphan.svg": "static/media/orphan.svg",
+    "static/media/project.svg": "static/media/project.svg",
+    "static/media/prune.svg": "static/media/prune.svg",
+    "static/media/relation-hline.svg": "static/media/relation-hline.svg",
+    "static/media/result.svg": "static/media/result.svg",
+    "static/media/search.svg": "static/media/search.svg",
+    "static/media/star.svg": "static/media/star.svg",
+    "static/media/target.svg": "static/media/target.svg",
+    "static/media/targets.svg": "static/media/targets.svg",
+    "static/media/trash.svg": "static/media/trash.svg",
+    "static/media/tree-view.svg": "static/media/tree-view.svg",
+    "static/media/triangle-down.svg": "static/media/triangle-down.svg",
+    "static/media/triangle-right.svg": "static/media/triangle-right.svg",
+    "static/media/warning-sign.svg": "static/media/warning-sign.svg",
+    "static/media/warning.svg": "static/media/warning.svg"
+  },
+  "entrypoints": [
+    "static/css/main.css",
+    "static/js/main.js"
+  ]
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/build/favicon.ico b/pkg/webui/ui/build/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..496bbc69cabfce158be2fbc7e709e8a81a5bc95e
GIT binary patch
literal 15406
zcmeHO3v^V)8D6vxTWwWZwYJ*gQCn+UYisN2sUD@R)x%@&y$Qy*0*Z(SJr#<I4`j{0
z0uj{kkSHdQWS@|P@REmsJT&E@fPln8h#&z4l!u^znCbW3-Pug;-n+X5RC?My=VtDm
z`Cs$TKmYvm&&1{G;5ylL#u+Y@om~CC;c{K+a=AKnN_<~(rpr}^y2~$5w*TDadgCmY
z>k_~K1sI8X6j^_Pc$c$$5q)hSqBj@C_1{Q@LcIGU`Zm<B4U}~Ob^D($q!j>8@bQIo
zzk~u!KkI6i3>TnrqpY`<!BDp|0sD@LAJ)rcyFaW?EQ;MI;)}cugpu`jr9Z5l;|uHW
zfyO(s9q;S$Z1GL({u5az%aQSdj=rc{_rwcMlXbpu_p1T_MPb<eD?WS=#I&nqyJt-2
z(|jSfPF#OPTa9+%i)fnyF~a~%2g2cd3hLJ+9;4dC6|N41AuMt55O-Jd-P9ZCQPv_n
zTU+ZjzO#;PVnp@r;)Ut`#DqDI?kI}qUG0zRCH|29s6T8x7>Mdm0cH{5ED!1ok3XvY
zW7L#BgJX;QCBv(4O7+Q<FZl=Kc#Q>DKo8fdFm~@AkLM(R#N7+HyD*LmAlGiZ?+HY-
zc^H?EeNm&YXF+FJYug{k6#Xs)?1m)Yk%WMrMqw<+B;NJnM4Pr5_Tcl>8Z>Y72i#J&
zjhWh4JU^xP3;{i}0X$=T_|7`en?|_eNjHn}vj>i2J%7HiG2+>pyTts}6$ge+?Ece4
zE$|~+BX~8)Z}jQ>XKU^}Fnh&|A~b)<2w7h;v&*-^=MFrV$+|$5erZBpT?C?en3ahi
zVF*hcS!Y)UqQ?Eiub4X+_{RNqFq!H+5u?-db-fzv>Yv->jk_<%1bZxP^fR6CbjCyf
z)ZU*zYCMSkHp6BPKtGj5@#{`^qQy4AhA=*#(N_`I2{xB{)o;l$gA5TTT-Z@K1&1-h
z_zKui4=4C+^_Z8{D!t_U=MR>o+X(#Bx6poAg<st`k8^!eHa<@6u<?jWPriG`-_X&D
z;|aTeDBES(xa}>0adXs{m4@{jy8b(8wMcrh^hUe=(gyZ2+0Js#n=gsj!on8Pu)-eA
zcOb0w1id3F?LbJ&x6*(QxLLxCs=G(TUh}pD!uowyxb}SeBJMjuyHyWieYlkl+DA(M
z$+Eu{=2*UA+ujuYu(sMt3+v0<vfUTfQa;cM*WT}fc)`h_zeMs-eJ9^#J;vd6k0*UC
z$;3Ah(z{}=Rl-)s`9lUGCi`C??7jqi4v`nupP+;SPcx38-|>dJUo7jbWnpFa-(pUU
z16(C}vK>78NZHLY%sH$Lby^3wCMDtaVQs(5w2iR7FG0fySb6fBw7enB0~k~G1T5kJ
zlQ-5)^e6q%8hsJtPOB~pqwYVZ!zS>95$$&>f3E425&dbj#fj?V-Nt97!)co_kDj9L
zO&bX5qtjs${1H!#B1~eOw4s1==$mfFNoYR=9n5l~XH$RBrp~H6TNuWvm9IW7%I6Fc
zQ|q4-4O{9N8%_&iJqArPR!q_+KILXiw+YY3c&t2f`%c(J6Y!gc$8Xv?{*?iTYF;lE
zQ{EUUiYMQ^YFJhNc^ogsK=i5JsBxjk<2p$lL%t8I)4o?&rCkMGt;{A1#$XlW<f3>%
z+B(g#ArJDh<74G({l<EHdp7>?_jg$Fj?*{e#PQkq!!MM%l5ys7;_LE6v>$`-^lZFS
z?O|<>FO>hYW95&1%y+Oaco_ZOD`}&DlNr;XTqx^ME`krtV{DYFGvhVgmu+8WC!;@_
z_iOr8JRhd$nR7rJD`R-tkZj{#EJ>#WY_vqyn`M-~Q5#LaWyedc!y526;Bd~R%`dEP
zRqD9X&r3MQ^a`C!cCyhMcK=m@O}#>Q=YZZPlBO)jPP-4XX!VTmQowkDkGodFSZS7)
zUhz$|+3ocN)}MWzioCN`T6_omZIYfWm#mG8aWfv+>kD;Fvn4NL8wm%ReXR5_cITsg
zPYMP)9Y1S;Sg^VhYp45GD?InVD(u2F5mCRsmg6wM3d?WU-%Apne%~I({g8xVIrpuX
z#p1Ow5eS?6@ir&}XzLMuBjIXae@1NDzEX^=zJ0w_?-B`iCikTD<Ev!7S|(%i^|6IM
zv9zI1Y;1lLH1BBSyi(!hdqQVgCG<%@TkfyUKUcP?Wik#?ZM0=*ymf!7!jgtBs+W-_
z*7FJEp|-c@9lC#-dQu;Z!ISNw)gB!1Ro6@G+i#&PX)$SgXy<|hU9OXTFN*aLyFd9r
z1Y>#Ya=|?wFw`~omgRFE7H>B#5KGoh65fdBIUclgp}}?B7uAN1p4w;k=&ASaX1s5g
zzsZHx|2howB;0WH!gDNn5}>#Fc`Mu(aExH5+hDJUkq=qmuhhDE%6pyC1~9`1VPRJq
zXmH>4IqYsbXbmUr3~0yPl#Jh($vLK!pJI(3;^dQ6#tGkR48hv@nSw8U)>3b!_6rsM
zc)iEDPYr8zHatz<h$FW9W7=P`@$*KE&hXXSt#pFXeB{av(yH+YPg<;=jc&Gf>K-yW
z?wc_FU*LHHbUI|9)d4x@#~@>yyb1d<W9euyYk4W<-yDc`P31o`&^oH7<o<LUd1ZJ;
zGDdPD+!t;1X?FON7Z-{5cdqAoMKjj@KRD57Z+&t<*ks2$RfiZi(;V=WcRs}*(q2fx
zE4rAmY>Zg9c`<d<L|*NcGZP;7NzhMgzDnVrkV&hA{Hb#lD=kk|m+#}8C~B2|?6iK6
zeUT`eJrK0Dm#uim>w6gXTbN@!6G*dP%7pl5F7usE{1{)u2fU`r|IFlD#mbGdaaQGT
zDT?-(X?N!2M6W&d>;qy{?#I4R<w(B2TjUTgl9!zgR=he`Oq@HoB^b$@UZk9bv`4mF
zar~7xoQrXulV(fIkyYmZ-ieMcWL$}Ues0t6dhZ0|LMOa0qn`1$x%OJ;Kv;X&i63l-
zzSHWzmc!;4E_~&`!YcEe_uaNKY4uKm0B&hpSiPw*WL)6{|7F+n{1LIsy^v|YDwmo=
zmNKZh<Rt8V__KbbAz_ZSq)jkqF*wVawaSM+5k4ud%FkS|3d48U&NC_u*6Ijxt#D4?
zo^s=iKwQ7nZl7rS1)RZw{wC0UA5TLtqCe^>b${21o?6d50_JmTJ~OH}$Q&f$=o3Mk
zc~8^!;b%XjA5&>Ky>m~EHT#hy{+5J{TBTg$$OrV)oRyqk^zk(uk6iXJIIDgD@Y1&&
z#NPU84{66KyP0E8=6?;u+{Qgl^2&PhByXJM@~kgyy`jvM9p@6v-)CA=kz+T8Fuy8u
zWRizkQr5P4T%46g^%dZ=0`w7ICv*?lm%+!{<{wCpJc4oUBH%p*zTlnaucUq<vnhL1
z1{eu@m^Ov{%p=7W*Pp7&E#DJ&K@#Wnndxa$)Vlx@pJnmv>raK;gMm+<mgW3`{W8x;
z(#9qefB1~;fr$HY<^~b#bmYE(Id5}q;@ol8m(;};!V<^C1r5$ijNKE!{U8T?!7~Ts
z{Ymc#)}Xby;H1N7JD{r>7#AP(Fcj^)yCP-GR<6NbXDD$=13qPEuDHYE1!k@=w$RI*
zCG%nZbH#OlLmXt-#X?#7VB%!N<DRSnXFJ^2Oj}wa>gq>|4b98N&OKY0KLxIKH*Fvp
zk6HJloYV9f`_a#RfZ<sl*D2Oz<csz!vfH+k-yzrod6-Wy*5km-vj!fjePcumbG~ce
zTV&>5N7dc^8DyHsHG%WSQ{MGQ!0C^%tU_6XwwE}!z2?{$y@JT=qW(7c;hrWO@>Iw<
zjzXVm@%=vh40*RhX7ip?9enK=(*|)@34D8z4<Bz-?~VNq>a;@cJ;0*|yeMOTtcT}N
z_S6r4i+d0DiEBnCU&(ww?^>8^Vj|z(e6;dI&&^naI@53Q95xd_&ULP(<Y(@Wj`KMZ
z_T*f<k4pd4V@h{l?+edWCLFE&@HrI_J5#RWtLRmS#CeTr$48}q^tYM0ps%YBi91!@
zc{Y?Sr{dTz_=^v5UevoiXMyb<9L80?n05_pCJfmRDRx7j%DaNh;oGh0iM29n#<;Ei
zHw@UYUK@z%T`@P?oW-?QMkl<)d9OB>dV`FuGH~v~mvWE7_#C-e?r9F-k-GnscaDZt
z=by*e4D}(UjW8|1`v`ur+8^$bx|8T6N3QkMb)Y8i2k^C*fqpTb)OoSOpX*sUV;M=8
zevUd#!G!gxs*MyBAeS07&-tutCi`*_{31mW{m=CAr7QY6=JO;!Yf0bEJHF6a5HimO
zuiYtGT6IcZhhRr9QeKtDAjGI>E0;LPSyk{3unJRDT5vkrN8@4tNz3vuKdmi>9)@GQ
z-MQKp?__{hIdCX*TN|<Rz#W%Byx=TVF1{!Blxm($tG2thk&L-{Z`mSyn{Ud1yS#eY
zm<+i+@}&)6T^s~>2c77G`7$%tjeBLm>9?IpJnN4(XO3G^F6<lTIo(4qD!uM>=xRj{
zF$nGIpQ@dv@r5oS{{km{RJ{6_n7M2$`f$re*w>$|`10G_GvY2?D;;e$>twsN3?hdD
zTlse@d>j3X=WBb3@B)v(S^7NQ*|*}$Z{7h${M2Yir)vI_$Zt1@QB&{X9oj*e_Qc*$
zkBgJ`m$VCQN3c@6Nb<3k)G6Y%f#`$Xd^UCV!R{u3xU(_S{T1deA-g3XrHj&;4~VV1
z-W4;KzW{lRWr(F5bF`H0=_+>@s}6X_-72^G?TO#e5p&g=-!kv|u56qmcJAFGo~`Yf
zF~7=r2OEp2yyLhdK-stKSSOyV>4|ko>!$Lxd&k|Jwz(e8gT&d49eApaYZ%~;aE@`G
z6^!NMuB=b&JFrX4Uo{alv{<H`5o1`BhVnlOOB<$&4O^Fs@vl6@d+B4X_XbnUl^67X
zy{ZGg!_O{OKx|)08@_r>$&}t=>H0czpS5GpX58;66T>Inw2QjS6lY7K@Ev)k3}O7Q
z1^g)N9eWg`q$G!Y8Sf}rW#>2i%aKfTSn?(h@&XR>Xa;@wPV{LVWs)$tl*Ki9XM3aF
zuje|(`<J<{AK;VxzlpX!#OxDt47u<oFW#3WZ*NS$F4LJvF7$GRp>M-@rS4#uGAGvn
zzGDpD{;FijRb~|q|Ci7O`bQj=u6yQeQ2&v<AFSe?DDSY-yC5TT2T8x5D0x2jFWlL}
z`PP2!%TE+}t#Z&_+pb$WVvRhp2zSm79zK8=+t`i$nqkE|QNEccr;Stp^xyd3BT+T)
zNkJdDcn$8iA=l@0AMAwbLo`o^9c|_RX3bbOTD-YomUw0PIL3X*n>zn5;E5tX&w~m>
k-LAl1ECQML7Eiu)AL7+G?;m^__cBhDe*a&N|4t432jt`J!vFvP

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
new file mode 100644
index 000000000..56667fb71
--- /dev/null
+++ b/pkg/webui/ui/build/index.html
@@ -0,0 +1 @@
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.34340eee.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/logo192.png b/pkg/webui/ui/build/logo192.png
new file mode 100644
index 0000000000000000000000000000000000000000..11f22322c00fe673d7aa1530ecfd53fbc82b2373
GIT binary patch
literal 13703
zcmXY&V|3tLw1!h#Q@c}RYE3(}+o|oTt*LE$YTLGL+qP}@_Ph7~NY2X2TFFk<IXinl
z@0$==X;B1N99RGV5X8lV<iEzQ|2AmIuf6=51=QC7Vka*u08~ui9RmOnATGqO=&XIN
z1!J$E^z!L(NoG3QF`7d}#6(OD8adjuH9~9&D{)MG5gNJsf*D^R7FQ6=$;rt~chm$}
zN?>QfeI4yI5rx8rLi^(Sp1sbHxjepRrplYlV8kRo&iEf>^m3#fc#ghbythAIJiJ0*
z>$!qgq+BcBVwf31A&eY@uAqnJq`?n}A(sV(yTRNw=zPe@nKFXYR?bm7(X~u8FWMib
zG=Z4yoU_+I_inoKbhj9P%0gHeZ+!#W{aBvhn0Zu!F-&Mn4id<IAwg1MR$}OZ?*Pz@
zI^D{IN=GO3;0509V4Vm6cl8F+KqLH`T*~nix$5e*Yquz$Od)t>JIq3x$MWdH_-Vr*
z!Ei6Y#99^_k!g1t{Pzr;-3$RGyO^<N#6+PymkoljH-GU(8w`8~^bPm@DJ_1CdXC*_
zgJ-AZMkCzn=p#ODgB#Fhr0~eYMq!!q=GBIU?DK@%<xR9uBt~nq&$!J4i2ImXmOvaj
z{z6yD<ixT>)gYQSyDgR9F7CMq1#>oDS9#iNoG+T=x_3E%$kma_H-6hmO+$xl*)UM*
z2hrhMjH05Jr{OmL5C~;rwYj1Z`dQu^B6jJ8($aXmS8F7P#!^e}jgy37vD^s9-0=*I
zvVVqyWsLA4je@w^_ij8)dT@BUw^K4^iA#wH;{lNN_3P<QbY0K)<u^kVUXyGTT_q(!
zwDnbFIc}$sNAnHL(x!{p_$l=jy8$XDPX_OglrI<h7Hf^OmrjrkRLG|N*s&P6Tb{AX
zC{W%Y>zO-_?Z3O?vrEjZr1(<%FtAqKfWUifaF~P@;i|3&Key|ro#mw}>!428ftwh~
z!R73g@Wsa{K0H7-GI$PD1qanAs2Gxa)m~tNOn;iE*brZd_j1jDkS8r-J^o`AByX#G
zr#iAT(7csubPxnt<T8rNwxM*UEDU&Kgl7#BmN8v~a7t$e<zCI$DwOs_q*c9zfK~oL
zQc8IovJPjp^($wYt?q|@m68+vy5*g#ME9JokY0k^>AR5st<2de7{8rHPNp#wcf9k}
z`r>u#r@Iak<EDICGBbO)5sT^cPr%->Gd6wXM!=j74Ar5;MAqVDf7eERF!tn)$7`O#
z`8E{^?2~7_fX-=5JT({lTvTBS6Uuu+n?QZfBC$x#7-&*242A5U;M_Lgax^tc-(<gB
z4f%!9f%X&IQ}kMP;SIM2%xGA|&B6U742;jXGxEpCc>%QHcgD<o1z|ruYAWZO65Q!l
z%R^3w0W>K;(K**8=E`ZVj8crXt0mXmcN5r`9bjsC^g+$#J!=QoJL<>P>6}t#(i-bW
zC!GB0j|k4sUvQ(1FHsKN>Yp`ZqMgiB?y+*{Um;dV(>cG{2h7ED_D4}A7*uaR_^52h
zWEk^ZkT1rCe7b;bUOuhM@F05Y2iA7O{soT0)0cs0t9z4mlql_($cORBGX%|FuQ1MP
zeIQx2o1pz)abORL0emeB?Mk9~nSW8F&E`SuR6Kn9I~U$(LOMb09rfOR)_rsd!vd@X
z)I`uW?TCXQS)GKt)<AkSF1M2zeYu1?d{&q=I%LSTwA7UgTn%|StC()AJnC1x7X;dI
zi_;|`0-#z23IU9I;YcMvSRCclAK3KK*l20L0zA896rLniGK0z_nX=?m!Xg=XYcV-~
z|NXYp)?qUMl0|RDL*?dks*Idbc?qeCWhRJHPLu-`I$Qe(UYJt*QS84QqR*me9eBM8
zoDi(R2wFqubW-`F+|J?`oQwKz{gzaY03#Z+s>R$J2mPy@WOf&V+Nm9rVOPtu-4qx8
zzmwW;ugCO|>P+if0gl#=I(lZ)R$y90i~p`b2Xr5ZP8VNQt5zwHX5?LxrG&hsmG)2J
zamZu}X9s;3U@(DSg1Z^;`?-}?!#{GWAXr37N!5Rhy2&~%5i5)D1%@>>o(p>`jV|C0
zo@2IwdOIo~WhUi8bDlkZkjmLX%K{6;jHZo$8?_t<6KwrMS9oUD>E;@Kz5a9o=|;=U
z&q55^D~!xw*o8B>D_uDIsi+Aa9;DxMY)?(&y0W4klQp-XuwB06!K?GAS6I6caA@-b
zf*zL<fd9)$Yx$~1KM$VHKV}TL+h(PL3o|%F_<70tzX<<b=%e?umdIVmi|bi?4LOF{
zV%TryKxA};3$Xt2dy<NA(ED0l6rINtqt=iC_0hje2btnYP1l)URXXo254j_mo$VEM
zx4r03?lFL+uve$#Ogjua?Jw9T7sEW82~c#gLsCQ6q4t@J?TUuh+VVsx^4+b7Q`u;V
z`-1}bcPG#ik<|t9i)<zb_o#^AN}VV)5o43@xdJvQ)22jq5V^~YYyViBTS3Z5bZV5e
zI+o5_CkjBi24mjdCkPDCKLLFc=XbtOMb>+m`31Y#w7R;Ywl~^il+rrF4q!;LhPr3-
z_YD4{Kc>uWo*`acNoK3Fk~JHMQ=ooG$N|+9!AV`=tZOY#m=p-#&FF-Y+3!<Y$vCho
zMpVH9>tv2fyG=y9LZnD(>9IJ_#aN+eYtGqFi4nrXe3`c%7BF4P1f+H;UW-;`A0`x1
zUONOTjo|H>2bT{ewv8vD?*#zSe7Z(gmH|Ku55phvZNN%7t~0JcCXOpjPNiZZb7eFq
zm{7|8EGPzkkkA{F4l>E)C)PYwfI_WUuoqqgj`qpFysq)G`Q>axSFSC6c4J<jkx=Fu
zgw00=G(bNzjh32qwG%oGL$b^4M66-YuH~T{o8rz}boQ$M(){|ig7%(~L?sN_>gRSG
z;)RJj>JpqLF8>jZ#H(KgO<!G1nRpbq7Ow!hM`o*eL;gR37}7FnQ^Vgq!<N5vWfOUt
z&h|b`l8<=Nb&T3xcWukoUT8X28wgrQ4E54l0{HBNnC}zhUwcKR@{lEJ5x~6RdlKqb
zFCdPtWo1M&R?CqtIM|;Va94avVBK5yRovS=(K}Y&P)TW0{^*`T?rtEwdO3J;c)BXe
z`LDv+5`s<VX4?x?Ij}C!sYXAW<l?oO3=Q(rZ(4B|D?Qp9x$;~MXByP&>Ktw~)hwzV
zEnbr@{b1z)!L_=M`o+GTdtX}hlo;RP4pR@uOdY&cSDaydn8#7-8?iclf(_}7_BdAy
zv*Q7L6wCNt-T2(b{JkD_;KknW^7<@9ANqU{RCInH<nUQ^RT@Qyn;{6H=1H3lP?(%n
z#p*B<?ot6w*qaFtdZ+sC8(f*JB!a;`t%bhQs&iLvNinV0?_jLyJL;OgKN^56G40=V
za*lhoNJh4Vox~dC!rrE*I(#2RhahY$=zsv?-G(Q>&)tM3)I!b^OE2BKtR-Vw#r@~A
z196g8OEw4}Tk`p<P;&5Kv4oCrx3hJcH}k+0@&qG3n;?#JVcic5P(yVJC?6$)u+=wr
z`E!~Iuc@MuuO#<(*8BHgvsct=gI*kq<<8YdH4U}YCCsjTZt1~iig%EA&U^2%WMoy(
z^;(1|TDmeg&>d?_iCVjep+qBS;0&VK3v!zGe&9Zapiuv9OIOrG{>N(50+g?Z(g(*5
z_-u5|*cqpPva1J-iq+E(W13Puj{xZJ<9?A=iCEyq;;s#EZQ&^~F_$fIXm9LO*$Xh^
zQ^hX0WvkDxjD?Lc5Y{@0+E^>E7VsAfh0?3amahn2?{!$eKsUgJ+@1cqMoJ1{DZ}6b
zB%5RB1uJn*0FPEB1%_}x#8=>r2raO*mJT!K&vO!?S8vuBxz6{8AEl7tWNcx^!E&4a
zuB$exk;(F~T2ZKb->Mh`pnpN^zRbW63h1*0RtkH*W-iqX1`(wZcCck>$-{*cvcMl^
zIG1E{MnFiY&<l4re!^w>_fe1cssy;<aajQ2)MNN0N!k!o)N6coHDo)Hb|N}Di5t<I
z(LVc)+^dZHUbWTt-hX2Hxci#gf0DQ%2A>=vz${iH?~9@zM4*ku{AAyImIW(dgONWo
zoUZw}91TqVm4fbyzGlNVhTMAq)}5Oe-al;lc1to;*lAadTk{#kWl|;MJ(y^C&?H!|
z(CVoQL?=&Kx;+fTlQ{+K3Ry0L&xg{uWd?+QU@mSCCEja)zHrBt!6fN_>oino+datR
zc#k#3-d7BEJ*!Q7&r*+Qr5;vQiut$Bs}6WNe9SeJ<ct$d4IvBKjh%o=AHf{vV>_J0
zmp|iuzPxaMb~1O$&KJysg^8>wP{eLABH))GV*oL585dcyhTpwM{aCRixtr-3n#>8g
zY`0k*N=D<eQ^PVv1H5pisr4qp6NFGY^ilNA*>&#V3flSST#8A1Q5LFwi7ddi$nqJi
zSr|v{WU^^5!A-Y6CuI7Cx!(j;j_--=E@r2eF3CPSbYxuB3ThWhzl)KG07UsFCscW+
zzX7IwVCk9SzQ6sDoMd_@Q=!q|-q_i$9}2nNm)}2Lx!>+1jir!FY5l1G!f_ZT<-4`W
zcZQB1qm1p-xDZ{9JB9dfcv&At&$EplDw6Fxki7Cbrsgk+ms{oao>2Z?kFfhWUkk}=
z=Ja=xHDHGwvwtXS^ciO3uxUp`F~TZbfzbM);!o)GTsWXtU@XC0`zd415FYpY>zgI&
zpDc2OcE(ZuW43t(T5J16%%PQ>c?(`;a(eF<i#fz$G<@1pN&BDrD6e-!8TxBp2m(4<
z164qb$|hahAKeI2u;APKXfugNbFEpZ`%P!PBeqf5Qx~r(o(T<{H2t`(yH0^j_ff)V
zHrxCOy9Sa-MF%Gtc4XCyc;z}@v*2^IAy18!$Z?rWl%`1fRiWI`W^vHw<msbDFL#*s
z^{YlMsE&QMdDcMiP=35PW<>Y0mYZPq$*9l`EyI5A@{`NsLKoIYtMF+;<6cygab<Ek
zTDVo~FDE2E-SWt4-++95{6HBtzw1uNbThuy0x&K%#bw#kQK@RTN&FDImS_5q1t_5C
zB$>=K${n{PBIQMwTWwE@u=~WeeL(QvY4qGTujk$QpQUy(Ll&VmWlMLcX@nS%Rt;z0
zuh#pqIRf21{de@&DGE*<0QSIKurc~Lg99w4MCie&J>ND(;qAo;%?FDi!enHFwPZnt
z6P8cfz&}pb{q5GH=#M1*r`_0am5Va)7#IMtI0_y9`9cXdxh4ZF_X=LK9ufQCLD>rn
zLqaQBPk+RC65B}n;kT_b8%Tn#V=`<GU5XvV!Js`*V<_TNYEaI=Tne=1yAMqMk5VlO
z6|ca>gjZ`W_7jS!q8_S3nCvnj*&V4t8Eu7(ZLk+Ja)9c*g<lD66QlVJ?S*VhA-EgP
zW-3L^HSDjbvEVVE+F~%2P!m30$)wM{^;=hRlX<ODhg2nkiVEe;p*=UmV@9IwQ+Tu_
zGS748^OI)~A(Cpd4vuO<a=DuiQ5n1UC6<3YhBpII+(3XvqotnR8p9To=2AQ1p4vAT
zi<f>wYbb(LI^&+bi9-7)4gGaoF}k5wFcdE-zV%q`Zg8J!899@yx4Sb!-(oBK^zVc}
zX=xi(t(CnCyMM+M4x0$xADO2vfuerIg?i$*>U$|c9C&?VA9!AV78q}#GE`8F+dt7m
z1#bOO1%mhbD66EHVq54#)`s6bjD<3^<b7qlZoQBhs-#H%4)@%NZw4Ww_Lf9a+B!Cv
zEj$Agv-xq=eG13e?+a2BBHN$Ut#&e?N9kg<8}of7TJpc^#7z!X@75f3qCVA#)P@1G
zrz(KRLyXE^ifBL)D9D53Ug*M}*|lF|xss@h^QL^IXdo=JQ!^nWV{0vPo_mk6B+3yc
zpRO{^fzJB=0)MNQT9P+z>c59++dG;YpU7a7&$B6&cmv8(O-k~5Z1W=k!TTSx7MK#;
z2oPHVLXhiVOE6X0E8f&HsZ%Fm5m?BZ9+kfTk=hOKsZe~iq2eCPoI})PHlQ$`sz&oU
zoP~Sm@NK+ero`%xeL8c_?-oIAC-MgADoIGWIjv4EJkgwc0UeW{o1gM3OTg7SlvXQA
zW|#h*Lk*+6?Rk^TDxFE{93J6k1E-E3e0-mcDy_!{hN*hIV&mv=mjQRVfsK`E%kH!o
zp>J*LZ3TpC1$)E7u9J{K(ye6zI=lZUE*cwPpf5UZbC0P!L}NBc%o8eRal$UpS?gOj
z16>m-&MUuOAr9{fzZI=d8-*8V^phaWU<$EZbC}(AQfvibdO=&6*6W9qo3m7~twTxB
z8WjSzB$bU6sQ}&9<SSN%ALQt#S+#m)n%lV`%4kuNIs>a8`nBy*DP^9Iu(Y^QWS&O2
znD}3r(~_=NYOr1sJ=shY7ml}&82F$I+~E3g97w=LWGyFju}f@zu_9QUcDlq_vWY#!
z_nvK@+c4N$K2IOj6ceo@+rT2y9Vb<L&z)>oos500f^A*Z8S-FN@xFk=Gz!ahVuS&B
z;t42WANW9EI>U2!&Nkyq;j=0&Su<5cjyl*IN>&Ig!f<dbf_JfnQE?Vt@%<Z%k^0SF
zU80oAvVpe?p5osGH(YIc*}`Xpin9pqnC%JA2i{RZHV{1$3s<0Bz{dsClQq;wYEKjM
z2U4hFCfwqA*vL#g<Nk>wv}A<2?K|0ABq?xawWy^t0r8KNE^^_fIcG-jb~c=hj{y&0
za;0J}%m590D8p7cfImyOWyqi!w#RaGY3JD-7<aCE*8ZJJFIXV1yD<{Zn6Jk1$y_z=
zptyWns0kwcFV$gSMiu9nB|Dtxf?hh);OBWB6>#N~)#c!uGet7Sh3Ne`4oTvNno;4`
z=WO7FIT;p4&q~kXx1Qd}WWNBv0w`glOvr8K1`G@y&kiyrDWyQMJ-T;J(CK+Mf{eg-
zE6w&aKRC0z7Jy_8m`HTT>B7o!`iWq7<7G1^iK4D{b>SPyM;?Iz%3<vp{6-AKuLQCe
zYu$Z!5_yw<A(p*xvEMMz#;EblFL0;qfg#9I^uPl)8TN?i5@>0|t+gX{y8QCIo2ea^
zASx%^I}q=VTSopQ*@_IteU>n#e`V<FQnHmYWP-@s3f>!6&@X(;f0~znTrD~>5ChQR
z!S3&#9wqli$aKQ2SbKZFKg{E9g@WEz#e7APR8O^xSmtxq&tn!vCgCj&k^n$_Wq;zA
zAM`Dv;VH~GnZEgN+f{tP6GI?QJ%CAn<L4l`z7(E@MlO)mpmEce*I$YVP#uE06QI0P
z-AU!@v$GW8`0rE4twu=m>C)TK!g(l-IRitx%djDsAT3SP8(raAI-V-XJPO#E7uu)q
zC5$n<^Wi}vP<#<2(vH+LMoTN9q}D1A)V(1`*&-=i){4-*;cZeF2-e<cjkPp7v?K$7
z?4HwUay1TeC9FvCz)FI!+Jr}zzI+hm{Tghc{2Y+gA+mI<wdm)(_I<(BtE0_E-NRxz
zf|@FKLR0J6uqjh8$V$-zfzQYhrUThinYF`STX~|g8*W}<_E=Hmy?Z4JJEq@7N3}%&
z#RwX?0i`M?SUV{*gO;~7r$UGoFsL)=V9bv<1d`<WtH7eUPCQ+Vq(Vw0SBtNoY?u`b
zFr?c<11N!jHncVs1}mCTd$fSrj=8r%sOp>!U<;2#`V;balnGP<`|Sh9?U$#nvTrMq
z2ZvdG(bpSzWSX=I^9<1%KE*Fq^dfkU9l%0~;KTQi(2=GY9xApw<-xM+u)7awFa<t^
zp}x}bi+%Ort@p-!v|K>N$5>r(HwEOb^^?O96vocq-^A~aW7ganJsxg>my^}3eei%8
zyRcD;3X-a|zRxQ5k>SmA{5kCO)4khDq6fAfq+9E22pk~A(|!L<{M-<tIA33o<b|_s
zI6wOBY|8v~DYvjCu&wMCA6%Py*j7yBEQy*C#ybT%>Wi!yUC)@1i*f2chw_?%TD5bN
zOzu;LoAxIo4*TOPVjnwdRe;6}{8+QQ$A!4o$~Fj;p&j~dsOJ(z)R(`Qm7=T_@|~jk
z5`=4&X3i;>%1#Qp9Qsp4m2zOLh$ho9^HGo@wMrANpx9y~Il-2JS7p8+{?^2PEe5;A
z*Gp0%DHEub!<9;f9=fP&6#S^}C{$Rh7zQ5_S~(vJe*B(3nne_Z=$at%l2SZv8G6jl
zr^Ddx^bPGAek=6{ZhRVX7d&mi;x8Xs7+&(C6ys0NEMd4Tyq*G+BLPXoXj3QRy*}Ge
z*=lh=`GAs=5utG-2&LjOb!j7E7hr4Jn~F<H+vp8mm`fvt=U6xwN>BgzR|P=iceE;#
zWQp4yeu~XCS9UAPWKQDu_zkTa8P;zF#U@4EukzvPioqG3@f`eGnW0`+fEdKqZnW$p
zu8zsN#22ntJHfK---fqVE$G70I3CaGvof2*<-SfEcn*nXXvBq@B!?_wPbr4fn}?Or
zM2py;i727GNDW{Pe9~!tQu&!FNhIk}4K1W1G!5a8fLXvIHK<ocX7cUdy&s|*Gk=i)
zY<ZV`>)953L3E>LudT@@oaZFbR$=kpCmi<LHd!-kF70_Sh+=Udi#+Kj2JxRQ2@yGn
z2|+Q@U^sq(`*@Cl)A_ukg8p@}2&b~t7j*2dKa{}+QHmdpYhhXyZHXn;xfF%aQx`s6
zVD1@i!UEw%V4o%hA<8{k6`CFD4u_Ba+iZn!`JEa4+XKq%s`d^AM&7Rurdh?h6RR2^
z8lU(UPven5>^sIyRT5P)U2grZ$FJrs(Gq_r<-BImTq<%Y9Do)7J5mJ976Nn{_OJnA
z1QRk=jM_Pc>KvnyR+Dv{<1q^kR9AKv{)VuT0e&M<v|ncQW$~4yMOhjc=U}m^-d|u2
z*7D?Zf-TJ;K4dE=eM4^3TgNkux?Qc>(^K@%?rCBu7!eU&hg&VI*M`YsOvIU%mlhOy
zPqT>jJ<H_$kZB}XR)*>-Tmcu1Jh@N>?pUKxmKU0_!KP(L{!$Gx6d(8dK1l?q2a1N4
zi@i0ryR@muM9prolt>*JqW8-NaIqGPbw?NA`foj$fRP^x43{-qvyH(#N4IQ*ylI(|
zdKW07IMWZk;ZzQYU#pONxuF!nrC-*r6DFR@{0Zy;!4HgPC0<`ofx00V;8F;CFqz9K
zu4&Rsd=`F^og9|F@^uQzn|Lu^ptrSpHe&EW5m_WI{}%>+tI=!;3KU=aXjXHj_tC<x
zDdkX|Y(MsL@}NR$xXEuk07S0Mb)atchw>#gi7&1t=g#kJ2RBkgZ*@lO4|Q!(^KX;i
zw_;3i+eDsvy9P1FV;L_w4<SkJ@R2xofS+?=F_w{ts+xWFD&R@@IOb>0Fn6I!<*p{u
zDRy4^94Jzbsayb}ai#7xu@7BX!35(dCTM~)*G__?m?rP-3k=j)4Jw?g14vd%wHk-u
zt-QPr3A&ELag(@iVHG=#^Ub$#!@~>a<l<&CIeML7g^(dcE8E5%L~n*fY+j%Ee9#ro
z{ALGXmOuWDlOv~v)yhFTfn|#SikwwWTuKALz2^iLZMwzcNhRT}z+}_oL`cPFf*-v5
zZM)wBgyp;{OzMw$!$jWNXUh23qc<3ZCotlB$d8AAmGW7WYmP{Y3z>|22b9#Rq{!40
z90vwj$rMoEfG&aMNa$&I`*uzRBl`9S!QuFzn#{Eoa{hJMmyMXp2&N<6Qf#L0ElM3q
z?MlJ36MFJj9m~w*G3BrN{*xRKX-{6%CcV-5HU!7q?JJpdl|6<gFgE7PUc~kS?d#|k
zFd&N8V6p&SA`noZq(<A(sllS`4-2PMEk&u#n@NkIp^<HRSjA^eTwq4vi33U$1H<YY
z;q+rMmVKBMcLP?>IhiQwI#;4CP3aVIyZjp`&Z18iJg6N#@t@0jvSjwi;#x$ldZ8n8
zO0H><4Eir>;Y1*%;s-Rn?<baPXjr$$sr?fwRS7zjy_$iqAey2Bph%_jNKw>~$ZQir
z?j&`+5jT3B$5lfB5Hg(E+Rn?@{aN}!nM9yM0SBDVEc?_EV+ib7H8ASAAUHm&@7+Qk
z1sSk3?n%!_$TKNnt{Oz+o?gjy`5ej8NKq`>iHI11F3QVFrUk)}pJw`wqTKIGN4t`x
zP^-M8)<M{Lu?`Y-rT52><3TC@wPW<eYi71QewA%p-9GA5a}EixrPW+Eb`a?1)*%%#
z6xxx-Peh3ZtNsE^X;V40ds&xrZLFLu))Ay(=oF2|{s#*}ccz>58x1O^+GXq2D5Z_o
zeWIr-+llKMr=^WSe4mTOGOyV6YL{<7H0Q5J9E>}oG`6cIJbk&vB8&#1HI^;g&8~z}
zOtyJn@Gzx`=jbAJk58m}i;Ye=IL{~0%a10!Z&)CPi6X=v{4aUEQ20n-I!`|iLtsko
zMIkM+aUvF@MER`2Asvn*{u(3jzZ#WK^`so(zWE4y&M7*V$dX0En?U#<G=Nhoeo{Yt
zda8viCUi!vqx-zNzu}Xybyj^fVy*f3ne{ZG87Av%PGF&xGpo@}np~i+BvYK(*shJI
zz8jXm1eMSzg{opgM+CvNJr}K48c|!RBhxmb?R+vUe`Ws}y!ctGfV6btqT&Ah%K3I)
z%e1-H)j35&hP~WK2+1d*yJ4c|dH%Bn$Z4eCv6Vvxc~(rY_6;PjtJjLll%r@ci_(D7
z4p3NexW3(>VQKrge^qU2K*a1K=TB+>@jgv&B00@0uC&s92(-|`t`InVCjikxiAFu*
zMIwj<(Q@t1!Q;rPvOTSIK8bx^QgE4)p-160RgxYrP<)(=#op<J%)6c2ch;mN0Ldke
zHmLrd`zeeyZOrh)j1~GpC4M*ivn^!v@!1-hd7Gw+EcxtWkREjI6MJ6>{&abA%n<xc
zPk<g&3nptqtq{vH6PR{G)=R%^0-=1Kns5zgE7Wb=r<lg~3)=3vct=!eF`l+B+pOi5
zEt2@o=>5fCKf$LnqguuA+WF&kHo%0R5ymcI7K{=Md0w<E|83W%m6s{6s(wpD5NS*z
z87n96Sr-!uiweU60Cd*>yZ|!l==nO*D<p1ajWSGn=AesyHXJ_E;D1kd4KGDK5xL(A
zr;k>*h5p1|YO~;X&O-oQJ;IJo7sTFytPlWlRe}#XfKj_;{kzsS^7#NaJ#$r%<g4e!
z&@&Ecf)#oem@bIRmwI_t_4rjnboosR#TfbZLNE<sYfpbz==D-dqpn}e3(w~Z`)<Eg
zA+I7`l%LjYB^x-k?lJD~dYpffkb5qdZtor_k6v^YZdY?E)QFHwGo|zEM=G&Xdm3l_
zj^EG_H1w&kG8Vwa*wItAp#V7)7Iw4e{GO<?f3OmH<8fa}$#@wL6n$R#OXtcFlheCd
zfbMepGL`?--=P<IidWxqO@y(vLLT3L|B_PBMSdnR*_}|y)&~WPox~1~rebHar`Y3J
z13&q)yujL)N|oQ8_*e8#Bj6ovbuV0CXSsk6xCs#)7*R}pFtOGK(%tF&?IM^sDY}#y
zg?SrnW-VCa<X_uO!&NS6fOjLReqhzrU1(?@!exs6Wc^E3);=Lo%kU70Q5>DPk9M==
zte+1BLBz~ut1eVMuIY#ePzXXAH8N=b4_LyBZ7hV2*Re3lS;nY*d30Ii#zQGVYF#B$
zBl&<8S~p#O?`x|4Im<}%jl|Yq8g-pk`!7A}A2_~^t<Yu{QV=)Fd?F`Kxv_IlFLH0a
z8*01XgHoE9A&8aLjJ5}H-$R9|h_m!b&mncq!xl>;)P7z}NBI_+tHzrVD1GO*q2;rM
zph_6QHE=rQhQ3l@+_^`ROgd943qz{lZ1Sj{RXc1eT|N(12N>9(i+V?x2(MQs8GaGS
ze?}vvB`BxHau$bTk^3ir$xezbAuK||WeDZM7N(J_su9#zR-GWEkHfcRD^J_qS`Q__
zLq;g)U;tg0INzJAQMF%fX`K7PIy_KC4k<VI$~IsK<n9cN!w!-O^UXU>RfFBh>#Ke+
zyE)`Wyr>5%+}I69`>KGLp(A|EJ@Iw1W$RcRs}4d<ZzW!K!%75Y;qo1!An?pT_;}N!
z(Vwvtn1rkEbJJi7MG3{m3cb+__oB_8tg}#ztDz%we6esdV-A?TV1XQfo{@lR!hQ(G
zRWXiHSUOeo_Yrm0aMC(5x-|Y@y%eeQ-7BqNjySXmaK86MI+8;d4!%;>D}M-VL>B?p
z61HQJN!tucMRW0_H?afZ*z3rh?6QFm$+B5KBZ>6)zIb>>gzygFgaI}MGtQOub3&(8
z636-JBYB;BABNB6XHVoDTVo0|J+x2GjO1W~$Xzb~>@Y<0BbCr(;6AQCAu5joRw+2#
zW<6Jt1e_iZSU3n#iQqe?Z@aB`tpt<pK@bsYb%~&{k&}2G3oh6bbTHYhMlKrpTRqGA
zbry>!77#<qHZ0!^E@UjUMl+yEyw6|yGH-1+b6|qfNa)Ys`s<O@TN!lf^_)H=`5-#9
zkfqXCFbBfToacOxT4GhJVPPk$k*4^><1Cf0hE5rA_+BmL_y}Jp7AJosDTlZ|M^DPB
zW}0PZ;HO4Ejb+K>8xDb7C+-lH@a#*>L3}LbZQ~1e4D~g|_owcfGQ8(!^m^f%Jxi<l
zcUI7f*<%9^=*hUeU$(yg8Zq~HAc>#-XB-{^lL+Z1#$1@NG$Pa}`qL9ZF=SAS*oWLB
zl_9N_L+Dd8d5&LG9A82B9PbhqR+)*e@P-r{42BgxV+J-7K_|D_je=MVGzc&;z{PR0
z4sQ*Rm^Jg0BcmVG<za0JiKa-?->+!g`ln2cjw?dy4cy6<)`s)e3LeWb=aO{K0)5?N
zmS(%TJ>H&rSwb9sQd<3asByS$DIe||>6B7Geu}_uBvp;!$%uX6+j4l%TKP6Car5>&
zzKRR!p<K^@j8sa<j=Ei`@yqR`HtBO0s6l-0%5oZ3c3Gawcx#uzR$hY{(L}LRwwC=6
z)t0DT5&tI(^b=H4jmePwujQcvXZ$>Q|4k|wI4Aea7dw*}sny}2&>^XS9D!Mp_jQex
z8;li1sLOaEfwQGo4A~1+Jo+IOz7F0}{FAv=HOlh!j7o)%(h9)0ANr4592EZAYa=5c
z8Oj-6SE{`KL-Z2MNF$u*^Q;lk_YTKIPFq0_ElSpYZ)pU*FO4h$c2vL{`o_)JzNG2A
zF@|(4UbJcS6w@1a!@1Jd2JO$^QpcDen{O;sgsEU=F>Id9HZN}*e8FviiA6~@ZZoty
z%BWBhTd8X88<m<cIdi+fJ+~AAj4O$`6+f_h=@3N@zi<^CedNJj!n6n1wL&*B3K>`t
z>2UgORu$8DMlGOc1d0T;ciodhquxal7;&MUG<s!~?+GlP!|ocU^DrcR%Eu(%`bs~G
zpxAMykJMx&(3L=7=S`)<-@&e+^zbuiW0rL!nJnLYsr|-LFUcN~z#Lne=7TM>;pf9O
zd`mcy>*y}Psu;?241vZ8_}D^vNl7wWDo;X9*M#BP14v4ev?-jytaK2nn+HVtPT~c*
zmPL-IrPfY|mQbojwbKfoeiFSBGd225_obS|R@Kw4AthI;(Y7GW6evv)qv1Hwic_Rf
z{iE&i4r6cpIr+<@*<-YVpnT^?uL~88q!}02&hF`Dl%)RiH=|oh=(uUpg&7v#T{#!g
zur~{X^gOVI^g$LdNeYI^l9!`!w{;|Z%t2A^=*(RK*XlL>akkT(XcS9$2`J`>jQB-0
zKgUo=`TZmXrPGFIeL{5vVy!~RI|nP-jRC9t6EJHQu=~AS*cv6<<J+CD#KO+Mz-z|Z
ztOy;yFQjR`QV0e_g)QLgk?7^Ad>N=f{{5!2ag-gR9wzPO=x(ao@jiTUvf_62EYbOO
ze)3jqsT5$0>}*iQ<ZyygE^pD~{BbnEEnTtd6$}2=D59&1!x4X@ou%S>iKX_Yh%?yZ
zvNp)f$7s4R>Y3eMTh+-DE4~U}Y^63daLW-^!2{}DiOG1`!_Zu*Bv-m<O9U3ja8uty
z{-s+u9clye2fiF>@S#xHO|2}w-;=v``}5K_lHe`w*Oe1+l?wxwy~)0$FSwpLxk~4f
zUzZAynS>cu>h!AE(^x7Ly|=4)$4|I`x2BW!#-j4jR#oyQ+E&6dIk&FDTC)@KkuX?b
zk3j!!v&+Z*gzJ|;n#F6R*arf1X>W}{=;~p$Mh0=FH7WfvA59jd06*AgG~mm7Ggtp@
zc7Sj!Dd!i6?L|LqKZG|W)xu&53{iY07LvouWi|J<1<P{>2mhfLpKM+pLy13`pk)fo
zjU)Bg`%G_dIf+-@Y=oiM_@V|Rp=s&mDGqdiU&pdb-Lm=lSE|Q`mE-@Ju1zvJwuus=
z5ndqA($gq*Y%&9UiHHYGI_#7v15qVgqlbq3Z)Qe^WRpoV3f0s%2Kr8ZXJrk=;$VUt
zJUY?qMY6MBgyWLS;$3(3U6N(INLxoBBxdStAmuJq<QQR&x!@?-F<$-o2WTL!p`VWn
zOo^*qQQfu3vb7|)6e1v)CjI-gV}XU?qxiN#$>W`jKFc6cWD6%Jt<imc@g}Kz?uU}M
z^FjfeS6Oj8ObQ-AT3lLU`pFm<?_CWRUKaCX@Yg@*l;zu75x(tYAY9*={EVcV9o_g~
zh(j)x>Wk6nhi05<=DX}|U0T~9eHM`}(IxS^3J5LC$HEctYWcjdLC=d<!T*5Qm63g=
zON&jwh(E)FWUF`Go-hfRE}`$|E~n|Hk#W|xs*AdL?PTGuVXr(3s36nXRls7@&F$G~
z*$EdX6v1Uoo_=320A$nQ+t$cXAwjFK@Wr~_z0`~*Hp3U(SUetl*F^bP=D}0p2UJo5
z&f#Wk*;2B2OB4wnt%1$0#{^zLphE4RiscdKCC(su?cHLblfm{}sUn8a1c$Pj5|>3c
z!XP_zq&e_ZLqM)Z&NM4nfFRw|5@Rn)ID1DZT)lo?!oZ<0emK@NUKGY1fs(7g%w+{)
zvwJ$xrv=k6Oyo(F#(XyjOO*77c6hA$Jn3GtDEh>4+=yr#e4drsFz}hIBxrC97jv0C
zEyVIh!9x?YYtSIup-B{EkG-bY(g0#tVo-#fUS%umYj)gVbqKoaCdR5ec)vYuRyA6E
zpg{7-p<3jU)Q_M$>I=x~oNPgNBlVWNSUHfXk$;QLV`gmiAPDGF6WvW`EYrQG#8HcO
z>X3LVMq#TsbHEVEbmY<g^TETj+0;-Waqy@kcM+lF7!s&w@BlF8So<#gHR*Z9@_r@$
zmlEV%3I1a^9~<eDpe`0t`A%yGgdQx{u*q!lVhs){%~~}6pg(LBLwETSq#24Vx!RX(
zETe7)-Z;08eT{8_!fOrCnM-v!4?uVFQ3WMp3V7xQu@+G)uyZqjf6=(!-<@&KYZvUP
z-(;(XAZTR)Ti0;vOL%X+9*fZ{TbA4Wd01IbO-e{#DmVxM$lq##`S&P5=Vh|;PeK#F
ztrs{GSp2xDoO_;N%jtQ6RLV3#XoWxZV7vHP_!7SUb(yOXmCxc=@}h<t4w!KI3EQE)
zP)031g8#Rgm=Jh(Z*LyKmeZ>R4@%UMa|p&VRWxv6Jv#guMf0wSm@-qKb>3=2OLLkb
zbU$&#TMJ6;bZ_n8@FC^VC{VgSQuRXZV*%u0H7Ss{xltz`z?n0MQ<B@i2b~4bL18I`
zr(8A4n1!5$4P>dbqVf@0@HSz3X~~CQHd+=<2E><Os`TG{GaUovixE~+%z!vR=?+)U
zJ*|@beS&TZH!v^LYFXC~39>cOim{~vQpeU)fQM{sf8z5x@teQZXx{D=fB%)iWBHeA
z%XLr-dD4agmsnIwpF2M!iSk#))OgAR$RxE4JIoQy81bJJ)!YT~!Z9rrDE@Yk!6wc^
zLz$YU1cOC^bUa2F6xJuAGBI3M>L8@2b!+88b`GX8?m|+M8QfXlNdoVhf1c3Bs7dgd
znk<q=QbW>3pirBjs^@K^H&6qEkiWJ29D)_+A?dwsNnboyT=TdPV`(IN;o4B^K$7uN
z4_8|Cyfp`5u0$VGp&v?7oP_lCiD2bdk_7GgvToQ{+#GKP2XuUC4s0*l{6ps)Lh;1S
zk_a-t%;eBC*K&ESu$>`NG@`t9ZlEBZXmtjYe5mrVBSi(R_(<UTr~v~{Ex`_#`$1k#
zfatxk^;Q|wz2&2U<%g-9;u_l(EIjwVSWMddDqGjR9Lj^zaIJF?tp1<*hjDz&_1njy
zNpa=YdPb=KVBPu{L!7hnVwWyjf&nL!{V>jtul7|L_&KXn?|EXBw-KfsGVbA3I>Y6B
ze)@Pd(X!uhD_Ac}B<@4zV?7p^1m^uE-$8Hb${}xyN-*ICR!jKLW}r2ivn9Jxqa{9a
z&9V~~QT=9r^FB<Z>jIG}Zv>qGii=F-Z`YB{)G$JL|Ff39s93RxK`k`S14B2FVc1l{
zAZu=v|MJB##q8vFEIC?DL%JkJ3AW~)<WEbC`$28EAmF|qf_6Fw9Nq+|O=RM<dimB9
zY5++bhQWG_j>Ggze8S9MJ|5f8GURs!YYpFj=IK-Ls2?n_@4xVeafvB<X&T;aRk_q3
zM0`zUq|%c>`EGtJ+6Y^D`h@3#!H}ufpNP!jW>o{SEv{7B8XunL&=)!wi}6O%t{TRw
zBy<=GKow?_6~r@nmpDq4qIdUCz+2e7vv2gzi`H)*u`aEC>`3<i3rgY3{bIlV`)oA9
z1g^oyXg&-KczSfo)LCeZ;oi5Q!t{R~nZchO4{e=x)rSQhdZ^fa;=dgIM)pJk3xhk6
zF=OJcsH#C07bc*NjWnoy9oZ6Kal@~m%a~eWJm*n)Ql4MF?<%XqgB8|Cz}{S3<e_u?
zu3v1u8p8YSt4RLN&W9fk@5`fQul;pO-lJwf0-yMuDZclxPx<`%Y)V5%snj%n;d~8z
zQPj@e*xxKP4P3B$X{I_7DcmyKWknAb`2QMwR@k~j(~nqOGv;48R^Avgt7GG+Ir6w$
z`^TN-Cc<n*TlZrsIk=HWEmnUi@9ioim`Uxx#xxugp_ZOlE^!uV0l?5kS(z(!Rj8Bp
z&1Z?l#J8J9g4q_5r2xsN;XI%Msk>?EN9I7f3rxlFBSq$mlE&h0u}oNX>CVvX<|CNC
zRP!PmWdhU8AR1s0uCU(R56`p*n|0CM^CtAA-G8?yZSjCcmZY_jG7!j+djY-wGP|Mm
zzQXsEly~kNljV2BX8Qy{bSkFA+ZC$uBxSQ70MVLT5(?0@<Ip0}oTCu4U0*i8dH#hc
zvHCAJ4liZjpOkvODe5o2SAXmuzq-&%vllVc5`e7|Z^TLZ>iFNZ2hybbHx{XpyjVx%
z3?L=qgeD{UbJK2w%;w_$gI3=ZS4&0mT<4dI48JNlJNpr~6xA~jK2J#WJ?-B4*ln>y
zKlqkP7LT1$q7n~yrWwz<+b4*8j05e#E;yh*xK0qqrr#GnXtTj4&tpoTo*d*W;Iph~
zGQupHh!%JPgR2Dj0Atl_sp<Q>%Io(MY$P_Bng)->rm{qS;Q(yPaz$?T&e(%B>^LDb
zrBHET=!p!oC6ESh+KxXJz(J=q|3rw${y)1&Jczr&;K&@v;3`a<HlCl17j{Atgg5={
zZp%44WAEL%DkwPE?td$L?~v7jOL-HyHK8kpW96<LHrrH93o(ts_~q%Epmx<T@FNL=
zPl`bv*6t5k!Kvi#u<=mjd+K-$3x_fjrARPIy>Id#>hZDW&2S%Vs&qyqp!r2tp$v(?
zn_DEh4-&j1CL~i~q+KERzO^&khghwKqdNt`cPuIkhcgTMmFP*$%F3gqT8**CQe_N`
z50a1Pnrp+4B&les3r`0(xxXAHA)RnS+^vCYjgLLBE&O-DqfUvy9h$cl<ntEU!5y1c
z8{B5ooZ2f-9{&kR=|K~~Cp9F3#=X3pqtq@Sgy}miVod4eQ>6(#nK{aoE?2*tU&}2<
z=l+HlFyHC(7gCHOo>P|{E3=4g4dd9|#B~)veC;m;u&lEg7_HYDjt&nNMgyFnj~Qfs
zsU%fNXmoVqqiO)`&qH)cmfR-kdyN{V_-ri%VsQ}sv2sqMfk~ksi;tMgilbhKdE7M=
zp{dw4=7acv88O42gR$PP)O~RJqQsmjlfa+x{E5iXHbs$=;94W$_p+vu{WNUO4{nX|
z5l#f~9HG@Dd|!U(@lkFwOt|S}c+G(<U7={Ckdz$8D@I1I!7V1Z*~gOl<potW0J@&$
bgK+1F=^KA)H~80|Re-p#v`~eBj_>~fqly^;

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/logo512.png b/pkg/webui/ui/build/logo512.png
new file mode 100644
index 0000000000000000000000000000000000000000..2bc3b0b03aa840a3beb5879dafeaa47c65dd1ce7
GIT binary patch
literal 26403
zcmb@tbySpV8#nsQFvt+XP?EwBItWTBEi#0pgft={NOw0gC@~-<DWM>UG=g*qBB3JP
zUDDkR=V9;te&0F&pS4)RTHencSI6%PRa23>PDD=x0Kjzxc^P#8fP#NQ0r)lW*Pdtp
z3HS@*qAn)|6m>E#0{{|Gkdf5%G+cX6=*ehy-iFz<k74RgNMSwHD?rAb?x<GJTi(9I
zKB3T_t1ct?xY+J?Ay<cO`#gjr1nTUHQno6MeMS9PatjR;fk7mrYZ=u?rJ~qtH!nw+
z-c=~LM|zk~dMu<YZg2N|YgpYqU0?H<OnUz!Pyzu2=u&nUaFL-BzQqc!OQl{T&(xH_
zPZZAPHrbncFgLaIvuwEJ+Ur>~at5Z`v?_OuL~udNT{`B}ZzZ>fR!~15M%|Isaeo<Z
z13L{81GmG$(SQt$>4hYkDnOKLs54Xux3l<%4D)+XpVYbHMm`#Vy<`U<NK>6?O1LIc
zEv@UOp2=C4Gj?`p%)7nv?@xR^EC3h21wf|bs0IVDFj!f|ILYi80mY|Y9iq*V8b0;j
z@#q_HY@;j;3Gh-N(}94R3OyQU!<xqdnxVq?DpSH|6#s^?OCrC63n<2Y<G3XPo^hRu
z$PPHPr&$@%?WBPR1z9gd7Dys5z$LR&rkXh%kPiOpj9iCkcPqU^b7GW*PV>hb{Q%U7
z6@VbJ?K2W|5tf#hozX?Jf+Z(Se`Pk^W-qY1e^6mKG6)=dv_}!&jK!KKeIf6$=i|ug
zqOhH4<U<v8JT~}E-Wc+<I)P=TiUQZ3fXTXWrLL8`n;d7LZFTeFCJc?#g(86OJ3$_Z
zoF`b9&*k%q@ieU#_-yVfk`CX*9#Ma!K&V9lFs!$@bSob#??L3+H2Ld%oz@)o#Vp5~
z@AmxMZuZ!CBmiY4L<6`_ght5eSB<|s3`$3$SBg}hzpFB=nV9ad9G@iUtKwmt`|Uon
zi}`eFcq~?5$=|()!x`ADcIZ?olD?4yV1WoMfOti&f^NJSfb2RWW2hDrh#Hu<rTL=#
ze2sZ25_6%D)76#gWL=U%a-Vi_iwKJBW`@9lKiA-a%1Eru#X#<Z4!f#X>IDr#=V4qs
zsgcZmUk6MuSwBNNm--`4Tg(Vm!JEc|BBIF}h#`P{hsjK>PrXf&4R5;S=<=L)_jdnf
z^1{`+cjCu_fcfih3&^`h!cfQnVIZbo?LF-d0fZU$p#3hz+vvVMuj^BpE3WZTw$1Mb
z%jcVgSy>;V(6oxe(10+Ishq4$Py|96UHXg}X@WZ4KPbnG%<hxG1R4oRttWmtiR<J(
zlfkLt02bOA7>ttw3*_M7#OOv)R95r4_*O#yW<3hoC?*i_o1q=`OL>1rqyGIhZURtw
z>9HbfF#U@afU~CpFmw|EFdrg~-gCo9=#eStJZ<N*=%H~R{t=bpZ-+S<3fdbRx|nGf
zGI}adx67rGaOw;-1(gH>^2!*EMjAuQ6OM1Njq*+NewdhYZ*3{tU(olg*lgd5Kb%T$
z$6%s((yFMYiJ8MC(^)||3&RxyusX_|TDDqz=I8azwIN$~Etn<V9!%Klynxht*W_$Z
z+K8Xd$&9E>90gbq@WLR7MpD2WfMu{E`vw~{t_>zlWw8vrPUU8Hoam))UmovdczD{x
zjkR#)g@J@C##19Fzk$UHLEY?1RTk>@utKYrg~3__-4hlD-0YzZ=Zhlz%&U7VtN8jt
zvOWUAH{n?HB}i}Hn@9u#Lfv&CB>VK|1LBYO=Y%TzN}0WUED`RIz%oDuZA=LYIxP_b
z{J`Lw)?)ZPp5x7$b{~dsa#~O(Vb_ImJ<Y%4eix~RUsJ;UCK#HaFtjle{Nx?k)hCRd
z7e1!dmD@g=@jI9Ol3%(A8@bVdG*MzG3V=i(kpn;v%zDfs(xj#TO~$$Gx@z-0w$1RA
zpyOgyiY$xw$6!i}xXZBgHC{+S6*(5b>B~J;{R^9QKbT_3fs<nmus`Lf2(gXyS9gRV
z5KoYuP~*iH`aRdPjsCtF&d%5AZjNNGJt#T<YG-Z#{$cf4ISUDB%1%I2hW!pe0$?k5
zT|`ke>gh_$&qF=Wi?a;?71c52R@!AOk_Dj_2WoIeg!HI01#Wkw;inR$!T&<lbywnI
zx+b)Wu3Lbg7K?7UA|oRb84a#=d1vSjK?13}EsBU7833A2!Ez=B7iL#W6k-s`tR_w5
zs<-vrH?CRz)9yRqI5<Ai|3j(Bmp4NXe*&@V%Bu6Wgcdd{2SAbj;*TGblXu^B5g;Fs
zp?b7e?2jSeO4LdFn9tNO<u*Bt?-)UH4cUzXwV31@9L^dYw|==_wf8inCy)<yk`dAl
zeB1g?3-bkOwiQIyirkWbDo_IRzt1<IXkeNW2JN|`W~4Z48?N!_xb%R-J^tcmW(;Gz
z^XhV}RqYFXv1emL87CEt)qY|Cn`lWoL&Gj3RWN7;Y(Ohuj6kCSNQbpRs4lC6%5Ev~
zR>!Hs=gI`k-y*!!(Y4#s9u|QE;93SsEYSD_iv^(N+N-tU!}5@#IG64AQHS0e(jh*-
zPdnQ%k8gf?v_5)62wEe14G%FK2*7|~C=7;>pWVNl9Io4do~_njb{{f1Uk<*60}yFq
zn*Sp?<ggfSfd7<HHtF^FCF^wItvAalWaAq(_z0lr?RNlF3M?HEfP}Lf0C7p)Blw={
zKPs2R$R_7&ZvD3cWE>t60RxGc!I_ZZgL>i?L~{sKH3hXGk#PVw1l~eup#ZwH;)>nH
z^~+m%r%j2BQQw0OuJ2v^o{t>*VuZU14E;0)pu><x5-b`4O2UPl+eT7iU%Iu0s?5O-
zGToUSjzxZ^eH1GThye<#!YkLoCpHG_irs#~*2>9j2vUhoP8c5|2jj#@-K_r3ijWrs
zEr#-`M1vD&mPW2WLFPw4LAS*5`s;{9Am&^|df(*AW6Tpe5P~=B_LvJ9Ao*C^hOvmn
zoL#*3=(*4QZQkpdBVprxQQB9H7FWVaf<$6Ln`ed_yG|#or1K?xAj@RFg<2a89Ld57
zkXR3h@ijF1iVWmb?@zISV<!=pWV*!Ft8A~BhX4h##t{OUhTcecg_gM5lK!79K@sA9
zjs~i*L0L#pp+IU+!!5mbhnkn-rdb<Zc%YYG-At))U|?{>hP?@3&Wx{v^3&fTz~B|S
z0F|SK4O3T4`r6UHMc~0^pMa-yPCT~zNYQA9b#yd6m0;||QDDH+w>SAXNkYLF2&c0E
zO*7#f+o174Try=gMT5c^h(`}a{(qNZ&F42*XDvdgxIex)(x{kpR+D-oH*&>O7*;LS
zG2taN+Ys|BJ=spKNRj__x{Ye$kv;M4iaI7&#v_6NcF>*5OC>%vwS+m+A$9wQFUS&j
z>QHaM3w%9^u*SQcuD4*qI{Iju_m^u|?wCElb&TG_ylaqckTA{ngW6z}!ly+xg8JGM
z`wFkfVLIM#{l0(bKkJ%?Hr|J`|8E;<B(@#+j&41`@IIdrs0P1{8S~L(LO=>T>OKe?
zP(+`~)R;9FyqX-3`#Jmc0UQRJ6C|?OF~t@-jE@+@q@KS4WdNym8zj645CDLbfCv7z
ztbWfIOuPrz0p$v`!4L#I80|N<hNoC}<jOl4JMVT{UzuCIAN_0MS04SqEA$qqC5VTn
zGV&adH7L&NVZ~*OV;~J;_#LQ+=1>@vHGRHgF|=n1JC16)hw`_~p4^dP4SW0+iQosN
zG&+Fo`B%6xO`}nR)4^sGbAjalG5uH8(4#8+C<4D8Um|-i5|M!9MP6AeI2<OAZcn+!
zXMLSl#@1kNO`@Xk@rxLc=Fy+X<=MW$iixKSD-pnC)psITD(K)H6^T~SjcnkzhttAZ
z>%+OKUTyWa?t)hQ|NXyqoqs6r#Ge$(?aCz2tVz7Jlj~sttq+_|xan3b;0{SWd{5p`
zo?iLH-98{5B#t3SFVBzH7!ZyM0JKqrH}zc1A}Ag?9Rl8)*}E7Y5&|nb7`NoyS-i=u
zy2lU4%2YD9gvf(DkQs)@U-2LZG&(#?Zbp6K4Vs3b)Zm`}pkf}~g8LvG!FB2U9I59z
z=7H2mWEi+7N6Z!;lo}qM)>mW0*K&cUc7A0WU9o6Skn<0}4i=2-$@tzTUtjIP=gS}y
z?h&uBf4(q4u-4BCI=PEet+iRP2@m`BF>5!f5${`SL-tHR-?)mSMB~V>A51SA$+*@R
zGDz$j6H{jFcpxrP5jkCpk@vDZ1BC5nUe*r@)HUmip(>snT9b)Y6Iv!z$Kit8-<v%c
z0ZB!_@#68o!k>o`v?<cz`0gZTGL<y0b6hV5K6x|3u@F(uh14XU!%ym$>=}6+^aiu8
z%T2fEf;mjs%z0tfg=>qnT61?jH0m5iYf6-O`)33=q5F1)&q7P3sJ7{PGG5uI-gs=Q
zWg-Ra_2kxwEVzEi;L5UMUEGX1*6AW0v8`ZNR*`SM4|#rVn94xe`^}48`iAXLiyYp#
zFzn#q$z7+4hPw(`y=ys<t>$MnFEfMDz#dfHCduP|hQe18J0maK2HTWmeU$1(f{5H-
zL0&K)(4l;KUHCi-sJI+R3nq4`&N``|VRrxZoKOi&0Rk7~-PvFMg+kCW<=PuI^KDVT
zhtn^dn;;rl_IB@V-V4|WsbmfH7ot5EzKqqBq&R+Yq`d+8toK>HHuhHMqlV(#<CbFJ
z7d>hlir!uyPO+OfswwypRCj_(KN=^rTmQY0+<|fFq)sDpBeM92=-#=%$(|sJiZh15
z6iz}lP4KY^LTN}@0s>x*kF`%u5Fw<`(P%hedr3^2DR0nh9xQ_Cwzn3!qyCN@U-c7!
z>zF>Er*B<G1>K$-Bkv$@s$o}45o-8JD?ZnIH@N*+u43}58wv3nJB8!{Z!YrFXMc$P
zR@i?s(bi~jrnm*H>{hcWg<n>)QoGR<l)0Ja)GVX8c7=(aR^EK#=HW2qq;lX_>8{Is
z{fcaeo@mPq0%n1hk*7D6e;t>jO<?~SQUVF79=XO_0ZTs9?09g1^-o@`!dp{i=Y{wQ
zyVZ{0lS9+y&nQ>`FypIjK9(0U)-+0?Z?0ITojNlbSjD+qxVik<^$gp<xkSWUzXoz-
zI8HEMjH1VC%91g(ez#f78;4EA`s$={<ZOi0K9F=h^W%+K8T&Wcv<w4pt+*w47%(vu
z@|}7EpRaQyD4vcBIi0k}R9v$nf9j`ipGL9B6GUk0xsMzzFz3CV%On%d_pGNp?9uwO
z$L%%kQC;wThxkH<lKSzdx9MykYBot+;@@7f#@%6vE6NyX`Cx2H{l=&a)o~<OEIB>F
z6~Immq@Me{Pj*}@^C=on>s_{Z9i|<t*ms;6^;zRktW^WIVIpL(ldo^JojpHf1KV#4
ztC(c`l{x)7FQ;;9m<Z5oIE!GjUhbYaSS_t|v#UmX8?LR4?tgQ^Y{?=!XZmRZp0%Gb
zu!%M&Qa+Ag0sh*JSLuJ1*7%W+=Orl3(#I%2(^a?6>USAM9C*4QlP_voLy1s=q?adk
zQD*lvp}uEJqh1@$-b(KF7jSbaAscM^K4`HE<^NK@p7+Amvg<2$ynQucn``|^`{BGY
z??_VUWK!PL93XmF+$SCITO_-5(MTz65AJ8;eb-2vS`4C=nC3-jk-I9L^ngY()%Vz8
zZDSRTa5jF=b7zp$QL%!_*~ds3X4|0KG|{DeJZ{<B&iUBs6IU*0rhUJtbV35A&HHSd
z3r6clgnm`ehGko$Y$vMz_z3RkwW<I(M#HD;C#~-&mp?rX@pAV#I9s)>PG<n!#KTG!
zUTHcD!D5pkkygfQ%EKv`r=`LL-iQgm1&{h$EW>$q`J(<Cwk(D=z0$#*Hg&dH2n!0~
z(0BkLP?vE!JHLjRV|=7n|LV5enXZhr!*ESWK3r~#B^W)Csz<P^xlG76*}nyaAdS+%
z)N^XRA!_Q6y|^F0ozRnSA!40=3oKs^w=QL;g*)tRVc3E%x;ImcGAe>MkI$d@nPaX(
z^SRRtz`v}pviUd^*W?*8FR#5#|K!}4M&H5fKJC=jN)Q$&r;)h1;^2@vd&}2SaH56D
z`khDll;>l8A(QQPtS%f2Rya^DhTe@1I<Jc*%oe-)hN6mSR=h{?D*K3)Zk+DWp{Q4h
z1KC>@D1dk33c*D>^!|$ud)jPwJa+JRs0USLzhRtOmTcTxkAnE|4`VIw!mv{_*T04)
zGI~Pa7jMoqNuR9*N%R$VJzQ(sRM!`(*qQ?>X5p3z$3*1ocRDlcJ|Ka=D-q^N^QEEd
z_2ya)hb*oe-%*D)7d>I~4>ofNta?&-sz{xFNuqkTPZ_1|V&w+=D?3<K#@$p_ug~(f
z{U!$PIk=N&T6Y<c3_DhWnN^f(14lH+<?)u?$-!$6?}G@j67ft*d(V?pJ$>ygMP@>e
zyJ<gkFH#jB{UN<Sn`&hz($ygH!TE^J_3wt!ICA(k&qG<EN4q{Dgu+Jd+mN=NUuhD(
z)d8>LFWjO182RWEXd{2Uk}v@tt4Sy>1vqV=o5*7B9io|75$O=l(d}wcGUwP;N#M{F
z&+6AcR86griIX_mmTT<#V|E}O&QI{6>UMyOsJ~3Rc8H71+1s&A6^+QgbLz?V(I~ju
z`B82euywz#>2q5^CK4Yla>i`r7hL3b=1-7hTf^S+M$YX)#}>w>AbW{-MHwCMb<ig;
zK=#hxI<ceT5oZ4Ft%L*D`&&gR4v*s$dsf>seB`>7v;8C7X-f(n3j8s*b9SCc14m40
zze&}bEhWvL%?CZwe&PkzM}Eyk1aOiSlfCRsvQF?~BlnZ8X@=bn)T4y=W#<dSJJ&-<
zGWE-pd}EL&tE-ov^e}fkclzSZ$L?9%UNpu!HOu}c0tSLTO7pCfT?VNGD#li|wL?q0
zcx<ix`MUp3*Rci!AJ{7El!)%>e9(IGq#LTTCyV+Z$%6YVAyj_&H`3hdLJnj2x8z1i
z`{?kalp4iJ`w%s)Va_|i*Ad&5+@}MNy;{4xZo72Vq+Zh+5EgPQ`Krm;bL8%zTBq)Y
zHJE;Cl55>Gc)dT_)%%TCgvM)Mx0DoDih99FmqET4qsc=Ar^mbA6k4&9wbq8Fna)!R
z7na8?>puiZe{e~a90YCcJeJ7TN$?(tFp(Sf-Zk<o!~YD0H@~Pj{Q<naV~mDXb&q}-
zPYe5Azo3H-`(SV+Ui7VWPr7D!PI-W{QwWA#e7fr(?BB)b+W9g2#G~vj!52>L7RU`!
z9+QyK)WP;UEk&Wi5$Gn<Z_w{6qgJVp&FO-T$fG~aWjjOBHa7L|gimu<a}$RfHyiDr
zk9MW$${aTA#I1(WEm}|~KU=633=H6fnlk^^j?jI6Z%_PlQ_SunZmj0*&LVWspRm7j
zG4d{Tb+*{$c`Iq(WEbDS>K7>OoDL2DJ!c7Gugu#yD1ho{q9IYT;owN2Y{<RVlW)E6
zwgRU%?E?kImTeN{d9kcpbi^!H%}y03P?sLi9JW82Y)p=uL&31oQSr1WHX#N{p(x5-
zu40A@lfF$u%%q!1YLDA{x;f{eU|xhQGLpawj1d^fx*}J`%;|0!TJNu+`J^Rkfr%D-
z>vxM6imBEvMR7oP!Js#51-eAU^?gy=_w}21?{E$Z82`FnR_Aq}FZr%la#63wdgD@_
z@Z%e8PjyKHCpX6k>lr2V!fsRDrd<yUmjN7f;l(@b*Nfrgj{9uudy5{wH{Us(9~Klc
z5L8vX3PAkd)QMvD2?YuP^ax6o{vilm3bZVROPth$<-NSJN}<DV-(K?htp<!4pbC2n
zxGM0FmoAqEs_novRv9b}wZ4i%7R!xa&u<uQQ`DX<f+^a^ySB0K<mwiF84#Q^%7J&%
z5_RWf12p}QqH3Kc9Lv*Y?)m(F<VhobKBI4_uKQxO)!dNe#atRXm2_BOc|&rSzSQ6%
zxA8R%^jS)Epzy7OfhqsUkBdA<<oA}H4`bNGOyklnxX+bVewTg<2XJGVTob<0=Om6I
zk>G7A#{5SF1u9iOFt(+As{YRW>)E}j6DGb21NQIu1X|1C@{Y^uRc~V7?Lqf&HxEAL
zwyA8HD00>6#6G$dO|1CGCG=%IWp9rs2Nal1Bv_~0FsZ6!4f`?KkRRX2C<Uiv=j?xx
zDqsI{(O=0%$Y>m#Ve<+!${}N1E~#W;acOheW0V}7OY5ECB^qkwxV`*8#$eTAP2AU}
zX5qo6P;l+d*{<O5MDF60&r>YUOVjOi0abq<!my?OZw%d5#7AZXmaXf2zAyGc>KVnf
zlDyzRPg)Idt}K#~5IJrqp-R5tzap7@**o{aR*TMDwMD^}iU87xGpBMj{oMS{H02rN
zf}Exczmae<|0(n8uL(PhfjqI%X$Y6TR%8-bEE%OgpRFxZvO0?H5WhA1_*Vj+Q^u|L
zH6`)c>AX8nkfa2TT2nC#)mAaI)?T}Z%}c@xy>D5se@TQqdR7w7y;RqubsgNrQOl4q
z<n@br&i947ye~Mj-krAPU9NY~{5;bLDMd0As+*;YQ=@X98ce3P(#^9gcRhXfjzR8S
zAWze_v&JVweDp}{SS(6w!7%hDHu&JcRcCviX(o*#=%)8g^UBxb3~xE53mx@^<i$x{
zqLK(P^aAa78xkka>7<TwgXw!#`6!{tenC5W5~0$)34jN$-gX}48tGS`9qHWKFqUL>
z{1IhJ>&2RWlEetZW>@$K(kFJ=$C?Z<d%7b`rFq)g_l3tl2<P%2hOGgAn0mDC`ZLar
z>^)CT{Ah365LTl&9}7Fg<dIaI{{CC0rUy9AHf;3ktHj6JJ}g!DGJLgxOEk^WfpiO)
z3{OAKHmDI@N<KT$kpfajKa5p;{yBB1Z_Bt|S-|wfBh@QuwRfCzbP|GuKA$_VP2YhS
zWT7&=?4xCZ%fZ}@{CXnCtz7jaaqVnBxs8oGsLD1aIH3CORPYr*OS>RBwjpz0MYxT6
zyEg6YdI#p1P)Bf;#zloqEG7K#A>EIk)L@6_kXq%8rYM|UkK`k*A=}r7Dc*U7qhl3@
zo>sE-x%T}pTqoaAiq8X(X~Gm*wsAbQB-8WBknU=NwC7$gzEInT(ANS*TSWQ=E8Jjm
zTTGs_BtJlxtNX4Izt*+_-#}u+M3rfRiAyWV?-n=YLD{9FypGd6k?MP;=%;;4nK|2U
zOmFJc`R)^m*3Pv>4mp$+w+%*Ee`zgtQ9%#9uH__<TzntxVpeE&5l-%B(7E>a_wQ9d
z00EF6J{@>%JUm<^?8|tw{`4a9#|M|q^0I=qu{Wbfs0UwnZNRcSZADv<V&|jmn2DF4
z#1lyFXT!dZ#0e7VU#d8Hkpu18eo~86<LAzb)Z6*Zr0D8uMJCvLm8@yEdva0P((aQ(
zB|4QW6_uu1*CzN#2x$iO%-?by)NW8&RJuM8Fk)xv)XfT<%cyntCI>3TE23{)5JW-U
z<(_R>lhlZ%Co(^ZjC87^+}a^<=%sF`9W%fh=CeQ_X1cu0(W@3@-B|bg9Lb6^3QR(D
zxtd0md+idnF0D+nwV+<nK&Izm3h~Enq-bArpIAk1(JjxDoo{l&d0T&~OLKl!XO=VY
zD3<gtMgG~Nxnd(ZWB^voNr0Byy7fG+!(2o4#p;xs1vkA5tDjf@i=s6o@O*~Iyu_NI
z(U_y^FnQ$A@i(LAD>iAK*WV`jNRJ{BK8Bx0&rF#fR*t^?XuUg~lM{WTdIY~};l-Pa
zvLk`YBqx2LI8Ullelg(Rc1MpLs`$fF^xImEcHMf`FpH^Up$^ZN_APFH+{WQ!N#?hL
zC-nn*p5?kXh5&GTLon=?h&&bh{uozjAp~vgQ+S%|8YAv>@|sgkQx@o-ik~RbG>8c4
z@=VQpFUTw@^kF+9Z1BT1|MxnwuKtoj{(5}y8&$W{-vJz>HBaYj<Y_h8c@I9?4&Yh_
zCa7slBpYDd54Su;JHBW2Y`a)I{q@7FXFbtQ!)5jFFU381I*8iFXA=U+<wvii^Q}2B
zgY(q8J8aO_y8ic_=A~I-lEsbGS6MH44^l_=?Y#x&QSbJOw?R=(#*BC^4=Q`P8-+G%
zLnkj@hGrXcuKP;@p4KI!vhl%}L5GH!R%Ch~-e@l4O;`VnzAn(7sw|@+MY?(~RZ2g7
zk|?}Yu|1`WGP9>gCd#P)TjXm4&_$<uM0_#P61|WFj;zaTTH|G~X$FAoS<<UX=kyxa
zzki;`mrBHwVx8T+`wIT8sx%ZTe&d|4?(3e}8w@jhrM}QmLG6wASsj{Qw7w!Pvg!X=
zEt_I<p(eI7OT2R9@|&UrYkC~_dP%WU&FYv1<y0I5Km+U^qMFNo&SGU1JCzCbhP!|N
z>c>}I7<KC0fvBm_GQ&!kOYkZt-}*cDR{Mz>jMOLZ9S?bt;_gd!EuB2jG&|@ye0gAC
zJ7DdtVRyg+^rzmR(L3}|NMD|`u?lMQz>ka7T*qT!EI@~VHR2bXvx=pEcDl}gOPu~l
zJA=jfNG5wjrw<0-Tfu##FZ9%SejJo?XD8<+D^nc0+`-Bh+L-WrD3|^jkSViz{a3N(
z<*FxPG%jHpg<<6gUNl|)xv>%w)qW62(}Q83hXLGpM-C@wrV6Gyx(V&W!s`i+ow@!S
zce?`UvfO!=`Yz^1AS6QwwZAWP)4*Dk$g_nsET`C`3$BO|0%{L27GRdorzyY6bX>@?
zy+hV_;jjlIp*(cHuJd6o=V)f@xh*=le6WBoToFU|v!0_;qTFpRB_s9LK$LkB7tT^%
zeO0H>UiLv|I>UYHKl<fyLx0;Jv^W1ShuRyY>T=cm4-1f-WqA>poA!9y;|_3$hqFvv
zvk3ZMc*1I}oEHT)*PBAQ4$Wfv{o_})_hE9sZesZzN5}%5PI$vd%q>nXLM^`B`4t5>
zmg%B)HN6xrA*{VIvS>Jf_hQ&@jmL1}=E%LHX={h5^w=z1;QaT{Nw7t0pmkSY4+4-Q
zE~?fm=jE-%=b=WdSPp^7!ECp{G{1+eQb2QN)VUUm4`xnzO5ct1jbRo(`n}l=5%Nj&
zqMbckX`TW`*wt_@N?SGo+Z14S`AY5Bn08<H=j2$<u{{0dP0$qhDHZlYfm$HOpPlhj
z5DyVS^oec;XdT&a)Gy^PetRS(W3*#_JwFGY^Jw!oG4@&hzJaXmOHDj%)g)og#mu&0
zwTDt+$8)LFimeS6U8TK#@hMT81znZgka7JcRz+y|@E%z0rZ*$?H|631z%sB0EThb#
zYs`Ds|EYQUvo+E7x)e&~m<OBO`a)D*W+e|{CHp+8JmW7Z2uc`;A>G}Nd}MS=j!IG%
zUKBFIgtJRQf9Lb}r|iYu&Tp&99SK?<eymoXm24-56??}&Js~!_P_M``QFl7p;h~`;
zh7{Y=81s?a8I`!`B5wv1nH=IC$9~P2Y`bINmq8hGp!9lMZ0$)qe#UA<zC;IqdsKvS
zTlu%D!4}*NYS+0k;eHwh2v!MV9cB8Q%8k|_S_>$4U5S>OD?|M-PWL9cm*(?|Rzi1Q
zl;RzxVA7483*=V%K^r-1qu%99YG5g?@1opLvDtstRzUlg4ATBSlNk6SFfz#hIhAN-
z8U4l-S{3>S!U+cmqS+1jxiRa4cPdWs6#Ar};UREiiJ0pCVM451Euew36#T5G0975X
zamtBF3W<9FL(8W>4w<=1#p`~^JQ(6V%UWtbfXxN)N(IreB|wb};g$yI=9M3Tp}Mc&
zj#nrFjp)kZ>bLtZ&`uAfDMTKAB@%io(Ar0{S-hXH?No5D0-8Qv@T}c8nB0#qGUAPo
z@*QpZiML4?Qsb+8>S=@K+-xd8>V~gb;X%434DLDH2%RaJm+Uk`d=uF|728j^|7z>r
z>n>eltQ%{3Bklp6F&lvgY%8c&h^K>p>UKs~btc`J^<KV1E9iC}v5g8Iks@EoL&J{>
z@$1dL%BOuj4yy-rQBZDUnaW?+n2$AYV|n70=>{t2KPL#MX(bs}adqb_d)Xv-F_XV%
zvPU60cp%ytyTp_cMko7hwSKHHbTy%y-TlMA5BI~?u1or-P&CrC2R~tdZ+7;|G_z-5
zXF(^lr)xV&I|7($8PuQDyl2C6d|MVM2zkxmR2QzWCy0PB9H47N%*)0*X@6v<QHk&i
z-%lH>3~?I&!73-lXz{je?#V0+?M3k*f1jGQB6}{kQHl=kYqA>bD)j9!zU(7N<BhST
zg_{|(EE?mx8$U@6`K!FMo`|p{62XKq&0qmo&?=SU4)9yq-tuxr+n^=>Qu)~r>Mw_&
z9=dDRU1M2pM*)`K-t%=*sHgr`xr%S{YI2+j723tEEY9msQ*<HSt1;-~XI&}^4Bl?5
z^9?2Y2^#$!Mo$*L5(2HuJ5sSu@87NT@3ZO~_1~iNUHCWG+?i(k#lW%+ayPkz%q(B_
zZqY_UrSi`LAxP&jnOMrRZz(T1d;NN-{w<gic*neiTK9M247rzDA6dU-uuVV!^+$qb
z7DAhx+B{@8MC#rk8*ynG-TE6hW|ST?e<j4SJ7gv-5_~y`ztm{PofoDHG2g~~o-u<%
zx(QZ;4}!svzHulNK9uq!<?+y4-Q-p(`iN`;hSo*^ivDnWaG@hUyvNv!U+Q)}A#Xy>
zr|2Yiwj5hUu-Ve2*<YTN?X1$!wDnUVy}7p1U^wnvt#j>FI|z0WuCRY-lW<H<ZnxZe
z%|@DKOKOPVN9*01z21S3G8$lO4g025psaFZc;LrQ^U~$>cQ33OVHHLd${mHVDAWoQ
zDIALp`5oW`YW<h}iPrDxcL@Ukwu{p!qZN_)8QTg}pkoOfY>#F}lpkpQ7!KQzK$P%3
z8gJAD0<w7AbWqE$$skB$OW&%Tj>?NSd=-^sG`!Sktka3Y$6rSkfKI3@1cEGHzk+A!
zzO^;ksn1n5PU@{u?2WJl!~K}I4~O1Uwmh0TVKudlD`O7yL}{DI7~NUg#;9Ou?E(RK
z^jGuwNw(QBd|GIc5C{d}Vg1+4Mw<aKP4$9PH8{QlGrcMlJ6WfaukB)Uf*ggqgQb}i
z5E%HZz48J}n?kN$B@?31l=#+mC@r?JZqVA!qM4rJe1@p>h(c`Q!*Do5G2Tm32m(2N
z@!Upx!<p4z8TOHql7GWUK6&7To1Ec}lC)`;n8W0gaFcU;&pYO!u~tHK_tgK!VA+uX
ztG%<q<R2&5K2{aBgqgXstUx7TCZfPR$px2lrw&K>rg@pA_LuOZ7g|bBxnWo;JKdB(
z^CU8g9zu$&PrjT^)R1Je1kBWPHl^3I?bZ7znKgAi;kMgkDp?Oy*XxaE%XCaNVqXQJ
z0r}yw(Yk7JQ%!%086;t!26vXQzsQUQ_IuQe_h2eP=_h_9uMpNqqVLdoE7v5+CJ2bG
z7MnK+5Ztw%bq)G!rI=<oE(5lCi`jIB5^5t|{Pl{TQp}wT=nEalKPe}oCW54^m6rLg
zQkXnRPV>JLXs?{-L;(Rciq*S+Fhchsi$>{_6r8nIio?i`SvdE-m*EUA+li0Qu7F^#
z`qXU7FJj2WbiVhqsfv)YrgvJ`2T-1x|K$}@M3UOt>=t(MwSGe~=m+gAe|5u4<fgWw
zg<)AER=7GeHh+<RQPAPhstS}>ue{%J$0S^i;yGH4u<OFK<OkRdbKt9k^p6EPa}F!Z
z)(e^HK7I@~DmizcbCDh9`Lf}8hEg&q#I6iBI-Ct+Xl)4k?!JK7{dF2n(n#}ie{}Pf
z33FnH(hgU(K}L+T2n-u%xBVf`yu5<Egm6-vz3r<_bMf~#DjKV9AD^Wh^E-_y4RYst
z(xJg%k9*WnFX{I?9i0-N<_v`qGya9()Ksvu>DZ~58=q|EAA<AG(d;E>Pucj`bx(NA
zQ|MLq2Ps9LgNCBy59-$WrzjP!P1!r!C^6M)<W9D2{XDYTSxV3!Y|b8i%*NUo_?zFf
z$R)*BkGR`HF(=3Ur|jVkJt!$2D1*wZ-(r8vzrCknMgtgKbjk)&PK@R<c#?d*|6H-~
z6`+=9Fd18DmnITMt-<4ch;V49nsd9El(5s)@abG*p7;%U2gg$D6D!Fgzm?Blg#v<G
z<9DsxHQLv@XIa#iz@Ds>9FtvR-{POqubf&Z9HVz%MsyYx?=RSx{ZT3BxvS>^`Cs9b
z&gZU@O1NSh_1-dBdkonQJQ9>3N879e-%06_?@BjxzQl?Cg2$N3G~8Qi{Y4(QA@m6>
z{qPjTJrNQ4^;nR+cw>lvLd98iHaXdKpA>9=Rtkrfqsq<U*iY{M1{1^N!>)jEPoByI
zE$a_U5M9yLyd+QOyd8~K=_XAyqmI#WuT^*3_hGWe)hpz^vFmfP-^G|3aS)CFgQYRK
z9&ms0&v-2={)EQSR~EU0O182yCveKss79ss<#m3xY|&g#9rsL_-PKy4mDyOPn6mrc
zoUo(Rww0&`LI?=$d@*KGHZ}w5snl4rdjUBWB?6%1$9<zsd?eG#H|5R4=WhO7I4p;)
zrI*0{<>!P&VhrIGwrdNr^u@QZaG#)ggk+k~2$tjiBdw2)E_PYPLa*YlYyFfPsMJ#e
z4YfuRP9>^Nf)$y$$7D{q1a3#**VAb)3dAk#s;4LxQLQ!dsFrwj)Cgs^_|nVVApy4p
zFD6vYkNkQH_f-3ml<+sNIt7YYe-l?yEiSq}C?8*Lxgod>!Xglx7ex6grGHdIEpvE7
z!bFKoxM~NJ1%jV0Z-%jMzY{!_(0B0f&va@qPc~CwVLfwyj}zWb^H{k@6J}0=*=7NE
zNHYvpC+sZvO`!cukfZ)kdzYTU@BD-B^G6=GVcRm7lQqpF!$HuBtkqHT4}ZK?0@NPC
zb_l!%2P5$Qs#4O)DuY_MLdrpFRErWy?mhFu*P!{pk4hHdINu{%5a@Jazt(B#Fu`Z=
z(t%Kw{TiuF@AAC`0Ts71Z_pR6E#$u$VCK#E&c|USLkMOx0Yb0BkVyz;kSA8I2s6+b
zF4AT8NFHeqqB5CgHE-a}Uw#@AZ_Iu+;+>&X7lNz7Jw4|Co@q0Q{pod+uY!&|U{ThO
z@bp^yQY-ZBV-Q$@P`Ll`o2H+-fz(*gSJTJXO_SAo4y}3YRFw1}wxe6EO-${-cKEEp
ztvo!40-RT{qw~R>xtzl2M{9Znkms(_Teo_5*Iwm;Lhl|3?&VOy);p|rjBy#ldJ{qM
z!?H)<^yxu9f0;@65->*wL!*HJr2i{U<h?325MqLD>WCHJKk?ldR&T;A-1doz2Gd5`
z5*H%x-H9EGFcK{`0FwT!jp~mMXlm*qwRhf$s$UD>AgnW4ZJm628$0|Tn-#TgGO@C2
ziA9Gu!-^+(oLo%e=waya<Xovc<;R0^bf#@N(Ok~3fMUW=w3qgBpXWnfv^}nS3DQ8`
ze2T5G=A*cNpH_k4O)CmGDKv(>QLo|Ubp^C2NNLNj1-HPGrniY}Xu&ZH4+8!g9ZGYk
zKl}hMYLFC9(8LxEqQmjX?||)>f9jDts@Jv&pbBhT4xrCaeAbhr!vreP&K_$|l4XJy
zB{}}Zha(wj+3jA0yxWlNlv5}5rcx||LV+EmxJ-q?WX84<#LMUPpFo6X(_n;jkmoB(
z#MTu;1%-b129>T?EkU`>*5VT^hrmUmm1}&u>soDfT<MVfa9a>_0#LHtf}E+Ne^(&y
zkimp|+QAZS6oJM&EIJ*uXwVkoMSsHS7_8B&;;0z(5bnimn)mK^{CDWhC=s<r;5}(c
zmkIkjt<EJ9Ofb=pp0dNCt8m9o9XG*p5(okjodk01&xEA?C0nCN->CB~Bm^=-7#G&^
z<AzG|w$R9~jQ>9<Ff|alk+6#FT#Zwt|8+YU_^^=pPP;8b4UW|<<I{T_-hisr;4?Tk
z|C%RT9z$96doUt5W)ZiCHpaWU0^E#n`kJJfK23hJQ>IbDXi|;|2nQe7IHJziD<sD0
z`kiq~KklWRKJ%;1HS<~Cm3f8i2C>{gc<>I)+M(8(mSME?$+46gRurbVXXcZ!jTI$i
z(?AS^*e~ESt02r#0V!A*SA!T|Lb>@wrxJr_avQ(MJ%b^ke>dO$rkiayn%`hKjJSgO
z-Zqf~Sds4c;xmxG$4Wid*jcV%P3U)yx5ywkz{{IF<jH^aBu|7EV{$0{BT!(mFL1X4
zoGM?2d=A#Z(6`U3Y39Jx!w)up(sl*WQ+-DxVc?N0Xjz;k*r%<2hugYeXt~vPo3rA=
zv`>-hEBV!1WC{qU)zJlG44z<iO2)_smAOJ5Ngcs&K7@4qJ`cnh(fhK?;20oan=jjb
zjlQx*jSOA@8cwVpP8>vXHGgXfpu&}2qKlhyWkA-mTVGQr3<muY@AJ70YAAB!rmP<b
z4+|Kkw6t`P_n;<Q3-$ZRp+@_^wAZt)j5ouP{R(tNSNke8kg|~*>-ed}9o$m4lBT8b
z>X}dFLBt?drc6)wEdpp#YkJ#!b&x%&I;C9tAit5hj8Et;T$S&(+E+KWn{y{>^zZ`E
zq+%uIVF9I^HRh#e0|sgA8M;)<Q2>{LvBl@9nJ&TtNwhymot;BC9T6*tk9&n~9lu_2
zX*y{fcSr|bhD6!~3=P;n4}2pE`Ulub1j1O=a`fZ}uJG)bvlx@>kmxv-OcfB^j{g5)
zsaQZw9SDwat@j`+enJ9iT^vhFD5cQgAyU2zzP-8PkzSBZf?ksgPt1S|^MJFykou#w
z7er7+5Y48Rp)B9a1F^k4z4h*{&+}{Y+6}SK?!nONVrj)SEC9uzW7@nFa0G+9+ybA(
z(Q})9IRq{3<5QD=#BWHjMqtuptF)XfenZf3`&rX(*=j<N=F!E$sFLTY=ctm^3!7GM
zEGBphDFi;e`t<c03_KG7@C9&#+A_Qs7*F!g>ca7pioswCi*<#3hW!&%W9Y<iu8`5}
z6y-xKHWlR8-!<Z|6f%It<ty~<{_E}#iqWIMIFN?XvZ#_jHNLA!sU<$Kx?<KhWT&$$
z?0q%f34yr&Q1HU?{Uo1Q6M)W(mYpYgLTga=^4;w(3{d2SxXR0*qaD?kV|ZNjtVrH6
zM@ANqRPY%#5UJieZ^4vik~@Vzchitk0o!BX-YP8gwmfrb7&OH=JDXU&;s3BO63XWL
zIim8=tc_kK;;y8~5IlTBx^L1T;uXPZ4<n9g^zwK~z(e=Ep8qH9)_Ys1t>a-r(8*fc
zug}<(IVn(AxZgkVym@_HCu)t;y&=VsghK)bt&?f<P<g;a#6l(Ye=Xt*MEB@33_7&~
z&UV8D+xQH6HUxGfIW4i+-ynT7Hw=4S7Qxa<wR$gK`o$95HG)>qv&Sm2D3Tjb<{D%Z
zTvJ#2+AI*ZQZU|^dITZ=jO|8l(FI%qWlBfxHglLu-2o+9v7Bq<*Z(qORY81Bp8El=
zcgh!Eh4vZ7gTS?G(A6u0bK}!(5a^>yp3Ot?RB=V-EhF4k(O6(E>&ZteZ-^rrEelmA
zx+<*Egy#g{t{+0yB?@HrgF;*T9{DytV28T7JZt!+VarLrPOB~-2npbTyOQ_xg~ulo
zB`se@vO=0&RY28LwU7}a@9FF;6ny?mq|hY%LOa&~q{=H|H_Y%H_5u|I<dpxZ4$tAk
zL4~YaG?pKvd`s`Ck~q@Eb<+fhwx@Q6uF9<Kf>!M6nG|f^F}Ml!?i2^SL`TAKFxv=@
z%KH{TK0w)X5Flr<rt1Fr_+8_iCLECjz&Di|_)S_ZB}026-cxRkP5v&sX2|#7WDGaE
z2_<fcqv67s42mocZZy3$OMIuJFet*4{^L+mcft5fxT4Wwb1Qj|w&6LveC|xLHg}%=
z<D;9R#9Dx*_G+ih+Vzm?U&U*bCcaFjxt-R6M*&_DiMKB9xXdjsL~<t_@ih;Jf>0j*
z2ZSP6bT6Uf>=(Wag3#d~Ev_d~hXN{E%feg*es1ffq}=;)krv@9EE$x6BBZ~b{tssH
z$&o4y$Vut*rd2Iz2-ebk=OnzCuYSiJQ_{ScO<VtgzJFJ-?P%@v#lkd7TiVAx|AYGe
zqG#y3mdP1X_Ux{0*C`8;J|a35$d1wr^VgZ(Q%%T_$P%ts7MR#<_Z-hNik>K{^6rk*
z<c!FmiZD+dA~!u%QW^H}E@&p>d1C7|UYSWm3Z(|-HU&L6w0p!PX+G9qRL*jpuisHT
zuRohg4YRrM$dZs<=Cc{<t4LK8yKmw{*|QM8wzUcRe(-09(m21S@@^_Km<>QF0Z-=I
zvmZeu;QSB>rTv5|{xcXsF8T7#^DAm*$*iFy*@@Hs{SX-~15M3yU+d3?PdugJ1Xk{r
zzM<4Ym5AifU40AwKyPm`gOw>7YH1uGystAvmZw+a8=v!On&7_$=yV5Yg+2Uu<6!+0
zx5O?*r}|Ll)Bkn{pfiXZ1rM_1p?CKr^m=#GcpxC^c#1M}?x9==3mgRTUj1NE&^y`!
zHEj3i@l{)8Ce!dh6t;~_S;|mjF&+c~+64d-4=2gb`#4cC90{VziAQaQ2g`PGc8`=U
zJ3s^xSNo;XrtcZ#e0A=yi7P+*2y-xUpJ|_>yN?tsgnu)-Sg%gR7DN8qDhZ4fGczSB
zh5QbcEC>~Li%|Z`H@}?KpZ!TNz6fjK8I3hR`%&mJ1O=1eM4TmaWk500e@}hM#%t28
zR%6^?x-?u*MtG}S&d@)`|L8AXld0Q(Gh_>`C0ti;H0m3*xO){A|3kz$mg1oW{hqiI
zO3Sg1$~e}=`TR#&rNk!8NplB7kVt%VYT6=C%L63gzpw3rxsUlOiQ4QvExRQ3>0Njo
ztS%bAv&Qx02hG$enX(@T&)rW9<kPyqbkDb@6Fj+psm)EOYhfrWokvhxrfzXe{l;H~
zhv&Qz(-iK#7Cy5S;2Q}8zMY*P!kGTOQyt~fJKhLdm%aFTarx#11M!J|&rN}gQsXm8
zu|8+@TXNJ^)^-c4%~pwuk^hr3B!WFa>a&RaVeiq0gA}o)ps30Hc-0|-Hv~L2d%**E
zB6Mm%c)LZVLWwoRhvM4`mhV3v7qB=EY*SkGyVtgUXuZE#_hbt5^1~NVt_d>Ubf9st
zf#-nt+CTh(;~Mv~pQCGSMfj1M&Q<4IvA6aHPVINzl3>0M>dPK3rW=7M(&{$c(aa;(
zA5{O*7m9M+CycfHV(0#O2haEH%#Fs!@^~eFZ`h`*xA5}lwW-dc-wcPS+f=5dnp=b^
zLpE`m@9wSS<LqOVM2D~T=>}K`3`;jG{pO(#RQg{YfavjQoZZl5>%lOALsi*cg|Gjd
z=0^$Xvq3+hp4GIw+X*C3e+@>s8nyZn0Ui98N;3Lh5!b+Z%YU9BFB;HJCLR$vvWsS+
zT^V)$aK2Yb+?@tAjx<>GU(JABEep6L{~6T~9z1yD6Z~CFNh19X&G|T&w*6}BZB^M(
z8KD2!!YK*Q$u<$4`+xdWOc+o|a6M~mrD6R|_>uuu83t^e9S$(lzW!H}z=@>=A(fA=
zd0k37)VcL1Q<ckKrzZ8B3?zudD(p4)FDkEtz~Ayo#pZ7d17d6c3Ih1=wc8+jVlDgK
zCqH~aInx-kL9k+%d{zIQig*w}m`RHA`$Jgt!?%2{ZEt3Ux@dinmiJ`1lQylMlpNZ~
zAgc?`Dg2|%JW$kT1+#&#Od%Ju1Llm$Z*Hiv`s;Fi)gce`5hd_!^0{nyu-5_6|L6=r
zbYRwpjM6lW-g#UMX^D{E4cBycl^QMy0phXCB2jG1f7d`_8->V3lT^kR5p5sN;6SI9
zmPITd4BE(NfA@bBoraG){>CpW{o%m?PN2;b4H{k3EyYWpcZm(%PI=9B{evVp-5EaY
zYWNBN;L`%;AX4+H$kLmh_aj$c2w}R73DPZoM>+HUK4$}Dzt>f{V^gfvXxo1?qa2(V
z(EhZYdh|!85&iZf#Xl&Q;oDuSBkTkvAg<8|_j8PlQo7}}F|zmr&@efu|7|`<uF!0O
zw&wv)MR6z!BI~LlDa3uC{vIq54V4@G1xp#oVm?rvs#&QTpjgU@$y^2_y;?l%>Lqo6
zspMZ+LNUdq^9z&qxeR`~DRU;xzk8oJFk6|(0L>M4pQbW`$7V%()jZ_eK{5}d;#7|m
zm;w}88@~V?Q!ris2fQ%!j=54+*roMqE4d`9KyM*JW-lUruCYNAwo_sMghVt`wB0v`
z@+K8H7!ySkaL?vi-_1Fm)k+Qs)VSjckg=W2u%AD(hn;xoD-tGEOnC!;f6J6~&wmeD
z+OxBe7TWVxvK6~|gb=p<%hdl+uv9^k*{>#!TlYv~DyWDYNFI2m+I-{a;2HsPIv&Ut
zto_wppZun*Z^xX5FYm@O<+o2P-J3o=KRVUgQyNgRZ9z9_w)<Jt8V<jMFxG6_=rS-N
z`TD~R+W1^qM!@=oWCb5`OG&KH7s7XYB0n1}P54C$nY0==dnY#P412emf2AJio{ZjD
z5!rgWM)Grz&TD7Hr@6wlBiF{L$7M?5QmVo8fQ98(36;S84t}M2W;lEE{ZuS^3dZzB
z!2@GuXj-A<js`2<5b`nEgNJX^*q~gt6VV&(n7Ka;qZr{&`BghpGG(tb^NQiHGjfgu
ze5|X5@rCuP@|Q5}Y#+-*d<%w6#RQ!e*R7EpoO~$$Q-j?@yzC0U1rF^e^-FC8wvy>k
z2q`#8MHmRoofSxFw4b3<Lzbvm!Ko8Sp!#+@#+0PouKLUUPRtE}sp^R^7+MFCVW)RC
zE8XTuzCU7f)4^ESuc}|a<n3igj8j5nb0>&T$}T<m6Z&&H`I#4GLKKskdey_hG}h#L
zEZ>A{=w^knN&71Q!fjR**rQCKoiYmKIf6$tQdZbEAH4b6nJkc?q3~zI_+vRN;3b%Y
zAob<?e=UO05K<kK0VZiy9V_AgLca~fp4<UxW^^lK;(bw@C_+~iEJu`1hoM!ij;~<4
z_0925Np9HK6>5Z*>hW>hI=Hn(CHC1xYB$ZqXh{}-aPiB-isoK2RH1$U>U;2Z9_|WX
z{|YSE=PwEf-iX!QYb`gSK}T$$me(4-L_R39u&D_fm|v`&CWBqOn&pHnCjzE>u~Mx^
zf{4Of>GS%VEUi$C|3gn7RJ4ihbGgsQk2aZR&Gc-NFfV1~+VVLy+5Vl%;oFIwJyW`=
zd=C@;RG~@nJ2#d$E<jlEWCVjz+x~foZdLZmHiM{54l3U<A|%>UO7GWDv~#&^whFEN
zws{Q%iZMKU@n!yvT|K^P4+G${ezF1`{2vxzqV&K-D=YEG2Fa{~0``7khwoeAh!}ox
zcIt<aR<QqP&iLSF%;3(#`{pIakoJ<hGGK)BZyy!M5>J{{o|KR4LuS1}@A$*1^bBgf
zkUYH_{&kJo;?VG=P5cRA-TFV7U9`18&tdu(lH&8tLLRWx#+*==FJz;etB8#cTP$_n
z5l+t?l_K+U@ou)~kK8vVjCF%;dA)U^LIP*|k4yhxD0&vpy#mTPVS{y~v`}=s`|+RH
zl2`AoiVm0Y7Z87XJ3(f=8|>FxkPz<iH>vynrT|QNUap6C*A4GiOrG8Q$W6IHA_h>9
z0@<kb+j9uQ`x=6`z)l&NhN$8QH2Me&^CrgHv*tm+(2`G|DS}b^DPNv^vN{s@WYuC3
z%F9}t&fvCV_Ss(+?DlfWy5^n4r@y)+H-4<|Q1r}&F#VCk2ThYbhUuqifazLW(34${
z{x33<L`Z;r?RsX~2;Ce5h53z?IP1c}DL#|7w$JG>nkHJm+Gsxiud+bgrK6gL554gA
zspx)!leNxA*@L5kpF^lMAaIDX!}?r|oPp9%MutM!`23t70c89NUXSYQbB_%mGsTUw
z08)YLyi}%Z4&bRTNE1zy0O+$x-w@gvI##G|@OlOhWDA_wqH<@&EhaUFRM^|Dj?f2x
z0P{FcS(+Rce|!YTr2l&xFBdvK`WwowGH%M)o;LT^;jgxbBc$kK%yi=dy&2UtaMDXt
zj+~Znh@x>(rc(h-go}9ogCZMzOJc;tP%fQ|1OU->di8zz3S@MmU$(!-6J;^hY6`U5
zvSx^saNWIzFA2y@HQyiA_jp1xqTgfjisXci7YkU{hvE!iu3yPHF479SJT)r{V%~vp
zmVDgSnJb-78n^a(opCRf@3DM0W8poaB;f|VSDMjH!7wHe`*JyWX~eJw82e~^)q8P9
zF4p&|?Le{rhV7+Nf4H)S*U(@@m%{rOO)-51gBS|FhlaW_-yG_cDslnK`-$Xj*Ka;O
zZ11GKW73@2iMM?zhfXp5Aa&<N;N4FpAQAF+Rar1aSzI8m=4{mK>@ipgAQCgR9TW=!
zLlt*O#u|cLf1uuM=4`F4$2?%kj~on$&Ro9JHGI0?=bU+#bel)I!+IhKSO2!|_k2zj
zkJES>a1@9WR3mbZLrmQjUepjxc~%tZ5M-?r{5nze{0BF7ygsk|4<lRhZI6VKc6)Fh
zNLsKcPZa{r)@>zs;S70}TJ2{Z%dqpn91k{wo@ol6>4QZ8Kg}NUAv$o*`5cS0n*)Iv
z$1L4x98B`S^mnvBPOP|4LBc@bixX2(gorWqe9Zmb(uVFIVO@`t@Jwpium*rfUB<JC
zD}TeuG)$>=7TE09H5l>MZ(#Hb(8!H;%>0fszu{^s>qtJW#~z@YdhT-JPn{L{eyaa$
z7HvyES}I`Bva(}iOg8!dG<DTsQ8v;3WvQi?25C@Q5KsXDsYQBekVa`~L0VWsBo$CP
zr9(=Pl#~!@MM_dqx;yUhec!#$<>AlScb}O#@60*p7ke!Igf%H-c8%LmI4=Z&%Yua{
zsO%LJ8S;V|wRSwh!Xf*LiI3iKD3PZSJtGLkXKkUm1_`C7XW6k}FHVvYoZ~fJ#gc#~
zD6&~k#_q_dPBQoBKnU8v6TS|E%ipM#ExE17+K+o~f-fFMgKdUf1_Ho@i#To4Dyt-8
zWU&0eDLp<)N6dXyYkKD|&Jqi``p&wf@w*Av)})^%lwqsGKA*nY{rIIUcS<-(osYZD
zKHn42B@KPR>aVSQ(d9;z&b~s&{SO}#cUMaTdLN}D4nGay=$CFDHEn-|&S!?(=$1x>
zs=?bl5D)dkRk>7bi1!n2PE6`^Xcq4OX5J-f<8a3a%)Iet0I*KtNH-W!RmXBJf@g2A
zT4*;aJrt=U%DPB2$|+0MOUKWJmyLF8%Qa>tIAPp)Gr4RH#Y_+R=qCEKi^}JaW$vq;
z>C%1ha~$Q_g@)2`dxaNzC)R(DU8T_#KTKZr?)&Qry4-|DHekHWS*J?GJ6p)q<CkgP
zJtF1m3Fr~4CWX{Th3Wz1xlBj~gX!~V8V818r<jM?f7m{S<edHBb!8+?i*qAJty&`^
z@atWYzkWu=ml$UQN!yKC=VhvH!>}M#aqrS^w2n0;boVsKMkjhl!+!E<EU9zd=P>v+
z-X*KfJw7+H$d>tSS@3~#Wc+X1uR9)9^9<+%O51q-X)F5e&cKzTw|93hsvT2FZE@gy
z!N9--Fx1}VTj9Cz4TkYP)p}(v1F(UyFP*&AvDp2l+NIC-O1wG~8FhTa=Hu;O&Zb=6
z@1Ob%J+352XFRiS(TK;aXb&n>dA8<<+iY+cY?&fT+23nn&VClzot}X&M14c{t)##a
zSQTSph4YkEnxP)-sWFZ!b~g1{ENzj3?GHL%#XfWOV7{JXMdLg9nzuI@fR2!>235Qg
z3TS=(nIB~|&Y0}FVJZ(4*B<afv3#%)k5PL+;mvIl`^;=-qu=-KSm$$nvO+i5^F~P;
zQfN#@Mi%>Ci)NcQj)hpV@idgLzBNzP@_%uWnVj3B*HLkw<K9V<ttreb4Zgyj#my1c
z`IIQ%1KdBZ6$RLG_EJ)>D*Yvy4)08qKwp;u<4cl|DwLED1F-se1>$q2569}~)>vLP
zVYl2MjTXLAiX<kenVOTIfB&FBE8|f6IEGZf2IvS*C|n-gSrPF&7kWBCv2RuAI{Ys+
z=wg_*s$`v&d*u|!mjwns&h6JuS<r9RB*<V%iH4n4PtxA%r#@9x&^*g3q3a%BjIP3y
z&dY5{;wjwi$c2=B(}T|MD9##I_P!0ZQO46GO@}S#YKf)fT^R(MKY^LO6vX#EHg++O
zG&TNKrQ%{4+@S=lAS!)F{d1c0Jzy#<80Cqf)gGE!+IHnB)RZUNe?Sc`+WxnHn-zyi
zabG~H7UE<ZoOmuwzWgqzi_{)#s642TYPu0Y<6l!JTM?e)uc$Tl_Vl3bQ%w{;2khAQ
zY~$07!(>Zt|BM@K^@W*q)Di5Aq0q`_I`t+Y*XWfT%%iUEs+7q1mU(8W1uX63EN)rN
zjUFYu(tlk)*qCH)B1ABLnLPbP@J-23I0OfqQypVa8D6l{3!$z)r$jmg1`;(t2b0(<
zL+;LeN&b^d{vbK;%7o7w)B5M&bowTD6a7R_*q2Wls*k-&$ldMmhV`ui$Zff|;pX>c
zNg>Oz{DGv;mO4e+O#-s@lBj(HfO@bPKULsVhbg7za(f<@C2lVR;VX>cu1LZgbZ^<I
zRZv3>@36HbF{XhHSW<yC#))l4(kOU#3x@ff2c!Ko9&+ipWbib!%qVu;Mc|JK1F<ln
zlbP`DaXELbz1ts1SYVG(neL98HoAZOBgILxj^f{}PjmI^c_-Kr8$<gzCI8e_@@=mM
zmfm<37IUTa#kWO8*nC11IQ493{W-s-ze~&c_D(fM&;r^xp80QEjRI)U_VTI?9m$=3
zT!_fkdQEX7Uqav3SpABz5Lz)F=4$@tc+Ych)s&2*!kRD=APvSwHi9|+?RM&_Au~jH
z1-rT0{RUnb(ZUh!3YWLtQB&?(Rb{%J%i4@EI}}Q^If*8UDuuGy=WkIu0n<ZCo{sE@
zTvF(z^vGs+R35h<sf!;WDV^2_(k-$fbL6?Bq0?W)@4KE61OQWNRBZRq{E$we%rq90
zbQ+0YNBlmUJFs{xZW<_8^P4_Aa9Us@3^={-+Dx{bAovv5H7n>eqAiRcMe0+eu>U&!
z>5*y#yJZ6QyBPm6O#<j@u@w_OyDqs(t1bt%Kk2%)YQolJ05ZqnRq9U%(o(tntbeK|
z9R)+qIQ4F5^$9YuvCa(KCMjf|;eU+Br522VF#`tsvIS#O!iN|8)<m<FwZGkaW1Ynv
zR(9Q5cX?ONok6ki_dmJ5P6%4bR7!vnS~Q*Fbp4`nv7~JIFj3*IChWT}Gh1%(tP;8U
zMo)%Iebu1FWai!ds8}XR>k-Bd?Y}elzp6mzb0tG33vnl>h!LPE2i_r(#$Xriekr9=
z8YLo|?v`3-e8;QMnKGp6Cs_`&k0D_oQ}`FLl@OIHKFpOx7CTJQ(038r{*&zGX*#%2
znsXmObvV~vE+W<2^a2>z&F69c+iJP-*&K23xfy9@aR3X<RXoZ;;0=Esc#ue~tQHKq
z_64;WE=8OWXWC`fl*j>-%nd>gX69>5Ff2JhyPZ^hHzH(36|`DO<)t60fowE}CMuS{
zGC(N2;f_`b(>FarFjRnkPL358?swAVcjkW)nkh;4@^Q3M7D!BQ)?e)KG&!Qyo``o`
z7Cp686z$R0fpTavMq+G}O8(fhSR+<|K?StLs*9z4@tg(a;QsDIR}t+6g_iZ_>9#QA
zf~O_QrmLlXA}Jdh0v-#5|5?1WhoC>1UJ7__l>KIrDVrqw>Wx5v0#Hg^%QN!YUrQ@g
zVSHme$Ns9=kEvzie4MU&`imWw`J3qf^W>ny4yYIh+<uK;QyT45WbbyI#**SQ@OE-T
z$!}+*C`Arv-kehXv5-o<VlSAkbI*SPIEm!&-a(^Rv9zaAe3fbw<No6A7@_MbuHiKE
zMgD%#{?D%`Tys=WVAPYMhR6=0<O>0kK1~t-fkM0Z!eKht8TZ}7KYgx0pKwxwRV$nb
zu$V*?G_NIZDE%_ts;h``a7bQ>#IAQ~w)c7!qxQ1t;1iko=qpm50-Dqn;M63-%z3p<
z0FwsT6+D*D7gtH@pycYN(^c1^pj6$Pbj_pmBemY98!P2sMd6?Y30m+4&a?o(73>kd
z(7|TnYJsOJxxb4cz7x1#I?w!vc_D{M=;qkJSoU))?W^vYD|97}p;MDy9S&UOv0YCe
zYkxkz8*LKLBng7n8|x5Y!YynfiE^@L>kQ+qY&d#lk?i$j1;=fVdxZEJAmn~(3Ef#l
z8kr|1@MQrFye_JAV0V+vAJKk!?lfN!s-;Fd6ox%@Yz$?SBrr1rUn~IfI@3`6D~rg?
zJb(RHxMRhKfp$Lmj`{Z+#Uq0LUqex`_atk)9R71%&^>C^b|mQZwghX<`MciYmdU7<
z$v4p{vV@|Fi{>XB^Hl`urGytzJskI@Ur0gi4b2q=j_b1HMWhjwe#1^o#x2yyFW3-L
zikDcTf*%HBKD@2l+)|syKvv=7&{!vZ(H~m;UyI#^F?ZXoxrEMIAqFoN3U~-+WX22d
zGJPv*QXS>AoSp^e!)C7Xe|50lpOxSL;J3E*^ZZb;=<=6bE-(zV38KGM7i(0-3*UbF
zUW3hWSs$2E^l|%%N!YC+o74R7mkSzQzmvO<?*2dX4?P>&f11iX@11Q5J6&q5CB#F~
zgPrgIBLKKMV-P5RWkZZswkEqBWqL&c+8@!m15&DInVo!IxQmhyDP<&9>}ZUDRuB2A
zle!Lin0~j$$=~m9v__VJ+<)LZML7(s?V4&tY>jkLxTe%ancX8!D6akp6j6_-20807
zT&N&R-BcwZv4g)tNY@}q#5MppTL|urVaa6n3og56?F5J<v~cmnH5nv|T-?XgjJf{`
zV1%}h)*)MRis;An??Iy8ZtMB79Ex|IyXGQF`jt~5GaqJ%Rkt614V+Z`i!+L5sCxB}
zjUBNrcOzD1rrX)mcj8!5_CU?U;xco3+XEN(rL|CUuzriUNDB5x{CEIal>5$2VFV!Q
zw?!o!glWy`XBEz4k-cB*`D7{B{U+J4!K}Fau++Y{HnB@stbFP0(aoBV!y8^Q^zWt-
ztJzgL&~whxNvjt?UMQ*m<Nl_-ZlLmfgm;geb%K|Dk?=82|Ni6)QLZ*;hPdk_Zia#7
zBM!#3ZP~d{FfIw!>O^msXuhmOBDXCJW46=*j~r?byZWN#R5!?Q3yk!?9=Q|r85d??
zxJLMA9hXss^4=3yhelENt-J6~v<4~Ts;NbRkt``rD3!J06fsLc)@)AzGxPP~v9z3!
zs65Jd+tKHGN5ILIdeMMeyl7}mYOXb9SmZF&Smg8CG%dsUqdVm{6G{*^MQ+^eUhEEb
zHIw(@kki+ccKy~bo+*@%y+F@wHj3_}IHCn(3bP6;<>m_$W*C|HK1%{1)Cz9rgeY&e
zrWym<)Qr-znTz4H$s~PcA~AWtJltv&h;fk*!S|ZrH&3MA1l1l56@Ko`5XdU?Im&Fh
zwIqMR_}vI#61`Jl(vFIkyIuOJR~V?%bF+~10fhMebqDSzDGdhwmx`!0kJ>x3b~7yY
z!nC%{yiZ8}JGZf9K*TY!DjiBkXr)Y9tOP))P%Sum;6~&3PPQO&!GpOtJPZWmT062W
z;c7y6{<P#OW^@<O^5!{Ck0>xnQsaSF+BS`LAlXe2!_10oe_}(fixD`#Z~%l5{9#=+
zFn!CIw~4P^pFY+3vSMoZlO?^9G|>>Ch=w-dR&;}}e;W$N&40nrL5xlu>a;|wiZnT_
zb)ufGv?<44AK-OoFgs8rS+?6IN+pCh`~iB99=~vE7P(Ud^s;)+wAwK;HcMJTMj!0K
z_i9vn`{(<vcrFt%>5*9j!2%CTq6MhrGQv)20oNur6sOp<djcOn$*Rb%=Y;?D&`<YH
zn)w-0@tbjA(>2BT3pN3NIJV-LJ{9{(D-k+NiY&$|sWQwaTq+@^?ndQC|NaGezX`c%
zD4hAUvV=}vUKau50W3eMzlU-uzG;^3E?KKKmC-^EO0Oa|l#Tc>tLSyqUa#+-+;dj?
zf}CHD{~Wc|JTqP&V5)T7nJA8nfV$V}qQikum6UWTpD7su$#kv@ak!8|ql}VahZBwo
z1FPKe;cixEIxw>xYWqgZDoEZrh8ZS;<|r7?Qi|$neN6H8;rXP~S|=^Wsaon<ZLg74
zGrz`(WaE{tdkO2yR+5)T?_Do_t;rq54~PV%i2*%i*q$`Eb5V*nP|p9MrbGv(SbzGC
zO0+=ik{GI4kZT63c4sEMG;X+RR-SdDet3jvGMXpQ0_F=gBeOe8sXd`tD0b}9qqDoO
zXrg-ZEzR<byE)t1L=&ieMsM-N51ph5hb#DmmCzZ6Ib$*XFB7wnFQqRp{f3S)#UEY_
z6mZHC_WJi8C~oNRA)c8xev$BFyEWyA)^q36)epJm`VJ4x)RiFA)L4HFn@H$A(CL0$
zGwSbh;IUNA_iLNv!bj;1E*x#<&5*!QaM%2<e_NFw%Y{dW=Bd)Mnw->n^^5FB!EDE&
zz#<Rrd8nhH^TJ{2RqDH|pQJ3~obwBKpn<K!Zup8UDgqQsTU&xHr|w^B&e@WEuli)_
zF{Qb&%z4wmh4rcAGUCU?^X6M`YRc=_yH||F%qJHoh;b<K+7%(~N{YUeJ1<(2B_Cgs
zz9eGJ{9|Mm-~j@0dc0#q5QRHYo)TPHG8;Oozw|YAWo(u;c<m(N^Gwd|5aM(9nYX&U
z*#zyAG@<!gA-_#-Wk~}TP~LVdSYOEz1ax^!WMM3sufvo3n57mz=Tqv&m6<vO91VZ8
z6SGK?2E*aa9h&mNP;|Y-9Q$j2|En)7;8>*pCOc{6wy!IuzPYf+BeS;oH!sAetgyDf
z8wSWp$o9049m$^8FQ11$gC2DaX7PL*Hh(aLAarB%a7q37ug1H{pK7e(TxZJoeUg6(
zq9sv_g(l7ehLPz@a6yge3M%sF-jukLHACe#Z*de~?ySUITDiKQDU~#|n$DN(%#TF>
z^lGgSxPEzkW&U_eMdg)<o3Gt=%??Y8EO1F1r7*8DLtA6+Z#t?~yzWo-_#7Q#&LIVV
zWC_-r^Y??RFgvfx2pW^+wTuM=5|PAk*70Vh+fEOqBZ-M0Y95n5B4$7dkNW-8m?c}j
z3-o{Tc09M+CUsdUX8d16p-xV?A3ydBZY?3-ks0_gTh2?}fR7NRj#Mx5nWvgk`{vlN
zrq=(yyn7Pr@+N5X^CErOh7$|hp^CKA!$A;d>VUkBetvr|WBd4IiMWH$yQ`VQbLE=H
zd+Y^_WdAN1cf3u&W#X!b&pcSre&ARp@P-`00u$Mh1-d2<dfbk-#~>{Tm7|-YBpqEV
z*yIc~CBk4%w>4#acc*zY&6#+kZUgluAYIghin6ZR^zexv1K{Y(z|mt>KlE7uVO|L-
zn^w}vEsW(1y^!rWn*jEKf@$Z+TZ4niEN`Uaw(vM-=w_Emgw|iDdsl<B;-J^HbAERe
z=+uiPx7VSN3v#n{0L}Z7A+Xh$xnP+ppBm?$7b%MQf5@2W!KkG`oS%QEz<^2RIbx+M
z#}cPvWKXtBa9kds8s&P|ez&1aDm)ca=DmpY)L+z3xFoFpe%{2m_u3fhDu^?MUxz>%
zWu|^f0$D|dh+&kDBVG>9FZ&sR%kZPAi6@Od*S@F^*d{s}bL**4OcYg3GLm8#kt=zD
zjz%AW9Afj@fKN*^yi9pQUu$fmO<&8ieQkH?t!TE>D{7553QxkJ-b#82k_QBEbS9qi
ztZ7e8KWitB-$^Z&S5YdAIC1VpS-+s#ERrOIS|eTINf?CMe+`K7JZg*I09h3QNvp^8
za`ayYIe~<GJJLs9VOOPr6eDdwLa9dbs33pIEKlNz)^|8es?fboO}Em315t7RI)r5*
zTxH>^^D@;>5RHM3>Pcm(GvUt1!|`D)Zc&pNyE&a|N3-QY0#P}8W{AS}{pj6yzM1>q
zdm|XI(A3YS9bzAjQZqTzr=6d$F<|a{YcVfP2t2(-Edz0m-(ObbxRCmr`o1|%ME!Jr
zdE|zx>cWy{%Z!PCdT;ZXqX4;D!r_K}>Se5*EDfhLxJttAdns#HK6fH>Ssoxipu*8j
zWdtO5a}3t&f)VLx!eX=;*=39doh6;Q7gRBAAg@KRZ$z8VG1HPc_gnu~z5P=rJmd~C
zc-%w`$91(?HHGN;p~Y65aj}Bww(RI$(A4eGZ|?;FLorWhlT6~^aI*TItO%pZJaJ0?
zuhd-j7gl+FI~Ig&YFN*1@4b9fRl+f!NLyD&F>6W9{EszQpMMzb{r9p+z&2#S1f&K<
zWX4-tFU`1)0-vM6^ozIJiXGy#w`aU11>6mKd)&0s=`gnEIFwh4kERyBIhD!rI7~TL
z_sxz7jmQJ(7PIDgD|Q!^t+T!GVdU)}+mFlMYKvK0#pi0ykVt;=B?T0#`kJAWvV$+{
zFtg6ZwT940W(cYNeh^TLJXKp;1;j_z*na5?bv;*-pzyO0Wvd4g_I<sYLAsvHwIW1s
zEsxQ6-jM6b_LKiwO3YUe_uH6+@mwHUT8Bs^oT}%St2PZ(1dQDEUzf27MI}b?)R%f-
zD7lqN4Au4+)|lPm0kxsN*gPA5-**Z5_U75I*eb^Vr2fjYn(NOmNS30Do_#VBXBhkp
zF?)lgodLU=r1U0WLNiN~BlFRi**002XMlQ<aCB;uxJOjiP)9f`4I!4qlSN4cxv`|8
z-Pm@cFwJXcUCam*gt4S%zD&W<TMwPZE_}M5>P3A`ZD`AFe+q|gO)T&!!U3poUfLNj
z#4qi1nCQAC1`RY`2!0lSFhJ?qTgPLhbUoE9)y>%UfFTC{=3*DKedWOviKWQ~h|{pX
zkq|9<bU$CvP#XF+$v{%~t51Mrfy?`Q5SNNLSxdkWn@ENgD1h)GrAq#>sJ=zq$T@y?
zkVHTI@$JAeveL@$mRzA}`$yiwo&YE`PvW1U=}(tmplq6ik{#KeT^pc+F8v2JP~#4q
zeBo@PAfpE6oXPRBP%tkP`YEk`C&;Egsz4g7A3X3`@WZu_M(O0EY$_}+A6TF)TTv{j
zS{ORi&vvczWXO$9BM7V_0_zw2<ulz)7S@ON|KIa~Te*<eP8j~RMx(S4kP**AfSzr@
zcjIG<c=EUBk6!H2qk&P|z21gS2bM7mXJwV$0|XQ+{LR4|0Xc@9n34dI$p>l@a94Xk
zR+2wZZyWc*4cGO?>*vlt2RSyHzx+=GWG~exxW$~c7Z?TGY6N#0Qt0|K*e&|5)><U|
zb<d2#_O^KKpPf|ju<^zxgY#{8!zIJW0a%#OECO9~+jaPqEu4@4(qDR)y29*l^5=<h
zn$piNom_7sT+R@gpXRlbqc&{pFN5ZpA9G58(SHpW_*zd7Co6JU{m0TMb$!@dR_=+J
zug{G$0(21|u>&GQqY`4FF>|+Y)1^4peQLAA>mwwF?`%DjxAWmI0#v$`(Zq{(V0D}W
z2(!!%c3(I`N;J0CCk_AgP~Y4zn@f-a-g&-ZdnbMu?XA;&L}=9`6ImYbdgFwsG``Vq
zIl{n?vq^4~JQ#8w=q<+PiAQm%Bwx~%9hUFOLzPYO8FU!4mS@fMn6Q?akKb*;C1<YZ
zyA&LhrH1C~by0W2;6djmzVLvVJztL6pANT7e-NO5b#+*JA6djr*layARXsdK!O9l&
z$@C(o4Ya6qk({C)!@Z63u>tQd;oPnEM<~&iNmWd?i#QyvYB7(vhfAe$x}Esa7vHe(
z)`M2wsrdipF8L$kDx>(_AT7yfpz%oJNc{5Q)*kq$-x6P*9v2I+FgFf{S|-xX7MwK*
z^9-Z8jVOW&@=9@h(hB1EAsmT|d17?EL=PSw2KpUcc<tkKpV-iP%2tdeZhU6wW&;TD
zP{y<u90$`v%^yf3Je+b2BK%K1@U#&dA7}5i5ZxPbz<{A0-`r~zUMBh&eRC%Qt!hL0
zyc=)EJ@0k9lvh(<#9au&sk{D-066w@6WjcoK(rownA<0Qb+w(sZ}WR@sHIX#QRvZb
z|4s|UX;BC&Hf6)McWvFAUqXmT1qIjmZ?8Ml5)-g$nN6Ej6la&b<o$$m0}{rEK6^(|
zZH-erBb)q-e~an&Q!J=@B$zD(LZF(hid;18ALXu$CN_=IVWaO1T=3VuZe+Z8h|0o*
zNs$$G4gTbASXNN?AuNe>2#8=MStEr`Iqu4IbYH>BnI}vt(&EG?aR}nT8Wd>1Bh_`Z
zxu8$775f&dSyTX5bkg1J57#Ej{d;Hp!w<n2(xBuYB&t4HVo=6~bM$>C?LBXNtf@h&
z3T)7xu~YSYnwJsT#^Y&;Wkiv!UGu{J-I2GRJjaGX)oGSZ_Kd%xA@R!}^=Q4q785;g
z4xT$$kgj{dE%Uf3t(!JQ2HKg%>JYV@$yv(+gvceA`4O))?REb<V+#re%HD;lw_o;R
zCFmLkem$d}#zXrnQ6iLm8?GF3qalLambN(}k73It1x^ITl^O=tl$#Si7TWDhS%kJw
zn1)*JAh}4Y-9+!hpGBInwbgrz!J$w~cNDzVqQ|iev9F6YXeEPRH?zehZn3oeCBOQ+
zV;Gj`7yZ?*C^y}F9V#jpTn(lk1FLXo@RP+U<*Y?czffxEuq`b%*<t+yor=+4w%wE<
ztcr#3y%s~JtaEZkDP(To-3s%&QIV$qh`6kKFkWv0bu)c9n9nddP_Ra4y(wdy3`^h^
zSar^r7)dzl(VRqE7>ENGX0x)_dbB<gUqT)*Geax0v9LFy125IdHuNA%_TU@`ziEBT
zrEPCjhd5l_*yysgj%1SGr|(x68VSPZeQ5#|wZS8ixxBJQsgZ#xf#e#_8?goLCL{&*
zneY7G3f(rl_x-LGgdrvLwQVp>%pi66<;TVwIA7Z*s=b#EJrWKsZ2qj*_eXk|VYw1Z
z3nx0(>#{&At431O@ykt0$N_9#;fnQOC$XQZ^hQTXw+AFtkd-eo*!V63SC918sY%*@
zk-Uu61ILgT$y00e@9aM1H{=?71};Wnjng?iv8Xez{NnCkkK@UJZMWuAi(>QHwz0<o
zUQ;=xq;?yBJ9#Psi(z}!j*WTqAwR9_cIVp&q!S{@cXp+qP(7#nQ=cr49<i*@(8;Wa
z!n<nDaL0yVAL1#$5!Xqu%9`}N3ZaO6splZ6&YLc5VHA17559zOnz)YT2ruaa1CFwD
z?ogNS?>ff%9C?i5^>k+G?fvHXk!O_`(+N$ew?7keD8UB|G<aUwxtjddQv4G@@rKIt
z<|Hu@FT<LQ_+kAd<M}ZE+Qtn6Aewz_u{71bJ82rWLN(1h|Kv5vm8To3h(M<0*5cxF
zlW{FS7t>(EYZx37_f<%JrQ`lKHZz5cBbFJ%_n3pzFS10H1Vd&}FOG3}ljfE@PafE`
zJNMY}3`WWu-rkf*MQ-Kz{P`+ri~DE8$q^oX=G$<G-{kX9R55s<QJP|Cf(t)>toFek
zN?zu9wnHF(A{9(fX1{UtXS0BG_fT>Y7}iTTCuKck=3-S+av@A?#Jb3AJ3JtE4712#
z-NO-HJmZgLpAvssCh`3@QF(+Rc)@BZM+;1o)f7IvK3_WPA!xR<z%6)`)6(|DL)G{P
z4{0k0aYUD4m|;siIJOM!JP|$Kxsq66wBln0W-K{QN7mZR7;JL*3S1xO0=&c7Sry%U
z+ub$y{e@LGw-d23(6328>i14*tgmm{OMXqZ5L(DFT3#ktOVJO%XT=?TFexCNb0M}f
zpe>f?dw!fO+2=;8C0q;v#<kKDhQ;r>eVU=a9w-I;&U{cGPq_TC*|vyA(w{qN^GU;Z
zVc&*r?Z*_uDIXvhn)V@2nr40%?11Z6w+}T%R~$ZchmE2fM_IX0mC#Or*RM~FAf+}2
z3C%8rKJw)qkdQ%oIOjw<Nw~VnsiE`-j5$KXdB>GcA~N_VzsJ%kRDfVcH_DykS-n<H
z38okjGCM7C663|h!*q~h$$^b*2ApUoFa-x|Xz|&mWO(QnVqk_Bg56A9^+mcGn*2q?
z)bg+%hnaO1j<}c2oWcBtcpnX^I>ikd3XwXi&Ul6|%R}nCoU@l2%*%CaYe+jRjeI5J
z;7r*#M(a09DrV9FnfMDKN^};F_DMAi)g$rNZvM)R-ijQ1)%E@lj1d341Z+pO%tw5S
z#vj})?L9a7LjrklFr~HQ0{dfgjGH#Z8F&=$2EkY;zj<#uO7Fu-jg^s6rIoQ*X)KCN
kC)Jgl7IyDt1M(=32|CI*DI7{v>LBo^D2GCp%9sWI59Y;SdH?_b

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/manifest.json b/pkg/webui/ui/build/manifest.json
new file mode 100644
index 000000000..080d6c77a
--- /dev/null
+++ b/pkg/webui/ui/build/manifest.json
@@ -0,0 +1,25 @@
+{
+  "short_name": "React App",
+  "name": "Create React App Sample",
+  "icons": [
+    {
+      "src": "favicon.ico",
+      "sizes": "64x64 32x32 24x24 16x16",
+      "type": "image/x-icon"
+    },
+    {
+      "src": "logo192.png",
+      "type": "image/png",
+      "sizes": "192x192"
+    },
+    {
+      "src": "logo512.png",
+      "type": "image/png",
+      "sizes": "512x512"
+    }
+  ],
+  "start_url": ".",
+  "display": "standalone",
+  "theme_color": "#000000",
+  "background_color": "#ffffff"
+}
diff --git a/pkg/webui/ui/build/robots.txt b/pkg/webui/ui/build/robots.txt
new file mode 100644
index 000000000..e9e57dc4d
--- /dev/null
+++ b/pkg/webui/ui/build/robots.txt
@@ -0,0 +1,3 @@
+# https://www.robotstxt.org/robotstxt.html
+User-agent: *
+Disallow:
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
new file mode 100644
index 000000000..a8874843f
--- /dev/null
+++ b/pkg/webui/ui/build/static/css/main.css
@@ -0,0 +1,87 @@
+body {
+    margin: 0;
+    background: linear-gradient(180deg, #59A588 0%, #404846 100%);
+    background-attachment: fixed;
+}
+
+body, input {
+    font-family: 'Nunito Variable', 'Segoe UI', 'Oxygen',
+        'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue', -apple-system, BlinkMacSystemFont,
+        sans-serif;
+    -webkit-font-smoothing: antialiased;
+    -moz-osx-font-smoothing: grayscale;
+}
+
+code {
+    font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
+        monospace;
+}
+
+* {
+    box-sizing: border-box;
+}
+
+html,
+body,
+#root {
+    width: 100%;
+    height: 100%;
+    margin: 0;
+    padding: 0;
+}
+/* nunito-cyrillic-ext-wght-normal */
+@font-face {
+  font-family: 'Nunito Variable';
+  font-style: normal;
+  font-display: swap;
+  font-display: var(--fontsource-display, swap);
+  font-weight: 200 1000;
+  src: url(../../static/media/nunito-cyrillic-ext-wght-normal.woff2?f=nunito-cyrillic-ext-wght-normal.c18a3502d6473272bdc3.woff2) format('woff2-variations');
+  unicode-range: U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;
+}
+
+/* nunito-cyrillic-wght-normal */
+@font-face {
+  font-family: 'Nunito Variable';
+  font-style: normal;
+  font-display: swap;
+  font-display: var(--fontsource-display, swap);
+  font-weight: 200 1000;
+  src: url(../../static/media/nunito-cyrillic-wght-normal.woff2?f=nunito-cyrillic-wght-normal.ab3faa41df1758ee5b88.woff2) format('woff2-variations');
+  unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;
+}
+
+/* nunito-vietnamese-wght-normal */
+@font-face {
+  font-family: 'Nunito Variable';
+  font-style: normal;
+  font-display: swap;
+  font-display: var(--fontsource-display, swap);
+  font-weight: 200 1000;
+  src: url(../../static/media/nunito-vietnamese-wght-normal.woff2?f=nunito-vietnamese-wght-normal.864aa311404227008fae.woff2) format('woff2-variations');
+  unicode-range: U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;
+}
+
+/* nunito-latin-ext-wght-normal */
+@font-face {
+  font-family: 'Nunito Variable';
+  font-style: normal;
+  font-display: swap;
+  font-display: var(--fontsource-display, swap);
+  font-weight: 200 1000;
+  src: url(../../static/media/nunito-latin-ext-wght-normal.woff2?f=nunito-latin-ext-wght-normal.b2120f41c4a82a277229.woff2) format('woff2-variations');
+  unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;
+}
+
+/* nunito-latin-wght-normal */
+@font-face {
+  font-family: 'Nunito Variable';
+  font-style: normal;
+  font-display: swap;
+  font-display: var(--fontsource-display, swap);
+  font-weight: 200 1000;
+  src: url(../../static/media/nunito-latin-wght-normal.woff2?f=nunito-latin-wght-normal.07adf0b2f5cb89c62ba7.woff2) format('woff2-variations');
+  unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
+}
+
+/*# sourceMappingURL=main.9c2b54a7.css.map*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/787.chunk.js b/pkg/webui/ui/build/static/js/787.chunk.js
new file mode 100644
index 000000000..748939666
--- /dev/null
+++ b/pkg/webui/ui/build/static/js/787.chunk.js
@@ -0,0 +1,239 @@
+"use strict";
+(self["webpackChunkkluctl_webui"] = self["webpackChunkkluctl_webui"] || []).push([[787],{
+
+/***/ 787:
+/***/ (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {
+
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   getCLS: function() { return /* binding */ h; },
+/* harmony export */   getFCP: function() { return /* binding */ d; },
+/* harmony export */   getFID: function() { return /* binding */ L; },
+/* harmony export */   getLCP: function() { return /* binding */ F; },
+/* harmony export */   getTTFB: function() { return /* binding */ P; }
+/* harmony export */ });
+var e,
+  t,
+  n,
+  i,
+  r = function r(e, t) {
+    return {
+      name: e,
+      value: void 0 === t ? -1 : t,
+      delta: 0,
+      entries: [],
+      id: "v2-".concat(Date.now(), "-").concat(Math.floor(8999999999999 * Math.random()) + 1e12)
+    };
+  },
+  a = function a(e, t) {
+    try {
+      if (PerformanceObserver.supportedEntryTypes.includes(e)) {
+        if ("first-input" === e && !("PerformanceEventTiming" in self)) return;
+        var n = new PerformanceObserver(function (e) {
+          return e.getEntries().map(t);
+        });
+        return n.observe({
+          type: e,
+          buffered: !0
+        }), n;
+      }
+    } catch (e) {}
+  },
+  o = function o(e, t) {
+    var n = function n(i) {
+      "pagehide" !== i.type && "hidden" !== document.visibilityState || (e(i), t && (removeEventListener("visibilitychange", n, !0), removeEventListener("pagehide", n, !0)));
+    };
+    addEventListener("visibilitychange", n, !0), addEventListener("pagehide", n, !0);
+  },
+  u = function u(e) {
+    addEventListener("pageshow", function (t) {
+      t.persisted && e(t);
+    }, !0);
+  },
+  c = function c(e, t, n) {
+    var i;
+    return function (r) {
+      t.value >= 0 && (r || n) && (t.delta = t.value - (i || 0), (t.delta || void 0 === i) && (i = t.value, e(t)));
+    };
+  },
+  f = -1,
+  s = function s() {
+    return "hidden" === document.visibilityState ? 0 : 1 / 0;
+  },
+  m = function m() {
+    o(function (e) {
+      var t = e.timeStamp;
+      f = t;
+    }, !0);
+  },
+  v = function v() {
+    return f < 0 && (f = s(), m(), u(function () {
+      setTimeout(function () {
+        f = s(), m();
+      }, 0);
+    })), {
+      get firstHiddenTime() {
+        return f;
+      }
+    };
+  },
+  d = function d(e, t) {
+    var n,
+      i = v(),
+      o = r("FCP"),
+      f = function f(e) {
+        "first-contentful-paint" === e.name && (m && m.disconnect(), e.startTime < i.firstHiddenTime && (o.value = e.startTime, o.entries.push(e), n(!0)));
+      },
+      s = window.performance && performance.getEntriesByName && performance.getEntriesByName("first-contentful-paint")[0],
+      m = s ? null : a("paint", f);
+    (s || m) && (n = c(e, o, t), s && f(s), u(function (i) {
+      o = r("FCP"), n = c(e, o, t), requestAnimationFrame(function () {
+        requestAnimationFrame(function () {
+          o.value = performance.now() - i.timeStamp, n(!0);
+        });
+      });
+    }));
+  },
+  p = !1,
+  l = -1,
+  h = function h(e, t) {
+    p || (d(function (e) {
+      l = e.value;
+    }), p = !0);
+    var n,
+      i = function i(t) {
+        l > -1 && e(t);
+      },
+      f = r("CLS", 0),
+      s = 0,
+      m = [],
+      v = function v(e) {
+        if (!e.hadRecentInput) {
+          var t = m[0],
+            i = m[m.length - 1];
+          s && e.startTime - i.startTime < 1e3 && e.startTime - t.startTime < 5e3 ? (s += e.value, m.push(e)) : (s = e.value, m = [e]), s > f.value && (f.value = s, f.entries = m, n());
+        }
+      },
+      h = a("layout-shift", v);
+    h && (n = c(i, f, t), o(function () {
+      h.takeRecords().map(v), n(!0);
+    }), u(function () {
+      s = 0, l = -1, f = r("CLS", 0), n = c(i, f, t);
+    }));
+  },
+  T = {
+    passive: !0,
+    capture: !0
+  },
+  y = new Date(),
+  g = function g(i, r) {
+    e || (e = r, t = i, n = new Date(), w(removeEventListener), E());
+  },
+  E = function E() {
+    if (t >= 0 && t < n - y) {
+      var r = {
+        entryType: "first-input",
+        name: e.type,
+        target: e.target,
+        cancelable: e.cancelable,
+        startTime: e.timeStamp,
+        processingStart: e.timeStamp + t
+      };
+      i.forEach(function (e) {
+        e(r);
+      }), i = [];
+    }
+  },
+  S = function S(e) {
+    if (e.cancelable) {
+      var t = (e.timeStamp > 1e12 ? new Date() : performance.now()) - e.timeStamp;
+      "pointerdown" == e.type ? function (e, t) {
+        var n = function n() {
+            g(e, t), r();
+          },
+          i = function i() {
+            r();
+          },
+          r = function r() {
+            removeEventListener("pointerup", n, T), removeEventListener("pointercancel", i, T);
+          };
+        addEventListener("pointerup", n, T), addEventListener("pointercancel", i, T);
+      }(t, e) : g(t, e);
+    }
+  },
+  w = function w(e) {
+    ["mousedown", "keydown", "touchstart", "pointerdown"].forEach(function (t) {
+      return e(t, S, T);
+    });
+  },
+  L = function L(n, f) {
+    var s,
+      m = v(),
+      d = r("FID"),
+      p = function p(e) {
+        e.startTime < m.firstHiddenTime && (d.value = e.processingStart - e.startTime, d.entries.push(e), s(!0));
+      },
+      l = a("first-input", p);
+    s = c(n, d, f), l && o(function () {
+      l.takeRecords().map(p), l.disconnect();
+    }, !0), l && u(function () {
+      var a;
+      d = r("FID"), s = c(n, d, f), i = [], t = -1, e = null, w(addEventListener), a = p, i.push(a), E();
+    });
+  },
+  b = {},
+  F = function F(e, t) {
+    var n,
+      i = v(),
+      f = r("LCP"),
+      s = function s(e) {
+        var t = e.startTime;
+        t < i.firstHiddenTime && (f.value = t, f.entries.push(e), n());
+      },
+      m = a("largest-contentful-paint", s);
+    if (m) {
+      n = c(e, f, t);
+      var d = function d() {
+        b[f.id] || (m.takeRecords().map(s), m.disconnect(), b[f.id] = !0, n(!0));
+      };
+      ["keydown", "click"].forEach(function (e) {
+        addEventListener(e, d, {
+          once: !0,
+          capture: !0
+        });
+      }), o(d, !0), u(function (i) {
+        f = r("LCP"), n = c(e, f, t), requestAnimationFrame(function () {
+          requestAnimationFrame(function () {
+            f.value = performance.now() - i.timeStamp, b[f.id] = !0, n(!0);
+          });
+        });
+      });
+    }
+  },
+  P = function P(e) {
+    var t,
+      n = r("TTFB");
+    t = function t() {
+      try {
+        var t = performance.getEntriesByType("navigation")[0] || function () {
+          var e = performance.timing,
+            t = {
+              entryType: "navigation",
+              startTime: 0
+            };
+          for (var n in e) "navigationStart" !== n && "toJSON" !== n && (t[n] = Math.max(e[n] - e.navigationStart, 0));
+          return t;
+        }();
+        if (n.value = n.delta = t.responseStart, n.value < 0 || n.value > performance.now()) return;
+        n.entries = [t], e(n);
+      } catch (e) {}
+    }, "complete" === document.readyState ? setTimeout(t, 0) : addEventListener("load", function () {
+      return setTimeout(t, 0);
+    });
+  };
+
+
+/***/ })
+
+}]);
+//# sourceMappingURL=787.98a1313e.chunk.js.map
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
new file mode 100644
index 000000000..d5043f933
--- /dev/null
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -0,0 +1,60971 @@
+/******/ (function() { // webpackBootstrap
+/******/ 	var __webpack_modules__ = ({
+
+/***/ 867:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+var formatter = __webpack_require__(707);
+var fault = create(Error);
+module.exports = fault;
+fault.eval = create(EvalError);
+fault.range = create(RangeError);
+fault.reference = create(ReferenceError);
+fault.syntax = create(SyntaxError);
+fault.type = create(TypeError);
+fault.uri = create(URIError);
+fault.create = create;
+
+// Create a new `EConstructor`, with the formatted `format` as a first argument.
+function create(EConstructor) {
+  FormattedError.displayName = EConstructor.displayName || EConstructor.name;
+  return FormattedError;
+  function FormattedError(format) {
+    if (format) {
+      format = formatter.apply(null, arguments);
+    }
+    return new EConstructor(format);
+  }
+}
+
+/***/ }),
+
+/***/ 707:
+/***/ (function(module) {
+
+//
+// format - printf-like string formatting for JavaScript
+// github.com/samsonjs/format
+// @_sjs
+//
+// Copyright 2010 - 2013 Sami Samhuri <sami@samhuri.net>
+//
+// MIT License
+// http://sjs.mit-license.org
+//
+
+;
+(function () {
+  //// Export the API
+  var namespace;
+
+  // CommonJS / Node module
+  if (true) {
+    namespace = module.exports = format;
+  }
+
+  // Browsers and other environments
+  else {}
+  namespace.format = format;
+  namespace.vsprintf = vsprintf;
+  if (typeof console !== 'undefined' && typeof console.log === 'function') {
+    namespace.printf = printf;
+  }
+  function printf( /* ... */
+  ) {
+    console.log(format.apply(null, arguments));
+  }
+  function vsprintf(fmt, replacements) {
+    return format.apply(null, [fmt].concat(replacements));
+  }
+  function format(fmt) {
+    var argIndex = 1 // skip initial format argument
+      ,
+      args = [].slice.call(arguments),
+      i = 0,
+      n = fmt.length,
+      result = '',
+      c,
+      escaped = false,
+      arg,
+      tmp,
+      leadingZero = false,
+      precision,
+      nextArg = function nextArg() {
+        return args[argIndex++];
+      },
+      slurpNumber = function slurpNumber() {
+        var digits = '';
+        while (/\d/.test(fmt[i])) {
+          digits += fmt[i++];
+          c = fmt[i];
+        }
+        return digits.length > 0 ? parseInt(digits) : null;
+      };
+    for (; i < n; ++i) {
+      c = fmt[i];
+      if (escaped) {
+        escaped = false;
+        if (c == '.') {
+          leadingZero = false;
+          c = fmt[++i];
+        } else if (c == '0' && fmt[i + 1] == '.') {
+          leadingZero = true;
+          i += 2;
+          c = fmt[i];
+        } else {
+          leadingZero = true;
+        }
+        precision = slurpNumber();
+        switch (c) {
+          case 'b':
+            // number in binary
+            result += parseInt(nextArg(), 10).toString(2);
+            break;
+          case 'c':
+            // character
+            arg = nextArg();
+            if (typeof arg === 'string' || arg instanceof String) result += arg;else result += String.fromCharCode(parseInt(arg, 10));
+            break;
+          case 'd':
+            // number in decimal
+            result += parseInt(nextArg(), 10);
+            break;
+          case 'f':
+            // floating point number
+            tmp = String(parseFloat(nextArg()).toFixed(precision || 6));
+            result += leadingZero ? tmp : tmp.replace(/^0/, '');
+            break;
+          case 'j':
+            // JSON
+            result += JSON.stringify(nextArg());
+            break;
+          case 'o':
+            // number in octal
+            result += '0' + parseInt(nextArg(), 10).toString(8);
+            break;
+          case 's':
+            // string
+            result += nextArg();
+            break;
+          case 'x':
+            // lowercase hexadecimal
+            result += '0x' + parseInt(nextArg(), 10).toString(16);
+            break;
+          case 'X':
+            // uppercase hexadecimal
+            result += '0x' + parseInt(nextArg(), 10).toString(16).toUpperCase();
+            break;
+          default:
+            result += c;
+            break;
+        }
+      } else if (c === '%') {
+        escaped = true;
+      } else {
+        result += c;
+      }
+    }
+    return result;
+  }
+})();
+
+/***/ }),
+
+/***/ 478:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var _slicedToArray = (__webpack_require__(424)["default"]);
+var _toConsumableArray = (__webpack_require__(861)["default"]);
+var _inherits = (__webpack_require__(655)["default"]);
+var _createSuper = (__webpack_require__(389)["default"]);
+var _classCallCheck = (__webpack_require__(690)["default"]);
+var _createClass = (__webpack_require__(728)["default"]);
+function deepFreeze(obj) {
+  if (obj instanceof Map) {
+    obj.clear = obj.delete = obj.set = function () {
+      throw new Error('map is read-only');
+    };
+  } else if (obj instanceof Set) {
+    obj.add = obj.clear = obj.delete = function () {
+      throw new Error('set is read-only');
+    };
+  }
+
+  // Freeze self
+  Object.freeze(obj);
+  Object.getOwnPropertyNames(obj).forEach(function (name) {
+    var prop = obj[name];
+
+    // Freeze prop if it is an object
+    if (typeof prop == 'object' && !Object.isFrozen(prop)) {
+      deepFreeze(prop);
+    }
+  });
+  return obj;
+}
+var deepFreezeEs6 = deepFreeze;
+var _default = deepFreeze;
+deepFreezeEs6.default = _default;
+
+/** @implements CallbackResponse */
+var Response = /*#__PURE__*/function () {
+  "use strict";
+
+  /**
+   * @param {CompiledMode} mode
+   */
+  function Response(mode) {
+    _classCallCheck(this, Response);
+    // eslint-disable-next-line no-undefined
+    if (mode.data === undefined) mode.data = {};
+    this.data = mode.data;
+    this.isMatchIgnored = false;
+  }
+  _createClass(Response, [{
+    key: "ignoreMatch",
+    value: function ignoreMatch() {
+      this.isMatchIgnored = true;
+    }
+  }]);
+  return Response;
+}();
+/**
+ * @param {string} value
+ * @returns {string}
+ */
+function escapeHTML(value) {
+  return value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;');
+}
+
+/**
+ * performs a shallow merge of multiple objects into one
+ *
+ * @template T
+ * @param {T} original
+ * @param {Record<string,any>[]} objects
+ * @returns {T} a single new object
+ */
+function inherit(original) {
+  /** @type Record<string,any> */
+  var result = Object.create(null);
+  for (var key in original) {
+    result[key] = original[key];
+  }
+  for (var _len = arguments.length, objects = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+    objects[_key - 1] = arguments[_key];
+  }
+  objects.forEach(function (obj) {
+    for (var _key2 in obj) {
+      result[_key2] = obj[_key2];
+    }
+  });
+  return (/** @type {T} */result
+  );
+}
+
+/**
+ * @typedef {object} Renderer
+ * @property {(text: string) => void} addText
+ * @property {(node: Node) => void} openNode
+ * @property {(node: Node) => void} closeNode
+ * @property {() => string} value
+ */
+
+/** @typedef {{kind?: string, sublanguage?: boolean}} Node */
+/** @typedef {{walk: (r: Renderer) => void}} Tree */
+/** */
+
+var SPAN_CLOSE = '</span>';
+
+/**
+ * Determines if a node needs to be wrapped in <span>
+ *
+ * @param {Node} node */
+var emitsWrappingTags = function emitsWrappingTags(node) {
+  return !!node.kind;
+};
+
+/** @type {Renderer} */
+var HTMLRenderer = /*#__PURE__*/function () {
+  "use strict";
+
+  /**
+   * Creates a new HTMLRenderer
+   *
+   * @param {Tree} parseTree - the parse tree (must support `walk` API)
+   * @param {{classPrefix: string}} options
+   */
+  function HTMLRenderer(parseTree, options) {
+    _classCallCheck(this, HTMLRenderer);
+    this.buffer = "";
+    this.classPrefix = options.classPrefix;
+    parseTree.walk(this);
+  }
+
+  /**
+   * Adds texts to the output stream
+   *
+   * @param {string} text */
+  _createClass(HTMLRenderer, [{
+    key: "addText",
+    value: function addText(text) {
+      this.buffer += escapeHTML(text);
+    }
+
+    /**
+     * Adds a node open to the output stream (if needed)
+     *
+     * @param {Node} node */
+  }, {
+    key: "openNode",
+    value: function openNode(node) {
+      if (!emitsWrappingTags(node)) return;
+      var className = node.kind;
+      if (!node.sublanguage) {
+        className = "".concat(this.classPrefix).concat(className);
+      }
+      this.span(className);
+    }
+
+    /**
+     * Adds a node close to the output stream (if needed)
+     *
+     * @param {Node} node */
+  }, {
+    key: "closeNode",
+    value: function closeNode(node) {
+      if (!emitsWrappingTags(node)) return;
+      this.buffer += SPAN_CLOSE;
+    }
+
+    /**
+     * returns the accumulated buffer
+    */
+  }, {
+    key: "value",
+    value: function value() {
+      return this.buffer;
+    }
+
+    // helpers
+
+    /**
+     * Builds a span element
+     *
+     * @param {string} className */
+  }, {
+    key: "span",
+    value: function span(className) {
+      this.buffer += "<span class=\"".concat(className, "\">");
+    }
+  }]);
+  return HTMLRenderer;
+}();
+/** @typedef {{kind?: string, sublanguage?: boolean, children: Node[]} | string} Node */
+/** @typedef {{kind?: string, sublanguage?: boolean, children: Node[]} } DataNode */
+/**  */
+var TokenTree = /*#__PURE__*/function () {
+  "use strict";
+
+  function TokenTree() {
+    _classCallCheck(this, TokenTree);
+    /** @type DataNode */
+    this.rootNode = {
+      children: []
+    };
+    this.stack = [this.rootNode];
+  }
+  _createClass(TokenTree, [{
+    key: "top",
+    get: function get() {
+      return this.stack[this.stack.length - 1];
+    }
+  }, {
+    key: "root",
+    get: function get() {
+      return this.rootNode;
+    }
+
+    /** @param {Node} node */
+  }, {
+    key: "add",
+    value: function add(node) {
+      this.top.children.push(node);
+    }
+
+    /** @param {string} kind */
+  }, {
+    key: "openNode",
+    value: function openNode(kind) {
+      /** @type Node */
+      var node = {
+        kind: kind,
+        children: []
+      };
+      this.add(node);
+      this.stack.push(node);
+    }
+  }, {
+    key: "closeNode",
+    value: function closeNode() {
+      if (this.stack.length > 1) {
+        return this.stack.pop();
+      }
+      // eslint-disable-next-line no-undefined
+      return undefined;
+    }
+  }, {
+    key: "closeAllNodes",
+    value: function closeAllNodes() {
+      while (this.closeNode());
+    }
+  }, {
+    key: "toJSON",
+    value: function toJSON() {
+      return JSON.stringify(this.rootNode, null, 4);
+    }
+
+    /**
+     * @typedef { import("./html_renderer").Renderer } Renderer
+     * @param {Renderer} builder
+     */
+  }, {
+    key: "walk",
+    value: function walk(builder) {
+      // this does not
+      return this.constructor._walk(builder, this.rootNode);
+      // this works
+      // return TokenTree._walk(builder, this.rootNode);
+    }
+
+    /**
+     * @param {Renderer} builder
+     * @param {Node} node
+     */
+  }], [{
+    key: "_walk",
+    value: function _walk(builder, node) {
+      var _this = this;
+      if (typeof node === "string") {
+        builder.addText(node);
+      } else if (node.children) {
+        builder.openNode(node);
+        node.children.forEach(function (child) {
+          return _this._walk(builder, child);
+        });
+        builder.closeNode(node);
+      }
+      return builder;
+    }
+
+    /**
+     * @param {Node} node
+     */
+  }, {
+    key: "_collapse",
+    value: function _collapse(node) {
+      if (typeof node === "string") return;
+      if (!node.children) return;
+      if (node.children.every(function (el) {
+        return typeof el === "string";
+      })) {
+        // node.text = node.children.join("");
+        // delete node.children;
+        node.children = [node.children.join("")];
+      } else {
+        node.children.forEach(function (child) {
+          TokenTree._collapse(child);
+        });
+      }
+    }
+  }]);
+  return TokenTree;
+}();
+/**
+  Currently this is all private API, but this is the minimal API necessary
+  that an Emitter must implement to fully support the parser.
+
+  Minimal interface:
+
+  - addKeyword(text, kind)
+  - addText(text)
+  - addSublanguage(emitter, subLanguageName)
+  - finalize()
+  - openNode(kind)
+  - closeNode()
+  - closeAllNodes()
+  - toHTML()
+
+*/
+/**
+ * @implements {Emitter}
+ */
+var TokenTreeEmitter = /*#__PURE__*/function (_TokenTree) {
+  "use strict";
+
+  _inherits(TokenTreeEmitter, _TokenTree);
+  var _super = _createSuper(TokenTreeEmitter);
+  /**
+   * @param {*} options
+   */
+  function TokenTreeEmitter(options) {
+    var _this2;
+    _classCallCheck(this, TokenTreeEmitter);
+    _this2 = _super.call(this);
+    _this2.options = options;
+    return _this2;
+  }
+
+  /**
+   * @param {string} text
+   * @param {string} kind
+   */
+  _createClass(TokenTreeEmitter, [{
+    key: "addKeyword",
+    value: function addKeyword(text, kind) {
+      if (text === "") {
+        return;
+      }
+      this.openNode(kind);
+      this.addText(text);
+      this.closeNode();
+    }
+
+    /**
+     * @param {string} text
+     */
+  }, {
+    key: "addText",
+    value: function addText(text) {
+      if (text === "") {
+        return;
+      }
+      this.add(text);
+    }
+
+    /**
+     * @param {Emitter & {root: DataNode}} emitter
+     * @param {string} name
+     */
+  }, {
+    key: "addSublanguage",
+    value: function addSublanguage(emitter, name) {
+      /** @type DataNode */
+      var node = emitter.root;
+      node.kind = name;
+      node.sublanguage = true;
+      this.add(node);
+    }
+  }, {
+    key: "toHTML",
+    value: function toHTML() {
+      var renderer = new HTMLRenderer(this, this.options);
+      return renderer.value();
+    }
+  }, {
+    key: "finalize",
+    value: function finalize() {
+      return true;
+    }
+  }]);
+  return TokenTreeEmitter;
+}(TokenTree);
+/**
+ * @param {string} value
+ * @returns {RegExp}
+ * */
+function escape(value) {
+  return new RegExp(value.replace(/[-/\\^$*+?.()|[\]{}]/g, '\\$&'), 'm');
+}
+
+/**
+ * @param {RegExp | string } re
+ * @returns {string}
+ */
+function source(re) {
+  if (!re) return null;
+  if (typeof re === "string") return re;
+  return re.source;
+}
+
+/**
+ * @param {...(RegExp | string) } args
+ * @returns {string}
+ */
+function concat() {
+  for (var _len2 = arguments.length, args = new Array(_len2), _key3 = 0; _key3 < _len2; _key3++) {
+    args[_key3] = arguments[_key3];
+  }
+  var joined = args.map(function (x) {
+    return source(x);
+  }).join("");
+  return joined;
+}
+
+/**
+ * Any of the passed expresssions may match
+ *
+ * Creates a huge this | this | that | that match
+ * @param {(RegExp | string)[] } args
+ * @returns {string}
+ */
+function either() {
+  for (var _len3 = arguments.length, args = new Array(_len3), _key4 = 0; _key4 < _len3; _key4++) {
+    args[_key4] = arguments[_key4];
+  }
+  var joined = '(' + args.map(function (x) {
+    return source(x);
+  }).join("|") + ")";
+  return joined;
+}
+
+/**
+ * @param {RegExp} re
+ * @returns {number}
+ */
+function countMatchGroups(re) {
+  return new RegExp(re.toString() + '|').exec('').length - 1;
+}
+
+/**
+ * Does lexeme start with a regular expression match at the beginning
+ * @param {RegExp} re
+ * @param {string} lexeme
+ */
+function startsWith(re, lexeme) {
+  var match = re && re.exec(lexeme);
+  return match && match.index === 0;
+}
+
+// BACKREF_RE matches an open parenthesis or backreference. To avoid
+// an incorrect parse, it additionally matches the following:
+// - [...] elements, where the meaning of parentheses and escapes change
+// - other escape sequences, so we do not misparse escape sequences as
+//   interesting elements
+// - non-matching or lookahead parentheses, which do not capture. These
+//   follow the '(' with a '?'.
+var BACKREF_RE = /\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./;
+
+// join logically computes regexps.join(separator), but fixes the
+// backreferences so they continue to match.
+// it also places each individual regular expression into it's own
+// match group, keeping track of the sequencing of those match groups
+// is currently an exercise for the caller. :-)
+/**
+ * @param {(string | RegExp)[]} regexps
+ * @param {string} separator
+ * @returns {string}
+ */
+function join(regexps) {
+  var separator = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "|";
+  var numCaptures = 0;
+  return regexps.map(function (regex) {
+    numCaptures += 1;
+    var offset = numCaptures;
+    var re = source(regex);
+    var out = '';
+    while (re.length > 0) {
+      var match = BACKREF_RE.exec(re);
+      if (!match) {
+        out += re;
+        break;
+      }
+      out += re.substring(0, match.index);
+      re = re.substring(match.index + match[0].length);
+      if (match[0][0] === '\\' && match[1]) {
+        // Adjust the backreference.
+        out += '\\' + String(Number(match[1]) + offset);
+      } else {
+        out += match[0];
+        if (match[0] === '(') {
+          numCaptures++;
+        }
+      }
+    }
+    return out;
+  }).map(function (re) {
+    return "(".concat(re, ")");
+  }).join(separator);
+}
+
+// Common regexps
+var MATCH_NOTHING_RE = /\b\B/;
+var IDENT_RE = '[a-zA-Z]\\w*';
+var UNDERSCORE_IDENT_RE = '[a-zA-Z_]\\w*';
+var NUMBER_RE = '\\b\\d+(\\.\\d+)?';
+var C_NUMBER_RE = '(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)'; // 0x..., 0..., decimal, float
+var BINARY_NUMBER_RE = '\\b(0b[01]+)'; // 0b...
+var RE_STARTERS_RE = '!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~';
+
+/**
+* @param { Partial<Mode> & {binary?: string | RegExp} } opts
+*/
+var SHEBANG = function SHEBANG() {
+  var opts = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var beginShebang = /^#![ ]*\//;
+  if (opts.binary) {
+    opts.begin = concat(beginShebang, /.*\b/, opts.binary, /\b.*/);
+  }
+  return inherit({
+    className: 'meta',
+    begin: beginShebang,
+    end: /$/,
+    relevance: 0,
+    /** @type {ModeCallback} */
+    "on:begin": function onBegin(m, resp) {
+      if (m.index !== 0) resp.ignoreMatch();
+    }
+  }, opts);
+};
+
+// Common modes
+var BACKSLASH_ESCAPE = {
+  begin: '\\\\[\\s\\S]',
+  relevance: 0
+};
+var APOS_STRING_MODE = {
+  className: 'string',
+  begin: '\'',
+  end: '\'',
+  illegal: '\\n',
+  contains: [BACKSLASH_ESCAPE]
+};
+var QUOTE_STRING_MODE = {
+  className: 'string',
+  begin: '"',
+  end: '"',
+  illegal: '\\n',
+  contains: [BACKSLASH_ESCAPE]
+};
+var PHRASAL_WORDS_MODE = {
+  begin: /\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/
+};
+/**
+ * Creates a comment mode
+ *
+ * @param {string | RegExp} begin
+ * @param {string | RegExp} end
+ * @param {Mode | {}} [modeOptions]
+ * @returns {Partial<Mode>}
+ */
+var COMMENT = function COMMENT(begin, end) {
+  var modeOptions = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  var mode = inherit({
+    className: 'comment',
+    begin: begin,
+    end: end,
+    contains: []
+  }, modeOptions);
+  mode.contains.push(PHRASAL_WORDS_MODE);
+  mode.contains.push({
+    className: 'doctag',
+    begin: '(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):',
+    relevance: 0
+  });
+  return mode;
+};
+var C_LINE_COMMENT_MODE = COMMENT('//', '$');
+var C_BLOCK_COMMENT_MODE = COMMENT('/\\*', '\\*/');
+var HASH_COMMENT_MODE = COMMENT('#', '$');
+var NUMBER_MODE = {
+  className: 'number',
+  begin: NUMBER_RE,
+  relevance: 0
+};
+var C_NUMBER_MODE = {
+  className: 'number',
+  begin: C_NUMBER_RE,
+  relevance: 0
+};
+var BINARY_NUMBER_MODE = {
+  className: 'number',
+  begin: BINARY_NUMBER_RE,
+  relevance: 0
+};
+var CSS_NUMBER_MODE = {
+  className: 'number',
+  begin: NUMBER_RE + '(' + '%|em|ex|ch|rem' + '|vw|vh|vmin|vmax' + '|cm|mm|in|pt|pc|px' + '|deg|grad|rad|turn' + '|s|ms' + '|Hz|kHz' + '|dpi|dpcm|dppx' + ')?',
+  relevance: 0
+};
+var REGEXP_MODE = {
+  // this outer rule makes sure we actually have a WHOLE regex and not simply
+  // an expression such as:
+  //
+  //     3 / something
+  //
+  // (which will then blow up when regex's `illegal` sees the newline)
+  begin: /(?=\/[^/\n]*\/)/,
+  contains: [{
+    className: 'regexp',
+    begin: /\//,
+    end: /\/[gimuy]*/,
+    illegal: /\n/,
+    contains: [BACKSLASH_ESCAPE, {
+      begin: /\[/,
+      end: /\]/,
+      relevance: 0,
+      contains: [BACKSLASH_ESCAPE]
+    }]
+  }]
+};
+var TITLE_MODE = {
+  className: 'title',
+  begin: IDENT_RE,
+  relevance: 0
+};
+var UNDERSCORE_TITLE_MODE = {
+  className: 'title',
+  begin: UNDERSCORE_IDENT_RE,
+  relevance: 0
+};
+var METHOD_GUARD = {
+  // excludes method names from keyword processing
+  begin: '\\.\\s*' + UNDERSCORE_IDENT_RE,
+  relevance: 0
+};
+
+/**
+ * Adds end same as begin mechanics to a mode
+ *
+ * Your mode must include at least a single () match group as that first match
+ * group is what is used for comparison
+ * @param {Partial<Mode>} mode
+ */
+var END_SAME_AS_BEGIN = function END_SAME_AS_BEGIN(mode) {
+  return Object.assign(mode, {
+    /** @type {ModeCallback} */
+    'on:begin': function onBegin(m, resp) {
+      resp.data._beginMatch = m[1];
+    },
+    /** @type {ModeCallback} */
+    'on:end': function onEnd(m, resp) {
+      if (resp.data._beginMatch !== m[1]) resp.ignoreMatch();
+    }
+  });
+};
+var MODES = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  MATCH_NOTHING_RE: MATCH_NOTHING_RE,
+  IDENT_RE: IDENT_RE,
+  UNDERSCORE_IDENT_RE: UNDERSCORE_IDENT_RE,
+  NUMBER_RE: NUMBER_RE,
+  C_NUMBER_RE: C_NUMBER_RE,
+  BINARY_NUMBER_RE: BINARY_NUMBER_RE,
+  RE_STARTERS_RE: RE_STARTERS_RE,
+  SHEBANG: SHEBANG,
+  BACKSLASH_ESCAPE: BACKSLASH_ESCAPE,
+  APOS_STRING_MODE: APOS_STRING_MODE,
+  QUOTE_STRING_MODE: QUOTE_STRING_MODE,
+  PHRASAL_WORDS_MODE: PHRASAL_WORDS_MODE,
+  COMMENT: COMMENT,
+  C_LINE_COMMENT_MODE: C_LINE_COMMENT_MODE,
+  C_BLOCK_COMMENT_MODE: C_BLOCK_COMMENT_MODE,
+  HASH_COMMENT_MODE: HASH_COMMENT_MODE,
+  NUMBER_MODE: NUMBER_MODE,
+  C_NUMBER_MODE: C_NUMBER_MODE,
+  BINARY_NUMBER_MODE: BINARY_NUMBER_MODE,
+  CSS_NUMBER_MODE: CSS_NUMBER_MODE,
+  REGEXP_MODE: REGEXP_MODE,
+  TITLE_MODE: TITLE_MODE,
+  UNDERSCORE_TITLE_MODE: UNDERSCORE_TITLE_MODE,
+  METHOD_GUARD: METHOD_GUARD,
+  END_SAME_AS_BEGIN: END_SAME_AS_BEGIN
+});
+
+// Grammar extensions / plugins
+// See: https://github.com/highlightjs/highlight.js/issues/2833
+
+// Grammar extensions allow "syntactic sugar" to be added to the grammar modes
+// without requiring any underlying changes to the compiler internals.
+
+// `compileMatch` being the perfect small example of now allowing a grammar
+// author to write `match` when they desire to match a single expression rather
+// than being forced to use `begin`.  The extension then just moves `match` into
+// `begin` when it runs.  Ie, no features have been added, but we've just made
+// the experience of writing (and reading grammars) a little bit nicer.
+
+// ------
+
+// TODO: We need negative look-behind support to do this properly
+/**
+ * Skip a match if it has a preceding dot
+ *
+ * This is used for `beginKeywords` to prevent matching expressions such as
+ * `bob.keyword.do()`. The mode compiler automatically wires this up as a
+ * special _internal_ 'on:begin' callback for modes with `beginKeywords`
+ * @param {RegExpMatchArray} match
+ * @param {CallbackResponse} response
+ */
+function skipIfhasPrecedingDot(match, response) {
+  var before = match.input[match.index - 1];
+  if (before === ".") {
+    response.ignoreMatch();
+  }
+}
+
+/**
+ * `beginKeywords` syntactic sugar
+ * @type {CompilerExt}
+ */
+function beginKeywords(mode, parent) {
+  if (!parent) return;
+  if (!mode.beginKeywords) return;
+
+  // for languages with keywords that include non-word characters checking for
+  // a word boundary is not sufficient, so instead we check for a word boundary
+  // or whitespace - this does no harm in any case since our keyword engine
+  // doesn't allow spaces in keywords anyways and we still check for the boundary
+  // first
+  mode.begin = '\\b(' + mode.beginKeywords.split(' ').join('|') + ')(?!\\.)(?=\\b|\\s)';
+  mode.__beforeBegin = skipIfhasPrecedingDot;
+  mode.keywords = mode.keywords || mode.beginKeywords;
+  delete mode.beginKeywords;
+
+  // prevents double relevance, the keywords themselves provide
+  // relevance, the mode doesn't need to double it
+  // eslint-disable-next-line no-undefined
+  if (mode.relevance === undefined) mode.relevance = 0;
+}
+
+/**
+ * Allow `illegal` to contain an array of illegal values
+ * @type {CompilerExt}
+ */
+function compileIllegal(mode, _parent) {
+  if (!Array.isArray(mode.illegal)) return;
+  mode.illegal = either.apply(void 0, _toConsumableArray(mode.illegal));
+}
+
+/**
+ * `match` to match a single expression for readability
+ * @type {CompilerExt}
+ */
+function compileMatch(mode, _parent) {
+  if (!mode.match) return;
+  if (mode.begin || mode.end) throw new Error("begin & end are not supported with match");
+  mode.begin = mode.match;
+  delete mode.match;
+}
+
+/**
+ * provides the default 1 relevance to all modes
+ * @type {CompilerExt}
+ */
+function compileRelevance(mode, _parent) {
+  // eslint-disable-next-line no-undefined
+  if (mode.relevance === undefined) mode.relevance = 1;
+}
+
+// keywords that should have no default relevance value
+var COMMON_KEYWORDS = ['of', 'and', 'for', 'in', 'not', 'or', 'if', 'then', 'parent',
+// common variable name
+'list',
+// common variable name
+'value' // common variable name
+];
+
+var DEFAULT_KEYWORD_CLASSNAME = "keyword";
+
+/**
+ * Given raw keywords from a language definition, compile them.
+ *
+ * @param {string | Record<string,string|string[]> | Array<string>} rawKeywords
+ * @param {boolean} caseInsensitive
+ */
+function compileKeywords(rawKeywords, caseInsensitive) {
+  var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : DEFAULT_KEYWORD_CLASSNAME;
+  /** @type KeywordDict */
+  var compiledKeywords = {};
+
+  // input can be a string of keywords, an array of keywords, or a object with
+  // named keys representing className (which can then point to a string or array)
+  if (typeof rawKeywords === 'string') {
+    compileList(className, rawKeywords.split(" "));
+  } else if (Array.isArray(rawKeywords)) {
+    compileList(className, rawKeywords);
+  } else {
+    Object.keys(rawKeywords).forEach(function (className) {
+      // collapse all our objects back into the parent object
+      Object.assign(compiledKeywords, compileKeywords(rawKeywords[className], caseInsensitive, className));
+    });
+  }
+  return compiledKeywords;
+
+  // ---
+
+  /**
+   * Compiles an individual list of keywords
+   *
+   * Ex: "for if when while|5"
+   *
+   * @param {string} className
+   * @param {Array<string>} keywordList
+   */
+  function compileList(className, keywordList) {
+    if (caseInsensitive) {
+      keywordList = keywordList.map(function (x) {
+        return x.toLowerCase();
+      });
+    }
+    keywordList.forEach(function (keyword) {
+      var pair = keyword.split('|');
+      compiledKeywords[pair[0]] = [className, scoreForKeyword(pair[0], pair[1])];
+    });
+  }
+}
+
+/**
+ * Returns the proper score for a given keyword
+ *
+ * Also takes into account comment keywords, which will be scored 0 UNLESS
+ * another score has been manually assigned.
+ * @param {string} keyword
+ * @param {string} [providedScore]
+ */
+function scoreForKeyword(keyword, providedScore) {
+  // manual scores always win over common keywords
+  // so you can force a score of 1 if you really insist
+  if (providedScore) {
+    return Number(providedScore);
+  }
+  return commonKeyword(keyword) ? 0 : 1;
+}
+
+/**
+ * Determines if a given keyword is common or not
+ *
+ * @param {string} keyword */
+function commonKeyword(keyword) {
+  return COMMON_KEYWORDS.includes(keyword.toLowerCase());
+}
+
+// compilation
+
+/**
+ * Compiles a language definition result
+ *
+ * Given the raw result of a language definition (Language), compiles this so
+ * that it is ready for highlighting code.
+ * @param {Language} language
+ * @param {{plugins: HLJSPlugin[]}} opts
+ * @returns {CompiledLanguage}
+ */
+function compileLanguage(language, _ref) {
+  var plugins = _ref.plugins;
+  /**
+   * Builds a regex with the case sensativility of the current language
+   *
+   * @param {RegExp | string} value
+   * @param {boolean} [global]
+   */
+  function langRe(value, global) {
+    return new RegExp(source(value), 'm' + (language.case_insensitive ? 'i' : '') + (global ? 'g' : ''));
+  }
+
+  /**
+    Stores multiple regular expressions and allows you to quickly search for
+    them all in a string simultaneously - returning the first match.  It does
+    this by creating a huge (a|b|c) regex - each individual item wrapped with ()
+    and joined by `|` - using match groups to track position.  When a match is
+    found checking which position in the array has content allows us to figure
+    out which of the original regexes / match groups triggered the match.
+     The match object itself (the result of `Regex.exec`) is returned but also
+    enhanced by merging in any meta-data that was registered with the regex.
+    This is how we keep track of which mode matched, and what type of rule
+    (`illegal`, `begin`, end, etc).
+  */
+  var MultiRegex = /*#__PURE__*/function () {
+    "use strict";
+
+    function MultiRegex() {
+      _classCallCheck(this, MultiRegex);
+      this.matchIndexes = {};
+      // @ts-ignore
+      this.regexes = [];
+      this.matchAt = 1;
+      this.position = 0;
+    }
+
+    // @ts-ignore
+    _createClass(MultiRegex, [{
+      key: "addRule",
+      value: function addRule(re, opts) {
+        opts.position = this.position++;
+        // @ts-ignore
+        this.matchIndexes[this.matchAt] = opts;
+        this.regexes.push([opts, re]);
+        this.matchAt += countMatchGroups(re) + 1;
+      }
+    }, {
+      key: "compile",
+      value: function compile() {
+        if (this.regexes.length === 0) {
+          // avoids the need to check length every time exec is called
+          // @ts-ignore
+          this.exec = function () {
+            return null;
+          };
+        }
+        var terminators = this.regexes.map(function (el) {
+          return el[1];
+        });
+        this.matcherRe = langRe(join(terminators), true);
+        this.lastIndex = 0;
+      }
+
+      /** @param {string} s */
+    }, {
+      key: "exec",
+      value: function exec(s) {
+        this.matcherRe.lastIndex = this.lastIndex;
+        var match = this.matcherRe.exec(s);
+        if (!match) {
+          return null;
+        }
+
+        // eslint-disable-next-line no-undefined
+        var i = match.findIndex(function (el, i) {
+          return i > 0 && el !== undefined;
+        });
+        // @ts-ignore
+        var matchData = this.matchIndexes[i];
+        // trim off any earlier non-relevant match groups (ie, the other regex
+        // match groups that make up the multi-matcher)
+        match.splice(0, i);
+        return Object.assign(match, matchData);
+      }
+    }]);
+    return MultiRegex;
+  }();
+  /*
+    Created to solve the key deficiently with MultiRegex - there is no way to
+    test for multiple matches at a single location.  Why would we need to do
+    that?  In the future a more dynamic engine will allow certain matches to be
+    ignored.  An example: if we matched say the 3rd regex in a large group but
+    decided to ignore it - we'd need to started testing again at the 4th
+    regex... but MultiRegex itself gives us no real way to do that.
+     So what this class creates MultiRegexs on the fly for whatever search
+    position they are needed.
+     NOTE: These additional MultiRegex objects are created dynamically.  For most
+    grammars most of the time we will never actually need anything more than the
+    first MultiRegex - so this shouldn't have too much overhead.
+     Say this is our search group, and we match regex3, but wish to ignore it.
+       regex1 | regex2 | regex3 | regex4 | regex5    ' ie, startAt = 0
+     What we need is a new MultiRegex that only includes the remaining
+    possibilities:
+       regex4 | regex5                               ' ie, startAt = 3
+     This class wraps all that complexity up in a simple API... `startAt` decides
+    where in the array of expressions to start doing the matching. It
+    auto-increments, so if a match is found at position 2, then startAt will be
+    set to 3.  If the end is reached startAt will return to 0.
+     MOST of the time the parser will be setting startAt manually to 0.
+  */
+  var ResumableMultiRegex = /*#__PURE__*/function () {
+    "use strict";
+
+    function ResumableMultiRegex() {
+      _classCallCheck(this, ResumableMultiRegex);
+      // @ts-ignore
+      this.rules = [];
+      // @ts-ignore
+      this.multiRegexes = [];
+      this.count = 0;
+      this.lastIndex = 0;
+      this.regexIndex = 0;
+    }
+
+    // @ts-ignore
+    _createClass(ResumableMultiRegex, [{
+      key: "getMatcher",
+      value: function getMatcher(index) {
+        if (this.multiRegexes[index]) return this.multiRegexes[index];
+        var matcher = new MultiRegex();
+        this.rules.slice(index).forEach(function (_ref2) {
+          var _ref3 = _slicedToArray(_ref2, 2),
+            re = _ref3[0],
+            opts = _ref3[1];
+          return matcher.addRule(re, opts);
+        });
+        matcher.compile();
+        this.multiRegexes[index] = matcher;
+        return matcher;
+      }
+    }, {
+      key: "resumingScanAtSamePosition",
+      value: function resumingScanAtSamePosition() {
+        return this.regexIndex !== 0;
+      }
+    }, {
+      key: "considerAll",
+      value: function considerAll() {
+        this.regexIndex = 0;
+      }
+
+      // @ts-ignore
+    }, {
+      key: "addRule",
+      value: function addRule(re, opts) {
+        this.rules.push([re, opts]);
+        if (opts.type === "begin") this.count++;
+      }
+
+      /** @param {string} s */
+    }, {
+      key: "exec",
+      value: function exec(s) {
+        var m = this.getMatcher(this.regexIndex);
+        m.lastIndex = this.lastIndex;
+        var result = m.exec(s);
+
+        // The following is because we have no easy way to say "resume scanning at the
+        // existing position but also skip the current rule ONLY". What happens is
+        // all prior rules are also skipped which can result in matching the wrong
+        // thing. Example of matching "booger":
+
+        // our matcher is [string, "booger", number]
+        //
+        // ....booger....
+
+        // if "booger" is ignored then we'd really need a regex to scan from the
+        // SAME position for only: [string, number] but ignoring "booger" (if it
+        // was the first match), a simple resume would scan ahead who knows how
+        // far looking only for "number", ignoring potential string matches (or
+        // future "booger" matches that might be valid.)
+
+        // So what we do: We execute two matchers, one resuming at the same
+        // position, but the second full matcher starting at the position after:
+
+        //     /--- resume first regex match here (for [number])
+        //     |/---- full match here for [string, "booger", number]
+        //     vv
+        // ....booger....
+
+        // Which ever results in a match first is then used. So this 3-4 step
+        // process essentially allows us to say "match at this position, excluding
+        // a prior rule that was ignored".
+        //
+        // 1. Match "booger" first, ignore. Also proves that [string] does non match.
+        // 2. Resume matching for [number]
+        // 3. Match at index + 1 for [string, "booger", number]
+        // 4. If #2 and #3 result in matches, which came first?
+        if (this.resumingScanAtSamePosition()) {
+          if (result && result.index === this.lastIndex) ;else {
+            // use the second matcher result
+            var m2 = this.getMatcher(0);
+            m2.lastIndex = this.lastIndex + 1;
+            result = m2.exec(s);
+          }
+        }
+        if (result) {
+          this.regexIndex += result.position + 1;
+          if (this.regexIndex === this.count) {
+            // wrap-around to considering all matches again
+            this.considerAll();
+          }
+        }
+        return result;
+      }
+    }]);
+    return ResumableMultiRegex;
+  }();
+  /**
+   * Given a mode, builds a huge ResumableMultiRegex that can be used to walk
+   * the content and find matches.
+   *
+   * @param {CompiledMode} mode
+   * @returns {ResumableMultiRegex}
+   */
+  function buildModeRegex(mode) {
+    var mm = new ResumableMultiRegex();
+    mode.contains.forEach(function (term) {
+      return mm.addRule(term.begin, {
+        rule: term,
+        type: "begin"
+      });
+    });
+    if (mode.terminatorEnd) {
+      mm.addRule(mode.terminatorEnd, {
+        type: "end"
+      });
+    }
+    if (mode.illegal) {
+      mm.addRule(mode.illegal, {
+        type: "illegal"
+      });
+    }
+    return mm;
+  }
+
+  /** skip vs abort vs ignore
+   *
+   * @skip   - The mode is still entered and exited normally (and contains rules apply),
+   *           but all content is held and added to the parent buffer rather than being
+   *           output when the mode ends.  Mostly used with `sublanguage` to build up
+   *           a single large buffer than can be parsed by sublanguage.
+   *
+   *             - The mode begin ands ends normally.
+   *             - Content matched is added to the parent mode buffer.
+   *             - The parser cursor is moved forward normally.
+   *
+   * @abort  - A hack placeholder until we have ignore.  Aborts the mode (as if it
+   *           never matched) but DOES NOT continue to match subsequent `contains`
+   *           modes.  Abort is bad/suboptimal because it can result in modes
+   *           farther down not getting applied because an earlier rule eats the
+   *           content but then aborts.
+   *
+   *             - The mode does not begin.
+   *             - Content matched by `begin` is added to the mode buffer.
+   *             - The parser cursor is moved forward accordingly.
+   *
+   * @ignore - Ignores the mode (as if it never matched) and continues to match any
+   *           subsequent `contains` modes.  Ignore isn't technically possible with
+   *           the current parser implementation.
+   *
+   *             - The mode does not begin.
+   *             - Content matched by `begin` is ignored.
+   *             - The parser cursor is not moved forward.
+   */
+
+  /**
+   * Compiles an individual mode
+   *
+   * This can raise an error if the mode contains certain detectable known logic
+   * issues.
+   * @param {Mode} mode
+   * @param {CompiledMode | null} [parent]
+   * @returns {CompiledMode | never}
+   */
+  function compileMode(mode, parent) {
+    var _ref4;
+    var cmode = /** @type CompiledMode */mode;
+    if (mode.isCompiled) return cmode;
+    [
+    // do this early so compiler extensions generally don't have to worry about
+    // the distinction between match/begin
+    compileMatch].forEach(function (ext) {
+      return ext(mode, parent);
+    });
+    language.compilerExtensions.forEach(function (ext) {
+      return ext(mode, parent);
+    });
+
+    // __beforeBegin is considered private API, internal use only
+    mode.__beforeBegin = null;
+    [beginKeywords,
+    // do this later so compiler extensions that come earlier have access to the
+    // raw array if they wanted to perhaps manipulate it, etc.
+    compileIllegal,
+    // default to 1 relevance if not specified
+    compileRelevance].forEach(function (ext) {
+      return ext(mode, parent);
+    });
+    mode.isCompiled = true;
+    var keywordPattern = null;
+    if (typeof mode.keywords === "object") {
+      keywordPattern = mode.keywords.$pattern;
+      delete mode.keywords.$pattern;
+    }
+    if (mode.keywords) {
+      mode.keywords = compileKeywords(mode.keywords, language.case_insensitive);
+    }
+
+    // both are not allowed
+    if (mode.lexemes && keywordPattern) {
+      throw new Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");
+    }
+
+    // `mode.lexemes` was the old standard before we added and now recommend
+    // using `keywords.$pattern` to pass the keyword pattern
+    keywordPattern = keywordPattern || mode.lexemes || /\w+/;
+    cmode.keywordPatternRe = langRe(keywordPattern, true);
+    if (parent) {
+      if (!mode.begin) mode.begin = /\B|\b/;
+      cmode.beginRe = langRe(mode.begin);
+      if (mode.endSameAsBegin) mode.end = mode.begin;
+      if (!mode.end && !mode.endsWithParent) mode.end = /\B|\b/;
+      if (mode.end) cmode.endRe = langRe(mode.end);
+      cmode.terminatorEnd = source(mode.end) || '';
+      if (mode.endsWithParent && parent.terminatorEnd) {
+        cmode.terminatorEnd += (mode.end ? '|' : '') + parent.terminatorEnd;
+      }
+    }
+    if (mode.illegal) cmode.illegalRe = langRe( /** @type {RegExp | string} */mode.illegal);
+    if (!mode.contains) mode.contains = [];
+    mode.contains = (_ref4 = []).concat.apply(_ref4, _toConsumableArray(mode.contains.map(function (c) {
+      return expandOrCloneMode(c === 'self' ? mode : c);
+    })));
+    mode.contains.forEach(function (c) {
+      compileMode( /** @type Mode */c, cmode);
+    });
+    if (mode.starts) {
+      compileMode(mode.starts, parent);
+    }
+    cmode.matcher = buildModeRegex(cmode);
+    return cmode;
+  }
+  if (!language.compilerExtensions) language.compilerExtensions = [];
+
+  // self is not valid at the top-level
+  if (language.contains && language.contains.includes('self')) {
+    throw new Error("ERR: contains `self` is not supported at the top-level of a language.  See documentation.");
+  }
+
+  // we need a null object, which inherit will guarantee
+  language.classNameAliases = inherit(language.classNameAliases || {});
+  return compileMode( /** @type Mode */language);
+}
+
+/**
+ * Determines if a mode has a dependency on it's parent or not
+ *
+ * If a mode does have a parent dependency then often we need to clone it if
+ * it's used in multiple places so that each copy points to the correct parent,
+ * where-as modes without a parent can often safely be re-used at the bottom of
+ * a mode chain.
+ *
+ * @param {Mode | null} mode
+ * @returns {boolean} - is there a dependency on the parent?
+ * */
+function dependencyOnParent(mode) {
+  if (!mode) return false;
+  return mode.endsWithParent || dependencyOnParent(mode.starts);
+}
+
+/**
+ * Expands a mode or clones it if necessary
+ *
+ * This is necessary for modes with parental dependenceis (see notes on
+ * `dependencyOnParent`) and for nodes that have `variants` - which must then be
+ * exploded into their own individual modes at compile time.
+ *
+ * @param {Mode} mode
+ * @returns {Mode | Mode[]}
+ * */
+function expandOrCloneMode(mode) {
+  if (mode.variants && !mode.cachedVariants) {
+    mode.cachedVariants = mode.variants.map(function (variant) {
+      return inherit(mode, {
+        variants: null
+      }, variant);
+    });
+  }
+
+  // EXPAND
+  // if we have variants then essentially "replace" the mode with the variants
+  // this happens in compileMode, where this function is called from
+  if (mode.cachedVariants) {
+    return mode.cachedVariants;
+  }
+
+  // CLONE
+  // if we have dependencies on parents then we need a unique
+  // instance of ourselves, so we can be reused with many
+  // different parents without issue
+  if (dependencyOnParent(mode)) {
+    return inherit(mode, {
+      starts: mode.starts ? inherit(mode.starts) : null
+    });
+  }
+  if (Object.isFrozen(mode)) {
+    return inherit(mode);
+  }
+
+  // no special dependency issues, just return ourselves
+  return mode;
+}
+var version = "10.7.3";
+
+// @ts-nocheck
+
+function hasValueOrEmptyAttribute(value) {
+  return Boolean(value || value === "");
+}
+function BuildVuePlugin(hljs) {
+  var Component = {
+    props: ["language", "code", "autodetect"],
+    data: function data() {
+      return {
+        detectedLanguage: "",
+        unknownLanguage: false
+      };
+    },
+    computed: {
+      className: function className() {
+        if (this.unknownLanguage) return "";
+        return "hljs " + this.detectedLanguage;
+      },
+      highlighted: function highlighted() {
+        // no idea what language to use, return raw code
+        if (!this.autoDetect && !hljs.getLanguage(this.language)) {
+          console.warn("The language \"".concat(this.language, "\" you specified could not be found."));
+          this.unknownLanguage = true;
+          return escapeHTML(this.code);
+        }
+        var result = {};
+        if (this.autoDetect) {
+          result = hljs.highlightAuto(this.code);
+          this.detectedLanguage = result.language;
+        } else {
+          result = hljs.highlight(this.language, this.code, this.ignoreIllegals);
+          this.detectedLanguage = this.language;
+        }
+        return result.value;
+      },
+      autoDetect: function autoDetect() {
+        return !this.language || hasValueOrEmptyAttribute(this.autodetect);
+      },
+      ignoreIllegals: function ignoreIllegals() {
+        return true;
+      }
+    },
+    // this avoids needing to use a whole Vue compilation pipeline just
+    // to build Highlight.js
+    render: function render(createElement) {
+      return createElement("pre", {}, [createElement("code", {
+        class: this.className,
+        domProps: {
+          innerHTML: this.highlighted
+        }
+      })]);
+    } // template: `<pre><code :class="className" v-html="highlighted"></code></pre>`
+  };
+  var VuePlugin = {
+    install: function install(Vue) {
+      Vue.component('highlightjs', Component);
+    }
+  };
+  return {
+    Component: Component,
+    VuePlugin: VuePlugin
+  };
+}
+
+/* plugin itself */
+
+/** @type {HLJSPlugin} */
+var mergeHTMLPlugin = {
+  "after:highlightElement": function afterHighlightElement(_ref5) {
+    var el = _ref5.el,
+      result = _ref5.result,
+      text = _ref5.text;
+    var originalStream = nodeStream(el);
+    if (!originalStream.length) return;
+    var resultNode = document.createElement('div');
+    resultNode.innerHTML = result.value;
+    result.value = mergeStreams(originalStream, nodeStream(resultNode), text);
+  }
+};
+
+/* Stream merging support functions */
+
+/**
+ * @typedef Event
+ * @property {'start'|'stop'} event
+ * @property {number} offset
+ * @property {Node} node
+ */
+
+/**
+ * @param {Node} node
+ */
+function tag(node) {
+  return node.nodeName.toLowerCase();
+}
+
+/**
+ * @param {Node} node
+ */
+function nodeStream(node) {
+  /** @type Event[] */
+  var result = [];
+  (function _nodeStream(node, offset) {
+    for (var child = node.firstChild; child; child = child.nextSibling) {
+      if (child.nodeType === 3) {
+        offset += child.nodeValue.length;
+      } else if (child.nodeType === 1) {
+        result.push({
+          event: 'start',
+          offset: offset,
+          node: child
+        });
+        offset = _nodeStream(child, offset);
+        // Prevent void elements from having an end tag that would actually
+        // double them in the output. There are more void elements in HTML
+        // but we list only those realistically expected in code display.
+        if (!tag(child).match(/br|hr|img|input/)) {
+          result.push({
+            event: 'stop',
+            offset: offset,
+            node: child
+          });
+        }
+      }
+    }
+    return offset;
+  })(node, 0);
+  return result;
+}
+
+/**
+ * @param {any} original - the original stream
+ * @param {any} highlighted - stream of the highlighted source
+ * @param {string} value - the original source itself
+ */
+function mergeStreams(original, highlighted, value) {
+  var processed = 0;
+  var result = '';
+  var nodeStack = [];
+  function selectStream() {
+    if (!original.length || !highlighted.length) {
+      return original.length ? original : highlighted;
+    }
+    if (original[0].offset !== highlighted[0].offset) {
+      return original[0].offset < highlighted[0].offset ? original : highlighted;
+    }
+
+    /*
+    To avoid starting the stream just before it should stop the order is
+    ensured that original always starts first and closes last:
+     if (event1 == 'start' && event2 == 'start')
+      return original;
+    if (event1 == 'start' && event2 == 'stop')
+      return highlighted;
+    if (event1 == 'stop' && event2 == 'start')
+      return original;
+    if (event1 == 'stop' && event2 == 'stop')
+      return highlighted;
+     ... which is collapsed to:
+    */
+    return highlighted[0].event === 'start' ? original : highlighted;
+  }
+
+  /**
+   * @param {Node} node
+   */
+  function open(node) {
+    /** @param {Attr} attr */
+    function attributeString(attr) {
+      return ' ' + attr.nodeName + '="' + escapeHTML(attr.value) + '"';
+    }
+    // @ts-ignore
+    result += '<' + tag(node) + [].map.call(node.attributes, attributeString).join('') + '>';
+  }
+
+  /**
+   * @param {Node} node
+   */
+  function close(node) {
+    result += '</' + tag(node) + '>';
+  }
+
+  /**
+   * @param {Event} event
+   */
+  function render(event) {
+    (event.event === 'start' ? open : close)(event.node);
+  }
+  while (original.length || highlighted.length) {
+    var stream = selectStream();
+    result += escapeHTML(value.substring(processed, stream[0].offset));
+    processed = stream[0].offset;
+    if (stream === original) {
+      /*
+      On any opening or closing tag of the original markup we first close
+      the entire highlighted node stack, then render the original tag along
+      with all the following original tags at the same offset and then
+      reopen all the tags on the highlighted stack.
+      */
+      nodeStack.reverse().forEach(close);
+      do {
+        render(stream.splice(0, 1)[0]);
+        stream = selectStream();
+      } while (stream === original && stream.length && stream[0].offset === processed);
+      nodeStack.reverse().forEach(open);
+    } else {
+      if (stream[0].event === 'start') {
+        nodeStack.push(stream[0].node);
+      } else {
+        nodeStack.pop();
+      }
+      render(stream.splice(0, 1)[0]);
+    }
+  }
+  return result + escapeHTML(value.substr(processed));
+}
+
+/*
+
+For the reasoning behind this please see:
+https://github.com/highlightjs/highlight.js/issues/2880#issuecomment-747275419
+
+*/
+
+/**
+ * @type {Record<string, boolean>}
+ */
+var seenDeprecations = {};
+
+/**
+ * @param {string} message
+ */
+var error = function error(message) {
+  console.error(message);
+};
+
+/**
+ * @param {string} message
+ * @param {any} args
+ */
+var warn = function warn(message) {
+  var _console;
+  for (var _len4 = arguments.length, args = new Array(_len4 > 1 ? _len4 - 1 : 0), _key5 = 1; _key5 < _len4; _key5++) {
+    args[_key5 - 1] = arguments[_key5];
+  }
+  (_console = console).log.apply(_console, ["WARN: ".concat(message)].concat(args));
+};
+
+/**
+ * @param {string} version
+ * @param {string} message
+ */
+var deprecated = function deprecated(version, message) {
+  if (seenDeprecations["".concat(version, "/").concat(message)]) return;
+  console.log("Deprecated as of ".concat(version, ". ").concat(message));
+  seenDeprecations["".concat(version, "/").concat(message)] = true;
+};
+
+/*
+Syntax highlighting with language autodetection.
+https://highlightjs.org/
+*/
+
+var escape$1 = escapeHTML;
+var inherit$1 = inherit;
+var NO_MATCH = Symbol("nomatch");
+
+/**
+ * @param {any} hljs - object that is extended (legacy)
+ * @returns {HLJSApi}
+ */
+var HLJS = function HLJS(hljs) {
+  // Global internal variables used within the highlight.js library.
+  /** @type {Record<string, Language>} */
+  var languages = Object.create(null);
+  /** @type {Record<string, string>} */
+  var aliases = Object.create(null);
+  /** @type {HLJSPlugin[]} */
+  var plugins = [];
+
+  // safe/production mode - swallows more errors, tries to keep running
+  // even if a single syntax or parse hits a fatal error
+  var SAFE_MODE = true;
+  var fixMarkupRe = /(^(<[^>]+>|\t|)+|\n)/gm;
+  var LANGUAGE_NOT_FOUND = "Could not find the language '{}', did you forget to load/include a language module?";
+  /** @type {Language} */
+  var PLAINTEXT_LANGUAGE = {
+    disableAutodetect: true,
+    name: 'Plain text',
+    contains: []
+  };
+
+  // Global options used when within external APIs. This is modified when
+  // calling the `hljs.configure` function.
+  /** @type HLJSOptions */
+  var options = {
+    noHighlightRe: /^(no-?highlight)$/i,
+    languageDetectRe: /\blang(?:uage)?-([\w-]+)\b/i,
+    classPrefix: 'hljs-',
+    tabReplace: null,
+    useBR: false,
+    languages: null,
+    // beta configuration options, subject to change, welcome to discuss
+    // https://github.com/highlightjs/highlight.js/issues/1086
+    __emitter: TokenTreeEmitter
+  };
+
+  /* Utility functions */
+
+  /**
+   * Tests a language name to see if highlighting should be skipped
+   * @param {string} languageName
+   */
+  function shouldNotHighlight(languageName) {
+    return options.noHighlightRe.test(languageName);
+  }
+
+  /**
+   * @param {HighlightedHTMLElement} block - the HTML element to determine language for
+   */
+  function blockLanguage(block) {
+    var classes = block.className + ' ';
+    classes += block.parentNode ? block.parentNode.className : '';
+
+    // language-* takes precedence over non-prefixed class names.
+    var match = options.languageDetectRe.exec(classes);
+    if (match) {
+      var language = getLanguage(match[1]);
+      if (!language) {
+        warn(LANGUAGE_NOT_FOUND.replace("{}", match[1]));
+        warn("Falling back to no-highlight mode for this block.", block);
+      }
+      return language ? match[1] : 'no-highlight';
+    }
+    return classes.split(/\s+/).find(function (_class) {
+      return shouldNotHighlight(_class) || getLanguage(_class);
+    });
+  }
+
+  /**
+   * Core highlighting function.
+   *
+   * OLD API
+   * highlight(lang, code, ignoreIllegals, continuation)
+   *
+   * NEW API
+   * highlight(code, {lang, ignoreIllegals})
+   *
+   * @param {string} codeOrlanguageName - the language to use for highlighting
+   * @param {string | HighlightOptions} optionsOrCode - the code to highlight
+   * @param {boolean} [ignoreIllegals] - whether to ignore illegal matches, default is to bail
+   * @param {CompiledMode} [continuation] - current continuation mode, if any
+   *
+   * @returns {HighlightResult} Result - an object that represents the result
+   * @property {string} language - the language name
+   * @property {number} relevance - the relevance score
+   * @property {string} value - the highlighted HTML code
+   * @property {string} code - the original raw code
+   * @property {CompiledMode} top - top of the current mode stack
+   * @property {boolean} illegal - indicates whether any illegal matches were found
+  */
+  function highlight(codeOrlanguageName, optionsOrCode, ignoreIllegals, continuation) {
+    var code = "";
+    var languageName = "";
+    if (typeof optionsOrCode === "object") {
+      code = codeOrlanguageName;
+      ignoreIllegals = optionsOrCode.ignoreIllegals;
+      languageName = optionsOrCode.language;
+      // continuation not supported at all via the new API
+      // eslint-disable-next-line no-undefined
+      continuation = undefined;
+    } else {
+      // old API
+      deprecated("10.7.0", "highlight(lang, code, ...args) has been deprecated.");
+      deprecated("10.7.0", "Please use highlight(code, options) instead.\nhttps://github.com/highlightjs/highlight.js/issues/2277");
+      languageName = codeOrlanguageName;
+      code = optionsOrCode;
+    }
+
+    /** @type {BeforeHighlightContext} */
+    var context = {
+      code: code,
+      language: languageName
+    };
+    // the plugin can change the desired language or the code to be highlighted
+    // just be changing the object it was passed
+    fire("before:highlight", context);
+
+    // a before plugin can usurp the result completely by providing it's own
+    // in which case we don't even need to call highlight
+    var result = context.result ? context.result : _highlight(context.language, context.code, ignoreIllegals, continuation);
+    result.code = context.code;
+    // the plugin can change anything in result to suite it
+    fire("after:highlight", result);
+    return result;
+  }
+
+  /**
+   * private highlight that's used internally and does not fire callbacks
+   *
+   * @param {string} languageName - the language to use for highlighting
+   * @param {string} codeToHighlight - the code to highlight
+   * @param {boolean?} [ignoreIllegals] - whether to ignore illegal matches, default is to bail
+   * @param {CompiledMode?} [continuation] - current continuation mode, if any
+   * @returns {HighlightResult} - result of the highlight operation
+  */
+  function _highlight(languageName, codeToHighlight, ignoreIllegals, continuation) {
+    /**
+     * Return keyword data if a match is a keyword
+     * @param {CompiledMode} mode - current mode
+     * @param {RegExpMatchArray} match - regexp match data
+     * @returns {KeywordData | false}
+     */
+    function keywordData(mode, match) {
+      var matchText = language.case_insensitive ? match[0].toLowerCase() : match[0];
+      return Object.prototype.hasOwnProperty.call(mode.keywords, matchText) && mode.keywords[matchText];
+    }
+    function processKeywords() {
+      if (!top.keywords) {
+        emitter.addText(modeBuffer);
+        return;
+      }
+      var lastIndex = 0;
+      top.keywordPatternRe.lastIndex = 0;
+      var match = top.keywordPatternRe.exec(modeBuffer);
+      var buf = "";
+      while (match) {
+        buf += modeBuffer.substring(lastIndex, match.index);
+        var data = keywordData(top, match);
+        if (data) {
+          var _data = _slicedToArray(data, 2),
+            kind = _data[0],
+            keywordRelevance = _data[1];
+          emitter.addText(buf);
+          buf = "";
+          relevance += keywordRelevance;
+          if (kind.startsWith("_")) {
+            // _ implied for relevance only, do not highlight
+            // by applying a class name
+            buf += match[0];
+          } else {
+            var cssClass = language.classNameAliases[kind] || kind;
+            emitter.addKeyword(match[0], cssClass);
+          }
+        } else {
+          buf += match[0];
+        }
+        lastIndex = top.keywordPatternRe.lastIndex;
+        match = top.keywordPatternRe.exec(modeBuffer);
+      }
+      buf += modeBuffer.substr(lastIndex);
+      emitter.addText(buf);
+    }
+    function processSubLanguage() {
+      if (modeBuffer === "") return;
+      /** @type HighlightResult */
+      var result = null;
+      if (typeof top.subLanguage === 'string') {
+        if (!languages[top.subLanguage]) {
+          emitter.addText(modeBuffer);
+          return;
+        }
+        result = _highlight(top.subLanguage, modeBuffer, true, continuations[top.subLanguage]);
+        continuations[top.subLanguage] = /** @type {CompiledMode} */result.top;
+      } else {
+        result = highlightAuto(modeBuffer, top.subLanguage.length ? top.subLanguage : null);
+      }
+
+      // Counting embedded language score towards the host language may be disabled
+      // with zeroing the containing mode relevance. Use case in point is Markdown that
+      // allows XML everywhere and makes every XML snippet to have a much larger Markdown
+      // score.
+      if (top.relevance > 0) {
+        relevance += result.relevance;
+      }
+      emitter.addSublanguage(result.emitter, result.language);
+    }
+    function processBuffer() {
+      if (top.subLanguage != null) {
+        processSubLanguage();
+      } else {
+        processKeywords();
+      }
+      modeBuffer = '';
+    }
+
+    /**
+     * @param {Mode} mode - new mode to start
+     */
+    function startNewMode(mode) {
+      if (mode.className) {
+        emitter.openNode(language.classNameAliases[mode.className] || mode.className);
+      }
+      top = Object.create(mode, {
+        parent: {
+          value: top
+        }
+      });
+      return top;
+    }
+
+    /**
+     * @param {CompiledMode } mode - the mode to potentially end
+     * @param {RegExpMatchArray} match - the latest match
+     * @param {string} matchPlusRemainder - match plus remainder of content
+     * @returns {CompiledMode | void} - the next mode, or if void continue on in current mode
+     */
+    function endOfMode(mode, match, matchPlusRemainder) {
+      var matched = startsWith(mode.endRe, matchPlusRemainder);
+      if (matched) {
+        if (mode["on:end"]) {
+          var resp = new Response(mode);
+          mode["on:end"](match, resp);
+          if (resp.isMatchIgnored) matched = false;
+        }
+        if (matched) {
+          while (mode.endsParent && mode.parent) {
+            mode = mode.parent;
+          }
+          return mode;
+        }
+      }
+      // even if on:end fires an `ignore` it's still possible
+      // that we might trigger the end node because of a parent mode
+      if (mode.endsWithParent) {
+        return endOfMode(mode.parent, match, matchPlusRemainder);
+      }
+    }
+
+    /**
+     * Handle matching but then ignoring a sequence of text
+     *
+     * @param {string} lexeme - string containing full match text
+     */
+    function doIgnore(lexeme) {
+      if (top.matcher.regexIndex === 0) {
+        // no more regexs to potentially match here, so we move the cursor forward one
+        // space
+        modeBuffer += lexeme[0];
+        return 1;
+      } else {
+        // no need to move the cursor, we still have additional regexes to try and
+        // match at this very spot
+        resumeScanAtSamePosition = true;
+        return 0;
+      }
+    }
+
+    /**
+     * Handle the start of a new potential mode match
+     *
+     * @param {EnhancedMatch} match - the current match
+     * @returns {number} how far to advance the parse cursor
+     */
+    function doBeginMatch(match) {
+      var lexeme = match[0];
+      var newMode = match.rule;
+      var resp = new Response(newMode);
+      // first internal before callbacks, then the public ones
+      var beforeCallbacks = [newMode.__beforeBegin, newMode["on:begin"]];
+      for (var _i = 0, _beforeCallbacks = beforeCallbacks; _i < _beforeCallbacks.length; _i++) {
+        var cb = _beforeCallbacks[_i];
+        if (!cb) continue;
+        cb(match, resp);
+        if (resp.isMatchIgnored) return doIgnore(lexeme);
+      }
+      if (newMode && newMode.endSameAsBegin) {
+        newMode.endRe = escape(lexeme);
+      }
+      if (newMode.skip) {
+        modeBuffer += lexeme;
+      } else {
+        if (newMode.excludeBegin) {
+          modeBuffer += lexeme;
+        }
+        processBuffer();
+        if (!newMode.returnBegin && !newMode.excludeBegin) {
+          modeBuffer = lexeme;
+        }
+      }
+      startNewMode(newMode);
+      // if (mode["after:begin"]) {
+      //   let resp = new Response(mode);
+      //   mode["after:begin"](match, resp);
+      // }
+      return newMode.returnBegin ? 0 : lexeme.length;
+    }
+
+    /**
+     * Handle the potential end of mode
+     *
+     * @param {RegExpMatchArray} match - the current match
+     */
+    function doEndMatch(match) {
+      var lexeme = match[0];
+      var matchPlusRemainder = codeToHighlight.substr(match.index);
+      var endMode = endOfMode(top, match, matchPlusRemainder);
+      if (!endMode) {
+        return NO_MATCH;
+      }
+      var origin = top;
+      if (origin.skip) {
+        modeBuffer += lexeme;
+      } else {
+        if (!(origin.returnEnd || origin.excludeEnd)) {
+          modeBuffer += lexeme;
+        }
+        processBuffer();
+        if (origin.excludeEnd) {
+          modeBuffer = lexeme;
+        }
+      }
+      do {
+        if (top.className) {
+          emitter.closeNode();
+        }
+        if (!top.skip && !top.subLanguage) {
+          relevance += top.relevance;
+        }
+        top = top.parent;
+      } while (top !== endMode.parent);
+      if (endMode.starts) {
+        if (endMode.endSameAsBegin) {
+          endMode.starts.endRe = endMode.endRe;
+        }
+        startNewMode(endMode.starts);
+      }
+      return origin.returnEnd ? 0 : lexeme.length;
+    }
+    function processContinuations() {
+      var list = [];
+      for (var current = top; current !== language; current = current.parent) {
+        if (current.className) {
+          list.unshift(current.className);
+        }
+      }
+      list.forEach(function (item) {
+        return emitter.openNode(item);
+      });
+    }
+
+    /** @type {{type?: MatchType, index?: number, rule?: Mode}}} */
+    var lastMatch = {};
+
+    /**
+     *  Process an individual match
+     *
+     * @param {string} textBeforeMatch - text preceeding the match (since the last match)
+     * @param {EnhancedMatch} [match] - the match itself
+     */
+    function processLexeme(textBeforeMatch, match) {
+      var lexeme = match && match[0];
+
+      // add non-matched text to the current mode buffer
+      modeBuffer += textBeforeMatch;
+      if (lexeme == null) {
+        processBuffer();
+        return 0;
+      }
+
+      // we've found a 0 width match and we're stuck, so we need to advance
+      // this happens when we have badly behaved rules that have optional matchers to the degree that
+      // sometimes they can end up matching nothing at all
+      // Ref: https://github.com/highlightjs/highlight.js/issues/2140
+      if (lastMatch.type === "begin" && match.type === "end" && lastMatch.index === match.index && lexeme === "") {
+        // spit the "skipped" character that our regex choked on back into the output sequence
+        modeBuffer += codeToHighlight.slice(match.index, match.index + 1);
+        if (!SAFE_MODE) {
+          /** @type {AnnotatedError} */
+          var err = new Error('0 width match regex');
+          err.languageName = languageName;
+          err.badRule = lastMatch.rule;
+          throw err;
+        }
+        return 1;
+      }
+      lastMatch = match;
+      if (match.type === "begin") {
+        return doBeginMatch(match);
+      } else if (match.type === "illegal" && !ignoreIllegals) {
+        // illegal match, we do not continue processing
+        /** @type {AnnotatedError} */
+        var _err = new Error('Illegal lexeme "' + lexeme + '" for mode "' + (top.className || '<unnamed>') + '"');
+        _err.mode = top;
+        throw _err;
+      } else if (match.type === "end") {
+        var processed = doEndMatch(match);
+        if (processed !== NO_MATCH) {
+          return processed;
+        }
+      }
+
+      // edge case for when illegal matches $ (end of line) which is technically
+      // a 0 width match but not a begin/end match so it's not caught by the
+      // first handler (when ignoreIllegals is true)
+      if (match.type === "illegal" && lexeme === "") {
+        // advance so we aren't stuck in an infinite loop
+        return 1;
+      }
+
+      // infinite loops are BAD, this is a last ditch catch all. if we have a
+      // decent number of iterations yet our index (cursor position in our
+      // parsing) still 3x behind our index then something is very wrong
+      // so we bail
+      if (iterations > 100000 && iterations > match.index * 3) {
+        var _err2 = new Error('potential infinite loop, way more iterations than matches');
+        throw _err2;
+      }
+
+      /*
+      Why might be find ourselves here?  Only one occasion now.  An end match that was
+      triggered but could not be completed.  When might this happen?  When an `endSameasBegin`
+      rule sets the end rule to a specific match.  Since the overall mode termination rule that's
+      being used to scan the text isn't recompiled that means that any match that LOOKS like
+      the end (but is not, because it is not an exact match to the beginning) will
+      end up here.  A definite end match, but when `doEndMatch` tries to "reapply"
+      the end rule and fails to match, we wind up here, and just silently ignore the end.
+       This causes no real harm other than stopping a few times too many.
+      */
+
+      modeBuffer += lexeme;
+      return lexeme.length;
+    }
+    var language = getLanguage(languageName);
+    if (!language) {
+      error(LANGUAGE_NOT_FOUND.replace("{}", languageName));
+      throw new Error('Unknown language: "' + languageName + '"');
+    }
+    var md = compileLanguage(language, {
+      plugins: plugins
+    });
+    var result = '';
+    /** @type {CompiledMode} */
+    var top = continuation || md;
+    /** @type Record<string,CompiledMode> */
+    var continuations = {}; // keep continuations for sub-languages
+    var emitter = new options.__emitter(options);
+    processContinuations();
+    var modeBuffer = '';
+    var relevance = 0;
+    var index = 0;
+    var iterations = 0;
+    var resumeScanAtSamePosition = false;
+    try {
+      top.matcher.considerAll();
+      for (;;) {
+        iterations++;
+        if (resumeScanAtSamePosition) {
+          // only regexes not matched previously will now be
+          // considered for a potential match
+          resumeScanAtSamePosition = false;
+        } else {
+          top.matcher.considerAll();
+        }
+        top.matcher.lastIndex = index;
+        var match = top.matcher.exec(codeToHighlight);
+        // console.log("match", match[0], match.rule && match.rule.begin)
+
+        if (!match) break;
+        var beforeMatch = codeToHighlight.substring(index, match.index);
+        var processedCount = processLexeme(beforeMatch, match);
+        index = match.index + processedCount;
+      }
+      processLexeme(codeToHighlight.substr(index));
+      emitter.closeAllNodes();
+      emitter.finalize();
+      result = emitter.toHTML();
+      return {
+        // avoid possible breakage with v10 clients expecting
+        // this to always be an integer
+        relevance: Math.floor(relevance),
+        value: result,
+        language: languageName,
+        illegal: false,
+        emitter: emitter,
+        top: top
+      };
+    } catch (err) {
+      if (err.message && err.message.includes('Illegal')) {
+        return {
+          illegal: true,
+          illegalBy: {
+            msg: err.message,
+            context: codeToHighlight.slice(index - 100, index + 100),
+            mode: err.mode
+          },
+          sofar: result,
+          relevance: 0,
+          value: escape$1(codeToHighlight),
+          emitter: emitter
+        };
+      } else if (SAFE_MODE) {
+        return {
+          illegal: false,
+          relevance: 0,
+          value: escape$1(codeToHighlight),
+          emitter: emitter,
+          language: languageName,
+          top: top,
+          errorRaised: err
+        };
+      } else {
+        throw err;
+      }
+    }
+  }
+
+  /**
+   * returns a valid highlight result, without actually doing any actual work,
+   * auto highlight starts with this and it's possible for small snippets that
+   * auto-detection may not find a better match
+   * @param {string} code
+   * @returns {HighlightResult}
+   */
+  function justTextHighlightResult(code) {
+    var result = {
+      relevance: 0,
+      emitter: new options.__emitter(options),
+      value: escape$1(code),
+      illegal: false,
+      top: PLAINTEXT_LANGUAGE
+    };
+    result.emitter.addText(code);
+    return result;
+  }
+
+  /**
+  Highlighting with language detection. Accepts a string with the code to
+  highlight. Returns an object with the following properties:
+   - language (detected language)
+  - relevance (int)
+  - value (an HTML string with highlighting markup)
+  - second_best (object with the same structure for second-best heuristically
+    detected language, may be absent)
+     @param {string} code
+    @param {Array<string>} [languageSubset]
+    @returns {AutoHighlightResult}
+  */
+  function highlightAuto(code, languageSubset) {
+    languageSubset = languageSubset || options.languages || Object.keys(languages);
+    var plaintext = justTextHighlightResult(code);
+    var results = languageSubset.filter(getLanguage).filter(autoDetection).map(function (name) {
+      return _highlight(name, code, false);
+    });
+    results.unshift(plaintext); // plaintext is always an option
+
+    var sorted = results.sort(function (a, b) {
+      // sort base on relevance
+      if (a.relevance !== b.relevance) return b.relevance - a.relevance;
+
+      // always award the tie to the base language
+      // ie if C++ and Arduino are tied, it's more likely to be C++
+      if (a.language && b.language) {
+        if (getLanguage(a.language).supersetOf === b.language) {
+          return 1;
+        } else if (getLanguage(b.language).supersetOf === a.language) {
+          return -1;
+        }
+      }
+
+      // otherwise say they are equal, which has the effect of sorting on
+      // relevance while preserving the original ordering - which is how ties
+      // have historically been settled, ie the language that comes first always
+      // wins in the case of a tie
+      return 0;
+    });
+    var _sorted = _slicedToArray(sorted, 2),
+      best = _sorted[0],
+      secondBest = _sorted[1];
+
+    /** @type {AutoHighlightResult} */
+    var result = best;
+    result.second_best = secondBest;
+    return result;
+  }
+
+  /**
+  Post-processing of the highlighted markup:
+   - replace TABs with something more useful
+  - replace real line-breaks with '<br>' for non-pre containers
+     @param {string} html
+    @returns {string}
+  */
+  function fixMarkup(html) {
+    if (!(options.tabReplace || options.useBR)) {
+      return html;
+    }
+    return html.replace(fixMarkupRe, function (match) {
+      if (match === '\n') {
+        return options.useBR ? '<br>' : match;
+      } else if (options.tabReplace) {
+        return match.replace(/\t/g, options.tabReplace);
+      }
+      return match;
+    });
+  }
+
+  /**
+   * Builds new class name for block given the language name
+   *
+   * @param {HTMLElement} element
+   * @param {string} [currentLang]
+   * @param {string} [resultLang]
+   */
+  function updateClassName(element, currentLang, resultLang) {
+    var language = currentLang ? aliases[currentLang] : resultLang;
+    element.classList.add("hljs");
+    if (language) element.classList.add(language);
+  }
+
+  /** @type {HLJSPlugin} */
+  var brPlugin = {
+    "before:highlightElement": function beforeHighlightElement(_ref6) {
+      var el = _ref6.el;
+      if (options.useBR) {
+        el.innerHTML = el.innerHTML.replace(/\n/g, '').replace(/<br[ /]*>/g, '\n');
+      }
+    },
+    "after:highlightElement": function afterHighlightElement(_ref7) {
+      var result = _ref7.result;
+      if (options.useBR) {
+        result.value = result.value.replace(/\n/g, "<br>");
+      }
+    }
+  };
+  var TAB_REPLACE_RE = /^(<[^>]+>|\t)+/gm;
+  /** @type {HLJSPlugin} */
+  var tabReplacePlugin = {
+    "after:highlightElement": function afterHighlightElement(_ref8) {
+      var result = _ref8.result;
+      if (options.tabReplace) {
+        result.value = result.value.replace(TAB_REPLACE_RE, function (m) {
+          return m.replace(/\t/g, options.tabReplace);
+        });
+      }
+    }
+  };
+
+  /**
+   * Applies highlighting to a DOM node containing code. Accepts a DOM node and
+   * two optional parameters for fixMarkup.
+   *
+   * @param {HighlightedHTMLElement} element - the HTML element to highlight
+  */
+  function highlightElement(element) {
+    /** @type HTMLElement */
+    var node = null;
+    var language = blockLanguage(element);
+    if (shouldNotHighlight(language)) return;
+
+    // support for v10 API
+    fire("before:highlightElement", {
+      el: element,
+      language: language
+    });
+    node = element;
+    var text = node.textContent;
+    var result = language ? highlight(text, {
+      language: language,
+      ignoreIllegals: true
+    }) : highlightAuto(text);
+
+    // support for v10 API
+    fire("after:highlightElement", {
+      el: element,
+      result: result,
+      text: text
+    });
+    element.innerHTML = result.value;
+    updateClassName(element, language, result.language);
+    element.result = {
+      language: result.language,
+      // TODO: remove with version 11.0
+      re: result.relevance,
+      relavance: result.relevance
+    };
+    if (result.second_best) {
+      element.second_best = {
+        language: result.second_best.language,
+        // TODO: remove with version 11.0
+        re: result.second_best.relevance,
+        relavance: result.second_best.relevance
+      };
+    }
+  }
+
+  /**
+   * Updates highlight.js global options with the passed options
+   *
+   * @param {Partial<HLJSOptions>} userOptions
+   */
+  function configure(userOptions) {
+    if (userOptions.useBR) {
+      deprecated("10.3.0", "'useBR' will be removed entirely in v11.0");
+      deprecated("10.3.0", "Please see https://github.com/highlightjs/highlight.js/issues/2559");
+    }
+    options = inherit$1(options, userOptions);
+  }
+
+  /**
+   * Highlights to all <pre><code> blocks on a page
+   *
+   * @type {Function & {called?: boolean}}
+   */
+  // TODO: remove v12, deprecated
+  var initHighlighting = function initHighlighting() {
+    if (initHighlighting.called) return;
+    initHighlighting.called = true;
+    deprecated("10.6.0", "initHighlighting() is deprecated.  Use highlightAll() instead.");
+    var blocks = document.querySelectorAll('pre code');
+    blocks.forEach(highlightElement);
+  };
+
+  // Higlights all when DOMContentLoaded fires
+  // TODO: remove v12, deprecated
+  function initHighlightingOnLoad() {
+    deprecated("10.6.0", "initHighlightingOnLoad() is deprecated.  Use highlightAll() instead.");
+    wantsHighlight = true;
+  }
+  var wantsHighlight = false;
+
+  /**
+   * auto-highlights all pre>code elements on the page
+   */
+  function highlightAll() {
+    // if we are called too early in the loading process
+    if (document.readyState === "loading") {
+      wantsHighlight = true;
+      return;
+    }
+    var blocks = document.querySelectorAll('pre code');
+    blocks.forEach(highlightElement);
+  }
+  function boot() {
+    // if a highlight was requested before DOM was loaded, do now
+    if (wantsHighlight) highlightAll();
+  }
+
+  // make sure we are in the browser environment
+  if (typeof window !== 'undefined' && window.addEventListener) {
+    window.addEventListener('DOMContentLoaded', boot, false);
+  }
+
+  /**
+   * Register a language grammar module
+   *
+   * @param {string} languageName
+   * @param {LanguageFn} languageDefinition
+   */
+  function registerLanguage(languageName, languageDefinition) {
+    var lang = null;
+    try {
+      lang = languageDefinition(hljs);
+    } catch (error$1) {
+      error("Language definition for '{}' could not be registered.".replace("{}", languageName));
+      // hard or soft error
+      if (!SAFE_MODE) {
+        throw error$1;
+      } else {
+        error(error$1);
+      }
+      // languages that have serious errors are replaced with essentially a
+      // "plaintext" stand-in so that the code blocks will still get normal
+      // css classes applied to them - and one bad language won't break the
+      // entire highlighter
+      lang = PLAINTEXT_LANGUAGE;
+    }
+    // give it a temporary name if it doesn't have one in the meta-data
+    if (!lang.name) lang.name = languageName;
+    languages[languageName] = lang;
+    lang.rawDefinition = languageDefinition.bind(null, hljs);
+    if (lang.aliases) {
+      registerAliases(lang.aliases, {
+        languageName: languageName
+      });
+    }
+  }
+
+  /**
+   * Remove a language grammar module
+   *
+   * @param {string} languageName
+   */
+  function unregisterLanguage(languageName) {
+    delete languages[languageName];
+    for (var _i2 = 0, _Object$keys = Object.keys(aliases); _i2 < _Object$keys.length; _i2++) {
+      var alias = _Object$keys[_i2];
+      if (aliases[alias] === languageName) {
+        delete aliases[alias];
+      }
+    }
+  }
+
+  /**
+   * @returns {string[]} List of language internal names
+   */
+  function listLanguages() {
+    return Object.keys(languages);
+  }
+
+  /**
+    intended usage: When one language truly requires another
+     Unlike `getLanguage`, this will throw when the requested language
+    is not available.
+     @param {string} name - name of the language to fetch/require
+    @returns {Language | never}
+  */
+  function requireLanguage(name) {
+    deprecated("10.4.0", "requireLanguage will be removed entirely in v11.");
+    deprecated("10.4.0", "Please see https://github.com/highlightjs/highlight.js/pull/2844");
+    var lang = getLanguage(name);
+    if (lang) {
+      return lang;
+    }
+    var err = new Error('The \'{}\' language is required, but not loaded.'.replace('{}', name));
+    throw err;
+  }
+
+  /**
+   * @param {string} name - name of the language to retrieve
+   * @returns {Language | undefined}
+   */
+  function getLanguage(name) {
+    name = (name || '').toLowerCase();
+    return languages[name] || languages[aliases[name]];
+  }
+
+  /**
+   *
+   * @param {string|string[]} aliasList - single alias or list of aliases
+   * @param {{languageName: string}} opts
+   */
+  function registerAliases(aliasList, _ref9) {
+    var languageName = _ref9.languageName;
+    if (typeof aliasList === 'string') {
+      aliasList = [aliasList];
+    }
+    aliasList.forEach(function (alias) {
+      aliases[alias.toLowerCase()] = languageName;
+    });
+  }
+
+  /**
+   * Determines if a given language has auto-detection enabled
+   * @param {string} name - name of the language
+   */
+  function autoDetection(name) {
+    var lang = getLanguage(name);
+    return lang && !lang.disableAutodetect;
+  }
+
+  /**
+   * Upgrades the old highlightBlock plugins to the new
+   * highlightElement API
+   * @param {HLJSPlugin} plugin
+   */
+  function upgradePluginAPI(plugin) {
+    // TODO: remove with v12
+    if (plugin["before:highlightBlock"] && !plugin["before:highlightElement"]) {
+      plugin["before:highlightElement"] = function (data) {
+        plugin["before:highlightBlock"](Object.assign({
+          block: data.el
+        }, data));
+      };
+    }
+    if (plugin["after:highlightBlock"] && !plugin["after:highlightElement"]) {
+      plugin["after:highlightElement"] = function (data) {
+        plugin["after:highlightBlock"](Object.assign({
+          block: data.el
+        }, data));
+      };
+    }
+  }
+
+  /**
+   * @param {HLJSPlugin} plugin
+   */
+  function addPlugin(plugin) {
+    upgradePluginAPI(plugin);
+    plugins.push(plugin);
+  }
+
+  /**
+   *
+   * @param {PluginEvent} event
+   * @param {any} args
+   */
+  function fire(event, args) {
+    var cb = event;
+    plugins.forEach(function (plugin) {
+      if (plugin[cb]) {
+        plugin[cb](args);
+      }
+    });
+  }
+
+  /**
+  Note: fixMarkup is deprecated and will be removed entirely in v11
+   @param {string} arg
+  @returns {string}
+  */
+  function deprecateFixMarkup(arg) {
+    deprecated("10.2.0", "fixMarkup will be removed entirely in v11.0");
+    deprecated("10.2.0", "Please see https://github.com/highlightjs/highlight.js/issues/2534");
+    return fixMarkup(arg);
+  }
+
+  /**
+   *
+   * @param {HighlightedHTMLElement} el
+   */
+  function deprecateHighlightBlock(el) {
+    deprecated("10.7.0", "highlightBlock will be removed entirely in v12.0");
+    deprecated("10.7.0", "Please use highlightElement now.");
+    return highlightElement(el);
+  }
+
+  /* Interface definition */
+  Object.assign(hljs, {
+    highlight: highlight,
+    highlightAuto: highlightAuto,
+    highlightAll: highlightAll,
+    fixMarkup: deprecateFixMarkup,
+    highlightElement: highlightElement,
+    // TODO: Remove with v12 API
+    highlightBlock: deprecateHighlightBlock,
+    configure: configure,
+    initHighlighting: initHighlighting,
+    initHighlightingOnLoad: initHighlightingOnLoad,
+    registerLanguage: registerLanguage,
+    unregisterLanguage: unregisterLanguage,
+    listLanguages: listLanguages,
+    getLanguage: getLanguage,
+    registerAliases: registerAliases,
+    requireLanguage: requireLanguage,
+    autoDetection: autoDetection,
+    inherit: inherit$1,
+    addPlugin: addPlugin,
+    // plugins for frameworks
+    vuePlugin: BuildVuePlugin(hljs).VuePlugin
+  });
+  hljs.debugMode = function () {
+    SAFE_MODE = false;
+  };
+  hljs.safeMode = function () {
+    SAFE_MODE = true;
+  };
+  hljs.versionString = version;
+  for (var key in MODES) {
+    // @ts-ignore
+    if (typeof MODES[key] === "object") {
+      // @ts-ignore
+      deepFreezeEs6(MODES[key]);
+    }
+  }
+
+  // merge all the modes/regexs into our main object
+  Object.assign(hljs, MODES);
+
+  // built-in plugins, likely to be moved out of core in the future
+  hljs.addPlugin(brPlugin); // slated to be removed in v11
+  hljs.addPlugin(mergeHTMLPlugin);
+  hljs.addPlugin(tabReplacePlugin);
+  return hljs;
+};
+
+// export an "instance" of the highlighter
+var highlight = HLJS({});
+module.exports = highlight;
+
+/***/ }),
+
+/***/ 682:
+/***/ (function(module) {
+
+/*
+Language: Diff
+Description: Unified and context diff
+Author: Vasily Polovnyov <vast@whiteants.net>
+Website: https://www.gnu.org/software/diffutils/
+Category: common
+*/
+
+/** @type LanguageFn */
+function diff(hljs) {
+  return {
+    name: 'Diff',
+    aliases: ['patch'],
+    contains: [{
+      className: 'meta',
+      relevance: 10,
+      variants: [{
+        begin: /^@@ +-\d+,\d+ +\+\d+,\d+ +@@/
+      }, {
+        begin: /^\*\*\* +\d+,\d+ +\*\*\*\*$/
+      }, {
+        begin: /^--- +\d+,\d+ +----$/
+      }]
+    }, {
+      className: 'comment',
+      variants: [{
+        begin: /Index: /,
+        end: /$/
+      }, {
+        begin: /^index/,
+        end: /$/
+      }, {
+        begin: /={3,}/,
+        end: /$/
+      }, {
+        begin: /^-{3}/,
+        end: /$/
+      }, {
+        begin: /^\*{3} /,
+        end: /$/
+      }, {
+        begin: /^\+{3}/,
+        end: /$/
+      }, {
+        begin: /^\*{15}$/
+      }, {
+        begin: /^diff --git/,
+        end: /$/
+      }]
+    }, {
+      className: 'addition',
+      begin: /^\+/,
+      end: /$/
+    }, {
+      className: 'deletion',
+      begin: /^-/,
+      end: /$/
+    }, {
+      className: 'addition',
+      begin: /^!/,
+      end: /$/
+    }]
+  };
+}
+module.exports = diff;
+
+/***/ }),
+
+/***/ 712:
+/***/ (function(module) {
+
+/*
+Language: YAML
+Description: Yet Another Markdown Language
+Author: Stefan Wienert <stwienert@gmail.com>
+Contributors: Carl Baxter <carl@cbax.tech>
+Requires: ruby.js
+Website: https://yaml.org
+Category: common, config
+*/
+function yaml(hljs) {
+  var LITERALS = 'true false yes no null';
+
+  // YAML spec allows non-reserved URI characters in tags.
+  var URI_CHARACTERS = '[\\w#;/?:@&=+$,.~*\'()[\\]]+';
+
+  // Define keys as starting with a word character
+  // ...containing word chars, spaces, colons, forward-slashes, hyphens and periods
+  // ...and ending with a colon followed immediately by a space, tab or newline.
+  // The YAML spec allows for much more than this, but this covers most use-cases.
+  var KEY = {
+    className: 'attr',
+    variants: [{
+      begin: '\\w[\\w :\\/.-]*:(?=[ \t]|$)'
+    }, {
+      begin: '"\\w[\\w :\\/.-]*":(?=[ \t]|$)'
+    },
+    // double quoted keys
+    {
+      begin: '\'\\w[\\w :\\/.-]*\':(?=[ \t]|$)'
+    } // single quoted keys
+    ]
+  };
+
+  var TEMPLATE_VARIABLES = {
+    className: 'template-variable',
+    variants: [{
+      begin: /\{\{/,
+      end: /\}\}/
+    },
+    // jinja templates Ansible
+    {
+      begin: /%\{/,
+      end: /\}/
+    } // Ruby i18n
+    ]
+  };
+
+  var STRING = {
+    className: 'string',
+    relevance: 0,
+    variants: [{
+      begin: /'/,
+      end: /'/
+    }, {
+      begin: /"/,
+      end: /"/
+    }, {
+      begin: /\S+/
+    }],
+    contains: [hljs.BACKSLASH_ESCAPE, TEMPLATE_VARIABLES]
+  };
+
+  // Strings inside of value containers (objects) can't contain braces,
+  // brackets, or commas
+  var CONTAINER_STRING = hljs.inherit(STRING, {
+    variants: [{
+      begin: /'/,
+      end: /'/
+    }, {
+      begin: /"/,
+      end: /"/
+    }, {
+      begin: /[^\s,{}[\]]+/
+    }]
+  });
+  var DATE_RE = '[0-9]{4}(-[0-9][0-9]){0,2}';
+  var TIME_RE = '([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?';
+  var FRACTION_RE = '(\\.[0-9]*)?';
+  var ZONE_RE = '([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?';
+  var TIMESTAMP = {
+    className: 'number',
+    begin: '\\b' + DATE_RE + TIME_RE + FRACTION_RE + ZONE_RE + '\\b'
+  };
+  var VALUE_CONTAINER = {
+    end: ',',
+    endsWithParent: true,
+    excludeEnd: true,
+    keywords: LITERALS,
+    relevance: 0
+  };
+  var OBJECT = {
+    begin: /\{/,
+    end: /\}/,
+    contains: [VALUE_CONTAINER],
+    illegal: '\\n',
+    relevance: 0
+  };
+  var ARRAY = {
+    begin: '\\[',
+    end: '\\]',
+    contains: [VALUE_CONTAINER],
+    illegal: '\\n',
+    relevance: 0
+  };
+  var MODES = [KEY, {
+    className: 'meta',
+    begin: '^---\\s*$',
+    relevance: 10
+  }, {
+    // multi line string
+    // Blocks start with a | or > followed by a newline
+    //
+    // Indentation of subsequent lines must be the same to
+    // be considered part of the block
+    className: 'string',
+    begin: '[\\|>]([1-9]?[+-])?[ ]*\\n( +)[^ ][^\\n]*\\n(\\2[^\\n]+\\n?)*'
+  }, {
+    // Ruby/Rails erb
+    begin: '<%[%=-]?',
+    end: '[%-]?%>',
+    subLanguage: 'ruby',
+    excludeBegin: true,
+    excludeEnd: true,
+    relevance: 0
+  }, {
+    // named tags
+    className: 'type',
+    begin: '!\\w+!' + URI_CHARACTERS
+  },
+  // https://yaml.org/spec/1.2/spec.html#id2784064
+  {
+    // verbatim tags
+    className: 'type',
+    begin: '!<' + URI_CHARACTERS + ">"
+  }, {
+    // primary tags
+    className: 'type',
+    begin: '!' + URI_CHARACTERS
+  }, {
+    // secondary tags
+    className: 'type',
+    begin: '!!' + URI_CHARACTERS
+  }, {
+    // fragment id &ref
+    className: 'meta',
+    begin: '&' + hljs.UNDERSCORE_IDENT_RE + '$'
+  }, {
+    // fragment reference *ref
+    className: 'meta',
+    begin: '\\*' + hljs.UNDERSCORE_IDENT_RE + '$'
+  }, {
+    // array listing
+    className: 'bullet',
+    // TODO: remove |$ hack when we have proper look-ahead support
+    begin: '-(?=[ ]|$)',
+    relevance: 0
+  }, hljs.HASH_COMMENT_MODE, {
+    beginKeywords: LITERALS,
+    keywords: {
+      literal: LITERALS
+    }
+  }, TIMESTAMP,
+  // numbers are any valid C-style number that
+  // sit isolated from other words
+  {
+    className: 'number',
+    begin: hljs.C_NUMBER_RE + '\\b',
+    relevance: 0
+  }, OBJECT, ARRAY, STRING];
+  var VALUE_MODES = [].concat(MODES);
+  VALUE_MODES.pop();
+  VALUE_MODES.push(CONTAINER_STRING);
+  VALUE_CONTAINER.contains = VALUE_MODES;
+  return {
+    name: 'YAML',
+    case_insensitive: true,
+    aliases: ['yml'],
+    contains: MODES
+  };
+}
+module.exports = yaml;
+
+/***/ }),
+
+/***/ 110:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+var reactIs = __webpack_require__(309);
+
+/**
+ * Copyright 2015, Yahoo! Inc.
+ * Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms.
+ */
+var REACT_STATICS = {
+  childContextTypes: true,
+  contextType: true,
+  contextTypes: true,
+  defaultProps: true,
+  displayName: true,
+  getDefaultProps: true,
+  getDerivedStateFromError: true,
+  getDerivedStateFromProps: true,
+  mixins: true,
+  propTypes: true,
+  type: true
+};
+var KNOWN_STATICS = {
+  name: true,
+  length: true,
+  prototype: true,
+  caller: true,
+  callee: true,
+  arguments: true,
+  arity: true
+};
+var FORWARD_REF_STATICS = {
+  '$$typeof': true,
+  render: true,
+  defaultProps: true,
+  displayName: true,
+  propTypes: true
+};
+var MEMO_STATICS = {
+  '$$typeof': true,
+  compare: true,
+  defaultProps: true,
+  displayName: true,
+  propTypes: true,
+  type: true
+};
+var TYPE_STATICS = {};
+TYPE_STATICS[reactIs.ForwardRef] = FORWARD_REF_STATICS;
+TYPE_STATICS[reactIs.Memo] = MEMO_STATICS;
+function getStatics(component) {
+  // React v16.11 and below
+  if (reactIs.isMemo(component)) {
+    return MEMO_STATICS;
+  } // React v16.12 and above
+
+  return TYPE_STATICS[component['$$typeof']] || REACT_STATICS;
+}
+var defineProperty = Object.defineProperty;
+var getOwnPropertyNames = Object.getOwnPropertyNames;
+var getOwnPropertySymbols = Object.getOwnPropertySymbols;
+var getOwnPropertyDescriptor = Object.getOwnPropertyDescriptor;
+var getPrototypeOf = Object.getPrototypeOf;
+var objectPrototype = Object.prototype;
+function hoistNonReactStatics(targetComponent, sourceComponent, blacklist) {
+  if (typeof sourceComponent !== 'string') {
+    // don't hoist over string (html) components
+    if (objectPrototype) {
+      var inheritedComponent = getPrototypeOf(sourceComponent);
+      if (inheritedComponent && inheritedComponent !== objectPrototype) {
+        hoistNonReactStatics(targetComponent, inheritedComponent, blacklist);
+      }
+    }
+    var keys = getOwnPropertyNames(sourceComponent);
+    if (getOwnPropertySymbols) {
+      keys = keys.concat(getOwnPropertySymbols(sourceComponent));
+    }
+    var targetStatics = getStatics(targetComponent);
+    var sourceStatics = getStatics(sourceComponent);
+    for (var i = 0; i < keys.length; ++i) {
+      var key = keys[i];
+      if (!KNOWN_STATICS[key] && !(blacklist && blacklist[key]) && !(sourceStatics && sourceStatics[key]) && !(targetStatics && targetStatics[key])) {
+        var descriptor = getOwnPropertyDescriptor(sourceComponent, key);
+        try {
+          // Avoid failures from read-only properties
+          defineProperty(targetComponent, key, descriptor);
+        } catch (e) {}
+      }
+    }
+  }
+  return targetComponent;
+}
+module.exports = hoistNonReactStatics;
+
+/***/ }),
+
+/***/ 746:
+/***/ (function(__unused_webpack_module, exports) {
+
+"use strict";
+/** @license React v16.13.1
+ * react-is.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+
+
+var b = "function" === typeof Symbol && Symbol.for,
+  c = b ? Symbol.for("react.element") : 60103,
+  d = b ? Symbol.for("react.portal") : 60106,
+  e = b ? Symbol.for("react.fragment") : 60107,
+  f = b ? Symbol.for("react.strict_mode") : 60108,
+  g = b ? Symbol.for("react.profiler") : 60114,
+  h = b ? Symbol.for("react.provider") : 60109,
+  k = b ? Symbol.for("react.context") : 60110,
+  l = b ? Symbol.for("react.async_mode") : 60111,
+  m = b ? Symbol.for("react.concurrent_mode") : 60111,
+  n = b ? Symbol.for("react.forward_ref") : 60112,
+  p = b ? Symbol.for("react.suspense") : 60113,
+  q = b ? Symbol.for("react.suspense_list") : 60120,
+  r = b ? Symbol.for("react.memo") : 60115,
+  t = b ? Symbol.for("react.lazy") : 60116,
+  v = b ? Symbol.for("react.block") : 60121,
+  w = b ? Symbol.for("react.fundamental") : 60117,
+  x = b ? Symbol.for("react.responder") : 60118,
+  y = b ? Symbol.for("react.scope") : 60119;
+function z(a) {
+  if ("object" === typeof a && null !== a) {
+    var u = a.$$typeof;
+    switch (u) {
+      case c:
+        switch (a = a.type, a) {
+          case l:
+          case m:
+          case e:
+          case g:
+          case f:
+          case p:
+            return a;
+          default:
+            switch (a = a && a.$$typeof, a) {
+              case k:
+              case n:
+              case t:
+              case r:
+              case h:
+                return a;
+              default:
+                return u;
+            }
+        }
+      case d:
+        return u;
+    }
+  }
+}
+function A(a) {
+  return z(a) === m;
+}
+exports.AsyncMode = l;
+exports.ConcurrentMode = m;
+exports.ContextConsumer = k;
+exports.ContextProvider = h;
+exports.Element = c;
+exports.ForwardRef = n;
+exports.Fragment = e;
+exports.Lazy = t;
+exports.Memo = r;
+exports.Portal = d;
+exports.Profiler = g;
+exports.StrictMode = f;
+exports.Suspense = p;
+exports.isAsyncMode = function (a) {
+  return A(a) || z(a) === l;
+};
+exports.isConcurrentMode = A;
+exports.isContextConsumer = function (a) {
+  return z(a) === k;
+};
+exports.isContextProvider = function (a) {
+  return z(a) === h;
+};
+exports.isElement = function (a) {
+  return "object" === typeof a && null !== a && a.$$typeof === c;
+};
+exports.isForwardRef = function (a) {
+  return z(a) === n;
+};
+exports.isFragment = function (a) {
+  return z(a) === e;
+};
+exports.isLazy = function (a) {
+  return z(a) === t;
+};
+exports.isMemo = function (a) {
+  return z(a) === r;
+};
+exports.isPortal = function (a) {
+  return z(a) === d;
+};
+exports.isProfiler = function (a) {
+  return z(a) === g;
+};
+exports.isStrictMode = function (a) {
+  return z(a) === f;
+};
+exports.isSuspense = function (a) {
+  return z(a) === p;
+};
+exports.isValidElementType = function (a) {
+  return "string" === typeof a || "function" === typeof a || a === e || a === m || a === g || a === f || a === p || a === q || "object" === typeof a && null !== a && (a.$$typeof === t || a.$$typeof === r || a.$$typeof === h || a.$$typeof === k || a.$$typeof === n || a.$$typeof === w || a.$$typeof === x || a.$$typeof === y || a.$$typeof === v);
+};
+exports.typeOf = z;
+
+/***/ }),
+
+/***/ 309:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+if (true) {
+  module.exports = __webpack_require__(746);
+} else {}
+
+/***/ }),
+
+/***/ 763:
+/***/ (function(module, exports, __webpack_require__) {
+
+/* module decorator */ module = __webpack_require__.nmd(module);
+var __WEBPACK_AMD_DEFINE_RESULT__;/**
+ * @license
+ * Lodash <https://lodash.com/>
+ * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
+ * Released under MIT license <https://lodash.com/license>
+ * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>
+ * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
+ */
+;
+(function () {
+  /** Used as a safe reference for `undefined` in pre-ES5 environments. */
+  var undefined;
+
+  /** Used as the semantic version number. */
+  var VERSION = '4.17.21';
+
+  /** Used as the size to enable large array optimizations. */
+  var LARGE_ARRAY_SIZE = 200;
+
+  /** Error message constants. */
+  var CORE_ERROR_TEXT = 'Unsupported core-js use. Try https://npms.io/search?q=ponyfill.',
+    FUNC_ERROR_TEXT = 'Expected a function',
+    INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
+
+  /** Used to stand-in for `undefined` hash values. */
+  var HASH_UNDEFINED = '__lodash_hash_undefined__';
+
+  /** Used as the maximum memoize cache size. */
+  var MAX_MEMOIZE_SIZE = 500;
+
+  /** Used as the internal argument placeholder. */
+  var PLACEHOLDER = '__lodash_placeholder__';
+
+  /** Used to compose bitmasks for cloning. */
+  var CLONE_DEEP_FLAG = 1,
+    CLONE_FLAT_FLAG = 2,
+    CLONE_SYMBOLS_FLAG = 4;
+
+  /** Used to compose bitmasks for value comparisons. */
+  var COMPARE_PARTIAL_FLAG = 1,
+    COMPARE_UNORDERED_FLAG = 2;
+
+  /** Used to compose bitmasks for function metadata. */
+  var WRAP_BIND_FLAG = 1,
+    WRAP_BIND_KEY_FLAG = 2,
+    WRAP_CURRY_BOUND_FLAG = 4,
+    WRAP_CURRY_FLAG = 8,
+    WRAP_CURRY_RIGHT_FLAG = 16,
+    WRAP_PARTIAL_FLAG = 32,
+    WRAP_PARTIAL_RIGHT_FLAG = 64,
+    WRAP_ARY_FLAG = 128,
+    WRAP_REARG_FLAG = 256,
+    WRAP_FLIP_FLAG = 512;
+
+  /** Used as default options for `_.truncate`. */
+  var DEFAULT_TRUNC_LENGTH = 30,
+    DEFAULT_TRUNC_OMISSION = '...';
+
+  /** Used to detect hot functions by number of calls within a span of milliseconds. */
+  var HOT_COUNT = 800,
+    HOT_SPAN = 16;
+
+  /** Used to indicate the type of lazy iteratees. */
+  var LAZY_FILTER_FLAG = 1,
+    LAZY_MAP_FLAG = 2,
+    LAZY_WHILE_FLAG = 3;
+
+  /** Used as references for various `Number` constants. */
+  var INFINITY = 1 / 0,
+    MAX_SAFE_INTEGER = 9007199254740991,
+    MAX_INTEGER = 1.7976931348623157e+308,
+    NAN = 0 / 0;
+
+  /** Used as references for the maximum length and index of an array. */
+  var MAX_ARRAY_LENGTH = 4294967295,
+    MAX_ARRAY_INDEX = MAX_ARRAY_LENGTH - 1,
+    HALF_MAX_ARRAY_LENGTH = MAX_ARRAY_LENGTH >>> 1;
+
+  /** Used to associate wrap methods with their bit flags. */
+  var wrapFlags = [['ary', WRAP_ARY_FLAG], ['bind', WRAP_BIND_FLAG], ['bindKey', WRAP_BIND_KEY_FLAG], ['curry', WRAP_CURRY_FLAG], ['curryRight', WRAP_CURRY_RIGHT_FLAG], ['flip', WRAP_FLIP_FLAG], ['partial', WRAP_PARTIAL_FLAG], ['partialRight', WRAP_PARTIAL_RIGHT_FLAG], ['rearg', WRAP_REARG_FLAG]];
+
+  /** `Object#toString` result references. */
+  var argsTag = '[object Arguments]',
+    arrayTag = '[object Array]',
+    asyncTag = '[object AsyncFunction]',
+    boolTag = '[object Boolean]',
+    dateTag = '[object Date]',
+    domExcTag = '[object DOMException]',
+    errorTag = '[object Error]',
+    funcTag = '[object Function]',
+    genTag = '[object GeneratorFunction]',
+    mapTag = '[object Map]',
+    numberTag = '[object Number]',
+    nullTag = '[object Null]',
+    objectTag = '[object Object]',
+    promiseTag = '[object Promise]',
+    proxyTag = '[object Proxy]',
+    regexpTag = '[object RegExp]',
+    setTag = '[object Set]',
+    stringTag = '[object String]',
+    symbolTag = '[object Symbol]',
+    undefinedTag = '[object Undefined]',
+    weakMapTag = '[object WeakMap]',
+    weakSetTag = '[object WeakSet]';
+  var arrayBufferTag = '[object ArrayBuffer]',
+    dataViewTag = '[object DataView]',
+    float32Tag = '[object Float32Array]',
+    float64Tag = '[object Float64Array]',
+    int8Tag = '[object Int8Array]',
+    int16Tag = '[object Int16Array]',
+    int32Tag = '[object Int32Array]',
+    uint8Tag = '[object Uint8Array]',
+    uint8ClampedTag = '[object Uint8ClampedArray]',
+    uint16Tag = '[object Uint16Array]',
+    uint32Tag = '[object Uint32Array]';
+
+  /** Used to match empty string literals in compiled template source. */
+  var reEmptyStringLeading = /\b__p \+= '';/g,
+    reEmptyStringMiddle = /\b(__p \+=) '' \+/g,
+    reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g;
+
+  /** Used to match HTML entities and HTML characters. */
+  var reEscapedHtml = /&(?:amp|lt|gt|quot|#39);/g,
+    reUnescapedHtml = /[&<>"']/g,
+    reHasEscapedHtml = RegExp(reEscapedHtml.source),
+    reHasUnescapedHtml = RegExp(reUnescapedHtml.source);
+
+  /** Used to match template delimiters. */
+  var reEscape = /<%-([\s\S]+?)%>/g,
+    reEvaluate = /<%([\s\S]+?)%>/g,
+    reInterpolate = /<%=([\s\S]+?)%>/g;
+
+  /** Used to match property names within property paths. */
+  var reIsDeepProp = /\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,
+    reIsPlainProp = /^\w*$/,
+    rePropName = /[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|$))/g;
+
+  /**
+   * Used to match `RegExp`
+   * [syntax characters](http://ecma-international.org/ecma-262/7.0/#sec-patterns).
+   */
+  var reRegExpChar = /[\\^$.*+?()[\]{}|]/g,
+    reHasRegExpChar = RegExp(reRegExpChar.source);
+
+  /** Used to match leading whitespace. */
+  var reTrimStart = /^\s+/;
+
+  /** Used to match a single whitespace character. */
+  var reWhitespace = /\s/;
+
+  /** Used to match wrap detail comments. */
+  var reWrapComment = /\{(?:\n\/\* \[wrapped with .+\] \*\/)?\n?/,
+    reWrapDetails = /\{\n\/\* \[wrapped with (.+)\] \*/,
+    reSplitDetails = /,? & /;
+
+  /** Used to match words composed of alphanumeric characters. */
+  var reAsciiWord = /[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;
+
+  /**
+   * Used to validate the `validate` option in `_.template` variable.
+   *
+   * Forbids characters which could potentially change the meaning of the function argument definition:
+   * - "()," (modification of function parameters)
+   * - "=" (default value)
+   * - "[]{}" (destructuring of function parameters)
+   * - "/" (beginning of a comment)
+   * - whitespace
+   */
+  var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/;
+
+  /** Used to match backslashes in property paths. */
+  var reEscapeChar = /\\(\\)?/g;
+
+  /**
+   * Used to match
+   * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
+   */
+  var reEsTemplate = /\$\{([^\\}]*(?:\\.[^\\}]*)*)\}/g;
+
+  /** Used to match `RegExp` flags from their coerced string values. */
+  var reFlags = /\w*$/;
+
+  /** Used to detect bad signed hexadecimal string values. */
+  var reIsBadHex = /^[-+]0x[0-9a-f]+$/i;
+
+  /** Used to detect binary string values. */
+  var reIsBinary = /^0b[01]+$/i;
+
+  /** Used to detect host constructors (Safari). */
+  var reIsHostCtor = /^\[object .+?Constructor\]$/;
+
+  /** Used to detect octal string values. */
+  var reIsOctal = /^0o[0-7]+$/i;
+
+  /** Used to detect unsigned integer values. */
+  var reIsUint = /^(?:0|[1-9]\d*)$/;
+
+  /** Used to match Latin Unicode letters (excluding mathematical operators). */
+  var reLatin = /[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g;
+
+  /** Used to ensure capturing order of template delimiters. */
+  var reNoMatch = /($^)/;
+
+  /** Used to match unescaped characters in compiled string literals. */
+  var reUnescapedString = /['\n\r\u2028\u2029\\]/g;
+
+  /** Used to compose unicode character classes. */
+  var rsAstralRange = "\\ud800-\\udfff",
+    rsComboMarksRange = "\\u0300-\\u036f",
+    reComboHalfMarksRange = "\\ufe20-\\ufe2f",
+    rsComboSymbolsRange = "\\u20d0-\\u20ff",
+    rsComboRange = rsComboMarksRange + reComboHalfMarksRange + rsComboSymbolsRange,
+    rsDingbatRange = "\\u2700-\\u27bf",
+    rsLowerRange = 'a-z\\xdf-\\xf6\\xf8-\\xff',
+    rsMathOpRange = '\\xac\\xb1\\xd7\\xf7',
+    rsNonCharRange = '\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf',
+    rsPunctuationRange = "\\u2000-\\u206f",
+    rsSpaceRange = " \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",
+    rsUpperRange = 'A-Z\\xc0-\\xd6\\xd8-\\xde',
+    rsVarRange = "\\ufe0e\\ufe0f",
+    rsBreakRange = rsMathOpRange + rsNonCharRange + rsPunctuationRange + rsSpaceRange;
+
+  /** Used to compose unicode capture groups. */
+  var rsApos = "['\u2019]",
+    rsAstral = '[' + rsAstralRange + ']',
+    rsBreak = '[' + rsBreakRange + ']',
+    rsCombo = '[' + rsComboRange + ']',
+    rsDigits = '\\d+',
+    rsDingbat = '[' + rsDingbatRange + ']',
+    rsLower = '[' + rsLowerRange + ']',
+    rsMisc = '[^' + rsAstralRange + rsBreakRange + rsDigits + rsDingbatRange + rsLowerRange + rsUpperRange + ']',
+    rsFitz = "\\ud83c[\\udffb-\\udfff]",
+    rsModifier = '(?:' + rsCombo + '|' + rsFitz + ')',
+    rsNonAstral = '[^' + rsAstralRange + ']',
+    rsRegional = "(?:\\ud83c[\\udde6-\\uddff]){2}",
+    rsSurrPair = "[\\ud800-\\udbff][\\udc00-\\udfff]",
+    rsUpper = '[' + rsUpperRange + ']',
+    rsZWJ = "\\u200d";
+
+  /** Used to compose unicode regexes. */
+  var rsMiscLower = '(?:' + rsLower + '|' + rsMisc + ')',
+    rsMiscUpper = '(?:' + rsUpper + '|' + rsMisc + ')',
+    rsOptContrLower = '(?:' + rsApos + '(?:d|ll|m|re|s|t|ve))?',
+    rsOptContrUpper = '(?:' + rsApos + '(?:D|LL|M|RE|S|T|VE))?',
+    reOptMod = rsModifier + '?',
+    rsOptVar = '[' + rsVarRange + ']?',
+    rsOptJoin = '(?:' + rsZWJ + '(?:' + [rsNonAstral, rsRegional, rsSurrPair].join('|') + ')' + rsOptVar + reOptMod + ')*',
+    rsOrdLower = '\\d*(?:1st|2nd|3rd|(?![123])\\dth)(?=\\b|[A-Z_])',
+    rsOrdUpper = '\\d*(?:1ST|2ND|3RD|(?![123])\\dTH)(?=\\b|[a-z_])',
+    rsSeq = rsOptVar + reOptMod + rsOptJoin,
+    rsEmoji = '(?:' + [rsDingbat, rsRegional, rsSurrPair].join('|') + ')' + rsSeq,
+    rsSymbol = '(?:' + [rsNonAstral + rsCombo + '?', rsCombo, rsRegional, rsSurrPair, rsAstral].join('|') + ')';
+
+  /** Used to match apostrophes. */
+  var reApos = RegExp(rsApos, 'g');
+
+  /**
+   * Used to match [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks) and
+   * [combining diacritical marks for symbols](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks_for_Symbols).
+   */
+  var reComboMark = RegExp(rsCombo, 'g');
+
+  /** Used to match [string symbols](https://mathiasbynens.be/notes/javascript-unicode). */
+  var reUnicode = RegExp(rsFitz + '(?=' + rsFitz + ')|' + rsSymbol + rsSeq, 'g');
+
+  /** Used to match complex or compound words. */
+  var reUnicodeWord = RegExp([rsUpper + '?' + rsLower + '+' + rsOptContrLower + '(?=' + [rsBreak, rsUpper, '$'].join('|') + ')', rsMiscUpper + '+' + rsOptContrUpper + '(?=' + [rsBreak, rsUpper + rsMiscLower, '$'].join('|') + ')', rsUpper + '?' + rsMiscLower + '+' + rsOptContrLower, rsUpper + '+' + rsOptContrUpper, rsOrdUpper, rsOrdLower, rsDigits, rsEmoji].join('|'), 'g');
+
+  /** Used to detect strings with [zero-width joiners or code points from the astral planes](http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/). */
+  var reHasUnicode = RegExp('[' + rsZWJ + rsAstralRange + rsComboRange + rsVarRange + ']');
+
+  /** Used to detect strings that need a more robust regexp to match words. */
+  var reHasUnicodeWord = /[a-z][A-Z]|[A-Z]{2}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;
+
+  /** Used to assign default `context` object properties. */
+  var contextProps = ['Array', 'Buffer', 'DataView', 'Date', 'Error', 'Float32Array', 'Float64Array', 'Function', 'Int8Array', 'Int16Array', 'Int32Array', 'Map', 'Math', 'Object', 'Promise', 'RegExp', 'Set', 'String', 'Symbol', 'TypeError', 'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array', 'WeakMap', '_', 'clearTimeout', 'isFinite', 'parseInt', 'setTimeout'];
+
+  /** Used to make template sourceURLs easier to identify. */
+  var templateCounter = -1;
+
+  /** Used to identify `toStringTag` values of typed arrays. */
+  var typedArrayTags = {};
+  typedArrayTags[float32Tag] = typedArrayTags[float64Tag] = typedArrayTags[int8Tag] = typedArrayTags[int16Tag] = typedArrayTags[int32Tag] = typedArrayTags[uint8Tag] = typedArrayTags[uint8ClampedTag] = typedArrayTags[uint16Tag] = typedArrayTags[uint32Tag] = true;
+  typedArrayTags[argsTag] = typedArrayTags[arrayTag] = typedArrayTags[arrayBufferTag] = typedArrayTags[boolTag] = typedArrayTags[dataViewTag] = typedArrayTags[dateTag] = typedArrayTags[errorTag] = typedArrayTags[funcTag] = typedArrayTags[mapTag] = typedArrayTags[numberTag] = typedArrayTags[objectTag] = typedArrayTags[regexpTag] = typedArrayTags[setTag] = typedArrayTags[stringTag] = typedArrayTags[weakMapTag] = false;
+
+  /** Used to identify `toStringTag` values supported by `_.clone`. */
+  var cloneableTags = {};
+  cloneableTags[argsTag] = cloneableTags[arrayTag] = cloneableTags[arrayBufferTag] = cloneableTags[dataViewTag] = cloneableTags[boolTag] = cloneableTags[dateTag] = cloneableTags[float32Tag] = cloneableTags[float64Tag] = cloneableTags[int8Tag] = cloneableTags[int16Tag] = cloneableTags[int32Tag] = cloneableTags[mapTag] = cloneableTags[numberTag] = cloneableTags[objectTag] = cloneableTags[regexpTag] = cloneableTags[setTag] = cloneableTags[stringTag] = cloneableTags[symbolTag] = cloneableTags[uint8Tag] = cloneableTags[uint8ClampedTag] = cloneableTags[uint16Tag] = cloneableTags[uint32Tag] = true;
+  cloneableTags[errorTag] = cloneableTags[funcTag] = cloneableTags[weakMapTag] = false;
+
+  /** Used to map Latin Unicode letters to basic Latin letters. */
+  var deburredLetters = {
+    // Latin-1 Supplement block.
+    '\xc0': 'A',
+    '\xc1': 'A',
+    '\xc2': 'A',
+    '\xc3': 'A',
+    '\xc4': 'A',
+    '\xc5': 'A',
+    '\xe0': 'a',
+    '\xe1': 'a',
+    '\xe2': 'a',
+    '\xe3': 'a',
+    '\xe4': 'a',
+    '\xe5': 'a',
+    '\xc7': 'C',
+    '\xe7': 'c',
+    '\xd0': 'D',
+    '\xf0': 'd',
+    '\xc8': 'E',
+    '\xc9': 'E',
+    '\xca': 'E',
+    '\xcb': 'E',
+    '\xe8': 'e',
+    '\xe9': 'e',
+    '\xea': 'e',
+    '\xeb': 'e',
+    '\xcc': 'I',
+    '\xcd': 'I',
+    '\xce': 'I',
+    '\xcf': 'I',
+    '\xec': 'i',
+    '\xed': 'i',
+    '\xee': 'i',
+    '\xef': 'i',
+    '\xd1': 'N',
+    '\xf1': 'n',
+    '\xd2': 'O',
+    '\xd3': 'O',
+    '\xd4': 'O',
+    '\xd5': 'O',
+    '\xd6': 'O',
+    '\xd8': 'O',
+    '\xf2': 'o',
+    '\xf3': 'o',
+    '\xf4': 'o',
+    '\xf5': 'o',
+    '\xf6': 'o',
+    '\xf8': 'o',
+    '\xd9': 'U',
+    '\xda': 'U',
+    '\xdb': 'U',
+    '\xdc': 'U',
+    '\xf9': 'u',
+    '\xfa': 'u',
+    '\xfb': 'u',
+    '\xfc': 'u',
+    '\xdd': 'Y',
+    '\xfd': 'y',
+    '\xff': 'y',
+    '\xc6': 'Ae',
+    '\xe6': 'ae',
+    '\xde': 'Th',
+    '\xfe': 'th',
+    '\xdf': 'ss',
+    // Latin Extended-A block.
+    "\u0100": 'A',
+    "\u0102": 'A',
+    "\u0104": 'A',
+    "\u0101": 'a',
+    "\u0103": 'a',
+    "\u0105": 'a',
+    "\u0106": 'C',
+    "\u0108": 'C',
+    "\u010A": 'C',
+    "\u010C": 'C',
+    "\u0107": 'c',
+    "\u0109": 'c',
+    "\u010B": 'c',
+    "\u010D": 'c',
+    "\u010E": 'D',
+    "\u0110": 'D',
+    "\u010F": 'd',
+    "\u0111": 'd',
+    "\u0112": 'E',
+    "\u0114": 'E',
+    "\u0116": 'E',
+    "\u0118": 'E',
+    "\u011A": 'E',
+    "\u0113": 'e',
+    "\u0115": 'e',
+    "\u0117": 'e',
+    "\u0119": 'e',
+    "\u011B": 'e',
+    "\u011C": 'G',
+    "\u011E": 'G',
+    "\u0120": 'G',
+    "\u0122": 'G',
+    "\u011D": 'g',
+    "\u011F": 'g',
+    "\u0121": 'g',
+    "\u0123": 'g',
+    "\u0124": 'H',
+    "\u0126": 'H',
+    "\u0125": 'h',
+    "\u0127": 'h',
+    "\u0128": 'I',
+    "\u012A": 'I',
+    "\u012C": 'I',
+    "\u012E": 'I',
+    "\u0130": 'I',
+    "\u0129": 'i',
+    "\u012B": 'i',
+    "\u012D": 'i',
+    "\u012F": 'i',
+    "\u0131": 'i',
+    "\u0134": 'J',
+    "\u0135": 'j',
+    "\u0136": 'K',
+    "\u0137": 'k',
+    "\u0138": 'k',
+    "\u0139": 'L',
+    "\u013B": 'L',
+    "\u013D": 'L',
+    "\u013F": 'L',
+    "\u0141": 'L',
+    "\u013A": 'l',
+    "\u013C": 'l',
+    "\u013E": 'l',
+    "\u0140": 'l',
+    "\u0142": 'l',
+    "\u0143": 'N',
+    "\u0145": 'N',
+    "\u0147": 'N',
+    "\u014A": 'N',
+    "\u0144": 'n',
+    "\u0146": 'n',
+    "\u0148": 'n',
+    "\u014B": 'n',
+    "\u014C": 'O',
+    "\u014E": 'O',
+    "\u0150": 'O',
+    "\u014D": 'o',
+    "\u014F": 'o',
+    "\u0151": 'o',
+    "\u0154": 'R',
+    "\u0156": 'R',
+    "\u0158": 'R',
+    "\u0155": 'r',
+    "\u0157": 'r',
+    "\u0159": 'r',
+    "\u015A": 'S',
+    "\u015C": 'S',
+    "\u015E": 'S',
+    "\u0160": 'S',
+    "\u015B": 's',
+    "\u015D": 's',
+    "\u015F": 's',
+    "\u0161": 's',
+    "\u0162": 'T',
+    "\u0164": 'T',
+    "\u0166": 'T',
+    "\u0163": 't',
+    "\u0165": 't',
+    "\u0167": 't',
+    "\u0168": 'U',
+    "\u016A": 'U',
+    "\u016C": 'U',
+    "\u016E": 'U',
+    "\u0170": 'U',
+    "\u0172": 'U',
+    "\u0169": 'u',
+    "\u016B": 'u',
+    "\u016D": 'u',
+    "\u016F": 'u',
+    "\u0171": 'u',
+    "\u0173": 'u',
+    "\u0174": 'W',
+    "\u0175": 'w',
+    "\u0176": 'Y',
+    "\u0177": 'y',
+    "\u0178": 'Y',
+    "\u0179": 'Z',
+    "\u017B": 'Z',
+    "\u017D": 'Z',
+    "\u017A": 'z',
+    "\u017C": 'z',
+    "\u017E": 'z',
+    "\u0132": 'IJ',
+    "\u0133": 'ij',
+    "\u0152": 'Oe',
+    "\u0153": 'oe',
+    "\u0149": "'n",
+    "\u017F": 's'
+  };
+
+  /** Used to map characters to HTML entities. */
+  var htmlEscapes = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;'
+  };
+
+  /** Used to map HTML entities to characters. */
+  var htmlUnescapes = {
+    '&amp;': '&',
+    '&lt;': '<',
+    '&gt;': '>',
+    '&quot;': '"',
+    '&#39;': "'"
+  };
+
+  /** Used to escape characters for inclusion in compiled string literals. */
+  var stringEscapes = {
+    '\\': '\\',
+    "'": "'",
+    '\n': 'n',
+    '\r': 'r',
+    "\u2028": 'u2028',
+    "\u2029": 'u2029'
+  };
+
+  /** Built-in method references without a dependency on `root`. */
+  var freeParseFloat = parseFloat,
+    freeParseInt = parseInt;
+
+  /** Detect free variable `global` from Node.js. */
+  var freeGlobal = typeof __webpack_require__.g == 'object' && __webpack_require__.g && __webpack_require__.g.Object === Object && __webpack_require__.g;
+
+  /** Detect free variable `self`. */
+  var freeSelf = typeof self == 'object' && self && self.Object === Object && self;
+
+  /** Used as a reference to the global object. */
+  var root = freeGlobal || freeSelf || Function('return this')();
+
+  /** Detect free variable `exports`. */
+  var freeExports =  true && exports && !exports.nodeType && exports;
+
+  /** Detect free variable `module`. */
+  var freeModule = freeExports && "object" == 'object' && module && !module.nodeType && module;
+
+  /** Detect the popular CommonJS extension `module.exports`. */
+  var moduleExports = freeModule && freeModule.exports === freeExports;
+
+  /** Detect free variable `process` from Node.js. */
+  var freeProcess = moduleExports && freeGlobal.process;
+
+  /** Used to access faster Node.js helpers. */
+  var nodeUtil = function () {
+    try {
+      // Use `util.types` for Node.js 10+.
+      var types = freeModule && freeModule.require && freeModule.require('util').types;
+      if (types) {
+        return types;
+      }
+
+      // Legacy `process.binding('util')` for Node.js < 10.
+      return freeProcess && freeProcess.binding && freeProcess.binding('util');
+    } catch (e) {}
+  }();
+
+  /* Node.js helper references. */
+  var nodeIsArrayBuffer = nodeUtil && nodeUtil.isArrayBuffer,
+    nodeIsDate = nodeUtil && nodeUtil.isDate,
+    nodeIsMap = nodeUtil && nodeUtil.isMap,
+    nodeIsRegExp = nodeUtil && nodeUtil.isRegExp,
+    nodeIsSet = nodeUtil && nodeUtil.isSet,
+    nodeIsTypedArray = nodeUtil && nodeUtil.isTypedArray;
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * A faster alternative to `Function#apply`, this function invokes `func`
+   * with the `this` binding of `thisArg` and the arguments of `args`.
+   *
+   * @private
+   * @param {Function} func The function to invoke.
+   * @param {*} thisArg The `this` binding of `func`.
+   * @param {Array} args The arguments to invoke `func` with.
+   * @returns {*} Returns the result of `func`.
+   */
+  function apply(func, thisArg, args) {
+    switch (args.length) {
+      case 0:
+        return func.call(thisArg);
+      case 1:
+        return func.call(thisArg, args[0]);
+      case 2:
+        return func.call(thisArg, args[0], args[1]);
+      case 3:
+        return func.call(thisArg, args[0], args[1], args[2]);
+    }
+    return func.apply(thisArg, args);
+  }
+
+  /**
+   * A specialized version of `baseAggregator` for arrays.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} setter The function to set `accumulator` values.
+   * @param {Function} iteratee The iteratee to transform keys.
+   * @param {Object} accumulator The initial aggregated object.
+   * @returns {Function} Returns `accumulator`.
+   */
+  function arrayAggregator(array, setter, iteratee, accumulator) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    while (++index < length) {
+      var value = array[index];
+      setter(accumulator, value, iteratee(value), array);
+    }
+    return accumulator;
+  }
+
+  /**
+   * A specialized version of `_.forEach` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {Array} Returns `array`.
+   */
+  function arrayEach(array, iteratee) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    while (++index < length) {
+      if (iteratee(array[index], index, array) === false) {
+        break;
+      }
+    }
+    return array;
+  }
+
+  /**
+   * A specialized version of `_.forEachRight` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {Array} Returns `array`.
+   */
+  function arrayEachRight(array, iteratee) {
+    var length = array == null ? 0 : array.length;
+    while (length--) {
+      if (iteratee(array[length], length, array) === false) {
+        break;
+      }
+    }
+    return array;
+  }
+
+  /**
+   * A specialized version of `_.every` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} predicate The function invoked per iteration.
+   * @returns {boolean} Returns `true` if all elements pass the predicate check,
+   *  else `false`.
+   */
+  function arrayEvery(array, predicate) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    while (++index < length) {
+      if (!predicate(array[index], index, array)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  /**
+   * A specialized version of `_.filter` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} predicate The function invoked per iteration.
+   * @returns {Array} Returns the new filtered array.
+   */
+  function arrayFilter(array, predicate) {
+    var index = -1,
+      length = array == null ? 0 : array.length,
+      resIndex = 0,
+      result = [];
+    while (++index < length) {
+      var value = array[index];
+      if (predicate(value, index, array)) {
+        result[resIndex++] = value;
+      }
+    }
+    return result;
+  }
+
+  /**
+   * A specialized version of `_.includes` for arrays without support for
+   * specifying an index to search from.
+   *
+   * @private
+   * @param {Array} [array] The array to inspect.
+   * @param {*} target The value to search for.
+   * @returns {boolean} Returns `true` if `target` is found, else `false`.
+   */
+  function arrayIncludes(array, value) {
+    var length = array == null ? 0 : array.length;
+    return !!length && baseIndexOf(array, value, 0) > -1;
+  }
+
+  /**
+   * This function is like `arrayIncludes` except that it accepts a comparator.
+   *
+   * @private
+   * @param {Array} [array] The array to inspect.
+   * @param {*} target The value to search for.
+   * @param {Function} comparator The comparator invoked per element.
+   * @returns {boolean} Returns `true` if `target` is found, else `false`.
+   */
+  function arrayIncludesWith(array, value, comparator) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    while (++index < length) {
+      if (comparator(value, array[index])) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /**
+   * A specialized version of `_.map` for arrays without support for iteratee
+   * shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {Array} Returns the new mapped array.
+   */
+  function arrayMap(array, iteratee) {
+    var index = -1,
+      length = array == null ? 0 : array.length,
+      result = Array(length);
+    while (++index < length) {
+      result[index] = iteratee(array[index], index, array);
+    }
+    return result;
+  }
+
+  /**
+   * Appends the elements of `values` to `array`.
+   *
+   * @private
+   * @param {Array} array The array to modify.
+   * @param {Array} values The values to append.
+   * @returns {Array} Returns `array`.
+   */
+  function arrayPush(array, values) {
+    var index = -1,
+      length = values.length,
+      offset = array.length;
+    while (++index < length) {
+      array[offset + index] = values[index];
+    }
+    return array;
+  }
+
+  /**
+   * A specialized version of `_.reduce` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @param {*} [accumulator] The initial value.
+   * @param {boolean} [initAccum] Specify using the first element of `array` as
+   *  the initial value.
+   * @returns {*} Returns the accumulated value.
+   */
+  function arrayReduce(array, iteratee, accumulator, initAccum) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    if (initAccum && length) {
+      accumulator = array[++index];
+    }
+    while (++index < length) {
+      accumulator = iteratee(accumulator, array[index], index, array);
+    }
+    return accumulator;
+  }
+
+  /**
+   * A specialized version of `_.reduceRight` for arrays without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @param {*} [accumulator] The initial value.
+   * @param {boolean} [initAccum] Specify using the last element of `array` as
+   *  the initial value.
+   * @returns {*} Returns the accumulated value.
+   */
+  function arrayReduceRight(array, iteratee, accumulator, initAccum) {
+    var length = array == null ? 0 : array.length;
+    if (initAccum && length) {
+      accumulator = array[--length];
+    }
+    while (length--) {
+      accumulator = iteratee(accumulator, array[length], length, array);
+    }
+    return accumulator;
+  }
+
+  /**
+   * A specialized version of `_.some` for arrays without support for iteratee
+   * shorthands.
+   *
+   * @private
+   * @param {Array} [array] The array to iterate over.
+   * @param {Function} predicate The function invoked per iteration.
+   * @returns {boolean} Returns `true` if any element passes the predicate check,
+   *  else `false`.
+   */
+  function arraySome(array, predicate) {
+    var index = -1,
+      length = array == null ? 0 : array.length;
+    while (++index < length) {
+      if (predicate(array[index], index, array)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  /**
+   * Gets the size of an ASCII `string`.
+   *
+   * @private
+   * @param {string} string The string inspect.
+   * @returns {number} Returns the string size.
+   */
+  var asciiSize = baseProperty('length');
+
+  /**
+   * Converts an ASCII `string` to an array.
+   *
+   * @private
+   * @param {string} string The string to convert.
+   * @returns {Array} Returns the converted array.
+   */
+  function asciiToArray(string) {
+    return string.split('');
+  }
+
+  /**
+   * Splits an ASCII `string` into an array of its words.
+   *
+   * @private
+   * @param {string} The string to inspect.
+   * @returns {Array} Returns the words of `string`.
+   */
+  function asciiWords(string) {
+    return string.match(reAsciiWord) || [];
+  }
+
+  /**
+   * The base implementation of methods like `_.findKey` and `_.findLastKey`,
+   * without support for iteratee shorthands, which iterates over `collection`
+   * using `eachFunc`.
+   *
+   * @private
+   * @param {Array|Object} collection The collection to inspect.
+   * @param {Function} predicate The function invoked per iteration.
+   * @param {Function} eachFunc The function to iterate over `collection`.
+   * @returns {*} Returns the found element or its key, else `undefined`.
+   */
+  function baseFindKey(collection, predicate, eachFunc) {
+    var result;
+    eachFunc(collection, function (value, key, collection) {
+      if (predicate(value, key, collection)) {
+        result = key;
+        return false;
+      }
+    });
+    return result;
+  }
+
+  /**
+   * The base implementation of `_.findIndex` and `_.findLastIndex` without
+   * support for iteratee shorthands.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {Function} predicate The function invoked per iteration.
+   * @param {number} fromIndex The index to search from.
+   * @param {boolean} [fromRight] Specify iterating from right to left.
+   * @returns {number} Returns the index of the matched value, else `-1`.
+   */
+  function baseFindIndex(array, predicate, fromIndex, fromRight) {
+    var length = array.length,
+      index = fromIndex + (fromRight ? 1 : -1);
+    while (fromRight ? index-- : ++index < length) {
+      if (predicate(array[index], index, array)) {
+        return index;
+      }
+    }
+    return -1;
+  }
+
+  /**
+   * The base implementation of `_.indexOf` without `fromIndex` bounds checks.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {*} value The value to search for.
+   * @param {number} fromIndex The index to search from.
+   * @returns {number} Returns the index of the matched value, else `-1`.
+   */
+  function baseIndexOf(array, value, fromIndex) {
+    return value === value ? strictIndexOf(array, value, fromIndex) : baseFindIndex(array, baseIsNaN, fromIndex);
+  }
+
+  /**
+   * This function is like `baseIndexOf` except that it accepts a comparator.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {*} value The value to search for.
+   * @param {number} fromIndex The index to search from.
+   * @param {Function} comparator The comparator invoked per element.
+   * @returns {number} Returns the index of the matched value, else `-1`.
+   */
+  function baseIndexOfWith(array, value, fromIndex, comparator) {
+    var index = fromIndex - 1,
+      length = array.length;
+    while (++index < length) {
+      if (comparator(array[index], value)) {
+        return index;
+      }
+    }
+    return -1;
+  }
+
+  /**
+   * The base implementation of `_.isNaN` without support for number objects.
+   *
+   * @private
+   * @param {*} value The value to check.
+   * @returns {boolean} Returns `true` if `value` is `NaN`, else `false`.
+   */
+  function baseIsNaN(value) {
+    return value !== value;
+  }
+
+  /**
+   * The base implementation of `_.mean` and `_.meanBy` without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} array The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {number} Returns the mean.
+   */
+  function baseMean(array, iteratee) {
+    var length = array == null ? 0 : array.length;
+    return length ? baseSum(array, iteratee) / length : NAN;
+  }
+
+  /**
+   * The base implementation of `_.property` without support for deep paths.
+   *
+   * @private
+   * @param {string} key The key of the property to get.
+   * @returns {Function} Returns the new accessor function.
+   */
+  function baseProperty(key) {
+    return function (object) {
+      return object == null ? undefined : object[key];
+    };
+  }
+
+  /**
+   * The base implementation of `_.propertyOf` without support for deep paths.
+   *
+   * @private
+   * @param {Object} object The object to query.
+   * @returns {Function} Returns the new accessor function.
+   */
+  function basePropertyOf(object) {
+    return function (key) {
+      return object == null ? undefined : object[key];
+    };
+  }
+
+  /**
+   * The base implementation of `_.reduce` and `_.reduceRight`, without support
+   * for iteratee shorthands, which iterates over `collection` using `eachFunc`.
+   *
+   * @private
+   * @param {Array|Object} collection The collection to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @param {*} accumulator The initial value.
+   * @param {boolean} initAccum Specify using the first or last element of
+   *  `collection` as the initial value.
+   * @param {Function} eachFunc The function to iterate over `collection`.
+   * @returns {*} Returns the accumulated value.
+   */
+  function baseReduce(collection, iteratee, accumulator, initAccum, eachFunc) {
+    eachFunc(collection, function (value, index, collection) {
+      accumulator = initAccum ? (initAccum = false, value) : iteratee(accumulator, value, index, collection);
+    });
+    return accumulator;
+  }
+
+  /**
+   * The base implementation of `_.sortBy` which uses `comparer` to define the
+   * sort order of `array` and replaces criteria objects with their corresponding
+   * values.
+   *
+   * @private
+   * @param {Array} array The array to sort.
+   * @param {Function} comparer The function to define sort order.
+   * @returns {Array} Returns `array`.
+   */
+  function baseSortBy(array, comparer) {
+    var length = array.length;
+    array.sort(comparer);
+    while (length--) {
+      array[length] = array[length].value;
+    }
+    return array;
+  }
+
+  /**
+   * The base implementation of `_.sum` and `_.sumBy` without support for
+   * iteratee shorthands.
+   *
+   * @private
+   * @param {Array} array The array to iterate over.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {number} Returns the sum.
+   */
+  function baseSum(array, iteratee) {
+    var result,
+      index = -1,
+      length = array.length;
+    while (++index < length) {
+      var current = iteratee(array[index]);
+      if (current !== undefined) {
+        result = result === undefined ? current : result + current;
+      }
+    }
+    return result;
+  }
+
+  /**
+   * The base implementation of `_.times` without support for iteratee shorthands
+   * or max array length checks.
+   *
+   * @private
+   * @param {number} n The number of times to invoke `iteratee`.
+   * @param {Function} iteratee The function invoked per iteration.
+   * @returns {Array} Returns the array of results.
+   */
+  function baseTimes(n, iteratee) {
+    var index = -1,
+      result = Array(n);
+    while (++index < n) {
+      result[index] = iteratee(index);
+    }
+    return result;
+  }
+
+  /**
+   * The base implementation of `_.toPairs` and `_.toPairsIn` which creates an array
+   * of key-value pairs for `object` corresponding to the property names of `props`.
+   *
+   * @private
+   * @param {Object} object The object to query.
+   * @param {Array} props The property names to get values for.
+   * @returns {Object} Returns the key-value pairs.
+   */
+  function baseToPairs(object, props) {
+    return arrayMap(props, function (key) {
+      return [key, object[key]];
+    });
+  }
+
+  /**
+   * The base implementation of `_.trim`.
+   *
+   * @private
+   * @param {string} string The string to trim.
+   * @returns {string} Returns the trimmed string.
+   */
+  function baseTrim(string) {
+    return string ? string.slice(0, trimmedEndIndex(string) + 1).replace(reTrimStart, '') : string;
+  }
+
+  /**
+   * The base implementation of `_.unary` without support for storing metadata.
+   *
+   * @private
+   * @param {Function} func The function to cap arguments for.
+   * @returns {Function} Returns the new capped function.
+   */
+  function baseUnary(func) {
+    return function (value) {
+      return func(value);
+    };
+  }
+
+  /**
+   * The base implementation of `_.values` and `_.valuesIn` which creates an
+   * array of `object` property values corresponding to the property names
+   * of `props`.
+   *
+   * @private
+   * @param {Object} object The object to query.
+   * @param {Array} props The property names to get values for.
+   * @returns {Object} Returns the array of property values.
+   */
+  function baseValues(object, props) {
+    return arrayMap(props, function (key) {
+      return object[key];
+    });
+  }
+
+  /**
+   * Checks if a `cache` value for `key` exists.
+   *
+   * @private
+   * @param {Object} cache The cache to query.
+   * @param {string} key The key of the entry to check.
+   * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
+   */
+  function cacheHas(cache, key) {
+    return cache.has(key);
+  }
+
+  /**
+   * Used by `_.trim` and `_.trimStart` to get the index of the first string symbol
+   * that is not found in the character symbols.
+   *
+   * @private
+   * @param {Array} strSymbols The string symbols to inspect.
+   * @param {Array} chrSymbols The character symbols to find.
+   * @returns {number} Returns the index of the first unmatched string symbol.
+   */
+  function charsStartIndex(strSymbols, chrSymbols) {
+    var index = -1,
+      length = strSymbols.length;
+    while (++index < length && baseIndexOf(chrSymbols, strSymbols[index], 0) > -1) {}
+    return index;
+  }
+
+  /**
+   * Used by `_.trim` and `_.trimEnd` to get the index of the last string symbol
+   * that is not found in the character symbols.
+   *
+   * @private
+   * @param {Array} strSymbols The string symbols to inspect.
+   * @param {Array} chrSymbols The character symbols to find.
+   * @returns {number} Returns the index of the last unmatched string symbol.
+   */
+  function charsEndIndex(strSymbols, chrSymbols) {
+    var index = strSymbols.length;
+    while (index-- && baseIndexOf(chrSymbols, strSymbols[index], 0) > -1) {}
+    return index;
+  }
+
+  /**
+   * Gets the number of `placeholder` occurrences in `array`.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {*} placeholder The placeholder to search for.
+   * @returns {number} Returns the placeholder count.
+   */
+  function countHolders(array, placeholder) {
+    var length = array.length,
+      result = 0;
+    while (length--) {
+      if (array[length] === placeholder) {
+        ++result;
+      }
+    }
+    return result;
+  }
+
+  /**
+   * Used by `_.deburr` to convert Latin-1 Supplement and Latin Extended-A
+   * letters to basic Latin letters.
+   *
+   * @private
+   * @param {string} letter The matched letter to deburr.
+   * @returns {string} Returns the deburred letter.
+   */
+  var deburrLetter = basePropertyOf(deburredLetters);
+
+  /**
+   * Used by `_.escape` to convert characters to HTML entities.
+   *
+   * @private
+   * @param {string} chr The matched character to escape.
+   * @returns {string} Returns the escaped character.
+   */
+  var escapeHtmlChar = basePropertyOf(htmlEscapes);
+
+  /**
+   * Used by `_.template` to escape characters for inclusion in compiled string literals.
+   *
+   * @private
+   * @param {string} chr The matched character to escape.
+   * @returns {string} Returns the escaped character.
+   */
+  function escapeStringChar(chr) {
+    return '\\' + stringEscapes[chr];
+  }
+
+  /**
+   * Gets the value at `key` of `object`.
+   *
+   * @private
+   * @param {Object} [object] The object to query.
+   * @param {string} key The key of the property to get.
+   * @returns {*} Returns the property value.
+   */
+  function getValue(object, key) {
+    return object == null ? undefined : object[key];
+  }
+
+  /**
+   * Checks if `string` contains Unicode symbols.
+   *
+   * @private
+   * @param {string} string The string to inspect.
+   * @returns {boolean} Returns `true` if a symbol is found, else `false`.
+   */
+  function hasUnicode(string) {
+    return reHasUnicode.test(string);
+  }
+
+  /**
+   * Checks if `string` contains a word composed of Unicode symbols.
+   *
+   * @private
+   * @param {string} string The string to inspect.
+   * @returns {boolean} Returns `true` if a word is found, else `false`.
+   */
+  function hasUnicodeWord(string) {
+    return reHasUnicodeWord.test(string);
+  }
+
+  /**
+   * Converts `iterator` to an array.
+   *
+   * @private
+   * @param {Object} iterator The iterator to convert.
+   * @returns {Array} Returns the converted array.
+   */
+  function iteratorToArray(iterator) {
+    var data,
+      result = [];
+    while (!(data = iterator.next()).done) {
+      result.push(data.value);
+    }
+    return result;
+  }
+
+  /**
+   * Converts `map` to its key-value pairs.
+   *
+   * @private
+   * @param {Object} map The map to convert.
+   * @returns {Array} Returns the key-value pairs.
+   */
+  function mapToArray(map) {
+    var index = -1,
+      result = Array(map.size);
+    map.forEach(function (value, key) {
+      result[++index] = [key, value];
+    });
+    return result;
+  }
+
+  /**
+   * Creates a unary function that invokes `func` with its argument transformed.
+   *
+   * @private
+   * @param {Function} func The function to wrap.
+   * @param {Function} transform The argument transform.
+   * @returns {Function} Returns the new function.
+   */
+  function overArg(func, transform) {
+    return function (arg) {
+      return func(transform(arg));
+    };
+  }
+
+  /**
+   * Replaces all `placeholder` elements in `array` with an internal placeholder
+   * and returns an array of their indexes.
+   *
+   * @private
+   * @param {Array} array The array to modify.
+   * @param {*} placeholder The placeholder to replace.
+   * @returns {Array} Returns the new array of placeholder indexes.
+   */
+  function replaceHolders(array, placeholder) {
+    var index = -1,
+      length = array.length,
+      resIndex = 0,
+      result = [];
+    while (++index < length) {
+      var value = array[index];
+      if (value === placeholder || value === PLACEHOLDER) {
+        array[index] = PLACEHOLDER;
+        result[resIndex++] = index;
+      }
+    }
+    return result;
+  }
+
+  /**
+   * Converts `set` to an array of its values.
+   *
+   * @private
+   * @param {Object} set The set to convert.
+   * @returns {Array} Returns the values.
+   */
+  function setToArray(set) {
+    var index = -1,
+      result = Array(set.size);
+    set.forEach(function (value) {
+      result[++index] = value;
+    });
+    return result;
+  }
+
+  /**
+   * Converts `set` to its value-value pairs.
+   *
+   * @private
+   * @param {Object} set The set to convert.
+   * @returns {Array} Returns the value-value pairs.
+   */
+  function setToPairs(set) {
+    var index = -1,
+      result = Array(set.size);
+    set.forEach(function (value) {
+      result[++index] = [value, value];
+    });
+    return result;
+  }
+
+  /**
+   * A specialized version of `_.indexOf` which performs strict equality
+   * comparisons of values, i.e. `===`.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {*} value The value to search for.
+   * @param {number} fromIndex The index to search from.
+   * @returns {number} Returns the index of the matched value, else `-1`.
+   */
+  function strictIndexOf(array, value, fromIndex) {
+    var index = fromIndex - 1,
+      length = array.length;
+    while (++index < length) {
+      if (array[index] === value) {
+        return index;
+      }
+    }
+    return -1;
+  }
+
+  /**
+   * A specialized version of `_.lastIndexOf` which performs strict equality
+   * comparisons of values, i.e. `===`.
+   *
+   * @private
+   * @param {Array} array The array to inspect.
+   * @param {*} value The value to search for.
+   * @param {number} fromIndex The index to search from.
+   * @returns {number} Returns the index of the matched value, else `-1`.
+   */
+  function strictLastIndexOf(array, value, fromIndex) {
+    var index = fromIndex + 1;
+    while (index--) {
+      if (array[index] === value) {
+        return index;
+      }
+    }
+    return index;
+  }
+
+  /**
+   * Gets the number of symbols in `string`.
+   *
+   * @private
+   * @param {string} string The string to inspect.
+   * @returns {number} Returns the string size.
+   */
+  function stringSize(string) {
+    return hasUnicode(string) ? unicodeSize(string) : asciiSize(string);
+  }
+
+  /**
+   * Converts `string` to an array.
+   *
+   * @private
+   * @param {string} string The string to convert.
+   * @returns {Array} Returns the converted array.
+   */
+  function stringToArray(string) {
+    return hasUnicode(string) ? unicodeToArray(string) : asciiToArray(string);
+  }
+
+  /**
+   * Used by `_.trim` and `_.trimEnd` to get the index of the last non-whitespace
+   * character of `string`.
+   *
+   * @private
+   * @param {string} string The string to inspect.
+   * @returns {number} Returns the index of the last non-whitespace character.
+   */
+  function trimmedEndIndex(string) {
+    var index = string.length;
+    while (index-- && reWhitespace.test(string.charAt(index))) {}
+    return index;
+  }
+
+  /**
+   * Used by `_.unescape` to convert HTML entities to characters.
+   *
+   * @private
+   * @param {string} chr The matched character to unescape.
+   * @returns {string} Returns the unescaped character.
+   */
+  var unescapeHtmlChar = basePropertyOf(htmlUnescapes);
+
+  /**
+   * Gets the size of a Unicode `string`.
+   *
+   * @private
+   * @param {string} string The string inspect.
+   * @returns {number} Returns the string size.
+   */
+  function unicodeSize(string) {
+    var result = reUnicode.lastIndex = 0;
+    while (reUnicode.test(string)) {
+      ++result;
+    }
+    return result;
+  }
+
+  /**
+   * Converts a Unicode `string` to an array.
+   *
+   * @private
+   * @param {string} string The string to convert.
+   * @returns {Array} Returns the converted array.
+   */
+  function unicodeToArray(string) {
+    return string.match(reUnicode) || [];
+  }
+
+  /**
+   * Splits a Unicode `string` into an array of its words.
+   *
+   * @private
+   * @param {string} The string to inspect.
+   * @returns {Array} Returns the words of `string`.
+   */
+  function unicodeWords(string) {
+    return string.match(reUnicodeWord) || [];
+  }
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * Create a new pristine `lodash` function using the `context` object.
+   *
+   * @static
+   * @memberOf _
+   * @since 1.1.0
+   * @category Util
+   * @param {Object} [context=root] The context object.
+   * @returns {Function} Returns a new `lodash` function.
+   * @example
+   *
+   * _.mixin({ 'foo': _.constant('foo') });
+   *
+   * var lodash = _.runInContext();
+   * lodash.mixin({ 'bar': lodash.constant('bar') });
+   *
+   * _.isFunction(_.foo);
+   * // => true
+   * _.isFunction(_.bar);
+   * // => false
+   *
+   * lodash.isFunction(lodash.foo);
+   * // => false
+   * lodash.isFunction(lodash.bar);
+   * // => true
+   *
+   * // Create a suped-up `defer` in Node.js.
+   * var defer = _.runInContext({ 'setTimeout': setImmediate }).defer;
+   */
+  var runInContext = function runInContext(context) {
+    context = context == null ? root : _.defaults(root.Object(), context, _.pick(root, contextProps));
+
+    /** Built-in constructor references. */
+    var Array = context.Array,
+      Date = context.Date,
+      Error = context.Error,
+      Function = context.Function,
+      Math = context.Math,
+      Object = context.Object,
+      RegExp = context.RegExp,
+      String = context.String,
+      TypeError = context.TypeError;
+
+    /** Used for built-in method references. */
+    var arrayProto = Array.prototype,
+      funcProto = Function.prototype,
+      objectProto = Object.prototype;
+
+    /** Used to detect overreaching core-js shims. */
+    var coreJsData = context['__core-js_shared__'];
+
+    /** Used to resolve the decompiled source of functions. */
+    var funcToString = funcProto.toString;
+
+    /** Used to check objects for own properties. */
+    var hasOwnProperty = objectProto.hasOwnProperty;
+
+    /** Used to generate unique IDs. */
+    var idCounter = 0;
+
+    /** Used to detect methods masquerading as native. */
+    var maskSrcKey = function () {
+      var uid = /[^.]+$/.exec(coreJsData && coreJsData.keys && coreJsData.keys.IE_PROTO || '');
+      return uid ? 'Symbol(src)_1.' + uid : '';
+    }();
+
+    /**
+     * Used to resolve the
+     * [`toStringTag`](http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
+     * of values.
+     */
+    var nativeObjectToString = objectProto.toString;
+
+    /** Used to infer the `Object` constructor. */
+    var objectCtorString = funcToString.call(Object);
+
+    /** Used to restore the original `_` reference in `_.noConflict`. */
+    var oldDash = root._;
+
+    /** Used to detect if a method is native. */
+    var reIsNative = RegExp('^' + funcToString.call(hasOwnProperty).replace(reRegExpChar, '\\$&').replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, '$1.*?') + '$');
+
+    /** Built-in value references. */
+    var Buffer = moduleExports ? context.Buffer : undefined,
+      Symbol = context.Symbol,
+      Uint8Array = context.Uint8Array,
+      allocUnsafe = Buffer ? Buffer.allocUnsafe : undefined,
+      getPrototype = overArg(Object.getPrototypeOf, Object),
+      objectCreate = Object.create,
+      propertyIsEnumerable = objectProto.propertyIsEnumerable,
+      splice = arrayProto.splice,
+      spreadableSymbol = Symbol ? Symbol.isConcatSpreadable : undefined,
+      symIterator = Symbol ? Symbol.iterator : undefined,
+      symToStringTag = Symbol ? Symbol.toStringTag : undefined;
+    var defineProperty = function () {
+      try {
+        var func = getNative(Object, 'defineProperty');
+        func({}, '', {});
+        return func;
+      } catch (e) {}
+    }();
+
+    /** Mocked built-ins. */
+    var ctxClearTimeout = context.clearTimeout !== root.clearTimeout && context.clearTimeout,
+      ctxNow = Date && Date.now !== root.Date.now && Date.now,
+      ctxSetTimeout = context.setTimeout !== root.setTimeout && context.setTimeout;
+
+    /* Built-in method references for those with the same name as other `lodash` methods. */
+    var nativeCeil = Math.ceil,
+      nativeFloor = Math.floor,
+      nativeGetSymbols = Object.getOwnPropertySymbols,
+      nativeIsBuffer = Buffer ? Buffer.isBuffer : undefined,
+      nativeIsFinite = context.isFinite,
+      nativeJoin = arrayProto.join,
+      nativeKeys = overArg(Object.keys, Object),
+      nativeMax = Math.max,
+      nativeMin = Math.min,
+      nativeNow = Date.now,
+      nativeParseInt = context.parseInt,
+      nativeRandom = Math.random,
+      nativeReverse = arrayProto.reverse;
+
+    /* Built-in method references that are verified to be native. */
+    var DataView = getNative(context, 'DataView'),
+      Map = getNative(context, 'Map'),
+      Promise = getNative(context, 'Promise'),
+      Set = getNative(context, 'Set'),
+      WeakMap = getNative(context, 'WeakMap'),
+      nativeCreate = getNative(Object, 'create');
+
+    /** Used to store function metadata. */
+    var metaMap = WeakMap && new WeakMap();
+
+    /** Used to lookup unminified function names. */
+    var realNames = {};
+
+    /** Used to detect maps, sets, and weakmaps. */
+    var dataViewCtorString = toSource(DataView),
+      mapCtorString = toSource(Map),
+      promiseCtorString = toSource(Promise),
+      setCtorString = toSource(Set),
+      weakMapCtorString = toSource(WeakMap);
+
+    /** Used to convert symbols to primitives and strings. */
+    var symbolProto = Symbol ? Symbol.prototype : undefined,
+      symbolValueOf = symbolProto ? symbolProto.valueOf : undefined,
+      symbolToString = symbolProto ? symbolProto.toString : undefined;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a `lodash` object which wraps `value` to enable implicit method
+     * chain sequences. Methods that operate on and return arrays, collections,
+     * and functions can be chained together. Methods that retrieve a single value
+     * or may return a primitive value will automatically end the chain sequence
+     * and return the unwrapped value. Otherwise, the value must be unwrapped
+     * with `_#value`.
+     *
+     * Explicit chain sequences, which must be unwrapped with `_#value`, may be
+     * enabled using `_.chain`.
+     *
+     * The execution of chained methods is lazy, that is, it's deferred until
+     * `_#value` is implicitly or explicitly called.
+     *
+     * Lazy evaluation allows several methods to support shortcut fusion.
+     * Shortcut fusion is an optimization to merge iteratee calls; this avoids
+     * the creation of intermediate arrays and can greatly reduce the number of
+     * iteratee executions. Sections of a chain sequence qualify for shortcut
+     * fusion if the section is applied to an array and iteratees accept only
+     * one argument. The heuristic for whether a section qualifies for shortcut
+     * fusion is subject to change.
+     *
+     * Chaining is supported in custom builds as long as the `_#value` method is
+     * directly or indirectly included in the build.
+     *
+     * In addition to lodash methods, wrappers have `Array` and `String` methods.
+     *
+     * The wrapper `Array` methods are:
+     * `concat`, `join`, `pop`, `push`, `shift`, `sort`, `splice`, and `unshift`
+     *
+     * The wrapper `String` methods are:
+     * `replace` and `split`
+     *
+     * The wrapper methods that support shortcut fusion are:
+     * `at`, `compact`, `drop`, `dropRight`, `dropWhile`, `filter`, `find`,
+     * `findLast`, `head`, `initial`, `last`, `map`, `reject`, `reverse`, `slice`,
+     * `tail`, `take`, `takeRight`, `takeRightWhile`, `takeWhile`, and `toArray`
+     *
+     * The chainable wrapper methods are:
+     * `after`, `ary`, `assign`, `assignIn`, `assignInWith`, `assignWith`, `at`,
+     * `before`, `bind`, `bindAll`, `bindKey`, `castArray`, `chain`, `chunk`,
+     * `commit`, `compact`, `concat`, `conforms`, `constant`, `countBy`, `create`,
+     * `curry`, `debounce`, `defaults`, `defaultsDeep`, `defer`, `delay`,
+     * `difference`, `differenceBy`, `differenceWith`, `drop`, `dropRight`,
+     * `dropRightWhile`, `dropWhile`, `extend`, `extendWith`, `fill`, `filter`,
+     * `flatMap`, `flatMapDeep`, `flatMapDepth`, `flatten`, `flattenDeep`,
+     * `flattenDepth`, `flip`, `flow`, `flowRight`, `fromPairs`, `functions`,
+     * `functionsIn`, `groupBy`, `initial`, `intersection`, `intersectionBy`,
+     * `intersectionWith`, `invert`, `invertBy`, `invokeMap`, `iteratee`, `keyBy`,
+     * `keys`, `keysIn`, `map`, `mapKeys`, `mapValues`, `matches`, `matchesProperty`,
+     * `memoize`, `merge`, `mergeWith`, `method`, `methodOf`, `mixin`, `negate`,
+     * `nthArg`, `omit`, `omitBy`, `once`, `orderBy`, `over`, `overArgs`,
+     * `overEvery`, `overSome`, `partial`, `partialRight`, `partition`, `pick`,
+     * `pickBy`, `plant`, `property`, `propertyOf`, `pull`, `pullAll`, `pullAllBy`,
+     * `pullAllWith`, `pullAt`, `push`, `range`, `rangeRight`, `rearg`, `reject`,
+     * `remove`, `rest`, `reverse`, `sampleSize`, `set`, `setWith`, `shuffle`,
+     * `slice`, `sort`, `sortBy`, `splice`, `spread`, `tail`, `take`, `takeRight`,
+     * `takeRightWhile`, `takeWhile`, `tap`, `throttle`, `thru`, `toArray`,
+     * `toPairs`, `toPairsIn`, `toPath`, `toPlainObject`, `transform`, `unary`,
+     * `union`, `unionBy`, `unionWith`, `uniq`, `uniqBy`, `uniqWith`, `unset`,
+     * `unshift`, `unzip`, `unzipWith`, `update`, `updateWith`, `values`,
+     * `valuesIn`, `without`, `wrap`, `xor`, `xorBy`, `xorWith`, `zip`,
+     * `zipObject`, `zipObjectDeep`, and `zipWith`
+     *
+     * The wrapper methods that are **not** chainable by default are:
+     * `add`, `attempt`, `camelCase`, `capitalize`, `ceil`, `clamp`, `clone`,
+     * `cloneDeep`, `cloneDeepWith`, `cloneWith`, `conformsTo`, `deburr`,
+     * `defaultTo`, `divide`, `each`, `eachRight`, `endsWith`, `eq`, `escape`,
+     * `escapeRegExp`, `every`, `find`, `findIndex`, `findKey`, `findLast`,
+     * `findLastIndex`, `findLastKey`, `first`, `floor`, `forEach`, `forEachRight`,
+     * `forIn`, `forInRight`, `forOwn`, `forOwnRight`, `get`, `gt`, `gte`, `has`,
+     * `hasIn`, `head`, `identity`, `includes`, `indexOf`, `inRange`, `invoke`,
+     * `isArguments`, `isArray`, `isArrayBuffer`, `isArrayLike`, `isArrayLikeObject`,
+     * `isBoolean`, `isBuffer`, `isDate`, `isElement`, `isEmpty`, `isEqual`,
+     * `isEqualWith`, `isError`, `isFinite`, `isFunction`, `isInteger`, `isLength`,
+     * `isMap`, `isMatch`, `isMatchWith`, `isNaN`, `isNative`, `isNil`, `isNull`,
+     * `isNumber`, `isObject`, `isObjectLike`, `isPlainObject`, `isRegExp`,
+     * `isSafeInteger`, `isSet`, `isString`, `isUndefined`, `isTypedArray`,
+     * `isWeakMap`, `isWeakSet`, `join`, `kebabCase`, `last`, `lastIndexOf`,
+     * `lowerCase`, `lowerFirst`, `lt`, `lte`, `max`, `maxBy`, `mean`, `meanBy`,
+     * `min`, `minBy`, `multiply`, `noConflict`, `noop`, `now`, `nth`, `pad`,
+     * `padEnd`, `padStart`, `parseInt`, `pop`, `random`, `reduce`, `reduceRight`,
+     * `repeat`, `result`, `round`, `runInContext`, `sample`, `shift`, `size`,
+     * `snakeCase`, `some`, `sortedIndex`, `sortedIndexBy`, `sortedLastIndex`,
+     * `sortedLastIndexBy`, `startCase`, `startsWith`, `stubArray`, `stubFalse`,
+     * `stubObject`, `stubString`, `stubTrue`, `subtract`, `sum`, `sumBy`,
+     * `template`, `times`, `toFinite`, `toInteger`, `toJSON`, `toLength`,
+     * `toLower`, `toNumber`, `toSafeInteger`, `toString`, `toUpper`, `trim`,
+     * `trimEnd`, `trimStart`, `truncate`, `unescape`, `uniqueId`, `upperCase`,
+     * `upperFirst`, `value`, and `words`
+     *
+     * @name _
+     * @constructor
+     * @category Seq
+     * @param {*} value The value to wrap in a `lodash` instance.
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * var wrapped = _([1, 2, 3]);
+     *
+     * // Returns an unwrapped value.
+     * wrapped.reduce(_.add);
+     * // => 6
+     *
+     * // Returns a wrapped value.
+     * var squares = wrapped.map(square);
+     *
+     * _.isArray(squares);
+     * // => false
+     *
+     * _.isArray(squares.value());
+     * // => true
+     */
+    function lodash(value) {
+      if (isObjectLike(value) && !isArray(value) && !(value instanceof LazyWrapper)) {
+        if (value instanceof LodashWrapper) {
+          return value;
+        }
+        if (hasOwnProperty.call(value, '__wrapped__')) {
+          return wrapperClone(value);
+        }
+      }
+      return new LodashWrapper(value);
+    }
+
+    /**
+     * The base implementation of `_.create` without support for assigning
+     * properties to the created object.
+     *
+     * @private
+     * @param {Object} proto The object to inherit from.
+     * @returns {Object} Returns the new object.
+     */
+    var baseCreate = function () {
+      function object() {}
+      return function (proto) {
+        if (!isObject(proto)) {
+          return {};
+        }
+        if (objectCreate) {
+          return objectCreate(proto);
+        }
+        object.prototype = proto;
+        var result = new object();
+        object.prototype = undefined;
+        return result;
+      };
+    }();
+
+    /**
+     * The function whose prototype chain sequence wrappers inherit from.
+     *
+     * @private
+     */
+    function baseLodash() {
+      // No operation performed.
+    }
+
+    /**
+     * The base constructor for creating `lodash` wrapper objects.
+     *
+     * @private
+     * @param {*} value The value to wrap.
+     * @param {boolean} [chainAll] Enable explicit method chain sequences.
+     */
+    function LodashWrapper(value, chainAll) {
+      this.__wrapped__ = value;
+      this.__actions__ = [];
+      this.__chain__ = !!chainAll;
+      this.__index__ = 0;
+      this.__values__ = undefined;
+    }
+
+    /**
+     * By default, the template delimiters used by lodash are like those in
+     * embedded Ruby (ERB) as well as ES2015 template strings. Change the
+     * following template settings to use alternative delimiters.
+     *
+     * @static
+     * @memberOf _
+     * @type {Object}
+     */
+    lodash.templateSettings = {
+      /**
+       * Used to detect `data` property values to be HTML-escaped.
+       *
+       * @memberOf _.templateSettings
+       * @type {RegExp}
+       */
+      'escape': reEscape,
+      /**
+       * Used to detect code to be evaluated.
+       *
+       * @memberOf _.templateSettings
+       * @type {RegExp}
+       */
+      'evaluate': reEvaluate,
+      /**
+       * Used to detect `data` property values to inject.
+       *
+       * @memberOf _.templateSettings
+       * @type {RegExp}
+       */
+      'interpolate': reInterpolate,
+      /**
+       * Used to reference the data object in the template text.
+       *
+       * @memberOf _.templateSettings
+       * @type {string}
+       */
+      'variable': '',
+      /**
+       * Used to import variables into the compiled template.
+       *
+       * @memberOf _.templateSettings
+       * @type {Object}
+       */
+      'imports': {
+        /**
+         * A reference to the `lodash` function.
+         *
+         * @memberOf _.templateSettings.imports
+         * @type {Function}
+         */
+        '_': lodash
+      }
+    };
+
+    // Ensure wrappers are instances of `baseLodash`.
+    lodash.prototype = baseLodash.prototype;
+    lodash.prototype.constructor = lodash;
+    LodashWrapper.prototype = baseCreate(baseLodash.prototype);
+    LodashWrapper.prototype.constructor = LodashWrapper;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a lazy wrapper object which wraps `value` to enable lazy evaluation.
+     *
+     * @private
+     * @constructor
+     * @param {*} value The value to wrap.
+     */
+    function LazyWrapper(value) {
+      this.__wrapped__ = value;
+      this.__actions__ = [];
+      this.__dir__ = 1;
+      this.__filtered__ = false;
+      this.__iteratees__ = [];
+      this.__takeCount__ = MAX_ARRAY_LENGTH;
+      this.__views__ = [];
+    }
+
+    /**
+     * Creates a clone of the lazy wrapper object.
+     *
+     * @private
+     * @name clone
+     * @memberOf LazyWrapper
+     * @returns {Object} Returns the cloned `LazyWrapper` object.
+     */
+    function lazyClone() {
+      var result = new LazyWrapper(this.__wrapped__);
+      result.__actions__ = copyArray(this.__actions__);
+      result.__dir__ = this.__dir__;
+      result.__filtered__ = this.__filtered__;
+      result.__iteratees__ = copyArray(this.__iteratees__);
+      result.__takeCount__ = this.__takeCount__;
+      result.__views__ = copyArray(this.__views__);
+      return result;
+    }
+
+    /**
+     * Reverses the direction of lazy iteration.
+     *
+     * @private
+     * @name reverse
+     * @memberOf LazyWrapper
+     * @returns {Object} Returns the new reversed `LazyWrapper` object.
+     */
+    function lazyReverse() {
+      if (this.__filtered__) {
+        var result = new LazyWrapper(this);
+        result.__dir__ = -1;
+        result.__filtered__ = true;
+      } else {
+        result = this.clone();
+        result.__dir__ *= -1;
+      }
+      return result;
+    }
+
+    /**
+     * Extracts the unwrapped value from its lazy wrapper.
+     *
+     * @private
+     * @name value
+     * @memberOf LazyWrapper
+     * @returns {*} Returns the unwrapped value.
+     */
+    function lazyValue() {
+      var array = this.__wrapped__.value(),
+        dir = this.__dir__,
+        isArr = isArray(array),
+        isRight = dir < 0,
+        arrLength = isArr ? array.length : 0,
+        view = getView(0, arrLength, this.__views__),
+        start = view.start,
+        end = view.end,
+        length = end - start,
+        index = isRight ? end : start - 1,
+        iteratees = this.__iteratees__,
+        iterLength = iteratees.length,
+        resIndex = 0,
+        takeCount = nativeMin(length, this.__takeCount__);
+      if (!isArr || !isRight && arrLength == length && takeCount == length) {
+        return baseWrapperValue(array, this.__actions__);
+      }
+      var result = [];
+      outer: while (length-- && resIndex < takeCount) {
+        index += dir;
+        var iterIndex = -1,
+          value = array[index];
+        while (++iterIndex < iterLength) {
+          var data = iteratees[iterIndex],
+            iteratee = data.iteratee,
+            type = data.type,
+            computed = iteratee(value);
+          if (type == LAZY_MAP_FLAG) {
+            value = computed;
+          } else if (!computed) {
+            if (type == LAZY_FILTER_FLAG) {
+              continue outer;
+            } else {
+              break outer;
+            }
+          }
+        }
+        result[resIndex++] = value;
+      }
+      return result;
+    }
+
+    // Ensure `LazyWrapper` is an instance of `baseLodash`.
+    LazyWrapper.prototype = baseCreate(baseLodash.prototype);
+    LazyWrapper.prototype.constructor = LazyWrapper;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a hash object.
+     *
+     * @private
+     * @constructor
+     * @param {Array} [entries] The key-value pairs to cache.
+     */
+    function Hash(entries) {
+      var index = -1,
+        length = entries == null ? 0 : entries.length;
+      this.clear();
+      while (++index < length) {
+        var entry = entries[index];
+        this.set(entry[0], entry[1]);
+      }
+    }
+
+    /**
+     * Removes all key-value entries from the hash.
+     *
+     * @private
+     * @name clear
+     * @memberOf Hash
+     */
+    function hashClear() {
+      this.__data__ = nativeCreate ? nativeCreate(null) : {};
+      this.size = 0;
+    }
+
+    /**
+     * Removes `key` and its value from the hash.
+     *
+     * @private
+     * @name delete
+     * @memberOf Hash
+     * @param {Object} hash The hash to modify.
+     * @param {string} key The key of the value to remove.
+     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
+     */
+    function hashDelete(key) {
+      var result = this.has(key) && delete this.__data__[key];
+      this.size -= result ? 1 : 0;
+      return result;
+    }
+
+    /**
+     * Gets the hash value for `key`.
+     *
+     * @private
+     * @name get
+     * @memberOf Hash
+     * @param {string} key The key of the value to get.
+     * @returns {*} Returns the entry value.
+     */
+    function hashGet(key) {
+      var data = this.__data__;
+      if (nativeCreate) {
+        var result = data[key];
+        return result === HASH_UNDEFINED ? undefined : result;
+      }
+      return hasOwnProperty.call(data, key) ? data[key] : undefined;
+    }
+
+    /**
+     * Checks if a hash value for `key` exists.
+     *
+     * @private
+     * @name has
+     * @memberOf Hash
+     * @param {string} key The key of the entry to check.
+     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
+     */
+    function hashHas(key) {
+      var data = this.__data__;
+      return nativeCreate ? data[key] !== undefined : hasOwnProperty.call(data, key);
+    }
+
+    /**
+     * Sets the hash `key` to `value`.
+     *
+     * @private
+     * @name set
+     * @memberOf Hash
+     * @param {string} key The key of the value to set.
+     * @param {*} value The value to set.
+     * @returns {Object} Returns the hash instance.
+     */
+    function hashSet(key, value) {
+      var data = this.__data__;
+      this.size += this.has(key) ? 0 : 1;
+      data[key] = nativeCreate && value === undefined ? HASH_UNDEFINED : value;
+      return this;
+    }
+
+    // Add methods to `Hash`.
+    Hash.prototype.clear = hashClear;
+    Hash.prototype['delete'] = hashDelete;
+    Hash.prototype.get = hashGet;
+    Hash.prototype.has = hashHas;
+    Hash.prototype.set = hashSet;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates an list cache object.
+     *
+     * @private
+     * @constructor
+     * @param {Array} [entries] The key-value pairs to cache.
+     */
+    function ListCache(entries) {
+      var index = -1,
+        length = entries == null ? 0 : entries.length;
+      this.clear();
+      while (++index < length) {
+        var entry = entries[index];
+        this.set(entry[0], entry[1]);
+      }
+    }
+
+    /**
+     * Removes all key-value entries from the list cache.
+     *
+     * @private
+     * @name clear
+     * @memberOf ListCache
+     */
+    function listCacheClear() {
+      this.__data__ = [];
+      this.size = 0;
+    }
+
+    /**
+     * Removes `key` and its value from the list cache.
+     *
+     * @private
+     * @name delete
+     * @memberOf ListCache
+     * @param {string} key The key of the value to remove.
+     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
+     */
+    function listCacheDelete(key) {
+      var data = this.__data__,
+        index = assocIndexOf(data, key);
+      if (index < 0) {
+        return false;
+      }
+      var lastIndex = data.length - 1;
+      if (index == lastIndex) {
+        data.pop();
+      } else {
+        splice.call(data, index, 1);
+      }
+      --this.size;
+      return true;
+    }
+
+    /**
+     * Gets the list cache value for `key`.
+     *
+     * @private
+     * @name get
+     * @memberOf ListCache
+     * @param {string} key The key of the value to get.
+     * @returns {*} Returns the entry value.
+     */
+    function listCacheGet(key) {
+      var data = this.__data__,
+        index = assocIndexOf(data, key);
+      return index < 0 ? undefined : data[index][1];
+    }
+
+    /**
+     * Checks if a list cache value for `key` exists.
+     *
+     * @private
+     * @name has
+     * @memberOf ListCache
+     * @param {string} key The key of the entry to check.
+     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
+     */
+    function listCacheHas(key) {
+      return assocIndexOf(this.__data__, key) > -1;
+    }
+
+    /**
+     * Sets the list cache `key` to `value`.
+     *
+     * @private
+     * @name set
+     * @memberOf ListCache
+     * @param {string} key The key of the value to set.
+     * @param {*} value The value to set.
+     * @returns {Object} Returns the list cache instance.
+     */
+    function listCacheSet(key, value) {
+      var data = this.__data__,
+        index = assocIndexOf(data, key);
+      if (index < 0) {
+        ++this.size;
+        data.push([key, value]);
+      } else {
+        data[index][1] = value;
+      }
+      return this;
+    }
+
+    // Add methods to `ListCache`.
+    ListCache.prototype.clear = listCacheClear;
+    ListCache.prototype['delete'] = listCacheDelete;
+    ListCache.prototype.get = listCacheGet;
+    ListCache.prototype.has = listCacheHas;
+    ListCache.prototype.set = listCacheSet;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a map cache object to store key-value pairs.
+     *
+     * @private
+     * @constructor
+     * @param {Array} [entries] The key-value pairs to cache.
+     */
+    function MapCache(entries) {
+      var index = -1,
+        length = entries == null ? 0 : entries.length;
+      this.clear();
+      while (++index < length) {
+        var entry = entries[index];
+        this.set(entry[0], entry[1]);
+      }
+    }
+
+    /**
+     * Removes all key-value entries from the map.
+     *
+     * @private
+     * @name clear
+     * @memberOf MapCache
+     */
+    function mapCacheClear() {
+      this.size = 0;
+      this.__data__ = {
+        'hash': new Hash(),
+        'map': new (Map || ListCache)(),
+        'string': new Hash()
+      };
+    }
+
+    /**
+     * Removes `key` and its value from the map.
+     *
+     * @private
+     * @name delete
+     * @memberOf MapCache
+     * @param {string} key The key of the value to remove.
+     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
+     */
+    function mapCacheDelete(key) {
+      var result = getMapData(this, key)['delete'](key);
+      this.size -= result ? 1 : 0;
+      return result;
+    }
+
+    /**
+     * Gets the map value for `key`.
+     *
+     * @private
+     * @name get
+     * @memberOf MapCache
+     * @param {string} key The key of the value to get.
+     * @returns {*} Returns the entry value.
+     */
+    function mapCacheGet(key) {
+      return getMapData(this, key).get(key);
+    }
+
+    /**
+     * Checks if a map value for `key` exists.
+     *
+     * @private
+     * @name has
+     * @memberOf MapCache
+     * @param {string} key The key of the entry to check.
+     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
+     */
+    function mapCacheHas(key) {
+      return getMapData(this, key).has(key);
+    }
+
+    /**
+     * Sets the map `key` to `value`.
+     *
+     * @private
+     * @name set
+     * @memberOf MapCache
+     * @param {string} key The key of the value to set.
+     * @param {*} value The value to set.
+     * @returns {Object} Returns the map cache instance.
+     */
+    function mapCacheSet(key, value) {
+      var data = getMapData(this, key),
+        size = data.size;
+      data.set(key, value);
+      this.size += data.size == size ? 0 : 1;
+      return this;
+    }
+
+    // Add methods to `MapCache`.
+    MapCache.prototype.clear = mapCacheClear;
+    MapCache.prototype['delete'] = mapCacheDelete;
+    MapCache.prototype.get = mapCacheGet;
+    MapCache.prototype.has = mapCacheHas;
+    MapCache.prototype.set = mapCacheSet;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     *
+     * Creates an array cache object to store unique values.
+     *
+     * @private
+     * @constructor
+     * @param {Array} [values] The values to cache.
+     */
+    function SetCache(values) {
+      var index = -1,
+        length = values == null ? 0 : values.length;
+      this.__data__ = new MapCache();
+      while (++index < length) {
+        this.add(values[index]);
+      }
+    }
+
+    /**
+     * Adds `value` to the array cache.
+     *
+     * @private
+     * @name add
+     * @memberOf SetCache
+     * @alias push
+     * @param {*} value The value to cache.
+     * @returns {Object} Returns the cache instance.
+     */
+    function setCacheAdd(value) {
+      this.__data__.set(value, HASH_UNDEFINED);
+      return this;
+    }
+
+    /**
+     * Checks if `value` is in the array cache.
+     *
+     * @private
+     * @name has
+     * @memberOf SetCache
+     * @param {*} value The value to search for.
+     * @returns {number} Returns `true` if `value` is found, else `false`.
+     */
+    function setCacheHas(value) {
+      return this.__data__.has(value);
+    }
+
+    // Add methods to `SetCache`.
+    SetCache.prototype.add = SetCache.prototype.push = setCacheAdd;
+    SetCache.prototype.has = setCacheHas;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a stack cache object to store key-value pairs.
+     *
+     * @private
+     * @constructor
+     * @param {Array} [entries] The key-value pairs to cache.
+     */
+    function Stack(entries) {
+      var data = this.__data__ = new ListCache(entries);
+      this.size = data.size;
+    }
+
+    /**
+     * Removes all key-value entries from the stack.
+     *
+     * @private
+     * @name clear
+     * @memberOf Stack
+     */
+    function stackClear() {
+      this.__data__ = new ListCache();
+      this.size = 0;
+    }
+
+    /**
+     * Removes `key` and its value from the stack.
+     *
+     * @private
+     * @name delete
+     * @memberOf Stack
+     * @param {string} key The key of the value to remove.
+     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
+     */
+    function stackDelete(key) {
+      var data = this.__data__,
+        result = data['delete'](key);
+      this.size = data.size;
+      return result;
+    }
+
+    /**
+     * Gets the stack value for `key`.
+     *
+     * @private
+     * @name get
+     * @memberOf Stack
+     * @param {string} key The key of the value to get.
+     * @returns {*} Returns the entry value.
+     */
+    function stackGet(key) {
+      return this.__data__.get(key);
+    }
+
+    /**
+     * Checks if a stack value for `key` exists.
+     *
+     * @private
+     * @name has
+     * @memberOf Stack
+     * @param {string} key The key of the entry to check.
+     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
+     */
+    function stackHas(key) {
+      return this.__data__.has(key);
+    }
+
+    /**
+     * Sets the stack `key` to `value`.
+     *
+     * @private
+     * @name set
+     * @memberOf Stack
+     * @param {string} key The key of the value to set.
+     * @param {*} value The value to set.
+     * @returns {Object} Returns the stack cache instance.
+     */
+    function stackSet(key, value) {
+      var data = this.__data__;
+      if (data instanceof ListCache) {
+        var pairs = data.__data__;
+        if (!Map || pairs.length < LARGE_ARRAY_SIZE - 1) {
+          pairs.push([key, value]);
+          this.size = ++data.size;
+          return this;
+        }
+        data = this.__data__ = new MapCache(pairs);
+      }
+      data.set(key, value);
+      this.size = data.size;
+      return this;
+    }
+
+    // Add methods to `Stack`.
+    Stack.prototype.clear = stackClear;
+    Stack.prototype['delete'] = stackDelete;
+    Stack.prototype.get = stackGet;
+    Stack.prototype.has = stackHas;
+    Stack.prototype.set = stackSet;
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates an array of the enumerable property names of the array-like `value`.
+     *
+     * @private
+     * @param {*} value The value to query.
+     * @param {boolean} inherited Specify returning inherited property names.
+     * @returns {Array} Returns the array of property names.
+     */
+    function arrayLikeKeys(value, inherited) {
+      var isArr = isArray(value),
+        isArg = !isArr && isArguments(value),
+        isBuff = !isArr && !isArg && isBuffer(value),
+        isType = !isArr && !isArg && !isBuff && isTypedArray(value),
+        skipIndexes = isArr || isArg || isBuff || isType,
+        result = skipIndexes ? baseTimes(value.length, String) : [],
+        length = result.length;
+      for (var key in value) {
+        if ((inherited || hasOwnProperty.call(value, key)) && !(skipIndexes && (
+        // Safari 9 has enumerable `arguments.length` in strict mode.
+        key == 'length' ||
+        // Node.js 0.10 has enumerable non-index properties on buffers.
+        isBuff && (key == 'offset' || key == 'parent') ||
+        // PhantomJS 2 has enumerable non-index properties on typed arrays.
+        isType && (key == 'buffer' || key == 'byteLength' || key == 'byteOffset') ||
+        // Skip index properties.
+        isIndex(key, length)))) {
+          result.push(key);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * A specialized version of `_.sample` for arrays.
+     *
+     * @private
+     * @param {Array} array The array to sample.
+     * @returns {*} Returns the random element.
+     */
+    function arraySample(array) {
+      var length = array.length;
+      return length ? array[baseRandom(0, length - 1)] : undefined;
+    }
+
+    /**
+     * A specialized version of `_.sampleSize` for arrays.
+     *
+     * @private
+     * @param {Array} array The array to sample.
+     * @param {number} n The number of elements to sample.
+     * @returns {Array} Returns the random elements.
+     */
+    function arraySampleSize(array, n) {
+      return shuffleSelf(copyArray(array), baseClamp(n, 0, array.length));
+    }
+
+    /**
+     * A specialized version of `_.shuffle` for arrays.
+     *
+     * @private
+     * @param {Array} array The array to shuffle.
+     * @returns {Array} Returns the new shuffled array.
+     */
+    function arrayShuffle(array) {
+      return shuffleSelf(copyArray(array));
+    }
+
+    /**
+     * This function is like `assignValue` except that it doesn't assign
+     * `undefined` values.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {string} key The key of the property to assign.
+     * @param {*} value The value to assign.
+     */
+    function assignMergeValue(object, key, value) {
+      if (value !== undefined && !eq(object[key], value) || value === undefined && !(key in object)) {
+        baseAssignValue(object, key, value);
+      }
+    }
+
+    /**
+     * Assigns `value` to `key` of `object` if the existing value is not equivalent
+     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {string} key The key of the property to assign.
+     * @param {*} value The value to assign.
+     */
+    function assignValue(object, key, value) {
+      var objValue = object[key];
+      if (!(hasOwnProperty.call(object, key) && eq(objValue, value)) || value === undefined && !(key in object)) {
+        baseAssignValue(object, key, value);
+      }
+    }
+
+    /**
+     * Gets the index at which the `key` is found in `array` of key-value pairs.
+     *
+     * @private
+     * @param {Array} array The array to inspect.
+     * @param {*} key The key to search for.
+     * @returns {number} Returns the index of the matched value, else `-1`.
+     */
+    function assocIndexOf(array, key) {
+      var length = array.length;
+      while (length--) {
+        if (eq(array[length][0], key)) {
+          return length;
+        }
+      }
+      return -1;
+    }
+
+    /**
+     * Aggregates elements of `collection` on `accumulator` with keys transformed
+     * by `iteratee` and values set by `setter`.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} setter The function to set `accumulator` values.
+     * @param {Function} iteratee The iteratee to transform keys.
+     * @param {Object} accumulator The initial aggregated object.
+     * @returns {Function} Returns `accumulator`.
+     */
+    function baseAggregator(collection, setter, iteratee, accumulator) {
+      baseEach(collection, function (value, key, collection) {
+        setter(accumulator, value, iteratee(value), collection);
+      });
+      return accumulator;
+    }
+
+    /**
+     * The base implementation of `_.assign` without support for multiple sources
+     * or `customizer` functions.
+     *
+     * @private
+     * @param {Object} object The destination object.
+     * @param {Object} source The source object.
+     * @returns {Object} Returns `object`.
+     */
+    function baseAssign(object, source) {
+      return object && copyObject(source, keys(source), object);
+    }
+
+    /**
+     * The base implementation of `_.assignIn` without support for multiple sources
+     * or `customizer` functions.
+     *
+     * @private
+     * @param {Object} object The destination object.
+     * @param {Object} source The source object.
+     * @returns {Object} Returns `object`.
+     */
+    function baseAssignIn(object, source) {
+      return object && copyObject(source, keysIn(source), object);
+    }
+
+    /**
+     * The base implementation of `assignValue` and `assignMergeValue` without
+     * value checks.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {string} key The key of the property to assign.
+     * @param {*} value The value to assign.
+     */
+    function baseAssignValue(object, key, value) {
+      if (key == '__proto__' && defineProperty) {
+        defineProperty(object, key, {
+          'configurable': true,
+          'enumerable': true,
+          'value': value,
+          'writable': true
+        });
+      } else {
+        object[key] = value;
+      }
+    }
+
+    /**
+     * The base implementation of `_.at` without support for individual paths.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {string[]} paths The property paths to pick.
+     * @returns {Array} Returns the picked elements.
+     */
+    function baseAt(object, paths) {
+      var index = -1,
+        length = paths.length,
+        result = Array(length),
+        skip = object == null;
+      while (++index < length) {
+        result[index] = skip ? undefined : get(object, paths[index]);
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.clamp` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {number} number The number to clamp.
+     * @param {number} [lower] The lower bound.
+     * @param {number} upper The upper bound.
+     * @returns {number} Returns the clamped number.
+     */
+    function baseClamp(number, lower, upper) {
+      if (number === number) {
+        if (upper !== undefined) {
+          number = number <= upper ? number : upper;
+        }
+        if (lower !== undefined) {
+          number = number >= lower ? number : lower;
+        }
+      }
+      return number;
+    }
+
+    /**
+     * The base implementation of `_.clone` and `_.cloneDeep` which tracks
+     * traversed objects.
+     *
+     * @private
+     * @param {*} value The value to clone.
+     * @param {boolean} bitmask The bitmask flags.
+     *  1 - Deep clone
+     *  2 - Flatten inherited properties
+     *  4 - Clone symbols
+     * @param {Function} [customizer] The function to customize cloning.
+     * @param {string} [key] The key of `value`.
+     * @param {Object} [object] The parent object of `value`.
+     * @param {Object} [stack] Tracks traversed objects and their clone counterparts.
+     * @returns {*} Returns the cloned value.
+     */
+    function baseClone(value, bitmask, customizer, key, object, stack) {
+      var result,
+        isDeep = bitmask & CLONE_DEEP_FLAG,
+        isFlat = bitmask & CLONE_FLAT_FLAG,
+        isFull = bitmask & CLONE_SYMBOLS_FLAG;
+      if (customizer) {
+        result = object ? customizer(value, key, object, stack) : customizer(value);
+      }
+      if (result !== undefined) {
+        return result;
+      }
+      if (!isObject(value)) {
+        return value;
+      }
+      var isArr = isArray(value);
+      if (isArr) {
+        result = initCloneArray(value);
+        if (!isDeep) {
+          return copyArray(value, result);
+        }
+      } else {
+        var tag = getTag(value),
+          isFunc = tag == funcTag || tag == genTag;
+        if (isBuffer(value)) {
+          return cloneBuffer(value, isDeep);
+        }
+        if (tag == objectTag || tag == argsTag || isFunc && !object) {
+          result = isFlat || isFunc ? {} : initCloneObject(value);
+          if (!isDeep) {
+            return isFlat ? copySymbolsIn(value, baseAssignIn(result, value)) : copySymbols(value, baseAssign(result, value));
+          }
+        } else {
+          if (!cloneableTags[tag]) {
+            return object ? value : {};
+          }
+          result = initCloneByTag(value, tag, isDeep);
+        }
+      }
+      // Check for circular references and return its corresponding clone.
+      stack || (stack = new Stack());
+      var stacked = stack.get(value);
+      if (stacked) {
+        return stacked;
+      }
+      stack.set(value, result);
+      if (isSet(value)) {
+        value.forEach(function (subValue) {
+          result.add(baseClone(subValue, bitmask, customizer, subValue, value, stack));
+        });
+      } else if (isMap(value)) {
+        value.forEach(function (subValue, key) {
+          result.set(key, baseClone(subValue, bitmask, customizer, key, value, stack));
+        });
+      }
+      var keysFunc = isFull ? isFlat ? getAllKeysIn : getAllKeys : isFlat ? keysIn : keys;
+      var props = isArr ? undefined : keysFunc(value);
+      arrayEach(props || value, function (subValue, key) {
+        if (props) {
+          key = subValue;
+          subValue = value[key];
+        }
+        // Recursively populate clone (susceptible to call stack limits).
+        assignValue(result, key, baseClone(subValue, bitmask, customizer, key, value, stack));
+      });
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.conforms` which doesn't clone `source`.
+     *
+     * @private
+     * @param {Object} source The object of property predicates to conform to.
+     * @returns {Function} Returns the new spec function.
+     */
+    function baseConforms(source) {
+      var props = keys(source);
+      return function (object) {
+        return baseConformsTo(object, source, props);
+      };
+    }
+
+    /**
+     * The base implementation of `_.conformsTo` which accepts `props` to check.
+     *
+     * @private
+     * @param {Object} object The object to inspect.
+     * @param {Object} source The object of property predicates to conform to.
+     * @returns {boolean} Returns `true` if `object` conforms, else `false`.
+     */
+    function baseConformsTo(object, source, props) {
+      var length = props.length;
+      if (object == null) {
+        return !length;
+      }
+      object = Object(object);
+      while (length--) {
+        var key = props[length],
+          predicate = source[key],
+          value = object[key];
+        if (value === undefined && !(key in object) || !predicate(value)) {
+          return false;
+        }
+      }
+      return true;
+    }
+
+    /**
+     * The base implementation of `_.delay` and `_.defer` which accepts `args`
+     * to provide to `func`.
+     *
+     * @private
+     * @param {Function} func The function to delay.
+     * @param {number} wait The number of milliseconds to delay invocation.
+     * @param {Array} args The arguments to provide to `func`.
+     * @returns {number|Object} Returns the timer id or timeout object.
+     */
+    function baseDelay(func, wait, args) {
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      return setTimeout(function () {
+        func.apply(undefined, args);
+      }, wait);
+    }
+
+    /**
+     * The base implementation of methods like `_.difference` without support
+     * for excluding multiple arrays or iteratee shorthands.
+     *
+     * @private
+     * @param {Array} array The array to inspect.
+     * @param {Array} values The values to exclude.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of filtered values.
+     */
+    function baseDifference(array, values, iteratee, comparator) {
+      var index = -1,
+        includes = arrayIncludes,
+        isCommon = true,
+        length = array.length,
+        result = [],
+        valuesLength = values.length;
+      if (!length) {
+        return result;
+      }
+      if (iteratee) {
+        values = arrayMap(values, baseUnary(iteratee));
+      }
+      if (comparator) {
+        includes = arrayIncludesWith;
+        isCommon = false;
+      } else if (values.length >= LARGE_ARRAY_SIZE) {
+        includes = cacheHas;
+        isCommon = false;
+        values = new SetCache(values);
+      }
+      outer: while (++index < length) {
+        var value = array[index],
+          computed = iteratee == null ? value : iteratee(value);
+        value = comparator || value !== 0 ? value : 0;
+        if (isCommon && computed === computed) {
+          var valuesIndex = valuesLength;
+          while (valuesIndex--) {
+            if (values[valuesIndex] === computed) {
+              continue outer;
+            }
+          }
+          result.push(value);
+        } else if (!includes(values, computed, comparator)) {
+          result.push(value);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.forEach` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @returns {Array|Object} Returns `collection`.
+     */
+    var baseEach = createBaseEach(baseForOwn);
+
+    /**
+     * The base implementation of `_.forEachRight` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @returns {Array|Object} Returns `collection`.
+     */
+    var baseEachRight = createBaseEach(baseForOwnRight, true);
+
+    /**
+     * The base implementation of `_.every` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} predicate The function invoked per iteration.
+     * @returns {boolean} Returns `true` if all elements pass the predicate check,
+     *  else `false`
+     */
+    function baseEvery(collection, predicate) {
+      var result = true;
+      baseEach(collection, function (value, index, collection) {
+        result = !!predicate(value, index, collection);
+        return result;
+      });
+      return result;
+    }
+
+    /**
+     * The base implementation of methods like `_.max` and `_.min` which accepts a
+     * `comparator` to determine the extremum value.
+     *
+     * @private
+     * @param {Array} array The array to iterate over.
+     * @param {Function} iteratee The iteratee invoked per iteration.
+     * @param {Function} comparator The comparator used to compare values.
+     * @returns {*} Returns the extremum value.
+     */
+    function baseExtremum(array, iteratee, comparator) {
+      var index = -1,
+        length = array.length;
+      while (++index < length) {
+        var value = array[index],
+          current = iteratee(value);
+        if (current != null && (computed === undefined ? current === current && !isSymbol(current) : comparator(current, computed))) {
+          var computed = current,
+            result = value;
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.fill` without an iteratee call guard.
+     *
+     * @private
+     * @param {Array} array The array to fill.
+     * @param {*} value The value to fill `array` with.
+     * @param {number} [start=0] The start position.
+     * @param {number} [end=array.length] The end position.
+     * @returns {Array} Returns `array`.
+     */
+    function baseFill(array, value, start, end) {
+      var length = array.length;
+      start = toInteger(start);
+      if (start < 0) {
+        start = -start > length ? 0 : length + start;
+      }
+      end = end === undefined || end > length ? length : toInteger(end);
+      if (end < 0) {
+        end += length;
+      }
+      end = start > end ? 0 : toLength(end);
+      while (start < end) {
+        array[start++] = value;
+      }
+      return array;
+    }
+
+    /**
+     * The base implementation of `_.filter` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} predicate The function invoked per iteration.
+     * @returns {Array} Returns the new filtered array.
+     */
+    function baseFilter(collection, predicate) {
+      var result = [];
+      baseEach(collection, function (value, index, collection) {
+        if (predicate(value, index, collection)) {
+          result.push(value);
+        }
+      });
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.flatten` with support for restricting flattening.
+     *
+     * @private
+     * @param {Array} array The array to flatten.
+     * @param {number} depth The maximum recursion depth.
+     * @param {boolean} [predicate=isFlattenable] The function invoked per iteration.
+     * @param {boolean} [isStrict] Restrict to values that pass `predicate` checks.
+     * @param {Array} [result=[]] The initial result value.
+     * @returns {Array} Returns the new flattened array.
+     */
+    function baseFlatten(array, depth, predicate, isStrict, result) {
+      var index = -1,
+        length = array.length;
+      predicate || (predicate = isFlattenable);
+      result || (result = []);
+      while (++index < length) {
+        var value = array[index];
+        if (depth > 0 && predicate(value)) {
+          if (depth > 1) {
+            // Recursively flatten arrays (susceptible to call stack limits).
+            baseFlatten(value, depth - 1, predicate, isStrict, result);
+          } else {
+            arrayPush(result, value);
+          }
+        } else if (!isStrict) {
+          result[result.length] = value;
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `baseForOwn` which iterates over `object`
+     * properties returned by `keysFunc` and invokes `iteratee` for each property.
+     * Iteratee functions may exit iteration early by explicitly returning `false`.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @param {Function} keysFunc The function to get the keys of `object`.
+     * @returns {Object} Returns `object`.
+     */
+    var baseFor = createBaseFor();
+
+    /**
+     * This function is like `baseFor` except that it iterates over properties
+     * in the opposite order.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @param {Function} keysFunc The function to get the keys of `object`.
+     * @returns {Object} Returns `object`.
+     */
+    var baseForRight = createBaseFor(true);
+
+    /**
+     * The base implementation of `_.forOwn` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     */
+    function baseForOwn(object, iteratee) {
+      return object && baseFor(object, iteratee, keys);
+    }
+
+    /**
+     * The base implementation of `_.forOwnRight` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     */
+    function baseForOwnRight(object, iteratee) {
+      return object && baseForRight(object, iteratee, keys);
+    }
+
+    /**
+     * The base implementation of `_.functions` which creates an array of
+     * `object` function property names filtered from `props`.
+     *
+     * @private
+     * @param {Object} object The object to inspect.
+     * @param {Array} props The property names to filter.
+     * @returns {Array} Returns the function names.
+     */
+    function baseFunctions(object, props) {
+      return arrayFilter(props, function (key) {
+        return isFunction(object[key]);
+      });
+    }
+
+    /**
+     * The base implementation of `_.get` without support for default values.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path of the property to get.
+     * @returns {*} Returns the resolved value.
+     */
+    function baseGet(object, path) {
+      path = castPath(path, object);
+      var index = 0,
+        length = path.length;
+      while (object != null && index < length) {
+        object = object[toKey(path[index++])];
+      }
+      return index && index == length ? object : undefined;
+    }
+
+    /**
+     * The base implementation of `getAllKeys` and `getAllKeysIn` which uses
+     * `keysFunc` and `symbolsFunc` to get the enumerable property names and
+     * symbols of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {Function} keysFunc The function to get the keys of `object`.
+     * @param {Function} symbolsFunc The function to get the symbols of `object`.
+     * @returns {Array} Returns the array of property names and symbols.
+     */
+    function baseGetAllKeys(object, keysFunc, symbolsFunc) {
+      var result = keysFunc(object);
+      return isArray(object) ? result : arrayPush(result, symbolsFunc(object));
+    }
+
+    /**
+     * The base implementation of `getTag` without fallbacks for buggy environments.
+     *
+     * @private
+     * @param {*} value The value to query.
+     * @returns {string} Returns the `toStringTag`.
+     */
+    function baseGetTag(value) {
+      if (value == null) {
+        return value === undefined ? undefinedTag : nullTag;
+      }
+      return symToStringTag && symToStringTag in Object(value) ? getRawTag(value) : objectToString(value);
+    }
+
+    /**
+     * The base implementation of `_.gt` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is greater than `other`,
+     *  else `false`.
+     */
+    function baseGt(value, other) {
+      return value > other;
+    }
+
+    /**
+     * The base implementation of `_.has` without support for deep paths.
+     *
+     * @private
+     * @param {Object} [object] The object to query.
+     * @param {Array|string} key The key to check.
+     * @returns {boolean} Returns `true` if `key` exists, else `false`.
+     */
+    function baseHas(object, key) {
+      return object != null && hasOwnProperty.call(object, key);
+    }
+
+    /**
+     * The base implementation of `_.hasIn` without support for deep paths.
+     *
+     * @private
+     * @param {Object} [object] The object to query.
+     * @param {Array|string} key The key to check.
+     * @returns {boolean} Returns `true` if `key` exists, else `false`.
+     */
+    function baseHasIn(object, key) {
+      return object != null && key in Object(object);
+    }
+
+    /**
+     * The base implementation of `_.inRange` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {number} number The number to check.
+     * @param {number} start The start of the range.
+     * @param {number} end The end of the range.
+     * @returns {boolean} Returns `true` if `number` is in the range, else `false`.
+     */
+    function baseInRange(number, start, end) {
+      return number >= nativeMin(start, end) && number < nativeMax(start, end);
+    }
+
+    /**
+     * The base implementation of methods like `_.intersection`, without support
+     * for iteratee shorthands, that accepts an array of arrays to inspect.
+     *
+     * @private
+     * @param {Array} arrays The arrays to inspect.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of shared values.
+     */
+    function baseIntersection(arrays, iteratee, comparator) {
+      var includes = comparator ? arrayIncludesWith : arrayIncludes,
+        length = arrays[0].length,
+        othLength = arrays.length,
+        othIndex = othLength,
+        caches = Array(othLength),
+        maxLength = Infinity,
+        result = [];
+      while (othIndex--) {
+        var array = arrays[othIndex];
+        if (othIndex && iteratee) {
+          array = arrayMap(array, baseUnary(iteratee));
+        }
+        maxLength = nativeMin(array.length, maxLength);
+        caches[othIndex] = !comparator && (iteratee || length >= 120 && array.length >= 120) ? new SetCache(othIndex && array) : undefined;
+      }
+      array = arrays[0];
+      var index = -1,
+        seen = caches[0];
+      outer: while (++index < length && result.length < maxLength) {
+        var value = array[index],
+          computed = iteratee ? iteratee(value) : value;
+        value = comparator || value !== 0 ? value : 0;
+        if (!(seen ? cacheHas(seen, computed) : includes(result, computed, comparator))) {
+          othIndex = othLength;
+          while (--othIndex) {
+            var cache = caches[othIndex];
+            if (!(cache ? cacheHas(cache, computed) : includes(arrays[othIndex], computed, comparator))) {
+              continue outer;
+            }
+          }
+          if (seen) {
+            seen.push(computed);
+          }
+          result.push(value);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.invert` and `_.invertBy` which inverts
+     * `object` with values transformed by `iteratee` and set by `setter`.
+     *
+     * @private
+     * @param {Object} object The object to iterate over.
+     * @param {Function} setter The function to set `accumulator` values.
+     * @param {Function} iteratee The iteratee to transform values.
+     * @param {Object} accumulator The initial inverted object.
+     * @returns {Function} Returns `accumulator`.
+     */
+    function baseInverter(object, setter, iteratee, accumulator) {
+      baseForOwn(object, function (value, key, object) {
+        setter(accumulator, iteratee(value), key, object);
+      });
+      return accumulator;
+    }
+
+    /**
+     * The base implementation of `_.invoke` without support for individual
+     * method arguments.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path of the method to invoke.
+     * @param {Array} args The arguments to invoke the method with.
+     * @returns {*} Returns the result of the invoked method.
+     */
+    function baseInvoke(object, path, args) {
+      path = castPath(path, object);
+      object = parent(object, path);
+      var func = object == null ? object : object[toKey(last(path))];
+      return func == null ? undefined : apply(func, object, args);
+    }
+
+    /**
+     * The base implementation of `_.isArguments`.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an `arguments` object,
+     */
+    function baseIsArguments(value) {
+      return isObjectLike(value) && baseGetTag(value) == argsTag;
+    }
+
+    /**
+     * The base implementation of `_.isArrayBuffer` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an array buffer, else `false`.
+     */
+    function baseIsArrayBuffer(value) {
+      return isObjectLike(value) && baseGetTag(value) == arrayBufferTag;
+    }
+
+    /**
+     * The base implementation of `_.isDate` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a date object, else `false`.
+     */
+    function baseIsDate(value) {
+      return isObjectLike(value) && baseGetTag(value) == dateTag;
+    }
+
+    /**
+     * The base implementation of `_.isEqual` which supports partial comparisons
+     * and tracks traversed objects.
+     *
+     * @private
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @param {boolean} bitmask The bitmask flags.
+     *  1 - Unordered comparison
+     *  2 - Partial comparison
+     * @param {Function} [customizer] The function to customize comparisons.
+     * @param {Object} [stack] Tracks traversed `value` and `other` objects.
+     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
+     */
+    function baseIsEqual(value, other, bitmask, customizer, stack) {
+      if (value === other) {
+        return true;
+      }
+      if (value == null || other == null || !isObjectLike(value) && !isObjectLike(other)) {
+        return value !== value && other !== other;
+      }
+      return baseIsEqualDeep(value, other, bitmask, customizer, baseIsEqual, stack);
+    }
+
+    /**
+     * A specialized version of `baseIsEqual` for arrays and objects which performs
+     * deep comparisons and tracks traversed objects enabling objects with circular
+     * references to be compared.
+     *
+     * @private
+     * @param {Object} object The object to compare.
+     * @param {Object} other The other object to compare.
+     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
+     * @param {Function} customizer The function to customize comparisons.
+     * @param {Function} equalFunc The function to determine equivalents of values.
+     * @param {Object} [stack] Tracks traversed `object` and `other` objects.
+     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
+     */
+    function baseIsEqualDeep(object, other, bitmask, customizer, equalFunc, stack) {
+      var objIsArr = isArray(object),
+        othIsArr = isArray(other),
+        objTag = objIsArr ? arrayTag : getTag(object),
+        othTag = othIsArr ? arrayTag : getTag(other);
+      objTag = objTag == argsTag ? objectTag : objTag;
+      othTag = othTag == argsTag ? objectTag : othTag;
+      var objIsObj = objTag == objectTag,
+        othIsObj = othTag == objectTag,
+        isSameTag = objTag == othTag;
+      if (isSameTag && isBuffer(object)) {
+        if (!isBuffer(other)) {
+          return false;
+        }
+        objIsArr = true;
+        objIsObj = false;
+      }
+      if (isSameTag && !objIsObj) {
+        stack || (stack = new Stack());
+        return objIsArr || isTypedArray(object) ? equalArrays(object, other, bitmask, customizer, equalFunc, stack) : equalByTag(object, other, objTag, bitmask, customizer, equalFunc, stack);
+      }
+      if (!(bitmask & COMPARE_PARTIAL_FLAG)) {
+        var objIsWrapped = objIsObj && hasOwnProperty.call(object, '__wrapped__'),
+          othIsWrapped = othIsObj && hasOwnProperty.call(other, '__wrapped__');
+        if (objIsWrapped || othIsWrapped) {
+          var objUnwrapped = objIsWrapped ? object.value() : object,
+            othUnwrapped = othIsWrapped ? other.value() : other;
+          stack || (stack = new Stack());
+          return equalFunc(objUnwrapped, othUnwrapped, bitmask, customizer, stack);
+        }
+      }
+      if (!isSameTag) {
+        return false;
+      }
+      stack || (stack = new Stack());
+      return equalObjects(object, other, bitmask, customizer, equalFunc, stack);
+    }
+
+    /**
+     * The base implementation of `_.isMap` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a map, else `false`.
+     */
+    function baseIsMap(value) {
+      return isObjectLike(value) && getTag(value) == mapTag;
+    }
+
+    /**
+     * The base implementation of `_.isMatch` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Object} object The object to inspect.
+     * @param {Object} source The object of property values to match.
+     * @param {Array} matchData The property names, values, and compare flags to match.
+     * @param {Function} [customizer] The function to customize comparisons.
+     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
+     */
+    function baseIsMatch(object, source, matchData, customizer) {
+      var index = matchData.length,
+        length = index,
+        noCustomizer = !customizer;
+      if (object == null) {
+        return !length;
+      }
+      object = Object(object);
+      while (index--) {
+        var data = matchData[index];
+        if (noCustomizer && data[2] ? data[1] !== object[data[0]] : !(data[0] in object)) {
+          return false;
+        }
+      }
+      while (++index < length) {
+        data = matchData[index];
+        var key = data[0],
+          objValue = object[key],
+          srcValue = data[1];
+        if (noCustomizer && data[2]) {
+          if (objValue === undefined && !(key in object)) {
+            return false;
+          }
+        } else {
+          var stack = new Stack();
+          if (customizer) {
+            var result = customizer(objValue, srcValue, key, object, source, stack);
+          }
+          if (!(result === undefined ? baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG, customizer, stack) : result)) {
+            return false;
+          }
+        }
+      }
+      return true;
+    }
+
+    /**
+     * The base implementation of `_.isNative` without bad shim checks.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a native function,
+     *  else `false`.
+     */
+    function baseIsNative(value) {
+      if (!isObject(value) || isMasked(value)) {
+        return false;
+      }
+      var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
+      return pattern.test(toSource(value));
+    }
+
+    /**
+     * The base implementation of `_.isRegExp` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a regexp, else `false`.
+     */
+    function baseIsRegExp(value) {
+      return isObjectLike(value) && baseGetTag(value) == regexpTag;
+    }
+
+    /**
+     * The base implementation of `_.isSet` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a set, else `false`.
+     */
+    function baseIsSet(value) {
+      return isObjectLike(value) && getTag(value) == setTag;
+    }
+
+    /**
+     * The base implementation of `_.isTypedArray` without Node.js optimizations.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a typed array, else `false`.
+     */
+    function baseIsTypedArray(value) {
+      return isObjectLike(value) && isLength(value.length) && !!typedArrayTags[baseGetTag(value)];
+    }
+
+    /**
+     * The base implementation of `_.iteratee`.
+     *
+     * @private
+     * @param {*} [value=_.identity] The value to convert to an iteratee.
+     * @returns {Function} Returns the iteratee.
+     */
+    function baseIteratee(value) {
+      // Don't store the `typeof` result in a variable to avoid a JIT bug in Safari 9.
+      // See https://bugs.webkit.org/show_bug.cgi?id=156034 for more details.
+      if (typeof value == 'function') {
+        return value;
+      }
+      if (value == null) {
+        return identity;
+      }
+      if (typeof value == 'object') {
+        return isArray(value) ? baseMatchesProperty(value[0], value[1]) : baseMatches(value);
+      }
+      return property(value);
+    }
+
+    /**
+     * The base implementation of `_.keys` which doesn't treat sparse arrays as dense.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names.
+     */
+    function baseKeys(object) {
+      if (!isPrototype(object)) {
+        return nativeKeys(object);
+      }
+      var result = [];
+      for (var key in Object(object)) {
+        if (hasOwnProperty.call(object, key) && key != 'constructor') {
+          result.push(key);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.keysIn` which doesn't treat sparse arrays as dense.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names.
+     */
+    function baseKeysIn(object) {
+      if (!isObject(object)) {
+        return nativeKeysIn(object);
+      }
+      var isProto = isPrototype(object),
+        result = [];
+      for (var key in object) {
+        if (!(key == 'constructor' && (isProto || !hasOwnProperty.call(object, key)))) {
+          result.push(key);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.lt` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is less than `other`,
+     *  else `false`.
+     */
+    function baseLt(value, other) {
+      return value < other;
+    }
+
+    /**
+     * The base implementation of `_.map` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} iteratee The function invoked per iteration.
+     * @returns {Array} Returns the new mapped array.
+     */
+    function baseMap(collection, iteratee) {
+      var index = -1,
+        result = isArrayLike(collection) ? Array(collection.length) : [];
+      baseEach(collection, function (value, key, collection) {
+        result[++index] = iteratee(value, key, collection);
+      });
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.matches` which doesn't clone `source`.
+     *
+     * @private
+     * @param {Object} source The object of property values to match.
+     * @returns {Function} Returns the new spec function.
+     */
+    function baseMatches(source) {
+      var matchData = getMatchData(source);
+      if (matchData.length == 1 && matchData[0][2]) {
+        return matchesStrictComparable(matchData[0][0], matchData[0][1]);
+      }
+      return function (object) {
+        return object === source || baseIsMatch(object, source, matchData);
+      };
+    }
+
+    /**
+     * The base implementation of `_.matchesProperty` which doesn't clone `srcValue`.
+     *
+     * @private
+     * @param {string} path The path of the property to get.
+     * @param {*} srcValue The value to match.
+     * @returns {Function} Returns the new spec function.
+     */
+    function baseMatchesProperty(path, srcValue) {
+      if (isKey(path) && isStrictComparable(srcValue)) {
+        return matchesStrictComparable(toKey(path), srcValue);
+      }
+      return function (object) {
+        var objValue = get(object, path);
+        return objValue === undefined && objValue === srcValue ? hasIn(object, path) : baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG);
+      };
+    }
+
+    /**
+     * The base implementation of `_.merge` without support for multiple sources.
+     *
+     * @private
+     * @param {Object} object The destination object.
+     * @param {Object} source The source object.
+     * @param {number} srcIndex The index of `source`.
+     * @param {Function} [customizer] The function to customize merged values.
+     * @param {Object} [stack] Tracks traversed source values and their merged
+     *  counterparts.
+     */
+    function baseMerge(object, source, srcIndex, customizer, stack) {
+      if (object === source) {
+        return;
+      }
+      baseFor(source, function (srcValue, key) {
+        stack || (stack = new Stack());
+        if (isObject(srcValue)) {
+          baseMergeDeep(object, source, key, srcIndex, baseMerge, customizer, stack);
+        } else {
+          var newValue = customizer ? customizer(safeGet(object, key), srcValue, key + '', object, source, stack) : undefined;
+          if (newValue === undefined) {
+            newValue = srcValue;
+          }
+          assignMergeValue(object, key, newValue);
+        }
+      }, keysIn);
+    }
+
+    /**
+     * A specialized version of `baseMerge` for arrays and objects which performs
+     * deep merges and tracks traversed objects enabling objects with circular
+     * references to be merged.
+     *
+     * @private
+     * @param {Object} object The destination object.
+     * @param {Object} source The source object.
+     * @param {string} key The key of the value to merge.
+     * @param {number} srcIndex The index of `source`.
+     * @param {Function} mergeFunc The function to merge values.
+     * @param {Function} [customizer] The function to customize assigned values.
+     * @param {Object} [stack] Tracks traversed source values and their merged
+     *  counterparts.
+     */
+    function baseMergeDeep(object, source, key, srcIndex, mergeFunc, customizer, stack) {
+      var objValue = safeGet(object, key),
+        srcValue = safeGet(source, key),
+        stacked = stack.get(srcValue);
+      if (stacked) {
+        assignMergeValue(object, key, stacked);
+        return;
+      }
+      var newValue = customizer ? customizer(objValue, srcValue, key + '', object, source, stack) : undefined;
+      var isCommon = newValue === undefined;
+      if (isCommon) {
+        var isArr = isArray(srcValue),
+          isBuff = !isArr && isBuffer(srcValue),
+          isTyped = !isArr && !isBuff && isTypedArray(srcValue);
+        newValue = srcValue;
+        if (isArr || isBuff || isTyped) {
+          if (isArray(objValue)) {
+            newValue = objValue;
+          } else if (isArrayLikeObject(objValue)) {
+            newValue = copyArray(objValue);
+          } else if (isBuff) {
+            isCommon = false;
+            newValue = cloneBuffer(srcValue, true);
+          } else if (isTyped) {
+            isCommon = false;
+            newValue = cloneTypedArray(srcValue, true);
+          } else {
+            newValue = [];
+          }
+        } else if (isPlainObject(srcValue) || isArguments(srcValue)) {
+          newValue = objValue;
+          if (isArguments(objValue)) {
+            newValue = toPlainObject(objValue);
+          } else if (!isObject(objValue) || isFunction(objValue)) {
+            newValue = initCloneObject(srcValue);
+          }
+        } else {
+          isCommon = false;
+        }
+      }
+      if (isCommon) {
+        // Recursively merge objects and arrays (susceptible to call stack limits).
+        stack.set(srcValue, newValue);
+        mergeFunc(newValue, srcValue, srcIndex, customizer, stack);
+        stack['delete'](srcValue);
+      }
+      assignMergeValue(object, key, newValue);
+    }
+
+    /**
+     * The base implementation of `_.nth` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {Array} array The array to query.
+     * @param {number} n The index of the element to return.
+     * @returns {*} Returns the nth element of `array`.
+     */
+    function baseNth(array, n) {
+      var length = array.length;
+      if (!length) {
+        return;
+      }
+      n += n < 0 ? length : 0;
+      return isIndex(n, length) ? array[n] : undefined;
+    }
+
+    /**
+     * The base implementation of `_.orderBy` without param guards.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function[]|Object[]|string[]} iteratees The iteratees to sort by.
+     * @param {string[]} orders The sort orders of `iteratees`.
+     * @returns {Array} Returns the new sorted array.
+     */
+    function baseOrderBy(collection, iteratees, orders) {
+      if (iteratees.length) {
+        iteratees = arrayMap(iteratees, function (iteratee) {
+          if (isArray(iteratee)) {
+            return function (value) {
+              return baseGet(value, iteratee.length === 1 ? iteratee[0] : iteratee);
+            };
+          }
+          return iteratee;
+        });
+      } else {
+        iteratees = [identity];
+      }
+      var index = -1;
+      iteratees = arrayMap(iteratees, baseUnary(getIteratee()));
+      var result = baseMap(collection, function (value, key, collection) {
+        var criteria = arrayMap(iteratees, function (iteratee) {
+          return iteratee(value);
+        });
+        return {
+          'criteria': criteria,
+          'index': ++index,
+          'value': value
+        };
+      });
+      return baseSortBy(result, function (object, other) {
+        return compareMultiple(object, other, orders);
+      });
+    }
+
+    /**
+     * The base implementation of `_.pick` without support for individual
+     * property identifiers.
+     *
+     * @private
+     * @param {Object} object The source object.
+     * @param {string[]} paths The property paths to pick.
+     * @returns {Object} Returns the new object.
+     */
+    function basePick(object, paths) {
+      return basePickBy(object, paths, function (value, path) {
+        return hasIn(object, path);
+      });
+    }
+
+    /**
+     * The base implementation of  `_.pickBy` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Object} object The source object.
+     * @param {string[]} paths The property paths to pick.
+     * @param {Function} predicate The function invoked per property.
+     * @returns {Object} Returns the new object.
+     */
+    function basePickBy(object, paths, predicate) {
+      var index = -1,
+        length = paths.length,
+        result = {};
+      while (++index < length) {
+        var path = paths[index],
+          value = baseGet(object, path);
+        if (predicate(value, path)) {
+          baseSet(result, castPath(path, object), value);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * A specialized version of `baseProperty` which supports deep paths.
+     *
+     * @private
+     * @param {Array|string} path The path of the property to get.
+     * @returns {Function} Returns the new accessor function.
+     */
+    function basePropertyDeep(path) {
+      return function (object) {
+        return baseGet(object, path);
+      };
+    }
+
+    /**
+     * The base implementation of `_.pullAllBy` without support for iteratee
+     * shorthands.
+     *
+     * @private
+     * @param {Array} array The array to modify.
+     * @param {Array} values The values to remove.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns `array`.
+     */
+    function basePullAll(array, values, iteratee, comparator) {
+      var indexOf = comparator ? baseIndexOfWith : baseIndexOf,
+        index = -1,
+        length = values.length,
+        seen = array;
+      if (array === values) {
+        values = copyArray(values);
+      }
+      if (iteratee) {
+        seen = arrayMap(array, baseUnary(iteratee));
+      }
+      while (++index < length) {
+        var fromIndex = 0,
+          value = values[index],
+          computed = iteratee ? iteratee(value) : value;
+        while ((fromIndex = indexOf(seen, computed, fromIndex, comparator)) > -1) {
+          if (seen !== array) {
+            splice.call(seen, fromIndex, 1);
+          }
+          splice.call(array, fromIndex, 1);
+        }
+      }
+      return array;
+    }
+
+    /**
+     * The base implementation of `_.pullAt` without support for individual
+     * indexes or capturing the removed elements.
+     *
+     * @private
+     * @param {Array} array The array to modify.
+     * @param {number[]} indexes The indexes of elements to remove.
+     * @returns {Array} Returns `array`.
+     */
+    function basePullAt(array, indexes) {
+      var length = array ? indexes.length : 0,
+        lastIndex = length - 1;
+      while (length--) {
+        var index = indexes[length];
+        if (length == lastIndex || index !== previous) {
+          var previous = index;
+          if (isIndex(index)) {
+            splice.call(array, index, 1);
+          } else {
+            baseUnset(array, index);
+          }
+        }
+      }
+      return array;
+    }
+
+    /**
+     * The base implementation of `_.random` without support for returning
+     * floating-point numbers.
+     *
+     * @private
+     * @param {number} lower The lower bound.
+     * @param {number} upper The upper bound.
+     * @returns {number} Returns the random number.
+     */
+    function baseRandom(lower, upper) {
+      return lower + nativeFloor(nativeRandom() * (upper - lower + 1));
+    }
+
+    /**
+     * The base implementation of `_.range` and `_.rangeRight` which doesn't
+     * coerce arguments.
+     *
+     * @private
+     * @param {number} start The start of the range.
+     * @param {number} end The end of the range.
+     * @param {number} step The value to increment or decrement by.
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Array} Returns the range of numbers.
+     */
+    function baseRange(start, end, step, fromRight) {
+      var index = -1,
+        length = nativeMax(nativeCeil((end - start) / (step || 1)), 0),
+        result = Array(length);
+      while (length--) {
+        result[fromRight ? length : ++index] = start;
+        start += step;
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.repeat` which doesn't coerce arguments.
+     *
+     * @private
+     * @param {string} string The string to repeat.
+     * @param {number} n The number of times to repeat the string.
+     * @returns {string} Returns the repeated string.
+     */
+    function baseRepeat(string, n) {
+      var result = '';
+      if (!string || n < 1 || n > MAX_SAFE_INTEGER) {
+        return result;
+      }
+      // Leverage the exponentiation by squaring algorithm for a faster repeat.
+      // See https://en.wikipedia.org/wiki/Exponentiation_by_squaring for more details.
+      do {
+        if (n % 2) {
+          result += string;
+        }
+        n = nativeFloor(n / 2);
+        if (n) {
+          string += string;
+        }
+      } while (n);
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.rest` which doesn't validate or coerce arguments.
+     *
+     * @private
+     * @param {Function} func The function to apply a rest parameter to.
+     * @param {number} [start=func.length-1] The start position of the rest parameter.
+     * @returns {Function} Returns the new function.
+     */
+    function baseRest(func, start) {
+      return setToString(overRest(func, start, identity), func + '');
+    }
+
+    /**
+     * The base implementation of `_.sample`.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to sample.
+     * @returns {*} Returns the random element.
+     */
+    function baseSample(collection) {
+      return arraySample(values(collection));
+    }
+
+    /**
+     * The base implementation of `_.sampleSize` without param guards.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to sample.
+     * @param {number} n The number of elements to sample.
+     * @returns {Array} Returns the random elements.
+     */
+    function baseSampleSize(collection, n) {
+      var array = values(collection);
+      return shuffleSelf(array, baseClamp(n, 0, array.length));
+    }
+
+    /**
+     * The base implementation of `_.set`.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to set.
+     * @param {*} value The value to set.
+     * @param {Function} [customizer] The function to customize path creation.
+     * @returns {Object} Returns `object`.
+     */
+    function baseSet(object, path, value, customizer) {
+      if (!isObject(object)) {
+        return object;
+      }
+      path = castPath(path, object);
+      var index = -1,
+        length = path.length,
+        lastIndex = length - 1,
+        nested = object;
+      while (nested != null && ++index < length) {
+        var key = toKey(path[index]),
+          newValue = value;
+        if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
+          return object;
+        }
+        if (index != lastIndex) {
+          var objValue = nested[key];
+          newValue = customizer ? customizer(objValue, key, nested) : undefined;
+          if (newValue === undefined) {
+            newValue = isObject(objValue) ? objValue : isIndex(path[index + 1]) ? [] : {};
+          }
+        }
+        assignValue(nested, key, newValue);
+        nested = nested[key];
+      }
+      return object;
+    }
+
+    /**
+     * The base implementation of `setData` without support for hot loop shorting.
+     *
+     * @private
+     * @param {Function} func The function to associate metadata with.
+     * @param {*} data The metadata.
+     * @returns {Function} Returns `func`.
+     */
+    var baseSetData = !metaMap ? identity : function (func, data) {
+      metaMap.set(func, data);
+      return func;
+    };
+
+    /**
+     * The base implementation of `setToString` without support for hot loop shorting.
+     *
+     * @private
+     * @param {Function} func The function to modify.
+     * @param {Function} string The `toString` result.
+     * @returns {Function} Returns `func`.
+     */
+    var baseSetToString = !defineProperty ? identity : function (func, string) {
+      return defineProperty(func, 'toString', {
+        'configurable': true,
+        'enumerable': false,
+        'value': constant(string),
+        'writable': true
+      });
+    };
+
+    /**
+     * The base implementation of `_.shuffle`.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to shuffle.
+     * @returns {Array} Returns the new shuffled array.
+     */
+    function baseShuffle(collection) {
+      return shuffleSelf(values(collection));
+    }
+
+    /**
+     * The base implementation of `_.slice` without an iteratee call guard.
+     *
+     * @private
+     * @param {Array} array The array to slice.
+     * @param {number} [start=0] The start position.
+     * @param {number} [end=array.length] The end position.
+     * @returns {Array} Returns the slice of `array`.
+     */
+    function baseSlice(array, start, end) {
+      var index = -1,
+        length = array.length;
+      if (start < 0) {
+        start = -start > length ? 0 : length + start;
+      }
+      end = end > length ? length : end;
+      if (end < 0) {
+        end += length;
+      }
+      length = start > end ? 0 : end - start >>> 0;
+      start >>>= 0;
+      var result = Array(length);
+      while (++index < length) {
+        result[index] = array[index + start];
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.some` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} predicate The function invoked per iteration.
+     * @returns {boolean} Returns `true` if any element passes the predicate check,
+     *  else `false`.
+     */
+    function baseSome(collection, predicate) {
+      var result;
+      baseEach(collection, function (value, index, collection) {
+        result = predicate(value, index, collection);
+        return !result;
+      });
+      return !!result;
+    }
+
+    /**
+     * The base implementation of `_.sortedIndex` and `_.sortedLastIndex` which
+     * performs a binary search of `array` to determine the index at which `value`
+     * should be inserted into `array` in order to maintain its sort order.
+     *
+     * @private
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @param {boolean} [retHighest] Specify returning the highest qualified index.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     */
+    function baseSortedIndex(array, value, retHighest) {
+      var low = 0,
+        high = array == null ? low : array.length;
+      if (typeof value == 'number' && value === value && high <= HALF_MAX_ARRAY_LENGTH) {
+        while (low < high) {
+          var mid = low + high >>> 1,
+            computed = array[mid];
+          if (computed !== null && !isSymbol(computed) && (retHighest ? computed <= value : computed < value)) {
+            low = mid + 1;
+          } else {
+            high = mid;
+          }
+        }
+        return high;
+      }
+      return baseSortedIndexBy(array, value, identity, retHighest);
+    }
+
+    /**
+     * The base implementation of `_.sortedIndexBy` and `_.sortedLastIndexBy`
+     * which invokes `iteratee` for `value` and each element of `array` to compute
+     * their sort ranking. The iteratee is invoked with one argument; (value).
+     *
+     * @private
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @param {Function} iteratee The iteratee invoked per element.
+     * @param {boolean} [retHighest] Specify returning the highest qualified index.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     */
+    function baseSortedIndexBy(array, value, iteratee, retHighest) {
+      var low = 0,
+        high = array == null ? 0 : array.length;
+      if (high === 0) {
+        return 0;
+      }
+      value = iteratee(value);
+      var valIsNaN = value !== value,
+        valIsNull = value === null,
+        valIsSymbol = isSymbol(value),
+        valIsUndefined = value === undefined;
+      while (low < high) {
+        var mid = nativeFloor((low + high) / 2),
+          computed = iteratee(array[mid]),
+          othIsDefined = computed !== undefined,
+          othIsNull = computed === null,
+          othIsReflexive = computed === computed,
+          othIsSymbol = isSymbol(computed);
+        if (valIsNaN) {
+          var setLow = retHighest || othIsReflexive;
+        } else if (valIsUndefined) {
+          setLow = othIsReflexive && (retHighest || othIsDefined);
+        } else if (valIsNull) {
+          setLow = othIsReflexive && othIsDefined && (retHighest || !othIsNull);
+        } else if (valIsSymbol) {
+          setLow = othIsReflexive && othIsDefined && !othIsNull && (retHighest || !othIsSymbol);
+        } else if (othIsNull || othIsSymbol) {
+          setLow = false;
+        } else {
+          setLow = retHighest ? computed <= value : computed < value;
+        }
+        if (setLow) {
+          low = mid + 1;
+        } else {
+          high = mid;
+        }
+      }
+      return nativeMin(high, MAX_ARRAY_INDEX);
+    }
+
+    /**
+     * The base implementation of `_.sortedUniq` and `_.sortedUniqBy` without
+     * support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array} array The array to inspect.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @returns {Array} Returns the new duplicate free array.
+     */
+    function baseSortedUniq(array, iteratee) {
+      var index = -1,
+        length = array.length,
+        resIndex = 0,
+        result = [];
+      while (++index < length) {
+        var value = array[index],
+          computed = iteratee ? iteratee(value) : value;
+        if (!index || !eq(computed, seen)) {
+          var seen = computed;
+          result[resIndex++] = value === 0 ? 0 : value;
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.toNumber` which doesn't ensure correct
+     * conversions of binary, hexadecimal, or octal string values.
+     *
+     * @private
+     * @param {*} value The value to process.
+     * @returns {number} Returns the number.
+     */
+    function baseToNumber(value) {
+      if (typeof value == 'number') {
+        return value;
+      }
+      if (isSymbol(value)) {
+        return NAN;
+      }
+      return +value;
+    }
+
+    /**
+     * The base implementation of `_.toString` which doesn't convert nullish
+     * values to empty strings.
+     *
+     * @private
+     * @param {*} value The value to process.
+     * @returns {string} Returns the string.
+     */
+    function baseToString(value) {
+      // Exit early for strings to avoid a performance hit in some environments.
+      if (typeof value == 'string') {
+        return value;
+      }
+      if (isArray(value)) {
+        // Recursively convert values (susceptible to call stack limits).
+        return arrayMap(value, baseToString) + '';
+      }
+      if (isSymbol(value)) {
+        return symbolToString ? symbolToString.call(value) : '';
+      }
+      var result = value + '';
+      return result == '0' && 1 / value == -INFINITY ? '-0' : result;
+    }
+
+    /**
+     * The base implementation of `_.uniqBy` without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array} array The array to inspect.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new duplicate free array.
+     */
+    function baseUniq(array, iteratee, comparator) {
+      var index = -1,
+        includes = arrayIncludes,
+        length = array.length,
+        isCommon = true,
+        result = [],
+        seen = result;
+      if (comparator) {
+        isCommon = false;
+        includes = arrayIncludesWith;
+      } else if (length >= LARGE_ARRAY_SIZE) {
+        var set = iteratee ? null : createSet(array);
+        if (set) {
+          return setToArray(set);
+        }
+        isCommon = false;
+        includes = cacheHas;
+        seen = new SetCache();
+      } else {
+        seen = iteratee ? [] : result;
+      }
+      outer: while (++index < length) {
+        var value = array[index],
+          computed = iteratee ? iteratee(value) : value;
+        value = comparator || value !== 0 ? value : 0;
+        if (isCommon && computed === computed) {
+          var seenIndex = seen.length;
+          while (seenIndex--) {
+            if (seen[seenIndex] === computed) {
+              continue outer;
+            }
+          }
+          if (iteratee) {
+            seen.push(computed);
+          }
+          result.push(value);
+        } else if (!includes(seen, computed, comparator)) {
+          if (seen !== result) {
+            seen.push(computed);
+          }
+          result.push(value);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * The base implementation of `_.unset`.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The property path to unset.
+     * @returns {boolean} Returns `true` if the property is deleted, else `false`.
+     */
+    function baseUnset(object, path) {
+      path = castPath(path, object);
+      object = parent(object, path);
+      return object == null || delete object[toKey(last(path))];
+    }
+
+    /**
+     * The base implementation of `_.update`.
+     *
+     * @private
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to update.
+     * @param {Function} updater The function to produce the updated value.
+     * @param {Function} [customizer] The function to customize path creation.
+     * @returns {Object} Returns `object`.
+     */
+    function baseUpdate(object, path, updater, customizer) {
+      return baseSet(object, path, updater(baseGet(object, path)), customizer);
+    }
+
+    /**
+     * The base implementation of methods like `_.dropWhile` and `_.takeWhile`
+     * without support for iteratee shorthands.
+     *
+     * @private
+     * @param {Array} array The array to query.
+     * @param {Function} predicate The function invoked per iteration.
+     * @param {boolean} [isDrop] Specify dropping elements instead of taking them.
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Array} Returns the slice of `array`.
+     */
+    function baseWhile(array, predicate, isDrop, fromRight) {
+      var length = array.length,
+        index = fromRight ? length : -1;
+      while ((fromRight ? index-- : ++index < length) && predicate(array[index], index, array)) {}
+      return isDrop ? baseSlice(array, fromRight ? 0 : index, fromRight ? index + 1 : length) : baseSlice(array, fromRight ? index + 1 : 0, fromRight ? length : index);
+    }
+
+    /**
+     * The base implementation of `wrapperValue` which returns the result of
+     * performing a sequence of actions on the unwrapped `value`, where each
+     * successive action is supplied the return value of the previous.
+     *
+     * @private
+     * @param {*} value The unwrapped value.
+     * @param {Array} actions Actions to perform to resolve the unwrapped value.
+     * @returns {*} Returns the resolved value.
+     */
+    function baseWrapperValue(value, actions) {
+      var result = value;
+      if (result instanceof LazyWrapper) {
+        result = result.value();
+      }
+      return arrayReduce(actions, function (result, action) {
+        return action.func.apply(action.thisArg, arrayPush([result], action.args));
+      }, result);
+    }
+
+    /**
+     * The base implementation of methods like `_.xor`, without support for
+     * iteratee shorthands, that accepts an array of arrays to inspect.
+     *
+     * @private
+     * @param {Array} arrays The arrays to inspect.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of values.
+     */
+    function baseXor(arrays, iteratee, comparator) {
+      var length = arrays.length;
+      if (length < 2) {
+        return length ? baseUniq(arrays[0]) : [];
+      }
+      var index = -1,
+        result = Array(length);
+      while (++index < length) {
+        var array = arrays[index],
+          othIndex = -1;
+        while (++othIndex < length) {
+          if (othIndex != index) {
+            result[index] = baseDifference(result[index] || array, arrays[othIndex], iteratee, comparator);
+          }
+        }
+      }
+      return baseUniq(baseFlatten(result, 1), iteratee, comparator);
+    }
+
+    /**
+     * This base implementation of `_.zipObject` which assigns values using `assignFunc`.
+     *
+     * @private
+     * @param {Array} props The property identifiers.
+     * @param {Array} values The property values.
+     * @param {Function} assignFunc The function to assign values.
+     * @returns {Object} Returns the new object.
+     */
+    function baseZipObject(props, values, assignFunc) {
+      var index = -1,
+        length = props.length,
+        valsLength = values.length,
+        result = {};
+      while (++index < length) {
+        var value = index < valsLength ? values[index] : undefined;
+        assignFunc(result, props[index], value);
+      }
+      return result;
+    }
+
+    /**
+     * Casts `value` to an empty array if it's not an array like object.
+     *
+     * @private
+     * @param {*} value The value to inspect.
+     * @returns {Array|Object} Returns the cast array-like object.
+     */
+    function castArrayLikeObject(value) {
+      return isArrayLikeObject(value) ? value : [];
+    }
+
+    /**
+     * Casts `value` to `identity` if it's not a function.
+     *
+     * @private
+     * @param {*} value The value to inspect.
+     * @returns {Function} Returns cast function.
+     */
+    function castFunction(value) {
+      return typeof value == 'function' ? value : identity;
+    }
+
+    /**
+     * Casts `value` to a path array if it's not one.
+     *
+     * @private
+     * @param {*} value The value to inspect.
+     * @param {Object} [object] The object to query keys on.
+     * @returns {Array} Returns the cast property path array.
+     */
+    function castPath(value, object) {
+      if (isArray(value)) {
+        return value;
+      }
+      return isKey(value, object) ? [value] : stringToPath(toString(value));
+    }
+
+    /**
+     * A `baseRest` alias which can be replaced with `identity` by module
+     * replacement plugins.
+     *
+     * @private
+     * @type {Function}
+     * @param {Function} func The function to apply a rest parameter to.
+     * @returns {Function} Returns the new function.
+     */
+    var castRest = baseRest;
+
+    /**
+     * Casts `array` to a slice if it's needed.
+     *
+     * @private
+     * @param {Array} array The array to inspect.
+     * @param {number} start The start position.
+     * @param {number} [end=array.length] The end position.
+     * @returns {Array} Returns the cast slice.
+     */
+    function castSlice(array, start, end) {
+      var length = array.length;
+      end = end === undefined ? length : end;
+      return !start && end >= length ? array : baseSlice(array, start, end);
+    }
+
+    /**
+     * A simple wrapper around the global [`clearTimeout`](https://mdn.io/clearTimeout).
+     *
+     * @private
+     * @param {number|Object} id The timer id or timeout object of the timer to clear.
+     */
+    var clearTimeout = ctxClearTimeout || function (id) {
+      return root.clearTimeout(id);
+    };
+
+    /**
+     * Creates a clone of  `buffer`.
+     *
+     * @private
+     * @param {Buffer} buffer The buffer to clone.
+     * @param {boolean} [isDeep] Specify a deep clone.
+     * @returns {Buffer} Returns the cloned buffer.
+     */
+    function cloneBuffer(buffer, isDeep) {
+      if (isDeep) {
+        return buffer.slice();
+      }
+      var length = buffer.length,
+        result = allocUnsafe ? allocUnsafe(length) : new buffer.constructor(length);
+      buffer.copy(result);
+      return result;
+    }
+
+    /**
+     * Creates a clone of `arrayBuffer`.
+     *
+     * @private
+     * @param {ArrayBuffer} arrayBuffer The array buffer to clone.
+     * @returns {ArrayBuffer} Returns the cloned array buffer.
+     */
+    function cloneArrayBuffer(arrayBuffer) {
+      var result = new arrayBuffer.constructor(arrayBuffer.byteLength);
+      new Uint8Array(result).set(new Uint8Array(arrayBuffer));
+      return result;
+    }
+
+    /**
+     * Creates a clone of `dataView`.
+     *
+     * @private
+     * @param {Object} dataView The data view to clone.
+     * @param {boolean} [isDeep] Specify a deep clone.
+     * @returns {Object} Returns the cloned data view.
+     */
+    function cloneDataView(dataView, isDeep) {
+      var buffer = isDeep ? cloneArrayBuffer(dataView.buffer) : dataView.buffer;
+      return new dataView.constructor(buffer, dataView.byteOffset, dataView.byteLength);
+    }
+
+    /**
+     * Creates a clone of `regexp`.
+     *
+     * @private
+     * @param {Object} regexp The regexp to clone.
+     * @returns {Object} Returns the cloned regexp.
+     */
+    function cloneRegExp(regexp) {
+      var result = new regexp.constructor(regexp.source, reFlags.exec(regexp));
+      result.lastIndex = regexp.lastIndex;
+      return result;
+    }
+
+    /**
+     * Creates a clone of the `symbol` object.
+     *
+     * @private
+     * @param {Object} symbol The symbol object to clone.
+     * @returns {Object} Returns the cloned symbol object.
+     */
+    function cloneSymbol(symbol) {
+      return symbolValueOf ? Object(symbolValueOf.call(symbol)) : {};
+    }
+
+    /**
+     * Creates a clone of `typedArray`.
+     *
+     * @private
+     * @param {Object} typedArray The typed array to clone.
+     * @param {boolean} [isDeep] Specify a deep clone.
+     * @returns {Object} Returns the cloned typed array.
+     */
+    function cloneTypedArray(typedArray, isDeep) {
+      var buffer = isDeep ? cloneArrayBuffer(typedArray.buffer) : typedArray.buffer;
+      return new typedArray.constructor(buffer, typedArray.byteOffset, typedArray.length);
+    }
+
+    /**
+     * Compares values to sort them in ascending order.
+     *
+     * @private
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {number} Returns the sort order indicator for `value`.
+     */
+    function compareAscending(value, other) {
+      if (value !== other) {
+        var valIsDefined = value !== undefined,
+          valIsNull = value === null,
+          valIsReflexive = value === value,
+          valIsSymbol = isSymbol(value);
+        var othIsDefined = other !== undefined,
+          othIsNull = other === null,
+          othIsReflexive = other === other,
+          othIsSymbol = isSymbol(other);
+        if (!othIsNull && !othIsSymbol && !valIsSymbol && value > other || valIsSymbol && othIsDefined && othIsReflexive && !othIsNull && !othIsSymbol || valIsNull && othIsDefined && othIsReflexive || !valIsDefined && othIsReflexive || !valIsReflexive) {
+          return 1;
+        }
+        if (!valIsNull && !valIsSymbol && !othIsSymbol && value < other || othIsSymbol && valIsDefined && valIsReflexive && !valIsNull && !valIsSymbol || othIsNull && valIsDefined && valIsReflexive || !othIsDefined && valIsReflexive || !othIsReflexive) {
+          return -1;
+        }
+      }
+      return 0;
+    }
+
+    /**
+     * Used by `_.orderBy` to compare multiple properties of a value to another
+     * and stable sort them.
+     *
+     * If `orders` is unspecified, all values are sorted in ascending order. Otherwise,
+     * specify an order of "desc" for descending or "asc" for ascending sort order
+     * of corresponding values.
+     *
+     * @private
+     * @param {Object} object The object to compare.
+     * @param {Object} other The other object to compare.
+     * @param {boolean[]|string[]} orders The order to sort by for each property.
+     * @returns {number} Returns the sort order indicator for `object`.
+     */
+    function compareMultiple(object, other, orders) {
+      var index = -1,
+        objCriteria = object.criteria,
+        othCriteria = other.criteria,
+        length = objCriteria.length,
+        ordersLength = orders.length;
+      while (++index < length) {
+        var result = compareAscending(objCriteria[index], othCriteria[index]);
+        if (result) {
+          if (index >= ordersLength) {
+            return result;
+          }
+          var order = orders[index];
+          return result * (order == 'desc' ? -1 : 1);
+        }
+      }
+      // Fixes an `Array#sort` bug in the JS engine embedded in Adobe applications
+      // that causes it, under certain circumstances, to provide the same value for
+      // `object` and `other`. See https://github.com/jashkenas/underscore/pull/1247
+      // for more details.
+      //
+      // This also ensures a stable sort in V8 and other engines.
+      // See https://bugs.chromium.org/p/v8/issues/detail?id=90 for more details.
+      return object.index - other.index;
+    }
+
+    /**
+     * Creates an array that is the composition of partially applied arguments,
+     * placeholders, and provided arguments into a single array of arguments.
+     *
+     * @private
+     * @param {Array} args The provided arguments.
+     * @param {Array} partials The arguments to prepend to those provided.
+     * @param {Array} holders The `partials` placeholder indexes.
+     * @params {boolean} [isCurried] Specify composing for a curried function.
+     * @returns {Array} Returns the new array of composed arguments.
+     */
+    function composeArgs(args, partials, holders, isCurried) {
+      var argsIndex = -1,
+        argsLength = args.length,
+        holdersLength = holders.length,
+        leftIndex = -1,
+        leftLength = partials.length,
+        rangeLength = nativeMax(argsLength - holdersLength, 0),
+        result = Array(leftLength + rangeLength),
+        isUncurried = !isCurried;
+      while (++leftIndex < leftLength) {
+        result[leftIndex] = partials[leftIndex];
+      }
+      while (++argsIndex < holdersLength) {
+        if (isUncurried || argsIndex < argsLength) {
+          result[holders[argsIndex]] = args[argsIndex];
+        }
+      }
+      while (rangeLength--) {
+        result[leftIndex++] = args[argsIndex++];
+      }
+      return result;
+    }
+
+    /**
+     * This function is like `composeArgs` except that the arguments composition
+     * is tailored for `_.partialRight`.
+     *
+     * @private
+     * @param {Array} args The provided arguments.
+     * @param {Array} partials The arguments to append to those provided.
+     * @param {Array} holders The `partials` placeholder indexes.
+     * @params {boolean} [isCurried] Specify composing for a curried function.
+     * @returns {Array} Returns the new array of composed arguments.
+     */
+    function composeArgsRight(args, partials, holders, isCurried) {
+      var argsIndex = -1,
+        argsLength = args.length,
+        holdersIndex = -1,
+        holdersLength = holders.length,
+        rightIndex = -1,
+        rightLength = partials.length,
+        rangeLength = nativeMax(argsLength - holdersLength, 0),
+        result = Array(rangeLength + rightLength),
+        isUncurried = !isCurried;
+      while (++argsIndex < rangeLength) {
+        result[argsIndex] = args[argsIndex];
+      }
+      var offset = argsIndex;
+      while (++rightIndex < rightLength) {
+        result[offset + rightIndex] = partials[rightIndex];
+      }
+      while (++holdersIndex < holdersLength) {
+        if (isUncurried || argsIndex < argsLength) {
+          result[offset + holders[holdersIndex]] = args[argsIndex++];
+        }
+      }
+      return result;
+    }
+
+    /**
+     * Copies the values of `source` to `array`.
+     *
+     * @private
+     * @param {Array} source The array to copy values from.
+     * @param {Array} [array=[]] The array to copy values to.
+     * @returns {Array} Returns `array`.
+     */
+    function copyArray(source, array) {
+      var index = -1,
+        length = source.length;
+      array || (array = Array(length));
+      while (++index < length) {
+        array[index] = source[index];
+      }
+      return array;
+    }
+
+    /**
+     * Copies properties of `source` to `object`.
+     *
+     * @private
+     * @param {Object} source The object to copy properties from.
+     * @param {Array} props The property identifiers to copy.
+     * @param {Object} [object={}] The object to copy properties to.
+     * @param {Function} [customizer] The function to customize copied values.
+     * @returns {Object} Returns `object`.
+     */
+    function copyObject(source, props, object, customizer) {
+      var isNew = !object;
+      object || (object = {});
+      var index = -1,
+        length = props.length;
+      while (++index < length) {
+        var key = props[index];
+        var newValue = customizer ? customizer(object[key], source[key], key, object, source) : undefined;
+        if (newValue === undefined) {
+          newValue = source[key];
+        }
+        if (isNew) {
+          baseAssignValue(object, key, newValue);
+        } else {
+          assignValue(object, key, newValue);
+        }
+      }
+      return object;
+    }
+
+    /**
+     * Copies own symbols of `source` to `object`.
+     *
+     * @private
+     * @param {Object} source The object to copy symbols from.
+     * @param {Object} [object={}] The object to copy symbols to.
+     * @returns {Object} Returns `object`.
+     */
+    function copySymbols(source, object) {
+      return copyObject(source, getSymbols(source), object);
+    }
+
+    /**
+     * Copies own and inherited symbols of `source` to `object`.
+     *
+     * @private
+     * @param {Object} source The object to copy symbols from.
+     * @param {Object} [object={}] The object to copy symbols to.
+     * @returns {Object} Returns `object`.
+     */
+    function copySymbolsIn(source, object) {
+      return copyObject(source, getSymbolsIn(source), object);
+    }
+
+    /**
+     * Creates a function like `_.groupBy`.
+     *
+     * @private
+     * @param {Function} setter The function to set accumulator values.
+     * @param {Function} [initializer] The accumulator object initializer.
+     * @returns {Function} Returns the new aggregator function.
+     */
+    function createAggregator(setter, initializer) {
+      return function (collection, iteratee) {
+        var func = isArray(collection) ? arrayAggregator : baseAggregator,
+          accumulator = initializer ? initializer() : {};
+        return func(collection, setter, getIteratee(iteratee, 2), accumulator);
+      };
+    }
+
+    /**
+     * Creates a function like `_.assign`.
+     *
+     * @private
+     * @param {Function} assigner The function to assign values.
+     * @returns {Function} Returns the new assigner function.
+     */
+    function createAssigner(assigner) {
+      return baseRest(function (object, sources) {
+        var index = -1,
+          length = sources.length,
+          customizer = length > 1 ? sources[length - 1] : undefined,
+          guard = length > 2 ? sources[2] : undefined;
+        customizer = assigner.length > 3 && typeof customizer == 'function' ? (length--, customizer) : undefined;
+        if (guard && isIterateeCall(sources[0], sources[1], guard)) {
+          customizer = length < 3 ? undefined : customizer;
+          length = 1;
+        }
+        object = Object(object);
+        while (++index < length) {
+          var source = sources[index];
+          if (source) {
+            assigner(object, source, index, customizer);
+          }
+        }
+        return object;
+      });
+    }
+
+    /**
+     * Creates a `baseEach` or `baseEachRight` function.
+     *
+     * @private
+     * @param {Function} eachFunc The function to iterate over a collection.
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Function} Returns the new base function.
+     */
+    function createBaseEach(eachFunc, fromRight) {
+      return function (collection, iteratee) {
+        if (collection == null) {
+          return collection;
+        }
+        if (!isArrayLike(collection)) {
+          return eachFunc(collection, iteratee);
+        }
+        var length = collection.length,
+          index = fromRight ? length : -1,
+          iterable = Object(collection);
+        while (fromRight ? index-- : ++index < length) {
+          if (iteratee(iterable[index], index, iterable) === false) {
+            break;
+          }
+        }
+        return collection;
+      };
+    }
+
+    /**
+     * Creates a base function for methods like `_.forIn` and `_.forOwn`.
+     *
+     * @private
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Function} Returns the new base function.
+     */
+    function createBaseFor(fromRight) {
+      return function (object, iteratee, keysFunc) {
+        var index = -1,
+          iterable = Object(object),
+          props = keysFunc(object),
+          length = props.length;
+        while (length--) {
+          var key = props[fromRight ? length : ++index];
+          if (iteratee(iterable[key], key, iterable) === false) {
+            break;
+          }
+        }
+        return object;
+      };
+    }
+
+    /**
+     * Creates a function that wraps `func` to invoke it with the optional `this`
+     * binding of `thisArg`.
+     *
+     * @private
+     * @param {Function} func The function to wrap.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @param {*} [thisArg] The `this` binding of `func`.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createBind(func, bitmask, thisArg) {
+      var isBind = bitmask & WRAP_BIND_FLAG,
+        Ctor = createCtor(func);
+      function wrapper() {
+        var fn = this && this !== root && this instanceof wrapper ? Ctor : func;
+        return fn.apply(isBind ? thisArg : this, arguments);
+      }
+      return wrapper;
+    }
+
+    /**
+     * Creates a function like `_.lowerFirst`.
+     *
+     * @private
+     * @param {string} methodName The name of the `String` case method to use.
+     * @returns {Function} Returns the new case function.
+     */
+    function createCaseFirst(methodName) {
+      return function (string) {
+        string = toString(string);
+        var strSymbols = hasUnicode(string) ? stringToArray(string) : undefined;
+        var chr = strSymbols ? strSymbols[0] : string.charAt(0);
+        var trailing = strSymbols ? castSlice(strSymbols, 1).join('') : string.slice(1);
+        return chr[methodName]() + trailing;
+      };
+    }
+
+    /**
+     * Creates a function like `_.camelCase`.
+     *
+     * @private
+     * @param {Function} callback The function to combine each word.
+     * @returns {Function} Returns the new compounder function.
+     */
+    function createCompounder(callback) {
+      return function (string) {
+        return arrayReduce(words(deburr(string).replace(reApos, '')), callback, '');
+      };
+    }
+
+    /**
+     * Creates a function that produces an instance of `Ctor` regardless of
+     * whether it was invoked as part of a `new` expression or by `call` or `apply`.
+     *
+     * @private
+     * @param {Function} Ctor The constructor to wrap.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createCtor(Ctor) {
+      return function () {
+        // Use a `switch` statement to work with class constructors. See
+        // http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argumentslist
+        // for more details.
+        var args = arguments;
+        switch (args.length) {
+          case 0:
+            return new Ctor();
+          case 1:
+            return new Ctor(args[0]);
+          case 2:
+            return new Ctor(args[0], args[1]);
+          case 3:
+            return new Ctor(args[0], args[1], args[2]);
+          case 4:
+            return new Ctor(args[0], args[1], args[2], args[3]);
+          case 5:
+            return new Ctor(args[0], args[1], args[2], args[3], args[4]);
+          case 6:
+            return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5]);
+          case 7:
+            return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
+        }
+        var thisBinding = baseCreate(Ctor.prototype),
+          result = Ctor.apply(thisBinding, args);
+
+        // Mimic the constructor's `return` behavior.
+        // See https://es5.github.io/#x13.2.2 for more details.
+        return isObject(result) ? result : thisBinding;
+      };
+    }
+
+    /**
+     * Creates a function that wraps `func` to enable currying.
+     *
+     * @private
+     * @param {Function} func The function to wrap.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @param {number} arity The arity of `func`.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createCurry(func, bitmask, arity) {
+      var Ctor = createCtor(func);
+      function wrapper() {
+        var length = arguments.length,
+          args = Array(length),
+          index = length,
+          placeholder = getHolder(wrapper);
+        while (index--) {
+          args[index] = arguments[index];
+        }
+        var holders = length < 3 && args[0] !== placeholder && args[length - 1] !== placeholder ? [] : replaceHolders(args, placeholder);
+        length -= holders.length;
+        if (length < arity) {
+          return createRecurry(func, bitmask, createHybrid, wrapper.placeholder, undefined, args, holders, undefined, undefined, arity - length);
+        }
+        var fn = this && this !== root && this instanceof wrapper ? Ctor : func;
+        return apply(fn, this, args);
+      }
+      return wrapper;
+    }
+
+    /**
+     * Creates a `_.find` or `_.findLast` function.
+     *
+     * @private
+     * @param {Function} findIndexFunc The function to find the collection index.
+     * @returns {Function} Returns the new find function.
+     */
+    function createFind(findIndexFunc) {
+      return function (collection, predicate, fromIndex) {
+        var iterable = Object(collection);
+        if (!isArrayLike(collection)) {
+          var iteratee = getIteratee(predicate, 3);
+          collection = keys(collection);
+          predicate = function predicate(key) {
+            return iteratee(iterable[key], key, iterable);
+          };
+        }
+        var index = findIndexFunc(collection, predicate, fromIndex);
+        return index > -1 ? iterable[iteratee ? collection[index] : index] : undefined;
+      };
+    }
+
+    /**
+     * Creates a `_.flow` or `_.flowRight` function.
+     *
+     * @private
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Function} Returns the new flow function.
+     */
+    function createFlow(fromRight) {
+      return flatRest(function (funcs) {
+        var length = funcs.length,
+          index = length,
+          prereq = LodashWrapper.prototype.thru;
+        if (fromRight) {
+          funcs.reverse();
+        }
+        while (index--) {
+          var func = funcs[index];
+          if (typeof func != 'function') {
+            throw new TypeError(FUNC_ERROR_TEXT);
+          }
+          if (prereq && !wrapper && getFuncName(func) == 'wrapper') {
+            var wrapper = new LodashWrapper([], true);
+          }
+        }
+        index = wrapper ? index : length;
+        while (++index < length) {
+          func = funcs[index];
+          var funcName = getFuncName(func),
+            data = funcName == 'wrapper' ? getData(func) : undefined;
+          if (data && isLaziable(data[0]) && data[1] == (WRAP_ARY_FLAG | WRAP_CURRY_FLAG | WRAP_PARTIAL_FLAG | WRAP_REARG_FLAG) && !data[4].length && data[9] == 1) {
+            wrapper = wrapper[getFuncName(data[0])].apply(wrapper, data[3]);
+          } else {
+            wrapper = func.length == 1 && isLaziable(func) ? wrapper[funcName]() : wrapper.thru(func);
+          }
+        }
+        return function () {
+          var args = arguments,
+            value = args[0];
+          if (wrapper && args.length == 1 && isArray(value)) {
+            return wrapper.plant(value).value();
+          }
+          var index = 0,
+            result = length ? funcs[index].apply(this, args) : value;
+          while (++index < length) {
+            result = funcs[index].call(this, result);
+          }
+          return result;
+        };
+      });
+    }
+
+    /**
+     * Creates a function that wraps `func` to invoke it with optional `this`
+     * binding of `thisArg`, partial application, and currying.
+     *
+     * @private
+     * @param {Function|string} func The function or method name to wrap.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @param {*} [thisArg] The `this` binding of `func`.
+     * @param {Array} [partials] The arguments to prepend to those provided to
+     *  the new function.
+     * @param {Array} [holders] The `partials` placeholder indexes.
+     * @param {Array} [partialsRight] The arguments to append to those provided
+     *  to the new function.
+     * @param {Array} [holdersRight] The `partialsRight` placeholder indexes.
+     * @param {Array} [argPos] The argument positions of the new function.
+     * @param {number} [ary] The arity cap of `func`.
+     * @param {number} [arity] The arity of `func`.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createHybrid(func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity) {
+      var isAry = bitmask & WRAP_ARY_FLAG,
+        isBind = bitmask & WRAP_BIND_FLAG,
+        isBindKey = bitmask & WRAP_BIND_KEY_FLAG,
+        isCurried = bitmask & (WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG),
+        isFlip = bitmask & WRAP_FLIP_FLAG,
+        Ctor = isBindKey ? undefined : createCtor(func);
+      function wrapper() {
+        var length = arguments.length,
+          args = Array(length),
+          index = length;
+        while (index--) {
+          args[index] = arguments[index];
+        }
+        if (isCurried) {
+          var placeholder = getHolder(wrapper),
+            holdersCount = countHolders(args, placeholder);
+        }
+        if (partials) {
+          args = composeArgs(args, partials, holders, isCurried);
+        }
+        if (partialsRight) {
+          args = composeArgsRight(args, partialsRight, holdersRight, isCurried);
+        }
+        length -= holdersCount;
+        if (isCurried && length < arity) {
+          var newHolders = replaceHolders(args, placeholder);
+          return createRecurry(func, bitmask, createHybrid, wrapper.placeholder, thisArg, args, newHolders, argPos, ary, arity - length);
+        }
+        var thisBinding = isBind ? thisArg : this,
+          fn = isBindKey ? thisBinding[func] : func;
+        length = args.length;
+        if (argPos) {
+          args = reorder(args, argPos);
+        } else if (isFlip && length > 1) {
+          args.reverse();
+        }
+        if (isAry && ary < length) {
+          args.length = ary;
+        }
+        if (this && this !== root && this instanceof wrapper) {
+          fn = Ctor || createCtor(fn);
+        }
+        return fn.apply(thisBinding, args);
+      }
+      return wrapper;
+    }
+
+    /**
+     * Creates a function like `_.invertBy`.
+     *
+     * @private
+     * @param {Function} setter The function to set accumulator values.
+     * @param {Function} toIteratee The function to resolve iteratees.
+     * @returns {Function} Returns the new inverter function.
+     */
+    function createInverter(setter, toIteratee) {
+      return function (object, iteratee) {
+        return baseInverter(object, setter, toIteratee(iteratee), {});
+      };
+    }
+
+    /**
+     * Creates a function that performs a mathematical operation on two values.
+     *
+     * @private
+     * @param {Function} operator The function to perform the operation.
+     * @param {number} [defaultValue] The value used for `undefined` arguments.
+     * @returns {Function} Returns the new mathematical operation function.
+     */
+    function createMathOperation(operator, defaultValue) {
+      return function (value, other) {
+        var result;
+        if (value === undefined && other === undefined) {
+          return defaultValue;
+        }
+        if (value !== undefined) {
+          result = value;
+        }
+        if (other !== undefined) {
+          if (result === undefined) {
+            return other;
+          }
+          if (typeof value == 'string' || typeof other == 'string') {
+            value = baseToString(value);
+            other = baseToString(other);
+          } else {
+            value = baseToNumber(value);
+            other = baseToNumber(other);
+          }
+          result = operator(value, other);
+        }
+        return result;
+      };
+    }
+
+    /**
+     * Creates a function like `_.over`.
+     *
+     * @private
+     * @param {Function} arrayFunc The function to iterate over iteratees.
+     * @returns {Function} Returns the new over function.
+     */
+    function createOver(arrayFunc) {
+      return flatRest(function (iteratees) {
+        iteratees = arrayMap(iteratees, baseUnary(getIteratee()));
+        return baseRest(function (args) {
+          var thisArg = this;
+          return arrayFunc(iteratees, function (iteratee) {
+            return apply(iteratee, thisArg, args);
+          });
+        });
+      });
+    }
+
+    /**
+     * Creates the padding for `string` based on `length`. The `chars` string
+     * is truncated if the number of characters exceeds `length`.
+     *
+     * @private
+     * @param {number} length The padding length.
+     * @param {string} [chars=' '] The string used as padding.
+     * @returns {string} Returns the padding for `string`.
+     */
+    function createPadding(length, chars) {
+      chars = chars === undefined ? ' ' : baseToString(chars);
+      var charsLength = chars.length;
+      if (charsLength < 2) {
+        return charsLength ? baseRepeat(chars, length) : chars;
+      }
+      var result = baseRepeat(chars, nativeCeil(length / stringSize(chars)));
+      return hasUnicode(chars) ? castSlice(stringToArray(result), 0, length).join('') : result.slice(0, length);
+    }
+
+    /**
+     * Creates a function that wraps `func` to invoke it with the `this` binding
+     * of `thisArg` and `partials` prepended to the arguments it receives.
+     *
+     * @private
+     * @param {Function} func The function to wrap.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @param {*} thisArg The `this` binding of `func`.
+     * @param {Array} partials The arguments to prepend to those provided to
+     *  the new function.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createPartial(func, bitmask, thisArg, partials) {
+      var isBind = bitmask & WRAP_BIND_FLAG,
+        Ctor = createCtor(func);
+      function wrapper() {
+        var argsIndex = -1,
+          argsLength = arguments.length,
+          leftIndex = -1,
+          leftLength = partials.length,
+          args = Array(leftLength + argsLength),
+          fn = this && this !== root && this instanceof wrapper ? Ctor : func;
+        while (++leftIndex < leftLength) {
+          args[leftIndex] = partials[leftIndex];
+        }
+        while (argsLength--) {
+          args[leftIndex++] = arguments[++argsIndex];
+        }
+        return apply(fn, isBind ? thisArg : this, args);
+      }
+      return wrapper;
+    }
+
+    /**
+     * Creates a `_.range` or `_.rangeRight` function.
+     *
+     * @private
+     * @param {boolean} [fromRight] Specify iterating from right to left.
+     * @returns {Function} Returns the new range function.
+     */
+    function createRange(fromRight) {
+      return function (start, end, step) {
+        if (step && typeof step != 'number' && isIterateeCall(start, end, step)) {
+          end = step = undefined;
+        }
+        // Ensure the sign of `-0` is preserved.
+        start = toFinite(start);
+        if (end === undefined) {
+          end = start;
+          start = 0;
+        } else {
+          end = toFinite(end);
+        }
+        step = step === undefined ? start < end ? 1 : -1 : toFinite(step);
+        return baseRange(start, end, step, fromRight);
+      };
+    }
+
+    /**
+     * Creates a function that performs a relational operation on two values.
+     *
+     * @private
+     * @param {Function} operator The function to perform the operation.
+     * @returns {Function} Returns the new relational operation function.
+     */
+    function createRelationalOperation(operator) {
+      return function (value, other) {
+        if (!(typeof value == 'string' && typeof other == 'string')) {
+          value = toNumber(value);
+          other = toNumber(other);
+        }
+        return operator(value, other);
+      };
+    }
+
+    /**
+     * Creates a function that wraps `func` to continue currying.
+     *
+     * @private
+     * @param {Function} func The function to wrap.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @param {Function} wrapFunc The function to create the `func` wrapper.
+     * @param {*} placeholder The placeholder value.
+     * @param {*} [thisArg] The `this` binding of `func`.
+     * @param {Array} [partials] The arguments to prepend to those provided to
+     *  the new function.
+     * @param {Array} [holders] The `partials` placeholder indexes.
+     * @param {Array} [argPos] The argument positions of the new function.
+     * @param {number} [ary] The arity cap of `func`.
+     * @param {number} [arity] The arity of `func`.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createRecurry(func, bitmask, wrapFunc, placeholder, thisArg, partials, holders, argPos, ary, arity) {
+      var isCurry = bitmask & WRAP_CURRY_FLAG,
+        newHolders = isCurry ? holders : undefined,
+        newHoldersRight = isCurry ? undefined : holders,
+        newPartials = isCurry ? partials : undefined,
+        newPartialsRight = isCurry ? undefined : partials;
+      bitmask |= isCurry ? WRAP_PARTIAL_FLAG : WRAP_PARTIAL_RIGHT_FLAG;
+      bitmask &= ~(isCurry ? WRAP_PARTIAL_RIGHT_FLAG : WRAP_PARTIAL_FLAG);
+      if (!(bitmask & WRAP_CURRY_BOUND_FLAG)) {
+        bitmask &= ~(WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG);
+      }
+      var newData = [func, bitmask, thisArg, newPartials, newHolders, newPartialsRight, newHoldersRight, argPos, ary, arity];
+      var result = wrapFunc.apply(undefined, newData);
+      if (isLaziable(func)) {
+        setData(result, newData);
+      }
+      result.placeholder = placeholder;
+      return setWrapToString(result, func, bitmask);
+    }
+
+    /**
+     * Creates a function like `_.round`.
+     *
+     * @private
+     * @param {string} methodName The name of the `Math` method to use when rounding.
+     * @returns {Function} Returns the new round function.
+     */
+    function createRound(methodName) {
+      var func = Math[methodName];
+      return function (number, precision) {
+        number = toNumber(number);
+        precision = precision == null ? 0 : nativeMin(toInteger(precision), 292);
+        if (precision && nativeIsFinite(number)) {
+          // Shift with exponential notation to avoid floating-point issues.
+          // See [MDN](https://mdn.io/round#Examples) for more details.
+          var pair = (toString(number) + 'e').split('e'),
+            value = func(pair[0] + 'e' + (+pair[1] + precision));
+          pair = (toString(value) + 'e').split('e');
+          return +(pair[0] + 'e' + (+pair[1] - precision));
+        }
+        return func(number);
+      };
+    }
+
+    /**
+     * Creates a set object of `values`.
+     *
+     * @private
+     * @param {Array} values The values to add to the set.
+     * @returns {Object} Returns the new set.
+     */
+    var createSet = !(Set && 1 / setToArray(new Set([, -0]))[1] == INFINITY) ? noop : function (values) {
+      return new Set(values);
+    };
+
+    /**
+     * Creates a `_.toPairs` or `_.toPairsIn` function.
+     *
+     * @private
+     * @param {Function} keysFunc The function to get the keys of a given object.
+     * @returns {Function} Returns the new pairs function.
+     */
+    function createToPairs(keysFunc) {
+      return function (object) {
+        var tag = getTag(object);
+        if (tag == mapTag) {
+          return mapToArray(object);
+        }
+        if (tag == setTag) {
+          return setToPairs(object);
+        }
+        return baseToPairs(object, keysFunc(object));
+      };
+    }
+
+    /**
+     * Creates a function that either curries or invokes `func` with optional
+     * `this` binding and partially applied arguments.
+     *
+     * @private
+     * @param {Function|string} func The function or method name to wrap.
+     * @param {number} bitmask The bitmask flags.
+     *    1 - `_.bind`
+     *    2 - `_.bindKey`
+     *    4 - `_.curry` or `_.curryRight` of a bound function
+     *    8 - `_.curry`
+     *   16 - `_.curryRight`
+     *   32 - `_.partial`
+     *   64 - `_.partialRight`
+     *  128 - `_.rearg`
+     *  256 - `_.ary`
+     *  512 - `_.flip`
+     * @param {*} [thisArg] The `this` binding of `func`.
+     * @param {Array} [partials] The arguments to be partially applied.
+     * @param {Array} [holders] The `partials` placeholder indexes.
+     * @param {Array} [argPos] The argument positions of the new function.
+     * @param {number} [ary] The arity cap of `func`.
+     * @param {number} [arity] The arity of `func`.
+     * @returns {Function} Returns the new wrapped function.
+     */
+    function createWrap(func, bitmask, thisArg, partials, holders, argPos, ary, arity) {
+      var isBindKey = bitmask & WRAP_BIND_KEY_FLAG;
+      if (!isBindKey && typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      var length = partials ? partials.length : 0;
+      if (!length) {
+        bitmask &= ~(WRAP_PARTIAL_FLAG | WRAP_PARTIAL_RIGHT_FLAG);
+        partials = holders = undefined;
+      }
+      ary = ary === undefined ? ary : nativeMax(toInteger(ary), 0);
+      arity = arity === undefined ? arity : toInteger(arity);
+      length -= holders ? holders.length : 0;
+      if (bitmask & WRAP_PARTIAL_RIGHT_FLAG) {
+        var partialsRight = partials,
+          holdersRight = holders;
+        partials = holders = undefined;
+      }
+      var data = isBindKey ? undefined : getData(func);
+      var newData = [func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity];
+      if (data) {
+        mergeData(newData, data);
+      }
+      func = newData[0];
+      bitmask = newData[1];
+      thisArg = newData[2];
+      partials = newData[3];
+      holders = newData[4];
+      arity = newData[9] = newData[9] === undefined ? isBindKey ? 0 : func.length : nativeMax(newData[9] - length, 0);
+      if (!arity && bitmask & (WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG)) {
+        bitmask &= ~(WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG);
+      }
+      if (!bitmask || bitmask == WRAP_BIND_FLAG) {
+        var result = createBind(func, bitmask, thisArg);
+      } else if (bitmask == WRAP_CURRY_FLAG || bitmask == WRAP_CURRY_RIGHT_FLAG) {
+        result = createCurry(func, bitmask, arity);
+      } else if ((bitmask == WRAP_PARTIAL_FLAG || bitmask == (WRAP_BIND_FLAG | WRAP_PARTIAL_FLAG)) && !holders.length) {
+        result = createPartial(func, bitmask, thisArg, partials);
+      } else {
+        result = createHybrid.apply(undefined, newData);
+      }
+      var setter = data ? baseSetData : setData;
+      return setWrapToString(setter(result, newData), func, bitmask);
+    }
+
+    /**
+     * Used by `_.defaults` to customize its `_.assignIn` use to assign properties
+     * of source objects to the destination object for all destination properties
+     * that resolve to `undefined`.
+     *
+     * @private
+     * @param {*} objValue The destination value.
+     * @param {*} srcValue The source value.
+     * @param {string} key The key of the property to assign.
+     * @param {Object} object The parent object of `objValue`.
+     * @returns {*} Returns the value to assign.
+     */
+    function customDefaultsAssignIn(objValue, srcValue, key, object) {
+      if (objValue === undefined || eq(objValue, objectProto[key]) && !hasOwnProperty.call(object, key)) {
+        return srcValue;
+      }
+      return objValue;
+    }
+
+    /**
+     * Used by `_.defaultsDeep` to customize its `_.merge` use to merge source
+     * objects into destination objects that are passed thru.
+     *
+     * @private
+     * @param {*} objValue The destination value.
+     * @param {*} srcValue The source value.
+     * @param {string} key The key of the property to merge.
+     * @param {Object} object The parent object of `objValue`.
+     * @param {Object} source The parent object of `srcValue`.
+     * @param {Object} [stack] Tracks traversed source values and their merged
+     *  counterparts.
+     * @returns {*} Returns the value to assign.
+     */
+    function customDefaultsMerge(objValue, srcValue, key, object, source, stack) {
+      if (isObject(objValue) && isObject(srcValue)) {
+        // Recursively merge objects and arrays (susceptible to call stack limits).
+        stack.set(srcValue, objValue);
+        baseMerge(objValue, srcValue, undefined, customDefaultsMerge, stack);
+        stack['delete'](srcValue);
+      }
+      return objValue;
+    }
+
+    /**
+     * Used by `_.omit` to customize its `_.cloneDeep` use to only clone plain
+     * objects.
+     *
+     * @private
+     * @param {*} value The value to inspect.
+     * @param {string} key The key of the property to inspect.
+     * @returns {*} Returns the uncloned value or `undefined` to defer cloning to `_.cloneDeep`.
+     */
+    function customOmitClone(value) {
+      return isPlainObject(value) ? undefined : value;
+    }
+
+    /**
+     * A specialized version of `baseIsEqualDeep` for arrays with support for
+     * partial deep comparisons.
+     *
+     * @private
+     * @param {Array} array The array to compare.
+     * @param {Array} other The other array to compare.
+     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
+     * @param {Function} customizer The function to customize comparisons.
+     * @param {Function} equalFunc The function to determine equivalents of values.
+     * @param {Object} stack Tracks traversed `array` and `other` objects.
+     * @returns {boolean} Returns `true` if the arrays are equivalent, else `false`.
+     */
+    function equalArrays(array, other, bitmask, customizer, equalFunc, stack) {
+      var isPartial = bitmask & COMPARE_PARTIAL_FLAG,
+        arrLength = array.length,
+        othLength = other.length;
+      if (arrLength != othLength && !(isPartial && othLength > arrLength)) {
+        return false;
+      }
+      // Check that cyclic values are equal.
+      var arrStacked = stack.get(array);
+      var othStacked = stack.get(other);
+      if (arrStacked && othStacked) {
+        return arrStacked == other && othStacked == array;
+      }
+      var index = -1,
+        result = true,
+        seen = bitmask & COMPARE_UNORDERED_FLAG ? new SetCache() : undefined;
+      stack.set(array, other);
+      stack.set(other, array);
+
+      // Ignore non-index properties.
+      while (++index < arrLength) {
+        var arrValue = array[index],
+          othValue = other[index];
+        if (customizer) {
+          var compared = isPartial ? customizer(othValue, arrValue, index, other, array, stack) : customizer(arrValue, othValue, index, array, other, stack);
+        }
+        if (compared !== undefined) {
+          if (compared) {
+            continue;
+          }
+          result = false;
+          break;
+        }
+        // Recursively compare arrays (susceptible to call stack limits).
+        if (seen) {
+          if (!arraySome(other, function (othValue, othIndex) {
+            if (!cacheHas(seen, othIndex) && (arrValue === othValue || equalFunc(arrValue, othValue, bitmask, customizer, stack))) {
+              return seen.push(othIndex);
+            }
+          })) {
+            result = false;
+            break;
+          }
+        } else if (!(arrValue === othValue || equalFunc(arrValue, othValue, bitmask, customizer, stack))) {
+          result = false;
+          break;
+        }
+      }
+      stack['delete'](array);
+      stack['delete'](other);
+      return result;
+    }
+
+    /**
+     * A specialized version of `baseIsEqualDeep` for comparing objects of
+     * the same `toStringTag`.
+     *
+     * **Note:** This function only supports comparing values with tags of
+     * `Boolean`, `Date`, `Error`, `Number`, `RegExp`, or `String`.
+     *
+     * @private
+     * @param {Object} object The object to compare.
+     * @param {Object} other The other object to compare.
+     * @param {string} tag The `toStringTag` of the objects to compare.
+     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
+     * @param {Function} customizer The function to customize comparisons.
+     * @param {Function} equalFunc The function to determine equivalents of values.
+     * @param {Object} stack Tracks traversed `object` and `other` objects.
+     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
+     */
+    function equalByTag(object, other, tag, bitmask, customizer, equalFunc, stack) {
+      switch (tag) {
+        case dataViewTag:
+          if (object.byteLength != other.byteLength || object.byteOffset != other.byteOffset) {
+            return false;
+          }
+          object = object.buffer;
+          other = other.buffer;
+        case arrayBufferTag:
+          if (object.byteLength != other.byteLength || !equalFunc(new Uint8Array(object), new Uint8Array(other))) {
+            return false;
+          }
+          return true;
+        case boolTag:
+        case dateTag:
+        case numberTag:
+          // Coerce booleans to `1` or `0` and dates to milliseconds.
+          // Invalid dates are coerced to `NaN`.
+          return eq(+object, +other);
+        case errorTag:
+          return object.name == other.name && object.message == other.message;
+        case regexpTag:
+        case stringTag:
+          // Coerce regexes to strings and treat strings, primitives and objects,
+          // as equal. See http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring
+          // for more details.
+          return object == other + '';
+        case mapTag:
+          var convert = mapToArray;
+        case setTag:
+          var isPartial = bitmask & COMPARE_PARTIAL_FLAG;
+          convert || (convert = setToArray);
+          if (object.size != other.size && !isPartial) {
+            return false;
+          }
+          // Assume cyclic values are equal.
+          var stacked = stack.get(object);
+          if (stacked) {
+            return stacked == other;
+          }
+          bitmask |= COMPARE_UNORDERED_FLAG;
+
+          // Recursively compare objects (susceptible to call stack limits).
+          stack.set(object, other);
+          var result = equalArrays(convert(object), convert(other), bitmask, customizer, equalFunc, stack);
+          stack['delete'](object);
+          return result;
+        case symbolTag:
+          if (symbolValueOf) {
+            return symbolValueOf.call(object) == symbolValueOf.call(other);
+          }
+      }
+      return false;
+    }
+
+    /**
+     * A specialized version of `baseIsEqualDeep` for objects with support for
+     * partial deep comparisons.
+     *
+     * @private
+     * @param {Object} object The object to compare.
+     * @param {Object} other The other object to compare.
+     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
+     * @param {Function} customizer The function to customize comparisons.
+     * @param {Function} equalFunc The function to determine equivalents of values.
+     * @param {Object} stack Tracks traversed `object` and `other` objects.
+     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
+     */
+    function equalObjects(object, other, bitmask, customizer, equalFunc, stack) {
+      var isPartial = bitmask & COMPARE_PARTIAL_FLAG,
+        objProps = getAllKeys(object),
+        objLength = objProps.length,
+        othProps = getAllKeys(other),
+        othLength = othProps.length;
+      if (objLength != othLength && !isPartial) {
+        return false;
+      }
+      var index = objLength;
+      while (index--) {
+        var key = objProps[index];
+        if (!(isPartial ? key in other : hasOwnProperty.call(other, key))) {
+          return false;
+        }
+      }
+      // Check that cyclic values are equal.
+      var objStacked = stack.get(object);
+      var othStacked = stack.get(other);
+      if (objStacked && othStacked) {
+        return objStacked == other && othStacked == object;
+      }
+      var result = true;
+      stack.set(object, other);
+      stack.set(other, object);
+      var skipCtor = isPartial;
+      while (++index < objLength) {
+        key = objProps[index];
+        var objValue = object[key],
+          othValue = other[key];
+        if (customizer) {
+          var compared = isPartial ? customizer(othValue, objValue, key, other, object, stack) : customizer(objValue, othValue, key, object, other, stack);
+        }
+        // Recursively compare objects (susceptible to call stack limits).
+        if (!(compared === undefined ? objValue === othValue || equalFunc(objValue, othValue, bitmask, customizer, stack) : compared)) {
+          result = false;
+          break;
+        }
+        skipCtor || (skipCtor = key == 'constructor');
+      }
+      if (result && !skipCtor) {
+        var objCtor = object.constructor,
+          othCtor = other.constructor;
+
+        // Non `Object` object instances with different constructors are not equal.
+        if (objCtor != othCtor && 'constructor' in object && 'constructor' in other && !(typeof objCtor == 'function' && objCtor instanceof objCtor && typeof othCtor == 'function' && othCtor instanceof othCtor)) {
+          result = false;
+        }
+      }
+      stack['delete'](object);
+      stack['delete'](other);
+      return result;
+    }
+
+    /**
+     * A specialized version of `baseRest` which flattens the rest array.
+     *
+     * @private
+     * @param {Function} func The function to apply a rest parameter to.
+     * @returns {Function} Returns the new function.
+     */
+    function flatRest(func) {
+      return setToString(overRest(func, undefined, flatten), func + '');
+    }
+
+    /**
+     * Creates an array of own enumerable property names and symbols of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names and symbols.
+     */
+    function getAllKeys(object) {
+      return baseGetAllKeys(object, keys, getSymbols);
+    }
+
+    /**
+     * Creates an array of own and inherited enumerable property names and
+     * symbols of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names and symbols.
+     */
+    function getAllKeysIn(object) {
+      return baseGetAllKeys(object, keysIn, getSymbolsIn);
+    }
+
+    /**
+     * Gets metadata for `func`.
+     *
+     * @private
+     * @param {Function} func The function to query.
+     * @returns {*} Returns the metadata for `func`.
+     */
+    var getData = !metaMap ? noop : function (func) {
+      return metaMap.get(func);
+    };
+
+    /**
+     * Gets the name of `func`.
+     *
+     * @private
+     * @param {Function} func The function to query.
+     * @returns {string} Returns the function name.
+     */
+    function getFuncName(func) {
+      var result = func.name + '',
+        array = realNames[result],
+        length = hasOwnProperty.call(realNames, result) ? array.length : 0;
+      while (length--) {
+        var data = array[length],
+          otherFunc = data.func;
+        if (otherFunc == null || otherFunc == func) {
+          return data.name;
+        }
+      }
+      return result;
+    }
+
+    /**
+     * Gets the argument placeholder value for `func`.
+     *
+     * @private
+     * @param {Function} func The function to inspect.
+     * @returns {*} Returns the placeholder value.
+     */
+    function getHolder(func) {
+      var object = hasOwnProperty.call(lodash, 'placeholder') ? lodash : func;
+      return object.placeholder;
+    }
+
+    /**
+     * Gets the appropriate "iteratee" function. If `_.iteratee` is customized,
+     * this function returns the custom method, otherwise it returns `baseIteratee`.
+     * If arguments are provided, the chosen function is invoked with them and
+     * its result is returned.
+     *
+     * @private
+     * @param {*} [value] The value to convert to an iteratee.
+     * @param {number} [arity] The arity of the created iteratee.
+     * @returns {Function} Returns the chosen function or its result.
+     */
+    function getIteratee() {
+      var result = lodash.iteratee || iteratee;
+      result = result === iteratee ? baseIteratee : result;
+      return arguments.length ? result(arguments[0], arguments[1]) : result;
+    }
+
+    /**
+     * Gets the data for `map`.
+     *
+     * @private
+     * @param {Object} map The map to query.
+     * @param {string} key The reference key.
+     * @returns {*} Returns the map data.
+     */
+    function getMapData(map, key) {
+      var data = map.__data__;
+      return isKeyable(key) ? data[typeof key == 'string' ? 'string' : 'hash'] : data.map;
+    }
+
+    /**
+     * Gets the property names, values, and compare flags of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the match data of `object`.
+     */
+    function getMatchData(object) {
+      var result = keys(object),
+        length = result.length;
+      while (length--) {
+        var key = result[length],
+          value = object[key];
+        result[length] = [key, value, isStrictComparable(value)];
+      }
+      return result;
+    }
+
+    /**
+     * Gets the native function at `key` of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {string} key The key of the method to get.
+     * @returns {*} Returns the function if it's native, else `undefined`.
+     */
+    function getNative(object, key) {
+      var value = getValue(object, key);
+      return baseIsNative(value) ? value : undefined;
+    }
+
+    /**
+     * A specialized version of `baseGetTag` which ignores `Symbol.toStringTag` values.
+     *
+     * @private
+     * @param {*} value The value to query.
+     * @returns {string} Returns the raw `toStringTag`.
+     */
+    function getRawTag(value) {
+      var isOwn = hasOwnProperty.call(value, symToStringTag),
+        tag = value[symToStringTag];
+      try {
+        value[symToStringTag] = undefined;
+        var unmasked = true;
+      } catch (e) {}
+      var result = nativeObjectToString.call(value);
+      if (unmasked) {
+        if (isOwn) {
+          value[symToStringTag] = tag;
+        } else {
+          delete value[symToStringTag];
+        }
+      }
+      return result;
+    }
+
+    /**
+     * Creates an array of the own enumerable symbols of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of symbols.
+     */
+    var getSymbols = !nativeGetSymbols ? stubArray : function (object) {
+      if (object == null) {
+        return [];
+      }
+      object = Object(object);
+      return arrayFilter(nativeGetSymbols(object), function (symbol) {
+        return propertyIsEnumerable.call(object, symbol);
+      });
+    };
+
+    /**
+     * Creates an array of the own and inherited enumerable symbols of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of symbols.
+     */
+    var getSymbolsIn = !nativeGetSymbols ? stubArray : function (object) {
+      var result = [];
+      while (object) {
+        arrayPush(result, getSymbols(object));
+        object = getPrototype(object);
+      }
+      return result;
+    };
+
+    /**
+     * Gets the `toStringTag` of `value`.
+     *
+     * @private
+     * @param {*} value The value to query.
+     * @returns {string} Returns the `toStringTag`.
+     */
+    var getTag = baseGetTag;
+
+    // Fallback for data views, maps, sets, and weak maps in IE 11 and promises in Node.js < 6.
+    if (DataView && getTag(new DataView(new ArrayBuffer(1))) != dataViewTag || Map && getTag(new Map()) != mapTag || Promise && getTag(Promise.resolve()) != promiseTag || Set && getTag(new Set()) != setTag || WeakMap && getTag(new WeakMap()) != weakMapTag) {
+      getTag = function getTag(value) {
+        var result = baseGetTag(value),
+          Ctor = result == objectTag ? value.constructor : undefined,
+          ctorString = Ctor ? toSource(Ctor) : '';
+        if (ctorString) {
+          switch (ctorString) {
+            case dataViewCtorString:
+              return dataViewTag;
+            case mapCtorString:
+              return mapTag;
+            case promiseCtorString:
+              return promiseTag;
+            case setCtorString:
+              return setTag;
+            case weakMapCtorString:
+              return weakMapTag;
+          }
+        }
+        return result;
+      };
+    }
+
+    /**
+     * Gets the view, applying any `transforms` to the `start` and `end` positions.
+     *
+     * @private
+     * @param {number} start The start of the view.
+     * @param {number} end The end of the view.
+     * @param {Array} transforms The transformations to apply to the view.
+     * @returns {Object} Returns an object containing the `start` and `end`
+     *  positions of the view.
+     */
+    function getView(start, end, transforms) {
+      var index = -1,
+        length = transforms.length;
+      while (++index < length) {
+        var data = transforms[index],
+          size = data.size;
+        switch (data.type) {
+          case 'drop':
+            start += size;
+            break;
+          case 'dropRight':
+            end -= size;
+            break;
+          case 'take':
+            end = nativeMin(end, start + size);
+            break;
+          case 'takeRight':
+            start = nativeMax(start, end - size);
+            break;
+        }
+      }
+      return {
+        'start': start,
+        'end': end
+      };
+    }
+
+    /**
+     * Extracts wrapper details from the `source` body comment.
+     *
+     * @private
+     * @param {string} source The source to inspect.
+     * @returns {Array} Returns the wrapper details.
+     */
+    function getWrapDetails(source) {
+      var match = source.match(reWrapDetails);
+      return match ? match[1].split(reSplitDetails) : [];
+    }
+
+    /**
+     * Checks if `path` exists on `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path to check.
+     * @param {Function} hasFunc The function to check properties.
+     * @returns {boolean} Returns `true` if `path` exists, else `false`.
+     */
+    function hasPath(object, path, hasFunc) {
+      path = castPath(path, object);
+      var index = -1,
+        length = path.length,
+        result = false;
+      while (++index < length) {
+        var key = toKey(path[index]);
+        if (!(result = object != null && hasFunc(object, key))) {
+          break;
+        }
+        object = object[key];
+      }
+      if (result || ++index != length) {
+        return result;
+      }
+      length = object == null ? 0 : object.length;
+      return !!length && isLength(length) && isIndex(key, length) && (isArray(object) || isArguments(object));
+    }
+
+    /**
+     * Initializes an array clone.
+     *
+     * @private
+     * @param {Array} array The array to clone.
+     * @returns {Array} Returns the initialized clone.
+     */
+    function initCloneArray(array) {
+      var length = array.length,
+        result = new array.constructor(length);
+
+      // Add properties assigned by `RegExp#exec`.
+      if (length && typeof array[0] == 'string' && hasOwnProperty.call(array, 'index')) {
+        result.index = array.index;
+        result.input = array.input;
+      }
+      return result;
+    }
+
+    /**
+     * Initializes an object clone.
+     *
+     * @private
+     * @param {Object} object The object to clone.
+     * @returns {Object} Returns the initialized clone.
+     */
+    function initCloneObject(object) {
+      return typeof object.constructor == 'function' && !isPrototype(object) ? baseCreate(getPrototype(object)) : {};
+    }
+
+    /**
+     * Initializes an object clone based on its `toStringTag`.
+     *
+     * **Note:** This function only supports cloning values with tags of
+     * `Boolean`, `Date`, `Error`, `Map`, `Number`, `RegExp`, `Set`, or `String`.
+     *
+     * @private
+     * @param {Object} object The object to clone.
+     * @param {string} tag The `toStringTag` of the object to clone.
+     * @param {boolean} [isDeep] Specify a deep clone.
+     * @returns {Object} Returns the initialized clone.
+     */
+    function initCloneByTag(object, tag, isDeep) {
+      var Ctor = object.constructor;
+      switch (tag) {
+        case arrayBufferTag:
+          return cloneArrayBuffer(object);
+        case boolTag:
+        case dateTag:
+          return new Ctor(+object);
+        case dataViewTag:
+          return cloneDataView(object, isDeep);
+        case float32Tag:
+        case float64Tag:
+        case int8Tag:
+        case int16Tag:
+        case int32Tag:
+        case uint8Tag:
+        case uint8ClampedTag:
+        case uint16Tag:
+        case uint32Tag:
+          return cloneTypedArray(object, isDeep);
+        case mapTag:
+          return new Ctor();
+        case numberTag:
+        case stringTag:
+          return new Ctor(object);
+        case regexpTag:
+          return cloneRegExp(object);
+        case setTag:
+          return new Ctor();
+        case symbolTag:
+          return cloneSymbol(object);
+      }
+    }
+
+    /**
+     * Inserts wrapper `details` in a comment at the top of the `source` body.
+     *
+     * @private
+     * @param {string} source The source to modify.
+     * @returns {Array} details The details to insert.
+     * @returns {string} Returns the modified source.
+     */
+    function insertWrapDetails(source, details) {
+      var length = details.length;
+      if (!length) {
+        return source;
+      }
+      var lastIndex = length - 1;
+      details[lastIndex] = (length > 1 ? '& ' : '') + details[lastIndex];
+      details = details.join(length > 2 ? ', ' : ' ');
+      return source.replace(reWrapComment, '{\n/* [wrapped with ' + details + '] */\n');
+    }
+
+    /**
+     * Checks if `value` is a flattenable `arguments` object or array.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is flattenable, else `false`.
+     */
+    function isFlattenable(value) {
+      return isArray(value) || isArguments(value) || !!(spreadableSymbol && value && value[spreadableSymbol]);
+    }
+
+    /**
+     * Checks if `value` is a valid array-like index.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @param {number} [length=MAX_SAFE_INTEGER] The upper bounds of a valid index.
+     * @returns {boolean} Returns `true` if `value` is a valid index, else `false`.
+     */
+    function isIndex(value, length) {
+      var type = typeof value;
+      length = length == null ? MAX_SAFE_INTEGER : length;
+      return !!length && (type == 'number' || type != 'symbol' && reIsUint.test(value)) && value > -1 && value % 1 == 0 && value < length;
+    }
+
+    /**
+     * Checks if the given arguments are from an iteratee call.
+     *
+     * @private
+     * @param {*} value The potential iteratee value argument.
+     * @param {*} index The potential iteratee index or key argument.
+     * @param {*} object The potential iteratee object argument.
+     * @returns {boolean} Returns `true` if the arguments are from an iteratee call,
+     *  else `false`.
+     */
+    function isIterateeCall(value, index, object) {
+      if (!isObject(object)) {
+        return false;
+      }
+      var type = typeof index;
+      if (type == 'number' ? isArrayLike(object) && isIndex(index, object.length) : type == 'string' && index in object) {
+        return eq(object[index], value);
+      }
+      return false;
+    }
+
+    /**
+     * Checks if `value` is a property name and not a property path.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @param {Object} [object] The object to query keys on.
+     * @returns {boolean} Returns `true` if `value` is a property name, else `false`.
+     */
+    function isKey(value, object) {
+      if (isArray(value)) {
+        return false;
+      }
+      var type = typeof value;
+      if (type == 'number' || type == 'symbol' || type == 'boolean' || value == null || isSymbol(value)) {
+        return true;
+      }
+      return reIsPlainProp.test(value) || !reIsDeepProp.test(value) || object != null && value in Object(object);
+    }
+
+    /**
+     * Checks if `value` is suitable for use as unique object key.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is suitable, else `false`.
+     */
+    function isKeyable(value) {
+      var type = typeof value;
+      return type == 'string' || type == 'number' || type == 'symbol' || type == 'boolean' ? value !== '__proto__' : value === null;
+    }
+
+    /**
+     * Checks if `func` has a lazy counterpart.
+     *
+     * @private
+     * @param {Function} func The function to check.
+     * @returns {boolean} Returns `true` if `func` has a lazy counterpart,
+     *  else `false`.
+     */
+    function isLaziable(func) {
+      var funcName = getFuncName(func),
+        other = lodash[funcName];
+      if (typeof other != 'function' || !(funcName in LazyWrapper.prototype)) {
+        return false;
+      }
+      if (func === other) {
+        return true;
+      }
+      var data = getData(other);
+      return !!data && func === data[0];
+    }
+
+    /**
+     * Checks if `func` has its source masked.
+     *
+     * @private
+     * @param {Function} func The function to check.
+     * @returns {boolean} Returns `true` if `func` is masked, else `false`.
+     */
+    function isMasked(func) {
+      return !!maskSrcKey && maskSrcKey in func;
+    }
+
+    /**
+     * Checks if `func` is capable of being masked.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `func` is maskable, else `false`.
+     */
+    var isMaskable = coreJsData ? isFunction : stubFalse;
+
+    /**
+     * Checks if `value` is likely a prototype object.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a prototype, else `false`.
+     */
+    function isPrototype(value) {
+      var Ctor = value && value.constructor,
+        proto = typeof Ctor == 'function' && Ctor.prototype || objectProto;
+      return value === proto;
+    }
+
+    /**
+     * Checks if `value` is suitable for strict equality comparisons, i.e. `===`.
+     *
+     * @private
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` if suitable for strict
+     *  equality comparisons, else `false`.
+     */
+    function isStrictComparable(value) {
+      return value === value && !isObject(value);
+    }
+
+    /**
+     * A specialized version of `matchesProperty` for source values suitable
+     * for strict equality comparisons, i.e. `===`.
+     *
+     * @private
+     * @param {string} key The key of the property to get.
+     * @param {*} srcValue The value to match.
+     * @returns {Function} Returns the new spec function.
+     */
+    function matchesStrictComparable(key, srcValue) {
+      return function (object) {
+        if (object == null) {
+          return false;
+        }
+        return object[key] === srcValue && (srcValue !== undefined || key in Object(object));
+      };
+    }
+
+    /**
+     * A specialized version of `_.memoize` which clears the memoized function's
+     * cache when it exceeds `MAX_MEMOIZE_SIZE`.
+     *
+     * @private
+     * @param {Function} func The function to have its output memoized.
+     * @returns {Function} Returns the new memoized function.
+     */
+    function memoizeCapped(func) {
+      var result = memoize(func, function (key) {
+        if (cache.size === MAX_MEMOIZE_SIZE) {
+          cache.clear();
+        }
+        return key;
+      });
+      var cache = result.cache;
+      return result;
+    }
+
+    /**
+     * Merges the function metadata of `source` into `data`.
+     *
+     * Merging metadata reduces the number of wrappers used to invoke a function.
+     * This is possible because methods like `_.bind`, `_.curry`, and `_.partial`
+     * may be applied regardless of execution order. Methods like `_.ary` and
+     * `_.rearg` modify function arguments, making the order in which they are
+     * executed important, preventing the merging of metadata. However, we make
+     * an exception for a safe combined case where curried functions have `_.ary`
+     * and or `_.rearg` applied.
+     *
+     * @private
+     * @param {Array} data The destination metadata.
+     * @param {Array} source The source metadata.
+     * @returns {Array} Returns `data`.
+     */
+    function mergeData(data, source) {
+      var bitmask = data[1],
+        srcBitmask = source[1],
+        newBitmask = bitmask | srcBitmask,
+        isCommon = newBitmask < (WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG | WRAP_ARY_FLAG);
+      var isCombo = srcBitmask == WRAP_ARY_FLAG && bitmask == WRAP_CURRY_FLAG || srcBitmask == WRAP_ARY_FLAG && bitmask == WRAP_REARG_FLAG && data[7].length <= source[8] || srcBitmask == (WRAP_ARY_FLAG | WRAP_REARG_FLAG) && source[7].length <= source[8] && bitmask == WRAP_CURRY_FLAG;
+
+      // Exit early if metadata can't be merged.
+      if (!(isCommon || isCombo)) {
+        return data;
+      }
+      // Use source `thisArg` if available.
+      if (srcBitmask & WRAP_BIND_FLAG) {
+        data[2] = source[2];
+        // Set when currying a bound function.
+        newBitmask |= bitmask & WRAP_BIND_FLAG ? 0 : WRAP_CURRY_BOUND_FLAG;
+      }
+      // Compose partial arguments.
+      var value = source[3];
+      if (value) {
+        var partials = data[3];
+        data[3] = partials ? composeArgs(partials, value, source[4]) : value;
+        data[4] = partials ? replaceHolders(data[3], PLACEHOLDER) : source[4];
+      }
+      // Compose partial right arguments.
+      value = source[5];
+      if (value) {
+        partials = data[5];
+        data[5] = partials ? composeArgsRight(partials, value, source[6]) : value;
+        data[6] = partials ? replaceHolders(data[5], PLACEHOLDER) : source[6];
+      }
+      // Use source `argPos` if available.
+      value = source[7];
+      if (value) {
+        data[7] = value;
+      }
+      // Use source `ary` if it's smaller.
+      if (srcBitmask & WRAP_ARY_FLAG) {
+        data[8] = data[8] == null ? source[8] : nativeMin(data[8], source[8]);
+      }
+      // Use source `arity` if one is not provided.
+      if (data[9] == null) {
+        data[9] = source[9];
+      }
+      // Use source `func` and merge bitmasks.
+      data[0] = source[0];
+      data[1] = newBitmask;
+      return data;
+    }
+
+    /**
+     * This function is like
+     * [`Object.keys`](http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
+     * except that it includes inherited enumerable properties.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names.
+     */
+    function nativeKeysIn(object) {
+      var result = [];
+      if (object != null) {
+        for (var key in Object(object)) {
+          result.push(key);
+        }
+      }
+      return result;
+    }
+
+    /**
+     * Converts `value` to a string using `Object.prototype.toString`.
+     *
+     * @private
+     * @param {*} value The value to convert.
+     * @returns {string} Returns the converted string.
+     */
+    function objectToString(value) {
+      return nativeObjectToString.call(value);
+    }
+
+    /**
+     * A specialized version of `baseRest` which transforms the rest array.
+     *
+     * @private
+     * @param {Function} func The function to apply a rest parameter to.
+     * @param {number} [start=func.length-1] The start position of the rest parameter.
+     * @param {Function} transform The rest array transform.
+     * @returns {Function} Returns the new function.
+     */
+    function overRest(func, start, transform) {
+      start = nativeMax(start === undefined ? func.length - 1 : start, 0);
+      return function () {
+        var args = arguments,
+          index = -1,
+          length = nativeMax(args.length - start, 0),
+          array = Array(length);
+        while (++index < length) {
+          array[index] = args[start + index];
+        }
+        index = -1;
+        var otherArgs = Array(start + 1);
+        while (++index < start) {
+          otherArgs[index] = args[index];
+        }
+        otherArgs[start] = transform(array);
+        return apply(func, this, otherArgs);
+      };
+    }
+
+    /**
+     * Gets the parent value at `path` of `object`.
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {Array} path The path to get the parent value of.
+     * @returns {*} Returns the parent value.
+     */
+    function parent(object, path) {
+      return path.length < 2 ? object : baseGet(object, baseSlice(path, 0, -1));
+    }
+
+    /**
+     * Reorder `array` according to the specified indexes where the element at
+     * the first index is assigned as the first element, the element at
+     * the second index is assigned as the second element, and so on.
+     *
+     * @private
+     * @param {Array} array The array to reorder.
+     * @param {Array} indexes The arranged array indexes.
+     * @returns {Array} Returns `array`.
+     */
+    function reorder(array, indexes) {
+      var arrLength = array.length,
+        length = nativeMin(indexes.length, arrLength),
+        oldArray = copyArray(array);
+      while (length--) {
+        var index = indexes[length];
+        array[length] = isIndex(index, arrLength) ? oldArray[index] : undefined;
+      }
+      return array;
+    }
+
+    /**
+     * Gets the value at `key`, unless `key` is "__proto__" or "constructor".
+     *
+     * @private
+     * @param {Object} object The object to query.
+     * @param {string} key The key of the property to get.
+     * @returns {*} Returns the property value.
+     */
+    function safeGet(object, key) {
+      if (key === 'constructor' && typeof object[key] === 'function') {
+        return;
+      }
+      if (key == '__proto__') {
+        return;
+      }
+      return object[key];
+    }
+
+    /**
+     * Sets metadata for `func`.
+     *
+     * **Note:** If this function becomes hot, i.e. is invoked a lot in a short
+     * period of time, it will trip its breaker and transition to an identity
+     * function to avoid garbage collection pauses in V8. See
+     * [V8 issue 2070](https://bugs.chromium.org/p/v8/issues/detail?id=2070)
+     * for more details.
+     *
+     * @private
+     * @param {Function} func The function to associate metadata with.
+     * @param {*} data The metadata.
+     * @returns {Function} Returns `func`.
+     */
+    var setData = shortOut(baseSetData);
+
+    /**
+     * A simple wrapper around the global [`setTimeout`](https://mdn.io/setTimeout).
+     *
+     * @private
+     * @param {Function} func The function to delay.
+     * @param {number} wait The number of milliseconds to delay invocation.
+     * @returns {number|Object} Returns the timer id or timeout object.
+     */
+    var setTimeout = ctxSetTimeout || function (func, wait) {
+      return root.setTimeout(func, wait);
+    };
+
+    /**
+     * Sets the `toString` method of `func` to return `string`.
+     *
+     * @private
+     * @param {Function} func The function to modify.
+     * @param {Function} string The `toString` result.
+     * @returns {Function} Returns `func`.
+     */
+    var setToString = shortOut(baseSetToString);
+
+    /**
+     * Sets the `toString` method of `wrapper` to mimic the source of `reference`
+     * with wrapper details in a comment at the top of the source body.
+     *
+     * @private
+     * @param {Function} wrapper The function to modify.
+     * @param {Function} reference The reference function.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @returns {Function} Returns `wrapper`.
+     */
+    function setWrapToString(wrapper, reference, bitmask) {
+      var source = reference + '';
+      return setToString(wrapper, insertWrapDetails(source, updateWrapDetails(getWrapDetails(source), bitmask)));
+    }
+
+    /**
+     * Creates a function that'll short out and invoke `identity` instead
+     * of `func` when it's called `HOT_COUNT` or more times in `HOT_SPAN`
+     * milliseconds.
+     *
+     * @private
+     * @param {Function} func The function to restrict.
+     * @returns {Function} Returns the new shortable function.
+     */
+    function shortOut(func) {
+      var count = 0,
+        lastCalled = 0;
+      return function () {
+        var stamp = nativeNow(),
+          remaining = HOT_SPAN - (stamp - lastCalled);
+        lastCalled = stamp;
+        if (remaining > 0) {
+          if (++count >= HOT_COUNT) {
+            return arguments[0];
+          }
+        } else {
+          count = 0;
+        }
+        return func.apply(undefined, arguments);
+      };
+    }
+
+    /**
+     * A specialized version of `_.shuffle` which mutates and sets the size of `array`.
+     *
+     * @private
+     * @param {Array} array The array to shuffle.
+     * @param {number} [size=array.length] The size of `array`.
+     * @returns {Array} Returns `array`.
+     */
+    function shuffleSelf(array, size) {
+      var index = -1,
+        length = array.length,
+        lastIndex = length - 1;
+      size = size === undefined ? length : size;
+      while (++index < size) {
+        var rand = baseRandom(index, lastIndex),
+          value = array[rand];
+        array[rand] = array[index];
+        array[index] = value;
+      }
+      array.length = size;
+      return array;
+    }
+
+    /**
+     * Converts `string` to a property path array.
+     *
+     * @private
+     * @param {string} string The string to convert.
+     * @returns {Array} Returns the property path array.
+     */
+    var stringToPath = memoizeCapped(function (string) {
+      var result = [];
+      if (string.charCodeAt(0) === 46 /* . */) {
+        result.push('');
+      }
+      string.replace(rePropName, function (match, number, quote, subString) {
+        result.push(quote ? subString.replace(reEscapeChar, '$1') : number || match);
+      });
+      return result;
+    });
+
+    /**
+     * Converts `value` to a string key if it's not a string or symbol.
+     *
+     * @private
+     * @param {*} value The value to inspect.
+     * @returns {string|symbol} Returns the key.
+     */
+    function toKey(value) {
+      if (typeof value == 'string' || isSymbol(value)) {
+        return value;
+      }
+      var result = value + '';
+      return result == '0' && 1 / value == -INFINITY ? '-0' : result;
+    }
+
+    /**
+     * Converts `func` to its source code.
+     *
+     * @private
+     * @param {Function} func The function to convert.
+     * @returns {string} Returns the source code.
+     */
+    function toSource(func) {
+      if (func != null) {
+        try {
+          return funcToString.call(func);
+        } catch (e) {}
+        try {
+          return func + '';
+        } catch (e) {}
+      }
+      return '';
+    }
+
+    /**
+     * Updates wrapper `details` based on `bitmask` flags.
+     *
+     * @private
+     * @returns {Array} details The details to modify.
+     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
+     * @returns {Array} Returns `details`.
+     */
+    function updateWrapDetails(details, bitmask) {
+      arrayEach(wrapFlags, function (pair) {
+        var value = '_.' + pair[0];
+        if (bitmask & pair[1] && !arrayIncludes(details, value)) {
+          details.push(value);
+        }
+      });
+      return details.sort();
+    }
+
+    /**
+     * Creates a clone of `wrapper`.
+     *
+     * @private
+     * @param {Object} wrapper The wrapper to clone.
+     * @returns {Object} Returns the cloned wrapper.
+     */
+    function wrapperClone(wrapper) {
+      if (wrapper instanceof LazyWrapper) {
+        return wrapper.clone();
+      }
+      var result = new LodashWrapper(wrapper.__wrapped__, wrapper.__chain__);
+      result.__actions__ = copyArray(wrapper.__actions__);
+      result.__index__ = wrapper.__index__;
+      result.__values__ = wrapper.__values__;
+      return result;
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates an array of elements split into groups the length of `size`.
+     * If `array` can't be split evenly, the final chunk will be the remaining
+     * elements.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to process.
+     * @param {number} [size=1] The length of each chunk
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the new array of chunks.
+     * @example
+     *
+     * _.chunk(['a', 'b', 'c', 'd'], 2);
+     * // => [['a', 'b'], ['c', 'd']]
+     *
+     * _.chunk(['a', 'b', 'c', 'd'], 3);
+     * // => [['a', 'b', 'c'], ['d']]
+     */
+    function chunk(array, size, guard) {
+      if (guard ? isIterateeCall(array, size, guard) : size === undefined) {
+        size = 1;
+      } else {
+        size = nativeMax(toInteger(size), 0);
+      }
+      var length = array == null ? 0 : array.length;
+      if (!length || size < 1) {
+        return [];
+      }
+      var index = 0,
+        resIndex = 0,
+        result = Array(nativeCeil(length / size));
+      while (index < length) {
+        result[resIndex++] = baseSlice(array, index, index += size);
+      }
+      return result;
+    }
+
+    /**
+     * Creates an array with all falsey values removed. The values `false`, `null`,
+     * `0`, `""`, `undefined`, and `NaN` are falsey.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to compact.
+     * @returns {Array} Returns the new array of filtered values.
+     * @example
+     *
+     * _.compact([0, 1, false, 2, '', 3]);
+     * // => [1, 2, 3]
+     */
+    function compact(array) {
+      var index = -1,
+        length = array == null ? 0 : array.length,
+        resIndex = 0,
+        result = [];
+      while (++index < length) {
+        var value = array[index];
+        if (value) {
+          result[resIndex++] = value;
+        }
+      }
+      return result;
+    }
+
+    /**
+     * Creates a new array concatenating `array` with any additional arrays
+     * and/or values.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to concatenate.
+     * @param {...*} [values] The values to concatenate.
+     * @returns {Array} Returns the new concatenated array.
+     * @example
+     *
+     * var array = [1];
+     * var other = _.concat(array, 2, [3], [[4]]);
+     *
+     * console.log(other);
+     * // => [1, 2, 3, [4]]
+     *
+     * console.log(array);
+     * // => [1]
+     */
+    function concat() {
+      var length = arguments.length;
+      if (!length) {
+        return [];
+      }
+      var args = Array(length - 1),
+        array = arguments[0],
+        index = length;
+      while (index--) {
+        args[index - 1] = arguments[index];
+      }
+      return arrayPush(isArray(array) ? copyArray(array) : [array], baseFlatten(args, 1));
+    }
+
+    /**
+     * Creates an array of `array` values not included in the other given arrays
+     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons. The order and references of result values are
+     * determined by the first array.
+     *
+     * **Note:** Unlike `_.pullAll`, this method returns a new array.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {...Array} [values] The values to exclude.
+     * @returns {Array} Returns the new array of filtered values.
+     * @see _.without, _.xor
+     * @example
+     *
+     * _.difference([2, 1], [2, 3]);
+     * // => [1]
+     */
+    var difference = baseRest(function (array, values) {
+      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true)) : [];
+    });
+
+    /**
+     * This method is like `_.difference` except that it accepts `iteratee` which
+     * is invoked for each element of `array` and `values` to generate the criterion
+     * by which they're compared. The order and references of result values are
+     * determined by the first array. The iteratee is invoked with one argument:
+     * (value).
+     *
+     * **Note:** Unlike `_.pullAllBy`, this method returns a new array.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {...Array} [values] The values to exclude.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns the new array of filtered values.
+     * @example
+     *
+     * _.differenceBy([2.1, 1.2], [2.3, 3.4], Math.floor);
+     * // => [1.2]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.differenceBy([{ 'x': 2 }, { 'x': 1 }], [{ 'x': 1 }], 'x');
+     * // => [{ 'x': 2 }]
+     */
+    var differenceBy = baseRest(function (array, values) {
+      var iteratee = last(values);
+      if (isArrayLikeObject(iteratee)) {
+        iteratee = undefined;
+      }
+      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true), getIteratee(iteratee, 2)) : [];
+    });
+
+    /**
+     * This method is like `_.difference` except that it accepts `comparator`
+     * which is invoked to compare elements of `array` to `values`. The order and
+     * references of result values are determined by the first array. The comparator
+     * is invoked with two arguments: (arrVal, othVal).
+     *
+     * **Note:** Unlike `_.pullAllWith`, this method returns a new array.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {...Array} [values] The values to exclude.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of filtered values.
+     * @example
+     *
+     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
+     *
+     * _.differenceWith(objects, [{ 'x': 1, 'y': 2 }], _.isEqual);
+     * // => [{ 'x': 2, 'y': 1 }]
+     */
+    var differenceWith = baseRest(function (array, values) {
+      var comparator = last(values);
+      if (isArrayLikeObject(comparator)) {
+        comparator = undefined;
+      }
+      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true), undefined, comparator) : [];
+    });
+
+    /**
+     * Creates a slice of `array` with `n` elements dropped from the beginning.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.5.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {number} [n=1] The number of elements to drop.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.drop([1, 2, 3]);
+     * // => [2, 3]
+     *
+     * _.drop([1, 2, 3], 2);
+     * // => [3]
+     *
+     * _.drop([1, 2, 3], 5);
+     * // => []
+     *
+     * _.drop([1, 2, 3], 0);
+     * // => [1, 2, 3]
+     */
+    function drop(array, n, guard) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      n = guard || n === undefined ? 1 : toInteger(n);
+      return baseSlice(array, n < 0 ? 0 : n, length);
+    }
+
+    /**
+     * Creates a slice of `array` with `n` elements dropped from the end.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {number} [n=1] The number of elements to drop.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.dropRight([1, 2, 3]);
+     * // => [1, 2]
+     *
+     * _.dropRight([1, 2, 3], 2);
+     * // => [1]
+     *
+     * _.dropRight([1, 2, 3], 5);
+     * // => []
+     *
+     * _.dropRight([1, 2, 3], 0);
+     * // => [1, 2, 3]
+     */
+    function dropRight(array, n, guard) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      n = guard || n === undefined ? 1 : toInteger(n);
+      n = length - n;
+      return baseSlice(array, 0, n < 0 ? 0 : n);
+    }
+
+    /**
+     * Creates a slice of `array` excluding elements dropped from the end.
+     * Elements are dropped until `predicate` returns falsey. The predicate is
+     * invoked with three arguments: (value, index, array).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': true },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': false }
+     * ];
+     *
+     * _.dropRightWhile(users, function(o) { return !o.active; });
+     * // => objects for ['barney']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.dropRightWhile(users, { 'user': 'pebbles', 'active': false });
+     * // => objects for ['barney', 'fred']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.dropRightWhile(users, ['active', false]);
+     * // => objects for ['barney']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.dropRightWhile(users, 'active');
+     * // => objects for ['barney', 'fred', 'pebbles']
+     */
+    function dropRightWhile(array, predicate) {
+      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), true, true) : [];
+    }
+
+    /**
+     * Creates a slice of `array` excluding elements dropped from the beginning.
+     * Elements are dropped until `predicate` returns falsey. The predicate is
+     * invoked with three arguments: (value, index, array).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': false },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': true }
+     * ];
+     *
+     * _.dropWhile(users, function(o) { return !o.active; });
+     * // => objects for ['pebbles']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.dropWhile(users, { 'user': 'barney', 'active': false });
+     * // => objects for ['fred', 'pebbles']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.dropWhile(users, ['active', false]);
+     * // => objects for ['pebbles']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.dropWhile(users, 'active');
+     * // => objects for ['barney', 'fred', 'pebbles']
+     */
+    function dropWhile(array, predicate) {
+      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), true) : [];
+    }
+
+    /**
+     * Fills elements of `array` with `value` from `start` up to, but not
+     * including, `end`.
+     *
+     * **Note:** This method mutates `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.2.0
+     * @category Array
+     * @param {Array} array The array to fill.
+     * @param {*} value The value to fill `array` with.
+     * @param {number} [start=0] The start position.
+     * @param {number} [end=array.length] The end position.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = [1, 2, 3];
+     *
+     * _.fill(array, 'a');
+     * console.log(array);
+     * // => ['a', 'a', 'a']
+     *
+     * _.fill(Array(3), 2);
+     * // => [2, 2, 2]
+     *
+     * _.fill([4, 6, 8, 10], '*', 1, 3);
+     * // => [4, '*', '*', 10]
+     */
+    function fill(array, value, start, end) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      if (start && typeof start != 'number' && isIterateeCall(array, value, start)) {
+        start = 0;
+        end = length;
+      }
+      return baseFill(array, value, start, end);
+    }
+
+    /**
+     * This method is like `_.find` except that it returns the index of the first
+     * element `predicate` returns truthy for instead of the element itself.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param {number} [fromIndex=0] The index to search from.
+     * @returns {number} Returns the index of the found element, else `-1`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': false },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': true }
+     * ];
+     *
+     * _.findIndex(users, function(o) { return o.user == 'barney'; });
+     * // => 0
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.findIndex(users, { 'user': 'fred', 'active': false });
+     * // => 1
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.findIndex(users, ['active', false]);
+     * // => 0
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.findIndex(users, 'active');
+     * // => 2
+     */
+    function findIndex(array, predicate, fromIndex) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return -1;
+      }
+      var index = fromIndex == null ? 0 : toInteger(fromIndex);
+      if (index < 0) {
+        index = nativeMax(length + index, 0);
+      }
+      return baseFindIndex(array, getIteratee(predicate, 3), index);
+    }
+
+    /**
+     * This method is like `_.findIndex` except that it iterates over elements
+     * of `collection` from right to left.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param {number} [fromIndex=array.length-1] The index to search from.
+     * @returns {number} Returns the index of the found element, else `-1`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': true },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': false }
+     * ];
+     *
+     * _.findLastIndex(users, function(o) { return o.user == 'pebbles'; });
+     * // => 2
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.findLastIndex(users, { 'user': 'barney', 'active': true });
+     * // => 0
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.findLastIndex(users, ['active', false]);
+     * // => 2
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.findLastIndex(users, 'active');
+     * // => 0
+     */
+    function findLastIndex(array, predicate, fromIndex) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return -1;
+      }
+      var index = length - 1;
+      if (fromIndex !== undefined) {
+        index = toInteger(fromIndex);
+        index = fromIndex < 0 ? nativeMax(length + index, 0) : nativeMin(index, length - 1);
+      }
+      return baseFindIndex(array, getIteratee(predicate, 3), index, true);
+    }
+
+    /**
+     * Flattens `array` a single level deep.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to flatten.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * _.flatten([1, [2, [3, [4]], 5]]);
+     * // => [1, 2, [3, [4]], 5]
+     */
+    function flatten(array) {
+      var length = array == null ? 0 : array.length;
+      return length ? baseFlatten(array, 1) : [];
+    }
+
+    /**
+     * Recursively flattens `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to flatten.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * _.flattenDeep([1, [2, [3, [4]], 5]]);
+     * // => [1, 2, 3, 4, 5]
+     */
+    function flattenDeep(array) {
+      var length = array == null ? 0 : array.length;
+      return length ? baseFlatten(array, INFINITY) : [];
+    }
+
+    /**
+     * Recursively flatten `array` up to `depth` times.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.4.0
+     * @category Array
+     * @param {Array} array The array to flatten.
+     * @param {number} [depth=1] The maximum recursion depth.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * var array = [1, [2, [3, [4]], 5]];
+     *
+     * _.flattenDepth(array, 1);
+     * // => [1, 2, [3, [4]], 5]
+     *
+     * _.flattenDepth(array, 2);
+     * // => [1, 2, 3, [4], 5]
+     */
+    function flattenDepth(array, depth) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      depth = depth === undefined ? 1 : toInteger(depth);
+      return baseFlatten(array, depth);
+    }
+
+    /**
+     * The inverse of `_.toPairs`; this method returns an object composed
+     * from key-value `pairs`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} pairs The key-value pairs.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * _.fromPairs([['a', 1], ['b', 2]]);
+     * // => { 'a': 1, 'b': 2 }
+     */
+    function fromPairs(pairs) {
+      var index = -1,
+        length = pairs == null ? 0 : pairs.length,
+        result = {};
+      while (++index < length) {
+        var pair = pairs[index];
+        result[pair[0]] = pair[1];
+      }
+      return result;
+    }
+
+    /**
+     * Gets the first element of `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @alias first
+     * @category Array
+     * @param {Array} array The array to query.
+     * @returns {*} Returns the first element of `array`.
+     * @example
+     *
+     * _.head([1, 2, 3]);
+     * // => 1
+     *
+     * _.head([]);
+     * // => undefined
+     */
+    function head(array) {
+      return array && array.length ? array[0] : undefined;
+    }
+
+    /**
+     * Gets the index at which the first occurrence of `value` is found in `array`
+     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons. If `fromIndex` is negative, it's used as the
+     * offset from the end of `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {*} value The value to search for.
+     * @param {number} [fromIndex=0] The index to search from.
+     * @returns {number} Returns the index of the matched value, else `-1`.
+     * @example
+     *
+     * _.indexOf([1, 2, 1, 2], 2);
+     * // => 1
+     *
+     * // Search from the `fromIndex`.
+     * _.indexOf([1, 2, 1, 2], 2, 2);
+     * // => 3
+     */
+    function indexOf(array, value, fromIndex) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return -1;
+      }
+      var index = fromIndex == null ? 0 : toInteger(fromIndex);
+      if (index < 0) {
+        index = nativeMax(length + index, 0);
+      }
+      return baseIndexOf(array, value, index);
+    }
+
+    /**
+     * Gets all but the last element of `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.initial([1, 2, 3]);
+     * // => [1, 2]
+     */
+    function initial(array) {
+      var length = array == null ? 0 : array.length;
+      return length ? baseSlice(array, 0, -1) : [];
+    }
+
+    /**
+     * Creates an array of unique values that are included in all given arrays
+     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons. The order and references of result values are
+     * determined by the first array.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @returns {Array} Returns the new array of intersecting values.
+     * @example
+     *
+     * _.intersection([2, 1], [2, 3]);
+     * // => [2]
+     */
+    var intersection = baseRest(function (arrays) {
+      var mapped = arrayMap(arrays, castArrayLikeObject);
+      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped) : [];
+    });
+
+    /**
+     * This method is like `_.intersection` except that it accepts `iteratee`
+     * which is invoked for each element of each `arrays` to generate the criterion
+     * by which they're compared. The order and references of result values are
+     * determined by the first array. The iteratee is invoked with one argument:
+     * (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns the new array of intersecting values.
+     * @example
+     *
+     * _.intersectionBy([2.1, 1.2], [2.3, 3.4], Math.floor);
+     * // => [2.1]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.intersectionBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
+     * // => [{ 'x': 1 }]
+     */
+    var intersectionBy = baseRest(function (arrays) {
+      var iteratee = last(arrays),
+        mapped = arrayMap(arrays, castArrayLikeObject);
+      if (iteratee === last(mapped)) {
+        iteratee = undefined;
+      } else {
+        mapped.pop();
+      }
+      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, getIteratee(iteratee, 2)) : [];
+    });
+
+    /**
+     * This method is like `_.intersection` except that it accepts `comparator`
+     * which is invoked to compare elements of `arrays`. The order and references
+     * of result values are determined by the first array. The comparator is
+     * invoked with two arguments: (arrVal, othVal).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of intersecting values.
+     * @example
+     *
+     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
+     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
+     *
+     * _.intersectionWith(objects, others, _.isEqual);
+     * // => [{ 'x': 1, 'y': 2 }]
+     */
+    var intersectionWith = baseRest(function (arrays) {
+      var comparator = last(arrays),
+        mapped = arrayMap(arrays, castArrayLikeObject);
+      comparator = typeof comparator == 'function' ? comparator : undefined;
+      if (comparator) {
+        mapped.pop();
+      }
+      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, undefined, comparator) : [];
+    });
+
+    /**
+     * Converts all elements in `array` into a string separated by `separator`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to convert.
+     * @param {string} [separator=','] The element separator.
+     * @returns {string} Returns the joined string.
+     * @example
+     *
+     * _.join(['a', 'b', 'c'], '~');
+     * // => 'a~b~c'
+     */
+    function join(array, separator) {
+      return array == null ? '' : nativeJoin.call(array, separator);
+    }
+
+    /**
+     * Gets the last element of `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @returns {*} Returns the last element of `array`.
+     * @example
+     *
+     * _.last([1, 2, 3]);
+     * // => 3
+     */
+    function last(array) {
+      var length = array == null ? 0 : array.length;
+      return length ? array[length - 1] : undefined;
+    }
+
+    /**
+     * This method is like `_.indexOf` except that it iterates over elements of
+     * `array` from right to left.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {*} value The value to search for.
+     * @param {number} [fromIndex=array.length-1] The index to search from.
+     * @returns {number} Returns the index of the matched value, else `-1`.
+     * @example
+     *
+     * _.lastIndexOf([1, 2, 1, 2], 2);
+     * // => 3
+     *
+     * // Search from the `fromIndex`.
+     * _.lastIndexOf([1, 2, 1, 2], 2, 2);
+     * // => 1
+     */
+    function lastIndexOf(array, value, fromIndex) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return -1;
+      }
+      var index = length;
+      if (fromIndex !== undefined) {
+        index = toInteger(fromIndex);
+        index = index < 0 ? nativeMax(length + index, 0) : nativeMin(index, length - 1);
+      }
+      return value === value ? strictLastIndexOf(array, value, index) : baseFindIndex(array, baseIsNaN, index, true);
+    }
+
+    /**
+     * Gets the element at index `n` of `array`. If `n` is negative, the nth
+     * element from the end is returned.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.11.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {number} [n=0] The index of the element to return.
+     * @returns {*} Returns the nth element of `array`.
+     * @example
+     *
+     * var array = ['a', 'b', 'c', 'd'];
+     *
+     * _.nth(array, 1);
+     * // => 'b'
+     *
+     * _.nth(array, -2);
+     * // => 'c';
+     */
+    function nth(array, n) {
+      return array && array.length ? baseNth(array, toInteger(n)) : undefined;
+    }
+
+    /**
+     * Removes all given values from `array` using
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons.
+     *
+     * **Note:** Unlike `_.without`, this method mutates `array`. Use `_.remove`
+     * to remove elements from an array by predicate.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {...*} [values] The values to remove.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = ['a', 'b', 'c', 'a', 'b', 'c'];
+     *
+     * _.pull(array, 'a', 'c');
+     * console.log(array);
+     * // => ['b', 'b']
+     */
+    var pull = baseRest(pullAll);
+
+    /**
+     * This method is like `_.pull` except that it accepts an array of values to remove.
+     *
+     * **Note:** Unlike `_.difference`, this method mutates `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {Array} values The values to remove.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = ['a', 'b', 'c', 'a', 'b', 'c'];
+     *
+     * _.pullAll(array, ['a', 'c']);
+     * console.log(array);
+     * // => ['b', 'b']
+     */
+    function pullAll(array, values) {
+      return array && array.length && values && values.length ? basePullAll(array, values) : array;
+    }
+
+    /**
+     * This method is like `_.pullAll` except that it accepts `iteratee` which is
+     * invoked for each element of `array` and `values` to generate the criterion
+     * by which they're compared. The iteratee is invoked with one argument: (value).
+     *
+     * **Note:** Unlike `_.differenceBy`, this method mutates `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {Array} values The values to remove.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = [{ 'x': 1 }, { 'x': 2 }, { 'x': 3 }, { 'x': 1 }];
+     *
+     * _.pullAllBy(array, [{ 'x': 1 }, { 'x': 3 }], 'x');
+     * console.log(array);
+     * // => [{ 'x': 2 }]
+     */
+    function pullAllBy(array, values, iteratee) {
+      return array && array.length && values && values.length ? basePullAll(array, values, getIteratee(iteratee, 2)) : array;
+    }
+
+    /**
+     * This method is like `_.pullAll` except that it accepts `comparator` which
+     * is invoked to compare elements of `array` to `values`. The comparator is
+     * invoked with two arguments: (arrVal, othVal).
+     *
+     * **Note:** Unlike `_.differenceWith`, this method mutates `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.6.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {Array} values The values to remove.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = [{ 'x': 1, 'y': 2 }, { 'x': 3, 'y': 4 }, { 'x': 5, 'y': 6 }];
+     *
+     * _.pullAllWith(array, [{ 'x': 3, 'y': 4 }], _.isEqual);
+     * console.log(array);
+     * // => [{ 'x': 1, 'y': 2 }, { 'x': 5, 'y': 6 }]
+     */
+    function pullAllWith(array, values, comparator) {
+      return array && array.length && values && values.length ? basePullAll(array, values, undefined, comparator) : array;
+    }
+
+    /**
+     * Removes elements from `array` corresponding to `indexes` and returns an
+     * array of removed elements.
+     *
+     * **Note:** Unlike `_.at`, this method mutates `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {...(number|number[])} [indexes] The indexes of elements to remove.
+     * @returns {Array} Returns the new array of removed elements.
+     * @example
+     *
+     * var array = ['a', 'b', 'c', 'd'];
+     * var pulled = _.pullAt(array, [1, 3]);
+     *
+     * console.log(array);
+     * // => ['a', 'c']
+     *
+     * console.log(pulled);
+     * // => ['b', 'd']
+     */
+    var pullAt = flatRest(function (array, indexes) {
+      var length = array == null ? 0 : array.length,
+        result = baseAt(array, indexes);
+      basePullAt(array, arrayMap(indexes, function (index) {
+        return isIndex(index, length) ? +index : index;
+      }).sort(compareAscending));
+      return result;
+    });
+
+    /**
+     * Removes all elements from `array` that `predicate` returns truthy for
+     * and returns an array of the removed elements. The predicate is invoked
+     * with three arguments: (value, index, array).
+     *
+     * **Note:** Unlike `_.filter`, this method mutates `array`. Use `_.pull`
+     * to pull elements from an array by value.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new array of removed elements.
+     * @example
+     *
+     * var array = [1, 2, 3, 4];
+     * var evens = _.remove(array, function(n) {
+     *   return n % 2 == 0;
+     * });
+     *
+     * console.log(array);
+     * // => [1, 3]
+     *
+     * console.log(evens);
+     * // => [2, 4]
+     */
+    function remove(array, predicate) {
+      var result = [];
+      if (!(array && array.length)) {
+        return result;
+      }
+      var index = -1,
+        indexes = [],
+        length = array.length;
+      predicate = getIteratee(predicate, 3);
+      while (++index < length) {
+        var value = array[index];
+        if (predicate(value, index, array)) {
+          result.push(value);
+          indexes.push(index);
+        }
+      }
+      basePullAt(array, indexes);
+      return result;
+    }
+
+    /**
+     * Reverses `array` so that the first element becomes the last, the second
+     * element becomes the second to last, and so on.
+     *
+     * **Note:** This method mutates `array` and is based on
+     * [`Array#reverse`](https://mdn.io/Array/reverse).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to modify.
+     * @returns {Array} Returns `array`.
+     * @example
+     *
+     * var array = [1, 2, 3];
+     *
+     * _.reverse(array);
+     * // => [3, 2, 1]
+     *
+     * console.log(array);
+     * // => [3, 2, 1]
+     */
+    function reverse(array) {
+      return array == null ? array : nativeReverse.call(array);
+    }
+
+    /**
+     * Creates a slice of `array` from `start` up to, but not including, `end`.
+     *
+     * **Note:** This method is used instead of
+     * [`Array#slice`](https://mdn.io/Array/slice) to ensure dense arrays are
+     * returned.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to slice.
+     * @param {number} [start=0] The start position.
+     * @param {number} [end=array.length] The end position.
+     * @returns {Array} Returns the slice of `array`.
+     */
+    function slice(array, start, end) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      if (end && typeof end != 'number' && isIterateeCall(array, start, end)) {
+        start = 0;
+        end = length;
+      } else {
+        start = start == null ? 0 : toInteger(start);
+        end = end === undefined ? length : toInteger(end);
+      }
+      return baseSlice(array, start, end);
+    }
+
+    /**
+     * Uses a binary search to determine the lowest index at which `value`
+     * should be inserted into `array` in order to maintain its sort order.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     * @example
+     *
+     * _.sortedIndex([30, 50], 40);
+     * // => 1
+     */
+    function sortedIndex(array, value) {
+      return baseSortedIndex(array, value);
+    }
+
+    /**
+     * This method is like `_.sortedIndex` except that it accepts `iteratee`
+     * which is invoked for `value` and each element of `array` to compute their
+     * sort ranking. The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     * @example
+     *
+     * var objects = [{ 'x': 4 }, { 'x': 5 }];
+     *
+     * _.sortedIndexBy(objects, { 'x': 4 }, function(o) { return o.x; });
+     * // => 0
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.sortedIndexBy(objects, { 'x': 4 }, 'x');
+     * // => 0
+     */
+    function sortedIndexBy(array, value, iteratee) {
+      return baseSortedIndexBy(array, value, getIteratee(iteratee, 2));
+    }
+
+    /**
+     * This method is like `_.indexOf` except that it performs a binary
+     * search on a sorted `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {*} value The value to search for.
+     * @returns {number} Returns the index of the matched value, else `-1`.
+     * @example
+     *
+     * _.sortedIndexOf([4, 5, 5, 5, 6], 5);
+     * // => 1
+     */
+    function sortedIndexOf(array, value) {
+      var length = array == null ? 0 : array.length;
+      if (length) {
+        var index = baseSortedIndex(array, value);
+        if (index < length && eq(array[index], value)) {
+          return index;
+        }
+      }
+      return -1;
+    }
+
+    /**
+     * This method is like `_.sortedIndex` except that it returns the highest
+     * index at which `value` should be inserted into `array` in order to
+     * maintain its sort order.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     * @example
+     *
+     * _.sortedLastIndex([4, 5, 5, 5, 6], 5);
+     * // => 4
+     */
+    function sortedLastIndex(array, value) {
+      return baseSortedIndex(array, value, true);
+    }
+
+    /**
+     * This method is like `_.sortedLastIndex` except that it accepts `iteratee`
+     * which is invoked for `value` and each element of `array` to compute their
+     * sort ranking. The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The sorted array to inspect.
+     * @param {*} value The value to evaluate.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {number} Returns the index at which `value` should be inserted
+     *  into `array`.
+     * @example
+     *
+     * var objects = [{ 'x': 4 }, { 'x': 5 }];
+     *
+     * _.sortedLastIndexBy(objects, { 'x': 4 }, function(o) { return o.x; });
+     * // => 1
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.sortedLastIndexBy(objects, { 'x': 4 }, 'x');
+     * // => 1
+     */
+    function sortedLastIndexBy(array, value, iteratee) {
+      return baseSortedIndexBy(array, value, getIteratee(iteratee, 2), true);
+    }
+
+    /**
+     * This method is like `_.lastIndexOf` except that it performs a binary
+     * search on a sorted `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {*} value The value to search for.
+     * @returns {number} Returns the index of the matched value, else `-1`.
+     * @example
+     *
+     * _.sortedLastIndexOf([4, 5, 5, 5, 6], 5);
+     * // => 3
+     */
+    function sortedLastIndexOf(array, value) {
+      var length = array == null ? 0 : array.length;
+      if (length) {
+        var index = baseSortedIndex(array, value, true) - 1;
+        if (eq(array[index], value)) {
+          return index;
+        }
+      }
+      return -1;
+    }
+
+    /**
+     * This method is like `_.uniq` except that it's designed and optimized
+     * for sorted arrays.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @returns {Array} Returns the new duplicate free array.
+     * @example
+     *
+     * _.sortedUniq([1, 1, 2]);
+     * // => [1, 2]
+     */
+    function sortedUniq(array) {
+      return array && array.length ? baseSortedUniq(array) : [];
+    }
+
+    /**
+     * This method is like `_.uniqBy` except that it's designed and optimized
+     * for sorted arrays.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {Function} [iteratee] The iteratee invoked per element.
+     * @returns {Array} Returns the new duplicate free array.
+     * @example
+     *
+     * _.sortedUniqBy([1.1, 1.2, 2.3, 2.4], Math.floor);
+     * // => [1.1, 2.3]
+     */
+    function sortedUniqBy(array, iteratee) {
+      return array && array.length ? baseSortedUniq(array, getIteratee(iteratee, 2)) : [];
+    }
+
+    /**
+     * Gets all but the first element of `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.tail([1, 2, 3]);
+     * // => [2, 3]
+     */
+    function tail(array) {
+      var length = array == null ? 0 : array.length;
+      return length ? baseSlice(array, 1, length) : [];
+    }
+
+    /**
+     * Creates a slice of `array` with `n` elements taken from the beginning.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {number} [n=1] The number of elements to take.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.take([1, 2, 3]);
+     * // => [1]
+     *
+     * _.take([1, 2, 3], 2);
+     * // => [1, 2]
+     *
+     * _.take([1, 2, 3], 5);
+     * // => [1, 2, 3]
+     *
+     * _.take([1, 2, 3], 0);
+     * // => []
+     */
+    function take(array, n, guard) {
+      if (!(array && array.length)) {
+        return [];
+      }
+      n = guard || n === undefined ? 1 : toInteger(n);
+      return baseSlice(array, 0, n < 0 ? 0 : n);
+    }
+
+    /**
+     * Creates a slice of `array` with `n` elements taken from the end.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {number} [n=1] The number of elements to take.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * _.takeRight([1, 2, 3]);
+     * // => [3]
+     *
+     * _.takeRight([1, 2, 3], 2);
+     * // => [2, 3]
+     *
+     * _.takeRight([1, 2, 3], 5);
+     * // => [1, 2, 3]
+     *
+     * _.takeRight([1, 2, 3], 0);
+     * // => []
+     */
+    function takeRight(array, n, guard) {
+      var length = array == null ? 0 : array.length;
+      if (!length) {
+        return [];
+      }
+      n = guard || n === undefined ? 1 : toInteger(n);
+      n = length - n;
+      return baseSlice(array, n < 0 ? 0 : n, length);
+    }
+
+    /**
+     * Creates a slice of `array` with elements taken from the end. Elements are
+     * taken until `predicate` returns falsey. The predicate is invoked with
+     * three arguments: (value, index, array).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': true },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': false }
+     * ];
+     *
+     * _.takeRightWhile(users, function(o) { return !o.active; });
+     * // => objects for ['fred', 'pebbles']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.takeRightWhile(users, { 'user': 'pebbles', 'active': false });
+     * // => objects for ['pebbles']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.takeRightWhile(users, ['active', false]);
+     * // => objects for ['fred', 'pebbles']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.takeRightWhile(users, 'active');
+     * // => []
+     */
+    function takeRightWhile(array, predicate) {
+      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), false, true) : [];
+    }
+
+    /**
+     * Creates a slice of `array` with elements taken from the beginning. Elements
+     * are taken until `predicate` returns falsey. The predicate is invoked with
+     * three arguments: (value, index, array).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Array
+     * @param {Array} array The array to query.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the slice of `array`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'active': false },
+     *   { 'user': 'fred',    'active': false },
+     *   { 'user': 'pebbles', 'active': true }
+     * ];
+     *
+     * _.takeWhile(users, function(o) { return !o.active; });
+     * // => objects for ['barney', 'fred']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.takeWhile(users, { 'user': 'barney', 'active': false });
+     * // => objects for ['barney']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.takeWhile(users, ['active', false]);
+     * // => objects for ['barney', 'fred']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.takeWhile(users, 'active');
+     * // => []
+     */
+    function takeWhile(array, predicate) {
+      return array && array.length ? baseWhile(array, getIteratee(predicate, 3)) : [];
+    }
+
+    /**
+     * Creates an array of unique values, in order, from all given arrays using
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @returns {Array} Returns the new array of combined values.
+     * @example
+     *
+     * _.union([2], [1, 2]);
+     * // => [2, 1]
+     */
+    var union = baseRest(function (arrays) {
+      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true));
+    });
+
+    /**
+     * This method is like `_.union` except that it accepts `iteratee` which is
+     * invoked for each element of each `arrays` to generate the criterion by
+     * which uniqueness is computed. Result values are chosen from the first
+     * array in which the value occurs. The iteratee is invoked with one argument:
+     * (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns the new array of combined values.
+     * @example
+     *
+     * _.unionBy([2.1], [1.2, 2.3], Math.floor);
+     * // => [2.1, 1.2]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.unionBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
+     * // => [{ 'x': 1 }, { 'x': 2 }]
+     */
+    var unionBy = baseRest(function (arrays) {
+      var iteratee = last(arrays);
+      if (isArrayLikeObject(iteratee)) {
+        iteratee = undefined;
+      }
+      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true), getIteratee(iteratee, 2));
+    });
+
+    /**
+     * This method is like `_.union` except that it accepts `comparator` which
+     * is invoked to compare elements of `arrays`. Result values are chosen from
+     * the first array in which the value occurs. The comparator is invoked
+     * with two arguments: (arrVal, othVal).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of combined values.
+     * @example
+     *
+     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
+     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
+     *
+     * _.unionWith(objects, others, _.isEqual);
+     * // => [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }, { 'x': 1, 'y': 1 }]
+     */
+    var unionWith = baseRest(function (arrays) {
+      var comparator = last(arrays);
+      comparator = typeof comparator == 'function' ? comparator : undefined;
+      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true), undefined, comparator);
+    });
+
+    /**
+     * Creates a duplicate-free version of an array, using
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons, in which only the first occurrence of each element
+     * is kept. The order of result values is determined by the order they occur
+     * in the array.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @returns {Array} Returns the new duplicate free array.
+     * @example
+     *
+     * _.uniq([2, 1, 2]);
+     * // => [2, 1]
+     */
+    function uniq(array) {
+      return array && array.length ? baseUniq(array) : [];
+    }
+
+    /**
+     * This method is like `_.uniq` except that it accepts `iteratee` which is
+     * invoked for each element in `array` to generate the criterion by which
+     * uniqueness is computed. The order of result values is determined by the
+     * order they occur in the array. The iteratee is invoked with one argument:
+     * (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns the new duplicate free array.
+     * @example
+     *
+     * _.uniqBy([2.1, 1.2, 2.3], Math.floor);
+     * // => [2.1, 1.2]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.uniqBy([{ 'x': 1 }, { 'x': 2 }, { 'x': 1 }], 'x');
+     * // => [{ 'x': 1 }, { 'x': 2 }]
+     */
+    function uniqBy(array, iteratee) {
+      return array && array.length ? baseUniq(array, getIteratee(iteratee, 2)) : [];
+    }
+
+    /**
+     * This method is like `_.uniq` except that it accepts `comparator` which
+     * is invoked to compare elements of `array`. The order of result values is
+     * determined by the order they occur in the array.The comparator is invoked
+     * with two arguments: (arrVal, othVal).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new duplicate free array.
+     * @example
+     *
+     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }, { 'x': 1, 'y': 2 }];
+     *
+     * _.uniqWith(objects, _.isEqual);
+     * // => [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }]
+     */
+    function uniqWith(array, comparator) {
+      comparator = typeof comparator == 'function' ? comparator : undefined;
+      return array && array.length ? baseUniq(array, undefined, comparator) : [];
+    }
+
+    /**
+     * This method is like `_.zip` except that it accepts an array of grouped
+     * elements and creates an array regrouping the elements to their pre-zip
+     * configuration.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.2.0
+     * @category Array
+     * @param {Array} array The array of grouped elements to process.
+     * @returns {Array} Returns the new array of regrouped elements.
+     * @example
+     *
+     * var zipped = _.zip(['a', 'b'], [1, 2], [true, false]);
+     * // => [['a', 1, true], ['b', 2, false]]
+     *
+     * _.unzip(zipped);
+     * // => [['a', 'b'], [1, 2], [true, false]]
+     */
+    function unzip(array) {
+      if (!(array && array.length)) {
+        return [];
+      }
+      var length = 0;
+      array = arrayFilter(array, function (group) {
+        if (isArrayLikeObject(group)) {
+          length = nativeMax(group.length, length);
+          return true;
+        }
+      });
+      return baseTimes(length, function (index) {
+        return arrayMap(array, baseProperty(index));
+      });
+    }
+
+    /**
+     * This method is like `_.unzip` except that it accepts `iteratee` to specify
+     * how regrouped values should be combined. The iteratee is invoked with the
+     * elements of each group: (...group).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.8.0
+     * @category Array
+     * @param {Array} array The array of grouped elements to process.
+     * @param {Function} [iteratee=_.identity] The function to combine
+     *  regrouped values.
+     * @returns {Array} Returns the new array of regrouped elements.
+     * @example
+     *
+     * var zipped = _.zip([1, 2], [10, 20], [100, 200]);
+     * // => [[1, 10, 100], [2, 20, 200]]
+     *
+     * _.unzipWith(zipped, _.add);
+     * // => [3, 30, 300]
+     */
+    function unzipWith(array, iteratee) {
+      if (!(array && array.length)) {
+        return [];
+      }
+      var result = unzip(array);
+      if (iteratee == null) {
+        return result;
+      }
+      return arrayMap(result, function (group) {
+        return apply(iteratee, undefined, group);
+      });
+    }
+
+    /**
+     * Creates an array excluding all given values using
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * for equality comparisons.
+     *
+     * **Note:** Unlike `_.pull`, this method returns a new array.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {Array} array The array to inspect.
+     * @param {...*} [values] The values to exclude.
+     * @returns {Array} Returns the new array of filtered values.
+     * @see _.difference, _.xor
+     * @example
+     *
+     * _.without([2, 1, 2, 3], 1, 2);
+     * // => [3]
+     */
+    var without = baseRest(function (array, values) {
+      return isArrayLikeObject(array) ? baseDifference(array, values) : [];
+    });
+
+    /**
+     * Creates an array of unique values that is the
+     * [symmetric difference](https://en.wikipedia.org/wiki/Symmetric_difference)
+     * of the given arrays. The order of result values is determined by the order
+     * they occur in the arrays.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.4.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @returns {Array} Returns the new array of filtered values.
+     * @see _.difference, _.without
+     * @example
+     *
+     * _.xor([2, 1], [2, 3]);
+     * // => [1, 3]
+     */
+    var xor = baseRest(function (arrays) {
+      return baseXor(arrayFilter(arrays, isArrayLikeObject));
+    });
+
+    /**
+     * This method is like `_.xor` except that it accepts `iteratee` which is
+     * invoked for each element of each `arrays` to generate the criterion by
+     * which by which they're compared. The order of result values is determined
+     * by the order they occur in the arrays. The iteratee is invoked with one
+     * argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Array} Returns the new array of filtered values.
+     * @example
+     *
+     * _.xorBy([2.1, 1.2], [2.3, 3.4], Math.floor);
+     * // => [1.2, 3.4]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.xorBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
+     * // => [{ 'x': 2 }]
+     */
+    var xorBy = baseRest(function (arrays) {
+      var iteratee = last(arrays);
+      if (isArrayLikeObject(iteratee)) {
+        iteratee = undefined;
+      }
+      return baseXor(arrayFilter(arrays, isArrayLikeObject), getIteratee(iteratee, 2));
+    });
+
+    /**
+     * This method is like `_.xor` except that it accepts `comparator` which is
+     * invoked to compare elements of `arrays`. The order of result values is
+     * determined by the order they occur in the arrays. The comparator is invoked
+     * with two arguments: (arrVal, othVal).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to inspect.
+     * @param {Function} [comparator] The comparator invoked per element.
+     * @returns {Array} Returns the new array of filtered values.
+     * @example
+     *
+     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
+     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
+     *
+     * _.xorWith(objects, others, _.isEqual);
+     * // => [{ 'x': 2, 'y': 1 }, { 'x': 1, 'y': 1 }]
+     */
+    var xorWith = baseRest(function (arrays) {
+      var comparator = last(arrays);
+      comparator = typeof comparator == 'function' ? comparator : undefined;
+      return baseXor(arrayFilter(arrays, isArrayLikeObject), undefined, comparator);
+    });
+
+    /**
+     * Creates an array of grouped elements, the first of which contains the
+     * first elements of the given arrays, the second of which contains the
+     * second elements of the given arrays, and so on.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to process.
+     * @returns {Array} Returns the new array of grouped elements.
+     * @example
+     *
+     * _.zip(['a', 'b'], [1, 2], [true, false]);
+     * // => [['a', 1, true], ['b', 2, false]]
+     */
+    var zip = baseRest(unzip);
+
+    /**
+     * This method is like `_.fromPairs` except that it accepts two arrays,
+     * one of property identifiers and one of corresponding values.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.4.0
+     * @category Array
+     * @param {Array} [props=[]] The property identifiers.
+     * @param {Array} [values=[]] The property values.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * _.zipObject(['a', 'b'], [1, 2]);
+     * // => { 'a': 1, 'b': 2 }
+     */
+    function zipObject(props, values) {
+      return baseZipObject(props || [], values || [], assignValue);
+    }
+
+    /**
+     * This method is like `_.zipObject` except that it supports property paths.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.1.0
+     * @category Array
+     * @param {Array} [props=[]] The property identifiers.
+     * @param {Array} [values=[]] The property values.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * _.zipObjectDeep(['a.b[0].c', 'a.b[1].d'], [1, 2]);
+     * // => { 'a': { 'b': [{ 'c': 1 }, { 'd': 2 }] } }
+     */
+    function zipObjectDeep(props, values) {
+      return baseZipObject(props || [], values || [], baseSet);
+    }
+
+    /**
+     * This method is like `_.zip` except that it accepts `iteratee` to specify
+     * how grouped values should be combined. The iteratee is invoked with the
+     * elements of each group: (...group).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.8.0
+     * @category Array
+     * @param {...Array} [arrays] The arrays to process.
+     * @param {Function} [iteratee=_.identity] The function to combine
+     *  grouped values.
+     * @returns {Array} Returns the new array of grouped elements.
+     * @example
+     *
+     * _.zipWith([1, 2], [10, 20], [100, 200], function(a, b, c) {
+     *   return a + b + c;
+     * });
+     * // => [111, 222]
+     */
+    var zipWith = baseRest(function (arrays) {
+      var length = arrays.length,
+        iteratee = length > 1 ? arrays[length - 1] : undefined;
+      iteratee = typeof iteratee == 'function' ? (arrays.pop(), iteratee) : undefined;
+      return unzipWith(arrays, iteratee);
+    });
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates a `lodash` wrapper instance that wraps `value` with explicit method
+     * chain sequences enabled. The result of such sequences must be unwrapped
+     * with `_#value`.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.3.0
+     * @category Seq
+     * @param {*} value The value to wrap.
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'age': 36 },
+     *   { 'user': 'fred',    'age': 40 },
+     *   { 'user': 'pebbles', 'age': 1 }
+     * ];
+     *
+     * var youngest = _
+     *   .chain(users)
+     *   .sortBy('age')
+     *   .map(function(o) {
+     *     return o.user + ' is ' + o.age;
+     *   })
+     *   .head()
+     *   .value();
+     * // => 'pebbles is 1'
+     */
+    function chain(value) {
+      var result = lodash(value);
+      result.__chain__ = true;
+      return result;
+    }
+
+    /**
+     * This method invokes `interceptor` and returns `value`. The interceptor
+     * is invoked with one argument; (value). The purpose of this method is to
+     * "tap into" a method chain sequence in order to modify intermediate results.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Seq
+     * @param {*} value The value to provide to `interceptor`.
+     * @param {Function} interceptor The function to invoke.
+     * @returns {*} Returns `value`.
+     * @example
+     *
+     * _([1, 2, 3])
+     *  .tap(function(array) {
+     *    // Mutate input array.
+     *    array.pop();
+     *  })
+     *  .reverse()
+     *  .value();
+     * // => [2, 1]
+     */
+    function tap(value, interceptor) {
+      interceptor(value);
+      return value;
+    }
+
+    /**
+     * This method is like `_.tap` except that it returns the result of `interceptor`.
+     * The purpose of this method is to "pass thru" values replacing intermediate
+     * results in a method chain sequence.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Seq
+     * @param {*} value The value to provide to `interceptor`.
+     * @param {Function} interceptor The function to invoke.
+     * @returns {*} Returns the result of `interceptor`.
+     * @example
+     *
+     * _('  abc  ')
+     *  .chain()
+     *  .trim()
+     *  .thru(function(value) {
+     *    return [value];
+     *  })
+     *  .value();
+     * // => ['abc']
+     */
+    function thru(value, interceptor) {
+      return interceptor(value);
+    }
+
+    /**
+     * This method is the wrapper version of `_.at`.
+     *
+     * @name at
+     * @memberOf _
+     * @since 1.0.0
+     * @category Seq
+     * @param {...(string|string[])} [paths] The property paths to pick.
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 3 } }, 4] };
+     *
+     * _(object).at(['a[0].b.c', 'a[1]']).value();
+     * // => [3, 4]
+     */
+    var wrapperAt = flatRest(function (paths) {
+      var length = paths.length,
+        start = length ? paths[0] : 0,
+        value = this.__wrapped__,
+        interceptor = function interceptor(object) {
+          return baseAt(object, paths);
+        };
+      if (length > 1 || this.__actions__.length || !(value instanceof LazyWrapper) || !isIndex(start)) {
+        return this.thru(interceptor);
+      }
+      value = value.slice(start, +start + (length ? 1 : 0));
+      value.__actions__.push({
+        'func': thru,
+        'args': [interceptor],
+        'thisArg': undefined
+      });
+      return new LodashWrapper(value, this.__chain__).thru(function (array) {
+        if (length && !array.length) {
+          array.push(undefined);
+        }
+        return array;
+      });
+    });
+
+    /**
+     * Creates a `lodash` wrapper instance with explicit method chain sequences enabled.
+     *
+     * @name chain
+     * @memberOf _
+     * @since 0.1.0
+     * @category Seq
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney', 'age': 36 },
+     *   { 'user': 'fred',   'age': 40 }
+     * ];
+     *
+     * // A sequence without explicit chaining.
+     * _(users).head();
+     * // => { 'user': 'barney', 'age': 36 }
+     *
+     * // A sequence with explicit chaining.
+     * _(users)
+     *   .chain()
+     *   .head()
+     *   .pick('user')
+     *   .value();
+     * // => { 'user': 'barney' }
+     */
+    function wrapperChain() {
+      return chain(this);
+    }
+
+    /**
+     * Executes the chain sequence and returns the wrapped result.
+     *
+     * @name commit
+     * @memberOf _
+     * @since 3.2.0
+     * @category Seq
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * var array = [1, 2];
+     * var wrapped = _(array).push(3);
+     *
+     * console.log(array);
+     * // => [1, 2]
+     *
+     * wrapped = wrapped.commit();
+     * console.log(array);
+     * // => [1, 2, 3]
+     *
+     * wrapped.last();
+     * // => 3
+     *
+     * console.log(array);
+     * // => [1, 2, 3]
+     */
+    function wrapperCommit() {
+      return new LodashWrapper(this.value(), this.__chain__);
+    }
+
+    /**
+     * Gets the next value on a wrapped object following the
+     * [iterator protocol](https://mdn.io/iteration_protocols#iterator).
+     *
+     * @name next
+     * @memberOf _
+     * @since 4.0.0
+     * @category Seq
+     * @returns {Object} Returns the next iterator value.
+     * @example
+     *
+     * var wrapped = _([1, 2]);
+     *
+     * wrapped.next();
+     * // => { 'done': false, 'value': 1 }
+     *
+     * wrapped.next();
+     * // => { 'done': false, 'value': 2 }
+     *
+     * wrapped.next();
+     * // => { 'done': true, 'value': undefined }
+     */
+    function wrapperNext() {
+      if (this.__values__ === undefined) {
+        this.__values__ = toArray(this.value());
+      }
+      var done = this.__index__ >= this.__values__.length,
+        value = done ? undefined : this.__values__[this.__index__++];
+      return {
+        'done': done,
+        'value': value
+      };
+    }
+
+    /**
+     * Enables the wrapper to be iterable.
+     *
+     * @name Symbol.iterator
+     * @memberOf _
+     * @since 4.0.0
+     * @category Seq
+     * @returns {Object} Returns the wrapper object.
+     * @example
+     *
+     * var wrapped = _([1, 2]);
+     *
+     * wrapped[Symbol.iterator]() === wrapped;
+     * // => true
+     *
+     * Array.from(wrapped);
+     * // => [1, 2]
+     */
+    function wrapperToIterator() {
+      return this;
+    }
+
+    /**
+     * Creates a clone of the chain sequence planting `value` as the wrapped value.
+     *
+     * @name plant
+     * @memberOf _
+     * @since 3.2.0
+     * @category Seq
+     * @param {*} value The value to plant.
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * var wrapped = _([1, 2]).map(square);
+     * var other = wrapped.plant([3, 4]);
+     *
+     * other.value();
+     * // => [9, 16]
+     *
+     * wrapped.value();
+     * // => [1, 4]
+     */
+    function wrapperPlant(value) {
+      var result,
+        parent = this;
+      while (parent instanceof baseLodash) {
+        var clone = wrapperClone(parent);
+        clone.__index__ = 0;
+        clone.__values__ = undefined;
+        if (result) {
+          previous.__wrapped__ = clone;
+        } else {
+          result = clone;
+        }
+        var previous = clone;
+        parent = parent.__wrapped__;
+      }
+      previous.__wrapped__ = value;
+      return result;
+    }
+
+    /**
+     * This method is the wrapper version of `_.reverse`.
+     *
+     * **Note:** This method mutates the wrapped array.
+     *
+     * @name reverse
+     * @memberOf _
+     * @since 0.1.0
+     * @category Seq
+     * @returns {Object} Returns the new `lodash` wrapper instance.
+     * @example
+     *
+     * var array = [1, 2, 3];
+     *
+     * _(array).reverse().value()
+     * // => [3, 2, 1]
+     *
+     * console.log(array);
+     * // => [3, 2, 1]
+     */
+    function wrapperReverse() {
+      var value = this.__wrapped__;
+      if (value instanceof LazyWrapper) {
+        var wrapped = value;
+        if (this.__actions__.length) {
+          wrapped = new LazyWrapper(this);
+        }
+        wrapped = wrapped.reverse();
+        wrapped.__actions__.push({
+          'func': thru,
+          'args': [reverse],
+          'thisArg': undefined
+        });
+        return new LodashWrapper(wrapped, this.__chain__);
+      }
+      return this.thru(reverse);
+    }
+
+    /**
+     * Executes the chain sequence to resolve the unwrapped value.
+     *
+     * @name value
+     * @memberOf _
+     * @since 0.1.0
+     * @alias toJSON, valueOf
+     * @category Seq
+     * @returns {*} Returns the resolved unwrapped value.
+     * @example
+     *
+     * _([1, 2, 3]).value();
+     * // => [1, 2, 3]
+     */
+    function wrapperValue() {
+      return baseWrapperValue(this.__wrapped__, this.__actions__);
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Creates an object composed of keys generated from the results of running
+     * each element of `collection` thru `iteratee`. The corresponding value of
+     * each key is the number of times the key was returned by `iteratee`. The
+     * iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.5.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
+     * @returns {Object} Returns the composed aggregate object.
+     * @example
+     *
+     * _.countBy([6.1, 4.2, 6.3], Math.floor);
+     * // => { '4': 1, '6': 2 }
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.countBy(['one', 'two', 'three'], 'length');
+     * // => { '3': 2, '5': 1 }
+     */
+    var countBy = createAggregator(function (result, value, key) {
+      if (hasOwnProperty.call(result, key)) {
+        ++result[key];
+      } else {
+        baseAssignValue(result, key, 1);
+      }
+    });
+
+    /**
+     * Checks if `predicate` returns truthy for **all** elements of `collection`.
+     * Iteration is stopped once `predicate` returns falsey. The predicate is
+     * invoked with three arguments: (value, index|key, collection).
+     *
+     * **Note:** This method returns `true` for
+     * [empty collections](https://en.wikipedia.org/wiki/Empty_set) because
+     * [everything is true](https://en.wikipedia.org/wiki/Vacuous_truth) of
+     * elements of empty collections.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {boolean} Returns `true` if all elements pass the predicate check,
+     *  else `false`.
+     * @example
+     *
+     * _.every([true, 1, null, 'yes'], Boolean);
+     * // => false
+     *
+     * var users = [
+     *   { 'user': 'barney', 'age': 36, 'active': false },
+     *   { 'user': 'fred',   'age': 40, 'active': false }
+     * ];
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.every(users, { 'user': 'barney', 'active': false });
+     * // => false
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.every(users, ['active', false]);
+     * // => true
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.every(users, 'active');
+     * // => false
+     */
+    function every(collection, predicate, guard) {
+      var func = isArray(collection) ? arrayEvery : baseEvery;
+      if (guard && isIterateeCall(collection, predicate, guard)) {
+        predicate = undefined;
+      }
+      return func(collection, getIteratee(predicate, 3));
+    }
+
+    /**
+     * Iterates over elements of `collection`, returning an array of all elements
+     * `predicate` returns truthy for. The predicate is invoked with three
+     * arguments: (value, index|key, collection).
+     *
+     * **Note:** Unlike `_.remove`, this method returns a new array.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new filtered array.
+     * @see _.reject
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney', 'age': 36, 'active': true },
+     *   { 'user': 'fred',   'age': 40, 'active': false }
+     * ];
+     *
+     * _.filter(users, function(o) { return !o.active; });
+     * // => objects for ['fred']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.filter(users, { 'age': 36, 'active': true });
+     * // => objects for ['barney']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.filter(users, ['active', false]);
+     * // => objects for ['fred']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.filter(users, 'active');
+     * // => objects for ['barney']
+     *
+     * // Combining several predicates using `_.overEvery` or `_.overSome`.
+     * _.filter(users, _.overSome([{ 'age': 36 }, ['age', 40]]));
+     * // => objects for ['fred', 'barney']
+     */
+    function filter(collection, predicate) {
+      var func = isArray(collection) ? arrayFilter : baseFilter;
+      return func(collection, getIteratee(predicate, 3));
+    }
+
+    /**
+     * Iterates over elements of `collection`, returning the first element
+     * `predicate` returns truthy for. The predicate is invoked with three
+     * arguments: (value, index|key, collection).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param {number} [fromIndex=0] The index to search from.
+     * @returns {*} Returns the matched element, else `undefined`.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'age': 36, 'active': true },
+     *   { 'user': 'fred',    'age': 40, 'active': false },
+     *   { 'user': 'pebbles', 'age': 1,  'active': true }
+     * ];
+     *
+     * _.find(users, function(o) { return o.age < 40; });
+     * // => object for 'barney'
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.find(users, { 'age': 1, 'active': true });
+     * // => object for 'pebbles'
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.find(users, ['active', false]);
+     * // => object for 'fred'
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.find(users, 'active');
+     * // => object for 'barney'
+     */
+    var find = createFind(findIndex);
+
+    /**
+     * This method is like `_.find` except that it iterates over elements of
+     * `collection` from right to left.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param {number} [fromIndex=collection.length-1] The index to search from.
+     * @returns {*} Returns the matched element, else `undefined`.
+     * @example
+     *
+     * _.findLast([1, 2, 3, 4], function(n) {
+     *   return n % 2 == 1;
+     * });
+     * // => 3
+     */
+    var findLast = createFind(findLastIndex);
+
+    /**
+     * Creates a flattened array of values by running each element in `collection`
+     * thru `iteratee` and flattening the mapped results. The iteratee is invoked
+     * with three arguments: (value, index|key, collection).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * function duplicate(n) {
+     *   return [n, n];
+     * }
+     *
+     * _.flatMap([1, 2], duplicate);
+     * // => [1, 1, 2, 2]
+     */
+    function flatMap(collection, iteratee) {
+      return baseFlatten(map(collection, iteratee), 1);
+    }
+
+    /**
+     * This method is like `_.flatMap` except that it recursively flattens the
+     * mapped results.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.7.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * function duplicate(n) {
+     *   return [[[n, n]]];
+     * }
+     *
+     * _.flatMapDeep([1, 2], duplicate);
+     * // => [1, 1, 2, 2]
+     */
+    function flatMapDeep(collection, iteratee) {
+      return baseFlatten(map(collection, iteratee), INFINITY);
+    }
+
+    /**
+     * This method is like `_.flatMap` except that it recursively flattens the
+     * mapped results up to `depth` times.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.7.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @param {number} [depth=1] The maximum recursion depth.
+     * @returns {Array} Returns the new flattened array.
+     * @example
+     *
+     * function duplicate(n) {
+     *   return [[[n, n]]];
+     * }
+     *
+     * _.flatMapDepth([1, 2], duplicate, 2);
+     * // => [[1, 1], [2, 2]]
+     */
+    function flatMapDepth(collection, iteratee, depth) {
+      depth = depth === undefined ? 1 : toInteger(depth);
+      return baseFlatten(map(collection, iteratee), depth);
+    }
+
+    /**
+     * Iterates over elements of `collection` and invokes `iteratee` for each element.
+     * The iteratee is invoked with three arguments: (value, index|key, collection).
+     * Iteratee functions may exit iteration early by explicitly returning `false`.
+     *
+     * **Note:** As with other "Collections" methods, objects with a "length"
+     * property are iterated like arrays. To avoid this behavior use `_.forIn`
+     * or `_.forOwn` for object iteration.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @alias each
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array|Object} Returns `collection`.
+     * @see _.forEachRight
+     * @example
+     *
+     * _.forEach([1, 2], function(value) {
+     *   console.log(value);
+     * });
+     * // => Logs `1` then `2`.
+     *
+     * _.forEach({ 'a': 1, 'b': 2 }, function(value, key) {
+     *   console.log(key);
+     * });
+     * // => Logs 'a' then 'b' (iteration order is not guaranteed).
+     */
+    function forEach(collection, iteratee) {
+      var func = isArray(collection) ? arrayEach : baseEach;
+      return func(collection, getIteratee(iteratee, 3));
+    }
+
+    /**
+     * This method is like `_.forEach` except that it iterates over elements of
+     * `collection` from right to left.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @alias eachRight
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array|Object} Returns `collection`.
+     * @see _.forEach
+     * @example
+     *
+     * _.forEachRight([1, 2], function(value) {
+     *   console.log(value);
+     * });
+     * // => Logs `2` then `1`.
+     */
+    function forEachRight(collection, iteratee) {
+      var func = isArray(collection) ? arrayEachRight : baseEachRight;
+      return func(collection, getIteratee(iteratee, 3));
+    }
+
+    /**
+     * Creates an object composed of keys generated from the results of running
+     * each element of `collection` thru `iteratee`. The order of grouped values
+     * is determined by the order they occur in `collection`. The corresponding
+     * value of each key is an array of elements responsible for generating the
+     * key. The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
+     * @returns {Object} Returns the composed aggregate object.
+     * @example
+     *
+     * _.groupBy([6.1, 4.2, 6.3], Math.floor);
+     * // => { '4': [4.2], '6': [6.1, 6.3] }
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.groupBy(['one', 'two', 'three'], 'length');
+     * // => { '3': ['one', 'two'], '5': ['three'] }
+     */
+    var groupBy = createAggregator(function (result, value, key) {
+      if (hasOwnProperty.call(result, key)) {
+        result[key].push(value);
+      } else {
+        baseAssignValue(result, key, [value]);
+      }
+    });
+
+    /**
+     * Checks if `value` is in `collection`. If `collection` is a string, it's
+     * checked for a substring of `value`, otherwise
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * is used for equality comparisons. If `fromIndex` is negative, it's used as
+     * the offset from the end of `collection`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object|string} collection The collection to inspect.
+     * @param {*} value The value to search for.
+     * @param {number} [fromIndex=0] The index to search from.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.reduce`.
+     * @returns {boolean} Returns `true` if `value` is found, else `false`.
+     * @example
+     *
+     * _.includes([1, 2, 3], 1);
+     * // => true
+     *
+     * _.includes([1, 2, 3], 1, 2);
+     * // => false
+     *
+     * _.includes({ 'a': 1, 'b': 2 }, 1);
+     * // => true
+     *
+     * _.includes('abcd', 'bc');
+     * // => true
+     */
+    function includes(collection, value, fromIndex, guard) {
+      collection = isArrayLike(collection) ? collection : values(collection);
+      fromIndex = fromIndex && !guard ? toInteger(fromIndex) : 0;
+      var length = collection.length;
+      if (fromIndex < 0) {
+        fromIndex = nativeMax(length + fromIndex, 0);
+      }
+      return isString(collection) ? fromIndex <= length && collection.indexOf(value, fromIndex) > -1 : !!length && baseIndexOf(collection, value, fromIndex) > -1;
+    }
+
+    /**
+     * Invokes the method at `path` of each element in `collection`, returning
+     * an array of the results of each invoked method. Any additional arguments
+     * are provided to each invoked method. If `path` is a function, it's invoked
+     * for, and `this` bound to, each element in `collection`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Array|Function|string} path The path of the method to invoke or
+     *  the function invoked per iteration.
+     * @param {...*} [args] The arguments to invoke each method with.
+     * @returns {Array} Returns the array of results.
+     * @example
+     *
+     * _.invokeMap([[5, 1, 7], [3, 2, 1]], 'sort');
+     * // => [[1, 5, 7], [1, 2, 3]]
+     *
+     * _.invokeMap([123, 456], String.prototype.split, '');
+     * // => [['1', '2', '3'], ['4', '5', '6']]
+     */
+    var invokeMap = baseRest(function (collection, path, args) {
+      var index = -1,
+        isFunc = typeof path == 'function',
+        result = isArrayLike(collection) ? Array(collection.length) : [];
+      baseEach(collection, function (value) {
+        result[++index] = isFunc ? apply(path, value, args) : baseInvoke(value, path, args);
+      });
+      return result;
+    });
+
+    /**
+     * Creates an object composed of keys generated from the results of running
+     * each element of `collection` thru `iteratee`. The corresponding value of
+     * each key is the last element responsible for generating the key. The
+     * iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
+     * @returns {Object} Returns the composed aggregate object.
+     * @example
+     *
+     * var array = [
+     *   { 'dir': 'left', 'code': 97 },
+     *   { 'dir': 'right', 'code': 100 }
+     * ];
+     *
+     * _.keyBy(array, function(o) {
+     *   return String.fromCharCode(o.code);
+     * });
+     * // => { 'a': { 'dir': 'left', 'code': 97 }, 'd': { 'dir': 'right', 'code': 100 } }
+     *
+     * _.keyBy(array, 'dir');
+     * // => { 'left': { 'dir': 'left', 'code': 97 }, 'right': { 'dir': 'right', 'code': 100 } }
+     */
+    var keyBy = createAggregator(function (result, value, key) {
+      baseAssignValue(result, key, value);
+    });
+
+    /**
+     * Creates an array of values by running each element in `collection` thru
+     * `iteratee`. The iteratee is invoked with three arguments:
+     * (value, index|key, collection).
+     *
+     * Many lodash methods are guarded to work as iteratees for methods like
+     * `_.every`, `_.filter`, `_.map`, `_.mapValues`, `_.reject`, and `_.some`.
+     *
+     * The guarded methods are:
+     * `ary`, `chunk`, `curry`, `curryRight`, `drop`, `dropRight`, `every`,
+     * `fill`, `invert`, `parseInt`, `random`, `range`, `rangeRight`, `repeat`,
+     * `sampleSize`, `slice`, `some`, `sortBy`, `split`, `take`, `takeRight`,
+     * `template`, `trim`, `trimEnd`, `trimStart`, and `words`
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new mapped array.
+     * @example
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * _.map([4, 8], square);
+     * // => [16, 64]
+     *
+     * _.map({ 'a': 4, 'b': 8 }, square);
+     * // => [16, 64] (iteration order is not guaranteed)
+     *
+     * var users = [
+     *   { 'user': 'barney' },
+     *   { 'user': 'fred' }
+     * ];
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.map(users, 'user');
+     * // => ['barney', 'fred']
+     */
+    function map(collection, iteratee) {
+      var func = isArray(collection) ? arrayMap : baseMap;
+      return func(collection, getIteratee(iteratee, 3));
+    }
+
+    /**
+     * This method is like `_.sortBy` except that it allows specifying the sort
+     * orders of the iteratees to sort by. If `orders` is unspecified, all values
+     * are sorted in ascending order. Otherwise, specify an order of "desc" for
+     * descending or "asc" for ascending sort order of corresponding values.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Array[]|Function[]|Object[]|string[]} [iteratees=[_.identity]]
+     *  The iteratees to sort by.
+     * @param {string[]} [orders] The sort orders of `iteratees`.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.reduce`.
+     * @returns {Array} Returns the new sorted array.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'fred',   'age': 48 },
+     *   { 'user': 'barney', 'age': 34 },
+     *   { 'user': 'fred',   'age': 40 },
+     *   { 'user': 'barney', 'age': 36 }
+     * ];
+     *
+     * // Sort by `user` in ascending order and by `age` in descending order.
+     * _.orderBy(users, ['user', 'age'], ['asc', 'desc']);
+     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 40]]
+     */
+    function orderBy(collection, iteratees, orders, guard) {
+      if (collection == null) {
+        return [];
+      }
+      if (!isArray(iteratees)) {
+        iteratees = iteratees == null ? [] : [iteratees];
+      }
+      orders = guard ? undefined : orders;
+      if (!isArray(orders)) {
+        orders = orders == null ? [] : [orders];
+      }
+      return baseOrderBy(collection, iteratees, orders);
+    }
+
+    /**
+     * Creates an array of elements split into two groups, the first of which
+     * contains elements `predicate` returns truthy for, the second of which
+     * contains elements `predicate` returns falsey for. The predicate is
+     * invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the array of grouped elements.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney',  'age': 36, 'active': false },
+     *   { 'user': 'fred',    'age': 40, 'active': true },
+     *   { 'user': 'pebbles', 'age': 1,  'active': false }
+     * ];
+     *
+     * _.partition(users, function(o) { return o.active; });
+     * // => objects for [['fred'], ['barney', 'pebbles']]
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.partition(users, { 'age': 1, 'active': false });
+     * // => objects for [['pebbles'], ['barney', 'fred']]
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.partition(users, ['active', false]);
+     * // => objects for [['barney', 'pebbles'], ['fred']]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.partition(users, 'active');
+     * // => objects for [['fred'], ['barney', 'pebbles']]
+     */
+    var partition = createAggregator(function (result, value, key) {
+      result[key ? 0 : 1].push(value);
+    }, function () {
+      return [[], []];
+    });
+
+    /**
+     * Reduces `collection` to a value which is the accumulated result of running
+     * each element in `collection` thru `iteratee`, where each successive
+     * invocation is supplied the return value of the previous. If `accumulator`
+     * is not given, the first element of `collection` is used as the initial
+     * value. The iteratee is invoked with four arguments:
+     * (accumulator, value, index|key, collection).
+     *
+     * Many lodash methods are guarded to work as iteratees for methods like
+     * `_.reduce`, `_.reduceRight`, and `_.transform`.
+     *
+     * The guarded methods are:
+     * `assign`, `defaults`, `defaultsDeep`, `includes`, `merge`, `orderBy`,
+     * and `sortBy`
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @param {*} [accumulator] The initial value.
+     * @returns {*} Returns the accumulated value.
+     * @see _.reduceRight
+     * @example
+     *
+     * _.reduce([1, 2], function(sum, n) {
+     *   return sum + n;
+     * }, 0);
+     * // => 3
+     *
+     * _.reduce({ 'a': 1, 'b': 2, 'c': 1 }, function(result, value, key) {
+     *   (result[value] || (result[value] = [])).push(key);
+     *   return result;
+     * }, {});
+     * // => { '1': ['a', 'c'], '2': ['b'] } (iteration order is not guaranteed)
+     */
+    function reduce(collection, iteratee, accumulator) {
+      var func = isArray(collection) ? arrayReduce : baseReduce,
+        initAccum = arguments.length < 3;
+      return func(collection, getIteratee(iteratee, 4), accumulator, initAccum, baseEach);
+    }
+
+    /**
+     * This method is like `_.reduce` except that it iterates over elements of
+     * `collection` from right to left.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @param {*} [accumulator] The initial value.
+     * @returns {*} Returns the accumulated value.
+     * @see _.reduce
+     * @example
+     *
+     * var array = [[0, 1], [2, 3], [4, 5]];
+     *
+     * _.reduceRight(array, function(flattened, other) {
+     *   return flattened.concat(other);
+     * }, []);
+     * // => [4, 5, 2, 3, 0, 1]
+     */
+    function reduceRight(collection, iteratee, accumulator) {
+      var func = isArray(collection) ? arrayReduceRight : baseReduce,
+        initAccum = arguments.length < 3;
+      return func(collection, getIteratee(iteratee, 4), accumulator, initAccum, baseEachRight);
+    }
+
+    /**
+     * The opposite of `_.filter`; this method returns the elements of `collection`
+     * that `predicate` does **not** return truthy for.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the new filtered array.
+     * @see _.filter
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney', 'age': 36, 'active': false },
+     *   { 'user': 'fred',   'age': 40, 'active': true }
+     * ];
+     *
+     * _.reject(users, function(o) { return !o.active; });
+     * // => objects for ['fred']
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.reject(users, { 'age': 40, 'active': true });
+     * // => objects for ['barney']
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.reject(users, ['active', false]);
+     * // => objects for ['fred']
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.reject(users, 'active');
+     * // => objects for ['barney']
+     */
+    function reject(collection, predicate) {
+      var func = isArray(collection) ? arrayFilter : baseFilter;
+      return func(collection, negate(getIteratee(predicate, 3)));
+    }
+
+    /**
+     * Gets a random element from `collection`.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to sample.
+     * @returns {*} Returns the random element.
+     * @example
+     *
+     * _.sample([1, 2, 3, 4]);
+     * // => 2
+     */
+    function sample(collection) {
+      var func = isArray(collection) ? arraySample : baseSample;
+      return func(collection);
+    }
+
+    /**
+     * Gets `n` random elements at unique keys from `collection` up to the
+     * size of `collection`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to sample.
+     * @param {number} [n=1] The number of elements to sample.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the random elements.
+     * @example
+     *
+     * _.sampleSize([1, 2, 3], 2);
+     * // => [3, 1]
+     *
+     * _.sampleSize([1, 2, 3], 4);
+     * // => [2, 3, 1]
+     */
+    function sampleSize(collection, n, guard) {
+      if (guard ? isIterateeCall(collection, n, guard) : n === undefined) {
+        n = 1;
+      } else {
+        n = toInteger(n);
+      }
+      var func = isArray(collection) ? arraySampleSize : baseSampleSize;
+      return func(collection, n);
+    }
+
+    /**
+     * Creates an array of shuffled values, using a version of the
+     * [Fisher-Yates shuffle](https://en.wikipedia.org/wiki/Fisher-Yates_shuffle).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to shuffle.
+     * @returns {Array} Returns the new shuffled array.
+     * @example
+     *
+     * _.shuffle([1, 2, 3, 4]);
+     * // => [4, 1, 3, 2]
+     */
+    function shuffle(collection) {
+      var func = isArray(collection) ? arrayShuffle : baseShuffle;
+      return func(collection);
+    }
+
+    /**
+     * Gets the size of `collection` by returning its length for array-like
+     * values or the number of own enumerable string keyed properties for objects.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object|string} collection The collection to inspect.
+     * @returns {number} Returns the collection size.
+     * @example
+     *
+     * _.size([1, 2, 3]);
+     * // => 3
+     *
+     * _.size({ 'a': 1, 'b': 2 });
+     * // => 2
+     *
+     * _.size('pebbles');
+     * // => 7
+     */
+    function size(collection) {
+      if (collection == null) {
+        return 0;
+      }
+      if (isArrayLike(collection)) {
+        return isString(collection) ? stringSize(collection) : collection.length;
+      }
+      var tag = getTag(collection);
+      if (tag == mapTag || tag == setTag) {
+        return collection.size;
+      }
+      return baseKeys(collection).length;
+    }
+
+    /**
+     * Checks if `predicate` returns truthy for **any** element of `collection`.
+     * Iteration is stopped once `predicate` returns truthy. The predicate is
+     * invoked with three arguments: (value, index|key, collection).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {boolean} Returns `true` if any element passes the predicate check,
+     *  else `false`.
+     * @example
+     *
+     * _.some([null, 0, 'yes', false], Boolean);
+     * // => true
+     *
+     * var users = [
+     *   { 'user': 'barney', 'active': true },
+     *   { 'user': 'fred',   'active': false }
+     * ];
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.some(users, { 'user': 'barney', 'active': false });
+     * // => false
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.some(users, ['active', false]);
+     * // => true
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.some(users, 'active');
+     * // => true
+     */
+    function some(collection, predicate, guard) {
+      var func = isArray(collection) ? arraySome : baseSome;
+      if (guard && isIterateeCall(collection, predicate, guard)) {
+        predicate = undefined;
+      }
+      return func(collection, getIteratee(predicate, 3));
+    }
+
+    /**
+     * Creates an array of elements, sorted in ascending order by the results of
+     * running each element in a collection thru each iteratee. This method
+     * performs a stable sort, that is, it preserves the original sort order of
+     * equal elements. The iteratees are invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Collection
+     * @param {Array|Object} collection The collection to iterate over.
+     * @param {...(Function|Function[])} [iteratees=[_.identity]]
+     *  The iteratees to sort by.
+     * @returns {Array} Returns the new sorted array.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'fred',   'age': 48 },
+     *   { 'user': 'barney', 'age': 36 },
+     *   { 'user': 'fred',   'age': 30 },
+     *   { 'user': 'barney', 'age': 34 }
+     * ];
+     *
+     * _.sortBy(users, [function(o) { return o.user; }]);
+     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 30]]
+     *
+     * _.sortBy(users, ['user', 'age']);
+     * // => objects for [['barney', 34], ['barney', 36], ['fred', 30], ['fred', 48]]
+     */
+    var sortBy = baseRest(function (collection, iteratees) {
+      if (collection == null) {
+        return [];
+      }
+      var length = iteratees.length;
+      if (length > 1 && isIterateeCall(collection, iteratees[0], iteratees[1])) {
+        iteratees = [];
+      } else if (length > 2 && isIterateeCall(iteratees[0], iteratees[1], iteratees[2])) {
+        iteratees = [iteratees[0]];
+      }
+      return baseOrderBy(collection, baseFlatten(iteratees, 1), []);
+    });
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Gets the timestamp of the number of milliseconds that have elapsed since
+     * the Unix epoch (1 January 1970 00:00:00 UTC).
+     *
+     * @static
+     * @memberOf _
+     * @since 2.4.0
+     * @category Date
+     * @returns {number} Returns the timestamp.
+     * @example
+     *
+     * _.defer(function(stamp) {
+     *   console.log(_.now() - stamp);
+     * }, _.now());
+     * // => Logs the number of milliseconds it took for the deferred invocation.
+     */
+    var now = ctxNow || function () {
+      return root.Date.now();
+    };
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * The opposite of `_.before`; this method creates a function that invokes
+     * `func` once it's called `n` or more times.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {number} n The number of calls before `func` is invoked.
+     * @param {Function} func The function to restrict.
+     * @returns {Function} Returns the new restricted function.
+     * @example
+     *
+     * var saves = ['profile', 'settings'];
+     *
+     * var done = _.after(saves.length, function() {
+     *   console.log('done saving!');
+     * });
+     *
+     * _.forEach(saves, function(type) {
+     *   asyncSave({ 'type': type, 'complete': done });
+     * });
+     * // => Logs 'done saving!' after the two async saves have completed.
+     */
+    function after(n, func) {
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      n = toInteger(n);
+      return function () {
+        if (--n < 1) {
+          return func.apply(this, arguments);
+        }
+      };
+    }
+
+    /**
+     * Creates a function that invokes `func`, with up to `n` arguments,
+     * ignoring any additional arguments.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Function
+     * @param {Function} func The function to cap arguments for.
+     * @param {number} [n=func.length] The arity cap.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Function} Returns the new capped function.
+     * @example
+     *
+     * _.map(['6', '8', '10'], _.ary(parseInt, 1));
+     * // => [6, 8, 10]
+     */
+    function ary(func, n, guard) {
+      n = guard ? undefined : n;
+      n = func && n == null ? func.length : n;
+      return createWrap(func, WRAP_ARY_FLAG, undefined, undefined, undefined, undefined, n);
+    }
+
+    /**
+     * Creates a function that invokes `func`, with the `this` binding and arguments
+     * of the created function, while it's called less than `n` times. Subsequent
+     * calls to the created function return the result of the last `func` invocation.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Function
+     * @param {number} n The number of calls at which `func` is no longer invoked.
+     * @param {Function} func The function to restrict.
+     * @returns {Function} Returns the new restricted function.
+     * @example
+     *
+     * jQuery(element).on('click', _.before(5, addContactToList));
+     * // => Allows adding up to 4 contacts to the list.
+     */
+    function before(n, func) {
+      var result;
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      n = toInteger(n);
+      return function () {
+        if (--n > 0) {
+          result = func.apply(this, arguments);
+        }
+        if (n <= 1) {
+          func = undefined;
+        }
+        return result;
+      };
+    }
+
+    /**
+     * Creates a function that invokes `func` with the `this` binding of `thisArg`
+     * and `partials` prepended to the arguments it receives.
+     *
+     * The `_.bind.placeholder` value, which defaults to `_` in monolithic builds,
+     * may be used as a placeholder for partially applied arguments.
+     *
+     * **Note:** Unlike native `Function#bind`, this method doesn't set the "length"
+     * property of bound functions.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to bind.
+     * @param {*} thisArg The `this` binding of `func`.
+     * @param {...*} [partials] The arguments to be partially applied.
+     * @returns {Function} Returns the new bound function.
+     * @example
+     *
+     * function greet(greeting, punctuation) {
+     *   return greeting + ' ' + this.user + punctuation;
+     * }
+     *
+     * var object = { 'user': 'fred' };
+     *
+     * var bound = _.bind(greet, object, 'hi');
+     * bound('!');
+     * // => 'hi fred!'
+     *
+     * // Bound with placeholders.
+     * var bound = _.bind(greet, object, _, '!');
+     * bound('hi');
+     * // => 'hi fred!'
+     */
+    var bind = baseRest(function (func, thisArg, partials) {
+      var bitmask = WRAP_BIND_FLAG;
+      if (partials.length) {
+        var holders = replaceHolders(partials, getHolder(bind));
+        bitmask |= WRAP_PARTIAL_FLAG;
+      }
+      return createWrap(func, bitmask, thisArg, partials, holders);
+    });
+
+    /**
+     * Creates a function that invokes the method at `object[key]` with `partials`
+     * prepended to the arguments it receives.
+     *
+     * This method differs from `_.bind` by allowing bound functions to reference
+     * methods that may be redefined or don't yet exist. See
+     * [Peter Michaux's article](http://peter.michaux.ca/articles/lazy-function-definition-pattern)
+     * for more details.
+     *
+     * The `_.bindKey.placeholder` value, which defaults to `_` in monolithic
+     * builds, may be used as a placeholder for partially applied arguments.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.10.0
+     * @category Function
+     * @param {Object} object The object to invoke the method on.
+     * @param {string} key The key of the method.
+     * @param {...*} [partials] The arguments to be partially applied.
+     * @returns {Function} Returns the new bound function.
+     * @example
+     *
+     * var object = {
+     *   'user': 'fred',
+     *   'greet': function(greeting, punctuation) {
+     *     return greeting + ' ' + this.user + punctuation;
+     *   }
+     * };
+     *
+     * var bound = _.bindKey(object, 'greet', 'hi');
+     * bound('!');
+     * // => 'hi fred!'
+     *
+     * object.greet = function(greeting, punctuation) {
+     *   return greeting + 'ya ' + this.user + punctuation;
+     * };
+     *
+     * bound('!');
+     * // => 'hiya fred!'
+     *
+     * // Bound with placeholders.
+     * var bound = _.bindKey(object, 'greet', _, '!');
+     * bound('hi');
+     * // => 'hiya fred!'
+     */
+    var bindKey = baseRest(function (object, key, partials) {
+      var bitmask = WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG;
+      if (partials.length) {
+        var holders = replaceHolders(partials, getHolder(bindKey));
+        bitmask |= WRAP_PARTIAL_FLAG;
+      }
+      return createWrap(key, bitmask, object, partials, holders);
+    });
+
+    /**
+     * Creates a function that accepts arguments of `func` and either invokes
+     * `func` returning its result, if at least `arity` number of arguments have
+     * been provided, or returns a function that accepts the remaining `func`
+     * arguments, and so on. The arity of `func` may be specified if `func.length`
+     * is not sufficient.
+     *
+     * The `_.curry.placeholder` value, which defaults to `_` in monolithic builds,
+     * may be used as a placeholder for provided arguments.
+     *
+     * **Note:** This method doesn't set the "length" property of curried functions.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Function
+     * @param {Function} func The function to curry.
+     * @param {number} [arity=func.length] The arity of `func`.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Function} Returns the new curried function.
+     * @example
+     *
+     * var abc = function(a, b, c) {
+     *   return [a, b, c];
+     * };
+     *
+     * var curried = _.curry(abc);
+     *
+     * curried(1)(2)(3);
+     * // => [1, 2, 3]
+     *
+     * curried(1, 2)(3);
+     * // => [1, 2, 3]
+     *
+     * curried(1, 2, 3);
+     * // => [1, 2, 3]
+     *
+     * // Curried with placeholders.
+     * curried(1)(_, 3)(2);
+     * // => [1, 2, 3]
+     */
+    function curry(func, arity, guard) {
+      arity = guard ? undefined : arity;
+      var result = createWrap(func, WRAP_CURRY_FLAG, undefined, undefined, undefined, undefined, undefined, arity);
+      result.placeholder = curry.placeholder;
+      return result;
+    }
+
+    /**
+     * This method is like `_.curry` except that arguments are applied to `func`
+     * in the manner of `_.partialRight` instead of `_.partial`.
+     *
+     * The `_.curryRight.placeholder` value, which defaults to `_` in monolithic
+     * builds, may be used as a placeholder for provided arguments.
+     *
+     * **Note:** This method doesn't set the "length" property of curried functions.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Function
+     * @param {Function} func The function to curry.
+     * @param {number} [arity=func.length] The arity of `func`.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Function} Returns the new curried function.
+     * @example
+     *
+     * var abc = function(a, b, c) {
+     *   return [a, b, c];
+     * };
+     *
+     * var curried = _.curryRight(abc);
+     *
+     * curried(3)(2)(1);
+     * // => [1, 2, 3]
+     *
+     * curried(2, 3)(1);
+     * // => [1, 2, 3]
+     *
+     * curried(1, 2, 3);
+     * // => [1, 2, 3]
+     *
+     * // Curried with placeholders.
+     * curried(3)(1, _)(2);
+     * // => [1, 2, 3]
+     */
+    function curryRight(func, arity, guard) {
+      arity = guard ? undefined : arity;
+      var result = createWrap(func, WRAP_CURRY_RIGHT_FLAG, undefined, undefined, undefined, undefined, undefined, arity);
+      result.placeholder = curryRight.placeholder;
+      return result;
+    }
+
+    /**
+     * Creates a debounced function that delays invoking `func` until after `wait`
+     * milliseconds have elapsed since the last time the debounced function was
+     * invoked. The debounced function comes with a `cancel` method to cancel
+     * delayed `func` invocations and a `flush` method to immediately invoke them.
+     * Provide `options` to indicate whether `func` should be invoked on the
+     * leading and/or trailing edge of the `wait` timeout. The `func` is invoked
+     * with the last arguments provided to the debounced function. Subsequent
+     * calls to the debounced function return the result of the last `func`
+     * invocation.
+     *
+     * **Note:** If `leading` and `trailing` options are `true`, `func` is
+     * invoked on the trailing edge of the timeout only if the debounced function
+     * is invoked more than once during the `wait` timeout.
+     *
+     * If `wait` is `0` and `leading` is `false`, `func` invocation is deferred
+     * until to the next tick, similar to `setTimeout` with a timeout of `0`.
+     *
+     * See [David Corbacho's article](https://css-tricks.com/debouncing-throttling-explained-examples/)
+     * for details over the differences between `_.debounce` and `_.throttle`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to debounce.
+     * @param {number} [wait=0] The number of milliseconds to delay.
+     * @param {Object} [options={}] The options object.
+     * @param {boolean} [options.leading=false]
+     *  Specify invoking on the leading edge of the timeout.
+     * @param {number} [options.maxWait]
+     *  The maximum time `func` is allowed to be delayed before it's invoked.
+     * @param {boolean} [options.trailing=true]
+     *  Specify invoking on the trailing edge of the timeout.
+     * @returns {Function} Returns the new debounced function.
+     * @example
+     *
+     * // Avoid costly calculations while the window size is in flux.
+     * jQuery(window).on('resize', _.debounce(calculateLayout, 150));
+     *
+     * // Invoke `sendMail` when clicked, debouncing subsequent calls.
+     * jQuery(element).on('click', _.debounce(sendMail, 300, {
+     *   'leading': true,
+     *   'trailing': false
+     * }));
+     *
+     * // Ensure `batchLog` is invoked once after 1 second of debounced calls.
+     * var debounced = _.debounce(batchLog, 250, { 'maxWait': 1000 });
+     * var source = new EventSource('/stream');
+     * jQuery(source).on('message', debounced);
+     *
+     * // Cancel the trailing debounced invocation.
+     * jQuery(window).on('popstate', debounced.cancel);
+     */
+    function debounce(func, wait, options) {
+      var lastArgs,
+        lastThis,
+        maxWait,
+        result,
+        timerId,
+        lastCallTime,
+        lastInvokeTime = 0,
+        leading = false,
+        maxing = false,
+        trailing = true;
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      wait = toNumber(wait) || 0;
+      if (isObject(options)) {
+        leading = !!options.leading;
+        maxing = 'maxWait' in options;
+        maxWait = maxing ? nativeMax(toNumber(options.maxWait) || 0, wait) : maxWait;
+        trailing = 'trailing' in options ? !!options.trailing : trailing;
+      }
+      function invokeFunc(time) {
+        var args = lastArgs,
+          thisArg = lastThis;
+        lastArgs = lastThis = undefined;
+        lastInvokeTime = time;
+        result = func.apply(thisArg, args);
+        return result;
+      }
+      function leadingEdge(time) {
+        // Reset any `maxWait` timer.
+        lastInvokeTime = time;
+        // Start the timer for the trailing edge.
+        timerId = setTimeout(timerExpired, wait);
+        // Invoke the leading edge.
+        return leading ? invokeFunc(time) : result;
+      }
+      function remainingWait(time) {
+        var timeSinceLastCall = time - lastCallTime,
+          timeSinceLastInvoke = time - lastInvokeTime,
+          timeWaiting = wait - timeSinceLastCall;
+        return maxing ? nativeMin(timeWaiting, maxWait - timeSinceLastInvoke) : timeWaiting;
+      }
+      function shouldInvoke(time) {
+        var timeSinceLastCall = time - lastCallTime,
+          timeSinceLastInvoke = time - lastInvokeTime;
+
+        // Either this is the first call, activity has stopped and we're at the
+        // trailing edge, the system time has gone backwards and we're treating
+        // it as the trailing edge, or we've hit the `maxWait` limit.
+        return lastCallTime === undefined || timeSinceLastCall >= wait || timeSinceLastCall < 0 || maxing && timeSinceLastInvoke >= maxWait;
+      }
+      function timerExpired() {
+        var time = now();
+        if (shouldInvoke(time)) {
+          return trailingEdge(time);
+        }
+        // Restart the timer.
+        timerId = setTimeout(timerExpired, remainingWait(time));
+      }
+      function trailingEdge(time) {
+        timerId = undefined;
+
+        // Only invoke if we have `lastArgs` which means `func` has been
+        // debounced at least once.
+        if (trailing && lastArgs) {
+          return invokeFunc(time);
+        }
+        lastArgs = lastThis = undefined;
+        return result;
+      }
+      function cancel() {
+        if (timerId !== undefined) {
+          clearTimeout(timerId);
+        }
+        lastInvokeTime = 0;
+        lastArgs = lastCallTime = lastThis = timerId = undefined;
+      }
+      function flush() {
+        return timerId === undefined ? result : trailingEdge(now());
+      }
+      function debounced() {
+        var time = now(),
+          isInvoking = shouldInvoke(time);
+        lastArgs = arguments;
+        lastThis = this;
+        lastCallTime = time;
+        if (isInvoking) {
+          if (timerId === undefined) {
+            return leadingEdge(lastCallTime);
+          }
+          if (maxing) {
+            // Handle invocations in a tight loop.
+            clearTimeout(timerId);
+            timerId = setTimeout(timerExpired, wait);
+            return invokeFunc(lastCallTime);
+          }
+        }
+        if (timerId === undefined) {
+          timerId = setTimeout(timerExpired, wait);
+        }
+        return result;
+      }
+      debounced.cancel = cancel;
+      debounced.flush = flush;
+      return debounced;
+    }
+
+    /**
+     * Defers invoking the `func` until the current call stack has cleared. Any
+     * additional arguments are provided to `func` when it's invoked.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to defer.
+     * @param {...*} [args] The arguments to invoke `func` with.
+     * @returns {number} Returns the timer id.
+     * @example
+     *
+     * _.defer(function(text) {
+     *   console.log(text);
+     * }, 'deferred');
+     * // => Logs 'deferred' after one millisecond.
+     */
+    var defer = baseRest(function (func, args) {
+      return baseDelay(func, 1, args);
+    });
+
+    /**
+     * Invokes `func` after `wait` milliseconds. Any additional arguments are
+     * provided to `func` when it's invoked.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to delay.
+     * @param {number} wait The number of milliseconds to delay invocation.
+     * @param {...*} [args] The arguments to invoke `func` with.
+     * @returns {number} Returns the timer id.
+     * @example
+     *
+     * _.delay(function(text) {
+     *   console.log(text);
+     * }, 1000, 'later');
+     * // => Logs 'later' after one second.
+     */
+    var delay = baseRest(function (func, wait, args) {
+      return baseDelay(func, toNumber(wait) || 0, args);
+    });
+
+    /**
+     * Creates a function that invokes `func` with arguments reversed.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Function
+     * @param {Function} func The function to flip arguments for.
+     * @returns {Function} Returns the new flipped function.
+     * @example
+     *
+     * var flipped = _.flip(function() {
+     *   return _.toArray(arguments);
+     * });
+     *
+     * flipped('a', 'b', 'c', 'd');
+     * // => ['d', 'c', 'b', 'a']
+     */
+    function flip(func) {
+      return createWrap(func, WRAP_FLIP_FLAG);
+    }
+
+    /**
+     * Creates a function that memoizes the result of `func`. If `resolver` is
+     * provided, it determines the cache key for storing the result based on the
+     * arguments provided to the memoized function. By default, the first argument
+     * provided to the memoized function is used as the map cache key. The `func`
+     * is invoked with the `this` binding of the memoized function.
+     *
+     * **Note:** The cache is exposed as the `cache` property on the memoized
+     * function. Its creation may be customized by replacing the `_.memoize.Cache`
+     * constructor with one whose instances implement the
+     * [`Map`](http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
+     * method interface of `clear`, `delete`, `get`, `has`, and `set`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to have its output memoized.
+     * @param {Function} [resolver] The function to resolve the cache key.
+     * @returns {Function} Returns the new memoized function.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': 2 };
+     * var other = { 'c': 3, 'd': 4 };
+     *
+     * var values = _.memoize(_.values);
+     * values(object);
+     * // => [1, 2]
+     *
+     * values(other);
+     * // => [3, 4]
+     *
+     * object.a = 2;
+     * values(object);
+     * // => [1, 2]
+     *
+     * // Modify the result cache.
+     * values.cache.set(object, ['a', 'b']);
+     * values(object);
+     * // => ['a', 'b']
+     *
+     * // Replace `_.memoize.Cache`.
+     * _.memoize.Cache = WeakMap;
+     */
+    function memoize(func, resolver) {
+      if (typeof func != 'function' || resolver != null && typeof resolver != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      var memoized = function memoized() {
+        var args = arguments,
+          key = resolver ? resolver.apply(this, args) : args[0],
+          cache = memoized.cache;
+        if (cache.has(key)) {
+          return cache.get(key);
+        }
+        var result = func.apply(this, args);
+        memoized.cache = cache.set(key, result) || cache;
+        return result;
+      };
+      memoized.cache = new (memoize.Cache || MapCache)();
+      return memoized;
+    }
+
+    // Expose `MapCache`.
+    memoize.Cache = MapCache;
+
+    /**
+     * Creates a function that negates the result of the predicate `func`. The
+     * `func` predicate is invoked with the `this` binding and arguments of the
+     * created function.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Function
+     * @param {Function} predicate The predicate to negate.
+     * @returns {Function} Returns the new negated function.
+     * @example
+     *
+     * function isEven(n) {
+     *   return n % 2 == 0;
+     * }
+     *
+     * _.filter([1, 2, 3, 4, 5, 6], _.negate(isEven));
+     * // => [1, 3, 5]
+     */
+    function negate(predicate) {
+      if (typeof predicate != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      return function () {
+        var args = arguments;
+        switch (args.length) {
+          case 0:
+            return !predicate.call(this);
+          case 1:
+            return !predicate.call(this, args[0]);
+          case 2:
+            return !predicate.call(this, args[0], args[1]);
+          case 3:
+            return !predicate.call(this, args[0], args[1], args[2]);
+        }
+        return !predicate.apply(this, args);
+      };
+    }
+
+    /**
+     * Creates a function that is restricted to invoking `func` once. Repeat calls
+     * to the function return the value of the first invocation. The `func` is
+     * invoked with the `this` binding and arguments of the created function.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to restrict.
+     * @returns {Function} Returns the new restricted function.
+     * @example
+     *
+     * var initialize = _.once(createApplication);
+     * initialize();
+     * initialize();
+     * // => `createApplication` is invoked once
+     */
+    function once(func) {
+      return before(2, func);
+    }
+
+    /**
+     * Creates a function that invokes `func` with its arguments transformed.
+     *
+     * @static
+     * @since 4.0.0
+     * @memberOf _
+     * @category Function
+     * @param {Function} func The function to wrap.
+     * @param {...(Function|Function[])} [transforms=[_.identity]]
+     *  The argument transforms.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * function doubled(n) {
+     *   return n * 2;
+     * }
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * var func = _.overArgs(function(x, y) {
+     *   return [x, y];
+     * }, [square, doubled]);
+     *
+     * func(9, 3);
+     * // => [81, 6]
+     *
+     * func(10, 5);
+     * // => [100, 10]
+     */
+    var overArgs = castRest(function (func, transforms) {
+      transforms = transforms.length == 1 && isArray(transforms[0]) ? arrayMap(transforms[0], baseUnary(getIteratee())) : arrayMap(baseFlatten(transforms, 1), baseUnary(getIteratee()));
+      var funcsLength = transforms.length;
+      return baseRest(function (args) {
+        var index = -1,
+          length = nativeMin(args.length, funcsLength);
+        while (++index < length) {
+          args[index] = transforms[index].call(this, args[index]);
+        }
+        return apply(func, this, args);
+      });
+    });
+
+    /**
+     * Creates a function that invokes `func` with `partials` prepended to the
+     * arguments it receives. This method is like `_.bind` except it does **not**
+     * alter the `this` binding.
+     *
+     * The `_.partial.placeholder` value, which defaults to `_` in monolithic
+     * builds, may be used as a placeholder for partially applied arguments.
+     *
+     * **Note:** This method doesn't set the "length" property of partially
+     * applied functions.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.2.0
+     * @category Function
+     * @param {Function} func The function to partially apply arguments to.
+     * @param {...*} [partials] The arguments to be partially applied.
+     * @returns {Function} Returns the new partially applied function.
+     * @example
+     *
+     * function greet(greeting, name) {
+     *   return greeting + ' ' + name;
+     * }
+     *
+     * var sayHelloTo = _.partial(greet, 'hello');
+     * sayHelloTo('fred');
+     * // => 'hello fred'
+     *
+     * // Partially applied with placeholders.
+     * var greetFred = _.partial(greet, _, 'fred');
+     * greetFred('hi');
+     * // => 'hi fred'
+     */
+    var partial = baseRest(function (func, partials) {
+      var holders = replaceHolders(partials, getHolder(partial));
+      return createWrap(func, WRAP_PARTIAL_FLAG, undefined, partials, holders);
+    });
+
+    /**
+     * This method is like `_.partial` except that partially applied arguments
+     * are appended to the arguments it receives.
+     *
+     * The `_.partialRight.placeholder` value, which defaults to `_` in monolithic
+     * builds, may be used as a placeholder for partially applied arguments.
+     *
+     * **Note:** This method doesn't set the "length" property of partially
+     * applied functions.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.0.0
+     * @category Function
+     * @param {Function} func The function to partially apply arguments to.
+     * @param {...*} [partials] The arguments to be partially applied.
+     * @returns {Function} Returns the new partially applied function.
+     * @example
+     *
+     * function greet(greeting, name) {
+     *   return greeting + ' ' + name;
+     * }
+     *
+     * var greetFred = _.partialRight(greet, 'fred');
+     * greetFred('hi');
+     * // => 'hi fred'
+     *
+     * // Partially applied with placeholders.
+     * var sayHelloTo = _.partialRight(greet, 'hello', _);
+     * sayHelloTo('fred');
+     * // => 'hello fred'
+     */
+    var partialRight = baseRest(function (func, partials) {
+      var holders = replaceHolders(partials, getHolder(partialRight));
+      return createWrap(func, WRAP_PARTIAL_RIGHT_FLAG, undefined, partials, holders);
+    });
+
+    /**
+     * Creates a function that invokes `func` with arguments arranged according
+     * to the specified `indexes` where the argument value at the first index is
+     * provided as the first argument, the argument value at the second index is
+     * provided as the second argument, and so on.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Function
+     * @param {Function} func The function to rearrange arguments for.
+     * @param {...(number|number[])} indexes The arranged argument indexes.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var rearged = _.rearg(function(a, b, c) {
+     *   return [a, b, c];
+     * }, [2, 0, 1]);
+     *
+     * rearged('b', 'c', 'a')
+     * // => ['a', 'b', 'c']
+     */
+    var rearg = flatRest(function (func, indexes) {
+      return createWrap(func, WRAP_REARG_FLAG, undefined, undefined, undefined, indexes);
+    });
+
+    /**
+     * Creates a function that invokes `func` with the `this` binding of the
+     * created function and arguments from `start` and beyond provided as
+     * an array.
+     *
+     * **Note:** This method is based on the
+     * [rest parameter](https://mdn.io/rest_parameters).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Function
+     * @param {Function} func The function to apply a rest parameter to.
+     * @param {number} [start=func.length-1] The start position of the rest parameter.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var say = _.rest(function(what, names) {
+     *   return what + ' ' + _.initial(names).join(', ') +
+     *     (_.size(names) > 1 ? ', & ' : '') + _.last(names);
+     * });
+     *
+     * say('hello', 'fred', 'barney', 'pebbles');
+     * // => 'hello fred, barney, & pebbles'
+     */
+    function rest(func, start) {
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      start = start === undefined ? start : toInteger(start);
+      return baseRest(func, start);
+    }
+
+    /**
+     * Creates a function that invokes `func` with the `this` binding of the
+     * create function and an array of arguments much like
+     * [`Function#apply`](http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).
+     *
+     * **Note:** This method is based on the
+     * [spread operator](https://mdn.io/spread_operator).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.2.0
+     * @category Function
+     * @param {Function} func The function to spread arguments over.
+     * @param {number} [start=0] The start position of the spread.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var say = _.spread(function(who, what) {
+     *   return who + ' says ' + what;
+     * });
+     *
+     * say(['fred', 'hello']);
+     * // => 'fred says hello'
+     *
+     * var numbers = Promise.all([
+     *   Promise.resolve(40),
+     *   Promise.resolve(36)
+     * ]);
+     *
+     * numbers.then(_.spread(function(x, y) {
+     *   return x + y;
+     * }));
+     * // => a Promise of 76
+     */
+    function spread(func, start) {
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      start = start == null ? 0 : nativeMax(toInteger(start), 0);
+      return baseRest(function (args) {
+        var array = args[start],
+          otherArgs = castSlice(args, 0, start);
+        if (array) {
+          arrayPush(otherArgs, array);
+        }
+        return apply(func, this, otherArgs);
+      });
+    }
+
+    /**
+     * Creates a throttled function that only invokes `func` at most once per
+     * every `wait` milliseconds. The throttled function comes with a `cancel`
+     * method to cancel delayed `func` invocations and a `flush` method to
+     * immediately invoke them. Provide `options` to indicate whether `func`
+     * should be invoked on the leading and/or trailing edge of the `wait`
+     * timeout. The `func` is invoked with the last arguments provided to the
+     * throttled function. Subsequent calls to the throttled function return the
+     * result of the last `func` invocation.
+     *
+     * **Note:** If `leading` and `trailing` options are `true`, `func` is
+     * invoked on the trailing edge of the timeout only if the throttled function
+     * is invoked more than once during the `wait` timeout.
+     *
+     * If `wait` is `0` and `leading` is `false`, `func` invocation is deferred
+     * until to the next tick, similar to `setTimeout` with a timeout of `0`.
+     *
+     * See [David Corbacho's article](https://css-tricks.com/debouncing-throttling-explained-examples/)
+     * for details over the differences between `_.throttle` and `_.debounce`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {Function} func The function to throttle.
+     * @param {number} [wait=0] The number of milliseconds to throttle invocations to.
+     * @param {Object} [options={}] The options object.
+     * @param {boolean} [options.leading=true]
+     *  Specify invoking on the leading edge of the timeout.
+     * @param {boolean} [options.trailing=true]
+     *  Specify invoking on the trailing edge of the timeout.
+     * @returns {Function} Returns the new throttled function.
+     * @example
+     *
+     * // Avoid excessively updating the position while scrolling.
+     * jQuery(window).on('scroll', _.throttle(updatePosition, 100));
+     *
+     * // Invoke `renewToken` when the click event is fired, but not more than once every 5 minutes.
+     * var throttled = _.throttle(renewToken, 300000, { 'trailing': false });
+     * jQuery(element).on('click', throttled);
+     *
+     * // Cancel the trailing throttled invocation.
+     * jQuery(window).on('popstate', throttled.cancel);
+     */
+    function throttle(func, wait, options) {
+      var leading = true,
+        trailing = true;
+      if (typeof func != 'function') {
+        throw new TypeError(FUNC_ERROR_TEXT);
+      }
+      if (isObject(options)) {
+        leading = 'leading' in options ? !!options.leading : leading;
+        trailing = 'trailing' in options ? !!options.trailing : trailing;
+      }
+      return debounce(func, wait, {
+        'leading': leading,
+        'maxWait': wait,
+        'trailing': trailing
+      });
+    }
+
+    /**
+     * Creates a function that accepts up to one argument, ignoring any
+     * additional arguments.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Function
+     * @param {Function} func The function to cap arguments for.
+     * @returns {Function} Returns the new capped function.
+     * @example
+     *
+     * _.map(['6', '8', '10'], _.unary(parseInt));
+     * // => [6, 8, 10]
+     */
+    function unary(func) {
+      return ary(func, 1);
+    }
+
+    /**
+     * Creates a function that provides `value` to `wrapper` as its first
+     * argument. Any additional arguments provided to the function are appended
+     * to those provided to the `wrapper`. The wrapper is invoked with the `this`
+     * binding of the created function.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Function
+     * @param {*} value The value to wrap.
+     * @param {Function} [wrapper=identity] The wrapper function.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var p = _.wrap(_.escape, function(func, text) {
+     *   return '<p>' + func(text) + '</p>';
+     * });
+     *
+     * p('fred, barney, & pebbles');
+     * // => '<p>fred, barney, &amp; pebbles</p>'
+     */
+    function wrap(value, wrapper) {
+      return partial(castFunction(wrapper), value);
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Casts `value` as an array if it's not one.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.4.0
+     * @category Lang
+     * @param {*} value The value to inspect.
+     * @returns {Array} Returns the cast array.
+     * @example
+     *
+     * _.castArray(1);
+     * // => [1]
+     *
+     * _.castArray({ 'a': 1 });
+     * // => [{ 'a': 1 }]
+     *
+     * _.castArray('abc');
+     * // => ['abc']
+     *
+     * _.castArray(null);
+     * // => [null]
+     *
+     * _.castArray(undefined);
+     * // => [undefined]
+     *
+     * _.castArray();
+     * // => []
+     *
+     * var array = [1, 2, 3];
+     * console.log(_.castArray(array) === array);
+     * // => true
+     */
+    function castArray() {
+      if (!arguments.length) {
+        return [];
+      }
+      var value = arguments[0];
+      return isArray(value) ? value : [value];
+    }
+
+    /**
+     * Creates a shallow clone of `value`.
+     *
+     * **Note:** This method is loosely based on the
+     * [structured clone algorithm](https://mdn.io/Structured_clone_algorithm)
+     * and supports cloning arrays, array buffers, booleans, date objects, maps,
+     * numbers, `Object` objects, regexes, sets, strings, symbols, and typed
+     * arrays. The own enumerable properties of `arguments` objects are cloned
+     * as plain objects. An empty object is returned for uncloneable values such
+     * as error objects, functions, DOM nodes, and WeakMaps.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to clone.
+     * @returns {*} Returns the cloned value.
+     * @see _.cloneDeep
+     * @example
+     *
+     * var objects = [{ 'a': 1 }, { 'b': 2 }];
+     *
+     * var shallow = _.clone(objects);
+     * console.log(shallow[0] === objects[0]);
+     * // => true
+     */
+    function clone(value) {
+      return baseClone(value, CLONE_SYMBOLS_FLAG);
+    }
+
+    /**
+     * This method is like `_.clone` except that it accepts `customizer` which
+     * is invoked to produce the cloned value. If `customizer` returns `undefined`,
+     * cloning is handled by the method instead. The `customizer` is invoked with
+     * up to four arguments; (value [, index|key, object, stack]).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to clone.
+     * @param {Function} [customizer] The function to customize cloning.
+     * @returns {*} Returns the cloned value.
+     * @see _.cloneDeepWith
+     * @example
+     *
+     * function customizer(value) {
+     *   if (_.isElement(value)) {
+     *     return value.cloneNode(false);
+     *   }
+     * }
+     *
+     * var el = _.cloneWith(document.body, customizer);
+     *
+     * console.log(el === document.body);
+     * // => false
+     * console.log(el.nodeName);
+     * // => 'BODY'
+     * console.log(el.childNodes.length);
+     * // => 0
+     */
+    function cloneWith(value, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      return baseClone(value, CLONE_SYMBOLS_FLAG, customizer);
+    }
+
+    /**
+     * This method is like `_.clone` except that it recursively clones `value`.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.0.0
+     * @category Lang
+     * @param {*} value The value to recursively clone.
+     * @returns {*} Returns the deep cloned value.
+     * @see _.clone
+     * @example
+     *
+     * var objects = [{ 'a': 1 }, { 'b': 2 }];
+     *
+     * var deep = _.cloneDeep(objects);
+     * console.log(deep[0] === objects[0]);
+     * // => false
+     */
+    function cloneDeep(value) {
+      return baseClone(value, CLONE_DEEP_FLAG | CLONE_SYMBOLS_FLAG);
+    }
+
+    /**
+     * This method is like `_.cloneWith` except that it recursively clones `value`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to recursively clone.
+     * @param {Function} [customizer] The function to customize cloning.
+     * @returns {*} Returns the deep cloned value.
+     * @see _.cloneWith
+     * @example
+     *
+     * function customizer(value) {
+     *   if (_.isElement(value)) {
+     *     return value.cloneNode(true);
+     *   }
+     * }
+     *
+     * var el = _.cloneDeepWith(document.body, customizer);
+     *
+     * console.log(el === document.body);
+     * // => false
+     * console.log(el.nodeName);
+     * // => 'BODY'
+     * console.log(el.childNodes.length);
+     * // => 20
+     */
+    function cloneDeepWith(value, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      return baseClone(value, CLONE_DEEP_FLAG | CLONE_SYMBOLS_FLAG, customizer);
+    }
+
+    /**
+     * Checks if `object` conforms to `source` by invoking the predicate
+     * properties of `source` with the corresponding property values of `object`.
+     *
+     * **Note:** This method is equivalent to `_.conforms` when `source` is
+     * partially applied.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.14.0
+     * @category Lang
+     * @param {Object} object The object to inspect.
+     * @param {Object} source The object of property predicates to conform to.
+     * @returns {boolean} Returns `true` if `object` conforms, else `false`.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': 2 };
+     *
+     * _.conformsTo(object, { 'b': function(n) { return n > 1; } });
+     * // => true
+     *
+     * _.conformsTo(object, { 'b': function(n) { return n > 2; } });
+     * // => false
+     */
+    function conformsTo(object, source) {
+      return source == null || baseConformsTo(object, source, keys(source));
+    }
+
+    /**
+     * Performs a
+     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
+     * comparison between two values to determine if they are equivalent.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
+     * @example
+     *
+     * var object = { 'a': 1 };
+     * var other = { 'a': 1 };
+     *
+     * _.eq(object, object);
+     * // => true
+     *
+     * _.eq(object, other);
+     * // => false
+     *
+     * _.eq('a', 'a');
+     * // => true
+     *
+     * _.eq('a', Object('a'));
+     * // => false
+     *
+     * _.eq(NaN, NaN);
+     * // => true
+     */
+    function eq(value, other) {
+      return value === other || value !== value && other !== other;
+    }
+
+    /**
+     * Checks if `value` is greater than `other`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.9.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is greater than `other`,
+     *  else `false`.
+     * @see _.lt
+     * @example
+     *
+     * _.gt(3, 1);
+     * // => true
+     *
+     * _.gt(3, 3);
+     * // => false
+     *
+     * _.gt(1, 3);
+     * // => false
+     */
+    var gt = createRelationalOperation(baseGt);
+
+    /**
+     * Checks if `value` is greater than or equal to `other`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.9.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is greater than or equal to
+     *  `other`, else `false`.
+     * @see _.lte
+     * @example
+     *
+     * _.gte(3, 1);
+     * // => true
+     *
+     * _.gte(3, 3);
+     * // => true
+     *
+     * _.gte(1, 3);
+     * // => false
+     */
+    var gte = createRelationalOperation(function (value, other) {
+      return value >= other;
+    });
+
+    /**
+     * Checks if `value` is likely an `arguments` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an `arguments` object,
+     *  else `false`.
+     * @example
+     *
+     * _.isArguments(function() { return arguments; }());
+     * // => true
+     *
+     * _.isArguments([1, 2, 3]);
+     * // => false
+     */
+    var isArguments = baseIsArguments(function () {
+      return arguments;
+    }()) ? baseIsArguments : function (value) {
+      return isObjectLike(value) && hasOwnProperty.call(value, 'callee') && !propertyIsEnumerable.call(value, 'callee');
+    };
+
+    /**
+     * Checks if `value` is classified as an `Array` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an array, else `false`.
+     * @example
+     *
+     * _.isArray([1, 2, 3]);
+     * // => true
+     *
+     * _.isArray(document.body.children);
+     * // => false
+     *
+     * _.isArray('abc');
+     * // => false
+     *
+     * _.isArray(_.noop);
+     * // => false
+     */
+    var isArray = Array.isArray;
+
+    /**
+     * Checks if `value` is classified as an `ArrayBuffer` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an array buffer, else `false`.
+     * @example
+     *
+     * _.isArrayBuffer(new ArrayBuffer(2));
+     * // => true
+     *
+     * _.isArrayBuffer(new Array(2));
+     * // => false
+     */
+    var isArrayBuffer = nodeIsArrayBuffer ? baseUnary(nodeIsArrayBuffer) : baseIsArrayBuffer;
+
+    /**
+     * Checks if `value` is array-like. A value is considered array-like if it's
+     * not a function and has a `value.length` that's an integer greater than or
+     * equal to `0` and less than or equal to `Number.MAX_SAFE_INTEGER`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is array-like, else `false`.
+     * @example
+     *
+     * _.isArrayLike([1, 2, 3]);
+     * // => true
+     *
+     * _.isArrayLike(document.body.children);
+     * // => true
+     *
+     * _.isArrayLike('abc');
+     * // => true
+     *
+     * _.isArrayLike(_.noop);
+     * // => false
+     */
+    function isArrayLike(value) {
+      return value != null && isLength(value.length) && !isFunction(value);
+    }
+
+    /**
+     * This method is like `_.isArrayLike` except that it also checks if `value`
+     * is an object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an array-like object,
+     *  else `false`.
+     * @example
+     *
+     * _.isArrayLikeObject([1, 2, 3]);
+     * // => true
+     *
+     * _.isArrayLikeObject(document.body.children);
+     * // => true
+     *
+     * _.isArrayLikeObject('abc');
+     * // => false
+     *
+     * _.isArrayLikeObject(_.noop);
+     * // => false
+     */
+    function isArrayLikeObject(value) {
+      return isObjectLike(value) && isArrayLike(value);
+    }
+
+    /**
+     * Checks if `value` is classified as a boolean primitive or object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a boolean, else `false`.
+     * @example
+     *
+     * _.isBoolean(false);
+     * // => true
+     *
+     * _.isBoolean(null);
+     * // => false
+     */
+    function isBoolean(value) {
+      return value === true || value === false || isObjectLike(value) && baseGetTag(value) == boolTag;
+    }
+
+    /**
+     * Checks if `value` is a buffer.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a buffer, else `false`.
+     * @example
+     *
+     * _.isBuffer(new Buffer(2));
+     * // => true
+     *
+     * _.isBuffer(new Uint8Array(2));
+     * // => false
+     */
+    var isBuffer = nativeIsBuffer || stubFalse;
+
+    /**
+     * Checks if `value` is classified as a `Date` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a date object, else `false`.
+     * @example
+     *
+     * _.isDate(new Date);
+     * // => true
+     *
+     * _.isDate('Mon April 23 2012');
+     * // => false
+     */
+    var isDate = nodeIsDate ? baseUnary(nodeIsDate) : baseIsDate;
+
+    /**
+     * Checks if `value` is likely a DOM element.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a DOM element, else `false`.
+     * @example
+     *
+     * _.isElement(document.body);
+     * // => true
+     *
+     * _.isElement('<body>');
+     * // => false
+     */
+    function isElement(value) {
+      return isObjectLike(value) && value.nodeType === 1 && !isPlainObject(value);
+    }
+
+    /**
+     * Checks if `value` is an empty object, collection, map, or set.
+     *
+     * Objects are considered empty if they have no own enumerable string keyed
+     * properties.
+     *
+     * Array-like values such as `arguments` objects, arrays, buffers, strings, or
+     * jQuery-like collections are considered empty if they have a `length` of `0`.
+     * Similarly, maps and sets are considered empty if they have a `size` of `0`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is empty, else `false`.
+     * @example
+     *
+     * _.isEmpty(null);
+     * // => true
+     *
+     * _.isEmpty(true);
+     * // => true
+     *
+     * _.isEmpty(1);
+     * // => true
+     *
+     * _.isEmpty([1, 2, 3]);
+     * // => false
+     *
+     * _.isEmpty({ 'a': 1 });
+     * // => false
+     */
+    function isEmpty(value) {
+      if (value == null) {
+        return true;
+      }
+      if (isArrayLike(value) && (isArray(value) || typeof value == 'string' || typeof value.splice == 'function' || isBuffer(value) || isTypedArray(value) || isArguments(value))) {
+        return !value.length;
+      }
+      var tag = getTag(value);
+      if (tag == mapTag || tag == setTag) {
+        return !value.size;
+      }
+      if (isPrototype(value)) {
+        return !baseKeys(value).length;
+      }
+      for (var key in value) {
+        if (hasOwnProperty.call(value, key)) {
+          return false;
+        }
+      }
+      return true;
+    }
+
+    /**
+     * Performs a deep comparison between two values to determine if they are
+     * equivalent.
+     *
+     * **Note:** This method supports comparing arrays, array buffers, booleans,
+     * date objects, error objects, maps, numbers, `Object` objects, regexes,
+     * sets, strings, symbols, and typed arrays. `Object` objects are compared
+     * by their own, not inherited, enumerable properties. Functions and DOM
+     * nodes are compared by strict equality, i.e. `===`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
+     * @example
+     *
+     * var object = { 'a': 1 };
+     * var other = { 'a': 1 };
+     *
+     * _.isEqual(object, other);
+     * // => true
+     *
+     * object === other;
+     * // => false
+     */
+    function isEqual(value, other) {
+      return baseIsEqual(value, other);
+    }
+
+    /**
+     * This method is like `_.isEqual` except that it accepts `customizer` which
+     * is invoked to compare values. If `customizer` returns `undefined`, comparisons
+     * are handled by the method instead. The `customizer` is invoked with up to
+     * six arguments: (objValue, othValue [, index|key, object, other, stack]).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @param {Function} [customizer] The function to customize comparisons.
+     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
+     * @example
+     *
+     * function isGreeting(value) {
+     *   return /^h(?:i|ello)$/.test(value);
+     * }
+     *
+     * function customizer(objValue, othValue) {
+     *   if (isGreeting(objValue) && isGreeting(othValue)) {
+     *     return true;
+     *   }
+     * }
+     *
+     * var array = ['hello', 'goodbye'];
+     * var other = ['hi', 'goodbye'];
+     *
+     * _.isEqualWith(array, other, customizer);
+     * // => true
+     */
+    function isEqualWith(value, other, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      var result = customizer ? customizer(value, other) : undefined;
+      return result === undefined ? baseIsEqual(value, other, undefined, customizer) : !!result;
+    }
+
+    /**
+     * Checks if `value` is an `Error`, `EvalError`, `RangeError`, `ReferenceError`,
+     * `SyntaxError`, `TypeError`, or `URIError` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an error object, else `false`.
+     * @example
+     *
+     * _.isError(new Error);
+     * // => true
+     *
+     * _.isError(Error);
+     * // => false
+     */
+    function isError(value) {
+      if (!isObjectLike(value)) {
+        return false;
+      }
+      var tag = baseGetTag(value);
+      return tag == errorTag || tag == domExcTag || typeof value.message == 'string' && typeof value.name == 'string' && !isPlainObject(value);
+    }
+
+    /**
+     * Checks if `value` is a finite primitive number.
+     *
+     * **Note:** This method is based on
+     * [`Number.isFinite`](https://mdn.io/Number/isFinite).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a finite number, else `false`.
+     * @example
+     *
+     * _.isFinite(3);
+     * // => true
+     *
+     * _.isFinite(Number.MIN_VALUE);
+     * // => true
+     *
+     * _.isFinite(Infinity);
+     * // => false
+     *
+     * _.isFinite('3');
+     * // => false
+     */
+    function isFinite(value) {
+      return typeof value == 'number' && nativeIsFinite(value);
+    }
+
+    /**
+     * Checks if `value` is classified as a `Function` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a function, else `false`.
+     * @example
+     *
+     * _.isFunction(_);
+     * // => true
+     *
+     * _.isFunction(/abc/);
+     * // => false
+     */
+    function isFunction(value) {
+      if (!isObject(value)) {
+        return false;
+      }
+      // The use of `Object#toString` avoids issues with the `typeof` operator
+      // in Safari 9 which returns 'object' for typed arrays and other constructors.
+      var tag = baseGetTag(value);
+      return tag == funcTag || tag == genTag || tag == asyncTag || tag == proxyTag;
+    }
+
+    /**
+     * Checks if `value` is an integer.
+     *
+     * **Note:** This method is based on
+     * [`Number.isInteger`](https://mdn.io/Number/isInteger).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an integer, else `false`.
+     * @example
+     *
+     * _.isInteger(3);
+     * // => true
+     *
+     * _.isInteger(Number.MIN_VALUE);
+     * // => false
+     *
+     * _.isInteger(Infinity);
+     * // => false
+     *
+     * _.isInteger('3');
+     * // => false
+     */
+    function isInteger(value) {
+      return typeof value == 'number' && value == toInteger(value);
+    }
+
+    /**
+     * Checks if `value` is a valid array-like length.
+     *
+     * **Note:** This method is loosely based on
+     * [`ToLength`](http://ecma-international.org/ecma-262/7.0/#sec-tolength).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a valid length, else `false`.
+     * @example
+     *
+     * _.isLength(3);
+     * // => true
+     *
+     * _.isLength(Number.MIN_VALUE);
+     * // => false
+     *
+     * _.isLength(Infinity);
+     * // => false
+     *
+     * _.isLength('3');
+     * // => false
+     */
+    function isLength(value) {
+      return typeof value == 'number' && value > -1 && value % 1 == 0 && value <= MAX_SAFE_INTEGER;
+    }
+
+    /**
+     * Checks if `value` is the
+     * [language type](http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
+     * of `Object`. (e.g. arrays, functions, objects, regexes, `new Number(0)`, and `new String('')`)
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is an object, else `false`.
+     * @example
+     *
+     * _.isObject({});
+     * // => true
+     *
+     * _.isObject([1, 2, 3]);
+     * // => true
+     *
+     * _.isObject(_.noop);
+     * // => true
+     *
+     * _.isObject(null);
+     * // => false
+     */
+    function isObject(value) {
+      var type = typeof value;
+      return value != null && (type == 'object' || type == 'function');
+    }
+
+    /**
+     * Checks if `value` is object-like. A value is object-like if it's not `null`
+     * and has a `typeof` result of "object".
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is object-like, else `false`.
+     * @example
+     *
+     * _.isObjectLike({});
+     * // => true
+     *
+     * _.isObjectLike([1, 2, 3]);
+     * // => true
+     *
+     * _.isObjectLike(_.noop);
+     * // => false
+     *
+     * _.isObjectLike(null);
+     * // => false
+     */
+    function isObjectLike(value) {
+      return value != null && typeof value == 'object';
+    }
+
+    /**
+     * Checks if `value` is classified as a `Map` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a map, else `false`.
+     * @example
+     *
+     * _.isMap(new Map);
+     * // => true
+     *
+     * _.isMap(new WeakMap);
+     * // => false
+     */
+    var isMap = nodeIsMap ? baseUnary(nodeIsMap) : baseIsMap;
+
+    /**
+     * Performs a partial deep comparison between `object` and `source` to
+     * determine if `object` contains equivalent property values.
+     *
+     * **Note:** This method is equivalent to `_.matches` when `source` is
+     * partially applied.
+     *
+     * Partial comparisons will match empty array and empty object `source`
+     * values against any array or object value, respectively. See `_.isEqual`
+     * for a list of supported value comparisons.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Lang
+     * @param {Object} object The object to inspect.
+     * @param {Object} source The object of property values to match.
+     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': 2 };
+     *
+     * _.isMatch(object, { 'b': 2 });
+     * // => true
+     *
+     * _.isMatch(object, { 'b': 1 });
+     * // => false
+     */
+    function isMatch(object, source) {
+      return object === source || baseIsMatch(object, source, getMatchData(source));
+    }
+
+    /**
+     * This method is like `_.isMatch` except that it accepts `customizer` which
+     * is invoked to compare values. If `customizer` returns `undefined`, comparisons
+     * are handled by the method instead. The `customizer` is invoked with five
+     * arguments: (objValue, srcValue, index|key, object, source).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {Object} object The object to inspect.
+     * @param {Object} source The object of property values to match.
+     * @param {Function} [customizer] The function to customize comparisons.
+     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
+     * @example
+     *
+     * function isGreeting(value) {
+     *   return /^h(?:i|ello)$/.test(value);
+     * }
+     *
+     * function customizer(objValue, srcValue) {
+     *   if (isGreeting(objValue) && isGreeting(srcValue)) {
+     *     return true;
+     *   }
+     * }
+     *
+     * var object = { 'greeting': 'hello' };
+     * var source = { 'greeting': 'hi' };
+     *
+     * _.isMatchWith(object, source, customizer);
+     * // => true
+     */
+    function isMatchWith(object, source, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      return baseIsMatch(object, source, getMatchData(source), customizer);
+    }
+
+    /**
+     * Checks if `value` is `NaN`.
+     *
+     * **Note:** This method is based on
+     * [`Number.isNaN`](https://mdn.io/Number/isNaN) and is not the same as
+     * global [`isNaN`](https://mdn.io/isNaN) which returns `true` for
+     * `undefined` and other non-number values.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is `NaN`, else `false`.
+     * @example
+     *
+     * _.isNaN(NaN);
+     * // => true
+     *
+     * _.isNaN(new Number(NaN));
+     * // => true
+     *
+     * isNaN(undefined);
+     * // => true
+     *
+     * _.isNaN(undefined);
+     * // => false
+     */
+    function isNaN(value) {
+      // An `NaN` primitive is the only value that is not equal to itself.
+      // Perform the `toStringTag` check first to avoid errors with some
+      // ActiveX objects in IE.
+      return isNumber(value) && value != +value;
+    }
+
+    /**
+     * Checks if `value` is a pristine native function.
+     *
+     * **Note:** This method can't reliably detect native functions in the presence
+     * of the core-js package because core-js circumvents this kind of detection.
+     * Despite multiple requests, the core-js maintainer has made it clear: any
+     * attempt to fix the detection will be obstructed. As a result, we're left
+     * with little choice but to throw an error. Unfortunately, this also affects
+     * packages, like [babel-polyfill](https://www.npmjs.com/package/babel-polyfill),
+     * which rely on core-js.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a native function,
+     *  else `false`.
+     * @example
+     *
+     * _.isNative(Array.prototype.push);
+     * // => true
+     *
+     * _.isNative(_);
+     * // => false
+     */
+    function isNative(value) {
+      if (isMaskable(value)) {
+        throw new Error(CORE_ERROR_TEXT);
+      }
+      return baseIsNative(value);
+    }
+
+    /**
+     * Checks if `value` is `null`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is `null`, else `false`.
+     * @example
+     *
+     * _.isNull(null);
+     * // => true
+     *
+     * _.isNull(void 0);
+     * // => false
+     */
+    function isNull(value) {
+      return value === null;
+    }
+
+    /**
+     * Checks if `value` is `null` or `undefined`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is nullish, else `false`.
+     * @example
+     *
+     * _.isNil(null);
+     * // => true
+     *
+     * _.isNil(void 0);
+     * // => true
+     *
+     * _.isNil(NaN);
+     * // => false
+     */
+    function isNil(value) {
+      return value == null;
+    }
+
+    /**
+     * Checks if `value` is classified as a `Number` primitive or object.
+     *
+     * **Note:** To exclude `Infinity`, `-Infinity`, and `NaN`, which are
+     * classified as numbers, use the `_.isFinite` method.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a number, else `false`.
+     * @example
+     *
+     * _.isNumber(3);
+     * // => true
+     *
+     * _.isNumber(Number.MIN_VALUE);
+     * // => true
+     *
+     * _.isNumber(Infinity);
+     * // => true
+     *
+     * _.isNumber('3');
+     * // => false
+     */
+    function isNumber(value) {
+      return typeof value == 'number' || isObjectLike(value) && baseGetTag(value) == numberTag;
+    }
+
+    /**
+     * Checks if `value` is a plain object, that is, an object created by the
+     * `Object` constructor or one with a `[[Prototype]]` of `null`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.8.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a plain object, else `false`.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     * }
+     *
+     * _.isPlainObject(new Foo);
+     * // => false
+     *
+     * _.isPlainObject([1, 2, 3]);
+     * // => false
+     *
+     * _.isPlainObject({ 'x': 0, 'y': 0 });
+     * // => true
+     *
+     * _.isPlainObject(Object.create(null));
+     * // => true
+     */
+    function isPlainObject(value) {
+      if (!isObjectLike(value) || baseGetTag(value) != objectTag) {
+        return false;
+      }
+      var proto = getPrototype(value);
+      if (proto === null) {
+        return true;
+      }
+      var Ctor = hasOwnProperty.call(proto, 'constructor') && proto.constructor;
+      return typeof Ctor == 'function' && Ctor instanceof Ctor && funcToString.call(Ctor) == objectCtorString;
+    }
+
+    /**
+     * Checks if `value` is classified as a `RegExp` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.1.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a regexp, else `false`.
+     * @example
+     *
+     * _.isRegExp(/abc/);
+     * // => true
+     *
+     * _.isRegExp('/abc/');
+     * // => false
+     */
+    var isRegExp = nodeIsRegExp ? baseUnary(nodeIsRegExp) : baseIsRegExp;
+
+    /**
+     * Checks if `value` is a safe integer. An integer is safe if it's an IEEE-754
+     * double precision number which isn't the result of a rounded unsafe integer.
+     *
+     * **Note:** This method is based on
+     * [`Number.isSafeInteger`](https://mdn.io/Number/isSafeInteger).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a safe integer, else `false`.
+     * @example
+     *
+     * _.isSafeInteger(3);
+     * // => true
+     *
+     * _.isSafeInteger(Number.MIN_VALUE);
+     * // => false
+     *
+     * _.isSafeInteger(Infinity);
+     * // => false
+     *
+     * _.isSafeInteger('3');
+     * // => false
+     */
+    function isSafeInteger(value) {
+      return isInteger(value) && value >= -MAX_SAFE_INTEGER && value <= MAX_SAFE_INTEGER;
+    }
+
+    /**
+     * Checks if `value` is classified as a `Set` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a set, else `false`.
+     * @example
+     *
+     * _.isSet(new Set);
+     * // => true
+     *
+     * _.isSet(new WeakSet);
+     * // => false
+     */
+    var isSet = nodeIsSet ? baseUnary(nodeIsSet) : baseIsSet;
+
+    /**
+     * Checks if `value` is classified as a `String` primitive or object.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a string, else `false`.
+     * @example
+     *
+     * _.isString('abc');
+     * // => true
+     *
+     * _.isString(1);
+     * // => false
+     */
+    function isString(value) {
+      return typeof value == 'string' || !isArray(value) && isObjectLike(value) && baseGetTag(value) == stringTag;
+    }
+
+    /**
+     * Checks if `value` is classified as a `Symbol` primitive or object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a symbol, else `false`.
+     * @example
+     *
+     * _.isSymbol(Symbol.iterator);
+     * // => true
+     *
+     * _.isSymbol('abc');
+     * // => false
+     */
+    function isSymbol(value) {
+      return typeof value == 'symbol' || isObjectLike(value) && baseGetTag(value) == symbolTag;
+    }
+
+    /**
+     * Checks if `value` is classified as a typed array.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a typed array, else `false`.
+     * @example
+     *
+     * _.isTypedArray(new Uint8Array);
+     * // => true
+     *
+     * _.isTypedArray([]);
+     * // => false
+     */
+    var isTypedArray = nodeIsTypedArray ? baseUnary(nodeIsTypedArray) : baseIsTypedArray;
+
+    /**
+     * Checks if `value` is `undefined`.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is `undefined`, else `false`.
+     * @example
+     *
+     * _.isUndefined(void 0);
+     * // => true
+     *
+     * _.isUndefined(null);
+     * // => false
+     */
+    function isUndefined(value) {
+      return value === undefined;
+    }
+
+    /**
+     * Checks if `value` is classified as a `WeakMap` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a weak map, else `false`.
+     * @example
+     *
+     * _.isWeakMap(new WeakMap);
+     * // => true
+     *
+     * _.isWeakMap(new Map);
+     * // => false
+     */
+    function isWeakMap(value) {
+      return isObjectLike(value) && getTag(value) == weakMapTag;
+    }
+
+    /**
+     * Checks if `value` is classified as a `WeakSet` object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.3.0
+     * @category Lang
+     * @param {*} value The value to check.
+     * @returns {boolean} Returns `true` if `value` is a weak set, else `false`.
+     * @example
+     *
+     * _.isWeakSet(new WeakSet);
+     * // => true
+     *
+     * _.isWeakSet(new Set);
+     * // => false
+     */
+    function isWeakSet(value) {
+      return isObjectLike(value) && baseGetTag(value) == weakSetTag;
+    }
+
+    /**
+     * Checks if `value` is less than `other`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.9.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is less than `other`,
+     *  else `false`.
+     * @see _.gt
+     * @example
+     *
+     * _.lt(1, 3);
+     * // => true
+     *
+     * _.lt(3, 3);
+     * // => false
+     *
+     * _.lt(3, 1);
+     * // => false
+     */
+    var lt = createRelationalOperation(baseLt);
+
+    /**
+     * Checks if `value` is less than or equal to `other`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.9.0
+     * @category Lang
+     * @param {*} value The value to compare.
+     * @param {*} other The other value to compare.
+     * @returns {boolean} Returns `true` if `value` is less than or equal to
+     *  `other`, else `false`.
+     * @see _.gte
+     * @example
+     *
+     * _.lte(1, 3);
+     * // => true
+     *
+     * _.lte(3, 3);
+     * // => true
+     *
+     * _.lte(3, 1);
+     * // => false
+     */
+    var lte = createRelationalOperation(function (value, other) {
+      return value <= other;
+    });
+
+    /**
+     * Converts `value` to an array.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {Array} Returns the converted array.
+     * @example
+     *
+     * _.toArray({ 'a': 1, 'b': 2 });
+     * // => [1, 2]
+     *
+     * _.toArray('abc');
+     * // => ['a', 'b', 'c']
+     *
+     * _.toArray(1);
+     * // => []
+     *
+     * _.toArray(null);
+     * // => []
+     */
+    function toArray(value) {
+      if (!value) {
+        return [];
+      }
+      if (isArrayLike(value)) {
+        return isString(value) ? stringToArray(value) : copyArray(value);
+      }
+      if (symIterator && value[symIterator]) {
+        return iteratorToArray(value[symIterator]());
+      }
+      var tag = getTag(value),
+        func = tag == mapTag ? mapToArray : tag == setTag ? setToArray : values;
+      return func(value);
+    }
+
+    /**
+     * Converts `value` to a finite number.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.12.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {number} Returns the converted number.
+     * @example
+     *
+     * _.toFinite(3.2);
+     * // => 3.2
+     *
+     * _.toFinite(Number.MIN_VALUE);
+     * // => 5e-324
+     *
+     * _.toFinite(Infinity);
+     * // => 1.7976931348623157e+308
+     *
+     * _.toFinite('3.2');
+     * // => 3.2
+     */
+    function toFinite(value) {
+      if (!value) {
+        return value === 0 ? value : 0;
+      }
+      value = toNumber(value);
+      if (value === INFINITY || value === -INFINITY) {
+        var sign = value < 0 ? -1 : 1;
+        return sign * MAX_INTEGER;
+      }
+      return value === value ? value : 0;
+    }
+
+    /**
+     * Converts `value` to an integer.
+     *
+     * **Note:** This method is loosely based on
+     * [`ToInteger`](http://www.ecma-international.org/ecma-262/7.0/#sec-tointeger).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {number} Returns the converted integer.
+     * @example
+     *
+     * _.toInteger(3.2);
+     * // => 3
+     *
+     * _.toInteger(Number.MIN_VALUE);
+     * // => 0
+     *
+     * _.toInteger(Infinity);
+     * // => 1.7976931348623157e+308
+     *
+     * _.toInteger('3.2');
+     * // => 3
+     */
+    function toInteger(value) {
+      var result = toFinite(value),
+        remainder = result % 1;
+      return result === result ? remainder ? result - remainder : result : 0;
+    }
+
+    /**
+     * Converts `value` to an integer suitable for use as the length of an
+     * array-like object.
+     *
+     * **Note:** This method is based on
+     * [`ToLength`](http://ecma-international.org/ecma-262/7.0/#sec-tolength).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {number} Returns the converted integer.
+     * @example
+     *
+     * _.toLength(3.2);
+     * // => 3
+     *
+     * _.toLength(Number.MIN_VALUE);
+     * // => 0
+     *
+     * _.toLength(Infinity);
+     * // => 4294967295
+     *
+     * _.toLength('3.2');
+     * // => 3
+     */
+    function toLength(value) {
+      return value ? baseClamp(toInteger(value), 0, MAX_ARRAY_LENGTH) : 0;
+    }
+
+    /**
+     * Converts `value` to a number.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to process.
+     * @returns {number} Returns the number.
+     * @example
+     *
+     * _.toNumber(3.2);
+     * // => 3.2
+     *
+     * _.toNumber(Number.MIN_VALUE);
+     * // => 5e-324
+     *
+     * _.toNumber(Infinity);
+     * // => Infinity
+     *
+     * _.toNumber('3.2');
+     * // => 3.2
+     */
+    function toNumber(value) {
+      if (typeof value == 'number') {
+        return value;
+      }
+      if (isSymbol(value)) {
+        return NAN;
+      }
+      if (isObject(value)) {
+        var other = typeof value.valueOf == 'function' ? value.valueOf() : value;
+        value = isObject(other) ? other + '' : other;
+      }
+      if (typeof value != 'string') {
+        return value === 0 ? value : +value;
+      }
+      value = baseTrim(value);
+      var isBinary = reIsBinary.test(value);
+      return isBinary || reIsOctal.test(value) ? freeParseInt(value.slice(2), isBinary ? 2 : 8) : reIsBadHex.test(value) ? NAN : +value;
+    }
+
+    /**
+     * Converts `value` to a plain object flattening inherited enumerable string
+     * keyed properties of `value` to own properties of the plain object.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {Object} Returns the converted plain object.
+     * @example
+     *
+     * function Foo() {
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.assign({ 'a': 1 }, new Foo);
+     * // => { 'a': 1, 'b': 2 }
+     *
+     * _.assign({ 'a': 1 }, _.toPlainObject(new Foo));
+     * // => { 'a': 1, 'b': 2, 'c': 3 }
+     */
+    function toPlainObject(value) {
+      return copyObject(value, keysIn(value));
+    }
+
+    /**
+     * Converts `value` to a safe integer. A safe integer can be compared and
+     * represented correctly.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {number} Returns the converted integer.
+     * @example
+     *
+     * _.toSafeInteger(3.2);
+     * // => 3
+     *
+     * _.toSafeInteger(Number.MIN_VALUE);
+     * // => 0
+     *
+     * _.toSafeInteger(Infinity);
+     * // => 9007199254740991
+     *
+     * _.toSafeInteger('3.2');
+     * // => 3
+     */
+    function toSafeInteger(value) {
+      return value ? baseClamp(toInteger(value), -MAX_SAFE_INTEGER, MAX_SAFE_INTEGER) : value === 0 ? value : 0;
+    }
+
+    /**
+     * Converts `value` to a string. An empty string is returned for `null`
+     * and `undefined` values. The sign of `-0` is preserved.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Lang
+     * @param {*} value The value to convert.
+     * @returns {string} Returns the converted string.
+     * @example
+     *
+     * _.toString(null);
+     * // => ''
+     *
+     * _.toString(-0);
+     * // => '-0'
+     *
+     * _.toString([1, 2, 3]);
+     * // => '1,2,3'
+     */
+    function toString(value) {
+      return value == null ? '' : baseToString(value);
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Assigns own enumerable string keyed properties of source objects to the
+     * destination object. Source objects are applied from left to right.
+     * Subsequent sources overwrite property assignments of previous sources.
+     *
+     * **Note:** This method mutates `object` and is loosely based on
+     * [`Object.assign`](https://mdn.io/Object/assign).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.10.0
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} [sources] The source objects.
+     * @returns {Object} Returns `object`.
+     * @see _.assignIn
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     * }
+     *
+     * function Bar() {
+     *   this.c = 3;
+     * }
+     *
+     * Foo.prototype.b = 2;
+     * Bar.prototype.d = 4;
+     *
+     * _.assign({ 'a': 0 }, new Foo, new Bar);
+     * // => { 'a': 1, 'c': 3 }
+     */
+    var assign = createAssigner(function (object, source) {
+      if (isPrototype(source) || isArrayLike(source)) {
+        copyObject(source, keys(source), object);
+        return;
+      }
+      for (var key in source) {
+        if (hasOwnProperty.call(source, key)) {
+          assignValue(object, key, source[key]);
+        }
+      }
+    });
+
+    /**
+     * This method is like `_.assign` except that it iterates over own and
+     * inherited source properties.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @alias extend
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} [sources] The source objects.
+     * @returns {Object} Returns `object`.
+     * @see _.assign
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     * }
+     *
+     * function Bar() {
+     *   this.c = 3;
+     * }
+     *
+     * Foo.prototype.b = 2;
+     * Bar.prototype.d = 4;
+     *
+     * _.assignIn({ 'a': 0 }, new Foo, new Bar);
+     * // => { 'a': 1, 'b': 2, 'c': 3, 'd': 4 }
+     */
+    var assignIn = createAssigner(function (object, source) {
+      copyObject(source, keysIn(source), object);
+    });
+
+    /**
+     * This method is like `_.assignIn` except that it accepts `customizer`
+     * which is invoked to produce the assigned values. If `customizer` returns
+     * `undefined`, assignment is handled by the method instead. The `customizer`
+     * is invoked with five arguments: (objValue, srcValue, key, object, source).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @alias extendWith
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} sources The source objects.
+     * @param {Function} [customizer] The function to customize assigned values.
+     * @returns {Object} Returns `object`.
+     * @see _.assignWith
+     * @example
+     *
+     * function customizer(objValue, srcValue) {
+     *   return _.isUndefined(objValue) ? srcValue : objValue;
+     * }
+     *
+     * var defaults = _.partialRight(_.assignInWith, customizer);
+     *
+     * defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
+     * // => { 'a': 1, 'b': 2 }
+     */
+    var assignInWith = createAssigner(function (object, source, srcIndex, customizer) {
+      copyObject(source, keysIn(source), object, customizer);
+    });
+
+    /**
+     * This method is like `_.assign` except that it accepts `customizer`
+     * which is invoked to produce the assigned values. If `customizer` returns
+     * `undefined`, assignment is handled by the method instead. The `customizer`
+     * is invoked with five arguments: (objValue, srcValue, key, object, source).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} sources The source objects.
+     * @param {Function} [customizer] The function to customize assigned values.
+     * @returns {Object} Returns `object`.
+     * @see _.assignInWith
+     * @example
+     *
+     * function customizer(objValue, srcValue) {
+     *   return _.isUndefined(objValue) ? srcValue : objValue;
+     * }
+     *
+     * var defaults = _.partialRight(_.assignWith, customizer);
+     *
+     * defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
+     * // => { 'a': 1, 'b': 2 }
+     */
+    var assignWith = createAssigner(function (object, source, srcIndex, customizer) {
+      copyObject(source, keys(source), object, customizer);
+    });
+
+    /**
+     * Creates an array of values corresponding to `paths` of `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.0.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {...(string|string[])} [paths] The property paths to pick.
+     * @returns {Array} Returns the picked values.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 3 } }, 4] };
+     *
+     * _.at(object, ['a[0].b.c', 'a[1]']);
+     * // => [3, 4]
+     */
+    var at = flatRest(baseAt);
+
+    /**
+     * Creates an object that inherits from the `prototype` object. If a
+     * `properties` object is given, its own enumerable string keyed properties
+     * are assigned to the created object.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.3.0
+     * @category Object
+     * @param {Object} prototype The object to inherit from.
+     * @param {Object} [properties] The properties to assign to the object.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * function Shape() {
+     *   this.x = 0;
+     *   this.y = 0;
+     * }
+     *
+     * function Circle() {
+     *   Shape.call(this);
+     * }
+     *
+     * Circle.prototype = _.create(Shape.prototype, {
+     *   'constructor': Circle
+     * });
+     *
+     * var circle = new Circle;
+     * circle instanceof Circle;
+     * // => true
+     *
+     * circle instanceof Shape;
+     * // => true
+     */
+    function create(prototype, properties) {
+      var result = baseCreate(prototype);
+      return properties == null ? result : baseAssign(result, properties);
+    }
+
+    /**
+     * Assigns own and inherited enumerable string keyed properties of source
+     * objects to the destination object for all destination properties that
+     * resolve to `undefined`. Source objects are applied from left to right.
+     * Once a property is set, additional values of the same property are ignored.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} [sources] The source objects.
+     * @returns {Object} Returns `object`.
+     * @see _.defaultsDeep
+     * @example
+     *
+     * _.defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
+     * // => { 'a': 1, 'b': 2 }
+     */
+    var defaults = baseRest(function (object, sources) {
+      object = Object(object);
+      var index = -1;
+      var length = sources.length;
+      var guard = length > 2 ? sources[2] : undefined;
+      if (guard && isIterateeCall(sources[0], sources[1], guard)) {
+        length = 1;
+      }
+      while (++index < length) {
+        var source = sources[index];
+        var props = keysIn(source);
+        var propsIndex = -1;
+        var propsLength = props.length;
+        while (++propsIndex < propsLength) {
+          var key = props[propsIndex];
+          var value = object[key];
+          if (value === undefined || eq(value, objectProto[key]) && !hasOwnProperty.call(object, key)) {
+            object[key] = source[key];
+          }
+        }
+      }
+      return object;
+    });
+
+    /**
+     * This method is like `_.defaults` except that it recursively assigns
+     * default properties.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.10.0
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} [sources] The source objects.
+     * @returns {Object} Returns `object`.
+     * @see _.defaults
+     * @example
+     *
+     * _.defaultsDeep({ 'a': { 'b': 2 } }, { 'a': { 'b': 1, 'c': 3 } });
+     * // => { 'a': { 'b': 2, 'c': 3 } }
+     */
+    var defaultsDeep = baseRest(function (args) {
+      args.push(undefined, customDefaultsMerge);
+      return apply(mergeWith, undefined, args);
+    });
+
+    /**
+     * This method is like `_.find` except that it returns the key of the first
+     * element `predicate` returns truthy for instead of the element itself.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.1.0
+     * @category Object
+     * @param {Object} object The object to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {string|undefined} Returns the key of the matched element,
+     *  else `undefined`.
+     * @example
+     *
+     * var users = {
+     *   'barney':  { 'age': 36, 'active': true },
+     *   'fred':    { 'age': 40, 'active': false },
+     *   'pebbles': { 'age': 1,  'active': true }
+     * };
+     *
+     * _.findKey(users, function(o) { return o.age < 40; });
+     * // => 'barney' (iteration order is not guaranteed)
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.findKey(users, { 'age': 1, 'active': true });
+     * // => 'pebbles'
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.findKey(users, ['active', false]);
+     * // => 'fred'
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.findKey(users, 'active');
+     * // => 'barney'
+     */
+    function findKey(object, predicate) {
+      return baseFindKey(object, getIteratee(predicate, 3), baseForOwn);
+    }
+
+    /**
+     * This method is like `_.findKey` except that it iterates over elements of
+     * a collection in the opposite order.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Object
+     * @param {Object} object The object to inspect.
+     * @param {Function} [predicate=_.identity] The function invoked per iteration.
+     * @returns {string|undefined} Returns the key of the matched element,
+     *  else `undefined`.
+     * @example
+     *
+     * var users = {
+     *   'barney':  { 'age': 36, 'active': true },
+     *   'fred':    { 'age': 40, 'active': false },
+     *   'pebbles': { 'age': 1,  'active': true }
+     * };
+     *
+     * _.findLastKey(users, function(o) { return o.age < 40; });
+     * // => returns 'pebbles' assuming `_.findKey` returns 'barney'
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.findLastKey(users, { 'age': 36, 'active': true });
+     * // => 'barney'
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.findLastKey(users, ['active', false]);
+     * // => 'fred'
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.findLastKey(users, 'active');
+     * // => 'pebbles'
+     */
+    function findLastKey(object, predicate) {
+      return baseFindKey(object, getIteratee(predicate, 3), baseForOwnRight);
+    }
+
+    /**
+     * Iterates over own and inherited enumerable string keyed properties of an
+     * object and invokes `iteratee` for each property. The iteratee is invoked
+     * with three arguments: (value, key, object). Iteratee functions may exit
+     * iteration early by explicitly returning `false`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.3.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     * @see _.forInRight
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.forIn(new Foo, function(value, key) {
+     *   console.log(key);
+     * });
+     * // => Logs 'a', 'b', then 'c' (iteration order is not guaranteed).
+     */
+    function forIn(object, iteratee) {
+      return object == null ? object : baseFor(object, getIteratee(iteratee, 3), keysIn);
+    }
+
+    /**
+     * This method is like `_.forIn` except that it iterates over properties of
+     * `object` in the opposite order.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     * @see _.forIn
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.forInRight(new Foo, function(value, key) {
+     *   console.log(key);
+     * });
+     * // => Logs 'c', 'b', then 'a' assuming `_.forIn` logs 'a', 'b', then 'c'.
+     */
+    function forInRight(object, iteratee) {
+      return object == null ? object : baseForRight(object, getIteratee(iteratee, 3), keysIn);
+    }
+
+    /**
+     * Iterates over own enumerable string keyed properties of an object and
+     * invokes `iteratee` for each property. The iteratee is invoked with three
+     * arguments: (value, key, object). Iteratee functions may exit iteration
+     * early by explicitly returning `false`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.3.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     * @see _.forOwnRight
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.forOwn(new Foo, function(value, key) {
+     *   console.log(key);
+     * });
+     * // => Logs 'a' then 'b' (iteration order is not guaranteed).
+     */
+    function forOwn(object, iteratee) {
+      return object && baseForOwn(object, getIteratee(iteratee, 3));
+    }
+
+    /**
+     * This method is like `_.forOwn` except that it iterates over properties of
+     * `object` in the opposite order.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.0.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns `object`.
+     * @see _.forOwn
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.forOwnRight(new Foo, function(value, key) {
+     *   console.log(key);
+     * });
+     * // => Logs 'b' then 'a' assuming `_.forOwn` logs 'a' then 'b'.
+     */
+    function forOwnRight(object, iteratee) {
+      return object && baseForOwnRight(object, getIteratee(iteratee, 3));
+    }
+
+    /**
+     * Creates an array of function property names from own enumerable properties
+     * of `object`.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The object to inspect.
+     * @returns {Array} Returns the function names.
+     * @see _.functionsIn
+     * @example
+     *
+     * function Foo() {
+     *   this.a = _.constant('a');
+     *   this.b = _.constant('b');
+     * }
+     *
+     * Foo.prototype.c = _.constant('c');
+     *
+     * _.functions(new Foo);
+     * // => ['a', 'b']
+     */
+    function functions(object) {
+      return object == null ? [] : baseFunctions(object, keys(object));
+    }
+
+    /**
+     * Creates an array of function property names from own and inherited
+     * enumerable properties of `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The object to inspect.
+     * @returns {Array} Returns the function names.
+     * @see _.functions
+     * @example
+     *
+     * function Foo() {
+     *   this.a = _.constant('a');
+     *   this.b = _.constant('b');
+     * }
+     *
+     * Foo.prototype.c = _.constant('c');
+     *
+     * _.functionsIn(new Foo);
+     * // => ['a', 'b', 'c']
+     */
+    function functionsIn(object) {
+      return object == null ? [] : baseFunctions(object, keysIn(object));
+    }
+
+    /**
+     * Gets the value at `path` of `object`. If the resolved value is
+     * `undefined`, the `defaultValue` is returned in its place.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.7.0
+     * @category Object
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path of the property to get.
+     * @param {*} [defaultValue] The value returned for `undefined` resolved values.
+     * @returns {*} Returns the resolved value.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
+     *
+     * _.get(object, 'a[0].b.c');
+     * // => 3
+     *
+     * _.get(object, ['a', '0', 'b', 'c']);
+     * // => 3
+     *
+     * _.get(object, 'a.b.c', 'default');
+     * // => 'default'
+     */
+    function get(object, path, defaultValue) {
+      var result = object == null ? undefined : baseGet(object, path);
+      return result === undefined ? defaultValue : result;
+    }
+
+    /**
+     * Checks if `path` is a direct property of `object`.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path to check.
+     * @returns {boolean} Returns `true` if `path` exists, else `false`.
+     * @example
+     *
+     * var object = { 'a': { 'b': 2 } };
+     * var other = _.create({ 'a': _.create({ 'b': 2 }) });
+     *
+     * _.has(object, 'a');
+     * // => true
+     *
+     * _.has(object, 'a.b');
+     * // => true
+     *
+     * _.has(object, ['a', 'b']);
+     * // => true
+     *
+     * _.has(other, 'a');
+     * // => false
+     */
+    function has(object, path) {
+      return object != null && hasPath(object, path, baseHas);
+    }
+
+    /**
+     * Checks if `path` is a direct or inherited property of `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path to check.
+     * @returns {boolean} Returns `true` if `path` exists, else `false`.
+     * @example
+     *
+     * var object = _.create({ 'a': _.create({ 'b': 2 }) });
+     *
+     * _.hasIn(object, 'a');
+     * // => true
+     *
+     * _.hasIn(object, 'a.b');
+     * // => true
+     *
+     * _.hasIn(object, ['a', 'b']);
+     * // => true
+     *
+     * _.hasIn(object, 'b');
+     * // => false
+     */
+    function hasIn(object, path) {
+      return object != null && hasPath(object, path, baseHasIn);
+    }
+
+    /**
+     * Creates an object composed of the inverted keys and values of `object`.
+     * If `object` contains duplicate values, subsequent values overwrite
+     * property assignments of previous values.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.7.0
+     * @category Object
+     * @param {Object} object The object to invert.
+     * @returns {Object} Returns the new inverted object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': 2, 'c': 1 };
+     *
+     * _.invert(object);
+     * // => { '1': 'c', '2': 'b' }
+     */
+    var invert = createInverter(function (result, value, key) {
+      if (value != null && typeof value.toString != 'function') {
+        value = nativeObjectToString.call(value);
+      }
+      result[value] = key;
+    }, constant(identity));
+
+    /**
+     * This method is like `_.invert` except that the inverted object is generated
+     * from the results of running each element of `object` thru `iteratee`. The
+     * corresponding inverted value of each inverted key is an array of keys
+     * responsible for generating the inverted value. The iteratee is invoked
+     * with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.1.0
+     * @category Object
+     * @param {Object} object The object to invert.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {Object} Returns the new inverted object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': 2, 'c': 1 };
+     *
+     * _.invertBy(object);
+     * // => { '1': ['a', 'c'], '2': ['b'] }
+     *
+     * _.invertBy(object, function(value) {
+     *   return 'group' + value;
+     * });
+     * // => { 'group1': ['a', 'c'], 'group2': ['b'] }
+     */
+    var invertBy = createInverter(function (result, value, key) {
+      if (value != null && typeof value.toString != 'function') {
+        value = nativeObjectToString.call(value);
+      }
+      if (hasOwnProperty.call(result, value)) {
+        result[value].push(key);
+      } else {
+        result[value] = [key];
+      }
+    }, getIteratee);
+
+    /**
+     * Invokes the method at `path` of `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path of the method to invoke.
+     * @param {...*} [args] The arguments to invoke the method with.
+     * @returns {*} Returns the result of the invoked method.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': [1, 2, 3, 4] } }] };
+     *
+     * _.invoke(object, 'a[0].b.c.slice', 1, 3);
+     * // => [2, 3]
+     */
+    var invoke = baseRest(baseInvoke);
+
+    /**
+     * Creates an array of the own enumerable property names of `object`.
+     *
+     * **Note:** Non-object values are coerced to objects. See the
+     * [ES spec](http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
+     * for more details.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.keys(new Foo);
+     * // => ['a', 'b'] (iteration order is not guaranteed)
+     *
+     * _.keys('hi');
+     * // => ['0', '1']
+     */
+    function keys(object) {
+      return isArrayLike(object) ? arrayLikeKeys(object) : baseKeys(object);
+    }
+
+    /**
+     * Creates an array of the own and inherited enumerable property names of `object`.
+     *
+     * **Note:** Non-object values are coerced to objects.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property names.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.keysIn(new Foo);
+     * // => ['a', 'b', 'c'] (iteration order is not guaranteed)
+     */
+    function keysIn(object) {
+      return isArrayLike(object) ? arrayLikeKeys(object, true) : baseKeysIn(object);
+    }
+
+    /**
+     * The opposite of `_.mapValues`; this method creates an object with the
+     * same values as `object` and keys generated by running each own enumerable
+     * string keyed property of `object` thru `iteratee`. The iteratee is invoked
+     * with three arguments: (value, key, object).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.8.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns the new mapped object.
+     * @see _.mapValues
+     * @example
+     *
+     * _.mapKeys({ 'a': 1, 'b': 2 }, function(value, key) {
+     *   return key + value;
+     * });
+     * // => { 'a1': 1, 'b2': 2 }
+     */
+    function mapKeys(object, iteratee) {
+      var result = {};
+      iteratee = getIteratee(iteratee, 3);
+      baseForOwn(object, function (value, key, object) {
+        baseAssignValue(result, iteratee(value, key, object), value);
+      });
+      return result;
+    }
+
+    /**
+     * Creates an object with the same keys as `object` and values generated
+     * by running each own enumerable string keyed property of `object` thru
+     * `iteratee`. The iteratee is invoked with three arguments:
+     * (value, key, object).
+     *
+     * @static
+     * @memberOf _
+     * @since 2.4.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Object} Returns the new mapped object.
+     * @see _.mapKeys
+     * @example
+     *
+     * var users = {
+     *   'fred':    { 'user': 'fred',    'age': 40 },
+     *   'pebbles': { 'user': 'pebbles', 'age': 1 }
+     * };
+     *
+     * _.mapValues(users, function(o) { return o.age; });
+     * // => { 'fred': 40, 'pebbles': 1 } (iteration order is not guaranteed)
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.mapValues(users, 'age');
+     * // => { 'fred': 40, 'pebbles': 1 } (iteration order is not guaranteed)
+     */
+    function mapValues(object, iteratee) {
+      var result = {};
+      iteratee = getIteratee(iteratee, 3);
+      baseForOwn(object, function (value, key, object) {
+        baseAssignValue(result, key, iteratee(value, key, object));
+      });
+      return result;
+    }
+
+    /**
+     * This method is like `_.assign` except that it recursively merges own and
+     * inherited enumerable string keyed properties of source objects into the
+     * destination object. Source properties that resolve to `undefined` are
+     * skipped if a destination value exists. Array and plain object properties
+     * are merged recursively. Other objects and value types are overridden by
+     * assignment. Source objects are applied from left to right. Subsequent
+     * sources overwrite property assignments of previous sources.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.5.0
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} [sources] The source objects.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var object = {
+     *   'a': [{ 'b': 2 }, { 'd': 4 }]
+     * };
+     *
+     * var other = {
+     *   'a': [{ 'c': 3 }, { 'e': 5 }]
+     * };
+     *
+     * _.merge(object, other);
+     * // => { 'a': [{ 'b': 2, 'c': 3 }, { 'd': 4, 'e': 5 }] }
+     */
+    var merge = createAssigner(function (object, source, srcIndex) {
+      baseMerge(object, source, srcIndex);
+    });
+
+    /**
+     * This method is like `_.merge` except that it accepts `customizer` which
+     * is invoked to produce the merged values of the destination and source
+     * properties. If `customizer` returns `undefined`, merging is handled by the
+     * method instead. The `customizer` is invoked with six arguments:
+     * (objValue, srcValue, key, object, source, stack).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The destination object.
+     * @param {...Object} sources The source objects.
+     * @param {Function} customizer The function to customize assigned values.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * function customizer(objValue, srcValue) {
+     *   if (_.isArray(objValue)) {
+     *     return objValue.concat(srcValue);
+     *   }
+     * }
+     *
+     * var object = { 'a': [1], 'b': [2] };
+     * var other = { 'a': [3], 'b': [4] };
+     *
+     * _.mergeWith(object, other, customizer);
+     * // => { 'a': [1, 3], 'b': [2, 4] }
+     */
+    var mergeWith = createAssigner(function (object, source, srcIndex, customizer) {
+      baseMerge(object, source, srcIndex, customizer);
+    });
+
+    /**
+     * The opposite of `_.pick`; this method creates an object composed of the
+     * own and inherited enumerable property paths of `object` that are not omitted.
+     *
+     * **Note:** This method is considerably slower than `_.pick`.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The source object.
+     * @param {...(string|string[])} [paths] The property paths to omit.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': '2', 'c': 3 };
+     *
+     * _.omit(object, ['a', 'c']);
+     * // => { 'b': '2' }
+     */
+    var omit = flatRest(function (object, paths) {
+      var result = {};
+      if (object == null) {
+        return result;
+      }
+      var isDeep = false;
+      paths = arrayMap(paths, function (path) {
+        path = castPath(path, object);
+        isDeep || (isDeep = path.length > 1);
+        return path;
+      });
+      copyObject(object, getAllKeysIn(object), result);
+      if (isDeep) {
+        result = baseClone(result, CLONE_DEEP_FLAG | CLONE_FLAT_FLAG | CLONE_SYMBOLS_FLAG, customOmitClone);
+      }
+      var length = paths.length;
+      while (length--) {
+        baseUnset(result, paths[length]);
+      }
+      return result;
+    });
+
+    /**
+     * The opposite of `_.pickBy`; this method creates an object composed of
+     * the own and inherited enumerable string keyed properties of `object` that
+     * `predicate` doesn't return truthy for. The predicate is invoked with two
+     * arguments: (value, key).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The source object.
+     * @param {Function} [predicate=_.identity] The function invoked per property.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': '2', 'c': 3 };
+     *
+     * _.omitBy(object, _.isNumber);
+     * // => { 'b': '2' }
+     */
+    function omitBy(object, predicate) {
+      return pickBy(object, negate(getIteratee(predicate)));
+    }
+
+    /**
+     * Creates an object composed of the picked `object` properties.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The source object.
+     * @param {...(string|string[])} [paths] The property paths to pick.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': '2', 'c': 3 };
+     *
+     * _.pick(object, ['a', 'c']);
+     * // => { 'a': 1, 'c': 3 }
+     */
+    var pick = flatRest(function (object, paths) {
+      return object == null ? {} : basePick(object, paths);
+    });
+
+    /**
+     * Creates an object composed of the `object` properties `predicate` returns
+     * truthy for. The predicate is invoked with two arguments: (value, key).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The source object.
+     * @param {Function} [predicate=_.identity] The function invoked per property.
+     * @returns {Object} Returns the new object.
+     * @example
+     *
+     * var object = { 'a': 1, 'b': '2', 'c': 3 };
+     *
+     * _.pickBy(object, _.isNumber);
+     * // => { 'a': 1, 'c': 3 }
+     */
+    function pickBy(object, predicate) {
+      if (object == null) {
+        return {};
+      }
+      var props = arrayMap(getAllKeysIn(object), function (prop) {
+        return [prop];
+      });
+      predicate = getIteratee(predicate);
+      return basePickBy(object, props, function (value, path) {
+        return predicate(value, path[0]);
+      });
+    }
+
+    /**
+     * This method is like `_.get` except that if the resolved value is a
+     * function it's invoked with the `this` binding of its parent object and
+     * its result is returned.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The object to query.
+     * @param {Array|string} path The path of the property to resolve.
+     * @param {*} [defaultValue] The value returned for `undefined` resolved values.
+     * @returns {*} Returns the resolved value.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c1': 3, 'c2': _.constant(4) } }] };
+     *
+     * _.result(object, 'a[0].b.c1');
+     * // => 3
+     *
+     * _.result(object, 'a[0].b.c2');
+     * // => 4
+     *
+     * _.result(object, 'a[0].b.c3', 'default');
+     * // => 'default'
+     *
+     * _.result(object, 'a[0].b.c3', _.constant('default'));
+     * // => 'default'
+     */
+    function result(object, path, defaultValue) {
+      path = castPath(path, object);
+      var index = -1,
+        length = path.length;
+
+      // Ensure the loop is entered when path is empty.
+      if (!length) {
+        length = 1;
+        object = undefined;
+      }
+      while (++index < length) {
+        var value = object == null ? undefined : object[toKey(path[index])];
+        if (value === undefined) {
+          index = length;
+          value = defaultValue;
+        }
+        object = isFunction(value) ? value.call(object) : value;
+      }
+      return object;
+    }
+
+    /**
+     * Sets the value at `path` of `object`. If a portion of `path` doesn't exist,
+     * it's created. Arrays are created for missing index properties while objects
+     * are created for all other missing properties. Use `_.setWith` to customize
+     * `path` creation.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.7.0
+     * @category Object
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to set.
+     * @param {*} value The value to set.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
+     *
+     * _.set(object, 'a[0].b.c', 4);
+     * console.log(object.a[0].b.c);
+     * // => 4
+     *
+     * _.set(object, ['x', '0', 'y', 'z'], 5);
+     * console.log(object.x[0].y.z);
+     * // => 5
+     */
+    function set(object, path, value) {
+      return object == null ? object : baseSet(object, path, value);
+    }
+
+    /**
+     * This method is like `_.set` except that it accepts `customizer` which is
+     * invoked to produce the objects of `path`.  If `customizer` returns `undefined`
+     * path creation is handled by the method instead. The `customizer` is invoked
+     * with three arguments: (nsValue, key, nsObject).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to set.
+     * @param {*} value The value to set.
+     * @param {Function} [customizer] The function to customize assigned values.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var object = {};
+     *
+     * _.setWith(object, '[0][1]', 'a', Object);
+     * // => { '0': { '1': 'a' } }
+     */
+    function setWith(object, path, value, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      return object == null ? object : baseSet(object, path, value, customizer);
+    }
+
+    /**
+     * Creates an array of own enumerable string keyed-value pairs for `object`
+     * which can be consumed by `_.fromPairs`. If `object` is a map or set, its
+     * entries are returned.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @alias entries
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the key-value pairs.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.toPairs(new Foo);
+     * // => [['a', 1], ['b', 2]] (iteration order is not guaranteed)
+     */
+    var toPairs = createToPairs(keys);
+
+    /**
+     * Creates an array of own and inherited enumerable string keyed-value pairs
+     * for `object` which can be consumed by `_.fromPairs`. If `object` is a map
+     * or set, its entries are returned.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @alias entriesIn
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the key-value pairs.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.toPairsIn(new Foo);
+     * // => [['a', 1], ['b', 2], ['c', 3]] (iteration order is not guaranteed)
+     */
+    var toPairsIn = createToPairs(keysIn);
+
+    /**
+     * An alternative to `_.reduce`; this method transforms `object` to a new
+     * `accumulator` object which is the result of running each of its own
+     * enumerable string keyed properties thru `iteratee`, with each invocation
+     * potentially mutating the `accumulator` object. If `accumulator` is not
+     * provided, a new object with the same `[[Prototype]]` will be used. The
+     * iteratee is invoked with four arguments: (accumulator, value, key, object).
+     * Iteratee functions may exit iteration early by explicitly returning `false`.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.3.0
+     * @category Object
+     * @param {Object} object The object to iterate over.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @param {*} [accumulator] The custom accumulator value.
+     * @returns {*} Returns the accumulated value.
+     * @example
+     *
+     * _.transform([2, 3, 4], function(result, n) {
+     *   result.push(n *= n);
+     *   return n % 2 == 0;
+     * }, []);
+     * // => [4, 9]
+     *
+     * _.transform({ 'a': 1, 'b': 2, 'c': 1 }, function(result, value, key) {
+     *   (result[value] || (result[value] = [])).push(key);
+     * }, {});
+     * // => { '1': ['a', 'c'], '2': ['b'] }
+     */
+    function transform(object, iteratee, accumulator) {
+      var isArr = isArray(object),
+        isArrLike = isArr || isBuffer(object) || isTypedArray(object);
+      iteratee = getIteratee(iteratee, 4);
+      if (accumulator == null) {
+        var Ctor = object && object.constructor;
+        if (isArrLike) {
+          accumulator = isArr ? new Ctor() : [];
+        } else if (isObject(object)) {
+          accumulator = isFunction(Ctor) ? baseCreate(getPrototype(object)) : {};
+        } else {
+          accumulator = {};
+        }
+      }
+      (isArrLike ? arrayEach : baseForOwn)(object, function (value, index, object) {
+        return iteratee(accumulator, value, index, object);
+      });
+      return accumulator;
+    }
+
+    /**
+     * Removes the property at `path` of `object`.
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Object
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to unset.
+     * @returns {boolean} Returns `true` if the property is deleted, else `false`.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 7 } }] };
+     * _.unset(object, 'a[0].b.c');
+     * // => true
+     *
+     * console.log(object);
+     * // => { 'a': [{ 'b': {} }] };
+     *
+     * _.unset(object, ['a', '0', 'b', 'c']);
+     * // => true
+     *
+     * console.log(object);
+     * // => { 'a': [{ 'b': {} }] };
+     */
+    function unset(object, path) {
+      return object == null ? true : baseUnset(object, path);
+    }
+
+    /**
+     * This method is like `_.set` except that accepts `updater` to produce the
+     * value to set. Use `_.updateWith` to customize `path` creation. The `updater`
+     * is invoked with one argument: (value).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.6.0
+     * @category Object
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to set.
+     * @param {Function} updater The function to produce the updated value.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
+     *
+     * _.update(object, 'a[0].b.c', function(n) { return n * n; });
+     * console.log(object.a[0].b.c);
+     * // => 9
+     *
+     * _.update(object, 'x[0].y.z', function(n) { return n ? n + 1 : 0; });
+     * console.log(object.x[0].y.z);
+     * // => 0
+     */
+    function update(object, path, updater) {
+      return object == null ? object : baseUpdate(object, path, castFunction(updater));
+    }
+
+    /**
+     * This method is like `_.update` except that it accepts `customizer` which is
+     * invoked to produce the objects of `path`.  If `customizer` returns `undefined`
+     * path creation is handled by the method instead. The `customizer` is invoked
+     * with three arguments: (nsValue, key, nsObject).
+     *
+     * **Note:** This method mutates `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.6.0
+     * @category Object
+     * @param {Object} object The object to modify.
+     * @param {Array|string} path The path of the property to set.
+     * @param {Function} updater The function to produce the updated value.
+     * @param {Function} [customizer] The function to customize assigned values.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var object = {};
+     *
+     * _.updateWith(object, '[0][1]', _.constant('a'), Object);
+     * // => { '0': { '1': 'a' } }
+     */
+    function updateWith(object, path, updater, customizer) {
+      customizer = typeof customizer == 'function' ? customizer : undefined;
+      return object == null ? object : baseUpdate(object, path, castFunction(updater), customizer);
+    }
+
+    /**
+     * Creates an array of the own enumerable string keyed property values of `object`.
+     *
+     * **Note:** Non-object values are coerced to objects.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property values.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.values(new Foo);
+     * // => [1, 2] (iteration order is not guaranteed)
+     *
+     * _.values('hi');
+     * // => ['h', 'i']
+     */
+    function values(object) {
+      return object == null ? [] : baseValues(object, keys(object));
+    }
+
+    /**
+     * Creates an array of the own and inherited enumerable string keyed property
+     * values of `object`.
+     *
+     * **Note:** Non-object values are coerced to objects.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Object
+     * @param {Object} object The object to query.
+     * @returns {Array} Returns the array of property values.
+     * @example
+     *
+     * function Foo() {
+     *   this.a = 1;
+     *   this.b = 2;
+     * }
+     *
+     * Foo.prototype.c = 3;
+     *
+     * _.valuesIn(new Foo);
+     * // => [1, 2, 3] (iteration order is not guaranteed)
+     */
+    function valuesIn(object) {
+      return object == null ? [] : baseValues(object, keysIn(object));
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Clamps `number` within the inclusive `lower` and `upper` bounds.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Number
+     * @param {number} number The number to clamp.
+     * @param {number} [lower] The lower bound.
+     * @param {number} upper The upper bound.
+     * @returns {number} Returns the clamped number.
+     * @example
+     *
+     * _.clamp(-10, -5, 5);
+     * // => -5
+     *
+     * _.clamp(10, -5, 5);
+     * // => 5
+     */
+    function clamp(number, lower, upper) {
+      if (upper === undefined) {
+        upper = lower;
+        lower = undefined;
+      }
+      if (upper !== undefined) {
+        upper = toNumber(upper);
+        upper = upper === upper ? upper : 0;
+      }
+      if (lower !== undefined) {
+        lower = toNumber(lower);
+        lower = lower === lower ? lower : 0;
+      }
+      return baseClamp(toNumber(number), lower, upper);
+    }
+
+    /**
+     * Checks if `n` is between `start` and up to, but not including, `end`. If
+     * `end` is not specified, it's set to `start` with `start` then set to `0`.
+     * If `start` is greater than `end` the params are swapped to support
+     * negative ranges.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.3.0
+     * @category Number
+     * @param {number} number The number to check.
+     * @param {number} [start=0] The start of the range.
+     * @param {number} end The end of the range.
+     * @returns {boolean} Returns `true` if `number` is in the range, else `false`.
+     * @see _.range, _.rangeRight
+     * @example
+     *
+     * _.inRange(3, 2, 4);
+     * // => true
+     *
+     * _.inRange(4, 8);
+     * // => true
+     *
+     * _.inRange(4, 2);
+     * // => false
+     *
+     * _.inRange(2, 2);
+     * // => false
+     *
+     * _.inRange(1.2, 2);
+     * // => true
+     *
+     * _.inRange(5.2, 4);
+     * // => false
+     *
+     * _.inRange(-3, -2, -6);
+     * // => true
+     */
+    function inRange(number, start, end) {
+      start = toFinite(start);
+      if (end === undefined) {
+        end = start;
+        start = 0;
+      } else {
+        end = toFinite(end);
+      }
+      number = toNumber(number);
+      return baseInRange(number, start, end);
+    }
+
+    /**
+     * Produces a random number between the inclusive `lower` and `upper` bounds.
+     * If only one argument is provided a number between `0` and the given number
+     * is returned. If `floating` is `true`, or either `lower` or `upper` are
+     * floats, a floating-point number is returned instead of an integer.
+     *
+     * **Note:** JavaScript follows the IEEE-754 standard for resolving
+     * floating-point values which can produce unexpected results.
+     *
+     * @static
+     * @memberOf _
+     * @since 0.7.0
+     * @category Number
+     * @param {number} [lower=0] The lower bound.
+     * @param {number} [upper=1] The upper bound.
+     * @param {boolean} [floating] Specify returning a floating-point number.
+     * @returns {number} Returns the random number.
+     * @example
+     *
+     * _.random(0, 5);
+     * // => an integer between 0 and 5
+     *
+     * _.random(5);
+     * // => also an integer between 0 and 5
+     *
+     * _.random(5, true);
+     * // => a floating-point number between 0 and 5
+     *
+     * _.random(1.2, 5.2);
+     * // => a floating-point number between 1.2 and 5.2
+     */
+    function random(lower, upper, floating) {
+      if (floating && typeof floating != 'boolean' && isIterateeCall(lower, upper, floating)) {
+        upper = floating = undefined;
+      }
+      if (floating === undefined) {
+        if (typeof upper == 'boolean') {
+          floating = upper;
+          upper = undefined;
+        } else if (typeof lower == 'boolean') {
+          floating = lower;
+          lower = undefined;
+        }
+      }
+      if (lower === undefined && upper === undefined) {
+        lower = 0;
+        upper = 1;
+      } else {
+        lower = toFinite(lower);
+        if (upper === undefined) {
+          upper = lower;
+          lower = 0;
+        } else {
+          upper = toFinite(upper);
+        }
+      }
+      if (lower > upper) {
+        var temp = lower;
+        lower = upper;
+        upper = temp;
+      }
+      if (floating || lower % 1 || upper % 1) {
+        var rand = nativeRandom();
+        return nativeMin(lower + rand * (upper - lower + freeParseFloat('1e-' + ((rand + '').length - 1))), upper);
+      }
+      return baseRandom(lower, upper);
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Converts `string` to [camel case](https://en.wikipedia.org/wiki/CamelCase).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the camel cased string.
+     * @example
+     *
+     * _.camelCase('Foo Bar');
+     * // => 'fooBar'
+     *
+     * _.camelCase('--foo-bar--');
+     * // => 'fooBar'
+     *
+     * _.camelCase('__FOO_BAR__');
+     * // => 'fooBar'
+     */
+    var camelCase = createCompounder(function (result, word, index) {
+      word = word.toLowerCase();
+      return result + (index ? capitalize(word) : word);
+    });
+
+    /**
+     * Converts the first character of `string` to upper case and the remaining
+     * to lower case.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to capitalize.
+     * @returns {string} Returns the capitalized string.
+     * @example
+     *
+     * _.capitalize('FRED');
+     * // => 'Fred'
+     */
+    function capitalize(string) {
+      return upperFirst(toString(string).toLowerCase());
+    }
+
+    /**
+     * Deburrs `string` by converting
+     * [Latin-1 Supplement](https://en.wikipedia.org/wiki/Latin-1_Supplement_(Unicode_block)#Character_table)
+     * and [Latin Extended-A](https://en.wikipedia.org/wiki/Latin_Extended-A)
+     * letters to basic Latin letters and removing
+     * [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to deburr.
+     * @returns {string} Returns the deburred string.
+     * @example
+     *
+     * _.deburr('déjà vu');
+     * // => 'deja vu'
+     */
+    function deburr(string) {
+      string = toString(string);
+      return string && string.replace(reLatin, deburrLetter).replace(reComboMark, '');
+    }
+
+    /**
+     * Checks if `string` ends with the given target string.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to inspect.
+     * @param {string} [target] The string to search for.
+     * @param {number} [position=string.length] The position to search up to.
+     * @returns {boolean} Returns `true` if `string` ends with `target`,
+     *  else `false`.
+     * @example
+     *
+     * _.endsWith('abc', 'c');
+     * // => true
+     *
+     * _.endsWith('abc', 'b');
+     * // => false
+     *
+     * _.endsWith('abc', 'b', 2);
+     * // => true
+     */
+    function endsWith(string, target, position) {
+      string = toString(string);
+      target = baseToString(target);
+      var length = string.length;
+      position = position === undefined ? length : baseClamp(toInteger(position), 0, length);
+      var end = position;
+      position -= target.length;
+      return position >= 0 && string.slice(position, end) == target;
+    }
+
+    /**
+     * Converts the characters "&", "<", ">", '"', and "'" in `string` to their
+     * corresponding HTML entities.
+     *
+     * **Note:** No other characters are escaped. To escape additional
+     * characters use a third-party library like [_he_](https://mths.be/he).
+     *
+     * Though the ">" character is escaped for symmetry, characters like
+     * ">" and "/" don't need escaping in HTML and have no special meaning
+     * unless they're part of a tag or unquoted attribute value. See
+     * [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands)
+     * (under "semi-related fun fact") for more details.
+     *
+     * When working with HTML you should always
+     * [quote attribute values](http://wonko.com/post/html-escaping) to reduce
+     * XSS vectors.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category String
+     * @param {string} [string=''] The string to escape.
+     * @returns {string} Returns the escaped string.
+     * @example
+     *
+     * _.escape('fred, barney, & pebbles');
+     * // => 'fred, barney, &amp; pebbles'
+     */
+    function escape(string) {
+      string = toString(string);
+      return string && reHasUnescapedHtml.test(string) ? string.replace(reUnescapedHtml, escapeHtmlChar) : string;
+    }
+
+    /**
+     * Escapes the `RegExp` special characters "^", "$", "\", ".", "*", "+",
+     * "?", "(", ")", "[", "]", "{", "}", and "|" in `string`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to escape.
+     * @returns {string} Returns the escaped string.
+     * @example
+     *
+     * _.escapeRegExp('[lodash](https://lodash.com/)');
+     * // => '\[lodash\]\(https://lodash\.com/\)'
+     */
+    function escapeRegExp(string) {
+      string = toString(string);
+      return string && reHasRegExpChar.test(string) ? string.replace(reRegExpChar, '\\$&') : string;
+    }
+
+    /**
+     * Converts `string` to
+     * [kebab case](https://en.wikipedia.org/wiki/Letter_case#Special_case_styles).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the kebab cased string.
+     * @example
+     *
+     * _.kebabCase('Foo Bar');
+     * // => 'foo-bar'
+     *
+     * _.kebabCase('fooBar');
+     * // => 'foo-bar'
+     *
+     * _.kebabCase('__FOO_BAR__');
+     * // => 'foo-bar'
+     */
+    var kebabCase = createCompounder(function (result, word, index) {
+      return result + (index ? '-' : '') + word.toLowerCase();
+    });
+
+    /**
+     * Converts `string`, as space separated words, to lower case.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the lower cased string.
+     * @example
+     *
+     * _.lowerCase('--Foo-Bar--');
+     * // => 'foo bar'
+     *
+     * _.lowerCase('fooBar');
+     * // => 'foo bar'
+     *
+     * _.lowerCase('__FOO_BAR__');
+     * // => 'foo bar'
+     */
+    var lowerCase = createCompounder(function (result, word, index) {
+      return result + (index ? ' ' : '') + word.toLowerCase();
+    });
+
+    /**
+     * Converts the first character of `string` to lower case.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the converted string.
+     * @example
+     *
+     * _.lowerFirst('Fred');
+     * // => 'fred'
+     *
+     * _.lowerFirst('FRED');
+     * // => 'fRED'
+     */
+    var lowerFirst = createCaseFirst('toLowerCase');
+
+    /**
+     * Pads `string` on the left and right sides if it's shorter than `length`.
+     * Padding characters are truncated if they can't be evenly divided by `length`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to pad.
+     * @param {number} [length=0] The padding length.
+     * @param {string} [chars=' '] The string used as padding.
+     * @returns {string} Returns the padded string.
+     * @example
+     *
+     * _.pad('abc', 8);
+     * // => '  abc   '
+     *
+     * _.pad('abc', 8, '_-');
+     * // => '_-abc_-_'
+     *
+     * _.pad('abc', 3);
+     * // => 'abc'
+     */
+    function pad(string, length, chars) {
+      string = toString(string);
+      length = toInteger(length);
+      var strLength = length ? stringSize(string) : 0;
+      if (!length || strLength >= length) {
+        return string;
+      }
+      var mid = (length - strLength) / 2;
+      return createPadding(nativeFloor(mid), chars) + string + createPadding(nativeCeil(mid), chars);
+    }
+
+    /**
+     * Pads `string` on the right side if it's shorter than `length`. Padding
+     * characters are truncated if they exceed `length`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to pad.
+     * @param {number} [length=0] The padding length.
+     * @param {string} [chars=' '] The string used as padding.
+     * @returns {string} Returns the padded string.
+     * @example
+     *
+     * _.padEnd('abc', 6);
+     * // => 'abc   '
+     *
+     * _.padEnd('abc', 6, '_-');
+     * // => 'abc_-_'
+     *
+     * _.padEnd('abc', 3);
+     * // => 'abc'
+     */
+    function padEnd(string, length, chars) {
+      string = toString(string);
+      length = toInteger(length);
+      var strLength = length ? stringSize(string) : 0;
+      return length && strLength < length ? string + createPadding(length - strLength, chars) : string;
+    }
+
+    /**
+     * Pads `string` on the left side if it's shorter than `length`. Padding
+     * characters are truncated if they exceed `length`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to pad.
+     * @param {number} [length=0] The padding length.
+     * @param {string} [chars=' '] The string used as padding.
+     * @returns {string} Returns the padded string.
+     * @example
+     *
+     * _.padStart('abc', 6);
+     * // => '   abc'
+     *
+     * _.padStart('abc', 6, '_-');
+     * // => '_-_abc'
+     *
+     * _.padStart('abc', 3);
+     * // => 'abc'
+     */
+    function padStart(string, length, chars) {
+      string = toString(string);
+      length = toInteger(length);
+      var strLength = length ? stringSize(string) : 0;
+      return length && strLength < length ? createPadding(length - strLength, chars) + string : string;
+    }
+
+    /**
+     * Converts `string` to an integer of the specified radix. If `radix` is
+     * `undefined` or `0`, a `radix` of `10` is used unless `value` is a
+     * hexadecimal, in which case a `radix` of `16` is used.
+     *
+     * **Note:** This method aligns with the
+     * [ES5 implementation](https://es5.github.io/#x15.1.2.2) of `parseInt`.
+     *
+     * @static
+     * @memberOf _
+     * @since 1.1.0
+     * @category String
+     * @param {string} string The string to convert.
+     * @param {number} [radix=10] The radix to interpret `value` by.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {number} Returns the converted integer.
+     * @example
+     *
+     * _.parseInt('08');
+     * // => 8
+     *
+     * _.map(['6', '08', '10'], _.parseInt);
+     * // => [6, 8, 10]
+     */
+    function parseInt(string, radix, guard) {
+      if (guard || radix == null) {
+        radix = 0;
+      } else if (radix) {
+        radix = +radix;
+      }
+      return nativeParseInt(toString(string).replace(reTrimStart, ''), radix || 0);
+    }
+
+    /**
+     * Repeats the given string `n` times.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to repeat.
+     * @param {number} [n=1] The number of times to repeat the string.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {string} Returns the repeated string.
+     * @example
+     *
+     * _.repeat('*', 3);
+     * // => '***'
+     *
+     * _.repeat('abc', 2);
+     * // => 'abcabc'
+     *
+     * _.repeat('abc', 0);
+     * // => ''
+     */
+    function repeat(string, n, guard) {
+      if (guard ? isIterateeCall(string, n, guard) : n === undefined) {
+        n = 1;
+      } else {
+        n = toInteger(n);
+      }
+      return baseRepeat(toString(string), n);
+    }
+
+    /**
+     * Replaces matches for `pattern` in `string` with `replacement`.
+     *
+     * **Note:** This method is based on
+     * [`String#replace`](https://mdn.io/String/replace).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to modify.
+     * @param {RegExp|string} pattern The pattern to replace.
+     * @param {Function|string} replacement The match replacement.
+     * @returns {string} Returns the modified string.
+     * @example
+     *
+     * _.replace('Hi Fred', 'Fred', 'Barney');
+     * // => 'Hi Barney'
+     */
+    function replace() {
+      var args = arguments,
+        string = toString(args[0]);
+      return args.length < 3 ? string : string.replace(args[1], args[2]);
+    }
+
+    /**
+     * Converts `string` to
+     * [snake case](https://en.wikipedia.org/wiki/Snake_case).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the snake cased string.
+     * @example
+     *
+     * _.snakeCase('Foo Bar');
+     * // => 'foo_bar'
+     *
+     * _.snakeCase('fooBar');
+     * // => 'foo_bar'
+     *
+     * _.snakeCase('--FOO-BAR--');
+     * // => 'foo_bar'
+     */
+    var snakeCase = createCompounder(function (result, word, index) {
+      return result + (index ? '_' : '') + word.toLowerCase();
+    });
+
+    /**
+     * Splits `string` by `separator`.
+     *
+     * **Note:** This method is based on
+     * [`String#split`](https://mdn.io/String/split).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to split.
+     * @param {RegExp|string} separator The separator pattern to split by.
+     * @param {number} [limit] The length to truncate results to.
+     * @returns {Array} Returns the string segments.
+     * @example
+     *
+     * _.split('a-b-c', '-', 2);
+     * // => ['a', 'b']
+     */
+    function split(string, separator, limit) {
+      if (limit && typeof limit != 'number' && isIterateeCall(string, separator, limit)) {
+        separator = limit = undefined;
+      }
+      limit = limit === undefined ? MAX_ARRAY_LENGTH : limit >>> 0;
+      if (!limit) {
+        return [];
+      }
+      string = toString(string);
+      if (string && (typeof separator == 'string' || separator != null && !isRegExp(separator))) {
+        separator = baseToString(separator);
+        if (!separator && hasUnicode(string)) {
+          return castSlice(stringToArray(string), 0, limit);
+        }
+      }
+      return string.split(separator, limit);
+    }
+
+    /**
+     * Converts `string` to
+     * [start case](https://en.wikipedia.org/wiki/Letter_case#Stylistic_or_specialised_usage).
+     *
+     * @static
+     * @memberOf _
+     * @since 3.1.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the start cased string.
+     * @example
+     *
+     * _.startCase('--foo-bar--');
+     * // => 'Foo Bar'
+     *
+     * _.startCase('fooBar');
+     * // => 'Foo Bar'
+     *
+     * _.startCase('__FOO_BAR__');
+     * // => 'FOO BAR'
+     */
+    var startCase = createCompounder(function (result, word, index) {
+      return result + (index ? ' ' : '') + upperFirst(word);
+    });
+
+    /**
+     * Checks if `string` starts with the given target string.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to inspect.
+     * @param {string} [target] The string to search for.
+     * @param {number} [position=0] The position to search from.
+     * @returns {boolean} Returns `true` if `string` starts with `target`,
+     *  else `false`.
+     * @example
+     *
+     * _.startsWith('abc', 'a');
+     * // => true
+     *
+     * _.startsWith('abc', 'b');
+     * // => false
+     *
+     * _.startsWith('abc', 'b', 1);
+     * // => true
+     */
+    function startsWith(string, target, position) {
+      string = toString(string);
+      position = position == null ? 0 : baseClamp(toInteger(position), 0, string.length);
+      target = baseToString(target);
+      return string.slice(position, position + target.length) == target;
+    }
+
+    /**
+     * Creates a compiled template function that can interpolate data properties
+     * in "interpolate" delimiters, HTML-escape interpolated data properties in
+     * "escape" delimiters, and execute JavaScript in "evaluate" delimiters. Data
+     * properties may be accessed as free variables in the template. If a setting
+     * object is given, it takes precedence over `_.templateSettings` values.
+     *
+     * **Note:** In the development build `_.template` utilizes
+     * [sourceURLs](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
+     * for easier debugging.
+     *
+     * For more information on precompiling templates see
+     * [lodash's custom builds documentation](https://lodash.com/custom-builds).
+     *
+     * For more information on Chrome extension sandboxes see
+     * [Chrome's extensions documentation](https://developer.chrome.com/extensions/sandboxingEval).
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category String
+     * @param {string} [string=''] The template string.
+     * @param {Object} [options={}] The options object.
+     * @param {RegExp} [options.escape=_.templateSettings.escape]
+     *  The HTML "escape" delimiter.
+     * @param {RegExp} [options.evaluate=_.templateSettings.evaluate]
+     *  The "evaluate" delimiter.
+     * @param {Object} [options.imports=_.templateSettings.imports]
+     *  An object to import into the template as free variables.
+     * @param {RegExp} [options.interpolate=_.templateSettings.interpolate]
+     *  The "interpolate" delimiter.
+     * @param {string} [options.sourceURL='lodash.templateSources[n]']
+     *  The sourceURL of the compiled template.
+     * @param {string} [options.variable='obj']
+     *  The data object variable name.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Function} Returns the compiled template function.
+     * @example
+     *
+     * // Use the "interpolate" delimiter to create a compiled template.
+     * var compiled = _.template('hello <%= user %>!');
+     * compiled({ 'user': 'fred' });
+     * // => 'hello fred!'
+     *
+     * // Use the HTML "escape" delimiter to escape data property values.
+     * var compiled = _.template('<b><%- value %></b>');
+     * compiled({ 'value': '<script>' });
+     * // => '<b>&lt;script&gt;</b>'
+     *
+     * // Use the "evaluate" delimiter to execute JavaScript and generate HTML.
+     * var compiled = _.template('<% _.forEach(users, function(user) { %><li><%- user %></li><% }); %>');
+     * compiled({ 'users': ['fred', 'barney'] });
+     * // => '<li>fred</li><li>barney</li>'
+     *
+     * // Use the internal `print` function in "evaluate" delimiters.
+     * var compiled = _.template('<% print("hello " + user); %>!');
+     * compiled({ 'user': 'barney' });
+     * // => 'hello barney!'
+     *
+     * // Use the ES template literal delimiter as an "interpolate" delimiter.
+     * // Disable support by replacing the "interpolate" delimiter.
+     * var compiled = _.template('hello ${ user }!');
+     * compiled({ 'user': 'pebbles' });
+     * // => 'hello pebbles!'
+     *
+     * // Use backslashes to treat delimiters as plain text.
+     * var compiled = _.template('<%= "\\<%- value %\\>" %>');
+     * compiled({ 'value': 'ignored' });
+     * // => '<%- value %>'
+     *
+     * // Use the `imports` option to import `jQuery` as `jq`.
+     * var text = '<% jq.each(users, function(user) { %><li><%- user %></li><% }); %>';
+     * var compiled = _.template(text, { 'imports': { 'jq': jQuery } });
+     * compiled({ 'users': ['fred', 'barney'] });
+     * // => '<li>fred</li><li>barney</li>'
+     *
+     * // Use the `sourceURL` option to specify a custom sourceURL for the template.
+     * var compiled = _.template('hello <%= user %>!', { 'sourceURL': '/basic/greeting.jst' });
+     * compiled(data);
+     * // => Find the source of "greeting.jst" under the Sources tab or Resources panel of the web inspector.
+     *
+     * // Use the `variable` option to ensure a with-statement isn't used in the compiled template.
+     * var compiled = _.template('hi <%= data.user %>!', { 'variable': 'data' });
+     * compiled.source;
+     * // => function(data) {
+     * //   var __t, __p = '';
+     * //   __p += 'hi ' + ((__t = ( data.user )) == null ? '' : __t) + '!';
+     * //   return __p;
+     * // }
+     *
+     * // Use custom template delimiters.
+     * _.templateSettings.interpolate = /{{([\s\S]+?)}}/g;
+     * var compiled = _.template('hello {{ user }}!');
+     * compiled({ 'user': 'mustache' });
+     * // => 'hello mustache!'
+     *
+     * // Use the `source` property to inline compiled templates for meaningful
+     * // line numbers in error messages and stack traces.
+     * fs.writeFileSync(path.join(process.cwd(), 'jst.js'), '\
+     *   var JST = {\
+     *     "main": ' + _.template(mainText).source + '\
+     *   };\
+     * ');
+     */
+    function template(string, options, guard) {
+      // Based on John Resig's `tmpl` implementation
+      // (http://ejohn.org/blog/javascript-micro-templating/)
+      // and Laura Doktorova's doT.js (https://github.com/olado/doT).
+      var settings = lodash.templateSettings;
+      if (guard && isIterateeCall(string, options, guard)) {
+        options = undefined;
+      }
+      string = toString(string);
+      options = assignInWith({}, options, settings, customDefaultsAssignIn);
+      var imports = assignInWith({}, options.imports, settings.imports, customDefaultsAssignIn),
+        importsKeys = keys(imports),
+        importsValues = baseValues(imports, importsKeys);
+      var isEscaping,
+        isEvaluating,
+        index = 0,
+        interpolate = options.interpolate || reNoMatch,
+        source = "__p += '";
+
+      // Compile the regexp to match each delimiter.
+      var reDelimiters = RegExp((options.escape || reNoMatch).source + '|' + interpolate.source + '|' + (interpolate === reInterpolate ? reEsTemplate : reNoMatch).source + '|' + (options.evaluate || reNoMatch).source + '|$', 'g');
+
+      // Use a sourceURL for easier debugging.
+      // The sourceURL gets injected into the source that's eval-ed, so be careful
+      // to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in
+      // and escape the comment, thus injecting code that gets evaled.
+      var sourceURL = '//# sourceURL=' + (hasOwnProperty.call(options, 'sourceURL') ? (options.sourceURL + '').replace(/\s/g, ' ') : 'lodash.templateSources[' + ++templateCounter + ']') + '\n';
+      string.replace(reDelimiters, function (match, escapeValue, interpolateValue, esTemplateValue, evaluateValue, offset) {
+        interpolateValue || (interpolateValue = esTemplateValue);
+
+        // Escape characters that can't be included in string literals.
+        source += string.slice(index, offset).replace(reUnescapedString, escapeStringChar);
+
+        // Replace delimiters with snippets.
+        if (escapeValue) {
+          isEscaping = true;
+          source += "' +\n__e(" + escapeValue + ") +\n'";
+        }
+        if (evaluateValue) {
+          isEvaluating = true;
+          source += "';\n" + evaluateValue + ";\n__p += '";
+        }
+        if (interpolateValue) {
+          source += "' +\n((__t = (" + interpolateValue + ")) == null ? '' : __t) +\n'";
+        }
+        index = offset + match.length;
+
+        // The JS engine embedded in Adobe products needs `match` returned in
+        // order to produce the correct `offset` value.
+        return match;
+      });
+      source += "';\n";
+
+      // If `variable` is not specified wrap a with-statement around the generated
+      // code to add the data object to the top of the scope chain.
+      var variable = hasOwnProperty.call(options, 'variable') && options.variable;
+      if (!variable) {
+        source = 'with (obj) {\n' + source + '\n}\n';
+      }
+      // Throw an error if a forbidden character was found in `variable`, to prevent
+      // potential command injection attacks.
+      else if (reForbiddenIdentifierChars.test(variable)) {
+        throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT);
+      }
+
+      // Cleanup code by stripping empty strings.
+      source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source).replace(reEmptyStringMiddle, '$1').replace(reEmptyStringTrailing, '$1;');
+
+      // Frame code as the function body.
+      source = 'function(' + (variable || 'obj') + ') {\n' + (variable ? '' : 'obj || (obj = {});\n') + "var __t, __p = ''" + (isEscaping ? ', __e = _.escape' : '') + (isEvaluating ? ', __j = Array.prototype.join;\n' + "function print() { __p += __j.call(arguments, '') }\n" : ';\n') + source + 'return __p\n}';
+      var result = attempt(function () {
+        return Function(importsKeys, sourceURL + 'return ' + source).apply(undefined, importsValues);
+      });
+
+      // Provide the compiled function's source by its `toString` method or
+      // the `source` property as a convenience for inlining compiled templates.
+      result.source = source;
+      if (isError(result)) {
+        throw result;
+      }
+      return result;
+    }
+
+    /**
+     * Converts `string`, as a whole, to lower case just like
+     * [String#toLowerCase](https://mdn.io/toLowerCase).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the lower cased string.
+     * @example
+     *
+     * _.toLower('--Foo-Bar--');
+     * // => '--foo-bar--'
+     *
+     * _.toLower('fooBar');
+     * // => 'foobar'
+     *
+     * _.toLower('__FOO_BAR__');
+     * // => '__foo_bar__'
+     */
+    function toLower(value) {
+      return toString(value).toLowerCase();
+    }
+
+    /**
+     * Converts `string`, as a whole, to upper case just like
+     * [String#toUpperCase](https://mdn.io/toUpperCase).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the upper cased string.
+     * @example
+     *
+     * _.toUpper('--foo-bar--');
+     * // => '--FOO-BAR--'
+     *
+     * _.toUpper('fooBar');
+     * // => 'FOOBAR'
+     *
+     * _.toUpper('__foo_bar__');
+     * // => '__FOO_BAR__'
+     */
+    function toUpper(value) {
+      return toString(value).toUpperCase();
+    }
+
+    /**
+     * Removes leading and trailing whitespace or specified characters from `string`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to trim.
+     * @param {string} [chars=whitespace] The characters to trim.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {string} Returns the trimmed string.
+     * @example
+     *
+     * _.trim('  abc  ');
+     * // => 'abc'
+     *
+     * _.trim('-_-abc-_-', '_-');
+     * // => 'abc'
+     *
+     * _.map(['  foo  ', '  bar  '], _.trim);
+     * // => ['foo', 'bar']
+     */
+    function trim(string, chars, guard) {
+      string = toString(string);
+      if (string && (guard || chars === undefined)) {
+        return baseTrim(string);
+      }
+      if (!string || !(chars = baseToString(chars))) {
+        return string;
+      }
+      var strSymbols = stringToArray(string),
+        chrSymbols = stringToArray(chars),
+        start = charsStartIndex(strSymbols, chrSymbols),
+        end = charsEndIndex(strSymbols, chrSymbols) + 1;
+      return castSlice(strSymbols, start, end).join('');
+    }
+
+    /**
+     * Removes trailing whitespace or specified characters from `string`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to trim.
+     * @param {string} [chars=whitespace] The characters to trim.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {string} Returns the trimmed string.
+     * @example
+     *
+     * _.trimEnd('  abc  ');
+     * // => '  abc'
+     *
+     * _.trimEnd('-_-abc-_-', '_-');
+     * // => '-_-abc'
+     */
+    function trimEnd(string, chars, guard) {
+      string = toString(string);
+      if (string && (guard || chars === undefined)) {
+        return string.slice(0, trimmedEndIndex(string) + 1);
+      }
+      if (!string || !(chars = baseToString(chars))) {
+        return string;
+      }
+      var strSymbols = stringToArray(string),
+        end = charsEndIndex(strSymbols, stringToArray(chars)) + 1;
+      return castSlice(strSymbols, 0, end).join('');
+    }
+
+    /**
+     * Removes leading whitespace or specified characters from `string`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to trim.
+     * @param {string} [chars=whitespace] The characters to trim.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {string} Returns the trimmed string.
+     * @example
+     *
+     * _.trimStart('  abc  ');
+     * // => 'abc  '
+     *
+     * _.trimStart('-_-abc-_-', '_-');
+     * // => 'abc-_-'
+     */
+    function trimStart(string, chars, guard) {
+      string = toString(string);
+      if (string && (guard || chars === undefined)) {
+        return string.replace(reTrimStart, '');
+      }
+      if (!string || !(chars = baseToString(chars))) {
+        return string;
+      }
+      var strSymbols = stringToArray(string),
+        start = charsStartIndex(strSymbols, stringToArray(chars));
+      return castSlice(strSymbols, start).join('');
+    }
+
+    /**
+     * Truncates `string` if it's longer than the given maximum string length.
+     * The last characters of the truncated string are replaced with the omission
+     * string which defaults to "...".
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to truncate.
+     * @param {Object} [options={}] The options object.
+     * @param {number} [options.length=30] The maximum string length.
+     * @param {string} [options.omission='...'] The string to indicate text is omitted.
+     * @param {RegExp|string} [options.separator] The separator pattern to truncate to.
+     * @returns {string} Returns the truncated string.
+     * @example
+     *
+     * _.truncate('hi-diddly-ho there, neighborino');
+     * // => 'hi-diddly-ho there, neighbo...'
+     *
+     * _.truncate('hi-diddly-ho there, neighborino', {
+     *   'length': 24,
+     *   'separator': ' '
+     * });
+     * // => 'hi-diddly-ho there,...'
+     *
+     * _.truncate('hi-diddly-ho there, neighborino', {
+     *   'length': 24,
+     *   'separator': /,? +/
+     * });
+     * // => 'hi-diddly-ho there...'
+     *
+     * _.truncate('hi-diddly-ho there, neighborino', {
+     *   'omission': ' [...]'
+     * });
+     * // => 'hi-diddly-ho there, neig [...]'
+     */
+    function truncate(string, options) {
+      var length = DEFAULT_TRUNC_LENGTH,
+        omission = DEFAULT_TRUNC_OMISSION;
+      if (isObject(options)) {
+        var separator = 'separator' in options ? options.separator : separator;
+        length = 'length' in options ? toInteger(options.length) : length;
+        omission = 'omission' in options ? baseToString(options.omission) : omission;
+      }
+      string = toString(string);
+      var strLength = string.length;
+      if (hasUnicode(string)) {
+        var strSymbols = stringToArray(string);
+        strLength = strSymbols.length;
+      }
+      if (length >= strLength) {
+        return string;
+      }
+      var end = length - stringSize(omission);
+      if (end < 1) {
+        return omission;
+      }
+      var result = strSymbols ? castSlice(strSymbols, 0, end).join('') : string.slice(0, end);
+      if (separator === undefined) {
+        return result + omission;
+      }
+      if (strSymbols) {
+        end += result.length - end;
+      }
+      if (isRegExp(separator)) {
+        if (string.slice(end).search(separator)) {
+          var match,
+            substring = result;
+          if (!separator.global) {
+            separator = RegExp(separator.source, toString(reFlags.exec(separator)) + 'g');
+          }
+          separator.lastIndex = 0;
+          while (match = separator.exec(substring)) {
+            var newEnd = match.index;
+          }
+          result = result.slice(0, newEnd === undefined ? end : newEnd);
+        }
+      } else if (string.indexOf(baseToString(separator), end) != end) {
+        var index = result.lastIndexOf(separator);
+        if (index > -1) {
+          result = result.slice(0, index);
+        }
+      }
+      return result + omission;
+    }
+
+    /**
+     * The inverse of `_.escape`; this method converts the HTML entities
+     * `&amp;`, `&lt;`, `&gt;`, `&quot;`, and `&#39;` in `string` to
+     * their corresponding characters.
+     *
+     * **Note:** No other HTML entities are unescaped. To unescape additional
+     * HTML entities use a third-party library like [_he_](https://mths.be/he).
+     *
+     * @static
+     * @memberOf _
+     * @since 0.6.0
+     * @category String
+     * @param {string} [string=''] The string to unescape.
+     * @returns {string} Returns the unescaped string.
+     * @example
+     *
+     * _.unescape('fred, barney, &amp; pebbles');
+     * // => 'fred, barney, & pebbles'
+     */
+    function unescape(string) {
+      string = toString(string);
+      return string && reHasEscapedHtml.test(string) ? string.replace(reEscapedHtml, unescapeHtmlChar) : string;
+    }
+
+    /**
+     * Converts `string`, as space separated words, to upper case.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the upper cased string.
+     * @example
+     *
+     * _.upperCase('--foo-bar');
+     * // => 'FOO BAR'
+     *
+     * _.upperCase('fooBar');
+     * // => 'FOO BAR'
+     *
+     * _.upperCase('__foo_bar__');
+     * // => 'FOO BAR'
+     */
+    var upperCase = createCompounder(function (result, word, index) {
+      return result + (index ? ' ' : '') + word.toUpperCase();
+    });
+
+    /**
+     * Converts the first character of `string` to upper case.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category String
+     * @param {string} [string=''] The string to convert.
+     * @returns {string} Returns the converted string.
+     * @example
+     *
+     * _.upperFirst('fred');
+     * // => 'Fred'
+     *
+     * _.upperFirst('FRED');
+     * // => 'FRED'
+     */
+    var upperFirst = createCaseFirst('toUpperCase');
+
+    /**
+     * Splits `string` into an array of its words.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category String
+     * @param {string} [string=''] The string to inspect.
+     * @param {RegExp|string} [pattern] The pattern to match words.
+     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
+     * @returns {Array} Returns the words of `string`.
+     * @example
+     *
+     * _.words('fred, barney, & pebbles');
+     * // => ['fred', 'barney', 'pebbles']
+     *
+     * _.words('fred, barney, & pebbles', /[^, ]+/g);
+     * // => ['fred', 'barney', '&', 'pebbles']
+     */
+    function words(string, pattern, guard) {
+      string = toString(string);
+      pattern = guard ? undefined : pattern;
+      if (pattern === undefined) {
+        return hasUnicodeWord(string) ? unicodeWords(string) : asciiWords(string);
+      }
+      return string.match(pattern) || [];
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Attempts to invoke `func`, returning either the result or the caught error
+     * object. Any additional arguments are provided to `func` when it's invoked.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Util
+     * @param {Function} func The function to attempt.
+     * @param {...*} [args] The arguments to invoke `func` with.
+     * @returns {*} Returns the `func` result or error object.
+     * @example
+     *
+     * // Avoid throwing errors for invalid selectors.
+     * var elements = _.attempt(function(selector) {
+     *   return document.querySelectorAll(selector);
+     * }, '>_>');
+     *
+     * if (_.isError(elements)) {
+     *   elements = [];
+     * }
+     */
+    var attempt = baseRest(function (func, args) {
+      try {
+        return apply(func, undefined, args);
+      } catch (e) {
+        return isError(e) ? e : new Error(e);
+      }
+    });
+
+    /**
+     * Binds methods of an object to the object itself, overwriting the existing
+     * method.
+     *
+     * **Note:** This method doesn't set the "length" property of bound functions.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {Object} object The object to bind and assign the bound methods to.
+     * @param {...(string|string[])} methodNames The object method names to bind.
+     * @returns {Object} Returns `object`.
+     * @example
+     *
+     * var view = {
+     *   'label': 'docs',
+     *   'click': function() {
+     *     console.log('clicked ' + this.label);
+     *   }
+     * };
+     *
+     * _.bindAll(view, ['click']);
+     * jQuery(element).on('click', view.click);
+     * // => Logs 'clicked docs' when clicked.
+     */
+    var bindAll = flatRest(function (object, methodNames) {
+      arrayEach(methodNames, function (key) {
+        key = toKey(key);
+        baseAssignValue(object, key, bind(object[key], object));
+      });
+      return object;
+    });
+
+    /**
+     * Creates a function that iterates over `pairs` and invokes the corresponding
+     * function of the first predicate to return truthy. The predicate-function
+     * pairs are invoked with the `this` binding and arguments of the created
+     * function.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {Array} pairs The predicate-function pairs.
+     * @returns {Function} Returns the new composite function.
+     * @example
+     *
+     * var func = _.cond([
+     *   [_.matches({ 'a': 1 }),           _.constant('matches A')],
+     *   [_.conforms({ 'b': _.isNumber }), _.constant('matches B')],
+     *   [_.stubTrue,                      _.constant('no match')]
+     * ]);
+     *
+     * func({ 'a': 1, 'b': 2 });
+     * // => 'matches A'
+     *
+     * func({ 'a': 0, 'b': 1 });
+     * // => 'matches B'
+     *
+     * func({ 'a': '1', 'b': '2' });
+     * // => 'no match'
+     */
+    function cond(pairs) {
+      var length = pairs == null ? 0 : pairs.length,
+        toIteratee = getIteratee();
+      pairs = !length ? [] : arrayMap(pairs, function (pair) {
+        if (typeof pair[1] != 'function') {
+          throw new TypeError(FUNC_ERROR_TEXT);
+        }
+        return [toIteratee(pair[0]), pair[1]];
+      });
+      return baseRest(function (args) {
+        var index = -1;
+        while (++index < length) {
+          var pair = pairs[index];
+          if (apply(pair[0], this, args)) {
+            return apply(pair[1], this, args);
+          }
+        }
+      });
+    }
+
+    /**
+     * Creates a function that invokes the predicate properties of `source` with
+     * the corresponding property values of a given object, returning `true` if
+     * all predicates return truthy, else `false`.
+     *
+     * **Note:** The created function is equivalent to `_.conformsTo` with
+     * `source` partially applied.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {Object} source The object of property predicates to conform to.
+     * @returns {Function} Returns the new spec function.
+     * @example
+     *
+     * var objects = [
+     *   { 'a': 2, 'b': 1 },
+     *   { 'a': 1, 'b': 2 }
+     * ];
+     *
+     * _.filter(objects, _.conforms({ 'b': function(n) { return n > 1; } }));
+     * // => [{ 'a': 1, 'b': 2 }]
+     */
+    function conforms(source) {
+      return baseConforms(baseClone(source, CLONE_DEEP_FLAG));
+    }
+
+    /**
+     * Creates a function that returns `value`.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.4.0
+     * @category Util
+     * @param {*} value The value to return from the new function.
+     * @returns {Function} Returns the new constant function.
+     * @example
+     *
+     * var objects = _.times(2, _.constant({ 'a': 1 }));
+     *
+     * console.log(objects);
+     * // => [{ 'a': 1 }, { 'a': 1 }]
+     *
+     * console.log(objects[0] === objects[1]);
+     * // => true
+     */
+    function constant(value) {
+      return function () {
+        return value;
+      };
+    }
+
+    /**
+     * Checks `value` to determine whether a default value should be returned in
+     * its place. The `defaultValue` is returned if `value` is `NaN`, `null`,
+     * or `undefined`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.14.0
+     * @category Util
+     * @param {*} value The value to check.
+     * @param {*} defaultValue The default value.
+     * @returns {*} Returns the resolved value.
+     * @example
+     *
+     * _.defaultTo(1, 10);
+     * // => 1
+     *
+     * _.defaultTo(undefined, 10);
+     * // => 10
+     */
+    function defaultTo(value, defaultValue) {
+      return value == null || value !== value ? defaultValue : value;
+    }
+
+    /**
+     * Creates a function that returns the result of invoking the given functions
+     * with the `this` binding of the created function, where each successive
+     * invocation is supplied the return value of the previous.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Util
+     * @param {...(Function|Function[])} [funcs] The functions to invoke.
+     * @returns {Function} Returns the new composite function.
+     * @see _.flowRight
+     * @example
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * var addSquare = _.flow([_.add, square]);
+     * addSquare(1, 2);
+     * // => 9
+     */
+    var flow = createFlow();
+
+    /**
+     * This method is like `_.flow` except that it creates a function that
+     * invokes the given functions from right to left.
+     *
+     * @static
+     * @since 3.0.0
+     * @memberOf _
+     * @category Util
+     * @param {...(Function|Function[])} [funcs] The functions to invoke.
+     * @returns {Function} Returns the new composite function.
+     * @see _.flow
+     * @example
+     *
+     * function square(n) {
+     *   return n * n;
+     * }
+     *
+     * var addSquare = _.flowRight([square, _.add]);
+     * addSquare(1, 2);
+     * // => 9
+     */
+    var flowRight = createFlow(true);
+
+    /**
+     * This method returns the first argument it receives.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {*} value Any value.
+     * @returns {*} Returns `value`.
+     * @example
+     *
+     * var object = { 'a': 1 };
+     *
+     * console.log(_.identity(object) === object);
+     * // => true
+     */
+    function identity(value) {
+      return value;
+    }
+
+    /**
+     * Creates a function that invokes `func` with the arguments of the created
+     * function. If `func` is a property name, the created function returns the
+     * property value for a given element. If `func` is an array or object, the
+     * created function returns `true` for elements that contain the equivalent
+     * source properties, otherwise it returns `false`.
+     *
+     * @static
+     * @since 4.0.0
+     * @memberOf _
+     * @category Util
+     * @param {*} [func=_.identity] The value to convert to a callback.
+     * @returns {Function} Returns the callback.
+     * @example
+     *
+     * var users = [
+     *   { 'user': 'barney', 'age': 36, 'active': true },
+     *   { 'user': 'fred',   'age': 40, 'active': false }
+     * ];
+     *
+     * // The `_.matches` iteratee shorthand.
+     * _.filter(users, _.iteratee({ 'user': 'barney', 'active': true }));
+     * // => [{ 'user': 'barney', 'age': 36, 'active': true }]
+     *
+     * // The `_.matchesProperty` iteratee shorthand.
+     * _.filter(users, _.iteratee(['user', 'fred']));
+     * // => [{ 'user': 'fred', 'age': 40 }]
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.map(users, _.iteratee('user'));
+     * // => ['barney', 'fred']
+     *
+     * // Create custom iteratee shorthands.
+     * _.iteratee = _.wrap(_.iteratee, function(iteratee, func) {
+     *   return !_.isRegExp(func) ? iteratee(func) : function(string) {
+     *     return func.test(string);
+     *   };
+     * });
+     *
+     * _.filter(['abc', 'def'], /ef/);
+     * // => ['def']
+     */
+    function iteratee(func) {
+      return baseIteratee(typeof func == 'function' ? func : baseClone(func, CLONE_DEEP_FLAG));
+    }
+
+    /**
+     * Creates a function that performs a partial deep comparison between a given
+     * object and `source`, returning `true` if the given object has equivalent
+     * property values, else `false`.
+     *
+     * **Note:** The created function is equivalent to `_.isMatch` with `source`
+     * partially applied.
+     *
+     * Partial comparisons will match empty array and empty object `source`
+     * values against any array or object value, respectively. See `_.isEqual`
+     * for a list of supported value comparisons.
+     *
+     * **Note:** Multiple values can be checked by combining several matchers
+     * using `_.overSome`
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Util
+     * @param {Object} source The object of property values to match.
+     * @returns {Function} Returns the new spec function.
+     * @example
+     *
+     * var objects = [
+     *   { 'a': 1, 'b': 2, 'c': 3 },
+     *   { 'a': 4, 'b': 5, 'c': 6 }
+     * ];
+     *
+     * _.filter(objects, _.matches({ 'a': 4, 'c': 6 }));
+     * // => [{ 'a': 4, 'b': 5, 'c': 6 }]
+     *
+     * // Checking for several possible values
+     * _.filter(objects, _.overSome([_.matches({ 'a': 1 }), _.matches({ 'a': 4 })]));
+     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
+     */
+    function matches(source) {
+      return baseMatches(baseClone(source, CLONE_DEEP_FLAG));
+    }
+
+    /**
+     * Creates a function that performs a partial deep comparison between the
+     * value at `path` of a given object to `srcValue`, returning `true` if the
+     * object value is equivalent, else `false`.
+     *
+     * **Note:** Partial comparisons will match empty array and empty object
+     * `srcValue` values against any array or object value, respectively. See
+     * `_.isEqual` for a list of supported value comparisons.
+     *
+     * **Note:** Multiple values can be checked by combining several matchers
+     * using `_.overSome`
+     *
+     * @static
+     * @memberOf _
+     * @since 3.2.0
+     * @category Util
+     * @param {Array|string} path The path of the property to get.
+     * @param {*} srcValue The value to match.
+     * @returns {Function} Returns the new spec function.
+     * @example
+     *
+     * var objects = [
+     *   { 'a': 1, 'b': 2, 'c': 3 },
+     *   { 'a': 4, 'b': 5, 'c': 6 }
+     * ];
+     *
+     * _.find(objects, _.matchesProperty('a', 4));
+     * // => { 'a': 4, 'b': 5, 'c': 6 }
+     *
+     * // Checking for several possible values
+     * _.filter(objects, _.overSome([_.matchesProperty('a', 1), _.matchesProperty('a', 4)]));
+     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
+     */
+    function matchesProperty(path, srcValue) {
+      return baseMatchesProperty(path, baseClone(srcValue, CLONE_DEEP_FLAG));
+    }
+
+    /**
+     * Creates a function that invokes the method at `path` of a given object.
+     * Any additional arguments are provided to the invoked method.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.7.0
+     * @category Util
+     * @param {Array|string} path The path of the method to invoke.
+     * @param {...*} [args] The arguments to invoke the method with.
+     * @returns {Function} Returns the new invoker function.
+     * @example
+     *
+     * var objects = [
+     *   { 'a': { 'b': _.constant(2) } },
+     *   { 'a': { 'b': _.constant(1) } }
+     * ];
+     *
+     * _.map(objects, _.method('a.b'));
+     * // => [2, 1]
+     *
+     * _.map(objects, _.method(['a', 'b']));
+     * // => [2, 1]
+     */
+    var method = baseRest(function (path, args) {
+      return function (object) {
+        return baseInvoke(object, path, args);
+      };
+    });
+
+    /**
+     * The opposite of `_.method`; this method creates a function that invokes
+     * the method at a given path of `object`. Any additional arguments are
+     * provided to the invoked method.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.7.0
+     * @category Util
+     * @param {Object} object The object to query.
+     * @param {...*} [args] The arguments to invoke the method with.
+     * @returns {Function} Returns the new invoker function.
+     * @example
+     *
+     * var array = _.times(3, _.constant),
+     *     object = { 'a': array, 'b': array, 'c': array };
+     *
+     * _.map(['a[2]', 'c[0]'], _.methodOf(object));
+     * // => [2, 0]
+     *
+     * _.map([['a', '2'], ['c', '0']], _.methodOf(object));
+     * // => [2, 0]
+     */
+    var methodOf = baseRest(function (object, args) {
+      return function (path) {
+        return baseInvoke(object, path, args);
+      };
+    });
+
+    /**
+     * Adds all own enumerable string keyed function properties of a source
+     * object to the destination object. If `object` is a function, then methods
+     * are added to its prototype as well.
+     *
+     * **Note:** Use `_.runInContext` to create a pristine `lodash` function to
+     * avoid conflicts caused by modifying the original.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {Function|Object} [object=lodash] The destination object.
+     * @param {Object} source The object of functions to add.
+     * @param {Object} [options={}] The options object.
+     * @param {boolean} [options.chain=true] Specify whether mixins are chainable.
+     * @returns {Function|Object} Returns `object`.
+     * @example
+     *
+     * function vowels(string) {
+     *   return _.filter(string, function(v) {
+     *     return /[aeiou]/i.test(v);
+     *   });
+     * }
+     *
+     * _.mixin({ 'vowels': vowels });
+     * _.vowels('fred');
+     * // => ['e']
+     *
+     * _('fred').vowels().value();
+     * // => ['e']
+     *
+     * _.mixin({ 'vowels': vowels }, { 'chain': false });
+     * _('fred').vowels();
+     * // => ['e']
+     */
+    function mixin(object, source, options) {
+      var props = keys(source),
+        methodNames = baseFunctions(source, props);
+      if (options == null && !(isObject(source) && (methodNames.length || !props.length))) {
+        options = source;
+        source = object;
+        object = this;
+        methodNames = baseFunctions(source, keys(source));
+      }
+      var chain = !(isObject(options) && 'chain' in options) || !!options.chain,
+        isFunc = isFunction(object);
+      arrayEach(methodNames, function (methodName) {
+        var func = source[methodName];
+        object[methodName] = func;
+        if (isFunc) {
+          object.prototype[methodName] = function () {
+            var chainAll = this.__chain__;
+            if (chain || chainAll) {
+              var result = object(this.__wrapped__),
+                actions = result.__actions__ = copyArray(this.__actions__);
+              actions.push({
+                'func': func,
+                'args': arguments,
+                'thisArg': object
+              });
+              result.__chain__ = chainAll;
+              return result;
+            }
+            return func.apply(object, arrayPush([this.value()], arguments));
+          };
+        }
+      });
+      return object;
+    }
+
+    /**
+     * Reverts the `_` variable to its previous value and returns a reference to
+     * the `lodash` function.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @returns {Function} Returns the `lodash` function.
+     * @example
+     *
+     * var lodash = _.noConflict();
+     */
+    function noConflict() {
+      if (root._ === this) {
+        root._ = oldDash;
+      }
+      return this;
+    }
+
+    /**
+     * This method returns `undefined`.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.3.0
+     * @category Util
+     * @example
+     *
+     * _.times(2, _.noop);
+     * // => [undefined, undefined]
+     */
+    function noop() {
+      // No operation performed.
+    }
+
+    /**
+     * Creates a function that gets the argument at index `n`. If `n` is negative,
+     * the nth argument from the end is returned.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {number} [n=0] The index of the argument to return.
+     * @returns {Function} Returns the new pass-thru function.
+     * @example
+     *
+     * var func = _.nthArg(1);
+     * func('a', 'b', 'c', 'd');
+     * // => 'b'
+     *
+     * var func = _.nthArg(-2);
+     * func('a', 'b', 'c', 'd');
+     * // => 'c'
+     */
+    function nthArg(n) {
+      n = toInteger(n);
+      return baseRest(function (args) {
+        return baseNth(args, n);
+      });
+    }
+
+    /**
+     * Creates a function that invokes `iteratees` with the arguments it receives
+     * and returns their results.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {...(Function|Function[])} [iteratees=[_.identity]]
+     *  The iteratees to invoke.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var func = _.over([Math.max, Math.min]);
+     *
+     * func(1, 2, 3, 4);
+     * // => [4, 1]
+     */
+    var over = createOver(arrayMap);
+
+    /**
+     * Creates a function that checks if **all** of the `predicates` return
+     * truthy when invoked with the arguments it receives.
+     *
+     * Following shorthands are possible for providing predicates.
+     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
+     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {...(Function|Function[])} [predicates=[_.identity]]
+     *  The predicates to check.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var func = _.overEvery([Boolean, isFinite]);
+     *
+     * func('1');
+     * // => true
+     *
+     * func(null);
+     * // => false
+     *
+     * func(NaN);
+     * // => false
+     */
+    var overEvery = createOver(arrayEvery);
+
+    /**
+     * Creates a function that checks if **any** of the `predicates` return
+     * truthy when invoked with the arguments it receives.
+     *
+     * Following shorthands are possible for providing predicates.
+     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
+     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {...(Function|Function[])} [predicates=[_.identity]]
+     *  The predicates to check.
+     * @returns {Function} Returns the new function.
+     * @example
+     *
+     * var func = _.overSome([Boolean, isFinite]);
+     *
+     * func('1');
+     * // => true
+     *
+     * func(null);
+     * // => true
+     *
+     * func(NaN);
+     * // => false
+     *
+     * var matchesFunc = _.overSome([{ 'a': 1 }, { 'a': 2 }])
+     * var matchesPropertyFunc = _.overSome([['a', 1], ['a', 2]])
+     */
+    var overSome = createOver(arraySome);
+
+    /**
+     * Creates a function that returns the value at `path` of a given object.
+     *
+     * @static
+     * @memberOf _
+     * @since 2.4.0
+     * @category Util
+     * @param {Array|string} path The path of the property to get.
+     * @returns {Function} Returns the new accessor function.
+     * @example
+     *
+     * var objects = [
+     *   { 'a': { 'b': 2 } },
+     *   { 'a': { 'b': 1 } }
+     * ];
+     *
+     * _.map(objects, _.property('a.b'));
+     * // => [2, 1]
+     *
+     * _.map(_.sortBy(objects, _.property(['a', 'b'])), 'a.b');
+     * // => [1, 2]
+     */
+    function property(path) {
+      return isKey(path) ? baseProperty(toKey(path)) : basePropertyDeep(path);
+    }
+
+    /**
+     * The opposite of `_.property`; this method creates a function that returns
+     * the value at a given path of `object`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.0.0
+     * @category Util
+     * @param {Object} object The object to query.
+     * @returns {Function} Returns the new accessor function.
+     * @example
+     *
+     * var array = [0, 1, 2],
+     *     object = { 'a': array, 'b': array, 'c': array };
+     *
+     * _.map(['a[2]', 'c[0]'], _.propertyOf(object));
+     * // => [2, 0]
+     *
+     * _.map([['a', '2'], ['c', '0']], _.propertyOf(object));
+     * // => [2, 0]
+     */
+    function propertyOf(object) {
+      return function (path) {
+        return object == null ? undefined : baseGet(object, path);
+      };
+    }
+
+    /**
+     * Creates an array of numbers (positive and/or negative) progressing from
+     * `start` up to, but not including, `end`. A step of `-1` is used if a negative
+     * `start` is specified without an `end` or `step`. If `end` is not specified,
+     * it's set to `start` with `start` then set to `0`.
+     *
+     * **Note:** JavaScript follows the IEEE-754 standard for resolving
+     * floating-point values which can produce unexpected results.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {number} [start=0] The start of the range.
+     * @param {number} end The end of the range.
+     * @param {number} [step=1] The value to increment or decrement by.
+     * @returns {Array} Returns the range of numbers.
+     * @see _.inRange, _.rangeRight
+     * @example
+     *
+     * _.range(4);
+     * // => [0, 1, 2, 3]
+     *
+     * _.range(-4);
+     * // => [0, -1, -2, -3]
+     *
+     * _.range(1, 5);
+     * // => [1, 2, 3, 4]
+     *
+     * _.range(0, 20, 5);
+     * // => [0, 5, 10, 15]
+     *
+     * _.range(0, -4, -1);
+     * // => [0, -1, -2, -3]
+     *
+     * _.range(1, 4, 0);
+     * // => [1, 1, 1]
+     *
+     * _.range(0);
+     * // => []
+     */
+    var range = createRange();
+
+    /**
+     * This method is like `_.range` except that it populates values in
+     * descending order.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {number} [start=0] The start of the range.
+     * @param {number} end The end of the range.
+     * @param {number} [step=1] The value to increment or decrement by.
+     * @returns {Array} Returns the range of numbers.
+     * @see _.inRange, _.range
+     * @example
+     *
+     * _.rangeRight(4);
+     * // => [3, 2, 1, 0]
+     *
+     * _.rangeRight(-4);
+     * // => [-3, -2, -1, 0]
+     *
+     * _.rangeRight(1, 5);
+     * // => [4, 3, 2, 1]
+     *
+     * _.rangeRight(0, 20, 5);
+     * // => [15, 10, 5, 0]
+     *
+     * _.rangeRight(0, -4, -1);
+     * // => [-3, -2, -1, 0]
+     *
+     * _.rangeRight(1, 4, 0);
+     * // => [1, 1, 1]
+     *
+     * _.rangeRight(0);
+     * // => []
+     */
+    var rangeRight = createRange(true);
+
+    /**
+     * This method returns a new empty array.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.13.0
+     * @category Util
+     * @returns {Array} Returns the new empty array.
+     * @example
+     *
+     * var arrays = _.times(2, _.stubArray);
+     *
+     * console.log(arrays);
+     * // => [[], []]
+     *
+     * console.log(arrays[0] === arrays[1]);
+     * // => false
+     */
+    function stubArray() {
+      return [];
+    }
+
+    /**
+     * This method returns `false`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.13.0
+     * @category Util
+     * @returns {boolean} Returns `false`.
+     * @example
+     *
+     * _.times(2, _.stubFalse);
+     * // => [false, false]
+     */
+    function stubFalse() {
+      return false;
+    }
+
+    /**
+     * This method returns a new empty object.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.13.0
+     * @category Util
+     * @returns {Object} Returns the new empty object.
+     * @example
+     *
+     * var objects = _.times(2, _.stubObject);
+     *
+     * console.log(objects);
+     * // => [{}, {}]
+     *
+     * console.log(objects[0] === objects[1]);
+     * // => false
+     */
+    function stubObject() {
+      return {};
+    }
+
+    /**
+     * This method returns an empty string.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.13.0
+     * @category Util
+     * @returns {string} Returns the empty string.
+     * @example
+     *
+     * _.times(2, _.stubString);
+     * // => ['', '']
+     */
+    function stubString() {
+      return '';
+    }
+
+    /**
+     * This method returns `true`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.13.0
+     * @category Util
+     * @returns {boolean} Returns `true`.
+     * @example
+     *
+     * _.times(2, _.stubTrue);
+     * // => [true, true]
+     */
+    function stubTrue() {
+      return true;
+    }
+
+    /**
+     * Invokes the iteratee `n` times, returning an array of the results of
+     * each invocation. The iteratee is invoked with one argument; (index).
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {number} n The number of times to invoke `iteratee`.
+     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
+     * @returns {Array} Returns the array of results.
+     * @example
+     *
+     * _.times(3, String);
+     * // => ['0', '1', '2']
+     *
+     *  _.times(4, _.constant(0));
+     * // => [0, 0, 0, 0]
+     */
+    function times(n, iteratee) {
+      n = toInteger(n);
+      if (n < 1 || n > MAX_SAFE_INTEGER) {
+        return [];
+      }
+      var index = MAX_ARRAY_LENGTH,
+        length = nativeMin(n, MAX_ARRAY_LENGTH);
+      iteratee = getIteratee(iteratee);
+      n -= MAX_ARRAY_LENGTH;
+      var result = baseTimes(length, iteratee);
+      while (++index < n) {
+        iteratee(index);
+      }
+      return result;
+    }
+
+    /**
+     * Converts `value` to a property path array.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Util
+     * @param {*} value The value to convert.
+     * @returns {Array} Returns the new property path array.
+     * @example
+     *
+     * _.toPath('a.b.c');
+     * // => ['a', 'b', 'c']
+     *
+     * _.toPath('a[0].b.c');
+     * // => ['a', '0', 'b', 'c']
+     */
+    function toPath(value) {
+      if (isArray(value)) {
+        return arrayMap(value, toKey);
+      }
+      return isSymbol(value) ? [value] : copyArray(stringToPath(toString(value)));
+    }
+
+    /**
+     * Generates a unique ID. If `prefix` is given, the ID is appended to it.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Util
+     * @param {string} [prefix=''] The value to prefix the ID with.
+     * @returns {string} Returns the unique ID.
+     * @example
+     *
+     * _.uniqueId('contact_');
+     * // => 'contact_104'
+     *
+     * _.uniqueId();
+     * // => '105'
+     */
+    function uniqueId(prefix) {
+      var id = ++idCounter;
+      return toString(prefix) + id;
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * Adds two numbers.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.4.0
+     * @category Math
+     * @param {number} augend The first number in an addition.
+     * @param {number} addend The second number in an addition.
+     * @returns {number} Returns the total.
+     * @example
+     *
+     * _.add(6, 4);
+     * // => 10
+     */
+    var add = createMathOperation(function (augend, addend) {
+      return augend + addend;
+    }, 0);
+
+    /**
+     * Computes `number` rounded up to `precision`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.10.0
+     * @category Math
+     * @param {number} number The number to round up.
+     * @param {number} [precision=0] The precision to round up to.
+     * @returns {number} Returns the rounded up number.
+     * @example
+     *
+     * _.ceil(4.006);
+     * // => 5
+     *
+     * _.ceil(6.004, 2);
+     * // => 6.01
+     *
+     * _.ceil(6040, -2);
+     * // => 6100
+     */
+    var ceil = createRound('ceil');
+
+    /**
+     * Divide two numbers.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.7.0
+     * @category Math
+     * @param {number} dividend The first number in a division.
+     * @param {number} divisor The second number in a division.
+     * @returns {number} Returns the quotient.
+     * @example
+     *
+     * _.divide(6, 4);
+     * // => 1.5
+     */
+    var divide = createMathOperation(function (dividend, divisor) {
+      return dividend / divisor;
+    }, 1);
+
+    /**
+     * Computes `number` rounded down to `precision`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.10.0
+     * @category Math
+     * @param {number} number The number to round down.
+     * @param {number} [precision=0] The precision to round down to.
+     * @returns {number} Returns the rounded down number.
+     * @example
+     *
+     * _.floor(4.006);
+     * // => 4
+     *
+     * _.floor(0.046, 2);
+     * // => 0.04
+     *
+     * _.floor(4060, -2);
+     * // => 4000
+     */
+    var floor = createRound('floor');
+
+    /**
+     * Computes the maximum value of `array`. If `array` is empty or falsey,
+     * `undefined` is returned.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @returns {*} Returns the maximum value.
+     * @example
+     *
+     * _.max([4, 2, 8, 6]);
+     * // => 8
+     *
+     * _.max([]);
+     * // => undefined
+     */
+    function max(array) {
+      return array && array.length ? baseExtremum(array, identity, baseGt) : undefined;
+    }
+
+    /**
+     * This method is like `_.max` except that it accepts `iteratee` which is
+     * invoked for each element in `array` to generate the criterion by which
+     * the value is ranked. The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {*} Returns the maximum value.
+     * @example
+     *
+     * var objects = [{ 'n': 1 }, { 'n': 2 }];
+     *
+     * _.maxBy(objects, function(o) { return o.n; });
+     * // => { 'n': 2 }
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.maxBy(objects, 'n');
+     * // => { 'n': 2 }
+     */
+    function maxBy(array, iteratee) {
+      return array && array.length ? baseExtremum(array, getIteratee(iteratee, 2), baseGt) : undefined;
+    }
+
+    /**
+     * Computes the mean of the values in `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @returns {number} Returns the mean.
+     * @example
+     *
+     * _.mean([4, 2, 8, 6]);
+     * // => 5
+     */
+    function mean(array) {
+      return baseMean(array, identity);
+    }
+
+    /**
+     * This method is like `_.mean` except that it accepts `iteratee` which is
+     * invoked for each element in `array` to generate the value to be averaged.
+     * The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.7.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {number} Returns the mean.
+     * @example
+     *
+     * var objects = [{ 'n': 4 }, { 'n': 2 }, { 'n': 8 }, { 'n': 6 }];
+     *
+     * _.meanBy(objects, function(o) { return o.n; });
+     * // => 5
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.meanBy(objects, 'n');
+     * // => 5
+     */
+    function meanBy(array, iteratee) {
+      return baseMean(array, getIteratee(iteratee, 2));
+    }
+
+    /**
+     * Computes the minimum value of `array`. If `array` is empty or falsey,
+     * `undefined` is returned.
+     *
+     * @static
+     * @since 0.1.0
+     * @memberOf _
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @returns {*} Returns the minimum value.
+     * @example
+     *
+     * _.min([4, 2, 8, 6]);
+     * // => 2
+     *
+     * _.min([]);
+     * // => undefined
+     */
+    function min(array) {
+      return array && array.length ? baseExtremum(array, identity, baseLt) : undefined;
+    }
+
+    /**
+     * This method is like `_.min` except that it accepts `iteratee` which is
+     * invoked for each element in `array` to generate the criterion by which
+     * the value is ranked. The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {*} Returns the minimum value.
+     * @example
+     *
+     * var objects = [{ 'n': 1 }, { 'n': 2 }];
+     *
+     * _.minBy(objects, function(o) { return o.n; });
+     * // => { 'n': 1 }
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.minBy(objects, 'n');
+     * // => { 'n': 1 }
+     */
+    function minBy(array, iteratee) {
+      return array && array.length ? baseExtremum(array, getIteratee(iteratee, 2), baseLt) : undefined;
+    }
+
+    /**
+     * Multiply two numbers.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.7.0
+     * @category Math
+     * @param {number} multiplier The first number in a multiplication.
+     * @param {number} multiplicand The second number in a multiplication.
+     * @returns {number} Returns the product.
+     * @example
+     *
+     * _.multiply(6, 4);
+     * // => 24
+     */
+    var multiply = createMathOperation(function (multiplier, multiplicand) {
+      return multiplier * multiplicand;
+    }, 1);
+
+    /**
+     * Computes `number` rounded to `precision`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.10.0
+     * @category Math
+     * @param {number} number The number to round.
+     * @param {number} [precision=0] The precision to round to.
+     * @returns {number} Returns the rounded number.
+     * @example
+     *
+     * _.round(4.006);
+     * // => 4
+     *
+     * _.round(4.006, 2);
+     * // => 4.01
+     *
+     * _.round(4060, -2);
+     * // => 4100
+     */
+    var round = createRound('round');
+
+    /**
+     * Subtract two numbers.
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Math
+     * @param {number} minuend The first number in a subtraction.
+     * @param {number} subtrahend The second number in a subtraction.
+     * @returns {number} Returns the difference.
+     * @example
+     *
+     * _.subtract(6, 4);
+     * // => 2
+     */
+    var subtract = createMathOperation(function (minuend, subtrahend) {
+      return minuend - subtrahend;
+    }, 0);
+
+    /**
+     * Computes the sum of the values in `array`.
+     *
+     * @static
+     * @memberOf _
+     * @since 3.4.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @returns {number} Returns the sum.
+     * @example
+     *
+     * _.sum([4, 2, 8, 6]);
+     * // => 20
+     */
+    function sum(array) {
+      return array && array.length ? baseSum(array, identity) : 0;
+    }
+
+    /**
+     * This method is like `_.sum` except that it accepts `iteratee` which is
+     * invoked for each element in `array` to generate the value to be summed.
+     * The iteratee is invoked with one argument: (value).
+     *
+     * @static
+     * @memberOf _
+     * @since 4.0.0
+     * @category Math
+     * @param {Array} array The array to iterate over.
+     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
+     * @returns {number} Returns the sum.
+     * @example
+     *
+     * var objects = [{ 'n': 4 }, { 'n': 2 }, { 'n': 8 }, { 'n': 6 }];
+     *
+     * _.sumBy(objects, function(o) { return o.n; });
+     * // => 20
+     *
+     * // The `_.property` iteratee shorthand.
+     * _.sumBy(objects, 'n');
+     * // => 20
+     */
+    function sumBy(array, iteratee) {
+      return array && array.length ? baseSum(array, getIteratee(iteratee, 2)) : 0;
+    }
+
+    /*------------------------------------------------------------------------*/
+
+    // Add methods that return wrapped values in chain sequences.
+    lodash.after = after;
+    lodash.ary = ary;
+    lodash.assign = assign;
+    lodash.assignIn = assignIn;
+    lodash.assignInWith = assignInWith;
+    lodash.assignWith = assignWith;
+    lodash.at = at;
+    lodash.before = before;
+    lodash.bind = bind;
+    lodash.bindAll = bindAll;
+    lodash.bindKey = bindKey;
+    lodash.castArray = castArray;
+    lodash.chain = chain;
+    lodash.chunk = chunk;
+    lodash.compact = compact;
+    lodash.concat = concat;
+    lodash.cond = cond;
+    lodash.conforms = conforms;
+    lodash.constant = constant;
+    lodash.countBy = countBy;
+    lodash.create = create;
+    lodash.curry = curry;
+    lodash.curryRight = curryRight;
+    lodash.debounce = debounce;
+    lodash.defaults = defaults;
+    lodash.defaultsDeep = defaultsDeep;
+    lodash.defer = defer;
+    lodash.delay = delay;
+    lodash.difference = difference;
+    lodash.differenceBy = differenceBy;
+    lodash.differenceWith = differenceWith;
+    lodash.drop = drop;
+    lodash.dropRight = dropRight;
+    lodash.dropRightWhile = dropRightWhile;
+    lodash.dropWhile = dropWhile;
+    lodash.fill = fill;
+    lodash.filter = filter;
+    lodash.flatMap = flatMap;
+    lodash.flatMapDeep = flatMapDeep;
+    lodash.flatMapDepth = flatMapDepth;
+    lodash.flatten = flatten;
+    lodash.flattenDeep = flattenDeep;
+    lodash.flattenDepth = flattenDepth;
+    lodash.flip = flip;
+    lodash.flow = flow;
+    lodash.flowRight = flowRight;
+    lodash.fromPairs = fromPairs;
+    lodash.functions = functions;
+    lodash.functionsIn = functionsIn;
+    lodash.groupBy = groupBy;
+    lodash.initial = initial;
+    lodash.intersection = intersection;
+    lodash.intersectionBy = intersectionBy;
+    lodash.intersectionWith = intersectionWith;
+    lodash.invert = invert;
+    lodash.invertBy = invertBy;
+    lodash.invokeMap = invokeMap;
+    lodash.iteratee = iteratee;
+    lodash.keyBy = keyBy;
+    lodash.keys = keys;
+    lodash.keysIn = keysIn;
+    lodash.map = map;
+    lodash.mapKeys = mapKeys;
+    lodash.mapValues = mapValues;
+    lodash.matches = matches;
+    lodash.matchesProperty = matchesProperty;
+    lodash.memoize = memoize;
+    lodash.merge = merge;
+    lodash.mergeWith = mergeWith;
+    lodash.method = method;
+    lodash.methodOf = methodOf;
+    lodash.mixin = mixin;
+    lodash.negate = negate;
+    lodash.nthArg = nthArg;
+    lodash.omit = omit;
+    lodash.omitBy = omitBy;
+    lodash.once = once;
+    lodash.orderBy = orderBy;
+    lodash.over = over;
+    lodash.overArgs = overArgs;
+    lodash.overEvery = overEvery;
+    lodash.overSome = overSome;
+    lodash.partial = partial;
+    lodash.partialRight = partialRight;
+    lodash.partition = partition;
+    lodash.pick = pick;
+    lodash.pickBy = pickBy;
+    lodash.property = property;
+    lodash.propertyOf = propertyOf;
+    lodash.pull = pull;
+    lodash.pullAll = pullAll;
+    lodash.pullAllBy = pullAllBy;
+    lodash.pullAllWith = pullAllWith;
+    lodash.pullAt = pullAt;
+    lodash.range = range;
+    lodash.rangeRight = rangeRight;
+    lodash.rearg = rearg;
+    lodash.reject = reject;
+    lodash.remove = remove;
+    lodash.rest = rest;
+    lodash.reverse = reverse;
+    lodash.sampleSize = sampleSize;
+    lodash.set = set;
+    lodash.setWith = setWith;
+    lodash.shuffle = shuffle;
+    lodash.slice = slice;
+    lodash.sortBy = sortBy;
+    lodash.sortedUniq = sortedUniq;
+    lodash.sortedUniqBy = sortedUniqBy;
+    lodash.split = split;
+    lodash.spread = spread;
+    lodash.tail = tail;
+    lodash.take = take;
+    lodash.takeRight = takeRight;
+    lodash.takeRightWhile = takeRightWhile;
+    lodash.takeWhile = takeWhile;
+    lodash.tap = tap;
+    lodash.throttle = throttle;
+    lodash.thru = thru;
+    lodash.toArray = toArray;
+    lodash.toPairs = toPairs;
+    lodash.toPairsIn = toPairsIn;
+    lodash.toPath = toPath;
+    lodash.toPlainObject = toPlainObject;
+    lodash.transform = transform;
+    lodash.unary = unary;
+    lodash.union = union;
+    lodash.unionBy = unionBy;
+    lodash.unionWith = unionWith;
+    lodash.uniq = uniq;
+    lodash.uniqBy = uniqBy;
+    lodash.uniqWith = uniqWith;
+    lodash.unset = unset;
+    lodash.unzip = unzip;
+    lodash.unzipWith = unzipWith;
+    lodash.update = update;
+    lodash.updateWith = updateWith;
+    lodash.values = values;
+    lodash.valuesIn = valuesIn;
+    lodash.without = without;
+    lodash.words = words;
+    lodash.wrap = wrap;
+    lodash.xor = xor;
+    lodash.xorBy = xorBy;
+    lodash.xorWith = xorWith;
+    lodash.zip = zip;
+    lodash.zipObject = zipObject;
+    lodash.zipObjectDeep = zipObjectDeep;
+    lodash.zipWith = zipWith;
+
+    // Add aliases.
+    lodash.entries = toPairs;
+    lodash.entriesIn = toPairsIn;
+    lodash.extend = assignIn;
+    lodash.extendWith = assignInWith;
+
+    // Add methods to `lodash.prototype`.
+    mixin(lodash, lodash);
+
+    /*------------------------------------------------------------------------*/
+
+    // Add methods that return unwrapped values in chain sequences.
+    lodash.add = add;
+    lodash.attempt = attempt;
+    lodash.camelCase = camelCase;
+    lodash.capitalize = capitalize;
+    lodash.ceil = ceil;
+    lodash.clamp = clamp;
+    lodash.clone = clone;
+    lodash.cloneDeep = cloneDeep;
+    lodash.cloneDeepWith = cloneDeepWith;
+    lodash.cloneWith = cloneWith;
+    lodash.conformsTo = conformsTo;
+    lodash.deburr = deburr;
+    lodash.defaultTo = defaultTo;
+    lodash.divide = divide;
+    lodash.endsWith = endsWith;
+    lodash.eq = eq;
+    lodash.escape = escape;
+    lodash.escapeRegExp = escapeRegExp;
+    lodash.every = every;
+    lodash.find = find;
+    lodash.findIndex = findIndex;
+    lodash.findKey = findKey;
+    lodash.findLast = findLast;
+    lodash.findLastIndex = findLastIndex;
+    lodash.findLastKey = findLastKey;
+    lodash.floor = floor;
+    lodash.forEach = forEach;
+    lodash.forEachRight = forEachRight;
+    lodash.forIn = forIn;
+    lodash.forInRight = forInRight;
+    lodash.forOwn = forOwn;
+    lodash.forOwnRight = forOwnRight;
+    lodash.get = get;
+    lodash.gt = gt;
+    lodash.gte = gte;
+    lodash.has = has;
+    lodash.hasIn = hasIn;
+    lodash.head = head;
+    lodash.identity = identity;
+    lodash.includes = includes;
+    lodash.indexOf = indexOf;
+    lodash.inRange = inRange;
+    lodash.invoke = invoke;
+    lodash.isArguments = isArguments;
+    lodash.isArray = isArray;
+    lodash.isArrayBuffer = isArrayBuffer;
+    lodash.isArrayLike = isArrayLike;
+    lodash.isArrayLikeObject = isArrayLikeObject;
+    lodash.isBoolean = isBoolean;
+    lodash.isBuffer = isBuffer;
+    lodash.isDate = isDate;
+    lodash.isElement = isElement;
+    lodash.isEmpty = isEmpty;
+    lodash.isEqual = isEqual;
+    lodash.isEqualWith = isEqualWith;
+    lodash.isError = isError;
+    lodash.isFinite = isFinite;
+    lodash.isFunction = isFunction;
+    lodash.isInteger = isInteger;
+    lodash.isLength = isLength;
+    lodash.isMap = isMap;
+    lodash.isMatch = isMatch;
+    lodash.isMatchWith = isMatchWith;
+    lodash.isNaN = isNaN;
+    lodash.isNative = isNative;
+    lodash.isNil = isNil;
+    lodash.isNull = isNull;
+    lodash.isNumber = isNumber;
+    lodash.isObject = isObject;
+    lodash.isObjectLike = isObjectLike;
+    lodash.isPlainObject = isPlainObject;
+    lodash.isRegExp = isRegExp;
+    lodash.isSafeInteger = isSafeInteger;
+    lodash.isSet = isSet;
+    lodash.isString = isString;
+    lodash.isSymbol = isSymbol;
+    lodash.isTypedArray = isTypedArray;
+    lodash.isUndefined = isUndefined;
+    lodash.isWeakMap = isWeakMap;
+    lodash.isWeakSet = isWeakSet;
+    lodash.join = join;
+    lodash.kebabCase = kebabCase;
+    lodash.last = last;
+    lodash.lastIndexOf = lastIndexOf;
+    lodash.lowerCase = lowerCase;
+    lodash.lowerFirst = lowerFirst;
+    lodash.lt = lt;
+    lodash.lte = lte;
+    lodash.max = max;
+    lodash.maxBy = maxBy;
+    lodash.mean = mean;
+    lodash.meanBy = meanBy;
+    lodash.min = min;
+    lodash.minBy = minBy;
+    lodash.stubArray = stubArray;
+    lodash.stubFalse = stubFalse;
+    lodash.stubObject = stubObject;
+    lodash.stubString = stubString;
+    lodash.stubTrue = stubTrue;
+    lodash.multiply = multiply;
+    lodash.nth = nth;
+    lodash.noConflict = noConflict;
+    lodash.noop = noop;
+    lodash.now = now;
+    lodash.pad = pad;
+    lodash.padEnd = padEnd;
+    lodash.padStart = padStart;
+    lodash.parseInt = parseInt;
+    lodash.random = random;
+    lodash.reduce = reduce;
+    lodash.reduceRight = reduceRight;
+    lodash.repeat = repeat;
+    lodash.replace = replace;
+    lodash.result = result;
+    lodash.round = round;
+    lodash.runInContext = runInContext;
+    lodash.sample = sample;
+    lodash.size = size;
+    lodash.snakeCase = snakeCase;
+    lodash.some = some;
+    lodash.sortedIndex = sortedIndex;
+    lodash.sortedIndexBy = sortedIndexBy;
+    lodash.sortedIndexOf = sortedIndexOf;
+    lodash.sortedLastIndex = sortedLastIndex;
+    lodash.sortedLastIndexBy = sortedLastIndexBy;
+    lodash.sortedLastIndexOf = sortedLastIndexOf;
+    lodash.startCase = startCase;
+    lodash.startsWith = startsWith;
+    lodash.subtract = subtract;
+    lodash.sum = sum;
+    lodash.sumBy = sumBy;
+    lodash.template = template;
+    lodash.times = times;
+    lodash.toFinite = toFinite;
+    lodash.toInteger = toInteger;
+    lodash.toLength = toLength;
+    lodash.toLower = toLower;
+    lodash.toNumber = toNumber;
+    lodash.toSafeInteger = toSafeInteger;
+    lodash.toString = toString;
+    lodash.toUpper = toUpper;
+    lodash.trim = trim;
+    lodash.trimEnd = trimEnd;
+    lodash.trimStart = trimStart;
+    lodash.truncate = truncate;
+    lodash.unescape = unescape;
+    lodash.uniqueId = uniqueId;
+    lodash.upperCase = upperCase;
+    lodash.upperFirst = upperFirst;
+
+    // Add aliases.
+    lodash.each = forEach;
+    lodash.eachRight = forEachRight;
+    lodash.first = head;
+    mixin(lodash, function () {
+      var source = {};
+      baseForOwn(lodash, function (func, methodName) {
+        if (!hasOwnProperty.call(lodash.prototype, methodName)) {
+          source[methodName] = func;
+        }
+      });
+      return source;
+    }(), {
+      'chain': false
+    });
+
+    /*------------------------------------------------------------------------*/
+
+    /**
+     * The semantic version number.
+     *
+     * @static
+     * @memberOf _
+     * @type {string}
+     */
+    lodash.VERSION = VERSION;
+
+    // Assign default placeholders.
+    arrayEach(['bind', 'bindKey', 'curry', 'curryRight', 'partial', 'partialRight'], function (methodName) {
+      lodash[methodName].placeholder = lodash;
+    });
+
+    // Add `LazyWrapper` methods for `_.drop` and `_.take` variants.
+    arrayEach(['drop', 'take'], function (methodName, index) {
+      LazyWrapper.prototype[methodName] = function (n) {
+        n = n === undefined ? 1 : nativeMax(toInteger(n), 0);
+        var result = this.__filtered__ && !index ? new LazyWrapper(this) : this.clone();
+        if (result.__filtered__) {
+          result.__takeCount__ = nativeMin(n, result.__takeCount__);
+        } else {
+          result.__views__.push({
+            'size': nativeMin(n, MAX_ARRAY_LENGTH),
+            'type': methodName + (result.__dir__ < 0 ? 'Right' : '')
+          });
+        }
+        return result;
+      };
+      LazyWrapper.prototype[methodName + 'Right'] = function (n) {
+        return this.reverse()[methodName](n).reverse();
+      };
+    });
+
+    // Add `LazyWrapper` methods that accept an `iteratee` value.
+    arrayEach(['filter', 'map', 'takeWhile'], function (methodName, index) {
+      var type = index + 1,
+        isFilter = type == LAZY_FILTER_FLAG || type == LAZY_WHILE_FLAG;
+      LazyWrapper.prototype[methodName] = function (iteratee) {
+        var result = this.clone();
+        result.__iteratees__.push({
+          'iteratee': getIteratee(iteratee, 3),
+          'type': type
+        });
+        result.__filtered__ = result.__filtered__ || isFilter;
+        return result;
+      };
+    });
+
+    // Add `LazyWrapper` methods for `_.head` and `_.last`.
+    arrayEach(['head', 'last'], function (methodName, index) {
+      var takeName = 'take' + (index ? 'Right' : '');
+      LazyWrapper.prototype[methodName] = function () {
+        return this[takeName](1).value()[0];
+      };
+    });
+
+    // Add `LazyWrapper` methods for `_.initial` and `_.tail`.
+    arrayEach(['initial', 'tail'], function (methodName, index) {
+      var dropName = 'drop' + (index ? '' : 'Right');
+      LazyWrapper.prototype[methodName] = function () {
+        return this.__filtered__ ? new LazyWrapper(this) : this[dropName](1);
+      };
+    });
+    LazyWrapper.prototype.compact = function () {
+      return this.filter(identity);
+    };
+    LazyWrapper.prototype.find = function (predicate) {
+      return this.filter(predicate).head();
+    };
+    LazyWrapper.prototype.findLast = function (predicate) {
+      return this.reverse().find(predicate);
+    };
+    LazyWrapper.prototype.invokeMap = baseRest(function (path, args) {
+      if (typeof path == 'function') {
+        return new LazyWrapper(this);
+      }
+      return this.map(function (value) {
+        return baseInvoke(value, path, args);
+      });
+    });
+    LazyWrapper.prototype.reject = function (predicate) {
+      return this.filter(negate(getIteratee(predicate)));
+    };
+    LazyWrapper.prototype.slice = function (start, end) {
+      start = toInteger(start);
+      var result = this;
+      if (result.__filtered__ && (start > 0 || end < 0)) {
+        return new LazyWrapper(result);
+      }
+      if (start < 0) {
+        result = result.takeRight(-start);
+      } else if (start) {
+        result = result.drop(start);
+      }
+      if (end !== undefined) {
+        end = toInteger(end);
+        result = end < 0 ? result.dropRight(-end) : result.take(end - start);
+      }
+      return result;
+    };
+    LazyWrapper.prototype.takeRightWhile = function (predicate) {
+      return this.reverse().takeWhile(predicate).reverse();
+    };
+    LazyWrapper.prototype.toArray = function () {
+      return this.take(MAX_ARRAY_LENGTH);
+    };
+
+    // Add `LazyWrapper` methods to `lodash.prototype`.
+    baseForOwn(LazyWrapper.prototype, function (func, methodName) {
+      var checkIteratee = /^(?:filter|find|map|reject)|While$/.test(methodName),
+        isTaker = /^(?:head|last)$/.test(methodName),
+        lodashFunc = lodash[isTaker ? 'take' + (methodName == 'last' ? 'Right' : '') : methodName],
+        retUnwrapped = isTaker || /^find/.test(methodName);
+      if (!lodashFunc) {
+        return;
+      }
+      lodash.prototype[methodName] = function () {
+        var value = this.__wrapped__,
+          args = isTaker ? [1] : arguments,
+          isLazy = value instanceof LazyWrapper,
+          iteratee = args[0],
+          useLazy = isLazy || isArray(value);
+        var interceptor = function interceptor(value) {
+          var result = lodashFunc.apply(lodash, arrayPush([value], args));
+          return isTaker && chainAll ? result[0] : result;
+        };
+        if (useLazy && checkIteratee && typeof iteratee == 'function' && iteratee.length != 1) {
+          // Avoid lazy use if the iteratee has a "length" value other than `1`.
+          isLazy = useLazy = false;
+        }
+        var chainAll = this.__chain__,
+          isHybrid = !!this.__actions__.length,
+          isUnwrapped = retUnwrapped && !chainAll,
+          onlyLazy = isLazy && !isHybrid;
+        if (!retUnwrapped && useLazy) {
+          value = onlyLazy ? value : new LazyWrapper(this);
+          var result = func.apply(value, args);
+          result.__actions__.push({
+            'func': thru,
+            'args': [interceptor],
+            'thisArg': undefined
+          });
+          return new LodashWrapper(result, chainAll);
+        }
+        if (isUnwrapped && onlyLazy) {
+          return func.apply(this, args);
+        }
+        result = this.thru(interceptor);
+        return isUnwrapped ? isTaker ? result.value()[0] : result.value() : result;
+      };
+    });
+
+    // Add `Array` methods to `lodash.prototype`.
+    arrayEach(['pop', 'push', 'shift', 'sort', 'splice', 'unshift'], function (methodName) {
+      var func = arrayProto[methodName],
+        chainName = /^(?:push|sort|unshift)$/.test(methodName) ? 'tap' : 'thru',
+        retUnwrapped = /^(?:pop|shift)$/.test(methodName);
+      lodash.prototype[methodName] = function () {
+        var args = arguments;
+        if (retUnwrapped && !this.__chain__) {
+          var value = this.value();
+          return func.apply(isArray(value) ? value : [], args);
+        }
+        return this[chainName](function (value) {
+          return func.apply(isArray(value) ? value : [], args);
+        });
+      };
+    });
+
+    // Map minified method names to their real names.
+    baseForOwn(LazyWrapper.prototype, function (func, methodName) {
+      var lodashFunc = lodash[methodName];
+      if (lodashFunc) {
+        var key = lodashFunc.name + '';
+        if (!hasOwnProperty.call(realNames, key)) {
+          realNames[key] = [];
+        }
+        realNames[key].push({
+          'name': methodName,
+          'func': lodashFunc
+        });
+      }
+    });
+    realNames[createHybrid(undefined, WRAP_BIND_KEY_FLAG).name] = [{
+      'name': 'wrapper',
+      'func': undefined
+    }];
+
+    // Add methods to `LazyWrapper`.
+    LazyWrapper.prototype.clone = lazyClone;
+    LazyWrapper.prototype.reverse = lazyReverse;
+    LazyWrapper.prototype.value = lazyValue;
+
+    // Add chain sequence methods to the `lodash` wrapper.
+    lodash.prototype.at = wrapperAt;
+    lodash.prototype.chain = wrapperChain;
+    lodash.prototype.commit = wrapperCommit;
+    lodash.prototype.next = wrapperNext;
+    lodash.prototype.plant = wrapperPlant;
+    lodash.prototype.reverse = wrapperReverse;
+    lodash.prototype.toJSON = lodash.prototype.valueOf = lodash.prototype.value = wrapperValue;
+
+    // Add lazy aliases.
+    lodash.prototype.first = lodash.prototype.head;
+    if (symIterator) {
+      lodash.prototype[symIterator] = wrapperToIterator;
+    }
+    return lodash;
+  };
+
+  /*--------------------------------------------------------------------------*/
+
+  // Export lodash.
+  var _ = runInContext();
+
+  // Some AMD build optimizers, like r.js, check for condition patterns like:
+  if (true) {
+    // Expose Lodash on the global object to prevent errors when Lodash is
+    // loaded by a script tag in the presence of an AMD loader.
+    // See http://requirejs.org/docs/errors.html#mismatch for more details.
+    // Use `_.noConflict` to remove Lodash from the global object.
+    root._ = _;
+
+    // Define as an anonymous module so, through path mapping, it can be
+    // referenced as the "underscore" module.
+    !(__WEBPACK_AMD_DEFINE_RESULT__ = (function () {
+      return _;
+    }).call(exports, __webpack_require__, exports, module),
+		__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));
+  }
+  // Check for `exports` after `define` in case a build optimizer adds it.
+  else {}
+}).call(this);
+
+/***/ }),
+
+/***/ 905:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+"use strict";
+
+
+var high = __webpack_require__(478);
+var fault = __webpack_require__(867);
+exports.highlight = highlight;
+exports.highlightAuto = highlightAuto;
+exports.registerLanguage = registerLanguage;
+exports.listLanguages = listLanguages;
+exports.registerAlias = registerAlias;
+Emitter.prototype.addText = text;
+Emitter.prototype.addKeyword = addKeyword;
+Emitter.prototype.addSublanguage = addSublanguage;
+Emitter.prototype.openNode = open;
+Emitter.prototype.closeNode = close;
+Emitter.prototype.closeAllNodes = noop;
+Emitter.prototype.finalize = noop;
+Emitter.prototype.toHTML = toHtmlNoop;
+var defaultPrefix = 'hljs-';
+
+// Highlighting `value` in the language `name`.
+function highlight(name, value, options) {
+  var before = high.configure({});
+  var settings = options || {};
+  var prefix = settings.prefix;
+  var result;
+  if (typeof name !== 'string') {
+    throw fault('Expected `string` for name, got `%s`', name);
+  }
+  if (!high.getLanguage(name)) {
+    throw fault('Unknown language: `%s` is not registered', name);
+  }
+  if (typeof value !== 'string') {
+    throw fault('Expected `string` for value, got `%s`', value);
+  }
+  if (prefix === null || prefix === undefined) {
+    prefix = defaultPrefix;
+  }
+  high.configure({
+    __emitter: Emitter,
+    classPrefix: prefix
+  });
+  result = high.highlight(value, {
+    language: name,
+    ignoreIllegals: true
+  });
+  high.configure(before || {});
+
+  /* istanbul ignore if - Highlight.js seems to use this (currently) for broken
+   * grammars, so let’s keep it in there just to be sure. */
+  if (result.errorRaised) {
+    throw result.errorRaised;
+  }
+  return {
+    relevance: result.relevance,
+    language: result.language,
+    value: result.emitter.rootNode.children
+  };
+}
+function highlightAuto(value, options) {
+  var settings = options || {};
+  var subset = settings.subset || high.listLanguages();
+  var prefix = settings.prefix;
+  var length = subset.length;
+  var index = -1;
+  var result;
+  var secondBest;
+  var current;
+  var name;
+  if (prefix === null || prefix === undefined) {
+    prefix = defaultPrefix;
+  }
+  if (typeof value !== 'string') {
+    throw fault('Expected `string` for value, got `%s`', value);
+  }
+  secondBest = {
+    relevance: 0,
+    language: null,
+    value: []
+  };
+  result = {
+    relevance: 0,
+    language: null,
+    value: []
+  };
+  while (++index < length) {
+    name = subset[index];
+    if (!high.getLanguage(name)) {
+      continue;
+    }
+    current = highlight(name, value, options);
+    current.language = name;
+    if (current.relevance > secondBest.relevance) {
+      secondBest = current;
+    }
+    if (current.relevance > result.relevance) {
+      secondBest = result;
+      result = current;
+    }
+  }
+  if (secondBest.language) {
+    result.secondBest = secondBest;
+  }
+  return result;
+}
+
+// Register a language.
+function registerLanguage(name, syntax) {
+  high.registerLanguage(name, syntax);
+}
+
+// Get a list of all registered languages.
+function listLanguages() {
+  return high.listLanguages();
+}
+
+// Register more aliases for an already registered language.
+function registerAlias(name, alias) {
+  var map = name;
+  var key;
+  if (alias) {
+    map = {};
+    map[name] = alias;
+  }
+  for (key in map) {
+    high.registerAliases(map[key], {
+      languageName: key
+    });
+  }
+}
+function Emitter(options) {
+  this.options = options;
+  this.rootNode = {
+    children: []
+  };
+  this.stack = [this.rootNode];
+}
+function addKeyword(value, name) {
+  this.openNode(name);
+  this.addText(value);
+  this.closeNode();
+}
+function addSublanguage(other, name) {
+  var stack = this.stack;
+  var current = stack[stack.length - 1];
+  var results = other.rootNode.children;
+  var node = name ? {
+    type: 'element',
+    tagName: 'span',
+    properties: {
+      className: [name]
+    },
+    children: results
+  } : results;
+  current.children = current.children.concat(node);
+}
+function text(value) {
+  var stack = this.stack;
+  var current;
+  var tail;
+  if (value === '') return;
+  current = stack[stack.length - 1];
+  tail = current.children[current.children.length - 1];
+  if (tail && tail.type === 'text') {
+    tail.value += value;
+  } else {
+    current.children.push({
+      type: 'text',
+      value: value
+    });
+  }
+}
+function open(name) {
+  var stack = this.stack;
+  var className = this.options.classPrefix + name;
+  var current = stack[stack.length - 1];
+  var child = {
+    type: 'element',
+    tagName: 'span',
+    properties: {
+      className: [className]
+    },
+    children: []
+  };
+  current.children.push(child);
+  stack.push(child);
+}
+function close() {
+  this.stack.pop();
+}
+function toHtmlNoop() {
+  return '';
+}
+function noop() {}
+
+/***/ }),
+
+/***/ 463:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+"use strict";
+/**
+ * @license React
+ * react-dom.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+/*
+ Modernizr 3.0.0pre (Custom Build) | MIT
+*/
+
+
+var aa = __webpack_require__(791),
+  ca = __webpack_require__(296);
+function p(a) {
+  for (var b = "https://reactjs.org/docs/error-decoder.html?invariant=" + a, c = 1; c < arguments.length; c++) b += "&args[]=" + encodeURIComponent(arguments[c]);
+  return "Minified React error #" + a + "; visit " + b + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
+}
+var da = new Set(),
+  ea = {};
+function fa(a, b) {
+  ha(a, b);
+  ha(a + "Capture", b);
+}
+function ha(a, b) {
+  ea[a] = b;
+  for (a = 0; a < b.length; a++) da.add(b[a]);
+}
+var ia = !("undefined" === typeof window || "undefined" === typeof window.document || "undefined" === typeof window.document.createElement),
+  ja = Object.prototype.hasOwnProperty,
+  ka = /^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$/,
+  la = {},
+  ma = {};
+function oa(a) {
+  if (ja.call(ma, a)) return !0;
+  if (ja.call(la, a)) return !1;
+  if (ka.test(a)) return ma[a] = !0;
+  la[a] = !0;
+  return !1;
+}
+function pa(a, b, c, d) {
+  if (null !== c && 0 === c.type) return !1;
+  switch (typeof b) {
+    case "function":
+    case "symbol":
+      return !0;
+    case "boolean":
+      if (d) return !1;
+      if (null !== c) return !c.acceptsBooleans;
+      a = a.toLowerCase().slice(0, 5);
+      return "data-" !== a && "aria-" !== a;
+    default:
+      return !1;
+  }
+}
+function qa(a, b, c, d) {
+  if (null === b || "undefined" === typeof b || pa(a, b, c, d)) return !0;
+  if (d) return !1;
+  if (null !== c) switch (c.type) {
+    case 3:
+      return !b;
+    case 4:
+      return !1 === b;
+    case 5:
+      return isNaN(b);
+    case 6:
+      return isNaN(b) || 1 > b;
+  }
+  return !1;
+}
+function v(a, b, c, d, e, f, g) {
+  this.acceptsBooleans = 2 === b || 3 === b || 4 === b;
+  this.attributeName = d;
+  this.attributeNamespace = e;
+  this.mustUseProperty = c;
+  this.propertyName = a;
+  this.type = b;
+  this.sanitizeURL = f;
+  this.removeEmptyString = g;
+}
+var z = {};
+"children dangerouslySetInnerHTML defaultValue defaultChecked innerHTML suppressContentEditableWarning suppressHydrationWarning style".split(" ").forEach(function (a) {
+  z[a] = new v(a, 0, !1, a, null, !1, !1);
+});
+[["acceptCharset", "accept-charset"], ["className", "class"], ["htmlFor", "for"], ["httpEquiv", "http-equiv"]].forEach(function (a) {
+  var b = a[0];
+  z[b] = new v(b, 1, !1, a[1], null, !1, !1);
+});
+["contentEditable", "draggable", "spellCheck", "value"].forEach(function (a) {
+  z[a] = new v(a, 2, !1, a.toLowerCase(), null, !1, !1);
+});
+["autoReverse", "externalResourcesRequired", "focusable", "preserveAlpha"].forEach(function (a) {
+  z[a] = new v(a, 2, !1, a, null, !1, !1);
+});
+"allowFullScreen async autoFocus autoPlay controls default defer disabled disablePictureInPicture disableRemotePlayback formNoValidate hidden loop noModule noValidate open playsInline readOnly required reversed scoped seamless itemScope".split(" ").forEach(function (a) {
+  z[a] = new v(a, 3, !1, a.toLowerCase(), null, !1, !1);
+});
+["checked", "multiple", "muted", "selected"].forEach(function (a) {
+  z[a] = new v(a, 3, !0, a, null, !1, !1);
+});
+["capture", "download"].forEach(function (a) {
+  z[a] = new v(a, 4, !1, a, null, !1, !1);
+});
+["cols", "rows", "size", "span"].forEach(function (a) {
+  z[a] = new v(a, 6, !1, a, null, !1, !1);
+});
+["rowSpan", "start"].forEach(function (a) {
+  z[a] = new v(a, 5, !1, a.toLowerCase(), null, !1, !1);
+});
+var ra = /[\-:]([a-z])/g;
+function sa(a) {
+  return a[1].toUpperCase();
+}
+"accent-height alignment-baseline arabic-form baseline-shift cap-height clip-path clip-rule color-interpolation color-interpolation-filters color-profile color-rendering dominant-baseline enable-background fill-opacity fill-rule flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-name glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x horiz-origin-x image-rendering letter-spacing lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width text-anchor text-decoration text-rendering underline-position underline-thickness unicode-bidi unicode-range units-per-em v-alphabetic v-hanging v-ideographic v-mathematical vector-effect vert-adv-y vert-origin-x vert-origin-y word-spacing writing-mode xmlns:xlink x-height".split(" ").forEach(function (a) {
+  var b = a.replace(ra, sa);
+  z[b] = new v(b, 1, !1, a, null, !1, !1);
+});
+"xlink:actuate xlink:arcrole xlink:role xlink:show xlink:title xlink:type".split(" ").forEach(function (a) {
+  var b = a.replace(ra, sa);
+  z[b] = new v(b, 1, !1, a, "http://www.w3.org/1999/xlink", !1, !1);
+});
+["xml:base", "xml:lang", "xml:space"].forEach(function (a) {
+  var b = a.replace(ra, sa);
+  z[b] = new v(b, 1, !1, a, "http://www.w3.org/XML/1998/namespace", !1, !1);
+});
+["tabIndex", "crossOrigin"].forEach(function (a) {
+  z[a] = new v(a, 1, !1, a.toLowerCase(), null, !1, !1);
+});
+z.xlinkHref = new v("xlinkHref", 1, !1, "xlink:href", "http://www.w3.org/1999/xlink", !0, !1);
+["src", "href", "action", "formAction"].forEach(function (a) {
+  z[a] = new v(a, 1, !1, a.toLowerCase(), null, !0, !0);
+});
+function ta(a, b, c, d) {
+  var e = z.hasOwnProperty(b) ? z[b] : null;
+  if (null !== e ? 0 !== e.type : d || !(2 < b.length) || "o" !== b[0] && "O" !== b[0] || "n" !== b[1] && "N" !== b[1]) qa(b, c, e, d) && (c = null), d || null === e ? oa(b) && (null === c ? a.removeAttribute(b) : a.setAttribute(b, "" + c)) : e.mustUseProperty ? a[e.propertyName] = null === c ? 3 === e.type ? !1 : "" : c : (b = e.attributeName, d = e.attributeNamespace, null === c ? a.removeAttribute(b) : (e = e.type, c = 3 === e || 4 === e && !0 === c ? "" : "" + c, d ? a.setAttributeNS(d, b, c) : a.setAttribute(b, c)));
+}
+var ua = aa.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED,
+  va = Symbol.for("react.element"),
+  wa = Symbol.for("react.portal"),
+  ya = Symbol.for("react.fragment"),
+  za = Symbol.for("react.strict_mode"),
+  Aa = Symbol.for("react.profiler"),
+  Ba = Symbol.for("react.provider"),
+  Ca = Symbol.for("react.context"),
+  Da = Symbol.for("react.forward_ref"),
+  Ea = Symbol.for("react.suspense"),
+  Fa = Symbol.for("react.suspense_list"),
+  Ga = Symbol.for("react.memo"),
+  Ha = Symbol.for("react.lazy");
+Symbol.for("react.scope");
+Symbol.for("react.debug_trace_mode");
+var Ia = Symbol.for("react.offscreen");
+Symbol.for("react.legacy_hidden");
+Symbol.for("react.cache");
+Symbol.for("react.tracing_marker");
+var Ja = Symbol.iterator;
+function Ka(a) {
+  if (null === a || "object" !== typeof a) return null;
+  a = Ja && a[Ja] || a["@@iterator"];
+  return "function" === typeof a ? a : null;
+}
+var A = Object.assign,
+  La;
+function Ma(a) {
+  if (void 0 === La) try {
+    throw Error();
+  } catch (c) {
+    var b = c.stack.trim().match(/\n( *(at )?)/);
+    La = b && b[1] || "";
+  }
+  return "\n" + La + a;
+}
+var Na = !1;
+function Oa(a, b) {
+  if (!a || Na) return "";
+  Na = !0;
+  var c = Error.prepareStackTrace;
+  Error.prepareStackTrace = void 0;
+  try {
+    if (b) {
+      if (b = function b() {
+        throw Error();
+      }, Object.defineProperty(b.prototype, "props", {
+        set: function set() {
+          throw Error();
+        }
+      }), "object" === typeof Reflect && Reflect.construct) {
+        try {
+          Reflect.construct(b, []);
+        } catch (l) {
+          var d = l;
+        }
+        Reflect.construct(a, [], b);
+      } else {
+        try {
+          b.call();
+        } catch (l) {
+          d = l;
+        }
+        a.call(b.prototype);
+      }
+    } else {
+      try {
+        throw Error();
+      } catch (l) {
+        d = l;
+      }
+      a();
+    }
+  } catch (l) {
+    if (l && d && "string" === typeof l.stack) {
+      for (var e = l.stack.split("\n"), f = d.stack.split("\n"), g = e.length - 1, h = f.length - 1; 1 <= g && 0 <= h && e[g] !== f[h];) h--;
+      for (; 1 <= g && 0 <= h; g--, h--) if (e[g] !== f[h]) {
+        if (1 !== g || 1 !== h) {
+          do if (g--, h--, 0 > h || e[g] !== f[h]) {
+            var k = "\n" + e[g].replace(" at new ", " at ");
+            a.displayName && k.includes("<anonymous>") && (k = k.replace("<anonymous>", a.displayName));
+            return k;
+          } while (1 <= g && 0 <= h);
+        }
+        break;
+      }
+    }
+  } finally {
+    Na = !1, Error.prepareStackTrace = c;
+  }
+  return (a = a ? a.displayName || a.name : "") ? Ma(a) : "";
+}
+function Pa(a) {
+  switch (a.tag) {
+    case 5:
+      return Ma(a.type);
+    case 16:
+      return Ma("Lazy");
+    case 13:
+      return Ma("Suspense");
+    case 19:
+      return Ma("SuspenseList");
+    case 0:
+    case 2:
+    case 15:
+      return a = Oa(a.type, !1), a;
+    case 11:
+      return a = Oa(a.type.render, !1), a;
+    case 1:
+      return a = Oa(a.type, !0), a;
+    default:
+      return "";
+  }
+}
+function Qa(a) {
+  if (null == a) return null;
+  if ("function" === typeof a) return a.displayName || a.name || null;
+  if ("string" === typeof a) return a;
+  switch (a) {
+    case ya:
+      return "Fragment";
+    case wa:
+      return "Portal";
+    case Aa:
+      return "Profiler";
+    case za:
+      return "StrictMode";
+    case Ea:
+      return "Suspense";
+    case Fa:
+      return "SuspenseList";
+  }
+  if ("object" === typeof a) switch (a.$$typeof) {
+    case Ca:
+      return (a.displayName || "Context") + ".Consumer";
+    case Ba:
+      return (a._context.displayName || "Context") + ".Provider";
+    case Da:
+      var b = a.render;
+      a = a.displayName;
+      a || (a = b.displayName || b.name || "", a = "" !== a ? "ForwardRef(" + a + ")" : "ForwardRef");
+      return a;
+    case Ga:
+      return b = a.displayName || null, null !== b ? b : Qa(a.type) || "Memo";
+    case Ha:
+      b = a._payload;
+      a = a._init;
+      try {
+        return Qa(a(b));
+      } catch (c) {}
+  }
+  return null;
+}
+function Ra(a) {
+  var b = a.type;
+  switch (a.tag) {
+    case 24:
+      return "Cache";
+    case 9:
+      return (b.displayName || "Context") + ".Consumer";
+    case 10:
+      return (b._context.displayName || "Context") + ".Provider";
+    case 18:
+      return "DehydratedFragment";
+    case 11:
+      return a = b.render, a = a.displayName || a.name || "", b.displayName || ("" !== a ? "ForwardRef(" + a + ")" : "ForwardRef");
+    case 7:
+      return "Fragment";
+    case 5:
+      return b;
+    case 4:
+      return "Portal";
+    case 3:
+      return "Root";
+    case 6:
+      return "Text";
+    case 16:
+      return Qa(b);
+    case 8:
+      return b === za ? "StrictMode" : "Mode";
+    case 22:
+      return "Offscreen";
+    case 12:
+      return "Profiler";
+    case 21:
+      return "Scope";
+    case 13:
+      return "Suspense";
+    case 19:
+      return "SuspenseList";
+    case 25:
+      return "TracingMarker";
+    case 1:
+    case 0:
+    case 17:
+    case 2:
+    case 14:
+    case 15:
+      if ("function" === typeof b) return b.displayName || b.name || null;
+      if ("string" === typeof b) return b;
+  }
+  return null;
+}
+function Sa(a) {
+  switch (typeof a) {
+    case "boolean":
+    case "number":
+    case "string":
+    case "undefined":
+      return a;
+    case "object":
+      return a;
+    default:
+      return "";
+  }
+}
+function Ta(a) {
+  var b = a.type;
+  return (a = a.nodeName) && "input" === a.toLowerCase() && ("checkbox" === b || "radio" === b);
+}
+function Ua(a) {
+  var b = Ta(a) ? "checked" : "value",
+    c = Object.getOwnPropertyDescriptor(a.constructor.prototype, b),
+    d = "" + a[b];
+  if (!a.hasOwnProperty(b) && "undefined" !== typeof c && "function" === typeof c.get && "function" === typeof c.set) {
+    var e = c.get,
+      f = c.set;
+    Object.defineProperty(a, b, {
+      configurable: !0,
+      get: function get() {
+        return e.call(this);
+      },
+      set: function set(a) {
+        d = "" + a;
+        f.call(this, a);
+      }
+    });
+    Object.defineProperty(a, b, {
+      enumerable: c.enumerable
+    });
+    return {
+      getValue: function getValue() {
+        return d;
+      },
+      setValue: function setValue(a) {
+        d = "" + a;
+      },
+      stopTracking: function stopTracking() {
+        a._valueTracker = null;
+        delete a[b];
+      }
+    };
+  }
+}
+function Va(a) {
+  a._valueTracker || (a._valueTracker = Ua(a));
+}
+function Wa(a) {
+  if (!a) return !1;
+  var b = a._valueTracker;
+  if (!b) return !0;
+  var c = b.getValue();
+  var d = "";
+  a && (d = Ta(a) ? a.checked ? "true" : "false" : a.value);
+  a = d;
+  return a !== c ? (b.setValue(a), !0) : !1;
+}
+function Xa(a) {
+  a = a || ("undefined" !== typeof document ? document : void 0);
+  if ("undefined" === typeof a) return null;
+  try {
+    return a.activeElement || a.body;
+  } catch (b) {
+    return a.body;
+  }
+}
+function Ya(a, b) {
+  var c = b.checked;
+  return A({}, b, {
+    defaultChecked: void 0,
+    defaultValue: void 0,
+    value: void 0,
+    checked: null != c ? c : a._wrapperState.initialChecked
+  });
+}
+function Za(a, b) {
+  var c = null == b.defaultValue ? "" : b.defaultValue,
+    d = null != b.checked ? b.checked : b.defaultChecked;
+  c = Sa(null != b.value ? b.value : c);
+  a._wrapperState = {
+    initialChecked: d,
+    initialValue: c,
+    controlled: "checkbox" === b.type || "radio" === b.type ? null != b.checked : null != b.value
+  };
+}
+function ab(a, b) {
+  b = b.checked;
+  null != b && ta(a, "checked", b, !1);
+}
+function bb(a, b) {
+  ab(a, b);
+  var c = Sa(b.value),
+    d = b.type;
+  if (null != c) {
+    if ("number" === d) {
+      if (0 === c && "" === a.value || a.value != c) a.value = "" + c;
+    } else a.value !== "" + c && (a.value = "" + c);
+  } else if ("submit" === d || "reset" === d) {
+    a.removeAttribute("value");
+    return;
+  }
+  b.hasOwnProperty("value") ? cb(a, b.type, c) : b.hasOwnProperty("defaultValue") && cb(a, b.type, Sa(b.defaultValue));
+  null == b.checked && null != b.defaultChecked && (a.defaultChecked = !!b.defaultChecked);
+}
+function db(a, b, c) {
+  if (b.hasOwnProperty("value") || b.hasOwnProperty("defaultValue")) {
+    var d = b.type;
+    if (!("submit" !== d && "reset" !== d || void 0 !== b.value && null !== b.value)) return;
+    b = "" + a._wrapperState.initialValue;
+    c || b === a.value || (a.value = b);
+    a.defaultValue = b;
+  }
+  c = a.name;
+  "" !== c && (a.name = "");
+  a.defaultChecked = !!a._wrapperState.initialChecked;
+  "" !== c && (a.name = c);
+}
+function cb(a, b, c) {
+  if ("number" !== b || Xa(a.ownerDocument) !== a) null == c ? a.defaultValue = "" + a._wrapperState.initialValue : a.defaultValue !== "" + c && (a.defaultValue = "" + c);
+}
+var eb = Array.isArray;
+function fb(a, b, c, d) {
+  a = a.options;
+  if (b) {
+    b = {};
+    for (var e = 0; e < c.length; e++) b["$" + c[e]] = !0;
+    for (c = 0; c < a.length; c++) e = b.hasOwnProperty("$" + a[c].value), a[c].selected !== e && (a[c].selected = e), e && d && (a[c].defaultSelected = !0);
+  } else {
+    c = "" + Sa(c);
+    b = null;
+    for (e = 0; e < a.length; e++) {
+      if (a[e].value === c) {
+        a[e].selected = !0;
+        d && (a[e].defaultSelected = !0);
+        return;
+      }
+      null !== b || a[e].disabled || (b = a[e]);
+    }
+    null !== b && (b.selected = !0);
+  }
+}
+function gb(a, b) {
+  if (null != b.dangerouslySetInnerHTML) throw Error(p(91));
+  return A({}, b, {
+    value: void 0,
+    defaultValue: void 0,
+    children: "" + a._wrapperState.initialValue
+  });
+}
+function hb(a, b) {
+  var c = b.value;
+  if (null == c) {
+    c = b.children;
+    b = b.defaultValue;
+    if (null != c) {
+      if (null != b) throw Error(p(92));
+      if (eb(c)) {
+        if (1 < c.length) throw Error(p(93));
+        c = c[0];
+      }
+      b = c;
+    }
+    null == b && (b = "");
+    c = b;
+  }
+  a._wrapperState = {
+    initialValue: Sa(c)
+  };
+}
+function ib(a, b) {
+  var c = Sa(b.value),
+    d = Sa(b.defaultValue);
+  null != c && (c = "" + c, c !== a.value && (a.value = c), null == b.defaultValue && a.defaultValue !== c && (a.defaultValue = c));
+  null != d && (a.defaultValue = "" + d);
+}
+function jb(a) {
+  var b = a.textContent;
+  b === a._wrapperState.initialValue && "" !== b && null !== b && (a.value = b);
+}
+function kb(a) {
+  switch (a) {
+    case "svg":
+      return "http://www.w3.org/2000/svg";
+    case "math":
+      return "http://www.w3.org/1998/Math/MathML";
+    default:
+      return "http://www.w3.org/1999/xhtml";
+  }
+}
+function lb(a, b) {
+  return null == a || "http://www.w3.org/1999/xhtml" === a ? kb(b) : "http://www.w3.org/2000/svg" === a && "foreignObject" === b ? "http://www.w3.org/1999/xhtml" : a;
+}
+var mb,
+  nb = function (a) {
+    return "undefined" !== typeof MSApp && MSApp.execUnsafeLocalFunction ? function (b, c, d, e) {
+      MSApp.execUnsafeLocalFunction(function () {
+        return a(b, c, d, e);
+      });
+    } : a;
+  }(function (a, b) {
+    if ("http://www.w3.org/2000/svg" !== a.namespaceURI || "innerHTML" in a) a.innerHTML = b;else {
+      mb = mb || document.createElement("div");
+      mb.innerHTML = "<svg>" + b.valueOf().toString() + "</svg>";
+      for (b = mb.firstChild; a.firstChild;) a.removeChild(a.firstChild);
+      for (; b.firstChild;) a.appendChild(b.firstChild);
+    }
+  });
+function ob(a, b) {
+  if (b) {
+    var c = a.firstChild;
+    if (c && c === a.lastChild && 3 === c.nodeType) {
+      c.nodeValue = b;
+      return;
+    }
+  }
+  a.textContent = b;
+}
+var pb = {
+    animationIterationCount: !0,
+    aspectRatio: !0,
+    borderImageOutset: !0,
+    borderImageSlice: !0,
+    borderImageWidth: !0,
+    boxFlex: !0,
+    boxFlexGroup: !0,
+    boxOrdinalGroup: !0,
+    columnCount: !0,
+    columns: !0,
+    flex: !0,
+    flexGrow: !0,
+    flexPositive: !0,
+    flexShrink: !0,
+    flexNegative: !0,
+    flexOrder: !0,
+    gridArea: !0,
+    gridRow: !0,
+    gridRowEnd: !0,
+    gridRowSpan: !0,
+    gridRowStart: !0,
+    gridColumn: !0,
+    gridColumnEnd: !0,
+    gridColumnSpan: !0,
+    gridColumnStart: !0,
+    fontWeight: !0,
+    lineClamp: !0,
+    lineHeight: !0,
+    opacity: !0,
+    order: !0,
+    orphans: !0,
+    tabSize: !0,
+    widows: !0,
+    zIndex: !0,
+    zoom: !0,
+    fillOpacity: !0,
+    floodOpacity: !0,
+    stopOpacity: !0,
+    strokeDasharray: !0,
+    strokeDashoffset: !0,
+    strokeMiterlimit: !0,
+    strokeOpacity: !0,
+    strokeWidth: !0
+  },
+  qb = ["Webkit", "ms", "Moz", "O"];
+Object.keys(pb).forEach(function (a) {
+  qb.forEach(function (b) {
+    b = b + a.charAt(0).toUpperCase() + a.substring(1);
+    pb[b] = pb[a];
+  });
+});
+function rb(a, b, c) {
+  return null == b || "boolean" === typeof b || "" === b ? "" : c || "number" !== typeof b || 0 === b || pb.hasOwnProperty(a) && pb[a] ? ("" + b).trim() : b + "px";
+}
+function sb(a, b) {
+  a = a.style;
+  for (var c in b) if (b.hasOwnProperty(c)) {
+    var d = 0 === c.indexOf("--"),
+      e = rb(c, b[c], d);
+    "float" === c && (c = "cssFloat");
+    d ? a.setProperty(c, e) : a[c] = e;
+  }
+}
+var tb = A({
+  menuitem: !0
+}, {
+  area: !0,
+  base: !0,
+  br: !0,
+  col: !0,
+  embed: !0,
+  hr: !0,
+  img: !0,
+  input: !0,
+  keygen: !0,
+  link: !0,
+  meta: !0,
+  param: !0,
+  source: !0,
+  track: !0,
+  wbr: !0
+});
+function ub(a, b) {
+  if (b) {
+    if (tb[a] && (null != b.children || null != b.dangerouslySetInnerHTML)) throw Error(p(137, a));
+    if (null != b.dangerouslySetInnerHTML) {
+      if (null != b.children) throw Error(p(60));
+      if ("object" !== typeof b.dangerouslySetInnerHTML || !("__html" in b.dangerouslySetInnerHTML)) throw Error(p(61));
+    }
+    if (null != b.style && "object" !== typeof b.style) throw Error(p(62));
+  }
+}
+function vb(a, b) {
+  if (-1 === a.indexOf("-")) return "string" === typeof b.is;
+  switch (a) {
+    case "annotation-xml":
+    case "color-profile":
+    case "font-face":
+    case "font-face-src":
+    case "font-face-uri":
+    case "font-face-format":
+    case "font-face-name":
+    case "missing-glyph":
+      return !1;
+    default:
+      return !0;
+  }
+}
+var wb = null;
+function xb(a) {
+  a = a.target || a.srcElement || window;
+  a.correspondingUseElement && (a = a.correspondingUseElement);
+  return 3 === a.nodeType ? a.parentNode : a;
+}
+var yb = null,
+  zb = null,
+  Ab = null;
+function Bb(a) {
+  if (a = Cb(a)) {
+    if ("function" !== typeof yb) throw Error(p(280));
+    var b = a.stateNode;
+    b && (b = Db(b), yb(a.stateNode, a.type, b));
+  }
+}
+function Eb(a) {
+  zb ? Ab ? Ab.push(a) : Ab = [a] : zb = a;
+}
+function Fb() {
+  if (zb) {
+    var a = zb,
+      b = Ab;
+    Ab = zb = null;
+    Bb(a);
+    if (b) for (a = 0; a < b.length; a++) Bb(b[a]);
+  }
+}
+function Gb(a, b) {
+  return a(b);
+}
+function Hb() {}
+var Ib = !1;
+function Jb(a, b, c) {
+  if (Ib) return a(b, c);
+  Ib = !0;
+  try {
+    return Gb(a, b, c);
+  } finally {
+    if (Ib = !1, null !== zb || null !== Ab) Hb(), Fb();
+  }
+}
+function Kb(a, b) {
+  var c = a.stateNode;
+  if (null === c) return null;
+  var d = Db(c);
+  if (null === d) return null;
+  c = d[b];
+  a: switch (b) {
+    case "onClick":
+    case "onClickCapture":
+    case "onDoubleClick":
+    case "onDoubleClickCapture":
+    case "onMouseDown":
+    case "onMouseDownCapture":
+    case "onMouseMove":
+    case "onMouseMoveCapture":
+    case "onMouseUp":
+    case "onMouseUpCapture":
+    case "onMouseEnter":
+      (d = !d.disabled) || (a = a.type, d = !("button" === a || "input" === a || "select" === a || "textarea" === a));
+      a = !d;
+      break a;
+    default:
+      a = !1;
+  }
+  if (a) return null;
+  if (c && "function" !== typeof c) throw Error(p(231, b, typeof c));
+  return c;
+}
+var Lb = !1;
+if (ia) try {
+  var Mb = {};
+  Object.defineProperty(Mb, "passive", {
+    get: function get() {
+      Lb = !0;
+    }
+  });
+  window.addEventListener("test", Mb, Mb);
+  window.removeEventListener("test", Mb, Mb);
+} catch (a) {
+  Lb = !1;
+}
+function Nb(a, b, c, d, e, f, g, h, k) {
+  var l = Array.prototype.slice.call(arguments, 3);
+  try {
+    b.apply(c, l);
+  } catch (m) {
+    this.onError(m);
+  }
+}
+var Ob = !1,
+  Pb = null,
+  Qb = !1,
+  Rb = null,
+  Sb = {
+    onError: function onError(a) {
+      Ob = !0;
+      Pb = a;
+    }
+  };
+function Tb(a, b, c, d, e, f, g, h, k) {
+  Ob = !1;
+  Pb = null;
+  Nb.apply(Sb, arguments);
+}
+function Ub(a, b, c, d, e, f, g, h, k) {
+  Tb.apply(this, arguments);
+  if (Ob) {
+    if (Ob) {
+      var l = Pb;
+      Ob = !1;
+      Pb = null;
+    } else throw Error(p(198));
+    Qb || (Qb = !0, Rb = l);
+  }
+}
+function Vb(a) {
+  var b = a,
+    c = a;
+  if (a.alternate) for (; b.return;) b = b.return;else {
+    a = b;
+    do b = a, 0 !== (b.flags & 4098) && (c = b.return), a = b.return; while (a);
+  }
+  return 3 === b.tag ? c : null;
+}
+function Wb(a) {
+  if (13 === a.tag) {
+    var b = a.memoizedState;
+    null === b && (a = a.alternate, null !== a && (b = a.memoizedState));
+    if (null !== b) return b.dehydrated;
+  }
+  return null;
+}
+function Xb(a) {
+  if (Vb(a) !== a) throw Error(p(188));
+}
+function Yb(a) {
+  var b = a.alternate;
+  if (!b) {
+    b = Vb(a);
+    if (null === b) throw Error(p(188));
+    return b !== a ? null : a;
+  }
+  for (var c = a, d = b;;) {
+    var e = c.return;
+    if (null === e) break;
+    var f = e.alternate;
+    if (null === f) {
+      d = e.return;
+      if (null !== d) {
+        c = d;
+        continue;
+      }
+      break;
+    }
+    if (e.child === f.child) {
+      for (f = e.child; f;) {
+        if (f === c) return Xb(e), a;
+        if (f === d) return Xb(e), b;
+        f = f.sibling;
+      }
+      throw Error(p(188));
+    }
+    if (c.return !== d.return) c = e, d = f;else {
+      for (var g = !1, h = e.child; h;) {
+        if (h === c) {
+          g = !0;
+          c = e;
+          d = f;
+          break;
+        }
+        if (h === d) {
+          g = !0;
+          d = e;
+          c = f;
+          break;
+        }
+        h = h.sibling;
+      }
+      if (!g) {
+        for (h = f.child; h;) {
+          if (h === c) {
+            g = !0;
+            c = f;
+            d = e;
+            break;
+          }
+          if (h === d) {
+            g = !0;
+            d = f;
+            c = e;
+            break;
+          }
+          h = h.sibling;
+        }
+        if (!g) throw Error(p(189));
+      }
+    }
+    if (c.alternate !== d) throw Error(p(190));
+  }
+  if (3 !== c.tag) throw Error(p(188));
+  return c.stateNode.current === c ? a : b;
+}
+function Zb(a) {
+  a = Yb(a);
+  return null !== a ? $b(a) : null;
+}
+function $b(a) {
+  if (5 === a.tag || 6 === a.tag) return a;
+  for (a = a.child; null !== a;) {
+    var b = $b(a);
+    if (null !== b) return b;
+    a = a.sibling;
+  }
+  return null;
+}
+var ac = ca.unstable_scheduleCallback,
+  bc = ca.unstable_cancelCallback,
+  cc = ca.unstable_shouldYield,
+  dc = ca.unstable_requestPaint,
+  B = ca.unstable_now,
+  ec = ca.unstable_getCurrentPriorityLevel,
+  fc = ca.unstable_ImmediatePriority,
+  gc = ca.unstable_UserBlockingPriority,
+  hc = ca.unstable_NormalPriority,
+  ic = ca.unstable_LowPriority,
+  jc = ca.unstable_IdlePriority,
+  kc = null,
+  lc = null;
+function mc(a) {
+  if (lc && "function" === typeof lc.onCommitFiberRoot) try {
+    lc.onCommitFiberRoot(kc, a, void 0, 128 === (a.current.flags & 128));
+  } catch (b) {}
+}
+var oc = Math.clz32 ? Math.clz32 : nc,
+  pc = Math.log,
+  qc = Math.LN2;
+function nc(a) {
+  a >>>= 0;
+  return 0 === a ? 32 : 31 - (pc(a) / qc | 0) | 0;
+}
+var rc = 64,
+  sc = 4194304;
+function tc(a) {
+  switch (a & -a) {
+    case 1:
+      return 1;
+    case 2:
+      return 2;
+    case 4:
+      return 4;
+    case 8:
+      return 8;
+    case 16:
+      return 16;
+    case 32:
+      return 32;
+    case 64:
+    case 128:
+    case 256:
+    case 512:
+    case 1024:
+    case 2048:
+    case 4096:
+    case 8192:
+    case 16384:
+    case 32768:
+    case 65536:
+    case 131072:
+    case 262144:
+    case 524288:
+    case 1048576:
+    case 2097152:
+      return a & 4194240;
+    case 4194304:
+    case 8388608:
+    case 16777216:
+    case 33554432:
+    case 67108864:
+      return a & 130023424;
+    case 134217728:
+      return 134217728;
+    case 268435456:
+      return 268435456;
+    case 536870912:
+      return 536870912;
+    case 1073741824:
+      return 1073741824;
+    default:
+      return a;
+  }
+}
+function uc(a, b) {
+  var c = a.pendingLanes;
+  if (0 === c) return 0;
+  var d = 0,
+    e = a.suspendedLanes,
+    f = a.pingedLanes,
+    g = c & 268435455;
+  if (0 !== g) {
+    var h = g & ~e;
+    0 !== h ? d = tc(h) : (f &= g, 0 !== f && (d = tc(f)));
+  } else g = c & ~e, 0 !== g ? d = tc(g) : 0 !== f && (d = tc(f));
+  if (0 === d) return 0;
+  if (0 !== b && b !== d && 0 === (b & e) && (e = d & -d, f = b & -b, e >= f || 16 === e && 0 !== (f & 4194240))) return b;
+  0 !== (d & 4) && (d |= c & 16);
+  b = a.entangledLanes;
+  if (0 !== b) for (a = a.entanglements, b &= d; 0 < b;) c = 31 - oc(b), e = 1 << c, d |= a[c], b &= ~e;
+  return d;
+}
+function vc(a, b) {
+  switch (a) {
+    case 1:
+    case 2:
+    case 4:
+      return b + 250;
+    case 8:
+    case 16:
+    case 32:
+    case 64:
+    case 128:
+    case 256:
+    case 512:
+    case 1024:
+    case 2048:
+    case 4096:
+    case 8192:
+    case 16384:
+    case 32768:
+    case 65536:
+    case 131072:
+    case 262144:
+    case 524288:
+    case 1048576:
+    case 2097152:
+      return b + 5E3;
+    case 4194304:
+    case 8388608:
+    case 16777216:
+    case 33554432:
+    case 67108864:
+      return -1;
+    case 134217728:
+    case 268435456:
+    case 536870912:
+    case 1073741824:
+      return -1;
+    default:
+      return -1;
+  }
+}
+function wc(a, b) {
+  for (var c = a.suspendedLanes, d = a.pingedLanes, e = a.expirationTimes, f = a.pendingLanes; 0 < f;) {
+    var g = 31 - oc(f),
+      h = 1 << g,
+      k = e[g];
+    if (-1 === k) {
+      if (0 === (h & c) || 0 !== (h & d)) e[g] = vc(h, b);
+    } else k <= b && (a.expiredLanes |= h);
+    f &= ~h;
+  }
+}
+function xc(a) {
+  a = a.pendingLanes & -1073741825;
+  return 0 !== a ? a : a & 1073741824 ? 1073741824 : 0;
+}
+function yc() {
+  var a = rc;
+  rc <<= 1;
+  0 === (rc & 4194240) && (rc = 64);
+  return a;
+}
+function zc(a) {
+  for (var b = [], c = 0; 31 > c; c++) b.push(a);
+  return b;
+}
+function Ac(a, b, c) {
+  a.pendingLanes |= b;
+  536870912 !== b && (a.suspendedLanes = 0, a.pingedLanes = 0);
+  a = a.eventTimes;
+  b = 31 - oc(b);
+  a[b] = c;
+}
+function Bc(a, b) {
+  var c = a.pendingLanes & ~b;
+  a.pendingLanes = b;
+  a.suspendedLanes = 0;
+  a.pingedLanes = 0;
+  a.expiredLanes &= b;
+  a.mutableReadLanes &= b;
+  a.entangledLanes &= b;
+  b = a.entanglements;
+  var d = a.eventTimes;
+  for (a = a.expirationTimes; 0 < c;) {
+    var e = 31 - oc(c),
+      f = 1 << e;
+    b[e] = 0;
+    d[e] = -1;
+    a[e] = -1;
+    c &= ~f;
+  }
+}
+function Cc(a, b) {
+  var c = a.entangledLanes |= b;
+  for (a = a.entanglements; c;) {
+    var d = 31 - oc(c),
+      e = 1 << d;
+    e & b | a[d] & b && (a[d] |= b);
+    c &= ~e;
+  }
+}
+var C = 0;
+function Dc(a) {
+  a &= -a;
+  return 1 < a ? 4 < a ? 0 !== (a & 268435455) ? 16 : 536870912 : 4 : 1;
+}
+var Ec,
+  Fc,
+  Gc,
+  Hc,
+  Ic,
+  Jc = !1,
+  Kc = [],
+  Lc = null,
+  Mc = null,
+  Nc = null,
+  Oc = new Map(),
+  Pc = new Map(),
+  Qc = [],
+  Rc = "mousedown mouseup touchcancel touchend touchstart auxclick dblclick pointercancel pointerdown pointerup dragend dragstart drop compositionend compositionstart keydown keypress keyup input textInput copy cut paste click change contextmenu reset submit".split(" ");
+function Sc(a, b) {
+  switch (a) {
+    case "focusin":
+    case "focusout":
+      Lc = null;
+      break;
+    case "dragenter":
+    case "dragleave":
+      Mc = null;
+      break;
+    case "mouseover":
+    case "mouseout":
+      Nc = null;
+      break;
+    case "pointerover":
+    case "pointerout":
+      Oc.delete(b.pointerId);
+      break;
+    case "gotpointercapture":
+    case "lostpointercapture":
+      Pc.delete(b.pointerId);
+  }
+}
+function Tc(a, b, c, d, e, f) {
+  if (null === a || a.nativeEvent !== f) return a = {
+    blockedOn: b,
+    domEventName: c,
+    eventSystemFlags: d,
+    nativeEvent: f,
+    targetContainers: [e]
+  }, null !== b && (b = Cb(b), null !== b && Fc(b)), a;
+  a.eventSystemFlags |= d;
+  b = a.targetContainers;
+  null !== e && -1 === b.indexOf(e) && b.push(e);
+  return a;
+}
+function Uc(a, b, c, d, e) {
+  switch (b) {
+    case "focusin":
+      return Lc = Tc(Lc, a, b, c, d, e), !0;
+    case "dragenter":
+      return Mc = Tc(Mc, a, b, c, d, e), !0;
+    case "mouseover":
+      return Nc = Tc(Nc, a, b, c, d, e), !0;
+    case "pointerover":
+      var f = e.pointerId;
+      Oc.set(f, Tc(Oc.get(f) || null, a, b, c, d, e));
+      return !0;
+    case "gotpointercapture":
+      return f = e.pointerId, Pc.set(f, Tc(Pc.get(f) || null, a, b, c, d, e)), !0;
+  }
+  return !1;
+}
+function Vc(a) {
+  var b = Wc(a.target);
+  if (null !== b) {
+    var c = Vb(b);
+    if (null !== c) if (b = c.tag, 13 === b) {
+      if (b = Wb(c), null !== b) {
+        a.blockedOn = b;
+        Ic(a.priority, function () {
+          Gc(c);
+        });
+        return;
+      }
+    } else if (3 === b && c.stateNode.current.memoizedState.isDehydrated) {
+      a.blockedOn = 3 === c.tag ? c.stateNode.containerInfo : null;
+      return;
+    }
+  }
+  a.blockedOn = null;
+}
+function Xc(a) {
+  if (null !== a.blockedOn) return !1;
+  for (var b = a.targetContainers; 0 < b.length;) {
+    var c = Yc(a.domEventName, a.eventSystemFlags, b[0], a.nativeEvent);
+    if (null === c) {
+      c = a.nativeEvent;
+      var d = new c.constructor(c.type, c);
+      wb = d;
+      c.target.dispatchEvent(d);
+      wb = null;
+    } else return b = Cb(c), null !== b && Fc(b), a.blockedOn = c, !1;
+    b.shift();
+  }
+  return !0;
+}
+function Zc(a, b, c) {
+  Xc(a) && c.delete(b);
+}
+function $c() {
+  Jc = !1;
+  null !== Lc && Xc(Lc) && (Lc = null);
+  null !== Mc && Xc(Mc) && (Mc = null);
+  null !== Nc && Xc(Nc) && (Nc = null);
+  Oc.forEach(Zc);
+  Pc.forEach(Zc);
+}
+function ad(a, b) {
+  a.blockedOn === b && (a.blockedOn = null, Jc || (Jc = !0, ca.unstable_scheduleCallback(ca.unstable_NormalPriority, $c)));
+}
+function bd(a) {
+  function b(b) {
+    return ad(b, a);
+  }
+  if (0 < Kc.length) {
+    ad(Kc[0], a);
+    for (var c = 1; c < Kc.length; c++) {
+      var d = Kc[c];
+      d.blockedOn === a && (d.blockedOn = null);
+    }
+  }
+  null !== Lc && ad(Lc, a);
+  null !== Mc && ad(Mc, a);
+  null !== Nc && ad(Nc, a);
+  Oc.forEach(b);
+  Pc.forEach(b);
+  for (c = 0; c < Qc.length; c++) d = Qc[c], d.blockedOn === a && (d.blockedOn = null);
+  for (; 0 < Qc.length && (c = Qc[0], null === c.blockedOn);) Vc(c), null === c.blockedOn && Qc.shift();
+}
+var cd = ua.ReactCurrentBatchConfig,
+  dd = !0;
+function ed(a, b, c, d) {
+  var e = C,
+    f = cd.transition;
+  cd.transition = null;
+  try {
+    C = 1, fd(a, b, c, d);
+  } finally {
+    C = e, cd.transition = f;
+  }
+}
+function gd(a, b, c, d) {
+  var e = C,
+    f = cd.transition;
+  cd.transition = null;
+  try {
+    C = 4, fd(a, b, c, d);
+  } finally {
+    C = e, cd.transition = f;
+  }
+}
+function fd(a, b, c, d) {
+  if (dd) {
+    var e = Yc(a, b, c, d);
+    if (null === e) hd(a, b, d, id, c), Sc(a, d);else if (Uc(e, a, b, c, d)) d.stopPropagation();else if (Sc(a, d), b & 4 && -1 < Rc.indexOf(a)) {
+      for (; null !== e;) {
+        var f = Cb(e);
+        null !== f && Ec(f);
+        f = Yc(a, b, c, d);
+        null === f && hd(a, b, d, id, c);
+        if (f === e) break;
+        e = f;
+      }
+      null !== e && d.stopPropagation();
+    } else hd(a, b, d, null, c);
+  }
+}
+var id = null;
+function Yc(a, b, c, d) {
+  id = null;
+  a = xb(d);
+  a = Wc(a);
+  if (null !== a) if (b = Vb(a), null === b) a = null;else if (c = b.tag, 13 === c) {
+    a = Wb(b);
+    if (null !== a) return a;
+    a = null;
+  } else if (3 === c) {
+    if (b.stateNode.current.memoizedState.isDehydrated) return 3 === b.tag ? b.stateNode.containerInfo : null;
+    a = null;
+  } else b !== a && (a = null);
+  id = a;
+  return null;
+}
+function jd(a) {
+  switch (a) {
+    case "cancel":
+    case "click":
+    case "close":
+    case "contextmenu":
+    case "copy":
+    case "cut":
+    case "auxclick":
+    case "dblclick":
+    case "dragend":
+    case "dragstart":
+    case "drop":
+    case "focusin":
+    case "focusout":
+    case "input":
+    case "invalid":
+    case "keydown":
+    case "keypress":
+    case "keyup":
+    case "mousedown":
+    case "mouseup":
+    case "paste":
+    case "pause":
+    case "play":
+    case "pointercancel":
+    case "pointerdown":
+    case "pointerup":
+    case "ratechange":
+    case "reset":
+    case "resize":
+    case "seeked":
+    case "submit":
+    case "touchcancel":
+    case "touchend":
+    case "touchstart":
+    case "volumechange":
+    case "change":
+    case "selectionchange":
+    case "textInput":
+    case "compositionstart":
+    case "compositionend":
+    case "compositionupdate":
+    case "beforeblur":
+    case "afterblur":
+    case "beforeinput":
+    case "blur":
+    case "fullscreenchange":
+    case "focus":
+    case "hashchange":
+    case "popstate":
+    case "select":
+    case "selectstart":
+      return 1;
+    case "drag":
+    case "dragenter":
+    case "dragexit":
+    case "dragleave":
+    case "dragover":
+    case "mousemove":
+    case "mouseout":
+    case "mouseover":
+    case "pointermove":
+    case "pointerout":
+    case "pointerover":
+    case "scroll":
+    case "toggle":
+    case "touchmove":
+    case "wheel":
+    case "mouseenter":
+    case "mouseleave":
+    case "pointerenter":
+    case "pointerleave":
+      return 4;
+    case "message":
+      switch (ec()) {
+        case fc:
+          return 1;
+        case gc:
+          return 4;
+        case hc:
+        case ic:
+          return 16;
+        case jc:
+          return 536870912;
+        default:
+          return 16;
+      }
+    default:
+      return 16;
+  }
+}
+var kd = null,
+  ld = null,
+  md = null;
+function nd() {
+  if (md) return md;
+  var a,
+    b = ld,
+    c = b.length,
+    d,
+    e = "value" in kd ? kd.value : kd.textContent,
+    f = e.length;
+  for (a = 0; a < c && b[a] === e[a]; a++);
+  var g = c - a;
+  for (d = 1; d <= g && b[c - d] === e[f - d]; d++);
+  return md = e.slice(a, 1 < d ? 1 - d : void 0);
+}
+function od(a) {
+  var b = a.keyCode;
+  "charCode" in a ? (a = a.charCode, 0 === a && 13 === b && (a = 13)) : a = b;
+  10 === a && (a = 13);
+  return 32 <= a || 13 === a ? a : 0;
+}
+function pd() {
+  return !0;
+}
+function qd() {
+  return !1;
+}
+function rd(a) {
+  function b(b, d, e, f, g) {
+    this._reactName = b;
+    this._targetInst = e;
+    this.type = d;
+    this.nativeEvent = f;
+    this.target = g;
+    this.currentTarget = null;
+    for (var c in a) a.hasOwnProperty(c) && (b = a[c], this[c] = b ? b(f) : f[c]);
+    this.isDefaultPrevented = (null != f.defaultPrevented ? f.defaultPrevented : !1 === f.returnValue) ? pd : qd;
+    this.isPropagationStopped = qd;
+    return this;
+  }
+  A(b.prototype, {
+    preventDefault: function preventDefault() {
+      this.defaultPrevented = !0;
+      var a = this.nativeEvent;
+      a && (a.preventDefault ? a.preventDefault() : "unknown" !== typeof a.returnValue && (a.returnValue = !1), this.isDefaultPrevented = pd);
+    },
+    stopPropagation: function stopPropagation() {
+      var a = this.nativeEvent;
+      a && (a.stopPropagation ? a.stopPropagation() : "unknown" !== typeof a.cancelBubble && (a.cancelBubble = !0), this.isPropagationStopped = pd);
+    },
+    persist: function persist() {},
+    isPersistent: pd
+  });
+  return b;
+}
+var sd = {
+    eventPhase: 0,
+    bubbles: 0,
+    cancelable: 0,
+    timeStamp: function timeStamp(a) {
+      return a.timeStamp || Date.now();
+    },
+    defaultPrevented: 0,
+    isTrusted: 0
+  },
+  td = rd(sd),
+  ud = A({}, sd, {
+    view: 0,
+    detail: 0
+  }),
+  vd = rd(ud),
+  wd,
+  xd,
+  yd,
+  Ad = A({}, ud, {
+    screenX: 0,
+    screenY: 0,
+    clientX: 0,
+    clientY: 0,
+    pageX: 0,
+    pageY: 0,
+    ctrlKey: 0,
+    shiftKey: 0,
+    altKey: 0,
+    metaKey: 0,
+    getModifierState: zd,
+    button: 0,
+    buttons: 0,
+    relatedTarget: function relatedTarget(a) {
+      return void 0 === a.relatedTarget ? a.fromElement === a.srcElement ? a.toElement : a.fromElement : a.relatedTarget;
+    },
+    movementX: function movementX(a) {
+      if ("movementX" in a) return a.movementX;
+      a !== yd && (yd && "mousemove" === a.type ? (wd = a.screenX - yd.screenX, xd = a.screenY - yd.screenY) : xd = wd = 0, yd = a);
+      return wd;
+    },
+    movementY: function movementY(a) {
+      return "movementY" in a ? a.movementY : xd;
+    }
+  }),
+  Bd = rd(Ad),
+  Cd = A({}, Ad, {
+    dataTransfer: 0
+  }),
+  Dd = rd(Cd),
+  Ed = A({}, ud, {
+    relatedTarget: 0
+  }),
+  Fd = rd(Ed),
+  Gd = A({}, sd, {
+    animationName: 0,
+    elapsedTime: 0,
+    pseudoElement: 0
+  }),
+  Hd = rd(Gd),
+  Id = A({}, sd, {
+    clipboardData: function clipboardData(a) {
+      return "clipboardData" in a ? a.clipboardData : window.clipboardData;
+    }
+  }),
+  Jd = rd(Id),
+  Kd = A({}, sd, {
+    data: 0
+  }),
+  Ld = rd(Kd),
+  Md = {
+    Esc: "Escape",
+    Spacebar: " ",
+    Left: "ArrowLeft",
+    Up: "ArrowUp",
+    Right: "ArrowRight",
+    Down: "ArrowDown",
+    Del: "Delete",
+    Win: "OS",
+    Menu: "ContextMenu",
+    Apps: "ContextMenu",
+    Scroll: "ScrollLock",
+    MozPrintableKey: "Unidentified"
+  },
+  Nd = {
+    8: "Backspace",
+    9: "Tab",
+    12: "Clear",
+    13: "Enter",
+    16: "Shift",
+    17: "Control",
+    18: "Alt",
+    19: "Pause",
+    20: "CapsLock",
+    27: "Escape",
+    32: " ",
+    33: "PageUp",
+    34: "PageDown",
+    35: "End",
+    36: "Home",
+    37: "ArrowLeft",
+    38: "ArrowUp",
+    39: "ArrowRight",
+    40: "ArrowDown",
+    45: "Insert",
+    46: "Delete",
+    112: "F1",
+    113: "F2",
+    114: "F3",
+    115: "F4",
+    116: "F5",
+    117: "F6",
+    118: "F7",
+    119: "F8",
+    120: "F9",
+    121: "F10",
+    122: "F11",
+    123: "F12",
+    144: "NumLock",
+    145: "ScrollLock",
+    224: "Meta"
+  },
+  Od = {
+    Alt: "altKey",
+    Control: "ctrlKey",
+    Meta: "metaKey",
+    Shift: "shiftKey"
+  };
+function Pd(a) {
+  var b = this.nativeEvent;
+  return b.getModifierState ? b.getModifierState(a) : (a = Od[a]) ? !!b[a] : !1;
+}
+function zd() {
+  return Pd;
+}
+var Qd = A({}, ud, {
+    key: function key(a) {
+      if (a.key) {
+        var b = Md[a.key] || a.key;
+        if ("Unidentified" !== b) return b;
+      }
+      return "keypress" === a.type ? (a = od(a), 13 === a ? "Enter" : String.fromCharCode(a)) : "keydown" === a.type || "keyup" === a.type ? Nd[a.keyCode] || "Unidentified" : "";
+    },
+    code: 0,
+    location: 0,
+    ctrlKey: 0,
+    shiftKey: 0,
+    altKey: 0,
+    metaKey: 0,
+    repeat: 0,
+    locale: 0,
+    getModifierState: zd,
+    charCode: function charCode(a) {
+      return "keypress" === a.type ? od(a) : 0;
+    },
+    keyCode: function keyCode(a) {
+      return "keydown" === a.type || "keyup" === a.type ? a.keyCode : 0;
+    },
+    which: function which(a) {
+      return "keypress" === a.type ? od(a) : "keydown" === a.type || "keyup" === a.type ? a.keyCode : 0;
+    }
+  }),
+  Rd = rd(Qd),
+  Sd = A({}, Ad, {
+    pointerId: 0,
+    width: 0,
+    height: 0,
+    pressure: 0,
+    tangentialPressure: 0,
+    tiltX: 0,
+    tiltY: 0,
+    twist: 0,
+    pointerType: 0,
+    isPrimary: 0
+  }),
+  Td = rd(Sd),
+  Ud = A({}, ud, {
+    touches: 0,
+    targetTouches: 0,
+    changedTouches: 0,
+    altKey: 0,
+    metaKey: 0,
+    ctrlKey: 0,
+    shiftKey: 0,
+    getModifierState: zd
+  }),
+  Vd = rd(Ud),
+  Wd = A({}, sd, {
+    propertyName: 0,
+    elapsedTime: 0,
+    pseudoElement: 0
+  }),
+  Xd = rd(Wd),
+  Yd = A({}, Ad, {
+    deltaX: function deltaX(a) {
+      return "deltaX" in a ? a.deltaX : "wheelDeltaX" in a ? -a.wheelDeltaX : 0;
+    },
+    deltaY: function deltaY(a) {
+      return "deltaY" in a ? a.deltaY : "wheelDeltaY" in a ? -a.wheelDeltaY : "wheelDelta" in a ? -a.wheelDelta : 0;
+    },
+    deltaZ: 0,
+    deltaMode: 0
+  }),
+  Zd = rd(Yd),
+  $d = [9, 13, 27, 32],
+  ae = ia && "CompositionEvent" in window,
+  be = null;
+ia && "documentMode" in document && (be = document.documentMode);
+var ce = ia && "TextEvent" in window && !be,
+  de = ia && (!ae || be && 8 < be && 11 >= be),
+  ee = String.fromCharCode(32),
+  fe = !1;
+function ge(a, b) {
+  switch (a) {
+    case "keyup":
+      return -1 !== $d.indexOf(b.keyCode);
+    case "keydown":
+      return 229 !== b.keyCode;
+    case "keypress":
+    case "mousedown":
+    case "focusout":
+      return !0;
+    default:
+      return !1;
+  }
+}
+function he(a) {
+  a = a.detail;
+  return "object" === typeof a && "data" in a ? a.data : null;
+}
+var ie = !1;
+function je(a, b) {
+  switch (a) {
+    case "compositionend":
+      return he(b);
+    case "keypress":
+      if (32 !== b.which) return null;
+      fe = !0;
+      return ee;
+    case "textInput":
+      return a = b.data, a === ee && fe ? null : a;
+    default:
+      return null;
+  }
+}
+function ke(a, b) {
+  if (ie) return "compositionend" === a || !ae && ge(a, b) ? (a = nd(), md = ld = kd = null, ie = !1, a) : null;
+  switch (a) {
+    case "paste":
+      return null;
+    case "keypress":
+      if (!(b.ctrlKey || b.altKey || b.metaKey) || b.ctrlKey && b.altKey) {
+        if (b.char && 1 < b.char.length) return b.char;
+        if (b.which) return String.fromCharCode(b.which);
+      }
+      return null;
+    case "compositionend":
+      return de && "ko" !== b.locale ? null : b.data;
+    default:
+      return null;
+  }
+}
+var le = {
+  color: !0,
+  date: !0,
+  datetime: !0,
+  "datetime-local": !0,
+  email: !0,
+  month: !0,
+  number: !0,
+  password: !0,
+  range: !0,
+  search: !0,
+  tel: !0,
+  text: !0,
+  time: !0,
+  url: !0,
+  week: !0
+};
+function me(a) {
+  var b = a && a.nodeName && a.nodeName.toLowerCase();
+  return "input" === b ? !!le[a.type] : "textarea" === b ? !0 : !1;
+}
+function ne(a, b, c, d) {
+  Eb(d);
+  b = oe(b, "onChange");
+  0 < b.length && (c = new td("onChange", "change", null, c, d), a.push({
+    event: c,
+    listeners: b
+  }));
+}
+var pe = null,
+  qe = null;
+function re(a) {
+  se(a, 0);
+}
+function te(a) {
+  var b = ue(a);
+  if (Wa(b)) return a;
+}
+function ve(a, b) {
+  if ("change" === a) return b;
+}
+var we = !1;
+if (ia) {
+  var xe;
+  if (ia) {
+    var ye = ("oninput" in document);
+    if (!ye) {
+      var ze = document.createElement("div");
+      ze.setAttribute("oninput", "return;");
+      ye = "function" === typeof ze.oninput;
+    }
+    xe = ye;
+  } else xe = !1;
+  we = xe && (!document.documentMode || 9 < document.documentMode);
+}
+function Ae() {
+  pe && (pe.detachEvent("onpropertychange", Be), qe = pe = null);
+}
+function Be(a) {
+  if ("value" === a.propertyName && te(qe)) {
+    var b = [];
+    ne(b, qe, a, xb(a));
+    Jb(re, b);
+  }
+}
+function Ce(a, b, c) {
+  "focusin" === a ? (Ae(), pe = b, qe = c, pe.attachEvent("onpropertychange", Be)) : "focusout" === a && Ae();
+}
+function De(a) {
+  if ("selectionchange" === a || "keyup" === a || "keydown" === a) return te(qe);
+}
+function Ee(a, b) {
+  if ("click" === a) return te(b);
+}
+function Fe(a, b) {
+  if ("input" === a || "change" === a) return te(b);
+}
+function Ge(a, b) {
+  return a === b && (0 !== a || 1 / a === 1 / b) || a !== a && b !== b;
+}
+var He = "function" === typeof Object.is ? Object.is : Ge;
+function Ie(a, b) {
+  if (He(a, b)) return !0;
+  if ("object" !== typeof a || null === a || "object" !== typeof b || null === b) return !1;
+  var c = Object.keys(a),
+    d = Object.keys(b);
+  if (c.length !== d.length) return !1;
+  for (d = 0; d < c.length; d++) {
+    var e = c[d];
+    if (!ja.call(b, e) || !He(a[e], b[e])) return !1;
+  }
+  return !0;
+}
+function Je(a) {
+  for (; a && a.firstChild;) a = a.firstChild;
+  return a;
+}
+function Ke(a, b) {
+  var c = Je(a);
+  a = 0;
+  for (var d; c;) {
+    if (3 === c.nodeType) {
+      d = a + c.textContent.length;
+      if (a <= b && d >= b) return {
+        node: c,
+        offset: b - a
+      };
+      a = d;
+    }
+    a: {
+      for (; c;) {
+        if (c.nextSibling) {
+          c = c.nextSibling;
+          break a;
+        }
+        c = c.parentNode;
+      }
+      c = void 0;
+    }
+    c = Je(c);
+  }
+}
+function Le(a, b) {
+  return a && b ? a === b ? !0 : a && 3 === a.nodeType ? !1 : b && 3 === b.nodeType ? Le(a, b.parentNode) : "contains" in a ? a.contains(b) : a.compareDocumentPosition ? !!(a.compareDocumentPosition(b) & 16) : !1 : !1;
+}
+function Me() {
+  for (var a = window, b = Xa(); b instanceof a.HTMLIFrameElement;) {
+    try {
+      var c = "string" === typeof b.contentWindow.location.href;
+    } catch (d) {
+      c = !1;
+    }
+    if (c) a = b.contentWindow;else break;
+    b = Xa(a.document);
+  }
+  return b;
+}
+function Ne(a) {
+  var b = a && a.nodeName && a.nodeName.toLowerCase();
+  return b && ("input" === b && ("text" === a.type || "search" === a.type || "tel" === a.type || "url" === a.type || "password" === a.type) || "textarea" === b || "true" === a.contentEditable);
+}
+function Oe(a) {
+  var b = Me(),
+    c = a.focusedElem,
+    d = a.selectionRange;
+  if (b !== c && c && c.ownerDocument && Le(c.ownerDocument.documentElement, c)) {
+    if (null !== d && Ne(c)) if (b = d.start, a = d.end, void 0 === a && (a = b), "selectionStart" in c) c.selectionStart = b, c.selectionEnd = Math.min(a, c.value.length);else if (a = (b = c.ownerDocument || document) && b.defaultView || window, a.getSelection) {
+      a = a.getSelection();
+      var e = c.textContent.length,
+        f = Math.min(d.start, e);
+      d = void 0 === d.end ? f : Math.min(d.end, e);
+      !a.extend && f > d && (e = d, d = f, f = e);
+      e = Ke(c, f);
+      var g = Ke(c, d);
+      e && g && (1 !== a.rangeCount || a.anchorNode !== e.node || a.anchorOffset !== e.offset || a.focusNode !== g.node || a.focusOffset !== g.offset) && (b = b.createRange(), b.setStart(e.node, e.offset), a.removeAllRanges(), f > d ? (a.addRange(b), a.extend(g.node, g.offset)) : (b.setEnd(g.node, g.offset), a.addRange(b)));
+    }
+    b = [];
+    for (a = c; a = a.parentNode;) 1 === a.nodeType && b.push({
+      element: a,
+      left: a.scrollLeft,
+      top: a.scrollTop
+    });
+    "function" === typeof c.focus && c.focus();
+    for (c = 0; c < b.length; c++) a = b[c], a.element.scrollLeft = a.left, a.element.scrollTop = a.top;
+  }
+}
+var Pe = ia && "documentMode" in document && 11 >= document.documentMode,
+  Qe = null,
+  Re = null,
+  Se = null,
+  Te = !1;
+function Ue(a, b, c) {
+  var d = c.window === c ? c.document : 9 === c.nodeType ? c : c.ownerDocument;
+  Te || null == Qe || Qe !== Xa(d) || (d = Qe, "selectionStart" in d && Ne(d) ? d = {
+    start: d.selectionStart,
+    end: d.selectionEnd
+  } : (d = (d.ownerDocument && d.ownerDocument.defaultView || window).getSelection(), d = {
+    anchorNode: d.anchorNode,
+    anchorOffset: d.anchorOffset,
+    focusNode: d.focusNode,
+    focusOffset: d.focusOffset
+  }), Se && Ie(Se, d) || (Se = d, d = oe(Re, "onSelect"), 0 < d.length && (b = new td("onSelect", "select", null, b, c), a.push({
+    event: b,
+    listeners: d
+  }), b.target = Qe)));
+}
+function Ve(a, b) {
+  var c = {};
+  c[a.toLowerCase()] = b.toLowerCase();
+  c["Webkit" + a] = "webkit" + b;
+  c["Moz" + a] = "moz" + b;
+  return c;
+}
+var We = {
+    animationend: Ve("Animation", "AnimationEnd"),
+    animationiteration: Ve("Animation", "AnimationIteration"),
+    animationstart: Ve("Animation", "AnimationStart"),
+    transitionend: Ve("Transition", "TransitionEnd")
+  },
+  Xe = {},
+  Ye = {};
+ia && (Ye = document.createElement("div").style, "AnimationEvent" in window || (delete We.animationend.animation, delete We.animationiteration.animation, delete We.animationstart.animation), "TransitionEvent" in window || delete We.transitionend.transition);
+function Ze(a) {
+  if (Xe[a]) return Xe[a];
+  if (!We[a]) return a;
+  var b = We[a],
+    c;
+  for (c in b) if (b.hasOwnProperty(c) && c in Ye) return Xe[a] = b[c];
+  return a;
+}
+var $e = Ze("animationend"),
+  af = Ze("animationiteration"),
+  bf = Ze("animationstart"),
+  cf = Ze("transitionend"),
+  df = new Map(),
+  ef = "abort auxClick cancel canPlay canPlayThrough click close contextMenu copy cut drag dragEnd dragEnter dragExit dragLeave dragOver dragStart drop durationChange emptied encrypted ended error gotPointerCapture input invalid keyDown keyPress keyUp load loadedData loadedMetadata loadStart lostPointerCapture mouseDown mouseMove mouseOut mouseOver mouseUp paste pause play playing pointerCancel pointerDown pointerMove pointerOut pointerOver pointerUp progress rateChange reset resize seeked seeking stalled submit suspend timeUpdate touchCancel touchEnd touchStart volumeChange scroll toggle touchMove waiting wheel".split(" ");
+function ff(a, b) {
+  df.set(a, b);
+  fa(b, [a]);
+}
+for (var gf = 0; gf < ef.length; gf++) {
+  var hf = ef[gf],
+    jf = hf.toLowerCase(),
+    kf = hf[0].toUpperCase() + hf.slice(1);
+  ff(jf, "on" + kf);
+}
+ff($e, "onAnimationEnd");
+ff(af, "onAnimationIteration");
+ff(bf, "onAnimationStart");
+ff("dblclick", "onDoubleClick");
+ff("focusin", "onFocus");
+ff("focusout", "onBlur");
+ff(cf, "onTransitionEnd");
+ha("onMouseEnter", ["mouseout", "mouseover"]);
+ha("onMouseLeave", ["mouseout", "mouseover"]);
+ha("onPointerEnter", ["pointerout", "pointerover"]);
+ha("onPointerLeave", ["pointerout", "pointerover"]);
+fa("onChange", "change click focusin focusout input keydown keyup selectionchange".split(" "));
+fa("onSelect", "focusout contextmenu dragend focusin keydown keyup mousedown mouseup selectionchange".split(" "));
+fa("onBeforeInput", ["compositionend", "keypress", "textInput", "paste"]);
+fa("onCompositionEnd", "compositionend focusout keydown keypress keyup mousedown".split(" "));
+fa("onCompositionStart", "compositionstart focusout keydown keypress keyup mousedown".split(" "));
+fa("onCompositionUpdate", "compositionupdate focusout keydown keypress keyup mousedown".split(" "));
+var lf = "abort canplay canplaythrough durationchange emptied encrypted ended error loadeddata loadedmetadata loadstart pause play playing progress ratechange resize seeked seeking stalled suspend timeupdate volumechange waiting".split(" "),
+  mf = new Set("cancel close invalid load scroll toggle".split(" ").concat(lf));
+function nf(a, b, c) {
+  var d = a.type || "unknown-event";
+  a.currentTarget = c;
+  Ub(d, b, void 0, a);
+  a.currentTarget = null;
+}
+function se(a, b) {
+  b = 0 !== (b & 4);
+  for (var c = 0; c < a.length; c++) {
+    var d = a[c],
+      e = d.event;
+    d = d.listeners;
+    a: {
+      var f = void 0;
+      if (b) for (var g = d.length - 1; 0 <= g; g--) {
+        var h = d[g],
+          k = h.instance,
+          l = h.currentTarget;
+        h = h.listener;
+        if (k !== f && e.isPropagationStopped()) break a;
+        nf(e, h, l);
+        f = k;
+      } else for (g = 0; g < d.length; g++) {
+        h = d[g];
+        k = h.instance;
+        l = h.currentTarget;
+        h = h.listener;
+        if (k !== f && e.isPropagationStopped()) break a;
+        nf(e, h, l);
+        f = k;
+      }
+    }
+  }
+  if (Qb) throw a = Rb, Qb = !1, Rb = null, a;
+}
+function D(a, b) {
+  var c = b[of];
+  void 0 === c && (c = b[of] = new Set());
+  var d = a + "__bubble";
+  c.has(d) || (pf(b, a, 2, !1), c.add(d));
+}
+function qf(a, b, c) {
+  var d = 0;
+  b && (d |= 4);
+  pf(c, a, d, b);
+}
+var rf = "_reactListening" + Math.random().toString(36).slice(2);
+function sf(a) {
+  if (!a[rf]) {
+    a[rf] = !0;
+    da.forEach(function (b) {
+      "selectionchange" !== b && (mf.has(b) || qf(b, !1, a), qf(b, !0, a));
+    });
+    var b = 9 === a.nodeType ? a : a.ownerDocument;
+    null === b || b[rf] || (b[rf] = !0, qf("selectionchange", !1, b));
+  }
+}
+function pf(a, b, c, d) {
+  switch (jd(b)) {
+    case 1:
+      var e = ed;
+      break;
+    case 4:
+      e = gd;
+      break;
+    default:
+      e = fd;
+  }
+  c = e.bind(null, b, c, a);
+  e = void 0;
+  !Lb || "touchstart" !== b && "touchmove" !== b && "wheel" !== b || (e = !0);
+  d ? void 0 !== e ? a.addEventListener(b, c, {
+    capture: !0,
+    passive: e
+  }) : a.addEventListener(b, c, !0) : void 0 !== e ? a.addEventListener(b, c, {
+    passive: e
+  }) : a.addEventListener(b, c, !1);
+}
+function hd(a, b, c, d, e) {
+  var f = d;
+  if (0 === (b & 1) && 0 === (b & 2) && null !== d) a: for (;;) {
+    if (null === d) return;
+    var g = d.tag;
+    if (3 === g || 4 === g) {
+      var h = d.stateNode.containerInfo;
+      if (h === e || 8 === h.nodeType && h.parentNode === e) break;
+      if (4 === g) for (g = d.return; null !== g;) {
+        var k = g.tag;
+        if (3 === k || 4 === k) if (k = g.stateNode.containerInfo, k === e || 8 === k.nodeType && k.parentNode === e) return;
+        g = g.return;
+      }
+      for (; null !== h;) {
+        g = Wc(h);
+        if (null === g) return;
+        k = g.tag;
+        if (5 === k || 6 === k) {
+          d = f = g;
+          continue a;
+        }
+        h = h.parentNode;
+      }
+    }
+    d = d.return;
+  }
+  Jb(function () {
+    var d = f,
+      e = xb(c),
+      g = [];
+    a: {
+      var h = df.get(a);
+      if (void 0 !== h) {
+        var k = td,
+          n = a;
+        switch (a) {
+          case "keypress":
+            if (0 === od(c)) break a;
+          case "keydown":
+          case "keyup":
+            k = Rd;
+            break;
+          case "focusin":
+            n = "focus";
+            k = Fd;
+            break;
+          case "focusout":
+            n = "blur";
+            k = Fd;
+            break;
+          case "beforeblur":
+          case "afterblur":
+            k = Fd;
+            break;
+          case "click":
+            if (2 === c.button) break a;
+          case "auxclick":
+          case "dblclick":
+          case "mousedown":
+          case "mousemove":
+          case "mouseup":
+          case "mouseout":
+          case "mouseover":
+          case "contextmenu":
+            k = Bd;
+            break;
+          case "drag":
+          case "dragend":
+          case "dragenter":
+          case "dragexit":
+          case "dragleave":
+          case "dragover":
+          case "dragstart":
+          case "drop":
+            k = Dd;
+            break;
+          case "touchcancel":
+          case "touchend":
+          case "touchmove":
+          case "touchstart":
+            k = Vd;
+            break;
+          case $e:
+          case af:
+          case bf:
+            k = Hd;
+            break;
+          case cf:
+            k = Xd;
+            break;
+          case "scroll":
+            k = vd;
+            break;
+          case "wheel":
+            k = Zd;
+            break;
+          case "copy":
+          case "cut":
+          case "paste":
+            k = Jd;
+            break;
+          case "gotpointercapture":
+          case "lostpointercapture":
+          case "pointercancel":
+          case "pointerdown":
+          case "pointermove":
+          case "pointerout":
+          case "pointerover":
+          case "pointerup":
+            k = Td;
+        }
+        var t = 0 !== (b & 4),
+          J = !t && "scroll" === a,
+          x = t ? null !== h ? h + "Capture" : null : h;
+        t = [];
+        for (var w = d, u; null !== w;) {
+          u = w;
+          var F = u.stateNode;
+          5 === u.tag && null !== F && (u = F, null !== x && (F = Kb(w, x), null != F && t.push(tf(w, F, u))));
+          if (J) break;
+          w = w.return;
+        }
+        0 < t.length && (h = new k(h, n, null, c, e), g.push({
+          event: h,
+          listeners: t
+        }));
+      }
+    }
+    if (0 === (b & 7)) {
+      a: {
+        h = "mouseover" === a || "pointerover" === a;
+        k = "mouseout" === a || "pointerout" === a;
+        if (h && c !== wb && (n = c.relatedTarget || c.fromElement) && (Wc(n) || n[uf])) break a;
+        if (k || h) {
+          h = e.window === e ? e : (h = e.ownerDocument) ? h.defaultView || h.parentWindow : window;
+          if (k) {
+            if (n = c.relatedTarget || c.toElement, k = d, n = n ? Wc(n) : null, null !== n && (J = Vb(n), n !== J || 5 !== n.tag && 6 !== n.tag)) n = null;
+          } else k = null, n = d;
+          if (k !== n) {
+            t = Bd;
+            F = "onMouseLeave";
+            x = "onMouseEnter";
+            w = "mouse";
+            if ("pointerout" === a || "pointerover" === a) t = Td, F = "onPointerLeave", x = "onPointerEnter", w = "pointer";
+            J = null == k ? h : ue(k);
+            u = null == n ? h : ue(n);
+            h = new t(F, w + "leave", k, c, e);
+            h.target = J;
+            h.relatedTarget = u;
+            F = null;
+            Wc(e) === d && (t = new t(x, w + "enter", n, c, e), t.target = u, t.relatedTarget = J, F = t);
+            J = F;
+            if (k && n) b: {
+              t = k;
+              x = n;
+              w = 0;
+              for (u = t; u; u = vf(u)) w++;
+              u = 0;
+              for (F = x; F; F = vf(F)) u++;
+              for (; 0 < w - u;) t = vf(t), w--;
+              for (; 0 < u - w;) x = vf(x), u--;
+              for (; w--;) {
+                if (t === x || null !== x && t === x.alternate) break b;
+                t = vf(t);
+                x = vf(x);
+              }
+              t = null;
+            } else t = null;
+            null !== k && wf(g, h, k, t, !1);
+            null !== n && null !== J && wf(g, J, n, t, !0);
+          }
+        }
+      }
+      a: {
+        h = d ? ue(d) : window;
+        k = h.nodeName && h.nodeName.toLowerCase();
+        if ("select" === k || "input" === k && "file" === h.type) var na = ve;else if (me(h)) {
+          if (we) na = Fe;else {
+            na = De;
+            var xa = Ce;
+          }
+        } else (k = h.nodeName) && "input" === k.toLowerCase() && ("checkbox" === h.type || "radio" === h.type) && (na = Ee);
+        if (na && (na = na(a, d))) {
+          ne(g, na, c, e);
+          break a;
+        }
+        xa && xa(a, h, d);
+        "focusout" === a && (xa = h._wrapperState) && xa.controlled && "number" === h.type && cb(h, "number", h.value);
+      }
+      xa = d ? ue(d) : window;
+      switch (a) {
+        case "focusin":
+          if (me(xa) || "true" === xa.contentEditable) Qe = xa, Re = d, Se = null;
+          break;
+        case "focusout":
+          Se = Re = Qe = null;
+          break;
+        case "mousedown":
+          Te = !0;
+          break;
+        case "contextmenu":
+        case "mouseup":
+        case "dragend":
+          Te = !1;
+          Ue(g, c, e);
+          break;
+        case "selectionchange":
+          if (Pe) break;
+        case "keydown":
+        case "keyup":
+          Ue(g, c, e);
+      }
+      var $a;
+      if (ae) b: {
+        switch (a) {
+          case "compositionstart":
+            var ba = "onCompositionStart";
+            break b;
+          case "compositionend":
+            ba = "onCompositionEnd";
+            break b;
+          case "compositionupdate":
+            ba = "onCompositionUpdate";
+            break b;
+        }
+        ba = void 0;
+      } else ie ? ge(a, c) && (ba = "onCompositionEnd") : "keydown" === a && 229 === c.keyCode && (ba = "onCompositionStart");
+      ba && (de && "ko" !== c.locale && (ie || "onCompositionStart" !== ba ? "onCompositionEnd" === ba && ie && ($a = nd()) : (kd = e, ld = "value" in kd ? kd.value : kd.textContent, ie = !0)), xa = oe(d, ba), 0 < xa.length && (ba = new Ld(ba, a, null, c, e), g.push({
+        event: ba,
+        listeners: xa
+      }), $a ? ba.data = $a : ($a = he(c), null !== $a && (ba.data = $a))));
+      if ($a = ce ? je(a, c) : ke(a, c)) d = oe(d, "onBeforeInput"), 0 < d.length && (e = new Ld("onBeforeInput", "beforeinput", null, c, e), g.push({
+        event: e,
+        listeners: d
+      }), e.data = $a);
+    }
+    se(g, b);
+  });
+}
+function tf(a, b, c) {
+  return {
+    instance: a,
+    listener: b,
+    currentTarget: c
+  };
+}
+function oe(a, b) {
+  for (var c = b + "Capture", d = []; null !== a;) {
+    var e = a,
+      f = e.stateNode;
+    5 === e.tag && null !== f && (e = f, f = Kb(a, c), null != f && d.unshift(tf(a, f, e)), f = Kb(a, b), null != f && d.push(tf(a, f, e)));
+    a = a.return;
+  }
+  return d;
+}
+function vf(a) {
+  if (null === a) return null;
+  do a = a.return; while (a && 5 !== a.tag);
+  return a ? a : null;
+}
+function wf(a, b, c, d, e) {
+  for (var f = b._reactName, g = []; null !== c && c !== d;) {
+    var h = c,
+      k = h.alternate,
+      l = h.stateNode;
+    if (null !== k && k === d) break;
+    5 === h.tag && null !== l && (h = l, e ? (k = Kb(c, f), null != k && g.unshift(tf(c, k, h))) : e || (k = Kb(c, f), null != k && g.push(tf(c, k, h))));
+    c = c.return;
+  }
+  0 !== g.length && a.push({
+    event: b,
+    listeners: g
+  });
+}
+var xf = /\r\n?/g,
+  yf = /\u0000|\uFFFD/g;
+function zf(a) {
+  return ("string" === typeof a ? a : "" + a).replace(xf, "\n").replace(yf, "");
+}
+function Af(a, b, c) {
+  b = zf(b);
+  if (zf(a) !== b && c) throw Error(p(425));
+}
+function Bf() {}
+var Cf = null,
+  Df = null;
+function Ef(a, b) {
+  return "textarea" === a || "noscript" === a || "string" === typeof b.children || "number" === typeof b.children || "object" === typeof b.dangerouslySetInnerHTML && null !== b.dangerouslySetInnerHTML && null != b.dangerouslySetInnerHTML.__html;
+}
+var Ff = "function" === typeof setTimeout ? setTimeout : void 0,
+  Gf = "function" === typeof clearTimeout ? clearTimeout : void 0,
+  Hf = "function" === typeof Promise ? Promise : void 0,
+  Jf = "function" === typeof queueMicrotask ? queueMicrotask : "undefined" !== typeof Hf ? function (a) {
+    return Hf.resolve(null).then(a).catch(If);
+  } : Ff;
+function If(a) {
+  setTimeout(function () {
+    throw a;
+  });
+}
+function Kf(a, b) {
+  var c = b,
+    d = 0;
+  do {
+    var e = c.nextSibling;
+    a.removeChild(c);
+    if (e && 8 === e.nodeType) if (c = e.data, "/$" === c) {
+      if (0 === d) {
+        a.removeChild(e);
+        bd(b);
+        return;
+      }
+      d--;
+    } else "$" !== c && "$?" !== c && "$!" !== c || d++;
+    c = e;
+  } while (c);
+  bd(b);
+}
+function Lf(a) {
+  for (; null != a; a = a.nextSibling) {
+    var b = a.nodeType;
+    if (1 === b || 3 === b) break;
+    if (8 === b) {
+      b = a.data;
+      if ("$" === b || "$!" === b || "$?" === b) break;
+      if ("/$" === b) return null;
+    }
+  }
+  return a;
+}
+function Mf(a) {
+  a = a.previousSibling;
+  for (var b = 0; a;) {
+    if (8 === a.nodeType) {
+      var c = a.data;
+      if ("$" === c || "$!" === c || "$?" === c) {
+        if (0 === b) return a;
+        b--;
+      } else "/$" === c && b++;
+    }
+    a = a.previousSibling;
+  }
+  return null;
+}
+var Nf = Math.random().toString(36).slice(2),
+  Of = "__reactFiber$" + Nf,
+  Pf = "__reactProps$" + Nf,
+  uf = "__reactContainer$" + Nf,
+  of = "__reactEvents$" + Nf,
+  Qf = "__reactListeners$" + Nf,
+  Rf = "__reactHandles$" + Nf;
+function Wc(a) {
+  var b = a[Of];
+  if (b) return b;
+  for (var c = a.parentNode; c;) {
+    if (b = c[uf] || c[Of]) {
+      c = b.alternate;
+      if (null !== b.child || null !== c && null !== c.child) for (a = Mf(a); null !== a;) {
+        if (c = a[Of]) return c;
+        a = Mf(a);
+      }
+      return b;
+    }
+    a = c;
+    c = a.parentNode;
+  }
+  return null;
+}
+function Cb(a) {
+  a = a[Of] || a[uf];
+  return !a || 5 !== a.tag && 6 !== a.tag && 13 !== a.tag && 3 !== a.tag ? null : a;
+}
+function ue(a) {
+  if (5 === a.tag || 6 === a.tag) return a.stateNode;
+  throw Error(p(33));
+}
+function Db(a) {
+  return a[Pf] || null;
+}
+var Sf = [],
+  Tf = -1;
+function Uf(a) {
+  return {
+    current: a
+  };
+}
+function E(a) {
+  0 > Tf || (a.current = Sf[Tf], Sf[Tf] = null, Tf--);
+}
+function G(a, b) {
+  Tf++;
+  Sf[Tf] = a.current;
+  a.current = b;
+}
+var Vf = {},
+  H = Uf(Vf),
+  Wf = Uf(!1),
+  Xf = Vf;
+function Yf(a, b) {
+  var c = a.type.contextTypes;
+  if (!c) return Vf;
+  var d = a.stateNode;
+  if (d && d.__reactInternalMemoizedUnmaskedChildContext === b) return d.__reactInternalMemoizedMaskedChildContext;
+  var e = {},
+    f;
+  for (f in c) e[f] = b[f];
+  d && (a = a.stateNode, a.__reactInternalMemoizedUnmaskedChildContext = b, a.__reactInternalMemoizedMaskedChildContext = e);
+  return e;
+}
+function Zf(a) {
+  a = a.childContextTypes;
+  return null !== a && void 0 !== a;
+}
+function $f() {
+  E(Wf);
+  E(H);
+}
+function ag(a, b, c) {
+  if (H.current !== Vf) throw Error(p(168));
+  G(H, b);
+  G(Wf, c);
+}
+function bg(a, b, c) {
+  var d = a.stateNode;
+  b = b.childContextTypes;
+  if ("function" !== typeof d.getChildContext) return c;
+  d = d.getChildContext();
+  for (var e in d) if (!(e in b)) throw Error(p(108, Ra(a) || "Unknown", e));
+  return A({}, c, d);
+}
+function cg(a) {
+  a = (a = a.stateNode) && a.__reactInternalMemoizedMergedChildContext || Vf;
+  Xf = H.current;
+  G(H, a);
+  G(Wf, Wf.current);
+  return !0;
+}
+function dg(a, b, c) {
+  var d = a.stateNode;
+  if (!d) throw Error(p(169));
+  c ? (a = bg(a, b, Xf), d.__reactInternalMemoizedMergedChildContext = a, E(Wf), E(H), G(H, a)) : E(Wf);
+  G(Wf, c);
+}
+var eg = null,
+  fg = !1,
+  gg = !1;
+function hg(a) {
+  null === eg ? eg = [a] : eg.push(a);
+}
+function ig(a) {
+  fg = !0;
+  hg(a);
+}
+function jg() {
+  if (!gg && null !== eg) {
+    gg = !0;
+    var a = 0,
+      b = C;
+    try {
+      var c = eg;
+      for (C = 1; a < c.length; a++) {
+        var d = c[a];
+        do d = d(!0); while (null !== d);
+      }
+      eg = null;
+      fg = !1;
+    } catch (e) {
+      throw null !== eg && (eg = eg.slice(a + 1)), ac(fc, jg), e;
+    } finally {
+      C = b, gg = !1;
+    }
+  }
+  return null;
+}
+var kg = [],
+  lg = 0,
+  mg = null,
+  ng = 0,
+  og = [],
+  pg = 0,
+  qg = null,
+  rg = 1,
+  sg = "";
+function tg(a, b) {
+  kg[lg++] = ng;
+  kg[lg++] = mg;
+  mg = a;
+  ng = b;
+}
+function ug(a, b, c) {
+  og[pg++] = rg;
+  og[pg++] = sg;
+  og[pg++] = qg;
+  qg = a;
+  var d = rg;
+  a = sg;
+  var e = 32 - oc(d) - 1;
+  d &= ~(1 << e);
+  c += 1;
+  var f = 32 - oc(b) + e;
+  if (30 < f) {
+    var g = e - e % 5;
+    f = (d & (1 << g) - 1).toString(32);
+    d >>= g;
+    e -= g;
+    rg = 1 << 32 - oc(b) + e | c << e | d;
+    sg = f + a;
+  } else rg = 1 << f | c << e | d, sg = a;
+}
+function vg(a) {
+  null !== a.return && (tg(a, 1), ug(a, 1, 0));
+}
+function wg(a) {
+  for (; a === mg;) mg = kg[--lg], kg[lg] = null, ng = kg[--lg], kg[lg] = null;
+  for (; a === qg;) qg = og[--pg], og[pg] = null, sg = og[--pg], og[pg] = null, rg = og[--pg], og[pg] = null;
+}
+var xg = null,
+  yg = null,
+  I = !1,
+  zg = null;
+function Ag(a, b) {
+  var c = Bg(5, null, null, 0);
+  c.elementType = "DELETED";
+  c.stateNode = b;
+  c.return = a;
+  b = a.deletions;
+  null === b ? (a.deletions = [c], a.flags |= 16) : b.push(c);
+}
+function Cg(a, b) {
+  switch (a.tag) {
+    case 5:
+      var c = a.type;
+      b = 1 !== b.nodeType || c.toLowerCase() !== b.nodeName.toLowerCase() ? null : b;
+      return null !== b ? (a.stateNode = b, xg = a, yg = Lf(b.firstChild), !0) : !1;
+    case 6:
+      return b = "" === a.pendingProps || 3 !== b.nodeType ? null : b, null !== b ? (a.stateNode = b, xg = a, yg = null, !0) : !1;
+    case 13:
+      return b = 8 !== b.nodeType ? null : b, null !== b ? (c = null !== qg ? {
+        id: rg,
+        overflow: sg
+      } : null, a.memoizedState = {
+        dehydrated: b,
+        treeContext: c,
+        retryLane: 1073741824
+      }, c = Bg(18, null, null, 0), c.stateNode = b, c.return = a, a.child = c, xg = a, yg = null, !0) : !1;
+    default:
+      return !1;
+  }
+}
+function Dg(a) {
+  return 0 !== (a.mode & 1) && 0 === (a.flags & 128);
+}
+function Eg(a) {
+  if (I) {
+    var b = yg;
+    if (b) {
+      var c = b;
+      if (!Cg(a, b)) {
+        if (Dg(a)) throw Error(p(418));
+        b = Lf(c.nextSibling);
+        var d = xg;
+        b && Cg(a, b) ? Ag(d, c) : (a.flags = a.flags & -4097 | 2, I = !1, xg = a);
+      }
+    } else {
+      if (Dg(a)) throw Error(p(418));
+      a.flags = a.flags & -4097 | 2;
+      I = !1;
+      xg = a;
+    }
+  }
+}
+function Fg(a) {
+  for (a = a.return; null !== a && 5 !== a.tag && 3 !== a.tag && 13 !== a.tag;) a = a.return;
+  xg = a;
+}
+function Gg(a) {
+  if (a !== xg) return !1;
+  if (!I) return Fg(a), I = !0, !1;
+  var b;
+  (b = 3 !== a.tag) && !(b = 5 !== a.tag) && (b = a.type, b = "head" !== b && "body" !== b && !Ef(a.type, a.memoizedProps));
+  if (b && (b = yg)) {
+    if (Dg(a)) throw Hg(), Error(p(418));
+    for (; b;) Ag(a, b), b = Lf(b.nextSibling);
+  }
+  Fg(a);
+  if (13 === a.tag) {
+    a = a.memoizedState;
+    a = null !== a ? a.dehydrated : null;
+    if (!a) throw Error(p(317));
+    a: {
+      a = a.nextSibling;
+      for (b = 0; a;) {
+        if (8 === a.nodeType) {
+          var c = a.data;
+          if ("/$" === c) {
+            if (0 === b) {
+              yg = Lf(a.nextSibling);
+              break a;
+            }
+            b--;
+          } else "$" !== c && "$!" !== c && "$?" !== c || b++;
+        }
+        a = a.nextSibling;
+      }
+      yg = null;
+    }
+  } else yg = xg ? Lf(a.stateNode.nextSibling) : null;
+  return !0;
+}
+function Hg() {
+  for (var a = yg; a;) a = Lf(a.nextSibling);
+}
+function Ig() {
+  yg = xg = null;
+  I = !1;
+}
+function Jg(a) {
+  null === zg ? zg = [a] : zg.push(a);
+}
+var Kg = ua.ReactCurrentBatchConfig;
+function Lg(a, b) {
+  if (a && a.defaultProps) {
+    b = A({}, b);
+    a = a.defaultProps;
+    for (var c in a) void 0 === b[c] && (b[c] = a[c]);
+    return b;
+  }
+  return b;
+}
+var Mg = Uf(null),
+  Ng = null,
+  Og = null,
+  Pg = null;
+function Qg() {
+  Pg = Og = Ng = null;
+}
+function Rg(a) {
+  var b = Mg.current;
+  E(Mg);
+  a._currentValue = b;
+}
+function Sg(a, b, c) {
+  for (; null !== a;) {
+    var d = a.alternate;
+    (a.childLanes & b) !== b ? (a.childLanes |= b, null !== d && (d.childLanes |= b)) : null !== d && (d.childLanes & b) !== b && (d.childLanes |= b);
+    if (a === c) break;
+    a = a.return;
+  }
+}
+function Tg(a, b) {
+  Ng = a;
+  Pg = Og = null;
+  a = a.dependencies;
+  null !== a && null !== a.firstContext && (0 !== (a.lanes & b) && (Ug = !0), a.firstContext = null);
+}
+function Vg(a) {
+  var b = a._currentValue;
+  if (Pg !== a) if (a = {
+    context: a,
+    memoizedValue: b,
+    next: null
+  }, null === Og) {
+    if (null === Ng) throw Error(p(308));
+    Og = a;
+    Ng.dependencies = {
+      lanes: 0,
+      firstContext: a
+    };
+  } else Og = Og.next = a;
+  return b;
+}
+var Wg = null;
+function Xg(a) {
+  null === Wg ? Wg = [a] : Wg.push(a);
+}
+function Yg(a, b, c, d) {
+  var e = b.interleaved;
+  null === e ? (c.next = c, Xg(b)) : (c.next = e.next, e.next = c);
+  b.interleaved = c;
+  return Zg(a, d);
+}
+function Zg(a, b) {
+  a.lanes |= b;
+  var c = a.alternate;
+  null !== c && (c.lanes |= b);
+  c = a;
+  for (a = a.return; null !== a;) a.childLanes |= b, c = a.alternate, null !== c && (c.childLanes |= b), c = a, a = a.return;
+  return 3 === c.tag ? c.stateNode : null;
+}
+var $g = !1;
+function ah(a) {
+  a.updateQueue = {
+    baseState: a.memoizedState,
+    firstBaseUpdate: null,
+    lastBaseUpdate: null,
+    shared: {
+      pending: null,
+      interleaved: null,
+      lanes: 0
+    },
+    effects: null
+  };
+}
+function bh(a, b) {
+  a = a.updateQueue;
+  b.updateQueue === a && (b.updateQueue = {
+    baseState: a.baseState,
+    firstBaseUpdate: a.firstBaseUpdate,
+    lastBaseUpdate: a.lastBaseUpdate,
+    shared: a.shared,
+    effects: a.effects
+  });
+}
+function ch(a, b) {
+  return {
+    eventTime: a,
+    lane: b,
+    tag: 0,
+    payload: null,
+    callback: null,
+    next: null
+  };
+}
+function dh(a, b, c) {
+  var d = a.updateQueue;
+  if (null === d) return null;
+  d = d.shared;
+  if (0 !== (K & 2)) {
+    var e = d.pending;
+    null === e ? b.next = b : (b.next = e.next, e.next = b);
+    d.pending = b;
+    return Zg(a, c);
+  }
+  e = d.interleaved;
+  null === e ? (b.next = b, Xg(d)) : (b.next = e.next, e.next = b);
+  d.interleaved = b;
+  return Zg(a, c);
+}
+function eh(a, b, c) {
+  b = b.updateQueue;
+  if (null !== b && (b = b.shared, 0 !== (c & 4194240))) {
+    var d = b.lanes;
+    d &= a.pendingLanes;
+    c |= d;
+    b.lanes = c;
+    Cc(a, c);
+  }
+}
+function fh(a, b) {
+  var c = a.updateQueue,
+    d = a.alternate;
+  if (null !== d && (d = d.updateQueue, c === d)) {
+    var e = null,
+      f = null;
+    c = c.firstBaseUpdate;
+    if (null !== c) {
+      do {
+        var g = {
+          eventTime: c.eventTime,
+          lane: c.lane,
+          tag: c.tag,
+          payload: c.payload,
+          callback: c.callback,
+          next: null
+        };
+        null === f ? e = f = g : f = f.next = g;
+        c = c.next;
+      } while (null !== c);
+      null === f ? e = f = b : f = f.next = b;
+    } else e = f = b;
+    c = {
+      baseState: d.baseState,
+      firstBaseUpdate: e,
+      lastBaseUpdate: f,
+      shared: d.shared,
+      effects: d.effects
+    };
+    a.updateQueue = c;
+    return;
+  }
+  a = c.lastBaseUpdate;
+  null === a ? c.firstBaseUpdate = b : a.next = b;
+  c.lastBaseUpdate = b;
+}
+function gh(a, b, c, d) {
+  var e = a.updateQueue;
+  $g = !1;
+  var f = e.firstBaseUpdate,
+    g = e.lastBaseUpdate,
+    h = e.shared.pending;
+  if (null !== h) {
+    e.shared.pending = null;
+    var k = h,
+      l = k.next;
+    k.next = null;
+    null === g ? f = l : g.next = l;
+    g = k;
+    var m = a.alternate;
+    null !== m && (m = m.updateQueue, h = m.lastBaseUpdate, h !== g && (null === h ? m.firstBaseUpdate = l : h.next = l, m.lastBaseUpdate = k));
+  }
+  if (null !== f) {
+    var q = e.baseState;
+    g = 0;
+    m = l = k = null;
+    h = f;
+    do {
+      var r = h.lane,
+        y = h.eventTime;
+      if ((d & r) === r) {
+        null !== m && (m = m.next = {
+          eventTime: y,
+          lane: 0,
+          tag: h.tag,
+          payload: h.payload,
+          callback: h.callback,
+          next: null
+        });
+        a: {
+          var n = a,
+            t = h;
+          r = b;
+          y = c;
+          switch (t.tag) {
+            case 1:
+              n = t.payload;
+              if ("function" === typeof n) {
+                q = n.call(y, q, r);
+                break a;
+              }
+              q = n;
+              break a;
+            case 3:
+              n.flags = n.flags & -65537 | 128;
+            case 0:
+              n = t.payload;
+              r = "function" === typeof n ? n.call(y, q, r) : n;
+              if (null === r || void 0 === r) break a;
+              q = A({}, q, r);
+              break a;
+            case 2:
+              $g = !0;
+          }
+        }
+        null !== h.callback && 0 !== h.lane && (a.flags |= 64, r = e.effects, null === r ? e.effects = [h] : r.push(h));
+      } else y = {
+        eventTime: y,
+        lane: r,
+        tag: h.tag,
+        payload: h.payload,
+        callback: h.callback,
+        next: null
+      }, null === m ? (l = m = y, k = q) : m = m.next = y, g |= r;
+      h = h.next;
+      if (null === h) if (h = e.shared.pending, null === h) break;else r = h, h = r.next, r.next = null, e.lastBaseUpdate = r, e.shared.pending = null;
+    } while (1);
+    null === m && (k = q);
+    e.baseState = k;
+    e.firstBaseUpdate = l;
+    e.lastBaseUpdate = m;
+    b = e.shared.interleaved;
+    if (null !== b) {
+      e = b;
+      do g |= e.lane, e = e.next; while (e !== b);
+    } else null === f && (e.shared.lanes = 0);
+    hh |= g;
+    a.lanes = g;
+    a.memoizedState = q;
+  }
+}
+function ih(a, b, c) {
+  a = b.effects;
+  b.effects = null;
+  if (null !== a) for (b = 0; b < a.length; b++) {
+    var d = a[b],
+      e = d.callback;
+    if (null !== e) {
+      d.callback = null;
+      d = c;
+      if ("function" !== typeof e) throw Error(p(191, e));
+      e.call(d);
+    }
+  }
+}
+var jh = new aa.Component().refs;
+function kh(a, b, c, d) {
+  b = a.memoizedState;
+  c = c(d, b);
+  c = null === c || void 0 === c ? b : A({}, b, c);
+  a.memoizedState = c;
+  0 === a.lanes && (a.updateQueue.baseState = c);
+}
+var nh = {
+  isMounted: function isMounted(a) {
+    return (a = a._reactInternals) ? Vb(a) === a : !1;
+  },
+  enqueueSetState: function enqueueSetState(a, b, c) {
+    a = a._reactInternals;
+    var d = L(),
+      e = lh(a),
+      f = ch(d, e);
+    f.payload = b;
+    void 0 !== c && null !== c && (f.callback = c);
+    b = dh(a, f, e);
+    null !== b && (mh(b, a, e, d), eh(b, a, e));
+  },
+  enqueueReplaceState: function enqueueReplaceState(a, b, c) {
+    a = a._reactInternals;
+    var d = L(),
+      e = lh(a),
+      f = ch(d, e);
+    f.tag = 1;
+    f.payload = b;
+    void 0 !== c && null !== c && (f.callback = c);
+    b = dh(a, f, e);
+    null !== b && (mh(b, a, e, d), eh(b, a, e));
+  },
+  enqueueForceUpdate: function enqueueForceUpdate(a, b) {
+    a = a._reactInternals;
+    var c = L(),
+      d = lh(a),
+      e = ch(c, d);
+    e.tag = 2;
+    void 0 !== b && null !== b && (e.callback = b);
+    b = dh(a, e, d);
+    null !== b && (mh(b, a, d, c), eh(b, a, d));
+  }
+};
+function oh(a, b, c, d, e, f, g) {
+  a = a.stateNode;
+  return "function" === typeof a.shouldComponentUpdate ? a.shouldComponentUpdate(d, f, g) : b.prototype && b.prototype.isPureReactComponent ? !Ie(c, d) || !Ie(e, f) : !0;
+}
+function ph(a, b, c) {
+  var d = !1,
+    e = Vf;
+  var f = b.contextType;
+  "object" === typeof f && null !== f ? f = Vg(f) : (e = Zf(b) ? Xf : H.current, d = b.contextTypes, f = (d = null !== d && void 0 !== d) ? Yf(a, e) : Vf);
+  b = new b(c, f);
+  a.memoizedState = null !== b.state && void 0 !== b.state ? b.state : null;
+  b.updater = nh;
+  a.stateNode = b;
+  b._reactInternals = a;
+  d && (a = a.stateNode, a.__reactInternalMemoizedUnmaskedChildContext = e, a.__reactInternalMemoizedMaskedChildContext = f);
+  return b;
+}
+function qh(a, b, c, d) {
+  a = b.state;
+  "function" === typeof b.componentWillReceiveProps && b.componentWillReceiveProps(c, d);
+  "function" === typeof b.UNSAFE_componentWillReceiveProps && b.UNSAFE_componentWillReceiveProps(c, d);
+  b.state !== a && nh.enqueueReplaceState(b, b.state, null);
+}
+function rh(a, b, c, d) {
+  var e = a.stateNode;
+  e.props = c;
+  e.state = a.memoizedState;
+  e.refs = jh;
+  ah(a);
+  var f = b.contextType;
+  "object" === typeof f && null !== f ? e.context = Vg(f) : (f = Zf(b) ? Xf : H.current, e.context = Yf(a, f));
+  e.state = a.memoizedState;
+  f = b.getDerivedStateFromProps;
+  "function" === typeof f && (kh(a, b, f, c), e.state = a.memoizedState);
+  "function" === typeof b.getDerivedStateFromProps || "function" === typeof e.getSnapshotBeforeUpdate || "function" !== typeof e.UNSAFE_componentWillMount && "function" !== typeof e.componentWillMount || (b = e.state, "function" === typeof e.componentWillMount && e.componentWillMount(), "function" === typeof e.UNSAFE_componentWillMount && e.UNSAFE_componentWillMount(), b !== e.state && nh.enqueueReplaceState(e, e.state, null), gh(a, c, e, d), e.state = a.memoizedState);
+  "function" === typeof e.componentDidMount && (a.flags |= 4194308);
+}
+function sh(a, b, c) {
+  a = c.ref;
+  if (null !== a && "function" !== typeof a && "object" !== typeof a) {
+    if (c._owner) {
+      c = c._owner;
+      if (c) {
+        if (1 !== c.tag) throw Error(p(309));
+        var d = c.stateNode;
+      }
+      if (!d) throw Error(p(147, a));
+      var e = d,
+        f = "" + a;
+      if (null !== b && null !== b.ref && "function" === typeof b.ref && b.ref._stringRef === f) return b.ref;
+      b = function b(a) {
+        var b = e.refs;
+        b === jh && (b = e.refs = {});
+        null === a ? delete b[f] : b[f] = a;
+      };
+      b._stringRef = f;
+      return b;
+    }
+    if ("string" !== typeof a) throw Error(p(284));
+    if (!c._owner) throw Error(p(290, a));
+  }
+  return a;
+}
+function th(a, b) {
+  a = Object.prototype.toString.call(b);
+  throw Error(p(31, "[object Object]" === a ? "object with keys {" + Object.keys(b).join(", ") + "}" : a));
+}
+function uh(a) {
+  var b = a._init;
+  return b(a._payload);
+}
+function vh(a) {
+  function b(b, c) {
+    if (a) {
+      var d = b.deletions;
+      null === d ? (b.deletions = [c], b.flags |= 16) : d.push(c);
+    }
+  }
+  function c(c, d) {
+    if (!a) return null;
+    for (; null !== d;) b(c, d), d = d.sibling;
+    return null;
+  }
+  function d(a, b) {
+    for (a = new Map(); null !== b;) null !== b.key ? a.set(b.key, b) : a.set(b.index, b), b = b.sibling;
+    return a;
+  }
+  function e(a, b) {
+    a = wh(a, b);
+    a.index = 0;
+    a.sibling = null;
+    return a;
+  }
+  function f(b, c, d) {
+    b.index = d;
+    if (!a) return b.flags |= 1048576, c;
+    d = b.alternate;
+    if (null !== d) return d = d.index, d < c ? (b.flags |= 2, c) : d;
+    b.flags |= 2;
+    return c;
+  }
+  function g(b) {
+    a && null === b.alternate && (b.flags |= 2);
+    return b;
+  }
+  function h(a, b, c, d) {
+    if (null === b || 6 !== b.tag) return b = xh(c, a.mode, d), b.return = a, b;
+    b = e(b, c);
+    b.return = a;
+    return b;
+  }
+  function k(a, b, c, d) {
+    var f = c.type;
+    if (f === ya) return m(a, b, c.props.children, d, c.key);
+    if (null !== b && (b.elementType === f || "object" === typeof f && null !== f && f.$$typeof === Ha && uh(f) === b.type)) return d = e(b, c.props), d.ref = sh(a, b, c), d.return = a, d;
+    d = yh(c.type, c.key, c.props, null, a.mode, d);
+    d.ref = sh(a, b, c);
+    d.return = a;
+    return d;
+  }
+  function l(a, b, c, d) {
+    if (null === b || 4 !== b.tag || b.stateNode.containerInfo !== c.containerInfo || b.stateNode.implementation !== c.implementation) return b = zh(c, a.mode, d), b.return = a, b;
+    b = e(b, c.children || []);
+    b.return = a;
+    return b;
+  }
+  function m(a, b, c, d, f) {
+    if (null === b || 7 !== b.tag) return b = Ah(c, a.mode, d, f), b.return = a, b;
+    b = e(b, c);
+    b.return = a;
+    return b;
+  }
+  function q(a, b, c) {
+    if ("string" === typeof b && "" !== b || "number" === typeof b) return b = xh("" + b, a.mode, c), b.return = a, b;
+    if ("object" === typeof b && null !== b) {
+      switch (b.$$typeof) {
+        case va:
+          return c = yh(b.type, b.key, b.props, null, a.mode, c), c.ref = sh(a, null, b), c.return = a, c;
+        case wa:
+          return b = zh(b, a.mode, c), b.return = a, b;
+        case Ha:
+          var d = b._init;
+          return q(a, d(b._payload), c);
+      }
+      if (eb(b) || Ka(b)) return b = Ah(b, a.mode, c, null), b.return = a, b;
+      th(a, b);
+    }
+    return null;
+  }
+  function r(a, b, c, d) {
+    var e = null !== b ? b.key : null;
+    if ("string" === typeof c && "" !== c || "number" === typeof c) return null !== e ? null : h(a, b, "" + c, d);
+    if ("object" === typeof c && null !== c) {
+      switch (c.$$typeof) {
+        case va:
+          return c.key === e ? k(a, b, c, d) : null;
+        case wa:
+          return c.key === e ? l(a, b, c, d) : null;
+        case Ha:
+          return e = c._init, r(a, b, e(c._payload), d);
+      }
+      if (eb(c) || Ka(c)) return null !== e ? null : m(a, b, c, d, null);
+      th(a, c);
+    }
+    return null;
+  }
+  function y(a, b, c, d, e) {
+    if ("string" === typeof d && "" !== d || "number" === typeof d) return a = a.get(c) || null, h(b, a, "" + d, e);
+    if ("object" === typeof d && null !== d) {
+      switch (d.$$typeof) {
+        case va:
+          return a = a.get(null === d.key ? c : d.key) || null, k(b, a, d, e);
+        case wa:
+          return a = a.get(null === d.key ? c : d.key) || null, l(b, a, d, e);
+        case Ha:
+          var f = d._init;
+          return y(a, b, c, f(d._payload), e);
+      }
+      if (eb(d) || Ka(d)) return a = a.get(c) || null, m(b, a, d, e, null);
+      th(b, d);
+    }
+    return null;
+  }
+  function n(e, g, h, k) {
+    for (var l = null, m = null, u = g, w = g = 0, x = null; null !== u && w < h.length; w++) {
+      u.index > w ? (x = u, u = null) : x = u.sibling;
+      var n = r(e, u, h[w], k);
+      if (null === n) {
+        null === u && (u = x);
+        break;
+      }
+      a && u && null === n.alternate && b(e, u);
+      g = f(n, g, w);
+      null === m ? l = n : m.sibling = n;
+      m = n;
+      u = x;
+    }
+    if (w === h.length) return c(e, u), I && tg(e, w), l;
+    if (null === u) {
+      for (; w < h.length; w++) u = q(e, h[w], k), null !== u && (g = f(u, g, w), null === m ? l = u : m.sibling = u, m = u);
+      I && tg(e, w);
+      return l;
+    }
+    for (u = d(e, u); w < h.length; w++) x = y(u, e, w, h[w], k), null !== x && (a && null !== x.alternate && u.delete(null === x.key ? w : x.key), g = f(x, g, w), null === m ? l = x : m.sibling = x, m = x);
+    a && u.forEach(function (a) {
+      return b(e, a);
+    });
+    I && tg(e, w);
+    return l;
+  }
+  function t(e, g, h, k) {
+    var l = Ka(h);
+    if ("function" !== typeof l) throw Error(p(150));
+    h = l.call(h);
+    if (null == h) throw Error(p(151));
+    for (var u = l = null, m = g, w = g = 0, x = null, n = h.next(); null !== m && !n.done; w++, n = h.next()) {
+      m.index > w ? (x = m, m = null) : x = m.sibling;
+      var t = r(e, m, n.value, k);
+      if (null === t) {
+        null === m && (m = x);
+        break;
+      }
+      a && m && null === t.alternate && b(e, m);
+      g = f(t, g, w);
+      null === u ? l = t : u.sibling = t;
+      u = t;
+      m = x;
+    }
+    if (n.done) return c(e, m), I && tg(e, w), l;
+    if (null === m) {
+      for (; !n.done; w++, n = h.next()) n = q(e, n.value, k), null !== n && (g = f(n, g, w), null === u ? l = n : u.sibling = n, u = n);
+      I && tg(e, w);
+      return l;
+    }
+    for (m = d(e, m); !n.done; w++, n = h.next()) n = y(m, e, w, n.value, k), null !== n && (a && null !== n.alternate && m.delete(null === n.key ? w : n.key), g = f(n, g, w), null === u ? l = n : u.sibling = n, u = n);
+    a && m.forEach(function (a) {
+      return b(e, a);
+    });
+    I && tg(e, w);
+    return l;
+  }
+  function J(a, d, f, h) {
+    "object" === typeof f && null !== f && f.type === ya && null === f.key && (f = f.props.children);
+    if ("object" === typeof f && null !== f) {
+      switch (f.$$typeof) {
+        case va:
+          a: {
+            for (var k = f.key, l = d; null !== l;) {
+              if (l.key === k) {
+                k = f.type;
+                if (k === ya) {
+                  if (7 === l.tag) {
+                    c(a, l.sibling);
+                    d = e(l, f.props.children);
+                    d.return = a;
+                    a = d;
+                    break a;
+                  }
+                } else if (l.elementType === k || "object" === typeof k && null !== k && k.$$typeof === Ha && uh(k) === l.type) {
+                  c(a, l.sibling);
+                  d = e(l, f.props);
+                  d.ref = sh(a, l, f);
+                  d.return = a;
+                  a = d;
+                  break a;
+                }
+                c(a, l);
+                break;
+              } else b(a, l);
+              l = l.sibling;
+            }
+            f.type === ya ? (d = Ah(f.props.children, a.mode, h, f.key), d.return = a, a = d) : (h = yh(f.type, f.key, f.props, null, a.mode, h), h.ref = sh(a, d, f), h.return = a, a = h);
+          }
+          return g(a);
+        case wa:
+          a: {
+            for (l = f.key; null !== d;) {
+              if (d.key === l) {
+                if (4 === d.tag && d.stateNode.containerInfo === f.containerInfo && d.stateNode.implementation === f.implementation) {
+                  c(a, d.sibling);
+                  d = e(d, f.children || []);
+                  d.return = a;
+                  a = d;
+                  break a;
+                } else {
+                  c(a, d);
+                  break;
+                }
+              } else b(a, d);
+              d = d.sibling;
+            }
+            d = zh(f, a.mode, h);
+            d.return = a;
+            a = d;
+          }
+          return g(a);
+        case Ha:
+          return l = f._init, J(a, d, l(f._payload), h);
+      }
+      if (eb(f)) return n(a, d, f, h);
+      if (Ka(f)) return t(a, d, f, h);
+      th(a, f);
+    }
+    return "string" === typeof f && "" !== f || "number" === typeof f ? (f = "" + f, null !== d && 6 === d.tag ? (c(a, d.sibling), d = e(d, f), d.return = a, a = d) : (c(a, d), d = xh(f, a.mode, h), d.return = a, a = d), g(a)) : c(a, d);
+  }
+  return J;
+}
+var Bh = vh(!0),
+  Ch = vh(!1),
+  Dh = {},
+  Eh = Uf(Dh),
+  Fh = Uf(Dh),
+  Gh = Uf(Dh);
+function Hh(a) {
+  if (a === Dh) throw Error(p(174));
+  return a;
+}
+function Ih(a, b) {
+  G(Gh, b);
+  G(Fh, a);
+  G(Eh, Dh);
+  a = b.nodeType;
+  switch (a) {
+    case 9:
+    case 11:
+      b = (b = b.documentElement) ? b.namespaceURI : lb(null, "");
+      break;
+    default:
+      a = 8 === a ? b.parentNode : b, b = a.namespaceURI || null, a = a.tagName, b = lb(b, a);
+  }
+  E(Eh);
+  G(Eh, b);
+}
+function Jh() {
+  E(Eh);
+  E(Fh);
+  E(Gh);
+}
+function Kh(a) {
+  Hh(Gh.current);
+  var b = Hh(Eh.current);
+  var c = lb(b, a.type);
+  b !== c && (G(Fh, a), G(Eh, c));
+}
+function Lh(a) {
+  Fh.current === a && (E(Eh), E(Fh));
+}
+var M = Uf(0);
+function Mh(a) {
+  for (var b = a; null !== b;) {
+    if (13 === b.tag) {
+      var c = b.memoizedState;
+      if (null !== c && (c = c.dehydrated, null === c || "$?" === c.data || "$!" === c.data)) return b;
+    } else if (19 === b.tag && void 0 !== b.memoizedProps.revealOrder) {
+      if (0 !== (b.flags & 128)) return b;
+    } else if (null !== b.child) {
+      b.child.return = b;
+      b = b.child;
+      continue;
+    }
+    if (b === a) break;
+    for (; null === b.sibling;) {
+      if (null === b.return || b.return === a) return null;
+      b = b.return;
+    }
+    b.sibling.return = b.return;
+    b = b.sibling;
+  }
+  return null;
+}
+var Nh = [];
+function Oh() {
+  for (var a = 0; a < Nh.length; a++) Nh[a]._workInProgressVersionPrimary = null;
+  Nh.length = 0;
+}
+var Ph = ua.ReactCurrentDispatcher,
+  Qh = ua.ReactCurrentBatchConfig,
+  Rh = 0,
+  N = null,
+  O = null,
+  P = null,
+  Sh = !1,
+  Th = !1,
+  Uh = 0,
+  Vh = 0;
+function Q() {
+  throw Error(p(321));
+}
+function Wh(a, b) {
+  if (null === b) return !1;
+  for (var c = 0; c < b.length && c < a.length; c++) if (!He(a[c], b[c])) return !1;
+  return !0;
+}
+function Xh(a, b, c, d, e, f) {
+  Rh = f;
+  N = b;
+  b.memoizedState = null;
+  b.updateQueue = null;
+  b.lanes = 0;
+  Ph.current = null === a || null === a.memoizedState ? Yh : Zh;
+  a = c(d, e);
+  if (Th) {
+    f = 0;
+    do {
+      Th = !1;
+      Uh = 0;
+      if (25 <= f) throw Error(p(301));
+      f += 1;
+      P = O = null;
+      b.updateQueue = null;
+      Ph.current = $h;
+      a = c(d, e);
+    } while (Th);
+  }
+  Ph.current = ai;
+  b = null !== O && null !== O.next;
+  Rh = 0;
+  P = O = N = null;
+  Sh = !1;
+  if (b) throw Error(p(300));
+  return a;
+}
+function bi() {
+  var a = 0 !== Uh;
+  Uh = 0;
+  return a;
+}
+function ci() {
+  var a = {
+    memoizedState: null,
+    baseState: null,
+    baseQueue: null,
+    queue: null,
+    next: null
+  };
+  null === P ? N.memoizedState = P = a : P = P.next = a;
+  return P;
+}
+function di() {
+  if (null === O) {
+    var a = N.alternate;
+    a = null !== a ? a.memoizedState : null;
+  } else a = O.next;
+  var b = null === P ? N.memoizedState : P.next;
+  if (null !== b) P = b, O = a;else {
+    if (null === a) throw Error(p(310));
+    O = a;
+    a = {
+      memoizedState: O.memoizedState,
+      baseState: O.baseState,
+      baseQueue: O.baseQueue,
+      queue: O.queue,
+      next: null
+    };
+    null === P ? N.memoizedState = P = a : P = P.next = a;
+  }
+  return P;
+}
+function ei(a, b) {
+  return "function" === typeof b ? b(a) : b;
+}
+function fi(a) {
+  var b = di(),
+    c = b.queue;
+  if (null === c) throw Error(p(311));
+  c.lastRenderedReducer = a;
+  var d = O,
+    e = d.baseQueue,
+    f = c.pending;
+  if (null !== f) {
+    if (null !== e) {
+      var g = e.next;
+      e.next = f.next;
+      f.next = g;
+    }
+    d.baseQueue = e = f;
+    c.pending = null;
+  }
+  if (null !== e) {
+    f = e.next;
+    d = d.baseState;
+    var h = g = null,
+      k = null,
+      l = f;
+    do {
+      var m = l.lane;
+      if ((Rh & m) === m) null !== k && (k = k.next = {
+        lane: 0,
+        action: l.action,
+        hasEagerState: l.hasEagerState,
+        eagerState: l.eagerState,
+        next: null
+      }), d = l.hasEagerState ? l.eagerState : a(d, l.action);else {
+        var q = {
+          lane: m,
+          action: l.action,
+          hasEagerState: l.hasEagerState,
+          eagerState: l.eagerState,
+          next: null
+        };
+        null === k ? (h = k = q, g = d) : k = k.next = q;
+        N.lanes |= m;
+        hh |= m;
+      }
+      l = l.next;
+    } while (null !== l && l !== f);
+    null === k ? g = d : k.next = h;
+    He(d, b.memoizedState) || (Ug = !0);
+    b.memoizedState = d;
+    b.baseState = g;
+    b.baseQueue = k;
+    c.lastRenderedState = d;
+  }
+  a = c.interleaved;
+  if (null !== a) {
+    e = a;
+    do f = e.lane, N.lanes |= f, hh |= f, e = e.next; while (e !== a);
+  } else null === e && (c.lanes = 0);
+  return [b.memoizedState, c.dispatch];
+}
+function gi(a) {
+  var b = di(),
+    c = b.queue;
+  if (null === c) throw Error(p(311));
+  c.lastRenderedReducer = a;
+  var d = c.dispatch,
+    e = c.pending,
+    f = b.memoizedState;
+  if (null !== e) {
+    c.pending = null;
+    var g = e = e.next;
+    do f = a(f, g.action), g = g.next; while (g !== e);
+    He(f, b.memoizedState) || (Ug = !0);
+    b.memoizedState = f;
+    null === b.baseQueue && (b.baseState = f);
+    c.lastRenderedState = f;
+  }
+  return [f, d];
+}
+function hi() {}
+function ii(a, b) {
+  var c = N,
+    d = di(),
+    e = b(),
+    f = !He(d.memoizedState, e);
+  f && (d.memoizedState = e, Ug = !0);
+  d = d.queue;
+  ji(ki.bind(null, c, d, a), [a]);
+  if (d.getSnapshot !== b || f || null !== P && P.memoizedState.tag & 1) {
+    c.flags |= 2048;
+    li(9, mi.bind(null, c, d, e, b), void 0, null);
+    if (null === R) throw Error(p(349));
+    0 !== (Rh & 30) || ni(c, b, e);
+  }
+  return e;
+}
+function ni(a, b, c) {
+  a.flags |= 16384;
+  a = {
+    getSnapshot: b,
+    value: c
+  };
+  b = N.updateQueue;
+  null === b ? (b = {
+    lastEffect: null,
+    stores: null
+  }, N.updateQueue = b, b.stores = [a]) : (c = b.stores, null === c ? b.stores = [a] : c.push(a));
+}
+function mi(a, b, c, d) {
+  b.value = c;
+  b.getSnapshot = d;
+  oi(b) && pi(a);
+}
+function ki(a, b, c) {
+  return c(function () {
+    oi(b) && pi(a);
+  });
+}
+function oi(a) {
+  var b = a.getSnapshot;
+  a = a.value;
+  try {
+    var c = b();
+    return !He(a, c);
+  } catch (d) {
+    return !0;
+  }
+}
+function pi(a) {
+  var b = Zg(a, 1);
+  null !== b && mh(b, a, 1, -1);
+}
+function qi(a) {
+  var b = ci();
+  "function" === typeof a && (a = a());
+  b.memoizedState = b.baseState = a;
+  a = {
+    pending: null,
+    interleaved: null,
+    lanes: 0,
+    dispatch: null,
+    lastRenderedReducer: ei,
+    lastRenderedState: a
+  };
+  b.queue = a;
+  a = a.dispatch = ri.bind(null, N, a);
+  return [b.memoizedState, a];
+}
+function li(a, b, c, d) {
+  a = {
+    tag: a,
+    create: b,
+    destroy: c,
+    deps: d,
+    next: null
+  };
+  b = N.updateQueue;
+  null === b ? (b = {
+    lastEffect: null,
+    stores: null
+  }, N.updateQueue = b, b.lastEffect = a.next = a) : (c = b.lastEffect, null === c ? b.lastEffect = a.next = a : (d = c.next, c.next = a, a.next = d, b.lastEffect = a));
+  return a;
+}
+function si() {
+  return di().memoizedState;
+}
+function ti(a, b, c, d) {
+  var e = ci();
+  N.flags |= a;
+  e.memoizedState = li(1 | b, c, void 0, void 0 === d ? null : d);
+}
+function ui(a, b, c, d) {
+  var e = di();
+  d = void 0 === d ? null : d;
+  var f = void 0;
+  if (null !== O) {
+    var g = O.memoizedState;
+    f = g.destroy;
+    if (null !== d && Wh(d, g.deps)) {
+      e.memoizedState = li(b, c, f, d);
+      return;
+    }
+  }
+  N.flags |= a;
+  e.memoizedState = li(1 | b, c, f, d);
+}
+function vi(a, b) {
+  return ti(8390656, 8, a, b);
+}
+function ji(a, b) {
+  return ui(2048, 8, a, b);
+}
+function wi(a, b) {
+  return ui(4, 2, a, b);
+}
+function xi(a, b) {
+  return ui(4, 4, a, b);
+}
+function yi(a, b) {
+  if ("function" === typeof b) return a = a(), b(a), function () {
+    b(null);
+  };
+  if (null !== b && void 0 !== b) return a = a(), b.current = a, function () {
+    b.current = null;
+  };
+}
+function zi(a, b, c) {
+  c = null !== c && void 0 !== c ? c.concat([a]) : null;
+  return ui(4, 4, yi.bind(null, b, a), c);
+}
+function Ai() {}
+function Bi(a, b) {
+  var c = di();
+  b = void 0 === b ? null : b;
+  var d = c.memoizedState;
+  if (null !== d && null !== b && Wh(b, d[1])) return d[0];
+  c.memoizedState = [a, b];
+  return a;
+}
+function Ci(a, b) {
+  var c = di();
+  b = void 0 === b ? null : b;
+  var d = c.memoizedState;
+  if (null !== d && null !== b && Wh(b, d[1])) return d[0];
+  a = a();
+  c.memoizedState = [a, b];
+  return a;
+}
+function Di(a, b, c) {
+  if (0 === (Rh & 21)) return a.baseState && (a.baseState = !1, Ug = !0), a.memoizedState = c;
+  He(c, b) || (c = yc(), N.lanes |= c, hh |= c, a.baseState = !0);
+  return b;
+}
+function Ei(a, b) {
+  var c = C;
+  C = 0 !== c && 4 > c ? c : 4;
+  a(!0);
+  var d = Qh.transition;
+  Qh.transition = {};
+  try {
+    a(!1), b();
+  } finally {
+    C = c, Qh.transition = d;
+  }
+}
+function Fi() {
+  return di().memoizedState;
+}
+function Gi(a, b, c) {
+  var d = lh(a);
+  c = {
+    lane: d,
+    action: c,
+    hasEagerState: !1,
+    eagerState: null,
+    next: null
+  };
+  if (Hi(a)) Ii(b, c);else if (c = Yg(a, b, c, d), null !== c) {
+    var e = L();
+    mh(c, a, d, e);
+    Ji(c, b, d);
+  }
+}
+function ri(a, b, c) {
+  var d = lh(a),
+    e = {
+      lane: d,
+      action: c,
+      hasEagerState: !1,
+      eagerState: null,
+      next: null
+    };
+  if (Hi(a)) Ii(b, e);else {
+    var f = a.alternate;
+    if (0 === a.lanes && (null === f || 0 === f.lanes) && (f = b.lastRenderedReducer, null !== f)) try {
+      var g = b.lastRenderedState,
+        h = f(g, c);
+      e.hasEagerState = !0;
+      e.eagerState = h;
+      if (He(h, g)) {
+        var k = b.interleaved;
+        null === k ? (e.next = e, Xg(b)) : (e.next = k.next, k.next = e);
+        b.interleaved = e;
+        return;
+      }
+    } catch (l) {} finally {}
+    c = Yg(a, b, e, d);
+    null !== c && (e = L(), mh(c, a, d, e), Ji(c, b, d));
+  }
+}
+function Hi(a) {
+  var b = a.alternate;
+  return a === N || null !== b && b === N;
+}
+function Ii(a, b) {
+  Th = Sh = !0;
+  var c = a.pending;
+  null === c ? b.next = b : (b.next = c.next, c.next = b);
+  a.pending = b;
+}
+function Ji(a, b, c) {
+  if (0 !== (c & 4194240)) {
+    var d = b.lanes;
+    d &= a.pendingLanes;
+    c |= d;
+    b.lanes = c;
+    Cc(a, c);
+  }
+}
+var ai = {
+    readContext: Vg,
+    useCallback: Q,
+    useContext: Q,
+    useEffect: Q,
+    useImperativeHandle: Q,
+    useInsertionEffect: Q,
+    useLayoutEffect: Q,
+    useMemo: Q,
+    useReducer: Q,
+    useRef: Q,
+    useState: Q,
+    useDebugValue: Q,
+    useDeferredValue: Q,
+    useTransition: Q,
+    useMutableSource: Q,
+    useSyncExternalStore: Q,
+    useId: Q,
+    unstable_isNewReconciler: !1
+  },
+  Yh = {
+    readContext: Vg,
+    useCallback: function useCallback(a, b) {
+      ci().memoizedState = [a, void 0 === b ? null : b];
+      return a;
+    },
+    useContext: Vg,
+    useEffect: vi,
+    useImperativeHandle: function useImperativeHandle(a, b, c) {
+      c = null !== c && void 0 !== c ? c.concat([a]) : null;
+      return ti(4194308, 4, yi.bind(null, b, a), c);
+    },
+    useLayoutEffect: function useLayoutEffect(a, b) {
+      return ti(4194308, 4, a, b);
+    },
+    useInsertionEffect: function useInsertionEffect(a, b) {
+      return ti(4, 2, a, b);
+    },
+    useMemo: function useMemo(a, b) {
+      var c = ci();
+      b = void 0 === b ? null : b;
+      a = a();
+      c.memoizedState = [a, b];
+      return a;
+    },
+    useReducer: function useReducer(a, b, c) {
+      var d = ci();
+      b = void 0 !== c ? c(b) : b;
+      d.memoizedState = d.baseState = b;
+      a = {
+        pending: null,
+        interleaved: null,
+        lanes: 0,
+        dispatch: null,
+        lastRenderedReducer: a,
+        lastRenderedState: b
+      };
+      d.queue = a;
+      a = a.dispatch = Gi.bind(null, N, a);
+      return [d.memoizedState, a];
+    },
+    useRef: function useRef(a) {
+      var b = ci();
+      a = {
+        current: a
+      };
+      return b.memoizedState = a;
+    },
+    useState: qi,
+    useDebugValue: Ai,
+    useDeferredValue: function useDeferredValue(a) {
+      return ci().memoizedState = a;
+    },
+    useTransition: function useTransition() {
+      var a = qi(!1),
+        b = a[0];
+      a = Ei.bind(null, a[1]);
+      ci().memoizedState = a;
+      return [b, a];
+    },
+    useMutableSource: function useMutableSource() {},
+    useSyncExternalStore: function useSyncExternalStore(a, b, c) {
+      var d = N,
+        e = ci();
+      if (I) {
+        if (void 0 === c) throw Error(p(407));
+        c = c();
+      } else {
+        c = b();
+        if (null === R) throw Error(p(349));
+        0 !== (Rh & 30) || ni(d, b, c);
+      }
+      e.memoizedState = c;
+      var f = {
+        value: c,
+        getSnapshot: b
+      };
+      e.queue = f;
+      vi(ki.bind(null, d, f, a), [a]);
+      d.flags |= 2048;
+      li(9, mi.bind(null, d, f, c, b), void 0, null);
+      return c;
+    },
+    useId: function useId() {
+      var a = ci(),
+        b = R.identifierPrefix;
+      if (I) {
+        var c = sg;
+        var d = rg;
+        c = (d & ~(1 << 32 - oc(d) - 1)).toString(32) + c;
+        b = ":" + b + "R" + c;
+        c = Uh++;
+        0 < c && (b += "H" + c.toString(32));
+        b += ":";
+      } else c = Vh++, b = ":" + b + "r" + c.toString(32) + ":";
+      return a.memoizedState = b;
+    },
+    unstable_isNewReconciler: !1
+  },
+  Zh = {
+    readContext: Vg,
+    useCallback: Bi,
+    useContext: Vg,
+    useEffect: ji,
+    useImperativeHandle: zi,
+    useInsertionEffect: wi,
+    useLayoutEffect: xi,
+    useMemo: Ci,
+    useReducer: fi,
+    useRef: si,
+    useState: function useState() {
+      return fi(ei);
+    },
+    useDebugValue: Ai,
+    useDeferredValue: function useDeferredValue(a) {
+      var b = di();
+      return Di(b, O.memoizedState, a);
+    },
+    useTransition: function useTransition() {
+      var a = fi(ei)[0],
+        b = di().memoizedState;
+      return [a, b];
+    },
+    useMutableSource: hi,
+    useSyncExternalStore: ii,
+    useId: Fi,
+    unstable_isNewReconciler: !1
+  },
+  $h = {
+    readContext: Vg,
+    useCallback: Bi,
+    useContext: Vg,
+    useEffect: ji,
+    useImperativeHandle: zi,
+    useInsertionEffect: wi,
+    useLayoutEffect: xi,
+    useMemo: Ci,
+    useReducer: gi,
+    useRef: si,
+    useState: function useState() {
+      return gi(ei);
+    },
+    useDebugValue: Ai,
+    useDeferredValue: function useDeferredValue(a) {
+      var b = di();
+      return null === O ? b.memoizedState = a : Di(b, O.memoizedState, a);
+    },
+    useTransition: function useTransition() {
+      var a = gi(ei)[0],
+        b = di().memoizedState;
+      return [a, b];
+    },
+    useMutableSource: hi,
+    useSyncExternalStore: ii,
+    useId: Fi,
+    unstable_isNewReconciler: !1
+  };
+function Ki(a, b) {
+  try {
+    var c = "",
+      d = b;
+    do c += Pa(d), d = d.return; while (d);
+    var e = c;
+  } catch (f) {
+    e = "\nError generating stack: " + f.message + "\n" + f.stack;
+  }
+  return {
+    value: a,
+    source: b,
+    stack: e,
+    digest: null
+  };
+}
+function Li(a, b, c) {
+  return {
+    value: a,
+    source: null,
+    stack: null != c ? c : null,
+    digest: null != b ? b : null
+  };
+}
+function Mi(a, b) {
+  try {
+    console.error(b.value);
+  } catch (c) {
+    setTimeout(function () {
+      throw c;
+    });
+  }
+}
+var Ni = "function" === typeof WeakMap ? WeakMap : Map;
+function Oi(a, b, c) {
+  c = ch(-1, c);
+  c.tag = 3;
+  c.payload = {
+    element: null
+  };
+  var d = b.value;
+  c.callback = function () {
+    Pi || (Pi = !0, Qi = d);
+    Mi(a, b);
+  };
+  return c;
+}
+function Ri(a, b, c) {
+  c = ch(-1, c);
+  c.tag = 3;
+  var d = a.type.getDerivedStateFromError;
+  if ("function" === typeof d) {
+    var e = b.value;
+    c.payload = function () {
+      return d(e);
+    };
+    c.callback = function () {
+      Mi(a, b);
+    };
+  }
+  var f = a.stateNode;
+  null !== f && "function" === typeof f.componentDidCatch && (c.callback = function () {
+    Mi(a, b);
+    "function" !== typeof d && (null === Si ? Si = new Set([this]) : Si.add(this));
+    var c = b.stack;
+    this.componentDidCatch(b.value, {
+      componentStack: null !== c ? c : ""
+    });
+  });
+  return c;
+}
+function Ti(a, b, c) {
+  var d = a.pingCache;
+  if (null === d) {
+    d = a.pingCache = new Ni();
+    var e = new Set();
+    d.set(b, e);
+  } else e = d.get(b), void 0 === e && (e = new Set(), d.set(b, e));
+  e.has(c) || (e.add(c), a = Ui.bind(null, a, b, c), b.then(a, a));
+}
+function Vi(a) {
+  do {
+    var b;
+    if (b = 13 === a.tag) b = a.memoizedState, b = null !== b ? null !== b.dehydrated ? !0 : !1 : !0;
+    if (b) return a;
+    a = a.return;
+  } while (null !== a);
+  return null;
+}
+function Wi(a, b, c, d, e) {
+  if (0 === (a.mode & 1)) return a === b ? a.flags |= 65536 : (a.flags |= 128, c.flags |= 131072, c.flags &= -52805, 1 === c.tag && (null === c.alternate ? c.tag = 17 : (b = ch(-1, 1), b.tag = 2, dh(c, b, 1))), c.lanes |= 1), a;
+  a.flags |= 65536;
+  a.lanes = e;
+  return a;
+}
+var Xi = ua.ReactCurrentOwner,
+  Ug = !1;
+function Yi(a, b, c, d) {
+  b.child = null === a ? Ch(b, null, c, d) : Bh(b, a.child, c, d);
+}
+function Zi(a, b, c, d, e) {
+  c = c.render;
+  var f = b.ref;
+  Tg(b, e);
+  d = Xh(a, b, c, d, f, e);
+  c = bi();
+  if (null !== a && !Ug) return b.updateQueue = a.updateQueue, b.flags &= -2053, a.lanes &= ~e, $i(a, b, e);
+  I && c && vg(b);
+  b.flags |= 1;
+  Yi(a, b, d, e);
+  return b.child;
+}
+function aj(a, b, c, d, e) {
+  if (null === a) {
+    var f = c.type;
+    if ("function" === typeof f && !bj(f) && void 0 === f.defaultProps && null === c.compare && void 0 === c.defaultProps) return b.tag = 15, b.type = f, cj(a, b, f, d, e);
+    a = yh(c.type, null, d, b, b.mode, e);
+    a.ref = b.ref;
+    a.return = b;
+    return b.child = a;
+  }
+  f = a.child;
+  if (0 === (a.lanes & e)) {
+    var g = f.memoizedProps;
+    c = c.compare;
+    c = null !== c ? c : Ie;
+    if (c(g, d) && a.ref === b.ref) return $i(a, b, e);
+  }
+  b.flags |= 1;
+  a = wh(f, d);
+  a.ref = b.ref;
+  a.return = b;
+  return b.child = a;
+}
+function cj(a, b, c, d, e) {
+  if (null !== a) {
+    var f = a.memoizedProps;
+    if (Ie(f, d) && a.ref === b.ref) if (Ug = !1, b.pendingProps = d = f, 0 !== (a.lanes & e)) 0 !== (a.flags & 131072) && (Ug = !0);else return b.lanes = a.lanes, $i(a, b, e);
+  }
+  return dj(a, b, c, d, e);
+}
+function ej(a, b, c) {
+  var d = b.pendingProps,
+    e = d.children,
+    f = null !== a ? a.memoizedState : null;
+  if ("hidden" === d.mode) {
+    if (0 === (b.mode & 1)) b.memoizedState = {
+      baseLanes: 0,
+      cachePool: null,
+      transitions: null
+    }, G(fj, gj), gj |= c;else {
+      if (0 === (c & 1073741824)) return a = null !== f ? f.baseLanes | c : c, b.lanes = b.childLanes = 1073741824, b.memoizedState = {
+        baseLanes: a,
+        cachePool: null,
+        transitions: null
+      }, b.updateQueue = null, G(fj, gj), gj |= a, null;
+      b.memoizedState = {
+        baseLanes: 0,
+        cachePool: null,
+        transitions: null
+      };
+      d = null !== f ? f.baseLanes : c;
+      G(fj, gj);
+      gj |= d;
+    }
+  } else null !== f ? (d = f.baseLanes | c, b.memoizedState = null) : d = c, G(fj, gj), gj |= d;
+  Yi(a, b, e, c);
+  return b.child;
+}
+function hj(a, b) {
+  var c = b.ref;
+  if (null === a && null !== c || null !== a && a.ref !== c) b.flags |= 512, b.flags |= 2097152;
+}
+function dj(a, b, c, d, e) {
+  var f = Zf(c) ? Xf : H.current;
+  f = Yf(b, f);
+  Tg(b, e);
+  c = Xh(a, b, c, d, f, e);
+  d = bi();
+  if (null !== a && !Ug) return b.updateQueue = a.updateQueue, b.flags &= -2053, a.lanes &= ~e, $i(a, b, e);
+  I && d && vg(b);
+  b.flags |= 1;
+  Yi(a, b, c, e);
+  return b.child;
+}
+function ij(a, b, c, d, e) {
+  if (Zf(c)) {
+    var f = !0;
+    cg(b);
+  } else f = !1;
+  Tg(b, e);
+  if (null === b.stateNode) jj(a, b), ph(b, c, d), rh(b, c, d, e), d = !0;else if (null === a) {
+    var g = b.stateNode,
+      h = b.memoizedProps;
+    g.props = h;
+    var k = g.context,
+      l = c.contextType;
+    "object" === typeof l && null !== l ? l = Vg(l) : (l = Zf(c) ? Xf : H.current, l = Yf(b, l));
+    var m = c.getDerivedStateFromProps,
+      q = "function" === typeof m || "function" === typeof g.getSnapshotBeforeUpdate;
+    q || "function" !== typeof g.UNSAFE_componentWillReceiveProps && "function" !== typeof g.componentWillReceiveProps || (h !== d || k !== l) && qh(b, g, d, l);
+    $g = !1;
+    var r = b.memoizedState;
+    g.state = r;
+    gh(b, d, g, e);
+    k = b.memoizedState;
+    h !== d || r !== k || Wf.current || $g ? ("function" === typeof m && (kh(b, c, m, d), k = b.memoizedState), (h = $g || oh(b, c, h, d, r, k, l)) ? (q || "function" !== typeof g.UNSAFE_componentWillMount && "function" !== typeof g.componentWillMount || ("function" === typeof g.componentWillMount && g.componentWillMount(), "function" === typeof g.UNSAFE_componentWillMount && g.UNSAFE_componentWillMount()), "function" === typeof g.componentDidMount && (b.flags |= 4194308)) : ("function" === typeof g.componentDidMount && (b.flags |= 4194308), b.memoizedProps = d, b.memoizedState = k), g.props = d, g.state = k, g.context = l, d = h) : ("function" === typeof g.componentDidMount && (b.flags |= 4194308), d = !1);
+  } else {
+    g = b.stateNode;
+    bh(a, b);
+    h = b.memoizedProps;
+    l = b.type === b.elementType ? h : Lg(b.type, h);
+    g.props = l;
+    q = b.pendingProps;
+    r = g.context;
+    k = c.contextType;
+    "object" === typeof k && null !== k ? k = Vg(k) : (k = Zf(c) ? Xf : H.current, k = Yf(b, k));
+    var y = c.getDerivedStateFromProps;
+    (m = "function" === typeof y || "function" === typeof g.getSnapshotBeforeUpdate) || "function" !== typeof g.UNSAFE_componentWillReceiveProps && "function" !== typeof g.componentWillReceiveProps || (h !== q || r !== k) && qh(b, g, d, k);
+    $g = !1;
+    r = b.memoizedState;
+    g.state = r;
+    gh(b, d, g, e);
+    var n = b.memoizedState;
+    h !== q || r !== n || Wf.current || $g ? ("function" === typeof y && (kh(b, c, y, d), n = b.memoizedState), (l = $g || oh(b, c, l, d, r, n, k) || !1) ? (m || "function" !== typeof g.UNSAFE_componentWillUpdate && "function" !== typeof g.componentWillUpdate || ("function" === typeof g.componentWillUpdate && g.componentWillUpdate(d, n, k), "function" === typeof g.UNSAFE_componentWillUpdate && g.UNSAFE_componentWillUpdate(d, n, k)), "function" === typeof g.componentDidUpdate && (b.flags |= 4), "function" === typeof g.getSnapshotBeforeUpdate && (b.flags |= 1024)) : ("function" !== typeof g.componentDidUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 4), "function" !== typeof g.getSnapshotBeforeUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 1024), b.memoizedProps = d, b.memoizedState = n), g.props = d, g.state = n, g.context = k, d = l) : ("function" !== typeof g.componentDidUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 4), "function" !== typeof g.getSnapshotBeforeUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 1024), d = !1);
+  }
+  return kj(a, b, c, d, f, e);
+}
+function kj(a, b, c, d, e, f) {
+  hj(a, b);
+  var g = 0 !== (b.flags & 128);
+  if (!d && !g) return e && dg(b, c, !1), $i(a, b, f);
+  d = b.stateNode;
+  Xi.current = b;
+  var h = g && "function" !== typeof c.getDerivedStateFromError ? null : d.render();
+  b.flags |= 1;
+  null !== a && g ? (b.child = Bh(b, a.child, null, f), b.child = Bh(b, null, h, f)) : Yi(a, b, h, f);
+  b.memoizedState = d.state;
+  e && dg(b, c, !0);
+  return b.child;
+}
+function lj(a) {
+  var b = a.stateNode;
+  b.pendingContext ? ag(a, b.pendingContext, b.pendingContext !== b.context) : b.context && ag(a, b.context, !1);
+  Ih(a, b.containerInfo);
+}
+function mj(a, b, c, d, e) {
+  Ig();
+  Jg(e);
+  b.flags |= 256;
+  Yi(a, b, c, d);
+  return b.child;
+}
+var nj = {
+  dehydrated: null,
+  treeContext: null,
+  retryLane: 0
+};
+function oj(a) {
+  return {
+    baseLanes: a,
+    cachePool: null,
+    transitions: null
+  };
+}
+function pj(a, b, c) {
+  var d = b.pendingProps,
+    e = M.current,
+    f = !1,
+    g = 0 !== (b.flags & 128),
+    h;
+  (h = g) || (h = null !== a && null === a.memoizedState ? !1 : 0 !== (e & 2));
+  if (h) f = !0, b.flags &= -129;else if (null === a || null !== a.memoizedState) e |= 1;
+  G(M, e & 1);
+  if (null === a) {
+    Eg(b);
+    a = b.memoizedState;
+    if (null !== a && (a = a.dehydrated, null !== a)) return 0 === (b.mode & 1) ? b.lanes = 1 : "$!" === a.data ? b.lanes = 8 : b.lanes = 1073741824, null;
+    g = d.children;
+    a = d.fallback;
+    return f ? (d = b.mode, f = b.child, g = {
+      mode: "hidden",
+      children: g
+    }, 0 === (d & 1) && null !== f ? (f.childLanes = 0, f.pendingProps = g) : f = qj(g, d, 0, null), a = Ah(a, d, c, null), f.return = b, a.return = b, f.sibling = a, b.child = f, b.child.memoizedState = oj(c), b.memoizedState = nj, a) : rj(b, g);
+  }
+  e = a.memoizedState;
+  if (null !== e && (h = e.dehydrated, null !== h)) return sj(a, b, g, d, h, e, c);
+  if (f) {
+    f = d.fallback;
+    g = b.mode;
+    e = a.child;
+    h = e.sibling;
+    var k = {
+      mode: "hidden",
+      children: d.children
+    };
+    0 === (g & 1) && b.child !== e ? (d = b.child, d.childLanes = 0, d.pendingProps = k, b.deletions = null) : (d = wh(e, k), d.subtreeFlags = e.subtreeFlags & 14680064);
+    null !== h ? f = wh(h, f) : (f = Ah(f, g, c, null), f.flags |= 2);
+    f.return = b;
+    d.return = b;
+    d.sibling = f;
+    b.child = d;
+    d = f;
+    f = b.child;
+    g = a.child.memoizedState;
+    g = null === g ? oj(c) : {
+      baseLanes: g.baseLanes | c,
+      cachePool: null,
+      transitions: g.transitions
+    };
+    f.memoizedState = g;
+    f.childLanes = a.childLanes & ~c;
+    b.memoizedState = nj;
+    return d;
+  }
+  f = a.child;
+  a = f.sibling;
+  d = wh(f, {
+    mode: "visible",
+    children: d.children
+  });
+  0 === (b.mode & 1) && (d.lanes = c);
+  d.return = b;
+  d.sibling = null;
+  null !== a && (c = b.deletions, null === c ? (b.deletions = [a], b.flags |= 16) : c.push(a));
+  b.child = d;
+  b.memoizedState = null;
+  return d;
+}
+function rj(a, b) {
+  b = qj({
+    mode: "visible",
+    children: b
+  }, a.mode, 0, null);
+  b.return = a;
+  return a.child = b;
+}
+function tj(a, b, c, d) {
+  null !== d && Jg(d);
+  Bh(b, a.child, null, c);
+  a = rj(b, b.pendingProps.children);
+  a.flags |= 2;
+  b.memoizedState = null;
+  return a;
+}
+function sj(a, b, c, d, e, f, g) {
+  if (c) {
+    if (b.flags & 256) return b.flags &= -257, d = Li(Error(p(422))), tj(a, b, g, d);
+    if (null !== b.memoizedState) return b.child = a.child, b.flags |= 128, null;
+    f = d.fallback;
+    e = b.mode;
+    d = qj({
+      mode: "visible",
+      children: d.children
+    }, e, 0, null);
+    f = Ah(f, e, g, null);
+    f.flags |= 2;
+    d.return = b;
+    f.return = b;
+    d.sibling = f;
+    b.child = d;
+    0 !== (b.mode & 1) && Bh(b, a.child, null, g);
+    b.child.memoizedState = oj(g);
+    b.memoizedState = nj;
+    return f;
+  }
+  if (0 === (b.mode & 1)) return tj(a, b, g, null);
+  if ("$!" === e.data) {
+    d = e.nextSibling && e.nextSibling.dataset;
+    if (d) var h = d.dgst;
+    d = h;
+    f = Error(p(419));
+    d = Li(f, d, void 0);
+    return tj(a, b, g, d);
+  }
+  h = 0 !== (g & a.childLanes);
+  if (Ug || h) {
+    d = R;
+    if (null !== d) {
+      switch (g & -g) {
+        case 4:
+          e = 2;
+          break;
+        case 16:
+          e = 8;
+          break;
+        case 64:
+        case 128:
+        case 256:
+        case 512:
+        case 1024:
+        case 2048:
+        case 4096:
+        case 8192:
+        case 16384:
+        case 32768:
+        case 65536:
+        case 131072:
+        case 262144:
+        case 524288:
+        case 1048576:
+        case 2097152:
+        case 4194304:
+        case 8388608:
+        case 16777216:
+        case 33554432:
+        case 67108864:
+          e = 32;
+          break;
+        case 536870912:
+          e = 268435456;
+          break;
+        default:
+          e = 0;
+      }
+      e = 0 !== (e & (d.suspendedLanes | g)) ? 0 : e;
+      0 !== e && e !== f.retryLane && (f.retryLane = e, Zg(a, e), mh(d, a, e, -1));
+    }
+    uj();
+    d = Li(Error(p(421)));
+    return tj(a, b, g, d);
+  }
+  if ("$?" === e.data) return b.flags |= 128, b.child = a.child, b = vj.bind(null, a), e._reactRetry = b, null;
+  a = f.treeContext;
+  yg = Lf(e.nextSibling);
+  xg = b;
+  I = !0;
+  zg = null;
+  null !== a && (og[pg++] = rg, og[pg++] = sg, og[pg++] = qg, rg = a.id, sg = a.overflow, qg = b);
+  b = rj(b, d.children);
+  b.flags |= 4096;
+  return b;
+}
+function wj(a, b, c) {
+  a.lanes |= b;
+  var d = a.alternate;
+  null !== d && (d.lanes |= b);
+  Sg(a.return, b, c);
+}
+function xj(a, b, c, d, e) {
+  var f = a.memoizedState;
+  null === f ? a.memoizedState = {
+    isBackwards: b,
+    rendering: null,
+    renderingStartTime: 0,
+    last: d,
+    tail: c,
+    tailMode: e
+  } : (f.isBackwards = b, f.rendering = null, f.renderingStartTime = 0, f.last = d, f.tail = c, f.tailMode = e);
+}
+function yj(a, b, c) {
+  var d = b.pendingProps,
+    e = d.revealOrder,
+    f = d.tail;
+  Yi(a, b, d.children, c);
+  d = M.current;
+  if (0 !== (d & 2)) d = d & 1 | 2, b.flags |= 128;else {
+    if (null !== a && 0 !== (a.flags & 128)) a: for (a = b.child; null !== a;) {
+      if (13 === a.tag) null !== a.memoizedState && wj(a, c, b);else if (19 === a.tag) wj(a, c, b);else if (null !== a.child) {
+        a.child.return = a;
+        a = a.child;
+        continue;
+      }
+      if (a === b) break a;
+      for (; null === a.sibling;) {
+        if (null === a.return || a.return === b) break a;
+        a = a.return;
+      }
+      a.sibling.return = a.return;
+      a = a.sibling;
+    }
+    d &= 1;
+  }
+  G(M, d);
+  if (0 === (b.mode & 1)) b.memoizedState = null;else switch (e) {
+    case "forwards":
+      c = b.child;
+      for (e = null; null !== c;) a = c.alternate, null !== a && null === Mh(a) && (e = c), c = c.sibling;
+      c = e;
+      null === c ? (e = b.child, b.child = null) : (e = c.sibling, c.sibling = null);
+      xj(b, !1, e, c, f);
+      break;
+    case "backwards":
+      c = null;
+      e = b.child;
+      for (b.child = null; null !== e;) {
+        a = e.alternate;
+        if (null !== a && null === Mh(a)) {
+          b.child = e;
+          break;
+        }
+        a = e.sibling;
+        e.sibling = c;
+        c = e;
+        e = a;
+      }
+      xj(b, !0, c, null, f);
+      break;
+    case "together":
+      xj(b, !1, null, null, void 0);
+      break;
+    default:
+      b.memoizedState = null;
+  }
+  return b.child;
+}
+function jj(a, b) {
+  0 === (b.mode & 1) && null !== a && (a.alternate = null, b.alternate = null, b.flags |= 2);
+}
+function $i(a, b, c) {
+  null !== a && (b.dependencies = a.dependencies);
+  hh |= b.lanes;
+  if (0 === (c & b.childLanes)) return null;
+  if (null !== a && b.child !== a.child) throw Error(p(153));
+  if (null !== b.child) {
+    a = b.child;
+    c = wh(a, a.pendingProps);
+    b.child = c;
+    for (c.return = b; null !== a.sibling;) a = a.sibling, c = c.sibling = wh(a, a.pendingProps), c.return = b;
+    c.sibling = null;
+  }
+  return b.child;
+}
+function zj(a, b, c) {
+  switch (b.tag) {
+    case 3:
+      lj(b);
+      Ig();
+      break;
+    case 5:
+      Kh(b);
+      break;
+    case 1:
+      Zf(b.type) && cg(b);
+      break;
+    case 4:
+      Ih(b, b.stateNode.containerInfo);
+      break;
+    case 10:
+      var d = b.type._context,
+        e = b.memoizedProps.value;
+      G(Mg, d._currentValue);
+      d._currentValue = e;
+      break;
+    case 13:
+      d = b.memoizedState;
+      if (null !== d) {
+        if (null !== d.dehydrated) return G(M, M.current & 1), b.flags |= 128, null;
+        if (0 !== (c & b.child.childLanes)) return pj(a, b, c);
+        G(M, M.current & 1);
+        a = $i(a, b, c);
+        return null !== a ? a.sibling : null;
+      }
+      G(M, M.current & 1);
+      break;
+    case 19:
+      d = 0 !== (c & b.childLanes);
+      if (0 !== (a.flags & 128)) {
+        if (d) return yj(a, b, c);
+        b.flags |= 128;
+      }
+      e = b.memoizedState;
+      null !== e && (e.rendering = null, e.tail = null, e.lastEffect = null);
+      G(M, M.current);
+      if (d) break;else return null;
+    case 22:
+    case 23:
+      return b.lanes = 0, ej(a, b, c);
+  }
+  return $i(a, b, c);
+}
+var Aj, Bj, Cj, Dj;
+Aj = function Aj(a, b) {
+  for (var c = b.child; null !== c;) {
+    if (5 === c.tag || 6 === c.tag) a.appendChild(c.stateNode);else if (4 !== c.tag && null !== c.child) {
+      c.child.return = c;
+      c = c.child;
+      continue;
+    }
+    if (c === b) break;
+    for (; null === c.sibling;) {
+      if (null === c.return || c.return === b) return;
+      c = c.return;
+    }
+    c.sibling.return = c.return;
+    c = c.sibling;
+  }
+};
+Bj = function Bj() {};
+Cj = function Cj(a, b, c, d) {
+  var e = a.memoizedProps;
+  if (e !== d) {
+    a = b.stateNode;
+    Hh(Eh.current);
+    var f = null;
+    switch (c) {
+      case "input":
+        e = Ya(a, e);
+        d = Ya(a, d);
+        f = [];
+        break;
+      case "select":
+        e = A({}, e, {
+          value: void 0
+        });
+        d = A({}, d, {
+          value: void 0
+        });
+        f = [];
+        break;
+      case "textarea":
+        e = gb(a, e);
+        d = gb(a, d);
+        f = [];
+        break;
+      default:
+        "function" !== typeof e.onClick && "function" === typeof d.onClick && (a.onclick = Bf);
+    }
+    ub(c, d);
+    var g;
+    c = null;
+    for (l in e) if (!d.hasOwnProperty(l) && e.hasOwnProperty(l) && null != e[l]) if ("style" === l) {
+      var h = e[l];
+      for (g in h) h.hasOwnProperty(g) && (c || (c = {}), c[g] = "");
+    } else "dangerouslySetInnerHTML" !== l && "children" !== l && "suppressContentEditableWarning" !== l && "suppressHydrationWarning" !== l && "autoFocus" !== l && (ea.hasOwnProperty(l) ? f || (f = []) : (f = f || []).push(l, null));
+    for (l in d) {
+      var k = d[l];
+      h = null != e ? e[l] : void 0;
+      if (d.hasOwnProperty(l) && k !== h && (null != k || null != h)) if ("style" === l) {
+        if (h) {
+          for (g in h) !h.hasOwnProperty(g) || k && k.hasOwnProperty(g) || (c || (c = {}), c[g] = "");
+          for (g in k) k.hasOwnProperty(g) && h[g] !== k[g] && (c || (c = {}), c[g] = k[g]);
+        } else c || (f || (f = []), f.push(l, c)), c = k;
+      } else "dangerouslySetInnerHTML" === l ? (k = k ? k.__html : void 0, h = h ? h.__html : void 0, null != k && h !== k && (f = f || []).push(l, k)) : "children" === l ? "string" !== typeof k && "number" !== typeof k || (f = f || []).push(l, "" + k) : "suppressContentEditableWarning" !== l && "suppressHydrationWarning" !== l && (ea.hasOwnProperty(l) ? (null != k && "onScroll" === l && D("scroll", a), f || h === k || (f = [])) : (f = f || []).push(l, k));
+    }
+    c && (f = f || []).push("style", c);
+    var l = f;
+    if (b.updateQueue = l) b.flags |= 4;
+  }
+};
+Dj = function Dj(a, b, c, d) {
+  c !== d && (b.flags |= 4);
+};
+function Ej(a, b) {
+  if (!I) switch (a.tailMode) {
+    case "hidden":
+      b = a.tail;
+      for (var c = null; null !== b;) null !== b.alternate && (c = b), b = b.sibling;
+      null === c ? a.tail = null : c.sibling = null;
+      break;
+    case "collapsed":
+      c = a.tail;
+      for (var d = null; null !== c;) null !== c.alternate && (d = c), c = c.sibling;
+      null === d ? b || null === a.tail ? a.tail = null : a.tail.sibling = null : d.sibling = null;
+  }
+}
+function S(a) {
+  var b = null !== a.alternate && a.alternate.child === a.child,
+    c = 0,
+    d = 0;
+  if (b) for (var e = a.child; null !== e;) c |= e.lanes | e.childLanes, d |= e.subtreeFlags & 14680064, d |= e.flags & 14680064, e.return = a, e = e.sibling;else for (e = a.child; null !== e;) c |= e.lanes | e.childLanes, d |= e.subtreeFlags, d |= e.flags, e.return = a, e = e.sibling;
+  a.subtreeFlags |= d;
+  a.childLanes = c;
+  return b;
+}
+function Fj(a, b, c) {
+  var d = b.pendingProps;
+  wg(b);
+  switch (b.tag) {
+    case 2:
+    case 16:
+    case 15:
+    case 0:
+    case 11:
+    case 7:
+    case 8:
+    case 12:
+    case 9:
+    case 14:
+      return S(b), null;
+    case 1:
+      return Zf(b.type) && $f(), S(b), null;
+    case 3:
+      d = b.stateNode;
+      Jh();
+      E(Wf);
+      E(H);
+      Oh();
+      d.pendingContext && (d.context = d.pendingContext, d.pendingContext = null);
+      if (null === a || null === a.child) Gg(b) ? b.flags |= 4 : null === a || a.memoizedState.isDehydrated && 0 === (b.flags & 256) || (b.flags |= 1024, null !== zg && (Gj(zg), zg = null));
+      Bj(a, b);
+      S(b);
+      return null;
+    case 5:
+      Lh(b);
+      var e = Hh(Gh.current);
+      c = b.type;
+      if (null !== a && null != b.stateNode) Cj(a, b, c, d, e), a.ref !== b.ref && (b.flags |= 512, b.flags |= 2097152);else {
+        if (!d) {
+          if (null === b.stateNode) throw Error(p(166));
+          S(b);
+          return null;
+        }
+        a = Hh(Eh.current);
+        if (Gg(b)) {
+          d = b.stateNode;
+          c = b.type;
+          var f = b.memoizedProps;
+          d[Of] = b;
+          d[Pf] = f;
+          a = 0 !== (b.mode & 1);
+          switch (c) {
+            case "dialog":
+              D("cancel", d);
+              D("close", d);
+              break;
+            case "iframe":
+            case "object":
+            case "embed":
+              D("load", d);
+              break;
+            case "video":
+            case "audio":
+              for (e = 0; e < lf.length; e++) D(lf[e], d);
+              break;
+            case "source":
+              D("error", d);
+              break;
+            case "img":
+            case "image":
+            case "link":
+              D("error", d);
+              D("load", d);
+              break;
+            case "details":
+              D("toggle", d);
+              break;
+            case "input":
+              Za(d, f);
+              D("invalid", d);
+              break;
+            case "select":
+              d._wrapperState = {
+                wasMultiple: !!f.multiple
+              };
+              D("invalid", d);
+              break;
+            case "textarea":
+              hb(d, f), D("invalid", d);
+          }
+          ub(c, f);
+          e = null;
+          for (var g in f) if (f.hasOwnProperty(g)) {
+            var h = f[g];
+            "children" === g ? "string" === typeof h ? d.textContent !== h && (!0 !== f.suppressHydrationWarning && Af(d.textContent, h, a), e = ["children", h]) : "number" === typeof h && d.textContent !== "" + h && (!0 !== f.suppressHydrationWarning && Af(d.textContent, h, a), e = ["children", "" + h]) : ea.hasOwnProperty(g) && null != h && "onScroll" === g && D("scroll", d);
+          }
+          switch (c) {
+            case "input":
+              Va(d);
+              db(d, f, !0);
+              break;
+            case "textarea":
+              Va(d);
+              jb(d);
+              break;
+            case "select":
+            case "option":
+              break;
+            default:
+              "function" === typeof f.onClick && (d.onclick = Bf);
+          }
+          d = e;
+          b.updateQueue = d;
+          null !== d && (b.flags |= 4);
+        } else {
+          g = 9 === e.nodeType ? e : e.ownerDocument;
+          "http://www.w3.org/1999/xhtml" === a && (a = kb(c));
+          "http://www.w3.org/1999/xhtml" === a ? "script" === c ? (a = g.createElement("div"), a.innerHTML = "<script>\x3c/script>", a = a.removeChild(a.firstChild)) : "string" === typeof d.is ? a = g.createElement(c, {
+            is: d.is
+          }) : (a = g.createElement(c), "select" === c && (g = a, d.multiple ? g.multiple = !0 : d.size && (g.size = d.size))) : a = g.createElementNS(a, c);
+          a[Of] = b;
+          a[Pf] = d;
+          Aj(a, b, !1, !1);
+          b.stateNode = a;
+          a: {
+            g = vb(c, d);
+            switch (c) {
+              case "dialog":
+                D("cancel", a);
+                D("close", a);
+                e = d;
+                break;
+              case "iframe":
+              case "object":
+              case "embed":
+                D("load", a);
+                e = d;
+                break;
+              case "video":
+              case "audio":
+                for (e = 0; e < lf.length; e++) D(lf[e], a);
+                e = d;
+                break;
+              case "source":
+                D("error", a);
+                e = d;
+                break;
+              case "img":
+              case "image":
+              case "link":
+                D("error", a);
+                D("load", a);
+                e = d;
+                break;
+              case "details":
+                D("toggle", a);
+                e = d;
+                break;
+              case "input":
+                Za(a, d);
+                e = Ya(a, d);
+                D("invalid", a);
+                break;
+              case "option":
+                e = d;
+                break;
+              case "select":
+                a._wrapperState = {
+                  wasMultiple: !!d.multiple
+                };
+                e = A({}, d, {
+                  value: void 0
+                });
+                D("invalid", a);
+                break;
+              case "textarea":
+                hb(a, d);
+                e = gb(a, d);
+                D("invalid", a);
+                break;
+              default:
+                e = d;
+            }
+            ub(c, e);
+            h = e;
+            for (f in h) if (h.hasOwnProperty(f)) {
+              var k = h[f];
+              "style" === f ? sb(a, k) : "dangerouslySetInnerHTML" === f ? (k = k ? k.__html : void 0, null != k && nb(a, k)) : "children" === f ? "string" === typeof k ? ("textarea" !== c || "" !== k) && ob(a, k) : "number" === typeof k && ob(a, "" + k) : "suppressContentEditableWarning" !== f && "suppressHydrationWarning" !== f && "autoFocus" !== f && (ea.hasOwnProperty(f) ? null != k && "onScroll" === f && D("scroll", a) : null != k && ta(a, f, k, g));
+            }
+            switch (c) {
+              case "input":
+                Va(a);
+                db(a, d, !1);
+                break;
+              case "textarea":
+                Va(a);
+                jb(a);
+                break;
+              case "option":
+                null != d.value && a.setAttribute("value", "" + Sa(d.value));
+                break;
+              case "select":
+                a.multiple = !!d.multiple;
+                f = d.value;
+                null != f ? fb(a, !!d.multiple, f, !1) : null != d.defaultValue && fb(a, !!d.multiple, d.defaultValue, !0);
+                break;
+              default:
+                "function" === typeof e.onClick && (a.onclick = Bf);
+            }
+            switch (c) {
+              case "button":
+              case "input":
+              case "select":
+              case "textarea":
+                d = !!d.autoFocus;
+                break a;
+              case "img":
+                d = !0;
+                break a;
+              default:
+                d = !1;
+            }
+          }
+          d && (b.flags |= 4);
+        }
+        null !== b.ref && (b.flags |= 512, b.flags |= 2097152);
+      }
+      S(b);
+      return null;
+    case 6:
+      if (a && null != b.stateNode) Dj(a, b, a.memoizedProps, d);else {
+        if ("string" !== typeof d && null === b.stateNode) throw Error(p(166));
+        c = Hh(Gh.current);
+        Hh(Eh.current);
+        if (Gg(b)) {
+          d = b.stateNode;
+          c = b.memoizedProps;
+          d[Of] = b;
+          if (f = d.nodeValue !== c) if (a = xg, null !== a) switch (a.tag) {
+            case 3:
+              Af(d.nodeValue, c, 0 !== (a.mode & 1));
+              break;
+            case 5:
+              !0 !== a.memoizedProps.suppressHydrationWarning && Af(d.nodeValue, c, 0 !== (a.mode & 1));
+          }
+          f && (b.flags |= 4);
+        } else d = (9 === c.nodeType ? c : c.ownerDocument).createTextNode(d), d[Of] = b, b.stateNode = d;
+      }
+      S(b);
+      return null;
+    case 13:
+      E(M);
+      d = b.memoizedState;
+      if (null === a || null !== a.memoizedState && null !== a.memoizedState.dehydrated) {
+        if (I && null !== yg && 0 !== (b.mode & 1) && 0 === (b.flags & 128)) Hg(), Ig(), b.flags |= 98560, f = !1;else if (f = Gg(b), null !== d && null !== d.dehydrated) {
+          if (null === a) {
+            if (!f) throw Error(p(318));
+            f = b.memoizedState;
+            f = null !== f ? f.dehydrated : null;
+            if (!f) throw Error(p(317));
+            f[Of] = b;
+          } else Ig(), 0 === (b.flags & 128) && (b.memoizedState = null), b.flags |= 4;
+          S(b);
+          f = !1;
+        } else null !== zg && (Gj(zg), zg = null), f = !0;
+        if (!f) return b.flags & 65536 ? b : null;
+      }
+      if (0 !== (b.flags & 128)) return b.lanes = c, b;
+      d = null !== d;
+      d !== (null !== a && null !== a.memoizedState) && d && (b.child.flags |= 8192, 0 !== (b.mode & 1) && (null === a || 0 !== (M.current & 1) ? 0 === T && (T = 3) : uj()));
+      null !== b.updateQueue && (b.flags |= 4);
+      S(b);
+      return null;
+    case 4:
+      return Jh(), Bj(a, b), null === a && sf(b.stateNode.containerInfo), S(b), null;
+    case 10:
+      return Rg(b.type._context), S(b), null;
+    case 17:
+      return Zf(b.type) && $f(), S(b), null;
+    case 19:
+      E(M);
+      f = b.memoizedState;
+      if (null === f) return S(b), null;
+      d = 0 !== (b.flags & 128);
+      g = f.rendering;
+      if (null === g) {
+        if (d) Ej(f, !1);else {
+          if (0 !== T || null !== a && 0 !== (a.flags & 128)) for (a = b.child; null !== a;) {
+            g = Mh(a);
+            if (null !== g) {
+              b.flags |= 128;
+              Ej(f, !1);
+              d = g.updateQueue;
+              null !== d && (b.updateQueue = d, b.flags |= 4);
+              b.subtreeFlags = 0;
+              d = c;
+              for (c = b.child; null !== c;) f = c, a = d, f.flags &= 14680066, g = f.alternate, null === g ? (f.childLanes = 0, f.lanes = a, f.child = null, f.subtreeFlags = 0, f.memoizedProps = null, f.memoizedState = null, f.updateQueue = null, f.dependencies = null, f.stateNode = null) : (f.childLanes = g.childLanes, f.lanes = g.lanes, f.child = g.child, f.subtreeFlags = 0, f.deletions = null, f.memoizedProps = g.memoizedProps, f.memoizedState = g.memoizedState, f.updateQueue = g.updateQueue, f.type = g.type, a = g.dependencies, f.dependencies = null === a ? null : {
+                lanes: a.lanes,
+                firstContext: a.firstContext
+              }), c = c.sibling;
+              G(M, M.current & 1 | 2);
+              return b.child;
+            }
+            a = a.sibling;
+          }
+          null !== f.tail && B() > Hj && (b.flags |= 128, d = !0, Ej(f, !1), b.lanes = 4194304);
+        }
+      } else {
+        if (!d) if (a = Mh(g), null !== a) {
+          if (b.flags |= 128, d = !0, c = a.updateQueue, null !== c && (b.updateQueue = c, b.flags |= 4), Ej(f, !0), null === f.tail && "hidden" === f.tailMode && !g.alternate && !I) return S(b), null;
+        } else 2 * B() - f.renderingStartTime > Hj && 1073741824 !== c && (b.flags |= 128, d = !0, Ej(f, !1), b.lanes = 4194304);
+        f.isBackwards ? (g.sibling = b.child, b.child = g) : (c = f.last, null !== c ? c.sibling = g : b.child = g, f.last = g);
+      }
+      if (null !== f.tail) return b = f.tail, f.rendering = b, f.tail = b.sibling, f.renderingStartTime = B(), b.sibling = null, c = M.current, G(M, d ? c & 1 | 2 : c & 1), b;
+      S(b);
+      return null;
+    case 22:
+    case 23:
+      return Ij(), d = null !== b.memoizedState, null !== a && null !== a.memoizedState !== d && (b.flags |= 8192), d && 0 !== (b.mode & 1) ? 0 !== (gj & 1073741824) && (S(b), b.subtreeFlags & 6 && (b.flags |= 8192)) : S(b), null;
+    case 24:
+      return null;
+    case 25:
+      return null;
+  }
+  throw Error(p(156, b.tag));
+}
+function Jj(a, b) {
+  wg(b);
+  switch (b.tag) {
+    case 1:
+      return Zf(b.type) && $f(), a = b.flags, a & 65536 ? (b.flags = a & -65537 | 128, b) : null;
+    case 3:
+      return Jh(), E(Wf), E(H), Oh(), a = b.flags, 0 !== (a & 65536) && 0 === (a & 128) ? (b.flags = a & -65537 | 128, b) : null;
+    case 5:
+      return Lh(b), null;
+    case 13:
+      E(M);
+      a = b.memoizedState;
+      if (null !== a && null !== a.dehydrated) {
+        if (null === b.alternate) throw Error(p(340));
+        Ig();
+      }
+      a = b.flags;
+      return a & 65536 ? (b.flags = a & -65537 | 128, b) : null;
+    case 19:
+      return E(M), null;
+    case 4:
+      return Jh(), null;
+    case 10:
+      return Rg(b.type._context), null;
+    case 22:
+    case 23:
+      return Ij(), null;
+    case 24:
+      return null;
+    default:
+      return null;
+  }
+}
+var Kj = !1,
+  U = !1,
+  Lj = "function" === typeof WeakSet ? WeakSet : Set,
+  V = null;
+function Mj(a, b) {
+  var c = a.ref;
+  if (null !== c) if ("function" === typeof c) try {
+    c(null);
+  } catch (d) {
+    W(a, b, d);
+  } else c.current = null;
+}
+function Nj(a, b, c) {
+  try {
+    c();
+  } catch (d) {
+    W(a, b, d);
+  }
+}
+var Oj = !1;
+function Pj(a, b) {
+  Cf = dd;
+  a = Me();
+  if (Ne(a)) {
+    if ("selectionStart" in a) var c = {
+      start: a.selectionStart,
+      end: a.selectionEnd
+    };else a: {
+      c = (c = a.ownerDocument) && c.defaultView || window;
+      var d = c.getSelection && c.getSelection();
+      if (d && 0 !== d.rangeCount) {
+        c = d.anchorNode;
+        var e = d.anchorOffset,
+          f = d.focusNode;
+        d = d.focusOffset;
+        try {
+          c.nodeType, f.nodeType;
+        } catch (F) {
+          c = null;
+          break a;
+        }
+        var g = 0,
+          h = -1,
+          k = -1,
+          l = 0,
+          m = 0,
+          q = a,
+          r = null;
+        b: for (;;) {
+          for (var y;;) {
+            q !== c || 0 !== e && 3 !== q.nodeType || (h = g + e);
+            q !== f || 0 !== d && 3 !== q.nodeType || (k = g + d);
+            3 === q.nodeType && (g += q.nodeValue.length);
+            if (null === (y = q.firstChild)) break;
+            r = q;
+            q = y;
+          }
+          for (;;) {
+            if (q === a) break b;
+            r === c && ++l === e && (h = g);
+            r === f && ++m === d && (k = g);
+            if (null !== (y = q.nextSibling)) break;
+            q = r;
+            r = q.parentNode;
+          }
+          q = y;
+        }
+        c = -1 === h || -1 === k ? null : {
+          start: h,
+          end: k
+        };
+      } else c = null;
+    }
+    c = c || {
+      start: 0,
+      end: 0
+    };
+  } else c = null;
+  Df = {
+    focusedElem: a,
+    selectionRange: c
+  };
+  dd = !1;
+  for (V = b; null !== V;) if (b = V, a = b.child, 0 !== (b.subtreeFlags & 1028) && null !== a) a.return = b, V = a;else for (; null !== V;) {
+    b = V;
+    try {
+      var n = b.alternate;
+      if (0 !== (b.flags & 1024)) switch (b.tag) {
+        case 0:
+        case 11:
+        case 15:
+          break;
+        case 1:
+          if (null !== n) {
+            var t = n.memoizedProps,
+              J = n.memoizedState,
+              x = b.stateNode,
+              w = x.getSnapshotBeforeUpdate(b.elementType === b.type ? t : Lg(b.type, t), J);
+            x.__reactInternalSnapshotBeforeUpdate = w;
+          }
+          break;
+        case 3:
+          var u = b.stateNode.containerInfo;
+          1 === u.nodeType ? u.textContent = "" : 9 === u.nodeType && u.documentElement && u.removeChild(u.documentElement);
+          break;
+        case 5:
+        case 6:
+        case 4:
+        case 17:
+          break;
+        default:
+          throw Error(p(163));
+      }
+    } catch (F) {
+      W(b, b.return, F);
+    }
+    a = b.sibling;
+    if (null !== a) {
+      a.return = b.return;
+      V = a;
+      break;
+    }
+    V = b.return;
+  }
+  n = Oj;
+  Oj = !1;
+  return n;
+}
+function Qj(a, b, c) {
+  var d = b.updateQueue;
+  d = null !== d ? d.lastEffect : null;
+  if (null !== d) {
+    var e = d = d.next;
+    do {
+      if ((e.tag & a) === a) {
+        var f = e.destroy;
+        e.destroy = void 0;
+        void 0 !== f && Nj(b, c, f);
+      }
+      e = e.next;
+    } while (e !== d);
+  }
+}
+function Rj(a, b) {
+  b = b.updateQueue;
+  b = null !== b ? b.lastEffect : null;
+  if (null !== b) {
+    var c = b = b.next;
+    do {
+      if ((c.tag & a) === a) {
+        var d = c.create;
+        c.destroy = d();
+      }
+      c = c.next;
+    } while (c !== b);
+  }
+}
+function Sj(a) {
+  var b = a.ref;
+  if (null !== b) {
+    var c = a.stateNode;
+    switch (a.tag) {
+      case 5:
+        a = c;
+        break;
+      default:
+        a = c;
+    }
+    "function" === typeof b ? b(a) : b.current = a;
+  }
+}
+function Tj(a) {
+  var b = a.alternate;
+  null !== b && (a.alternate = null, Tj(b));
+  a.child = null;
+  a.deletions = null;
+  a.sibling = null;
+  5 === a.tag && (b = a.stateNode, null !== b && (delete b[Of], delete b[Pf], delete b[of], delete b[Qf], delete b[Rf]));
+  a.stateNode = null;
+  a.return = null;
+  a.dependencies = null;
+  a.memoizedProps = null;
+  a.memoizedState = null;
+  a.pendingProps = null;
+  a.stateNode = null;
+  a.updateQueue = null;
+}
+function Uj(a) {
+  return 5 === a.tag || 3 === a.tag || 4 === a.tag;
+}
+function Vj(a) {
+  a: for (;;) {
+    for (; null === a.sibling;) {
+      if (null === a.return || Uj(a.return)) return null;
+      a = a.return;
+    }
+    a.sibling.return = a.return;
+    for (a = a.sibling; 5 !== a.tag && 6 !== a.tag && 18 !== a.tag;) {
+      if (a.flags & 2) continue a;
+      if (null === a.child || 4 === a.tag) continue a;else a.child.return = a, a = a.child;
+    }
+    if (!(a.flags & 2)) return a.stateNode;
+  }
+}
+function Wj(a, b, c) {
+  var d = a.tag;
+  if (5 === d || 6 === d) a = a.stateNode, b ? 8 === c.nodeType ? c.parentNode.insertBefore(a, b) : c.insertBefore(a, b) : (8 === c.nodeType ? (b = c.parentNode, b.insertBefore(a, c)) : (b = c, b.appendChild(a)), c = c._reactRootContainer, null !== c && void 0 !== c || null !== b.onclick || (b.onclick = Bf));else if (4 !== d && (a = a.child, null !== a)) for (Wj(a, b, c), a = a.sibling; null !== a;) Wj(a, b, c), a = a.sibling;
+}
+function Xj(a, b, c) {
+  var d = a.tag;
+  if (5 === d || 6 === d) a = a.stateNode, b ? c.insertBefore(a, b) : c.appendChild(a);else if (4 !== d && (a = a.child, null !== a)) for (Xj(a, b, c), a = a.sibling; null !== a;) Xj(a, b, c), a = a.sibling;
+}
+var X = null,
+  Yj = !1;
+function Zj(a, b, c) {
+  for (c = c.child; null !== c;) ak(a, b, c), c = c.sibling;
+}
+function ak(a, b, c) {
+  if (lc && "function" === typeof lc.onCommitFiberUnmount) try {
+    lc.onCommitFiberUnmount(kc, c);
+  } catch (h) {}
+  switch (c.tag) {
+    case 5:
+      U || Mj(c, b);
+    case 6:
+      var d = X,
+        e = Yj;
+      X = null;
+      Zj(a, b, c);
+      X = d;
+      Yj = e;
+      null !== X && (Yj ? (a = X, c = c.stateNode, 8 === a.nodeType ? a.parentNode.removeChild(c) : a.removeChild(c)) : X.removeChild(c.stateNode));
+      break;
+    case 18:
+      null !== X && (Yj ? (a = X, c = c.stateNode, 8 === a.nodeType ? Kf(a.parentNode, c) : 1 === a.nodeType && Kf(a, c), bd(a)) : Kf(X, c.stateNode));
+      break;
+    case 4:
+      d = X;
+      e = Yj;
+      X = c.stateNode.containerInfo;
+      Yj = !0;
+      Zj(a, b, c);
+      X = d;
+      Yj = e;
+      break;
+    case 0:
+    case 11:
+    case 14:
+    case 15:
+      if (!U && (d = c.updateQueue, null !== d && (d = d.lastEffect, null !== d))) {
+        e = d = d.next;
+        do {
+          var f = e,
+            g = f.destroy;
+          f = f.tag;
+          void 0 !== g && (0 !== (f & 2) ? Nj(c, b, g) : 0 !== (f & 4) && Nj(c, b, g));
+          e = e.next;
+        } while (e !== d);
+      }
+      Zj(a, b, c);
+      break;
+    case 1:
+      if (!U && (Mj(c, b), d = c.stateNode, "function" === typeof d.componentWillUnmount)) try {
+        d.props = c.memoizedProps, d.state = c.memoizedState, d.componentWillUnmount();
+      } catch (h) {
+        W(c, b, h);
+      }
+      Zj(a, b, c);
+      break;
+    case 21:
+      Zj(a, b, c);
+      break;
+    case 22:
+      c.mode & 1 ? (U = (d = U) || null !== c.memoizedState, Zj(a, b, c), U = d) : Zj(a, b, c);
+      break;
+    default:
+      Zj(a, b, c);
+  }
+}
+function bk(a) {
+  var b = a.updateQueue;
+  if (null !== b) {
+    a.updateQueue = null;
+    var c = a.stateNode;
+    null === c && (c = a.stateNode = new Lj());
+    b.forEach(function (b) {
+      var d = ck.bind(null, a, b);
+      c.has(b) || (c.add(b), b.then(d, d));
+    });
+  }
+}
+function dk(a, b) {
+  var c = b.deletions;
+  if (null !== c) for (var d = 0; d < c.length; d++) {
+    var e = c[d];
+    try {
+      var f = a,
+        g = b,
+        h = g;
+      a: for (; null !== h;) {
+        switch (h.tag) {
+          case 5:
+            X = h.stateNode;
+            Yj = !1;
+            break a;
+          case 3:
+            X = h.stateNode.containerInfo;
+            Yj = !0;
+            break a;
+          case 4:
+            X = h.stateNode.containerInfo;
+            Yj = !0;
+            break a;
+        }
+        h = h.return;
+      }
+      if (null === X) throw Error(p(160));
+      ak(f, g, e);
+      X = null;
+      Yj = !1;
+      var k = e.alternate;
+      null !== k && (k.return = null);
+      e.return = null;
+    } catch (l) {
+      W(e, b, l);
+    }
+  }
+  if (b.subtreeFlags & 12854) for (b = b.child; null !== b;) ek(b, a), b = b.sibling;
+}
+function ek(a, b) {
+  var c = a.alternate,
+    d = a.flags;
+  switch (a.tag) {
+    case 0:
+    case 11:
+    case 14:
+    case 15:
+      dk(b, a);
+      fk(a);
+      if (d & 4) {
+        try {
+          Qj(3, a, a.return), Rj(3, a);
+        } catch (t) {
+          W(a, a.return, t);
+        }
+        try {
+          Qj(5, a, a.return);
+        } catch (t) {
+          W(a, a.return, t);
+        }
+      }
+      break;
+    case 1:
+      dk(b, a);
+      fk(a);
+      d & 512 && null !== c && Mj(c, c.return);
+      break;
+    case 5:
+      dk(b, a);
+      fk(a);
+      d & 512 && null !== c && Mj(c, c.return);
+      if (a.flags & 32) {
+        var e = a.stateNode;
+        try {
+          ob(e, "");
+        } catch (t) {
+          W(a, a.return, t);
+        }
+      }
+      if (d & 4 && (e = a.stateNode, null != e)) {
+        var f = a.memoizedProps,
+          g = null !== c ? c.memoizedProps : f,
+          h = a.type,
+          k = a.updateQueue;
+        a.updateQueue = null;
+        if (null !== k) try {
+          "input" === h && "radio" === f.type && null != f.name && ab(e, f);
+          vb(h, g);
+          var l = vb(h, f);
+          for (g = 0; g < k.length; g += 2) {
+            var m = k[g],
+              q = k[g + 1];
+            "style" === m ? sb(e, q) : "dangerouslySetInnerHTML" === m ? nb(e, q) : "children" === m ? ob(e, q) : ta(e, m, q, l);
+          }
+          switch (h) {
+            case "input":
+              bb(e, f);
+              break;
+            case "textarea":
+              ib(e, f);
+              break;
+            case "select":
+              var r = e._wrapperState.wasMultiple;
+              e._wrapperState.wasMultiple = !!f.multiple;
+              var y = f.value;
+              null != y ? fb(e, !!f.multiple, y, !1) : r !== !!f.multiple && (null != f.defaultValue ? fb(e, !!f.multiple, f.defaultValue, !0) : fb(e, !!f.multiple, f.multiple ? [] : "", !1));
+          }
+          e[Pf] = f;
+        } catch (t) {
+          W(a, a.return, t);
+        }
+      }
+      break;
+    case 6:
+      dk(b, a);
+      fk(a);
+      if (d & 4) {
+        if (null === a.stateNode) throw Error(p(162));
+        e = a.stateNode;
+        f = a.memoizedProps;
+        try {
+          e.nodeValue = f;
+        } catch (t) {
+          W(a, a.return, t);
+        }
+      }
+      break;
+    case 3:
+      dk(b, a);
+      fk(a);
+      if (d & 4 && null !== c && c.memoizedState.isDehydrated) try {
+        bd(b.containerInfo);
+      } catch (t) {
+        W(a, a.return, t);
+      }
+      break;
+    case 4:
+      dk(b, a);
+      fk(a);
+      break;
+    case 13:
+      dk(b, a);
+      fk(a);
+      e = a.child;
+      e.flags & 8192 && (f = null !== e.memoizedState, e.stateNode.isHidden = f, !f || null !== e.alternate && null !== e.alternate.memoizedState || (gk = B()));
+      d & 4 && bk(a);
+      break;
+    case 22:
+      m = null !== c && null !== c.memoizedState;
+      a.mode & 1 ? (U = (l = U) || m, dk(b, a), U = l) : dk(b, a);
+      fk(a);
+      if (d & 8192) {
+        l = null !== a.memoizedState;
+        if ((a.stateNode.isHidden = l) && !m && 0 !== (a.mode & 1)) for (V = a, m = a.child; null !== m;) {
+          for (q = V = m; null !== V;) {
+            r = V;
+            y = r.child;
+            switch (r.tag) {
+              case 0:
+              case 11:
+              case 14:
+              case 15:
+                Qj(4, r, r.return);
+                break;
+              case 1:
+                Mj(r, r.return);
+                var n = r.stateNode;
+                if ("function" === typeof n.componentWillUnmount) {
+                  d = r;
+                  c = r.return;
+                  try {
+                    b = d, n.props = b.memoizedProps, n.state = b.memoizedState, n.componentWillUnmount();
+                  } catch (t) {
+                    W(d, c, t);
+                  }
+                }
+                break;
+              case 5:
+                Mj(r, r.return);
+                break;
+              case 22:
+                if (null !== r.memoizedState) {
+                  hk(q);
+                  continue;
+                }
+            }
+            null !== y ? (y.return = r, V = y) : hk(q);
+          }
+          m = m.sibling;
+        }
+        a: for (m = null, q = a;;) {
+          if (5 === q.tag) {
+            if (null === m) {
+              m = q;
+              try {
+                e = q.stateNode, l ? (f = e.style, "function" === typeof f.setProperty ? f.setProperty("display", "none", "important") : f.display = "none") : (h = q.stateNode, k = q.memoizedProps.style, g = void 0 !== k && null !== k && k.hasOwnProperty("display") ? k.display : null, h.style.display = rb("display", g));
+              } catch (t) {
+                W(a, a.return, t);
+              }
+            }
+          } else if (6 === q.tag) {
+            if (null === m) try {
+              q.stateNode.nodeValue = l ? "" : q.memoizedProps;
+            } catch (t) {
+              W(a, a.return, t);
+            }
+          } else if ((22 !== q.tag && 23 !== q.tag || null === q.memoizedState || q === a) && null !== q.child) {
+            q.child.return = q;
+            q = q.child;
+            continue;
+          }
+          if (q === a) break a;
+          for (; null === q.sibling;) {
+            if (null === q.return || q.return === a) break a;
+            m === q && (m = null);
+            q = q.return;
+          }
+          m === q && (m = null);
+          q.sibling.return = q.return;
+          q = q.sibling;
+        }
+      }
+      break;
+    case 19:
+      dk(b, a);
+      fk(a);
+      d & 4 && bk(a);
+      break;
+    case 21:
+      break;
+    default:
+      dk(b, a), fk(a);
+  }
+}
+function fk(a) {
+  var b = a.flags;
+  if (b & 2) {
+    try {
+      a: {
+        for (var c = a.return; null !== c;) {
+          if (Uj(c)) {
+            var d = c;
+            break a;
+          }
+          c = c.return;
+        }
+        throw Error(p(160));
+      }
+      switch (d.tag) {
+        case 5:
+          var e = d.stateNode;
+          d.flags & 32 && (ob(e, ""), d.flags &= -33);
+          var f = Vj(a);
+          Xj(a, f, e);
+          break;
+        case 3:
+        case 4:
+          var g = d.stateNode.containerInfo,
+            h = Vj(a);
+          Wj(a, h, g);
+          break;
+        default:
+          throw Error(p(161));
+      }
+    } catch (k) {
+      W(a, a.return, k);
+    }
+    a.flags &= -3;
+  }
+  b & 4096 && (a.flags &= -4097);
+}
+function ik(a, b, c) {
+  V = a;
+  jk(a, b, c);
+}
+function jk(a, b, c) {
+  for (var d = 0 !== (a.mode & 1); null !== V;) {
+    var e = V,
+      f = e.child;
+    if (22 === e.tag && d) {
+      var g = null !== e.memoizedState || Kj;
+      if (!g) {
+        var h = e.alternate,
+          k = null !== h && null !== h.memoizedState || U;
+        h = Kj;
+        var l = U;
+        Kj = g;
+        if ((U = k) && !l) for (V = e; null !== V;) g = V, k = g.child, 22 === g.tag && null !== g.memoizedState ? kk(e) : null !== k ? (k.return = g, V = k) : kk(e);
+        for (; null !== f;) V = f, jk(f, b, c), f = f.sibling;
+        V = e;
+        Kj = h;
+        U = l;
+      }
+      lk(a, b, c);
+    } else 0 !== (e.subtreeFlags & 8772) && null !== f ? (f.return = e, V = f) : lk(a, b, c);
+  }
+}
+function lk(a) {
+  for (; null !== V;) {
+    var b = V;
+    if (0 !== (b.flags & 8772)) {
+      var c = b.alternate;
+      try {
+        if (0 !== (b.flags & 8772)) switch (b.tag) {
+          case 0:
+          case 11:
+          case 15:
+            U || Rj(5, b);
+            break;
+          case 1:
+            var d = b.stateNode;
+            if (b.flags & 4 && !U) if (null === c) d.componentDidMount();else {
+              var e = b.elementType === b.type ? c.memoizedProps : Lg(b.type, c.memoizedProps);
+              d.componentDidUpdate(e, c.memoizedState, d.__reactInternalSnapshotBeforeUpdate);
+            }
+            var f = b.updateQueue;
+            null !== f && ih(b, f, d);
+            break;
+          case 3:
+            var g = b.updateQueue;
+            if (null !== g) {
+              c = null;
+              if (null !== b.child) switch (b.child.tag) {
+                case 5:
+                  c = b.child.stateNode;
+                  break;
+                case 1:
+                  c = b.child.stateNode;
+              }
+              ih(b, g, c);
+            }
+            break;
+          case 5:
+            var h = b.stateNode;
+            if (null === c && b.flags & 4) {
+              c = h;
+              var k = b.memoizedProps;
+              switch (b.type) {
+                case "button":
+                case "input":
+                case "select":
+                case "textarea":
+                  k.autoFocus && c.focus();
+                  break;
+                case "img":
+                  k.src && (c.src = k.src);
+              }
+            }
+            break;
+          case 6:
+            break;
+          case 4:
+            break;
+          case 12:
+            break;
+          case 13:
+            if (null === b.memoizedState) {
+              var l = b.alternate;
+              if (null !== l) {
+                var m = l.memoizedState;
+                if (null !== m) {
+                  var q = m.dehydrated;
+                  null !== q && bd(q);
+                }
+              }
+            }
+            break;
+          case 19:
+          case 17:
+          case 21:
+          case 22:
+          case 23:
+          case 25:
+            break;
+          default:
+            throw Error(p(163));
+        }
+        U || b.flags & 512 && Sj(b);
+      } catch (r) {
+        W(b, b.return, r);
+      }
+    }
+    if (b === a) {
+      V = null;
+      break;
+    }
+    c = b.sibling;
+    if (null !== c) {
+      c.return = b.return;
+      V = c;
+      break;
+    }
+    V = b.return;
+  }
+}
+function hk(a) {
+  for (; null !== V;) {
+    var b = V;
+    if (b === a) {
+      V = null;
+      break;
+    }
+    var c = b.sibling;
+    if (null !== c) {
+      c.return = b.return;
+      V = c;
+      break;
+    }
+    V = b.return;
+  }
+}
+function kk(a) {
+  for (; null !== V;) {
+    var b = V;
+    try {
+      switch (b.tag) {
+        case 0:
+        case 11:
+        case 15:
+          var c = b.return;
+          try {
+            Rj(4, b);
+          } catch (k) {
+            W(b, c, k);
+          }
+          break;
+        case 1:
+          var d = b.stateNode;
+          if ("function" === typeof d.componentDidMount) {
+            var e = b.return;
+            try {
+              d.componentDidMount();
+            } catch (k) {
+              W(b, e, k);
+            }
+          }
+          var f = b.return;
+          try {
+            Sj(b);
+          } catch (k) {
+            W(b, f, k);
+          }
+          break;
+        case 5:
+          var g = b.return;
+          try {
+            Sj(b);
+          } catch (k) {
+            W(b, g, k);
+          }
+      }
+    } catch (k) {
+      W(b, b.return, k);
+    }
+    if (b === a) {
+      V = null;
+      break;
+    }
+    var h = b.sibling;
+    if (null !== h) {
+      h.return = b.return;
+      V = h;
+      break;
+    }
+    V = b.return;
+  }
+}
+var mk = Math.ceil,
+  nk = ua.ReactCurrentDispatcher,
+  ok = ua.ReactCurrentOwner,
+  pk = ua.ReactCurrentBatchConfig,
+  K = 0,
+  R = null,
+  Y = null,
+  Z = 0,
+  gj = 0,
+  fj = Uf(0),
+  T = 0,
+  qk = null,
+  hh = 0,
+  rk = 0,
+  sk = 0,
+  tk = null,
+  uk = null,
+  gk = 0,
+  Hj = Infinity,
+  vk = null,
+  Pi = !1,
+  Qi = null,
+  Si = null,
+  wk = !1,
+  xk = null,
+  yk = 0,
+  zk = 0,
+  Ak = null,
+  Bk = -1,
+  Ck = 0;
+function L() {
+  return 0 !== (K & 6) ? B() : -1 !== Bk ? Bk : Bk = B();
+}
+function lh(a) {
+  if (0 === (a.mode & 1)) return 1;
+  if (0 !== (K & 2) && 0 !== Z) return Z & -Z;
+  if (null !== Kg.transition) return 0 === Ck && (Ck = yc()), Ck;
+  a = C;
+  if (0 !== a) return a;
+  a = window.event;
+  a = void 0 === a ? 16 : jd(a.type);
+  return a;
+}
+function mh(a, b, c, d) {
+  if (50 < zk) throw zk = 0, Ak = null, Error(p(185));
+  Ac(a, c, d);
+  if (0 === (K & 2) || a !== R) a === R && (0 === (K & 2) && (rk |= c), 4 === T && Dk(a, Z)), Ek(a, d), 1 === c && 0 === K && 0 === (b.mode & 1) && (Hj = B() + 500, fg && jg());
+}
+function Ek(a, b) {
+  var c = a.callbackNode;
+  wc(a, b);
+  var d = uc(a, a === R ? Z : 0);
+  if (0 === d) null !== c && bc(c), a.callbackNode = null, a.callbackPriority = 0;else if (b = d & -d, a.callbackPriority !== b) {
+    null != c && bc(c);
+    if (1 === b) 0 === a.tag ? ig(Fk.bind(null, a)) : hg(Fk.bind(null, a)), Jf(function () {
+      0 === (K & 6) && jg();
+    }), c = null;else {
+      switch (Dc(d)) {
+        case 1:
+          c = fc;
+          break;
+        case 4:
+          c = gc;
+          break;
+        case 16:
+          c = hc;
+          break;
+        case 536870912:
+          c = jc;
+          break;
+        default:
+          c = hc;
+      }
+      c = Gk(c, Hk.bind(null, a));
+    }
+    a.callbackPriority = b;
+    a.callbackNode = c;
+  }
+}
+function Hk(a, b) {
+  Bk = -1;
+  Ck = 0;
+  if (0 !== (K & 6)) throw Error(p(327));
+  var c = a.callbackNode;
+  if (Ik() && a.callbackNode !== c) return null;
+  var d = uc(a, a === R ? Z : 0);
+  if (0 === d) return null;
+  if (0 !== (d & 30) || 0 !== (d & a.expiredLanes) || b) b = Jk(a, d);else {
+    b = d;
+    var e = K;
+    K |= 2;
+    var f = Kk();
+    if (R !== a || Z !== b) vk = null, Hj = B() + 500, Lk(a, b);
+    do try {
+      Mk();
+      break;
+    } catch (h) {
+      Nk(a, h);
+    } while (1);
+    Qg();
+    nk.current = f;
+    K = e;
+    null !== Y ? b = 0 : (R = null, Z = 0, b = T);
+  }
+  if (0 !== b) {
+    2 === b && (e = xc(a), 0 !== e && (d = e, b = Ok(a, e)));
+    if (1 === b) throw c = qk, Lk(a, 0), Dk(a, d), Ek(a, B()), c;
+    if (6 === b) Dk(a, d);else {
+      e = a.current.alternate;
+      if (0 === (d & 30) && !Pk(e) && (b = Jk(a, d), 2 === b && (f = xc(a), 0 !== f && (d = f, b = Ok(a, f))), 1 === b)) throw c = qk, Lk(a, 0), Dk(a, d), Ek(a, B()), c;
+      a.finishedWork = e;
+      a.finishedLanes = d;
+      switch (b) {
+        case 0:
+        case 1:
+          throw Error(p(345));
+        case 2:
+          Qk(a, uk, vk);
+          break;
+        case 3:
+          Dk(a, d);
+          if ((d & 130023424) === d && (b = gk + 500 - B(), 10 < b)) {
+            if (0 !== uc(a, 0)) break;
+            e = a.suspendedLanes;
+            if ((e & d) !== d) {
+              L();
+              a.pingedLanes |= a.suspendedLanes & e;
+              break;
+            }
+            a.timeoutHandle = Ff(Qk.bind(null, a, uk, vk), b);
+            break;
+          }
+          Qk(a, uk, vk);
+          break;
+        case 4:
+          Dk(a, d);
+          if ((d & 4194240) === d) break;
+          b = a.eventTimes;
+          for (e = -1; 0 < d;) {
+            var g = 31 - oc(d);
+            f = 1 << g;
+            g = b[g];
+            g > e && (e = g);
+            d &= ~f;
+          }
+          d = e;
+          d = B() - d;
+          d = (120 > d ? 120 : 480 > d ? 480 : 1080 > d ? 1080 : 1920 > d ? 1920 : 3E3 > d ? 3E3 : 4320 > d ? 4320 : 1960 * mk(d / 1960)) - d;
+          if (10 < d) {
+            a.timeoutHandle = Ff(Qk.bind(null, a, uk, vk), d);
+            break;
+          }
+          Qk(a, uk, vk);
+          break;
+        case 5:
+          Qk(a, uk, vk);
+          break;
+        default:
+          throw Error(p(329));
+      }
+    }
+  }
+  Ek(a, B());
+  return a.callbackNode === c ? Hk.bind(null, a) : null;
+}
+function Ok(a, b) {
+  var c = tk;
+  a.current.memoizedState.isDehydrated && (Lk(a, b).flags |= 256);
+  a = Jk(a, b);
+  2 !== a && (b = uk, uk = c, null !== b && Gj(b));
+  return a;
+}
+function Gj(a) {
+  null === uk ? uk = a : uk.push.apply(uk, a);
+}
+function Pk(a) {
+  for (var b = a;;) {
+    if (b.flags & 16384) {
+      var c = b.updateQueue;
+      if (null !== c && (c = c.stores, null !== c)) for (var d = 0; d < c.length; d++) {
+        var e = c[d],
+          f = e.getSnapshot;
+        e = e.value;
+        try {
+          if (!He(f(), e)) return !1;
+        } catch (g) {
+          return !1;
+        }
+      }
+    }
+    c = b.child;
+    if (b.subtreeFlags & 16384 && null !== c) c.return = b, b = c;else {
+      if (b === a) break;
+      for (; null === b.sibling;) {
+        if (null === b.return || b.return === a) return !0;
+        b = b.return;
+      }
+      b.sibling.return = b.return;
+      b = b.sibling;
+    }
+  }
+  return !0;
+}
+function Dk(a, b) {
+  b &= ~sk;
+  b &= ~rk;
+  a.suspendedLanes |= b;
+  a.pingedLanes &= ~b;
+  for (a = a.expirationTimes; 0 < b;) {
+    var c = 31 - oc(b),
+      d = 1 << c;
+    a[c] = -1;
+    b &= ~d;
+  }
+}
+function Fk(a) {
+  if (0 !== (K & 6)) throw Error(p(327));
+  Ik();
+  var b = uc(a, 0);
+  if (0 === (b & 1)) return Ek(a, B()), null;
+  var c = Jk(a, b);
+  if (0 !== a.tag && 2 === c) {
+    var d = xc(a);
+    0 !== d && (b = d, c = Ok(a, d));
+  }
+  if (1 === c) throw c = qk, Lk(a, 0), Dk(a, b), Ek(a, B()), c;
+  if (6 === c) throw Error(p(345));
+  a.finishedWork = a.current.alternate;
+  a.finishedLanes = b;
+  Qk(a, uk, vk);
+  Ek(a, B());
+  return null;
+}
+function Rk(a, b) {
+  var c = K;
+  K |= 1;
+  try {
+    return a(b);
+  } finally {
+    K = c, 0 === K && (Hj = B() + 500, fg && jg());
+  }
+}
+function Sk(a) {
+  null !== xk && 0 === xk.tag && 0 === (K & 6) && Ik();
+  var b = K;
+  K |= 1;
+  var c = pk.transition,
+    d = C;
+  try {
+    if (pk.transition = null, C = 1, a) return a();
+  } finally {
+    C = d, pk.transition = c, K = b, 0 === (K & 6) && jg();
+  }
+}
+function Ij() {
+  gj = fj.current;
+  E(fj);
+}
+function Lk(a, b) {
+  a.finishedWork = null;
+  a.finishedLanes = 0;
+  var c = a.timeoutHandle;
+  -1 !== c && (a.timeoutHandle = -1, Gf(c));
+  if (null !== Y) for (c = Y.return; null !== c;) {
+    var d = c;
+    wg(d);
+    switch (d.tag) {
+      case 1:
+        d = d.type.childContextTypes;
+        null !== d && void 0 !== d && $f();
+        break;
+      case 3:
+        Jh();
+        E(Wf);
+        E(H);
+        Oh();
+        break;
+      case 5:
+        Lh(d);
+        break;
+      case 4:
+        Jh();
+        break;
+      case 13:
+        E(M);
+        break;
+      case 19:
+        E(M);
+        break;
+      case 10:
+        Rg(d.type._context);
+        break;
+      case 22:
+      case 23:
+        Ij();
+    }
+    c = c.return;
+  }
+  R = a;
+  Y = a = wh(a.current, null);
+  Z = gj = b;
+  T = 0;
+  qk = null;
+  sk = rk = hh = 0;
+  uk = tk = null;
+  if (null !== Wg) {
+    for (b = 0; b < Wg.length; b++) if (c = Wg[b], d = c.interleaved, null !== d) {
+      c.interleaved = null;
+      var e = d.next,
+        f = c.pending;
+      if (null !== f) {
+        var g = f.next;
+        f.next = e;
+        d.next = g;
+      }
+      c.pending = d;
+    }
+    Wg = null;
+  }
+  return a;
+}
+function Nk(a, b) {
+  do {
+    var c = Y;
+    try {
+      Qg();
+      Ph.current = ai;
+      if (Sh) {
+        for (var d = N.memoizedState; null !== d;) {
+          var e = d.queue;
+          null !== e && (e.pending = null);
+          d = d.next;
+        }
+        Sh = !1;
+      }
+      Rh = 0;
+      P = O = N = null;
+      Th = !1;
+      Uh = 0;
+      ok.current = null;
+      if (null === c || null === c.return) {
+        T = 1;
+        qk = b;
+        Y = null;
+        break;
+      }
+      a: {
+        var f = a,
+          g = c.return,
+          h = c,
+          k = b;
+        b = Z;
+        h.flags |= 32768;
+        if (null !== k && "object" === typeof k && "function" === typeof k.then) {
+          var l = k,
+            m = h,
+            q = m.tag;
+          if (0 === (m.mode & 1) && (0 === q || 11 === q || 15 === q)) {
+            var r = m.alternate;
+            r ? (m.updateQueue = r.updateQueue, m.memoizedState = r.memoizedState, m.lanes = r.lanes) : (m.updateQueue = null, m.memoizedState = null);
+          }
+          var y = Vi(g);
+          if (null !== y) {
+            y.flags &= -257;
+            Wi(y, g, h, f, b);
+            y.mode & 1 && Ti(f, l, b);
+            b = y;
+            k = l;
+            var n = b.updateQueue;
+            if (null === n) {
+              var t = new Set();
+              t.add(k);
+              b.updateQueue = t;
+            } else n.add(k);
+            break a;
+          } else {
+            if (0 === (b & 1)) {
+              Ti(f, l, b);
+              uj();
+              break a;
+            }
+            k = Error(p(426));
+          }
+        } else if (I && h.mode & 1) {
+          var J = Vi(g);
+          if (null !== J) {
+            0 === (J.flags & 65536) && (J.flags |= 256);
+            Wi(J, g, h, f, b);
+            Jg(Ki(k, h));
+            break a;
+          }
+        }
+        f = k = Ki(k, h);
+        4 !== T && (T = 2);
+        null === tk ? tk = [f] : tk.push(f);
+        f = g;
+        do {
+          switch (f.tag) {
+            case 3:
+              f.flags |= 65536;
+              b &= -b;
+              f.lanes |= b;
+              var x = Oi(f, k, b);
+              fh(f, x);
+              break a;
+            case 1:
+              h = k;
+              var w = f.type,
+                u = f.stateNode;
+              if (0 === (f.flags & 128) && ("function" === typeof w.getDerivedStateFromError || null !== u && "function" === typeof u.componentDidCatch && (null === Si || !Si.has(u)))) {
+                f.flags |= 65536;
+                b &= -b;
+                f.lanes |= b;
+                var F = Ri(f, h, b);
+                fh(f, F);
+                break a;
+              }
+          }
+          f = f.return;
+        } while (null !== f);
+      }
+      Tk(c);
+    } catch (na) {
+      b = na;
+      Y === c && null !== c && (Y = c = c.return);
+      continue;
+    }
+    break;
+  } while (1);
+}
+function Kk() {
+  var a = nk.current;
+  nk.current = ai;
+  return null === a ? ai : a;
+}
+function uj() {
+  if (0 === T || 3 === T || 2 === T) T = 4;
+  null === R || 0 === (hh & 268435455) && 0 === (rk & 268435455) || Dk(R, Z);
+}
+function Jk(a, b) {
+  var c = K;
+  K |= 2;
+  var d = Kk();
+  if (R !== a || Z !== b) vk = null, Lk(a, b);
+  do try {
+    Uk();
+    break;
+  } catch (e) {
+    Nk(a, e);
+  } while (1);
+  Qg();
+  K = c;
+  nk.current = d;
+  if (null !== Y) throw Error(p(261));
+  R = null;
+  Z = 0;
+  return T;
+}
+function Uk() {
+  for (; null !== Y;) Vk(Y);
+}
+function Mk() {
+  for (; null !== Y && !cc();) Vk(Y);
+}
+function Vk(a) {
+  var b = Wk(a.alternate, a, gj);
+  a.memoizedProps = a.pendingProps;
+  null === b ? Tk(a) : Y = b;
+  ok.current = null;
+}
+function Tk(a) {
+  var b = a;
+  do {
+    var c = b.alternate;
+    a = b.return;
+    if (0 === (b.flags & 32768)) {
+      if (c = Fj(c, b, gj), null !== c) {
+        Y = c;
+        return;
+      }
+    } else {
+      c = Jj(c, b);
+      if (null !== c) {
+        c.flags &= 32767;
+        Y = c;
+        return;
+      }
+      if (null !== a) a.flags |= 32768, a.subtreeFlags = 0, a.deletions = null;else {
+        T = 6;
+        Y = null;
+        return;
+      }
+    }
+    b = b.sibling;
+    if (null !== b) {
+      Y = b;
+      return;
+    }
+    Y = b = a;
+  } while (null !== b);
+  0 === T && (T = 5);
+}
+function Qk(a, b, c) {
+  var d = C,
+    e = pk.transition;
+  try {
+    pk.transition = null, C = 1, Xk(a, b, c, d);
+  } finally {
+    pk.transition = e, C = d;
+  }
+  return null;
+}
+function Xk(a, b, c, d) {
+  do Ik(); while (null !== xk);
+  if (0 !== (K & 6)) throw Error(p(327));
+  c = a.finishedWork;
+  var e = a.finishedLanes;
+  if (null === c) return null;
+  a.finishedWork = null;
+  a.finishedLanes = 0;
+  if (c === a.current) throw Error(p(177));
+  a.callbackNode = null;
+  a.callbackPriority = 0;
+  var f = c.lanes | c.childLanes;
+  Bc(a, f);
+  a === R && (Y = R = null, Z = 0);
+  0 === (c.subtreeFlags & 2064) && 0 === (c.flags & 2064) || wk || (wk = !0, Gk(hc, function () {
+    Ik();
+    return null;
+  }));
+  f = 0 !== (c.flags & 15990);
+  if (0 !== (c.subtreeFlags & 15990) || f) {
+    f = pk.transition;
+    pk.transition = null;
+    var g = C;
+    C = 1;
+    var h = K;
+    K |= 4;
+    ok.current = null;
+    Pj(a, c);
+    ek(c, a);
+    Oe(Df);
+    dd = !!Cf;
+    Df = Cf = null;
+    a.current = c;
+    ik(c, a, e);
+    dc();
+    K = h;
+    C = g;
+    pk.transition = f;
+  } else a.current = c;
+  wk && (wk = !1, xk = a, yk = e);
+  f = a.pendingLanes;
+  0 === f && (Si = null);
+  mc(c.stateNode, d);
+  Ek(a, B());
+  if (null !== b) for (d = a.onRecoverableError, c = 0; c < b.length; c++) e = b[c], d(e.value, {
+    componentStack: e.stack,
+    digest: e.digest
+  });
+  if (Pi) throw Pi = !1, a = Qi, Qi = null, a;
+  0 !== (yk & 1) && 0 !== a.tag && Ik();
+  f = a.pendingLanes;
+  0 !== (f & 1) ? a === Ak ? zk++ : (zk = 0, Ak = a) : zk = 0;
+  jg();
+  return null;
+}
+function Ik() {
+  if (null !== xk) {
+    var a = Dc(yk),
+      b = pk.transition,
+      c = C;
+    try {
+      pk.transition = null;
+      C = 16 > a ? 16 : a;
+      if (null === xk) var d = !1;else {
+        a = xk;
+        xk = null;
+        yk = 0;
+        if (0 !== (K & 6)) throw Error(p(331));
+        var e = K;
+        K |= 4;
+        for (V = a.current; null !== V;) {
+          var f = V,
+            g = f.child;
+          if (0 !== (V.flags & 16)) {
+            var h = f.deletions;
+            if (null !== h) {
+              for (var k = 0; k < h.length; k++) {
+                var l = h[k];
+                for (V = l; null !== V;) {
+                  var m = V;
+                  switch (m.tag) {
+                    case 0:
+                    case 11:
+                    case 15:
+                      Qj(8, m, f);
+                  }
+                  var q = m.child;
+                  if (null !== q) q.return = m, V = q;else for (; null !== V;) {
+                    m = V;
+                    var r = m.sibling,
+                      y = m.return;
+                    Tj(m);
+                    if (m === l) {
+                      V = null;
+                      break;
+                    }
+                    if (null !== r) {
+                      r.return = y;
+                      V = r;
+                      break;
+                    }
+                    V = y;
+                  }
+                }
+              }
+              var n = f.alternate;
+              if (null !== n) {
+                var t = n.child;
+                if (null !== t) {
+                  n.child = null;
+                  do {
+                    var J = t.sibling;
+                    t.sibling = null;
+                    t = J;
+                  } while (null !== t);
+                }
+              }
+              V = f;
+            }
+          }
+          if (0 !== (f.subtreeFlags & 2064) && null !== g) g.return = f, V = g;else b: for (; null !== V;) {
+            f = V;
+            if (0 !== (f.flags & 2048)) switch (f.tag) {
+              case 0:
+              case 11:
+              case 15:
+                Qj(9, f, f.return);
+            }
+            var x = f.sibling;
+            if (null !== x) {
+              x.return = f.return;
+              V = x;
+              break b;
+            }
+            V = f.return;
+          }
+        }
+        var w = a.current;
+        for (V = w; null !== V;) {
+          g = V;
+          var u = g.child;
+          if (0 !== (g.subtreeFlags & 2064) && null !== u) u.return = g, V = u;else b: for (g = w; null !== V;) {
+            h = V;
+            if (0 !== (h.flags & 2048)) try {
+              switch (h.tag) {
+                case 0:
+                case 11:
+                case 15:
+                  Rj(9, h);
+              }
+            } catch (na) {
+              W(h, h.return, na);
+            }
+            if (h === g) {
+              V = null;
+              break b;
+            }
+            var F = h.sibling;
+            if (null !== F) {
+              F.return = h.return;
+              V = F;
+              break b;
+            }
+            V = h.return;
+          }
+        }
+        K = e;
+        jg();
+        if (lc && "function" === typeof lc.onPostCommitFiberRoot) try {
+          lc.onPostCommitFiberRoot(kc, a);
+        } catch (na) {}
+        d = !0;
+      }
+      return d;
+    } finally {
+      C = c, pk.transition = b;
+    }
+  }
+  return !1;
+}
+function Yk(a, b, c) {
+  b = Ki(c, b);
+  b = Oi(a, b, 1);
+  a = dh(a, b, 1);
+  b = L();
+  null !== a && (Ac(a, 1, b), Ek(a, b));
+}
+function W(a, b, c) {
+  if (3 === a.tag) Yk(a, a, c);else for (; null !== b;) {
+    if (3 === b.tag) {
+      Yk(b, a, c);
+      break;
+    } else if (1 === b.tag) {
+      var d = b.stateNode;
+      if ("function" === typeof b.type.getDerivedStateFromError || "function" === typeof d.componentDidCatch && (null === Si || !Si.has(d))) {
+        a = Ki(c, a);
+        a = Ri(b, a, 1);
+        b = dh(b, a, 1);
+        a = L();
+        null !== b && (Ac(b, 1, a), Ek(b, a));
+        break;
+      }
+    }
+    b = b.return;
+  }
+}
+function Ui(a, b, c) {
+  var d = a.pingCache;
+  null !== d && d.delete(b);
+  b = L();
+  a.pingedLanes |= a.suspendedLanes & c;
+  R === a && (Z & c) === c && (4 === T || 3 === T && (Z & 130023424) === Z && 500 > B() - gk ? Lk(a, 0) : sk |= c);
+  Ek(a, b);
+}
+function Zk(a, b) {
+  0 === b && (0 === (a.mode & 1) ? b = 1 : (b = sc, sc <<= 1, 0 === (sc & 130023424) && (sc = 4194304)));
+  var c = L();
+  a = Zg(a, b);
+  null !== a && (Ac(a, b, c), Ek(a, c));
+}
+function vj(a) {
+  var b = a.memoizedState,
+    c = 0;
+  null !== b && (c = b.retryLane);
+  Zk(a, c);
+}
+function ck(a, b) {
+  var c = 0;
+  switch (a.tag) {
+    case 13:
+      var d = a.stateNode;
+      var e = a.memoizedState;
+      null !== e && (c = e.retryLane);
+      break;
+    case 19:
+      d = a.stateNode;
+      break;
+    default:
+      throw Error(p(314));
+  }
+  null !== d && d.delete(b);
+  Zk(a, c);
+}
+var Wk;
+Wk = function Wk(a, b, c) {
+  if (null !== a) {
+    if (a.memoizedProps !== b.pendingProps || Wf.current) Ug = !0;else {
+      if (0 === (a.lanes & c) && 0 === (b.flags & 128)) return Ug = !1, zj(a, b, c);
+      Ug = 0 !== (a.flags & 131072) ? !0 : !1;
+    }
+  } else Ug = !1, I && 0 !== (b.flags & 1048576) && ug(b, ng, b.index);
+  b.lanes = 0;
+  switch (b.tag) {
+    case 2:
+      var d = b.type;
+      jj(a, b);
+      a = b.pendingProps;
+      var e = Yf(b, H.current);
+      Tg(b, c);
+      e = Xh(null, b, d, a, e, c);
+      var f = bi();
+      b.flags |= 1;
+      "object" === typeof e && null !== e && "function" === typeof e.render && void 0 === e.$$typeof ? (b.tag = 1, b.memoizedState = null, b.updateQueue = null, Zf(d) ? (f = !0, cg(b)) : f = !1, b.memoizedState = null !== e.state && void 0 !== e.state ? e.state : null, ah(b), e.updater = nh, b.stateNode = e, e._reactInternals = b, rh(b, d, a, c), b = kj(null, b, d, !0, f, c)) : (b.tag = 0, I && f && vg(b), Yi(null, b, e, c), b = b.child);
+      return b;
+    case 16:
+      d = b.elementType;
+      a: {
+        jj(a, b);
+        a = b.pendingProps;
+        e = d._init;
+        d = e(d._payload);
+        b.type = d;
+        e = b.tag = $k(d);
+        a = Lg(d, a);
+        switch (e) {
+          case 0:
+            b = dj(null, b, d, a, c);
+            break a;
+          case 1:
+            b = ij(null, b, d, a, c);
+            break a;
+          case 11:
+            b = Zi(null, b, d, a, c);
+            break a;
+          case 14:
+            b = aj(null, b, d, Lg(d.type, a), c);
+            break a;
+        }
+        throw Error(p(306, d, ""));
+      }
+      return b;
+    case 0:
+      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), dj(a, b, d, e, c);
+    case 1:
+      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), ij(a, b, d, e, c);
+    case 3:
+      a: {
+        lj(b);
+        if (null === a) throw Error(p(387));
+        d = b.pendingProps;
+        f = b.memoizedState;
+        e = f.element;
+        bh(a, b);
+        gh(b, d, null, c);
+        var g = b.memoizedState;
+        d = g.element;
+        if (f.isDehydrated) {
+          if (f = {
+            element: d,
+            isDehydrated: !1,
+            cache: g.cache,
+            pendingSuspenseBoundaries: g.pendingSuspenseBoundaries,
+            transitions: g.transitions
+          }, b.updateQueue.baseState = f, b.memoizedState = f, b.flags & 256) {
+            e = Ki(Error(p(423)), b);
+            b = mj(a, b, d, c, e);
+            break a;
+          } else if (d !== e) {
+            e = Ki(Error(p(424)), b);
+            b = mj(a, b, d, c, e);
+            break a;
+          } else for (yg = Lf(b.stateNode.containerInfo.firstChild), xg = b, I = !0, zg = null, c = Ch(b, null, d, c), b.child = c; c;) c.flags = c.flags & -3 | 4096, c = c.sibling;
+        } else {
+          Ig();
+          if (d === e) {
+            b = $i(a, b, c);
+            break a;
+          }
+          Yi(a, b, d, c);
+        }
+        b = b.child;
+      }
+      return b;
+    case 5:
+      return Kh(b), null === a && Eg(b), d = b.type, e = b.pendingProps, f = null !== a ? a.memoizedProps : null, g = e.children, Ef(d, e) ? g = null : null !== f && Ef(d, f) && (b.flags |= 32), hj(a, b), Yi(a, b, g, c), b.child;
+    case 6:
+      return null === a && Eg(b), null;
+    case 13:
+      return pj(a, b, c);
+    case 4:
+      return Ih(b, b.stateNode.containerInfo), d = b.pendingProps, null === a ? b.child = Bh(b, null, d, c) : Yi(a, b, d, c), b.child;
+    case 11:
+      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), Zi(a, b, d, e, c);
+    case 7:
+      return Yi(a, b, b.pendingProps, c), b.child;
+    case 8:
+      return Yi(a, b, b.pendingProps.children, c), b.child;
+    case 12:
+      return Yi(a, b, b.pendingProps.children, c), b.child;
+    case 10:
+      a: {
+        d = b.type._context;
+        e = b.pendingProps;
+        f = b.memoizedProps;
+        g = e.value;
+        G(Mg, d._currentValue);
+        d._currentValue = g;
+        if (null !== f) if (He(f.value, g)) {
+          if (f.children === e.children && !Wf.current) {
+            b = $i(a, b, c);
+            break a;
+          }
+        } else for (f = b.child, null !== f && (f.return = b); null !== f;) {
+          var h = f.dependencies;
+          if (null !== h) {
+            g = f.child;
+            for (var k = h.firstContext; null !== k;) {
+              if (k.context === d) {
+                if (1 === f.tag) {
+                  k = ch(-1, c & -c);
+                  k.tag = 2;
+                  var l = f.updateQueue;
+                  if (null !== l) {
+                    l = l.shared;
+                    var m = l.pending;
+                    null === m ? k.next = k : (k.next = m.next, m.next = k);
+                    l.pending = k;
+                  }
+                }
+                f.lanes |= c;
+                k = f.alternate;
+                null !== k && (k.lanes |= c);
+                Sg(f.return, c, b);
+                h.lanes |= c;
+                break;
+              }
+              k = k.next;
+            }
+          } else if (10 === f.tag) g = f.type === b.type ? null : f.child;else if (18 === f.tag) {
+            g = f.return;
+            if (null === g) throw Error(p(341));
+            g.lanes |= c;
+            h = g.alternate;
+            null !== h && (h.lanes |= c);
+            Sg(g, c, b);
+            g = f.sibling;
+          } else g = f.child;
+          if (null !== g) g.return = f;else for (g = f; null !== g;) {
+            if (g === b) {
+              g = null;
+              break;
+            }
+            f = g.sibling;
+            if (null !== f) {
+              f.return = g.return;
+              g = f;
+              break;
+            }
+            g = g.return;
+          }
+          f = g;
+        }
+        Yi(a, b, e.children, c);
+        b = b.child;
+      }
+      return b;
+    case 9:
+      return e = b.type, d = b.pendingProps.children, Tg(b, c), e = Vg(e), d = d(e), b.flags |= 1, Yi(a, b, d, c), b.child;
+    case 14:
+      return d = b.type, e = Lg(d, b.pendingProps), e = Lg(d.type, e), aj(a, b, d, e, c);
+    case 15:
+      return cj(a, b, b.type, b.pendingProps, c);
+    case 17:
+      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), jj(a, b), b.tag = 1, Zf(d) ? (a = !0, cg(b)) : a = !1, Tg(b, c), ph(b, d, e), rh(b, d, e, c), kj(null, b, d, !0, a, c);
+    case 19:
+      return yj(a, b, c);
+    case 22:
+      return ej(a, b, c);
+  }
+  throw Error(p(156, b.tag));
+};
+function Gk(a, b) {
+  return ac(a, b);
+}
+function al(a, b, c, d) {
+  this.tag = a;
+  this.key = c;
+  this.sibling = this.child = this.return = this.stateNode = this.type = this.elementType = null;
+  this.index = 0;
+  this.ref = null;
+  this.pendingProps = b;
+  this.dependencies = this.memoizedState = this.updateQueue = this.memoizedProps = null;
+  this.mode = d;
+  this.subtreeFlags = this.flags = 0;
+  this.deletions = null;
+  this.childLanes = this.lanes = 0;
+  this.alternate = null;
+}
+function Bg(a, b, c, d) {
+  return new al(a, b, c, d);
+}
+function bj(a) {
+  a = a.prototype;
+  return !(!a || !a.isReactComponent);
+}
+function $k(a) {
+  if ("function" === typeof a) return bj(a) ? 1 : 0;
+  if (void 0 !== a && null !== a) {
+    a = a.$$typeof;
+    if (a === Da) return 11;
+    if (a === Ga) return 14;
+  }
+  return 2;
+}
+function wh(a, b) {
+  var c = a.alternate;
+  null === c ? (c = Bg(a.tag, b, a.key, a.mode), c.elementType = a.elementType, c.type = a.type, c.stateNode = a.stateNode, c.alternate = a, a.alternate = c) : (c.pendingProps = b, c.type = a.type, c.flags = 0, c.subtreeFlags = 0, c.deletions = null);
+  c.flags = a.flags & 14680064;
+  c.childLanes = a.childLanes;
+  c.lanes = a.lanes;
+  c.child = a.child;
+  c.memoizedProps = a.memoizedProps;
+  c.memoizedState = a.memoizedState;
+  c.updateQueue = a.updateQueue;
+  b = a.dependencies;
+  c.dependencies = null === b ? null : {
+    lanes: b.lanes,
+    firstContext: b.firstContext
+  };
+  c.sibling = a.sibling;
+  c.index = a.index;
+  c.ref = a.ref;
+  return c;
+}
+function yh(a, b, c, d, e, f) {
+  var g = 2;
+  d = a;
+  if ("function" === typeof a) bj(a) && (g = 1);else if ("string" === typeof a) g = 5;else a: switch (a) {
+    case ya:
+      return Ah(c.children, e, f, b);
+    case za:
+      g = 8;
+      e |= 8;
+      break;
+    case Aa:
+      return a = Bg(12, c, b, e | 2), a.elementType = Aa, a.lanes = f, a;
+    case Ea:
+      return a = Bg(13, c, b, e), a.elementType = Ea, a.lanes = f, a;
+    case Fa:
+      return a = Bg(19, c, b, e), a.elementType = Fa, a.lanes = f, a;
+    case Ia:
+      return qj(c, e, f, b);
+    default:
+      if ("object" === typeof a && null !== a) switch (a.$$typeof) {
+        case Ba:
+          g = 10;
+          break a;
+        case Ca:
+          g = 9;
+          break a;
+        case Da:
+          g = 11;
+          break a;
+        case Ga:
+          g = 14;
+          break a;
+        case Ha:
+          g = 16;
+          d = null;
+          break a;
+      }
+      throw Error(p(130, null == a ? a : typeof a, ""));
+  }
+  b = Bg(g, c, b, e);
+  b.elementType = a;
+  b.type = d;
+  b.lanes = f;
+  return b;
+}
+function Ah(a, b, c, d) {
+  a = Bg(7, a, d, b);
+  a.lanes = c;
+  return a;
+}
+function qj(a, b, c, d) {
+  a = Bg(22, a, d, b);
+  a.elementType = Ia;
+  a.lanes = c;
+  a.stateNode = {
+    isHidden: !1
+  };
+  return a;
+}
+function xh(a, b, c) {
+  a = Bg(6, a, null, b);
+  a.lanes = c;
+  return a;
+}
+function zh(a, b, c) {
+  b = Bg(4, null !== a.children ? a.children : [], a.key, b);
+  b.lanes = c;
+  b.stateNode = {
+    containerInfo: a.containerInfo,
+    pendingChildren: null,
+    implementation: a.implementation
+  };
+  return b;
+}
+function bl(a, b, c, d, e) {
+  this.tag = b;
+  this.containerInfo = a;
+  this.finishedWork = this.pingCache = this.current = this.pendingChildren = null;
+  this.timeoutHandle = -1;
+  this.callbackNode = this.pendingContext = this.context = null;
+  this.callbackPriority = 0;
+  this.eventTimes = zc(0);
+  this.expirationTimes = zc(-1);
+  this.entangledLanes = this.finishedLanes = this.mutableReadLanes = this.expiredLanes = this.pingedLanes = this.suspendedLanes = this.pendingLanes = 0;
+  this.entanglements = zc(0);
+  this.identifierPrefix = d;
+  this.onRecoverableError = e;
+  this.mutableSourceEagerHydrationData = null;
+}
+function cl(a, b, c, d, e, f, g, h, k) {
+  a = new bl(a, b, c, h, k);
+  1 === b ? (b = 1, !0 === f && (b |= 8)) : b = 0;
+  f = Bg(3, null, null, b);
+  a.current = f;
+  f.stateNode = a;
+  f.memoizedState = {
+    element: d,
+    isDehydrated: c,
+    cache: null,
+    transitions: null,
+    pendingSuspenseBoundaries: null
+  };
+  ah(f);
+  return a;
+}
+function dl(a, b, c) {
+  var d = 3 < arguments.length && void 0 !== arguments[3] ? arguments[3] : null;
+  return {
+    $$typeof: wa,
+    key: null == d ? null : "" + d,
+    children: a,
+    containerInfo: b,
+    implementation: c
+  };
+}
+function el(a) {
+  if (!a) return Vf;
+  a = a._reactInternals;
+  a: {
+    if (Vb(a) !== a || 1 !== a.tag) throw Error(p(170));
+    var b = a;
+    do {
+      switch (b.tag) {
+        case 3:
+          b = b.stateNode.context;
+          break a;
+        case 1:
+          if (Zf(b.type)) {
+            b = b.stateNode.__reactInternalMemoizedMergedChildContext;
+            break a;
+          }
+      }
+      b = b.return;
+    } while (null !== b);
+    throw Error(p(171));
+  }
+  if (1 === a.tag) {
+    var c = a.type;
+    if (Zf(c)) return bg(a, c, b);
+  }
+  return b;
+}
+function fl(a, b, c, d, e, f, g, h, k) {
+  a = cl(c, d, !0, a, e, f, g, h, k);
+  a.context = el(null);
+  c = a.current;
+  d = L();
+  e = lh(c);
+  f = ch(d, e);
+  f.callback = void 0 !== b && null !== b ? b : null;
+  dh(c, f, e);
+  a.current.lanes = e;
+  Ac(a, e, d);
+  Ek(a, d);
+  return a;
+}
+function gl(a, b, c, d) {
+  var e = b.current,
+    f = L(),
+    g = lh(e);
+  c = el(c);
+  null === b.context ? b.context = c : b.pendingContext = c;
+  b = ch(f, g);
+  b.payload = {
+    element: a
+  };
+  d = void 0 === d ? null : d;
+  null !== d && (b.callback = d);
+  a = dh(e, b, g);
+  null !== a && (mh(a, e, g, f), eh(a, e, g));
+  return g;
+}
+function hl(a) {
+  a = a.current;
+  if (!a.child) return null;
+  switch (a.child.tag) {
+    case 5:
+      return a.child.stateNode;
+    default:
+      return a.child.stateNode;
+  }
+}
+function il(a, b) {
+  a = a.memoizedState;
+  if (null !== a && null !== a.dehydrated) {
+    var c = a.retryLane;
+    a.retryLane = 0 !== c && c < b ? c : b;
+  }
+}
+function jl(a, b) {
+  il(a, b);
+  (a = a.alternate) && il(a, b);
+}
+function kl() {
+  return null;
+}
+var ll = "function" === typeof reportError ? reportError : function (a) {
+  console.error(a);
+};
+function ml(a) {
+  this._internalRoot = a;
+}
+nl.prototype.render = ml.prototype.render = function (a) {
+  var b = this._internalRoot;
+  if (null === b) throw Error(p(409));
+  gl(a, b, null, null);
+};
+nl.prototype.unmount = ml.prototype.unmount = function () {
+  var a = this._internalRoot;
+  if (null !== a) {
+    this._internalRoot = null;
+    var b = a.containerInfo;
+    Sk(function () {
+      gl(null, a, null, null);
+    });
+    b[uf] = null;
+  }
+};
+function nl(a) {
+  this._internalRoot = a;
+}
+nl.prototype.unstable_scheduleHydration = function (a) {
+  if (a) {
+    var b = Hc();
+    a = {
+      blockedOn: null,
+      target: a,
+      priority: b
+    };
+    for (var c = 0; c < Qc.length && 0 !== b && b < Qc[c].priority; c++);
+    Qc.splice(c, 0, a);
+    0 === c && Vc(a);
+  }
+};
+function ol(a) {
+  return !(!a || 1 !== a.nodeType && 9 !== a.nodeType && 11 !== a.nodeType);
+}
+function pl(a) {
+  return !(!a || 1 !== a.nodeType && 9 !== a.nodeType && 11 !== a.nodeType && (8 !== a.nodeType || " react-mount-point-unstable " !== a.nodeValue));
+}
+function ql() {}
+function rl(a, b, c, d, e) {
+  if (e) {
+    if ("function" === typeof d) {
+      var f = d;
+      d = function d() {
+        var a = hl(g);
+        f.call(a);
+      };
+    }
+    var g = fl(b, d, a, 0, null, !1, !1, "", ql);
+    a._reactRootContainer = g;
+    a[uf] = g.current;
+    sf(8 === a.nodeType ? a.parentNode : a);
+    Sk();
+    return g;
+  }
+  for (; e = a.lastChild;) a.removeChild(e);
+  if ("function" === typeof d) {
+    var h = d;
+    d = function d() {
+      var a = hl(k);
+      h.call(a);
+    };
+  }
+  var k = cl(a, 0, !1, null, null, !1, !1, "", ql);
+  a._reactRootContainer = k;
+  a[uf] = k.current;
+  sf(8 === a.nodeType ? a.parentNode : a);
+  Sk(function () {
+    gl(b, k, c, d);
+  });
+  return k;
+}
+function sl(a, b, c, d, e) {
+  var f = c._reactRootContainer;
+  if (f) {
+    var g = f;
+    if ("function" === typeof e) {
+      var h = e;
+      e = function e() {
+        var a = hl(g);
+        h.call(a);
+      };
+    }
+    gl(b, g, a, e);
+  } else g = rl(c, b, a, e, d);
+  return hl(g);
+}
+Ec = function Ec(a) {
+  switch (a.tag) {
+    case 3:
+      var b = a.stateNode;
+      if (b.current.memoizedState.isDehydrated) {
+        var c = tc(b.pendingLanes);
+        0 !== c && (Cc(b, c | 1), Ek(b, B()), 0 === (K & 6) && (Hj = B() + 500, jg()));
+      }
+      break;
+    case 13:
+      Sk(function () {
+        var b = Zg(a, 1);
+        if (null !== b) {
+          var c = L();
+          mh(b, a, 1, c);
+        }
+      }), jl(a, 1);
+  }
+};
+Fc = function Fc(a) {
+  if (13 === a.tag) {
+    var b = Zg(a, 134217728);
+    if (null !== b) {
+      var c = L();
+      mh(b, a, 134217728, c);
+    }
+    jl(a, 134217728);
+  }
+};
+Gc = function Gc(a) {
+  if (13 === a.tag) {
+    var b = lh(a),
+      c = Zg(a, b);
+    if (null !== c) {
+      var d = L();
+      mh(c, a, b, d);
+    }
+    jl(a, b);
+  }
+};
+Hc = function Hc() {
+  return C;
+};
+Ic = function Ic(a, b) {
+  var c = C;
+  try {
+    return C = a, b();
+  } finally {
+    C = c;
+  }
+};
+yb = function yb(a, b, c) {
+  switch (b) {
+    case "input":
+      bb(a, c);
+      b = c.name;
+      if ("radio" === c.type && null != b) {
+        for (c = a; c.parentNode;) c = c.parentNode;
+        c = c.querySelectorAll("input[name=" + JSON.stringify("" + b) + '][type="radio"]');
+        for (b = 0; b < c.length; b++) {
+          var d = c[b];
+          if (d !== a && d.form === a.form) {
+            var e = Db(d);
+            if (!e) throw Error(p(90));
+            Wa(d);
+            bb(d, e);
+          }
+        }
+      }
+      break;
+    case "textarea":
+      ib(a, c);
+      break;
+    case "select":
+      b = c.value, null != b && fb(a, !!c.multiple, b, !1);
+  }
+};
+Gb = Rk;
+Hb = Sk;
+var tl = {
+    usingClientEntryPoint: !1,
+    Events: [Cb, ue, Db, Eb, Fb, Rk]
+  },
+  ul = {
+    findFiberByHostInstance: Wc,
+    bundleType: 0,
+    version: "18.2.0",
+    rendererPackageName: "react-dom"
+  };
+var vl = {
+  bundleType: ul.bundleType,
+  version: ul.version,
+  rendererPackageName: ul.rendererPackageName,
+  rendererConfig: ul.rendererConfig,
+  overrideHookState: null,
+  overrideHookStateDeletePath: null,
+  overrideHookStateRenamePath: null,
+  overrideProps: null,
+  overridePropsDeletePath: null,
+  overridePropsRenamePath: null,
+  setErrorHandler: null,
+  setSuspenseHandler: null,
+  scheduleUpdate: null,
+  currentDispatcherRef: ua.ReactCurrentDispatcher,
+  findHostInstanceByFiber: function findHostInstanceByFiber(a) {
+    a = Zb(a);
+    return null === a ? null : a.stateNode;
+  },
+  findFiberByHostInstance: ul.findFiberByHostInstance || kl,
+  findHostInstancesForRefresh: null,
+  scheduleRefresh: null,
+  scheduleRoot: null,
+  setRefreshHandler: null,
+  getCurrentFiber: null,
+  reconcilerVersion: "18.2.0-next-9e3b772b8-20220608"
+};
+if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
+  var wl = __REACT_DEVTOOLS_GLOBAL_HOOK__;
+  if (!wl.isDisabled && wl.supportsFiber) try {
+    kc = wl.inject(vl), lc = wl;
+  } catch (a) {}
+}
+exports.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED = tl;
+exports.createPortal = function (a, b) {
+  var c = 2 < arguments.length && void 0 !== arguments[2] ? arguments[2] : null;
+  if (!ol(b)) throw Error(p(200));
+  return dl(a, b, null, c);
+};
+exports.createRoot = function (a, b) {
+  if (!ol(a)) throw Error(p(299));
+  var c = !1,
+    d = "",
+    e = ll;
+  null !== b && void 0 !== b && (!0 === b.unstable_strictMode && (c = !0), void 0 !== b.identifierPrefix && (d = b.identifierPrefix), void 0 !== b.onRecoverableError && (e = b.onRecoverableError));
+  b = cl(a, 1, !1, null, null, c, !1, d, e);
+  a[uf] = b.current;
+  sf(8 === a.nodeType ? a.parentNode : a);
+  return new ml(b);
+};
+exports.findDOMNode = function (a) {
+  if (null == a) return null;
+  if (1 === a.nodeType) return a;
+  var b = a._reactInternals;
+  if (void 0 === b) {
+    if ("function" === typeof a.render) throw Error(p(188));
+    a = Object.keys(a).join(",");
+    throw Error(p(268, a));
+  }
+  a = Zb(b);
+  a = null === a ? null : a.stateNode;
+  return a;
+};
+exports.flushSync = function (a) {
+  return Sk(a);
+};
+exports.hydrate = function (a, b, c) {
+  if (!pl(b)) throw Error(p(200));
+  return sl(null, a, b, !0, c);
+};
+exports.hydrateRoot = function (a, b, c) {
+  if (!ol(a)) throw Error(p(405));
+  var d = null != c && c.hydratedSources || null,
+    e = !1,
+    f = "",
+    g = ll;
+  null !== c && void 0 !== c && (!0 === c.unstable_strictMode && (e = !0), void 0 !== c.identifierPrefix && (f = c.identifierPrefix), void 0 !== c.onRecoverableError && (g = c.onRecoverableError));
+  b = fl(b, null, a, 1, null != c ? c : null, e, !1, f, g);
+  a[uf] = b.current;
+  sf(a);
+  if (d) for (a = 0; a < d.length; a++) c = d[a], e = c._getVersion, e = e(c._source), null == b.mutableSourceEagerHydrationData ? b.mutableSourceEagerHydrationData = [c, e] : b.mutableSourceEagerHydrationData.push(c, e);
+  return new nl(b);
+};
+exports.render = function (a, b, c) {
+  if (!pl(b)) throw Error(p(200));
+  return sl(null, a, b, !1, c);
+};
+exports.unmountComponentAtNode = function (a) {
+  if (!pl(a)) throw Error(p(40));
+  return a._reactRootContainer ? (Sk(function () {
+    sl(null, null, a, !1, function () {
+      a._reactRootContainer = null;
+      a[uf] = null;
+    });
+  }), !0) : !1;
+};
+exports.unstable_batchedUpdates = Rk;
+exports.unstable_renderSubtreeIntoContainer = function (a, b, c, d) {
+  if (!pl(c)) throw Error(p(200));
+  if (null == a || void 0 === a._reactInternals) throw Error(p(38));
+  return sl(a, b, c, !1, d);
+};
+exports.version = "18.2.0-next-9e3b772b8-20220608";
+
+/***/ }),
+
+/***/ 250:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+"use strict";
+
+
+var m = __webpack_require__(164);
+if (true) {
+  exports.createRoot = m.createRoot;
+  exports.hydrateRoot = m.hydrateRoot;
+} else { var i; }
+
+/***/ }),
+
+/***/ 164:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+function checkDCE() {
+  /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
+  if (typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ === 'undefined' || typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE !== 'function') {
+    return;
+  }
+  if (false) {}
+  try {
+    // Verify that the code above has been dead code eliminated (DCE'd).
+    __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE(checkDCE);
+  } catch (err) {
+    // DevTools shouldn't crash React, no matter what.
+    // We should still report in case we break this code.
+    console.error(err);
+  }
+}
+if (true) {
+  // DCE check should happen before ReactDOM bundle executes so that
+  // DevTools can report bad minification during injection.
+  checkDCE();
+  module.exports = __webpack_require__(463);
+} else {}
+
+/***/ }),
+
+/***/ 372:
+/***/ (function(__unused_webpack_module, exports) {
+
+"use strict";
+var __webpack_unused_export__;
+/**
+ * @license React
+ * react-is.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+
+var b = Symbol.for("react.element"),
+  c = Symbol.for("react.portal"),
+  d = Symbol.for("react.fragment"),
+  e = Symbol.for("react.strict_mode"),
+  f = Symbol.for("react.profiler"),
+  g = Symbol.for("react.provider"),
+  h = Symbol.for("react.context"),
+  k = Symbol.for("react.server_context"),
+  l = Symbol.for("react.forward_ref"),
+  m = Symbol.for("react.suspense"),
+  n = Symbol.for("react.suspense_list"),
+  p = Symbol.for("react.memo"),
+  q = Symbol.for("react.lazy"),
+  t = Symbol.for("react.offscreen"),
+  u;
+u = Symbol.for("react.module.reference");
+function v(a) {
+  if ("object" === typeof a && null !== a) {
+    var r = a.$$typeof;
+    switch (r) {
+      case b:
+        switch (a = a.type, a) {
+          case d:
+          case f:
+          case e:
+          case m:
+          case n:
+            return a;
+          default:
+            switch (a = a && a.$$typeof, a) {
+              case k:
+              case h:
+              case l:
+              case q:
+              case p:
+              case g:
+                return a;
+              default:
+                return r;
+            }
+        }
+      case c:
+        return r;
+    }
+  }
+}
+__webpack_unused_export__ = h;
+__webpack_unused_export__ = g;
+__webpack_unused_export__ = b;
+__webpack_unused_export__ = l;
+__webpack_unused_export__ = d;
+__webpack_unused_export__ = q;
+__webpack_unused_export__ = p;
+__webpack_unused_export__ = c;
+__webpack_unused_export__ = f;
+__webpack_unused_export__ = e;
+__webpack_unused_export__ = m;
+__webpack_unused_export__ = n;
+__webpack_unused_export__ = function () {
+  return !1;
+};
+__webpack_unused_export__ = function () {
+  return !1;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === h;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === g;
+};
+__webpack_unused_export__ = function (a) {
+  return "object" === typeof a && null !== a && a.$$typeof === b;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === l;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === d;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === q;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === p;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === c;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === f;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === e;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === m;
+};
+__webpack_unused_export__ = function (a) {
+  return v(a) === n;
+};
+__webpack_unused_export__ = function (a) {
+  return "string" === typeof a || "function" === typeof a || a === d || a === f || a === e || a === m || a === n || a === t || "object" === typeof a && null !== a && (a.$$typeof === q || a.$$typeof === p || a.$$typeof === g || a.$$typeof === h || a.$$typeof === l || a.$$typeof === u || void 0 !== a.getModuleId) ? !0 : !1;
+};
+__webpack_unused_export__ = v;
+
+/***/ }),
+
+/***/ 441:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+if (true) {
+  /* unused reexport */ __webpack_require__(372);
+} else {}
+
+/***/ }),
+
+/***/ 374:
+/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
+
+"use strict";
+/**
+ * @license React
+ * react-jsx-runtime.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+
+var f = __webpack_require__(791),
+  k = Symbol.for("react.element"),
+  l = Symbol.for("react.fragment"),
+  m = Object.prototype.hasOwnProperty,
+  n = f.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner,
+  p = {
+    key: !0,
+    ref: !0,
+    __self: !0,
+    __source: !0
+  };
+function q(c, a, g) {
+  var b,
+    d = {},
+    e = null,
+    h = null;
+  void 0 !== g && (e = "" + g);
+  void 0 !== a.key && (e = "" + a.key);
+  void 0 !== a.ref && (h = a.ref);
+  for (b in a) m.call(a, b) && !p.hasOwnProperty(b) && (d[b] = a[b]);
+  if (c && c.defaultProps) for (b in a = c.defaultProps, a) void 0 === d[b] && (d[b] = a[b]);
+  return {
+    $$typeof: k,
+    type: c,
+    key: e,
+    ref: h,
+    props: d,
+    _owner: n.current
+  };
+}
+exports.Fragment = l;
+exports.jsx = q;
+exports.jsxs = q;
+
+/***/ }),
+
+/***/ 117:
+/***/ (function(__unused_webpack_module, exports) {
+
+"use strict";
+/**
+ * @license React
+ * react.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+
+var l = Symbol.for("react.element"),
+  n = Symbol.for("react.portal"),
+  p = Symbol.for("react.fragment"),
+  q = Symbol.for("react.strict_mode"),
+  r = Symbol.for("react.profiler"),
+  t = Symbol.for("react.provider"),
+  u = Symbol.for("react.context"),
+  v = Symbol.for("react.forward_ref"),
+  w = Symbol.for("react.suspense"),
+  x = Symbol.for("react.memo"),
+  y = Symbol.for("react.lazy"),
+  z = Symbol.iterator;
+function A(a) {
+  if (null === a || "object" !== typeof a) return null;
+  a = z && a[z] || a["@@iterator"];
+  return "function" === typeof a ? a : null;
+}
+var B = {
+    isMounted: function isMounted() {
+      return !1;
+    },
+    enqueueForceUpdate: function enqueueForceUpdate() {},
+    enqueueReplaceState: function enqueueReplaceState() {},
+    enqueueSetState: function enqueueSetState() {}
+  },
+  C = Object.assign,
+  D = {};
+function E(a, b, e) {
+  this.props = a;
+  this.context = b;
+  this.refs = D;
+  this.updater = e || B;
+}
+E.prototype.isReactComponent = {};
+E.prototype.setState = function (a, b) {
+  if ("object" !== typeof a && "function" !== typeof a && null != a) throw Error("setState(...): takes an object of state variables to update or a function which returns an object of state variables.");
+  this.updater.enqueueSetState(this, a, b, "setState");
+};
+E.prototype.forceUpdate = function (a) {
+  this.updater.enqueueForceUpdate(this, a, "forceUpdate");
+};
+function F() {}
+F.prototype = E.prototype;
+function G(a, b, e) {
+  this.props = a;
+  this.context = b;
+  this.refs = D;
+  this.updater = e || B;
+}
+var H = G.prototype = new F();
+H.constructor = G;
+C(H, E.prototype);
+H.isPureReactComponent = !0;
+var I = Array.isArray,
+  J = Object.prototype.hasOwnProperty,
+  K = {
+    current: null
+  },
+  L = {
+    key: !0,
+    ref: !0,
+    __self: !0,
+    __source: !0
+  };
+function M(a, b, e) {
+  var d,
+    c = {},
+    k = null,
+    h = null;
+  if (null != b) for (d in void 0 !== b.ref && (h = b.ref), void 0 !== b.key && (k = "" + b.key), b) J.call(b, d) && !L.hasOwnProperty(d) && (c[d] = b[d]);
+  var g = arguments.length - 2;
+  if (1 === g) c.children = e;else if (1 < g) {
+    for (var f = Array(g), m = 0; m < g; m++) f[m] = arguments[m + 2];
+    c.children = f;
+  }
+  if (a && a.defaultProps) for (d in g = a.defaultProps, g) void 0 === c[d] && (c[d] = g[d]);
+  return {
+    $$typeof: l,
+    type: a,
+    key: k,
+    ref: h,
+    props: c,
+    _owner: K.current
+  };
+}
+function N(a, b) {
+  return {
+    $$typeof: l,
+    type: a.type,
+    key: b,
+    ref: a.ref,
+    props: a.props,
+    _owner: a._owner
+  };
+}
+function O(a) {
+  return "object" === typeof a && null !== a && a.$$typeof === l;
+}
+function escape(a) {
+  var b = {
+    "=": "=0",
+    ":": "=2"
+  };
+  return "$" + a.replace(/[=:]/g, function (a) {
+    return b[a];
+  });
+}
+var P = /\/+/g;
+function Q(a, b) {
+  return "object" === typeof a && null !== a && null != a.key ? escape("" + a.key) : b.toString(36);
+}
+function R(a, b, e, d, c) {
+  var k = typeof a;
+  if ("undefined" === k || "boolean" === k) a = null;
+  var h = !1;
+  if (null === a) h = !0;else switch (k) {
+    case "string":
+    case "number":
+      h = !0;
+      break;
+    case "object":
+      switch (a.$$typeof) {
+        case l:
+        case n:
+          h = !0;
+      }
+  }
+  if (h) return h = a, c = c(h), a = "" === d ? "." + Q(h, 0) : d, I(c) ? (e = "", null != a && (e = a.replace(P, "$&/") + "/"), R(c, b, e, "", function (a) {
+    return a;
+  })) : null != c && (O(c) && (c = N(c, e + (!c.key || h && h.key === c.key ? "" : ("" + c.key).replace(P, "$&/") + "/") + a)), b.push(c)), 1;
+  h = 0;
+  d = "" === d ? "." : d + ":";
+  if (I(a)) for (var g = 0; g < a.length; g++) {
+    k = a[g];
+    var f = d + Q(k, g);
+    h += R(k, b, e, f, c);
+  } else if (f = A(a), "function" === typeof f) for (a = f.call(a), g = 0; !(k = a.next()).done;) k = k.value, f = d + Q(k, g++), h += R(k, b, e, f, c);else if ("object" === k) throw b = String(a), Error("Objects are not valid as a React child (found: " + ("[object Object]" === b ? "object with keys {" + Object.keys(a).join(", ") + "}" : b) + "). If you meant to render a collection of children, use an array instead.");
+  return h;
+}
+function S(a, b, e) {
+  if (null == a) return a;
+  var d = [],
+    c = 0;
+  R(a, d, "", "", function (a) {
+    return b.call(e, a, c++);
+  });
+  return d;
+}
+function T(a) {
+  if (-1 === a._status) {
+    var b = a._result;
+    b = b();
+    b.then(function (b) {
+      if (0 === a._status || -1 === a._status) a._status = 1, a._result = b;
+    }, function (b) {
+      if (0 === a._status || -1 === a._status) a._status = 2, a._result = b;
+    });
+    -1 === a._status && (a._status = 0, a._result = b);
+  }
+  if (1 === a._status) return a._result.default;
+  throw a._result;
+}
+var U = {
+    current: null
+  },
+  V = {
+    transition: null
+  },
+  W = {
+    ReactCurrentDispatcher: U,
+    ReactCurrentBatchConfig: V,
+    ReactCurrentOwner: K
+  };
+exports.Children = {
+  map: S,
+  forEach: function forEach(a, b, e) {
+    S(a, function () {
+      b.apply(this, arguments);
+    }, e);
+  },
+  count: function count(a) {
+    var b = 0;
+    S(a, function () {
+      b++;
+    });
+    return b;
+  },
+  toArray: function toArray(a) {
+    return S(a, function (a) {
+      return a;
+    }) || [];
+  },
+  only: function only(a) {
+    if (!O(a)) throw Error("React.Children.only expected to receive a single React element child.");
+    return a;
+  }
+};
+exports.Component = E;
+exports.Fragment = p;
+exports.Profiler = r;
+exports.PureComponent = G;
+exports.StrictMode = q;
+exports.Suspense = w;
+exports.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED = W;
+exports.cloneElement = function (a, b, e) {
+  if (null === a || void 0 === a) throw Error("React.cloneElement(...): The argument must be a React element, but you passed " + a + ".");
+  var d = C({}, a.props),
+    c = a.key,
+    k = a.ref,
+    h = a._owner;
+  if (null != b) {
+    void 0 !== b.ref && (k = b.ref, h = K.current);
+    void 0 !== b.key && (c = "" + b.key);
+    if (a.type && a.type.defaultProps) var g = a.type.defaultProps;
+    for (f in b) J.call(b, f) && !L.hasOwnProperty(f) && (d[f] = void 0 === b[f] && void 0 !== g ? g[f] : b[f]);
+  }
+  var f = arguments.length - 2;
+  if (1 === f) d.children = e;else if (1 < f) {
+    g = Array(f);
+    for (var m = 0; m < f; m++) g[m] = arguments[m + 2];
+    d.children = g;
+  }
+  return {
+    $$typeof: l,
+    type: a.type,
+    key: c,
+    ref: k,
+    props: d,
+    _owner: h
+  };
+};
+exports.createContext = function (a) {
+  a = {
+    $$typeof: u,
+    _currentValue: a,
+    _currentValue2: a,
+    _threadCount: 0,
+    Provider: null,
+    Consumer: null,
+    _defaultValue: null,
+    _globalName: null
+  };
+  a.Provider = {
+    $$typeof: t,
+    _context: a
+  };
+  return a.Consumer = a;
+};
+exports.createElement = M;
+exports.createFactory = function (a) {
+  var b = M.bind(null, a);
+  b.type = a;
+  return b;
+};
+exports.createRef = function () {
+  return {
+    current: null
+  };
+};
+exports.forwardRef = function (a) {
+  return {
+    $$typeof: v,
+    render: a
+  };
+};
+exports.isValidElement = O;
+exports.lazy = function (a) {
+  return {
+    $$typeof: y,
+    _payload: {
+      _status: -1,
+      _result: a
+    },
+    _init: T
+  };
+};
+exports.memo = function (a, b) {
+  return {
+    $$typeof: x,
+    type: a,
+    compare: void 0 === b ? null : b
+  };
+};
+exports.startTransition = function (a) {
+  var b = V.transition;
+  V.transition = {};
+  try {
+    a();
+  } finally {
+    V.transition = b;
+  }
+};
+exports.unstable_act = function () {
+  throw Error("act(...) is not supported in production builds of React.");
+};
+exports.useCallback = function (a, b) {
+  return U.current.useCallback(a, b);
+};
+exports.useContext = function (a) {
+  return U.current.useContext(a);
+};
+exports.useDebugValue = function () {};
+exports.useDeferredValue = function (a) {
+  return U.current.useDeferredValue(a);
+};
+exports.useEffect = function (a, b) {
+  return U.current.useEffect(a, b);
+};
+exports.useId = function () {
+  return U.current.useId();
+};
+exports.useImperativeHandle = function (a, b, e) {
+  return U.current.useImperativeHandle(a, b, e);
+};
+exports.useInsertionEffect = function (a, b) {
+  return U.current.useInsertionEffect(a, b);
+};
+exports.useLayoutEffect = function (a, b) {
+  return U.current.useLayoutEffect(a, b);
+};
+exports.useMemo = function (a, b) {
+  return U.current.useMemo(a, b);
+};
+exports.useReducer = function (a, b, e) {
+  return U.current.useReducer(a, b, e);
+};
+exports.useRef = function (a) {
+  return U.current.useRef(a);
+};
+exports.useState = function (a) {
+  return U.current.useState(a);
+};
+exports.useSyncExternalStore = function (a, b, e) {
+  return U.current.useSyncExternalStore(a, b, e);
+};
+exports.useTransition = function () {
+  return U.current.useTransition();
+};
+exports.version = "18.2.0";
+
+/***/ }),
+
+/***/ 791:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+if (true) {
+  module.exports = __webpack_require__(117);
+} else {}
+
+/***/ }),
+
+/***/ 184:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+if (true) {
+  module.exports = __webpack_require__(374);
+} else {}
+
+/***/ }),
+
+/***/ 813:
+/***/ (function(__unused_webpack_module, exports) {
+
+"use strict";
+/**
+ * @license React
+ * scheduler.production.min.js
+ *
+ * Copyright (c) Facebook, Inc. and its affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+
+function f(a, b) {
+  var c = a.length;
+  a.push(b);
+  a: for (; 0 < c;) {
+    var d = c - 1 >>> 1,
+      e = a[d];
+    if (0 < g(e, b)) a[d] = b, a[c] = e, c = d;else break a;
+  }
+}
+function h(a) {
+  return 0 === a.length ? null : a[0];
+}
+function k(a) {
+  if (0 === a.length) return null;
+  var b = a[0],
+    c = a.pop();
+  if (c !== b) {
+    a[0] = c;
+    a: for (var d = 0, e = a.length, w = e >>> 1; d < w;) {
+      var m = 2 * (d + 1) - 1,
+        C = a[m],
+        n = m + 1,
+        x = a[n];
+      if (0 > g(C, c)) n < e && 0 > g(x, C) ? (a[d] = x, a[n] = c, d = n) : (a[d] = C, a[m] = c, d = m);else if (n < e && 0 > g(x, c)) a[d] = x, a[n] = c, d = n;else break a;
+    }
+  }
+  return b;
+}
+function g(a, b) {
+  var c = a.sortIndex - b.sortIndex;
+  return 0 !== c ? c : a.id - b.id;
+}
+if ("object" === typeof performance && "function" === typeof performance.now) {
+  var l = performance;
+  exports.unstable_now = function () {
+    return l.now();
+  };
+} else {
+  var p = Date,
+    q = p.now();
+  exports.unstable_now = function () {
+    return p.now() - q;
+  };
+}
+var r = [],
+  t = [],
+  u = 1,
+  v = null,
+  y = 3,
+  z = !1,
+  A = !1,
+  B = !1,
+  D = "function" === typeof setTimeout ? setTimeout : null,
+  E = "function" === typeof clearTimeout ? clearTimeout : null,
+  F = "undefined" !== typeof setImmediate ? setImmediate : null;
+"undefined" !== typeof navigator && void 0 !== navigator.scheduling && void 0 !== navigator.scheduling.isInputPending && navigator.scheduling.isInputPending.bind(navigator.scheduling);
+function G(a) {
+  for (var b = h(t); null !== b;) {
+    if (null === b.callback) k(t);else if (b.startTime <= a) k(t), b.sortIndex = b.expirationTime, f(r, b);else break;
+    b = h(t);
+  }
+}
+function H(a) {
+  B = !1;
+  G(a);
+  if (!A) if (null !== h(r)) A = !0, I(J);else {
+    var b = h(t);
+    null !== b && K(H, b.startTime - a);
+  }
+}
+function J(a, b) {
+  A = !1;
+  B && (B = !1, E(L), L = -1);
+  z = !0;
+  var c = y;
+  try {
+    G(b);
+    for (v = h(r); null !== v && (!(v.expirationTime > b) || a && !M());) {
+      var d = v.callback;
+      if ("function" === typeof d) {
+        v.callback = null;
+        y = v.priorityLevel;
+        var e = d(v.expirationTime <= b);
+        b = exports.unstable_now();
+        "function" === typeof e ? v.callback = e : v === h(r) && k(r);
+        G(b);
+      } else k(r);
+      v = h(r);
+    }
+    if (null !== v) var w = !0;else {
+      var m = h(t);
+      null !== m && K(H, m.startTime - b);
+      w = !1;
+    }
+    return w;
+  } finally {
+    v = null, y = c, z = !1;
+  }
+}
+var N = !1,
+  O = null,
+  L = -1,
+  P = 5,
+  Q = -1;
+function M() {
+  return exports.unstable_now() - Q < P ? !1 : !0;
+}
+function R() {
+  if (null !== O) {
+    var a = exports.unstable_now();
+    Q = a;
+    var b = !0;
+    try {
+      b = O(!0, a);
+    } finally {
+      b ? S() : (N = !1, O = null);
+    }
+  } else N = !1;
+}
+var S;
+if ("function" === typeof F) S = function S() {
+  F(R);
+};else if ("undefined" !== typeof MessageChannel) {
+  var T = new MessageChannel(),
+    U = T.port2;
+  T.port1.onmessage = R;
+  S = function S() {
+    U.postMessage(null);
+  };
+} else S = function S() {
+  D(R, 0);
+};
+function I(a) {
+  O = a;
+  N || (N = !0, S());
+}
+function K(a, b) {
+  L = D(function () {
+    a(exports.unstable_now());
+  }, b);
+}
+exports.unstable_IdlePriority = 5;
+exports.unstable_ImmediatePriority = 1;
+exports.unstable_LowPriority = 4;
+exports.unstable_NormalPriority = 3;
+exports.unstable_Profiling = null;
+exports.unstable_UserBlockingPriority = 2;
+exports.unstable_cancelCallback = function (a) {
+  a.callback = null;
+};
+exports.unstable_continueExecution = function () {
+  A || z || (A = !0, I(J));
+};
+exports.unstable_forceFrameRate = function (a) {
+  0 > a || 125 < a ? console.error("forceFrameRate takes a positive int between 0 and 125, forcing frame rates higher than 125 fps is not supported") : P = 0 < a ? Math.floor(1E3 / a) : 5;
+};
+exports.unstable_getCurrentPriorityLevel = function () {
+  return y;
+};
+exports.unstable_getFirstCallbackNode = function () {
+  return h(r);
+};
+exports.unstable_next = function (a) {
+  switch (y) {
+    case 1:
+    case 2:
+    case 3:
+      var b = 3;
+      break;
+    default:
+      b = y;
+  }
+  var c = y;
+  y = b;
+  try {
+    return a();
+  } finally {
+    y = c;
+  }
+};
+exports.unstable_pauseExecution = function () {};
+exports.unstable_requestPaint = function () {};
+exports.unstable_runWithPriority = function (a, b) {
+  switch (a) {
+    case 1:
+    case 2:
+    case 3:
+    case 4:
+    case 5:
+      break;
+    default:
+      a = 3;
+  }
+  var c = y;
+  y = a;
+  try {
+    return b();
+  } finally {
+    y = c;
+  }
+};
+exports.unstable_scheduleCallback = function (a, b, c) {
+  var d = exports.unstable_now();
+  "object" === typeof c && null !== c ? (c = c.delay, c = "number" === typeof c && 0 < c ? d + c : d) : c = d;
+  switch (a) {
+    case 1:
+      var e = -1;
+      break;
+    case 2:
+      e = 250;
+      break;
+    case 5:
+      e = 1073741823;
+      break;
+    case 4:
+      e = 1E4;
+      break;
+    default:
+      e = 5E3;
+  }
+  e = c + e;
+  a = {
+    id: u++,
+    callback: b,
+    priorityLevel: a,
+    startTime: c,
+    expirationTime: e,
+    sortIndex: -1
+  };
+  c > d ? (a.sortIndex = c, f(t, a), null === h(r) && a === h(t) && (B ? (E(L), L = -1) : B = !0, K(H, c - d))) : (a.sortIndex = e, f(r, a), A || z || (A = !0, I(J)));
+  return a;
+};
+exports.unstable_shouldYield = M;
+exports.unstable_wrapCallback = function (a) {
+  var b = y;
+  return function () {
+    var c = y;
+    y = b;
+    try {
+      return a.apply(this, arguments);
+    } finally {
+      y = c;
+    }
+  };
+};
+
+/***/ }),
+
+/***/ 296:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+"use strict";
+
+
+if (true) {
+  module.exports = __webpack_require__(813);
+} else {}
+
+/***/ }),
+
+/***/ 897:
+/***/ (function(module) {
+
+function _arrayLikeToArray(arr, len) {
+  if (len == null || len > arr.length) len = arr.length;
+  for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i];
+  return arr2;
+}
+module.exports = _arrayLikeToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 889:
+/***/ (function(module) {
+
+function _arrayWithHoles(arr) {
+  if (Array.isArray(arr)) return arr;
+}
+module.exports = _arrayWithHoles, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 405:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var arrayLikeToArray = __webpack_require__(897);
+function _arrayWithoutHoles(arr) {
+  if (Array.isArray(arr)) return arrayLikeToArray(arr);
+}
+module.exports = _arrayWithoutHoles, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 115:
+/***/ (function(module) {
+
+function _assertThisInitialized(self) {
+  if (self === void 0) {
+    throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
+  }
+  return self;
+}
+module.exports = _assertThisInitialized, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 690:
+/***/ (function(module) {
+
+function _classCallCheck(instance, Constructor) {
+  if (!(instance instanceof Constructor)) {
+    throw new TypeError("Cannot call a class as a function");
+  }
+}
+module.exports = _classCallCheck, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 728:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var toPropertyKey = __webpack_require__(62);
+function _defineProperties(target, props) {
+  for (var i = 0; i < props.length; i++) {
+    var descriptor = props[i];
+    descriptor.enumerable = descriptor.enumerable || false;
+    descriptor.configurable = true;
+    if ("value" in descriptor) descriptor.writable = true;
+    Object.defineProperty(target, toPropertyKey(descriptor.key), descriptor);
+  }
+}
+function _createClass(Constructor, protoProps, staticProps) {
+  if (protoProps) _defineProperties(Constructor.prototype, protoProps);
+  if (staticProps) _defineProperties(Constructor, staticProps);
+  Object.defineProperty(Constructor, "prototype", {
+    writable: false
+  });
+  return Constructor;
+}
+module.exports = _createClass, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 389:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var getPrototypeOf = __webpack_require__(808);
+var isNativeReflectConstruct = __webpack_require__(617);
+var possibleConstructorReturn = __webpack_require__(993);
+function _createSuper(Derived) {
+  var hasNativeReflectConstruct = isNativeReflectConstruct();
+  return function _createSuperInternal() {
+    var Super = getPrototypeOf(Derived),
+      result;
+    if (hasNativeReflectConstruct) {
+      var NewTarget = getPrototypeOf(this).constructor;
+      result = Reflect.construct(Super, arguments, NewTarget);
+    } else {
+      result = Super.apply(this, arguments);
+    }
+    return possibleConstructorReturn(this, result);
+  };
+}
+module.exports = _createSuper, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 808:
+/***/ (function(module) {
+
+function _getPrototypeOf(o) {
+  module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) {
+    return o.__proto__ || Object.getPrototypeOf(o);
+  }, module.exports.__esModule = true, module.exports["default"] = module.exports;
+  return _getPrototypeOf(o);
+}
+module.exports = _getPrototypeOf, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 655:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var setPrototypeOf = __webpack_require__(15);
+function _inherits(subClass, superClass) {
+  if (typeof superClass !== "function" && superClass !== null) {
+    throw new TypeError("Super expression must either be null or a function");
+  }
+  subClass.prototype = Object.create(superClass && superClass.prototype, {
+    constructor: {
+      value: subClass,
+      writable: true,
+      configurable: true
+    }
+  });
+  Object.defineProperty(subClass, "prototype", {
+    writable: false
+  });
+  if (superClass) setPrototypeOf(subClass, superClass);
+}
+module.exports = _inherits, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 617:
+/***/ (function(module) {
+
+function _isNativeReflectConstruct() {
+  if (typeof Reflect === "undefined" || !Reflect.construct) return false;
+  if (Reflect.construct.sham) return false;
+  if (typeof Proxy === "function") return true;
+  try {
+    Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+module.exports = _isNativeReflectConstruct, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 498:
+/***/ (function(module) {
+
+function _iterableToArray(iter) {
+  if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
+}
+module.exports = _iterableToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 872:
+/***/ (function(module) {
+
+function _iterableToArrayLimit(arr, i) {
+  var _i = null == arr ? null : "undefined" != typeof Symbol && arr[Symbol.iterator] || arr["@@iterator"];
+  if (null != _i) {
+    var _s,
+      _e,
+      _x,
+      _r,
+      _arr = [],
+      _n = !0,
+      _d = !1;
+    try {
+      if (_x = (_i = _i.call(arr)).next, 0 === i) {
+        if (Object(_i) !== _i) return;
+        _n = !1;
+      } else for (; !(_n = (_s = _x.call(_i)).done) && (_arr.push(_s.value), _arr.length !== i); _n = !0);
+    } catch (err) {
+      _d = !0, _e = err;
+    } finally {
+      try {
+        if (!_n && null != _i["return"] && (_r = _i["return"](), Object(_r) !== _r)) return;
+      } finally {
+        if (_d) throw _e;
+      }
+    }
+    return _arr;
+  }
+}
+module.exports = _iterableToArrayLimit, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 218:
+/***/ (function(module) {
+
+function _nonIterableRest() {
+  throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+module.exports = _nonIterableRest, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 281:
+/***/ (function(module) {
+
+function _nonIterableSpread() {
+  throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+module.exports = _nonIterableSpread, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 993:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var _typeof = (__webpack_require__(698)["default"]);
+var assertThisInitialized = __webpack_require__(115);
+function _possibleConstructorReturn(self, call) {
+  if (call && (_typeof(call) === "object" || typeof call === "function")) {
+    return call;
+  } else if (call !== void 0) {
+    throw new TypeError("Derived constructors may only return object or undefined");
+  }
+  return assertThisInitialized(self);
+}
+module.exports = _possibleConstructorReturn, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 15:
+/***/ (function(module) {
+
+function _setPrototypeOf(o, p) {
+  module.exports = _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) {
+    o.__proto__ = p;
+    return o;
+  }, module.exports.__esModule = true, module.exports["default"] = module.exports;
+  return _setPrototypeOf(o, p);
+}
+module.exports = _setPrototypeOf, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 424:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var arrayWithHoles = __webpack_require__(889);
+var iterableToArrayLimit = __webpack_require__(872);
+var unsupportedIterableToArray = __webpack_require__(116);
+var nonIterableRest = __webpack_require__(218);
+function _slicedToArray(arr, i) {
+  return arrayWithHoles(arr) || iterableToArrayLimit(arr, i) || unsupportedIterableToArray(arr, i) || nonIterableRest();
+}
+module.exports = _slicedToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 861:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var arrayWithoutHoles = __webpack_require__(405);
+var iterableToArray = __webpack_require__(498);
+var unsupportedIterableToArray = __webpack_require__(116);
+var nonIterableSpread = __webpack_require__(281);
+function _toConsumableArray(arr) {
+  return arrayWithoutHoles(arr) || iterableToArray(arr) || unsupportedIterableToArray(arr) || nonIterableSpread();
+}
+module.exports = _toConsumableArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 36:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var _typeof = (__webpack_require__(698)["default"]);
+function _toPrimitive(input, hint) {
+  if (_typeof(input) !== "object" || input === null) return input;
+  var prim = input[Symbol.toPrimitive];
+  if (prim !== undefined) {
+    var res = prim.call(input, hint || "default");
+    if (_typeof(res) !== "object") return res;
+    throw new TypeError("@@toPrimitive must return a primitive value.");
+  }
+  return (hint === "string" ? String : Number)(input);
+}
+module.exports = _toPrimitive, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 62:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var _typeof = (__webpack_require__(698)["default"]);
+var toPrimitive = __webpack_require__(36);
+function _toPropertyKey(arg) {
+  var key = toPrimitive(arg, "string");
+  return _typeof(key) === "symbol" ? key : String(key);
+}
+module.exports = _toPropertyKey, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 698:
+/***/ (function(module) {
+
+function _typeof(obj) {
+  "@babel/helpers - typeof";
+
+  return (module.exports = _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) {
+    return typeof obj;
+  } : function (obj) {
+    return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
+  }, module.exports.__esModule = true, module.exports["default"] = module.exports), _typeof(obj);
+}
+module.exports = _typeof, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ }),
+
+/***/ 116:
+/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
+
+var arrayLikeToArray = __webpack_require__(897);
+function _unsupportedIterableToArray(o, minLen) {
+  if (!o) return;
+  if (typeof o === "string") return arrayLikeToArray(o, minLen);
+  var n = Object.prototype.toString.call(o).slice(8, -1);
+  if (n === "Object" && o.constructor) n = o.constructor.name;
+  if (n === "Map" || n === "Set") return Array.from(o);
+  if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return arrayLikeToArray(o, minLen);
+}
+module.exports = _unsupportedIterableToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
+
+/***/ })
+
+/******/ 	});
+/************************************************************************/
+/******/ 	// The module cache
+/******/ 	var __webpack_module_cache__ = {};
+/******/ 	
+/******/ 	// The require function
+/******/ 	function __webpack_require__(moduleId) {
+/******/ 		// Check if module is in cache
+/******/ 		var cachedModule = __webpack_module_cache__[moduleId];
+/******/ 		if (cachedModule !== undefined) {
+/******/ 			return cachedModule.exports;
+/******/ 		}
+/******/ 		// Create a new module (and put it into the cache)
+/******/ 		var module = __webpack_module_cache__[moduleId] = {
+/******/ 			id: moduleId,
+/******/ 			loaded: false,
+/******/ 			exports: {}
+/******/ 		};
+/******/ 	
+/******/ 		// Execute the module function
+/******/ 		__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);
+/******/ 	
+/******/ 		// Flag the module as loaded
+/******/ 		module.loaded = true;
+/******/ 	
+/******/ 		// Return the exports of the module
+/******/ 		return module.exports;
+/******/ 	}
+/******/ 	
+/******/ 	// expose the modules object (__webpack_modules__)
+/******/ 	__webpack_require__.m = __webpack_modules__;
+/******/ 	
+/************************************************************************/
+/******/ 	/* webpack/runtime/compat get default export */
+/******/ 	!function() {
+/******/ 		// getDefaultExport function for compatibility with non-harmony modules
+/******/ 		__webpack_require__.n = function(module) {
+/******/ 			var getter = module && module.__esModule ?
+/******/ 				function() { return module['default']; } :
+/******/ 				function() { return module; };
+/******/ 			__webpack_require__.d(getter, { a: getter });
+/******/ 			return getter;
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/create fake namespace object */
+/******/ 	!function() {
+/******/ 		var getProto = Object.getPrototypeOf ? function(obj) { return Object.getPrototypeOf(obj); } : function(obj) { return obj.__proto__; };
+/******/ 		var leafPrototypes;
+/******/ 		// create a fake namespace object
+/******/ 		// mode & 1: value is a module id, require it
+/******/ 		// mode & 2: merge all properties of value into the ns
+/******/ 		// mode & 4: return value when already ns object
+/******/ 		// mode & 16: return value when it's Promise-like
+/******/ 		// mode & 8|1: behave like require
+/******/ 		__webpack_require__.t = function(value, mode) {
+/******/ 			if(mode & 1) value = this(value);
+/******/ 			if(mode & 8) return value;
+/******/ 			if(typeof value === 'object' && value) {
+/******/ 				if((mode & 4) && value.__esModule) return value;
+/******/ 				if((mode & 16) && typeof value.then === 'function') return value;
+/******/ 			}
+/******/ 			var ns = Object.create(null);
+/******/ 			__webpack_require__.r(ns);
+/******/ 			var def = {};
+/******/ 			leafPrototypes = leafPrototypes || [null, getProto({}), getProto([]), getProto(getProto)];
+/******/ 			for(var current = mode & 2 && value; typeof current == 'object' && !~leafPrototypes.indexOf(current); current = getProto(current)) {
+/******/ 				Object.getOwnPropertyNames(current).forEach(function(key) { def[key] = function() { return value[key]; }; });
+/******/ 			}
+/******/ 			def['default'] = function() { return value; };
+/******/ 			__webpack_require__.d(ns, def);
+/******/ 			return ns;
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/define property getters */
+/******/ 	!function() {
+/******/ 		// define getter functions for harmony exports
+/******/ 		__webpack_require__.d = function(exports, definition) {
+/******/ 			for(var key in definition) {
+/******/ 				if(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {
+/******/ 					Object.defineProperty(exports, key, { enumerable: true, get: definition[key] });
+/******/ 				}
+/******/ 			}
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/ensure chunk */
+/******/ 	!function() {
+/******/ 		__webpack_require__.f = {};
+/******/ 		// This file contains only the entry chunk.
+/******/ 		// The chunk loading function for additional chunks
+/******/ 		__webpack_require__.e = function(chunkId) {
+/******/ 			return Promise.all(Object.keys(__webpack_require__.f).reduce(function(promises, key) {
+/******/ 				__webpack_require__.f[key](chunkId, promises);
+/******/ 				return promises;
+/******/ 			}, []));
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/get javascript chunk filename */
+/******/ 	!function() {
+/******/ 		// This function allow to reference async chunks
+/******/ 		__webpack_require__.u = function(chunkId) {
+/******/ 			// return url for filenames based on template
+/******/ 			return "static/js/" + chunkId + "." + "98a1313e" + ".chunk.js";
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/get mini-css chunk filename */
+/******/ 	!function() {
+/******/ 		// This function allow to reference async chunks
+/******/ 		__webpack_require__.miniCssF = function(chunkId) {
+/******/ 			// return url for filenames based on template
+/******/ 			return undefined;
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/global */
+/******/ 	!function() {
+/******/ 		__webpack_require__.g = (function() {
+/******/ 			if (typeof globalThis === 'object') return globalThis;
+/******/ 			try {
+/******/ 				return this || new Function('return this')();
+/******/ 			} catch (e) {
+/******/ 				if (typeof window === 'object') return window;
+/******/ 			}
+/******/ 		})();
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/hasOwnProperty shorthand */
+/******/ 	!function() {
+/******/ 		__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/load script */
+/******/ 	!function() {
+/******/ 		var inProgress = {};
+/******/ 		var dataWebpackPrefix = "kluctl-webui:";
+/******/ 		// loadScript function to load a script via script tag
+/******/ 		__webpack_require__.l = function(url, done, key, chunkId) {
+/******/ 			if(inProgress[url]) { inProgress[url].push(done); return; }
+/******/ 			var script, needAttach;
+/******/ 			if(key !== undefined) {
+/******/ 				var scripts = document.getElementsByTagName("script");
+/******/ 				for(var i = 0; i < scripts.length; i++) {
+/******/ 					var s = scripts[i];
+/******/ 					if(s.getAttribute("src") == url || s.getAttribute("data-webpack") == dataWebpackPrefix + key) { script = s; break; }
+/******/ 				}
+/******/ 			}
+/******/ 			if(!script) {
+/******/ 				needAttach = true;
+/******/ 				script = document.createElement('script');
+/******/ 		
+/******/ 				script.charset = 'utf-8';
+/******/ 				script.timeout = 120;
+/******/ 				if (__webpack_require__.nc) {
+/******/ 					script.setAttribute("nonce", __webpack_require__.nc);
+/******/ 				}
+/******/ 				script.setAttribute("data-webpack", dataWebpackPrefix + key);
+/******/ 				script.src = url;
+/******/ 			}
+/******/ 			inProgress[url] = [done];
+/******/ 			var onScriptComplete = function(prev, event) {
+/******/ 				// avoid mem leaks in IE.
+/******/ 				script.onerror = script.onload = null;
+/******/ 				clearTimeout(timeout);
+/******/ 				var doneFns = inProgress[url];
+/******/ 				delete inProgress[url];
+/******/ 				script.parentNode && script.parentNode.removeChild(script);
+/******/ 				doneFns && doneFns.forEach(function(fn) { return fn(event); });
+/******/ 				if(prev) return prev(event);
+/******/ 			}
+/******/ 			var timeout = setTimeout(onScriptComplete.bind(null, undefined, { type: 'timeout', target: script }), 120000);
+/******/ 			script.onerror = onScriptComplete.bind(null, script.onerror);
+/******/ 			script.onload = onScriptComplete.bind(null, script.onload);
+/******/ 			needAttach && document.head.appendChild(script);
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/make namespace object */
+/******/ 	!function() {
+/******/ 		// define __esModule on exports
+/******/ 		__webpack_require__.r = function(exports) {
+/******/ 			if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
+/******/ 				Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+/******/ 			}
+/******/ 			Object.defineProperty(exports, '__esModule', { value: true });
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/node module decorator */
+/******/ 	!function() {
+/******/ 		__webpack_require__.nmd = function(module) {
+/******/ 			module.paths = [];
+/******/ 			if (!module.children) module.children = [];
+/******/ 			return module;
+/******/ 		};
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/publicPath */
+/******/ 	!function() {
+/******/ 		__webpack_require__.p = "./";
+/******/ 	}();
+/******/ 	
+/******/ 	/* webpack/runtime/jsonp chunk loading */
+/******/ 	!function() {
+/******/ 		// no baseURI
+/******/ 		
+/******/ 		// object to store loaded and loading chunks
+/******/ 		// undefined = chunk not loaded, null = chunk preloaded/prefetched
+/******/ 		// [resolve, reject, Promise] = chunk loading, 0 = chunk loaded
+/******/ 		var installedChunks = {
+/******/ 			179: 0
+/******/ 		};
+/******/ 		
+/******/ 		__webpack_require__.f.j = function(chunkId, promises) {
+/******/ 				// JSONP chunk loading for javascript
+/******/ 				var installedChunkData = __webpack_require__.o(installedChunks, chunkId) ? installedChunks[chunkId] : undefined;
+/******/ 				if(installedChunkData !== 0) { // 0 means "already installed".
+/******/ 		
+/******/ 					// a Promise means "currently loading".
+/******/ 					if(installedChunkData) {
+/******/ 						promises.push(installedChunkData[2]);
+/******/ 					} else {
+/******/ 						if(true) { // all chunks have JS
+/******/ 							// setup Promise in chunk cache
+/******/ 							var promise = new Promise(function(resolve, reject) { installedChunkData = installedChunks[chunkId] = [resolve, reject]; });
+/******/ 							promises.push(installedChunkData[2] = promise);
+/******/ 		
+/******/ 							// start chunk loading
+/******/ 							var url = __webpack_require__.p + __webpack_require__.u(chunkId);
+/******/ 							// create error before stack unwound to get useful stacktrace later
+/******/ 							var error = new Error();
+/******/ 							var loadingEnded = function(event) {
+/******/ 								if(__webpack_require__.o(installedChunks, chunkId)) {
+/******/ 									installedChunkData = installedChunks[chunkId];
+/******/ 									if(installedChunkData !== 0) installedChunks[chunkId] = undefined;
+/******/ 									if(installedChunkData) {
+/******/ 										var errorType = event && (event.type === 'load' ? 'missing' : event.type);
+/******/ 										var realSrc = event && event.target && event.target.src;
+/******/ 										error.message = 'Loading chunk ' + chunkId + ' failed.\n(' + errorType + ': ' + realSrc + ')';
+/******/ 										error.name = 'ChunkLoadError';
+/******/ 										error.type = errorType;
+/******/ 										error.request = realSrc;
+/******/ 										installedChunkData[1](error);
+/******/ 									}
+/******/ 								}
+/******/ 							};
+/******/ 							__webpack_require__.l(url, loadingEnded, "chunk-" + chunkId, chunkId);
+/******/ 						}
+/******/ 					}
+/******/ 				}
+/******/ 		};
+/******/ 		
+/******/ 		// no prefetching
+/******/ 		
+/******/ 		// no preloaded
+/******/ 		
+/******/ 		// no HMR
+/******/ 		
+/******/ 		// no HMR manifest
+/******/ 		
+/******/ 		// no on chunks loaded
+/******/ 		
+/******/ 		// install a JSONP callback for chunk loading
+/******/ 		var webpackJsonpCallback = function(parentChunkLoadingFunction, data) {
+/******/ 			var chunkIds = data[0];
+/******/ 			var moreModules = data[1];
+/******/ 			var runtime = data[2];
+/******/ 			// add "moreModules" to the modules object,
+/******/ 			// then flag all "chunkIds" as loaded and fire callback
+/******/ 			var moduleId, chunkId, i = 0;
+/******/ 			if(chunkIds.some(function(id) { return installedChunks[id] !== 0; })) {
+/******/ 				for(moduleId in moreModules) {
+/******/ 					if(__webpack_require__.o(moreModules, moduleId)) {
+/******/ 						__webpack_require__.m[moduleId] = moreModules[moduleId];
+/******/ 					}
+/******/ 				}
+/******/ 				if(runtime) var result = runtime(__webpack_require__);
+/******/ 			}
+/******/ 			if(parentChunkLoadingFunction) parentChunkLoadingFunction(data);
+/******/ 			for(;i < chunkIds.length; i++) {
+/******/ 				chunkId = chunkIds[i];
+/******/ 				if(__webpack_require__.o(installedChunks, chunkId) && installedChunks[chunkId]) {
+/******/ 					installedChunks[chunkId][0]();
+/******/ 				}
+/******/ 				installedChunks[chunkId] = 0;
+/******/ 			}
+/******/ 		
+/******/ 		}
+/******/ 		
+/******/ 		var chunkLoadingGlobal = self["webpackChunkkluctl_webui"] = self["webpackChunkkluctl_webui"] || [];
+/******/ 		chunkLoadingGlobal.forEach(webpackJsonpCallback.bind(null, 0));
+/******/ 		chunkLoadingGlobal.push = webpackJsonpCallback.bind(null, chunkLoadingGlobal.push.bind(chunkLoadingGlobal));
+/******/ 	}();
+/******/ 	
+/************************************************************************/
+var __webpack_exports__ = {};
+// This entry need to be wrapped in an IIFE because it need to be in strict mode.
+!function() {
+"use strict";
+
+// EXTERNAL MODULE: ./node_modules/react/index.js
+var react = __webpack_require__(791);
+var react_namespaceObject = /*#__PURE__*/__webpack_require__.t(react, 2);
+// EXTERNAL MODULE: ./node_modules/react-dom/client.js
+var client = __webpack_require__(250);
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayWithHoles.js
+function _arrayWithHoles(arr) {
+  if (Array.isArray(arr)) return arr;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/iterableToArrayLimit.js
+function _iterableToArrayLimit(arr, i) {
+  var _i = null == arr ? null : "undefined" != typeof Symbol && arr[Symbol.iterator] || arr["@@iterator"];
+  if (null != _i) {
+    var _s,
+      _e,
+      _x,
+      _r,
+      _arr = [],
+      _n = !0,
+      _d = !1;
+    try {
+      if (_x = (_i = _i.call(arr)).next, 0 === i) {
+        if (Object(_i) !== _i) return;
+        _n = !1;
+      } else for (; !(_n = (_s = _x.call(_i)).done) && (_arr.push(_s.value), _arr.length !== i); _n = !0);
+    } catch (err) {
+      _d = !0, _e = err;
+    } finally {
+      try {
+        if (!_n && null != _i["return"] && (_r = _i["return"](), Object(_r) !== _r)) return;
+      } finally {
+        if (_d) throw _e;
+      }
+    }
+    return _arr;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayLikeToArray.js
+function _arrayLikeToArray(arr, len) {
+  if (len == null || len > arr.length) len = arr.length;
+  for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i];
+  return arr2;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/unsupportedIterableToArray.js
+
+function _unsupportedIterableToArray(o, minLen) {
+  if (!o) return;
+  if (typeof o === "string") return _arrayLikeToArray(o, minLen);
+  var n = Object.prototype.toString.call(o).slice(8, -1);
+  if (n === "Object" && o.constructor) n = o.constructor.name;
+  if (n === "Map" || n === "Set") return Array.from(o);
+  if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/nonIterableRest.js
+function _nonIterableRest() {
+  throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/slicedToArray.js
+
+
+
+
+function slicedToArray_slicedToArray(arr, i) {
+  return _arrayWithHoles(arr) || _iterableToArrayLimit(arr, i) || _unsupportedIterableToArray(arr, i) || _nonIterableRest();
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/classCallCheck.js
+function classCallCheck_classCallCheck(instance, Constructor) {
+  if (!(instance instanceof Constructor)) {
+    throw new TypeError("Cannot call a class as a function");
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/typeof.js
+function _typeof(obj) {
+  "@babel/helpers - typeof";
+
+  return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) {
+    return typeof obj;
+  } : function (obj) {
+    return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
+  }, _typeof(obj);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toPrimitive.js
+
+function _toPrimitive(input, hint) {
+  if (_typeof(input) !== "object" || input === null) return input;
+  var prim = input[Symbol.toPrimitive];
+  if (prim !== undefined) {
+    var res = prim.call(input, hint || "default");
+    if (_typeof(res) !== "object") return res;
+    throw new TypeError("@@toPrimitive must return a primitive value.");
+  }
+  return (hint === "string" ? String : Number)(input);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toPropertyKey.js
+
+
+function _toPropertyKey(arg) {
+  var key = _toPrimitive(arg, "string");
+  return _typeof(key) === "symbol" ? key : String(key);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createClass.js
+
+function _defineProperties(target, props) {
+  for (var i = 0; i < props.length; i++) {
+    var descriptor = props[i];
+    descriptor.enumerable = descriptor.enumerable || false;
+    descriptor.configurable = true;
+    if ("value" in descriptor) descriptor.writable = true;
+    Object.defineProperty(target, _toPropertyKey(descriptor.key), descriptor);
+  }
+}
+function createClass_createClass(Constructor, protoProps, staticProps) {
+  if (protoProps) _defineProperties(Constructor.prototype, protoProps);
+  if (staticProps) _defineProperties(Constructor, staticProps);
+  Object.defineProperty(Constructor, "prototype", {
+    writable: false
+  });
+  return Constructor;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/setPrototypeOf.js
+function _setPrototypeOf(o, p) {
+  _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) {
+    o.__proto__ = p;
+    return o;
+  };
+  return _setPrototypeOf(o, p);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/inherits.js
+
+function _inherits(subClass, superClass) {
+  if (typeof superClass !== "function" && superClass !== null) {
+    throw new TypeError("Super expression must either be null or a function");
+  }
+  subClass.prototype = Object.create(superClass && superClass.prototype, {
+    constructor: {
+      value: subClass,
+      writable: true,
+      configurable: true
+    }
+  });
+  Object.defineProperty(subClass, "prototype", {
+    writable: false
+  });
+  if (superClass) _setPrototypeOf(subClass, superClass);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/getPrototypeOf.js
+function _getPrototypeOf(o) {
+  _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) {
+    return o.__proto__ || Object.getPrototypeOf(o);
+  };
+  return _getPrototypeOf(o);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/isNativeReflectConstruct.js
+function _isNativeReflectConstruct() {
+  if (typeof Reflect === "undefined" || !Reflect.construct) return false;
+  if (Reflect.construct.sham) return false;
+  if (typeof Proxy === "function") return true;
+  try {
+    Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/assertThisInitialized.js
+function _assertThisInitialized(self) {
+  if (self === void 0) {
+    throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
+  }
+  return self;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/possibleConstructorReturn.js
+
+
+function _possibleConstructorReturn(self, call) {
+  if (call && (_typeof(call) === "object" || typeof call === "function")) {
+    return call;
+  } else if (call !== void 0) {
+    throw new TypeError("Derived constructors may only return object or undefined");
+  }
+  return _assertThisInitialized(self);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createSuper.js
+
+
+
+function _createSuper(Derived) {
+  var hasNativeReflectConstruct = _isNativeReflectConstruct();
+  return function _createSuperInternal() {
+    var Super = _getPrototypeOf(Derived),
+      result;
+    if (hasNativeReflectConstruct) {
+      var NewTarget = _getPrototypeOf(this).constructor;
+      result = Reflect.construct(Super, arguments, NewTarget);
+    } else {
+      result = Super.apply(this, arguments);
+    }
+    return _possibleConstructorReturn(this, result);
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/regeneratorRuntime.js
+
+function regeneratorRuntime_regeneratorRuntime() {
+  "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */
+  regeneratorRuntime_regeneratorRuntime = function _regeneratorRuntime() {
+    return exports;
+  };
+  var exports = {},
+    Op = Object.prototype,
+    hasOwn = Op.hasOwnProperty,
+    defineProperty = Object.defineProperty || function (obj, key, desc) {
+      obj[key] = desc.value;
+    },
+    $Symbol = "function" == typeof Symbol ? Symbol : {},
+    iteratorSymbol = $Symbol.iterator || "@@iterator",
+    asyncIteratorSymbol = $Symbol.asyncIterator || "@@asyncIterator",
+    toStringTagSymbol = $Symbol.toStringTag || "@@toStringTag";
+  function define(obj, key, value) {
+    return Object.defineProperty(obj, key, {
+      value: value,
+      enumerable: !0,
+      configurable: !0,
+      writable: !0
+    }), obj[key];
+  }
+  try {
+    define({}, "");
+  } catch (err) {
+    define = function define(obj, key, value) {
+      return obj[key] = value;
+    };
+  }
+  function wrap(innerFn, outerFn, self, tryLocsList) {
+    var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator,
+      generator = Object.create(protoGenerator.prototype),
+      context = new Context(tryLocsList || []);
+    return defineProperty(generator, "_invoke", {
+      value: makeInvokeMethod(innerFn, self, context)
+    }), generator;
+  }
+  function tryCatch(fn, obj, arg) {
+    try {
+      return {
+        type: "normal",
+        arg: fn.call(obj, arg)
+      };
+    } catch (err) {
+      return {
+        type: "throw",
+        arg: err
+      };
+    }
+  }
+  exports.wrap = wrap;
+  var ContinueSentinel = {};
+  function Generator() {}
+  function GeneratorFunction() {}
+  function GeneratorFunctionPrototype() {}
+  var IteratorPrototype = {};
+  define(IteratorPrototype, iteratorSymbol, function () {
+    return this;
+  });
+  var getProto = Object.getPrototypeOf,
+    NativeIteratorPrototype = getProto && getProto(getProto(values([])));
+  NativeIteratorPrototype && NativeIteratorPrototype !== Op && hasOwn.call(NativeIteratorPrototype, iteratorSymbol) && (IteratorPrototype = NativeIteratorPrototype);
+  var Gp = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(IteratorPrototype);
+  function defineIteratorMethods(prototype) {
+    ["next", "throw", "return"].forEach(function (method) {
+      define(prototype, method, function (arg) {
+        return this._invoke(method, arg);
+      });
+    });
+  }
+  function AsyncIterator(generator, PromiseImpl) {
+    function invoke(method, arg, resolve, reject) {
+      var record = tryCatch(generator[method], generator, arg);
+      if ("throw" !== record.type) {
+        var result = record.arg,
+          value = result.value;
+        return value && "object" == _typeof(value) && hasOwn.call(value, "__await") ? PromiseImpl.resolve(value.__await).then(function (value) {
+          invoke("next", value, resolve, reject);
+        }, function (err) {
+          invoke("throw", err, resolve, reject);
+        }) : PromiseImpl.resolve(value).then(function (unwrapped) {
+          result.value = unwrapped, resolve(result);
+        }, function (error) {
+          return invoke("throw", error, resolve, reject);
+        });
+      }
+      reject(record.arg);
+    }
+    var previousPromise;
+    defineProperty(this, "_invoke", {
+      value: function value(method, arg) {
+        function callInvokeWithMethodAndArg() {
+          return new PromiseImpl(function (resolve, reject) {
+            invoke(method, arg, resolve, reject);
+          });
+        }
+        return previousPromise = previousPromise ? previousPromise.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg();
+      }
+    });
+  }
+  function makeInvokeMethod(innerFn, self, context) {
+    var state = "suspendedStart";
+    return function (method, arg) {
+      if ("executing" === state) throw new Error("Generator is already running");
+      if ("completed" === state) {
+        if ("throw" === method) throw arg;
+        return doneResult();
+      }
+      for (context.method = method, context.arg = arg;;) {
+        var delegate = context.delegate;
+        if (delegate) {
+          var delegateResult = maybeInvokeDelegate(delegate, context);
+          if (delegateResult) {
+            if (delegateResult === ContinueSentinel) continue;
+            return delegateResult;
+          }
+        }
+        if ("next" === context.method) context.sent = context._sent = context.arg;else if ("throw" === context.method) {
+          if ("suspendedStart" === state) throw state = "completed", context.arg;
+          context.dispatchException(context.arg);
+        } else "return" === context.method && context.abrupt("return", context.arg);
+        state = "executing";
+        var record = tryCatch(innerFn, self, context);
+        if ("normal" === record.type) {
+          if (state = context.done ? "completed" : "suspendedYield", record.arg === ContinueSentinel) continue;
+          return {
+            value: record.arg,
+            done: context.done
+          };
+        }
+        "throw" === record.type && (state = "completed", context.method = "throw", context.arg = record.arg);
+      }
+    };
+  }
+  function maybeInvokeDelegate(delegate, context) {
+    var methodName = context.method,
+      method = delegate.iterator[methodName];
+    if (undefined === method) return context.delegate = null, "throw" === methodName && delegate.iterator["return"] && (context.method = "return", context.arg = undefined, maybeInvokeDelegate(delegate, context), "throw" === context.method) || "return" !== methodName && (context.method = "throw", context.arg = new TypeError("The iterator does not provide a '" + methodName + "' method")), ContinueSentinel;
+    var record = tryCatch(method, delegate.iterator, context.arg);
+    if ("throw" === record.type) return context.method = "throw", context.arg = record.arg, context.delegate = null, ContinueSentinel;
+    var info = record.arg;
+    return info ? info.done ? (context[delegate.resultName] = info.value, context.next = delegate.nextLoc, "return" !== context.method && (context.method = "next", context.arg = undefined), context.delegate = null, ContinueSentinel) : info : (context.method = "throw", context.arg = new TypeError("iterator result is not an object"), context.delegate = null, ContinueSentinel);
+  }
+  function pushTryEntry(locs) {
+    var entry = {
+      tryLoc: locs[0]
+    };
+    1 in locs && (entry.catchLoc = locs[1]), 2 in locs && (entry.finallyLoc = locs[2], entry.afterLoc = locs[3]), this.tryEntries.push(entry);
+  }
+  function resetTryEntry(entry) {
+    var record = entry.completion || {};
+    record.type = "normal", delete record.arg, entry.completion = record;
+  }
+  function Context(tryLocsList) {
+    this.tryEntries = [{
+      tryLoc: "root"
+    }], tryLocsList.forEach(pushTryEntry, this), this.reset(!0);
+  }
+  function values(iterable) {
+    if (iterable) {
+      var iteratorMethod = iterable[iteratorSymbol];
+      if (iteratorMethod) return iteratorMethod.call(iterable);
+      if ("function" == typeof iterable.next) return iterable;
+      if (!isNaN(iterable.length)) {
+        var i = -1,
+          next = function next() {
+            for (; ++i < iterable.length;) if (hasOwn.call(iterable, i)) return next.value = iterable[i], next.done = !1, next;
+            return next.value = undefined, next.done = !0, next;
+          };
+        return next.next = next;
+      }
+    }
+    return {
+      next: doneResult
+    };
+  }
+  function doneResult() {
+    return {
+      value: undefined,
+      done: !0
+    };
+  }
+  return GeneratorFunction.prototype = GeneratorFunctionPrototype, defineProperty(Gp, "constructor", {
+    value: GeneratorFunctionPrototype,
+    configurable: !0
+  }), defineProperty(GeneratorFunctionPrototype, "constructor", {
+    value: GeneratorFunction,
+    configurable: !0
+  }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, toStringTagSymbol, "GeneratorFunction"), exports.isGeneratorFunction = function (genFun) {
+    var ctor = "function" == typeof genFun && genFun.constructor;
+    return !!ctor && (ctor === GeneratorFunction || "GeneratorFunction" === (ctor.displayName || ctor.name));
+  }, exports.mark = function (genFun) {
+    return Object.setPrototypeOf ? Object.setPrototypeOf(genFun, GeneratorFunctionPrototype) : (genFun.__proto__ = GeneratorFunctionPrototype, define(genFun, toStringTagSymbol, "GeneratorFunction")), genFun.prototype = Object.create(Gp), genFun;
+  }, exports.awrap = function (arg) {
+    return {
+      __await: arg
+    };
+  }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, asyncIteratorSymbol, function () {
+    return this;
+  }), exports.AsyncIterator = AsyncIterator, exports.async = function (innerFn, outerFn, self, tryLocsList, PromiseImpl) {
+    void 0 === PromiseImpl && (PromiseImpl = Promise);
+    var iter = new AsyncIterator(wrap(innerFn, outerFn, self, tryLocsList), PromiseImpl);
+    return exports.isGeneratorFunction(outerFn) ? iter : iter.next().then(function (result) {
+      return result.done ? result.value : iter.next();
+    });
+  }, defineIteratorMethods(Gp), define(Gp, toStringTagSymbol, "Generator"), define(Gp, iteratorSymbol, function () {
+    return this;
+  }), define(Gp, "toString", function () {
+    return "[object Generator]";
+  }), exports.keys = function (val) {
+    var object = Object(val),
+      keys = [];
+    for (var key in object) keys.push(key);
+    return keys.reverse(), function next() {
+      for (; keys.length;) {
+        var key = keys.pop();
+        if (key in object) return next.value = key, next.done = !1, next;
+      }
+      return next.done = !0, next;
+    };
+  }, exports.values = values, Context.prototype = {
+    constructor: Context,
+    reset: function reset(skipTempReset) {
+      if (this.prev = 0, this.next = 0, this.sent = this._sent = undefined, this.done = !1, this.delegate = null, this.method = "next", this.arg = undefined, this.tryEntries.forEach(resetTryEntry), !skipTempReset) for (var name in this) "t" === name.charAt(0) && hasOwn.call(this, name) && !isNaN(+name.slice(1)) && (this[name] = undefined);
+    },
+    stop: function stop() {
+      this.done = !0;
+      var rootRecord = this.tryEntries[0].completion;
+      if ("throw" === rootRecord.type) throw rootRecord.arg;
+      return this.rval;
+    },
+    dispatchException: function dispatchException(exception) {
+      if (this.done) throw exception;
+      var context = this;
+      function handle(loc, caught) {
+        return record.type = "throw", record.arg = exception, context.next = loc, caught && (context.method = "next", context.arg = undefined), !!caught;
+      }
+      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
+        var entry = this.tryEntries[i],
+          record = entry.completion;
+        if ("root" === entry.tryLoc) return handle("end");
+        if (entry.tryLoc <= this.prev) {
+          var hasCatch = hasOwn.call(entry, "catchLoc"),
+            hasFinally = hasOwn.call(entry, "finallyLoc");
+          if (hasCatch && hasFinally) {
+            if (this.prev < entry.catchLoc) return handle(entry.catchLoc, !0);
+            if (this.prev < entry.finallyLoc) return handle(entry.finallyLoc);
+          } else if (hasCatch) {
+            if (this.prev < entry.catchLoc) return handle(entry.catchLoc, !0);
+          } else {
+            if (!hasFinally) throw new Error("try statement without catch or finally");
+            if (this.prev < entry.finallyLoc) return handle(entry.finallyLoc);
+          }
+        }
+      }
+    },
+    abrupt: function abrupt(type, arg) {
+      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
+        var entry = this.tryEntries[i];
+        if (entry.tryLoc <= this.prev && hasOwn.call(entry, "finallyLoc") && this.prev < entry.finallyLoc) {
+          var finallyEntry = entry;
+          break;
+        }
+      }
+      finallyEntry && ("break" === type || "continue" === type) && finallyEntry.tryLoc <= arg && arg <= finallyEntry.finallyLoc && (finallyEntry = null);
+      var record = finallyEntry ? finallyEntry.completion : {};
+      return record.type = type, record.arg = arg, finallyEntry ? (this.method = "next", this.next = finallyEntry.finallyLoc, ContinueSentinel) : this.complete(record);
+    },
+    complete: function complete(record, afterLoc) {
+      if ("throw" === record.type) throw record.arg;
+      return "break" === record.type || "continue" === record.type ? this.next = record.arg : "return" === record.type ? (this.rval = this.arg = record.arg, this.method = "return", this.next = "end") : "normal" === record.type && afterLoc && (this.next = afterLoc), ContinueSentinel;
+    },
+    finish: function finish(finallyLoc) {
+      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
+        var entry = this.tryEntries[i];
+        if (entry.finallyLoc === finallyLoc) return this.complete(entry.completion, entry.afterLoc), resetTryEntry(entry), ContinueSentinel;
+      }
+    },
+    "catch": function _catch(tryLoc) {
+      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
+        var entry = this.tryEntries[i];
+        if (entry.tryLoc === tryLoc) {
+          var record = entry.completion;
+          if ("throw" === record.type) {
+            var thrown = record.arg;
+            resetTryEntry(entry);
+          }
+          return thrown;
+        }
+      }
+      throw new Error("illegal catch attempt");
+    },
+    delegateYield: function delegateYield(iterable, resultName, nextLoc) {
+      return this.delegate = {
+        iterator: values(iterable),
+        resultName: resultName,
+        nextLoc: nextLoc
+      }, "next" === this.method && (this.arg = undefined), ContinueSentinel;
+    }
+  }, exports;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
+  try {
+    var info = gen[key](arg);
+    var value = info.value;
+  } catch (error) {
+    reject(error);
+    return;
+  }
+  if (info.done) {
+    resolve(value);
+  } else {
+    Promise.resolve(value).then(_next, _throw);
+  }
+}
+function asyncToGenerator_asyncToGenerator(fn) {
+  return function () {
+    var self = this,
+      args = arguments;
+    return new Promise(function (resolve, reject) {
+      var gen = fn.apply(self, args);
+      function _next(value) {
+        asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
+      }
+      function _throw(err) {
+        asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
+      }
+      _next(undefined);
+    });
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/defineProperty.js
+
+function defineProperty_defineProperty(obj, key, value) {
+  key = _toPropertyKey(key);
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value: value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+  return obj;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/isNativeFunction.js
+function _isNativeFunction(fn) {
+  return Function.toString.call(fn).indexOf("[native code]") !== -1;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/construct.js
+
+
+function _construct(Parent, args, Class) {
+  if (_isNativeReflectConstruct()) {
+    _construct = Reflect.construct.bind();
+  } else {
+    _construct = function _construct(Parent, args, Class) {
+      var a = [null];
+      a.push.apply(a, args);
+      var Constructor = Function.bind.apply(Parent, a);
+      var instance = new Constructor();
+      if (Class) _setPrototypeOf(instance, Class.prototype);
+      return instance;
+    };
+  }
+  return _construct.apply(null, arguments);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/wrapNativeSuper.js
+
+
+
+
+function _wrapNativeSuper(Class) {
+  var _cache = typeof Map === "function" ? new Map() : undefined;
+  _wrapNativeSuper = function _wrapNativeSuper(Class) {
+    if (Class === null || !_isNativeFunction(Class)) return Class;
+    if (typeof Class !== "function") {
+      throw new TypeError("Super expression must either be null or a function");
+    }
+    if (typeof _cache !== "undefined") {
+      if (_cache.has(Class)) return _cache.get(Class);
+      _cache.set(Class, Wrapper);
+    }
+    function Wrapper() {
+      return _construct(Class, arguments, _getPrototypeOf(this).constructor);
+    }
+    Wrapper.prototype = Object.create(Class.prototype, {
+      constructor: {
+        value: Wrapper,
+        enumerable: false,
+        writable: true,
+        configurable: true
+      }
+    });
+    return _setPrototypeOf(Wrapper, Class);
+  };
+  return _wrapNativeSuper(Class);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/iterableToArray.js
+function _iterableToArray(iter) {
+  if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toArray.js
+
+
+
+
+function _toArray(arr) {
+  return _arrayWithHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableRest();
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createForOfIteratorHelper.js
+
+function createForOfIteratorHelper_createForOfIteratorHelper(o, allowArrayLike) {
+  var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"];
+  if (!it) {
+    if (Array.isArray(o) || (it = _unsupportedIterableToArray(o)) || allowArrayLike && o && typeof o.length === "number") {
+      if (it) o = it;
+      var i = 0;
+      var F = function F() {};
+      return {
+        s: F,
+        n: function n() {
+          if (i >= o.length) return {
+            done: true
+          };
+          return {
+            done: false,
+            value: o[i++]
+          };
+        },
+        e: function e(_e) {
+          throw _e;
+        },
+        f: F
+      };
+    }
+    throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+  }
+  var normalCompletion = true,
+    didErr = false,
+    err;
+  return {
+    s: function s() {
+      it = it.call(o);
+    },
+    n: function n() {
+      var step = it.next();
+      normalCompletion = step.done;
+      return step;
+    },
+    e: function e(_e2) {
+      didErr = true;
+      err = _e2;
+    },
+    f: function f() {
+      try {
+        if (!normalCompletion && it["return"] != null) it["return"]();
+      } finally {
+        if (didErr) throw err;
+      }
+    }
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayWithoutHoles.js
+
+function _arrayWithoutHoles(arr) {
+  if (Array.isArray(arr)) return _arrayLikeToArray(arr);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/nonIterableSpread.js
+function _nonIterableSpread() {
+  throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toConsumableArray.js
+
+
+
+
+function toConsumableArray_toConsumableArray(arr) {
+  return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread();
+}
+;// CONCATENATED MODULE: ./node_modules/@remix-run/router/dist/router.js
+
+
+
+
+
+
+
+
+
+
+
+
+/**
+ * @remix-run/router v1.6.3
+ *
+ * Copyright (c) Remix Software Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE.md file in the root directory of this source tree.
+ *
+ * @license MIT
+ */
+function router_extends() {
+  router_extends = Object.assign ? Object.assign.bind() : function (target) {
+    for (var i = 1; i < arguments.length; i++) {
+      var source = arguments[i];
+      for (var key in source) {
+        if (Object.prototype.hasOwnProperty.call(source, key)) {
+          target[key] = source[key];
+        }
+      }
+    }
+    return target;
+  };
+  return router_extends.apply(this, arguments);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//#region Types and Constants
+////////////////////////////////////////////////////////////////////////////////
+/**
+ * Actions represent the type of change to a location value.
+ */
+var Action;
+(function (Action) {
+  /**
+   * A POP indicates a change to an arbitrary index in the history stack, such
+   * as a back or forward navigation. It does not describe the direction of the
+   * navigation, only that the current index changed.
+   *
+   * Note: This is the default action for newly created history objects.
+   */
+  Action["Pop"] = "POP";
+  /**
+   * A PUSH indicates a new entry being added to the history stack, such as when
+   * a link is clicked and a new page loads. When this happens, all subsequent
+   * entries in the stack are lost.
+   */
+  Action["Push"] = "PUSH";
+  /**
+   * A REPLACE indicates the entry at the current index in the history stack
+   * being replaced by a new one.
+   */
+  Action["Replace"] = "REPLACE";
+})(Action || (Action = {}));
+var PopStateEventType = "popstate";
+/**
+ * Memory history stores the current location in memory. It is designed for use
+ * in stateful non-browser environments like tests and React Native.
+ */
+function router_createMemoryHistory(options) {
+  if (options === void 0) {
+    options = {};
+  }
+  var _options = options,
+    _options$initialEntri = _options.initialEntries,
+    initialEntries = _options$initialEntri === void 0 ? ["/"] : _options$initialEntri,
+    initialIndex = _options.initialIndex,
+    _options$v5Compat = _options.v5Compat,
+    v5Compat = _options$v5Compat === void 0 ? false : _options$v5Compat;
+  var entries; // Declare so we can access from createMemoryLocation
+  entries = initialEntries.map(function (entry, index) {
+    return createMemoryLocation(entry, typeof entry === "string" ? null : entry.state, index === 0 ? "default" : undefined);
+  });
+  var index = clampIndex(initialIndex == null ? entries.length - 1 : initialIndex);
+  var action = Action.Pop;
+  var listener = null;
+  function clampIndex(n) {
+    return Math.min(Math.max(n, 0), entries.length - 1);
+  }
+  function getCurrentLocation() {
+    return entries[index];
+  }
+  function createMemoryLocation(to, state, key) {
+    if (state === void 0) {
+      state = null;
+    }
+    var location = createLocation(entries ? getCurrentLocation().pathname : "/", to, state, key);
+    warning(location.pathname.charAt(0) === "/", "relative pathnames are not supported in memory history: " + JSON.stringify(to));
+    return location;
+  }
+  function createHref(to) {
+    return typeof to === "string" ? to : router_createPath(to);
+  }
+  var history = {
+    get index() {
+      return index;
+    },
+    get action() {
+      return action;
+    },
+    get location() {
+      return getCurrentLocation();
+    },
+    createHref: createHref,
+    createURL: function createURL(to) {
+      return new URL(createHref(to), "http://localhost");
+    },
+    encodeLocation: function encodeLocation(to) {
+      var path = typeof to === "string" ? parsePath(to) : to;
+      return {
+        pathname: path.pathname || "",
+        search: path.search || "",
+        hash: path.hash || ""
+      };
+    },
+    push: function push(to, state) {
+      action = Action.Push;
+      var nextLocation = createMemoryLocation(to, state);
+      index += 1;
+      entries.splice(index, entries.length, nextLocation);
+      if (v5Compat && listener) {
+        listener({
+          action: action,
+          location: nextLocation,
+          delta: 1
+        });
+      }
+    },
+    replace: function replace(to, state) {
+      action = Action.Replace;
+      var nextLocation = createMemoryLocation(to, state);
+      entries[index] = nextLocation;
+      if (v5Compat && listener) {
+        listener({
+          action: action,
+          location: nextLocation,
+          delta: 0
+        });
+      }
+    },
+    go: function go(delta) {
+      action = Action.Pop;
+      var nextIndex = clampIndex(index + delta);
+      var nextLocation = entries[nextIndex];
+      index = nextIndex;
+      if (listener) {
+        listener({
+          action: action,
+          location: nextLocation,
+          delta: delta
+        });
+      }
+    },
+    listen: function listen(fn) {
+      listener = fn;
+      return function () {
+        listener = null;
+      };
+    }
+  };
+  return history;
+}
+/**
+ * Browser history stores the location in regular URLs. This is the standard for
+ * most web apps, but it requires some configuration on the server to ensure you
+ * serve the same app at multiple URLs.
+ *
+ * @see https://github.com/remix-run/history/tree/main/docs/api-reference.md#createbrowserhistory
+ */
+function router_createBrowserHistory(options) {
+  if (options === void 0) {
+    options = {};
+  }
+  function createBrowserLocation(window, globalHistory) {
+    var _window$location = window.location,
+      pathname = _window$location.pathname,
+      search = _window$location.search,
+      hash = _window$location.hash;
+    return createLocation("", {
+      pathname: pathname,
+      search: search,
+      hash: hash
+    },
+    // state defaults to `null` because `window.history.state` does
+    globalHistory.state && globalHistory.state.usr || null, globalHistory.state && globalHistory.state.key || "default");
+  }
+  function createBrowserHref(window, to) {
+    return typeof to === "string" ? to : router_createPath(to);
+  }
+  return getUrlBasedHistory(createBrowserLocation, createBrowserHref, null, options);
+}
+/**
+ * Hash history stores the location in window.location.hash. This makes it ideal
+ * for situations where you don't want to send the location to the server for
+ * some reason, either because you do cannot configure it or the URL space is
+ * reserved for something else.
+ *
+ * @see https://github.com/remix-run/history/tree/main/docs/api-reference.md#createhashhistory
+ */
+function router_createHashHistory(options) {
+  if (options === void 0) {
+    options = {};
+  }
+  function createHashLocation(window, globalHistory) {
+    var _parsePath = parsePath(window.location.hash.substr(1)),
+      _parsePath$pathname = _parsePath.pathname,
+      pathname = _parsePath$pathname === void 0 ? "/" : _parsePath$pathname,
+      _parsePath$search = _parsePath.search,
+      search = _parsePath$search === void 0 ? "" : _parsePath$search,
+      _parsePath$hash = _parsePath.hash,
+      hash = _parsePath$hash === void 0 ? "" : _parsePath$hash;
+    return createLocation("", {
+      pathname: pathname,
+      search: search,
+      hash: hash
+    },
+    // state defaults to `null` because `window.history.state` does
+    globalHistory.state && globalHistory.state.usr || null, globalHistory.state && globalHistory.state.key || "default");
+  }
+  function createHashHref(window, to) {
+    var base = window.document.querySelector("base");
+    var href = "";
+    if (base && base.getAttribute("href")) {
+      var url = window.location.href;
+      var hashIndex = url.indexOf("#");
+      href = hashIndex === -1 ? url : url.slice(0, hashIndex);
+    }
+    return href + "#" + (typeof to === "string" ? to : router_createPath(to));
+  }
+  function validateHashLocation(location, to) {
+    warning(location.pathname.charAt(0) === "/", "relative pathnames are not supported in hash history.push(" + JSON.stringify(to) + ")");
+  }
+  return getUrlBasedHistory(createHashLocation, createHashHref, validateHashLocation, options);
+}
+function invariant(value, message) {
+  if (value === false || value === null || typeof value === "undefined") {
+    throw new Error(message);
+  }
+}
+function warning(cond, message) {
+  if (!cond) {
+    // eslint-disable-next-line no-console
+    if (typeof console !== "undefined") console.warn(message);
+    try {
+      // Welcome to debugging history!
+      //
+      // This error is thrown as a convenience so you can more easily
+      // find the source for a warning that appears in the console by
+      // enabling "pause on exceptions" in your JavaScript debugger.
+      throw new Error(message);
+      // eslint-disable-next-line no-empty
+    } catch (e) {}
+  }
+}
+function createKey() {
+  return Math.random().toString(36).substr(2, 8);
+}
+/**
+ * For browser-based histories, we combine the state and key into an object
+ */
+function getHistoryState(location, index) {
+  return {
+    usr: location.state,
+    key: location.key,
+    idx: index
+  };
+}
+/**
+ * Creates a Location object with a unique key from the given Path
+ */
+function createLocation(current, to, state, key) {
+  if (state === void 0) {
+    state = null;
+  }
+  var location = router_extends({
+    pathname: typeof current === "string" ? current : current.pathname,
+    search: "",
+    hash: ""
+  }, typeof to === "string" ? parsePath(to) : to, {
+    state: state,
+    // TODO: This could be cleaned up.  push/replace should probably just take
+    // full Locations now and avoid the need to run through this flow at all
+    // But that's a pretty big refactor to the current test suite so going to
+    // keep as is for the time being and just let any incoming keys take precedence
+    key: to && to.key || key || createKey()
+  });
+  return location;
+}
+/**
+ * Creates a string URL path from the given pathname, search, and hash components.
+ */
+function router_createPath(_ref) {
+  var _ref$pathname = _ref.pathname,
+    pathname = _ref$pathname === void 0 ? "/" : _ref$pathname,
+    _ref$search = _ref.search,
+    search = _ref$search === void 0 ? "" : _ref$search,
+    _ref$hash = _ref.hash,
+    hash = _ref$hash === void 0 ? "" : _ref$hash;
+  if (search && search !== "?") pathname += search.charAt(0) === "?" ? search : "?" + search;
+  if (hash && hash !== "#") pathname += hash.charAt(0) === "#" ? hash : "#" + hash;
+  return pathname;
+}
+/**
+ * Parses a string URL path into its separate pathname, search, and hash components.
+ */
+function parsePath(path) {
+  var parsedPath = {};
+  if (path) {
+    var hashIndex = path.indexOf("#");
+    if (hashIndex >= 0) {
+      parsedPath.hash = path.substr(hashIndex);
+      path = path.substr(0, hashIndex);
+    }
+    var searchIndex = path.indexOf("?");
+    if (searchIndex >= 0) {
+      parsedPath.search = path.substr(searchIndex);
+      path = path.substr(0, searchIndex);
+    }
+    if (path) {
+      parsedPath.pathname = path;
+    }
+  }
+  return parsedPath;
+}
+function getUrlBasedHistory(getLocation, _createHref, validateLocation, options) {
+  if (options === void 0) {
+    options = {};
+  }
+  var _options2 = options,
+    _options2$window = _options2.window,
+    window = _options2$window === void 0 ? document.defaultView : _options2$window,
+    _options2$v5Compat = _options2.v5Compat,
+    v5Compat = _options2$v5Compat === void 0 ? false : _options2$v5Compat;
+  var globalHistory = window.history;
+  var action = Action.Pop;
+  var listener = null;
+  var index = getIndex();
+  // Index should only be null when we initialize. If not, it's because the
+  // user called history.pushState or history.replaceState directly, in which
+  // case we should log a warning as it will result in bugs.
+  if (index == null) {
+    index = 0;
+    globalHistory.replaceState(router_extends({}, globalHistory.state, {
+      idx: index
+    }), "");
+  }
+  function getIndex() {
+    var state = globalHistory.state || {
+      idx: null
+    };
+    return state.idx;
+  }
+  function handlePop() {
+    action = Action.Pop;
+    var nextIndex = getIndex();
+    var delta = nextIndex == null ? null : nextIndex - index;
+    index = nextIndex;
+    if (listener) {
+      listener({
+        action: action,
+        location: history.location,
+        delta: delta
+      });
+    }
+  }
+  function push(to, state) {
+    action = Action.Push;
+    var location = createLocation(history.location, to, state);
+    if (validateLocation) validateLocation(location, to);
+    index = getIndex() + 1;
+    var historyState = getHistoryState(location, index);
+    var url = history.createHref(location);
+    // try...catch because iOS limits us to 100 pushState calls :/
+    try {
+      globalHistory.pushState(historyState, "", url);
+    } catch (error) {
+      // If the exception is because `state` can't be serialized, let that throw
+      // outwards just like a replace call would so the dev knows the cause
+      // https://html.spec.whatwg.org/multipage/nav-history-apis.html#shared-history-push/replace-state-steps
+      // https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal
+      if (error instanceof DOMException && error.name === "DataCloneError") {
+        throw error;
+      }
+      // They are going to lose state here, but there is no real
+      // way to warn them about it since the page will refresh...
+      window.location.assign(url);
+    }
+    if (v5Compat && listener) {
+      listener({
+        action: action,
+        location: history.location,
+        delta: 1
+      });
+    }
+  }
+  function replace(to, state) {
+    action = Action.Replace;
+    var location = createLocation(history.location, to, state);
+    if (validateLocation) validateLocation(location, to);
+    index = getIndex();
+    var historyState = getHistoryState(location, index);
+    var url = history.createHref(location);
+    globalHistory.replaceState(historyState, "", url);
+    if (v5Compat && listener) {
+      listener({
+        action: action,
+        location: history.location,
+        delta: 0
+      });
+    }
+  }
+  function createURL(to) {
+    // window.location.origin is "null" (the literal string value) in Firefox
+    // under certain conditions, notably when serving from a local HTML file
+    // See https://bugzilla.mozilla.org/show_bug.cgi?id=878297
+    var base = window.location.origin !== "null" ? window.location.origin : window.location.href;
+    var href = typeof to === "string" ? to : router_createPath(to);
+    invariant(base, "No window.location.(origin|href) available to create URL for href: " + href);
+    return new URL(href, base);
+  }
+  var history = {
+    get action() {
+      return action;
+    },
+    get location() {
+      return getLocation(window, globalHistory);
+    },
+    listen: function listen(fn) {
+      if (listener) {
+        throw new Error("A history only accepts one active listener");
+      }
+      window.addEventListener(PopStateEventType, handlePop);
+      listener = fn;
+      return function () {
+        window.removeEventListener(PopStateEventType, handlePop);
+        listener = null;
+      };
+    },
+    createHref: function createHref(to) {
+      return _createHref(window, to);
+    },
+    createURL: createURL,
+    encodeLocation: function encodeLocation(to) {
+      // Encode a Location the same way window.location would
+      var url = createURL(to);
+      return {
+        pathname: url.pathname,
+        search: url.search,
+        hash: url.hash
+      };
+    },
+    push: push,
+    replace: replace,
+    go: function go(n) {
+      return globalHistory.go(n);
+    }
+  };
+  return history;
+}
+//#endregion
+
+var ResultType;
+(function (ResultType) {
+  ResultType["data"] = "data";
+  ResultType["deferred"] = "deferred";
+  ResultType["redirect"] = "redirect";
+  ResultType["error"] = "error";
+})(ResultType || (ResultType = {}));
+var immutableRouteKeys = new Set(["lazy", "caseSensitive", "path", "id", "index", "children"]);
+function isIndexRoute(route) {
+  return route.index === true;
+}
+// Walk the route tree generating unique IDs where necessary so we are working
+// solely with AgnosticDataRouteObject's within the Router
+function convertRoutesToDataRoutes(routes, mapRouteProperties, parentPath, manifest) {
+  if (parentPath === void 0) {
+    parentPath = [];
+  }
+  if (manifest === void 0) {
+    manifest = {};
+  }
+  return routes.map(function (route, index) {
+    var treePath = [].concat(toConsumableArray_toConsumableArray(parentPath), [index]);
+    var id = typeof route.id === "string" ? route.id : treePath.join("-");
+    invariant(route.index !== true || !route.children, "Cannot specify children on an index route");
+    invariant(!manifest[id], "Found a route id collision on id \"" + id + "\".  Route " + "id's must be globally unique within Data Router usages");
+    if (isIndexRoute(route)) {
+      var indexRoute = router_extends({}, route, mapRouteProperties(route), {
+        id: id
+      });
+      manifest[id] = indexRoute;
+      return indexRoute;
+    } else {
+      var pathOrLayoutRoute = router_extends({}, route, mapRouteProperties(route), {
+        id: id,
+        children: undefined
+      });
+      manifest[id] = pathOrLayoutRoute;
+      if (route.children) {
+        pathOrLayoutRoute.children = convertRoutesToDataRoutes(route.children, mapRouteProperties, treePath, manifest);
+      }
+      return pathOrLayoutRoute;
+    }
+  });
+}
+/**
+ * Matches the given routes to a location and returns the match data.
+ *
+ * @see https://reactrouter.com/utils/match-routes
+ */
+function matchRoutes(routes, locationArg, basename) {
+  if (basename === void 0) {
+    basename = "/";
+  }
+  var location = typeof locationArg === "string" ? parsePath(locationArg) : locationArg;
+  var pathname = router_stripBasename(location.pathname || "/", basename);
+  if (pathname == null) {
+    return null;
+  }
+  var branches = flattenRoutes(routes);
+  rankRouteBranches(branches);
+  var matches = null;
+  for (var i = 0; matches == null && i < branches.length; ++i) {
+    matches = matchRouteBranch(branches[i],
+    // Incoming pathnames are generally encoded from either window.location
+    // or from router.navigate, but we want to match against the unencoded
+    // paths in the route definitions.  Memory router locations won't be
+    // encoded here but there also shouldn't be anything to decode so this
+    // should be a safe operation.  This avoids needing matchRoutes to be
+    // history-aware.
+    safelyDecodeURI(pathname));
+  }
+  return matches;
+}
+function flattenRoutes(routes, branches, parentsMeta, parentPath) {
+  if (branches === void 0) {
+    branches = [];
+  }
+  if (parentsMeta === void 0) {
+    parentsMeta = [];
+  }
+  if (parentPath === void 0) {
+    parentPath = "";
+  }
+  var flattenRoute = function flattenRoute(route, index, relativePath) {
+    var meta = {
+      relativePath: relativePath === undefined ? route.path || "" : relativePath,
+      caseSensitive: route.caseSensitive === true,
+      childrenIndex: index,
+      route: route
+    };
+    if (meta.relativePath.startsWith("/")) {
+      invariant(meta.relativePath.startsWith(parentPath), "Absolute route path \"" + meta.relativePath + "\" nested under path " + ("\"" + parentPath + "\" is not valid. An absolute child route path ") + "must start with the combined path of all its parent routes.");
+      meta.relativePath = meta.relativePath.slice(parentPath.length);
+    }
+    var path = router_joinPaths([parentPath, meta.relativePath]);
+    var routesMeta = parentsMeta.concat(meta);
+    // Add the children before adding this route to the array so we traverse the
+    // route tree depth-first and child routes appear before their parents in
+    // the "flattened" version.
+    if (route.children && route.children.length > 0) {
+      invariant(
+      // Our types know better, but runtime JS may not!
+      // @ts-expect-error
+      route.index !== true, "Index routes must not have child routes. Please remove " + ("all child routes from route path \"" + path + "\"."));
+      flattenRoutes(route.children, branches, routesMeta, path);
+    }
+    // Routes without a path shouldn't ever match by themselves unless they are
+    // index routes, so don't add them to the list of possible branches.
+    if (route.path == null && !route.index) {
+      return;
+    }
+    branches.push({
+      path: path,
+      score: computeScore(path, route.index),
+      routesMeta: routesMeta
+    });
+  };
+  routes.forEach(function (route, index) {
+    var _route$path;
+    // coarse-grain check for optional params
+    if (route.path === "" || !((_route$path = route.path) != null && _route$path.includes("?"))) {
+      flattenRoute(route, index);
+    } else {
+      var _iterator = createForOfIteratorHelper_createForOfIteratorHelper(explodeOptionalSegments(route.path)),
+        _step;
+      try {
+        for (_iterator.s(); !(_step = _iterator.n()).done;) {
+          var exploded = _step.value;
+          flattenRoute(route, index, exploded);
+        }
+      } catch (err) {
+        _iterator.e(err);
+      } finally {
+        _iterator.f();
+      }
+    }
+  });
+  return branches;
+}
+/**
+ * Computes all combinations of optional path segments for a given path,
+ * excluding combinations that are ambiguous and of lower priority.
+ *
+ * For example, `/one/:two?/three/:four?/:five?` explodes to:
+ * - `/one/three`
+ * - `/one/:two/three`
+ * - `/one/three/:four`
+ * - `/one/three/:five`
+ * - `/one/:two/three/:four`
+ * - `/one/:two/three/:five`
+ * - `/one/three/:four/:five`
+ * - `/one/:two/three/:four/:five`
+ */
+function explodeOptionalSegments(path) {
+  var segments = path.split("/");
+  if (segments.length === 0) return [];
+  var _segments = _toArray(segments),
+    first = _segments[0],
+    rest = _segments.slice(1);
+  // Optional path segments are denoted by a trailing `?`
+  var isOptional = first.endsWith("?");
+  // Compute the corresponding required segment: `foo?` -> `foo`
+  var required = first.replace(/\?$/, "");
+  if (rest.length === 0) {
+    // Intepret empty string as omitting an optional segment
+    // `["one", "", "three"]` corresponds to omitting `:two` from `/one/:two?/three` -> `/one/three`
+    return isOptional ? [required, ""] : [required];
+  }
+  var restExploded = explodeOptionalSegments(rest.join("/"));
+  var result = [];
+  // All child paths with the prefix.  Do this for all children before the
+  // optional version for all children so we get consistent ordering where the
+  // parent optional aspect is preferred as required.  Otherwise, we can get
+  // child sections interspersed where deeper optional segments are higher than
+  // parent optional segments, where for example, /:two would explodes _earlier_
+  // then /:one.  By always including the parent as required _for all children_
+  // first, we avoid this issue
+  result.push.apply(result, toConsumableArray_toConsumableArray(restExploded.map(function (subpath) {
+    return subpath === "" ? required : [required, subpath].join("/");
+  })));
+  // Then if this is an optional value, add all child versions without
+  if (isOptional) {
+    result.push.apply(result, toConsumableArray_toConsumableArray(restExploded));
+  }
+  // for absolute paths, ensure `/` instead of empty segment
+  return result.map(function (exploded) {
+    return path.startsWith("/") && exploded === "" ? "/" : exploded;
+  });
+}
+function rankRouteBranches(branches) {
+  branches.sort(function (a, b) {
+    return a.score !== b.score ? b.score - a.score // Higher score first
+    : compareIndexes(a.routesMeta.map(function (meta) {
+      return meta.childrenIndex;
+    }), b.routesMeta.map(function (meta) {
+      return meta.childrenIndex;
+    }));
+  });
+}
+var paramRe = /^:\w+$/;
+var dynamicSegmentValue = 3;
+var indexRouteValue = 2;
+var emptySegmentValue = 1;
+var staticSegmentValue = 10;
+var splatPenalty = -2;
+var isSplat = function isSplat(s) {
+  return s === "*";
+};
+function computeScore(path, index) {
+  var segments = path.split("/");
+  var initialScore = segments.length;
+  if (segments.some(isSplat)) {
+    initialScore += splatPenalty;
+  }
+  if (index) {
+    initialScore += indexRouteValue;
+  }
+  return segments.filter(function (s) {
+    return !isSplat(s);
+  }).reduce(function (score, segment) {
+    return score + (paramRe.test(segment) ? dynamicSegmentValue : segment === "" ? emptySegmentValue : staticSegmentValue);
+  }, initialScore);
+}
+function compareIndexes(a, b) {
+  var siblings = a.length === b.length && a.slice(0, -1).every(function (n, i) {
+    return n === b[i];
+  });
+  return siblings ?
+  // If two routes are siblings, we should try to match the earlier sibling
+  // first. This allows people to have fine-grained control over the matching
+  // behavior by simply putting routes with identical paths in the order they
+  // want them tried.
+  a[a.length - 1] - b[b.length - 1] :
+  // Otherwise, it doesn't really make sense to rank non-siblings by index,
+  // so they sort equally.
+  0;
+}
+function matchRouteBranch(branch, pathname) {
+  var routesMeta = branch.routesMeta;
+  var matchedParams = {};
+  var matchedPathname = "/";
+  var matches = [];
+  for (var i = 0; i < routesMeta.length; ++i) {
+    var meta = routesMeta[i];
+    var end = i === routesMeta.length - 1;
+    var remainingPathname = matchedPathname === "/" ? pathname : pathname.slice(matchedPathname.length) || "/";
+    var match = router_matchPath({
+      path: meta.relativePath,
+      caseSensitive: meta.caseSensitive,
+      end: end
+    }, remainingPathname);
+    if (!match) return null;
+    Object.assign(matchedParams, match.params);
+    var route = meta.route;
+    matches.push({
+      // TODO: Can this as be avoided?
+      params: matchedParams,
+      pathname: router_joinPaths([matchedPathname, match.pathname]),
+      pathnameBase: normalizePathname(router_joinPaths([matchedPathname, match.pathnameBase])),
+      route: route
+    });
+    if (match.pathnameBase !== "/") {
+      matchedPathname = router_joinPaths([matchedPathname, match.pathnameBase]);
+    }
+  }
+  return matches;
+}
+/**
+ * Returns a path with params interpolated.
+ *
+ * @see https://reactrouter.com/utils/generate-path
+ */
+function generatePath(originalPath, params) {
+  if (params === void 0) {
+    params = {};
+  }
+  var path = originalPath;
+  if (path.endsWith("*") && path !== "*" && !path.endsWith("/*")) {
+    warning(false, "Route path \"" + path + "\" will be treated as if it were " + ("\"" + path.replace(/\*$/, "/*") + "\" because the `*` character must ") + "always follow a `/` in the pattern. To get rid of this warning, " + ("please change the route path to \"" + path.replace(/\*$/, "/*") + "\"."));
+    path = path.replace(/\*$/, "/*");
+  }
+  // ensure `/` is added at the beginning if the path is absolute
+  var prefix = path.startsWith("/") ? "/" : "";
+  var segments = path.split(/\/+/).map(function (segment, index, array) {
+    var isLastSegment = index === array.length - 1;
+    // only apply the splat if it's the last segment
+    if (isLastSegment && segment === "*") {
+      var star = "*";
+      var starParam = params[star];
+      // Apply the splat
+      return starParam;
+    }
+    var keyMatch = segment.match(/^:(\w+)(\??)$/);
+    if (keyMatch) {
+      var _keyMatch = _slicedToArray(keyMatch, 3),
+        key = _keyMatch[1],
+        optional = _keyMatch[2];
+      var param = params[key];
+      if (optional === "?") {
+        return param == null ? "" : param;
+      }
+      if (param == null) {
+        invariant(false, "Missing \":" + key + "\" param");
+      }
+      return param;
+    }
+    // Remove any optional markers from optional static segments
+    return segment.replace(/\?$/g, "");
+  })
+  // Remove empty segments
+  .filter(function (segment) {
+    return !!segment;
+  });
+  return prefix + segments.join("/");
+}
+/**
+ * Performs pattern matching on a URL pathname and returns information about
+ * the match.
+ *
+ * @see https://reactrouter.com/utils/match-path
+ */
+function router_matchPath(pattern, pathname) {
+  if (typeof pattern === "string") {
+    pattern = {
+      path: pattern,
+      caseSensitive: false,
+      end: true
+    };
+  }
+  var _compilePath = compilePath(pattern.path, pattern.caseSensitive, pattern.end),
+    _compilePath2 = slicedToArray_slicedToArray(_compilePath, 2),
+    matcher = _compilePath2[0],
+    paramNames = _compilePath2[1];
+  var match = pathname.match(matcher);
+  if (!match) return null;
+  var matchedPathname = match[0];
+  var pathnameBase = matchedPathname.replace(/(.)\/+$/, "$1");
+  var captureGroups = match.slice(1);
+  var params = paramNames.reduce(function (memo, paramName, index) {
+    // We need to compute the pathnameBase here using the raw splat value
+    // instead of using params["*"] later because it will be decoded then
+    if (paramName === "*") {
+      var splatValue = captureGroups[index] || "";
+      pathnameBase = matchedPathname.slice(0, matchedPathname.length - splatValue.length).replace(/(.)\/+$/, "$1");
+    }
+    memo[paramName] = safelyDecodeURIComponent(captureGroups[index] || "", paramName);
+    return memo;
+  }, {});
+  return {
+    params: params,
+    pathname: matchedPathname,
+    pathnameBase: pathnameBase,
+    pattern: pattern
+  };
+}
+function compilePath(path, caseSensitive, end) {
+  if (caseSensitive === void 0) {
+    caseSensitive = false;
+  }
+  if (end === void 0) {
+    end = true;
+  }
+  warning(path === "*" || !path.endsWith("*") || path.endsWith("/*"), "Route path \"" + path + "\" will be treated as if it were " + ("\"" + path.replace(/\*$/, "/*") + "\" because the `*` character must ") + "always follow a `/` in the pattern. To get rid of this warning, " + ("please change the route path to \"" + path.replace(/\*$/, "/*") + "\"."));
+  var paramNames = [];
+  var regexpSource = "^" + path.replace(/\/*\*?$/, "") // Ignore trailing / and /*, we'll handle it below
+  .replace(/^\/*/, "/") // Make sure it has a leading /
+  .replace(/[\\.*+^$?{}|()[\]]/g, "\\$&") // Escape special regex chars
+  .replace(/\/:(\w+)/g, function (_, paramName) {
+    paramNames.push(paramName);
+    return "/([^\\/]+)";
+  });
+  if (path.endsWith("*")) {
+    paramNames.push("*");
+    regexpSource += path === "*" || path === "/*" ? "(.*)$" // Already matched the initial /, just match the rest
+    : "(?:\\/(.+)|\\/*)$"; // Don't include the / in params["*"]
+  } else if (end) {
+    // When matching to the end, ignore trailing slashes
+    regexpSource += "\\/*$";
+  } else if (path !== "" && path !== "/") {
+    // If our path is non-empty and contains anything beyond an initial slash,
+    // then we have _some_ form of path in our regex so we should expect to
+    // match only if we find the end of this path segment.  Look for an optional
+    // non-captured trailing slash (to match a portion of the URL) or the end
+    // of the path (if we've matched to the end).  We used to do this with a
+    // word boundary but that gives false positives on routes like
+    // /user-preferences since `-` counts as a word boundary.
+    regexpSource += "(?:(?=\\/|$))";
+  } else ;
+  var matcher = new RegExp(regexpSource, caseSensitive ? undefined : "i");
+  return [matcher, paramNames];
+}
+function safelyDecodeURI(value) {
+  try {
+    return decodeURI(value);
+  } catch (error) {
+    warning(false, "The URL path \"" + value + "\" could not be decoded because it is is a " + "malformed URL segment. This is probably due to a bad percent " + ("encoding (" + error + ")."));
+    return value;
+  }
+}
+function safelyDecodeURIComponent(value, paramName) {
+  try {
+    return decodeURIComponent(value);
+  } catch (error) {
+    warning(false, "The value for the URL param \"" + paramName + "\" will not be decoded because" + (" the string \"" + value + "\" is a malformed URL segment. This is probably") + (" due to a bad percent encoding (" + error + ")."));
+    return value;
+  }
+}
+/**
+ * @private
+ */
+function router_stripBasename(pathname, basename) {
+  if (basename === "/") return pathname;
+  if (!pathname.toLowerCase().startsWith(basename.toLowerCase())) {
+    return null;
+  }
+  // We want to leave trailing slash behavior in the user's control, so if they
+  // specify a basename with a trailing slash, we should support it
+  var startIndex = basename.endsWith("/") ? basename.length - 1 : basename.length;
+  var nextChar = pathname.charAt(startIndex);
+  if (nextChar && nextChar !== "/") {
+    // pathname does not start with basename/
+    return null;
+  }
+  return pathname.slice(startIndex) || "/";
+}
+/**
+ * Returns a resolved path object relative to the given pathname.
+ *
+ * @see https://reactrouter.com/utils/resolve-path
+ */
+function resolvePath(to, fromPathname) {
+  if (fromPathname === void 0) {
+    fromPathname = "/";
+  }
+  var _ref3 = typeof to === "string" ? parsePath(to) : to,
+    toPathname = _ref3.pathname,
+    _ref3$search = _ref3.search,
+    search = _ref3$search === void 0 ? "" : _ref3$search,
+    _ref3$hash = _ref3.hash,
+    hash = _ref3$hash === void 0 ? "" : _ref3$hash;
+  var pathname = toPathname ? toPathname.startsWith("/") ? toPathname : resolvePathname(toPathname, fromPathname) : fromPathname;
+  return {
+    pathname: pathname,
+    search: normalizeSearch(search),
+    hash: normalizeHash(hash)
+  };
+}
+function resolvePathname(relativePath, fromPathname) {
+  var segments = fromPathname.replace(/\/+$/, "").split("/");
+  var relativeSegments = relativePath.split("/");
+  relativeSegments.forEach(function (segment) {
+    if (segment === "..") {
+      // Keep the root "" segment so the pathname starts at /
+      if (segments.length > 1) segments.pop();
+    } else if (segment !== ".") {
+      segments.push(segment);
+    }
+  });
+  return segments.length > 1 ? segments.join("/") : "/";
+}
+function getInvalidPathError(char, field, dest, path) {
+  return "Cannot include a '" + char + "' character in a manually specified " + ("`to." + field + "` field [" + JSON.stringify(path) + "].  Please separate it out to the ") + ("`to." + dest + "` field. Alternatively you may provide the full path as ") + "a string in <Link to=\"...\"> and the router will parse it for you.";
+}
+/**
+ * @private
+ *
+ * When processing relative navigation we want to ignore ancestor routes that
+ * do not contribute to the path, such that index/pathless layout routes don't
+ * interfere.
+ *
+ * For example, when moving a route element into an index route and/or a
+ * pathless layout route, relative link behavior contained within should stay
+ * the same.  Both of the following examples should link back to the root:
+ *
+ *   <Route path="/">
+ *     <Route path="accounts" element={<Link to=".."}>
+ *   </Route>
+ *
+ *   <Route path="/">
+ *     <Route path="accounts">
+ *       <Route element={<AccountsLayout />}>       // <-- Does not contribute
+ *         <Route index element={<Link to=".."} />  // <-- Does not contribute
+ *       </Route
+ *     </Route>
+ *   </Route>
+ */
+function getPathContributingMatches(matches) {
+  return matches.filter(function (match, index) {
+    return index === 0 || match.route.path && match.route.path.length > 0;
+  });
+}
+/**
+ * @private
+ */
+function router_resolveTo(toArg, routePathnames, locationPathname, isPathRelative) {
+  if (isPathRelative === void 0) {
+    isPathRelative = false;
+  }
+  var to;
+  if (typeof toArg === "string") {
+    to = parsePath(toArg);
+  } else {
+    to = router_extends({}, toArg);
+    invariant(!to.pathname || !to.pathname.includes("?"), getInvalidPathError("?", "pathname", "search", to));
+    invariant(!to.pathname || !to.pathname.includes("#"), getInvalidPathError("#", "pathname", "hash", to));
+    invariant(!to.search || !to.search.includes("#"), getInvalidPathError("#", "search", "hash", to));
+  }
+  var isEmptyPath = toArg === "" || to.pathname === "";
+  var toPathname = isEmptyPath ? "/" : to.pathname;
+  var from;
+  // Routing is relative to the current pathname if explicitly requested.
+  //
+  // If a pathname is explicitly provided in `to`, it should be relative to the
+  // route context. This is explained in `Note on `<Link to>` values` in our
+  // migration guide from v5 as a means of disambiguation between `to` values
+  // that begin with `/` and those that do not. However, this is problematic for
+  // `to` values that do not provide a pathname. `to` can simply be a search or
+  // hash string, in which case we should assume that the navigation is relative
+  // to the current location's pathname and *not* the route pathname.
+  if (isPathRelative || toPathname == null) {
+    from = locationPathname;
+  } else {
+    var routePathnameIndex = routePathnames.length - 1;
+    if (toPathname.startsWith("..")) {
+      var toSegments = toPathname.split("/");
+      // Each leading .. segment means "go up one route" instead of "go up one
+      // URL segment".  This is a key difference from how <a href> works and a
+      // major reason we call this a "to" value instead of a "href".
+      while (toSegments[0] === "..") {
+        toSegments.shift();
+        routePathnameIndex -= 1;
+      }
+      to.pathname = toSegments.join("/");
+    }
+    // If there are more ".." segments than parent routes, resolve relative to
+    // the root / URL.
+    from = routePathnameIndex >= 0 ? routePathnames[routePathnameIndex] : "/";
+  }
+  var path = resolvePath(to, from);
+  // Ensure the pathname has a trailing slash if the original "to" had one
+  var hasExplicitTrailingSlash = toPathname && toPathname !== "/" && toPathname.endsWith("/");
+  // Or if this was a link to the current path which has a trailing slash
+  var hasCurrentTrailingSlash = (isEmptyPath || toPathname === ".") && locationPathname.endsWith("/");
+  if (!path.pathname.endsWith("/") && (hasExplicitTrailingSlash || hasCurrentTrailingSlash)) {
+    path.pathname += "/";
+  }
+  return path;
+}
+/**
+ * @private
+ */
+function getToPathname(to) {
+  // Empty strings should be treated the same as / paths
+  return to === "" || to.pathname === "" ? "/" : typeof to === "string" ? parsePath(to).pathname : to.pathname;
+}
+/**
+ * @private
+ */
+var router_joinPaths = function joinPaths(paths) {
+  return paths.join("/").replace(/\/\/+/g, "/");
+};
+/**
+ * @private
+ */
+var normalizePathname = function normalizePathname(pathname) {
+  return pathname.replace(/\/+$/, "").replace(/^\/*/, "/");
+};
+/**
+ * @private
+ */
+var normalizeSearch = function normalizeSearch(search) {
+  return !search || search === "?" ? "" : search.startsWith("?") ? search : "?" + search;
+};
+/**
+ * @private
+ */
+var normalizeHash = function normalizeHash(hash) {
+  return !hash || hash === "#" ? "" : hash.startsWith("#") ? hash : "#" + hash;
+};
+/**
+ * This is a shortcut for creating `application/json` responses. Converts `data`
+ * to JSON and sets the `Content-Type` header.
+ */
+var json = function json(data, init) {
+  if (init === void 0) {
+    init = {};
+  }
+  var responseInit = typeof init === "number" ? {
+    status: init
+  } : init;
+  var headers = new Headers(responseInit.headers);
+  if (!headers.has("Content-Type")) {
+    headers.set("Content-Type", "application/json; charset=utf-8");
+  }
+  return new Response(JSON.stringify(data), router_extends({}, responseInit, {
+    headers: headers
+  }));
+};
+var AbortedDeferredError = /*#__PURE__*/function (_Error) {
+  _inherits(AbortedDeferredError, _Error);
+  var _super = _createSuper(AbortedDeferredError);
+  function AbortedDeferredError() {
+    classCallCheck_classCallCheck(this, AbortedDeferredError);
+    return _super.apply(this, arguments);
+  }
+  return createClass_createClass(AbortedDeferredError);
+}( /*#__PURE__*/_wrapNativeSuper(Error));
+var DeferredData = /*#__PURE__*/(/* unused pure expression or super */ null && (function () {
+  function DeferredData(data, responseInit) {
+    var _this = this;
+    _classCallCheck(this, DeferredData);
+    this.pendingKeysSet = new Set();
+    this.subscribers = new Set();
+    this.deferredKeys = [];
+    invariant(data && typeof data === "object" && !Array.isArray(data), "defer() only accepts plain objects");
+    // Set up an AbortController + Promise we can race against to exit early
+    // cancellation
+    var reject;
+    this.abortPromise = new Promise(function (_, r) {
+      return reject = r;
+    });
+    this.controller = new AbortController();
+    var onAbort = function onAbort() {
+      return reject(new AbortedDeferredError("Deferred data aborted"));
+    };
+    this.unlistenAbortSignal = function () {
+      return _this.controller.signal.removeEventListener("abort", onAbort);
+    };
+    this.controller.signal.addEventListener("abort", onAbort);
+    this.data = Object.entries(data).reduce(function (acc, _ref) {
+      var _ref4 = _slicedToArray(_ref, 2),
+        key = _ref4[0],
+        value = _ref4[1];
+      return Object.assign(acc, _defineProperty({}, key, _this.trackPromise(key, value)));
+    }, {});
+    if (this.done) {
+      // All incoming values were resolved
+      this.unlistenAbortSignal();
+    }
+    this.init = responseInit;
+  }
+  _createClass(DeferredData, [{
+    key: "trackPromise",
+    value: function trackPromise(key, value) {
+      var _this2 = this;
+      if (!(value instanceof Promise)) {
+        return value;
+      }
+      this.deferredKeys.push(key);
+      this.pendingKeysSet.add(key);
+      // We store a little wrapper promise that will be extended with
+      // _data/_error props upon resolve/reject
+      var promise = Promise.race([value, this.abortPromise]).then(function (data) {
+        return _this2.onSettle(promise, key, null, data);
+      }, function (error) {
+        return _this2.onSettle(promise, key, error);
+      });
+      // Register rejection listeners to avoid uncaught promise rejections on
+      // errors or aborted deferred values
+      promise.catch(function () {});
+      Object.defineProperty(promise, "_tracked", {
+        get: function get() {
+          return true;
+        }
+      });
+      return promise;
+    }
+  }, {
+    key: "onSettle",
+    value: function onSettle(promise, key, error, data) {
+      if (this.controller.signal.aborted && error instanceof AbortedDeferredError) {
+        this.unlistenAbortSignal();
+        Object.defineProperty(promise, "_error", {
+          get: function get() {
+            return error;
+          }
+        });
+        return Promise.reject(error);
+      }
+      this.pendingKeysSet.delete(key);
+      if (this.done) {
+        // Nothing left to abort!
+        this.unlistenAbortSignal();
+      }
+      if (error) {
+        Object.defineProperty(promise, "_error", {
+          get: function get() {
+            return error;
+          }
+        });
+        this.emit(false, key);
+        return Promise.reject(error);
+      }
+      Object.defineProperty(promise, "_data", {
+        get: function get() {
+          return data;
+        }
+      });
+      this.emit(false, key);
+      return data;
+    }
+  }, {
+    key: "emit",
+    value: function emit(aborted, settledKey) {
+      this.subscribers.forEach(function (subscriber) {
+        return subscriber(aborted, settledKey);
+      });
+    }
+  }, {
+    key: "subscribe",
+    value: function subscribe(fn) {
+      var _this3 = this;
+      this.subscribers.add(fn);
+      return function () {
+        return _this3.subscribers.delete(fn);
+      };
+    }
+  }, {
+    key: "cancel",
+    value: function cancel() {
+      var _this4 = this;
+      this.controller.abort();
+      this.pendingKeysSet.forEach(function (v, k) {
+        return _this4.pendingKeysSet.delete(k);
+      });
+      this.emit(true);
+    }
+  }, {
+    key: "resolveData",
+    value: function () {
+      var _resolveData = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee(signal) {
+        var _this5 = this;
+        var aborted, onAbort;
+        return _regeneratorRuntime().wrap(function _callee$(_context) {
+          while (1) switch (_context.prev = _context.next) {
+            case 0:
+              aborted = false;
+              if (this.done) {
+                _context.next = 7;
+                break;
+              }
+              onAbort = function onAbort() {
+                return _this5.cancel();
+              };
+              signal.addEventListener("abort", onAbort);
+              _context.next = 6;
+              return new Promise(function (resolve) {
+                _this5.subscribe(function (aborted) {
+                  signal.removeEventListener("abort", onAbort);
+                  if (aborted || _this5.done) {
+                    resolve(aborted);
+                  }
+                });
+              });
+            case 6:
+              aborted = _context.sent;
+            case 7:
+              return _context.abrupt("return", aborted);
+            case 8:
+            case "end":
+              return _context.stop();
+          }
+        }, _callee, this);
+      }));
+      function resolveData(_x) {
+        return _resolveData.apply(this, arguments);
+      }
+      return resolveData;
+    }()
+  }, {
+    key: "done",
+    get: function get() {
+      return this.pendingKeysSet.size === 0;
+    }
+  }, {
+    key: "unwrappedData",
+    get: function get() {
+      invariant(this.data !== null && this.done, "Can only unwrap data on initialized and settled deferreds");
+      return Object.entries(this.data).reduce(function (acc, _ref2) {
+        var _ref5 = _slicedToArray(_ref2, 2),
+          key = _ref5[0],
+          value = _ref5[1];
+        return Object.assign(acc, _defineProperty({}, key, unwrapTrackedPromise(value)));
+      }, {});
+    }
+  }, {
+    key: "pendingKeys",
+    get: function get() {
+      return Array.from(this.pendingKeysSet);
+    }
+  }]);
+  return DeferredData;
+}()));
+function isTrackedPromise(value) {
+  return value instanceof Promise && value._tracked === true;
+}
+function unwrapTrackedPromise(value) {
+  if (!isTrackedPromise(value)) {
+    return value;
+  }
+  if (value._error) {
+    throw value._error;
+  }
+  return value._data;
+}
+var defer = function defer(data, init) {
+  if (init === void 0) {
+    init = {};
+  }
+  var responseInit = typeof init === "number" ? {
+    status: init
+  } : init;
+  return new DeferredData(data, responseInit);
+};
+/**
+ * A redirect response. Sets the status code and the `Location` header.
+ * Defaults to "302 Found".
+ */
+var redirect = function redirect(url, init) {
+  if (init === void 0) {
+    init = 302;
+  }
+  var responseInit = init;
+  if (typeof responseInit === "number") {
+    responseInit = {
+      status: responseInit
+    };
+  } else if (typeof responseInit.status === "undefined") {
+    responseInit.status = 302;
+  }
+  var headers = new Headers(responseInit.headers);
+  headers.set("Location", url);
+  return new Response(null, router_extends({}, responseInit, {
+    headers: headers
+  }));
+};
+/**
+ * @private
+ * Utility class we use to hold auto-unwrapped 4xx/5xx Response bodies
+ */
+var ErrorResponse = /*#__PURE__*/createClass_createClass(function ErrorResponse(status, statusText, data, internal) {
+  classCallCheck_classCallCheck(this, ErrorResponse);
+  if (internal === void 0) {
+    internal = false;
+  }
+  this.status = status;
+  this.statusText = statusText || "";
+  this.internal = internal;
+  if (data instanceof Error) {
+    this.data = data.toString();
+    this.error = data;
+  } else {
+    this.data = data;
+  }
+});
+/**
+ * Check if the given error is an ErrorResponse generated from a 4xx/5xx
+ * Response thrown from an action/loader
+ */
+function isRouteErrorResponse(error) {
+  return error != null && typeof error.status === "number" && typeof error.statusText === "string" && typeof error.internal === "boolean" && "data" in error;
+}
+var validMutationMethodsArr = ["post", "put", "patch", "delete"];
+var validMutationMethods = new Set(validMutationMethodsArr);
+var validRequestMethodsArr = ["get"].concat(validMutationMethodsArr);
+var validRequestMethods = new Set(validRequestMethodsArr);
+var redirectStatusCodes = new Set([301, 302, 303, 307, 308]);
+var redirectPreserveMethodStatusCodes = new Set([307, 308]);
+var IDLE_NAVIGATION = {
+  state: "idle",
+  location: undefined,
+  formMethod: undefined,
+  formAction: undefined,
+  formEncType: undefined,
+  formData: undefined
+};
+var IDLE_FETCHER = {
+  state: "idle",
+  data: undefined,
+  formMethod: undefined,
+  formAction: undefined,
+  formEncType: undefined,
+  formData: undefined
+};
+var IDLE_BLOCKER = {
+  state: "unblocked",
+  proceed: undefined,
+  reset: undefined,
+  location: undefined
+};
+var ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
+var defaultMapRouteProperties = function defaultMapRouteProperties(route) {
+  return {
+    hasErrorBoundary: Boolean(route.hasErrorBoundary)
+  };
+};
+//#endregion
+////////////////////////////////////////////////////////////////////////////////
+//#region createRouter
+////////////////////////////////////////////////////////////////////////////////
+/**
+ * Create a router and listen to history POP navigations
+ */
+function router_createRouter(init) {
+  var routerWindow = init.window ? init.window : typeof window !== "undefined" ? window : undefined;
+  var isBrowser = typeof routerWindow !== "undefined" && typeof routerWindow.document !== "undefined" && typeof routerWindow.document.createElement !== "undefined";
+  var isServer = !isBrowser;
+  invariant(init.routes.length > 0, "You must provide a non-empty routes array to createRouter");
+  var mapRouteProperties;
+  if (init.mapRouteProperties) {
+    mapRouteProperties = init.mapRouteProperties;
+  } else if (init.detectErrorBoundary) {
+    // If they are still using the deprecated version, wrap it with the new API
+    var detectErrorBoundary = init.detectErrorBoundary;
+    mapRouteProperties = function mapRouteProperties(route) {
+      return {
+        hasErrorBoundary: detectErrorBoundary(route)
+      };
+    };
+  } else {
+    mapRouteProperties = defaultMapRouteProperties;
+  }
+  // Routes keyed by ID
+  var manifest = {};
+  // Routes in tree format for matching
+  var dataRoutes = convertRoutesToDataRoutes(init.routes, mapRouteProperties, undefined, manifest);
+  var inFlightDataRoutes;
+  var basename = init.basename || "/";
+  // Config driven behavior flags
+  var future = router_extends({
+    v7_normalizeFormMethod: false,
+    v7_prependBasename: false
+  }, init.future);
+  // Cleanup function for history
+  var unlistenHistory = null;
+  // Externally-provided functions to call on all state changes
+  var subscribers = new Set();
+  // Externally-provided object to hold scroll restoration locations during routing
+  var savedScrollPositions = null;
+  // Externally-provided function to get scroll restoration keys
+  var getScrollRestorationKey = null;
+  // Externally-provided function to get current scroll position
+  var getScrollPosition = null;
+  // One-time flag to control the initial hydration scroll restoration.  Because
+  // we don't get the saved positions from <ScrollRestoration /> until _after_
+  // the initial render, we need to manually trigger a separate updateState to
+  // send along the restoreScrollPosition
+  // Set to true if we have `hydrationData` since we assume we were SSR'd and that
+  // SSR did the initial scroll restoration.
+  var initialScrollRestored = init.hydrationData != null;
+  var initialMatches = matchRoutes(dataRoutes, init.history.location, basename);
+  var initialErrors = null;
+  if (initialMatches == null) {
+    // If we do not match a user-provided-route, fall back to the root
+    // to allow the error boundary to take over
+    var error = getInternalRouterError(404, {
+      pathname: init.history.location.pathname
+    });
+    var _getShortCircuitMatch = getShortCircuitMatches(dataRoutes),
+      matches = _getShortCircuitMatch.matches,
+      route = _getShortCircuitMatch.route;
+    initialMatches = matches;
+    initialErrors = defineProperty_defineProperty({}, route.id, error);
+  }
+  var initialized =
+  // All initialMatches need to be loaded before we're ready.  If we have lazy
+  // functions around still then we'll need to run them in initialize()
+  !initialMatches.some(function (m) {
+    return m.route.lazy;
+  }) && (
+  // And we have to either have no loaders or have been provided hydrationData
+  !initialMatches.some(function (m) {
+    return m.route.loader;
+  }) || init.hydrationData != null);
+  var router;
+  var state = {
+    historyAction: init.history.action,
+    location: init.history.location,
+    matches: initialMatches,
+    initialized: initialized,
+    navigation: IDLE_NAVIGATION,
+    // Don't restore on initial updateState() if we were SSR'd
+    restoreScrollPosition: init.hydrationData != null ? false : null,
+    preventScrollReset: false,
+    revalidation: "idle",
+    loaderData: init.hydrationData && init.hydrationData.loaderData || {},
+    actionData: init.hydrationData && init.hydrationData.actionData || null,
+    errors: init.hydrationData && init.hydrationData.errors || initialErrors,
+    fetchers: new Map(),
+    blockers: new Map()
+  };
+  // -- Stateful internal variables to manage navigations --
+  // Current navigation in progress (to be committed in completeNavigation)
+  var pendingAction = Action.Pop;
+  // Should the current navigation prevent the scroll reset if scroll cannot
+  // be restored?
+  var pendingPreventScrollReset = false;
+  // AbortController for the active navigation
+  var pendingNavigationController;
+  // We use this to avoid touching history in completeNavigation if a
+  // revalidation is entirely uninterrupted
+  var isUninterruptedRevalidation = false;
+  // Use this internal flag to force revalidation of all loaders:
+  //  - submissions (completed or interrupted)
+  //  - useRevalidator()
+  //  - X-Remix-Revalidate (from redirect)
+  var isRevalidationRequired = false;
+  // Use this internal array to capture routes that require revalidation due
+  // to a cancelled deferred on action submission
+  var cancelledDeferredRoutes = [];
+  // Use this internal array to capture fetcher loads that were cancelled by an
+  // action navigation and require revalidation
+  var cancelledFetcherLoads = [];
+  // AbortControllers for any in-flight fetchers
+  var fetchControllers = new Map();
+  // Track loads based on the order in which they started
+  var incrementingLoadId = 0;
+  // Track the outstanding pending navigation data load to be compared against
+  // the globally incrementing load when a fetcher load lands after a completed
+  // navigation
+  var pendingNavigationLoadId = -1;
+  // Fetchers that triggered data reloads as a result of their actions
+  var fetchReloadIds = new Map();
+  // Fetchers that triggered redirect navigations
+  var fetchRedirectIds = new Set();
+  // Most recent href/match for fetcher.load calls for fetchers
+  var fetchLoadMatches = new Map();
+  // Store DeferredData instances for active route matches.  When a
+  // route loader returns defer() we stick one in here.  Then, when a nested
+  // promise resolves we update loaderData.  If a new navigation starts we
+  // cancel active deferreds for eliminated routes.
+  var activeDeferreds = new Map();
+  // Store blocker functions in a separate Map outside of router state since
+  // we don't need to update UI state if they change
+  var blockerFunctions = new Map();
+  // Flag to ignore the next history update, so we can revert the URL change on
+  // a POP navigation that was blocked by the user without touching router state
+  var ignoreNextHistoryUpdate = false;
+  // Initialize the router, all side effects should be kicked off from here.
+  // Implemented as a Fluent API for ease of:
+  //   let router = createRouter(init).initialize();
+  function initialize() {
+    // If history informs us of a POP navigation, start the navigation but do not update
+    // state.  We'll update our own state once the navigation completes
+    unlistenHistory = init.history.listen(function (_ref) {
+      var historyAction = _ref.action,
+        location = _ref.location,
+        delta = _ref.delta;
+      // Ignore this event if it was just us resetting the URL from a
+      // blocked POP navigation
+      if (ignoreNextHistoryUpdate) {
+        ignoreNextHistoryUpdate = false;
+        return;
+      }
+      warning(blockerFunctions.size === 0 || delta != null, "You are trying to use a blocker on a POP navigation to a location " + "that was not created by @remix-run/router. This will fail silently in " + "production. This can happen if you are navigating outside the router " + "via `window.history.pushState`/`window.location.hash` instead of using " + "router navigation APIs.  This can also happen if you are using " + "createHashRouter and the user manually changes the URL.");
+      var blockerKey = shouldBlockNavigation({
+        currentLocation: state.location,
+        nextLocation: location,
+        historyAction: historyAction
+      });
+      if (blockerKey && delta != null) {
+        // Restore the URL to match the current UI, but don't update router state
+        ignoreNextHistoryUpdate = true;
+        init.history.go(delta * -1);
+        // Put the blocker into a blocked state
+        updateBlocker(blockerKey, {
+          state: "blocked",
+          location: location,
+          proceed: function proceed() {
+            updateBlocker(blockerKey, {
+              state: "proceeding",
+              proceed: undefined,
+              reset: undefined,
+              location: location
+            });
+            // Re-do the same POP navigation we just blocked
+            init.history.go(delta);
+          },
+          reset: function reset() {
+            deleteBlocker(blockerKey);
+            updateState({
+              blockers: new Map(router.state.blockers)
+            });
+          }
+        });
+        return;
+      }
+      return startNavigation(historyAction, location);
+    });
+    // Kick off initial data load if needed.  Use Pop to avoid modifying history
+    // Note we don't do any handling of lazy here.  For SPA's it'll get handled
+    // in the normal navigation flow.  For SSR it's expected that lazy modules are
+    // resolved prior to router creation since we can't go into a fallbackElement
+    // UI for SSR'd apps
+    if (!state.initialized) {
+      startNavigation(Action.Pop, state.location);
+    }
+    return router;
+  }
+  // Clean up a router and it's side effects
+  function dispose() {
+    if (unlistenHistory) {
+      unlistenHistory();
+    }
+    subscribers.clear();
+    pendingNavigationController && pendingNavigationController.abort();
+    state.fetchers.forEach(function (_, key) {
+      return deleteFetcher(key);
+    });
+    state.blockers.forEach(function (_, key) {
+      return deleteBlocker(key);
+    });
+  }
+  // Subscribe to state updates for the router
+  function subscribe(fn) {
+    subscribers.add(fn);
+    return function () {
+      return subscribers.delete(fn);
+    };
+  }
+  // Update our state and notify the calling context of the change
+  function updateState(newState) {
+    state = router_extends({}, state, newState);
+    subscribers.forEach(function (subscriber) {
+      return subscriber(state);
+    });
+  }
+  // Complete a navigation returning the state.navigation back to the IDLE_NAVIGATION
+  // and setting state.[historyAction/location/matches] to the new route.
+  // - Location is a required param
+  // - Navigation will always be set to IDLE_NAVIGATION
+  // - Can pass any other state in newState
+  function completeNavigation(location, newState) {
+    var _location$state, _location$state2;
+    // Deduce if we're in a loading/actionReload state:
+    // - We have committed actionData in the store
+    // - The current navigation was a mutation submission
+    // - We're past the submitting state and into the loading state
+    // - The location being loaded is not the result of a redirect
+    var isActionReload = state.actionData != null && state.navigation.formMethod != null && isMutationMethod(state.navigation.formMethod) && state.navigation.state === "loading" && ((_location$state = location.state) == null ? void 0 : _location$state._isRedirect) !== true;
+    var actionData;
+    if (newState.actionData) {
+      if (Object.keys(newState.actionData).length > 0) {
+        actionData = newState.actionData;
+      } else {
+        // Empty actionData -> clear prior actionData due to an action error
+        actionData = null;
+      }
+    } else if (isActionReload) {
+      // Keep the current data if we're wrapping up the action reload
+      actionData = state.actionData;
+    } else {
+      // Clear actionData on any other completed navigations
+      actionData = null;
+    }
+    // Always preserve any existing loaderData from re-used routes
+    var loaderData = newState.loaderData ? mergeLoaderData(state.loaderData, newState.loaderData, newState.matches || [], newState.errors) : state.loaderData;
+    // On a successful navigation we can assume we got through all blockers
+    // so we can start fresh
+    var _iterator2 = createForOfIteratorHelper_createForOfIteratorHelper(blockerFunctions),
+      _step2;
+    try {
+      for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+        var _step2$value = slicedToArray_slicedToArray(_step2.value, 1),
+          key = _step2$value[0];
+        deleteBlocker(key);
+      }
+      // Always respect the user flag.  Otherwise don't reset on mutation
+      // submission navigations unless they redirect
+    } catch (err) {
+      _iterator2.e(err);
+    } finally {
+      _iterator2.f();
+    }
+    var preventScrollReset = pendingPreventScrollReset === true || state.navigation.formMethod != null && isMutationMethod(state.navigation.formMethod) && ((_location$state2 = location.state) == null ? void 0 : _location$state2._isRedirect) !== true;
+    if (inFlightDataRoutes) {
+      dataRoutes = inFlightDataRoutes;
+      inFlightDataRoutes = undefined;
+    }
+    updateState(router_extends({}, newState, {
+      actionData: actionData,
+      loaderData: loaderData,
+      historyAction: pendingAction,
+      location: location,
+      initialized: true,
+      navigation: IDLE_NAVIGATION,
+      revalidation: "idle",
+      restoreScrollPosition: getSavedScrollPosition(location, newState.matches || state.matches),
+      preventScrollReset: preventScrollReset,
+      blockers: new Map(state.blockers)
+    }));
+    if (isUninterruptedRevalidation) ;else if (pendingAction === Action.Pop) ;else if (pendingAction === Action.Push) {
+      init.history.push(location, location.state);
+    } else if (pendingAction === Action.Replace) {
+      init.history.replace(location, location.state);
+    }
+    // Reset stateful navigation vars
+    pendingAction = Action.Pop;
+    pendingPreventScrollReset = false;
+    isUninterruptedRevalidation = false;
+    isRevalidationRequired = false;
+    cancelledDeferredRoutes = [];
+    cancelledFetcherLoads = [];
+  }
+  // Trigger a navigation event, which can either be a numerical POP or a PUSH
+  // replace with an optional submission
+  function navigate(_x2, _x3) {
+    return _navigate.apply(this, arguments);
+  } // Revalidate all current loaders.  If a navigation is in progress or if this
+  // is interrupted by a navigation, allow this to "succeed" by calling all
+  // loaders during the next loader round
+  function _navigate() {
+    _navigate = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(to, opts) {
+      var normalizedPath, _normalizeNavigateOpt2, path, submission, error, currentLocation, nextLocation, userReplace, historyAction, preventScrollReset, blockerKey;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2) {
+        while (1) switch (_context2.prev = _context2.next) {
+          case 0:
+            if (!(typeof to === "number")) {
+              _context2.next = 3;
+              break;
+            }
+            init.history.go(to);
+            return _context2.abrupt("return");
+          case 3:
+            normalizedPath = normalizeTo(state.location, state.matches, basename, future.v7_prependBasename, to, opts == null ? void 0 : opts.fromRouteId, opts == null ? void 0 : opts.relative);
+            _normalizeNavigateOpt2 = normalizeNavigateOptions(future.v7_normalizeFormMethod, false, normalizedPath, opts), path = _normalizeNavigateOpt2.path, submission = _normalizeNavigateOpt2.submission, error = _normalizeNavigateOpt2.error;
+            currentLocation = state.location;
+            nextLocation = createLocation(state.location, path, opts && opts.state); // When using navigate as a PUSH/REPLACE we aren't reading an already-encoded
+            // URL from window.location, so we need to encode it here so the behavior
+            // remains the same as POP and non-data-router usages.  new URL() does all
+            // the same encoding we'd get from a history.pushState/window.location read
+            // without having to touch history
+            nextLocation = router_extends({}, nextLocation, init.history.encodeLocation(nextLocation));
+            userReplace = opts && opts.replace != null ? opts.replace : undefined;
+            historyAction = Action.Push;
+            if (userReplace === true) {
+              historyAction = Action.Replace;
+            } else if (userReplace === false) ;else if (submission != null && isMutationMethod(submission.formMethod) && submission.formAction === state.location.pathname + state.location.search) {
+              // By default on submissions to the current location we REPLACE so that
+              // users don't have to double-click the back button to get to the prior
+              // location.  If the user redirects to a different location from the
+              // action/loader this will be ignored and the redirect will be a PUSH
+              historyAction = Action.Replace;
+            }
+            preventScrollReset = opts && "preventScrollReset" in opts ? opts.preventScrollReset === true : undefined;
+            blockerKey = shouldBlockNavigation({
+              currentLocation: currentLocation,
+              nextLocation: nextLocation,
+              historyAction: historyAction
+            });
+            if (!blockerKey) {
+              _context2.next = 16;
+              break;
+            }
+            // Put the blocker into a blocked state
+            updateBlocker(blockerKey, {
+              state: "blocked",
+              location: nextLocation,
+              proceed: function proceed() {
+                updateBlocker(blockerKey, {
+                  state: "proceeding",
+                  proceed: undefined,
+                  reset: undefined,
+                  location: nextLocation
+                });
+                // Send the same navigation through
+                navigate(to, opts);
+              },
+              reset: function reset() {
+                deleteBlocker(blockerKey);
+                updateState({
+                  blockers: new Map(state.blockers)
+                });
+              }
+            });
+            return _context2.abrupt("return");
+          case 16:
+            _context2.next = 18;
+            return startNavigation(historyAction, nextLocation, {
+              submission: submission,
+              // Send through the formData serialization error if we have one so we can
+              // render at the right error boundary after we match routes
+              pendingError: error,
+              preventScrollReset: preventScrollReset,
+              replace: opts && opts.replace
+            });
+          case 18:
+            return _context2.abrupt("return", _context2.sent);
+          case 19:
+          case "end":
+            return _context2.stop();
+        }
+      }, _callee2);
+    }));
+    return _navigate.apply(this, arguments);
+  }
+  function revalidate() {
+    interruptActiveLoads();
+    updateState({
+      revalidation: "loading"
+    });
+    // If we're currently submitting an action, we don't need to start a new
+    // navigation, we'll just let the follow up loader execution call all loaders
+    if (state.navigation.state === "submitting") {
+      return;
+    }
+    // If we're currently in an idle state, start a new navigation for the current
+    // action/location and mark it as uninterrupted, which will skip the history
+    // update in completeNavigation
+    if (state.navigation.state === "idle") {
+      startNavigation(state.historyAction, state.location, {
+        startUninterruptedRevalidation: true
+      });
+      return;
+    }
+    // Otherwise, if we're currently in a loading state, just start a new
+    // navigation to the navigation.location but do not trigger an uninterrupted
+    // revalidation so that history correctly updates once the navigation completes
+    startNavigation(pendingAction || state.historyAction, state.navigation.location, {
+      overrideNavigation: state.navigation
+    });
+  }
+  // Start a navigation to the given action/location.  Can optionally provide a
+  // overrideNavigation which will override the normalLoad in the case of a redirect
+  // navigation
+  function startNavigation(_x4, _x5, _x6) {
+    return _startNavigation.apply(this, arguments);
+  } // Call the action matched by the leaf route for this navigation and handle
+  // redirects/errors
+  function _startNavigation() {
+    _startNavigation = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(historyAction, location, opts) {
+      var routesToUse, loadingNavigation, matches, _error, _getShortCircuitMatch2, notFoundMatches, _route, request, pendingActionData, pendingError, actionOutput, navigation, _yield$handleLoaders, shortCircuited, loaderData, errors;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3) {
+        while (1) switch (_context3.prev = _context3.next) {
+          case 0:
+            // Abort any in-progress navigations and start a new one. Unset any ongoing
+            // uninterrupted revalidations unless told otherwise, since we want this
+            // new navigation to update history normally
+            pendingNavigationController && pendingNavigationController.abort();
+            pendingNavigationController = null;
+            pendingAction = historyAction;
+            isUninterruptedRevalidation = (opts && opts.startUninterruptedRevalidation) === true;
+            // Save the current scroll position every time we start a new navigation,
+            // and track whether we should reset scroll on completion
+            saveScrollPosition(state.location, state.matches);
+            pendingPreventScrollReset = (opts && opts.preventScrollReset) === true;
+            routesToUse = inFlightDataRoutes || dataRoutes;
+            loadingNavigation = opts && opts.overrideNavigation;
+            matches = matchRoutes(routesToUse, location, basename); // Short circuit with a 404 on the root error boundary if we match nothing
+            if (matches) {
+              _context3.next = 15;
+              break;
+            }
+            _error = getInternalRouterError(404, {
+              pathname: location.pathname
+            });
+            _getShortCircuitMatch2 = getShortCircuitMatches(routesToUse), notFoundMatches = _getShortCircuitMatch2.matches, _route = _getShortCircuitMatch2.route; // Cancel all pending deferred on 404s since we don't keep any routes
+            cancelActiveDeferreds();
+            completeNavigation(location, {
+              matches: notFoundMatches,
+              loaderData: {},
+              errors: defineProperty_defineProperty({}, _route.id, _error)
+            });
+            return _context3.abrupt("return");
+          case 15:
+            if (!(state.initialized && !isRevalidationRequired && isHashChangeOnly(state.location, location) && !(opts && opts.submission && isMutationMethod(opts.submission.formMethod)))) {
+              _context3.next = 18;
+              break;
+            }
+            completeNavigation(location, {
+              matches: matches
+            });
+            return _context3.abrupt("return");
+          case 18:
+            // Create a controller/Request for this navigation
+            pendingNavigationController = new AbortController();
+            request = createClientSideRequest(init.history, location, pendingNavigationController.signal, opts && opts.submission);
+            if (!(opts && opts.pendingError)) {
+              _context3.next = 24;
+              break;
+            }
+            // If we have a pendingError, it means the user attempted a GET submission
+            // with binary FormData so assign here and skip to handleLoaders.  That
+            // way we handle calling loaders above the boundary etc.  It's not really
+            // different from an actionError in that sense.
+            pendingError = defineProperty_defineProperty({}, findNearestBoundary(matches).route.id, opts.pendingError);
+            _context3.next = 35;
+            break;
+          case 24:
+            if (!(opts && opts.submission && isMutationMethod(opts.submission.formMethod))) {
+              _context3.next = 35;
+              break;
+            }
+            _context3.next = 27;
+            return handleAction(request, location, opts.submission, matches, {
+              replace: opts.replace
+            });
+          case 27:
+            actionOutput = _context3.sent;
+            if (!actionOutput.shortCircuited) {
+              _context3.next = 30;
+              break;
+            }
+            return _context3.abrupt("return");
+          case 30:
+            pendingActionData = actionOutput.pendingActionData;
+            pendingError = actionOutput.pendingActionError;
+            navigation = router_extends({
+              state: "loading",
+              location: location
+            }, opts.submission);
+            loadingNavigation = navigation;
+            // Create a GET request for the loaders
+            request = new Request(request.url, {
+              signal: request.signal
+            });
+          case 35:
+            _context3.next = 37;
+            return handleLoaders(request, location, matches, loadingNavigation, opts && opts.submission, opts && opts.fetcherSubmission, opts && opts.replace, pendingActionData, pendingError);
+          case 37:
+            _yield$handleLoaders = _context3.sent;
+            shortCircuited = _yield$handleLoaders.shortCircuited;
+            loaderData = _yield$handleLoaders.loaderData;
+            errors = _yield$handleLoaders.errors;
+            if (!shortCircuited) {
+              _context3.next = 43;
+              break;
+            }
+            return _context3.abrupt("return");
+          case 43:
+            // Clean up now that the action/loaders have completed.  Don't clean up if
+            // we short circuited because pendingNavigationController will have already
+            // been assigned to a new controller for the next navigation
+            pendingNavigationController = null;
+            completeNavigation(location, router_extends({
+              matches: matches
+            }, pendingActionData ? {
+              actionData: pendingActionData
+            } : {}, {
+              loaderData: loaderData,
+              errors: errors
+            }));
+          case 45:
+          case "end":
+            return _context3.stop();
+        }
+      }, _callee3);
+    }));
+    return _startNavigation.apply(this, arguments);
+  }
+  function handleAction(_x7, _x8, _x9, _x10, _x11) {
+    return _handleAction.apply(this, arguments);
+  } // Call all applicable loaders for the given matches, handling redirects,
+  // errors, etc.
+  function _handleAction() {
+    _handleAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(request, location, submission, matches, opts) {
+      var navigation, result, actionMatch, replace, boundaryMatch;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4) {
+        while (1) switch (_context4.prev = _context4.next) {
+          case 0:
+            interruptActiveLoads();
+            // Put us in a submitting state
+            navigation = router_extends({
+              state: "submitting",
+              location: location
+            }, submission);
+            updateState({
+              navigation: navigation
+            });
+            // Call our action and get the result
+            actionMatch = getTargetMatch(matches, location);
+            if (!(!actionMatch.route.action && !actionMatch.route.lazy)) {
+              _context4.next = 8;
+              break;
+            }
+            result = {
+              type: ResultType.error,
+              error: getInternalRouterError(405, {
+                method: request.method,
+                pathname: location.pathname,
+                routeId: actionMatch.route.id
+              })
+            };
+            _context4.next = 13;
+            break;
+          case 8:
+            _context4.next = 10;
+            return callLoaderOrAction("action", request, actionMatch, matches, manifest, mapRouteProperties, basename);
+          case 10:
+            result = _context4.sent;
+            if (!request.signal.aborted) {
+              _context4.next = 13;
+              break;
+            }
+            return _context4.abrupt("return", {
+              shortCircuited: true
+            });
+          case 13:
+            if (!isRedirectResult(result)) {
+              _context4.next = 18;
+              break;
+            }
+            if (opts && opts.replace != null) {
+              replace = opts.replace;
+            } else {
+              // If the user didn't explicity indicate replace behavior, replace if
+              // we redirected to the exact same location we're currently at to avoid
+              // double back-buttons
+              replace = result.location === state.location.pathname + state.location.search;
+            }
+            _context4.next = 17;
+            return startRedirectNavigation(state, result, {
+              submission: submission,
+              replace: replace
+            });
+          case 17:
+            return _context4.abrupt("return", {
+              shortCircuited: true
+            });
+          case 18:
+            if (!isErrorResult(result)) {
+              _context4.next = 22;
+              break;
+            }
+            // Store off the pending error - we use it to determine which loaders
+            // to call and will commit it when we complete the navigation
+            boundaryMatch = findNearestBoundary(matches, actionMatch.route.id); // By default, all submissions are REPLACE navigations, but if the
+            // action threw an error that'll be rendered in an errorElement, we fall
+            // back to PUSH so that the user can use the back button to get back to
+            // the pre-submission form location to try again
+            if ((opts && opts.replace) !== true) {
+              pendingAction = Action.Push;
+            }
+            return _context4.abrupt("return", {
+              // Send back an empty object we can use to clear out any prior actionData
+              pendingActionData: {},
+              pendingActionError: defineProperty_defineProperty({}, boundaryMatch.route.id, result.error)
+            });
+          case 22:
+            if (!isDeferredResult(result)) {
+              _context4.next = 24;
+              break;
+            }
+            throw getInternalRouterError(400, {
+              type: "defer-action"
+            });
+          case 24:
+            return _context4.abrupt("return", {
+              pendingActionData: defineProperty_defineProperty({}, actionMatch.route.id, result.data)
+            });
+          case 25:
+          case "end":
+            return _context4.stop();
+        }
+      }, _callee4);
+    }));
+    return _handleAction.apply(this, arguments);
+  }
+  function handleLoaders(_x12, _x13, _x14, _x15, _x16, _x17, _x18, _x19, _x20) {
+    return _handleLoaders.apply(this, arguments);
+  }
+  function _handleLoaders() {
+    _handleLoaders = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(request, location, matches, overrideNavigation, submission, fetcherSubmission, replace, pendingActionData, pendingError) {
+      var loadingNavigation, navigation, activeSubmission, routesToUse, _getMatchesToLoad, _getMatchesToLoad2, matchesToLoad, revalidatingFetchers, _updatedFetchers, actionData, abortPendingFetchRevalidations, _yield$callLoadersAnd, results, loaderResults, fetcherResults, redirect, _processLoaderData, loaderData, errors, updatedFetchers, didAbortFetchLoads, shouldUpdateFetchers;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5) {
+        while (1) switch (_context5.prev = _context5.next) {
+          case 0:
+            // Figure out the right navigation we want to use for data loading
+            loadingNavigation = overrideNavigation;
+            if (!loadingNavigation) {
+              navigation = router_extends({
+                state: "loading",
+                location: location,
+                formMethod: undefined,
+                formAction: undefined,
+                formEncType: undefined,
+                formData: undefined
+              }, submission);
+              loadingNavigation = navigation;
+            }
+            // If this was a redirect from an action we don't have a "submission" but
+            // we have it on the loading navigation so use that if available
+            activeSubmission = submission || fetcherSubmission ? submission || fetcherSubmission : loadingNavigation.formMethod && loadingNavigation.formAction && loadingNavigation.formData && loadingNavigation.formEncType ? {
+              formMethod: loadingNavigation.formMethod,
+              formAction: loadingNavigation.formAction,
+              formData: loadingNavigation.formData,
+              formEncType: loadingNavigation.formEncType
+            } : undefined;
+            routesToUse = inFlightDataRoutes || dataRoutes;
+            _getMatchesToLoad = getMatchesToLoad(init.history, state, matches, activeSubmission, location, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, pendingActionData, pendingError), _getMatchesToLoad2 = slicedToArray_slicedToArray(_getMatchesToLoad, 2), matchesToLoad = _getMatchesToLoad2[0], revalidatingFetchers = _getMatchesToLoad2[1]; // Cancel pending deferreds for no-longer-matched routes or routes we're
+            // about to reload.  Note that if this is an action reload we would have
+            // already cancelled all pending deferreds so this would be a no-op
+            cancelActiveDeferreds(function (routeId) {
+              return !(matches && matches.some(function (m) {
+                return m.route.id === routeId;
+              })) || matchesToLoad && matchesToLoad.some(function (m) {
+                return m.route.id === routeId;
+              });
+            });
+            // Short circuit if we have no loaders to run
+            if (!(matchesToLoad.length === 0 && revalidatingFetchers.length === 0)) {
+              _context5.next = 10;
+              break;
+            }
+            _updatedFetchers = markFetchRedirectsDone();
+            completeNavigation(location, router_extends({
+              matches: matches,
+              loaderData: {},
+              // Commit pending error if we're short circuiting
+              errors: pendingError || null
+            }, pendingActionData ? {
+              actionData: pendingActionData
+            } : {}, _updatedFetchers ? {
+              fetchers: new Map(state.fetchers)
+            } : {}));
+            return _context5.abrupt("return", {
+              shortCircuited: true
+            });
+          case 10:
+            // If this is an uninterrupted revalidation, we remain in our current idle
+            // state.  If not, we need to switch to our loading state and load data,
+            // preserving any new action data or existing action data (in the case of
+            // a revalidation interrupting an actionReload)
+            if (!isUninterruptedRevalidation) {
+              revalidatingFetchers.forEach(function (rf) {
+                var fetcher = state.fetchers.get(rf.key);
+                var revalidatingFetcher = {
+                  state: "loading",
+                  data: fetcher && fetcher.data,
+                  formMethod: undefined,
+                  formAction: undefined,
+                  formEncType: undefined,
+                  formData: undefined,
+                  " _hasFetcherDoneAnything ": true
+                };
+                state.fetchers.set(rf.key, revalidatingFetcher);
+              });
+              actionData = pendingActionData || state.actionData;
+              updateState(router_extends({
+                navigation: loadingNavigation
+              }, actionData ? Object.keys(actionData).length === 0 ? {
+                actionData: null
+              } : {
+                actionData: actionData
+              } : {}, revalidatingFetchers.length > 0 ? {
+                fetchers: new Map(state.fetchers)
+              } : {}));
+            }
+            pendingNavigationLoadId = ++incrementingLoadId;
+            revalidatingFetchers.forEach(function (rf) {
+              if (rf.controller) {
+                // Fetchers use an independent AbortController so that aborting a fetcher
+                // (via deleteFetcher) does not abort the triggering navigation that
+                // triggered the revalidation
+                fetchControllers.set(rf.key, rf.controller);
+              }
+            });
+            // Proxy navigation abort through to revalidation fetchers
+            abortPendingFetchRevalidations = function abortPendingFetchRevalidations() {
+              return revalidatingFetchers.forEach(function (f) {
+                return abortFetcher(f.key);
+              });
+            };
+            if (pendingNavigationController) {
+              pendingNavigationController.signal.addEventListener("abort", abortPendingFetchRevalidations);
+            }
+            _context5.next = 17;
+            return callLoadersAndMaybeResolveData(state.matches, matches, matchesToLoad, revalidatingFetchers, request);
+          case 17:
+            _yield$callLoadersAnd = _context5.sent;
+            results = _yield$callLoadersAnd.results;
+            loaderResults = _yield$callLoadersAnd.loaderResults;
+            fetcherResults = _yield$callLoadersAnd.fetcherResults;
+            if (!request.signal.aborted) {
+              _context5.next = 23;
+              break;
+            }
+            return _context5.abrupt("return", {
+              shortCircuited: true
+            });
+          case 23:
+            // Clean up _after_ loaders have completed.  Don't clean up if we short
+            // circuited because fetchControllers would have been aborted and
+            // reassigned to new controllers for the next navigation
+            if (pendingNavigationController) {
+              pendingNavigationController.signal.removeEventListener("abort", abortPendingFetchRevalidations);
+            }
+            revalidatingFetchers.forEach(function (rf) {
+              return fetchControllers.delete(rf.key);
+            });
+            // If any loaders returned a redirect Response, start a new REPLACE navigation
+            redirect = findRedirect(results);
+            if (!redirect) {
+              _context5.next = 30;
+              break;
+            }
+            _context5.next = 29;
+            return startRedirectNavigation(state, redirect, {
+              replace: replace
+            });
+          case 29:
+            return _context5.abrupt("return", {
+              shortCircuited: true
+            });
+          case 30:
+            // Process and commit output from loaders
+            _processLoaderData = processLoaderData(state, matches, matchesToLoad, loaderResults, pendingError, revalidatingFetchers, fetcherResults, activeDeferreds), loaderData = _processLoaderData.loaderData, errors = _processLoaderData.errors; // Wire up subscribers to update loaderData as promises settle
+            activeDeferreds.forEach(function (deferredData, routeId) {
+              deferredData.subscribe(function (aborted) {
+                // Note: No need to updateState here since the TrackedPromise on
+                // loaderData is stable across resolve/reject
+                // Remove this instance if we were aborted or if promises have settled
+                if (aborted || deferredData.done) {
+                  activeDeferreds.delete(routeId);
+                }
+              });
+            });
+            updatedFetchers = markFetchRedirectsDone();
+            didAbortFetchLoads = abortStaleFetchLoads(pendingNavigationLoadId);
+            shouldUpdateFetchers = updatedFetchers || didAbortFetchLoads || revalidatingFetchers.length > 0;
+            return _context5.abrupt("return", router_extends({
+              loaderData: loaderData,
+              errors: errors
+            }, shouldUpdateFetchers ? {
+              fetchers: new Map(state.fetchers)
+            } : {}));
+          case 36:
+          case "end":
+            return _context5.stop();
+        }
+      }, _callee5);
+    }));
+    return _handleLoaders.apply(this, arguments);
+  }
+  function getFetcher(key) {
+    return state.fetchers.get(key) || IDLE_FETCHER;
+  }
+  // Trigger a fetcher load/submit for the given fetcher key
+  function fetch(key, routeId, href, opts) {
+    if (isServer) {
+      throw new Error("router.fetch() was called during the server render, but it shouldn't be. " + "You are likely calling a useFetcher() method in the body of your component. " + "Try moving it to a useEffect or a callback.");
+    }
+    if (fetchControllers.has(key)) abortFetcher(key);
+    var routesToUse = inFlightDataRoutes || dataRoutes;
+    var normalizedPath = normalizeTo(state.location, state.matches, basename, future.v7_prependBasename, href, routeId, opts == null ? void 0 : opts.relative);
+    var matches = matchRoutes(routesToUse, normalizedPath, basename);
+    if (!matches) {
+      setFetcherError(key, routeId, getInternalRouterError(404, {
+        pathname: normalizedPath
+      }));
+      return;
+    }
+    var _normalizeNavigateOpt = normalizeNavigateOptions(future.v7_normalizeFormMethod, true, normalizedPath, opts),
+      path = _normalizeNavigateOpt.path,
+      submission = _normalizeNavigateOpt.submission;
+    var match = getTargetMatch(matches, path);
+    pendingPreventScrollReset = (opts && opts.preventScrollReset) === true;
+    if (submission && isMutationMethod(submission.formMethod)) {
+      handleFetcherAction(key, routeId, path, match, matches, submission);
+      return;
+    }
+    // Store off the match so we can call it's shouldRevalidate on subsequent
+    // revalidations
+    fetchLoadMatches.set(key, {
+      routeId: routeId,
+      path: path
+    });
+    handleFetcherLoader(key, routeId, path, match, matches, submission);
+  }
+  // Call the action for the matched fetcher.submit(), and then handle redirects,
+  // errors, and revalidation
+  function handleFetcherAction(_x21, _x22, _x23, _x24, _x25, _x26) {
+    return _handleFetcherAction.apply(this, arguments);
+  } // Call the matched loader for fetcher.load(), handling redirects, errors, etc.
+  function _handleFetcherAction() {
+    _handleFetcherAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(key, routeId, path, match, requestMatches, submission) {
+      var _error2, existingFetcher, fetcher, abortController, fetchRequest, actionResult, loadingFetcher, nextLocation, revalidationRequest, routesToUse, matches, loadId, loadFetcher, _getMatchesToLoad3, _getMatchesToLoad4, matchesToLoad, revalidatingFetchers, abortPendingFetchRevalidations, _yield$callLoadersAnd2, results, loaderResults, fetcherResults, redirect, _processLoaderData2, loaderData, errors, doneFetcher, didAbortFetchLoads;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6) {
+        while (1) switch (_context6.prev = _context6.next) {
+          case 0:
+            interruptActiveLoads();
+            fetchLoadMatches.delete(key);
+            if (!(!match.route.action && !match.route.lazy)) {
+              _context6.next = 6;
+              break;
+            }
+            _error2 = getInternalRouterError(405, {
+              method: submission.formMethod,
+              pathname: path,
+              routeId: routeId
+            });
+            setFetcherError(key, routeId, _error2);
+            return _context6.abrupt("return");
+          case 6:
+            // Put this fetcher into it's submitting state
+            existingFetcher = state.fetchers.get(key);
+            fetcher = router_extends({
+              state: "submitting"
+            }, submission, {
+              data: existingFetcher && existingFetcher.data,
+              " _hasFetcherDoneAnything ": true
+            });
+            state.fetchers.set(key, fetcher);
+            updateState({
+              fetchers: new Map(state.fetchers)
+            });
+            // Call the action for the fetcher
+            abortController = new AbortController();
+            fetchRequest = createClientSideRequest(init.history, path, abortController.signal, submission);
+            fetchControllers.set(key, abortController);
+            _context6.next = 15;
+            return callLoaderOrAction("action", fetchRequest, match, requestMatches, manifest, mapRouteProperties, basename);
+          case 15:
+            actionResult = _context6.sent;
+            if (!fetchRequest.signal.aborted) {
+              _context6.next = 19;
+              break;
+            }
+            // We can delete this so long as we weren't aborted by ou our own fetcher
+            // re-submit which would have put _new_ controller is in fetchControllers
+            if (fetchControllers.get(key) === abortController) {
+              fetchControllers.delete(key);
+            }
+            return _context6.abrupt("return");
+          case 19:
+            if (!isRedirectResult(actionResult)) {
+              _context6.next = 26;
+              break;
+            }
+            fetchControllers.delete(key);
+            fetchRedirectIds.add(key);
+            loadingFetcher = router_extends({
+              state: "loading"
+            }, submission, {
+              data: undefined,
+              " _hasFetcherDoneAnything ": true
+            });
+            state.fetchers.set(key, loadingFetcher);
+            updateState({
+              fetchers: new Map(state.fetchers)
+            });
+            return _context6.abrupt("return", startRedirectNavigation(state, actionResult, {
+              submission: submission,
+              isFetchActionRedirect: true
+            }));
+          case 26:
+            if (!isErrorResult(actionResult)) {
+              _context6.next = 29;
+              break;
+            }
+            setFetcherError(key, routeId, actionResult.error);
+            return _context6.abrupt("return");
+          case 29:
+            if (!isDeferredResult(actionResult)) {
+              _context6.next = 31;
+              break;
+            }
+            throw getInternalRouterError(400, {
+              type: "defer-action"
+            });
+          case 31:
+            // Start the data load for current matches, or the next location if we're
+            // in the middle of a navigation
+            nextLocation = state.navigation.location || state.location;
+            revalidationRequest = createClientSideRequest(init.history, nextLocation, abortController.signal);
+            routesToUse = inFlightDataRoutes || dataRoutes;
+            matches = state.navigation.state !== "idle" ? matchRoutes(routesToUse, state.navigation.location, basename) : state.matches;
+            invariant(matches, "Didn't find any matches after fetcher action");
+            loadId = ++incrementingLoadId;
+            fetchReloadIds.set(key, loadId);
+            loadFetcher = router_extends({
+              state: "loading",
+              data: actionResult.data
+            }, submission, {
+              " _hasFetcherDoneAnything ": true
+            });
+            state.fetchers.set(key, loadFetcher);
+            _getMatchesToLoad3 = getMatchesToLoad(init.history, state, matches, submission, nextLocation, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, defineProperty_defineProperty({}, match.route.id, actionResult.data), undefined // No need to send through errors since we short circuit above
+            ), _getMatchesToLoad4 = slicedToArray_slicedToArray(_getMatchesToLoad3, 2), matchesToLoad = _getMatchesToLoad4[0], revalidatingFetchers = _getMatchesToLoad4[1]; // Put all revalidating fetchers into the loading state, except for the
+            // current fetcher which we want to keep in it's current loading state which
+            // contains it's action submission info + action data
+            revalidatingFetchers.filter(function (rf) {
+              return rf.key !== key;
+            }).forEach(function (rf) {
+              var staleKey = rf.key;
+              var existingFetcher = state.fetchers.get(staleKey);
+              var revalidatingFetcher = {
+                state: "loading",
+                data: existingFetcher && existingFetcher.data,
+                formMethod: undefined,
+                formAction: undefined,
+                formEncType: undefined,
+                formData: undefined,
+                " _hasFetcherDoneAnything ": true
+              };
+              state.fetchers.set(staleKey, revalidatingFetcher);
+              if (rf.controller) {
+                fetchControllers.set(staleKey, rf.controller);
+              }
+            });
+            updateState({
+              fetchers: new Map(state.fetchers)
+            });
+            abortPendingFetchRevalidations = function abortPendingFetchRevalidations() {
+              return revalidatingFetchers.forEach(function (rf) {
+                return abortFetcher(rf.key);
+              });
+            };
+            abortController.signal.addEventListener("abort", abortPendingFetchRevalidations);
+            _context6.next = 47;
+            return callLoadersAndMaybeResolveData(state.matches, matches, matchesToLoad, revalidatingFetchers, revalidationRequest);
+          case 47:
+            _yield$callLoadersAnd2 = _context6.sent;
+            results = _yield$callLoadersAnd2.results;
+            loaderResults = _yield$callLoadersAnd2.loaderResults;
+            fetcherResults = _yield$callLoadersAnd2.fetcherResults;
+            if (!abortController.signal.aborted) {
+              _context6.next = 53;
+              break;
+            }
+            return _context6.abrupt("return");
+          case 53:
+            abortController.signal.removeEventListener("abort", abortPendingFetchRevalidations);
+            fetchReloadIds.delete(key);
+            fetchControllers.delete(key);
+            revalidatingFetchers.forEach(function (r) {
+              return fetchControllers.delete(r.key);
+            });
+            redirect = findRedirect(results);
+            if (!redirect) {
+              _context6.next = 60;
+              break;
+            }
+            return _context6.abrupt("return", startRedirectNavigation(state, redirect));
+          case 60:
+            // Process and commit output from loaders
+            _processLoaderData2 = processLoaderData(state, state.matches, matchesToLoad, loaderResults, undefined, revalidatingFetchers, fetcherResults, activeDeferreds), loaderData = _processLoaderData2.loaderData, errors = _processLoaderData2.errors; // Since we let revalidations complete even if the submitting fetcher was
+            // deleted, only put it back to idle if it hasn't been deleted
+            if (state.fetchers.has(key)) {
+              doneFetcher = {
+                state: "idle",
+                data: actionResult.data,
+                formMethod: undefined,
+                formAction: undefined,
+                formEncType: undefined,
+                formData: undefined,
+                " _hasFetcherDoneAnything ": true
+              };
+              state.fetchers.set(key, doneFetcher);
+            }
+            didAbortFetchLoads = abortStaleFetchLoads(loadId); // If we are currently in a navigation loading state and this fetcher is
+            // more recent than the navigation, we want the newer data so abort the
+            // navigation and complete it with the fetcher data
+            if (state.navigation.state === "loading" && loadId > pendingNavigationLoadId) {
+              invariant(pendingAction, "Expected pending action");
+              pendingNavigationController && pendingNavigationController.abort();
+              completeNavigation(state.navigation.location, {
+                matches: matches,
+                loaderData: loaderData,
+                errors: errors,
+                fetchers: new Map(state.fetchers)
+              });
+            } else {
+              // otherwise just update with the fetcher data, preserving any existing
+              // loaderData for loaders that did not need to reload.  We have to
+              // manually merge here since we aren't going through completeNavigation
+              updateState(router_extends({
+                errors: errors,
+                loaderData: mergeLoaderData(state.loaderData, loaderData, matches, errors)
+              }, didAbortFetchLoads || revalidatingFetchers.length > 0 ? {
+                fetchers: new Map(state.fetchers)
+              } : {}));
+              isRevalidationRequired = false;
+            }
+          case 64:
+          case "end":
+            return _context6.stop();
+        }
+      }, _callee6);
+    }));
+    return _handleFetcherAction.apply(this, arguments);
+  }
+  function handleFetcherLoader(_x27, _x28, _x29, _x30, _x31, _x32) {
+    return _handleFetcherLoader.apply(this, arguments);
+  }
+  /**
+   * Utility function to handle redirects returned from an action or loader.
+   * Normally, a redirect "replaces" the navigation that triggered it.  So, for
+   * example:
+   *
+   *  - user is on /a
+   *  - user clicks a link to /b
+   *  - loader for /b redirects to /c
+   *
+   * In a non-JS app the browser would track the in-flight navigation to /b and
+   * then replace it with /c when it encountered the redirect response.  In
+   * the end it would only ever update the URL bar with /c.
+   *
+   * In client-side routing using pushState/replaceState, we aim to emulate
+   * this behavior and we also do not update history until the end of the
+   * navigation (including processed redirects).  This means that we never
+   * actually touch history until we've processed redirects, so we just use
+   * the history action from the original navigation (PUSH or REPLACE).
+   */
+  function _handleFetcherLoader() {
+    _handleFetcherLoader = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(key, routeId, path, match, matches, submission) {
+      var existingFetcher, loadingFetcher, abortController, fetchRequest, result, boundaryMatch, doneFetcher;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7) {
+        while (1) switch (_context7.prev = _context7.next) {
+          case 0:
+            existingFetcher = state.fetchers.get(key); // Put this fetcher into it's loading state
+            loadingFetcher = router_extends({
+              state: "loading",
+              formMethod: undefined,
+              formAction: undefined,
+              formEncType: undefined,
+              formData: undefined
+            }, submission, {
+              data: existingFetcher && existingFetcher.data,
+              " _hasFetcherDoneAnything ": true
+            });
+            state.fetchers.set(key, loadingFetcher);
+            updateState({
+              fetchers: new Map(state.fetchers)
+            });
+            // Call the loader for this fetcher route match
+            abortController = new AbortController();
+            fetchRequest = createClientSideRequest(init.history, path, abortController.signal);
+            fetchControllers.set(key, abortController);
+            _context7.next = 9;
+            return callLoaderOrAction("loader", fetchRequest, match, matches, manifest, mapRouteProperties, basename);
+          case 9:
+            result = _context7.sent;
+            if (!isDeferredResult(result)) {
+              _context7.next = 17;
+              break;
+            }
+            _context7.next = 13;
+            return resolveDeferredData(result, fetchRequest.signal, true);
+          case 13:
+            _context7.t0 = _context7.sent;
+            if (_context7.t0) {
+              _context7.next = 16;
+              break;
+            }
+            _context7.t0 = result;
+          case 16:
+            result = _context7.t0;
+          case 17:
+            // We can delete this so long as we weren't aborted by our our own fetcher
+            // re-load which would have put _new_ controller is in fetchControllers
+            if (fetchControllers.get(key) === abortController) {
+              fetchControllers.delete(key);
+            }
+            if (!fetchRequest.signal.aborted) {
+              _context7.next = 20;
+              break;
+            }
+            return _context7.abrupt("return");
+          case 20:
+            if (!isRedirectResult(result)) {
+              _context7.next = 25;
+              break;
+            }
+            fetchRedirectIds.add(key);
+            _context7.next = 24;
+            return startRedirectNavigation(state, result);
+          case 24:
+            return _context7.abrupt("return");
+          case 25:
+            if (!isErrorResult(result)) {
+              _context7.next = 30;
+              break;
+            }
+            boundaryMatch = findNearestBoundary(state.matches, routeId);
+            state.fetchers.delete(key);
+            // TODO: In remix, this would reset to IDLE_NAVIGATION if it was a catch -
+            // do we need to behave any differently with our non-redirect errors?
+            // What if it was a non-redirect Response?
+            updateState({
+              fetchers: new Map(state.fetchers),
+              errors: defineProperty_defineProperty({}, boundaryMatch.route.id, result.error)
+            });
+            return _context7.abrupt("return");
+          case 30:
+            invariant(!isDeferredResult(result), "Unhandled fetcher deferred data");
+            // Put the fetcher back into an idle state
+            doneFetcher = {
+              state: "idle",
+              data: result.data,
+              formMethod: undefined,
+              formAction: undefined,
+              formEncType: undefined,
+              formData: undefined,
+              " _hasFetcherDoneAnything ": true
+            };
+            state.fetchers.set(key, doneFetcher);
+            updateState({
+              fetchers: new Map(state.fetchers)
+            });
+          case 34:
+          case "end":
+            return _context7.stop();
+        }
+      }, _callee7);
+    }));
+    return _handleFetcherLoader.apply(this, arguments);
+  }
+  function startRedirectNavigation(_x33, _x34, _x35) {
+    return _startRedirectNavigation.apply(this, arguments);
+  }
+  function _startRedirectNavigation() {
+    _startRedirectNavigation = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(state, redirect, _temp) {
+      var _ref6, submission, replace, isFetchActionRedirect, redirectLocation, url, isDifferentBasename, redirectHistoryAction, _state$navigation, formMethod, formAction, formEncType, formData;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8) {
+        while (1) switch (_context8.prev = _context8.next) {
+          case 0:
+            _ref6 = _temp === void 0 ? {} : _temp, submission = _ref6.submission, replace = _ref6.replace, isFetchActionRedirect = _ref6.isFetchActionRedirect;
+            if (redirect.revalidate) {
+              isRevalidationRequired = true;
+            }
+            redirectLocation = createLocation(state.location, redirect.location,
+            // TODO: This can be removed once we get rid of useTransition in Remix v2
+            router_extends({
+              _isRedirect: true
+            }, isFetchActionRedirect ? {
+              _isFetchActionRedirect: true
+            } : {}));
+            invariant(redirectLocation, "Expected a location on the redirect navigation");
+            // Check if this an absolute external redirect that goes to a new origin
+            if (!(ABSOLUTE_URL_REGEX.test(redirect.location) && isBrowser)) {
+              _context8.next = 10;
+              break;
+            }
+            url = init.history.createURL(redirect.location);
+            isDifferentBasename = router_stripBasename(url.pathname, basename) == null;
+            if (!(routerWindow.location.origin !== url.origin || isDifferentBasename)) {
+              _context8.next = 10;
+              break;
+            }
+            if (replace) {
+              routerWindow.location.replace(redirect.location);
+            } else {
+              routerWindow.location.assign(redirect.location);
+            }
+            return _context8.abrupt("return");
+          case 10:
+            // There's no need to abort on redirects, since we don't detect the
+            // redirect until the action/loaders have settled
+            pendingNavigationController = null;
+            redirectHistoryAction = replace === true ? Action.Replace : Action.Push; // Use the incoming submission if provided, fallback on the active one in
+            // state.navigation
+            _state$navigation = state.navigation, formMethod = _state$navigation.formMethod, formAction = _state$navigation.formAction, formEncType = _state$navigation.formEncType, formData = _state$navigation.formData;
+            if (!submission && formMethod && formAction && formData && formEncType) {
+              submission = {
+                formMethod: formMethod,
+                formAction: formAction,
+                formEncType: formEncType,
+                formData: formData
+              };
+            }
+            // If this was a 307/308 submission we want to preserve the HTTP method and
+            // re-submit the GET/POST/PUT/PATCH/DELETE as a submission navigation to the
+            // redirected location
+            if (!(redirectPreserveMethodStatusCodes.has(redirect.status) && submission && isMutationMethod(submission.formMethod))) {
+              _context8.next = 19;
+              break;
+            }
+            _context8.next = 17;
+            return startNavigation(redirectHistoryAction, redirectLocation, {
+              submission: router_extends({}, submission, {
+                formAction: redirect.location
+              }),
+              // Preserve this flag across redirects
+              preventScrollReset: pendingPreventScrollReset
+            });
+          case 17:
+            _context8.next = 26;
+            break;
+          case 19:
+            if (!isFetchActionRedirect) {
+              _context8.next = 24;
+              break;
+            }
+            _context8.next = 22;
+            return startNavigation(redirectHistoryAction, redirectLocation, {
+              overrideNavigation: {
+                state: "loading",
+                location: redirectLocation,
+                formMethod: undefined,
+                formAction: undefined,
+                formEncType: undefined,
+                formData: undefined
+              },
+              fetcherSubmission: submission,
+              // Preserve this flag across redirects
+              preventScrollReset: pendingPreventScrollReset
+            });
+          case 22:
+            _context8.next = 26;
+            break;
+          case 24:
+            _context8.next = 26;
+            return startNavigation(redirectHistoryAction, redirectLocation, {
+              overrideNavigation: {
+                state: "loading",
+                location: redirectLocation,
+                formMethod: submission ? submission.formMethod : undefined,
+                formAction: submission ? submission.formAction : undefined,
+                formEncType: submission ? submission.formEncType : undefined,
+                formData: submission ? submission.formData : undefined
+              },
+              // Preserve this flag across redirects
+              preventScrollReset: pendingPreventScrollReset
+            });
+          case 26:
+          case "end":
+            return _context8.stop();
+        }
+      }, _callee8);
+    }));
+    return _startRedirectNavigation.apply(this, arguments);
+  }
+  function callLoadersAndMaybeResolveData(_x36, _x37, _x38, _x39, _x40) {
+    return _callLoadersAndMaybeResolveData.apply(this, arguments);
+  }
+  function _callLoadersAndMaybeResolveData() {
+    _callLoadersAndMaybeResolveData = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(currentMatches, matches, matchesToLoad, fetchersToLoad, request) {
+      var results, loaderResults, fetcherResults;
+      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9) {
+        while (1) switch (_context9.prev = _context9.next) {
+          case 0:
+            _context9.next = 2;
+            return Promise.all([].concat(toConsumableArray_toConsumableArray(matchesToLoad.map(function (match) {
+              return callLoaderOrAction("loader", request, match, matches, manifest, mapRouteProperties, basename);
+            })), toConsumableArray_toConsumableArray(fetchersToLoad.map(function (f) {
+              if (f.matches && f.match && f.controller) {
+                return callLoaderOrAction("loader", createClientSideRequest(init.history, f.path, f.controller.signal), f.match, f.matches, manifest, mapRouteProperties, basename);
+              } else {
+                var _error3 = {
+                  type: ResultType.error,
+                  error: getInternalRouterError(404, {
+                    pathname: f.path
+                  })
+                };
+                return _error3;
+              }
+            }))));
+          case 2:
+            results = _context9.sent;
+            loaderResults = results.slice(0, matchesToLoad.length);
+            fetcherResults = results.slice(matchesToLoad.length);
+            _context9.next = 7;
+            return Promise.all([resolveDeferredResults(currentMatches, matchesToLoad, loaderResults, loaderResults.map(function () {
+              return request.signal;
+            }), false, state.loaderData), resolveDeferredResults(currentMatches, fetchersToLoad.map(function (f) {
+              return f.match;
+            }), fetcherResults, fetchersToLoad.map(function (f) {
+              return f.controller ? f.controller.signal : null;
+            }), true)]);
+          case 7:
+            return _context9.abrupt("return", {
+              results: results,
+              loaderResults: loaderResults,
+              fetcherResults: fetcherResults
+            });
+          case 8:
+          case "end":
+            return _context9.stop();
+        }
+      }, _callee9);
+    }));
+    return _callLoadersAndMaybeResolveData.apply(this, arguments);
+  }
+  function interruptActiveLoads() {
+    var _cancelledDeferredRou;
+    // Every interruption triggers a revalidation
+    isRevalidationRequired = true;
+    // Cancel pending route-level deferreds and mark cancelled routes for
+    // revalidation
+    (_cancelledDeferredRou = cancelledDeferredRoutes).push.apply(_cancelledDeferredRou, toConsumableArray_toConsumableArray(cancelActiveDeferreds()));
+    // Abort in-flight fetcher loads
+    fetchLoadMatches.forEach(function (_, key) {
+      if (fetchControllers.has(key)) {
+        cancelledFetcherLoads.push(key);
+        abortFetcher(key);
+      }
+    });
+  }
+  function setFetcherError(key, routeId, error) {
+    var boundaryMatch = findNearestBoundary(state.matches, routeId);
+    deleteFetcher(key);
+    updateState({
+      errors: defineProperty_defineProperty({}, boundaryMatch.route.id, error),
+      fetchers: new Map(state.fetchers)
+    });
+  }
+  function deleteFetcher(key) {
+    var fetcher = state.fetchers.get(key);
+    // Don't abort the controller if this is a deletion of a fetcher.submit()
+    // in it's loading phase since - we don't want to abort the corresponding
+    // revalidation and want them to complete and land
+    if (fetchControllers.has(key) && !(fetcher && fetcher.state === "loading" && fetchReloadIds.has(key))) {
+      abortFetcher(key);
+    }
+    fetchLoadMatches.delete(key);
+    fetchReloadIds.delete(key);
+    fetchRedirectIds.delete(key);
+    state.fetchers.delete(key);
+  }
+  function abortFetcher(key) {
+    var controller = fetchControllers.get(key);
+    invariant(controller, "Expected fetch controller: " + key);
+    controller.abort();
+    fetchControllers.delete(key);
+  }
+  function markFetchersDone(keys) {
+    var _iterator3 = createForOfIteratorHelper_createForOfIteratorHelper(keys),
+      _step3;
+    try {
+      for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
+        var key = _step3.value;
+        var fetcher = getFetcher(key);
+        var doneFetcher = {
+          state: "idle",
+          data: fetcher.data,
+          formMethod: undefined,
+          formAction: undefined,
+          formEncType: undefined,
+          formData: undefined,
+          " _hasFetcherDoneAnything ": true
+        };
+        state.fetchers.set(key, doneFetcher);
+      }
+    } catch (err) {
+      _iterator3.e(err);
+    } finally {
+      _iterator3.f();
+    }
+  }
+  function markFetchRedirectsDone() {
+    var doneKeys = [];
+    var updatedFetchers = false;
+    var _iterator4 = createForOfIteratorHelper_createForOfIteratorHelper(fetchRedirectIds),
+      _step4;
+    try {
+      for (_iterator4.s(); !(_step4 = _iterator4.n()).done;) {
+        var key = _step4.value;
+        var fetcher = state.fetchers.get(key);
+        invariant(fetcher, "Expected fetcher: " + key);
+        if (fetcher.state === "loading") {
+          fetchRedirectIds.delete(key);
+          doneKeys.push(key);
+          updatedFetchers = true;
+        }
+      }
+    } catch (err) {
+      _iterator4.e(err);
+    } finally {
+      _iterator4.f();
+    }
+    markFetchersDone(doneKeys);
+    return updatedFetchers;
+  }
+  function abortStaleFetchLoads(landedId) {
+    var yeetedKeys = [];
+    var _iterator5 = createForOfIteratorHelper_createForOfIteratorHelper(fetchReloadIds),
+      _step5;
+    try {
+      for (_iterator5.s(); !(_step5 = _iterator5.n()).done;) {
+        var _step5$value = slicedToArray_slicedToArray(_step5.value, 2),
+          key = _step5$value[0],
+          id = _step5$value[1];
+        if (id < landedId) {
+          var fetcher = state.fetchers.get(key);
+          invariant(fetcher, "Expected fetcher: " + key);
+          if (fetcher.state === "loading") {
+            abortFetcher(key);
+            fetchReloadIds.delete(key);
+            yeetedKeys.push(key);
+          }
+        }
+      }
+    } catch (err) {
+      _iterator5.e(err);
+    } finally {
+      _iterator5.f();
+    }
+    markFetchersDone(yeetedKeys);
+    return yeetedKeys.length > 0;
+  }
+  function getBlocker(key, fn) {
+    var blocker = state.blockers.get(key) || IDLE_BLOCKER;
+    if (blockerFunctions.get(key) !== fn) {
+      blockerFunctions.set(key, fn);
+    }
+    return blocker;
+  }
+  function deleteBlocker(key) {
+    state.blockers.delete(key);
+    blockerFunctions.delete(key);
+  }
+  // Utility function to update blockers, ensuring valid state transitions
+  function updateBlocker(key, newBlocker) {
+    var blocker = state.blockers.get(key) || IDLE_BLOCKER;
+    // Poor mans state machine :)
+    // https://mermaid.live/edit#pako:eNqVkc9OwzAMxl8l8nnjAYrEtDIOHEBIgwvKJTReGy3_lDpIqO27k6awMG0XcrLlnz87nwdonESogKXXBuE79rq75XZO3-yHds0RJVuv70YrPlUrCEe2HfrORS3rubqZfuhtpg5C9wk5tZ4VKcRUq88q9Z8RS0-48cE1iHJkL0ugbHuFLus9L6spZy8nX9MP2CNdomVaposqu3fGayT8T8-jJQwhepo_UtpgBQaDEUom04dZhAN1aJBDlUKJBxE1ceB2Smj0Mln-IBW5AFU2dwUiktt_2Qaq2dBfaKdEup85UV7Yd-dKjlnkabl2Pvr0DTkTreM
+    invariant(blocker.state === "unblocked" && newBlocker.state === "blocked" || blocker.state === "blocked" && newBlocker.state === "blocked" || blocker.state === "blocked" && newBlocker.state === "proceeding" || blocker.state === "blocked" && newBlocker.state === "unblocked" || blocker.state === "proceeding" && newBlocker.state === "unblocked", "Invalid blocker state transition: " + blocker.state + " -> " + newBlocker.state);
+    state.blockers.set(key, newBlocker);
+    updateState({
+      blockers: new Map(state.blockers)
+    });
+  }
+  function shouldBlockNavigation(_ref2) {
+    var currentLocation = _ref2.currentLocation,
+      nextLocation = _ref2.nextLocation,
+      historyAction = _ref2.historyAction;
+    if (blockerFunctions.size === 0) {
+      return;
+    }
+    // We ony support a single active blocker at the moment since we don't have
+    // any compelling use cases for multi-blocker yet
+    if (blockerFunctions.size > 1) {
+      warning(false, "A router only supports one blocker at a time");
+    }
+    var entries = Array.from(blockerFunctions.entries());
+    var _entries = slicedToArray_slicedToArray(entries[entries.length - 1], 2),
+      blockerKey = _entries[0],
+      blockerFunction = _entries[1];
+    var blocker = state.blockers.get(blockerKey);
+    if (blocker && blocker.state === "proceeding") {
+      // If the blocker is currently proceeding, we don't need to re-check
+      // it and can let this navigation continue
+      return;
+    }
+    // At this point, we know we're unblocked/blocked so we need to check the
+    // user-provided blocker function
+    if (blockerFunction({
+      currentLocation: currentLocation,
+      nextLocation: nextLocation,
+      historyAction: historyAction
+    })) {
+      return blockerKey;
+    }
+  }
+  function cancelActiveDeferreds(predicate) {
+    var cancelledRouteIds = [];
+    activeDeferreds.forEach(function (dfd, routeId) {
+      if (!predicate || predicate(routeId)) {
+        // Cancel the deferred - but do not remove from activeDeferreds here -
+        // we rely on the subscribers to do that so our tests can assert proper
+        // cleanup via _internalActiveDeferreds
+        dfd.cancel();
+        cancelledRouteIds.push(routeId);
+        activeDeferreds.delete(routeId);
+      }
+    });
+    return cancelledRouteIds;
+  }
+  // Opt in to capturing and reporting scroll positions during navigations,
+  // used by the <ScrollRestoration> component
+  function enableScrollRestoration(positions, getPosition, getKey) {
+    savedScrollPositions = positions;
+    getScrollPosition = getPosition;
+    getScrollRestorationKey = getKey || function (location) {
+      return location.key;
+    };
+    // Perform initial hydration scroll restoration, since we miss the boat on
+    // the initial updateState() because we've not yet rendered <ScrollRestoration/>
+    // and therefore have no savedScrollPositions available
+    if (!initialScrollRestored && state.navigation === IDLE_NAVIGATION) {
+      initialScrollRestored = true;
+      var y = getSavedScrollPosition(state.location, state.matches);
+      if (y != null) {
+        updateState({
+          restoreScrollPosition: y
+        });
+      }
+    }
+    return function () {
+      savedScrollPositions = null;
+      getScrollPosition = null;
+      getScrollRestorationKey = null;
+    };
+  }
+  function saveScrollPosition(location, matches) {
+    if (savedScrollPositions && getScrollRestorationKey && getScrollPosition) {
+      var userMatches = matches.map(function (m) {
+        return createUseMatchesMatch(m, state.loaderData);
+      });
+      var key = getScrollRestorationKey(location, userMatches) || location.key;
+      savedScrollPositions[key] = getScrollPosition();
+    }
+  }
+  function getSavedScrollPosition(location, matches) {
+    if (savedScrollPositions && getScrollRestorationKey && getScrollPosition) {
+      var userMatches = matches.map(function (m) {
+        return createUseMatchesMatch(m, state.loaderData);
+      });
+      var key = getScrollRestorationKey(location, userMatches) || location.key;
+      var y = savedScrollPositions[key];
+      if (typeof y === "number") {
+        return y;
+      }
+    }
+    return null;
+  }
+  function _internalSetRoutes(newRoutes) {
+    manifest = {};
+    inFlightDataRoutes = convertRoutesToDataRoutes(newRoutes, mapRouteProperties, undefined, manifest);
+  }
+  router = {
+    get basename() {
+      return basename;
+    },
+    get state() {
+      return state;
+    },
+    get routes() {
+      return dataRoutes;
+    },
+    initialize: initialize,
+    subscribe: subscribe,
+    enableScrollRestoration: enableScrollRestoration,
+    navigate: navigate,
+    fetch: fetch,
+    revalidate: revalidate,
+    // Passthrough to history-aware createHref used by useHref so we get proper
+    // hash-aware URLs in DOM paths
+    createHref: function createHref(to) {
+      return init.history.createHref(to);
+    },
+    encodeLocation: function encodeLocation(to) {
+      return init.history.encodeLocation(to);
+    },
+    getFetcher: getFetcher,
+    deleteFetcher: deleteFetcher,
+    dispose: dispose,
+    getBlocker: getBlocker,
+    deleteBlocker: deleteBlocker,
+    _internalFetchControllers: fetchControllers,
+    _internalActiveDeferreds: activeDeferreds,
+    // TODO: Remove setRoutes, it's temporary to avoid dealing with
+    // updating the tree while validating the update algorithm.
+    _internalSetRoutes: _internalSetRoutes
+  };
+  return router;
+}
+//#endregion
+////////////////////////////////////////////////////////////////////////////////
+//#region createStaticHandler
+////////////////////////////////////////////////////////////////////////////////
+var UNSAFE_DEFERRED_SYMBOL = Symbol("deferred");
+function createStaticHandler(routes, opts) {
+  invariant(routes.length > 0, "You must provide a non-empty routes array to createStaticHandler");
+  var manifest = {};
+  var basename = (opts ? opts.basename : null) || "/";
+  var mapRouteProperties;
+  if (opts != null && opts.mapRouteProperties) {
+    mapRouteProperties = opts.mapRouteProperties;
+  } else if (opts != null && opts.detectErrorBoundary) {
+    // If they are still using the deprecated version, wrap it with the new API
+    var detectErrorBoundary = opts.detectErrorBoundary;
+    mapRouteProperties = function mapRouteProperties(route) {
+      return {
+        hasErrorBoundary: detectErrorBoundary(route)
+      };
+    };
+  } else {
+    mapRouteProperties = defaultMapRouteProperties;
+  }
+  var dataRoutes = convertRoutesToDataRoutes(routes, mapRouteProperties, undefined, manifest);
+  /**
+   * The query() method is intended for document requests, in which we want to
+   * call an optional action and potentially multiple loaders for all nested
+   * routes.  It returns a StaticHandlerContext object, which is very similar
+   * to the router state (location, loaderData, actionData, errors, etc.) and
+   * also adds SSR-specific information such as the statusCode and headers
+   * from action/loaders Responses.
+   *
+   * It _should_ never throw and should report all errors through the
+   * returned context.errors object, properly associating errors to their error
+   * boundary.  Additionally, it tracks _deepestRenderedBoundaryId which can be
+   * used to emulate React error boundaries during SSr by performing a second
+   * pass only down to the boundaryId.
+   *
+   * The one exception where we do not return a StaticHandlerContext is when a
+   * redirect response is returned or thrown from any action/loader.  We
+   * propagate that out and return the raw Response so the HTTP server can
+   * return it directly.
+   */
+  function query(_x41, _x42) {
+    return _query.apply(this, arguments);
+  }
+  /**
+   * The queryRoute() method is intended for targeted route requests, either
+   * for fetch ?_data requests or resource route requests.  In this case, we
+   * are only ever calling a single action or loader, and we are returning the
+   * returned value directly.  In most cases, this will be a Response returned
+   * from the action/loader, but it may be a primitive or other value as well -
+   * and in such cases the calling context should handle that accordingly.
+   *
+   * We do respect the throw/return differentiation, so if an action/loader
+   * throws, then this method will throw the value.  This is important so we
+   * can do proper boundary identification in Remix where a thrown Response
+   * must go to the Catch Boundary but a returned Response is happy-path.
+   *
+   * One thing to note is that any Router-initiated Errors that make sense
+   * to associate with a status code will be thrown as an ErrorResponse
+   * instance which include the raw Error, such that the calling context can
+   * serialize the error as they see fit while including the proper response
+   * code.  Examples here are 404 and 405 errors that occur prior to reaching
+   * any user-defined loaders.
+   */
+  function _query() {
+    _query = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee10(request, _temp2) {
+      var _ref7, requestContext, url, method, location, matches, error, _getShortCircuitMatch3, methodNotAllowedMatches, route, _error4, _getShortCircuitMatch4, notFoundMatches, _route2, result;
+      return _regeneratorRuntime().wrap(function _callee10$(_context10) {
+        while (1) switch (_context10.prev = _context10.next) {
+          case 0:
+            _ref7 = _temp2 === void 0 ? {} : _temp2, requestContext = _ref7.requestContext;
+            url = new URL(request.url);
+            method = request.method;
+            location = createLocation("", router_createPath(url), null, "default");
+            matches = matchRoutes(dataRoutes, location, basename); // SSR supports HEAD requests while SPA doesn't
+            if (!(!isValidMethod(method) && method !== "HEAD")) {
+              _context10.next = 11;
+              break;
+            }
+            error = getInternalRouterError(405, {
+              method: method
+            });
+            _getShortCircuitMatch3 = getShortCircuitMatches(dataRoutes), methodNotAllowedMatches = _getShortCircuitMatch3.matches, route = _getShortCircuitMatch3.route;
+            return _context10.abrupt("return", {
+              basename: basename,
+              location: location,
+              matches: methodNotAllowedMatches,
+              loaderData: {},
+              actionData: null,
+              errors: _defineProperty({}, route.id, error),
+              statusCode: error.status,
+              loaderHeaders: {},
+              actionHeaders: {},
+              activeDeferreds: null
+            });
+          case 11:
+            if (matches) {
+              _context10.next = 15;
+              break;
+            }
+            _error4 = getInternalRouterError(404, {
+              pathname: location.pathname
+            });
+            _getShortCircuitMatch4 = getShortCircuitMatches(dataRoutes), notFoundMatches = _getShortCircuitMatch4.matches, _route2 = _getShortCircuitMatch4.route;
+            return _context10.abrupt("return", {
+              basename: basename,
+              location: location,
+              matches: notFoundMatches,
+              loaderData: {},
+              actionData: null,
+              errors: _defineProperty({}, _route2.id, _error4),
+              statusCode: _error4.status,
+              loaderHeaders: {},
+              actionHeaders: {},
+              activeDeferreds: null
+            });
+          case 15:
+            _context10.next = 17;
+            return queryImpl(request, location, matches, requestContext);
+          case 17:
+            result = _context10.sent;
+            if (!isResponse(result)) {
+              _context10.next = 20;
+              break;
+            }
+            return _context10.abrupt("return", result);
+          case 20:
+            return _context10.abrupt("return", router_extends({
+              location: location,
+              basename: basename
+            }, result));
+          case 21:
+          case "end":
+            return _context10.stop();
+        }
+      }, _callee10);
+    }));
+    return _query.apply(this, arguments);
+  }
+  function queryRoute(_x43, _x44) {
+    return _queryRoute.apply(this, arguments);
+  }
+  function _queryRoute() {
+    _queryRoute = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee11(request, _temp3) {
+      var _ref8, routeId, requestContext, url, method, location, matches, match, result, error, _result$activeDeferre, data;
+      return _regeneratorRuntime().wrap(function _callee11$(_context11) {
+        while (1) switch (_context11.prev = _context11.next) {
+          case 0:
+            _ref8 = _temp3 === void 0 ? {} : _temp3, routeId = _ref8.routeId, requestContext = _ref8.requestContext;
+            url = new URL(request.url);
+            method = request.method;
+            location = createLocation("", router_createPath(url), null, "default");
+            matches = matchRoutes(dataRoutes, location, basename); // SSR supports HEAD requests while SPA doesn't
+            if (!(!isValidMethod(method) && method !== "HEAD" && method !== "OPTIONS")) {
+              _context11.next = 9;
+              break;
+            }
+            throw getInternalRouterError(405, {
+              method: method
+            });
+          case 9:
+            if (matches) {
+              _context11.next = 11;
+              break;
+            }
+            throw getInternalRouterError(404, {
+              pathname: location.pathname
+            });
+          case 11:
+            match = routeId ? matches.find(function (m) {
+              return m.route.id === routeId;
+            }) : getTargetMatch(matches, location);
+            if (!(routeId && !match)) {
+              _context11.next = 16;
+              break;
+            }
+            throw getInternalRouterError(403, {
+              pathname: location.pathname,
+              routeId: routeId
+            });
+          case 16:
+            if (match) {
+              _context11.next = 18;
+              break;
+            }
+            throw getInternalRouterError(404, {
+              pathname: location.pathname
+            });
+          case 18:
+            _context11.next = 20;
+            return queryImpl(request, location, matches, requestContext, match);
+          case 20:
+            result = _context11.sent;
+            if (!isResponse(result)) {
+              _context11.next = 23;
+              break;
+            }
+            return _context11.abrupt("return", result);
+          case 23:
+            error = result.errors ? Object.values(result.errors)[0] : undefined;
+            if (!(error !== undefined)) {
+              _context11.next = 26;
+              break;
+            }
+            throw error;
+          case 26:
+            if (!result.actionData) {
+              _context11.next = 28;
+              break;
+            }
+            return _context11.abrupt("return", Object.values(result.actionData)[0]);
+          case 28:
+            if (!result.loaderData) {
+              _context11.next = 32;
+              break;
+            }
+            data = Object.values(result.loaderData)[0];
+            if ((_result$activeDeferre = result.activeDeferreds) != null && _result$activeDeferre[match.route.id]) {
+              data[UNSAFE_DEFERRED_SYMBOL] = result.activeDeferreds[match.route.id];
+            }
+            return _context11.abrupt("return", data);
+          case 32:
+            return _context11.abrupt("return", undefined);
+          case 33:
+          case "end":
+            return _context11.stop();
+        }
+      }, _callee11);
+    }));
+    return _queryRoute.apply(this, arguments);
+  }
+  function queryImpl(_x45, _x46, _x47, _x48, _x49) {
+    return _queryImpl.apply(this, arguments);
+  }
+  function _queryImpl() {
+    _queryImpl = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee12(request, location, matches, requestContext, routeMatch) {
+      var _result, result;
+      return _regeneratorRuntime().wrap(function _callee12$(_context12) {
+        while (1) switch (_context12.prev = _context12.next) {
+          case 0:
+            invariant(request.signal, "query()/queryRoute() requests must contain an AbortController signal");
+            _context12.prev = 1;
+            if (!isMutationMethod(request.method.toLowerCase())) {
+              _context12.next = 7;
+              break;
+            }
+            _context12.next = 5;
+            return submit(request, matches, routeMatch || getTargetMatch(matches, location), requestContext, routeMatch != null);
+          case 5:
+            _result = _context12.sent;
+            return _context12.abrupt("return", _result);
+          case 7:
+            _context12.next = 9;
+            return loadRouteData(request, matches, requestContext, routeMatch);
+          case 9:
+            result = _context12.sent;
+            return _context12.abrupt("return", isResponse(result) ? result : router_extends({}, result, {
+              actionData: null,
+              actionHeaders: {}
+            }));
+          case 13:
+            _context12.prev = 13;
+            _context12.t0 = _context12["catch"](1);
+            if (!isQueryRouteResponse(_context12.t0)) {
+              _context12.next = 19;
+              break;
+            }
+            if (!(_context12.t0.type === ResultType.error && !isRedirectResponse(_context12.t0.response))) {
+              _context12.next = 18;
+              break;
+            }
+            throw _context12.t0.response;
+          case 18:
+            return _context12.abrupt("return", _context12.t0.response);
+          case 19:
+            if (!isRedirectResponse(_context12.t0)) {
+              _context12.next = 21;
+              break;
+            }
+            return _context12.abrupt("return", _context12.t0);
+          case 21:
+            throw _context12.t0;
+          case 22:
+          case "end":
+            return _context12.stop();
+        }
+      }, _callee12, null, [[1, 13]]);
+    }));
+    return _queryImpl.apply(this, arguments);
+  }
+  function submit(_x50, _x51, _x52, _x53, _x54) {
+    return _submit.apply(this, arguments);
+  }
+  function _submit() {
+    _submit = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee13(request, matches, actionMatch, requestContext, isRouteRequest) {
+      var result, error, method, _error5, boundaryMatch, _context13, loaderRequest, context;
+      return _regeneratorRuntime().wrap(function _callee13$(_context14) {
+        while (1) switch (_context14.prev = _context14.next) {
+          case 0:
+            if (!(!actionMatch.route.action && !actionMatch.route.lazy)) {
+              _context14.next = 7;
+              break;
+            }
+            error = getInternalRouterError(405, {
+              method: request.method,
+              pathname: new URL(request.url).pathname,
+              routeId: actionMatch.route.id
+            });
+            if (!isRouteRequest) {
+              _context14.next = 4;
+              break;
+            }
+            throw error;
+          case 4:
+            result = {
+              type: ResultType.error,
+              error: error
+            };
+            _context14.next = 13;
+            break;
+          case 7:
+            _context14.next = 9;
+            return callLoaderOrAction("action", request, actionMatch, matches, manifest, mapRouteProperties, basename, true, isRouteRequest, requestContext);
+          case 9:
+            result = _context14.sent;
+            if (!request.signal.aborted) {
+              _context14.next = 13;
+              break;
+            }
+            method = isRouteRequest ? "queryRoute" : "query";
+            throw new Error(method + "() call aborted");
+          case 13:
+            if (!isRedirectResult(result)) {
+              _context14.next = 15;
+              break;
+            }
+            throw new Response(null, {
+              status: result.status,
+              headers: {
+                Location: result.location
+              }
+            });
+          case 15:
+            if (!isDeferredResult(result)) {
+              _context14.next = 20;
+              break;
+            }
+            _error5 = getInternalRouterError(400, {
+              type: "defer-action"
+            });
+            if (!isRouteRequest) {
+              _context14.next = 19;
+              break;
+            }
+            throw _error5;
+          case 19:
+            result = {
+              type: ResultType.error,
+              error: _error5
+            };
+          case 20:
+            if (!isRouteRequest) {
+              _context14.next = 24;
+              break;
+            }
+            if (!isErrorResult(result)) {
+              _context14.next = 23;
+              break;
+            }
+            throw result.error;
+          case 23:
+            return _context14.abrupt("return", {
+              matches: [actionMatch],
+              loaderData: {},
+              actionData: _defineProperty({}, actionMatch.route.id, result.data),
+              errors: null,
+              // Note: statusCode + headers are unused here since queryRoute will
+              // return the raw Response or value
+              statusCode: 200,
+              loaderHeaders: {},
+              actionHeaders: {},
+              activeDeferreds: null
+            });
+          case 24:
+            if (!isErrorResult(result)) {
+              _context14.next = 30;
+              break;
+            }
+            // Store off the pending error - we use it to determine which loaders
+            // to call and will commit it when we complete the navigation
+            boundaryMatch = findNearestBoundary(matches, actionMatch.route.id);
+            _context14.next = 28;
+            return loadRouteData(request, matches, requestContext, undefined, _defineProperty({}, boundaryMatch.route.id, result.error));
+          case 28:
+            _context13 = _context14.sent;
+            return _context14.abrupt("return", router_extends({}, _context13, {
+              statusCode: isRouteErrorResponse(result.error) ? result.error.status : 500,
+              actionData: null,
+              actionHeaders: router_extends({}, result.headers ? _defineProperty({}, actionMatch.route.id, result.headers) : {})
+            }));
+          case 30:
+            // Create a GET request for the loaders
+            loaderRequest = new Request(request.url, {
+              headers: request.headers,
+              redirect: request.redirect,
+              signal: request.signal
+            });
+            _context14.next = 33;
+            return loadRouteData(loaderRequest, matches, requestContext);
+          case 33:
+            context = _context14.sent;
+            return _context14.abrupt("return", router_extends({}, context, result.statusCode ? {
+              statusCode: result.statusCode
+            } : {}, {
+              actionData: _defineProperty({}, actionMatch.route.id, result.data),
+              actionHeaders: router_extends({}, result.headers ? _defineProperty({}, actionMatch.route.id, result.headers) : {})
+            }));
+          case 35:
+          case "end":
+            return _context14.stop();
+        }
+      }, _callee13);
+    }));
+    return _submit.apply(this, arguments);
+  }
+  function loadRouteData(_x55, _x56, _x57, _x58, _x59) {
+    return _loadRouteData.apply(this, arguments);
+  }
+  function _loadRouteData() {
+    _loadRouteData = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee14(request, matches, requestContext, routeMatch, pendingActionError) {
+      var isRouteRequest, requestMatches, matchesToLoad, results, method, activeDeferreds, context, executedLoaders;
+      return _regeneratorRuntime().wrap(function _callee14$(_context15) {
+        while (1) switch (_context15.prev = _context15.next) {
+          case 0:
+            isRouteRequest = routeMatch != null; // Short circuit if we have no loaders to run (queryRoute())
+            if (!(isRouteRequest && !(routeMatch != null && routeMatch.route.loader) && !(routeMatch != null && routeMatch.route.lazy))) {
+              _context15.next = 3;
+              break;
+            }
+            throw getInternalRouterError(400, {
+              method: request.method,
+              pathname: new URL(request.url).pathname,
+              routeId: routeMatch == null ? void 0 : routeMatch.route.id
+            });
+          case 3:
+            requestMatches = routeMatch ? [routeMatch] : getLoaderMatchesUntilBoundary(matches, Object.keys(pendingActionError || {})[0]);
+            matchesToLoad = requestMatches.filter(function (m) {
+              return m.route.loader || m.route.lazy;
+            }); // Short circuit if we have no loaders to run (query())
+            if (!(matchesToLoad.length === 0)) {
+              _context15.next = 7;
+              break;
+            }
+            return _context15.abrupt("return", {
+              matches: matches,
+              // Add a null for all matched routes for proper revalidation on the client
+              loaderData: matches.reduce(function (acc, m) {
+                return Object.assign(acc, _defineProperty({}, m.route.id, null));
+              }, {}),
+              errors: pendingActionError || null,
+              statusCode: 200,
+              loaderHeaders: {},
+              activeDeferreds: null
+            });
+          case 7:
+            _context15.next = 9;
+            return Promise.all(_toConsumableArray(matchesToLoad.map(function (match) {
+              return callLoaderOrAction("loader", request, match, matches, manifest, mapRouteProperties, basename, true, isRouteRequest, requestContext);
+            })));
+          case 9:
+            results = _context15.sent;
+            if (!request.signal.aborted) {
+              _context15.next = 13;
+              break;
+            }
+            method = isRouteRequest ? "queryRoute" : "query";
+            throw new Error(method + "() call aborted");
+          case 13:
+            // Process and commit output from loaders
+            activeDeferreds = new Map();
+            context = processRouteLoaderData(matches, matchesToLoad, results, pendingActionError, activeDeferreds); // Add a null for any non-loader matches for proper revalidation on the client
+            executedLoaders = new Set(matchesToLoad.map(function (match) {
+              return match.route.id;
+            }));
+            matches.forEach(function (match) {
+              if (!executedLoaders.has(match.route.id)) {
+                context.loaderData[match.route.id] = null;
+              }
+            });
+            return _context15.abrupt("return", router_extends({}, context, {
+              matches: matches,
+              activeDeferreds: activeDeferreds.size > 0 ? Object.fromEntries(activeDeferreds.entries()) : null
+            }));
+          case 18:
+          case "end":
+            return _context15.stop();
+        }
+      }, _callee14);
+    }));
+    return _loadRouteData.apply(this, arguments);
+  }
+  return {
+    dataRoutes: dataRoutes,
+    query: query,
+    queryRoute: queryRoute
+  };
+}
+//#endregion
+////////////////////////////////////////////////////////////////////////////////
+//#region Helpers
+////////////////////////////////////////////////////////////////////////////////
+/**
+ * Given an existing StaticHandlerContext and an error thrown at render time,
+ * provide an updated StaticHandlerContext suitable for a second SSR render
+ */
+function getStaticContextFromError(routes, context, error) {
+  var newContext = router_extends({}, context, {
+    statusCode: 500,
+    errors: _defineProperty({}, context._deepestRenderedBoundaryId || routes[0].id, error)
+  });
+  return newContext;
+}
+function isSubmissionNavigation(opts) {
+  return opts != null && "formData" in opts;
+}
+function normalizeTo(location, matches, basename, prependBasename, to, fromRouteId, relative) {
+  var contextualMatches;
+  var activeRouteMatch;
+  if (fromRouteId != null && relative !== "path") {
+    // Grab matches up to the calling route so our route-relative logic is
+    // relative to the correct source route.  When using relative:path,
+    // fromRouteId is ignored since that is always relative to the current
+    // location path
+    contextualMatches = [];
+    var _iterator6 = createForOfIteratorHelper_createForOfIteratorHelper(matches),
+      _step6;
+    try {
+      for (_iterator6.s(); !(_step6 = _iterator6.n()).done;) {
+        var match = _step6.value;
+        contextualMatches.push(match);
+        if (match.route.id === fromRouteId) {
+          activeRouteMatch = match;
+          break;
+        }
+      }
+    } catch (err) {
+      _iterator6.e(err);
+    } finally {
+      _iterator6.f();
+    }
+  } else {
+    contextualMatches = matches;
+    activeRouteMatch = matches[matches.length - 1];
+  }
+  // Resolve the relative path
+  var path = router_resolveTo(to ? to : ".", getPathContributingMatches(contextualMatches).map(function (m) {
+    return m.pathnameBase;
+  }), router_stripBasename(location.pathname, basename) || location.pathname, relative === "path");
+  // When `to` is not specified we inherit search/hash from the current
+  // location, unlike when to="." and we just inherit the path.
+  // See https://github.com/remix-run/remix/issues/927
+  if (to == null) {
+    path.search = location.search;
+    path.hash = location.hash;
+  }
+  // Add an ?index param for matched index routes if we don't already have one
+  if ((to == null || to === "" || to === ".") && activeRouteMatch && activeRouteMatch.route.index && !hasNakedIndexQuery(path.search)) {
+    path.search = path.search ? path.search.replace(/^\?/, "?index&") : "?index";
+  }
+  // If we're operating within a basename, prepend it to the pathname.  If
+  // this is a root navigation, then just use the raw basename which allows
+  // the basename to have full control over the presence of a trailing slash
+  // on root actions
+  if (prependBasename && basename !== "/") {
+    path.pathname = path.pathname === "/" ? basename : router_joinPaths([basename, path.pathname]);
+  }
+  return router_createPath(path);
+}
+// Normalize navigation options by converting formMethod=GET formData objects to
+// URLSearchParams so they behave identically to links with query params
+function normalizeNavigateOptions(normalizeFormMethod, isFetcher, path, opts) {
+  // Return location verbatim on non-submission navigations
+  if (!opts || !isSubmissionNavigation(opts)) {
+    return {
+      path: path
+    };
+  }
+  if (opts.formMethod && !isValidMethod(opts.formMethod)) {
+    return {
+      path: path,
+      error: getInternalRouterError(405, {
+        method: opts.formMethod
+      })
+    };
+  }
+  // Create a Submission on non-GET navigations
+  var submission;
+  if (opts.formData) {
+    var formMethod = opts.formMethod || "get";
+    submission = {
+      formMethod: normalizeFormMethod ? formMethod.toUpperCase() : formMethod.toLowerCase(),
+      formAction: stripHashFromPath(path),
+      formEncType: opts && opts.formEncType || "application/x-www-form-urlencoded",
+      formData: opts.formData
+    };
+    if (isMutationMethod(submission.formMethod)) {
+      return {
+        path: path,
+        submission: submission
+      };
+    }
+  }
+  // Flatten submission onto URLSearchParams for GET submissions
+  var parsedPath = parsePath(path);
+  var searchParams = convertFormDataToSearchParams(opts.formData);
+  // On GET navigation submissions we can drop the ?index param from the
+  // resulting location since all loaders will run.  But fetcher GET submissions
+  // only run a single loader so we need to preserve any incoming ?index params
+  if (isFetcher && parsedPath.search && hasNakedIndexQuery(parsedPath.search)) {
+    searchParams.append("index", "");
+  }
+  parsedPath.search = "?" + searchParams;
+  return {
+    path: router_createPath(parsedPath),
+    submission: submission
+  };
+}
+// Filter out all routes below any caught error as they aren't going to
+// render so we don't need to load them
+function getLoaderMatchesUntilBoundary(matches, boundaryId) {
+  var boundaryMatches = matches;
+  if (boundaryId) {
+    var index = matches.findIndex(function (m) {
+      return m.route.id === boundaryId;
+    });
+    if (index >= 0) {
+      boundaryMatches = matches.slice(0, index);
+    }
+  }
+  return boundaryMatches;
+}
+function getMatchesToLoad(history, state, matches, submission, location, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, pendingActionData, pendingError) {
+  var actionResult = pendingError ? Object.values(pendingError)[0] : pendingActionData ? Object.values(pendingActionData)[0] : undefined;
+  var currentUrl = history.createURL(state.location);
+  var nextUrl = history.createURL(location);
+  // Pick navigation matches that are net-new or qualify for revalidation
+  var boundaryId = pendingError ? Object.keys(pendingError)[0] : undefined;
+  var boundaryMatches = getLoaderMatchesUntilBoundary(matches, boundaryId);
+  var navigationMatches = boundaryMatches.filter(function (match, index) {
+    if (match.route.lazy) {
+      // We haven't loaded this route yet so we don't know if it's got a loader!
+      return true;
+    }
+    if (match.route.loader == null) {
+      return false;
+    }
+    // Always call the loader on new route instances and pending defer cancellations
+    if (isNewLoader(state.loaderData, state.matches[index], match) || cancelledDeferredRoutes.some(function (id) {
+      return id === match.route.id;
+    })) {
+      return true;
+    }
+    // This is the default implementation for when we revalidate.  If the route
+    // provides it's own implementation, then we give them full control but
+    // provide this value so they can leverage it if needed after they check
+    // their own specific use cases
+    var currentRouteMatch = state.matches[index];
+    var nextRouteMatch = match;
+    return shouldRevalidateLoader(match, router_extends({
+      currentUrl: currentUrl,
+      currentParams: currentRouteMatch.params,
+      nextUrl: nextUrl,
+      nextParams: nextRouteMatch.params
+    }, submission, {
+      actionResult: actionResult,
+      defaultShouldRevalidate:
+      // Forced revalidation due to submission, useRevalidator, or X-Remix-Revalidate
+      isRevalidationRequired ||
+      // Clicked the same link, resubmitted a GET form
+      currentUrl.pathname + currentUrl.search === nextUrl.pathname + nextUrl.search ||
+      // Search params affect all loaders
+      currentUrl.search !== nextUrl.search || isNewRouteInstance(currentRouteMatch, nextRouteMatch)
+    }));
+  });
+  // Pick fetcher.loads that need to be revalidated
+  var revalidatingFetchers = [];
+  fetchLoadMatches.forEach(function (f, key) {
+    // Don't revalidate if fetcher won't be present in the subsequent render
+    if (!matches.some(function (m) {
+      return m.route.id === f.routeId;
+    })) {
+      return;
+    }
+    var fetcherMatches = matchRoutes(routesToUse, f.path, basename);
+    // If the fetcher path no longer matches, push it in with null matches so
+    // we can trigger a 404 in callLoadersAndMaybeResolveData
+    if (!fetcherMatches) {
+      revalidatingFetchers.push({
+        key: key,
+        routeId: f.routeId,
+        path: f.path,
+        matches: null,
+        match: null,
+        controller: null
+      });
+      return;
+    }
+    var fetcherMatch = getTargetMatch(fetcherMatches, f.path);
+    if (cancelledFetcherLoads.includes(key)) {
+      revalidatingFetchers.push({
+        key: key,
+        routeId: f.routeId,
+        path: f.path,
+        matches: fetcherMatches,
+        match: fetcherMatch,
+        controller: new AbortController()
+      });
+      return;
+    }
+    // Revalidating fetchers are decoupled from the route matches since they
+    // hit a static href, so they _always_ check shouldRevalidate and the
+    // default is strictly if a revalidation is explicitly required (action
+    // submissions, useRevalidator, X-Remix-Revalidate).
+    var shouldRevalidate = shouldRevalidateLoader(fetcherMatch, router_extends({
+      currentUrl: currentUrl,
+      currentParams: state.matches[state.matches.length - 1].params,
+      nextUrl: nextUrl,
+      nextParams: matches[matches.length - 1].params
+    }, submission, {
+      actionResult: actionResult,
+      // Forced revalidation due to submission, useRevalidator, or X-Remix-Revalidate
+      defaultShouldRevalidate: isRevalidationRequired
+    }));
+    if (shouldRevalidate) {
+      revalidatingFetchers.push({
+        key: key,
+        routeId: f.routeId,
+        path: f.path,
+        matches: fetcherMatches,
+        match: fetcherMatch,
+        controller: new AbortController()
+      });
+    }
+  });
+  return [navigationMatches, revalidatingFetchers];
+}
+function isNewLoader(currentLoaderData, currentMatch, match) {
+  var isNew =
+  // [a] -> [a, b]
+  !currentMatch ||
+  // [a, b] -> [a, c]
+  match.route.id !== currentMatch.route.id;
+  // Handle the case that we don't have data for a re-used route, potentially
+  // from a prior error or from a cancelled pending deferred
+  var isMissingData = currentLoaderData[match.route.id] === undefined;
+  // Always load if this is a net-new route or we don't yet have data
+  return isNew || isMissingData;
+}
+function isNewRouteInstance(currentMatch, match) {
+  var currentPath = currentMatch.route.path;
+  return (
+    // param change for this match, /users/123 -> /users/456
+    currentMatch.pathname !== match.pathname ||
+    // splat param changed, which is not present in match.path
+    // e.g. /files/images/avatar.jpg -> files/finances.xls
+    currentPath != null && currentPath.endsWith("*") && currentMatch.params["*"] !== match.params["*"]
+  );
+}
+function shouldRevalidateLoader(loaderMatch, arg) {
+  if (loaderMatch.route.shouldRevalidate) {
+    var routeChoice = loaderMatch.route.shouldRevalidate(arg);
+    if (typeof routeChoice === "boolean") {
+      return routeChoice;
+    }
+  }
+  return arg.defaultShouldRevalidate;
+}
+/**
+ * Execute route.lazy() methods to lazily load route modules (loader, action,
+ * shouldRevalidate) and update the routeManifest in place which shares objects
+ * with dataRoutes so those get updated as well.
+ */
+function loadLazyRouteModule(_x60, _x61, _x62) {
+  return _loadLazyRouteModule.apply(this, arguments);
+}
+function _loadLazyRouteModule() {
+  _loadLazyRouteModule = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(route, mapRouteProperties, manifest) {
+    var lazyRoute, routeToUpdate, routeUpdates, lazyRouteProperty, staticRouteValue, isPropertyStaticallyDefined;
+    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context16) {
+      while (1) switch (_context16.prev = _context16.next) {
+        case 0:
+          if (route.lazy) {
+            _context16.next = 2;
+            break;
+          }
+          return _context16.abrupt("return");
+        case 2:
+          _context16.next = 4;
+          return route.lazy();
+        case 4:
+          lazyRoute = _context16.sent;
+          if (route.lazy) {
+            _context16.next = 7;
+            break;
+          }
+          return _context16.abrupt("return");
+        case 7:
+          routeToUpdate = manifest[route.id];
+          invariant(routeToUpdate, "No route found in manifest");
+          // Update the route in place.  This should be safe because there's no way
+          // we could yet be sitting on this route as we can't get there without
+          // resolving lazy() first.
+          //
+          // This is different than the HMR "update" use-case where we may actively be
+          // on the route being updated.  The main concern boils down to "does this
+          // mutation affect any ongoing navigations or any current state.matches
+          // values?".  If not, it should be safe to update in place.
+          routeUpdates = {};
+          for (lazyRouteProperty in lazyRoute) {
+            staticRouteValue = routeToUpdate[lazyRouteProperty];
+            isPropertyStaticallyDefined = staticRouteValue !== undefined &&
+            // This property isn't static since it should always be updated based
+            // on the route updates
+            lazyRouteProperty !== "hasErrorBoundary";
+            warning(!isPropertyStaticallyDefined, "Route \"" + routeToUpdate.id + "\" has a static property \"" + lazyRouteProperty + "\" " + "defined but its lazy function is also returning a value for this property. " + ("The lazy route property \"" + lazyRouteProperty + "\" will be ignored."));
+            if (!isPropertyStaticallyDefined && !immutableRouteKeys.has(lazyRouteProperty)) {
+              routeUpdates[lazyRouteProperty] = lazyRoute[lazyRouteProperty];
+            }
+          }
+          // Mutate the route with the provided updates.  Do this first so we pass
+          // the updated version to mapRouteProperties
+          Object.assign(routeToUpdate, routeUpdates);
+          // Mutate the `hasErrorBoundary` property on the route based on the route
+          // updates and remove the `lazy` function so we don't resolve the lazy
+          // route again.
+          Object.assign(routeToUpdate, router_extends({}, mapRouteProperties(routeToUpdate), {
+            lazy: undefined
+          }));
+        case 13:
+        case "end":
+          return _context16.stop();
+      }
+    }, _callee15);
+  }));
+  return _loadLazyRouteModule.apply(this, arguments);
+}
+function callLoaderOrAction(_x63, _x64, _x65, _x66, _x67, _x68, _x69, _x70, _x71, _x72) {
+  return _callLoaderOrAction.apply(this, arguments);
+} // Utility method for creating the Request instances for loaders/actions during
+// client-side navigations and fetches.  During SSR we will always have a
+// Request instance from the static handler (query/queryRoute)
+function _callLoaderOrAction() {
+  _callLoaderOrAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(type, request, match, matches, manifest, mapRouteProperties, basename, isStaticRequest, isRouteRequest, requestContext) {
+    var resultType, result, onReject, runHandler, handler, values, url, pathname, _url, _pathname, status, location, currentUrl, _url2, isSameBasename, data, contentType, _result$init, _result$init2;
+    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context17) {
+      while (1) switch (_context17.prev = _context17.next) {
+        case 0:
+          if (isStaticRequest === void 0) {
+            isStaticRequest = false;
+          }
+          if (isRouteRequest === void 0) {
+            isRouteRequest = false;
+          }
+          runHandler = function runHandler(handler) {
+            // Setup a promise we can race against so that abort signals short circuit
+            var reject;
+            var abortPromise = new Promise(function (_, r) {
+              return reject = r;
+            });
+            onReject = function onReject() {
+              return reject();
+            };
+            request.signal.addEventListener("abort", onReject);
+            return Promise.race([handler({
+              request: request,
+              params: match.params,
+              context: requestContext
+            }), abortPromise]);
+          };
+          _context17.prev = 3;
+          handler = match.route[type];
+          if (!match.route.lazy) {
+            _context17.next = 31;
+            break;
+          }
+          if (!handler) {
+            _context17.next = 13;
+            break;
+          }
+          _context17.next = 9;
+          return Promise.all([runHandler(handler), loadLazyRouteModule(match.route, mapRouteProperties, manifest)]);
+        case 9:
+          values = _context17.sent;
+          result = values[0];
+          _context17.next = 29;
+          break;
+        case 13:
+          _context17.next = 15;
+          return loadLazyRouteModule(match.route, mapRouteProperties, manifest);
+        case 15:
+          handler = match.route[type];
+          if (!handler) {
+            _context17.next = 22;
+            break;
+          }
+          _context17.next = 19;
+          return runHandler(handler);
+        case 19:
+          result = _context17.sent;
+          _context17.next = 29;
+          break;
+        case 22:
+          if (!(type === "action")) {
+            _context17.next = 28;
+            break;
+          }
+          url = new URL(request.url);
+          pathname = url.pathname + url.search;
+          throw getInternalRouterError(405, {
+            method: request.method,
+            pathname: pathname,
+            routeId: match.route.id
+          });
+        case 28:
+          return _context17.abrupt("return", {
+            type: ResultType.data,
+            data: undefined
+          });
+        case 29:
+          _context17.next = 40;
+          break;
+        case 31:
+          if (handler) {
+            _context17.next = 37;
+            break;
+          }
+          _url = new URL(request.url);
+          _pathname = _url.pathname + _url.search;
+          throw getInternalRouterError(404, {
+            pathname: _pathname
+          });
+        case 37:
+          _context17.next = 39;
+          return runHandler(handler);
+        case 39:
+          result = _context17.sent;
+        case 40:
+          invariant(result !== undefined, "You defined " + (type === "action" ? "an action" : "a loader") + " for route " + ("\"" + match.route.id + "\" but didn't return anything from your `" + type + "` ") + "function. Please return a value or `null`.");
+          _context17.next = 47;
+          break;
+        case 43:
+          _context17.prev = 43;
+          _context17.t0 = _context17["catch"](3);
+          resultType = ResultType.error;
+          result = _context17.t0;
+        case 47:
+          _context17.prev = 47;
+          if (onReject) {
+            request.signal.removeEventListener("abort", onReject);
+          }
+          return _context17.finish(47);
+        case 50:
+          if (!isResponse(result)) {
+            _context17.next = 75;
+            break;
+          }
+          status = result.status; // Process redirects
+          if (!redirectStatusCodes.has(status)) {
+            _context17.next = 60;
+            break;
+          }
+          location = result.headers.get("Location");
+          invariant(location, "Redirects returned/thrown from loaders/actions must have a Location header");
+          // Support relative routing in internal redirects
+          if (!ABSOLUTE_URL_REGEX.test(location)) {
+            location = normalizeTo(new URL(request.url), matches.slice(0, matches.indexOf(match) + 1), basename, true, location);
+          } else if (!isStaticRequest) {
+            // Strip off the protocol+origin for same-origin + same-basename absolute
+            // redirects. If this is a static request, we can let it go back to the
+            // browser as-is
+            currentUrl = new URL(request.url);
+            _url2 = location.startsWith("//") ? new URL(currentUrl.protocol + location) : new URL(location);
+            isSameBasename = router_stripBasename(_url2.pathname, basename) != null;
+            if (_url2.origin === currentUrl.origin && isSameBasename) {
+              location = _url2.pathname + _url2.search + _url2.hash;
+            }
+          }
+          // Don't process redirects in the router during static requests requests.
+          // Instead, throw the Response and let the server handle it with an HTTP
+          // redirect.  We also update the Location header in place in this flow so
+          // basename and relative routing is taken into account
+          if (!isStaticRequest) {
+            _context17.next = 59;
+            break;
+          }
+          result.headers.set("Location", location);
+          throw result;
+        case 59:
+          return _context17.abrupt("return", {
+            type: ResultType.redirect,
+            status: status,
+            location: location,
+            revalidate: result.headers.get("X-Remix-Revalidate") !== null
+          });
+        case 60:
+          if (!isRouteRequest) {
+            _context17.next = 62;
+            break;
+          }
+          throw {
+            type: resultType || ResultType.data,
+            response: result
+          };
+        case 62:
+          contentType = result.headers.get("Content-Type"); // Check between word boundaries instead of startsWith() due to the last
+          // paragraph of https://httpwg.org/specs/rfc9110.html#field.content-type
+          if (!(contentType && /\bapplication\/json\b/.test(contentType))) {
+            _context17.next = 69;
+            break;
+          }
+          _context17.next = 66;
+          return result.json();
+        case 66:
+          data = _context17.sent;
+          _context17.next = 72;
+          break;
+        case 69:
+          _context17.next = 71;
+          return result.text();
+        case 71:
+          data = _context17.sent;
+        case 72:
+          if (!(resultType === ResultType.error)) {
+            _context17.next = 74;
+            break;
+          }
+          return _context17.abrupt("return", {
+            type: resultType,
+            error: new ErrorResponse(status, result.statusText, data),
+            headers: result.headers
+          });
+        case 74:
+          return _context17.abrupt("return", {
+            type: ResultType.data,
+            data: data,
+            statusCode: result.status,
+            headers: result.headers
+          });
+        case 75:
+          if (!(resultType === ResultType.error)) {
+            _context17.next = 77;
+            break;
+          }
+          return _context17.abrupt("return", {
+            type: resultType,
+            error: result
+          });
+        case 77:
+          if (!isDeferredData(result)) {
+            _context17.next = 79;
+            break;
+          }
+          return _context17.abrupt("return", {
+            type: ResultType.deferred,
+            deferredData: result,
+            statusCode: (_result$init = result.init) == null ? void 0 : _result$init.status,
+            headers: ((_result$init2 = result.init) == null ? void 0 : _result$init2.headers) && new Headers(result.init.headers)
+          });
+        case 79:
+          return _context17.abrupt("return", {
+            type: ResultType.data,
+            data: result
+          });
+        case 80:
+        case "end":
+          return _context17.stop();
+      }
+    }, _callee16, null, [[3, 43, 47, 50]]);
+  }));
+  return _callLoaderOrAction.apply(this, arguments);
+}
+function createClientSideRequest(history, location, signal, submission) {
+  var url = history.createURL(stripHashFromPath(location)).toString();
+  var init = {
+    signal: signal
+  };
+  if (submission && isMutationMethod(submission.formMethod)) {
+    var formMethod = submission.formMethod,
+      formEncType = submission.formEncType,
+      formData = submission.formData;
+    // Didn't think we needed this but it turns out unlike other methods, patch
+    // won't be properly normalized to uppercase and results in a 405 error.
+    // See: https://fetch.spec.whatwg.org/#concept-method
+    init.method = formMethod.toUpperCase();
+    init.body = formEncType === "application/x-www-form-urlencoded" ? convertFormDataToSearchParams(formData) : formData;
+  }
+  // Content-Type is inferred (https://fetch.spec.whatwg.org/#dom-request)
+  return new Request(url, init);
+}
+function convertFormDataToSearchParams(formData) {
+  var searchParams = new URLSearchParams();
+  var _iterator7 = createForOfIteratorHelper_createForOfIteratorHelper(formData.entries()),
+    _step7;
+  try {
+    for (_iterator7.s(); !(_step7 = _iterator7.n()).done;) {
+      var _step7$value = slicedToArray_slicedToArray(_step7.value, 2),
+        key = _step7$value[0],
+        value = _step7$value[1];
+      // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#converting-an-entry-list-to-a-list-of-name-value-pairs
+      searchParams.append(key, value instanceof File ? value.name : value);
+    }
+  } catch (err) {
+    _iterator7.e(err);
+  } finally {
+    _iterator7.f();
+  }
+  return searchParams;
+}
+function processRouteLoaderData(matches, matchesToLoad, results, pendingError, activeDeferreds) {
+  // Fill in loaderData/errors from our loaders
+  var loaderData = {};
+  var errors = null;
+  var statusCode;
+  var foundError = false;
+  var loaderHeaders = {};
+  // Process loader results into state.loaderData/state.errors
+  results.forEach(function (result, index) {
+    var id = matchesToLoad[index].route.id;
+    invariant(!isRedirectResult(result), "Cannot handle redirect results in processLoaderData");
+    if (isErrorResult(result)) {
+      // Look upwards from the matched route for the closest ancestor
+      // error boundary, defaulting to the root match
+      var boundaryMatch = findNearestBoundary(matches, id);
+      var error = result.error;
+      // If we have a pending action error, we report it at the highest-route
+      // that throws a loader error, and then clear it out to indicate that
+      // it was consumed
+      if (pendingError) {
+        error = Object.values(pendingError)[0];
+        pendingError = undefined;
+      }
+      errors = errors || {};
+      // Prefer higher error values if lower errors bubble to the same boundary
+      if (errors[boundaryMatch.route.id] == null) {
+        errors[boundaryMatch.route.id] = error;
+      }
+      // Clear our any prior loaderData for the throwing route
+      loaderData[id] = undefined;
+      // Once we find our first (highest) error, we set the status code and
+      // prevent deeper status codes from overriding
+      if (!foundError) {
+        foundError = true;
+        statusCode = isRouteErrorResponse(result.error) ? result.error.status : 500;
+      }
+      if (result.headers) {
+        loaderHeaders[id] = result.headers;
+      }
+    } else {
+      if (isDeferredResult(result)) {
+        activeDeferreds.set(id, result.deferredData);
+        loaderData[id] = result.deferredData.data;
+      } else {
+        loaderData[id] = result.data;
+      }
+      // Error status codes always override success status codes, but if all
+      // loaders are successful we take the deepest status code.
+      if (result.statusCode != null && result.statusCode !== 200 && !foundError) {
+        statusCode = result.statusCode;
+      }
+      if (result.headers) {
+        loaderHeaders[id] = result.headers;
+      }
+    }
+  });
+  // If we didn't consume the pending action error (i.e., all loaders
+  // resolved), then consume it here.  Also clear out any loaderData for the
+  // throwing route
+  if (pendingError) {
+    errors = pendingError;
+    loaderData[Object.keys(pendingError)[0]] = undefined;
+  }
+  return {
+    loaderData: loaderData,
+    errors: errors,
+    statusCode: statusCode || 200,
+    loaderHeaders: loaderHeaders
+  };
+}
+function processLoaderData(state, matches, matchesToLoad, results, pendingError, revalidatingFetchers, fetcherResults, activeDeferreds) {
+  var _processRouteLoaderDa = processRouteLoaderData(matches, matchesToLoad, results, pendingError, activeDeferreds),
+    loaderData = _processRouteLoaderDa.loaderData,
+    errors = _processRouteLoaderDa.errors;
+  // Process results from our revalidating fetchers
+  for (var index = 0; index < revalidatingFetchers.length; index++) {
+    var _revalidatingFetchers = revalidatingFetchers[index],
+      key = _revalidatingFetchers.key,
+      match = _revalidatingFetchers.match,
+      controller = _revalidatingFetchers.controller;
+    invariant(fetcherResults !== undefined && fetcherResults[index] !== undefined, "Did not find corresponding fetcher result");
+    var result = fetcherResults[index];
+    // Process fetcher non-redirect errors
+    if (controller && controller.signal.aborted) {
+      // Nothing to do for aborted fetchers
+      continue;
+    } else if (isErrorResult(result)) {
+      var boundaryMatch = findNearestBoundary(state.matches, match == null ? void 0 : match.route.id);
+      if (!(errors && errors[boundaryMatch.route.id])) {
+        errors = router_extends({}, errors, defineProperty_defineProperty({}, boundaryMatch.route.id, result.error));
+      }
+      state.fetchers.delete(key);
+    } else if (isRedirectResult(result)) {
+      // Should never get here, redirects should get processed above, but we
+      // keep this to type narrow to a success result in the else
+      invariant(false, "Unhandled fetcher revalidation redirect");
+    } else if (isDeferredResult(result)) {
+      // Should never get here, deferred data should be awaited for fetchers
+      // in resolveDeferredResults
+      invariant(false, "Unhandled fetcher deferred data");
+    } else {
+      var doneFetcher = {
+        state: "idle",
+        data: result.data,
+        formMethod: undefined,
+        formAction: undefined,
+        formEncType: undefined,
+        formData: undefined,
+        " _hasFetcherDoneAnything ": true
+      };
+      state.fetchers.set(key, doneFetcher);
+    }
+  }
+  return {
+    loaderData: loaderData,
+    errors: errors
+  };
+}
+function mergeLoaderData(loaderData, newLoaderData, matches, errors) {
+  var mergedLoaderData = router_extends({}, newLoaderData);
+  var _iterator8 = createForOfIteratorHelper_createForOfIteratorHelper(matches),
+    _step8;
+  try {
+    for (_iterator8.s(); !(_step8 = _iterator8.n()).done;) {
+      var match = _step8.value;
+      var id = match.route.id;
+      if (newLoaderData.hasOwnProperty(id)) {
+        if (newLoaderData[id] !== undefined) {
+          mergedLoaderData[id] = newLoaderData[id];
+        }
+      } else if (loaderData[id] !== undefined && match.route.loader) {
+        // Preserve existing keys not included in newLoaderData and where a loader
+        // wasn't removed by HMR
+        mergedLoaderData[id] = loaderData[id];
+      }
+      if (errors && errors.hasOwnProperty(id)) {
+        // Don't keep any loader data below the boundary
+        break;
+      }
+    }
+  } catch (err) {
+    _iterator8.e(err);
+  } finally {
+    _iterator8.f();
+  }
+  return mergedLoaderData;
+}
+// Find the nearest error boundary, looking upwards from the leaf route (or the
+// route specified by routeId) for the closest ancestor error boundary,
+// defaulting to the root match
+function findNearestBoundary(matches, routeId) {
+  var eligibleMatches = routeId ? matches.slice(0, matches.findIndex(function (m) {
+    return m.route.id === routeId;
+  }) + 1) : toConsumableArray_toConsumableArray(matches);
+  return eligibleMatches.reverse().find(function (m) {
+    return m.route.hasErrorBoundary === true;
+  }) || matches[0];
+}
+function getShortCircuitMatches(routes) {
+  // Prefer a root layout route if present, otherwise shim in a route object
+  var route = routes.find(function (r) {
+    return r.index || !r.path || r.path === "/";
+  }) || {
+    id: "__shim-error-route__"
+  };
+  return {
+    matches: [{
+      params: {},
+      pathname: "",
+      pathnameBase: "",
+      route: route
+    }],
+    route: route
+  };
+}
+function getInternalRouterError(status, _temp4) {
+  var _ref11 = _temp4 === void 0 ? {} : _temp4,
+    pathname = _ref11.pathname,
+    routeId = _ref11.routeId,
+    method = _ref11.method,
+    type = _ref11.type;
+  var statusText = "Unknown Server Error";
+  var errorMessage = "Unknown @remix-run/router error";
+  if (status === 400) {
+    statusText = "Bad Request";
+    if (method && pathname && routeId) {
+      errorMessage = "You made a " + method + " request to \"" + pathname + "\" but " + ("did not provide a `loader` for route \"" + routeId + "\", ") + "so there is no way to handle the request.";
+    } else if (type === "defer-action") {
+      errorMessage = "defer() is not supported in actions";
+    }
+  } else if (status === 403) {
+    statusText = "Forbidden";
+    errorMessage = "Route \"" + routeId + "\" does not match URL \"" + pathname + "\"";
+  } else if (status === 404) {
+    statusText = "Not Found";
+    errorMessage = "No route matches URL \"" + pathname + "\"";
+  } else if (status === 405) {
+    statusText = "Method Not Allowed";
+    if (method && pathname && routeId) {
+      errorMessage = "You made a " + method.toUpperCase() + " request to \"" + pathname + "\" but " + ("did not provide an `action` for route \"" + routeId + "\", ") + "so there is no way to handle the request.";
+    } else if (method) {
+      errorMessage = "Invalid request method \"" + method.toUpperCase() + "\"";
+    }
+  }
+  return new ErrorResponse(status || 500, statusText, new Error(errorMessage), true);
+}
+// Find any returned redirect errors, starting from the lowest match
+function findRedirect(results) {
+  for (var i = results.length - 1; i >= 0; i--) {
+    var result = results[i];
+    if (isRedirectResult(result)) {
+      return result;
+    }
+  }
+}
+function stripHashFromPath(path) {
+  var parsedPath = typeof path === "string" ? parsePath(path) : path;
+  return router_createPath(router_extends({}, parsedPath, {
+    hash: ""
+  }));
+}
+function isHashChangeOnly(a, b) {
+  if (a.pathname !== b.pathname || a.search !== b.search) {
+    return false;
+  }
+  if (a.hash === "") {
+    // /page -> /page#hash
+    return b.hash !== "";
+  } else if (a.hash === b.hash) {
+    // /page#hash -> /page#hash
+    return true;
+  } else if (b.hash !== "") {
+    // /page#hash -> /page#other
+    return true;
+  }
+  // If the hash is removed the browser will re-perform a request to the server
+  // /page#hash -> /page
+  return false;
+}
+function isDeferredResult(result) {
+  return result.type === ResultType.deferred;
+}
+function isErrorResult(result) {
+  return result.type === ResultType.error;
+}
+function isRedirectResult(result) {
+  return (result && result.type) === ResultType.redirect;
+}
+function isDeferredData(value) {
+  var deferred = value;
+  return deferred && typeof deferred === "object" && typeof deferred.data === "object" && typeof deferred.subscribe === "function" && typeof deferred.cancel === "function" && typeof deferred.resolveData === "function";
+}
+function isResponse(value) {
+  return value != null && typeof value.status === "number" && typeof value.statusText === "string" && typeof value.headers === "object" && typeof value.body !== "undefined";
+}
+function isRedirectResponse(result) {
+  if (!isResponse(result)) {
+    return false;
+  }
+  var status = result.status;
+  var location = result.headers.get("Location");
+  return status >= 300 && status <= 399 && location != null;
+}
+function isQueryRouteResponse(obj) {
+  return obj && isResponse(obj.response) && (obj.type === ResultType.data || ResultType.error);
+}
+function isValidMethod(method) {
+  return validRequestMethods.has(method.toLowerCase());
+}
+function isMutationMethod(method) {
+  return validMutationMethods.has(method.toLowerCase());
+}
+function resolveDeferredResults(_x73, _x74, _x75, _x76, _x77, _x78) {
+  return _resolveDeferredResults.apply(this, arguments);
+}
+function _resolveDeferredResults() {
+  _resolveDeferredResults = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(currentMatches, matchesToLoad, results, signals, isFetcher, currentLoaderData) {
+    var _loop, index, _ret;
+    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context19) {
+      while (1) switch (_context19.prev = _context19.next) {
+        case 0:
+          _loop = /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _loop(index) {
+            var result, match, currentMatch, isRevalidatingLoader, signal;
+            return regeneratorRuntime_regeneratorRuntime().wrap(function _loop$(_context18) {
+              while (1) switch (_context18.prev = _context18.next) {
+                case 0:
+                  result = results[index];
+                  match = matchesToLoad[index]; // If we don't have a match, then we can have a deferred result to do
+                  // anything with.  This is for revalidating fetchers where the route was
+                  // removed during HMR
+                  if (match) {
+                    _context18.next = 4;
+                    break;
+                  }
+                  return _context18.abrupt("return", "continue");
+                case 4:
+                  currentMatch = currentMatches.find(function (m) {
+                    return m.route.id === match.route.id;
+                  });
+                  isRevalidatingLoader = currentMatch != null && !isNewRouteInstance(currentMatch, match) && (currentLoaderData && currentLoaderData[match.route.id]) !== undefined;
+                  if (!(isDeferredResult(result) && (isFetcher || isRevalidatingLoader))) {
+                    _context18.next = 11;
+                    break;
+                  }
+                  // Note: we do not have to touch activeDeferreds here since we race them
+                  // against the signal in resolveDeferredData and they'll get aborted
+                  // there if needed
+                  signal = signals[index];
+                  invariant(signal, "Expected an AbortSignal for revalidating fetcher deferred result");
+                  _context18.next = 11;
+                  return resolveDeferredData(result, signal, isFetcher).then(function (result) {
+                    if (result) {
+                      results[index] = result || results[index];
+                    }
+                  });
+                case 11:
+                case "end":
+                  return _context18.stop();
+              }
+            }, _loop);
+          });
+          index = 0;
+        case 2:
+          if (!(index < results.length)) {
+            _context19.next = 10;
+            break;
+          }
+          return _context19.delegateYield(_loop(index), "t0", 4);
+        case 4:
+          _ret = _context19.t0;
+          if (!(_ret === "continue")) {
+            _context19.next = 7;
+            break;
+          }
+          return _context19.abrupt("continue", 7);
+        case 7:
+          index++;
+          _context19.next = 2;
+          break;
+        case 10:
+        case "end":
+          return _context19.stop();
+      }
+    }, _callee17);
+  }));
+  return _resolveDeferredResults.apply(this, arguments);
+}
+function resolveDeferredData(_x79, _x80, _x81) {
+  return _resolveDeferredData.apply(this, arguments);
+}
+function _resolveDeferredData() {
+  _resolveDeferredData = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(result, signal, unwrap) {
+    var aborted;
+    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context20) {
+      while (1) switch (_context20.prev = _context20.next) {
+        case 0:
+          if (unwrap === void 0) {
+            unwrap = false;
+          }
+          _context20.next = 3;
+          return result.deferredData.resolveData(signal);
+        case 3:
+          aborted = _context20.sent;
+          if (!aborted) {
+            _context20.next = 6;
+            break;
+          }
+          return _context20.abrupt("return");
+        case 6:
+          if (!unwrap) {
+            _context20.next = 14;
+            break;
+          }
+          _context20.prev = 7;
+          return _context20.abrupt("return", {
+            type: ResultType.data,
+            data: result.deferredData.unwrappedData
+          });
+        case 11:
+          _context20.prev = 11;
+          _context20.t0 = _context20["catch"](7);
+          return _context20.abrupt("return", {
+            type: ResultType.error,
+            error: _context20.t0
+          });
+        case 14:
+          return _context20.abrupt("return", {
+            type: ResultType.data,
+            data: result.deferredData.data
+          });
+        case 15:
+        case "end":
+          return _context20.stop();
+      }
+    }, _callee18, null, [[7, 11]]);
+  }));
+  return _resolveDeferredData.apply(this, arguments);
+}
+function hasNakedIndexQuery(search) {
+  return new URLSearchParams(search).getAll("index").some(function (v) {
+    return v === "";
+  });
+}
+// Note: This should match the format exported by useMatches, so if you change
+// this please also change that :)  Eventually we'll DRY this up
+function createUseMatchesMatch(match, loaderData) {
+  var route = match.route,
+    pathname = match.pathname,
+    params = match.params;
+  return {
+    id: route.id,
+    pathname: pathname,
+    params: params,
+    data: loaderData[route.id],
+    handle: route.handle
+  };
+}
+function getTargetMatch(matches, location) {
+  var search = typeof location === "string" ? parsePath(location).search : location.search;
+  if (matches[matches.length - 1].route.index && hasNakedIndexQuery(search || "")) {
+    // Return the leaf index route when index is present
+    return matches[matches.length - 1];
+  }
+  // Otherwise grab the deepest "path contributing" match (ignoring index and
+  // pathless layout routes)
+  var pathMatches = getPathContributingMatches(matches);
+  return pathMatches[pathMatches.length - 1];
+}
+//#endregion
+
+
+;// CONCATENATED MODULE: ./node_modules/react-router/dist/index.js
+
+
+
+
+
+
+/**
+ * React Router v6.12.1
+ *
+ * Copyright (c) Remix Software Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE.md file in the root directory of this source tree.
+ *
+ * @license MIT
+ */
+
+
+
+function dist_extends() {
+  dist_extends = Object.assign ? Object.assign.bind() : function (target) {
+    for (var i = 1; i < arguments.length; i++) {
+      var source = arguments[i];
+      for (var key in source) {
+        if (Object.prototype.hasOwnProperty.call(source, key)) {
+          target[key] = source[key];
+        }
+      }
+    }
+    return target;
+  };
+  return dist_extends.apply(this, arguments);
+}
+
+// Create react-specific types from the agnostic types in @remix-run/router to
+// export from react-router
+var DataRouterContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+var DataRouterStateContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+var AwaitContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+
+/**
+ * A Navigator is a "location changer"; it's how you get to different locations.
+ *
+ * Every history instance conforms to the Navigator interface, but the
+ * distinction is useful primarily when it comes to the low-level <Router> API
+ * where both the location and a navigator must be provided separately in order
+ * to avoid "tearing" that may occur in a suspense-enabled app if the action
+ * and/or location were to be read directly from the history instance.
+ */
+
+var NavigationContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+var LocationContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+var RouteContext = /*#__PURE__*/react.createContext({
+  outlet: null,
+  matches: [],
+  isDataRoute: false
+});
+if (false) {}
+var RouteErrorContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+
+/**
+ * Returns the full href for the given "to" value. This is useful for building
+ * custom links that are also accessible and preserve right-click behavior.
+ *
+ * @see https://reactrouter.com/hooks/use-href
+ */
+function useHref(to, _temp) {
+  var _ref9 = _temp === void 0 ? {} : _temp,
+    relative = _ref9.relative;
+  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
+  var _React$useContext = react.useContext(NavigationContext),
+    basename = _React$useContext.basename,
+    navigator = _React$useContext.navigator;
+  var _useResolvedPath = dist_useResolvedPath(to, {
+      relative: relative
+    }),
+    hash = _useResolvedPath.hash,
+    pathname = _useResolvedPath.pathname,
+    search = _useResolvedPath.search;
+  var joinedPathname = pathname;
+
+  // If we're operating within a basename, prepend it to the pathname prior
+  // to creating the href.  If this is a root navigation, then just use the raw
+  // basename which allows the basename to have full control over the presence
+  // of a trailing slash on root links
+  if (basename !== "/") {
+    joinedPathname = pathname === "/" ? basename : router_joinPaths([basename, pathname]);
+  }
+  return navigator.createHref({
+    pathname: joinedPathname,
+    search: search,
+    hash: hash
+  });
+}
+
+/**
+ * Returns true if this component is a descendant of a <Router>.
+ *
+ * @see https://reactrouter.com/hooks/use-in-router-context
+ */
+function useInRouterContext() {
+  return react.useContext(LocationContext) != null;
+}
+
+/**
+ * Returns the current location object, which represents the current URL in web
+ * browsers.
+ *
+ * Note: If you're using this it may mean you're doing some of your own
+ * "routing" in your app, and we'd like to know what your use case is. We may
+ * be able to provide something higher-level to better suit your needs.
+ *
+ * @see https://reactrouter.com/hooks/use-location
+ */
+function dist_useLocation() {
+  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
+  return react.useContext(LocationContext).location;
+}
+
+/**
+ * Returns the current navigation action which describes how the router came to
+ * the current location, either by a pop, push, or replace on the history stack.
+ *
+ * @see https://reactrouter.com/hooks/use-navigation-type
+ */
+function useNavigationType() {
+  return React.useContext(LocationContext).navigationType;
+}
+
+/**
+ * Returns a PathMatch object if the given pattern matches the current URL.
+ * This is useful for components that need to know "active" state, e.g.
+ * <NavLink>.
+ *
+ * @see https://reactrouter.com/hooks/use-match
+ */
+function useMatch(pattern) {
+  !useInRouterContext() ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  var _useLocation = dist_useLocation(),
+    pathname = _useLocation.pathname;
+  return React.useMemo(function () {
+    return matchPath(pattern, pathname);
+  }, [pathname, pattern]);
+}
+
+/**
+ * The interface for the navigate() function returned from useNavigate().
+ */
+
+var navigateEffectWarning = (/* unused pure expression or super */ null && ("You should call navigate() in a React.useEffect(), not when " + "your component is first rendered."));
+
+// Mute warnings for calls to useNavigate in SSR environments
+function useIsomorphicLayoutEffect(cb) {
+  var isStatic = react.useContext(NavigationContext).static;
+  if (!isStatic) {
+    // We should be able to get rid of this once react 18.3 is released
+    // See: https://github.com/facebook/react/pull/26395
+    // eslint-disable-next-line react-hooks/rules-of-hooks
+    react.useLayoutEffect(cb);
+  }
+}
+
+/**
+ * Returns an imperative method for changing the location. Used by <Link>s, but
+ * may also be used by other elements to change the location.
+ *
+ * @see https://reactrouter.com/hooks/use-navigate
+ */
+function dist_useNavigate() {
+  var _React$useContext2 = react.useContext(RouteContext),
+    isDataRoute = _React$useContext2.isDataRoute;
+  // Conditional usage is OK here because the usage of a data router is static
+  // eslint-disable-next-line react-hooks/rules-of-hooks
+  return isDataRoute ? useNavigateStable() : useNavigateUnstable();
+}
+function useNavigateUnstable() {
+  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
+  var dataRouterContext = react.useContext(DataRouterContext);
+  var _React$useContext3 = react.useContext(NavigationContext),
+    basename = _React$useContext3.basename,
+    navigator = _React$useContext3.navigator;
+  var _React$useContext4 = react.useContext(RouteContext),
+    matches = _React$useContext4.matches;
+  var _useLocation2 = dist_useLocation(),
+    locationPathname = _useLocation2.pathname;
+  var routePathnamesJson = JSON.stringify(getPathContributingMatches(matches).map(function (match) {
+    return match.pathnameBase;
+  }));
+  var activeRef = react.useRef(false);
+  useIsomorphicLayoutEffect(function () {
+    activeRef.current = true;
+  });
+  var navigate = react.useCallback(function (to, options) {
+    if (options === void 0) {
+      options = {};
+    }
+     false ? 0 : void 0;
+
+    // Short circuit here since if this happens on first render the navigate
+    // is useless because we haven't wired up our history listener yet
+    if (!activeRef.current) return;
+    if (typeof to === "number") {
+      navigator.go(to);
+      return;
+    }
+    var path = router_resolveTo(to, JSON.parse(routePathnamesJson), locationPathname, options.relative === "path");
+
+    // If we're operating within a basename, prepend it to the pathname prior
+    // to handing off to history (but only if we're not in a data router,
+    // otherwise it'll prepend the basename inside of the router).
+    // If this is a root navigation, then we navigate to the raw basename
+    // which allows the basename to have full control over the presence of a
+    // trailing slash on root links
+    if (dataRouterContext == null && basename !== "/") {
+      path.pathname = path.pathname === "/" ? basename : router_joinPaths([basename, path.pathname]);
+    }
+    (!!options.replace ? navigator.replace : navigator.push)(path, options.state, options);
+  }, [basename, navigator, routePathnamesJson, locationPathname, dataRouterContext]);
+  return navigate;
+}
+var OutletContext = /*#__PURE__*/react.createContext(null);
+
+/**
+ * Returns the context (if provided) for the child route at this level of the route
+ * hierarchy.
+ * @see https://reactrouter.com/hooks/use-outlet-context
+ */
+function useOutletContext() {
+  return react.useContext(OutletContext);
+}
+
+/**
+ * Returns the element for the child route at this level of the route
+ * hierarchy. Used internally by <Outlet> to render child routes.
+ *
+ * @see https://reactrouter.com/hooks/use-outlet
+ */
+function useOutlet(context) {
+  var outlet = react.useContext(RouteContext).outlet;
+  if (outlet) {
+    return /*#__PURE__*/react.createElement(OutletContext.Provider, {
+      value: context
+    }, outlet);
+  }
+  return outlet;
+}
+
+/**
+ * Returns an object of key/value pairs of the dynamic params from the current
+ * URL that were matched by the route path.
+ *
+ * @see https://reactrouter.com/hooks/use-params
+ */
+function useParams() {
+  var _React$useContext5 = React.useContext(RouteContext),
+    matches = _React$useContext5.matches;
+  var routeMatch = matches[matches.length - 1];
+  return routeMatch ? routeMatch.params : {};
+}
+
+/**
+ * Resolves the pathname of the given `to` value against the current location.
+ *
+ * @see https://reactrouter.com/hooks/use-resolved-path
+ */
+function dist_useResolvedPath(to, _temp2) {
+  var _ref10 = _temp2 === void 0 ? {} : _temp2,
+    relative = _ref10.relative;
+  var _React$useContext6 = react.useContext(RouteContext),
+    matches = _React$useContext6.matches;
+  var _useLocation3 = dist_useLocation(),
+    locationPathname = _useLocation3.pathname;
+  var routePathnamesJson = JSON.stringify(getPathContributingMatches(matches).map(function (match) {
+    return match.pathnameBase;
+  }));
+  return react.useMemo(function () {
+    return router_resolveTo(to, JSON.parse(routePathnamesJson), locationPathname, relative === "path");
+  }, [to, routePathnamesJson, locationPathname, relative]);
+}
+
+/**
+ * Returns the element of the route that matched the current location, prepared
+ * with the correct context to render the remainder of the route tree. Route
+ * elements in the tree must render an <Outlet> to render their child route's
+ * element.
+ *
+ * @see https://reactrouter.com/hooks/use-routes
+ */
+function useRoutes(routes, locationArg) {
+  return useRoutesImpl(routes, locationArg);
+}
+
+// Internal implementation with accept optional param for RouterProvider usage
+function useRoutesImpl(routes, locationArg, dataRouterState) {
+  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
+  var _React$useContext7 = react.useContext(NavigationContext),
+    navigator = _React$useContext7.navigator;
+  var _React$useContext8 = react.useContext(RouteContext),
+    parentMatches = _React$useContext8.matches;
+  var routeMatch = parentMatches[parentMatches.length - 1];
+  var parentParams = routeMatch ? routeMatch.params : {};
+  var parentPathname = routeMatch ? routeMatch.pathname : "/";
+  var parentPathnameBase = routeMatch ? routeMatch.pathnameBase : "/";
+  var parentRoute = routeMatch && routeMatch.route;
+  if (false) { var parentPath; }
+  var locationFromContext = dist_useLocation();
+  var location;
+  if (locationArg) {
+    var _parsedLocationArg$pa;
+    var parsedLocationArg = typeof locationArg === "string" ? parsePath(locationArg) : locationArg;
+    !(parentPathnameBase === "/" || ((_parsedLocationArg$pa = parsedLocationArg.pathname) == null ? void 0 : _parsedLocationArg$pa.startsWith(parentPathnameBase))) ?  false ? 0 : invariant(false) : void 0;
+    location = parsedLocationArg;
+  } else {
+    location = locationFromContext;
+  }
+  var pathname = location.pathname || "/";
+  var remainingPathname = parentPathnameBase === "/" ? pathname : pathname.slice(parentPathnameBase.length) || "/";
+  var matches = matchRoutes(routes, {
+    pathname: remainingPathname
+  });
+  if (false) {}
+  var renderedMatches = _renderMatches(matches && matches.map(function (match) {
+    return Object.assign({}, match, {
+      params: Object.assign({}, parentParams, match.params),
+      pathname: router_joinPaths([parentPathnameBase,
+      // Re-encode pathnames that were decoded inside matchRoutes
+      navigator.encodeLocation ? navigator.encodeLocation(match.pathname).pathname : match.pathname]),
+      pathnameBase: match.pathnameBase === "/" ? parentPathnameBase : router_joinPaths([parentPathnameBase,
+      // Re-encode pathnames that were decoded inside matchRoutes
+      navigator.encodeLocation ? navigator.encodeLocation(match.pathnameBase).pathname : match.pathnameBase])
+    });
+  }), parentMatches, dataRouterState);
+
+  // When a user passes in a `locationArg`, the associated routes need to
+  // be wrapped in a new `LocationContext.Provider` in order for `useLocation`
+  // to use the scoped location instead of the global location.
+  if (locationArg && renderedMatches) {
+    return /*#__PURE__*/react.createElement(LocationContext.Provider, {
+      value: {
+        location: dist_extends({
+          pathname: "/",
+          search: "",
+          hash: "",
+          state: null,
+          key: "default"
+        }, location),
+        navigationType: Action.Pop
+      }
+    }, renderedMatches);
+  }
+  return renderedMatches;
+}
+function DefaultErrorComponent() {
+  var error = useRouteError();
+  var message = isRouteErrorResponse(error) ? error.status + " " + error.statusText : error instanceof Error ? error.message : JSON.stringify(error);
+  var stack = error instanceof Error ? error.stack : null;
+  var lightgrey = "rgba(200,200,200, 0.5)";
+  var preStyles = {
+    padding: "0.5rem",
+    backgroundColor: lightgrey
+  };
+  var codeStyles = {
+    padding: "2px 4px",
+    backgroundColor: lightgrey
+  };
+  var devInfo = null;
+  if (false) {}
+  return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement("h2", null, "Unexpected Application Error!"), /*#__PURE__*/react.createElement("h3", {
+    style: {
+      fontStyle: "italic"
+    }
+  }, message), stack ? /*#__PURE__*/react.createElement("pre", {
+    style: preStyles
+  }, stack) : null, devInfo);
+}
+var defaultErrorElement = /*#__PURE__*/react.createElement(DefaultErrorComponent, null);
+var RenderErrorBoundary = /*#__PURE__*/function (_React$Component) {
+  _inherits(RenderErrorBoundary, _React$Component);
+  var _super = _createSuper(RenderErrorBoundary);
+  function RenderErrorBoundary(props) {
+    var _this;
+    classCallCheck_classCallCheck(this, RenderErrorBoundary);
+    _this = _super.call(this, props);
+    _this.state = {
+      location: props.location,
+      revalidation: props.revalidation,
+      error: props.error
+    };
+    return _this;
+  }
+  createClass_createClass(RenderErrorBoundary, [{
+    key: "componentDidCatch",
+    value: function componentDidCatch(error, errorInfo) {
+      console.error("React Router caught the following error during render", error, errorInfo);
+    }
+  }, {
+    key: "render",
+    value: function render() {
+      return this.state.error ? /*#__PURE__*/react.createElement(RouteContext.Provider, {
+        value: this.props.routeContext
+      }, /*#__PURE__*/react.createElement(RouteErrorContext.Provider, {
+        value: this.state.error,
+        children: this.props.component
+      })) : this.props.children;
+    }
+  }], [{
+    key: "getDerivedStateFromError",
+    value: function getDerivedStateFromError(error) {
+      return {
+        error: error
+      };
+    }
+  }, {
+    key: "getDerivedStateFromProps",
+    value: function getDerivedStateFromProps(props, state) {
+      // When we get into an error state, the user will likely click "back" to the
+      // previous page that didn't have an error. Because this wraps the entire
+      // application, that will have no effect--the error page continues to display.
+      // This gives us a mechanism to recover from the error when the location changes.
+      //
+      // Whether we're in an error state or not, we update the location in state
+      // so that when we are in an error state, it gets reset when a new location
+      // comes in and the user recovers from the error.
+      if (state.location !== props.location || state.revalidation !== "idle" && props.revalidation === "idle") {
+        return {
+          error: props.error,
+          location: props.location,
+          revalidation: props.revalidation
+        };
+      }
+
+      // If we're not changing locations, preserve the location but still surface
+      // any new errors that may come through. We retain the existing error, we do
+      // this because the error provided from the app state may be cleared without
+      // the location changing.
+      return {
+        error: props.error || state.error,
+        location: state.location,
+        revalidation: props.revalidation || state.revalidation
+      };
+    }
+  }]);
+  return RenderErrorBoundary;
+}(react.Component);
+function RenderedRoute(_ref) {
+  var routeContext = _ref.routeContext,
+    match = _ref.match,
+    children = _ref.children;
+  var dataRouterContext = react.useContext(DataRouterContext);
+
+  // Track how deep we got in our render pass to emulate SSR componentDidCatch
+  // in a DataStaticRouter
+  if (dataRouterContext && dataRouterContext.static && dataRouterContext.staticContext && (match.route.errorElement || match.route.ErrorBoundary)) {
+    dataRouterContext.staticContext._deepestRenderedBoundaryId = match.route.id;
+  }
+  return /*#__PURE__*/react.createElement(RouteContext.Provider, {
+    value: routeContext
+  }, children);
+}
+function _renderMatches(matches, parentMatches, dataRouterState) {
+  var _dataRouterState2;
+  if (parentMatches === void 0) {
+    parentMatches = [];
+  }
+  if (dataRouterState === void 0) {
+    dataRouterState = null;
+  }
+  if (matches == null) {
+    var _dataRouterState;
+    if ((_dataRouterState = dataRouterState) != null && _dataRouterState.errors) {
+      // Don't bail if we have data router errors so we can render them in the
+      // boundary.  Use the pre-matched (or shimmed) matches
+      matches = dataRouterState.matches;
+    } else {
+      return null;
+    }
+  }
+  var renderedMatches = matches;
+
+  // If we have data errors, trim matches to the highest error boundary
+  var errors = (_dataRouterState2 = dataRouterState) == null ? void 0 : _dataRouterState2.errors;
+  if (errors != null) {
+    var errorIndex = renderedMatches.findIndex(function (m) {
+      return m.route.id && (errors == null ? void 0 : errors[m.route.id]);
+    });
+    !(errorIndex >= 0) ?  false ? 0 : invariant(false) : void 0;
+    renderedMatches = renderedMatches.slice(0, Math.min(renderedMatches.length, errorIndex + 1));
+  }
+  return renderedMatches.reduceRight(function (outlet, match, index) {
+    var error = match.route.id ? errors == null ? void 0 : errors[match.route.id] : null;
+    // Only data routers handle errors
+    var errorElement = null;
+    if (dataRouterState) {
+      errorElement = match.route.errorElement || defaultErrorElement;
+    }
+    var matches = parentMatches.concat(renderedMatches.slice(0, index + 1));
+    var getChildren = function getChildren() {
+      var children;
+      if (error) {
+        children = errorElement;
+      } else if (match.route.Component) {
+        // Note: This is a de-optimized path since React won't re-use the
+        // ReactElement since it's identity changes with each new
+        // React.createElement call.  We keep this so folks can use
+        // `<Route Component={...}>` in `<Routes>` but generally `Component`
+        // usage is only advised in `RouterProvider` when we can convert it to
+        // `element` ahead of time.
+        children = /*#__PURE__*/react.createElement(match.route.Component, null);
+      } else if (match.route.element) {
+        children = match.route.element;
+      } else {
+        children = outlet;
+      }
+      return /*#__PURE__*/react.createElement(RenderedRoute, {
+        match: match,
+        routeContext: {
+          outlet: outlet,
+          matches: matches,
+          isDataRoute: dataRouterState != null
+        },
+        children: children
+      });
+    };
+    // Only wrap in an error boundary within data router usages when we have an
+    // ErrorBoundary/errorElement on this route.  Otherwise let it bubble up to
+    // an ancestor ErrorBoundary/errorElement
+    return dataRouterState && (match.route.ErrorBoundary || match.route.errorElement || index === 0) ? /*#__PURE__*/react.createElement(RenderErrorBoundary, {
+      location: dataRouterState.location,
+      revalidation: dataRouterState.revalidation,
+      component: errorElement,
+      error: error,
+      children: getChildren(),
+      routeContext: {
+        outlet: null,
+        matches: matches,
+        isDataRoute: true
+      }
+    }) : getChildren();
+  }, null);
+}
+var DataRouterHook;
+(function (DataRouterHook) {
+  DataRouterHook["UseBlocker"] = "useBlocker";
+  DataRouterHook["UseRevalidator"] = "useRevalidator";
+  DataRouterHook["UseNavigateStable"] = "useNavigate";
+})(DataRouterHook || (DataRouterHook = {}));
+var DataRouterStateHook;
+(function (DataRouterStateHook) {
+  DataRouterStateHook["UseBlocker"] = "useBlocker";
+  DataRouterStateHook["UseLoaderData"] = "useLoaderData";
+  DataRouterStateHook["UseActionData"] = "useActionData";
+  DataRouterStateHook["UseRouteError"] = "useRouteError";
+  DataRouterStateHook["UseNavigation"] = "useNavigation";
+  DataRouterStateHook["UseRouteLoaderData"] = "useRouteLoaderData";
+  DataRouterStateHook["UseMatches"] = "useMatches";
+  DataRouterStateHook["UseRevalidator"] = "useRevalidator";
+  DataRouterStateHook["UseNavigateStable"] = "useNavigate";
+  DataRouterStateHook["UseRouteId"] = "useRouteId";
+})(DataRouterStateHook || (DataRouterStateHook = {}));
+function getDataRouterConsoleError(hookName) {
+  return hookName + " must be used within a data router.  See https://reactrouter.com/routers/picking-a-router.";
+}
+function useDataRouterContext(hookName) {
+  var ctx = react.useContext(DataRouterContext);
+  !ctx ?  false ? 0 : invariant(false) : void 0;
+  return ctx;
+}
+function useDataRouterState(hookName) {
+  var state = react.useContext(DataRouterStateContext);
+  !state ?  false ? 0 : invariant(false) : void 0;
+  return state;
+}
+function useRouteContext(hookName) {
+  var route = react.useContext(RouteContext);
+  !route ?  false ? 0 : invariant(false) : void 0;
+  return route;
+}
+
+// Internal version with hookName-aware debugging
+function useCurrentRouteId(hookName) {
+  var route = useRouteContext(hookName);
+  var thisRoute = route.matches[route.matches.length - 1];
+  !thisRoute.route.id ?  false ? 0 : invariant(false) : void 0;
+  return thisRoute.route.id;
+}
+
+/**
+ * Returns the ID for the nearest contextual route
+ */
+function useRouteId() {
+  return useCurrentRouteId(DataRouterStateHook.UseRouteId);
+}
+
+/**
+ * Returns the current navigation, defaulting to an "idle" navigation when
+ * no navigation is in progress
+ */
+function dist_useNavigation() {
+  var state = useDataRouterState(DataRouterStateHook.UseNavigation);
+  return state.navigation;
+}
+
+/**
+ * Returns a revalidate function for manually triggering revalidation, as well
+ * as the current state of any manual revalidations
+ */
+function useRevalidator() {
+  var dataRouterContext = useDataRouterContext(DataRouterHook.UseRevalidator);
+  var state = useDataRouterState(DataRouterStateHook.UseRevalidator);
+  return {
+    revalidate: dataRouterContext.router.revalidate,
+    state: state.revalidation
+  };
+}
+
+/**
+ * Returns the active route matches, useful for accessing loaderData for
+ * parent/child routes or the route "handle" property
+ */
+function dist_useMatches() {
+  var _useDataRouterState = useDataRouterState(DataRouterStateHook.UseMatches),
+    matches = _useDataRouterState.matches,
+    loaderData = _useDataRouterState.loaderData;
+  return React.useMemo(function () {
+    return matches.map(function (match) {
+      var pathname = match.pathname,
+        params = match.params;
+      // Note: This structure matches that created by createUseMatchesMatch
+      // in the @remix-run/router , so if you change this please also change
+      // that :)  Eventually we'll DRY this up
+      return {
+        id: match.route.id,
+        pathname: pathname,
+        params: params,
+        data: loaderData[match.route.id],
+        handle: match.route.handle
+      };
+    });
+  }, [matches, loaderData]);
+}
+
+/**
+ * Returns the loader data for the nearest ancestor Route loader
+ */
+function useLoaderData() {
+  var state = useDataRouterState(DataRouterStateHook.UseLoaderData);
+  var routeId = useCurrentRouteId(DataRouterStateHook.UseLoaderData);
+  if (state.errors && state.errors[routeId] != null) {
+    console.error("You cannot `useLoaderData` in an errorElement (routeId: " + routeId + ")");
+    return undefined;
+  }
+  return state.loaderData[routeId];
+}
+
+/**
+ * Returns the loaderData for the given routeId
+ */
+function useRouteLoaderData(routeId) {
+  var state = useDataRouterState(DataRouterStateHook.UseRouteLoaderData);
+  return state.loaderData[routeId];
+}
+
+/**
+ * Returns the action data for the nearest ancestor Route action
+ */
+function useActionData() {
+  var state = useDataRouterState(DataRouterStateHook.UseActionData);
+  var route = React.useContext(RouteContext);
+  !route ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  return Object.values((state == null ? void 0 : state.actionData) || {})[0];
+}
+
+/**
+ * Returns the nearest ancestor Route error, which could be a loader/action
+ * error or a render error.  This is intended to be called from your
+ * ErrorBoundary/errorElement to display a proper error message.
+ */
+function useRouteError() {
+  var _state$errors;
+  var error = react.useContext(RouteErrorContext);
+  var state = useDataRouterState(DataRouterStateHook.UseRouteError);
+  var routeId = useCurrentRouteId(DataRouterStateHook.UseRouteError);
+
+  // If this was a render error, we put it in a RouteError context inside
+  // of RenderErrorBoundary
+  if (error) {
+    return error;
+  }
+
+  // Otherwise look for errors from our data router state
+  return (_state$errors = state.errors) == null ? void 0 : _state$errors[routeId];
+}
+
+/**
+ * Returns the happy-path data from the nearest ancestor <Await /> value
+ */
+function useAsyncValue() {
+  var value = React.useContext(AwaitContext);
+  return value == null ? void 0 : value._data;
+}
+
+/**
+ * Returns the error from the nearest ancestor <Await /> value
+ */
+function useAsyncError() {
+  var value = React.useContext(AwaitContext);
+  return value == null ? void 0 : value._error;
+}
+var blockerId = 0;
+
+/**
+ * Allow the application to block navigations within the SPA and present the
+ * user a confirmation dialog to confirm the navigation.  Mostly used to avoid
+ * using half-filled form data.  This does not handle hard-reloads or
+ * cross-origin navigations.
+ */
+function useBlocker(shouldBlock) {
+  var _useDataRouterContext = useDataRouterContext(DataRouterHook.UseBlocker),
+    router = _useDataRouterContext.router;
+  var state = useDataRouterState(DataRouterStateHook.UseBlocker);
+  var _React$useState = React.useState(function () {
+      return String(++blockerId);
+    }),
+    _React$useState2 = _slicedToArray(_React$useState, 1),
+    blockerKey = _React$useState2[0];
+  var blockerFunction = React.useCallback(function (args) {
+    return typeof shouldBlock === "function" ? !!shouldBlock(args) : !!shouldBlock;
+  }, [shouldBlock]);
+  var blocker = router.getBlocker(blockerKey, blockerFunction);
+
+  // Cleanup on unmount
+  React.useEffect(function () {
+    return function () {
+      return router.deleteBlocker(blockerKey);
+    };
+  }, [router, blockerKey]);
+
+  // Prefer the blocker from state since DataRouterContext is memoized so this
+  // ensures we update on blocker state updates
+  return state.blockers.get(blockerKey) || blocker;
+}
+
+/**
+ * Stable version of useNavigate that is used when we are in the context of
+ * a RouterProvider.
+ */
+function useNavigateStable() {
+  var _useDataRouterContext2 = useDataRouterContext(DataRouterHook.UseNavigateStable),
+    router = _useDataRouterContext2.router;
+  var id = useCurrentRouteId(DataRouterStateHook.UseNavigateStable);
+  var activeRef = react.useRef(false);
+  useIsomorphicLayoutEffect(function () {
+    activeRef.current = true;
+  });
+  var navigate = react.useCallback(function (to, options) {
+    if (options === void 0) {
+      options = {};
+    }
+     false ? 0 : void 0;
+
+    // Short circuit here since if this happens on first render the navigate
+    // is useless because we haven't wired up our router subscriber yet
+    if (!activeRef.current) return;
+    if (typeof to === "number") {
+      router.navigate(to);
+    } else {
+      router.navigate(to, dist_extends({
+        fromRouteId: id
+      }, options));
+    }
+  }, [router, id]);
+  return navigate;
+}
+var alreadyWarned = {};
+function warningOnce(key, cond, message) {
+  if (!cond && !alreadyWarned[key]) {
+    alreadyWarned[key] = true;
+     false ? 0 : void 0;
+  }
+}
+
+// Webpack + React 17 fails to compile on the usage of `React.startTransition` or
+// `React["startTransition"]` even if it's behind a feature detection of
+// `"startTransition" in React`. Moving this to a constant avoids the issue :/
+var START_TRANSITION = "startTransition";
+
+/**
+ * Given a Remix Router instance, render the appropriate UI
+ */
+function RouterProvider(_ref) {
+  var fallbackElement = _ref.fallbackElement,
+    router = _ref.router;
+  // Need to use a layout effect here so we are subscribed early enough to
+  // pick up on any render-driven redirects/navigations (useEffect/<Navigate>)
+  var _React$useState3 = react.useState(router.state),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    state = _React$useState4[0],
+    setStateImpl = _React$useState4[1];
+  var setState = react.useCallback(function (newState) {
+    START_TRANSITION in react_namespaceObject ? react_namespaceObject[START_TRANSITION](function () {
+      return setStateImpl(newState);
+    }) : setStateImpl(newState);
+  }, [setStateImpl]);
+  react.useLayoutEffect(function () {
+    return router.subscribe(setState);
+  }, [router, setState]);
+  var navigator = react.useMemo(function () {
+    return {
+      createHref: router.createHref,
+      encodeLocation: router.encodeLocation,
+      go: function go(n) {
+        return router.navigate(n);
+      },
+      push: function push(to, state, opts) {
+        return router.navigate(to, {
+          state: state,
+          preventScrollReset: opts == null ? void 0 : opts.preventScrollReset
+        });
+      },
+      replace: function replace(to, state, opts) {
+        return router.navigate(to, {
+          replace: true,
+          state: state,
+          preventScrollReset: opts == null ? void 0 : opts.preventScrollReset
+        });
+      }
+    };
+  }, [router]);
+  var basename = router.basename || "/";
+  var dataRouterContext = react.useMemo(function () {
+    return {
+      router: router,
+      navigator: navigator,
+      static: false,
+      basename: basename
+    };
+  }, [router, navigator, basename]);
+
+  // The fragment and {null} here are important!  We need them to keep React 18's
+  // useId happy when we are server-rendering since we may have a <script> here
+  // containing the hydrated server-side staticContext (from StaticRouterProvider).
+  // useId relies on the component tree structure to generate deterministic id's
+  // so we need to ensure it remains the same on the client even though
+  // we don't need the <script> tag
+  return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement(DataRouterContext.Provider, {
+    value: dataRouterContext
+  }, /*#__PURE__*/react.createElement(DataRouterStateContext.Provider, {
+    value: state
+  }, /*#__PURE__*/react.createElement(dist_Router, {
+    basename: basename,
+    location: state.location,
+    navigationType: state.historyAction,
+    navigator: navigator
+  }, state.initialized ? /*#__PURE__*/react.createElement(DataRoutes, {
+    routes: router.routes,
+    state: state
+  }) : fallbackElement))), null);
+}
+function DataRoutes(_ref2) {
+  var routes = _ref2.routes,
+    state = _ref2.state;
+  return useRoutesImpl(routes, undefined, state);
+}
+/**
+ * A <Router> that stores all entries in memory.
+ *
+ * @see https://reactrouter.com/router-components/memory-router
+ */
+function MemoryRouter(_ref3) {
+  var basename = _ref3.basename,
+    children = _ref3.children,
+    initialEntries = _ref3.initialEntries,
+    initialIndex = _ref3.initialIndex;
+  var historyRef = React.useRef();
+  if (historyRef.current == null) {
+    historyRef.current = createMemoryHistory({
+      initialEntries: initialEntries,
+      initialIndex: initialIndex,
+      v5Compat: true
+    });
+  }
+  var history = historyRef.current;
+  var _React$useState5 = React.useState({
+      action: history.action,
+      location: history.location
+    }),
+    _React$useState6 = _slicedToArray(_React$useState5, 2),
+    state = _React$useState6[0],
+    setStateImpl = _React$useState6[1];
+  var setState = React.useCallback(function (newState) {
+    START_TRANSITION in React ? React[START_TRANSITION](function () {
+      return setStateImpl(newState);
+    }) : setStateImpl(newState);
+  }, [setStateImpl]);
+  React.useLayoutEffect(function () {
+    return history.listen(setState);
+  }, [history, setState]);
+  return /*#__PURE__*/React.createElement(dist_Router, {
+    basename: basename,
+    children: children,
+    location: state.location,
+    navigationType: state.action,
+    navigator: history
+  });
+}
+/**
+ * Changes the current location.
+ *
+ * Note: This API is mostly useful in React.Component subclasses that are not
+ * able to use hooks. In functional components, we recommend you use the
+ * `useNavigate` hook instead.
+ *
+ * @see https://reactrouter.com/components/navigate
+ */
+function Navigate(_ref4) {
+  var to = _ref4.to,
+    replace = _ref4.replace,
+    state = _ref4.state,
+    relative = _ref4.relative;
+  !useInRouterContext() ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+   false ? 0 : void 0;
+  var _React$useContext9 = React.useContext(RouteContext),
+    matches = _React$useContext9.matches;
+  var _useLocation4 = dist_useLocation(),
+    locationPathname = _useLocation4.pathname;
+  var navigate = dist_useNavigate();
+
+  // Resolve the path outside of the effect so that when effects run twice in
+  // StrictMode they navigate to the same place
+  var path = resolveTo(to, UNSAFE_getPathContributingMatches(matches).map(function (match) {
+    return match.pathnameBase;
+  }), locationPathname, relative === "path");
+  var jsonPath = JSON.stringify(path);
+  React.useEffect(function () {
+    return navigate(JSON.parse(jsonPath), {
+      replace: replace,
+      state: state,
+      relative: relative
+    });
+  }, [navigate, jsonPath, relative, replace, state]);
+  return null;
+}
+/**
+ * Renders the child route's element, if there is one.
+ *
+ * @see https://reactrouter.com/components/outlet
+ */
+function Outlet(props) {
+  return useOutlet(props.context);
+}
+/**
+ * Declares an element that should be rendered at a certain URL path.
+ *
+ * @see https://reactrouter.com/components/route
+ */
+function Route(_props) {
+   false ? 0 : UNSAFE_invariant(false);
+}
+/**
+ * Provides location context for the rest of the app.
+ *
+ * Note: You usually won't render a <Router> directly. Instead, you'll render a
+ * router that is more specific to your environment such as a <BrowserRouter>
+ * in web browsers or a <StaticRouter> for server rendering.
+ *
+ * @see https://reactrouter.com/router-components/router
+ */
+function dist_Router(_ref5) {
+  var _ref5$basename = _ref5.basename,
+    basenameProp = _ref5$basename === void 0 ? "/" : _ref5$basename,
+    _ref5$children = _ref5.children,
+    children = _ref5$children === void 0 ? null : _ref5$children,
+    locationProp = _ref5.location,
+    _ref5$navigationType = _ref5.navigationType,
+    navigationType = _ref5$navigationType === void 0 ? Action.Pop : _ref5$navigationType,
+    navigator = _ref5.navigator,
+    _ref5$static = _ref5.static,
+    staticProp = _ref5$static === void 0 ? false : _ref5$static;
+  !!useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
+
+  // Preserve trailing slashes on basename, so we can let the user control
+  // the enforcement of trailing slashes throughout the app
+  var basename = basenameProp.replace(/^\/*/, "/");
+  var navigationContext = react.useMemo(function () {
+    return {
+      basename: basename,
+      navigator: navigator,
+      static: staticProp
+    };
+  }, [basename, navigator, staticProp]);
+  if (typeof locationProp === "string") {
+    locationProp = parsePath(locationProp);
+  }
+  var _locationProp = locationProp,
+    _locationProp$pathnam = _locationProp.pathname,
+    pathname = _locationProp$pathnam === void 0 ? "/" : _locationProp$pathnam,
+    _locationProp$search = _locationProp.search,
+    search = _locationProp$search === void 0 ? "" : _locationProp$search,
+    _locationProp$hash = _locationProp.hash,
+    hash = _locationProp$hash === void 0 ? "" : _locationProp$hash,
+    _locationProp$state = _locationProp.state,
+    state = _locationProp$state === void 0 ? null : _locationProp$state,
+    _locationProp$key = _locationProp.key,
+    key = _locationProp$key === void 0 ? "default" : _locationProp$key;
+  var locationContext = react.useMemo(function () {
+    var trailingPathname = router_stripBasename(pathname, basename);
+    if (trailingPathname == null) {
+      return null;
+    }
+    return {
+      location: {
+        pathname: trailingPathname,
+        search: search,
+        hash: hash,
+        state: state,
+        key: key
+      },
+      navigationType: navigationType
+    };
+  }, [basename, pathname, search, hash, state, key, navigationType]);
+   false ? 0 : void 0;
+  if (locationContext == null) {
+    return null;
+  }
+  return /*#__PURE__*/react.createElement(NavigationContext.Provider, {
+    value: navigationContext
+  }, /*#__PURE__*/react.createElement(LocationContext.Provider, {
+    children: children,
+    value: locationContext
+  }));
+}
+/**
+ * A container for a nested tree of <Route> elements that renders the branch
+ * that best matches the current location.
+ *
+ * @see https://reactrouter.com/components/routes
+ */
+function Routes(_ref6) {
+  var children = _ref6.children,
+    location = _ref6.location;
+  return useRoutes(createRoutesFromChildren(children), location);
+}
+/**
+ * Component to use for rendering lazily loaded data from returning defer()
+ * in a loader function
+ */
+function Await(_ref7) {
+  var children = _ref7.children,
+    errorElement = _ref7.errorElement,
+    resolve = _ref7.resolve;
+  return /*#__PURE__*/React.createElement(AwaitErrorBoundary, {
+    resolve: resolve,
+    errorElement: errorElement
+  }, /*#__PURE__*/React.createElement(ResolveAwait, null, children));
+}
+var AwaitRenderStatus;
+(function (AwaitRenderStatus) {
+  AwaitRenderStatus[AwaitRenderStatus["pending"] = 0] = "pending";
+  AwaitRenderStatus[AwaitRenderStatus["success"] = 1] = "success";
+  AwaitRenderStatus[AwaitRenderStatus["error"] = 2] = "error";
+})(AwaitRenderStatus || (AwaitRenderStatus = {}));
+var neverSettledPromise = new Promise(function () {});
+var AwaitErrorBoundary = /*#__PURE__*/function (_React$Component2) {
+  _inherits(AwaitErrorBoundary, _React$Component2);
+  var _super2 = _createSuper(AwaitErrorBoundary);
+  function AwaitErrorBoundary(props) {
+    var _this2;
+    classCallCheck_classCallCheck(this, AwaitErrorBoundary);
+    _this2 = _super2.call(this, props);
+    _this2.state = {
+      error: null
+    };
+    return _this2;
+  }
+  createClass_createClass(AwaitErrorBoundary, [{
+    key: "componentDidCatch",
+    value: function componentDidCatch(error, errorInfo) {
+      console.error("<Await> caught the following error during render", error, errorInfo);
+    }
+  }, {
+    key: "render",
+    value: function render() {
+      var _this$props = this.props,
+        children = _this$props.children,
+        errorElement = _this$props.errorElement,
+        resolve = _this$props.resolve;
+      var promise = null;
+      var status = AwaitRenderStatus.pending;
+      if (!(resolve instanceof Promise)) {
+        // Didn't get a promise - provide as a resolved promise
+        status = AwaitRenderStatus.success;
+        promise = Promise.resolve();
+        Object.defineProperty(promise, "_tracked", {
+          get: function get() {
+            return true;
+          }
+        });
+        Object.defineProperty(promise, "_data", {
+          get: function get() {
+            return resolve;
+          }
+        });
+      } else if (this.state.error) {
+        // Caught a render error, provide it as a rejected promise
+        status = AwaitRenderStatus.error;
+        var renderError = this.state.error;
+        promise = Promise.reject().catch(function () {}); // Avoid unhandled rejection warnings
+        Object.defineProperty(promise, "_tracked", {
+          get: function get() {
+            return true;
+          }
+        });
+        Object.defineProperty(promise, "_error", {
+          get: function get() {
+            return renderError;
+          }
+        });
+      } else if (resolve._tracked) {
+        // Already tracked promise - check contents
+        promise = resolve;
+        status = promise._error !== undefined ? AwaitRenderStatus.error : promise._data !== undefined ? AwaitRenderStatus.success : AwaitRenderStatus.pending;
+      } else {
+        // Raw (untracked) promise - track it
+        status = AwaitRenderStatus.pending;
+        Object.defineProperty(resolve, "_tracked", {
+          get: function get() {
+            return true;
+          }
+        });
+        promise = resolve.then(function (data) {
+          return Object.defineProperty(resolve, "_data", {
+            get: function get() {
+              return data;
+            }
+          });
+        }, function (error) {
+          return Object.defineProperty(resolve, "_error", {
+            get: function get() {
+              return error;
+            }
+          });
+        });
+      }
+      if (status === AwaitRenderStatus.error && promise._error instanceof AbortedDeferredError) {
+        // Freeze the UI by throwing a never resolved promise
+        throw neverSettledPromise;
+      }
+      if (status === AwaitRenderStatus.error && !errorElement) {
+        // No errorElement, throw to the nearest route-level error boundary
+        throw promise._error;
+      }
+      if (status === AwaitRenderStatus.error) {
+        // Render via our errorElement
+        return /*#__PURE__*/react.createElement(AwaitContext.Provider, {
+          value: promise,
+          children: errorElement
+        });
+      }
+      if (status === AwaitRenderStatus.success) {
+        // Render children with resolved value
+        return /*#__PURE__*/react.createElement(AwaitContext.Provider, {
+          value: promise,
+          children: children
+        });
+      }
+
+      // Throw to the suspense boundary
+      throw promise;
+    }
+  }], [{
+    key: "getDerivedStateFromError",
+    value: function getDerivedStateFromError(error) {
+      return {
+        error: error
+      };
+    }
+  }]);
+  return AwaitErrorBoundary;
+}(react.Component);
+/**
+ * @private
+ * Indirection to leverage useAsyncValue for a render-prop API on <Await>
+ */
+function ResolveAwait(_ref8) {
+  var children = _ref8.children;
+  var data = useAsyncValue();
+  var toRender = typeof children === "function" ? children(data) : children;
+  return /*#__PURE__*/React.createElement(React.Fragment, null, toRender);
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// UTILS
+///////////////////////////////////////////////////////////////////////////////
+
+/**
+ * Creates a route config from a React "children" object, which is usually
+ * either a `<Route>` element or an array of them. Used internally by
+ * `<Routes>` to create a route config from its children.
+ *
+ * @see https://reactrouter.com/utils/create-routes-from-children
+ */
+function createRoutesFromChildren(children, parentPath) {
+  if (parentPath === void 0) {
+    parentPath = [];
+  }
+  var routes = [];
+  React.Children.forEach(children, function (element, index) {
+    if (! /*#__PURE__*/React.isValidElement(element)) {
+      // Ignore non-elements. This allows people to more easily inline
+      // conditionals in their route config.
+      return;
+    }
+    var treePath = [].concat(_toConsumableArray(parentPath), [index]);
+    if (element.type === React.Fragment) {
+      // Transparently support React.Fragment and its children.
+      routes.push.apply(routes, createRoutesFromChildren(element.props.children, treePath));
+      return;
+    }
+    !(element.type === Route) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+    !(!element.props.index || !element.props.children) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+    var route = {
+      id: element.props.id || treePath.join("-"),
+      caseSensitive: element.props.caseSensitive,
+      element: element.props.element,
+      Component: element.props.Component,
+      index: element.props.index,
+      path: element.props.path,
+      loader: element.props.loader,
+      action: element.props.action,
+      errorElement: element.props.errorElement,
+      ErrorBoundary: element.props.ErrorBoundary,
+      hasErrorBoundary: element.props.ErrorBoundary != null || element.props.errorElement != null,
+      shouldRevalidate: element.props.shouldRevalidate,
+      handle: element.props.handle,
+      lazy: element.props.lazy
+    };
+    if (element.props.children) {
+      route.children = createRoutesFromChildren(element.props.children, treePath);
+    }
+    routes.push(route);
+  });
+  return routes;
+}
+
+/**
+ * Renders the result of `matchRoutes()` into a React element.
+ */
+function renderMatches(matches) {
+  return _renderMatches(matches);
+}
+function mapRouteProperties(route) {
+  var updates = {
+    // Note: this check also occurs in createRoutesFromChildren so update
+    // there if you change this -- please and thank you!
+    hasErrorBoundary: route.ErrorBoundary != null || route.errorElement != null
+  };
+  if (route.Component) {
+    if (false) {}
+    Object.assign(updates, {
+      element: /*#__PURE__*/react.createElement(route.Component),
+      Component: undefined
+    });
+  }
+  if (route.ErrorBoundary) {
+    if (false) {}
+    Object.assign(updates, {
+      errorElement: /*#__PURE__*/react.createElement(route.ErrorBoundary),
+      ErrorBoundary: undefined
+    });
+  }
+  return updates;
+}
+function createMemoryRouter(routes, opts) {
+  return createRouter({
+    basename: opts == null ? void 0 : opts.basename,
+    future: dist_extends({}, opts == null ? void 0 : opts.future, {
+      v7_prependBasename: true
+    }),
+    history: createMemoryHistory({
+      initialEntries: opts == null ? void 0 : opts.initialEntries,
+      initialIndex: opts == null ? void 0 : opts.initialIndex
+    }),
+    hydrationData: opts == null ? void 0 : opts.hydrationData,
+    routes: routes,
+    mapRouteProperties: mapRouteProperties
+  }).initialize();
+}
+
+;// CONCATENATED MODULE: ./src/index.css
+// extracted by mini-css-extract-plugin
+/* harmony default export */ var src = ({});
+;// CONCATENATED MODULE: ./src/reportWebVitals.ts
+var reportWebVitals=function reportWebVitals(onPerfEntry){if(onPerfEntry&&onPerfEntry instanceof Function){__webpack_require__.e(/* import() */ 787).then(__webpack_require__.bind(__webpack_require__, 787)).then(function(_ref){var getCLS=_ref.getCLS,getFID=_ref.getFID,getFCP=_ref.getFCP,getLCP=_ref.getLCP,getTTFB=_ref.getTTFB;getCLS(onPerfEntry);getFID(onPerfEntry);getFCP(onPerfEntry);getLCP(onPerfEntry);getTTFB(onPerfEntry);});}};/* harmony default export */ var src_reportWebVitals = (reportWebVitals);
+;// CONCATENATED MODULE: ./node_modules/@fontsource-variable/nunito/index.css
+// extracted by mini-css-extract-plugin
+/* harmony default export */ var nunito = ({});
+;// CONCATENATED MODULE: ./node_modules/react-router-dom/dist/index.js
+
+
+
+/**
+ * React Router DOM v6.12.1
+ *
+ * Copyright (c) Remix Software Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE.md file in the root directory of this source tree.
+ *
+ * @license MIT
+ */
+
+
+
+
+function react_router_dom_dist_extends() {
+  react_router_dom_dist_extends = Object.assign ? Object.assign.bind() : function (target) {
+    for (var i = 1; i < arguments.length; i++) {
+      var source = arguments[i];
+      for (var key in source) {
+        if (Object.prototype.hasOwnProperty.call(source, key)) {
+          target[key] = source[key];
+        }
+      }
+    }
+    return target;
+  };
+  return react_router_dom_dist_extends.apply(this, arguments);
+}
+function _objectWithoutPropertiesLoose(source, excluded) {
+  if (source == null) return {};
+  var target = {};
+  var sourceKeys = Object.keys(source);
+  var key, i;
+  for (i = 0; i < sourceKeys.length; i++) {
+    key = sourceKeys[i];
+    if (excluded.indexOf(key) >= 0) continue;
+    target[key] = source[key];
+  }
+  return target;
+}
+var defaultMethod = "get";
+var defaultEncType = "application/x-www-form-urlencoded";
+function isHtmlElement(object) {
+  return object != null && typeof object.tagName === "string";
+}
+function isButtonElement(object) {
+  return isHtmlElement(object) && object.tagName.toLowerCase() === "button";
+}
+function isFormElement(object) {
+  return isHtmlElement(object) && object.tagName.toLowerCase() === "form";
+}
+function isInputElement(object) {
+  return isHtmlElement(object) && object.tagName.toLowerCase() === "input";
+}
+function isModifiedEvent(event) {
+  return !!(event.metaKey || event.altKey || event.ctrlKey || event.shiftKey);
+}
+function shouldProcessLinkClick(event, target) {
+  return event.button === 0 && (
+  // Ignore everything but left clicks
+  !target || target === "_self") &&
+  // Let browser handle "target=_blank" etc.
+  !isModifiedEvent(event) // Ignore clicks with modifier keys
+  ;
+}
+/**
+ * Creates a URLSearchParams object using the given initializer.
+ *
+ * This is identical to `new URLSearchParams(init)` except it also
+ * supports arrays as values in the object form of the initializer
+ * instead of just strings. This is convenient when you need multiple
+ * values for a given key, but don't want to use an array initializer.
+ *
+ * For example, instead of:
+ *
+ *   let searchParams = new URLSearchParams([
+ *     ['sort', 'name'],
+ *     ['sort', 'price']
+ *   ]);
+ *
+ * you can do:
+ *
+ *   let searchParams = createSearchParams({
+ *     sort: ['name', 'price']
+ *   });
+ */
+function createSearchParams(init) {
+  if (init === void 0) {
+    init = "";
+  }
+  return new URLSearchParams(typeof init === "string" || Array.isArray(init) || init instanceof URLSearchParams ? init : Object.keys(init).reduce(function (memo, key) {
+    var value = init[key];
+    return memo.concat(Array.isArray(value) ? value.map(function (v) {
+      return [key, v];
+    }) : [[key, value]]);
+  }, []));
+}
+function getSearchParamsForLocation(locationSearch, defaultSearchParams) {
+  var searchParams = createSearchParams(locationSearch);
+  if (defaultSearchParams) {
+    var _iterator = _createForOfIteratorHelper(defaultSearchParams.keys()),
+      _step;
+    try {
+      var _loop = function _loop() {
+        var key = _step.value;
+        if (!searchParams.has(key)) {
+          defaultSearchParams.getAll(key).forEach(function (value) {
+            searchParams.append(key, value);
+          });
+        }
+      };
+      for (_iterator.s(); !(_step = _iterator.n()).done;) {
+        _loop();
+      }
+    } catch (err) {
+      _iterator.e(err);
+    } finally {
+      _iterator.f();
+    }
+  }
+  return searchParams;
+}
+function getFormSubmissionInfo(target, options, basename) {
+  var method;
+  var action = null;
+  var encType;
+  var formData;
+  if (isFormElement(target)) {
+    var submissionTrigger = options.submissionTrigger;
+    if (options.action) {
+      action = options.action;
+    } else {
+      // When grabbing the action from the element, it will have had the basename
+      // prefixed to ensure non-JS scenarios work, so strip it since we'll
+      // re-prefix in the router
+      var attr = target.getAttribute("action");
+      action = attr ? stripBasename(attr, basename) : null;
+    }
+    method = options.method || target.getAttribute("method") || defaultMethod;
+    encType = options.encType || target.getAttribute("enctype") || defaultEncType;
+    formData = new FormData(target);
+    if (submissionTrigger && submissionTrigger.name) {
+      formData.append(submissionTrigger.name, submissionTrigger.value);
+    }
+  } else if (isButtonElement(target) || isInputElement(target) && (target.type === "submit" || target.type === "image")) {
+    var form = target.form;
+    if (form == null) {
+      throw new Error("Cannot submit a <button> or <input type=\"submit\"> without a <form>");
+    }
+    // <button>/<input type="submit"> may override attributes of <form>
+    if (options.action) {
+      action = options.action;
+    } else {
+      // When grabbing the action from the element, it will have had the basename
+      // prefixed to ensure non-JS scenarios work, so strip it since we'll
+      // re-prefix in the router
+      var _attr = target.getAttribute("formaction") || form.getAttribute("action");
+      action = _attr ? stripBasename(_attr, basename) : null;
+    }
+    method = options.method || target.getAttribute("formmethod") || form.getAttribute("method") || defaultMethod;
+    encType = options.encType || target.getAttribute("formenctype") || form.getAttribute("enctype") || defaultEncType;
+    formData = new FormData(form);
+    // Include name + value from a <button>, appending in case the button name
+    // matches an existing input name
+    if (target.name) {
+      formData.append(target.name, target.value);
+    }
+  } else if (isHtmlElement(target)) {
+    throw new Error("Cannot submit element that is not <form>, <button>, or " + "<input type=\"submit|image\">");
+  } else {
+    method = options.method || defaultMethod;
+    action = options.action || null;
+    encType = options.encType || defaultEncType;
+    if (target instanceof FormData) {
+      formData = target;
+    } else {
+      formData = new FormData();
+      if (target instanceof URLSearchParams) {
+        var _iterator2 = _createForOfIteratorHelper(target),
+          _step2;
+        try {
+          for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+            var _step2$value = _slicedToArray(_step2.value, 2),
+              name = _step2$value[0],
+              value = _step2$value[1];
+            formData.append(name, value);
+          }
+        } catch (err) {
+          _iterator2.e(err);
+        } finally {
+          _iterator2.f();
+        }
+      } else if (target != null) {
+        for (var _i = 0, _Object$keys = Object.keys(target); _i < _Object$keys.length; _i++) {
+          var _name = _Object$keys[_i];
+          formData.append(_name, target[_name]);
+        }
+      }
+    }
+  }
+  return {
+    action: action,
+    method: method.toLowerCase(),
+    encType: encType,
+    formData: formData
+  };
+}
+var _excluded = ["onClick", "relative", "reloadDocument", "replace", "state", "target", "to", "preventScrollReset"],
+  _excluded2 = (/* unused pure expression or super */ null && (["aria-current", "caseSensitive", "className", "end", "style", "to", "children"])),
+  _excluded3 = (/* unused pure expression or super */ null && (["reloadDocument", "replace", "method", "action", "onSubmit", "fetcherKey", "routeId", "relative", "preventScrollReset"]));
+function createBrowserRouter(routes, opts) {
+  return createRouter({
+    basename: opts == null ? void 0 : opts.basename,
+    future: react_router_dom_dist_extends({}, opts == null ? void 0 : opts.future, {
+      v7_prependBasename: true
+    }),
+    history: createBrowserHistory({
+      window: opts == null ? void 0 : opts.window
+    }),
+    hydrationData: (opts == null ? void 0 : opts.hydrationData) || parseHydrationData(),
+    routes: routes,
+    mapRouteProperties: UNSAFE_mapRouteProperties
+  }).initialize();
+}
+function createHashRouter(routes, opts) {
+  return router_createRouter({
+    basename: opts == null ? void 0 : opts.basename,
+    future: react_router_dom_dist_extends({}, opts == null ? void 0 : opts.future, {
+      v7_prependBasename: true
+    }),
+    history: router_createHashHistory({
+      window: opts == null ? void 0 : opts.window
+    }),
+    hydrationData: (opts == null ? void 0 : opts.hydrationData) || parseHydrationData(),
+    routes: routes,
+    mapRouteProperties: mapRouteProperties
+  }).initialize();
+}
+function parseHydrationData() {
+  var _window;
+  var state = (_window = window) == null ? void 0 : _window.__staticRouterHydrationData;
+  if (state && state.errors) {
+    state = react_router_dom_dist_extends({}, state, {
+      errors: deserializeErrors(state.errors)
+    });
+  }
+  return state;
+}
+function deserializeErrors(errors) {
+  if (!errors) return null;
+  var entries = Object.entries(errors);
+  var serialized = {};
+  for (var _i2 = 0, _entries = entries; _i2 < _entries.length; _i2++) {
+    var _entries$_i = slicedToArray_slicedToArray(_entries[_i2], 2),
+      key = _entries$_i[0],
+      val = _entries$_i[1];
+    // Hey you!  If you change this, please change the corresponding logic in
+    // serializeErrors in react-router-dom/server.tsx :)
+    if (val && val.__type === "RouteErrorResponse") {
+      serialized[key] = new ErrorResponse(val.status, val.statusText, val.data, val.internal === true);
+    } else if (val && val.__type === "Error") {
+      var error = new Error(val.message);
+      // Wipe away the client-side stack trace.  Nothing to fill it in with
+      // because we don't serialize SSR stack traces for security reasons
+      error.stack = "";
+      serialized[key] = error;
+    } else {
+      serialized[key] = val;
+    }
+  }
+  return serialized;
+}
+// Webpack + React 17 fails to compile on the usage of `React.startTransition` or
+// `React["startTransition"]` even if it's behind a feature detection of
+// `"startTransition" in React`. Moving this to a constant avoids the issue :/
+var dist_START_TRANSITION = "startTransition";
+/**
+ * A `<Router>` for use in web browsers. Provides the cleanest URLs.
+ */
+function BrowserRouter(_ref) {
+  var basename = _ref.basename,
+    children = _ref.children,
+    window = _ref.window;
+  var historyRef = React.useRef();
+  if (historyRef.current == null) {
+    historyRef.current = createBrowserHistory({
+      window: window,
+      v5Compat: true
+    });
+  }
+  var history = historyRef.current;
+  var _React$useState = React.useState({
+      action: history.action,
+      location: history.location
+    }),
+    _React$useState2 = _slicedToArray(_React$useState, 2),
+    state = _React$useState2[0],
+    setStateImpl = _React$useState2[1];
+  var setState = React.useCallback(function (newState) {
+    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
+      return setStateImpl(newState);
+    }) : setStateImpl(newState);
+  }, [setStateImpl]);
+  React.useLayoutEffect(function () {
+    return history.listen(setState);
+  }, [history, setState]);
+  return /*#__PURE__*/React.createElement(Router, {
+    basename: basename,
+    children: children,
+    location: state.location,
+    navigationType: state.action,
+    navigator: history
+  });
+}
+/**
+ * A `<Router>` for use in web browsers. Stores the location in the hash
+ * portion of the URL so it is not sent to the server.
+ */
+function HashRouter(_ref2) {
+  var basename = _ref2.basename,
+    children = _ref2.children,
+    window = _ref2.window;
+  var historyRef = React.useRef();
+  if (historyRef.current == null) {
+    historyRef.current = createHashHistory({
+      window: window,
+      v5Compat: true
+    });
+  }
+  var history = historyRef.current;
+  var _React$useState3 = React.useState({
+      action: history.action,
+      location: history.location
+    }),
+    _React$useState4 = _slicedToArray(_React$useState3, 2),
+    state = _React$useState4[0],
+    setStateImpl = _React$useState4[1];
+  var setState = React.useCallback(function (newState) {
+    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
+      return setStateImpl(newState);
+    }) : setStateImpl(newState);
+  }, [setStateImpl]);
+  React.useLayoutEffect(function () {
+    return history.listen(setState);
+  }, [history, setState]);
+  return /*#__PURE__*/React.createElement(Router, {
+    basename: basename,
+    children: children,
+    location: state.location,
+    navigationType: state.action,
+    navigator: history
+  });
+}
+/**
+ * A `<Router>` that accepts a pre-instantiated history object. It's important
+ * to note that using your own history object is highly discouraged and may add
+ * two versions of the history library to your bundles unless you use the same
+ * version of the history library that React Router uses internally.
+ */
+function HistoryRouter(_ref3) {
+  var basename = _ref3.basename,
+    children = _ref3.children,
+    history = _ref3.history;
+  var _React$useState5 = React.useState({
+      action: history.action,
+      location: history.location
+    }),
+    _React$useState6 = _slicedToArray(_React$useState5, 2),
+    state = _React$useState6[0],
+    setStateImpl = _React$useState6[1];
+  var setState = React.useCallback(function (newState) {
+    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
+      return setStateImpl(newState);
+    }) : setStateImpl(newState);
+  }, [setStateImpl]);
+  React.useLayoutEffect(function () {
+    return history.listen(setState);
+  }, [history, setState]);
+  return /*#__PURE__*/React.createElement(Router, {
+    basename: basename,
+    children: children,
+    location: state.location,
+    navigationType: state.action,
+    navigator: history
+  });
+}
+if (false) {}
+var isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined" && typeof window.document.createElement !== "undefined";
+var dist_ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
+/**
+ * The public API for rendering a history-aware <a>.
+ */
+var Link = /*#__PURE__*/react.forwardRef(function LinkWithRef(_ref4, ref) {
+  var onClick = _ref4.onClick,
+    relative = _ref4.relative,
+    reloadDocument = _ref4.reloadDocument,
+    replace = _ref4.replace,
+    state = _ref4.state,
+    target = _ref4.target,
+    to = _ref4.to,
+    preventScrollReset = _ref4.preventScrollReset,
+    rest = _objectWithoutPropertiesLoose(_ref4, _excluded);
+  var _React$useContext = react.useContext(NavigationContext),
+    basename = _React$useContext.basename;
+  // Rendered into <a href> for absolute URLs
+  var absoluteHref;
+  var isExternal = false;
+  if (typeof to === "string" && dist_ABSOLUTE_URL_REGEX.test(to)) {
+    // Render the absolute href server- and client-side
+    absoluteHref = to;
+    // Only check for external origins client-side
+    if (isBrowser) {
+      try {
+        var currentUrl = new URL(window.location.href);
+        var targetUrl = to.startsWith("//") ? new URL(currentUrl.protocol + to) : new URL(to);
+        var path = router_stripBasename(targetUrl.pathname, basename);
+        if (targetUrl.origin === currentUrl.origin && path != null) {
+          // Strip the protocol/origin/basename for same-origin absolute URLs
+          to = path + targetUrl.search + targetUrl.hash;
+        } else {
+          isExternal = true;
+        }
+      } catch (e) {
+        // We can't do external URL detection without a valid URL
+         false ? 0 : void 0;
+      }
+    }
+  }
+  // Rendered into <a href> for relative URLs
+  var href = useHref(to, {
+    relative: relative
+  });
+  var internalOnClick = useLinkClickHandler(to, {
+    replace: replace,
+    state: state,
+    target: target,
+    preventScrollReset: preventScrollReset,
+    relative: relative
+  });
+  function handleClick(event) {
+    if (onClick) onClick(event);
+    if (!event.defaultPrevented) {
+      internalOnClick(event);
+    }
+  }
+  return /*#__PURE__*/(
+    // eslint-disable-next-line jsx-a11y/anchor-has-content
+    react.createElement("a", react_router_dom_dist_extends({}, rest, {
+      href: absoluteHref || href,
+      onClick: isExternal || reloadDocument ? onClick : handleClick,
+      ref: ref,
+      target: target
+    }))
+  );
+});
+if (false) {}
+/**
+ * A <Link> wrapper that knows if it's "active" or not.
+ */
+var NavLink = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function NavLinkWithRef(_ref5, ref) {
+  var _ref5$ariaCurrent = _ref5["aria-current"],
+    ariaCurrentProp = _ref5$ariaCurrent === void 0 ? "page" : _ref5$ariaCurrent,
+    _ref5$caseSensitive = _ref5.caseSensitive,
+    caseSensitive = _ref5$caseSensitive === void 0 ? false : _ref5$caseSensitive,
+    _ref5$className = _ref5.className,
+    classNameProp = _ref5$className === void 0 ? "" : _ref5$className,
+    _ref5$end = _ref5.end,
+    end = _ref5$end === void 0 ? false : _ref5$end,
+    styleProp = _ref5.style,
+    to = _ref5.to,
+    children = _ref5.children,
+    rest = _objectWithoutPropertiesLoose(_ref5, _excluded2);
+  var path = useResolvedPath(to, {
+    relative: rest.relative
+  });
+  var location = useLocation();
+  var routerState = React.useContext(UNSAFE_DataRouterStateContext);
+  var _React$useContext2 = React.useContext(UNSAFE_NavigationContext),
+    navigator = _React$useContext2.navigator;
+  var toPathname = navigator.encodeLocation ? navigator.encodeLocation(path).pathname : path.pathname;
+  var locationPathname = location.pathname;
+  var nextLocationPathname = routerState && routerState.navigation && routerState.navigation.location ? routerState.navigation.location.pathname : null;
+  if (!caseSensitive) {
+    locationPathname = locationPathname.toLowerCase();
+    nextLocationPathname = nextLocationPathname ? nextLocationPathname.toLowerCase() : null;
+    toPathname = toPathname.toLowerCase();
+  }
+  var isActive = locationPathname === toPathname || !end && locationPathname.startsWith(toPathname) && locationPathname.charAt(toPathname.length) === "/";
+  var isPending = nextLocationPathname != null && (nextLocationPathname === toPathname || !end && nextLocationPathname.startsWith(toPathname) && nextLocationPathname.charAt(toPathname.length) === "/");
+  var ariaCurrent = isActive ? ariaCurrentProp : undefined;
+  var className;
+  if (typeof classNameProp === "function") {
+    className = classNameProp({
+      isActive: isActive,
+      isPending: isPending
+    });
+  } else {
+    // If the className prop is not a function, we use a default `active`
+    // class for <NavLink />s that are active. In v5 `active` was the default
+    // value for `activeClassName`, but we are removing that API and can still
+    // use the old default behavior for a cleaner upgrade path and keep the
+    // simple styling rules working as they currently do.
+    className = [classNameProp, isActive ? "active" : null, isPending ? "pending" : null].filter(Boolean).join(" ");
+  }
+  var style = typeof styleProp === "function" ? styleProp({
+    isActive: isActive,
+    isPending: isPending
+  }) : styleProp;
+  return /*#__PURE__*/React.createElement(Link, react_router_dom_dist_extends({}, rest, {
+    "aria-current": ariaCurrent,
+    className: className,
+    ref: ref,
+    style: style,
+    to: to
+  }), typeof children === "function" ? children({
+    isActive: isActive,
+    isPending: isPending
+  }) : children);
+})));
+if (false) {}
+/**
+ * A `@remix-run/router`-aware `<form>`. It behaves like a normal form except
+ * that the interaction with the server is with `fetch` instead of new document
+ * requests, allowing components to add nicer UX to the page as the form is
+ * submitted and returns with data.
+ */
+var Form = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function (props, ref) {
+  return /*#__PURE__*/React.createElement(FormImpl, react_router_dom_dist_extends({}, props, {
+    ref: ref
+  }));
+})));
+if (false) {}
+var FormImpl = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function (_ref6, forwardedRef) {
+  var reloadDocument = _ref6.reloadDocument,
+    replace = _ref6.replace,
+    _ref6$method = _ref6.method,
+    method = _ref6$method === void 0 ? defaultMethod : _ref6$method,
+    action = _ref6.action,
+    onSubmit = _ref6.onSubmit,
+    fetcherKey = _ref6.fetcherKey,
+    routeId = _ref6.routeId,
+    relative = _ref6.relative,
+    preventScrollReset = _ref6.preventScrollReset,
+    props = _objectWithoutPropertiesLoose(_ref6, _excluded3);
+  var submit = useSubmitImpl(fetcherKey, routeId);
+  var formMethod = method.toLowerCase() === "get" ? "get" : "post";
+  var formAction = useFormAction(action, {
+    relative: relative
+  });
+  var submitHandler = function submitHandler(event) {
+    onSubmit && onSubmit(event);
+    if (event.defaultPrevented) return;
+    event.preventDefault();
+    var submitter = event.nativeEvent.submitter;
+    var submitMethod = (submitter == null ? void 0 : submitter.getAttribute("formmethod")) || method;
+    submit(submitter || event.currentTarget, {
+      method: submitMethod,
+      replace: replace,
+      relative: relative,
+      preventScrollReset: preventScrollReset
+    });
+  };
+  return /*#__PURE__*/React.createElement("form", react_router_dom_dist_extends({
+    ref: forwardedRef,
+    method: formMethod,
+    action: formAction,
+    onSubmit: reloadDocument ? onSubmit : submitHandler
+  }, props));
+})));
+if (false) {}
+/**
+ * This component will emulate the browser's scroll restoration on location
+ * changes.
+ */
+function ScrollRestoration(_ref7) {
+  var getKey = _ref7.getKey,
+    storageKey = _ref7.storageKey;
+  useScrollRestoration({
+    getKey: getKey,
+    storageKey: storageKey
+  });
+  return null;
+}
+if (false) {}
+//#endregion
+////////////////////////////////////////////////////////////////////////////////
+//#region Hooks
+////////////////////////////////////////////////////////////////////////////////
+var dist_DataRouterHook;
+(function (DataRouterHook) {
+  DataRouterHook["UseScrollRestoration"] = "useScrollRestoration";
+  DataRouterHook["UseSubmitImpl"] = "useSubmitImpl";
+  DataRouterHook["UseFetcher"] = "useFetcher";
+})(dist_DataRouterHook || (dist_DataRouterHook = {}));
+var dist_DataRouterStateHook;
+(function (DataRouterStateHook) {
+  DataRouterStateHook["UseFetchers"] = "useFetchers";
+  DataRouterStateHook["UseScrollRestoration"] = "useScrollRestoration";
+})(dist_DataRouterStateHook || (dist_DataRouterStateHook = {}));
+function dist_getDataRouterConsoleError(hookName) {
+  return hookName + " must be used within a data router.  See https://reactrouter.com/routers/picking-a-router.";
+}
+function dist_useDataRouterContext(hookName) {
+  var ctx = React.useContext(UNSAFE_DataRouterContext);
+  !ctx ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  return ctx;
+}
+function dist_useDataRouterState(hookName) {
+  var state = React.useContext(UNSAFE_DataRouterStateContext);
+  !state ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  return state;
+}
+/**
+ * Handles the click behavior for router `<Link>` components. This is useful if
+ * you need to create custom `<Link>` components with the same click behavior we
+ * use in our exported `<Link>`.
+ */
+function useLinkClickHandler(to, _temp) {
+  var _ref9 = _temp === void 0 ? {} : _temp,
+    target = _ref9.target,
+    replaceProp = _ref9.replace,
+    state = _ref9.state,
+    preventScrollReset = _ref9.preventScrollReset,
+    relative = _ref9.relative;
+  var navigate = dist_useNavigate();
+  var location = dist_useLocation();
+  var path = dist_useResolvedPath(to, {
+    relative: relative
+  });
+  return react.useCallback(function (event) {
+    if (shouldProcessLinkClick(event, target)) {
+      event.preventDefault();
+      // If the URL hasn't changed, a regular <a> will do a replace instead of
+      // a push, so do the same here unless the replace prop is explicitly set
+      var replace = replaceProp !== undefined ? replaceProp : router_createPath(location) === router_createPath(path);
+      navigate(to, {
+        replace: replace,
+        state: state,
+        preventScrollReset: preventScrollReset,
+        relative: relative
+      });
+    }
+  }, [location, navigate, path, replaceProp, state, target, to, preventScrollReset, relative]);
+}
+/**
+ * A convenient wrapper for reading and writing search parameters via the
+ * URLSearchParams interface.
+ */
+function useSearchParams(defaultInit) {
+   false ? 0 : void 0;
+  var defaultSearchParamsRef = React.useRef(createSearchParams(defaultInit));
+  var hasSetSearchParamsRef = React.useRef(false);
+  var location = useLocation();
+  var searchParams = React.useMemo(function () {
+    return (
+      // Only merge in the defaults if we haven't yet called setSearchParams.
+      // Once we call that we want those to take precedence, otherwise you can't
+      // remove a param with setSearchParams({}) if it has an initial value
+      getSearchParamsForLocation(location.search, hasSetSearchParamsRef.current ? null : defaultSearchParamsRef.current)
+    );
+  }, [location.search]);
+  var navigate = useNavigate();
+  var setSearchParams = React.useCallback(function (nextInit, navigateOptions) {
+    var newSearchParams = createSearchParams(typeof nextInit === "function" ? nextInit(searchParams) : nextInit);
+    hasSetSearchParamsRef.current = true;
+    navigate("?" + newSearchParams, navigateOptions);
+  }, [navigate, searchParams]);
+  return [searchParams, setSearchParams];
+}
+/**
+ * Returns a function that may be used to programmatically submit a form (or
+ * some arbitrary data) to the server.
+ */
+function useSubmit() {
+  return useSubmitImpl();
+}
+function useSubmitImpl(fetcherKey, fetcherRouteId) {
+  var _useDataRouterContext = dist_useDataRouterContext(dist_DataRouterHook.UseSubmitImpl),
+    router = _useDataRouterContext.router;
+  var _React$useContext3 = React.useContext(UNSAFE_NavigationContext),
+    basename = _React$useContext3.basename;
+  var currentRouteId = UNSAFE_useRouteId();
+  return React.useCallback(function (target, options) {
+    if (options === void 0) {
+      options = {};
+    }
+    if (typeof document === "undefined") {
+      throw new Error("You are calling submit during the server render. " + "Try calling submit within a `useEffect` or callback instead.");
+    }
+    var _getFormSubmissionInf = getFormSubmissionInfo(target, options, basename),
+      action = _getFormSubmissionInf.action,
+      method = _getFormSubmissionInf.method,
+      encType = _getFormSubmissionInf.encType,
+      formData = _getFormSubmissionInf.formData;
+    // Base options shared between fetch() and navigate()
+    var opts = {
+      preventScrollReset: options.preventScrollReset,
+      formData: formData,
+      formMethod: method,
+      formEncType: encType
+    };
+    if (fetcherKey) {
+      !(fetcherRouteId != null) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+      router.fetch(fetcherKey, fetcherRouteId, action, opts);
+    } else {
+      router.navigate(action, react_router_dom_dist_extends({}, opts, {
+        replace: options.replace,
+        fromRouteId: currentRouteId
+      }));
+    }
+  }, [router, basename, fetcherKey, fetcherRouteId, currentRouteId]);
+}
+// v7: Eventually we should deprecate this entirely in favor of using the
+// router method directly?
+function useFormAction(action, _temp2) {
+  var _ref10 = _temp2 === void 0 ? {} : _temp2,
+    relative = _ref10.relative;
+  var _React$useContext4 = React.useContext(UNSAFE_NavigationContext),
+    basename = _React$useContext4.basename;
+  var routeContext = React.useContext(UNSAFE_RouteContext);
+  !routeContext ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  var _routeContext$matches = routeContext.matches.slice(-1),
+    _routeContext$matches2 = _slicedToArray(_routeContext$matches, 1),
+    match = _routeContext$matches2[0];
+  // Shallow clone path so we can modify it below, otherwise we modify the
+  // object referenced by useMemo inside useResolvedPath
+  var path = react_router_dom_dist_extends({}, useResolvedPath(action ? action : ".", {
+    relative: relative
+  }));
+  // Previously we set the default action to ".". The problem with this is that
+  // `useResolvedPath(".")` excludes search params and the hash of the resolved
+  // URL. This is the intended behavior of when "." is specifically provided as
+  // the form action, but inconsistent w/ browsers when the action is omitted.
+  // https://github.com/remix-run/remix/issues/927
+  var location = useLocation();
+  if (action == null) {
+    // Safe to write to these directly here since if action was undefined, we
+    // would have called useResolvedPath(".") which will never include a search
+    // or hash
+    path.search = location.search;
+    path.hash = location.hash;
+    // When grabbing search params from the URL, remove the automatically
+    // inserted ?index param so we match the useResolvedPath search behavior
+    // which would not include ?index
+    if (match.route.index) {
+      var params = new URLSearchParams(path.search);
+      params.delete("index");
+      path.search = params.toString() ? "?" + params.toString() : "";
+    }
+  }
+  if ((!action || action === ".") && match.route.index) {
+    path.search = path.search ? path.search.replace(/^\?/, "?index&") : "?index";
+  }
+  // If we're operating within a basename, prepend it to the pathname prior
+  // to creating the form action.  If this is a root navigation, then just use
+  // the raw basename which allows the basename to have full control over the
+  // presence of a trailing slash on root actions
+  if (basename !== "/") {
+    path.pathname = path.pathname === "/" ? basename : joinPaths([basename, path.pathname]);
+  }
+  return createPath(path);
+}
+function createFetcherForm(fetcherKey, routeId) {
+  var FetcherForm = /*#__PURE__*/React.forwardRef(function (props, ref) {
+    return /*#__PURE__*/React.createElement(FormImpl, react_router_dom_dist_extends({}, props, {
+      ref: ref,
+      fetcherKey: fetcherKey,
+      routeId: routeId
+    }));
+  });
+  if (false) {}
+  return FetcherForm;
+}
+var fetcherId = 0;
+/**
+ * Interacts with route loaders and actions without causing a navigation. Great
+ * for any interaction that stays on the same page.
+ */
+function useFetcher() {
+  var _route$matches;
+  var _useDataRouterContext2 = dist_useDataRouterContext(dist_DataRouterHook.UseFetcher),
+    router = _useDataRouterContext2.router;
+  var route = React.useContext(UNSAFE_RouteContext);
+  !route ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  var routeId = (_route$matches = route.matches[route.matches.length - 1]) == null ? void 0 : _route$matches.route.id;
+  !(routeId != null) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+  var _React$useState7 = React.useState(function () {
+      return String(++fetcherId);
+    }),
+    _React$useState8 = _slicedToArray(_React$useState7, 1),
+    fetcherKey = _React$useState8[0];
+  var _React$useState9 = React.useState(function () {
+      !routeId ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+      return createFetcherForm(fetcherKey, routeId);
+    }),
+    _React$useState10 = _slicedToArray(_React$useState9, 1),
+    Form = _React$useState10[0];
+  var _React$useState11 = React.useState(function () {
+      return function (href) {
+        !router ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+        !routeId ?  false ? 0 : UNSAFE_invariant(false) : void 0;
+        router.fetch(fetcherKey, routeId, href);
+      };
+    }),
+    _React$useState12 = _slicedToArray(_React$useState11, 1),
+    load = _React$useState12[0];
+  var submit = useSubmitImpl(fetcherKey, routeId);
+  var fetcher = router.getFetcher(fetcherKey);
+  var fetcherWithComponents = React.useMemo(function () {
+    return react_router_dom_dist_extends({
+      Form: Form,
+      submit: submit,
+      load: load
+    }, fetcher);
+  }, [fetcher, Form, submit, load]);
+  React.useEffect(function () {
+    // Is this busted when the React team gets real weird and calls effects
+    // twice on mount?  We really just need to garbage collect here when this
+    // fetcher is no longer around.
+    return function () {
+      if (!router) {
+        console.warn("No router available to clean up from useFetcher()");
+        return;
+      }
+      router.deleteFetcher(fetcherKey);
+    };
+  }, [router, fetcherKey]);
+  return fetcherWithComponents;
+}
+/**
+ * Provides all fetchers currently on the page. Useful for layouts and parent
+ * routes that need to provide pending/optimistic UI regarding the fetch.
+ */
+function useFetchers() {
+  var state = dist_useDataRouterState(dist_DataRouterStateHook.UseFetchers);
+  return _toConsumableArray(state.fetchers.values());
+}
+var SCROLL_RESTORATION_STORAGE_KEY = "react-router-scroll-positions";
+var savedScrollPositions = {};
+/**
+ * When rendered inside a RouterProvider, will restore scroll positions on navigations
+ */
+function useScrollRestoration(_temp3) {
+  var _ref11 = _temp3 === void 0 ? {} : _temp3,
+    getKey = _ref11.getKey,
+    storageKey = _ref11.storageKey;
+  var _useDataRouterContext3 = dist_useDataRouterContext(dist_DataRouterHook.UseScrollRestoration),
+    router = _useDataRouterContext3.router;
+  var _useDataRouterState = dist_useDataRouterState(dist_DataRouterStateHook.UseScrollRestoration),
+    restoreScrollPosition = _useDataRouterState.restoreScrollPosition,
+    preventScrollReset = _useDataRouterState.preventScrollReset;
+  var location = useLocation();
+  var matches = useMatches();
+  var navigation = useNavigation();
+  // Trigger manual scroll restoration while we're active
+  React.useEffect(function () {
+    window.history.scrollRestoration = "manual";
+    return function () {
+      window.history.scrollRestoration = "auto";
+    };
+  }, []);
+  // Save positions on pagehide
+  usePageHide(React.useCallback(function () {
+    if (navigation.state === "idle") {
+      var key = (getKey ? getKey(location, matches) : null) || location.key;
+      savedScrollPositions[key] = window.scrollY;
+    }
+    sessionStorage.setItem(storageKey || SCROLL_RESTORATION_STORAGE_KEY, JSON.stringify(savedScrollPositions));
+    window.history.scrollRestoration = "auto";
+  }, [storageKey, getKey, navigation.state, location, matches]));
+  // Read in any saved scroll locations
+  if (typeof document !== "undefined") {
+    // eslint-disable-next-line react-hooks/rules-of-hooks
+    React.useLayoutEffect(function () {
+      try {
+        var sessionPositions = sessionStorage.getItem(storageKey || SCROLL_RESTORATION_STORAGE_KEY);
+        if (sessionPositions) {
+          savedScrollPositions = JSON.parse(sessionPositions);
+        }
+      } catch (e) {
+        // no-op, use default empty object
+      }
+    }, [storageKey]);
+    // Enable scroll restoration in the router
+    // eslint-disable-next-line react-hooks/rules-of-hooks
+    React.useLayoutEffect(function () {
+      var disableScrollRestoration = router == null ? void 0 : router.enableScrollRestoration(savedScrollPositions, function () {
+        return window.scrollY;
+      }, getKey);
+      return function () {
+        return disableScrollRestoration && disableScrollRestoration();
+      };
+    }, [router, getKey]);
+    // Restore scrolling when state.restoreScrollPosition changes
+    // eslint-disable-next-line react-hooks/rules-of-hooks
+    React.useLayoutEffect(function () {
+      // Explicit false means don't do anything (used for submissions)
+      if (restoreScrollPosition === false) {
+        return;
+      }
+      // been here before, scroll to it
+      if (typeof restoreScrollPosition === "number") {
+        window.scrollTo(0, restoreScrollPosition);
+        return;
+      }
+      // try to scroll to the hash
+      if (location.hash) {
+        var el = document.getElementById(location.hash.slice(1));
+        if (el) {
+          el.scrollIntoView();
+          return;
+        }
+      }
+      // Don't reset if this navigation opted out
+      if (preventScrollReset === true) {
+        return;
+      }
+      // otherwise go to the top on new locations
+      window.scrollTo(0, 0);
+    }, [location, restoreScrollPosition, preventScrollReset]);
+  }
+}
+/**
+ * Setup a callback to be fired on the window's `beforeunload` event. This is
+ * useful for saving some data to `window.localStorage` just before the page
+ * refreshes.
+ *
+ * Note: The `callback` argument should be a function created with
+ * `React.useCallback()`.
+ */
+function useBeforeUnload(callback, options) {
+  var _ref12 = options || {},
+    capture = _ref12.capture;
+  React.useEffect(function () {
+    var opts = capture != null ? {
+      capture: capture
+    } : undefined;
+    window.addEventListener("beforeunload", callback, opts);
+    return function () {
+      window.removeEventListener("beforeunload", callback, opts);
+    };
+  }, [callback, capture]);
+}
+/**
+ * Setup a callback to be fired on the window's `pagehide` event. This is
+ * useful for saving some data to `window.localStorage` just before the page
+ * refreshes.  This event is better supported than beforeunload across browsers.
+ *
+ * Note: The `callback` argument should be a function created with
+ * `React.useCallback()`.
+ */
+function usePageHide(callback, options) {
+  var _ref13 = options || {},
+    capture = _ref13.capture;
+  React.useEffect(function () {
+    var opts = capture != null ? {
+      capture: capture
+    } : undefined;
+    window.addEventListener("pagehide", callback, opts);
+    return function () {
+      window.removeEventListener("pagehide", callback, opts);
+    };
+  }, [callback, capture]);
+}
+/**
+ * Wrapper around useBlocker to show a window.confirm prompt to users instead
+ * of building a custom UI with useBlocker.
+ *
+ * Warning: This has *a lot of rough edges* and behaves very differently (and
+ * very incorrectly in some cases) across browsers if user click addition
+ * back/forward navigations while the confirm is open.  Use at your own risk.
+ */
+function usePrompt(_ref8) {
+  var when = _ref8.when,
+    message = _ref8.message;
+  var blocker = unstable_useBlocker(when);
+  React.useEffect(function () {
+    if (blocker.state === "blocked" && !when) {
+      blocker.reset();
+    }
+  }, [blocker, when]);
+  React.useEffect(function () {
+    if (blocker.state === "blocked") {
+      var proceed = window.confirm(message);
+      if (proceed) {
+        setTimeout(blocker.proceed, 0);
+      } else {
+        blocker.reset();
+      }
+    }
+  }, [blocker, message]);
+}
+//#endregion
+
+
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/extends.js
+function extends_extends() {
+  extends_extends = Object.assign ? Object.assign.bind() : function (target) {
+    for (var i = 1; i < arguments.length; i++) {
+      var source = arguments[i];
+      for (var key in source) {
+        if (Object.prototype.hasOwnProperty.call(source, key)) {
+          target[key] = source[key];
+        }
+      }
+    }
+    return target;
+  };
+  return extends_extends.apply(this, arguments);
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutPropertiesLoose.js
+function objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded) {
+  if (source == null) return {};
+  var target = {};
+  var sourceKeys = Object.keys(source);
+  var key, i;
+  for (i = 0; i < sourceKeys.length; i++) {
+    key = sourceKeys[i];
+    if (excluded.indexOf(key) >= 0) continue;
+    target[key] = source[key];
+  }
+  return target;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/useTheme/ThemeContext.js
+
+var ThemeContext_ThemeContext = /*#__PURE__*/react.createContext(null);
+if (false) {}
+/* harmony default export */ var useTheme_ThemeContext = (ThemeContext_ThemeContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/useTheme/useTheme.js
+
+
+function useTheme() {
+  var theme = react.useContext(useTheme_ThemeContext);
+  if (false) {}
+  return theme;
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectSpread2.js
+
+function ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    enumerableOnly && (symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    })), keys.push.apply(keys, symbols);
+  }
+  return keys;
+}
+function _objectSpread2(target) {
+  for (var i = 1; i < arguments.length; i++) {
+    var source = null != arguments[i] ? arguments[i] : {};
+    i % 2 ? ownKeys(Object(source), !0).forEach(function (key) {
+      defineProperty_defineProperty(target, key, source[key]);
+    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) {
+      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+    });
+  }
+  return target;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/ThemeProvider/nested.js
+var hasSymbol = typeof Symbol === 'function' && Symbol.for;
+/* harmony default export */ var nested = (hasSymbol ? Symbol.for('mui.nested') : '__THEME_NESTED__');
+// EXTERNAL MODULE: ./node_modules/react/jsx-runtime.js
+var jsx_runtime = __webpack_require__(184);
+;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/ThemeProvider/ThemeProvider.js
+
+
+
+
+
+
+
+
+// To support composition of theme.
+
+function mergeOuterLocalTheme(outerTheme, localTheme) {
+  if (typeof localTheme === 'function') {
+    var mergedTheme = localTheme(outerTheme);
+    if (false) {}
+    return mergedTheme;
+  }
+  return _objectSpread2(_objectSpread2({}, outerTheme), localTheme);
+}
+
+/**
+ * This component takes a `theme` prop.
+ * It makes the `theme` available down the React tree thanks to React context.
+ * This component should preferably be used at **the root of your component tree**.
+ */
+function ThemeProvider(props) {
+  var children = props.children,
+    localTheme = props.theme;
+  var outerTheme = useTheme();
+  if (false) {}
+  var theme = react.useMemo(function () {
+    var output = outerTheme === null ? localTheme : mergeOuterLocalTheme(outerTheme, localTheme);
+    if (output != null) {
+      output[nested] = outerTheme !== null;
+    }
+    return output;
+  }, [localTheme, outerTheme]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(useTheme_ThemeContext.Provider, {
+    value: theme,
+    children: children
+  });
+}
+ false ? 0 : void 0;
+if (false) {}
+/* harmony default export */ var ThemeProvider_ThemeProvider = (ThemeProvider);
+;// CONCATENATED MODULE: ./node_modules/@emotion/sheet/dist/emotion-sheet.browser.esm.js
+/*
+
+Based off glamor's StyleSheet, thanks Sunil ❤️
+
+high performance StyleSheet for css-in-js systems
+
+- uses multiple style tags behind the scenes for millions of rules
+- uses `insertRule` for appending in production for *much* faster performance
+
+// usage
+
+import { StyleSheet } from '@emotion/sheet'
+
+let styleSheet = new StyleSheet({ key: '', container: document.head })
+
+styleSheet.insert('#box { border: 1px solid red; }')
+- appends a css rule into the stylesheet
+
+styleSheet.flush()
+- empties the stylesheet of all its contents
+
+*/
+// $FlowFixMe
+function sheetForTag(tag) {
+  if (tag.sheet) {
+    // $FlowFixMe
+    return tag.sheet;
+  } // this weirdness brought to you by firefox
+
+  /* istanbul ignore next */
+
+  for (var i = 0; i < document.styleSheets.length; i++) {
+    if (document.styleSheets[i].ownerNode === tag) {
+      // $FlowFixMe
+      return document.styleSheets[i];
+    }
+  }
+}
+function createStyleElement(options) {
+  var tag = document.createElement('style');
+  tag.setAttribute('data-emotion', options.key);
+  if (options.nonce !== undefined) {
+    tag.setAttribute('nonce', options.nonce);
+  }
+  tag.appendChild(document.createTextNode(''));
+  tag.setAttribute('data-s', '');
+  return tag;
+}
+var StyleSheet = /*#__PURE__*/function () {
+  // Using Node instead of HTMLElement since container may be a ShadowRoot
+  function StyleSheet(options) {
+    var _this = this;
+    this._insertTag = function (tag) {
+      var before;
+      if (_this.tags.length === 0) {
+        if (_this.insertionPoint) {
+          before = _this.insertionPoint.nextSibling;
+        } else if (_this.prepend) {
+          before = _this.container.firstChild;
+        } else {
+          before = _this.before;
+        }
+      } else {
+        before = _this.tags[_this.tags.length - 1].nextSibling;
+      }
+      _this.container.insertBefore(tag, before);
+      _this.tags.push(tag);
+    };
+    this.isSpeedy = options.speedy === undefined ? "production" === 'production' : options.speedy;
+    this.tags = [];
+    this.ctr = 0;
+    this.nonce = options.nonce; // key is the value of the data-emotion attribute, it's used to identify different sheets
+
+    this.key = options.key;
+    this.container = options.container;
+    this.prepend = options.prepend;
+    this.insertionPoint = options.insertionPoint;
+    this.before = null;
+  }
+  var _proto = StyleSheet.prototype;
+  _proto.hydrate = function hydrate(nodes) {
+    nodes.forEach(this._insertTag);
+  };
+  _proto.insert = function insert(rule) {
+    // the max length is how many rules we have per style tag, it's 65000 in speedy mode
+    // it's 1 in dev because we insert source maps that map a single rule to a location
+    // and you can only have one source map per style tag
+    if (this.ctr % (this.isSpeedy ? 65000 : 1) === 0) {
+      this._insertTag(createStyleElement(this));
+    }
+    var tag = this.tags[this.tags.length - 1];
+    if (false) { var isImportRule; }
+    if (this.isSpeedy) {
+      var sheet = sheetForTag(tag);
+      try {
+        // this is the ultrafast version, works across browsers
+        // the big drawback is that the css won't be editable in devtools
+        sheet.insertRule(rule, sheet.cssRules.length);
+      } catch (e) {
+        if (false) {}
+      }
+    } else {
+      tag.appendChild(document.createTextNode(rule));
+    }
+    this.ctr++;
+  };
+  _proto.flush = function flush() {
+    // $FlowFixMe
+    this.tags.forEach(function (tag) {
+      return tag.parentNode && tag.parentNode.removeChild(tag);
+    });
+    this.tags = [];
+    this.ctr = 0;
+    if (false) {}
+  };
+  return StyleSheet;
+}();
+
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Utility.js
+/**
+ * @param {number}
+ * @return {number}
+ */
+var abs = Math.abs;
+
+/**
+ * @param {number}
+ * @return {string}
+ */
+var Utility_from = String.fromCharCode;
+
+/**
+ * @param {object}
+ * @return {object}
+ */
+var Utility_assign = Object.assign;
+
+/**
+ * @param {string} value
+ * @param {number} length
+ * @return {number}
+ */
+function hash(value, length) {
+  return Utility_charat(value, 0) ^ 45 ? (((length << 2 ^ Utility_charat(value, 0)) << 2 ^ Utility_charat(value, 1)) << 2 ^ Utility_charat(value, 2)) << 2 ^ Utility_charat(value, 3) : 0;
+}
+
+/**
+ * @param {string} value
+ * @return {string}
+ */
+function trim(value) {
+  return value.trim();
+}
+
+/**
+ * @param {string} value
+ * @param {RegExp} pattern
+ * @return {string?}
+ */
+function Utility_match(value, pattern) {
+  return (value = pattern.exec(value)) ? value[0] : value;
+}
+
+/**
+ * @param {string} value
+ * @param {(string|RegExp)} pattern
+ * @param {string} replacement
+ * @return {string}
+ */
+function Utility_replace(value, pattern, replacement) {
+  return value.replace(pattern, replacement);
+}
+
+/**
+ * @param {string} value
+ * @param {string} search
+ * @return {number}
+ */
+function indexof(value, search) {
+  return value.indexOf(search);
+}
+
+/**
+ * @param {string} value
+ * @param {number} index
+ * @return {number}
+ */
+function Utility_charat(value, index) {
+  return value.charCodeAt(index) | 0;
+}
+
+/**
+ * @param {string} value
+ * @param {number} begin
+ * @param {number} end
+ * @return {string}
+ */
+function Utility_substr(value, begin, end) {
+  return value.slice(begin, end);
+}
+
+/**
+ * @param {string} value
+ * @return {number}
+ */
+function Utility_strlen(value) {
+  return value.length;
+}
+
+/**
+ * @param {any[]} value
+ * @return {number}
+ */
+function Utility_sizeof(value) {
+  return value.length;
+}
+
+/**
+ * @param {any} value
+ * @param {any[]} array
+ * @return {any}
+ */
+function Utility_append(value, array) {
+  return array.push(value), value;
+}
+
+/**
+ * @param {string[]} array
+ * @param {function} callback
+ * @return {string}
+ */
+function Utility_combine(array, callback) {
+  return array.map(callback).join('');
+}
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Tokenizer.js
+
+var line = 1;
+var column = 1;
+var Tokenizer_length = 0;
+var position = 0;
+var character = 0;
+var characters = '';
+
+/**
+ * @param {string} value
+ * @param {object | null} root
+ * @param {object | null} parent
+ * @param {string} type
+ * @param {string[] | string} props
+ * @param {object[] | string} children
+ * @param {number} length
+ */
+function node(value, root, parent, type, props, children, length) {
+  return {
+    value: value,
+    root: root,
+    parent: parent,
+    type: type,
+    props: props,
+    children: children,
+    line: line,
+    column: column,
+    length: length,
+    return: ''
+  };
+}
+
+/**
+ * @param {object} root
+ * @param {object} props
+ * @return {object}
+ */
+function Tokenizer_copy(root, props) {
+  return Utility_assign(node('', null, null, '', null, null, 0), root, {
+    length: -root.length
+  }, props);
+}
+
+/**
+ * @return {number}
+ */
+function Tokenizer_char() {
+  return character;
+}
+
+/**
+ * @return {number}
+ */
+function prev() {
+  character = position > 0 ? Utility_charat(characters, --position) : 0;
+  if (column--, character === 10) column = 1, line--;
+  return character;
+}
+
+/**
+ * @return {number}
+ */
+function next() {
+  character = position < Tokenizer_length ? Utility_charat(characters, position++) : 0;
+  if (column++, character === 10) column = 1, line++;
+  return character;
+}
+
+/**
+ * @return {number}
+ */
+function peek() {
+  return Utility_charat(characters, position);
+}
+
+/**
+ * @return {number}
+ */
+function caret() {
+  return position;
+}
+
+/**
+ * @param {number} begin
+ * @param {number} end
+ * @return {string}
+ */
+function slice(begin, end) {
+  return Utility_substr(characters, begin, end);
+}
+
+/**
+ * @param {number} type
+ * @return {number}
+ */
+function token(type) {
+  switch (type) {
+    // \0 \t \n \r \s whitespace token
+    case 0:
+    case 9:
+    case 10:
+    case 13:
+    case 32:
+      return 5;
+    // ! + , / > @ ~ isolate token
+    case 33:
+    case 43:
+    case 44:
+    case 47:
+    case 62:
+    case 64:
+    case 126:
+    // ; { } breakpoint token
+    case 59:
+    case 123:
+    case 125:
+      return 4;
+    // : accompanied token
+    case 58:
+      return 3;
+    // " ' ( [ opening delimit token
+    case 34:
+    case 39:
+    case 40:
+    case 91:
+      return 2;
+    // ) ] closing delimit token
+    case 41:
+    case 93:
+      return 1;
+  }
+  return 0;
+}
+
+/**
+ * @param {string} value
+ * @return {any[]}
+ */
+function alloc(value) {
+  return line = column = 1, Tokenizer_length = Utility_strlen(characters = value), position = 0, [];
+}
+
+/**
+ * @param {any} value
+ * @return {any}
+ */
+function dealloc(value) {
+  return characters = '', value;
+}
+
+/**
+ * @param {number} type
+ * @return {string}
+ */
+function delimit(type) {
+  return trim(slice(position - 1, delimiter(type === 91 ? type + 2 : type === 40 ? type + 1 : type)));
+}
+
+/**
+ * @param {string} value
+ * @return {string[]}
+ */
+function Tokenizer_tokenize(value) {
+  return dealloc(tokenizer(alloc(value)));
+}
+
+/**
+ * @param {number} type
+ * @return {string}
+ */
+function whitespace(type) {
+  while (character = peek()) if (character < 33) next();else break;
+  return token(type) > 2 || token(character) > 3 ? '' : ' ';
+}
+
+/**
+ * @param {string[]} children
+ * @return {string[]}
+ */
+function tokenizer(children) {
+  while (next()) switch (token(character)) {
+    case 0:
+      append(identifier(position - 1), children);
+      break;
+    case 2:
+      append(delimit(character), children);
+      break;
+    default:
+      append(from(character), children);
+  }
+  return children;
+}
+
+/**
+ * @param {number} index
+ * @param {number} count
+ * @return {string}
+ */
+function escaping(index, count) {
+  while (--count && next())
+  // not 0-9 A-F a-f
+  if (character < 48 || character > 102 || character > 57 && character < 65 || character > 70 && character < 97) break;
+  return slice(index, caret() + (count < 6 && peek() == 32 && next() == 32));
+}
+
+/**
+ * @param {number} type
+ * @return {number}
+ */
+function delimiter(type) {
+  while (next()) switch (character) {
+    // ] ) " '
+    case type:
+      return position;
+    // " '
+    case 34:
+    case 39:
+      if (type !== 34 && type !== 39) delimiter(character);
+      break;
+    // (
+    case 40:
+      if (type === 41) delimiter(type);
+      break;
+    // \
+    case 92:
+      next();
+      break;
+  }
+  return position;
+}
+
+/**
+ * @param {number} type
+ * @param {number} index
+ * @return {number}
+ */
+function commenter(type, index) {
+  while (next())
+  // //
+  if (type + character === 47 + 10) break;
+  // /*
+  else if (type + character === 42 + 42 && peek() === 47) break;
+  return '/*' + slice(index, position - 1) + '*' + Utility_from(type === 47 ? type : next());
+}
+
+/**
+ * @param {number} index
+ * @return {string}
+ */
+function identifier(index) {
+  while (!token(peek())) next();
+  return slice(index, position);
+}
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Enum.js
+var Enum_MS = '-ms-';
+var Enum_MOZ = '-moz-';
+var Enum_WEBKIT = '-webkit-';
+var COMMENT = 'comm';
+var Enum_RULESET = 'rule';
+var Enum_DECLARATION = 'decl';
+var PAGE = '@page';
+var MEDIA = '@media';
+var IMPORT = '@import';
+var CHARSET = '@charset';
+var VIEWPORT = '@viewport';
+var SUPPORTS = '@supports';
+var DOCUMENT = '@document';
+var NAMESPACE = '@namespace';
+var Enum_KEYFRAMES = '@keyframes';
+var FONT_FACE = '@font-face';
+var COUNTER_STYLE = '@counter-style';
+var FONT_FEATURE_VALUES = '@font-feature-values';
+var LAYER = '@layer';
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Serializer.js
+
+
+
+/**
+ * @param {object[]} children
+ * @param {function} callback
+ * @return {string}
+ */
+function Serializer_serialize(children, callback) {
+  var output = '';
+  var length = Utility_sizeof(children);
+  for (var i = 0; i < length; i++) output += callback(children[i], i, children, callback) || '';
+  return output;
+}
+
+/**
+ * @param {object} element
+ * @param {number} index
+ * @param {object[]} children
+ * @param {function} callback
+ * @return {string}
+ */
+function stringify(element, index, children, callback) {
+  switch (element.type) {
+    case LAYER:
+      if (element.children.length) break;
+    case IMPORT:
+    case Enum_DECLARATION:
+      return element.return = element.return || element.value;
+    case COMMENT:
+      return '';
+    case Enum_KEYFRAMES:
+      return element.return = element.value + '{' + Serializer_serialize(element.children, callback) + '}';
+    case Enum_RULESET:
+      element.value = element.props.join(',');
+  }
+  return Utility_strlen(children = Serializer_serialize(element.children, callback)) ? element.return = element.value + '{' + children + '}' : '';
+}
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Middleware.js
+
+
+
+
+
+
+/**
+ * @param {function[]} collection
+ * @return {function}
+ */
+function middleware(collection) {
+  var length = Utility_sizeof(collection);
+  return function (element, index, children, callback) {
+    var output = '';
+    for (var i = 0; i < length; i++) output += collection[i](element, index, children, callback) || '';
+    return output;
+  };
+}
+
+/**
+ * @param {function} callback
+ * @return {function}
+ */
+function rulesheet(callback) {
+  return function (element) {
+    if (!element.root) if (element = element.return) callback(element);
+  };
+}
+
+/**
+ * @param {object} element
+ * @param {number} index
+ * @param {object[]} children
+ * @param {function} callback
+ */
+function prefixer(element, index, children, callback) {
+  if (element.length > -1) if (!element.return) switch (element.type) {
+    case DECLARATION:
+      element.return = prefix(element.value, element.length, children);
+      return;
+    case KEYFRAMES:
+      return serialize([copy(element, {
+        value: replace(element.value, '@', '@' + WEBKIT)
+      })], callback);
+    case RULESET:
+      if (element.length) return combine(element.props, function (value) {
+        switch (match(value, /(::plac\w+|:read-\w+)/)) {
+          // :read-(only|write)
+          case ':read-only':
+          case ':read-write':
+            return serialize([copy(element, {
+              props: [replace(value, /:(read-\w+)/, ':' + MOZ + '$1')]
+            })], callback);
+          // :placeholder
+          case '::placeholder':
+            return serialize([copy(element, {
+              props: [replace(value, /:(plac\w+)/, ':' + WEBKIT + 'input-$1')]
+            }), copy(element, {
+              props: [replace(value, /:(plac\w+)/, ':' + MOZ + '$1')]
+            }), copy(element, {
+              props: [replace(value, /:(plac\w+)/, MS + 'input-$1')]
+            })], callback);
+        }
+        return '';
+      });
+  }
+}
+
+/**
+ * @param {object} element
+ * @param {number} index
+ * @param {object[]} children
+ */
+function namespace(element) {
+  switch (element.type) {
+    case RULESET:
+      element.props = element.props.map(function (value) {
+        return combine(tokenize(value), function (value, index, children) {
+          switch (charat(value, 0)) {
+            // \f
+            case 12:
+              return substr(value, 1, strlen(value));
+            // \0 ( + > ~
+            case 0:
+            case 40:
+            case 43:
+            case 62:
+            case 126:
+              return value;
+            // :
+            case 58:
+              if (children[++index] === 'global') children[index] = '', children[++index] = '\f' + substr(children[index], index = 1, -1);
+            // \s
+            case 32:
+              return index === 1 ? '' : value;
+            default:
+              switch (index) {
+                case 0:
+                  element = value;
+                  return sizeof(children) > 1 ? '' : value;
+                case index = sizeof(children) - 1:
+                case 2:
+                  return index === 2 ? value + element + element : value + element;
+                default:
+                  return value;
+              }
+          }
+        });
+      });
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/stylis/src/Parser.js
+
+
+
+
+/**
+ * @param {string} value
+ * @return {object[]}
+ */
+function compile(value) {
+  return dealloc(parse('', null, null, null, [''], value = alloc(value), 0, [0], value));
+}
+
+/**
+ * @param {string} value
+ * @param {object} root
+ * @param {object?} parent
+ * @param {string[]} rule
+ * @param {string[]} rules
+ * @param {string[]} rulesets
+ * @param {number[]} pseudo
+ * @param {number[]} points
+ * @param {string[]} declarations
+ * @return {object}
+ */
+function parse(value, root, parent, rule, rules, rulesets, pseudo, points, declarations) {
+  var index = 0;
+  var offset = 0;
+  var length = pseudo;
+  var atrule = 0;
+  var property = 0;
+  var previous = 0;
+  var variable = 1;
+  var scanning = 1;
+  var ampersand = 1;
+  var character = 0;
+  var type = '';
+  var props = rules;
+  var children = rulesets;
+  var reference = rule;
+  var characters = type;
+  while (scanning) switch (previous = character, character = next()) {
+    // (
+    case 40:
+      if (previous != 108 && Utility_charat(characters, length - 1) == 58) {
+        if (indexof(characters += Utility_replace(delimit(character), '&', '&\f'), '&\f') != -1) ampersand = -1;
+        break;
+      }
+    // " ' [
+    case 34:
+    case 39:
+    case 91:
+      characters += delimit(character);
+      break;
+    // \t \n \r \s
+    case 9:
+    case 10:
+    case 13:
+    case 32:
+      characters += whitespace(previous);
+      break;
+    // \
+    case 92:
+      characters += escaping(caret() - 1, 7);
+      continue;
+    // /
+    case 47:
+      switch (peek()) {
+        case 42:
+        case 47:
+          Utility_append(comment(commenter(next(), caret()), root, parent), declarations);
+          break;
+        default:
+          characters += '/';
+      }
+      break;
+    // {
+    case 123 * variable:
+      points[index++] = Utility_strlen(characters) * ampersand;
+    // } ; \0
+    case 125 * variable:
+    case 59:
+    case 0:
+      switch (character) {
+        // \0 }
+        case 0:
+        case 125:
+          scanning = 0;
+        // ;
+        case 59 + offset:
+          if (ampersand == -1) characters = Utility_replace(characters, /\f/g, '');
+          if (property > 0 && Utility_strlen(characters) - length) Utility_append(property > 32 ? declaration(characters + ';', rule, parent, length - 1) : declaration(Utility_replace(characters, ' ', '') + ';', rule, parent, length - 2), declarations);
+          break;
+        // @ ;
+        case 59:
+          characters += ';';
+        // { rule/at-rule
+        default:
+          Utility_append(reference = ruleset(characters, root, parent, index, offset, rules, points, type, props = [], children = [], length), rulesets);
+          if (character === 123) if (offset === 0) parse(characters, root, reference, reference, props, rulesets, length, points, children);else switch (atrule === 99 && Utility_charat(characters, 3) === 110 ? 100 : atrule) {
+            // d l m s
+            case 100:
+            case 108:
+            case 109:
+            case 115:
+              parse(value, reference, reference, rule && Utility_append(ruleset(value, reference, reference, 0, 0, rules, points, type, rules, props = [], length), children), rules, children, length, points, rule ? props : children);
+              break;
+            default:
+              parse(characters, reference, reference, reference, [''], children, 0, points, children);
+          }
+      }
+      index = offset = property = 0, variable = ampersand = 1, type = characters = '', length = pseudo;
+      break;
+    // :
+    case 58:
+      length = 1 + Utility_strlen(characters), property = previous;
+    default:
+      if (variable < 1) if (character == 123) --variable;else if (character == 125 && variable++ == 0 && prev() == 125) continue;
+      switch (characters += Utility_from(character), character * variable) {
+        // &
+        case 38:
+          ampersand = offset > 0 ? 1 : (characters += '\f', -1);
+          break;
+        // ,
+        case 44:
+          points[index++] = (Utility_strlen(characters) - 1) * ampersand, ampersand = 1;
+          break;
+        // @
+        case 64:
+          // -
+          if (peek() === 45) characters += delimit(next());
+          atrule = peek(), offset = length = Utility_strlen(type = characters += identifier(caret())), character++;
+          break;
+        // -
+        case 45:
+          if (previous === 45 && Utility_strlen(characters) == 2) variable = 0;
+      }
+  }
+  return rulesets;
+}
+
+/**
+ * @param {string} value
+ * @param {object} root
+ * @param {object?} parent
+ * @param {number} index
+ * @param {number} offset
+ * @param {string[]} rules
+ * @param {number[]} points
+ * @param {string} type
+ * @param {string[]} props
+ * @param {string[]} children
+ * @param {number} length
+ * @return {object}
+ */
+function ruleset(value, root, parent, index, offset, rules, points, type, props, children, length) {
+  var post = offset - 1;
+  var rule = offset === 0 ? rules : [''];
+  var size = Utility_sizeof(rule);
+  for (var i = 0, j = 0, k = 0; i < index; ++i) for (var x = 0, y = Utility_substr(value, post + 1, post = abs(j = points[i])), z = value; x < size; ++x) if (z = trim(j > 0 ? rule[x] + ' ' + y : Utility_replace(y, /&\f/g, rule[x]))) props[k++] = z;
+  return node(value, root, parent, offset === 0 ? Enum_RULESET : type, props, children, length);
+}
+
+/**
+ * @param {number} value
+ * @param {object} root
+ * @param {object?} parent
+ * @return {object}
+ */
+function comment(value, root, parent) {
+  return node(value, root, parent, COMMENT, Utility_from(Tokenizer_char()), Utility_substr(value, 2, -2), 0);
+}
+
+/**
+ * @param {string} value
+ * @param {object} root
+ * @param {object?} parent
+ * @param {number} length
+ * @return {object}
+ */
+function declaration(value, root, parent, length) {
+  return node(value, root, parent, Enum_DECLARATION, Utility_substr(value, 0, length), Utility_substr(value, length + 1, -1), length);
+}
+;// CONCATENATED MODULE: ./node_modules/@emotion/cache/dist/emotion-cache.browser.esm.js
+
+
+
+
+var identifierWithPointTracking = function identifierWithPointTracking(begin, points, index) {
+  var previous = 0;
+  var character = 0;
+  while (true) {
+    previous = character;
+    character = peek(); // &\f
+
+    if (previous === 38 && character === 12) {
+      points[index] = 1;
+    }
+    if (token(character)) {
+      break;
+    }
+    next();
+  }
+  return slice(begin, position);
+};
+var toRules = function toRules(parsed, points) {
+  // pretend we've started with a comma
+  var index = -1;
+  var character = 44;
+  do {
+    switch (token(character)) {
+      case 0:
+        // &\f
+        if (character === 38 && peek() === 12) {
+          // this is not 100% correct, we don't account for literal sequences here - like for example quoted strings
+          // stylis inserts \f after & to know when & where it should replace this sequence with the context selector
+          // and when it should just concatenate the outer and inner selectors
+          // it's very unlikely for this sequence to actually appear in a different context, so we just leverage this fact here
+          points[index] = 1;
+        }
+        parsed[index] += identifierWithPointTracking(position - 1, points, index);
+        break;
+      case 2:
+        parsed[index] += delimit(character);
+        break;
+      case 4:
+        // comma
+        if (character === 44) {
+          // colon
+          parsed[++index] = peek() === 58 ? '&\f' : '';
+          points[index] = parsed[index].length;
+          break;
+        }
+
+      // fallthrough
+
+      default:
+        parsed[index] += Utility_from(character);
+    }
+  } while (character = next());
+  return parsed;
+};
+var getRules = function getRules(value, points) {
+  return dealloc(toRules(alloc(value), points));
+}; // WeakSet would be more appropriate, but only WeakMap is supported in IE11
+
+var fixedElements = /* #__PURE__ */new WeakMap();
+var compat = function compat(element) {
+  if (element.type !== 'rule' || !element.parent ||
+  // positive .length indicates that this rule contains pseudo
+  // negative .length indicates that this rule has been already prefixed
+  element.length < 1) {
+    return;
+  }
+  var value = element.value,
+    parent = element.parent;
+  var isImplicitRule = element.column === parent.column && element.line === parent.line;
+  while (parent.type !== 'rule') {
+    parent = parent.parent;
+    if (!parent) return;
+  } // short-circuit for the simplest case
+
+  if (element.props.length === 1 && value.charCodeAt(0) !== 58
+  /* colon */ && !fixedElements.get(parent)) {
+    return;
+  } // if this is an implicitly inserted rule (the one eagerly inserted at the each new nested level)
+  // then the props has already been manipulated beforehand as they that array is shared between it and its "rule parent"
+
+  if (isImplicitRule) {
+    return;
+  }
+  fixedElements.set(element, true);
+  var points = [];
+  var rules = getRules(value, points);
+  var parentRules = parent.props;
+  for (var i = 0, k = 0; i < rules.length; i++) {
+    for (var j = 0; j < parentRules.length; j++, k++) {
+      element.props[k] = points[i] ? rules[i].replace(/&\f/g, parentRules[j]) : parentRules[j] + " " + rules[i];
+    }
+  }
+};
+var removeLabel = function removeLabel(element) {
+  if (element.type === 'decl') {
+    var value = element.value;
+    if (
+    // charcode for l
+    value.charCodeAt(0) === 108 &&
+    // charcode for b
+    value.charCodeAt(2) === 98) {
+      // this ignores label
+      element["return"] = '';
+      element.value = '';
+    }
+  }
+};
+var ignoreFlag = 'emotion-disable-server-rendering-unsafe-selector-warning-please-do-not-use-this-the-warning-exists-for-a-reason';
+var isIgnoringComment = function isIgnoringComment(element) {
+  return element.type === 'comm' && element.children.indexOf(ignoreFlag) > -1;
+};
+var createUnsafeSelectorsAlarm = function createUnsafeSelectorsAlarm(cache) {
+  return function (element, index, children) {
+    if (element.type !== 'rule' || cache.compat) return;
+    var unsafePseudoClasses = element.value.match(/(:first|:nth|:nth-last)-child/g);
+    if (unsafePseudoClasses) {
+      var isNested = !!element.parent; // in nested rules comments become children of the "auto-inserted" rule and that's always the `element.parent`
+      //
+      // considering this input:
+      // .a {
+      //   .b /* comm */ {}
+      //   color: hotpink;
+      // }
+      // we get output corresponding to this:
+      // .a {
+      //   & {
+      //     /* comm */
+      //     color: hotpink;
+      //   }
+      //   .b {}
+      // }
+
+      var commentContainer = isNested ? element.parent.children :
+      // global rule at the root level
+      children;
+      for (var i = commentContainer.length - 1; i >= 0; i--) {
+        var node = commentContainer[i];
+        if (node.line < element.line) {
+          break;
+        } // it is quite weird but comments are *usually* put at `column: element.column - 1`
+        // so we seek *from the end* for the node that is earlier than the rule's `element` and check that
+        // this will also match inputs like this:
+        // .a {
+        //   /* comm */
+        //   .b {}
+        // }
+        //
+        // but that is fine
+        //
+        // it would be the easiest to change the placement of the comment to be the first child of the rule:
+        // .a {
+        //   .b { /* comm */ }
+        // }
+        // with such inputs we wouldn't have to search for the comment at all
+        // TODO: consider changing this comment placement in the next major version
+
+        if (node.column < element.column) {
+          if (isIgnoringComment(node)) {
+            return;
+          }
+          break;
+        }
+      }
+      unsafePseudoClasses.forEach(function (unsafePseudoClass) {
+        console.error("The pseudo class \"" + unsafePseudoClass + "\" is potentially unsafe when doing server-side rendering. Try changing it to \"" + unsafePseudoClass.split('-child')[0] + "-of-type\".");
+      });
+    }
+  };
+};
+var isImportRule = function isImportRule(element) {
+  return element.type.charCodeAt(1) === 105 && element.type.charCodeAt(0) === 64;
+};
+var isPrependedWithRegularRules = function isPrependedWithRegularRules(index, children) {
+  for (var i = index - 1; i >= 0; i--) {
+    if (!isImportRule(children[i])) {
+      return true;
+    }
+  }
+  return false;
+}; // use this to remove incorrect elements from further processing
+// so they don't get handed to the `sheet` (or anything else)
+// as that could potentially lead to additional logs which in turn could be overhelming to the user
+
+var nullifyElement = function nullifyElement(element) {
+  element.type = '';
+  element.value = '';
+  element["return"] = '';
+  element.children = '';
+  element.props = '';
+};
+var incorrectImportAlarm = function incorrectImportAlarm(element, index, children) {
+  if (!isImportRule(element)) {
+    return;
+  }
+  if (element.parent) {
+    console.error("`@import` rules can't be nested inside other rules. Please move it to the top level and put it before regular rules. Keep in mind that they can only be used within global styles.");
+    nullifyElement(element);
+  } else if (isPrependedWithRegularRules(index, children)) {
+    console.error("`@import` rules can't be after other rules. Please put your `@import` rules before your other rules.");
+    nullifyElement(element);
+  }
+};
+
+/* eslint-disable no-fallthrough */
+
+function emotion_cache_browser_esm_prefix(value, length) {
+  switch (hash(value, length)) {
+    // color-adjust
+    case 5103:
+      return Enum_WEBKIT + 'print-' + value + value;
+    // animation, animation-(delay|direction|duration|fill-mode|iteration-count|name|play-state|timing-function)
+
+    case 5737:
+    case 4201:
+    case 3177:
+    case 3433:
+    case 1641:
+    case 4457:
+    case 2921: // text-decoration, filter, clip-path, backface-visibility, column, box-decoration-break
+
+    case 5572:
+    case 6356:
+    case 5844:
+    case 3191:
+    case 6645:
+    case 3005: // mask, mask-image, mask-(mode|clip|size), mask-(repeat|origin), mask-position, mask-composite,
+
+    case 6391:
+    case 5879:
+    case 5623:
+    case 6135:
+    case 4599:
+    case 4855: // background-clip, columns, column-(count|fill|gap|rule|rule-color|rule-style|rule-width|span|width)
+
+    case 4215:
+    case 6389:
+    case 5109:
+    case 5365:
+    case 5621:
+    case 3829:
+      return Enum_WEBKIT + value + value;
+    // appearance, user-select, transform, hyphens, text-size-adjust
+
+    case 5349:
+    case 4246:
+    case 4810:
+    case 6968:
+    case 2756:
+      return Enum_WEBKIT + value + Enum_MOZ + value + Enum_MS + value + value;
+    // flex, flex-direction
+
+    case 6828:
+    case 4268:
+      return Enum_WEBKIT + value + Enum_MS + value + value;
+    // order
+
+    case 6165:
+      return Enum_WEBKIT + value + Enum_MS + 'flex-' + value + value;
+    // align-items
+
+    case 5187:
+      return Enum_WEBKIT + value + Utility_replace(value, /(\w+).+(:[^]+)/, Enum_WEBKIT + 'box-$1$2' + Enum_MS + 'flex-$1$2') + value;
+    // align-self
+
+    case 5443:
+      return Enum_WEBKIT + value + Enum_MS + 'flex-item-' + Utility_replace(value, /flex-|-self/, '') + value;
+    // align-content
+
+    case 4675:
+      return Enum_WEBKIT + value + Enum_MS + 'flex-line-pack' + Utility_replace(value, /align-content|flex-|-self/, '') + value;
+    // flex-shrink
+
+    case 5548:
+      return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'shrink', 'negative') + value;
+    // flex-basis
+
+    case 5292:
+      return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'basis', 'preferred-size') + value;
+    // flex-grow
+
+    case 6060:
+      return Enum_WEBKIT + 'box-' + Utility_replace(value, '-grow', '') + Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'grow', 'positive') + value;
+    // transition
+
+    case 4554:
+      return Enum_WEBKIT + Utility_replace(value, /([^-])(transform)/g, '$1' + Enum_WEBKIT + '$2') + value;
+    // cursor
+
+    case 6187:
+      return Utility_replace(Utility_replace(Utility_replace(value, /(zoom-|grab)/, Enum_WEBKIT + '$1'), /(image-set)/, Enum_WEBKIT + '$1'), value, '') + value;
+    // background, background-image
+
+    case 5495:
+    case 3959:
+      return Utility_replace(value, /(image-set\([^]*)/, Enum_WEBKIT + '$1' + '$`$1');
+    // justify-content
+
+    case 4968:
+      return Utility_replace(Utility_replace(value, /(.+:)(flex-)?(.*)/, Enum_WEBKIT + 'box-pack:$3' + Enum_MS + 'flex-pack:$3'), /s.+-b[^;]+/, 'justify') + Enum_WEBKIT + value + value;
+    // (margin|padding)-inline-(start|end)
+
+    case 4095:
+    case 3583:
+    case 4068:
+    case 2532:
+      return Utility_replace(value, /(.+)-inline(.+)/, Enum_WEBKIT + '$1$2') + value;
+    // (min|max)?(width|height|inline-size|block-size)
+
+    case 8116:
+    case 7059:
+    case 5753:
+    case 5535:
+    case 5445:
+    case 5701:
+    case 4933:
+    case 4677:
+    case 5533:
+    case 5789:
+    case 5021:
+    case 4765:
+      // stretch, max-content, min-content, fill-available
+      if (Utility_strlen(value) - 1 - length > 6) switch (Utility_charat(value, length + 1)) {
+        // (m)ax-content, (m)in-content
+        case 109:
+          // -
+          if (Utility_charat(value, length + 4) !== 45) break;
+        // (f)ill-available, (f)it-content
+
+        case 102:
+          return Utility_replace(value, /(.+:)(.+)-([^]+)/, '$1' + Enum_WEBKIT + '$2-$3' + '$1' + Enum_MOZ + (Utility_charat(value, length + 3) == 108 ? '$3' : '$2-$3')) + value;
+        // (s)tretch
+
+        case 115:
+          return ~indexof(value, 'stretch') ? emotion_cache_browser_esm_prefix(Utility_replace(value, 'stretch', 'fill-available'), length) + value : value;
+      }
+      break;
+    // position: sticky
+
+    case 4949:
+      // (s)ticky?
+      if (Utility_charat(value, length + 1) !== 115) break;
+    // display: (flex|inline-flex)
+
+    case 6444:
+      switch (Utility_charat(value, Utility_strlen(value) - 3 - (~indexof(value, '!important') && 10))) {
+        // stic(k)y
+        case 107:
+          return Utility_replace(value, ':', ':' + Enum_WEBKIT) + value;
+        // (inline-)?fl(e)x
+
+        case 101:
+          return Utility_replace(value, /(.+:)([^;!]+)(;|!.+)?/, '$1' + Enum_WEBKIT + (Utility_charat(value, 14) === 45 ? 'inline-' : '') + 'box$3' + '$1' + Enum_WEBKIT + '$2$3' + '$1' + Enum_MS + '$2box$3') + value;
+      }
+      break;
+    // writing-mode
+
+    case 5936:
+      switch (Utility_charat(value, length + 11)) {
+        // vertical-l(r)
+        case 114:
+          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'tb') + value;
+        // vertical-r(l)
+
+        case 108:
+          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'tb-rl') + value;
+        // horizontal(-)tb
+
+        case 45:
+          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'lr') + value;
+      }
+      return Enum_WEBKIT + value + Enum_MS + value + value;
+  }
+  return value;
+}
+var emotion_cache_browser_esm_prefixer = function prefixer(element, index, children, callback) {
+  if (element.length > -1) if (!element["return"]) switch (element.type) {
+    case Enum_DECLARATION:
+      element["return"] = emotion_cache_browser_esm_prefix(element.value, element.length);
+      break;
+    case Enum_KEYFRAMES:
+      return Serializer_serialize([Tokenizer_copy(element, {
+        value: Utility_replace(element.value, '@', '@' + Enum_WEBKIT)
+      })], callback);
+    case Enum_RULESET:
+      if (element.length) return Utility_combine(element.props, function (value) {
+        switch (Utility_match(value, /(::plac\w+|:read-\w+)/)) {
+          // :read-(only|write)
+          case ':read-only':
+          case ':read-write':
+            return Serializer_serialize([Tokenizer_copy(element, {
+              props: [Utility_replace(value, /:(read-\w+)/, ':' + Enum_MOZ + '$1')]
+            })], callback);
+          // :placeholder
+
+          case '::placeholder':
+            return Serializer_serialize([Tokenizer_copy(element, {
+              props: [Utility_replace(value, /:(plac\w+)/, ':' + Enum_WEBKIT + 'input-$1')]
+            }), Tokenizer_copy(element, {
+              props: [Utility_replace(value, /:(plac\w+)/, ':' + Enum_MOZ + '$1')]
+            }), Tokenizer_copy(element, {
+              props: [Utility_replace(value, /:(plac\w+)/, Enum_MS + 'input-$1')]
+            })], callback);
+        }
+        return '';
+      });
+  }
+};
+var defaultStylisPlugins = [emotion_cache_browser_esm_prefixer];
+var createCache = function createCache(options) {
+  var key = options.key;
+  if (false) {}
+  if (key === 'css') {
+    var ssrStyles = document.querySelectorAll("style[data-emotion]:not([data-s])"); // get SSRed styles out of the way of React's hydration
+    // document.head is a safe place to move them to(though note document.head is not necessarily the last place they will be)
+    // note this very very intentionally targets all style elements regardless of the key to ensure
+    // that creating a cache works inside of render of a React component
+
+    Array.prototype.forEach.call(ssrStyles, function (node) {
+      // we want to only move elements which have a space in the data-emotion attribute value
+      // because that indicates that it is an Emotion 11 server-side rendered style elements
+      // while we will already ignore Emotion 11 client-side inserted styles because of the :not([data-s]) part in the selector
+      // Emotion 10 client-side inserted styles did not have data-s (but importantly did not have a space in their data-emotion attributes)
+      // so checking for the space ensures that loading Emotion 11 after Emotion 10 has inserted some styles
+      // will not result in the Emotion 10 styles being destroyed
+      var dataEmotionAttribute = node.getAttribute('data-emotion');
+      if (dataEmotionAttribute.indexOf(' ') === -1) {
+        return;
+      }
+      document.head.appendChild(node);
+      node.setAttribute('data-s', '');
+    });
+  }
+  var stylisPlugins = options.stylisPlugins || defaultStylisPlugins;
+  if (false) {}
+  var inserted = {};
+  var container;
+  var nodesToHydrate = [];
+  {
+    container = options.container || document.head;
+    Array.prototype.forEach.call(
+    // this means we will ignore elements which don't have a space in them which
+    // means that the style elements we're looking at are only Emotion 11 server-rendered style elements
+    document.querySelectorAll("style[data-emotion^=\"" + key + " \"]"), function (node) {
+      var attrib = node.getAttribute("data-emotion").split(' '); // $FlowFixMe
+
+      for (var i = 1; i < attrib.length; i++) {
+        inserted[attrib[i]] = true;
+      }
+      nodesToHydrate.push(node);
+    });
+  }
+  var _insert;
+  var omnipresentPlugins = [compat, removeLabel];
+  if (false) {}
+  {
+    var currentSheet;
+    var finalizingPlugins = [stringify,  false ? 0 : rulesheet(function (rule) {
+      currentSheet.insert(rule);
+    })];
+    var serializer = middleware(omnipresentPlugins.concat(stylisPlugins, finalizingPlugins));
+    var stylis = function stylis(styles) {
+      return Serializer_serialize(compile(styles), serializer);
+    };
+    _insert = function insert(selector, serialized, sheet, shouldCache) {
+      currentSheet = sheet;
+      if (false) {}
+      stylis(selector ? selector + "{" + serialized.styles + "}" : serialized.styles);
+      if (shouldCache) {
+        cache.inserted[serialized.name] = true;
+      }
+    };
+  }
+  var cache = {
+    key: key,
+    sheet: new StyleSheet({
+      key: key,
+      container: container,
+      nonce: options.nonce,
+      speedy: options.speedy,
+      prepend: options.prepend,
+      insertionPoint: options.insertionPoint
+    }),
+    nonce: options.nonce,
+    inserted: inserted,
+    registered: {},
+    insert: _insert
+  };
+  cache.sheet.hydrate(nodesToHydrate);
+  return cache;
+};
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/hash/dist/emotion-hash.esm.js
+/* eslint-disable */
+// Inspired by https://github.com/garycourt/murmurhash-js
+// Ported from https://github.com/aappleby/smhasher/blob/61a0530f28277f2e850bfc39600ce61d02b518de/src/MurmurHash2.cpp#L37-L86
+function murmur2(str) {
+  // 'm' and 'r' are mixing constants generated offline.
+  // They're not really 'magic', they just happen to work well.
+  // const m = 0x5bd1e995;
+  // const r = 24;
+  // Initialize the hash
+  var h = 0; // Mix 4 bytes at a time into the hash
+
+  var k,
+    i = 0,
+    len = str.length;
+  for (; len >= 4; ++i, len -= 4) {
+    k = str.charCodeAt(i) & 0xff | (str.charCodeAt(++i) & 0xff) << 8 | (str.charCodeAt(++i) & 0xff) << 16 | (str.charCodeAt(++i) & 0xff) << 24;
+    k = /* Math.imul(k, m): */
+    (k & 0xffff) * 0x5bd1e995 + ((k >>> 16) * 0xe995 << 16);
+    k ^= /* k >>> r: */
+    k >>> 24;
+    h = /* Math.imul(k, m): */
+    (k & 0xffff) * 0x5bd1e995 + ((k >>> 16) * 0xe995 << 16) ^ /* Math.imul(h, m): */
+    (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
+  } // Handle the last few bytes of the input array
+
+  switch (len) {
+    case 3:
+      h ^= (str.charCodeAt(i + 2) & 0xff) << 16;
+    case 2:
+      h ^= (str.charCodeAt(i + 1) & 0xff) << 8;
+    case 1:
+      h ^= str.charCodeAt(i) & 0xff;
+      h = /* Math.imul(h, m): */
+      (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
+  } // Do a few final mixes of the hash to ensure the last few
+  // bytes are well-incorporated.
+
+  h ^= h >>> 13;
+  h = /* Math.imul(h, m): */
+  (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
+  return ((h ^ h >>> 15) >>> 0).toString(36);
+}
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/unitless/dist/emotion-unitless.esm.js
+var unitlessKeys = {
+  animationIterationCount: 1,
+  aspectRatio: 1,
+  borderImageOutset: 1,
+  borderImageSlice: 1,
+  borderImageWidth: 1,
+  boxFlex: 1,
+  boxFlexGroup: 1,
+  boxOrdinalGroup: 1,
+  columnCount: 1,
+  columns: 1,
+  flex: 1,
+  flexGrow: 1,
+  flexPositive: 1,
+  flexShrink: 1,
+  flexNegative: 1,
+  flexOrder: 1,
+  gridRow: 1,
+  gridRowEnd: 1,
+  gridRowSpan: 1,
+  gridRowStart: 1,
+  gridColumn: 1,
+  gridColumnEnd: 1,
+  gridColumnSpan: 1,
+  gridColumnStart: 1,
+  msGridRow: 1,
+  msGridRowSpan: 1,
+  msGridColumn: 1,
+  msGridColumnSpan: 1,
+  fontWeight: 1,
+  lineHeight: 1,
+  opacity: 1,
+  order: 1,
+  orphans: 1,
+  tabSize: 1,
+  widows: 1,
+  zIndex: 1,
+  zoom: 1,
+  WebkitLineClamp: 1,
+  // SVG-related properties
+  fillOpacity: 1,
+  floodOpacity: 1,
+  stopOpacity: 1,
+  strokeDasharray: 1,
+  strokeDashoffset: 1,
+  strokeMiterlimit: 1,
+  strokeOpacity: 1,
+  strokeWidth: 1
+};
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/memoize/dist/emotion-memoize.esm.js
+function memoize(fn) {
+  var cache = Object.create(null);
+  return function (arg) {
+    if (cache[arg] === undefined) cache[arg] = fn(arg);
+    return cache[arg];
+  };
+}
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/serialize/dist/emotion-serialize.browser.esm.js
+
+
+
+var ILLEGAL_ESCAPE_SEQUENCE_ERROR = "You have illegal escape sequence in your template literal, most likely inside content's property value.\nBecause you write your CSS inside a JavaScript string you actually have to do double escaping, so for example \"content: '\\00d7';\" should become \"content: '\\\\00d7';\".\nYou can read more about this here:\nhttps://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#ES2018_revision_of_illegal_escape_sequences";
+var UNDEFINED_AS_OBJECT_KEY_ERROR = "You have passed in falsy value as style object's key (can happen when in example you pass unexported component as computed key).";
+var hyphenateRegex = /[A-Z]|^ms/g;
+var animationRegex = /_EMO_([^_]+?)_([^]*?)_EMO_/g;
+var isCustomProperty = function isCustomProperty(property) {
+  return property.charCodeAt(1) === 45;
+};
+var isProcessableValue = function isProcessableValue(value) {
+  return value != null && typeof value !== 'boolean';
+};
+var processStyleName = /* #__PURE__ */memoize(function (styleName) {
+  return isCustomProperty(styleName) ? styleName : styleName.replace(hyphenateRegex, '-$&').toLowerCase();
+});
+var processStyleValue = function processStyleValue(key, value) {
+  switch (key) {
+    case 'animation':
+    case 'animationName':
+      {
+        if (typeof value === 'string') {
+          return value.replace(animationRegex, function (match, p1, p2) {
+            cursor = {
+              name: p1,
+              styles: p2,
+              next: cursor
+            };
+            return p1;
+          });
+        }
+      }
+  }
+  if (unitlessKeys[key] !== 1 && !isCustomProperty(key) && typeof value === 'number' && value !== 0) {
+    return value + 'px';
+  }
+  return value;
+};
+if (false) { var hyphenatedCache, hyphenPattern, msPattern, oldProcessStyleValue, contentValues, contentValuePattern; }
+var noComponentSelectorMessage = (/* unused pure expression or super */ null && ('Component selectors can only be used in conjunction with ' + '@emotion/babel-plugin, the swc Emotion plugin, or another Emotion-aware ' + 'compiler transform.'));
+function handleInterpolation(mergedProps, registered, interpolation) {
+  if (interpolation == null) {
+    return '';
+  }
+  if (interpolation.__emotion_styles !== undefined) {
+    if (false) {}
+    return interpolation;
+  }
+  switch (typeof interpolation) {
+    case 'boolean':
+      {
+        return '';
+      }
+    case 'object':
+      {
+        if (interpolation.anim === 1) {
+          cursor = {
+            name: interpolation.name,
+            styles: interpolation.styles,
+            next: cursor
+          };
+          return interpolation.name;
+        }
+        if (interpolation.styles !== undefined) {
+          var next = interpolation.next;
+          if (next !== undefined) {
+            // not the most efficient thing ever but this is a pretty rare case
+            // and there will be very few iterations of this generally
+            while (next !== undefined) {
+              cursor = {
+                name: next.name,
+                styles: next.styles,
+                next: cursor
+              };
+              next = next.next;
+            }
+          }
+          var styles = interpolation.styles + ";";
+          if (false) {}
+          return styles;
+        }
+        return createStringFromObject(mergedProps, registered, interpolation);
+      }
+    case 'function':
+      {
+        if (mergedProps !== undefined) {
+          var previousCursor = cursor;
+          var result = interpolation(mergedProps);
+          cursor = previousCursor;
+          return handleInterpolation(mergedProps, registered, result);
+        } else if (false) {}
+        break;
+      }
+    case 'string':
+      if (false) { var replaced, matched; }
+      break;
+  } // finalize string values (regular strings and functions interpolated into css calls)
+
+  if (registered == null) {
+    return interpolation;
+  }
+  var cached = registered[interpolation];
+  return cached !== undefined ? cached : interpolation;
+}
+function createStringFromObject(mergedProps, registered, obj) {
+  var string = '';
+  if (Array.isArray(obj)) {
+    for (var i = 0; i < obj.length; i++) {
+      string += handleInterpolation(mergedProps, registered, obj[i]) + ";";
+    }
+  } else {
+    for (var _key in obj) {
+      var value = obj[_key];
+      if (typeof value !== 'object') {
+        if (registered != null && registered[value] !== undefined) {
+          string += _key + "{" + registered[value] + "}";
+        } else if (isProcessableValue(value)) {
+          string += processStyleName(_key) + ":" + processStyleValue(_key, value) + ";";
+        }
+      } else {
+        if (_key === 'NO_COMPONENT_SELECTOR' && "production" !== 'production') {}
+        if (Array.isArray(value) && typeof value[0] === 'string' && (registered == null || registered[value[0]] === undefined)) {
+          for (var _i = 0; _i < value.length; _i++) {
+            if (isProcessableValue(value[_i])) {
+              string += processStyleName(_key) + ":" + processStyleValue(_key, value[_i]) + ";";
+            }
+          }
+        } else {
+          var interpolated = handleInterpolation(mergedProps, registered, value);
+          switch (_key) {
+            case 'animation':
+            case 'animationName':
+              {
+                string += processStyleName(_key) + ":" + interpolated + ";";
+                break;
+              }
+            default:
+              {
+                if (false) {}
+                string += _key + "{" + interpolated + "}";
+              }
+          }
+        }
+      }
+    }
+  }
+  return string;
+}
+var labelPattern = /label:\s*([^\s;\n{]+)\s*(;|$)/g;
+var sourceMapPattern;
+if (false) {} // this is the cursor for keyframes
+// keyframes are stored on the SerializedStyles object as a linked list
+
+var cursor;
+var emotion_serialize_browser_esm_serializeStyles = function serializeStyles(args, registered, mergedProps) {
+  if (args.length === 1 && typeof args[0] === 'object' && args[0] !== null && args[0].styles !== undefined) {
+    return args[0];
+  }
+  var stringMode = true;
+  var styles = '';
+  cursor = undefined;
+  var strings = args[0];
+  if (strings == null || strings.raw === undefined) {
+    stringMode = false;
+    styles += handleInterpolation(mergedProps, registered, strings);
+  } else {
+    if (false) {}
+    styles += strings[0];
+  } // we start at 1 since we've already handled the first arg
+
+  for (var i = 1; i < args.length; i++) {
+    styles += handleInterpolation(mergedProps, registered, args[i]);
+    if (stringMode) {
+      if (false) {}
+      styles += strings[i];
+    }
+  }
+  var sourceMap;
+  if (false) {} // using a global regex with .exec is stateful so lastIndex has to be reset each time
+
+  labelPattern.lastIndex = 0;
+  var identifierName = '';
+  var match; // https://esbench.com/bench/5b809c2cf2949800a0f61fb5
+
+  while ((match = labelPattern.exec(styles)) !== null) {
+    identifierName += '-' +
+    // $FlowFixMe we know it's not null
+    match[1];
+  }
+  var name = murmur2(styles) + identifierName;
+  if (false) {}
+  return {
+    name: name,
+    styles: styles,
+    next: cursor
+  };
+};
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/use-insertion-effect-with-fallbacks/dist/emotion-use-insertion-effect-with-fallbacks.browser.esm.js
+
+var syncFallback = function syncFallback(create) {
+  return create();
+};
+var useInsertionEffect = react_namespaceObject['useInsertion' + 'Effect'] ? react_namespaceObject['useInsertion' + 'Effect'] : false;
+var emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectAlwaysWithSyncFallback = useInsertionEffect || syncFallback;
+var emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectWithLayoutFallback = useInsertionEffect || react.useLayoutEffect;
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/react/dist/emotion-element-c39617d8.browser.esm.js
+
+
+
+
+
+
+
+
+
+var emotion_element_c39617d8_browser_esm_isBrowser = "object" !== 'undefined';
+var emotion_element_c39617d8_browser_esm_hasOwnProperty = {}.hasOwnProperty;
+var EmotionCacheContext = /* #__PURE__ */react.createContext(
+// we're doing this to avoid preconstruct's dead code elimination in this one case
+// because this module is primarily intended for the browser and node
+// but it's also required in react native and similar environments sometimes
+// and we could have a special build just for that
+// but this is much easier and the native packages
+// might use a different theme context in the future anyway
+typeof HTMLElement !== 'undefined' ? /* #__PURE__ */createCache({
+  key: 'css'
+}) : null);
+if (false) {}
+var CacheProvider = EmotionCacheContext.Provider;
+var __unsafe_useEmotionCache = function useEmotionCache() {
+  return useContext(EmotionCacheContext);
+};
+var emotion_element_c39617d8_browser_esm_withEmotionCache = function withEmotionCache(func) {
+  // $FlowFixMe
+  return /*#__PURE__*/(0,react.forwardRef)(function (props, ref) {
+    // the cache will never be null in the browser
+    var cache = (0,react.useContext)(EmotionCacheContext);
+    return func(props, cache, ref);
+  });
+};
+if (!emotion_element_c39617d8_browser_esm_isBrowser) {
+  emotion_element_c39617d8_browser_esm_withEmotionCache = function withEmotionCache(func) {
+    return function (props) {
+      var cache = (0,react.useContext)(EmotionCacheContext);
+      if (cache === null) {
+        // yes, we're potentially creating this on every render
+        // it doesn't actually matter though since it's only on the server
+        // so there will only every be a single render
+        // that could change in the future because of suspense and etc. but for now,
+        // this works and i don't want to optimise for a future thing that we aren't sure about
+        cache = createCache({
+          key: 'css'
+        });
+        return /*#__PURE__*/react.createElement(EmotionCacheContext.Provider, {
+          value: cache
+        }, func(props, cache));
+      } else {
+        return func(props, cache);
+      }
+    };
+  };
+}
+var emotion_element_c39617d8_browser_esm_ThemeContext = /* #__PURE__ */react.createContext({});
+if (false) {}
+var emotion_element_c39617d8_browser_esm_useTheme = function useTheme() {
+  return React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
+};
+var getTheme = function getTheme(outerTheme, theme) {
+  if (typeof theme === 'function') {
+    var mergedTheme = theme(outerTheme);
+    if (false) {}
+    return mergedTheme;
+  }
+  if (false) {}
+  return _extends({}, outerTheme, theme);
+};
+var createCacheWithTheme = /* #__PURE__ */(/* unused pure expression or super */ null && (weakMemoize(function (outerTheme) {
+  return weakMemoize(function (theme) {
+    return getTheme(outerTheme, theme);
+  });
+})));
+var emotion_element_c39617d8_browser_esm_ThemeProvider = function ThemeProvider(props) {
+  var theme = React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
+  if (props.theme !== theme) {
+    theme = createCacheWithTheme(theme)(props.theme);
+  }
+  return /*#__PURE__*/React.createElement(emotion_element_c39617d8_browser_esm_ThemeContext.Provider, {
+    value: theme
+  }, props.children);
+};
+function withTheme(Component) {
+  var componentName = Component.displayName || Component.name || 'Component';
+  var render = function render(props, ref) {
+    var theme = React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
+    return /*#__PURE__*/React.createElement(Component, _extends({
+      theme: theme,
+      ref: ref
+    }, props));
+  }; // $FlowFixMe
+
+  var WithTheme = /*#__PURE__*/React.forwardRef(render);
+  WithTheme.displayName = "WithTheme(" + componentName + ")";
+  return hoistNonReactStatics(WithTheme, Component);
+}
+var getLastPart = function getLastPart(functionName) {
+  // The match may be something like 'Object.createEmotionProps' or
+  // 'Loader.prototype.render'
+  var parts = functionName.split('.');
+  return parts[parts.length - 1];
+};
+var getFunctionNameFromStackTraceLine = function getFunctionNameFromStackTraceLine(line) {
+  // V8
+  var match = /^\s+at\s+([A-Za-z0-9$.]+)\s/.exec(line);
+  if (match) return getLastPart(match[1]); // Safari / Firefox
+
+  match = /^([A-Za-z0-9$.]+)@/.exec(line);
+  if (match) return getLastPart(match[1]);
+  return undefined;
+};
+var internalReactFunctionNames = /* #__PURE__ */new Set(['renderWithHooks', 'processChild', 'finishClassComponent', 'renderToString']); // These identifiers come from error stacks, so they have to be valid JS
+// identifiers, thus we only need to replace what is a valid character for JS,
+// but not for CSS.
+
+var sanitizeIdentifier = function sanitizeIdentifier(identifier) {
+  return identifier.replace(/\$/g, '-');
+};
+var getLabelFromStackTrace = function getLabelFromStackTrace(stackTrace) {
+  if (!stackTrace) return undefined;
+  var lines = stackTrace.split('\n');
+  for (var i = 0; i < lines.length; i++) {
+    var functionName = getFunctionNameFromStackTraceLine(lines[i]); // The first line of V8 stack traces is just "Error"
+
+    if (!functionName) continue; // If we reach one of these, we have gone too far and should quit
+
+    if (internalReactFunctionNames.has(functionName)) break; // The component name is the first function in the stack that starts with an
+    // uppercase letter
+
+    if (/^[A-Z]/.test(functionName)) return sanitizeIdentifier(functionName);
+  }
+  return undefined;
+};
+var typePropName = '__EMOTION_TYPE_PLEASE_DO_NOT_USE__';
+var labelPropName = '__EMOTION_LABEL_PLEASE_DO_NOT_USE__';
+var emotion_element_c39617d8_browser_esm_createEmotionProps = function createEmotionProps(type, props) {
+  if (false) {}
+  var newProps = {};
+  for (var key in props) {
+    if (emotion_element_c39617d8_browser_esm_hasOwnProperty.call(props, key)) {
+      newProps[key] = props[key];
+    }
+  }
+  newProps[typePropName] = type; // For performance, only call getLabelFromStackTrace in development and when
+  // the label hasn't already been computed
+
+  if (false) { var label; }
+  return newProps;
+};
+var Insertion = function Insertion(_ref) {
+  var cache = _ref.cache,
+    serialized = _ref.serialized,
+    isStringTag = _ref.isStringTag;
+  registerStyles(cache, serialized, isStringTag);
+  useInsertionEffectAlwaysWithSyncFallback(function () {
+    return insertStyles(cache, serialized, isStringTag);
+  });
+  return null;
+};
+var emotion_element_c39617d8_browser_esm_Emotion = /* #__PURE__ */(/* unused pure expression or super */ null && (emotion_element_c39617d8_browser_esm_withEmotionCache(function (props, cache, ref) {
+  var cssProp = props.css; // so that using `css` from `emotion` and passing the result to the css prop works
+  // not passing the registered cache to serializeStyles because it would
+  // make certain babel optimisations not possible
+
+  if (typeof cssProp === 'string' && cache.registered[cssProp] !== undefined) {
+    cssProp = cache.registered[cssProp];
+  }
+  var WrappedComponent = props[typePropName];
+  var registeredStyles = [cssProp];
+  var className = '';
+  if (typeof props.className === 'string') {
+    className = getRegisteredStyles(cache.registered, registeredStyles, props.className);
+  } else if (props.className != null) {
+    className = props.className + " ";
+  }
+  var serialized = serializeStyles(registeredStyles, undefined, React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext));
+  if (false) { var labelFromStack; }
+  className += cache.key + "-" + serialized.name;
+  var newProps = {};
+  for (var key in props) {
+    if (emotion_element_c39617d8_browser_esm_hasOwnProperty.call(props, key) && key !== 'css' && key !== typePropName && ( true || 0)) {
+      newProps[key] = props[key];
+    }
+  }
+  newProps.ref = ref;
+  newProps.className = className;
+  return /*#__PURE__*/React.createElement(React.Fragment, null, /*#__PURE__*/React.createElement(Insertion, {
+    cache: cache,
+    serialized: serialized,
+    isStringTag: typeof WrappedComponent === 'string'
+  }), /*#__PURE__*/React.createElement(WrappedComponent, newProps));
+})));
+if (false) {}
+var Emotion$1 = (/* unused pure expression or super */ null && (emotion_element_c39617d8_browser_esm_Emotion));
+
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeWithoutDefault.js
+
+
+function isObjectEmpty(obj) {
+  return Object.keys(obj).length === 0;
+}
+function useThemeWithoutDefault_useTheme() {
+  var defaultTheme = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;
+  var contextTheme = react.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
+  return !contextTheme || isObjectEmpty(contextTheme) ? defaultTheme : contextTheme;
+}
+/* harmony default export */ var useThemeWithoutDefault = (useThemeWithoutDefault_useTheme);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/ThemeProvider/ThemeProvider.js
+
+
+
+
+
+
+
+
+
+var EMPTY_THEME = {};
+function useThemeScoping(themeId, upperTheme, localTheme) {
+  var isPrivate = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
+  return react.useMemo(function () {
+    var resolvedTheme = themeId ? upperTheme[themeId] || upperTheme : upperTheme;
+    if (typeof localTheme === 'function') {
+      var mergedTheme = localTheme(resolvedTheme);
+      var result = themeId ? extends_extends({}, upperTheme, defineProperty_defineProperty({}, themeId, mergedTheme)) : mergedTheme;
+      // must return a function for the private theme to NOT merge with the upper theme.
+      // see the test case "use provided theme from a callback" in ThemeProvider.test.js
+      if (isPrivate) {
+        return function () {
+          return result;
+        };
+      }
+      return result;
+    }
+    return themeId ? extends_extends({}, upperTheme, defineProperty_defineProperty({}, themeId, localTheme)) : extends_extends({}, upperTheme, localTheme);
+  }, [themeId, upperTheme, localTheme, isPrivate]);
+}
+
+/**
+ * This component makes the `theme` available down the React tree.
+ * It should preferably be used at **the root of your component tree**.
+ *
+ * <ThemeProvider theme={theme}> // existing use case
+ * <ThemeProvider theme={{ id: theme }}> // theme scoping
+ */
+function ThemeProvider_ThemeProvider_ThemeProvider(props) {
+  var children = props.children,
+    localTheme = props.theme,
+    themeId = props.themeId;
+  var upperTheme = useThemeWithoutDefault(EMPTY_THEME);
+  var upperPrivateTheme = useTheme() || EMPTY_THEME;
+  if (false) {}
+  var engineTheme = useThemeScoping(themeId, upperTheme, localTheme);
+  var privateTheme = useThemeScoping(themeId, upperPrivateTheme, localTheme, true);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(ThemeProvider_ThemeProvider, {
+    theme: privateTheme,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(emotion_element_c39617d8_browser_esm_ThemeContext.Provider, {
+      value: engineTheme,
+      children: children
+    })
+  });
+}
+ false ? 0 : void 0;
+if (false) {}
+/* harmony default export */ var esm_ThemeProvider_ThemeProvider = (ThemeProvider_ThemeProvider_ThemeProvider);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/identifier.js
+/* harmony default export */ var styles_identifier = ('$$material');
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/ThemeProvider.js
+
+
+var ThemeProvider_excluded = ["theme"];
+
+
+
+
+
+function styles_ThemeProvider_ThemeProvider(_ref) {
+  var themeInput = _ref.theme,
+    props = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, ThemeProvider_excluded);
+  var scopedTheme = themeInput[styles_identifier];
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(esm_ThemeProvider_ThemeProvider, extends_extends({}, props, {
+    themeId: scopedTheme ? styles_identifier : undefined,
+    theme: scopedTheme || themeInput
+  }));
+}
+ false ? 0 : void 0;
+;// CONCATENATED MODULE: ./node_modules/clsx/dist/clsx.m.js
+function r(e) {
+  var t,
+    f,
+    n = "";
+  if ("string" == typeof e || "number" == typeof e) n += e;else if ("object" == typeof e) if (Array.isArray(e)) for (t = 0; t < e.length; t++) e[t] && (f = r(e[t])) && (n && (n += " "), n += f);else for (t in e) e[t] && (n && (n += " "), n += t);
+  return n;
+}
+function clsx() {
+  for (var e, t, f = 0, n = ""; f < arguments.length;) (e = arguments[f++]) && (t = r(e)) && (n && (n += " "), n += t);
+  return n;
+}
+/* harmony default export */ var clsx_m = (clsx);
+;// CONCATENATED MODULE: ./node_modules/@emotion/is-prop-valid/dist/emotion-is-prop-valid.esm.js
+
+var reactPropsRegex = /^((children|dangerouslySetInnerHTML|key|ref|autoFocus|defaultValue|defaultChecked|innerHTML|suppressContentEditableWarning|suppressHydrationWarning|valueLink|abbr|accept|acceptCharset|accessKey|action|allow|allowUserMedia|allowPaymentRequest|allowFullScreen|allowTransparency|alt|async|autoComplete|autoPlay|capture|cellPadding|cellSpacing|challenge|charSet|checked|cite|classID|className|cols|colSpan|content|contentEditable|contextMenu|controls|controlsList|coords|crossOrigin|data|dateTime|decoding|default|defer|dir|disabled|disablePictureInPicture|download|draggable|encType|enterKeyHint|form|formAction|formEncType|formMethod|formNoValidate|formTarget|frameBorder|headers|height|hidden|high|href|hrefLang|htmlFor|httpEquiv|id|inputMode|integrity|is|keyParams|keyType|kind|label|lang|list|loading|loop|low|marginHeight|marginWidth|max|maxLength|media|mediaGroup|method|min|minLength|multiple|muted|name|nonce|noValidate|open|optimum|pattern|placeholder|playsInline|poster|preload|profile|radioGroup|readOnly|referrerPolicy|rel|required|reversed|role|rows|rowSpan|sandbox|scope|scoped|scrolling|seamless|selected|shape|size|sizes|slot|span|spellCheck|src|srcDoc|srcLang|srcSet|start|step|style|summary|tabIndex|target|title|translate|type|useMap|value|width|wmode|wrap|about|datatype|inlist|prefix|property|resource|typeof|vocab|autoCapitalize|autoCorrect|autoSave|color|incremental|fallback|inert|itemProp|itemScope|itemType|itemID|itemRef|on|option|results|security|unselectable|accentHeight|accumulate|additive|alignmentBaseline|allowReorder|alphabetic|amplitude|arabicForm|ascent|attributeName|attributeType|autoReverse|azimuth|baseFrequency|baselineShift|baseProfile|bbox|begin|bias|by|calcMode|capHeight|clip|clipPathUnits|clipPath|clipRule|colorInterpolation|colorInterpolationFilters|colorProfile|colorRendering|contentScriptType|contentStyleType|cursor|cx|cy|d|decelerate|descent|diffuseConstant|direction|display|divisor|dominantBaseline|dur|dx|dy|edgeMode|elevation|enableBackground|end|exponent|externalResourcesRequired|fill|fillOpacity|fillRule|filter|filterRes|filterUnits|floodColor|floodOpacity|focusable|fontFamily|fontSize|fontSizeAdjust|fontStretch|fontStyle|fontVariant|fontWeight|format|from|fr|fx|fy|g1|g2|glyphName|glyphOrientationHorizontal|glyphOrientationVertical|glyphRef|gradientTransform|gradientUnits|hanging|horizAdvX|horizOriginX|ideographic|imageRendering|in|in2|intercept|k|k1|k2|k3|k4|kernelMatrix|kernelUnitLength|kerning|keyPoints|keySplines|keyTimes|lengthAdjust|letterSpacing|lightingColor|limitingConeAngle|local|markerEnd|markerMid|markerStart|markerHeight|markerUnits|markerWidth|mask|maskContentUnits|maskUnits|mathematical|mode|numOctaves|offset|opacity|operator|order|orient|orientation|origin|overflow|overlinePosition|overlineThickness|panose1|paintOrder|pathLength|patternContentUnits|patternTransform|patternUnits|pointerEvents|points|pointsAtX|pointsAtY|pointsAtZ|preserveAlpha|preserveAspectRatio|primitiveUnits|r|radius|refX|refY|renderingIntent|repeatCount|repeatDur|requiredExtensions|requiredFeatures|restart|result|rotate|rx|ry|scale|seed|shapeRendering|slope|spacing|specularConstant|specularExponent|speed|spreadMethod|startOffset|stdDeviation|stemh|stemv|stitchTiles|stopColor|stopOpacity|strikethroughPosition|strikethroughThickness|string|stroke|strokeDasharray|strokeDashoffset|strokeLinecap|strokeLinejoin|strokeMiterlimit|strokeOpacity|strokeWidth|surfaceScale|systemLanguage|tableValues|targetX|targetY|textAnchor|textDecoration|textRendering|textLength|to|transform|u1|u2|underlinePosition|underlineThickness|unicode|unicodeBidi|unicodeRange|unitsPerEm|vAlphabetic|vHanging|vIdeographic|vMathematical|values|vectorEffect|version|vertAdvY|vertOriginX|vertOriginY|viewBox|viewTarget|visibility|widths|wordSpacing|writingMode|x|xHeight|x1|x2|xChannelSelector|xlinkActuate|xlinkArcrole|xlinkHref|xlinkRole|xlinkShow|xlinkTitle|xlinkType|xmlBase|xmlns|xmlnsXlink|xmlLang|xmlSpace|y|y1|y2|yChannelSelector|z|zoomAndPan|for|class|autofocus)|(([Dd][Aa][Tt][Aa]|[Aa][Rr][Ii][Aa]|x)-.*))$/; // https://esbench.com/bench/5bfee68a4cd7e6009ef61d23
+
+var isPropValid = /* #__PURE__ */memoize(function (prop) {
+  return reactPropsRegex.test(prop) || prop.charCodeAt(0) === 111
+  /* o */ && prop.charCodeAt(1) === 110
+  /* n */ && prop.charCodeAt(2) < 91;
+}
+/* Z+1 */);
+
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/utils/dist/emotion-utils.browser.esm.js
+var emotion_utils_browser_esm_isBrowser = "object" !== 'undefined';
+function emotion_utils_browser_esm_getRegisteredStyles(registered, registeredStyles, classNames) {
+  var rawClassName = '';
+  classNames.split(' ').forEach(function (className) {
+    if (registered[className] !== undefined) {
+      registeredStyles.push(registered[className] + ";");
+    } else {
+      rawClassName += className + " ";
+    }
+  });
+  return rawClassName;
+}
+var emotion_utils_browser_esm_registerStyles = function registerStyles(cache, serialized, isStringTag) {
+  var className = cache.key + "-" + serialized.name;
+  if (
+  // we only need to add the styles to the registered cache if the
+  // class name could be used further down
+  // the tree but if it's a string tag, we know it won't
+  // so we don't have to add it to registered cache.
+  // this improves memory usage since we can avoid storing the whole style string
+  (isStringTag === false ||
+  // we need to always store it if we're in compat mode and
+  // in node since emotion-server relies on whether a style is in
+  // the registered cache to know whether a style is global or not
+  // also, note that this check will be dead code eliminated in the browser
+  emotion_utils_browser_esm_isBrowser === false) && cache.registered[className] === undefined) {
+    cache.registered[className] = serialized.styles;
+  }
+};
+var emotion_utils_browser_esm_insertStyles = function insertStyles(cache, serialized, isStringTag) {
+  emotion_utils_browser_esm_registerStyles(cache, serialized, isStringTag);
+  var className = cache.key + "-" + serialized.name;
+  if (cache.inserted[serialized.name] === undefined) {
+    var current = serialized;
+    do {
+      cache.insert(serialized === current ? "." + className : '', current, cache.sheet, true);
+      current = current.next;
+    } while (current !== undefined);
+  }
+};
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/styled/base/dist/emotion-styled-base.browser.esm.js
+
+
+
+
+
+
+
+var testOmitPropsOnStringTag = isPropValid;
+var testOmitPropsOnComponent = function testOmitPropsOnComponent(key) {
+  return key !== 'theme';
+};
+var getDefaultShouldForwardProp = function getDefaultShouldForwardProp(tag) {
+  return typeof tag === 'string' &&
+  // 96 is one less than the char code
+  // for "a" so this is checking that
+  // it's a lowercase character
+  tag.charCodeAt(0) > 96 ? testOmitPropsOnStringTag : testOmitPropsOnComponent;
+};
+var composeShouldForwardProps = function composeShouldForwardProps(tag, options, isReal) {
+  var shouldForwardProp;
+  if (options) {
+    var optionsShouldForwardProp = options.shouldForwardProp;
+    shouldForwardProp = tag.__emotion_forwardProp && optionsShouldForwardProp ? function (propName) {
+      return tag.__emotion_forwardProp(propName) && optionsShouldForwardProp(propName);
+    } : optionsShouldForwardProp;
+  }
+  if (typeof shouldForwardProp !== 'function' && isReal) {
+    shouldForwardProp = tag.__emotion_forwardProp;
+  }
+  return shouldForwardProp;
+};
+var emotion_styled_base_browser_esm_ILLEGAL_ESCAPE_SEQUENCE_ERROR = "You have illegal escape sequence in your template literal, most likely inside content's property value.\nBecause you write your CSS inside a JavaScript string you actually have to do double escaping, so for example \"content: '\\00d7';\" should become \"content: '\\\\00d7';\".\nYou can read more about this here:\nhttps://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#ES2018_revision_of_illegal_escape_sequences";
+var emotion_styled_base_browser_esm_Insertion = function Insertion(_ref) {
+  var cache = _ref.cache,
+    serialized = _ref.serialized,
+    isStringTag = _ref.isStringTag;
+  emotion_utils_browser_esm_registerStyles(cache, serialized, isStringTag);
+  emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectAlwaysWithSyncFallback(function () {
+    return emotion_utils_browser_esm_insertStyles(cache, serialized, isStringTag);
+  });
+  return null;
+};
+var createStyled = function createStyled(tag, options) {
+  if (false) {}
+  var isReal = tag.__emotion_real === tag;
+  var baseTag = isReal && tag.__emotion_base || tag;
+  var identifierName;
+  var targetClassName;
+  if (options !== undefined) {
+    identifierName = options.label;
+    targetClassName = options.target;
+  }
+  var shouldForwardProp = composeShouldForwardProps(tag, options, isReal);
+  var defaultShouldForwardProp = shouldForwardProp || getDefaultShouldForwardProp(baseTag);
+  var shouldUseAs = !defaultShouldForwardProp('as');
+  return function () {
+    var args = arguments;
+    var styles = isReal && tag.__emotion_styles !== undefined ? tag.__emotion_styles.slice(0) : [];
+    if (identifierName !== undefined) {
+      styles.push("label:" + identifierName + ";");
+    }
+    if (args[0] == null || args[0].raw === undefined) {
+      styles.push.apply(styles, args);
+    } else {
+      if (false) {}
+      styles.push(args[0][0]);
+      var len = args.length;
+      var i = 1;
+      for (; i < len; i++) {
+        if (false) {}
+        styles.push(args[i], args[0][i]);
+      }
+    } // $FlowFixMe: we need to cast StatelessFunctionalComponent to our PrivateStyledComponent class
+
+    var Styled = emotion_element_c39617d8_browser_esm_withEmotionCache(function (props, cache, ref) {
+      var FinalTag = shouldUseAs && props.as || baseTag;
+      var className = '';
+      var classInterpolations = [];
+      var mergedProps = props;
+      if (props.theme == null) {
+        mergedProps = {};
+        for (var key in props) {
+          mergedProps[key] = props[key];
+        }
+        mergedProps.theme = react.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
+      }
+      if (typeof props.className === 'string') {
+        className = emotion_utils_browser_esm_getRegisteredStyles(cache.registered, classInterpolations, props.className);
+      } else if (props.className != null) {
+        className = props.className + " ";
+      }
+      var serialized = emotion_serialize_browser_esm_serializeStyles(styles.concat(classInterpolations), cache.registered, mergedProps);
+      className += cache.key + "-" + serialized.name;
+      if (targetClassName !== undefined) {
+        className += " " + targetClassName;
+      }
+      var finalShouldForwardProp = shouldUseAs && shouldForwardProp === undefined ? getDefaultShouldForwardProp(FinalTag) : defaultShouldForwardProp;
+      var newProps = {};
+      for (var _key in props) {
+        if (shouldUseAs && _key === 'as') continue;
+        if (
+        // $FlowFixMe
+        finalShouldForwardProp(_key)) {
+          newProps[_key] = props[_key];
+        }
+      }
+      newProps.className = className;
+      newProps.ref = ref;
+      return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement(emotion_styled_base_browser_esm_Insertion, {
+        cache: cache,
+        serialized: serialized,
+        isStringTag: typeof FinalTag === 'string'
+      }), /*#__PURE__*/react.createElement(FinalTag, newProps));
+    });
+    Styled.displayName = identifierName !== undefined ? identifierName : "Styled(" + (typeof baseTag === 'string' ? baseTag : baseTag.displayName || baseTag.name || 'Component') + ")";
+    Styled.defaultProps = tag.defaultProps;
+    Styled.__emotion_real = Styled;
+    Styled.__emotion_base = baseTag;
+    Styled.__emotion_styles = styles;
+    Styled.__emotion_forwardProp = shouldForwardProp;
+    Object.defineProperty(Styled, 'toString', {
+      value: function value() {
+        if (targetClassName === undefined && "production" !== 'production') {} // $FlowFixMe: coerce undefined to string
+
+        return "." + targetClassName;
+      }
+    });
+    Styled.withComponent = function (nextTag, nextOptions) {
+      return createStyled(nextTag, extends_extends({}, options, nextOptions, {
+        shouldForwardProp: composeShouldForwardProps(Styled, nextOptions, true)
+      })).apply(void 0, styles);
+    };
+    return Styled;
+  };
+};
+
+;// CONCATENATED MODULE: ./node_modules/@emotion/styled/dist/emotion-styled.browser.esm.js
+
+
+
+
+
+
+
+
+var tags = ['a', 'abbr', 'address', 'area', 'article', 'aside', 'audio', 'b', 'base', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'cite', 'code', 'col', 'colgroup', 'data', 'datalist', 'dd', 'del', 'details', 'dfn', 'dialog', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'iframe', 'img', 'input', 'ins', 'kbd', 'keygen', 'label', 'legend', 'li', 'link', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meta', 'meter', 'nav', 'noscript', 'object', 'ol', 'optgroup', 'option', 'output', 'p', 'param', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'script', 'section', 'select', 'small', 'source', 'span', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'time', 'title', 'tr', 'track', 'u', 'ul', 'var', 'video', 'wbr',
+// SVG
+'circle', 'clipPath', 'defs', 'ellipse', 'foreignObject', 'g', 'image', 'line', 'linearGradient', 'mask', 'path', 'pattern', 'polygon', 'polyline', 'radialGradient', 'rect', 'stop', 'svg', 'text', 'tspan'];
+var newStyled = createStyled.bind();
+tags.forEach(function (tagName) {
+  // $FlowFixMe: we can ignore this because its exposed type is defined by the CreateStyled type
+  newStyled[tagName] = newStyled(tagName);
+});
+
+;// CONCATENATED MODULE: ./node_modules/@mui/styled-engine/index.js
+/**
+ * @mui/styled-engine v5.13.2
+ *
+ * @license MIT
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+/* eslint-disable no-underscore-dangle */
+
+function styled(tag, options) {
+  var stylesFactory = newStyled(tag, options);
+  if (false) {}
+  return stylesFactory;
+}
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+var internal_processStyles = function internal_processStyles(tag, processor) {
+  // Emotion attaches all the styles as `__emotion_styles`.
+  // Ref: https://github.com/emotion-js/emotion/blob/16d971d0da229596d6bcc39d282ba9753c9ee7cf/packages/styled/src/base.js#L186
+  if (Array.isArray(tag.__emotion_styles)) {
+    tag.__emotion_styles = processor(tag.__emotion_styles);
+  }
+};
+
+
+
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/formatMuiErrorMessage.js
+/**
+ * WARNING: Don't import this directly.
+ * Use `MuiError` from `@mui/utils/macros/MuiError.macro` instead.
+ * @param {number} code
+ */
+function formatMuiErrorMessage(code) {
+  // Apply babel-plugin-transform-template-literals in loose mode
+  // loose mode is safe iff we're concatenating primitives
+  // see https://babeljs.io/docs/en/babel-plugin-transform-template-literals#loose
+  /* eslint-disable prefer-template */
+  var url = 'https://mui.com/production-error/?code=' + code;
+  for (var i = 1; i < arguments.length; i += 1) {
+    // rest params over-transpile for this case
+    // eslint-disable-next-line prefer-rest-params
+    url += '&args[]=' + encodeURIComponent(arguments[i]);
+  }
+  return 'Minified MUI error #' + code + '; visit ' + url + ' for the full message.';
+  /* eslint-enable prefer-template */
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/capitalize.js
+
+// It should to be noted that this function isn't equivalent to `text-transform: capitalize`.
+//
+// A strict capitalization should uppercase the first letter of each word in the sentence.
+// We only handle the first word.
+function capitalize(string) {
+  if (typeof string !== 'string') {
+    throw new Error( false ? 0 : formatMuiErrorMessage(7));
+  }
+  return string.charAt(0).toUpperCase() + string.slice(1);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/deepmerge.js
+
+function isPlainObject(item) {
+  return item !== null && typeof item === 'object' && item.constructor === Object;
+}
+function deepClone(source) {
+  if (!isPlainObject(source)) {
+    return source;
+  }
+  var output = {};
+  Object.keys(source).forEach(function (key) {
+    output[key] = deepClone(source[key]);
+  });
+  return output;
+}
+function deepmerge_deepmerge(target, source) {
+  var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
+    clone: true
+  };
+  var output = options.clone ? _objectSpread2({}, target) : target;
+  if (isPlainObject(target) && isPlainObject(source)) {
+    Object.keys(source).forEach(function (key) {
+      // Avoid prototype pollution
+      if (key === '__proto__') {
+        return;
+      }
+      if (isPlainObject(source[key]) && key in target && isPlainObject(target[key])) {
+        // Since `output` is a clone of `target` and we have narrowed `target` in this block we can cast to the same type.
+        output[key] = deepmerge_deepmerge(target[key], source[key], options);
+      } else if (options.clone) {
+        output[key] = isPlainObject(source[key]) ? deepClone(source[key]) : source[key];
+      } else {
+        output[key] = source[key];
+      }
+    });
+  }
+  return output;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/merge.js
+
+function merge_merge(acc, item) {
+  if (!item) {
+    return acc;
+  }
+  return deepmerge_deepmerge(acc, item, {
+    clone: false // No need to clone deep, it's way faster.
+  });
+}
+
+/* harmony default export */ var esm_merge = (merge_merge);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/breakpoints.js
+
+
+
+
+
+
+// The breakpoint **start** at this value.
+// For instance with the first breakpoint xs: [xs, sm[.
+var values = {
+  xs: 0,
+  // phone
+  sm: 600,
+  // tablet
+  md: 900,
+  // small laptop
+  lg: 1200,
+  // desktop
+  xl: 1536 // large screen
+};
+
+var defaultBreakpoints = {
+  // Sorted ASC by size. That's important.
+  // It can't be configured as it's used statically for propTypes.
+  keys: ['xs', 'sm', 'md', 'lg', 'xl'],
+  up: function up(key) {
+    return "@media (min-width:".concat(values[key], "px)");
+  }
+};
+function handleBreakpoints(props, propValue, styleFromPropValue) {
+  var theme = props.theme || {};
+  if (Array.isArray(propValue)) {
+    var themeBreakpoints = theme.breakpoints || defaultBreakpoints;
+    return propValue.reduce(function (acc, item, index) {
+      acc[themeBreakpoints.up(themeBreakpoints.keys[index])] = styleFromPropValue(propValue[index]);
+      return acc;
+    }, {});
+  }
+  if (typeof propValue === 'object') {
+    var _themeBreakpoints = theme.breakpoints || defaultBreakpoints;
+    return Object.keys(propValue).reduce(function (acc, breakpoint) {
+      // key is breakpoint
+      if (Object.keys(_themeBreakpoints.values || values).indexOf(breakpoint) !== -1) {
+        var mediaKey = _themeBreakpoints.up(breakpoint);
+        acc[mediaKey] = styleFromPropValue(propValue[breakpoint], breakpoint);
+      } else {
+        var cssKey = breakpoint;
+        acc[cssKey] = propValue[cssKey];
+      }
+      return acc;
+    }, {});
+  }
+  var output = styleFromPropValue(propValue);
+  return output;
+}
+function breakpoints(styleFunction) {
+  // false positive
+  // eslint-disable-next-line react/function-component-definition
+  var newStyleFunction = function newStyleFunction(props) {
+    var theme = props.theme || {};
+    var base = styleFunction(props);
+    var themeBreakpoints = theme.breakpoints || defaultBreakpoints;
+    var extended = themeBreakpoints.keys.reduce(function (acc, key) {
+      if (props[key]) {
+        acc = acc || {};
+        acc[themeBreakpoints.up(key)] = styleFunction(_extends({
+          theme: theme
+        }, props[key]));
+      }
+      return acc;
+    }, null);
+    return merge(base, extended);
+  };
+  newStyleFunction.propTypes =  false ? 0 : {};
+  newStyleFunction.filterProps = ['xs', 'sm', 'md', 'lg', 'xl'].concat(_toConsumableArray(styleFunction.filterProps));
+  return newStyleFunction;
+}
+function createEmptyBreakpointObject() {
+  var breakpointsInput = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var _breakpointsInput$key;
+  var breakpointsInOrder = (_breakpointsInput$key = breakpointsInput.keys) == null ? void 0 : _breakpointsInput$key.reduce(function (acc, key) {
+    var breakpointStyleKey = breakpointsInput.up(key);
+    acc[breakpointStyleKey] = {};
+    return acc;
+  }, {});
+  return breakpointsInOrder || {};
+}
+function removeUnusedBreakpoints(breakpointKeys, style) {
+  return breakpointKeys.reduce(function (acc, key) {
+    var breakpointOutput = acc[key];
+    var isBreakpointUnused = !breakpointOutput || Object.keys(breakpointOutput).length === 0;
+    if (isBreakpointUnused) {
+      delete acc[key];
+    }
+    return acc;
+  }, style);
+}
+function mergeBreakpointsInOrder(breakpointsInput) {
+  var emptyBreakpoints = createEmptyBreakpointObject(breakpointsInput);
+  for (var _len = arguments.length, styles = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+    styles[_key - 1] = arguments[_key];
+  }
+  var mergedOutput = [emptyBreakpoints].concat(styles).reduce(function (prev, next) {
+    return deepmerge(prev, next);
+  }, {});
+  return removeUnusedBreakpoints(Object.keys(emptyBreakpoints), mergedOutput);
+}
+
+// compute base for responsive values; e.g.,
+// [1,2,3] => {xs: true, sm: true, md: true}
+// {xs: 1, sm: 2, md: 3} => {xs: true, sm: true, md: true}
+function computeBreakpointsBase(breakpointValues, themeBreakpoints) {
+  // fixed value
+  if (typeof breakpointValues !== 'object') {
+    return {};
+  }
+  var base = {};
+  var breakpointsKeys = Object.keys(themeBreakpoints);
+  if (Array.isArray(breakpointValues)) {
+    breakpointsKeys.forEach(function (breakpoint, i) {
+      if (i < breakpointValues.length) {
+        base[breakpoint] = true;
+      }
+    });
+  } else {
+    breakpointsKeys.forEach(function (breakpoint) {
+      if (breakpointValues[breakpoint] != null) {
+        base[breakpoint] = true;
+      }
+    });
+  }
+  return base;
+}
+function resolveBreakpointValues(_ref) {
+  var breakpointValues = _ref.values,
+    themeBreakpoints = _ref.breakpoints,
+    customBase = _ref.base;
+  var base = customBase || computeBreakpointsBase(breakpointValues, themeBreakpoints);
+  var keys = Object.keys(base);
+  if (keys.length === 0) {
+    return breakpointValues;
+  }
+  var previous;
+  return keys.reduce(function (acc, breakpoint, i) {
+    if (Array.isArray(breakpointValues)) {
+      acc[breakpoint] = breakpointValues[i] != null ? breakpointValues[i] : breakpointValues[previous];
+      previous = i;
+    } else if (typeof breakpointValues === 'object') {
+      acc[breakpoint] = breakpointValues[breakpoint] != null ? breakpointValues[breakpoint] : breakpointValues[previous];
+      previous = breakpoint;
+    } else {
+      acc[breakpoint] = breakpointValues;
+    }
+    return acc;
+  }, {});
+}
+/* harmony default export */ var esm_breakpoints = ((/* unused pure expression or super */ null && (breakpoints)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/style.js
+
+
+
+
+function getPath(obj, path) {
+  var checkVars = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
+  if (!path || typeof path !== 'string') {
+    return null;
+  }
+
+  // Check if CSS variables are used
+  if (obj && obj.vars && checkVars) {
+    var val = "vars.".concat(path).split('.').reduce(function (acc, item) {
+      return acc && acc[item] ? acc[item] : null;
+    }, obj);
+    if (val != null) {
+      return val;
+    }
+  }
+  return path.split('.').reduce(function (acc, item) {
+    if (acc && acc[item] != null) {
+      return acc[item];
+    }
+    return null;
+  }, obj);
+}
+function getStyleValue(themeMapping, transform, propValueFinal) {
+  var userValue = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : propValueFinal;
+  var value;
+  if (typeof themeMapping === 'function') {
+    value = themeMapping(propValueFinal);
+  } else if (Array.isArray(themeMapping)) {
+    value = themeMapping[propValueFinal] || userValue;
+  } else {
+    value = getPath(themeMapping, propValueFinal) || userValue;
+  }
+  if (transform) {
+    value = transform(value, userValue, themeMapping);
+  }
+  return value;
+}
+function style(options) {
+  var prop = options.prop,
+    _options$cssProperty = options.cssProperty,
+    cssProperty = _options$cssProperty === void 0 ? options.prop : _options$cssProperty,
+    themeKey = options.themeKey,
+    transform = options.transform;
+
+  // false positive
+  // eslint-disable-next-line react/function-component-definition
+  var fn = function fn(props) {
+    if (props[prop] == null) {
+      return null;
+    }
+    var propValue = props[prop];
+    var theme = props.theme;
+    var themeMapping = getPath(theme, themeKey) || {};
+    var styleFromPropValue = function styleFromPropValue(propValueFinal) {
+      var value = getStyleValue(themeMapping, transform, propValueFinal);
+      if (propValueFinal === value && typeof propValueFinal === 'string') {
+        // Haven't found value
+        value = getStyleValue(themeMapping, transform, "".concat(prop).concat(propValueFinal === 'default' ? '' : capitalize(propValueFinal)), propValueFinal);
+      }
+      if (cssProperty === false) {
+        return value;
+      }
+      return defineProperty_defineProperty({}, cssProperty, value);
+    };
+    return handleBreakpoints(props, propValue, styleFromPropValue);
+  };
+  fn.propTypes =  false ? 0 : {};
+  fn.filterProps = [prop];
+  return fn;
+}
+/* harmony default export */ var esm_style = (style);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/memoize.js
+function memoize_memoize(fn) {
+  var cache = {};
+  return function (arg) {
+    if (cache[arg] === undefined) {
+      cache[arg] = fn(arg);
+    }
+    return cache[arg];
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/spacing.js
+
+
+
+
+
+
+var properties = {
+  m: 'margin',
+  p: 'padding'
+};
+var directions = {
+  t: 'Top',
+  r: 'Right',
+  b: 'Bottom',
+  l: 'Left',
+  x: ['Left', 'Right'],
+  y: ['Top', 'Bottom']
+};
+var aliases = {
+  marginX: 'mx',
+  marginY: 'my',
+  paddingX: 'px',
+  paddingY: 'py'
+};
+
+// memoize() impact:
+// From 300,000 ops/sec
+// To 350,000 ops/sec
+var getCssProperties = memoize_memoize(function (prop) {
+  // It's not a shorthand notation.
+  if (prop.length > 2) {
+    if (aliases[prop]) {
+      prop = aliases[prop];
+    } else {
+      return [prop];
+    }
+  }
+  var _prop$split = prop.split(''),
+    _prop$split2 = slicedToArray_slicedToArray(_prop$split, 2),
+    a = _prop$split2[0],
+    b = _prop$split2[1];
+  var property = properties[a];
+  var direction = directions[b] || '';
+  return Array.isArray(direction) ? direction.map(function (dir) {
+    return property + dir;
+  }) : [property + direction];
+});
+var marginKeys = ['m', 'mt', 'mr', 'mb', 'ml', 'mx', 'my', 'margin', 'marginTop', 'marginRight', 'marginBottom', 'marginLeft', 'marginX', 'marginY', 'marginInline', 'marginInlineStart', 'marginInlineEnd', 'marginBlock', 'marginBlockStart', 'marginBlockEnd'];
+var paddingKeys = ['p', 'pt', 'pr', 'pb', 'pl', 'px', 'py', 'padding', 'paddingTop', 'paddingRight', 'paddingBottom', 'paddingLeft', 'paddingX', 'paddingY', 'paddingInline', 'paddingInlineStart', 'paddingInlineEnd', 'paddingBlock', 'paddingBlockStart', 'paddingBlockEnd'];
+var spacingKeys = [].concat(marginKeys, paddingKeys);
+function createUnaryUnit(theme, themeKey, defaultValue, propName) {
+  var _getPath;
+  var themeSpacing = (_getPath = getPath(theme, themeKey, false)) != null ? _getPath : defaultValue;
+  if (typeof themeSpacing === 'number') {
+    return function (abs) {
+      if (typeof abs === 'string') {
+        return abs;
+      }
+      if (false) {}
+      return themeSpacing * abs;
+    };
+  }
+  if (Array.isArray(themeSpacing)) {
+    return function (abs) {
+      if (typeof abs === 'string') {
+        return abs;
+      }
+      if (false) {}
+      return themeSpacing[abs];
+    };
+  }
+  if (typeof themeSpacing === 'function') {
+    return themeSpacing;
+  }
+  if (false) {}
+  return function () {
+    return undefined;
+  };
+}
+function createUnarySpacing(theme) {
+  return createUnaryUnit(theme, 'spacing', 8, 'spacing');
+}
+function getValue(transformer, propValue) {
+  if (typeof propValue === 'string' || propValue == null) {
+    return propValue;
+  }
+  var abs = Math.abs(propValue);
+  var transformed = transformer(abs);
+  if (propValue >= 0) {
+    return transformed;
+  }
+  if (typeof transformed === 'number') {
+    return -transformed;
+  }
+  return "-".concat(transformed);
+}
+function getStyleFromPropValue(cssProperties, transformer) {
+  return function (propValue) {
+    return cssProperties.reduce(function (acc, cssProperty) {
+      acc[cssProperty] = getValue(transformer, propValue);
+      return acc;
+    }, {});
+  };
+}
+function resolveCssProperty(props, keys, prop, transformer) {
+  // Using a hash computation over an array iteration could be faster, but with only 28 items,
+  // it's doesn't worth the bundle size.
+  if (keys.indexOf(prop) === -1) {
+    return null;
+  }
+  var cssProperties = getCssProperties(prop);
+  var styleFromPropValue = getStyleFromPropValue(cssProperties, transformer);
+  var propValue = props[prop];
+  return handleBreakpoints(props, propValue, styleFromPropValue);
+}
+function spacing_style(props, keys) {
+  var transformer = createUnarySpacing(props.theme);
+  return Object.keys(props).map(function (prop) {
+    return resolveCssProperty(props, keys, prop, transformer);
+  }).reduce(esm_merge, {});
+}
+function margin(props) {
+  return spacing_style(props, marginKeys);
+}
+margin.propTypes =  false ? 0 : {};
+margin.filterProps = marginKeys;
+function padding(props) {
+  return spacing_style(props, paddingKeys);
+}
+padding.propTypes =  false ? 0 : {};
+padding.filterProps = paddingKeys;
+function spacing(props) {
+  return spacing_style(props, spacingKeys);
+}
+spacing.propTypes =  false ? 0 : {};
+spacing.filterProps = spacingKeys;
+/* harmony default export */ var esm_spacing = ((/* unused pure expression or super */ null && (spacing)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/compose.js
+
+function compose() {
+  for (var _len = arguments.length, styles = new Array(_len), _key = 0; _key < _len; _key++) {
+    styles[_key] = arguments[_key];
+  }
+  var handlers = styles.reduce(function (acc, style) {
+    style.filterProps.forEach(function (prop) {
+      acc[prop] = style;
+    });
+    return acc;
+  }, {});
+
+  // false positive
+  // eslint-disable-next-line react/function-component-definition
+  var fn = function fn(props) {
+    return Object.keys(props).reduce(function (acc, prop) {
+      if (handlers[prop]) {
+        return esm_merge(acc, handlers[prop](props));
+      }
+      return acc;
+    }, {});
+  };
+  fn.propTypes =  false ? 0 : {};
+  fn.filterProps = styles.reduce(function (acc, style) {
+    return acc.concat(style.filterProps);
+  }, []);
+  return fn;
+}
+/* harmony default export */ var esm_compose = (compose);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/borders.js
+
+
+
+
+
+function borderTransform(value) {
+  if (typeof value !== 'number') {
+    return value;
+  }
+  return "".concat(value, "px solid");
+}
+var border = esm_style({
+  prop: 'border',
+  themeKey: 'borders',
+  transform: borderTransform
+});
+var borderTop = esm_style({
+  prop: 'borderTop',
+  themeKey: 'borders',
+  transform: borderTransform
+});
+var borderRight = esm_style({
+  prop: 'borderRight',
+  themeKey: 'borders',
+  transform: borderTransform
+});
+var borderBottom = esm_style({
+  prop: 'borderBottom',
+  themeKey: 'borders',
+  transform: borderTransform
+});
+var borderLeft = esm_style({
+  prop: 'borderLeft',
+  themeKey: 'borders',
+  transform: borderTransform
+});
+var borderColor = esm_style({
+  prop: 'borderColor',
+  themeKey: 'palette'
+});
+var borderTopColor = esm_style({
+  prop: 'borderTopColor',
+  themeKey: 'palette'
+});
+var borderRightColor = esm_style({
+  prop: 'borderRightColor',
+  themeKey: 'palette'
+});
+var borderBottomColor = esm_style({
+  prop: 'borderBottomColor',
+  themeKey: 'palette'
+});
+var borderLeftColor = esm_style({
+  prop: 'borderLeftColor',
+  themeKey: 'palette'
+});
+
+// false positive
+// eslint-disable-next-line react/function-component-definition
+var borderRadius = function borderRadius(props) {
+  if (props.borderRadius !== undefined && props.borderRadius !== null) {
+    var transformer = createUnaryUnit(props.theme, 'shape.borderRadius', 4, 'borderRadius');
+    var styleFromPropValue = function styleFromPropValue(propValue) {
+      return {
+        borderRadius: getValue(transformer, propValue)
+      };
+    };
+    return handleBreakpoints(props, props.borderRadius, styleFromPropValue);
+  }
+  return null;
+};
+borderRadius.propTypes =  false ? 0 : {};
+borderRadius.filterProps = ['borderRadius'];
+var borders = esm_compose(border, borderTop, borderRight, borderBottom, borderLeft, borderColor, borderTopColor, borderRightColor, borderBottomColor, borderLeftColor, borderRadius);
+/* harmony default export */ var esm_borders = ((/* unused pure expression or super */ null && (borders)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/cssGrid.js
+
+
+
+
+
+
+// false positive
+// eslint-disable-next-line react/function-component-definition
+var gap = function gap(props) {
+  if (props.gap !== undefined && props.gap !== null) {
+    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'gap');
+    var styleFromPropValue = function styleFromPropValue(propValue) {
+      return {
+        gap: getValue(transformer, propValue)
+      };
+    };
+    return handleBreakpoints(props, props.gap, styleFromPropValue);
+  }
+  return null;
+};
+gap.propTypes =  false ? 0 : {};
+gap.filterProps = ['gap'];
+
+// false positive
+// eslint-disable-next-line react/function-component-definition
+var columnGap = function columnGap(props) {
+  if (props.columnGap !== undefined && props.columnGap !== null) {
+    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'columnGap');
+    var styleFromPropValue = function styleFromPropValue(propValue) {
+      return {
+        columnGap: getValue(transformer, propValue)
+      };
+    };
+    return handleBreakpoints(props, props.columnGap, styleFromPropValue);
+  }
+  return null;
+};
+columnGap.propTypes =  false ? 0 : {};
+columnGap.filterProps = ['columnGap'];
+
+// false positive
+// eslint-disable-next-line react/function-component-definition
+var rowGap = function rowGap(props) {
+  if (props.rowGap !== undefined && props.rowGap !== null) {
+    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'rowGap');
+    var styleFromPropValue = function styleFromPropValue(propValue) {
+      return {
+        rowGap: getValue(transformer, propValue)
+      };
+    };
+    return handleBreakpoints(props, props.rowGap, styleFromPropValue);
+  }
+  return null;
+};
+rowGap.propTypes =  false ? 0 : {};
+rowGap.filterProps = ['rowGap'];
+var gridColumn = esm_style({
+  prop: 'gridColumn'
+});
+var gridRow = esm_style({
+  prop: 'gridRow'
+});
+var gridAutoFlow = esm_style({
+  prop: 'gridAutoFlow'
+});
+var gridAutoColumns = esm_style({
+  prop: 'gridAutoColumns'
+});
+var gridAutoRows = esm_style({
+  prop: 'gridAutoRows'
+});
+var gridTemplateColumns = esm_style({
+  prop: 'gridTemplateColumns'
+});
+var gridTemplateRows = esm_style({
+  prop: 'gridTemplateRows'
+});
+var gridTemplateAreas = esm_style({
+  prop: 'gridTemplateAreas'
+});
+var gridArea = esm_style({
+  prop: 'gridArea'
+});
+var grid = esm_compose(gap, columnGap, rowGap, gridColumn, gridRow, gridAutoFlow, gridAutoColumns, gridAutoRows, gridTemplateColumns, gridTemplateRows, gridTemplateAreas, gridArea);
+/* harmony default export */ var cssGrid = ((/* unused pure expression or super */ null && (grid)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/palette.js
+
+
+function paletteTransform(value, userValue) {
+  if (userValue === 'grey') {
+    return userValue;
+  }
+  return value;
+}
+var color = esm_style({
+  prop: 'color',
+  themeKey: 'palette',
+  transform: paletteTransform
+});
+var bgcolor = esm_style({
+  prop: 'bgcolor',
+  cssProperty: 'backgroundColor',
+  themeKey: 'palette',
+  transform: paletteTransform
+});
+var backgroundColor = esm_style({
+  prop: 'backgroundColor',
+  themeKey: 'palette',
+  transform: paletteTransform
+});
+var palette = esm_compose(color, bgcolor, backgroundColor);
+/* harmony default export */ var esm_palette = ((/* unused pure expression or super */ null && (palette)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/sizing.js
+
+
+
+function sizingTransform(value) {
+  return value <= 1 && value !== 0 ? "".concat(value * 100, "%") : value;
+}
+var width = esm_style({
+  prop: 'width',
+  transform: sizingTransform
+});
+var maxWidth = function maxWidth(props) {
+  if (props.maxWidth !== undefined && props.maxWidth !== null) {
+    var styleFromPropValue = function styleFromPropValue(propValue) {
+      var _props$theme, _props$theme$breakpoi, _props$theme$breakpoi2;
+      var breakpoint = ((_props$theme = props.theme) == null ? void 0 : (_props$theme$breakpoi = _props$theme.breakpoints) == null ? void 0 : (_props$theme$breakpoi2 = _props$theme$breakpoi.values) == null ? void 0 : _props$theme$breakpoi2[propValue]) || values[propValue];
+      return {
+        maxWidth: breakpoint || sizingTransform(propValue)
+      };
+    };
+    return handleBreakpoints(props, props.maxWidth, styleFromPropValue);
+  }
+  return null;
+};
+maxWidth.filterProps = ['maxWidth'];
+var minWidth = esm_style({
+  prop: 'minWidth',
+  transform: sizingTransform
+});
+var height = esm_style({
+  prop: 'height',
+  transform: sizingTransform
+});
+var maxHeight = esm_style({
+  prop: 'maxHeight',
+  transform: sizingTransform
+});
+var minHeight = esm_style({
+  prop: 'minHeight',
+  transform: sizingTransform
+});
+var sizeWidth = esm_style({
+  prop: 'size',
+  cssProperty: 'width',
+  transform: sizingTransform
+});
+var sizeHeight = esm_style({
+  prop: 'size',
+  cssProperty: 'height',
+  transform: sizingTransform
+});
+var boxSizing = esm_style({
+  prop: 'boxSizing'
+});
+var sizing = esm_compose(width, maxWidth, minWidth, height, maxHeight, minHeight, boxSizing);
+/* harmony default export */ var esm_sizing = ((/* unused pure expression or super */ null && (sizing)));
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/defaultSxConfig.js
+
+
+
+
+
+var defaultSxConfig = {
+  // borders
+  border: {
+    themeKey: 'borders',
+    transform: borderTransform
+  },
+  borderTop: {
+    themeKey: 'borders',
+    transform: borderTransform
+  },
+  borderRight: {
+    themeKey: 'borders',
+    transform: borderTransform
+  },
+  borderBottom: {
+    themeKey: 'borders',
+    transform: borderTransform
+  },
+  borderLeft: {
+    themeKey: 'borders',
+    transform: borderTransform
+  },
+  borderColor: {
+    themeKey: 'palette'
+  },
+  borderTopColor: {
+    themeKey: 'palette'
+  },
+  borderRightColor: {
+    themeKey: 'palette'
+  },
+  borderBottomColor: {
+    themeKey: 'palette'
+  },
+  borderLeftColor: {
+    themeKey: 'palette'
+  },
+  borderRadius: {
+    themeKey: 'shape.borderRadius',
+    style: borderRadius
+  },
+  // palette
+  color: {
+    themeKey: 'palette',
+    transform: paletteTransform
+  },
+  bgcolor: {
+    themeKey: 'palette',
+    cssProperty: 'backgroundColor',
+    transform: paletteTransform
+  },
+  backgroundColor: {
+    themeKey: 'palette',
+    transform: paletteTransform
+  },
+  // spacing
+  p: {
+    style: padding
+  },
+  pt: {
+    style: padding
+  },
+  pr: {
+    style: padding
+  },
+  pb: {
+    style: padding
+  },
+  pl: {
+    style: padding
+  },
+  px: {
+    style: padding
+  },
+  py: {
+    style: padding
+  },
+  padding: {
+    style: padding
+  },
+  paddingTop: {
+    style: padding
+  },
+  paddingRight: {
+    style: padding
+  },
+  paddingBottom: {
+    style: padding
+  },
+  paddingLeft: {
+    style: padding
+  },
+  paddingX: {
+    style: padding
+  },
+  paddingY: {
+    style: padding
+  },
+  paddingInline: {
+    style: padding
+  },
+  paddingInlineStart: {
+    style: padding
+  },
+  paddingInlineEnd: {
+    style: padding
+  },
+  paddingBlock: {
+    style: padding
+  },
+  paddingBlockStart: {
+    style: padding
+  },
+  paddingBlockEnd: {
+    style: padding
+  },
+  m: {
+    style: margin
+  },
+  mt: {
+    style: margin
+  },
+  mr: {
+    style: margin
+  },
+  mb: {
+    style: margin
+  },
+  ml: {
+    style: margin
+  },
+  mx: {
+    style: margin
+  },
+  my: {
+    style: margin
+  },
+  margin: {
+    style: margin
+  },
+  marginTop: {
+    style: margin
+  },
+  marginRight: {
+    style: margin
+  },
+  marginBottom: {
+    style: margin
+  },
+  marginLeft: {
+    style: margin
+  },
+  marginX: {
+    style: margin
+  },
+  marginY: {
+    style: margin
+  },
+  marginInline: {
+    style: margin
+  },
+  marginInlineStart: {
+    style: margin
+  },
+  marginInlineEnd: {
+    style: margin
+  },
+  marginBlock: {
+    style: margin
+  },
+  marginBlockStart: {
+    style: margin
+  },
+  marginBlockEnd: {
+    style: margin
+  },
+  // display
+  displayPrint: {
+    cssProperty: false,
+    transform: function transform(value) {
+      return {
+        '@media print': {
+          display: value
+        }
+      };
+    }
+  },
+  display: {},
+  overflow: {},
+  textOverflow: {},
+  visibility: {},
+  whiteSpace: {},
+  // flexbox
+  flexBasis: {},
+  flexDirection: {},
+  flexWrap: {},
+  justifyContent: {},
+  alignItems: {},
+  alignContent: {},
+  order: {},
+  flex: {},
+  flexGrow: {},
+  flexShrink: {},
+  alignSelf: {},
+  justifyItems: {},
+  justifySelf: {},
+  // grid
+  gap: {
+    style: gap
+  },
+  rowGap: {
+    style: rowGap
+  },
+  columnGap: {
+    style: columnGap
+  },
+  gridColumn: {},
+  gridRow: {},
+  gridAutoFlow: {},
+  gridAutoColumns: {},
+  gridAutoRows: {},
+  gridTemplateColumns: {},
+  gridTemplateRows: {},
+  gridTemplateAreas: {},
+  gridArea: {},
+  // positions
+  position: {},
+  zIndex: {
+    themeKey: 'zIndex'
+  },
+  top: {},
+  right: {},
+  bottom: {},
+  left: {},
+  // shadows
+  boxShadow: {
+    themeKey: 'shadows'
+  },
+  // sizing
+  width: {
+    transform: sizingTransform
+  },
+  maxWidth: {
+    style: maxWidth
+  },
+  minWidth: {
+    transform: sizingTransform
+  },
+  height: {
+    transform: sizingTransform
+  },
+  maxHeight: {
+    transform: sizingTransform
+  },
+  minHeight: {
+    transform: sizingTransform
+  },
+  boxSizing: {},
+  // typography
+  fontFamily: {
+    themeKey: 'typography'
+  },
+  fontSize: {
+    themeKey: 'typography'
+  },
+  fontStyle: {
+    themeKey: 'typography'
+  },
+  fontWeight: {
+    themeKey: 'typography'
+  },
+  letterSpacing: {},
+  textTransform: {},
+  lineHeight: {},
+  textAlign: {},
+  typography: {
+    cssProperty: false,
+    themeKey: 'typography'
+  }
+};
+/* harmony default export */ var styleFunctionSx_defaultSxConfig = (defaultSxConfig);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/styleFunctionSx.js
+
+
+
+
+
+
+function objectsHaveSameKeys() {
+  for (var _len = arguments.length, objects = new Array(_len), _key = 0; _key < _len; _key++) {
+    objects[_key] = arguments[_key];
+  }
+  var allKeys = objects.reduce(function (keys, object) {
+    return keys.concat(Object.keys(object));
+  }, []);
+  var union = new Set(allKeys);
+  return objects.every(function (object) {
+    return union.size === Object.keys(object).length;
+  });
+}
+function callIfFn(maybeFn, arg) {
+  return typeof maybeFn === 'function' ? maybeFn(arg) : maybeFn;
+}
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+function unstable_createStyleFunctionSx() {
+  function getThemeValue(prop, val, theme, config) {
+    var _props;
+    var props = (_props = {}, defineProperty_defineProperty(_props, prop, val), defineProperty_defineProperty(_props, "theme", theme), _props);
+    var options = config[prop];
+    if (!options) {
+      return defineProperty_defineProperty({}, prop, val);
+    }
+    var _options$cssProperty = options.cssProperty,
+      cssProperty = _options$cssProperty === void 0 ? prop : _options$cssProperty,
+      themeKey = options.themeKey,
+      transform = options.transform,
+      style = options.style;
+    if (val == null) {
+      return null;
+    }
+    if (themeKey === 'typography' && val === 'inherit') {
+      return defineProperty_defineProperty({}, prop, val);
+    }
+    var themeMapping = getPath(theme, themeKey) || {};
+    if (style) {
+      return style(props);
+    }
+    var styleFromPropValue = function styleFromPropValue(propValueFinal) {
+      var value = getStyleValue(themeMapping, transform, propValueFinal);
+      if (propValueFinal === value && typeof propValueFinal === 'string') {
+        // Haven't found value
+        value = getStyleValue(themeMapping, transform, "".concat(prop).concat(propValueFinal === 'default' ? '' : capitalize(propValueFinal)), propValueFinal);
+      }
+      if (cssProperty === false) {
+        return value;
+      }
+      return defineProperty_defineProperty({}, cssProperty, value);
+    };
+    return handleBreakpoints(props, val, styleFromPropValue);
+  }
+  function styleFunctionSx(props) {
+    var _theme$unstable_sxCon;
+    var _ref4 = props || {},
+      sx = _ref4.sx,
+      _ref4$theme = _ref4.theme,
+      theme = _ref4$theme === void 0 ? {} : _ref4$theme;
+    if (!sx) {
+      return null; // Emotion & styled-components will neglect null
+    }
+
+    var config = (_theme$unstable_sxCon = theme.unstable_sxConfig) != null ? _theme$unstable_sxCon : styleFunctionSx_defaultSxConfig;
+
+    /*
+     * Receive `sxInput` as object or callback
+     * and then recursively check keys & values to create media query object styles.
+     * (the result will be used in `styled`)
+     */
+    function traverse(sxInput) {
+      var sxObject = sxInput;
+      if (typeof sxInput === 'function') {
+        sxObject = sxInput(theme);
+      } else if (typeof sxInput !== 'object') {
+        // value
+        return sxInput;
+      }
+      if (!sxObject) {
+        return null;
+      }
+      var emptyBreakpoints = createEmptyBreakpointObject(theme.breakpoints);
+      var breakpointsKeys = Object.keys(emptyBreakpoints);
+      var css = emptyBreakpoints;
+      Object.keys(sxObject).forEach(function (styleKey) {
+        var value = callIfFn(sxObject[styleKey], theme);
+        if (value !== null && value !== undefined) {
+          if (typeof value === 'object') {
+            if (config[styleKey]) {
+              css = esm_merge(css, getThemeValue(styleKey, value, theme, config));
+            } else {
+              var breakpointsValues = handleBreakpoints({
+                theme: theme
+              }, value, function (x) {
+                return defineProperty_defineProperty({}, styleKey, x);
+              });
+              if (objectsHaveSameKeys(breakpointsValues, value)) {
+                css[styleKey] = styleFunctionSx({
+                  sx: value,
+                  theme: theme
+                });
+              } else {
+                css = esm_merge(css, breakpointsValues);
+              }
+            }
+          } else {
+            css = esm_merge(css, getThemeValue(styleKey, value, theme, config));
+          }
+        }
+      });
+      return removeUnusedBreakpoints(breakpointsKeys, css);
+    }
+    return Array.isArray(sx) ? sx.map(traverse) : traverse(sx);
+  }
+  return styleFunctionSx;
+}
+var styleFunctionSx = unstable_createStyleFunctionSx();
+styleFunctionSx.filterProps = ['sx'];
+/* harmony default export */ var styleFunctionSx_styleFunctionSx = (styleFunctionSx);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/extendSxProp.js
+
+
+
+var extendSxProp_excluded = ["sx"];
+
+
+var splitProps = function splitProps(props) {
+  var _props$theme$unstable, _props$theme;
+  var result = {
+    systemProps: {},
+    otherProps: {}
+  };
+  var config = (_props$theme$unstable = props == null ? void 0 : (_props$theme = props.theme) == null ? void 0 : _props$theme.unstable_sxConfig) != null ? _props$theme$unstable : styleFunctionSx_defaultSxConfig;
+  Object.keys(props).forEach(function (prop) {
+    if (config[prop]) {
+      result.systemProps[prop] = props[prop];
+    } else {
+      result.otherProps[prop] = props[prop];
+    }
+  });
+  return result;
+};
+function extendSxProp(props) {
+  var inSx = props.sx,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, extendSxProp_excluded);
+  var _splitProps = splitProps(other),
+    systemProps = _splitProps.systemProps,
+    otherProps = _splitProps.otherProps;
+  var finalSx;
+  if (Array.isArray(inSx)) {
+    finalSx = [systemProps].concat(toConsumableArray_toConsumableArray(inSx));
+  } else if (typeof inSx === 'function') {
+    finalSx = function finalSx() {
+      var result = inSx.apply(void 0, arguments);
+      if (!isPlainObject(result)) {
+        return systemProps;
+      }
+      return extends_extends({}, systemProps, result);
+    };
+  } else {
+    finalSx = extends_extends({}, systemProps, inSx);
+  }
+  return extends_extends({}, otherProps, {
+    sx: finalSx
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createBreakpoints.js
+
+
+
+var createBreakpoints_excluded = ["values", "unit", "step"];
+// Sorted ASC by size. That's important.
+// It can't be configured as it's used statically for propTypes.
+var breakpointKeys = (/* unused pure expression or super */ null && (['xs', 'sm', 'md', 'lg', 'xl']));
+var sortBreakpointsValues = function sortBreakpointsValues(values) {
+  var breakpointsAsArray = Object.keys(values).map(function (key) {
+    return {
+      key: key,
+      val: values[key]
+    };
+  }) || [];
+  // Sort in ascending order
+  breakpointsAsArray.sort(function (breakpoint1, breakpoint2) {
+    return breakpoint1.val - breakpoint2.val;
+  });
+  return breakpointsAsArray.reduce(function (acc, obj) {
+    return extends_extends({}, acc, defineProperty_defineProperty({}, obj.key, obj.val));
+  }, {});
+};
+
+// Keep in mind that @media is inclusive by the CSS specification.
+function createBreakpoints(breakpoints) {
+  var _breakpoints$values = breakpoints.values,
+    values = _breakpoints$values === void 0 ? {
+      xs: 0,
+      // phone
+      sm: 600,
+      // tablet
+      md: 900,
+      // small laptop
+      lg: 1200,
+      // desktop
+      xl: 1536 // large screen
+    } : _breakpoints$values,
+    _breakpoints$unit = breakpoints.unit,
+    unit = _breakpoints$unit === void 0 ? 'px' : _breakpoints$unit,
+    _breakpoints$step = breakpoints.step,
+    step = _breakpoints$step === void 0 ? 5 : _breakpoints$step,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(breakpoints, createBreakpoints_excluded);
+  var sortedValues = sortBreakpointsValues(values);
+  var keys = Object.keys(sortedValues);
+  function up(key) {
+    var value = typeof values[key] === 'number' ? values[key] : key;
+    return "@media (min-width:".concat(value).concat(unit, ")");
+  }
+  function down(key) {
+    var value = typeof values[key] === 'number' ? values[key] : key;
+    return "@media (max-width:".concat(value - step / 100).concat(unit, ")");
+  }
+  function between(start, end) {
+    var endIndex = keys.indexOf(end);
+    return "@media (min-width:".concat(typeof values[start] === 'number' ? values[start] : start).concat(unit, ") and ") + "(max-width:".concat((endIndex !== -1 && typeof values[keys[endIndex]] === 'number' ? values[keys[endIndex]] : end) - step / 100).concat(unit, ")");
+  }
+  function only(key) {
+    if (keys.indexOf(key) + 1 < keys.length) {
+      return between(key, keys[keys.indexOf(key) + 1]);
+    }
+    return up(key);
+  }
+  function not(key) {
+    // handle first and last key separately, for better readability
+    var keyIndex = keys.indexOf(key);
+    if (keyIndex === 0) {
+      return up(keys[1]);
+    }
+    if (keyIndex === keys.length - 1) {
+      return down(keys[keyIndex]);
+    }
+    return between(key, keys[keys.indexOf(key) + 1]).replace('@media', '@media not all and');
+  }
+  return extends_extends({
+    keys: keys,
+    values: sortedValues,
+    up: up,
+    down: down,
+    between: between,
+    only: only,
+    not: not,
+    unit: unit
+  }, other);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/shape.js
+var shape = {
+  borderRadius: 4
+};
+/* harmony default export */ var createTheme_shape = (shape);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createSpacing.js
+
+
+// The different signatures imply different meaning for their arguments that can't be expressed structurally.
+// We express the difference with variable names.
+/* tslint:disable:unified-signatures */
+/* tslint:enable:unified-signatures */
+
+function createSpacing() {
+  var spacingInput = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 8;
+  // Already transformed.
+  if (spacingInput.mui) {
+    return spacingInput;
+  }
+
+  // Material Design layouts are visually balanced. Most measurements align to an 8dp grid, which aligns both spacing and the overall layout.
+  // Smaller components, such as icons, can align to a 4dp grid.
+  // https://m2.material.io/design/layout/understanding-layout.html
+  var transform = createUnarySpacing({
+    spacing: spacingInput
+  });
+  var spacing = function spacing() {
+    for (var _len = arguments.length, argsInput = new Array(_len), _key = 0; _key < _len; _key++) {
+      argsInput[_key] = arguments[_key];
+    }
+    if (false) {}
+    var args = argsInput.length === 0 ? [1] : argsInput;
+    return args.map(function (argument) {
+      var output = transform(argument);
+      return typeof output === 'number' ? "".concat(output, "px") : output;
+    }).join(' ');
+  };
+  spacing.mui = true;
+  return spacing;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createTheme.js
+
+
+var createTheme_excluded = ["breakpoints", "palette", "spacing", "shape"];
+
+
+
+
+
+
+function createTheme() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var _options$breakpoints = options.breakpoints,
+    breakpointsInput = _options$breakpoints === void 0 ? {} : _options$breakpoints,
+    _options$palette = options.palette,
+    paletteInput = _options$palette === void 0 ? {} : _options$palette,
+    spacingInput = options.spacing,
+    _options$shape = options.shape,
+    shapeInput = _options$shape === void 0 ? {} : _options$shape,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, createTheme_excluded);
+  var breakpoints = createBreakpoints(breakpointsInput);
+  var spacing = createSpacing(spacingInput);
+  var muiTheme = deepmerge_deepmerge({
+    breakpoints: breakpoints,
+    direction: 'ltr',
+    components: {},
+    // Inject component definitions.
+    palette: extends_extends({
+      mode: 'light'
+    }, paletteInput),
+    spacing: spacing,
+    shape: extends_extends({}, createTheme_shape, shapeInput)
+  }, other);
+  for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+    args[_key - 1] = arguments[_key];
+  }
+  muiTheme = args.reduce(function (acc, argument) {
+    return deepmerge_deepmerge(acc, argument);
+  }, muiTheme);
+  muiTheme.unstable_sxConfig = extends_extends({}, styleFunctionSx_defaultSxConfig, other == null ? void 0 : other.unstable_sxConfig);
+  muiTheme.unstable_sx = function sx(props) {
+    return styleFunctionSx_styleFunctionSx({
+      sx: props,
+      theme: this
+    });
+  };
+  return muiTheme;
+}
+/* harmony default export */ var createTheme_createTheme = (createTheme);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useTheme.js
+
+
+var systemDefaultTheme = createTheme_createTheme();
+function useTheme_useTheme() {
+  var defaultTheme = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : systemDefaultTheme;
+  return useThemeWithoutDefault(defaultTheme);
+}
+/* harmony default export */ var esm_useTheme = (useTheme_useTheme);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createBox.js
+
+
+var createBox_excluded = ["className", "component"];
+
+
+
+
+
+
+function createBox() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var themeId = options.themeId,
+    defaultTheme = options.defaultTheme,
+    _options$defaultClass = options.defaultClassName,
+    defaultClassName = _options$defaultClass === void 0 ? 'MuiBox-root' : _options$defaultClass,
+    generateClassName = options.generateClassName;
+  var BoxRoot = styled('div', {
+    shouldForwardProp: function shouldForwardProp(prop) {
+      return prop !== 'theme' && prop !== 'sx' && prop !== 'as';
+    }
+  })(styleFunctionSx_styleFunctionSx);
+  var Box = /*#__PURE__*/react.forwardRef(function Box(inProps, ref) {
+    var theme = esm_useTheme(defaultTheme);
+    var _extendSxProp = extendSxProp(inProps),
+      className = _extendSxProp.className,
+      _extendSxProp$compone = _extendSxProp.component,
+      component = _extendSxProp$compone === void 0 ? 'div' : _extendSxProp$compone,
+      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_extendSxProp, createBox_excluded);
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(BoxRoot, extends_extends({
+      as: component,
+      ref: ref,
+      className: clsx_m(className, generateClassName ? generateClassName(defaultClassName) : defaultClassName),
+      theme: themeId ? theme[themeId] || theme : theme
+    }, other));
+  });
+  return Box;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ClassNameGenerator/ClassNameGenerator.js
+var defaultGenerator = function defaultGenerator(componentName) {
+  return componentName;
+};
+var createClassNameGenerator = function createClassNameGenerator() {
+  var _generate = defaultGenerator;
+  return {
+    configure: function configure(generator) {
+      _generate = generator;
+    },
+    generate: function generate(componentName) {
+      return _generate(componentName);
+    },
+    reset: function reset() {
+      _generate = defaultGenerator;
+    }
+  };
+};
+var ClassNameGenerator = createClassNameGenerator();
+/* harmony default export */ var ClassNameGenerator_ClassNameGenerator = (ClassNameGenerator);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createMixins.js
+
+
+function createMixins(breakpoints, mixins) {
+  var _toolbar;
+  return extends_extends({
+    toolbar: (_toolbar = {
+      minHeight: 56
+    }, defineProperty_defineProperty(_toolbar, breakpoints.up('xs'), {
+      '@media (orientation: landscape)': {
+        minHeight: 48
+      }
+    }), defineProperty_defineProperty(_toolbar, breakpoints.up('sm'), {
+      minHeight: 64
+    }), _toolbar)
+  }, mixins);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/colorManipulator.js
+
+/* eslint-disable @typescript-eslint/naming-convention */
+/**
+ * Returns a number whose value is limited to the given range.
+ * @param {number} value The value to be clamped
+ * @param {number} min The lower boundary of the output range
+ * @param {number} max The upper boundary of the output range
+ * @returns {number} A number in the range [min, max]
+ */
+function clamp(value) {
+  var min = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0;
+  var max = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 1;
+  if (false) {}
+  return Math.min(Math.max(min, value), max);
+}
+
+/**
+ * Converts a color from CSS hex format to CSS rgb format.
+ * @param {string} color - Hex color, i.e. #nnn or #nnnnnn
+ * @returns {string} A CSS rgb color string
+ */
+function hexToRgb(color) {
+  color = color.slice(1);
+  var re = new RegExp(".{1,".concat(color.length >= 6 ? 2 : 1, "}"), 'g');
+  var colors = color.match(re);
+  if (colors && colors[0].length === 1) {
+    colors = colors.map(function (n) {
+      return n + n;
+    });
+  }
+  return colors ? "rgb".concat(colors.length === 4 ? 'a' : '', "(").concat(colors.map(function (n, index) {
+    return index < 3 ? parseInt(n, 16) : Math.round(parseInt(n, 16) / 255 * 1000) / 1000;
+  }).join(', '), ")") : '';
+}
+function intToHex(int) {
+  var hex = int.toString(16);
+  return hex.length === 1 ? "0".concat(hex) : hex;
+}
+
+/**
+ * Returns an object with the type and values of a color.
+ *
+ * Note: Does not support rgb % values.
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @returns {object} - A MUI color object: {type: string, values: number[]}
+ */
+function decomposeColor(color) {
+  // Idempotent
+  if (color.type) {
+    return color;
+  }
+  if (color.charAt(0) === '#') {
+    return decomposeColor(hexToRgb(color));
+  }
+  var marker = color.indexOf('(');
+  var type = color.substring(0, marker);
+  if (['rgb', 'rgba', 'hsl', 'hsla', 'color'].indexOf(type) === -1) {
+    throw new Error( false ? 0 : formatMuiErrorMessage(9, color));
+  }
+  var values = color.substring(marker + 1, color.length - 1);
+  var colorSpace;
+  if (type === 'color') {
+    values = values.split(' ');
+    colorSpace = values.shift();
+    if (values.length === 4 && values[3].charAt(0) === '/') {
+      values[3] = values[3].slice(1);
+    }
+    if (['srgb', 'display-p3', 'a98-rgb', 'prophoto-rgb', 'rec-2020'].indexOf(colorSpace) === -1) {
+      throw new Error( false ? 0 : formatMuiErrorMessage(10, colorSpace));
+    }
+  } else {
+    values = values.split(',');
+  }
+  values = values.map(function (value) {
+    return parseFloat(value);
+  });
+  return {
+    type: type,
+    values: values,
+    colorSpace: colorSpace
+  };
+}
+
+/**
+ * Returns a channel created from the input color.
+ *
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @returns {string} - The channel for the color, that can be used in rgba or hsla colors
+ */
+var colorChannel = function colorChannel(color) {
+  var decomposedColor = decomposeColor(color);
+  return decomposedColor.values.slice(0, 3).map(function (val, idx) {
+    return decomposedColor.type.indexOf('hsl') !== -1 && idx !== 0 ? "".concat(val, "%") : val;
+  }).join(' ');
+};
+var private_safeColorChannel = function private_safeColorChannel(color, warning) {
+  try {
+    return colorChannel(color);
+  } catch (error) {
+    if (warning && "production" !== 'production') {}
+    return color;
+  }
+};
+
+/**
+ * Converts a color object with type and values to a string.
+ * @param {object} color - Decomposed color
+ * @param {string} color.type - One of: 'rgb', 'rgba', 'hsl', 'hsla', 'color'
+ * @param {array} color.values - [n,n,n] or [n,n,n,n]
+ * @returns {string} A CSS color string
+ */
+function recomposeColor(color) {
+  var type = color.type,
+    colorSpace = color.colorSpace;
+  var values = color.values;
+  if (type.indexOf('rgb') !== -1) {
+    // Only convert the first 3 values to int (i.e. not alpha)
+    values = values.map(function (n, i) {
+      return i < 3 ? parseInt(n, 10) : n;
+    });
+  } else if (type.indexOf('hsl') !== -1) {
+    values[1] = "".concat(values[1], "%");
+    values[2] = "".concat(values[2], "%");
+  }
+  if (type.indexOf('color') !== -1) {
+    values = "".concat(colorSpace, " ").concat(values.join(' '));
+  } else {
+    values = "".concat(values.join(', '));
+  }
+  return "".concat(type, "(").concat(values, ")");
+}
+
+/**
+ * Converts a color from CSS rgb format to CSS hex format.
+ * @param {string} color - RGB color, i.e. rgb(n, n, n)
+ * @returns {string} A CSS rgb color string, i.e. #nnnnnn
+ */
+function rgbToHex(color) {
+  // Idempotent
+  if (color.indexOf('#') === 0) {
+    return color;
+  }
+  var _decomposeColor = decomposeColor(color),
+    values = _decomposeColor.values;
+  return "#".concat(values.map(function (n, i) {
+    return intToHex(i === 3 ? Math.round(255 * n) : n);
+  }).join(''));
+}
+
+/**
+ * Converts a color from hsl format to rgb format.
+ * @param {string} color - HSL color values
+ * @returns {string} rgb color values
+ */
+function hslToRgb(color) {
+  color = decomposeColor(color);
+  var _color = color,
+    values = _color.values;
+  var h = values[0];
+  var s = values[1] / 100;
+  var l = values[2] / 100;
+  var a = s * Math.min(l, 1 - l);
+  var f = function f(n) {
+    var k = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : (n + h / 30) % 12;
+    return l - a * Math.max(Math.min(k - 3, 9 - k, 1), -1);
+  };
+  var type = 'rgb';
+  var rgb = [Math.round(f(0) * 255), Math.round(f(8) * 255), Math.round(f(4) * 255)];
+  if (color.type === 'hsla') {
+    type += 'a';
+    rgb.push(values[3]);
+  }
+  return recomposeColor({
+    type: type,
+    values: rgb
+  });
+}
+/**
+ * The relative brightness of any point in a color space,
+ * normalized to 0 for darkest black and 1 for lightest white.
+ *
+ * Formula: https://www.w3.org/TR/WCAG20-TECHS/G17.html#G17-tests
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @returns {number} The relative brightness of the color in the range 0 - 1
+ */
+function getLuminance(color) {
+  color = decomposeColor(color);
+  var rgb = color.type === 'hsl' || color.type === 'hsla' ? decomposeColor(hslToRgb(color)).values : color.values;
+  rgb = rgb.map(function (val) {
+    if (color.type !== 'color') {
+      val /= 255; // normalized
+    }
+
+    return val <= 0.03928 ? val / 12.92 : Math.pow((val + 0.055) / 1.055, 2.4);
+  });
+
+  // Truncate at 3 digits
+  return Number((0.2126 * rgb[0] + 0.7152 * rgb[1] + 0.0722 * rgb[2]).toFixed(3));
+}
+
+/**
+ * Calculates the contrast ratio between two colors.
+ *
+ * Formula: https://www.w3.org/TR/WCAG20-TECHS/G17.html#G17-tests
+ * @param {string} foreground - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla()
+ * @param {string} background - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla()
+ * @returns {number} A contrast ratio value in the range 0 - 21.
+ */
+function getContrastRatio(foreground, background) {
+  var lumA = getLuminance(foreground);
+  var lumB = getLuminance(background);
+  return (Math.max(lumA, lumB) + 0.05) / (Math.min(lumA, lumB) + 0.05);
+}
+
+/**
+ * Sets the absolute transparency of a color.
+ * Any existing alpha values are overwritten.
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @param {number} value - value to set the alpha channel to in the range 0 - 1
+ * @returns {string} A CSS color string. Hex input values are returned as rgb
+ */
+function alpha(color, value) {
+  color = decomposeColor(color);
+  value = clamp(value);
+  if (color.type === 'rgb' || color.type === 'hsl') {
+    color.type += 'a';
+  }
+  if (color.type === 'color') {
+    color.values[3] = "/".concat(value);
+  } else {
+    color.values[3] = value;
+  }
+  return recomposeColor(color);
+}
+function private_safeAlpha(color, value, warning) {
+  try {
+    return alpha(color, value);
+  } catch (error) {
+    if (warning && "production" !== 'production') {}
+    return color;
+  }
+}
+
+/**
+ * Darkens a color.
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @param {number} coefficient - multiplier in the range 0 - 1
+ * @returns {string} A CSS color string. Hex input values are returned as rgb
+ */
+function darken(color, coefficient) {
+  color = decomposeColor(color);
+  coefficient = clamp(coefficient);
+  if (color.type.indexOf('hsl') !== -1) {
+    color.values[2] *= 1 - coefficient;
+  } else if (color.type.indexOf('rgb') !== -1 || color.type.indexOf('color') !== -1) {
+    for (var i = 0; i < 3; i += 1) {
+      color.values[i] *= 1 - coefficient;
+    }
+  }
+  return recomposeColor(color);
+}
+function private_safeDarken(color, coefficient, warning) {
+  try {
+    return darken(color, coefficient);
+  } catch (error) {
+    if (warning && "production" !== 'production') {}
+    return color;
+  }
+}
+
+/**
+ * Lightens a color.
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @param {number} coefficient - multiplier in the range 0 - 1
+ * @returns {string} A CSS color string. Hex input values are returned as rgb
+ */
+function lighten(color, coefficient) {
+  color = decomposeColor(color);
+  coefficient = clamp(coefficient);
+  if (color.type.indexOf('hsl') !== -1) {
+    color.values[2] += (100 - color.values[2]) * coefficient;
+  } else if (color.type.indexOf('rgb') !== -1) {
+    for (var i = 0; i < 3; i += 1) {
+      color.values[i] += (255 - color.values[i]) * coefficient;
+    }
+  } else if (color.type.indexOf('color') !== -1) {
+    for (var _i = 0; _i < 3; _i += 1) {
+      color.values[_i] += (1 - color.values[_i]) * coefficient;
+    }
+  }
+  return recomposeColor(color);
+}
+function private_safeLighten(color, coefficient, warning) {
+  try {
+    return lighten(color, coefficient);
+  } catch (error) {
+    if (warning && "production" !== 'production') {}
+    return color;
+  }
+}
+
+/**
+ * Darken or lighten a color, depending on its luminance.
+ * Light colors are darkened, dark colors are lightened.
+ * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
+ * @param {number} coefficient=0.15 - multiplier in the range 0 - 1
+ * @returns {string} A CSS color string. Hex input values are returned as rgb
+ */
+function emphasize(color) {
+  var coefficient = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0.15;
+  return getLuminance(color) > 0.5 ? darken(color, coefficient) : lighten(color, coefficient);
+}
+function private_safeEmphasize(color, coefficient, warning) {
+  try {
+    return private_safeEmphasize(color, coefficient);
+  } catch (error) {
+    if (warning && "production" !== 'production') {}
+    return color;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/common.js
+var common = {
+  black: '#000',
+  white: '#fff'
+};
+/* harmony default export */ var colors_common = (common);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/grey.js
+var grey = {
+  50: '#fafafa',
+  100: '#f5f5f5',
+  200: '#eeeeee',
+  300: '#e0e0e0',
+  400: '#bdbdbd',
+  500: '#9e9e9e',
+  600: '#757575',
+  700: '#616161',
+  800: '#424242',
+  900: '#212121',
+  A100: '#f5f5f5',
+  A200: '#eeeeee',
+  A400: '#bdbdbd',
+  A700: '#616161'
+};
+/* harmony default export */ var colors_grey = (grey);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/purple.js
+var purple = {
+  50: '#f3e5f5',
+  100: '#e1bee7',
+  200: '#ce93d8',
+  300: '#ba68c8',
+  400: '#ab47bc',
+  500: '#9c27b0',
+  600: '#8e24aa',
+  700: '#7b1fa2',
+  800: '#6a1b9a',
+  900: '#4a148c',
+  A100: '#ea80fc',
+  A200: '#e040fb',
+  A400: '#d500f9',
+  A700: '#aa00ff'
+};
+/* harmony default export */ var colors_purple = (purple);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/red.js
+var red = {
+  50: '#ffebee',
+  100: '#ffcdd2',
+  200: '#ef9a9a',
+  300: '#e57373',
+  400: '#ef5350',
+  500: '#f44336',
+  600: '#e53935',
+  700: '#d32f2f',
+  800: '#c62828',
+  900: '#b71c1c',
+  A100: '#ff8a80',
+  A200: '#ff5252',
+  A400: '#ff1744',
+  A700: '#d50000'
+};
+/* harmony default export */ var colors_red = (red);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/orange.js
+var orange = {
+  50: '#fff3e0',
+  100: '#ffe0b2',
+  200: '#ffcc80',
+  300: '#ffb74d',
+  400: '#ffa726',
+  500: '#ff9800',
+  600: '#fb8c00',
+  700: '#f57c00',
+  800: '#ef6c00',
+  900: '#e65100',
+  A100: '#ffd180',
+  A200: '#ffab40',
+  A400: '#ff9100',
+  A700: '#ff6d00'
+};
+/* harmony default export */ var colors_orange = (orange);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/blue.js
+var blue = {
+  50: '#e3f2fd',
+  100: '#bbdefb',
+  200: '#90caf9',
+  300: '#64b5f6',
+  400: '#42a5f5',
+  500: '#2196f3',
+  600: '#1e88e5',
+  700: '#1976d2',
+  800: '#1565c0',
+  900: '#0d47a1',
+  A100: '#82b1ff',
+  A200: '#448aff',
+  A400: '#2979ff',
+  A700: '#2962ff'
+};
+/* harmony default export */ var colors_blue = (blue);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/lightBlue.js
+var lightBlue = {
+  50: '#e1f5fe',
+  100: '#b3e5fc',
+  200: '#81d4fa',
+  300: '#4fc3f7',
+  400: '#29b6f6',
+  500: '#03a9f4',
+  600: '#039be5',
+  700: '#0288d1',
+  800: '#0277bd',
+  900: '#01579b',
+  A100: '#80d8ff',
+  A200: '#40c4ff',
+  A400: '#00b0ff',
+  A700: '#0091ea'
+};
+/* harmony default export */ var colors_lightBlue = (lightBlue);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/green.js
+var green = {
+  50: '#e8f5e9',
+  100: '#c8e6c9',
+  200: '#a5d6a7',
+  300: '#81c784',
+  400: '#66bb6a',
+  500: '#4caf50',
+  600: '#43a047',
+  700: '#388e3c',
+  800: '#2e7d32',
+  900: '#1b5e20',
+  A100: '#b9f6ca',
+  A200: '#69f0ae',
+  A400: '#00e676',
+  A700: '#00c853'
+};
+/* harmony default export */ var colors_green = (green);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createPalette.js
+
+
+
+var createPalette_excluded = ["mode", "contrastThreshold", "tonalOffset"];
+
+
+
+
+
+
+
+
+
+
+var light = {
+  // The colors used to style the text.
+  text: {
+    // The most important text.
+    primary: 'rgba(0, 0, 0, 0.87)',
+    // Secondary text.
+    secondary: 'rgba(0, 0, 0, 0.6)',
+    // Disabled text have even lower visual prominence.
+    disabled: 'rgba(0, 0, 0, 0.38)'
+  },
+  // The color used to divide different elements.
+  divider: 'rgba(0, 0, 0, 0.12)',
+  // The background colors used to style the surfaces.
+  // Consistency between these values is important.
+  background: {
+    paper: colors_common.white,
+    default: colors_common.white
+  },
+  // The colors used to style the action elements.
+  action: {
+    // The color of an active action like an icon button.
+    active: 'rgba(0, 0, 0, 0.54)',
+    // The color of an hovered action.
+    hover: 'rgba(0, 0, 0, 0.04)',
+    hoverOpacity: 0.04,
+    // The color of a selected action.
+    selected: 'rgba(0, 0, 0, 0.08)',
+    selectedOpacity: 0.08,
+    // The color of a disabled action.
+    disabled: 'rgba(0, 0, 0, 0.26)',
+    // The background color of a disabled action.
+    disabledBackground: 'rgba(0, 0, 0, 0.12)',
+    disabledOpacity: 0.38,
+    focus: 'rgba(0, 0, 0, 0.12)',
+    focusOpacity: 0.12,
+    activatedOpacity: 0.12
+  }
+};
+var dark = {
+  text: {
+    primary: colors_common.white,
+    secondary: 'rgba(255, 255, 255, 0.7)',
+    disabled: 'rgba(255, 255, 255, 0.5)',
+    icon: 'rgba(255, 255, 255, 0.5)'
+  },
+  divider: 'rgba(255, 255, 255, 0.12)',
+  background: {
+    paper: '#121212',
+    default: '#121212'
+  },
+  action: {
+    active: colors_common.white,
+    hover: 'rgba(255, 255, 255, 0.08)',
+    hoverOpacity: 0.08,
+    selected: 'rgba(255, 255, 255, 0.16)',
+    selectedOpacity: 0.16,
+    disabled: 'rgba(255, 255, 255, 0.3)',
+    disabledBackground: 'rgba(255, 255, 255, 0.12)',
+    disabledOpacity: 0.38,
+    focus: 'rgba(255, 255, 255, 0.12)',
+    focusOpacity: 0.12,
+    activatedOpacity: 0.24
+  }
+};
+function addLightOrDark(intent, direction, shade, tonalOffset) {
+  var tonalOffsetLight = tonalOffset.light || tonalOffset;
+  var tonalOffsetDark = tonalOffset.dark || tonalOffset * 1.5;
+  if (!intent[direction]) {
+    if (intent.hasOwnProperty(shade)) {
+      intent[direction] = intent[shade];
+    } else if (direction === 'light') {
+      intent.light = lighten(intent.main, tonalOffsetLight);
+    } else if (direction === 'dark') {
+      intent.dark = darken(intent.main, tonalOffsetDark);
+    }
+  }
+}
+function getDefaultPrimary() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_blue[200],
+      light: colors_blue[50],
+      dark: colors_blue[400]
+    };
+  }
+  return {
+    main: colors_blue[700],
+    light: colors_blue[400],
+    dark: colors_blue[800]
+  };
+}
+function getDefaultSecondary() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_purple[200],
+      light: colors_purple[50],
+      dark: colors_purple[400]
+    };
+  }
+  return {
+    main: colors_purple[500],
+    light: colors_purple[300],
+    dark: colors_purple[700]
+  };
+}
+function getDefaultError() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_red[500],
+      light: colors_red[300],
+      dark: colors_red[700]
+    };
+  }
+  return {
+    main: colors_red[700],
+    light: colors_red[400],
+    dark: colors_red[800]
+  };
+}
+function getDefaultInfo() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_lightBlue[400],
+      light: colors_lightBlue[300],
+      dark: colors_lightBlue[700]
+    };
+  }
+  return {
+    main: colors_lightBlue[700],
+    light: colors_lightBlue[500],
+    dark: colors_lightBlue[900]
+  };
+}
+function getDefaultSuccess() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_green[400],
+      light: colors_green[300],
+      dark: colors_green[700]
+    };
+  }
+  return {
+    main: colors_green[800],
+    light: colors_green[500],
+    dark: colors_green[900]
+  };
+}
+function getDefaultWarning() {
+  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
+  if (mode === 'dark') {
+    return {
+      main: colors_orange[400],
+      light: colors_orange[300],
+      dark: colors_orange[700]
+    };
+  }
+  return {
+    main: '#ed6c02',
+    // closest to orange[800] that pass 3:1.
+    light: colors_orange[500],
+    dark: colors_orange[900]
+  };
+}
+function createPalette(palette) {
+  var _palette$mode = palette.mode,
+    mode = _palette$mode === void 0 ? 'light' : _palette$mode,
+    _palette$contrastThre = palette.contrastThreshold,
+    contrastThreshold = _palette$contrastThre === void 0 ? 3 : _palette$contrastThre,
+    _palette$tonalOffset = palette.tonalOffset,
+    tonalOffset = _palette$tonalOffset === void 0 ? 0.2 : _palette$tonalOffset,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(palette, createPalette_excluded);
+  var primary = palette.primary || getDefaultPrimary(mode);
+  var secondary = palette.secondary || getDefaultSecondary(mode);
+  var error = palette.error || getDefaultError(mode);
+  var info = palette.info || getDefaultInfo(mode);
+  var success = palette.success || getDefaultSuccess(mode);
+  var warning = palette.warning || getDefaultWarning(mode);
+
+  // Use the same logic as
+  // Bootstrap: https://github.com/twbs/bootstrap/blob/1d6e3710dd447de1a200f29e8fa521f8a0908f70/scss/_functions.scss#L59
+  // and material-components-web https://github.com/material-components/material-components-web/blob/ac46b8863c4dab9fc22c4c662dc6bd1b65dd652f/packages/mdc-theme/_functions.scss#L54
+  function getContrastText(background) {
+    var contrastText = getContrastRatio(background, dark.text.primary) >= contrastThreshold ? dark.text.primary : light.text.primary;
+    if (false) { var contrast; }
+    return contrastText;
+  }
+  var augmentColor = function augmentColor(_ref) {
+    var color = _ref.color,
+      name = _ref.name,
+      _ref$mainShade = _ref.mainShade,
+      mainShade = _ref$mainShade === void 0 ? 500 : _ref$mainShade,
+      _ref$lightShade = _ref.lightShade,
+      lightShade = _ref$lightShade === void 0 ? 300 : _ref$lightShade,
+      _ref$darkShade = _ref.darkShade,
+      darkShade = _ref$darkShade === void 0 ? 700 : _ref$darkShade;
+    color = extends_extends({}, color);
+    if (!color.main && color[mainShade]) {
+      color.main = color[mainShade];
+    }
+    if (!color.hasOwnProperty('main')) {
+      throw new Error( false ? 0 : formatMuiErrorMessage(11, name ? " (".concat(name, ")") : '', mainShade));
+    }
+    if (typeof color.main !== 'string') {
+      throw new Error( false ? 0 : formatMuiErrorMessage(12, name ? " (".concat(name, ")") : '', JSON.stringify(color.main)));
+    }
+    addLightOrDark(color, 'light', lightShade, tonalOffset);
+    addLightOrDark(color, 'dark', darkShade, tonalOffset);
+    if (!color.contrastText) {
+      color.contrastText = getContrastText(color.main);
+    }
+    return color;
+  };
+  var modes = {
+    dark: dark,
+    light: light
+  };
+  if (false) {}
+  var paletteOutput = deepmerge_deepmerge(extends_extends({
+    // A collection of common colors.
+    common: extends_extends({}, colors_common),
+    // prevent mutable object.
+    // The palette mode, can be light or dark.
+    mode: mode,
+    // The colors used to represent primary interface elements for a user.
+    primary: augmentColor({
+      color: primary,
+      name: 'primary'
+    }),
+    // The colors used to represent secondary interface elements for a user.
+    secondary: augmentColor({
+      color: secondary,
+      name: 'secondary',
+      mainShade: 'A400',
+      lightShade: 'A200',
+      darkShade: 'A700'
+    }),
+    // The colors used to represent interface elements that the user should be made aware of.
+    error: augmentColor({
+      color: error,
+      name: 'error'
+    }),
+    // The colors used to represent potentially dangerous actions or important messages.
+    warning: augmentColor({
+      color: warning,
+      name: 'warning'
+    }),
+    // The colors used to present information to the user that is neutral and not necessarily important.
+    info: augmentColor({
+      color: info,
+      name: 'info'
+    }),
+    // The colors used to indicate the successful completion of an action that user triggered.
+    success: augmentColor({
+      color: success,
+      name: 'success'
+    }),
+    // The grey colors.
+    grey: colors_grey,
+    // Used by `getContrastText()` to maximize the contrast between
+    // the background and the text.
+    contrastThreshold: contrastThreshold,
+    // Takes a background color and returns the text color that maximizes the contrast.
+    getContrastText: getContrastText,
+    // Generate a rich color object.
+    augmentColor: augmentColor,
+    // Used by the functions below to shift a color's luminance by approximately
+    // two indexes within its tonal palette.
+    // E.g., shift from Red 500 to Red 300 or Red 700.
+    tonalOffset: tonalOffset
+  }, modes[mode]), other);
+  return paletteOutput;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTypography.js
+
+
+var createTypography_excluded = ["fontFamily", "fontSize", "fontWeightLight", "fontWeightRegular", "fontWeightMedium", "fontWeightBold", "htmlFontSize", "allVariants", "pxToRem"];
+
+function round(value) {
+  return Math.round(value * 1e5) / 1e5;
+}
+var caseAllCaps = {
+  textTransform: 'uppercase'
+};
+var defaultFontFamily = '"Roboto", "Helvetica", "Arial", sans-serif';
+
+/**
+ * @see @link{https://m2.material.io/design/typography/the-type-system.html}
+ * @see @link{https://m2.material.io/design/typography/understanding-typography.html}
+ */
+function createTypography(palette, typography) {
+  var _ref = typeof typography === 'function' ? typography(palette) : typography,
+    _ref$fontFamily = _ref.fontFamily,
+    fontFamily = _ref$fontFamily === void 0 ? defaultFontFamily : _ref$fontFamily,
+    _ref$fontSize = _ref.fontSize,
+    fontSize = _ref$fontSize === void 0 ? 14 : _ref$fontSize,
+    _ref$fontWeightLight = _ref.fontWeightLight,
+    fontWeightLight = _ref$fontWeightLight === void 0 ? 300 : _ref$fontWeightLight,
+    _ref$fontWeightRegula = _ref.fontWeightRegular,
+    fontWeightRegular = _ref$fontWeightRegula === void 0 ? 400 : _ref$fontWeightRegula,
+    _ref$fontWeightMedium = _ref.fontWeightMedium,
+    fontWeightMedium = _ref$fontWeightMedium === void 0 ? 500 : _ref$fontWeightMedium,
+    _ref$fontWeightBold = _ref.fontWeightBold,
+    fontWeightBold = _ref$fontWeightBold === void 0 ? 700 : _ref$fontWeightBold,
+    _ref$htmlFontSize = _ref.htmlFontSize,
+    htmlFontSize = _ref$htmlFontSize === void 0 ? 16 : _ref$htmlFontSize,
+    allVariants = _ref.allVariants,
+    pxToRem2 = _ref.pxToRem,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, createTypography_excluded);
+  if (false) {}
+  var coef = fontSize / 14;
+  var pxToRem = pxToRem2 || function (size) {
+    return "".concat(size / htmlFontSize * coef, "rem");
+  };
+  var buildVariant = function buildVariant(fontWeight, size, lineHeight, letterSpacing, casing) {
+    return extends_extends({
+      fontFamily: fontFamily,
+      fontWeight: fontWeight,
+      fontSize: pxToRem(size),
+      // Unitless following https://meyerweb.com/eric/thoughts/2006/02/08/unitless-line-heights/
+      lineHeight: lineHeight
+    }, fontFamily === defaultFontFamily ? {
+      letterSpacing: "".concat(round(letterSpacing / size), "em")
+    } : {}, casing, allVariants);
+  };
+  var variants = {
+    h1: buildVariant(fontWeightLight, 96, 1.167, -1.5),
+    h2: buildVariant(fontWeightLight, 60, 1.2, -0.5),
+    h3: buildVariant(fontWeightRegular, 48, 1.167, 0),
+    h4: buildVariant(fontWeightRegular, 34, 1.235, 0.25),
+    h5: buildVariant(fontWeightRegular, 24, 1.334, 0),
+    h6: buildVariant(fontWeightMedium, 20, 1.6, 0.15),
+    subtitle1: buildVariant(fontWeightRegular, 16, 1.75, 0.15),
+    subtitle2: buildVariant(fontWeightMedium, 14, 1.57, 0.1),
+    body1: buildVariant(fontWeightRegular, 16, 1.5, 0.15),
+    body2: buildVariant(fontWeightRegular, 14, 1.43, 0.15),
+    button: buildVariant(fontWeightMedium, 14, 1.75, 0.4, caseAllCaps),
+    caption: buildVariant(fontWeightRegular, 12, 1.66, 0.4),
+    overline: buildVariant(fontWeightRegular, 12, 2.66, 1, caseAllCaps),
+    inherit: {
+      fontFamily: 'inherit',
+      fontWeight: 'inherit',
+      fontSize: 'inherit',
+      lineHeight: 'inherit',
+      letterSpacing: 'inherit'
+    }
+  };
+  return deepmerge_deepmerge(extends_extends({
+    htmlFontSize: htmlFontSize,
+    pxToRem: pxToRem,
+    fontFamily: fontFamily,
+    fontSize: fontSize,
+    fontWeightLight: fontWeightLight,
+    fontWeightRegular: fontWeightRegular,
+    fontWeightMedium: fontWeightMedium,
+    fontWeightBold: fontWeightBold
+  }, variants), other, {
+    clone: false // No need to clone deep
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/shadows.js
+var shadowKeyUmbraOpacity = 0.2;
+var shadowKeyPenumbraOpacity = 0.14;
+var shadowAmbientShadowOpacity = 0.12;
+function createShadow() {
+  return ["".concat(arguments.length <= 0 ? undefined : arguments[0], "px ").concat(arguments.length <= 1 ? undefined : arguments[1], "px ").concat(arguments.length <= 2 ? undefined : arguments[2], "px ").concat(arguments.length <= 3 ? undefined : arguments[3], "px rgba(0,0,0,").concat(shadowKeyUmbraOpacity, ")"), "".concat(arguments.length <= 4 ? undefined : arguments[4], "px ").concat(arguments.length <= 5 ? undefined : arguments[5], "px ").concat(arguments.length <= 6 ? undefined : arguments[6], "px ").concat(arguments.length <= 7 ? undefined : arguments[7], "px rgba(0,0,0,").concat(shadowKeyPenumbraOpacity, ")"), "".concat(arguments.length <= 8 ? undefined : arguments[8], "px ").concat(arguments.length <= 9 ? undefined : arguments[9], "px ").concat(arguments.length <= 10 ? undefined : arguments[10], "px ").concat(arguments.length <= 11 ? undefined : arguments[11], "px rgba(0,0,0,").concat(shadowAmbientShadowOpacity, ")")].join(',');
+}
+
+// Values from https://github.com/material-components/material-components-web/blob/be8747f94574669cb5e7add1a7c54fa41a89cec7/packages/mdc-elevation/_variables.scss
+var shadows = ['none', createShadow(0, 2, 1, -1, 0, 1, 1, 0, 0, 1, 3, 0), createShadow(0, 3, 1, -2, 0, 2, 2, 0, 0, 1, 5, 0), createShadow(0, 3, 3, -2, 0, 3, 4, 0, 0, 1, 8, 0), createShadow(0, 2, 4, -1, 0, 4, 5, 0, 0, 1, 10, 0), createShadow(0, 3, 5, -1, 0, 5, 8, 0, 0, 1, 14, 0), createShadow(0, 3, 5, -1, 0, 6, 10, 0, 0, 1, 18, 0), createShadow(0, 4, 5, -2, 0, 7, 10, 1, 0, 2, 16, 1), createShadow(0, 5, 5, -3, 0, 8, 10, 1, 0, 3, 14, 2), createShadow(0, 5, 6, -3, 0, 9, 12, 1, 0, 3, 16, 2), createShadow(0, 6, 6, -3, 0, 10, 14, 1, 0, 4, 18, 3), createShadow(0, 6, 7, -4, 0, 11, 15, 1, 0, 4, 20, 3), createShadow(0, 7, 8, -4, 0, 12, 17, 2, 0, 5, 22, 4), createShadow(0, 7, 8, -4, 0, 13, 19, 2, 0, 5, 24, 4), createShadow(0, 7, 9, -4, 0, 14, 21, 2, 0, 5, 26, 4), createShadow(0, 8, 9, -5, 0, 15, 22, 2, 0, 6, 28, 5), createShadow(0, 8, 10, -5, 0, 16, 24, 2, 0, 6, 30, 5), createShadow(0, 8, 11, -5, 0, 17, 26, 2, 0, 6, 32, 5), createShadow(0, 9, 11, -5, 0, 18, 28, 2, 0, 7, 34, 6), createShadow(0, 9, 12, -6, 0, 19, 29, 2, 0, 7, 36, 6), createShadow(0, 10, 13, -6, 0, 20, 31, 3, 0, 8, 38, 7), createShadow(0, 10, 13, -6, 0, 21, 33, 3, 0, 8, 40, 7), createShadow(0, 10, 14, -6, 0, 22, 35, 3, 0, 8, 42, 7), createShadow(0, 11, 14, -7, 0, 23, 36, 3, 0, 9, 44, 8), createShadow(0, 11, 15, -7, 0, 24, 38, 3, 0, 9, 46, 8)];
+/* harmony default export */ var styles_shadows = (shadows);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTransitions.js
+
+
+var createTransitions_excluded = ["duration", "easing", "delay"];
+// Follow https://material.google.com/motion/duration-easing.html#duration-easing-natural-easing-curves
+// to learn the context in which each easing should be used.
+var easing = {
+  // This is the most common easing curve.
+  easeInOut: 'cubic-bezier(0.4, 0, 0.2, 1)',
+  // Objects enter the screen at full velocity from off-screen and
+  // slowly decelerate to a resting point.
+  easeOut: 'cubic-bezier(0.0, 0, 0.2, 1)',
+  // Objects leave the screen at full velocity. They do not decelerate when off-screen.
+  easeIn: 'cubic-bezier(0.4, 0, 1, 1)',
+  // The sharp curve is used by objects that may return to the screen at any time.
+  sharp: 'cubic-bezier(0.4, 0, 0.6, 1)'
+};
+
+// Follow https://m2.material.io/guidelines/motion/duration-easing.html#duration-easing-common-durations
+// to learn when use what timing
+var duration = {
+  shortest: 150,
+  shorter: 200,
+  short: 250,
+  // most basic recommended timing
+  standard: 300,
+  // this is to be used in complex animations
+  complex: 375,
+  // recommended when something is entering screen
+  enteringScreen: 225,
+  // recommended when something is leaving screen
+  leavingScreen: 195
+};
+function formatMs(milliseconds) {
+  return "".concat(Math.round(milliseconds), "ms");
+}
+function getAutoHeightDuration(height) {
+  if (!height) {
+    return 0;
+  }
+  var constant = height / 36;
+
+  // https://www.wolframalpha.com/input/?i=(4+%2B+15+*+(x+%2F+36+)+**+0.25+%2B+(x+%2F+36)+%2F+5)+*+10
+  return Math.round((4 + 15 * Math.pow(constant, 0.25) + constant / 5) * 10);
+}
+function createTransitions(inputTransitions) {
+  var mergedEasing = extends_extends({}, easing, inputTransitions.easing);
+  var mergedDuration = extends_extends({}, duration, inputTransitions.duration);
+  var create = function create() {
+    var props = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : ['all'];
+    var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+    var _options$duration = options.duration,
+      durationOption = _options$duration === void 0 ? mergedDuration.standard : _options$duration,
+      _options$easing = options.easing,
+      easingOption = _options$easing === void 0 ? mergedEasing.easeInOut : _options$easing,
+      _options$delay = options.delay,
+      delay = _options$delay === void 0 ? 0 : _options$delay,
+      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, createTransitions_excluded);
+    if (false) { var isNumber, isString; }
+    return (Array.isArray(props) ? props : [props]).map(function (animatedProp) {
+      return "".concat(animatedProp, " ").concat(typeof durationOption === 'string' ? durationOption : formatMs(durationOption), " ").concat(easingOption, " ").concat(typeof delay === 'string' ? delay : formatMs(delay));
+    }).join(',');
+  };
+  return extends_extends({
+    getAutoHeightDuration: getAutoHeightDuration,
+    create: create
+  }, inputTransitions, {
+    easing: mergedEasing,
+    duration: mergedDuration
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/zIndex.js
+// We need to centralize the zIndex definitions as they work
+// like global values in the browser.
+var zIndex = {
+  mobileStepper: 1000,
+  fab: 1050,
+  speedDial: 1050,
+  appBar: 1100,
+  drawer: 1200,
+  modal: 1300,
+  snackbar: 1400,
+  tooltip: 1500
+};
+/* harmony default export */ var styles_zIndex = (zIndex);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTheme.js
+
+
+
+
+var styles_createTheme_excluded = ["breakpoints", "mixins", "spacing", "palette", "transitions", "typography", "shape"];
+
+
+
+
+
+
+
+
+
+function styles_createTheme_createTheme() {
+  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var _options$mixins = options.mixins,
+    mixinsInput = _options$mixins === void 0 ? {} : _options$mixins,
+    _options$palette = options.palette,
+    paletteInput = _options$palette === void 0 ? {} : _options$palette,
+    _options$transitions = options.transitions,
+    transitionsInput = _options$transitions === void 0 ? {} : _options$transitions,
+    _options$typography = options.typography,
+    typographyInput = _options$typography === void 0 ? {} : _options$typography,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, styles_createTheme_excluded);
+  if (options.vars) {
+    throw new Error( false ? 0 : formatMuiErrorMessage(18));
+  }
+  var palette = createPalette(paletteInput);
+  var systemTheme = createTheme_createTheme(options);
+  var muiTheme = deepmerge_deepmerge(systemTheme, {
+    mixins: createMixins(systemTheme.breakpoints, mixinsInput),
+    palette: palette,
+    // Don't use [...shadows] until you've verified its transpiled code is not invoking the iterator protocol.
+    shadows: styles_shadows.slice(),
+    typography: createTypography(palette, typographyInput),
+    transitions: createTransitions(transitionsInput),
+    zIndex: extends_extends({}, styles_zIndex)
+  });
+  muiTheme = deepmerge_deepmerge(muiTheme, other);
+  for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+    args[_key - 1] = arguments[_key];
+  }
+  muiTheme = args.reduce(function (acc, argument) {
+    return deepmerge_deepmerge(acc, argument);
+  }, muiTheme);
+  if (false) { var traverse, stateClasses; }
+  muiTheme.unstable_sxConfig = extends_extends({}, styleFunctionSx_defaultSxConfig, other == null ? void 0 : other.unstable_sxConfig);
+  muiTheme.unstable_sx = function sx(props) {
+    return styleFunctionSx_styleFunctionSx({
+      sx: props,
+      theme: this
+    });
+  };
+  return muiTheme;
+}
+var warnedOnce = false;
+function createMuiTheme() {
+  if (false) {}
+  return styles_createTheme_createTheme.apply(void 0, arguments);
+}
+/* harmony default export */ var styles_createTheme = (styles_createTheme_createTheme);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Box/Box.js
+
+
+
+
+
+var defaultTheme = styles_createTheme();
+var Box_Box = createBox({
+  themeId: styles_identifier,
+  defaultTheme: defaultTheme,
+  defaultClassName: 'MuiBox-root',
+  generateClassName: ClassNameGenerator_ClassNameGenerator.generate
+});
+ false ? 0 : void 0;
+/* harmony default export */ var material_Box_Box = (Box_Box);
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/propsToClassKey.js
+
+var propsToClassKey_excluded = ["variant"];
+
+function isEmpty(string) {
+  return string.length === 0;
+}
+
+/**
+ * Generates string classKey based on the properties provided. It starts with the
+ * variant if defined, and then it appends all other properties in alphabetical order.
+ * @param {object} props - the properties for which the classKey should be created.
+ */
+function propsToClassKey(props) {
+  var variant = props.variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, propsToClassKey_excluded);
+  var classKey = variant || '';
+  Object.keys(other).sort().forEach(function (key) {
+    if (key === 'color') {
+      classKey += isEmpty(classKey) ? props[key] : capitalize(props[key]);
+    } else {
+      classKey += "".concat(isEmpty(classKey) ? key : capitalize(key)).concat(capitalize(props[key].toString()));
+    }
+  });
+  return classKey;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createStyled.js
+
+
+
+
+var createStyled_excluded = ["name", "slot", "skipVariantsResolver", "skipSx", "overridesResolver"];
+/* eslint-disable no-underscore-dangle */
+
+
+
+
+
+function createStyled_isEmpty(obj) {
+  return Object.keys(obj).length === 0;
+}
+
+// https://github.com/emotion-js/emotion/blob/26ded6109fcd8ca9875cc2ce4564fee678a3f3c5/packages/styled/src/utils.js#L40
+function isStringTag(tag) {
+  return typeof tag === 'string' &&
+  // 96 is one less than the char code
+  // for "a" so this is checking that
+  // it's a lowercase character
+  tag.charCodeAt(0) > 96;
+}
+var getStyleOverrides = function getStyleOverrides(name, theme) {
+  if (theme.components && theme.components[name] && theme.components[name].styleOverrides) {
+    return theme.components[name].styleOverrides;
+  }
+  return null;
+};
+var getVariantStyles = function getVariantStyles(name, theme) {
+  var variants = [];
+  if (theme && theme.components && theme.components[name] && theme.components[name].variants) {
+    variants = theme.components[name].variants;
+  }
+  var variantsStyles = {};
+  variants.forEach(function (definition) {
+    var key = propsToClassKey(definition.props);
+    variantsStyles[key] = definition.style;
+  });
+  return variantsStyles;
+};
+var variantsResolver = function variantsResolver(props, styles, theme, name) {
+  var _theme$components, _theme$components$nam;
+  var _props$ownerState = props.ownerState,
+    ownerState = _props$ownerState === void 0 ? {} : _props$ownerState;
+  var variantsStyles = [];
+  var themeVariants = theme == null ? void 0 : (_theme$components = theme.components) == null ? void 0 : (_theme$components$nam = _theme$components[name]) == null ? void 0 : _theme$components$nam.variants;
+  if (themeVariants) {
+    themeVariants.forEach(function (themeVariant) {
+      var isMatch = true;
+      Object.keys(themeVariant.props).forEach(function (key) {
+        if (ownerState[key] !== themeVariant.props[key] && props[key] !== themeVariant.props[key]) {
+          isMatch = false;
+        }
+      });
+      if (isMatch) {
+        variantsStyles.push(styles[propsToClassKey(themeVariant.props)]);
+      }
+    });
+  }
+  return variantsStyles;
+};
+
+// Update /system/styled/#api in case if this changes
+function createStyled_shouldForwardProp(prop) {
+  return prop !== 'ownerState' && prop !== 'theme' && prop !== 'sx' && prop !== 'as';
+}
+var createStyled_systemDefaultTheme = createTheme_createTheme();
+var lowercaseFirstLetter = function lowercaseFirstLetter(string) {
+  return string.charAt(0).toLowerCase() + string.slice(1);
+};
+function resolveTheme(_ref) {
+  var defaultTheme = _ref.defaultTheme,
+    theme = _ref.theme,
+    themeId = _ref.themeId;
+  return createStyled_isEmpty(theme) ? defaultTheme : theme[themeId] || theme;
+}
+function createStyled_createStyled() {
+  var input = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  var themeId = input.themeId,
+    _input$defaultTheme = input.defaultTheme,
+    defaultTheme = _input$defaultTheme === void 0 ? createStyled_systemDefaultTheme : _input$defaultTheme,
+    _input$rootShouldForw = input.rootShouldForwardProp,
+    rootShouldForwardProp = _input$rootShouldForw === void 0 ? createStyled_shouldForwardProp : _input$rootShouldForw,
+    _input$slotShouldForw = input.slotShouldForwardProp,
+    slotShouldForwardProp = _input$slotShouldForw === void 0 ? createStyled_shouldForwardProp : _input$slotShouldForw;
+  var systemSx = function systemSx(props) {
+    return styleFunctionSx_styleFunctionSx(extends_extends({}, props, {
+      theme: resolveTheme(extends_extends({}, props, {
+        defaultTheme: defaultTheme,
+        themeId: themeId
+      }))
+    }));
+  };
+  systemSx.__mui_systemSx = true;
+  return function (tag) {
+    var inputOptions = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+    // Filter out the `sx` style function from the previous styled component to prevent unnecessary styles generated by the composite components.
+    internal_processStyles(tag, function (styles) {
+      return styles.filter(function (style) {
+        return !(style != null && style.__mui_systemSx);
+      });
+    });
+    var componentName = inputOptions.name,
+      componentSlot = inputOptions.slot,
+      inputSkipVariantsResolver = inputOptions.skipVariantsResolver,
+      inputSkipSx = inputOptions.skipSx,
+      overridesResolver = inputOptions.overridesResolver,
+      options = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(inputOptions, createStyled_excluded);
+
+    // if skipVariantsResolver option is defined, take the value, otherwise, true for root and false for other slots.
+    var skipVariantsResolver = inputSkipVariantsResolver !== undefined ? inputSkipVariantsResolver : componentSlot && componentSlot !== 'Root' || false;
+    var skipSx = inputSkipSx || false;
+    var label;
+    if (false) {}
+    var shouldForwardPropOption = createStyled_shouldForwardProp;
+    if (componentSlot === 'Root') {
+      shouldForwardPropOption = rootShouldForwardProp;
+    } else if (componentSlot) {
+      // any other slot specified
+      shouldForwardPropOption = slotShouldForwardProp;
+    } else if (isStringTag(tag)) {
+      // for string (html) tag, preserve the behavior in emotion & styled-components.
+      shouldForwardPropOption = undefined;
+    }
+    var defaultStyledResolver = styled(tag, extends_extends({
+      shouldForwardProp: shouldForwardPropOption,
+      label: label
+    }, options));
+    var muiStyledResolver = function muiStyledResolver(styleArg) {
+      for (var _len = arguments.length, expressions = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
+        expressions[_key - 1] = arguments[_key];
+      }
+      var expressionsWithDefaultTheme = expressions ? expressions.map(function (stylesArg) {
+        // On the server Emotion doesn't use React.forwardRef for creating components, so the created
+        // component stays as a function. This condition makes sure that we do not interpolate functions
+        // which are basically components used as a selectors.
+        return typeof stylesArg === 'function' && stylesArg.__emotion_real !== stylesArg ? function (props) {
+          return stylesArg(extends_extends({}, props, {
+            theme: resolveTheme(extends_extends({}, props, {
+              defaultTheme: defaultTheme,
+              themeId: themeId
+            }))
+          }));
+        } : stylesArg;
+      }) : [];
+      var transformedStyleArg = styleArg;
+      if (componentName && overridesResolver) {
+        expressionsWithDefaultTheme.push(function (props) {
+          var theme = resolveTheme(extends_extends({}, props, {
+            defaultTheme: defaultTheme,
+            themeId: themeId
+          }));
+          var styleOverrides = getStyleOverrides(componentName, theme);
+          if (styleOverrides) {
+            var resolvedStyleOverrides = {};
+            Object.entries(styleOverrides).forEach(function (_ref2) {
+              var _ref3 = slicedToArray_slicedToArray(_ref2, 2),
+                slotKey = _ref3[0],
+                slotStyle = _ref3[1];
+              resolvedStyleOverrides[slotKey] = typeof slotStyle === 'function' ? slotStyle(extends_extends({}, props, {
+                theme: theme
+              })) : slotStyle;
+            });
+            return overridesResolver(props, resolvedStyleOverrides);
+          }
+          return null;
+        });
+      }
+      if (componentName && !skipVariantsResolver) {
+        expressionsWithDefaultTheme.push(function (props) {
+          var theme = resolveTheme(extends_extends({}, props, {
+            defaultTheme: defaultTheme,
+            themeId: themeId
+          }));
+          return variantsResolver(props, getVariantStyles(componentName, theme), theme, componentName);
+        });
+      }
+      if (!skipSx) {
+        expressionsWithDefaultTheme.push(systemSx);
+      }
+      var numOfCustomFnsApplied = expressionsWithDefaultTheme.length - expressions.length;
+      if (Array.isArray(styleArg) && numOfCustomFnsApplied > 0) {
+        var placeholders = new Array(numOfCustomFnsApplied).fill('');
+        // If the type is array, than we need to add placeholders in the template for the overrides, variants and the sx styles.
+        transformedStyleArg = [].concat(toConsumableArray_toConsumableArray(styleArg), toConsumableArray_toConsumableArray(placeholders));
+        transformedStyleArg.raw = [].concat(toConsumableArray_toConsumableArray(styleArg.raw), toConsumableArray_toConsumableArray(placeholders));
+      } else if (typeof styleArg === 'function' &&
+      // On the server Emotion doesn't use React.forwardRef for creating components, so the created
+      // component stays as a function. This condition makes sure that we do not interpolate functions
+      // which are basically components used as a selectors.
+      styleArg.__emotion_real !== styleArg) {
+        // If the type is function, we need to define the default theme.
+        transformedStyleArg = function transformedStyleArg(props) {
+          return styleArg(extends_extends({}, props, {
+            theme: resolveTheme(extends_extends({}, props, {
+              defaultTheme: defaultTheme,
+              themeId: themeId
+            }))
+          }));
+        };
+      }
+      var Component = defaultStyledResolver.apply(void 0, [transformedStyleArg].concat(toConsumableArray_toConsumableArray(expressionsWithDefaultTheme)));
+      if (false) { var displayName; }
+      if (tag.muiName) {
+        Component.muiName = tag.muiName;
+      }
+      return Component;
+    };
+    if (defaultStyledResolver.withConfig) {
+      muiStyledResolver.withConfig = defaultStyledResolver.withConfig;
+    }
+    return muiStyledResolver;
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/defaultTheme.js
+
+var defaultTheme_defaultTheme = styles_createTheme();
+/* harmony default export */ var styles_defaultTheme = (defaultTheme_defaultTheme);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/styled.js
+
+
+
+var rootShouldForwardProp = function rootShouldForwardProp(prop) {
+  return createStyled_shouldForwardProp(prop) && prop !== 'classes';
+};
+var slotShouldForwardProp = (/* unused pure expression or super */ null && (shouldForwardProp));
+var styled_styled = createStyled_createStyled({
+  themeId: styles_identifier,
+  defaultTheme: styles_defaultTheme,
+  rootShouldForwardProp: rootShouldForwardProp
+});
+/* harmony default export */ var styles_styled = (styled_styled);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/useTheme.js
+
+
+
+
+function styles_useTheme_useTheme() {
+  var theme = esm_useTheme(styles_defaultTheme);
+  if (false) {}
+  return theme[styles_identifier] || theme;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/composeClasses/composeClasses.js
+function composeClasses(slots, getUtilityClass) {
+  var classes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : undefined;
+  var output = {};
+  Object.keys(slots).forEach(
+  // `Objet.keys(slots)` can't be wider than `T` because we infer `T` from `slots`.
+  // @ts-expect-error https://github.com/microsoft/TypeScript/pull/12253#issuecomment-263132208
+  function (slot) {
+    output[slot] = slots[slot].reduce(function (acc, key) {
+      if (key) {
+        var utilityClass = getUtilityClass(key);
+        if (utilityClass !== '') {
+          acc.push(utilityClass);
+        }
+        if (classes && classes[key]) {
+          acc.push(classes[key]);
+        }
+      }
+      return acc;
+    }, []).join(' ');
+  });
+  return output;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/setRef.js
+/**
+ * TODO v5: consider making it private
+ *
+ * passes {value} to {ref}
+ *
+ * WARNING: Be sure to only call this inside a callback that is passed as a ref.
+ * Otherwise, make sure to cleanup the previous {ref} if it changes. See
+ * https://github.com/mui/material-ui/issues/13539
+ *
+ * Useful if you want to expose the ref of an inner component to the public API
+ * while still using it inside the component.
+ * @param ref A ref callback or ref object. If anything falsy, this is a no-op.
+ */
+function setRef(ref, value) {
+  if (typeof ref === 'function') {
+    ref(value);
+  } else if (ref) {
+    ref.current = value;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useForkRef.js
+
+
+function useForkRef() {
+  for (var _len = arguments.length, refs = new Array(_len), _key = 0; _key < _len; _key++) {
+    refs[_key] = arguments[_key];
+  }
+  /**
+   * This will create a new function if the refs passed to this hook change and are all defined.
+   * This means react will call the old forkRef with `null` and the new forkRef
+   * with the ref. Cleanup naturally emerges from this behavior.
+   */
+  return react.useMemo(function () {
+    if (refs.every(function (ref) {
+      return ref == null;
+    })) {
+      return null;
+    }
+    return function (instance) {
+      refs.forEach(function (ref) {
+        setRef(ref, instance);
+      });
+    };
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, refs);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ownerDocument.js
+function ownerDocument(node) {
+  return node && node.ownerDocument || document;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useEnhancedEffect.js
+
+var useEnhancedEffect = typeof window !== 'undefined' ? react.useLayoutEffect : react.useEffect;
+/* harmony default export */ var esm_useEnhancedEffect = (useEnhancedEffect);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useEventCallback.js
+
+
+
+/**
+ * https://github.com/facebook/react/issues/14099#issuecomment-440013892
+ */
+function useEventCallback(fn) {
+  var ref = react.useRef(fn);
+  esm_useEnhancedEffect(function () {
+    ref.current = fn;
+  });
+  return react.useCallback(function () {
+    return (
+      // @ts-expect-error hide `this`
+      // tslint:disable-next-line:ban-comma-operator
+      (0, ref.current).apply(void 0, arguments)
+    );
+  }, []);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/createChainedFunction.js
+/**
+ * Safe chained function.
+ *
+ * Will only create a new function if needed,
+ * otherwise will pass back existing functions or null.
+ */
+function createChainedFunction() {
+  for (var _len = arguments.length, funcs = new Array(_len), _key = 0; _key < _len; _key++) {
+    funcs[_key] = arguments[_key];
+  }
+  return funcs.reduce(function (acc, func) {
+    if (func == null) {
+      return acc;
+    }
+    return function chainedFunction() {
+      for (var _len2 = arguments.length, args = new Array(_len2), _key2 = 0; _key2 < _len2; _key2++) {
+        args[_key2] = arguments[_key2];
+      }
+      acc.apply(this, args);
+      func.apply(this, args);
+    };
+  }, function () {});
+}
+// EXTERNAL MODULE: ./node_modules/react-dom/index.js
+var react_dom = __webpack_require__(164);
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Portal/Portal.js
+
+
+
+
+
+
+function getContainer(container) {
+  return typeof container === 'function' ? container() : container;
+}
+
+/**
+ * Portals provide a first-class way to render children into a DOM node
+ * that exists outside the DOM hierarchy of the parent component.
+ *
+ * Demos:
+ *
+ * - [Portal](https://mui.com/base/react-portal/)
+ *
+ * API:
+ *
+ * - [Portal API](https://mui.com/base/react-portal/components-api/#portal)
+ */
+var Portal = /*#__PURE__*/react.forwardRef(function Portal(props, forwardedRef) {
+  var children = props.children,
+    container = props.container,
+    _props$disablePortal = props.disablePortal,
+    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal;
+  var _React$useState = react.useState(null),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    mountNode = _React$useState2[0],
+    setMountNode = _React$useState2[1];
+  // @ts-expect-error TODO upstream fix
+  var handleRef = useForkRef( /*#__PURE__*/react.isValidElement(children) ? children.ref : null, forwardedRef);
+  esm_useEnhancedEffect(function () {
+    if (!disablePortal) {
+      setMountNode(getContainer(container) || document.body);
+    }
+  }, [container, disablePortal]);
+  esm_useEnhancedEffect(function () {
+    if (mountNode && !disablePortal) {
+      setRef(forwardedRef, mountNode);
+      return function () {
+        setRef(forwardedRef, null);
+      };
+    }
+    return undefined;
+  }, [forwardedRef, mountNode, disablePortal]);
+  if (disablePortal) {
+    if ( /*#__PURE__*/react.isValidElement(children)) {
+      var newProps = {
+        ref: handleRef
+      };
+      return /*#__PURE__*/react.cloneElement(children, newProps);
+    }
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(react.Fragment, {
+      children: children
+    });
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(react.Fragment, {
+    children: mountNode ? /*#__PURE__*/react_dom.createPortal(children, mountNode) : mountNode
+  });
+});
+ false ? 0 : void 0;
+if (false) {}
+/* harmony default export */ var Portal_Portal = (Portal);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ownerWindow.js
+
+function ownerWindow(node) {
+  var doc = ownerDocument(node);
+  return doc.defaultView || window;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/getScrollbarSize.js
+// A change of the browser zoom change the scrollbar size.
+// Credit https://github.com/twbs/bootstrap/blob/488fd8afc535ca3a6ad4dc581f5e89217b6a36ac/js/src/util/scrollbar.js#L14-L18
+function getScrollbarSize(doc) {
+  // https://developer.mozilla.org/en-US/docs/Web/API/Window/innerWidth#usage_notes
+  var documentWidth = doc.documentElement.clientWidth;
+  return Math.abs(window.innerWidth - documentWidth);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/ModalManager.js
+
+
+
+
+// Is a vertical scrollbar displayed?
+function isOverflowing(container) {
+  var doc = ownerDocument(container);
+  if (doc.body === container) {
+    return ownerWindow(container).innerWidth > doc.documentElement.clientWidth;
+  }
+  return container.scrollHeight > container.clientHeight;
+}
+function ariaHidden(element, show) {
+  if (show) {
+    element.setAttribute('aria-hidden', 'true');
+  } else {
+    element.removeAttribute('aria-hidden');
+  }
+}
+function getPaddingRight(element) {
+  return parseInt(ownerWindow(element).getComputedStyle(element).paddingRight, 10) || 0;
+}
+function isAriaHiddenForbiddenOnElement(element) {
+  // The forbidden HTML tags are the ones from ARIA specification that
+  // can be children of body and can't have aria-hidden attribute.
+  // cf. https://www.w3.org/TR/html-aria/#docconformance
+  var forbiddenTagNames = ['TEMPLATE', 'SCRIPT', 'STYLE', 'LINK', 'MAP', 'META', 'NOSCRIPT', 'PICTURE', 'COL', 'COLGROUP', 'PARAM', 'SLOT', 'SOURCE', 'TRACK'];
+  var isForbiddenTagName = forbiddenTagNames.indexOf(element.tagName) !== -1;
+  var isInputHidden = element.tagName === 'INPUT' && element.getAttribute('type') === 'hidden';
+  return isForbiddenTagName || isInputHidden;
+}
+function ariaHiddenSiblings(container, mountElement, currentElement, elementsToExclude, show) {
+  var blacklist = [mountElement, currentElement].concat(toConsumableArray_toConsumableArray(elementsToExclude));
+  [].forEach.call(container.children, function (element) {
+    var isNotExcludedElement = blacklist.indexOf(element) === -1;
+    var isNotForbiddenElement = !isAriaHiddenForbiddenOnElement(element);
+    if (isNotExcludedElement && isNotForbiddenElement) {
+      ariaHidden(element, show);
+    }
+  });
+}
+function findIndexOf(items, callback) {
+  var idx = -1;
+  items.some(function (item, index) {
+    if (callback(item)) {
+      idx = index;
+      return true;
+    }
+    return false;
+  });
+  return idx;
+}
+function handleContainer(containerInfo, props) {
+  var restoreStyle = [];
+  var container = containerInfo.container;
+  if (!props.disableScrollLock) {
+    if (isOverflowing(container)) {
+      // Compute the size before applying overflow hidden to avoid any scroll jumps.
+      var scrollbarSize = getScrollbarSize(ownerDocument(container));
+      restoreStyle.push({
+        value: container.style.paddingRight,
+        property: 'padding-right',
+        el: container
+      });
+      // Use computed style, here to get the real padding to add our scrollbar width.
+      container.style.paddingRight = "".concat(getPaddingRight(container) + scrollbarSize, "px");
+
+      // .mui-fixed is a global helper.
+      var fixedElements = ownerDocument(container).querySelectorAll('.mui-fixed');
+      [].forEach.call(fixedElements, function (element) {
+        restoreStyle.push({
+          value: element.style.paddingRight,
+          property: 'padding-right',
+          el: element
+        });
+        element.style.paddingRight = "".concat(getPaddingRight(element) + scrollbarSize, "px");
+      });
+    }
+    var scrollContainer;
+    if (container.parentNode instanceof DocumentFragment) {
+      scrollContainer = ownerDocument(container).body;
+    } else {
+      // Improve Gatsby support
+      // https://css-tricks.com/snippets/css/force-vertical-scrollbar/
+      var parent = container.parentElement;
+      var containerWindow = ownerWindow(container);
+      scrollContainer = (parent == null ? void 0 : parent.nodeName) === 'HTML' && containerWindow.getComputedStyle(parent).overflowY === 'scroll' ? parent : container;
+    }
+
+    // Block the scroll even if no scrollbar is visible to account for mobile keyboard
+    // screensize shrink.
+    restoreStyle.push({
+      value: scrollContainer.style.overflow,
+      property: 'overflow',
+      el: scrollContainer
+    }, {
+      value: scrollContainer.style.overflowX,
+      property: 'overflow-x',
+      el: scrollContainer
+    }, {
+      value: scrollContainer.style.overflowY,
+      property: 'overflow-y',
+      el: scrollContainer
+    });
+    scrollContainer.style.overflow = 'hidden';
+  }
+  var restore = function restore() {
+    restoreStyle.forEach(function (_ref) {
+      var value = _ref.value,
+        el = _ref.el,
+        property = _ref.property;
+      if (value) {
+        el.style.setProperty(property, value);
+      } else {
+        el.style.removeProperty(property);
+      }
+    });
+  };
+  return restore;
+}
+function getHiddenSiblings(container) {
+  var hiddenSiblings = [];
+  [].forEach.call(container.children, function (element) {
+    if (element.getAttribute('aria-hidden') === 'true') {
+      hiddenSiblings.push(element);
+    }
+  });
+  return hiddenSiblings;
+}
+/**
+ * @ignore - do not document.
+ *
+ * Proper state management for containers and the modals in those containers.
+ * Simplified, but inspired by react-overlay's ModalManager class.
+ * Used by the Modal to ensure proper styling of containers.
+ */
+var ModalManager = /*#__PURE__*/function () {
+  function ModalManager() {
+    classCallCheck_classCallCheck(this, ModalManager);
+    this.containers = void 0;
+    this.modals = void 0;
+    this.modals = [];
+    this.containers = [];
+  }
+  createClass_createClass(ModalManager, [{
+    key: "add",
+    value: function add(modal, container) {
+      var modalIndex = this.modals.indexOf(modal);
+      if (modalIndex !== -1) {
+        return modalIndex;
+      }
+      modalIndex = this.modals.length;
+      this.modals.push(modal);
+
+      // If the modal we are adding is already in the DOM.
+      if (modal.modalRef) {
+        ariaHidden(modal.modalRef, false);
+      }
+      var hiddenSiblings = getHiddenSiblings(container);
+      ariaHiddenSiblings(container, modal.mount, modal.modalRef, hiddenSiblings, true);
+      var containerIndex = findIndexOf(this.containers, function (item) {
+        return item.container === container;
+      });
+      if (containerIndex !== -1) {
+        this.containers[containerIndex].modals.push(modal);
+        return modalIndex;
+      }
+      this.containers.push({
+        modals: [modal],
+        container: container,
+        restore: null,
+        hiddenSiblings: hiddenSiblings
+      });
+      return modalIndex;
+    }
+  }, {
+    key: "mount",
+    value: function mount(modal, props) {
+      var containerIndex = findIndexOf(this.containers, function (item) {
+        return item.modals.indexOf(modal) !== -1;
+      });
+      var containerInfo = this.containers[containerIndex];
+      if (!containerInfo.restore) {
+        containerInfo.restore = handleContainer(containerInfo, props);
+      }
+    }
+  }, {
+    key: "remove",
+    value: function remove(modal) {
+      var ariaHiddenState = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
+      var modalIndex = this.modals.indexOf(modal);
+      if (modalIndex === -1) {
+        return modalIndex;
+      }
+      var containerIndex = findIndexOf(this.containers, function (item) {
+        return item.modals.indexOf(modal) !== -1;
+      });
+      var containerInfo = this.containers[containerIndex];
+      containerInfo.modals.splice(containerInfo.modals.indexOf(modal), 1);
+      this.modals.splice(modalIndex, 1);
+
+      // If that was the last modal in a container, clean up the container.
+      if (containerInfo.modals.length === 0) {
+        // The modal might be closed before it had the chance to be mounted in the DOM.
+        if (containerInfo.restore) {
+          containerInfo.restore();
+        }
+        if (modal.modalRef) {
+          // In case the modal wasn't in the DOM yet.
+          ariaHidden(modal.modalRef, ariaHiddenState);
+        }
+        ariaHiddenSiblings(containerInfo.container, modal.mount, modal.modalRef, containerInfo.hiddenSiblings, false);
+        this.containers.splice(containerIndex, 1);
+      } else {
+        // Otherwise make sure the next top modal is visible to a screen reader.
+        var nextTop = containerInfo.modals[containerInfo.modals.length - 1];
+        // as soon as a modal is adding its modalRef is undefined. it can't set
+        // aria-hidden because the dom element doesn't exist either
+        // when modal was unmounted before modalRef gets null
+        if (nextTop.modalRef) {
+          ariaHidden(nextTop.modalRef, false);
+        }
+      }
+      return modalIndex;
+    }
+  }, {
+    key: "isTopModal",
+    value: function isTopModal(modal) {
+      return this.modals.length > 0 && this.modals[this.modals.length - 1] === modal;
+    }
+  }]);
+  return ModalManager;
+}();
+
+;// CONCATENATED MODULE: ./node_modules/@mui/base/FocusTrap/FocusTrap.js
+/* eslint-disable consistent-return, jsx-a11y/no-noninteractive-tabindex */
+
+
+
+
+
+// Inspired by https://github.com/focus-trap/tabbable
+var candidatesSelector = ['input', 'select', 'textarea', 'a[href]', 'button', '[tabindex]', 'audio[controls]', 'video[controls]', '[contenteditable]:not([contenteditable="false"])'].join(',');
+function getTabIndex(node) {
+  var tabindexAttr = parseInt(node.getAttribute('tabindex') || '', 10);
+  if (!Number.isNaN(tabindexAttr)) {
+    return tabindexAttr;
+  }
+
+  // Browsers do not return `tabIndex` correctly for contentEditable nodes;
+  // https://bugs.chromium.org/p/chromium/issues/detail?id=661108&q=contenteditable%20tabindex&can=2
+  // so if they don't have a tabindex attribute specifically set, assume it's 0.
+  // in Chrome, <details/>, <audio controls/> and <video controls/> elements get a default
+  //  `tabIndex` of -1 when the 'tabindex' attribute isn't specified in the DOM,
+  //  yet they are still part of the regular tab order; in FF, they get a default
+  //  `tabIndex` of 0; since Chrome still puts those elements in the regular tab
+  //  order, consider their tab index to be 0.
+  if (node.contentEditable === 'true' || (node.nodeName === 'AUDIO' || node.nodeName === 'VIDEO' || node.nodeName === 'DETAILS') && node.getAttribute('tabindex') === null) {
+    return 0;
+  }
+  return node.tabIndex;
+}
+function isNonTabbableRadio(node) {
+  if (node.tagName !== 'INPUT' || node.type !== 'radio') {
+    return false;
+  }
+  if (!node.name) {
+    return false;
+  }
+  var getRadio = function getRadio(selector) {
+    return node.ownerDocument.querySelector("input[type=\"radio\"]".concat(selector));
+  };
+  var roving = getRadio("[name=\"".concat(node.name, "\"]:checked"));
+  if (!roving) {
+    roving = getRadio("[name=\"".concat(node.name, "\"]"));
+  }
+  return roving !== node;
+}
+function isNodeMatchingSelectorFocusable(node) {
+  if (node.disabled || node.tagName === 'INPUT' && node.type === 'hidden' || isNonTabbableRadio(node)) {
+    return false;
+  }
+  return true;
+}
+function defaultGetTabbable(root) {
+  var regularTabNodes = [];
+  var orderedTabNodes = [];
+  Array.from(root.querySelectorAll(candidatesSelector)).forEach(function (node, i) {
+    var nodeTabIndex = getTabIndex(node);
+    if (nodeTabIndex === -1 || !isNodeMatchingSelectorFocusable(node)) {
+      return;
+    }
+    if (nodeTabIndex === 0) {
+      regularTabNodes.push(node);
+    } else {
+      orderedTabNodes.push({
+        documentOrder: i,
+        tabIndex: nodeTabIndex,
+        node: node
+      });
+    }
+  });
+  return orderedTabNodes.sort(function (a, b) {
+    return a.tabIndex === b.tabIndex ? a.documentOrder - b.documentOrder : a.tabIndex - b.tabIndex;
+  }).map(function (a) {
+    return a.node;
+  }).concat(regularTabNodes);
+}
+function defaultIsEnabled() {
+  return true;
+}
+
+/**
+ * Utility component that locks focus inside the component.
+ *
+ * Demos:
+ *
+ * - [Focus Trap](https://mui.com/base/react-focus-trap/)
+ *
+ * API:
+ *
+ * - [FocusTrap API](https://mui.com/base/react-focus-trap/components-api/#focus-trap)
+ */
+function FocusTrap(props) {
+  var children = props.children,
+    _props$disableAutoFoc = props.disableAutoFocus,
+    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
+    _props$disableEnforce = props.disableEnforceFocus,
+    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
+    _props$disableRestore = props.disableRestoreFocus,
+    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
+    _props$getTabbable = props.getTabbable,
+    getTabbable = _props$getTabbable === void 0 ? defaultGetTabbable : _props$getTabbable,
+    _props$isEnabled = props.isEnabled,
+    isEnabled = _props$isEnabled === void 0 ? defaultIsEnabled : _props$isEnabled,
+    open = props.open;
+  var ignoreNextEnforceFocus = react.useRef(false);
+  var sentinelStart = react.useRef(null);
+  var sentinelEnd = react.useRef(null);
+  var nodeToRestore = react.useRef(null);
+  var reactFocusEventTarget = react.useRef(null);
+  // This variable is useful when disableAutoFocus is true.
+  // It waits for the active element to move into the component to activate.
+  var activated = react.useRef(false);
+  var rootRef = react.useRef(null);
+  // @ts-expect-error TODO upstream fix
+  var handleRef = useForkRef(children.ref, rootRef);
+  var lastKeydown = react.useRef(null);
+  react.useEffect(function () {
+    // We might render an empty child.
+    if (!open || !rootRef.current) {
+      return;
+    }
+    activated.current = !disableAutoFocus;
+  }, [disableAutoFocus, open]);
+  react.useEffect(function () {
+    // We might render an empty child.
+    if (!open || !rootRef.current) {
+      return;
+    }
+    var doc = ownerDocument(rootRef.current);
+    if (!rootRef.current.contains(doc.activeElement)) {
+      if (!rootRef.current.hasAttribute('tabIndex')) {
+        if (false) {}
+        rootRef.current.setAttribute('tabIndex', '-1');
+      }
+      if (activated.current) {
+        rootRef.current.focus();
+      }
+    }
+    return function () {
+      // restoreLastFocus()
+      if (!disableRestoreFocus) {
+        // In IE11 it is possible for document.activeElement to be null resulting
+        // in nodeToRestore.current being null.
+        // Not all elements in IE11 have a focus method.
+        // Once IE11 support is dropped the focus() call can be unconditional.
+        if (nodeToRestore.current && nodeToRestore.current.focus) {
+          ignoreNextEnforceFocus.current = true;
+          nodeToRestore.current.focus();
+        }
+        nodeToRestore.current = null;
+      }
+    };
+    // Missing `disableRestoreFocus` which is fine.
+    // We don't support changing that prop on an open FocusTrap
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [open]);
+  react.useEffect(function () {
+    // We might render an empty child.
+    if (!open || !rootRef.current) {
+      return;
+    }
+    var doc = ownerDocument(rootRef.current);
+    var contain = function contain(nativeEvent) {
+      var rootElement = rootRef.current;
+
+      // Cleanup functions are executed lazily in React 17.
+      // Contain can be called between the component being unmounted and its cleanup function being run.
+      if (rootElement === null) {
+        return;
+      }
+      if (!doc.hasFocus() || disableEnforceFocus || !isEnabled() || ignoreNextEnforceFocus.current) {
+        ignoreNextEnforceFocus.current = false;
+        return;
+      }
+      if (!rootElement.contains(doc.activeElement)) {
+        // if the focus event is not coming from inside the children's react tree, reset the refs
+        if (nativeEvent && reactFocusEventTarget.current !== nativeEvent.target || doc.activeElement !== reactFocusEventTarget.current) {
+          reactFocusEventTarget.current = null;
+        } else if (reactFocusEventTarget.current !== null) {
+          return;
+        }
+        if (!activated.current) {
+          return;
+        }
+        var tabbable = [];
+        if (doc.activeElement === sentinelStart.current || doc.activeElement === sentinelEnd.current) {
+          tabbable = getTabbable(rootRef.current);
+        }
+        if (tabbable.length > 0) {
+          var _lastKeydown$current, _lastKeydown$current2;
+          var isShiftTab = Boolean(((_lastKeydown$current = lastKeydown.current) == null ? void 0 : _lastKeydown$current.shiftKey) && ((_lastKeydown$current2 = lastKeydown.current) == null ? void 0 : _lastKeydown$current2.key) === 'Tab');
+          var focusNext = tabbable[0];
+          var focusPrevious = tabbable[tabbable.length - 1];
+          if (typeof focusNext !== 'string' && typeof focusPrevious !== 'string') {
+            if (isShiftTab) {
+              focusPrevious.focus();
+            } else {
+              focusNext.focus();
+            }
+          }
+        } else {
+          rootElement.focus();
+        }
+      }
+    };
+    var loopFocus = function loopFocus(nativeEvent) {
+      lastKeydown.current = nativeEvent;
+      if (disableEnforceFocus || !isEnabled() || nativeEvent.key !== 'Tab') {
+        return;
+      }
+
+      // Make sure the next tab starts from the right place.
+      // doc.activeElement refers to the origin.
+      if (doc.activeElement === rootRef.current && nativeEvent.shiftKey) {
+        // We need to ignore the next contain as
+        // it will try to move the focus back to the rootRef element.
+        ignoreNextEnforceFocus.current = true;
+        if (sentinelEnd.current) {
+          sentinelEnd.current.focus();
+        }
+      }
+    };
+    doc.addEventListener('focusin', contain);
+    doc.addEventListener('keydown', loopFocus, true);
+
+    // With Edge, Safari and Firefox, no focus related events are fired when the focused area stops being a focused area.
+    // e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=559561.
+    // Instead, we can look if the active element was restored on the BODY element.
+    //
+    // The whatwg spec defines how the browser should behave but does not explicitly mention any events:
+    // https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule.
+    var interval = setInterval(function () {
+      if (doc.activeElement && doc.activeElement.tagName === 'BODY') {
+        contain(null);
+      }
+    }, 50);
+    return function () {
+      clearInterval(interval);
+      doc.removeEventListener('focusin', contain);
+      doc.removeEventListener('keydown', loopFocus, true);
+    };
+  }, [disableAutoFocus, disableEnforceFocus, disableRestoreFocus, isEnabled, open, getTabbable]);
+  var onFocus = function onFocus(event) {
+    if (nodeToRestore.current === null) {
+      nodeToRestore.current = event.relatedTarget;
+    }
+    activated.current = true;
+    reactFocusEventTarget.current = event.target;
+    var childrenPropsHandler = children.props.onFocus;
+    if (childrenPropsHandler) {
+      childrenPropsHandler(event);
+    }
+  };
+  var handleFocusSentinel = function handleFocusSentinel(event) {
+    if (nodeToRestore.current === null) {
+      nodeToRestore.current = event.relatedTarget;
+    }
+    activated.current = true;
+  };
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+    children: [/*#__PURE__*/(0,jsx_runtime.jsx)("div", {
+      tabIndex: open ? 0 : -1,
+      onFocus: handleFocusSentinel,
+      ref: sentinelStart,
+      "data-testid": "sentinelStart"
+    }), /*#__PURE__*/react.cloneElement(children, {
+      ref: handleRef,
+      onFocus: onFocus
+    }), /*#__PURE__*/(0,jsx_runtime.jsx)("div", {
+      tabIndex: open ? 0 : -1,
+      onFocus: handleFocusSentinel,
+      ref: sentinelEnd,
+      "data-testid": "sentinelEnd"
+    })]
+  });
+}
+ false ? 0 : void 0;
+if (false) {}
+/* harmony default export */ var FocusTrap_FocusTrap = (FocusTrap);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/generateUtilityClass/generateUtilityClass.js
+
+var globalStateClassesMapping = {
+  active: 'active',
+  checked: 'checked',
+  completed: 'completed',
+  disabled: 'disabled',
+  readOnly: 'readOnly',
+  error: 'error',
+  expanded: 'expanded',
+  focused: 'focused',
+  focusVisible: 'focusVisible',
+  required: 'required',
+  selected: 'selected'
+};
+function generateUtilityClass_generateUtilityClass(componentName, slot) {
+  var globalStatePrefix = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'Mui';
+  var globalStateClass = globalStateClassesMapping[slot];
+  return globalStateClass ? "".concat(globalStatePrefix, "-").concat(globalStateClass) : "".concat(ClassNameGenerator_ClassNameGenerator.generate(componentName), "-").concat(slot);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/generateUtilityClasses/generateUtilityClasses.js
+
+function generateUtilityClasses(componentName, slots) {
+  var globalStatePrefix = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'Mui';
+  var result = {};
+  slots.forEach(function (slot) {
+    result[slot] = generateUtilityClass_generateUtilityClass(componentName, slot, globalStatePrefix);
+  });
+  return result;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/modalClasses.js
+
+
+function getModalUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiModal', slot);
+}
+var modalClasses = generateUtilityClasses('MuiModal', ['root', 'hidden', 'backdrop']);
+/* harmony default export */ var Modal_modalClasses = ((/* unused pure expression or super */ null && (modalClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/isHostComponent.js
+/**
+ * Determines if a given element is a DOM element name (i.e. not a React component).
+ */
+function isHostComponent(element) {
+  return typeof element === 'string';
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/appendOwnerState.js
+
+
+
+/**
+ * Type of the ownerState based on the type of an element it applies to.
+ * This resolves to the provided OwnerState for React components and `undefined` for host components.
+ * Falls back to `OwnerState | undefined` when the exact type can't be determined in development time.
+ */
+
+/**
+ * Appends the ownerState object to the props, merging with the existing one if necessary.
+ *
+ * @param elementType Type of the element that owns the `existingProps`. If the element is a DOM node or undefined, `ownerState` is not applied.
+ * @param otherProps Props of the element.
+ * @param ownerState
+ */
+function appendOwnerState(elementType, otherProps, ownerState) {
+  if (elementType === undefined || isHostComponent(elementType)) {
+    return otherProps;
+  }
+  return extends_extends({}, otherProps, {
+    ownerState: extends_extends({}, otherProps.ownerState, ownerState)
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/extractEventHandlers.js
+/**
+ * Extracts event handlers from a given object.
+ * A prop is considered an event handler if it is a function and its name starts with `on`.
+ *
+ * @param object An object to extract event handlers from.
+ * @param excludeKeys An array of keys to exclude from the returned object.
+ */
+function extractEventHandlers(object) {
+  var excludeKeys = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
+  if (object === undefined) {
+    return {};
+  }
+  var result = {};
+  Object.keys(object).filter(function (prop) {
+    return prop.match(/^on[A-Z]/) && typeof object[prop] === 'function' && !excludeKeys.includes(prop);
+  }).forEach(function (prop) {
+    result[prop] = object[prop];
+  });
+  return result;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/omitEventHandlers.js
+/**
+ * Removes event handlers from the given object.
+ * A field is considered an event handler if it is a function with a name beginning with `on`.
+ *
+ * @param object Object to remove event handlers from.
+ * @returns Object with event handlers removed.
+ */
+function omitEventHandlers(object) {
+  if (object === undefined) {
+    return {};
+  }
+  var result = {};
+  Object.keys(object).filter(function (prop) {
+    return !(prop.match(/^on[A-Z]/) && typeof object[prop] === 'function');
+  }).forEach(function (prop) {
+    result[prop] = object[prop];
+  });
+  return result;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/mergeSlotProps.js
+
+
+
+
+/**
+ * Merges the slot component internal props (usually coming from a hook)
+ * with the externally provided ones.
+ *
+ * The merge order is (the latter overrides the former):
+ * 1. The internal props (specified as a getter function to work with get*Props hook result)
+ * 2. Additional props (specified internally on a Base UI component)
+ * 3. External props specified on the owner component. These should only be used on a root slot.
+ * 4. External props specified in the `slotProps.*` prop.
+ * 5. The `className` prop - combined from all the above.
+ * @param parameters
+ * @returns
+ */
+function mergeSlotProps(parameters) {
+  var getSlotProps = parameters.getSlotProps,
+    additionalProps = parameters.additionalProps,
+    externalSlotProps = parameters.externalSlotProps,
+    externalForwardedProps = parameters.externalForwardedProps,
+    className = parameters.className;
+  if (!getSlotProps) {
+    // The simpler case - getSlotProps is not defined, so no internal event handlers are defined,
+    // so we can simply merge all the props without having to worry about extracting event handlers.
+    var _joinedClasses = clsx_m(externalForwardedProps == null ? void 0 : externalForwardedProps.className, externalSlotProps == null ? void 0 : externalSlotProps.className, className, additionalProps == null ? void 0 : additionalProps.className);
+    var _mergedStyle = extends_extends({}, additionalProps == null ? void 0 : additionalProps.style, externalForwardedProps == null ? void 0 : externalForwardedProps.style, externalSlotProps == null ? void 0 : externalSlotProps.style);
+    var _props = extends_extends({}, additionalProps, externalForwardedProps, externalSlotProps);
+    if (_joinedClasses.length > 0) {
+      _props.className = _joinedClasses;
+    }
+    if (Object.keys(_mergedStyle).length > 0) {
+      _props.style = _mergedStyle;
+    }
+    return {
+      props: _props,
+      internalRef: undefined
+    };
+  }
+
+  // In this case, getSlotProps is responsible for calling the external event handlers.
+  // We don't need to include them in the merged props because of this.
+
+  var eventHandlers = extractEventHandlers(extends_extends({}, externalForwardedProps, externalSlotProps));
+  var componentsPropsWithoutEventHandlers = omitEventHandlers(externalSlotProps);
+  var otherPropsWithoutEventHandlers = omitEventHandlers(externalForwardedProps);
+  var internalSlotProps = getSlotProps(eventHandlers);
+
+  // The order of classes is important here.
+  // Emotion (that we use in libraries consuming Base UI) depends on this order
+  // to properly override style. It requires the most important classes to be last
+  // (see https://github.com/mui/material-ui/pull/33205) for the related discussion.
+  var joinedClasses = clsx_m(internalSlotProps == null ? void 0 : internalSlotProps.className, additionalProps == null ? void 0 : additionalProps.className, className, externalForwardedProps == null ? void 0 : externalForwardedProps.className, externalSlotProps == null ? void 0 : externalSlotProps.className);
+  var mergedStyle = extends_extends({}, internalSlotProps == null ? void 0 : internalSlotProps.style, additionalProps == null ? void 0 : additionalProps.style, externalForwardedProps == null ? void 0 : externalForwardedProps.style, externalSlotProps == null ? void 0 : externalSlotProps.style);
+  var props = extends_extends({}, internalSlotProps, additionalProps, otherPropsWithoutEventHandlers, componentsPropsWithoutEventHandlers);
+  if (joinedClasses.length > 0) {
+    props.className = joinedClasses;
+  }
+  if (Object.keys(mergedStyle).length > 0) {
+    props.style = mergedStyle;
+  }
+  return {
+    props: props,
+    internalRef: internalSlotProps.ref
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/resolveComponentProps.js
+/**
+ * If `componentProps` is a function, calls it with the provided `ownerState`.
+ * Otherwise, just returns `componentProps`.
+ */
+function resolveComponentProps(componentProps, ownerState) {
+  if (typeof componentProps === 'function') {
+    return componentProps(ownerState);
+  }
+  return componentProps;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/useSlotProps.js
+
+
+var useSlotProps_excluded = ["elementType", "externalSlotProps", "ownerState"];
+
+
+
+
+/**
+ * @ignore - do not document.
+ * Builds the props to be passed into the slot of an unstyled component.
+ * It merges the internal props of the component with the ones supplied by the user, allowing to customize the behavior.
+ * If the slot component is not a host component, it also merges in the `ownerState`.
+ *
+ * @param parameters.getSlotProps - A function that returns the props to be passed to the slot component.
+ */
+function useSlotProps(parameters) {
+  var _parameters$additiona;
+  var elementType = parameters.elementType,
+    externalSlotProps = parameters.externalSlotProps,
+    ownerState = parameters.ownerState,
+    rest = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(parameters, useSlotProps_excluded);
+  var resolvedComponentsProps = resolveComponentProps(externalSlotProps, ownerState);
+  var _mergeSlotProps = mergeSlotProps(extends_extends({}, rest, {
+      externalSlotProps: resolvedComponentsProps
+    })),
+    mergedProps = _mergeSlotProps.props,
+    internalRef = _mergeSlotProps.internalRef;
+  var ref = useForkRef(internalRef, resolvedComponentsProps == null ? void 0 : resolvedComponentsProps.ref, (_parameters$additiona = parameters.additionalProps) == null ? void 0 : _parameters$additiona.ref);
+  var props = appendOwnerState(elementType, extends_extends({}, mergedProps, {
+    ref: ref
+  }), ownerState);
+  return props;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/ClassNameConfigurator.js
+
+
+var defaultContextValue = {
+  disableDefaultClasses: false
+};
+var ClassNameConfiguratorContext = /*#__PURE__*/react.createContext(defaultContextValue);
+/**
+ * @ignore - internal hook.
+ *
+ * Wraps the `generateUtilityClass` function and controls how the classes are generated.
+ * Currently it only affects whether the classes are applied or not.
+ *
+ * @returns Function to be called with the `generateUtilityClass` function specific to a component to generate the classes.
+ */
+function useClassNamesOverride(generateUtilityClass) {
+  var _React$useContext = react.useContext(ClassNameConfiguratorContext),
+    disableDefaultClasses = _React$useContext.disableDefaultClasses;
+  return function (slot) {
+    if (disableDefaultClasses) {
+      return '';
+    }
+    return generateUtilityClass(slot);
+  };
+}
+
+/**
+ * Allows to configure the components within to not apply any built-in classes.
+ */
+function ClassNameConfigurator(props) {
+  var disableDefaultClasses = props.disableDefaultClasses,
+    children = props.children;
+  var contextValue = React.useMemo(function () {
+    return {
+      disableDefaultClasses: disableDefaultClasses != null ? disableDefaultClasses : false
+    };
+  }, [disableDefaultClasses]);
+  return /*#__PURE__*/_jsx(ClassNameConfiguratorContext.Provider, {
+    value: contextValue,
+    children: children
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/Modal.js
+
+
+
+var Modal_excluded = ["children", "closeAfterTransition", "container", "disableAutoFocus", "disableEnforceFocus", "disableEscapeKeyDown", "disablePortal", "disableRestoreFocus", "disableScrollLock", "hideBackdrop", "keepMounted", "manager", "onBackdropClick", "onClose", "onKeyDown", "open", "onTransitionEnter", "onTransitionExited", "slotProps", "slots"];
+
+
+
+
+
+
+
+
+
+
+
+
+var useUtilityClasses = function useUtilityClasses(ownerState) {
+  var open = ownerState.open,
+    exited = ownerState.exited;
+  var slots = {
+    root: ['root', !open && exited && 'hidden'],
+    backdrop: ['backdrop']
+  };
+  return composeClasses(slots, useClassNamesOverride(getModalUtilityClass));
+};
+function Modal_getContainer(container) {
+  return typeof container === 'function' ? container() : container;
+}
+function getHasTransition(children) {
+  return children ? children.props.hasOwnProperty('in') : false;
+}
+
+// A modal manager used to track and manage the state of open Modals.
+// Modals don't open on the server so this won't conflict with concurrent requests.
+var defaultManager = new ModalManager();
+
+/**
+ * Modal is a lower-level construct that is leveraged by the following components:
+ *
+ * *   [Dialog](https://mui.com/material-ui/api/dialog/)
+ * *   [Drawer](https://mui.com/material-ui/api/drawer/)
+ * *   [Menu](https://mui.com/material-ui/api/menu/)
+ * *   [Popover](https://mui.com/material-ui/api/popover/)
+ *
+ * If you are creating a modal dialog, you probably want to use the [Dialog](https://mui.com/material-ui/api/dialog/) component
+ * rather than directly using Modal.
+ *
+ * This component shares many concepts with [react-overlays](https://react-bootstrap.github.io/react-overlays/#modals).
+ *
+ * Demos:
+ *
+ * - [Modal](https://mui.com/base/react-modal/)
+ *
+ * API:
+ *
+ * - [Modal API](https://mui.com/base/react-modal/components-api/#modal)
+ */
+var Modal = /*#__PURE__*/react.forwardRef(function Modal(props, forwardedRef) {
+  var _props$ariaHidden, _slots$root;
+  var children = props.children,
+    _props$closeAfterTran = props.closeAfterTransition,
+    closeAfterTransition = _props$closeAfterTran === void 0 ? false : _props$closeAfterTran,
+    container = props.container,
+    _props$disableAutoFoc = props.disableAutoFocus,
+    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
+    _props$disableEnforce = props.disableEnforceFocus,
+    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
+    _props$disableEscapeK = props.disableEscapeKeyDown,
+    disableEscapeKeyDown = _props$disableEscapeK === void 0 ? false : _props$disableEscapeK,
+    _props$disablePortal = props.disablePortal,
+    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
+    _props$disableRestore = props.disableRestoreFocus,
+    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
+    _props$disableScrollL = props.disableScrollLock,
+    disableScrollLock = _props$disableScrollL === void 0 ? false : _props$disableScrollL,
+    _props$hideBackdrop = props.hideBackdrop,
+    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
+    _props$keepMounted = props.keepMounted,
+    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
+    _props$manager = props.manager,
+    managerProp = _props$manager === void 0 ? defaultManager : _props$manager,
+    onBackdropClick = props.onBackdropClick,
+    onClose = props.onClose,
+    onKeyDown = props.onKeyDown,
+    open = props.open,
+    onTransitionEnter = props.onTransitionEnter,
+    onTransitionExited = props.onTransitionExited,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Modal_excluded);
+  // TODO: `modal`` must change its type in this file to match the type of methods
+  // provided by `ModalManager`
+  var manager = managerProp;
+  var _React$useState = react.useState(!open),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    exited = _React$useState2[0],
+    setExited = _React$useState2[1];
+  var modal = react.useRef({});
+  var mountNodeRef = react.useRef(null);
+  var modalRef = react.useRef(null);
+  var handleRef = useForkRef(modalRef, forwardedRef);
+  var hasTransition = getHasTransition(children);
+  var ariaHiddenProp = (_props$ariaHidden = props['aria-hidden']) != null ? _props$ariaHidden : true;
+  var getDoc = function getDoc() {
+    return ownerDocument(mountNodeRef.current);
+  };
+  var getModal = function getModal() {
+    modal.current.modalRef = modalRef.current;
+    modal.current.mountNode = mountNodeRef.current;
+    return modal.current;
+  };
+  var handleMounted = function handleMounted() {
+    manager.mount(getModal(), {
+      disableScrollLock: disableScrollLock
+    });
+
+    // Fix a bug on Chrome where the scroll isn't initially 0.
+    if (modalRef.current) {
+      modalRef.current.scrollTop = 0;
+    }
+  };
+  var handleOpen = useEventCallback(function () {
+    var resolvedContainer = Modal_getContainer(container) || getDoc().body;
+    manager.add(getModal(), resolvedContainer);
+
+    // The element was already mounted.
+    if (modalRef.current) {
+      handleMounted();
+    }
+  });
+  var isTopModal = react.useCallback(function () {
+    return manager.isTopModal(getModal());
+  }, [manager]);
+  var handlePortalRef = useEventCallback(function (node) {
+    mountNodeRef.current = node;
+    if (!node || !modalRef.current) {
+      return;
+    }
+    if (open && isTopModal()) {
+      handleMounted();
+    } else {
+      ariaHidden(modalRef.current, ariaHiddenProp);
+    }
+  });
+  var handleClose = react.useCallback(function () {
+    manager.remove(getModal(), ariaHiddenProp);
+  }, [manager, ariaHiddenProp]);
+  react.useEffect(function () {
+    return function () {
+      handleClose();
+    };
+  }, [handleClose]);
+  react.useEffect(function () {
+    if (open) {
+      handleOpen();
+    } else if (!hasTransition || !closeAfterTransition) {
+      handleClose();
+    }
+  }, [open, handleClose, hasTransition, closeAfterTransition, handleOpen]);
+  var ownerState = extends_extends({}, props, {
+    closeAfterTransition: closeAfterTransition,
+    disableAutoFocus: disableAutoFocus,
+    disableEnforceFocus: disableEnforceFocus,
+    disableEscapeKeyDown: disableEscapeKeyDown,
+    disablePortal: disablePortal,
+    disableRestoreFocus: disableRestoreFocus,
+    disableScrollLock: disableScrollLock,
+    exited: exited,
+    hideBackdrop: hideBackdrop,
+    keepMounted: keepMounted
+  });
+  var classes = useUtilityClasses(ownerState);
+  var handleEnter = function handleEnter() {
+    setExited(false);
+    if (onTransitionEnter) {
+      onTransitionEnter();
+    }
+  };
+  var handleExited = function handleExited() {
+    setExited(true);
+    if (onTransitionExited) {
+      onTransitionExited();
+    }
+    if (closeAfterTransition) {
+      handleClose();
+    }
+  };
+  var handleBackdropClick = function handleBackdropClick(event) {
+    if (event.target !== event.currentTarget) {
+      return;
+    }
+    if (onBackdropClick) {
+      onBackdropClick(event);
+    }
+    if (onClose) {
+      onClose(event, 'backdropClick');
+    }
+  };
+  var handleKeyDown = function handleKeyDown(event) {
+    if (onKeyDown) {
+      onKeyDown(event);
+    }
+
+    // The handler doesn't take event.defaultPrevented into account:
+    //
+    // event.preventDefault() is meant to stop default behaviors like
+    // clicking a checkbox to check it, hitting a button to submit a form,
+    // and hitting left arrow to move the cursor in a text input etc.
+    // Only special HTML elements have these default behaviors.
+    if (event.key !== 'Escape' || !isTopModal()) {
+      return;
+    }
+    if (!disableEscapeKeyDown) {
+      // Swallow the event, in case someone is listening for the escape key on the body.
+      event.stopPropagation();
+      if (onClose) {
+        onClose(event, 'escapeKeyDown');
+      }
+    }
+  };
+  var childProps = {};
+  if (children.props.tabIndex === undefined) {
+    childProps.tabIndex = '-1';
+  }
+
+  // It's a Transition like component
+  if (hasTransition) {
+    childProps.onEnter = createChainedFunction(handleEnter, children.props.onEnter);
+    childProps.onExited = createChainedFunction(handleExited, children.props.onExited);
+  }
+  var Root = (_slots$root = slots.root) != null ? _slots$root : 'div';
+  var rootProps = useSlotProps({
+    elementType: Root,
+    externalSlotProps: slotProps.root,
+    externalForwardedProps: other,
+    additionalProps: {
+      ref: handleRef,
+      role: 'presentation',
+      onKeyDown: handleKeyDown
+    },
+    className: classes.root,
+    ownerState: ownerState
+  });
+  var BackdropComponent = slots.backdrop;
+  var backdropProps = useSlotProps({
+    elementType: BackdropComponent,
+    externalSlotProps: slotProps.backdrop,
+    additionalProps: {
+      'aria-hidden': true,
+      onClick: handleBackdropClick,
+      open: open
+    },
+    className: classes.backdrop,
+    ownerState: ownerState
+  });
+  if (!keepMounted && !open && (!hasTransition || exited)) {
+    return null;
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Portal_Portal
+  // @ts-expect-error TODO: include ref to Base UI Portal props
+  , {
+    ref: handlePortalRef,
+    container: container,
+    disablePortal: disablePortal,
+    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(Root, extends_extends({}, rootProps, {
+      children: [!hideBackdrop && BackdropComponent ? /*#__PURE__*/(0,jsx_runtime.jsx)(BackdropComponent, extends_extends({}, backdropProps)) : null, /*#__PURE__*/(0,jsx_runtime.jsx)(FocusTrap_FocusTrap, {
+        disableEnforceFocus: disableEnforceFocus,
+        disableAutoFocus: disableAutoFocus,
+        disableRestoreFocus: disableRestoreFocus,
+        isEnabled: isTopModal,
+        open: open,
+        children: /*#__PURE__*/react.cloneElement(children, childProps)
+      })]
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Modal_Modal = (Modal);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/resolveProps.js
+
+/**
+ * Add keys, values of `defaultProps` that does not exist in `props`
+ * @param {object} defaultProps
+ * @param {object} props
+ * @returns {object} resolved props
+ */
+function resolveProps(defaultProps, props) {
+  var output = _objectSpread2({}, props);
+  Object.keys(defaultProps).forEach(function (propName) {
+    if (propName.toString().match(/^(components|slots)$/)) {
+      output[propName] = _objectSpread2(_objectSpread2({}, defaultProps[propName]), output[propName]);
+    } else if (propName.toString().match(/^(componentsProps|slotProps)$/)) {
+      var defaultSlotProps = defaultProps[propName] || {};
+      var slotProps = props[propName];
+      output[propName] = {};
+      if (!slotProps || !Object.keys(slotProps)) {
+        // Reduce the iteration if the slot props is empty
+        output[propName] = defaultSlotProps;
+      } else if (!defaultSlotProps || !Object.keys(defaultSlotProps)) {
+        // Reduce the iteration if the default slot props is empty
+        output[propName] = slotProps;
+      } else {
+        output[propName] = _objectSpread2({}, slotProps);
+        Object.keys(defaultSlotProps).forEach(function (slotPropName) {
+          output[propName][slotPropName] = resolveProps(defaultSlotProps[slotPropName], slotProps[slotPropName]);
+        });
+      }
+    } else if (output[propName] === undefined) {
+      output[propName] = defaultProps[propName];
+    }
+  });
+  return output;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeProps/getThemeProps.js
+
+function getThemeProps(params) {
+  var theme = params.theme,
+    name = params.name,
+    props = params.props;
+  if (!theme || !theme.components || !theme.components[name] || !theme.components[name].defaultProps) {
+    return props;
+  }
+  return resolveProps(theme.components[name].defaultProps, props);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeProps/useThemeProps.js
+
+
+function useThemeProps(_ref) {
+  var props = _ref.props,
+    name = _ref.name,
+    defaultTheme = _ref.defaultTheme,
+    themeId = _ref.themeId;
+  var theme = esm_useTheme(defaultTheme);
+  if (themeId) {
+    theme = theme[themeId] || theme;
+  }
+  var mergedProps = getThemeProps({
+    theme: theme,
+    name: name,
+    props: props
+  });
+  return mergedProps;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/useThemeProps.js
+
+
+
+function useThemeProps_useThemeProps(_ref) {
+  var props = _ref.props,
+    name = _ref.name;
+  return useThemeProps({
+    props: props,
+    name: name,
+    defaultTheme: styles_defaultTheme,
+    themeId: styles_identifier
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/inheritsLoose.js
+
+function _inheritsLoose(subClass, superClass) {
+  subClass.prototype = Object.create(superClass.prototype);
+  subClass.prototype.constructor = subClass;
+  _setPrototypeOf(subClass, superClass);
+}
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/config.js
+/* harmony default export */ var config = ({
+  disabled: false
+});
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/TransitionGroupContext.js
+
+/* harmony default export */ var TransitionGroupContext = (react.createContext(null));
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/utils/reflow.js
+var forceReflow = function forceReflow(node) {
+  return node.scrollTop;
+};
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/Transition.js
+
+
+
+
+
+
+
+
+
+var UNMOUNTED = 'unmounted';
+var EXITED = 'exited';
+var ENTERING = 'entering';
+var ENTERED = 'entered';
+var EXITING = 'exiting';
+/**
+ * The Transition component lets you describe a transition from one component
+ * state to another _over time_ with a simple declarative API. Most commonly
+ * it's used to animate the mounting and unmounting of a component, but can also
+ * be used to describe in-place transition states as well.
+ *
+ * ---
+ *
+ * **Note**: `Transition` is a platform-agnostic base component. If you're using
+ * transitions in CSS, you'll probably want to use
+ * [`CSSTransition`](https://reactcommunity.org/react-transition-group/css-transition)
+ * instead. It inherits all the features of `Transition`, but contains
+ * additional features necessary to play nice with CSS transitions (hence the
+ * name of the component).
+ *
+ * ---
+ *
+ * By default the `Transition` component does not alter the behavior of the
+ * component it renders, it only tracks "enter" and "exit" states for the
+ * components. It's up to you to give meaning and effect to those states. For
+ * example we can add styles to a component when it enters or exits:
+ *
+ * ```jsx
+ * import { Transition } from 'react-transition-group';
+ *
+ * const duration = 300;
+ *
+ * const defaultStyle = {
+ *   transition: `opacity ${duration}ms ease-in-out`,
+ *   opacity: 0,
+ * }
+ *
+ * const transitionStyles = {
+ *   entering: { opacity: 1 },
+ *   entered:  { opacity: 1 },
+ *   exiting:  { opacity: 0 },
+ *   exited:  { opacity: 0 },
+ * };
+ *
+ * const Fade = ({ in: inProp }) => (
+ *   <Transition in={inProp} timeout={duration}>
+ *     {state => (
+ *       <div style={{
+ *         ...defaultStyle,
+ *         ...transitionStyles[state]
+ *       }}>
+ *         I'm a fade Transition!
+ *       </div>
+ *     )}
+ *   </Transition>
+ * );
+ * ```
+ *
+ * There are 4 main states a Transition can be in:
+ *  - `'entering'`
+ *  - `'entered'`
+ *  - `'exiting'`
+ *  - `'exited'`
+ *
+ * Transition state is toggled via the `in` prop. When `true` the component
+ * begins the "Enter" stage. During this stage, the component will shift from
+ * its current transition state, to `'entering'` for the duration of the
+ * transition and then to the `'entered'` stage once it's complete. Let's take
+ * the following example (we'll use the
+ * [useState](https://reactjs.org/docs/hooks-reference.html#usestate) hook):
+ *
+ * ```jsx
+ * function App() {
+ *   const [inProp, setInProp] = useState(false);
+ *   return (
+ *     <div>
+ *       <Transition in={inProp} timeout={500}>
+ *         {state => (
+ *           // ...
+ *         )}
+ *       </Transition>
+ *       <button onClick={() => setInProp(true)}>
+ *         Click to Enter
+ *       </button>
+ *     </div>
+ *   );
+ * }
+ * ```
+ *
+ * When the button is clicked the component will shift to the `'entering'` state
+ * and stay there for 500ms (the value of `timeout`) before it finally switches
+ * to `'entered'`.
+ *
+ * When `in` is `false` the same thing happens except the state moves from
+ * `'exiting'` to `'exited'`.
+ */
+
+var Transition = /*#__PURE__*/function (_React$Component) {
+  _inheritsLoose(Transition, _React$Component);
+  function Transition(props, context) {
+    var _this;
+    _this = _React$Component.call(this, props, context) || this;
+    var parentGroup = context; // In the context of a TransitionGroup all enters are really appears
+
+    var appear = parentGroup && !parentGroup.isMounting ? props.enter : props.appear;
+    var initialStatus;
+    _this.appearStatus = null;
+    if (props.in) {
+      if (appear) {
+        initialStatus = EXITED;
+        _this.appearStatus = ENTERING;
+      } else {
+        initialStatus = ENTERED;
+      }
+    } else {
+      if (props.unmountOnExit || props.mountOnEnter) {
+        initialStatus = UNMOUNTED;
+      } else {
+        initialStatus = EXITED;
+      }
+    }
+    _this.state = {
+      status: initialStatus
+    };
+    _this.nextCallback = null;
+    return _this;
+  }
+  Transition.getDerivedStateFromProps = function getDerivedStateFromProps(_ref, prevState) {
+    var nextIn = _ref.in;
+    if (nextIn && prevState.status === UNMOUNTED) {
+      return {
+        status: EXITED
+      };
+    }
+    return null;
+  } // getSnapshotBeforeUpdate(prevProps) {
+  //   let nextStatus = null
+  //   if (prevProps !== this.props) {
+  //     const { status } = this.state
+  //     if (this.props.in) {
+  //       if (status !== ENTERING && status !== ENTERED) {
+  //         nextStatus = ENTERING
+  //       }
+  //     } else {
+  //       if (status === ENTERING || status === ENTERED) {
+  //         nextStatus = EXITING
+  //       }
+  //     }
+  //   }
+  //   return { nextStatus }
+  // }
+  ;
+
+  var _proto = Transition.prototype;
+  _proto.componentDidMount = function componentDidMount() {
+    this.updateStatus(true, this.appearStatus);
+  };
+  _proto.componentDidUpdate = function componentDidUpdate(prevProps) {
+    var nextStatus = null;
+    if (prevProps !== this.props) {
+      var status = this.state.status;
+      if (this.props.in) {
+        if (status !== ENTERING && status !== ENTERED) {
+          nextStatus = ENTERING;
+        }
+      } else {
+        if (status === ENTERING || status === ENTERED) {
+          nextStatus = EXITING;
+        }
+      }
+    }
+    this.updateStatus(false, nextStatus);
+  };
+  _proto.componentWillUnmount = function componentWillUnmount() {
+    this.cancelNextCallback();
+  };
+  _proto.getTimeouts = function getTimeouts() {
+    var timeout = this.props.timeout;
+    var exit, enter, appear;
+    exit = enter = appear = timeout;
+    if (timeout != null && typeof timeout !== 'number') {
+      exit = timeout.exit;
+      enter = timeout.enter; // TODO: remove fallback for next major
+
+      appear = timeout.appear !== undefined ? timeout.appear : enter;
+    }
+    return {
+      exit: exit,
+      enter: enter,
+      appear: appear
+    };
+  };
+  _proto.updateStatus = function updateStatus(mounting, nextStatus) {
+    if (mounting === void 0) {
+      mounting = false;
+    }
+    if (nextStatus !== null) {
+      // nextStatus will always be ENTERING or EXITING.
+      this.cancelNextCallback();
+      if (nextStatus === ENTERING) {
+        if (this.props.unmountOnExit || this.props.mountOnEnter) {
+          var node = this.props.nodeRef ? this.props.nodeRef.current : react_dom.findDOMNode(this); // https://github.com/reactjs/react-transition-group/pull/749
+          // With unmountOnExit or mountOnEnter, the enter animation should happen at the transition between `exited` and `entering`.
+          // To make the animation happen,  we have to separate each rendering and avoid being processed as batched.
+
+          if (node) forceReflow(node);
+        }
+        this.performEnter(mounting);
+      } else {
+        this.performExit();
+      }
+    } else if (this.props.unmountOnExit && this.state.status === EXITED) {
+      this.setState({
+        status: UNMOUNTED
+      });
+    }
+  };
+  _proto.performEnter = function performEnter(mounting) {
+    var _this2 = this;
+    var enter = this.props.enter;
+    var appearing = this.context ? this.context.isMounting : mounting;
+    var _ref2 = this.props.nodeRef ? [appearing] : [react_dom.findDOMNode(this), appearing],
+      maybeNode = _ref2[0],
+      maybeAppearing = _ref2[1];
+    var timeouts = this.getTimeouts();
+    var enterTimeout = appearing ? timeouts.appear : timeouts.enter; // no enter animation skip right to ENTERED
+    // if we are mounting and running this it means appear _must_ be set
+
+    if (!mounting && !enter || config.disabled) {
+      this.safeSetState({
+        status: ENTERED
+      }, function () {
+        _this2.props.onEntered(maybeNode);
+      });
+      return;
+    }
+    this.props.onEnter(maybeNode, maybeAppearing);
+    this.safeSetState({
+      status: ENTERING
+    }, function () {
+      _this2.props.onEntering(maybeNode, maybeAppearing);
+      _this2.onTransitionEnd(enterTimeout, function () {
+        _this2.safeSetState({
+          status: ENTERED
+        }, function () {
+          _this2.props.onEntered(maybeNode, maybeAppearing);
+        });
+      });
+    });
+  };
+  _proto.performExit = function performExit() {
+    var _this3 = this;
+    var exit = this.props.exit;
+    var timeouts = this.getTimeouts();
+    var maybeNode = this.props.nodeRef ? undefined : react_dom.findDOMNode(this); // no exit animation skip right to EXITED
+
+    if (!exit || config.disabled) {
+      this.safeSetState({
+        status: EXITED
+      }, function () {
+        _this3.props.onExited(maybeNode);
+      });
+      return;
+    }
+    this.props.onExit(maybeNode);
+    this.safeSetState({
+      status: EXITING
+    }, function () {
+      _this3.props.onExiting(maybeNode);
+      _this3.onTransitionEnd(timeouts.exit, function () {
+        _this3.safeSetState({
+          status: EXITED
+        }, function () {
+          _this3.props.onExited(maybeNode);
+        });
+      });
+    });
+  };
+  _proto.cancelNextCallback = function cancelNextCallback() {
+    if (this.nextCallback !== null) {
+      this.nextCallback.cancel();
+      this.nextCallback = null;
+    }
+  };
+  _proto.safeSetState = function safeSetState(nextState, callback) {
+    // This shouldn't be necessary, but there are weird race conditions with
+    // setState callbacks and unmounting in testing, so always make sure that
+    // we can cancel any pending setState callbacks after we unmount.
+    callback = this.setNextCallback(callback);
+    this.setState(nextState, callback);
+  };
+  _proto.setNextCallback = function setNextCallback(callback) {
+    var _this4 = this;
+    var active = true;
+    this.nextCallback = function (event) {
+      if (active) {
+        active = false;
+        _this4.nextCallback = null;
+        callback(event);
+      }
+    };
+    this.nextCallback.cancel = function () {
+      active = false;
+    };
+    return this.nextCallback;
+  };
+  _proto.onTransitionEnd = function onTransitionEnd(timeout, handler) {
+    this.setNextCallback(handler);
+    var node = this.props.nodeRef ? this.props.nodeRef.current : react_dom.findDOMNode(this);
+    var doesNotHaveTimeoutOrListener = timeout == null && !this.props.addEndListener;
+    if (!node || doesNotHaveTimeoutOrListener) {
+      setTimeout(this.nextCallback, 0);
+      return;
+    }
+    if (this.props.addEndListener) {
+      var _ref3 = this.props.nodeRef ? [this.nextCallback] : [node, this.nextCallback],
+        maybeNode = _ref3[0],
+        maybeNextCallback = _ref3[1];
+      this.props.addEndListener(maybeNode, maybeNextCallback);
+    }
+    if (timeout != null) {
+      setTimeout(this.nextCallback, timeout);
+    }
+  };
+  _proto.render = function render() {
+    var status = this.state.status;
+    if (status === UNMOUNTED) {
+      return null;
+    }
+    var _this$props = this.props,
+      children = _this$props.children,
+      _in = _this$props.in,
+      _mountOnEnter = _this$props.mountOnEnter,
+      _unmountOnExit = _this$props.unmountOnExit,
+      _appear = _this$props.appear,
+      _enter = _this$props.enter,
+      _exit = _this$props.exit,
+      _timeout = _this$props.timeout,
+      _addEndListener = _this$props.addEndListener,
+      _onEnter = _this$props.onEnter,
+      _onEntering = _this$props.onEntering,
+      _onEntered = _this$props.onEntered,
+      _onExit = _this$props.onExit,
+      _onExiting = _this$props.onExiting,
+      _onExited = _this$props.onExited,
+      _nodeRef = _this$props.nodeRef,
+      childProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_this$props, ["children", "in", "mountOnEnter", "unmountOnExit", "appear", "enter", "exit", "timeout", "addEndListener", "onEnter", "onEntering", "onEntered", "onExit", "onExiting", "onExited", "nodeRef"]);
+    return /*#__PURE__*/(
+      // allows for nested Transitions
+      react.createElement(TransitionGroupContext.Provider, {
+        value: null
+      }, typeof children === 'function' ? children(status, childProps) : react.cloneElement(react.Children.only(children), childProps))
+    );
+  };
+  return Transition;
+}(react.Component);
+Transition.contextType = TransitionGroupContext;
+Transition.propTypes =  false ? 0 : {}; // Name the function so it is clearer in the documentation
+
+function noop() {}
+Transition.defaultProps = {
+  in: false,
+  mountOnEnter: false,
+  unmountOnExit: false,
+  appear: false,
+  enter: true,
+  exit: true,
+  onEnter: noop,
+  onEntering: noop,
+  onEntered: noop,
+  onExit: noop,
+  onExiting: noop,
+  onExited: noop
+};
+Transition.UNMOUNTED = UNMOUNTED;
+Transition.EXITED = EXITED;
+Transition.ENTERING = ENTERING;
+Transition.ENTERED = ENTERED;
+Transition.EXITING = EXITING;
+/* harmony default export */ var esm_Transition = (Transition);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/transitions/utils.js
+var reflow = function reflow(node) {
+  return node.scrollTop;
+};
+function getTransitionProps(props, options) {
+  var _style$transitionDura, _style$transitionTimi;
+  var timeout = props.timeout,
+    easing = props.easing,
+    _props$style = props.style,
+    style = _props$style === void 0 ? {} : _props$style;
+  return {
+    duration: (_style$transitionDura = style.transitionDuration) != null ? _style$transitionDura : typeof timeout === 'number' ? timeout : timeout[options.mode] || 0,
+    easing: (_style$transitionTimi = style.transitionTimingFunction) != null ? _style$transitionTimi : typeof easing === 'object' ? easing[options.mode] : easing,
+    delay: style.transitionDelay
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useForkRef.js
+
+/* harmony default export */ var utils_useForkRef = (useForkRef);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Fade/Fade.js
+
+
+var Fade_excluded = ["addEndListener", "appear", "children", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
+
+
+
+
+
+
+
+
+var styles = {
+  entering: {
+    opacity: 1
+  },
+  entered: {
+    opacity: 1
+  }
+};
+
+/**
+ * The Fade transition is used by the [Modal](/material-ui/react-modal/) component.
+ * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
+ */
+var Fade = /*#__PURE__*/react.forwardRef(function Fade(props, ref) {
+  var theme = styles_useTheme_useTheme();
+  var defaultTimeout = {
+    enter: theme.transitions.duration.enteringScreen,
+    exit: theme.transitions.duration.leavingScreen
+  };
+  var addEndListener = props.addEndListener,
+    _props$appear = props.appear,
+    appear = _props$appear === void 0 ? true : _props$appear,
+    _children = props.children,
+    easing = props.easing,
+    inProp = props.in,
+    onEnter = props.onEnter,
+    onEntered = props.onEntered,
+    onEntering = props.onEntering,
+    onExit = props.onExit,
+    onExited = props.onExited,
+    onExiting = props.onExiting,
+    style = props.style,
+    _props$timeout = props.timeout,
+    timeout = _props$timeout === void 0 ? defaultTimeout : _props$timeout,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Fade_excluded);
+  var enableStrictModeCompat = true;
+  var nodeRef = react.useRef(null);
+  var handleRef = utils_useForkRef(nodeRef, _children.ref, ref);
+  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
+    return function (maybeIsAppearing) {
+      if (callback) {
+        var node = nodeRef.current;
+
+        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
+        if (maybeIsAppearing === undefined) {
+          callback(node);
+        } else {
+          callback(node, maybeIsAppearing);
+        }
+      }
+    };
+  };
+  var handleEntering = normalizedTransitionCallback(onEntering);
+  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
+    reflow(node); // So the animation always start from the start.
+
+    var transitionProps = getTransitionProps({
+      style: style,
+      timeout: timeout,
+      easing: easing
+    }, {
+      mode: 'enter'
+    });
+    node.style.webkitTransition = theme.transitions.create('opacity', transitionProps);
+    node.style.transition = theme.transitions.create('opacity', transitionProps);
+    if (onEnter) {
+      onEnter(node, isAppearing);
+    }
+  });
+  var handleEntered = normalizedTransitionCallback(onEntered);
+  var handleExiting = normalizedTransitionCallback(onExiting);
+  var handleExit = normalizedTransitionCallback(function (node) {
+    var transitionProps = getTransitionProps({
+      style: style,
+      timeout: timeout,
+      easing: easing
+    }, {
+      mode: 'exit'
+    });
+    node.style.webkitTransition = theme.transitions.create('opacity', transitionProps);
+    node.style.transition = theme.transitions.create('opacity', transitionProps);
+    if (onExit) {
+      onExit(node);
+    }
+  });
+  var handleExited = normalizedTransitionCallback(onExited);
+  var handleAddEndListener = function handleAddEndListener(next) {
+    if (addEndListener) {
+      // Old call signature before `react-transition-group` implemented `nodeRef`
+      addEndListener(nodeRef.current, next);
+    }
+  };
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    appear: appear,
+    in: inProp,
+    nodeRef: enableStrictModeCompat ? nodeRef : undefined,
+    onEnter: handleEnter,
+    onEntered: handleEntered,
+    onEntering: handleEntering,
+    onExit: handleExit,
+    onExited: handleExited,
+    onExiting: handleExiting,
+    addEndListener: handleAddEndListener,
+    timeout: timeout
+  }, other, {
+    children: function children(state, childProps) {
+      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
+        style: extends_extends({
+          opacity: 0,
+          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
+        }, styles[state], style, _children.props.style),
+        ref: handleRef
+      }, childProps));
+    }
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Fade_Fade = (Fade);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Backdrop/backdropClasses.js
+
+
+function getBackdropUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiBackdrop', slot);
+}
+var backdropClasses = generateUtilityClasses('MuiBackdrop', ['root', 'invisible']);
+/* harmony default export */ var Backdrop_backdropClasses = ((/* unused pure expression or super */ null && (backdropClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Backdrop/Backdrop.js
+
+
+var Backdrop_excluded = ["children", "className", "component", "components", "componentsProps", "invisible", "open", "slotProps", "slots", "TransitionComponent", "transitionDuration"];
+
+
+
+
+
+
+
+
+
+var Backdrop_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    invisible = ownerState.invisible;
+  var slots = {
+    root: ['root', invisible && 'invisible']
+  };
+  return composeClasses(slots, getBackdropUtilityClass, classes);
+};
+var BackdropRoot = styles_styled('div', {
+  name: 'MuiBackdrop',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.invisible && styles.invisible];
+  }
+})(function (_ref2) {
+  var ownerState = _ref2.ownerState;
+  return extends_extends({
+    position: 'fixed',
+    display: 'flex',
+    alignItems: 'center',
+    justifyContent: 'center',
+    right: 0,
+    bottom: 0,
+    top: 0,
+    left: 0,
+    backgroundColor: 'rgba(0, 0, 0, 0.5)',
+    WebkitTapHighlightColor: 'transparent'
+  }, ownerState.invisible && {
+    backgroundColor: 'transparent'
+  });
+});
+var Backdrop = /*#__PURE__*/react.forwardRef(function Backdrop(inProps, ref) {
+  var _slotProps$root, _ref, _slots$root;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiBackdrop'
+  });
+  var children = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    _props$components = props.components,
+    components = _props$components === void 0 ? {} : _props$components,
+    _props$componentsProp = props.componentsProps,
+    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
+    _props$invisible = props.invisible,
+    invisible = _props$invisible === void 0 ? false : _props$invisible,
+    open = props.open,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? Fade_Fade : _props$TransitionComp,
+    transitionDuration = props.transitionDuration,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Backdrop_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    invisible: invisible
+  });
+  var classes = Backdrop_useUtilityClasses(ownerState);
+  var rootSlotProps = (_slotProps$root = slotProps.root) != null ? _slotProps$root : componentsProps.root;
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    in: open,
+    timeout: transitionDuration
+  }, other, {
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(BackdropRoot, extends_extends({
+      "aria-hidden": true
+    }, rootSlotProps, {
+      as: (_ref = (_slots$root = slots.root) != null ? _slots$root : components.Root) != null ? _ref : component,
+      className: clsx_m(classes.root, className, rootSlotProps == null ? void 0 : rootSlotProps.className),
+      ownerState: extends_extends({}, ownerState, rootSlotProps == null ? void 0 : rootSlotProps.ownerState),
+      classes: classes,
+      ref: ref,
+      children: children
+    }))
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Backdrop_Backdrop = (Backdrop);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Modal/Modal.js
+
+
+
+var Modal_Modal_excluded = ["BackdropComponent", "BackdropProps", "classes", "className", "closeAfterTransition", "children", "container", "component", "components", "componentsProps", "disableAutoFocus", "disableEnforceFocus", "disableEscapeKeyDown", "disablePortal", "disableRestoreFocus", "disableScrollLock", "hideBackdrop", "keepMounted", "onBackdropClick", "onClose", "open", "slotProps", "slots", "theme"];
+
+
+
+
+
+
+
+
+
+
+var Modal_Modal_modalClasses = (/* unused pure expression or super */ null && (modalUnstyledClasses));
+var ModalRoot = styles_styled('div', {
+  name: 'MuiModal',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, !ownerState.open && ownerState.exited && styles.hidden];
+  }
+})(function (_ref3) {
+  var theme = _ref3.theme,
+    ownerState = _ref3.ownerState;
+  return extends_extends({
+    position: 'fixed',
+    zIndex: (theme.vars || theme).zIndex.modal,
+    right: 0,
+    bottom: 0,
+    top: 0,
+    left: 0
+  }, !ownerState.open && ownerState.exited && {
+    visibility: 'hidden'
+  });
+});
+var ModalBackdrop = styles_styled(Backdrop_Backdrop, {
+  name: 'MuiModal',
+  slot: 'Backdrop',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.backdrop;
+  }
+})({
+  zIndex: -1
+});
+
+/**
+ * Modal is a lower-level construct that is leveraged by the following components:
+ *
+ * - [Dialog](/material-ui/api/dialog/)
+ * - [Drawer](/material-ui/api/drawer/)
+ * - [Menu](/material-ui/api/menu/)
+ * - [Popover](/material-ui/api/popover/)
+ *
+ * If you are creating a modal dialog, you probably want to use the [Dialog](/material-ui/api/dialog/) component
+ * rather than directly using Modal.
+ *
+ * This component shares many concepts with [react-overlays](https://react-bootstrap.github.io/react-overlays/#modals).
+ */
+var Modal_Modal_Modal = /*#__PURE__*/react.forwardRef(function Modal(inProps, ref) {
+  var _ref, _slots$root, _ref2, _slots$backdrop, _slotProps$root, _slotProps$backdrop;
+  var props = useThemeProps_useThemeProps({
+    name: 'MuiModal',
+    props: inProps
+  });
+  var _props$BackdropCompon = props.BackdropComponent,
+    BackdropComponent = _props$BackdropCompon === void 0 ? ModalBackdrop : _props$BackdropCompon,
+    BackdropProps = props.BackdropProps,
+    classes = props.classes,
+    className = props.className,
+    _props$closeAfterTran = props.closeAfterTransition,
+    closeAfterTransition = _props$closeAfterTran === void 0 ? false : _props$closeAfterTran,
+    children = props.children,
+    container = props.container,
+    component = props.component,
+    _props$components = props.components,
+    components = _props$components === void 0 ? {} : _props$components,
+    _props$componentsProp = props.componentsProps,
+    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
+    _props$disableAutoFoc = props.disableAutoFocus,
+    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
+    _props$disableEnforce = props.disableEnforceFocus,
+    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
+    _props$disableEscapeK = props.disableEscapeKeyDown,
+    disableEscapeKeyDown = _props$disableEscapeK === void 0 ? false : _props$disableEscapeK,
+    _props$disablePortal = props.disablePortal,
+    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
+    _props$disableRestore = props.disableRestoreFocus,
+    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
+    _props$disableScrollL = props.disableScrollLock,
+    disableScrollLock = _props$disableScrollL === void 0 ? false : _props$disableScrollL,
+    _props$hideBackdrop = props.hideBackdrop,
+    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
+    _props$keepMounted = props.keepMounted,
+    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
+    onBackdropClick = props.onBackdropClick,
+    onClose = props.onClose,
+    open = props.open,
+    slotProps = props.slotProps,
+    slots = props.slots,
+    theme = props.theme,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Modal_Modal_excluded);
+  var _React$useState = react.useState(true),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    exited = _React$useState2[0],
+    setExited = _React$useState2[1];
+  var commonProps = {
+    container: container,
+    closeAfterTransition: closeAfterTransition,
+    disableAutoFocus: disableAutoFocus,
+    disableEnforceFocus: disableEnforceFocus,
+    disableEscapeKeyDown: disableEscapeKeyDown,
+    disablePortal: disablePortal,
+    disableRestoreFocus: disableRestoreFocus,
+    disableScrollLock: disableScrollLock,
+    hideBackdrop: hideBackdrop,
+    keepMounted: keepMounted,
+    onBackdropClick: onBackdropClick,
+    onClose: onClose,
+    open: open
+  };
+  var ownerState = extends_extends({}, props, commonProps, {
+    exited: exited
+  });
+  var RootSlot = (_ref = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : components.Root) != null ? _ref : ModalRoot;
+  var BackdropSlot = (_ref2 = (_slots$backdrop = slots == null ? void 0 : slots.backdrop) != null ? _slots$backdrop : components.Backdrop) != null ? _ref2 : BackdropComponent;
+  var rootSlotProps = (_slotProps$root = slotProps == null ? void 0 : slotProps.root) != null ? _slotProps$root : componentsProps.root;
+  var backdropSlotProps = (_slotProps$backdrop = slotProps == null ? void 0 : slotProps.backdrop) != null ? _slotProps$backdrop : componentsProps.backdrop;
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Modal_Modal, extends_extends({
+    slots: {
+      root: RootSlot,
+      backdrop: BackdropSlot
+    },
+    slotProps: {
+      root: function root() {
+        return extends_extends({}, resolveComponentProps(rootSlotProps, ownerState), !isHostComponent(RootSlot) && {
+          as: component,
+          theme: theme
+        }, {
+          className: clsx_m(className, rootSlotProps == null ? void 0 : rootSlotProps.className, classes == null ? void 0 : classes.root, !ownerState.open && ownerState.exited && (classes == null ? void 0 : classes.hidden))
+        });
+      },
+      backdrop: function backdrop() {
+        return extends_extends({}, BackdropProps, resolveComponentProps(backdropSlotProps, ownerState), {
+          className: clsx_m(backdropSlotProps == null ? void 0 : backdropSlotProps.className, BackdropProps == null ? void 0 : BackdropProps.className, classes == null ? void 0 : classes.backdrop)
+        });
+      }
+    },
+    onTransitionEnter: function onTransitionEnter() {
+      return setExited(false);
+    },
+    onTransitionExited: function onTransitionExited() {
+      return setExited(true);
+    },
+    ref: ref
+  }, other, commonProps, {
+    children: children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var material_Modal_Modal = (Modal_Modal_Modal);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/debounce.js
+// Corresponds to 10 frames at 60 Hz.
+// A few bytes payload overhead when lodash/debounce is ~3 kB and debounce ~300 B.
+function debounce(func) {
+  var wait = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 166;
+  var timeout;
+  function debounced() {
+    var _this = this;
+    for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
+      args[_key] = arguments[_key];
+    }
+    var later = function later() {
+      func.apply(_this, args);
+    };
+    clearTimeout(timeout);
+    timeout = setTimeout(later, wait);
+  }
+  debounced.clear = function () {
+    clearTimeout(timeout);
+  };
+  return debounced;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/debounce.js
+
+/* harmony default export */ var utils_debounce = (debounce);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/ownerWindow.js
+
+/* harmony default export */ var utils_ownerWindow = (ownerWindow);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Slide/Slide.js
+
+
+var Slide_excluded = ["addEndListener", "appear", "children", "container", "direction", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
+
+
+
+
+
+
+
+
+
+
+// Translate the node so it can't be seen on the screen.
+// Later, we're going to translate the node back to its original location with `none`.
+
+function getTranslateValue(direction, node, resolvedContainer) {
+  var rect = node.getBoundingClientRect();
+  var containerRect = resolvedContainer && resolvedContainer.getBoundingClientRect();
+  var containerWindow = utils_ownerWindow(node);
+  var transform;
+  if (node.fakeTransform) {
+    transform = node.fakeTransform;
+  } else {
+    var computedStyle = containerWindow.getComputedStyle(node);
+    transform = computedStyle.getPropertyValue('-webkit-transform') || computedStyle.getPropertyValue('transform');
+  }
+  var offsetX = 0;
+  var offsetY = 0;
+  if (transform && transform !== 'none' && typeof transform === 'string') {
+    var transformValues = transform.split('(')[1].split(')')[0].split(',');
+    offsetX = parseInt(transformValues[4], 10);
+    offsetY = parseInt(transformValues[5], 10);
+  }
+  if (direction === 'left') {
+    if (containerRect) {
+      return "translateX(".concat(containerRect.right + offsetX - rect.left, "px)");
+    }
+    return "translateX(".concat(containerWindow.innerWidth + offsetX - rect.left, "px)");
+  }
+  if (direction === 'right') {
+    if (containerRect) {
+      return "translateX(-".concat(rect.right - containerRect.left - offsetX, "px)");
+    }
+    return "translateX(-".concat(rect.left + rect.width - offsetX, "px)");
+  }
+  if (direction === 'up') {
+    if (containerRect) {
+      return "translateY(".concat(containerRect.bottom + offsetY - rect.top, "px)");
+    }
+    return "translateY(".concat(containerWindow.innerHeight + offsetY - rect.top, "px)");
+  }
+
+  // direction === 'down'
+  if (containerRect) {
+    return "translateY(-".concat(rect.top - containerRect.top + rect.height - offsetY, "px)");
+  }
+  return "translateY(-".concat(rect.top + rect.height - offsetY, "px)");
+}
+function resolveContainer(containerPropProp) {
+  return typeof containerPropProp === 'function' ? containerPropProp() : containerPropProp;
+}
+function setTranslateValue(direction, node, containerProp) {
+  var resolvedContainer = resolveContainer(containerProp);
+  var transform = getTranslateValue(direction, node, resolvedContainer);
+  if (transform) {
+    node.style.webkitTransform = transform;
+    node.style.transform = transform;
+  }
+}
+
+/**
+ * The Slide transition is used by the [Drawer](/material-ui/react-drawer/) component.
+ * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
+ */
+var Slide = /*#__PURE__*/react.forwardRef(function Slide(props, ref) {
+  var theme = styles_useTheme_useTheme();
+  var defaultEasing = {
+    enter: theme.transitions.easing.easeOut,
+    exit: theme.transitions.easing.sharp
+  };
+  var defaultTimeout = {
+    enter: theme.transitions.duration.enteringScreen,
+    exit: theme.transitions.duration.leavingScreen
+  };
+  var addEndListener = props.addEndListener,
+    _props$appear = props.appear,
+    appear = _props$appear === void 0 ? true : _props$appear,
+    _children = props.children,
+    containerProp = props.container,
+    _props$direction = props.direction,
+    direction = _props$direction === void 0 ? 'down' : _props$direction,
+    _props$easing = props.easing,
+    easingProp = _props$easing === void 0 ? defaultEasing : _props$easing,
+    inProp = props.in,
+    onEnter = props.onEnter,
+    onEntered = props.onEntered,
+    onEntering = props.onEntering,
+    onExit = props.onExit,
+    onExited = props.onExited,
+    onExiting = props.onExiting,
+    style = props.style,
+    _props$timeout = props.timeout,
+    timeout = _props$timeout === void 0 ? defaultTimeout : _props$timeout,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Slide_excluded);
+  var childrenRef = react.useRef(null);
+  var handleRef = utils_useForkRef(_children.ref, childrenRef, ref);
+  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
+    return function (isAppearing) {
+      if (callback) {
+        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
+        if (isAppearing === undefined) {
+          callback(childrenRef.current);
+        } else {
+          callback(childrenRef.current, isAppearing);
+        }
+      }
+    };
+  };
+  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
+    setTranslateValue(direction, node, containerProp);
+    reflow(node);
+    if (onEnter) {
+      onEnter(node, isAppearing);
+    }
+  });
+  var handleEntering = normalizedTransitionCallback(function (node, isAppearing) {
+    var transitionProps = getTransitionProps({
+      timeout: timeout,
+      style: style,
+      easing: easingProp
+    }, {
+      mode: 'enter'
+    });
+    node.style.webkitTransition = theme.transitions.create('-webkit-transform', extends_extends({}, transitionProps));
+    node.style.transition = theme.transitions.create('transform', extends_extends({}, transitionProps));
+    node.style.webkitTransform = 'none';
+    node.style.transform = 'none';
+    if (onEntering) {
+      onEntering(node, isAppearing);
+    }
+  });
+  var handleEntered = normalizedTransitionCallback(onEntered);
+  var handleExiting = normalizedTransitionCallback(onExiting);
+  var handleExit = normalizedTransitionCallback(function (node) {
+    var transitionProps = getTransitionProps({
+      timeout: timeout,
+      style: style,
+      easing: easingProp
+    }, {
+      mode: 'exit'
+    });
+    node.style.webkitTransition = theme.transitions.create('-webkit-transform', transitionProps);
+    node.style.transition = theme.transitions.create('transform', transitionProps);
+    setTranslateValue(direction, node, containerProp);
+    if (onExit) {
+      onExit(node);
+    }
+  });
+  var handleExited = normalizedTransitionCallback(function (node) {
+    // No need for transitions when the component is hidden
+    node.style.webkitTransition = '';
+    node.style.transition = '';
+    if (onExited) {
+      onExited(node);
+    }
+  });
+  var handleAddEndListener = function handleAddEndListener(next) {
+    if (addEndListener) {
+      // Old call signature before `react-transition-group` implemented `nodeRef`
+      addEndListener(childrenRef.current, next);
+    }
+  };
+  var updatePosition = react.useCallback(function () {
+    if (childrenRef.current) {
+      setTranslateValue(direction, childrenRef.current, containerProp);
+    }
+  }, [direction, containerProp]);
+  react.useEffect(function () {
+    // Skip configuration where the position is screen size invariant.
+    if (inProp || direction === 'down' || direction === 'right') {
+      return undefined;
+    }
+    var handleResize = utils_debounce(function () {
+      if (childrenRef.current) {
+        setTranslateValue(direction, childrenRef.current, containerProp);
+      }
+    });
+    var containerWindow = utils_ownerWindow(childrenRef.current);
+    containerWindow.addEventListener('resize', handleResize);
+    return function () {
+      handleResize.clear();
+      containerWindow.removeEventListener('resize', handleResize);
+    };
+  }, [direction, inProp, containerProp]);
+  react.useEffect(function () {
+    if (!inProp) {
+      // We need to update the position of the drawer when the direction change and
+      // when it's hidden.
+      updatePosition();
+    }
+  }, [inProp, updatePosition]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    nodeRef: childrenRef,
+    onEnter: handleEnter,
+    onEntered: handleEntered,
+    onEntering: handleEntering,
+    onExit: handleExit,
+    onExited: handleExited,
+    onExiting: handleExiting,
+    addEndListener: handleAddEndListener,
+    appear: appear,
+    in: inProp,
+    timeout: timeout
+  }, other, {
+    children: function children(state, childProps) {
+      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
+        ref: handleRef,
+        style: extends_extends({
+          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
+        }, style, _children.props.style)
+      }, childProps));
+    }
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Slide_Slide = (Slide);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/getOverlayAlpha.js
+// Inspired by https://github.com/material-components/material-components-ios/blob/bca36107405594d5b7b16265a5b0ed698f85a5ee/components/Elevation/src/UIColor%2BMaterialElevation.m#L61
+var getOverlayAlpha = function getOverlayAlpha(elevation) {
+  var alphaValue;
+  if (elevation < 1) {
+    alphaValue = 5.11916 * Math.pow(elevation, 2);
+  } else {
+    alphaValue = 4.5 * Math.log(elevation + 1) + 2;
+  }
+  return (alphaValue / 100).toFixed(2);
+};
+/* harmony default export */ var styles_getOverlayAlpha = (getOverlayAlpha);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Paper/paperClasses.js
+
+
+function getPaperUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiPaper', slot);
+}
+var paperClasses = generateUtilityClasses('MuiPaper', ['root', 'rounded', 'outlined', 'elevation', 'elevation0', 'elevation1', 'elevation2', 'elevation3', 'elevation4', 'elevation5', 'elevation6', 'elevation7', 'elevation8', 'elevation9', 'elevation10', 'elevation11', 'elevation12', 'elevation13', 'elevation14', 'elevation15', 'elevation16', 'elevation17', 'elevation18', 'elevation19', 'elevation20', 'elevation21', 'elevation22', 'elevation23', 'elevation24']);
+/* harmony default export */ var Paper_paperClasses = ((/* unused pure expression or super */ null && (paperClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Paper/Paper.js
+
+
+var Paper_excluded = ["className", "component", "elevation", "square", "variant"];
+
+
+
+
+
+
+
+
+
+
+
+
+var Paper_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var square = ownerState.square,
+    elevation = ownerState.elevation,
+    variant = ownerState.variant,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', variant, !square && 'rounded', variant === 'elevation' && "elevation".concat(elevation)]
+  };
+  return composeClasses(slots, getPaperUtilityClass, classes);
+};
+var PaperRoot = styles_styled('div', {
+  name: 'MuiPaper',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.variant], !ownerState.square && styles.rounded, ownerState.variant === 'elevation' && styles["elevation".concat(ownerState.elevation)]];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  var _theme$vars$overlays;
+  return extends_extends({
+    backgroundColor: (theme.vars || theme).palette.background.paper,
+    color: (theme.vars || theme).palette.text.primary,
+    transition: theme.transitions.create('box-shadow')
+  }, !ownerState.square && {
+    borderRadius: theme.shape.borderRadius
+  }, ownerState.variant === 'outlined' && {
+    border: "1px solid ".concat((theme.vars || theme).palette.divider)
+  }, ownerState.variant === 'elevation' && extends_extends({
+    boxShadow: (theme.vars || theme).shadows[ownerState.elevation]
+  }, !theme.vars && theme.palette.mode === 'dark' && {
+    backgroundImage: "linear-gradient(".concat(alpha('#fff', styles_getOverlayAlpha(ownerState.elevation)), ", ").concat(alpha('#fff', styles_getOverlayAlpha(ownerState.elevation)), ")")
+  }, theme.vars && {
+    backgroundImage: (_theme$vars$overlays = theme.vars.overlays) == null ? void 0 : _theme$vars$overlays[ownerState.elevation]
+  }));
+});
+var Paper = /*#__PURE__*/react.forwardRef(function Paper(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiPaper'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    _props$elevation = props.elevation,
+    elevation = _props$elevation === void 0 ? 1 : _props$elevation,
+    _props$square = props.square,
+    square = _props$square === void 0 ? false : _props$square,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'elevation' : _props$variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Paper_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    elevation: elevation,
+    square: square,
+    variant: variant
+  });
+  var classes = Paper_useUtilityClasses(ownerState);
+  if (false) { var theme; }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(PaperRoot, extends_extends({
+    as: component,
+    ownerState: ownerState,
+    className: clsx_m(classes.root, className),
+    ref: ref
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Paper_Paper = (Paper);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/capitalize.js
+
+/* harmony default export */ var utils_capitalize = (capitalize);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Drawer/drawerClasses.js
+
+
+function getDrawerUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiDrawer', slot);
+}
+var drawerClasses = generateUtilityClasses('MuiDrawer', ['root', 'docked', 'paper', 'paperAnchorLeft', 'paperAnchorRight', 'paperAnchorTop', 'paperAnchorBottom', 'paperAnchorDockedLeft', 'paperAnchorDockedRight', 'paperAnchorDockedTop', 'paperAnchorDockedBottom', 'modal']);
+/* harmony default export */ var Drawer_drawerClasses = ((/* unused pure expression or super */ null && (drawerClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Drawer/Drawer.js
+
+
+var Drawer_excluded = ["BackdropProps"],
+  Drawer_excluded2 = ["anchor", "BackdropProps", "children", "className", "elevation", "hideBackdrop", "ModalProps", "onClose", "open", "PaperProps", "SlideProps", "TransitionComponent", "transitionDuration", "variant"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var overridesResolver = function overridesResolver(props, styles) {
+  var ownerState = props.ownerState;
+  return [styles.root, (ownerState.variant === 'permanent' || ownerState.variant === 'persistent') && styles.docked, styles.modal];
+};
+var Drawer_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    anchor = ownerState.anchor,
+    variant = ownerState.variant;
+  var slots = {
+    root: ['root'],
+    docked: [(variant === 'permanent' || variant === 'persistent') && 'docked'],
+    modal: ['modal'],
+    paper: ['paper', "paperAnchor".concat(utils_capitalize(anchor)), variant !== 'temporary' && "paperAnchorDocked".concat(utils_capitalize(anchor))]
+  };
+  return composeClasses(slots, getDrawerUtilityClass, classes);
+};
+var DrawerRoot = styles_styled(material_Modal_Modal, {
+  name: 'MuiDrawer',
+  slot: 'Root',
+  overridesResolver: overridesResolver
+})(function (_ref) {
+  var theme = _ref.theme;
+  return {
+    zIndex: (theme.vars || theme).zIndex.drawer
+  };
+});
+var DrawerDockedRoot = styles_styled('div', {
+  shouldForwardProp: rootShouldForwardProp,
+  name: 'MuiDrawer',
+  slot: 'Docked',
+  skipVariantsResolver: false,
+  overridesResolver: overridesResolver
+})({
+  flex: '0 0 auto'
+});
+var DrawerPaper = styles_styled(Paper_Paper, {
+  name: 'MuiDrawer',
+  slot: 'Paper',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.paper, styles["paperAnchor".concat(utils_capitalize(ownerState.anchor))], ownerState.variant !== 'temporary' && styles["paperAnchorDocked".concat(utils_capitalize(ownerState.anchor))]];
+  }
+})(function (_ref2) {
+  var theme = _ref2.theme,
+    ownerState = _ref2.ownerState;
+  return extends_extends({
+    overflowY: 'auto',
+    display: 'flex',
+    flexDirection: 'column',
+    height: '100%',
+    flex: '1 0 auto',
+    zIndex: (theme.vars || theme).zIndex.drawer,
+    // Add iOS momentum scrolling for iOS < 13.0
+    WebkitOverflowScrolling: 'touch',
+    // temporary style
+    position: 'fixed',
+    top: 0,
+    // We disable the focus ring for mouse, touch and keyboard users.
+    // At some point, it would be better to keep it for keyboard users.
+    // :focus-ring CSS pseudo-class will help.
+    outline: 0
+  }, ownerState.anchor === 'left' && {
+    left: 0
+  }, ownerState.anchor === 'top' && {
+    top: 0,
+    left: 0,
+    right: 0,
+    height: 'auto',
+    maxHeight: '100%'
+  }, ownerState.anchor === 'right' && {
+    right: 0
+  }, ownerState.anchor === 'bottom' && {
+    top: 'auto',
+    left: 0,
+    bottom: 0,
+    right: 0,
+    height: 'auto',
+    maxHeight: '100%'
+  }, ownerState.anchor === 'left' && ownerState.variant !== 'temporary' && {
+    borderRight: "1px solid ".concat((theme.vars || theme).palette.divider)
+  }, ownerState.anchor === 'top' && ownerState.variant !== 'temporary' && {
+    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider)
+  }, ownerState.anchor === 'right' && ownerState.variant !== 'temporary' && {
+    borderLeft: "1px solid ".concat((theme.vars || theme).palette.divider)
+  }, ownerState.anchor === 'bottom' && ownerState.variant !== 'temporary' && {
+    borderTop: "1px solid ".concat((theme.vars || theme).palette.divider)
+  });
+});
+var oppositeDirection = {
+  left: 'right',
+  right: 'left',
+  top: 'down',
+  bottom: 'up'
+};
+function isHorizontal(anchor) {
+  return ['left', 'right'].indexOf(anchor) !== -1;
+}
+function getAnchor(theme, anchor) {
+  return theme.direction === 'rtl' && isHorizontal(anchor) ? oppositeDirection[anchor] : anchor;
+}
+
+/**
+ * The props of the [Modal](/material-ui/api/modal/) component are available
+ * when `variant="temporary"` is set.
+ */
+var Drawer = /*#__PURE__*/react.forwardRef(function Drawer(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiDrawer'
+  });
+  var theme = styles_useTheme_useTheme();
+  var defaultTransitionDuration = {
+    enter: theme.transitions.duration.enteringScreen,
+    exit: theme.transitions.duration.leavingScreen
+  };
+  var _props$anchor = props.anchor,
+    anchorProp = _props$anchor === void 0 ? 'left' : _props$anchor,
+    BackdropProps = props.BackdropProps,
+    children = props.children,
+    className = props.className,
+    _props$elevation = props.elevation,
+    elevation = _props$elevation === void 0 ? 16 : _props$elevation,
+    _props$hideBackdrop = props.hideBackdrop,
+    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
+    _props$ModalProps = props.ModalProps,
+    _props$ModalProps2 = _props$ModalProps === void 0 ? {} : _props$ModalProps,
+    BackdropPropsProp = _props$ModalProps2.BackdropProps,
+    onClose = props.onClose,
+    _props$open = props.open,
+    open = _props$open === void 0 ? false : _props$open,
+    _props$PaperProps = props.PaperProps,
+    PaperProps = _props$PaperProps === void 0 ? {} : _props$PaperProps,
+    SlideProps = props.SlideProps,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? Slide_Slide : _props$TransitionComp,
+    _props$transitionDura = props.transitionDuration,
+    transitionDuration = _props$transitionDura === void 0 ? defaultTransitionDuration : _props$transitionDura,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'temporary' : _props$variant,
+    ModalProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.ModalProps, Drawer_excluded),
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Drawer_excluded2);
+
+  // Let's assume that the Drawer will always be rendered on user space.
+  // We use this state is order to skip the appear transition during the
+  // initial mount of the component.
+  var mounted = react.useRef(false);
+  react.useEffect(function () {
+    mounted.current = true;
+  }, []);
+  var anchorInvariant = getAnchor(theme, anchorProp);
+  var anchor = anchorProp;
+  var ownerState = extends_extends({}, props, {
+    anchor: anchor,
+    elevation: elevation,
+    open: open,
+    variant: variant
+  }, other);
+  var classes = Drawer_useUtilityClasses(ownerState);
+  var drawer = /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerPaper, extends_extends({
+    elevation: variant === 'temporary' ? elevation : 0,
+    square: true
+  }, PaperProps, {
+    className: clsx_m(classes.paper, PaperProps.className),
+    ownerState: ownerState,
+    children: children
+  }));
+  if (variant === 'permanent') {
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerDockedRoot, extends_extends({
+      className: clsx_m(classes.root, classes.docked, className),
+      ownerState: ownerState,
+      ref: ref
+    }, other, {
+      children: drawer
+    }));
+  }
+  var slidingDrawer = /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    in: open,
+    direction: oppositeDirection[anchorInvariant],
+    timeout: transitionDuration,
+    appear: mounted.current
+  }, SlideProps, {
+    children: drawer
+  }));
+  if (variant === 'persistent') {
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerDockedRoot, extends_extends({
+      className: clsx_m(classes.root, classes.docked, className),
+      ownerState: ownerState,
+      ref: ref
+    }, other, {
+      children: slidingDrawer
+    }));
+  }
+
+  // variant === temporary
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerRoot, extends_extends({
+    BackdropProps: extends_extends({}, BackdropProps, BackdropPropsProp, {
+      transitionDuration: transitionDuration
+    }),
+    className: clsx_m(classes.root, classes.modal, className),
+    open: open,
+    ownerState: ownerState,
+    onClose: onClose,
+    hideBackdrop: hideBackdrop,
+    ref: ref
+  }, other, ModalProps, {
+    children: slidingDrawer
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Drawer_Drawer = (Drawer);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/AppBar/appBarClasses.js
+
+
+function getAppBarUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiAppBar', slot);
+}
+var appBarClasses = generateUtilityClasses('MuiAppBar', ['root', 'positionFixed', 'positionAbsolute', 'positionSticky', 'positionStatic', 'positionRelative', 'colorDefault', 'colorPrimary', 'colorSecondary', 'colorInherit', 'colorTransparent']);
+/* harmony default export */ var AppBar_appBarClasses = ((/* unused pure expression or super */ null && (appBarClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/AppBar/AppBar.js
+
+
+var AppBar_excluded = ["className", "color", "enableColorOnDark", "position"];
+
+
+
+
+
+
+
+
+
+
+var AppBar_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var color = ownerState.color,
+    position = ownerState.position,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', "color".concat(utils_capitalize(color)), "position".concat(utils_capitalize(position))]
+  };
+  return composeClasses(slots, getAppBarUtilityClass, classes);
+};
+
+// var2 is the fallback.
+// Ex. var1: 'var(--a)', var2: 'var(--b)'; return: 'var(--a, var(--b))'
+var joinVars = function joinVars(var1, var2) {
+  return var1 ? "".concat(var1 == null ? void 0 : var1.replace(')', ''), ", ").concat(var2, ")") : var2;
+};
+var AppBarRoot = styles_styled(Paper_Paper, {
+  name: 'MuiAppBar',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles["position".concat(utils_capitalize(ownerState.position))], styles["color".concat(utils_capitalize(ownerState.color))]];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  var backgroundColorDefault = theme.palette.mode === 'light' ? theme.palette.grey[100] : theme.palette.grey[900];
+  return extends_extends({
+    display: 'flex',
+    flexDirection: 'column',
+    width: '100%',
+    boxSizing: 'border-box',
+    // Prevent padding issue with the Modal and fixed positioned AppBar.
+    flexShrink: 0
+  }, ownerState.position === 'fixed' && {
+    position: 'fixed',
+    zIndex: (theme.vars || theme).zIndex.appBar,
+    top: 0,
+    left: 'auto',
+    right: 0,
+    '@media print': {
+      // Prevent the app bar to be visible on each printed page.
+      position: 'absolute'
+    }
+  }, ownerState.position === 'absolute' && {
+    position: 'absolute',
+    zIndex: (theme.vars || theme).zIndex.appBar,
+    top: 0,
+    left: 'auto',
+    right: 0
+  }, ownerState.position === 'sticky' && {
+    // ⚠️ sticky is not supported by IE11.
+    position: 'sticky',
+    zIndex: (theme.vars || theme).zIndex.appBar,
+    top: 0,
+    left: 'auto',
+    right: 0
+  }, ownerState.position === 'static' && {
+    position: 'static'
+  }, ownerState.position === 'relative' && {
+    position: 'relative'
+  }, !theme.vars && extends_extends({}, ownerState.color === 'default' && {
+    backgroundColor: backgroundColorDefault,
+    color: theme.palette.getContrastText(backgroundColorDefault)
+  }, ownerState.color && ownerState.color !== 'default' && ownerState.color !== 'inherit' && ownerState.color !== 'transparent' && {
+    backgroundColor: theme.palette[ownerState.color].main,
+    color: theme.palette[ownerState.color].contrastText
+  }, ownerState.color === 'inherit' && {
+    color: 'inherit'
+  }, theme.palette.mode === 'dark' && !ownerState.enableColorOnDark && {
+    backgroundColor: null,
+    color: null
+  }, ownerState.color === 'transparent' && extends_extends({
+    backgroundColor: 'transparent',
+    color: 'inherit'
+  }, theme.palette.mode === 'dark' && {
+    backgroundImage: 'none'
+  })), theme.vars && extends_extends({}, ownerState.color === 'default' && {
+    '--AppBar-background': ownerState.enableColorOnDark ? theme.vars.palette.AppBar.defaultBg : joinVars(theme.vars.palette.AppBar.darkBg, theme.vars.palette.AppBar.defaultBg),
+    '--AppBar-color': ownerState.enableColorOnDark ? theme.vars.palette.text.primary : joinVars(theme.vars.palette.AppBar.darkColor, theme.vars.palette.text.primary)
+  }, ownerState.color && !ownerState.color.match(/^(default|inherit|transparent)$/) && {
+    '--AppBar-background': ownerState.enableColorOnDark ? theme.vars.palette[ownerState.color].main : joinVars(theme.vars.palette.AppBar.darkBg, theme.vars.palette[ownerState.color].main),
+    '--AppBar-color': ownerState.enableColorOnDark ? theme.vars.palette[ownerState.color].contrastText : joinVars(theme.vars.palette.AppBar.darkColor, theme.vars.palette[ownerState.color].contrastText)
+  }, {
+    backgroundColor: 'var(--AppBar-background)',
+    color: ownerState.color === 'inherit' ? 'inherit' : 'var(--AppBar-color)'
+  }, ownerState.color === 'transparent' && {
+    backgroundImage: 'none',
+    backgroundColor: 'transparent',
+    color: 'inherit'
+  }));
+});
+var AppBar = /*#__PURE__*/react.forwardRef(function AppBar(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiAppBar'
+  });
+  var className = props.className,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'primary' : _props$color,
+    _props$enableColorOnD = props.enableColorOnDark,
+    enableColorOnDark = _props$enableColorOnD === void 0 ? false : _props$enableColorOnD,
+    _props$position = props.position,
+    position = _props$position === void 0 ? 'fixed' : _props$position,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, AppBar_excluded);
+  var ownerState = extends_extends({}, props, {
+    color: color,
+    position: position,
+    enableColorOnDark: enableColorOnDark
+  });
+  var classes = AppBar_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(AppBarRoot, extends_extends({
+    square: true,
+    component: "header",
+    ownerState: ownerState,
+    elevation: 4,
+    className: clsx_m(classes.root, className, position === 'fixed' && 'mui-fixed'),
+    ref: ref
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var AppBar_AppBar = (AppBar);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/List/ListContext.js
+
+
+/**
+ * @ignore - internal component.
+ */
+var ListContext = /*#__PURE__*/react.createContext({});
+if (false) {}
+/* harmony default export */ var List_ListContext = (ListContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/List/listClasses.js
+
+
+function getListUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiList', slot);
+}
+var listClasses = generateUtilityClasses('MuiList', ['root', 'padding', 'dense', 'subheader']);
+/* harmony default export */ var List_listClasses = ((/* unused pure expression or super */ null && (listClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/List/List.js
+
+
+var List_excluded = ["children", "className", "component", "dense", "disablePadding", "subheader"];
+
+
+
+
+
+
+
+
+
+
+var List_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    disablePadding = ownerState.disablePadding,
+    dense = ownerState.dense,
+    subheader = ownerState.subheader;
+  var slots = {
+    root: ['root', !disablePadding && 'padding', dense && 'dense', subheader && 'subheader']
+  };
+  return composeClasses(slots, getListUtilityClass, classes);
+};
+var ListRoot = styles_styled('ul', {
+  name: 'MuiList',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, !ownerState.disablePadding && styles.padding, ownerState.dense && styles.dense, ownerState.subheader && styles.subheader];
+  }
+})(function (_ref) {
+  var ownerState = _ref.ownerState;
+  return extends_extends({
+    listStyle: 'none',
+    margin: 0,
+    padding: 0,
+    position: 'relative'
+  }, !ownerState.disablePadding && {
+    paddingTop: 8,
+    paddingBottom: 8
+  }, ownerState.subheader && {
+    paddingTop: 0
+  });
+});
+var List = /*#__PURE__*/react.forwardRef(function List(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiList'
+  });
+  var children = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'ul' : _props$component,
+    _props$dense = props.dense,
+    dense = _props$dense === void 0 ? false : _props$dense,
+    _props$disablePadding = props.disablePadding,
+    disablePadding = _props$disablePadding === void 0 ? false : _props$disablePadding,
+    subheader = props.subheader,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, List_excluded);
+  var context = react.useMemo(function () {
+    return {
+      dense: dense
+    };
+  }, [dense]);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    dense: dense,
+    disablePadding: disablePadding
+  });
+  var classes = List_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
+    value: context,
+    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(ListRoot, extends_extends({
+      as: component,
+      className: clsx_m(classes.root, className),
+      ref: ref,
+      ownerState: ownerState
+    }, other, {
+      children: [subheader, children]
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var List_List = (List);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Divider/dividerClasses.js
+
+
+function getDividerUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiDivider', slot);
+}
+var dividerClasses = generateUtilityClasses('MuiDivider', ['root', 'absolute', 'fullWidth', 'inset', 'middle', 'flexItem', 'light', 'vertical', 'withChildren', 'withChildrenVertical', 'textAlignRight', 'textAlignLeft', 'wrapper', 'wrapperVertical']);
+/* harmony default export */ var Divider_dividerClasses = (dividerClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Divider/Divider.js
+
+
+var Divider_excluded = ["absolute", "children", "className", "component", "flexItem", "light", "orientation", "role", "textAlign", "variant"];
+
+
+
+
+
+
+
+
+
+var Divider_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var absolute = ownerState.absolute,
+    children = ownerState.children,
+    classes = ownerState.classes,
+    flexItem = ownerState.flexItem,
+    light = ownerState.light,
+    orientation = ownerState.orientation,
+    textAlign = ownerState.textAlign,
+    variant = ownerState.variant;
+  var slots = {
+    root: ['root', absolute && 'absolute', variant, light && 'light', orientation === 'vertical' && 'vertical', flexItem && 'flexItem', children && 'withChildren', children && orientation === 'vertical' && 'withChildrenVertical', textAlign === 'right' && orientation !== 'vertical' && 'textAlignRight', textAlign === 'left' && orientation !== 'vertical' && 'textAlignLeft'],
+    wrapper: ['wrapper', orientation === 'vertical' && 'wrapperVertical']
+  };
+  return composeClasses(slots, getDividerUtilityClass, classes);
+};
+var DividerRoot = styles_styled('div', {
+  name: 'MuiDivider',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.absolute && styles.absolute, styles[ownerState.variant], ownerState.light && styles.light, ownerState.orientation === 'vertical' && styles.vertical, ownerState.flexItem && styles.flexItem, ownerState.children && styles.withChildren, ownerState.children && ownerState.orientation === 'vertical' && styles.withChildrenVertical, ownerState.textAlign === 'right' && ownerState.orientation !== 'vertical' && styles.textAlignRight, ownerState.textAlign === 'left' && ownerState.orientation !== 'vertical' && styles.textAlignLeft];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    margin: 0,
+    // Reset browser default style.
+    flexShrink: 0,
+    borderWidth: 0,
+    borderStyle: 'solid',
+    borderColor: (theme.vars || theme).palette.divider,
+    borderBottomWidth: 'thin'
+  }, ownerState.absolute && {
+    position: 'absolute',
+    bottom: 0,
+    left: 0,
+    width: '100%'
+  }, ownerState.light && {
+    borderColor: theme.vars ? "rgba(".concat(theme.vars.palette.dividerChannel, " / 0.08)") : alpha(theme.palette.divider, 0.08)
+  }, ownerState.variant === 'inset' && {
+    marginLeft: 72
+  }, ownerState.variant === 'middle' && ownerState.orientation === 'horizontal' && {
+    marginLeft: theme.spacing(2),
+    marginRight: theme.spacing(2)
+  }, ownerState.variant === 'middle' && ownerState.orientation === 'vertical' && {
+    marginTop: theme.spacing(1),
+    marginBottom: theme.spacing(1)
+  }, ownerState.orientation === 'vertical' && {
+    height: '100%',
+    borderBottomWidth: 0,
+    borderRightWidth: 'thin'
+  }, ownerState.flexItem && {
+    alignSelf: 'stretch',
+    height: 'auto'
+  });
+}, function (_ref2) {
+  var ownerState = _ref2.ownerState;
+  return extends_extends({}, ownerState.children && {
+    display: 'flex',
+    whiteSpace: 'nowrap',
+    textAlign: 'center',
+    border: 0,
+    '&::before, &::after': {
+      content: '""',
+      alignSelf: 'center'
+    }
+  });
+}, function (_ref3) {
+  var theme = _ref3.theme,
+    ownerState = _ref3.ownerState;
+  return extends_extends({}, ownerState.children && ownerState.orientation !== 'vertical' && {
+    '&::before, &::after': {
+      width: '100%',
+      borderTop: "thin solid ".concat((theme.vars || theme).palette.divider)
+    }
+  });
+}, function (_ref4) {
+  var theme = _ref4.theme,
+    ownerState = _ref4.ownerState;
+  return extends_extends({}, ownerState.children && ownerState.orientation === 'vertical' && {
+    flexDirection: 'column',
+    '&::before, &::after': {
+      height: '100%',
+      borderLeft: "thin solid ".concat((theme.vars || theme).palette.divider)
+    }
+  });
+}, function (_ref5) {
+  var ownerState = _ref5.ownerState;
+  return extends_extends({}, ownerState.textAlign === 'right' && ownerState.orientation !== 'vertical' && {
+    '&::before': {
+      width: '90%'
+    },
+    '&::after': {
+      width: '10%'
+    }
+  }, ownerState.textAlign === 'left' && ownerState.orientation !== 'vertical' && {
+    '&::before': {
+      width: '10%'
+    },
+    '&::after': {
+      width: '90%'
+    }
+  });
+});
+var DividerWrapper = styles_styled('span', {
+  name: 'MuiDivider',
+  slot: 'Wrapper',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.wrapper, ownerState.orientation === 'vertical' && styles.wrapperVertical];
+  }
+})(function (_ref6) {
+  var theme = _ref6.theme,
+    ownerState = _ref6.ownerState;
+  return extends_extends({
+    display: 'inline-block',
+    paddingLeft: "calc(".concat(theme.spacing(1), " * 1.2)"),
+    paddingRight: "calc(".concat(theme.spacing(1), " * 1.2)")
+  }, ownerState.orientation === 'vertical' && {
+    paddingTop: "calc(".concat(theme.spacing(1), " * 1.2)"),
+    paddingBottom: "calc(".concat(theme.spacing(1), " * 1.2)")
+  });
+});
+var Divider = /*#__PURE__*/react.forwardRef(function Divider(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiDivider'
+  });
+  var _props$absolute = props.absolute,
+    absolute = _props$absolute === void 0 ? false : _props$absolute,
+    children = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? children ? 'div' : 'hr' : _props$component,
+    _props$flexItem = props.flexItem,
+    flexItem = _props$flexItem === void 0 ? false : _props$flexItem,
+    _props$light = props.light,
+    light = _props$light === void 0 ? false : _props$light,
+    _props$orientation = props.orientation,
+    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
+    _props$role = props.role,
+    role = _props$role === void 0 ? component !== 'hr' ? 'separator' : undefined : _props$role,
+    _props$textAlign = props.textAlign,
+    textAlign = _props$textAlign === void 0 ? 'center' : _props$textAlign,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'fullWidth' : _props$variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Divider_excluded);
+  var ownerState = extends_extends({}, props, {
+    absolute: absolute,
+    component: component,
+    flexItem: flexItem,
+    light: light,
+    orientation: orientation,
+    role: role,
+    textAlign: textAlign,
+    variant: variant
+  });
+  var classes = Divider_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(DividerRoot, extends_extends({
+    as: component,
+    className: clsx_m(classes.root, className),
+    role: role,
+    ref: ref,
+    ownerState: ownerState
+  }, other, {
+    children: children ? /*#__PURE__*/(0,jsx_runtime.jsx)(DividerWrapper, {
+      className: classes.wrapper,
+      ownerState: ownerState,
+      children: children
+    }) : null
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Divider_Divider = (Divider);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useEventCallback.js
+
+/* harmony default export */ var utils_useEventCallback = (useEventCallback);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useIsFocusVisible.js
+// based on https://github.com/WICG/focus-visible/blob/v4.1.5/src/focus-visible.js
+
+var hadKeyboardEvent = true;
+var hadFocusVisibleRecently = false;
+var hadFocusVisibleRecentlyTimeout;
+var inputTypesWhitelist = {
+  text: true,
+  search: true,
+  url: true,
+  tel: true,
+  email: true,
+  password: true,
+  number: true,
+  date: true,
+  month: true,
+  week: true,
+  time: true,
+  datetime: true,
+  'datetime-local': true
+};
+
+/**
+ * Computes whether the given element should automatically trigger the
+ * `focus-visible` class being added, i.e. whether it should always match
+ * `:focus-visible` when focused.
+ * @param {Element} node
+ * @returns {boolean}
+ */
+function focusTriggersKeyboardModality(node) {
+  var type = node.type,
+    tagName = node.tagName;
+  if (tagName === 'INPUT' && inputTypesWhitelist[type] && !node.readOnly) {
+    return true;
+  }
+  if (tagName === 'TEXTAREA' && !node.readOnly) {
+    return true;
+  }
+  if (node.isContentEditable) {
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Keep track of our keyboard modality state with `hadKeyboardEvent`.
+ * If the most recent user interaction was via the keyboard;
+ * and the key press did not include a meta, alt/option, or control key;
+ * then the modality is keyboard. Otherwise, the modality is not keyboard.
+ * @param {KeyboardEvent} event
+ */
+function handleKeyDown(event) {
+  if (event.metaKey || event.altKey || event.ctrlKey) {
+    return;
+  }
+  hadKeyboardEvent = true;
+}
+
+/**
+ * If at any point a user clicks with a pointing device, ensure that we change
+ * the modality away from keyboard.
+ * This avoids the situation where a user presses a key on an already focused
+ * element, and then clicks on a different element, focusing it with a
+ * pointing device, while we still think we're in keyboard modality.
+ */
+function handlePointerDown() {
+  hadKeyboardEvent = false;
+}
+function handleVisibilityChange() {
+  if (this.visibilityState === 'hidden') {
+    // If the tab becomes active again, the browser will handle calling focus
+    // on the element (Safari actually calls it twice).
+    // If this tab change caused a blur on an element with focus-visible,
+    // re-apply the class when the user switches back to the tab.
+    if (hadFocusVisibleRecently) {
+      hadKeyboardEvent = true;
+    }
+  }
+}
+function prepare(doc) {
+  doc.addEventListener('keydown', handleKeyDown, true);
+  doc.addEventListener('mousedown', handlePointerDown, true);
+  doc.addEventListener('pointerdown', handlePointerDown, true);
+  doc.addEventListener('touchstart', handlePointerDown, true);
+  doc.addEventListener('visibilitychange', handleVisibilityChange, true);
+}
+function teardown(doc) {
+  doc.removeEventListener('keydown', handleKeyDown, true);
+  doc.removeEventListener('mousedown', handlePointerDown, true);
+  doc.removeEventListener('pointerdown', handlePointerDown, true);
+  doc.removeEventListener('touchstart', handlePointerDown, true);
+  doc.removeEventListener('visibilitychange', handleVisibilityChange, true);
+}
+function isFocusVisible(event) {
+  var target = event.target;
+  try {
+    return target.matches(':focus-visible');
+  } catch (error) {
+    // Browsers not implementing :focus-visible will throw a SyntaxError.
+    // We use our own heuristic for those browsers.
+    // Rethrow might be better if it's not the expected error but do we really
+    // want to crash if focus-visible malfunctioned?
+  }
+
+  // No need for validFocusTarget check. The user does that by attaching it to
+  // focusable events only.
+  return hadKeyboardEvent || focusTriggersKeyboardModality(target);
+}
+function useIsFocusVisible() {
+  var ref = react.useCallback(function (node) {
+    if (node != null) {
+      prepare(node.ownerDocument);
+    }
+  }, []);
+  var isFocusVisibleRef = react.useRef(false);
+
+  /**
+   * Should be called if a blur event is fired
+   */
+  function handleBlurVisible() {
+    // checking against potential state variable does not suffice if we focus and blur synchronously.
+    // React wouldn't have time to trigger a re-render so `focusVisible` would be stale.
+    // Ideally we would adjust `isFocusVisible(event)` to look at `relatedTarget` for blur events.
+    // This doesn't work in IE11 due to https://github.com/facebook/react/issues/3751
+    // TODO: check again if React releases their internal changes to focus event handling (https://github.com/facebook/react/pull/19186).
+    if (isFocusVisibleRef.current) {
+      // To detect a tab/window switch, we look for a blur event followed
+      // rapidly by a visibility change.
+      // If we don't see a visibility change within 100ms, it's probably a
+      // regular focus change.
+      hadFocusVisibleRecently = true;
+      window.clearTimeout(hadFocusVisibleRecentlyTimeout);
+      hadFocusVisibleRecentlyTimeout = window.setTimeout(function () {
+        hadFocusVisibleRecently = false;
+      }, 100);
+      isFocusVisibleRef.current = false;
+      return true;
+    }
+    return false;
+  }
+
+  /**
+   * Should be called if a blur event is fired
+   */
+  function handleFocusVisible(event) {
+    if (isFocusVisible(event)) {
+      isFocusVisibleRef.current = true;
+      return true;
+    }
+    return false;
+  }
+  return {
+    isFocusVisibleRef: isFocusVisibleRef,
+    onFocus: handleFocusVisible,
+    onBlur: handleBlurVisible,
+    ref: ref
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useIsFocusVisible.js
+
+/* harmony default export */ var utils_useIsFocusVisible = (useIsFocusVisible);
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/taggedTemplateLiteral.js
+function _taggedTemplateLiteral(strings, raw) {
+  if (!raw) {
+    raw = strings.slice(0);
+  }
+  return Object.freeze(Object.defineProperties(strings, {
+    raw: {
+      value: Object.freeze(raw)
+    }
+  }));
+}
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/utils/ChildMapping.js
+
+/**
+ * Given `this.props.children`, return an object mapping key to child.
+ *
+ * @param {*} children `this.props.children`
+ * @return {object} Mapping of key to child
+ */
+
+function getChildMapping(children, mapFn) {
+  var mapper = function mapper(child) {
+    return mapFn && (0,react.isValidElement)(child) ? mapFn(child) : child;
+  };
+  var result = Object.create(null);
+  if (children) react.Children.map(children, function (c) {
+    return c;
+  }).forEach(function (child) {
+    // run the map function here instead so that the key is the computed one
+    result[child.key] = mapper(child);
+  });
+  return result;
+}
+/**
+ * When you're adding or removing children some may be added or removed in the
+ * same render pass. We want to show *both* since we want to simultaneously
+ * animate elements in and out. This function takes a previous set of keys
+ * and a new set of keys and merges them with its best guess of the correct
+ * ordering. In the future we may expose some of the utilities in
+ * ReactMultiChild to make this easy, but for now React itself does not
+ * directly have this concept of the union of prevChildren and nextChildren
+ * so we implement it here.
+ *
+ * @param {object} prev prev children as returned from
+ * `ReactTransitionChildMapping.getChildMapping()`.
+ * @param {object} next next children as returned from
+ * `ReactTransitionChildMapping.getChildMapping()`.
+ * @return {object} a key set that contains all keys in `prev` and all keys
+ * in `next` in a reasonable order.
+ */
+
+function mergeChildMappings(prev, next) {
+  prev = prev || {};
+  next = next || {};
+  function getValueForKey(key) {
+    return key in next ? next[key] : prev[key];
+  } // For each key of `next`, the list of keys to insert before that key in
+  // the combined list
+
+  var nextKeysPending = Object.create(null);
+  var pendingKeys = [];
+  for (var prevKey in prev) {
+    if (prevKey in next) {
+      if (pendingKeys.length) {
+        nextKeysPending[prevKey] = pendingKeys;
+        pendingKeys = [];
+      }
+    } else {
+      pendingKeys.push(prevKey);
+    }
+  }
+  var i;
+  var childMapping = {};
+  for (var nextKey in next) {
+    if (nextKeysPending[nextKey]) {
+      for (i = 0; i < nextKeysPending[nextKey].length; i++) {
+        var pendingNextKey = nextKeysPending[nextKey][i];
+        childMapping[nextKeysPending[nextKey][i]] = getValueForKey(pendingNextKey);
+      }
+    }
+    childMapping[nextKey] = getValueForKey(nextKey);
+  } // Finally, add the keys which didn't appear before any key in `next`
+
+  for (i = 0; i < pendingKeys.length; i++) {
+    childMapping[pendingKeys[i]] = getValueForKey(pendingKeys[i]);
+  }
+  return childMapping;
+}
+function getProp(child, prop, props) {
+  return props[prop] != null ? props[prop] : child.props[prop];
+}
+function getInitialChildMapping(props, onExited) {
+  return getChildMapping(props.children, function (child) {
+    return (0,react.cloneElement)(child, {
+      onExited: onExited.bind(null, child),
+      in: true,
+      appear: getProp(child, 'appear', props),
+      enter: getProp(child, 'enter', props),
+      exit: getProp(child, 'exit', props)
+    });
+  });
+}
+function getNextChildMapping(nextProps, prevChildMapping, onExited) {
+  var nextChildMapping = getChildMapping(nextProps.children);
+  var children = mergeChildMappings(prevChildMapping, nextChildMapping);
+  Object.keys(children).forEach(function (key) {
+    var child = children[key];
+    if (!(0,react.isValidElement)(child)) return;
+    var hasPrev = (key in prevChildMapping);
+    var hasNext = (key in nextChildMapping);
+    var prevChild = prevChildMapping[key];
+    var isLeaving = (0,react.isValidElement)(prevChild) && !prevChild.props.in; // item is new (entering)
+
+    if (hasNext && (!hasPrev || isLeaving)) {
+      // console.log('entering', key)
+      children[key] = (0,react.cloneElement)(child, {
+        onExited: onExited.bind(null, child),
+        in: true,
+        exit: getProp(child, 'exit', nextProps),
+        enter: getProp(child, 'enter', nextProps)
+      });
+    } else if (!hasNext && hasPrev && !isLeaving) {
+      // item is old (exiting)
+      // console.log('leaving', key)
+      children[key] = (0,react.cloneElement)(child, {
+        in: false
+      });
+    } else if (hasNext && hasPrev && (0,react.isValidElement)(prevChild)) {
+      // item hasn't changed transition states
+      // copy over the last transition props;
+      // console.log('unchanged', key)
+      children[key] = (0,react.cloneElement)(child, {
+        onExited: onExited.bind(null, child),
+        in: prevChild.props.in,
+        exit: getProp(child, 'exit', nextProps),
+        enter: getProp(child, 'enter', nextProps)
+      });
+    }
+  });
+  return children;
+}
+;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/TransitionGroup.js
+
+
+
+
+
+
+
+
+var TransitionGroup_values = Object.values || function (obj) {
+  return Object.keys(obj).map(function (k) {
+    return obj[k];
+  });
+};
+var defaultProps = {
+  component: 'div',
+  childFactory: function childFactory(child) {
+    return child;
+  }
+};
+/**
+ * The `<TransitionGroup>` component manages a set of transition components
+ * (`<Transition>` and `<CSSTransition>`) in a list. Like with the transition
+ * components, `<TransitionGroup>` is a state machine for managing the mounting
+ * and unmounting of components over time.
+ *
+ * Consider the example below. As items are removed or added to the TodoList the
+ * `in` prop is toggled automatically by the `<TransitionGroup>`.
+ *
+ * Note that `<TransitionGroup>`  does not define any animation behavior!
+ * Exactly _how_ a list item animates is up to the individual transition
+ * component. This means you can mix and match animations across different list
+ * items.
+ */
+
+var TransitionGroup = /*#__PURE__*/function (_React$Component) {
+  _inheritsLoose(TransitionGroup, _React$Component);
+  function TransitionGroup(props, context) {
+    var _this;
+    _this = _React$Component.call(this, props, context) || this;
+    var handleExited = _this.handleExited.bind(_assertThisInitialized(_this)); // Initial children should all be entering, dependent on appear
+
+    _this.state = {
+      contextValue: {
+        isMounting: true
+      },
+      handleExited: handleExited,
+      firstRender: true
+    };
+    return _this;
+  }
+  var _proto = TransitionGroup.prototype;
+  _proto.componentDidMount = function componentDidMount() {
+    this.mounted = true;
+    this.setState({
+      contextValue: {
+        isMounting: false
+      }
+    });
+  };
+  _proto.componentWillUnmount = function componentWillUnmount() {
+    this.mounted = false;
+  };
+  TransitionGroup.getDerivedStateFromProps = function getDerivedStateFromProps(nextProps, _ref) {
+    var prevChildMapping = _ref.children,
+      handleExited = _ref.handleExited,
+      firstRender = _ref.firstRender;
+    return {
+      children: firstRender ? getInitialChildMapping(nextProps, handleExited) : getNextChildMapping(nextProps, prevChildMapping, handleExited),
+      firstRender: false
+    };
+  } // node is `undefined` when user provided `nodeRef` prop
+  ;
+
+  _proto.handleExited = function handleExited(child, node) {
+    var currentChildMapping = getChildMapping(this.props.children);
+    if (child.key in currentChildMapping) return;
+    if (child.props.onExited) {
+      child.props.onExited(node);
+    }
+    if (this.mounted) {
+      this.setState(function (state) {
+        var children = extends_extends({}, state.children);
+        delete children[child.key];
+        return {
+          children: children
+        };
+      });
+    }
+  };
+  _proto.render = function render() {
+    var _this$props = this.props,
+      Component = _this$props.component,
+      childFactory = _this$props.childFactory,
+      props = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_this$props, ["component", "childFactory"]);
+    var contextValue = this.state.contextValue;
+    var children = TransitionGroup_values(this.state.children).map(childFactory);
+    delete props.appear;
+    delete props.enter;
+    delete props.exit;
+    if (Component === null) {
+      return /*#__PURE__*/react.createElement(TransitionGroupContext.Provider, {
+        value: contextValue
+      }, children);
+    }
+    return /*#__PURE__*/react.createElement(TransitionGroupContext.Provider, {
+      value: contextValue
+    }, /*#__PURE__*/react.createElement(Component, props, children));
+  };
+  return TransitionGroup;
+}(react.Component);
+TransitionGroup.propTypes =  false ? 0 : {};
+TransitionGroup.defaultProps = defaultProps;
+/* harmony default export */ var esm_TransitionGroup = (TransitionGroup);
+// EXTERNAL MODULE: ./node_modules/hoist-non-react-statics/dist/hoist-non-react-statics.cjs.js
+var hoist_non_react_statics_cjs = __webpack_require__(110);
+;// CONCATENATED MODULE: ./node_modules/@emotion/react/dist/emotion-react.browser.esm.js
+
+
+
+
+
+
+
+
+
+
+
+var pkg = {
+  name: "@emotion/react",
+  version: "11.11.1",
+  main: "dist/emotion-react.cjs.js",
+  module: "dist/emotion-react.esm.js",
+  browser: {
+    "./dist/emotion-react.esm.js": "./dist/emotion-react.browser.esm.js"
+  },
+  exports: {
+    ".": {
+      module: {
+        worker: "./dist/emotion-react.worker.esm.js",
+        browser: "./dist/emotion-react.browser.esm.js",
+        "default": "./dist/emotion-react.esm.js"
+      },
+      "import": "./dist/emotion-react.cjs.mjs",
+      "default": "./dist/emotion-react.cjs.js"
+    },
+    "./jsx-runtime": {
+      module: {
+        worker: "./jsx-runtime/dist/emotion-react-jsx-runtime.worker.esm.js",
+        browser: "./jsx-runtime/dist/emotion-react-jsx-runtime.browser.esm.js",
+        "default": "./jsx-runtime/dist/emotion-react-jsx-runtime.esm.js"
+      },
+      "import": "./jsx-runtime/dist/emotion-react-jsx-runtime.cjs.mjs",
+      "default": "./jsx-runtime/dist/emotion-react-jsx-runtime.cjs.js"
+    },
+    "./_isolated-hnrs": {
+      module: {
+        worker: "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.worker.esm.js",
+        browser: "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.browser.esm.js",
+        "default": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.esm.js"
+      },
+      "import": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.cjs.mjs",
+      "default": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.cjs.js"
+    },
+    "./jsx-dev-runtime": {
+      module: {
+        worker: "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.worker.esm.js",
+        browser: "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.browser.esm.js",
+        "default": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.esm.js"
+      },
+      "import": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.cjs.mjs",
+      "default": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.cjs.js"
+    },
+    "./package.json": "./package.json",
+    "./types/css-prop": "./types/css-prop.d.ts",
+    "./macro": {
+      types: {
+        "import": "./macro.d.mts",
+        "default": "./macro.d.ts"
+      },
+      "default": "./macro.js"
+    }
+  },
+  types: "types/index.d.ts",
+  files: ["src", "dist", "jsx-runtime", "jsx-dev-runtime", "_isolated-hnrs", "types/*.d.ts", "macro.*"],
+  sideEffects: false,
+  author: "Emotion Contributors",
+  license: "MIT",
+  scripts: {
+    "test:typescript": "dtslint types"
+  },
+  dependencies: {
+    "@babel/runtime": "^7.18.3",
+    "@emotion/babel-plugin": "^11.11.0",
+    "@emotion/cache": "^11.11.0",
+    "@emotion/serialize": "^1.1.2",
+    "@emotion/use-insertion-effect-with-fallbacks": "^1.0.1",
+    "@emotion/utils": "^1.2.1",
+    "@emotion/weak-memoize": "^0.3.1",
+    "hoist-non-react-statics": "^3.3.1"
+  },
+  peerDependencies: {
+    react: ">=16.8.0"
+  },
+  peerDependenciesMeta: {
+    "@types/react": {
+      optional: true
+    }
+  },
+  devDependencies: {
+    "@definitelytyped/dtslint": "0.0.112",
+    "@emotion/css": "11.11.0",
+    "@emotion/css-prettifier": "1.1.3",
+    "@emotion/server": "11.11.0",
+    "@emotion/styled": "11.11.0",
+    "html-tag-names": "^1.1.2",
+    react: "16.14.0",
+    "svg-tag-names": "^1.1.1",
+    typescript: "^4.5.5"
+  },
+  repository: "https://github.com/emotion-js/emotion/tree/main/packages/react",
+  publishConfig: {
+    access: "public"
+  },
+  "umd:main": "dist/emotion-react.umd.min.js",
+  preconstruct: {
+    entrypoints: ["./index.js", "./jsx-runtime.js", "./jsx-dev-runtime.js", "./_isolated-hnrs.js"],
+    umdName: "emotionReact",
+    exports: {
+      envConditions: ["browser", "worker"],
+      extra: {
+        "./types/css-prop": "./types/css-prop.d.ts",
+        "./macro": {
+          types: {
+            "import": "./macro.d.mts",
+            "default": "./macro.d.ts"
+          },
+          "default": "./macro.js"
+        }
+      }
+    }
+  }
+};
+var jsx = function jsx(type, props) {
+  var args = arguments;
+  if (props == null || !hasOwnProperty.call(props, 'css')) {
+    // $FlowFixMe
+    return React.createElement.apply(undefined, args);
+  }
+  var argsLength = args.length;
+  var createElementArgArray = new Array(argsLength);
+  createElementArgArray[0] = Emotion;
+  createElementArgArray[1] = createEmotionProps(type, props);
+  for (var i = 2; i < argsLength; i++) {
+    createElementArgArray[i] = args[i];
+  } // $FlowFixMe
+
+  return React.createElement.apply(null, createElementArgArray);
+};
+var warnedAboutCssPropForGlobal = false; // maintain place over rerenders.
+// initial render from browser, insertBefore context.sheet.tags[0] or if a style hasn't been inserted there yet, appendChild
+// initial client-side render from SSR, use place of hydrating tag
+
+var Global = /* #__PURE__ */(/* unused pure expression or super */ null && (withEmotionCache(function (props, cache) {
+  if (false) {}
+  var styles = props.styles;
+  var serialized = serializeStyles([styles], undefined, React.useContext(ThemeContext));
+  if (!isBrowser$1) {
+    var _ref;
+    var serializedNames = serialized.name;
+    var serializedStyles = serialized.styles;
+    var next = serialized.next;
+    while (next !== undefined) {
+      serializedNames += ' ' + next.name;
+      serializedStyles += next.styles;
+      next = next.next;
+    }
+    var shouldCache = cache.compat === true;
+    var rules = cache.insert("", {
+      name: serializedNames,
+      styles: serializedStyles
+    }, cache.sheet, shouldCache);
+    if (shouldCache) {
+      return null;
+    }
+    return /*#__PURE__*/React.createElement("style", (_ref = {}, _ref["data-emotion"] = cache.key + "-global " + serializedNames, _ref.dangerouslySetInnerHTML = {
+      __html: rules
+    }, _ref.nonce = cache.sheet.nonce, _ref));
+  } // yes, i know these hooks are used conditionally
+  // but it is based on a constant that will never change at runtime
+  // it's effectively like having two implementations and switching them out
+  // so it's not actually breaking anything
+
+  var sheetRef = React.useRef();
+  useInsertionEffectWithLayoutFallback(function () {
+    var key = cache.key + "-global"; // use case of https://github.com/emotion-js/emotion/issues/2675
+
+    var sheet = new cache.sheet.constructor({
+      key: key,
+      nonce: cache.sheet.nonce,
+      container: cache.sheet.container,
+      speedy: cache.sheet.isSpeedy
+    });
+    var rehydrating = false; // $FlowFixMe
+
+    var node = document.querySelector("style[data-emotion=\"" + key + " " + serialized.name + "\"]");
+    if (cache.sheet.tags.length) {
+      sheet.before = cache.sheet.tags[0];
+    }
+    if (node !== null) {
+      rehydrating = true; // clear the hash so this node won't be recognizable as rehydratable by other <Global/>s
+
+      node.setAttribute('data-emotion', key);
+      sheet.hydrate([node]);
+    }
+    sheetRef.current = [sheet, rehydrating];
+    return function () {
+      sheet.flush();
+    };
+  }, [cache]);
+  useInsertionEffectWithLayoutFallback(function () {
+    var sheetRefCurrent = sheetRef.current;
+    var sheet = sheetRefCurrent[0],
+      rehydrating = sheetRefCurrent[1];
+    if (rehydrating) {
+      sheetRefCurrent[1] = false;
+      return;
+    }
+    if (serialized.next !== undefined) {
+      // insert keyframes
+      insertStyles(cache, serialized.next, true);
+    }
+    if (sheet.tags.length) {
+      // if this doesn't exist then it will be null so the style element will be appended
+      var element = sheet.tags[sheet.tags.length - 1].nextElementSibling;
+      sheet.before = element;
+      sheet.flush();
+    }
+    cache.insert("", serialized, sheet, false);
+  }, [cache, serialized.name]);
+  return null;
+})));
+if (false) {}
+function css() {
+  for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
+    args[_key] = arguments[_key];
+  }
+  return emotion_serialize_browser_esm_serializeStyles(args);
+}
+var keyframes = function keyframes() {
+  var insertable = css.apply(void 0, arguments);
+  var name = "animation-" + insertable.name; // $FlowFixMe
+
+  return {
+    name: name,
+    styles: "@keyframes " + name + "{" + insertable.styles + "}",
+    anim: 1,
+    toString: function toString() {
+      return "_EMO_" + this.name + "_" + this.styles + "_EMO_";
+    }
+  };
+};
+var classnames = function classnames(args) {
+  var len = args.length;
+  var i = 0;
+  var cls = '';
+  for (; i < len; i++) {
+    var arg = args[i];
+    if (arg == null) continue;
+    var toAdd = void 0;
+    switch (typeof arg) {
+      case 'boolean':
+        break;
+      case 'object':
+        {
+          if (Array.isArray(arg)) {
+            toAdd = classnames(arg);
+          } else {
+            if (false) {}
+            toAdd = '';
+            for (var k in arg) {
+              if (arg[k] && k) {
+                toAdd && (toAdd += ' ');
+                toAdd += k;
+              }
+            }
+          }
+          break;
+        }
+      default:
+        {
+          toAdd = arg;
+        }
+    }
+    if (toAdd) {
+      cls && (cls += ' ');
+      cls += toAdd;
+    }
+  }
+  return cls;
+};
+function emotion_react_browser_esm_merge(registered, css, className) {
+  var registeredStyles = [];
+  var rawClassName = getRegisteredStyles(registered, registeredStyles, className);
+  if (registeredStyles.length < 2) {
+    return className;
+  }
+  return rawClassName + css(registeredStyles);
+}
+var emotion_react_browser_esm_Insertion = function Insertion(_ref) {
+  var cache = _ref.cache,
+    serializedArr = _ref.serializedArr;
+  useInsertionEffectAlwaysWithSyncFallback(function () {
+    for (var i = 0; i < serializedArr.length; i++) {
+      insertStyles(cache, serializedArr[i], false);
+    }
+  });
+  return null;
+};
+var ClassNames = /* #__PURE__ */(/* unused pure expression or super */ null && (withEmotionCache(function (props, cache) {
+  var hasRendered = false;
+  var serializedArr = [];
+  var css = function css() {
+    if (hasRendered && "production" !== 'production') {}
+    for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
+      args[_key] = arguments[_key];
+    }
+    var serialized = serializeStyles(args, cache.registered);
+    serializedArr.push(serialized); // registration has to happen here as the result of this might get consumed by `cx`
+
+    registerStyles(cache, serialized, false);
+    return cache.key + "-" + serialized.name;
+  };
+  var cx = function cx() {
+    if (hasRendered && "production" !== 'production') {}
+    for (var _len2 = arguments.length, args = new Array(_len2), _key2 = 0; _key2 < _len2; _key2++) {
+      args[_key2] = arguments[_key2];
+    }
+    return emotion_react_browser_esm_merge(cache.registered, css, classnames(args));
+  };
+  var content = {
+    css: css,
+    cx: cx,
+    theme: React.useContext(ThemeContext)
+  };
+  var ele = props.children(content);
+  hasRendered = true;
+  return /*#__PURE__*/React.createElement(React.Fragment, null, /*#__PURE__*/React.createElement(emotion_react_browser_esm_Insertion, {
+    cache: cache,
+    serializedArr: serializedArr
+  }), ele);
+})));
+if (false) {}
+if (false) { var globalKey, globalContext, isTestEnv, emotion_react_browser_esm_isBrowser; }
+
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/Ripple.js
+
+
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+function Ripple(props) {
+  var className = props.className,
+    classes = props.classes,
+    _props$pulsate = props.pulsate,
+    pulsate = _props$pulsate === void 0 ? false : _props$pulsate,
+    rippleX = props.rippleX,
+    rippleY = props.rippleY,
+    rippleSize = props.rippleSize,
+    inProp = props.in,
+    onExited = props.onExited,
+    timeout = props.timeout;
+  var _React$useState = react.useState(false),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    leaving = _React$useState2[0],
+    setLeaving = _React$useState2[1];
+  var rippleClassName = clsx_m(className, classes.ripple, classes.rippleVisible, pulsate && classes.ripplePulsate);
+  var rippleStyles = {
+    width: rippleSize,
+    height: rippleSize,
+    top: -(rippleSize / 2) + rippleY,
+    left: -(rippleSize / 2) + rippleX
+  };
+  var childClassName = clsx_m(classes.child, leaving && classes.childLeaving, pulsate && classes.childPulsate);
+  if (!inProp && !leaving) {
+    setLeaving(true);
+  }
+  react.useEffect(function () {
+    if (!inProp && onExited != null) {
+      // react-transition-group#onExited
+      var timeoutId = setTimeout(onExited, timeout);
+      return function () {
+        clearTimeout(timeoutId);
+      };
+    }
+    return undefined;
+  }, [onExited, inProp, timeout]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)("span", {
+    className: rippleClassName,
+    style: rippleStyles,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)("span", {
+      className: childClassName
+    })
+  });
+}
+ false ? 0 : void 0;
+/* harmony default export */ var ButtonBase_Ripple = (Ripple);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/touchRippleClasses.js
+
+
+function getTouchRippleUtilityClass(slot) {
+  return generateUtilityClass('MuiTouchRipple', slot);
+}
+var touchRippleClasses = generateUtilityClasses('MuiTouchRipple', ['root', 'ripple', 'rippleVisible', 'ripplePulsate', 'child', 'childLeaving', 'childPulsate']);
+/* harmony default export */ var ButtonBase_touchRippleClasses = (touchRippleClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/TouchRipple.js
+
+
+
+var _templateObject, _templateObject2, _templateObject3, _templateObject4;
+
+
+var TouchRipple_excluded = ["center", "classes", "className"];
+var _ = function _(t) {
+    return t;
+  },
+  _t,
+  _t2,
+  _t3,
+  _t4;
+
+
+
+
+
+
+
+
+
+
+var DURATION = 550;
+var DELAY_RIPPLE = 80;
+var enterKeyframe = keyframes(_t || (_t = _(_templateObject || (_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: scale(0);\n    opacity: 0.1;\n  }\n\n  100% {\n    transform: scale(1);\n    opacity: 0.3;\n  }\n"])))));
+var exitKeyframe = keyframes(_t2 || (_t2 = _(_templateObject2 || (_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    opacity: 1;\n  }\n\n  100% {\n    opacity: 0;\n  }\n"])))));
+var pulsateKeyframe = keyframes(_t3 || (_t3 = _(_templateObject3 || (_templateObject3 = _taggedTemplateLiteral(["\n  0% {\n    transform: scale(1);\n  }\n\n  50% {\n    transform: scale(0.92);\n  }\n\n  100% {\n    transform: scale(1);\n  }\n"])))));
+var TouchRippleRoot = styles_styled('span', {
+  name: 'MuiTouchRipple',
+  slot: 'Root'
+})({
+  overflow: 'hidden',
+  pointerEvents: 'none',
+  position: 'absolute',
+  zIndex: 0,
+  top: 0,
+  right: 0,
+  bottom: 0,
+  left: 0,
+  borderRadius: 'inherit'
+});
+
+// This `styled()` function invokes keyframes. `styled-components` only supports keyframes
+// in string templates. Do not convert these styles in JS object as it will break.
+var TouchRippleRipple = styles_styled(ButtonBase_Ripple, {
+  name: 'MuiTouchRipple',
+  slot: 'Ripple'
+})(_t4 || (_t4 = _(_templateObject4 || (_templateObject4 = _taggedTemplateLiteral(["\n  opacity: 0;\n  position: absolute;\n\n  &.", " {\n    opacity: 0.3;\n    transform: scale(1);\n    animation-name: ", ";\n    animation-duration: ", "ms;\n    animation-timing-function: ", ";\n  }\n\n  &.", " {\n    animation-duration: ", "ms;\n  }\n\n  & .", " {\n    opacity: 1;\n    display: block;\n    width: 100%;\n    height: 100%;\n    border-radius: 50%;\n    background-color: currentColor;\n  }\n\n  & .", " {\n    opacity: 0;\n    animation-name: ", ";\n    animation-duration: ", "ms;\n    animation-timing-function: ", ";\n  }\n\n  & .", " {\n    position: absolute;\n    /* @noflip */\n    left: 0px;\n    top: 0;\n    animation-name: ", ";\n    animation-duration: 2500ms;\n    animation-timing-function: ", ";\n    animation-iteration-count: infinite;\n    animation-delay: 200ms;\n  }\n"])), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)), ButtonBase_touchRippleClasses.rippleVisible, enterKeyframe, DURATION, function (_ref) {
+  var theme = _ref.theme;
+  return theme.transitions.easing.easeInOut;
+}, ButtonBase_touchRippleClasses.ripplePulsate, function (_ref2) {
+  var theme = _ref2.theme;
+  return theme.transitions.duration.shorter;
+}, ButtonBase_touchRippleClasses.child, ButtonBase_touchRippleClasses.childLeaving, exitKeyframe, DURATION, function (_ref3) {
+  var theme = _ref3.theme;
+  return theme.transitions.easing.easeInOut;
+}, ButtonBase_touchRippleClasses.childPulsate, pulsateKeyframe, function (_ref4) {
+  var theme = _ref4.theme;
+  return theme.transitions.easing.easeInOut;
+});
+
+/**
+ * @ignore - internal component.
+ *
+ * TODO v5: Make private
+ */
+var TouchRipple = /*#__PURE__*/react.forwardRef(function TouchRipple(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTouchRipple'
+  });
+  var _props$center = props.center,
+    centerProp = _props$center === void 0 ? false : _props$center,
+    _props$classes = props.classes,
+    classes = _props$classes === void 0 ? {} : _props$classes,
+    className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TouchRipple_excluded);
+  var _React$useState = react.useState([]),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    ripples = _React$useState2[0],
+    setRipples = _React$useState2[1];
+  var nextKey = react.useRef(0);
+  var rippleCallback = react.useRef(null);
+  react.useEffect(function () {
+    if (rippleCallback.current) {
+      rippleCallback.current();
+      rippleCallback.current = null;
+    }
+  }, [ripples]);
+
+  // Used to filter out mouse emulated events on mobile.
+  var ignoringMouseDown = react.useRef(false);
+  // We use a timer in order to only show the ripples for touch "click" like events.
+  // We don't want to display the ripple for touch scroll events.
+  var startTimer = react.useRef(null);
+
+  // This is the hook called once the previous timeout is ready.
+  var startTimerCommit = react.useRef(null);
+  var container = react.useRef(null);
+  react.useEffect(function () {
+    return function () {
+      clearTimeout(startTimer.current);
+    };
+  }, []);
+  var startCommit = react.useCallback(function (params) {
+    var pulsate = params.pulsate,
+      rippleX = params.rippleX,
+      rippleY = params.rippleY,
+      rippleSize = params.rippleSize,
+      cb = params.cb;
+    setRipples(function (oldRipples) {
+      return [].concat(toConsumableArray_toConsumableArray(oldRipples), [/*#__PURE__*/(0,jsx_runtime.jsx)(TouchRippleRipple, {
+        classes: {
+          ripple: clsx_m(classes.ripple, ButtonBase_touchRippleClasses.ripple),
+          rippleVisible: clsx_m(classes.rippleVisible, ButtonBase_touchRippleClasses.rippleVisible),
+          ripplePulsate: clsx_m(classes.ripplePulsate, ButtonBase_touchRippleClasses.ripplePulsate),
+          child: clsx_m(classes.child, ButtonBase_touchRippleClasses.child),
+          childLeaving: clsx_m(classes.childLeaving, ButtonBase_touchRippleClasses.childLeaving),
+          childPulsate: clsx_m(classes.childPulsate, ButtonBase_touchRippleClasses.childPulsate)
+        },
+        timeout: DURATION,
+        pulsate: pulsate,
+        rippleX: rippleX,
+        rippleY: rippleY,
+        rippleSize: rippleSize
+      }, nextKey.current)]);
+    });
+    nextKey.current += 1;
+    rippleCallback.current = cb;
+  }, [classes]);
+  var start = react.useCallback(function () {
+    var event = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+    var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+    var cb = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : function () {};
+    var _options$pulsate = options.pulsate,
+      pulsate = _options$pulsate === void 0 ? false : _options$pulsate,
+      _options$center = options.center,
+      center = _options$center === void 0 ? centerProp || options.pulsate : _options$center,
+      _options$fakeElement = options.fakeElement,
+      fakeElement = _options$fakeElement === void 0 ? false : _options$fakeElement;
+    if ((event == null ? void 0 : event.type) === 'mousedown' && ignoringMouseDown.current) {
+      ignoringMouseDown.current = false;
+      return;
+    }
+    if ((event == null ? void 0 : event.type) === 'touchstart') {
+      ignoringMouseDown.current = true;
+    }
+    var element = fakeElement ? null : container.current;
+    var rect = element ? element.getBoundingClientRect() : {
+      width: 0,
+      height: 0,
+      left: 0,
+      top: 0
+    };
+
+    // Get the size of the ripple
+    var rippleX;
+    var rippleY;
+    var rippleSize;
+    if (center || event === undefined || event.clientX === 0 && event.clientY === 0 || !event.clientX && !event.touches) {
+      rippleX = Math.round(rect.width / 2);
+      rippleY = Math.round(rect.height / 2);
+    } else {
+      var _ref5 = event.touches && event.touches.length > 0 ? event.touches[0] : event,
+        clientX = _ref5.clientX,
+        clientY = _ref5.clientY;
+      rippleX = Math.round(clientX - rect.left);
+      rippleY = Math.round(clientY - rect.top);
+    }
+    if (center) {
+      rippleSize = Math.sqrt((2 * Math.pow(rect.width, 2) + Math.pow(rect.height, 2)) / 3);
+
+      // For some reason the animation is broken on Mobile Chrome if the size is even.
+      if (rippleSize % 2 === 0) {
+        rippleSize += 1;
+      }
+    } else {
+      var sizeX = Math.max(Math.abs((element ? element.clientWidth : 0) - rippleX), rippleX) * 2 + 2;
+      var sizeY = Math.max(Math.abs((element ? element.clientHeight : 0) - rippleY), rippleY) * 2 + 2;
+      rippleSize = Math.sqrt(Math.pow(sizeX, 2) + Math.pow(sizeY, 2));
+    }
+
+    // Touche devices
+    if (event != null && event.touches) {
+      // check that this isn't another touchstart due to multitouch
+      // otherwise we will only clear a single timer when unmounting while two
+      // are running
+      if (startTimerCommit.current === null) {
+        // Prepare the ripple effect.
+        startTimerCommit.current = function () {
+          startCommit({
+            pulsate: pulsate,
+            rippleX: rippleX,
+            rippleY: rippleY,
+            rippleSize: rippleSize,
+            cb: cb
+          });
+        };
+        // Delay the execution of the ripple effect.
+        startTimer.current = setTimeout(function () {
+          if (startTimerCommit.current) {
+            startTimerCommit.current();
+            startTimerCommit.current = null;
+          }
+        }, DELAY_RIPPLE); // We have to make a tradeoff with this value.
+      }
+    } else {
+      startCommit({
+        pulsate: pulsate,
+        rippleX: rippleX,
+        rippleY: rippleY,
+        rippleSize: rippleSize,
+        cb: cb
+      });
+    }
+  }, [centerProp, startCommit]);
+  var pulsate = react.useCallback(function () {
+    start({}, {
+      pulsate: true
+    });
+  }, [start]);
+  var stop = react.useCallback(function (event, cb) {
+    clearTimeout(startTimer.current);
+
+    // The touch interaction occurs too quickly.
+    // We still want to show ripple effect.
+    if ((event == null ? void 0 : event.type) === 'touchend' && startTimerCommit.current) {
+      startTimerCommit.current();
+      startTimerCommit.current = null;
+      startTimer.current = setTimeout(function () {
+        stop(event, cb);
+      });
+      return;
+    }
+    startTimerCommit.current = null;
+    setRipples(function (oldRipples) {
+      if (oldRipples.length > 0) {
+        return oldRipples.slice(1);
+      }
+      return oldRipples;
+    });
+    rippleCallback.current = cb;
+  }, []);
+  react.useImperativeHandle(ref, function () {
+    return {
+      pulsate: pulsate,
+      start: start,
+      stop: stop
+    };
+  }, [pulsate, start, stop]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TouchRippleRoot, extends_extends({
+    className: clsx_m(ButtonBase_touchRippleClasses.root, classes.root, className),
+    ref: container
+  }, other, {
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(esm_TransitionGroup, {
+      component: null,
+      exit: true,
+      children: ripples
+    })
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ButtonBase_TouchRipple = (TouchRipple);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/buttonBaseClasses.js
+
+
+function getButtonBaseUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiButtonBase', slot);
+}
+var buttonBaseClasses = generateUtilityClasses('MuiButtonBase', ['root', 'disabled', 'focusVisible']);
+/* harmony default export */ var ButtonBase_buttonBaseClasses = (buttonBaseClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/ButtonBase.js
+
+
+var _styled;
+
+
+var ButtonBase_excluded = ["action", "centerRipple", "children", "className", "component", "disabled", "disableRipple", "disableTouchRipple", "focusRipple", "focusVisibleClassName", "LinkComponent", "onBlur", "onClick", "onContextMenu", "onDragLeave", "onFocus", "onFocusVisible", "onKeyDown", "onKeyUp", "onMouseDown", "onMouseLeave", "onMouseUp", "onTouchEnd", "onTouchMove", "onTouchStart", "tabIndex", "TouchRippleProps", "touchRippleRef", "type"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var ButtonBase_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var disabled = ownerState.disabled,
+    focusVisible = ownerState.focusVisible,
+    focusVisibleClassName = ownerState.focusVisibleClassName,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', disabled && 'disabled', focusVisible && 'focusVisible']
+  };
+  var composedClasses = composeClasses(slots, getButtonBaseUtilityClass, classes);
+  if (focusVisible && focusVisibleClassName) {
+    composedClasses.root += " ".concat(focusVisibleClassName);
+  }
+  return composedClasses;
+};
+var ButtonBaseRoot = styles_styled('button', {
+  name: 'MuiButtonBase',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})((_styled = {
+  display: 'inline-flex',
+  alignItems: 'center',
+  justifyContent: 'center',
+  position: 'relative',
+  boxSizing: 'border-box',
+  WebkitTapHighlightColor: 'transparent',
+  backgroundColor: 'transparent',
+  // Reset default value
+  // We disable the focus ring for mouse, touch and keyboard users.
+  outline: 0,
+  border: 0,
+  margin: 0,
+  // Remove the margin in Safari
+  borderRadius: 0,
+  padding: 0,
+  // Remove the padding in Firefox
+  cursor: 'pointer',
+  userSelect: 'none',
+  verticalAlign: 'middle',
+  MozAppearance: 'none',
+  // Reset
+  WebkitAppearance: 'none',
+  // Reset
+  textDecoration: 'none',
+  // So we take precedent over the style of a native <a /> element.
+  color: 'inherit',
+  '&::-moz-focus-inner': {
+    borderStyle: 'none' // Remove Firefox dotted outline.
+  }
+}, defineProperty_defineProperty(_styled, "&.".concat(ButtonBase_buttonBaseClasses.disabled), {
+  pointerEvents: 'none',
+  // Disable link interactions
+  cursor: 'default'
+}), defineProperty_defineProperty(_styled, '@media print', {
+  colorAdjust: 'exact'
+}), _styled));
+
+/**
+ * `ButtonBase` contains as few styles as possible.
+ * It aims to be a simple building block for creating a button.
+ * It contains a load of style reset and some focus/ripple logic.
+ */
+var ButtonBase = /*#__PURE__*/react.forwardRef(function ButtonBase(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiButtonBase'
+  });
+  var action = props.action,
+    _props$centerRipple = props.centerRipple,
+    centerRipple = _props$centerRipple === void 0 ? false : _props$centerRipple,
+    children = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'button' : _props$component,
+    _props$disabled = props.disabled,
+    disabled = _props$disabled === void 0 ? false : _props$disabled,
+    _props$disableRipple = props.disableRipple,
+    disableRipple = _props$disableRipple === void 0 ? false : _props$disableRipple,
+    _props$disableTouchRi = props.disableTouchRipple,
+    disableTouchRipple = _props$disableTouchRi === void 0 ? false : _props$disableTouchRi,
+    _props$focusRipple = props.focusRipple,
+    focusRipple = _props$focusRipple === void 0 ? false : _props$focusRipple,
+    _props$LinkComponent = props.LinkComponent,
+    LinkComponent = _props$LinkComponent === void 0 ? 'a' : _props$LinkComponent,
+    onBlur = props.onBlur,
+    onClick = props.onClick,
+    onContextMenu = props.onContextMenu,
+    onDragLeave = props.onDragLeave,
+    onFocus = props.onFocus,
+    onFocusVisible = props.onFocusVisible,
+    onKeyDown = props.onKeyDown,
+    onKeyUp = props.onKeyUp,
+    onMouseDown = props.onMouseDown,
+    onMouseLeave = props.onMouseLeave,
+    onMouseUp = props.onMouseUp,
+    onTouchEnd = props.onTouchEnd,
+    onTouchMove = props.onTouchMove,
+    onTouchStart = props.onTouchStart,
+    _props$tabIndex = props.tabIndex,
+    tabIndex = _props$tabIndex === void 0 ? 0 : _props$tabIndex,
+    TouchRippleProps = props.TouchRippleProps,
+    touchRippleRef = props.touchRippleRef,
+    type = props.type,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ButtonBase_excluded);
+  var buttonRef = react.useRef(null);
+  var rippleRef = react.useRef(null);
+  var handleRippleRef = utils_useForkRef(rippleRef, touchRippleRef);
+  var _useIsFocusVisible = utils_useIsFocusVisible(),
+    isFocusVisibleRef = _useIsFocusVisible.isFocusVisibleRef,
+    handleFocusVisible = _useIsFocusVisible.onFocus,
+    handleBlurVisible = _useIsFocusVisible.onBlur,
+    focusVisibleRef = _useIsFocusVisible.ref;
+  var _React$useState = react.useState(false),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    focusVisible = _React$useState2[0],
+    setFocusVisible = _React$useState2[1];
+  if (disabled && focusVisible) {
+    setFocusVisible(false);
+  }
+  react.useImperativeHandle(action, function () {
+    return {
+      focusVisible: function focusVisible() {
+        setFocusVisible(true);
+        buttonRef.current.focus();
+      }
+    };
+  }, []);
+  var _React$useState3 = react.useState(false),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    mountedState = _React$useState4[0],
+    setMountedState = _React$useState4[1];
+  react.useEffect(function () {
+    setMountedState(true);
+  }, []);
+  var enableTouchRipple = mountedState && !disableRipple && !disabled;
+  react.useEffect(function () {
+    if (focusVisible && focusRipple && !disableRipple && mountedState) {
+      rippleRef.current.pulsate();
+    }
+  }, [disableRipple, focusRipple, focusVisible, mountedState]);
+  function useRippleHandler(rippleAction, eventCallback) {
+    var skipRippleAction = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : disableTouchRipple;
+    return utils_useEventCallback(function (event) {
+      if (eventCallback) {
+        eventCallback(event);
+      }
+      var ignore = skipRippleAction;
+      if (!ignore && rippleRef.current) {
+        rippleRef.current[rippleAction](event);
+      }
+      return true;
+    });
+  }
+  var handleMouseDown = useRippleHandler('start', onMouseDown);
+  var handleContextMenu = useRippleHandler('stop', onContextMenu);
+  var handleDragLeave = useRippleHandler('stop', onDragLeave);
+  var handleMouseUp = useRippleHandler('stop', onMouseUp);
+  var handleMouseLeave = useRippleHandler('stop', function (event) {
+    if (focusVisible) {
+      event.preventDefault();
+    }
+    if (onMouseLeave) {
+      onMouseLeave(event);
+    }
+  });
+  var handleTouchStart = useRippleHandler('start', onTouchStart);
+  var handleTouchEnd = useRippleHandler('stop', onTouchEnd);
+  var handleTouchMove = useRippleHandler('stop', onTouchMove);
+  var handleBlur = useRippleHandler('stop', function (event) {
+    handleBlurVisible(event);
+    if (isFocusVisibleRef.current === false) {
+      setFocusVisible(false);
+    }
+    if (onBlur) {
+      onBlur(event);
+    }
+  }, false);
+  var handleFocus = utils_useEventCallback(function (event) {
+    // Fix for https://github.com/facebook/react/issues/7769
+    if (!buttonRef.current) {
+      buttonRef.current = event.currentTarget;
+    }
+    handleFocusVisible(event);
+    if (isFocusVisibleRef.current === true) {
+      setFocusVisible(true);
+      if (onFocusVisible) {
+        onFocusVisible(event);
+      }
+    }
+    if (onFocus) {
+      onFocus(event);
+    }
+  });
+  var isNonNativeButton = function isNonNativeButton() {
+    var button = buttonRef.current;
+    return component && component !== 'button' && !(button.tagName === 'A' && button.href);
+  };
+
+  /**
+   * IE11 shim for https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/repeat
+   */
+  var keydownRef = react.useRef(false);
+  var handleKeyDown = utils_useEventCallback(function (event) {
+    // Check if key is already down to avoid repeats being counted as multiple activations
+    if (focusRipple && !keydownRef.current && focusVisible && rippleRef.current && event.key === ' ') {
+      keydownRef.current = true;
+      rippleRef.current.stop(event, function () {
+        rippleRef.current.start(event);
+      });
+    }
+    if (event.target === event.currentTarget && isNonNativeButton() && event.key === ' ') {
+      event.preventDefault();
+    }
+    if (onKeyDown) {
+      onKeyDown(event);
+    }
+
+    // Keyboard accessibility for non interactive elements
+    if (event.target === event.currentTarget && isNonNativeButton() && event.key === 'Enter' && !disabled) {
+      event.preventDefault();
+      if (onClick) {
+        onClick(event);
+      }
+    }
+  });
+  var handleKeyUp = utils_useEventCallback(function (event) {
+    // calling preventDefault in keyUp on a <button> will not dispatch a click event if Space is pressed
+    // https://codesandbox.io/s/button-keyup-preventdefault-dn7f0
+    if (focusRipple && event.key === ' ' && rippleRef.current && focusVisible && !event.defaultPrevented) {
+      keydownRef.current = false;
+      rippleRef.current.stop(event, function () {
+        rippleRef.current.pulsate(event);
+      });
+    }
+    if (onKeyUp) {
+      onKeyUp(event);
+    }
+
+    // Keyboard accessibility for non interactive elements
+    if (onClick && event.target === event.currentTarget && isNonNativeButton() && event.key === ' ' && !event.defaultPrevented) {
+      onClick(event);
+    }
+  });
+  var ComponentProp = component;
+  if (ComponentProp === 'button' && (other.href || other.to)) {
+    ComponentProp = LinkComponent;
+  }
+  var buttonProps = {};
+  if (ComponentProp === 'button') {
+    buttonProps.type = type === undefined ? 'button' : type;
+    buttonProps.disabled = disabled;
+  } else {
+    if (!other.href && !other.to) {
+      buttonProps.role = 'button';
+    }
+    if (disabled) {
+      buttonProps['aria-disabled'] = disabled;
+    }
+  }
+  var handleRef = utils_useForkRef(ref, focusVisibleRef, buttonRef);
+  if (false) {}
+  var ownerState = extends_extends({}, props, {
+    centerRipple: centerRipple,
+    component: component,
+    disabled: disabled,
+    disableRipple: disableRipple,
+    disableTouchRipple: disableTouchRipple,
+    focusRipple: focusRipple,
+    tabIndex: tabIndex,
+    focusVisible: focusVisible
+  });
+  var classes = ButtonBase_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(ButtonBaseRoot, extends_extends({
+    as: ComponentProp,
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    onBlur: handleBlur,
+    onClick: onClick,
+    onContextMenu: handleContextMenu,
+    onFocus: handleFocus,
+    onKeyDown: handleKeyDown,
+    onKeyUp: handleKeyUp,
+    onMouseDown: handleMouseDown,
+    onMouseLeave: handleMouseLeave,
+    onMouseUp: handleMouseUp,
+    onDragLeave: handleDragLeave,
+    onTouchEnd: handleTouchEnd,
+    onTouchMove: handleTouchMove,
+    onTouchStart: handleTouchStart,
+    ref: handleRef,
+    tabIndex: disabled ? -1 : tabIndex,
+    type: type
+  }, buttonProps, other, {
+    children: [children, enableTouchRipple ? /*#__PURE__*/
+    /* TouchRipple is only needed client-side, x2 boost on the server. */
+    (0,jsx_runtime.jsx)(ButtonBase_TouchRipple, extends_extends({
+      ref: handleRippleRef,
+      center: centerRipple
+    }, TouchRippleProps)) : null]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ButtonBase_ButtonBase = (ButtonBase);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/IconButton/iconButtonClasses.js
+
+
+function getIconButtonUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiIconButton', slot);
+}
+var iconButtonClasses = generateUtilityClasses('MuiIconButton', ['root', 'disabled', 'colorInherit', 'colorPrimary', 'colorSecondary', 'colorError', 'colorInfo', 'colorSuccess', 'colorWarning', 'edgeStart', 'edgeEnd', 'sizeSmall', 'sizeMedium', 'sizeLarge']);
+/* harmony default export */ var IconButton_iconButtonClasses = (iconButtonClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/IconButton/IconButton.js
+
+
+
+var IconButton_excluded = ["edge", "children", "className", "color", "disabled", "disableFocusRipple", "size"];
+
+
+
+
+
+
+
+
+
+
+
+
+var IconButton_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    disabled = ownerState.disabled,
+    color = ownerState.color,
+    edge = ownerState.edge,
+    size = ownerState.size;
+  var slots = {
+    root: ['root', disabled && 'disabled', color !== 'default' && "color".concat(utils_capitalize(color)), edge && "edge".concat(utils_capitalize(edge)), "size".concat(utils_capitalize(size))]
+  };
+  return composeClasses(slots, getIconButtonUtilityClass, classes);
+};
+var IconButtonRoot = styles_styled(ButtonBase_ButtonBase, {
+  name: 'MuiIconButton',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.color !== 'default' && styles["color".concat(utils_capitalize(ownerState.color))], ownerState.edge && styles["edge".concat(utils_capitalize(ownerState.edge))], styles["size".concat(utils_capitalize(ownerState.size))]];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    textAlign: 'center',
+    flex: '0 0 auto',
+    fontSize: theme.typography.pxToRem(24),
+    padding: 8,
+    borderRadius: '50%',
+    overflow: 'visible',
+    // Explicitly set the default value to solve a bug on IE11.
+    color: (theme.vars || theme).palette.action.active,
+    transition: theme.transitions.create('background-color', {
+      duration: theme.transitions.duration.shortest
+    })
+  }, !ownerState.disableRipple && {
+    '&:hover': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.action.activeChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(theme.palette.action.active, theme.palette.action.hoverOpacity),
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, ownerState.edge === 'start' && {
+    marginLeft: ownerState.size === 'small' ? -3 : -12
+  }, ownerState.edge === 'end' && {
+    marginRight: ownerState.size === 'small' ? -3 : -12
+  });
+}, function (_ref2) {
+  var theme = _ref2.theme,
+    ownerState = _ref2.ownerState;
+  var _palette;
+  var palette = (_palette = (theme.vars || theme).palette) == null ? void 0 : _palette[ownerState.color];
+  return extends_extends({}, ownerState.color === 'inherit' && {
+    color: 'inherit'
+  }, ownerState.color !== 'inherit' && ownerState.color !== 'default' && extends_extends({
+    color: palette == null ? void 0 : palette.main
+  }, !ownerState.disableRipple && {
+    '&:hover': extends_extends({}, palette && {
+      backgroundColor: theme.vars ? "rgba(".concat(palette.mainChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(palette.main, theme.palette.action.hoverOpacity)
+    }, {
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    })
+  }), ownerState.size === 'small' && {
+    padding: 5,
+    fontSize: theme.typography.pxToRem(18)
+  }, ownerState.size === 'large' && {
+    padding: 12,
+    fontSize: theme.typography.pxToRem(28)
+  }, defineProperty_defineProperty({}, "&.".concat(IconButton_iconButtonClasses.disabled), {
+    backgroundColor: 'transparent',
+    color: (theme.vars || theme).palette.action.disabled
+  }));
+});
+
+/**
+ * Refer to the [Icons](/material-ui/icons/) section of the documentation
+ * regarding the available icon options.
+ */
+var IconButton = /*#__PURE__*/react.forwardRef(function IconButton(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiIconButton'
+  });
+  var _props$edge = props.edge,
+    edge = _props$edge === void 0 ? false : _props$edge,
+    children = props.children,
+    className = props.className,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'default' : _props$color,
+    _props$disabled = props.disabled,
+    disabled = _props$disabled === void 0 ? false : _props$disabled,
+    _props$disableFocusRi = props.disableFocusRipple,
+    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 'medium' : _props$size,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, IconButton_excluded);
+  var ownerState = extends_extends({}, props, {
+    edge: edge,
+    color: color,
+    disabled: disabled,
+    disableFocusRipple: disableFocusRipple,
+    size: size
+  });
+  var classes = IconButton_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(IconButtonRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    centerRipple: true,
+    focusRipple: !disableFocusRipple,
+    disabled: disabled,
+    ref: ref,
+    ownerState: ownerState
+  }, other, {
+    children: children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var IconButton_IconButton = (IconButton);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/isMuiElement.js
+
+function isMuiElement(element, muiNames) {
+  return /*#__PURE__*/react.isValidElement(element) && muiNames.indexOf(element.type.muiName) !== -1;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/isMuiElement.js
+
+/* harmony default export */ var utils_isMuiElement = (isMuiElement);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useEnhancedEffect.js
+
+/* harmony default export */ var utils_useEnhancedEffect = (esm_useEnhancedEffect);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItem/listItemClasses.js
+
+
+function getListItemUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiListItem', slot);
+}
+var listItemClasses = generateUtilityClasses('MuiListItem', ['root', 'container', 'focusVisible', 'dense', 'alignItemsFlexStart', 'disabled', 'divider', 'gutters', 'padding', 'button', 'secondaryAction', 'selected']);
+/* harmony default export */ var ListItem_listItemClasses = (listItemClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemButton/listItemButtonClasses.js
+
+
+function getListItemButtonUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiListItemButton', slot);
+}
+var listItemButtonClasses = generateUtilityClasses('MuiListItemButton', ['root', 'focusVisible', 'dense', 'alignItemsFlexStart', 'disabled', 'divider', 'gutters', 'selected']);
+/* harmony default export */ var ListItemButton_listItemButtonClasses = (listItemButtonClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemSecondaryAction/listItemSecondaryActionClasses.js
+
+
+function getListItemSecondaryActionClassesUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiListItemSecondaryAction', slot);
+}
+var listItemSecondaryActionClasses = generateUtilityClasses('MuiListItemSecondaryAction', ['root', 'disableGutters']);
+/* harmony default export */ var ListItemSecondaryAction_listItemSecondaryActionClasses = ((/* unused pure expression or super */ null && (listItemSecondaryActionClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemSecondaryAction/ListItemSecondaryAction.js
+
+
+var ListItemSecondaryAction_excluded = ["className"];
+
+
+
+
+
+
+
+
+
+var ListItemSecondaryAction_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var disableGutters = ownerState.disableGutters,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', disableGutters && 'disableGutters']
+  };
+  return composeClasses(slots, getListItemSecondaryActionClassesUtilityClass, classes);
+};
+var ListItemSecondaryActionRoot = styles_styled('div', {
+  name: 'MuiListItemSecondaryAction',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.disableGutters && styles.disableGutters];
+  }
+})(function (_ref) {
+  var ownerState = _ref.ownerState;
+  return extends_extends({
+    position: 'absolute',
+    right: 16,
+    top: '50%',
+    transform: 'translateY(-50%)'
+  }, ownerState.disableGutters && {
+    right: 0
+  });
+});
+
+/**
+ * Must be used as the last child of ListItem to function properly.
+ */
+var ListItemSecondaryAction = /*#__PURE__*/react.forwardRef(function ListItemSecondaryAction(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiListItemSecondaryAction'
+  });
+  var className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemSecondaryAction_excluded);
+  var context = react.useContext(List_ListContext);
+  var ownerState = extends_extends({}, props, {
+    disableGutters: context.disableGutters
+  });
+  var classes = ListItemSecondaryAction_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemSecondaryActionRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    ref: ref
+  }, other));
+});
+ false ? 0 : void 0;
+ListItemSecondaryAction.muiName = 'ListItemSecondaryAction';
+/* harmony default export */ var ListItemSecondaryAction_ListItemSecondaryAction = (ListItemSecondaryAction);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItem/ListItem.js
+
+
+
+var ListItem_excluded = ["className"],
+  ListItem_excluded2 = ["alignItems", "autoFocus", "button", "children", "className", "component", "components", "componentsProps", "ContainerComponent", "ContainerProps", "dense", "disabled", "disableGutters", "disablePadding", "divider", "focusVisibleClassName", "secondaryAction", "selected", "slotProps", "slots"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var ListItem_overridesResolver = function overridesResolver(props, styles) {
+  var ownerState = props.ownerState;
+  return [styles.root, ownerState.dense && styles.dense, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters, !ownerState.disablePadding && styles.padding, ownerState.button && styles.button, ownerState.hasSecondaryAction && styles.secondaryAction];
+};
+var ListItem_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var alignItems = ownerState.alignItems,
+    button = ownerState.button,
+    classes = ownerState.classes,
+    dense = ownerState.dense,
+    disabled = ownerState.disabled,
+    disableGutters = ownerState.disableGutters,
+    disablePadding = ownerState.disablePadding,
+    divider = ownerState.divider,
+    hasSecondaryAction = ownerState.hasSecondaryAction,
+    selected = ownerState.selected;
+  var slots = {
+    root: ['root', dense && 'dense', !disableGutters && 'gutters', !disablePadding && 'padding', divider && 'divider', disabled && 'disabled', button && 'button', alignItems === 'flex-start' && 'alignItemsFlexStart', hasSecondaryAction && 'secondaryAction', selected && 'selected'],
+    container: ['container']
+  };
+  return composeClasses(slots, getListItemUtilityClass, classes);
+};
+var ListItemRoot = styles_styled('div', {
+  name: 'MuiListItem',
+  slot: 'Root',
+  overridesResolver: ListItem_overridesResolver
+})(function (_ref) {
+  var _extends2;
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    display: 'flex',
+    justifyContent: 'flex-start',
+    alignItems: 'center',
+    position: 'relative',
+    textDecoration: 'none',
+    width: '100%',
+    boxSizing: 'border-box',
+    textAlign: 'left'
+  }, !ownerState.disablePadding && extends_extends({
+    paddingTop: 8,
+    paddingBottom: 8
+  }, ownerState.dense && {
+    paddingTop: 4,
+    paddingBottom: 4
+  }, !ownerState.disableGutters && {
+    paddingLeft: 16,
+    paddingRight: 16
+  }, !!ownerState.secondaryAction && {
+    // Add some space to avoid collision as `ListItemSecondaryAction`
+    // is absolutely positioned.
+    paddingRight: 48
+  }), !!ownerState.secondaryAction && defineProperty_defineProperty({}, "& > .".concat(ListItemButton_listItemButtonClasses.root), {
+    paddingRight: 48
+  }), (_extends2 = {}, defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.focusVisible), {
+    backgroundColor: (theme.vars || theme).palette.action.focus
+  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.selected), defineProperty_defineProperty({
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+  }, "&.".concat(ListItem_listItemClasses.focusVisible), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
+  })), defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity
+  }), _extends2), ownerState.alignItems === 'flex-start' && {
+    alignItems: 'flex-start'
+  }, ownerState.divider && {
+    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
+    backgroundClip: 'padding-box'
+  }, ownerState.button && defineProperty_defineProperty({
+    transition: theme.transitions.create('background-color', {
+      duration: theme.transitions.duration.shortest
+    }),
+    '&:hover': {
+      textDecoration: 'none',
+      backgroundColor: (theme.vars || theme).palette.action.hover,
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, "&.".concat(ListItem_listItemClasses.selected, ":hover"), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
+    // Reset on touch devices, it doesn't add specificity
+    '@media (hover: none)': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+    }
+  }), ownerState.hasSecondaryAction && {
+    // Add some space to avoid collision as `ListItemSecondaryAction`
+    // is absolutely positioned.
+    paddingRight: 48
+  });
+});
+var ListItemContainer = styles_styled('li', {
+  name: 'MuiListItem',
+  slot: 'Container',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.container;
+  }
+})({
+  position: 'relative'
+});
+
+/**
+ * Uses an additional container component if `ListItemSecondaryAction` is the last child.
+ */
+var ListItem = /*#__PURE__*/react.forwardRef(function ListItem(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiListItem'
+  });
+  var _props$alignItems = props.alignItems,
+    alignItems = _props$alignItems === void 0 ? 'center' : _props$alignItems,
+    _props$autoFocus = props.autoFocus,
+    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
+    _props$button = props.button,
+    button = _props$button === void 0 ? false : _props$button,
+    childrenProp = props.children,
+    className = props.className,
+    componentProp = props.component,
+    _props$components = props.components,
+    components = _props$components === void 0 ? {} : _props$components,
+    _props$componentsProp = props.componentsProps,
+    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
+    _props$ContainerCompo = props.ContainerComponent,
+    ContainerComponent = _props$ContainerCompo === void 0 ? 'li' : _props$ContainerCompo,
+    _props$ContainerProps = props.ContainerProps,
+    _props$ContainerProps2 = _props$ContainerProps === void 0 ? {} : _props$ContainerProps,
+    ContainerClassName = _props$ContainerProps2.className,
+    _props$dense = props.dense,
+    dense = _props$dense === void 0 ? false : _props$dense,
+    _props$disabled = props.disabled,
+    disabled = _props$disabled === void 0 ? false : _props$disabled,
+    _props$disableGutters = props.disableGutters,
+    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
+    _props$disablePadding = props.disablePadding,
+    disablePadding = _props$disablePadding === void 0 ? false : _props$disablePadding,
+    _props$divider = props.divider,
+    divider = _props$divider === void 0 ? false : _props$divider,
+    focusVisibleClassName = props.focusVisibleClassName,
+    secondaryAction = props.secondaryAction,
+    _props$selected = props.selected,
+    selected = _props$selected === void 0 ? false : _props$selected,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    ContainerProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.ContainerProps, ListItem_excluded),
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItem_excluded2);
+  var context = react.useContext(List_ListContext);
+  var childContext = react.useMemo(function () {
+    return {
+      dense: dense || context.dense || false,
+      alignItems: alignItems,
+      disableGutters: disableGutters
+    };
+  }, [alignItems, context.dense, dense, disableGutters]);
+  var listItemRef = react.useRef(null);
+  utils_useEnhancedEffect(function () {
+    if (autoFocus) {
+      if (listItemRef.current) {
+        listItemRef.current.focus();
+      } else if (false) {}
+    }
+  }, [autoFocus]);
+  var children = react.Children.toArray(childrenProp);
+
+  // v4 implementation, deprecated in v5, will be removed in v6
+  var hasSecondaryAction = children.length && utils_isMuiElement(children[children.length - 1], ['ListItemSecondaryAction']);
+  var ownerState = extends_extends({}, props, {
+    alignItems: alignItems,
+    autoFocus: autoFocus,
+    button: button,
+    dense: childContext.dense,
+    disabled: disabled,
+    disableGutters: disableGutters,
+    disablePadding: disablePadding,
+    divider: divider,
+    hasSecondaryAction: hasSecondaryAction,
+    selected: selected
+  });
+  var classes = ListItem_useUtilityClasses(ownerState);
+  var handleRef = utils_useForkRef(listItemRef, ref);
+  var Root = slots.root || components.Root || ListItemRoot;
+  var rootProps = slotProps.root || componentsProps.root || {};
+  var componentProps = extends_extends({
+    className: clsx_m(classes.root, rootProps.className, className),
+    disabled: disabled
+  }, other);
+  var Component = componentProp || 'li';
+  if (button) {
+    componentProps.component = componentProp || 'div';
+    componentProps.focusVisibleClassName = clsx_m(ListItem_listItemClasses.focusVisible, focusVisibleClassName);
+    Component = ButtonBase_ButtonBase;
+  }
+
+  // v4 implementation, deprecated in v5, will be removed in v6
+  if (hasSecondaryAction) {
+    // Use div by default.
+    Component = !componentProps.component && !componentProp ? 'div' : Component;
+
+    // Avoid nesting of li > li.
+    if (ContainerComponent === 'li') {
+      if (Component === 'li') {
+        Component = 'div';
+      } else if (componentProps.component === 'li') {
+        componentProps.component = 'div';
+      }
+    }
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
+      value: childContext,
+      children: /*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemContainer, extends_extends({
+        as: ContainerComponent,
+        className: clsx_m(classes.container, ContainerClassName),
+        ref: handleRef,
+        ownerState: ownerState
+      }, ContainerProps, {
+        children: [/*#__PURE__*/(0,jsx_runtime.jsx)(Root, extends_extends({}, rootProps, !isHostComponent(Root) && {
+          as: Component,
+          ownerState: extends_extends({}, ownerState, rootProps.ownerState)
+        }, componentProps, {
+          children: children
+        })), children.pop()]
+      }))
+    });
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
+    value: childContext,
+    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(Root, extends_extends({}, rootProps, {
+      as: Component,
+      ref: handleRef
+    }, !isHostComponent(Root) && {
+      ownerState: extends_extends({}, ownerState, rootProps.ownerState)
+    }, componentProps, {
+      children: [children, secondaryAction && /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemSecondaryAction_ListItemSecondaryAction, {
+        children: secondaryAction
+      })]
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ListItem_ListItem = (ListItem);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemButton/ListItemButton.js
+
+
+
+var ListItemButton_excluded = ["alignItems", "autoFocus", "component", "children", "dense", "disableGutters", "divider", "focusVisibleClassName", "selected", "className"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+var ListItemButton_overridesResolver = function overridesResolver(props, styles) {
+  var ownerState = props.ownerState;
+  return [styles.root, ownerState.dense && styles.dense, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters];
+};
+var ListItemButton_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var alignItems = ownerState.alignItems,
+    classes = ownerState.classes,
+    dense = ownerState.dense,
+    disabled = ownerState.disabled,
+    disableGutters = ownerState.disableGutters,
+    divider = ownerState.divider,
+    selected = ownerState.selected;
+  var slots = {
+    root: ['root', dense && 'dense', !disableGutters && 'gutters', divider && 'divider', disabled && 'disabled', alignItems === 'flex-start' && 'alignItemsFlexStart', selected && 'selected']
+  };
+  var composedClasses = composeClasses(slots, getListItemButtonUtilityClass, classes);
+  return extends_extends({}, classes, composedClasses);
+};
+var ListItemButtonRoot = styles_styled(ButtonBase_ButtonBase, {
+  shouldForwardProp: function shouldForwardProp(prop) {
+    return rootShouldForwardProp(prop) || prop === 'classes';
+  },
+  name: 'MuiListItemButton',
+  slot: 'Root',
+  overridesResolver: ListItemButton_overridesResolver
+})(function (_ref) {
+  var _extends2;
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends((_extends2 = {
+    display: 'flex',
+    flexGrow: 1,
+    justifyContent: 'flex-start',
+    alignItems: 'center',
+    position: 'relative',
+    textDecoration: 'none',
+    minWidth: 0,
+    boxSizing: 'border-box',
+    textAlign: 'left',
+    paddingTop: 8,
+    paddingBottom: 8,
+    transition: theme.transitions.create('background-color', {
+      duration: theme.transitions.duration.shortest
+    }),
+    '&:hover': {
+      textDecoration: 'none',
+      backgroundColor: (theme.vars || theme).palette.action.hover,
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.selected), defineProperty_defineProperty({
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+  }, "&.".concat(ListItemButton_listItemButtonClasses.focusVisible), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
+  })), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.selected, ":hover"), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
+    // Reset on touch devices, it doesn't add specificity
+    '@media (hover: none)': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+    }
+  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.focusVisible), {
+    backgroundColor: (theme.vars || theme).palette.action.focus
+  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity
+  }), _extends2), ownerState.divider && {
+    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
+    backgroundClip: 'padding-box'
+  }, ownerState.alignItems === 'flex-start' && {
+    alignItems: 'flex-start'
+  }, !ownerState.disableGutters && {
+    paddingLeft: 16,
+    paddingRight: 16
+  }, ownerState.dense && {
+    paddingTop: 4,
+    paddingBottom: 4
+  });
+});
+var ListItemButton = /*#__PURE__*/react.forwardRef(function ListItemButton(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiListItemButton'
+  });
+  var _props$alignItems = props.alignItems,
+    alignItems = _props$alignItems === void 0 ? 'center' : _props$alignItems,
+    _props$autoFocus = props.autoFocus,
+    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    children = props.children,
+    _props$dense = props.dense,
+    dense = _props$dense === void 0 ? false : _props$dense,
+    _props$disableGutters = props.disableGutters,
+    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
+    _props$divider = props.divider,
+    divider = _props$divider === void 0 ? false : _props$divider,
+    focusVisibleClassName = props.focusVisibleClassName,
+    _props$selected = props.selected,
+    selected = _props$selected === void 0 ? false : _props$selected,
+    className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemButton_excluded);
+  var context = react.useContext(List_ListContext);
+  var childContext = react.useMemo(function () {
+    return {
+      dense: dense || context.dense || false,
+      alignItems: alignItems,
+      disableGutters: disableGutters
+    };
+  }, [alignItems, context.dense, dense, disableGutters]);
+  var listItemRef = react.useRef(null);
+  utils_useEnhancedEffect(function () {
+    if (autoFocus) {
+      if (listItemRef.current) {
+        listItemRef.current.focus();
+      } else if (false) {}
+    }
+  }, [autoFocus]);
+  var ownerState = extends_extends({}, props, {
+    alignItems: alignItems,
+    dense: childContext.dense,
+    disableGutters: disableGutters,
+    divider: divider,
+    selected: selected
+  });
+  var classes = ListItemButton_useUtilityClasses(ownerState);
+  var handleRef = utils_useForkRef(listItemRef, ref);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
+    value: childContext,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemButtonRoot, extends_extends({
+      ref: handleRef,
+      href: other.href || other.to
+      // `ButtonBase` processes `href` or `to` if `component` is set to 'button'
+      ,
+
+      component: (other.href || other.to) && component === 'div' ? 'button' : component,
+      focusVisibleClassName: clsx_m(classes.focusVisible, focusVisibleClassName),
+      ownerState: ownerState,
+      className: clsx_m(classes.root, className)
+    }, other, {
+      classes: classes,
+      children: children
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ListItemButton_ListItemButton = (ListItemButton);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemIcon/listItemIconClasses.js
+
+
+function getListItemIconUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiListItemIcon', slot);
+}
+var listItemIconClasses = generateUtilityClasses('MuiListItemIcon', ['root', 'alignItemsFlexStart']);
+/* harmony default export */ var ListItemIcon_listItemIconClasses = (listItemIconClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemIcon/ListItemIcon.js
+
+
+var ListItemIcon_excluded = ["className"];
+
+
+
+
+
+
+
+
+
+var ListItemIcon_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var alignItems = ownerState.alignItems,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', alignItems === 'flex-start' && 'alignItemsFlexStart']
+  };
+  return composeClasses(slots, getListItemIconUtilityClass, classes);
+};
+var ListItemIconRoot = styles_styled('div', {
+  name: 'MuiListItemIcon',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    minWidth: 56,
+    color: (theme.vars || theme).palette.action.active,
+    flexShrink: 0,
+    display: 'inline-flex'
+  }, ownerState.alignItems === 'flex-start' && {
+    marginTop: 8
+  });
+});
+
+/**
+ * A simple wrapper to apply `List` styles to an `Icon` or `SvgIcon`.
+ */
+var ListItemIcon = /*#__PURE__*/react.forwardRef(function ListItemIcon(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiListItemIcon'
+  });
+  var className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemIcon_excluded);
+  var context = react.useContext(List_ListContext);
+  var ownerState = extends_extends({}, props, {
+    alignItems: context.alignItems
+  });
+  var classes = ListItemIcon_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIconRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    ref: ref
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ListItemIcon_ListItemIcon = (ListItemIcon);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Typography/typographyClasses.js
+
+
+function getTypographyUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTypography', slot);
+}
+var typographyClasses = generateUtilityClasses('MuiTypography', ['root', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'subtitle1', 'subtitle2', 'body1', 'body2', 'inherit', 'button', 'caption', 'overline', 'alignLeft', 'alignRight', 'alignCenter', 'alignJustify', 'noWrap', 'gutterBottom', 'paragraph']);
+/* harmony default export */ var Typography_typographyClasses = ((/* unused pure expression or super */ null && (typographyClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Typography/Typography.js
+
+
+var Typography_excluded = ["align", "className", "component", "gutterBottom", "noWrap", "paragraph", "variant", "variantMapping"];
+
+
+
+
+
+
+
+
+
+
+var Typography_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var align = ownerState.align,
+    gutterBottom = ownerState.gutterBottom,
+    noWrap = ownerState.noWrap,
+    paragraph = ownerState.paragraph,
+    variant = ownerState.variant,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', variant, ownerState.align !== 'inherit' && "align".concat(utils_capitalize(align)), gutterBottom && 'gutterBottom', noWrap && 'noWrap', paragraph && 'paragraph']
+  };
+  return composeClasses(slots, getTypographyUtilityClass, classes);
+};
+var TypographyRoot = styles_styled('span', {
+  name: 'MuiTypography',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.variant && styles[ownerState.variant], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.noWrap && styles.noWrap, ownerState.gutterBottom && styles.gutterBottom, ownerState.paragraph && styles.paragraph];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    margin: 0
+  }, ownerState.variant && theme.typography[ownerState.variant], ownerState.align !== 'inherit' && {
+    textAlign: ownerState.align
+  }, ownerState.noWrap && {
+    overflow: 'hidden',
+    textOverflow: 'ellipsis',
+    whiteSpace: 'nowrap'
+  }, ownerState.gutterBottom && {
+    marginBottom: '0.35em'
+  }, ownerState.paragraph && {
+    marginBottom: 16
+  });
+});
+var defaultVariantMapping = {
+  h1: 'h1',
+  h2: 'h2',
+  h3: 'h3',
+  h4: 'h4',
+  h5: 'h5',
+  h6: 'h6',
+  subtitle1: 'h6',
+  subtitle2: 'h6',
+  body1: 'p',
+  body2: 'p',
+  inherit: 'p'
+};
+
+// TODO v6: deprecate these color values in v5.x and remove the transformation in v6
+var colorTransformations = {
+  primary: 'primary.main',
+  textPrimary: 'text.primary',
+  secondary: 'secondary.main',
+  textSecondary: 'text.secondary',
+  error: 'error.main'
+};
+var transformDeprecatedColors = function transformDeprecatedColors(color) {
+  return colorTransformations[color] || color;
+};
+var Typography = /*#__PURE__*/react.forwardRef(function Typography(inProps, ref) {
+  var themeProps = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTypography'
+  });
+  var color = transformDeprecatedColors(themeProps.color);
+  var props = extendSxProp(extends_extends({}, themeProps, {
+    color: color
+  }));
+  var _props$align = props.align,
+    align = _props$align === void 0 ? 'inherit' : _props$align,
+    className = props.className,
+    component = props.component,
+    _props$gutterBottom = props.gutterBottom,
+    gutterBottom = _props$gutterBottom === void 0 ? false : _props$gutterBottom,
+    _props$noWrap = props.noWrap,
+    noWrap = _props$noWrap === void 0 ? false : _props$noWrap,
+    _props$paragraph = props.paragraph,
+    paragraph = _props$paragraph === void 0 ? false : _props$paragraph,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'body1' : _props$variant,
+    _props$variantMapping = props.variantMapping,
+    variantMapping = _props$variantMapping === void 0 ? defaultVariantMapping : _props$variantMapping,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Typography_excluded);
+  var ownerState = extends_extends({}, props, {
+    align: align,
+    color: color,
+    className: className,
+    component: component,
+    gutterBottom: gutterBottom,
+    noWrap: noWrap,
+    paragraph: paragraph,
+    variant: variant,
+    variantMapping: variantMapping
+  });
+  var Component = component || (paragraph ? 'p' : variantMapping[variant] || defaultVariantMapping[variant]) || 'span';
+  var classes = Typography_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TypographyRoot, extends_extends({
+    as: Component,
+    ref: ref,
+    ownerState: ownerState,
+    className: clsx_m(classes.root, className)
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Typography_Typography = (Typography);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemText/listItemTextClasses.js
+
+
+function getListItemTextUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiListItemText', slot);
+}
+var listItemTextClasses = generateUtilityClasses('MuiListItemText', ['root', 'multiline', 'dense', 'inset', 'primary', 'secondary']);
+/* harmony default export */ var ListItemText_listItemTextClasses = (listItemTextClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemText/ListItemText.js
+
+
+
+var ListItemText_excluded = ["children", "className", "disableTypography", "inset", "primary", "primaryTypographyProps", "secondary", "secondaryTypographyProps"];
+
+
+
+
+
+
+
+
+
+
+
+var ListItemText_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    inset = ownerState.inset,
+    primary = ownerState.primary,
+    secondary = ownerState.secondary,
+    dense = ownerState.dense;
+  var slots = {
+    root: ['root', inset && 'inset', dense && 'dense', primary && secondary && 'multiline'],
+    primary: ['primary'],
+    secondary: ['secondary']
+  };
+  return composeClasses(slots, getListItemTextUtilityClass, classes);
+};
+var ListItemTextRoot = styles_styled('div', {
+  name: 'MuiListItemText',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [defineProperty_defineProperty({}, "& .".concat(ListItemText_listItemTextClasses.primary), styles.primary), defineProperty_defineProperty({}, "& .".concat(ListItemText_listItemTextClasses.secondary), styles.secondary), styles.root, ownerState.inset && styles.inset, ownerState.primary && ownerState.secondary && styles.multiline, ownerState.dense && styles.dense];
+  }
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState;
+  return extends_extends({
+    flex: '1 1 auto',
+    minWidth: 0,
+    marginTop: 4,
+    marginBottom: 4
+  }, ownerState.primary && ownerState.secondary && {
+    marginTop: 6,
+    marginBottom: 6
+  }, ownerState.inset && {
+    paddingLeft: 56
+  });
+});
+var ListItemText = /*#__PURE__*/react.forwardRef(function ListItemText(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiListItemText'
+  });
+  var children = props.children,
+    className = props.className,
+    _props$disableTypogra = props.disableTypography,
+    disableTypography = _props$disableTypogra === void 0 ? false : _props$disableTypogra,
+    _props$inset = props.inset,
+    inset = _props$inset === void 0 ? false : _props$inset,
+    primaryProp = props.primary,
+    primaryTypographyProps = props.primaryTypographyProps,
+    secondaryProp = props.secondary,
+    secondaryTypographyProps = props.secondaryTypographyProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemText_excluded);
+  var _React$useContext = react.useContext(List_ListContext),
+    dense = _React$useContext.dense;
+  var primary = primaryProp != null ? primaryProp : children;
+  var secondary = secondaryProp;
+  var ownerState = extends_extends({}, props, {
+    disableTypography: disableTypography,
+    inset: inset,
+    primary: !!primary,
+    secondary: !!secondary,
+    dense: dense
+  });
+  var classes = ListItemText_useUtilityClasses(ownerState);
+  if (primary != null && primary.type !== Typography_Typography && !disableTypography) {
+    primary = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
+      variant: dense ? 'body2' : 'body1',
+      className: classes.primary,
+      component: primaryTypographyProps != null && primaryTypographyProps.variant ? undefined : 'span',
+      display: "block"
+    }, primaryTypographyProps, {
+      children: primary
+    }));
+  }
+  if (secondary != null && secondary.type !== Typography_Typography && !disableTypography) {
+    secondary = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
+      variant: "body2",
+      className: classes.secondary,
+      color: "text.secondary",
+      display: "block"
+    }, secondaryTypographyProps, {
+      children: secondary
+    }));
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemTextRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    ref: ref
+  }, other, {
+    children: [primary, secondary]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var ListItemText_ListItemText = (ListItemText);
+;// CONCATENATED MODULE: ./src/icons/kluctl-text.svg
+var _path, _path2, _path3, _path4, _path5;
+var kluctl_text_excluded = ["title", "titleId"];
+function kluctl_text_extends() { kluctl_text_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return kluctl_text_extends.apply(this, arguments); }
+function _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = kluctl_text_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function kluctl_text_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgKluctlText(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = _objectWithoutProperties(_ref, kluctl_text_excluded);
+  return /*#__PURE__*/react.createElement("svg", kluctl_text_extends({
+    width: 115,
+    height: 34,
+    viewBox: "0 0 115 34",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, _path || (_path = /*#__PURE__*/react.createElement("path", {
+    d: "M21.3567 8.6323H15.5247L5.24968 20.068V0.715027H0.601793L0.580078 32.3833H5.24968V20.9476L15.1598 32.3833H21.3864L10.5556 20.5078L21.3567 8.6323Z",
+    fill: "#DFEBE9"
+  })), _path2 || (_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M30.3117 0.658997H25.7295V32.3832H30.3117V0.658997Z",
+    fill: "#DFEBE9"
+  })), _path3 || (_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M99.0875 0.626038H94.4833V8.63227H89.9453V12.3269H94.4833V23.0369C94.4833 24.3271 94.5017 25.4816 94.5382 26.5004C94.5745 27.5198 94.8487 28.5202 95.3602 29.5025C95.9307 30.602 96.7782 31.4084 97.904 31.9215C99.0292 32.4346 100.308 32.7132 101.741 32.7569C103.173 32.8012 104.634 32.6763 106.126 32.3832V28.4909C104.576 28.711 103.228 28.7587 102.08 28.6338C100.933 28.5097 100.096 27.9929 99.5702 27.0834C99.2922 26.5992 99.1422 26.0058 99.1203 25.3021C99.0986 24.5983 99.0875 23.7699 99.0875 22.817V12.3269H106.126V8.63227H99.0875V0.626038Z",
+    fill: "#DFEBE9"
+  })), _path4 || (_path4 = /*#__PURE__*/react.createElement("path", {
+    d: "M115 0.658997H110.418V32.3832H115V0.658997Z",
+    fill: "#DFEBE9"
+  })), _path5 || (_path5 = /*#__PURE__*/react.createElement("path", {
+    d: "M73.7264 13.3715C74.6907 12.6602 75.9255 12.3045 77.4312 12.3045C78.7611 12.3045 79.9418 12.6753 80.972 13.4156C82.0027 14.1561 82.7443 15.1934 83.1975 16.5274L87.7579 15.2079C87.173 12.9644 85.9631 11.1983 84.1294 9.90803C82.2948 8.61753 80.0842 7.97266 77.497 7.97266C75.0998 7.97266 73.0464 8.50762 71.3364 9.57813C69.9637 10.4373 68.8575 11.5712 67.9935 12.9542L67.9805 12.9381C67.9805 12.9381 67.4187 14.0115 65.7626 14.3945C63.735 14.6699 61.9015 14.6724 60.338 14.5518C56.7422 14.0069 56.1432 10.8942 56.0653 9.41572V8.63239H51.1944V20.9914C51.1944 22.3992 51.0374 23.5947 50.7231 24.5765C50.4089 25.5586 49.9775 26.3503 49.4294 26.9517C48.8814 27.5531 48.242 27.989 47.511 28.2602C46.7801 28.5313 46.0053 28.6668 45.187 28.6668C43.9298 28.6668 42.9105 28.4104 42.1289 27.8969C41.3465 27.3842 40.7398 26.7094 40.3089 25.8741C39.8778 25.0382 39.5852 24.133 39.432 23.1582C39.2786 22.1831 39.2015 21.2339 39.2015 20.31V8.63222H34.5537V21.8272C34.5537 22.5606 34.6197 23.4105 34.7511 24.3781C34.8827 25.3461 35.131 26.3356 35.4966 27.3471C35.8616 28.3585 36.3914 29.2933 37.0861 30.1511C37.7799 31.0089 38.6824 31.7017 39.7937 32.2296C40.9039 32.7572 42.2783 33.0212 43.9154 33.0212C46.0495 33.0212 47.8691 32.5595 49.3747 31.6356C50.3024 31.0662 51.0809 30.3419 51.7427 29.4967V32.3835H56.0652V28.6462C56.1408 28.356 56.5575 27.3818 58.6937 26.9386C60.3092 26.6526 62.3773 26.6059 64.8661 27.1592C66.1567 27.446 67.3572 28.0281 68.3534 28.8992C68.6908 29.1942 69.0568 29.5108 69.4466 29.9256C69.9915 30.4788 70.58 30.9879 71.2486 31.4155C72.9439 32.5005 75.005 33.0431 77.4312 33.0431C79.9746 33.0431 82.1376 32.4238 83.9211 31.185C85.7041 29.9464 86.9827 28.1686 87.7579 25.8522L83.1097 24.7524C82.6277 26.0277 81.929 27.0067 81.0161 27.6881C80.1023 28.3699 78.9077 28.7109 77.4312 28.7109C75.268 28.7109 73.6347 27.9559 72.5312 26.4456C71.4276 24.9359 70.8685 22.9564 70.8537 20.5077C70.8685 18.9248 71.1093 17.5168 71.5775 16.2854C72.0451 15.0537 72.7616 14.0828 73.7264 13.3716V13.3715ZM57.7252 16.4901C58.9563 16.713 60.4897 16.8913 62.2601 16.8913C63.1733 16.8913 64.1502 16.8419 65.1781 16.7292C65.2069 16.7288 65.2361 16.7286 65.2479 16.7323C65.3 16.7477 65.4005 16.8842 64.9001 17.1154C64.0336 17.3999 62.8489 17.5927 61.1866 17.5927C59.5703 17.5927 58.4663 17.2747 57.7076 16.8354C57.599 16.755 57.505 16.6605 57.5157 16.5645C57.523 16.4964 57.6248 16.4847 57.7252 16.4901ZM64.4437 18.773C63.8614 19.1512 63.043 19.4511 61.8643 19.5722C60.7181 19.6901 59.8992 19.4178 59.3115 18.9864C59.2255 18.905 59.1482 18.807 59.1448 18.6999C59.1425 18.6236 59.2133 18.6034 59.2849 18.602C60.1834 18.7596 61.2908 18.8457 62.5462 18.7168C63.1939 18.6504 63.8812 18.5246 64.5971 18.3246C64.6178 18.3221 64.6384 18.3198 64.6469 18.323C64.6857 18.336 64.7724 18.4803 64.4437 18.773ZM64.609 24.4077C62.1265 23.9443 60.0012 24.0187 58.2715 24.3321C57.963 24.3395 57.6685 24.2506 57.6685 24.072C57.6685 23.9635 57.7764 23.8511 57.8904 23.7583C59.2316 22.8996 60.9024 22.8218 61.5537 22.8218C62.9716 22.8218 64.0627 23.1248 64.9057 23.5785L64.9037 23.5814C64.9037 23.5814 65.3778 23.8821 65.3014 24.1038C65.2284 24.3156 65.0761 24.4636 64.609 24.4077Z",
+    fill: "#DFEBE9"
+  })));
+}
+var ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlText);
+/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.f97d4b1ffe2002c0802e2e1ad2044bab.svg");
+
+;// CONCATENATED MODULE: ./src/icons/git.svg
+var _defs;
+var git_excluded = ["title", "titleId"];
+function git_extends() { git_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return git_extends.apply(this, arguments); }
+function git_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = git_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function git_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgGit(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = git_objectWithoutProperties(_ref, git_excluded);
+  return /*#__PURE__*/react.createElement("svg", git_extends({
+    xmlns: "http://www.w3.org/2000/svg",
+    width: "92pt",
+    height: "92pt",
+    viewBox: "0 0 92 92",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, _defs || (_defs = /*#__PURE__*/react.createElement("defs", null, /*#__PURE__*/react.createElement("clipPath", {
+    id: "a"
+  }, /*#__PURE__*/react.createElement("path", {
+    d: "M0 .113h91.887V92H0Zm0 0"
+  })))), /*#__PURE__*/react.createElement("g", {
+    clipPath: "url(#a)"
+  }, /*#__PURE__*/react.createElement("path", {
+    style: {
+      stroke: "none",
+      fillRule: "nonzero",
+      fill: "#100f0d",
+      fillOpacity: 1
+    },
+    d: "M90.156 41.965 50.036 1.848a5.913 5.913 0 0 0-8.368 0l-8.332 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.043 7.043 0 0 1 1.673 7.277l10.183 10.184a7.026 7.026 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.045 7.045 0 0 1-9.961 0 7.038 7.038 0 0 1-1.532-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.034 7.034 0 0 1 2.308-1.539V33.926a7.001 7.001 0 0 1-2.308-1.535 7.049 7.049 0 0 1-1.516-7.7L29.242 14.273 1.734 41.777a5.918 5.918 0 0 0 0 8.371L41.855 90.27a5.92 5.92 0 0 0 8.368 0l39.933-39.934a5.925 5.925 0 0 0 0-8.371"
+  })));
+}
+var git_ForwardRef = /*#__PURE__*/react.forwardRef(SvgGit);
+/* harmony default export */ var git = (__webpack_require__.p + "static/media/git.svg?f=git.53474401b92b10a2c44571348999e714.svg");
+
+;// CONCATENATED MODULE: ./src/icons/kluctl-logo.svg
+var kluctl_logo_path;
+var kluctl_logo_excluded = ["title", "titleId"];
+function kluctl_logo_extends() { kluctl_logo_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return kluctl_logo_extends.apply(this, arguments); }
+function kluctl_logo_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = kluctl_logo_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function kluctl_logo_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgKluctlLogo(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = kluctl_logo_objectWithoutProperties(_ref, kluctl_logo_excluded);
+  return /*#__PURE__*/react.createElement("svg", kluctl_logo_extends({
+    width: 50,
+    height: 50,
+    viewBox: "0 0 50 50",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, kluctl_logo_path || (kluctl_logo_path = /*#__PURE__*/react.createElement("path", {
+    d: "M46.7332 26.4052C46.0197 26.1986 45.3021 26.1791 44.6273 26.3143C40.1777 27.2059 35.7653 26.6265 33.5223 26.1996C32.668 26.0371 32.0248 25.3551 31.8357 24.4893C31.8319 24.4715 31.8279 24.4537 31.8239 24.436C31.6286 23.5727 31.9102 22.6711 32.6102 22.1471C34.3592 20.8378 37.8933 18.5208 42.5714 17.1265C43.6436 16.807 44.6717 16.1731 45.348 14.9364C46.1321 13.5024 46.1337 11.7081 45.2978 10.3048C43.8559 7.88432 40.7234 7.37165 38.6256 9.07985C38.1033 9.50523 37.6946 10.0232 37.4152 10.5963C35.4318 14.6654 32.1773 17.8402 30.4251 19.3627C29.7657 19.9355 28.8472 20.0181 28.0689 19.6308C28.051 19.6219 28.0331 19.613 28.0151 19.6044C27.232 19.2231 26.7251 18.433 26.7576 17.5481C26.8442 15.1876 27.2649 10.5853 29.1204 6.46814C29.4038 5.83938 29.5368 5.12857 29.5035 4.38422C29.4022 2.12445 27.7819 0.317189 25.5829 0.0370233C22.8357 -0.312912 20.4973 1.86432 20.4973 4.59895C20.4973 5.19584 20.6062 5.7671 20.8115 6.28929C22.7863 11.31 23.2117 15.4036 23.2796 17.5351C23.3077 18.419 22.8057 19.2125 22.0219 19.5892C21.9999 19.5998 21.978 19.6104 21.9562 19.6212C21.1687 20.01 20.2406 19.9217 19.5806 19.3358C17.8015 17.7562 14.4785 14.4807 12.5671 10.5575C12.2668 9.94121 11.8059 9.3959 11.2193 8.95959C9.4356 7.63262 7.04863 7.78493 5.4589 9.34791C3.45317 11.32 3.65626 14.5622 5.75912 16.2739C6.28156 16.6992 6.86622 16.9947 7.47672 17.1412C11.7779 18.1734 15.5546 20.7301 17.405 22.1456C18.0968 22.6748 18.3791 23.5688 18.1836 24.4284C18.1785 24.4509 18.1735 24.4735 18.1686 24.4961C17.9809 25.3599 17.3395 26.0403 16.4879 26.2057C14.2279 26.6447 9.76967 27.2464 5.37869 26.3178C4.71301 26.177 4.00284 26.2017 3.29742 26.402C1.15778 27.0096 -0.204829 29.0318 0.0252425 31.2867C0.311237 34.0888 2.90587 35.9226 5.51253 35.3152C6.08264 35.1824 6.60713 34.9513 7.05713 34.6263C11.2753 31.5795 15.2102 30.2221 17.273 29.6688C18.1042 29.4458 18.9643 29.7814 19.4947 30.4718C19.5101 30.4918 19.5255 30.5118 19.5412 30.5316C20.0856 31.2249 20.2066 32.1641 19.7981 32.9487C18.7012 35.0562 16.3376 39.0611 12.9684 41.881C12.4465 42.3178 12.0276 42.8982 11.7414 43.5798C10.8712 45.652 11.5505 47.9942 13.3997 49.227C15.729 50.7799 18.7773 49.8557 19.9432 47.3837C20.2332 46.7691 20.3893 46.1216 20.3893 45.4814C20.3893 41.1352 22.0236 36.6994 22.9698 34.4954C23.3137 33.6943 24.0939 33.1964 24.9506 33.2071C25.0003 33.2077 25.0501 33.208 25.1 33.2077C25.9437 33.2034 26.7059 33.7107 27.0441 34.4998C27.9553 36.626 29.4957 40.8734 29.6206 45.527C29.6394 46.2262 29.8189 46.9332 30.1726 47.5951C31.2431 49.5983 33.4983 50.4903 35.6065 49.7314C38.1849 48.8031 39.3372 45.8348 38.1841 43.3913C37.9303 42.8536 37.5925 42.3836 37.1825 42.0077C33.2774 38.4272 31.1325 34.8537 30.1635 32.9437C29.7702 32.1683 29.9006 31.2417 30.4394 30.5635C30.4632 30.5336 30.4867 30.5034 30.5101 30.4731C31.0412 29.782 31.9028 29.446 32.7347 29.6705C34.7912 30.2255 38.7109 31.5834 42.95 34.6232C43.401 34.9467 43.9245 35.1791 44.4946 35.3119C46.9624 35.8865 49.419 34.2732 49.9162 31.7222C50.3669 29.4089 48.9558 27.0493 46.733 26.4054L46.7332 26.4052Z",
+    fill: "#59A588"
+  })));
+}
+var kluctl_logo_ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlLogo);
+/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.252d0acc30f14f58acd1b5faac05c17b.svg");
+
+;// CONCATENATED MODULE: ./src/icons/search.svg
+var search_path, search_path2;
+var search_excluded = ["title", "titleId"];
+function search_extends() { search_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return search_extends.apply(this, arguments); }
+function search_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = search_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function search_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgSearch(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = search_objectWithoutProperties(_ref, search_excluded);
+  return /*#__PURE__*/react.createElement("svg", search_extends({
+    width: 27,
+    height: 27,
+    viewBox: "0 0 27 27",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, search_path || (search_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M12.9375 23.625C18.84 23.625 23.625 18.84 23.625 12.9375C23.625 7.03496 18.84 2.25 12.9375 2.25C7.03496 2.25 2.25 7.03496 2.25 12.9375C2.25 18.84 7.03496 23.625 12.9375 23.625Z",
+    fill: "#39403E"
+  })), search_path2 || (search_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M23.9624 24.75C23.7599 24.75 23.5574 24.6713 23.4111 24.525L21.3186 22.4325C21.0149 22.1288 21.0149 21.6338 21.3186 21.3188C21.6224 21.015 22.1174 21.015 22.4324 21.3188L24.5249 23.4113C24.8286 23.715 24.8286 24.21 24.5249 24.525C24.3674 24.6713 24.1649 24.75 23.9624 24.75Z",
+    fill: "#39403E"
+  })));
+}
+var search_ForwardRef = /*#__PURE__*/react.forwardRef(SvgSearch);
+/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.10cfa92f61b9621ea7fe3d64cac12eee.svg");
+
+;// CONCATENATED MODULE: ./src/icons/targets.svg
+var _circle, targets_path, targets_path2, targets_path3;
+var targets_excluded = ["title", "titleId"];
+function targets_extends() { targets_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return targets_extends.apply(this, arguments); }
+function targets_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = targets_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function targets_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTargets(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = targets_objectWithoutProperties(_ref, targets_excluded);
+  return /*#__PURE__*/react.createElement("svg", targets_extends({
+    xmlns: "http://www.w3.org/2000/svg",
+    width: 48,
+    height: 48,
+    viewBox: "0 0 48 48",
+    fill: "none",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, _circle || (_circle = /*#__PURE__*/react.createElement("circle", {
+    cx: 24,
+    cy: 24,
+    r: 24,
+    fill: "#222222"
+  })), targets_path || (targets_path = /*#__PURE__*/react.createElement("path", {
+    d: "M14.9336 19.2H34.1336",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round"
+  })), targets_path2 || (targets_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.34,
+    d: "M14.9336 24.5334H34.1336",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round"
+  })), targets_path3 || (targets_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M14.9336 29.8667H34.1336",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round"
+  })));
+}
+var targets_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTargets);
+/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.2b39a3a176679d8e9ed00f0b3bfd3ba5.svg");
+
+;// CONCATENATED MODULE: ./src/icons/target.svg
+var _ellipse, target_path, target_path2;
+var target_excluded = ["title", "titleId"];
+function target_extends() { target_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return target_extends.apply(this, arguments); }
+function target_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = target_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function target_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTarget(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = target_objectWithoutProperties(_ref, target_excluded);
+  return /*#__PURE__*/react.createElement("svg", target_extends({
+    width: 45,
+    height: 45,
+    viewBox: "0 0 45 45",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, _ellipse || (_ellipse = /*#__PURE__*/react.createElement("ellipse", {
+    cx: 22.4911,
+    cy: 22.5,
+    rx: 22.4911,
+    ry: 22.5,
+    fill: "#39403E"
+  })), target_path || (target_path = /*#__PURE__*/react.createElement("path", {
+    d: "M32.9867 23V20C32.9867 15 30.9875 13 25.9895 13H19.9919C14.9938 13 12.9946 15 12.9946 20V26C12.9946 31 14.9938 33 19.9919 33H22.9907",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), target_path2 || (target_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M31.9473 28.84L30.3179 29.39C29.8681 29.54 29.5082 29.89 29.3583 30.35L28.8085 31.98C28.3387 33.39 26.3595 33.36 25.9196 31.95L24.0704 26C23.7105 24.82 24.8001 23.72 25.9696 24.09L31.9273 25.94C33.3267 26.38 33.3467 28.37 31.9473 28.84Z",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var target_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTarget);
+/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.1dd672dc23cacf59e90fbb277c9bdd9d.svg");
+
+;// CONCATENATED MODULE: ./src/icons/relation-hline.svg
+var relation_hline_path, relation_hline_circle, _circle2;
+var relation_hline_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
+function relation_hline_extends() { relation_hline_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return relation_hline_extends.apply(this, arguments); }
+function relation_hline_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = relation_hline_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function relation_hline_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgRelationHline(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = relation_hline_objectWithoutProperties(_ref, relation_hline_excluded);
+  return /*#__PURE__*/React.createElement("svg", relation_hline_extends({
+    width: 169,
+    height: 12,
+    viewBox: "0 0 169 12",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/React.createElement("title", {
+    id: titleId
+  }, title) : null, relation_hline_path || (relation_hline_path = /*#__PURE__*/React.createElement("path", {
+    d: "M6 6H163",
+    stroke: "#39403E",
+    strokeWidth: 2
+  })), relation_hline_circle || (relation_hline_circle = /*#__PURE__*/React.createElement("circle", {
+    cx: 6,
+    cy: 6,
+    r: 5,
+    fill: "#DFEBE9",
+    stroke: "#39403E",
+    strokeWidth: 2
+  })), _circle2 || (_circle2 = /*#__PURE__*/React.createElement("circle", {
+    cx: 163,
+    cy: 6,
+    r: 5,
+    fill: "#DFEBE9",
+    stroke: "#39403E",
+    strokeWidth: 2
+  })));
+}
+var relation_hline_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgRelationHline)));
+/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.91c9012405859f512c983b2985999ad7.svg");
+
+;// CONCATENATED MODULE: ./src/icons/project.svg
+var project_ellipse, project_path, project_path2;
+var project_excluded = ["title", "titleId"];
+function project_extends() { project_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return project_extends.apply(this, arguments); }
+function project_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = project_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function project_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgProject(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = project_objectWithoutProperties(_ref, project_excluded);
+  return /*#__PURE__*/react.createElement("svg", project_extends({
+    width: 45,
+    height: 45,
+    viewBox: "0 0 45 45",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, project_ellipse || (project_ellipse = /*#__PURE__*/react.createElement("ellipse", {
+    cx: 22.4911,
+    cy: 22.5,
+    rx: 22.4911,
+    ry: 22.5,
+    fill: "#39403E"
+  })), project_path || (project_path = /*#__PURE__*/react.createElement("path", {
+    d: "M19.9919 33H17.9927C13.9942 33 12.9946 32 12.9946 28V18C12.9946 14 13.9942 13 17.9927 13H19.4921C20.9915 13 21.3214 13.44 21.8911 14.2L23.3905 16.2C23.7704 16.7 23.9903 17 24.9899 17H27.9887C31.9871 17 32.9867 18 32.9867 22V24",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), project_path2 || (project_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M24.7501 29.32C22.401 29.49 22.401 32.89 24.7501 33.06H30.3079C30.9776 33.06 31.6374 32.81 32.1272 32.36C33.7765 30.92 32.8968 28.04 30.7277 27.77C29.948 23.08 23.1707 24.86 24.7701 29.33",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var project_ForwardRef = /*#__PURE__*/react.forwardRef(SvgProject);
+/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.66e77c7ad83b85f0325c2e0ffed64b8c.svg");
+
+;// CONCATENATED MODULE: ./src/icons/cpu.svg
+var cpu_path, cpu_path2, cpu_path3, cpu_path4, cpu_path5, _path6, _path7, _path8, _path9, _path10, _path11, _path12, _path13, _path14;
+var cpu_excluded = ["title", "titleId"];
+function cpu_extends() { cpu_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return cpu_extends.apply(this, arguments); }
+function cpu_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = cpu_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function cpu_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgCpu(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = cpu_objectWithoutProperties(_ref, cpu_excluded);
+  return /*#__PURE__*/react.createElement("svg", cpu_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, cpu_path || (cpu_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M15 4H9C6.24 4 4 6.24 4 9V15C4 17.76 6.24 20 9 20H15C17.76 20 20 17.76 20 15V9C20 6.24 17.76 4 15 4ZM17.26 14.26C17.26 15.92 15.92 17.26 14.26 17.26H9.74C8.08 17.26 6.74 15.92 6.74 14.26V9.74C6.74 8.08 8.08 6.74 9.74 6.74H14.25C15.91 6.74 17.25 8.08 17.25 9.74V14.26H17.26Z",
+    fill: "#39403E"
+  })), cpu_path2 || (cpu_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M9.06006 2.75V4H9.00006C8.50006 4 8.02006 4.07 7.56006 4.21V2.75C7.56006 2.34 7.89006 2 8.31006 2C8.72006 2 9.06006 2.34 9.06006 2.75Z",
+    fill: "#39403E"
+  })), cpu_path3 || (cpu_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M12.75 2.75V4H11.25V2.75C11.25 2.34 11.59 2 12 2C12.41 2 12.75 2.34 12.75 2.75Z",
+    fill: "#39403E"
+  })), cpu_path4 || (cpu_path4 = /*#__PURE__*/react.createElement("path", {
+    d: "M16.4502 2.75V4.21C15.9902 4.07 15.5002 4 15.0002 4H14.9502V2.75C14.9502 2.34 15.2902 2 15.7002 2C16.1102 2 16.4502 2.34 16.4502 2.75Z",
+    fill: "#39403E"
+  })), cpu_path5 || (cpu_path5 = /*#__PURE__*/react.createElement("path", {
+    d: "M22 8.3C22 8.72 21.67 9.05 21.25 9.05H20V9C20 8.5 19.93 8.01 19.79 7.55H21.25C21.67 7.55 22 7.89 22 8.3Z",
+    fill: "#39403E"
+  })), _path6 || (_path6 = /*#__PURE__*/react.createElement("path", {
+    d: "M22 12C22 12.41 21.67 12.75 21.25 12.75H20V11.25H21.25C21.67 11.25 22 11.58 22 12Z",
+    fill: "#39403E"
+  })), _path7 || (_path7 = /*#__PURE__*/react.createElement("path", {
+    d: "M22 15.7C22 16.11 21.67 16.45 21.25 16.45H19.79C19.93 15.99 20 15.5 20 15V14.95H21.25C21.67 14.95 22 15.28 22 15.7Z",
+    fill: "#39403E"
+  })), _path8 || (_path8 = /*#__PURE__*/react.createElement("path", {
+    d: "M16.4502 19.79V21.25C16.4502 21.66 16.1102 22 15.7002 22C15.2902 22 14.9502 21.66 14.9502 21.25V20H15.0002C15.5002 20 15.9902 19.93 16.4502 19.79Z",
+    fill: "#39403E"
+  })), _path9 || (_path9 = /*#__PURE__*/react.createElement("path", {
+    d: "M12.7598 20V21.25C12.7598 21.66 12.4198 22 12.0098 22C11.5898 22 11.2598 21.66 11.2598 21.25V20H12.7598Z",
+    fill: "#39403E"
+  })), _path10 || (_path10 = /*#__PURE__*/react.createElement("path", {
+    d: "M9.06006 20V21.25C9.06006 21.66 8.72006 22 8.31006 22C7.89006 22 7.56006 21.66 7.56006 21.25V19.79C8.02006 19.93 8.50006 20 9.00006 20H9.06006Z",
+    fill: "#39403E"
+  })), _path11 || (_path11 = /*#__PURE__*/react.createElement("path", {
+    d: "M4.21 7.55C4.07 8.01 4 8.5 4 9V9.05H2.75C2.34 9.05 2 8.72 2 8.3C2 7.89 2.34 7.55 2.75 7.55H4.21Z",
+    fill: "#39403E"
+  })), _path12 || (_path12 = /*#__PURE__*/react.createElement("path", {
+    d: "M4 11.25V12.75H2.75C2.34 12.75 2 12.41 2 12C2 11.58 2.34 11.25 2.75 11.25H4Z",
+    fill: "#39403E"
+  })), _path13 || (_path13 = /*#__PURE__*/react.createElement("path", {
+    d: "M4.21 16.45H2.75C2.34 16.45 2 16.11 2 15.7C2 15.28 2.34 14.95 2.75 14.95H4V15C4 15.5 4.07 15.99 4.21 16.45Z",
+    fill: "#39403E"
+  })), _path14 || (_path14 = /*#__PURE__*/react.createElement("path", {
+    d: "M17.2602 9.74001V14.25C17.2602 15.91 15.9202 17.25 14.2602 17.25H9.74023C8.08023 17.25 6.74023 15.91 6.74023 14.25V9.74001C6.74023 8.08001 8.08023 6.74001 9.74023 6.74001H14.2502C15.9102 6.74001 17.2602 8.09001 17.2602 9.74001Z",
+    fill: "#39403E"
+  })));
+}
+var cpu_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCpu);
+/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.a3fa0b9152cb81606a7da57c1b07cc85.svg");
+
+;// CONCATENATED MODULE: ./src/icons/finger-scan.svg
+var finger_scan_path, finger_scan_path2, finger_scan_path3, finger_scan_path4, finger_scan_path5, finger_scan_path6;
+var finger_scan_excluded = ["title", "titleId"];
+function finger_scan_extends() { finger_scan_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return finger_scan_extends.apply(this, arguments); }
+function finger_scan_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = finger_scan_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function finger_scan_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgFingerScan(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = finger_scan_objectWithoutProperties(_ref, finger_scan_excluded);
+  return /*#__PURE__*/react.createElement("svg", finger_scan_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, finger_scan_path || (finger_scan_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M12.0001 14.88C11.0901 14.88 10.3501 14.14 10.3501 13.23V10.76C10.3501 9.85001 11.0901 9.10999 12.0001 9.10999C12.9101 9.10999 13.6501 9.85001 13.6501 10.76V13.23C13.6501 14.14 12.9101 14.88 12.0001 14.88Z",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeLinecap: "round"
+  })), finger_scan_path2 || (finger_scan_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M16.98 13.47C16.78 16.05 14.62 18.07 12 18.07C9.24 18.07 7 15.83 7 13.07V10.93C7 8.16999 9.24 5.92999 12 5.92999C14.59 5.92999 16.72 7.89998 16.97 10.42",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeLinecap: "round"
+  })), finger_scan_path3 || (finger_scan_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M15 2H17C20 2 22 4 22 7V9",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), finger_scan_path4 || (finger_scan_path4 = /*#__PURE__*/react.createElement("path", {
+    d: "M2 9V7C2 4 4 2 7 2H9",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), finger_scan_path5 || (finger_scan_path5 = /*#__PURE__*/react.createElement("path", {
+    d: "M15 22H17C20 22 22 20 22 17V15",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), finger_scan_path6 || (finger_scan_path6 = /*#__PURE__*/react.createElement("path", {
+    d: "M2 15V17C2 20 4 22 7 22H9",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var finger_scan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFingerScan);
+/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.ab3c987f3fd693b908ef65df4c2cd433.svg");
+
+;// CONCATENATED MODULE: ./src/icons/tree-view.svg
+var tree_view_path, tree_view_path2, tree_view_path3, tree_view_path4, tree_view_path5;
+var tree_view_excluded = ["title", "titleId"];
+function tree_view_extends() { tree_view_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return tree_view_extends.apply(this, arguments); }
+function tree_view_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = tree_view_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function tree_view_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTreeView(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = tree_view_objectWithoutProperties(_ref, tree_view_excluded);
+  return /*#__PURE__*/react.createElement("svg", tree_view_extends({
+    width: 26,
+    height: 26,
+    viewBox: "0 0 26 26",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, tree_view_path || (tree_view_path = /*#__PURE__*/react.createElement("path", {
+    d: "M7.58317 8.66666H4.33317C3.1415 8.66666 2.1665 7.69166 2.1665 6.5V4.33333C2.1665 3.14166 3.1415 2.16666 4.33317 2.16666H7.58317C8.77484 2.16666 9.74984 3.14166 9.74984 4.33333V6.5C9.74984 7.69166 8.77484 8.66666 7.58317 8.66666Z",
+    fill: "#59A588"
+  })), tree_view_path2 || (tree_view_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M22.5335 7.58333H18.6335C17.9185 7.58333 17.3335 6.99832 17.3335 6.28332V4.55001C17.3335 3.83501 17.9185 3.25 18.6335 3.25H22.5335C23.2485 3.25 23.8335 3.83501 23.8335 4.55001V6.28332C23.8335 6.99832 23.2485 7.58333 22.5335 7.58333Z",
+    fill: "#59A588"
+  })), tree_view_path3 || (tree_view_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M22.5335 15.7083H18.6335C17.9185 15.7083 17.3335 15.1233 17.3335 14.4083V12.675C17.3335 11.96 17.9185 11.375 18.6335 11.375H22.5335C23.2485 11.375 23.8335 11.96 23.8335 12.675V14.4083C23.8335 15.1233 23.2485 15.7083 22.5335 15.7083Z",
+    fill: "#59A588"
+  })), tree_view_path4 || (tree_view_path4 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.37,
+    d: "M17.3333 14.3542C17.7775 14.3542 18.1458 13.9858 18.1458 13.5417C18.1458 13.0975 17.7775 12.7292 17.3333 12.7292H14.3542V6.22916H17.3333C17.7775 6.22916 18.1458 5.86083 18.1458 5.41666C18.1458 4.9725 17.7775 4.60416 17.3333 4.60416H9.75C9.30583 4.60416 8.9375 4.9725 8.9375 5.41666C8.9375 5.86083 9.30583 6.22916 9.75 6.22916H12.7292V19.5C12.7292 21.1467 14.0617 22.4792 15.7083 22.4792H17.3333C17.7775 22.4792 18.1458 22.1108 18.1458 21.6667C18.1458 21.2225 17.7775 20.8542 17.3333 20.8542H15.7083C14.9608 20.8542 14.3542 20.2475 14.3542 19.5V14.3542H17.3333Z",
+    fill: "#59A588"
+  })), tree_view_path5 || (tree_view_path5 = /*#__PURE__*/react.createElement("path", {
+    d: "M22.5335 23.8333H18.6335C17.9185 23.8333 17.3335 23.2483 17.3335 22.5333V20.8C17.3335 20.085 17.9185 19.5 18.6335 19.5H22.5335C23.2485 19.5 23.8335 20.085 23.8335 20.8V22.5333C23.8335 23.2483 23.2485 23.8333 22.5335 23.8333Z",
+    fill: "#59A588"
+  })));
+}
+var tree_view_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTreeView);
+/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.a2f07b1cebd3235db357cc2b6e4c8c0d.svg");
+
+;// CONCATENATED MODULE: ./src/icons/close.svg
+var close_path;
+var close_excluded = ["title", "titleId"];
+function close_extends() { close_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return close_extends.apply(this, arguments); }
+function close_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = close_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function close_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgClose(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = close_objectWithoutProperties(_ref, close_excluded);
+  return /*#__PURE__*/react.createElement("svg", close_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, close_path || (close_path = /*#__PURE__*/react.createElement("path", {
+    d: "M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z",
+    fill: "#DFEBE9"
+  })));
+}
+var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
+/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.76fdca7f91598011401cb97d4b490d52.svg");
+
+;// CONCATENATED MODULE: ./src/icons/deploy.svg
+var deploy_circle, deploy_path, _g;
+var deploy_excluded = ["title", "titleId"];
+function deploy_extends() { deploy_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return deploy_extends.apply(this, arguments); }
+function deploy_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = deploy_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function deploy_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgDeploy(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = deploy_objectWithoutProperties(_ref, deploy_excluded);
+  return /*#__PURE__*/react.createElement("svg", deploy_extends({
+    width: 45,
+    height: 45,
+    viewBox: "0 0 45 45",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, deploy_circle || (deploy_circle = /*#__PURE__*/react.createElement("circle", {
+    cx: 22.5,
+    cy: 22.5,
+    r: 22.5,
+    fill: "#39403E"
+  })), deploy_path || (deploy_path = /*#__PURE__*/react.createElement("path", {
+    d: "M18.1237 22.3313C14.9512 22.5563 14.9624 27.1688 18.1237 27.3938H25.6275C26.5387 27.405 27.4162 27.0563 28.0912 26.4488C30.3187 24.5025 29.1262 20.5988 26.2012 20.2275C25.155 13.8825 15.9862 16.29 18.1575 22.3313",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), _g || (_g = /*#__PURE__*/react.createElement("g", {
+    opacity: 0.4
+  }, /*#__PURE__*/react.createElement("path", {
+    d: "M11.25 25.875C11.25 30.2287 14.7713 33.75 19.125 33.75L17.9438 31.7812",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }), /*#__PURE__*/react.createElement("path", {
+    d: "M33.75 19.125C33.75 14.7713 30.2287 11.25 25.875 11.25L27.0562 13.2188",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }))));
+}
+var deploy_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDeploy);
+/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.2d28f597e81eb12910b9816b567b11ce.svg");
+
+;// CONCATENATED MODULE: ./src/icons/prune.svg
+var prune_circle, prune_path, prune_path2, prune_path3, prune_path4, prune_path5;
+var prune_excluded = ["title", "titleId"];
+function prune_extends() { prune_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return prune_extends.apply(this, arguments); }
+function prune_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = prune_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function prune_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgPrune(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = prune_objectWithoutProperties(_ref, prune_excluded);
+  return /*#__PURE__*/react.createElement("svg", prune_extends({
+    width: 45,
+    height: 45,
+    viewBox: "0 0 45 45",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, prune_circle || (prune_circle = /*#__PURE__*/react.createElement("circle", {
+    cx: 22.5,
+    cy: 22.5,
+    r: 22.5,
+    fill: "#39403E"
+  })), prune_path || (prune_path = /*#__PURE__*/react.createElement("path", {
+    d: "M32 15.98C28.67 15.65 25.32 15.48 21.98 15.48C20 15.48 18.02 15.58 16.04 15.78L14 15.98",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), prune_path2 || (prune_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.34,
+    d: "M19.5 14.97L19.72 13.66C19.88 12.71 20 12 21.69 12H24.31C26 12 26.13 12.75 26.28 13.67L26.5 14.97",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), prune_path3 || (prune_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M29.8499 19.14L29.1999 29.21C29.0899 30.78 28.9999 32 26.2099 32H19.7899C16.9999 32 16.9099 30.78 16.7999 29.21L16.1499 19.14",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), prune_path4 || (prune_path4 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.34,
+    d: "M21.3301 26.5H24.6601",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), prune_path5 || (prune_path5 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.34,
+    d: "M20.5 22.5H25.5",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var prune_ForwardRef = /*#__PURE__*/react.forwardRef(SvgPrune);
+/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.a5f592f5851c37276e764af73b2a8a56.svg");
+
+;// CONCATENATED MODULE: ./src/icons/diff.svg
+var diff_circle, diff_g, diff_path;
+var diff_excluded = ["title", "titleId"];
+function diff_extends() { diff_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return diff_extends.apply(this, arguments); }
+function diff_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = diff_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function diff_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgDiff(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = diff_objectWithoutProperties(_ref, diff_excluded);
+  return /*#__PURE__*/react.createElement("svg", diff_extends({
+    width: 45,
+    height: 45,
+    viewBox: "0 0 45 45",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, diff_circle || (diff_circle = /*#__PURE__*/react.createElement("circle", {
+    cx: 22.5,
+    cy: 22.5,
+    r: 22.5,
+    fill: "#39403E"
+  })), diff_g || (diff_g = /*#__PURE__*/react.createElement("g", {
+    opacity: 0.4
+  }, /*#__PURE__*/react.createElement("path", {
+    d: "M19 22H27",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }), /*#__PURE__*/react.createElement("path", {
+    d: "M23 26V18",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }))), diff_path || (diff_path = /*#__PURE__*/react.createElement("path", {
+    d: "M20 32H26C31 32 33 30 33 25V19C33 14 31 12 26 12H20C15 12 13 14 13 19V25C13 30 15 32 20 32Z",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var diff_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDiff);
+/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.37d81f4e01925715c51f42684bf21554.svg");
+
+;// CONCATENATED MODULE: ./src/icons/warning.svg
+var warning_path, warning_path2, warning_path3;
+var warning_excluded = ["title", "titleId"];
+function warning_extends() { warning_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return warning_extends.apply(this, arguments); }
+function warning_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = warning_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function warning_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgWarning(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = warning_objectWithoutProperties(_ref, warning_excluded);
+  return /*#__PURE__*/react.createElement("svg", warning_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, warning_path || (warning_path = /*#__PURE__*/react.createElement("path", {
+    d: "M21.0802 8.58003V15.42C21.0802 16.54 20.4802 17.58 19.5102 18.15L13.5702 21.58C12.6002 22.14 11.4002 22.14 10.4202 21.58L4.48016 18.15C3.51016 17.59 2.91016 16.55 2.91016 15.42V8.58003C2.91016 7.46003 3.51016 6.41999 4.48016 5.84999L10.4202 2.42C11.3902 1.86 12.5902 1.86 13.5702 2.42L19.5102 5.84999C20.4802 6.41999 21.0802 7.45003 21.0802 8.58003Z",
+    fill: "#ed6c02"
+  })), warning_path2 || (warning_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M12 13.75C11.59 13.75 11.25 13.41 11.25 13V7.75C11.25 7.34 11.59 7 12 7C12.41 7 12.75 7.34 12.75 7.75V13C12.75 13.41 12.41 13.75 12 13.75Z",
+    fill: "#DFEBE9"
+  })), warning_path3 || (warning_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M12 17.25C11.87 17.25 11.74 17.22 11.62 17.17C11.49 17.12 11.39 17.05 11.29 16.96C11.2 16.86 11.13 16.75 11.07 16.63C11.02 16.51 11 16.38 11 16.25C11 15.99 11.1 15.73 11.29 15.54C11.39 15.45 11.49 15.38 11.62 15.33C11.99 15.17 12.43 15.26 12.71 15.54C12.8 15.64 12.87 15.74 12.92 15.87C12.97 15.99 13 16.12 13 16.25C13 16.38 12.97 16.51 12.92 16.63C12.87 16.75 12.8 16.86 12.71 16.96C12.52 17.15 12.27 17.25 12 17.25Z",
+    fill: "#DFEBE9"
+  })));
+}
+var warning_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarning);
+/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.dd1c59340347be553c83108e04d6be04.svg");
+
+;// CONCATENATED MODULE: ./src/icons/error.svg
+var error_path, error_path2;
+var error_excluded = ["title", "titleId"];
+function error_extends() { error_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return error_extends.apply(this, arguments); }
+function error_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = error_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function error_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgError(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = error_objectWithoutProperties(_ref, error_excluded);
+  return /*#__PURE__*/react.createElement("svg", error_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, error_path || (error_path = /*#__PURE__*/react.createElement("path", {
+    d: "M14.9 2H9.10001C8.42001 2 7.46 2.4 6.98 2.88L2.88 6.98001C2.4 7.46001 2 8.42001 2 9.10001V14.9C2 15.58 2.4 16.54 2.88 17.02L6.98 21.12C7.46 21.6 8.42001 22 9.10001 22H14.9C15.58 22 16.54 21.6 17.02 21.12L21.12 17.02C21.6 16.54 22 15.58 22 14.9V9.10001C22 8.42001 21.6 7.46001 21.12 6.98001L17.02 2.88C16.54 2.4 15.58 2 14.9 2Z",
+    fill: "#d32f2f"
+  })), error_path2 || (error_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M13.0599 12L16.0299 9.03C16.3199 8.74 16.3199 8.26 16.0299 7.97C15.7399 7.68 15.2599 7.68 14.9699 7.97L11.9999 10.94L9.02994 7.97C8.73994 7.68 8.25994 7.68 7.96994 7.97C7.67994 8.26 7.67994 8.74 7.96994 9.03L10.9399 12L7.96994 14.97C7.67994 15.26 7.67994 15.74 7.96994 16.03C8.11994 16.18 8.30994 16.25 8.49994 16.25C8.68994 16.25 8.87994 16.18 9.02994 16.03L11.9999 13.06L14.9699 16.03C15.1199 16.18 15.3099 16.25 15.4999 16.25C15.6899 16.25 15.8799 16.18 16.0299 16.03C16.3199 15.74 16.3199 15.26 16.0299 14.97L13.0599 12Z",
+    fill: "#DFEBE9"
+  })));
+}
+var error_ForwardRef = /*#__PURE__*/react.forwardRef(SvgError);
+/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.c59bc8c7d7f86a588a16bc6ec27d448a.svg");
+
+;// CONCATENATED MODULE: ./src/icons/trash.svg
+var trash_path, trash_path2, trash_path3, trash_path4;
+var trash_excluded = ["title", "titleId"];
+function trash_extends() { trash_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return trash_extends.apply(this, arguments); }
+function trash_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = trash_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function trash_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTrash(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = trash_objectWithoutProperties(_ref, trash_excluded);
+  return /*#__PURE__*/react.createElement("svg", trash_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, trash_path || (trash_path = /*#__PURE__*/react.createElement("path", {
+    d: "M21.0702 5.23C19.4602 5.07 17.8502 4.95 16.2302 4.86V4.85L16.0102 3.55C15.8602 2.63 15.6402 1.25 13.3002 1.25H10.6802C8.35016 1.25 8.13016 2.57 7.97016 3.54L7.76016 4.82C6.83016 4.88 5.90016 4.94 4.97016 5.03L2.93016 5.23C2.51016 5.27 2.21016 5.64 2.25016 6.05C2.29016 6.46 2.65016 6.76 3.07016 6.72L5.11016 6.52C10.3502 6 15.6302 6.2 20.9302 6.73C20.9602 6.73 20.9802 6.73 21.0102 6.73C21.3902 6.73 21.7202 6.44 21.7602 6.05C21.7902 5.64 21.4902 5.27 21.0702 5.23Z",
+    fill: "#39403E"
+  })), trash_path2 || (trash_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.3991,
+    d: "M19.2302 8.14C18.9902 7.89 18.6602 7.75 18.3202 7.75H5.68024C5.34024 7.75 5.00024 7.89 4.77024 8.14C4.54024 8.39 4.41024 8.73 4.43024 9.08L5.05024 19.34C5.16024 20.86 5.30024 22.76 8.79024 22.76H15.2102C18.7002 22.76 18.8402 20.87 18.9502 19.34L19.5702 9.09C19.5902 8.73 19.4602 8.39 19.2302 8.14Z",
+    fill: "#39403E"
+  })), trash_path3 || (trash_path3 = /*#__PURE__*/react.createElement("path", {
+    fillRule: "evenodd",
+    clipRule: "evenodd",
+    d: "M9.58008 17C9.58008 16.5858 9.91586 16.25 10.3301 16.25H13.6601C14.0743 16.25 14.4101 16.5858 14.4101 17C14.4101 17.4142 14.0743 17.75 13.6601 17.75H10.3301C9.91586 17.75 9.58008 17.4142 9.58008 17Z",
+    fill: "#39403E"
+  })), trash_path4 || (trash_path4 = /*#__PURE__*/react.createElement("path", {
+    fillRule: "evenodd",
+    clipRule: "evenodd",
+    d: "M8.75 13C8.75 12.5858 9.08579 12.25 9.5 12.25H14.5C14.9142 12.25 15.25 12.5858 15.25 13C15.25 13.4142 14.9142 13.75 14.5 13.75H9.5C9.08579 13.75 8.75 13.4142 8.75 13Z",
+    fill: "#39403E"
+  })));
+}
+var trash_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTrash);
+/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.b782f36f610aae639750393e0793c538.svg");
+
+;// CONCATENATED MODULE: ./src/icons/orphan.svg
+var orphan_path, orphan_path2, orphan_path3, orphan_path4;
+var orphan_excluded = ["title", "titleId"];
+function orphan_extends() { orphan_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return orphan_extends.apply(this, arguments); }
+function orphan_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = orphan_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function orphan_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgOrphan(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = orphan_objectWithoutProperties(_ref, orphan_excluded);
+  return /*#__PURE__*/react.createElement("svg", orphan_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, orphan_path || (orphan_path = /*#__PURE__*/react.createElement("path", {
+    d: "M3.13 16.7114C3.28 16.8614 3.47 16.9314 3.66 16.9314C3.85 16.9314 4.03999 16.8614 4.17999 16.7214C4.46999 16.4314 4.46999 15.9514 4.17999 15.6614C3.08999 14.5714 2.49001 13.1214 2.49001 11.5914C2.49001 8.41143 5.07001 5.82141 8.24001 5.82141L16.19 5.84143C16.5 5.84143 16.78 5.6514 16.89 5.3714C17 5.0914 17 4.5 16.19 4.3114H8.25C4.25 4.3114 1 7.57142 1 11.5814C1 13.5114 1.76 15.3314 3.13 16.7114Z",
+    fill: "#39403E"
+  })), orphan_path2 || (orphan_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M7.30984 19.1613H9.18985L15.2598 19.1814C19.2598 19.1814 22.5098 15.9213 22.5098 11.9113C22.5098 9.98135 21.7498 8.1614 20.3798 6.7814C20.0898 6.4914 19.6099 6.4914 19.3199 6.7814C19.0299 7.0714 19.0299 7.5514 19.3199 7.8414C20.4099 8.9314 21.0098 10.3813 21.0098 11.9113C21.0098 15.0913 18.4298 17.6814 15.2598 17.6814L7.30984 17.6613C6.99984 17.6613 6.71984 17.8514 6.60984 18.1314C6.49984 18.4114 6.49994 18.9999 7.30984 19.1613Z",
+    fill: "#39403E"
+  })), orphan_path3 || (orphan_path3 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M8.5 15H14.5C16.43 15 18 13.6457 18 12C18 10.3543 16.43 9 14.5 9H8.5C6.57 9 5 10.3543 5 12C5 13.6457 6.57 15 8.5 15Z",
+    fill: "#39403E"
+  })), orphan_path4 || (orphan_path4 = /*#__PURE__*/react.createElement("path", {
+    d: "M21 3L3 20",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var orphan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgOrphan);
+/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.6fde4d55f3fb9bbd2738b0b61fcee146.svg");
+
+;// CONCATENATED MODULE: ./src/icons/added.svg
+var added_path, added_path2;
+var added_excluded = ["title", "titleId"];
+function added_extends() { added_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return added_extends.apply(this, arguments); }
+function added_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = added_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function added_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgAdded(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = added_objectWithoutProperties(_ref, added_excluded);
+  return /*#__PURE__*/react.createElement("svg", added_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, added_path || (added_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M21.74 9.44H2V6.42C2 3.98 3.98 2 6.42 2H8.75C10.38 2 10.89 2.53 11.54 3.4L12.94 5.26C13.25 5.67 13.29 5.73 13.87 5.73H16.66C19.03 5.72 21.05 7.28 21.74 9.44Z",
+    fill: "#39403E"
+  })), added_path2 || (added_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M21.99 10.84C21.97 10.35 21.89 9.89 21.74 9.44H2V16.65C2 19.6 4.4 22 7.35 22H16.65C19.6 22 22 19.6 22 16.65V11.07C22 11 22 10.91 21.99 10.84ZM14.5 16.25H12.81V18C12.81 18.41 12.47 18.75 12.06 18.75C11.65 18.75 11.31 18.41 11.31 18V16.25H9.5C9.09 16.25 8.75 15.91 8.75 15.5C8.75 15.09 9.09 14.75 9.5 14.75H11.31V13C11.31 12.59 11.65 12.25 12.06 12.25C12.47 12.25 12.81 12.59 12.81 13V14.75H14.5C14.91 14.75 15.25 15.09 15.25 15.5C15.25 15.91 14.91 16.25 14.5 16.25Z",
+    fill: "#39403E"
+  })));
+}
+var added_ForwardRef = /*#__PURE__*/react.forwardRef(SvgAdded);
+/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.a633ace445f83e4ab52d3c80cc788e1e.svg");
+
+;// CONCATENATED MODULE: ./src/icons/changed.svg
+var changed_path, changed_path2, changed_path3;
+var changed_excluded = ["title", "titleId"];
+function changed_extends() { changed_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return changed_extends.apply(this, arguments); }
+function changed_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = changed_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function changed_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgChanged(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = changed_objectWithoutProperties(_ref, changed_excluded);
+  return /*#__PURE__*/react.createElement("svg", changed_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, changed_path || (changed_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M18.5698 22H13.9998C11.7098 22 10.5698 20.86 10.5698 18.57V11.43C10.5698 9.14 11.7098 8 13.9998 8H18.5698C20.8598 8 21.9998 9.14 21.9998 11.43V18.57C21.9998 20.86 20.8598 22 18.5698 22Z",
+    fill: "#39403E"
+  })), changed_path2 || (changed_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M13.43 5.43V6.77C10.81 6.98 9.32 8.66 9.32 11.43V16H5.43C3.14 16 2 14.86 2 12.57V5.43C2 3.14 3.14 2 5.43 2H10C12.29 2 13.43 3.14 13.43 5.43Z",
+    fill: "#39403E"
+  })), changed_path3 || (changed_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M18.1301 14.25H17.2501V13.37C17.2501 12.96 16.9101 12.62 16.5001 12.62C16.0901 12.62 15.7501 12.96 15.7501 13.37V14.25H14.8701C14.4601 14.25 14.1201 14.59 14.1201 15C14.1201 15.41 14.4601 15.75 14.8701 15.75H15.7501V16.63C15.7501 17.04 16.0901 17.38 16.5001 17.38C16.9101 17.38 17.2501 17.04 17.2501 16.63V15.75H18.1301C18.5401 15.75 18.8801 15.41 18.8801 15C18.8801 14.59 18.5401 14.25 18.1301 14.25Z",
+    fill: "#39403E"
+  })));
+}
+var changed_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanged);
+/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.a9c091de612ab63c8d38d83dbb73e505.svg");
+
+;// CONCATENATED MODULE: ./src/icons/checkbox.svg
+var _rect;
+var checkbox_excluded = ["title", "titleId"];
+function checkbox_extends() { checkbox_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_extends.apply(this, arguments); }
+function checkbox_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function checkbox_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgCheckbox(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = checkbox_objectWithoutProperties(_ref, checkbox_excluded);
+  return /*#__PURE__*/react.createElement("svg", checkbox_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, _rect || (_rect = /*#__PURE__*/react.createElement("rect", {
+    opacity: 0.8,
+    x: 3,
+    y: 3.5,
+    width: 18,
+    height: 18,
+    rx: 3,
+    stroke: "#222222",
+    strokeWidth: 2
+  })));
+}
+var checkbox_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckbox);
+/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.90148614b6ab0451aac6f71db92028fd.svg");
+
+;// CONCATENATED MODULE: ./src/icons/checkbox-checked.svg
+var checkbox_checked_rect, checkbox_checked_path, _rect2;
+var checkbox_checked_excluded = ["title", "titleId"];
+function checkbox_checked_extends() { checkbox_checked_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_checked_extends.apply(this, arguments); }
+function checkbox_checked_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_checked_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function checkbox_checked_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgCheckboxChecked(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = checkbox_checked_objectWithoutProperties(_ref, checkbox_checked_excluded);
+  return /*#__PURE__*/react.createElement("svg", checkbox_checked_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, checkbox_checked_rect || (checkbox_checked_rect = /*#__PURE__*/react.createElement("rect", {
+    x: 3,
+    y: 3,
+    width: 18,
+    height: 18,
+    rx: 5,
+    fill: "#001628"
+  })), checkbox_checked_path || (checkbox_checked_path = /*#__PURE__*/react.createElement("path", {
+    d: "M9.70711 11.2929C9.31658 10.9024 8.68342 10.9024 8.29289 11.2929C7.90237 11.6834 7.90237 12.3166 8.29289 12.7071L10.2929 14.7071C10.6834 15.0976 11.3166 15.0976 11.7071 14.7071L15.7071 10.7071C16.0976 10.3166 16.0976 9.68342 15.7071 9.29289C15.3166 8.90237 14.6834 8.90237 14.2929 9.29289L11 12.5858L9.70711 11.2929Z",
+    fill: "#DFEBE9"
+  })), _rect2 || (_rect2 = /*#__PURE__*/react.createElement("rect", {
+    x: 3,
+    y: 3,
+    width: 18,
+    height: 18,
+    rx: 5,
+    stroke: "#001628",
+    strokeWidth: 2
+  })));
+}
+var checkbox_checked_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckboxChecked);
+/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.1c552519ffded79bb8ad25822c2573bb.svg");
+
+;// CONCATENATED MODULE: ./src/icons/checkbox-disabled.svg
+var checkbox_disabled_rect, checkbox_disabled_rect2;
+var checkbox_disabled_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
+function checkbox_disabled_extends() { checkbox_disabled_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_disabled_extends.apply(this, arguments); }
+function checkbox_disabled_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_disabled_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function checkbox_disabled_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgCheckboxDisabled(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = checkbox_disabled_objectWithoutProperties(_ref, checkbox_disabled_excluded);
+  return /*#__PURE__*/React.createElement("svg", checkbox_disabled_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/React.createElement("title", {
+    id: titleId
+  }, title) : null, checkbox_disabled_rect || (checkbox_disabled_rect = /*#__PURE__*/React.createElement("rect", {
+    x: 2,
+    y: 2,
+    width: 20,
+    height: 20,
+    rx: 6,
+    fill: "black",
+    fillOpacity: 0.08
+  })), checkbox_disabled_rect2 || (checkbox_disabled_rect2 = /*#__PURE__*/React.createElement("rect", {
+    x: 3,
+    y: 3,
+    width: 18,
+    height: 18,
+    rx: 5,
+    stroke: "black",
+    strokeOpacity: 0.16,
+    strokeWidth: 2
+  })));
+}
+var checkbox_disabled_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgCheckboxDisabled)));
+/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.f7de3b059a1f9fc60f809e7d3fd601e2.svg");
+
+;// CONCATENATED MODULE: ./src/icons/arrow-left.svg
+var arrow_left_path, arrow_left_path2;
+var arrow_left_excluded = ["title", "titleId"];
+function arrow_left_extends() { arrow_left_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return arrow_left_extends.apply(this, arguments); }
+function arrow_left_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = arrow_left_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function arrow_left_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgArrowLeft(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = arrow_left_objectWithoutProperties(_ref, arrow_left_excluded);
+  return /*#__PURE__*/react.createElement("svg", arrow_left_extends({
+    width: 40,
+    height: 40,
+    viewBox: "0 0 40 40",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, arrow_left_path || (arrow_left_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M20.0002 36.6666C29.2049 36.6666 36.6668 29.2047 36.6668 19.9999C36.6668 10.7952 29.2049 3.33325 20.0002 3.33325C10.7954 3.33325 3.3335 10.7952 3.3335 19.9999C3.3335 29.2047 10.7954 36.6666 20.0002 36.6666Z",
+    fill: "#222222"
+  })), arrow_left_path2 || (arrow_left_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M25.8334 18.75L17.1834 18.75L20.0501 15.8833C20.5334 15.4 20.5334 14.6 20.0501 14.1167C19.5667 13.6333 18.7667 13.6333 18.2834 14.1167L13.2834 19.1166C12.8001 19.6 12.8001 20.4 13.2834 20.8833L18.2834 25.8833C18.5334 26.1333 18.8501 26.25 19.1667 26.25C19.4834 26.25 19.8001 26.1333 20.0501 25.8833C20.5334 25.4 20.5334 24.6 20.0501 24.1166L17.1834 21.25L25.8334 21.25C26.5167 21.25 27.0834 20.6833 27.0834 20C27.0834 19.3166 26.5167 18.75 25.8334 18.75Z",
+    fill: "#222222"
+  })));
+}
+var arrow_left_ForwardRef = /*#__PURE__*/react.forwardRef(SvgArrowLeft);
+/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.0e69d1eb25254a957b660d86b58b7594.svg");
+
+;// CONCATENATED MODULE: ./src/icons/warning-sign.svg
+var warning_sign_path, warning_sign_path2, warning_sign_path3;
+var warning_sign_excluded = ["title", "titleId"];
+function warning_sign_extends() { warning_sign_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return warning_sign_extends.apply(this, arguments); }
+function warning_sign_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = warning_sign_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function warning_sign_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgWarningSign(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = warning_sign_objectWithoutProperties(_ref, warning_sign_excluded);
+  return /*#__PURE__*/react.createElement("svg", warning_sign_extends({
+    width: 21,
+    height: 21,
+    viewBox: "0 0 21 21",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, warning_sign_path || (warning_sign_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M19.0402 13.93L13.4402 3.85C12.6877 2.49375 11.6464 1.75 10.5002 1.75C9.35391 1.75 8.31266 2.49375 7.56016 3.85L1.96016 13.93C1.25141 15.2162 1.17266 16.45 1.74141 17.4212C2.31016 18.3925 3.43016 18.9262 4.90016 18.9262H16.1002C17.5702 18.9262 18.6902 18.3925 19.2589 17.4212C19.8277 16.45 19.7489 15.2075 19.0402 13.93Z",
+    fill: "#222222"
+  })), warning_sign_path2 || (warning_sign_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M10.5 12.9062C10.1413 12.9062 9.84375 12.6087 9.84375 12.25V7.875C9.84375 7.51625 10.1413 7.21875 10.5 7.21875C10.8587 7.21875 11.1562 7.51625 11.1562 7.875V12.25C11.1562 12.6087 10.8587 12.9062 10.5 12.9062Z",
+    fill: "#222222"
+  })), warning_sign_path3 || (warning_sign_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M10.5 15.75C10.4475 15.75 10.3863 15.7412 10.325 15.7325C10.2725 15.7237 10.22 15.7062 10.1675 15.68C10.115 15.6625 10.0625 15.6362 10.01 15.6012C9.96625 15.5662 9.9225 15.5312 9.87875 15.4962C9.72125 15.33 9.625 15.1025 9.625 14.875C9.625 14.6475 9.72125 14.42 9.87875 14.2537C9.9225 14.2187 9.96625 14.1837 10.01 14.1487C10.0625 14.1137 10.115 14.0875 10.1675 14.07C10.22 14.0437 10.2725 14.0262 10.325 14.0175C10.4388 13.9912 10.5612 13.9912 10.6662 14.0175C10.7275 14.0262 10.78 14.0437 10.8325 14.07C10.885 14.0875 10.9375 14.1137 10.99 14.1487C11.0338 14.1837 11.0775 14.2187 11.1213 14.2537C11.2788 14.42 11.375 14.6475 11.375 14.875C11.375 15.1025 11.2788 15.33 11.1213 15.4962C11.0775 15.5312 11.0338 15.5662 10.99 15.6012C10.9375 15.6362 10.885 15.6625 10.8325 15.68C10.78 15.7062 10.7275 15.7237 10.6662 15.7325C10.6137 15.7412 10.5525 15.75 10.5 15.75Z",
+    fill: "#222222"
+  })));
+}
+var warning_sign_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarningSign);
+/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.fb9ebdb743ce95ba858869fcc9772754.svg");
+
+;// CONCATENATED MODULE: ./src/icons/changes.svg
+var changes_path, changes_path2, changes_path3;
+var changes_excluded = ["title", "titleId"];
+function changes_extends() { changes_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return changes_extends.apply(this, arguments); }
+function changes_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = changes_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function changes_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgChanges(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = changes_objectWithoutProperties(_ref, changes_excluded);
+  return /*#__PURE__*/react.createElement("svg", changes_extends({
+    width: 21,
+    height: 21,
+    viewBox: "0 0 21 21",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, changes_path || (changes_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M18.375 19.25H2.625C2.26625 19.25 1.96875 18.9525 1.96875 18.5938C1.96875 18.235 2.26625 17.9375 2.625 17.9375H18.375C18.7337 17.9375 19.0312 18.235 19.0312 18.5938C19.0312 18.9525 18.7337 19.25 18.375 19.25Z",
+    fill: "#222222"
+  })), changes_path2 || (changes_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M16.6423 3.04495C14.9448 1.34745 13.2823 1.3037 11.541 3.04495L10.4823 4.1037C10.3948 4.1912 10.3598 4.3312 10.3948 4.4537C11.0598 6.77245 12.9148 8.62745 15.2335 9.29245C15.2685 9.3012 15.3035 9.30995 15.3385 9.30995C15.4348 9.30995 15.5223 9.27495 15.5923 9.20496L16.6423 8.1462C17.5085 7.2887 17.9285 6.45745 17.9285 5.61745C17.9373 4.7512 17.5173 3.9112 16.6423 3.04495Z",
+    fill: "#222222"
+  })), changes_path3 || (changes_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M13.6588 10.0887C13.405 9.9662 13.16 9.8437 12.9238 9.7037C12.7313 9.58995 12.5475 9.46745 12.3638 9.3362C12.215 9.23995 12.04 9.09995 11.8738 8.95995C11.8563 8.9512 11.795 8.8987 11.725 8.8287C11.4363 8.5837 11.1125 8.2687 10.8238 7.9187C10.7975 7.9012 10.7538 7.83995 10.6925 7.7612C10.605 7.6562 10.4563 7.4812 10.325 7.27995C10.22 7.1487 10.0975 6.9562 9.98378 6.7637C9.84378 6.52745 9.72129 6.2912 9.59879 6.0462C9.47629 5.7837 9.38003 5.52995 9.29253 5.2937L3.79753 10.7887C3.68378 10.9025 3.57878 11.1212 3.55253 11.27L3.08003 14.6212C2.99253 15.2162 3.15878 15.7762 3.52628 16.1524C3.84129 16.4587 4.27878 16.625 4.75128 16.625C4.85628 16.625 4.96128 16.6162 5.06628 16.5987L8.42629 16.1262C8.58379 16.1 8.80254 15.995 8.90754 15.8812L14.4025 10.3862C14.1575 10.2987 13.9213 10.2025 13.6588 10.0887Z",
+    fill: "#222222"
+  })));
+}
+var changes_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanges);
+/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.b1e048d4a195559cfe9376069cd93bea.svg");
+
+;// CONCATENATED MODULE: ./src/icons/star.svg
+var star_path, star_path2;
+var star_excluded = ["title", "titleId"];
+function star_extends() { star_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return star_extends.apply(this, arguments); }
+function star_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = star_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function star_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgStar(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = star_objectWithoutProperties(_ref, star_excluded);
+  return /*#__PURE__*/react.createElement("svg", star_extends({
+    width: 21,
+    height: 21,
+    viewBox: "0 0 21 21",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, star_path || (star_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M5.02268 14C5.11893 13.5712 4.94393 12.9587 4.63768 12.6525L2.51143 10.5262C1.84643 9.86125 1.58393 9.1525 1.77643 8.54C1.97768 7.9275 2.59893 7.5075 3.52643 7.35L6.25643 6.895C6.65018 6.825 7.13143 6.475 7.31518 6.11625L8.82018 3.0975C9.25768 2.23125 9.85268 1.75 10.5002 1.75C11.1477 1.75 11.7427 2.23125 12.1802 3.0975L13.6852 6.11625C13.7989 6.34375 14.0352 6.5625 14.2889 6.71125L4.86518 16.135C4.74268 16.2575 4.53268 16.1437 4.56768 15.9687L5.02268 14Z",
+    fill: "#222222"
+  })), star_path2 || (star_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M16.3627 12.6524C16.0477 12.9674 15.8727 13.5712 15.9777 13.9999L16.5814 16.6337C16.8352 17.7274 16.6777 18.5499 16.1352 18.9437C15.9164 19.1012 15.6539 19.1799 15.3477 19.1799C14.9014 19.1799 14.3764 19.0137 13.7989 18.6724L11.2352 17.1499C10.8327 16.9137 10.1677 16.9137 9.76519 17.1499L7.20144 18.6724C6.23019 19.2412 5.39895 19.3374 4.8652 18.9437C4.66395 18.7949 4.5152 18.5937 4.41895 18.3312L15.0589 7.69116C15.4614 7.28866 16.0302 7.10491 16.5814 7.20116L17.4652 7.34991C18.3927 7.50741 19.0139 7.92741 19.2152 8.53991C19.4077 9.15241 19.1452 9.86116 18.4802 10.5262L16.3627 12.6524Z",
+    fill: "#222222"
+  })));
+}
+var star_ForwardRef = /*#__PURE__*/react.forwardRef(SvgStar);
+/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.0c433d1c6ccb36781955621fc40f0540.svg");
+
+;// CONCATENATED MODULE: ./src/icons/triangle-down.svg
+var triangle_down_path, triangle_down_path2;
+var triangle_down_excluded = ["title", "titleId"];
+function triangle_down_extends() { triangle_down_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_down_extends.apply(this, arguments); }
+function triangle_down_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_down_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function triangle_down_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTriangleDown(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = triangle_down_objectWithoutProperties(_ref, triangle_down_excluded);
+  return /*#__PURE__*/react.createElement("svg", triangle_down_extends({
+    width: 50,
+    height: 50,
+    viewBox: "0 0 50 50",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, triangle_down_path || (triangle_down_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z",
+    fill: "#39403E"
+  })), triangle_down_path2 || (triangle_down_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z",
+    fill: "#39403E"
+  })));
+}
+var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
+/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.cb859bf44378ddfd76730eb4a9f90a89.svg");
+
+;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
+var triangle_right_path, triangle_right_path2;
+var triangle_right_excluded = ["title", "titleId"];
+function triangle_right_extends() { triangle_right_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_right_extends.apply(this, arguments); }
+function triangle_right_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_right_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function triangle_right_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTriangleRight(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = triangle_right_objectWithoutProperties(_ref, triangle_right_excluded);
+  return /*#__PURE__*/react.createElement("svg", triangle_right_extends({
+    width: 50,
+    height: 50,
+    viewBox: "0 0 50 50",
+    fill: "none",
+    transform: "rotate(-90)",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, triangle_right_path || (triangle_right_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z",
+    fill: "#39403E"
+  })), triangle_right_path2 || (triangle_right_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z",
+    fill: "#39403E"
+  })));
+}
+var triangle_right_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRight);
+/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.795bcf3f22906edc57cecb48328c9f89.svg");
+
+;// CONCATENATED MODULE: ./src/icons/brackets-curly.svg
+var brackets_curly_path;
+var brackets_curly_excluded = ["title", "titleId"];
+function brackets_curly_extends() { brackets_curly_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return brackets_curly_extends.apply(this, arguments); }
+function brackets_curly_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = brackets_curly_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function brackets_curly_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgBracketsCurly(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = brackets_curly_objectWithoutProperties(_ref, brackets_curly_excluded);
+  return /*#__PURE__*/react.createElement("svg", brackets_curly_extends({
+    width: 22,
+    height: 18,
+    viewBox: "0 0 22 18",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, brackets_curly_path || (brackets_curly_path = /*#__PURE__*/react.createElement("path", {
+    d: "M5.23739 16.24C4.78139 16.24 4.38539 16.156 4.04939 15.988C3.72539 15.82 3.47939 15.568 3.31139 15.232C3.14339 14.908 3.05939 14.518 3.05939 14.062V10.57C3.05939 10.078 2.96939 9.724 2.78939 9.508C2.62139 9.28 2.30939 9.16 1.85339 9.148C1.62539 9.136 1.44539 9.046 1.31339 8.878C1.18139 8.71 1.11539 8.506 1.11539 8.266C1.11539 8.026 1.18139 7.828 1.31339 7.672C1.44539 7.504 1.62539 7.414 1.85339 7.402C2.30939 7.378 2.62139 7.258 2.78939 7.042C2.96939 6.814 3.05939 6.46 3.05939 5.98V2.488C3.05939 1.792 3.24539 1.258 3.61739 0.885999C4.00139 0.501999 4.54139 0.309999 5.23739 0.309999H6.51539C6.79139 0.309999 7.01339 0.393999 7.18139 0.561999C7.36139 0.717999 7.45139 0.915999 7.45139 1.156C7.45139 1.396 7.37939 1.6 7.23539 1.768C7.09139 1.924 6.89939 2.002 6.65939 2.002H6.02939C5.78939 2.002 5.60939 2.068 5.48939 2.2C5.36939 2.332 5.30939 2.53 5.30939 2.794V6.25C5.30939 6.622 5.23139 6.964 5.07539 7.276C4.91939 7.588 4.70939 7.84 4.44539 8.032C4.19339 8.224 3.90539 8.32 3.58139 8.32V8.248C3.90539 8.248 4.19339 8.344 4.44539 8.536C4.70939 8.716 4.91939 8.962 5.07539 9.274C5.23139 9.586 5.30939 9.928 5.30939 10.3V13.756C5.30939 14.02 5.36939 14.218 5.48939 14.35C5.60939 14.482 5.78939 14.548 6.02939 14.548H6.65939C6.89939 14.548 7.09139 14.626 7.23539 14.782C7.37939 14.95 7.45139 15.154 7.45139 15.394C7.45139 15.634 7.36139 15.832 7.18139 15.988C7.01339 16.156 6.79139 16.24 6.51539 16.24H5.23739ZM14.4914 16.24C14.2274 16.24 14.0054 16.156 13.8254 15.988C13.6454 15.832 13.5554 15.634 13.5554 15.394C13.5554 15.154 13.6274 14.95 13.7714 14.782C13.9154 14.626 14.1074 14.548 14.3474 14.548H14.9774C15.2174 14.548 15.3974 14.482 15.5174 14.35C15.6374 14.218 15.6974 14.02 15.6974 13.756V10.3C15.6974 9.928 15.7754 9.586 15.9314 9.274C16.0874 8.962 16.2974 8.71 16.5614 8.518C16.8254 8.326 17.1134 8.23 17.4254 8.23V8.302C17.1134 8.302 16.8254 8.212 16.5614 8.032C16.2974 7.84 16.0874 7.588 15.9314 7.276C15.7754 6.964 15.6974 6.622 15.6974 6.25V2.794C15.6974 2.53 15.6374 2.332 15.5174 2.2C15.3974 2.068 15.2174 2.002 14.9774 2.002H14.3474C14.1074 2.002 13.9154 1.924 13.7714 1.768C13.6274 1.6 13.5554 1.396 13.5554 1.156C13.5554 0.915999 13.6454 0.717999 13.8254 0.561999C14.0054 0.393999 14.2274 0.309999 14.4914 0.309999H15.7694C16.2374 0.309999 16.6334 0.393999 16.9574 0.561999C17.2814 0.729999 17.5274 0.975999 17.6954 1.3C17.8634 1.624 17.9474 2.02 17.9474 2.488V5.98C17.9474 6.46 18.0374 6.814 18.2174 7.042C18.3974 7.258 18.7094 7.378 19.1534 7.402C19.3934 7.414 19.5734 7.504 19.6934 7.672C19.8254 7.84 19.8914 8.044 19.8914 8.284C19.8914 8.512 19.8254 8.71 19.6934 8.878C19.5734 9.046 19.3934 9.136 19.1534 9.148C18.7094 9.16 18.3974 9.28 18.2174 9.508C18.0374 9.724 17.9474 10.078 17.9474 10.57V14.062C17.9474 14.758 17.7554 15.292 17.3714 15.664C16.9994 16.048 16.4654 16.24 15.7694 16.24H14.4914Z",
+    fill: "#39403E"
+  })));
+}
+var brackets_curly_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsCurly);
+/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.99e04241d2e10a7cfb60d2c695401adc.svg");
+
+;// CONCATENATED MODULE: ./src/icons/brackets-square.svg
+var brackets_square_path;
+var brackets_square_excluded = ["title", "titleId"];
+function brackets_square_extends() { brackets_square_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return brackets_square_extends.apply(this, arguments); }
+function brackets_square_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = brackets_square_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function brackets_square_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgBracketsSquare(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = brackets_square_objectWithoutProperties(_ref, brackets_square_excluded);
+  return /*#__PURE__*/react.createElement("svg", brackets_square_extends({
+    width: 22,
+    height: 18,
+    viewBox: "0 0 22 18",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, brackets_square_path || (brackets_square_path = /*#__PURE__*/react.createElement("path", {
+    d: "M3.79484 17.8617C3.50151 17.8617 3.24818 17.7617 3.03484 17.5617C2.83484 17.3617 2.73484 17.1151 2.73484 16.8217V1.20172C2.73484 0.895051 2.83484 0.648384 3.03484 0.461718C3.24818 0.261718 3.50151 0.161718 3.79484 0.161718H6.65484C6.96151 0.161718 7.19484 0.255051 7.35484 0.441718C7.52818 0.615051 7.61484 0.835051 7.61484 1.10172C7.61484 1.36838 7.52818 1.59505 7.35484 1.78172C7.19484 1.95505 6.96151 2.04172 6.65484 2.04172H5.23484V15.9817H6.65484C6.96151 15.9817 7.19484 16.0684 7.35484 16.2417C7.52818 16.4284 7.61484 16.6551 7.61484 16.9217C7.61484 17.1884 7.52818 17.4084 7.35484 17.5817C7.19484 17.7684 6.96151 17.8617 6.65484 17.8617H3.79484ZM15.3548 17.8617C15.0615 17.8617 14.8282 17.7684 14.6548 17.5817C14.4815 17.4084 14.3948 17.1884 14.3948 16.9217C14.3948 16.6551 14.4815 16.4284 14.6548 16.2417C14.8282 16.0684 15.0615 15.9817 15.3548 15.9817H16.7748V2.04172H15.3548C15.0615 2.04172 14.8282 1.95505 14.6548 1.78172C14.4815 1.59505 14.3948 1.36838 14.3948 1.10172C14.3948 0.835051 14.4815 0.615051 14.6548 0.441718C14.8282 0.255051 15.0615 0.161718 15.3548 0.161718H18.2148C18.5215 0.161718 18.7748 0.261718 18.9748 0.461718C19.1748 0.648384 19.2748 0.895051 19.2748 1.20172V16.8217C19.2748 17.1151 19.1748 17.3617 18.9748 17.5617C18.7748 17.7617 18.5215 17.8617 18.2148 17.8617H15.3548Z",
+    fill: "#39403E"
+  })));
+}
+var brackets_square_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsSquare);
+/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.3daecb55d1cd657d5682c02cfe8563d5.svg");
+
+;// CONCATENATED MODULE: ./src/icons/file.svg
+var file_path, file_path2, file_path3;
+var file_excluded = ["title", "titleId"];
+function file_extends() { file_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return file_extends.apply(this, arguments); }
+function file_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = file_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function file_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgFile(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = file_objectWithoutProperties(_ref, file_excluded);
+  return /*#__PURE__*/react.createElement("svg", file_extends({
+    width: 40,
+    height: 40,
+    viewBox: "0 0 40 40",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, file_path || (file_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M26.9833 3.3335H13.0166C6.94992 3.3335 3.33325 6.95016 3.33325 13.0168V26.9668C3.33325 33.0502 6.94992 36.6668 13.0166 36.6668H26.9666C33.0333 36.6668 36.6499 33.0502 36.6499 26.9835V13.0168C36.6666 6.95016 33.0499 3.3335 26.9833 3.3335Z",
+    fill: "#151B33"
+  })), file_path2 || (file_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M26.25 16.25H13.75C13.0667 16.25 12.5 15.6833 12.5 15C12.5 14.3167 13.0667 13.75 13.75 13.75H26.25C26.9333 13.75 27.5 14.3167 27.5 15C27.5 15.6833 26.9333 16.25 26.25 16.25Z",
+    fill: "#151B33"
+  })), file_path3 || (file_path3 = /*#__PURE__*/react.createElement("path", {
+    d: "M26.25 26.25H13.75C13.0667 26.25 12.5 25.6833 12.5 25C12.5 24.3167 13.0667 23.75 13.75 23.75H26.25C26.9333 23.75 27.5 24.3167 27.5 25C27.5 25.6833 26.9333 26.25 26.25 26.25Z",
+    fill: "#151B33"
+  })));
+}
+var file_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFile);
+/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.f2670ef3fe4fae6122bb957ea2390db0.svg");
+
+;// CONCATENATED MODULE: ./src/icons/result.svg
+var result_circle, result_path, result_g;
+var result_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
+function result_extends() { result_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return result_extends.apply(this, arguments); }
+function result_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = result_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function result_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgResult(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = result_objectWithoutProperties(_ref, result_excluded);
+  return /*#__PURE__*/React.createElement("svg", result_extends({
+    width: 30,
+    height: 30,
+    viewBox: "0 0 30 30",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/React.createElement("title", {
+    id: titleId
+  }, title) : null, result_circle || (result_circle = /*#__PURE__*/React.createElement("circle", {
+    cx: 15,
+    cy: 15,
+    r: 15,
+    fill: "#DFEBE9"
+  })), result_path || (result_path = /*#__PURE__*/React.createElement("path", {
+    d: "M12.0825 14.8876C9.96746 15.0376 9.97496 18.1126 12.0825 18.2626H17.085C17.6925 18.2701 18.2775 18.0376 18.7275 17.6326C20.2125 16.3351 19.4175 13.7326 17.4675 13.4851C16.77 9.25507 10.6575 10.8601 12.105 14.8876",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), result_g || (result_g = /*#__PURE__*/React.createElement("g", {
+    opacity: 0.4
+  }, /*#__PURE__*/React.createElement("path", {
+    d: "M7.5 17.25C7.5 20.1525 9.8475 22.5 12.75 22.5L11.9625 21.1875",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }), /*#__PURE__*/React.createElement("path", {
+    d: "M22.5 12.75C22.5 9.8475 20.1525 7.5 17.25 7.5L18.0375 8.8125",
+    stroke: "#39403E",
+    strokeWidth: 1.5,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  }))));
+}
+var result_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgResult)));
+/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.cc7a9a9173a072950aee17843ff145ba.svg");
+
+;// CONCATENATED MODULE: ./src/icons/include.svg
+var include_circle, include_path, include_path2, include_path3, include_path4;
+var include_excluded = ["title", "titleId"];
+function include_extends() { include_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return include_extends.apply(this, arguments); }
+function include_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = include_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function include_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgInclude(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = include_objectWithoutProperties(_ref, include_excluded);
+  return /*#__PURE__*/react.createElement("svg", include_extends({
+    width: 30,
+    height: 30,
+    viewBox: "0 0 30 30",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, include_circle || (include_circle = /*#__PURE__*/react.createElement("circle", {
+    cx: 15,
+    cy: 15,
+    r: 15,
+    fill: "#39403E"
+  })), include_path || (include_path = /*#__PURE__*/react.createElement("path", {
+    d: "M21.75 11.25V18.75C21.75 21 20.625 22.5 18 22.5H12C9.375 22.5 8.25 21 8.25 18.75V11.25C8.25 9 9.375 7.5 12 7.5H18C20.625 7.5 21.75 9 21.75 11.25Z",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), include_path2 || (include_path2 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M16.875 9.375V10.875C16.875 11.7 17.55 12.375 18.375 12.375H19.875",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), include_path3 || (include_path3 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M12 15.75H15",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })), include_path4 || (include_path4 = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M12 18.75H18",
+    stroke: "#DFEBE9",
+    strokeWidth: 1.5,
+    strokeMiterlimit: 10,
+    strokeLinecap: "round",
+    strokeLinejoin: "round"
+  })));
+}
+var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
+/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.6bf4795a2f5623b297789116effd0bec.svg");
+
+;// CONCATENATED MODULE: ./src/icons/Icons.tsx
+var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
+;// CONCATENATED MODULE: ./src/components/theme.ts
+var paletteDark={primary:{main:'#DFEBE9'},background:{default:'#222222',paper:'#222222'},text:{primary:'#DFEBE9'}};var paletteLight={primary:{main:'#222222'},secondary:{main:'#39403E'},background:{default:'#DFEBE9',paper:'#DFEBE9'},text:{primary:'#222222'}};var theme_common=styles_createTheme({consts:{appBarHeight:106,leftDrawerWidthOpen:224,leftDrawerWidthClosed:96},typography:{fontFamily:'Nunito Variable'},components:{MuiBackdrop:{styleOverrides:{root:{backgroundColor:'rgba(0, 0, 0, 0.65)'},invisible:{backgroundColor:'transparent'}}}}});var theme_light=styles_createTheme(theme_common,{palette:paletteLight,typography:{h1:{color:paletteLight.text.primary,fontWeight:700,fontSize:'32px',lineHeight:'44px',letterSpacing:'1px'},h2:{color:paletteLight.text.primary,fontWeight:700,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},h5:{color:paletteLight.secondary.main,fontWeight:700,fontSize:'22px',lineHeight:'30px',letterSpacing:'1px'},h6:{color:paletteLight.secondary.main,fontWeight:800,fontSize:'20px',lineHeight:'27px'},subtitle1:{color:paletteLight.secondary.main},subtitle2:{fontSize:'14px',lineHeight:1.2}},components:{MuiDivider:{styleOverrides:{root:{borderColor:paletteLight.secondary.main}}},MuiAppBar:{styleOverrides:{root:{color:paletteLight.primary.main}}},MuiTableCell:{styleOverrides:{root:{border:'none',borderTop:"0.5px solid ".concat(paletteLight.secondary.main),fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',position:'relative',':after':{content:'""',position:'absolute',top:'10px',right:0,bottom:'10px',display:'block',borderRight:"0.5px solid ".concat(paletteLight.secondary.main)},':last-of-type:after':{content:'none'},':last-of-type':{overflowWrap:'anywhere'}},head:{border:'none'}}}}});var theme_dark=styles_createTheme(theme_common,{palette:paletteDark,typography:{allVariants:{color:paletteDark.text.primary},h4:{color:paletteDark.text.primary,fontWeight:700,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}},components:{MuiListItem:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiButtonBase:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiDrawer:{styleOverrides:{root:{border:'none'},paper:{border:'none'}}},MuiDivider:{styleOverrides:{root:{background:paletteDark.primary.main,opacity:0.2,margin:'0 13px'}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteDark.text.primary}}}}}});
+;// CONCATENATED MODULE: ./src/components/LeftDrawer.tsx
+var openedMixin=function openedMixin(theme){return{width:theme.consts.leftDrawerWidthOpen,transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),overflowX:'hidden'};};var closedMixin=function closedMixin(theme){return{transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen}),overflowX:'hidden',width:theme.consts.leftDrawerWidthClosed};};var DrawerHeader=styles_styled('div')(function(_ref){var theme=_ref.theme;return _objectSpread2({height:theme.consts.appBarHeight,padding:'31px 23px 0 23px'},theme.mixins.toolbar);});var LeftDrawer_AppBar=styles_styled(AppBar_AppBar,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref2){var theme=_ref2.theme,open=_ref2.open;return _objectSpread2({height:theme.consts.appBarHeight,border:'none',boxShadow:'none',background:'transparent',padding:'40px 40px 0 40px',marginLeft:theme.consts.leftDrawerWidthClosed,justifyContent:'space-between',width:"calc(100% - ".concat(theme.consts.leftDrawerWidthClosed,"px)"),zIndex:theme.zIndex.drawer+1,transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen})},open&&{marginLeft:theme.consts.leftDrawerWidthOpen,width:"calc(100% - ".concat(theme.consts.leftDrawerWidthOpen,"px)"),transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})});});var LeftDrawer_Drawer=styles_styled(Drawer_Drawer,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref3){var theme=_ref3.theme,open=_ref3.open;return _objectSpread2(_objectSpread2({width:theme.consts.leftDrawerWidthOpen,flexShrink:0,whiteSpace:'nowrap',boxSizing:'border-box',borderRadius:'0px 20px 20px 0px'},open&&_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})})),!open&&_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})}));});function Item(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{component:Link,to:props.to,disablePadding:true,sx:{display:'block',margin:'14px 0'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemButton_ListItemButton,{sx:{height:'60px',justifyContent:'start',alignItems:'center',gap:'15px',padding:'0 24px'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIcon_ListItemIcon,{sx:{minWidth:0,flex:'0 0 auto',justifyContent:'center',alignItems:'center'},children:props.icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:props.text,sx:{display:props.open?'block':'none',margin:0},primaryTypographyProps:{fontWeight:500,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}})]})},props.text);}function LeftDrawer(props){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),open=_useState2[0],setOpen=_useState2[1];var location=dist_useLocation();var navigate=dist_useNavigate();var theme=styles_useTheme_useTheme();var toggleDrawer=function toggleDrawer(){setOpen(function(o){return!o;});};var path=location.pathname.split('/')[1];var header=null;switch(path){case'targets':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Dashboard"}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"40px",maxWidth:"314px",flexGrow:1,borderRadius:"10px",display:"flex",justifyContent:"space-between",alignItems:"center",padding:"0 9px 0 15px",sx:{background:theme.palette.background.default},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",style:{background:'none',border:'none',outline:'none',height:'20px',lineHeight:'20px',fontSize:'18px'},placeholder:"Search"}),/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0,height:40,width:40},children:/*#__PURE__*/(0,jsx_runtime.jsx)(SearchIcon,{})})]})]});break;case'results':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"start",gap:"12px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0},onClick:function onClick(){return navigate('/targets');},children:/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowLeftIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Result Tree"})]});break;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer_AppBar,{position:"fixed",open:open,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",justifyContent:"space-between",children:header})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsxs)(LeftDrawer_Drawer,{variant:"permanent",open:open,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(IconButton_IconButton,{onClick:toggleDrawer,sx:{gap:'13px',padding:0},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlLogo,{}),open&&/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlText,{})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(List_List,{sx:{padding:'10px 0 0 0'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Item,{text:"Targets",open:open,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsIcon,{}),to:"targets"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{component:"main",sx:{flexGrow:1,height:'100%',overflow:'hidden'},minWidth:0,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"calc(100% - ".concat(theme.consts.appBarHeight,"px)"),overflow:"auto",children:props.content})]})]});}
+;// CONCATENATED MODULE: ./src/models.ts
+/* Do not change, this code is generated from Golang structs */var DeploymentError=/*#__PURE__*/function(){function DeploymentError(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentError);this.ref=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.message=source["message"];}createClass_createClass(DeploymentError,[{key:"convertValues",value:function convertValues(a,classs){var _this=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i=0,_Object$keys=Object.keys(a);_i<_Object$keys.length;_i++){var _key=_Object$keys[_i];a[_key]=new classs(a[_key]);}return a;}return new classs(a);}return a;}}]);return DeploymentError;}();var Change=/*#__PURE__*/createClass_createClass(function Change(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Change);this.type=void 0;this.jsonPath=void 0;this.oldValue=void 0;this.newValue=void 0;this.unifiedDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.type=source["type"];this.jsonPath=source["jsonPath"];this.oldValue=source["oldValue"];this.newValue=source["newValue"];this.unifiedDiff=source["unifiedDiff"];});var ResultObject=/*#__PURE__*/function(){function ResultObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ResultObject);this.ref=void 0;this.changes=void 0;this.new=void 0;this.orphan=void 0;this.deleted=void 0;this.hook=void 0;this.rendered=void 0;this.remote=void 0;this.applied=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);this.new=source["new"];this.orphan=source["orphan"];this.deleted=source["deleted"];this.hook=source["hook"];this.rendered=source["rendered"];this.remote=source["remote"];this.applied=source["applied"];}createClass_createClass(ResultObject,[{key:"convertValues",value:function convertValues(a,classs){var _this2=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this2.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i2=0,_Object$keys2=Object.keys(a);_i2<_Object$keys2.length;_i2++){var _key2=_Object$keys2[_i2];a[_key2]=new classs(a[_key2]);}return a;}return new classs(a);}return a;}}]);return ResultObject;}();var IgnoreForDiffItemConfig=/*#__PURE__*/createClass_createClass(function IgnoreForDiffItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,IgnoreForDiffItemConfig);this.fieldPath=void 0;this.fieldPathRegex=void 0;this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.fieldPath=source["fieldPath"];this.fieldPathRegex=source["fieldPathRegex"];this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var HelmChartConfig=/*#__PURE__*/createClass_createClass(function HelmChartConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,HelmChartConfig);this.repo=void 0;this.path=void 0;this.credentialsId=void 0;this.chartName=void 0;this.chartVersion=void 0;this.updateConstraints=void 0;this.releaseName=void 0;this.namespace=void 0;this.output=void 0;this.skipCRDs=void 0;this.skipUpdate=void 0;this.skipPrePull=void 0;if('string'===typeof source)source=JSON.parse(source);this.repo=source["repo"];this.path=source["path"];this.credentialsId=source["credentialsId"];this.chartName=source["chartName"];this.chartVersion=source["chartVersion"];this.updateConstraints=source["updateConstraints"];this.releaseName=source["releaseName"];this.namespace=source["namespace"];this.output=source["output"];this.skipCRDs=source["skipCRDs"];this.skipUpdate=source["skipUpdate"];this.skipPrePull=source["skipPrePull"];});var DeleteObjectItemConfig=/*#__PURE__*/createClass_createClass(function DeleteObjectItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeleteObjectItemConfig);this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var GitProject=/*#__PURE__*/createClass_createClass(function GitProject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitProject);this.url=void 0;this.ref=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];});var DeploymentItemConfig=/*#__PURE__*/function(){function DeploymentItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentItemConfig);this.path=void 0;this.include=void 0;this.git=void 0;this.tags=void 0;this.barrier=void 0;this.message=void 0;this.waitReadiness=void 0;this.vars=void 0;this.skipDeleteIfTags=void 0;this.onlyRender=void 0;this.alwaysDeploy=void 0;this.deleteObjects=void 0;this.when=void 0;this.renderedHelmChartConfig=void 0;this.renderedObjects=void 0;this.renderedInclude=void 0;if('string'===typeof source)source=JSON.parse(source);this.path=source["path"];this.include=source["include"];this.git=this.convertValues(source["git"],GitProject);this.tags=source["tags"];this.barrier=source["barrier"];this.message=source["message"];this.waitReadiness=source["waitReadiness"];this.vars=this.convertValues(source["vars"],VarsSource);this.skipDeleteIfTags=source["skipDeleteIfTags"];this.onlyRender=source["onlyRender"];this.alwaysDeploy=source["alwaysDeploy"];this.deleteObjects=this.convertValues(source["deleteObjects"],DeleteObjectItemConfig);this.when=source["when"];this.renderedHelmChartConfig=this.convertValues(source["renderedHelmChartConfig"],HelmChartConfig);this.renderedObjects=this.convertValues(source["renderedObjects"],models_ObjectRef);this.renderedInclude=this.convertValues(source["renderedInclude"],DeploymentProjectConfig);}createClass_createClass(DeploymentItemConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this3=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this3.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i3=0,_Object$keys3=Object.keys(a);_i3<_Object$keys3.length;_i3++){var _key3=_Object$keys3[_i3];a[_key3]=new classs(a[_key3]);}return a;}return new classs(a);}return a;}}]);return DeploymentItemConfig;}();var SealedSecretsConfig=/*#__PURE__*/createClass_createClass(function SealedSecretsConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealedSecretsConfig);this.outputPattern=void 0;if('string'===typeof source)source=JSON.parse(source);this.outputPattern=source["outputPattern"];});var VarsSourceVault=/*#__PURE__*/createClass_createClass(function VarsSourceVault(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceVault);this.address=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.address=source["address"];this.path=source["path"];});var VarsSourceAwsSecretsManager=/*#__PURE__*/createClass_createClass(function VarsSourceAwsSecretsManager(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceAwsSecretsManager);this.secretName=void 0;this.region=void 0;this.profile=void 0;if('string'===typeof source)source=JSON.parse(source);this.secretName=source["secretName"];this.region=source["region"];this.profile=source["profile"];});var VarsSourceHttp=/*#__PURE__*/createClass_createClass(function VarsSourceHttp(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceHttp);this.url=void 0;this.method=void 0;this.body=void 0;this.headers=void 0;this.jsonPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.method=source["method"];this.body=source["body"];this.headers=source["headers"];this.jsonPath=source["jsonPath"];});var VarsSourceClusterConfigMapOrSecret=/*#__PURE__*/createClass_createClass(function VarsSourceClusterConfigMapOrSecret(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceClusterConfigMapOrSecret);this.name=void 0;this.labels=void 0;this.namespace=void 0;this.key=void 0;this.targetPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.labels=source["labels"];this.namespace=source["namespace"];this.key=source["key"];this.targetPath=source["targetPath"];});var VarsSourceGit=/*#__PURE__*/createClass_createClass(function VarsSourceGit(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceGit);this.url=void 0;this.ref=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.path=source["path"];});var VarsSource=/*#__PURE__*/function(){function VarsSource(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSource);this.ignoreMissing=void 0;this.noOverride=void 0;this.values=void 0;this.file=void 0;this.git=void 0;this.clusterConfigMap=void 0;this.clusterSecret=void 0;this.systemEnvVars=void 0;this.http=void 0;this.awsSecretsManager=void 0;this.vault=void 0;this.when=void 0;this.renderedVars=void 0;if('string'===typeof source)source=JSON.parse(source);this.ignoreMissing=source["ignoreMissing"];this.noOverride=source["noOverride"];this.values=source["values"];this.file=source["file"];this.git=this.convertValues(source["git"],VarsSourceGit);this.clusterConfigMap=this.convertValues(source["clusterConfigMap"],VarsSourceClusterConfigMapOrSecret);this.clusterSecret=this.convertValues(source["clusterSecret"],VarsSourceClusterConfigMapOrSecret);this.systemEnvVars=source["systemEnvVars"];this.http=this.convertValues(source["http"],VarsSourceHttp);this.awsSecretsManager=this.convertValues(source["awsSecretsManager"],VarsSourceAwsSecretsManager);this.vault=this.convertValues(source["vault"],VarsSourceVault);this.when=source["when"];this.renderedVars=source["renderedVars"];}createClass_createClass(VarsSource,[{key:"convertValues",value:function convertValues(a,classs){var _this4=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this4.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i4=0,_Object$keys4=Object.keys(a);_i4<_Object$keys4.length;_i4++){var _key4=_Object$keys4[_i4];a[_key4]=new classs(a[_key4]);}return a;}return new classs(a);}return a;}}]);return VarsSource;}();var DeploymentProjectConfig=/*#__PURE__*/function(){function DeploymentProjectConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentProjectConfig);this.vars=void 0;this.sealedSecrets=void 0;this.when=void 0;this.deployments=void 0;this.commonLabels=void 0;this.commonAnnotations=void 0;this.overrideNamespace=void 0;this.tags=void 0;this.ignoreForDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.vars=this.convertValues(source["vars"],VarsSource);this.sealedSecrets=this.convertValues(source["sealedSecrets"],SealedSecretsConfig);this.when=source["when"];this.deployments=this.convertValues(source["deployments"],DeploymentItemConfig);this.commonLabels=source["commonLabels"];this.commonAnnotations=source["commonAnnotations"];this.overrideNamespace=source["overrideNamespace"];this.tags=source["tags"];this.ignoreForDiff=this.convertValues(source["ignoreForDiff"],IgnoreForDiffItemConfig);}createClass_createClass(DeploymentProjectConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this5=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this5.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i5=0,_Object$keys5=Object.keys(a);_i5<_Object$keys5.length;_i5++){var _key5=_Object$keys5[_i5];a[_key5]=new classs(a[_key5]);}return a;}return new classs(a);}return a;}}]);return DeploymentProjectConfig;}();var ClusterInfo=/*#__PURE__*/createClass_createClass(function ClusterInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ClusterInfo);this.clusterId=void 0;if('string'===typeof source)source=JSON.parse(source);this.clusterId=source["clusterId"];});var GitInfo=/*#__PURE__*/createClass_createClass(function GitInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitInfo);this.url=void 0;this.ref=void 0;this.subDir=void 0;this.commit=void 0;this.dirty=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];this.commit=source["commit"];this.dirty=source["dirty"];});var KluctlDeploymentInfo=/*#__PURE__*/createClass_createClass(function KluctlDeploymentInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,KluctlDeploymentInfo);this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.namespace=source["namespace"];});var CommandInfo=/*#__PURE__*/function(){function CommandInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandInfo);this.initiator=void 0;this.startTime=void 0;this.endTime=void 0;this.kluctlDeployment=void 0;this.command=void 0;this.target=void 0;this.targetNameOverride=void 0;this.contextOverride=void 0;this.args=void 0;this.images=void 0;this.dryRun=void 0;this.noWait=void 0;this.forceApply=void 0;this.replaceOnError=void 0;this.forceReplaceOnError=void 0;this.abortOnError=void 0;this.includeTags=void 0;this.excludeTags=void 0;this.includeDeploymentDirs=void 0;this.excludeDeploymentDirs=void 0;if('string'===typeof source)source=JSON.parse(source);this.initiator=source["initiator"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.kluctlDeployment=this.convertValues(source["kluctlDeployment"],KluctlDeploymentInfo);this.command=source["command"];this.target=source["target"];this.targetNameOverride=source["targetNameOverride"];this.contextOverride=source["contextOverride"];this.args=source["args"];this.images=this.convertValues(source["images"],FixedImage);this.dryRun=source["dryRun"];this.noWait=source["noWait"];this.forceApply=source["forceApply"];this.replaceOnError=source["replaceOnError"];this.forceReplaceOnError=source["forceReplaceOnError"];this.abortOnError=source["abortOnError"];this.includeTags=source["includeTags"];this.excludeTags=source["excludeTags"];this.includeDeploymentDirs=source["includeDeploymentDirs"];this.excludeDeploymentDirs=source["excludeDeploymentDirs"];}createClass_createClass(CommandInfo,[{key:"convertValues",value:function convertValues(a,classs){var _this6=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this6.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i6=0,_Object$keys6=Object.keys(a);_i6<_Object$keys6.length;_i6++){var _key6=_Object$keys6[_i6];a[_key6]=new classs(a[_key6]);}return a;}return new classs(a);}return a;}}]);return CommandInfo;}();var models_ObjectRef=/*#__PURE__*/createClass_createClass(function ObjectRef(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ObjectRef);this.group=void 0;this.version=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.version=source["version"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var FixedImage=/*#__PURE__*/function(){function FixedImage(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,FixedImage);this.image=void 0;this.resultImage=void 0;this.deployedImage=void 0;this.namespace=void 0;this.object=void 0;this.deployment=void 0;this.container=void 0;this.deployTags=void 0;this.deploymentDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.image=source["image"];this.resultImage=source["resultImage"];this.deployedImage=source["deployedImage"];this.namespace=source["namespace"];this.object=this.convertValues(source["object"],models_ObjectRef);this.deployment=source["deployment"];this.container=source["container"];this.deployTags=source["deployTags"];this.deploymentDir=source["deploymentDir"];}createClass_createClass(FixedImage,[{key:"convertValues",value:function convertValues(a,classs){var _this7=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this7.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i7=0,_Object$keys7=Object.keys(a);_i7<_Object$keys7.length;_i7++){var _key7=_Object$keys7[_i7];a[_key7]=new classs(a[_key7]);}return a;}return new classs(a);}return a;}}]);return FixedImage;}();var SealingConfig=/*#__PURE__*/createClass_createClass(function SealingConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealingConfig);this.args=void 0;this.secretSets=void 0;this.certFile=void 0;if('string'===typeof source)source=JSON.parse(source);this.args=source["args"];this.secretSets=source["secretSets"];this.certFile=source["certFile"];});var Target=/*#__PURE__*/function(){function Target(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Target);this.name=void 0;this.context=void 0;this.args=void 0;this.sealingConfig=void 0;this.images=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.context=source["context"];this.args=source["args"];this.sealingConfig=this.convertValues(source["sealingConfig"],SealingConfig);this.images=this.convertValues(source["images"],FixedImage);this.discriminator=source["discriminator"];}createClass_createClass(Target,[{key:"convertValues",value:function convertValues(a,classs){var _this8=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this8.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i8=0,_Object$keys8=Object.keys(a);_i8<_Object$keys8.length;_i8++){var _key8=_Object$keys8[_i8];a[_key8]=new classs(a[_key8]);}return a;}return new classs(a);}return a;}}]);return Target;}();var TargetKey=/*#__PURE__*/createClass_createClass(function TargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,TargetKey);this.targetName=void 0;this.clusterId=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.targetName=source["targetName"];this.clusterId=source["clusterId"];this.discriminator=source["discriminator"];});var ProjectKey=/*#__PURE__*/createClass_createClass(function ProjectKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectKey);this.gitRepoKey=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.gitRepoKey=source["gitRepoKey"];this.subDir=source["subDir"];});var CommandResult=/*#__PURE__*/function(){function CommandResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResult);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.command=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.deployment=void 0;this.objects=void 0;this.errors=void 0;this.warnings=void 0;this.seenImages=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.command=this.convertValues(source["command"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.deployment=this.convertValues(source["deployment"],DeploymentProjectConfig);this.objects=this.convertValues(source["objects"],ResultObject);this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.seenImages=this.convertValues(source["seenImages"],FixedImage);}createClass_createClass(CommandResult,[{key:"convertValues",value:function convertValues(a,classs){var _this9=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this9.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i9=0,_Object$keys9=Object.keys(a);_i9<_Object$keys9.length;_i9++){var _key9=_Object$keys9[_i9];a[_key9]=new classs(a[_key9]);}return a;}return new classs(a);}return a;}}]);return CommandResult;}();var CommandResultSummary=/*#__PURE__*/function(){function CommandResultSummary(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResultSummary);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.commandInfo=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.renderedObjects=void 0;this.remoteObjects=void 0;this.appliedObjects=void 0;this.appliedHookObjects=void 0;this.newObjects=void 0;this.changedObjects=void 0;this.orphanObjects=void 0;this.deletedObjects=void 0;this.errors=void 0;this.warnings=void 0;this.totalChanges=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.commandInfo=this.convertValues(source["commandInfo"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.renderedObjects=source["renderedObjects"];this.remoteObjects=source["remoteObjects"];this.appliedObjects=source["appliedObjects"];this.appliedHookObjects=source["appliedHookObjects"];this.newObjects=source["newObjects"];this.changedObjects=source["changedObjects"];this.orphanObjects=source["orphanObjects"];this.deletedObjects=source["deletedObjects"];this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.totalChanges=source["totalChanges"];}createClass_createClass(CommandResultSummary,[{key:"convertValues",value:function convertValues(a,classs){var _this10=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this10.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i10=0,_Object$keys10=Object.keys(a);_i10<_Object$keys10.length;_i10++){var _key10=_Object$keys10[_i10];a[_key10]=new classs(a[_key10]);}return a;}return new classs(a);}return a;}}]);return CommandResultSummary;}();var ChangedObject=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ChangedObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ChangedObject);this.ref=void 0;this.changes=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);}_createClass(ChangedObject,[{key:"convertValues",value:function convertValues(a,classs){var _this11=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this11.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i11=0,_Object$keys11=Object.keys(a);_i11<_Object$keys11.length;_i11++){var _key11=_Object$keys11[_i11];a[_key11]=new classs(a[_key11]);}return a;}return new classs(a);}return a;}}]);return ChangedObject;}()));var ValidateResultEntry=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResultEntry(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResultEntry);this.ref=void 0;this.annotation=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.annotation=source["annotation"];this.message=source["message"];}_createClass(ValidateResultEntry,[{key:"convertValues",value:function convertValues(a,classs){var _this12=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this12.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i12=0,_Object$keys12=Object.keys(a);_i12<_Object$keys12.length;_i12++){var _key12=_Object$keys12[_i12];a[_key12]=new classs(a[_key12]);}return a;}return new classs(a);}return a;}}]);return ValidateResultEntry;}()));var ValidateResult=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResult);this.id=void 0;this.startTime=void 0;this.endTime=void 0;this.ready=void 0;this.warnings=void 0;this.errors=void 0;this.results=void 0;this.drift=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.ready=source["ready"];this.warnings=this.convertValues(source["warnings"],DeploymentError);this.errors=this.convertValues(source["errors"],DeploymentError);this.results=this.convertValues(source["results"],ValidateResultEntry);this.drift=this.convertValues(source["drift"],ChangedObject);}_createClass(ValidateResult,[{key:"convertValues",value:function convertValues(a,classs){var _this13=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this13.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i13=0,_Object$keys13=Object.keys(a);_i13<_Object$keys13.length;_i13++){var _key13=_Object$keys13[_i13];a[_key13]=new classs(a[_key13]);}return a;}return new classs(a);}return a;}}]);return ValidateResult;}()));var ShortName=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function ShortName(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ShortName);this.group=void 0;this.kind=void 0;this.shortName=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.shortName=source["shortName"];})));var UnstructuredObject=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function UnstructuredObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,UnstructuredObject);if('string'===typeof source)source=JSON.parse(source);})));var ProjectTargetKey=/*#__PURE__*/function(){function ProjectTargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectTargetKey);this.project=void 0;this.target=void 0;if('string'===typeof source)source=JSON.parse(source);this.project=this.convertValues(source["project"],ProjectKey);this.target=this.convertValues(source["target"],TargetKey);}createClass_createClass(ProjectTargetKey,[{key:"convertValues",value:function convertValues(a,classs){var _this14=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this14.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i14=0,_Object$keys14=Object.keys(a);_i14<_Object$keys14.length;_i14++){var _key14=_Object$keys14[_i14];a[_key14]=new classs(a[_key14]);}return a;}return new classs(a);}return a;}}]);return ProjectTargetKey;}();
+// EXTERNAL MODULE: ./node_modules/lodash/lodash.js
+var lodash = __webpack_require__(763);
+var lodash_default = /*#__PURE__*/__webpack_require__.n(lodash);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Grow/Grow.js
+
+
+var Grow_excluded = ["addEndListener", "appear", "children", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
+
+
+
+
+
+
+
+
+function getScale(value) {
+  return "scale(".concat(value, ", ").concat(Math.pow(value, 2), ")");
+}
+var Grow_styles = {
+  entering: {
+    opacity: 1,
+    transform: getScale(1)
+  },
+  entered: {
+    opacity: 1,
+    transform: 'none'
+  }
+};
+
+/*
+ TODO v6: remove
+ Conditionally apply a workaround for the CSS transition bug in Safari 15.4 / WebKit browsers.
+ */
+var isWebKit154 = typeof navigator !== 'undefined' && /^((?!chrome|android).)*(safari|mobile)/i.test(navigator.userAgent) && /(os |version\/)15(.|_)4/i.test(navigator.userAgent);
+
+/**
+ * The Grow transition is used by the [Tooltip](/material-ui/react-tooltip/) and
+ * [Popover](/material-ui/react-popover/) components.
+ * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
+ */
+var Grow = /*#__PURE__*/react.forwardRef(function Grow(props, ref) {
+  var addEndListener = props.addEndListener,
+    _props$appear = props.appear,
+    appear = _props$appear === void 0 ? true : _props$appear,
+    _children = props.children,
+    easing = props.easing,
+    inProp = props.in,
+    onEnter = props.onEnter,
+    onEntered = props.onEntered,
+    onEntering = props.onEntering,
+    onExit = props.onExit,
+    onExited = props.onExited,
+    onExiting = props.onExiting,
+    style = props.style,
+    _props$timeout = props.timeout,
+    timeout = _props$timeout === void 0 ? 'auto' : _props$timeout,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Grow_excluded);
+  var timer = react.useRef();
+  var autoTimeout = react.useRef();
+  var theme = styles_useTheme_useTheme();
+  var nodeRef = react.useRef(null);
+  var handleRef = utils_useForkRef(nodeRef, _children.ref, ref);
+  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
+    return function (maybeIsAppearing) {
+      if (callback) {
+        var node = nodeRef.current;
+
+        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
+        if (maybeIsAppearing === undefined) {
+          callback(node);
+        } else {
+          callback(node, maybeIsAppearing);
+        }
+      }
+    };
+  };
+  var handleEntering = normalizedTransitionCallback(onEntering);
+  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
+    reflow(node); // So the animation always start from the start.
+
+    var _getTransitionProps = getTransitionProps({
+        style: style,
+        timeout: timeout,
+        easing: easing
+      }, {
+        mode: 'enter'
+      }),
+      transitionDuration = _getTransitionProps.duration,
+      delay = _getTransitionProps.delay,
+      transitionTimingFunction = _getTransitionProps.easing;
+    var duration;
+    if (timeout === 'auto') {
+      duration = theme.transitions.getAutoHeightDuration(node.clientHeight);
+      autoTimeout.current = duration;
+    } else {
+      duration = transitionDuration;
+    }
+    node.style.transition = [theme.transitions.create('opacity', {
+      duration: duration,
+      delay: delay
+    }), theme.transitions.create('transform', {
+      duration: isWebKit154 ? duration : duration * 0.666,
+      delay: delay,
+      easing: transitionTimingFunction
+    })].join(',');
+    if (onEnter) {
+      onEnter(node, isAppearing);
+    }
+  });
+  var handleEntered = normalizedTransitionCallback(onEntered);
+  var handleExiting = normalizedTransitionCallback(onExiting);
+  var handleExit = normalizedTransitionCallback(function (node) {
+    var _getTransitionProps2 = getTransitionProps({
+        style: style,
+        timeout: timeout,
+        easing: easing
+      }, {
+        mode: 'exit'
+      }),
+      transitionDuration = _getTransitionProps2.duration,
+      delay = _getTransitionProps2.delay,
+      transitionTimingFunction = _getTransitionProps2.easing;
+    var duration;
+    if (timeout === 'auto') {
+      duration = theme.transitions.getAutoHeightDuration(node.clientHeight);
+      autoTimeout.current = duration;
+    } else {
+      duration = transitionDuration;
+    }
+    node.style.transition = [theme.transitions.create('opacity', {
+      duration: duration,
+      delay: delay
+    }), theme.transitions.create('transform', {
+      duration: isWebKit154 ? duration : duration * 0.666,
+      delay: isWebKit154 ? delay : delay || duration * 0.333,
+      easing: transitionTimingFunction
+    })].join(',');
+    node.style.opacity = 0;
+    node.style.transform = getScale(0.75);
+    if (onExit) {
+      onExit(node);
+    }
+  });
+  var handleExited = normalizedTransitionCallback(onExited);
+  var handleAddEndListener = function handleAddEndListener(next) {
+    if (timeout === 'auto') {
+      timer.current = setTimeout(next, autoTimeout.current || 0);
+    }
+    if (addEndListener) {
+      // Old call signature before `react-transition-group` implemented `nodeRef`
+      addEndListener(nodeRef.current, next);
+    }
+  };
+  react.useEffect(function () {
+    return function () {
+      clearTimeout(timer.current);
+    };
+  }, []);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    appear: appear,
+    in: inProp,
+    nodeRef: nodeRef,
+    onEnter: handleEnter,
+    onEntered: handleEntered,
+    onEntering: handleEntering,
+    onExit: handleExit,
+    onExited: handleExited,
+    onExiting: handleExiting,
+    addEndListener: handleAddEndListener,
+    timeout: timeout === 'auto' ? null : timeout
+  }, other, {
+    children: function children(state, childProps) {
+      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
+        style: extends_extends({
+          opacity: 0,
+          transform: getScale(0.75),
+          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
+        }, Grow_styles[state], style, _children.props.style),
+        ref: handleRef
+      }, childProps));
+    }
+  }));
+});
+ false ? 0 : void 0;
+Grow.muiSupportAuto = true;
+/* harmony default export */ var Grow_Grow = (Grow);
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindow.js
+function getWindow(node) {
+  if (node == null) {
+    return window;
+  }
+  if (node.toString() !== '[object Window]') {
+    var ownerDocument = node.ownerDocument;
+    return ownerDocument ? ownerDocument.defaultView || window : window;
+  }
+  return node;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/instanceOf.js
+
+function isElement(node) {
+  var OwnElement = getWindow(node).Element;
+  return node instanceof OwnElement || node instanceof Element;
+}
+function isHTMLElement(node) {
+  var OwnElement = getWindow(node).HTMLElement;
+  return node instanceof OwnElement || node instanceof HTMLElement;
+}
+function isShadowRoot(node) {
+  // IE 11 has no ShadowRoot
+  if (typeof ShadowRoot === 'undefined') {
+    return false;
+  }
+  var OwnElement = getWindow(node).ShadowRoot;
+  return node instanceof OwnElement || node instanceof ShadowRoot;
+}
+
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/math.js
+var math_max = Math.max;
+var math_min = Math.min;
+var math_round = Math.round;
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/userAgent.js
+function getUAString() {
+  var uaData = navigator.userAgentData;
+  if (uaData != null && uaData.brands && Array.isArray(uaData.brands)) {
+    return uaData.brands.map(function (item) {
+      return item.brand + "/" + item.version;
+    }).join(' ');
+  }
+  return navigator.userAgent;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isLayoutViewport.js
+
+function isLayoutViewport() {
+  return !/^((?!chrome|android).)*safari/i.test(getUAString());
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getBoundingClientRect.js
+
+
+
+
+function getBoundingClientRect(element, includeScale, isFixedStrategy) {
+  if (includeScale === void 0) {
+    includeScale = false;
+  }
+  if (isFixedStrategy === void 0) {
+    isFixedStrategy = false;
+  }
+  var clientRect = element.getBoundingClientRect();
+  var scaleX = 1;
+  var scaleY = 1;
+  if (includeScale && isHTMLElement(element)) {
+    scaleX = element.offsetWidth > 0 ? math_round(clientRect.width) / element.offsetWidth || 1 : 1;
+    scaleY = element.offsetHeight > 0 ? math_round(clientRect.height) / element.offsetHeight || 1 : 1;
+  }
+  var _ref = isElement(element) ? getWindow(element) : window,
+    visualViewport = _ref.visualViewport;
+  var addVisualOffsets = !isLayoutViewport() && isFixedStrategy;
+  var x = (clientRect.left + (addVisualOffsets && visualViewport ? visualViewport.offsetLeft : 0)) / scaleX;
+  var y = (clientRect.top + (addVisualOffsets && visualViewport ? visualViewport.offsetTop : 0)) / scaleY;
+  var width = clientRect.width / scaleX;
+  var height = clientRect.height / scaleY;
+  return {
+    width: width,
+    height: height,
+    top: y,
+    right: x + width,
+    bottom: y + height,
+    left: x,
+    x: x,
+    y: y
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindowScroll.js
+
+function getWindowScroll(node) {
+  var win = getWindow(node);
+  var scrollLeft = win.pageXOffset;
+  var scrollTop = win.pageYOffset;
+  return {
+    scrollLeft: scrollLeft,
+    scrollTop: scrollTop
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getHTMLElementScroll.js
+function getHTMLElementScroll(element) {
+  return {
+    scrollLeft: element.scrollLeft,
+    scrollTop: element.scrollTop
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getNodeScroll.js
+
+
+
+
+function getNodeScroll(node) {
+  if (node === getWindow(node) || !isHTMLElement(node)) {
+    return getWindowScroll(node);
+  } else {
+    return getHTMLElementScroll(node);
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getNodeName.js
+function getNodeName(element) {
+  return element ? (element.nodeName || '').toLowerCase() : null;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getDocumentElement.js
+
+function getDocumentElement(element) {
+  // $FlowFixMe[incompatible-return]: assume body is always available
+  return ((isElement(element) ? element.ownerDocument :
+  // $FlowFixMe[prop-missing]
+  element.document) || window.document).documentElement;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindowScrollBarX.js
+
+
+
+function getWindowScrollBarX(element) {
+  // If <html> has a CSS width greater than the viewport, then this will be
+  // incorrect for RTL.
+  // Popper 1 is broken in this case and never had a bug report so let's assume
+  // it's not an issue. I don't think anyone ever specifies width on <html>
+  // anyway.
+  // Browsers where the left scrollbar doesn't cause an issue report `0` for
+  // this (e.g. Edge 2019, IE11, Safari)
+  return getBoundingClientRect(getDocumentElement(element)).left + getWindowScroll(element).scrollLeft;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getComputedStyle.js
+
+function getComputedStyle(element) {
+  return getWindow(element).getComputedStyle(element);
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isScrollParent.js
+
+function isScrollParent(element) {
+  // Firefox wants us to check `-x` and `-y` variations as well
+  var _getComputedStyle = getComputedStyle(element),
+    overflow = _getComputedStyle.overflow,
+    overflowX = _getComputedStyle.overflowX,
+    overflowY = _getComputedStyle.overflowY;
+  return /auto|scroll|overlay|hidden/.test(overflow + overflowY + overflowX);
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getCompositeRect.js
+
+
+
+
+
+
+
+
+function isElementScaled(element) {
+  var rect = element.getBoundingClientRect();
+  var scaleX = math_round(rect.width) / element.offsetWidth || 1;
+  var scaleY = math_round(rect.height) / element.offsetHeight || 1;
+  return scaleX !== 1 || scaleY !== 1;
+} // Returns the composite rect of an element relative to its offsetParent.
+// Composite means it takes into account transforms as well as layout.
+
+function getCompositeRect(elementOrVirtualElement, offsetParent, isFixed) {
+  if (isFixed === void 0) {
+    isFixed = false;
+  }
+  var isOffsetParentAnElement = isHTMLElement(offsetParent);
+  var offsetParentIsScaled = isHTMLElement(offsetParent) && isElementScaled(offsetParent);
+  var documentElement = getDocumentElement(offsetParent);
+  var rect = getBoundingClientRect(elementOrVirtualElement, offsetParentIsScaled, isFixed);
+  var scroll = {
+    scrollLeft: 0,
+    scrollTop: 0
+  };
+  var offsets = {
+    x: 0,
+    y: 0
+  };
+  if (isOffsetParentAnElement || !isOffsetParentAnElement && !isFixed) {
+    if (getNodeName(offsetParent) !== 'body' ||
+    // https://github.com/popperjs/popper-core/issues/1078
+    isScrollParent(documentElement)) {
+      scroll = getNodeScroll(offsetParent);
+    }
+    if (isHTMLElement(offsetParent)) {
+      offsets = getBoundingClientRect(offsetParent, true);
+      offsets.x += offsetParent.clientLeft;
+      offsets.y += offsetParent.clientTop;
+    } else if (documentElement) {
+      offsets.x = getWindowScrollBarX(documentElement);
+    }
+  }
+  return {
+    x: rect.left + scroll.scrollLeft - offsets.x,
+    y: rect.top + scroll.scrollTop - offsets.y,
+    width: rect.width,
+    height: rect.height
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getLayoutRect.js
+ // Returns the layout rect of an element relative to its offsetParent. Layout
+// means it doesn't take into account transforms.
+
+function getLayoutRect(element) {
+  var clientRect = getBoundingClientRect(element); // Use the clientRect sizes if it's not been transformed.
+  // Fixes https://github.com/popperjs/popper-core/issues/1223
+
+  var width = element.offsetWidth;
+  var height = element.offsetHeight;
+  if (Math.abs(clientRect.width - width) <= 1) {
+    width = clientRect.width;
+  }
+  if (Math.abs(clientRect.height - height) <= 1) {
+    height = clientRect.height;
+  }
+  return {
+    x: element.offsetLeft,
+    y: element.offsetTop,
+    width: width,
+    height: height
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getParentNode.js
+
+
+
+function getParentNode(element) {
+  if (getNodeName(element) === 'html') {
+    return element;
+  }
+  return (
+    // this is a quicker (but less type safe) way to save quite some bytes from the bundle
+    // $FlowFixMe[incompatible-return]
+    // $FlowFixMe[prop-missing]
+    element.assignedSlot ||
+    // step into the shadow DOM of the parent of a slotted node
+    element.parentNode || (
+    // DOM Element detected
+    isShadowRoot(element) ? element.host : null) ||
+    // ShadowRoot detected
+    // $FlowFixMe[incompatible-call]: HTMLElement is a Node
+    getDocumentElement(element) // fallback
+  );
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getScrollParent.js
+
+
+
+
+function getScrollParent(node) {
+  if (['html', 'body', '#document'].indexOf(getNodeName(node)) >= 0) {
+    // $FlowFixMe[incompatible-return]: assume body is always available
+    return node.ownerDocument.body;
+  }
+  if (isHTMLElement(node) && isScrollParent(node)) {
+    return node;
+  }
+  return getScrollParent(getParentNode(node));
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/listScrollParents.js
+
+
+
+
+/*
+given a DOM element, return the list of all scroll parents, up the list of ancesors
+until we get to the top window object. This list is what we attach scroll listeners
+to, because if any of these parent elements scroll, we'll need to re-calculate the
+reference element's position.
+*/
+
+function listScrollParents(element, list) {
+  var _element$ownerDocumen;
+  if (list === void 0) {
+    list = [];
+  }
+  var scrollParent = getScrollParent(element);
+  var isBody = scrollParent === ((_element$ownerDocumen = element.ownerDocument) == null ? void 0 : _element$ownerDocumen.body);
+  var win = getWindow(scrollParent);
+  var target = isBody ? [win].concat(win.visualViewport || [], isScrollParent(scrollParent) ? scrollParent : []) : scrollParent;
+  var updatedList = list.concat(target);
+  return isBody ? updatedList :
+  // $FlowFixMe[incompatible-call]: isBody tells us target will be an HTMLElement here
+  updatedList.concat(listScrollParents(getParentNode(target)));
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isTableElement.js
+
+function isTableElement(element) {
+  return ['table', 'td', 'th'].indexOf(getNodeName(element)) >= 0;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getOffsetParent.js
+
+
+
+
+
+
+
+function getTrueOffsetParent(element) {
+  if (!isHTMLElement(element) ||
+  // https://github.com/popperjs/popper-core/issues/837
+  getComputedStyle(element).position === 'fixed') {
+    return null;
+  }
+  return element.offsetParent;
+} // `.offsetParent` reports `null` for fixed elements, while absolute elements
+// return the containing block
+
+function getContainingBlock(element) {
+  var isFirefox = /firefox/i.test(getUAString());
+  var isIE = /Trident/i.test(getUAString());
+  if (isIE && isHTMLElement(element)) {
+    // In IE 9, 10 and 11 fixed elements containing block is always established by the viewport
+    var elementCss = getComputedStyle(element);
+    if (elementCss.position === 'fixed') {
+      return null;
+    }
+  }
+  var currentNode = getParentNode(element);
+  if (isShadowRoot(currentNode)) {
+    currentNode = currentNode.host;
+  }
+  while (isHTMLElement(currentNode) && ['html', 'body'].indexOf(getNodeName(currentNode)) < 0) {
+    var css = getComputedStyle(currentNode); // This is non-exhaustive but covers the most common CSS properties that
+    // create a containing block.
+    // https://developer.mozilla.org/en-US/docs/Web/CSS/Containing_block#identifying_the_containing_block
+
+    if (css.transform !== 'none' || css.perspective !== 'none' || css.contain === 'paint' || ['transform', 'perspective'].indexOf(css.willChange) !== -1 || isFirefox && css.willChange === 'filter' || isFirefox && css.filter && css.filter !== 'none') {
+      return currentNode;
+    } else {
+      currentNode = currentNode.parentNode;
+    }
+  }
+  return null;
+} // Gets the closest ancestor positioned element. Handles some edge cases,
+// such as table ancestors and cross browser bugs.
+
+function getOffsetParent(element) {
+  var window = getWindow(element);
+  var offsetParent = getTrueOffsetParent(element);
+  while (offsetParent && isTableElement(offsetParent) && getComputedStyle(offsetParent).position === 'static') {
+    offsetParent = getTrueOffsetParent(offsetParent);
+  }
+  if (offsetParent && (getNodeName(offsetParent) === 'html' || getNodeName(offsetParent) === 'body' && getComputedStyle(offsetParent).position === 'static')) {
+    return window;
+  }
+  return offsetParent || getContainingBlock(element) || window;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/enums.js
+var enums_top = 'top';
+var bottom = 'bottom';
+var right = 'right';
+var left = 'left';
+var auto = 'auto';
+var basePlacements = [enums_top, bottom, right, left];
+var start = 'start';
+var end = 'end';
+var clippingParents = 'clippingParents';
+var viewport = 'viewport';
+var popper = 'popper';
+var reference = 'reference';
+var variationPlacements = /*#__PURE__*/basePlacements.reduce(function (acc, placement) {
+  return acc.concat([placement + "-" + start, placement + "-" + end]);
+}, []);
+var enums_placements = /*#__PURE__*/[].concat(basePlacements, [auto]).reduce(function (acc, placement) {
+  return acc.concat([placement, placement + "-" + start, placement + "-" + end]);
+}, []); // modifiers that need to read the DOM
+
+var beforeRead = 'beforeRead';
+var read = 'read';
+var afterRead = 'afterRead'; // pure-logic modifiers
+
+var beforeMain = 'beforeMain';
+var main = 'main';
+var afterMain = 'afterMain'; // modifier with the purpose to write to the DOM (or write into a framework state)
+
+var beforeWrite = 'beforeWrite';
+var write = 'write';
+var afterWrite = 'afterWrite';
+var modifierPhases = [beforeRead, read, afterRead, beforeMain, main, afterMain, beforeWrite, write, afterWrite];
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/orderModifiers.js
+ // source: https://stackoverflow.com/questions/49875255
+
+function order(modifiers) {
+  var map = new Map();
+  var visited = new Set();
+  var result = [];
+  modifiers.forEach(function (modifier) {
+    map.set(modifier.name, modifier);
+  }); // On visiting object, check for its dependencies and visit them recursively
+
+  function sort(modifier) {
+    visited.add(modifier.name);
+    var requires = [].concat(modifier.requires || [], modifier.requiresIfExists || []);
+    requires.forEach(function (dep) {
+      if (!visited.has(dep)) {
+        var depModifier = map.get(dep);
+        if (depModifier) {
+          sort(depModifier);
+        }
+      }
+    });
+    result.push(modifier);
+  }
+  modifiers.forEach(function (modifier) {
+    if (!visited.has(modifier.name)) {
+      // check for visited object
+      sort(modifier);
+    }
+  });
+  return result;
+}
+function orderModifiers(modifiers) {
+  // order based on dependencies
+  var orderedModifiers = order(modifiers); // order based on phase
+
+  return modifierPhases.reduce(function (acc, phase) {
+    return acc.concat(orderedModifiers.filter(function (modifier) {
+      return modifier.phase === phase;
+    }));
+  }, []);
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/debounce.js
+function debounce_debounce(fn) {
+  var pending;
+  return function () {
+    if (!pending) {
+      pending = new Promise(function (resolve) {
+        Promise.resolve().then(function () {
+          pending = undefined;
+          resolve(fn());
+        });
+      });
+    }
+    return pending;
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/mergeByName.js
+function mergeByName(modifiers) {
+  var merged = modifiers.reduce(function (merged, current) {
+    var existing = merged[current.name];
+    merged[current.name] = existing ? Object.assign({}, existing, current, {
+      options: Object.assign({}, existing.options, current.options),
+      data: Object.assign({}, existing.data, current.data)
+    }) : current;
+    return merged;
+  }, {}); // IE11 does not support Object.values
+
+  return Object.keys(merged).map(function (key) {
+    return merged[key];
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/createPopper.js
+
+
+
+
+
+
+
+
+
+var DEFAULT_OPTIONS = {
+  placement: 'bottom',
+  modifiers: [],
+  strategy: 'absolute'
+};
+function areValidElements() {
+  for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
+    args[_key] = arguments[_key];
+  }
+  return !args.some(function (element) {
+    return !(element && typeof element.getBoundingClientRect === 'function');
+  });
+}
+function popperGenerator(generatorOptions) {
+  if (generatorOptions === void 0) {
+    generatorOptions = {};
+  }
+  var _generatorOptions = generatorOptions,
+    _generatorOptions$def = _generatorOptions.defaultModifiers,
+    defaultModifiers = _generatorOptions$def === void 0 ? [] : _generatorOptions$def,
+    _generatorOptions$def2 = _generatorOptions.defaultOptions,
+    defaultOptions = _generatorOptions$def2 === void 0 ? DEFAULT_OPTIONS : _generatorOptions$def2;
+  return function createPopper(reference, popper, options) {
+    if (options === void 0) {
+      options = defaultOptions;
+    }
+    var state = {
+      placement: 'bottom',
+      orderedModifiers: [],
+      options: Object.assign({}, DEFAULT_OPTIONS, defaultOptions),
+      modifiersData: {},
+      elements: {
+        reference: reference,
+        popper: popper
+      },
+      attributes: {},
+      styles: {}
+    };
+    var effectCleanupFns = [];
+    var isDestroyed = false;
+    var instance = {
+      state: state,
+      setOptions: function setOptions(setOptionsAction) {
+        var options = typeof setOptionsAction === 'function' ? setOptionsAction(state.options) : setOptionsAction;
+        cleanupModifierEffects();
+        state.options = Object.assign({}, defaultOptions, state.options, options);
+        state.scrollParents = {
+          reference: isElement(reference) ? listScrollParents(reference) : reference.contextElement ? listScrollParents(reference.contextElement) : [],
+          popper: listScrollParents(popper)
+        }; // Orders the modifiers based on their dependencies and `phase`
+        // properties
+
+        var orderedModifiers = orderModifiers(mergeByName([].concat(defaultModifiers, state.options.modifiers))); // Strip out disabled modifiers
+
+        state.orderedModifiers = orderedModifiers.filter(function (m) {
+          return m.enabled;
+        });
+        runModifierEffects();
+        return instance.update();
+      },
+      // Sync update – it will always be executed, even if not necessary. This
+      // is useful for low frequency updates where sync behavior simplifies the
+      // logic.
+      // For high frequency updates (e.g. `resize` and `scroll` events), always
+      // prefer the async Popper#update method
+      forceUpdate: function forceUpdate() {
+        if (isDestroyed) {
+          return;
+        }
+        var _state$elements = state.elements,
+          reference = _state$elements.reference,
+          popper = _state$elements.popper; // Don't proceed if `reference` or `popper` are not valid elements
+        // anymore
+
+        if (!areValidElements(reference, popper)) {
+          return;
+        } // Store the reference and popper rects to be read by modifiers
+
+        state.rects = {
+          reference: getCompositeRect(reference, getOffsetParent(popper), state.options.strategy === 'fixed'),
+          popper: getLayoutRect(popper)
+        }; // Modifiers have the ability to reset the current update cycle. The
+        // most common use case for this is the `flip` modifier changing the
+        // placement, which then needs to re-run all the modifiers, because the
+        // logic was previously ran for the previous placement and is therefore
+        // stale/incorrect
+
+        state.reset = false;
+        state.placement = state.options.placement; // On each update cycle, the `modifiersData` property for each modifier
+        // is filled with the initial data specified by the modifier. This means
+        // it doesn't persist and is fresh on each update.
+        // To ensure persistent data, use `${name}#persistent`
+
+        state.orderedModifiers.forEach(function (modifier) {
+          return state.modifiersData[modifier.name] = Object.assign({}, modifier.data);
+        });
+        for (var index = 0; index < state.orderedModifiers.length; index++) {
+          if (state.reset === true) {
+            state.reset = false;
+            index = -1;
+            continue;
+          }
+          var _state$orderedModifie = state.orderedModifiers[index],
+            fn = _state$orderedModifie.fn,
+            _state$orderedModifie2 = _state$orderedModifie.options,
+            _options = _state$orderedModifie2 === void 0 ? {} : _state$orderedModifie2,
+            name = _state$orderedModifie.name;
+          if (typeof fn === 'function') {
+            state = fn({
+              state: state,
+              options: _options,
+              name: name,
+              instance: instance
+            }) || state;
+          }
+        }
+      },
+      // Async and optimistically optimized update – it will not be executed if
+      // not necessary (debounced to run at most once-per-tick)
+      update: debounce_debounce(function () {
+        return new Promise(function (resolve) {
+          instance.forceUpdate();
+          resolve(state);
+        });
+      }),
+      destroy: function destroy() {
+        cleanupModifierEffects();
+        isDestroyed = true;
+      }
+    };
+    if (!areValidElements(reference, popper)) {
+      return instance;
+    }
+    instance.setOptions(options).then(function (state) {
+      if (!isDestroyed && options.onFirstUpdate) {
+        options.onFirstUpdate(state);
+      }
+    }); // Modifiers have the ability to execute arbitrary code before the first
+    // update cycle runs. They will be executed in the same order as the update
+    // cycle. This is useful when a modifier adds some persistent data that
+    // other modifiers need to use, but the modifier is run after the dependent
+    // one.
+
+    function runModifierEffects() {
+      state.orderedModifiers.forEach(function (_ref) {
+        var name = _ref.name,
+          _ref$options = _ref.options,
+          options = _ref$options === void 0 ? {} : _ref$options,
+          effect = _ref.effect;
+        if (typeof effect === 'function') {
+          var cleanupFn = effect({
+            state: state,
+            name: name,
+            instance: instance,
+            options: options
+          });
+          var noopFn = function noopFn() {};
+          effectCleanupFns.push(cleanupFn || noopFn);
+        }
+      });
+    }
+    function cleanupModifierEffects() {
+      effectCleanupFns.forEach(function (fn) {
+        return fn();
+      });
+      effectCleanupFns = [];
+    }
+    return instance;
+  };
+}
+var createPopper = /*#__PURE__*/(/* unused pure expression or super */ null && (popperGenerator())); // eslint-disable-next-line import/no-unused-modules
+
+
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/eventListeners.js
+ // eslint-disable-next-line import/no-unused-modules
+
+var passive = {
+  passive: true
+};
+function effect(_ref) {
+  var state = _ref.state,
+    instance = _ref.instance,
+    options = _ref.options;
+  var _options$scroll = options.scroll,
+    scroll = _options$scroll === void 0 ? true : _options$scroll,
+    _options$resize = options.resize,
+    resize = _options$resize === void 0 ? true : _options$resize;
+  var window = getWindow(state.elements.popper);
+  var scrollParents = [].concat(state.scrollParents.reference, state.scrollParents.popper);
+  if (scroll) {
+    scrollParents.forEach(function (scrollParent) {
+      scrollParent.addEventListener('scroll', instance.update, passive);
+    });
+  }
+  if (resize) {
+    window.addEventListener('resize', instance.update, passive);
+  }
+  return function () {
+    if (scroll) {
+      scrollParents.forEach(function (scrollParent) {
+        scrollParent.removeEventListener('scroll', instance.update, passive);
+      });
+    }
+    if (resize) {
+      window.removeEventListener('resize', instance.update, passive);
+    }
+  };
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var eventListeners = ({
+  name: 'eventListeners',
+  enabled: true,
+  phase: 'write',
+  fn: function fn() {},
+  effect: effect,
+  data: {}
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getBasePlacement.js
+
+function getBasePlacement(placement) {
+  return placement.split('-')[0];
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getVariation.js
+function getVariation(placement) {
+  return placement.split('-')[1];
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getMainAxisFromPlacement.js
+function getMainAxisFromPlacement(placement) {
+  return ['top', 'bottom'].indexOf(placement) >= 0 ? 'x' : 'y';
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/computeOffsets.js
+
+
+
+
+function computeOffsets(_ref) {
+  var reference = _ref.reference,
+    element = _ref.element,
+    placement = _ref.placement;
+  var basePlacement = placement ? getBasePlacement(placement) : null;
+  var variation = placement ? getVariation(placement) : null;
+  var commonX = reference.x + reference.width / 2 - element.width / 2;
+  var commonY = reference.y + reference.height / 2 - element.height / 2;
+  var offsets;
+  switch (basePlacement) {
+    case enums_top:
+      offsets = {
+        x: commonX,
+        y: reference.y - element.height
+      };
+      break;
+    case bottom:
+      offsets = {
+        x: commonX,
+        y: reference.y + reference.height
+      };
+      break;
+    case right:
+      offsets = {
+        x: reference.x + reference.width,
+        y: commonY
+      };
+      break;
+    case left:
+      offsets = {
+        x: reference.x - element.width,
+        y: commonY
+      };
+      break;
+    default:
+      offsets = {
+        x: reference.x,
+        y: reference.y
+      };
+  }
+  var mainAxis = basePlacement ? getMainAxisFromPlacement(basePlacement) : null;
+  if (mainAxis != null) {
+    var len = mainAxis === 'y' ? 'height' : 'width';
+    switch (variation) {
+      case start:
+        offsets[mainAxis] = offsets[mainAxis] - (reference[len] / 2 - element[len] / 2);
+        break;
+      case end:
+        offsets[mainAxis] = offsets[mainAxis] + (reference[len] / 2 - element[len] / 2);
+        break;
+      default:
+    }
+  }
+  return offsets;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/popperOffsets.js
+
+function popperOffsets(_ref) {
+  var state = _ref.state,
+    name = _ref.name;
+  // Offsets are the actual position the popper needs to have to be
+  // properly positioned near its reference element
+  // This is the most basic placement, and will be adjusted by
+  // the modifiers in the next step
+  state.modifiersData[name] = computeOffsets({
+    reference: state.rects.reference,
+    element: state.rects.popper,
+    strategy: 'absolute',
+    placement: state.placement
+  });
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_popperOffsets = ({
+  name: 'popperOffsets',
+  enabled: true,
+  phase: 'read',
+  fn: popperOffsets,
+  data: {}
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/computeStyles.js
+
+
+
+
+
+
+
+ // eslint-disable-next-line import/no-unused-modules
+
+var unsetSides = {
+  top: 'auto',
+  right: 'auto',
+  bottom: 'auto',
+  left: 'auto'
+}; // Round the offsets to the nearest suitable subpixel based on the DPR.
+// Zooming can change the DPR, but it seems to report a value that will
+// cleanly divide the values into the appropriate subpixels.
+
+function roundOffsetsByDPR(_ref, win) {
+  var x = _ref.x,
+    y = _ref.y;
+  var dpr = win.devicePixelRatio || 1;
+  return {
+    x: math_round(x * dpr) / dpr || 0,
+    y: math_round(y * dpr) / dpr || 0
+  };
+}
+function mapToStyles(_ref2) {
+  var _Object$assign2;
+  var popper = _ref2.popper,
+    popperRect = _ref2.popperRect,
+    placement = _ref2.placement,
+    variation = _ref2.variation,
+    offsets = _ref2.offsets,
+    position = _ref2.position,
+    gpuAcceleration = _ref2.gpuAcceleration,
+    adaptive = _ref2.adaptive,
+    roundOffsets = _ref2.roundOffsets,
+    isFixed = _ref2.isFixed;
+  var _offsets$x = offsets.x,
+    x = _offsets$x === void 0 ? 0 : _offsets$x,
+    _offsets$y = offsets.y,
+    y = _offsets$y === void 0 ? 0 : _offsets$y;
+  var _ref3 = typeof roundOffsets === 'function' ? roundOffsets({
+    x: x,
+    y: y
+  }) : {
+    x: x,
+    y: y
+  };
+  x = _ref3.x;
+  y = _ref3.y;
+  var hasX = offsets.hasOwnProperty('x');
+  var hasY = offsets.hasOwnProperty('y');
+  var sideX = left;
+  var sideY = enums_top;
+  var win = window;
+  if (adaptive) {
+    var offsetParent = getOffsetParent(popper);
+    var heightProp = 'clientHeight';
+    var widthProp = 'clientWidth';
+    if (offsetParent === getWindow(popper)) {
+      offsetParent = getDocumentElement(popper);
+      if (getComputedStyle(offsetParent).position !== 'static' && position === 'absolute') {
+        heightProp = 'scrollHeight';
+        widthProp = 'scrollWidth';
+      }
+    } // $FlowFixMe[incompatible-cast]: force type refinement, we compare offsetParent with window above, but Flow doesn't detect it
+
+    offsetParent = offsetParent;
+    if (placement === enums_top || (placement === left || placement === right) && variation === end) {
+      sideY = bottom;
+      var offsetY = isFixed && offsetParent === win && win.visualViewport ? win.visualViewport.height :
+      // $FlowFixMe[prop-missing]
+      offsetParent[heightProp];
+      y -= offsetY - popperRect.height;
+      y *= gpuAcceleration ? 1 : -1;
+    }
+    if (placement === left || (placement === enums_top || placement === bottom) && variation === end) {
+      sideX = right;
+      var offsetX = isFixed && offsetParent === win && win.visualViewport ? win.visualViewport.width :
+      // $FlowFixMe[prop-missing]
+      offsetParent[widthProp];
+      x -= offsetX - popperRect.width;
+      x *= gpuAcceleration ? 1 : -1;
+    }
+  }
+  var commonStyles = Object.assign({
+    position: position
+  }, adaptive && unsetSides);
+  var _ref4 = roundOffsets === true ? roundOffsetsByDPR({
+    x: x,
+    y: y
+  }, getWindow(popper)) : {
+    x: x,
+    y: y
+  };
+  x = _ref4.x;
+  y = _ref4.y;
+  if (gpuAcceleration) {
+    var _Object$assign;
+    return Object.assign({}, commonStyles, (_Object$assign = {}, _Object$assign[sideY] = hasY ? '0' : '', _Object$assign[sideX] = hasX ? '0' : '', _Object$assign.transform = (win.devicePixelRatio || 1) <= 1 ? "translate(" + x + "px, " + y + "px)" : "translate3d(" + x + "px, " + y + "px, 0)", _Object$assign));
+  }
+  return Object.assign({}, commonStyles, (_Object$assign2 = {}, _Object$assign2[sideY] = hasY ? y + "px" : '', _Object$assign2[sideX] = hasX ? x + "px" : '', _Object$assign2.transform = '', _Object$assign2));
+}
+function computeStyles(_ref5) {
+  var state = _ref5.state,
+    options = _ref5.options;
+  var _options$gpuAccelerat = options.gpuAcceleration,
+    gpuAcceleration = _options$gpuAccelerat === void 0 ? true : _options$gpuAccelerat,
+    _options$adaptive = options.adaptive,
+    adaptive = _options$adaptive === void 0 ? true : _options$adaptive,
+    _options$roundOffsets = options.roundOffsets,
+    roundOffsets = _options$roundOffsets === void 0 ? true : _options$roundOffsets;
+  var commonStyles = {
+    placement: getBasePlacement(state.placement),
+    variation: getVariation(state.placement),
+    popper: state.elements.popper,
+    popperRect: state.rects.popper,
+    gpuAcceleration: gpuAcceleration,
+    isFixed: state.options.strategy === 'fixed'
+  };
+  if (state.modifiersData.popperOffsets != null) {
+    state.styles.popper = Object.assign({}, state.styles.popper, mapToStyles(Object.assign({}, commonStyles, {
+      offsets: state.modifiersData.popperOffsets,
+      position: state.options.strategy,
+      adaptive: adaptive,
+      roundOffsets: roundOffsets
+    })));
+  }
+  if (state.modifiersData.arrow != null) {
+    state.styles.arrow = Object.assign({}, state.styles.arrow, mapToStyles(Object.assign({}, commonStyles, {
+      offsets: state.modifiersData.arrow,
+      position: 'absolute',
+      adaptive: false,
+      roundOffsets: roundOffsets
+    })));
+  }
+  state.attributes.popper = Object.assign({}, state.attributes.popper, {
+    'data-popper-placement': state.placement
+  });
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_computeStyles = ({
+  name: 'computeStyles',
+  enabled: true,
+  phase: 'beforeWrite',
+  fn: computeStyles,
+  data: {}
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/applyStyles.js
+
+ // This modifier takes the styles prepared by the `computeStyles` modifier
+// and applies them to the HTMLElements such as popper and arrow
+
+function applyStyles(_ref) {
+  var state = _ref.state;
+  Object.keys(state.elements).forEach(function (name) {
+    var style = state.styles[name] || {};
+    var attributes = state.attributes[name] || {};
+    var element = state.elements[name]; // arrow is optional + virtual elements
+
+    if (!isHTMLElement(element) || !getNodeName(element)) {
+      return;
+    } // Flow doesn't support to extend this property, but it's the most
+    // effective way to apply styles to an HTMLElement
+    // $FlowFixMe[cannot-write]
+
+    Object.assign(element.style, style);
+    Object.keys(attributes).forEach(function (name) {
+      var value = attributes[name];
+      if (value === false) {
+        element.removeAttribute(name);
+      } else {
+        element.setAttribute(name, value === true ? '' : value);
+      }
+    });
+  });
+}
+function applyStyles_effect(_ref2) {
+  var state = _ref2.state;
+  var initialStyles = {
+    popper: {
+      position: state.options.strategy,
+      left: '0',
+      top: '0',
+      margin: '0'
+    },
+    arrow: {
+      position: 'absolute'
+    },
+    reference: {}
+  };
+  Object.assign(state.elements.popper.style, initialStyles.popper);
+  state.styles = initialStyles;
+  if (state.elements.arrow) {
+    Object.assign(state.elements.arrow.style, initialStyles.arrow);
+  }
+  return function () {
+    Object.keys(state.elements).forEach(function (name) {
+      var element = state.elements[name];
+      var attributes = state.attributes[name] || {};
+      var styleProperties = Object.keys(state.styles.hasOwnProperty(name) ? state.styles[name] : initialStyles[name]); // Set all values to an empty string to unset them
+
+      var style = styleProperties.reduce(function (style, property) {
+        style[property] = '';
+        return style;
+      }, {}); // arrow is optional + virtual elements
+
+      if (!isHTMLElement(element) || !getNodeName(element)) {
+        return;
+      }
+      Object.assign(element.style, style);
+      Object.keys(attributes).forEach(function (attribute) {
+        element.removeAttribute(attribute);
+      });
+    });
+  };
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_applyStyles = ({
+  name: 'applyStyles',
+  enabled: true,
+  phase: 'write',
+  fn: applyStyles,
+  effect: applyStyles_effect,
+  requires: ['computeStyles']
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/offset.js
+
+ // eslint-disable-next-line import/no-unused-modules
+
+function distanceAndSkiddingToXY(placement, rects, offset) {
+  var basePlacement = getBasePlacement(placement);
+  var invertDistance = [left, enums_top].indexOf(basePlacement) >= 0 ? -1 : 1;
+  var _ref = typeof offset === 'function' ? offset(Object.assign({}, rects, {
+      placement: placement
+    })) : offset,
+    skidding = _ref[0],
+    distance = _ref[1];
+  skidding = skidding || 0;
+  distance = (distance || 0) * invertDistance;
+  return [left, right].indexOf(basePlacement) >= 0 ? {
+    x: distance,
+    y: skidding
+  } : {
+    x: skidding,
+    y: distance
+  };
+}
+function offset(_ref2) {
+  var state = _ref2.state,
+    options = _ref2.options,
+    name = _ref2.name;
+  var _options$offset = options.offset,
+    offset = _options$offset === void 0 ? [0, 0] : _options$offset;
+  var data = enums_placements.reduce(function (acc, placement) {
+    acc[placement] = distanceAndSkiddingToXY(placement, state.rects, offset);
+    return acc;
+  }, {});
+  var _data$state$placement = data[state.placement],
+    x = _data$state$placement.x,
+    y = _data$state$placement.y;
+  if (state.modifiersData.popperOffsets != null) {
+    state.modifiersData.popperOffsets.x += x;
+    state.modifiersData.popperOffsets.y += y;
+  }
+  state.modifiersData[name] = data;
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_offset = ({
+  name: 'offset',
+  enabled: true,
+  phase: 'main',
+  requires: ['popperOffsets'],
+  fn: offset
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getOppositePlacement.js
+var getOppositePlacement_hash = {
+  left: 'right',
+  right: 'left',
+  bottom: 'top',
+  top: 'bottom'
+};
+function getOppositePlacement(placement) {
+  return placement.replace(/left|right|bottom|top/g, function (matched) {
+    return getOppositePlacement_hash[matched];
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getOppositeVariationPlacement.js
+var getOppositeVariationPlacement_hash = {
+  start: 'end',
+  end: 'start'
+};
+function getOppositeVariationPlacement(placement) {
+  return placement.replace(/start|end/g, function (matched) {
+    return getOppositeVariationPlacement_hash[matched];
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getViewportRect.js
+
+
+
+
+function getViewportRect(element, strategy) {
+  var win = getWindow(element);
+  var html = getDocumentElement(element);
+  var visualViewport = win.visualViewport;
+  var width = html.clientWidth;
+  var height = html.clientHeight;
+  var x = 0;
+  var y = 0;
+  if (visualViewport) {
+    width = visualViewport.width;
+    height = visualViewport.height;
+    var layoutViewport = isLayoutViewport();
+    if (layoutViewport || !layoutViewport && strategy === 'fixed') {
+      x = visualViewport.offsetLeft;
+      y = visualViewport.offsetTop;
+    }
+  }
+  return {
+    width: width,
+    height: height,
+    x: x + getWindowScrollBarX(element),
+    y: y
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getDocumentRect.js
+
+
+
+
+ // Gets the entire size of the scrollable document area, even extending outside
+// of the `<html>` and `<body>` rect bounds if horizontally scrollable
+
+function getDocumentRect(element) {
+  var _element$ownerDocumen;
+  var html = getDocumentElement(element);
+  var winScroll = getWindowScroll(element);
+  var body = (_element$ownerDocumen = element.ownerDocument) == null ? void 0 : _element$ownerDocumen.body;
+  var width = math_max(html.scrollWidth, html.clientWidth, body ? body.scrollWidth : 0, body ? body.clientWidth : 0);
+  var height = math_max(html.scrollHeight, html.clientHeight, body ? body.scrollHeight : 0, body ? body.clientHeight : 0);
+  var x = -winScroll.scrollLeft + getWindowScrollBarX(element);
+  var y = -winScroll.scrollTop;
+  if (getComputedStyle(body || html).direction === 'rtl') {
+    x += math_max(html.clientWidth, body ? body.clientWidth : 0) - width;
+  }
+  return {
+    width: width,
+    height: height,
+    x: x,
+    y: y
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/contains.js
+
+function contains(parent, child) {
+  var rootNode = child.getRootNode && child.getRootNode(); // First, attempt with faster native method
+
+  if (parent.contains(child)) {
+    return true;
+  } // then fallback to custom implementation with Shadow DOM support
+  else if (rootNode && isShadowRoot(rootNode)) {
+    var next = child;
+    do {
+      if (next && parent.isSameNode(next)) {
+        return true;
+      } // $FlowFixMe[prop-missing]: need a better way to handle this...
+
+      next = next.parentNode || next.host;
+    } while (next);
+  } // Give up, the result is false
+
+  return false;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/rectToClientRect.js
+function rectToClientRect(rect) {
+  return Object.assign({}, rect, {
+    left: rect.x,
+    top: rect.y,
+    right: rect.x + rect.width,
+    bottom: rect.y + rect.height
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getClippingRect.js
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+function getInnerBoundingClientRect(element, strategy) {
+  var rect = getBoundingClientRect(element, false, strategy === 'fixed');
+  rect.top = rect.top + element.clientTop;
+  rect.left = rect.left + element.clientLeft;
+  rect.bottom = rect.top + element.clientHeight;
+  rect.right = rect.left + element.clientWidth;
+  rect.width = element.clientWidth;
+  rect.height = element.clientHeight;
+  rect.x = rect.left;
+  rect.y = rect.top;
+  return rect;
+}
+function getClientRectFromMixedType(element, clippingParent, strategy) {
+  return clippingParent === viewport ? rectToClientRect(getViewportRect(element, strategy)) : isElement(clippingParent) ? getInnerBoundingClientRect(clippingParent, strategy) : rectToClientRect(getDocumentRect(getDocumentElement(element)));
+} // A "clipping parent" is an overflowable container with the characteristic of
+// clipping (or hiding) overflowing elements with a position different from
+// `initial`
+
+function getClippingParents(element) {
+  var clippingParents = listScrollParents(getParentNode(element));
+  var canEscapeClipping = ['absolute', 'fixed'].indexOf(getComputedStyle(element).position) >= 0;
+  var clipperElement = canEscapeClipping && isHTMLElement(element) ? getOffsetParent(element) : element;
+  if (!isElement(clipperElement)) {
+    return [];
+  } // $FlowFixMe[incompatible-return]: https://github.com/facebook/flow/issues/1414
+
+  return clippingParents.filter(function (clippingParent) {
+    return isElement(clippingParent) && contains(clippingParent, clipperElement) && getNodeName(clippingParent) !== 'body';
+  });
+} // Gets the maximum area that the element is visible in due to any number of
+// clipping parents
+
+function getClippingRect(element, boundary, rootBoundary, strategy) {
+  var mainClippingParents = boundary === 'clippingParents' ? getClippingParents(element) : [].concat(boundary);
+  var clippingParents = [].concat(mainClippingParents, [rootBoundary]);
+  var firstClippingParent = clippingParents[0];
+  var clippingRect = clippingParents.reduce(function (accRect, clippingParent) {
+    var rect = getClientRectFromMixedType(element, clippingParent, strategy);
+    accRect.top = math_max(rect.top, accRect.top);
+    accRect.right = math_min(rect.right, accRect.right);
+    accRect.bottom = math_min(rect.bottom, accRect.bottom);
+    accRect.left = math_max(rect.left, accRect.left);
+    return accRect;
+  }, getClientRectFromMixedType(element, firstClippingParent, strategy));
+  clippingRect.width = clippingRect.right - clippingRect.left;
+  clippingRect.height = clippingRect.bottom - clippingRect.top;
+  clippingRect.x = clippingRect.left;
+  clippingRect.y = clippingRect.top;
+  return clippingRect;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getFreshSideObject.js
+function getFreshSideObject() {
+  return {
+    top: 0,
+    right: 0,
+    bottom: 0,
+    left: 0
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/mergePaddingObject.js
+
+function mergePaddingObject(paddingObject) {
+  return Object.assign({}, getFreshSideObject(), paddingObject);
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/expandToHashMap.js
+function expandToHashMap(value, keys) {
+  return keys.reduce(function (hashMap, key) {
+    hashMap[key] = value;
+    return hashMap;
+  }, {});
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/detectOverflow.js
+
+
+
+
+
+
+
+
+ // eslint-disable-next-line import/no-unused-modules
+
+function detectOverflow(state, options) {
+  if (options === void 0) {
+    options = {};
+  }
+  var _options = options,
+    _options$placement = _options.placement,
+    placement = _options$placement === void 0 ? state.placement : _options$placement,
+    _options$strategy = _options.strategy,
+    strategy = _options$strategy === void 0 ? state.strategy : _options$strategy,
+    _options$boundary = _options.boundary,
+    boundary = _options$boundary === void 0 ? clippingParents : _options$boundary,
+    _options$rootBoundary = _options.rootBoundary,
+    rootBoundary = _options$rootBoundary === void 0 ? viewport : _options$rootBoundary,
+    _options$elementConte = _options.elementContext,
+    elementContext = _options$elementConte === void 0 ? popper : _options$elementConte,
+    _options$altBoundary = _options.altBoundary,
+    altBoundary = _options$altBoundary === void 0 ? false : _options$altBoundary,
+    _options$padding = _options.padding,
+    padding = _options$padding === void 0 ? 0 : _options$padding;
+  var paddingObject = mergePaddingObject(typeof padding !== 'number' ? padding : expandToHashMap(padding, basePlacements));
+  var altContext = elementContext === popper ? reference : popper;
+  var popperRect = state.rects.popper;
+  var element = state.elements[altBoundary ? altContext : elementContext];
+  var clippingClientRect = getClippingRect(isElement(element) ? element : element.contextElement || getDocumentElement(state.elements.popper), boundary, rootBoundary, strategy);
+  var referenceClientRect = getBoundingClientRect(state.elements.reference);
+  var popperOffsets = computeOffsets({
+    reference: referenceClientRect,
+    element: popperRect,
+    strategy: 'absolute',
+    placement: placement
+  });
+  var popperClientRect = rectToClientRect(Object.assign({}, popperRect, popperOffsets));
+  var elementClientRect = elementContext === popper ? popperClientRect : referenceClientRect; // positive = overflowing the clipping rect
+  // 0 or negative = within the clipping rect
+
+  var overflowOffsets = {
+    top: clippingClientRect.top - elementClientRect.top + paddingObject.top,
+    bottom: elementClientRect.bottom - clippingClientRect.bottom + paddingObject.bottom,
+    left: clippingClientRect.left - elementClientRect.left + paddingObject.left,
+    right: elementClientRect.right - clippingClientRect.right + paddingObject.right
+  };
+  var offsetData = state.modifiersData.offset; // Offsets can be applied only to the popper element
+
+  if (elementContext === popper && offsetData) {
+    var offset = offsetData[placement];
+    Object.keys(overflowOffsets).forEach(function (key) {
+      var multiply = [right, bottom].indexOf(key) >= 0 ? 1 : -1;
+      var axis = [enums_top, bottom].indexOf(key) >= 0 ? 'y' : 'x';
+      overflowOffsets[key] += offset[axis] * multiply;
+    });
+  }
+  return overflowOffsets;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/computeAutoPlacement.js
+
+
+
+
+function computeAutoPlacement(state, options) {
+  if (options === void 0) {
+    options = {};
+  }
+  var _options = options,
+    placement = _options.placement,
+    boundary = _options.boundary,
+    rootBoundary = _options.rootBoundary,
+    padding = _options.padding,
+    flipVariations = _options.flipVariations,
+    _options$allowedAutoP = _options.allowedAutoPlacements,
+    allowedAutoPlacements = _options$allowedAutoP === void 0 ? enums_placements : _options$allowedAutoP;
+  var variation = getVariation(placement);
+  var placements = variation ? flipVariations ? variationPlacements : variationPlacements.filter(function (placement) {
+    return getVariation(placement) === variation;
+  }) : basePlacements;
+  var allowedPlacements = placements.filter(function (placement) {
+    return allowedAutoPlacements.indexOf(placement) >= 0;
+  });
+  if (allowedPlacements.length === 0) {
+    allowedPlacements = placements;
+  } // $FlowFixMe[incompatible-type]: Flow seems to have problems with two array unions...
+
+  var overflows = allowedPlacements.reduce(function (acc, placement) {
+    acc[placement] = detectOverflow(state, {
+      placement: placement,
+      boundary: boundary,
+      rootBoundary: rootBoundary,
+      padding: padding
+    })[getBasePlacement(placement)];
+    return acc;
+  }, {});
+  return Object.keys(overflows).sort(function (a, b) {
+    return overflows[a] - overflows[b];
+  });
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/flip.js
+
+
+
+
+
+
+ // eslint-disable-next-line import/no-unused-modules
+
+function getExpandedFallbackPlacements(placement) {
+  if (getBasePlacement(placement) === auto) {
+    return [];
+  }
+  var oppositePlacement = getOppositePlacement(placement);
+  return [getOppositeVariationPlacement(placement), oppositePlacement, getOppositeVariationPlacement(oppositePlacement)];
+}
+function flip(_ref) {
+  var state = _ref.state,
+    options = _ref.options,
+    name = _ref.name;
+  if (state.modifiersData[name]._skip) {
+    return;
+  }
+  var _options$mainAxis = options.mainAxis,
+    checkMainAxis = _options$mainAxis === void 0 ? true : _options$mainAxis,
+    _options$altAxis = options.altAxis,
+    checkAltAxis = _options$altAxis === void 0 ? true : _options$altAxis,
+    specifiedFallbackPlacements = options.fallbackPlacements,
+    padding = options.padding,
+    boundary = options.boundary,
+    rootBoundary = options.rootBoundary,
+    altBoundary = options.altBoundary,
+    _options$flipVariatio = options.flipVariations,
+    flipVariations = _options$flipVariatio === void 0 ? true : _options$flipVariatio,
+    allowedAutoPlacements = options.allowedAutoPlacements;
+  var preferredPlacement = state.options.placement;
+  var basePlacement = getBasePlacement(preferredPlacement);
+  var isBasePlacement = basePlacement === preferredPlacement;
+  var fallbackPlacements = specifiedFallbackPlacements || (isBasePlacement || !flipVariations ? [getOppositePlacement(preferredPlacement)] : getExpandedFallbackPlacements(preferredPlacement));
+  var placements = [preferredPlacement].concat(fallbackPlacements).reduce(function (acc, placement) {
+    return acc.concat(getBasePlacement(placement) === auto ? computeAutoPlacement(state, {
+      placement: placement,
+      boundary: boundary,
+      rootBoundary: rootBoundary,
+      padding: padding,
+      flipVariations: flipVariations,
+      allowedAutoPlacements: allowedAutoPlacements
+    }) : placement);
+  }, []);
+  var referenceRect = state.rects.reference;
+  var popperRect = state.rects.popper;
+  var checksMap = new Map();
+  var makeFallbackChecks = true;
+  var firstFittingPlacement = placements[0];
+  for (var i = 0; i < placements.length; i++) {
+    var placement = placements[i];
+    var _basePlacement = getBasePlacement(placement);
+    var isStartVariation = getVariation(placement) === start;
+    var isVertical = [enums_top, bottom].indexOf(_basePlacement) >= 0;
+    var len = isVertical ? 'width' : 'height';
+    var overflow = detectOverflow(state, {
+      placement: placement,
+      boundary: boundary,
+      rootBoundary: rootBoundary,
+      altBoundary: altBoundary,
+      padding: padding
+    });
+    var mainVariationSide = isVertical ? isStartVariation ? right : left : isStartVariation ? bottom : enums_top;
+    if (referenceRect[len] > popperRect[len]) {
+      mainVariationSide = getOppositePlacement(mainVariationSide);
+    }
+    var altVariationSide = getOppositePlacement(mainVariationSide);
+    var checks = [];
+    if (checkMainAxis) {
+      checks.push(overflow[_basePlacement] <= 0);
+    }
+    if (checkAltAxis) {
+      checks.push(overflow[mainVariationSide] <= 0, overflow[altVariationSide] <= 0);
+    }
+    if (checks.every(function (check) {
+      return check;
+    })) {
+      firstFittingPlacement = placement;
+      makeFallbackChecks = false;
+      break;
+    }
+    checksMap.set(placement, checks);
+  }
+  if (makeFallbackChecks) {
+    // `2` may be desired in some cases – research later
+    var numberOfChecks = flipVariations ? 3 : 1;
+    var _loop = function _loop(_i) {
+      var fittingPlacement = placements.find(function (placement) {
+        var checks = checksMap.get(placement);
+        if (checks) {
+          return checks.slice(0, _i).every(function (check) {
+            return check;
+          });
+        }
+      });
+      if (fittingPlacement) {
+        firstFittingPlacement = fittingPlacement;
+        return "break";
+      }
+    };
+    for (var _i = numberOfChecks; _i > 0; _i--) {
+      var _ret = _loop(_i);
+      if (_ret === "break") break;
+    }
+  }
+  if (state.placement !== firstFittingPlacement) {
+    state.modifiersData[name]._skip = true;
+    state.placement = firstFittingPlacement;
+    state.reset = true;
+  }
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_flip = ({
+  name: 'flip',
+  enabled: true,
+  phase: 'main',
+  fn: flip,
+  requiresIfExists: ['offset'],
+  data: {
+    _skip: false
+  }
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getAltAxis.js
+function getAltAxis(axis) {
+  return axis === 'x' ? 'y' : 'x';
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/within.js
+
+function within(min, value, max) {
+  return math_max(min, math_min(value, max));
+}
+function withinMaxClamp(min, value, max) {
+  var v = within(min, value, max);
+  return v > max ? max : v;
+}
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/preventOverflow.js
+
+
+
+
+
+
+
+
+
+
+
+function preventOverflow(_ref) {
+  var state = _ref.state,
+    options = _ref.options,
+    name = _ref.name;
+  var _options$mainAxis = options.mainAxis,
+    checkMainAxis = _options$mainAxis === void 0 ? true : _options$mainAxis,
+    _options$altAxis = options.altAxis,
+    checkAltAxis = _options$altAxis === void 0 ? false : _options$altAxis,
+    boundary = options.boundary,
+    rootBoundary = options.rootBoundary,
+    altBoundary = options.altBoundary,
+    padding = options.padding,
+    _options$tether = options.tether,
+    tether = _options$tether === void 0 ? true : _options$tether,
+    _options$tetherOffset = options.tetherOffset,
+    tetherOffset = _options$tetherOffset === void 0 ? 0 : _options$tetherOffset;
+  var overflow = detectOverflow(state, {
+    boundary: boundary,
+    rootBoundary: rootBoundary,
+    padding: padding,
+    altBoundary: altBoundary
+  });
+  var basePlacement = getBasePlacement(state.placement);
+  var variation = getVariation(state.placement);
+  var isBasePlacement = !variation;
+  var mainAxis = getMainAxisFromPlacement(basePlacement);
+  var altAxis = getAltAxis(mainAxis);
+  var popperOffsets = state.modifiersData.popperOffsets;
+  var referenceRect = state.rects.reference;
+  var popperRect = state.rects.popper;
+  var tetherOffsetValue = typeof tetherOffset === 'function' ? tetherOffset(Object.assign({}, state.rects, {
+    placement: state.placement
+  })) : tetherOffset;
+  var normalizedTetherOffsetValue = typeof tetherOffsetValue === 'number' ? {
+    mainAxis: tetherOffsetValue,
+    altAxis: tetherOffsetValue
+  } : Object.assign({
+    mainAxis: 0,
+    altAxis: 0
+  }, tetherOffsetValue);
+  var offsetModifierState = state.modifiersData.offset ? state.modifiersData.offset[state.placement] : null;
+  var data = {
+    x: 0,
+    y: 0
+  };
+  if (!popperOffsets) {
+    return;
+  }
+  if (checkMainAxis) {
+    var _offsetModifierState$;
+    var mainSide = mainAxis === 'y' ? enums_top : left;
+    var altSide = mainAxis === 'y' ? bottom : right;
+    var len = mainAxis === 'y' ? 'height' : 'width';
+    var offset = popperOffsets[mainAxis];
+    var min = offset + overflow[mainSide];
+    var max = offset - overflow[altSide];
+    var additive = tether ? -popperRect[len] / 2 : 0;
+    var minLen = variation === start ? referenceRect[len] : popperRect[len];
+    var maxLen = variation === start ? -popperRect[len] : -referenceRect[len]; // We need to include the arrow in the calculation so the arrow doesn't go
+    // outside the reference bounds
+
+    var arrowElement = state.elements.arrow;
+    var arrowRect = tether && arrowElement ? getLayoutRect(arrowElement) : {
+      width: 0,
+      height: 0
+    };
+    var arrowPaddingObject = state.modifiersData['arrow#persistent'] ? state.modifiersData['arrow#persistent'].padding : getFreshSideObject();
+    var arrowPaddingMin = arrowPaddingObject[mainSide];
+    var arrowPaddingMax = arrowPaddingObject[altSide]; // If the reference length is smaller than the arrow length, we don't want
+    // to include its full size in the calculation. If the reference is small
+    // and near the edge of a boundary, the popper can overflow even if the
+    // reference is not overflowing as well (e.g. virtual elements with no
+    // width or height)
+
+    var arrowLen = within(0, referenceRect[len], arrowRect[len]);
+    var minOffset = isBasePlacement ? referenceRect[len] / 2 - additive - arrowLen - arrowPaddingMin - normalizedTetherOffsetValue.mainAxis : minLen - arrowLen - arrowPaddingMin - normalizedTetherOffsetValue.mainAxis;
+    var maxOffset = isBasePlacement ? -referenceRect[len] / 2 + additive + arrowLen + arrowPaddingMax + normalizedTetherOffsetValue.mainAxis : maxLen + arrowLen + arrowPaddingMax + normalizedTetherOffsetValue.mainAxis;
+    var arrowOffsetParent = state.elements.arrow && getOffsetParent(state.elements.arrow);
+    var clientOffset = arrowOffsetParent ? mainAxis === 'y' ? arrowOffsetParent.clientTop || 0 : arrowOffsetParent.clientLeft || 0 : 0;
+    var offsetModifierValue = (_offsetModifierState$ = offsetModifierState == null ? void 0 : offsetModifierState[mainAxis]) != null ? _offsetModifierState$ : 0;
+    var tetherMin = offset + minOffset - offsetModifierValue - clientOffset;
+    var tetherMax = offset + maxOffset - offsetModifierValue;
+    var preventedOffset = within(tether ? math_min(min, tetherMin) : min, offset, tether ? math_max(max, tetherMax) : max);
+    popperOffsets[mainAxis] = preventedOffset;
+    data[mainAxis] = preventedOffset - offset;
+  }
+  if (checkAltAxis) {
+    var _offsetModifierState$2;
+    var _mainSide = mainAxis === 'x' ? enums_top : left;
+    var _altSide = mainAxis === 'x' ? bottom : right;
+    var _offset = popperOffsets[altAxis];
+    var _len = altAxis === 'y' ? 'height' : 'width';
+    var _min = _offset + overflow[_mainSide];
+    var _max = _offset - overflow[_altSide];
+    var isOriginSide = [enums_top, left].indexOf(basePlacement) !== -1;
+    var _offsetModifierValue = (_offsetModifierState$2 = offsetModifierState == null ? void 0 : offsetModifierState[altAxis]) != null ? _offsetModifierState$2 : 0;
+    var _tetherMin = isOriginSide ? _min : _offset - referenceRect[_len] - popperRect[_len] - _offsetModifierValue + normalizedTetherOffsetValue.altAxis;
+    var _tetherMax = isOriginSide ? _offset + referenceRect[_len] + popperRect[_len] - _offsetModifierValue - normalizedTetherOffsetValue.altAxis : _max;
+    var _preventedOffset = tether && isOriginSide ? withinMaxClamp(_tetherMin, _offset, _tetherMax) : within(tether ? _tetherMin : _min, _offset, tether ? _tetherMax : _max);
+    popperOffsets[altAxis] = _preventedOffset;
+    data[altAxis] = _preventedOffset - _offset;
+  }
+  state.modifiersData[name] = data;
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_preventOverflow = ({
+  name: 'preventOverflow',
+  enabled: true,
+  phase: 'main',
+  fn: preventOverflow,
+  requiresIfExists: ['offset']
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/arrow.js
+
+
+
+
+
+
+
+
+ // eslint-disable-next-line import/no-unused-modules
+
+var toPaddingObject = function toPaddingObject(padding, state) {
+  padding = typeof padding === 'function' ? padding(Object.assign({}, state.rects, {
+    placement: state.placement
+  })) : padding;
+  return mergePaddingObject(typeof padding !== 'number' ? padding : expandToHashMap(padding, basePlacements));
+};
+function arrow(_ref) {
+  var _state$modifiersData$;
+  var state = _ref.state,
+    name = _ref.name,
+    options = _ref.options;
+  var arrowElement = state.elements.arrow;
+  var popperOffsets = state.modifiersData.popperOffsets;
+  var basePlacement = getBasePlacement(state.placement);
+  var axis = getMainAxisFromPlacement(basePlacement);
+  var isVertical = [left, right].indexOf(basePlacement) >= 0;
+  var len = isVertical ? 'height' : 'width';
+  if (!arrowElement || !popperOffsets) {
+    return;
+  }
+  var paddingObject = toPaddingObject(options.padding, state);
+  var arrowRect = getLayoutRect(arrowElement);
+  var minProp = axis === 'y' ? enums_top : left;
+  var maxProp = axis === 'y' ? bottom : right;
+  var endDiff = state.rects.reference[len] + state.rects.reference[axis] - popperOffsets[axis] - state.rects.popper[len];
+  var startDiff = popperOffsets[axis] - state.rects.reference[axis];
+  var arrowOffsetParent = getOffsetParent(arrowElement);
+  var clientSize = arrowOffsetParent ? axis === 'y' ? arrowOffsetParent.clientHeight || 0 : arrowOffsetParent.clientWidth || 0 : 0;
+  var centerToReference = endDiff / 2 - startDiff / 2; // Make sure the arrow doesn't overflow the popper if the center point is
+  // outside of the popper bounds
+
+  var min = paddingObject[minProp];
+  var max = clientSize - arrowRect[len] - paddingObject[maxProp];
+  var center = clientSize / 2 - arrowRect[len] / 2 + centerToReference;
+  var offset = within(min, center, max); // Prevents breaking syntax highlighting...
+
+  var axisProp = axis;
+  state.modifiersData[name] = (_state$modifiersData$ = {}, _state$modifiersData$[axisProp] = offset, _state$modifiersData$.centerOffset = offset - center, _state$modifiersData$);
+}
+function arrow_effect(_ref2) {
+  var state = _ref2.state,
+    options = _ref2.options;
+  var _options$element = options.element,
+    arrowElement = _options$element === void 0 ? '[data-popper-arrow]' : _options$element;
+  if (arrowElement == null) {
+    return;
+  } // CSS selector
+
+  if (typeof arrowElement === 'string') {
+    arrowElement = state.elements.popper.querySelector(arrowElement);
+    if (!arrowElement) {
+      return;
+    }
+  }
+  if (!contains(state.elements.popper, arrowElement)) {
+    return;
+  }
+  state.elements.arrow = arrowElement;
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_arrow = ({
+  name: 'arrow',
+  enabled: true,
+  phase: 'main',
+  fn: arrow,
+  effect: arrow_effect,
+  requires: ['popperOffsets'],
+  requiresIfExists: ['preventOverflow']
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/hide.js
+
+
+function getSideOffsets(overflow, rect, preventedOffsets) {
+  if (preventedOffsets === void 0) {
+    preventedOffsets = {
+      x: 0,
+      y: 0
+    };
+  }
+  return {
+    top: overflow.top - rect.height - preventedOffsets.y,
+    right: overflow.right - rect.width + preventedOffsets.x,
+    bottom: overflow.bottom - rect.height + preventedOffsets.y,
+    left: overflow.left - rect.width - preventedOffsets.x
+  };
+}
+function isAnySideFullyClipped(overflow) {
+  return [enums_top, right, bottom, left].some(function (side) {
+    return overflow[side] >= 0;
+  });
+}
+function hide(_ref) {
+  var state = _ref.state,
+    name = _ref.name;
+  var referenceRect = state.rects.reference;
+  var popperRect = state.rects.popper;
+  var preventedOffsets = state.modifiersData.preventOverflow;
+  var referenceOverflow = detectOverflow(state, {
+    elementContext: 'reference'
+  });
+  var popperAltOverflow = detectOverflow(state, {
+    altBoundary: true
+  });
+  var referenceClippingOffsets = getSideOffsets(referenceOverflow, referenceRect);
+  var popperEscapeOffsets = getSideOffsets(popperAltOverflow, popperRect, preventedOffsets);
+  var isReferenceHidden = isAnySideFullyClipped(referenceClippingOffsets);
+  var hasPopperEscaped = isAnySideFullyClipped(popperEscapeOffsets);
+  state.modifiersData[name] = {
+    referenceClippingOffsets: referenceClippingOffsets,
+    popperEscapeOffsets: popperEscapeOffsets,
+    isReferenceHidden: isReferenceHidden,
+    hasPopperEscaped: hasPopperEscaped
+  };
+  state.attributes.popper = Object.assign({}, state.attributes.popper, {
+    'data-popper-reference-hidden': isReferenceHidden,
+    'data-popper-escaped': hasPopperEscaped
+  });
+} // eslint-disable-next-line import/no-unused-modules
+
+/* harmony default export */ var modifiers_hide = ({
+  name: 'hide',
+  enabled: true,
+  phase: 'main',
+  requiresIfExists: ['preventOverflow'],
+  fn: hide
+});
+;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/popper.js
+
+
+
+
+
+
+
+
+
+
+var defaultModifiers = [eventListeners, modifiers_popperOffsets, modifiers_computeStyles, modifiers_applyStyles, modifiers_offset, modifiers_flip, modifiers_preventOverflow, modifiers_arrow, modifiers_hide];
+var popper_createPopper = /*#__PURE__*/popperGenerator({
+  defaultModifiers: defaultModifiers
+}); // eslint-disable-next-line import/no-unused-modules
+
+ // eslint-disable-next-line import/no-unused-modules
+
+ // eslint-disable-next-line import/no-unused-modules
+
+
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Popper/popperClasses.js
+
+
+function getPopperUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiPopper', slot);
+}
+var popperClasses = generateUtilityClasses('MuiPopper', ['root']);
+/* harmony default export */ var Popper_popperClasses = ((/* unused pure expression or super */ null && (popperClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/base/Popper/Popper.js
+
+
+
+var Popper_excluded = ["anchorEl", "children", "direction", "disablePortal", "modifiers", "open", "placement", "popperOptions", "popperRef", "slotProps", "slots", "TransitionProps", "ownerState"],
+  Popper_excluded2 = ["anchorEl", "children", "container", "direction", "disablePortal", "keepMounted", "modifiers", "open", "placement", "popperOptions", "popperRef", "style", "transition", "slotProps", "slots"];
+
+
+
+
+
+
+
+
+
+
+function flipPlacement(placement, direction) {
+  if (direction === 'ltr') {
+    return placement;
+  }
+  switch (placement) {
+    case 'bottom-end':
+      return 'bottom-start';
+    case 'bottom-start':
+      return 'bottom-end';
+    case 'top-end':
+      return 'top-start';
+    case 'top-start':
+      return 'top-end';
+    default:
+      return placement;
+  }
+}
+function resolveAnchorEl(anchorEl) {
+  return typeof anchorEl === 'function' ? anchorEl() : anchorEl;
+}
+function Popper_isHTMLElement(element) {
+  return element.nodeType !== undefined;
+}
+function isVirtualElement(element) {
+  return !Popper_isHTMLElement(element);
+}
+var Popper_useUtilityClasses = function useUtilityClasses() {
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, useClassNamesOverride(getPopperUtilityClass));
+};
+var defaultPopperOptions = {};
+var PopperTooltip = /*#__PURE__*/react.forwardRef(function PopperTooltip(props, forwardedRef) {
+  var _slots$root;
+  var anchorEl = props.anchorEl,
+    children = props.children,
+    direction = props.direction,
+    disablePortal = props.disablePortal,
+    modifiers = props.modifiers,
+    open = props.open,
+    initialPlacement = props.placement,
+    popperOptions = props.popperOptions,
+    popperRefProp = props.popperRef,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    TransitionProps = props.TransitionProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_excluded);
+  var tooltipRef = react.useRef(null);
+  var ownRef = useForkRef(tooltipRef, forwardedRef);
+  var popperRef = react.useRef(null);
+  var handlePopperRef = useForkRef(popperRef, popperRefProp);
+  var handlePopperRefRef = react.useRef(handlePopperRef);
+  esm_useEnhancedEffect(function () {
+    handlePopperRefRef.current = handlePopperRef;
+  }, [handlePopperRef]);
+  react.useImperativeHandle(popperRefProp, function () {
+    return popperRef.current;
+  }, []);
+  var rtlPlacement = flipPlacement(initialPlacement, direction);
+  /**
+   * placement initialized from prop but can change during lifetime if modifiers.flip.
+   * modifiers.flip is essentially a flip for controlled/uncontrolled behavior
+   */
+  var _React$useState = react.useState(rtlPlacement),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    placement = _React$useState2[0],
+    setPlacement = _React$useState2[1];
+  var _React$useState3 = react.useState(resolveAnchorEl(anchorEl)),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    resolvedAnchorElement = _React$useState4[0],
+    setResolvedAnchorElement = _React$useState4[1];
+  react.useEffect(function () {
+    if (popperRef.current) {
+      popperRef.current.forceUpdate();
+    }
+  });
+  react.useEffect(function () {
+    if (anchorEl) {
+      setResolvedAnchorElement(resolveAnchorEl(anchorEl));
+    }
+  }, [anchorEl]);
+  esm_useEnhancedEffect(function () {
+    if (!resolvedAnchorElement || !open) {
+      return undefined;
+    }
+    var handlePopperUpdate = function handlePopperUpdate(data) {
+      setPlacement(data.placement);
+    };
+    if (false) { var box; }
+    var popperModifiers = [{
+      name: 'preventOverflow',
+      options: {
+        altBoundary: disablePortal
+      }
+    }, {
+      name: 'flip',
+      options: {
+        altBoundary: disablePortal
+      }
+    }, {
+      name: 'onUpdate',
+      enabled: true,
+      phase: 'afterWrite',
+      fn: function fn(_ref) {
+        var state = _ref.state;
+        handlePopperUpdate(state);
+      }
+    }];
+    if (modifiers != null) {
+      popperModifiers = popperModifiers.concat(modifiers);
+    }
+    if (popperOptions && popperOptions.modifiers != null) {
+      popperModifiers = popperModifiers.concat(popperOptions.modifiers);
+    }
+    var popper = popper_createPopper(resolvedAnchorElement, tooltipRef.current, extends_extends({
+      placement: rtlPlacement
+    }, popperOptions, {
+      modifiers: popperModifiers
+    }));
+    handlePopperRefRef.current(popper);
+    return function () {
+      popper.destroy();
+      handlePopperRefRef.current(null);
+    };
+  }, [resolvedAnchorElement, disablePortal, modifiers, open, popperOptions, rtlPlacement]);
+  var childProps = {
+    placement: placement
+  };
+  if (TransitionProps !== null) {
+    childProps.TransitionProps = TransitionProps;
+  }
+  var classes = Popper_useUtilityClasses();
+  var Root = (_slots$root = slots.root) != null ? _slots$root : 'div';
+  var rootProps = useSlotProps({
+    elementType: Root,
+    externalSlotProps: slotProps.root,
+    externalForwardedProps: other,
+    additionalProps: {
+      role: 'tooltip',
+      ref: ownRef
+    },
+    ownerState: props,
+    className: classes.root
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Root, extends_extends({}, rootProps, {
+    children: typeof children === 'function' ? children(childProps) : children
+  }));
+});
+
+/**
+ * Poppers rely on the 3rd party library [Popper.js](https://popper.js.org/docs/v2/) for positioning.
+ *
+ * Demos:
+ *
+ * - [Popper](https://mui.com/base/react-popper/)
+ *
+ * API:
+ *
+ * - [Popper API](https://mui.com/base/react-popper/components-api/#popper)
+ */
+var Popper = /*#__PURE__*/react.forwardRef(function Popper(props, forwardedRef) {
+  var anchorEl = props.anchorEl,
+    children = props.children,
+    containerProp = props.container,
+    _props$direction = props.direction,
+    direction = _props$direction === void 0 ? 'ltr' : _props$direction,
+    _props$disablePortal = props.disablePortal,
+    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
+    _props$keepMounted = props.keepMounted,
+    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
+    modifiers = props.modifiers,
+    open = props.open,
+    _props$placement = props.placement,
+    placement = _props$placement === void 0 ? 'bottom' : _props$placement,
+    _props$popperOptions = props.popperOptions,
+    popperOptions = _props$popperOptions === void 0 ? defaultPopperOptions : _props$popperOptions,
+    popperRef = props.popperRef,
+    style = props.style,
+    _props$transition = props.transition,
+    transition = _props$transition === void 0 ? false : _props$transition,
+    _props$slotProps2 = props.slotProps,
+    slotProps = _props$slotProps2 === void 0 ? {} : _props$slotProps2,
+    _props$slots2 = props.slots,
+    slots = _props$slots2 === void 0 ? {} : _props$slots2,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_excluded2);
+  var _React$useState5 = react.useState(true),
+    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
+    exited = _React$useState6[0],
+    setExited = _React$useState6[1];
+  var handleEnter = function handleEnter() {
+    setExited(false);
+  };
+  var handleExited = function handleExited() {
+    setExited(true);
+  };
+  if (!keepMounted && !open && (!transition || exited)) {
+    return null;
+  }
+
+  // If the container prop is provided, use that
+  // If the anchorEl prop is provided, use its parent body element as the container
+  // If neither are provided let the Modal take care of choosing the container
+  var container;
+  if (containerProp) {
+    container = containerProp;
+  } else if (anchorEl) {
+    var resolvedAnchorEl = resolveAnchorEl(anchorEl);
+    container = resolvedAnchorEl && Popper_isHTMLElement(resolvedAnchorEl) ? ownerDocument(resolvedAnchorEl).body : ownerDocument(null).body;
+  }
+  var display = !open && keepMounted && (!transition || exited) ? 'none' : undefined;
+  var transitionProps = transition ? {
+    in: open,
+    onEnter: handleEnter,
+    onExited: handleExited
+  } : undefined;
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Portal_Portal, {
+    disablePortal: disablePortal,
+    container: container,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(PopperTooltip, extends_extends({
+      anchorEl: anchorEl,
+      direction: direction,
+      disablePortal: disablePortal,
+      modifiers: modifiers,
+      ref: forwardedRef,
+      open: transition ? !exited : open,
+      placement: placement,
+      popperOptions: popperOptions,
+      popperRef: popperRef,
+      slotProps: slotProps,
+      slots: slots
+    }, other, {
+      style: extends_extends({
+        // Prevents scroll issue, waiting for Popper.js to add this style once initiated.
+        position: 'fixed',
+        // Fix Popper.js display issue
+        top: 0,
+        left: 0,
+        display: display
+      }, style),
+      TransitionProps: transitionProps,
+      children: children
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Popper_Popper = (Popper);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Popper/Popper.js
+
+
+var Popper_Popper_excluded = ["anchorEl", "component", "components", "componentsProps", "container", "disablePortal", "keepMounted", "modifiers", "open", "placement", "popperOptions", "popperRef", "transition", "slots", "slotProps"];
+
+
+
+
+
+
+
+var PopperRoot = styles_styled(Popper_Popper, {
+  name: 'MuiPopper',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({});
+
+/**
+ *
+ * Demos:
+ *
+ * - [Autocomplete](https://mui.com/material-ui/react-autocomplete/)
+ * - [Menu](https://mui.com/material-ui/react-menu/)
+ * - [Popper](https://mui.com/material-ui/react-popper/)
+ *
+ * API:
+ *
+ * - [Popper API](https://mui.com/material-ui/api/popper/)
+ */
+var Popper_Popper_Popper = /*#__PURE__*/react.forwardRef(function Popper(inProps, ref) {
+  var _slots$root;
+  var theme = useThemeWithoutDefault();
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiPopper'
+  });
+  var anchorEl = props.anchorEl,
+    component = props.component,
+    components = props.components,
+    componentsProps = props.componentsProps,
+    container = props.container,
+    disablePortal = props.disablePortal,
+    keepMounted = props.keepMounted,
+    modifiers = props.modifiers,
+    open = props.open,
+    placement = props.placement,
+    popperOptions = props.popperOptions,
+    popperRef = props.popperRef,
+    transition = props.transition,
+    slots = props.slots,
+    slotProps = props.slotProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_Popper_excluded);
+  var RootComponent = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : components == null ? void 0 : components.Root;
+  var otherProps = extends_extends({
+    anchorEl: anchorEl,
+    container: container,
+    disablePortal: disablePortal,
+    keepMounted: keepMounted,
+    modifiers: modifiers,
+    open: open,
+    placement: placement,
+    popperOptions: popperOptions,
+    popperRef: popperRef,
+    transition: transition
+  }, other);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(PopperRoot, extends_extends({
+    as: component,
+    direction: theme == null ? void 0 : theme.direction,
+    slots: {
+      root: RootComponent
+    },
+    slotProps: slotProps != null ? slotProps : componentsProps
+  }, otherProps, {
+    ref: ref
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var material_Popper_Popper = (Popper_Popper_Popper);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useId.js
+
+
+var globalId = 0;
+function useGlobalId(idOverride) {
+  var _React$useState = react.useState(idOverride),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    defaultId = _React$useState2[0],
+    setDefaultId = _React$useState2[1];
+  var id = idOverride || defaultId;
+  react.useEffect(function () {
+    if (defaultId == null) {
+      // Fallback to this default id when possible.
+      // Use the incrementing value for client-side rendering only.
+      // We can't use it server-side.
+      // If you want to use random values please consider the Birthday Problem: https://en.wikipedia.org/wiki/Birthday_problem
+      globalId += 1;
+      setDefaultId("mui-".concat(globalId));
+    }
+  }, [defaultId]);
+  return id;
+}
+
+// downstream bundlers may remove unnecessary concatenation, but won't remove toString call -- Workaround for https://github.com/webpack/webpack/issues/14814
+var maybeReactUseId = react_namespaceObject['useId'.toString()];
+/**
+ *
+ * @example <div id={useId()} />
+ * @param idOverride
+ * @returns {string}
+ */
+function useId(idOverride) {
+  if (maybeReactUseId !== undefined) {
+    var reactId = maybeReactUseId();
+    return idOverride != null ? idOverride : reactId;
+  }
+  // eslint-disable-next-line react-hooks/rules-of-hooks -- `React.useId` is invariant at runtime.
+  return useGlobalId(idOverride);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useId.js
+
+/* harmony default export */ var utils_useId = (useId);
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useControlled.js
+
+/* eslint-disable react-hooks/rules-of-hooks, react-hooks/exhaustive-deps */
+
+function useControlled(_ref) {
+  var controlled = _ref.controlled,
+    defaultProp = _ref.default,
+    name = _ref.name,
+    _ref$state = _ref.state,
+    state = _ref$state === void 0 ? 'value' : _ref$state;
+  // isControlled is ignored in the hook dependency lists as it should never change.
+  var _React$useRef = react.useRef(controlled !== undefined),
+    isControlled = _React$useRef.current;
+  var _React$useState = react.useState(defaultProp),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    valueState = _React$useState2[0],
+    setValue = _React$useState2[1];
+  var value = isControlled ? controlled : valueState;
+  if (false) { var _React$useRef2, defaultValue; }
+  var setValueIfUncontrolled = react.useCallback(function (newValue) {
+    if (!isControlled) {
+      setValue(newValue);
+    }
+  }, []);
+  return [value, setValueIfUncontrolled];
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useControlled.js
+
+/* harmony default export */ var utils_useControlled = (useControlled);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tooltip/tooltipClasses.js
+
+
+function getTooltipUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTooltip', slot);
+}
+var tooltipClasses = generateUtilityClasses('MuiTooltip', ['popper', 'popperInteractive', 'popperArrow', 'popperClose', 'tooltip', 'tooltipArrow', 'touch', 'tooltipPlacementLeft', 'tooltipPlacementRight', 'tooltipPlacementTop', 'tooltipPlacementBottom', 'arrow']);
+/* harmony default export */ var Tooltip_tooltipClasses = (tooltipClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tooltip/Tooltip.js
+
+
+
+
+var Tooltip_excluded = ["arrow", "children", "classes", "components", "componentsProps", "describeChild", "disableFocusListener", "disableHoverListener", "disableInteractive", "disableTouchListener", "enterDelay", "enterNextDelay", "enterTouchDelay", "followCursor", "id", "leaveDelay", "leaveTouchDelay", "onClose", "onOpen", "open", "placement", "PopperComponent", "PopperProps", "slotProps", "slots", "title", "TransitionComponent", "TransitionProps"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+function Tooltip_round(value) {
+  return Math.round(value * 1e5) / 1e5;
+}
+var Tooltip_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    disableInteractive = ownerState.disableInteractive,
+    arrow = ownerState.arrow,
+    touch = ownerState.touch,
+    placement = ownerState.placement;
+  var slots = {
+    popper: ['popper', !disableInteractive && 'popperInteractive', arrow && 'popperArrow'],
+    tooltip: ['tooltip', arrow && 'tooltipArrow', touch && 'touch', "tooltipPlacement".concat(utils_capitalize(placement.split('-')[0]))],
+    arrow: ['arrow']
+  };
+  return composeClasses(slots, getTooltipUtilityClass, classes);
+};
+var TooltipPopper = styles_styled(material_Popper_Popper, {
+  name: 'MuiTooltip',
+  slot: 'Popper',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.popper, !ownerState.disableInteractive && styles.popperInteractive, ownerState.arrow && styles.popperArrow, !ownerState.open && styles.popperClose];
+  }
+})(function (_ref9) {
+  var _ref10;
+  var theme = _ref9.theme,
+    ownerState = _ref9.ownerState,
+    open = _ref9.open;
+  return extends_extends({
+    zIndex: (theme.vars || theme).zIndex.tooltip,
+    pointerEvents: 'none'
+  }, !ownerState.disableInteractive && {
+    pointerEvents: 'auto'
+  }, !open && {
+    pointerEvents: 'none'
+  }, ownerState.arrow && (_ref10 = {}, defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"bottom\"] .".concat(Tooltip_tooltipClasses.arrow), {
+    top: 0,
+    marginTop: '-0.71em',
+    '&::before': {
+      transformOrigin: '0 100%'
+    }
+  }), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"top\"] .".concat(Tooltip_tooltipClasses.arrow), {
+    bottom: 0,
+    marginBottom: '-0.71em',
+    '&::before': {
+      transformOrigin: '100% 0'
+    }
+  }), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"right\"] .".concat(Tooltip_tooltipClasses.arrow), extends_extends({}, !ownerState.isRtl ? {
+    left: 0,
+    marginLeft: '-0.71em'
+  } : {
+    right: 0,
+    marginRight: '-0.71em'
+  }, {
+    height: '1em',
+    width: '0.71em',
+    '&::before': {
+      transformOrigin: '100% 100%'
+    }
+  })), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"left\"] .".concat(Tooltip_tooltipClasses.arrow), extends_extends({}, !ownerState.isRtl ? {
+    right: 0,
+    marginRight: '-0.71em'
+  } : {
+    left: 0,
+    marginLeft: '-0.71em'
+  }, {
+    height: '1em',
+    width: '0.71em',
+    '&::before': {
+      transformOrigin: '0 0'
+    }
+  })), _ref10));
+});
+var TooltipTooltip = styles_styled('div', {
+  name: 'MuiTooltip',
+  slot: 'Tooltip',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.tooltip, ownerState.touch && styles.touch, ownerState.arrow && styles.tooltipArrow, styles["tooltipPlacement".concat(utils_capitalize(ownerState.placement.split('-')[0]))]];
+  }
+})(function (_ref11) {
+  var _extends2;
+  var theme = _ref11.theme,
+    ownerState = _ref11.ownerState;
+  return extends_extends({
+    backgroundColor: theme.vars ? theme.vars.palette.Tooltip.bg : alpha(theme.palette.grey[700], 0.92),
+    borderRadius: (theme.vars || theme).shape.borderRadius,
+    color: (theme.vars || theme).palette.common.white,
+    fontFamily: theme.typography.fontFamily,
+    padding: '4px 8px',
+    fontSize: theme.typography.pxToRem(11),
+    maxWidth: 300,
+    margin: 2,
+    wordWrap: 'break-word',
+    fontWeight: theme.typography.fontWeightMedium
+  }, ownerState.arrow && {
+    position: 'relative',
+    margin: 0
+  }, ownerState.touch && {
+    padding: '8px 16px',
+    fontSize: theme.typography.pxToRem(14),
+    lineHeight: "".concat(Tooltip_round(16 / 14), "em"),
+    fontWeight: theme.typography.fontWeightRegular
+  }, (_extends2 = {}, defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"left\"] &"), extends_extends({
+    transformOrigin: 'right center'
+  }, !ownerState.isRtl ? extends_extends({
+    marginRight: '14px'
+  }, ownerState.touch && {
+    marginRight: '24px'
+  }) : extends_extends({
+    marginLeft: '14px'
+  }, ownerState.touch && {
+    marginLeft: '24px'
+  }))), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"right\"] &"), extends_extends({
+    transformOrigin: 'left center'
+  }, !ownerState.isRtl ? extends_extends({
+    marginLeft: '14px'
+  }, ownerState.touch && {
+    marginLeft: '24px'
+  }) : extends_extends({
+    marginRight: '14px'
+  }, ownerState.touch && {
+    marginRight: '24px'
+  }))), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"top\"] &"), extends_extends({
+    transformOrigin: 'center bottom',
+    marginBottom: '14px'
+  }, ownerState.touch && {
+    marginBottom: '24px'
+  })), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"bottom\"] &"), extends_extends({
+    transformOrigin: 'center top',
+    marginTop: '14px'
+  }, ownerState.touch && {
+    marginTop: '24px'
+  })), _extends2));
+});
+var TooltipArrow = styles_styled('span', {
+  name: 'MuiTooltip',
+  slot: 'Arrow',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.arrow;
+  }
+})(function (_ref12) {
+  var theme = _ref12.theme;
+  return {
+    overflow: 'hidden',
+    position: 'absolute',
+    width: '1em',
+    height: '0.71em' /* = width / sqrt(2) = (length of the hypotenuse) */,
+    boxSizing: 'border-box',
+    color: theme.vars ? theme.vars.palette.Tooltip.bg : alpha(theme.palette.grey[700], 0.9),
+    '&::before': {
+      content: '""',
+      margin: 'auto',
+      display: 'block',
+      width: '100%',
+      height: '100%',
+      backgroundColor: 'currentColor',
+      transform: 'rotate(45deg)'
+    }
+  };
+});
+var hystersisOpen = false;
+var hystersisTimer = null;
+var cursorPosition = {
+  x: 0,
+  y: 0
+};
+function testReset() {
+  hystersisOpen = false;
+  clearTimeout(hystersisTimer);
+}
+function composeEventHandler(handler, eventHandler) {
+  return function (event) {
+    if (eventHandler) {
+      eventHandler(event);
+    }
+    handler(event);
+  };
+}
+
+// TODO v6: Remove PopperComponent, PopperProps, TransitionComponent and TransitionProps.
+var Tooltip_Tooltip = /*#__PURE__*/react.forwardRef(function Tooltip(inProps, ref) {
+  var _ref, _slots$popper, _ref2, _ref3, _slots$transition, _ref4, _slots$tooltip, _ref5, _slots$arrow, _slotProps$popper, _ref6, _slotProps$popper2, _slotProps$transition, _slotProps$tooltip, _ref7, _slotProps$tooltip2, _slotProps$arrow, _ref8, _slotProps$arrow2;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTooltip'
+  });
+  var _props$arrow = props.arrow,
+    arrow = _props$arrow === void 0 ? false : _props$arrow,
+    children = props.children,
+    _props$components = props.components,
+    components = _props$components === void 0 ? {} : _props$components,
+    _props$componentsProp = props.componentsProps,
+    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
+    _props$describeChild = props.describeChild,
+    describeChild = _props$describeChild === void 0 ? false : _props$describeChild,
+    _props$disableFocusLi = props.disableFocusListener,
+    disableFocusListener = _props$disableFocusLi === void 0 ? false : _props$disableFocusLi,
+    _props$disableHoverLi = props.disableHoverListener,
+    disableHoverListener = _props$disableHoverLi === void 0 ? false : _props$disableHoverLi,
+    _props$disableInterac = props.disableInteractive,
+    disableInteractiveProp = _props$disableInterac === void 0 ? false : _props$disableInterac,
+    _props$disableTouchLi = props.disableTouchListener,
+    disableTouchListener = _props$disableTouchLi === void 0 ? false : _props$disableTouchLi,
+    _props$enterDelay = props.enterDelay,
+    enterDelay = _props$enterDelay === void 0 ? 100 : _props$enterDelay,
+    _props$enterNextDelay = props.enterNextDelay,
+    enterNextDelay = _props$enterNextDelay === void 0 ? 0 : _props$enterNextDelay,
+    _props$enterTouchDela = props.enterTouchDelay,
+    enterTouchDelay = _props$enterTouchDela === void 0 ? 700 : _props$enterTouchDela,
+    _props$followCursor = props.followCursor,
+    followCursor = _props$followCursor === void 0 ? false : _props$followCursor,
+    idProp = props.id,
+    _props$leaveDelay = props.leaveDelay,
+    leaveDelay = _props$leaveDelay === void 0 ? 0 : _props$leaveDelay,
+    _props$leaveTouchDela = props.leaveTouchDelay,
+    leaveTouchDelay = _props$leaveTouchDela === void 0 ? 1500 : _props$leaveTouchDela,
+    onClose = props.onClose,
+    onOpen = props.onOpen,
+    openProp = props.open,
+    _props$placement = props.placement,
+    placement = _props$placement === void 0 ? 'bottom' : _props$placement,
+    PopperComponentProp = props.PopperComponent,
+    _props$PopperProps = props.PopperProps,
+    PopperProps = _props$PopperProps === void 0 ? {} : _props$PopperProps,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    title = props.title,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponentProp = _props$TransitionComp === void 0 ? Grow_Grow : _props$TransitionComp,
+    TransitionProps = props.TransitionProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tooltip_excluded);
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var _React$useState = react.useState(),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    childNode = _React$useState2[0],
+    setChildNode = _React$useState2[1];
+  var _React$useState3 = react.useState(null),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    arrowRef = _React$useState4[0],
+    setArrowRef = _React$useState4[1];
+  var ignoreNonTouchEvents = react.useRef(false);
+  var disableInteractive = disableInteractiveProp || followCursor;
+  var closeTimer = react.useRef();
+  var enterTimer = react.useRef();
+  var leaveTimer = react.useRef();
+  var touchTimer = react.useRef();
+  var _useControlled = utils_useControlled({
+      controlled: openProp,
+      default: false,
+      name: 'Tooltip',
+      state: 'open'
+    }),
+    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
+    openState = _useControlled2[0],
+    setOpenState = _useControlled2[1];
+  var open = openState;
+  if (false) { var _React$useRef, isControlled; }
+  var id = utils_useId(idProp);
+  var prevUserSelect = react.useRef();
+  var stopTouchInteraction = react.useCallback(function () {
+    if (prevUserSelect.current !== undefined) {
+      document.body.style.WebkitUserSelect = prevUserSelect.current;
+      prevUserSelect.current = undefined;
+    }
+    clearTimeout(touchTimer.current);
+  }, []);
+  react.useEffect(function () {
+    return function () {
+      clearTimeout(closeTimer.current);
+      clearTimeout(enterTimer.current);
+      clearTimeout(leaveTimer.current);
+      stopTouchInteraction();
+    };
+  }, [stopTouchInteraction]);
+  var handleOpen = function handleOpen(event) {
+    clearTimeout(hystersisTimer);
+    hystersisOpen = true;
+
+    // The mouseover event will trigger for every nested element in the tooltip.
+    // We can skip rerendering when the tooltip is already open.
+    // We are using the mouseover event instead of the mouseenter event to fix a hide/show issue.
+    setOpenState(true);
+    if (onOpen && !open) {
+      onOpen(event);
+    }
+  };
+  var handleClose = utils_useEventCallback(
+  /**
+   * @param {React.SyntheticEvent | Event} event
+   */
+  function (event) {
+    clearTimeout(hystersisTimer);
+    hystersisTimer = setTimeout(function () {
+      hystersisOpen = false;
+    }, 800 + leaveDelay);
+    setOpenState(false);
+    if (onClose && open) {
+      onClose(event);
+    }
+    clearTimeout(closeTimer.current);
+    closeTimer.current = setTimeout(function () {
+      ignoreNonTouchEvents.current = false;
+    }, theme.transitions.duration.shortest);
+  });
+  var handleEnter = function handleEnter(event) {
+    if (ignoreNonTouchEvents.current && event.type !== 'touchstart') {
+      return;
+    }
+
+    // Remove the title ahead of time.
+    // We don't want to wait for the next render commit.
+    // We would risk displaying two tooltips at the same time (native + this one).
+    if (childNode) {
+      childNode.removeAttribute('title');
+    }
+    clearTimeout(enterTimer.current);
+    clearTimeout(leaveTimer.current);
+    if (enterDelay || hystersisOpen && enterNextDelay) {
+      enterTimer.current = setTimeout(function () {
+        handleOpen(event);
+      }, hystersisOpen ? enterNextDelay : enterDelay);
+    } else {
+      handleOpen(event);
+    }
+  };
+  var handleLeave = function handleLeave(event) {
+    clearTimeout(enterTimer.current);
+    clearTimeout(leaveTimer.current);
+    leaveTimer.current = setTimeout(function () {
+      handleClose(event);
+    }, leaveDelay);
+  };
+  var _useIsFocusVisible = utils_useIsFocusVisible(),
+    isFocusVisibleRef = _useIsFocusVisible.isFocusVisibleRef,
+    handleBlurVisible = _useIsFocusVisible.onBlur,
+    handleFocusVisible = _useIsFocusVisible.onFocus,
+    focusVisibleRef = _useIsFocusVisible.ref;
+  // We don't necessarily care about the focusVisible state (which is safe to access via ref anyway).
+  // We just need to re-render the Tooltip if the focus-visible state changes.
+  var _React$useState5 = react.useState(false),
+    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
+    setChildIsFocusVisible = _React$useState6[1];
+  var handleBlur = function handleBlur(event) {
+    handleBlurVisible(event);
+    if (isFocusVisibleRef.current === false) {
+      setChildIsFocusVisible(false);
+      handleLeave(event);
+    }
+  };
+  var handleFocus = function handleFocus(event) {
+    // Workaround for https://github.com/facebook/react/issues/7769
+    // The autoFocus of React might trigger the event before the componentDidMount.
+    // We need to account for this eventuality.
+    if (!childNode) {
+      setChildNode(event.currentTarget);
+    }
+    handleFocusVisible(event);
+    if (isFocusVisibleRef.current === true) {
+      setChildIsFocusVisible(true);
+      handleEnter(event);
+    }
+  };
+  var detectTouchStart = function detectTouchStart(event) {
+    ignoreNonTouchEvents.current = true;
+    var childrenProps = children.props;
+    if (childrenProps.onTouchStart) {
+      childrenProps.onTouchStart(event);
+    }
+  };
+  var handleMouseOver = handleEnter;
+  var handleMouseLeave = handleLeave;
+  var handleTouchStart = function handleTouchStart(event) {
+    detectTouchStart(event);
+    clearTimeout(leaveTimer.current);
+    clearTimeout(closeTimer.current);
+    stopTouchInteraction();
+    prevUserSelect.current = document.body.style.WebkitUserSelect;
+    // Prevent iOS text selection on long-tap.
+    document.body.style.WebkitUserSelect = 'none';
+    touchTimer.current = setTimeout(function () {
+      document.body.style.WebkitUserSelect = prevUserSelect.current;
+      handleEnter(event);
+    }, enterTouchDelay);
+  };
+  var handleTouchEnd = function handleTouchEnd(event) {
+    if (children.props.onTouchEnd) {
+      children.props.onTouchEnd(event);
+    }
+    stopTouchInteraction();
+    clearTimeout(leaveTimer.current);
+    leaveTimer.current = setTimeout(function () {
+      handleClose(event);
+    }, leaveTouchDelay);
+  };
+  react.useEffect(function () {
+    if (!open) {
+      return undefined;
+    }
+
+    /**
+     * @param {KeyboardEvent} nativeEvent
+     */
+    function handleKeyDown(nativeEvent) {
+      // IE11, Edge (prior to using Bink?) use 'Esc'
+      if (nativeEvent.key === 'Escape' || nativeEvent.key === 'Esc') {
+        handleClose(nativeEvent);
+      }
+    }
+    document.addEventListener('keydown', handleKeyDown);
+    return function () {
+      document.removeEventListener('keydown', handleKeyDown);
+    };
+  }, [handleClose, open]);
+  var handleRef = utils_useForkRef(children.ref, focusVisibleRef, setChildNode, ref);
+
+  // There is no point in displaying an empty tooltip.
+  if (!title && title !== 0) {
+    open = false;
+  }
+  var popperRef = react.useRef();
+  var handleMouseMove = function handleMouseMove(event) {
+    var childrenProps = children.props;
+    if (childrenProps.onMouseMove) {
+      childrenProps.onMouseMove(event);
+    }
+    cursorPosition = {
+      x: event.clientX,
+      y: event.clientY
+    };
+    if (popperRef.current) {
+      popperRef.current.update();
+    }
+  };
+  var nameOrDescProps = {};
+  var titleIsString = typeof title === 'string';
+  if (describeChild) {
+    nameOrDescProps.title = !open && titleIsString && !disableHoverListener ? title : null;
+    nameOrDescProps['aria-describedby'] = open ? id : null;
+  } else {
+    nameOrDescProps['aria-label'] = titleIsString ? title : null;
+    nameOrDescProps['aria-labelledby'] = open && !titleIsString ? id : null;
+  }
+  var childrenProps = extends_extends({}, nameOrDescProps, other, children.props, {
+    className: clsx_m(other.className, children.props.className),
+    onTouchStart: detectTouchStart,
+    ref: handleRef
+  }, followCursor ? {
+    onMouseMove: handleMouseMove
+  } : {});
+  if (false) {}
+  var interactiveWrapperListeners = {};
+  if (!disableTouchListener) {
+    childrenProps.onTouchStart = handleTouchStart;
+    childrenProps.onTouchEnd = handleTouchEnd;
+  }
+  if (!disableHoverListener) {
+    childrenProps.onMouseOver = composeEventHandler(handleMouseOver, childrenProps.onMouseOver);
+    childrenProps.onMouseLeave = composeEventHandler(handleMouseLeave, childrenProps.onMouseLeave);
+    if (!disableInteractive) {
+      interactiveWrapperListeners.onMouseOver = handleMouseOver;
+      interactiveWrapperListeners.onMouseLeave = handleMouseLeave;
+    }
+  }
+  if (!disableFocusListener) {
+    childrenProps.onFocus = composeEventHandler(handleFocus, childrenProps.onFocus);
+    childrenProps.onBlur = composeEventHandler(handleBlur, childrenProps.onBlur);
+    if (!disableInteractive) {
+      interactiveWrapperListeners.onFocus = handleFocus;
+      interactiveWrapperListeners.onBlur = handleBlur;
+    }
+  }
+  if (false) {}
+  var popperOptions = react.useMemo(function () {
+    var _PopperProps$popperOp;
+    var tooltipModifiers = [{
+      name: 'arrow',
+      enabled: Boolean(arrowRef),
+      options: {
+        element: arrowRef,
+        padding: 4
+      }
+    }];
+    if ((_PopperProps$popperOp = PopperProps.popperOptions) != null && _PopperProps$popperOp.modifiers) {
+      tooltipModifiers = tooltipModifiers.concat(PopperProps.popperOptions.modifiers);
+    }
+    return extends_extends({}, PopperProps.popperOptions, {
+      modifiers: tooltipModifiers
+    });
+  }, [arrowRef, PopperProps]);
+  var ownerState = extends_extends({}, props, {
+    isRtl: isRtl,
+    arrow: arrow,
+    disableInteractive: disableInteractive,
+    placement: placement,
+    PopperComponentProp: PopperComponentProp,
+    touch: ignoreNonTouchEvents.current
+  });
+  var classes = Tooltip_useUtilityClasses(ownerState);
+  var PopperComponent = (_ref = (_slots$popper = slots.popper) != null ? _slots$popper : components.Popper) != null ? _ref : TooltipPopper;
+  var TransitionComponent = (_ref2 = (_ref3 = (_slots$transition = slots.transition) != null ? _slots$transition : components.Transition) != null ? _ref3 : TransitionComponentProp) != null ? _ref2 : Grow_Grow;
+  var TooltipComponent = (_ref4 = (_slots$tooltip = slots.tooltip) != null ? _slots$tooltip : components.Tooltip) != null ? _ref4 : TooltipTooltip;
+  var ArrowComponent = (_ref5 = (_slots$arrow = slots.arrow) != null ? _slots$arrow : components.Arrow) != null ? _ref5 : TooltipArrow;
+  var popperProps = appendOwnerState(PopperComponent, extends_extends({}, PopperProps, (_slotProps$popper = slotProps.popper) != null ? _slotProps$popper : componentsProps.popper, {
+    className: clsx_m(classes.popper, PopperProps == null ? void 0 : PopperProps.className, (_ref6 = (_slotProps$popper2 = slotProps.popper) != null ? _slotProps$popper2 : componentsProps.popper) == null ? void 0 : _ref6.className)
+  }), ownerState);
+  var transitionProps = appendOwnerState(TransitionComponent, extends_extends({}, TransitionProps, (_slotProps$transition = slotProps.transition) != null ? _slotProps$transition : componentsProps.transition), ownerState);
+  var tooltipProps = appendOwnerState(TooltipComponent, extends_extends({}, (_slotProps$tooltip = slotProps.tooltip) != null ? _slotProps$tooltip : componentsProps.tooltip, {
+    className: clsx_m(classes.tooltip, (_ref7 = (_slotProps$tooltip2 = slotProps.tooltip) != null ? _slotProps$tooltip2 : componentsProps.tooltip) == null ? void 0 : _ref7.className)
+  }), ownerState);
+  var tooltipArrowProps = appendOwnerState(ArrowComponent, extends_extends({}, (_slotProps$arrow = slotProps.arrow) != null ? _slotProps$arrow : componentsProps.arrow, {
+    className: clsx_m(classes.arrow, (_ref8 = (_slotProps$arrow2 = slotProps.arrow) != null ? _slotProps$arrow2 : componentsProps.arrow) == null ? void 0 : _ref8.className)
+  }), ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+    children: [/*#__PURE__*/react.cloneElement(children, childrenProps), /*#__PURE__*/(0,jsx_runtime.jsx)(PopperComponent, extends_extends({
+      as: PopperComponentProp != null ? PopperComponentProp : material_Popper_Popper,
+      placement: placement,
+      anchorEl: followCursor ? {
+        getBoundingClientRect: function getBoundingClientRect() {
+          return {
+            top: cursorPosition.y,
+            left: cursorPosition.x,
+            right: cursorPosition.x,
+            bottom: cursorPosition.y,
+            width: 0,
+            height: 0
+          };
+        }
+      } : childNode,
+      popperRef: popperRef,
+      open: childNode ? open : false,
+      id: id,
+      transition: true
+    }, interactiveWrapperListeners, popperProps, {
+      popperOptions: popperOptions,
+      children: function children(_ref13) {
+        var TransitionPropsInner = _ref13.TransitionProps;
+        return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+          timeout: theme.transitions.duration.shorter
+        }, TransitionPropsInner, transitionProps, {
+          children: /*#__PURE__*/(0,jsx_runtime.jsxs)(TooltipComponent, extends_extends({}, tooltipProps, {
+            children: [title, arrow ? /*#__PURE__*/(0,jsx_runtime.jsx)(ArrowComponent, extends_extends({}, tooltipArrowProps, {
+              ref: setArrowRef
+            })) : null]
+          }))
+        }));
+      }
+    }))]
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var material_Tooltip_Tooltip = (Tooltip_Tooltip);
+;// CONCATENATED MODULE: ./src/loadscript.ts
+var loadedScripts=new Map();var loadScript=function loadScript(fileUrl){var async=arguments.length>1&&arguments[1]!==undefined?arguments[1]:true;var type=arguments.length>2&&arguments[2]!==undefined?arguments[2]:"text/javascript";if(loadedScripts.has(fileUrl)){return loadedScripts.get(fileUrl);}var p=new Promise(function(resolve,reject){try{var scriptEle=document.createElement("script");scriptEle.type=type;scriptEle.async=async;scriptEle.src=fileUrl;scriptEle.addEventListener("load",function(ev){resolve({status:true});});scriptEle.addEventListener("error",function(ev){reject({status:false,message:"Failed to load the script \uFF04{FILE_URL}"});});document.body.appendChild(scriptEle);}catch(error){reject(error);}});loadedScripts.set(fileUrl,p);return p;};
+;// CONCATENATED MODULE: ./src/utils/misc.ts
+function getLastPathElement(url){if(url===undefined){return undefined;}if(!url){return"";}var s=url.split("/");return s[s.length-1];}function sleep(ms){return new Promise(function(resolve){return setTimeout(resolve,ms);});}
+;// CONCATENATED MODULE: ./src/api.tsx
+var apiUrl="/api";var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});var RealOrStaticApi=/*#__PURE__*/function(){function RealOrStaticApi(){classCallCheck_classCallCheck(this,RealOrStaticApi);this.api=void 0;this.api=this.buildApi();}createClass_createClass(RealOrStaticApi,[{key:"buildApi",value:function(){var _buildApi=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:p=loadScript(staticPath+"/summaries.js");_context.prev=1;_context.next=4;return p;case 4:return _context.abrupt("return",new StaticApi());case 7:_context.prev=7;_context.t0=_context["catch"](1);return _context.abrupt("return",new RealApi());case 10:case"end":return _context.stop();}},_callee,null,[[1,7]]);}));function buildApi(){return _buildApi.apply(this,arguments);}return buildApi;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:_context2.next=2;return this.api;case 2:return _context2.abrupt("return",_context2.sent.deployNow(cluster,name,namespace));case 3:case"end":return _context2.stop();}},_callee2,this);}));function deployNow(_x,_x2,_x3){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:_context3.next=2;return this.api;case 2:return _context3.abrupt("return",_context3.sent.getResult(resultId));case 3:case"end":return _context3.stop();}},_callee3,this);}));function getResult(_x4){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(resultId,ref,objectType){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:_context4.next=2;return this.api;case 2:return _context4.abrupt("return",_context4.sent.getResultObject(resultId,ref,objectType));case 3:case"end":return _context4.stop();}},_callee4,this);}));function getResultObject(_x5,_x6,_x7){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:_context5.next=2;return this.api;case 2:return _context5.abrupt("return",_context5.sent.getResultSummary(resultId));case 3:case"end":return _context5.stop();}},_callee5,this);}));function getResultSummary(_x8){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:_context6.next=2;return this.api;case 2:return _context6.abrupt("return",_context6.sent.getShortNames());case 3:case"end":return _context6.stop();}},_callee6,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:_context7.next=2;return this.api;case 2:return _context7.abrupt("return",_context7.sent.listenUpdates(filterProject,filterSubDir,handle));case 3:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x9,_x10,_x11){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:_context8.next=2;return this.api;case 2:return _context8.abrupt("return",_context8.sent.reconcileNow(cluster,name,namespace));case 3:case"end":return _context8.stop();}},_callee8,this);}));function reconcileNow(_x12,_x13,_x14){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:_context9.next=2;return this.api;case 2:return _context9.abrupt("return",_context9.sent.validateNow(project,target));case 3:case"end":return _context9.stop();}},_callee9,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()}]);return RealOrStaticApi;}();var api=new RealOrStaticApi();var RealApi=/*#__PURE__*/function(){function RealApi(){classCallCheck_classCallCheck(this,RealApi);}createClass_createClass(RealApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:url="".concat(apiUrl,"/getShortNames");return _context10.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context10.stop();}},_callee10);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(filterProject,filterSubDir,handle){var host,url,params,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host).concat(apiUrl,"/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();cancelled=false;connect=function connect(){if(cancelled){return;}console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};};connect();return _context11.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 11:case"end":return _context11.stop();}},_callee11);}));function listenUpdates(_x17,_x18,_x19){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:url="".concat(apiUrl,"/getResult?resultId=").concat(resultId);return _context12.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResult(json);}));case 2:case"end":return _context12.stop();}},_callee12);}));function getResult(_x20){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:url="".concat(apiUrl,"/getResultSummary?resultId=").concat(resultId);return _context13.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResultSummary(json);}));case 2:case"end":return _context13.stop();}},_callee13);}));function getResultSummary(_x21){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(resultId,ref,objectType){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:url="".concat(apiUrl,"/getResultObject?resultId=").concat(resultId,"&").concat(buildRefParams(ref),"&objectType=").concat(objectType);return _context14.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context14.stop();}},_callee14);}));function getResultObject(_x22,_x23,_x24){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(f,body){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:url="".concat(apiUrl,"/").concat(f);return _context15.abrupt("return",fetch(url,{method:"POST",body:JSON.stringify(body),headers:{'Accept':'application/json','Content-Type':'application/json'}}).then(handleErrors));case 2:case"end":return _context15.stop();}},_callee15);}));function doPost(_x25,_x26){return _doPost.apply(this,arguments);}return doPost;}()},{key:"validateNow",value:function(){var _validateNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:return _context16.abrupt("return",this.doPost("validateNow",{"project":project,"target":target}));case 1:case"end":return _context16.stop();}},_callee16,this);}));function validateNow(_x27,_x28){return _validateNow2.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:return _context17.abrupt("return",this.doPost("deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context17.stop();}},_callee17,this);}));function deployNow(_x29,_x30,_x31){return _deployNow2.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:return _context18.abrupt("return",this.doPost("reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context18.stop();}},_callee18,this);}));function reconcileNow(_x32,_x33,_x34){return _reconcileNow2.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:_context19.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context19.abrupt("return",staticShortNames);case 3:case"end":return _context19.stop();}},_callee19);}));function getShortNames(){return _getShortNames3.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee20(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee20$(_context20){while(1)switch(_context20.prev=_context20.next){case 0:_context20.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context20.abrupt("return",function(){});case 4:case"end":return _context20.stop();}},_callee20);}));function listenUpdates(_x35,_x36,_x37){return _listenUpdates3.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee21(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee21$(_context21){while(1)switch(_context21.prev=_context21.next){case 0:_context21.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context21.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context21.stop();}},_callee21);}));function getResult(_x38){return _getResult3.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee22(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee22$(_context22){while(1)switch(_context22.prev=_context22.next){case 0:_context22.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context22.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context22.stop();}},_callee22);}));function getResultSummary(_x39){return _getResultSummary3.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee23(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee23$(_context23){while(1)switch(_context23.prev=_context23.next){case 0:_context23.next=2;return this.getResult(resultId);case 2:result=_context23.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context23.next=6;break;}throw new Error("object not found");case 6:_context23.t0=objectType;_context23.next=_context23.t0===ObjectType.Rendered?9:_context23.t0===ObjectType.Remote?10:_context23.t0===ObjectType.Applied?11:12;break;case 9:return _context23.abrupt("return",object.rendered);case 10:return _context23.abrupt("return",object.remote);case 11:return _context23.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context23.stop();}},_callee23,this);}));function getResultObject(_x40,_x41,_x42){return _getResultObject3.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function handleErrors(response){if(!response.ok){throw Error(response.statusText);}return response;}function buildRefParams(ref){var params=new URLSearchParams();params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}return params.toString();}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}function usePromise(p){if(p===undefined){throw new Promise(function(){return undefined;});}var promise=p;if(promise.status==='fulfilled'){return promise.value;}else if(promise.status==='rejected'){throw promise.reason;}else if(promise.status==='pending'){throw promise;}else{promise.status='pending';p.then(function(result){promise.status='fulfilled';promise.value=result;},function(reason){promise.status='rejected';promise.reason=reason;});throw promise;}}
+;// CONCATENATED MODULE: ./src/project-summaries.ts
+function compareSummaries(a,b){return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime)||b.commandInfo.endTime.localeCompare(b.commandInfo.endTime)||(b.commandInfo.command||"").localeCompare(a.commandInfo.command||"");}function buildProjectSummaries(summaries,validateResults){var sorted=Array.from(summaries.values());sorted.sort(compareSummaries);var m=new Map();sorted.forEach(function(rs){var projectKey=JSON.stringify(rs.projectKey);var p=m.get(projectKey);if(!p){p={project:rs.projectKey,targets:[]};m.set(projectKey,p);}var ptKey=new ProjectTargetKey();ptKey.project=rs.projectKey;ptKey.target=rs.targetKey;var vr=validateResults.get(JSON.stringify(ptKey));var target=p.targets.find(function(t){return lodash_default().isEqual(t.target,rs.targetKey);});if(!target){target={target:rs.targetKey,lastValidateResult:vr,commandResults:[]};p.targets.push(target);}target.commandResults.push(rs);});var ret=[];m.forEach(function(p){p.targets.sort(function(a,b){var _ref;return(a.target.targetName||"").localeCompare(b.target.targetName||"")||a.target.clusterId.localeCompare(b.target.clusterId)||((_ref=a.target.discriminator||"")===null||_ref===void 0?void 0:_ref.localeCompare(b.target.discriminator||""));});ret.push(p);});ret.sort(function(a,b){return(a.project.gitRepoKey||"").localeCompare(b.project.gitRepoKey||"")||(a.project.subDir||"").localeCompare(b.project.subDir||"");});return ret;}
+;// CONCATENATED MODULE: ./src/components/App.tsx
+function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var App=function App(){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summaries=(0,react.useRef)(new Map());var validateResults=(0,react.useRef)(new Map());(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summaries.current.set(rs.id,rs);};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summaries.current.delete(id);};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResults.current.set(JSON.stringify(key),vr);};console.log("starting listenResults");var cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[]);var projects=(0,react.useMemo)(function(){console.log("buildProjectSummaries");return buildProjectSummaries(summaries.current,validateResults.current);},[summaries,validateResults]);var appContext={summaries:summaries.current,projects:projects,validateResults:validateResults.current};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};/* harmony default export */ var components_App = (App);
+;// CONCATENATED MODULE: ./src/components/targets-view/Projects.tsx
+var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
+;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/svgIconClasses.js
+
+
+function getSvgIconUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiSvgIcon', slot);
+}
+var svgIconClasses = generateUtilityClasses('MuiSvgIcon', ['root', 'colorPrimary', 'colorSecondary', 'colorAction', 'colorError', 'colorDisabled', 'fontSizeInherit', 'fontSizeSmall', 'fontSizeMedium', 'fontSizeLarge']);
+/* harmony default export */ var SvgIcon_svgIconClasses = ((/* unused pure expression or super */ null && (svgIconClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/SvgIcon.js
+
+
+var SvgIcon_excluded = ["children", "className", "color", "component", "fontSize", "htmlColor", "inheritViewBox", "titleAccess", "viewBox"];
+
+
+
+
+
+
+
+
+
+
+var SvgIcon_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var color = ownerState.color,
+    fontSize = ownerState.fontSize,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', color !== 'inherit' && "color".concat(utils_capitalize(color)), "fontSize".concat(utils_capitalize(fontSize))]
+  };
+  return composeClasses(slots, getSvgIconUtilityClass, classes);
+};
+var SvgIconRoot = styles_styled('svg', {
+  name: 'MuiSvgIcon',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.color !== 'inherit' && styles["color".concat(utils_capitalize(ownerState.color))], styles["fontSize".concat(utils_capitalize(ownerState.fontSize))]];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  var _theme$transitions, _theme$transitions$cr, _theme$transitions2, _theme$transitions2$d, _theme$typography, _theme$typography$pxT, _theme$typography2, _theme$typography2$px, _theme$typography3, _theme$typography3$px, _palette$ownerState$c, _palette, _palette$ownerState$c2, _palette2, _palette2$action, _palette3, _palette3$action;
+  return {
+    userSelect: 'none',
+    width: '1em',
+    height: '1em',
+    display: 'inline-block',
+    fill: 'currentColor',
+    flexShrink: 0,
+    transition: (_theme$transitions = theme.transitions) == null ? void 0 : (_theme$transitions$cr = _theme$transitions.create) == null ? void 0 : _theme$transitions$cr.call(_theme$transitions, 'fill', {
+      duration: (_theme$transitions2 = theme.transitions) == null ? void 0 : (_theme$transitions2$d = _theme$transitions2.duration) == null ? void 0 : _theme$transitions2$d.shorter
+    }),
+    fontSize: {
+      inherit: 'inherit',
+      small: ((_theme$typography = theme.typography) == null ? void 0 : (_theme$typography$pxT = _theme$typography.pxToRem) == null ? void 0 : _theme$typography$pxT.call(_theme$typography, 20)) || '1.25rem',
+      medium: ((_theme$typography2 = theme.typography) == null ? void 0 : (_theme$typography2$px = _theme$typography2.pxToRem) == null ? void 0 : _theme$typography2$px.call(_theme$typography2, 24)) || '1.5rem',
+      large: ((_theme$typography3 = theme.typography) == null ? void 0 : (_theme$typography3$px = _theme$typography3.pxToRem) == null ? void 0 : _theme$typography3$px.call(_theme$typography3, 35)) || '2.1875rem'
+    }[ownerState.fontSize],
+    // TODO v5 deprecate, v6 remove for sx
+    color: (_palette$ownerState$c = (_palette = (theme.vars || theme).palette) == null ? void 0 : (_palette$ownerState$c2 = _palette[ownerState.color]) == null ? void 0 : _palette$ownerState$c2.main) != null ? _palette$ownerState$c : {
+      action: (_palette2 = (theme.vars || theme).palette) == null ? void 0 : (_palette2$action = _palette2.action) == null ? void 0 : _palette2$action.active,
+      disabled: (_palette3 = (theme.vars || theme).palette) == null ? void 0 : (_palette3$action = _palette3.action) == null ? void 0 : _palette3$action.disabled,
+      inherit: undefined
+    }[ownerState.color]
+  };
+});
+var SvgIcon = /*#__PURE__*/react.forwardRef(function SvgIcon(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiSvgIcon'
+  });
+  var children = props.children,
+    className = props.className,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'inherit' : _props$color,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'svg' : _props$component,
+    _props$fontSize = props.fontSize,
+    fontSize = _props$fontSize === void 0 ? 'medium' : _props$fontSize,
+    htmlColor = props.htmlColor,
+    _props$inheritViewBox = props.inheritViewBox,
+    inheritViewBox = _props$inheritViewBox === void 0 ? false : _props$inheritViewBox,
+    titleAccess = props.titleAccess,
+    _props$viewBox = props.viewBox,
+    viewBox = _props$viewBox === void 0 ? '0 0 24 24' : _props$viewBox,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, SvgIcon_excluded);
+  var ownerState = extends_extends({}, props, {
+    color: color,
+    component: component,
+    fontSize: fontSize,
+    instanceFontSize: inProps.fontSize,
+    inheritViewBox: inheritViewBox,
+    viewBox: viewBox
+  });
+  var more = {};
+  if (!inheritViewBox) {
+    more.viewBox = viewBox;
+  }
+  var classes = SvgIcon_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(SvgIconRoot, extends_extends({
+    as: component,
+    className: clsx_m(classes.root, className),
+    focusable: "false",
+    color: htmlColor,
+    "aria-hidden": titleAccess ? undefined : true,
+    role: titleAccess ? 'img' : undefined,
+    ref: ref
+  }, more, other, {
+    ownerState: ownerState,
+    children: [children, titleAccess ? /*#__PURE__*/(0,jsx_runtime.jsx)("title", {
+      children: titleAccess
+    }) : null]
+  }));
+});
+ false ? 0 : void 0;
+SvgIcon.muiName = 'SvgIcon';
+/* harmony default export */ var SvgIcon_SvgIcon = (SvgIcon);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/createSvgIcon.js
+
+
+
+
+/**
+ * Private module reserved for @mui packages.
+ */
+
+function createSvgIcon(path, displayName) {
+  function Component(props, ref) {
+    return /*#__PURE__*/(0,jsx_runtime.jsx)(SvgIcon_SvgIcon, extends_extends({
+      "data-testid": "".concat(displayName, "Icon"),
+      ref: ref
+    }, props, {
+      children: path
+    }));
+  }
+  if (false) {}
+  Component.muiName = SvgIcon_SvgIcon.muiName;
+  return /*#__PURE__*/react.memo( /*#__PURE__*/react.forwardRef(Component));
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/MoreVert.js
+
+
+/* harmony default export */ var MoreVert = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"
+}), 'MoreVert'));
+// EXTERNAL MODULE: ./node_modules/react-is/index.js
+var react_is = __webpack_require__(441);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/ownerDocument.js
+
+/* harmony default export */ var utils_ownerDocument = (ownerDocument);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/getScrollbarSize.js
+
+/* harmony default export */ var utils_getScrollbarSize = (getScrollbarSize);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuList/MenuList.js
+
+
+var MenuList_excluded = ["actions", "autoFocus", "autoFocusItem", "children", "className", "disabledItemsFocusable", "disableListWrap", "onKeyDown", "variant"];
+
+
+
+
+
+
+
+
+
+function nextItem(list, item, disableListWrap) {
+  if (list === item) {
+    return list.firstChild;
+  }
+  if (item && item.nextElementSibling) {
+    return item.nextElementSibling;
+  }
+  return disableListWrap ? null : list.firstChild;
+}
+function previousItem(list, item, disableListWrap) {
+  if (list === item) {
+    return disableListWrap ? list.firstChild : list.lastChild;
+  }
+  if (item && item.previousElementSibling) {
+    return item.previousElementSibling;
+  }
+  return disableListWrap ? null : list.lastChild;
+}
+function textCriteriaMatches(nextFocus, textCriteria) {
+  if (textCriteria === undefined) {
+    return true;
+  }
+  var text = nextFocus.innerText;
+  if (text === undefined) {
+    // jsdom doesn't support innerText
+    text = nextFocus.textContent;
+  }
+  text = text.trim().toLowerCase();
+  if (text.length === 0) {
+    return false;
+  }
+  if (textCriteria.repeating) {
+    return text[0] === textCriteria.keys[0];
+  }
+  return text.indexOf(textCriteria.keys.join('')) === 0;
+}
+function moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, traversalFunction, textCriteria) {
+  var wrappedOnce = false;
+  var nextFocus = traversalFunction(list, currentFocus, currentFocus ? disableListWrap : false);
+  while (nextFocus) {
+    // Prevent infinite loop.
+    if (nextFocus === list.firstChild) {
+      if (wrappedOnce) {
+        return false;
+      }
+      wrappedOnce = true;
+    }
+
+    // Same logic as useAutocomplete.js
+    var nextFocusDisabled = disabledItemsFocusable ? false : nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
+    if (!nextFocus.hasAttribute('tabindex') || !textCriteriaMatches(nextFocus, textCriteria) || nextFocusDisabled) {
+      // Move to the next element.
+      nextFocus = traversalFunction(list, nextFocus, disableListWrap);
+    } else {
+      nextFocus.focus();
+      return true;
+    }
+  }
+  return false;
+}
+
+/**
+ * A permanently displayed menu following https://www.w3.org/WAI/ARIA/apg/patterns/menu-button/.
+ * It's exposed to help customization of the [`Menu`](/material-ui/api/menu/) component if you
+ * use it separately you need to move focus into the component manually. Once
+ * the focus is placed inside the component it is fully keyboard accessible.
+ */
+var MenuList = /*#__PURE__*/react.forwardRef(function MenuList(props, ref) {
+  var actions = props.actions,
+    _props$autoFocus = props.autoFocus,
+    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
+    _props$autoFocusItem = props.autoFocusItem,
+    autoFocusItem = _props$autoFocusItem === void 0 ? false : _props$autoFocusItem,
+    children = props.children,
+    className = props.className,
+    _props$disabledItemsF = props.disabledItemsFocusable,
+    disabledItemsFocusable = _props$disabledItemsF === void 0 ? false : _props$disabledItemsF,
+    _props$disableListWra = props.disableListWrap,
+    disableListWrap = _props$disableListWra === void 0 ? false : _props$disableListWra,
+    onKeyDown = props.onKeyDown,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'selectedMenu' : _props$variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, MenuList_excluded);
+  var listRef = react.useRef(null);
+  var textCriteriaRef = react.useRef({
+    keys: [],
+    repeating: true,
+    previousKeyMatched: true,
+    lastTime: null
+  });
+  utils_useEnhancedEffect(function () {
+    if (autoFocus) {
+      listRef.current.focus();
+    }
+  }, [autoFocus]);
+  react.useImperativeHandle(actions, function () {
+    return {
+      adjustStyleForScrollbar: function adjustStyleForScrollbar(containerElement, theme) {
+        // Let's ignore that piece of logic if users are already overriding the width
+        // of the menu.
+        var noExplicitWidth = !listRef.current.style.width;
+        if (containerElement.clientHeight < listRef.current.clientHeight && noExplicitWidth) {
+          var scrollbarSize = "".concat(utils_getScrollbarSize(utils_ownerDocument(containerElement)), "px");
+          listRef.current.style[theme.direction === 'rtl' ? 'paddingLeft' : 'paddingRight'] = scrollbarSize;
+          listRef.current.style.width = "calc(100% + ".concat(scrollbarSize, ")");
+        }
+        return listRef.current;
+      }
+    };
+  }, []);
+  var handleKeyDown = function handleKeyDown(event) {
+    var list = listRef.current;
+    var key = event.key;
+    /**
+     * @type {Element} - will always be defined since we are in a keydown handler
+     * attached to an element. A keydown event is either dispatched to the activeElement
+     * or document.body or document.documentElement. Only the first case will
+     * trigger this specific handler.
+     */
+    var currentFocus = utils_ownerDocument(list).activeElement;
+    if (key === 'ArrowDown') {
+      // Prevent scroll of the page
+      event.preventDefault();
+      moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, nextItem);
+    } else if (key === 'ArrowUp') {
+      event.preventDefault();
+      moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, previousItem);
+    } else if (key === 'Home') {
+      event.preventDefault();
+      moveFocus(list, null, disableListWrap, disabledItemsFocusable, nextItem);
+    } else if (key === 'End') {
+      event.preventDefault();
+      moveFocus(list, null, disableListWrap, disabledItemsFocusable, previousItem);
+    } else if (key.length === 1) {
+      var criteria = textCriteriaRef.current;
+      var lowerKey = key.toLowerCase();
+      var currTime = performance.now();
+      if (criteria.keys.length > 0) {
+        // Reset
+        if (currTime - criteria.lastTime > 500) {
+          criteria.keys = [];
+          criteria.repeating = true;
+          criteria.previousKeyMatched = true;
+        } else if (criteria.repeating && lowerKey !== criteria.keys[0]) {
+          criteria.repeating = false;
+        }
+      }
+      criteria.lastTime = currTime;
+      criteria.keys.push(lowerKey);
+      var keepFocusOnCurrent = currentFocus && !criteria.repeating && textCriteriaMatches(currentFocus, criteria);
+      if (criteria.previousKeyMatched && (keepFocusOnCurrent || moveFocus(list, currentFocus, false, disabledItemsFocusable, nextItem, criteria))) {
+        event.preventDefault();
+      } else {
+        criteria.previousKeyMatched = false;
+      }
+    }
+    if (onKeyDown) {
+      onKeyDown(event);
+    }
+  };
+  var handleRef = utils_useForkRef(listRef, ref);
+
+  /**
+   * the index of the item should receive focus
+   * in a `variant="selectedMenu"` it's the first `selected` item
+   * otherwise it's the very first item.
+   */
+  var activeItemIndex = -1;
+  // since we inject focus related props into children we have to do a lookahead
+  // to check if there is a `selected` item. We're looking for the last `selected`
+  // item and use the first valid item as a fallback
+  react.Children.forEach(children, function (child, index) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      if (activeItemIndex === index) {
+        activeItemIndex += 1;
+        if (activeItemIndex >= children.length) {
+          // there are no focusable items within the list.
+          activeItemIndex = -1;
+        }
+      }
+      return;
+    }
+    if (false) {}
+    if (!child.props.disabled) {
+      if (variant === 'selectedMenu' && child.props.selected) {
+        activeItemIndex = index;
+      } else if (activeItemIndex === -1) {
+        activeItemIndex = index;
+      }
+    }
+    if (activeItemIndex === index && (child.props.disabled || child.props.muiSkipListHighlight || child.type.muiSkipListHighlight)) {
+      activeItemIndex += 1;
+      if (activeItemIndex >= children.length) {
+        // there are no focusable items within the list.
+        activeItemIndex = -1;
+      }
+    }
+  });
+  var items = react.Children.map(children, function (child, index) {
+    if (index === activeItemIndex) {
+      var newChildProps = {};
+      if (autoFocusItem) {
+        newChildProps.autoFocus = true;
+      }
+      if (child.props.tabIndex === undefined && variant === 'selectedMenu') {
+        newChildProps.tabIndex = 0;
+      }
+      return /*#__PURE__*/react.cloneElement(child, newChildProps);
+    }
+    return child;
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_List, extends_extends({
+    role: "menu",
+    ref: handleRef,
+    className: className,
+    onKeyDown: handleKeyDown,
+    tabIndex: autoFocus ? 0 : -1
+  }, other, {
+    children: items
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var MenuList_MenuList = (MenuList);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Popover/popoverClasses.js
+
+
+function getPopoverUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiPopover', slot);
+}
+var popoverClasses = generateUtilityClasses('MuiPopover', ['root', 'paper']);
+/* harmony default export */ var Popover_popoverClasses = ((/* unused pure expression or super */ null && (popoverClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Popover/Popover.js
+
+
+
+var Popover_excluded = ["onEntering"],
+  Popover_excluded2 = ["action", "anchorEl", "anchorOrigin", "anchorPosition", "anchorReference", "children", "className", "container", "elevation", "marginThreshold", "open", "PaperProps", "slots", "slotProps", "transformOrigin", "TransitionComponent", "transitionDuration", "TransitionProps"],
+  Popover_excluded3 = ["slotProps"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+function getOffsetTop(rect, vertical) {
+  var offset = 0;
+  if (typeof vertical === 'number') {
+    offset = vertical;
+  } else if (vertical === 'center') {
+    offset = rect.height / 2;
+  } else if (vertical === 'bottom') {
+    offset = rect.height;
+  }
+  return offset;
+}
+function getOffsetLeft(rect, horizontal) {
+  var offset = 0;
+  if (typeof horizontal === 'number') {
+    offset = horizontal;
+  } else if (horizontal === 'center') {
+    offset = rect.width / 2;
+  } else if (horizontal === 'right') {
+    offset = rect.width;
+  }
+  return offset;
+}
+function getTransformOriginValue(transformOrigin) {
+  return [transformOrigin.horizontal, transformOrigin.vertical].map(function (n) {
+    return typeof n === 'number' ? "".concat(n, "px") : n;
+  }).join(' ');
+}
+function Popover_resolveAnchorEl(anchorEl) {
+  return typeof anchorEl === 'function' ? anchorEl() : anchorEl;
+}
+var Popover_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root'],
+    paper: ['paper']
+  };
+  return composeClasses(slots, getPopoverUtilityClass, classes);
+};
+var PopoverRoot = styles_styled(material_Modal_Modal, {
+  name: 'MuiPopover',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({});
+var PopoverPaper = styles_styled(Paper_Paper, {
+  name: 'MuiPopover',
+  slot: 'Paper',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.paper;
+  }
+})({
+  position: 'absolute',
+  overflowY: 'auto',
+  overflowX: 'hidden',
+  // So we see the popover when it's empty.
+  // It's most likely on issue on userland.
+  minWidth: 16,
+  minHeight: 16,
+  maxWidth: 'calc(100% - 32px)',
+  maxHeight: 'calc(100% - 32px)',
+  // We disable the focus ring for mouse, touch and keyboard users.
+  outline: 0
+});
+var Popover = /*#__PURE__*/react.forwardRef(function Popover(inProps, ref) {
+  var _slotProps$paper, _slots$root, _slots$paper;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiPopover'
+  });
+  var action = props.action,
+    anchorEl = props.anchorEl,
+    _props$anchorOrigin = props.anchorOrigin,
+    anchorOrigin = _props$anchorOrigin === void 0 ? {
+      vertical: 'top',
+      horizontal: 'left'
+    } : _props$anchorOrigin,
+    anchorPosition = props.anchorPosition,
+    _props$anchorReferenc = props.anchorReference,
+    anchorReference = _props$anchorReferenc === void 0 ? 'anchorEl' : _props$anchorReferenc,
+    children = props.children,
+    className = props.className,
+    containerProp = props.container,
+    _props$elevation = props.elevation,
+    elevation = _props$elevation === void 0 ? 8 : _props$elevation,
+    _props$marginThreshol = props.marginThreshold,
+    marginThreshold = _props$marginThreshol === void 0 ? 16 : _props$marginThreshol,
+    open = props.open,
+    _props$PaperProps = props.PaperProps,
+    PaperPropsProp = _props$PaperProps === void 0 ? {} : _props$PaperProps,
+    slots = props.slots,
+    slotProps = props.slotProps,
+    _props$transformOrigi = props.transformOrigin,
+    transformOrigin = _props$transformOrigi === void 0 ? {
+      vertical: 'top',
+      horizontal: 'left'
+    } : _props$transformOrigi,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? Grow_Grow : _props$TransitionComp,
+    _props$transitionDura = props.transitionDuration,
+    transitionDurationProp = _props$transitionDura === void 0 ? 'auto' : _props$transitionDura,
+    _props$TransitionProp = props.TransitionProps,
+    _props$TransitionProp2 = _props$TransitionProp === void 0 ? {} : _props$TransitionProp,
+    onEntering = _props$TransitionProp2.onEntering,
+    TransitionProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.TransitionProps, Popover_excluded),
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popover_excluded2);
+  var externalPaperSlotProps = (_slotProps$paper = slotProps == null ? void 0 : slotProps.paper) != null ? _slotProps$paper : PaperPropsProp;
+  var paperRef = react.useRef();
+  var handlePaperRef = utils_useForkRef(paperRef, externalPaperSlotProps.ref);
+  var ownerState = extends_extends({}, props, {
+    anchorOrigin: anchorOrigin,
+    anchorReference: anchorReference,
+    elevation: elevation,
+    marginThreshold: marginThreshold,
+    externalPaperSlotProps: externalPaperSlotProps,
+    transformOrigin: transformOrigin,
+    TransitionComponent: TransitionComponent,
+    transitionDuration: transitionDurationProp,
+    TransitionProps: TransitionProps
+  });
+  var classes = Popover_useUtilityClasses(ownerState);
+
+  // Returns the top/left offset of the position
+  // to attach to on the anchor element (or body if none is provided)
+  var getAnchorOffset = react.useCallback(function () {
+    if (anchorReference === 'anchorPosition') {
+      if (false) {}
+      return anchorPosition;
+    }
+    var resolvedAnchorEl = Popover_resolveAnchorEl(anchorEl);
+
+    // If an anchor element wasn't provided, just use the parent body element of this Popover
+    var anchorElement = resolvedAnchorEl && resolvedAnchorEl.nodeType === 1 ? resolvedAnchorEl : utils_ownerDocument(paperRef.current).body;
+    var anchorRect = anchorElement.getBoundingClientRect();
+    if (false) { var box; }
+    return {
+      top: anchorRect.top + getOffsetTop(anchorRect, anchorOrigin.vertical),
+      left: anchorRect.left + getOffsetLeft(anchorRect, anchorOrigin.horizontal)
+    };
+  }, [anchorEl, anchorOrigin.horizontal, anchorOrigin.vertical, anchorPosition, anchorReference]);
+
+  // Returns the base transform origin using the element
+  var getTransformOrigin = react.useCallback(function (elemRect) {
+    return {
+      vertical: getOffsetTop(elemRect, transformOrigin.vertical),
+      horizontal: getOffsetLeft(elemRect, transformOrigin.horizontal)
+    };
+  }, [transformOrigin.horizontal, transformOrigin.vertical]);
+  var getPositioningStyle = react.useCallback(function (element) {
+    var elemRect = {
+      width: element.offsetWidth,
+      height: element.offsetHeight
+    };
+
+    // Get the transform origin point on the element itself
+    var elemTransformOrigin = getTransformOrigin(elemRect);
+    if (anchorReference === 'none') {
+      return {
+        top: null,
+        left: null,
+        transformOrigin: getTransformOriginValue(elemTransformOrigin)
+      };
+    }
+
+    // Get the offset of the anchoring element
+    var anchorOffset = getAnchorOffset();
+
+    // Calculate element positioning
+    var top = anchorOffset.top - elemTransformOrigin.vertical;
+    var left = anchorOffset.left - elemTransformOrigin.horizontal;
+    var bottom = top + elemRect.height;
+    var right = left + elemRect.width;
+
+    // Use the parent window of the anchorEl if provided
+    var containerWindow = utils_ownerWindow(Popover_resolveAnchorEl(anchorEl));
+
+    // Window thresholds taking required margin into account
+    var heightThreshold = containerWindow.innerHeight - marginThreshold;
+    var widthThreshold = containerWindow.innerWidth - marginThreshold;
+
+    // Check if the vertical axis needs shifting
+    if (top < marginThreshold) {
+      var diff = top - marginThreshold;
+      top -= diff;
+      elemTransformOrigin.vertical += diff;
+    } else if (bottom > heightThreshold) {
+      var _diff = bottom - heightThreshold;
+      top -= _diff;
+      elemTransformOrigin.vertical += _diff;
+    }
+    if (false) {}
+
+    // Check if the horizontal axis needs shifting
+    if (left < marginThreshold) {
+      var _diff2 = left - marginThreshold;
+      left -= _diff2;
+      elemTransformOrigin.horizontal += _diff2;
+    } else if (right > widthThreshold) {
+      var _diff3 = right - widthThreshold;
+      left -= _diff3;
+      elemTransformOrigin.horizontal += _diff3;
+    }
+    return {
+      top: "".concat(Math.round(top), "px"),
+      left: "".concat(Math.round(left), "px"),
+      transformOrigin: getTransformOriginValue(elemTransformOrigin)
+    };
+  }, [anchorEl, anchorReference, getAnchorOffset, getTransformOrigin, marginThreshold]);
+  var _React$useState = react.useState(open),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    isPositioned = _React$useState2[0],
+    setIsPositioned = _React$useState2[1];
+  var setPositioningStyles = react.useCallback(function () {
+    var element = paperRef.current;
+    if (!element) {
+      return;
+    }
+    var positioning = getPositioningStyle(element);
+    if (positioning.top !== null) {
+      element.style.top = positioning.top;
+    }
+    if (positioning.left !== null) {
+      element.style.left = positioning.left;
+    }
+    element.style.transformOrigin = positioning.transformOrigin;
+    setIsPositioned(true);
+  }, [getPositioningStyle]);
+  var handleEntering = function handleEntering(element, isAppearing) {
+    if (onEntering) {
+      onEntering(element, isAppearing);
+    }
+    setPositioningStyles();
+  };
+  var handleExited = function handleExited() {
+    setIsPositioned(false);
+  };
+  react.useEffect(function () {
+    if (open) {
+      setPositioningStyles();
+    }
+  });
+  react.useImperativeHandle(action, function () {
+    return open ? {
+      updatePosition: function updatePosition() {
+        setPositioningStyles();
+      }
+    } : null;
+  }, [open, setPositioningStyles]);
+  react.useEffect(function () {
+    if (!open) {
+      return undefined;
+    }
+    var handleResize = utils_debounce(function () {
+      setPositioningStyles();
+    });
+    var containerWindow = utils_ownerWindow(anchorEl);
+    containerWindow.addEventListener('resize', handleResize);
+    return function () {
+      handleResize.clear();
+      containerWindow.removeEventListener('resize', handleResize);
+    };
+  }, [anchorEl, open, setPositioningStyles]);
+  var transitionDuration = transitionDurationProp;
+  if (transitionDurationProp === 'auto' && !TransitionComponent.muiSupportAuto) {
+    transitionDuration = undefined;
+  }
+
+  // If the container prop is provided, use that
+  // If the anchorEl prop is provided, use its parent body element as the container
+  // If neither are provided let the Modal take care of choosing the container
+  var container = containerProp || (anchorEl ? utils_ownerDocument(Popover_resolveAnchorEl(anchorEl)).body : undefined);
+  var RootSlot = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : PopoverRoot;
+  var PaperSlot = (_slots$paper = slots == null ? void 0 : slots.paper) != null ? _slots$paper : PopoverPaper;
+  var paperProps = useSlotProps({
+    elementType: PaperSlot,
+    externalSlotProps: extends_extends({}, externalPaperSlotProps, {
+      style: isPositioned ? externalPaperSlotProps.style : extends_extends({}, externalPaperSlotProps.style, {
+        opacity: 0
+      })
+    }),
+    additionalProps: {
+      elevation: elevation,
+      ref: handlePaperRef
+    },
+    ownerState: ownerState,
+    className: clsx_m(classes.paper, externalPaperSlotProps == null ? void 0 : externalPaperSlotProps.className)
+  });
+  var _useSlotProps = useSlotProps({
+      elementType: RootSlot,
+      externalSlotProps: (slotProps == null ? void 0 : slotProps.root) || {},
+      externalForwardedProps: other,
+      additionalProps: {
+        ref: ref,
+        slotProps: {
+          backdrop: {
+            invisible: true
+          }
+        },
+        container: container,
+        open: open
+      },
+      ownerState: ownerState,
+      className: clsx_m(classes.root, className)
+    }),
+    rootSlotPropsProp = _useSlotProps.slotProps,
+    rootProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_useSlotProps, Popover_excluded3);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(RootSlot, extends_extends({}, rootProps, !isHostComponent(RootSlot) && {
+    slotProps: rootSlotPropsProp
+  }, {
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+      appear: true,
+      in: open,
+      onEntering: handleEntering,
+      onExited: handleExited,
+      timeout: transitionDuration
+    }, TransitionProps, {
+      children: /*#__PURE__*/(0,jsx_runtime.jsx)(PaperSlot, extends_extends({}, paperProps, {
+        children: children
+      }))
+    }))
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Popover_Popover = (Popover);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Menu/menuClasses.js
+
+
+function getMenuUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiMenu', slot);
+}
+var menuClasses = generateUtilityClasses('MuiMenu', ['root', 'paper', 'list']);
+/* harmony default export */ var Menu_menuClasses = ((/* unused pure expression or super */ null && (menuClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Menu/Menu.js
+
+
+var Menu_excluded = ["onEntering"],
+  Menu_excluded2 = ["autoFocus", "children", "disableAutoFocusItem", "MenuListProps", "onClose", "open", "PaperProps", "PopoverClasses", "transitionDuration", "TransitionProps", "variant"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+var RTL_ORIGIN = {
+  vertical: 'top',
+  horizontal: 'right'
+};
+var LTR_ORIGIN = {
+  vertical: 'top',
+  horizontal: 'left'
+};
+var Menu_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root'],
+    paper: ['paper'],
+    list: ['list']
+  };
+  return composeClasses(slots, getMenuUtilityClass, classes);
+};
+var MenuRoot = styles_styled(Popover_Popover, {
+  shouldForwardProp: function shouldForwardProp(prop) {
+    return rootShouldForwardProp(prop) || prop === 'classes';
+  },
+  name: 'MuiMenu',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({});
+var MenuPaper = styles_styled(PopoverPaper, {
+  name: 'MuiMenu',
+  slot: 'Paper',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.paper;
+  }
+})({
+  // specZ: The maximum height of a simple menu should be one or more rows less than the view
+  // height. This ensures a tappable area outside of the simple menu with which to dismiss
+  // the menu.
+  maxHeight: 'calc(100% - 96px)',
+  // Add iOS momentum scrolling for iOS < 13.0
+  WebkitOverflowScrolling: 'touch'
+});
+var MenuMenuList = styles_styled(MenuList_MenuList, {
+  name: 'MuiMenu',
+  slot: 'List',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.list;
+  }
+})({
+  // We disable the focus ring for mouse, touch and keyboard users.
+  outline: 0
+});
+var Menu = /*#__PURE__*/react.forwardRef(function Menu(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiMenu'
+  });
+  var _props$autoFocus = props.autoFocus,
+    autoFocus = _props$autoFocus === void 0 ? true : _props$autoFocus,
+    children = props.children,
+    _props$disableAutoFoc = props.disableAutoFocusItem,
+    disableAutoFocusItem = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
+    _props$MenuListProps = props.MenuListProps,
+    MenuListProps = _props$MenuListProps === void 0 ? {} : _props$MenuListProps,
+    onClose = props.onClose,
+    open = props.open,
+    _props$PaperProps = props.PaperProps,
+    PaperProps = _props$PaperProps === void 0 ? {} : _props$PaperProps,
+    PopoverClasses = props.PopoverClasses,
+    _props$transitionDura = props.transitionDuration,
+    transitionDuration = _props$transitionDura === void 0 ? 'auto' : _props$transitionDura,
+    _props$TransitionProp = props.TransitionProps,
+    _props$TransitionProp2 = _props$TransitionProp === void 0 ? {} : _props$TransitionProp,
+    onEntering = _props$TransitionProp2.onEntering,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'selectedMenu' : _props$variant,
+    TransitionProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.TransitionProps, Menu_excluded),
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Menu_excluded2);
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ownerState = extends_extends({}, props, {
+    autoFocus: autoFocus,
+    disableAutoFocusItem: disableAutoFocusItem,
+    MenuListProps: MenuListProps,
+    onEntering: onEntering,
+    PaperProps: PaperProps,
+    transitionDuration: transitionDuration,
+    TransitionProps: TransitionProps,
+    variant: variant
+  });
+  var classes = Menu_useUtilityClasses(ownerState);
+  var autoFocusItem = autoFocus && !disableAutoFocusItem && open;
+  var menuListActionsRef = react.useRef(null);
+  var handleEntering = function handleEntering(element, isAppearing) {
+    if (menuListActionsRef.current) {
+      menuListActionsRef.current.adjustStyleForScrollbar(element, theme);
+    }
+    if (onEntering) {
+      onEntering(element, isAppearing);
+    }
+  };
+  var handleListKeyDown = function handleListKeyDown(event) {
+    if (event.key === 'Tab') {
+      event.preventDefault();
+      if (onClose) {
+        onClose(event, 'tabKeyDown');
+      }
+    }
+  };
+
+  /**
+   * the index of the item should receive focus
+   * in a `variant="selectedMenu"` it's the first `selected` item
+   * otherwise it's the very first item.
+   */
+  var activeItemIndex = -1;
+  // since we inject focus related props into children we have to do a lookahead
+  // to check if there is a `selected` item. We're looking for the last `selected`
+  // item and use the first valid item as a fallback
+  react.Children.map(children, function (child, index) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      return;
+    }
+    if (false) {}
+    if (!child.props.disabled) {
+      if (variant === 'selectedMenu' && child.props.selected) {
+        activeItemIndex = index;
+      } else if (activeItemIndex === -1) {
+        activeItemIndex = index;
+      }
+    }
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(MenuRoot, extends_extends({
+    onClose: onClose,
+    anchorOrigin: {
+      vertical: 'bottom',
+      horizontal: isRtl ? 'right' : 'left'
+    },
+    transformOrigin: isRtl ? RTL_ORIGIN : LTR_ORIGIN,
+    slots: {
+      paper: MenuPaper
+    },
+    slotProps: {
+      paper: extends_extends({}, PaperProps, {
+        classes: extends_extends({}, PaperProps.classes, {
+          root: classes.paper
+        })
+      })
+    },
+    className: classes.root,
+    open: open,
+    ref: ref,
+    transitionDuration: transitionDuration,
+    TransitionProps: extends_extends({
+      onEntering: handleEntering
+    }, TransitionProps),
+    ownerState: ownerState
+  }, other, {
+    classes: PopoverClasses,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(MenuMenuList, extends_extends({
+      onKeyDown: handleListKeyDown,
+      actions: menuListActionsRef,
+      autoFocus: autoFocus && (activeItemIndex === -1 || disableAutoFocusItem),
+      autoFocusItem: autoFocusItem,
+      variant: variant
+    }, MenuListProps, {
+      className: clsx_m(classes.list, MenuListProps.className),
+      children: children
+    }))
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Menu_Menu = (Menu);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuItem/menuItemClasses.js
+
+
+function getMenuItemUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiMenuItem', slot);
+}
+var menuItemClasses = generateUtilityClasses('MuiMenuItem', ['root', 'focusVisible', 'dense', 'disabled', 'divider', 'gutters', 'selected']);
+/* harmony default export */ var MenuItem_menuItemClasses = (menuItemClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuItem/MenuItem.js
+
+
+
+var MenuItem_excluded = ["autoFocus", "component", "dense", "divider", "disableGutters", "focusVisibleClassName", "role", "tabIndex", "className"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var MenuItem_overridesResolver = function overridesResolver(props, styles) {
+  var ownerState = props.ownerState;
+  return [styles.root, ownerState.dense && styles.dense, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters];
+};
+var MenuItem_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var disabled = ownerState.disabled,
+    dense = ownerState.dense,
+    divider = ownerState.divider,
+    disableGutters = ownerState.disableGutters,
+    selected = ownerState.selected,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', dense && 'dense', disabled && 'disabled', !disableGutters && 'gutters', divider && 'divider', selected && 'selected']
+  };
+  var composedClasses = composeClasses(slots, getMenuItemUtilityClass, classes);
+  return extends_extends({}, classes, composedClasses);
+};
+var MenuItemRoot = styles_styled(ButtonBase_ButtonBase, {
+  shouldForwardProp: function shouldForwardProp(prop) {
+    return rootShouldForwardProp(prop) || prop === 'classes';
+  },
+  name: 'MuiMenuItem',
+  slot: 'Root',
+  overridesResolver: MenuItem_overridesResolver
+})(function (_ref) {
+  var _extends2;
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({}, theme.typography.body1, {
+    display: 'flex',
+    justifyContent: 'flex-start',
+    alignItems: 'center',
+    position: 'relative',
+    textDecoration: 'none',
+    minHeight: 48,
+    paddingTop: 6,
+    paddingBottom: 6,
+    boxSizing: 'border-box',
+    whiteSpace: 'nowrap'
+  }, !ownerState.disableGutters && {
+    paddingLeft: 16,
+    paddingRight: 16
+  }, ownerState.divider && {
+    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
+    backgroundClip: 'padding-box'
+  }, (_extends2 = {
+    '&:hover': {
+      textDecoration: 'none',
+      backgroundColor: (theme.vars || theme).palette.action.hover,
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.selected), defineProperty_defineProperty({
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+  }, "&.".concat(MenuItem_menuItemClasses.focusVisible), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
+  })), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.selected, ":hover"), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
+    // Reset on touch devices, it doesn't add specificity
+    '@media (hover: none)': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+    }
+  }), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.focusVisible), {
+    backgroundColor: (theme.vars || theme).palette.action.focus
+  }), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity
+  }), defineProperty_defineProperty(_extends2, "& + .".concat(Divider_dividerClasses.root), {
+    marginTop: theme.spacing(1),
+    marginBottom: theme.spacing(1)
+  }), defineProperty_defineProperty(_extends2, "& + .".concat(Divider_dividerClasses.inset), {
+    marginLeft: 52
+  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemText_listItemTextClasses.root), {
+    marginTop: 0,
+    marginBottom: 0
+  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemText_listItemTextClasses.inset), {
+    paddingLeft: 36
+  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemIcon_listItemIconClasses.root), {
+    minWidth: 36
+  }), _extends2), !ownerState.dense && defineProperty_defineProperty({}, theme.breakpoints.up('sm'), {
+    minHeight: 'auto'
+  }), ownerState.dense && extends_extends({
+    minHeight: 32,
+    // https://m2.material.io/components/menus#specs > Dense
+    paddingTop: 4,
+    paddingBottom: 4
+  }, theme.typography.body2, defineProperty_defineProperty({}, "& .".concat(ListItemIcon_listItemIconClasses.root, " svg"), {
+    fontSize: '1.25rem'
+  })));
+});
+var MenuItem = /*#__PURE__*/react.forwardRef(function MenuItem(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiMenuItem'
+  });
+  var _props$autoFocus = props.autoFocus,
+    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'li' : _props$component,
+    _props$dense = props.dense,
+    dense = _props$dense === void 0 ? false : _props$dense,
+    _props$divider = props.divider,
+    divider = _props$divider === void 0 ? false : _props$divider,
+    _props$disableGutters = props.disableGutters,
+    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
+    focusVisibleClassName = props.focusVisibleClassName,
+    _props$role = props.role,
+    role = _props$role === void 0 ? 'menuitem' : _props$role,
+    tabIndexProp = props.tabIndex,
+    className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, MenuItem_excluded);
+  var context = react.useContext(List_ListContext);
+  var childContext = react.useMemo(function () {
+    return {
+      dense: dense || context.dense || false,
+      disableGutters: disableGutters
+    };
+  }, [context.dense, dense, disableGutters]);
+  var menuItemRef = react.useRef(null);
+  utils_useEnhancedEffect(function () {
+    if (autoFocus) {
+      if (menuItemRef.current) {
+        menuItemRef.current.focus();
+      } else if (false) {}
+    }
+  }, [autoFocus]);
+  var ownerState = extends_extends({}, props, {
+    dense: childContext.dense,
+    divider: divider,
+    disableGutters: disableGutters
+  });
+  var classes = MenuItem_useUtilityClasses(props);
+  var handleRef = utils_useForkRef(menuItemRef, ref);
+  var tabIndex;
+  if (!props.disabled) {
+    tabIndex = tabIndexProp !== undefined ? tabIndexProp : -1;
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
+    value: childContext,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(MenuItemRoot, extends_extends({
+      ref: handleRef,
+      role: role,
+      tabIndex: tabIndex,
+      component: component,
+      focusVisibleClassName: clsx_m(classes.focusVisible, focusVisibleClassName),
+      className: clsx_m(classes.root, className)
+    }, other, {
+      ownerState: ownerState,
+      classes: classes
+    }))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var MenuItem_MenuItem = (MenuItem);
+;// CONCATENATED MODULE: ./src/components/ActionsMenu.tsx
+var ActionsMenu=function ActionsMenu(props){var _React$useState=react.useState(null),_React$useState2=slicedToArray_slicedToArray(_React$useState,2),anchorEl=_React$useState2[0],setAnchorEl=_React$useState2[1];var menuOpen=Boolean(anchorEl);var handleMenuClick=function handleMenuClick(e){e.stopPropagation();setAnchorEl(e.currentTarget);};var handleMenuClose=function handleMenuClose(){setAnchorEl(null);};var icon=props.icon||/*#__PURE__*/(0,jsx_runtime.jsx)(MoreVert,{});return/*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:handleMenuClick,size:"small","aria-controls":menuOpen?'account-menu':undefined,"aria-haspopup":"true","aria-expanded":menuOpen?'true':undefined,sx:{padding:0},children:icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(Menu_Menu,{anchorEl:anchorEl,id:"account-menu",open:menuOpen,onClose:handleMenuClose,onClick:function onClick(e){e.stopPropagation();handleMenuClose();},PaperProps:{elevation:0,sx:{overflow:'visible',filter:'drop-shadow(0px 2px 8px rgba(0,0,0,0.32))',mt:1.5,'& .MuiAvatar-root':{width:32,height:32,ml:-0.5,mr:1},'&:before':{content:'""',display:'block',position:'absolute',top:0,right:14,width:10,height:10,bgcolor:'background.paper',transform:'translateY(-50%) rotate(45deg)',zIndex:0}}},transformOrigin:{horizontal:'right',vertical:'top'},anchorOrigin:{horizontal:'right',vertical:'bottom'},children:props.menuItems.map(function(item,i){var handler=function handler(e){e.stopPropagation();if(item.handler){item.handler();}handleMenuClose();};if(item.to){return/*#__PURE__*/(0,jsx_runtime.jsxs)(MenuItem_MenuItem,{component:Link,to:item.to,onClick:handler,children:[item.icon," ",item.text]},i);}else{return/*#__PURE__*/(0,jsx_runtime.jsxs)(MenuItem_MenuItem,{onClick:handler,children:[item.icon," ",item.text]},i);}})})]});};
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Favorite.js
+
+
+/* harmony default export */ var Favorite = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "m12 21.35-1.45-1.32C5.4 15.36 2 12.28 2 8.5 2 5.42 4.42 3 7.5 3c1.74 0 3.41.81 4.5 2.09C13.09 3.81 14.76 3 16.5 3 19.58 3 22 5.42 22 8.5c0 3.78-3.4 6.86-8.55 11.54L12 21.35z"
+}), 'Favorite'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/HeartBroken.js
+
+
+/* harmony default export */ var HeartBroken = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M16.5 3c-.96 0-1.9.25-2.73.69L12 9h3l-3 10 1-9h-3l1.54-5.39C10.47 3.61 9.01 3 7.5 3 4.42 3 2 5.42 2 8.5c0 4.13 4.16 7.18 10 12.5 5.47-4.94 10-8.26 10-12.5C22 5.42 19.58 3 16.5 3z"
+}), 'HeartBroken'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/PublishedWithChanges.js
+
+
+/* harmony default export */ var PublishedWithChanges = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "m17.66 9.53-7.07 7.07-4.24-4.24 1.41-1.41 2.83 2.83 5.66-5.66 1.41 1.41zM4 12c0-2.33 1.02-4.42 2.62-5.88L9 8.5v-6H3l2.2 2.2C3.24 6.52 2 9.11 2 12c0 5.19 3.95 9.45 9 9.95v-2.02c-3.94-.49-7-3.86-7-7.93zm18 0c0-5.19-3.95-9.45-9-9.95v2.02c3.94.49 7 3.86 7 7.93 0 2.33-1.02 4.42-2.62 5.88L15 15.5v6h6l-2.2-2.2c1.96-1.82 3.2-4.41 3.2-7.3z"
+}), 'PublishedWithChanges'));
+;// CONCATENATED MODULE: ./src/components/targets-view/Targets.tsx
+var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},i);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},i);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
+;// CONCATENATED MODULE: ./node_modules/js-yaml/dist/js-yaml.mjs
+/*! js-yaml 4.1.0 https://github.com/nodeca/js-yaml @license MIT */
+function isNothing(subject) {
+  return typeof subject === 'undefined' || subject === null;
+}
+function isObject(subject) {
+  return typeof subject === 'object' && subject !== null;
+}
+function toArray(sequence) {
+  if (Array.isArray(sequence)) return sequence;else if (isNothing(sequence)) return [];
+  return [sequence];
+}
+function extend(target, source) {
+  var index, length, key, sourceKeys;
+  if (source) {
+    sourceKeys = Object.keys(source);
+    for (index = 0, length = sourceKeys.length; index < length; index += 1) {
+      key = sourceKeys[index];
+      target[key] = source[key];
+    }
+  }
+  return target;
+}
+function repeat(string, count) {
+  var result = '',
+    cycle;
+  for (cycle = 0; cycle < count; cycle += 1) {
+    result += string;
+  }
+  return result;
+}
+function isNegativeZero(number) {
+  return number === 0 && Number.NEGATIVE_INFINITY === 1 / number;
+}
+var isNothing_1 = isNothing;
+var isObject_1 = isObject;
+var toArray_1 = toArray;
+var repeat_1 = repeat;
+var isNegativeZero_1 = isNegativeZero;
+var extend_1 = extend;
+var js_yaml_common = {
+  isNothing: isNothing_1,
+  isObject: isObject_1,
+  toArray: toArray_1,
+  repeat: repeat_1,
+  isNegativeZero: isNegativeZero_1,
+  extend: extend_1
+};
+
+// YAML error class. http://stackoverflow.com/questions/8458984
+
+function formatError(exception, compact) {
+  var where = '',
+    message = exception.reason || '(unknown reason)';
+  if (!exception.mark) return message;
+  if (exception.mark.name) {
+    where += 'in "' + exception.mark.name + '" ';
+  }
+  where += '(' + (exception.mark.line + 1) + ':' + (exception.mark.column + 1) + ')';
+  if (!compact && exception.mark.snippet) {
+    where += '\n\n' + exception.mark.snippet;
+  }
+  return message + ' ' + where;
+}
+function YAMLException$1(reason, mark) {
+  // Super constructor
+  Error.call(this);
+  this.name = 'YAMLException';
+  this.reason = reason;
+  this.mark = mark;
+  this.message = formatError(this, false);
+
+  // Include stack trace in error object
+  if (Error.captureStackTrace) {
+    // Chrome and NodeJS
+    Error.captureStackTrace(this, this.constructor);
+  } else {
+    // FF, IE 10+ and Safari 6+. Fallback for others
+    this.stack = new Error().stack || '';
+  }
+}
+
+// Inherit from Error
+YAMLException$1.prototype = Object.create(Error.prototype);
+YAMLException$1.prototype.constructor = YAMLException$1;
+YAMLException$1.prototype.toString = function toString(compact) {
+  return this.name + ': ' + formatError(this, compact);
+};
+var exception = YAMLException$1;
+
+// get snippet for a single line, respecting maxLength
+function getLine(buffer, lineStart, lineEnd, position, maxLineLength) {
+  var head = '';
+  var tail = '';
+  var maxHalfLength = Math.floor(maxLineLength / 2) - 1;
+  if (position - lineStart > maxHalfLength) {
+    head = ' ... ';
+    lineStart = position - maxHalfLength + head.length;
+  }
+  if (lineEnd - position > maxHalfLength) {
+    tail = ' ...';
+    lineEnd = position + maxHalfLength - tail.length;
+  }
+  return {
+    str: head + buffer.slice(lineStart, lineEnd).replace(/\t/g, '→') + tail,
+    pos: position - lineStart + head.length // relative position
+  };
+}
+
+function padStart(string, max) {
+  return js_yaml_common.repeat(' ', max - string.length) + string;
+}
+function makeSnippet(mark, options) {
+  options = Object.create(options || null);
+  if (!mark.buffer) return null;
+  if (!options.maxLength) options.maxLength = 79;
+  if (typeof options.indent !== 'number') options.indent = 1;
+  if (typeof options.linesBefore !== 'number') options.linesBefore = 3;
+  if (typeof options.linesAfter !== 'number') options.linesAfter = 2;
+  var re = /\r?\n|\r|\0/g;
+  var lineStarts = [0];
+  var lineEnds = [];
+  var match;
+  var foundLineNo = -1;
+  while (match = re.exec(mark.buffer)) {
+    lineEnds.push(match.index);
+    lineStarts.push(match.index + match[0].length);
+    if (mark.position <= match.index && foundLineNo < 0) {
+      foundLineNo = lineStarts.length - 2;
+    }
+  }
+  if (foundLineNo < 0) foundLineNo = lineStarts.length - 1;
+  var result = '',
+    i,
+    line;
+  var lineNoLength = Math.min(mark.line + options.linesAfter, lineEnds.length).toString().length;
+  var maxLineLength = options.maxLength - (options.indent + lineNoLength + 3);
+  for (i = 1; i <= options.linesBefore; i++) {
+    if (foundLineNo - i < 0) break;
+    line = getLine(mark.buffer, lineStarts[foundLineNo - i], lineEnds[foundLineNo - i], mark.position - (lineStarts[foundLineNo] - lineStarts[foundLineNo - i]), maxLineLength);
+    result = js_yaml_common.repeat(' ', options.indent) + padStart((mark.line - i + 1).toString(), lineNoLength) + ' | ' + line.str + '\n' + result;
+  }
+  line = getLine(mark.buffer, lineStarts[foundLineNo], lineEnds[foundLineNo], mark.position, maxLineLength);
+  result += js_yaml_common.repeat(' ', options.indent) + padStart((mark.line + 1).toString(), lineNoLength) + ' | ' + line.str + '\n';
+  result += js_yaml_common.repeat('-', options.indent + lineNoLength + 3 + line.pos) + '^' + '\n';
+  for (i = 1; i <= options.linesAfter; i++) {
+    if (foundLineNo + i >= lineEnds.length) break;
+    line = getLine(mark.buffer, lineStarts[foundLineNo + i], lineEnds[foundLineNo + i], mark.position - (lineStarts[foundLineNo] - lineStarts[foundLineNo + i]), maxLineLength);
+    result += js_yaml_common.repeat(' ', options.indent) + padStart((mark.line + i + 1).toString(), lineNoLength) + ' | ' + line.str + '\n';
+  }
+  return result.replace(/\n$/, '');
+}
+var snippet = makeSnippet;
+var TYPE_CONSTRUCTOR_OPTIONS = ['kind', 'multi', 'resolve', 'construct', 'instanceOf', 'predicate', 'represent', 'representName', 'defaultStyle', 'styleAliases'];
+var YAML_NODE_KINDS = ['scalar', 'sequence', 'mapping'];
+function compileStyleAliases(map) {
+  var result = {};
+  if (map !== null) {
+    Object.keys(map).forEach(function (style) {
+      map[style].forEach(function (alias) {
+        result[String(alias)] = style;
+      });
+    });
+  }
+  return result;
+}
+function Type$1(tag, options) {
+  options = options || {};
+  Object.keys(options).forEach(function (name) {
+    if (TYPE_CONSTRUCTOR_OPTIONS.indexOf(name) === -1) {
+      throw new exception('Unknown option "' + name + '" is met in definition of "' + tag + '" YAML type.');
+    }
+  });
+
+  // TODO: Add tag format check.
+  this.options = options; // keep original options in case user wants to extend this type later
+  this.tag = tag;
+  this.kind = options['kind'] || null;
+  this.resolve = options['resolve'] || function () {
+    return true;
+  };
+  this.construct = options['construct'] || function (data) {
+    return data;
+  };
+  this.instanceOf = options['instanceOf'] || null;
+  this.predicate = options['predicate'] || null;
+  this.represent = options['represent'] || null;
+  this.representName = options['representName'] || null;
+  this.defaultStyle = options['defaultStyle'] || null;
+  this.multi = options['multi'] || false;
+  this.styleAliases = compileStyleAliases(options['styleAliases'] || null);
+  if (YAML_NODE_KINDS.indexOf(this.kind) === -1) {
+    throw new exception('Unknown kind "' + this.kind + '" is specified for "' + tag + '" YAML type.');
+  }
+}
+var type = Type$1;
+
+/*eslint-disable max-len*/
+
+function compileList(schema, name) {
+  var result = [];
+  schema[name].forEach(function (currentType) {
+    var newIndex = result.length;
+    result.forEach(function (previousType, previousIndex) {
+      if (previousType.tag === currentType.tag && previousType.kind === currentType.kind && previousType.multi === currentType.multi) {
+        newIndex = previousIndex;
+      }
+    });
+    result[newIndex] = currentType;
+  });
+  return result;
+}
+function compileMap( /* lists... */
+) {
+  var result = {
+      scalar: {},
+      sequence: {},
+      mapping: {},
+      fallback: {},
+      multi: {
+        scalar: [],
+        sequence: [],
+        mapping: [],
+        fallback: []
+      }
+    },
+    index,
+    length;
+  function collectType(type) {
+    if (type.multi) {
+      result.multi[type.kind].push(type);
+      result.multi['fallback'].push(type);
+    } else {
+      result[type.kind][type.tag] = result['fallback'][type.tag] = type;
+    }
+  }
+  for (index = 0, length = arguments.length; index < length; index += 1) {
+    arguments[index].forEach(collectType);
+  }
+  return result;
+}
+function Schema$1(definition) {
+  return this.extend(definition);
+}
+Schema$1.prototype.extend = function extend(definition) {
+  var implicit = [];
+  var explicit = [];
+  if (definition instanceof type) {
+    // Schema.extend(type)
+    explicit.push(definition);
+  } else if (Array.isArray(definition)) {
+    // Schema.extend([ type1, type2, ... ])
+    explicit = explicit.concat(definition);
+  } else if (definition && (Array.isArray(definition.implicit) || Array.isArray(definition.explicit))) {
+    // Schema.extend({ explicit: [ type1, type2, ... ], implicit: [ type1, type2, ... ] })
+    if (definition.implicit) implicit = implicit.concat(definition.implicit);
+    if (definition.explicit) explicit = explicit.concat(definition.explicit);
+  } else {
+    throw new exception('Schema.extend argument should be a Type, [ Type ], ' + 'or a schema definition ({ implicit: [...], explicit: [...] })');
+  }
+  implicit.forEach(function (type$1) {
+    if (!(type$1 instanceof type)) {
+      throw new exception('Specified list of YAML types (or a single Type object) contains a non-Type object.');
+    }
+    if (type$1.loadKind && type$1.loadKind !== 'scalar') {
+      throw new exception('There is a non-scalar type in the implicit list of a schema. Implicit resolving of such types is not supported.');
+    }
+    if (type$1.multi) {
+      throw new exception('There is a multi type in the implicit list of a schema. Multi tags can only be listed as explicit.');
+    }
+  });
+  explicit.forEach(function (type$1) {
+    if (!(type$1 instanceof type)) {
+      throw new exception('Specified list of YAML types (or a single Type object) contains a non-Type object.');
+    }
+  });
+  var result = Object.create(Schema$1.prototype);
+  result.implicit = (this.implicit || []).concat(implicit);
+  result.explicit = (this.explicit || []).concat(explicit);
+  result.compiledImplicit = compileList(result, 'implicit');
+  result.compiledExplicit = compileList(result, 'explicit');
+  result.compiledTypeMap = compileMap(result.compiledImplicit, result.compiledExplicit);
+  return result;
+};
+var schema = Schema$1;
+var str = new type('tag:yaml.org,2002:str', {
+  kind: 'scalar',
+  construct: function construct(data) {
+    return data !== null ? data : '';
+  }
+});
+var seq = new type('tag:yaml.org,2002:seq', {
+  kind: 'sequence',
+  construct: function construct(data) {
+    return data !== null ? data : [];
+  }
+});
+var map = new type('tag:yaml.org,2002:map', {
+  kind: 'mapping',
+  construct: function construct(data) {
+    return data !== null ? data : {};
+  }
+});
+var failsafe = new schema({
+  explicit: [str, seq, map]
+});
+function resolveYamlNull(data) {
+  if (data === null) return true;
+  var max = data.length;
+  return max === 1 && data === '~' || max === 4 && (data === 'null' || data === 'Null' || data === 'NULL');
+}
+function constructYamlNull() {
+  return null;
+}
+function isNull(object) {
+  return object === null;
+}
+var _null = new type('tag:yaml.org,2002:null', {
+  kind: 'scalar',
+  resolve: resolveYamlNull,
+  construct: constructYamlNull,
+  predicate: isNull,
+  represent: {
+    canonical: function canonical() {
+      return '~';
+    },
+    lowercase: function lowercase() {
+      return 'null';
+    },
+    uppercase: function uppercase() {
+      return 'NULL';
+    },
+    camelcase: function camelcase() {
+      return 'Null';
+    },
+    empty: function empty() {
+      return '';
+    }
+  },
+  defaultStyle: 'lowercase'
+});
+function resolveYamlBoolean(data) {
+  if (data === null) return false;
+  var max = data.length;
+  return max === 4 && (data === 'true' || data === 'True' || data === 'TRUE') || max === 5 && (data === 'false' || data === 'False' || data === 'FALSE');
+}
+function constructYamlBoolean(data) {
+  return data === 'true' || data === 'True' || data === 'TRUE';
+}
+function isBoolean(object) {
+  return Object.prototype.toString.call(object) === '[object Boolean]';
+}
+var bool = new type('tag:yaml.org,2002:bool', {
+  kind: 'scalar',
+  resolve: resolveYamlBoolean,
+  construct: constructYamlBoolean,
+  predicate: isBoolean,
+  represent: {
+    lowercase: function lowercase(object) {
+      return object ? 'true' : 'false';
+    },
+    uppercase: function uppercase(object) {
+      return object ? 'TRUE' : 'FALSE';
+    },
+    camelcase: function camelcase(object) {
+      return object ? 'True' : 'False';
+    }
+  },
+  defaultStyle: 'lowercase'
+});
+function isHexCode(c) {
+  return 0x30 /* 0 */ <= c && c <= 0x39 /* 9 */ || 0x41 /* A */ <= c && c <= 0x46 /* F */ || 0x61 /* a */ <= c && c <= 0x66 /* f */;
+}
+
+function isOctCode(c) {
+  return 0x30 /* 0 */ <= c && c <= 0x37 /* 7 */;
+}
+
+function isDecCode(c) {
+  return 0x30 /* 0 */ <= c && c <= 0x39 /* 9 */;
+}
+
+function resolveYamlInteger(data) {
+  if (data === null) return false;
+  var max = data.length,
+    index = 0,
+    hasDigits = false,
+    ch;
+  if (!max) return false;
+  ch = data[index];
+
+  // sign
+  if (ch === '-' || ch === '+') {
+    ch = data[++index];
+  }
+  if (ch === '0') {
+    // 0
+    if (index + 1 === max) return true;
+    ch = data[++index];
+
+    // base 2, base 8, base 16
+
+    if (ch === 'b') {
+      // base 2
+      index++;
+      for (; index < max; index++) {
+        ch = data[index];
+        if (ch === '_') continue;
+        if (ch !== '0' && ch !== '1') return false;
+        hasDigits = true;
+      }
+      return hasDigits && ch !== '_';
+    }
+    if (ch === 'x') {
+      // base 16
+      index++;
+      for (; index < max; index++) {
+        ch = data[index];
+        if (ch === '_') continue;
+        if (!isHexCode(data.charCodeAt(index))) return false;
+        hasDigits = true;
+      }
+      return hasDigits && ch !== '_';
+    }
+    if (ch === 'o') {
+      // base 8
+      index++;
+      for (; index < max; index++) {
+        ch = data[index];
+        if (ch === '_') continue;
+        if (!isOctCode(data.charCodeAt(index))) return false;
+        hasDigits = true;
+      }
+      return hasDigits && ch !== '_';
+    }
+  }
+
+  // base 10 (except 0)
+
+  // value should not start with `_`;
+  if (ch === '_') return false;
+  for (; index < max; index++) {
+    ch = data[index];
+    if (ch === '_') continue;
+    if (!isDecCode(data.charCodeAt(index))) {
+      return false;
+    }
+    hasDigits = true;
+  }
+
+  // Should have digits and should not end with `_`
+  if (!hasDigits || ch === '_') return false;
+  return true;
+}
+function constructYamlInteger(data) {
+  var value = data,
+    sign = 1,
+    ch;
+  if (value.indexOf('_') !== -1) {
+    value = value.replace(/_/g, '');
+  }
+  ch = value[0];
+  if (ch === '-' || ch === '+') {
+    if (ch === '-') sign = -1;
+    value = value.slice(1);
+    ch = value[0];
+  }
+  if (value === '0') return 0;
+  if (ch === '0') {
+    if (value[1] === 'b') return sign * parseInt(value.slice(2), 2);
+    if (value[1] === 'x') return sign * parseInt(value.slice(2), 16);
+    if (value[1] === 'o') return sign * parseInt(value.slice(2), 8);
+  }
+  return sign * parseInt(value, 10);
+}
+function isInteger(object) {
+  return Object.prototype.toString.call(object) === '[object Number]' && object % 1 === 0 && !js_yaml_common.isNegativeZero(object);
+}
+var js_yaml_int = new type('tag:yaml.org,2002:int', {
+  kind: 'scalar',
+  resolve: resolveYamlInteger,
+  construct: constructYamlInteger,
+  predicate: isInteger,
+  represent: {
+    binary: function binary(obj) {
+      return obj >= 0 ? '0b' + obj.toString(2) : '-0b' + obj.toString(2).slice(1);
+    },
+    octal: function octal(obj) {
+      return obj >= 0 ? '0o' + obj.toString(8) : '-0o' + obj.toString(8).slice(1);
+    },
+    decimal: function decimal(obj) {
+      return obj.toString(10);
+    },
+    /* eslint-disable max-len */
+    hexadecimal: function hexadecimal(obj) {
+      return obj >= 0 ? '0x' + obj.toString(16).toUpperCase() : '-0x' + obj.toString(16).toUpperCase().slice(1);
+    }
+  },
+  defaultStyle: 'decimal',
+  styleAliases: {
+    binary: [2, 'bin'],
+    octal: [8, 'oct'],
+    decimal: [10, 'dec'],
+    hexadecimal: [16, 'hex']
+  }
+});
+var YAML_FLOAT_PATTERN = new RegExp(
+// 2.5e4, 2.5 and integers
+'^(?:[-+]?(?:[0-9][0-9_]*)(?:\\.[0-9_]*)?(?:[eE][-+]?[0-9]+)?' +
+// .2e4, .2
+// special case, seems not from spec
+'|\\.[0-9_]+(?:[eE][-+]?[0-9]+)?' +
+// .inf
+'|[-+]?\\.(?:inf|Inf|INF)' +
+// .nan
+'|\\.(?:nan|NaN|NAN))$');
+function resolveYamlFloat(data) {
+  if (data === null) return false;
+  if (!YAML_FLOAT_PATTERN.test(data) ||
+  // Quick hack to not allow integers end with `_`
+  // Probably should update regexp & check speed
+  data[data.length - 1] === '_') {
+    return false;
+  }
+  return true;
+}
+function constructYamlFloat(data) {
+  var value, sign;
+  value = data.replace(/_/g, '').toLowerCase();
+  sign = value[0] === '-' ? -1 : 1;
+  if ('+-'.indexOf(value[0]) >= 0) {
+    value = value.slice(1);
+  }
+  if (value === '.inf') {
+    return sign === 1 ? Number.POSITIVE_INFINITY : Number.NEGATIVE_INFINITY;
+  } else if (value === '.nan') {
+    return NaN;
+  }
+  return sign * parseFloat(value, 10);
+}
+var SCIENTIFIC_WITHOUT_DOT = /^[-+]?[0-9]+e/;
+function representYamlFloat(object, style) {
+  var res;
+  if (isNaN(object)) {
+    switch (style) {
+      case 'lowercase':
+        return '.nan';
+      case 'uppercase':
+        return '.NAN';
+      case 'camelcase':
+        return '.NaN';
+    }
+  } else if (Number.POSITIVE_INFINITY === object) {
+    switch (style) {
+      case 'lowercase':
+        return '.inf';
+      case 'uppercase':
+        return '.INF';
+      case 'camelcase':
+        return '.Inf';
+    }
+  } else if (Number.NEGATIVE_INFINITY === object) {
+    switch (style) {
+      case 'lowercase':
+        return '-.inf';
+      case 'uppercase':
+        return '-.INF';
+      case 'camelcase':
+        return '-.Inf';
+    }
+  } else if (js_yaml_common.isNegativeZero(object)) {
+    return '-0.0';
+  }
+  res = object.toString(10);
+
+  // JS stringifier can build scientific format without dots: 5e-100,
+  // while YAML requres dot: 5.e-100. Fix it with simple hack
+
+  return SCIENTIFIC_WITHOUT_DOT.test(res) ? res.replace('e', '.e') : res;
+}
+function isFloat(object) {
+  return Object.prototype.toString.call(object) === '[object Number]' && (object % 1 !== 0 || js_yaml_common.isNegativeZero(object));
+}
+var js_yaml_float = new type('tag:yaml.org,2002:float', {
+  kind: 'scalar',
+  resolve: resolveYamlFloat,
+  construct: constructYamlFloat,
+  predicate: isFloat,
+  represent: representYamlFloat,
+  defaultStyle: 'lowercase'
+});
+var js_yaml_json = failsafe.extend({
+  implicit: [_null, bool, js_yaml_int, js_yaml_float]
+});
+var core = js_yaml_json;
+var YAML_DATE_REGEXP = new RegExp('^([0-9][0-9][0-9][0-9])' +
+// [1] year
+'-([0-9][0-9])' +
+// [2] month
+'-([0-9][0-9])$'); // [3] day
+
+var YAML_TIMESTAMP_REGEXP = new RegExp('^([0-9][0-9][0-9][0-9])' +
+// [1] year
+'-([0-9][0-9]?)' +
+// [2] month
+'-([0-9][0-9]?)' +
+// [3] day
+'(?:[Tt]|[ \\t]+)' +
+// ...
+'([0-9][0-9]?)' +
+// [4] hour
+':([0-9][0-9])' +
+// [5] minute
+':([0-9][0-9])' +
+// [6] second
+'(?:\\.([0-9]*))?' +
+// [7] fraction
+'(?:[ \\t]*(Z|([-+])([0-9][0-9]?)' +
+// [8] tz [9] tz_sign [10] tz_hour
+'(?::([0-9][0-9]))?))?$'); // [11] tz_minute
+
+function resolveYamlTimestamp(data) {
+  if (data === null) return false;
+  if (YAML_DATE_REGEXP.exec(data) !== null) return true;
+  if (YAML_TIMESTAMP_REGEXP.exec(data) !== null) return true;
+  return false;
+}
+function constructYamlTimestamp(data) {
+  var match,
+    year,
+    month,
+    day,
+    hour,
+    minute,
+    second,
+    fraction = 0,
+    delta = null,
+    tz_hour,
+    tz_minute,
+    date;
+  match = YAML_DATE_REGEXP.exec(data);
+  if (match === null) match = YAML_TIMESTAMP_REGEXP.exec(data);
+  if (match === null) throw new Error('Date resolve error');
+
+  // match: [1] year [2] month [3] day
+
+  year = +match[1];
+  month = +match[2] - 1; // JS month starts with 0
+  day = +match[3];
+  if (!match[4]) {
+    // no hour
+    return new Date(Date.UTC(year, month, day));
+  }
+
+  // match: [4] hour [5] minute [6] second [7] fraction
+
+  hour = +match[4];
+  minute = +match[5];
+  second = +match[6];
+  if (match[7]) {
+    fraction = match[7].slice(0, 3);
+    while (fraction.length < 3) {
+      // milli-seconds
+      fraction += '0';
+    }
+    fraction = +fraction;
+  }
+
+  // match: [8] tz [9] tz_sign [10] tz_hour [11] tz_minute
+
+  if (match[9]) {
+    tz_hour = +match[10];
+    tz_minute = +(match[11] || 0);
+    delta = (tz_hour * 60 + tz_minute) * 60000; // delta in mili-seconds
+    if (match[9] === '-') delta = -delta;
+  }
+  date = new Date(Date.UTC(year, month, day, hour, minute, second, fraction));
+  if (delta) date.setTime(date.getTime() - delta);
+  return date;
+}
+function representYamlTimestamp(object /*, style*/) {
+  return object.toISOString();
+}
+var timestamp = new type('tag:yaml.org,2002:timestamp', {
+  kind: 'scalar',
+  resolve: resolveYamlTimestamp,
+  construct: constructYamlTimestamp,
+  instanceOf: Date,
+  represent: representYamlTimestamp
+});
+function resolveYamlMerge(data) {
+  return data === '<<' || data === null;
+}
+var js_yaml_merge = new type('tag:yaml.org,2002:merge', {
+  kind: 'scalar',
+  resolve: resolveYamlMerge
+});
+
+/*eslint-disable no-bitwise*/
+
+// [ 64, 65, 66 ] -> [ padding, CR, LF ]
+var BASE64_MAP = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\n\r';
+function resolveYamlBinary(data) {
+  if (data === null) return false;
+  var code,
+    idx,
+    bitlen = 0,
+    max = data.length,
+    map = BASE64_MAP;
+
+  // Convert one by one.
+  for (idx = 0; idx < max; idx++) {
+    code = map.indexOf(data.charAt(idx));
+
+    // Skip CR/LF
+    if (code > 64) continue;
+
+    // Fail on illegal characters
+    if (code < 0) return false;
+    bitlen += 6;
+  }
+
+  // If there are any bits left, source was corrupted
+  return bitlen % 8 === 0;
+}
+function constructYamlBinary(data) {
+  var idx,
+    tailbits,
+    input = data.replace(/[\r\n=]/g, ''),
+    // remove CR/LF & padding to simplify scan
+    max = input.length,
+    map = BASE64_MAP,
+    bits = 0,
+    result = [];
+
+  // Collect by 6*4 bits (3 bytes)
+
+  for (idx = 0; idx < max; idx++) {
+    if (idx % 4 === 0 && idx) {
+      result.push(bits >> 16 & 0xFF);
+      result.push(bits >> 8 & 0xFF);
+      result.push(bits & 0xFF);
+    }
+    bits = bits << 6 | map.indexOf(input.charAt(idx));
+  }
+
+  // Dump tail
+
+  tailbits = max % 4 * 6;
+  if (tailbits === 0) {
+    result.push(bits >> 16 & 0xFF);
+    result.push(bits >> 8 & 0xFF);
+    result.push(bits & 0xFF);
+  } else if (tailbits === 18) {
+    result.push(bits >> 10 & 0xFF);
+    result.push(bits >> 2 & 0xFF);
+  } else if (tailbits === 12) {
+    result.push(bits >> 4 & 0xFF);
+  }
+  return new Uint8Array(result);
+}
+function representYamlBinary(object /*, style*/) {
+  var result = '',
+    bits = 0,
+    idx,
+    tail,
+    max = object.length,
+    map = BASE64_MAP;
+
+  // Convert every three bytes to 4 ASCII characters.
+
+  for (idx = 0; idx < max; idx++) {
+    if (idx % 3 === 0 && idx) {
+      result += map[bits >> 18 & 0x3F];
+      result += map[bits >> 12 & 0x3F];
+      result += map[bits >> 6 & 0x3F];
+      result += map[bits & 0x3F];
+    }
+    bits = (bits << 8) + object[idx];
+  }
+
+  // Dump tail
+
+  tail = max % 3;
+  if (tail === 0) {
+    result += map[bits >> 18 & 0x3F];
+    result += map[bits >> 12 & 0x3F];
+    result += map[bits >> 6 & 0x3F];
+    result += map[bits & 0x3F];
+  } else if (tail === 2) {
+    result += map[bits >> 10 & 0x3F];
+    result += map[bits >> 4 & 0x3F];
+    result += map[bits << 2 & 0x3F];
+    result += map[64];
+  } else if (tail === 1) {
+    result += map[bits >> 2 & 0x3F];
+    result += map[bits << 4 & 0x3F];
+    result += map[64];
+    result += map[64];
+  }
+  return result;
+}
+function isBinary(obj) {
+  return Object.prototype.toString.call(obj) === '[object Uint8Array]';
+}
+var binary = new type('tag:yaml.org,2002:binary', {
+  kind: 'scalar',
+  resolve: resolveYamlBinary,
+  construct: constructYamlBinary,
+  predicate: isBinary,
+  represent: representYamlBinary
+});
+var _hasOwnProperty$3 = Object.prototype.hasOwnProperty;
+var _toString$2 = Object.prototype.toString;
+function resolveYamlOmap(data) {
+  if (data === null) return true;
+  var objectKeys = [],
+    index,
+    length,
+    pair,
+    pairKey,
+    pairHasKey,
+    object = data;
+  for (index = 0, length = object.length; index < length; index += 1) {
+    pair = object[index];
+    pairHasKey = false;
+    if (_toString$2.call(pair) !== '[object Object]') return false;
+    for (pairKey in pair) {
+      if (_hasOwnProperty$3.call(pair, pairKey)) {
+        if (!pairHasKey) pairHasKey = true;else return false;
+      }
+    }
+    if (!pairHasKey) return false;
+    if (objectKeys.indexOf(pairKey) === -1) objectKeys.push(pairKey);else return false;
+  }
+  return true;
+}
+function constructYamlOmap(data) {
+  return data !== null ? data : [];
+}
+var omap = new type('tag:yaml.org,2002:omap', {
+  kind: 'sequence',
+  resolve: resolveYamlOmap,
+  construct: constructYamlOmap
+});
+var _toString$1 = Object.prototype.toString;
+function resolveYamlPairs(data) {
+  if (data === null) return true;
+  var index,
+    length,
+    pair,
+    keys,
+    result,
+    object = data;
+  result = new Array(object.length);
+  for (index = 0, length = object.length; index < length; index += 1) {
+    pair = object[index];
+    if (_toString$1.call(pair) !== '[object Object]') return false;
+    keys = Object.keys(pair);
+    if (keys.length !== 1) return false;
+    result[index] = [keys[0], pair[keys[0]]];
+  }
+  return true;
+}
+function constructYamlPairs(data) {
+  if (data === null) return [];
+  var index,
+    length,
+    pair,
+    keys,
+    result,
+    object = data;
+  result = new Array(object.length);
+  for (index = 0, length = object.length; index < length; index += 1) {
+    pair = object[index];
+    keys = Object.keys(pair);
+    result[index] = [keys[0], pair[keys[0]]];
+  }
+  return result;
+}
+var pairs = new type('tag:yaml.org,2002:pairs', {
+  kind: 'sequence',
+  resolve: resolveYamlPairs,
+  construct: constructYamlPairs
+});
+var _hasOwnProperty$2 = Object.prototype.hasOwnProperty;
+function resolveYamlSet(data) {
+  if (data === null) return true;
+  var key,
+    object = data;
+  for (key in object) {
+    if (_hasOwnProperty$2.call(object, key)) {
+      if (object[key] !== null) return false;
+    }
+  }
+  return true;
+}
+function constructYamlSet(data) {
+  return data !== null ? data : {};
+}
+var set = new type('tag:yaml.org,2002:set', {
+  kind: 'mapping',
+  resolve: resolveYamlSet,
+  construct: constructYamlSet
+});
+var _default = core.extend({
+  implicit: [timestamp, js_yaml_merge],
+  explicit: [binary, omap, pairs, set]
+});
+
+/*eslint-disable max-len,no-use-before-define*/
+
+var _hasOwnProperty$1 = Object.prototype.hasOwnProperty;
+var CONTEXT_FLOW_IN = 1;
+var CONTEXT_FLOW_OUT = 2;
+var CONTEXT_BLOCK_IN = 3;
+var CONTEXT_BLOCK_OUT = 4;
+var CHOMPING_CLIP = 1;
+var CHOMPING_STRIP = 2;
+var CHOMPING_KEEP = 3;
+var PATTERN_NON_PRINTABLE = /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x84\x86-\x9F\uFFFE\uFFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/;
+var PATTERN_NON_ASCII_LINE_BREAKS = /[\x85\u2028\u2029]/;
+var PATTERN_FLOW_INDICATORS = /[,\[\]\{\}]/;
+var PATTERN_TAG_HANDLE = /^(?:!|!!|![a-z\-]+!)$/i;
+var PATTERN_TAG_URI = /^(?:!|[^,\[\]\{\}])(?:%[0-9a-f]{2}|[0-9a-z\-#;\/\?:@&=\+\$,_\.!~\*'\(\)\[\]])*$/i;
+function _class(obj) {
+  return Object.prototype.toString.call(obj);
+}
+function is_EOL(c) {
+  return c === 0x0A /* LF */ || c === 0x0D /* CR */;
+}
+
+function is_WHITE_SPACE(c) {
+  return c === 0x09 /* Tab */ || c === 0x20 /* Space */;
+}
+
+function is_WS_OR_EOL(c) {
+  return c === 0x09 /* Tab */ || c === 0x20 /* Space */ || c === 0x0A /* LF */ || c === 0x0D /* CR */;
+}
+
+function is_FLOW_INDICATOR(c) {
+  return c === 0x2C /* , */ || c === 0x5B /* [ */ || c === 0x5D /* ] */ || c === 0x7B /* { */ || c === 0x7D /* } */;
+}
+
+function fromHexCode(c) {
+  var lc;
+  if (0x30 /* 0 */ <= c && c <= 0x39 /* 9 */) {
+    return c - 0x30;
+  }
+
+  /*eslint-disable no-bitwise*/
+  lc = c | 0x20;
+  if (0x61 /* a */ <= lc && lc <= 0x66 /* f */) {
+    return lc - 0x61 + 10;
+  }
+  return -1;
+}
+function escapedHexLen(c) {
+  if (c === 0x78 /* x */) {
+    return 2;
+  }
+  if (c === 0x75 /* u */) {
+    return 4;
+  }
+  if (c === 0x55 /* U */) {
+    return 8;
+  }
+  return 0;
+}
+function fromDecimalCode(c) {
+  if (0x30 /* 0 */ <= c && c <= 0x39 /* 9 */) {
+    return c - 0x30;
+  }
+  return -1;
+}
+function simpleEscapeSequence(c) {
+  /* eslint-disable indent */
+  return c === 0x30 /* 0 */ ? '\x00' : c === 0x61 /* a */ ? '\x07' : c === 0x62 /* b */ ? '\x08' : c === 0x74 /* t */ ? '\x09' : c === 0x09 /* Tab */ ? '\x09' : c === 0x6E /* n */ ? '\x0A' : c === 0x76 /* v */ ? '\x0B' : c === 0x66 /* f */ ? '\x0C' : c === 0x72 /* r */ ? '\x0D' : c === 0x65 /* e */ ? '\x1B' : c === 0x20 /* Space */ ? ' ' : c === 0x22 /* " */ ? '\x22' : c === 0x2F /* / */ ? '/' : c === 0x5C /* \ */ ? '\x5C' : c === 0x4E /* N */ ? '\x85' : c === 0x5F /* _ */ ? '\xA0' : c === 0x4C /* L */ ? "\u2028" : c === 0x50 /* P */ ? "\u2029" : '';
+}
+function charFromCodepoint(c) {
+  if (c <= 0xFFFF) {
+    return String.fromCharCode(c);
+  }
+  // Encode UTF-16 surrogate pair
+  // https://en.wikipedia.org/wiki/UTF-16#Code_points_U.2B010000_to_U.2B10FFFF
+  return String.fromCharCode((c - 0x010000 >> 10) + 0xD800, (c - 0x010000 & 0x03FF) + 0xDC00);
+}
+var simpleEscapeCheck = new Array(256); // integer, for fast access
+var simpleEscapeMap = new Array(256);
+for (var i = 0; i < 256; i++) {
+  simpleEscapeCheck[i] = simpleEscapeSequence(i) ? 1 : 0;
+  simpleEscapeMap[i] = simpleEscapeSequence(i);
+}
+function State$1(input, options) {
+  this.input = input;
+  this.filename = options['filename'] || null;
+  this.schema = options['schema'] || _default;
+  this.onWarning = options['onWarning'] || null;
+  // (Hidden) Remove? makes the loader to expect YAML 1.1 documents
+  // if such documents have no explicit %YAML directive
+  this.legacy = options['legacy'] || false;
+  this.json = options['json'] || false;
+  this.listener = options['listener'] || null;
+  this.implicitTypes = this.schema.compiledImplicit;
+  this.typeMap = this.schema.compiledTypeMap;
+  this.length = input.length;
+  this.position = 0;
+  this.line = 0;
+  this.lineStart = 0;
+  this.lineIndent = 0;
+
+  // position of first leading tab in the current line,
+  // used to make sure there are no tabs in the indentation
+  this.firstTabInLine = -1;
+  this.documents = [];
+
+  /*
+  this.version;
+  this.checkLineBreaks;
+  this.tagMap;
+  this.anchorMap;
+  this.tag;
+  this.anchor;
+  this.kind;
+  this.result;*/
+}
+
+function generateError(state, message) {
+  var mark = {
+    name: state.filename,
+    buffer: state.input.slice(0, -1),
+    // omit trailing \0
+    position: state.position,
+    line: state.line,
+    column: state.position - state.lineStart
+  };
+  mark.snippet = snippet(mark);
+  return new exception(message, mark);
+}
+function throwError(state, message) {
+  throw generateError(state, message);
+}
+function throwWarning(state, message) {
+  if (state.onWarning) {
+    state.onWarning.call(null, generateError(state, message));
+  }
+}
+var directiveHandlers = {
+  YAML: function handleYamlDirective(state, name, args) {
+    var match, major, minor;
+    if (state.version !== null) {
+      throwError(state, 'duplication of %YAML directive');
+    }
+    if (args.length !== 1) {
+      throwError(state, 'YAML directive accepts exactly one argument');
+    }
+    match = /^([0-9]+)\.([0-9]+)$/.exec(args[0]);
+    if (match === null) {
+      throwError(state, 'ill-formed argument of the YAML directive');
+    }
+    major = parseInt(match[1], 10);
+    minor = parseInt(match[2], 10);
+    if (major !== 1) {
+      throwError(state, 'unacceptable YAML version of the document');
+    }
+    state.version = args[0];
+    state.checkLineBreaks = minor < 2;
+    if (minor !== 1 && minor !== 2) {
+      throwWarning(state, 'unsupported YAML version of the document');
+    }
+  },
+  TAG: function handleTagDirective(state, name, args) {
+    var handle, prefix;
+    if (args.length !== 2) {
+      throwError(state, 'TAG directive accepts exactly two arguments');
+    }
+    handle = args[0];
+    prefix = args[1];
+    if (!PATTERN_TAG_HANDLE.test(handle)) {
+      throwError(state, 'ill-formed tag handle (first argument) of the TAG directive');
+    }
+    if (_hasOwnProperty$1.call(state.tagMap, handle)) {
+      throwError(state, 'there is a previously declared suffix for "' + handle + '" tag handle');
+    }
+    if (!PATTERN_TAG_URI.test(prefix)) {
+      throwError(state, 'ill-formed tag prefix (second argument) of the TAG directive');
+    }
+    try {
+      prefix = decodeURIComponent(prefix);
+    } catch (err) {
+      throwError(state, 'tag prefix is malformed: ' + prefix);
+    }
+    state.tagMap[handle] = prefix;
+  }
+};
+function captureSegment(state, start, end, checkJson) {
+  var _position, _length, _character, _result;
+  if (start < end) {
+    _result = state.input.slice(start, end);
+    if (checkJson) {
+      for (_position = 0, _length = _result.length; _position < _length; _position += 1) {
+        _character = _result.charCodeAt(_position);
+        if (!(_character === 0x09 || 0x20 <= _character && _character <= 0x10FFFF)) {
+          throwError(state, 'expected valid JSON character');
+        }
+      }
+    } else if (PATTERN_NON_PRINTABLE.test(_result)) {
+      throwError(state, 'the stream contains non-printable characters');
+    }
+    state.result += _result;
+  }
+}
+function mergeMappings(state, destination, source, overridableKeys) {
+  var sourceKeys, key, index, quantity;
+  if (!js_yaml_common.isObject(source)) {
+    throwError(state, 'cannot merge mappings; the provided source object is unacceptable');
+  }
+  sourceKeys = Object.keys(source);
+  for (index = 0, quantity = sourceKeys.length; index < quantity; index += 1) {
+    key = sourceKeys[index];
+    if (!_hasOwnProperty$1.call(destination, key)) {
+      destination[key] = source[key];
+      overridableKeys[key] = true;
+    }
+  }
+}
+function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, startLine, startLineStart, startPos) {
+  var index, quantity;
+
+  // The output is a plain object here, so keys can only be strings.
+  // We need to convert keyNode to a string, but doing so can hang the process
+  // (deeply nested arrays that explode exponentially using aliases).
+  if (Array.isArray(keyNode)) {
+    keyNode = Array.prototype.slice.call(keyNode);
+    for (index = 0, quantity = keyNode.length; index < quantity; index += 1) {
+      if (Array.isArray(keyNode[index])) {
+        throwError(state, 'nested arrays are not supported inside keys');
+      }
+      if (typeof keyNode === 'object' && _class(keyNode[index]) === '[object Object]') {
+        keyNode[index] = '[object Object]';
+      }
+    }
+  }
+
+  // Avoid code execution in load() via toString property
+  // (still use its own toString for arrays, timestamps,
+  // and whatever user schema extensions happen to have @@toStringTag)
+  if (typeof keyNode === 'object' && _class(keyNode) === '[object Object]') {
+    keyNode = '[object Object]';
+  }
+  keyNode = String(keyNode);
+  if (_result === null) {
+    _result = {};
+  }
+  if (keyTag === 'tag:yaml.org,2002:merge') {
+    if (Array.isArray(valueNode)) {
+      for (index = 0, quantity = valueNode.length; index < quantity; index += 1) {
+        mergeMappings(state, _result, valueNode[index], overridableKeys);
+      }
+    } else {
+      mergeMappings(state, _result, valueNode, overridableKeys);
+    }
+  } else {
+    if (!state.json && !_hasOwnProperty$1.call(overridableKeys, keyNode) && _hasOwnProperty$1.call(_result, keyNode)) {
+      state.line = startLine || state.line;
+      state.lineStart = startLineStart || state.lineStart;
+      state.position = startPos || state.position;
+      throwError(state, 'duplicated mapping key');
+    }
+
+    // used for this specific key only because Object.defineProperty is slow
+    if (keyNode === '__proto__') {
+      Object.defineProperty(_result, keyNode, {
+        configurable: true,
+        enumerable: true,
+        writable: true,
+        value: valueNode
+      });
+    } else {
+      _result[keyNode] = valueNode;
+    }
+    delete overridableKeys[keyNode];
+  }
+  return _result;
+}
+function readLineBreak(state) {
+  var ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch === 0x0A /* LF */) {
+    state.position++;
+  } else if (ch === 0x0D /* CR */) {
+    state.position++;
+    if (state.input.charCodeAt(state.position) === 0x0A /* LF */) {
+      state.position++;
+    }
+  } else {
+    throwError(state, 'a line break is expected');
+  }
+  state.line += 1;
+  state.lineStart = state.position;
+  state.firstTabInLine = -1;
+}
+function skipSeparationSpace(state, allowComments, checkIndent) {
+  var lineBreaks = 0,
+    ch = state.input.charCodeAt(state.position);
+  while (ch !== 0) {
+    while (is_WHITE_SPACE(ch)) {
+      if (ch === 0x09 /* Tab */ && state.firstTabInLine === -1) {
+        state.firstTabInLine = state.position;
+      }
+      ch = state.input.charCodeAt(++state.position);
+    }
+    if (allowComments && ch === 0x23 /* # */) {
+      do {
+        ch = state.input.charCodeAt(++state.position);
+      } while (ch !== 0x0A /* LF */ && ch !== 0x0D /* CR */ && ch !== 0);
+    }
+    if (is_EOL(ch)) {
+      readLineBreak(state);
+      ch = state.input.charCodeAt(state.position);
+      lineBreaks++;
+      state.lineIndent = 0;
+      while (ch === 0x20 /* Space */) {
+        state.lineIndent++;
+        ch = state.input.charCodeAt(++state.position);
+      }
+    } else {
+      break;
+    }
+  }
+  if (checkIndent !== -1 && lineBreaks !== 0 && state.lineIndent < checkIndent) {
+    throwWarning(state, 'deficient indentation');
+  }
+  return lineBreaks;
+}
+function testDocumentSeparator(state) {
+  var _position = state.position,
+    ch;
+  ch = state.input.charCodeAt(_position);
+
+  // Condition state.position === state.lineStart is tested
+  // in parent on each call, for efficiency. No needs to test here again.
+  if ((ch === 0x2D /* - */ || ch === 0x2E /* . */) && ch === state.input.charCodeAt(_position + 1) && ch === state.input.charCodeAt(_position + 2)) {
+    _position += 3;
+    ch = state.input.charCodeAt(_position);
+    if (ch === 0 || is_WS_OR_EOL(ch)) {
+      return true;
+    }
+  }
+  return false;
+}
+function writeFoldedLines(state, count) {
+  if (count === 1) {
+    state.result += ' ';
+  } else if (count > 1) {
+    state.result += js_yaml_common.repeat('\n', count - 1);
+  }
+}
+function readPlainScalar(state, nodeIndent, withinFlowCollection) {
+  var preceding,
+    following,
+    captureStart,
+    captureEnd,
+    hasPendingContent,
+    _line,
+    _lineStart,
+    _lineIndent,
+    _kind = state.kind,
+    _result = state.result,
+    ch;
+  ch = state.input.charCodeAt(state.position);
+  if (is_WS_OR_EOL(ch) || is_FLOW_INDICATOR(ch) || ch === 0x23 /* # */ || ch === 0x26 /* & */ || ch === 0x2A /* * */ || ch === 0x21 /* ! */ || ch === 0x7C /* | */ || ch === 0x3E /* > */ || ch === 0x27 /* ' */ || ch === 0x22 /* " */ || ch === 0x25 /* % */ || ch === 0x40 /* @ */ || ch === 0x60 /* ` */) {
+    return false;
+  }
+  if (ch === 0x3F /* ? */ || ch === 0x2D /* - */) {
+    following = state.input.charCodeAt(state.position + 1);
+    if (is_WS_OR_EOL(following) || withinFlowCollection && is_FLOW_INDICATOR(following)) {
+      return false;
+    }
+  }
+  state.kind = 'scalar';
+  state.result = '';
+  captureStart = captureEnd = state.position;
+  hasPendingContent = false;
+  while (ch !== 0) {
+    if (ch === 0x3A /* : */) {
+      following = state.input.charCodeAt(state.position + 1);
+      if (is_WS_OR_EOL(following) || withinFlowCollection && is_FLOW_INDICATOR(following)) {
+        break;
+      }
+    } else if (ch === 0x23 /* # */) {
+      preceding = state.input.charCodeAt(state.position - 1);
+      if (is_WS_OR_EOL(preceding)) {
+        break;
+      }
+    } else if (state.position === state.lineStart && testDocumentSeparator(state) || withinFlowCollection && is_FLOW_INDICATOR(ch)) {
+      break;
+    } else if (is_EOL(ch)) {
+      _line = state.line;
+      _lineStart = state.lineStart;
+      _lineIndent = state.lineIndent;
+      skipSeparationSpace(state, false, -1);
+      if (state.lineIndent >= nodeIndent) {
+        hasPendingContent = true;
+        ch = state.input.charCodeAt(state.position);
+        continue;
+      } else {
+        state.position = captureEnd;
+        state.line = _line;
+        state.lineStart = _lineStart;
+        state.lineIndent = _lineIndent;
+        break;
+      }
+    }
+    if (hasPendingContent) {
+      captureSegment(state, captureStart, captureEnd, false);
+      writeFoldedLines(state, state.line - _line);
+      captureStart = captureEnd = state.position;
+      hasPendingContent = false;
+    }
+    if (!is_WHITE_SPACE(ch)) {
+      captureEnd = state.position + 1;
+    }
+    ch = state.input.charCodeAt(++state.position);
+  }
+  captureSegment(state, captureStart, captureEnd, false);
+  if (state.result) {
+    return true;
+  }
+  state.kind = _kind;
+  state.result = _result;
+  return false;
+}
+function readSingleQuotedScalar(state, nodeIndent) {
+  var ch, captureStart, captureEnd;
+  ch = state.input.charCodeAt(state.position);
+  if (ch !== 0x27 /* ' */) {
+    return false;
+  }
+  state.kind = 'scalar';
+  state.result = '';
+  state.position++;
+  captureStart = captureEnd = state.position;
+  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
+    if (ch === 0x27 /* ' */) {
+      captureSegment(state, captureStart, state.position, true);
+      ch = state.input.charCodeAt(++state.position);
+      if (ch === 0x27 /* ' */) {
+        captureStart = state.position;
+        state.position++;
+        captureEnd = state.position;
+      } else {
+        return true;
+      }
+    } else if (is_EOL(ch)) {
+      captureSegment(state, captureStart, captureEnd, true);
+      writeFoldedLines(state, skipSeparationSpace(state, false, nodeIndent));
+      captureStart = captureEnd = state.position;
+    } else if (state.position === state.lineStart && testDocumentSeparator(state)) {
+      throwError(state, 'unexpected end of the document within a single quoted scalar');
+    } else {
+      state.position++;
+      captureEnd = state.position;
+    }
+  }
+  throwError(state, 'unexpected end of the stream within a single quoted scalar');
+}
+function readDoubleQuotedScalar(state, nodeIndent) {
+  var captureStart, captureEnd, hexLength, hexResult, tmp, ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch !== 0x22 /* " */) {
+    return false;
+  }
+  state.kind = 'scalar';
+  state.result = '';
+  state.position++;
+  captureStart = captureEnd = state.position;
+  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
+    if (ch === 0x22 /* " */) {
+      captureSegment(state, captureStart, state.position, true);
+      state.position++;
+      return true;
+    } else if (ch === 0x5C /* \ */) {
+      captureSegment(state, captureStart, state.position, true);
+      ch = state.input.charCodeAt(++state.position);
+      if (is_EOL(ch)) {
+        skipSeparationSpace(state, false, nodeIndent);
+
+        // TODO: rework to inline fn with no type cast?
+      } else if (ch < 256 && simpleEscapeCheck[ch]) {
+        state.result += simpleEscapeMap[ch];
+        state.position++;
+      } else if ((tmp = escapedHexLen(ch)) > 0) {
+        hexLength = tmp;
+        hexResult = 0;
+        for (; hexLength > 0; hexLength--) {
+          ch = state.input.charCodeAt(++state.position);
+          if ((tmp = fromHexCode(ch)) >= 0) {
+            hexResult = (hexResult << 4) + tmp;
+          } else {
+            throwError(state, 'expected hexadecimal character');
+          }
+        }
+        state.result += charFromCodepoint(hexResult);
+        state.position++;
+      } else {
+        throwError(state, 'unknown escape sequence');
+      }
+      captureStart = captureEnd = state.position;
+    } else if (is_EOL(ch)) {
+      captureSegment(state, captureStart, captureEnd, true);
+      writeFoldedLines(state, skipSeparationSpace(state, false, nodeIndent));
+      captureStart = captureEnd = state.position;
+    } else if (state.position === state.lineStart && testDocumentSeparator(state)) {
+      throwError(state, 'unexpected end of the document within a double quoted scalar');
+    } else {
+      state.position++;
+      captureEnd = state.position;
+    }
+  }
+  throwError(state, 'unexpected end of the stream within a double quoted scalar');
+}
+function readFlowCollection(state, nodeIndent) {
+  var readNext = true,
+    _line,
+    _lineStart,
+    _pos,
+    _tag = state.tag,
+    _result,
+    _anchor = state.anchor,
+    following,
+    terminator,
+    isPair,
+    isExplicitPair,
+    isMapping,
+    overridableKeys = Object.create(null),
+    keyNode,
+    keyTag,
+    valueNode,
+    ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch === 0x5B /* [ */) {
+    terminator = 0x5D; /* ] */
+    isMapping = false;
+    _result = [];
+  } else if (ch === 0x7B /* { */) {
+    terminator = 0x7D; /* } */
+    isMapping = true;
+    _result = {};
+  } else {
+    return false;
+  }
+  if (state.anchor !== null) {
+    state.anchorMap[state.anchor] = _result;
+  }
+  ch = state.input.charCodeAt(++state.position);
+  while (ch !== 0) {
+    skipSeparationSpace(state, true, nodeIndent);
+    ch = state.input.charCodeAt(state.position);
+    if (ch === terminator) {
+      state.position++;
+      state.tag = _tag;
+      state.anchor = _anchor;
+      state.kind = isMapping ? 'mapping' : 'sequence';
+      state.result = _result;
+      return true;
+    } else if (!readNext) {
+      throwError(state, 'missed comma between flow collection entries');
+    } else if (ch === 0x2C /* , */) {
+      // "flow collection entries can never be completely empty", as per YAML 1.2, section 7.4
+      throwError(state, "expected the node content, but found ','");
+    }
+    keyTag = keyNode = valueNode = null;
+    isPair = isExplicitPair = false;
+    if (ch === 0x3F /* ? */) {
+      following = state.input.charCodeAt(state.position + 1);
+      if (is_WS_OR_EOL(following)) {
+        isPair = isExplicitPair = true;
+        state.position++;
+        skipSeparationSpace(state, true, nodeIndent);
+      }
+    }
+    _line = state.line; // Save the current line.
+    _lineStart = state.lineStart;
+    _pos = state.position;
+    composeNode(state, nodeIndent, CONTEXT_FLOW_IN, false, true);
+    keyTag = state.tag;
+    keyNode = state.result;
+    skipSeparationSpace(state, true, nodeIndent);
+    ch = state.input.charCodeAt(state.position);
+    if ((isExplicitPair || state.line === _line) && ch === 0x3A /* : */) {
+      isPair = true;
+      ch = state.input.charCodeAt(++state.position);
+      skipSeparationSpace(state, true, nodeIndent);
+      composeNode(state, nodeIndent, CONTEXT_FLOW_IN, false, true);
+      valueNode = state.result;
+    }
+    if (isMapping) {
+      storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, _line, _lineStart, _pos);
+    } else if (isPair) {
+      _result.push(storeMappingPair(state, null, overridableKeys, keyTag, keyNode, valueNode, _line, _lineStart, _pos));
+    } else {
+      _result.push(keyNode);
+    }
+    skipSeparationSpace(state, true, nodeIndent);
+    ch = state.input.charCodeAt(state.position);
+    if (ch === 0x2C /* , */) {
+      readNext = true;
+      ch = state.input.charCodeAt(++state.position);
+    } else {
+      readNext = false;
+    }
+  }
+  throwError(state, 'unexpected end of the stream within a flow collection');
+}
+function readBlockScalar(state, nodeIndent) {
+  var captureStart,
+    folding,
+    chomping = CHOMPING_CLIP,
+    didReadContent = false,
+    detectedIndent = false,
+    textIndent = nodeIndent,
+    emptyLines = 0,
+    atMoreIndented = false,
+    tmp,
+    ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch === 0x7C /* | */) {
+    folding = false;
+  } else if (ch === 0x3E /* > */) {
+    folding = true;
+  } else {
+    return false;
+  }
+  state.kind = 'scalar';
+  state.result = '';
+  while (ch !== 0) {
+    ch = state.input.charCodeAt(++state.position);
+    if (ch === 0x2B /* + */ || ch === 0x2D /* - */) {
+      if (CHOMPING_CLIP === chomping) {
+        chomping = ch === 0x2B /* + */ ? CHOMPING_KEEP : CHOMPING_STRIP;
+      } else {
+        throwError(state, 'repeat of a chomping mode identifier');
+      }
+    } else if ((tmp = fromDecimalCode(ch)) >= 0) {
+      if (tmp === 0) {
+        throwError(state, 'bad explicit indentation width of a block scalar; it cannot be less than one');
+      } else if (!detectedIndent) {
+        textIndent = nodeIndent + tmp - 1;
+        detectedIndent = true;
+      } else {
+        throwError(state, 'repeat of an indentation width identifier');
+      }
+    } else {
+      break;
+    }
+  }
+  if (is_WHITE_SPACE(ch)) {
+    do {
+      ch = state.input.charCodeAt(++state.position);
+    } while (is_WHITE_SPACE(ch));
+    if (ch === 0x23 /* # */) {
+      do {
+        ch = state.input.charCodeAt(++state.position);
+      } while (!is_EOL(ch) && ch !== 0);
+    }
+  }
+  while (ch !== 0) {
+    readLineBreak(state);
+    state.lineIndent = 0;
+    ch = state.input.charCodeAt(state.position);
+    while ((!detectedIndent || state.lineIndent < textIndent) && ch === 0x20 /* Space */) {
+      state.lineIndent++;
+      ch = state.input.charCodeAt(++state.position);
+    }
+    if (!detectedIndent && state.lineIndent > textIndent) {
+      textIndent = state.lineIndent;
+    }
+    if (is_EOL(ch)) {
+      emptyLines++;
+      continue;
+    }
+
+    // End of the scalar.
+    if (state.lineIndent < textIndent) {
+      // Perform the chomping.
+      if (chomping === CHOMPING_KEEP) {
+        state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
+      } else if (chomping === CHOMPING_CLIP) {
+        if (didReadContent) {
+          // i.e. only if the scalar is not empty.
+          state.result += '\n';
+        }
+      }
+
+      // Break this `while` cycle and go to the funciton's epilogue.
+      break;
+    }
+
+    // Folded style: use fancy rules to handle line breaks.
+    if (folding) {
+      // Lines starting with white space characters (more-indented lines) are not folded.
+      if (is_WHITE_SPACE(ch)) {
+        atMoreIndented = true;
+        // except for the first content line (cf. Example 8.1)
+        state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
+
+        // End of more-indented block.
+      } else if (atMoreIndented) {
+        atMoreIndented = false;
+        state.result += js_yaml_common.repeat('\n', emptyLines + 1);
+
+        // Just one line break - perceive as the same line.
+      } else if (emptyLines === 0) {
+        if (didReadContent) {
+          // i.e. only if we have already read some scalar content.
+          state.result += ' ';
+        }
+
+        // Several line breaks - perceive as different lines.
+      } else {
+        state.result += js_yaml_common.repeat('\n', emptyLines);
+      }
+
+      // Literal style: just add exact number of line breaks between content lines.
+    } else {
+      // Keep all line breaks except the header line break.
+      state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
+    }
+    didReadContent = true;
+    detectedIndent = true;
+    emptyLines = 0;
+    captureStart = state.position;
+    while (!is_EOL(ch) && ch !== 0) {
+      ch = state.input.charCodeAt(++state.position);
+    }
+    captureSegment(state, captureStart, state.position, false);
+  }
+  return true;
+}
+function readBlockSequence(state, nodeIndent) {
+  var _line,
+    _tag = state.tag,
+    _anchor = state.anchor,
+    _result = [],
+    following,
+    detected = false,
+    ch;
+
+  // there is a leading tab before this token, so it can't be a block sequence/mapping;
+  // it can still be flow sequence/mapping or a scalar
+  if (state.firstTabInLine !== -1) return false;
+  if (state.anchor !== null) {
+    state.anchorMap[state.anchor] = _result;
+  }
+  ch = state.input.charCodeAt(state.position);
+  while (ch !== 0) {
+    if (state.firstTabInLine !== -1) {
+      state.position = state.firstTabInLine;
+      throwError(state, 'tab characters must not be used in indentation');
+    }
+    if (ch !== 0x2D /* - */) {
+      break;
+    }
+    following = state.input.charCodeAt(state.position + 1);
+    if (!is_WS_OR_EOL(following)) {
+      break;
+    }
+    detected = true;
+    state.position++;
+    if (skipSeparationSpace(state, true, -1)) {
+      if (state.lineIndent <= nodeIndent) {
+        _result.push(null);
+        ch = state.input.charCodeAt(state.position);
+        continue;
+      }
+    }
+    _line = state.line;
+    composeNode(state, nodeIndent, CONTEXT_BLOCK_IN, false, true);
+    _result.push(state.result);
+    skipSeparationSpace(state, true, -1);
+    ch = state.input.charCodeAt(state.position);
+    if ((state.line === _line || state.lineIndent > nodeIndent) && ch !== 0) {
+      throwError(state, 'bad indentation of a sequence entry');
+    } else if (state.lineIndent < nodeIndent) {
+      break;
+    }
+  }
+  if (detected) {
+    state.tag = _tag;
+    state.anchor = _anchor;
+    state.kind = 'sequence';
+    state.result = _result;
+    return true;
+  }
+  return false;
+}
+function readBlockMapping(state, nodeIndent, flowIndent) {
+  var following,
+    allowCompact,
+    _line,
+    _keyLine,
+    _keyLineStart,
+    _keyPos,
+    _tag = state.tag,
+    _anchor = state.anchor,
+    _result = {},
+    overridableKeys = Object.create(null),
+    keyTag = null,
+    keyNode = null,
+    valueNode = null,
+    atExplicitKey = false,
+    detected = false,
+    ch;
+
+  // there is a leading tab before this token, so it can't be a block sequence/mapping;
+  // it can still be flow sequence/mapping or a scalar
+  if (state.firstTabInLine !== -1) return false;
+  if (state.anchor !== null) {
+    state.anchorMap[state.anchor] = _result;
+  }
+  ch = state.input.charCodeAt(state.position);
+  while (ch !== 0) {
+    if (!atExplicitKey && state.firstTabInLine !== -1) {
+      state.position = state.firstTabInLine;
+      throwError(state, 'tab characters must not be used in indentation');
+    }
+    following = state.input.charCodeAt(state.position + 1);
+    _line = state.line; // Save the current line.
+
+    //
+    // Explicit notation case. There are two separate blocks:
+    // first for the key (denoted by "?") and second for the value (denoted by ":")
+    //
+    if ((ch === 0x3F /* ? */ || ch === 0x3A /* : */) && is_WS_OR_EOL(following)) {
+      if (ch === 0x3F /* ? */) {
+        if (atExplicitKey) {
+          storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
+          keyTag = keyNode = valueNode = null;
+        }
+        detected = true;
+        atExplicitKey = true;
+        allowCompact = true;
+      } else if (atExplicitKey) {
+        // i.e. 0x3A/* : */ === character after the explicit key.
+        atExplicitKey = false;
+        allowCompact = true;
+      } else {
+        throwError(state, 'incomplete explicit mapping pair; a key node is missed; or followed by a non-tabulated empty line');
+      }
+      state.position += 1;
+      ch = following;
+
+      //
+      // Implicit notation case. Flow-style node as the key first, then ":", and the value.
+      //
+    } else {
+      _keyLine = state.line;
+      _keyLineStart = state.lineStart;
+      _keyPos = state.position;
+      if (!composeNode(state, flowIndent, CONTEXT_FLOW_OUT, false, true)) {
+        // Neither implicit nor explicit notation.
+        // Reading is done. Go to the epilogue.
+        break;
+      }
+      if (state.line === _line) {
+        ch = state.input.charCodeAt(state.position);
+        while (is_WHITE_SPACE(ch)) {
+          ch = state.input.charCodeAt(++state.position);
+        }
+        if (ch === 0x3A /* : */) {
+          ch = state.input.charCodeAt(++state.position);
+          if (!is_WS_OR_EOL(ch)) {
+            throwError(state, 'a whitespace character is expected after the key-value separator within a block mapping');
+          }
+          if (atExplicitKey) {
+            storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
+            keyTag = keyNode = valueNode = null;
+          }
+          detected = true;
+          atExplicitKey = false;
+          allowCompact = false;
+          keyTag = state.tag;
+          keyNode = state.result;
+        } else if (detected) {
+          throwError(state, 'can not read an implicit mapping pair; a colon is missed');
+        } else {
+          state.tag = _tag;
+          state.anchor = _anchor;
+          return true; // Keep the result of `composeNode`.
+        }
+      } else if (detected) {
+        throwError(state, 'can not read a block mapping entry; a multiline key may not be an implicit key');
+      } else {
+        state.tag = _tag;
+        state.anchor = _anchor;
+        return true; // Keep the result of `composeNode`.
+      }
+    }
+
+    //
+    // Common reading code for both explicit and implicit notations.
+    //
+    if (state.line === _line || state.lineIndent > nodeIndent) {
+      if (atExplicitKey) {
+        _keyLine = state.line;
+        _keyLineStart = state.lineStart;
+        _keyPos = state.position;
+      }
+      if (composeNode(state, nodeIndent, CONTEXT_BLOCK_OUT, true, allowCompact)) {
+        if (atExplicitKey) {
+          keyNode = state.result;
+        } else {
+          valueNode = state.result;
+        }
+      }
+      if (!atExplicitKey) {
+        storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, _keyLine, _keyLineStart, _keyPos);
+        keyTag = keyNode = valueNode = null;
+      }
+      skipSeparationSpace(state, true, -1);
+      ch = state.input.charCodeAt(state.position);
+    }
+    if ((state.line === _line || state.lineIndent > nodeIndent) && ch !== 0) {
+      throwError(state, 'bad indentation of a mapping entry');
+    } else if (state.lineIndent < nodeIndent) {
+      break;
+    }
+  }
+
+  //
+  // Epilogue.
+  //
+
+  // Special case: last mapping's node contains only the key in explicit notation.
+  if (atExplicitKey) {
+    storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
+  }
+
+  // Expose the resulting mapping.
+  if (detected) {
+    state.tag = _tag;
+    state.anchor = _anchor;
+    state.kind = 'mapping';
+    state.result = _result;
+  }
+  return detected;
+}
+function readTagProperty(state) {
+  var _position,
+    isVerbatim = false,
+    isNamed = false,
+    tagHandle,
+    tagName,
+    ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch !== 0x21 /* ! */) return false;
+  if (state.tag !== null) {
+    throwError(state, 'duplication of a tag property');
+  }
+  ch = state.input.charCodeAt(++state.position);
+  if (ch === 0x3C /* < */) {
+    isVerbatim = true;
+    ch = state.input.charCodeAt(++state.position);
+  } else if (ch === 0x21 /* ! */) {
+    isNamed = true;
+    tagHandle = '!!';
+    ch = state.input.charCodeAt(++state.position);
+  } else {
+    tagHandle = '!';
+  }
+  _position = state.position;
+  if (isVerbatim) {
+    do {
+      ch = state.input.charCodeAt(++state.position);
+    } while (ch !== 0 && ch !== 0x3E /* > */);
+
+    if (state.position < state.length) {
+      tagName = state.input.slice(_position, state.position);
+      ch = state.input.charCodeAt(++state.position);
+    } else {
+      throwError(state, 'unexpected end of the stream within a verbatim tag');
+    }
+  } else {
+    while (ch !== 0 && !is_WS_OR_EOL(ch)) {
+      if (ch === 0x21 /* ! */) {
+        if (!isNamed) {
+          tagHandle = state.input.slice(_position - 1, state.position + 1);
+          if (!PATTERN_TAG_HANDLE.test(tagHandle)) {
+            throwError(state, 'named tag handle cannot contain such characters');
+          }
+          isNamed = true;
+          _position = state.position + 1;
+        } else {
+          throwError(state, 'tag suffix cannot contain exclamation marks');
+        }
+      }
+      ch = state.input.charCodeAt(++state.position);
+    }
+    tagName = state.input.slice(_position, state.position);
+    if (PATTERN_FLOW_INDICATORS.test(tagName)) {
+      throwError(state, 'tag suffix cannot contain flow indicator characters');
+    }
+  }
+  if (tagName && !PATTERN_TAG_URI.test(tagName)) {
+    throwError(state, 'tag name cannot contain such characters: ' + tagName);
+  }
+  try {
+    tagName = decodeURIComponent(tagName);
+  } catch (err) {
+    throwError(state, 'tag name is malformed: ' + tagName);
+  }
+  if (isVerbatim) {
+    state.tag = tagName;
+  } else if (_hasOwnProperty$1.call(state.tagMap, tagHandle)) {
+    state.tag = state.tagMap[tagHandle] + tagName;
+  } else if (tagHandle === '!') {
+    state.tag = '!' + tagName;
+  } else if (tagHandle === '!!') {
+    state.tag = 'tag:yaml.org,2002:' + tagName;
+  } else {
+    throwError(state, 'undeclared tag handle "' + tagHandle + '"');
+  }
+  return true;
+}
+function readAnchorProperty(state) {
+  var _position, ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch !== 0x26 /* & */) return false;
+  if (state.anchor !== null) {
+    throwError(state, 'duplication of an anchor property');
+  }
+  ch = state.input.charCodeAt(++state.position);
+  _position = state.position;
+  while (ch !== 0 && !is_WS_OR_EOL(ch) && !is_FLOW_INDICATOR(ch)) {
+    ch = state.input.charCodeAt(++state.position);
+  }
+  if (state.position === _position) {
+    throwError(state, 'name of an anchor node must contain at least one character');
+  }
+  state.anchor = state.input.slice(_position, state.position);
+  return true;
+}
+function readAlias(state) {
+  var _position, alias, ch;
+  ch = state.input.charCodeAt(state.position);
+  if (ch !== 0x2A /* * */) return false;
+  ch = state.input.charCodeAt(++state.position);
+  _position = state.position;
+  while (ch !== 0 && !is_WS_OR_EOL(ch) && !is_FLOW_INDICATOR(ch)) {
+    ch = state.input.charCodeAt(++state.position);
+  }
+  if (state.position === _position) {
+    throwError(state, 'name of an alias node must contain at least one character');
+  }
+  alias = state.input.slice(_position, state.position);
+  if (!_hasOwnProperty$1.call(state.anchorMap, alias)) {
+    throwError(state, 'unidentified alias "' + alias + '"');
+  }
+  state.result = state.anchorMap[alias];
+  skipSeparationSpace(state, true, -1);
+  return true;
+}
+function composeNode(state, parentIndent, nodeContext, allowToSeek, allowCompact) {
+  var allowBlockStyles,
+    allowBlockScalars,
+    allowBlockCollections,
+    indentStatus = 1,
+    // 1: this>parent, 0: this=parent, -1: this<parent
+    atNewLine = false,
+    hasContent = false,
+    typeIndex,
+    typeQuantity,
+    typeList,
+    type,
+    flowIndent,
+    blockIndent;
+  if (state.listener !== null) {
+    state.listener('open', state);
+  }
+  state.tag = null;
+  state.anchor = null;
+  state.kind = null;
+  state.result = null;
+  allowBlockStyles = allowBlockScalars = allowBlockCollections = CONTEXT_BLOCK_OUT === nodeContext || CONTEXT_BLOCK_IN === nodeContext;
+  if (allowToSeek) {
+    if (skipSeparationSpace(state, true, -1)) {
+      atNewLine = true;
+      if (state.lineIndent > parentIndent) {
+        indentStatus = 1;
+      } else if (state.lineIndent === parentIndent) {
+        indentStatus = 0;
+      } else if (state.lineIndent < parentIndent) {
+        indentStatus = -1;
+      }
+    }
+  }
+  if (indentStatus === 1) {
+    while (readTagProperty(state) || readAnchorProperty(state)) {
+      if (skipSeparationSpace(state, true, -1)) {
+        atNewLine = true;
+        allowBlockCollections = allowBlockStyles;
+        if (state.lineIndent > parentIndent) {
+          indentStatus = 1;
+        } else if (state.lineIndent === parentIndent) {
+          indentStatus = 0;
+        } else if (state.lineIndent < parentIndent) {
+          indentStatus = -1;
+        }
+      } else {
+        allowBlockCollections = false;
+      }
+    }
+  }
+  if (allowBlockCollections) {
+    allowBlockCollections = atNewLine || allowCompact;
+  }
+  if (indentStatus === 1 || CONTEXT_BLOCK_OUT === nodeContext) {
+    if (CONTEXT_FLOW_IN === nodeContext || CONTEXT_FLOW_OUT === nodeContext) {
+      flowIndent = parentIndent;
+    } else {
+      flowIndent = parentIndent + 1;
+    }
+    blockIndent = state.position - state.lineStart;
+    if (indentStatus === 1) {
+      if (allowBlockCollections && (readBlockSequence(state, blockIndent) || readBlockMapping(state, blockIndent, flowIndent)) || readFlowCollection(state, flowIndent)) {
+        hasContent = true;
+      } else {
+        if (allowBlockScalars && readBlockScalar(state, flowIndent) || readSingleQuotedScalar(state, flowIndent) || readDoubleQuotedScalar(state, flowIndent)) {
+          hasContent = true;
+        } else if (readAlias(state)) {
+          hasContent = true;
+          if (state.tag !== null || state.anchor !== null) {
+            throwError(state, 'alias node should not have any properties');
+          }
+        } else if (readPlainScalar(state, flowIndent, CONTEXT_FLOW_IN === nodeContext)) {
+          hasContent = true;
+          if (state.tag === null) {
+            state.tag = '?';
+          }
+        }
+        if (state.anchor !== null) {
+          state.anchorMap[state.anchor] = state.result;
+        }
+      }
+    } else if (indentStatus === 0) {
+      // Special case: block sequences are allowed to have same indentation level as the parent.
+      // http://www.yaml.org/spec/1.2/spec.html#id2799784
+      hasContent = allowBlockCollections && readBlockSequence(state, blockIndent);
+    }
+  }
+  if (state.tag === null) {
+    if (state.anchor !== null) {
+      state.anchorMap[state.anchor] = state.result;
+    }
+  } else if (state.tag === '?') {
+    // Implicit resolving is not allowed for non-scalar types, and '?'
+    // non-specific tag is only automatically assigned to plain scalars.
+    //
+    // We only need to check kind conformity in case user explicitly assigns '?'
+    // tag, for example like this: "!<?> [0]"
+    //
+    if (state.result !== null && state.kind !== 'scalar') {
+      throwError(state, 'unacceptable node kind for !<?> tag; it should be "scalar", not "' + state.kind + '"');
+    }
+    for (typeIndex = 0, typeQuantity = state.implicitTypes.length; typeIndex < typeQuantity; typeIndex += 1) {
+      type = state.implicitTypes[typeIndex];
+      if (type.resolve(state.result)) {
+        // `state.result` updated in resolver if matched
+        state.result = type.construct(state.result);
+        state.tag = type.tag;
+        if (state.anchor !== null) {
+          state.anchorMap[state.anchor] = state.result;
+        }
+        break;
+      }
+    }
+  } else if (state.tag !== '!') {
+    if (_hasOwnProperty$1.call(state.typeMap[state.kind || 'fallback'], state.tag)) {
+      type = state.typeMap[state.kind || 'fallback'][state.tag];
+    } else {
+      // looking for multi type
+      type = null;
+      typeList = state.typeMap.multi[state.kind || 'fallback'];
+      for (typeIndex = 0, typeQuantity = typeList.length; typeIndex < typeQuantity; typeIndex += 1) {
+        if (state.tag.slice(0, typeList[typeIndex].tag.length) === typeList[typeIndex].tag) {
+          type = typeList[typeIndex];
+          break;
+        }
+      }
+    }
+    if (!type) {
+      throwError(state, 'unknown tag !<' + state.tag + '>');
+    }
+    if (state.result !== null && type.kind !== state.kind) {
+      throwError(state, 'unacceptable node kind for !<' + state.tag + '> tag; it should be "' + type.kind + '", not "' + state.kind + '"');
+    }
+    if (!type.resolve(state.result, state.tag)) {
+      // `state.result` updated in resolver if matched
+      throwError(state, 'cannot resolve a node with !<' + state.tag + '> explicit tag');
+    } else {
+      state.result = type.construct(state.result, state.tag);
+      if (state.anchor !== null) {
+        state.anchorMap[state.anchor] = state.result;
+      }
+    }
+  }
+  if (state.listener !== null) {
+    state.listener('close', state);
+  }
+  return state.tag !== null || state.anchor !== null || hasContent;
+}
+function readDocument(state) {
+  var documentStart = state.position,
+    _position,
+    directiveName,
+    directiveArgs,
+    hasDirectives = false,
+    ch;
+  state.version = null;
+  state.checkLineBreaks = state.legacy;
+  state.tagMap = Object.create(null);
+  state.anchorMap = Object.create(null);
+  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
+    skipSeparationSpace(state, true, -1);
+    ch = state.input.charCodeAt(state.position);
+    if (state.lineIndent > 0 || ch !== 0x25 /* % */) {
+      break;
+    }
+    hasDirectives = true;
+    ch = state.input.charCodeAt(++state.position);
+    _position = state.position;
+    while (ch !== 0 && !is_WS_OR_EOL(ch)) {
+      ch = state.input.charCodeAt(++state.position);
+    }
+    directiveName = state.input.slice(_position, state.position);
+    directiveArgs = [];
+    if (directiveName.length < 1) {
+      throwError(state, 'directive name must not be less than one character in length');
+    }
+    while (ch !== 0) {
+      while (is_WHITE_SPACE(ch)) {
+        ch = state.input.charCodeAt(++state.position);
+      }
+      if (ch === 0x23 /* # */) {
+        do {
+          ch = state.input.charCodeAt(++state.position);
+        } while (ch !== 0 && !is_EOL(ch));
+        break;
+      }
+      if (is_EOL(ch)) break;
+      _position = state.position;
+      while (ch !== 0 && !is_WS_OR_EOL(ch)) {
+        ch = state.input.charCodeAt(++state.position);
+      }
+      directiveArgs.push(state.input.slice(_position, state.position));
+    }
+    if (ch !== 0) readLineBreak(state);
+    if (_hasOwnProperty$1.call(directiveHandlers, directiveName)) {
+      directiveHandlers[directiveName](state, directiveName, directiveArgs);
+    } else {
+      throwWarning(state, 'unknown document directive "' + directiveName + '"');
+    }
+  }
+  skipSeparationSpace(state, true, -1);
+  if (state.lineIndent === 0 && state.input.charCodeAt(state.position) === 0x2D /* - */ && state.input.charCodeAt(state.position + 1) === 0x2D /* - */ && state.input.charCodeAt(state.position + 2) === 0x2D /* - */) {
+    state.position += 3;
+    skipSeparationSpace(state, true, -1);
+  } else if (hasDirectives) {
+    throwError(state, 'directives end mark is expected');
+  }
+  composeNode(state, state.lineIndent - 1, CONTEXT_BLOCK_OUT, false, true);
+  skipSeparationSpace(state, true, -1);
+  if (state.checkLineBreaks && PATTERN_NON_ASCII_LINE_BREAKS.test(state.input.slice(documentStart, state.position))) {
+    throwWarning(state, 'non-ASCII line breaks are interpreted as content');
+  }
+  state.documents.push(state.result);
+  if (state.position === state.lineStart && testDocumentSeparator(state)) {
+    if (state.input.charCodeAt(state.position) === 0x2E /* . */) {
+      state.position += 3;
+      skipSeparationSpace(state, true, -1);
+    }
+    return;
+  }
+  if (state.position < state.length - 1) {
+    throwError(state, 'end of the stream or a document separator is expected');
+  } else {
+    return;
+  }
+}
+function loadDocuments(input, options) {
+  input = String(input);
+  options = options || {};
+  if (input.length !== 0) {
+    // Add tailing `\n` if not exists
+    if (input.charCodeAt(input.length - 1) !== 0x0A /* LF */ && input.charCodeAt(input.length - 1) !== 0x0D /* CR */) {
+      input += '\n';
+    }
+
+    // Strip BOM
+    if (input.charCodeAt(0) === 0xFEFF) {
+      input = input.slice(1);
+    }
+  }
+  var state = new State$1(input, options);
+  var nullpos = input.indexOf('\0');
+  if (nullpos !== -1) {
+    state.position = nullpos;
+    throwError(state, 'null byte is not allowed in input');
+  }
+
+  // Use 0 as string terminator. That significantly simplifies bounds check.
+  state.input += '\0';
+  while (state.input.charCodeAt(state.position) === 0x20 /* Space */) {
+    state.lineIndent += 1;
+    state.position += 1;
+  }
+  while (state.position < state.length - 1) {
+    readDocument(state);
+  }
+  return state.documents;
+}
+function loadAll$1(input, iterator, options) {
+  if (iterator !== null && typeof iterator === 'object' && typeof options === 'undefined') {
+    options = iterator;
+    iterator = null;
+  }
+  var documents = loadDocuments(input, options);
+  if (typeof iterator !== 'function') {
+    return documents;
+  }
+  for (var index = 0, length = documents.length; index < length; index += 1) {
+    iterator(documents[index]);
+  }
+}
+function load$1(input, options) {
+  var documents = loadDocuments(input, options);
+  if (documents.length === 0) {
+    /*eslint-disable no-undefined*/
+    return undefined;
+  } else if (documents.length === 1) {
+    return documents[0];
+  }
+  throw new exception('expected a single document in the stream, but found more');
+}
+var loadAll_1 = loadAll$1;
+var load_1 = load$1;
+var loader = {
+  loadAll: loadAll_1,
+  load: load_1
+};
+
+/*eslint-disable no-use-before-define*/
+
+var _toString = Object.prototype.toString;
+var _hasOwnProperty = Object.prototype.hasOwnProperty;
+var CHAR_BOM = 0xFEFF;
+var CHAR_TAB = 0x09; /* Tab */
+var CHAR_LINE_FEED = 0x0A; /* LF */
+var CHAR_CARRIAGE_RETURN = 0x0D; /* CR */
+var CHAR_SPACE = 0x20; /* Space */
+var CHAR_EXCLAMATION = 0x21; /* ! */
+var CHAR_DOUBLE_QUOTE = 0x22; /* " */
+var CHAR_SHARP = 0x23; /* # */
+var CHAR_PERCENT = 0x25; /* % */
+var CHAR_AMPERSAND = 0x26; /* & */
+var CHAR_SINGLE_QUOTE = 0x27; /* ' */
+var CHAR_ASTERISK = 0x2A; /* * */
+var CHAR_COMMA = 0x2C; /* , */
+var CHAR_MINUS = 0x2D; /* - */
+var CHAR_COLON = 0x3A; /* : */
+var CHAR_EQUALS = 0x3D; /* = */
+var CHAR_GREATER_THAN = 0x3E; /* > */
+var CHAR_QUESTION = 0x3F; /* ? */
+var CHAR_COMMERCIAL_AT = 0x40; /* @ */
+var CHAR_LEFT_SQUARE_BRACKET = 0x5B; /* [ */
+var CHAR_RIGHT_SQUARE_BRACKET = 0x5D; /* ] */
+var CHAR_GRAVE_ACCENT = 0x60; /* ` */
+var CHAR_LEFT_CURLY_BRACKET = 0x7B; /* { */
+var CHAR_VERTICAL_LINE = 0x7C; /* | */
+var CHAR_RIGHT_CURLY_BRACKET = 0x7D; /* } */
+
+var ESCAPE_SEQUENCES = {};
+ESCAPE_SEQUENCES[0x00] = '\\0';
+ESCAPE_SEQUENCES[0x07] = '\\a';
+ESCAPE_SEQUENCES[0x08] = '\\b';
+ESCAPE_SEQUENCES[0x09] = '\\t';
+ESCAPE_SEQUENCES[0x0A] = '\\n';
+ESCAPE_SEQUENCES[0x0B] = '\\v';
+ESCAPE_SEQUENCES[0x0C] = '\\f';
+ESCAPE_SEQUENCES[0x0D] = '\\r';
+ESCAPE_SEQUENCES[0x1B] = '\\e';
+ESCAPE_SEQUENCES[0x22] = '\\"';
+ESCAPE_SEQUENCES[0x5C] = '\\\\';
+ESCAPE_SEQUENCES[0x85] = '\\N';
+ESCAPE_SEQUENCES[0xA0] = '\\_';
+ESCAPE_SEQUENCES[0x2028] = '\\L';
+ESCAPE_SEQUENCES[0x2029] = '\\P';
+var DEPRECATED_BOOLEANS_SYNTAX = ['y', 'Y', 'yes', 'Yes', 'YES', 'on', 'On', 'ON', 'n', 'N', 'no', 'No', 'NO', 'off', 'Off', 'OFF'];
+var DEPRECATED_BASE60_SYNTAX = /^[-+]?[0-9_]+(?::[0-9_]+)+(?:\.[0-9_]*)?$/;
+function compileStyleMap(schema, map) {
+  var result, keys, index, length, tag, style, type;
+  if (map === null) return {};
+  result = {};
+  keys = Object.keys(map);
+  for (index = 0, length = keys.length; index < length; index += 1) {
+    tag = keys[index];
+    style = String(map[tag]);
+    if (tag.slice(0, 2) === '!!') {
+      tag = 'tag:yaml.org,2002:' + tag.slice(2);
+    }
+    type = schema.compiledTypeMap['fallback'][tag];
+    if (type && _hasOwnProperty.call(type.styleAliases, style)) {
+      style = type.styleAliases[style];
+    }
+    result[tag] = style;
+  }
+  return result;
+}
+function encodeHex(character) {
+  var string, handle, length;
+  string = character.toString(16).toUpperCase();
+  if (character <= 0xFF) {
+    handle = 'x';
+    length = 2;
+  } else if (character <= 0xFFFF) {
+    handle = 'u';
+    length = 4;
+  } else if (character <= 0xFFFFFFFF) {
+    handle = 'U';
+    length = 8;
+  } else {
+    throw new exception('code point within a string may not be greater than 0xFFFFFFFF');
+  }
+  return '\\' + handle + js_yaml_common.repeat('0', length - string.length) + string;
+}
+var QUOTING_TYPE_SINGLE = 1,
+  QUOTING_TYPE_DOUBLE = 2;
+function State(options) {
+  this.schema = options['schema'] || _default;
+  this.indent = Math.max(1, options['indent'] || 2);
+  this.noArrayIndent = options['noArrayIndent'] || false;
+  this.skipInvalid = options['skipInvalid'] || false;
+  this.flowLevel = js_yaml_common.isNothing(options['flowLevel']) ? -1 : options['flowLevel'];
+  this.styleMap = compileStyleMap(this.schema, options['styles'] || null);
+  this.sortKeys = options['sortKeys'] || false;
+  this.lineWidth = options['lineWidth'] || 80;
+  this.noRefs = options['noRefs'] || false;
+  this.noCompatMode = options['noCompatMode'] || false;
+  this.condenseFlow = options['condenseFlow'] || false;
+  this.quotingType = options['quotingType'] === '"' ? QUOTING_TYPE_DOUBLE : QUOTING_TYPE_SINGLE;
+  this.forceQuotes = options['forceQuotes'] || false;
+  this.replacer = typeof options['replacer'] === 'function' ? options['replacer'] : null;
+  this.implicitTypes = this.schema.compiledImplicit;
+  this.explicitTypes = this.schema.compiledExplicit;
+  this.tag = null;
+  this.result = '';
+  this.duplicates = [];
+  this.usedDuplicates = null;
+}
+
+// Indents every line in a string. Empty lines (\n only) are not indented.
+function indentString(string, spaces) {
+  var ind = js_yaml_common.repeat(' ', spaces),
+    position = 0,
+    next = -1,
+    result = '',
+    line,
+    length = string.length;
+  while (position < length) {
+    next = string.indexOf('\n', position);
+    if (next === -1) {
+      line = string.slice(position);
+      position = length;
+    } else {
+      line = string.slice(position, next + 1);
+      position = next + 1;
+    }
+    if (line.length && line !== '\n') result += ind;
+    result += line;
+  }
+  return result;
+}
+function generateNextLine(state, level) {
+  return '\n' + js_yaml_common.repeat(' ', state.indent * level);
+}
+function testImplicitResolving(state, str) {
+  var index, length, type;
+  for (index = 0, length = state.implicitTypes.length; index < length; index += 1) {
+    type = state.implicitTypes[index];
+    if (type.resolve(str)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// [33] s-white ::= s-space | s-tab
+function isWhitespace(c) {
+  return c === CHAR_SPACE || c === CHAR_TAB;
+}
+
+// Returns true if the character can be printed without escaping.
+// From YAML 1.2: "any allowed characters known to be non-printable
+// should also be escaped. [However,] This isn’t mandatory"
+// Derived from nb-char - \t - #x85 - #xA0 - #x2028 - #x2029.
+function isPrintable(c) {
+  return 0x00020 <= c && c <= 0x00007E || 0x000A1 <= c && c <= 0x00D7FF && c !== 0x2028 && c !== 0x2029 || 0x0E000 <= c && c <= 0x00FFFD && c !== CHAR_BOM || 0x10000 <= c && c <= 0x10FFFF;
+}
+
+// [34] ns-char ::= nb-char - s-white
+// [27] nb-char ::= c-printable - b-char - c-byte-order-mark
+// [26] b-char  ::= b-line-feed | b-carriage-return
+// Including s-white (for some reason, examples doesn't match specs in this aspect)
+// ns-char ::= c-printable - b-line-feed - b-carriage-return - c-byte-order-mark
+function isNsCharOrWhitespace(c) {
+  return isPrintable(c) && c !== CHAR_BOM
+  // - b-char
+  && c !== CHAR_CARRIAGE_RETURN && c !== CHAR_LINE_FEED;
+}
+
+// [127]  ns-plain-safe(c) ::= c = flow-out  ⇒ ns-plain-safe-out
+//                             c = flow-in   ⇒ ns-plain-safe-in
+//                             c = block-key ⇒ ns-plain-safe-out
+//                             c = flow-key  ⇒ ns-plain-safe-in
+// [128] ns-plain-safe-out ::= ns-char
+// [129]  ns-plain-safe-in ::= ns-char - c-flow-indicator
+// [130]  ns-plain-char(c) ::=  ( ns-plain-safe(c) - “:” - “#” )
+//                            | ( /* An ns-char preceding */ “#” )
+//                            | ( “:” /* Followed by an ns-plain-safe(c) */ )
+function isPlainSafe(c, prev, inblock) {
+  var cIsNsCharOrWhitespace = isNsCharOrWhitespace(c);
+  var cIsNsChar = cIsNsCharOrWhitespace && !isWhitespace(c);
+  return (
+  // ns-plain-safe
+  inblock ?
+  // c = flow-in
+  cIsNsCharOrWhitespace : cIsNsCharOrWhitespace
+  // - c-flow-indicator
+  && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET
+
+  // ns-plain-char
+  ) && c !== CHAR_SHARP // false on '#'
+  && !(prev === CHAR_COLON && !cIsNsChar) // false on ': '
+  || isNsCharOrWhitespace(prev) && !isWhitespace(prev) && c === CHAR_SHARP // change to true on '[^ ]#'
+  || prev === CHAR_COLON && cIsNsChar; // change to true on ':[^ ]'
+}
+
+// Simplified test for values allowed as the first character in plain style.
+function isPlainSafeFirst(c) {
+  // Uses a subset of ns-char - c-indicator
+  // where ns-char = nb-char - s-white.
+  // No support of ( ( “?” | “:” | “-” ) /* Followed by an ns-plain-safe(c)) */ ) part
+  return isPrintable(c) && c !== CHAR_BOM && !isWhitespace(c) // - s-white
+  // - (c-indicator ::=
+  // “-” | “?” | “:” | “,” | “[” | “]” | “{” | “}”
+  && c !== CHAR_MINUS && c !== CHAR_QUESTION && c !== CHAR_COLON && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET
+  // | “#” | “&” | “*” | “!” | “|” | “=” | “>” | “'” | “"”
+  && c !== CHAR_SHARP && c !== CHAR_AMPERSAND && c !== CHAR_ASTERISK && c !== CHAR_EXCLAMATION && c !== CHAR_VERTICAL_LINE && c !== CHAR_EQUALS && c !== CHAR_GREATER_THAN && c !== CHAR_SINGLE_QUOTE && c !== CHAR_DOUBLE_QUOTE
+  // | “%” | “@” | “`”)
+  && c !== CHAR_PERCENT && c !== CHAR_COMMERCIAL_AT && c !== CHAR_GRAVE_ACCENT;
+}
+
+// Simplified test for values allowed as the last character in plain style.
+function isPlainSafeLast(c) {
+  // just not whitespace or colon, it will be checked to be plain character later
+  return !isWhitespace(c) && c !== CHAR_COLON;
+}
+
+// Same as 'string'.codePointAt(pos), but works in older browsers.
+function codePointAt(string, pos) {
+  var first = string.charCodeAt(pos),
+    second;
+  if (first >= 0xD800 && first <= 0xDBFF && pos + 1 < string.length) {
+    second = string.charCodeAt(pos + 1);
+    if (second >= 0xDC00 && second <= 0xDFFF) {
+      // https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
+      return (first - 0xD800) * 0x400 + second - 0xDC00 + 0x10000;
+    }
+  }
+  return first;
+}
+
+// Determines whether block indentation indicator is required.
+function needIndentIndicator(string) {
+  var leadingSpaceRe = /^\n* /;
+  return leadingSpaceRe.test(string);
+}
+var STYLE_PLAIN = 1,
+  STYLE_SINGLE = 2,
+  STYLE_LITERAL = 3,
+  STYLE_FOLDED = 4,
+  STYLE_DOUBLE = 5;
+
+// Determines which scalar styles are possible and returns the preferred style.
+// lineWidth = -1 => no limit.
+// Pre-conditions: str.length > 0.
+// Post-conditions:
+//    STYLE_PLAIN or STYLE_SINGLE => no \n are in the string.
+//    STYLE_LITERAL => no lines are suitable for folding (or lineWidth is -1).
+//    STYLE_FOLDED => a line > lineWidth and can be folded (and lineWidth != -1).
+function chooseScalarStyle(string, singleLineOnly, indentPerLevel, lineWidth, testAmbiguousType, quotingType, forceQuotes, inblock) {
+  var i;
+  var char = 0;
+  var prevChar = null;
+  var hasLineBreak = false;
+  var hasFoldableLine = false; // only checked if shouldTrackWidth
+  var shouldTrackWidth = lineWidth !== -1;
+  var previousLineBreak = -1; // count the first line correctly
+  var plain = isPlainSafeFirst(codePointAt(string, 0)) && isPlainSafeLast(codePointAt(string, string.length - 1));
+  if (singleLineOnly || forceQuotes) {
+    // Case: no block styles.
+    // Check for disallowed characters to rule out plain and single.
+    for (i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
+      char = codePointAt(string, i);
+      if (!isPrintable(char)) {
+        return STYLE_DOUBLE;
+      }
+      plain = plain && isPlainSafe(char, prevChar, inblock);
+      prevChar = char;
+    }
+  } else {
+    // Case: block styles permitted.
+    for (i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
+      char = codePointAt(string, i);
+      if (char === CHAR_LINE_FEED) {
+        hasLineBreak = true;
+        // Check if any line can be folded.
+        if (shouldTrackWidth) {
+          hasFoldableLine = hasFoldableLine ||
+          // Foldable line = too long, and not more-indented.
+          i - previousLineBreak - 1 > lineWidth && string[previousLineBreak + 1] !== ' ';
+          previousLineBreak = i;
+        }
+      } else if (!isPrintable(char)) {
+        return STYLE_DOUBLE;
+      }
+      plain = plain && isPlainSafe(char, prevChar, inblock);
+      prevChar = char;
+    }
+    // in case the end is missing a \n
+    hasFoldableLine = hasFoldableLine || shouldTrackWidth && i - previousLineBreak - 1 > lineWidth && string[previousLineBreak + 1] !== ' ';
+  }
+  // Although every style can represent \n without escaping, prefer block styles
+  // for multiline, since they're more readable and they don't add empty lines.
+  // Also prefer folding a super-long line.
+  if (!hasLineBreak && !hasFoldableLine) {
+    // Strings interpretable as another type have to be quoted;
+    // e.g. the string 'true' vs. the boolean true.
+    if (plain && !forceQuotes && !testAmbiguousType(string)) {
+      return STYLE_PLAIN;
+    }
+    return quotingType === QUOTING_TYPE_DOUBLE ? STYLE_DOUBLE : STYLE_SINGLE;
+  }
+  // Edge case: block indentation indicator can only have one digit.
+  if (indentPerLevel > 9 && needIndentIndicator(string)) {
+    return STYLE_DOUBLE;
+  }
+  // At this point we know block styles are valid.
+  // Prefer literal style unless we want to fold.
+  if (!forceQuotes) {
+    return hasFoldableLine ? STYLE_FOLDED : STYLE_LITERAL;
+  }
+  return quotingType === QUOTING_TYPE_DOUBLE ? STYLE_DOUBLE : STYLE_SINGLE;
+}
+
+// Note: line breaking/folding is implemented for only the folded style.
+// NB. We drop the last trailing newline (if any) of a returned block scalar
+//  since the dumper adds its own newline. This always works:
+//    • No ending newline => unaffected; already using strip "-" chomping.
+//    • Ending newline    => removed then restored.
+//  Importantly, this keeps the "+" chomp indicator from gaining an extra line.
+function writeScalar(state, string, level, iskey, inblock) {
+  state.dump = function () {
+    if (string.length === 0) {
+      return state.quotingType === QUOTING_TYPE_DOUBLE ? '""' : "''";
+    }
+    if (!state.noCompatMode) {
+      if (DEPRECATED_BOOLEANS_SYNTAX.indexOf(string) !== -1 || DEPRECATED_BASE60_SYNTAX.test(string)) {
+        return state.quotingType === QUOTING_TYPE_DOUBLE ? '"' + string + '"' : "'" + string + "'";
+      }
+    }
+    var indent = state.indent * Math.max(1, level); // no 0-indent scalars
+    // As indentation gets deeper, let the width decrease monotonically
+    // to the lower bound min(state.lineWidth, 40).
+    // Note that this implies
+    //  state.lineWidth ≤ 40 + state.indent: width is fixed at the lower bound.
+    //  state.lineWidth > 40 + state.indent: width decreases until the lower bound.
+    // This behaves better than a constant minimum width which disallows narrower options,
+    // or an indent threshold which causes the width to suddenly increase.
+    var lineWidth = state.lineWidth === -1 ? -1 : Math.max(Math.min(state.lineWidth, 40), state.lineWidth - indent);
+
+    // Without knowing if keys are implicit/explicit, assume implicit for safety.
+    var singleLineOnly = iskey
+    // No block styles in flow mode.
+    || state.flowLevel > -1 && level >= state.flowLevel;
+    function testAmbiguity(string) {
+      return testImplicitResolving(state, string);
+    }
+    switch (chooseScalarStyle(string, singleLineOnly, state.indent, lineWidth, testAmbiguity, state.quotingType, state.forceQuotes && !iskey, inblock)) {
+      case STYLE_PLAIN:
+        return string;
+      case STYLE_SINGLE:
+        return "'" + string.replace(/'/g, "''") + "'";
+      case STYLE_LITERAL:
+        return '|' + blockHeader(string, state.indent) + dropEndingNewline(indentString(string, indent));
+      case STYLE_FOLDED:
+        return '>' + blockHeader(string, state.indent) + dropEndingNewline(indentString(foldString(string, lineWidth), indent));
+      case STYLE_DOUBLE:
+        return '"' + escapeString(string) + '"';
+      default:
+        throw new exception('impossible error: invalid scalar style');
+    }
+  }();
+}
+
+// Pre-conditions: string is valid for a block scalar, 1 <= indentPerLevel <= 9.
+function blockHeader(string, indentPerLevel) {
+  var indentIndicator = needIndentIndicator(string) ? String(indentPerLevel) : '';
+
+  // note the special case: the string '\n' counts as a "trailing" empty line.
+  var clip = string[string.length - 1] === '\n';
+  var keep = clip && (string[string.length - 2] === '\n' || string === '\n');
+  var chomp = keep ? '+' : clip ? '' : '-';
+  return indentIndicator + chomp + '\n';
+}
+
+// (See the note for writeScalar.)
+function dropEndingNewline(string) {
+  return string[string.length - 1] === '\n' ? string.slice(0, -1) : string;
+}
+
+// Note: a long line without a suitable break point will exceed the width limit.
+// Pre-conditions: every char in str isPrintable, str.length > 0, width > 0.
+function foldString(string, width) {
+  // In folded style, $k$ consecutive newlines output as $k+1$ newlines—
+  // unless they're before or after a more-indented line, or at the very
+  // beginning or end, in which case $k$ maps to $k$.
+  // Therefore, parse each chunk as newline(s) followed by a content line.
+  var lineRe = /(\n+)([^\n]*)/g;
+
+  // first line (possibly an empty line)
+  var result = function () {
+    var nextLF = string.indexOf('\n');
+    nextLF = nextLF !== -1 ? nextLF : string.length;
+    lineRe.lastIndex = nextLF;
+    return foldLine(string.slice(0, nextLF), width);
+  }();
+  // If we haven't reached the first content line yet, don't add an extra \n.
+  var prevMoreIndented = string[0] === '\n' || string[0] === ' ';
+  var moreIndented;
+
+  // rest of the lines
+  var match;
+  while (match = lineRe.exec(string)) {
+    var prefix = match[1],
+      line = match[2];
+    moreIndented = line[0] === ' ';
+    result += prefix + (!prevMoreIndented && !moreIndented && line !== '' ? '\n' : '') + foldLine(line, width);
+    prevMoreIndented = moreIndented;
+  }
+  return result;
+}
+
+// Greedy line breaking.
+// Picks the longest line under the limit each time,
+// otherwise settles for the shortest line over the limit.
+// NB. More-indented lines *cannot* be folded, as that would add an extra \n.
+function foldLine(line, width) {
+  if (line === '' || line[0] === ' ') return line;
+
+  // Since a more-indented line adds a \n, breaks can't be followed by a space.
+  var breakRe = / [^ ]/g; // note: the match index will always be <= length-2.
+  var match;
+  // start is an inclusive index. end, curr, and next are exclusive.
+  var start = 0,
+    end,
+    curr = 0,
+    next = 0;
+  var result = '';
+
+  // Invariants: 0 <= start <= length-1.
+  //   0 <= curr <= next <= max(0, length-2). curr - start <= width.
+  // Inside the loop:
+  //   A match implies length >= 2, so curr and next are <= length-2.
+  while (match = breakRe.exec(line)) {
+    next = match.index;
+    // maintain invariant: curr - start <= width
+    if (next - start > width) {
+      end = curr > start ? curr : next; // derive end <= length-2
+      result += '\n' + line.slice(start, end);
+      // skip the space that was output as \n
+      start = end + 1; // derive start <= length-1
+    }
+
+    curr = next;
+  }
+
+  // By the invariants, start <= length-1, so there is something left over.
+  // It is either the whole string or a part starting from non-whitespace.
+  result += '\n';
+  // Insert a break if the remainder is too long and there is a break available.
+  if (line.length - start > width && curr > start) {
+    result += line.slice(start, curr) + '\n' + line.slice(curr + 1);
+  } else {
+    result += line.slice(start);
+  }
+  return result.slice(1); // drop extra \n joiner
+}
+
+// Escapes a double-quoted string.
+function escapeString(string) {
+  var result = '';
+  var char = 0;
+  var escapeSeq;
+  for (var i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
+    char = codePointAt(string, i);
+    escapeSeq = ESCAPE_SEQUENCES[char];
+    if (!escapeSeq && isPrintable(char)) {
+      result += string[i];
+      if (char >= 0x10000) result += string[i + 1];
+    } else {
+      result += escapeSeq || encodeHex(char);
+    }
+  }
+  return result;
+}
+function writeFlowSequence(state, level, object) {
+  var _result = '',
+    _tag = state.tag,
+    index,
+    length,
+    value;
+  for (index = 0, length = object.length; index < length; index += 1) {
+    value = object[index];
+    if (state.replacer) {
+      value = state.replacer.call(object, String(index), value);
+    }
+
+    // Write only valid elements, put null instead of invalid elements.
+    if (writeNode(state, level, value, false, false) || typeof value === 'undefined' && writeNode(state, level, null, false, false)) {
+      if (_result !== '') _result += ',' + (!state.condenseFlow ? ' ' : '');
+      _result += state.dump;
+    }
+  }
+  state.tag = _tag;
+  state.dump = '[' + _result + ']';
+}
+function writeBlockSequence(state, level, object, compact) {
+  var _result = '',
+    _tag = state.tag,
+    index,
+    length,
+    value;
+  for (index = 0, length = object.length; index < length; index += 1) {
+    value = object[index];
+    if (state.replacer) {
+      value = state.replacer.call(object, String(index), value);
+    }
+
+    // Write only valid elements, put null instead of invalid elements.
+    if (writeNode(state, level + 1, value, true, true, false, true) || typeof value === 'undefined' && writeNode(state, level + 1, null, true, true, false, true)) {
+      if (!compact || _result !== '') {
+        _result += generateNextLine(state, level);
+      }
+      if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
+        _result += '-';
+      } else {
+        _result += '- ';
+      }
+      _result += state.dump;
+    }
+  }
+  state.tag = _tag;
+  state.dump = _result || '[]'; // Empty sequence if no valid values.
+}
+
+function writeFlowMapping(state, level, object) {
+  var _result = '',
+    _tag = state.tag,
+    objectKeyList = Object.keys(object),
+    index,
+    length,
+    objectKey,
+    objectValue,
+    pairBuffer;
+  for (index = 0, length = objectKeyList.length; index < length; index += 1) {
+    pairBuffer = '';
+    if (_result !== '') pairBuffer += ', ';
+    if (state.condenseFlow) pairBuffer += '"';
+    objectKey = objectKeyList[index];
+    objectValue = object[objectKey];
+    if (state.replacer) {
+      objectValue = state.replacer.call(object, objectKey, objectValue);
+    }
+    if (!writeNode(state, level, objectKey, false, false)) {
+      continue; // Skip this pair because of invalid key;
+    }
+
+    if (state.dump.length > 1024) pairBuffer += '? ';
+    pairBuffer += state.dump + (state.condenseFlow ? '"' : '') + ':' + (state.condenseFlow ? '' : ' ');
+    if (!writeNode(state, level, objectValue, false, false)) {
+      continue; // Skip this pair because of invalid value.
+    }
+
+    pairBuffer += state.dump;
+
+    // Both key and value are valid.
+    _result += pairBuffer;
+  }
+  state.tag = _tag;
+  state.dump = '{' + _result + '}';
+}
+function writeBlockMapping(state, level, object, compact) {
+  var _result = '',
+    _tag = state.tag,
+    objectKeyList = Object.keys(object),
+    index,
+    length,
+    objectKey,
+    objectValue,
+    explicitPair,
+    pairBuffer;
+
+  // Allow sorting keys so that the output file is deterministic
+  if (state.sortKeys === true) {
+    // Default sorting
+    objectKeyList.sort();
+  } else if (typeof state.sortKeys === 'function') {
+    // Custom sort function
+    objectKeyList.sort(state.sortKeys);
+  } else if (state.sortKeys) {
+    // Something is wrong
+    throw new exception('sortKeys must be a boolean or a function');
+  }
+  for (index = 0, length = objectKeyList.length; index < length; index += 1) {
+    pairBuffer = '';
+    if (!compact || _result !== '') {
+      pairBuffer += generateNextLine(state, level);
+    }
+    objectKey = objectKeyList[index];
+    objectValue = object[objectKey];
+    if (state.replacer) {
+      objectValue = state.replacer.call(object, objectKey, objectValue);
+    }
+    if (!writeNode(state, level + 1, objectKey, true, true, true)) {
+      continue; // Skip this pair because of invalid key.
+    }
+
+    explicitPair = state.tag !== null && state.tag !== '?' || state.dump && state.dump.length > 1024;
+    if (explicitPair) {
+      if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
+        pairBuffer += '?';
+      } else {
+        pairBuffer += '? ';
+      }
+    }
+    pairBuffer += state.dump;
+    if (explicitPair) {
+      pairBuffer += generateNextLine(state, level);
+    }
+    if (!writeNode(state, level + 1, objectValue, true, explicitPair)) {
+      continue; // Skip this pair because of invalid value.
+    }
+
+    if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
+      pairBuffer += ':';
+    } else {
+      pairBuffer += ': ';
+    }
+    pairBuffer += state.dump;
+
+    // Both key and value are valid.
+    _result += pairBuffer;
+  }
+  state.tag = _tag;
+  state.dump = _result || '{}'; // Empty mapping if no valid pairs.
+}
+
+function detectType(state, object, explicit) {
+  var _result, typeList, index, length, type, style;
+  typeList = explicit ? state.explicitTypes : state.implicitTypes;
+  for (index = 0, length = typeList.length; index < length; index += 1) {
+    type = typeList[index];
+    if ((type.instanceOf || type.predicate) && (!type.instanceOf || typeof object === 'object' && object instanceof type.instanceOf) && (!type.predicate || type.predicate(object))) {
+      if (explicit) {
+        if (type.multi && type.representName) {
+          state.tag = type.representName(object);
+        } else {
+          state.tag = type.tag;
+        }
+      } else {
+        state.tag = '?';
+      }
+      if (type.represent) {
+        style = state.styleMap[type.tag] || type.defaultStyle;
+        if (_toString.call(type.represent) === '[object Function]') {
+          _result = type.represent(object, style);
+        } else if (_hasOwnProperty.call(type.represent, style)) {
+          _result = type.represent[style](object, style);
+        } else {
+          throw new exception('!<' + type.tag + '> tag resolver accepts not "' + style + '" style');
+        }
+        state.dump = _result;
+      }
+      return true;
+    }
+  }
+  return false;
+}
+
+// Serializes `object` and writes it to global `result`.
+// Returns true on success, or false on invalid object.
+//
+function writeNode(state, level, object, block, compact, iskey, isblockseq) {
+  state.tag = null;
+  state.dump = object;
+  if (!detectType(state, object, false)) {
+    detectType(state, object, true);
+  }
+  var type = _toString.call(state.dump);
+  var inblock = block;
+  var tagStr;
+  if (block) {
+    block = state.flowLevel < 0 || state.flowLevel > level;
+  }
+  var objectOrArray = type === '[object Object]' || type === '[object Array]',
+    duplicateIndex,
+    duplicate;
+  if (objectOrArray) {
+    duplicateIndex = state.duplicates.indexOf(object);
+    duplicate = duplicateIndex !== -1;
+  }
+  if (state.tag !== null && state.tag !== '?' || duplicate || state.indent !== 2 && level > 0) {
+    compact = false;
+  }
+  if (duplicate && state.usedDuplicates[duplicateIndex]) {
+    state.dump = '*ref_' + duplicateIndex;
+  } else {
+    if (objectOrArray && duplicate && !state.usedDuplicates[duplicateIndex]) {
+      state.usedDuplicates[duplicateIndex] = true;
+    }
+    if (type === '[object Object]') {
+      if (block && Object.keys(state.dump).length !== 0) {
+        writeBlockMapping(state, level, state.dump, compact);
+        if (duplicate) {
+          state.dump = '&ref_' + duplicateIndex + state.dump;
+        }
+      } else {
+        writeFlowMapping(state, level, state.dump);
+        if (duplicate) {
+          state.dump = '&ref_' + duplicateIndex + ' ' + state.dump;
+        }
+      }
+    } else if (type === '[object Array]') {
+      if (block && state.dump.length !== 0) {
+        if (state.noArrayIndent && !isblockseq && level > 0) {
+          writeBlockSequence(state, level - 1, state.dump, compact);
+        } else {
+          writeBlockSequence(state, level, state.dump, compact);
+        }
+        if (duplicate) {
+          state.dump = '&ref_' + duplicateIndex + state.dump;
+        }
+      } else {
+        writeFlowSequence(state, level, state.dump);
+        if (duplicate) {
+          state.dump = '&ref_' + duplicateIndex + ' ' + state.dump;
+        }
+      }
+    } else if (type === '[object String]') {
+      if (state.tag !== '?') {
+        writeScalar(state, state.dump, level, iskey, inblock);
+      }
+    } else if (type === '[object Undefined]') {
+      return false;
+    } else {
+      if (state.skipInvalid) return false;
+      throw new exception('unacceptable kind of an object to dump ' + type);
+    }
+    if (state.tag !== null && state.tag !== '?') {
+      // Need to encode all characters except those allowed by the spec:
+      //
+      // [35] ns-dec-digit    ::=  [#x30-#x39] /* 0-9 */
+      // [36] ns-hex-digit    ::=  ns-dec-digit
+      //                         | [#x41-#x46] /* A-F */ | [#x61-#x66] /* a-f */
+      // [37] ns-ascii-letter ::=  [#x41-#x5A] /* A-Z */ | [#x61-#x7A] /* a-z */
+      // [38] ns-word-char    ::=  ns-dec-digit | ns-ascii-letter | “-”
+      // [39] ns-uri-char     ::=  “%” ns-hex-digit ns-hex-digit | ns-word-char | “#”
+      //                         | “;” | “/” | “?” | “:” | “@” | “&” | “=” | “+” | “$” | “,”
+      //                         | “_” | “.” | “!” | “~” | “*” | “'” | “(” | “)” | “[” | “]”
+      //
+      // Also need to encode '!' because it has special meaning (end of tag prefix).
+      //
+      tagStr = encodeURI(state.tag[0] === '!' ? state.tag.slice(1) : state.tag).replace(/!/g, '%21');
+      if (state.tag[0] === '!') {
+        tagStr = '!' + tagStr;
+      } else if (tagStr.slice(0, 18) === 'tag:yaml.org,2002:') {
+        tagStr = '!!' + tagStr.slice(18);
+      } else {
+        tagStr = '!<' + tagStr + '>';
+      }
+      state.dump = tagStr + ' ' + state.dump;
+    }
+  }
+  return true;
+}
+function getDuplicateReferences(object, state) {
+  var objects = [],
+    duplicatesIndexes = [],
+    index,
+    length;
+  inspectNode(object, objects, duplicatesIndexes);
+  for (index = 0, length = duplicatesIndexes.length; index < length; index += 1) {
+    state.duplicates.push(objects[duplicatesIndexes[index]]);
+  }
+  state.usedDuplicates = new Array(length);
+}
+function inspectNode(object, objects, duplicatesIndexes) {
+  var objectKeyList, index, length;
+  if (object !== null && typeof object === 'object') {
+    index = objects.indexOf(object);
+    if (index !== -1) {
+      if (duplicatesIndexes.indexOf(index) === -1) {
+        duplicatesIndexes.push(index);
+      }
+    } else {
+      objects.push(object);
+      if (Array.isArray(object)) {
+        for (index = 0, length = object.length; index < length; index += 1) {
+          inspectNode(object[index], objects, duplicatesIndexes);
+        }
+      } else {
+        objectKeyList = Object.keys(object);
+        for (index = 0, length = objectKeyList.length; index < length; index += 1) {
+          inspectNode(object[objectKeyList[index]], objects, duplicatesIndexes);
+        }
+      }
+    }
+  }
+}
+function dump$1(input, options) {
+  options = options || {};
+  var state = new State(options);
+  if (!state.noRefs) getDuplicateReferences(input, state);
+  var value = input;
+  if (state.replacer) {
+    value = state.replacer.call({
+      '': value
+    }, '', value);
+  }
+  if (writeNode(state, 0, value, true, true)) return state.dump + '\n';
+  return '';
+}
+var dump_1 = dump$1;
+var dumper = {
+  dump: dump_1
+};
+function renamed(from, to) {
+  return function () {
+    throw new Error('Function yaml.' + from + ' is removed in js-yaml 4. ' + 'Use yaml.' + to + ' instead, which is now safe by default.');
+  };
+}
+var Type = type;
+var Schema = schema;
+var FAILSAFE_SCHEMA = failsafe;
+var JSON_SCHEMA = js_yaml_json;
+var CORE_SCHEMA = core;
+var DEFAULT_SCHEMA = _default;
+var load = loader.load;
+var loadAll = loader.loadAll;
+var dump = dumper.dump;
+var YAMLException = exception;
+
+// Re-export all types in case user wants to create custom schema
+var types = {
+  binary: binary,
+  float: js_yaml_float,
+  map: map,
+  null: _null,
+  pairs: pairs,
+  set: set,
+  timestamp: timestamp,
+  bool: bool,
+  int: js_yaml_int,
+  merge: js_yaml_merge,
+  omap: omap,
+  seq: seq,
+  str: str
+};
+
+// Removed functions from JS-YAML 3.0.x
+var safeLoad = renamed('safeLoad', 'load');
+var safeLoadAll = renamed('safeLoadAll', 'loadAll');
+var safeDump = renamed('safeDump', 'dump');
+var jsYaml = {
+  Type: Type,
+  Schema: Schema,
+  FAILSAFE_SCHEMA: FAILSAFE_SCHEMA,
+  JSON_SCHEMA: JSON_SCHEMA,
+  CORE_SCHEMA: CORE_SCHEMA,
+  DEFAULT_SCHEMA: DEFAULT_SCHEMA,
+  load: load,
+  loadAll: loadAll,
+  dump: dump,
+  YAMLException: YAMLException,
+  types: types,
+  safeLoad: safeLoad,
+  safeLoadAll: safeLoadAll,
+  safeDump: safeDump
+};
+/* harmony default export */ var js_yaml = ((/* unused pure expression or super */ null && (jsYaml)));
+
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutProperties.js
+
+function objectWithoutProperties_objectWithoutProperties(source, excluded) {
+  if (source == null) return {};
+  var target = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded);
+  var key, i;
+  if (Object.getOwnPropertySymbols) {
+    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);
+    for (i = 0; i < sourceSymbolKeys.length; i++) {
+      key = sourceSymbolKeys[i];
+      if (excluded.indexOf(key) >= 0) continue;
+      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
+      target[key] = source[key];
+    }
+  }
+  return target;
+}
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/create-element.js
+
+
+function create_element_ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    enumerableOnly && (symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    })), keys.push.apply(keys, symbols);
+  }
+  return keys;
+}
+function create_element_objectSpread(target) {
+  for (var i = 1; i < arguments.length; i++) {
+    var source = null != arguments[i] ? arguments[i] : {};
+    i % 2 ? create_element_ownKeys(Object(source), !0).forEach(function (key) {
+      defineProperty_defineProperty(target, key, source[key]);
+    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : create_element_ownKeys(Object(source)).forEach(function (key) {
+      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+    });
+  }
+  return target;
+}
+ // Get all possible permutations of all power sets
+//
+// Super simple, non-algorithmic solution since the
+// number of class names will not be greater than 4
+
+function powerSetPermutations(arr) {
+  var arrLength = arr.length;
+  if (arrLength === 0 || arrLength === 1) return arr;
+  if (arrLength === 2) {
+    // prettier-ignore
+    return [arr[0], arr[1], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0])];
+  }
+  if (arrLength === 3) {
+    return [arr[0], arr[1], arr[2], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2]), "".concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0])];
+  }
+  if (arrLength >= 4) {
+    // Currently does not support more than 4 extra
+    // class names (after `.token` has been removed)
+    return [arr[0], arr[1], arr[2], arr[3], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[3]), "".concat(arr[3], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[1], ".").concat(arr[0])];
+  }
+}
+var classNameCombinations = {};
+function getClassNameCombinations(classNames) {
+  if (classNames.length === 0 || classNames.length === 1) return classNames;
+  var key = classNames.join('.');
+  if (!classNameCombinations[key]) {
+    classNameCombinations[key] = powerSetPermutations(classNames);
+  }
+  return classNameCombinations[key];
+}
+function createStyleObject(classNames) {
+  var elementStyle = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  var stylesheet = arguments.length > 2 ? arguments[2] : undefined;
+  var nonTokenClassNames = classNames.filter(function (className) {
+    return className !== 'token';
+  });
+  var classNamesCombinations = getClassNameCombinations(nonTokenClassNames);
+  return classNamesCombinations.reduce(function (styleObject, className) {
+    return create_element_objectSpread(create_element_objectSpread({}, styleObject), stylesheet[className]);
+  }, elementStyle);
+}
+function createClassNameString(classNames) {
+  return classNames.join(' ');
+}
+function createChildren(stylesheet, useInlineStyles) {
+  var childrenCount = 0;
+  return function (children) {
+    childrenCount += 1;
+    return children.map(function (child, i) {
+      return createElement({
+        node: child,
+        stylesheet: stylesheet,
+        useInlineStyles: useInlineStyles,
+        key: "code-segment-".concat(childrenCount, "-").concat(i)
+      });
+    });
+  };
+}
+function createElement(_ref) {
+  var node = _ref.node,
+    stylesheet = _ref.stylesheet,
+    _ref$style = _ref.style,
+    style = _ref$style === void 0 ? {} : _ref$style,
+    useInlineStyles = _ref.useInlineStyles,
+    key = _ref.key;
+  var properties = node.properties,
+    type = node.type,
+    TagName = node.tagName,
+    value = node.value;
+  if (type === 'text') {
+    return value;
+  } else if (TagName) {
+    var childrenCreator = createChildren(stylesheet, useInlineStyles);
+    var props;
+    if (!useInlineStyles) {
+      props = create_element_objectSpread(create_element_objectSpread({}, properties), {}, {
+        className: createClassNameString(properties.className)
+      });
+    } else {
+      var allStylesheetSelectors = Object.keys(stylesheet).reduce(function (classes, selector) {
+        selector.split('.').forEach(function (className) {
+          if (!classes.includes(className)) classes.push(className);
+        });
+        return classes;
+      }, []); // For compatibility with older versions of react-syntax-highlighter
+
+      var startingClassName = properties.className && properties.className.includes('token') ? ['token'] : [];
+      var className = properties.className && startingClassName.concat(properties.className.filter(function (className) {
+        return !allStylesheetSelectors.includes(className);
+      }));
+      props = create_element_objectSpread(create_element_objectSpread({}, properties), {}, {
+        className: createClassNameString(className) || undefined,
+        style: createStyleObject(properties.className, Object.assign({}, properties.style, style), stylesheet)
+      });
+    }
+    var children = childrenCreator(node.children);
+    return /*#__PURE__*/react.createElement(TagName, extends_extends({
+      key: key
+    }, props), children);
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/checkForListedLanguage.js
+/* harmony default export */ var checkForListedLanguage = (function (astGenerator, language) {
+  var langs = astGenerator.listLanguages();
+  return langs.indexOf(language) !== -1;
+});
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/highlight.js
+
+
+
+var highlight_excluded = ["language", "children", "style", "customStyle", "codeTagProps", "useInlineStyles", "showLineNumbers", "showInlineLineNumbers", "startingLineNumber", "lineNumberContainerStyle", "lineNumberStyle", "wrapLines", "wrapLongLines", "lineProps", "renderer", "PreTag", "CodeTag", "code", "astGenerator"];
+function highlight_ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    enumerableOnly && (symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    })), keys.push.apply(keys, symbols);
+  }
+  return keys;
+}
+function highlight_objectSpread(target) {
+  for (var i = 1; i < arguments.length; i++) {
+    var source = null != arguments[i] ? arguments[i] : {};
+    i % 2 ? highlight_ownKeys(Object(source), !0).forEach(function (key) {
+      defineProperty_defineProperty(target, key, source[key]);
+    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : highlight_ownKeys(Object(source)).forEach(function (key) {
+      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+    });
+  }
+  return target;
+}
+
+
+
+var newLineRegex = /\n/g;
+function getNewLines(str) {
+  return str.match(newLineRegex);
+}
+function getAllLineNumbers(_ref) {
+  var lines = _ref.lines,
+    startingLineNumber = _ref.startingLineNumber,
+    style = _ref.style;
+  return lines.map(function (_, i) {
+    var number = i + startingLineNumber;
+    return /*#__PURE__*/react.createElement("span", {
+      key: "line-".concat(i),
+      className: "react-syntax-highlighter-line-number",
+      style: typeof style === 'function' ? style(number) : style
+    }, "".concat(number, "\n"));
+  });
+}
+function AllLineNumbers(_ref2) {
+  var codeString = _ref2.codeString,
+    codeStyle = _ref2.codeStyle,
+    _ref2$containerStyle = _ref2.containerStyle,
+    containerStyle = _ref2$containerStyle === void 0 ? {
+      "float": 'left',
+      paddingRight: '10px'
+    } : _ref2$containerStyle,
+    _ref2$numberStyle = _ref2.numberStyle,
+    numberStyle = _ref2$numberStyle === void 0 ? {} : _ref2$numberStyle,
+    startingLineNumber = _ref2.startingLineNumber;
+  return /*#__PURE__*/react.createElement("code", {
+    style: Object.assign({}, codeStyle, containerStyle)
+  }, getAllLineNumbers({
+    lines: codeString.replace(/\n$/, '').split('\n'),
+    style: numberStyle,
+    startingLineNumber: startingLineNumber
+  }));
+}
+function getEmWidthOfNumber(num) {
+  return "".concat(num.toString().length, ".25em");
+}
+function getInlineLineNumber(lineNumber, inlineLineNumberStyle) {
+  return {
+    type: 'element',
+    tagName: 'span',
+    properties: {
+      key: "line-number--".concat(lineNumber),
+      className: ['comment', 'linenumber', 'react-syntax-highlighter-line-number'],
+      style: inlineLineNumberStyle
+    },
+    children: [{
+      type: 'text',
+      value: lineNumber
+    }]
+  };
+}
+function assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber) {
+  // minimally necessary styling for line numbers
+  var defaultLineNumberStyle = {
+    display: 'inline-block',
+    minWidth: getEmWidthOfNumber(largestLineNumber),
+    paddingRight: '1em',
+    textAlign: 'right',
+    userSelect: 'none'
+  }; // prep custom styling
+
+  var customLineNumberStyle = typeof lineNumberStyle === 'function' ? lineNumberStyle(lineNumber) : lineNumberStyle; // combine
+
+  var assembledStyle = highlight_objectSpread(highlight_objectSpread({}, defaultLineNumberStyle), customLineNumberStyle);
+  return assembledStyle;
+}
+function createLineElement(_ref3) {
+  var children = _ref3.children,
+    lineNumber = _ref3.lineNumber,
+    lineNumberStyle = _ref3.lineNumberStyle,
+    largestLineNumber = _ref3.largestLineNumber,
+    showInlineLineNumbers = _ref3.showInlineLineNumbers,
+    _ref3$lineProps = _ref3.lineProps,
+    lineProps = _ref3$lineProps === void 0 ? {} : _ref3$lineProps,
+    _ref3$className = _ref3.className,
+    className = _ref3$className === void 0 ? [] : _ref3$className,
+    showLineNumbers = _ref3.showLineNumbers,
+    wrapLongLines = _ref3.wrapLongLines;
+  var properties = typeof lineProps === 'function' ? lineProps(lineNumber) : lineProps;
+  properties['className'] = className;
+  if (lineNumber && showInlineLineNumbers) {
+    var inlineLineNumberStyle = assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber);
+    children.unshift(getInlineLineNumber(lineNumber, inlineLineNumberStyle));
+  }
+  if (wrapLongLines & showLineNumbers) {
+    properties.style = highlight_objectSpread(highlight_objectSpread({}, properties.style), {}, {
+      display: 'flex'
+    });
+  }
+  return {
+    type: 'element',
+    tagName: 'span',
+    properties: properties,
+    children: children
+  };
+}
+function flattenCodeTree(tree) {
+  var className = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
+  var newTree = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
+  for (var i = 0; i < tree.length; i++) {
+    var node = tree[i];
+    if (node.type === 'text') {
+      newTree.push(createLineElement({
+        children: [node],
+        className: toConsumableArray_toConsumableArray(new Set(className))
+      }));
+    } else if (node.children) {
+      var classNames = className.concat(node.properties.className);
+      flattenCodeTree(node.children, classNames).forEach(function (i) {
+        return newTree.push(i);
+      });
+    }
+  }
+  return newTree;
+}
+function processLines(codeTree, wrapLines, lineProps, showLineNumbers, showInlineLineNumbers, startingLineNumber, largestLineNumber, lineNumberStyle, wrapLongLines) {
+  var _ref4;
+  var tree = flattenCodeTree(codeTree.value);
+  var newTree = [];
+  var lastLineBreakIndex = -1;
+  var index = 0;
+  function createWrappedLine(children, lineNumber) {
+    var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
+    return createLineElement({
+      children: children,
+      lineNumber: lineNumber,
+      lineNumberStyle: lineNumberStyle,
+      largestLineNumber: largestLineNumber,
+      showInlineLineNumbers: showInlineLineNumbers,
+      lineProps: lineProps,
+      className: className,
+      showLineNumbers: showLineNumbers,
+      wrapLongLines: wrapLongLines
+    });
+  }
+  function createUnwrappedLine(children, lineNumber) {
+    if (showLineNumbers && lineNumber && showInlineLineNumbers) {
+      var inlineLineNumberStyle = assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber);
+      children.unshift(getInlineLineNumber(lineNumber, inlineLineNumberStyle));
+    }
+    return children;
+  }
+  function createLine(children, lineNumber) {
+    var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
+    return wrapLines || className.length > 0 ? createWrappedLine(children, lineNumber, className) : createUnwrappedLine(children, lineNumber);
+  }
+  var _loop = function _loop() {
+    var node = tree[index];
+    var value = node.children[0].value;
+    var newLines = getNewLines(value);
+    if (newLines) {
+      var splitValue = value.split('\n');
+      splitValue.forEach(function (text, i) {
+        var lineNumber = showLineNumbers && newTree.length + startingLineNumber;
+        var newChild = {
+          type: 'text',
+          value: "".concat(text, "\n")
+        }; // if it's the first line
+
+        if (i === 0) {
+          var _children = tree.slice(lastLineBreakIndex + 1, index).concat(createLineElement({
+            children: [newChild],
+            className: node.properties.className
+          }));
+          var _line = createLine(_children, lineNumber);
+          newTree.push(_line); // if it's the last line
+        } else if (i === splitValue.length - 1) {
+          var stringChild = tree[index + 1] && tree[index + 1].children && tree[index + 1].children[0];
+          var lastLineInPreviousSpan = {
+            type: 'text',
+            value: "".concat(text)
+          };
+          if (stringChild) {
+            var newElem = createLineElement({
+              children: [lastLineInPreviousSpan],
+              className: node.properties.className
+            });
+            tree.splice(index + 1, 0, newElem);
+          } else {
+            var _children2 = [lastLineInPreviousSpan];
+            var _line2 = createLine(_children2, lineNumber, node.properties.className);
+            newTree.push(_line2);
+          } // if it's neither the first nor the last line
+        } else {
+          var _children3 = [newChild];
+          var _line3 = createLine(_children3, lineNumber, node.properties.className);
+          newTree.push(_line3);
+        }
+      });
+      lastLineBreakIndex = index;
+    }
+    index++;
+  };
+  while (index < tree.length) {
+    _loop();
+  }
+  if (lastLineBreakIndex !== tree.length - 1) {
+    var children = tree.slice(lastLineBreakIndex + 1, tree.length);
+    if (children && children.length) {
+      var lineNumber = showLineNumbers && newTree.length + startingLineNumber;
+      var line = createLine(children, lineNumber);
+      newTree.push(line);
+    }
+  }
+  return wrapLines ? newTree : (_ref4 = []).concat.apply(_ref4, newTree);
+}
+function defaultRenderer(_ref5) {
+  var rows = _ref5.rows,
+    stylesheet = _ref5.stylesheet,
+    useInlineStyles = _ref5.useInlineStyles;
+  return rows.map(function (node, i) {
+    return createElement({
+      node: node,
+      stylesheet: stylesheet,
+      useInlineStyles: useInlineStyles,
+      key: "code-segement".concat(i)
+    });
+  });
+} // only highlight.js has the highlightAuto method
+
+function isHighlightJs(astGenerator) {
+  return astGenerator && typeof astGenerator.highlightAuto !== 'undefined';
+}
+function getCodeTree(_ref6) {
+  var astGenerator = _ref6.astGenerator,
+    language = _ref6.language,
+    code = _ref6.code,
+    defaultCodeValue = _ref6.defaultCodeValue;
+
+  // figure out whether we're using lowlight/highlight or refractor/prism
+  // then attempt highlighting accordingly
+  // lowlight/highlight?
+  if (isHighlightJs(astGenerator)) {
+    var hasLanguage = checkForListedLanguage(astGenerator, language);
+    if (language === 'text') {
+      return {
+        value: defaultCodeValue,
+        language: 'text'
+      };
+    } else if (hasLanguage) {
+      return astGenerator.highlight(language, code);
+    } else {
+      return astGenerator.highlightAuto(code);
+    }
+  } // must be refractor/prism, then
+
+  try {
+    return language && language !== 'text' ? {
+      value: astGenerator.highlight(code, language)
+    } : {
+      value: defaultCodeValue
+    };
+  } catch (e) {
+    return {
+      value: defaultCodeValue
+    };
+  }
+}
+/* harmony default export */ function highlight(defaultAstGenerator, defaultStyle) {
+  return function SyntaxHighlighter(_ref7) {
+    var language = _ref7.language,
+      children = _ref7.children,
+      _ref7$style = _ref7.style,
+      style = _ref7$style === void 0 ? defaultStyle : _ref7$style,
+      _ref7$customStyle = _ref7.customStyle,
+      customStyle = _ref7$customStyle === void 0 ? {} : _ref7$customStyle,
+      _ref7$codeTagProps = _ref7.codeTagProps,
+      codeTagProps = _ref7$codeTagProps === void 0 ? {
+        className: language ? "language-".concat(language) : undefined,
+        style: highlight_objectSpread(highlight_objectSpread({}, style['code[class*="language-"]']), style["code[class*=\"language-".concat(language, "\"]")])
+      } : _ref7$codeTagProps,
+      _ref7$useInlineStyles = _ref7.useInlineStyles,
+      useInlineStyles = _ref7$useInlineStyles === void 0 ? true : _ref7$useInlineStyles,
+      _ref7$showLineNumbers = _ref7.showLineNumbers,
+      showLineNumbers = _ref7$showLineNumbers === void 0 ? false : _ref7$showLineNumbers,
+      _ref7$showInlineLineN = _ref7.showInlineLineNumbers,
+      showInlineLineNumbers = _ref7$showInlineLineN === void 0 ? true : _ref7$showInlineLineN,
+      _ref7$startingLineNum = _ref7.startingLineNumber,
+      startingLineNumber = _ref7$startingLineNum === void 0 ? 1 : _ref7$startingLineNum,
+      lineNumberContainerStyle = _ref7.lineNumberContainerStyle,
+      _ref7$lineNumberStyle = _ref7.lineNumberStyle,
+      lineNumberStyle = _ref7$lineNumberStyle === void 0 ? {} : _ref7$lineNumberStyle,
+      wrapLines = _ref7.wrapLines,
+      _ref7$wrapLongLines = _ref7.wrapLongLines,
+      wrapLongLines = _ref7$wrapLongLines === void 0 ? false : _ref7$wrapLongLines,
+      _ref7$lineProps = _ref7.lineProps,
+      lineProps = _ref7$lineProps === void 0 ? {} : _ref7$lineProps,
+      renderer = _ref7.renderer,
+      _ref7$PreTag = _ref7.PreTag,
+      PreTag = _ref7$PreTag === void 0 ? 'pre' : _ref7$PreTag,
+      _ref7$CodeTag = _ref7.CodeTag,
+      CodeTag = _ref7$CodeTag === void 0 ? 'code' : _ref7$CodeTag,
+      _ref7$code = _ref7.code,
+      code = _ref7$code === void 0 ? (Array.isArray(children) ? children[0] : children) || '' : _ref7$code,
+      astGenerator = _ref7.astGenerator,
+      rest = objectWithoutProperties_objectWithoutProperties(_ref7, highlight_excluded);
+    astGenerator = astGenerator || defaultAstGenerator;
+    var allLineNumbers = showLineNumbers ? /*#__PURE__*/react.createElement(AllLineNumbers, {
+      containerStyle: lineNumberContainerStyle,
+      codeStyle: codeTagProps.style || {},
+      numberStyle: lineNumberStyle,
+      startingLineNumber: startingLineNumber,
+      codeString: code
+    }) : null;
+    var defaultPreStyle = style.hljs || style['pre[class*="language-"]'] || {
+      backgroundColor: '#fff'
+    };
+    var generatorClassName = isHighlightJs(astGenerator) ? 'hljs' : 'prismjs';
+    var preProps = useInlineStyles ? Object.assign({}, rest, {
+      style: Object.assign({}, defaultPreStyle, customStyle)
+    }) : Object.assign({}, rest, {
+      className: rest.className ? "".concat(generatorClassName, " ").concat(rest.className) : generatorClassName,
+      style: Object.assign({}, customStyle)
+    });
+    if (wrapLongLines) {
+      codeTagProps.style = highlight_objectSpread(highlight_objectSpread({}, codeTagProps.style), {}, {
+        whiteSpace: 'pre-wrap'
+      });
+    } else {
+      codeTagProps.style = highlight_objectSpread(highlight_objectSpread({}, codeTagProps.style), {}, {
+        whiteSpace: 'pre'
+      });
+    }
+    if (!astGenerator) {
+      return /*#__PURE__*/react.createElement(PreTag, preProps, allLineNumbers, /*#__PURE__*/react.createElement(CodeTag, codeTagProps, code));
+    }
+    /*
+     * Some custom renderers rely on individual row elements so we need to turn wrapLines on
+     * if renderer is provided and wrapLines is undefined.
+     */
+
+    if (wrapLines === undefined && renderer || wrapLongLines) wrapLines = true;
+    renderer = renderer || defaultRenderer;
+    var defaultCodeValue = [{
+      type: 'text',
+      value: code
+    }];
+    var codeTree = getCodeTree({
+      astGenerator: astGenerator,
+      language: language,
+      code: code,
+      defaultCodeValue: defaultCodeValue
+    });
+    if (codeTree.language === null) {
+      codeTree.value = defaultCodeValue;
+    } // determine largest line number so that we can force minWidth on all linenumber elements
+
+    var largestLineNumber = codeTree.value.length + startingLineNumber;
+    var rows = processLines(codeTree, wrapLines, lineProps, showLineNumbers, showInlineLineNumbers, startingLineNumber, largestLineNumber, lineNumberStyle, wrapLongLines);
+    return /*#__PURE__*/react.createElement(PreTag, preProps, /*#__PURE__*/react.createElement(CodeTag, codeTagProps, !showInlineLineNumbers && allLineNumbers, renderer({
+      rows: rows,
+      stylesheet: style,
+      useInlineStyles: useInlineStyles
+    })));
+  };
+}
+// EXTERNAL MODULE: ./node_modules/lowlight/lib/core.js
+var lib_core = __webpack_require__(905);
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/light.js
+
+
+var SyntaxHighlighter = highlight(lib_core, {});
+SyntaxHighlighter.registerLanguage = lib_core.registerLanguage;
+/* harmony default export */ var esm_light = (SyntaxHighlighter);
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/styles/hljs/docco.js
+/* harmony default export */ var docco = ({
+  "hljs": {
+    "display": "block",
+    "overflowX": "auto",
+    "padding": "0.5em",
+    "color": "#000",
+    "background": "#f8f8ff"
+  },
+  "hljs-comment": {
+    "color": "#408080",
+    "fontStyle": "italic"
+  },
+  "hljs-quote": {
+    "color": "#408080",
+    "fontStyle": "italic"
+  },
+  "hljs-keyword": {
+    "color": "#954121"
+  },
+  "hljs-selector-tag": {
+    "color": "#954121"
+  },
+  "hljs-literal": {
+    "color": "#954121"
+  },
+  "hljs-subst": {
+    "color": "#954121"
+  },
+  "hljs-number": {
+    "color": "#40a070"
+  },
+  "hljs-string": {
+    "color": "#219161"
+  },
+  "hljs-doctag": {
+    "color": "#219161"
+  },
+  "hljs-selector-id": {
+    "color": "#19469d"
+  },
+  "hljs-selector-class": {
+    "color": "#19469d"
+  },
+  "hljs-section": {
+    "color": "#19469d"
+  },
+  "hljs-type": {
+    "color": "#19469d"
+  },
+  "hljs-params": {
+    "color": "#00f"
+  },
+  "hljs-title": {
+    "color": "#458",
+    "fontWeight": "bold"
+  },
+  "hljs-tag": {
+    "color": "#000080",
+    "fontWeight": "normal"
+  },
+  "hljs-name": {
+    "color": "#000080",
+    "fontWeight": "normal"
+  },
+  "hljs-attribute": {
+    "color": "#000080",
+    "fontWeight": "normal"
+  },
+  "hljs-variable": {
+    "color": "#008080"
+  },
+  "hljs-template-variable": {
+    "color": "#008080"
+  },
+  "hljs-regexp": {
+    "color": "#b68"
+  },
+  "hljs-link": {
+    "color": "#b68"
+  },
+  "hljs-symbol": {
+    "color": "#990073"
+  },
+  "hljs-bullet": {
+    "color": "#990073"
+  },
+  "hljs-built_in": {
+    "color": "#0086b3"
+  },
+  "hljs-builtin-name": {
+    "color": "#0086b3"
+  },
+  "hljs-meta": {
+    "color": "#999",
+    "fontWeight": "bold"
+  },
+  "hljs-deletion": {
+    "background": "#fdd"
+  },
+  "hljs-addition": {
+    "background": "#dfd"
+  },
+  "hljs-emphasis": {
+    "fontStyle": "italic"
+  },
+  "hljs-strong": {
+    "fontWeight": "bold"
+  }
+});
+// EXTERNAL MODULE: ./node_modules/highlight.js/lib/languages/yaml.js
+var yaml = __webpack_require__(712);
+var yaml_default = /*#__PURE__*/__webpack_require__.n(yaml);
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/languages/hljs/yaml.js
+
+/* harmony default export */ var hljs_yaml = ((yaml_default()));
+// EXTERNAL MODULE: ./node_modules/highlight.js/lib/languages/diff.js
+var languages_diff = __webpack_require__(682);
+var diff_default = /*#__PURE__*/__webpack_require__.n(languages_diff);
+;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/languages/hljs/diff.js
+
+/* harmony default export */ var hljs_diff = ((diff_default()));
+;// CONCATENATED MODULE: ./src/components/CodeViewer.tsx
+esm_light.registerLanguage('yaml',hljs_yaml);esm_light.registerLanguage('diff',hljs_diff);function CodeViewer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(esm_light,{language:props.language,style:docco,children:props.code});/*return <Box height={"100%"}><Box sx={{
+        overflowY: 'scroll', // Enable vertical scrolling
+        height: "100%",
+        //maxHeight: '100%', // Set a fixed height
+        border: '1px solid #ccc', // Optional border
+        padding: '10px', // Optional padding
+    }}>
+        <SyntaxHighlighter language={props.language} style={docco}>
+            {props.code!}
+        </SyntaxHighlighter>
+    </Box></Box>*/}
+;// CONCATENATED MODULE: ./src/components/result-view/CommandResultStatusLine.tsx
+var StatusLine=function StatusLine(props){var children=[];var doPush=function doPush(n,t,icon){if(n){children.push(/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:n+" "+t,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"center",width:"24px",height:"24px",children:icon})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{fontSize:"10px",align:"center",children:n})]},children.length));}};doPush(props.errors,"total errors.",/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorIcon,{}));doPush(props.warnings,"total warnings.",/*#__PURE__*/(0,jsx_runtime.jsx)(WarningIcon,{}));doPush(props.newObjects,"new objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(AddedIcon,{}));doPush(props.deletedObjects,"deleted objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(TrashIcon,{}));doPush(props.orphanObjects,"orphan objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(OrphanIcon,{}));doPush(props.changedObjects,"changed objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(ChangedIcon,{}));return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",children:children});};var CommandResultStatusLine=function CommandResultStatusLine(props){var _props$rs$errors,_props$rs$warnings;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_props$rs$errors=props.rs.errors)===null||_props$rs$errors===void 0?void 0:_props$rs$errors.length,warnings:(_props$rs$warnings=props.rs.warnings)===null||_props$rs$warnings===void 0?void 0:_props$rs$warnings.length,changedObjects:props.rs.changedObjects,newObjects:props.rs.newObjects,deletedObjects:props.rs.deletedObjects,orphanObjects:props.rs.orphanObjects});};var ValidateResultStatusLine=function ValidateResultStatusLine(props){var _props$vr,_props$vr$errors,_props$vr2,_props$vr2$warnings,_props$vr3,_props$vr3$drift;return/*#__PURE__*/_jsx(StatusLine,{errors:(_props$vr=props.vr)===null||_props$vr===void 0?void 0:(_props$vr$errors=_props$vr.errors)===null||_props$vr$errors===void 0?void 0:_props$vr$errors.length,warnings:(_props$vr2=props.vr)===null||_props$vr2===void 0?void 0:(_props$vr2$warnings=_props$vr2.warnings)===null||_props$vr2$warnings===void 0?void 0:_props$vr2$warnings.length,changedObjects:(_props$vr3=props.vr)===null||_props$vr3===void 0?void 0:(_props$vr3$drift=_props$vr3.drift)===null||_props$vr3$drift===void 0?void 0:_props$vr3$drift.length});};
+;// CONCATENATED MODULE: ./src/utils/duration.ts
+function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}
+;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultItem.tsx
+var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};var CommandResultItem=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult,selected=props.selected;var navigate=dist_useNavigate();var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 5px 16px',outline:selected?'8px solid #59A588':'none'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/TableContext.js
+
+
+/**
+ * @ignore - internal component.
+ */
+var TableContext = /*#__PURE__*/react.createContext();
+if (false) {}
+/* harmony default export */ var Table_TableContext = (TableContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/tableClasses.js
+
+
+function getTableUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTable', slot);
+}
+var tableClasses = generateUtilityClasses('MuiTable', ['root', 'stickyHeader']);
+/* harmony default export */ var Table_tableClasses = ((/* unused pure expression or super */ null && (tableClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Table.js
+
+
+var Table_excluded = ["className", "component", "padding", "size", "stickyHeader"];
+
+
+
+
+
+
+
+
+
+var Table_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    stickyHeader = ownerState.stickyHeader;
+  var slots = {
+    root: ['root', stickyHeader && 'stickyHeader']
+  };
+  return composeClasses(slots, getTableUtilityClass, classes);
+};
+var TableRoot = styles_styled('table', {
+  name: 'MuiTable',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.stickyHeader && styles.stickyHeader];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    display: 'table',
+    width: '100%',
+    borderCollapse: 'collapse',
+    borderSpacing: 0,
+    '& caption': extends_extends({}, theme.typography.body2, {
+      padding: theme.spacing(2),
+      color: (theme.vars || theme).palette.text.secondary,
+      textAlign: 'left',
+      captionSide: 'bottom'
+    })
+  }, ownerState.stickyHeader && {
+    borderCollapse: 'separate'
+  });
+});
+var defaultComponent = 'table';
+var Table = /*#__PURE__*/react.forwardRef(function Table(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTable'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? defaultComponent : _props$component,
+    _props$padding = props.padding,
+    padding = _props$padding === void 0 ? 'normal' : _props$padding,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 'medium' : _props$size,
+    _props$stickyHeader = props.stickyHeader,
+    stickyHeader = _props$stickyHeader === void 0 ? false : _props$stickyHeader,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Table_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    padding: padding,
+    size: size,
+    stickyHeader: stickyHeader
+  });
+  var classes = Table_useUtilityClasses(ownerState);
+  var table = react.useMemo(function () {
+    return {
+      padding: padding,
+      size: size,
+      stickyHeader: stickyHeader
+    };
+  }, [padding, size, stickyHeader]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_TableContext.Provider, {
+    value: table,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableRoot, extends_extends({
+      as: component,
+      role: component === defaultComponent ? null : 'table',
+      ref: ref,
+      className: clsx_m(classes.root, className),
+      ownerState: ownerState
+    }, other))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Table_Table = (Table);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Tablelvl2Context.js
+
+
+/**
+ * @ignore - internal component.
+ */
+var Tablelvl2Context = /*#__PURE__*/react.createContext();
+if (false) {}
+/* harmony default export */ var Table_Tablelvl2Context = (Tablelvl2Context);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/tableBodyClasses.js
+
+
+function getTableBodyUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableBody', slot);
+}
+var tableBodyClasses = generateUtilityClasses('MuiTableBody', ['root']);
+/* harmony default export */ var TableBody_tableBodyClasses = ((/* unused pure expression or super */ null && (tableBodyClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/TableBody.js
+
+
+var TableBody_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+
+var TableBody_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTableBodyUtilityClass, classes);
+};
+var TableBodyRoot = styles_styled('tbody', {
+  name: 'MuiTableBody',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  display: 'table-row-group'
+});
+var tablelvl2 = {
+  variant: 'body'
+};
+var TableBody_defaultComponent = 'tbody';
+var TableBody = /*#__PURE__*/react.forwardRef(function TableBody(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableBody'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? TableBody_defaultComponent : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableBody_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component
+  });
+  var classes = TableBody_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
+    value: tablelvl2,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableBodyRoot, extends_extends({
+      className: clsx_m(classes.root, className),
+      as: component,
+      ref: ref,
+      role: component === TableBody_defaultComponent ? null : 'rowgroup',
+      ownerState: ownerState
+    }, other))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableBody_TableBody = (TableBody);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/tableCellClasses.js
+
+
+function getTableCellUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableCell', slot);
+}
+var tableCellClasses = generateUtilityClasses('MuiTableCell', ['root', 'head', 'body', 'footer', 'sizeSmall', 'sizeMedium', 'paddingCheckbox', 'paddingNone', 'alignLeft', 'alignCenter', 'alignRight', 'alignJustify', 'stickyHeader']);
+/* harmony default export */ var TableCell_tableCellClasses = (tableCellClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/TableCell.js
+
+
+
+var TableCell_excluded = ["align", "className", "component", "padding", "scope", "size", "sortDirection", "variant"];
+
+
+
+
+
+
+
+
+
+
+
+
+var TableCell_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    variant = ownerState.variant,
+    align = ownerState.align,
+    padding = ownerState.padding,
+    size = ownerState.size,
+    stickyHeader = ownerState.stickyHeader;
+  var slots = {
+    root: ['root', variant, stickyHeader && 'stickyHeader', align !== 'inherit' && "align".concat(utils_capitalize(align)), padding !== 'normal' && "padding".concat(utils_capitalize(padding)), "size".concat(utils_capitalize(size))]
+  };
+  return composeClasses(slots, getTableCellUtilityClass, classes);
+};
+var TableCellRoot = styles_styled('td', {
+  name: 'MuiTableCell',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.variant], styles["size".concat(utils_capitalize(ownerState.size))], ownerState.padding !== 'normal' && styles["padding".concat(utils_capitalize(ownerState.padding))], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.stickyHeader && styles.stickyHeader];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({}, theme.typography.body2, {
+    display: 'table-cell',
+    verticalAlign: 'inherit',
+    // Workaround for a rendering bug with spanned columns in Chrome 62.0.
+    // Removes the alpha (sets it to 1), and lightens or darkens the theme color.
+    borderBottom: theme.vars ? "1px solid ".concat(theme.vars.palette.TableCell.border) : "1px solid\n    ".concat(theme.palette.mode === 'light' ? lighten(alpha(theme.palette.divider, 1), 0.88) : darken(alpha(theme.palette.divider, 1), 0.68)),
+    textAlign: 'left',
+    padding: 16
+  }, ownerState.variant === 'head' && {
+    color: (theme.vars || theme).palette.text.primary,
+    lineHeight: theme.typography.pxToRem(24),
+    fontWeight: theme.typography.fontWeightMedium
+  }, ownerState.variant === 'body' && {
+    color: (theme.vars || theme).palette.text.primary
+  }, ownerState.variant === 'footer' && {
+    color: (theme.vars || theme).palette.text.secondary,
+    lineHeight: theme.typography.pxToRem(21),
+    fontSize: theme.typography.pxToRem(12)
+  }, ownerState.size === 'small' && defineProperty_defineProperty({
+    padding: '6px 16px'
+  }, "&.".concat(TableCell_tableCellClasses.paddingCheckbox), {
+    width: 24,
+    // prevent the checkbox column from growing
+    padding: '0 12px 0 16px',
+    '& > *': {
+      padding: 0
+    }
+  }), ownerState.padding === 'checkbox' && {
+    width: 48,
+    // prevent the checkbox column from growing
+    padding: '0 0 0 4px'
+  }, ownerState.padding === 'none' && {
+    padding: 0
+  }, ownerState.align === 'left' && {
+    textAlign: 'left'
+  }, ownerState.align === 'center' && {
+    textAlign: 'center'
+  }, ownerState.align === 'right' && {
+    textAlign: 'right',
+    flexDirection: 'row-reverse'
+  }, ownerState.align === 'justify' && {
+    textAlign: 'justify'
+  }, ownerState.stickyHeader && {
+    position: 'sticky',
+    top: 0,
+    zIndex: 2,
+    backgroundColor: (theme.vars || theme).palette.background.default
+  });
+});
+
+/**
+ * The component renders a `<th>` element when the parent context is a header
+ * or otherwise a `<td>` element.
+ */
+var TableCell = /*#__PURE__*/react.forwardRef(function TableCell(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableCell'
+  });
+  var _props$align = props.align,
+    align = _props$align === void 0 ? 'inherit' : _props$align,
+    className = props.className,
+    componentProp = props.component,
+    paddingProp = props.padding,
+    scopeProp = props.scope,
+    sizeProp = props.size,
+    sortDirection = props.sortDirection,
+    variantProp = props.variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableCell_excluded);
+  var table = react.useContext(Table_TableContext);
+  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
+  var isHeadCell = tablelvl2 && tablelvl2.variant === 'head';
+  var component;
+  if (componentProp) {
+    component = componentProp;
+  } else {
+    component = isHeadCell ? 'th' : 'td';
+  }
+  var scope = scopeProp;
+  // scope is not a valid attribute for <td/> elements.
+  // source: https://html.spec.whatwg.org/multipage/tables.html#the-td-element
+  if (component === 'td') {
+    scope = undefined;
+  } else if (!scope && isHeadCell) {
+    scope = 'col';
+  }
+  var variant = variantProp || tablelvl2 && tablelvl2.variant;
+  var ownerState = extends_extends({}, props, {
+    align: align,
+    component: component,
+    padding: paddingProp || (table && table.padding ? table.padding : 'normal'),
+    size: sizeProp || (table && table.size ? table.size : 'medium'),
+    sortDirection: sortDirection,
+    stickyHeader: variant === 'head' && table && table.stickyHeader,
+    variant: variant
+  });
+  var classes = TableCell_useUtilityClasses(ownerState);
+  var ariaSort = null;
+  if (sortDirection) {
+    ariaSort = sortDirection === 'asc' ? 'ascending' : 'descending';
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableCellRoot, extends_extends({
+    as: component,
+    ref: ref,
+    className: clsx_m(classes.root, className),
+    "aria-sort": ariaSort,
+    scope: scope,
+    ownerState: ownerState
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableCell_TableCell = (TableCell);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/tableContainerClasses.js
+
+
+function getTableContainerUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableContainer', slot);
+}
+var tableContainerClasses = generateUtilityClasses('MuiTableContainer', ['root']);
+/* harmony default export */ var TableContainer_tableContainerClasses = ((/* unused pure expression or super */ null && (tableContainerClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/TableContainer.js
+
+
+var TableContainer_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+var TableContainer_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTableContainerUtilityClass, classes);
+};
+var TableContainerRoot = styles_styled('div', {
+  name: 'MuiTableContainer',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  width: '100%',
+  overflowX: 'auto'
+});
+var TableContainer = /*#__PURE__*/react.forwardRef(function TableContainer(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableContainer'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableContainer_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component
+  });
+  var classes = TableContainer_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableContainerRoot, extends_extends({
+    ref: ref,
+    as: component,
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableContainer_TableContainer = (TableContainer);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/tableHeadClasses.js
+
+
+function getTableHeadUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableHead', slot);
+}
+var tableHeadClasses = generateUtilityClasses('MuiTableHead', ['root']);
+/* harmony default export */ var TableHead_tableHeadClasses = ((/* unused pure expression or super */ null && (tableHeadClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/TableHead.js
+
+
+var TableHead_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+
+var TableHead_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTableHeadUtilityClass, classes);
+};
+var TableHeadRoot = styles_styled('thead', {
+  name: 'MuiTableHead',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  display: 'table-header-group'
+});
+var TableHead_tablelvl2 = {
+  variant: 'head'
+};
+var TableHead_defaultComponent = 'thead';
+var TableHead = /*#__PURE__*/react.forwardRef(function TableHead(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableHead'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? TableHead_defaultComponent : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableHead_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component
+  });
+  var classes = TableHead_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
+    value: TableHead_tablelvl2,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableHeadRoot, extends_extends({
+      as: component,
+      className: clsx_m(classes.root, className),
+      ref: ref,
+      role: component === TableHead_defaultComponent ? null : 'rowgroup',
+      ownerState: ownerState
+    }, other))
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableHead_TableHead = (TableHead);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/tableRowClasses.js
+
+
+function getTableRowUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableRow', slot);
+}
+var tableRowClasses = generateUtilityClasses('MuiTableRow', ['root', 'selected', 'hover', 'head', 'footer']);
+/* harmony default export */ var TableRow_tableRowClasses = (tableRowClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/TableRow.js
+
+
+
+var TableRow_excluded = ["className", "component", "hover", "selected"];
+
+
+
+
+
+
+
+
+
+
+var TableRow_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    selected = ownerState.selected,
+    hover = ownerState.hover,
+    head = ownerState.head,
+    footer = ownerState.footer;
+  var slots = {
+    root: ['root', selected && 'selected', hover && 'hover', head && 'head', footer && 'footer']
+  };
+  return composeClasses(slots, getTableRowUtilityClass, classes);
+};
+var TableRowRoot = styles_styled('tr', {
+  name: 'MuiTableRow',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.head && styles.head, ownerState.footer && styles.footer];
+  }
+})(function (_ref) {
+  var _ref2;
+  var theme = _ref.theme;
+  return _ref2 = {
+    color: 'inherit',
+    display: 'table-row',
+    verticalAlign: 'middle',
+    // We disable the focus ring for mouse, touch and keyboard users.
+    outline: 0
+  }, defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.hover, ":hover"), {
+    backgroundColor: (theme.vars || theme).palette.action.hover
+  }), defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.selected), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
+    '&:hover': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity)
+    }
+  }), _ref2;
+});
+var TableRow_defaultComponent = 'tr';
+/**
+ * Will automatically set dynamic row height
+ * based on the material table element parent (head, body, etc).
+ */
+var TableRow = /*#__PURE__*/react.forwardRef(function TableRow(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableRow'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? TableRow_defaultComponent : _props$component,
+    _props$hover = props.hover,
+    hover = _props$hover === void 0 ? false : _props$hover,
+    _props$selected = props.selected,
+    selected = _props$selected === void 0 ? false : _props$selected,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableRow_excluded);
+  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    hover: hover,
+    selected: selected,
+    head: tablelvl2 && tablelvl2.variant === 'head',
+    footer: tablelvl2 && tablelvl2.variant === 'footer'
+  });
+  var classes = TableRow_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableRowRoot, extends_extends({
+    as: component,
+    ref: ref,
+    className: clsx_m(classes.root, className),
+    role: component === TableRow_defaultComponent ? null : 'row',
+    ownerState: ownerState
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableRow_TableRow = (TableRow);
+;// CONCATENATED MODULE: ./src/components/result-view/ChangesTable.tsx
+var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},i);})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co,i){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},i);})})]})},i);})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
+;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
+function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},i);})})]})})})});}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/circularProgressClasses.js
+
+
+function getCircularProgressUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiCircularProgress', slot);
+}
+var circularProgressClasses = generateUtilityClasses('MuiCircularProgress', ['root', 'determinate', 'indeterminate', 'colorPrimary', 'colorSecondary', 'svg', 'circle', 'circleDeterminate', 'circleIndeterminate', 'circleDisableShrink']);
+/* harmony default export */ var CircularProgress_circularProgressClasses = ((/* unused pure expression or super */ null && (circularProgressClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/CircularProgress.js
+
+var CircularProgress_templateObject, CircularProgress_templateObject2, CircularProgress_templateObject3, CircularProgress_templateObject4;
+
+
+var CircularProgress_excluded = ["className", "color", "disableShrink", "size", "style", "thickness", "value", "variant"];
+var CircularProgress_ = function _(t) {
+    return t;
+  },
+  CircularProgress_t,
+  CircularProgress_t2,
+  CircularProgress_t3,
+  CircularProgress_t4;
+
+
+
+
+
+
+
+
+
+
+
+var SIZE = 44;
+var circularRotateKeyframe = keyframes(CircularProgress_t || (CircularProgress_t = CircularProgress_(CircularProgress_templateObject || (CircularProgress_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: rotate(0deg);\n  }\n\n  100% {\n    transform: rotate(360deg);\n  }\n"])))));
+var circularDashKeyframe = keyframes(CircularProgress_t2 || (CircularProgress_t2 = CircularProgress_(CircularProgress_templateObject2 || (CircularProgress_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    stroke-dasharray: 1px, 200px;\n    stroke-dashoffset: 0;\n  }\n\n  50% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -15px;\n  }\n\n  100% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -125px;\n  }\n"])))));
+var CircularProgress_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    variant = ownerState.variant,
+    color = ownerState.color,
+    disableShrink = ownerState.disableShrink;
+  var slots = {
+    root: ['root', variant, "color".concat(utils_capitalize(color))],
+    svg: ['svg'],
+    circle: ['circle', "circle".concat(utils_capitalize(variant)), disableShrink && 'circleDisableShrink']
+  };
+  return composeClasses(slots, getCircularProgressUtilityClass, classes);
+};
+var CircularProgressRoot = styles_styled('span', {
+  name: 'MuiCircularProgress',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.variant], styles["color".concat(utils_capitalize(ownerState.color))]];
+  }
+})(function (_ref) {
+  var ownerState = _ref.ownerState,
+    theme = _ref.theme;
+  return extends_extends({
+    display: 'inline-block'
+  }, ownerState.variant === 'determinate' && {
+    transition: theme.transitions.create('transform')
+  }, ownerState.color !== 'inherit' && {
+    color: (theme.vars || theme).palette[ownerState.color].main
+  });
+}, function (_ref2) {
+  var ownerState = _ref2.ownerState;
+  return ownerState.variant === 'indeterminate' && css(CircularProgress_t3 || (CircularProgress_t3 = CircularProgress_(CircularProgress_templateObject3 || (CircularProgress_templateObject3 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s linear infinite;\n    "])), 0)), circularRotateKeyframe);
+});
+var CircularProgressSVG = styles_styled('svg', {
+  name: 'MuiCircularProgress',
+  slot: 'Svg',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.svg;
+  }
+})({
+  display: 'block' // Keeps the progress centered
+});
+
+var CircularProgressCircle = styles_styled('circle', {
+  name: 'MuiCircularProgress',
+  slot: 'Circle',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.circle, styles["circle".concat(utils_capitalize(ownerState.variant))], ownerState.disableShrink && styles.circleDisableShrink];
+  }
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState,
+    theme = _ref3.theme;
+  return extends_extends({
+    stroke: 'currentColor'
+  }, ownerState.variant === 'determinate' && {
+    transition: theme.transitions.create('stroke-dashoffset')
+  }, ownerState.variant === 'indeterminate' && {
+    // Some default value that looks fine waiting for the animation to kicks in.
+    strokeDasharray: '80px, 200px',
+    strokeDashoffset: 0 // Add the unit to fix a Edge 16 and below bug.
+  });
+}, function (_ref4) {
+  var ownerState = _ref4.ownerState;
+  return ownerState.variant === 'indeterminate' && !ownerState.disableShrink && css(CircularProgress_t4 || (CircularProgress_t4 = CircularProgress_(CircularProgress_templateObject4 || (CircularProgress_templateObject4 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s ease-in-out infinite;\n    "])), 0)), circularDashKeyframe);
+});
+
+/**
+ * ## ARIA
+ *
+ * If the progress bar is describing the loading progress of a particular region of a page,
+ * you should use `aria-describedby` to point to the progress bar, and set the `aria-busy`
+ * attribute to `true` on that region until it has finished loading.
+ */
+var CircularProgress = /*#__PURE__*/react.forwardRef(function CircularProgress(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiCircularProgress'
+  });
+  var className = props.className,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'primary' : _props$color,
+    _props$disableShrink = props.disableShrink,
+    disableShrink = _props$disableShrink === void 0 ? false : _props$disableShrink,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 40 : _props$size,
+    style = props.style,
+    _props$thickness = props.thickness,
+    thickness = _props$thickness === void 0 ? 3.6 : _props$thickness,
+    _props$value = props.value,
+    value = _props$value === void 0 ? 0 : _props$value,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'indeterminate' : _props$variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, CircularProgress_excluded);
+  var ownerState = extends_extends({}, props, {
+    color: color,
+    disableShrink: disableShrink,
+    size: size,
+    thickness: thickness,
+    value: value,
+    variant: variant
+  });
+  var classes = CircularProgress_useUtilityClasses(ownerState);
+  var circleStyle = {};
+  var rootStyle = {};
+  var rootProps = {};
+  if (variant === 'determinate') {
+    var circumference = 2 * Math.PI * ((SIZE - thickness) / 2);
+    circleStyle.strokeDasharray = circumference.toFixed(3);
+    rootProps['aria-valuenow'] = Math.round(value);
+    circleStyle.strokeDashoffset = "".concat(((100 - value) / 100 * circumference).toFixed(3), "px");
+    rootStyle.transform = 'rotate(-90deg)';
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    style: extends_extends({
+      width: size,
+      height: size
+    }, rootStyle, style),
+    ownerState: ownerState,
+    ref: ref,
+    role: "progressbar"
+  }, rootProps, other, {
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressSVG, {
+      className: classes.svg,
+      ownerState: ownerState,
+      viewBox: "".concat(SIZE / 2, " ").concat(SIZE / 2, " ").concat(SIZE, " ").concat(SIZE),
+      children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressCircle, {
+        className: classes.circle,
+        style: circleStyle,
+        ownerState: ownerState,
+        cx: SIZE,
+        cy: SIZE,
+        r: (SIZE - thickness) / 2,
+        fill: "none",
+        strokeWidth: thickness
+      })
+    })
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var CircularProgress_CircularProgress = (CircularProgress);
+;// CONCATENATED MODULE: ./src/components/Loading.tsx
+var Loading=function Loading(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",height:"100%",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgress_CircularProgress,{})})});};
+;// CONCATENATED MODULE: ./src/components/ObjectYaml.tsx
+var ObjectYaml=function ObjectYaml(props){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];(0,react.useEffect)(function(){var getData=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);}));return function getData(){return _ref.apply(this,arguments);};}();setPromise(getData());},[props.treeProps,props.objectRef,props.objectType]);var Content=function Content(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:usePromise(promise),language:"yaml"});};return/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{})});};
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeData.tsx
+var DiffStatus=/*#__PURE__*/function(){function DiffStatus(){classCallCheck_classCallCheck(this,DiffStatus);this.newObjects=[];this.deletedObjects=[];this.orphanObjects=[];this.changedObjects=[];this.totalInsertions=0;this.totalDeletions=0;this.totalUpdates=0;}createClass_createClass(DiffStatus,[{key:"addChangedObject",value:function addChangedObject(co){var _co$changes,_this=this;this.changedObjects.push(co);(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.forEach(function(x){switch(x.type){case"insert":_this.totalInsertions++;break;case"delete":_this.totalDeletions++;break;case"update":_this.totalUpdates++;break;}});}},{key:"merge",value:function merge(other){this.newObjects=this.newObjects.concat(other.newObjects);this.deletedObjects=this.deletedObjects.concat(other.deletedObjects);this.orphanObjects=this.orphanObjects.concat(other.orphanObjects);this.changedObjects=this.changedObjects.concat(other.changedObjects);this.totalInsertions+=other.totalInsertions;this.totalDeletions+=other.totalDeletions;this.totalUpdates+=other.totalUpdates;}},{key:"hasDiffs",value:function hasDiffs(){if(this.newObjects.length||this.deletedObjects.length||this.orphanObjects.length){return true;}if(this.changedObjects.find(function(co){var _co$changes2;return((_co$changes2=co.changes)===null||_co$changes2===void 0?void 0:_co$changes2.length)!==0;})){return true;}return false;}}]);return DiffStatus;}();var HealthStatus=/*#__PURE__*/function(){function HealthStatus(){classCallCheck_classCallCheck(this,HealthStatus);this.errors=[];this.warnings=[];}createClass_createClass(HealthStatus,[{key:"merge",value:function merge(other){this.errors=this.errors.concat(other.errors);this.warnings=this.warnings.concat(other.warnings);}}]);return HealthStatus;}();var NodeData=/*#__PURE__*/function(){function NodeData(props,id,hasHealthStatus,hasDiffStatus){classCallCheck_classCallCheck(this,NodeData);this.props=void 0;this.id=void 0;this.children=[];this.healthStatus=void 0;this.diffStatus=void 0;this.props=props;this.id=id;if(hasHealthStatus){this.healthStatus=new HealthStatus();}if(hasDiffStatus){this.diffStatus=new DiffStatus();}}createClass_createClass(NodeData,[{key:"pushChild",value:function pushChild(child,front){if(front){this.children.unshift(child);}else{this.children.push(child);}this.merge(child);}},{key:"merge",value:function merge(other){if(this.diffStatus&&other.diffStatus){this.diffStatus.merge(other.diffStatus);}if(this.healthStatus&&other.healthStatus){this.healthStatus.merge(other.healthStatus);}}},{key:"buildStatusLine",value:function buildStatusLine(){var _this$healthStatus,_this$healthStatus2,_this$diffStatus,_this$diffStatus2,_this$diffStatus3,_this$diffStatus4;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_this$healthStatus=this.healthStatus)===null||_this$healthStatus===void 0?void 0:_this$healthStatus.errors.length,warnings:(_this$healthStatus2=this.healthStatus)===null||_this$healthStatus2===void 0?void 0:_this$healthStatus2.warnings.length,changedObjects:(_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.changedObjects.length,newObjects:(_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.newObjects.length,deletedObjects:(_this$diffStatus3=this.diffStatus)===null||_this$diffStatus3===void 0?void 0:_this$diffStatus3.deletedObjects.length,orphanObjects:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.orphanObjects.length});}},{key:"buildTreeItem",value:function buildTreeItem(hasChildren){var _this$healthStatus3,_this$healthStatus4,_this$diffStatus5,_this$diffStatus6,_this$diffStatus7,_this$diffStatus8;var _this$buildIcon=this.buildIcon(),_this$buildIcon2=slicedToArray_slicedToArray(_this$buildIcon,2),icon=_this$buildIcon2[0],iconText=_this$buildIcon2[1];var hasStatusLine=[(_this$healthStatus3=this.healthStatus)===null||_this$healthStatus3===void 0?void 0:_this$healthStatus3.errors.length,(_this$healthStatus4=this.healthStatus)===null||_this$healthStatus4===void 0?void 0:_this$healthStatus4.warnings.length,(_this$diffStatus5=this.diffStatus)===null||_this$diffStatus5===void 0?void 0:_this$diffStatus5.changedObjects.length,(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.newObjects.length,(_this$diffStatus7=this.diffStatus)===null||_this$diffStatus7===void 0?void 0:_this$diffStatus7.deletedObjects.length,(_this$diffStatus8=this.diffStatus)===null||_this$diffStatus8===void 0?void 0:_this$diffStatus8.orphanObjects.length].some(function(x){return(x||0)>0;});return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",width:"30px",height:"100%",flex:"0 0 auto",mr:"13px",sx:{'& svg':{width:'30px',height:'30px'}},children:[icon,/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",component:"div",fontSize:"12px",fontWeight:400,lineHeight:"16px",height:"16px",children:iconText})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",py:"15px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,_objectSpread2(_objectSpread2({variant:"h6",component:"div",sx:{wordBreak:'break-all'}},hasChildren?{}:{fontSize:'16px',lineHeight:'22px'}),{},{children:this.buildSidePanelTitle()}))}),hasStatusLine&&/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"100%",width:"172px",flex:"0 0 auto",display:"flex",alignItems:"center",px:"14px",ml:"14px",position:"relative",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),this.buildStatusLine()]})]});}},{key:"buildDiffAndHealthPages",value:function buildDiffAndHealthPages(tabs){this.buildChangesPage(tabs);this.buildErrorsPage(tabs);this.buildWarningsPage(tabs);}},{key:"buildObjectPage",value:function buildObjectPage(ref,objectType){return/*#__PURE__*/(0,jsx_runtime.jsx)(ObjectYaml,{treeProps:this.props,objectRef:ref,objectType:objectType});}},{key:"buildChangesPage",value:function buildChangesPage(tabs){var _this$diffStatus9;if(!((_this$diffStatus9=this.diffStatus)!==null&&_this$diffStatus9!==void 0&&_this$diffStatus9.hasDiffs())){return undefined;}tabs.push({label:"Changes",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}},{key:"buildErrorsPage",value:function buildErrorsPage(tabs){var _this$healthStatus5;if(!((_this$healthStatus5=this.healthStatus)!==null&&_this$healthStatus5!==void 0&&_this$healthStatus5.errors.length)){return undefined;}tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.errors})});}},{key:"buildWarningsPage",value:function buildWarningsPage(tabs){var _this$healthStatus6;if(!((_this$healthStatus6=this.healthStatus)!==null&&_this$healthStatus6!==void 0&&_this$healthStatus6.warnings.length)){return undefined;}tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.warnings})});}}]);return NodeData;}();
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Category.js
+
+
+/* harmony default export */ var Category = (createSvgIcon([/*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "m12 2-5.5 9h11z"
+}, "0"), /*#__PURE__*/(0,jsx_runtime.jsx)("circle", {
+  cx: "17.5",
+  cy: "17.5",
+  r: "4.5"
+}, "1"), /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M3 13.5h8v8H3z"
+}, "2")], 'Category'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Settings.js
+
+
+/* harmony default export */ var Settings = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94l-.36-2.54c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L2.74 8.87c-.12.21-.08.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.12-.22.07-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"
+}), 'Settings'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Lock.js
+
+
+/* harmony default export */ var Lock = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"
+}), 'Lock'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Dvr.js
+
+
+/* harmony default export */ var Dvr = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M21 3H3c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h5v2h8v-2h5c1.1 0 1.99-.9 1.99-2L23 5c0-1.1-.9-2-2-2zm0 14H3V5h18v12zm-2-9H8v2h11V8zm0 4H8v2h11v-2zM7 8H5v2h2V8zm0 4H5v2h2v-2z"
+}), 'Dvr'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Http.js
+
+
+/* harmony default export */ var Http = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M4.5 11h-2V9H1v6h1.5v-2.5h2V15H6V9H4.5v2zm2.5-.5h1.5V15H10v-4.5h1.5V9H7v1.5zm5.5 0H14V15h1.5v-4.5H17V9h-4.5v1.5zm9-1.5H18v6h1.5v-2h2c.8 0 1.5-.7 1.5-1.5v-1c0-.8-.7-1.5-1.5-1.5zm0 2.5h-2v-1h2v1z"
+}), 'Http'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Cloud.js
+
+
+/* harmony default export */ var Cloud = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96z"
+}), 'Cloud'));
+;// CONCATENATED MODULE: ./src/components/PropertiesTable.tsx
+function PropertiesTable(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Name"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Value"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.properties.map(function(row){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.name}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.value})]},row.name);})})]})});}
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceNode.tsx
+var VarsSourceNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceNodeData,_NodeData);var _super=_createSuper(VarsSourceNodeData);function VarsSourceNodeData(props,id,varsSource){var _this$varsSource$clus;var _this;classCallCheck_classCallCheck(this,VarsSourceNodeData);_this=_super.call(this,props,id,false,false);_this.varsSource=void 0;_this.labelsYaml=void 0;_this.renderedVarsYaml=void 0;_this.varsSource=varsSource;var labels=(_this$varsSource$clus=_this.varsSource.clusterConfigMap)===null||_this$varsSource$clus===void 0?void 0:_this$varsSource$clus.labels;if(!labels){var _this$varsSource$clus2;labels=(_this$varsSource$clus2=_this.varsSource.clusterSecret)===null||_this$varsSource$clus2===void 0?void 0:_this$varsSource$clus2.labels;}if(labels){_this.labelsYaml=dump(labels);}_this.renderedVarsYaml=dump(_this.varsSource.renderedVars);return _this;}createClass_createClass(VarsSourceNodeData,[{key:"getVarsSourceHandler",value:function getVarsSourceHandler(){var _this2=this;if(this.varsSource.values){return{type:"values",label:function label(){if(_this2.varsSource.renderedVars){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;}else{return"empty values";}},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}else if(this.varsSource.file){return{type:"file",label:function label(){return _this2.varsSource.file;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(FileIcon,{});},sourceProps:function sourceProps(){return[{name:"File",value:_this2.varsSource.file}];}};}else if(this.varsSource.git){return{type:"git",label:function label(){var s=_this2.varsSource.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.git.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.git.url});sourceProps.push({name:"Path",value:_this2.varsSource.git.path});var ref="HEAD";if(_this2.varsSource.git.ref){ref=_this2.varsSource.git.ref;}sourceProps.push({name:"Ref",value:ref});return sourceProps;}};}else if(this.varsSource.clusterConfigMap||this.varsSource.clusterSecret){var vs=this.varsSource.clusterConfigMap?this.varsSource.clusterConfigMap:this.varsSource.clusterSecret;var type=this.varsSource.clusterConfigMap?"cm":"secret";var _icon=this.varsSource.clusterConfigMap?/*#__PURE__*/(0,jsx_runtime.jsx)(Settings,{fontSize:"large"}):/*#__PURE__*/(0,jsx_runtime.jsx)(Lock,{fontSize:"large"});return{type:type,label:function label(){var _this2$varsSource$clu;return(_this2$varsSource$clu=_this2.varsSource.clusterConfigMap)===null||_this2$varsSource$clu===void 0?void 0:_this2$varsSource$clu.name;},icon:function icon(){return _icon;},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Name",value:vs.name});sourceProps.push({name:"Namespace",value:vs.namespace});sourceProps.push({name:"Key",value:vs.key});if(vs.labels){sourceProps.push({name:"Labels",value:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:_this2.labelsYaml,language:"yaml"})});}return sourceProps;}};}else if(this.varsSource.systemEnvVars){return{type:"systemEnvVar",label:function label(){return"systemEnvVars";},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Dvr,{fontSize:"large"});},sourceProps:function sourceProps(){// TODO
+return[];}};}else if(this.varsSource.http){return{type:"http",label:function label(){return _this2.varsSource.http.url;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Http,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.http.url});sourceProps.push({name:"Method",value:_this2.varsSource.http.method||"GET"});if(_this2.varsSource.http.jsonPath){sourceProps.push({name:"JsonPath",value:_this2.varsSource.http.jsonPath});}return sourceProps;}};}else if(this.varsSource.awsSecretsManager){return{type:"awsSecretsManager",label:function label(){return _this2.varsSource.awsSecretsManager.secretName;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"SecretName",value:_this2.varsSource.awsSecretsManager.secretName});if(_this2.varsSource.awsSecretsManager.region){sourceProps.push({name:"Region",value:_this2.varsSource.awsSecretsManager.region});}if(_this2.varsSource.awsSecretsManager.profile){sourceProps.push({name:"Profile",value:_this2.varsSource.awsSecretsManager.profile});}return sourceProps;}};}else if(this.varsSource.vault){return{type:"vault",label:function label(){return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[_this2.varsSource.vault.address,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.vault.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Address",value:_this2.varsSource.vault.address});sourceProps.push({name:"Path",value:_this2.varsSource.vault.path});return sourceProps;}};}else{return{type:"unknown",label:function label(){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getVarsSourceHandler().label();}},{key:"buildIcon",value:function buildIcon(){var h=this.getVarsSourceHandler();return[h.icon(),h.type];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()},{label:"Vars",content:this.buildVarsPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var h=this.getVarsSourceHandler();var props=[{name:"Type",value:h.type}].concat(toConsumableArray_toConsumableArray(h.sourceProps()),[{name:"IgnoreMissing",value:!!this.varsSource.ignoreMissing+""},{name:"NoOverride",value:!!this.varsSource.noOverride+""}]);if(this.varsSource.when){props.push({name:"When",value:this.varsSource.when});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildVarsPage",value:function buildVarsPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{overflowY:'scroll',// Enable vertical scrolling
+//maxHeight: '400px', // Set a fixed height
+border:'1px solid #ccc',// Optional border
+padding:'10px'// Optional padding
+},children:/*#__PURE__*/(0,jsx_runtime.jsx)("pre",{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.renderedVarsYaml,language:"yaml"})})});}}]);return VarsSourceNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Source.js
+
+
+/* harmony default export */ var Source = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M20 6h-8l-2-2H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2zm-6 10H6v-2h8v2zm4-4H6v-2h12v2z"
+}), 'Source'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemNode.tsx
+var DeploymentItemNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemNodeData,_NodeData);var _super=_createSuper(DeploymentItemNodeData);function DeploymentItemNodeData(props,id,deploymentItem){var _this;classCallCheck_classCallCheck(this,DeploymentItemNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.deploymentItem=deploymentItem;return _this;}createClass_createClass(DeploymentItemNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.deploymentItem.path;}},{key:"buildIcon",value:function buildIcon(){var iconText="di";return[/*#__PURE__*/(0,jsx_runtime.jsx)(Source,{fontSize:"large"}),iconText];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];props.push({name:"Path",value:this.deploymentItem.path});buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemNodeData;}(NodeData);function buildDeploymentItemSummaryProps(di,props){if(di.barrier!==undefined){props.push({name:"Barrier",value:di.barrier+""});}if(di.waitReadiness!==undefined){props.push({name:"WaitReadiness",value:di.waitReadiness+""});}if(di.skipDeleteIfTags!==undefined){props.push({name:"SkipDeleteIfTags",value:di.skipDeleteIfTags+""});}if(di.onlyRender!==undefined){props.push({name:"OnlyRender",value:di.onlyRender+""});}if(di.alwaysDeploy!==undefined){props.push({name:"AlwaysDeploy",value:di.alwaysDeploy+""});}if(di.deleteObjects){// TODO this is ugly
+props.push({name:"DeleteObjects",value:JSON.stringify(di.deleteObjects)});}if(di.when){props.push({name:"When",value:di.when});}}
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SettingsEthernet.js
+
+
+/* harmony default export */ var SettingsEthernet = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M7.77 6.76 6.23 5.48.82 12l5.41 6.52 1.54-1.28L3.42 12l4.35-5.24zM7 13h2v-2H7v2zm10-2h-2v2h2v-2zm-6 2h2v-2h-2v2zm6.77-7.52-1.54 1.28L20.58 12l-4.35 5.24 1.54 1.28L23.18 12l-5.41-6.52z"
+}), 'SettingsEthernet'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SmartToy.js
+
+
+/* harmony default export */ var SmartToy = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M20 9V7c0-1.1-.9-2-2-2h-3c0-1.66-1.34-3-3-3S9 3.34 9 5H6c-1.1 0-2 .9-2 2v2c-1.66 0-3 1.34-3 3s1.34 3 3 3v4c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2v-4c1.66 0 3-1.34 3-3s-1.34-3-3-3zM7.5 11.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5S9.83 13 9 13s-1.5-.67-1.5-1.5zM16 17H8v-2h8v2zm-1-4c-.83 0-1.5-.67-1.5-1.5S14.17 10 15 10s1.5.67 1.5 1.5S15.83 13 15 13z"
+}), 'SmartToy'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/ObjectNode.tsx
+var kindMapping={"/ConfigMap":{icon:Settings},"apps/Deployment":{icon:PublishedWithChanges},"Service":{icon:SettingsEthernet},"ServiceAccount":{icon:SmartToy}};var ObjectNodeData=/*#__PURE__*/function(_NodeData){_inherits(ObjectNodeData,_NodeData);var _super=_createSuper(ObjectNodeData);function ObjectNodeData(props,id,objectRef){var _this;classCallCheck_classCallCheck(this,ObjectNodeData);_this=_super.call(this,props,id,true,true);_this.objectRef=void 0;_this.objectRef=objectRef;return _this;}createClass_createClass(ObjectNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.objectRef.name;}},{key:"buildIcon",value:function buildIcon(){var _this2=this;var sn=this.props.shortNames.find(function(sn){return sn.group===_this2.objectRef.group&&sn.kind===_this2.objectRef.kind;});var snStr=(sn===null||sn===void 0?void 0:sn.shortName)||"";var m=kindMapping[this.objectRef.group+"/"+this.objectRef.kind];if(m!==undefined){return[/*#__PURE__*/react.createElement(m.icon,{fontSize:"large"}),snStr];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsCurlyIcon,{}),snStr];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _findObjectByRef,_findObjectByRef2,_findObjectByRef3;var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);if((_findObjectByRef=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef!==void 0&&_findObjectByRef.rendered){tabs.push({label:"Rendered",content:this.buildObjectPage(this.objectRef,ObjectType.Rendered)});}if((_findObjectByRef2=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef2!==void 0&&_findObjectByRef2.remote){tabs.push({label:"Remote",content:this.buildObjectPage(this.objectRef,ObjectType.Remote)});}if((_findObjectByRef3=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef3!==void 0&&_findObjectByRef3.applied){tabs.push({label:"Applied",content:this.buildObjectPage(this.objectRef,ObjectType.Applied)});}return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _o$rendered;var props=[];var apiVersion=this.objectRef.version;if(this.objectRef.group){apiVersion=this.objectRef.group+"/"+this.objectRef.version;}props.push({name:"ApiVersion",value:apiVersion});props.push({name:"Kind",value:this.objectRef.kind});props.push({name:"Name",value:this.objectRef.name});if(this.objectRef.namespace){props.push({name:"Namespace",value:this.objectRef.namespace});}var o=findObjectByRef(this.props.commandResult.objects,this.objectRef);var annotations=o===null||o===void 0?void 0:(_o$rendered=o.rendered)===null||_o$rendered===void 0?void 0:_o$rendered.metadata.annotations;if(annotations){Object.keys(annotations).forEach(function(k){if(k.indexOf("kluctl.io/")!==-1){props.push({name:k,value:annotations[k]});}});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return ObjectNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/CommandResultNode.tsx
+var CommandResultNodeData=/*#__PURE__*/function(_NodeData){_inherits(CommandResultNodeData,_NodeData);var _super=_createSuper(CommandResultNodeData);function CommandResultNodeData(props,id){var _this$props$commandRe;var _this;classCallCheck_classCallCheck(this,CommandResultNodeData);_this=_super.call(this,props,id,true,true);_this.dumpedTargetYaml=void 0;if((_this$props$commandRe=_this.props.commandResult.command)!==null&&_this$props$commandRe!==void 0&&_this$props$commandRe.target){_this.dumpedTargetYaml=dump(_this.props.commandResult.command.target);}return _this;}createClass_createClass(CommandResultNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"CommandResult";}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(DeployIcon,{}),"result"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];if(this.dumpedTargetYaml){var page=this.buildTargetPage();tabs.push({label:"Target",content:page});}this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$props$commandRe2,_this$props$commandRe3;var props=[{name:"Initiator",value:(_this$props$commandRe2=this.props.commandResult.command)===null||_this$props$commandRe2===void 0?void 0:_this$props$commandRe2.initiator},{name:"Command",value:(_this$props$commandRe3=this.props.commandResult.command)===null||_this$props$commandRe3===void 0?void 0:_this$props$commandRe3.command}];return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildTargetPage",value:function buildTargetPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.dumpedTargetYaml,language:"yaml"});}}]);return CommandResultNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceCollectionNode.tsx
+var VarsSourceCollectionNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceCollectionNodeData,_NodeData);var _super=_createSuper(VarsSourceCollectionNodeData);function VarsSourceCollectionNodeData(props,id){var _this;classCallCheck_classCallCheck(this,VarsSourceCollectionNodeData);_this=_super.call(this,props,id,false,false);_this.varsSources=[];return _this;}createClass_createClass(VarsSourceCollectionNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"vars: "+this.varsSources.length;}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsSquareIcon,{}),"vars"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){return[];}}]);return VarsSourceCollectionNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+var DeploymentItemIncludeNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemIncludeNodeData,_NodeData);var _super=_createSuper(DeploymentItemIncludeNodeData);function DeploymentItemIncludeNodeData(props,id,deploymentItem,includedDeployment){var _this;classCallCheck_classCallCheck(this,DeploymentItemIncludeNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.includedDeployment=void 0;_this.deploymentItem=deploymentItem;_this.includedDeployment=includedDeployment;return _this;}createClass_createClass(DeploymentItemIncludeNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deploymentItem.include){return this.deploymentItem.include;}else if(this.deploymentItem.git){var s=this.deploymentItem.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,this.deploymentItem.git.subDir&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),this.deploymentItem.git.subDir]})]});}else{return"unknown include";}}},{key:"buildIcon",value:function buildIcon(){if(this.deploymentItem.git){return[/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{}),"git"];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(IncludeIcon,{}),"include"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];if(this.deploymentItem.include){props.push({name:"Type",value:"LocalInclude"});props.push({name:"Path",value:this.deploymentItem.include});}else if(this.deploymentItem.git){props.push({name:"Type",value:"GitInclude"});props.push({name:"Url",value:this.deploymentItem.git.url});props.push({name:"SubDir",value:this.deploymentItem.git.subDir});var ref="HEAD";if(this.deploymentItem.git.ref){ref=this.deploymentItem.git.ref;}props.push({name:"Ref",value:ref});}else{props.push({name:"Type",value:"Unknown"});}buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemIncludeNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Delete.js
+
+
+/* harmony default export */ var Delete = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"
+}), 'Delete'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/LinkOff.js
+
+
+/* harmony default export */ var LinkOff = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M17 7h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1 0 1.43-.98 2.63-2.31 2.98l1.46 1.46C20.88 15.61 22 13.95 22 12c0-2.76-2.24-5-5-5zm-1 4h-2.19l2 2H16zM2 4.27l3.11 3.11C3.29 8.12 2 9.91 2 12c0 2.76 2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1 0-1.59 1.21-2.9 2.76-3.07L8.73 11H8v2h2.73L13 15.27V17h1.73l4.01 4L20 19.74 3.27 3 2 4.27z"
+}), 'LinkOff'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
+var DeletedOrOrphanObjectsCollectionNode=/*#__PURE__*/function(_NodeData){_inherits(DeletedOrOrphanObjectsCollectionNode,_NodeData);var _super=_createSuper(DeletedOrOrphanObjectsCollectionNode);function DeletedOrOrphanObjectsCollectionNode(props,id,deleted){var _this;classCallCheck_classCallCheck(this,DeletedOrOrphanObjectsCollectionNode);_this=_super.call(this,props,id,false,true);_this.deleted=void 0;_this.deleted=deleted;return _this;}createClass_createClass(DeletedOrOrphanObjectsCollectionNode,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deleted){var _this$diffStatus;return"".concat((_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.deletedObjects.length," objects deleted");}else{var _this$diffStatus2;return"".concat((_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.orphanObjects.length," objects orphaned");}}},{key:"buildIcon",value:function buildIcon(){if(this.deleted){return[/*#__PURE__*/(0,jsx_runtime.jsx)(Delete,{fontSize:"large"}),"deleted"];}else{return[/*#__PURE__*/(0,jsx_runtime.jsx)(LinkOff,{fontSize:"large"}),"orphans"];}}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$diffStatus3,_this$diffStatus5;var props=[];if((_this$diffStatus3=this.diffStatus)!==null&&_this$diffStatus3!==void 0&&_this$diffStatus3.deletedObjects.length){var _this$diffStatus4;props.push({name:"Deleted",value:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.deletedObjects.length});}if((_this$diffStatus5=this.diffStatus)!==null&&_this$diffStatus5!==void 0&&_this$diffStatus5.orphanObjects.length){var _this$diffStatus6;props.push({name:"Orphaned",value:(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.orphanObjects.length});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeletedOrOrphanObjectsCollectionNode;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeBuilder.ts
+var NodeBuilder=/*#__PURE__*/function(){function NodeBuilder(props){var _props$commandResult$,_this=this,_props$commandResult$2,_props$commandResult$3;classCallCheck_classCallCheck(this,NodeBuilder);this.props=void 0;this.changedObjectsMap=new Map();this.newObjectsMap=new Map();this.orphanObjectsMap=new Map();this.deletedObjectsMap=new Map();this.errorsMap=new Map();this.warningsMap=new Map();this.props=props;(_props$commandResult$=props.commandResult.objects)===null||_props$commandResult$===void 0?void 0:_props$commandResult$.forEach(function(o){var _o$changes;var key=buildObjectRefKey(o.ref);if((_o$changes=o.changes)!==null&&_o$changes!==void 0&&_o$changes.length){_this.changedObjectsMap.set(key,o);}if(o.new){_this.newObjectsMap.set(key,o.ref);}if(o.orphan){_this.orphanObjectsMap.set(key,o.ref);}if(o.deleted){_this.deletedObjectsMap.set(key,o.ref);}});(_props$commandResult$2=props.commandResult.errors)===null||_props$commandResult$2===void 0?void 0:_props$commandResult$2.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.errorsMap.get(key);if(!l){l=[e];_this.errorsMap.set(key,l);}else{l.push(e);}});(_props$commandResult$3=props.commandResult.warnings)===null||_props$commandResult$3===void 0?void 0:_props$commandResult$3.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.warningsMap.get(key);if(!l){l=[e];_this.warningsMap.set(key,l);}else{l.push(e);}});}createClass_createClass(NodeBuilder,[{key:"buildRoot",value:function buildRoot(){var rootNode=new CommandResultNodeData(this.props,"root");if(this.props.commandResult.deployment){this.buildDeploymentProjectChildren(rootNode,this.props.commandResult.deployment);}if(this.deletedObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,true,Array.from(this.deletedObjectsMap.values()));}if(this.orphanObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,false,Array.from(this.orphanObjectsMap.values()));}var nodeMap=new Map();function collect(n){nodeMap.set(n.id,n);n.children.forEach(function(c){collect(c);});}collect(rootNode);return[rootNode,nodeMap];}},{key:"buildDeploymentProjectChildren",value:function buildDeploymentProjectChildren(node,deploymentProject){var _deploymentProject$de,_this2=this;if(deploymentProject.vars){this.buildVarsSourceCollectionNode(node,deploymentProject.vars);}(_deploymentProject$de=deploymentProject.deployments)===null||_deploymentProject$de===void 0?void 0:_deploymentProject$de.forEach(function(deploymentItem,i){_this2.buildDeploymentItemNode(node,deploymentItem,i);});}},{key:"buildVarsSourceCollectionNode",value:function buildVarsSourceCollectionNode(parentNode,varsSources){var _node$varsSources,_this3=this;if(varsSources===undefined){return;}var newId="".concat(parentNode.id,"/(vars)");var node=new VarsSourceCollectionNodeData(this.props,newId);(_node$varsSources=node.varsSources).push.apply(_node$varsSources,toConsumableArray_toConsumableArray(varsSources));varsSources.forEach(function(vs,i){_this3.buildVarsSourceNode(node,vs,i);});parentNode.pushChild(node);return node;}},{key:"buildVarsSourceNode",value:function buildVarsSourceNode(parentNode,varsSource,index){var newId="".concat(parentNode.id,"/").concat(index,"}");var node=new VarsSourceNodeData(this.props,newId,varsSource);parentNode.pushChild(node);return node;}},{key:"buildDeploymentItemNode",value:function buildDeploymentItemNode(parentNode,deploymentItem,index){var _this4=this;var node;var newId="".concat(parentNode.id,"/(dis)/").concat(index);if(deploymentItem.path){var _deploymentItem$rende;node=new DeploymentItemNodeData(this.props,newId,deploymentItem);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);(_deploymentItem$rende=deploymentItem.renderedObjects)===null||_deploymentItem$rende===void 0?void 0:_deploymentItem$rende.forEach(function(renderedObject){_this4.buildObjectNode(node,renderedObject);});}else if(deploymentItem.include||deploymentItem.git){node=new DeploymentItemIncludeNodeData(this.props,newId,deploymentItem,deploymentItem.renderedInclude);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);if(deploymentItem.renderedInclude){this.buildDeploymentProjectChildren(node,deploymentItem.renderedInclude);}}else{return node;}parentNode.pushChild(node);return node;}},{key:"buildObjectNode",value:function buildObjectNode(parentNode,objectRef){var _this$errorsMap$get,_this$warningsMap$get;var newId="".concat(parentNode.id,"/(obj)/").concat(buildObjectRefKey(objectRef));var node=new ObjectNodeData(this.props,newId,objectRef);var key=buildObjectRefKey(objectRef);if(this.changedObjectsMap.has(key)){var _node$diffStatus;(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.addChangedObject(this.changedObjectsMap.get(key));}if(this.newObjectsMap.has(key)){var _node$diffStatus2;(_node$diffStatus2=node.diffStatus)===null||_node$diffStatus2===void 0?void 0:_node$diffStatus2.newObjects.push(objectRef);}if(this.deletedObjectsMap.has(key)){var _node$diffStatus3;(_node$diffStatus3=node.diffStatus)===null||_node$diffStatus3===void 0?void 0:_node$diffStatus3.deletedObjects.push(objectRef);}if(this.orphanObjectsMap.has(key)){var _node$diffStatus4;(_node$diffStatus4=node.diffStatus)===null||_node$diffStatus4===void 0?void 0:_node$diffStatus4.orphanObjects.push(objectRef);}(_this$errorsMap$get=this.errorsMap.get(key))===null||_this$errorsMap$get===void 0?void 0:_this$errorsMap$get.forEach(function(e){var _node$healthStatus;(_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.push(e);});(_this$warningsMap$get=this.warningsMap.get(key))===null||_this$warningsMap$get===void 0?void 0:_this$warningsMap$get.forEach(function(e){var _node$healthStatus2;(_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.push(e);});parentNode.pushChild(node);return node;}},{key:"buildDeletedOrOrphanNode",value:function buildDeletedOrOrphanNode(parentNode,deleted,refs){var _this5=this;var idType=deleted?"deleted":"orphaned";var newId="".concat(parentNode.id,"/(").concat(idType,")");var node=new DeletedOrOrphanObjectsCollectionNode(this.props,newId,deleted);refs.forEach(function(ref){_this5.buildObjectNode(node,ref);});parentNode.pushChild(node,true);return node;}}]);return NodeBuilder;}();function buildObjectRefKey(ref){return[ref.group,ref.version,ref.kind,ref.namespace,ref.name].join("+");}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/tabClasses.js
+
+
+function getTabUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTab', slot);
+}
+var tabClasses = generateUtilityClasses('MuiTab', ['root', 'labelIcon', 'textColorInherit', 'textColorPrimary', 'textColorSecondary', 'selected', 'disabled', 'fullWidth', 'wrapped', 'iconWrapper']);
+/* harmony default export */ var Tab_tabClasses = (tabClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/Tab.js
+
+
+
+var Tab_excluded = ["className", "disabled", "disableFocusRipple", "fullWidth", "icon", "iconPosition", "indicator", "label", "onChange", "onClick", "onFocus", "selected", "selectionFollowsFocus", "textColor", "value", "wrapped"];
+
+
+
+
+
+
+
+
+
+
+
+var Tab_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    textColor = ownerState.textColor,
+    fullWidth = ownerState.fullWidth,
+    wrapped = ownerState.wrapped,
+    icon = ownerState.icon,
+    label = ownerState.label,
+    selected = ownerState.selected,
+    disabled = ownerState.disabled;
+  var slots = {
+    root: ['root', icon && label && 'labelIcon', "textColor".concat(utils_capitalize(textColor)), fullWidth && 'fullWidth', wrapped && 'wrapped', selected && 'selected', disabled && 'disabled'],
+    iconWrapper: ['iconWrapper']
+  };
+  return composeClasses(slots, getTabUtilityClass, classes);
+};
+var TabRoot = styles_styled(ButtonBase_ButtonBase, {
+  name: 'MuiTab',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.label && ownerState.icon && styles.labelIcon, styles["textColor".concat(utils_capitalize(ownerState.textColor))], ownerState.fullWidth && styles.fullWidth, ownerState.wrapped && styles.wrapped];
+  }
+})(function (_ref) {
+  var _ref3, _ref4, _ref5;
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({}, theme.typography.button, {
+    maxWidth: 360,
+    minWidth: 90,
+    position: 'relative',
+    minHeight: 48,
+    flexShrink: 0,
+    padding: '12px 16px',
+    overflow: 'hidden',
+    whiteSpace: 'normal',
+    textAlign: 'center'
+  }, ownerState.label && {
+    flexDirection: ownerState.iconPosition === 'top' || ownerState.iconPosition === 'bottom' ? 'column' : 'row'
+  }, {
+    lineHeight: 1.25
+  }, ownerState.icon && ownerState.label && defineProperty_defineProperty({
+    minHeight: 72,
+    paddingTop: 9,
+    paddingBottom: 9
+  }, "& > .".concat(Tab_tabClasses.iconWrapper), extends_extends({}, ownerState.iconPosition === 'top' && {
+    marginBottom: 6
+  }, ownerState.iconPosition === 'bottom' && {
+    marginTop: 6
+  }, ownerState.iconPosition === 'start' && {
+    marginRight: theme.spacing(1)
+  }, ownerState.iconPosition === 'end' && {
+    marginLeft: theme.spacing(1)
+  })), ownerState.textColor === 'inherit' && (_ref3 = {
+    color: 'inherit',
+    opacity: 0.6
+  }, defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.selected), {
+    opacity: 1
+  }), defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity
+  }), _ref3), ownerState.textColor === 'primary' && (_ref4 = {
+    color: (theme.vars || theme).palette.text.secondary
+  }, defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.selected), {
+    color: (theme.vars || theme).palette.primary.main
+  }), defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.disabled), {
+    color: (theme.vars || theme).palette.text.disabled
+  }), _ref4), ownerState.textColor === 'secondary' && (_ref5 = {
+    color: (theme.vars || theme).palette.text.secondary
+  }, defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.selected), {
+    color: (theme.vars || theme).palette.secondary.main
+  }), defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.disabled), {
+    color: (theme.vars || theme).palette.text.disabled
+  }), _ref5), ownerState.fullWidth && {
+    flexShrink: 1,
+    flexGrow: 1,
+    flexBasis: 0,
+    maxWidth: 'none'
+  }, ownerState.wrapped && {
+    fontSize: theme.typography.pxToRem(12)
+  });
+});
+var Tab = /*#__PURE__*/react.forwardRef(function Tab(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTab'
+  });
+  var className = props.className,
+    _props$disabled = props.disabled,
+    disabled = _props$disabled === void 0 ? false : _props$disabled,
+    _props$disableFocusRi = props.disableFocusRipple,
+    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
+    fullWidth = props.fullWidth,
+    iconProp = props.icon,
+    _props$iconPosition = props.iconPosition,
+    iconPosition = _props$iconPosition === void 0 ? 'top' : _props$iconPosition,
+    indicator = props.indicator,
+    label = props.label,
+    onChange = props.onChange,
+    onClick = props.onClick,
+    onFocus = props.onFocus,
+    selected = props.selected,
+    selectionFollowsFocus = props.selectionFollowsFocus,
+    _props$textColor = props.textColor,
+    textColor = _props$textColor === void 0 ? 'inherit' : _props$textColor,
+    value = props.value,
+    _props$wrapped = props.wrapped,
+    wrapped = _props$wrapped === void 0 ? false : _props$wrapped,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tab_excluded);
+  var ownerState = extends_extends({}, props, {
+    disabled: disabled,
+    disableFocusRipple: disableFocusRipple,
+    selected: selected,
+    icon: !!iconProp,
+    iconPosition: iconPosition,
+    label: !!label,
+    fullWidth: fullWidth,
+    textColor: textColor,
+    wrapped: wrapped
+  });
+  var classes = Tab_useUtilityClasses(ownerState);
+  var icon = iconProp && label && /*#__PURE__*/react.isValidElement(iconProp) ? /*#__PURE__*/react.cloneElement(iconProp, {
+    className: clsx_m(classes.iconWrapper, iconProp.props.className)
+  }) : iconProp;
+  var handleClick = function handleClick(event) {
+    if (!selected && onChange) {
+      onChange(event, value);
+    }
+    if (onClick) {
+      onClick(event);
+    }
+  };
+  var handleFocus = function handleFocus(event) {
+    if (selectionFollowsFocus && !selected && onChange) {
+      onChange(event, value);
+    }
+    if (onFocus) {
+      onFocus(event);
+    }
+  };
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabRoot, extends_extends({
+    focusRipple: !disableFocusRipple,
+    className: clsx_m(classes.root, className),
+    ref: ref,
+    role: "tab",
+    "aria-selected": selected,
+    disabled: disabled,
+    onClick: handleClick,
+    onFocus: handleFocus,
+    ownerState: ownerState,
+    tabIndex: selected ? 0 : -1
+  }, other, {
+    children: [iconPosition === 'top' || iconPosition === 'start' ? /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+      children: [icon, label]
+    }) : /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+      children: [label, icon]
+    }), indicator]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Tab_Tab = (Tab);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabContext/TabContext.js
+
+
+
+
+/**
+ * @type {React.Context<{ idPrefix: string; value: string } | null>}
+ */
+
+var Context = /*#__PURE__*/react.createContext(null);
+if (false) {}
+function useUniquePrefix() {
+  var _React$useState = react.useState(null),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    id = _React$useState2[0],
+    setId = _React$useState2[1];
+  react.useEffect(function () {
+    setId("mui-p-".concat(Math.round(Math.random() * 1e5)));
+  }, []);
+  return id;
+}
+function TabContext(props) {
+  var children = props.children,
+    value = props.value;
+  var idPrefix = useUniquePrefix();
+  var context = react.useMemo(function () {
+    return {
+      idPrefix: idPrefix,
+      value: value
+    };
+  }, [idPrefix, value]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Context.Provider, {
+    value: context,
+    children: children
+  });
+}
+ false ? 0 : void 0;
+
+/**
+ * @returns {unknown}
+ */
+function useTabContext() {
+  return react.useContext(Context);
+}
+function getPanelId(context, value) {
+  var idPrefix = context.idPrefix;
+  if (idPrefix === null) {
+    return null;
+  }
+  return "".concat(context.idPrefix, "-P-").concat(value);
+}
+function getTabId(context, value) {
+  var idPrefix = context.idPrefix;
+  if (idPrefix === null) {
+    return null;
+  }
+  return "".concat(context.idPrefix, "-T-").concat(value);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/scrollLeft.js
+// Source from https://github.com/alitaheri/normalize-scroll-left
+var cachedType;
+
+/**
+ * Based on the jquery plugin https://github.com/othree/jquery.rtl-scroll-type
+ *
+ * Types of scrollLeft, assuming scrollWidth=100 and direction is rtl.
+ *
+ * Type             | <- Most Left | Most Right -> | Initial
+ * ---------------- | ------------ | ------------- | -------
+ * default          | 0            | 100           | 100
+ * negative (spec*) | -100         | 0             | 0
+ * reverse          | 100          | 0             | 0
+ *
+ * Edge 85: default
+ * Safari 14: negative
+ * Chrome 85: negative
+ * Firefox 81: negative
+ * IE11: reverse
+ *
+ * spec* https://drafts.csswg.org/cssom-view/#dom-window-scroll
+ */
+function detectScrollType() {
+  if (cachedType) {
+    return cachedType;
+  }
+  var dummy = document.createElement('div');
+  var container = document.createElement('div');
+  container.style.width = '10px';
+  container.style.height = '1px';
+  dummy.appendChild(container);
+  dummy.dir = 'rtl';
+  dummy.style.fontSize = '14px';
+  dummy.style.width = '4px';
+  dummy.style.height = '1px';
+  dummy.style.position = 'absolute';
+  dummy.style.top = '-1000px';
+  dummy.style.overflow = 'scroll';
+  document.body.appendChild(dummy);
+  cachedType = 'reverse';
+  if (dummy.scrollLeft > 0) {
+    cachedType = 'default';
+  } else {
+    dummy.scrollLeft = 1;
+    if (dummy.scrollLeft === 0) {
+      cachedType = 'negative';
+    }
+  }
+  document.body.removeChild(dummy);
+  return cachedType;
+}
+
+// Based on https://stackoverflow.com/a/24394376
+function getNormalizedScrollLeft(element, direction) {
+  var scrollLeft = element.scrollLeft;
+
+  // Perform the calculations only when direction is rtl to avoid messing up the ltr behavior
+  if (direction !== 'rtl') {
+    return scrollLeft;
+  }
+  var type = detectScrollType();
+  switch (type) {
+    case 'negative':
+      return element.scrollWidth - element.clientWidth + scrollLeft;
+    case 'reverse':
+      return element.scrollWidth - element.clientWidth - scrollLeft;
+    default:
+      return scrollLeft;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/animate.js
+function easeInOutSin(time) {
+  return (1 + Math.sin(Math.PI * time - Math.PI / 2)) / 2;
+}
+function animate(property, element, to) {
+  var options = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  var cb = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : function () {};
+  var _options$ease = options.ease,
+    ease = _options$ease === void 0 ? easeInOutSin : _options$ease,
+    _options$duration = options.duration,
+    duration = _options$duration === void 0 ? 300 : _options$duration;
+  var start = null;
+  var from = element[property];
+  var cancelled = false;
+  var cancel = function cancel() {
+    cancelled = true;
+  };
+  var step = function step(timestamp) {
+    if (cancelled) {
+      cb(new Error('Animation cancelled'));
+      return;
+    }
+    if (start === null) {
+      start = timestamp;
+    }
+    var time = Math.min(1, (timestamp - start) / duration);
+    element[property] = ease(time) * (to - from) + from;
+    if (time >= 1) {
+      requestAnimationFrame(function () {
+        cb(null);
+      });
+      return;
+    }
+    requestAnimationFrame(step);
+  };
+  if (from === to) {
+    cb(new Error('Element already at target position'));
+    return cancel;
+  }
+  requestAnimationFrame(step);
+  return cancel;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/ScrollbarSize.js
+
+
+var ScrollbarSize_excluded = ["onChange"];
+
+
+
+
+
+var ScrollbarSize_styles = {
+  width: 99,
+  height: 99,
+  position: 'absolute',
+  top: -9999,
+  overflow: 'scroll'
+};
+
+/**
+ * @ignore - internal component.
+ * The component originates from https://github.com/STORIS/react-scrollbar-size.
+ * It has been moved into the core in order to minimize the bundle size.
+ */
+function ScrollbarSize(props) {
+  var onChange = props.onChange,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ScrollbarSize_excluded);
+  var scrollbarHeight = react.useRef();
+  var nodeRef = react.useRef(null);
+  var setMeasurements = function setMeasurements() {
+    scrollbarHeight.current = nodeRef.current.offsetHeight - nodeRef.current.clientHeight;
+  };
+  utils_useEnhancedEffect(function () {
+    var handleResize = utils_debounce(function () {
+      var prevHeight = scrollbarHeight.current;
+      setMeasurements();
+      if (prevHeight !== scrollbarHeight.current) {
+        onChange(scrollbarHeight.current);
+      }
+    });
+    var containerWindow = utils_ownerWindow(nodeRef.current);
+    containerWindow.addEventListener('resize', handleResize);
+    return function () {
+      handleResize.clear();
+      containerWindow.removeEventListener('resize', handleResize);
+    };
+  }, [onChange]);
+  react.useEffect(function () {
+    setMeasurements();
+    onChange(scrollbarHeight.current);
+  }, [onChange]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)("div", extends_extends({
+    style: ScrollbarSize_styles,
+    ref: nodeRef
+  }, other));
+}
+ false ? 0 : void 0;
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowLeft.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var KeyboardArrowLeft = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M15.41 16.09l-4.58-4.59 4.58-4.59L14 5.5l-6 6 6 6z"
+}), 'KeyboardArrowLeft'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowRight.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var KeyboardArrowRight = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M8.59 16.34l4.58-4.59-4.58-4.59L10 5.75l6 6-6 6z"
+}), 'KeyboardArrowRight'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/tabScrollButtonClasses.js
+
+
+function getTabScrollButtonUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabScrollButton', slot);
+}
+var tabScrollButtonClasses = generateUtilityClasses('MuiTabScrollButton', ['root', 'vertical', 'horizontal', 'disabled']);
+/* harmony default export */ var TabScrollButton_tabScrollButtonClasses = (tabScrollButtonClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/TabScrollButton.js
+
+
+
+var TabScrollButton_excluded = ["className", "slots", "slotProps", "direction", "orientation", "disabled"];
+/* eslint-disable jsx-a11y/aria-role */
+
+
+
+
+
+
+
+
+
+
+
+
+var TabScrollButton_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    orientation = ownerState.orientation,
+    disabled = ownerState.disabled;
+  var slots = {
+    root: ['root', orientation, disabled && 'disabled']
+  };
+  return composeClasses(slots, getTabScrollButtonUtilityClass, classes);
+};
+var TabScrollButtonRoot = styles_styled(ButtonBase_ButtonBase, {
+  name: 'MuiTabScrollButton',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.orientation && styles[ownerState.orientation]];
+  }
+})(function (_ref) {
+  var ownerState = _ref.ownerState;
+  return extends_extends(defineProperty_defineProperty({
+    width: 40,
+    flexShrink: 0,
+    opacity: 0.8
+  }, "&.".concat(TabScrollButton_tabScrollButtonClasses.disabled), {
+    opacity: 0
+  }), ownerState.orientation === 'vertical' && {
+    width: '100%',
+    height: 40,
+    '& svg': {
+      transform: "rotate(".concat(ownerState.isRtl ? -90 : 90, "deg)")
+    }
+  });
+});
+var TabScrollButton = /*#__PURE__*/react.forwardRef(function TabScrollButton(inProps, ref) {
+  var _slots$StartScrollBut, _slots$EndScrollButto;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTabScrollButton'
+  });
+  var className = props.className,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    direction = props.direction,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabScrollButton_excluded);
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ownerState = extends_extends({
+    isRtl: isRtl
+  }, props);
+  var classes = TabScrollButton_useUtilityClasses(ownerState);
+  var StartButtonIcon = (_slots$StartScrollBut = slots.StartScrollButtonIcon) != null ? _slots$StartScrollBut : KeyboardArrowLeft;
+  var EndButtonIcon = (_slots$EndScrollButto = slots.EndScrollButtonIcon) != null ? _slots$EndScrollButto : KeyboardArrowRight;
+  var startButtonIconProps = useSlotProps({
+    elementType: StartButtonIcon,
+    externalSlotProps: slotProps.startScrollButtonIcon,
+    additionalProps: {
+      fontSize: 'small'
+    },
+    ownerState: ownerState
+  });
+  var endButtonIconProps = useSlotProps({
+    elementType: EndButtonIcon,
+    externalSlotProps: slotProps.endScrollButtonIcon,
+    additionalProps: {
+      fontSize: 'small'
+    },
+    ownerState: ownerState
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabScrollButtonRoot, extends_extends({
+    component: "div",
+    className: clsx_m(classes.root, className),
+    ref: ref,
+    role: null,
+    ownerState: ownerState,
+    tabIndex: null
+  }, other, {
+    children: direction === 'left' ? /*#__PURE__*/(0,jsx_runtime.jsx)(StartButtonIcon, extends_extends({}, startButtonIconProps)) : /*#__PURE__*/(0,jsx_runtime.jsx)(EndButtonIcon, extends_extends({}, endButtonIconProps))
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TabScrollButton_TabScrollButton = (TabScrollButton);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/tabsClasses.js
+
+
+function getTabsUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabs', slot);
+}
+var tabsClasses = generateUtilityClasses('MuiTabs', ['root', 'vertical', 'flexContainer', 'flexContainerVertical', 'centered', 'scroller', 'fixed', 'scrollableX', 'scrollableY', 'hideScrollbar', 'scrollButtons', 'scrollButtonsHideMobile', 'indicator']);
+/* harmony default export */ var Tabs_tabsClasses = (tabsClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/Tabs.js
+
+
+
+
+var Tabs_excluded = ["aria-label", "aria-labelledby", "action", "centered", "children", "className", "component", "allowScrollButtonsMobile", "indicatorColor", "onChange", "orientation", "ScrollButtonComponent", "scrollButtons", "selectionFollowsFocus", "slots", "slotProps", "TabIndicatorProps", "TabScrollButtonProps", "textColor", "value", "variant", "visibleScrollbar"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var Tabs_nextItem = function nextItem(list, item) {
+  if (list === item) {
+    return list.firstChild;
+  }
+  if (item && item.nextElementSibling) {
+    return item.nextElementSibling;
+  }
+  return list.firstChild;
+};
+var Tabs_previousItem = function previousItem(list, item) {
+  if (list === item) {
+    return list.lastChild;
+  }
+  if (item && item.previousElementSibling) {
+    return item.previousElementSibling;
+  }
+  return list.lastChild;
+};
+var Tabs_moveFocus = function moveFocus(list, currentFocus, traversalFunction) {
+  var wrappedOnce = false;
+  var nextFocus = traversalFunction(list, currentFocus);
+  while (nextFocus) {
+    // Prevent infinite loop.
+    if (nextFocus === list.firstChild) {
+      if (wrappedOnce) {
+        return;
+      }
+      wrappedOnce = true;
+    }
+
+    // Same logic as useAutocomplete.js
+    var nextFocusDisabled = nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
+    if (!nextFocus.hasAttribute('tabindex') || nextFocusDisabled) {
+      // Move to the next element.
+      nextFocus = traversalFunction(list, nextFocus);
+    } else {
+      nextFocus.focus();
+      return;
+    }
+  }
+};
+var Tabs_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var vertical = ownerState.vertical,
+    fixed = ownerState.fixed,
+    hideScrollbar = ownerState.hideScrollbar,
+    scrollableX = ownerState.scrollableX,
+    scrollableY = ownerState.scrollableY,
+    centered = ownerState.centered,
+    scrollButtonsHideMobile = ownerState.scrollButtonsHideMobile,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', vertical && 'vertical'],
+    scroller: ['scroller', fixed && 'fixed', hideScrollbar && 'hideScrollbar', scrollableX && 'scrollableX', scrollableY && 'scrollableY'],
+    flexContainer: ['flexContainer', vertical && 'flexContainerVertical', centered && 'centered'],
+    indicator: ['indicator'],
+    scrollButtons: ['scrollButtons', scrollButtonsHideMobile && 'scrollButtonsHideMobile'],
+    scrollableX: [scrollableX && 'scrollableX'],
+    hideScrollbar: [hideScrollbar && 'hideScrollbar']
+  };
+  return composeClasses(slots, getTabsUtilityClass, classes);
+};
+var TabsRoot = styles_styled('div', {
+  name: 'MuiTabs',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), styles.scrollButtons), defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), ownerState.scrollButtonsHideMobile && styles.scrollButtonsHideMobile), styles.root, ownerState.vertical && styles.vertical];
+  }
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState,
+    theme = _ref3.theme;
+  return extends_extends({
+    overflow: 'hidden',
+    minHeight: 48,
+    // Add iOS momentum scrolling for iOS < 13.0
+    WebkitOverflowScrolling: 'touch',
+    display: 'flex'
+  }, ownerState.vertical && {
+    flexDirection: 'column'
+  }, ownerState.scrollButtonsHideMobile && defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), defineProperty_defineProperty({}, theme.breakpoints.down('sm'), {
+    display: 'none'
+  })));
+});
+var TabsScroller = styles_styled('div', {
+  name: 'MuiTabs',
+  slot: 'Scroller',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.scroller, ownerState.fixed && styles.fixed, ownerState.hideScrollbar && styles.hideScrollbar, ownerState.scrollableX && styles.scrollableX, ownerState.scrollableY && styles.scrollableY];
+  }
+})(function (_ref5) {
+  var ownerState = _ref5.ownerState;
+  return extends_extends({
+    position: 'relative',
+    display: 'inline-block',
+    flex: '1 1 auto',
+    whiteSpace: 'nowrap'
+  }, ownerState.fixed && {
+    overflowX: 'hidden',
+    width: '100%'
+  }, ownerState.hideScrollbar && {
+    // Hide dimensionless scrollbar on macOS
+    scrollbarWidth: 'none',
+    // Firefox
+    '&::-webkit-scrollbar': {
+      display: 'none' // Safari + Chrome
+    }
+  }, ownerState.scrollableX && {
+    overflowX: 'auto',
+    overflowY: 'hidden'
+  }, ownerState.scrollableY && {
+    overflowY: 'auto',
+    overflowX: 'hidden'
+  });
+});
+var FlexContainer = styles_styled('div', {
+  name: 'MuiTabs',
+  slot: 'FlexContainer',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.flexContainer, ownerState.vertical && styles.flexContainerVertical, ownerState.centered && styles.centered];
+  }
+})(function (_ref6) {
+  var ownerState = _ref6.ownerState;
+  return extends_extends({
+    display: 'flex'
+  }, ownerState.vertical && {
+    flexDirection: 'column'
+  }, ownerState.centered && {
+    justifyContent: 'center'
+  });
+});
+var TabsIndicator = styles_styled('span', {
+  name: 'MuiTabs',
+  slot: 'Indicator',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.indicator;
+  }
+})(function (_ref7) {
+  var ownerState = _ref7.ownerState,
+    theme = _ref7.theme;
+  return extends_extends({
+    position: 'absolute',
+    height: 2,
+    bottom: 0,
+    width: '100%',
+    transition: theme.transitions.create()
+  }, ownerState.indicatorColor === 'primary' && {
+    backgroundColor: (theme.vars || theme).palette.primary.main
+  }, ownerState.indicatorColor === 'secondary' && {
+    backgroundColor: (theme.vars || theme).palette.secondary.main
+  }, ownerState.vertical && {
+    height: '100%',
+    width: 2,
+    right: 0
+  });
+});
+var TabsScrollbarSize = styles_styled(ScrollbarSize, {
+  name: 'MuiTabs',
+  slot: 'ScrollbarSize'
+})({
+  overflowX: 'auto',
+  overflowY: 'hidden',
+  // Hide dimensionless scrollbar on macOS
+  scrollbarWidth: 'none',
+  // Firefox
+  '&::-webkit-scrollbar': {
+    display: 'none' // Safari + Chrome
+  }
+});
+
+var defaultIndicatorStyle = {};
+var warnedOnceTabPresent = false;
+var Tabs = /*#__PURE__*/react.forwardRef(function Tabs(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTabs'
+  });
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ariaLabel = props['aria-label'],
+    ariaLabelledBy = props['aria-labelledby'],
+    action = props.action,
+    _props$centered = props.centered,
+    centered = _props$centered === void 0 ? false : _props$centered,
+    childrenProp = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    _props$allowScrollBut = props.allowScrollButtonsMobile,
+    allowScrollButtonsMobile = _props$allowScrollBut === void 0 ? false : _props$allowScrollBut,
+    _props$indicatorColor = props.indicatorColor,
+    indicatorColor = _props$indicatorColor === void 0 ? 'primary' : _props$indicatorColor,
+    onChange = props.onChange,
+    _props$orientation = props.orientation,
+    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
+    _props$ScrollButtonCo = props.ScrollButtonComponent,
+    ScrollButtonComponent = _props$ScrollButtonCo === void 0 ? TabScrollButton_TabScrollButton : _props$ScrollButtonCo,
+    _props$scrollButtons = props.scrollButtons,
+    scrollButtons = _props$scrollButtons === void 0 ? 'auto' : _props$scrollButtons,
+    selectionFollowsFocus = props.selectionFollowsFocus,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$TabIndicatorPr = props.TabIndicatorProps,
+    TabIndicatorProps = _props$TabIndicatorPr === void 0 ? {} : _props$TabIndicatorPr,
+    _props$TabScrollButto = props.TabScrollButtonProps,
+    TabScrollButtonProps = _props$TabScrollButto === void 0 ? {} : _props$TabScrollButto,
+    _props$textColor = props.textColor,
+    textColor = _props$textColor === void 0 ? 'primary' : _props$textColor,
+    value = props.value,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'standard' : _props$variant,
+    _props$visibleScrollb = props.visibleScrollbar,
+    visibleScrollbar = _props$visibleScrollb === void 0 ? false : _props$visibleScrollb,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tabs_excluded);
+  var scrollable = variant === 'scrollable';
+  var vertical = orientation === 'vertical';
+  var scrollStart = vertical ? 'scrollTop' : 'scrollLeft';
+  var start = vertical ? 'top' : 'left';
+  var end = vertical ? 'bottom' : 'right';
+  var clientSize = vertical ? 'clientHeight' : 'clientWidth';
+  var size = vertical ? 'height' : 'width';
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    allowScrollButtonsMobile: allowScrollButtonsMobile,
+    indicatorColor: indicatorColor,
+    orientation: orientation,
+    vertical: vertical,
+    scrollButtons: scrollButtons,
+    textColor: textColor,
+    variant: variant,
+    visibleScrollbar: visibleScrollbar,
+    fixed: !scrollable,
+    hideScrollbar: scrollable && !visibleScrollbar,
+    scrollableX: scrollable && !vertical,
+    scrollableY: scrollable && vertical,
+    centered: centered && !scrollable,
+    scrollButtonsHideMobile: !allowScrollButtonsMobile
+  });
+  var classes = Tabs_useUtilityClasses(ownerState);
+  var startScrollButtonIconProps = useSlotProps({
+    elementType: slots.StartScrollButtonIcon,
+    externalSlotProps: slotProps.startScrollButtonIcon,
+    ownerState: ownerState
+  });
+  var endScrollButtonIconProps = useSlotProps({
+    elementType: slots.EndScrollButtonIcon,
+    externalSlotProps: slotProps.endScrollButtonIcon,
+    ownerState: ownerState
+  });
+  if (false) {}
+  var _React$useState = react.useState(false),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    mounted = _React$useState2[0],
+    setMounted = _React$useState2[1];
+  var _React$useState3 = react.useState(defaultIndicatorStyle),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    indicatorStyle = _React$useState4[0],
+    setIndicatorStyle = _React$useState4[1];
+  var _React$useState5 = react.useState({
+      start: false,
+      end: false
+    }),
+    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
+    displayScroll = _React$useState6[0],
+    setDisplayScroll = _React$useState6[1];
+  var _React$useState7 = react.useState({
+      overflow: 'hidden',
+      scrollbarWidth: 0
+    }),
+    _React$useState8 = slicedToArray_slicedToArray(_React$useState7, 2),
+    scrollerStyle = _React$useState8[0],
+    setScrollerStyle = _React$useState8[1];
+  var valueToIndex = new Map();
+  var tabsRef = react.useRef(null);
+  var tabListRef = react.useRef(null);
+  var getTabsMeta = function getTabsMeta() {
+    var tabsNode = tabsRef.current;
+    var tabsMeta;
+    if (tabsNode) {
+      var rect = tabsNode.getBoundingClientRect();
+      // create a new object with ClientRect class props + scrollLeft
+      tabsMeta = {
+        clientWidth: tabsNode.clientWidth,
+        scrollLeft: tabsNode.scrollLeft,
+        scrollTop: tabsNode.scrollTop,
+        scrollLeftNormalized: getNormalizedScrollLeft(tabsNode, theme.direction),
+        scrollWidth: tabsNode.scrollWidth,
+        top: rect.top,
+        bottom: rect.bottom,
+        left: rect.left,
+        right: rect.right
+      };
+    }
+    var tabMeta;
+    if (tabsNode && value !== false) {
+      var _children = tabListRef.current.children;
+      if (_children.length > 0) {
+        var tab = _children[valueToIndex.get(value)];
+        if (false) {}
+        tabMeta = tab ? tab.getBoundingClientRect() : null;
+        if (false) {}
+      }
+    }
+    return {
+      tabsMeta: tabsMeta,
+      tabMeta: tabMeta
+    };
+  };
+  var updateIndicatorState = utils_useEventCallback(function () {
+    var _newIndicatorStyle;
+    var _getTabsMeta = getTabsMeta(),
+      tabsMeta = _getTabsMeta.tabsMeta,
+      tabMeta = _getTabsMeta.tabMeta;
+    var startValue = 0;
+    var startIndicator;
+    if (vertical) {
+      startIndicator = 'top';
+      if (tabMeta && tabsMeta) {
+        startValue = tabMeta.top - tabsMeta.top + tabsMeta.scrollTop;
+      }
+    } else {
+      startIndicator = isRtl ? 'right' : 'left';
+      if (tabMeta && tabsMeta) {
+        var correction = isRtl ? tabsMeta.scrollLeftNormalized + tabsMeta.clientWidth - tabsMeta.scrollWidth : tabsMeta.scrollLeft;
+        startValue = (isRtl ? -1 : 1) * (tabMeta[startIndicator] - tabsMeta[startIndicator] + correction);
+      }
+    }
+    var newIndicatorStyle = (_newIndicatorStyle = {}, defineProperty_defineProperty(_newIndicatorStyle, startIndicator, startValue), defineProperty_defineProperty(_newIndicatorStyle, size, tabMeta ? tabMeta[size] : 0), _newIndicatorStyle);
+
+    // IE11 support, replace with Number.isNaN
+    // eslint-disable-next-line no-restricted-globals
+    if (isNaN(indicatorStyle[startIndicator]) || isNaN(indicatorStyle[size])) {
+      setIndicatorStyle(newIndicatorStyle);
+    } else {
+      var dStart = Math.abs(indicatorStyle[startIndicator] - newIndicatorStyle[startIndicator]);
+      var dSize = Math.abs(indicatorStyle[size] - newIndicatorStyle[size]);
+      if (dStart >= 1 || dSize >= 1) {
+        setIndicatorStyle(newIndicatorStyle);
+      }
+    }
+  });
+  var scroll = function scroll(scrollValue) {
+    var _ref8 = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
+      _ref8$animation = _ref8.animation,
+      animation = _ref8$animation === void 0 ? true : _ref8$animation;
+    if (animation) {
+      animate(scrollStart, tabsRef.current, scrollValue, {
+        duration: theme.transitions.duration.standard
+      });
+    } else {
+      tabsRef.current[scrollStart] = scrollValue;
+    }
+  };
+  var moveTabsScroll = function moveTabsScroll(delta) {
+    var scrollValue = tabsRef.current[scrollStart];
+    if (vertical) {
+      scrollValue += delta;
+    } else {
+      scrollValue += delta * (isRtl ? -1 : 1);
+      // Fix for Edge
+      scrollValue *= isRtl && detectScrollType() === 'reverse' ? -1 : 1;
+    }
+    scroll(scrollValue);
+  };
+  var getScrollSize = function getScrollSize() {
+    var containerSize = tabsRef.current[clientSize];
+    var totalSize = 0;
+    var children = Array.from(tabListRef.current.children);
+    for (var i = 0; i < children.length; i += 1) {
+      var tab = children[i];
+      if (totalSize + tab[clientSize] > containerSize) {
+        // If the first item is longer than the container size, then only scroll
+        // by the container size.
+        if (i === 0) {
+          totalSize = containerSize;
+        }
+        break;
+      }
+      totalSize += tab[clientSize];
+    }
+    return totalSize;
+  };
+  var handleStartScrollClick = function handleStartScrollClick() {
+    moveTabsScroll(-1 * getScrollSize());
+  };
+  var handleEndScrollClick = function handleEndScrollClick() {
+    moveTabsScroll(getScrollSize());
+  };
+
+  // TODO Remove <ScrollbarSize /> as browser support for hiding the scrollbar
+  // with CSS improves.
+  var handleScrollbarSizeChange = react.useCallback(function (scrollbarWidth) {
+    setScrollerStyle({
+      overflow: null,
+      scrollbarWidth: scrollbarWidth
+    });
+  }, []);
+  var getConditionalElements = function getConditionalElements() {
+    var conditionalElements = {};
+    conditionalElements.scrollbarSizeListener = scrollable ? /*#__PURE__*/(0,jsx_runtime.jsx)(TabsScrollbarSize, {
+      onChange: handleScrollbarSizeChange,
+      className: clsx_m(classes.scrollableX, classes.hideScrollbar)
+    }) : null;
+    var scrollButtonsActive = displayScroll.start || displayScroll.end;
+    var showScrollButtons = scrollable && (scrollButtons === 'auto' && scrollButtonsActive || scrollButtons === true);
+    conditionalElements.scrollButtonStart = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
+      slots: {
+        StartScrollButtonIcon: slots.StartScrollButtonIcon
+      },
+      slotProps: {
+        startScrollButtonIcon: startScrollButtonIconProps
+      },
+      orientation: orientation,
+      direction: isRtl ? 'right' : 'left',
+      onClick: handleStartScrollClick,
+      disabled: !displayScroll.start
+    }, TabScrollButtonProps, {
+      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
+    })) : null;
+    conditionalElements.scrollButtonEnd = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
+      slots: {
+        EndScrollButtonIcon: slots.EndScrollButtonIcon
+      },
+      slotProps: {
+        endScrollButtonIcon: endScrollButtonIconProps
+      },
+      orientation: orientation,
+      direction: isRtl ? 'left' : 'right',
+      onClick: handleEndScrollClick,
+      disabled: !displayScroll.end
+    }, TabScrollButtonProps, {
+      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
+    })) : null;
+    return conditionalElements;
+  };
+  var scrollSelectedIntoView = utils_useEventCallback(function (animation) {
+    var _getTabsMeta2 = getTabsMeta(),
+      tabsMeta = _getTabsMeta2.tabsMeta,
+      tabMeta = _getTabsMeta2.tabMeta;
+    if (!tabMeta || !tabsMeta) {
+      return;
+    }
+    if (tabMeta[start] < tabsMeta[start]) {
+      // left side of button is out of view
+      var nextScrollStart = tabsMeta[scrollStart] + (tabMeta[start] - tabsMeta[start]);
+      scroll(nextScrollStart, {
+        animation: animation
+      });
+    } else if (tabMeta[end] > tabsMeta[end]) {
+      // right side of button is out of view
+      var _nextScrollStart = tabsMeta[scrollStart] + (tabMeta[end] - tabsMeta[end]);
+      scroll(_nextScrollStart, {
+        animation: animation
+      });
+    }
+  });
+  var updateScrollButtonState = utils_useEventCallback(function () {
+    if (scrollable && scrollButtons !== false) {
+      var _tabsRef$current = tabsRef.current,
+        scrollTop = _tabsRef$current.scrollTop,
+        scrollHeight = _tabsRef$current.scrollHeight,
+        clientHeight = _tabsRef$current.clientHeight,
+        scrollWidth = _tabsRef$current.scrollWidth,
+        clientWidth = _tabsRef$current.clientWidth;
+      var showStartScroll;
+      var showEndScroll;
+      if (vertical) {
+        showStartScroll = scrollTop > 1;
+        showEndScroll = scrollTop < scrollHeight - clientHeight - 1;
+      } else {
+        var scrollLeft = getNormalizedScrollLeft(tabsRef.current, theme.direction);
+        // use 1 for the potential rounding error with browser zooms.
+        showStartScroll = isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
+        showEndScroll = !isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
+      }
+      if (showStartScroll !== displayScroll.start || showEndScroll !== displayScroll.end) {
+        setDisplayScroll({
+          start: showStartScroll,
+          end: showEndScroll
+        });
+      }
+    }
+  });
+  react.useEffect(function () {
+    var handleResize = utils_debounce(function () {
+      // If the Tabs component is replaced by Suspense with a fallback, the last
+      // ResizeObserver's handler that runs because of the change in the layout is trying to
+      // access a dom node that is no longer there (as the fallback component is being shown instead).
+      // See https://github.com/mui/material-ui/issues/33276
+      // TODO: Add tests that will ensure the component is not failing when
+      // replaced by Suspense with a fallback, once React is updated to version 18
+      if (tabsRef.current) {
+        updateIndicatorState();
+        updateScrollButtonState();
+      }
+    });
+    var win = utils_ownerWindow(tabsRef.current);
+    win.addEventListener('resize', handleResize);
+    var resizeObserver;
+    if (typeof ResizeObserver !== 'undefined') {
+      resizeObserver = new ResizeObserver(handleResize);
+      Array.from(tabListRef.current.children).forEach(function (child) {
+        resizeObserver.observe(child);
+      });
+    }
+    return function () {
+      handleResize.clear();
+      win.removeEventListener('resize', handleResize);
+      if (resizeObserver) {
+        resizeObserver.disconnect();
+      }
+    };
+  }, [updateIndicatorState, updateScrollButtonState]);
+  var handleTabsScroll = react.useMemo(function () {
+    return utils_debounce(function () {
+      updateScrollButtonState();
+    });
+  }, [updateScrollButtonState]);
+  react.useEffect(function () {
+    return function () {
+      handleTabsScroll.clear();
+    };
+  }, [handleTabsScroll]);
+  react.useEffect(function () {
+    setMounted(true);
+  }, []);
+  react.useEffect(function () {
+    updateIndicatorState();
+    updateScrollButtonState();
+  });
+  react.useEffect(function () {
+    // Don't animate on the first render.
+    scrollSelectedIntoView(defaultIndicatorStyle !== indicatorStyle);
+  }, [scrollSelectedIntoView, indicatorStyle]);
+  react.useImperativeHandle(action, function () {
+    return {
+      updateIndicator: updateIndicatorState,
+      updateScrollButtons: updateScrollButtonState
+    };
+  }, [updateIndicatorState, updateScrollButtonState]);
+  var indicator = /*#__PURE__*/(0,jsx_runtime.jsx)(TabsIndicator, extends_extends({}, TabIndicatorProps, {
+    className: clsx_m(classes.indicator, TabIndicatorProps.className),
+    ownerState: ownerState,
+    style: extends_extends({}, indicatorStyle, TabIndicatorProps.style)
+  }));
+  var childIndex = 0;
+  var children = react.Children.map(childrenProp, function (child) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      return null;
+    }
+    if (false) {}
+    var childValue = child.props.value === undefined ? childIndex : child.props.value;
+    valueToIndex.set(childValue, childIndex);
+    var selected = childValue === value;
+    childIndex += 1;
+    return /*#__PURE__*/react.cloneElement(child, extends_extends({
+      fullWidth: variant === 'fullWidth',
+      indicator: selected && !mounted && indicator,
+      selected: selected,
+      selectionFollowsFocus: selectionFollowsFocus,
+      onChange: onChange,
+      textColor: textColor,
+      value: childValue
+    }, childIndex === 1 && value === false && !child.props.tabIndex ? {
+      tabIndex: 0
+    } : {}));
+  });
+  var handleKeyDown = function handleKeyDown(event) {
+    var list = tabListRef.current;
+    var currentFocus = utils_ownerDocument(list).activeElement;
+    // Keyboard navigation assumes that [role="tab"] are siblings
+    // though we might warn in the future about nested, interactive elements
+    // as a a11y violation
+    var role = currentFocus.getAttribute('role');
+    if (role !== 'tab') {
+      return;
+    }
+    var previousItemKey = orientation === 'horizontal' ? 'ArrowLeft' : 'ArrowUp';
+    var nextItemKey = orientation === 'horizontal' ? 'ArrowRight' : 'ArrowDown';
+    if (orientation === 'horizontal' && isRtl) {
+      // swap previousItemKey with nextItemKey
+      previousItemKey = 'ArrowRight';
+      nextItemKey = 'ArrowLeft';
+    }
+    switch (event.key) {
+      case previousItemKey:
+        event.preventDefault();
+        Tabs_moveFocus(list, currentFocus, Tabs_previousItem);
+        break;
+      case nextItemKey:
+        event.preventDefault();
+        Tabs_moveFocus(list, currentFocus, Tabs_nextItem);
+        break;
+      case 'Home':
+        event.preventDefault();
+        Tabs_moveFocus(list, null, Tabs_nextItem);
+        break;
+      case 'End':
+        event.preventDefault();
+        Tabs_moveFocus(list, null, Tabs_previousItem);
+        break;
+      default:
+        break;
+    }
+  };
+  var conditionalElements = getConditionalElements();
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    ref: ref,
+    as: component
+  }, other, {
+    children: [conditionalElements.scrollButtonStart, conditionalElements.scrollbarSizeListener, /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsScroller, {
+      className: classes.scroller,
+      ownerState: ownerState,
+      style: defineProperty_defineProperty({
+        overflow: scrollerStyle.overflow
+      }, vertical ? "margin".concat(isRtl ? 'Left' : 'Right') : 'marginBottom', visibleScrollbar ? undefined : -scrollerStyle.scrollbarWidth),
+      ref: tabsRef,
+      onScroll: handleTabsScroll,
+      children: [/*#__PURE__*/(0,jsx_runtime.jsx)(FlexContainer, {
+        "aria-label": ariaLabel,
+        "aria-labelledby": ariaLabelledBy,
+        "aria-orientation": orientation === 'vertical' ? 'vertical' : null,
+        className: classes.flexContainer,
+        ownerState: ownerState,
+        onKeyDown: handleKeyDown,
+        ref: tabListRef,
+        role: "tablist",
+        children: children
+      }), mounted && indicator]
+    }), conditionalElements.scrollButtonEnd]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Tabs_Tabs = (Tabs);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabList/TabList.js
+
+
+var TabList_excluded = ["children"];
+
+
+
+
+
+var TabList = /*#__PURE__*/react.forwardRef(function TabList(props, ref) {
+  var childrenProp = props.children,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabList_excluded);
+  var context = useTabContext();
+  if (context === null) {
+    throw new TypeError('No TabContext provided');
+  }
+  var children = react.Children.map(childrenProp, function (child) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      return null;
+    }
+    return /*#__PURE__*/react.cloneElement(child, {
+      // SOMEDAY: `Tabs` will set those themselves
+      'aria-controls': getPanelId(context, child.props.value),
+      id: getTabId(context, child.props.value)
+    });
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Tabs_Tabs, extends_extends({}, other, {
+    ref: ref,
+    value: context.value,
+    children: children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TabList_TabList = (TabList);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/tabPanelClasses.js
+
+
+function getTabPanelUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabPanel', slot);
+}
+var tabPanelClasses = generateUtilityClasses('MuiTabPanel', ['root']);
+/* harmony default export */ var TabPanel_tabPanelClasses = ((/* unused pure expression or super */ null && (tabPanelClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/TabPanel.js
+
+
+var TabPanel_excluded = ["children", "className", "value"];
+
+
+
+
+
+
+
+
+var TabPanel_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTabPanelUtilityClass, classes);
+};
+var TabPanelRoot = styles_styled('div', {
+  name: 'MuiTabPanel',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})(function (_ref) {
+  var theme = _ref.theme;
+  return {
+    padding: theme.spacing(3)
+  };
+});
+var TabPanel = /*#__PURE__*/react.forwardRef(function TabPanel(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTabPanel'
+  });
+  var children = props.children,
+    className = props.className,
+    value = props.value,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabPanel_excluded);
+  var ownerState = extends_extends({}, props);
+  var classes = TabPanel_useUtilityClasses(ownerState);
+  var context = useTabContext();
+  if (context === null) {
+    throw new TypeError('No TabContext provided');
+  }
+  var id = getPanelId(context, value);
+  var tabId = getTabId(context, value);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabPanelRoot, extends_extends({
+    "aria-labelledby": tabId,
+    className: clsx_m(classes.root, className),
+    hidden: value !== context.value,
+    id: id,
+    ref: ref,
+    role: "tabpanel",
+    ownerState: ownerState
+  }, other, {
+    children: value === context.value && children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TabPanel_TabPanel = (TabPanel);
+;// CONCATENATED MODULE: ./src/components/result-view/SidePanel.tsx
+var SidePanel=function SidePanel(props){var _props$provider;var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedTab=_useState2[0],setSelectedTab=_useState2[1];var theme=styles_useTheme_useTheme();function handleTabChange(_e,value){setSelectedTab(value);}var tabs=(_props$provider=props.provider)===null||_props$provider===void 0?void 0:_props$provider.buildSidePanelTabs();if(!tabs){tabs=[];}(0,react.useEffect)(function(){var _tabs;if(!((_tabs=tabs)!==null&&_tabs!==void 0&&_tabs.length)){setSelectedTab("");return;}if(!selectedTab){setSelectedTab(tabs[0].label);return;}if(!tabs.find(function(x){return x.label===selectedTab;})){// reset it after the type of selected item has changed
+setSelectedTab(tabs[0].label);}// ignore that it wants us to add selectedTab to the deps (it would cause and endless loop)
+// eslint-disable-next-line
+},[props.provider]);if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab,index){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},index);})})]})});};
+;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
+var Card_excluded=["children"],Card_excluded2=["children"],Card_excluded3=["children"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function Card(_ref){var children=_ref.children,rest=objectWithoutProperties_objectWithoutProperties(_ref,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},rest),{},{children:children}));}function CardCol(_ref2){var children=_ref2.children,rest=objectWithoutProperties_objectWithoutProperties(_ref2,Card_excluded2);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}function CardRow(_ref3){var children=_ref3.children,rest=objectWithoutProperties_objectWithoutProperties(_ref3,Card_excluded3);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}
+;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultDetailsDrawer.tsx
+var sidePanelWidth=720;function doGetRootNode(_x){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:shortNames=api.getShortNames();r=api.getResult(rs.id);_context.t0=NodeBuilder;_context.next=5;return shortNames;case 5:_context.t1=_context.sent;_context.t2=rs;_context.next=9;return r;case 9:_context.t3=_context.sent;_context.t4={shortNames:_context.t1,summary:_context.t2,commandResult:_context.t3};builder=new _context.t0(_context.t4);_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 14:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(new Promise(function(){return undefined;})),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedCommandResult=_useState4[0],setSelectedCommandResult=_useState4[1];var _useState5=(0,react.useState)(ts),_useState6=slicedToArray_slicedToArray(_useState5,2),prevTargetSummary=_useState6[0],setPrevTargetSummary=_useState6[1];var _useState7=(0,react.useState)([]),_useState8=slicedToArray_slicedToArray(_useState7,2),cardsCoords=_useState8[0],setCardsCoords=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),transitionRunning=_useState10[0],setTransitionRunning=_useState10[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}(0,react.useEffect)(function(){if(selectedCommandResult===undefined){return;}setPromise(doGetRootNode(selectedCommandResult));},[selectedCommandResult]);var Content=function Content(props){var node=usePromise(promise);return/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:node,onClose:props.onClose});};var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},i);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{onClose:props.onClose})})})})})]});});
+;// CONCATENATED MODULE: ./src/components/targets-view/TargetDetailsDrawer.tsx
+var MyProvider=/*#__PURE__*/function(){function MyProvider(ts){var _this$ts,_this$ts$lastValidate,_this$ts$lastValidate2,_this=this;classCallCheck_classCallCheck(this,MyProvider);this.ts=void 0;this.diffStatus=void 0;this.ts=ts;this.diffStatus=new DiffStatus();(_this$ts=this.ts)===null||_this$ts===void 0?void 0:(_this$ts$lastValidate=_this$ts.lastValidateResult)===null||_this$ts$lastValidate===void 0?void 0:(_this$ts$lastValidate2=_this$ts$lastValidate.drift)===null||_this$ts$lastValidate2===void 0?void 0:_this$ts$lastValidate2.forEach(function(co){_this.diffStatus.addChangedObject(co);});}createClass_createClass(MyProvider,[{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _this$ts$lastValidate3,_this$ts$lastValidate4,_this$ts$lastValidate5,_this$ts$lastValidate6;if(!this.ts){return[];}var tabs=[{label:"Summary",content:this.buildSummaryTab()}];if(this.ts.target)if(this.diffStatus.changedObjects.length){tabs.push({label:"Drift",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}if((_this$ts$lastValidate3=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate3!==void 0&&(_this$ts$lastValidate4=_this$ts$lastValidate3.errors)!==null&&_this$ts$lastValidate4!==void 0&&_this$ts$lastValidate4.length){tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.errors})});}if((_this$ts$lastValidate5=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate5!==void 0&&(_this$ts$lastValidate6=_this$ts$lastValidate5.warnings)!==null&&_this$ts$lastValidate6!==void 0&&_this$ts$lastValidate6.length){tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.warnings})});}return tabs;}},{key:"buildSummaryTab",value:function buildSummaryTab(){var _this$ts2,_this$ts3,_this$ts4,_this$ts4$lastValidat,_this$ts4$lastValidat2,_this$ts5,_this$ts5$lastValidat,_this$ts5$lastValidat2,_this$ts6,_this$ts6$lastValidat,_this$ts6$lastValidat2;var props=[{name:"Target Name",value:this.getTargetName()},{name:"Discriminator",value:(_this$ts2=this.ts)===null||_this$ts2===void 0?void 0:_this$ts2.target.discriminator}];if((_this$ts3=this.ts)!==null&&_this$ts3!==void 0&&_this$ts3.lastValidateResult){props.push({name:"Ready",value:this.ts.lastValidateResult.ready+""});}if((_this$ts4=this.ts)!==null&&_this$ts4!==void 0&&(_this$ts4$lastValidat=_this$ts4.lastValidateResult)!==null&&_this$ts4$lastValidat!==void 0&&(_this$ts4$lastValidat2=_this$ts4$lastValidat.errors)!==null&&_this$ts4$lastValidat2!==void 0&&_this$ts4$lastValidat2.length){props.push({name:"Errors",value:this.ts.lastValidateResult.errors.length+""});}if((_this$ts5=this.ts)!==null&&_this$ts5!==void 0&&(_this$ts5$lastValidat=_this$ts5.lastValidateResult)!==null&&_this$ts5$lastValidat!==void 0&&(_this$ts5$lastValidat2=_this$ts5$lastValidat.warnings)!==null&&_this$ts5$lastValidat2!==void 0&&_this$ts5$lastValidat2.length){props.push({name:"Warnings",value:this.ts.lastValidateResult.warnings.length+""});}if((_this$ts6=this.ts)!==null&&_this$ts6!==void 0&&(_this$ts6$lastValidat=_this$ts6.lastValidateResult)!==null&&_this$ts6$lastValidat!==void 0&&(_this$ts6$lastValidat2=_this$ts6$lastValidat.drift)!==null&&_this$ts6$lastValidat2!==void 0&&_this$ts6$lastValidat2.length){props.push({name:"Drifted Objects",value:this.ts.lastValidateResult.drift.length+""});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"getTargetName",value:function getTargetName(){if(!this.ts){return"";}var name="<no-name>";if(this.ts.target.targetName){name=this.ts.target.targetName;}return name;}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getTargetName();}}]);return MyProvider;}();var TargetDetailsDrawer=/*#__PURE__*/react.memo(function(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.ts!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"600px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:new MyProvider(props.ts),onClose:props.onClose})})})});});
+;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
+var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
+d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
+d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," -").concat(curveRadius,"\n                        v ").concat(cy-rootCenterY+curveRadius*2,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," -").concat(curveRadius,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                    ");}else{// target is lower than root.
+d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var onCommandResultDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);var doSetSelectedCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var doSetSelectedTargetSummary=(0,react.useCallback)(function(ts){onCommandResultDetailsDrawerClose();setSelectedTargetSummary(ts);},[onCommandResultDetailsDrawerClose]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultDetailsDrawer,{rs:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.rs,ts:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ts,ps:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ps,onClose:onCommandResultDetailsDrawerClose,selectedCardRect:selectedCardRect}),/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:function onSelectTarget(ts){return doSetSelectedTargetSummary(ts);}})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},JSON.stringify(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return doSetSelectedCommandResult({rs:rs,ts:ts,ps:ps});}})},i);})},JSON.stringify(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},JSON.stringify(ps.project));})]});};
+;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/FormControlContext.js
+
+/**
+ * @ignore - internal component.
+ */
+var FormControlContext = /*#__PURE__*/react.createContext(undefined);
+if (false) {}
+/* harmony default export */ var FormControl_FormControlContext = (FormControlContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/useFormControl.js
+
+
+function useFormControl() {
+  return react.useContext(FormControl_FormControlContext);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControlLabel/formControlLabelClasses.js
+
+
+function getFormControlLabelUtilityClasses(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiFormControlLabel', slot);
+}
+var formControlLabelClasses = generateUtilityClasses('MuiFormControlLabel', ['root', 'labelPlacementStart', 'labelPlacementTop', 'labelPlacementBottom', 'disabled', 'label', 'error', 'required', 'asterisk']);
+/* harmony default export */ var FormControlLabel_formControlLabelClasses = (formControlLabelClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/formControlState.js
+function formControlState(_ref) {
+  var props = _ref.props,
+    states = _ref.states,
+    muiFormControl = _ref.muiFormControl;
+  return states.reduce(function (acc, state) {
+    acc[state] = props[state];
+    if (muiFormControl) {
+      if (typeof props[state] === 'undefined') {
+        acc[state] = muiFormControl[state];
+      }
+    }
+    return acc;
+  }, {});
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControlLabel/FormControlLabel.js
+
+
+
+var FormControlLabel_excluded = ["checked", "className", "componentsProps", "control", "disabled", "disableTypography", "inputRef", "label", "labelPlacement", "name", "onChange", "required", "slotProps", "value"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var FormControlLabel_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    disabled = ownerState.disabled,
+    labelPlacement = ownerState.labelPlacement,
+    error = ownerState.error,
+    required = ownerState.required;
+  var slots = {
+    root: ['root', disabled && 'disabled', "labelPlacement".concat(utils_capitalize(labelPlacement)), error && 'error', required && 'required'],
+    label: ['label', disabled && 'disabled'],
+    asterisk: ['asterisk', error && 'error']
+  };
+  return composeClasses(slots, getFormControlLabelUtilityClasses, classes);
+};
+var FormControlLabelRoot = styles_styled('label', {
+  name: 'MuiFormControlLabel',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [defineProperty_defineProperty({}, "& .".concat(FormControlLabel_formControlLabelClasses.label), styles.label), styles.root, styles["labelPlacement".concat(utils_capitalize(ownerState.labelPlacement))]];
+  }
+})(function (_ref3) {
+  var theme = _ref3.theme,
+    ownerState = _ref3.ownerState;
+  return extends_extends(defineProperty_defineProperty({
+    display: 'inline-flex',
+    alignItems: 'center',
+    cursor: 'pointer',
+    // For correct alignment with the text.
+    verticalAlign: 'middle',
+    WebkitTapHighlightColor: 'transparent',
+    marginLeft: -11,
+    marginRight: 16
+  }, "&.".concat(FormControlLabel_formControlLabelClasses.disabled), {
+    cursor: 'default'
+  }), ownerState.labelPlacement === 'start' && {
+    flexDirection: 'row-reverse',
+    marginLeft: 16,
+    // used for row presentation of radio/checkbox
+    marginRight: -11
+  }, ownerState.labelPlacement === 'top' && {
+    flexDirection: 'column-reverse',
+    marginLeft: 16
+  }, ownerState.labelPlacement === 'bottom' && {
+    flexDirection: 'column',
+    marginLeft: 16
+  }, defineProperty_defineProperty({}, "& .".concat(FormControlLabel_formControlLabelClasses.label), defineProperty_defineProperty({}, "&.".concat(FormControlLabel_formControlLabelClasses.disabled), {
+    color: (theme.vars || theme).palette.text.disabled
+  })));
+});
+var AsteriskComponent = styles_styled('span', {
+  name: 'MuiFormControlLabel',
+  slot: 'Asterisk',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.asterisk;
+  }
+})(function (_ref4) {
+  var theme = _ref4.theme;
+  return defineProperty_defineProperty({}, "&.".concat(FormControlLabel_formControlLabelClasses.error), {
+    color: (theme.vars || theme).palette.error.main
+  });
+});
+
+/**
+ * Drop-in replacement of the `Radio`, `Switch` and `Checkbox` component.
+ * Use this component if you want to display an extra label.
+ */
+var FormControlLabel = /*#__PURE__*/react.forwardRef(function FormControlLabel(inProps, ref) {
+  var _ref, _slotProps$typography;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiFormControlLabel'
+  });
+  var className = props.className,
+    _props$componentsProp = props.componentsProps,
+    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
+    control = props.control,
+    disabledProp = props.disabled,
+    disableTypography = props.disableTypography,
+    labelProp = props.label,
+    _props$labelPlacement = props.labelPlacement,
+    labelPlacement = _props$labelPlacement === void 0 ? 'end' : _props$labelPlacement,
+    requiredProp = props.required,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, FormControlLabel_excluded);
+  var muiFormControl = useFormControl();
+  var disabled = (_ref = disabledProp != null ? disabledProp : control.props.disabled) != null ? _ref : muiFormControl == null ? void 0 : muiFormControl.disabled;
+  var required = requiredProp != null ? requiredProp : control.props.required;
+  var controlProps = {
+    disabled: disabled,
+    required: required
+  };
+  ['checked', 'name', 'onChange', 'value', 'inputRef'].forEach(function (key) {
+    if (typeof control.props[key] === 'undefined' && typeof props[key] !== 'undefined') {
+      controlProps[key] = props[key];
+    }
+  });
+  var fcs = formControlState({
+    props: props,
+    muiFormControl: muiFormControl,
+    states: ['error']
+  });
+  var ownerState = extends_extends({}, props, {
+    disabled: disabled,
+    labelPlacement: labelPlacement,
+    required: required,
+    error: fcs.error
+  });
+  var classes = FormControlLabel_useUtilityClasses(ownerState);
+  var typographySlotProps = (_slotProps$typography = slotProps.typography) != null ? _slotProps$typography : componentsProps.typography;
+  var label = labelProp;
+  if (label != null && label.type !== Typography_Typography && !disableTypography) {
+    label = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
+      component: "span"
+    }, typographySlotProps, {
+      className: clsx_m(classes.label, typographySlotProps == null ? void 0 : typographySlotProps.className),
+      children: label
+    }));
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(FormControlLabelRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState,
+    ref: ref
+  }, other, {
+    children: [/*#__PURE__*/react.cloneElement(control, controlProps), label, required && /*#__PURE__*/(0,jsx_runtime.jsxs)(AsteriskComponent, {
+      ownerState: ownerState,
+      "aria-hidden": true,
+      className: classes.asterisk,
+      children: ["\u2009", '*']
+    })]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var FormControlLabel_FormControlLabel = (FormControlLabel);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/switchBaseClasses.js
+
+
+function getSwitchBaseUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('PrivateSwitchBase', slot);
+}
+var switchBaseClasses = generateUtilityClasses('PrivateSwitchBase', ['root', 'checked', 'disabled', 'input', 'edgeStart', 'edgeEnd']);
+/* harmony default export */ var internal_switchBaseClasses = ((/* unused pure expression or super */ null && (switchBaseClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/SwitchBase.js
+
+
+
+var SwitchBase_excluded = ["autoFocus", "checked", "checkedIcon", "className", "defaultChecked", "disabled", "disableFocusRipple", "edge", "icon", "id", "inputProps", "inputRef", "name", "onBlur", "onChange", "onFocus", "readOnly", "required", "tabIndex", "type", "value"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+var SwitchBase_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    checked = ownerState.checked,
+    disabled = ownerState.disabled,
+    edge = ownerState.edge;
+  var slots = {
+    root: ['root', checked && 'checked', disabled && 'disabled', edge && "edge".concat(utils_capitalize(edge))],
+    input: ['input']
+  };
+  return composeClasses(slots, getSwitchBaseUtilityClass, classes);
+};
+var SwitchBaseRoot = styles_styled(ButtonBase_ButtonBase)(function (_ref) {
+  var ownerState = _ref.ownerState;
+  return extends_extends({
+    padding: 9,
+    borderRadius: '50%'
+  }, ownerState.edge === 'start' && {
+    marginLeft: ownerState.size === 'small' ? -3 : -12
+  }, ownerState.edge === 'end' && {
+    marginRight: ownerState.size === 'small' ? -3 : -12
+  });
+});
+var SwitchBaseInput = styles_styled('input')({
+  cursor: 'inherit',
+  position: 'absolute',
+  opacity: 0,
+  width: '100%',
+  height: '100%',
+  top: 0,
+  left: 0,
+  margin: 0,
+  padding: 0,
+  zIndex: 1
+});
+
+/**
+ * @ignore - internal component.
+ */
+var SwitchBase = /*#__PURE__*/react.forwardRef(function SwitchBase(props, ref) {
+  var autoFocus = props.autoFocus,
+    checkedProp = props.checked,
+    checkedIcon = props.checkedIcon,
+    className = props.className,
+    defaultChecked = props.defaultChecked,
+    disabledProp = props.disabled,
+    _props$disableFocusRi = props.disableFocusRipple,
+    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
+    _props$edge = props.edge,
+    edge = _props$edge === void 0 ? false : _props$edge,
+    icon = props.icon,
+    id = props.id,
+    inputProps = props.inputProps,
+    inputRef = props.inputRef,
+    name = props.name,
+    onBlur = props.onBlur,
+    onChange = props.onChange,
+    onFocus = props.onFocus,
+    readOnly = props.readOnly,
+    _props$required = props.required,
+    required = _props$required === void 0 ? false : _props$required,
+    tabIndex = props.tabIndex,
+    type = props.type,
+    value = props.value,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, SwitchBase_excluded);
+  var _useControlled = utils_useControlled({
+      controlled: checkedProp,
+      default: Boolean(defaultChecked),
+      name: 'SwitchBase',
+      state: 'checked'
+    }),
+    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
+    checked = _useControlled2[0],
+    setCheckedState = _useControlled2[1];
+  var muiFormControl = useFormControl();
+  var handleFocus = function handleFocus(event) {
+    if (onFocus) {
+      onFocus(event);
+    }
+    if (muiFormControl && muiFormControl.onFocus) {
+      muiFormControl.onFocus(event);
+    }
+  };
+  var handleBlur = function handleBlur(event) {
+    if (onBlur) {
+      onBlur(event);
+    }
+    if (muiFormControl && muiFormControl.onBlur) {
+      muiFormControl.onBlur(event);
+    }
+  };
+  var handleInputChange = function handleInputChange(event) {
+    // Workaround for https://github.com/facebook/react/issues/9023
+    if (event.nativeEvent.defaultPrevented) {
+      return;
+    }
+    var newChecked = event.target.checked;
+    setCheckedState(newChecked);
+    if (onChange) {
+      // TODO v6: remove the second argument.
+      onChange(event, newChecked);
+    }
+  };
+  var disabled = disabledProp;
+  if (muiFormControl) {
+    if (typeof disabled === 'undefined') {
+      disabled = muiFormControl.disabled;
+    }
+  }
+  var hasLabelFor = type === 'checkbox' || type === 'radio';
+  var ownerState = extends_extends({}, props, {
+    checked: checked,
+    disabled: disabled,
+    disableFocusRipple: disableFocusRipple,
+    edge: edge
+  });
+  var classes = SwitchBase_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(SwitchBaseRoot, extends_extends({
+    component: "span",
+    className: clsx_m(classes.root, className),
+    centerRipple: true,
+    focusRipple: !disableFocusRipple,
+    disabled: disabled,
+    tabIndex: null,
+    role: undefined,
+    onFocus: handleFocus,
+    onBlur: handleBlur,
+    ownerState: ownerState,
+    ref: ref
+  }, other, {
+    children: [/*#__PURE__*/(0,jsx_runtime.jsx)(SwitchBaseInput, extends_extends({
+      autoFocus: autoFocus,
+      checked: checkedProp,
+      defaultChecked: defaultChecked,
+      className: classes.input,
+      disabled: disabled,
+      id: hasLabelFor ? id : undefined,
+      name: name,
+      onChange: handleInputChange,
+      readOnly: readOnly,
+      ref: inputRef,
+      required: required,
+      ownerState: ownerState,
+      tabIndex: tabIndex,
+      type: type
+    }, type === 'checkbox' && value === undefined ? {} : {
+      value: value
+    }, inputProps)), checked ? checkedIcon : icon]
+  }));
+});
+
+// NB: If changed, please update Checkbox, Switch and Radio
+// so that the API documentation is updated.
+ false ? 0 : void 0;
+/* harmony default export */ var internal_SwitchBase = (SwitchBase);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/CheckBoxOutlineBlank.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var CheckBoxOutlineBlank = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19 5v14H5V5h14m0-2H5c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2z"
+}), 'CheckBoxOutlineBlank'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/CheckBox.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var CheckBox = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19 3H5c-1.11 0-2 .9-2 2v14c0 1.1.89 2 2 2h14c1.11 0 2-.9 2-2V5c0-1.1-.89-2-2-2zm-9 14l-5-5 1.41-1.41L10 14.17l7.59-7.59L19 8l-9 9z"
+}), 'CheckBox'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/IndeterminateCheckBox.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var IndeterminateCheckBox = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19 3H5c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2zm-2 10H7v-2h10v2z"
+}), 'IndeterminateCheckBox'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Checkbox/checkboxClasses.js
+
+
+function getCheckboxUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiCheckbox', slot);
+}
+var checkboxClasses = generateUtilityClasses('MuiCheckbox', ['root', 'checked', 'disabled', 'indeterminate', 'colorPrimary', 'colorSecondary']);
+/* harmony default export */ var Checkbox_checkboxClasses = (checkboxClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Checkbox/Checkbox.js
+
+
+
+var Checkbox_excluded = ["checkedIcon", "color", "icon", "indeterminate", "indeterminateIcon", "inputProps", "size", "className"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var Checkbox_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    indeterminate = ownerState.indeterminate,
+    color = ownerState.color;
+  var slots = {
+    root: ['root', indeterminate && 'indeterminate', "color".concat(utils_capitalize(color))]
+  };
+  var composedClasses = composeClasses(slots, getCheckboxUtilityClass, classes);
+  return extends_extends({}, classes, composedClasses);
+};
+var CheckboxRoot = styles_styled(internal_SwitchBase, {
+  shouldForwardProp: function shouldForwardProp(prop) {
+    return rootShouldForwardProp(prop) || prop === 'classes';
+  },
+  name: 'MuiCheckbox',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.indeterminate && styles.indeterminate, ownerState.color !== 'default' && styles["color".concat(utils_capitalize(ownerState.color))]];
+  }
+})(function (_ref) {
+  var _ref2;
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    color: (theme.vars || theme).palette.text.secondary
+  }, !ownerState.disableRipple && {
+    '&:hover': {
+      backgroundColor: theme.vars ? "rgba(".concat(ownerState.color === 'default' ? theme.vars.palette.action.activeChannel : theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(ownerState.color === 'default' ? theme.palette.action.active : theme.palette[ownerState.color].main, theme.palette.action.hoverOpacity),
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, ownerState.color !== 'default' && (_ref2 = {}, defineProperty_defineProperty(_ref2, "&.".concat(Checkbox_checkboxClasses.checked, ", &.").concat(Checkbox_checkboxClasses.indeterminate), {
+    color: (theme.vars || theme).palette[ownerState.color].main
+  }), defineProperty_defineProperty(_ref2, "&.".concat(Checkbox_checkboxClasses.disabled), {
+    color: (theme.vars || theme).palette.action.disabled
+  }), _ref2));
+});
+var defaultCheckedIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(CheckBox, {});
+var defaultIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(CheckBoxOutlineBlank, {});
+var defaultIndeterminateIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(IndeterminateCheckBox, {});
+var Checkbox = /*#__PURE__*/react.forwardRef(function Checkbox(inProps, ref) {
+  var _icon$props$fontSize, _indeterminateIcon$pr;
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiCheckbox'
+  });
+  var _props$checkedIcon = props.checkedIcon,
+    checkedIcon = _props$checkedIcon === void 0 ? defaultCheckedIcon : _props$checkedIcon,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'primary' : _props$color,
+    _props$icon = props.icon,
+    iconProp = _props$icon === void 0 ? defaultIcon : _props$icon,
+    _props$indeterminate = props.indeterminate,
+    indeterminate = _props$indeterminate === void 0 ? false : _props$indeterminate,
+    _props$indeterminateI = props.indeterminateIcon,
+    indeterminateIconProp = _props$indeterminateI === void 0 ? defaultIndeterminateIcon : _props$indeterminateI,
+    inputProps = props.inputProps,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 'medium' : _props$size,
+    className = props.className,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Checkbox_excluded);
+  var icon = indeterminate ? indeterminateIconProp : iconProp;
+  var indeterminateIcon = indeterminate ? indeterminateIconProp : checkedIcon;
+  var ownerState = extends_extends({}, props, {
+    color: color,
+    indeterminate: indeterminate,
+    size: size
+  });
+  var classes = Checkbox_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxRoot, extends_extends({
+    type: "checkbox",
+    inputProps: extends_extends({
+      'data-indeterminate': indeterminate
+    }, inputProps),
+    icon: /*#__PURE__*/react.cloneElement(icon, {
+      fontSize: (_icon$props$fontSize = icon.props.fontSize) != null ? _icon$props$fontSize : size
+    }),
+    checkedIcon: /*#__PURE__*/react.cloneElement(indeterminateIcon, {
+      fontSize: (_indeterminateIcon$pr = indeterminateIcon.props.fontSize) != null ? _indeterminateIcon$pr : size
+    }),
+    ownerState: ownerState,
+    ref: ref,
+    className: clsx_m(classes.root, className)
+  }, other, {
+    classes: classes
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var Checkbox_Checkbox = (Checkbox);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/TreeViewContext.js
+
+
+/**
+ * @ignore - internal component.
+ */
+var TreeViewContext = /*#__PURE__*/react.createContext({});
+if (false) {}
+/* harmony default export */ var TreeView_TreeViewContext = (TreeViewContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/descendants.js
+
+
+
+var descendants_excluded = ["element"];
+
+
+
+
+/** Credit: https://github.com/reach/reach-ui/blob/86a046f54d53b6420e392b3fa56dd991d9d4e458/packages/descendants/README.md
+ *  Modified slightly to suit our purposes.
+ */
+
+// To replace with .findIndex() once we stop IE11 support.
+
+function findIndex(array, comp) {
+  for (var i = 0; i < array.length; i += 1) {
+    if (comp(array[i])) {
+      return i;
+    }
+  }
+  return -1;
+}
+function binaryFindElement(array, element) {
+  var start = 0;
+  var end = array.length - 1;
+  while (start <= end) {
+    var middle = Math.floor((start + end) / 2);
+    if (array[middle].element === element) {
+      return middle;
+    }
+
+    // eslint-disable-next-line no-bitwise
+    if (array[middle].element.compareDocumentPosition(element) & Node.DOCUMENT_POSITION_PRECEDING) {
+      end = middle - 1;
+    } else {
+      start = middle + 1;
+    }
+  }
+  return start;
+}
+var DescendantContext = /*#__PURE__*/react.createContext({});
+if (false) {}
+function usePrevious(value) {
+  var ref = react.useRef(null);
+  react.useEffect(function () {
+    ref.current = value;
+  }, [value]);
+  return ref.current;
+}
+var descendants_noop = function noop() {};
+
+/**
+ * This hook registers our descendant by passing it into an array. We can then
+ * search that array by to find its index when registering it in the component.
+ * We use this for focus management, keyboard navigation, and typeahead
+ * functionality for some components.
+ *
+ * The hook accepts the element node
+ *
+ * Our main goals with this are:
+ *   1) maximum composability,
+ *   2) minimal API friction
+ *   3) SSR compatibility*
+ *   4) concurrent safe
+ *   5) index always up-to-date with the tree despite changes
+ *   6) works with memoization of any component in the tree (hopefully)
+ *
+ * * As for SSR, the good news is that we don't actually need the index on the
+ * server for most use-cases, as we are only using it to determine the order of
+ * composed descendants for keyboard navigation.
+ */
+function useDescendant(descendant) {
+  var _React$useState = react.useState(),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    forceUpdate = _React$useState2[1];
+  var _React$useContext = react.useContext(DescendantContext),
+    _React$useContext$reg = _React$useContext.registerDescendant,
+    registerDescendant = _React$useContext$reg === void 0 ? descendants_noop : _React$useContext$reg,
+    _React$useContext$unr = _React$useContext.unregisterDescendant,
+    unregisterDescendant = _React$useContext$unr === void 0 ? descendants_noop : _React$useContext$unr,
+    _React$useContext$des = _React$useContext.descendants,
+    descendants = _React$useContext$des === void 0 ? [] : _React$useContext$des,
+    _React$useContext$par = _React$useContext.parentId,
+    parentId = _React$useContext$par === void 0 ? null : _React$useContext$par;
+
+  // This will initially return -1 because we haven't registered the descendant
+  // on the first render. After we register, this will then return the correct
+  // index on the following render and we will re-register descendants
+  // so that everything is up-to-date before the user interacts with a
+  // collection.
+  var index = findIndex(descendants, function (item) {
+    return item.element === descendant.element;
+  });
+  var previousDescendants = usePrevious(descendants);
+
+  // We also need to re-register descendants any time ANY of the other
+  // descendants have changed. My brain was melting when I wrote this and it
+  // feels a little off, but checking in render and using the result in the
+  // effect's dependency array works well enough.
+  var someDescendantsHaveChanged = descendants.some(function (newDescendant, position) {
+    return previousDescendants && previousDescendants[position] && previousDescendants[position].element !== newDescendant.element;
+  });
+
+  // Prevent any flashing
+  utils_useEnhancedEffect(function () {
+    if (descendant.element) {
+      registerDescendant(extends_extends({}, descendant, {
+        index: index
+      }));
+      return function () {
+        unregisterDescendant(descendant.element);
+      };
+    }
+    forceUpdate({});
+    return undefined;
+  }, [registerDescendant, unregisterDescendant, index, someDescendantsHaveChanged, descendant]);
+  return {
+    parentId: parentId,
+    index: index
+  };
+}
+function DescendantProvider(props) {
+  var children = props.children,
+    id = props.id;
+  var _React$useState3 = react.useState([]),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    items = _React$useState4[0],
+    set = _React$useState4[1];
+  var registerDescendant = react.useCallback(function (_ref) {
+    var element = _ref.element,
+      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, descendants_excluded);
+    set(function (oldItems) {
+      var newItems;
+      if (oldItems.length === 0) {
+        // If there are no items, register at index 0 and bail.
+        return [extends_extends({}, other, {
+          element: element,
+          index: 0
+        })];
+      }
+      var index = binaryFindElement(oldItems, element);
+      if (oldItems[index] && oldItems[index].element === element) {
+        // If the element is already registered, just use the same array
+        newItems = oldItems;
+      } else {
+        // When registering a descendant, we need to make sure we insert in
+        // into the array in the same order that it appears in the DOM. So as
+        // new descendants are added or maybe some are removed, we always know
+        // that the array is up-to-date and correct.
+        //
+        // So here we look at our registered descendants and see if the new
+        // element we are adding appears earlier than an existing descendant's
+        // DOM node via `node.compareDocumentPosition`. If it does, we insert
+        // the new element at this index. Because `registerDescendant` will be
+        // called in an effect every time the descendants state value changes,
+        // we should be sure that this index is accurate when descendent
+        // elements come or go from our component.
+
+        var newItem = extends_extends({}, other, {
+          element: element,
+          index: index
+        });
+
+        // If an index is not found we will push the element to the end.
+        newItems = oldItems.slice();
+        newItems.splice(index, 0, newItem);
+      }
+      newItems.forEach(function (item, position) {
+        item.index = position;
+      });
+      return newItems;
+    });
+  }, []);
+  var unregisterDescendant = react.useCallback(function (element) {
+    set(function (oldItems) {
+      return oldItems.filter(function (item) {
+        return element !== item.element;
+      });
+    });
+  }, []);
+  var value = react.useMemo(function () {
+    return {
+      descendants: items,
+      registerDescendant: registerDescendant,
+      unregisterDescendant: unregisterDescendant,
+      parentId: id
+    };
+  }, [items, registerDescendant, unregisterDescendant, id]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantContext.Provider, {
+    value: value,
+    children: children
+  });
+}
+ false ? 0 : void 0;
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/treeViewClasses.js
+
+
+function getTreeViewUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTreeView', slot);
+}
+var treeViewClasses = generateUtilityClasses('MuiTreeView', ['root']);
+/* harmony default export */ var TreeView_treeViewClasses = ((/* unused pure expression or super */ null && (treeViewClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/TreeView.js
+
+
+
+var TreeView_excluded = ["children", "className", "defaultCollapseIcon", "defaultEndIcon", "defaultExpanded", "defaultExpandIcon", "defaultParentIcon", "defaultSelected", "disabledItemsFocusable", "disableSelection", "expanded", "id", "multiSelect", "onBlur", "onFocus", "onKeyDown", "onNodeFocus", "onNodeSelect", "onNodeToggle", "selected"];
+
+
+
+
+
+
+
+
+
+
+var TreeView_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTreeViewUtilityClass, classes);
+};
+var TreeViewRoot = styles_styled('ul', {
+  name: 'MuiTreeView',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  padding: 0,
+  margin: 0,
+  listStyle: 'none',
+  outline: 0
+});
+function isPrintableCharacter(string) {
+  return string && string.length === 1 && string.match(/\S/);
+}
+function findNextFirstChar(firstChars, startIndex, char) {
+  for (var i = startIndex; i < firstChars.length; i += 1) {
+    if (char === firstChars[i]) {
+      return i;
+    }
+  }
+  return -1;
+}
+function noopSelection() {
+  return false;
+}
+var defaultDefaultExpanded = [];
+var defaultDefaultSelected = [];
+var TreeView = /*#__PURE__*/react.forwardRef(function TreeView(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTreeView'
+  });
+  var children = props.children,
+    className = props.className,
+    defaultCollapseIcon = props.defaultCollapseIcon,
+    defaultEndIcon = props.defaultEndIcon,
+    _props$defaultExpande = props.defaultExpanded,
+    defaultExpanded = _props$defaultExpande === void 0 ? defaultDefaultExpanded : _props$defaultExpande,
+    defaultExpandIcon = props.defaultExpandIcon,
+    defaultParentIcon = props.defaultParentIcon,
+    _props$defaultSelecte = props.defaultSelected,
+    defaultSelected = _props$defaultSelecte === void 0 ? defaultDefaultSelected : _props$defaultSelecte,
+    _props$disabledItemsF = props.disabledItemsFocusable,
+    disabledItemsFocusable = _props$disabledItemsF === void 0 ? false : _props$disabledItemsF,
+    _props$disableSelecti = props.disableSelection,
+    disableSelection = _props$disableSelecti === void 0 ? false : _props$disableSelecti,
+    expandedProp = props.expanded,
+    idProp = props.id,
+    _props$multiSelect = props.multiSelect,
+    multiSelect = _props$multiSelect === void 0 ? false : _props$multiSelect,
+    onBlur = props.onBlur,
+    onFocus = props.onFocus,
+    onKeyDown = props.onKeyDown,
+    onNodeFocus = props.onNodeFocus,
+    onNodeSelect = props.onNodeSelect,
+    onNodeToggle = props.onNodeToggle,
+    selectedProp = props.selected,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeView_excluded);
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ownerState = extends_extends({}, props, {
+    defaultExpanded: defaultExpanded,
+    defaultSelected: defaultSelected,
+    disabledItemsFocusable: disabledItemsFocusable,
+    disableSelection: disableSelection,
+    multiSelect: multiSelect
+  });
+  var classes = TreeView_useUtilityClasses(ownerState);
+  var treeId = utils_useId(idProp);
+  var treeRef = react.useRef(null);
+  var handleRef = utils_useForkRef(treeRef, ref);
+  var _React$useState = react.useState(null),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    focusedNodeId = _React$useState2[0],
+    setFocusedNodeId = _React$useState2[1];
+  var nodeMap = react.useRef({});
+  var firstCharMap = react.useRef({});
+  var _useControlled = utils_useControlled({
+      controlled: expandedProp,
+      default: defaultExpanded,
+      name: 'TreeView',
+      state: 'expanded'
+    }),
+    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
+    expanded = _useControlled2[0],
+    setExpandedState = _useControlled2[1];
+  var _useControlled3 = utils_useControlled({
+      controlled: selectedProp,
+      default: defaultSelected,
+      name: 'TreeView',
+      state: 'selected'
+    }),
+    _useControlled4 = slicedToArray_slicedToArray(_useControlled3, 2),
+    selected = _useControlled4[0],
+    setSelectedState = _useControlled4[1];
+
+  /*
+   * Status Helpers
+   */
+  var isExpanded = react.useCallback(function (id) {
+    return Array.isArray(expanded) ? expanded.indexOf(id) !== -1 : false;
+  }, [expanded]);
+  var isExpandable = react.useCallback(function (id) {
+    return nodeMap.current[id] && nodeMap.current[id].expandable;
+  }, []);
+  var isSelected = react.useCallback(function (id) {
+    return Array.isArray(selected) ? selected.indexOf(id) !== -1 : selected === id;
+  }, [selected]);
+  var isDisabled = react.useCallback(function (id) {
+    var node = nodeMap.current[id];
+
+    // This can be called before the node has been added to the node map.
+    if (!node) {
+      return false;
+    }
+    if (node.disabled) {
+      return true;
+    }
+    while (node.parentId != null) {
+      node = nodeMap.current[node.parentId];
+      if (node.disabled) {
+        return true;
+      }
+    }
+    return false;
+  }, []);
+  var isFocused = function isFocused(id) {
+    return focusedNodeId === id;
+  };
+
+  /*
+   * Child Helpers
+   */
+
+  // Using Object.keys -> .map to mimic Object.values we should replace with Object.values() once we stop IE11 support.
+  var getChildrenIds = function getChildrenIds(id) {
+    return Object.keys(nodeMap.current).map(function (key) {
+      return nodeMap.current[key];
+    }).filter(function (node) {
+      return node.parentId === id;
+    }).sort(function (a, b) {
+      return a.index - b.index;
+    }).map(function (child) {
+      return child.id;
+    });
+  };
+  var getNavigableChildrenIds = function getNavigableChildrenIds(id) {
+    var childrenIds = getChildrenIds(id);
+    if (!disabledItemsFocusable) {
+      childrenIds = childrenIds.filter(function (node) {
+        return !isDisabled(node);
+      });
+    }
+    return childrenIds;
+  };
+
+  /*
+   * Node Helpers
+   */
+
+  var getNextNode = function getNextNode(id) {
+    // If expanded get first child
+    if (isExpanded(id) && getNavigableChildrenIds(id).length > 0) {
+      return getNavigableChildrenIds(id)[0];
+    }
+    var node = nodeMap.current[id];
+    while (node != null) {
+      // Try to get next sibling
+      var siblings = getNavigableChildrenIds(node.parentId);
+      var nextSibling = siblings[siblings.indexOf(node.id) + 1];
+      if (nextSibling) {
+        return nextSibling;
+      }
+
+      // If the sibling does not exist, go up a level to the parent and try again.
+      node = nodeMap.current[node.parentId];
+    }
+    return null;
+  };
+  var getPreviousNode = function getPreviousNode(id) {
+    var node = nodeMap.current[id];
+    var siblings = getNavigableChildrenIds(node.parentId);
+    var nodeIndex = siblings.indexOf(id);
+    if (nodeIndex === 0) {
+      return node.parentId;
+    }
+    var currentNode = siblings[nodeIndex - 1];
+    while (isExpanded(currentNode) && getNavigableChildrenIds(currentNode).length > 0) {
+      currentNode = getNavigableChildrenIds(currentNode).pop();
+    }
+    return currentNode;
+  };
+  var getLastNode = function getLastNode() {
+    var lastNode = getNavigableChildrenIds(null).pop();
+    while (isExpanded(lastNode)) {
+      lastNode = getNavigableChildrenIds(lastNode).pop();
+    }
+    return lastNode;
+  };
+  var getFirstNode = function getFirstNode() {
+    return getNavigableChildrenIds(null)[0];
+  };
+  var getParent = function getParent(id) {
+    return nodeMap.current[id].parentId;
+  };
+
+  /**
+   * This is used to determine the start and end of a selection range so
+   * we can get the nodes between the two border nodes.
+   *
+   * It finds the nodes' common ancestor using
+   * a naive implementation of a lowest common ancestor algorithm
+   * (https://en.wikipedia.org/wiki/Lowest_common_ancestor).
+   * Then compares the ancestor's 2 children that are ancestors of nodeA and NodeB
+   * so we can compare their indexes to work out which node comes first in a depth first search.
+   * (https://en.wikipedia.org/wiki/Depth-first_search)
+   *
+   * Another way to put it is which node is shallower in a trémaux tree
+   * https://en.wikipedia.org/wiki/Tr%C3%A9maux_tree
+   */
+  var findOrderInTremauxTree = function findOrderInTremauxTree(nodeAId, nodeBId) {
+    if (nodeAId === nodeBId) {
+      return [nodeAId, nodeBId];
+    }
+    var nodeA = nodeMap.current[nodeAId];
+    var nodeB = nodeMap.current[nodeBId];
+    if (nodeA.parentId === nodeB.id || nodeB.parentId === nodeA.id) {
+      return nodeB.parentId === nodeA.id ? [nodeA.id, nodeB.id] : [nodeB.id, nodeA.id];
+    }
+    var aFamily = [nodeA.id];
+    var bFamily = [nodeB.id];
+    var aAncestor = nodeA.parentId;
+    var bAncestor = nodeB.parentId;
+    var aAncestorIsCommon = bFamily.indexOf(aAncestor) !== -1;
+    var bAncestorIsCommon = aFamily.indexOf(bAncestor) !== -1;
+    var continueA = true;
+    var continueB = true;
+    while (!bAncestorIsCommon && !aAncestorIsCommon) {
+      if (continueA) {
+        aFamily.push(aAncestor);
+        aAncestorIsCommon = bFamily.indexOf(aAncestor) !== -1;
+        continueA = aAncestor !== null;
+        if (!aAncestorIsCommon && continueA) {
+          aAncestor = nodeMap.current[aAncestor].parentId;
+        }
+      }
+      if (continueB && !aAncestorIsCommon) {
+        bFamily.push(bAncestor);
+        bAncestorIsCommon = aFamily.indexOf(bAncestor) !== -1;
+        continueB = bAncestor !== null;
+        if (!bAncestorIsCommon && continueB) {
+          bAncestor = nodeMap.current[bAncestor].parentId;
+        }
+      }
+    }
+    var commonAncestor = aAncestorIsCommon ? aAncestor : bAncestor;
+    var ancestorFamily = getChildrenIds(commonAncestor);
+    var aSide = aFamily[aFamily.indexOf(commonAncestor) - 1];
+    var bSide = bFamily[bFamily.indexOf(commonAncestor) - 1];
+    return ancestorFamily.indexOf(aSide) < ancestorFamily.indexOf(bSide) ? [nodeAId, nodeBId] : [nodeBId, nodeAId];
+  };
+  var getNodesInRange = function getNodesInRange(nodeA, nodeB) {
+    var _findOrderInTremauxTr = findOrderInTremauxTree(nodeA, nodeB),
+      _findOrderInTremauxTr2 = slicedToArray_slicedToArray(_findOrderInTremauxTr, 2),
+      first = _findOrderInTremauxTr2[0],
+      last = _findOrderInTremauxTr2[1];
+    var nodes = [first];
+    var current = first;
+    while (current !== last) {
+      current = getNextNode(current);
+      nodes.push(current);
+    }
+    return nodes;
+  };
+
+  /*
+   * Focus Helpers
+   */
+
+  var focus = function focus(event, id) {
+    if (id) {
+      setFocusedNodeId(id);
+      if (onNodeFocus) {
+        onNodeFocus(event, id);
+      }
+    }
+  };
+  var focusNextNode = function focusNextNode(event, id) {
+    return focus(event, getNextNode(id));
+  };
+  var focusPreviousNode = function focusPreviousNode(event, id) {
+    return focus(event, getPreviousNode(id));
+  };
+  var focusFirstNode = function focusFirstNode(event) {
+    return focus(event, getFirstNode());
+  };
+  var focusLastNode = function focusLastNode(event) {
+    return focus(event, getLastNode());
+  };
+  var focusByFirstCharacter = function focusByFirstCharacter(event, id, char) {
+    var start;
+    var index;
+    var lowercaseChar = char.toLowerCase();
+    var firstCharIds = [];
+    var firstChars = [];
+    // This really only works since the ids are strings
+    Object.keys(firstCharMap.current).forEach(function (nodeId) {
+      var firstChar = firstCharMap.current[nodeId];
+      var map = nodeMap.current[nodeId];
+      var visible = map.parentId ? isExpanded(map.parentId) : true;
+      var shouldBeSkipped = disabledItemsFocusable ? false : isDisabled(nodeId);
+      if (visible && !shouldBeSkipped) {
+        firstCharIds.push(nodeId);
+        firstChars.push(firstChar);
+      }
+    });
+
+    // Get start index for search based on position of currentItem
+    start = firstCharIds.indexOf(id) + 1;
+    if (start >= firstCharIds.length) {
+      start = 0;
+    }
+
+    // Check remaining slots in the menu
+    index = findNextFirstChar(firstChars, start, lowercaseChar);
+
+    // If not found in remaining slots, check from beginning
+    if (index === -1) {
+      index = findNextFirstChar(firstChars, 0, lowercaseChar);
+    }
+
+    // If match was found...
+    if (index > -1) {
+      focus(event, firstCharIds[index]);
+    }
+  };
+
+  /*
+   * Expansion Helpers
+   */
+
+  var toggleExpansion = function toggleExpansion(event) {
+    var value = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : focusedNodeId;
+    var newExpanded;
+    if (expanded.indexOf(value) !== -1) {
+      newExpanded = expanded.filter(function (id) {
+        return id !== value;
+      });
+    } else {
+      newExpanded = [value].concat(expanded);
+    }
+    if (onNodeToggle) {
+      onNodeToggle(event, newExpanded);
+    }
+    setExpandedState(newExpanded);
+  };
+  var expandAllSiblings = function expandAllSiblings(event, id) {
+    var map = nodeMap.current[id];
+    var siblings = getChildrenIds(map.parentId);
+    var diff = siblings.filter(function (child) {
+      return isExpandable(child) && !isExpanded(child);
+    });
+    var newExpanded = expanded.concat(diff);
+    if (diff.length > 0) {
+      setExpandedState(newExpanded);
+      if (onNodeToggle) {
+        onNodeToggle(event, newExpanded);
+      }
+    }
+  };
+
+  /*
+   * Selection Helpers
+   */
+
+  var lastSelectedNode = react.useRef(null);
+  var lastSelectionWasRange = react.useRef(false);
+  var currentRangeSelection = react.useRef([]);
+  var handleRangeArrowSelect = function handleRangeArrowSelect(event, nodes) {
+    var base = selected.slice();
+    var start = nodes.start,
+      next = nodes.next,
+      current = nodes.current;
+    if (!next || !current) {
+      return;
+    }
+    if (currentRangeSelection.current.indexOf(current) === -1) {
+      currentRangeSelection.current = [];
+    }
+    if (lastSelectionWasRange.current) {
+      if (currentRangeSelection.current.indexOf(next) !== -1) {
+        base = base.filter(function (id) {
+          return id === start || id !== current;
+        });
+        currentRangeSelection.current = currentRangeSelection.current.filter(function (id) {
+          return id === start || id !== current;
+        });
+      } else {
+        base.push(next);
+        currentRangeSelection.current.push(next);
+      }
+    } else {
+      base.push(next);
+      currentRangeSelection.current.push(current, next);
+    }
+    if (onNodeSelect) {
+      onNodeSelect(event, base);
+    }
+    setSelectedState(base);
+  };
+  var handleRangeSelect = function handleRangeSelect(event, nodes) {
+    var base = selected.slice();
+    var start = nodes.start,
+      end = nodes.end;
+    // If last selection was a range selection ignore nodes that were selected.
+    if (lastSelectionWasRange.current) {
+      base = base.filter(function (id) {
+        return currentRangeSelection.current.indexOf(id) === -1;
+      });
+    }
+    var range = getNodesInRange(start, end);
+    range = range.filter(function (node) {
+      return !isDisabled(node);
+    });
+    currentRangeSelection.current = range;
+    var newSelected = base.concat(range);
+    newSelected = newSelected.filter(function (id, i) {
+      return newSelected.indexOf(id) === i;
+    });
+    if (onNodeSelect) {
+      onNodeSelect(event, newSelected);
+    }
+    setSelectedState(newSelected);
+  };
+  var handleMultipleSelect = function handleMultipleSelect(event, value) {
+    var newSelected;
+    if (selected.indexOf(value) !== -1) {
+      newSelected = selected.filter(function (id) {
+        return id !== value;
+      });
+    } else {
+      newSelected = [value].concat(selected);
+    }
+    if (onNodeSelect) {
+      onNodeSelect(event, newSelected);
+    }
+    setSelectedState(newSelected);
+  };
+  var handleSingleSelect = function handleSingleSelect(event, value) {
+    var newSelected = multiSelect ? [value] : value;
+    if (onNodeSelect) {
+      onNodeSelect(event, newSelected);
+    }
+    setSelectedState(newSelected);
+  };
+  var selectNode = function selectNode(event, id) {
+    var multiple = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+    if (id) {
+      if (multiple) {
+        handleMultipleSelect(event, id);
+      } else {
+        handleSingleSelect(event, id);
+      }
+      lastSelectedNode.current = id;
+      lastSelectionWasRange.current = false;
+      currentRangeSelection.current = [];
+      return true;
+    }
+    return false;
+  };
+  var selectRange = function selectRange(event, nodes) {
+    var stacked = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+    var _nodes$start = nodes.start,
+      start = _nodes$start === void 0 ? lastSelectedNode.current : _nodes$start,
+      end = nodes.end,
+      current = nodes.current;
+    if (stacked) {
+      handleRangeArrowSelect(event, {
+        start: start,
+        next: end,
+        current: current
+      });
+    } else if (start != null && end != null) {
+      handleRangeSelect(event, {
+        start: start,
+        end: end
+      });
+    }
+    lastSelectionWasRange.current = true;
+  };
+  var rangeSelectToFirst = function rangeSelectToFirst(event, id) {
+    if (!lastSelectedNode.current) {
+      lastSelectedNode.current = id;
+    }
+    var start = lastSelectionWasRange.current ? lastSelectedNode.current : id;
+    selectRange(event, {
+      start: start,
+      end: getFirstNode()
+    });
+  };
+  var rangeSelectToLast = function rangeSelectToLast(event, id) {
+    if (!lastSelectedNode.current) {
+      lastSelectedNode.current = id;
+    }
+    var start = lastSelectionWasRange.current ? lastSelectedNode.current : id;
+    selectRange(event, {
+      start: start,
+      end: getLastNode()
+    });
+  };
+  var selectNextNode = function selectNextNode(event, id) {
+    if (!isDisabled(getNextNode(id))) {
+      selectRange(event, {
+        end: getNextNode(id),
+        current: id
+      }, true);
+    }
+  };
+  var selectPreviousNode = function selectPreviousNode(event, id) {
+    if (!isDisabled(getPreviousNode(id))) {
+      selectRange(event, {
+        end: getPreviousNode(id),
+        current: id
+      }, true);
+    }
+  };
+  var selectAllNodes = function selectAllNodes(event) {
+    selectRange(event, {
+      start: getFirstNode(),
+      end: getLastNode()
+    });
+  };
+
+  /*
+   * Mapping Helpers
+   */
+  var registerNode = react.useCallback(function (node) {
+    var id = node.id,
+      index = node.index,
+      parentId = node.parentId,
+      expandable = node.expandable,
+      idAttribute = node.idAttribute,
+      disabled = node.disabled;
+    nodeMap.current[id] = {
+      id: id,
+      index: index,
+      parentId: parentId,
+      expandable: expandable,
+      idAttribute: idAttribute,
+      disabled: disabled
+    };
+  }, []);
+  var unregisterNode = react.useCallback(function (id) {
+    var newMap = extends_extends({}, nodeMap.current);
+    delete newMap[id];
+    nodeMap.current = newMap;
+    setFocusedNodeId(function (oldFocusedNodeId) {
+      if (oldFocusedNodeId === id && treeRef.current === utils_ownerDocument(treeRef.current).activeElement) {
+        return getChildrenIds(null)[0];
+      }
+      return oldFocusedNodeId;
+    });
+  }, []);
+  var mapFirstChar = react.useCallback(function (id, firstChar) {
+    firstCharMap.current[id] = firstChar;
+  }, []);
+  var unMapFirstChar = react.useCallback(function (id) {
+    var newMap = extends_extends({}, firstCharMap.current);
+    delete newMap[id];
+    firstCharMap.current = newMap;
+  }, []);
+
+  /**
+   * Event handlers and Navigation
+   */
+
+  var handleNextArrow = function handleNextArrow(event) {
+    if (isExpandable(focusedNodeId)) {
+      if (isExpanded(focusedNodeId)) {
+        focusNextNode(event, focusedNodeId);
+      } else if (!isDisabled(focusedNodeId)) {
+        toggleExpansion(event);
+      }
+    }
+    return true;
+  };
+  var handlePreviousArrow = function handlePreviousArrow(event) {
+    if (isExpanded(focusedNodeId) && !isDisabled(focusedNodeId)) {
+      toggleExpansion(event, focusedNodeId);
+      return true;
+    }
+    var parent = getParent(focusedNodeId);
+    if (parent) {
+      focus(event, parent);
+      return true;
+    }
+    return false;
+  };
+  var handleKeyDown = function handleKeyDown(event) {
+    var flag = false;
+    var key = event.key;
+
+    // If the tree is empty there will be no focused node
+    if (event.altKey || event.currentTarget !== event.target || !focusedNodeId) {
+      return;
+    }
+    var ctrlPressed = event.ctrlKey || event.metaKey;
+    switch (key) {
+      case ' ':
+        if (!disableSelection && !isDisabled(focusedNodeId)) {
+          if (multiSelect && event.shiftKey) {
+            selectRange(event, {
+              end: focusedNodeId
+            });
+            flag = true;
+          } else if (multiSelect) {
+            flag = selectNode(event, focusedNodeId, true);
+          } else {
+            flag = selectNode(event, focusedNodeId);
+          }
+        }
+        event.stopPropagation();
+        break;
+      case 'Enter':
+        if (!isDisabled(focusedNodeId)) {
+          if (isExpandable(focusedNodeId)) {
+            toggleExpansion(event);
+            flag = true;
+          } else if (multiSelect) {
+            flag = selectNode(event, focusedNodeId, true);
+          } else {
+            flag = selectNode(event, focusedNodeId);
+          }
+        }
+        event.stopPropagation();
+        break;
+      case 'ArrowDown':
+        if (multiSelect && event.shiftKey && !disableSelection) {
+          selectNextNode(event, focusedNodeId);
+        }
+        focusNextNode(event, focusedNodeId);
+        flag = true;
+        break;
+      case 'ArrowUp':
+        if (multiSelect && event.shiftKey && !disableSelection) {
+          selectPreviousNode(event, focusedNodeId);
+        }
+        focusPreviousNode(event, focusedNodeId);
+        flag = true;
+        break;
+      case 'ArrowRight':
+        if (isRtl) {
+          flag = handlePreviousArrow(event);
+        } else {
+          flag = handleNextArrow(event);
+        }
+        break;
+      case 'ArrowLeft':
+        if (isRtl) {
+          flag = handleNextArrow(event);
+        } else {
+          flag = handlePreviousArrow(event);
+        }
+        break;
+      case 'Home':
+        if (multiSelect && ctrlPressed && event.shiftKey && !disableSelection && !isDisabled(focusedNodeId)) {
+          rangeSelectToFirst(event, focusedNodeId);
+        }
+        focusFirstNode(event);
+        flag = true;
+        break;
+      case 'End':
+        if (multiSelect && ctrlPressed && event.shiftKey && !disableSelection && !isDisabled(focusedNodeId)) {
+          rangeSelectToLast(event, focusedNodeId);
+        }
+        focusLastNode(event);
+        flag = true;
+        break;
+      default:
+        if (key === '*') {
+          expandAllSiblings(event, focusedNodeId);
+          flag = true;
+        } else if (multiSelect && ctrlPressed && key.toLowerCase() === 'a' && !disableSelection) {
+          selectAllNodes(event);
+          flag = true;
+        } else if (!ctrlPressed && !event.shiftKey && isPrintableCharacter(key)) {
+          focusByFirstCharacter(event, focusedNodeId, key);
+          flag = true;
+        }
+    }
+    if (flag) {
+      event.preventDefault();
+      event.stopPropagation();
+    }
+    if (onKeyDown) {
+      onKeyDown(event);
+    }
+  };
+  var handleFocus = function handleFocus(event) {
+    // if the event bubbled (which is React specific) we don't want to steal focus
+    if (event.target === event.currentTarget) {
+      var firstSelected = Array.isArray(selected) ? selected[0] : selected;
+      focus(event, firstSelected || getNavigableChildrenIds(null)[0]);
+    }
+    if (onFocus) {
+      onFocus(event);
+    }
+  };
+  var handleBlur = function handleBlur(event) {
+    setFocusedNodeId(null);
+    if (onBlur) {
+      onBlur(event);
+    }
+  };
+  var activeDescendant = nodeMap.current[focusedNodeId] ? nodeMap.current[focusedNodeId].idAttribute : null;
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TreeView_TreeViewContext.Provider, {
+    // TODO: fix this lint error
+    // eslint-disable-next-line react/jsx-no-constructed-context-values
+    value: {
+      icons: {
+        defaultCollapseIcon: defaultCollapseIcon,
+        defaultExpandIcon: defaultExpandIcon,
+        defaultParentIcon: defaultParentIcon,
+        defaultEndIcon: defaultEndIcon
+      },
+      focus: focus,
+      toggleExpansion: toggleExpansion,
+      isExpanded: isExpanded,
+      isExpandable: isExpandable,
+      isFocused: isFocused,
+      isSelected: isSelected,
+      isDisabled: isDisabled,
+      selectNode: disableSelection ? noopSelection : selectNode,
+      selectRange: disableSelection ? noopSelection : selectRange,
+      multiSelect: multiSelect,
+      disabledItemsFocusable: disabledItemsFocusable,
+      mapFirstChar: mapFirstChar,
+      unMapFirstChar: unMapFirstChar,
+      registerNode: registerNode,
+      unregisterNode: unregisterNode,
+      treeId: treeId
+    },
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantProvider, {
+      children: /*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewRoot, extends_extends({
+        role: "tree",
+        id: treeId,
+        "aria-activedescendant": activeDescendant,
+        "aria-multiselectable": multiSelect,
+        className: clsx_m(classes.root, className),
+        ref: handleRef,
+        tabIndex: 0,
+        onKeyDown: handleKeyDown,
+        onFocus: handleFocus,
+        onBlur: handleBlur,
+        ownerState: ownerState
+      }, other, {
+        children: children
+      }))
+    })
+  });
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TreeView_TreeView = (TreeView);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Collapse/collapseClasses.js
+
+
+function getCollapseUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiCollapse', slot);
+}
+var collapseClasses = generateUtilityClasses('MuiCollapse', ['root', 'horizontal', 'vertical', 'entered', 'hidden', 'wrapper', 'wrapperInner']);
+/* harmony default export */ var Collapse_collapseClasses = ((/* unused pure expression or super */ null && (collapseClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Collapse/Collapse.js
+
+
+
+var Collapse_excluded = ["addEndListener", "children", "className", "collapsedSize", "component", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "orientation", "style", "timeout", "TransitionComponent"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var Collapse_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var orientation = ownerState.orientation,
+    classes = ownerState.classes;
+  var slots = {
+    root: ['root', "".concat(orientation)],
+    entered: ['entered'],
+    hidden: ['hidden'],
+    wrapper: ['wrapper', "".concat(orientation)],
+    wrapperInner: ['wrapperInner', "".concat(orientation)]
+  };
+  return composeClasses(slots, getCollapseUtilityClass, classes);
+};
+var CollapseRoot = styles_styled('div', {
+  name: 'MuiCollapse',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.orientation], ownerState.state === 'entered' && styles.entered, ownerState.state === 'exited' && !ownerState.in && ownerState.collapsedSize === '0px' && styles.hidden];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({
+    height: 0,
+    overflow: 'hidden',
+    transition: theme.transitions.create('height')
+  }, ownerState.orientation === 'horizontal' && {
+    height: 'auto',
+    width: 0,
+    transition: theme.transitions.create('width')
+  }, ownerState.state === 'entered' && extends_extends({
+    height: 'auto',
+    overflow: 'visible'
+  }, ownerState.orientation === 'horizontal' && {
+    width: 'auto'
+  }), ownerState.state === 'exited' && !ownerState.in && ownerState.collapsedSize === '0px' && {
+    visibility: 'hidden'
+  });
+});
+var CollapseWrapper = styles_styled('div', {
+  name: 'MuiCollapse',
+  slot: 'Wrapper',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.wrapper;
+  }
+})(function (_ref2) {
+  var ownerState = _ref2.ownerState;
+  return extends_extends({
+    // Hack to get children with a negative margin to not falsify the height computation.
+    display: 'flex',
+    width: '100%'
+  }, ownerState.orientation === 'horizontal' && {
+    width: 'auto',
+    height: '100%'
+  });
+});
+var CollapseWrapperInner = styles_styled('div', {
+  name: 'MuiCollapse',
+  slot: 'WrapperInner',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.wrapperInner;
+  }
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState;
+  return extends_extends({
+    width: '100%'
+  }, ownerState.orientation === 'horizontal' && {
+    width: 'auto',
+    height: '100%'
+  });
+});
+
+/**
+ * The Collapse transition is used by the
+ * [Vertical Stepper](/material-ui/react-stepper/#vertical-stepper) StepContent component.
+ * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
+ */
+var Collapse = /*#__PURE__*/react.forwardRef(function Collapse(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiCollapse'
+  });
+  var addEndListener = props.addEndListener,
+    _children = props.children,
+    className = props.className,
+    _props$collapsedSize = props.collapsedSize,
+    collapsedSizeProp = _props$collapsedSize === void 0 ? '0px' : _props$collapsedSize,
+    component = props.component,
+    easing = props.easing,
+    inProp = props.in,
+    onEnter = props.onEnter,
+    onEntered = props.onEntered,
+    onEntering = props.onEntering,
+    onExit = props.onExit,
+    onExited = props.onExited,
+    onExiting = props.onExiting,
+    _props$orientation = props.orientation,
+    orientation = _props$orientation === void 0 ? 'vertical' : _props$orientation,
+    style = props.style,
+    _props$timeout = props.timeout,
+    timeout = _props$timeout === void 0 ? duration.standard : _props$timeout,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Collapse_excluded);
+  var ownerState = extends_extends({}, props, {
+    orientation: orientation,
+    collapsedSize: collapsedSizeProp
+  });
+  var classes = Collapse_useUtilityClasses(ownerState);
+  var theme = styles_useTheme_useTheme();
+  var timer = react.useRef();
+  var wrapperRef = react.useRef(null);
+  var autoTransitionDuration = react.useRef();
+  var collapsedSize = typeof collapsedSizeProp === 'number' ? "".concat(collapsedSizeProp, "px") : collapsedSizeProp;
+  var isHorizontal = orientation === 'horizontal';
+  var size = isHorizontal ? 'width' : 'height';
+  react.useEffect(function () {
+    return function () {
+      clearTimeout(timer.current);
+    };
+  }, []);
+  var nodeRef = react.useRef(null);
+  var handleRef = utils_useForkRef(ref, nodeRef);
+  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
+    return function (maybeIsAppearing) {
+      if (callback) {
+        var node = nodeRef.current;
+
+        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
+        if (maybeIsAppearing === undefined) {
+          callback(node);
+        } else {
+          callback(node, maybeIsAppearing);
+        }
+      }
+    };
+  };
+  var getWrapperSize = function getWrapperSize() {
+    return wrapperRef.current ? wrapperRef.current[isHorizontal ? 'clientWidth' : 'clientHeight'] : 0;
+  };
+  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
+    if (wrapperRef.current && isHorizontal) {
+      // Set absolute position to get the size of collapsed content
+      wrapperRef.current.style.position = 'absolute';
+    }
+    node.style[size] = collapsedSize;
+    if (onEnter) {
+      onEnter(node, isAppearing);
+    }
+  });
+  var handleEntering = normalizedTransitionCallback(function (node, isAppearing) {
+    var wrapperSize = getWrapperSize();
+    if (wrapperRef.current && isHorizontal) {
+      // After the size is read reset the position back to default
+      wrapperRef.current.style.position = '';
+    }
+    var _getTransitionProps = getTransitionProps({
+        style: style,
+        timeout: timeout,
+        easing: easing
+      }, {
+        mode: 'enter'
+      }),
+      transitionDuration = _getTransitionProps.duration,
+      transitionTimingFunction = _getTransitionProps.easing;
+    if (timeout === 'auto') {
+      var duration2 = theme.transitions.getAutoHeightDuration(wrapperSize);
+      node.style.transitionDuration = "".concat(duration2, "ms");
+      autoTransitionDuration.current = duration2;
+    } else {
+      node.style.transitionDuration = typeof transitionDuration === 'string' ? transitionDuration : "".concat(transitionDuration, "ms");
+    }
+    node.style[size] = "".concat(wrapperSize, "px");
+    node.style.transitionTimingFunction = transitionTimingFunction;
+    if (onEntering) {
+      onEntering(node, isAppearing);
+    }
+  });
+  var handleEntered = normalizedTransitionCallback(function (node, isAppearing) {
+    node.style[size] = 'auto';
+    if (onEntered) {
+      onEntered(node, isAppearing);
+    }
+  });
+  var handleExit = normalizedTransitionCallback(function (node) {
+    node.style[size] = "".concat(getWrapperSize(), "px");
+    if (onExit) {
+      onExit(node);
+    }
+  });
+  var handleExited = normalizedTransitionCallback(onExited);
+  var handleExiting = normalizedTransitionCallback(function (node) {
+    var wrapperSize = getWrapperSize();
+    var _getTransitionProps2 = getTransitionProps({
+        style: style,
+        timeout: timeout,
+        easing: easing
+      }, {
+        mode: 'exit'
+      }),
+      transitionDuration = _getTransitionProps2.duration,
+      transitionTimingFunction = _getTransitionProps2.easing;
+    if (timeout === 'auto') {
+      // TODO: rename getAutoHeightDuration to something more generic (width support)
+      // Actually it just calculates animation duration based on size
+      var duration2 = theme.transitions.getAutoHeightDuration(wrapperSize);
+      node.style.transitionDuration = "".concat(duration2, "ms");
+      autoTransitionDuration.current = duration2;
+    } else {
+      node.style.transitionDuration = typeof transitionDuration === 'string' ? transitionDuration : "".concat(transitionDuration, "ms");
+    }
+    node.style[size] = collapsedSize;
+    node.style.transitionTimingFunction = transitionTimingFunction;
+    if (onExiting) {
+      onExiting(node);
+    }
+  });
+  var handleAddEndListener = function handleAddEndListener(next) {
+    if (timeout === 'auto') {
+      timer.current = setTimeout(next, autoTransitionDuration.current || 0);
+    }
+    if (addEndListener) {
+      // Old call signature before `react-transition-group` implemented `nodeRef`
+      addEndListener(nodeRef.current, next);
+    }
+  };
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
+    in: inProp,
+    onEnter: handleEnter,
+    onEntered: handleEntered,
+    onEntering: handleEntering,
+    onExit: handleExit,
+    onExited: handleExited,
+    onExiting: handleExiting,
+    addEndListener: handleAddEndListener,
+    nodeRef: nodeRef,
+    timeout: timeout === 'auto' ? null : timeout
+  }, other, {
+    children: function children(state, childProps) {
+      return /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseRoot, extends_extends({
+        as: component,
+        className: clsx_m(classes.root, className, {
+          'entered': classes.entered,
+          'exited': !inProp && collapsedSize === '0px' && classes.hidden
+        }[state]),
+        style: extends_extends(defineProperty_defineProperty({}, isHorizontal ? 'minWidth' : 'minHeight', collapsedSize), style),
+        ownerState: extends_extends({}, ownerState, {
+          state: state
+        }),
+        ref: handleRef
+      }, childProps, {
+        children: /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseWrapper, {
+          ownerState: extends_extends({}, ownerState, {
+            state: state
+          }),
+          className: classes.wrapper,
+          ref: wrapperRef,
+          children: /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseWrapperInner, {
+            ownerState: extends_extends({}, ownerState, {
+              state: state
+            }),
+            className: classes.wrapperInner,
+            children: _children
+          })
+        })
+      }));
+    }
+  }));
+});
+ false ? 0 : void 0;
+Collapse.muiSupportAuto = true;
+/* harmony default export */ var Collapse_Collapse = (Collapse);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/useTreeItem.js
+
+
+function useTreeItem(nodeId) {
+  var _React$useContext = react.useContext(TreeView_TreeViewContext),
+    focus = _React$useContext.focus,
+    isExpanded = _React$useContext.isExpanded,
+    isExpandable = _React$useContext.isExpandable,
+    isFocused = _React$useContext.isFocused,
+    isDisabled = _React$useContext.isDisabled,
+    isSelected = _React$useContext.isSelected,
+    multiSelect = _React$useContext.multiSelect,
+    selectNode = _React$useContext.selectNode,
+    selectRange = _React$useContext.selectRange,
+    toggleExpansion = _React$useContext.toggleExpansion;
+  var expandable = isExpandable ? isExpandable(nodeId) : false;
+  var expanded = isExpanded ? isExpanded(nodeId) : false;
+  var focused = isFocused ? isFocused(nodeId) : false;
+  var disabled = isDisabled ? isDisabled(nodeId) : false;
+  var selected = isSelected ? isSelected(nodeId) : false;
+  var handleExpansion = function handleExpansion(event) {
+    if (!disabled) {
+      if (!focused) {
+        focus(event, nodeId);
+      }
+      var multiple = multiSelect && (event.shiftKey || event.ctrlKey || event.metaKey);
+
+      // If already expanded and trying to toggle selection don't close
+      if (expandable && !(multiple && isExpanded(nodeId))) {
+        toggleExpansion(event, nodeId);
+      }
+    }
+  };
+  var handleSelection = function handleSelection(event) {
+    if (!disabled) {
+      if (!focused) {
+        focus(event, nodeId);
+      }
+      var multiple = multiSelect && (event.shiftKey || event.ctrlKey || event.metaKey);
+      if (multiple) {
+        if (event.shiftKey) {
+          selectRange(event, {
+            end: nodeId
+          });
+        } else {
+          selectNode(event, nodeId, true);
+        }
+      } else {
+        selectNode(event, nodeId);
+      }
+    }
+  };
+  var preventSelection = function preventSelection(event) {
+    if (event.shiftKey || event.ctrlKey || event.metaKey || disabled) {
+      // Prevent text selection
+      event.preventDefault();
+    }
+  };
+  return {
+    disabled: disabled,
+    expanded: expanded,
+    selected: selected,
+    focused: focused,
+    handleExpansion: handleExpansion,
+    handleSelection: handleSelection,
+    preventSelection: preventSelection
+  };
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/TreeItemContent.js
+
+
+var TreeItemContent_excluded = ["classes", "className", "displayIcon", "expansionIcon", "icon", "label", "nodeId", "onClick", "onMouseDown"];
+
+
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+
+var TreeItemContent = /*#__PURE__*/react.forwardRef(function TreeItemContent(props, ref) {
+  var classes = props.classes,
+    className = props.className,
+    displayIcon = props.displayIcon,
+    expansionIcon = props.expansionIcon,
+    iconProp = props.icon,
+    label = props.label,
+    nodeId = props.nodeId,
+    onClick = props.onClick,
+    onMouseDown = props.onMouseDown,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeItemContent_excluded);
+  var _useTreeItem = useTreeItem(nodeId),
+    disabled = _useTreeItem.disabled,
+    expanded = _useTreeItem.expanded,
+    selected = _useTreeItem.selected,
+    focused = _useTreeItem.focused,
+    handleExpansion = _useTreeItem.handleExpansion,
+    handleSelection = _useTreeItem.handleSelection,
+    preventSelection = _useTreeItem.preventSelection;
+  var icon = iconProp || expansionIcon || displayIcon;
+  var handleMouseDown = function handleMouseDown(event) {
+    preventSelection(event);
+    if (onMouseDown) {
+      onMouseDown(event);
+    }
+  };
+  var handleClick = function handleClick(event) {
+    handleExpansion(event);
+    handleSelection(event);
+    if (onClick) {
+      onClick(event);
+    }
+  };
+  return /*#__PURE__*/(
+    /* eslint-disable-next-line jsx-a11y/click-events-have-key-events,jsx-a11y/no-static-element-interactions -- Key event is handled by the TreeView */
+    (0,jsx_runtime.jsxs)("div", extends_extends({
+      className: clsx_m(className, classes.root, expanded && classes.expanded, selected && classes.selected, focused && classes.focused, disabled && classes.disabled),
+      onClick: handleClick,
+      onMouseDown: handleMouseDown,
+      ref: ref
+    }, other, {
+      children: [/*#__PURE__*/(0,jsx_runtime.jsx)("div", {
+        className: classes.iconContainer,
+        children: icon
+      }), /*#__PURE__*/(0,jsx_runtime.jsx)("div", {
+        className: classes.label,
+        children: label
+      })]
+    }))
+  );
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TreeItem_TreeItemContent = (TreeItemContent);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/treeItemClasses.js
+
+
+function getTreeItemUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTreeItem', slot);
+}
+var treeItemClasses = generateUtilityClasses('MuiTreeItem', ['root', 'group', 'content', 'expanded', 'selected', 'focused', 'disabled', 'iconContainer', 'label']);
+/* harmony default export */ var TreeItem_treeItemClasses = (treeItemClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/TreeItem.js
+
+
+
+
+var TreeItem_excluded = ["children", "className", "collapseIcon", "ContentComponent", "ContentProps", "endIcon", "expandIcon", "disabled", "icon", "id", "label", "nodeId", "onClick", "onMouseDown", "TransitionComponent", "TransitionProps"];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+var TreeItem_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root'],
+    content: ['content'],
+    expanded: ['expanded'],
+    selected: ['selected'],
+    focused: ['focused'],
+    disabled: ['disabled'],
+    iconContainer: ['iconContainer'],
+    label: ['label'],
+    group: ['group']
+  };
+  return composeClasses(slots, getTreeItemUtilityClass, classes);
+};
+var TreeItemRoot = styles_styled('li', {
+  name: 'MuiTreeItem',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  listStyle: 'none',
+  margin: 0,
+  padding: 0,
+  outline: 0
+});
+var StyledTreeItemContent = styles_styled(TreeItem_TreeItemContent, {
+  name: 'MuiTreeItem',
+  slot: 'Content',
+  overridesResolver: function overridesResolver(props, styles) {
+    return [styles.content, styles.iconContainer && defineProperty_defineProperty({}, "& .".concat(TreeItem_treeItemClasses.iconContainer), styles.iconContainer), styles.label && defineProperty_defineProperty({}, "& .".concat(TreeItem_treeItemClasses.label), styles.label)];
+  }
+})(function (_ref3) {
+  var _ref4;
+  var theme = _ref3.theme;
+  return _ref4 = {
+    padding: '0 8px',
+    width: '100%',
+    display: 'flex',
+    alignItems: 'center',
+    cursor: 'pointer',
+    WebkitTapHighlightColor: 'transparent',
+    '&:hover': {
+      backgroundColor: (theme.vars || theme).palette.action.hover,
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: 'transparent'
+      }
+    }
+  }, defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity,
+    backgroundColor: 'transparent'
+  }), defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.focused), {
+    backgroundColor: (theme.vars || theme).palette.action.focus
+  }), defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.selected), defineProperty_defineProperty({
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
+    '&:hover': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
+      // Reset on touch devices, it doesn't add specificity
+      '@media (hover: none)': {
+        backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
+      }
+    }
+  }, "&.".concat(TreeItem_treeItemClasses.focused), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
+  })), defineProperty_defineProperty(_ref4, "& .".concat(TreeItem_treeItemClasses.iconContainer), {
+    marginRight: 4,
+    width: 15,
+    display: 'flex',
+    flexShrink: 0,
+    justifyContent: 'center',
+    '& svg': {
+      fontSize: 18
+    }
+  }), defineProperty_defineProperty(_ref4, "& .".concat(TreeItem_treeItemClasses.label), extends_extends({
+    width: '100%',
+    // fixes overflow - see https://github.com/mui/material-ui/issues/27372
+    minWidth: 0,
+    paddingLeft: 4,
+    position: 'relative'
+  }, theme.typography.body1)), _ref4;
+});
+var TreeItemGroup = styles_styled(Collapse_Collapse, {
+  name: 'MuiTreeItem',
+  slot: 'Group',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.group;
+  }
+})({
+  margin: 0,
+  padding: 0,
+  marginLeft: 17
+});
+var TreeItem = /*#__PURE__*/react.forwardRef(function TreeItem(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTreeItem'
+  });
+  var children = props.children,
+    className = props.className,
+    collapseIcon = props.collapseIcon,
+    _props$ContentCompone = props.ContentComponent,
+    ContentComponent = _props$ContentCompone === void 0 ? TreeItem_TreeItemContent : _props$ContentCompone,
+    ContentProps = props.ContentProps,
+    endIcon = props.endIcon,
+    expandIcon = props.expandIcon,
+    disabledProp = props.disabled,
+    icon = props.icon,
+    idProp = props.id,
+    label = props.label,
+    nodeId = props.nodeId,
+    onClick = props.onClick,
+    onMouseDown = props.onMouseDown,
+    _props$TransitionComp = props.TransitionComponent,
+    TransitionComponent = _props$TransitionComp === void 0 ? Collapse_Collapse : _props$TransitionComp,
+    TransitionProps = props.TransitionProps,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeItem_excluded);
+  var _React$useContext = react.useContext(TreeView_TreeViewContext),
+    _React$useContext$ico = _React$useContext.icons,
+    contextIcons = _React$useContext$ico === void 0 ? {} : _React$useContext$ico,
+    focus = _React$useContext.focus,
+    isExpanded = _React$useContext.isExpanded,
+    isFocused = _React$useContext.isFocused,
+    isSelected = _React$useContext.isSelected,
+    isDisabled = _React$useContext.isDisabled,
+    multiSelect = _React$useContext.multiSelect,
+    disabledItemsFocusable = _React$useContext.disabledItemsFocusable,
+    mapFirstChar = _React$useContext.mapFirstChar,
+    unMapFirstChar = _React$useContext.unMapFirstChar,
+    registerNode = _React$useContext.registerNode,
+    unregisterNode = _React$useContext.unregisterNode,
+    treeId = _React$useContext.treeId;
+  var id = null;
+  if (idProp != null) {
+    id = idProp;
+  } else if (treeId && nodeId) {
+    id = "".concat(treeId, "-").concat(nodeId);
+  }
+  var _React$useState = react.useState(null),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    treeitemElement = _React$useState2[0],
+    setTreeitemElement = _React$useState2[1];
+  var contentRef = react.useRef(null);
+  var handleRef = utils_useForkRef(setTreeitemElement, ref);
+  var descendant = react.useMemo(function () {
+    return {
+      element: treeitemElement,
+      id: nodeId
+    };
+  }, [nodeId, treeitemElement]);
+  var _useDescendant = useDescendant(descendant),
+    index = _useDescendant.index,
+    parentId = _useDescendant.parentId;
+  var expandable = Boolean(Array.isArray(children) ? children.length : children);
+  var expanded = isExpanded ? isExpanded(nodeId) : false;
+  var focused = isFocused ? isFocused(nodeId) : false;
+  var selected = isSelected ? isSelected(nodeId) : false;
+  var disabled = isDisabled ? isDisabled(nodeId) : false;
+  var ownerState = extends_extends({}, props, {
+    expanded: expanded,
+    focused: focused,
+    selected: selected,
+    disabled: disabled
+  });
+  var classes = TreeItem_useUtilityClasses(ownerState);
+  var displayIcon;
+  var expansionIcon;
+  if (expandable) {
+    if (!expanded) {
+      expansionIcon = expandIcon || contextIcons.defaultExpandIcon;
+    } else {
+      expansionIcon = collapseIcon || contextIcons.defaultCollapseIcon;
+    }
+  }
+  if (expandable) {
+    displayIcon = contextIcons.defaultParentIcon;
+  } else {
+    displayIcon = endIcon || contextIcons.defaultEndIcon;
+  }
+  react.useEffect(function () {
+    // On the first render a node's index will be -1. We want to wait for the real index.
+    if (registerNode && unregisterNode && index !== -1) {
+      registerNode({
+        id: nodeId,
+        idAttribute: id,
+        index: index,
+        parentId: parentId,
+        expandable: expandable,
+        disabled: disabledProp
+      });
+      return function () {
+        unregisterNode(nodeId);
+      };
+    }
+    return undefined;
+  }, [registerNode, unregisterNode, parentId, index, nodeId, expandable, disabledProp, id]);
+  react.useEffect(function () {
+    if (mapFirstChar && unMapFirstChar && label) {
+      mapFirstChar(nodeId, contentRef.current.textContent.substring(0, 1).toLowerCase());
+      return function () {
+        unMapFirstChar(nodeId);
+      };
+    }
+    return undefined;
+  }, [mapFirstChar, unMapFirstChar, nodeId, label]);
+  var ariaSelected;
+  if (multiSelect) {
+    ariaSelected = selected;
+  } else if (selected) {
+    /* single-selection trees unset aria-selected on un-selected items.
+     *
+     * If the tree does not support multiple selection, aria-selected
+     * is set to true for the selected node and it is not present on any other node in the tree.
+     * Source: https://www.w3.org/WAI/ARIA/apg/patterns/treeview/
+     */
+    ariaSelected = true;
+  }
+  function handleFocus(event) {
+    // DOM focus stays on the tree which manages focus with aria-activedescendant
+    if (event.target === event.currentTarget) {
+      var rootElement;
+      if (typeof event.target.getRootNode === 'function') {
+        rootElement = event.target.getRootNode();
+      } else {
+        rootElement = utils_ownerDocument(event.target);
+      }
+      rootElement.getElementById(treeId).focus({
+        preventScroll: true
+      });
+    }
+    var unfocusable = !disabledItemsFocusable && disabled;
+    if (!focused && event.currentTarget === event.target && !unfocusable) {
+      focus(event, nodeId);
+    }
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TreeItemRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    role: "treeitem",
+    "aria-expanded": expandable ? expanded : null,
+    "aria-selected": ariaSelected,
+    "aria-disabled": disabled || null,
+    ref: handleRef,
+    id: id,
+    tabIndex: -1
+  }, other, {
+    ownerState: ownerState,
+    onFocus: handleFocus,
+    children: [/*#__PURE__*/(0,jsx_runtime.jsx)(StyledTreeItemContent, extends_extends({
+      as: ContentComponent,
+      ref: contentRef,
+      classes: {
+        root: classes.content,
+        expanded: classes.expanded,
+        selected: classes.selected,
+        focused: classes.focused,
+        disabled: classes.disabled,
+        iconContainer: classes.iconContainer,
+        label: classes.label
+      },
+      label: label,
+      nodeId: nodeId,
+      onClick: onClick,
+      onMouseDown: onMouseDown,
+      icon: icon,
+      expansionIcon: expansionIcon,
+      displayIcon: displayIcon,
+      ownerState: ownerState
+    }, ContentProps)), children && /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantProvider, {
+      id: nodeId,
+      children: /*#__PURE__*/(0,jsx_runtime.jsx)(TreeItemGroup, extends_extends({
+        as: TransitionComponent,
+        unmountOnExit: true,
+        className: classes.group,
+        in: expanded,
+        component: "ul",
+        role: "group"
+      }, TransitionProps, {
+        children: children
+      }))
+    })]
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TreeItem_TreeItem = (TreeItem);
+;// CONCATENATED MODULE: ./src/components/result-view/NodeStatusFilter.tsx
+function FilterNode(node,activeFilters){var _node$diffStatus,_node$healthStatus,_node$healthStatus2;var hasChanges=(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.hasDiffs();var hasErrorsOrWarnings=((_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.length)||((_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.length);if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyImportant&&!hasChanges&&!hasErrorsOrWarnings){return false;}if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyChanged&&!hasChanges){return false;}if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyWithErrorsOrWarnings&&!hasErrorsOrWarnings){return false;}return true;}var FilterButton=function FilterButton(props){var handleClick=function handleClick(){props.handler(!props.active);};var Icon=props.Icon;var chipColor=props.active?props.color:"default";return/*#__PURE__*/_jsx(Tooltip,{title:props.tooltip,children:/*#__PURE__*/_jsx(Chip,{variant:"filled",color:chipColor,label:/*#__PURE__*/_jsx(Icon,{color:props.active?undefined:props.color,htmlColor:props.active?"white":undefined}),onClick:handleClick,sx:{"& .MuiChip-label":{display:"flex",justifyContent:"center",alignItems:"center"}}})});};var NodeStatusFilter=function NodeStatusFilter(props){var _useState=useState({onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false}),_useState2=_slicedToArray(_useState,2),activeFilters=_useState2[0],setActiveFilters=_useState2[1];var doSetActiveFilters=function doSetActiveFilters(newActiveFilters){setActiveFilters(newActiveFilters);props.onFilterChange(newActiveFilters);};return/*#__PURE__*/_jsxs(Box,{display:"flex",flexDirection:"column",alignItems:"center",children:["Filters",/*#__PURE__*/_jsxs(Box,{display:"flex",alignItems:"center",gap:"5px",children:[/*#__PURE__*/_jsx(FilterButton,{Icon:Grade,tooltip:"Only important (changed or with errors/warnings)",color:"secondary",active:activeFilters.onlyImportant,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyImportant:active}));}}),/*#__PURE__*/_jsx(FilterButton,{Icon:AutoFixHigh,tooltip:"Only with changed",color:"secondary",active:activeFilters.onlyChanged,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyChanged:active}));}}),/*#__PURE__*/_jsx(FilterButton,{Icon:ErrorOutline,tooltip:"Only with errors or warnings",color:"error",active:activeFilters.onlyWithErrorsOrWarnings,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyWithErrorsOrWarnings:active}));}})]})]});};
+;// CONCATENATED MODULE: ./src/components/result-view/CommandResultTree.tsx
+var CommandResultTree=function CommandResultTree(props){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(["root"]),_useState2=slicedToArray_slicedToArray(_useState,2),expanded=_useState2[0],setExpanded=_useState2[1];var _useMemo=(0,react.useMemo)(function(){if(!props.commandResultProps){return[undefined,undefined];}var builder=new NodeBuilder(props.commandResultProps);return builder.buildRoot();},[props.commandResultProps]),_useMemo2=slicedToArray_slicedToArray(_useMemo,1),rootNode=_useMemo2[0];var handleToggle=function handleToggle(event,nodeIds){setExpanded(nodeIds);};var handleDoubleClick=function handleDoubleClick(e,node){if(expanded.includes(node.id)){setExpanded(expanded.filter(function(item){return item!==node.id;}));}else{setExpanded([].concat(toConsumableArray_toConsumableArray(expanded),[node.id]));}e.stopPropagation();};var handleItemClick=function handleItemClick(e,node){props.onSelectNode(node);e.stopPropagation();};var renderTree=function renderTree(nodes){if(!FilterNode(nodes,props.activeFilters)){return null;}return/*#__PURE__*/(0,jsx_runtime.jsx)(TreeItem_TreeItem,{nodeId:nodes.id,label:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",onClick:function onClick(e){return handleItemClick(e,nodes);},pl:"22px",height:"100%",flex:"1 1 auto",position:"relative",children:[nodes.children.length!==0&&/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),nodes.buildTreeItem(nodes.children.length!==0)]}),sx:{'& .MuiTreeItem-content':{height:'78px',borderBottom:"0.5px solid ".concat(theme.palette.secondary.main),padding:0,overflow:'hidden','& .MuiTreeItem-iconContainer':{width:'50px',height:'50px',flex:'0 0 auto',margin:0,padding:0,display:nodes.children.length!==0?'flex':'none',justifyContent:'center',alignItems:'center'},'& .MuiTreeItem-label':{height:'100%',margin:0,padding:0,flex:'1 1 auto',display:'flex',alignItems:'center'}},'& .MuiTreeItem-group':{margin:'0 0 0 38px'}},onDoubleClick:function onDoubleClick(e){return handleDoubleClick(e,nodes);},children:Array.isArray(nodes.children)?nodes.children.map(function(node){return renderTree(node);}):null},nodes.id);};if(!rootNode){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'20px 40px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeView_TreeView,{expanded:expanded,onNodeToggle:handleToggle,"aria-label":"rich object",defaultCollapseIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleDownIcon,{}),defaultExpandIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleRightIcon,{}),sx:{width:"100%"},children:renderTree(rootNode)})});};/* harmony default export */ var result_view_CommandResultTree = (CommandResultTree);
+;// CONCATENATED MODULE: ./src/components/result-view/CommandResultView.tsx
+function commandResultLoader(_x){return _commandResultLoader.apply(this,arguments);}function _commandResultLoader(){_commandResultLoader=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(_ref){var params,result,shortNames,rs;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:params=_ref.params;result=api.getResult(params.id);shortNames=api.getShortNames();rs=api.getResult(params.id);_context.next=6;return shortNames;case 6:_context.t0=_context.sent;_context.next=9;return rs;case 9:_context.t1=_context.sent;_context.next=12;return result;case 12:_context.t2=_context.sent;return _context.abrupt("return",{shortNames:_context.t0,summary:_context.t1,commandResult:_context.t2});case 14:case"end":return _context.stop();}},_callee);}));return _commandResultLoader.apply(this,arguments);}var FilterCheckbox=function FilterCheckbox(props){var text=props.text,checked=props.checked,Icon=props.Icon,onChange=props.onChange;return/*#__PURE__*/(0,jsx_runtime.jsx)(FormControlLabel_FormControlLabel,{sx:{display:'flex',justifyContent:'center',alignItems:'center',margin:0,padding:0},control:/*#__PURE__*/(0,jsx_runtime.jsx)(Checkbox_Checkbox,{checked:checked,sx:{display:'flex',justifyContent:'center',alignItems:'center'},onChange:onChange,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxIcon,{}),checkedIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxCheckedIcon,{})}),slotProps:{typography:{sx:{display:'flex',justifyContent:'center',alignItems:'center',gap:'10px'}}},label:/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",children:text}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",display:"flex",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})]})});};function DetailsDrawer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.nodeData!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"720px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:props.nodeData,onClose:props.onClose})})})});}var defaultFilters={onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false};var CommandResultView=function CommandResultView(){var _context$filters,_context$filters2,_context$filters3;var context=useAppOutletContext();var commandResultProps=useLoaderData();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),sidePanelNode=_useState2[0],setSidePanelNode=_useState2[1];var divider=/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',margin:'0 20px 0 30px'}});var handleFilterChange=function handleFilterChange(filter){return function(_,checked){context.setFilters(function(fs){return _objectSpread2(_objectSpread2({},fs||defaultFilters),{},defineProperty_defineProperty({},filter,checked));});};};return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DetailsDrawer,{nodeData:sidePanelNode,onClose:function onClose(){return setSidePanelNode(undefined);}}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",minHeight:"70px",p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only important",checked:!!((_context$filters=context.filters)!==null&&_context$filters!==void 0&&_context$filters.onlyImportant),Icon:StarIcon,onChange:handleFilterChange('onlyImportant')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with changes",checked:!!((_context$filters2=context.filters)!==null&&_context$filters2!==void 0&&_context$filters2.onlyChanged),Icon:ChangesIcon,onChange:handleFilterChange('onlyChanged')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with errors and warnings",checked:!!((_context$filters3=context.filters)!==null&&_context$filters3!==void 0&&_context$filters3.onlyWithErrorsOrWarnings),Icon:WarningSignIcon,onChange:handleFilterChange('onlyWithErrorsOrWarnings')})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"25px 40px",overflow:"auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(result_view_CommandResultTree,{commandResultProps:commandResultProps,onSelectNode:setSidePanelNode,activeFilters:context.filters})})]});};
+;// CONCATENATED MODULE: ./src/components/Router.tsx
+function ErrorPage(){var error=useRouteError();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{id:"error-page",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Oops!"}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Sorry, an unexpected error has occurred."}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("i",{children:error.statusText||error.message})})]});}var Router_Router=createHashRouter([{path:"/",element:/*#__PURE__*/(0,jsx_runtime.jsx)(components_App,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{}),children:[{path:"targets",element:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})},{path:"results/:id",element:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultView,{}),loader:commandResultLoader,errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})}]}]);
+;// CONCATENATED MODULE: ./src/index.tsx
+var root=client.createRoot(document.getElementById('root'));root.render(/*#__PURE__*/(0,jsx_runtime.jsx)(react.StrictMode,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(RouterProvider,{router:Router_Router})}));// If you want to start measuring performance in your app, pass a function
+// to log results (for example: reportWebVitals(console.log))
+// or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals
+src_reportWebVitals();
+}();
+/******/ })()
+;
+//# sourceMappingURL=main.34340eee.js.map
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/added.svg b/pkg/webui/ui/build/static/media/added.svg
new file mode 100644
index 000000000..1086507eb
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/added.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M21.74 9.44H2V6.42C2 3.98 3.98 2 6.42 2H8.75C10.38 2 10.89 2.53 11.54 3.4L12.94 5.26C13.25 5.67 13.29 5.73 13.87 5.73H16.66C19.03 5.72 21.05 7.28 21.74 9.44Z" fill="#39403E"/>
+<path d="M21.99 10.84C21.97 10.35 21.89 9.89 21.74 9.44H2V16.65C2 19.6 4.4 22 7.35 22H16.65C19.6 22 22 19.6 22 16.65V11.07C22 11 22 10.91 21.99 10.84ZM14.5 16.25H12.81V18C12.81 18.41 12.47 18.75 12.06 18.75C11.65 18.75 11.31 18.41 11.31 18V16.25H9.5C9.09 16.25 8.75 15.91 8.75 15.5C8.75 15.09 9.09 14.75 9.5 14.75H11.31V13C11.31 12.59 11.65 12.25 12.06 12.25C12.47 12.25 12.81 12.59 12.81 13V14.75H14.5C14.91 14.75 15.25 15.09 15.25 15.5C15.25 15.91 14.91 16.25 14.5 16.25Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/arrow-left.svg b/pkg/webui/ui/build/static/media/arrow-left.svg
new file mode 100644
index 000000000..5f8ccdd11
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/arrow-left.svg
@@ -0,0 +1,4 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M20.0002 36.6666C29.2049 36.6666 36.6668 29.2047 36.6668 19.9999C36.6668 10.7952 29.2049 3.33325 20.0002 3.33325C10.7954 3.33325 3.3335 10.7952 3.3335 19.9999C3.3335 29.2047 10.7954 36.6666 20.0002 36.6666Z" fill="#222222"/>
+<path d="M25.8334 18.75L17.1834 18.75L20.0501 15.8833C20.5334 15.4 20.5334 14.6 20.0501 14.1167C19.5667 13.6333 18.7667 13.6333 18.2834 14.1167L13.2834 19.1166C12.8001 19.6 12.8001 20.4 13.2834 20.8833L18.2834 25.8833C18.5334 26.1333 18.8501 26.25 19.1667 26.25C19.4834 26.25 19.8001 26.1333 20.0501 25.8833C20.5334 25.4 20.5334 24.6 20.0501 24.1166L17.1834 21.25L25.8334 21.25C26.5167 21.25 27.0834 20.6833 27.0834 20C27.0834 19.3166 26.5167 18.75 25.8334 18.75Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/brackets-curly.svg b/pkg/webui/ui/build/static/media/brackets-curly.svg
new file mode 100644
index 000000000..c0ead2b85
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/brackets-curly.svg
@@ -0,0 +1,3 @@
+<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M5.23739 16.24C4.78139 16.24 4.38539 16.156 4.04939 15.988C3.72539 15.82 3.47939 15.568 3.31139 15.232C3.14339 14.908 3.05939 14.518 3.05939 14.062V10.57C3.05939 10.078 2.96939 9.724 2.78939 9.508C2.62139 9.28 2.30939 9.16 1.85339 9.148C1.62539 9.136 1.44539 9.046 1.31339 8.878C1.18139 8.71 1.11539 8.506 1.11539 8.266C1.11539 8.026 1.18139 7.828 1.31339 7.672C1.44539 7.504 1.62539 7.414 1.85339 7.402C2.30939 7.378 2.62139 7.258 2.78939 7.042C2.96939 6.814 3.05939 6.46 3.05939 5.98V2.488C3.05939 1.792 3.24539 1.258 3.61739 0.885999C4.00139 0.501999 4.54139 0.309999 5.23739 0.309999H6.51539C6.79139 0.309999 7.01339 0.393999 7.18139 0.561999C7.36139 0.717999 7.45139 0.915999 7.45139 1.156C7.45139 1.396 7.37939 1.6 7.23539 1.768C7.09139 1.924 6.89939 2.002 6.65939 2.002H6.02939C5.78939 2.002 5.60939 2.068 5.48939 2.2C5.36939 2.332 5.30939 2.53 5.30939 2.794V6.25C5.30939 6.622 5.23139 6.964 5.07539 7.276C4.91939 7.588 4.70939 7.84 4.44539 8.032C4.19339 8.224 3.90539 8.32 3.58139 8.32V8.248C3.90539 8.248 4.19339 8.344 4.44539 8.536C4.70939 8.716 4.91939 8.962 5.07539 9.274C5.23139 9.586 5.30939 9.928 5.30939 10.3V13.756C5.30939 14.02 5.36939 14.218 5.48939 14.35C5.60939 14.482 5.78939 14.548 6.02939 14.548H6.65939C6.89939 14.548 7.09139 14.626 7.23539 14.782C7.37939 14.95 7.45139 15.154 7.45139 15.394C7.45139 15.634 7.36139 15.832 7.18139 15.988C7.01339 16.156 6.79139 16.24 6.51539 16.24H5.23739ZM14.4914 16.24C14.2274 16.24 14.0054 16.156 13.8254 15.988C13.6454 15.832 13.5554 15.634 13.5554 15.394C13.5554 15.154 13.6274 14.95 13.7714 14.782C13.9154 14.626 14.1074 14.548 14.3474 14.548H14.9774C15.2174 14.548 15.3974 14.482 15.5174 14.35C15.6374 14.218 15.6974 14.02 15.6974 13.756V10.3C15.6974 9.928 15.7754 9.586 15.9314 9.274C16.0874 8.962 16.2974 8.71 16.5614 8.518C16.8254 8.326 17.1134 8.23 17.4254 8.23V8.302C17.1134 8.302 16.8254 8.212 16.5614 8.032C16.2974 7.84 16.0874 7.588 15.9314 7.276C15.7754 6.964 15.6974 6.622 15.6974 6.25V2.794C15.6974 2.53 15.6374 2.332 15.5174 2.2C15.3974 2.068 15.2174 2.002 14.9774 2.002H14.3474C14.1074 2.002 13.9154 1.924 13.7714 1.768C13.6274 1.6 13.5554 1.396 13.5554 1.156C13.5554 0.915999 13.6454 0.717999 13.8254 0.561999C14.0054 0.393999 14.2274 0.309999 14.4914 0.309999H15.7694C16.2374 0.309999 16.6334 0.393999 16.9574 0.561999C17.2814 0.729999 17.5274 0.975999 17.6954 1.3C17.8634 1.624 17.9474 2.02 17.9474 2.488V5.98C17.9474 6.46 18.0374 6.814 18.2174 7.042C18.3974 7.258 18.7094 7.378 19.1534 7.402C19.3934 7.414 19.5734 7.504 19.6934 7.672C19.8254 7.84 19.8914 8.044 19.8914 8.284C19.8914 8.512 19.8254 8.71 19.6934 8.878C19.5734 9.046 19.3934 9.136 19.1534 9.148C18.7094 9.16 18.3974 9.28 18.2174 9.508C18.0374 9.724 17.9474 10.078 17.9474 10.57V14.062C17.9474 14.758 17.7554 15.292 17.3714 15.664C16.9994 16.048 16.4654 16.24 15.7694 16.24H14.4914Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/brackets-square.svg b/pkg/webui/ui/build/static/media/brackets-square.svg
new file mode 100644
index 000000000..ab82bf02c
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/brackets-square.svg
@@ -0,0 +1,3 @@
+<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3.79484 17.8617C3.50151 17.8617 3.24818 17.7617 3.03484 17.5617C2.83484 17.3617 2.73484 17.1151 2.73484 16.8217V1.20172C2.73484 0.895051 2.83484 0.648384 3.03484 0.461718C3.24818 0.261718 3.50151 0.161718 3.79484 0.161718H6.65484C6.96151 0.161718 7.19484 0.255051 7.35484 0.441718C7.52818 0.615051 7.61484 0.835051 7.61484 1.10172C7.61484 1.36838 7.52818 1.59505 7.35484 1.78172C7.19484 1.95505 6.96151 2.04172 6.65484 2.04172H5.23484V15.9817H6.65484C6.96151 15.9817 7.19484 16.0684 7.35484 16.2417C7.52818 16.4284 7.61484 16.6551 7.61484 16.9217C7.61484 17.1884 7.52818 17.4084 7.35484 17.5817C7.19484 17.7684 6.96151 17.8617 6.65484 17.8617H3.79484ZM15.3548 17.8617C15.0615 17.8617 14.8282 17.7684 14.6548 17.5817C14.4815 17.4084 14.3948 17.1884 14.3948 16.9217C14.3948 16.6551 14.4815 16.4284 14.6548 16.2417C14.8282 16.0684 15.0615 15.9817 15.3548 15.9817H16.7748V2.04172H15.3548C15.0615 2.04172 14.8282 1.95505 14.6548 1.78172C14.4815 1.59505 14.3948 1.36838 14.3948 1.10172C14.3948 0.835051 14.4815 0.615051 14.6548 0.441718C14.8282 0.255051 15.0615 0.161718 15.3548 0.161718H18.2148C18.5215 0.161718 18.7748 0.261718 18.9748 0.461718C19.1748 0.648384 19.2748 0.895051 19.2748 1.20172V16.8217C19.2748 17.1151 19.1748 17.3617 18.9748 17.5617C18.7748 17.7617 18.5215 17.8617 18.2148 17.8617H15.3548Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/changed.svg b/pkg/webui/ui/build/static/media/changed.svg
new file mode 100644
index 000000000..5ee26bbe6
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/changed.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M18.5698 22H13.9998C11.7098 22 10.5698 20.86 10.5698 18.57V11.43C10.5698 9.14 11.7098 8 13.9998 8H18.5698C20.8598 8 21.9998 9.14 21.9998 11.43V18.57C21.9998 20.86 20.8598 22 18.5698 22Z" fill="#39403E"/>
+<path d="M13.43 5.43V6.77C10.81 6.98 9.32 8.66 9.32 11.43V16H5.43C3.14 16 2 14.86 2 12.57V5.43C2 3.14 3.14 2 5.43 2H10C12.29 2 13.43 3.14 13.43 5.43Z" fill="#39403E"/>
+<path d="M18.1301 14.25H17.2501V13.37C17.2501 12.96 16.9101 12.62 16.5001 12.62C16.0901 12.62 15.7501 12.96 15.7501 13.37V14.25H14.8701C14.4601 14.25 14.1201 14.59 14.1201 15C14.1201 15.41 14.4601 15.75 14.8701 15.75H15.7501V16.63C15.7501 17.04 16.0901 17.38 16.5001 17.38C16.9101 17.38 17.2501 17.04 17.2501 16.63V15.75H18.1301C18.5401 15.75 18.8801 15.41 18.8801 15C18.8801 14.59 18.5401 14.25 18.1301 14.25Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/changes.svg b/pkg/webui/ui/build/static/media/changes.svg
new file mode 100644
index 000000000..fe25e1e1f
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/changes.svg
@@ -0,0 +1,5 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M18.375 19.25H2.625C2.26625 19.25 1.96875 18.9525 1.96875 18.5938C1.96875 18.235 2.26625 17.9375 2.625 17.9375H18.375C18.7337 17.9375 19.0312 18.235 19.0312 18.5938C19.0312 18.9525 18.7337 19.25 18.375 19.25Z" fill="#222222"/>
+<path opacity="0.4" d="M16.6423 3.04495C14.9448 1.34745 13.2823 1.3037 11.541 3.04495L10.4823 4.1037C10.3948 4.1912 10.3598 4.3312 10.3948 4.4537C11.0598 6.77245 12.9148 8.62745 15.2335 9.29245C15.2685 9.3012 15.3035 9.30995 15.3385 9.30995C15.4348 9.30995 15.5223 9.27495 15.5923 9.20496L16.6423 8.1462C17.5085 7.2887 17.9285 6.45745 17.9285 5.61745C17.9373 4.7512 17.5173 3.9112 16.6423 3.04495Z" fill="#222222"/>
+<path d="M13.6588 10.0887C13.405 9.9662 13.16 9.8437 12.9238 9.7037C12.7313 9.58995 12.5475 9.46745 12.3638 9.3362C12.215 9.23995 12.04 9.09995 11.8738 8.95995C11.8563 8.9512 11.795 8.8987 11.725 8.8287C11.4363 8.5837 11.1125 8.2687 10.8238 7.9187C10.7975 7.9012 10.7538 7.83995 10.6925 7.7612C10.605 7.6562 10.4563 7.4812 10.325 7.27995C10.22 7.1487 10.0975 6.9562 9.98378 6.7637C9.84378 6.52745 9.72129 6.2912 9.59879 6.0462C9.47629 5.7837 9.38003 5.52995 9.29253 5.2937L3.79753 10.7887C3.68378 10.9025 3.57878 11.1212 3.55253 11.27L3.08003 14.6212C2.99253 15.2162 3.15878 15.7762 3.52628 16.1524C3.84129 16.4587 4.27878 16.625 4.75128 16.625C4.85628 16.625 4.96128 16.6162 5.06628 16.5987L8.42629 16.1262C8.58379 16.1 8.80254 15.995 8.90754 15.8812L14.4025 10.3862C14.1575 10.2987 13.9213 10.2025 13.6588 10.0887Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox-checked.svg b/pkg/webui/ui/build/static/media/checkbox-checked.svg
new file mode 100644
index 000000000..f9e6a1557
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/checkbox-checked.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="3" y="3" width="18" height="18" rx="5" fill="#001628"/>
+<path d="M9.70711 11.2929C9.31658 10.9024 8.68342 10.9024 8.29289 11.2929C7.90237 11.6834 7.90237 12.3166 8.29289 12.7071L10.2929 14.7071C10.6834 15.0976 11.3166 15.0976 11.7071 14.7071L15.7071 10.7071C16.0976 10.3166 16.0976 9.68342 15.7071 9.29289C15.3166 8.90237 14.6834 8.90237 14.2929 9.29289L11 12.5858L9.70711 11.2929Z" fill="#DFEBE9"/>
+<rect x="3" y="3" width="18" height="18" rx="5" stroke="#001628" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox-disabled.svg b/pkg/webui/ui/build/static/media/checkbox-disabled.svg
new file mode 100644
index 000000000..9922728ac
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/checkbox-disabled.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="2" y="2" width="20" height="20" rx="6" fill="black" fill-opacity="0.08"/>
+<rect x="3" y="3" width="18" height="18" rx="5" stroke="black" stroke-opacity="0.16" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox.svg b/pkg/webui/ui/build/static/media/checkbox.svg
new file mode 100644
index 000000000..f9f5f7b78
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/checkbox.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect opacity="0.8" x="3" y="3.5" width="18" height="18" rx="3" stroke="#222222" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/close.svg b/pkg/webui/ui/build/static/media/close.svg
new file mode 100644
index 000000000..f3ce4ed70
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/close.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/cpu.svg b/pkg/webui/ui/build/static/media/cpu.svg
new file mode 100644
index 000000000..b30baa518
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/cpu.svg
@@ -0,0 +1,16 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M15 4H9C6.24 4 4 6.24 4 9V15C4 17.76 6.24 20 9 20H15C17.76 20 20 17.76 20 15V9C20 6.24 17.76 4 15 4ZM17.26 14.26C17.26 15.92 15.92 17.26 14.26 17.26H9.74C8.08 17.26 6.74 15.92 6.74 14.26V9.74C6.74 8.08 8.08 6.74 9.74 6.74H14.25C15.91 6.74 17.25 8.08 17.25 9.74V14.26H17.26Z" fill="#39403E"/>
+<path d="M9.06006 2.75V4H9.00006C8.50006 4 8.02006 4.07 7.56006 4.21V2.75C7.56006 2.34 7.89006 2 8.31006 2C8.72006 2 9.06006 2.34 9.06006 2.75Z" fill="#39403E"/>
+<path d="M12.75 2.75V4H11.25V2.75C11.25 2.34 11.59 2 12 2C12.41 2 12.75 2.34 12.75 2.75Z" fill="#39403E"/>
+<path d="M16.4502 2.75V4.21C15.9902 4.07 15.5002 4 15.0002 4H14.9502V2.75C14.9502 2.34 15.2902 2 15.7002 2C16.1102 2 16.4502 2.34 16.4502 2.75Z" fill="#39403E"/>
+<path d="M22 8.3C22 8.72 21.67 9.05 21.25 9.05H20V9C20 8.5 19.93 8.01 19.79 7.55H21.25C21.67 7.55 22 7.89 22 8.3Z" fill="#39403E"/>
+<path d="M22 12C22 12.41 21.67 12.75 21.25 12.75H20V11.25H21.25C21.67 11.25 22 11.58 22 12Z" fill="#39403E"/>
+<path d="M22 15.7C22 16.11 21.67 16.45 21.25 16.45H19.79C19.93 15.99 20 15.5 20 15V14.95H21.25C21.67 14.95 22 15.28 22 15.7Z" fill="#39403E"/>
+<path d="M16.4502 19.79V21.25C16.4502 21.66 16.1102 22 15.7002 22C15.2902 22 14.9502 21.66 14.9502 21.25V20H15.0002C15.5002 20 15.9902 19.93 16.4502 19.79Z" fill="#39403E"/>
+<path d="M12.7598 20V21.25C12.7598 21.66 12.4198 22 12.0098 22C11.5898 22 11.2598 21.66 11.2598 21.25V20H12.7598Z" fill="#39403E"/>
+<path d="M9.06006 20V21.25C9.06006 21.66 8.72006 22 8.31006 22C7.89006 22 7.56006 21.66 7.56006 21.25V19.79C8.02006 19.93 8.50006 20 9.00006 20H9.06006Z" fill="#39403E"/>
+<path d="M4.21 7.55C4.07 8.01 4 8.5 4 9V9.05H2.75C2.34 9.05 2 8.72 2 8.3C2 7.89 2.34 7.55 2.75 7.55H4.21Z" fill="#39403E"/>
+<path d="M4 11.25V12.75H2.75C2.34 12.75 2 12.41 2 12C2 11.58 2.34 11.25 2.75 11.25H4Z" fill="#39403E"/>
+<path d="M4.21 16.45H2.75C2.34 16.45 2 16.11 2 15.7C2 15.28 2.34 14.95 2.75 14.95H4V15C4 15.5 4.07 15.99 4.21 16.45Z" fill="#39403E"/>
+<path d="M17.2602 9.74001V14.25C17.2602 15.91 15.9202 17.25 14.2602 17.25H9.74023C8.08023 17.25 6.74023 15.91 6.74023 14.25V9.74001C6.74023 8.08001 8.08023 6.74001 9.74023 6.74001H14.2502C15.9102 6.74001 17.2602 8.09001 17.2602 9.74001Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/deploy.svg b/pkg/webui/ui/build/static/media/deploy.svg
new file mode 100644
index 000000000..a3be467e3
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/deploy.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<path d="M18.1237 22.3313C14.9512 22.5563 14.9624 27.1688 18.1237 27.3938H25.6275C26.5387 27.405 27.4162 27.0563 28.0912 26.4488C30.3187 24.5025 29.1262 20.5988 26.2012 20.2275C25.155 13.8825 15.9862 16.29 18.1575 22.3313" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<g opacity="0.4">
+<path d="M11.25 25.875C11.25 30.2287 14.7713 33.75 19.125 33.75L17.9438 31.7812" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M33.75 19.125C33.75 14.7713 30.2287 11.25 25.875 11.25L27.0562 13.2188" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/diff.svg b/pkg/webui/ui/build/static/media/diff.svg
new file mode 100644
index 000000000..ad1b92774
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/diff.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<g opacity="0.4">
+<path d="M19 22H27" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M23 26V18" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M20 32H26C31 32 33 30 33 25V19C33 14 31 12 26 12H20C15 12 13 14 13 19V25C13 30 15 32 20 32Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/error.svg b/pkg/webui/ui/build/static/media/error.svg
new file mode 100644
index 000000000..2f9a8cd4b
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/error.svg
@@ -0,0 +1,4 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M14.9 2H9.10001C8.42001 2 7.46 2.4 6.98 2.88L2.88 6.98001C2.4 7.46001 2 8.42001 2 9.10001V14.9C2 15.58 2.4 16.54 2.88 17.02L6.98 21.12C7.46 21.6 8.42001 22 9.10001 22H14.9C15.58 22 16.54 21.6 17.02 21.12L21.12 17.02C21.6 16.54 22 15.58 22 14.9V9.10001C22 8.42001 21.6 7.46001 21.12 6.98001L17.02 2.88C16.54 2.4 15.58 2 14.9 2Z" fill="#d32f2f"/>
+<path d="M13.0599 12L16.0299 9.03C16.3199 8.74 16.3199 8.26 16.0299 7.97C15.7399 7.68 15.2599 7.68 14.9699 7.97L11.9999 10.94L9.02994 7.97C8.73994 7.68 8.25994 7.68 7.96994 7.97C7.67994 8.26 7.67994 8.74 7.96994 9.03L10.9399 12L7.96994 14.97C7.67994 15.26 7.67994 15.74 7.96994 16.03C8.11994 16.18 8.30994 16.25 8.49994 16.25C8.68994 16.25 8.87994 16.18 9.02994 16.03L11.9999 13.06L14.9699 16.03C15.1199 16.18 15.3099 16.25 15.4999 16.25C15.6899 16.25 15.8799 16.18 16.0299 16.03C16.3199 15.74 16.3199 15.26 16.0299 14.97L13.0599 12Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/file.svg b/pkg/webui/ui/build/static/media/file.svg
new file mode 100644
index 000000000..698087505
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/file.svg
@@ -0,0 +1,5 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M26.9833 3.3335H13.0166C6.94992 3.3335 3.33325 6.95016 3.33325 13.0168V26.9668C3.33325 33.0502 6.94992 36.6668 13.0166 36.6668H26.9666C33.0333 36.6668 36.6499 33.0502 36.6499 26.9835V13.0168C36.6666 6.95016 33.0499 3.3335 26.9833 3.3335Z" fill="#151B33"/>
+<path d="M26.25 16.25H13.75C13.0667 16.25 12.5 15.6833 12.5 15C12.5 14.3167 13.0667 13.75 13.75 13.75H26.25C26.9333 13.75 27.5 14.3167 27.5 15C27.5 15.6833 26.9333 16.25 26.25 16.25Z" fill="#151B33"/>
+<path d="M26.25 26.25H13.75C13.0667 26.25 12.5 25.6833 12.5 25C12.5 24.3167 13.0667 23.75 13.75 23.75H26.25C26.9333 23.75 27.5 24.3167 27.5 25C27.5 25.6833 26.9333 26.25 26.25 26.25Z" fill="#151B33"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/finger-scan.svg b/pkg/webui/ui/build/static/media/finger-scan.svg
new file mode 100644
index 000000000..8f7fd351f
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/finger-scan.svg
@@ -0,0 +1,8 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M12.0001 14.88C11.0901 14.88 10.3501 14.14 10.3501 13.23V10.76C10.3501 9.85001 11.0901 9.10999 12.0001 9.10999C12.9101 9.10999 13.6501 9.85001 13.6501 10.76V13.23C13.6501 14.14 12.9101 14.88 12.0001 14.88Z" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
+<path opacity="0.4" d="M16.98 13.47C16.78 16.05 14.62 18.07 12 18.07C9.24 18.07 7 15.83 7 13.07V10.93C7 8.16999 9.24 5.92999 12 5.92999C14.59 5.92999 16.72 7.89998 16.97 10.42" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
+<path d="M15 2H17C20 2 22 4 22 7V9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2 9V7C2 4 4 2 7 2H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M15 22H17C20 22 22 20 22 17V15" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2 15V17C2 20 4 22 7 22H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/git.svg b/pkg/webui/ui/build/static/media/git.svg
new file mode 100644
index 000000000..6b6a26a2b
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/git.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="92pt" height="92pt" viewBox="0 0 92 92"><defs><clipPath id="a"><path d="M0 .113h91.887V92H0Zm0 0"/></clipPath></defs><g clip-path="url(#a)"><path style="stroke:none;fill-rule:nonzero;fill:#100f0d;fill-opacity:1" d="M90.156 41.965 50.036 1.848a5.913 5.913 0 0 0-8.368 0l-8.332 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.043 7.043 0 0 1 1.673 7.277l10.183 10.184a7.026 7.026 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.045 7.045 0 0 1-9.961 0 7.038 7.038 0 0 1-1.532-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.034 7.034 0 0 1 2.308-1.539V33.926a7.001 7.001 0 0 1-2.308-1.535 7.049 7.049 0 0 1-1.516-7.7L29.242 14.273 1.734 41.777a5.918 5.918 0 0 0 0 8.371L41.855 90.27a5.92 5.92 0 0 0 8.368 0l39.933-39.934a5.925 5.925 0 0 0 0-8.371"/></g></svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/include.svg b/pkg/webui/ui/build/static/media/include.svg
new file mode 100644
index 000000000..f17e9d604
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/include.svg
@@ -0,0 +1,7 @@
+<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="15" cy="15" r="15" fill="#39403E"/>
+<path d="M21.75 11.25V18.75C21.75 21 20.625 22.5 18 22.5H12C9.375 22.5 8.25 21 8.25 18.75V11.25C8.25 9 9.375 7.5 12 7.5H18C20.625 7.5 21.75 9 21.75 11.25Z" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M16.875 9.375V10.875C16.875 11.7 17.55 12.375 18.375 12.375H19.875" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M12 15.75H15" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M12 18.75H18" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/kluctl-logo.svg b/pkg/webui/ui/build/static/media/kluctl-logo.svg
new file mode 100644
index 000000000..2248dffe2
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/kluctl-logo.svg
@@ -0,0 +1,3 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M46.7332 26.4052C46.0197 26.1986 45.3021 26.1791 44.6273 26.3143C40.1777 27.2059 35.7653 26.6265 33.5223 26.1996C32.668 26.0371 32.0248 25.3551 31.8357 24.4893C31.8319 24.4715 31.8279 24.4537 31.8239 24.436C31.6286 23.5727 31.9102 22.6711 32.6102 22.1471C34.3592 20.8378 37.8933 18.5208 42.5714 17.1265C43.6436 16.807 44.6717 16.1731 45.348 14.9364C46.1321 13.5024 46.1337 11.7081 45.2978 10.3048C43.8559 7.88432 40.7234 7.37165 38.6256 9.07985C38.1033 9.50523 37.6946 10.0232 37.4152 10.5963C35.4318 14.6654 32.1773 17.8402 30.4251 19.3627C29.7657 19.9355 28.8472 20.0181 28.0689 19.6308C28.051 19.6219 28.0331 19.613 28.0151 19.6044C27.232 19.2231 26.7251 18.433 26.7576 17.5481C26.8442 15.1876 27.2649 10.5853 29.1204 6.46814C29.4038 5.83938 29.5368 5.12857 29.5035 4.38422C29.4022 2.12445 27.7819 0.317189 25.5829 0.0370233C22.8357 -0.312912 20.4973 1.86432 20.4973 4.59895C20.4973 5.19584 20.6062 5.7671 20.8115 6.28929C22.7863 11.31 23.2117 15.4036 23.2796 17.5351C23.3077 18.419 22.8057 19.2125 22.0219 19.5892C21.9999 19.5998 21.978 19.6104 21.9562 19.6212C21.1687 20.01 20.2406 19.9217 19.5806 19.3358C17.8015 17.7562 14.4785 14.4807 12.5671 10.5575C12.2668 9.94121 11.8059 9.3959 11.2193 8.95959C9.4356 7.63262 7.04863 7.78493 5.4589 9.34791C3.45317 11.32 3.65626 14.5622 5.75912 16.2739C6.28156 16.6992 6.86622 16.9947 7.47672 17.1412C11.7779 18.1734 15.5546 20.7301 17.405 22.1456C18.0968 22.6748 18.3791 23.5688 18.1836 24.4284C18.1785 24.4509 18.1735 24.4735 18.1686 24.4961C17.9809 25.3599 17.3395 26.0403 16.4879 26.2057C14.2279 26.6447 9.76967 27.2464 5.37869 26.3178C4.71301 26.177 4.00284 26.2017 3.29742 26.402C1.15778 27.0096 -0.204829 29.0318 0.0252425 31.2867C0.311237 34.0888 2.90587 35.9226 5.51253 35.3152C6.08264 35.1824 6.60713 34.9513 7.05713 34.6263C11.2753 31.5795 15.2102 30.2221 17.273 29.6688C18.1042 29.4458 18.9643 29.7814 19.4947 30.4718C19.5101 30.4918 19.5255 30.5118 19.5412 30.5316C20.0856 31.2249 20.2066 32.1641 19.7981 32.9487C18.7012 35.0562 16.3376 39.0611 12.9684 41.881C12.4465 42.3178 12.0276 42.8982 11.7414 43.5798C10.8712 45.652 11.5505 47.9942 13.3997 49.227C15.729 50.7799 18.7773 49.8557 19.9432 47.3837C20.2332 46.7691 20.3893 46.1216 20.3893 45.4814C20.3893 41.1352 22.0236 36.6994 22.9698 34.4954C23.3137 33.6943 24.0939 33.1964 24.9506 33.2071C25.0003 33.2077 25.0501 33.208 25.1 33.2077C25.9437 33.2034 26.7059 33.7107 27.0441 34.4998C27.9553 36.626 29.4957 40.8734 29.6206 45.527C29.6394 46.2262 29.8189 46.9332 30.1726 47.5951C31.2431 49.5983 33.4983 50.4903 35.6065 49.7314C38.1849 48.8031 39.3372 45.8348 38.1841 43.3913C37.9303 42.8536 37.5925 42.3836 37.1825 42.0077C33.2774 38.4272 31.1325 34.8537 30.1635 32.9437C29.7702 32.1683 29.9006 31.2417 30.4394 30.5635C30.4632 30.5336 30.4867 30.5034 30.5101 30.4731C31.0412 29.782 31.9028 29.446 32.7347 29.6705C34.7912 30.2255 38.7109 31.5834 42.95 34.6232C43.401 34.9467 43.9245 35.1791 44.4946 35.3119C46.9624 35.8865 49.419 34.2732 49.9162 31.7222C50.3669 29.4089 48.9558 27.0493 46.733 26.4054L46.7332 26.4052Z" fill="#59A588"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/kluctl-text.svg b/pkg/webui/ui/build/static/media/kluctl-text.svg
new file mode 100644
index 000000000..ec60048e9
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/kluctl-text.svg
@@ -0,0 +1,7 @@
+<svg width="115" height="34" viewBox="0 0 115 34" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.3567 8.6323H15.5247L5.24968 20.068V0.715027H0.601793L0.580078 32.3833H5.24968V20.9476L15.1598 32.3833H21.3864L10.5556 20.5078L21.3567 8.6323Z" fill="#DFEBE9"/>
+<path d="M30.3117 0.658997H25.7295V32.3832H30.3117V0.658997Z" fill="#DFEBE9"/>
+<path d="M99.0875 0.626038H94.4833V8.63227H89.9453V12.3269H94.4833V23.0369C94.4833 24.3271 94.5017 25.4816 94.5382 26.5004C94.5745 27.5198 94.8487 28.5202 95.3602 29.5025C95.9307 30.602 96.7782 31.4084 97.904 31.9215C99.0292 32.4346 100.308 32.7132 101.741 32.7569C103.173 32.8012 104.634 32.6763 106.126 32.3832V28.4909C104.576 28.711 103.228 28.7587 102.08 28.6338C100.933 28.5097 100.096 27.9929 99.5702 27.0834C99.2922 26.5992 99.1422 26.0058 99.1203 25.3021C99.0986 24.5983 99.0875 23.7699 99.0875 22.817V12.3269H106.126V8.63227H99.0875V0.626038Z" fill="#DFEBE9"/>
+<path d="M115 0.658997H110.418V32.3832H115V0.658997Z" fill="#DFEBE9"/>
+<path d="M73.7264 13.3715C74.6907 12.6602 75.9255 12.3045 77.4312 12.3045C78.7611 12.3045 79.9418 12.6753 80.972 13.4156C82.0027 14.1561 82.7443 15.1934 83.1975 16.5274L87.7579 15.2079C87.173 12.9644 85.9631 11.1983 84.1294 9.90803C82.2948 8.61753 80.0842 7.97266 77.497 7.97266C75.0998 7.97266 73.0464 8.50762 71.3364 9.57813C69.9637 10.4373 68.8575 11.5712 67.9935 12.9542L67.9805 12.9381C67.9805 12.9381 67.4187 14.0115 65.7626 14.3945C63.735 14.6699 61.9015 14.6724 60.338 14.5518C56.7422 14.0069 56.1432 10.8942 56.0653 9.41572V8.63239H51.1944V20.9914C51.1944 22.3992 51.0374 23.5947 50.7231 24.5765C50.4089 25.5586 49.9775 26.3503 49.4294 26.9517C48.8814 27.5531 48.242 27.989 47.511 28.2602C46.7801 28.5313 46.0053 28.6668 45.187 28.6668C43.9298 28.6668 42.9105 28.4104 42.1289 27.8969C41.3465 27.3842 40.7398 26.7094 40.3089 25.8741C39.8778 25.0382 39.5852 24.133 39.432 23.1582C39.2786 22.1831 39.2015 21.2339 39.2015 20.31V8.63222H34.5537V21.8272C34.5537 22.5606 34.6197 23.4105 34.7511 24.3781C34.8827 25.3461 35.131 26.3356 35.4966 27.3471C35.8616 28.3585 36.3914 29.2933 37.0861 30.1511C37.7799 31.0089 38.6824 31.7017 39.7937 32.2296C40.9039 32.7572 42.2783 33.0212 43.9154 33.0212C46.0495 33.0212 47.8691 32.5595 49.3747 31.6356C50.3024 31.0662 51.0809 30.3419 51.7427 29.4967V32.3835H56.0652V28.6462C56.1408 28.356 56.5575 27.3818 58.6937 26.9386C60.3092 26.6526 62.3773 26.6059 64.8661 27.1592C66.1567 27.446 67.3572 28.0281 68.3534 28.8992C68.6908 29.1942 69.0568 29.5108 69.4466 29.9256C69.9915 30.4788 70.58 30.9879 71.2486 31.4155C72.9439 32.5005 75.005 33.0431 77.4312 33.0431C79.9746 33.0431 82.1376 32.4238 83.9211 31.185C85.7041 29.9464 86.9827 28.1686 87.7579 25.8522L83.1097 24.7524C82.6277 26.0277 81.929 27.0067 81.0161 27.6881C80.1023 28.3699 78.9077 28.7109 77.4312 28.7109C75.268 28.7109 73.6347 27.9559 72.5312 26.4456C71.4276 24.9359 70.8685 22.9564 70.8537 20.5077C70.8685 18.9248 71.1093 17.5168 71.5775 16.2854C72.0451 15.0537 72.7616 14.0828 73.7264 13.3716V13.3715ZM57.7252 16.4901C58.9563 16.713 60.4897 16.8913 62.2601 16.8913C63.1733 16.8913 64.1502 16.8419 65.1781 16.7292C65.2069 16.7288 65.2361 16.7286 65.2479 16.7323C65.3 16.7477 65.4005 16.8842 64.9001 17.1154C64.0336 17.3999 62.8489 17.5927 61.1866 17.5927C59.5703 17.5927 58.4663 17.2747 57.7076 16.8354C57.599 16.755 57.505 16.6605 57.5157 16.5645C57.523 16.4964 57.6248 16.4847 57.7252 16.4901ZM64.4437 18.773C63.8614 19.1512 63.043 19.4511 61.8643 19.5722C60.7181 19.6901 59.8992 19.4178 59.3115 18.9864C59.2255 18.905 59.1482 18.807 59.1448 18.6999C59.1425 18.6236 59.2133 18.6034 59.2849 18.602C60.1834 18.7596 61.2908 18.8457 62.5462 18.7168C63.1939 18.6504 63.8812 18.5246 64.5971 18.3246C64.6178 18.3221 64.6384 18.3198 64.6469 18.323C64.6857 18.336 64.7724 18.4803 64.4437 18.773ZM64.609 24.4077C62.1265 23.9443 60.0012 24.0187 58.2715 24.3321C57.963 24.3395 57.6685 24.2506 57.6685 24.072C57.6685 23.9635 57.7764 23.8511 57.8904 23.7583C59.2316 22.8996 60.9024 22.8218 61.5537 22.8218C62.9716 22.8218 64.0627 23.1248 64.9057 23.5785L64.9037 23.5814C64.9037 23.5814 65.3778 23.8821 65.3014 24.1038C65.2284 24.3156 65.0761 24.4636 64.609 24.4077Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..64f87b1149a979344c25e6a93b009e5d45c05f89
GIT binary patch
literal 28960
zcmV)KK)SzoPew8T0RR910C6Ay6aWAK0QU?40C2AW0RR9100000000000000000000
z0000Qf)pE|6dZv#KS)+VQiTu(U_Vn-K~#Y%Co%wo94~Yc2nvChDE4m)gAxERf`WVj
zHUcCAh6n^81&9C#k24Gh8|vc+RJUdq(Cxsa{p~%sKyJDzw*%2#?73_tB9DV8TKh-;
z|0g6JLm0z<0|m8LMifNORf3dD0u%WBDq>g2!elDBEH7rlH16I*xj<wIk5!bar$xig
ziN~4k+?)$nMmooS=zP=i_kw!l;zrta`IfJYi3AZP6l{VBL>5rc^+;6UGU*{sjiw!8
zH2w{=_utyi_hxC3mapUaymEsB>q0$o-9>;qJw(cS4v$l-e`d+D*aAzkz+%ftF$J2W
znGz0k0U_z(XX^c(C4_dE({j*}hiJ|kppaxYNRc2G0)&W@I1v&EBqYI-5Fp?|t<)(N
zq);k&sna4gqoP!gw%k?p&Rak0-QTx9d~W`KhX575?e+Q-mG+zNL~Z3a|If^Fc287m
zPD=&xkPspw5E3Fbckkjn2pR~{WX(Yh#q<AM=6!#PZ8SQ-0gYHh0y+bh<H2BXDWy?w
znl7^N-#7MqJM&#Jvq(rZs)l+GAtv*MlGduyLkkDQ!aND})@6MlH~Svr^0jI}F$)nA
zf(8#}m0((Enf~29`+4^)DkpQxP+j(4<rW4G`~aT*_X+Uvos<3&&X8B}CfS!v#tl{<
zu9Y*J$C=E3AyC5I0y@$sT!B!QH#TPj1=0YdDqP|J`~6<mKKDNSKmjJ50!dcLl4V)N
zRk0#hhomYr;P_5ep#K3H!A8KaZF{q4w9#l|_T-!au>&+_6B>Zz-+ZSZC~NOtju6x2
zYK=9MlwNi{>J6PCBoZ0V4FdD<UXqRlA_Xb*?^Ct9f)pPt*Nl5WcKVnIZNy}14=1P1
z@iu$f;~qtj5I~TWKuT-_4C*ghZi7$<h?3lD+1e2aDs!gg5KFF_&Ys>Rds6z8WH01N
zkYw*tp0qiq%VCdm?8|Yld(Ef)ajq|$b{Qq>6&C%jliQc3FO$L$_ji$xpm}NUw=-QP
zcZBYYIw9S`)Bk<b>EEVx#|R57<Nw;{JSy8rqIE+JFoDPe!0ui9w3*Axfg+GJN8n{9
zo0pxxKL@;YfZVG8DqNidcBIazDqpE8ge^S(t^MlCyB{6ITHpOOt?5rTXvQmtv@?h`
z5{DXTgw_b5W3q2=Oaf0dTSEhzrR|x2-){e6B<UJ<%BzS?B`3KMJh8U>@4h<r_s(87
zPW<n@t5B#R2@s@01>|b!IY$f6V*dHS&zR{4B3*X*=OvwXo(wregy#bhM>-S)*l`u2
zpG5yR+49QjHVBK~2H9_e?YF^YY=}ZvznIJ)L+4MB=FgDf&z9paP!e4Pzl|k+8!dht
zZH$es5d5pH@edgDZ#F6KMhO0W_REJ50&~<%2>rGINbEB<fV7EArL0PZiY(&=-|Ij?
zPxrn3%NCWAD*B;$%{libX^@3QT4X4KDP}~X3RAf$nX(<PAT_j!_mYm>(-&X^0Kmuz
z#6bY4vU$TnuLZp9<~V;0A=i^$10gr1K?@<W1rP{=q-X+FLS&JDgQ(mB<j)uFkFW(`
zn|M><KUPP8%^^@;3iti`HqWLU0l-&j%HdUhZEFYQxADKZY-J!3kL&=H@)L)M&ZB-M
zFg=i!n%dC)bpfPw$E_)rzd1i3XKau^TdJu2xxVV!0r?l@d8vN9=X(L*KhyP6|8vvb
zH46|a_F6jmxv4a;*v`R72JStB5^phcQC`;;ZuNJqO+rdFN{>SA)reBkA*jzt$cqlx
z%iTlJ54wR%`KIJjj#>fppnM2n{y7qn{U3T+esRv!J#P?p{Zh-8KahO=v--s5<@)L`
zGI#tBqU=_2<^lU?&R3QZEg<kwLC<!6jkLQke#h&f(yQlfkzo}8vmPJcIY;tmzdG6(
z`u_*?bU!h$D8DL#?C=#7EtUzunakySu{1kRat;AT1ZLOdo9bP;zNXfrc?4fh3?$~|
z+1Vrr+v;t|{x0hJKj!>GhnO9ZpQjqrw;##z>`g1gpD&l3DeCLF2)vdbJkmJh7tez^
z`>Scw@*qd{oNDENN*}ID&`ysd^38daC0G83Un6yBw@O8S^uco({d@r^I9;ua@SIui
zt(pmxSoS^XzZo5VDXF#B*0GY)EdYANYf%PXHCgT-*dr+j53xziF{WNm(md(>wnop)
z7UR8v0}(tDV>HbI_cby3yB75aN8?fgL=(<Dpt&*edaZtb>1cf4w)uk`S;cwx5RPED
zQr4(19eS|d-?0O)1HBQtZ!B-C&+ny0`A;DXXnbsSZ>RqVD7*|l0TVYDd;0|OG?J8^
zb*cK%(i;LCjWiIEC!|6QcnpyxM?!%TWojvsp^9qiq-O9gj@1q{N=I&AMn~rfj|hSM
zau^j08XK1@J^>FR5}st_d_}pJ2T+O^D2WMCx=ak&@~~Ny;j4DFGWDY)Ez(GC$<IYu
zsZBJi9vW+nN|xT&5FFZRbOE8h3TSk2I!{PIqbWfYLh48vyD{}7w%OmQ5+Y^~$8*Zn
z1SCXiLo$F0WEnthN=*tuyA-3YdaoHmOq{U7`v}F@h`2OciW9t=7HBwOzw{IpVRDXB
z)T!1b&BnEm1u2ses5YT?2S>DAYKwy4lPm=?9RH;1p9n3U8a@UUk)6{KwMa3&ufseA
zHwwiI%lCAKh^Vd#Vyn4?43M^SB591jibQ3&2*FuL2qeWkAkSmRqw|DRU=&2)DpHZ-
z<OS6CLWoEt*te;#9<#tz>JWg)4WgGwn&7T}S3nCw9HUQ3@c3IQ4QThh`LhAJFU?;6
zIfY*zqal)PiXP!l*!)p`Nn@3dFX;<1Bg_#s@ADO`0LF+Y2OT-~Zl8SqJRzV+1M=}f
zHShNlNJvxS-?&dGs;X7vHAS`1#n18P#ZOTxqSt+4{O?QHBQ!<GghKR4gLaY*<FX!`
z=ZbtORS{}pLt0$4<*qWL^p&wnr~`GVQko;s879N(tihX(;IX`x-wN76#}Nf5?E2l1
z8*!sqhho{d7nJbCLbg~ap|xJrl(pY>E842=K!0SAOf7TQ(zA^m6JqF`ku$imVao;p
z|I~DMJ;T~f|1>ad*=;%OUiK|}PWvvix9g9&*PYMZKdkiQ4%W$FH0ncaxd`BlD}V;W
zD5(6L{Jw*L<Rg?fG$I(CHx{`L0EBt+h1bm%PLDtldI9i{`mEN>*8(1*+44mdiA@9#
zPoz~Vt`2fRAi<=_N@6ansk38(`U3<C6iE2C%Cb;KDF!Qz;ueor!ns@D6M`7{INC9V
z;GyY4g4K>KTqmX$YbiAm@+Y*0BPn~Uv=VDWpb#aBKsy-;0wEeXGBP_Z7FsB+6NOL{
zJ3!(VZl&{a5oH*b3*!z8k3f=Mxg(~h4-<Hs@oOSr*JT1=Q#`+Rg1KabPCN4;eB+C+
zVSFs+s&oHG7~rRq8w73upr3UfpiKxNVhpGP16_irUvoTA0QgThilY3EmC3R?7DVLL
zj3@wPd<Ja&PD38YnY<SE*z?k@f&RhGq3xI+ac+)XTQ+eQr98^F1CY>$O<()*+Xyky
zW&)nnp*{!f;S^O#wr{De&t!N{dJc>!`op^Vwby_UBK7;irQ!PUnm8W!#joA8OLuNp
z9Om&W{N8X$xF*~c*Tso=Fu8O>XLN;<ZTNrq*9=4hiOf)NOxb@;vC2sV003C(g=s*r
z2vMUT)p8w>=O902{FNhFjBE*trKpynS&nW6hLxC_glopuf}<5z8=iK2RstP_I*D`<
zTTP;el*}5D`pB)NuuhcqqHUnmuUCu#u?DFOQ5zO#gvKbXjdaGu+a$qeiMB|xRkCgL
zwlmnlXk3b&Om;~%!B?p?lhREwo0eg>OnYS6E89Lf_G4KkLbrT}Sj2f3glB8B3Pd_`
z!Y~O}Y4`VWKW-_jQbN%o(#r`Wx&X712#gg{RieTkQgvd&9#TypVGpS`u&}pPb(~ff
zh7s9_&?-CvwL5~QHNd{QRFl9Ow(@AAFguR&ku$U73^^{9Do*UItb~%b7J6?b<R_mB
z`CKg1{*G1K^*wRVRPje3qk!ywx+WI#e}>+RBt}b7SIdhSh2a$DI#TnryXP4creK~U
zp|aVW@2?hl$w<Oj)r6Z-^)TG8clrg-)K_3vt7eN0qu54T1uIvq*TNLms?NA3tR$_x
zVpJAdD+NB2gwd)6x1-7txYg+OiaFC*f?Z9hI)z%Pg;WZ5uFxz|Sh!tj+qslo5bxlh
zv3Rz$i0;mt#pjo^%-fQk<J)7$WK|C$8N9JlJhWJSCK5%`aaL}1tOU;U+U*sBl`Uim
zQP|z4=kwd|H+lY=J@JBz<hG6AXhioE0gL74kQQf4n^;^CK@r}8({~TOSX!z5D>Hcr
zM-oSa@L8L0p*ISJkfCoHc6{%`eMLZnsSyc<QhiAZz6*y^TU=O2e=FqW2x)#&-*`f-
zILAzRCg%LQ;XE5c+usJ%UG3GJc<7Q8CEiy|()ulHL`kbj34<C8DP9QsbeHS-By0<P
zJmlvmM!-Dk=mnu#s3~TaQY~JIFd2E~RR((>JjHbqnN5bD$jX<C$)GPci2Sg8r=Mz|
zwk*D6zx^6imqRh??!E(_xX5-^H-sWGGP@9=OZ#>}wDl@)w{|W#==I3mJ*BIgg9~;v
zE0}>>eW$=yr%%<bR`}AEeNps&;lAQ<DucZb4RU=q`RV6`Q(OolgbQKq4-C=iEXZ6X
zhbbG$epur4?e^Zrg<ad&#NEb1_C^k~*iIR2CR|9}K}Rn9dKePSTO(_3I#+nHm4gRZ
zIl@wIQG@*pO?)A%46Gw@N3}WwQmo%7*$HqLltd>`za#y$z^YEY$1!szT&sTCZYm25
zd4*5`HC&pP7<{W-B{)*|KN@>Ak}M3Z$CV>!!iAw@9}4<<v~;29BA~G4WMbwGJ~JmT
z9=Xcvb8D(lFVNX%jUggdp*+PZFda$1*Q{6Jk-%=tPL<U5ur7Ag7pMq`2=LYwV2X@M
zv4{q=D{+@wx@u5V$vE2rn}{p7?q85q=zjU=gmB?pYw;$}nSwvh#Dfh25b|ilsn<au
zF`Dwvayp#6YgBFvZK_-LZE9f(iH#ZD^l$?S-{bpkc2-_A@%FiWR@d-YTOE+^9uQ7E
z2wO*+$jQCi1(o^DdCeJ>zR;jGthBRD8$)eYJb&HK5gTzHso@lp(@Y|~E~^ld+cZC_
zvvtwNhbg_RNC0SDP*LchOCxqFX>rGm>XCwo(c`6ZIEV!Dyd$0IT!hE4|F_W!`{aSf
zH`?nE+@%ArX5joKg3D1P9fi}Y@aE?l8>44cin2k=;o`P9C33kuL`IcZ`PJ1?LlIpB
zIRH3#-GdhKb`1tsWk(kW?-Z$f8A#5B%QS83Y?{bfbT472&Vl$z0(=6qiG%PUf&C>@
zo>sTYG(l@IO!}r+k=>cXw-<thmHrQM4BM$$BG&-cGV+N2y8LejXi8+pj`+&Qcp_dE
zs9Qu}Fh-3JoPn3F9ji|rSRp+{0|ph4QLF_GDo|-ph2Z}s8QcX`DH#~_)HrSVJEV9n
z%zg&W>5uaLGp(5-AjvL2XtDpw_T2hDH~46A+Y>=sVkG_t);W!@Z(a!>V7BZAzN>w*
z@;t$<Z^Zh)ew>Z1Jzg~qFLXvOf0R)<JKynyJMd$I4U(Kl2>I}cfm0Al8P%@e_6&0{
zE{9uzkOQ&=dw2!bTEM|7gp3s{hH?DIy1S3QE`9HAIAyUB>#oJSuLmZ>Y8{!MgJ;E0
z%z*8*Nmk}cElgk4><{G7V`q7g?Zaz33O^y|i7+{L==3{g(%1Mz0!Q5hYbp>AnOm{J
z@{zkr*gQ~98IVaTQ1-M`33#L{b`nRN)vq<aFIv_%*8E^8VTP}CLZ1>9TFoHOWRr`v
zZ*DRKup(GNBK14xUzWUr{Ao8AH11p`u=ur^_ic4KzmAvem{j(H=DP<3f~Z9%CfCJ)
zL4}+t-Jz0;ZJr1NOzYi3U0$Sz<z|_y+6bXGJb8TsGliES>V<_evhL&h&GZ%u1>k^~
zkkGy7DSKMe2z|~ullx<MWz}HJ?9{T}{*K+U2Zx={zvIT~onV)y_$v{}OcA03Jq~b#
zT9G!g2m-E*y0%DnQ%v{}QL4pRWv2mDpW7`8$*5+m?2&$s$R@;$Fnt0rZ{w6eHxVrM
zQuknjS%}D&tU?JNSU5NBlp;(&y%;UI?Qp-MX7n5BPT`G<9!?eg7k=>^=00C7Dv2w`
z+pN%~2F==$Dv~nW0bbQw>k{N2?K!PN*t?g3<?m0@QqHg=66Q%(Mr`7o+ft!mD|oq1
zYR(#Q8>)ZsK81~|H)65=0vA?#lByimqGATe4`FC}yQTzeQ*>E2K4`LZ{Cni;$ajsK
z3DX8VE9Dq*c=a*pLGA3tvd4VK@aqdqYi~oOSZcm)_gl&zF)96dhV$tp(vM{@G*T7r
ziF2b3>CdcBahev_L`Ltu72NL^WJRv@B%!wEz<LpWfVgA%K|5VKWUa^2$GLO4Y^Y*?
zR5Qqm-mCP5?|Z=A^iv&{Kk(ctU{39qFA0T9IN2GKZUCaBqj75vgO?&8Xy`m*R(rPh
z9}3`oeVp0^ELsiHFTgW7D4*^d0Q-&6fyKR%R8}sre<jNi8NvOA6AR1`yykfbr*vK0
z_pQZW*@5fLG1Iq6y!mDSWsau0yXBg4>s3EQARh`Nk?*_+g1+G=oSHa%{17aBi0wJJ
z-LQ^x#o#Gwmm{}lB<2cg9-cu#Gw|s`g#xPl`7DLkqGIHduS~wX0)Il(O|F~e9qa7*
zu&dKzGVKJ*5P983_0}pqu{FV5$5cnv5v>K1xPfmQ>T-i6#zkszuchGB#%nT0<b||0
z%n!u*TV|?>U@>|Qy#}}mnnd|Ns4^)1+YRaD%4-21K*ZNEwHf&4MCXlYP8j)Yp|H0>
zm6li+HzY~kvqGJ&Dh+vIL1Vd1P%W>TNZNvR#`rB&dSY9=xsnMQ?a_1SevUVs<t#yo
z)KH?-8`RlD)6iCU3WBEKt<WfFKxB2MsJB*brdmf-Gh?&6jH)daBDKY5EFDA8*Q>?7
z1w$P>S0-<M-D?@_oB&DvCg;T$E}KNz^uNiq4B43pk%ViSJ#;ee*@$p2jG7QW+Z^z0
zG;SJ#rbY1{e$O`(XCQcNh(#x1*fjE|)$Tv97EOaT<NxVs<>!?6n@E%61Oho8^D77a
z6DMXIi5zk?y@`ZAr!1f+P!5-s|7w|kwF{R)pglAVXYRDiG&v6<kVj(P#^P^d_l+YF
zR;MDn%z;c#@C-qZ3nj}4TuqZ#H8C_SugqmCj3JK@(4r_|8fHx_FH%B?^=N24-$;qe
z>qzk=^I}4AS}_?Kg`jDu7#@5dC4(0TMqDUGM&On;c~(+G$$4eYQ(+86gpi@6;uFG)
z)Izz0s1o__)#ORh=%P^ycQ1K?G6qnU0c39j*B&(m7lsym5C!X_X>5*;MM{$(@-r(<
z!Lc6RmY;U2#q}=?0rZqAgIl62tjS9Q3lY(|Qg*dQ;Gec8F^G-V`TP+DtNZ5*u3hja
zNBYiUG_3seYJ>lUYX$TDYB=f-oe%Iw#1@M96<Q6yDqkX}#|Dyp3|z<EaD8Y!EDkm*
zX&hk!myi)*pPyTnN{Dv%Y5bS{WvV~;$YtqVda)Wl2{nW^P^2NoSSpvJWsuB~4tcp1
zse~9$V!fkP6rul+mZrrPiFoB&Ew?&H42u8d>MPKa9EnV*A%rH1L)xL^Zz@(Rj)~Tq
zGZP#z03DNOi`kVLfqyzbG9JfFme%1g94(WWDbF`oBy1YUP~>M+fEzQ=G=zgc<t!@Y
z*%9GY8ZEmr4vkdi#C(P;TFQ-vqh5bd>+Y331Z##4i6pxas6pb!>pojAYG7H5Z^YO|
zpDovg?GUusnJ{uF0)}i2ZM_z_<5~m^zUi>bY4OQ7KKmXocG~5DJgVG&!}*#~9!2Kg
zbI${}nHR=o<KD+E_@k-33=YkphF!v<Ho0H9EeM!|P#wI}*S*eM=UXAD(}|C&6bw3K
z*@^)VN1>%&dm=R9*bkq8mcg3{lW<WxE)zY6-q1^d_4ofl%5~5T3N-`i!Z|8#BJrTq
z3HhaAU_I$e;N~uYO&6QF^`0^6%<SA1rHgBLMod^VGzz=WlYRo~oS>j})_dO0@?gtz
zgJnu=v9d6ZRFKRDxBk$VhN4iM9D!BjT;&}(Hz4AcJow$9tUdQgru1#RFsuA6Ublj$
zT;nxWR2Jpzg+^cH&^VVgPZC%yT+zU}BfQx!zM$wNp{P&+O#=x+Z>0_y{2~S%EgzJb
zWEZB&jH5(_Yt1p{G3dnK<f=C<L#?Ef6~<thxIFloWqv?Ip>KIj1Vwx?jbn&V#HT16
zozxDdG>w#Ns-l5v`vtk2Fo!Mh6bdy0TRnd6jTuKc<O`5npivZR8nR-3?p3yfsqU}=
zxLp{=Sa&`X8iiJ6Ye7BK?M7Ut^PINwb$AwYQmxCanH315scg=pMpDgInnXRRHv;~m
zh+Y1%1(&?3KgK!@ArL#cfmhM5uk!j4Zj_%YZ8LWO_&T^E&Arf_ozftUSf0^b3{`y|
z%T`u5R<g6)hogx&oEG9kzkeHWuc#~pc9JZsKC9v~{<7Ju)@aSK=F8O7;C<!(2t_U7
zae+iL{%ynY9Guu#uab0vEL?Nia&BRPTw!;u+9<Y!9US~=fD)gNR8N%UbsCk=Zweej
z&!OQ>&<T_qW>@oK(U)7?{1To-xnq8sd|FX&&YH$ezu|w&{su1L;?u|wB?*I~UGOp!
zgT=AscGNEL%8}vp2y~?vRvs%!2+rgI!ISX~4Yk-JdA{zxKx+>_RtJm{NaG095HE1d
z^VX*jSE~#Tf(C@b_UxS1r;_j53LgUzV<R*Q4dbK^FL)W}0988#(GRub;0Ha}k=_#J
zR*KB+wDpAb&+lIFdW?3}jZXfVBo6nvnHQ+GuoEV>PHl%xs5V*o`!*M0S<=2JFKNu(
z6*&xzu_~Ur+pZs9!k;(p?&|73mZYEz<go%8K4loP8ai&RIhz&J8-yuKg?Rtz?w%u_
z&+KPt3TDo_yq~wN^M`<Tdc<S-s&o9u{BQEuKR3Iz>iown#21FB?$2G;R^%ea2gzLP
zy)KdF5PA;%?l~e#DsHZROQnI>rZZPDV$pqT&y9K67j3KBDua^hax_=<>SS>qDOMX+
zCO1WAOG(p#iK65ywsna*F-VoV{z4JDw089)d~_{SpGsS*iXr9eI6R(?L&}d)(U$5{
z>zH5>bWXy8^+jQ9<#M9hYxk;u5SH*+wMhFp3@C@tAiBf9%4@0|XBLN?=#w|cJmvR%
zGCqQ!d7NwszB%88`_9$g>$1T^!2pLD!jig%sQqai)n&sQHzM?vY#d5hP$3p95izK|
zHh00~ft#lvC}z=Lx!rTLkb?1Z%QBna`<69TFRI##Qvsp-Zf>aG94qGcFF6NMF``c#
zvnlKK;lu_7M}-r;JfPh$<O)d!#lCCwq_%{NI)*ADJ1|yEPw}dVM5P@;QTE#8Ms>Bv
z=85vKzcrj26p0Pb>cT9$jE!-UUdz6)eMQ2a8da)&H5qz(MG+@uvzL!|vqPAvbz;G?
zOir|&HW{Cy*&D8{wcto4W*eniuD;s;4_}bcAHIob@z_*9gPudTFD)FQepG=MXW<i0
zqwwEv21Ty*YFri);#48vwD_t$Q5aY`ikIjHe|DKT5*jR{juTK~yWbC(eXB?DWL&1j
z%MZ)5qEJIzY>;<XJQgIrr4b}*kVoYCh4EsnDCEe4kQ+RnGTeu#!mIBuA5Mx)4UE+x
z2Sj2cn(aOTgZE9tml175Z6S*3EQ~9~3lbtp_T@J{2`|M5r)@`m6|XqB<r)I9`>*|n
zsgY4S^c-4HT*V~dx?(3`fad>iISy@o?uqC=e}c#H2~D7neCL`I*{yu_j{ls5O~fjc
zaUdFzQbpsMq~T#I71`ZM?wF9Gh~OAXXgaFVH9q8{C8rrUSAVY}Se%_3AEV4rr}a+b
z&n8pwnAseo)mU`p>MA_K;y4iDXBf6pz@4+Gog$w>)ZcFg`!N(hjSOWn2WV>AuCu9g
zcbcfWNcs2;^s=(PI9Daj*dbu3O|)bGn3~CVqguW0dPAeA&FVXDZ+|(>P?_jg-}388
z=L)ck6V1sPz!$ZhSI{RBK@6t&c;R*0^^d9-Q%?H$m=!fOGXSTCrlBLPj4M20HP&Vi
zF6tL^B{T(=+e5q2H}%jA3ONJmFLmjjY5%s#_M6^7dU(~vRCMP$s=`gfQR&6%n0Rw$
zLK=D_JU#t*uXVjcL;12uk(PirDAY3F3`GQ}SI^u3P#ttSoRQkco!!;}a}!&p%3BVS
zH_sX!i??4;PR?h}E?J$;%q_|b+lw8IBZGXQrhM9H;ldr;4l5_WHA=(J1gRfF)8H9`
zo#*$#G9w!Nso`BBM@ficGwAaI12ls~&Oln$JehJQlA`gz9JA?Rwh7X`*(pgeGJ2#m
z3N4D0bEKIXP-1W2qDEdUbk}j%OMNot2-2Zeg}MlhqM%WzW+Td@;GZX~L3EoajI!dq
z6q<(i*4BW$HgFy%cRHoD^P;DOFBW9v)?5<$Jf@OQlGK;-Qmr7(!~#3ju)^hwN_SGe
zIU}cNy-OCx$Eb7^x!ZqtoyYPIfkr_!dJcWEv4M&0sb*aaouEj-MQjTmk5ux6A|*F+
z{JbM~KpJ~{FyK6bVD!Ci5Jy<&tyiNlSb>&F$N;j=&l>q!_}pO^Y|?P00nzRc8-5;-
z5L;dv{Rz=IqVRH!(BI6LCkBI4=sEPRb<i*pISj44A-Lnl-&!_IW1M9_Xt2z&&mEtL
z96wv+cnqq7cR3cNiy#y6?tN3Hyq*z$`U)Vd?dTzAp)>F){K@?7g94{L;g`oXuc4~K
zb1ZlQu^_gkDsM#GXN+?M>usoMXvr|nzLjI>Lc_fUVarW&dsY~F4!sPT1}}S{QK*m5
z_k42EZEwokiQe2`2mn*!{6uzMw#^wgzs$Z{SA-=$ICcx#DRPikgQ0rLBOVG^0T&O=
zAYC!0j{KpD`5kBA$;QHugqFQ1rmOeZkKKLipkWkp7}}1WL!aq2%_Gp{zGFWiE>ZF6
zD{Nxxyg)is+4$ShGw{9Xe!Ndr$^#Mefa{<)OfmOIPoAR5kDW7veFw)PVv5B4Y8~G{
zl`o6OF}(?b7OjBr^ZKv`H-gOXu&0Jmlv|l5Fwp1*KKm1qfM)aQ1_Moi*%j7uAr)Pc
zn~L;d8G_#6l9)8Cd_0WMkCoGyxTGigAmD<G6Kvmh$TZD&0Y8b!NsJqE23m%3MNPt!
z0XX^PN1Pv<y>TGYeCpcu*LWQzvp2^u;2D~hU!?R!UN%nNaoP7+dHHyy##6^G`%b@+
z;Ndhd&59a^>Q+~8dS@RrgL1{F;R%!*rf-zGU-|Ki^EkyF{5{iJ&jqP6D@q~lhwAoM
zXAZ^{ISS>V`W0hUs$+{g<_Ns_N+`b+vZgtWHqGbEs|Jt5v1zzyr63N|e$y&6dPhRs
zcqjr|0FOY>2y71_NO<zXyaiFh{A{k|EN`(A1<1`UHJ#r5Y4M#&E`TC}Q<O9gPs1Q3
zv2#iR{c!cgVz_G+CCN?8b<?Z0@g4s9)AEL<!bp5oEcZx1vqA)ZixKOddL=iaSNNy;
z>GRHakTkV__j@IxY7;eCMHsS+NS#h;fuJa<>5HqxU&j3DZ^c*dSrNfXx>{crE75c4
zDBP?OpZ*Lq4XJVMvj}AnHhEmg;MO}hSd=m4v7<;Ok3yFa{5l8w8bj!5^Rh&!p~fE7
z317r1Mts|UJSoWaA>~uZRwoM~(IecLqEC#`YqeQWk<R$k!I6i$U#}Wb?T{$y70N>@
zPbV{yMKV@;HUl`HaQ-e{doH9s1e6}Ex`ISa^)37@EY3!Q%SF$jua+;d`C{nmVWFQo
zB^e|i?z>9uK7jb05SVo=e}&8B9f$g`9ew(bO-b8Jl7`4t$ie@3Zl*@c(a449s7NWD
z9H+(#IceU4d@b4PJb=-7P-MSR$nz{MJc&e3!Un-Soe{-Opd@;}+hw!b#riVOACS#|
z=)G6+TF-udx-VP~*hNcp?JQ;SpCF)=(L=n^h+m`?@Cuh-4hGA!BG{E$C8an5vBBs!
z_^q)e$Gj>;nH`IUanSV92mW6^td4bF<$TJq+^azbu@dKj;PGdB1*4AH;2Zxub^`G+
zQD~Qi_6j*+_r<*d<n7x#>kT{*VgrsMqlN}bkYdyc1abydIXJ!w@!{c@GW%ZT^m`w&
zk}Bt?2Ua!wG@eeeJgW$mC#EYR!tha7kSf#+5^(~xylv}Bg#F#SCOfz(EHadqz|`<^
zg0{E+vO(n=l@d!x^8~?EV=(r?zaiKBE|r-}C~|op1^ej-9{v)70l{Pax)cm+FX`G(
zM>YHd`yL+*8X7&^P?OLf|Nd(d2>)PV^u1cG=19wqSvTKM4`-}9^6zcy`s6GKiB80$
z)e8^iLD+8tgQtPZX<{S^Pm3DYJw?@f1ya1>;O2EZspi}}+krjJyq@2B^K~lyWMyuz
z>9^aRPAMSlGiP0kcc^;3>fU!90VbDj+BkT3S4xay0&)bgAWvxz$)njMl9G**+beGb
z`xg=4;n8P*aW9asFkbz74gK#NeC{7uSSk$p0R$~z0{}pPpXD`Jn(&KR6dWbP3W&=;
zsiDC+0%qU0c~YBJi~Q8_39Ez1hJYj{z$194?-bOZ`oM%C*v?<(&H7V?cyD{MhGKY}
z2wlakf&SbF0~HP7zvH<2tMq_#kO9P^C2oN5PHQI0KhDV8C-z>3eawkQ(m{~bv!CRP
zIRq+--?N4SUe1nM(fpw30Eh)%u4G;aja%UdydMb44;)1+)BH|V=a0-c_<?|ohnq`D
zw{;;}*W?xeCf+Xc%2#Orf&9>c)&P7hSSpB@bGQMfk3oZV08*UuF5Z87-bC<Y0n>#J
zlKcuo0DvahZTf#wn|KU>FfST=n`;0707$WgJ{H;=-;D!B{3rT+@ESnZl%pHLKLGDI
zhdCm<3cM%uz&iftP%Ga-Tnktqc_DZnWDD40PR5`fn>tO*tf9}@lz;G|8OLgQ4uA%y
z7z6Pd3#ztuFOc}M4F3TT5+A*A1rggeB-WKgH03yqensNPq(?_lqH8rL>5$LI;B&E;
zfQcvJ{d0`bi=wm&Y@K$EK6(K9lD>KP)mS#YhI4^IJwKvDcy@p6CDh}fuJ&^vB>XfP
z`TP;+0u(>j_BntrT-e6OPs8tR7S!i>gR_6b@5@Z0({z#=eRwhU0^(1@XZ$^8Y+*WZ
z78L;4TERa!@kgyQpT$01t2sFrc$u5GMR3;UliP0Lv;Xx0NKvtt>Rs#=iUUDx@bwpl
zgKy(+zW5|Dy3`wSr2pz_M!yt8@RwaZ1Yx1~LvMTg@awOiiU-8MjwIiFHL!H+@4?~i
zjhLhHKHS#)9KM@~T7MpS|AUb8FZB4~x07b_?~{+6{*NqHd(~6#dg|KQb5H;6+|g&g
zlCo0wo`2!|&KTPIA0pg-!}AYJ+%|V<;@OGqNw_Pfz4T1_(EQ8ipPJm5f_j4dfrWo7
zUy#2d|7_~g)U#7N)BmW3=UMgB8oH3y^4i@QDf8i#^^5l|L6_2cQ6H`T7yag?Z(q-t
zcbj{cU$8c>c;)7US03HEc2!{G#Ez2vy4Ulbxc1$9SFXEVnfoakhIWG<P2Wg=%E)G1
zWeS-mnBTA>S--LVAC3(74d2K{vCG+yI4aH^&NI$CE{f~RrEn$OL~b7UF84Y2JrCyP
z^BQ;^yb<1R-WlFJ?^k{){~7<IV1?iZ!Jk4PbP*mC`HH$l_e9S`|Mlf@FZ6)Wd+9!J
z=CzJb&OCoV(SH;1#r{hVFoRRh|2g>a1JBO@nVJNWiai1VGJ%961s2Eza4jfM?L9U$
z<$B*OWm!0)QMrdLjm%l>&hk1p1SC{H)H0>VO%z14=8YLdghE$$aJ)5-i8mvGO5_LU
zJw5UTR9L<dbZ6dhCgdW!)aAYTN5i>uBv#ec(Ye=^zMYu>0)$CW8|ObkCBo!r<Ga-3
zNszaOe_2~IADNpxC}%MA;7pv0US}0TA*PyiJ$--3fB%;81%gRx0~OFfX1BvrBi*B2
zvenHBj>Xr`n&r(dW>_@3wp&SkvhjgyqRxr@&};+#R$%mRfFb%N)XmDe=kZsYx%HTI
zkBSKJcav$|IB2}65a&_f9UOORh<G&~s6@VV-X#wm)ArAQr*vN(${}LouaRiKyv4TO
z?;3^-zCNsIKhyZR$4kVJa{9azMAd`h`+oy6(N95Zsr+pf_Ihmnxt5p#XDL#^FDH!o
z{MiO_gnB;4xv{n;Udv1#lw;UUfe-@|6dR-tnwz;v5Wyp0I#^FehB%){=f**e(0l3F
zfHoyIg%e2y=&Iv~0D@@*5rQT2!G5h+PtPB`>mu;n*ym_4vKAK{FsAU>lCZ_tpiY$%
zGi_C}E^`Cp&$Umu(85O6P|Lt*As^34r@TDt_oaY0^dtZX_z@y4*{NnDm)_g7y-P0l
z$onN5E&<97joxMJ8ZqzR+$|llfhQCwK+%iqga*XL`Mm*&pD6C{@AeBSlAXj)tOVMu
z+F`s)0_@&%(zD33;@@YAkxRlQi`(a#e17|HXMaCkQ<;sE_=%OkU98$sPQ2kF?A{mB
zv&b{i)F2y*Ewly(V-s1h7sXqby@Y|6$7L=E8?tU*j%961CX;yGDsjqYcz`44hbXG)
zRT=ML6iOBcyaEZ{TrU%D;s~xYK8+&|5KMthg@=R*!7;-*(C#VyoWce+oIc>5-`jhG
zi&+8kmP88{`)(oc$%T~yrx>FK(Xf*M#a-5H;r;N3AmnN`D!l?8Y|7;+BN^+zGIi?b
z{(MacHw=|xGw@mQI}>j6YiZNrUVOZK{PF(}rWsUxVnz56`4U##O9Jd7b$L95<Z^w;
zRX&VS!V=f~$zDd<pGEr(&L79xnZoWI+R4fe*hD@B>qp*j5q6Qf%pGDktMiGZ4gn4b
z+no7ieilR}V1RxJtJ!-*$mo9QYQ~2lM)Wri=_;LJ&|Z_3hAhxe!N##S-ILfI|9@S-
zJ+UBAg7Jo+8j?YsRIgdR3`b3=@;KWu2P@~Q01jo~2>lca*2ft=2Y%Xj@C^}QPhTSH
zjJ*_aN-y_|HO?sYz0?~keR0XsjK&bVh|GwFoCE+5lEGjvf=~pCx+4_rfwTQJ1`po@
zq(^A)FyzCEpR<fJKc^RinGs3kiZAHrfLt*7kgvsrf<<V1!8mbNAHzyNoh45f4rz5H
zGfST{{cL5J)1Q~sWlgM4=#oKAg2jwp6dTM?`h`qtMaE)mXUOT?7FlFoP$5Dt*2Bd?
zj<V!5=b2<+f>!#mN30gWpl4{(pJ@nxO8mO<GYhFcb=vx4!#v82C&ZVvk$nClii)pR
z7$V0HO3;n*LwyQEY}@p+f5YNR_gwAj`-kto%%1FcCw!~H!})y}X^5s!=LePer=Zci
z@SCX*Z_VQV^!_&-J?_brfA(|Q{Nqzxe$q}G{l7CAO*C>aLgrT*aZZY1Bd{eu#@f|=
zk(I~=!okUGK2xuYmW~zLZmw576|e##wjWx#4*g83s3H7-z07>pM!}O(iaFWI5&kzC
zRrqse3=wd`WJX!%d46~&mOF4vVJ+kHxf^?bCMNA8X_q7!Z)2a|!9L#ZI;60V5!E3H
zdlJl@=&%3&|EGUW;GZ6T-upQr5q$7k-`r*INGwhcs8%mr2xsgGBoKrBo8VRMT6$FO
zmS>J+=kR|bN?_``SQ;vTh-kg$q_m%x`y|WWT)BGUsI*rKuJd7p1a7+)vw_&{mrW^b
z=V-&1|Nqy&cf0ev`7Rnw%yf{9IJk@deC<E)e0&^mcKD;p=fz~$-m7b;-|1Bhbx>#U
zf9#<sSP>~%CVRYQONNTf_|@%Fv1mBa{Zh41TJsu$GK4QUvVtCi1sZ+`ql%)LsB=y)
zwRVB0!dY;VAylv$u0e{yIUWq<D`}tXI#*OH6JBdWsFws+3#n>#d+0>7g;|RqXIJM#
zD`Q|Ioa$7iWc>Q$bwRGhoxI~=zNrE^jY$9zmrk;%$2cae*U$2t<SqBFPZ4$>J9r+8
zI=YDA;ePci8<PW85B>$?9KFB{oXAK$5nhu7b`et4$k332OG7ARGM*X%&`6XNy;NLP
zlIT-W7OOz{P34QlV#5FiYn0_`1(f72W#u#lk&>&pBwGNvI#7>nMXk4!Pbn5h*Xp-D
zPlz#w!LFB0*IG^x3BgvzKle<V#~KYnUUyAC8tT3<deCgjp*M(3WT;h&heb${UWxAP
z;#Mj!NqrhhM-99dnY1k}hgEFmWu@1BX7co}QCrwolB?DWXe7teu7MXV33KD3$BzMm
zfs$n|>T!{LY6Lp&{H^|7$KwV}*JWI^g2CF*25tA?Eqt%vJ34yv8wrI#*r`m2h7{Ph
zv$0V%LNGz5L8`*3o~y7_?S!H?G?jx(R!!T@5$AH6G!rT1nw+L#t^pFT$;Ca!l<}#S
z@FmNP!tnfIyaHiEvE^7cEQRnD!4@88(6>mc3{LAw1!<?&@`%Ymu6L-#poN~gkwKn4
zm&i|et(p`;O%Q@J3DN?FW!)HIp<brf_dh;8F@iU7frsjE{fwnRgq+{37I~9`Ovp5-
z4LH%`M=+{Z(^`Exc7OL#9OpZlROyL(i;q))DYhk&s0L^}KLj{TD958P_x&Mngv82|
z3Xh8vsntjn^gkjHUOt<=LB?0(SR>b)t8dM}_vE8LSueDkomWl8eNZc-xLF%?ZH6)c
z0dEoj21%-cC&S1%qY7h!xYtXTTOAj_?M?NT0wKrgOqdw>7%&@@97@cQfPP=)wno!q
zqS;>;g0m8+6pzG;;*l5!h@dNxNZ?M^>^0fq;@z}DNzL<gtO$q42iHgxmqL>vL?wV=
zK)^X3o>JA<@*jSwxLz0c;Ni|&;`}6Z^g?Qf7o!SKLaq8dvMB=yWG4ZF)V76pRT~Zu
z&hn_oJHh2A346|-n&bP-Y#MW?f*}IJfDUxMq0PWKP>gX0&oDFS)EjkHO~eFi>-r!C
zu#+Y0I`_+kLG^sfPV=O2+?aL~KhT=#toyK;4PHP{_Q>oRCQtgcdX05*SGHK;{JvQM
zk?3QQ_V)V|6)wHQEMH|_N<;^x{bKE*o$*HNSzwHg>!@1?cGJ1~_$6DQLj!_qyLx*r
zvjgxnCTv2Wm||GIZ@sJG5TVg=2V*wo8|OtkX$zL9VRuj0<Cg@34PDtTb=UUwX>>AE
zM(CK%Oc;?ggJOju@xJxV&CpV0`-#qb;#IQnrk7v<+LFnIO~P^dY&Lni>2z{R60EB#
zwb|rrR<P9K*v~MASo?4;+LDhM@qVY+6;$`J!(QIR-`dWS3`5HFYdycW16FGcr8x<1
zGBR=!#-B-(!LkL6Saor+xx4seeBi5#@f(7H8H&D`DfRF~G>1B2^?HvNH++mWbt@zt
zupO4PT)p5VBO!qXwQfBFJk8&trtT$uj-RqWIrw|TRpFer{<^g{p~~lBRx$P2&-x_z
z3)_PB3p_@4d-JvFe*HzAi={c=6_=kJ`Kq%lFj-*}?r(kkj{Gi(0UhM9)XHD{g>EqX
z!&zLv(fgM=#p80xzjV>I%y!>kag!PK%1DkbgV?-b*#oRE#7Qnf4d2p&xN6q+39Hd7
zltUQHlB!kFG^oIgsC8=x-9|t-mIxv@*P^dyQHP@zYu&jSjtuG<t=h^bgRE-xVf1tY
zt*&Y-LL1L<=c8<6*)`D3=zRXx(O-()?tZ`d)rZytf$dm7^|530!5^kWg-9grb>@#q
zYfn9U;`LBw!F@IKOR+}w7q<O$_3I)_dtI2JfA_n=cyUih8`)f-#k=(eQD&-z5q}@~
zKWad<r>AQk2QZ{m)e2Vh0;vTvW4>Sf#f6bl<%xJ-*r@APalc$BxaW3vaQ2);?;wcz
z!uNlTr8={w*N7@W1^X1#XLG*Wdw*pbj37OWGdH>BhN<o}Kk3;33)oI4XA>S*t|yW3
zD2oiMSNbsKK7^6tqv}aW4gsW)gaZfBgg6VtDSt?*6(&Bx%&FyBcl!WK=ub69uZ4Va
z7kSv}&&KhRX73?Em8JtD*sU+#A|gawnN0M{N|V_)r{puG8RL3$AS3hx7Pr?zj8m`u
zD{TAy@<ydRX`Tp_YQoX%+WeY`=%9lfj332fOcN;>HMPYV2Hec@Q}8o`TlG1{;2bb5
zfD9J?$`6JFmr{Kfd3a%mLxmoRgpPn{F}E;x1#=U-&D6?QxQWFFm17w#HHy8ISVEmf
zM~$sCM1Lrdf~sNEo3?TEJ<xY@k0Em5lSfrWhX%P}I(b`vPy_9&@&|3xN};NwI66o8
zs&JjU+neoB%3p&U*;F2GAW<-~^}##}W*dmcWI`HevY2Z&Ix}%L3Z6YRGu5jZU)++5
zJnVV}<5TycQL-o$kOlmBRi?G*4eCTz?;m7$(mQqR^KU#fP8QrUOzSs|EFWE$h9oPb
zrCB~I%@}mnW~lU{VI&_NP6NAfrqdpV2KZSpx53<UAbEQtm9Q%4C9JV6VF&Uw3^JXl
z*}*zEf~9kOsI{+^$G*Hs7`Wo@v>|+S7Bd%Ghf{m*2sd(rV{Jz1`Q1um(L?rw(Nr$a
z20eNqkPdQo^p>mX1V#oj5JH>={05vy=JhiPn@&Z3S5P97$zzgquLM!g%cpA**4tz{
zENmxJEQx6kdU%=3{5D%j+*dIQ98FP2_C@i`GJ`e-IKiI5GWP;)-0&dv>uY#<*rBk6
z{lye9mE3ajoW?}`WtURp{~MfnqYrE7r<tcl*~tNpbBb;@vbGfIg28$3wnF<+wh}V!
z?xb>)-=>jy{T6B~>>Zmtty|^zyFdLTQo`yj&E^;GO;9hqadKb1-%+O9FLy%Btf6r4
zi!Jz`Q@VEa_JSXk3=NuLz=iZF;K4wUeM4lRfGw?kh`TNJ?}}VoeLnlXi}O{kWlLD5
zjaoF4IR%N~G@HaFH#h;|zi0e#a!roW8B5J|$68F8<Tk<TkWjhE7~fw#_+}Gn>V%W9
zG{-eVloARN<4C~xFMf;L#T!<q>EWk`udR~HjoPB@xaZ79Y1pa#_1TXp$J9-4?W^;~
za!b02VXlP*k}sj-8k&|S3egGZPgF}Er1NfX7~-=-8qIXT<c+S)>zl+9F?Cpa^T*W<
za`_1v-T0s1+;{eu9<LIOyCm@Au*?-iRGk_k=s|CWRH00_KOAG+8LhgP8X8apoy9XY
zZ{A&0fQz&3$5_vKFpNtfv$mlRUb}@Q;jqgopW#>|`Q)Y^!oUJH%;XkX1&X<cr>(lL
z{r-=@V|@Y5-#UDuWY3~9i9iQ!a;bOl-Lq`t$_J5(g;zTEKe@0>GK+C*6UOp>>i_C`
zAdl)ijKY?SO8fZe7%SB>h3M>Rs}ko+Se%}=R4BBQu%Kv75(uaa{6q?>j=+fmz!I}h
z71@@#oeKfy<rf~)Mr^vT-ZkW~L9Qktq*Pd*j8`+Rl8M_qn~WprZG%=B*;|}GyzAKe
zd6BD<%a^dyzxn`qZ=KgpTT04nH#EW*SWAl5%tonI1rlPgU#|)yh1gag<iHEhu#Nm^
zC_#^AI9c4vY7&LE?Uhv8o%KW9rqz;XlL7s0-k(-qV;>ru*%8&{L%iGFAG>Y)mn`8h
zLFM+*Y7lf+s#}djafIY|%n9*n?nmy$@N4_i$$fDpc>Gny{=@FTBw0K%q_BaVwNL01
z|1vA}*9L_VdT3E5BBzp(&6UP8+mC<qS%Pu6Ig8adspi6<f7B;G*dTEb2d&pCyR@g1
zBAMnct7n?GaT+c*rrEY-b~7djBStlQ2_?!?yqe0@)IPiU8kg9`gmNp@)0IO9j^!a^
zb1eoVtT=jw3ft@U+H*@o%6Oo|9mdA7H+*Nd{B90Q`)WU&JkXIzWfB<Dp?U@-$&BX}
z(;ZJu&))g3`gD#lOYSnPH;mWE#9?C98RK<Ro{29|xU$I(kWFkgE5@g{(IY<ED1!b{
zxL{{{i1zIF!n?++i4oe<lW`l$iEtx7#l89>Q!c~4Zk03T1Q)Utzh=txD*Ha<U%a+s
zpXP=#SniVj7AZQ4J;dr#c#Q6@o-a(GMQ(NJFKbJ)b&aa745zkGqF@u40yjxS0DZOM
zhqJ3(;97aBwGYw~djv8Np`qkfW`5KhQbNSY6<n;4P!@6+4PY;0q81%UP;Su>+h6F3
zl&9snyrU&-YoOWs<f=?QYy7LPKZ<Ue-2$)vfOk3J!nrEbN$!AVT6OI4e$H7~%*2No
zBV&;F)Ki;7CEFe5A3XbHR%sdM-+yZJzI%{c=EqV2Ws4pMa-bg5r<1-^6Zyx(;)>lp
z6f#$bL0NZFwy~xq=N^1Mcrp?s9z-asSk`+MW21Cpqd%igo+N^*JmW3~S2iJ?8}Py-
zTa!|^asPO7C2I#pG&VOGt31?bY$H($K7n&mvPMrv$W-Hm{!%ht$4Cb%R<XGgpNrw*
zoy1Fh8hw)|<&Y{r;4W9DS0TNNnuZmy1xr@av3+5$dV}R`+@3)td#5AQ)J?y~v3j*U
z3<kJ*J1nG+YtgJoZ{bqQZ1?YQF<x8QX}zHa3#ovGrgef9utfYaVR`aRqSp682}{gm
zaS@<&(UppHhP`-rSb!Z0?6_|+&kz|jv4P`EkKfPEk(pcVs%yQVKUB&u9an<0qS+=J
z^>_&PyseI!SM;(Od$sv!%L$8AV}F0f;1mm98!QKZvmeFXl2L~1llKiTzik~?p^3hj
zt6_=c*M7#r0ncu}=l;PhIR%PDQ)^}YqhZ&0pZ-4^CsYRZU~jA<n7?~XMOR2m(5YVx
z?buZ6@{@u)b11Qb9g@72%4tKR!fIVsMm7h8-<fLaS7jsT@O`WK&Gc_oM*y@z94?(W
ze)RY$Z$!W_4Lhz3PnFvapHSG$?$P}G&$ly#++Uq@W@61^w?9N{XcS-p`4m(u|L#jq
z6Jc_7V-|-vR6Rh&mO$&NC!*y^*)3aTt!$NJ#NtdICgC2IZWyFdtqd2;2RR#zRtIT!
zHQ&=*e8AKg^<Fe1rW*x>(biCVZ2(ob*`A+*@OF>X#c0^ElwWbKHm`~#f#`9Rm2h{r
z2Orv-!o^9fl<SE@O=+*oFgGngeb&7T19bh`(UlOiPC@9~1B53yaf=lOU;;}&nLKLp
z-iU|5(;)T}#Ndh=XG<kEGzx}07{mPa+*>I2zZEJhmfb(|?^7&uS79Zv3y+}^dN6kw
z&y7vAK%aIYDd1Jfo3G_*<~d!~D%I>A=8>Bx#7uR8a$1mZD?d+QD+kx@%=J{7NIcVI
z^P9$&&EUlYIa;Vr>K*lLRhs5ktElc@nj@o%lyG5&N?NI#zOdXwR~d9PLo5$6Z85;-
ziEkO$b#}MenJk@q76S~H!>$>A;>$ajg?M?Bmihas@=`h*C1Ksa?6BGGrz?4nn#C8q
z?woH$lrsv_dr?qITN2rEadRb2+q-^!y-j?HMA^_j{;O;aQ-_|Cp?4LQ<9)QM)CnFi
zyPlo(mwAn>3a!5?fPRi~nkjPvKX=O`KYQvhmz-d2GVjXc*oZ|3{okfE{T%T}zEVqr
zOm`=NnlQH!*q|l@?`oJwr1E=Xj{mtUtLsb#0oyPn&q>e*lbA5i2gh{r5}Dl?LXG@5
ziK34EY1QYr*c@vY^xn}*HAA9xeniX_%brNUEJwtM=+%rSja+7wC%*vsjMfrSHAcH~
z2RfPvf-oTw>j9k(p8DDn(vMV_JhLCd+%8U0yNcn#x14dImHq4)$IaBGv3jpnC+Sap
zS$2j-{rt#}aW1>=m?6R4>}7^?X02xj!==g=FD|McKVp7LX{*aHJBigNe-%=?<W?e~
z$S6A3<>*lV;ku)#-0#Rf@>1u2=sr@#0D&x6gdLQ)FL;q$Gs%onTVDHubj7orcBlMG
z=VDMW4mu_>6+?;FMy4Lb0IN&>{?2z3Q{liDik4@m92^zX&upnruC9fG=Nzx0v7Wu-
zm9X)MGIgLcs<?33GW9UTSW`CZc^*AkYH5XGJ8XrJeKytEah{>&llxZ#jeh@oIPh<;
z476%Qg>)#vl;o^|2~YDC-A<^5`OtO823g(Bvmhu|N$KfFFlQqI%k;&Wi*bodjDoJM
zV}gIbP@Rj3PP+KJVD-q@75v5{c_oO9V^ZR|AN-zvdonvnN4YMJQAsB>>5Ph^;Aj+D
zlD>*gn&bNd7cf4;2~961awrIDH!3Kzj^l8rGbg!+V#Wri=T#a4!AOM!UP9$8EMTPj
zpn?<}l9*zc&Xc(^&1ie0PHceIoIC>pH9{q%D_-=H07I{ede9I@E137Uo)rl!jbw5A
zl7q3z#B~SrJ3u0PDxgrE1nGj_a1pk>^QzQifWao%ml0QD`A1g?##{_c2ij7a3>Kh-
zYR&!lgd?R;u)%3sX*SS+&9xOtvKoVaJ?9#R#z0#M`-)bWnbpeT@<7VKXLA9N8%*$w
zuBNv(*Vk50T;YJrOb0K=gZ~j*#T;j&OigGtIu#8Q?LrikMnSA@v=KRTVn0ZP$1CWJ
zu}%%LD&x0}e6f@c7ZH>0cn6JsHlke`GF4I&wozxt1qN2eh}+T_2{<~PgKZK`tB=&h
zFwfJ<6cVph8;7JxkQ7vd<**Yyi}U{w3(S>to}J&+*VAQflgYE&|HmZ|a4C%^Y)yoZ
zn~K9%1t6*khZQMh<tJ{M#}{Qh9w_>qLs<)p0yijur8qnn(@{6P(4@7Kon@#sNhOq6
zv7%Q|KYw9!t0_Ar@H90=l@LuQYpw7^I6|Y1$CEfk4A_}gWZ?cTlgf4_2bGUuJa-&-
z9Lz%aqiHqz8smzI6U@xUK66|023M&E7w1~71fLjhSB{M%4rmx;tpzA2hO02fhKH|D
zSpWiAo6lOvr#Bu!WL_ej45iSB*}ZV6e_D(WiYueaS5SShrC70ub@D^X?EwMg>)*SO
zjn>vkm9M4xU{k77bpRM<lP|g>NOu=^7D^qdUsqW5$=0)LQOsWBo;stPh??;3hZx(+
zP{j)u!r4iA)dxG-pKFXDAPp)pxs-F5ixMHTL<KlUmkR@~Ag}npiwrJRSj3#K1OpoG
zWd*oKrked8djnM>eTW_whJyJL(+QnqCuW1S8g&`=<Zd1@4=~R&pIQs;S)R{283PQA
zzZ&|nw|W<QU+CQx3^UMkw!b({Uw_<}7UhxeJ&Dk_y*L{6iEzYA+xk0y`M*5Fcb~V1
zJWBnnaF7QTF90KTm`U=kndTiXV#p63uyEsuk{b`3^=BdAlRKY?DDHUdjcN}K1%;IH
zBOwX-pg}(A)S~25o2qs{P$AO>jWOOJ#PWb#!LU$zsuU@BPVSPeRL%VC5n{8nsjqHO
zq<Hd{a|!(-(G=V=;yCtXtRo_MBDE=nE9bgLV)ppR8BIA+0A3$kj+DA#@HI!kj#8^l
zb<20J>=Z|y-?^cEX=_6gmdg)^f;YoU$%yN;Nw$IxOgn@QusO1xD-$b3#>igBQd^<L
zM-4;Qt}*2DX^!;L8o60*ep86B-k2<&9yonZ$i9#$fz`+N-{1dcX4sjHv?q$iPHINC
zUA~>q_-bwCrFWZmF5h*?gPLiK4%!Nli5qjGU>VI=YS*>rf`N{^T04$x=*&omk65RQ
zM{hDtxhEvHr#3Rw{>PsSMmkOaJ0Yv4&<CgLNe>#fC^|Hh+2UX5F0bYb5r!kC^?ai{
zC&ZJ|kl-l1bvUd=X`^S?m*a7dt<#-3bUf&Ho{re-cpwghC`H=XP@LI8*Z83*N@};x
z#R!BbD0lpfZm<Lb?klrSMz`Q_;LVRIe!Y=bW8dZ?1TNoiz)nk>K~rOX9gk(H+}wx_
z>EAd*jIgy@>gJ5?ed)%~9d_g=+1IRh%o;N+UVG`4+s0`PWhw75GiGm|9auw2y*F`T
zjGLZ&>3NrrD@(^9Q-4RENOSf_4waep0sdLBR7Qu#++8GsBq$a+&$yaR^|V)B0c(GG
zy)9V?>`ZGpHt^2xcoIHF<H=Ub{+H{Zb4)7Yew5hSK=ddM(%*SPFN4kk1ci$H6eKb*
zW}9q`ncJ>5K%fD-Ruv4|jw9llt2h}JFH||BC9AhFd0o2fnpUe_dS%ql{ePcjS&QRo
zzE6~}l!x8m8MX=$lP6r9>6bZzpfmitNG^~Y8N72;n;%uD4|K;>H?A6I@TidI-)R$D
zq5mwY5Hop#f;m@|S5+&^4_Q#Y41G9_1SHZZWs!n>FREK_rc6iENRxy$l&(YyGu&Mc
zw>%Ss<{+893vAot4L|h_3SoH+Yqw`v&Mr-g0*rW7ykp_f;e2syW1ips;LL%8|J`^F
z)ws%dI2h(uky%*7QWg=eyS#Jhp$juXcbxJfHjgL-OINB~Gg}&iWsp>VD-A2%^v1>J
z%~{3xETZ@plED004$CDxtEVRj^=F-H@c@Gv1h~;?wJjW-{^&kO#JLB%Ts}Hzntz*_
zLO&!w+xT5T#*DJ%m1ei^TbPyZBda(Q0WzTM#|U*qPJ~n)FXxc<qO_f}0A5FwT6Hau
zAJu4-gL`rJqjT>aes`<hGF;pezw3-2YF$xcb#+-ERRMYQY)s49c~T;CsuIOa5%6$)
zg_bT1tNmH<(|fJ37TgtK46&Y~2O;;rkfPhqLts1$r%fHGATmXy=dwH;`*9%z+Hcxl
z3&K`d1TAFlxP~WegRB+%ZZ#0lD>DoNXUaVtS(^sEN#yL#_%3{@X%Rlx;u)w{bODis
z7yaeh3(U|s(}fd{x;jQ_12!H~pz$N_YvM0mlpfYCkZde7^VbfSFVEjP@$7PhnFMy5
z37jB*9mx7OfM0bg92k&j9m(uhf5P_^Pj#VAqIWKWgq*%yc#ONaXfT6vqyOi_gNv(^
zxTVGSJ(MucGqc#6Ugo7@{`SYcUfteDpELMRxQ)Gc@M3^$_cH=WAbuQO0M{G1oALkz
z6vhq6C&vrf|D?dbAiU{0cnxLHyfWu0kfN!gWu}ze%Z#WOYqwmpm@PLnr!O)~Xgp^#
z<jI{^BvehwhmbWtoF0q7ZPdwBM|(P>Mh4Cao)j4Dub0E~S<64z?uuhTuY|=N6bl$z
z@R+A>R+`lQjoT3$FK?MX6)7LRzzu0qb?Kn<XQ7{oO}_LD%O$fM7ll3rhv~f29SZzG
zZlk1MMy&)dusf@M+xhnx*gG=vw~xDJ@~Q0I_0sfYBNfYGt@#KDoQgI9Cy=?x4@83w
zGUd=6-<G$D>}3~>{^Vr($(>`LBg!KG2X&L!=PdKfyF0(!8D=je=v68r;0VwKdIRq^
z0XGoz7!L)JcL8q@wm=rp*;If6Or8{aAJoFypJPZW8oLpYA-Gu(;_Fa*H*+%w#DU)B
z0U7vnhto<f@5NGU30Hk(>dw4{>GIbpYB@!Qi;kDk6Jte+Yyy0Z?x0Fly_6}PIB{Ks
zn_p$DAx#gAz#n|W?w`(N(z>-o@O%mD7CFHhUtg`9VaqFsXqUXujUy+RUC%Gs40B}3
zjuXvN+h><-cW46@K%^2V2GYgB$XOKWO(9KG?Up-dlE5{Cd05=`rgp8PJ+-tw_jqcv
z18;|^)*JP=!3vUy*k$KCcbrmaq3Ls{!CKF6va5D8-mr`;r6fdfaPT<@h+-vZy8#0P
zGDj5tZJ^1wrT`>~Vhff<pec$|xUfow6T=4zTyS+d(2WspEpg^6Tq5-8gC!j-X(C*}
zVwtLpxKz&p#TbT&5=v1C6iIf4WMGI@8%L|y2O3pbA~0zpzv7M^_f=D)rXp<!Pli(l
z!7Co_@8_^}k$Rb&)e%caqoemO`|TwfEzGi8diIi4jk{Sqz3=>T;f0&2_vc*=85go9
z=x+q9Pf?X&s&HAx0vs-4ELA-CaP6(5!%NCV>r0RJ4~1O{9B$@~wZmie4^wU71#*5P
zpC<NYLe^+fCKG8+kB?>t0>hndk!ok1chS)q;DH>1N;BJNbuIj--+$UNNQ4(LtlgR!
zQ1(9u&R~k<WwBXd@0is8f(cR~4*rzF4y@HY(Spts!2^_iIEb#s$9r)QT@{P~YE=bP
zJ4+<%qvyx4;h;b$Dc<t%-Hl=bB~a7BMi-iD<}F{Y7c|$P!Mjl71jOt(%iOjZGN{VQ
zfyt5ZPQxr6m_(M3oCzD+?3~rv4vnB(1Hl?`S2O;`q($V3TflvL2}0DwtF?^{*au}O
z!v*Fy6&J$#K}&;5qiNKKEbd5=_OH`a!ZQ7r%`&P<Q~>^1$&2$qMFjP_di~#E!i$aS
z-sX;Ve6Y5eSvYp`OhV35?)KBxZWbnenY=5tX9|zL-_n8->5K~>Ap;<u49u#^vVFHX
z%K%HMPDMN=E%<3?FnME8laWojT?T3RXmvP)eRiVrYGfgvnQuoR=k}=<(s^P<6eTVA
zg=u*Or5&`4U-dX%%KZVBV(ng4%mQK>biC>~KFnKeMulE)x2Np_=~7_zZ|yUK_V(%Z
z0k++jz5ngzYp-LC-Vi_V9)t^i3;M9e>v$6$c!L6T7(2;DvAhu;aa|JJa9Z*3V>G+f
zT3p=>NQA$HrsiK@ne2T^Qc%E@QvwnsxG4=6aB}}H6l;~?U2d>N77rEG<QT2tS=&w5
zVz6cnDusdYr(k~eS~HtH`nHGqfX)uyT+>|N-xtx&F1dBkff<JmB4M#cpcLgZL)Y<M
zaeNtnif5xTVzky$7nnOERqJA?DYtm!dYi&fsi$(YXT98qxjy?M=0<jxsg+*j#^x7#
zcNlhggta%%V44FOtFT%8^oIh;ILJ*xYbz_Sh0fP3qwMNKr9P{z_l~6buY-c+^}-J;
z3WZmM*pwGGs<`8vG8K{fR;b?0L4A%{M~}Fg=>s}t2=S`jo|(zB@UXPbM2sHc^Vr@K
zo(k@PP`))L{#YVt)Ei-pmcCvi%h||YR&ca-m|3L0WtiGaTg6(pUi<>JBv+P>-@B%;
ziggaMC>sRQ8`Vyy871}L>#LZ@e!Ewhs35{S9+j5254jNGc<A(6V_2(Kbq5>ZD3(sr
ze%Dab3hkjNm=%<pi8j<m;%HoL7UlxW9BFp<a4uB=WuY<0I$l}G6$=UHK1$6_J@Y%|
z*iC4du>oCTT63MpHAHJ^4H6Jx*9Ba&h?`l|KoAV3<VQ`JI%}NPd@Bay8J4pw0x?>3
zn+S>?c1J%+ZXR(Z?ZZ&Q*4_#?&gBPvy_r319@dc0W1SmhgT#-=5vP0yg)T<2!lbPq
zI=NQ1H(z!!;|gZB?L#m9wDGNTPIJK-_Rz{Y+Nx|7_-8sl&h^`OS!21FBHcG9e?mih
z4fA?Djmfu3`ZTL3&pmhgWiJyxySMklXGW;cten>TLV|%$m$$!|R@ijyb%BLII_%xR
z)5*=Zd}YJ5paB{j1x;2+!bJ-bl9Zx?Gg+QuvQ(I1qT`%OtkqL!;Q=kl@p=>2?ezxj
zOa_n>#RR{vv^7DKopP**Bn)dKyn~>aFAPE%N{x}H0T38voN~-4oMYQ9v`hTNhFZ5<
zHKz2qk+O^XoatuKeWy0%t9@nLP~3c}xX{84$Kxlx3<E<_m~e(*cBM3?qQzJfe>1}h
zajA~5!SPGMN3ZTQyR58;Sv6TRWP`u$fE3hVC<eEnNF@X%t#+&ClYGaPi%n!u;P(>k
zal!-mbc00_vyYoRbJqNR@pl*bLa3*s>V5K)UZfAp9&s5XlyFvht(u?CcniHdTZmr+
zk485hgf%RSK~wH)u^LA|!3-5WfqeF{K6u0y`Lys+oJpf(-|~o&acHm(Hd>|I4TG3^
z-<Thr33jm>A-;tBe14`$1PW+MG&h~mcmg4in!GL>nxO#(v4zphhm>lrb(rk)Dg;&M
ztV|6fM7|*mk-?f~SDV7BVv0*(g?LzXjbHLrcbA{s6_xs`Mj~IblJ)Gg`Rud}(q7(f
zFVM;qjzu4DHx`^@JIE#$gaih%Mi-g`p-Zyx7?q_)-_^!G2WBqDooKyKX*yzM*$<Oe
zbefd{7j<KLrxUdLRH#L2u|18Ysr)RbPA3A+KWcX~HXxDSs`nsa?69|RheuppWgjdE
zW8@mfhw+d}K}*F_w;MzHDrXq9G0QN+!aaAK|KgP)(T`-bNw9JJ-9O7q3&Cz}#d*rp
zo!&Q!TlYUO<RT#z$};3eu!nInl^<i4oWfpPQ^z(pz*omamI0gXA2~h<DXcoXnUCmD
z#m3|F1j;s<0#fio7Dhtxvn5yhFhmIVQeSWRG(FPeB0ZRagOqc4iL=MGbV;*%>MhG+
z+ZcN6%!M7?Vq-@c_H?V9@ynvf-0_R5kl1AIKty`CDvV#^XA|+p3}sN}l3h|HUbrd7
zD`X5uA}@lFW`x_S0bc*}CXSd+0%bmsV_dDdHJO6WB6p%6CSxBMf~vZukQ(tRq?dXN
zg~9VrqiYl?xP)X-=Yuf>er~-Q!<b4u&_Q>_r2?m!bf$2p9OAaux|m7rkuhvFpYn}B
zRWcOqtdzM)kn2E0WfJu34X;s~B_kz>y#73k_*klp($K$O9ew<Is_IsAMb+gzDuZR7
z<&^0~S`QSAnWKV?qufG@Tv=pvLxE4~7Ws`rji0xz#rso<6xoXiVKs<0{{ms6M`IWE
zzD3KK9*daT-oINQ1729gPcgTpL&<KP`%d*<=?kJLvMr1?nHEYvflFrU5H6(i<R#7|
zaIYjFoklu{Wi`lJep6@`F%@ySEtKgqWJ{Hu@U0juHz#yR2_LOhDzcqzs|TlwUwVn4
zStSycZ8u|B%y`pDuFOU9c~MGGo@h$6%@RcpydP#%pS_fAOH!o*fR4Vw%9l7)DP=Sw
z;&ir&>87J)lN4H%O9j$(>Jyl8ca{njN$N6HUH|-7(!LuFDiwLkZYr#CFPlbhqn9}Q
zhMwr@>xcRg*{&T3%a3!0Q|#lmy|gSEzxDm>VX-=CsxsAq>2z-7pARaHp%Br3dD%;Q
zCGs0M9Jq{JieyRSNOMk93@w*;ik8Cp#U16+`m!LsDY6#H`i%#7-dX?Ji{F^Ya_#N?
zk8psOMw=lD6226%W$@B>l$MTOp7%e-_et58WJOJr5r<2+Dl#A=`=KV>N1YDvM!#41
zqlY3q=FsEqjrFbEK9w&Xe{laI@{8q#G6gFGGdKOCU(^h%Gt;lJyQlN*x0G!l#b?c{
zR}Kk~Prq2I{!xv`&C&7F`09DjT_e(dH}j+@n1=7LbWNj;q2%P$H(5=;lNQ=_(yS;@
zhK0CfI2h4Iv!$j62t12alMnK++~PV24yO`6j1@7fUaVBo_Y638vg*dLZ&#kN+brjR
zg_WsB>Dl}jMmUF#AFd6!!VP>sbentth~Yc(@6aPC$EXOppbJYI(J1Qndm|G9Dna%W
z#2`%EjG|=da4;x?8$76To2a+m8$wv9Twp&z3}SqB&M`B$5epDI0E24i!n{!;=ptN0
z114ld+Cg8^Wb8bD)wir#qi|9Pgn}$#8vlG3ST~5hJwF|IE1ziWXvg-q;GR~hdUJv3
zr8PK^3tc`A6s2=$T8`EDt9+tfx9~}Gex=?kv)IcRBWz}ruCUU%?Idn(l2(HF+S}@5
zdc2mmzjZ2B&<+P?_;N3sFo&|z7eztaJ$yJAwOI7iM=$GHhjshblU~ui?+)FOymV;7
z*$`t&kl=m6O1i301MMA#L6xK+b@t^82t!)yOs-1n1q!RE3{}+|%wmY$oMm4pr>$Tl
zU^}<`;eX&b<-mNP8(0kV0y=ogTX5{0US&tmz35>Zr@8H$Z_Vvy=;w()`c+ygWC5)H
z$xMyk=GfA4+!gY8-`Lw<cf**0mG9q#4OrY8n~X6-A!CLoh>OKJq%q5V**tAx@kZb}
zjb`z9Scrt&`>l!^8}k53DOpoa4P+{mFJszL2JK=Bgoapqkzt@=nKG}78-giD?wd$$
zEO_ehv9L6aoXO?K9V17X*{f)C+GPi_lQGdgrDD09<nLf?a~Az=@u39TUi_be*~YI_
zC$Vyz3i;5883XZP%t|uARZP9UxQW$`sOGghl~b`uJnGZ;8V2Iai9}5=bWJT#P>_xM
z>#=3VrhBHiGH7$hAVwpS&&PajD|Gw%5-ZUm)0ahw{(X4;$<eIIVulIEnPMmXZP~QR
zKlL2a&1B~@Ek{{CWa{W>{L3%J?)gUOI{`;)0z(EAV(I`^goL@vRCG9@7H*q*du&fB
z4tk1!6=|dN^b>@e5oavvY2{*E(hbM?{4J>HZKSIkU!s#Pc6tllv3=Xwvz{dK5^$8>
z^~udqL<;ZQ5-+59oG2J1K-z40UW|?loK*}C+MT+%FA8uNGnK=pm57|kp&+Q8BT#3*
z!?jkXlYJ&V{X?7+Q@TY@S73BIl9Ixw={I_aB89mVyAN7Onmbf858Nds7BxbN+kUkh
z5#iW}6-~hMfd^aMtn?{y+bjM<r0Yl8emeyUBXHJ`jwh!!S2?2vV(QZ*%f-O-gk;tG
zvp7?=meWzGyD#R(OSxRUH(qVj^3h<x&+1JPUoXe+pNnPtBa{l1tnw@Z6lNR*y~;x6
zWVc?<;#DXYaV0Jd{t+siV2Vzub+J(P(rB5Br%!?~7X&hi2tt3K30_*C2z`DWS<N#~
z9J4(Mb3$n{AKF-&mI)fYgCmh^aB&nxj|q0q^_q3C>dRJ}c1>B<ylplag3(ovy++G$
zl@W(dyBsH@cW6!qGOpBjQfdPVKw_FfF6x?zCAFoad$w)aIC)8q=TGBoXjGr)p14Z;
zG(n7~{Tg!1igQ10fJ6|}OvyAgiU=<EozPWEC5#HekQr3iT%{PV5|}NShKORNsd?Rb
zFDHYRg0bGpXdJ3qz-tnenxvB;v8slTP~XnjJwcA^wYco5u(s44RJf2^ofU@+y4X;E
z0R|<Ejt<o;gRY*C=K+H<V4BpkAt45mFm6VGA*CIgHZKH_qp^)vCOgmayWRagHozMW
z6fgg}h)b@N3&8AQ4K`G3;z!MM7tzvq?+r!o-WXlsSy!8Wz@Yy&Rik1!P`v!oMVxKe
zhAY_u2tl6m&8|vw<IN&f%FfK)LH?(vbYxK#Dhj}b)bV{C{CR3m`Cj1{ZOX>+z|DiX
zjr@FRzC@v&{sA%ljh_oW>ex^AbR*)Jvzcm~ly7cWhp9>Do<S+pV|F(hlgVo$+vqos
z`E5A~mYk2Q-H!35+ggrn#`n0El*(q+X0yf$UWalXP==TN<XRSX52$Nfu<JGH>zTUE
z4=96m=T>x(U1u6vrjUqW`>UWqZx*&rtx(uXU%xWEpU~#7s57X3^Wipyb!?ljJp92Q
z4Wo1<>U>jE+H0SEBDa?yQ#X+8f3%j3b<VA`Ip5A3dgeQuVPp(2FhBt&Zdgg-c*xd8
z8ZSz@Zb(|>WmIu`N7&uwzT~oqBlIP-v^AABC-lff5c28!`_qGZrY|_3)_j<Gy=Off
z0ogjYiXVGeK2qx8=+(@G%nmU_(}f=PHj1wTr|bqTj9;u;%hPvcQV99<lIc{TQr_=O
zDa-iW5xQI(BBq@M82_aed;3~>gdPoG4++YwHpV#4J}}dhwk-tO(|F?!gCS$*T@0G)
z+hj(ewNPfY>Bow`8!BKK=Bz3(WG?21%%*_NZ$o@0b()e~tB!Q7LEC!gs*71EAdc!`
z^45nLS$3_>Wc<2El00FpNyfFcNN)r(vS3+h`XQZDCg;p!{?!gDB+sS#jNfb?v5twX
zk6%sc$(5o(uX@(aLuX#?!Wxb@&Mw117d{Er4u9ZxwVHf#oeZ7}XS|Bsmq4T=0s3*Y
z_a4mH=d)Vhdc56p@KK`p-~bMnunhx;zq3VvgDDxXKusqT9E61RZF_d!vk@tshhm6!
zrwtTnF=b09u-cx|I?fQLW1wMwTAx3#NH-1&`CPAxCfY{t@AkStf?iD7(kZRBC%IN~
zq|gi7my>RmOo0)h!j0cQi8FeIm{pPtFPm<mHFUXVWA<F}K(OT<y*&1Mh+4TA!rFXs
zlqg=xDqaA6IDymYKq<&g{qaDuF+Y@5D<<Tr37H=uJYO9;H@M&n1030lc_?Un<+A6s
zH|JT6n`L}$@*Wx4g=&4N+0PRLx6oaVWIKNlVu9LvR&*Jh;Jm9wQbRfH&Ye)wT6bNV
z3KbO~xqtSQ!A?$dhSRbG?}7|C9`TeQS)m%$GM|+DZ*jiVYIQ10VdoI1g^Ld#M)EGv
z!0o;CTf;X4M1SSX^CmS9d9Hk`cxOKlgWG4R81?+U;WbrieEHsx00HPc3G@~yftGsV
z=O#VH2pSq|a%ABoGwNS!J9e#}KdP$rMht!>avb=SV~|yy)=a<1!E*4Hg%IKkhXt)I
zp-MK5cq8m#T`!MP<~z(~oQ|`-L@9Et(vQX*nrW|xt!0~o>YVaxRXRP*sVMUK6oz(7
zHGB6c48B;exM@0{c+hp3a1jgmqdt$iYvp<=>xz-cD&%0S2lE=f(rfYA`O4T1IE!RT
zhQ8%Y(@0A!5|q;&6BY4BKCF*W2e0_<c3?f^2Uqb^*R!ZUtX!{VGfsL_Ln&xVL3=H|
zG;YO)^W1q4#l&!lFylpGZChgVdCJbwRy?y(tbV}cgJs=QF9iCL#jeO(&_m{HlQ6=B
zi%2qa%qYD7*;WDstPoV2*=DQj;CPXAo<=1v&J`zm^sP1Dm@7g*BtPqFVZ>uaS-W+r
z)#>;a=7|rAWz$jY`?}a|SyUhm#pGr4@Hx5Nc>UC>Qt|bVYP3pnFYYPMPHpHVvSqmV
zq2<h^fjliyYIQ{Hp_#z+=t4aiP;wR)c{cZmEy}bq89>7F4cgwIT&+rw(0?_v7Wz`@
z=wOc)Aol&0Y&Q=9c~=%grV=D$O$ge5#(UM;4-d{s-dPJFE2xEDGXH|nq!Uz@^Gon_
zgyPncnMy!-M-yw(!I6_IvqpX7diJtW7-Dg3anE{Z*#%J_Ql9aNPdGcGRKq+e!3)wY
zwtgQQ3@lXs^S{zWkZjFygl<}IFSqiry%ldVHxbfT=G_`OTE6ZrSkFdi_bn?Ux!LMD
ziSEq04|iIPyZmLg&GZK&?z1{*=wE5sS@yiZEPxB?a^*+Zj9#9^TbO^_A3dWEc<TN^
ztnYtY_aRxOO(9i~Ou#Pe0OEVwA(lYGMBCVVfF=TDyPpzJf%tK)18$SFTaEVs3s!+2
zY)sVGR9Tpe94|nhtRGiEPyoe_%q(Ltlw_CU3QA?v5`wM<Bey&gPNO1n6>E9bynb*~
zx4c45It2(6{V?$pS#*n^lN+&eEWr26A-ivWU`gnst!_NoxO1gq0h?q}OifALtXB-&
zug*ujL!1r|<<5ojRf!SDtHj#L!z@o?pwV%@M3xI~4J1;W1mi=#w{Tk~TJ2!%Xn&P^
z)KR|n-~ET@`*@T6r`I_7zw{(2%|>&$l+K3-%_O#w^c$!H8gmmcSMz58I@&P@T-Qo%
z{F*0ou?fRPb$e#fs;bo{0k~-sI$0mDj|uB_6~wrLg(-z`v4?-0uot<TB-dA1IG$Le
zhll_4z>8*cxW4rzd2S(k@cLeRm*lSOo!`8<a^H@Quu$8YY^xvvcR;Ker<{NV0v?+^
zAZjDgfCnHgm;{n{Nzp0v9#{mej>2>z@Vtel!MQlXMnkdILHe}_g^ImK%B+*yf|LMd
z;-3SaR0@TBmJ4iUN$q}!F-om$wPmQ(%jro^xp<cBRzXZII-X8%B9)TT8y;cE)j70}
zxrW|7itDXuye{!LP!y($ZK?WT3vNq<404Ho@J(lMCYwnr16$e5=!4L0KE{_7IfhCd
zynN`XUW+bd2d$;Ctd%;W8wL%Mfh>-u1UEtAs|PrP#e|6-dsdV;+}2WfBfiJ^sgMlO
zmN_S-oXR3jJ94^Mt?EoXrl$=>vfZz4m8oO>nGnr72DoV>&_hM))Pn4-d?~Rz8uCLN
zrK?};+llekou{S$Ab1O{J1w75UgzlSx7^NMhZS~*xw5}-!Vd~tKy!cjxc^}Ry_?}e
zHUJPntJ#GcfWb$B%VP*}3&_e6*p|=;jab-(Cb%<2QB4!4G=W=i9pMNhoynCuaXQ0j
zB~D{Vy}4nBCo!XwFBvRB0}?Gigb{{0&A^60FsoEF5@`l4U^$mdERF&OwRO4dV5c=E
zFceMUb#l~`xDtlptaG$jvYp&qz8v1?^!}mL5XbN4=1UyAXUugrm(XNHp>unISr;u}
zpfw2~tZ_p&G+8x-(8-$kq`aH@a2NKLJXB|;&{+mqjpn(#M=53t{P2-*1U;l2N*L#3
zAc#2A06tyysy$P`65gLy1!SN*><_yc#w~#Rt&Z$o6{gtfX~8e%Y-Jm=r;l^h{LpE&
z*tjFY00VFD_8<Pk<~g+$tnVK#4*jzVhqx0+BftUM7EMZxGezFs5IPpt!Opm}EW424
zyy1JkquZ#I$`!eG<75{-2_d?jG%MX9MR&P9Vk%GsN6;ogIG&|P4NHyQH7c_S!ti<8
zvBS>(u*2cX6222A7=&pkQnX~GSVDGs!u)xY<#VR3x}7=3+8^7~6G|+>+A}r7dWt7q
zSk;VdT7F>EsFuoAmn(=VUrZp}jNw)fR7Y*%ErFWz{PYrZR5{9}k1!*f1=}mz_ZN29
z*x9qF;-RAo#fu+#c{v%Jb(xlN5K9xbj&dxe1hQAt>8D5eNf#5zSYbe7)o|rtHkLF`
zmQn-2RxkOij55jQ=Tr!|Z1oV@LP?4XSDgMEm`a5crI(8$4|3`1C1H7$l5-DSyh_t$
z*~?1)AsdZc%Lb6|%0b4F1ufu2DYMfQNu0jC>kY6mp&y%2B?is<i!)K2kYX5#e-E9L
z3Cd*=%c7@#-N<ePt7)YM&)anyZE@^enec#XEhWmq?F84EioE>MENmNsJxVg?KyBTi
zp%-dSOnBJJ%Ji1(QR#O)mgc`ZvXbc~@20`)1q?g55%2=!1=4{5wge22x~T(La1L%N
z(vv!bBV@4x{$&huSSVaSxU^c}<RiUsxXWEftx5_9n{LS&FXhoX>uTYr2pvXLOPaMm
z#B0_0gbfoeH?eY+;fNS!rZ@1z65&K26>6vw7lVy><YKJL$8gBw`AtF&M@bXYEQ0id
zok+Gm8;w@#dIz0}L4_U`5Au4Y&$*Pb6fEUP&K6!e!$mW^!=t*|NDm@>_R@vH%Ox7>
z!G{A1xnCaD&fWj=-4~bE)NtT1j>W~OG+yH{^|aj`YjdnJL|fhXLFs`*2AxdP2Kr0G
z%3GvUu^cuC5b6A25|o%tn^<9pZz(DxJ%S^fu{pjJ>E~9*+X-7|j$USZ%xo%*SNf%+
z<`5eVaMYX-R1{D70#C!mh3e@gN^YN-xpK6dmkb!#!2aE=X>mnRB|QNOZZNQGO@fje
z6<o8=bLH1<KjQY`Vy!?LkXEHQ*r0JKGP-%o)sKmkMFR_1zXLs^EbBwNpjd^1z@{we
zDUREyVR}!k@VgX(<+ptl^Kccf3N2Z5EfW0kUZxzzSgNC+f3kxZU=R-B7*hh*Az+AE
zBweRVh&F&3^fvA}&ZU%gA1V@Y4-FV2f?q?xck>uBJ+=2bx<&#2pugk(bgcB6<NK_`
zgJU8J4Se8#8G26{91L;bl4Qm)z$dj?MUFD4+y*(ELWqE{8bFZ*l&Cd@q+)GfYT&R(
zMFP7Q<Su(Q$X@u+*m&pg=%!;2tTH@)=xnTr3m$MCQLqU{#7=-8_$e^x#b!=9tug8$
zf2y&#s|Jz_48#A=hiF&Mw-#X!`2mAyOASt{w9gNcobbP`VA`iyEsSSFnHitsctO@i
zBt?;W;jEqK6s93hIFC$|6r(Ol(V+xGMSW2Mg$QMv@K;F|R}_i1XKkA2ba_9Ga3YP=
z4)BkUv&9;Qk`SaaLT%VlB$IH^6E-eK%mSLS4ATy!P@2`x1t3vL)i&WTCn(v6(8B3B
zaDj`xeibU7tbsD2Imi+L({77O5R}9GGa`(sh6<*TVsk<xc`ijmqMc@+(>9UavXusK
zJ46asFd#?uWEgDDVZ*^#U1Y%5WHnQ$Z&amJ(h`XsbYK!qaqr_zO*}#MX+k@ASS_{u
zbOUeKYwpAC;u}<?5C8#xn?lQ6EOpXjp`|2Q+)LQy9f?f`WR*l50i%T;G8N1}7YtK3
zx$_B!q;2IoL7RyUvfIYpKnBfNoGMlr8=%Q`b_!DrD%Z_o(LFX61AdYc00QB;$|d}e
zC#8V&sI3Nw@bSUg?yLL1;X1(ox_@6vreQn3FP-uozl)${t{PR~#Go;H+`Zc|-B!@7
zCL%PW)i1oJ)h$J2wFo9`iiE(nqNtXT37(-5ZxypAxhy7=qFuF-nB5M6Ig6yu+kR;6
z>-Fkk!=NcMSHQuwY@yD!46S6Fv?Fa*ls?o7`}*2#{aD|;W)T8aMiuXE_Er2#Lr4W`
zFukZqi$CEB#vwI4TUC0}E)&HeLK*c`g=)Zq3S$TjLO9VjZGL5P=*;{LCsbP9fHOb*
zmU3jMN7?h&Y6}21006uHmHyJ*X9;)Rjkwhl!cPJKz~kjlTmk@qA67n5_b>Qw5;qe#
z0KfqR0RRBl0KorC10?O0;dzT@%DfsLpR#|!ZT43{I{c3R1;D}20)+`dw*47}*Nk3m
z34b7=0MVX6h&>8)5P_kmx_;pb;Fx-{WE;R>J_zr@cl;qh3n{oR#GtD?`p-Fob4CNc
zwh6L*3-GYF1Ey_j{0ukifUyq)iQkxiY!uM!H_=J_-vH0HOSga%A6^ONBOB%4K~F>l
zCMSLKqeMru+C#2R`bg(Bf7>)gUjvf2rYj9TWJ?<1jWc?sgY;C{Qyw9F4+C#M2f3b*
zAL1=tIW1N{A?b8LM0N<Bt-v~IBGPmeV~>G{r@KFzrs%aYr=q_?d!Xt&$s0R1z9Vb~
zrm%lnBHO*k-T>FI148VsoYjw^`?$&u^t}&!?K$%QK4bHMZw?4@m&+~+f741dLp=+x
z%<+8!Ra-px;m_~?%Cvw!STGK9_903gppX`HgLNsu%;=GZNkg$s0(|WruhGGM5J<YJ
z^sH7}2>3GG>Rt`oa^ticY{F`h{>}Jc0B4JA$1p)WjE~nVORT<DGY2$wPail{_=~z0
z@`;e_m?-}6Q*{b>U}dy=omS_twfn#AKZo*I$Wj2GdAX~ca(PZ7pKdp18C;|XJ^}85
zEs72wLnF_7bj<l{spnuoL*f|H5u-EDOcpK(vbq2ubrp@O{1<ejx?kekPAagg#~4z~
z4>2Ov7mO+A9!yB}w@}h!0n7MY#|o+9SVbrctI0LQ8f@K(wbXhi*5T{F80+`#;<gIg
z6e?9&tVXdyMe1O&Ffg&RO0T$<bDeq>hN{lIjg_D)l?<A^Qyr-ux=7{jq81iGCZejU
z(n9p5DXguEZ0EUX^7eIkHi}i{?!1ge!L_QeENant*z7%GYaOlea$6&ZMzKy}$#lIk
z^=CE0(Qq-ai0H)AiH4!bc&cMe^f$#yUSVaPSZlX?R4dQXrpi!56V+vC?ADyq#Zyk7
zrLYLNDxIUO{xGk>aC5F@kzbwHE0>(R<yx+Cc9I_pfngzb=es<mW(rwb-t^Q`G8LF7
zc0FeCG1)@vqpAw!P14v@Iirc~7kT>F@4)@_zn0-zOdmW#91#Tzn~+F^C|fASCW@0p
zFHO3yD|=Z;Mb&h}v}}i@=p@5(d`b|dw5+IFMmJ2$cHFF&%NL5Ja-~|UH=3<>r`wz9
z4~7)YxLD53d%Qk>ASi^wk!UQQ5R<8NCY#F_iluU;dT@AjEY<3bW~<%l_WFb2XnZo6
zo}SH~oWB4OCX{h>K~gL>hs)y&gd(womdfM`rAn<~v^u@PXfj)@HoL>=a(lc!e}MA4
z|K_lz;QMjfig$qhqM`cu2+7@JT7t?!NS%U;ty?HSl$2Hi5=ucxxnKk(qv8O3T4qR(
zvwDIcrU?ikSQm16J|l8k2XTThij&f+4*)_if|BV57=~dOhH+L30E7{gKl^+h0Fm)}
zgN#1~gXuhuQ@wpdo|AlePM0j}*Tdz5dVb9@#r36A$0)2&(0oiKr=&pU;|Y==jN&BC
z;sjwBCutT4qd1AutQ-Ic!3e4w-~?e5CutTZ2%|Vjvp7K*CutTZNYXiU3vgB#hIv?q
zc_1(0NV<KrHGhZWuWx@(+xX`>PT&L&i=>bOUA4Q&mOSY4;b`USQzY4wyEl0!AU^pw
L%gFcs{<Xd21$2+o

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..35aa2029a48a241e90c1e0a8d34950f67462f125
GIT binary patch
literal 20824
zcmV(}K+wN;Pew8T0RR9108v-~6aWAK0IXC108r%s0RR9100000000000000000000
z0000Qf-)PhejI`>KS)+VQiFd6U_Vn-K~#Y%Co%wn7%y}Y2nyU>$pZ_5AOJ9dpa=mr
z0we>3C<Gt{hyVwQ9SjE>{htSvZM#+w)J_O-^`*5fYXLj<g4=nbb{qyqB7}_t1du*#
z_W%DqxgkTOh3HnTeh3-uq?P5Kp}X4?6)LQ9FpSH%nI2{IycQI+3tg!2if)HX@Lq{k
zxgAT?iEN=!zSdLa^p}g)k~20;z91q@lRWTIHKsPN*yGHL{`h+&PdhiHsKHOXa%;?c
zlZ87ERuD06Wi%?OWsQ2B>~~_}VgF)X2l^l05vGd(cY27F_2ePjkAKh1?xXvOP!gAr
zErLhXY*bxUIlijN43Bg6FR4Wuvo>iXO`4?UR4FzX6Jt9Q0lvGO%68{-Mkxn0Xa5s4
z2~t`hg$9Wr2?-uTL^mdcK!U}PfF}?VtUxJvd!>e!3ROL;zm`%x<HWuHeg#6d${}GB
zU=O(Oukv-ZE^B3pzQ66=YjR02tqC-?OcMVs0Z?HPnQVaO@LV_8W+r8vBrrv0a^mv4
z7f_psyyoRO`bExECQeHK-e&qfEs}@~$YrQ#oi@{_l-Es_%9ARSDpe{2KoE3ipLC}a
ztzdC@Hno31tf~6M&wX-VO*vCvJJaf-MvMRn<`1y&2BhOSj^lV7zf4||m*i#gd@`9#
zPF58G1i-QU%2)@FY$6AUD@p|Blu+IiLbrZmeQ>C-*|befP@Y`Jbx8W-%G5Gl0&MVJ
zcFA|WvJ2Ufhg{D4yGSNT6h*)SAQpz;03i7TcRv6~{c_(eaNre=?*I}!i-1nf_yNe%
zFDbXYcX&^E6DjgOQkE!=O&-arwaO0cK7)HD599+nahuaUHNyu?>T!CyXP2KzI0{cf
zo4Yse?|+%If71F-y4!u1pMX%<W(_-A=O(TFTUuL=mh^SEOS>X*7#HCvtqTJVWq1hb
zu+0Jg|1GEeZ!WbcR#TkCNoLi~`9OM+tt%UejI%jD(6gV6?mMyk8mvt=cY@>1w5B0h
zO*Tu@H{WJ@lIdZf7}AV$SaF0S((ZA7?)<Oi`22MiuY-R{nkT7*60*T{gM=dDeg61v
zwg$3OD|jVFWA-ZJ>%ajuG=b`r`PKZjW6dnMPOf;jNq(kOv#AW&M#N=oh+eH10$4Ws
z6fS#<A13f$2%^zIk_?cP21v^U$bbmSG!>NX3{dtchO%EHlq<DBxj{RWTXaIX&3Y&+
z2BEycIDc>P41W+9Fc~l%1PHJ<cm@hE9Sm3wSPKFJ%MFkbi4C)FApf&Pz-m_fPkyhw
zSG(G(F${xfnuJM&Lxd5I3QXc;UKe!1KnJm5Yy=<0$MA7tlAI=Is2OUOT0<x3BxAA`
zXLAm3@~+?tp5RM)xu6u4l2T3pJNm#tEV*mQn6o7S1(?Z!2`FkB@IP`)TMWqA?P&(&
zs`R=5;eY4N9v9?1CpfU~D^8n&01N@yD?q2$6-IlrAo(J3<%S*;2F=*bEDj%H?&<3}
zfNSq%iU6FV^%vs*H!Hj72xiTl^)HjozG}(-@>K+?|J&n3*3?_Vc$g1z=Mhh5RP>N~
zX|HRQQjZ$Goo(AozmDkVZ8y+dRl6_}>|onP-9NF0-fDRrg;u^36x%(6nJa5-j6cO}
zz3{0I9nRy`znG~l?yi=3fio<Nr)r{YBtc%98LBk^-C;*=Y%KfQw--zS8e!y`DxxGd
zmTFTPN7P%>%>4!J(9H7ELLT!kYO)BtoLU>);dh(eLVHTuSL)X~V>lT*-zv^nCraJP
zUsz0(=KfXHLx*vmqxv?kzPvWB?s1bJCCo$Jf`m;z3nKQJ037n(52&^1hV&B>eco%}
zEGBn;$UJ-N&a+4zrN`4M_e_PCrcnx}jJl+MqosC^;fwtl4Yj~LYP0NEB}*nF>K|HO
z-Z(PP$wAcP3Uh3q$%1^?yE|0ot4%&$ZwL9Tz&y@wz$v4=Ws)RH*iEbVzf$9?f2NvU
z=&vd1Qb!MSoXl{TYJUQhrWdTjiZi9m7CEZ4HJ!2d1ldWPm=R0gdf-%}4BxcTnzMC_
zqeiKckaVnP>LH@i&nNYqU|4(E^Xc^sl3A&3Wj&D>m)FAxwl*5)=1yg3%N4k}swUUW
zNMmh1H()IM9cU%Ce^IlMMt@Qs=Rj!Ei0J9#j=B+gj|SjGdch}-mHj%N&?e@~dKV#g
zeog9!V%gDTOQE9O+@)XUR0WM#c_Wc@8-TQ2w$)!_Kw7WIif<nXtyOv*m(q5)&HlEk
zI4@$%zJ|vs{cVpkI9D*ayI&uHBxg#B*rV3lGSy_(1@=0JYVC?=>HSA`W(Js`{HnD3
z1O)9jet3`oU<pk?k|8K1C!(N)QPIF_nV=XD!JDQMXFCIuJ&GmU&mq-?YGk`uog9~G
z#Bik+OgCu9a*IxEw^@&4#UQ?bUikO^z5c!aqhuS|MGlcO<l@m>!v2E&FZ-Ct`(R@q
zLi53G!9ND%1h2&64+oe79083w-XAbdkI)@-cOO4TFVkh;e|(RydC+&*4_{wlUT9tD
z^w5Q&t3w|pk-r%OErGRxt${rNfmhk2T?qw#4geIXki-OnAViQT2qZKSFi^rUh{CTD
zS97`FvvMe<Y8x8`j+C^etSc4$&ySfThc{1yXdAsGJC#Xs2AeGBQPfS~4n$ggHhAPl
zLpMj!Tq2qdhoLKgp>SneYphLPZv?OaB8HXKz+6DPSv?i8wFVIa!lig~^Vw9uEU+jP
zT|q<!m<-yDS`6QhC~*<a0rTqXQZ<c4Mw8+6E?|}h#sG32vdZ6FVp}|e>KAT5Q9WsN
z<Vqu=vI#H~!SHwr%ol=NGYu^2SrWTf1)p_kf||{M0qi7|gDa{Izh|St<W!21??qv-
zu(3oGhi{yM_?<@i3;*7i$;tOwyFRnFqt4t<I${k;P7;y<th2~gR4qKsD3xf5MiicC
zrR0fjzDh1GeHJ~uBOWOQPnsE*j)0GfPN~D*2Kn`?U8srYVk#vwFN@3Q7B7*sa`0#t
zm$K+h{lKB5V5z%_8ht0|>p@tmBiU4jd=#Omuk5>R2a$;a4)Szi*c8*=OF#?LgLa~$
z4iP(El#@`voKV8!XZWUv7P;>)MBxWT@J)&bUnnYkQn%?JK(O@=ctd63)w(qv=<nPa
zU)9r=B6M+O9ug-3PXG>s6b0%C#3<vDMWKp??WHR+xM=9)@Tno;kUs_%$~%~d11ri|
zv{HTq0uc_Aez@_*mR67g&x4n{x*0MIbe#<~I^kqfFWd>lGU<Ru$1{K?annN=DhW^r
zIbFcj82TH>jY0;~sAq*n<r#bi)shWV(7xyb0s>GUVGrD)rZ*sh&FSg)I;y}kehU!{
zZ<)Z3{Xopw+72KDMvP>3!Rwq5JUa(Pz<1?;{pix@A;m8n|Fu&X3=fN)vTk~k?l39N
z<z3$Y=+Hz)ye`U$Ik_mGH^%E~E74ALlW6Gc{R3TWJOg4%O_`;zlqr>?b@XYyOZO;n
z3q7r8@QhxOul1jw!IUY^n6jmLOTk*S7agUl3Lalut*tdSTrE#;eXp<I4={`4vw-Ig
z*m}bBX^ZDLbb(WsIDM(Jm$`8Hv#IBL?Z9))%TWS&q`DrK&Z010`o<F?5ULVhrot8%
z<e>=|l=!a8!Dn6zjKID355*$sP?i9LM&=4S=VmbzP>k1$d0Mq10IrvQnS@D+I&$hV
zsys!EHVfoe<wyYrlw)1rRpm<Kbcwj$YcLfw^eyB5lGh<2U~qZ97N`w=gEk7QSE~g;
zPo_Tz1oDL}1x~xo;~H@xu^o9p>p1+=a=tR$Xei>`z@P4upzjI#asa&xh~M)juv`EH
zf`9?Dp@7xkM{lk7q5$}gds$TM^H>SK3A2oB8g)PcM8Y4yCL4+l&BzEqZJW>U!}~{2
zf1z*Gue5k9-Z$<~2q*l9c>vl=1TY%=qu9@Gtne?4TsR%5i5Tp!NBrD$MgGoGeFh+M
z%DX2DL#`_r0Yq2N8*He6b)DQfUDEA+dq2P8n;wiCLvT?~>fA2v+xk_M-OZAKM;!3T
zVP`*W`2gzg001cfmqYpi07&N8hG>SAf|3eCLM>fJLysmQNoPq(b9sDOO)YH`I=Uu_
z2+h*aGALwJ#H>WQ3Kmv&O`5s1aBJn&&ZAqu4N8?6AnDSn$9lbdI`na{Y1D>fAH9tr
zD8O_u2oHg^8k>k0v+eKK^hVMjh#BF(^=2SuMgYCWCuc<<fOhuB><Gde{V^wk@kW2l
z4K&{9k9mQ?8;vnP4^^3fSEX3`9xsBa$H9yPKzst?DS!l5ayrw$3veBjd}Y)R;tOf3
zt4g>>>jk|KniSVa6MQuRJK(3_J>SFl1s3qB;NYSOEyB$k$tnJoOA-IL^Z@+miy)z>
zXXvElu_T8!C0A{D**X~|g(yoV$%?DWC?};NGd;^QWz{Filwo8H9_3L|K|Rz#E0vr{
z+GyJ%B@|^PJ2KleeKVuWLXo0O!|?SZC4#0=2Q63PPARmP)k&I^<qjOfuq<=g&uLbU
zWFu~~kxZ>-s^SyN!a;+7WCV1i?F1#3iI;T!i6@SY@!_U;V31Z@{=?y+5C|f{zZ5C@
z$S_nLgkX!eG{@1yDd4gzH4I%hg>?sMgn-x{*pMx^EaMQjN`!s5Y|sFqBgWN^%e{e6
z5SBvmEEk6q<3ey3xwntk{l!&c{y`X$6$z;s5i}`|w2N@4(D<RQW$H1mA}WWC^QWv5
z4F5P|YEQ`82eqciwf!W&xz|iGP0I@MYoR+CMd3AJ+hCNIk!9hzzvPxUO^$#J9*H98
zwN;%d`hm|3Mc#}2ZJoh+px2Ps&$@>-+BZj?yKkyvF1vfd6_9n&?LaZ`a<VGECv6wP
ztUxzY!4g-@Oo%N^h+8*_5o0nZ5(9V6@OQsy7K^$2M>2{AM*$uG7XsTD$i}FSer%$s
zm@JlcoWhuciVgyVKi>?5K%0@lr<5xwFt8wE*MD6b-ldIvWeCJzrz0s?>9K=)`#K@-
z$4Y|QdIJ=KB%GiP-{)juS3q}<>~@NRoLjoEUZ?EGD|Va(^cN6oxpF85g81^Z8z`q`
z<UTDy`Iv$wO?Fj}#OKb#m-I|&JBg)dBkC<XR2mKom?hjp5d4@}V8q=yY0yf6I}d|!
zvor%DH8pC0NYW7+OwNSsPpalxp*Ie@dH~1xE2QS)>A7G3QZ;h*u;io>a%ELe<}7Cj
zA+{usc&0dP<&<nkJmxm2x*%=J%pB*%D`IA%M2@%Zg);Zvvz^BXMDiO#xorW#UP*x9
zpWwgz{fc{j(Ql1H9z~cC-xO`PBP4>*6`Fs?KyVPp3YGva96V92A!?EEV61ilB|s0u
zkHf=&7qBh)t`_bl1XH}X%*~D}@nJgEMB@NZ8c03}iI{@bd-AUsr*d2Y6`G18A(LPU
zv3%Yj0-8M<d$C;gN^zz1l=#rXWhZoCfc<pX9m{-ugH3Q=_x!0%fIf7=Zyr{gtu&o+
z90kE4IZ<(L3ZCWZ=<e!fylvtS#++86xt%+F_&y`-+>cZIyv6s;C8w;3Bs52W15)*Y
zf8lmp25;z`^mSzofI4isQuYRBv!=Us=&OOCrP<nlAGX?WyQUMoQT>l`F+h<x0AA%2
zxS1HtVG3!meAXq)8!PcKO4wpqXa{x+44I4TTUu*|hS%rQ+>wt)l4bxwW%>vMtmSmL
z-)z~FffjJloYaFJe9Xxy3g2y<nx0i+xHkN|bU!h&V|o-21ANZly?z`L6GfhN1C6tW
zzJP`5=Ml(&hJ=dSEyNgmAoB%R>NDI)&~~8j5;C}=XE8M{pHhOh@wfXQdmjGB5Yzz&
zLs}IaNrtL|<}<FGnBPeVq=HXx3rrxYNWc->OQ%62esqbJj?}34G`SZD4~i%0*r;~9
z#{DgfC_`}(-653*mp<7cCPL|!&&uABivk7!U#xz#`V;d3DB?eMaotTWq1g!FEC+H_
zbDB4Bx5wn8K4O5}jwZ(x47I<5|8D88qvC=6UIUGzRVQC#j6leblW)2i1D0^{?F3rZ
z&{G7-PI%+PfRR(Q-%i#4gxD|hF8f&&T$uq2`^8BR|7gw0GA+?E__1HjpYTt*W$}i=
zO_DCnv61G)8(Z2F(P{F!vLTDfe$#JsnxjIipibTspCXd+fT|JTXw9)h)g<V9$*o<K
zI6{0sVFUmiXU?=)eA|51Z2D?CyuDe96+f$fKN$T!Ckt7tI<eT7Sca>|p1b(s%Xy!$
z<-$SJj=U=9W?l~68on35S5~Jn3VD)(5=mINI;gZ<Yx6l=U!{Cyu_(1Vi^B3%>f7a3
zwOnCUmA?(Wk=2{c>iw<7)M10go2{05sbjSQ&CKf^-YT-d+^ObII%~<#pTo?nP8#l5
znbE{MFSSu8;se-m^frUJi52a66*Tv!1uu;~iS5TvVAvBl>qFK{bblS-H$^@~unU9H
z{d()?u3be3ZF+~Fm#+~#xz`Kw$XXdK34AnW+)ld?%xr_2AD5c17{j1<G3e;41)GrL
z2>A;VGgl`NV>dYj9g+5l67_y}F?G1W(w41sY%;4B6{d|8SbHld#XdEEvUYC#$cCcB
zjB|G4m?VM){4(~v+t*N4)iL+mvAO{@y=Ao&6&B(L()t$U1?QBl))K#S>a?@r&adi;
z%9@%2gsI{cMN~yv*Hn~f(n-p{O4K~0CFPz|pdAgbJ!~g&xFsoBiY$%<(S%n;I-@EL
ziZr71^YV3&^tc|IHn5jb%q1)-#Aa#yvFv*~A|8v%AD3W1iA%$dMbL-mzRU~#EKhM5
zjh-V)e-dLKm&}G9Lxb+f|I!J!((D~bJlWy4BmTD1RkIQF^K*YFDFnPcc#N!H`9{y!
z*1|V3HOVv)g{d8gX`?2mRyRkSNX<fc><lSARh#Wm=8FXsWpu~z%`Up8dc0&UEnksL
z((!571#kUtXb72IlO|wwu&heRXw$Oe%eNL187ca8zeq#W(<`<2m*Qz+{4!3PQ&Z7q
zieI{4yE3f~k^Z7z2l2tmIxfql)3RD?1W2Ybk+#mn3_FGUl6@h3vRR&y$1yM|R$gFD
zRdX3d7PZd#*%3A0_kCGBG|<?S7)gb_gsj0C$7|wYu4epV$nnLeIlCMxs1%4eT1s*u
zKPja|1RY-?(^+hWAl!okuEce6!F6l_Ym6X8tR~z7;goB7wg%+?VUD!d&0>E4N%lj>
zhx(pF(WsIFzogLo#-R`gpW)WB<11L=0#f!xZ#@Z@r^}|=kQ$52aM;o+sj<4CVF`N@
z>*Dt>=?V#RDCCHp$8hVkxvdT!B6lc5LrB<@-+Pbk2lq!Arr1ddjW!-uQ=y4Y5lgda
zq&s+H<S(bQsi*Zs2Hk+aVxn`WZ#Z8R<H&pogHBqv4?gf&<Y3kRo!3222`|`Dt^3Lg
z#jij3W%yAJ{r#o)|Ehob#ibXJu7{t#&;H>-<KdUjJZRj$I+yN%XaBqA4Y#dS>E5Wj
zZ?Y4PV=?26YY$?sKVXevu@fW<<7Us6{NUy-dJ?~O`7Cz3&kimFYDw8tNVGR(gMm4Y
z*Kg8IcN%I&aZ%V^_-shyRd-p+0`|JyloBf#<;YmSzPJ$ja_H!DZpyU%Nr_PnI(oOi
zmwM@y_S!Ayv%ZDbgnTI^b^Ib8K~i}y|M?p;TxR2YKbz$3H$D)_@m)*H@~;Z?{rN6u
z`2#LxkuNWG;pGkEhH)j0?XxhsGdG^k-}eO|%8VRtodkOl2!e~p(&tQZyqPfPe{!=Z
zB3or4(WSZdGO?#TW0R0+mr0YD$s&FW`5WiTjF#^E5CaL4f`*JdQ@z~-A+xkK1KQ|-
zs=U;oMf?Pc*@ce@pHC_d2M5)#(TmtZg(tBwaY{Z4fnhcG+xwi_i{w8`Bl!j31dW@0
z@$+un0eTyvzBm0RtI#@~yO-*W-s`($yX2g`qjN>#;Z+P{iTw{=`uHsrd{k4`-i}TG
zR2e=O2|iL!ychc8z5MB5>u6O~zK=NrQw8Tu(tI4_7+0%CD`XUxPUoSjVm_A3smo29
zs&S=a)FP$2^!m0mC4E6P*o9<M>c=Fmg(Q{`?ScZnuT`WYUHh2Cu_TG5Bs<T@^Sb#3
zq>llw)Rq}hby19x4k544I>_-S=-trP<!0EU=4DGl`u%%9woUoaod81Z_@3lg3Ee$#
zX#{DemqEC)TR?}`j?#F!tlGR3eB6N!YMkhIqm35yVKTo~IVlXIC<j`HN8P>PPRgAZ
zb0@uQ2GqPXx$!Tl7X5hcC|&G;`QnYc{r_sJ&-s#Zryj<o7v@$IqW^G=Jx8w~=`@S4
z6?`P^ln*;Hw1?$;cG4Hhr{Yhb?DWBqODOgdKGcM&(#;)ev%pS1JofnvPvCsePJ#H~
zkN2t-C>JY9{6`5Uz<yaO%SD^p8~D!D3$vfi(DU`ud{j~Ogjqgi8}nviZA@(<6?$!h
zaX!;K(AL@5U>87LWW{iiYL{Q*c|@Iv>)!i(K)q^u$WU$@F)J7O??PvFWy>hWHZ^y$
zc5e8{`a;iG<D4Bi1~F6KY0A#jmMN0=z5I91&4sDj-|nqTiCk#zs<DU|W@ozkn>-V|
zT=P2jb(^g~r|)hb<X^#4m{mO?rMCu|zO@Rq%~93g)a}VP<5FdkETzd0mu-(`AXQ|M
zoX{Yz)1=iFF<=#mgP+?~qI1yut$KO%-mC*(Q>f1zJeD({kt8{|c<jr~nnaq|&d+sg
zwG6kNFG*qQvZz++tP&Wzl?htP-O$Fo9D1SKi>ozRTs|#RER=?F)kq${M6SO;ev$op
zM&=6p#iX-&i!}P-sI$;aV^2jddVhj7A;(b6aU69@xh+4c#diUlmT1w3tJ|lKVHU8y
z*jVb^GPxq6RkA)rgD%<2rnJxY;UX_PdCqxotdrE;U$>e`d%)+;JO93#cr7=pY#Vd=
zz<3C=aOgzK&;{DQWph}=!6o_e729%{=(26L$d?W_gqdxFw&ZC!>9R0G#y|C(eAl;H
zn0uY5ejj@he1lOP_usuPclNW6hlLW|AZ27_uCPtmO9=WBrpsBO(cco&wb8g2QCmtQ
z?21@MiBTbPfTY<<XwyO?9XParz6IG^J}0ZMD4s_LwW~0<wwl^aS^fevqw$+k9elH^
zG<Nm#uFpM(m_z&H%i@ZwZ;q#F+kc-vS%_&b)P{kOfh)F+G-d(29nA6u1$s=$*DP0-
zZ1U8(3H<h)AzZ)?2}@R{FDS?<&oufFhol%>F5YF_RVEbwhu&knH)vjoz8qR4KGZpU
zu5`||vfbG);v&(PuwL96%yInq*I&-*UUGuRd?-iq85$n7RjZ@8wLC_?p85z=my0sY
zM+1gir=_&!Xdc*y82nCWpLmzLEx{&rN?m-)_C%XRnqXTjT1tt!q@&xZM=8OqlQhGT
zX}7p@OCFV0W3g7&^W3zqK%vspk;s2SxM&>~E&xpEJmwvhJ2YH4mp<3VZza?#Z-|1n
z9(XQ-G_5o68HbLoBoRUJShCSGCzighp1pCZf7-`BU1rfMGAR-RiFbf}SS-)yaOF(#
z;o%iG!-7^?#=%wh(MR5eok!90*ulA@eS8xKB4^&Q48xj<rhO}6^f{e48fULu9@n~t
zZs|xl)v@NCzQ%YDXQeXy=tc$0ssxNS9Xq~!pOMI*l_m7lX7Hxp=(w+1n<&&W$)*0|
z8zILL^l|+01ay?SO#~V4-q^}4oo~8q#=}h%GyZ{z&l_7AyC=gD*t%?r6+~Yi7vz`v
z@i;{;)iQ+%vZ(hvK0nOkJHI!_Q)HFg+!ie--oio($#93*#>s0!DO=vFmtz`y3|#?I
zX0;_xun|9J7rV0;4`hona)d6$?WOrRCci0jA}%OMSEfeN3e+U_vF!NEef^K^_IBw%
zIa&XLiRapGHH2(hrW+%5%tucbvFJA@?t)RJ?(6$Kzu<9Y+$QD0lYGigyunR8+Zb{0
zo$d9$tM|{npFdu?_ijWZb&Y#`0tf9+yz(NxP&YF7`6O-(iu?<8GZK7cmPU`oYrZK8
zJCC5}v7i3h__n0JMV6#zkde1iDa(Ooq^ri|{=^3(DI7~CJ04EuGy^%^oZHQ|R(Wo7
z*1bfdT}e~lp2a$Ld1($jtlY>xuGW{<Wj05a&dBRnnrb;Rf%>>L1BQnY-=pw+;`!6|
zP)@A_o|s$u!GA4%to%%){he<ujM}%pb45e_0?q#se>h<d0__r;ky&7A2D@YcQ-A^g
z|LZsIpE~ib^VO=!*-h{Lr5GRj<^8l-?9GAS6E}yKz{898E5Z!uU3|c0c_8+jjN$vU
z40LCpyxl+e+q~&-6yW5a9kOLnY(K>Xz|-H_|FqqBOVqjGts2dd2Rm0fiAOdbz9szg
z%^|udzY%Z#wc#qid6g9d&#^y5z=;xa@=Lky+*_v*gpjcI&Zsv&{2A0~;^(&ox#%H#
zlR<+S_ME-Jcbx@S8)$H|@%o5y5ngB6IMe)V0$+ap@*FYEh%`C&D6mq)+MIdMQv%||
zTo`ikRD0ds!%>p+e@y&W5g0jV&&Pv$>-qiQ!|;{^z{X|efp!LQrPmz3M&9KBd12lp
zO8||&nCg&+Y5#V!x3>*b^%>AY75(rTNVJugOO}zR@;*o^=!?e2azIBoKpiAekr#4m
zXp=U9{ImIOYcG}VYYJszvM4%awt2a>hzs$P(nT?!{{ohXPaN_vl_z5sM$a1fcdr?r
z5`UMw_rn>KLuU~X^pW^DesGphx|iM(;s6fC)yuIhPnVtJpXSLrS=;U8xLIMmpLdm7
z`v>FO?@O^4#O}X)84~RO&&Z`3toLEaV=8{gb!pF6T1xY@|9UL<wS!O5pZ!+`z7c4L
z=eWl~Kk{Gx%}@_{UtEX&7}J5d)AheFjcvewgnc#qNcfd*SpH5?gdR~YDi3<=#K*!G
z)pP2N-hcFQ<VNxWa##2c?T~I-<y>`hAVyys@#tWcS!Iq6ZCmr};RZJs`G=9YsQpow
zMco$l%;;s&_m7>AyAk&~@%<7b-LUpc(odv~iOXVck9mvyF=cz~->1A-JGO1zk7IwG
zw&L%JKR3NT(^GfEog4R2^=s-cX7APBsU2F=O}s0yxprsb$MxvCiwOT+KSNw1{%yky
zX^C_x={C}vtjNaeldw&<CB4b+*morVz&^eu;moDH*7=I_-!0><{q&^-Fvx%aAJ}pL
zAPN``MF4{UsfMV$`ghCK6SbaK^hH!}me`P3oMidrMWq+1KA_Uau3{D+mobdT)pJeU
zbyHP8MG#h<bl(UiCPQ!d;~D0;60`r6xYE6%x4>$ou`eyof1qd26~V^ZRup$x<p<Fj
z&=MO#Z)jU;_=2=^<lExt5sZt2KMx&}&%}+kKdlI0Pj<2GPb*fDW)LC}oE{Ka^w<8C
z@t}2#vSA;XN@<M%n+Qx!8g^REl}bgA(6t_^<w#BI^`c6qFGcAA(K3e1{FlM8PrXox
zQHC(bwap38p^S#K2E$V6gcnaMgmQ$x&>gDvYFSm4t&kA5?u>ix9g->E*&B24jlQV-
zoj|vY(U(sA$HzW#2`cgurn1^LZvr(5ubh;w#Asvh=5P_ffr$p}jDT{SEHEwOV6#hn
zh$Cp9mL2MGiqN$P+mr=Sp?rc2M0?BF1qi;-AgsVh$Z$KKDlX4MEcL+JvpL(ml<!C|
zOUkJ)7Goz#ZluVPMPbt#@jc;4nVx7ZNnwcH(AUr~vzf=^osmpV9ETO4;6@N&7<&@5
zXSw2sa_{ba_LiOH5l<PM`Vr`_2uyBTJta16>Uw&$1$~WR3M5HVg|LktwPe(}y0_jP
zqqu#9?@fbvMHo@9RO5#$twS2TT9vN3vXG=-YZgCSn`lVNYya&1XS7O%<45@3G^iK5
z5%t*NXNM|XgGunj5$Rt=t3W3U%!0u~q`4`jHx=5oJ><r8LfR!v2cqQIb^ZUfQD%GT
z4Q84<T^K)<dZdgpj%0;ps|gfOM_}}V&cjpU@uuCFGKxPReoQRoK$9H7t$R=Xk2?F)
zYtkcWu6V=fq12ThBTNi1fnr_03MWuqTSTN_&?NL}*V++@_vSr>Du{T@h}oD|mUu*0
zRI{<onKUN_TEwwynuSTRNMLdQ@1O`*Gh<OCc6>@oT*vF?(o|>O<W!3k=AoYntyO_X
z@R8k|vLZ0RMg~ToJmstZr_TTRb-EI;Z4_`W)aBF4K+CRDdSbXL<hQCq<t(ETk}HDJ
zHdDZnF?YoT!ZeV@#;%omh(jS~)K^Nr)3MnvZeqs|vB{^6pLsZxM9GlojVNqZa5M$f
zrS0<Dy&@R?Nr>P2<w~e<Krjny?ib8|_9#_=$ikn!2(^$6djwlsE<QvtR--%M%xSi-
zbPDs2IpwO+!%X}n86J?r>L`<{ClW=?lX0?n%#$VDybZ!qoZ`rgDY2W4jH+68e=(N<
z%qY^VZD13Wxw|9`2|TtxS6}S`!t+qv5{%hG6sxpomo!Pzt&N4(YpK?J9|Ci52C;w)
zGlCFk!V6%-OHc~WQeuJD)4|Vwt0%fvVE!i%KESAe4#<=7lw-P`n{4Y-YWh^zU!___
zoq{AG0yg}Y!B-y_x)lQ#eO3$$`6JVKI2qYMQ*J>ck`hwF7`51gdt_8$aBUwzCG-ex
z-E;ik{_5u|i38#nHjJ)7yz<^q7!%wKBlhgn0Lw68#}Q(VrDAGUmG_@A=S~uiiwhhR
zGjt9dHk4SpyA?IxE@U%~9F+k{jj_8Jt;u{mTh2Bn5vPzgS!<H4Fo^(0Am><!CyLeR
zLHb@<Qf14rte8kgkQDcMJ!P7xqRN%+2#bI2P1K@zR9v?+WxH-A<?JMqfiTc}uH1vb
zbYfXsRJKx6&QilRK_C7I2Fp1D%kQqP@E|ZKY;KGAW2?uOR`L}}%d$OlIVV)!clzB2
zc2>Xm48+`%?)Z#WF3-*CBuXkM0hb3^8?E@RXI9A7Mqnr<vw^G3G_atRqyNOCPW{E>
z=wHi`Noy;3IO)`Ce0LI8Na8Rsc}`9a{oT}qLZBpa$kXoRy70pFlJEENzTLMcimV4L
zf$eKX-KY^v3shl@i0R6lkrc|*G{XBivsQ~c7U>9o#k=$aIu7up$F7l`;GS7X33z1C
z+H60oV&7qUfgGO5(&O(LIrfj}6z<~DQWg;?AENtDA=&NqV%W~%%QW`Py`De4yIk7P
zz}zOopDNEC92$t>EW5-DM(Gi(Ewv~A<*t)e3c0fSarG;V&-dR~x2<fv!JIfc!mWJ#
z;}-~8Ko1l=z6zexnWcusN~ycs5=TV~9Mml<UK~&cs(4{qM(L#li&~kq&M!+YTu(2i
z;kGf3r-6Tad*nPm*gCIA3<r6ku@ayBPH9$|QL@fKU;xYjMdGdU+{0Jj{X*fjs=NAw
z>Q~#tyuV-B{;ILJg5gH+8mw=%-<~hmZm?`UlxcWPHYC&At68Ht)D$P#N)vuBQzta(
zF=N|e#5ox1V;6-bNzsv3RWaMe^MsDta5*Z-mh*&wSb+*cpeehJ8;foCWnPI=zj>S~
zrt!@s7jn7deM>D~NfOqKZBM&~nId_j;kYV~ow2WpP?~ruVY`~B@&HjEL4?~JFCsmr
zl5Vbc1|ejQ>Cc}OytezD!+&|I6(=D`FZY?0(Yv>4$Dd_Ni`kLK#*3&W>S&s+Of;<K
z4P8RLfS{!tlX7;-)`XDPB_=cu4JyD0Ym%h^<9MkNd)gv5%0yySB3V;WyxCYvIZ1lV
zF=`Dd#T~0lS#X?<0{hF=W`-X1WIH=u5*T7j($A>oWutH))2yl?v;b1v5eyR)6jd#P
zMy<rXxHNa|rAHuMI<kV+uDx!h&M1mMkxS8fT-4c0dIdGDGZdCx&9FNcxuX3jLC}t(
zmOCVLWXum_E$ze^;=9br%t3%s7Ay?K=A<8DkRd%XOHdw$6zjHm%d_RMCI+dW^Z6rn
zNFF2e+0Jx#PVUyO|NZh#(k@I~)I;|AoCJXts{M9aU{k=A$sB|QL1v4HW>U8iVk#Ej
zSb39(BsO*aRoAW58TiRjt=!fIt_Kg#uR<N=u91)uH%E>LUSG@_xt4BN)9p{x>NTP0
zQKP1)s?{$8U9G0+FDcuCiR)z!#eUgtrUb-DPb!2wpC%eRO02|}bheD~h7V`t!8IZ^
zxG{3n-`yvch|4^>*qZMC_Qs}0p$Mgyk15RLTwfW)YV}P2P+8Td@bA43QT$`?-%}|n
zW$;-IwJc7SGIV5bzBc5cdGceeVFEaAd{Ef{qbI-|qJrBIx*$UtLC1ek6cG&zr}Lv`
zQ>9#rDlVutar}25mO8*_ObZkd^LKVJ0~CMAx@K<P`@$2Zq9;BmUbnWiM2DO?UR?@8
zFEK<9X%Q3@WL)Hv*TAVyqfq?fBA*a`SJ(pjYm$~K?&EYXz{}E^!8zuO0Uj~Y>pJj2
zmL5Rlg5PLPxKvr<d6%Q|Bu9j_?Gi3a!$G*{!g<vBbNeJP0G8S9pohw$KfAlffe}jS
z;XtW*z}4ESN%--T8t>8ndvnrUxBy@lG}FYgjo_S?t%WS6V_bl(skUvkrinD*NRES+
zK@*%2l-;%-s=IW6k9hU6O62-#Jk47Kizlbsr!`4d7UZRo!tq*t^ISUu6JUxN^g0t0
zg#<;5xWsUJ+xkU|fe<P_?z`N>u>4g+92Xqp8P$~K-7XXDMj@9k1m1JaZm;Ax;k1fT
zRaL9>uAKt9?AW!^MVfWXOipl8znkf3ncT`^Pvk2(hqyb9-O|}&Ew8YSEHAgZdwTm+
zW9+Hb-6~yZU9{d*f=HI;;X=;-f5XfcRb(iEeY5{BFMlRQp*R4z5}IupiEcy}Jg+m-
zzyd)fDhqxUy7mf*DuSUHNeT6!pDY$o4cahL+wy>D?;E?*H5oIinRLxw2@(r<t}RR=
z(snn>B5Jjptx7r$X_Mn)@ub2dE?%YjHEXR_VMF)05M}nO=HZh{(!S-F6k77Ty^;Xg
zy=wJrR54*FR@kS4nDPj&6{@h@oR^#I2zhFVDizWdN@XO1TF#?ii61#WcamSQ*htM(
z>z%So^PN4MOCi5DQ52ZCc6F|R94<68Dmac>sl@FR3(2*7(Ac410v8dC+Sw*|I9Ael
z$yC|m9(8%&pcob0W{!ugvioppG>Y0)MG5)y2dT+$VCw?)v6+R-Oy~;_dqHojmUVG0
zXS<FXX)nx$$sp$$mpUjEZ8-Ja4M|TubGfZaCe&vQ-#MCZZ_fc@+hs<=#=ECkKl;%|
z$`Kx!k%UaMeSWrZ7U_C^Qn?yWmn1|~Ev=f7fG8SeBkzPWb&IbVk>7QEn;KywGlONX
zi8UuvOPOR+UsWspGd74|au9{D{-lnSiK+ZcN-{tW`3UBwteUVhkH%VzV0i~zKTWq+
zZd@@w`8tbdI}n0EV<T~1^IKwvFneYeomya#F=teaxQ3>W`Ah>@428@IRJbh!o~BP$
zH-Voq;>@j5I^i1Z{us|RWQm~=i<jV*k?x{4@zoO>!2!Dq=b?iS42a^&xG$+py1NP)
zK<`t{`wxwyf2}y{k%1I1k7jx;sH2@?Mk+uwbb1#@|K<CAyq~4FH`z842>JzB7(fO1
z$rw!fzc*}%+8SXI7yp0QcRkK7C^{jXht<F6u*6TS7p+RjuLQp~?rS(4iNAmnPKW9e
zeL&int)^b(Cy?lntAhJIR}M;L=|gCEJ$9vN8d4Fz@(8E(=~lK0m}2m-A5t4)Ij?aq
zKT4O8fBrjNetB3hE30~6J)XSBt51~jYM{8bafcF(ow-8}{^~$}moYH*<pW>;MH>-}
z2hbxvDWgv7Zo1WJ@F!mRk018dD^e*}u$@O9<;zIQBfeEbtChyZRCeKkxm2}`pdl_t
zfci1YhIhg9T)2?~+x_O!P-80*q^Pic%0_5soa}Ejca_mSo9DCrz227e%s7~=Z&8Wb
z^+jb?n@q1_#2~9zN{7!qn?kUpU)Gw7d2`J?3cZ=>Mh7`1bUev<!F6^@RmX$;#~q2i
zXwywDdEBpv4B2xsLwT@EUTbB2_hoyVtRyqEJ^83g0wc_DnbV_Jk-(*n7>NDD8FFIK
zDuzYQd8sjwnmzkBAaD%6d`p?>ac}oZ4QyqaLB0kH9N|0{xyojCv)$`+VRbUI&3@>D
zv;jmpwOvCq{akN$bhw8-=~nl4ueF>KcJnvI3_G5?pwXCu@*mDC_iNH-@ui7ywx3E$
zw-qOh4XgO-skZ_?rq#({3@b3>K==lEIAB;)iwlU_N+0@QYNFS@-d1h-Q0zSihkvCk
zQzdO--D06gOK1dDF&Qf4ge<`E|8>Xi@I8xgrlV)uL%jJWzgAO3MC)ouAeIgaPW@Y`
zid0fblnEH6K5HJQIQ4~Dl-7xgQf_1@diB+fJF7XdV26J4j;F&l?_bZ{kJU#`5-Z<|
zjy5#aqvf)0kZQ*ih^TqP(CBhl1kaC0oZ;W)gkBvOlosDf)$vMc>fxhMYKT6V4f*uo
z)I@|x{^0lCJXjMl<yg=YV3Iq@%op}Tv6)mvY|(IYh~POn)&H#sfEBHzP<AV^!{vn}
zphcg!gsi#`4ySW#g&oW)JATxQ%7Q9y8O@U%z3WFe7>Bxe%H~hja|sb|SI?8R9sNlK
zqEBZr{@CjCJH7sw8$^&O`UvuBXUFrsYvcF##j!eBGQ}2_VRWx%^{B>%t>Pzq7@A@K
z^ES<FkcQ;)v*7?Vos>3pd*jy%2SrgYSNyYBlL}>Kvyuq58#-cQ<GLdQ?ouYTlA~iS
zUTWg`u9tN0pVdLuyP&}=g-hH9Y_@H%-{<57ztf+wMb<Mahb&0tAj-hDt&uEc2rC^c
zZjK=`fzf+-Ef}PcjJF#530t6$lYgoBq${O%w{D3GTiy;yl|E&BN_$@CvOpkDQtjAW
zXe=Ix5wg^plF50h6_)}uO}TX{`s}2?Zqw=W`mAJJc0JN+704Sbo!YcBp9H+ot9$Jg
zpCxu*E*b)9qiXG11jg9RWbS6!Y$;%4#T)pBD+aRLI-Yk(%W{!CGN=MS8B2q(+QFO&
zmiq)hl^PFIR=W}ESO>Y3zwj?AkdV9<d8TPrVT2-7Iq@GKtyDz&PGJpQNe8KNg&kz9
zi|kQAFR5mex3fbSa@1)A#;EMIw-$%_J&V;eE~ZO!NG32&YE`EmbxsxhkLIxUVfp7|
zHzxU|wS2x%(R}$8Qhju?XXG#J_K9JNBXwQifosQByQ}^DBy3?wY#??i8w-ogF>8-~
zkEEmj9aVqkbGj|n=C|_0`%_oDCOr}fj0=*%B)kVMa^Z|QHC4grLMEmO!;}zBr@c!R
zPAZM1Ws_bmW{Hj5bz6uO%0rd6hntLqK9NXs6coigHnP(a18DTuOx?C%)+mA?$B4LI
z6nPvLd5mNXMpm4XmQ9)G{bPZQ)l`UXZfXC8HmPACG|nv$Q5?6GcvQ{v5s4&NOXB6D
zhc&kP3SmDybze3z$wAImA7g>dY&3!yz0LQJW{~GyAb}xvME2UrCkKYG$OvOzlg$Q3
zYX|NQjENUxyXozk!%}UYJdzBi5RpWNf9?KU!+&>w!bnMilj<xcTl0yBzqj}f^4ViO
z5cAR&t?a5T91et*-d^kMDQ4`VdW^6gig|Kjz1cVJcxWh|lPYCP5kX3}VYm4*8>CqV
zLrXP_4Vw3dF+QAjr6GC8IGsGU;A3Q53pLofscDx4cEQ~Kf(){9r=-^AeSDb;^sL52
ze|XH|$#~g!#y+vPyS6CZlLm8Oij#P0OM9=s(KyxA6OiM2MvxZxspA?eikOja>RM?^
zXQy{qjzPbGhdH5ZoD;I{^zf;~BW*we<*JrJFW`7uR}lKrfxm>!J%2{*wvPLaN%qi<
zeV1B;q&$KTp`H;KnUtNJ^bJD8o{%0@R54NE8Ul1rGb3pvojpT*EfP)T_j3q({qs<-
z&wHh73T?G7zBY#jeaj*GQUM0#JjrfA$(uL7Hi0vsh0_b;_Ld=SDLQCYVH%(!!236}
zV#yuJZN@?TDN7usx2OsSc$H$z={gh<s4e!kl>r|sg@K%e0cJe~ENzlonl{{JH_oxB
z0$v~BS}P#40xQ9y53h9TdNX$P(7%-zVgWa5BmdJYu$;jd`k+23LBf1|(jIcdlxu3D
zU%J5C8Zj15iAGj&c5gn>2RGw(7KpJpo9M?DkTt3{v=YSA);_YVh$bW@GcYy1L=%+a
z9P$>MXJ0;QY0__YF;mmEmgF$N3EqLXcp|nttIm+Pgui|XPjU%@s%U6zGAjyWCaViW
zvXdzgj<payB0dRp7a-Ac5SQ`%t@lH!46;EyR(f4aUI~z=`IjKD^TKes#%vqY%0)Na
zs3#7Z(!KaW1Mn>)^d--r=4>og9&rG;1X_7+Tq-Vpr4xwlib0M7EHYCTqkWD{P(AxL
znhOh>&OQ)nx5wqb!Dgs2SP-Rtvee*&ZK%U@iTdtpF5<iF@cEn~JTUUo3xjLbbb-*M
z3;$cV>#~LLa|l<;B~IXs@x`KXH?*T@FoyG??etlJB|PAl^<B)7@DlDFEgtkeEl#$A
z@&95AO~SfWd>xlrY!Xp%3En?(2|D3{SXbLC;r=KVdUA!98^8Nt0QV6FU-<ADJo;ZO
z5GAZ!WtE~Y1*1fCY>Pv>5<Nn=5(Z9SgfxBWq8QQhLPTuvA+0!9pyR#@=mHI1y?n7i
zk)<J0$B;#dK&d_%99aS((92?gFK5e(^TSA>8AwA?4Ry6N_hIC_`Lr-*8evY(<*{L9
zbJB~k=1}V#1h%l3UB&mgr~5Yt9{&RZbL?Tuu(P@6Gjgd^Q3JusqNk@X)$>?o?(nO(
z8swgCc_0#?`q4w&)cMPwp3GNPWk}n|L>AHB)938VYXqJfShUojP&#?=<_|N36Q`>B
z&qMo`{}7n&B~VLEr7)ZTRFMLYyFxJjpMtiNbDDEv4!u!B3DXAhC!_O%mEY5aw#UUt
z6fKu1%F+k<JrXy<YzNJ5$%_zsw(O{$%?;?GBeAvgQD}Z{d3*KBZ~9I?%TH0jb2Ny}
zo0MCtkahV}ZxVLxrKPym*ivEgsb-97+*3z`Y1JMS*F5_~PHe)y{qs-0nZ{m89s_vo
z0F2ThhAXQ>`()Qh3@DzP3C>yi^)9x@181GGF7RP=s;Xwnnv+QizsaO3e3w!VhuGg3
zOkh(SVNu~=z!d{+&+2F{NMdxVs!5tPv0xH~GETl!A)M-kp%Vv>aJg#7EJ`>So-ufE
zmn)uld-4-5hD|lu`@E}(twihSfmL(!h5EF%q(WFN#35O=3PWp?p#`DBm&|O%PPE#R
zDG3cGx@edev|0){SsSrtEw?F~F6k3HEY>C|j4^l7Fj@QRZTS$n`5Vuc!7!JPYMaaj
z=x2=JTFh#+T9!-(8-Voe0vOJPCZ3trh&h_gcIOQhMvhK~j3=v9+rsNAk1@{#uh&VP
ze~cK(%@ops8J?j(p_r7jYZ#(juKjGiiT~bgM+)MBHJgh4D!w@mi>*eYpFhyY<@>uN
zu$_Ipz~Rr0qBzF*-H~`krpFl`Lrkd9zk&+gSDD++KwwicBNZSG;n0^WUTL~J2m`YZ
z_+B}_#MO=-&D3e#Cx+teg378hZx>j_Jm5AM+Lln$bc09zO5RXuRHsokOsh`RF;b6~
ztD9~jRcQ6OTuy@8z-M7NkHmPkQJ;AJAp$&GbDJr?-<n-Z444d-;(E5z8>Uj>TzQI}
zU|x!*GP{1diNs@sA1znA4ZJyPTOaRSEdZC(MsPX`%=+oAZr}5BvEVN~J*_UcOaI|0
z!#PssP+&H~l!x$O&>yoOLKwLo<biE_P*1GJ((hq_9|iC8bJ1Yf32-TN&gFENO*Pq&
zm=~Qcma7(5Z1gAb;WSE>PP5S>N|ubtq>4&*drRLLAg?%fA*=|p$+3`sPUVgsPGo79
zf1$&Oa|%(0FPW1zaY%lO)I8_7hCXI+W`B8CRORgIdIjZNS6}a<@p3~;rL(iu<&mhA
zWpPih)MELqod|4$vRJ?}O6MH#JT+>jtzg%B<n7HjzVKEoRPW0st9%M-0&~ta_+tl$
zwPANfaN&9H48Jq%hmulS1?I(z@@BTCHe0QJgD99SE+CMEYqeO2>yEH3;94Hy?8hWV
zF*;k0j3<<}O;1#!E-y_WVzWgrp5_M2gwLHSt#44>9#6lEuu441VS)ziyDSMR*d0k-
z4~3S8oP`^WFxl`-lr>S~1d(f-yTBZIqb!|+^s)SWm>l4bXW}1;Y=(@0icY$b6?A70
zNW+X>+qsWJ%BN&z!N=S(#>s57toAmU!cH@j8Nx8+0+@m$%NrNZJ%oUFSKip#m+q7Q
z<I}q?|AJMp530aU#-P!kh@w!znWRjahD7#{fSnl->fg9Loc?Q-R>)ginQ&OTA(7qs
zhx*F@9Q^(!LO2_0O6enZ6OS<{Y(j0UN;<y2sW4iuC#$$6ok!Kr>_xdgD6Ig<>bkam
zc`g$t`tmH>&yFu>UVB;tzKjsYce?y>Q51@+#uRCs9^;Jdv9?O8qXXQqRUx%bTQBDe
zhsS2jj2-@d?&pd&KoxxiYm<zdxxA<#H>MVI_K&wHi*hkz^3fA?Bl7Q~_9x$tcU6tk
zhYZ*qZ_j5o;!ovsvEbaX$%gkNUl6f*fKfl5k#7x33Rp=Zs4s-Ru-+cRx(oSf9dSIg
z)9qajGoWyzJ}u*4Xtz4-X5pMTQ`|KA-=#-R1C2Q@*si~gx{t4~rVx6Fi_+;@jOsDy
zqp^~N5frRRJSvOOapl<cF$5*!a$GTJysubG)36&7Pl?O^2OG9=V;nJ1HnJBxr)^#Y
zHgcMM(<8!@Ge_!`IuV)1he~IOVH3Md@(N70?CgpiOul^C8ibp2YhaRTMtB|E0M}Ro
z*E!8FI~XaB3~*#^ZfI>kv?g_dD2rY*wrR)G`dX~W+bIi4Y-?a>VlsK~*=w{Y1eq&4
zKYPZ6K6BvM^>aP}rS~7CYDrP6UZzWctp3aqV%h)Ti~CH<C}h{uVOJGnJnC48R#k<C
z<*K|QAeJf!LRhfNG@4Tg$AG9K$yNik-RbmOITK`rVAA7kC1xbtl1dymNkzp}84-g{
z9#$e7Ji>%9COA8l;+WXBynL%Dk5pu|+m+O2v+7{UqZC#5e1fpEnOx~5*Cffy6$`U2
zR9|OjzsFtzCXEs77Rstq9Eyt^DEacysKQ`s4M{fgqVER_532#kkCRqKR5VfJ|0a?4
zumGkRat+a2Uh1^^WQ`|j$4nF&m}0?;w!(Qq1~`ndE5!ZBWgc@}{jTHZbUI;{wQupc
z&rL96JdvSavbA*4(<f`W9W@%Avt6i60uL;#Y=<%JEe7rUp2eu|St9#1mXGX!|D9&X
z2d&~znB2X9oj%p%rGv9f%Qq4UoC{LG;<B^hbZAb{tRwd;x#9YWf5kMMYCXTdKxfd)
zGU~-dh-<lw*4!axI_U8lPkRky5E_d^HniAPI<4jWayaKnxxU!ssgl7N_OOe6EU;;<
zbXW25QWQ$biJb@4NE!6;>in|mbtG;>_Ynf<T_A!!SO6U-m&Wv@%eJl+eJ>u;l|+Q+
zVuz8THivwcL5898E&2V)XjKX`9s5|fJrtDVM-sMK)0JDPQEbxhwr;AiR0z2f0#*>I
z(T!xa`Az{T5!UXQS}>tC>bdP5Paf{5F+Pczi|ZYZn7viGPd(oXYsv&;I1^ek^fEu#
zP8Y>gZBiQhl9Xui!Z2Z0g0KY1-lDBU5p<wIPaBl@W7o9qYe9-u@$|>P7t)dSvm4bO
zG(P*;{xCeM=|`X{<9JFy&YQ#yW~XX4h+wnj+(&4|`Z*F9zA(<`@RXwygqLlK>_pi6
z>DA;^P&J!tY0RAa+g!5?JQd##JICuqvoQa7OSWS4I1@ir{ovsQDbS3a*hOKp6MXAW
z3la5irr5gGLW{D=ApLZ=nutHr1dHXh$ut~<y8aV2($V?S6s<bjmX#+QFPbR!!Ud8G
z?EHq)aENK@)={*1^mFGuXF?sg$ynyGc65UVE~&Zhglbn{XyP6lkfx+{NzFASL?%tj
zwqmyn+n3CAE1ohGA&=uah_rnT2rWab%eFXUW`PDCv;GH%NtFd%I}Jal8&o6vcKTy$
zNWWrQP4AnTc5va*>RU3r+zqFmy*{;#+@0vK%`rv{khq`<+VDxZFGOt>R!CIlqTrNT
zVFYjnt{f4(?jFcOW3j<lW+h9F22*iik;=Cf6j3d^G*A+vth~u#gk|O@7K}L&7@Y`<
z<3B@+sRY1;a{MKZu8$2yc|FHbf}y1kUz0waA9N&`AW*Im#=R3GZfCSIXv;#mvO8^a
zWM~X2IKq$$1QP&fhpl$^6vJVtKENT4ve@U(b6I51aZt149C<pF{V8jYDw}~2v|+wd
z3IlB0SqGZKB2DI3pPII`OJOIkkQoTqA<NdiFRxUglbHs~Ub3a%A9IYldQK4-$y)lq
zuMvEaI{Ia^ffTMhF=JncGk4yJh25U)?1K#!uQU^P(Q^(gfPs_Co6Ni&i`x(srsSs7
zOf9NX!$awIE)9GeTyirH)?8C+8gk1*l3Ucp2ZMZ2I76sJ=}Em=MP94ah0CW)U<54F
z%9ajB9Nw_#%W0u#RK(c2@A+T9bBcjRA6qpT$qF;yEnfUT@0)yy9xZF*=2kdxTcv*`
zTAJBVXf@lVpjdq38paf7NB6zD7aQa9EMbhp^7vP_#+IP1qK7|-a%sw?5Sj<N)8LrC
zn%5W(D$WANsh%fNO256uGWO7PU<M2cl6)K!+;*fjRFmZy$zRENogME9&j&rrGa{1C
zZ026e{NMq9hp*Bf#bWP*rPg!_vToPzP6_ORk3c(%V7=uT86#<4z4o<da2hmm+OfrK
z8M2lr)oBx^K$)+dnwXR0#mmJDC5c^@{DVj?71WKWC5~Nae}N}l=%dZ{@;?p$ra{Gt
zm7uhB9k^R#4qtZ)xVjvGD{tmjpjyHxk$M&tC+s^lrb)drQ&4~uxYi<1uRsJ@+Gp4z
z86&v)Rnmq&Wb$*SJcI;^pwg$yWts>i;NVHhVdKxDn79jfRD|or!odx<=vS9b$!-kJ
zR892Dr87$w^jP$Nf)xeYdM<PZr$O_<)3O3zfa3Rd*RKmDat^u8yy5w?ZH&3(y~R|i
z-`gvNL%asB@xLOc6&Z4yImLKEk;6O`b8-t&CvW5-)v>MG7CAXzsbn2{i#NT8M{fbL
z<q^(aA`$9f*BcRq&%<&ldh*98f!ZzevIYdU0(W(Jt-MUD7Tu(c;6qQj_1G9dX?et1
z*wV!7$KMTg4pjqO2z5VU_A(webrgjoZVi)?cCSjv5(#-UZ^1&z&n@5<5GVoH$NSxB
zzBgjaVf+=}<ZMp8A_7Imvt8%O039=V+A}%5JAW0gkc*#S*xcj)>AYK1$@M@J@>}>E
z=}V8d8Xm@Bl`6RDEI8b2X^C!dE;OD#lYKHVnOa_xM7jl5IUC}Oc~1q@0=yU(9aBxx
zE`6f5ZTxi!UOIGP^v;&$x%n*R!Wl+u^ZR5j?<s+=gETRgI;NeZU3%;2XC8fR^C;{V
zJT6=gZANZ~1;_T?h<Q=hRoyG*Y=sk3PHl(?{P3u4+d}yC-jL;(vKV*rrHo-Dfv+@n
z)0KUVvVhne*(#+(+D8?U@Wh6!D8(H-U5`;{Ak0%=Y?vK>U%Hy@*LA<QuT+y2H@aIJ
z#W2Kh>+Ool&3o6<`CEHMFg)BEjuk5`mX{#uP8}>NjbM~+^%FG9MP<FTyt?;<7#Fk>
zDi9r$Ta)MgA{a%IT<K(`*oOYr7-zY#z$bc0D2It)vo_rZN!5@}-4uA9p=A=%ttc9q
zfbzWTc~#83B?3<f7J~_pMP2ubq8?HjC}ur|L2xLwFyE*%I%NdH5lj&j0^&>%>?Ed&
zpdEQEL`RpS$x9P~I;}SU6J1!WBjl!>GL`~4X|kNVScPd8C4)sF=oKqQzB(l`R*E9b
zw=tv<rGy$1e`Vp^(&L=&W(zu3qZ~Tv)E=<7D;=KCrAG>&BJTy~xAzY2DqP&=fWxx`
zE{1+<_LH!lwfj@Da*#)#obCJAnObkCt*9aGW)+gFGO9l`*0<-%q0EPtnRa`4!3H-V
z4U9IXklV!?2ZnEVH<ze4OfhF7<!ms&RBWy`HT0@rm^ohHULv~ADRwZtI9X;=d*$|J
zhgbpMM4LSu+g;es8Ns!9f3UR?ZmbYnW7Y`(Z93oo#lABvRAnouPwg{w+guF#dkiJP
zyfe|$7GDuOuhnXKz}qp?dR(CpIU$Jgxpu%YshdoKFw^e9vXL40kw05%%0LQ537xE+
z^{(%AW`{YEe=xPWDvkaw@E9$N`rEx!OMj7_x!YsT2*w?2%q%IaswG$t`TH6o#v*ke
zC|XJRuEFvl;%H6ctIjShfrK5bz<f91O<swHv|NyHL9s1wTE<62*$f%785EI^7p5`W
ztxoEcqXv<Qxa|q?x$6z!=^~imxy^33sG!?PkHIF?-3XYf_-E~AV>f20suwIp_!6hN
zbLt{~Xm!~XOlS2}(E1u?liNB?$e(v~Pd1kBcCXim@&*xX-x7X<-4u<lnQU0U-kQO#
zJ8gfp>Ukr4@YVF2jha`$(-co`!}Gtar`Ct^XUQ1PWYzCZhoj%+IY*2om1<SXc96AH
zxeRETm4=!_z--A+QeE@)pzqkfwWI6TQZekV?!Lyrx#WqJA=QcRzH6Pw3*J%KnyD1S
zDAS#)efKxrkUrFkIywp)XOp=Vnmv|*N6?8rt}5H^{0Xd;VUKr>Yp1^|QSo{zQ`iu9
zSk3Zn416ArmV{M^O(e=0g^B+sl$NbqBn@66QkQknGh{-|8*#fp*ztr+b`e@WVdctX
z&Ps?xn5bsLDK$+W6kwYXqWAx&!nt_X9`EZGVjI8TTNI=DSk-Q;fV+v|;Mh$qjFS`~
zEQAQgPFz++6dbP8h0%d1ul7ACM<i+wsya`9R#^=yvm^mLy6@=kp1?vRQ&9`Uye&3D
znb$68ETI+Jv*k5pxtyCJhQn&Jy;$997J(JE!hxN?pPE@qt$r9MHbSIiYvR4FO!Vwn
zl}@)o^eQm{JkMgTHRfTQr67bTgVy{=GsA2)j?<e<aGuiq{xQI~odegG8NMSf0Mj)N
z)|Fw9Iq6V6=BgC*iSN`m;sQBovq&LF<BAl;B<lN}KAg%Y>k{I06$8hcM8_kwoa0#}
zj0COlc)r|l<K+dMAt&xO%6Ta~94QQC$oayo{byORuO^IiSOlD4J7P#Mljzg^_6UMX
zjwmzO=xKa3HYkfcj)_-KyUY<e#uDS6!+@9anTEy*j_z9Sg#==zGew>A#_L*~Ud*H!
zsJE}60=XQQ1BVj=S@Kam+)QIr0?OxV?jWTz)_4^*q*I%L<Ko~+Ai$sR#r&rhU&F-?
zi1&Go^!EtYWe;B^8D%2~D+UeXzkQ+0Y>UwaS&a^0u!D!7S0qGOgs&<h-gV4N<!G88
zC^Tf9JDI^lR=uf$n6ZLfnW0=AkVqzQ?Xo0<bYZeY8<G^`SEFdyEMg+~%8(&lit{{#
zC8))iVERRq{)DcAaet<ROj<H{Jcd`M@_1E9zY)}nxWd0%yJY#*5yH+@)2m49#1RS;
zs1U~o+V53H5vZCkh0EWN3Z|;Q6gnaCf$$ecum%$Dd=snq%PX`m*?DV{L23oRC;ngR
zu{tlQk#0U@NbLU~rBhr)6%lbDiSN*blBi|t#2Bfj=oc&KL5vLw419T(UN_mgSEY!h
zg-eVj@ghaS*bzhx>XPY<s!?}N2A3H5X;RWHTcR^AY$H1X4+;@Bc6<kQVD8<({TSD7
z2{RNmSq1@X9LFoENXr6;<L$AHj?P6yn%HidMZ&s6QJ$N1oU1!_|6(z>T9KGyXY&+z
zHI^*4EX^pUZH`1Ivs{=kf{M6#8-9UOUsWhggx9l1_pp8~1*~yH8Jc8K^<I{gQU!EG
zPJU)92aYoyi0)ph{{)hWMb~e}I+}=yPHg(7H~<s?@c*i!PX$};t9Zvk0rCL=z=z|X
z{VxE(C+B~*Hva$k1>aF01ptBo1^@sk06$E3GO*SVD|nE!6C>$-wj5dkX%FL%fMW|F
z87CXR0!Mz>Q0k_NEkc#HEU16}QpgE?{OM!#7Dx*1fKZHK(7PZn)Gb?|wyA;t0L5Zc
z-t~Ti#_+I9!M=V7@`D!eg9gw_z|B~uc$LXL1YAiE*LaH%9l9Q}L&e!gZS~#{L9`r{
z*eIDTt7`!yxf=mz4u?+%Qxv}&1Ytj%`@<n9cB+_|eCY_#SmC=Eq9b?c!hB1z8M-a7
zzxHVI>0|6ZHYR};J`Xkj0C)}*4GmKxfM#d_9Oyo?&DbCw8U)Ra9k3=?0!g8ZZ4WK|
zeR63&`e!B<BagVKae^DY0$4$_Jy1?O0R&9;FI*qMmPVPX(1G!Tz}cx30yrO-ao<(}
zKMhLrIZocif`Rt{^>xekah=S}GV@(%G<4@kjwgWFnke1+>z@lM)u-x?`cEnJvz6=5
zrPbxy4h48sm0;Hh>>=*{;}%8DAJj1byazS~F?~wGNWW15P5&wm##KlxSQTa_X^>Qp
zd=(17<md&UYR8oy@R?HnfW@(*fRdA_KyU2@6$Esyt6)IlRfPsN?<fpl@!jZZDG0TO
zoIg|~wOAD;))W;jQIWzCYg23K^{N<hr@jv&EKiYeYt_x8L7jSD1Z71fRl2?EIT38<
z<I=#(jbJAaw?<CYJDO~e*F|oN+BLfz+N)J*j>0v(L__puK2<VYz^x@fZeCocnN#hF
zTy1K%imxtIj#^gF=;E^;m9%2Dk#p2O&BpV2<jSinDr?)WfSwEqhFzzF8KrZBh#~^V
zMdqbz4R26gO>R}g8H~DFhJYu^w1a%-{u0h?Q0Yp|x?(kZ;huCms76ITEsADn(Fpgx
z@fzo67Y4C1SF6^f#OF*4CF_|IP8LtzOP7+2Tu8u|c|jSzXg2l?Rodfzztztb<5+qX
z4`1z%;RiN{D<dn{#@DT=YiR43CZ~))EP9vj2Z{g7Rrp$#08x?^RnraAvK@xyctMn8
zB^Fn;L{c|QD`h)r*Yh*kT)t2&l`GX+z0qt<v^(8ie;`IAQkh(#RH-#uoxZ?OXe=r=
znM+E`$}22Zo86I8r7G2GIMu3CuR)_G&04s)wQA$h&dZm?*W>JP2Grk5Pq6Q6$f^q5
zS0QK&Y@LFK12C6pA~mGh`3DxGFM5!>D;$C<wTJ2iNrF<6+$=_krszXUbfaNNicwlG
zqOZxKa_`@-^YBE9l-LapL1S?17!DUYl4uguPGRRCT#UZxLGJEw2&&YaOIiq$1f?Xo
zS&R}*(TA4kM#GR4qqJVwnq;5zol}x{Pp991(9eH$cf>aR-+t!%pB2<o_g6mgjj4P-
n@4lfA=c5w3=3|fW#OwX(cyT-K5G(fH$@tZMu}0*-3;+NC-&hz(

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..de24d9493d2349d27ce84c844698c654a02ee960
GIT binary patch
literal 32720
zcmV)IK)k<qPew8T0RR910DsT`6aWAK0X%E~0DoNo0RR9100000000000000000000
z0000Qgb^FBG#qk2NLE2ogn0&FKT}jeRDmidG60AwFLV(I3W2^%ftxrBhDrc1g0)xy
zHUcCAjSvJN1&9C#pLz@jTP!AV1l4QjasfJT8-~^^J(#VSZj<8fR&gQ%=!`@N8wUUp
z`DEGu|NnVOB@Rn_leE19nECBNIYLC3RD$8Cx<<zwwPa!~6g4xqg!Zbah_HL#v&<rp
zP!Bg~_9_}?8X2ORBIrnrK#EAk+SRM0qa-?_AyHDWs7>J=T_%JgVyu}sG0bMJ^X=WA
z$vzW4%x>>GPM)0c*IYg)5H01AoXD3yN`^1^(WB*J??Alf8Kk*D_gG|;osA-bF6qz+
z<^1cZhBugB;<gm+lCo)L$XUm@az<58T7mXy{Y>-PyqdYSyr(#@dS6$hADbDknB7Hy
zJ3U0odh!qdwo32&)zb@HVwe>n#xfCPfD{o#juaW`<Z`-oK-+2-Oq6O_U|FK1C2DC2
z3nS0$S1%g%zQWJ;yTd~mo}XKf82kS($QrS+0Hii*8>^%@Vxvls5)tu46cDg5=@dl8
zpse%6x;rE4JfqIj_W#>2y)S^Es6Z?n&@NBH3-sngV1j?bs7k7`M%3uIqV3t?-_80z
zgv3uolmxtJDJ_+mS=A@*!*a#mm#VGn?TELXmID90f8sr_AO&e%oBX7<*?<NrAA)c0
zb2j+^xJO_~bAcV9WL=ec=PHz_Cxw}sTW6u|I<b*=q&DiZs3PVs19(>dsYbgyTJj*w
zy-(>bAMl>=X5m>3JE)vAO&UOLP^#j>6?wgyw}3<lLmccMb@tQ~+m<O#c;FK(;Q?cN
zTr}6s`ft@8R$DYc_<<(_nK+4KAX#D@Fc`1HHRY_pYO<1GK&mhx$S3ze*HB5Ty-mE1
zKb2V!3bprLd+9Fy#76$tP(daIJE7+%hp1d;RvIV{A3s!f!WzBUW%Fry#Mh~&O<wqN
zO_ADNdjuf>f+hrx?5e6o(tZ1EoEbiyd2nWsJZI9`ba0|xE&)JL@!DiYN4Xf5hi@kb
z_TNPThB^MIZW|1D103%EO0~Q;2z&~hSiq#;+O^$uEN5)GPjJphKi_<e0LUITliUDB
zsT!oDA}GFXKw%3IIRlc?dH^(-hMGuuLgXwr%ifp@RBCcG-j*~0n?lltkgiVYo~hk@
zIQn$+Jss|T{%h(dm0YfNc$dNh;FV5j2$A0Ec~@FVmb+y6a=vb-SM7Rb75k_322eUp
zSfwnG9SaPAp#d<%Lr{45|I6ezcXw0h4`8@dkSI<|eJ9j9md>%TF0E-qJpTVrOR1io
z?rwLR-IQARf8(?ww+dkJSkj-SdE4byx^{g|Mw4_jE)AMFEGMWmKtcmhh2bGE0H7cY
zkAuh>h-AUx1_uv7@B2$dz62Q)Cv~vHuoVfX<J41MA)2qBZ&qo=m!=#>n2j)IQH0oY
zbi#33`^*3PY5m%gZS`r2u~7{umm-j8=Dd%uX`livm7HF?v4@Xz>~-}HhHG5?vu@)W
zs{{su1mgrT#@*b#@)t6e>Fz;{Po&F1N5w-y*{fEKj*ZKTh%E^+okgtt)L{x>BXETA
zL@6{1)ht$zY|{!YS?Q1}$7--)hjX>MSf|VN*)+Ou8bZe{3AdSA_aNauGamAXXDxW%
zU*2%VyKec|9iO`I3y*!{m0!K_yU%entd&azil{<W60Iq9RO@_Jmvg$2&)tZ4NSOFY
zz|Q*>0sZ0hf&JyYa{2k`HSh5_92_Rsp0@}@{+wr%ji;P=D@*5$H`ckk_O|}6PTQgz
zBFet)JB$%2rxvrB!=(r;=MvIt-$&g?J4QdjjKo-RuDMp%8hXQAv-)u!Px2_P<qsOs
z*5|$khHK~0YPTo>;Jn-P@Sxr7&#VCC-PqDRs32d&Gi`vs-Mcgk`1_%idB7n-g5WUu
zK8K(LNgE$YexwN?3V^)v8`Spd(JOZ@{z0gpr$0nz(EpdA5&lpls`IM1FkjleMwc4r
zEa>)ru=#i4KHyXUF+8TXPCk}TdbJn5WXn8W-f4g0l0Bq%XJFo0qW+DhRI9dM9@AfP
zo&&bxZHd(~_gzYJ+NTazw4-e&J-E~I(p_K)5bafqSRwatd-Ky@!I+QTqSynZuHiH7
zwp}asuqJRlf%P~q8?Nz5?cgUY?H1}K=RRdG*t;bsNmX-yJ{i(3-@X++r&`MCC7Z9`
zv+nZFPsqV|5pS6b8p=NP&^`Ch#en(rv4p+R_iMLFuxB#k<TFNdwG{S3adw9DZ$ocL
zUf<tsWO@}g=6@X(D!sGfZ(Gv$?ra;Xz4XDeS)erzdeysL%IaGiq8nr<m%qb4nokV_
zTfcg6js`UM_ilv&zRN~KK3ee78VAhtmm0g068i|=tBl$~wn$3=#FKh)O7E1XvSZ5+
zkC<N)tPQnPqjmE6R=!~&<h{Esmrt(MzvGuxGwhG(IeQ5+lYPUZQj2b!KX@Fu#(vI!
z^vmD*t=^yHxTEJ_dwx8XjasD_Mu=!S$q~`po!^`Z1UF{^%Q+ku;z-W+6m0*Do1XUa
zQg8%jN@0KBVVfW4yY(|WdQYELd;|``{M>T|d@>T|__JOBADz#xgT7chq?p^D>-CoI
zu_PYw2`%*imnNLza~pcnIuCGN;b7$bUwHjKNk@vdoxUg06UAIf`{xl@-=p>IJjBm0
zRIK;gLZjLiIyTNjdh?Teiaw&Z#`2b<3#4&$eR8BP7#=t}mOi%E*393$OeSnao1y25
zKefc8Ce;zS<iEVeb=b1{xZgS!$ohNQ+l#>VSQmAq3@DFyGHcYze)|mwytm&Lx++H7
zuj}E&nG4s7coN3)r>6>>?WL_or8U;7dfdu;d!5^`-HyMaL(ZE>qbAK-v})6?L#J!5
zyWyr=?zr!nR}r%3s4i#jJbClwFHkTdeEo~tzL~P^Cw?3@K0ybAzd%8PF|n|PRGcXp
zI<)-Xw&7M^R9a)Ls^yK#JKH8|(yT?RHtjleZnty+*fzym07RHj##K!h(l9OCaXr7U
zV}4l=fCv-HxT@(w8m47CuIG1@^Jnz{h%ljytC}vPVOqB1dVWU{z6U^r31wW>bRiAX
zvK`m+2iOe&07modg6jbgVL};KHC;%<v~0)q`~d&}0001>Y=rj!h%ljytC}vPVOqB1
zdj3+aA>n2~#)PRzApji7P*PUMW7H4?A(@TkfM}>(ETE8ZB07tjt#8I&0Vo}2mm#1*
z6Ps#O73kRbA9C3;Btd3@Y7uAN{E+!$bH~BqhlhtwK#D<5fhkldws0yTV#E@PmrZQ3
zLTbf+lb}MCY&9C>+iHgu8g*KwTc35tj9G8OgbgN5+30{7Tg_R}=(NA}y5Nct*W5AT
zp8NKD=&^&IdS%8NZyfi|7r*-!hL=K90p1Nu6>epg#KRm@dYM~RAL`}wOUE5Sj~)`j
zfTWHNNKgi&b0)9`H3pliKS4ec^hHa_{Wf)wj?{b7Qj#4*Mnb|4(oGstKte)Bx}xyi
zlq9d<L5yG+Ghsp}bdFDcYdU$yl%Rn&Tq}Hbh|=@hfbtF!cMlr)VLFx@(ER>wYGtaE
z>Y?(gauF&QfNlqY*h%n$({<W+9wHEIpecpmA|n%o^e~!VV<e&XA9|3#HY1>gcJy6{
z3`vH!s>s9Qc^xnx9iFW@fd=k;W&_I>#2_pi+DzbHrqSom6aOQDE1Z8uBF-o0`IziF
z6&h~CwaB*{Bff)u5c#p?tBY_ccm4<YT!O_RKT(dLp?()25G>S7c6gXhpav9_prtqP
zDZWPWX)LKakqlsDB8fs_jvG)i+V|_9_I_bx7I4N`rMjOgXz*mQjA<=$w<%M_==buE
zFX7u+4I<>sz0~*fe-V^#B^Lz9X+XZCS@-((a8V%>;goB9?~gYeZ6N<pKq_JN4^pkE
zM;N}CNRgDtxsq!&t)aJ!jy-VJy-j}_Y|BFOusniAv6v!(CzWYcqq;%esA<u*>e~!m
zhHmqKb<{rTUUDz{b_4xK7=PR932UdEaL$ProOYd!o1Al-3+`~)eQtip?T@(s8Lv;l
zn^W-B0w4eYC=LIWo0;x(oL?tRScFBh-z8FWUDNUj&YaSFE2DT~mYs_W(t;P<DG;!G
z=x>zF?S4sm3ds<=RKvtw$=BLSCtaaM$pI*Jqc@~vuYJs88G#eh9$|amkEJlob>*t`
z&hj0{hIYV?LB=l&o(o;swy1LL|K)K*t|oW+HRqrt`7k^O7=ZMZ)CB<Pcyr_h)PyrY
z`EpQALcuD6{}$(Wb~GSAi2Ub)^8i*CWjG#mJ`|vT&9Q*v=|LbWkbr~1z{zx9@jUaT
z0q{@ss^xwgivy}4B9Rg;R!RrZz;nPnaiY^S-8agj#U<lM`kD>;$F1v(m-Sonw{FdB
zTd^%u*$}d-9YDK2AIm8}>*(WWtMUg<V7RT0$-j;V7C-#}0x#6Hi{A@wdHTK1={DMq
z#E|}~=6{Em;y|%y&RUBKYpmB`n;w&<{N=J|{?)DRfuA?JLrPco4WoO|!%zt-N0q1^
zHK9(_izZ`K)Wn=v5Ld>UYq;&#be;F*6hU@H{S7tJSQG7Se>2U$ro|CK&d*+3!SCE{
zw|!2KC;n;h^;=X!H_Xo%2;GSujMkts6i0PvEn0_q&~Q}5_?Q^;Vp*)b&A091e}6(>
zgSS84o~Am~oVDmfyu$<U)eXAE+|ac|D;s|YfCJyZhX=l_msBkLAMYjZ0{?#6{jZ(<
zZ{NcA;k^L#-!1_<R;+z8EY*8dJgvk)FC-^=Ir@KS#!dMQ?H5is<GhP5yXv}|ZoBKH
zuPuf&1OpwKp#vEEU;ECFM|Sow=Ye4#t`CU+3vdHHn_xFGbQ=@<n3`f_4+{raI>^;=
z_U1S{%FQ1f%yV}Z)oGso<l!7&mwCH@?GC0}{9VIxTM&->cpiC7=qa)1M4plOhr%ln
z-ih*2qz~SU^+ig$=<!Wb0G=Hdv*9rl4ojI?p0(1flw_eYC#xf<$kFD!t<OVEZZ_qm
zE}D%kvMsvC0yXK5S8sxP;+N<bct=!iv6!<pLqO(V;ne=8?;3xjIpd-9P@uR8)-5tZ
zqtvy~uIJ<k7smv+F4#>P-zBGmxeT$8v2{_@=dLUpYjS4bI*zn{$PU2{KXnws*j`o+
zu`!M01ft&&9Ja_`{9NJVqChuDy&(5es5hehN9B_kpJfJNA{Zm-V>ms`XQVI_E3#Fd
zou!#umZg>1Tbrw@h#K;-Ax}H<w>3Z8V`wf&U&2~rYAINIY@Kn0iWEU3MwoDN@!~{@
z7Ml*Rmo5YcgmU-=or=E<PXB8f*N%~@?Tg%cCRuYOX#F6pgDM666wtwyH66~qhg5z5
zVuw}{KiaUvs*K-j=<qDE7<*{w^C8o%k^cY=I~l-Huid!&*@3O!+Mhj;mZ{r#c-aY}
z6kiwVMKqT!PFIkm<f`JAC8zS5ZslA`x3YcJ=$x|I87ot^r4~<}*VB@1SzlCR86(|Z
zZ)IHFyMQV0_-RE?XRL)|(XT=z$j?QF_(`#(CqILXtm8+TnM6ic%Uq4WMa`?M#)XG>
z@iv}PR3S1x6E?cR0Oc}0k&7UgILY&9s{4gg@rDn?6^>k&tJmt>IW8IKCR8~hPOSB$
zCUH-9=yn@PW3%R@ZX5QU98RC~#dDoI5=Noifr5;kz&3TSjvw8Fg)D>|ydPp&)`Uu2
z1X=<#U>ZOeuw2mM^qCyX_KZd6`&b$ewTfxB0u6j>vWXsTV1o@T$ArW*|4U@;F*J*R
zAxprsRtttVWs@h+FvlAl+9vhS6<S(EhGMf#`RSq5!WQd?=01nJT}6U^FP7QiBpB1`
zY#=?Z=(w+m{4^963J(K=B@r<N>Bn8NAbVhuV@*Ve71A$mg+XF{fXP*iYK$hP#yi5l
z5GeTH4-t(BV>A&VSna7`&_9MFqg~-Ghub!G#WvbH27lnmG<5EGa&<NV@6Z(J61cd3
z_U`}v?CUCG<;-c7`6`eF3PU}27C1RRp#pJ&n>OupJ-LIeLRE0c$2VgA#LiLR2Xo*v
zShfn((aA+O<ga+ZaAWjG_&|mjF9}7LVej)mgpS4tGCqMwiq{u~FoLTS-~onz{SD?0
zT3&<=F0|d|wrID=D<>G`cmeqHP{6IUPB1&e>X@1hFy2;COY(Fqge^g`hc}R><h;%W
zX+2A~rI7|iBq~~BNUN~jtv8%7V${WAf-FFf#&9)VA^Zi^T}-dZ^Uplhks{FMEe?TA
zutO(%)bnA!1zS3r#=QAkyZc!kRlT0`Ljw0YNqwzJbdG}bfTo(JoTG<$B(GB;AR@bG
zmB`8b!3xnJZJ&|Qnne+dQWuOjmXI=`>ayb5wMr>~^?83>tqWXSK#KZ}@W$!{pV3W<
zFqy9e*IPo&KSr0#d<!RBK57DJC4K{zGpI*{13ab=D45TK%?y9BCOy1r^GS810l@8$
zc5ePuSmy<NBhsxudW41CiRU9hpprGFzv7>N!RJR9VxHam0}Iv)HqNLp1C9E3<##P>
z?fA{zE&BHyTttHWNs@?HzZlY9rxXz#9G3XHN39?wF-!yV!$}2Lh}J@Y8KOif6~>>i
zNb1IQ4@ULK>`_qaesW<b)h$m>Z~~vu)Ake=1CdRXWn32&`Ys|pku126@As)@Z|TUP
zGyKv(K|QI@s%|K>l(ReI#EQ{OnwugpLM1vCz#muirdN!qb$w?!R=l8+fKVRvAH)Dr
zb10y*Ey%&VKHg?2aoR7HL<VNB422q8`Tlh9a&d=b5eUi$K20@r`{y?6y0Xc7%a~X=
zPsVzP(WG(r?CP<0eAg3}s*WBEmzUJPU+4++rrdCrhWn8y>j%ozTEzftEy|}e3x=mF
z^BFW5;(P+pu6iy-7|xDrIbxX;mGMR4-=9WtEy#P}+{s5YRhv$Zx`G?%fJqT}y@SZQ
zV`aS&@=dSt;Uc%#V0}JFonDRkjN6@QtrcP3&qv+ni@d^D?~Bj->qP;=)^82?Z?+za
zBF=6t^E<&GqW6HgFvlEoxQoQd6?>WJezVySo#lv=ySXs)!*P!1KVLC=Df9$+fYC&d
zLch*?{~WOSBxroh=rH`7wFYIQO(#`)-wm?VqqZqKI$NTjCox3~9n;QUwi88dWx+^}
zT#*BtvwZlLeKzk~f~T0q>YTCl$sxQ8{i|N;^e`u)l6q85&&!wAwlfQWX7n%ywk>4i
z+34%1>c>eabz|K#SzGB<EaZcm@*dDvq-5=k)kIW2Oy~f=xJA_*9|;4j=@wS2n0T1U
zj^*YWKB?>`R8<xpB0vPLi2ppD;enfJ44@0^E2ZP}5mY8T2Ei0$mbXS6S!)u~ZJ_^H
z#@{wSyro;4W)<0GYvUYvk8mvBfJ<T^cxq0?gU6;Wfz`3Ivp0hTUqWd3)#=Y`qa&Ft
zF`FM8t9~n72ylxlba*QJ{OQ&4_PVd}02Q$Q&$4y&>oV40oESkL2p&EGu-3&ARIrj_
zV*?PVVSOxR6jDtSBlSsbN2{mBwDo!-*fo`uiTGTylopFr<jj+kTNduXE1vH#r8Q48
zuXJ3Cp%TW*gV^m-ZFSdnxZ;ZLmA%rEMBs&*d=*bP<7F03=H0QW1?Oo)mReX4O#CU5
z`#R;!W>K5M==CpIy(BtWY{sk?d=YPTn`btkLvWqrz2#|kc+FP3*Db(Ub_YY={Utre
zV9MC=HA*dBb{G>Q;dE>4N4H4e8g{0uS~%Mtr(315He2c%T0QF>Tk~s@n6=!o7oM$i
z5JsMs(Sc7#BdA%Xn>1ubr<Fr4p<20SEd@>AvUWkDO7JU+i3v1)V!7<Z#5b|@#<yV>
zMzhx`<5G7B%l(`^asYoHJ^v=HamiB{rmPdEkBuH_=5wtoh_81q5*Qv&^lYs1ka1NW
z)*<J3%dON-)f$OCD2929@f^+g1RG^Xh<*cAx?Uh+_n~aEUM$O=Z2H?^ITX}F-t|4V
zed504$Oe*pG_Y>`1E%@U55+Po{q=}f9(nox=)*2Q<eC>&nw3L_tsr+HQNDuejBEVW
zZ7K?hp6aT+H-pr@8WL$@70>DA%ZXmz?z^<prt3$7?(;r6bNB%@lSHn=Gz=cS^0ZoB
z#T|Khq1-<Yj9y83a%5u%H0|F+)=FIUl@=!7XrZ%kcAtB|ExZ`NHbwuarjc6#6xZ42
z+Jg9et8A-#0=Nju4*57KbYTCS<jl^svwgjhc=q16Y|F9)Z+ByN@HX9K7+~KdyMcyo
z1SM&J;c^5y8_+yAJay<08FYhi>fS!pHu}Cn^E`!1CD{F8$0VBcO<_QJbEWu_l3~7;
zqq{Z6W$m^>4{hq@K8}ls{Kh_^hH#8ct>OjvJZ2h3rZMwbd_Gce`W{)Q1!5liwLZX%
zPnrqdKr1=ne{cP!uS4}2v9W{TE<A@_Lt+iHETNzp1A`hFWTT8w#M(>JsD2Slepn12
zhnE?|#w!w+CFegTeWle(6iTgF``GR6_yn0qoFI+A0)9iMZBWa43Zp62;o1^!nV^JH
zo5_|pUMMX|bz!TQ%UGK;GM@*yT&8BGxmK5+Z%o@~OcznWUhFw+gZunGI(Wz4akWQP
zOzdips0q@TqR36IBrXeWZ)$HI6K~F8itwKVEo^xuG6Fx=BLz;H>O>8#;PC+~(P1Ut
z$^_Ed2*Y+P-Hmo6D`<16G(Mt4E~$*SsY0fa=DI%5z`7^PBjZJ-PMNt)9oAhKO{odf
z7I=dV^pc&?@}A=P?p3scGN!VVHyu?CXMcF6wm0-`4M;QV-ETdPjKc5;augXw%prMX
z%5qDvf<nfS9?U3$jA8<A1*EM#%h)lWcZ-L#fvUmXL3ME!rtmZpS65S9s;2JMG2R^<
z!Ayi`Hp3OS8b4&Mb4;~?GCSMGxqz<JG0^F5yPxQIo;H`@RQrLc?m5U{{TAI4mYn?)
z=l%ioSRtgjN_+6Sne3)d5Yl8<S{d!QC9cVF1c9!Wu9E6X%}SBku^B0~J{tpd76X={
zV9Lc>A-Kt(;&12XFRq25R=EuLC?NG#b_D;1hMO4#C+qb|uoRVaW7;G&;s={~wU|*D
z_EFL{K<GhHf?KOEdgX5_2ZL>z;CEc6aFOI$W6Qb1BsH9jjf(`O=%o4>Sx-SUr8-Po
z<Sj{Fua<UKNUaG=m|skeUM6F0&TOt5Tpe{-pV3r5Jlp?z+b}c8KLyJ&l2~+grn_Ve
zB4zznd_`<nkA{aCORw#VI0bi*kv2H}LQ+Cls4^ie=>nh=K5@nhr{@_;MH4>baki5r
zJw1%akTRo;QcV*~G%<1yXUWGHJ34O(=~M<=u@0X(kmMW`97FOFdj;`%a(t?3hFMCu
znCc{W5N`u6M*An*yGJt>wfGELxTR;5DncTTRcfk`85o{MvXvTzRGK7@%PY*x`rQp4
z-;?3&++~aiQKox9L?B<3bPi9Kds5_nY#()^JHThPa{Uj|4p;rO{eXOTS!iCm3s2;n
zCFs@OZrWECmlYNjm91>AKOVjD%-@!WfLaWhl|OCuOkm*Qpr>8v)3)@OMsONd^Q=od
zjbJ(y?w!S8Iwbcuavp5-jsZtZ^NdLx)Ju#tY(hi(#qTAC?<L{^2wjWMUP(13T7Ele
z7goy+iZbX_fIntZ(ebCHK!1Et{!7t%TzzYj;sWVhtu=^2gYuBr!_}5km>I0XoTzsk
z4|dO2@RV32C(<}%hN9A{h(dHr%QG5v^WrfBJq7M=3h!cxKbK9Gn3q-`D|45p)x}uS
z{KZ6PC5wi%DQ`p$rs<2o0bH_ZY*!jDqd#=%Wi`(a8qfO!TFldG9DU8@IpHNIx^u{k
zyh_UgkJBwo%QGBx^WrmuyhI+PaNlfM5RXlfGJ5TewRBg63SqvP6)#gH1|H`eXx1tQ
z3LeE|5i`FAyF?2;{pg`S)Oa>JJ+UCxMPhE9aepwyTJ~J!uqdWbWg20EQKZEKV?vl3
z;#Z^yw2yCyaPlLC+PoHEWINAio<44`=h~jI$oQmdid6Q;PiLOrnZgKOf0TkMG&h;)
zSEx|>7Nq;l6QziMVB{fd@qEnp6p4UDS9((tdFk5x@WZ`L;HM|#)9vouKFTx%O(RF<
zvN^o7WzWT7Mj&Veqjcu=%(o{bS-}DMN<~0nI-9ph;z+YmF>t#u%ZSS`EEl!NlO7b#
zASW<U>8W{fWTBZ20B=nH#My(R1V_VIlq18;BBjJq_YhaL#DhUsdQr7pgS6EAII`H1
zvJ6)n%#8jTZ|^C|4)$N7R5FTESU~<4^mO|MJ}s!OJL+(_mA70O9ae+fOOpusDNMgS
zF~dG)bC|QQFimm~Q#7C4!`Uf0C9fD)X*^4tkQYu5^`gYF=c$%3dTLpNGsIqZU#x&z
zAgBdiDzo*#>_C3?^CjGrKt`6(*CDz+jNmP4*8Ifea@}a;X-DPber98(hCD4lMTepE
zAghDpG#L@}P!CEpGd>{$<V5V<^Res{HYZ3yCPuJa;oTiU$r1~d+Qe`J3$)!hOOa{F
z#3HgT9Y2#^cL+1m?8xpDgg)KQ!*ZpOHn7BJ?#zYCQ&sC&>UZ5ww1)TTw2ku@ATA^$
zXCq_6Bj(qd07X3SeJOlF@TmSLNF$fJq8^b^il_RdjO)I=T6ztEnsLj)qlEXWNxB|_
z7ltbz=-%0NoIvuQ|Ft2w8NVB(4O}Ne1mRN0{bRRcefLBzprINVGkr1nD9B}TOItCS
z7<*L+i>qMoHvFO$aOpy_OE_CijSMkI7*Sl;AupnD23T=BBlZN-oF|CdreRLoAyvnF
zT#e=>v-}Daf%cjJZkV%o?TSL3Ej(+Cu}5W#FAfGIWWE22=Q1n>p(clL;FI~4b8=E@
z5UCQIAZ_4Z!c%3vnNOqD;nFp7a}rnJO>;hJn>BqsZlR2aI{CSW+s>-ogLfXyILNhd
zVe$Rkom*~3nsN-kc(YO@;3wh3Cpk&{TqEMg%81&0Wo<+L#5CA)eFZG@Vc4J^M#)mP
zi@*;eP);F6uw0OK<EUUs`O^60FjPHt!h#d-=Z5u6;-dM0mOAa|YIWaRaa^W+c#<I5
zTlU{}utz8t{3p`xEdOYO7Z`$3H17*$524{EO8Xg`D}GmCFc@2A$L}_mp9wk+K~@-&
zTlX<B2!c`coOZnWG_wlqn}%DA+ytFw3zq`X5d^ODpFd;u$eDoS5u_d;02c%{_2ZR5
z$?$<U`_G-Wx_s?l=;IFJIxI8_8C-yzO4v`V`*x#*YJym5&p{kHu2f~g1A*=$?-9J8
zsY&^A4etGgJJp7o?oO-4XOJVzebq715#ng2G6~5JRX;Jn`6JV?iG><ohXe~=z~&)5
z4b3YmnB${K_5$D$R7S?pM#g@|MsyJT3wQ<%&A?VZ4{_Yg$J-8lkWRx@Z6<MeNtjY*
z8B7S$<(9tpaC~FchDvxELU%qc8$M>g=+g4|&fehsMyMXD%r-HCnxO1F6XVL47eqI|
z{8pL(58>(NcW_&<LVbS77^6(bxTq!^Tz=BY77DM}vK@btHyz9z{FWPy7%wj~kE#@H
zWONWyJvkJ+zeq4x2F=2S_o6|$iq}~XMO-V^q<g)+R|wBaQ%ljLy}(F7JR-ow@7$9`
zj&bl&<j5Es)6y85(hF1JqjnUl_V(vs)klOxf#K03i|`mIDZ_4~1{|a8_oz=S;<c}c
z3fDPBSTJuwV<wq)shabzwN-Al=Yz-_HZAP`o$rrf6?<#C+SzPg%O##{ymw)X(^AwB
zMWKCWO#eNdMxR|I0CR#J&y@G0P<j<;m~4KG=qKjPCdKA7)@8x7@S``YP6Fl15T^@P
zfca@!`Mz}5k=reu>F^PIkrD*ys(jh3c<1snqw>IZl(o0HR)l7Ws$Z8K<!0*5u#BjB
zBU&#1V0UWI|C9tOD34unofYsp(gmWy=fl#S>(Z&VkMF-!rl;EFQxeQFPMV&M#Ae{$
z*AoMq=m&BiBv=U~E8sC;POwzY?i>%IBO79gGN_<wU=8}~>6zenwP5Uv4Nc_13(z<g
zmfj!eb<cR3Pvk{t_)IsFU;&cKH)vH&&uTO(x$&I6oo-yBXSlb*KgFqU-NPM8TS1J3
z9B(=06Qy;zy}5M~$o3ba8zuKG)`v!Lnd|_Rd*SAR<^*TrTOj=^ew0F&V@UxnBtD0-
zv)?@0pe*)YR{eOUN3dzpu{5r4nyXI+PBVB^<rHq`Bb7^KQG$aIy8&o#@!l$RM-0L1
z5dvrNnpgva^b~sarQFc!qL94m^yEw~=Y>3T*m;lOS=eBw#NfnW@4$zZ>>aaN#Y5VG
z$9bVUrZaUm%Q(RTlIm|HMWqf+00}7QEIh5Y+~}JT71%pp+|7#Td#mUoDkRj?Ck5Vm
zI>)tLu0C2;Ib>IsO)AuE<S2b(U>%Bkf7B&GbE%}7HOF0igKt65pvGg33C+ea_*+eq
zk}j20w<gW`0goZ*0~W<NH3n+$AgSMDkO;J2BxVXTgRGOLdonaS{Ku-6CsOrHhwGn^
z;Vmxyg0#W(LNBq!OUtMSiyRhB;uaFum#rwS+H$xIj?3qp@}bn-V9ldMUfx3d*#kA@
zTF5b?Xl|#!(Wlz)DM_X$J&w!tk4;^~Ib6KE{fXSY5ov=p2jdf>!osu>+5_MTW>BSe
z-FS^N80J>_#A~bLnJFs0=yeTuvB3=^s}e#Y&z*JP?qpltknZylCeGx3IjHQR5Wj@Q
z-l32IVcDJaZ;1`-0Zpcr|9>C|7~Rhg|I=+Iy_d~6H}LP5?NQa2w4v48qE=SP4pTjO
z4D9@~vuJqUw@4e9L|L#LU&SN5HX>?#k@(;(;%`Ec;=u3>65ff=@3wA1LoIOP_=rv$
zZ7|$sL-_f31ePK052z*aj;~leOJ;73)ng+QG-n(AYz3Hj`{^SH^mTrdJ8i|06>(24
zmg8cMJ?xpdkz`@dF=SeP-+Kj~(W#Y4lO{Kjr6^9bd|_Z$vPQ)YEf=3i<0t%sr}j2B
zeeYDTfAt5XPcF8gVt_tIP4UhP8J{41?_*^1?b~83d?u);?;pqn?Ad+p9Z+=)O3|Ix
z*4TMllMXwu&)+||e=j|$V_1m3w?EilI}-mKhM&g+yJNH{)8hgN)Tf-32D(j6k8p7n
z+rpk28+tt}=M(y}1b?{{m4ie@3^a;1s6!hF1B9NQK|*~Yy3PPS3W<q|1>oX)TyT({
z_mC3o&pV<Q?2C%j$!V91^PH2@T=qURv$?61EY}$|Dvb~XyP`Z<jbZ3|IPg>XD^r0K
ze37i4rdh5tK(|<PJ7cXIPnbaysB}u+KrN|quv?`xH|42pMhXjasp;G8?KbV^V%<vK
zXs`;&E?k#kB_)lzBVW2`87M8A`r#4e^~dPe(@JJ`D#_(e%YL8MiBl?KaOD@D#6?z!
zZFf!%T|~B6#J?UK$!6G&-y||LY_P>lP4(@wuvGM4HD^&DI105VHI{H4AmxJH0g40n
zPgAWE7BSnl=cDRtz$$_n2f3*iNEv@Khfu=6P@oWXZ~)YaVk_gUPvhASn`k+c{YGSy
z=oQ##>ikP<{LR>fwj0`el1LR`w`W{{^cL4pExP=SI6R%70R4Gm;nk%|#r~@P6Q*LK
zxgo&}de^&c3(p6Eun{Dz%y@4aLb%|l7z0KRfe#1CQ!o(v1YY)k*fqeljg)8;QlHF8
z6B`s%dwNzE*wiK$*4u1ay9_AZZU~9SD(z?)Rk8H+vh+x*6Uj>e%G5hrTpfsBdU17>
zZ|^FINib226ws+l;^@nQoYj1N48H!-<Ji>ABHGSljU79-Q!lFC%Gk%3>S-}R=h1H5
z&%X5c=|^`OV$vFN{yV;&o(<ei>D#KTiL&j|s~79gSfdSJssQ{GbQ$^(b`JaSVt5b_
z7XMHm+bI^MZ_4=u!=G|efyj2}G4<lLfX<mm_bnJZ4mx7g^4}mvj0=Za(fVm36v7kw
zQK=$7n1>QA)!Q3ZVpN$i_?-R_e6}#Y=3#e5wPf2bN9#GZ;>ev@Sk{E$$(H!%Z~U3O
z(&ngC`f(bYA2U+u*bR2%{UbJ|HM>J!y0CkoG=_z?WB<(^ptqBvMzLTe;>3mXc=_A`
zdb?fR`0L?+ss*u-^>T68O}0q!)bAH9`FY!~m@}yNZMm_NDl>F5a666P5bIEP@v2m|
zooHRPtpHWe0~`KBw?d{A8H`vlHr$G&dP~Ln7@ok7N)`B}8ui6#0N?u38nj&^wgo|&
zaoz+T#|2yvg|xs>WB3LWhF|l8^|oo}YsH!pw~?hs`NMk${?O|B_AbXVh@3z8v_D9p
z<i-G;p+PBni?uao-qyGQr3QHqK3lSGnz6=D9KiX<<Bs+4yeU3JY#V~K;z9?n6Cyub
zp!tr2=&jQ|l@73_DOrW>pq!UlZc8P1<Qf(gQ;MG|9<##KOE)_(jFrzi;wlH3?cCHg
zPFi#x?`vkf(PIBz<9?P)cFE|@LUSc2j-zVl4s&3a64T(#F;>g%tU~U{HMuD_a;6td
z@y}Z=wRHT_x~$T54fgU|%KVPyRmS1cZx{3;;+l2y-`U(Y$4q7Jm}|UL3n|>$6mxTu
zr^oLcPUiDesNU8r{ZjBt-j6<0nNyW@xYj4ba8=gca{qokbfM%y4Xc7b3X=jpFCVF;
zl*;9jo%{qg$2HGej@*{xa>9S?Xm&==?jYCXrrfyIG_iBD%apaB&SzIdE@PE*{8K`u
zmQrp@mOHSy$UntPPD?H4{02tW(WR8i<am=*;8o3gh)69BDJ8?^YX7`!x$WN_MRq1+
zcaUpx-EZp2E|6UUE4;-&HBQozqnPBKeg{F0N+nrN$}PEuCGPT1ahF=E9P{9Qe=k@H
z8J8}ZkRkN*c+RUEyG>(LOxWzeSov%axOl%mFy?;d;My!aFA=~lI@>s#W7dkT<fF{<
z*|<oTOvsRo%E%;>dZc&-o!!?{h3g3-g$&B1bRop&)gr>LSx85D6<xh%UGJLBxcS~p
zm?0kEdmX_y^B~xelf9@tIU#k0V3(WPBlu<e{m=SXWgTYsNv5t{vhEo9=<6oAU*C3L
z)qMNXuKF+CbxCzaDUnjTTxQ|v$P~O~bN<@g3x|x$57O;VVP^e$Hh~PusE90LSCUlb
zK|MBPhgM|=6K}Y)D!;dLrnqLET&j$lEE8-i+m=5?B7IWG9>3AcY*3d{x=fBYN#z;c
zb5s*snh$#rnvKq4%025we=`*v0h?8i_A;g;g^WwTOvsQ7%RV`PA+_~`(^WzS<vV!T
z<q!5<y8LWu)}v=*$PflN<oEWk6w>ALw_Nj;|3ULc@Ycn4{Ez)w`Kk5)NUGK95NfDJ
zf5gh0-|p&vYX767$puV@K0~h;B0kD@0l$F{ydSvjW<b@TT|GDQHH)cts^jcklH`H=
z$N_C^>)2?3HBJC02)RnERd~GtoQXCL$yl?XMEmfxi}lel+_J)+W3{X*aX>IZ<Bk$e
zr?nCSi+wB_*oHIhF7^=yx)1Gx?lW~@)yL(47ovCns~ZQc<tDbdWqs??{YGl{+#hK3
zoS1FZBUo*MuvUdyiXpA0SV|RgMOQT>b90ocFRXN+=IU>hqN9=)mx%XUmw7=NwywK8
z;$49>+Ki39K8FvyANc%@<2dv-K5Nrqu_eo}CQYgpNzF+dOHHVcQ}IEWrrFrwU1&c;
z#|fu}#_I)@0GE^YZ%}e9v^$|j1#t7SXf(?l;ECp!emw!`gO*M?PFO%M<2C=pp@G(%
ztrHiF_b=5PY#R&<mQsmB!UCAkT|m2cb7+I7HX2Sz8-9Xg;ppy$zQBTuMUZ@c(h*;N
zj1>M4eSCM3Rqs??+{N1wv5=#Wkha#f?&>Y*5Yy^{MUdY4H~O&S6Dr5j?zF{(-6s}U
za6w@4`RAjudX;Twy1hV)RkZI|SCp@hhv5Ek-1Vx5KFq|2!|wakwT*A7373}jW?uG$
z7V*4QSt+!h(8Wb8ssjzU*ak4M+IJsC%1t&{TaM8-@~$sy+km$(s+d+RI4b4B+HJ@c
z)11IFec~}c38WDp@k?+)dgrb8ctTGKsJvPpZ!x-MSW`tw6=nKvIUgdVvimx$`pIlQ
zMGRubT2JF&;9!5<9=wqF0;c6SsjQJ(FK7`k6@XPT)<jxROP!=$4=^!}p{P~oU<7tP
z4;0?@<U{~%hEpHO*+wJ&7kug;ll$yly=n0lyDFA)F!elpH^P{X!2-)!Y(rA|$2lFP
zLrP4Xx{Xr1#{X|S`ODeLZAw@6<o8_Z4>Z63Hlhwol%AzjnTFctMb~V|Y;b+GezyKf
z{nPrl^k3=!Dy=}dq8KO%Djt=Gsz7Z){VKBzwixspOc|UsxNh(Q%|ZW(zK4DX=|R4b
z2#SRkL%%_rp>Aj|Yy!K&Iq*vO0sIm1KsZPwl8%%jbx12RjvPTQU_vkvm{H6;=5Ndc
z%m*wAYl)>`gR%YCA2>st6V4YW#Kqupa4T_}a9y}PxZiPCanEsI@mTySd;`7*zYqTh
z{u;g_{eJrB%$$A>{aX6{^cQD7p80hanPm&9FcSWMjxDC*P`r!T%ba5#X1+Q1_1wSn
zmGfe$Ax))+SR<^RtmCB%<np~jxh8MQ53nzmZ;>C{`^Mg{_WrZ4hcnAL#5qIxV&7l;
z%k~S@s`_i{gX+usKi&WP0rCN^_Rk02J9x2vv%xk}V`$th=o8EfK0NgE;Ung`=5^+S
z7H$o!J4L;sIniO!hIN&7xAp9i_m2|dtoZ$-KOWsaMn5KZy3Sci>G6KahsS?DUOd6{
zV(&q87+pb+^Un8f@TGpo|ET};$#+jVf;(lsvIj$u_rfF`gm=k%<@54fcxJ?nD$)7q
z%;@Uqp6IzVADsE=Oz|u;{&vNSXFop6@qTqhTuohxuKuo4SB>iu*VV3DUB42sL<gc5
zkw@G~945{Z{~~@){ELJp*^su9`bhgp3#9i+Ka#fH4BedEeBDHDGj4ynedhKj*???K
zb|;6Bo5^G3!{iGTA0>>EN?As!qnc7l)Ih3&I!!%G{h0bI4WTJ%Nwgwb6>TT&gFDLI
z(w*X7<X+{z(|yQ&+Joj1>v6$T<hgYbanV0s=X;~QcllKK8u(86@%;|d^XbnRC;H?4
z4+h`^wg$2SR|Z}VG6kuFT7r%R{Sd4V&JW%me1?fI!<gHcH&|v?9UILqWZw!Qg(QUZ
zhCJg0aaM7Ta=vlN+%WEX?lT^lm&M!6o96w`59g2ZFAB^BY(bV_Sn#jVL?{ui7XBqN
z6sbkyqF;A~_?aY9vO;oMYAsEa?vZ|!`O7k8TV->yuW~23OkN?M%|HM+DhJ?@Tno4s
zxcAx!I6zs%Mx>)TFS$7I99u=Zs!<+;Dib{Oj!VZqXSu{rgJV#L-N^i=g%O+)Phw0Q
zYcJTs@!@q^d;yb6u?y=5_2ND%-g`Mb@_*HVrX5*5>vC@CgBimh0jt$xT5G0;KByi8
zw^lx!g!`YM(<StD{f9!_e5e-0pR23ZFW2PXENTey3x4{|q9)c9%Aq`&OZLV1@P8r(
z_ZKj7*aJE4>7m1JuF4`IowHdZ9o6=m&?*Akjj~VQvozJs^2jnI@9k}1kGcR60)b(Q
z(~A9B7!njyXP{fNt)ZJTse`ujD#xECGB<A}70o(RsTR9h=+C%XgT3rCurX-WHy;Qi
z%=P%o-quQ&aK4~@CUJ7H{|f^wMQju``}3Hv)^3Neaf&hsARl(g?K-+Q+n0<-kH$44
ziTcsK0Pk>29fDVnZmgM))V}+gWC)?L9Z&%Qqtf<mU@^nv*h|+g`LVGh>T8n1M1TT#
zN08yWrnR?xVa^^s#&LJTXdm!Cr=?Qt^YvLH$uQ2R|3e-BZMu$>)4!X5<JK3vKkw2q
zgi*d{=ZN)7?T0>Zlhe}f!;6iu_!+tLHqgZL;UYQwfd&dbTl-*L^6xW2^uZTT5bJLa
z9>R`*Y)&}-TwRqO<u2YVMiWzHeqhmI5@;uvKn)gPgVS%?QA5??uH0)3RRYBM*@M}R
zF0}sP;h`R?rEwvsrs;dZuUqgdN!cC$*FnP7IbQ8Qp&(X~aL5~>=odyz7Y)W3We9VA
z!t{U{@6*Z&#7%UI1_?Hb6W)!F%thb`Ka|3*p0JJzBF1zRTt+{;n4E=XIdQ_@!XFg&
z(8k@eLm7^ldk=-+lY;F_F=Th|Bb4L_PV?<K!{g^kT`a<_)r;QNpnin_DTSC&ws0_&
z-U)Ljm_~owR$fI&-#J-F4Z2{;)=k*Z(o2H{0RyZ&or9^kkd_#B8>uC1kPr%ES(=bf
zTM}3`g%}VkgAgPkY9La#)hjGP<t0ErzQfglS2G<^SWCy6**ao5M1%Qebv0CUg?a-M
z4!IwX!aD7|rm9wloB3v4-luP9%PA9t%J~p5OM_A8J+xIZ`0Aw}{PkOTG2AxY@itI@
zABNN3VX8}={TcPqc8Lq)PzY0iJ&6s%%H>c|Uy)3!xN+PHd2As3>H&5HUP$&yCS@gR
zDS;^MO4>zW?eQuMvWrK55&@;N6i@%G2$pOEC_yKb2$V-FfX^Oo1ZPbctYu90yT|1H
zEkXM>99PlPh>fcxbbWDf86bBxW$3u!EwE$@z$rQjbG*3i!p>G1JQgmlm?Fkt8AVlE
zLBvX?$LeXG@F~m$<u6bU=?<>^2doV+P9=l(>FthXfzPkq(=l4fP)|#GCE><ohMjnj
zSb@&Nw;YC!BQ|4dPr<pn_Jwcle;cKeMxMj>mlh*RZq0{7+XtBEIf9!H&Pouk9D(w|
zxm;-k?r%)@!ZJi4vH}Y#w!Paa4WrisC%Y_@3D)|(Rlq^h>fp5hEpM9Ntom>iT<rft
z&eF#1KREEue!Hn2to3`VfDbpW4o-{S@}~KXGe3tbzz#8>Zv5pAk!q_DF|;v+4izZ*
z0!9vlFeTIuxI}GLuK5M&*;Fck^P?r>fpn0jZFocwFp;D12UTs{s*wRO>xCHOt~W-Z
zUPY4})0Aq8;HOvaNy<2a8{ClaNn8-DK(6PET7>8<1)=*~`)5LM_9CwCPe`_Ni+ae4
zNqw@@P4frC+D6T5-aCL>Tf_u0dHE32LtZ+9`s=?2T%R2r(SyNz7l-q5konth|NJho
z%V@VyhhU>;rR^>OX5oNsZ;f@9URthW3NtUsV!iAP$BNcY28or6SsF>6W+602a(us1
zYQk|3B-aWtDt&J1@+1R^f$2Dm74AeUi1D=u2He?Os-a!Wg$|C>qd})*O$;5DgS2EL
zV&FKvyOZ{6Jz0(Kh`<`nTs9riQdo3jV?jZ-@m8pcn#{BC*&~1-2fvw=yFf=?b2Mq}
z*5=~hx0SNnB28}wzYvDw?7{w}^fOV3aB6#`DYsrikIh`Ak}wNc1PA;GEr&QXuaGA;
z)3`Uvo2n2GwJ0xzhVmt;5qSEAc&vL)N-}WOK7%b%4|A6fC0@gj0ZDTi%xlKXJ-C|f
zP1SmMH*2Z#^+JD4p7elTKOa75yXl>D27dhI=*1${wwHe>@!*5d@rQkI68Ek$cF90+
ziqat2C<DhmB>ZI;4Q^YA$3BQAJM%uv#tn{r3Odr+uLs=qeKimCA+DwAWa=<^*UHM_
z=woMNR>Lz*^N`@kj-{abLCG2OF^<hBzs3IGS47|(&Z}n6ToZ|1jv?X|K495|?%Q%y
z5o?`a@g11MIbp<`oRa}k-L*7-#7hp@9_-}SelmAuH4C;sb{dE@Tzjqgr1{8MV1}ze
zBV5o|BKPygMg?G?nMe<ocxe1gvuue#@JE_`{xb)pp2NdXzM^vXYGQ_|L}H+t=IdI9
z1z`RU+XMr0$U+xaZ)&jD#&uL$n7hoao{M(c^}Ny=jeGTK0?ej;^s|!2N5n#F`RfuB
zX_1xNF(23Q<~r#(dD$U$f4;qC+(n1_yR%J$OG_iIO>r1dnSY<v(Seb@R!7~7gQ_GO
z^tsQY*gUWU!3FE$X&a@^AwAWLocDQ)T5;f3E5rk=wG$!&3i)|CiFDmLP@Paw%tz%%
zX&f6XygcM^WG)I9@LKBA@gyu+k`Hc1c7!3v8Y)`{<EopVPy4|8$)Z764gyWXa&TX6
z7?!*NW0N_dej|@2L`i!(>F&T8G_*{fajxN>90lRD3SH;)EaTc>Vb-?4aCbvob}mx?
z%Z`oVg{^ez|Dre?dw#4Xfq<NVd2+==U3SiO{5uk%hlZZx*?jn*wPv<d`le1A`S^p=
z9o<rwJpV`;8$aN`U7H8vDvUzf=c_*lwC8FwmTm9xBV{Atma}QT;s3b^a$f(c>$WT8
z54ZWe^8b;5N$YmjFH9IauX=fC_FEr>IhpTNG7-a%jrXtu`h1BW@cjYB4=~YTlmCFn
z1Er^;Kv|&dLk%e)jPkR{B$U2=HDaowyixT{=j&zKC<`T_90c@W5GHzbec-jKeD!#j
zj(I}Z)G$OeF{>{@AH-B9k*TkEkXC>|s}M){D{2zD;=jA|I}c|!y>qPPLu{wG_$%jF
z(xr>QjaDr7gOmz-F$>i;t`Kl!1=W84?}Q0c7o(ZN+><PQ%cYiEVv*lkL7D-JbUwUQ
zf8R%G>~(bkZdt76YjTl&cB_6P|1b*`n&D&oGN&ff$7sYzUUXKH2vfm0SqK(rgvOM7
zSTbEqvgNJu^Np%p5X7_qetXq=$v<BK7}A9}QoX3unM(_B;@4#J!;MseoUM1z){L^4
zn3OaaYD<QSNhLA7`{vE6CFdwk%iz<8uKm?7sTPnLr`}HA{=S{G77*jF7WMjvP@i6p
zZ3QE}p?M{fX}qHgGa%`c{s1?^6(C&mbnxY0^$ZnZ2Kau-q_7+Mp<kk{MKUXx&3U8k
ztOFf5`1(D-kRc<v&<#f$8Gi(v=<`ZC8>%iR=u@$_O0R7dadqe8wig`gz~R?#1F1|I
zKX5%czqpu2ZNRC%JtdtFm9u>k9HiUFLC4A-Q!-4kk+3Hy)*@Y6(Ok`ml+$}twSdiA
z&K1V{ezDNM7qRn;ETc;j5S*`z6>5PnO-x0nuP3%gjEd8p#ct%!CJ%=DNP9^7ASN>(
z0y!@@0!|Go>F`%t>P_jS0UqrG3Z&&7V0v;o&8xCh0Q1L|wmd-HZlQ`JCIon(FJFRL
z&SU}%<#G^PVj9CB%&jm{1tv=y^;S&-Z#do#@;#S!=~A|V>TD0q7@>Vc^KE|*WMUMl
z+Os04_}AQUB*{SIo>sE4=DI~CVkhH>SXSZnRUqpWgAwT-Z*p6T@Xaj~kZT;O^^KK_
zJO6e3M@#*wC_xhAIj&Um{cXF1V@2B($5N^!yZ%j3@iT>#Ha7C1a;2Y0iSydby@a!|
zlktoyhFo5EHh5GQgld2oFL{9ebxNWFcEPdk?%FI%6!9psELH5#4m6sU*&5VddM=Aq
zS+v4H27lD9rQW;;&8ckFYo0Pk1X72ExY;L`unlYV;SO>YEnrE8RrI_Aj6_aZB@OQp
z)fK!J8ArydIJPu_NNBLi36dzH>@#AwG3?^(UsUT&{$*_41~RRSeWSh;uB{Nm$+eaH
z!aZ!EK9}t8YLA$9V<0Hw{KXlJr)sk!y-Q(O6E5S7`0r9SU+ngI*U-#6HD(xg_vWkr
z{#ITAA8=mt^Wwo+CLXsL0xqe*@_Rt)4=!zafco`FsG@xOYNLu6+Jr&}I2JB&4em77
zC!K1oznhNfL@T=5Ft|Hl)HcrY5k`%N+PwjdKXSkhW7{LRwxwwGrPen#)(1T=of-hS
zTZOo|GO&yl+1e&*!VYj%8}V)u*HTM2td@HCMXSfjM><3pq8BG?BS?d#hJg^QvMF8Z
z>lzQkDmz$P&f2zfMp(xLoLxB36S0ec6U#=Vur9pQlB=zp^|V@oG;crGKOJg$=g!5M
zNe{#A5HXMsFB<UhMzphaavy5F@Q+m$i;g_VU{}_AE+gN5?#FI@j~x*A4ks02kY!uk
z7KloM1-!hhx6K)On)wvRl$YmmB9&juR)9jPe#T!qtc+=3#jjZ99q);99N#J>@-6uq
zCl8kr6GU11d)Y=vNPb>@faT6{+e0Ww`uOg}+cS>R7D?+AL;;C$mB(QT0z{$d9%Qvt
zqkqao)D*cIRW=CHUHdX%=@nw2jp*G|%VcLyV0LS%TZeI;lF%T{E;I1FKhteszxQrb
zi_UR!kA5Y<<nkd{6FkH37G-nmHI1z3?v=&a$k1&-@?+y85B$E}pQ|{Mz}Fy07wChT
zr>ky+=~7~AI``a{m2&sBBm-^r(WqFbZQJG7Qn6&9&@S39dsKjT=16s&*O>3LCx2n~
zYun7}b;B2C_OyDmI+n3earLiOTs&VuQcoe;$v=-aFNffKdS`*^(^yLC{ru_jFaP-q
zTijkx?eVmNL@wQWpk^C#=}HESnW{Q-{>;DGr`ZK~H&)s6Ji0D+<{|1+O!lki>jaA*
zVLOFr3>;@67On;@Bmm>ml0yIzTrvbd)Z5U*?IX+P!+kaMDx!u#tgzeLq(Q5l`m&35
zzM)vPk$c+uz9ZeXbM5e90c3RWW*#4FRyF7Tf_)*liUTzl`g4DXdPlK(*FYF@JevVg
ziqBxD|NG(xKF;uRR;3>wc}1EYs4qX?_`+`^3jwXa_1~{Nz&j81DxeMeS7?wFon!0P
zy<J0#2xE*x6-`G+mM+_-6Qx!q)vAsgX;~-Z3)$DZLR?baO1@Cc=Ux=b?eGD<9`=Ue
zTqZa?aJj$t=QYQzH~P?`b>_xkZFn|?HAzr)-2E)8;MK)?i}b^W_2#up|8@SK*1!Mn
z7k)Mm0^Gq5Ez+7T1#BVsjlv0PsND1Zn{*Y9_;41O>&V3!aBwz7y&b&omAlAFm<Ce*
zMAxp`qPW^H>BCA=Q!vc*;-7p)bck%>y*lT;(}V56C5x4%<%WZhuL72{gd`J#BXs6F
z60kUKc@PDWFR#V&-%KiuapG*Q$#_&j%<4QM0{>EwpGpWTuwrw|ah*6DsgbHgD+)DH
z8#YD~mI(_x#t~$yF>)gXmQ88{hmo)pT{+RH;l^yBV}v`78=$N;!?<>n3aBnTt4biO
zi|a^Ic>#q=<w1EVALdsyyVLQg6nkwL+}sJ@oPK=H#t2R?YYPi;7$w{mr=zi>(C>IG
z*I`t8+;A;52o2bkp+dwAWko}ILu2D<|Ffu|c+30ddC9JWdyiowC$>2#as_|0YVkn4
z`@n}6yc?L|X}Cd-0p1Z>4ufzF5AvwWK(_IAt{OWJ+qq>5ein6XU6!mk^>vkp8?)(9
z*OnY3A{Utt$ISKjQbi5s2F0xDA^2*5Ck4#8V;2&3N>ddkop0D{<>}x~iMvRx(H1gr
zwq;;*cQ(Aw>tohf9zg9Xvbbo7t#S{*bo~R#a)UUNMXt?|3B~e;hDTF7qC&T30j|i>
zeo~^P(~M4AH7r1?r#jEHT746IE$O(MYOz##O!Hicq((5r(5C=2o7&z8RW6+gzZOxC
z&Z{5PY8JscfzI#tHeptPnu9_gdM^;fY#?dGMQY%sk!waK1fj(7l%-B!P^)A!WWpH!
zd>iZNFo5bZ+0G~Y1WSW3tYd+S`UNT1jf~7c8rjwzDeflQEw)lpZjtc)(Bg))o>(S8
zIGeh|&{f{l;nxeWyXafhKm3@=!Fird`eBjSVrF(yyg0PgH(if?&sR$Z8d`$>g6zv7
z1JBpj;jSO_j;{E8Q3nuUod<6u2Ew9Iq{o5&r>97@Mw*sJiqP?9VW3lnt8QhuBZ|i@
zu8J93^IVw{E(~U3Z%~<WF=l987BU*c8zreG=^%Sl*hw;9SgN8kwtic_MQJL)`e00i
z9ri{wVX?bDc`!c$RbZ2-h5K<|9je*dsOMmK4qRus3fmr`w&zE3qu-G)<!{Xow?Yjc
z7n1$2e+M0E$P$u6xFv++5CQ|gYvuCtV@G4>IJE5-MKInwf@B!8Yp<F6wBMX%=>?&>
zj@MItrXn+xu(zBfI~d06XH4k;Vcgc44(J~S!HYe-PWTujBUhIG@E{k;+e&4aLyW;Z
zf6FoyG|N)8&FqG%9@zQ{l@MIrqH>J~$fui|ynA;n4R_zW_%7h+uEHK+e(1S7oenT`
zKfc_h$P6!W;eRY?mSNBSuRAsKBGddD;u(Gf5KjJ1;J|t~%?@6-vb~LYzP}_%@<2cr
z!#C(jzmN1JYLZCnV*qQ4CMj_rx}mgil#I_dsh>QxhjBR=SZahvl$OLT<=;e=>{Q)G
zKNfyrfaO$^;Kn*jU8u*9F1Db>Iki1)R!8)>{Y0|cN{H39-8~u{Hk&V_6BK*+>n4`Q
z7n|CbP|FvHj%5h*H)A)6PYQpfJ#;I02lzT2zyq^zs$zNh;9h<z2Y&cwGh{m$`m&7*
z)flBKgv+rTR+ovN+jt$vg~)Z*CeC|i&<uRPlG!5b!f;m8F%Xn80mYCS<Qr;E<jfgF
z@gtgC3_6?1wxG~)<DqhclGak(tUftY-P8E?vPX}tHG}#1OUj-1Mytn?d2hN=QKbZs
zXEhZ9CoSni*{CvCboz*8pSFp@-_ekN|JT?z)X?ld%@C84LwFp9WEPMslskmh@v}Y}
z)laTW$rlXr!0}VP0$S*^4K!}7R0r<`=()kLrs5q7MRzrnlEKuf>Qh31v|{oc5tz-Y
z-8r*EUFxP?T0w(~xjx=hMt3O`m*YSc0!jk7q`~@(+S69o)hB)@XJ)3;Ky9`zI``Xg
z6gSOdK^iHBNG|$kkvk(mo>f(dNqLY#UDY=;)6b$p+~e@c{|_HOGIvgxN~`W=Cmn(?
zgiLrJAfNmIh=6i9%)DhBSuRQr=L4_Sm-NyUpVrO&e&H*MqN5JIaG+TVwxxUHQPiRn
z=h^zm{8Af<UK&>W8X5Tm-a(YW^gmjh_l4vOGfDT@QK(;9ugPdq8IL`i+UxVaVBX|5
z26Gw1U{az;e}1P<Co+RsY`VF<laJ~go>`(f3g%VrTH%8`irXt9FmU8m3mIPDj%w^D
zo*Cu;RKz4TQenG3b#K?`FW#P(zP&@AEq;Azr;2#|e>~6*Js<CXQ`OK;;HF=2B$mS@
zJm@W0#uVqG>~fxaHP?ZwVSXOUR%@1JdMJkTcGLUS=ggZp@Q&gXt)e<gyHk~vaw6No
zC>ftIWdzR0FSqPc8%cf|Him<~gK}|bC+&#9ljK8>!G6!PMN{ba59~Lp41UzKOg)p>
zvW)Wxq`yL7;dDtTDJ%}$u`AK_V7cBxi>sTE=K%bBZ!^2aARk(hv8~)l8uJx~r44#X
zFqK0K6BZZe{PnG^LYMfLCkJ#|x-U-*nvAbg3A(k38(HpbPPF&-bi2e}u;@+iim>Pm
z`P0I<l(uzMl>~0>9fA@*R^XnL-WRkNm|5`IZ~;#Fm8~tf*sqcauI)_``{#Z&#zs-L
z$`KP>?ex2BPRIR0Uk#v7s*V>2(?Di?jMr&V@~|)ySVMca<7YSVVsDd;?iavRhjcKh
z%O3nLdk-y7&rGX9{*|mM9!?xgLrBFjT0a3wS}bkF8mo~yZuaf!e{^kW_(y32mSCyf
zsV$q#>sf8D_M6wk#=6rF^{?wUoyf#|=mb+w*kD1-J2c2YY?~WuT0OU2H{KcQUh4Ei
zCe}HcPF7+*^!J@tPIz|b@0jPuCDgEM@@2<p_U4z@?OtNR!Qg$J>?&dqA}Zr2FTWeW
z0GmV)oAk5*`Z2-wNcXZ~m#4_X94GOizz=4j?WXwu;9lE3U(C(UzICH*=l?Qaou25R
z?Fb}?X_)4=HJQq_;Yb%2;oZE~(XH7i(xl!Wc8W@<A}W~VY9`qn=<Sq2&c;-L$V02$
z3lTPQ_~M4JWE?8v6Dgw(1KJ3jac#r~)|Tay&7Fg~^>(#pl0CDtI~tONj@$!Ny5>C_
znxRe0NZ>oE0k}ujzZXZ8gg*n}>v>^9m6*GgszS(n2I`@4Yi!S9(ma@uM=&P!+YFt&
zvW6+1cJqb`U@#yj<Xkr#jdT7;Jo_-4oiMWsEvBmi@R<hb(x8m7Jpwr{wD%4gN-;5G
z$nLv`EOaTmqDxPScgd=jaZ|tyb?460^DcuyMK_1~D5(iuFO=888IEBd7)~}o7c@iX
zWKN8Yx-klT%WlM--bXg=zF{PTpT2zb+8`>{M&o|&#la|1p!L{qDlRx#=FiIMG~(lR
z@YkfeekKlQu!E`~Kn}qHPO2ShbI|G5Q}-1JPV`KwMxE{jXQZFpy*jMv4fC#2o}1-G
z_?xRR1EK*W;}ggJ0S^;VWIt9n2ECzmPqZpUa23{J=K>$a=5482v0>EXEO*aZpPmb-
zio*j>v$!4TUIA=SuQu53?6C-31sF67vFp2yoiJ`mZ*Fbdq~hux_1qR+(@`9YM`DTA
ze)Cc;R|L9m3hSQwJ;S`+`=T6pAdd#*=-V)iQfK%D>Y%&BA^!nS1*(8o-mhUHEch(v
z<5x<;2I%s2|DbPoJo*~PhSKQP``yS-*aLeyJ%MI%)SGeM>E^iC9gZd&gZ0Tw&7`HE
z20`psa|QgMh6CmF+Cc57>0vOZj`#Q@4z;LP{##QGwt5TTI2`*Dnx?(6`hmSG<Ky!S
zdv?tpvun3gGkCtHI>+&SYLmLyRQ(&tgV%;eU4e;zTf|(?fhMO`^>xD!YZp~Cw;X3_
z0kyx;A$`<Qat<vPX$RoPBdXYR=g?Bm_9FaPq8>jI6^36{HQ@Fta4J->WaY~$Q!>az
zhcC3<7btO7YIvw4YG4+IAGptfi+Mi>vg`vHS-Pe_oMgNg%X*s6+3a{8s!6#e>Qws4
znGPJzM^X^VIl9sopO*FeIXhU0Lwc3GUy$drq~7o4wJX*+V4~9Z>p0v?Mv&1(U)5GC
zw?t)Rs5d@i#w#3Za-6LsjY{(r!YtQ^KMsds9hP=4#RgTJEp>T7y4{3|BRG^U(^eEL
z^Wi=h`<jq*Z98y&P&Mh1rnrprrve^0Oqn3!8sSo}T1p-Kf+e?1(CK1fhM!vQYE407
z$}}eNAN%8I8S&+O;B6{ny8hp3TuHM9Sz(tQ_O;7F7YJy%G&)Aw5^+>C*3TxA|1H11
z6Yo(EAt|lLVsFzC!-#@uudl8=)?sMdr3GWTy~v*%>|GASvEOblT}b*nBe42VLpu<x
zIrV|Bjw5bA&~`hYtS#gfW)-WvIrq&f>Kf)l$Y=Dgjn@wZcwhGnYG4*-U5Up|N<<q?
z^B5P>yy%an09W*tyG@{Lg=XmMlu?XZw9rB!43m@sa1#a$FB1!kPUPpJ)Z<8@sgj;|
zgoq?GG^&*tuHQx?47g(1zNwIr^n$>TZj*gw;)ttobuZdY;I)3!oy+K^pjS7yI%=ug
z<McikEhO9JCfwD)X11on1R=u1(OshU0i-?$yFih4pLZCC<XWQ;uGZH#Z;kN|e8Kc;
zy}@KH7X~%zJTeW7B`*(5d_9^~QGP&2necn@PdY#{EZMb@3_h2PiG~RE2>obq4^ee@
zi7mT_4%u4GR)3P$t5zbw8LH)kU;KyI<vpg0*lbmNS73*Vt%=x}Yz|Tl(Nrw`8nLt^
z5BYr}s8Zg+p6+MDaIRn>J#O1NtPkVq$o)drG{*XR`=|FbHQClgq1sk2+;ZmHemHow
zs!Zu3Hd{&cs=%Je?w{zrXWcuK)R)I$FhSYGihRR3+C8$~0Kk0$tKs7~3|oQljrv#1
z|3E<e!(JD_zA7U-E1fI!{nFP`Q~_moORcI)O7-2Kj<7=}%P~6K1PxKa3ri3gHYs=8
z?Gjtf#L{9EmoNPT+3gwkb?6J*Q8gFgIa2d?AzLjHz!|m%izsKD*mB5we#VwXC7+!4
z!4T&r%Bw95z=;3;W;de9uOFxn`hyXnf=_s&h~2VBVk&7{s#?cmCBnT?1K|R0tfP5<
zo>*HMu|qc}+U#FQ+pWj^Um&sFp$zx_(>JDQZqGtP|8W;EjY1gC{|D;14Y?C1@L4G!
z@hUc1g=6CGXI?Q35IM2vEc9^;My!>QDtQH5d%k61<q#gH)w->I^ZKAut&HwYdG!^~
zD<OY_NRypH0XU=2;;M}s#-hop<h5;m220aZ(09z_$@APmO_R}7vNi_Q;{L?24+eyr
z$648W%|%?viny68SV^McWTPJe%UM;&(tMs82tu^nPmcX#rl58kei*KA=+5CXAO8BU
z+qh5X`d#u>Q^2V4+S$eX%>4_7u-j+kWk!Ej9?1Oeut;B%n!3u~`b_(loCqv>!C7X~
z`R#u)ZdLNq0-OQ<ee7aX9IfQg^fQi-Z7=#v7qzErJHMiqoy2~|0vz)mnEDqjB{{HH
z#Kza#loA=~<6y(83xej3gvtCEH4%FpyS<tYEFfQo%?$qug=4m3e`N66h27GfW3(?!
zcK)c9?=+j<+Buqj)@lMabEnnc`pZWNbG+yOWihqDW5$KybT1)Io%k2a=lr6u0EfY0
zx?~}?Ljj|gA@~oDmpt&mdG}2!N|)W+R2V68C@9<Dwpe_MvIE=Cdg!5H>WXRDy}AyF
zvqZ;k+|KYH5d&*!KRob@r8kIDLJDx9Dumimexg(aH|gRZ{pmStFud1&6Q)ixUu*Th
zOkE4)_B(0UKbiDAn3tc@;RgSzb$us%b$8%cUJfkqOT`jVSvCByIg4bGV&P=M^h{wq
z2KMZcI{{|1nU#0FzxB!~TMSf9SGFG*ySe<wy<2cYtD|52RRTRjnhp+T+mnv}O-qY`
z^f@cw{>IIV?Zx}=C124{yWIb8Qm#Z_bV^PAqu6<=$srS_TrCvmsFW3t@eXbkwDXCE
zL@Lj$#QpfGuasNVx{de&w>Yacb&DlHp0#w`<c)0?t@Fk})guaAQ)2$YPN>6XsD>$L
z$9cp5@Fa-_(}7}}D+;%!YYCsjOG+=3`_YXO{iO2{+~WF>-FqUlubzNL`kUhEjy^oZ
zaS-7m74F^$lg;}yt)q*mKK5!wyBRru@FStA^HWrsf42dDe3Rq28Xjuk04h%HMZ9>k
zcP>sAha52oqK){NNZxD_(BS9dvMtXoj>2Xz#pRpNbKuh3m>Yk5Cq6#w0J=nPBu>bO
zd2WX$Q5IRCpz$gS+#rxya1Pblx>A;cjK+58M@6`pvRRl`M}u}V5b3z5<G`&=9CoAU
z3yAPGQ{jc0R8zXWiA4;+k~trtcKeKu>v!Ipo^~S}gy5g8m9FVu%sMh=^k0{H2JiV*
zm?Klrfj`-c2>loJSy(!He){<uLMG39D!ev+tjytL^p-|Ea9)^F;gheW)i>K;UXM+4
z0Kv=ZjmA5U35;x}0PH}(1`-7?4IV6sXCIJJ)Cs}|#D?!n1Gky|pz(}E8L;3oNpdDb
z5~4{TU4rgCdL4XzLFR*t<bl1EApfC+U7ymR)Rq~)8gj#Mf?rQ3&hwObyw-Lyv?-nY
za~mvs&BX-@uD6gmBc;Tw57I6w(rU$51S@Y8fhQdBBsNq{JDP)-cXd3jytIWQ7-v;)
zAllo{LP1jWv{1o^-J>klN~@8u8ZPya$xgM**nJU~KpX$!O><Xk*$bOrzCCAJV_13`
zWU!^tLu*4o@AV(*O1o_S{SC>uLx(xoyX0lvmJc5`-g(OHtG6qRvT^Y_HLc{V)`T!Z
z{Q2bt+=rXn0>UGsRd?m4d?kN(lkU})p|A=Yp}=pY4=(Y7Ai@#^zTnExGIZyC3sjn-
z6@xGd_Gqxjf^{y7PBDH!ai~W&7jzsN5f617I0Uvm3tFdWbbD$vIF}F%VkW{$>UEIp
z%}}RBKp)-Z$y2GPYH1_5A1h}Lc@0+b?k(_qt<mgj)N9p(-?W3aH|W`9LO2ZBly03(
zSmUp{nRH?K--4{tH*fx_CdwHuPuQOA;J7$e;k6OVB8!JY;LR@kD%lVh-|>v5_F92G
zzSc9ej#te8cH4C8(?H|vc(CnH<bSt&s6l<)DzhOjIUn@{0`|gVcJR7HFq)iLgS_*Z
zlikQxTDT$^yEV@sjb@+G`;M$sQyN+-8H50!+ehm~46iz*W6<K@%>f}SMy8G>(q^CU
zveNXFlRc>Fm@AGXLr6KrTiG2(aIFqc3gOa?w>q|%$dr+7A3`>9T*MXUp|p}Y=aIl%
zHVsguB$TNR`vG3qIqhWgYq?UhPg3^t_PTZT?ITBSwn@BG&0QZDo;!^V3U=zQ?E8&p
z0DavT9ScrB6{QRpIP6`ceyFS%9%tpK5w>~^HdN>q!z9zd!xE%4IET8;7O@RtXXM75
zgFsDiKbHJ0QTS6Md(NorWsnBAP=0$8`T+XtuQuLMVPy<OL-kgp;U^fV_-752q98+q
zh(aO}cU4}?Ev*iXEo3d^+&rgE&gUiG)YObx8z%kvEg@Yf8+puUzJE1nq?U9pUT>#0
z%$CL&iQN*HQ*{uZa9X@%EaR9ik2cwI`rYF9(a5F{>sypj6|%5!>a4O;e=JO1Ju*1>
z_|hDB>G8Qiyz<3ffnL^BE}>d0REKZZN3{M)@a6^W4Ir<F(}8$0_T`c5v|9*Oy(Gn|
z3b_uI!w`ZOJz1=W_yuF{hhO*K)W@6qxBSo^^W`BCIep(M6!Bm3)3?#^hfOr{GrpIa
z)6ZO#@uLm@q}u_9bQtAkamfyPeYUi$KF_w#t^)&U@cz}wwNYrUj5Wgtz9`}kCXvZp
z(DAf-03mDkZloqO&~{5S)|6vND-~6CV{e{8k-<ZK3AS&Y7Esk+=2CtAV$LVu8AZ}7
z`gitx9$qsS#I*5yraadlE=y$nx{(Us{picvc!6@<NVSfFw$Ii+u2L8%9rl(KEEZJl
z_S*lVJ;MgJ*I&_gLPfYBic&056f#!=%hXk%bVw=Q$utK*r?-R5?m$g;bGflYfkuyC
z4qO^HW7lHWOp&qH;`z(#YP+uX6r41~i0?(X)~J};KR4(fRNhieBdvKTwU_Gr)&NO-
zJS~tV@j|`XGMdIRzvYCT+>meHWCu2$wKggvWAtScfk@qd3NRMgYnwJ<t*(uh`-(fG
z%6lf9by9pBCO|*7DP`3luN3E@d(9kwcD=K^rs}SK#cSNz=6~ikyjoRC=)Jc>I(k64
zZ50|}i4cy~zrsaGwCVI*1scc}E-#mB#g%Bo8B(}C71uMUJu-QyJR@*nY!2$M2+`np
zC{JbR>@fwu*FCFtkwBp@Y$a7)AP5iQQ8c*R7+Xp-dP^tVRzQz%M>I!D0dH(b>NrYS
zMAjJ0253jN@I>5QmT}1TbFw$y4&@^wUfXhSN14yHJjFXYc5mu<2lb}h)B1%i$N|6j
zPSa|hzE-@^$S*E6S;GD32mk!}xn6)4F4r|)&pV+84{`aG4Wn{2#NP%r)bDKN-=7(Q
zdN4L$jQ#x<<1NY^Wx0lcbRt(Y1m6=_vnULmfH<$==y0u0JJ?lyWni78XZpZNb|S5s
zD3r-f6x30}3ml1KR)BOXG%205&ZY0)%TOZiQm>S^8?t|(4A!^?wxp;Z$z^NkUd??&
z*Xu+6r+-^R`H&p{QANQvSd`KWU=3IU{nROs*6!|mI_1rWhjjZzXU3Z>SDqJ>rB|IJ
z)~8*h6<BrJYG>S?Ri6%NeJ~{7=VF`d(;L}A{Bakzj+$@eK5M%1m2e@76}<L$7qD?#
z*a6=bK1R;lswVj>$h_QN&~FM?*Kvv~>30@-=R*~~`;qHyRb?dR<hPzq(?3}B{lNcA
zNo~D)-u6C<E2XXVem2Hg+-W}i@A9`tK6KSz#|*kM(lM@Jn6?+Ml3ZRj%wi2p@PM%{
zT{R6AIGWNjAO=0LzS`xOj4`_IWI4MAL=y?#fwPcd*xp@TcP&7VXHt8?Nj_E*9BAbo
zju6!>>ssPua5lYbo8-n@6JZYJ4^Q7KUy9t@e)Z1modalc5ovAZVfKtPekzjT)FR((
zcSg~6w%A1@49$Quy6$8-`+StlHY);LqkC>A@tps<&3}Iwc1(M-8_OUn?4wd!r%DdG
z4S2eKdAh5Pb)%Q(L$2kWu3$a#Lm~WyfUp*hw}V(i!yTsXCkw?!@6XHk5xE>yGntgM
zgxhJ=R>&1~lu{jywr*qFP*E+RKOxMc8B<=bKUd>$Zr~|cf+NOCM~clBjm}d=cV4gp
zi_GLiQ_w{4FYW)jno-4PRf%36Fdv`VyPYc(JUA^JN?P!(%{SjV#g}4K?eS!EXOd9x
zl2+AUQQL0Pu7}nipZtEP({~b$Cq(_w%yY8!#IC7pCCK!YV|e9+h>IyVVOEXqrfjwr
zlk~lU&y|_`1fjm9deOB00{wkD_})jez81TwAOnT4*yo_KJ~W(S1rl`#y+*_Kf>32E
zqJ&sD^iTkANmWV5-Rtw_eI1V*Snt+`9#enDW>?gZuIjR94R!f=Ze6}McgWr=@;&!Y
z|8nY2@6jySw^!M(xLvGekp=9@@>YL+qN)ebWjq_-&D$ly(brA%AHemg=Y194-bKDB
zrV%%@$BkWOZL!)X17{asJYMkhgUXFn0Si3&i_!d3m3>bi)ng3?>NlB96hX@q%9jZ}
zaut>4cI~Y6m1R6n`x0x)(3eTy`Va$M(TzI?yni*)JP&jnRW37V7}q3hE}_RHALXZ|
zq`k!#pl9idA7AU9fcLIi5>^=!wr91VNw>ADnAwA1=U3vdLhL3j!Rb5sRdIHd@t3(f
z5>~Mw4DQe0dFj^RflK-Xk9WGpWuEK|nS_~WSE^UGu1{GoGPO=n;mxgm2$k4R2nMG(
zaI7|pf8S4!TIUuJfWWN{>*e~~s%6oQApu}ki_^+BF1{WuI&3uD`2`H%LdO;s!*a+L
zFyxw4PDK7Jb9{<(%QmmoXhv;_5lL`iPb6-eFVXy(vZ_12rwSj(<NEU;ZD^VMV-Y0i
zLB^IgP6bQhNWw?e<pZ?Gclztx9j(gc7u0?7go7szTO>QUV*#B|TGr^HyE?5!A?Ns$
zGoXPNrc*<mKFPknRX+ae^!7n=j-QapI28PoaGi+%e;Op@96M!|L`mQ`I>im~+qH|c
zw6bKe`nAr<Rn)Eiq9S8U)mzjtIV81sw%L+<7~7Wa#vMJfLJ0i+IIpubo*5+6z*3$d
zXCsdOu?W&Q@e$=*S7VeAlh~<5^WyNXT>}0-U%93)bbRtwA-h~BPceqp4{MUB=^JxZ
zGN)s<s<Si>6wmeKr1E)$c;Bc0|7nnBG91=Cw65h~pCY*K6>nVJk>mC&F>yux>Wo4t
z`fwS9Of%>Y8hG&<iM9K*x_dtSbh-PwjhAsn3~en|ZXxCmix_h3I<Kj#MNG0ZO6k_4
z>hhk#HXRFH+WA*3L#MbAajb>wR|r((SD<O(_{;aD$r?OowoOdTWjih})rK8<^=6t;
zG5!t4gJh^2qT{yrV#u*8jXEzDG095ArEYz@c5&zQ=j;E_=0JkB`YU#|k8I!GzfeK7
z_%L}6bFMd*P81I@nMvb6?d~bS_FdX-O7X>3YG{mjTy|+P<NE`#(%YPHGj#=KIu@F{
zG?zG3-S{3k?eAcV)WXoJR~!bjRvct3%zYRxS(3FSTe?9Hp(y5ndGWcN*C5iozL{Gr
zF*)AmpPIfKyjL?-owVQnm{TnJ$j5%fB`k-A@sE70_Rx*BenZ!gUmj~T)iv=r9H^&`
z6GiuHS9S~Q#S+X^=-0*zI=>oK*svpV;nFD1pQqf=?t9mUEp!!-kaV}XZ|-P|m8`eb
zd%Cc&v%R^QpUti2&o)Vt5hx(TbMaM6GKW?g6|V#~>9j|tQ12x{+YmDTIcft}hE{?%
zirz=nrEUDE4OY7R__Gi*lxPX%Vmu^E`Mamk-AjVD&A}LsI{O!4Td&J^iry&g!U(^<
zt|=7NAFk8Hz*;Dr;;qvYrz&54WKIiDIbryQmMEbu{%HMnMzIunmaeOF>ou8f_<z?M
z<&F@Tw^y!IVJSlIPEi-IS`^`As<twFZQ@;#sN9>rGG$%zJflA1TlkRZQu;aryEsgG
z#+9wAUEeu!FHz;?N=)a!wx4+d!cI_0ck1TQz)vV$wPOPZE=bxEr&!E)|JuwI&HB_d
zckfw*ezm;ZTUR}!lg%%6R#zUF_72+N+JYe21?E^RcVOThM2nikMbtWay4G{iwc>#-
zDGRz#=n5Vy)0bV&as7EWMZvsNFC{QmD^kE!IcGD;J3&KBL)k}<iXPr1O`KD3zqjwt
zj)I-VzO{*%QT8#4XeBC#;@yuu^$wj{T1bEX=k;T7>Xmo1ciXrF2hGdgqGtWNUwHZE
z6LALZP0|9__4k_}4;_beNqU!cY-rxHJ}Lb_10JUSKf^j%uj9xfnL8?so)!7P50y93
z7FHvLeVgr)Z?nAsAAoFZ-|MQx4SwP|ITO6BWEyA@IiZ|JuH#$5`2~-5e({%XWHLMe
zzF^}#4)#It?J7FgnKm*e1Y11PFL;lYr!Iq4{MrUB4#1-zU=JTf=R3JC<7pajBR-^m
zr=m`#yR(#3Qh{lJV@}>fTo;ha$iLsBEd%v4Pl7!<pm}nvt4`jeLWO6Ak}Au{+|M#4
zhOFJ<<lO<X!pILtPSBy*eKo#lGfV=y9?CrV`DS(WU?MZDhHyt_uyJx#(`6DBTkG0F
zI5cx*sZy$WXl2PWBaO&SF?L682IeYoC!|J;$k16NY7L0>n44}iHMyM2W+pE8I5(wq
zny=pr=Fat<@P;&z;5$nw?Mcuz20N&+a<pLy84zsdV@41h$w~pdY?2#A67V(+PoY**
zCzBlqa4M-Of&g$$AvB*sMyJbyvmG;xO_O7Cv6&25ZWkHASvQ<GG)>n4>_PHEtbR}7
zM9(rD7}81xF%y?2Vk4FwYovJu3s|+S&9;U{ARl!=%*^))z=%!q=WD$FQ&r$lkGk6`
zR_Xat@EzS!=5PXHX&!oKC>8eQ&lO~X^SPQnsJ0{aIs<y9HX-M+0Ulrk45)J#+!WL}
zaD2m7(NbffToGa|ysI2Ej!}02Ar*EY9Jq$FV>!!BdEWK1+;PVBPTH#w8?ta|n>cxv
zOB?5U`3NvFxe6)oS?REPQ4Xb5I46ryvX^9eqEm<z9#x{P4Zdpx{3NfUN?>&MEU8X%
z699_>*=QRIq!3YS_!DWZ2=w-qvC3X(jP$j?etD{`^Wb&cl)UW|qEA^hU=sOUih&Mb
z1EMU#TQT-J#v?*+&iFo}%8vz&ZXJQ8<J?8+Om~kH@}+ehOL^Qt+Ml_q1l+;!)MCqq
zgp~#abf@wPgqh&S#aup82?N##6Tk@7JxmET%hd%>cUvh;NWhbCBDL<t*~fr;HUih5
zDL9=F{%5wNr;GIq$-tQ)S3B~SllB;-@M_@jkh)AV<Ra#Hk*m<vulk(x*d5ICd96>O
z0?(VA-r0S#hS)<7JXCh4t?VJ8WG**@Y4Z(T+6MKzl~y*h!yngg&wyVaRXn%0kr<uL
zK{nw0kbg*VTzyn$_V#FB3n-3ml{oD*aUTWE=A(Pw;q>14;~rtUCU|E1e&RgBmmFdr
zUEhobm8UVA(fBt=2+Og?1LCR?m9HM3oKfqEESepc6cs`)%4)#)i6Zk>)XJF2w9ERe
z-CM6zKF)BSt1ZLO_!aNFJ`6Y5f$!Jb26$d+5~i@4l`IgD3t{(cG&OA^yYC5elsCq0
zQ(tu31UkU1_i;-(`%r}f%J`b3&|266XJtIL%?Oijs2K>F04;1*T!g}C3pg<5ud!O9
zr6eCL)zMTEG8QdxEdyH6N0^^@)s{ll(>UC(c%VV$oLntv(MKNjgG%1?pdTs7YD`HU
z*j`v*jfTbTu+yk)iJlyfTEdk3rbEl14S0@vJCYvZL44l1vo^R`9Vov#Rg$7YA4y!8
zWg7B0v&s)f_=9*-Eh6yD6=hWT)XffTh-;qf@-aNn6dJksrp#QeT~J(Yz!>PGw#9H{
z8HUDU6r(B1nFf>M-4+Oy(GbH=Wi}hCip*deSCDi?b1kg%dum^GOVx4(mP2iHuk*F+
zbEVR0uQd!5BTTUOLIP@J<<KjO%Tuhqb$4Y3$tm)RgoVfkLN<4Hf(1?maN5GpKj%$_
z<3+bufPormM7WV{Y7C)Z5QYhEJ6)esXwQd)$WV|Hv?8=bQAWr)4Juor7)pc)CT_|s
zSL4O{Phs)!0xncr@~{EAs<NE0)2!dFshEI1L3yq=J7#gn*f{W$1bb)D9tIUOpevd@
zQs^+u^A2m{yPf5!IqZ5G@ylGc!(ezXY7bDRM^T%$5z>P7`kKf3TUXwqPG+gydwCa7
z(L|-^*Xqbiy*nsVsAw*au}RHNt8f1KR(1FQm6`@Pa&`(MU8u;kivSxGq9PINEv6L}
zc`=$2RHGu_IiXanY9SUa#dMQnW;8894`G&?4F@q^Lu5R=VcOJWFf1u&Fp+e|hgSL=
z#m>nr#n>q^mZ_a!Qv<`#o#h)M1!F`jbC!&6TMc3sRY#bY!uIq5X9e4#1iHo$1fJ6o
z9oTAY1+G(TvLS8K*s6U*M-DNGMv)(1^|_!5)VnISqFpJWo4h_-qKA_wv}mL)adWm>
zQci}EB{H&m*YN6Fx*JwQ@pHpn)utAQf5M|u&%WQHZNSH~98Iw+4eEHgc&$Tm4p9<{
zGY1_&0`)u>lyV7A<7r0L29t9Z@UmGN3MUd(Rb1#eB*b#LQFWQ`xUH<niw;rJ#iA4w
z?g$c}C#)ezb!XKz2Vq8WiL|N^El0wrL8?VQzcLRQ^G1|%cURnV<@3DgB3Xq|yd@~L
zLm0T_J9O_9n4EOFX~h@O$0&@+q0MNZ7E#`IxgA)7NWp}|I=xZT+|*Mg_x@d}W0|Hv
zh=1ZQ_RilJ4z*KYTfgbsK6%aX{YU~dtK5%+BYIlHiMf(hqXvtQ6pd${DoZxFnj+zB
zpls;L|GS)65;02L>5?grr;tou!!}`rxIp0=SDF^FCz@3rFgkUgQxx{?ajcso)8cVL
z2{vz><QNFvWnutcVCFexM=GINL3RyZ0*K(i_b$xU%EK^Jbj$Tj5eAVG1Uh4?OU(2)
zlx!7ikQ9*xfC=8*G6FwQBuY~E^JaH_qZ=7+oNsfC+DZYZYB@V?y@VP~ym?^jIVbJH
z80w6h17!9F#Q!RylVZ(A$>H(m?q+Bm-#$P)xS+1@|3lz<*<L?}$-}>}f4QxUfpG7y
zZaQJ3a}jRA_mC;%>I#hv2FBo)Xuc?9I%eDwQBd8kF0*q^S3-!5cV4!&;N7``sMM-A
z_+kzFKrk`ayShDXH4xcNuh?=K_x;dKu+rE*KqO?{REuG;zhXGOth0^6O7pxRD*9HY
zs`4b&1xhgrhGT0xs%=`r4n?U`Fma#i+5j$7#!sk`MLC0gbr0gKverx|UqE<?LApih
zN~PB7VyFy3pgHNlsVZB9Be7NP3bKNkS&~*nlVx3XrGes>bWf;wR&sM<Snp<iY@yOp
ziVlWCsclg(LXaTE%EQ<Nh>*SngQv^oMulvr2kHZZvr>t72n^y_L7|%X%K{$osjY%v
zOr5?K{Oawa_1@ZuW`}69?xB!mEo9tSVo5wRFZI^0W)VG~acP;M_js$9j~+kZmPPBV
zPnD$IwZPL-m2@qu5nH&EZ3s7#6`uBI@5{Sc#p#$LO9zDdr(I&E-%lwOnC1OOXFvei
z-+xk(l4{i;3V?pSQ}yR84)^$>l%gWD$Wo8lfLZBpA3cIPx}zEG2(9C8|JJ^<+Pr_K
zs>vx|p+Hdb>VHk>`cIHwM(eNFPFec%>v%98WtM(|uQNw1-YuO;-KN<wFLP1QlPW3$
z2li5|IXiMXOJTWQj}7zk{v>Fgi!QeebmR;QI%yT7%qlFVW8=zl`bhAzkeI=X2y59<
zgmD&8&KkyumgKZU&ui@xGkI**{1oE<(GVBnA#j)g4Wcd3&$2ci$CJW23&#4yU~CzK
zP%H{*f8yQTM=y#cFNY>q01i!?4p^d+zinPAp3ogaidMu-y}93}jE#=Q?8C^n1Ozqw
z`hcBqMT>W=u`kt>aaBZqwl16ulvVe1qIKJ)ICK<^cTyEunp?6Zt$32^FV~p8XnnnD
z263vpcc>-^>tke~5=m_{^%b4zlAksy<*PF}a5Y0Ry*E4D!n#wqGp!Ox!!NsmXl2%-
zx%{;Tn@i?nDwT{k+X`<f3yVQNutX%IrcUFiJ~Hx#hhCt5s)58Ahtn;HbpS6OtC*bQ
zGkco0S_OwDKxZTipc$bwKD~^E;*_k7sDDcd(PeRU`}4`Od<6OTD9n!HQiH}F@!jcl
zYtJZ|bOByvYqT<c5(UKw3C6HOtD#pbqQMxSo+qtlvoVJ}Z<&>g5nKxK1*r3=ewjYH
zc2{C=U#D2Da`6x4bl0wGp(3DxzE+klf)A?o6U+iXs<J~4?ZiJdWyV;lb0c>ATbZ^F
zRni#t4rubO06giji}Oza`%IK5u}iNSe`@OVkzWko3x~42U|%S>K63uG?6v<4>sT8L
zi8^?pgD0^MXNz0XzF{l^ZU8iC_N#ev=4E+r{ArH?f(E#RC+x&}L?GrS<+dCCFE()K
z{*BWqy1}ZaVLm$pfvn##H%2R1$cOxx5%<yYyMXdb(KTpsVv$&tD`p1m3d<FXk4ouU
z-oLk`2;YA7cJfqe<xh}hqjD0+PraN`s1m1F2o5BXgho|0Tib%6%1k`7=w*)+HtmCP
zr84y-qLkp396fsBz>^+a>YL0=>rEcgTC>Lu{jgn0Whbj4b&3tq+_-n2@9NdpY$~wM
z7V;kzy?7UBx|op?L4p?5!RnoewMZ9qg!D%9g3|3Qej4WyVx1SA8*cKf@UCY3JfHt2
z_Z1=?R?r0s2xdEqZoq6CRp;%V02PE=M7z0qG$Em&bQ@swK+%)o(vg5{Si5DQagRNo
zbrJ&s<BtKvQ189sK%qIw162ALH)`sZ&_ml)X)tC^(4?>~Vz^d3O({t*aU?u&C>?0b
z4TL9<T6r(M0%56}FE@3-2s+_hNf~f8>#sF<qj5Vyca3Gd1;d|qrJ;}@UVS97O3qAE
z%Q@SFRM&6p)MbV0fQ7DQtUp@j{J@EzW6ns=;MheKx;_eoOt9KYJTMv~&cFzmWr#Fh
z$Jt5wYTLg*Y0$3zz<r?$q^4R4R>!>1b?<7D!*tu+V3DXm=_FN-!uB?^%%N0XV=5K8
zdb(K1dIy$)#tt^3^9xxt2+=DtyGzrJh{PyWjg5!|DV33PVCm{p(jX40gmj)xlr#uN
zI+1=}tc<Q>W)w}N-IQb*98aq`nP`@AWjPzw14|-CLbVgps5`V`XIV0&Fh*oD=P9C&
zgqWDHQX@=|)2x5iS&mF6!BKhX@O(P61YD=ugn_N~{f~Nh<`*r@gbaO{7=l!wi&|XT
zDzT^09G>^Tz$W!TC;mKM8ziN;F(`C(PK&{DP)<rbbI)87qUDbgGB}f23052l&RATF
zP64XgRi22vsArn9?ifv}qGN<YHz>2TZ-i>3dDAoe>u^ReGJt_5GlA`>!Tdd5W#ML}
ziL;?JXJ%e82AK*mVaoK1A-Wp9pIP2$Z3vGnhhfkF1&Rzl4oB%FAg#RSh8C-vP`%z0
zeYG#sbJ$rIT6owJ780fbx*=NVP$hJn$6>b{5TpN~+P&>(FFyUFp~2}(n)g<wtJmBo
zuJ53}r*iOtgi#~$zo_S`JpO3G_kjjA9O~zi>VT9~L!h+1RrLleQ4%3Sz%+7Mt1|CM
zLNQ{}&q-|CXBaY__A1bgo02GN#cabOjryJ-G-`=~Mj-t5$P_9wM=4Igb^QGeHi;)4
zhyYvx7r`}yrYNX}uG5ls=R7+GOr7v%58GcTYX*YC+X=c(syAEz9An(V;%=bzClzYw
zPQ9(ba5YzFM<Svo`j(oSDrx*5Ad>KGVyrfH(P3KidbG>hOzkdH&zqCY65*^5rZ0${
zBZV#t{YAahz%oMI>NR6r;ChR+IlNWPOrp?m8Ibq-T89s#kMAW+bVv9Ax$;Y+C%9eu
znTU*)TVa#T{?m{fSY#!#iY@;eAvoXBZG|nL$>wUSue2zzlDi)ST+l>x&-HE)c&z?X
zSGd$Db-9zj^hd|b#;Dn=m~Vc6dL8YMEo^Yqy^{mA)QwvhuNDz+OSd@16-ZW<O7$Ue
z1vjJcW3V=dK|o>EBg-8S{7i4_aIijyu4@_mO6|wW436ED`bEihLsNt1SXM7Y8=UB^
zOvW{r#mn5G9aC?Z!!QFc>|-_CBp0B7wve@)KpJb=LqsL^12@kN=Lidwo`QjXuJ^dE
zDM?~k(4?D1QYL?MKX@}Z+-AXD>0Nb2+v=6Mp_^ZBR%^wa8bT!>IKS|)bBzj-Kr9p(
ztk}Xy^E9V7hZTI@^nCNZAVub6;;*NoN#$7FIF+T?e#<oZ$;}sfIxHrFj6ZSCC;O2<
z=V{WRyWRfNl!6O8O7Y$Q+KBAM3tz>og#X_HAYl6F^?q%!mc%pvKT*y+3Gm0m27UnW
zm-7d{Ki|<W(;rtnz#0i4@IU4zHjY!2wU?zs-iiCXk9@{UQ6Da!UJUbF9%(Q>7GJwk
z@&+m%myauZw0sHz%vBqHDo4<7^iBNnSN@xlCmbp{lY|$jGfgZIl<FL|)6=Mwx)od6
zekID{$ep{tWXEu5N@gtjp3eKF%iminj~Ta1UZH|8DvPIm!Pftw$@Fh7dFI6CQ@J0P
zCfgA+?SIqEb;XY|?-2^y=tFwpduYrM2}IWvH_sNLzs+zBP6d2=RqSo<qb!F9=gtHz
z)zIR`6df+NFI_^^pB=27(e900Te4Kzm*$n2#xH_H*>4&ATrmV?Z27#w=O>U}RU7m$
zP=YL^Bq6a#>@Ytt8|$t7r<({Y)Nz8SxlU}JbL~I&Up9El3qBKrVBfzJSZ*ygT2}Z}
zSx1nNoIHp{(uPnv8e~X#(tj8N%VsLlJAqcyM>^`vx1(#Iaw^0YiZctS#4OTDsE}^a
zFTFF<ly23jq)|;RxJ#w@#7Cl~mSUz6tG@7MqYP*dX*A7(B1xqdDXo6&tGX+q^Dp)J
zQlTwComKIQV~;A89%PlDdp`?+Auzp2Xr4mma&edBl@di!1`98my5bK3c4iQi(=x#6
zY?+|+ab=afl---(<bcs5a#7I_d0_R9d{8<$<+U^_SoMcWc7vjd%}}Z4FbFj)M!#Bw
zv7(OEIQzdHGQP%FpwNYxOV4q2x!37#&-1hhc<bqniB(&7ZY|$M=!={^jrs<Wi#uD@
zykZgQaTOi52kvaM-JYq{VtXDb5#l%v!Jh3{x0RHS3zb#NM#nR{MbfKkqX(EH6AC{~
zZnbthy`!7kn`4Luhi>XGP&@ak$dxTpZj-kfE9NF2H^W<oQP^T#PTRL9U!H!2&H8yn
z!+IezPhL;2fmc%#J!U<M2Kb%NV{$W9i8C+8f<~yNOcVW-=wfkEmDeI>R1{jL(gs>J
zf9M&T${kXuYr3{&lASGmzW;`kolciBDT}fxhjJ;8@^MB86+-2QUpm!POeIi9r?Qx_
zV#kS#94~%?gozSYlO!~0vgD{f7o`YKnF=j+nzZS-r_YeFT3>5r&XSc!HlEon%K1_{
z_^y5EA$8>E{gOKTPFy^E0z#sEN|2C}kyB6#eIC?tgvj0hL{!o15F=KccpBOm?U2~x
zlKR%?OOYx~x{UlAmnB<{#c~U1))M&&6e?0|sS?YS7SwKKRw$3z{$~5lDiv0%w8q+4
zt@pHQH3?d$R-Jn5ZLra%y4#${&j9iPTWn3-HafIohn-1k)TCL9R&CmK=+vcKPcmQn
zd42i~7&Mf;VIxM3+10hiP1tSH9((Oe*_8c-cECZ03hTixnVDNyT3MHcTP?zxbsMra
zZP~UXSERgxqLQ+Ts+zinW<8*`4k#5^7orD+>8FMxdV=h`w`dF&R}7v&B#|l9Vrg`#
zy-co9s?-{7@d8Rur!{I9NhnP>@`LDbmSsEnIAfse`SAo%k`-0c4b!q6*Ykrgijy>}
z<VCesZ!}x&&RVzE9}Gw9<BiGY)^wZ8;|qi$u|z79E0m#O;SrHh(JFOJY+SrXn~<24
zoRXUM*~CfTk}!b{6MG$Oz1%@DZlGlBPlbN;9<mz<(Ak}ZAk}|~Y>ak`(cm1XNWQM%
z7j{Q1`{4^e-*|%!C#fMvy@S{HW<A=gtQHu(bB2}pRqzSb1lkzDbYQMfI2Li39A{Rt
zTKVGP9*VL%9>ZR)OyO8)i>9e8ixf@5j<#aLDc8@XPX&(JuP54_avbQ6uyi@II_+7L
z?a%OS^Ct3jenHMbEp%HsyJ@Vla4uBsT!?Q<&b1eENMDSea8khX3|C4nfUoSpE?=%V
z3RObWQnwIx3#~MALvG$Aq8KV=k%M~utIGFr?2y~3Xj6a9l5gX<-nuB`?5)eEIaHb`
zqz3*eMz~Fs%E-bB=e3r;Rn}qUN@d5>R_eIM$_5WYn-8kCnPB9mRtGf?c>IwhDVx&%
zQNb2nOSi@hWV^n;j^)Xsl01!F&~4&bl3Lk3;2EY3DC;vUlX;#4Q+OW8R!6olwEn!f
zhRL%<*q#*yUZ?W8^sDGMCSSP+Z+=RFZgV7^G<<i&kuu5+a~t0KBheG*HVa_FR9~?V
zA7gx3>ci!)s{}MsU;vSOIZ#l8c2S5HcXQpd2+_(C!j&9iXfJh+x-tQTf_ljMFmPQ^
zcMt-m%mI-78ek=9&79#m`JJiq&QYXj(!~u4>c+kB+`FOSJO%F~DrT<-4<38gL>J6^
zUm_hs7v$kX@EZNtcOZTxBjJKE!)v%LVX#0(g|B3Y?X2($UhAL2mrKVkw5foB1Vu)h
zSieCaIy{FfP7bG>0l~njdm7O(dpbxVk%4gV6cZG5>UpnFf#BtJ(Sbr}u;<-1YfpR=
z%qr}Hx<Xe2&ty#Cz^SAyyA2#{gz2d;HK(mpZ<>FOImHglA=m@=9Ka&)BAWb08Tfj|
ziIlz3h{5Xzv3%HnN+<LXgYvrQdVC*^E785I{nGgwpVVnrDm^*W`da8o`VEG5c!Dt~
z(0icv6xA!;HloF}iDTI(i=Op(QW-*~JS<yq((j5<oK!$?uo<CdeE6>R{{7R<ZVJWj
zvvD;gFtQ=sYBt54cuBc;H2l4KJxdHBsV^rpo{UEqF`yRC#!}U0*^LO=;RlZTr9wIj
zF`<+oqj;m6G06v|2Jb3TeF5xIFIY75Ej7@Z`*Q|}&Pz&2p@ybNF%ljcB{jf=Od4%e
zCYh87BV+8(=_oZs%%#Dm4#&nyt3gO;&`~e)M#gMO!zp$=HKXg)ndxt06`4yW3+B-O
bwiXa1|0kCje*b)qLdfyn{-tZmn*#s<cFxB4

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..a74a303839997c63097b6d524d5e79e5a1324f03
GIT binary patch
literal 35904
zcmV)DK*7IvPew8T0RR910E|EY6aWAK0W7!x0E^840RR9100000000000000000000
z0000Qf>9gkS{#K+KS)+VQid=FU_Vn-K~#Y%Co%wq0xxtC2nvCwT!DiN3xp&9FoKV2
z0X7081BgTfAO(m32Z>4y2U}tnQ6n3}Nj<J^L!c8&W?h|f7RXJf1-j$h$%0C9Ho}ID
z17Z*~QU3q$339~PK)V62Z&kuX2Rl}GcbIBsEGSJ=s^DT>qq(L<<I7sL+O$>)WSoNP
z=BBYbOh8<RTry%*rTtLEx1Q`yxAi&LfrLQ9Hzi)l?{z;;H)niaWIuo`4*yB(?_enB
zLu7)<zG_zFJVzX^>D%Y5A3M0WRbAn4lbEm(>L!3zx)4Jcs(PkZ0d|WvH4ho{3I9=D
z)cX-xRZY#z0!H?Vx(OKQzCsSqZ?pG5AP9oRJZ;RFo6(4sGghVU)MZ#87{zp9H7*3V
zDP~||$D&x2i`%hzK-+4t3XABaV#!=8Rg45Zqp<?>qax1B;&6apoBwo!7f07czRTt^
zfeVhjBzsW?VI(4$f%+XLV$}4z@4oh`bjG@P{-1k$_c?FYfc=CzhXT|(mD+&jgM}J!
zEGt$`!U4=3dZ*UQwq)@L04#%y7$<4@2)SM#{4vsd+XZY2ls4cD|6Nr@qS&gYceXLJ
zM$eq+uk$;9-PhVpRu|Ki83_h50KbU*>7CmDkVZhZ9Am;QFZCkA_v6G5@#hB^7O>k*
zlN21XE!(nyX3p^NaOD23>+sFC4w1l5(5C?g9>rSl@0$2q78uVI#y2%FHD{J9r>m!D
zq|2c$mEz#(zbIP;#xb1(f`>4Sg~?v!mSsCkC8B--aDiC>{|j>qJv^hC{EUgL{D&bn
zWXQ^pkeHmys~#y<YC_Kw>go5boh}eQAm)>+wbEW+S3kIgN9s=^Biwbu?qrl)to&@>
z1bBWzc7ouDgaLGh$flxneDeRBYHvFu=|bd>57dS?-|6AU$Cc07(K@w1gk1T!sRkg1
z8~~&=02SU0$khWR$^&c~QsN$vTK;2#)GBP2<xNpea+XuN07;z(Xu~M^<7YaiP{vrM
z*tITwdY2)!mFw2_G|ew6+17>>*e+ba?0*qQgf-Rux@TJI(RhNx*s~!<y>7{0(u~((
zqwRk=!jJ*F3|Ptlkh_IPGlB4U_`GTVo~%pS1vCyocFh`C1r`OsVTKhTg+LXkZuj0Y
z#eq4hq$m_e(0$vl%nRVvi`D6dh!=vo$Jbw{@HEr>yisb`dW8{YP>drMvpCHu&8g+M
z*Zkc6Ev5VZ?)g)JymLN02p$ZAAQ%KeFc=I57Y0G_2iaCfUVb$EEF3kkM-Ge7V_*Ts
zfB(dsJ`X(G|80KjpO|gwSZXdO;(^C>Ar1&48e#|`i}=U-s}KmJ09yc@0dN@@Q6OyK
zuw|8lod5_=dqEs<3d9*VKtziM5hD()mMX!40Y(A>2TY7u5J(UL<UlxW0E6?P^Jy4B
zjT8cC%Y%7(i)yR$z$C9~mBXMOL8*~t(6`@)Vfp^EO|~L;)S-@B_nZ^w)IIga{xq0}
ziy|tch^w^DL?KF9$r|7U&Jv9xoEe(MZQVCmh6dgwd~1bllO3u@_30J557w9!W`lJ(
zp9}avBw`|`nyodpmfo=wdmJRe7@r_QsjF7M_`1}~4;Pslr`77v2tWV^D!>9kf;;@c
znF-L6yTL}0CeU~=G&2qwFN1RvpdkkgFp7Er1Rwz5tc))418@eI^T5>x?9>=WGNz37
zGURtjoLgy7n5m2};u^FW%#i7;vwTwK{|*7X%sk)$mU+*$1Pi6<gWg(e;W@0;Q=X>q
zK6_${an1Ox!O>~txZdTBPkZr1o6XIF++O)85-huWPod6~gMBLe{!`Oy6?pu;a|h30
ziL!Hqff=sOYkqtYG{5QEdiGl8jMP{vNU-(KE8p{hyI~*Tc@#vjQ}29B6U!b5iD$CK
zz7=frM0s437xdi?@vGYL_`gHHD^0%bsmarO4zU-%?0?`gW^gJ$(=|Ls>=cnc=FS#8
zMD!Zh->U(piF9n8CeVWj-t`&f_r%sOXdjeTPRKuxzp#vN%v9=)IbxH0`_{O}q5Y^^
z^COe7)as)Sa$Bm~X@$NXo|`P6OPK4yM0t%r@U3BPamsLV+nZa}D<2I+!nd;LLwgf}
z)?2=KQDRn9jx2HfoV+dFWKUIf2std`M%wOsL}`m$(f|GA)PTx@Nred!u=vafNvj;X
zE1ctTz00*JYYU5jjNQ{yB5axlp`cQH<rLd!{SSP`{<<1jf7KMWGcg;iRxN5w;nN~b
z7ucb9uYkYhcZ9kTpyyVH*m@aWP#sa*5=Y2dn#kvAliV$}Rj`&r<;H`#f5a5p0sS8h
zUQ<5!F}{$KWumQ@P7XU?ul!{!bg{03?^m3KaxT3}9m1&^EwMg1s4o@BBi^Hg!Q2^G
zQA<ekY&Mmxts2T!TkXD;-j{{Cy4PBgY;nGI;`YVER0-}G#Tq`H-elt+K4NYzuOThz
zc1H6L5xN$L)jYW%)?7};xK@viz;T-xHC7v&uEE0XBU*KrhKkCze059dJXjy;$5RWv
z<g@fOW^56(ndA1h)*Lm$HjyeB5+cm078pVD1#NIL@d8GRsOcsWe1d8G*@K++w>g4z
zUC`mk3YxCauoNmcM?VBSr_?Y5l0OE~>`Y1US#&gB;}Eok6$o`oUVJuBkZe;PoYH7e
zR%lBi2)lV94D#i$-qX;yc=l>{hLc8r@yMMT%k*m^6-If#S(8!C&9DK+3Z^yM3hpl?
zf<HBQD5sYUx&$XHEHM#BT1!~UK`Sk(P#Z}=n2s;0Z3Mxpl)!I@JxOw>1XHqOme^>t
z9EfYK2F47hzC4nNp@1HR`c$}i36F-{Z%dweK|#aZP!bXSdQ-d7obXa{Ovt}3KN12-
z$bD|hnwd)2NynN^Vn*yO=uChJLW6c0!4NN##@(=ek%+(K9x*&k5lMH6pjL!nS%k(P
zD4JPlW&f8&q!9goVZQLZ`sP6R+fCRuhm?MOj9P3TTgt(nT$KnVNGDoLdDON#d=p{O
z2*pR+VC~1MXw0Pf4x5QpXxb<Y2n_O7k}*vDd(*o_Xhx_yV&q{U@S9NJ9}q&_yfjUY
zm3B+Y#D`yfr3KBuKxnZ8kPxIt<<Ucd6$0qTBn%XdF{#ToAd?EP@^3X446zQyYmTQ#
z6e22}q8}PM1h>PHTHy{lWyOi2rYa>_P15+4piRkrd~EyX$8u_Xpz|&N0g7|-t=zD7
zIzuTNl7t9}Af>XPMF6+3MAQo2+wzChw$PUa<2rrumOnGN%pCVNOXNrv(*N99zd?JH
zRlnSfo(T~(j>MP>pQ>EaYzkO>zJCFsbm3lX>(!9+mu01WDZ10?bj?Q=H5gw5BFQ4w
zEW%CzU3jq;+e^-^#}IA+c^r2weDQr^cyY!7*@?xC#L7Q7L1+(+8XBLvwxXUh-7wiU
z;q34e=2@>ys7==?(xg1AEBnQw_;G4t)3^%CKm1fLf6W!pi1F~94_4C&l2!?U0!u7Y
z*lz8qS)7%K$a&}MYmKB;l6a3x9B58F2@L=ni@m-XAd9C6-hP<6c9QYiBcbSfK|iTs
zi_;Gd6|0Yzu`nx)2@lXM1A^!IYOzO^S0`se8>RVxc7J)D8gPmmh%=E1n1uIIapmmy
z=Of-Iry<@}bDyK>4l`<t=;HxVE~M$|_jai*2_>{$;15A+_f3BAfFN_yxa(%~M401N
zz}76%nH%<W`V_~z`^2Nh2;`H82nVO(S0Xk!wg{Cp0_b81b~->Id^G!kWgN7b`v@~t
zjw0dYzoE!UH(CT9#)!Jx1i!K7xvgkg_z=ydH7*|fRgB<+cl#qgQo-N93Bw%C*glmV
z(1@YaLr^5eEZlR3!kKyG6uat9ETqCBw8>*Z&)9~*(rRtO0+Uf`s-GOi0p`!;ILar-
z>C~S`HQ*(pWg!!!#tM3p#bx9X5Il8TW7726S2O#XciFItMN_{vICcKfd(`QK828`c
z86KO&7H7py!q|blfNh{5ws0OlVz=Y^Kzf_DVPGh;Y@uw$U!J)ZFH?>bNB@Tf!fV@c
zi<Uk?sZa#C^M`Jj5NAB`?F7;(pEqBKtMdP_Q02_(3Xn`lDJvw)N%dHv0@1uD{n$N0
z6C1GTep+ej1G|!5gXn^%kxk`BI8N4XW>tPHns~4D22e|rf0s{rk=@H2|BOEf?vc#&
z7hj7o!=b6MIg8_c8l5+N+|SK&4ORpZvH#=-jHTBW{*#USDWL{*kUcj#c{|McL4{)D
zb3Dc`qQn|mS>Mj}AD6hQ!zb+*9*13l7d|W+bMY^~q@o!Wy_^2a`+%u8FzzC{FpE0E
zKE;niA$Aw<b3!K#s!7S3QvMusfKT7|y4Kt4<45-|dEx#W*Mtg$g5ozk4Qd1F@!U#6
zQ22EeGMpKUk4pQz_sp^f@H0y3jCtjqISYOv?+OK&mhcSxtbZtx2?!7**lv65wa-D9
zTz1tp*Tsrcq*RSZYBlK5i)X-)VR&4CVh?r=3J@gN?$~qg#9pT#z(EmCi|gNliv>Vz
zykmI=v7hVX+ByAw26vfq$xdhp5G2@cd+c?<K@m=itA6XOAJ@zj@CJ$Xv-&Z(9--We
z@r@d5-AVejAwZB|yX~>p0S84mEv}lC*ZPdr-?L7k;hlJYDS&U(Sb^BN0Sr09u;)OI
z2sio=B*}9@q0N>hQ+l?sX3mNXq8;!6vbPr^Sb73L9nPexILt#zG`NnkWv~<m9;JqX
zKnW&%9dS5EUj2a2T%_?fuunewIz<T-i{_GSC9bJ-PrMq<618e`ONU-}PRUGu{ZnmT
zkwqKWzVQt%2#5{nnFI<oL>;#p^`7;R<O+G**v|ftR8Z)X!J5m;kX0hOLL5~dS44gB
zB0wSsM(#;@z=(J|L0(7h8(14Kml{P+3Fkx>K4EjUDlkJRld19=Yo!SZe30nML+6<R
zPorF4nKhl6lXYGr1~m->BRpk{dGe~1fF>0sY*1@>E`=>38v;V<uy8{hMsfjYtV`wT
zopAUjC`sU~1{hbWE|<YYhaSQr4u(+jT(;6gI@58x`rJKvKyvLiIFJ{MfSf1;4;%|Z
z01F*4R0$1=T9;ytYaUC;G5uSdhssuhdv65O0noI1hj<BTBd@CtSQ5|HB}kzn3(6K@
zOA=4V7&1hxpNkqXnOtv#@0lFj_w?mCBsetB4K1UB(ovfQgi#lfR|6`LDgUbp!!i8i
zDH04<#7ew{Vocd^{i-luqd~`?V)oy6d=6?J9yOT)?&ITj^ufZ*Lx*-i%gdwt#-R)B
z|7HH`6H_xV<uSlx5bLkogg~`h**uI1b|?#5<1=Bt3eu(vL~NID??AUGlbG}AkYH?X
zK2_-rchOk!vB8hm>V7e{3{Zy@2%z5Ypur#tNLw;JMu2v;P|&6WGaiPGtLCNaK&)1K
z#=n2cxvCsWLD(w3NgeWdjQhsLZD68xDd_TmXUg^GFG7M&Z5Rb2#W8*r14Mv5S_)hv
zvabSZ0BP$2Hm-Xb3{!CwU~i67@zQ`qam^@;%zJ|H2H(^EU}EbIr&l1$1+*zvSK&Qz
z`Yynk(GaT#73aq`@`@}Au#xT)T^#%VALRQ-3xx`U9tZf@%5Vn)=Z;Z8ql*5Wr#J1M
zwSDwhpHnK43t$2LsRIL>Pa^8q`VNGD6#_>A#^OA!(K=(Z4j1x19}0<>$Yr@Ar%F|+
zsST~6w~emZHwV_x9@`UV=B~MON{v-xHCQc9htuN?cq73~v=FT%2iZcllN}T%#Z7fn
z%c$ivFIs_m=ze-7BfzX?)v)WhA#Q{h6SYgarG3gsTr?oHbwASq<3q$BCixgC$H+Rx
zt<&5+OWt|zUxa;yrkn5{F!+$M$4owBy5IJkwKo!mL8=6)H<Kub08-apO*nt867X29
zYj-XU)e4_dtx|#}iFkCh<c4C&SzNa=O2nxyeM*%?4vLDNq)4XJcfh{w%|_SuK8qPC
z##4&c<f8Z<&wzq~N_Fi@RZ#e;Vvt-QO~&s>kOV>i4$MV^JK$!!b15?h0Twd3D<BjU
z`*6&x#pE(rJDj-?kg!I}g}Ro0v2I(uoY65`jAxnWt*Ky^y?l#Y8P#6%QFieny7vXG
ziOlr4ECCQ~CElki0=uMp0c>tRa_xm;I82u#u&_3S)Z5y+&?PtDR_>wyB^L-QN;VJR
zZk(a%?FN|V-lK>CJ{DIN@1Aq=!NYSn0QeufEKW{E3X_DHPk_TBT>%w~8-r;l?pi{3
zW(vA$i@l(1&Gakh=C;eeg?etu=P8!`yht4)^8&Na{{s7pcRF~JN}#uI0epEx^<NSo
z{?P#lCCS=|_RXauJvij&nH*%}d3Mwv#;ZW&Aq%Ku%w*jb#8IQQwZBVU*(-`vksd-t
zm<R_EAR5GscuFpnuvOJK)f~e1Hh?-LN@llbyW-Yb;Bj4qjL=`28Zmw8Jgfj<I{=az
z0RL~0-M*^dSTVVLG6w*YKTb}cTs=8=^1;cx4a@cBpXQ0S$*cgfjfGq4y7ZP6bXo1^
z=1cbxb*8m=Zj(7Pdi81c#v>hSw0i7`kKX&B-Yf_#IPi!=L_mD(IUW-Wf<r<ECBK{$
zb@cbc{}wWPPn$ts=?MlqUas7E^5bup0Q($p&>@E%6)w_Ar<`%tC6`@s)eSuB`hBJv
z*HbS&^U8*WpjkvU?hBokf@j4iEL9QZ8}k}Npc2i5a%Czs5CH}W1{7#S5kp#~D%EJn
zD5xq>CBVfa!nZ}6mWrB&iByUsdk$`76wciE^5V_M-X4=L4-ZF#I_9_&Lc9~^qI1r>
z;F<{6=^BcJ@QfNWWCY*v^Ys%Uh>E}-V~fEcz&n7?HaTdnp|*1QB>;7lm)fyZUFD~a
zBdVSXQj4ZY)mLFkq#CFwB~lGloD#b=x(G^2Q_$KJY(9=(0HfPKnREUFAWQ{(0RS-I
z^gcNw2p}Q4&mziI98{bGDStunYbtc5pp^ocP-;*+acmqvhO;?S^!dRMR>??@`6@tk
zO-t|hBaktvhH>N5I9W8E*d5cRijo>n$+0LoKF}gCg(?al(bMK}^REjigm;^fujdsU
zFLI=3v|ONsLeb@cPYSq#Gdzg!zT#-b#I$=4aX`@lT~H}jKnN%xQBt4}LLTsd8Up7-
z5~bBzPeZMonAWUHHCQU4aLZE%=@eMirRW0dg`M={DNUbJbc*tGj(pc;s}@D7P*>RQ
zy<wn}p4YT)S5;+&ATTFEA27yYSrmi1#={eZr2q|V(r1r9&^!e$urHI&m1RYJUM?q%
zM(sw^B1=V7fpK(~@sl0M4?yYsV`-H7H8)?=9&3&m;!}2GfE$SOjw~I68?rgEF1{wU
zwx<&}8C30vEl#fc?i`lfv_;=(Gbc_{MBpsXO5z{yp$IDQR~M1-<<UG3B7h~dQp5WW
z^2r00BA|>3ohJ~{;4TnPliOZt#LVsIo9H8e3_iVUGkyD>AbO^a8IsvV&sp7xfWJky
z#DYg!HY9Dsgx&+FqGcGjBuOCfW^BbWKrrg;+s4X6Z2wy{&)@*Kt21{VsgE9QXwBl<
zfHHZmQwNI)cS$Z=0;{Jn+?GWejE!@eNG4a&)5^h^|1z`#um3<17$xd{GtCa}xQ%2P
zK&X4>$sj&-(+iz<xC<;mC#i93fCvAZEvMGVVSmMt_}nALZkdttrU=Lw-sc9K1l)Z-
zEu^E!w;vx{2VOZ)c4zJv>48U#J-&H2I2^433WSB=b?+}{VrwNQH$eNNou-gkq<aI}
zV8|Xp8TfNbp`1yEw8V$yGJ+ugfsmz9%G`xXNKX<t>FY*{Busxz*jic_68-P4S)SpZ
zRPigfux1qNMCv1xMh*BW5fANyeH1~U!RdHMl%+5h8`?(ta2`@iuP+TIJ>9$dJr69~
zzI*%DD<L<>aGdT+k}0!fX7?t*Y7D(3a%0FPI{DXP1UKWr$+t>+1ygF)o;o#8&kHLH
zbP!SjzYi9+>Iq;nfDXQO^r*l0z3aL0>t2P%>g(3gW9-{As-s4jaP~PlXK>g80mQ#O
zYmmsAUOM!+?^~}ByX7^nE=CSXJ5i#H6i4jLeN)1NDni6fSitMhzgZ}(d|4BVX=y+s
zE8clnnf9?4gdf90(S0&JtzzEu_D;fApV#yE<Yg{W7gpfPo2vl1UlF_+1-Hj36M{EW
zLrx^ci=(hG>`r0dX2O3D1uk`zf<4-0$S`Ehi&~=wBM<17PXB_d79nU3SrTM4E4783
zcgzH3<kE+Dy)m2&Cy`dALo+zsC@v%aVP5-~eABLKgH0L2X9KadSNukSxE<>>-SxHQ
zkG)5Ey7^%e@`VK2_q_nbu6)AnKyhVuj>?bD8p5BkRX}jpNuHoskfvn;FxS#^np0$Z
z#@twH2Tp^fI0qdP2)e#dA$g$ywaW3HG$1^gJ6@il>w`hk^)c$h8t{#kgpVLX1j%^-
zRV-}i@au2Ia?R<mCyXnUHU!nbExnf3`$*>d_S6QgQyW)<_9?|REqluN<o4M?AaxBU
zrbV+(uHc4Q&EVnJrT$@_w|7t20&y4Au}73nJYEaJcv}|XCK^^%G&IK&Heu<Xx&yhH
zM)ox2SLFOy3o5J1o!%9(B6c=!^6^U;JRQe|tR72bIITP=EmDJriUMglpo>7V>T(sX
zPPE|j#{`DaA*TdnVl6zt@r1ZhRtF;Vjrrpaa=R+Z32rBFl#r08y5;~Lz=oIpw}Ov5
z|6irwxcWG(&fE(=v~sM7V4m4fR|_e0`jm3&G#bB7e35V~io}{dIkVv=w}6cs1kl1Q
z1blmUPyV}j3-GqmAB_peV<ZREpeieYRqsS=4Z0VmKf8b~eaB=)UXv9@2S^S(A7`=q
zx^kVTo{BAnfXF!u62e^j@OetPPt%|04}sU!o?b@pzVgL~>3qV&(b`deZAbGRqE`nu
zHc)PKQxVg&55=w~c5f(r2J2R^-MUBYQQTfii!t{rP2&`enq5u<jyho>9qigrW(Xob
ze(BZ0jtu;|(r5CS?%|QKYGBaX<>ld#x#zVP)x3F>Z0sz^$IAmv)hYe>s*q>O=4<Nl
zg33@}QK`P!u>;%=9hCy>l8N!Eu?u!=du!oWrs3{2X+Xw#{6v>XI_nylM!VN1fP^R6
zI#Uqz6sdx(STF7JW0d}}C<`THyEN!*OovacCkyhW@rAkdqmWbtAn{cs_E!d@;K+GS
z|8DKXO9N_$=+&>dO|QN0e)(=E%sN@|J++I>4etT=YnN5m>(LcBJHgrQ$wPwBGJn%b
zBirJZbu%0_p<2<yG-ab!b8go`J_E#NQtsq!9U>aMGXObS=`S}h>N<(NH*So*E4Qps
zJ9f*8L_i$G5A@SonT~C`+JQ{gOpWmiuYINDy15WkH&6>C?9s>zrcBi}CvYv%X?@>J
zKC$rfj%+ji!QxeT*e@Fs(5=(rxM~lScF`Br59V1(?`ctR%Z5+e!(XOu`~Lvxxq^N@
z9Fe!L>nQe#Kt!{b1Cl+Sy5=UIercWuE%HNq2KOM8hO%{@*q(JBh&{7-kLKrFDJ+n}
z@O^6Cok!eX<*u6^_3QA;2kX4G6KS~g?OX_g5GnNU`GV)Xq$yGJ<t^Un)tGhLZ`n1!
zw$LUle@a*V4u)`SzZgROam*Vns{C%WNaFGwPv%bRu$9D*2IuJYMKh>n<}NH&>UAS{
zN^D7f?ftw|`;dme6Kub6cSW?Idfm>V^DCTtG?^a~ta!@8GFmjcFS6{y>A<GNWvpLt
zIVychVF}y#cZzNm56}vXsgg6&$;s#{VB!7)UjC0k7LP8)x5s&1tK@$Vx&3YhLmOq)
zYuA-;>O%Qa-$@5FDfx$32fonZ8h`(;N0urU>b}?$_^p^$PPnKHwd7-?R7m`GqAX;H
z-RnN)XIpL4f5|W?MR;Bw8oI2+4h()8K(UdtZjc7E@EzEpJf&is`y*D3sxJS_m80|P
z(e|n_%)_wiDjoY$E-dBo(am$|gR&b`7f@*L>IOH@B=>7>&{&*nCo{{Aidd=NkNd3o
zDyx5)%s~1HiY}~$uUg_v8i;yj!&0re6yR#Tu$f!V+6AfB1+fai;;c^D{|<uK2j|OE
zHGEpWLY8-lSh+b%&u4g8_*j?Tm%gL<ohI>7O%z*Y`gpnS^f>Wrk0))Cuh)9Qd%3mx
zld10JaET$eMfj<aJ-zIl5?Dc_wTquJj5BIx=o7x~I(g(4ip%HS8F1lg5~D6Hdrn_9
z(~M<?-~pDiH<gu238_=SynWM86^0L@b{{(Kz}Axa+2{1;0a6K^UcE83xOs6n4}&jg
zSa9?Xmha35V25?&oi}smbEP}C%-w>HL>C8^Mi2iNa{o&Oy`Oy?;G?+Uk=tn?x2Z8p
z-z`}-QxUvcaN6J@yeCn(Y|8B_d=oPZBeR$@4O%VI0lc$@YdWJw`G$xyw4_tAC1~$u
z(TUNF-+NNR{Qlj*P{Q?u72Q|FC#Eos@0M$wK5b%>CEg#f)%Ml5KOjA*t~S~1)yC=v
z<a>b{i@{i94%`D?0K-eXmTjFC)P=6<UXDfAOC63Wt?O>}_lEFF?|?<IJQ^d*JcL&s
zCM@i~xz1V`o$aCy`?j6mJyXls%~;^`zsx8<M4GmBk*#)OpJU@hVQ#gud<EGD_uG*U
zY?b7!Dzw7`uEp(T#)rZFmXRpd%^lNSnhUHd+Quua+qx%tOv4a$+EZYiIPclpc(*JY
zS5#zKhBLMwlRJp)hv9w5d1OD530cd61KB`t95Rh;!?4wE$B5q-bD3>OwjW&cz6RN#
znAsLDe)O(3O#IkNxL09S{=*&(V1~EpQG(f%pC40B`~o2p1^us76tAqDDBg!a_xoQo
z&o?jnk-5+GlRwso@v4deF2}(r?WQ1jLPQl6kVVE}7@8W}f!h!=np03Bn(**?VF@;O
ztN`@rk*$~wp+&||muC&L3&Wjd*b)fbZ75_8j}{568}(VXbyQFnI;*=lrus3jd8?+h
zMb4V$MoLAWMX@}#exxd{T((GbV)Q=P_&_a}y==FOUd~yZ`=yiC_N=vak*p44uVdpx
z5dp{s%qiqaM_*GYG>DFSxp58bxm#0R?snsbHFv|bW$<2qebtk{^>fj(aewmA#VdYU
zJ?ne4hpjrh*T$LI)9Nr<rx18!bkj6MYIvdho-uh8g!c-2-aewm$~IBbHE`rsU5(RW
zAHL?--2wz4w=&g+eH^vhCX%8L8nLEG#HkUQ<>e`%^qRCPpOt|#{p2eUXxd2sjVf)6
zlVZE-a8j9%#5S^}T8%X+lpf6px{Nfe?$baXK!`)8k+Hv#Q!qS>5avAl_aZLV0BRz5
zjRDu7+a8)lHa_1y*xA)J`20q&^X&oo3j?KqJr47}rDy|%whM&Ui;6d87i|*lg`vfH
z<mpLD-v^j+$ei_yDd`~$yjS|gmZC2<SQFTh$&`XeTd1=LW>ZSa<}jG_SF%r*W_-F-
zHVrH)?@ciL?L)p&`xEzq&@SWWf`m^5#$6D!KGFY`8u{C2NZ1R<Uore-&-}@5xB?W%
zA=8-J-OtqelP5svnDGZw@(-pf2@WSUPTQ@k%?9+)ZfmLk?81MJVjSL#xeN|oEJ|Ob
zz$=htC88>d(Dq7B7nMj3x2EhTvo&%FQ%5J;INc_ZT1hcw_Ak6JNVkSZeA%eTNW|F{
zD6%0VKYyDr6Tj<<fX5))N~EhO!q!)^I~YVX+?u?f%+|`KYy*Sj;x$^N8YR_?_BGC*
zO}9Dpur?z{6EheALqido>k-Dm`!Nl~*dH={g`UY5IJmTc5{%S#`0=L9+~_B}EsDO!
zo+6g7)06H_!`Q+BKp!;Jn-VbX`N3YxZ=4mASZ_3F>gBu+yN%yjC)bb!b`G^x6RB=@
z$-ZLLXd^Z4fF!67mGZl6lET0WH<nLw<b9*VSjKP0u3aod)%lmRY}`mym#6UJwb;#Z
z3r6>iBM-oU>Uuf9(`M&&$VaU)1dV@VtmWyW-H!PyXwr>~iGk{%nBQP92pjk_OT)7h
zc;=JoKzrG~a{j9u9oO8gu3hsYAF2L)Vtb73-gerl!yC`@=5L^VXCq4OGdB_!xJ~&j
zLZh1y6WSS6udK2<<`SqcDUZA=5CN1xQ-e(0Znud$BT5a+RE*|%goy_*eZ)SD0`E02
z1yYxgQX`Lxgjy>p`i#7&R-aTB0xxC+ci4%{LeST+$|;(^tiCLMRp&Y?ZNT-z&nBCR
z@!|+(9|Y~gymD9uz|ILGg)6kEbYyGbSyv9nYOioELOu?g^xB}D-)a;V`j$I!Jbl>o
zF{Ud*5zjUTn|i+%+BwvKqPnKlC2+8*l}dB-HXx$>EUryZ29+wQjY4!Q2w}xa><Xja
zUR~>o&pOfPuR4pIMK&PKDY%r>l0In<nAU4?0DlhNEz6sLzyC`AwEYu)BBfZ(gt*Ts
z`t$2Q8{g;1!TI0a?|&PC)+Y`C&k0#yPZW<q@YTKWr}IC|0^R{jbuM!;-#$n27ZbS!
zLW^L`?CtvVKnvQ6%dhVgCWa~Wlq%FV<$scYuhyvrdJ5j9^fn<hs`T#JVA}iHw$h=}
z$WKf815N-n^$LE6O;T7TRy%PV`E5CHS&4ZiYwp%)yuDj#qCE4pzLn2QM{^*}nV#<I
zsC3G`B1X)dcmUH)?D|cH_vo2?v0X^1k;R8<+XF;h8vbzq<}0H6x;$y_v@}PP-<CnU
zM9d=7$RN>!?XP&ePR=L1&icMwpy3Yf_=1g9o@b_Y#b_3n*?oCMblU6>Sdvq3{#EVT
z;8nh9WA^e*2_m%mQWbn9`j&b4u}6HF$C!p}0KNp7p4{bH6dg&7R9Q1gY8?l~UCA#?
z|K=cvdeDL8(_Q&<9=dG&eDs7m3$M`f>A1=F%F<QIzjG8p6L1+sy?MV!=;*q{UeK6{
zm1%h>-u}5e_b+DV&yvUT8wKPlw#^+Ve-JaDW1mMGJ8PJ#0s(<i^~Qp;4<(AxADuZG
zm4Lk8h6VmXxmps|#3#6m!AAG6qZ@};P{5nBB45qZDKhuM@uP5@CAh`_{6QsFD$%XL
zt1MD%Q<$~pK)o{#^e<;+>=WMv6PR^s;C}@3SM}_SRna~K9ub|nmUH%+Xaqq<lf);F
zcqagYI0R!`f5b+)2ZSf68{f>^cFBgpVDjagF6C`~Q@R*IhLR~$M{F?&g0XG8R=o3?
z90N4udy<CczRLU0`$I{4;-TY)9d9M?c*}4c>VDk8chYAc2Uom@-cRWt#Bc>T@~r4&
z3R$-~<LaFWX>YE1Q#`DKJ0uf;9a<z+c$vEsDJLx<XcAVyyCif2XI~OOJ#GAE0ELC9
zzK~uaw+$ynQCBvz+~YPG{r0K_jfB&v7PFbnb=Jz(&RD~x@c+`j;!?Ks3EhSmUF?=<
z4RzO(1Xd>1%2#r|wR8&Re6G5(xC>?)IuM`wqu8M@W03urrZidjC=PyeIBR}e8T&#X
zxy|r(61|M9(iUn&V+A=S<ieB7RVAc8QqDE$!lRywaEm3Ml)Zv*C@mElg(&lr5TN`v
zoy&MFgNfH%rYNCdGIZycUt(2DrPVBEt5n(w=!1QOCk|f~Y-w^k`Uj59ToG&qVyA>^
zH}0rBG!+)HVMj%@5twrS%vL{_zakn*8kWg>M?;a<K<E@^Y@~jU8k6`T9B1YI2)@8+
z6dBwmm#~u1-GBb#3>h9xJ42zVqOsgkT7H?Z;=q@GFoW7}jt;2oCGDzUpu>rMcY-BC
zi33m3aV@pBD#ys5^)|kRL^W{KWqLcm8s~}K8n-E9-gcTy6`-;mB6^AG;uK;|aMhaR
zd|!wK>?Zp()@hJAB;G8vJ~SMMpi`I!b)$aC)U87{6yLs*QF<!@pn!@V@;f@Zb@*oV
zXb3A1IZ>K}?+!G&1Z9*jMSEc6G}3`Nh16L1ifFbZ9SZW4npzPrtW^m@Au*r<UF}ZE
zL`w~RnZ7>EDP_lKWPPD^-Njf&8J1>@nE7kk+v6SLKs86Asuu}EYLze&6l*Aa2ZQbs
z2nI{`<pYZWJF@uQ3US${f{_R;-#BI;4CacAW1<NF1#PW#u}8rnTaB!rVNIf~RwWaa
zMNyqTf-)|n;f&v1gN?AS&aBv1wa{(kP}pj>hb^IC#DX^^Vy*W}TzFK&G}PI=o_d?X
zQ11W$$c~}dyDl`mJ&tAypT{n)s^UmL(XdJ_3fGHET|OjIsVk~8u64Gw3Nu_40i4d!
ztlFi!qJfP3=*9#Mqmt(r-0AACL6yLbjC5!cG1q03i^o5Ep0&uquQ&?E_nE-<(u_2C
z5&`^>Js?!28y^35LYXu{&g}^;{%(nQ|2lm(o>X-ak1N(>jI6=lP>bGbWL@^6Sn-li
zheO>(L@$aiWQmYT7|MK<4Au}8f5lE~u~x>W-FYwG_bi>nKLy0iZyVc>B4Z#}C7ew*
z>;ca!X<TGIyj~`*9huBu^c8&Ik7R&1pQO$1ixrQ3KTHl6(%mf1x3q$lSkDPCdogl7
zBjdI%a(*xT`52D0B@gw>{tfWo`4(4m&_s?{_=1xA+Gx^}TZ>EPWh>OdN*q{4GnU9q
zW*M1&y9d=VS!x_F#A1bj3-h6oB+<E-@;)Z3!|yPQp}0EI$qwNJaK?0QnTX!B4jz3(
z6xgMur9-WN_-GVf*F+a3cGKc{Q)KcK?+wDe!n6_y7ADg|J6i#km0T^u(OvpOSIGZp
zt8_t%#nlutlA{(r`Hji6M^P<{sR2&L36HM2njl<r>KlR)0ZsE$JSnLaeQSPdiU4S-
zX#8v<sp;@e2};^h;~&A8liKi5`Td%*N%sbcpFCkro8m_h<d4L+5)*n$?uiV>ZS9wt
zO@xuV$Vhzr;J$YE2AB%=x5A~(;1EJe)ll@*i<zJ0bM;aM--mS#|FGM(uHW56l?faK
zRLdyIZOeY}5|sr%4{o#K-kAGnhCheWh&I#r6@ro&If)^J@YhSekBc>UmR_t7RF$~R
ze$=%Cszw^cJH`DzlP_bOkK<-?oLnZ;<>vC)Wekps$6-6&EZ~)sd*?Nq2Mx>TCq9AU
z$BE+T5v@5b-1~b#I~1=OYJnoXY0aiV&x%d*7)C61y(ZM8_Vz*n&0u`?%mcpxGjYgr
z2KHcP5W4J-N8U|r6!2hZv9$d%LCOAt_YkDLuyD(1<(&mj#c4&mGV9@^K2WV{;vrd!
z***rx%@n+eL6$R$_so$FnEMs(t-GI@oO}i)E_^M0jScCN^G!hiYGG2>@;3TfZRQpL
znEkG_{~O=N^n<&<qTpUz{1&?KuQA^*ev|h38xTGoY<wGhyuCyCUyjL`>ifS66Rs#<
z=K76)ZT-55zA3y&xai16H5bE*kYMU<2J!i^_^O*Aj7>qWiw|#Hdr|yZXiB`pykGrP
z#rJ<5CR|mz40=_kppMMUb^RX~KZ7p%UCih2l|Yj3#9P!n!4tuVgQWcRL>o14(ALE)
z=nfLGxl`B*X#NISv|<ZV3#nkEYnYPPA5Jjxb&5$o6WL315$KTQQpJ83Q}}xrxuKM~
zu5%ir0t>FaImkW?E*R>TZD<>Ee_Jv&v_NBiS#-VV$?j~$yFSMG<?87mcDR4f;3cAG
zjVMV}v08XE)a^8xmYbHDO953)cd1!fIwW?6LPv!uVN5dS|9gXY35dQPKL{d^k#8~3
z?iLVw3=adJZ>yV>w{}Ul#p)GXx_UP%YrCea>vy*Kn6H!@BvO%KvU^QH!nT&xlv~6-
zA+=I$5Uv0d?7~cBNj?hXWx#}V99^X#bXtSH)l-4d?gQcanf@26X7(KEalOhJ9g#Sd
zI{NKO;mT*Y4jH3Cty(7II7N(Lsa9?Pq(Ds#m2Kf+vo)(*9vY=2D+ML0^aPgFWl-X#
z)XH}Xu02JbWa$&ji;(>YvH{6Vt0{1nq&5u33im+ZLT_b5QbV7@K+;6Tq>Oidqkl=;
zH>#<q&~?AYeagyyr!4zN?fq?e^eBLsMW&G-#pNtUxj?`uFK0<EC0tLiWo07MNa<*4
z7Vu<FTvhm<HeWWJ7`^Yxp)>SFEhvMonyzI$|JfLUNH8t5n~xTYcs4&($nzIGtzbwe
z&PR_sbEq`UqkH3ky};O=Q6dp<T6>~GzCA#_mO&}fV_l?&FFq`Bhl;3)hVWtcmqr3|
z3flr<FeqGLvkPAf*1smS+XuJ4KH}^);ez@gX2a|H*gikIPp^mT^C7R($KccazkzLU
zt!)|%g_^o*Nyhxex;)AF;mbQa^DO06<z?kTOWv!ylAbO}^6W9@4f+L6Z^_JhA>n$$
zs9LX(N(^!}rEvJPQMYX+23k+zJwH98;@^8n=96A7h|+%J^#V_Z@P1?=XzY!H7K!#M
z()&QP2!bXTCzhFxOd(Y%Q+VNceEhg@6F#jfGmFZd!^mXMLE%?-xO0U7#~#!9*-4=|
zfByc7eBh)~2&xAIbU%aPr=yJwMq_LjG2dYLeTQy^t|x1(x2<B_gOQa%=HC!NHVDnZ
zt(z`ZtN85(UV&Grwvz5F8iMDb^*7|9MHF}bYz5si{^{bi-*8k-;V(HhR<ORK9RK5v
z?5E=>T7IppfO4o6o(8A`nFAlaobN>GdCuh@H)J$4xCYNWbrhngt>DRqL07{-#>iZz
zqLaZWaBew$En^^-HL&rCwE#u!g}=Ww!2V7m^a{Dv5(&53D{=`Uou~1>D1?Au5SoM9
zuN$AIEbu6-6X*MC>PR+K1)iot@t>-(f!g%SG_TJr5&0urHQ?P2`Cx|HTS}Tyqb}h~
z@_bC=Cn!BJk5Qsl8<T3&gXuLcgIMei(N*)`>VT$!R|-RmO8Y$G8)*XfgU~)OHb?_(
zx&1LN)H;j!wa+C#XAH7>vdmCWx${m#hP{9xt>j4>5IZ;rO+w%lbn>diuKeH0r_hnb
zSevA=Yb#~i3Njk*><kp>Ep-$?jWIX{H8x87REg|(7HW)aRH7ArRLu($xY5L_-RC`6
zR{_^-HCs08PMB0qB{LLb%C`cb|BI-9;57EyI*Od`mW=HL9}0gXMSgK4|7<rNhoBL9
z@6QF`b`6_7(t&?~%cKKtR}_m(A$M>6N0GmEBTTm1jrcwo(e91_2Bg>En_Urr2u19>
zed4hT7cXD-6a;o%@JQ{Y%LAXDN*=g$>BFk@%7b3GpkH|U_VrG~>Z#XHSt+#+p0fRh
z*RFhz0-lVXi-QS)@U^$IdSy6}FnF=&++A}TylE#$V5q>73LjkCq@WMC^mO-FE)SsX
z$P_Z|;HqhuPJsvbX7o1=sQ5YWr@i+(CG$uBGX3;MjhONVDR1?jgqNB5V}Cve<l_Kl
z-Sr4^<#oZid{-jxWCFHDiJjGNUlr{FliR4ax;_b<Al<u=)sG1W0LBkI_U{O~@oCjA
zuaf5=@KT@o2{Q$xL8domh7v_9=G>2694a)Pne_H{H0sH9CJxu?>uAuEl$uK*`3sy<
zpDG|GHWoOfetXb)`u<Km&%ta5{2No=XMlR&*MS=Vjo0s%>Ewp}#-hpF56yu?BH7WI
zNg$XxY9rE0^TXSdMMmI;NF>`iV^+86W^HIYzYbLI3p|G5#{odSm~pG9_$H&cr0`~O
z(XGONxgi#N0FOJ3#hwP%Z4HjXl3$+tIz7h>{Kw~f5zby54^HN)H~Vwj7K)z$`Uf-9
z;eE(AUw*X(AkU=g@Auek#}-ufrRNhflS?w7@3-H|q;L@^!A(lAq|Stql3T_2X&^40
z<7LZ?e<xCWNuzfj_(RJL==g<6;O!nq4I1%3xHFpM10w(S#z?*)vaIPB82+V6Ttj|(
zS-j1!0l#&9#zYr11wI=##333zpGGtAVNIN&=NWK+PNFMy$iOe>Jq$0?E!H(m$^ZTQ
zXhy!VOmsU3C*>z_7#{zUcL(w=+}?US&Q<>hcstDRs=Zn>Ul4mkyEsqFQT_@b_w32&
z!0(kRrzdclsegc+g}?zQ1avT*G@<SJE4H?mQ)rh?@<-8H4oNdOif6ik))CsCzqAFU
zcXDwV=+L(O#Vw0W4UbX|+YNNG(DwWlTRSS(DK<b*`7F>OjL`P{r7deTE~Z*xj}{7C
z1r|oP1))0%u4pe9waL4GNmMR*DN~utifZdyFyw4#s7EDMmNKOr8s8~^if;p*WoO!%
zVXjF;s%_6y9;G>1%2ei5<K&tGbAXejOex33H3bp~wbLG8j|6f2Dj<xGm>Ejv?OMn9
z&n8Ue7;ioWZRLbt2H<p|U!h;6U!z~A-=N>5-=g1c|IRcB;}U<nR>zBe)hKuCPJdko
zHhS4T<Eq)_Q9p`rgSxL(a0HN3=|8%PA7ln<dJ;dONAXj748O>%ni{{fPYHf)p9$=w
zu7B^j9drPV8m##~M@w|Cq3cjuV<Hu3;R!<|`lHWP$JhD&U)a31`+*Jo?hQT*@qGk5
z{UoG-)dv^=(Ek97%}Fa?YAmpTbD)bF%$!Irr=eJ+4b2R8O}ib1(>S+*$M-qjm-Cw~
zA3pEm2O*r-XMOHqD#I2XFMb(2wgt|<7kzE*k$oP|bwImp1Dp*PxkM~gW?p7cM?$LW
z0J39x)Sti)sD_^_w;Da^G_!Guo%i&F<67=d_yN`YPr>ttcil5dyzP%EGAp@^8xk4i
z%-dX?E`Dq7|NHW_m$rc)Pz^t=(E~^M{RRBo!1kHa__Sm*zFP2*)nhc|ICHS~xWy+H
zY8?6@s=;`UM_yKYixE3vlZcb#)D1G->x>PGaqC8p>!z7dtn27ax?VOGx6^#|P@6Wo
zKN#&%nO4s8$IJ<G^+WrmXh=!qt#nnvN)oz!qqkY>O0XK4k-qEvUa1Yv-fkV*2)SFe
zkgBlXemYLtzLY6xhyBPU)a9|Qioa?*4R&48R`NPSkutS#znxFA+GMLdn?YaWL||tT
zqGTxXM6cNdJR_A%Vb}j}&g@D*E&w4GKKEko_j2DC*YhsqF_70H??=9f+}56uUo29_
zzgBRyU}FBJ`O6D=y;pd>@U?}%hd#D=ucDEqaq+(|Bi5%%PL{-!+{E62-MQ;QrEOxx
z&T85B%IIR(;tAzf%3oFfp7KNGXUk~>Z^dJABK|7=cO+EoyV-}?SJ}^3{@fp}`uYIM
zKezfe{t5oA1K%9@@4$(Jbv2g=yACPEuSjKWrt}=bS<*GqebNguM{djiI_e=krqb1C
zk^en@u@2N1>Ns_SdZm7kzWZc5?Nzg6jc!)W7cwfX*!q_B@#){r#F;nQzn)b&?{#JF
zYdqZcruW7L7w3(OmBE9#Pld|xb>XpBcJObGD=sfp&wo$+eEiXyf7SP{$zH06Vk*2?
z_-aB<D#?pQZ(s3=-?_4v|NXc+CgqjyBVCt1RQ~?e|6i-AOe;^4Jy9vcAB@+S&oWKS
z5$09qd(5v{087nU$eLj7XMM)bWz*SJoD$AwT$KAOZ<24}e<5HAss$Z_DZ$6WW)UQM
zUEDAJQ!*wwCVf`Qk`77l%JOAi*(%u|a=ZKm`3XgV;*8=?B~EEk_9*u&zb`eHc9sS|
zO0JSuAlG15slHH8a%^*6ul`CsTm2WMgffXjrzj{6SGVhC&DSLWLoFZ*90I^Pz&3|)
zBrsqz&go*Q;T;K?Z|kPTdP&A}4%ZfC<=iL%FH>!ad!aRMHgkOCX@_J<Oud~$LI$pT
zaypH-D&PjfVj+J>|3}K*h0D)J;kxZ<t96OEwEAr2@zTCZ4+gaIbR&Ia$B(U3V4`PW
z$CZ4OEy8TH{u@q028sc8=$~IYZ=`2FzTN5A*V%|SZg-xG8w#PYuxaPzyyi2Zf$48C
zk}v@axV8r`?dpgN*tG?@X0&+CZDelGOOx{XYnG;VwDa8;6ia8(HKPzRUNiH512Xd2
z%#GAr;ZWUAwbvxIMVGSBfx9Gr$kBPtVV5-R<aFwHO5r;Mi-r6yT>{09Iqx5Tqc5D_
zTLA@&U&J7BzDdiTT}395;V;eisZZ(r*dKj*uhYIU6@zo1xYd6H`tlh#2=@MH0NLNy
zzDk#5i#w<T{n<mDPpzFo!j3Fa-JzE+mDdP+AKz|rY4)KBnxVNQ>E}Xl1(oGR1(r4%
z^&;n5Q;>~#-<#U0WYCf8Oo3>DAWHux1MIfSBO22%;e1!p42_wB)y~lT65mb$Jq2=$
zo2%K@LowFg+na3Q9Hy7kx9;$QQ>&}w|8I2k=GZD2SRiCA56%E=Hlw(yTZGx}uH-y4
z%-mnnK1`|6(==NNXj?rZ=tCqNqm+bINu*pwL}pW|XjRr7M0Lq5G~^sZ));2k$Xz6m
zAq+jZI4jby)$C;4!)lM=h80BV9#QJTQmkY{-hrWfL%+szik9ZorGxlTsVH3{q+^2z
z>VOUvqK@d`<0kHOTRl`x<<+tVQ5J%L1`dcopbWO@nx=%@x?5b4N=Y+t!Ek35F?e+W
z^LtErrZpK6p6WLQICR{eQskaP1PWLnxSqkFphm4h>P1)IAQnaRm`lTs8#H^Z7I_-M
zS-gvN%bCS2^n3eex`dI0_V|E!vcaKUgT#`w;_k*>@}H&Qg%No5P!r@ygyirpg{0~Q
z!+awGuT!>{=jT#-2*5u_3}JACdp$=EaeB8|o{}H6@9xrFvfkK7HY2MY86*y|fpWUM
z`8B>g;>0mSdG-1~t{!b`UFqt^KC&5kd3y$l{brz?F3-<(^c100QVIIMW|CkA_a=H*
zV`6)sU7k^ISwHJqgoZa31$js|TM_?F1`_IWPD)9kVY^((0wBv%mB^m98d$4qkhsYF
z)CrTmzWcg3rStJSAsKiz?gk~)<(QYs+oQ)r0Zt0zuo`HqympLIafKt20V58STpG8z
zwRr?YO+aFUrq5SrNd)YCn~!Rg?xH|5o8io>zEOxY87i`vj)>aRun{@ibW^)2zR9q_
z(G^5}8ZV<7hBA#xc}~)?Q@5<vY#$G5%NF^PFX4uGauGJ6Ph4_>Z){xS=9;+REY%B6
zP?6{X@P_7NX|7Jdys4`ahmTksW_E$U#B-*T*L6qGTbT*JI|c>2ni=Ai4={J^L^wJ4
zpng5ufn9VX+E<2@wZv3dNgeGC6a^wDo3$l>SMrQa`WHAN|0-d1JpX?L$^cUq7-)39
z-a*7|-cw@=UXFW$Ogpqs;?@EBoD96y^zd9UW6yohc>|Fjv}oqI`%<g@gn<L1C&#BS
zzPJ)yhs;WMy5Sc;0&ll6w-fh}K}i(Q{ntzqw17$SlG|^>R%)@_aDBr)qIuLj$VAR&
zO-^m@#Oz$*A8H<SIyh2>MLJ|W>{BG#Xn~ndI_^$+AP;qt;)6lB0GUa4+zA&@p+Rk|
z`2>&rqv+(D*9|DSI-v;SFtC3u1E+ZkbBy|I+?qosHyaA`Fp=}QYM7odb(>gurSd`~
za?#RjX-c_O564yxyNpc@CySBoaXv`+c*si$5^e(~f|{+jX=^V|PtU7^C*K{bXW+HQ
zHUuiH(<ZI?)>m(Sm&~-WGn3lr9pcZ5M?HwIQlpSK?K(keiCnNCkYs-rQpjoh2ku?V
z6<%ZBvUK8vU8!G3-tn^#25r4-G`9NaS1F{SF&pyoj0rt3RFt%!h8rrv;W{4o0_8GQ
zW~he5B!XY&NF<K+51By=5SgCM0^Wc1JbW(xV(b3_sm`!BRj-bV`S$2d=3=zYFr~y9
zOKbzU09<6NYHSVz#@tN#%RiD9YXBuc+P`gvDoc)^BhCIBiV2yM$v@12MqoQ411|)g
zUn$aH+PVfc)YLy$P4)I8_xUq#5zg#0@8rBvkdCV<<2)TFf5)a3Vi4<LcQWC;z^)Dd
z(WxOMe!#QP{yV)7*qRlgN<=mb1pm@HCY5WDax2t-68qugV&}R{*;$HfS}6lhoRKM<
zkFegwM_4sRy>%atz;A8$&Y$KtfQlT(#qbl0LD;*7le~H5f3XZ>|GvwDU4hh@dpq+d
zc!RyC2sO^ZqfPKZ%Luzk24n#pP~v*|vaj$5?0|Uze|GYN%7Mf2#TG(}Tt>lL+*(p_
zviqolke<#`;7Z|Fh-%!%$?oBs-6(gzeEs4#7lUiAv408c0vD1Qh^XJSGm=UffV12*
zAC|#u>!oxx<au+5!~L82$=6c_9Kr_g-_VkffH5gA<G6e#bt)+cd@gy9?qZ&Ev&)Tr
zq-N!Bc7@g1jO2R?3e^_KT%`V2K36J)bY6+yKQMdB(<WtYSc@IyzxgP9{`5~q|1S7$
zZnUwF%sl&E>8$OkZb;GF_mmFMut4S`DZnQyEH*>Tw0}7>q}6O7j(14f1M2~O;jciV
zv?Ovj80s$H#9h}lt8r1(-IfHBN6j%AdX=y`P4kQKx^?THqy!f3$Y>bzOqAjMk(g8d
zf8y|)<9@L30X1&cJTMI;cafbJp@EBLK4g$b_vm#-!2z0sgZP{-7aU<N!v&w9!2ci(
ze18M9XIm~EC|svF8yyJ6h_L7*)Z8Of%}%@h{Mk#bE}47klHQ=sbIyXX`-Q{rPs7eW
zR0{Y@5@W1*;*LfrLvxz`x~AX@RFV7qH`DG2`eFS?t@1hI)6%lFof}*v9E%KNyvkQ|
ziCHkd7_w%rnKGzT%Ln`}DMg<qFXN2;oQ+AwcTO33!~Mr(Qb<)ep)Dh<-h(@wpf>oS
z2U7bhoX9CH$G3aKH3!MIh>UG)c5qW;FIQn%nzx!XMg5pP6KI<AOn4`s2Ig4X8cnYf
zRww-2Y~*N9DfN@p6vC{jSq!MPb-8sYo+*DiiPgNm%&MU8e3Id}r(grw1Z&jyFq6i{
zMm1ce@p~a!hV@LV(I)*_apqkV*}qLsGYkuGj@ndgRC8QjriLyEOd=i1jJchth$6W_
zlLSupTmd>*IJ$6h0%qXXD&=r&au7>TtXzhUZpfOI-dtQzQS&s%Yi3d-0%CWoGxI4%
zwN~kv&v|wr2m)PZQ4F9|>xRCMC!XDkxs0`U-Gr?yUAE?`$d2@ZqgLiFdC?elo-3za
zaJLewrh>_~=A2~M#DN^h3`|c((?T`g*E!>Ycu))@v?GnpYJE(Kz6v(&qA_y#j8m6Q
zN$c<c_1q!(s5j#CX=E-Si!P|ZA`AG_Ld@r@ZU9y6T)-oI?se4y#Dz2Ld{^@rVF1iN
zqWLW4bICmKWJB}o>@xw|m9Ob1{QMuO#=s4NB|8d!T`Oo?1@JG=3J-1w43@zIbsrQd
z($WkHOTv<A%Nu;+M+-XwRL#z2h*80Jv%NRiQ%r9Xm)Cw59w@;8h?;_E8U|L{(VFkS
z<PE;J5nR&7hd4k6B17c`e4FIsW6EePPCa(}G-|TRhn^A?#A|@_*Gm$N;9e$b4_&JB
zt2tdfxpxZ}f1B|QSyE5dEh0!x&1Sat-oPfUE~#JX_*3**7!OOwO99~WisRwF1FPAv
z<b)E~WiR9TpDFvw@kA5@hA-5?LAwjJ)vy1;%VL82>(`)e@hWez;Uy=xn5G0RK^KgD
zmP)$FLdosyP0aU*vj}$?d6rr0z_Q+EUDG0!BQ6u+!(HHwW&uR>?+wTNoa?ou|7`pp
z*G<?>AKB`tb+QbkgmZi2UB<#M5`ald?)LMSPS(#lA(!%r_R?R7f@68~XyJdK`bfWU
z&|H3Cn45F&@go`f8c=;M0*2w8(KCGDSHWoW8qCKN`IU&_v$7D!|CFo#_ZQ8{d(vW_
zmE(}u3PKAczp%t-6Qy428LONuY#oVn@^8{U6(y<P=@@YUq<Pq0a@(S25G!P}hHNO@
zR_>W?uT*%2f4es=>X-S0<_a6TF#Yq^iPA4{s?Au=*LF(#c5;>2uoJRi^*tpuy~<o6
z-r*S;(MP?slf<J6Da;9v$hSENpq+u6EwlWO|G)ZavHW@CM?#;-Mf2V7X7XQ|ZDD0D
z*VcUC13L(V4(#BUj1IJAwAjs?>#E6pyXg2QCOY&3u2Em347!ZLU)}3hJDP5a!aLRN
zK<E8RA70M_QUYJiG^bbEG(9Hm+_}76#mM~7S672|Z@}2?0&1liK_G>ta{2i0y`}1c
zdfd42yM3Q3LFni^S=GOq9_F_}wn`jp1RFG<^o<Ce#MJ-Q&XkMdu6=yT;+ouj;~=?2
zatlcLZ5UgA(Q%JYpNWkU2EZP|*Y57{pww{q*N8z;){5;`_qIYC`D0-6qy5|{AXRe$
zMT@sVs&1bIn+EK*X^_$udSED?g1HLqE$_!FUC+O7n4;5h!lZCxJ+T3oC=^3IQe4R{
z(*Q(l4^tuIy;V@QAv3wHGul^|<0g#w&=Km}doTwl1glKScfFZXv#zk3#w?b537<z|
zskNspR=`UuQ8r6!opP6`&#q*pAX^36UUVVDdCPKqv?;TcV^ld8ui;4x84}~EiFt|9
z;c%v17FKvGIcK;v4Evdk^)ZjS<<V$s?*mf_H;*_*TT5BP55auOrfpLs9(X_tQ4edU
zqil3216gM-ASPRaD5KrT_^jJ`80X-w1pog<gxy%%P0UQL0pRFl^pk?UkJ-!j`jHTQ
zk%C#VP1YdS-_Vlq0=(!uawWS$m4!(|#p7}_77=Z*IFYFA6geEt<PuNVRyq47BclZ-
z-qHALuSeR*lfwp`sZKKyXtHhb7*je)6}th#EM~@c8fshp@Y>K~cG`HgT-H&}DXPPI
zc@kP-DG-L?kKLB&Xs?T;K`~PEnUw(3LyFR};Y^EcL=1Zk(@=47@&_esWuXs^1*|#{
zG94sJ8eRo03esbO_dj^h{(NRoj|AzAwK|<^1*;e`GB!YqfW=h~YAj|}<S1&VZFsNj
z^dfz<@yj3J(E-;rsf^R`Bv}-@^_#=X{=e_ik31dejy5=)J(^S@V+ZT&Bkuz}&{L7u
zdZP)9M9NHQPAbm$>7-w)rZujb(o(>f=UT1l5+Q^vDv-tF!l23hD;Nnz=Uf2|&NYe^
zytkXMxp|XDgh$oxzObw&Qj2La8pODpG+&CZ@vG^{L`O%0>+GPMY&>LdkDH#bvP1yL
z3^MSvGdDo`)+j=^ZaX+)5ZpC2EaCT3^+^8h&vT>}!CW<!0*WPN1FtM2Wva@RS#FQ*
zD!AejqtKiCXs2RGh%#lSCE&V)nh=&sIgRVO4eCiKW{GL1A=jlnY#3`BVeGIgUG^qW
zc)}G%S3@=@qh+-<ZNJR!?XFnwJ>dpA8I?{NeO4JIR;2y5iI6_<BpFyq44bYOWLwt|
zwyKZX@8`qa?~(GIsZYrr(KyEN6WgPn<O+Ih)I6sR@t_9=0{I1d8Tr^aj?O5<x9qmz
zkU3ppq=UIof}|A;HXW3(+28Temg`pR-n~_9><B?}pXZqJJkOw8n;V9HWcm~XBcI>q
zDxFK%{?;YIl_Nc_nPTwcIxR|!P%wIVHmleS-)i!-AoP{sGPrt;1Mp=8yceYLM6sJ>
zmn^J;->#UYT8av^rKqfHQGZQZJ!*EEd*vIEBEU21qBQXOi0nkP$b@!hDouo65SnON
z@XhUwjpuzGPNDE&yVd1FmLVc4CEe4o0m;xppyM3F`+6nrfZd`=Tb=2K<!l2arm&1D
zyDqW9urDo;9c(EY*;75jhEbPVitD<p&5+p>ADJERo?2L#os{p3Dn!J=#twMdGp!}R
z75w^rNRgFUo-YWqU>?GM%_=X+EvX%7u07>GU~$GBGfN;zkO74YXa^s3)xB&f5q~+^
z%syTEUv{ZPe4oB_QhShuq=B~aQsg*4F2hS>0ey|-|EE(abxie`)Uirv$a93T!O;$C
zDZdUO3NuZY)3At=8MnU*sFNWl&IoLvAF6u9niPhqM7+ev8wJpljW?T`(HAeh*1gtE
z`sODL`sgt=lcs&`Y*di=5E3b8AmW%|dvYeu?J-+EK{fWruF!be!oN6WX-Bl))*T|D
zjE0^<)FPE2`fDZ$Z7?h)E2f;>z;Dm%H6zrs_>I}7Q;*ILM?yVp`6OTUPylOBBU+;0
zgpS2PYdsfy0Sf=PTPjs*d_q@VE{=1~<&mP7ad2`k3DEPJXml!pwsXHlCnP|#iR6?A
zsN`0I<lL25o=pkY=14Vy%XCJVb8TqdgtpxJup!0>!%^${-8<R2L%z21!q(l~dOx}$
z4I2eZDgZ`g#p8_c7UpqBSVnX+?sB=vF~hJiV%O6%T}0;WNVdY6TnNViNzRQK$BevE
z*IvGGhv?xvVSk(yDzULcThJwOvJ5_8DhqJfoQRmq4AZhxsJWdJ#7LM^$z(*;*;XyL
zS?}X;OTczZ<!TIX&68p}F?pwQH+aoIGxiW?R?{cFNxX$M#*(31h5uPo&U1q4rsHu}
zT$L}~ycfOy)Qr6Mx3jH+!dsu`L(%kRp);G5-;X~#PMFMwoo<IWT&kcA&kY>OZr@;9
zj31{kqfGjfs<=F@&nLjASF<3JWEa8-%j>hFW20a=Nar>U`M7`W?%+s$4vcSCS))d&
zcu(=)%TH#@Xlz6<gLxks_9WAyl%3JMBpRa$B&B8GisV0*2^LMR*6wkf#{?c9i2$b@
zP{5f4jZ1QG(?Y3!39W}9awnoIP0v2t4|daopoLFVtI}fZ=iUTG=hZZ0j8g}b3rVem
z;~;=(*oC0GbsC#*Ho*!hkwDYmK#~xE*ksPZBpLV9_P!!rdqWMx+?*C<@#KMukc^v)
z?Y^YfA12Ijx##g3+F+{z!7C|6To+|u;9cg@W;ak#sJYxD%RiLPRpRLfio;%{0={Z|
z@Wj+qm}&j@WhxZ%41yB$S4|{*-ykEBoF_5OUD*5cxyjfBpdMQHueBcR(yZyI*4-v2
zq`%v}uC?}j0owh%|Gl_}8a+%n6YZv_csui|T+i%jd$jH;IMv#|d?7IAgG}x~7kL(f
z)kv+ZH|g-B-U$4l<VYE-y`XxMe|pos@L8ph-svJH89dd$M%_GwXRp<wTPd}x-Ut<4
zON3;OWi!V)Z*c~lhM!E=G%W7G$@1*f3*iBu+v{&kx@5>`^r3b#8Q8U96E^K>wbjY}
zb~d~VgaRzV5|}+vI6>3dWY})?`r}b|Fy@SyUrEKp4<Z0hgtkzGO}=(}g!;CTy`*0*
zMQ^3nv&F>9D+h{dN3vi@dnuRHE&Il+%X5Q+6O&5|<I@X^WJGuw)bKWZX`@cK-7SXO
zK^^$MEX%f~c;8htDXxkVHyA6rx7H5Ew`*-W=62%)ut#9GJ%_;aqGFbUdjxi8a$E4+
z^<uv1#}&vq9B_gU!kgKx7)J_>N~gD0FX$KfM8E;C>|34HMMXm>Ml_+BDjYpzY;JQ$
zoz9;pzEm{f8;%D@v@`-Re4md@JvAVR3nBK`OR|1gyhrpk<2e9ApjcmAr}7ypqt^`0
z*MQe0Gbqm-wE7};Ybuom$75!yiZ~1wBIcN`>R4k4d}ogC4SzoAV;0=~UVaY5)8<Rb
z1EZ-{6v%PW$fZDjxE^kKjH9NP3xdIz+~*c6^Wbs{dAIg&+Xze5ODY40IHe-pVDpsd
z?(-wfB8#RCOXl_B#R~`P>F~fBEq2842olc0v7WtoGIrkWiYnZ&V1>pE0ZWCN1c(SW
z%h!tIc}L#Hq4N0thdG=szTijuDYA*4%eA~E4nYN7mg%tpFDLlzErtsAYR6P7q{acm
zEXPIZt<%$<`zBs2IUb?z6$AW@HInnhF(gCb3qJL&`{VF?sRnkz?FFaqp0CfHEa~?s
zD?}4Vy;@qW)qeK-lj%jyoWiC+IKFJn)~b>umPcNm@RzEEem4`YPp8xA#nfn>sr3?n
zGQH|2&G~v@vf28-fs-V$Jo5co?I#7oyyeT~XRa#;?CI><IR&}G;&$bLJ?CAk77!co
ziy8GME3S>C;+Il%&d_WGwxd0OJqGm4cemSk8#YHqoAgyL&cVxscy^;=a|<1v*Ep|J
z*@kcSFt|$lm}+<MZXeYc$dB$AcA1=m?<)ZY4L4`@vNKz_UrYyw{K3zjQ<?h@Dg`I(
zoc0s^Z{j$mp()p2f4SN<;4as!0E^}pvWcml&RG{ERNs|P25qfwpnZaB26DuYv9=~@
zXq;1gQT}GUV_HvZ8I?2ird}>+Y+RMMF)Ixt&_JVvr(~FheEK|AyOeT_2E}s}TnP;f
z6flqVywDe+a+sQh4&ms&lO#|Z(A3ZsGpQ*Wq(PSPO5p^u4<bceq#BMUVnNz?-wRIA
zq_+4(O4Rsy*b=g~-c<{83WZfllW9ZB)O$?rBVkU&<@BqCK-J8^a6-W~<1t@zH>j14
zoZ*u`DS8?J*+h%%`S$wOqiT*ZX}g7?e4(66Nm;mIDNHL%l}fpYNhGsNjYfltmSVhs
zNMVGM!gNeAkHC(D(gQAl$U>VptTx)z)<L7SesA>|w*hc>v&aFJX=Un3TC8?dJ1m@9
zb2rb+S`;Ba-eD6ihbH2mdfw%h-pq-!tU?T|+Mcel83rK7i9QTev{l?;Ev>_DNRT5}
z+Wxo-7I9<9$wE%E7O|)c)W=@wQM%iTPiq{qRaf6-t6`HCt*$+!%@gd2WzsifvOF&G
z_2pzyZxerGa-?d<3M+z*X<XEF!zt$D`rSe{HBI|I*~jwZekxTG#__7=s*<T2&9y2g
zqi;&bX5><Ujt^-UmPD71Q_t6*AOg)g(FjiPPK}~k>x?I~O9daoU@K(?Yb^HOz-1M2
zOgyb=G@f)LISbs7ck^)zavi@Uerf-NRri<+ve9`I9&`bHy9UGV6SdH416`fT(WOiq
zZmM$vIcURqt7d5~wb&kOV2wo>$5(3o>SJzsEGR7m7@(H^%&Ec#LflV{lC)xs&~f#I
zuDGhenP>+p821kySB;4!&oukmwYkeS@d=Zm55s7S9<L%wEz)es8}`7JBJ?A*YO78m
z&H?Hu;h0Dey|dYDtMo#BtR0;A<0jmrN*+xrf%7jVjKc(PdvIIz!MGmF2Y7QzQl!(O
z_FefrP*r-9ura;Cwc1r3B60FNCf3W>{BL&um*~Zc9Y7P}iPmN`^Vb~@8#?W8HaNu3
zfA4utvuqlNJGCJHA=FiW{uhonZd%i6zj>8U+%Sks*S8b1KZIcTb6nPfBgL6nOy+jR
zs&O@<pwEqS#$6%hqM#U56A{U19Cj=nA0jD{)T3UN@cRQtl?(o+dn?{vvV-GGTJOP6
z%bU;QiU7OQl?Y~`>>W)jb$463q1+4?NW8HV*-5C*-Bl+no@_q)C7mB}gRv5cj_UJ2
zv$~Q-uVFAOawZ)Xs(6I(SFc^ZDQQn;G2d={=i5%QjC1D#EaOf=G%s<TEN%1KN9wo*
z`>f9-L2R~KMilaym>w^9b$&gFXplo%vc7N;#eMVw_p0b}R-0livu#YpY{Pc@7yNJ;
zNyDHhU+euZ9xve6LexPT1$}Q>L%*_63`dNEgXUONTsSE|!h7NKNVXx^g`G~f;v>Aj
zztZw<uT?4jRQ><T)lQz2Z(JRTBd0w&FL?3W>Ub%{yg@<8obqBb%+2SK&*9~=0ulL3
zZBHKOU%&lt_52riohoTWS0C?H2i<Nk_1dW$7%&@b!sotg8<;l?L#=W^0lJ$z5ib9Z
zbkMQNIW)`KOn{y;)H$03=$=c04Qwc_iRMm$o|#$6iHj2U)S|}J*x?Xjuq4<8L<`yS
zE#36L<7X0F!8S{m%qold8D%atWA)i5@00RQK#T6t73H|$Ja2Z}M9DlrE<bV!b!~Lz
zIWL%GZc+I{hR+Gs-`J$!9JoR0*rkJUqg3v!hrJT&0UH+k$L%N^9U|e5jjSc!7({Qv
z3;Cwbt##xEqtT$-j?ySYz&6ch>BJ%erx-UU7$IFw4P(YwG(R7$ZyM>3QphuoBu>Nt
zF@o7$X`N9FAQSC&0*wrx>uMWx0gXGv7jez$iY8|RgF9ih!?b`wN`d13Z!5gia6{F`
zi5<7^g_Hx@!^zQbv-9&)W5W@8o56{F2A*|B@wTV6aX5_;pd5T@5b3&^l81Nb?8)-a
ziZk4`#_#!v{zyV~j!A5o1~+vqKsLo=3DP<2>5??*)EFDmaNU6|>4+vKqcYjR^z!}&
z=f!##nfAuayksou?K0`~-o5ij>V*(iS16`>5@%^8kLs(O2-R?SwRUd<H?>VMJ0W>M
z`7MiM`W4C1@$^Dp<Ir08YQ-c9=mj6EPVZj$Y@kE#da^XEv|3v6Lg{zzZRO~CsbqLG
zt8~V~Qc7Vx>E6lD&CBO=)%}}63!k`boVuzpdwp|0IVU}47}V!sY_9q}QfSqiVr&?O
z;nIm(y^1o=@$JCigM<cn<+c>a05+{cWKx#iFnx;CByUtm)Lqo;L}8e;lnP3;IGU94
zVq_L%*^(N{2~%~@*d+$H>QxV$wKd^(pVjvThZ1UojD?l~@+>(YTPRRPu+`rnLV;(v
zW)<k+MLqQ-K@GHX8fZey>A9tIST^r;I&^3Qi!qhz=dK)8!`n?n>Mdh-2~3FOzyvMJ
zXO;kPOfeWFLWgKh6i@=fS(uIyq+-nkD7r@+<eE!smEE`HWW$Juo6H;=*%O*KTK5iX
zApOE9!iRL%?9Q+faq-H&o^BoEW||Qj7{Mqv)j}(?Yh(xvaCEPaQiwBN*I8<i(JUqy
zA~_5nojTdkI%Y2KOqZu*7h}eHs1Y-hME{mddyvVCr`wjAfEr9F9)vP1{^><q?!SR!
zLxssJ0Gv=SS=l9J1e@GAEkFs?X$~32^tHGP5rd975SI&uz;7|xK%eGzKkaHVfec*&
z$%Hpj8ClZFyT5J(ruc(SRDQVq-3snV9h<kj;}D^Lq?uoM)&l0Z`~8rFy3<ws?5!(l
zy;8{2;i6)W9IaALyU6<8+;i|kD~t?F@(;*K^z6vmsEsJPA`BF|)+9^PgCY-BFiDcQ
zsXLe#l-VU%X!$$Ubr+M{7Q3rVpTvi_GULg-Wlk>LB(KUF3P`Vixf`a=KK*u@`u>Ew
zRTj?<x^fYKNsR*Ka=9?y0+9JpF}47YI#f6so#H2#z^{$An%~OOt!cgMiw~O@k>KjU
z{Y1b%6BIN0V*7Fsf=#$kZM%{JERLnX)ujWAMN45!=IlsZ>|Ey2E%iiC`zl@Oilf+m
zM3^?5tm(R{D1jPIAdAl}O^r)YYfeJvvez&}OI@eTT@!n1xWW{pZ6+IR-z=9B;VtrL
zQ~{WbeNWjQkF7zwxT4En$r#q3^tZcQ(7&Vhl~i^8a<o-ow?-pliINtzN^ohT-L9n%
zWE}uPz~g#9zH}_mIGWEqj{mmOIsX*KO0qg0bI-TF-CYax-|^*|Zf;k(X%5{bHM>MO
zZ<v+_5J3d$CHE>_8*(IbW^(y&drD+`<kFl%kodfVpKR-1PL@e;=f;?HgovlNI)u!I
z7b%~Krub!Hb@6R)!(Uhilg&><4Cr$vF8s9*PgtEXxqUt%=;?<YK1iv<8<viMm+yU5
zld`{X&!*3mBDr<To;ul+QuwEYdmo+uYg$He{V8@BhXu9vTp;C~6Ffr#xi+n@rNL0k
zYle(~K@qd*xf$2sz<77tb4A?p!ZKb0d+n)4%gIqG>deD5IuSJ}<-}7Y;{T@u$vM${
z4%NP5(2*V6<_JLhP>aRgYMoi~r7NS=+;|#1UdmUyDUI&%h>1)8%eJSl@Zaro*&|+@
z$P4_X-g~#FZ7g58S6xdg#D0w@oc?qyU1I1#Ec>?a!1jsiG%r<UiByci3@rNkoY)v4
zM!*yzN3HN^B8oFoO$RZxy7j<NC6Qxsv=~;np@|yBo?m2_xs4UX<dgsj90SjIf<{*{
zO((t4sAlmYmUavR+fb@t71I}GVnazs%P!BRU7`@ig2EJ0BQA*N`#2)kAKHa!aID9t
zuN4!{;SR_fSzOKf%&Bi{SkGDt0%9T{Iir~y-8yr!aicERR%<suex?4x{-h~X;pi$u
z#ozaJqU@!u@3ITeX`~P9o0UNg7L0`DEG=(sEnO32p}D<aHy6RHTl$iO%nh5r&18*?
z>i|8&cOJ53EdWYmtGwO+-xSG3LuNL&_Kub==+BF2mxzG<qv7ie@Sr6ByK4a6e_Y_G
zCR8gi4!U6>wjg_zJxxN>6h-Ik3UQ{D%D_wYKnZB**m@jdRDl8Qn=5yiL++EFxa>oQ
zSbnZ`MA8o~pA1$2t6CbE&KZIa4kM5!9i<ly?W=?iV%vjYwr(#^S)|MmZZzumu}Lq+
zL5>yqNwwMwfkmSKxh)++y3b&G=$Go7bOdQXr@eOB7Z78%+u+!3Kd<Es8VSoJPtvl%
zQnrD`-}MG*TN`59$z#2iQGCEWO6Rbep6?l1qVjUY4iZ(5997MvLZ_suQEOqGq^O(`
zN{y9y4i~u#qbfJDFjwjqN*o~Jl=V%`wW@PXX#Q+#3uSc9jFSS03e`a+0UjvZSgCZk
z33Zjou*)jXEdyPQN9sx`fVRfJc~et<c4_l)dobjtW@Wh*-si68PT#uCJ${<=?%Pp_
zvj^h4y<2IT{qenRL$%3gFcbfmT0VfuQM_nMrc#;iRYH8sW1$zFZ=|tH)wJo39w2}R
zJpQJgV-He+Og<*YW+;=U6HZ46#f{D{EFCpNSRkdIR$Lj!%WaHOBg{t2Q_3?e+*A%x
zGc-9ej>4(c25uP<s&fm^UpkN>yn>{@suq6KipjXlz59MlboVXno>&me3C7uh5g46e
zqIz-Ap9qSB@uum~MeLX)Vz`j&2DRzGuJ)P(F-BG7<4Jq62r1OhSa)tG!tiu^+e!}~
zKd2w;@j2e_t<zOG%g5{^;^D(JVprd}SHu~2AgL){$@R@9xw`m5J=9AfP2;ed{QnSD
z5~9gSlA1ZrC|RIea3Vh%tqv=301IN%j++CTrYhOy{wEx*#1_!^NJz>`sT=27DD+pE
zfk(gph4LudCZ-E25{gNa!PSBhQ%T|%_8$`^or48&Yjh$sNkz{GFDm`Pad~UQsAsV^
zkiw6WT73aO%)qS5u%CilPE2KEr4`~bmoYSBlp#xOf@lObhbR+dk+MV?t!Z9c#pZ_z
zWO<ZolBxL>3<p$#;eaL6%zWBDQCwuz!~*(|kXa=usu6+!^hVghlw=bRUC`qvve%1J
ze!;i|-+!nY$E5`^7mAU`5P7fw(+O*>pmNAzBGWm;Ax^tBcVZZnO9MlOzE5-aDmQ+z
zJ4UNy*0;DDNL9hO;<QN_mLME}NMX~T)ANhFs4?^B`Xcn~Ay9!p@@T^WC&D;oCQvg^
zzcZ$gk$wNXMM*>*qZD3BH79`TebqUrDr#!W{NWwc5aP|Y^`KRk<lJpS(;E|{-`1;F
zieD*K*#FjKT1vV1Uww|8)-F*2+Oss{ym)Zw-j5qzv3eMQ!RE?qQIUtD8h}g|>BI(%
z;@3#!{&L1Ne>t<KgL^5`O_sD$r$zIpjh+fo-q777R6#TDVVY~s<rGLJ5{?=tbP3NI
z`J777m^li>5n-!ZB5OBo!0WM|EN3b+AzIi%Bn;YPH)(e)P1a1BbNj%M>4ao+Ubovj
z5~U|qX`kgqvmQMUB&Vb8J5>9MP3~|#&tL_*p<ANa(o$J6j3H&x21J#~tVZx*<Qt;E
zF<{`7r7os7e0qrFWa1gM7g|jktTT}s$Opcv@+ig_rwYzG42l?}jalcGV@ng2!NOB<
z##KnWY+9XT;R8XBE{S|*GWfhq#hgA4v?U_b;90d7t^_V}T&q6g$bURtuZIl53`bM)
zqf-m|tDg(moD;r*5|jv$M^iI<5}i9Mi?yAi+?1nUTy>U&Qid9Ni>Q(}M3+3?EUlnw
zC|{t?3FXUW*xNGKy0loXI?Cg!Y#$36%47ej(7IXSNA)N9sU$DmI1Is%+^iSouu#|S
z$S9G{6arqA9)@B&?4akM*sIahfh-6t$_ycRlv*WwKI9P@*J=#TI()v;oE~%DVSJKn
zTUO&k!VFKDL?eHKVb>2!Hu7yl!!Y&=3<_@t`G6n`#jTP@jM3ocl9VaO8KOB=L-zdI
zQHKQ(!@2y}ET+@zsWtJ;wzIR*i+l_$>Unz!Sxw_>P~mN-pr}?@$Jb#TBX~_W!t4@s
zmSJKR)5DG`ij#_fYva&Ho~l?$`23vb)c`_uDb*hP*}6DzU(#SqCz7dLbD1t+OU=w}
z3iyJlJ%n#+Xd4+~1Y<4XISdrDlT9kj6r)02YBD_=<3YF4T64iyY&04pJyEAo0eh?r
zYLKt!X?w&fhqa#edpUv1K`Z3*#5mPb->_APjlyG4Wc|uTNcId|{<|n=hyA=Vt@-IV
zUe}H5kdp^smMX(@xBlsqYvi*B92CWhJTG~`Ij>!5Z8HSVul||~z<nk9z!mai`4TzH
zx7zl<0#d*Pt}GXDv(lWv?_&|fM`p8t+dPa}&E;2s=HvEhE(%UI4}vG;>GYy^zy;~(
z2tMHDoesQX26SQ280kz<E#_vSc~LMpg<cBrNm~ph1;7Q;Dr<gYprDC(5!9(8=a6gh
z!UD1%S}264UyoEfc*1|Pz0uL39ijW_&ROgd5_%DT5rH0@`%x6Dr{q&8+g5)t&7`?L
z7}Hs$%PG8P%4e^|B|(YR&+n-`+5S3tn<fMyXucX;O6uXe8Xi5fNnQ<gs%Bx{6WZoQ
z9EzY+jf+BOfU^>T#~tpB$*et^orxF={1CMARd`G%E$Ie^${fWkd!gz0=ts;4zhC<y
zE9zW7g)n~ELP5*^rDhD`+soY@_Re5%d;1~=nfbN6VhjKAiGA<OV!Ijc50P6P{I1=l
zxv=5_E3MAfrCd0ht?Rz?%l_O;`KcMh5q=8c_(w~qVmXohA>GRu&>PJ>hRDFzjAGmK
zfyqvW861{HS~A*&DOfM)M+;v_718+=o7OgEE=z3^fgzDqsw1cotEOqaNh1wSsIEz;
z?aL5T8%@VYFs;B~4|FbZwl06%o5-mz<G)K}u#7XQflWoPMYrtgY&aYk6uR2j`uV)$
zX*3gI<C4p(Bv(!($mzV*>=^9t4yh~7q<fn!tDmtJu$ArTSabptYB3bnvGymGHMItF
zUh|o9F11>mD>Xg(?yWVJS0c+8KfG<A!$5Nv?vgxKnu9H)Xs)VSNSQU59aTpgO4OiY
zJ@E~bhn0rJ6x7j_a#4Yp&;+v`OSluP-ZUWce5gw*FtE~jj-&QthY=E|XaDqrDLOAj
z(CyVJTx4fhjAf>i!4Nlfw?AW(lT{1ZC~EyvLg|c{ZPaU82KJDrYf@oX?E$_5vgWX(
zlvNb*y4bo`R8iv+1&Oz-I_H8*!-vF%-%a?pn%dl~?LJDILOr+pbTLCmq)qvF?w!vq
zNeJWq;d?LUqLbbm9~nK5uVDr;>^n1e95m6&Gt{|l#hW{zYZeNUni{;q>5Omt717r@
zg~y~OWxA=NNLzGfE~8SKBqR^Hq#onESL0pFCZibdddHZnlP*eSf}}kMPIOTZ?@Xh)
z1T0F9kh|J>Ix)KIo$V_mpZK*7EqdeF4=YaFx&yZPTC^vgZabBbsqsE^TNN6ai_UFv
zQN43>wQWj56cHRh9+7>rO&^wS^6?d^{OI*wL56ltKkMw1j$x;h*4S9>{PJIv0(cZ2
z#T+E~`Fz3EI7+1JGMSO?7y_V!zK^7442IyC{w*Y}`k1zSdWSb$knuDz+1w$k+2E}^
zh{R?ADRq`3f1z;2@K*fPat4_#p3`Jjg~>MI&nV0+ktI;}d_>$#-Pxtg%Cy9Al<!(5
zOBD{q#lbhEv4TQfOWY-`dsw=M0*CgltPy+GG`>1Wx>k4wkKQVZO*&|7!tbYS;z#4&
zp=-~(2TEQOz5G8n2oc$N=?4e-_rDsmc6RU&&wdE5i7Y4E)u-lfDNT<2?}_<vCSW`H
z-v~x~L@JT+pM6H!DiBitMvJ-A;m$5)E=)@{rKY?2;VY$z$B_BKHza-zh`KAuE@|DX
zrF-)VuavWKMJK3UrJhskHX#!VOQoJ_(61miffg*vpImCw$*3R4gUQ2N`rraTg4zeN
zl5O|zLL@PBRBGTjI}15`P#({k-I_y7Zu-bX7KzeRY*UuUiT9zM&VvUx`o_9!`VP1B
zFNmBdL0gvIN|9$AFhL;8+dfme(>`2@`5*#re`3s-05hZJ6Cm<!AF}h|W)CnSF2b3o
z$Y`2|`^&GdW*dh*EanP-KwL;@Cex+WE>n_#1dbcAKIMD}E|(pwh-=I=Y+rHrNMFjk
z$VJEfS4l29a|jkZKFlX{3(kO~7O(!OX`}&=7$SHa%1r)TNE#Fdz=v8y$Sw(zl!pM|
zFYtS^Ao!nAbm#bS+zVriN-2bti{_s!_<UeKJxmPwT%T6lA)F}muKp_wshS_*@CFh<
z?i_4cFFgl-k6Oi-7;w;*&W^bQ4J~!!p>;QhRDz;pOV`mR!W8H(+upRoHC0kI5s_PB
ziEw<{*M=;(-&zQ=NF<Xos!>w1nFl-fwKyNJ$Q#R&Xo{d%oG04l(pNbXF0$)Q31iu1
z|0S`Qr}ozOXl7|5s3X=e^DY=?#~R!i^9jo$=1qA?MNoCtZ?g$qdFp?Jb9_jK-kS5#
zi&{m6t{Yk7uKA8T0i7Jms@sdnif5)m>fQZBld=>gPh77Ua34>W9Dyhv&;=>Dq+(de
zxyn<FgJXc1shIC^n;Qv(^k^vR20e#@Cs;0p0#d_98#NaSqDdAHc(<}NoiuK2GHg@-
zuL>0QF@uutRj%x%xat)xqgNOQ>lQ8cHHuSOm{820;*BK0C1aaTZ|}2Tme53V1Ki{`
z`IX`=lImoVlzk$Z8p~Ak#Crql^#b|z8#1Oz*0hg(SX$rM;%AC+IO?{(@eiQz+xGPg
z-|J?UBAJ9<%MtaL)3ci!%{!{X7@Q>yTQzSYU}gZiNIMiXRF;74YRB`QAZZ_}Gc<@r
zTKotWtQ1Tlt(0+<jH1j<`@IWxIV1}l?|;e~>1e<hK=PP?ouE6GNvilhO|jgYYG30;
zm1Rv_v}GZ5F>xqZxLg7{;cd*k5p5W5fK-aBYiB_v2X-dMtk0@5VlxezC@Ubt`^j0I
zp8SKgm9E+<{Y`J6;!HXHB#_)wf4D<G9`=<3ersc`RQ+Lz04i|$lo4$WhHD7Bu3mVx
zMJaiAMN}g<8USZ(+qgciBbTn%(=qDzdY!Co(2)Vgc17@<udM)_fo2;7RA7ozmZH1D
zx!R&abwc~I+vK*EcSh`+o~wQhN3DA!dbLGc6KOYHk4Pt0;cR;TxkmiF>bSr;P?S1%
z_D7Eay7UQX`m0kP)L_O*S!cj6xT+`$;h^c2alx#VRvk$pKc~ly3PtTa=j11-<<$qg
zXlYk_JnB#+Npy5t8sg{d=Sc^rgxiYhDY|hl|5nfX=Uh@cwI@yGXnx02ayX*^%QbXR
zue$dG#jLuPo@V<=3!l*Qy=XFMZQX<CnN^WoQY6{7KeYWLX&}v7d|{<yQs#5Fz|8yZ
zN+BOp&s;A_A*&GvdR_$e>tBY!E2BQhK=DU;ZJ;4Azn}8`q83!U^$m8X25A<2YNqPc
z@r<0?r1Xf*ncNNlZ&zXE?w!QhF4hlKPxN7s0Dm>r1t&<2NjZB|IMqS=zDnOM=X>52
z&}vNPu$SW&E)@3XIHS=^JDs#!)8Vr#Zkm~qrBh9su7X6ET``B^7Eu*W&+ROE-N$xx
zjE;AtlDd~agL&J%?0-{xR9{10X5QY&#$+DuS#N^KwcZ5r&@>Hr)|!T|EtMjcx>GqP
zd7bH`)$kzk0vvNb`>UAGl8ovWw>cnjl^OH+pio?IT%I54cfu}&|EVYopZr4+W|Q@A
zp~DIhcwzm^VSbRs!jH?RHO0M_i1LhQqhuFlYp6z9=6Mn&V_wREH7)Qxn8xKZjSD&M
z_1y@XL6HO}MXyXIYTO|*2^Q*n+~fkNaKXynQ0D^Stb?X8?BztZO72a$W$Iui=d-*i
z5ia?r?nIn{i|`!dI6K$WK*_=eifB?#uO>#mRtQjeMrz4&#&E9kY?EEa-K393wjm#g
zhZPxDsmkR{lW4J1@8zv-<FL*JQ~Ts}%$YWCHr67j4Fx{i+#Kopq|#7d74AY|#-8A0
zq?Hc{i&+)dbsGAL!o*Y_3B`)!<?=z+=`KqaP|kkQbh`5sZbNH)oYQmLM*9&zL~F|p
z?XXhB$<S}zFP7pDx^!gPd&<Q#S*LMt2ZSf#mB68MncUt*5znlV%6vntjFz|8n@%js
z(hbX9D-DmEyiV(I)SRv{El`_|Axj>Um|?i-%gqflR4@7+zEutsN>#oIz5Zc@b_}dY
zs>%~a%1eqZEl8nBQ%X%=(yG~Lxgcc;I7t}k4q63fd9_SFym}am*ofo~U0x8a^6-x>
zTDL3Ct5j{MbPH&_#LI;CHgq1NO9Q5^Bwjo@@<r1(va)O<36$k_boZTc!yPh6hB{oD
zTSzRXn>B><<74`AX`Q)~9GS2447eeYEEKfIMDAhvffgT1KJfe&tlpu}PB(-}Db`5+
zyw>h9k!>qR?X4OWeSI)tE{pb*l0|PisZv@`sAE3Xs|kPQP~Z=zA|m{Ml{$y^?TvKz
znY!;DZ^AluAY>w9u=P#)4(wtn6GKR5^zteBQg0h^XbRd$LLOM#S@K6U6ywc$Nbbdt
zWDki?8b_40M^-Zgo)TBo=H+1zr11#J()wUjZ9W9#NFHOST^oJ-+sm5xQ-4VQ{Maya
zX!PChHUxMb-c&m#e0q+?aJ^wCNvJcGF&uQZoHS<AC!`ypG9+2G;%XWxv>m8^dksz#
ztjmXEuHi;jbA)$`gF)Ts`5Yk9r<qzgzT5WF)&NqN36g|1X05<0){PdinF#9;qcMgH
zx_4LfiW*UNwgZ3{43;wf0>&)Vh^j%M5Qe%yZ5bMAatv0*xqQPf$C1XO!mJlZ{Ru7t
zBxaMfUy~QL>iUKk(=x6QR=n<yg3|f%Mr|rKg5#H@rP_K^b3jHG{o2OxM$E%L4Co6k
z%q+5AN3d@JA8VMI>DEnn*)+IRXqH~xcg(upJ}?7^ECrd<QZd5nBdy&=3nDr99<bW#
zxXmr&n6!q<hNm)+HpfOr<%cab<$SI-J)1e9E^jm%@T>Xi8cij|GEWgfyRJ`eY<j{$
zl|!ebfA<Bup=rW<!nJUHbrV$z;IV2ij|q==I}k4CCc6Mcaj(e%lbW<R9>r0SFv>NA
zCmbOP5}Hz#2Nul*q)YhAwy0f{RhpRQGp<3A4DWl392XK%%=LFOayHc56)qR^Q+n7g
zm1lyyO>CHacB%V6eF_7q;Lan}Zk{ln>~?B{BTSr;AdNG8&ft(HvQTPV=058?0$s{s
zFFe+bBFIy>rL?VKk<FLzJi7#yqOw$M*cz8dl_AhZ7mOHjPO}%;3aUM=69wd?`J($a
z3p$-%e%OqdbsFbJq!wwzy;t`>O+Kx0UY|09PDXd6sSnHr&lw4awRSiuAa)@2uS?@Q
zON@3@TISYnvLv&0*I8mBJWcQMPG{Q+ON~=dC4~!>ylSA?r!~%dH^IVg*6Bsz=$8zJ
z1JF9#dR|dBgzAOyVW{T-diTy6x8ADa3ipbi&;?}E!mfB-N4Gwp-oSS&XX&w&cprpN
zbUu8Mb|Y|B>^83vh-hJ!TXScNB1N1*(mp~&V$$pSukJO|V&LABRA*-7yoj(B4{o}I
zgI}QtAuuc&GIjJ@^pwI^#!uDniz!Xm6Z^cQzyJMchFzv_Qinvt|7Fa5))`_k+b^$k
zf!zmKfe{n!^klw94M1lLhw{2gBv;^S(gI8*Yvtlx7c1=T2nXDHl@=&mc@##3WUWw>
zkub6v!j%#n)P@^@Gp}OQW)=6^zrZ5Sa7^qb;ZcW9SUxSid*>};{%_|y$>jvP!!1q7
z+NX%E&6SzL9%KP#RQ}%Rb~$hD<V#D8iZGm@n7g7fkv3FHmBH$Qh4A)1msC5eR3laT
z%c-=8sZ1rR`pS^LmK$;bXZlH<B^o1Tn)+^AxDeBtr`iKXae&%L+7o8jUSao@Ar5P(
zq>W_Q5+as)Qz<7UYyO}{YpyOi=NIjYCQi>eVpzS`b91AErPcVM$4Yx1jLx0BDpknY
z&>MNVv^E_K7L-hz@xMa29kbD!_x}P(saU!H%k0A5v-f%b?>r0K%>MkkO=YzQd2JZJ
zv=S$@LXL(v1V*cM&*BMkb#m#R1>YKzm|2?ZmKW{-tixH-iWGv6F=v`V%;=Pcnh>aI
z$M(98En!IGbiX;>q=ifeSQ(OO354ai*@*md44H3o8N<?us$;<0lCP`Eq)bEH7EmEE
z7^5|~4jpLz_$1oZW=Y3#yF$t~833oWuG5#NlQ98=q&6v!7~_-CRL}^!-3ZTfUTZVF
z;(}z<iu(lL*!Ar~r)i=_PcKB&mtz4p`+m+}A*l3ILAFq3PgD~$vG88(A@|mA)mGev
zWA*Aw>q`$Xn&^p0(J^BqIMR255V$IKRd|)uke5QV%Au-&;I5(Lr)ZWg5+Hd_4Nd7W
zl#bM>@QP9ZMs(N0YCfpQ4~&HaFKVkJdMH4SaCJ@)#8sUAiH1xtwLMicN++rkE6oLB
zxary$l3G>io+v^U{nf)V2kq}~mr8vTHOs^0toG7+X6J*(vm{AsBI=Awo}yD}$|sC+
zxNm?_In69v16?$uyvBq(5Hpgvo(0cYTi8E&qOlU9ECulhN;?b*Cq7m(Mi42$_f)fy
zw_QyNl&nQaXZZ`3lR*wixhLl4?t!y>x;Wd+2ETv3EQ8730IHXIEDLUgdu5!4Y__D^
zM%8DzZA}d<g*JrVJ)y1`Ocl|htXUZ;x~pO_#=NeGCA>Z(-Kh&DQs7zGx@GF>ZA96b
zli?^Jxu_v>p;qk8(_Uu-ybxGH)U7xd2-rnU6|ot~dVL<+yMa;7Rokt2PLzZJ-j@W5
zA>HcaOmQ13hZwXjV3<8<+jx%M&VhS4p$$4s+8I+Dl$+@mmCIh%i>5`~-|EjK%X8tv
zlGzA<745fbqchQ#jDVX1Ad$s@$d&IEY@fP<H_`vL+{hkPi+a~moEoCKL>Kb__eu%N
zZS-o?Xzf-*e%kXv8{fR^=wX}Bt1d+<hTT_LB|HZ2C<|d++VgOg*~9(StE%=c6GYmi
zgI&WeF`QdVK@L)O%*UqLJ*0P68l}!K*v@ROc62Mw?Atba6R+qA?<2DB=7ox7U1ax%
zTGCJ$=9KX{4JcTrgrO0{8;F^Z9Fw&dc$2QfK1~ZruX4CUUqWS$lJuO~dKFqPa{25+
za$$(-<l7d6c}2PbZx_xCM#GUFY0_z3B^aBavjNH{Vp_R1=mfo|7Z(T;v4^JjpRhfB
z%8O2*Eu;94j~yC(<(~(M_+0~kxqNF#h4l$KG>1h2^To6~REjN^vC2jF4)wTPp(2a3
zrmOuXe|PzA{cVa`6-uigzT@bYC+E{bNq4*cxldHm7gdiwQUi?YG4St&qekgmv&_0p
zn1>B%Qi;4~OFc&r`u==QId_(5$NLO6G`}z5sie=iMNd{T?wUM}U)sKa1ZL;}SeUiE
z`a02X3)I8(Dnm|{kRWD@szhu=qMOj3yl7Awr-JsnN$Cl%8Qc)I%m?fLd)m5k1P*CY
z{_j)uu(Gf()3B>!_ez7Ak2ONuDo8!o1v~M_EOf>J1!(ZadF><Nh2nQJa;1*&#gvIh
z`zBqrt&|$A-)=5RmOh->S1j<*>GpfKWIw;z37c@f+#FAOL-xbj7RHI9|GB*jvDRy&
z6XgZ}UH|$(hmGpwq4XTI+#!rt%V5bbCy=#EH&FwcvUZ2>5vJ?>#|Ora+mDq#G`cG&
zjCQo?F(lnh7Cc-S<?z)NIHmC1w>wP4g(L<<oqyyblDhx$hjuyP4pg3TqHF&qRci3&
zPxGB}`pfORXJU37sK3wxmi$?E0$#iSZOVnVt^FUhm{MZe`@gVO92d6#e*P;RrF(Y@
z<(8fTN4v>_M;2W9kbW++?WG7@cBKmnKD7w1Nz~iYRN>$5aQ5(>{*!L17&J@H@oMgT
zZ#Usfj*viX`8MiedO+^-3CZLW4s8ILquwEPk)sXY>8UiS3KY^}%`pnVDdn@qkk_QW
ze7nL@%xNvjUzK8h(nVIkA4YU*e+(57wL$(Q7xQD3Jr&wHKeV?giVKO5!z}6UfV#Qj
zi{}%E{Pr!%rZ$kz7JvgBf5t(t7eti%hx;(yTP-)C&*s&rUhZ57tL4d{^&d(N)aaI4
znI{H<Q<uw&7vpL=Msux-#TaJeMxgj5rx@7l-*p3KqxZlF6n%cyu<w4~UsiHlzh1&n
z+5*k=e$m{L&+$1oy8nZJxyzfkOA%jdHQG$zet(%sKE&6B&456zs--?M#r=o_2N_0G
zgv>?7=w1-OD)U@&B<GN*bk5J~P$ZBu3!y3^B>Ra6tf@m?h$J1us1IUdF^QsF?D|{?
zDlW4DtYAF=4S${5g8&7>eUOBsswLLFI#}y5`cxFgHJidrQF@^qh==*)-u`J9!4wb)
z8J!0%EK*G{&&(lOp@MBXGdp3kBc7@4U`i;fOJ*jXPQbQTMtB+M`j&PA%_B4F|8tqJ
zq9NF3u}0}=ctrTmPZT!Jnj(9rD0962xbf_*GC0QP7CK~zbS)xDHCX5zZJ)_8ThUHh
zOt77rdZ^P3Wt<`Y`|{Pc_L5&t0v#{-gTig0iRKfW+28ysXRVoz!o{->3$qt4JtZ8F
zurLQnNES9Lqj%-er>WF4NJwQx^sASLB1er1cZU>Z6y>QDo(B*6;sU>u4YfWYROz2N
zWiYT;zGZc~@-Hho^;iq3TunBr{wqb)`f>8Du|($mAE8P$bGq)Yx<w1TS3erOwSZD9
z1POt5>?=OfNZ0TCfyFSALv^wSM};4qk_2l5D*brqMb=DW!wff{zmlHJv8B9h*kP6k
zSU6U`v`(#$9nWw{vuo=Xla?b5NfB65Eo2IPUf<6{IhO@Pcd0R2-mZC|k{n#G1P%?#
z?a_C4B6<dVzl&1<Y$eF@+eUT!y=IN`b6lt;`fVCESc;jD3tIsH=>2?KRqk)O)6xrL
z&pj@&a3wW|#b4j^Z-<I#(}dq5EVNeGnZ@*|QPK_#+6A^j*0lcOf`59NyD$$)+d(@I
ziTG+YYyJ86pCN;jzhtM|ck?qBFFm^<LRi3^;qRnk>7yU?_a-~Vv-%ZE0CYe{Ndhk>
zFifUa4IP<v3=uYBvM=|VH@ZfiOPfhKRhOk0(%xxBEc=68-^L2B#GCe(Whl8vUy)Wn
z@{Bw8VQehcyI*DS;SY8h6Ti7u^2eQhSl<1WXK;atv&_pf6=Mz*VR^}}t}eosy_b|r
z|G#vpoF)^jfvE_kLJpP}7RLISmbsd#T(`z$s#6k-(;%7*>WquH5mWk-B{S8Ds%@@O
zij-WzH6!%JN6I3ZAjYEI#Hbzw>4g{x^Qd3gN{TTRMHFH5#m$(_&AUvee5y288CfO2
zaHwGyz*|z61i5Ks%z_|Y&b||LvT@=)F-caN{q!Q;fsI9*avUM;n>TXVknMI)QtH|U
zjAB-w9&I1udKv?0-fa2--3uc0*#Lw*K|19qnoWVV8Jk7ii{7?BUG@9Xi)z$Xa!R$J
zFi)D=XS>|=g5w*YLpG1QGJ@^LmEg2eNiyPR8!a{a*w<O8d%C1_y)ixjGOhuQBm%UQ
zBF`vM^CH)$oQ-_bPb+6)pz+>4cqA7O1VCmL`b&x!z57$cEtT)lAr`SruT~y!>Pyl3
zJ@|Oo1e-;m1HG_GM03(YzB89HL-JhuHjzo-#J#r>N+b5fu?;<m>Pz9=3we0BKmh|7
zzl$ilO%vq6P)({q2o>Ora~snE%{F9A{WSG|M5}MC)OxBbTpIwK|0IQ|frh=d%)o!-
z2X$6vNJwrb$5Lo1y11kaqzu`H-GIiC^ca6x5euhc1vQ(cx=&Ld!M^es>jx_I2i7^a
zN|&ofP<bS?kWbXQs0|4lc|mb0tV^gu#vO~0(j{xVz}C&>Uq-rIi>Q!BY~k_*9p7wy
zfmny!C|^|skYoR_l7YR&!QFY+L&;7S>|j$D-cl|Vh>;$%8LAvwAx=Bo8Z{%B(~wm|
zGD{gmt&*d3WuQ|{b@?BnP*^!7M22KC2}3bY9pvZ^WsOV;)3Hl6LnT`VM6SLoQ<KlA
z?ABgF1Y*lfyR34eC}}<@q!f~ARS{}MS5=uNcnDL*H2`7igPvt}FgZ1?iO>y66i8x{
zToR30X}}_RzVq?8(b{Q_R0s-ENTzDY#X_UrOjVd*LW%qHJOv1=(9P+ca7cZ69Fy^8
zF)8p!BRhl8-SXk^$iC#DqI6G|Izm%ipjnw4IidwOQ|=_d<sB&(n5k>vQ#mB^LJT(>
zjm<+G;wr&joGvGvU}i-;)A;bBD9M^R$8=p?!s|o`4M&in{;0MpD@wOGUXW6p$i|=$
z$uW)Z;>y4&l13mI#<?@)2G!a`RJh5w4&Q8|y)l7flgV&Df7Q!#lS5{QdUmLZQ%#G*
zs36s7t!^v;vAkhByEv@y^l_5Zq(6kb#J0PX3BQy27GT~L=F5lvb$yz2+r5XfJ6-3m
z4j72|&GtkKbj3t%y^_J{JuzUUiPvRJLh%2TCb;EQx^xGmJ-%o0|3I|`iOasa!tO?&
z-Pl&p%CC;)*b-%iP>~w4l`(CWi!_a2T_%^Z^S@o&4<dz@ER#lMm~BdEh;DHp1?fpw
zD;#u4cWx36^86Cr0(c?+hqR^=on4o*WwgLqlQ5;UTY%I<F7(d|f4%)BVr-UELnCvi
z^B>ZdOub_7HrVRSJ^p<~AXDp?ErK5O%eSefx+0i4rkXs5p;Ffk7fe=_1ai2Lk!rwE
zlgXrA5R-OOhU+|6)1UtNiHF#zLE4%YRjLe%&@Lv#o>wnK0%65aU#1&yVqLk1-`5K-
zxQwN(`7r!x&m!vt*pdx0BCH3&AXz=ypq#oUut%PyCi829=>|zdfx_suzdG7DX)@ZU
ztrhS?AbQbNjTMvt;mjUTWmr+7WoQzCR8+e#(G3lNH`M}QIK=Om2!l9fTd1^W5RsZR
z7lUX5L?`3wPS-@KF9paHE#gw#X{L+<RlBg=7V;JFo*yf*&O_`<AJH>bPnL2Ck3m}N
z4?Yw#8Z!Wqt+*ynWO8Uokt<=Q{(N`dHCWJK9jp=a?)|VCV_*50D`gz_@0%3tbs&^I
z>M)<e<lj07u8!q0uetW`CzKFciXqb3yW*u(nPVgM_3-$o31?*vUJBR)5+6!$Xt7(J
z##lJZ@Sd;r>{u)Ec0oJ+tKqZIN9Z0At!s{AkW_y5d#Nq;(ff@@<g_f$QVt5BsIR!Y
z$AFsHxxdztj1>?Sgog*C5Gt<(PcI`bf#mi|q2;UewU>_$#<&LRmrn(~aT(B;4~34n
z4%~Be-~%<NYq=xU(?C}ZO>GxeQBy1SqIH^(dLh+eUQ>)yl(^CqZB!zzAqkW(27KCT
zr%|Jey+oVM`?kxm0SNu6Dm65Zv!sU3-o!yN@<S7II4a`^xhXDa5tf%!Uy&7p>1sL-
zYs5StR6|sB%hou`4@B2hNR=ZLxgoM$M~6yE_YgwY&eU=J8W?JM#Yw8I!Kme{R*<Zz
zQ29Uuk$8Xr_$|BkFIQhu*R=f&L-=d}zTe531pt0J$TItT!~avZxe^DE0|Nj7{$HDX
zHg`(fyCn$Wd$8I%%(NfV`)<MIBRIRo(H3yx$gHDsW|eZU_0eTBV_EIfW&-k~m=%a|
z(oILqm(AiFUA#Hol|Fg7K5@#g2<(I>C4FR==DT_?rVXV(HsOFAuK*#ek8T&ys1vci
zwbw@48hTzX7;=8uhl!RnXMh>qHR_C~Q93Sa@@%zeyqIP)+^{ORdz8V@n=lgdvq?r7
zH`10DSN7!g@p8$d>sl^MRb(S{@z1y{v#3{&mJG0YX_Th<MQO1k&q;dD0P1&{_XS5&
zEw}&#+mIw0yTukHKIGemJ#>cdqf>Ni{h;nS<nC7NvWh<R<6xv44B4QY>N?kop3b>t
z&imcMa$5SBojc+v(?h?Tp?BO{e9oEc^#-MIAdw^a?ZnuXF6wPVA+YrYjmIsklq=hu
z%HOP`O$1F~n2BOXnNL}xO<8MS^gc(-Kshg!H4<iav*yjxf|ub1mPeeLi&BGTxyWQu
zpdfWb`$wRw_T~7Sgc+lI3DNa+E1jSl>e6}<m~L=#(%O(ESsQG3>bd0(3XqtCzN*LR
zn>tO;)c5I^hPbMJW$1?;3PHEi1E$L8VW9~i#CXTk$BFwwOVl>H6OS7(olUbKfZ91K
zXwE`iYI4DC(f1}L1Oh0O0o(&P458*uh9S_$2rPa1DAF(r`IN8-YT+#rFpuvl0ctt}
z5M9IuF;}yL)kBYj@_UtC(KDPQkyp6@qmQ_RRKDdhSj}$QRn>3@at?AAdP}$mwF2(L
zEXD(fP4W<=b3B6FtABr9O6)OC&N}D13nKh0+$AJxN-A1qnr09dVlF$AG?$JdlKNas
zWI{vooYQ5vaAzxXF>XY0xiROov!=M|P=pE3hvSU&)y?U2F6L|%P6=~DnKRiV7a7m3
zojyso0_Sy2oxk81@2<N5VQ`n7nt%R+9pv<s)GT8B2IIoF72CKW>@L<rBf9hmDegWa
z?zrB$Xh?1K+^VTj@s(3k*6QQ`GFHcxw>`oNfrmThRQ%MCj&4l^A7Mguxa_pR2u?eS
zvu_+E3$?mXJ_B_+EX2vx((x{zZ&`=JyTZraRq?DMX<o5EtX3fjXr9ioOc#Cw@S`Z2
zK1Xf-I1Bh7FawU`2vH-GCV_t1cG59m(6AA@B&1|MHfqfH+e7{QDuYaYZqmP|WqIVW
z9roDyVo|@HugwZK$BLPS)h>3)Rlr$<lTL|r#%ZNoxH`*?fV*=C+7EM{2TxwS&Aa4^
zt3lC*Peht_-QO<!Gy$%Q677aEF`fwY@hzWzktz1rD;5<^oPG8?;Gp+f912<`x^zdB
zBE_U%l8Rn1>i=al^pvQon(At(sg|l#ts2#eAfiYjiz2FMqKm=HHu=sEDT^gUY;nXT
zR||+Q0afrQVR{IX3Tp1uD+wMEq&Om^G9sQ-hXRKfhaF`P(}#zvUV}ytJk+5R3M}f1
zNtP&0s&w?|N<z0c7}}w=IOoWY0Tq1mnI<G`ELS<El4A@h(o#}LDV5aHNGqN6GRP>C
z%(BQTo9uFMDJK~gtXi~WEo7Bi9j^{`NBg5G=3uz5H(F<5wswSD9X1`t><r+h!5_7v
z%nJ6kH?g@qQF24HyDiur3AOex-&k*$(zKkDn@y7;@GYA0PJ6dQ9qrMUVeddHK|b>`
zh7A1mS12)R>enymX&MwCyIG8hZ`UlwE@*FRm!<Gdd_cAUK%h-P2>^g-A<#wu2@+x>
zOxPNUjkt5XXK~pg{(NoOv%dyX`e&%wBesO0ChN1c*zm`S5u0hERaY!E)Wv`Dmo)yX
zx0q+YtDYz@;c^5WN_!!XE#51Fe<DoFjN3x+UJwaVEZ2S&HQd|O8W~^UPq?ClqWCK=
sS<<j<r&xlPsBy=a2<O!{sU#2Y;R$43ESqVh(b{KePR{#xQHop!0Be|-?f?J)

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2
new file mode 100644
index 0000000000000000000000000000000000000000..738b78923922a063ef71341687a4c667e763de60
GIT binary patch
literal 10632
zcmV;3DR<U)Pew8T0RR9104az76aWAK0BUpq04W#%0RR9100000000000000000000
z0000QfkPXJ92_t|NLE2ofm;S(KT}jeRDmidG5~@&FLV(I3cysfCkui$05Ic70X708
z1B4_5AO(m32aHP$2OGFy73|m$uyFvuyS>~@gs^dd*TyU={{ME|kRkX$Wvi3m#%Ozz
zgPiyx@SMs{;a0ujK~&8tk1#4%@JVihywe)Jefns>jVLUZu6T|2@Y!ASH1uEYm6iu1
zb1wW$HY94768GXZTNtQnmETxKbJL-;8iFIpWU<6<e~nSo3ZH+w3yX~L{B)5@5B!_n
zC%$roB(r|RPuH8-ubVhINIeazDPo=$H81LEaX&G~y|CBs*WRAFV<z9^#PAfMMTY6j
z_nY=VAp(J*GY~v@0>o;uN>W?VUNbKz_o;mRn0}ecideH<o_{&tbDPFLU#ixd;&5cc
zO{8EpSbX*<@b)*GDr#Dkf{jY6mZY7|zmL8Hp|Bof7w2*Mob6C;+C+gR#37;v2?Sp}
zVu(hG1969n5)msElUMzI?kVSoYgHBMG~ht*>=EF<BrxiYxSezQjRVF3YM`Vt<mSJZ
z<eSS@v9-hI%i2y<m*Jbp6OWKQBq4$y9Hs~Pb3g4Uzrac?z;h3hyQ!*?BrdRaGig&a
z!s)rfJ!@PODr}|b)Z8$sQ?w=#35^7yzo7oRTST;)Os>?__MYT&An7@}f29K}&=Jm*
ziq0X#DwlSR2LTKGWKa=Md@4f9|B}Wp<rncv@ts0mPzj`Sf^(cch0deSDKt%1t_%0M
zEDZmAYro3u{qJu=Jd-KqKPD8U6`REel4wXABF#05W=bOyGJgD_YSy5D=ZR+!Mr4i4
zT9<5_qx$c6O|H>cRDqfnm`nV#6Xe}!pS@7BvIxV8Z#bx7YO`P~rI8|Go0RAMZW+@u
zp>oUKR!XCd7%0x#<<BuVh~W49TJH&ABncPdL43?WE*>CJ00_weB{YBvrhuw8fF_QB
zsB@q_9Oz2~hU)`_0ZwQ@5b;`kp=e=J`;d8TJ&!mD?HS<i^+<oaD|M?oD!j$4=lQ*B
zuIbKH#y122AU6YvguwfEc$6T0-tA))dyP9RihUk>Jc<!Eh6P3dC4j1Oj^|3KGpfdA
z7*=}?o)x=*d7u5dC7LM*T#$G^p?bj!jmPXeo?Q{%{-#iI5SyLL?;Ck+JWz1??5C+6
z%rwDrv=glL7Em|KIpqa4&Lhy4M<P9@@oji&RApza)M<uLcM+GT;vIP29dRZmS4bT}
z=S`|PBPFC)(8|t9LnBe?G6<r!L9>yr$w(H)GFD^hKPoc%2>MiD;siL*AOwuvWK4}*
zfCn!@5-7A*8jbFA5g?6f)TG&BIxjj5!w5`l2ttD}f`tbYLPrGptt2dzLIe(^*_`D9
ziPmWJXY@CObIS(ehK0m6hxuX02>>$#0fNthusXR~?*Re;x_UnGpfzy4sk!Q3{xGaa
zHLaz0t$|(3spHi38wbt8)^VF=7ycgv#&nwMv277tZj~q;ZnWrBI9--z!3L*$p>Y~M
zrW?=ml@V>6JAdkoL<$5(Lo;@32FQPLH-d}d(EjvO+<azQgrX^}K_Afnx>Ryd0Rq9g
zqXF1+L_YAC-@YRWz&9d>iBz*6$tZ$KsHc_A`Wr0<fI5B*hJc`AJ|Qq^w6rasC3M#5
z88k6CV?vYI#1f(QwwTH2qmHQn#3)}ZFXG~Tg9Wqo1&<ws|9=bQzED93rBKAcquh{|
zR&_)K*j|8g0gduKc7Avvz$D1ZTj(J_OeeN>j1e`wR6OY0nRDKf`P}lazqq8@IJkI5
zgxXX7JXB@2Dd1d#DCt27&7c9JhSX})s!OLHz4|ojkf}zY2Bn%*YLTnX<$&8Ek0Vyw
z>~=ZqaoT6I!|#mGskl1{_d+g3T#LF9b1Uph%A<^DS(qGL+LHoO5v7b##i`-d2`X3<
zx>`CW^-SrHpi~l|A_s-s-SQhwd<O#vHAY6gv^)S(XpjMP3XQTr$EVOF2WUn!T-J;h
zgsd5@^0KZ&TOTT8fp1*^bbW?4gNz^65i-t@c!U5ju4kFDh1AC$<cuX}9Or@{d)O)*
z*}yLwPR%Jc$hV^P*DML1vKfIX>Fo)o$`l6FtLY{aM|+7WTO#dbAd990s_(FcE;J^z
zDH>{x&{EZV$Ke>qf!850Mt2(Ftou%_vy}<6FMxE(*Z|vn#P~y2`P$R0h=T3ij5b57
zPb*1tLdNrb2r^0?Qv1_1MM{F^`bN2?&C<#5V{I{%X+9^V4F4Z#nn`I?-es%kf?I9=
zz{K-IDKtk#B~7X3sEm<GHEBPHYDLoh<7rnq1WBbQAeHqyM|?GC|0&r4XqL|68!{@X
zQGqBrV0Q03B43Bll4HZ=ds*_TU8<kjD2LlBkgB@_r0Go?sa2fZmWHdlY5C0$d%z%9
zzKW76QiiQ;7(zfTq<vB#h>W=5H)*74%W0xL_A2+*`kRrq_Ew72Tn<V^<HTOHGT&zW
zzD^l=Ae>nMT&l%aE1t%6oXXpDWAu%&M2+b8EUcKtknVmR3;rpFX$Yy#<>Tl|BE$w#
zAGAr;qKiIU;WNHvmr-u@bV9V#X14hgDho4PYx82St>%es-Y!Vyn%AOxf-Xgy$@b4%
zwe3@!*sOzX{%)s!3l4y|Oxb@`#t|5QVdHJkG8%4&DL1W4o?N_Kc5*Xno+u$Rnz)~^
zpfQ!S@tv<fv#cO2_ZMYjb<{xmyz_iz+kMg?{kXig6211?I>N>_e|K8h<_j(Wj9orS
z(F?LBM{Q5cNAs+V;P|dJ>G!`0(f{>$(Wy$g6V)Qxd^KL8oDqj{9#wl?XM3QLXj!I4
zR!I*7iR|I_M$2SM4Cjp}jF0h?QZ*<${`U#8g|j~RO!RjCbm3tm6Ou50`gi1CLV=mT
zZ$D$iI=fMOoeC3P?(GSIon(ggM%LQJr7_p{;02U$zWI2wJR#aC8oY5QJb0f8?nemZ
zN9i4kcW8y6=lGQyn-{L^OQ(P2|DJOzg(p*zK)e6K?%4G3?yR3Xw^tN1C=~U^<nM>>
z@O5E4K}d7f?8NNk4mHsyx9np#sR@w2Zzzq@cmx6g?Z_p^wuH7FOL7J+QmGemmox<t
zL)kK20$XJ$;w)w?ayVOFJuAGRnM*oaF*&y0o1eeI@(KMWP)k}_5DgAgGnU!rGCQH6
zO{>$jb<P_9SeDxpyIRS>Plt9Kighc6$YH`nUabG?y2G#QtTiNJ)Lm(%7+1J~FJ&Ar
zB#IKA%I|a6MTCTv);ey7#nXs{SVnXhKcRu0M$HUoV_Syqw&i%GV?wv6G*(EUfD{GI
zNN7h^p(kFmFF>1A6){=M7bIy^L>gSo`d9nnJapAUUX{1cRyGW)ydg$!S;#GiAaEx$
z)LxJN=Yh=#O%WtSC}?G}`keghMNTi1*8?Aut<J#L3;1|#Stc!x?HA=)n2OnTG>0^!
zNkK($Y)X1gYPg(eQ&v(d4rjW0mVdm?B{hE|_Jb-4?Z{g-Be&#?tac1^bn<@)O_Oxq
z=7Yn|q^U^B8a}~Cil=4=CYX*gD-b7d#D5zCFCrwD6tt_k`0+^`I!B_)wlTJQfJ3o4
zd3Lc%Y6%|@O0N0^yPyBGi%R5en##T+&Ywa}dBYg<u8&_4%q<8tR{rKQ_wPKzzYT))
zZahjum;hKaQ$kG8@&)l4DKV2Sg#Xh%JA%4qBCp!xbJeKp_QTxNV{Ft_3vtaR2NW9`
z^ncr1{W{Rm8UlK4V<Ia)RL&?XtmpP5!DD(wek};9#A9|thOSyYq&O85b4uYkrP6kJ
zva4=+l_r~vUaY(x@fR;U^uoHRBA?L(brnt#Ju#rtTk)mEJwi;!%P+)-lgsiln)E&O
zDQ~<hoNO}Pc5&+QhVt&6xQ8oNoqF(@WB9^X%Hw@5D$S1jkj^}k8~Ep%c&PF@{!?0Q
z4fn%Z+_`yGr)SfkuXncq>r#^9xuw-gJ<Cq{cppi>Tjnu6rh)Q!(b-`ySTs;|pt3!=
zD^)ZAdkvp0Qnu>clNXI%Y1|(1n|lTfYkQ>AUEIUM7%smNA5JDK%DAX6h8EoF7Y=LQ
zIG3ga)v?xJrpY38+m~;@yH+!c)J0JF-NJi$A2F-ZrJ#D7<vaEA3(n<!TE>NQV=Lv{
zg^aW;o%6-ZDPI=oxV~tuo=Z{A-K7gz^+>iQ`5J}#T7rTKUJl_4k=v&2m}$$zGh<`Z
znbu6in1R@~So1@C4752yZxaqWesGaF;LoY+%TnivEn+H;Ixq4tKh}x~_*s*-H+=$j
za5$ELzHoHqJkE{3`W7ohe&VOd9!Z_3F<{Q!^YDJ!nfB`2XJB*q;LPN!(N)#!h4%XI
zJ{LV6g`<pj#}@OhF$&HQ(dV!9_CiptPgBGTE;~|nphg`~oeq0dFEvH<08pClnHHwa
zb5UW7Y%IcIpfr8po|wZK3zLJKHmyrx8;HhCj*NtpQ8XL4(MnoyU8>9g%;SWsAM_8_
zAGt`nKcV`XuQr)S#;H=m9`rTqwK&8C;;#4lHP^Q$0=C;M`_s1Od@ewj#Uk{!ZZzEM
z&pUe8v(mS8ZQD4AGOZ0Az4_3Yk~r=%6=QcK0cyB#|D{{8_S73J7x}T5C^8kgA|_$K
z4huw-4Y8}cL6fcoe;OqSOtprlY@}&Pvu>kalwo`%4Yncr@C^rvRcmO4s6BgZQ8+H4
zaehunUxmPR;=4<@gowltyBP^hyW#`rzZH;W0bl_S;222_OcnXwc(#=>avJga0e<^+
z`@-py&%XJ39U$V^so2ZT&Y{Rz6ew~&2EO^~aOw$O-*Uhx-AJD7Cy-Y8skO2tIBxRI
zSBJCrOLr)zA#hu(8VS^PyQ^?JL2r&>y;^B<_I{X8If=WiQpFK>aq3N=C#Si%>Th!A
z)B|yFN2q#Sb?a@m#On!q>e=l%r?*~sX;osG!YqW$a|c#DVZn-b488Qq;i7)NV5$`T
zDZDBfeHIG@Be5`GBtE9R^vdDVI}nlbxO%H0J6jy_Ixe!ThO160NU)$fG$n9&?Q+eS
zo6%<-7mYRDQ}_p6ivG{OQvUdVidEpNuby7OU(e!scM<i5w^?>hJA=C3(wIQ6Yj2jE
z$qQLnK|Lptmh=%iCZ|{`#LIOFT|4U2EJN1bEwYff6)X}t(KqPlOGP4PWTMq7f=vDh
z1=JgSjh=_Cf+{Mxc9}WmERx&CvWyB8Sx)o~$*)g}EC!A9vokT1Y-XZ^nWOYkN6hss
z*65x!j$}iIQ2~g>GAo;zaF)$9e%z5(k_xaZiPY#u2lPMGu_6=a8Wn(i`S}m}RjvQU
z`o5M)e%|Bt1R~`(R32Gv|C?SI^M70Q75#4cqWP7d_gd)*GJS{o2o`Y`;?+A`Lu9U~
zcjPaF*mZWe4%gv2T!-s$UFu+P<RxYrGs)(6Xl>@_yweeLT|MQwj$Zn5<Aaq7@FezK
zr4heJlB&mFc?XL05}w4q`?Mh8*3{^eM!shMi2~{RnP3sN;4rTG(JgPuMJbd(bhhO-
z9u;$d!<fK4b<z+`(+XYD54x$>td;e&F*eWETb5n0Z|pyN!EG&3i_>Vn+V}Wr|J?ub
zCqmbQdX!Gm4P`^gE*HzU(K33(sF)k;A{OW4>-aC8OVf-qqfC<dx>dEZTlY4y&2E`(
zUpw2r?73`8Z`FJD(fyPDTYoSh{W4glO7>_!292p>#n?4YO}``9k>*&QN9Tw0=Xq!5
z_#S76HE2y)%hvYYYG)mmd)6sD(R1IG#C@1M%U$Qa`8)U%f^;q~+%C)!4hlD527E8l
zUB{r4<0kgRN3jQ1-HZE5(b?)0?{WKz?2KkDFaUiF24K?w05AYxWsnMi0RWCf6sG^H
zoJZ!=T-c1Hd?mKf9H}{vkC>}tN0mijPhw&2JI(*Q6r)-9h(lqHfpw|VNe(c0H(M%Y
z-x{ty%^zyPH^0VvXCLX>dE3>oaBSqoKNeT-q=0_=sn+^K#s4U80Nq4YI9*WuK$wx?
ze|`L^rZ~cC*WkDJ@7)K9qp#EzlXqvy2kL4p8F0X*CAm@BTVALJy1yYJ5QRhw!KB(-
zJEm)(n>F9!tMqB8XD|($D-Ah451}Nh{shttEp-t`ta}W%FiICeNRpJK_|K5YTm~s7
zPsl|?y^sU{ds9LzIiLMrnAw=zQjXt#Rey2-My#0m{nH~VtnBEvO$EFpDOIoE{u7b8
z1TaCKEEs)gR(r0s1-|!<8rvJ1K@s?kL$DPVVKMH6U|e3Hhq$1>m|L5#>Qwitn%e-)
z6AP`n)ela#Fb<sTk}vx=O59tVC*$Ipw#4$qKPH}AIjM{1UR84&(DKDXzkRqgbn+!D
zfn6WTpGWVuIjakT1nfSV9B2)$V#0>qjN?EnYraJ^5ge$**)FW8Ejn5Q&4gahhtXfO
zVmM42`^0sEK&h1R5rfSt)qWAPQ=HqQ%e`|{;p5MLG@ZR4|JxMK8Aib%O3{+&@*5&T
zJ&0PVe(Imh#IM=qj|-aO*eMEE{{Knv{qg>``%?npX{GlFf>OlHP(TW6Q@K1-3Y)kK
zLbZplyyAs_B(_Cd-mz_Wh}+gKp7-*5S*c21&TF-hnYwXD)V=Q<1%da9H4TGzis-$n
z8KYrD-ydA4r8@9xv$Y>ouK{L5(1-BROhw&6TI}<IFbk)Gx>@u69*EO5oE5mHI4%Z$
zm)jqgxX7YH9cX^~khFTenq-v)IsVC6Ie00Je76z=LSkYL8E5aWs7U2}dSPg-L)!Ef
zE+YvNB+RWl)3BHCIhVhkcYfU8x7lsh2TsC_Fc3lS3xAzK-*4}zFVjkNbY305;p}*Q
zOc5$bLN5q`GoFYAC*l89$FKP0JkVqRUk;o_*E;)Hz#ME$7$P_nw=4;A&fc-vt7SU-
z8EfFkb+zVzE+8V&=GiWz#%QgplXCgk_<sKtT{cD<_|!T<Mc|KqU)&Lubnohz2P?QF
zJLX5e)C%`5vpaXtKwm1&?eY`tFx<<0>qA%BL(*j8_a48|UN5#^Z+_rbblllN34}W_
z2G>MI;tCcf@GLxQb=Lfa7NreMK!~3cw@Vx$o2fPX#*JaVv2)|av`FI?%;DCds|@WL
z?4*S`$+@l{L1uz&{M~htmGAIBWrX6Gjzt8Km54}*_P}+#Upa1i9gaICY&IxOlfyJU
zu;}_hC5s;Ucco@Ej~$O$c7$xGBl7fhHL#`9rJCzRt!sjXq@^&S`VdKw{|QpQHFb-q
z&z}uHI)~hT_V5GO*IkW4#HRF*1x6R|v7NthN}w+M^A1uSEM$rHXUe>TM1_U%?Q$_o
zdI3ER)ePPV@3s1;+-wsidA|9-M~mlFGoXb*BJ@gAVr1&nD;!A)t5EYw>hW+zW^uOg
z!0Ro`1uF`yq>s5FOjr`ux2$6<wMB<r;LRdi^3fqC5}lzAaV+<ri`QBeF1?%*%K1zN
zt>Mg{lE{Ne5?}fB@zbZ$;VMik$v<Sqs=0?4iWg;cF@A^*<P(G9&qKA{#E%21;qi@)
z3qYSb@%5l2eTBQW+eyay_4+@VABBtT_y9M9{W4&F%R;tb)xnRUzY_7AgLZ0bWB+T2
zYixQNJT?{JcDUWDp?qUYT#=kNG;C*x-=6+&r=w=RK0d=O4`fn6m{JZjp7x=i#F#@`
z<3b`5M8)|+w3KJeKa@!6llHEbYuycfIak^Rj%%mTX&$jzVn)@OCFfr4#kTK${{xwB
z_wMW9mhTuhX|_GtpDv4n2P#RdFyt)T3lTY_awdXkovK|PzbBf?`s}60uFku*ugsQ4
zJx-h4K^*!=lLM70P>yd^mmW~bhHnu~gdX%NH8C{{z95Eu7K+${6~)R7S^;sQC_IS%
zX**zRb{`svqR*j6(=bzrgmw!1mM=zEceAUb^iQl5t+b&lpdeA2`1rM#b}a?l_4L}~
z;^?S4C)h~$fcSs3!@vP&60DpP0dYc0m<7SQ)j>gREUxS>pz~rHfop$5MA!gZEgR-r
zJH(~&`bKq1+$^gwJ?{x=-|a4mA`m1cRA&`QXCfFec+ik0UOSG?4vhM8dHSXrJIcFu
zP8||xR#Hk)By0O2;I5#E)tiG>tn5!`I9o5_%=%-OAVCO%qge(!CPy)ZAmGboup?W(
zMIy1FG{u7$_)Ew?D7460!w%Td%RghywBP}%%<+-9&hwFPwJ6<+Zn9{Blen0ZeDsSe
z5i)MB-ED2)rpTTn+T~O80LT8M$Be(q>*Mty=bc>(byPn)=2jl>f~CY&nDXW~cP~Qt
z^A&owvGpvcB0G;rx#IpYU&pzn>IN>&Om-!XSWFR04lY?JggfERDXB-mSVJ)ALZdN>
z=DsMX`kcZ|`p-7WNyzj}r_bl^Qjf`o*DZ6&8MdLohS|HuvUfJDn*O!_&0~BmQHjo_
z|7f8_MG35`i5r(+LAfORPJ_Al@<PqZD=2Ea+ls3$vg-3}p8BTc5PF|$OvXhZL9L!$
z4|3n~iNs|m{nB;+d#e?uH<0q07B19Br%5uL`Fs1f^bWvLw=I6*TYN$3Ev7vntb<y@
zjPTZ?d@G&(Q#TB&82cKx<`(kTMQ1M?y3-jf(}HCn?Zh33i57?}STTW*!^idho*)t?
z@&Z+@*J{z6gQ4i38q=~UU^3pbsem8jS=8%7m6|ou1#B_f6|usER@os1W2P9lhbs;H
zn3IgSh)ax0r4wStOFcGXQIXAAe1u7qS<%D%x?|$5$!7ky=o)vM6w+kkqP-`tdf0-a
zMXUer(D0bB;enz1AHQ++s!)3ks|n**Sv}snjWv~Mo<_<x-dv+@2$%1JpD4iumF|kT
z%bY08-hH|qJ1<%kVza}(!jy1qHxxTJJG+a;o-xTTJ^9BB^M@yw64RiXRpW=$k&SS0
z!@*<=e?`V6HDI+yF8b4PF+WpBoe=>ktQ4+17x@}fm7rabtiwQu9ZF`P77=4@aad_(
zUp55SKtuSPLk$YfAdsVdFTMUG=KHkmGrnJzj7pvAi7YP+Vs%H=tB+BlD<qSFjEAYO
zl_%?gOq{c@3D>*)na=_?E5etuGxD@3v-0Ft-quPk92KQZm2vz|J?g9|cssHStDbbO
zHkxQoO>K5qD=dirX9MEe6V>RLL@U`L(iQ_yXO72w&JG3YT*Z)Nd}R|_@&bWgsjY~A
zu_VR!%-kR|9cjIj?2xh`fEB5^%kuX_@VDo5qB_9Sg->sI1Vgll8PWOGjEfot!!Fx$
zy+o$h7-o4Ky>Q&}21^kt>ZU?VifY;bmT)%_;MIggxhM@+PX?EE(&sNKYW0;|huN;~
zO*<{7quNRo2An+A8@Bw#t~8^t(XMMW>m=63lwjx)Un?)Ro|p_Do+*4*u+Jl1K^w^G
zJ7Jds?jAHxU_M8Z0t2l8gUXQLeot2<ig7SRFh*LUt)>~yV0)5`48%aPB(NMynP7gx
zLr!y<CJ2bpQVLG{32kNh>1jMwOU=nT??_ppAeZGRGNOsdrv9Tx%MCqgAfqZLXY^Lk
zYDQvKf-dAkADwY~Zd!-T^kUbVL?$gS_RKsG)7X|{2V83dGUd8a7^+O@z_qYX;?r^r
zun9JKY_m>lKy$k7Kt9e3c?lA=1GAmjF&$C%#=5=9p=|-qg4)HItQ<YktcN)Sx!beB
zF)ht{p-T(1=)qoQ#gN?H?+8F>Zp?G40e6ZAFFk(U;>==1V_E+A6Zeqr11>7JPRudv
z&LVK)RGC3g_;yiB&oQfHszYqTbrWoy@@-N-31-=LqV^)(o#{5+p_RP-$9+nMo=91a
zf2pfaR&Rx|eEs9|U<d~7$<a^VzWg-T|G*;DCGw0(=t4~4L3nV(#|DlnhE$|zxY`L)
z3<U`slyxTvYn*gc8IFlZW~Qwmp_z^gt+lL*7Aa|YuJ4EstM+H$yKY@-)TFezMhDB|
zy|KWxf<}9RclCAXH{NDd`-Uu`oLGms)}EMHH;|_|B&eSVCB$|KJPMC4+$M0dQjIF>
z0GSXr1QC+ZfHAXhn;@#hOK190O4fNPB#bT`9WM*F3BTdU=A|$40Jg4{dr?Kkaxhkg
zouKV(r+NT~r`T&uIpFgtRs8!niGUOgFrLT44J5<Rmi0nRDxIK+{~bd2XueM(%+vKt
zuG}z}G}^KSFH92@`*|10u0q_2S^SF?%tG^4CWzU}%Kug)x2U3FfdFHtX69g!wK~M7
zLSo)gMk-bkH67;70xphch;3H}|F6h|DpcR75XwTfw1JhKp&*KLfXN#U;a(9pVBeYp
zj2s&0OB~0gD*_&C_=R~7nD7i+VeWlX0LF6e5Z(+KEO5VFlEOt{_i)j&ENto$I?(ZO
zHCS779Xg#QAh7^B)QwcIDT1s$RyY?X%Y8Z&?ec023op%N0v}y-;PY<Hs!h{1DGp23
zrVI{DkzGfs^>ScwLq$qQOWBs9;n~g`l;oeDttrJk?sN@ogB>1gXLM0fR1}~AW1zFP
zrG<ei%Mwk=IFsg<K*B2mlo<DVM&*)^X>=?iNKuDY(Dg(}n7Gb2KQa?$qC7c8>lh7Y
zn9uacLglgMcumewLKzK)sDKQt;~*_lPqaC=1*-~rSSbtH7+XMl<nTq7z-5&Hvu$EE
zRO+IN(CH%TX8h6pG(~qx!~IlL6p=<c#+dC}Mnz@5QZreR7ahraE;i?sS*~Q`)h#m$
zS{{DyIzn-F@jqKHQ-YpJIfh1IMMJ7ah+vRc!D=eknyM%;AW+1shqWc=PFxTl^Eo(E
zF+~~^UYU(JWDd{I3ewqEUYNHan5T%=99eU^ws-qn?iw<GSw*_E;IExp%T0dJK~Jp8
zlRaZLuqmb4G4&r#Poz{DZ*`7Xoww@~>j87Nv^k`{{cXmNYiEZ$OTQUTB>X>Tib7e`
zaZk1oJpG3fa>^llB|>BHpQvoh4y!FXWr{lQtlZlbG+X4cTUBl?=5<ak;%(6W4HFkh
zEU3zC$w)aKuaq9ny_niS_XE<2T))UXn>4QWutdb?m4O6eh~Jz-kq4&@_gl^dCLGay
zhOFRUP#DvO`sv&yU3B+|gfZnWLO5%Iy-n%Pw?&{W<*S~S`mOdCbafVn?R~fp;Yd0i
zGCFgAHpIsDN%997n{+W@(ldaRuBE(`Ax%p56c1Ti<Sj@@)1>3{M-f)}!mRD@BZR0*
zK4@l(ko|n-pS!UOX>wS+l1F23(P2yOyLv4)ZUS<)(AETON&R1R!81cQ74*rbTR+XE
zsSthsctQigV7ZiGZKVENPk1pWh*O=2dcsQ-EQ^a%-f5ylhMne88ymOX|GFnkH`Ly)
z6SdoXR!AkfW*OHUAPvLtTo(~GgUf~Po`n;f-Va>5OupGs!+`Yy;oBI^VuP+XtD@23
z`P{dJ<WJ9Cs%}YSHU=^msqO!|Cgw#!b32!KeSJ6ZtjjZKLCd?<U}0#oRgpp>@B}o5
zVS4CrvIwbhvP$crg*#lQ!?G}OE#rA<ReJXH(_24p(i3e*D1Noh!n#5><s`J5Wgmjo
zlrfKvGr4_yyXH|o>2Z#BmsE7}hn<tzxis|I5N(mjpviU}piMXq8#s2WQQC2ATX~Iv
z-G^+Te2hHhDFQk=<Xm->5<M;%M1?Eb6Nz1v12oy*SUTc(+#Fo;PoDz_AIDa*nZndR
z)tRcRl5aE|bIU{F$|4+)0(L;s4k=FsFzBj9g5pJZm{72W_xarnn9LMN3gmJaAmC8I
zz9N~nN}W`8$2JSeL&xm@EWpzfJhh|)ofyz=OoS#UO$#V@4{?eUt_p_)#)GyGgq$#p
z;be=+Y?LsPbIP?&mzH7V9z>s-FYV0n$U&18rKPqEPgiP7(rZeO8AYr~cJx?NOX3=R
zq^|3(<3L<exQy@WirmxSH}I(`i43x=7V)_xC;A=M<2Wd*VxD0VW~bWE%pi<(x|l~u
zxQbW1v<xI2qOuHUmYgWmxRq&Vc*E90*QqqiD0he)xU4I*n7u(v&03sQt+qgfO&$_2
zkRWRzq-ck^(nKvI`<fz>U`+lwCT)R)JwqY#ywNDt5f&_`=R)Hwph}nZTnX1xB7c|}
zog^*5m^@+5X(+bDU~0U^8qD!Yh8n_LOW5BrS|SCgS?wTd${k5!I+vQz^2euVheZ4|
zaS5nbNHG;0y(*tW1zH(eG=2%mAN@;$E-th62g4ZlI&ZYdsi6g<!~g}lKBpC}K=n<<
zkZ5v>>`2&C61`GZNSMMDH>EulyNsG?b~=jPI)#y4K><Mq3cv$zV9-elr=Thx`+CD^
zV#w~B1x$?;=VWaDL$3w_w8e@&Rp-M|_crZ*rT=OHK<kGoK2g6vr)awD0xYl+^ef0p
zfRQcw4k9t8clB%xGz=Q;#3Jb9<P!;`xj5de$84JPqt9JDnvzi*b=}rQg$L(MS=GF%
zEV9*7Q$)$CjU`wY)r~^Kr6ZC4MF6<#S|Cs)LaD`7N*%K1g*|IcR!AA?Q0#EEp`lvG
z0>&W=)7n%DT~Q>oOV>_)W|w9$r$wDmre5tNxp?k2+h>p{D^A^%`DQbhB-L&JH$*qo
zQ@ajuldHbkBtTZjh$f_QxoC5n?0=_6CMrGCno7MM`FWt$b*R*V6<M>(lB;gEu5ac6
zWqoe_D=S*J{!#!!2-Ai2IauTV-DHEIJha?Q!yaP$Kx%qn&HC5UxXyS@lO#gumSAgf
z^x2nTOuA=a^cOhW^L}NWZcfUHUIzsE>sq-oK287xK&<;3^TKbL(o^NREyOJV_-$SL
zGXVT~u1&q)!I}1qdjJ?<0003$+O9%RsgRu`0Rmok#^xE6;TI@!N8h09{*;O<p=&*N
ze62`<1AHCUL)6~+U!%hg*MxJIXVln_6%b)GkMGrwwat-uqpon9_7U9K0cgF4c?C(s
zu?USp4bwqw4u-s>H-A^t65=#vSbwO|dEhERQmjW6Ny#L02vDucXa0_rKY#$NLw6>I
z&<7G}#-9?13jxw>0NVfq2w`jk!;PyDsDN*;YDDOWCkO_@6zp{)jo<?UoHP-PWSt8}
zfKEd|(w-}t^D^llSr5a2mu|s?MPI^#pWecTq+8?@6$khcq+gK>i3}ltcn-w}NM;Ih
zBR4CM2O(}k5J5iuJE@QyLv0s;Ks44tA&`1PDoV;~LXLAI_QI|{9;N5(3E5`>y-rVx
z7xcv>p=G)$rP#PfJoBXDy+fdA@AW+@cp~6z8NoIQEDU~TUhlJTyUM$~DJ_6kjLxf$
z2ivmw5Y}@ayY_lVRY5~Z#ncbRdv>ju<O-fQoW_D6O3sxK+c_EZL5DkfiYtj>QGq+n
zdMr-g6N>h%+I9xxF>de!Hof)9jhcUb2j&^2k8|W1E;+eKz<SQ5P_f5i^vn|`B$ZuS
zb&-_>DMMy@QIc{NTT1X5NUD4~96UP@coNScm5I)=&c8pOUtk)Yg~7_k&cVsW%>xC)
zqEI+I0fdMo#d47;)GE>F45ku`&EfL+0_9q%2t{I5HFXWmrZZ;Tgvpju*V5L})iZ6z
ztT}xH3jhtWXvwk_tJbXBXxl$DvSqu&?AWzu-+@C%j-5Dl=G;Z+xpd{)jazr_J$URo
zPo80L1QLbDU~zZ?QCmk>Pv5}M$k>ZlZ{B_Q^rhc`K|_X(7&S)EFsZMD4X|4@+rLj;
zpya{|1I5H$fCLFp4<q<_HGkafEM-#wiis;sAXEfr64#s0pO+9eE07p&)QZk>G5eUW
z{wRS}s-l!#l;U3D;)dfcX;mti1n(kl8vL(LJp7k`qi_cNB=OiPsz|duk3|{MW1YGw
z=4dv)FvD;WezN%N3|eM+5x4bX4q2?yd>b#eG7WK8#kTX}C^Bv4^OyPGd#{a@RpIHX
zHux&vY_&$?t9_MkuG&rm<bNGF>pVVhH(9<R<r{YDNRHZPgOB<A`*#{B<Q<Lum-*&b
z8bmi0hr5mbKZE%pccL)guOXIQ9gEZ!2h;(rIa~S^&^p%c)*2-G+Y}UsKF8Kqr(w%L
io@y*|TYsg;P@j+Q6aM!uXTz9<`&jYzKQ)+q5dZ)rtzj|%

literal 0
HcmV?d00001

diff --git a/pkg/webui/ui/build/static/media/orphan.svg b/pkg/webui/ui/build/static/media/orphan.svg
new file mode 100644
index 000000000..43e777661
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/orphan.svg
@@ -0,0 +1,6 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M3.13 16.7114C3.28 16.8614 3.47 16.9314 3.66 16.9314C3.85 16.9314 4.03999 16.8614 4.17999 16.7214C4.46999 16.4314 4.46999 15.9514 4.17999 15.6614C3.08999 14.5714 2.49001 13.1214 2.49001 11.5914C2.49001 8.41143 5.07001 5.82141 8.24001 5.82141L16.19 5.84143C16.5 5.84143 16.78 5.6514 16.89 5.3714C17 5.0914 17 4.5 16.19 4.3114H8.25C4.25 4.3114 1 7.57142 1 11.5814C1 13.5114 1.76 15.3314 3.13 16.7114Z" fill="#39403E"/>
+<path d="M7.30984 19.1613H9.18985L15.2598 19.1814C19.2598 19.1814 22.5098 15.9213 22.5098 11.9113C22.5098 9.98135 21.7498 8.1614 20.3798 6.7814C20.0898 6.4914 19.6099 6.4914 19.3199 6.7814C19.0299 7.0714 19.0299 7.5514 19.3199 7.8414C20.4099 8.9314 21.0098 10.3813 21.0098 11.9113C21.0098 15.0913 18.4298 17.6814 15.2598 17.6814L7.30984 17.6613C6.99984 17.6613 6.71984 17.8514 6.60984 18.1314C6.49984 18.4114 6.49994 18.9999 7.30984 19.1613Z" fill="#39403E"/>
+<path opacity="0.4" d="M8.5 15H14.5C16.43 15 18 13.6457 18 12C18 10.3543 16.43 9 14.5 9H8.5C6.57 9 5 10.3543 5 12C5 13.6457 6.57 15 8.5 15Z" fill="#39403E"/>
+<path d="M21 3L3 20" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/project.svg b/pkg/webui/ui/build/static/media/project.svg
new file mode 100644
index 000000000..4a0c505c9
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/project.svg
@@ -0,0 +1,5 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
+<path d="M19.9919 33H17.9927C13.9942 33 12.9946 32 12.9946 28V18C12.9946 14 13.9942 13 17.9927 13H19.4921C20.9915 13 21.3214 13.44 21.8911 14.2L23.3905 16.2C23.7704 16.7 23.9903 17 24.9899 17H27.9887C31.9871 17 32.9867 18 32.9867 22V24" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M24.7501 29.32C22.401 29.49 22.401 32.89 24.7501 33.06H30.3079C30.9776 33.06 31.6374 32.81 32.1272 32.36C33.7765 30.92 32.8968 28.04 30.7277 27.77C29.948 23.08 23.1707 24.86 24.7701 29.33" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/prune.svg b/pkg/webui/ui/build/static/media/prune.svg
new file mode 100644
index 000000000..7c4784206
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/prune.svg
@@ -0,0 +1,8 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
+<path d="M32 15.98C28.67 15.65 25.32 15.48 21.98 15.48C20 15.48 18.02 15.58 16.04 15.78L14 15.98" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M19.5 14.97L19.72 13.66C19.88 12.71 20 12 21.69 12H24.31C26 12 26.13 12.75 26.28 13.67L26.5 14.97" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M29.8499 19.14L29.1999 29.21C29.0899 30.78 28.9999 32 26.2099 32H19.7899C16.9999 32 16.9099 30.78 16.7999 29.21L16.1499 19.14" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M21.3301 26.5H24.6601" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.34" d="M20.5 22.5H25.5" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/relation-hline.svg b/pkg/webui/ui/build/static/media/relation-hline.svg
new file mode 100644
index 000000000..0835a6c9f
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/relation-hline.svg
@@ -0,0 +1,5 @@
+<svg width="169" height="12" viewBox="0 0 169 12" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6 6H163" stroke="#39403E" stroke-width="2"/>
+<circle cx="6" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
+<circle cx="163" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/result.svg b/pkg/webui/ui/build/static/media/result.svg
new file mode 100644
index 000000000..013fab63e
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/result.svg
@@ -0,0 +1,8 @@
+<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="15" cy="15" r="15" fill="#DFEBE9"/>
+<path d="M12.0825 14.8876C9.96746 15.0376 9.97496 18.1126 12.0825 18.2626H17.085C17.6925 18.2701 18.2775 18.0376 18.7275 17.6326C20.2125 16.3351 19.4175 13.7326 17.4675 13.4851C16.77 9.25507 10.6575 10.8601 12.105 14.8876" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
+<g opacity="0.4">
+<path d="M7.5 17.25C7.5 20.1525 9.8475 22.5 12.75 22.5L11.9625 21.1875" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M22.5 12.75C22.5 9.8475 20.1525 7.5 17.25 7.5L18.0375 8.8125" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/search.svg b/pkg/webui/ui/build/static/media/search.svg
new file mode 100644
index 000000000..1a9508cbd
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/search.svg
@@ -0,0 +1,4 @@
+<svg width="27" height="27" viewBox="0 0 27 27" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M12.9375 23.625C18.84 23.625 23.625 18.84 23.625 12.9375C23.625 7.03496 18.84 2.25 12.9375 2.25C7.03496 2.25 2.25 7.03496 2.25 12.9375C2.25 18.84 7.03496 23.625 12.9375 23.625Z" fill="#39403E"/>
+<path d="M23.9624 24.75C23.7599 24.75 23.5574 24.6713 23.4111 24.525L21.3186 22.4325C21.0149 22.1288 21.0149 21.6338 21.3186 21.3188C21.6224 21.015 22.1174 21.015 22.4324 21.3188L24.5249 23.4113C24.8286 23.715 24.8286 24.21 24.5249 24.525C24.3674 24.6713 24.1649 24.75 23.9624 24.75Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/star.svg b/pkg/webui/ui/build/static/media/star.svg
new file mode 100644
index 000000000..0fda929ba
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/star.svg
@@ -0,0 +1,4 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M5.02268 14C5.11893 13.5712 4.94393 12.9587 4.63768 12.6525L2.51143 10.5262C1.84643 9.86125 1.58393 9.1525 1.77643 8.54C1.97768 7.9275 2.59893 7.5075 3.52643 7.35L6.25643 6.895C6.65018 6.825 7.13143 6.475 7.31518 6.11625L8.82018 3.0975C9.25768 2.23125 9.85268 1.75 10.5002 1.75C11.1477 1.75 11.7427 2.23125 12.1802 3.0975L13.6852 6.11625C13.7989 6.34375 14.0352 6.5625 14.2889 6.71125L4.86518 16.135C4.74268 16.2575 4.53268 16.1437 4.56768 15.9687L5.02268 14Z" fill="#222222"/>
+<path d="M16.3627 12.6524C16.0477 12.9674 15.8727 13.5712 15.9777 13.9999L16.5814 16.6337C16.8352 17.7274 16.6777 18.5499 16.1352 18.9437C15.9164 19.1012 15.6539 19.1799 15.3477 19.1799C14.9014 19.1799 14.3764 19.0137 13.7989 18.6724L11.2352 17.1499C10.8327 16.9137 10.1677 16.9137 9.76519 17.1499L7.20144 18.6724C6.23019 19.2412 5.39895 19.3374 4.8652 18.9437C4.66395 18.7949 4.5152 18.5937 4.41895 18.3312L15.0589 7.69116C15.4614 7.28866 16.0302 7.10491 16.5814 7.20116L17.4652 7.34991C18.3927 7.50741 19.0139 7.92741 19.2152 8.53991C19.4077 9.15241 19.1452 9.86116 18.4802 10.5262L16.3627 12.6524Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/target.svg b/pkg/webui/ui/build/static/media/target.svg
new file mode 100644
index 000000000..eb93030dc
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/target.svg
@@ -0,0 +1,5 @@
+<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
+<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
+<path d="M32.9867 23V20C32.9867 15 30.9875 13 25.9895 13H19.9919C14.9938 13 12.9946 15 12.9946 20V26C12.9946 31 14.9938 33 19.9919 33H22.9907" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+<path opacity="0.4" d="M31.9473 28.84L30.3179 29.39C29.8681 29.54 29.5082 29.89 29.3583 30.35L28.8085 31.98C28.3387 33.39 26.3595 33.36 25.9196 31.95L24.0704 26C23.7105 24.82 24.8001 23.72 25.9696 24.09L31.9273 25.94C33.3267 26.38 33.3467 28.37 31.9473 28.84Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/targets.svg b/pkg/webui/ui/build/static/media/targets.svg
new file mode 100644
index 000000000..e6a6ad8c9
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/targets.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48" fill="none">
+<circle cx="24" cy="24" r="24" fill="#222222"/>
+<path d="M14.9336 19.2H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+<path opacity="0.34" d="M14.9336 24.5334H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+<path d="M14.9336 29.8667H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
+</svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/trash.svg b/pkg/webui/ui/build/static/media/trash.svg
new file mode 100644
index 000000000..426eec953
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/trash.svg
@@ -0,0 +1,6 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.0702 5.23C19.4602 5.07 17.8502 4.95 16.2302 4.86V4.85L16.0102 3.55C15.8602 2.63 15.6402 1.25 13.3002 1.25H10.6802C8.35016 1.25 8.13016 2.57 7.97016 3.54L7.76016 4.82C6.83016 4.88 5.90016 4.94 4.97016 5.03L2.93016 5.23C2.51016 5.27 2.21016 5.64 2.25016 6.05C2.29016 6.46 2.65016 6.76 3.07016 6.72L5.11016 6.52C10.3502 6 15.6302 6.2 20.9302 6.73C20.9602 6.73 20.9802 6.73 21.0102 6.73C21.3902 6.73 21.7202 6.44 21.7602 6.05C21.7902 5.64 21.4902 5.27 21.0702 5.23Z" fill="#39403E"/>
+<path opacity="0.3991" d="M19.2302 8.14C18.9902 7.89 18.6602 7.75 18.3202 7.75H5.68024C5.34024 7.75 5.00024 7.89 4.77024 8.14C4.54024 8.39 4.41024 8.73 4.43024 9.08L5.05024 19.34C5.16024 20.86 5.30024 22.76 8.79024 22.76H15.2102C18.7002 22.76 18.8402 20.87 18.9502 19.34L19.5702 9.09C19.5902 8.73 19.4602 8.39 19.2302 8.14Z" fill="#39403E"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M9.58008 17C9.58008 16.5858 9.91586 16.25 10.3301 16.25H13.6601C14.0743 16.25 14.4101 16.5858 14.4101 17C14.4101 17.4142 14.0743 17.75 13.6601 17.75H10.3301C9.91586 17.75 9.58008 17.4142 9.58008 17Z" fill="#39403E"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M8.75 13C8.75 12.5858 9.08579 12.25 9.5 12.25H14.5C14.9142 12.25 15.25 12.5858 15.25 13C15.25 13.4142 14.9142 13.75 14.5 13.75H9.5C9.08579 13.75 8.75 13.4142 8.75 13Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/tree-view.svg b/pkg/webui/ui/build/static/media/tree-view.svg
new file mode 100644
index 000000000..225712f63
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/tree-view.svg
@@ -0,0 +1,7 @@
+<svg width="26" height="26" viewBox="0 0 26 26" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M7.58317 8.66666H4.33317C3.1415 8.66666 2.1665 7.69166 2.1665 6.5V4.33333C2.1665 3.14166 3.1415 2.16666 4.33317 2.16666H7.58317C8.77484 2.16666 9.74984 3.14166 9.74984 4.33333V6.5C9.74984 7.69166 8.77484 8.66666 7.58317 8.66666Z" fill="#59A588"/>
+<path d="M22.5335 7.58333H18.6335C17.9185 7.58333 17.3335 6.99832 17.3335 6.28332V4.55001C17.3335 3.83501 17.9185 3.25 18.6335 3.25H22.5335C23.2485 3.25 23.8335 3.83501 23.8335 4.55001V6.28332C23.8335 6.99832 23.2485 7.58333 22.5335 7.58333Z" fill="#59A588"/>
+<path d="M22.5335 15.7083H18.6335C17.9185 15.7083 17.3335 15.1233 17.3335 14.4083V12.675C17.3335 11.96 17.9185 11.375 18.6335 11.375H22.5335C23.2485 11.375 23.8335 11.96 23.8335 12.675V14.4083C23.8335 15.1233 23.2485 15.7083 22.5335 15.7083Z" fill="#59A588"/>
+<path opacity="0.37" d="M17.3333 14.3542C17.7775 14.3542 18.1458 13.9858 18.1458 13.5417C18.1458 13.0975 17.7775 12.7292 17.3333 12.7292H14.3542V6.22916H17.3333C17.7775 6.22916 18.1458 5.86083 18.1458 5.41666C18.1458 4.9725 17.7775 4.60416 17.3333 4.60416H9.75C9.30583 4.60416 8.9375 4.9725 8.9375 5.41666C8.9375 5.86083 9.30583 6.22916 9.75 6.22916H12.7292V19.5C12.7292 21.1467 14.0617 22.4792 15.7083 22.4792H17.3333C17.7775 22.4792 18.1458 22.1108 18.1458 21.6667C18.1458 21.2225 17.7775 20.8542 17.3333 20.8542H15.7083C14.9608 20.8542 14.3542 20.2475 14.3542 19.5V14.3542H17.3333Z" fill="#59A588"/>
+<path d="M22.5335 23.8333H18.6335C17.9185 23.8333 17.3335 23.2483 17.3335 22.5333V20.8C17.3335 20.085 17.9185 19.5 18.6335 19.5H22.5335C23.2485 19.5 23.8335 20.085 23.8335 20.8V22.5333C23.8335 23.2483 23.2485 23.8333 22.5335 23.8333Z" fill="#59A588"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-down.svg b/pkg/webui/ui/build/static/media/triangle-down.svg
new file mode 100644
index 000000000..d9c2677ca
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/triangle-down.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
+<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-right.svg b/pkg/webui/ui/build/static/media/triangle-right.svg
new file mode 100644
index 000000000..ad10f4ccc
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/triangle-right.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none"  transform="rotate(-90)"  xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
+<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/warning-sign.svg b/pkg/webui/ui/build/static/media/warning-sign.svg
new file mode 100644
index 000000000..e38fa71b2
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/warning-sign.svg
@@ -0,0 +1,5 @@
+<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M19.0402 13.93L13.4402 3.85C12.6877 2.49375 11.6464 1.75 10.5002 1.75C9.35391 1.75 8.31266 2.49375 7.56016 3.85L1.96016 13.93C1.25141 15.2162 1.17266 16.45 1.74141 17.4212C2.31016 18.3925 3.43016 18.9262 4.90016 18.9262H16.1002C17.5702 18.9262 18.6902 18.3925 19.2589 17.4212C19.8277 16.45 19.7489 15.2075 19.0402 13.93Z" fill="#222222"/>
+<path d="M10.5 12.9062C10.1413 12.9062 9.84375 12.6087 9.84375 12.25V7.875C9.84375 7.51625 10.1413 7.21875 10.5 7.21875C10.8587 7.21875 11.1562 7.51625 11.1562 7.875V12.25C11.1562 12.6087 10.8587 12.9062 10.5 12.9062Z" fill="#222222"/>
+<path d="M10.5 15.75C10.4475 15.75 10.3863 15.7412 10.325 15.7325C10.2725 15.7237 10.22 15.7062 10.1675 15.68C10.115 15.6625 10.0625 15.6362 10.01 15.6012C9.96625 15.5662 9.9225 15.5312 9.87875 15.4962C9.72125 15.33 9.625 15.1025 9.625 14.875C9.625 14.6475 9.72125 14.42 9.87875 14.2537C9.9225 14.2187 9.96625 14.1837 10.01 14.1487C10.0625 14.1137 10.115 14.0875 10.1675 14.07C10.22 14.0437 10.2725 14.0262 10.325 14.0175C10.4388 13.9912 10.5612 13.9912 10.6662 14.0175C10.7275 14.0262 10.78 14.0437 10.8325 14.07C10.885 14.0875 10.9375 14.1137 10.99 14.1487C11.0338 14.1837 11.0775 14.2187 11.1213 14.2537C11.2788 14.42 11.375 14.6475 11.375 14.875C11.375 15.1025 11.2788 15.33 11.1213 15.4962C11.0775 15.5312 11.0338 15.5662 10.99 15.6012C10.9375 15.6362 10.885 15.6625 10.8325 15.68C10.78 15.7062 10.7275 15.7237 10.6662 15.7325C10.6137 15.7412 10.5525 15.75 10.5 15.75Z" fill="#222222"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/warning.svg b/pkg/webui/ui/build/static/media/warning.svg
new file mode 100644
index 000000000..788515486
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/warning.svg
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M21.0802 8.58003V15.42C21.0802 16.54 20.4802 17.58 19.5102 18.15L13.5702 21.58C12.6002 22.14 11.4002 22.14 10.4202 21.58L4.48016 18.15C3.51016 17.59 2.91016 16.55 2.91016 15.42V8.58003C2.91016 7.46003 3.51016 6.41999 4.48016 5.84999L10.4202 2.42C11.3902 1.86 12.5902 1.86 13.5702 2.42L19.5102 5.84999C20.4802 6.41999 21.0802 7.45003 21.0802 8.58003Z" fill="#ed6c02"/>
+<path d="M12 13.75C11.59 13.75 11.25 13.41 11.25 13V7.75C11.25 7.34 11.59 7 12 7C12.41 7 12.75 7.34 12.75 7.75V13C12.75 13.41 12.41 13.75 12 13.75Z" fill="#DFEBE9"/>
+<path d="M12 17.25C11.87 17.25 11.74 17.22 11.62 17.17C11.49 17.12 11.39 17.05 11.29 16.96C11.2 16.86 11.13 16.75 11.07 16.63C11.02 16.51 11 16.38 11 16.25C11 15.99 11.1 15.73 11.29 15.54C11.39 15.45 11.49 15.38 11.62 15.33C11.99 15.17 12.43 15.26 12.71 15.54C12.8 15.64 12.87 15.74 12.92 15.87C12.97 15.99 13 16.12 13 16.25C13 16.38 12.97 16.51 12.92 16.63C12.87 16.75 12.8 16.86 12.71 16.96C12.52 17.15 12.27 17.25 12 17.25Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/build/staticbuild.js b/pkg/webui/ui/build/staticbuild.js
new file mode 100644
index 000000000..af1b72ec3
--- /dev/null
+++ b/pkg/webui/ui/build/staticbuild.js
@@ -0,0 +1 @@
+const staticResults = new Map()

From dd6b46f570b20ff2782bd1100577464dceeca09d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 15:24:34 +0200
Subject: [PATCH 1160/2268] chore: Use 9090 for proxy port

---
 pkg/webui/ui/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 22e326feb..13688b0f8 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -3,7 +3,7 @@
   "version": "0.1.0",
   "homepage": "./",
   "private": true,
-  "proxy": "http://localhost:8080",
+  "proxy": "http://localhost:9090",
   "dependencies": {
     "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
     "@emotion/react": "^11.11.1",

From 4b6bfb23f27ba07f523011a04afa6d272860af1f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Jun 2023 15:24:56 +0200
Subject: [PATCH 1161/2268] fix: Fix summaries/validateResults update handling

---
 pkg/webui/ui/src/components/App.tsx | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index e4f6fa347..c0635fa0a 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -32,23 +32,28 @@ export const AppContext = createContext<AppContextProps>({
 const App = () => {
     const [filters, setFilters] = useState<ActiveFilters>()
 
-    const summaries = useRef<Map<string, CommandResultSummary>>(new Map())
-    const validateResults = useRef<Map<string, ValidateResult>>(new Map())
+    const summariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
+    const validateResultsRef = useRef<Map<string, ValidateResult>>(new Map())
+    const [summaries, setSummaries] = useState(summariesRef.current)
+    const [validateResults, setValidateResults] = useState(validateResultsRef.current)
 
     useEffect(() => {
         const updateSummary = (rs: CommandResultSummary) => {
             console.log("update_summary", rs.id, rs.commandInfo.startTime)
-            summaries.current.set(rs.id, rs)
+            summariesRef.current.set(rs.id, rs)
+            setSummaries(new Map(summariesRef.current))
         }
 
         const deleteSummary = (id: string) => {
             console.log("delete_summary", id)
-            summaries.current.delete(id)
+            summariesRef.current.delete(id)
+            setSummaries(new Map(summariesRef.current))
         }
 
         const updateValidateResult = (key: ProjectTargetKey, vr: ValidateResult) => {
             console.log("validate_result", key)
-            validateResults.current.set(JSON.stringify(key), vr)
+            validateResultsRef.current.set(JSON.stringify(key), vr)
+            setValidateResults(new Map(validateResultsRef.current))
         }
 
         console.log("starting listenResults")
@@ -73,13 +78,13 @@ const App = () => {
 
     const projects = useMemo(() => {
         console.log("buildProjectSummaries")
-        return buildProjectSummaries(summaries.current, validateResults.current)
+        return buildProjectSummaries(summaries, validateResults)
     }, [summaries, validateResults])
 
     const appContext = {
-        summaries: summaries.current,
+        summaries: summariesRef.current,
         projects: projects,
-        validateResults: validateResults.current,
+        validateResults: validateResults,
     }
 
     const outletContext: AppOutletContext = {

From 71a5aa6b8d3373eeb7b0de45e772b1a398887535 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Jun 2023 00:44:52 +0200
Subject: [PATCH 1162/2268] fix: Switch to using plain watches + channels
 instead of informers

---
 cmd/kluctl/commands/cmd_controller_run.go |   7 +-
 cmd/kluctl/commands/cmd_webui.go          |  11 +-
 cmd/kluctl/commands/utils.go              |   2 +-
 pkg/k8s/client_factory.go                 |   6 +-
 pkg/k8s/fake_client_factory.go            |   2 +-
 pkg/k8s/k8s_cluster.go                    |   2 +-
 pkg/results/result-store-secrets.go       | 160 ++++++++--------------
 pkg/results/result-store.go               |   8 +-
 pkg/results/results-collector.go          | 104 +++++++-------
 pkg/webui/server.go                       |  27 +++-
 pkg/webui/validator.go                    |  82 ++++++++---
 pkg/webui/websocket.go                    | 135 +++++++++++-------
 12 files changed, 313 insertions(+), 233 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index bc83b0a5d..a08a09016 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -21,6 +21,7 @@ import (
 	"path/filepath"
 	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
@@ -130,7 +131,11 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	if cmd.WriteCommandResult {
-		resultStore, err := results.NewResultStoreSecrets(ctx, mgr.GetClient(), mgr.GetCache(), cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
+		wc, ok := mgr.GetClient().(client.WithWatch)
+		if !ok {
+			return fmt.Errorf("client does not implement WithWatch")
+		}
+		resultStore, err := results.NewResultStoreSecrets(ctx, wc, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 73838107a..2ae1a520c 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -89,18 +88,12 @@ func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultSt
 			return nil, nil, err
 		}
 
-		client, err := client.New(config, client.Options{})
+		client, err := client.NewWithWatch(config, client.Options{})
 		if err != nil {
 			return nil, nil, err
 		}
 
-		cache, err := cache.New(config, cache.Options{})
-		if err != nil {
-			return nil, nil, err
-		}
-		go cache.Start(ctx)
-
-		store, err := results.NewResultStoreSecrets(ctx, client, cache, "", 0)
+		store, err := results.NewResultStoreSecrets(ctx, client, "", 0)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0f524badc..71e0445f7 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -212,7 +212,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 			return err
 		}
 
-		resultStore, err = results.NewResultStoreSecrets(ctx, client, nil, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
+		resultStore, err = results.NewResultStoreSecrets(ctx, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 46786fc21..255f35fb7 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -26,7 +26,7 @@ type ClientFactory interface {
 	CloseIdleConnections()
 
 	Mapper() meta.RESTMapper
-	Client(wh rest.WarningHandler) (client.Client, error)
+	Client(wh rest.WarningHandler) (client.WithWatch, error)
 
 	DiscoveryClient() (discovery.DiscoveryInterface, error)
 	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
@@ -53,11 +53,11 @@ func (r *realClientFactory) Mapper() meta.RESTMapper {
 	return r.mapper
 }
 
-func (r *realClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
+func (r *realClientFactory) Client(wh rest.WarningHandler) (client.WithWatch, error) {
 	config := rest.CopyConfig(r.config)
 	config.WarningHandler = wh
 
-	return client.New(config, client.Options{
+	return client.NewWithWatch(config, client.Options{
 		Mapper: r.mapper,
 		WarningHandler: client.WarningHandlerOptions{
 			SuppressWarnings: true,
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
index f5e191d32..2135d24ef 100644
--- a/pkg/k8s/fake_client_factory.go
+++ b/pkg/k8s/fake_client_factory.go
@@ -57,7 +57,7 @@ func (f *fakeClientFactory) Mapper() meta.RESTMapper {
 	return f.mapper
 }
 
-func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.Client, error) {
+func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.WithWatch, error) {
 	return fake2.NewClientBuilder().
 		WithScheme(f.scheme).
 		WithRESTMapper(f.mapper).
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 50063ca8e..082224646 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -510,7 +510,7 @@ func (k *K8sCluster) ResetMapper() {
 	}
 }
 
-func (k *K8sCluster) ToClient() (client.Client, error) {
+func (k *K8sCluster) ToClient() (client.WithWatch, error) {
 	return k.clientFactory.Client(nil)
 }
 
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 9b62f35c0..7f3e5cfa5 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -12,10 +12,9 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	toolscache "k8s.io/client-go/tools/cache"
+	"k8s.io/apimachinery/pkg/watch"
 	"path"
 	"regexp"
-	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sort"
 	"strings"
@@ -24,56 +23,23 @@ import (
 
 type ResultStoreSecrets struct {
 	ctx    context.Context
-	client client.Client
-	cache  cache.Cache
-	reader client.Reader
+	client client.WithWatch
 
 	writeNamespace   string
 	keepResultsCount int
 
-	mutex    sync.Mutex
-	informer cache.Informer
+	mutex sync.Mutex
 }
 
-func NewResultStoreSecrets(ctx context.Context, client client.Client, cache cache.Cache, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, client client.WithWatch, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
 	s := &ResultStoreSecrets{
 		ctx:              ctx,
 		client:           client,
-		cache:            cache,
 		writeNamespace:   writeNamespace,
 		keepResultsCount: keepResultsCount,
 	}
-	if cache != nil {
-		s.reader = cache
-	} else {
-		s.reader = client
-	}
-	return s, nil
-}
-
-func (s *ResultStoreSecrets) ensureInformer() error {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
-
-	if s.informer != nil {
-		return nil
-	}
-	if s.cache == nil {
-		return nil
-	}
-
-	var partialSecret metav1.PartialObjectMetadata
-	partialSecret.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "Secret"})
-
-	informer, err := s.cache.GetInformer(s.ctx, &partialSecret)
-	if err != nil {
-		return err
-	}
 
-	s.informer = informer
-	s.cache.WaitForCacheSync(s.ctx)
-
-	return nil
+	return s, nil
 }
 
 var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
@@ -106,7 +72,7 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 		return fmt.Errorf("missing writeNamespace")
 	}
 	var ns corev1.Namespace
-	err := s.reader.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
+	err := s.client.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
 	if err != nil && errors.IsNotFound(err) {
 		ns := &corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
@@ -125,12 +91,7 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 }
 
 func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error {
-	err := s.ensureInformer()
-	if err != nil {
-		return err
-	}
-
-	err = s.ensureWriteNamespace()
+	err := s.ensureWriteNamespace()
 	if err != nil {
 		return err
 	}
@@ -231,14 +192,9 @@ func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target re
 }
 
 func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
-	err := s.ensureInformer()
-	if err != nil {
-		return nil, err
-	}
-
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err = s.reader.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
+	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -246,7 +202,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	ret := make([]result.CommandResultSummary, 0, len(l.Items))
 
 	for _, x := range l.Items {
-		summary, err := s.parseSummary(&x)
+		summary, err := s.parseSummary(x.GetAnnotations())
 		if err != nil {
 			continue
 		}
@@ -264,11 +220,11 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	return ret, nil
 }
 
-func (s *ResultStoreSecrets) parseSummary(obj client.Object) (*result.CommandResultSummary, error) {
-	if len(obj.GetAnnotations()) == 0 {
+func (s *ResultStoreSecrets) parseSummary(a map[string]string) (*result.CommandResultSummary, error) {
+	if len(a) == 0 {
 		return nil, nil
 	}
-	summaryJson := obj.GetAnnotations()["kluctl.io/result-summary"]
+	summaryJson := a["kluctl.io/result-summary"]
 	if summaryJson == "" {
 		return nil, nil
 	}
@@ -295,67 +251,69 @@ func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary,
 	return true
 }
 
-func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error) {
-	err := s.ensureInformer()
+func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+	var l metav1.PartialObjectMetadataList
+	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
+	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
 	if err != nil {
-		return nil, err
+		return nil, nil, nil, err
 	}
 
-	handler := func(obj any, deleted bool) {
-		obj2, ok := obj.(client.Object)
-		if !ok {
-			return
-		}
-		summary, err := s.parseSummary(obj2)
+	var initialListRet []*result.CommandResultSummary
+	for _, x := range l.Items {
+		summary, err := s.parseSummary(x.GetAnnotations())
 		if err != nil {
-			return
-		}
-		if summary == nil {
-			return
+			continue
 		}
 		if !s.filterSummary(summary, options.ProjectFilter) {
-			return
-		}
-		if deleted {
-			delete(summary.Id)
-		} else {
-			update(summary)
+			continue
 		}
+		initialListRet = append(initialListRet, summary)
 	}
 
-	r, err := s.informer.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			handler(obj, false)
-		},
-		UpdateFunc: func(oldObj, newObj interface{}) {
-			handler(newObj, false)
-		},
-		DeleteFunc: func(obj interface{}) {
-			handler(obj, true)
-		},
-	})
-	if err != nil {
-		return nil, err
-	}
+	ch := make(chan WatchCommandResultSummaryEvent)
 
-	stopCh := make(chan struct{})
-	toolscache.WaitForCacheSync(stopCh, r.HasSynced)
+	go func() {
+		for x := range w.ResultChan() {
+			if x.Object == nil {
+				continue
+			}
+			x2, ok := x.Object.(client.Object)
+			if !ok {
+				continue
+			}
+			summary, err := s.parseSummary(x2.GetAnnotations())
+			if err != nil {
+				continue
+			}
+			if !s.filterSummary(summary, options.ProjectFilter) {
+				continue
+			}
+			switch x.Type {
+			case watch.Deleted:
+				ch <- WatchCommandResultSummaryEvent{
+					Delete:  true,
+					Summary: summary,
+				}
+			case watch.Added, watch.Modified:
+				ch <- WatchCommandResultSummaryEvent{
+					Summary: summary,
+				}
+			}
+		}
+		close(ch)
+	}()
 
 	cancel := func() {
-		_ = s.informer.RemoveEventHandler(r)
+		w.Stop()
 	}
-	return cancel, nil
+	return nil, ch, cancel, nil
 }
 
 func (s *ResultStoreSecrets) getCommandResultSecret(id string) (*metav1.PartialObjectMetadata, error) {
-	err := s.ensureInformer()
-	if err != nil {
-		return nil, err
-	}
-
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err = s.reader.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
+	err := s.client.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
 	if err != nil {
 		return nil, err
 	}
@@ -378,7 +336,7 @@ func (s *ResultStoreSecrets) GetCommandResultSummary(id string) (*result.Command
 	if err != nil {
 		return nil, err
 	}
-	return s.parseSummary(secret)
+	return s.parseSummary(secret.GetAnnotations())
 }
 
 func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
@@ -391,7 +349,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 	}
 
 	var l corev1.SecretList
-	err = s.reader.List(s.ctx, &l, client.MatchingLabels{
+	err = s.client.List(s.ctx, &l, client.MatchingLabels{
 		"kluctl.io/result-id": options.Id,
 	})
 	if err != nil {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index ad01a76cd..cd5a6aec4 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -1,6 +1,7 @@
 package results
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
@@ -21,11 +22,16 @@ type GetCommandResultOptions struct {
 	Reduced bool   `json:"reduced,omitempty"`
 }
 
+type WatchCommandResultSummaryEvent struct {
+	Summary *result.CommandResultSummary `json:"summary"`
+	Delete  bool                         `json:"delete"`
+}
+
 type ResultStore interface {
 	WriteCommandResult(cr *result.CommandResult) error
 
 	ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
-	WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error)
+	WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
 	HasCommandResult(id string) (bool, error)
 	GetCommandResultSummary(id string) (*result.CommandResultSummary, error)
 	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index f5376ad28..2237c33a8 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -15,7 +15,7 @@ type ResultsCollector struct {
 	stores []ResultStore
 
 	resultSummaries map[string]summaryEntry
-	handlers        []*handlerEntry
+	watches         []*watchEntry
 
 	initialWG sync.WaitGroup
 	mutex     sync.Mutex
@@ -26,10 +26,11 @@ type summaryEntry struct {
 	summary *result.CommandResultSummary
 }
 
-type handlerEntry struct {
+type watchEntry struct {
 	options ListCommandResultSummariesOptions
-	update  func(result *result.CommandResultSummary)
-	delete  func(id string)
+	ch      chan WatchCommandResultSummaryEvent
+
+	initialQueue []*result.CommandResultSummary
 }
 
 func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsCollector {
@@ -61,49 +62,56 @@ func (rc *ResultsCollector) startWatchResults() {
 func (rc *ResultsCollector) runWatchResults(store ResultStore) {
 	initial := true
 	for {
-		_, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{}, func(summary *result.CommandResultSummary) {
-			rc.handleUpdate(store, summary)
-		}, func(id string) {
-			rc.handleDelete(store, id)
-		})
+		l, ch, _, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{})
+		if err != nil {
+			time.Sleep(5 * time.Second)
+			continue
+		}
+
 		if initial {
 			rc.initialWG.Done()
 			initial = false
 		}
-		if err == nil {
-			break
+
+		for _, rs := range l {
+			rc.handleUpdate(store, WatchCommandResultSummaryEvent{
+				Summary: rs,
+			})
 		}
-		time.Sleep(5 * time.Second)
-	}
-}
 
-func (rc *ResultsCollector) handleUpdate(store ResultStore, summary *result.CommandResultSummary) {
-	rc.mutex.Lock()
-	defer rc.mutex.Unlock()
+		go func() {
+			for {
+				event, ok := <-ch
+				if !ok {
+					break
+				}
+				rc.handleUpdate(store, event)
+			}
+		}()
 
-	rc.resultSummaries[summary.Id] = summaryEntry{
-		store:   store,
-		summary: summary,
-	}
-	for _, h := range rc.handlers {
-		if FilterSummary(summary, h.options.ProjectFilter) {
-			h.update(summary)
-		}
+		break
 	}
 }
 
-func (rc *ResultsCollector) handleDelete(store ResultStore, id string) {
+func (rc *ResultsCollector) handleUpdate(store ResultStore, event WatchCommandResultSummaryEvent) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
-	se, ok := rc.resultSummaries[id]
-	if !ok {
-		return
+
+	if event.Delete {
+		_, ok := rc.resultSummaries[event.Summary.Id]
+		if ok {
+			delete(rc.resultSummaries, event.Summary.Id)
+		}
+	} else {
+		rc.resultSummaries[event.Summary.Id] = summaryEntry{
+			store:   store,
+			summary: event.Summary,
+		}
 	}
 
-	delete(rc.resultSummaries, id)
-	for _, h := range rc.handlers {
-		if FilterSummary(se.summary, h.options.ProjectFilter) {
-			h.delete(id)
+	for _, w := range rc.watches {
+		if FilterSummary(event.Summary, w.options.ProjectFilter) {
+			w.ch <- event
 		}
 	}
 }
@@ -128,34 +136,38 @@ func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResult
 	return summaries, nil
 }
 
-func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResultSummariesOptions, update func(summary *result.CommandResultSummary), delete func(id string)) (func(), error) {
+func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
-	h := &handlerEntry{
+	w := &watchEntry{
 		options: options,
-		update:  update,
-		delete:  delete,
+		ch:      make(chan WatchCommandResultSummaryEvent),
 	}
 
-	rc.handlers = append(rc.handlers, h)
+	rc.watches = append(rc.watches, w)
+
+	var initial []*result.CommandResultSummary
 
 	for _, se := range rc.resultSummaries {
-		if FilterSummary(se.summary, h.options.ProjectFilter) {
-			h.update(se.summary)
+		if FilterSummary(se.summary, options.ProjectFilter) {
+			initial = append(initial, se.summary)
 		}
 	}
 
-	return func() {
+	cancel := func() {
 		rc.mutex.Lock()
-		defer rc.mutex.Unlock()
-		for i, h2 := range rc.handlers {
-			if h2 == h {
-				rc.handlers = append(rc.handlers[:i], rc.handlers[i+1:]...)
+		for i, w2 := range rc.watches {
+			if w2 == w {
+				rc.watches = append(rc.watches[:i], rc.watches[i+1:]...)
 				break
 			}
 		}
-	}, nil
+		rc.mutex.Unlock()
+		close(w.ch)
+	}
+
+	return initial, w.ch, cancel, nil
 }
 
 func (rc *ResultsCollector) HasCommandResult(id string) (bool, error) {
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index bd49f200d..63db414c0 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -48,11 +48,28 @@ func NewCommandResultsServer(ctx context.Context, collector *results.ResultsColl
 }
 
 func (s *CommandResultsServer) Run(port int) error {
-	_, _ = s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{}, func(summary *result.CommandResultSummary) {
-		status.Info(s.ctx, "Updated result summary for %s", summary.Id)
-	}, func(id string) {
-		status.Info(s.ctx, "Deleted result summary for %s", id)
-	})
+	l, ch, cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	defer cancel()
+
+	printEvent := func(id string, deleted bool) {
+		if deleted {
+			status.Info(s.ctx, "Deleted result summary for %s", id)
+		} else {
+			status.Info(s.ctx, "Updated result summary for %s", id)
+		}
+	}
+	for _, x := range l {
+		printEvent(x.Id, false)
+	}
+
+	go func() {
+		for event := range ch {
+			printEvent(event.Summary.Id, event.Delete)
+		}
+	}()
 
 	s.cam.start()
 	s.vam.start()
diff --git a/pkg/webui/validator.go b/pkg/webui/validator.go
index 6b524ca76..277d9c77b 100644
--- a/pkg/webui/validator.go
+++ b/pkg/webui/validator.go
@@ -13,7 +13,16 @@ import (
 const shortValidationInterval = time.Second * 15
 const longValidationInterval = time.Minute * 1
 
-type validateResultHandler func(key ProjectTargetKey, r *result.ValidateResult)
+type validationEvent struct {
+	key ProjectTargetKey
+	r   *result.ValidateResult
+}
+
+type validationWatch struct {
+	ch     chan validationEvent
+	closed bool
+	mutex  sync.Mutex
+}
 
 type validatorManager struct {
 	ctx context.Context
@@ -22,8 +31,7 @@ type validatorManager struct {
 	cam   *clusterAccessorManager
 
 	validators map[ProjectTargetKey]*validatorEntry
-	handlers   map[int]validateResultHandler
-	nextId     int
+	watches    []*validationWatch
 	mutex      sync.Mutex
 }
 
@@ -38,6 +46,7 @@ type validatorEntry struct {
 	ch             chan bool
 	validateResult *result.ValidateResult
 	err            error
+	mutex          sync.Mutex
 }
 
 func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager) *validatorManager {
@@ -46,7 +55,6 @@ func newValidatorManager(ctx context.Context, store results.ResultStore, cam *cl
 		store:      store,
 		cam:        cam,
 		validators: map[ProjectTargetKey]*validatorEntry{},
-		handlers:   map[int]validateResultHandler{},
 	}
 }
 
@@ -82,14 +90,18 @@ func (vm *validatorManager) start() {
 			found[k] = true
 		}
 
+		var chs []chan bool
 		vm.mutex.Lock()
 		for k, v := range vm.validators {
 			if _, ok := found[k]; !ok {
 				delete(vm.validators, k)
-				close(v.ch)
+				chs = append(chs, v.ch)
 			}
 		}
 		vm.mutex.Unlock()
+		for _, ch := range chs {
+			close(ch)
+		}
 	}
 
 	go func() {
@@ -100,26 +112,48 @@ func (vm *validatorManager) start() {
 	}()
 }
 
-func (vm *validatorManager) addHandler(h validateResultHandler) func() {
+func (vm *validatorManager) watch() ([]validationEvent, chan validationEvent, func()) {
 	vm.mutex.Lock()
 	defer vm.mutex.Unlock()
 
-	id := vm.nextId
-	vm.nextId++
-
-	vm.handlers[id] = h
+	w := &validationWatch{
+		ch: make(chan validationEvent),
+	}
+	vm.watches = append(vm.watches, w)
 
+	var initial []validationEvent
 	for _, v := range vm.validators {
 		if v.validateResult != nil {
-			h(v.key, v.validateResult)
+			initial = append(initial, validationEvent{
+				key: v.key,
+				r:   v.validateResult,
+			})
 		}
 	}
 
-	return func() {
+	cancel := func() {
 		vm.mutex.Lock()
-		defer vm.mutex.Unlock()
-		delete(vm.handlers, id)
+		for i, w2 := range vm.watches {
+			if w == w2 {
+				vm.watches = append(vm.watches[0:i], vm.watches[i+1:]...)
+			}
+		}
+		vm.mutex.Unlock()
+
+		go func() {
+			for x := range w.ch {
+				a := x
+				_ = a
+			}
+		}()
+
+		w.mutex.Lock()
+		close(w.ch)
+		w.closed = true
+		w.mutex.Unlock()
 	}
+
+	return initial, w.ch, cancel
 }
 
 func (vm *validatorManager) getValidateResult(key ProjectTargetKey) (*result.ValidateResult, error) {
@@ -236,13 +270,25 @@ func (v *validatorEntry) runOnce(summaries []result.CommandResultSummary) bool {
 	}
 	s.Success()
 
-	v.vm.mutex.Lock()
-	defer v.vm.mutex.Unlock()
+	v.mutex.Lock()
 	v.validateResult = vr
 	v.err = err
+	event := validationEvent{
+		key: v.key,
+		r:   v.validateResult,
+	}
+	v.mutex.Unlock()
+
+	v.vm.mutex.Lock()
+	watches := append([]*validationWatch{}, v.vm.watches...)
+	v.vm.mutex.Unlock()
 
-	for _, h := range v.vm.handlers {
-		h(v.key, vr)
+	for _, w := range watches {
+		w.mutex.Lock()
+		if !w.closed {
+			w.ch <- event
+		}
+		w.mutex.Unlock()
 	}
 
 	return true
diff --git a/pkg/webui/websocket.go b/pkg/webui/websocket.go
index 978642ffb..a0690c752 100644
--- a/pkg/webui/websocket.go
+++ b/pkg/webui/websocket.go
@@ -2,6 +2,7 @@ package webui
 
 import (
 	"context"
+	"fmt"
 	"github.com/gin-gonic/gin"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -9,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/http"
 	"nhooyr.io/websocket"
+	"strings"
 	"time"
 )
 
@@ -23,9 +25,18 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 		return
 	}
 
-	conn, err := websocket.Accept(c.Writer, c.Request, &websocket.AcceptOptions{
+	acceptOptions := &websocket.AcceptOptions{
 		InsecureSkipVerify: true,
-	})
+	}
+
+	userAgentLower := strings.ToLower(c.GetHeader("User-Agent"))
+	isSafari := strings.Contains(userAgentLower, "safari") && !strings.Contains(userAgentLower, "chrome") && !strings.Contains(userAgentLower, "android")
+
+	if isSafari {
+		acceptOptions.CompressionMode = websocket.CompressionDisabled
+	}
+
+	conn, err := websocket.Accept(c.Writer, c.Request, acceptOptions)
 	if err != nil {
 		//s.logf("%v", err)
 		return
@@ -46,63 +57,95 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 		}
 	}
 
-	sendMessage := func(msg string) error {
-		ctx, cancel := context.WithTimeout(s.ctx, 500*time.Millisecond)
-		defer cancel()
-		w, err := conn.Writer(ctx, websocket.MessageText)
-		if err != nil {
-			return err
-		}
-		_, err = w.Write([]byte(msg))
-		if err != nil {
-			_ = w.Close()
-			return err
-		}
-		err = w.Close()
-		if err != nil {
-			ctx = nil
+	err = s.wsHandle(conn, filter)
+	if err != nil {
+		cs := websocket.CloseStatus(err)
+		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
+			return
 		}
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+	}
+}
+
+func (s *CommandResultsServer) wsHandle(c *websocket.Conn, filter *result.ProjectKey) error {
+	initial, ch, cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter})
+	if err != nil {
 		return err
 	}
+	defer cancel()
+
+	initialValidations, validationsCh, validationsCancel := s.vam.watch()
+	defer validationsCancel()
 
-	cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter},
-		func(summary *result.CommandResultSummary) {
+	ctx := c.CloseRead(s.ctx)
+
+	buildMsg := func(event results.WatchCommandResultSummaryEvent) string {
+		if event.Delete {
 			x := yaml.WriteJsonStringMust(map[string]any{
-				"type":    "update_summary",
-				"summary": summary,
+				"type": "delete_summary",
+				"id":   event.Summary.Id,
 			})
-			_ = sendMessage(x)
-		}, func(id string) {
+			return x
+		} else {
 			x := yaml.WriteJsonStringMust(map[string]any{
-				"type": "delete_summary",
-				"id":   id,
+				"type":    "update_summary",
+				"summary": event.Summary,
 			})
-			_ = sendMessage(x)
-		},
-	)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusInternalServerError, err)
-		return
+			return x
+		}
 	}
-	defer cancel()
-
-	h := s.vam.addHandler(func(key ProjectTargetKey, r *result.ValidateResult) {
+	buildValidationMsg := func(event validationEvent) string {
 		x := yaml.WriteJsonStringMust(map[string]any{
 			"type":   "validate_result",
-			"key":    key,
-			"result": r,
+			"key":    event.key,
+			"result": event.r,
 		})
-		_ = sendMessage(x)
-	})
-	defer h()
+		return x
+	}
 
-	_, _, err = conn.Read(s.ctx)
-	if err != nil {
-		cs := websocket.CloseStatus(err)
-		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
-			return
+	for _, x := range initial {
+		err := s.wsSendMessage(ctx, c, time.Second*5, buildMsg(results.WatchCommandResultSummaryEvent{Summary: x}))
+		if err != nil {
+			return err
 		}
-		_ = c.AbortWithError(http.StatusInternalServerError, err)
-		return
 	}
+	for _, x := range initialValidations {
+		err := s.wsSendMessage(ctx, c, time.Second*5, buildValidationMsg(x))
+		if err != nil {
+			return err
+		}
+	}
+
+	for {
+		var msg string
+		select {
+		case event, ok := <-ch:
+			if !ok {
+				return fmt.Errorf("results channel closed unexpectadly")
+			}
+			msg = buildMsg(event)
+		case event, ok := <-validationsCh:
+			if !ok {
+				return fmt.Errorf("validations channel closed unexpectadly")
+			}
+			msg = buildValidationMsg(event)
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+		err := s.wsSendMessage(ctx, c, time.Second*5, msg)
+		if err != nil {
+			return err
+		}
+	}
+}
+
+func (s *CommandResultsServer) wsSendMessage(ctx context.Context, c *websocket.Conn, timeout time.Duration, msg string) error {
+	ctx, cancel := context.WithTimeout(ctx, timeout)
+	defer cancel()
+
+	err := c.Write(ctx, websocket.MessageText, []byte(msg))
+	if err != nil {
+		return err
+	}
+	return err
 }

From eb79fb627ab02ab56f34e5ce8519ad8adf3e5fc6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Jun 2023 00:46:42 +0200
Subject: [PATCH 1163/2268] fix: Use proper keys

---
 pkg/webui/ui/src/components/ErrorsTable.tsx         |  5 +++--
 .../ui/src/components/result-view/ChangesTable.tsx  | 13 +++++++------
 .../result-view/CommandResultStatusLine.tsx         |  2 +-
 .../ui/src/components/result-view/SidePanel.tsx     |  4 ++--
 .../targets-view/CommandResultDetailsDrawer.tsx     |  2 +-
 .../ui/src/components/targets-view/Targets.tsx      |  6 +++---
 .../ui/src/components/targets-view/TargetsView.tsx  |  9 +++++----
 pkg/webui/ui/src/utils/listKey.ts                   |  6 ++++++
 8 files changed, 28 insertions(+), 19 deletions(-)
 create mode 100644 pkg/webui/ui/src/utils/listKey.ts

diff --git a/pkg/webui/ui/src/components/ErrorsTable.tsx b/pkg/webui/ui/src/components/ErrorsTable.tsx
index a7875b858..b518f654d 100644
--- a/pkg/webui/ui/src/components/ErrorsTable.tsx
+++ b/pkg/webui/ui/src/components/ErrorsTable.tsx
@@ -8,6 +8,7 @@ import TableRow from '@mui/material/TableRow';
 import { DeploymentError } from "../models";
 import { Box, Divider, List, ListItem, ListItemText } from "@mui/material";
 import { buildRefKindElement } from "../api";
+import { buildListKey } from "../utils/listKey";
 
 export function ErrorsTable(props: { errors: DeploymentError[] }) {
     return <>
@@ -21,8 +22,8 @@ export function ErrorsTable(props: { errors: DeploymentError[] }) {
                         </TableRow>
                     </TableHead>
                     <TableBody>
-                        {props.errors?.map((e, i) => (
-                            <TableRow key={i}>
+                        {props.errors?.map(e=> (
+                            <TableRow key={buildListKey(e)}>
                                 <TableCell sx={{ minWidth: "150px" }}>
                                     <List disablePadding>
                                         {buildRefKindElement(e.ref, <>
diff --git a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
index 0082446be..b3926f3d3 100644
--- a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
+++ b/pkg/webui/ui/src/components/result-view/ChangesTable.tsx
@@ -10,6 +10,7 @@ import { Box, Typography } from "@mui/material";
 import { CodeViewer } from "../CodeViewer";
 import { DiffStatus } from "./nodes/NodeData";
 import { ObjectRef } from "../../models";
+import { buildListKey } from "../../utils/listKey";
 
 const RefList = (props: { title: string, refs: ObjectRef[] }) => {
     return <Box py='10px'>
@@ -30,8 +31,8 @@ const RefList = (props: { title: string, refs: ObjectRef[] }) => {
                     </TableRow>
                 </TableHead>
                 <TableBody>
-                    {props.refs.map((ref, i) => {
-                        return <TableRow key={i}>
+                    {props.refs.map(ref => {
+                        return <TableRow key={buildRefString(ref)}>
                             <TableCell>
                                 {buildRefKindElement(ref)}
                             </TableCell>
@@ -55,8 +56,8 @@ export function ChangesTable(props: { diffStatus: DiffStatus }) {
     if (props.diffStatus.changedObjects.length) {
         changedObjects = <Box py='10px'>
             <Typography align={"center"} variant={"h5"}>Changed Objects</Typography>
-            {props.diffStatus.changedObjects.map((co, i) => (
-                <TableContainer key={i}>
+            {props.diffStatus.changedObjects.map(co => (
+                <TableContainer key={buildRefString(co.ref)}>
                     <Table>
                         <TableHead>
                             <TableRow>
@@ -77,8 +78,8 @@ export function ChangesTable(props: { diffStatus: DiffStatus }) {
                             </TableRow>
                         </TableHead>
                         <TableBody>
-                            {co.changes?.map((c, i) => (
-                                <TableRow key={i}>
+                            {co.changes?.map(c => (
+                                <TableRow key={buildListKey(c)}>
                                     <TableCell>
                                         <Box minWidth={"100px"} sx={{ overflowWrap: "anywhere" }}>
                                             <Typography>{c.jsonPath}</Typography>
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index 8187e6f9e..a759e3877 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -18,7 +18,7 @@ export const StatusLine = (props: StatusLineProps) => {
     const doPush = (n: number | undefined, t: string, icon: React.ReactElement) => {
         if (n) {
             children.push(
-                <Box key={children.length} display={"flex"} flexDirection={"column"}>
+                <Box key={t} display={"flex"} flexDirection={"column"}>
                     <Tooltip title={n + " " + t}>
                         <Box
                             display='flex'
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index 049c9ddf1..c2d6a420a 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -84,8 +84,8 @@ export const SidePanel = (props: SidePanelProps) => {
             </Box>
             <Divider sx={{ margin: 0 }} />
             <Box overflow='auto' p='30px'>
-                {tabs.map((tab, index) => {
-                    return <ThemeProvider theme={light} key={index}>
+                {tabs.map(tab => {
+                    return <ThemeProvider theme={light} key={tab.label}>
                         <TabPanel value={tab.label} sx={{ padding: 0 }}>
                             <Paper sx={{ padding: '10px 0' }}>
                                 {tab.content}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index d4c7aee8c..51f43a836 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -108,7 +108,7 @@ export const CommandResultDetailsDrawer = React.memo((props: {
 
         return ts.commandResults.map((rs, i) => {
             return <Card
-                key={i}
+                key={rs.id}
                 sx={{
                     position: 'absolute',
                     translate: `${cardsCoords[i].left}px ${cardsCoords[i].top}px`,
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 281622fd0..9e3f6a43d 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -47,7 +47,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         }
     }
 
-    return <Tooltip title={tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}>
+    return <Tooltip title={tooltip.map(t => <Typography key={t}>{t}</Typography>)}>
         <Box display='flex'>{icon}</Box>
     </Tooltip>
 }
@@ -113,8 +113,8 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
 
     const contextTooltip = <Box textAlign={"center"}>
         <Typography variant="subtitle2">All known contexts:</Typography>
-        {allContexts.map((context, i) => (
-            <Typography key={i} variant="subtitle2">{context}</Typography>
+        {allContexts.map(context=> (
+            <Typography key={context} variant="subtitle2">{context}</Typography>
         ))}
     </Box>
 
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 7cb5a8fd9..228519b0d 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -10,6 +10,7 @@ import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { buildListKey } from "../../utils/listKey";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -168,7 +169,7 @@ export const TargetsView = () => {
         </Box>
         <Divider />
         {projects.map((ps, i) => {
-            return <Box key={JSON.stringify(ps.project)}>
+            return <Box key={buildListKey(ps.project)}>
                 <Box display={"flex"} alignItems={"center"} margin='40px 0'>
                     <Box display='flex' alignItems='center' width={colWidth} flex='0 0 auto'>
                         <Card height={projectCardHeight}>
@@ -187,7 +188,7 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={JSON.stringify(ts.target)} display='flex'>
+                            return <Box key={buildListKey(ts.target)} display='flex'>
                                 <Card>
                                     <TargetItem ps={ps} ts={ts}
                                         onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)} />
@@ -237,10 +238,10 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <CardRow key={JSON.stringify(ts.target)} height={cardHeight}>
+                            return <CardRow key={buildListKey(ts.target)} height={cardHeight}>
                                 {ts.commandResults?.map((rs, i) => {
                                     return <Card
-                                        key={i}
+                                        key={rs.id}
                                         sx={{
                                             translate: i === 0 ? 'none' : `-${i * (cardWidth + cardGap / 2)}px`,
                                             zIndex: -i,
diff --git a/pkg/webui/ui/src/utils/listKey.ts b/pkg/webui/ui/src/utils/listKey.ts
new file mode 100644
index 000000000..d17c73679
--- /dev/null
+++ b/pkg/webui/ui/src/utils/listKey.ts
@@ -0,0 +1,6 @@
+import { sha256 } from "js-sha256";
+
+export function buildListKey(o: any) {
+    const j = JSON.stringify(o)
+    return sha256(j)
+}

From 15f0e3f05e7c1029ef3f7e0839baa50439c2874d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Jun 2023 00:47:09 +0200
Subject: [PATCH 1164/2268] feat: Show time passed since validation

---
 pkg/webui/ui/src/api.tsx                                 | 3 +++
 pkg/webui/ui/src/components/App.tsx                      | 1 -
 .../ui/src/components/targets-view/CommandResultItem.tsx | 9 +--------
 pkg/webui/ui/src/components/targets-view/Targets.tsx     | 2 ++
 pkg/webui/ui/src/utils/duration.ts                       | 7 +++++++
 5 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 4145b0f5f..f175bbd9a 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -129,6 +129,9 @@ class RealApi implements Api {
                     sleep(5000).then(connect)
                 }
             }
+            ws.onerror = function (event) {
+                console.log("ws error", event)
+            }
             ws.onmessage = function (event: MessageEvent) {
                 if (cancelled) {
                     return
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index c0635fa0a..82f605ddb 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -77,7 +77,6 @@ const App = () => {
     }, [])
 
     const projects = useMemo(() => {
-        console.log("buildProjectSummaries")
         return buildProjectSummaries(summaries, validateResults)
     }, [summaries, validateResults])
 
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 76c86de0c..21c6c12c6 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -6,16 +6,9 @@ import Paper from "@mui/material/Paper";
 import { Box, IconButton, Tooltip, Typography } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
-import { formatDurationShort } from "../../utils/duration";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-
-const calcAgo = (startTime: string) => {
-    const t1 = new Date(startTime)
-    const t2 = new Date()
-    const d = t2.getTime() - t1.getTime()
-    return formatDurationShort(d)
-}
+import { calcAgo } from "../../utils/duration";
 
 export const CommandResultItem = React.memo((props: {
     ps: ProjectSummary,
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 9e3f6a43d..4a7bf1f4a 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -8,6 +8,7 @@ import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material
 import { api } from "../../api";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { calcAgo } from "../../utils/duration";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -45,6 +46,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         if (props.ts.lastValidateResult.drift?.length) {
             tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
         }
+        tooltip.push("Validation performed " + calcAgo(props.ts.lastValidateResult.startTime) + " ago")
     }
 
     return <Tooltip title={tooltip.map(t => <Typography key={t}>{t}</Typography>)}>
diff --git a/pkg/webui/ui/src/utils/duration.ts b/pkg/webui/ui/src/utils/duration.ts
index 5dd95c4dc..78f9c2bde 100644
--- a/pkg/webui/ui/src/utils/duration.ts
+++ b/pkg/webui/ui/src/utils/duration.ts
@@ -27,4 +27,11 @@ export function formatDurationShort(ms: number) {
         return "0s"
     }
     return f[1] + f[0]
+}
+
+export const calcAgo = (startTime: string) => {
+    const t1 = new Date(startTime)
+    const t2 = new Date()
+    const d = t2.getTime() - t1.getTime()
+    return formatDurationShort(d)
 }
\ No newline at end of file

From f104e327b53078ea753297ee0d6c540eb2314531 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Jun 2023 00:47:59 +0200
Subject: [PATCH 1165/2268] chore: Build webui

---
 pkg/webui/ui/build/index.html        |   2 +-
 pkg/webui/ui/build/static/js/main.js | 507 ++++++++++++++++++++++++++-
 2 files changed, 495 insertions(+), 14 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 56667fb71..5e73bd915 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.34340eee.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.82849393.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index d5043f933..844adb822 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -3233,6 +3233,478 @@ if (true) {
 
 /***/ }),
 
+/***/ 981:
+/***/ (function(module, exports, __webpack_require__) {
+
+var __WEBPACK_AMD_DEFINE_RESULT__;/**
+ * [js-sha256]{@link https://github.com/emn178/js-sha256}
+ *
+ * @version 0.9.0
+ * @author Chen, Yi-Cyuan [emn178@gmail.com]
+ * @copyright Chen, Yi-Cyuan 2014-2017
+ * @license MIT
+ */
+/*jslint bitwise: true */
+(function () {
+  'use strict';
+
+  var ERROR = 'input is invalid type';
+  var WINDOW = typeof window === 'object';
+  var root = WINDOW ? window : {};
+  if (root.JS_SHA256_NO_WINDOW) {
+    WINDOW = false;
+  }
+  var WEB_WORKER = !WINDOW && typeof self === 'object';
+  var NODE_JS = !root.JS_SHA256_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node;
+  if (NODE_JS) {
+    root = __webpack_require__.g;
+  } else if (WEB_WORKER) {
+    root = self;
+  }
+  var COMMON_JS = !root.JS_SHA256_NO_COMMON_JS && "object" === 'object' && module.exports;
+  var AMD =  true && __webpack_require__.amdO;
+  var ARRAY_BUFFER = !root.JS_SHA256_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined';
+  var HEX_CHARS = '0123456789abcdef'.split('');
+  var EXTRA = [-2147483648, 8388608, 32768, 128];
+  var SHIFT = [24, 16, 8, 0];
+  var K = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
+  var OUTPUT_TYPES = ['hex', 'array', 'digest', 'arrayBuffer'];
+  var blocks = [];
+  if (root.JS_SHA256_NO_NODE_JS || !Array.isArray) {
+    Array.isArray = function (obj) {
+      return Object.prototype.toString.call(obj) === '[object Array]';
+    };
+  }
+  if (ARRAY_BUFFER && (root.JS_SHA256_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView)) {
+    ArrayBuffer.isView = function (obj) {
+      return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer;
+    };
+  }
+  var createOutputMethod = function createOutputMethod(outputType, is224) {
+    return function (message) {
+      return new Sha256(is224, true).update(message)[outputType]();
+    };
+  };
+  var createMethod = function createMethod(is224) {
+    var method = createOutputMethod('hex', is224);
+    if (NODE_JS) {
+      method = nodeWrap(method, is224);
+    }
+    method.create = function () {
+      return new Sha256(is224);
+    };
+    method.update = function (message) {
+      return method.create().update(message);
+    };
+    for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
+      var type = OUTPUT_TYPES[i];
+      method[type] = createOutputMethod(type, is224);
+    }
+    return method;
+  };
+  var nodeWrap = function nodeWrap(method, is224) {
+    var crypto = eval("require('crypto')");
+    var Buffer = eval("require('buffer').Buffer");
+    var algorithm = is224 ? 'sha224' : 'sha256';
+    var nodeMethod = function nodeMethod(message) {
+      if (typeof message === 'string') {
+        return crypto.createHash(algorithm).update(message, 'utf8').digest('hex');
+      } else {
+        if (message === null || message === undefined) {
+          throw new Error(ERROR);
+        } else if (message.constructor === ArrayBuffer) {
+          message = new Uint8Array(message);
+        }
+      }
+      if (Array.isArray(message) || ArrayBuffer.isView(message) || message.constructor === Buffer) {
+        return crypto.createHash(algorithm).update(new Buffer(message)).digest('hex');
+      } else {
+        return method(message);
+      }
+    };
+    return nodeMethod;
+  };
+  var createHmacOutputMethod = function createHmacOutputMethod(outputType, is224) {
+    return function (key, message) {
+      return new HmacSha256(key, is224, true).update(message)[outputType]();
+    };
+  };
+  var createHmacMethod = function createHmacMethod(is224) {
+    var method = createHmacOutputMethod('hex', is224);
+    method.create = function (key) {
+      return new HmacSha256(key, is224);
+    };
+    method.update = function (key, message) {
+      return method.create(key).update(message);
+    };
+    for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
+      var type = OUTPUT_TYPES[i];
+      method[type] = createHmacOutputMethod(type, is224);
+    }
+    return method;
+  };
+  function Sha256(is224, sharedMemory) {
+    if (sharedMemory) {
+      blocks[0] = blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
+      this.blocks = blocks;
+    } else {
+      this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
+    }
+    if (is224) {
+      this.h0 = 0xc1059ed8;
+      this.h1 = 0x367cd507;
+      this.h2 = 0x3070dd17;
+      this.h3 = 0xf70e5939;
+      this.h4 = 0xffc00b31;
+      this.h5 = 0x68581511;
+      this.h6 = 0x64f98fa7;
+      this.h7 = 0xbefa4fa4;
+    } else {
+      // 256
+      this.h0 = 0x6a09e667;
+      this.h1 = 0xbb67ae85;
+      this.h2 = 0x3c6ef372;
+      this.h3 = 0xa54ff53a;
+      this.h4 = 0x510e527f;
+      this.h5 = 0x9b05688c;
+      this.h6 = 0x1f83d9ab;
+      this.h7 = 0x5be0cd19;
+    }
+    this.block = this.start = this.bytes = this.hBytes = 0;
+    this.finalized = this.hashed = false;
+    this.first = true;
+    this.is224 = is224;
+  }
+  Sha256.prototype.update = function (message) {
+    if (this.finalized) {
+      return;
+    }
+    var notString,
+      type = typeof message;
+    if (type !== 'string') {
+      if (type === 'object') {
+        if (message === null) {
+          throw new Error(ERROR);
+        } else if (ARRAY_BUFFER && message.constructor === ArrayBuffer) {
+          message = new Uint8Array(message);
+        } else if (!Array.isArray(message)) {
+          if (!ARRAY_BUFFER || !ArrayBuffer.isView(message)) {
+            throw new Error(ERROR);
+          }
+        }
+      } else {
+        throw new Error(ERROR);
+      }
+      notString = true;
+    }
+    var code,
+      index = 0,
+      i,
+      length = message.length,
+      blocks = this.blocks;
+    while (index < length) {
+      if (this.hashed) {
+        this.hashed = false;
+        blocks[0] = this.block;
+        blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
+      }
+      if (notString) {
+        for (i = this.start; index < length && i < 64; ++index) {
+          blocks[i >> 2] |= message[index] << SHIFT[i++ & 3];
+        }
+      } else {
+        for (i = this.start; index < length && i < 64; ++index) {
+          code = message.charCodeAt(index);
+          if (code < 0x80) {
+            blocks[i >> 2] |= code << SHIFT[i++ & 3];
+          } else if (code < 0x800) {
+            blocks[i >> 2] |= (0xc0 | code >> 6) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
+          } else if (code < 0xd800 || code >= 0xe000) {
+            blocks[i >> 2] |= (0xe0 | code >> 12) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
+          } else {
+            code = 0x10000 + ((code & 0x3ff) << 10 | message.charCodeAt(++index) & 0x3ff);
+            blocks[i >> 2] |= (0xf0 | code >> 18) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code >> 12 & 0x3f) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3];
+            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
+          }
+        }
+      }
+      this.lastByteIndex = i;
+      this.bytes += i - this.start;
+      if (i >= 64) {
+        this.block = blocks[16];
+        this.start = i - 64;
+        this.hash();
+        this.hashed = true;
+      } else {
+        this.start = i;
+      }
+    }
+    if (this.bytes > 4294967295) {
+      this.hBytes += this.bytes / 4294967296 << 0;
+      this.bytes = this.bytes % 4294967296;
+    }
+    return this;
+  };
+  Sha256.prototype.finalize = function () {
+    if (this.finalized) {
+      return;
+    }
+    this.finalized = true;
+    var blocks = this.blocks,
+      i = this.lastByteIndex;
+    blocks[16] = this.block;
+    blocks[i >> 2] |= EXTRA[i & 3];
+    this.block = blocks[16];
+    if (i >= 56) {
+      if (!this.hashed) {
+        this.hash();
+      }
+      blocks[0] = this.block;
+      blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
+    }
+    blocks[14] = this.hBytes << 3 | this.bytes >>> 29;
+    blocks[15] = this.bytes << 3;
+    this.hash();
+  };
+  Sha256.prototype.hash = function () {
+    var a = this.h0,
+      b = this.h1,
+      c = this.h2,
+      d = this.h3,
+      e = this.h4,
+      f = this.h5,
+      g = this.h6,
+      h = this.h7,
+      blocks = this.blocks,
+      j,
+      s0,
+      s1,
+      maj,
+      t1,
+      t2,
+      ch,
+      ab,
+      da,
+      cd,
+      bc;
+    for (j = 16; j < 64; ++j) {
+      // rightrotate
+      t1 = blocks[j - 15];
+      s0 = (t1 >>> 7 | t1 << 25) ^ (t1 >>> 18 | t1 << 14) ^ t1 >>> 3;
+      t1 = blocks[j - 2];
+      s1 = (t1 >>> 17 | t1 << 15) ^ (t1 >>> 19 | t1 << 13) ^ t1 >>> 10;
+      blocks[j] = blocks[j - 16] + s0 + blocks[j - 7] + s1 << 0;
+    }
+    bc = b & c;
+    for (j = 0; j < 64; j += 4) {
+      if (this.first) {
+        if (this.is224) {
+          ab = 300032;
+          t1 = blocks[0] - 1413257819;
+          h = t1 - 150054599 << 0;
+          d = t1 + 24177077 << 0;
+        } else {
+          ab = 704751109;
+          t1 = blocks[0] - 210244248;
+          h = t1 - 1521486534 << 0;
+          d = t1 + 143694565 << 0;
+        }
+        this.first = false;
+      } else {
+        s0 = (a >>> 2 | a << 30) ^ (a >>> 13 | a << 19) ^ (a >>> 22 | a << 10);
+        s1 = (e >>> 6 | e << 26) ^ (e >>> 11 | e << 21) ^ (e >>> 25 | e << 7);
+        ab = a & b;
+        maj = ab ^ a & c ^ bc;
+        ch = e & f ^ ~e & g;
+        t1 = h + s1 + ch + K[j] + blocks[j];
+        t2 = s0 + maj;
+        h = d + t1 << 0;
+        d = t1 + t2 << 0;
+      }
+      s0 = (d >>> 2 | d << 30) ^ (d >>> 13 | d << 19) ^ (d >>> 22 | d << 10);
+      s1 = (h >>> 6 | h << 26) ^ (h >>> 11 | h << 21) ^ (h >>> 25 | h << 7);
+      da = d & a;
+      maj = da ^ d & b ^ ab;
+      ch = h & e ^ ~h & f;
+      t1 = g + s1 + ch + K[j + 1] + blocks[j + 1];
+      t2 = s0 + maj;
+      g = c + t1 << 0;
+      c = t1 + t2 << 0;
+      s0 = (c >>> 2 | c << 30) ^ (c >>> 13 | c << 19) ^ (c >>> 22 | c << 10);
+      s1 = (g >>> 6 | g << 26) ^ (g >>> 11 | g << 21) ^ (g >>> 25 | g << 7);
+      cd = c & d;
+      maj = cd ^ c & a ^ da;
+      ch = g & h ^ ~g & e;
+      t1 = f + s1 + ch + K[j + 2] + blocks[j + 2];
+      t2 = s0 + maj;
+      f = b + t1 << 0;
+      b = t1 + t2 << 0;
+      s0 = (b >>> 2 | b << 30) ^ (b >>> 13 | b << 19) ^ (b >>> 22 | b << 10);
+      s1 = (f >>> 6 | f << 26) ^ (f >>> 11 | f << 21) ^ (f >>> 25 | f << 7);
+      bc = b & c;
+      maj = bc ^ b & d ^ cd;
+      ch = f & g ^ ~f & h;
+      t1 = e + s1 + ch + K[j + 3] + blocks[j + 3];
+      t2 = s0 + maj;
+      e = a + t1 << 0;
+      a = t1 + t2 << 0;
+    }
+    this.h0 = this.h0 + a << 0;
+    this.h1 = this.h1 + b << 0;
+    this.h2 = this.h2 + c << 0;
+    this.h3 = this.h3 + d << 0;
+    this.h4 = this.h4 + e << 0;
+    this.h5 = this.h5 + f << 0;
+    this.h6 = this.h6 + g << 0;
+    this.h7 = this.h7 + h << 0;
+  };
+  Sha256.prototype.hex = function () {
+    this.finalize();
+    var h0 = this.h0,
+      h1 = this.h1,
+      h2 = this.h2,
+      h3 = this.h3,
+      h4 = this.h4,
+      h5 = this.h5,
+      h6 = this.h6,
+      h7 = this.h7;
+    var hex = HEX_CHARS[h0 >> 28 & 0x0F] + HEX_CHARS[h0 >> 24 & 0x0F] + HEX_CHARS[h0 >> 20 & 0x0F] + HEX_CHARS[h0 >> 16 & 0x0F] + HEX_CHARS[h0 >> 12 & 0x0F] + HEX_CHARS[h0 >> 8 & 0x0F] + HEX_CHARS[h0 >> 4 & 0x0F] + HEX_CHARS[h0 & 0x0F] + HEX_CHARS[h1 >> 28 & 0x0F] + HEX_CHARS[h1 >> 24 & 0x0F] + HEX_CHARS[h1 >> 20 & 0x0F] + HEX_CHARS[h1 >> 16 & 0x0F] + HEX_CHARS[h1 >> 12 & 0x0F] + HEX_CHARS[h1 >> 8 & 0x0F] + HEX_CHARS[h1 >> 4 & 0x0F] + HEX_CHARS[h1 & 0x0F] + HEX_CHARS[h2 >> 28 & 0x0F] + HEX_CHARS[h2 >> 24 & 0x0F] + HEX_CHARS[h2 >> 20 & 0x0F] + HEX_CHARS[h2 >> 16 & 0x0F] + HEX_CHARS[h2 >> 12 & 0x0F] + HEX_CHARS[h2 >> 8 & 0x0F] + HEX_CHARS[h2 >> 4 & 0x0F] + HEX_CHARS[h2 & 0x0F] + HEX_CHARS[h3 >> 28 & 0x0F] + HEX_CHARS[h3 >> 24 & 0x0F] + HEX_CHARS[h3 >> 20 & 0x0F] + HEX_CHARS[h3 >> 16 & 0x0F] + HEX_CHARS[h3 >> 12 & 0x0F] + HEX_CHARS[h3 >> 8 & 0x0F] + HEX_CHARS[h3 >> 4 & 0x0F] + HEX_CHARS[h3 & 0x0F] + HEX_CHARS[h4 >> 28 & 0x0F] + HEX_CHARS[h4 >> 24 & 0x0F] + HEX_CHARS[h4 >> 20 & 0x0F] + HEX_CHARS[h4 >> 16 & 0x0F] + HEX_CHARS[h4 >> 12 & 0x0F] + HEX_CHARS[h4 >> 8 & 0x0F] + HEX_CHARS[h4 >> 4 & 0x0F] + HEX_CHARS[h4 & 0x0F] + HEX_CHARS[h5 >> 28 & 0x0F] + HEX_CHARS[h5 >> 24 & 0x0F] + HEX_CHARS[h5 >> 20 & 0x0F] + HEX_CHARS[h5 >> 16 & 0x0F] + HEX_CHARS[h5 >> 12 & 0x0F] + HEX_CHARS[h5 >> 8 & 0x0F] + HEX_CHARS[h5 >> 4 & 0x0F] + HEX_CHARS[h5 & 0x0F] + HEX_CHARS[h6 >> 28 & 0x0F] + HEX_CHARS[h6 >> 24 & 0x0F] + HEX_CHARS[h6 >> 20 & 0x0F] + HEX_CHARS[h6 >> 16 & 0x0F] + HEX_CHARS[h6 >> 12 & 0x0F] + HEX_CHARS[h6 >> 8 & 0x0F] + HEX_CHARS[h6 >> 4 & 0x0F] + HEX_CHARS[h6 & 0x0F];
+    if (!this.is224) {
+      hex += HEX_CHARS[h7 >> 28 & 0x0F] + HEX_CHARS[h7 >> 24 & 0x0F] + HEX_CHARS[h7 >> 20 & 0x0F] + HEX_CHARS[h7 >> 16 & 0x0F] + HEX_CHARS[h7 >> 12 & 0x0F] + HEX_CHARS[h7 >> 8 & 0x0F] + HEX_CHARS[h7 >> 4 & 0x0F] + HEX_CHARS[h7 & 0x0F];
+    }
+    return hex;
+  };
+  Sha256.prototype.toString = Sha256.prototype.hex;
+  Sha256.prototype.digest = function () {
+    this.finalize();
+    var h0 = this.h0,
+      h1 = this.h1,
+      h2 = this.h2,
+      h3 = this.h3,
+      h4 = this.h4,
+      h5 = this.h5,
+      h6 = this.h6,
+      h7 = this.h7;
+    var arr = [h0 >> 24 & 0xFF, h0 >> 16 & 0xFF, h0 >> 8 & 0xFF, h0 & 0xFF, h1 >> 24 & 0xFF, h1 >> 16 & 0xFF, h1 >> 8 & 0xFF, h1 & 0xFF, h2 >> 24 & 0xFF, h2 >> 16 & 0xFF, h2 >> 8 & 0xFF, h2 & 0xFF, h3 >> 24 & 0xFF, h3 >> 16 & 0xFF, h3 >> 8 & 0xFF, h3 & 0xFF, h4 >> 24 & 0xFF, h4 >> 16 & 0xFF, h4 >> 8 & 0xFF, h4 & 0xFF, h5 >> 24 & 0xFF, h5 >> 16 & 0xFF, h5 >> 8 & 0xFF, h5 & 0xFF, h6 >> 24 & 0xFF, h6 >> 16 & 0xFF, h6 >> 8 & 0xFF, h6 & 0xFF];
+    if (!this.is224) {
+      arr.push(h7 >> 24 & 0xFF, h7 >> 16 & 0xFF, h7 >> 8 & 0xFF, h7 & 0xFF);
+    }
+    return arr;
+  };
+  Sha256.prototype.array = Sha256.prototype.digest;
+  Sha256.prototype.arrayBuffer = function () {
+    this.finalize();
+    var buffer = new ArrayBuffer(this.is224 ? 28 : 32);
+    var dataView = new DataView(buffer);
+    dataView.setUint32(0, this.h0);
+    dataView.setUint32(4, this.h1);
+    dataView.setUint32(8, this.h2);
+    dataView.setUint32(12, this.h3);
+    dataView.setUint32(16, this.h4);
+    dataView.setUint32(20, this.h5);
+    dataView.setUint32(24, this.h6);
+    if (!this.is224) {
+      dataView.setUint32(28, this.h7);
+    }
+    return buffer;
+  };
+  function HmacSha256(key, is224, sharedMemory) {
+    var i,
+      type = typeof key;
+    if (type === 'string') {
+      var bytes = [],
+        length = key.length,
+        index = 0,
+        code;
+      for (i = 0; i < length; ++i) {
+        code = key.charCodeAt(i);
+        if (code < 0x80) {
+          bytes[index++] = code;
+        } else if (code < 0x800) {
+          bytes[index++] = 0xc0 | code >> 6;
+          bytes[index++] = 0x80 | code & 0x3f;
+        } else if (code < 0xd800 || code >= 0xe000) {
+          bytes[index++] = 0xe0 | code >> 12;
+          bytes[index++] = 0x80 | code >> 6 & 0x3f;
+          bytes[index++] = 0x80 | code & 0x3f;
+        } else {
+          code = 0x10000 + ((code & 0x3ff) << 10 | key.charCodeAt(++i) & 0x3ff);
+          bytes[index++] = 0xf0 | code >> 18;
+          bytes[index++] = 0x80 | code >> 12 & 0x3f;
+          bytes[index++] = 0x80 | code >> 6 & 0x3f;
+          bytes[index++] = 0x80 | code & 0x3f;
+        }
+      }
+      key = bytes;
+    } else {
+      if (type === 'object') {
+        if (key === null) {
+          throw new Error(ERROR);
+        } else if (ARRAY_BUFFER && key.constructor === ArrayBuffer) {
+          key = new Uint8Array(key);
+        } else if (!Array.isArray(key)) {
+          if (!ARRAY_BUFFER || !ArrayBuffer.isView(key)) {
+            throw new Error(ERROR);
+          }
+        }
+      } else {
+        throw new Error(ERROR);
+      }
+    }
+    if (key.length > 64) {
+      key = new Sha256(is224, true).update(key).array();
+    }
+    var oKeyPad = [],
+      iKeyPad = [];
+    for (i = 0; i < 64; ++i) {
+      var b = key[i] || 0;
+      oKeyPad[i] = 0x5c ^ b;
+      iKeyPad[i] = 0x36 ^ b;
+    }
+    Sha256.call(this, is224, sharedMemory);
+    this.update(iKeyPad);
+    this.oKeyPad = oKeyPad;
+    this.inner = true;
+    this.sharedMemory = sharedMemory;
+  }
+  HmacSha256.prototype = new Sha256();
+  HmacSha256.prototype.finalize = function () {
+    Sha256.prototype.finalize.call(this);
+    if (this.inner) {
+      this.inner = false;
+      var innerHash = this.array();
+      Sha256.call(this, this.is224, this.sharedMemory);
+      this.update(this.oKeyPad);
+      this.update(innerHash);
+      Sha256.prototype.finalize.call(this);
+    }
+  };
+  var exports = createMethod();
+  exports.sha256 = exports;
+  exports.sha224 = createMethod(true);
+  exports.sha256.hmac = createHmacMethod();
+  exports.sha224.hmac = createHmacMethod(true);
+  if (COMMON_JS) {
+    module.exports = exports;
+  } else {
+    root.sha256 = exports.sha256;
+    root.sha224 = exports.sha224;
+    if (AMD) {
+      !(__WEBPACK_AMD_DEFINE_RESULT__ = (function () {
+        return exports;
+      }).call(exports, __webpack_require__, exports, module),
+		__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));
+    }
+  }
+})();
+
+/***/ }),
+
 /***/ 763:
 /***/ (function(module, exports, __webpack_require__) {
 
@@ -28614,6 +29086,11 @@ module.exports = _unsupportedIterableToArray, module.exports.__esModule = true,
 /******/ 	__webpack_require__.m = __webpack_modules__;
 /******/ 	
 /************************************************************************/
+/******/ 	/* webpack/runtime/amd options */
+/******/ 	!function() {
+/******/ 		__webpack_require__.amdO = {};
+/******/ 	}();
+/******/ 	
 /******/ 	/* webpack/runtime/compat get default export */
 /******/ 	!function() {
 /******/ 		// getDefaultExport function for compatibility with non-harmony modules
@@ -51555,11 +52032,11 @@ var loadedScripts=new Map();var loadScript=function loadScript(fileUrl){var asyn
 ;// CONCATENATED MODULE: ./src/utils/misc.ts
 function getLastPathElement(url){if(url===undefined){return undefined;}if(!url){return"";}var s=url.split("/");return s[s.length-1];}function sleep(ms){return new Promise(function(resolve){return setTimeout(resolve,ms);});}
 ;// CONCATENATED MODULE: ./src/api.tsx
-var apiUrl="/api";var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});var RealOrStaticApi=/*#__PURE__*/function(){function RealOrStaticApi(){classCallCheck_classCallCheck(this,RealOrStaticApi);this.api=void 0;this.api=this.buildApi();}createClass_createClass(RealOrStaticApi,[{key:"buildApi",value:function(){var _buildApi=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:p=loadScript(staticPath+"/summaries.js");_context.prev=1;_context.next=4;return p;case 4:return _context.abrupt("return",new StaticApi());case 7:_context.prev=7;_context.t0=_context["catch"](1);return _context.abrupt("return",new RealApi());case 10:case"end":return _context.stop();}},_callee,null,[[1,7]]);}));function buildApi(){return _buildApi.apply(this,arguments);}return buildApi;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:_context2.next=2;return this.api;case 2:return _context2.abrupt("return",_context2.sent.deployNow(cluster,name,namespace));case 3:case"end":return _context2.stop();}},_callee2,this);}));function deployNow(_x,_x2,_x3){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:_context3.next=2;return this.api;case 2:return _context3.abrupt("return",_context3.sent.getResult(resultId));case 3:case"end":return _context3.stop();}},_callee3,this);}));function getResult(_x4){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(resultId,ref,objectType){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:_context4.next=2;return this.api;case 2:return _context4.abrupt("return",_context4.sent.getResultObject(resultId,ref,objectType));case 3:case"end":return _context4.stop();}},_callee4,this);}));function getResultObject(_x5,_x6,_x7){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:_context5.next=2;return this.api;case 2:return _context5.abrupt("return",_context5.sent.getResultSummary(resultId));case 3:case"end":return _context5.stop();}},_callee5,this);}));function getResultSummary(_x8){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:_context6.next=2;return this.api;case 2:return _context6.abrupt("return",_context6.sent.getShortNames());case 3:case"end":return _context6.stop();}},_callee6,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:_context7.next=2;return this.api;case 2:return _context7.abrupt("return",_context7.sent.listenUpdates(filterProject,filterSubDir,handle));case 3:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x9,_x10,_x11){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:_context8.next=2;return this.api;case 2:return _context8.abrupt("return",_context8.sent.reconcileNow(cluster,name,namespace));case 3:case"end":return _context8.stop();}},_callee8,this);}));function reconcileNow(_x12,_x13,_x14){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:_context9.next=2;return this.api;case 2:return _context9.abrupt("return",_context9.sent.validateNow(project,target));case 3:case"end":return _context9.stop();}},_callee9,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()}]);return RealOrStaticApi;}();var api=new RealOrStaticApi();var RealApi=/*#__PURE__*/function(){function RealApi(){classCallCheck_classCallCheck(this,RealApi);}createClass_createClass(RealApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:url="".concat(apiUrl,"/getShortNames");return _context10.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context10.stop();}},_callee10);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(filterProject,filterSubDir,handle){var host,url,params,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host).concat(apiUrl,"/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();cancelled=false;connect=function connect(){if(cancelled){return;}console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};};connect();return _context11.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 11:case"end":return _context11.stop();}},_callee11);}));function listenUpdates(_x17,_x18,_x19){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:url="".concat(apiUrl,"/getResult?resultId=").concat(resultId);return _context12.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResult(json);}));case 2:case"end":return _context12.stop();}},_callee12);}));function getResult(_x20){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:url="".concat(apiUrl,"/getResultSummary?resultId=").concat(resultId);return _context13.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResultSummary(json);}));case 2:case"end":return _context13.stop();}},_callee13);}));function getResultSummary(_x21){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(resultId,ref,objectType){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:url="".concat(apiUrl,"/getResultObject?resultId=").concat(resultId,"&").concat(buildRefParams(ref),"&objectType=").concat(objectType);return _context14.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context14.stop();}},_callee14);}));function getResultObject(_x22,_x23,_x24){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(f,body){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:url="".concat(apiUrl,"/").concat(f);return _context15.abrupt("return",fetch(url,{method:"POST",body:JSON.stringify(body),headers:{'Accept':'application/json','Content-Type':'application/json'}}).then(handleErrors));case 2:case"end":return _context15.stop();}},_callee15);}));function doPost(_x25,_x26){return _doPost.apply(this,arguments);}return doPost;}()},{key:"validateNow",value:function(){var _validateNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:return _context16.abrupt("return",this.doPost("validateNow",{"project":project,"target":target}));case 1:case"end":return _context16.stop();}},_callee16,this);}));function validateNow(_x27,_x28){return _validateNow2.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:return _context17.abrupt("return",this.doPost("deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context17.stop();}},_callee17,this);}));function deployNow(_x29,_x30,_x31){return _deployNow2.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:return _context18.abrupt("return",this.doPost("reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context18.stop();}},_callee18,this);}));function reconcileNow(_x32,_x33,_x34){return _reconcileNow2.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:_context19.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context19.abrupt("return",staticShortNames);case 3:case"end":return _context19.stop();}},_callee19);}));function getShortNames(){return _getShortNames3.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee20(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee20$(_context20){while(1)switch(_context20.prev=_context20.next){case 0:_context20.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context20.abrupt("return",function(){});case 4:case"end":return _context20.stop();}},_callee20);}));function listenUpdates(_x35,_x36,_x37){return _listenUpdates3.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee21(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee21$(_context21){while(1)switch(_context21.prev=_context21.next){case 0:_context21.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context21.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context21.stop();}},_callee21);}));function getResult(_x38){return _getResult3.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee22(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee22$(_context22){while(1)switch(_context22.prev=_context22.next){case 0:_context22.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context22.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context22.stop();}},_callee22);}));function getResultSummary(_x39){return _getResultSummary3.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee23(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee23$(_context23){while(1)switch(_context23.prev=_context23.next){case 0:_context23.next=2;return this.getResult(resultId);case 2:result=_context23.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context23.next=6;break;}throw new Error("object not found");case 6:_context23.t0=objectType;_context23.next=_context23.t0===ObjectType.Rendered?9:_context23.t0===ObjectType.Remote?10:_context23.t0===ObjectType.Applied?11:12;break;case 9:return _context23.abrupt("return",object.rendered);case 10:return _context23.abrupt("return",object.remote);case 11:return _context23.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context23.stop();}},_callee23,this);}));function getResultObject(_x40,_x41,_x42){return _getResultObject3.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function handleErrors(response){if(!response.ok){throw Error(response.statusText);}return response;}function buildRefParams(ref){var params=new URLSearchParams();params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}return params.toString();}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}function usePromise(p){if(p===undefined){throw new Promise(function(){return undefined;});}var promise=p;if(promise.status==='fulfilled'){return promise.value;}else if(promise.status==='rejected'){throw promise.reason;}else if(promise.status==='pending'){throw promise;}else{promise.status='pending';p.then(function(result){promise.status='fulfilled';promise.value=result;},function(reason){promise.status='rejected';promise.reason=reason;});throw promise;}}
+var apiUrl="/api";var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});var RealOrStaticApi=/*#__PURE__*/function(){function RealOrStaticApi(){classCallCheck_classCallCheck(this,RealOrStaticApi);this.api=void 0;this.api=this.buildApi();}createClass_createClass(RealOrStaticApi,[{key:"buildApi",value:function(){var _buildApi=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:p=loadScript(staticPath+"/summaries.js");_context.prev=1;_context.next=4;return p;case 4:return _context.abrupt("return",new StaticApi());case 7:_context.prev=7;_context.t0=_context["catch"](1);return _context.abrupt("return",new RealApi());case 10:case"end":return _context.stop();}},_callee,null,[[1,7]]);}));function buildApi(){return _buildApi.apply(this,arguments);}return buildApi;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:_context2.next=2;return this.api;case 2:return _context2.abrupt("return",_context2.sent.deployNow(cluster,name,namespace));case 3:case"end":return _context2.stop();}},_callee2,this);}));function deployNow(_x,_x2,_x3){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:_context3.next=2;return this.api;case 2:return _context3.abrupt("return",_context3.sent.getResult(resultId));case 3:case"end":return _context3.stop();}},_callee3,this);}));function getResult(_x4){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(resultId,ref,objectType){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:_context4.next=2;return this.api;case 2:return _context4.abrupt("return",_context4.sent.getResultObject(resultId,ref,objectType));case 3:case"end":return _context4.stop();}},_callee4,this);}));function getResultObject(_x5,_x6,_x7){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:_context5.next=2;return this.api;case 2:return _context5.abrupt("return",_context5.sent.getResultSummary(resultId));case 3:case"end":return _context5.stop();}},_callee5,this);}));function getResultSummary(_x8){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:_context6.next=2;return this.api;case 2:return _context6.abrupt("return",_context6.sent.getShortNames());case 3:case"end":return _context6.stop();}},_callee6,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:_context7.next=2;return this.api;case 2:return _context7.abrupt("return",_context7.sent.listenUpdates(filterProject,filterSubDir,handle));case 3:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x9,_x10,_x11){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:_context8.next=2;return this.api;case 2:return _context8.abrupt("return",_context8.sent.reconcileNow(cluster,name,namespace));case 3:case"end":return _context8.stop();}},_callee8,this);}));function reconcileNow(_x12,_x13,_x14){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:_context9.next=2;return this.api;case 2:return _context9.abrupt("return",_context9.sent.validateNow(project,target));case 3:case"end":return _context9.stop();}},_callee9,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()}]);return RealOrStaticApi;}();var api=new RealOrStaticApi();var RealApi=/*#__PURE__*/function(){function RealApi(){classCallCheck_classCallCheck(this,RealApi);}createClass_createClass(RealApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:url="".concat(apiUrl,"/getShortNames");return _context10.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context10.stop();}},_callee10);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(filterProject,filterSubDir,handle){var host,url,params,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host).concat(apiUrl,"/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();cancelled=false;connect=function connect(){if(cancelled){return;}console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};};connect();return _context11.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 11:case"end":return _context11.stop();}},_callee11);}));function listenUpdates(_x17,_x18,_x19){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:url="".concat(apiUrl,"/getResult?resultId=").concat(resultId);return _context12.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResult(json);}));case 2:case"end":return _context12.stop();}},_callee12);}));function getResult(_x20){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:url="".concat(apiUrl,"/getResultSummary?resultId=").concat(resultId);return _context13.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResultSummary(json);}));case 2:case"end":return _context13.stop();}},_callee13);}));function getResultSummary(_x21){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(resultId,ref,objectType){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:url="".concat(apiUrl,"/getResultObject?resultId=").concat(resultId,"&").concat(buildRefParams(ref),"&objectType=").concat(objectType);return _context14.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context14.stop();}},_callee14);}));function getResultObject(_x22,_x23,_x24){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(f,body){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:url="".concat(apiUrl,"/").concat(f);return _context15.abrupt("return",fetch(url,{method:"POST",body:JSON.stringify(body),headers:{'Accept':'application/json','Content-Type':'application/json'}}).then(handleErrors));case 2:case"end":return _context15.stop();}},_callee15);}));function doPost(_x25,_x26){return _doPost.apply(this,arguments);}return doPost;}()},{key:"validateNow",value:function(){var _validateNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:return _context16.abrupt("return",this.doPost("validateNow",{"project":project,"target":target}));case 1:case"end":return _context16.stop();}},_callee16,this);}));function validateNow(_x27,_x28){return _validateNow2.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:return _context17.abrupt("return",this.doPost("deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context17.stop();}},_callee17,this);}));function deployNow(_x29,_x30,_x31){return _deployNow2.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:return _context18.abrupt("return",this.doPost("reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context18.stop();}},_callee18,this);}));function reconcileNow(_x32,_x33,_x34){return _reconcileNow2.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:_context19.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context19.abrupt("return",staticShortNames);case 3:case"end":return _context19.stop();}},_callee19);}));function getShortNames(){return _getShortNames3.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee20(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee20$(_context20){while(1)switch(_context20.prev=_context20.next){case 0:_context20.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context20.abrupt("return",function(){});case 4:case"end":return _context20.stop();}},_callee20);}));function listenUpdates(_x35,_x36,_x37){return _listenUpdates3.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee21(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee21$(_context21){while(1)switch(_context21.prev=_context21.next){case 0:_context21.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context21.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context21.stop();}},_callee21);}));function getResult(_x38){return _getResult3.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee22(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee22$(_context22){while(1)switch(_context22.prev=_context22.next){case 0:_context22.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context22.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context22.stop();}},_callee22);}));function getResultSummary(_x39){return _getResultSummary3.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee23(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee23$(_context23){while(1)switch(_context23.prev=_context23.next){case 0:_context23.next=2;return this.getResult(resultId);case 2:result=_context23.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context23.next=6;break;}throw new Error("object not found");case 6:_context23.t0=objectType;_context23.next=_context23.t0===ObjectType.Rendered?9:_context23.t0===ObjectType.Remote?10:_context23.t0===ObjectType.Applied?11:12;break;case 9:return _context23.abrupt("return",object.rendered);case 10:return _context23.abrupt("return",object.remote);case 11:return _context23.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context23.stop();}},_callee23,this);}));function getResultObject(_x40,_x41,_x42){return _getResultObject3.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function handleErrors(response){if(!response.ok){throw Error(response.statusText);}return response;}function buildRefParams(ref){var params=new URLSearchParams();params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}return params.toString();}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}function usePromise(p){if(p===undefined){throw new Promise(function(){return undefined;});}var promise=p;if(promise.status==='fulfilled'){return promise.value;}else if(promise.status==='rejected'){throw promise.reason;}else if(promise.status==='pending'){throw promise;}else{promise.status='pending';p.then(function(result){promise.status='fulfilled';promise.value=result;},function(reason){promise.status='rejected';promise.reason=reason;});throw promise;}}
 ;// CONCATENATED MODULE: ./src/project-summaries.ts
 function compareSummaries(a,b){return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime)||b.commandInfo.endTime.localeCompare(b.commandInfo.endTime)||(b.commandInfo.command||"").localeCompare(a.commandInfo.command||"");}function buildProjectSummaries(summaries,validateResults){var sorted=Array.from(summaries.values());sorted.sort(compareSummaries);var m=new Map();sorted.forEach(function(rs){var projectKey=JSON.stringify(rs.projectKey);var p=m.get(projectKey);if(!p){p={project:rs.projectKey,targets:[]};m.set(projectKey,p);}var ptKey=new ProjectTargetKey();ptKey.project=rs.projectKey;ptKey.target=rs.targetKey;var vr=validateResults.get(JSON.stringify(ptKey));var target=p.targets.find(function(t){return lodash_default().isEqual(t.target,rs.targetKey);});if(!target){target={target:rs.targetKey,lastValidateResult:vr,commandResults:[]};p.targets.push(target);}target.commandResults.push(rs);});var ret=[];m.forEach(function(p){p.targets.sort(function(a,b){var _ref;return(a.target.targetName||"").localeCompare(b.target.targetName||"")||a.target.clusterId.localeCompare(b.target.clusterId)||((_ref=a.target.discriminator||"")===null||_ref===void 0?void 0:_ref.localeCompare(b.target.discriminator||""));});ret.push(p);});ret.sort(function(a,b){return(a.project.gitRepoKey||"").localeCompare(b.project.gitRepoKey||"")||(a.project.subDir||"").localeCompare(b.project.subDir||"");});return ret;}
 ;// CONCATENATED MODULE: ./src/components/App.tsx
-function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var App=function App(){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summaries=(0,react.useRef)(new Map());var validateResults=(0,react.useRef)(new Map());(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summaries.current.set(rs.id,rs);};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summaries.current.delete(id);};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResults.current.set(JSON.stringify(key),vr);};console.log("starting listenResults");var cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[]);var projects=(0,react.useMemo)(function(){console.log("buildProjectSummaries");return buildProjectSummaries(summaries.current,validateResults.current);},[summaries,validateResults]);var appContext={summaries:summaries.current,projects:projects,validateResults:validateResults.current};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};/* harmony default export */ var components_App = (App);
+function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var App=function App(){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summariesRef=(0,react.useRef)(new Map());var validateResultsRef=(0,react.useRef)(new Map());var _useState3=(0,react.useState)(summariesRef.current),_useState4=slicedToArray_slicedToArray(_useState3,2),summaries=_useState4[0],setSummaries=_useState4[1];var _useState5=(0,react.useState)(validateResultsRef.current),_useState6=slicedToArray_slicedToArray(_useState5,2),validateResults=_useState6[0],setValidateResults=_useState6[1];(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summariesRef.current.set(rs.id,rs);setSummaries(new Map(summariesRef.current));};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summariesRef.current.delete(id);setSummaries(new Map(summariesRef.current));};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResultsRef.current.set(JSON.stringify(key),vr);setValidateResults(new Map(validateResultsRef.current));};console.log("starting listenResults");var cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[]);var projects=(0,react.useMemo)(function(){return buildProjectSummaries(summaries,validateResults);},[summaries,validateResults]);var appContext={summaries:summariesRef.current,projects:projects,validateResults:validateResults};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};/* harmony default export */ var components_App = (App);
 ;// CONCATENATED MODULE: ./src/components/targets-view/Projects.tsx
 var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/svgIconClasses.js
@@ -52708,8 +53185,10 @@ var ActionsMenu=function ActionsMenu(props){var _React$useState=react.useState(n
 /* harmony default export */ var PublishedWithChanges = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
   d: "m17.66 9.53-7.07 7.07-4.24-4.24 1.41-1.41 2.83 2.83 5.66-5.66 1.41 1.41zM4 12c0-2.33 1.02-4.42 2.62-5.88L9 8.5v-6H3l2.2 2.2C3.24 6.52 2 9.11 2 12c0 5.19 3.95 9.45 9 9.95v-2.02c-3.94-.49-7-3.86-7-7.93zm18 0c0-5.19-3.95-9.45-9-9.95v2.02c3.94.49 7 3.86 7 7.93 0 2.33-1.02 4.42-2.62 5.88L15 15.5v6h6l-2.2-2.2c1.96-1.82 3.2-4.41 3.2-7.3z"
 }), 'PublishedWithChanges'));
+;// CONCATENATED MODULE: ./src/utils/duration.ts
+function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};
 ;// CONCATENATED MODULE: ./src/components/targets-view/Targets.tsx
-var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},i);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},i);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
+var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
 ;// CONCATENATED MODULE: ./node_modules/js-yaml/dist/js-yaml.mjs
 /*! js-yaml 4.1.0 https://github.com/nodeca/js-yaml @license MIT */
 function isNothing(subject) {
@@ -56501,11 +56980,9 @@ esm_light.registerLanguage('yaml',hljs_yaml);esm_light.registerLanguage('diff',h
         </SyntaxHighlighter>
     </Box></Box>*/}
 ;// CONCATENATED MODULE: ./src/components/result-view/CommandResultStatusLine.tsx
-var StatusLine=function StatusLine(props){var children=[];var doPush=function doPush(n,t,icon){if(n){children.push(/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:n+" "+t,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"center",width:"24px",height:"24px",children:icon})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{fontSize:"10px",align:"center",children:n})]},children.length));}};doPush(props.errors,"total errors.",/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorIcon,{}));doPush(props.warnings,"total warnings.",/*#__PURE__*/(0,jsx_runtime.jsx)(WarningIcon,{}));doPush(props.newObjects,"new objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(AddedIcon,{}));doPush(props.deletedObjects,"deleted objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(TrashIcon,{}));doPush(props.orphanObjects,"orphan objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(OrphanIcon,{}));doPush(props.changedObjects,"changed objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(ChangedIcon,{}));return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",children:children});};var CommandResultStatusLine=function CommandResultStatusLine(props){var _props$rs$errors,_props$rs$warnings;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_props$rs$errors=props.rs.errors)===null||_props$rs$errors===void 0?void 0:_props$rs$errors.length,warnings:(_props$rs$warnings=props.rs.warnings)===null||_props$rs$warnings===void 0?void 0:_props$rs$warnings.length,changedObjects:props.rs.changedObjects,newObjects:props.rs.newObjects,deletedObjects:props.rs.deletedObjects,orphanObjects:props.rs.orphanObjects});};var ValidateResultStatusLine=function ValidateResultStatusLine(props){var _props$vr,_props$vr$errors,_props$vr2,_props$vr2$warnings,_props$vr3,_props$vr3$drift;return/*#__PURE__*/_jsx(StatusLine,{errors:(_props$vr=props.vr)===null||_props$vr===void 0?void 0:(_props$vr$errors=_props$vr.errors)===null||_props$vr$errors===void 0?void 0:_props$vr$errors.length,warnings:(_props$vr2=props.vr)===null||_props$vr2===void 0?void 0:(_props$vr2$warnings=_props$vr2.warnings)===null||_props$vr2$warnings===void 0?void 0:_props$vr2$warnings.length,changedObjects:(_props$vr3=props.vr)===null||_props$vr3===void 0?void 0:(_props$vr3$drift=_props$vr3.drift)===null||_props$vr3$drift===void 0?void 0:_props$vr3$drift.length});};
-;// CONCATENATED MODULE: ./src/utils/duration.ts
-function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}
+var StatusLine=function StatusLine(props){var children=[];var doPush=function doPush(n,t,icon){if(n){children.push(/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:n+" "+t,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"center",width:"24px",height:"24px",children:icon})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{fontSize:"10px",align:"center",children:n})]},t));}};doPush(props.errors,"total errors.",/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorIcon,{}));doPush(props.warnings,"total warnings.",/*#__PURE__*/(0,jsx_runtime.jsx)(WarningIcon,{}));doPush(props.newObjects,"new objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(AddedIcon,{}));doPush(props.deletedObjects,"deleted objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(TrashIcon,{}));doPush(props.orphanObjects,"orphan objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(OrphanIcon,{}));doPush(props.changedObjects,"changed objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(ChangedIcon,{}));return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",children:children});};var CommandResultStatusLine=function CommandResultStatusLine(props){var _props$rs$errors,_props$rs$warnings;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_props$rs$errors=props.rs.errors)===null||_props$rs$errors===void 0?void 0:_props$rs$errors.length,warnings:(_props$rs$warnings=props.rs.warnings)===null||_props$rs$warnings===void 0?void 0:_props$rs$warnings.length,changedObjects:props.rs.changedObjects,newObjects:props.rs.newObjects,deletedObjects:props.rs.deletedObjects,orphanObjects:props.rs.orphanObjects});};var ValidateResultStatusLine=function ValidateResultStatusLine(props){var _props$vr,_props$vr$errors,_props$vr2,_props$vr2$warnings,_props$vr3,_props$vr3$drift;return/*#__PURE__*/_jsx(StatusLine,{errors:(_props$vr=props.vr)===null||_props$vr===void 0?void 0:(_props$vr$errors=_props$vr.errors)===null||_props$vr$errors===void 0?void 0:_props$vr$errors.length,warnings:(_props$vr2=props.vr)===null||_props$vr2===void 0?void 0:(_props$vr2$warnings=_props$vr2.warnings)===null||_props$vr2$warnings===void 0?void 0:_props$vr2$warnings.length,changedObjects:(_props$vr3=props.vr)===null||_props$vr3===void 0?void 0:(_props$vr3$drift=_props$vr3.drift)===null||_props$vr3$drift===void 0?void 0:_props$vr3$drift.length});};
 ;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultItem.tsx
-var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};var CommandResultItem=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult,selected=props.selected;var navigate=dist_useNavigate();var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 5px 16px',outline:selected?'8px solid #59A588':'none'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
+var CommandResultItem=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult,selected=props.selected;var navigate=dist_useNavigate();var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 5px 16px',outline:selected?'8px solid #59A588':'none'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/TableContext.js
 
 
@@ -57069,10 +57546,14 @@ var TableRow = /*#__PURE__*/react.forwardRef(function TableRow(inProps, ref) {
 });
  false ? 0 : void 0;
 /* harmony default export */ var TableRow_TableRow = (TableRow);
+// EXTERNAL MODULE: ./node_modules/js-sha256/src/sha256.js
+var sha256 = __webpack_require__(981);
+;// CONCATENATED MODULE: ./src/utils/listKey.ts
+function buildListKey(o){var j=JSON.stringify(o);return (0,sha256.sha256)(j);}
 ;// CONCATENATED MODULE: ./src/components/result-view/ChangesTable.tsx
-var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},i);})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co,i){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},i);})})]})},i);})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
+var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},buildRefString(ref));})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},buildListKey(c));})})]})},buildRefString(co.ref));})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
 ;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
-function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},i);})})]})})})});}
+function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},buildListKey(e));})})]})})})});}
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/circularProgressClasses.js
 
 
@@ -58672,18 +59153,18 @@ var TabPanel = /*#__PURE__*/react.forwardRef(function TabPanel(inProps, ref) {
 var SidePanel=function SidePanel(props){var _props$provider;var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedTab=_useState2[0],setSelectedTab=_useState2[1];var theme=styles_useTheme_useTheme();function handleTabChange(_e,value){setSelectedTab(value);}var tabs=(_props$provider=props.provider)===null||_props$provider===void 0?void 0:_props$provider.buildSidePanelTabs();if(!tabs){tabs=[];}(0,react.useEffect)(function(){var _tabs;if(!((_tabs=tabs)!==null&&_tabs!==void 0&&_tabs.length)){setSelectedTab("");return;}if(!selectedTab){setSelectedTab(tabs[0].label);return;}if(!tabs.find(function(x){return x.label===selectedTab;})){// reset it after the type of selected item has changed
 setSelectedTab(tabs[0].label);}// ignore that it wants us to add selectedTab to the deps (it would cause and endless loop)
 // eslint-disable-next-line
-},[props.provider]);if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab,index){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},index);})})]})});};
+},[props.provider]);if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},tab.label);})})]})});};
 ;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
 var Card_excluded=["children"],Card_excluded2=["children"],Card_excluded3=["children"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function Card(_ref){var children=_ref.children,rest=objectWithoutProperties_objectWithoutProperties(_ref,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},rest),{},{children:children}));}function CardCol(_ref2){var children=_ref2.children,rest=objectWithoutProperties_objectWithoutProperties(_ref2,Card_excluded2);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}function CardRow(_ref3){var children=_ref3.children,rest=objectWithoutProperties_objectWithoutProperties(_ref3,Card_excluded3);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}
 ;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultDetailsDrawer.tsx
-var sidePanelWidth=720;function doGetRootNode(_x){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:shortNames=api.getShortNames();r=api.getResult(rs.id);_context.t0=NodeBuilder;_context.next=5;return shortNames;case 5:_context.t1=_context.sent;_context.t2=rs;_context.next=9;return r;case 9:_context.t3=_context.sent;_context.t4={shortNames:_context.t1,summary:_context.t2,commandResult:_context.t3};builder=new _context.t0(_context.t4);_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 14:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(new Promise(function(){return undefined;})),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedCommandResult=_useState4[0],setSelectedCommandResult=_useState4[1];var _useState5=(0,react.useState)(ts),_useState6=slicedToArray_slicedToArray(_useState5,2),prevTargetSummary=_useState6[0],setPrevTargetSummary=_useState6[1];var _useState7=(0,react.useState)([]),_useState8=slicedToArray_slicedToArray(_useState7,2),cardsCoords=_useState8[0],setCardsCoords=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),transitionRunning=_useState10[0],setTransitionRunning=_useState10[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}(0,react.useEffect)(function(){if(selectedCommandResult===undefined){return;}setPromise(doGetRootNode(selectedCommandResult));},[selectedCommandResult]);var Content=function Content(props){var node=usePromise(promise);return/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:node,onClose:props.onClose});};var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},i);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{onClose:props.onClose})})})})})]});});
+var sidePanelWidth=720;function doGetRootNode(_x){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:shortNames=api.getShortNames();r=api.getResult(rs.id);_context.t0=NodeBuilder;_context.next=5;return shortNames;case 5:_context.t1=_context.sent;_context.t2=rs;_context.next=9;return r;case 9:_context.t3=_context.sent;_context.t4={shortNames:_context.t1,summary:_context.t2,commandResult:_context.t3};builder=new _context.t0(_context.t4);_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 14:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(new Promise(function(){return undefined;})),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedCommandResult=_useState4[0],setSelectedCommandResult=_useState4[1];var _useState5=(0,react.useState)(ts),_useState6=slicedToArray_slicedToArray(_useState5,2),prevTargetSummary=_useState6[0],setPrevTargetSummary=_useState6[1];var _useState7=(0,react.useState)([]),_useState8=slicedToArray_slicedToArray(_useState7,2),cardsCoords=_useState8[0],setCardsCoords=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),transitionRunning=_useState10[0],setTransitionRunning=_useState10[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}(0,react.useEffect)(function(){if(selectedCommandResult===undefined){return;}setPromise(doGetRootNode(selectedCommandResult));},[selectedCommandResult]);var Content=function Content(props){var node=usePromise(promise);return/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:node,onClose:props.onClose});};var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},rs.id);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{onClose:props.onClose})})})})})]});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetDetailsDrawer.tsx
 var MyProvider=/*#__PURE__*/function(){function MyProvider(ts){var _this$ts,_this$ts$lastValidate,_this$ts$lastValidate2,_this=this;classCallCheck_classCallCheck(this,MyProvider);this.ts=void 0;this.diffStatus=void 0;this.ts=ts;this.diffStatus=new DiffStatus();(_this$ts=this.ts)===null||_this$ts===void 0?void 0:(_this$ts$lastValidate=_this$ts.lastValidateResult)===null||_this$ts$lastValidate===void 0?void 0:(_this$ts$lastValidate2=_this$ts$lastValidate.drift)===null||_this$ts$lastValidate2===void 0?void 0:_this$ts$lastValidate2.forEach(function(co){_this.diffStatus.addChangedObject(co);});}createClass_createClass(MyProvider,[{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _this$ts$lastValidate3,_this$ts$lastValidate4,_this$ts$lastValidate5,_this$ts$lastValidate6;if(!this.ts){return[];}var tabs=[{label:"Summary",content:this.buildSummaryTab()}];if(this.ts.target)if(this.diffStatus.changedObjects.length){tabs.push({label:"Drift",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}if((_this$ts$lastValidate3=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate3!==void 0&&(_this$ts$lastValidate4=_this$ts$lastValidate3.errors)!==null&&_this$ts$lastValidate4!==void 0&&_this$ts$lastValidate4.length){tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.errors})});}if((_this$ts$lastValidate5=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate5!==void 0&&(_this$ts$lastValidate6=_this$ts$lastValidate5.warnings)!==null&&_this$ts$lastValidate6!==void 0&&_this$ts$lastValidate6.length){tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.warnings})});}return tabs;}},{key:"buildSummaryTab",value:function buildSummaryTab(){var _this$ts2,_this$ts3,_this$ts4,_this$ts4$lastValidat,_this$ts4$lastValidat2,_this$ts5,_this$ts5$lastValidat,_this$ts5$lastValidat2,_this$ts6,_this$ts6$lastValidat,_this$ts6$lastValidat2;var props=[{name:"Target Name",value:this.getTargetName()},{name:"Discriminator",value:(_this$ts2=this.ts)===null||_this$ts2===void 0?void 0:_this$ts2.target.discriminator}];if((_this$ts3=this.ts)!==null&&_this$ts3!==void 0&&_this$ts3.lastValidateResult){props.push({name:"Ready",value:this.ts.lastValidateResult.ready+""});}if((_this$ts4=this.ts)!==null&&_this$ts4!==void 0&&(_this$ts4$lastValidat=_this$ts4.lastValidateResult)!==null&&_this$ts4$lastValidat!==void 0&&(_this$ts4$lastValidat2=_this$ts4$lastValidat.errors)!==null&&_this$ts4$lastValidat2!==void 0&&_this$ts4$lastValidat2.length){props.push({name:"Errors",value:this.ts.lastValidateResult.errors.length+""});}if((_this$ts5=this.ts)!==null&&_this$ts5!==void 0&&(_this$ts5$lastValidat=_this$ts5.lastValidateResult)!==null&&_this$ts5$lastValidat!==void 0&&(_this$ts5$lastValidat2=_this$ts5$lastValidat.warnings)!==null&&_this$ts5$lastValidat2!==void 0&&_this$ts5$lastValidat2.length){props.push({name:"Warnings",value:this.ts.lastValidateResult.warnings.length+""});}if((_this$ts6=this.ts)!==null&&_this$ts6!==void 0&&(_this$ts6$lastValidat=_this$ts6.lastValidateResult)!==null&&_this$ts6$lastValidat!==void 0&&(_this$ts6$lastValidat2=_this$ts6$lastValidat.drift)!==null&&_this$ts6$lastValidat2!==void 0&&_this$ts6$lastValidat2.length){props.push({name:"Drifted Objects",value:this.ts.lastValidateResult.drift.length+""});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"getTargetName",value:function getTargetName(){if(!this.ts){return"";}var name="<no-name>";if(this.ts.target.targetName){name=this.ts.target.targetName;}return name;}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getTargetName();}}]);return MyProvider;}();var TargetDetailsDrawer=/*#__PURE__*/react.memo(function(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.ts!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"600px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:new MyProvider(props.ts),onClose:props.onClose})})})});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
 var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," -").concat(curveRadius,"\n                        v ").concat(cy-rootCenterY+curveRadius*2,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," -").concat(curveRadius,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                    ");}else{// target is lower than root.
-d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var onCommandResultDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);var doSetSelectedCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var doSetSelectedTargetSummary=(0,react.useCallback)(function(ts){onCommandResultDetailsDrawerClose();setSelectedTargetSummary(ts);},[onCommandResultDetailsDrawerClose]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultDetailsDrawer,{rs:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.rs,ts:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ts,ps:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ps,onClose:onCommandResultDetailsDrawerClose,selectedCardRect:selectedCardRect}),/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:function onSelectTarget(ts){return doSetSelectedTargetSummary(ts);}})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},JSON.stringify(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return doSetSelectedCommandResult({rs:rs,ts:ts,ps:ps});}})},i);})},JSON.stringify(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},JSON.stringify(ps.project));})]});};
+d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var onCommandResultDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);var doSetSelectedCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var doSetSelectedTargetSummary=(0,react.useCallback)(function(ts){onCommandResultDetailsDrawerClose();setSelectedTargetSummary(ts);},[onCommandResultDetailsDrawerClose]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultDetailsDrawer,{rs:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.rs,ts:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ts,ps:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ps,onClose:onCommandResultDetailsDrawerClose,selectedCardRect:selectedCardRect}),/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:function onSelectTarget(ts){return doSetSelectedTargetSummary(ts);}})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return doSetSelectedCommandResult({rs:rs,ts:ts,ps:ps});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/FormControlContext.js
 
 /**
@@ -60968,4 +61449,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.34340eee.js.map
\ No newline at end of file
+//# sourceMappingURL=main.82849393.js.map
\ No newline at end of file

From cb7a74f2ce25fd057e86876d27d5d7c9a3a3dfb2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 10 Jun 2023 01:04:22 +0200
Subject: [PATCH 1166/2268] fix: Fix tests and controller client creation

---
 cmd/kluctl/commands/cmd_controller_run.go | 8 ++++----
 e2e/gitops_errors_test.go                 | 2 +-
 e2e/results_test.go                       | 2 +-
 e2e/test-utils/envtest_cluster.go         | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index a08a09016..dc9bfb130 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -131,11 +131,11 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	if cmd.WriteCommandResult {
-		wc, ok := mgr.GetClient().(client.WithWatch)
-		if !ok {
-			return fmt.Errorf("client does not implement WithWatch")
+		c, err := client.NewWithWatch(restConfig, client.Options{})
+		if err != nil {
+			return err
 		}
-		resultStore, err := results.NewResultStoreSecrets(ctx, wc, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
+		resultStore, err := results.NewResultStoreSecrets(ctx, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index c2df3e467..2d015ffaa 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -41,7 +41,7 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
-	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, nil, "", 0)
+	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, "", 0)
 	g.Expect(err).To(Succeed())
 
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 000265647..ae859d7c8 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -42,7 +42,7 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
-	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, nil, "kluctl-results", 0)
+	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0)
 	assert.NoError(t, err)
 
 	opts := results.ListCommandResultSummariesOptions{
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index c6e6d9fd6..4afba9da3 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -36,7 +36,7 @@ type EnvTestCluster struct {
 
 	HttpClient    *http.Client
 	DynamicClient dynamic.Interface
-	Client        client.Client
+	Client        client.WithWatch
 	ServerVersion *version.Info
 
 	callbackServer     webhook.Server
@@ -103,7 +103,7 @@ func (k *EnvTestCluster) Start() error {
 	}
 	k.DynamicClient = dynamicClient
 
-	c, err := client.New(k.config, client.Options{
+	c, err := client.NewWithWatch(k.config, client.Options{
 		HTTPClient: httpClient,
 		Scheme:     k.env.Scheme,
 	})

From 3fd345bcbde9e3d8fe62fe046c262a8f76d5b05e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 11 Jun 2023 22:05:36 +0200
Subject: [PATCH 1167/2268] ci: Remove cross-compile workflow (#559)

It's redundant as the goreleaser workflows already perform cross
compilation.
---
 .github/workflows/cross-compile.yaml | 36 ----------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 .github/workflows/cross-compile.yaml

diff --git a/.github/workflows/cross-compile.yaml b/.github/workflows/cross-compile.yaml
deleted file mode 100644
index e9651b820..000000000
--- a/.github/workflows/cross-compile.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-name: cross-compile
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  cross-compile:
-    runs-on: ubuntu-20.04
-    if: github.event_name != 'pull_request'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.19'
-      - uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: cross-compile-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            cross-compile-go-${{ runner.os }}-
-      - name: Build kluctl (linux)
-        run: |
-          make build GOARCH=amd64 GOOS=linux
-      - name: Build kluctl (darwin)
-        run: |
-          make build GOARCH=amd64 GOOS=darwin
-      - name: Build kluctl (windows)
-        run: |
-          make build GOARCH=amd64 GOOS=windows

From c9f389344a933acfe49c5681588ace0a08660bb5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 12 Jun 2023 23:19:01 +0200
Subject: [PATCH 1168/2268] ci: Also run tests workflow on releaser branch
 (#561)

---
 .github/workflows/tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index cb0239ea7..74553224f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - release-v*
   pull_request:
     branches:
       - main

From d78fc8783696b2bfc306acbaec8b0e1c7362a013 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Jun 2023 08:51:42 +0200
Subject: [PATCH 1169/2268] refactor: Use ResultStore interface instead of
 ResultsCollector

---
 pkg/webui/server.go    | 24 ++++++++++++------------
 pkg/webui/websocket.go |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 63db414c0..55fe6abeb 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -23,16 +23,16 @@ import (
 const webuiManager = "kluctl-webui"
 
 type CommandResultsServer struct {
-	ctx       context.Context
-	collector *results.ResultsCollector
-	cam       *clusterAccessorManager
-	vam       *validatorManager
+	ctx   context.Context
+	store results.ResultStore
+	cam   *clusterAccessorManager
+	vam   *validatorManager
 }
 
-func NewCommandResultsServer(ctx context.Context, collector *results.ResultsCollector, configs []*rest.Config) *CommandResultsServer {
+func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config) *CommandResultsServer {
 	ret := &CommandResultsServer{
-		ctx:       ctx,
-		collector: collector,
+		ctx:   ctx,
+		store: store,
 		cam: &clusterAccessorManager{
 			ctx: ctx,
 		},
@@ -42,13 +42,13 @@ func NewCommandResultsServer(ctx context.Context, collector *results.ResultsColl
 		ret.cam.add(config)
 	}
 
-	ret.vam = newValidatorManager(ctx, collector, ret.cam)
+	ret.vam = newValidatorManager(ctx, store, ret.cam)
 
 	return ret
 }
 
 func (s *CommandResultsServer) Run(port int) error {
-	l, ch, cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	l, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
@@ -165,7 +165,7 @@ func (s *CommandResultsServer) getResult(c *gin.Context) {
 		return
 	}
 
-	sr, err := s.collector.GetCommandResult(results.GetCommandResultOptions{
+	sr, err := s.store.GetCommandResult(results.GetCommandResultOptions{
 		Id:      params.ResultId,
 		Reduced: true,
 	})
@@ -190,7 +190,7 @@ func (s *CommandResultsServer) getResultSummary(c *gin.Context) {
 		return
 	}
 
-	sr, err := s.collector.GetCommandResultSummary(params.ResultId)
+	sr, err := s.store.GetCommandResultSummary(params.ResultId)
 	if err != nil {
 		_ = c.AbortWithError(http.StatusBadRequest, err)
 		return
@@ -224,7 +224,7 @@ func (s *CommandResultsServer) getResultObject(c *gin.Context) {
 		return
 	}
 
-	sr, err := s.collector.GetCommandResult(results.GetCommandResultOptions{
+	sr, err := s.store.GetCommandResult(results.GetCommandResultOptions{
 		Id:      params.ResultId,
 		Reduced: false,
 	})
diff --git a/pkg/webui/websocket.go b/pkg/webui/websocket.go
index a0690c752..2a21cb462 100644
--- a/pkg/webui/websocket.go
+++ b/pkg/webui/websocket.go
@@ -68,7 +68,7 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 }
 
 func (s *CommandResultsServer) wsHandle(c *websocket.Conn, filter *result.ProjectKey) error {
-	initial, ch, cancel, err := s.collector.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter})
+	initial, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter})
 	if err != nil {
 		return err
 	}

From 335923f122ab2812d7f69bea9da1e79cf40b0880 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Jun 2023 08:59:49 +0200
Subject: [PATCH 1170/2268] refactor: Move static routes setup into own
 function

---
 pkg/webui/server.go | 50 ++++++++++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 21 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 55fe6abeb..6aad01bd9 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -76,31 +76,11 @@ func (s *CommandResultsServer) Run(port int) error {
 
 	router := gin.Default()
 
-	dis, err := fs.ReadDir(uiFS, ".")
+	err = s.setupStaticRoutes(router)
 	if err != nil {
 		return err
 	}
 
-	for _, di := range dis {
-		if di.IsDir() {
-			x, err := fs.Sub(uiFS, di.Name())
-			if err != nil {
-				return err
-			}
-			router.StaticFS("/"+di.Name(), http.FS(x))
-		} else {
-			router.StaticFileFS("/"+di.Name(), di.Name(), http.FS(uiFS))
-		}
-	}
-	router.GET("/", func(c *gin.Context) {
-		b, err := fs.ReadFile(uiFS, "index.html")
-		if err != nil {
-			_ = c.AbortWithError(http.StatusInternalServerError, err)
-			return
-		}
-		c.Data(http.StatusOK, "text/html; charset=utf-8", b)
-	})
-
 	api := router.Group("/api")
 	api.GET("/getShortNames", s.getShortNames)
 	api.GET("/getResult", s.getResult)
@@ -128,6 +108,34 @@ func (s *CommandResultsServer) Run(port int) error {
 	return httpServer.Serve(listener)
 }
 
+func (s *CommandResultsServer) setupStaticRoutes(router gin.IRouter) error {
+	dis, err := fs.ReadDir(uiFS, ".")
+	if err != nil {
+		return err
+	}
+
+	for _, di := range dis {
+		if di.IsDir() {
+			x, err := fs.Sub(uiFS, di.Name())
+			if err != nil {
+				return err
+			}
+			router.StaticFS("/"+di.Name(), http.FS(x))
+		} else {
+			router.StaticFileFS("/"+di.Name(), di.Name(), http.FS(uiFS))
+		}
+	}
+	router.GET("/", func(c *gin.Context) {
+		b, err := fs.ReadFile(uiFS, "index.html")
+		if err != nil {
+			_ = c.AbortWithError(http.StatusInternalServerError, err)
+			return
+		}
+		c.Data(http.StatusOK, "text/html; charset=utf-8", b)
+	})
+	return nil
+}
+
 func (s *CommandResultsServer) getShortNames(c *gin.Context) {
 	c.JSON(http.StatusOK, GetShortNames())
 }

From 52db53c5bee29d38d2392ef181cb21bee9d9168e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 14:40:47 +0200
Subject: [PATCH 1171/2268] refactor: Move conversion of watch events into own
 function

---
 pkg/results/result-store-secrets.go | 55 +++++++++++++++++------------
 1 file changed, 32 insertions(+), 23 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 7f3e5cfa5..28a61cccb 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -251,6 +251,35 @@ func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary,
 	return true
 }
 
+func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchCommandResultSummaryEvent {
+	if event.Object == nil {
+		return nil
+	}
+	x2, ok := event.Object.(client.Object)
+	if !ok {
+		return nil
+	}
+	summary, err := s.parseSummary(x2.GetAnnotations())
+	if err != nil {
+		return nil
+	}
+	if !s.filterSummary(summary, filter) {
+		return nil
+	}
+	switch event.Type {
+	case watch.Deleted:
+		return &WatchCommandResultSummaryEvent{
+			Delete:  true,
+			Summary: summary,
+		}
+	case watch.Added, watch.Modified:
+		return &WatchCommandResultSummaryEvent{
+			Summary: summary,
+		}
+	}
+	return nil
+}
+
 func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
@@ -275,31 +304,11 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 
 	go func() {
 		for x := range w.ResultChan() {
-			if x.Object == nil {
+			we := s.convertWatchEvent(x, options.ProjectFilter)
+			if we == nil {
 				continue
 			}
-			x2, ok := x.Object.(client.Object)
-			if !ok {
-				continue
-			}
-			summary, err := s.parseSummary(x2.GetAnnotations())
-			if err != nil {
-				continue
-			}
-			if !s.filterSummary(summary, options.ProjectFilter) {
-				continue
-			}
-			switch x.Type {
-			case watch.Deleted:
-				ch <- WatchCommandResultSummaryEvent{
-					Delete:  true,
-					Summary: summary,
-				}
-			case watch.Added, watch.Modified:
-				ch <- WatchCommandResultSummaryEvent{
-					Summary: summary,
-				}
-			}
+			ch <- *we
 		}
 		close(ch)
 	}()

From 9ad61feb931e5ec68068c80078bc28b260ac8d20 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 14:42:42 +0200
Subject: [PATCH 1172/2268] fix: Actually delete temporary files

---
 pkg/webui/staticbuilder.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index 142b5f148..70b209c3f 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -27,7 +27,7 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 	if err != nil {
 		return err
 	}
-	//defer os.RemoveAll(tmpDir)
+	defer os.RemoveAll(tmpDir)
 
 	summaries, err := swb.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
 	if err != nil {

From ffb3ffd9bc3cc74f276b464d35c37daf4ff10693 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:06:03 +0200
Subject: [PATCH 1173/2268] fix: More reliable WaitForResults

---
 cmd/kluctl/commands/cmd_webui.go |  8 +++++++-
 pkg/results/results-collector.go | 32 ++++++++++++++++++++------------
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 2ae1a520c..e3614cb85 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -32,7 +32,13 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 	collector.Start()
 
 	if cmd.StaticPath != "" {
-		collector.WaitForInitialSync()
+		st := status.Start(ctx, "Collecting results")
+		defer st.Failed()
+		err = collector.WaitForResults(time.Second, time.Second*30)
+		if err != nil {
+			return err
+		}
+		st.Success()
 		sbw := webui.NewStaticWebuiBuilder(collector)
 		return sbw.Build(cmd.StaticPath)
 	} else {
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 2237c33a8..f053406d5 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -17,8 +17,7 @@ type ResultsCollector struct {
 	resultSummaries map[string]summaryEntry
 	watches         []*watchEntry
 
-	initialWG sync.WaitGroup
-	mutex     sync.Mutex
+	mutex sync.Mutex
 }
 
 type summaryEntry struct {
@@ -40,8 +39,6 @@ func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsColl
 		resultSummaries: map[string]summaryEntry{},
 	}
 
-	ret.initialWG.Add(len(stores))
-
 	return ret
 }
 
@@ -49,8 +46,25 @@ func (rc *ResultsCollector) Start() {
 	rc.startWatchResults()
 }
 
-func (rc *ResultsCollector) WaitForInitialSync() {
-	rc.initialWG.Wait()
+func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeout time.Duration) error {
+	_, ch, cancel, err := rc.WatchCommandResultSummaries(ListCommandResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	defer cancel()
+
+	totalCh := time.After(totalTimeout)
+	for {
+		idleCh := time.After(idleTimeout)
+		select {
+		case <-ch:
+			continue
+		case <-idleCh:
+			return nil
+		case <-totalCh:
+			return fmt.Errorf("result collector kept receiving results even after the total timeout")
+		}
+	}
 }
 
 func (rc *ResultsCollector) startWatchResults() {
@@ -60,7 +74,6 @@ func (rc *ResultsCollector) startWatchResults() {
 }
 
 func (rc *ResultsCollector) runWatchResults(store ResultStore) {
-	initial := true
 	for {
 		l, ch, _, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{})
 		if err != nil {
@@ -68,11 +81,6 @@ func (rc *ResultsCollector) runWatchResults(store ResultStore) {
 			continue
 		}
 
-		if initial {
-			rc.initialWG.Done()
-			initial = false
-		}
-
 		for _, rs := range l {
 			rc.handleUpdate(store, WatchCommandResultSummaryEvent{
 				Summary: rs,

From 2f512ceeab0e6348f364d8c2051c0d59d3437141 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:22:17 +0200
Subject: [PATCH 1174/2268] feat: Implement webui auth based on a simple admin
 account

---
 cmd/kluctl/commands/cmd_webui.go              |  23 +-
 go.mod                                        |   5 +-
 go.sum                                        |  13 +-
 pkg/webui/auth.go                             | 274 ++++++++++++++++++
 pkg/webui/server.go                           |  45 ++-
 pkg/webui/ui/src/api.tsx                      | 244 ++++++++--------
 pkg/webui/ui/src/components/App.tsx           | 113 +++++++-
 pkg/webui/ui/src/components/Loading.tsx       |  26 +-
 pkg/webui/ui/src/components/Login.tsx         |  56 ++++
 pkg/webui/ui/src/components/ObjectYaml.tsx    |  35 +--
 pkg/webui/ui/src/components/Router.tsx        |   3 +-
 .../result-view/CommandResultView.tsx         |  39 ++-
 .../CommandResultDetailsDrawer.tsx            |  43 +--
 .../src/components/targets-view/Targets.tsx   |   5 +-
 pkg/webui/websocket.go                        |  62 +++-
 15 files changed, 789 insertions(+), 197 deletions(-)
 create mode 100644 pkg/webui/auth.go
 create mode 100644 pkg/webui/ui/src/components/Login.tsx

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index e3614cb85..344882505 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 type webuiCmd struct {
@@ -15,6 +17,9 @@ type webuiCmd struct {
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
 	StaticPath  string   `group:"misc" help:"Build static webui."`
+
+	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality."`
+	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
 }
 
 func (cmd *webuiCmd) Help() string {
@@ -22,6 +27,22 @@ func (cmd *webuiCmd) Help() string {
 }
 
 func (cmd *webuiCmd) Run(ctx context.Context) error {
+	var inClusterClient client.Client
+	if cmd.InCluster {
+		configOverrides := &clientcmd.ConfigOverrides{
+			CurrentContext: cmd.InClusterContext,
+		}
+		config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+			clientcmd.NewDefaultClientConfigLoadingRules(),
+			configOverrides).ClientConfig()
+		if err != nil {
+			return err
+		}
+		inClusterClient, err = client.NewWithWatch(config, client.Options{})
+		if err != nil {
+			return err
+		}
+	}
 
 	stores, configs, err := cmd.createResultStores(ctx)
 	if err != nil {
@@ -42,7 +63,7 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		sbw := webui.NewStaticWebuiBuilder(collector)
 		return sbw.Build(cmd.StaticPath)
 	} else {
-		server := webui.NewCommandResultsServer(ctx, collector, configs)
+		server := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, inClusterClient != nil)
 		return server.Run(cmd.Port)
 	}
 }
diff --git a/go.mod b/go.mod
index d79fdb2ba..07201c049 100644
--- a/go.mod
+++ b/go.mod
@@ -74,6 +74,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
+	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
@@ -176,6 +177,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/karrick/godirwalk v1.17.0 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -186,6 +188,7 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -201,6 +204,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
+	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -259,7 +263,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	k8s.io/kubectl v0.27.1 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 7e2749e3d..ff2d7461d 100644
--- a/go.sum
+++ b/go.sum
@@ -343,8 +343,11 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
 github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
@@ -456,6 +459,7 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -549,8 +553,9 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
+github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
@@ -627,8 +632,9 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
@@ -691,7 +697,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
 github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
+github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
+github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
 github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
 github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
new file mode 100644
index 000000000..fb9cc97e1
--- /dev/null
+++ b/pkg/webui/auth.go
@@ -0,0 +1,274 @@
+package webui
+
+import (
+	"context"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v4"
+	corev1 "k8s.io/api/core/v1"
+	"net/http"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
+	"time"
+)
+
+const (
+	tokenValidTime      = 1 * time.Hour
+	tokenMaxRefreshTime = 2 * time.Hour
+)
+
+type login struct {
+	Username string `form:"username" json:"username" binding:"required"`
+	Password string `form:"password" json:"password" binding:"required"`
+}
+
+type authHandler struct {
+	ctx context.Context
+
+	adminEnabled bool
+
+	serverClient    client.Client
+	webuiSecretName string
+}
+
+type User struct {
+	Username string `json:"username"`
+	IsAdmin  bool   `json:"isAdmin"`
+}
+
+func (s *authHandler) setupAuth(r gin.IRouter) error {
+	r.POST("/auth/login", s.loginHandler)
+	r.POST("/auth/refresh", s.refreshTokenHandler)
+	r.GET("/auth/user", s.authHandler, s.userHandler)
+
+	return nil
+}
+
+func (s *authHandler) loginHandler(c *gin.Context) {
+	if !s.adminEnabled {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	var loginVals login
+	if err := c.ShouldBind(&loginVals); err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+	userID := loginVals.Username
+	password := loginVals.Password
+
+	as, err := s.getAdminSecrets()
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	if userID != "admin" || password != as.adminPassword {
+		// we only support the admin account at the moment
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	token, err := s.createAdminToken(userID, as)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	c.JSON(http.StatusOK, map[string]any{
+		"token": token,
+	})
+}
+
+func (s *authHandler) refreshTokenHandler(c *gin.Context) {
+	if !s.adminEnabled {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	oldToken := s.getBearerToken(c)
+	if oldToken == "" {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	as, err := s.getAdminSecrets()
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	claims, err := s.checkIfAdminTokenExpired(oldToken, as)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+	user := s.getAdminUserFromClaims(claims)
+
+	newToken, err := s.createAdminToken(user.Username, as)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	c.JSON(http.StatusOK, map[string]any{
+		"token": newToken,
+	})
+}
+
+func (s *authHandler) createAdminToken(username string, as adminSecrets) (string, error) {
+	// Create the token
+	token := jwt.New(jwt.SigningMethodHS256)
+	claims := token.Claims.(jwt.MapClaims)
+	claims["id"] = username
+
+	expire := time.Now().Add(tokenValidTime)
+	claims["exp"] = expire.Unix()
+	claims["orig_iat"] = time.Now().Unix()
+	tokenString, err := token.SignedString(as.secret)
+	if err != nil {
+		return "", err
+	}
+	return tokenString, nil
+}
+
+func (s *authHandler) checkIfAdminTokenExpired(token string, as adminSecrets) (jwt.MapClaims, error) {
+	jt, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
+		return as.secret, nil
+	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
+	if err != nil {
+		validationErr, ok := err.(*jwt.ValidationError)
+		if !ok || validationErr.Errors != jwt.ValidationErrorExpired {
+			return nil, err
+		}
+	}
+
+	claims := jt.Claims.(jwt.MapClaims)
+
+	origIat := int64(claims["orig_iat"].(float64))
+
+	if origIat < time.Now().Add(-tokenMaxRefreshTime).Unix() {
+		return nil, fmt.Errorf("token expired")
+	}
+
+	return claims, nil
+}
+
+func (s *authHandler) getBearerToken(c *gin.Context) string {
+	authHeader := c.GetHeader("Authorization")
+	if authHeader == "" {
+		return ""
+	}
+
+	parts := strings.SplitN(authHeader, " ", 2)
+	if len(parts) != 2 || parts[0] != "Bearer" {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return ""
+	}
+
+	return parts[1]
+}
+
+func (s *authHandler) getUser(c *gin.Context) *User {
+	if s == nil {
+		return nil
+	}
+	token := s.getBearerToken(c)
+	if token == "" {
+		return nil
+	}
+	return s.getUserFromToken(token)
+}
+
+func (s *authHandler) getUserFromToken(token string) *User {
+	user := s.getAdminUser(token)
+	if user != nil {
+		return user
+	}
+	return nil
+}
+
+func (s *authHandler) getAdminUser(token string) *User {
+	as, err := s.getAdminSecrets()
+	if err != nil {
+		return nil
+	}
+
+	jt, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
+		return as.secret, nil
+	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
+	if err != nil {
+		return nil
+	}
+
+	claims, ok := jt.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil
+	}
+
+	return s.getAdminUserFromClaims(claims)
+}
+
+func (s *authHandler) getAdminUserFromClaims(claims jwt.MapClaims) *User {
+	x, ok := claims["id"]
+	if !ok {
+		return nil
+	}
+	id, ok := x.(string)
+	if !ok {
+		return nil
+	}
+
+	return &User{
+		Username: id,
+		IsAdmin:  true,
+	}
+}
+
+func (s *authHandler) authHandler(c *gin.Context) {
+	if s == nil {
+		return
+	}
+	if s.getUser(c) == nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+	}
+}
+
+func (s *authHandler) userHandler(c *gin.Context) {
+	user := s.getUser(c)
+	c.JSON(http.StatusOK, user)
+}
+
+type adminSecrets struct {
+	secret        []byte
+	adminPassword string
+}
+
+func (s *authHandler) getAdminSecrets() (adminSecrets, error) {
+	if s.serverClient == nil {
+		return adminSecrets{}, fmt.Errorf("no serverClient set")
+	}
+
+	var secret corev1.Secret
+	err := s.serverClient.Get(s.ctx, client.ObjectKey{Name: s.webuiSecretName, Namespace: "kluctl-system"}, &secret)
+	if err != nil {
+		return adminSecrets{}, err
+	}
+
+	var ret adminSecrets
+
+	x, ok := secret.Data["secret"]
+	if !ok {
+		return adminSecrets{}, fmt.Errorf("admin secret %s has no 'secret' key", s.webuiSecretName)
+	}
+	ret.secret = x
+
+	x, ok = secret.Data["adminPassword"]
+	if !ok {
+		return adminSecrets{}, fmt.Errorf("admin secret %s has no adminPassword", s.webuiSecretName)
+	}
+	ret.adminPassword = string(x)
+
+	return ret, nil
+}
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6aad01bd9..31b45181c 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -27,15 +27,35 @@ type CommandResultsServer struct {
 	store results.ResultStore
 	cam   *clusterAccessorManager
 	vam   *validatorManager
+
+	// this is the client for the k8s cluster where the server runs on
+	serverClient client.Client
+
+	auth *authHandler
 }
 
-func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config) *CommandResultsServer {
+func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config, serverClient client.Client, authEnabled bool) *CommandResultsServer {
 	ret := &CommandResultsServer{
 		ctx:   ctx,
 		store: store,
 		cam: &clusterAccessorManager{
 			ctx: ctx,
 		},
+		serverClient: serverClient,
+	}
+
+	adminEnabled := false
+	if serverClient != nil {
+		adminEnabled = true
+	}
+
+	if authEnabled {
+		ret.auth = &authHandler{
+			ctx:             ctx,
+			adminEnabled:    adminEnabled,
+			serverClient:    serverClient,
+			webuiSecretName: "admin-secret",
+		}
 	}
 
 	for _, config := range configs {
@@ -76,19 +96,28 @@ func (s *CommandResultsServer) Run(port int) error {
 
 	router := gin.Default()
 
+	if s.auth != nil {
+		err = s.auth.setupAuth(router)
+		if err != nil {
+			return err
+		}
+	}
+
 	err = s.setupStaticRoutes(router)
 	if err != nil {
 		return err
 	}
 
 	api := router.Group("/api")
-	api.GET("/getShortNames", s.getShortNames)
-	api.GET("/getResult", s.getResult)
-	api.GET("/getResultSummary", s.getResultSummary)
-	api.GET("/getResultObject", s.getResultObject)
-	api.POST("/validateNow", s.validateNow)
-	api.POST("/reconcileNow", s.reconcileNow)
-	api.POST("/deployNow", s.deployNow)
+	api.GET("/getShortNames", s.auth.authHandler, s.getShortNames)
+	api.GET("/getResult", s.auth.authHandler, s.getResult)
+	api.GET("/getResultSummary", s.auth.authHandler, s.getResultSummary)
+	api.GET("/getResultObject", s.auth.authHandler, s.getResultObject)
+	api.POST("/validateNow", s.auth.authHandler, s.validateNow)
+	api.POST("/reconcileNow", s.auth.authHandler, s.reconcileNow)
+	api.POST("/deployNow", s.auth.authHandler, s.deployNow)
+
+	// handles authentication via the first message
 	api.Any("/ws", s.ws)
 
 	address := fmt.Sprintf(":%d", port)
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index f175bbd9a..b70f1d8bc 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -15,7 +15,6 @@ import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
 import { sleep } from "./utils/misc";
 
-const apiUrl = "/api"
 const staticPath = "./staticdata"
 
 export enum ObjectType {
@@ -24,6 +23,11 @@ export enum ObjectType {
     Applied = "applied",
 }
 
+export interface User {
+    username: string
+    isAdmin: boolean
+}
+
 export interface Api {
     getShortNames(): Promise<ShortName[]>
     listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
@@ -35,64 +39,109 @@ export interface Api {
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
 }
 
-class RealOrStaticApi implements Api {
-    api: Promise<Api>
-
-    constructor() {
-        this.api = this.buildApi()
-    }
-
-    async buildApi(): Promise<Api> {
-        const p = loadScript(staticPath + "/summaries.js")
-        try {
-            await p
-            return new StaticApi()
-        } catch (error) {
-            return new RealApi()
-        }
-    }
-
-    async deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
-        return (await this.api).deployNow(cluster, name, namespace)
-    }
-
-    async getResult(resultId: string): Promise<CommandResult> {
-        return (await this.api).getResult(resultId)
+export async function checkStaticBuild() {
+    const p = loadScript(staticPath + "/summaries.js")
+    try {
+        await p
+        return true
+    } catch (error) {
+        return false
     }
+}
 
-    async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
-        return (await this.api).getResultObject(resultId, ref, objectType)
-    }
+export class RealApi implements Api {
+    getToken: (() => string) | undefined;
+    onUnauthorized: () => void;
+    onTokenRefresh: (newToken: string) => void;
 
-    async getResultSummary(resultId: string): Promise<CommandResultSummary> {
-        return (await this.api).getResultSummary(resultId)
+    constructor(getToken: (() => string) | undefined, onUnauthorized: () => void, onTokenRefresh: (newToken: string) => void) {
+        this.getToken = getToken
+        this.onUnauthorized = onUnauthorized
+        this.onTokenRefresh = onTokenRefresh
     }
 
-    async getShortNames(): Promise<ShortName[]> {
-        return (await this.api).getShortNames()
+    setAuthorizationHeader(headers: any) {
+        if (!this.getToken) {
+            return
+        }
+        headers['Authorization'] = "Bearer " + this.getToken()
     }
 
-    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
-        return (await this.api).listenUpdates(filterProject, filterSubDir, handle)
+    async refreshToken() {
+        const headers = {
+            'Accept': 'application/json',
+        }
+        this.setAuthorizationHeader(headers)
+        const resp = await fetch("/auth/refresh", {
+            method: "POST",
+            headers: headers,
+        })
+        if (resp.status === 401) {
+            this.onUnauthorized()
+            throw Error(resp.statusText)
+        }
+        const j = await resp.json()
+        this.onTokenRefresh(j.token)
+    }
+
+    async handleErrors(response: Response, retry?: () => Promise<Response>): Promise<Response> {
+        if (!response.ok) {
+            if (response.status === 401) {
+                if (retry) {
+                    console.log("retrying with token refresh")
+                    await this.refreshToken()
+                    const newResp = await retry()
+                    return await this.handleErrors(newResp)
+                } else {
+                    this.onUnauthorized()
+                }
+            }
+            throw Error(response.statusText)
+        }
+        return response
     }
 
-    async reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
-        return (await this.api).reconcileNow(cluster, name, namespace)
+    async doGet(path: string, params?: URLSearchParams) {
+        let url = path
+        if (params) {
+            url += "?" + params.toString()
+        }
+        const doFetch = () => {
+            const headers = {
+                'Accept': 'application/json',
+            }
+            this.setAuthorizationHeader(headers)
+            return fetch(url, {
+                method: "GET",
+                headers: headers,
+            })
+        }
+        let resp = await doFetch()
+        resp = await this.handleErrors(resp, doFetch)
+        return resp.json()
     }
 
-    async validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
-        return (await this.api).validateNow(project, target)
+    async doPost(path: string, body: any) {
+        let url = path
+        const doFetch = () => {
+            const headers = {
+                'Accept': 'application/json',
+                'Content-Type': 'application/json'
+            }
+            this.setAuthorizationHeader(headers)
+            return fetch(url, {
+                method: "POST",
+                body: JSON.stringify(body),
+                headers: headers,
+            })
+        }
+        let resp = await doFetch()
+        resp = await this.handleErrors(resp, doFetch)
+        return resp
     }
-}
-
-export const api = new RealOrStaticApi()
 
-class RealApi implements Api {
     async getShortNames(): Promise<ShortName[]> {
-        let url = `${apiUrl}/getShortNames`
-        return fetch(url)
-            .then(handleErrors)
-            .then((response) => response.json());
+        return this.doGet("/api/getShortNames")
     }
 
     async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
@@ -100,7 +149,7 @@ class RealApi implements Api {
         if (process.env.NODE_ENV === 'development') {
             host = "localhost:9090"
         }
-        let url = `ws://${host}${apiUrl}/ws`
+        let url = `ws://${host}/api/ws`
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)
@@ -110,10 +159,11 @@ class RealApi implements Api {
         }
         url += "?" + params.toString()
 
+        const getToken = this.getToken
         let ws: WebSocket | undefined;
         let cancelled = false
 
-        const connect = () => {
+        const connect = async () => {
             if (cancelled) {
                 return
             }
@@ -122,6 +172,9 @@ class RealApi implements Api {
             ws = new WebSocket(url);
             ws.onopen = function () {
                 console.log("ws connected")
+                if (getToken) {
+                    ws!.send(JSON.stringify({ "type": "auth", "token": getToken() }))
+                }
             }
             ws.onclose = function (event) {
                 console.log("ws close")
@@ -141,7 +194,7 @@ class RealApi implements Api {
             }
         }
 
-        connect()
+        await connect()
 
         return () => {
             console.log("ws cancel")
@@ -153,53 +206,36 @@ class RealApi implements Api {
     }
 
     async getResult(resultId: string) {
-        let url = `${apiUrl}/getResult?resultId=${resultId}`
-        return fetch(url)
-            .then(handleErrors)
-            .then(response => response.text())
-            .then(json => {
-                return new CommandResult(json)
-            });
+        const params = new URLSearchParams()
+        params.set("resultId", resultId)
+        const json = await this.doGet("/api/getResult", params)
+        return new CommandResult(json)
     }
 
     async getResultSummary(resultId: string) {
-        let url = `${apiUrl}/getResultSummary?resultId=${resultId}`
-        return fetch(url)
-            .then(handleErrors)
-            .then(response => response.text())
-            .then(json => {
-                return new CommandResultSummary(json)
-            });
+        const params = new URLSearchParams()
+        params.set("resultId", resultId)
+        const json = await this.doGet("/api/getResultSummary", params)
+        return new CommandResultSummary(json)
     }
 
     async getResultObject(resultId: string, ref: ObjectRef, objectType: string) {
-        let url = `${apiUrl}/getResultObject?resultId=${resultId}&${buildRefParams(ref)}&objectType=${objectType}`
-        return fetch(url)
-            .then(handleErrors)
-            .then(response => response.json());
-    }
-
-    async doPost(f: string, body: any) {
-        let url = `${apiUrl}/${f}`
-        return fetch(url, {
-            method: "POST",
-            body: JSON.stringify(body),
-            headers: {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json'
-            },
-        }).then(handleErrors);
+        const params = new URLSearchParams()
+        params.set("resultId", resultId)
+        params.set("objectType", objectType)
+        buildRefParams(ref, params)
+        return await this.doGet("/api/getResultObject", params)
     }
 
     async validateNow(project: ProjectKey, target: TargetKey) {
-        return this.doPost("validateNow", {
+        return this.doPost("/api/validateNow", {
             "project": project,
             "target": target,
         })
     }
 
     async deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
-        return this.doPost("deployNow", {
+        return this.doPost("/api/deployNow", {
             "cluster": cluster,
             "name": name,
             "namespace": namespace,
@@ -207,7 +243,7 @@ class RealApi implements Api {
     }
 
     async reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
-        return this.doPost("reconcileNow", {
+        return this.doPost("/api/reconcileNow", {
             "cluster": cluster,
             "name": name,
             "namespace": namespace,
@@ -215,7 +251,7 @@ class RealApi implements Api {
     }
 }
 
-class StaticApi implements Api {
+export class StaticApi implements Api {
     async getShortNames(): Promise<ShortName[]> {
         await loadScript(staticPath + "/shortnames.js")
         return staticShortNames
@@ -244,12 +280,14 @@ class StaticApi implements Api {
         await loadScript(staticPath + `/result-${resultId}.js`)
         return staticResults.get(resultId)
     }
+
     async getResultSummary(resultId: string): Promise<CommandResultSummary> {
         await loadScript(staticPath + "/summaries.js")
         return staticSummaries.filter(s => {
             return s.id === resultId
         }).at(0)
     }
+
     async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
         const result = await this.getResult(resultId)
         const object = result.objects?.find(x => _.isEqual(x.ref, ref))
@@ -267,26 +305,21 @@ class StaticApi implements Api {
                 throw new Error("unknown object type " + objectType)
         }
     }
+
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
         throw new Error("not implemented")
     }
+
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
         throw new Error("not implemented")
     }
+
     deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
         throw new Error("not implemented")
     }
 }
 
-function handleErrors(response: Response) {
-    if (!response.ok) {
-        throw Error(response.statusText)
-    }
-    return response
-}
-
-function buildRefParams(ref: ObjectRef): string {
-    const params = new URLSearchParams()
+function buildRefParams(ref: ObjectRef, params: URLSearchParams) {
     params.set("kind", ref.kind)
     params.set("name", ref.name)
     if (ref.group) {
@@ -298,7 +331,6 @@ function buildRefParams(ref: ObjectRef): string {
     if (ref.namespace) {
         params.set("namespace", ref.namespace)
     }
-    return params.toString()
 }
 
 export function buildRefString(ref: ObjectRef): string {
@@ -347,31 +379,3 @@ export function findObjectByRef(l: ResultObject[] | undefined, ref: ObjectRef, f
         return _.isEqual(x.ref, ref)
     })
 }
-
-export function usePromise<T>(p?: Promise<T>): T  {
-    if (p === undefined) {
-        throw new Promise<T>(() => undefined)
-    }
-
-    const promise = p as any
-    if (promise.status === 'fulfilled') {
-        return promise.value;
-    } else if (promise.status === 'rejected') {
-        throw promise.reason;
-    } else if (promise.status === 'pending') {
-        throw promise;
-    } else {
-        promise.status = 'pending';
-        p.then(
-            result => {
-                promise.status = 'fulfilled';
-                promise.value = result;
-            },
-            reason => {
-                promise.status = 'rejected';
-                promise.reason = reason;
-            },
-        );
-        throw promise;
-    }
-}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 82f605ddb..e7c100e0f 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,13 @@
-import React, { createContext, Dispatch, SetStateAction, useEffect, useMemo, useRef, useState } from 'react';
+import React, {
+    createContext,
+    Dispatch,
+    SetStateAction,
+    useContext,
+    useEffect,
+    useMemo,
+    useRef,
+    useState
+} from 'react';
 
 import '../index.css';
 import { Box, ThemeProvider } from "@mui/material";
@@ -7,8 +16,10 @@ import LeftDrawer from "./LeftDrawer";
 import { light } from './theme';
 import { ActiveFilters } from './result-view/NodeStatusFilter';
 import { CommandResultSummary, ProjectTargetKey, ValidateResult } from "../models";
-import { api } from "../api";
+import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
 import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
+import Login from "./Login";
+import { Loading } from "./Loading";
 
 export interface AppOutletContext {
     filters?: ActiveFilters
@@ -29,7 +40,10 @@ export const AppContext = createContext<AppContextProps>({
     validateResults: new Map(),
 });
 
-const App = () => {
+export const ApiContext = createContext<Api>(new StaticApi())
+
+const LoggedInApp = (props: {onUnauthorized: () => void}) => {
+    const api = useContext(ApiContext)
     const [filters, setFilters] = useState<ActiveFilters>()
 
     const summariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
@@ -37,6 +51,8 @@ const App = () => {
     const [summaries, setSummaries] = useState(summariesRef.current)
     const [validateResults, setValidateResults] = useState(validateResultsRef.current)
 
+    const onUnauthorized = props.onUnauthorized
+
     useEffect(() => {
         const updateSummary = (rs: CommandResultSummary) => {
             console.log("update_summary", rs.id, rs.commandInfo.startTime)
@@ -57,7 +73,8 @@ const App = () => {
         }
 
         console.log("starting listenResults")
-        const cancel = api.listenUpdates(undefined, undefined, msg => {
+        let cancel: Promise<() => void>
+        cancel = api.listenUpdates(undefined, undefined, msg => {
             switch(msg.type) {
                 case "update_summary":
                     updateSummary(msg.summary)
@@ -68,13 +85,18 @@ const App = () => {
                 case "validate_result":
                     updateValidateResult(msg.key, msg.result)
                     break
+                case "auth_result":
+                    if (!msg.success) {
+                        cancel.then(c => c())
+                        onUnauthorized()
+                    }
             }
         })
         return () => {
             console.log("cancel listenResults")
             cancel.then(c => c())
         }
-    }, [])
+    }, [api, onUnauthorized])
 
     const projects = useMemo(() => {
         return buildProjectSummaries(summaries, validateResults)
@@ -102,4 +124,85 @@ const App = () => {
     );
 };
 
+const App = () => {
+    const [api, setApi] = useState<Api>()
+    const [needToken, setNeedToken] = useState(false)
+
+    const storage = localStorage
+
+    const getToken = () => {
+        const token = storage.getItem("token")
+        if (!token) {
+            return ""
+        }
+        return JSON.parse(token)
+    }
+    const setToken = (token?: string) => {
+        if (!token) {
+            storage.removeItem("token")
+        } else {
+            storage.setItem("token", JSON.stringify(token))
+        }
+    }
+
+    const onUnauthorized = () => {
+        console.log("handle onUnauthorized")
+        setToken(undefined)
+        setApi(undefined)
+        setNeedToken(true)
+    }
+    const onTokenRefresh = (newToken: string) => {
+        console.log("handle onTokenRefresh")
+        setToken(newToken)
+    }
+
+    const handleLoginSucceeded = (token: string) => {
+        console.log("handle saveToken")
+        setToken(token);
+        setApi(new RealApi(getToken, onUnauthorized, onTokenRefresh))
+    };
+
+    useEffect(() => {
+        if (api) {
+            return
+        }
+
+        const doInit = async () => {
+            const isStatic = await checkStaticBuild()
+            if (isStatic) {
+                setApi(new StaticApi())
+            } else {
+                // check if we don't need auth (running locally?)
+                const noAuthApi = new RealApi(undefined, onUnauthorized, onTokenRefresh)
+                try {
+                    await noAuthApi.getShortNames()
+                    setToken(undefined)
+                    setNeedToken(false)
+                    setApi(noAuthApi)
+                } catch (error) {
+                    if (!getToken()) {
+                        setNeedToken(true)
+                    } else {
+                        setApi(new RealApi(getToken, onUnauthorized, onTokenRefresh))
+                    }
+                }
+            }
+        }
+        doInit()
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [])
+
+    if (needToken && !getToken()) {
+        return <Login setToken={handleLoginSucceeded} />
+    }
+
+    if (!api) {
+        return <Loading/>
+    }
+
+    return <ApiContext.Provider value={api}>
+        <LoggedInApp onUnauthorized={onUnauthorized}/>
+    </ApiContext.Provider>
+}
+
 export default App;
diff --git a/pkg/webui/ui/src/components/Loading.tsx b/pkg/webui/ui/src/components/Loading.tsx
index 9b26bf95e..307f9d34b 100644
--- a/pkg/webui/ui/src/components/Loading.tsx
+++ b/pkg/webui/ui/src/components/Loading.tsx
@@ -1,4 +1,5 @@
 import { Box, CircularProgress } from "@mui/material";
+import { DependencyList, useEffect, useState } from "react";
 
 export const Loading = () => {
     return <Box display={"flex"} height={"100%"}>
@@ -12,4 +13,27 @@ export const Loading = () => {
             <CircularProgress/>
         </Box>
     </Box>
-}
\ No newline at end of file
+}
+
+export function useLoadingHelper<T>(load: () => Promise<T>, deps: DependencyList): [boolean, any, T | undefined] {
+    const [loading, setLoading] = useState(true)
+    const [error, setError] = useState<any>()
+    const [content, setContent] = useState<T>()
+
+    useEffect(() => {
+        const doStartLoading = async () => {
+            try {
+                const c = await load()
+                setContent(c)
+                setLoading(false)
+            } catch (error) {
+                setError(error)
+                setLoading(false)
+            }
+        }
+        doStartLoading()
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [...deps, load])
+
+    return [loading, error, content]
+}
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
new file mode 100644
index 000000000..b1fd66064
--- /dev/null
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -0,0 +1,56 @@
+import React, { SyntheticEvent, useState } from 'react';
+
+//import './Login.css';
+
+interface loginCredentials {
+    username: string
+    password: string
+}
+
+async function loginUser(creds: loginCredentials) {
+    const url = `/auth/login`
+    return fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(creds)
+    }).then(data => data.json())
+        .then(token => token.token)
+}
+
+export default function Login(props: { setToken: (token: string) => void}) {
+    const [username, setUserName] = useState<string>();
+    const [password, setPassword] = useState<string>();
+
+    const handleSubmit = async (e: SyntheticEvent) => {
+        e.preventDefault();
+        if (!username || !password) {
+            return
+        }
+        const token = await loginUser({
+            username: username,
+            password: password,
+        });
+        props.setToken(token);
+    }
+
+    return(
+        <div className="login-wrapper">
+            <h1>Please Log In</h1>
+            <form onSubmit={handleSubmit}>
+                <label>
+                    <p>Username</p>
+                    <input type="text" onChange={e => setUserName(e.target.value)} />
+                </label>
+                <label>
+                    <p>Password</p>
+                    <input type="password" onChange={e => setPassword(e.target.value)} />
+                </label>
+                <div>
+                    <button type="submit">Submit</button>
+                </div>
+            </form>
+        </div>
+    )
+}
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 80a71a2b8..388931dcd 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -1,28 +1,25 @@
 import { CommandResultProps } from "./result-view/CommandResultView";
 import { ObjectRef } from "../models";
-import { api, ObjectType, usePromise } from "../api";
-import React, { Suspense, useEffect, useState } from "react";
+import { ObjectType } from "../api";
+import React, { useContext } from "react";
 import { CodeViewer } from "./CodeViewer";
 
+import { Loading, useLoadingHelper } from "./Loading";
+import { ApiContext } from "./App";
 import * as yaml from 'js-yaml';
-import { Loading } from "./Loading";
 
 export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType}) => {
-    const [promise, setPromise] = useState<Promise<string>>()
+    const api = useContext(ApiContext)
+    const [loading, error, content] = useLoadingHelper<string>(async () => {
+        const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+        return yaml.dump(o)
+    }, [props.treeProps.summary.id, props.objectRef, props.objectType])
 
-    useEffect(() => {
-        const getData = async () => {
-            const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
-            return yaml.dump(o)
-        }
-        setPromise(getData())
-    }, [props.treeProps, props.objectRef, props.objectType])
-
-    const Content = () => {
-        return <CodeViewer code={usePromise(promise)} language={"yaml"}/>
+    if (loading) {
+        return <Loading/>
+    } else if (error) {
+        return <>Error</>
+    } else {
+        return <CodeViewer code={content!} language={"yaml"}/>
     }
-
-    return <Suspense fallback={<Loading/>}>
-        <Content/>
-    </Suspense>
-}
\ No newline at end of file
+}
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index a08c8abd5..54af5c317 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -2,7 +2,7 @@ import { createHashRouter, useRouteError } from "react-router-dom";
 import React from "react";
 import App from "./App";
 import { TargetsView } from "./targets-view/TargetsView";
-import { commandResultLoader, CommandResultView } from "./result-view/CommandResultView";
+import { CommandResultView } from "./result-view/CommandResultView";
 
 function ErrorPage() {
     const error = useRouteError() as any;
@@ -32,7 +32,6 @@ export const Router = createHashRouter([
             {
                 path: "results/:id",
                 element: <CommandResultView/>,
-                loader: commandResultLoader,
                 errorElement: <ErrorPage/>,
             },
         ],
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 70c16cb4b..3bb0b0edc 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,5 +1,5 @@
 import * as React from 'react';
-import { useState } from 'react';
+import { useContext, useState } from 'react';
 import {
     Box,
     Checkbox,
@@ -15,11 +15,12 @@ import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
-import { useLoaderData } from "react-router-dom";
-import { useAppOutletContext } from "../App";
+import { useParams } from "react-router-dom";
+import { ApiContext, useAppOutletContext } from "../App";
 import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 import { dark } from '../theme';
-import { api } from "../../api";
+import { Api } from "../../api";
+import { Loading, useLoadingHelper } from "../Loading";
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -27,15 +28,15 @@ export interface CommandResultProps {
     commandResult: CommandResult
 }
 
-export async function commandResultLoader({ params }: any) {
-    const result = api.getResult(params.id)
-    const shortNames = api.getShortNames()
-    const rs = api.getResult(params.id)
+async function doLoadCommandResult(api: Api, resultId: string): Promise<CommandResultProps> {
+    const shortNames = await api.getShortNames()
+    const rs = await api.getResultSummary(resultId)
+    const result = await api.getResult(resultId)
 
     return {
-        shortNames: await shortNames,
-        summary: await rs,
-        commandResult: await result,
+        shortNames: shortNames,
+        summary: rs,
+        commandResult: result,
     }
 }
 
@@ -117,9 +118,17 @@ const defaultFilters = {
 
 export const CommandResultView = () => {
     const context = useAppOutletContext();
-    const commandResultProps = useLoaderData() as CommandResultProps;
+    const api = useContext(ApiContext)
     const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>();
 
+    const {id} = useParams()
+    const [loading, loadingError, commandResultProps] = useLoadingHelper<CommandResultProps | undefined>(() => {
+        if (!id) {
+            return Promise.resolve(undefined)
+        }
+        return doLoadCommandResult(api, id)
+    }, [id])
+
     const divider = <Divider
         orientation='vertical'
         sx={{
@@ -135,6 +144,12 @@ export const CommandResultView = () => {
         }));
     }
 
+    if (loading) {
+        return <Loading/>
+    } else if (loadingError) {
+        return <>Error</>
+    }
+
     return <Box
         width='100%'
         height='100%'
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index 51f43a836..705bb623f 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -1,25 +1,27 @@
 import { CommandResultSummary } from "../../models";
-import { api, usePromise } from "../../api";
+import { Api } from "../../api";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import React, { Suspense, useEffect, useMemo, useRef, useState } from "react";
-import { NodeData } from "../result-view/nodes/NodeData";
+import React, { useContext, useEffect, useMemo, useRef, useState } from "react";
 import { SidePanel } from "../result-view/SidePanel";
 import { Box, Drawer, ThemeProvider, useTheme } from "@mui/material";
-import { Loading } from "../Loading";
+import { Loading, useLoadingHelper } from "../Loading";
 import { dark } from "../theme";
 import { Card, cardGap, cardHeight, cardWidth } from "./Card";
 import { CommandResultItem } from "./CommandResultItem";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { ApiContext } from "../App";
+import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
 
 const sidePanelWidth = 720;
 
-async function doGetRootNode(rs: CommandResultSummary) {
-    const shortNames = api.getShortNames()
-    const r = api.getResult(rs.id)
+async function doGetRootNode(api: Api, rs: CommandResultSummary) {
+    const shortNames = await api.getShortNames()
+    const r = await api.getResult(rs.id)
+
     const builder = new NodeBuilder({
-        shortNames: await shortNames,
+        shortNames: shortNames,
         summary: rs,
-        commandResult: await r,
+        commandResult: r,
     })
     const [node] = builder.buildRoot()
     return node
@@ -33,8 +35,8 @@ export const CommandResultDetailsDrawer = React.memo((props: {
     selectedCardRect?: DOMRect
 }) => {
     const { ps, ts, selectedCardRect } = props;
+    const api = useContext(ApiContext)
     const theme = useTheme();
-    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined));
     const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary | undefined>();
     const [prevTargetSummary, setPrevTargetSummary] = useState<TargetSummary | undefined>(ts);
     const [cardsCoords, setCardsCoords] = useState<{ left: number, top: number }[]>([]);
@@ -45,18 +47,13 @@ export const CommandResultDetailsDrawer = React.memo((props: {
         setSelectedCommandResult(ts?.commandResults?.[0]);
     }
 
-    useEffect(() => {
+    const [loading, loadingError, nodeData] = useLoadingHelper<CommandResultNodeData | undefined>(() => {
         if (selectedCommandResult === undefined) {
-            return
+            return Promise.resolve(undefined)
         }
-        setPromise(doGetRootNode(selectedCommandResult));
+        return doGetRootNode(api, selectedCommandResult)
     }, [selectedCommandResult])
 
-    const Content = (props: { onClose: () => void }) => {
-        const node = usePromise(promise)
-        return <SidePanel provider={node} onClose={props.onClose} />
-    }
-
     const cardsContainerElem = useRef<HTMLElement>();
 
     useEffect(() => {
@@ -130,6 +127,10 @@ export const CommandResultDetailsDrawer = React.memo((props: {
         })
     }, [ps, ts, cardsCoords, zIndex, theme.transitions, selectedCommandResult])
 
+    if (loadingError) {
+        return <>Error</>
+    }
+
     return <>
         {ps && ts && ts.commandResults && ts.commandResults.length > 0 &&
             <Box
@@ -169,9 +170,9 @@ export const CommandResultDetailsDrawer = React.memo((props: {
                 onClose={props.onClose}
             >
                 <Box width={sidePanelWidth} height={"100%"}>
-                    <Suspense fallback={<Loading />}>
-                        <Content onClose={props.onClose} />
-                    </Suspense>
+                    {loading ? <Loading/> :
+                        <SidePanel provider={nodeData} onClose={props.onClose} />
+                    }
                 </Box>
             </Drawer>
         </ThemeProvider>
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index 4a7bf1f4a..b12ffa5e1 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -2,13 +2,13 @@ import { KluctlDeploymentInfo } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import Paper from "@mui/material/Paper";
 import { Box, Typography, useTheme } from "@mui/material";
-import React from "react";
+import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
-import { api } from "../../api";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
+import { ApiContext } from "../App";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -55,6 +55,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
 }
 
 export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSelectTarget: (ts?: TargetSummary) => void }) => {
+    const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
 
     actionMenuItems.push({
diff --git a/pkg/webui/websocket.go b/pkg/webui/websocket.go
index 2a21cb462..c01bd3ff0 100644
--- a/pkg/webui/websocket.go
+++ b/pkg/webui/websocket.go
@@ -43,6 +43,13 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 	}
 	defer conn.Close(websocket.StatusInternalError, "the sky is falling")
 
+	// don't try anything else before we get the auth message
+	user, err := s.wsHandleAuth(conn)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
 	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
 	if err != nil {
 		_ = c.AbortWithError(http.StatusBadRequest, err)
@@ -57,7 +64,7 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 		}
 	}
 
-	err = s.wsHandle(conn, filter)
+	err = s.wsHandle(conn, user, filter)
 	if err != nil {
 		cs := websocket.CloseStatus(err)
 		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
@@ -67,7 +74,58 @@ func (s *CommandResultsServer) ws(c *gin.Context) {
 	}
 }
 
-func (s *CommandResultsServer) wsHandle(c *websocket.Conn, filter *result.ProjectKey) error {
+func (s *CommandResultsServer) wsHandleAuth(c *websocket.Conn) (*User, error) {
+	if s.auth == nil {
+		return nil, nil
+	}
+
+	t, msg, err := c.Read(s.ctx)
+	if err != nil {
+		return nil, err
+	}
+	if t != websocket.MessageText {
+		return nil, fmt.Errorf("unexpected message type")
+	}
+
+	type authMsg struct {
+		Type  string `json:"type"`
+		Token string `json:"token"`
+	}
+	type authResult struct {
+		Type    string `json:"type"`
+		Success bool   `json:"success"`
+	}
+	var am authMsg
+	err = yaml.ReadYamlString(string(msg), &am)
+	if err != nil {
+		return nil, err
+	}
+	if am.Type != "auth" {
+		return nil, fmt.Errorf("unexpected message type")
+	}
+
+	user := s.auth.getUserFromToken(am.Token)
+	if user == nil {
+		msg, _ := yaml.WriteJsonString(authResult{
+			Type:    "auth_result",
+			Success: false,
+		})
+		_ = c.Write(s.ctx, websocket.MessageText, []byte(msg))
+		return nil, fmt.Errorf("invalid token")
+	} else {
+		msg, _ := yaml.WriteJsonString(authResult{
+			Type:    "auth_result",
+			Success: true,
+		})
+		err = c.Write(s.ctx, websocket.MessageText, []byte(msg))
+		if err != nil {
+			return nil, err
+		}
+		return user, nil
+	}
+}
+
+func (s *CommandResultsServer) wsHandle(c *websocket.Conn, user *User, filter *result.ProjectKey) error {
 	initial, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter})
 	if err != nil {
 		return err

From 20ab3bf15d126383135e3d3b0ea62b3ce2867dd1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:58:24 +0200
Subject: [PATCH 1175/2268] fix: Don't try refresh/logout when doing the
 initial creds check

---
 pkg/webui/ui/src/api.tsx            | 22 ++++++++++++++--------
 pkg/webui/ui/src/components/App.tsx |  2 +-
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index b70f1d8bc..2bd092be2 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -50,11 +50,11 @@ export async function checkStaticBuild() {
 }
 
 export class RealApi implements Api {
-    getToken: (() => string) | undefined;
-    onUnauthorized: () => void;
-    onTokenRefresh: (newToken: string) => void;
+    getToken?: (() => string);
+    onUnauthorized?: () => void;
+    onTokenRefresh?: (newToken: string) => void;
 
-    constructor(getToken: (() => string) | undefined, onUnauthorized: () => void, onTokenRefresh: (newToken: string) => void) {
+    constructor(getToken?: (() => string), onUnauthorized?: () => void, onTokenRefresh?: (newToken: string) => void) {
         this.getToken = getToken
         this.onUnauthorized = onUnauthorized
         this.onTokenRefresh = onTokenRefresh
@@ -77,23 +77,29 @@ export class RealApi implements Api {
             headers: headers,
         })
         if (resp.status === 401) {
-            this.onUnauthorized()
+            if (this.onUnauthorized) {
+                this.onUnauthorized()
+            }
             throw Error(resp.statusText)
         }
         const j = await resp.json()
-        this.onTokenRefresh(j.token)
+        if (this.onTokenRefresh) {
+            this.onTokenRefresh(j.token)
+        }
     }
 
     async handleErrors(response: Response, retry?: () => Promise<Response>): Promise<Response> {
         if (!response.ok) {
             if (response.status === 401) {
-                if (retry) {
+                if (this.getToken && retry) {
                     console.log("retrying with token refresh")
                     await this.refreshToken()
                     const newResp = await retry()
                     return await this.handleErrors(newResp)
                 } else {
-                    this.onUnauthorized()
+                    if (this.onUnauthorized) {
+                        this.onUnauthorized()
+                    }
                 }
             }
             throw Error(response.statusText)
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index e7c100e0f..c330fd775 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -173,7 +173,7 @@ const App = () => {
                 setApi(new StaticApi())
             } else {
                 // check if we don't need auth (running locally?)
-                const noAuthApi = new RealApi(undefined, onUnauthorized, onTokenRefresh)
+                const noAuthApi = new RealApi(undefined, undefined, undefined)
                 try {
                     await noAuthApi.getShortNames()
                     setToken(undefined)

From d8c2c696e85bc0ec122e6251e5a1f82925869976 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:58:40 +0200
Subject: [PATCH 1176/2268] fix: Don't use load as dep in useLoadingHelper

---
 pkg/webui/ui/src/components/Loading.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/Loading.tsx b/pkg/webui/ui/src/components/Loading.tsx
index 307f9d34b..4cf7b8189 100644
--- a/pkg/webui/ui/src/components/Loading.tsx
+++ b/pkg/webui/ui/src/components/Loading.tsx
@@ -33,7 +33,7 @@ export function useLoadingHelper<T>(load: () => Promise<T>, deps: DependencyList
         }
         doStartLoading()
         // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, [...deps, load])
+    }, deps)
 
     return [loading, error, content]
 }

From 61bcb9cb7597898b0f63108352b2d08018cd0545 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:22:36 +0200
Subject: [PATCH 1177/2268] chore: Run npm run build

---
 pkg/webui/ui/build/index.html        |   2 +-
 pkg/webui/ui/build/static/js/main.js | 382 ++++++++++++++-------------
 2 files changed, 195 insertions(+), 189 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 5e73bd915..08726c8bf 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.82849393.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.1b77f1d8.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 844adb822..4a9d496ae 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -34880,7 +34880,7 @@ function useOutlet(context) {
  * @see https://reactrouter.com/hooks/use-params
  */
 function useParams() {
-  var _React$useContext5 = React.useContext(RouteContext),
+  var _React$useContext5 = react.useContext(RouteContext),
     matches = _React$useContext5.matches;
   var routeMatch = matches[matches.length - 1];
   return routeMatch ? routeMatch.params : {};
@@ -52032,11 +52032,196 @@ var loadedScripts=new Map();var loadScript=function loadScript(fileUrl){var asyn
 ;// CONCATENATED MODULE: ./src/utils/misc.ts
 function getLastPathElement(url){if(url===undefined){return undefined;}if(!url){return"";}var s=url.split("/");return s[s.length-1];}function sleep(ms){return new Promise(function(resolve){return setTimeout(resolve,ms);});}
 ;// CONCATENATED MODULE: ./src/api.tsx
-var apiUrl="/api";var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});var RealOrStaticApi=/*#__PURE__*/function(){function RealOrStaticApi(){classCallCheck_classCallCheck(this,RealOrStaticApi);this.api=void 0;this.api=this.buildApi();}createClass_createClass(RealOrStaticApi,[{key:"buildApi",value:function(){var _buildApi=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:p=loadScript(staticPath+"/summaries.js");_context.prev=1;_context.next=4;return p;case 4:return _context.abrupt("return",new StaticApi());case 7:_context.prev=7;_context.t0=_context["catch"](1);return _context.abrupt("return",new RealApi());case 10:case"end":return _context.stop();}},_callee,null,[[1,7]]);}));function buildApi(){return _buildApi.apply(this,arguments);}return buildApi;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:_context2.next=2;return this.api;case 2:return _context2.abrupt("return",_context2.sent.deployNow(cluster,name,namespace));case 3:case"end":return _context2.stop();}},_callee2,this);}));function deployNow(_x,_x2,_x3){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:_context3.next=2;return this.api;case 2:return _context3.abrupt("return",_context3.sent.getResult(resultId));case 3:case"end":return _context3.stop();}},_callee3,this);}));function getResult(_x4){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(resultId,ref,objectType){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:_context4.next=2;return this.api;case 2:return _context4.abrupt("return",_context4.sent.getResultObject(resultId,ref,objectType));case 3:case"end":return _context4.stop();}},_callee4,this);}));function getResultObject(_x5,_x6,_x7){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:_context5.next=2;return this.api;case 2:return _context5.abrupt("return",_context5.sent.getResultSummary(resultId));case 3:case"end":return _context5.stop();}},_callee5,this);}));function getResultSummary(_x8){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:_context6.next=2;return this.api;case 2:return _context6.abrupt("return",_context6.sent.getShortNames());case 3:case"end":return _context6.stop();}},_callee6,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:_context7.next=2;return this.api;case 2:return _context7.abrupt("return",_context7.sent.listenUpdates(filterProject,filterSubDir,handle));case 3:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x9,_x10,_x11){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:_context8.next=2;return this.api;case 2:return _context8.abrupt("return",_context8.sent.reconcileNow(cluster,name,namespace));case 3:case"end":return _context8.stop();}},_callee8,this);}));function reconcileNow(_x12,_x13,_x14){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:_context9.next=2;return this.api;case 2:return _context9.abrupt("return",_context9.sent.validateNow(project,target));case 3:case"end":return _context9.stop();}},_callee9,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()}]);return RealOrStaticApi;}();var api=new RealOrStaticApi();var RealApi=/*#__PURE__*/function(){function RealApi(){classCallCheck_classCallCheck(this,RealApi);}createClass_createClass(RealApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:url="".concat(apiUrl,"/getShortNames");return _context10.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context10.stop();}},_callee10);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(filterProject,filterSubDir,handle){var host,url,params,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host).concat(apiUrl,"/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();cancelled=false;connect=function connect(){if(cancelled){return;}console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};};connect();return _context11.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 11:case"end":return _context11.stop();}},_callee11);}));function listenUpdates(_x17,_x18,_x19){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:url="".concat(apiUrl,"/getResult?resultId=").concat(resultId);return _context12.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResult(json);}));case 2:case"end":return _context12.stop();}},_callee12);}));function getResult(_x20){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(resultId){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:url="".concat(apiUrl,"/getResultSummary?resultId=").concat(resultId);return _context13.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.text();}).then(function(json){return new CommandResultSummary(json);}));case 2:case"end":return _context13.stop();}},_callee13);}));function getResultSummary(_x21){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(resultId,ref,objectType){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:url="".concat(apiUrl,"/getResultObject?resultId=").concat(resultId,"&").concat(buildRefParams(ref),"&objectType=").concat(objectType);return _context14.abrupt("return",fetch(url).then(handleErrors).then(function(response){return response.json();}));case 2:case"end":return _context14.stop();}},_callee14);}));function getResultObject(_x22,_x23,_x24){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(f,body){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:url="".concat(apiUrl,"/").concat(f);return _context15.abrupt("return",fetch(url,{method:"POST",body:JSON.stringify(body),headers:{'Accept':'application/json','Content-Type':'application/json'}}).then(handleErrors));case 2:case"end":return _context15.stop();}},_callee15);}));function doPost(_x25,_x26){return _doPost.apply(this,arguments);}return doPost;}()},{key:"validateNow",value:function(){var _validateNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:return _context16.abrupt("return",this.doPost("validateNow",{"project":project,"target":target}));case 1:case"end":return _context16.stop();}},_callee16,this);}));function validateNow(_x27,_x28){return _validateNow2.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:return _context17.abrupt("return",this.doPost("deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context17.stop();}},_callee17,this);}));function deployNow(_x29,_x30,_x31){return _deployNow2.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:return _context18.abrupt("return",this.doPost("reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context18.stop();}},_callee18,this);}));function reconcileNow(_x32,_x33,_x34){return _reconcileNow2.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:_context19.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context19.abrupt("return",staticShortNames);case 3:case"end":return _context19.stop();}},_callee19);}));function getShortNames(){return _getShortNames3.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee20(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee20$(_context20){while(1)switch(_context20.prev=_context20.next){case 0:_context20.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context20.abrupt("return",function(){});case 4:case"end":return _context20.stop();}},_callee20);}));function listenUpdates(_x35,_x36,_x37){return _listenUpdates3.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee21(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee21$(_context21){while(1)switch(_context21.prev=_context21.next){case 0:_context21.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context21.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context21.stop();}},_callee21);}));function getResult(_x38){return _getResult3.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee22(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee22$(_context22){while(1)switch(_context22.prev=_context22.next){case 0:_context22.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context22.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context22.stop();}},_callee22);}));function getResultSummary(_x39){return _getResultSummary3.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject3=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee23(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee23$(_context23){while(1)switch(_context23.prev=_context23.next){case 0:_context23.next=2;return this.getResult(resultId);case 2:result=_context23.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context23.next=6;break;}throw new Error("object not found");case 6:_context23.t0=objectType;_context23.next=_context23.t0===ObjectType.Rendered?9:_context23.t0===ObjectType.Remote?10:_context23.t0===ObjectType.Applied?11:12;break;case 9:return _context23.abrupt("return",object.rendered);case 10:return _context23.abrupt("return",object.remote);case 11:return _context23.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context23.stop();}},_callee23,this);}));function getResultObject(_x40,_x41,_x42){return _getResultObject3.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function handleErrors(response){if(!response.ok){throw Error(response.statusText);}return response;}function buildRefParams(ref){var params=new URLSearchParams();params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}return params.toString();}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}function usePromise(p){if(p===undefined){throw new Promise(function(){return undefined;});}var promise=p;if(promise.status==='fulfilled'){return promise.value;}else if(promise.status==='rejected'){throw promise.reason;}else if(promise.status==='pending'){throw promise;}else{promise.status='pending';p.then(function(result){promise.status='fulfilled';promise.value=result;},function(reason){promise.status='rejected';promise.reason=reason;});throw promise;}}
+var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});function checkStaticBuild(){return _checkStaticBuild.apply(this,arguments);}function _checkStaticBuild(){_checkStaticBuild=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:p=loadScript(staticPath+"/summaries.js");_context19.prev=1;_context19.next=4;return p;case 4:return _context19.abrupt("return",true);case 7:_context19.prev=7;_context19.t0=_context19["catch"](1);return _context19.abrupt("return",false);case 10:case"end":return _context19.stop();}},_callee19,null,[[1,7]]);}));return _checkStaticBuild.apply(this,arguments);}var RealApi=/*#__PURE__*/function(){function RealApi(getToken,onUnauthorized,onTokenRefresh){classCallCheck_classCallCheck(this,RealApi);this.getToken=void 0;this.onUnauthorized=void 0;this.onTokenRefresh=void 0;this.getToken=getToken;this.onUnauthorized=onUnauthorized;this.onTokenRefresh=onTokenRefresh;}createClass_createClass(RealApi,[{key:"setAuthorizationHeader",value:function setAuthorizationHeader(headers){if(!this.getToken){return;}headers['Authorization']="Bearer "+this.getToken();}},{key:"refreshToken",value:function(){var _refreshToken=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var headers,resp,j;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:headers={'Accept':'application/json'};this.setAuthorizationHeader(headers);_context.next=4;return fetch("/auth/refresh",{method:"POST",headers:headers});case 4:resp=_context.sent;if(!(resp.status===401)){_context.next=8;break;}if(this.onUnauthorized){this.onUnauthorized();}throw Error(resp.statusText);case 8:_context.next=10;return resp.json();case 10:j=_context.sent;if(this.onTokenRefresh){this.onTokenRefresh(j.token);}case 12:case"end":return _context.stop();}},_callee,this);}));function refreshToken(){return _refreshToken.apply(this,arguments);}return refreshToken;}()},{key:"handleErrors",value:function(){var _handleErrors=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(response,retry){var newResp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:if(response.ok){_context2.next=16;break;}if(!(response.status===401)){_context2.next=15;break;}if(!(this.getToken&&retry)){_context2.next=14;break;}console.log("retrying with token refresh");_context2.next=6;return this.refreshToken();case 6:_context2.next=8;return retry();case 8:newResp=_context2.sent;_context2.next=11;return this.handleErrors(newResp);case 11:return _context2.abrupt("return",_context2.sent);case 14:if(this.onUnauthorized){this.onUnauthorized();}case 15:throw Error(response.statusText);case 16:return _context2.abrupt("return",response);case 17:case"end":return _context2.stop();}},_callee2,this);}));function handleErrors(_x,_x2){return _handleErrors.apply(this,arguments);}return handleErrors;}()},{key:"doGet",value:function(){var _doGet=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(path,params){var _this=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:url=path;if(params){url+="?"+params.toString();}doFetch=function doFetch(){var headers={'Accept':'application/json'};_this.setAuthorizationHeader(headers);return fetch(url,{method:"GET",headers:headers});};_context3.next=5;return doFetch();case 5:resp=_context3.sent;_context3.next=8;return this.handleErrors(resp,doFetch);case 8:resp=_context3.sent;return _context3.abrupt("return",resp.json());case 10:case"end":return _context3.stop();}},_callee3,this);}));function doGet(_x3,_x4){return _doGet.apply(this,arguments);}return doGet;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(path,body){var _this2=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:url=path;doFetch=function doFetch(){var headers={'Accept':'application/json','Content-Type':'application/json'};_this2.setAuthorizationHeader(headers);return fetch(url,{method:"POST",body:JSON.stringify(body),headers:headers});};_context4.next=4;return doFetch();case 4:resp=_context4.sent;_context4.next=7;return this.handleErrors(resp,doFetch);case 7:resp=_context4.sent;return _context4.abrupt("return",resp);case 9:case"end":return _context4.stop();}},_callee4,this);}));function doPost(_x5,_x6){return _doPost.apply(this,arguments);}return doPost;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:return _context5.abrupt("return",this.doGet("/api/getShortNames"));case 1:case"end":return _context5.stop();}},_callee5,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){var host,url,params,getToken,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host,"/api/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();getToken=this.getToken;cancelled=false;connect=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:if(!cancelled){_context6.next=2;break;}return _context6.abrupt("return");case 2:console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");if(getToken){ws.send(JSON.stringify({"type":"auth","token":getToken()}));}};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};case 8:case"end":return _context6.stop();}},_callee6);}));return function connect(){return _ref.apply(this,arguments);};}();_context7.next=12;return connect();case 12:return _context7.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 13:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x7,_x8,_x9){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context8.next=4;return this.doGet("/api/getResult",params);case 4:json=_context8.sent;return _context8.abrupt("return",new CommandResult(json));case 6:case"end":return _context8.stop();}},_callee8,this);}));function getResult(_x10){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context9.next=4;return this.doGet("/api/getResultSummary",params);case 4:json=_context9.sent;return _context9.abrupt("return",new CommandResultSummary(json));case 6:case"end":return _context9.stop();}},_callee9,this);}));function getResultSummary(_x11){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(resultId,ref,objectType){var params;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);params.set("objectType",objectType);buildRefParams(ref,params);_context10.next=6;return this.doGet("/api/getResultObject",params);case 6:return _context10.abrupt("return",_context10.sent);case 7:case"end":return _context10.stop();}},_callee10,this);}));function getResultObject(_x12,_x13,_x14){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:return _context11.abrupt("return",this.doPost("/api/validateNow",{"project":project,"target":target}));case 1:case"end":return _context11.stop();}},_callee11,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:return _context12.abrupt("return",this.doPost("/api/deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context12.stop();}},_callee12,this);}));function deployNow(_x17,_x18,_x19){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:return _context13.abrupt("return",this.doPost("/api/reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context13.stop();}},_callee13,this);}));function reconcileNow(_x20,_x21,_x22){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:_context14.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context14.abrupt("return",staticShortNames);case 3:case"end":return _context14.stop();}},_callee14);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:_context15.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context15.abrupt("return",function(){});case 4:case"end":return _context15.stop();}},_callee15);}));function listenUpdates(_x23,_x24,_x25){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:_context16.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context16.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context16.stop();}},_callee16);}));function getResult(_x26){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:_context17.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context17.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context17.stop();}},_callee17);}));function getResultSummary(_x27){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:_context18.next=2;return this.getResult(resultId);case 2:result=_context18.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context18.next=6;break;}throw new Error("object not found");case 6:_context18.t0=objectType;_context18.next=_context18.t0===ObjectType.Rendered?9:_context18.t0===ObjectType.Remote?10:_context18.t0===ObjectType.Applied?11:12;break;case 9:return _context18.abrupt("return",object.rendered);case 10:return _context18.abrupt("return",object.remote);case 11:return _context18.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context18.stop();}},_callee18,this);}));function getResultObject(_x28,_x29,_x30){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function buildRefParams(ref,params){params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}
 ;// CONCATENATED MODULE: ./src/project-summaries.ts
 function compareSummaries(a,b){return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime)||b.commandInfo.endTime.localeCompare(b.commandInfo.endTime)||(b.commandInfo.command||"").localeCompare(a.commandInfo.command||"");}function buildProjectSummaries(summaries,validateResults){var sorted=Array.from(summaries.values());sorted.sort(compareSummaries);var m=new Map();sorted.forEach(function(rs){var projectKey=JSON.stringify(rs.projectKey);var p=m.get(projectKey);if(!p){p={project:rs.projectKey,targets:[]};m.set(projectKey,p);}var ptKey=new ProjectTargetKey();ptKey.project=rs.projectKey;ptKey.target=rs.targetKey;var vr=validateResults.get(JSON.stringify(ptKey));var target=p.targets.find(function(t){return lodash_default().isEqual(t.target,rs.targetKey);});if(!target){target={target:rs.targetKey,lastValidateResult:vr,commandResults:[]};p.targets.push(target);}target.commandResults.push(rs);});var ret=[];m.forEach(function(p){p.targets.sort(function(a,b){var _ref;return(a.target.targetName||"").localeCompare(b.target.targetName||"")||a.target.clusterId.localeCompare(b.target.clusterId)||((_ref=a.target.discriminator||"")===null||_ref===void 0?void 0:_ref.localeCompare(b.target.discriminator||""));});ret.push(p);});ret.sort(function(a,b){return(a.project.gitRepoKey||"").localeCompare(b.project.gitRepoKey||"")||(a.project.subDir||"").localeCompare(b.project.subDir||"");});return ret;}
+;// CONCATENATED MODULE: ./src/components/Login.tsx
+//import './Login.css';
+function loginUser(_x){return _loginUser.apply(this,arguments);}function _loginUser(){_loginUser=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(creds){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:url="/auth/login";return _context2.abrupt("return",fetch(url,{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify(creds)}).then(function(data){return data.json();}).then(function(token){return token.token;}));case 2:case"end":return _context2.stop();}},_callee2);}));return _loginUser.apply(this,arguments);}function Login(props){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),username=_useState2[0],setUserName=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),password=_useState4[0],setPassword=_useState4[1];var handleSubmit=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(e){var token;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:e.preventDefault();if(!(!username||!password)){_context.next=3;break;}return _context.abrupt("return");case 3:_context.next=5;return loginUser({username:username,password:password});case 5:token=_context.sent;props.setToken(token);case 7:case"end":return _context.stop();}},_callee);}));return function handleSubmit(_x2){return _ref.apply(this,arguments);};}();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{className:"login-wrapper",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Please Log In"}),/*#__PURE__*/(0,jsx_runtime.jsxs)("form",{onSubmit:handleSubmit,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)("label",{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Username"}),/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",onChange:function onChange(e){return setUserName(e.target.value);}})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)("label",{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Password"}),/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"password",onChange:function onChange(e){return setPassword(e.target.value);}})]}),/*#__PURE__*/(0,jsx_runtime.jsx)("div",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("button",{type:"submit",children:"Submit"})})]})]});}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/circularProgressClasses.js
+
+
+function getCircularProgressUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiCircularProgress', slot);
+}
+var circularProgressClasses = generateUtilityClasses('MuiCircularProgress', ['root', 'determinate', 'indeterminate', 'colorPrimary', 'colorSecondary', 'svg', 'circle', 'circleDeterminate', 'circleIndeterminate', 'circleDisableShrink']);
+/* harmony default export */ var CircularProgress_circularProgressClasses = ((/* unused pure expression or super */ null && (circularProgressClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/CircularProgress.js
+
+var CircularProgress_templateObject, CircularProgress_templateObject2, CircularProgress_templateObject3, CircularProgress_templateObject4;
+
+
+var CircularProgress_excluded = ["className", "color", "disableShrink", "size", "style", "thickness", "value", "variant"];
+var CircularProgress_ = function _(t) {
+    return t;
+  },
+  CircularProgress_t,
+  CircularProgress_t2,
+  CircularProgress_t3,
+  CircularProgress_t4;
+
+
+
+
+
+
+
+
+
+
+
+var SIZE = 44;
+var circularRotateKeyframe = keyframes(CircularProgress_t || (CircularProgress_t = CircularProgress_(CircularProgress_templateObject || (CircularProgress_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: rotate(0deg);\n  }\n\n  100% {\n    transform: rotate(360deg);\n  }\n"])))));
+var circularDashKeyframe = keyframes(CircularProgress_t2 || (CircularProgress_t2 = CircularProgress_(CircularProgress_templateObject2 || (CircularProgress_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    stroke-dasharray: 1px, 200px;\n    stroke-dashoffset: 0;\n  }\n\n  50% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -15px;\n  }\n\n  100% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -125px;\n  }\n"])))));
+var CircularProgress_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    variant = ownerState.variant,
+    color = ownerState.color,
+    disableShrink = ownerState.disableShrink;
+  var slots = {
+    root: ['root', variant, "color".concat(utils_capitalize(color))],
+    svg: ['svg'],
+    circle: ['circle', "circle".concat(utils_capitalize(variant)), disableShrink && 'circleDisableShrink']
+  };
+  return composeClasses(slots, getCircularProgressUtilityClass, classes);
+};
+var CircularProgressRoot = styles_styled('span', {
+  name: 'MuiCircularProgress',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.variant], styles["color".concat(utils_capitalize(ownerState.color))]];
+  }
+})(function (_ref) {
+  var ownerState = _ref.ownerState,
+    theme = _ref.theme;
+  return extends_extends({
+    display: 'inline-block'
+  }, ownerState.variant === 'determinate' && {
+    transition: theme.transitions.create('transform')
+  }, ownerState.color !== 'inherit' && {
+    color: (theme.vars || theme).palette[ownerState.color].main
+  });
+}, function (_ref2) {
+  var ownerState = _ref2.ownerState;
+  return ownerState.variant === 'indeterminate' && css(CircularProgress_t3 || (CircularProgress_t3 = CircularProgress_(CircularProgress_templateObject3 || (CircularProgress_templateObject3 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s linear infinite;\n    "])), 0)), circularRotateKeyframe);
+});
+var CircularProgressSVG = styles_styled('svg', {
+  name: 'MuiCircularProgress',
+  slot: 'Svg',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.svg;
+  }
+})({
+  display: 'block' // Keeps the progress centered
+});
+
+var CircularProgressCircle = styles_styled('circle', {
+  name: 'MuiCircularProgress',
+  slot: 'Circle',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.circle, styles["circle".concat(utils_capitalize(ownerState.variant))], ownerState.disableShrink && styles.circleDisableShrink];
+  }
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState,
+    theme = _ref3.theme;
+  return extends_extends({
+    stroke: 'currentColor'
+  }, ownerState.variant === 'determinate' && {
+    transition: theme.transitions.create('stroke-dashoffset')
+  }, ownerState.variant === 'indeterminate' && {
+    // Some default value that looks fine waiting for the animation to kicks in.
+    strokeDasharray: '80px, 200px',
+    strokeDashoffset: 0 // Add the unit to fix a Edge 16 and below bug.
+  });
+}, function (_ref4) {
+  var ownerState = _ref4.ownerState;
+  return ownerState.variant === 'indeterminate' && !ownerState.disableShrink && css(CircularProgress_t4 || (CircularProgress_t4 = CircularProgress_(CircularProgress_templateObject4 || (CircularProgress_templateObject4 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s ease-in-out infinite;\n    "])), 0)), circularDashKeyframe);
+});
+
+/**
+ * ## ARIA
+ *
+ * If the progress bar is describing the loading progress of a particular region of a page,
+ * you should use `aria-describedby` to point to the progress bar, and set the `aria-busy`
+ * attribute to `true` on that region until it has finished loading.
+ */
+var CircularProgress = /*#__PURE__*/react.forwardRef(function CircularProgress(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiCircularProgress'
+  });
+  var className = props.className,
+    _props$color = props.color,
+    color = _props$color === void 0 ? 'primary' : _props$color,
+    _props$disableShrink = props.disableShrink,
+    disableShrink = _props$disableShrink === void 0 ? false : _props$disableShrink,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 40 : _props$size,
+    style = props.style,
+    _props$thickness = props.thickness,
+    thickness = _props$thickness === void 0 ? 3.6 : _props$thickness,
+    _props$value = props.value,
+    value = _props$value === void 0 ? 0 : _props$value,
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'indeterminate' : _props$variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, CircularProgress_excluded);
+  var ownerState = extends_extends({}, props, {
+    color: color,
+    disableShrink: disableShrink,
+    size: size,
+    thickness: thickness,
+    value: value,
+    variant: variant
+  });
+  var classes = CircularProgress_useUtilityClasses(ownerState);
+  var circleStyle = {};
+  var rootStyle = {};
+  var rootProps = {};
+  if (variant === 'determinate') {
+    var circumference = 2 * Math.PI * ((SIZE - thickness) / 2);
+    circleStyle.strokeDasharray = circumference.toFixed(3);
+    rootProps['aria-valuenow'] = Math.round(value);
+    circleStyle.strokeDashoffset = "".concat(((100 - value) / 100 * circumference).toFixed(3), "px");
+    rootStyle.transform = 'rotate(-90deg)';
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressRoot, extends_extends({
+    className: clsx_m(classes.root, className),
+    style: extends_extends({
+      width: size,
+      height: size
+    }, rootStyle, style),
+    ownerState: ownerState,
+    ref: ref,
+    role: "progressbar"
+  }, rootProps, other, {
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressSVG, {
+      className: classes.svg,
+      ownerState: ownerState,
+      viewBox: "".concat(SIZE / 2, " ").concat(SIZE / 2, " ").concat(SIZE, " ").concat(SIZE),
+      children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressCircle, {
+        className: classes.circle,
+        style: circleStyle,
+        ownerState: ownerState,
+        cx: SIZE,
+        cy: SIZE,
+        r: (SIZE - thickness) / 2,
+        fill: "none",
+        strokeWidth: thickness
+      })
+    })
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var CircularProgress_CircularProgress = (CircularProgress);
+;// CONCATENATED MODULE: ./src/components/Loading.tsx
+var Loading=function Loading(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",height:"100%",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgress_CircularProgress,{})})});};function useLoadingHelper(load,deps){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),loading=_useState2[0],setLoading=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),error=_useState4[0],setError=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),content=_useState6[0],setContent=_useState6[1];(0,react.useEffect)(function(){var doStartLoading=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var c;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.prev=0;_context.next=3;return load();case 3:c=_context.sent;setContent(c);setLoading(false);_context.next=12;break;case 8:_context.prev=8;_context.t0=_context["catch"](0);setError(_context.t0);setLoading(false);case 12:case"end":return _context.stop();}},_callee,null,[[0,8]]);}));return function doStartLoading(){return _ref.apply(this,arguments);};}();doStartLoading();// eslint-disable-next-line react-hooks/exhaustive-deps
+},deps);return[loading,error,content];}
 ;// CONCATENATED MODULE: ./src/components/App.tsx
-function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var App=function App(){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summariesRef=(0,react.useRef)(new Map());var validateResultsRef=(0,react.useRef)(new Map());var _useState3=(0,react.useState)(summariesRef.current),_useState4=slicedToArray_slicedToArray(_useState3,2),summaries=_useState4[0],setSummaries=_useState4[1];var _useState5=(0,react.useState)(validateResultsRef.current),_useState6=slicedToArray_slicedToArray(_useState5,2),validateResults=_useState6[0],setValidateResults=_useState6[1];(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summariesRef.current.set(rs.id,rs);setSummaries(new Map(summariesRef.current));};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summariesRef.current.delete(id);setSummaries(new Map(summariesRef.current));};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResultsRef.current.set(JSON.stringify(key),vr);setValidateResults(new Map(validateResultsRef.current));};console.log("starting listenResults");var cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[]);var projects=(0,react.useMemo)(function(){return buildProjectSummaries(summaries,validateResults);},[summaries,validateResults]);var appContext={summaries:summariesRef.current,projects:projects,validateResults:validateResults};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};/* harmony default export */ var components_App = (App);
+function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var ApiContext=/*#__PURE__*/(0,react.createContext)(new StaticApi());var LoggedInApp=function LoggedInApp(props){var api=(0,react.useContext)(ApiContext);var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summariesRef=(0,react.useRef)(new Map());var validateResultsRef=(0,react.useRef)(new Map());var _useState3=(0,react.useState)(summariesRef.current),_useState4=slicedToArray_slicedToArray(_useState3,2),summaries=_useState4[0],setSummaries=_useState4[1];var _useState5=(0,react.useState)(validateResultsRef.current),_useState6=slicedToArray_slicedToArray(_useState5,2),validateResults=_useState6[0],setValidateResults=_useState6[1];var onUnauthorized=props.onUnauthorized;(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summariesRef.current.set(rs.id,rs);setSummaries(new Map(summariesRef.current));};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summariesRef.current.delete(id);setSummaries(new Map(summariesRef.current));};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResultsRef.current.set(JSON.stringify(key),vr);setValidateResults(new Map(validateResultsRef.current));};console.log("starting listenResults");var cancel;cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;case"auth_result":if(!msg.success){cancel.then(function(c){return c();});onUnauthorized();}}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[api,onUnauthorized]);var projects=(0,react.useMemo)(function(){return buildProjectSummaries(summaries,validateResults);},[summaries,validateResults]);var appContext={summaries:summariesRef.current,projects:projects,validateResults:validateResults};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};var App=function App(){var _useState7=(0,react.useState)(),_useState8=slicedToArray_slicedToArray(_useState7,2),api=_useState8[0],setApi=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),needToken=_useState10[0],setNeedToken=_useState10[1];var storage=localStorage;var getToken=function getToken(){var token=storage.getItem("token");if(!token){return"";}return JSON.parse(token);};var setToken=function setToken(token){if(!token){storage.removeItem("token");}else{storage.setItem("token",JSON.stringify(token));}};var onUnauthorized=function onUnauthorized(){console.log("handle onUnauthorized");setToken(undefined);setApi(undefined);setNeedToken(true);};var onTokenRefresh=function onTokenRefresh(newToken){console.log("handle onTokenRefresh");setToken(newToken);};var handleLoginSucceeded=function handleLoginSucceeded(token){console.log("handle saveToken");setToken(token);setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));};(0,react.useEffect)(function(){if(api){return;}var doInit=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var isStatic,noAuthApi;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return checkStaticBuild();case 2:isStatic=_context.sent;if(!isStatic){_context.next=7;break;}setApi(new StaticApi());_context.next=19;break;case 7:// check if we don't need auth (running locally?)
+noAuthApi=new RealApi(undefined,undefined,undefined);_context.prev=8;_context.next=11;return noAuthApi.getShortNames();case 11:setToken(undefined);setNeedToken(false);setApi(noAuthApi);_context.next=19;break;case 16:_context.prev=16;_context.t0=_context["catch"](8);if(!getToken()){setNeedToken(true);}else{setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));}case 19:case"end":return _context.stop();}},_callee,null,[[8,16]]);}));return function doInit(){return _ref.apply(this,arguments);};}();doInit();// eslint-disable-next-line react-hooks/exhaustive-deps
+},[]);if(needToken&&!getToken()){return/*#__PURE__*/(0,jsx_runtime.jsx)(Login,{setToken:handleLoginSucceeded});}if(!api){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(ApiContext.Provider,{value:api,children:/*#__PURE__*/(0,jsx_runtime.jsx)(LoggedInApp,{onUnauthorized:onUnauthorized})});};/* harmony default export */ var components_App = (App);
 ;// CONCATENATED MODULE: ./src/components/targets-view/Projects.tsx
 var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/svgIconClasses.js
@@ -53188,7 +53373,7 @@ var ActionsMenu=function ActionsMenu(props){var _React$useState=react.useState(n
 ;// CONCATENATED MODULE: ./src/utils/duration.ts
 function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};
 ;// CONCATENATED MODULE: ./src/components/targets-view/Targets.tsx
-var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
+var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var api=(0,react.useContext)(ApiContext);var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
 ;// CONCATENATED MODULE: ./node_modules/js-yaml/dist/js-yaml.mjs
 /*! js-yaml 4.1.0 https://github.com/nodeca/js-yaml @license MIT */
 function isNothing(subject) {
@@ -57554,187 +57739,8 @@ function buildListKey(o){var j=JSON.stringify(o);return (0,sha256.sha256)(j);}
 var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},buildRefString(ref));})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},buildListKey(c));})})]})},buildRefString(co.ref));})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
 ;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
 function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},buildListKey(e));})})]})})})});}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/circularProgressClasses.js
-
-
-function getCircularProgressUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiCircularProgress', slot);
-}
-var circularProgressClasses = generateUtilityClasses('MuiCircularProgress', ['root', 'determinate', 'indeterminate', 'colorPrimary', 'colorSecondary', 'svg', 'circle', 'circleDeterminate', 'circleIndeterminate', 'circleDisableShrink']);
-/* harmony default export */ var CircularProgress_circularProgressClasses = ((/* unused pure expression or super */ null && (circularProgressClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/CircularProgress.js
-
-var CircularProgress_templateObject, CircularProgress_templateObject2, CircularProgress_templateObject3, CircularProgress_templateObject4;
-
-
-var CircularProgress_excluded = ["className", "color", "disableShrink", "size", "style", "thickness", "value", "variant"];
-var CircularProgress_ = function _(t) {
-    return t;
-  },
-  CircularProgress_t,
-  CircularProgress_t2,
-  CircularProgress_t3,
-  CircularProgress_t4;
-
-
-
-
-
-
-
-
-
-
-
-var SIZE = 44;
-var circularRotateKeyframe = keyframes(CircularProgress_t || (CircularProgress_t = CircularProgress_(CircularProgress_templateObject || (CircularProgress_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: rotate(0deg);\n  }\n\n  100% {\n    transform: rotate(360deg);\n  }\n"])))));
-var circularDashKeyframe = keyframes(CircularProgress_t2 || (CircularProgress_t2 = CircularProgress_(CircularProgress_templateObject2 || (CircularProgress_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    stroke-dasharray: 1px, 200px;\n    stroke-dashoffset: 0;\n  }\n\n  50% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -15px;\n  }\n\n  100% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -125px;\n  }\n"])))));
-var CircularProgress_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    variant = ownerState.variant,
-    color = ownerState.color,
-    disableShrink = ownerState.disableShrink;
-  var slots = {
-    root: ['root', variant, "color".concat(utils_capitalize(color))],
-    svg: ['svg'],
-    circle: ['circle', "circle".concat(utils_capitalize(variant)), disableShrink && 'circleDisableShrink']
-  };
-  return composeClasses(slots, getCircularProgressUtilityClass, classes);
-};
-var CircularProgressRoot = styles_styled('span', {
-  name: 'MuiCircularProgress',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.variant], styles["color".concat(utils_capitalize(ownerState.color))]];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState,
-    theme = _ref.theme;
-  return extends_extends({
-    display: 'inline-block'
-  }, ownerState.variant === 'determinate' && {
-    transition: theme.transitions.create('transform')
-  }, ownerState.color !== 'inherit' && {
-    color: (theme.vars || theme).palette[ownerState.color].main
-  });
-}, function (_ref2) {
-  var ownerState = _ref2.ownerState;
-  return ownerState.variant === 'indeterminate' && css(CircularProgress_t3 || (CircularProgress_t3 = CircularProgress_(CircularProgress_templateObject3 || (CircularProgress_templateObject3 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s linear infinite;\n    "])), 0)), circularRotateKeyframe);
-});
-var CircularProgressSVG = styles_styled('svg', {
-  name: 'MuiCircularProgress',
-  slot: 'Svg',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.svg;
-  }
-})({
-  display: 'block' // Keeps the progress centered
-});
-
-var CircularProgressCircle = styles_styled('circle', {
-  name: 'MuiCircularProgress',
-  slot: 'Circle',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.circle, styles["circle".concat(utils_capitalize(ownerState.variant))], ownerState.disableShrink && styles.circleDisableShrink];
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState,
-    theme = _ref3.theme;
-  return extends_extends({
-    stroke: 'currentColor'
-  }, ownerState.variant === 'determinate' && {
-    transition: theme.transitions.create('stroke-dashoffset')
-  }, ownerState.variant === 'indeterminate' && {
-    // Some default value that looks fine waiting for the animation to kicks in.
-    strokeDasharray: '80px, 200px',
-    strokeDashoffset: 0 // Add the unit to fix a Edge 16 and below bug.
-  });
-}, function (_ref4) {
-  var ownerState = _ref4.ownerState;
-  return ownerState.variant === 'indeterminate' && !ownerState.disableShrink && css(CircularProgress_t4 || (CircularProgress_t4 = CircularProgress_(CircularProgress_templateObject4 || (CircularProgress_templateObject4 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s ease-in-out infinite;\n    "])), 0)), circularDashKeyframe);
-});
-
-/**
- * ## ARIA
- *
- * If the progress bar is describing the loading progress of a particular region of a page,
- * you should use `aria-describedby` to point to the progress bar, and set the `aria-busy`
- * attribute to `true` on that region until it has finished loading.
- */
-var CircularProgress = /*#__PURE__*/react.forwardRef(function CircularProgress(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiCircularProgress'
-  });
-  var className = props.className,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'primary' : _props$color,
-    _props$disableShrink = props.disableShrink,
-    disableShrink = _props$disableShrink === void 0 ? false : _props$disableShrink,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 40 : _props$size,
-    style = props.style,
-    _props$thickness = props.thickness,
-    thickness = _props$thickness === void 0 ? 3.6 : _props$thickness,
-    _props$value = props.value,
-    value = _props$value === void 0 ? 0 : _props$value,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'indeterminate' : _props$variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, CircularProgress_excluded);
-  var ownerState = extends_extends({}, props, {
-    color: color,
-    disableShrink: disableShrink,
-    size: size,
-    thickness: thickness,
-    value: value,
-    variant: variant
-  });
-  var classes = CircularProgress_useUtilityClasses(ownerState);
-  var circleStyle = {};
-  var rootStyle = {};
-  var rootProps = {};
-  if (variant === 'determinate') {
-    var circumference = 2 * Math.PI * ((SIZE - thickness) / 2);
-    circleStyle.strokeDasharray = circumference.toFixed(3);
-    rootProps['aria-valuenow'] = Math.round(value);
-    circleStyle.strokeDashoffset = "".concat(((100 - value) / 100 * circumference).toFixed(3), "px");
-    rootStyle.transform = 'rotate(-90deg)';
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    style: extends_extends({
-      width: size,
-      height: size
-    }, rootStyle, style),
-    ownerState: ownerState,
-    ref: ref,
-    role: "progressbar"
-  }, rootProps, other, {
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressSVG, {
-      className: classes.svg,
-      ownerState: ownerState,
-      viewBox: "".concat(SIZE / 2, " ").concat(SIZE / 2, " ").concat(SIZE, " ").concat(SIZE),
-      children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressCircle, {
-        className: classes.circle,
-        style: circleStyle,
-        ownerState: ownerState,
-        cx: SIZE,
-        cy: SIZE,
-        r: (SIZE - thickness) / 2,
-        fill: "none",
-        strokeWidth: thickness
-      })
-    })
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var CircularProgress_CircularProgress = (CircularProgress);
-;// CONCATENATED MODULE: ./src/components/Loading.tsx
-var Loading=function Loading(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",height:"100%",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgress_CircularProgress,{})})});};
 ;// CONCATENATED MODULE: ./src/components/ObjectYaml.tsx
-var ObjectYaml=function ObjectYaml(props){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];(0,react.useEffect)(function(){var getData=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);}));return function getData(){return _ref.apply(this,arguments);};}();setPromise(getData());},[props.treeProps,props.objectRef,props.objectType]);var Content=function Content(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:usePromise(promise),language:"yaml"});};return/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{})});};
+var ObjectYaml=function ObjectYaml(props){var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(/*#__PURE__*/asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);})),[props.treeProps.summary.id,props.objectRef,props.objectType]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],error=_useLoadingHelper2[1],content=_useLoadingHelper2[2];if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(error){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}else{return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:content,language:"yaml"});}};
 ;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeData.tsx
 var DiffStatus=/*#__PURE__*/function(){function DiffStatus(){classCallCheck_classCallCheck(this,DiffStatus);this.newObjects=[];this.deletedObjects=[];this.orphanObjects=[];this.changedObjects=[];this.totalInsertions=0;this.totalDeletions=0;this.totalUpdates=0;}createClass_createClass(DiffStatus,[{key:"addChangedObject",value:function addChangedObject(co){var _co$changes,_this=this;this.changedObjects.push(co);(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.forEach(function(x){switch(x.type){case"insert":_this.totalInsertions++;break;case"delete":_this.totalDeletions++;break;case"update":_this.totalUpdates++;break;}});}},{key:"merge",value:function merge(other){this.newObjects=this.newObjects.concat(other.newObjects);this.deletedObjects=this.deletedObjects.concat(other.deletedObjects);this.orphanObjects=this.orphanObjects.concat(other.orphanObjects);this.changedObjects=this.changedObjects.concat(other.changedObjects);this.totalInsertions+=other.totalInsertions;this.totalDeletions+=other.totalDeletions;this.totalUpdates+=other.totalUpdates;}},{key:"hasDiffs",value:function hasDiffs(){if(this.newObjects.length||this.deletedObjects.length||this.orphanObjects.length){return true;}if(this.changedObjects.find(function(co){var _co$changes2;return((_co$changes2=co.changes)===null||_co$changes2===void 0?void 0:_co$changes2.length)!==0;})){return true;}return false;}}]);return DiffStatus;}();var HealthStatus=/*#__PURE__*/function(){function HealthStatus(){classCallCheck_classCallCheck(this,HealthStatus);this.errors=[];this.warnings=[];}createClass_createClass(HealthStatus,[{key:"merge",value:function merge(other){this.errors=this.errors.concat(other.errors);this.warnings=this.warnings.concat(other.warnings);}}]);return HealthStatus;}();var NodeData=/*#__PURE__*/function(){function NodeData(props,id,hasHealthStatus,hasDiffStatus){classCallCheck_classCallCheck(this,NodeData);this.props=void 0;this.id=void 0;this.children=[];this.healthStatus=void 0;this.diffStatus=void 0;this.props=props;this.id=id;if(hasHealthStatus){this.healthStatus=new HealthStatus();}if(hasDiffStatus){this.diffStatus=new DiffStatus();}}createClass_createClass(NodeData,[{key:"pushChild",value:function pushChild(child,front){if(front){this.children.unshift(child);}else{this.children.push(child);}this.merge(child);}},{key:"merge",value:function merge(other){if(this.diffStatus&&other.diffStatus){this.diffStatus.merge(other.diffStatus);}if(this.healthStatus&&other.healthStatus){this.healthStatus.merge(other.healthStatus);}}},{key:"buildStatusLine",value:function buildStatusLine(){var _this$healthStatus,_this$healthStatus2,_this$diffStatus,_this$diffStatus2,_this$diffStatus3,_this$diffStatus4;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_this$healthStatus=this.healthStatus)===null||_this$healthStatus===void 0?void 0:_this$healthStatus.errors.length,warnings:(_this$healthStatus2=this.healthStatus)===null||_this$healthStatus2===void 0?void 0:_this$healthStatus2.warnings.length,changedObjects:(_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.changedObjects.length,newObjects:(_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.newObjects.length,deletedObjects:(_this$diffStatus3=this.diffStatus)===null||_this$diffStatus3===void 0?void 0:_this$diffStatus3.deletedObjects.length,orphanObjects:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.orphanObjects.length});}},{key:"buildTreeItem",value:function buildTreeItem(hasChildren){var _this$healthStatus3,_this$healthStatus4,_this$diffStatus5,_this$diffStatus6,_this$diffStatus7,_this$diffStatus8;var _this$buildIcon=this.buildIcon(),_this$buildIcon2=slicedToArray_slicedToArray(_this$buildIcon,2),icon=_this$buildIcon2[0],iconText=_this$buildIcon2[1];var hasStatusLine=[(_this$healthStatus3=this.healthStatus)===null||_this$healthStatus3===void 0?void 0:_this$healthStatus3.errors.length,(_this$healthStatus4=this.healthStatus)===null||_this$healthStatus4===void 0?void 0:_this$healthStatus4.warnings.length,(_this$diffStatus5=this.diffStatus)===null||_this$diffStatus5===void 0?void 0:_this$diffStatus5.changedObjects.length,(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.newObjects.length,(_this$diffStatus7=this.diffStatus)===null||_this$diffStatus7===void 0?void 0:_this$diffStatus7.deletedObjects.length,(_this$diffStatus8=this.diffStatus)===null||_this$diffStatus8===void 0?void 0:_this$diffStatus8.orphanObjects.length].some(function(x){return(x||0)>0;});return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",width:"30px",height:"100%",flex:"0 0 auto",mr:"13px",sx:{'& svg':{width:'30px',height:'30px'}},children:[icon,/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",component:"div",fontSize:"12px",fontWeight:400,lineHeight:"16px",height:"16px",children:iconText})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",py:"15px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,_objectSpread2(_objectSpread2({variant:"h6",component:"div",sx:{wordBreak:'break-all'}},hasChildren?{}:{fontSize:'16px',lineHeight:'22px'}),{},{children:this.buildSidePanelTitle()}))}),hasStatusLine&&/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"100%",width:"172px",flex:"0 0 auto",display:"flex",alignItems:"center",px:"14px",ml:"14px",position:"relative",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),this.buildStatusLine()]})]});}},{key:"buildDiffAndHealthPages",value:function buildDiffAndHealthPages(tabs){this.buildChangesPage(tabs);this.buildErrorsPage(tabs);this.buildWarningsPage(tabs);}},{key:"buildObjectPage",value:function buildObjectPage(ref,objectType){return/*#__PURE__*/(0,jsx_runtime.jsx)(ObjectYaml,{treeProps:this.props,objectRef:ref,objectType:objectType});}},{key:"buildChangesPage",value:function buildChangesPage(tabs){var _this$diffStatus9;if(!((_this$diffStatus9=this.diffStatus)!==null&&_this$diffStatus9!==void 0&&_this$diffStatus9.hasDiffs())){return undefined;}tabs.push({label:"Changes",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}},{key:"buildErrorsPage",value:function buildErrorsPage(tabs){var _this$healthStatus5;if(!((_this$healthStatus5=this.healthStatus)!==null&&_this$healthStatus5!==void 0&&_this$healthStatus5.errors.length)){return undefined;}tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.errors})});}},{key:"buildWarningsPage",value:function buildWarningsPage(tabs){var _this$healthStatus6;if(!((_this$healthStatus6=this.healthStatus)!==null&&_this$healthStatus6!==void 0&&_this$healthStatus6.warnings.length)){return undefined;}tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.warnings})});}}]);return NodeData;}();
 ;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Category.js
@@ -59157,7 +59163,7 @@ setSelectedTab(tabs[0].label);}// ignore that it wants us to add selectedTab to
 ;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
 var Card_excluded=["children"],Card_excluded2=["children"],Card_excluded3=["children"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function Card(_ref){var children=_ref.children,rest=objectWithoutProperties_objectWithoutProperties(_ref,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},rest),{},{children:children}));}function CardCol(_ref2){var children=_ref2.children,rest=objectWithoutProperties_objectWithoutProperties(_ref2,Card_excluded2);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}function CardRow(_ref3){var children=_ref3.children,rest=objectWithoutProperties_objectWithoutProperties(_ref3,Card_excluded3);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}
 ;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultDetailsDrawer.tsx
-var sidePanelWidth=720;function doGetRootNode(_x){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:shortNames=api.getShortNames();r=api.getResult(rs.id);_context.t0=NodeBuilder;_context.next=5;return shortNames;case 5:_context.t1=_context.sent;_context.t2=rs;_context.next=9;return r;case 9:_context.t3=_context.sent;_context.t4={shortNames:_context.t1,summary:_context.t2,commandResult:_context.t3};builder=new _context.t0(_context.t4);_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 14:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(new Promise(function(){return undefined;})),_useState2=slicedToArray_slicedToArray(_useState,2),promise=_useState2[0],setPromise=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedCommandResult=_useState4[0],setSelectedCommandResult=_useState4[1];var _useState5=(0,react.useState)(ts),_useState6=slicedToArray_slicedToArray(_useState5,2),prevTargetSummary=_useState6[0],setPrevTargetSummary=_useState6[1];var _useState7=(0,react.useState)([]),_useState8=slicedToArray_slicedToArray(_useState7,2),cardsCoords=_useState8[0],setCardsCoords=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),transitionRunning=_useState10[0],setTransitionRunning=_useState10[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}(0,react.useEffect)(function(){if(selectedCommandResult===undefined){return;}setPromise(doGetRootNode(selectedCommandResult));},[selectedCommandResult]);var Content=function Content(props){var node=usePromise(promise);return/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:node,onClose:props.onClose});};var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},rs.id);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(react.Suspense,{fallback:/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Content,{onClose:props.onClose})})})})})]});});
+var sidePanelWidth=720;function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var api=(0,react.useContext)(ApiContext);var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(ts),_useState4=slicedToArray_slicedToArray(_useState3,2),prevTargetSummary=_useState4[0],setPrevTargetSummary=_useState4[1];var _useState5=(0,react.useState)([]),_useState6=slicedToArray_slicedToArray(_useState5,2),cardsCoords=_useState6[0],setCardsCoords=_useState6[1];var _useState7=(0,react.useState)(false),_useState8=slicedToArray_slicedToArray(_useState7,2),transitionRunning=_useState8[0],setTransitionRunning=_useState8[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}var _useLoadingHelper=useLoadingHelper(function(){if(selectedCommandResult===undefined){return Promise.resolve(undefined);}return doGetRootNode(api,selectedCommandResult);},[selectedCommandResult]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],nodeData=_useLoadingHelper2[2];var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},rs.id);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:nodeData,onClose:props.onClose})})})})]});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetDetailsDrawer.tsx
 var MyProvider=/*#__PURE__*/function(){function MyProvider(ts){var _this$ts,_this$ts$lastValidate,_this$ts$lastValidate2,_this=this;classCallCheck_classCallCheck(this,MyProvider);this.ts=void 0;this.diffStatus=void 0;this.ts=ts;this.diffStatus=new DiffStatus();(_this$ts=this.ts)===null||_this$ts===void 0?void 0:(_this$ts$lastValidate=_this$ts.lastValidateResult)===null||_this$ts$lastValidate===void 0?void 0:(_this$ts$lastValidate2=_this$ts$lastValidate.drift)===null||_this$ts$lastValidate2===void 0?void 0:_this$ts$lastValidate2.forEach(function(co){_this.diffStatus.addChangedObject(co);});}createClass_createClass(MyProvider,[{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _this$ts$lastValidate3,_this$ts$lastValidate4,_this$ts$lastValidate5,_this$ts$lastValidate6;if(!this.ts){return[];}var tabs=[{label:"Summary",content:this.buildSummaryTab()}];if(this.ts.target)if(this.diffStatus.changedObjects.length){tabs.push({label:"Drift",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}if((_this$ts$lastValidate3=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate3!==void 0&&(_this$ts$lastValidate4=_this$ts$lastValidate3.errors)!==null&&_this$ts$lastValidate4!==void 0&&_this$ts$lastValidate4.length){tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.errors})});}if((_this$ts$lastValidate5=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate5!==void 0&&(_this$ts$lastValidate6=_this$ts$lastValidate5.warnings)!==null&&_this$ts$lastValidate6!==void 0&&_this$ts$lastValidate6.length){tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.warnings})});}return tabs;}},{key:"buildSummaryTab",value:function buildSummaryTab(){var _this$ts2,_this$ts3,_this$ts4,_this$ts4$lastValidat,_this$ts4$lastValidat2,_this$ts5,_this$ts5$lastValidat,_this$ts5$lastValidat2,_this$ts6,_this$ts6$lastValidat,_this$ts6$lastValidat2;var props=[{name:"Target Name",value:this.getTargetName()},{name:"Discriminator",value:(_this$ts2=this.ts)===null||_this$ts2===void 0?void 0:_this$ts2.target.discriminator}];if((_this$ts3=this.ts)!==null&&_this$ts3!==void 0&&_this$ts3.lastValidateResult){props.push({name:"Ready",value:this.ts.lastValidateResult.ready+""});}if((_this$ts4=this.ts)!==null&&_this$ts4!==void 0&&(_this$ts4$lastValidat=_this$ts4.lastValidateResult)!==null&&_this$ts4$lastValidat!==void 0&&(_this$ts4$lastValidat2=_this$ts4$lastValidat.errors)!==null&&_this$ts4$lastValidat2!==void 0&&_this$ts4$lastValidat2.length){props.push({name:"Errors",value:this.ts.lastValidateResult.errors.length+""});}if((_this$ts5=this.ts)!==null&&_this$ts5!==void 0&&(_this$ts5$lastValidat=_this$ts5.lastValidateResult)!==null&&_this$ts5$lastValidat!==void 0&&(_this$ts5$lastValidat2=_this$ts5$lastValidat.warnings)!==null&&_this$ts5$lastValidat2!==void 0&&_this$ts5$lastValidat2.length){props.push({name:"Warnings",value:this.ts.lastValidateResult.warnings.length+""});}if((_this$ts6=this.ts)!==null&&_this$ts6!==void 0&&(_this$ts6$lastValidat=_this$ts6.lastValidateResult)!==null&&_this$ts6$lastValidat!==void 0&&(_this$ts6$lastValidat2=_this$ts6$lastValidat.drift)!==null&&_this$ts6$lastValidat2!==void 0&&_this$ts6$lastValidat2.length){props.push({name:"Drifted Objects",value:this.ts.lastValidateResult.drift.length+""});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"getTargetName",value:function getTargetName(){if(!this.ts){return"";}var name="<no-name>";if(this.ts.target.targetName){name=this.ts.target.targetName;}return name;}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getTargetName();}}]);return MyProvider;}();var TargetDetailsDrawer=/*#__PURE__*/react.memo(function(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.ts!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"600px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:new MyProvider(props.ts),onClose:props.onClose})})})});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
@@ -61438,9 +61444,9 @@ function FilterNode(node,activeFilters){var _node$diffStatus,_node$healthStatus,
 ;// CONCATENATED MODULE: ./src/components/result-view/CommandResultTree.tsx
 var CommandResultTree=function CommandResultTree(props){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(["root"]),_useState2=slicedToArray_slicedToArray(_useState,2),expanded=_useState2[0],setExpanded=_useState2[1];var _useMemo=(0,react.useMemo)(function(){if(!props.commandResultProps){return[undefined,undefined];}var builder=new NodeBuilder(props.commandResultProps);return builder.buildRoot();},[props.commandResultProps]),_useMemo2=slicedToArray_slicedToArray(_useMemo,1),rootNode=_useMemo2[0];var handleToggle=function handleToggle(event,nodeIds){setExpanded(nodeIds);};var handleDoubleClick=function handleDoubleClick(e,node){if(expanded.includes(node.id)){setExpanded(expanded.filter(function(item){return item!==node.id;}));}else{setExpanded([].concat(toConsumableArray_toConsumableArray(expanded),[node.id]));}e.stopPropagation();};var handleItemClick=function handleItemClick(e,node){props.onSelectNode(node);e.stopPropagation();};var renderTree=function renderTree(nodes){if(!FilterNode(nodes,props.activeFilters)){return null;}return/*#__PURE__*/(0,jsx_runtime.jsx)(TreeItem_TreeItem,{nodeId:nodes.id,label:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",onClick:function onClick(e){return handleItemClick(e,nodes);},pl:"22px",height:"100%",flex:"1 1 auto",position:"relative",children:[nodes.children.length!==0&&/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),nodes.buildTreeItem(nodes.children.length!==0)]}),sx:{'& .MuiTreeItem-content':{height:'78px',borderBottom:"0.5px solid ".concat(theme.palette.secondary.main),padding:0,overflow:'hidden','& .MuiTreeItem-iconContainer':{width:'50px',height:'50px',flex:'0 0 auto',margin:0,padding:0,display:nodes.children.length!==0?'flex':'none',justifyContent:'center',alignItems:'center'},'& .MuiTreeItem-label':{height:'100%',margin:0,padding:0,flex:'1 1 auto',display:'flex',alignItems:'center'}},'& .MuiTreeItem-group':{margin:'0 0 0 38px'}},onDoubleClick:function onDoubleClick(e){return handleDoubleClick(e,nodes);},children:Array.isArray(nodes.children)?nodes.children.map(function(node){return renderTree(node);}):null},nodes.id);};if(!rootNode){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'20px 40px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeView_TreeView,{expanded:expanded,onNodeToggle:handleToggle,"aria-label":"rich object",defaultCollapseIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleDownIcon,{}),defaultExpandIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleRightIcon,{}),sx:{width:"100%"},children:renderTree(rootNode)})});};/* harmony default export */ var result_view_CommandResultTree = (CommandResultTree);
 ;// CONCATENATED MODULE: ./src/components/result-view/CommandResultView.tsx
-function commandResultLoader(_x){return _commandResultLoader.apply(this,arguments);}function _commandResultLoader(){_commandResultLoader=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(_ref){var params,result,shortNames,rs;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:params=_ref.params;result=api.getResult(params.id);shortNames=api.getShortNames();rs=api.getResult(params.id);_context.next=6;return shortNames;case 6:_context.t0=_context.sent;_context.next=9;return rs;case 9:_context.t1=_context.sent;_context.next=12;return result;case 12:_context.t2=_context.sent;return _context.abrupt("return",{shortNames:_context.t0,summary:_context.t1,commandResult:_context.t2});case 14:case"end":return _context.stop();}},_callee);}));return _commandResultLoader.apply(this,arguments);}var FilterCheckbox=function FilterCheckbox(props){var text=props.text,checked=props.checked,Icon=props.Icon,onChange=props.onChange;return/*#__PURE__*/(0,jsx_runtime.jsx)(FormControlLabel_FormControlLabel,{sx:{display:'flex',justifyContent:'center',alignItems:'center',margin:0,padding:0},control:/*#__PURE__*/(0,jsx_runtime.jsx)(Checkbox_Checkbox,{checked:checked,sx:{display:'flex',justifyContent:'center',alignItems:'center'},onChange:onChange,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxIcon,{}),checkedIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxCheckedIcon,{})}),slotProps:{typography:{sx:{display:'flex',justifyContent:'center',alignItems:'center',gap:'10px'}}},label:/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",children:text}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",display:"flex",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})]})});};function DetailsDrawer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.nodeData!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"720px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:props.nodeData,onClose:props.onClose})})})});}var defaultFilters={onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false};var CommandResultView=function CommandResultView(){var _context$filters,_context$filters2,_context$filters3;var context=useAppOutletContext();var commandResultProps=useLoaderData();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),sidePanelNode=_useState2[0],setSidePanelNode=_useState2[1];var divider=/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',margin:'0 20px 0 30px'}});var handleFilterChange=function handleFilterChange(filter){return function(_,checked){context.setFilters(function(fs){return _objectSpread2(_objectSpread2({},fs||defaultFilters),{},defineProperty_defineProperty({},filter,checked));});};};return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DetailsDrawer,{nodeData:sidePanelNode,onClose:function onClose(){return setSidePanelNode(undefined);}}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",minHeight:"70px",p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only important",checked:!!((_context$filters=context.filters)!==null&&_context$filters!==void 0&&_context$filters.onlyImportant),Icon:StarIcon,onChange:handleFilterChange('onlyImportant')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with changes",checked:!!((_context$filters2=context.filters)!==null&&_context$filters2!==void 0&&_context$filters2.onlyChanged),Icon:ChangesIcon,onChange:handleFilterChange('onlyChanged')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with errors and warnings",checked:!!((_context$filters3=context.filters)!==null&&_context$filters3!==void 0&&_context$filters3.onlyWithErrorsOrWarnings),Icon:WarningSignIcon,onChange:handleFilterChange('onlyWithErrorsOrWarnings')})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"25px 40px",overflow:"auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(result_view_CommandResultTree,{commandResultProps:commandResultProps,onSelectNode:setSidePanelNode,activeFilters:context.filters})})]});};
+function doLoadCommandResult(_x,_x2){return _doLoadCommandResult.apply(this,arguments);}function _doLoadCommandResult(){_doLoadCommandResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,resultId){var shortNames,rs,result;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResultSummary(resultId);case 5:rs=_context.sent;_context.next=8;return api.getResult(resultId);case 8:result=_context.sent;return _context.abrupt("return",{shortNames:shortNames,summary:rs,commandResult:result});case 10:case"end":return _context.stop();}},_callee);}));return _doLoadCommandResult.apply(this,arguments);}var FilterCheckbox=function FilterCheckbox(props){var text=props.text,checked=props.checked,Icon=props.Icon,onChange=props.onChange;return/*#__PURE__*/(0,jsx_runtime.jsx)(FormControlLabel_FormControlLabel,{sx:{display:'flex',justifyContent:'center',alignItems:'center',margin:0,padding:0},control:/*#__PURE__*/(0,jsx_runtime.jsx)(Checkbox_Checkbox,{checked:checked,sx:{display:'flex',justifyContent:'center',alignItems:'center'},onChange:onChange,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxIcon,{}),checkedIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxCheckedIcon,{})}),slotProps:{typography:{sx:{display:'flex',justifyContent:'center',alignItems:'center',gap:'10px'}}},label:/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",children:text}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",display:"flex",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})]})});};function DetailsDrawer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.nodeData!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"720px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:props.nodeData,onClose:props.onClose})})})});}var defaultFilters={onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false};var CommandResultView=function CommandResultView(){var _context$filters,_context$filters2,_context$filters3;var context=useAppOutletContext();var api=(0,react.useContext)(ApiContext);var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),sidePanelNode=_useState2[0],setSidePanelNode=_useState2[1];var _useParams=useParams(),id=_useParams.id;var _useLoadingHelper=useLoadingHelper(function(){if(!id){return Promise.resolve(undefined);}return doLoadCommandResult(api,id);},[id]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],commandResultProps=_useLoadingHelper2[2];var divider=/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',margin:'0 20px 0 30px'}});var handleFilterChange=function handleFilterChange(filter){return function(_,checked){context.setFilters(function(fs){return _objectSpread2(_objectSpread2({},fs||defaultFilters),{},defineProperty_defineProperty({},filter,checked));});};};if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DetailsDrawer,{nodeData:sidePanelNode,onClose:function onClose(){return setSidePanelNode(undefined);}}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",minHeight:"70px",p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only important",checked:!!((_context$filters=context.filters)!==null&&_context$filters!==void 0&&_context$filters.onlyImportant),Icon:StarIcon,onChange:handleFilterChange('onlyImportant')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with changes",checked:!!((_context$filters2=context.filters)!==null&&_context$filters2!==void 0&&_context$filters2.onlyChanged),Icon:ChangesIcon,onChange:handleFilterChange('onlyChanged')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with errors and warnings",checked:!!((_context$filters3=context.filters)!==null&&_context$filters3!==void 0&&_context$filters3.onlyWithErrorsOrWarnings),Icon:WarningSignIcon,onChange:handleFilterChange('onlyWithErrorsOrWarnings')})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"25px 40px",overflow:"auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(result_view_CommandResultTree,{commandResultProps:commandResultProps,onSelectNode:setSidePanelNode,activeFilters:context.filters})})]});};
 ;// CONCATENATED MODULE: ./src/components/Router.tsx
-function ErrorPage(){var error=useRouteError();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{id:"error-page",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Oops!"}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Sorry, an unexpected error has occurred."}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("i",{children:error.statusText||error.message})})]});}var Router_Router=createHashRouter([{path:"/",element:/*#__PURE__*/(0,jsx_runtime.jsx)(components_App,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{}),children:[{path:"targets",element:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})},{path:"results/:id",element:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultView,{}),loader:commandResultLoader,errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})}]}]);
+function ErrorPage(){var error=useRouteError();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{id:"error-page",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Oops!"}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Sorry, an unexpected error has occurred."}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("i",{children:error.statusText||error.message})})]});}var Router_Router=createHashRouter([{path:"/",element:/*#__PURE__*/(0,jsx_runtime.jsx)(components_App,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{}),children:[{path:"targets",element:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})},{path:"results/:id",element:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})}]}]);
 ;// CONCATENATED MODULE: ./src/index.tsx
 var root=client.createRoot(document.getElementById('root'));root.render(/*#__PURE__*/(0,jsx_runtime.jsx)(react.StrictMode,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(RouterProvider,{router:Router_Router})}));// If you want to start measuring performance in your app, pass a function
 // to log results (for example: reportWebVitals(console.log))
@@ -61449,4 +61455,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.82849393.js.map
\ No newline at end of file
+//# sourceMappingURL=main.1b77f1d8.js.map
\ No newline at end of file

From 01ad4e06194ad4309409d76fbd854a7aeea66d52 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:23:52 +0200
Subject: [PATCH 1178/2268] chore(deps): Bump github.com/gin-gonic/gin from
 1.9.0 to 1.9.1 (#562)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 19 +++++++++++--------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/go.mod b/go.mod
index 07201c049..5833c1fdf 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/gin-gonic/gin v1.9.0
+	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.7.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
@@ -111,7 +111,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/bytedance/sonic v1.8.0 // indirect
+	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
@@ -148,7 +148,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
@@ -179,7 +179,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -241,7 +241,7 @@ require (
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
+	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
diff --git a/go.sum b/go.sum
index ff2d7461d..7f7709829 100644
--- a/go.sum
+++ b/go.sum
@@ -165,8 +165,8 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
-github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
+github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
+github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
@@ -281,8 +281,8 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
-github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
@@ -349,8 +349,8 @@ github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
-github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA=
-github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -564,8 +564,9 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
 github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c h1:qAIvhYamCEU/tY6NaENEIQCynGV5sdON7zgZKnbrhhw=
@@ -919,8 +920,9 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
+golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1122,6 +1124,7 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From 4214363906da18c36e89631c74b15287362c7e2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:24:31 +0200
Subject: [PATCH 1179/2268] chore(deps): Bump golang.org/x/sys from 0.8.0 to
 0.9.0 (#563)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/sys/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5833c1fdf..72a25c589 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	golang.org/x/crypto v0.9.0
 	golang.org/x/net v0.10.0
 	golang.org/x/sync v0.2.0
-	golang.org/x/sys v0.8.0
+	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.8.0
 	golang.org/x/text v0.9.0
 	helm.sh/helm/v3 v3.12.0
diff --git a/go.sum b/go.sum
index 7f7709829..6754581c7 100644
--- a/go.sum
+++ b/go.sum
@@ -1136,8 +1136,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From dbcca4081ae58a542bedcfb0049621d9a1b6ea0f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:24:46 +0200
Subject: [PATCH 1180/2268] chore(deps): Bump golang.org/x/text from 0.9.0 to
 0.10.0 (#564)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 72a25c589..5bc40aef5 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,7 @@ require (
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.8.0
-	golang.org/x/text v0.9.0
+	golang.org/x/text v0.10.0
 	helm.sh/helm/v3 v3.12.0
 	k8s.io/api v0.27.2
 	k8s.io/apiextensions-apiserver v0.27.2
diff --git a/go.sum b/go.sum
index 6754581c7..13ae2b76b 100644
--- a/go.sum
+++ b/go.sum
@@ -1161,8 +1161,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From a779e4aeea0ad49662a53c49bda81973dabd8b2b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:25:04 +0200
Subject: [PATCH 1181/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#567)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.25 to 1.18.26.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.25...config/v1.18.26)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 22 +++++++++++-----------
 go.sum | 41 ++++++++++++++++++++++-------------------
 2 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 5bc40aef5..26ad793f4 100644
--- a/go.mod
+++ b/go.mod
@@ -54,11 +54,11 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
-	github.com/aws/aws-sdk-go-v2 v1.18.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.25
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.24
+	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.26
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.25
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.1
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-gonic/gin v1.9.1
@@ -101,14 +101,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index 13ae2b76b..9a4d94557 100644
--- a/go.sum
+++ b/go.sum
@@ -115,34 +115,37 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.25 h1:JuYyZcnMPBiFqn87L2cRppo+rNwgah6YwD3VuyvaW6Q=
-github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.24 h1:PjiYyls3QdCrzqUN35jMWtUK1vqVZ+zLfdOa/UPFDp0=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
+github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
+github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/config v1.18.26 h1:ivCHcSmKd1+9rBlqVsxZHB35eCW88KWbMdG2VL3BuBw=
+github.com/aws/aws-sdk-go-v2/config v1.18.26/go.mod h1:NVmd//z/PNl7U+ZU2EnuffxOA060JWzgbH3BnqQrUoY=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.25 h1:5wROoMcUC7nAE66e0b3IIht6Tos76M4HC+GQw8MeqxU=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.25/go.mod h1:W9I2660WXSwZQ23mM1Ks72+UGeyirIxuU7/KzN7daeA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8 h1:eB91eEYUlh8+O2dXr189W8GJJd+/T8N/c5HocH2KzVo=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 h1:2DQLAKDteoEDI8zpCzqBMaZlJuoE9iTYD0gFmXVax9E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 h1:cNrMc266RsZJ8V1u1OQQONKcf9HmfxQFqgcpY7ZJBhY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.11/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 h1:h2VhtCE5PBiJefmlVCjJRSzBfFcQeAE10SXIGkXw1jQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.1 h1:ehPTnLR/es8TL1fpBfq8qw9cAwOpQr47fLmZD9yhHjk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.1/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From b96e275f620b9ebc59985f876065e038b9629656 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:27:02 +0200
Subject: [PATCH 1182/2268] chore(deps): Bump golang.org/x/term from 0.8.0 to
 0.9.0 (#565)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/term/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 26ad793f4..e0219a7be 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	golang.org/x/net v0.10.0
 	golang.org/x/sync v0.2.0
 	golang.org/x/sys v0.9.0
-	golang.org/x/term v0.8.0
+	golang.org/x/term v0.9.0
 	golang.org/x/text v0.10.0
 	helm.sh/helm/v3 v3.12.0
 	k8s.io/api v0.27.2
diff --git a/go.sum b/go.sum
index 9a4d94557..e55b9ac74 100644
--- a/go.sum
+++ b/go.sum
@@ -1148,8 +1148,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 755680b0d82022a3464ce407e54478167bc926f2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 17:16:47 +0200
Subject: [PATCH 1183/2268] fix: Fix DEPLOYED printer column (#570)

---
 api/v1beta1/kluctldeployment_types.go                    | 3 +--
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 5 +----
 install/controller/controller/crd.yaml                   | 5 +----
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 3150f4130..4d961bb07 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -395,8 +395,7 @@ func (s *KluctlDeploymentStatus) GetLastValidateResult() (*result.ValidateResult
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+kubebuilder:printcolumn:name="DryRun",type="boolean",JSONPath=".spec.dryRun",description=""
-//+kubebuilder:printcolumn:name="Deployed",type="date",JSONPath=".status.lastDeployResult.command.endTime",description=""
-//+kubebuilder:printcolumn:name="Pruned",type="date",JSONPath=".status.lastPruneResult.command.endTime",description=""
+//+kubebuilder:printcolumn:name="Deployed",type="date",JSONPath=".status.lastDeployResult.commandInfo.endTime",description=""
 //+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
 //+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
 //+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 535e56610..7b18591d0 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -18,12 +18,9 @@ spec:
     - jsonPath: .spec.dryRun
       name: DryRun
       type: boolean
-    - jsonPath: .status.lastDeployResult.command.endTime
+    - jsonPath: .status.lastDeployResult.commandInfo.endTime
       name: Deployed
       type: date
-    - jsonPath: .status.lastPruneResult.command.endTime
-      name: Pruned
-      type: date
     - jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index b8c794f09..dd1e01c15 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -17,12 +17,9 @@ spec:
     - jsonPath: .spec.dryRun
       name: DryRun
       type: boolean
-    - jsonPath: .status.lastDeployResult.command.endTime
+    - jsonPath: .status.lastDeployResult.commandInfo.endTime
       name: Deployed
       type: date
-    - jsonPath: .status.lastPruneResult.command.endTime
-      name: Pruned
-      type: date
     - jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string

From 9b004cf674cddf5489f18da5e03295114dcbbde3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 00:18:36 +0200
Subject: [PATCH 1184/2268] fix: Set controller-runtime logger

---
 cmd/kluctl/commands/root.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 67dbc8cfe..54c1750c9 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -25,6 +25,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime/pprof"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"strings"
 	"time"
 
@@ -110,7 +111,7 @@ func redirectLogsAndStderr(ctxGetter func() context.Context) {
 	klog.LogToStderr(false)
 	klog.SetOutput(lr1)
 	log.SetOutput(lr2)
-	//ctrl.SetLogger(klog.NewKlogr())
+	ctrl.SetLogger(klog.NewKlogr())
 
 	pr, pw, err := os.Pipe()
 	if err != nil {

From 72567a230176d87a97a31b78e37749aef787d3b6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 00:19:15 +0200
Subject: [PATCH 1185/2268] feat: Implement impersonation support in the webui

---
 pkg/controllers/kluctl_project.go    |  2 +-
 pkg/k8s/client_factory.go            | 23 +++++---
 pkg/k8s/k8s_cluster.go               | 20 -------
 pkg/kluctl_project/target_context.go |  2 +-
 pkg/webui/auth.go                    |  3 ++
 pkg/webui/clusteraccessor.go         | 81 ++++++++++++++++++++--------
 pkg/webui/server.go                  | 17 ++++--
 pkg/webui/validator.go               | 14 +++--
 8 files changed, 106 insertions(+), 56 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 4b426668b..45a214962 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -760,7 +760,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	if err != nil {
 		return nil, err
 	}
-	clientFactory, err := k8s2.NewClientFactory(ctx, restConfig)
+	clientFactory, err := k8s2.NewClientFactoryFromConfig(ctx, restConfig)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
index 255f35fb7..c530186d9 100644
--- a/pkg/k8s/client_factory.go
+++ b/pkg/k8s/client_factory.go
@@ -16,6 +16,7 @@ import (
 	"net/url"
 	"path/filepath"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
 	"time"
 )
 
@@ -38,7 +39,7 @@ type realClientFactory struct {
 	httpClient *http.Client
 
 	discoveryClient discovery.DiscoveryInterface
-	mapper          meta.ResettableRESTMapper
+	mapper          meta.RESTMapper
 }
 
 func (r *realClientFactory) RESTConfig() *rest.Config {
@@ -91,12 +92,12 @@ func (r *realClientFactory) CloseIdleConnections() {
 	r.httpClient.CloseIdleConnections()
 }
 
-func initDiscoveryClient(ctx context.Context, config *rest.Config) (discovery.CachedDiscoveryInterface, error) {
+func CreateDiscoveryClient(ctx context.Context, config *rest.Config) (discovery.CachedDiscoveryInterface, error) {
 	apiHost, err := url.Parse(config.Host)
 	if err != nil {
 		return nil, err
 	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", apiHost.Hostname())
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", strings.ReplaceAll(apiHost.Host, ":", "-"))
 	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
 	if err != nil {
 		return nil, err
@@ -104,7 +105,7 @@ func initDiscoveryClient(ctx context.Context, config *rest.Config) (discovery.Ca
 	return discovery2, nil
 }
 
-func NewClientFactory(ctx context.Context, configIn *rest.Config) (ClientFactory, error) {
+func NewClientFactoryFromConfig(ctx context.Context, configIn *rest.Config) (ClientFactory, error) {
 	restConfig := rest.CopyConfig(configIn)
 	restConfig.QPS = 10
 	restConfig.Burst = 20
@@ -114,7 +115,7 @@ func NewClientFactory(ctx context.Context, configIn *rest.Config) (ClientFactory
 		return nil, err
 	}
 
-	dc, err := initDiscoveryClient(ctx, restConfig)
+	dc, err := CreateDiscoveryClient(ctx, restConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -143,5 +144,15 @@ func NewClientFactoryFromDefaultConfig(ctx context.Context, context *string) (Cl
 		return nil, err
 	}
 
-	return NewClientFactory(ctx, config)
+	return NewClientFactoryFromConfig(ctx, config)
+}
+
+func NewClientFactory(ctx context.Context, config *rest.Config, httpClient *http.Client, dc discovery.DiscoveryInterface, mapper meta.RESTMapper) (ClientFactory, error) {
+	return &realClientFactory{
+		ctx:             ctx,
+		config:          config,
+		httpClient:      httpClient,
+		discoveryClient: dc,
+		mapper:          mapper,
+	}, nil
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 082224646..8e1ff12da 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -78,26 +78,6 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 	return &k2
 }
 
-func (k *K8sCluster) GetCA() []byte {
-	return k.clientFactory.GetCA()
-}
-
-func (k *K8sCluster) buildLabelSelector(labels map[string]string) string {
-	ret := ""
-
-	for k, v := range labels {
-		if len(ret) != 0 {
-			ret += ","
-		}
-		if v == "" {
-			ret += k
-		} else {
-			ret += fmt.Sprintf("%s=%s", k, v)
-		}
-	}
-	return ret
-}
-
 func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
 		return c.List(k.ctx, l, client.InNamespace(namespace), client.MatchingLabels(labels))
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 4761c9a0d..57c0b0a27 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -98,7 +98,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	var k *k8s.K8sCluster
 	if clientConfig != nil {
 		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
-		clientFactory, err := k8s.NewClientFactory(ctx, clientConfig)
+		clientFactory, err := k8s.NewClientFactoryFromConfig(ctx, clientConfig)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index fb9cc97e1..8428482cb 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -29,11 +29,13 @@ type authHandler struct {
 
 	serverClient    client.Client
 	webuiSecretName string
+	adminRbacUser   string
 }
 
 type User struct {
 	Username string `json:"username"`
 	IsAdmin  bool   `json:"isAdmin"`
+	RbacUser string `json:"RbacUser"`
 }
 
 func (s *authHandler) setupAuth(r gin.IRouter) error {
@@ -223,6 +225,7 @@ func (s *authHandler) getAdminUserFromClaims(claims jwt.MapClaims) *User {
 	return &User{
 		Username: id,
 		IsAdmin:  true,
+		RbacUser: s.adminRbacUser,
 	}
 }
 
diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
index 1e44dcdbb..e83a75dec 100644
--- a/pkg/webui/clusteraccessor.go
+++ b/pkg/webui/clusteraccessor.go
@@ -5,10 +5,14 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/discovery"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
+	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sync"
 	"time"
 )
@@ -19,12 +23,14 @@ type clusterAccessorManager struct {
 }
 
 type clusterAccessor struct {
-	ctx       context.Context
-	config    *rest.Config
-	client    client.Client
-	k         *k8s2.K8sCluster
-	clusterId string
-	mutex     sync.Mutex
+	ctx        context.Context
+	config     *rest.Config
+	httpClient *http.Client
+	scheme     *runtime.Scheme
+	discovery  discovery.DiscoveryInterface
+	mapper     meta.RESTMapper
+	clusterId  string
+	mutex      sync.Mutex
 }
 
 func (cam *clusterAccessorManager) add(config *rest.Config) {
@@ -64,6 +70,9 @@ func (ca *clusterAccessor) initClient() {
 }
 
 func (ca *clusterAccessor) tryInitClient() error {
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+
 	scheme := runtime.NewScheme()
 	err := clientgoscheme.AddToScheme(scheme)
 	if err != nil {
@@ -73,33 +82,37 @@ func (ca *clusterAccessor) tryInitClient() error {
 	if err != nil {
 		return err
 	}
+	ca.scheme = scheme
 
-	c, err := client.New(ca.config, client.Options{
-		Scheme: scheme,
-	})
+	httpClient, err := rest.HTTPClientFor(ca.config)
 	if err != nil {
 		return err
 	}
-	var ns corev1.Namespace
-	err = c.Get(context.Background(), client.ObjectKey{Name: "kube-system"}, &ns)
+	ca.httpClient = httpClient
+
+	dc, err := k8s2.CreateDiscoveryClient(context.Background(), ca.config)
 	if err != nil {
 		return err
 	}
+	ca.discovery = dc
 
-	cf, err := k8s2.NewClientFactory(context.Background(), ca.config)
+	mapper, err := apiutil.NewDynamicRESTMapper(ca.config, ca.httpClient)
 	if err != nil {
 		return err
 	}
+	ca.mapper = mapper
 
-	k, err := k8s2.NewK8sCluster(context.Background(), cf, true)
+	c, err := ca.getClientLocked("", nil)
+	if err != nil {
+		return err
+	}
+
+	var ns corev1.Namespace
+	err = c.Get(context.Background(), client.ObjectKey{Name: "kube-system"}, &ns)
 	if err != nil {
 		return err
 	}
 
-	ca.mutex.Lock()
-	defer ca.mutex.Unlock()
-	ca.client = c
-	ca.k = k
 	ca.clusterId = string(ns.UID)
 
 	return nil
@@ -111,14 +124,40 @@ func (ca *clusterAccessor) getClusterId() string {
 	return ca.clusterId
 }
 
-func (ca *clusterAccessor) getClient() client.Client {
+func (ca *clusterAccessor) getClient(asUser string, asGroups []string) (client.Client, error) {
 	ca.mutex.Lock()
 	defer ca.mutex.Unlock()
-	return ca.client
+	return ca.getClientLocked(asUser, asGroups)
 }
 
-func (ca *clusterAccessor) getK() *k8s2.K8sCluster {
+func (ca *clusterAccessor) getClientLocked(asUser string, asGroups []string) (client.Client, error) {
+	config := rest.CopyConfig(ca.config)
+	config.Impersonate.UserName = asUser
+	config.Impersonate.Groups = asGroups
+
+	c, err := client.New(config, client.Options{
+		HTTPClient: ca.httpClient,
+		Scheme:     ca.scheme,
+		Mapper:     ca.mapper,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return c, nil
+}
+
+func (ca *clusterAccessor) getK(ctx context.Context, asUser string, asGroups []string) (*k8s2.K8sCluster, error) {
 	ca.mutex.Lock()
 	defer ca.mutex.Unlock()
-	return ca.k
+
+	config := rest.CopyConfig(ca.config)
+	config.Impersonate.UserName = asUser
+	config.Impersonate.Groups = asGroups
+
+	cf, err := k8s2.NewClientFactory(ctx, config, ca.httpClient, ca.discovery, ca.mapper)
+	if err != nil {
+		return nil, err
+	}
+
+	return k8s2.NewK8sCluster(ctx, cf, false)
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 31b45181c..6f0fa5bde 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -44,6 +44,8 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 		serverClient: serverClient,
 	}
 
+	adminUser := "kluctl-webui-admin"
+
 	adminEnabled := false
 	if serverClient != nil {
 		adminEnabled = true
@@ -55,6 +57,7 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 			adminEnabled:    adminEnabled,
 			serverClient:    serverClient,
 			webuiSecretName: "admin-secret",
+			adminRbacUser:   adminUser,
 		}
 	}
 
@@ -62,7 +65,7 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 		ret.cam.add(config)
 	}
 
-	ret.vam = newValidatorManager(ctx, store, ret.cam)
+	ret.vam = newValidatorManager(ctx, store, ret.cam, adminUser)
 
 	return ret
 }
@@ -340,17 +343,25 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 		return
 	}
 
+	user := s.auth.getUser(c)
+
 	ca := s.cam.getForClusterId(params.Cluster)
 	if ca == nil {
 		_ = c.AbortWithError(http.StatusNotFound, err)
 		return
 	}
 
+	kc, err := ca.getClient(user.RbacUser, nil)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
 	defer cancel()
 
 	var kd kluctlv1.KluctlDeployment
-	err = ca.getClient().Get(ctx, client.ObjectKey{Name: params.Name, Namespace: params.Namespace}, &kd)
+	err = kc.Get(ctx, client.ObjectKey{Name: params.Name, Namespace: params.Namespace}, &kd)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			_ = c.AbortWithError(http.StatusNotFound, err)
@@ -362,7 +373,7 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 
 	patch := client.MergeFrom(kd.DeepCopy())
 	metav1.SetMetaDataAnnotation(&kd.ObjectMeta, aname, avalue)
-	err = ca.getClient().Patch(ctx, &kd, patch, client.FieldOwner(webuiManager))
+	err = kc.Patch(ctx, &kd, patch, client.FieldOwner(webuiManager))
 	if err != nil {
 		_ = c.AbortWithError(http.StatusInternalServerError, err)
 		return
diff --git a/pkg/webui/validator.go b/pkg/webui/validator.go
index 277d9c77b..76e7e7ff1 100644
--- a/pkg/webui/validator.go
+++ b/pkg/webui/validator.go
@@ -27,8 +27,9 @@ type validationWatch struct {
 type validatorManager struct {
 	ctx context.Context
 
-	store results.ResultStore
-	cam   *clusterAccessorManager
+	store     results.ResultStore
+	cam       *clusterAccessorManager
+	adminUser string
 
 	validators map[ProjectTargetKey]*validatorEntry
 	watches    []*validationWatch
@@ -49,11 +50,12 @@ type validatorEntry struct {
 	mutex          sync.Mutex
 }
 
-func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager) *validatorManager {
+func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager, adminUser string) *validatorManager {
 	return &validatorManager{
 		ctx:        ctx,
 		store:      store,
 		cam:        cam,
+		adminUser:  adminUser,
 		validators: map[ProjectTargetKey]*validatorEntry{},
 	}
 }
@@ -244,7 +246,11 @@ func (v *validatorEntry) runOnce(summaries []result.CommandResultSummary) bool {
 		s.FailedWithMessage("No cluster accessor for %v", v.key)
 		return false
 	}
-	k := ca.getK()
+	k, err := ca.getK(context.Background(), v.vm.adminUser, nil)
+	if err != nil {
+		s.FailedWithMessage("Failed to create K8sCluster: %v", err)
+		return false
+	}
 	if k == nil {
 		return false
 	}

From 9d5072973730eba0957c119e7a99adb05ce35ee2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 00:19:41 +0200
Subject: [PATCH 1186/2268] fix: Use default context when using --in-cluster

---
 cmd/kluctl/commands/cmd_webui.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 344882505..1c7ee15f4 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -84,6 +84,9 @@ func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultSt
 		for name, _ := range kcfg.Contexts {
 			contexts = append(contexts, name)
 		}
+	} else if cmd.InCluster {
+		// placeholder for current context
+		contexts = append(contexts, "")
 	} else {
 		if len(cmd.Context) == 0 {
 			// placeholder for current context

From ae78653ca96fb587169b15aeec1f6c8863ed2fd5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 00:22:19 +0200
Subject: [PATCH 1187/2268] feat: Add webui deployment

---
 hack/prepare-release.sh             |  6 ++-
 install/webui/.kluctl.yaml          |  9 ++++
 install/webui/deployment.yaml       |  3 ++
 install/webui/webui/admin-rbac.yaml | 41 ++++++++++++++++++
 install/webui/webui/deployment.yaml | 65 +++++++++++++++++++++++++++++
 install/webui/webui/webui-rbac.yaml | 48 +++++++++++++++++++++
 6 files changed, 171 insertions(+), 1 deletion(-)
 create mode 100644 install/webui/.kluctl.yaml
 create mode 100644 install/webui/deployment.yaml
 create mode 100644 install/webui/webui/admin-rbac.yaml
 create mode 100644 install/webui/webui/deployment.yaml
 create mode 100644 install/webui/webui/webui-rbac.yaml

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index f63be7543..b306fb781 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -24,7 +24,11 @@ fi
 
 echo VERSION=$VERSION
 
-FILES="install/controller/.kluctl.yaml install/controller/controller/kustomization.yaml docs/installation.md"
+FILES=""
+FILES="$FILES install/controller/.kluctl.yaml"
+FILES="$FILES install/controller/controller/kustomization.yaml"
+FILES="$FILES install/webui/.kluctl.yaml"
+FILES="$FILES docs/installation.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
new file mode 100644
index 000000000..961fb60c4
--- /dev/null
+++ b/install/webui/.kluctl.yaml
@@ -0,0 +1,9 @@
+discriminator: kluctl.io-webui
+
+args:
+  - name: kluctl_version
+    default: v2.20.4
+  - name: webui_args
+    default: []
+  - name: webui_envs
+    default: []
diff --git a/install/webui/deployment.yaml b/install/webui/deployment.yaml
new file mode 100644
index 000000000..cf765cdb9
--- /dev/null
+++ b/install/webui/deployment.yaml
@@ -0,0 +1,3 @@
+
+deployments:
+  - path: webui
diff --git a/install/webui/webui/admin-rbac.yaml b/install/webui/webui/admin-rbac.yaml
new file mode 100644
index 000000000..5215ec007
--- /dev/null
+++ b/install/webui/webui/admin-rbac.yaml
@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kluctl-webui-admin-role
+rules:
+  - apiGroups:
+      - gitops.kluctl.io
+    resources:
+      - kluctldeployments
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  # Read access for all other Kubernetes objects
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-webui-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-webui-admin-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kluctl-webui-admin-role
+subjects:
+  - kind: User
+    apiGroup: rbac.authorization.k8s.io
+    name: kluctl-webui-admin
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
new file mode 100644
index 000000000..109a6eea4
--- /dev/null
+++ b/install/webui/webui/deployment.yaml
@@ -0,0 +1,65 @@
+{% set kluctl_version = get_var("args.kluctl_version", "v2.20.4") %}
+{% set pull_policy = "Always" if "-devel" in kluctl_version or "-snapshot" in kluctl_version else "IfNotPresent" %}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: kluctl-webui
+    app.kubernetes.io/instance: kluctl-controller
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: kluctl-webui
+    control-plane: kluctl-webui
+  name: kluctl-webui
+  namespace: kluctl-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: kluctl-controller
+  template:
+    metadata:
+      labels:
+        control-plane: kluctl-controller
+    spec:
+      containers:
+      - name: webui
+        image: ghcr.io/kluctl/kluctl:{{ kluctl_version }}
+        imagePullPolicy: {{ pull_policy }}
+        command:
+          - kluctl
+          - webui
+          - --in-cluster
+        args: {{ get_var(["args.webui_args", "webui_args"], []) | to_json }}
+        env: {{ get_var(["args.webui_envs", "webui_envs"], []) | to_json }}
+        ports:
+          - containerPort: 8080
+            name: http
+        livenessProbe:
+          httpGet:
+            path: /
+            port: 8080
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8080
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 512Mi
+          requests:
+            cpu: 500m
+            memory: 512Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: kluctl-webui
+      terminationGracePeriodSeconds: 10
diff --git a/install/webui/webui/webui-rbac.yaml b/install/webui/webui/webui-rbac.yaml
new file mode 100644
index 000000000..1e7622111
--- /dev/null
+++ b/install/webui/webui/webui-rbac.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/instance: kluctl-webui-sa
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/part-of: controller
+  name: kluctl-webui
+  namespace: kluctl-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kluctl-webui-cluster-role
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
+    # allow access to results
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+    # allow to impersonate other users, groups and serviceaccounts
+  - apiGroups: [""]
+    resources: ["users", "groups", "serviceaccounts"]
+    verbs: ["impersonate"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-webui-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-webui-cluster-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kluctl-webui-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: kluctl-webui
+    namespace: kluctl-system

From 9064f420dd79664a440d7aef8927fd5dd9661875 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 07:51:39 +0200
Subject: [PATCH 1188/2268] fix: Use new http clients to fix impersonation

---
 pkg/webui/clusteraccessor.go | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
index e83a75dec..65bd1853d 100644
--- a/pkg/webui/clusteraccessor.go
+++ b/pkg/webui/clusteraccessor.go
@@ -10,7 +10,6 @@ import (
 	"k8s.io/client-go/discovery"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
-	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sync"
@@ -23,14 +22,13 @@ type clusterAccessorManager struct {
 }
 
 type clusterAccessor struct {
-	ctx        context.Context
-	config     *rest.Config
-	httpClient *http.Client
-	scheme     *runtime.Scheme
-	discovery  discovery.DiscoveryInterface
-	mapper     meta.RESTMapper
-	clusterId  string
-	mutex      sync.Mutex
+	ctx       context.Context
+	config    *rest.Config
+	scheme    *runtime.Scheme
+	discovery discovery.DiscoveryInterface
+	mapper    meta.RESTMapper
+	clusterId string
+	mutex     sync.Mutex
 }
 
 func (cam *clusterAccessorManager) add(config *rest.Config) {
@@ -88,7 +86,6 @@ func (ca *clusterAccessor) tryInitClient() error {
 	if err != nil {
 		return err
 	}
-	ca.httpClient = httpClient
 
 	dc, err := k8s2.CreateDiscoveryClient(context.Background(), ca.config)
 	if err != nil {
@@ -96,7 +93,7 @@ func (ca *clusterAccessor) tryInitClient() error {
 	}
 	ca.discovery = dc
 
-	mapper, err := apiutil.NewDynamicRESTMapper(ca.config, ca.httpClient)
+	mapper, err := apiutil.NewDynamicRESTMapper(ca.config, httpClient)
 	if err != nil {
 		return err
 	}
@@ -135,10 +132,9 @@ func (ca *clusterAccessor) getClientLocked(asUser string, asGroups []string) (cl
 	config.Impersonate.UserName = asUser
 	config.Impersonate.Groups = asGroups
 
-	c, err := client.New(config, client.Options{
-		HTTPClient: ca.httpClient,
-		Scheme:     ca.scheme,
-		Mapper:     ca.mapper,
+	c, err := client.NewWithWatch(config, client.Options{
+		Scheme: ca.scheme,
+		Mapper: ca.mapper,
 	})
 	if err != nil {
 		return nil, err
@@ -154,7 +150,12 @@ func (ca *clusterAccessor) getK(ctx context.Context, asUser string, asGroups []s
 	config.Impersonate.UserName = asUser
 	config.Impersonate.Groups = asGroups
 
-	cf, err := k8s2.NewClientFactory(ctx, config, ca.httpClient, ca.discovery, ca.mapper)
+	httpClient, err := rest.HTTPClientFor(config)
+	if err != nil {
+		return nil, err
+	}
+
+	cf, err := k8s2.NewClientFactory(ctx, config, httpClient, ca.discovery, ca.mapper)
 	if err != nil {
 		return nil, err
 	}

From 79fc4999336c1a1ae7db3a265fa10f67bd158e3e Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Wed, 14 Jun 2023 00:12:55 +0600
Subject: [PATCH 1189/2268] WIP history cards.

---
 .../src/components/result-view/SidePanel.tsx  |  34 ++--
 .../ui/src/components/targets-view/Card.tsx   |  36 ++--
 .../CommandResultDetailsDrawer.tsx            |   3 +-
 .../targets-view/CommandResultItem.tsx        | 100 +++++-----
 .../components/targets-view/HistoryCards.tsx  | 172 ++++++++++++++++++
 .../src/components/targets-view/Projects.tsx  |  17 +-
 .../src/components/targets-view/Targets.tsx   |  18 +-
 .../components/targets-view/TargetsView.tsx   |  20 +-
 8 files changed, 288 insertions(+), 112 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/HistoryCards.tsx

diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index c2d6a420a..a2ea88709 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -1,5 +1,5 @@
 import { Box, Divider, IconButton, Paper, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
-import React, { useEffect, useState } from "react";
+import React, { useCallback, useEffect, useMemo, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { CloseIcon } from "../../icons/Icons";
 import { light } from "../theme";
@@ -19,37 +19,41 @@ export interface SidePanelProps {
     onClose?: () => void;
 }
 
-export const SidePanel = (props: SidePanelProps) => {
+export function useSidePanelTabs(provider?: SidePanelProvider) {
     const [selectedTab, setSelectedTab] = useState<string>();
-    const theme = useTheme();
 
-    function handleTabChange(_e: React.SyntheticEvent, value: string) {
+    const handleTabChange = useCallback((_e: React.SyntheticEvent, value: string) => {
         setSelectedTab(value);
-    }
+    }, []);
 
-    let tabs = props.provider?.buildSidePanelTabs()
-    if (!tabs) {
-        tabs = []
-    }
+    const tabs = useMemo(
+        () => provider?.buildSidePanelTabs() || [],
+        [provider]
+    );
 
     useEffect(() => {
         if (!tabs?.length) {
-            setSelectedTab("")
+            setSelectedTab("");
             return
         }
 
         if (!selectedTab) {
-            setSelectedTab(tabs[0].label)
+            setSelectedTab(tabs[0].label);
             return
         }
 
         if (!tabs.find(x => x.label === selectedTab)) {
             // reset it after the type of selected item has changed
-            setSelectedTab(tabs[0].label)
+            setSelectedTab(tabs[0].label);
         }
-        // ignore that it wants us to add selectedTab to the deps (it would cause and endless loop)
-        // eslint-disable-next-line
-    }, [props.provider])
+    }, [selectedTab, tabs]);
+
+    return { tabs, selectedTab, handleTabChange }
+}
+
+export const SidePanel = (props: SidePanelProps) => {
+    const theme = useTheme();
+    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
 
     if (!selectedTab || !tabs.find(x => x.label === selectedTab)) {
         return <></>
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 5c550fc9e..6e2cf2226 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,24 +1,34 @@
-import { Box, BoxProps } from "@mui/material"
+import { Box, BoxProps, Paper, PaperProps } from "@mui/material"
 
 export const cardWidth = 247;
 export const projectCardHeight = 80;
 export const cardHeight = 126;
 export const cardGap = 20;
 
-export function Card({ children, ...rest }: BoxProps) {
-    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...rest}>
-        {children}
-    </Box>
+export function CardPaper(props: PaperProps) {
+    const { sx, ...rest } = props;
+    return <Paper
+        elevation={5}
+        sx={{
+            width: "100%",
+            height: "100%",
+            borderRadius: '12px',
+            border: '1px solid #59A588',
+            boxShadow: '4px 4px 10px #1E617A',
+            ...sx
+        }}
+        {...rest}
+    />
 }
 
-export function CardCol({ children, ...rest }: BoxProps) {
-    return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...rest}>
-        {children}
-    </Box>
+export function Card(props: BoxProps) {
+    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...props} />
 }
 
-export function CardRow({ children, ...rest }: BoxProps) {
-    return <Box display='flex' gap={`${cardGap}px`} {...rest}>
-        {children}
-    </Box>
+export function CardCol(props: BoxProps) {
+    return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...props} />
+}
+
+export function CardRow(props: BoxProps) {
+    return <Box display='flex' gap={`${cardGap}px`} {...props} />
 }
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
index 705bb623f..a6b6bb6a2 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
@@ -121,11 +121,10 @@ export const CommandResultDetailsDrawer = React.memo((props: {
                     ts={ts}
                     rs={rs}
                     onSelectCommandResult={setSelectedCommandResult}
-                    selected={rs === selectedCommandResult}
                 />
             </Card>
         })
-    }, [ps, ts, cardsCoords, zIndex, theme.transitions, selectedCommandResult])
+    }, [ps, ts, cardsCoords, zIndex, theme.transitions])
 
     if (loadingError) {
         return <>Error</>
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 21c6c12c6..f2f7bf2eb 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -2,23 +2,16 @@ import React, { useEffect, useMemo, useState } from "react";
 import { CommandResultSummary } from "../../models";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
-import Paper from "@mui/material/Paper";
 import { Box, IconButton, Tooltip, Typography } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
+import { CardPaper } from "./Card";
 
-export const CommandResultItem = React.memo((props: {
-    ps: ProjectSummary,
-    ts: TargetSummary,
-    rs: CommandResultSummary,
-    onSelectCommandResult: (rs: CommandResultSummary) => void,
-    selected?: boolean;
-}) => {
-    const { rs, onSelectCommandResult, selected } = props;
-    const navigate = useNavigate()
+export const CommandResultItemHeader = React.memo((props: { rs: CommandResultSummary }) => {
+    const { rs } = props;
     const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
 
     let Icon: () => JSX.Element = DiffIcon
@@ -50,50 +43,53 @@ export const CommandResultItem = React.memo((props: {
         return () => clearInterval(interval);
     }, [rs.commandInfo.startTime]);
 
-    return <Paper
-        elevation={5}
-        sx={{
-            width: "100%",
-            height: "100%",
-            borderRadius: '12px',
-            border: '1px solid #59A588',
-            boxShadow: '4px 4px 10px #1E617A',
-            padding: '20px 16px 5px 16px',
-            outline: selected ? '8px solid #59A588' : 'none'
-        }}
+
+    return <Box display='flex' gap='15px'>
+        <Tooltip title={iconTooltip}>
+            <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
+                <Icon />
+            </Box>
+        </Tooltip>
+        <Box>
+            <Typography
+                variant='h6'
+                textAlign='left'
+                textOverflow='ellipsis'
+                overflow='hidden'
+            >
+                {rs.commandInfo?.command}
+            </Typography>
+            <Tooltip title={rs.commandInfo.startTime}>
+                <Typography
+                    variant='subtitle1'
+                    textAlign='left'
+                    textOverflow='ellipsis'
+                    overflow='hidden'
+                    whiteSpace='nowrap'
+                    fontSize='14px'
+                    fontWeight={500}
+                    lineHeight='19px'
+                >{ago}</Typography>
+            </Tooltip>
+        </Box>
+    </Box>
+});
+
+export const CommandResultItem = React.memo((props: {
+    ps: ProjectSummary,
+    ts: TargetSummary,
+    rs: CommandResultSummary,
+    onSelectCommandResult: (rs: CommandResultSummary) => void,
+}) => {
+    const { rs, onSelectCommandResult } = props;
+    const navigate = useNavigate()
+
+    return <CardPaper
+        sx={{ padding: '20px 16px 5px 16px' }}
         onClick={() => onSelectCommandResult(rs)}
     >
         <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
-            <Box display='flex' gap='15px'>
-                <Tooltip title={iconTooltip}>
-                    <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
-                        <Icon />
-                    </Box>
-                </Tooltip>
-                <Box flexGrow={1}>
-                    <Typography
-                        variant='h6'
-                        textAlign='left'
-                        textOverflow='ellipsis'
-                        overflow='hidden'
-                        flexGrow={1}
-                    >
-                        {rs.commandInfo?.command}
-                    </Typography>
-                    <Tooltip title={rs.commandInfo.startTime}>
-                        <Typography
-                            variant='subtitle1'
-                            textAlign='left'
-                            textOverflow='ellipsis'
-                            overflow='hidden'
-                            whiteSpace='nowrap'
-                            fontSize='14px'
-                            fontWeight={500}
-                            lineHeight='19px'
-                        >{ago}</Typography>
-                    </Tooltip>
-                </Box>
-            </Box>
+            <CommandResultItemHeader rs={rs} />
             <Box display='flex' alignItems='center' justifyContent='space-between'>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <CommandResultStatusLine rs={rs} />
@@ -117,5 +113,5 @@ export const CommandResultItem = React.memo((props: {
                 </Box>
             </Box>
         </Box>
-    </Paper>
+    </CardPaper>
 });
diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
new file mode 100644
index 000000000..63baafce3
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -0,0 +1,172 @@
+import React, { Suspense, useEffect, useRef, useState } from "react";
+import { Box, Tab, useTheme } from "@mui/material";
+import { CommandResultSummary } from "../../models";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { CardPaper, cardHeight, cardWidth } from "./Card";
+import { CommandResultItemHeader } from "./CommandResultItem";
+import { Loading } from "../Loading";
+import { NodeData } from "../result-view/nodes/NodeData";
+import { api, usePromise } from "../../api";
+import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
+import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
+import { TabContext, TabList, TabPanel } from "@mui/lab";
+
+async function doGetRootNode(rs: CommandResultSummary) {
+    const shortNames = api.getShortNames()
+    const r = api.getResult(rs.id)
+    const builder = new NodeBuilder({
+        shortNames: await shortNames,
+        summary: rs,
+        commandResult: await r,
+    })
+    const [node] = builder.buildRoot()
+    return node
+}
+
+export interface HistoryCardsProps {
+    rs: CommandResultSummary,
+    ts: TargetSummary,
+    ps: ProjectSummary,
+    initialCardRect: DOMRect
+}
+
+const paddingY = 25;
+const paddingX = 120;
+
+interface Rect {
+    left: number,
+    top: number,
+    width: number | string,
+    height: number | string
+}
+
+type TransitionStatus = 'not-started' | 'running' | 'finished'
+
+function CardContent(props: { provider: SidePanelProvider }) {
+    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
+
+    if (!props.provider
+        || !selectedTab
+        || !tabs.find(x => x.label === selectedTab)
+    ) {
+        return null;
+    }
+
+    return <TabContext value={selectedTab}>
+        <TabList onChange={handleTabChange}>
+            {tabs.map((tab, i) => {
+                return <Tab label={tab.label} value={tab.label} key={tab.label} />
+            })}
+        </TabList>
+        <Box overflow='auto' p='30px'>
+            {tabs.map(tab => {
+                return <TabPanel value={tab.label} sx={{ padding: 0 }}>
+                    {tab.content}
+                </TabPanel>
+            })}
+        </Box>
+    </TabContext>
+}
+
+export const HistoryCards = React.memo((props: HistoryCardsProps) => {
+    const theme = useTheme();
+    const containerElem = useRef<HTMLElement>();
+    const [cardRect, setCardRect] = useState<Rect | undefined>();
+    const [transitionStatus, setTransitionStatus] = useState<TransitionStatus>('not-started');
+    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined));
+
+    const Content = () => {
+        const node = usePromise(promise)
+        return <CardContent provider={node} />;
+    }
+
+    useEffect(() => {
+        if (props.rs === undefined) {
+            return
+        }
+        setPromise(doGetRootNode(props.rs));
+    }, [props.rs]);
+
+    useEffect(() => {
+        const rect = containerElem.current?.getBoundingClientRect();
+        if (!rect) {
+            setCardRect(undefined);
+            return;
+        }
+
+        const initialRect = {
+            left: props.initialCardRect.left - rect.left - paddingX,
+            top: props.initialCardRect.top - rect.top - paddingY,
+            width: cardWidth,
+            height: cardHeight
+        };
+
+        setCardRect(initialRect);
+    }, [props.initialCardRect]);
+
+    useEffect(() => {
+        if (!cardRect) {
+            return;
+        }
+
+        const targetRect = {
+            left: 0,
+            top: 0,
+            width: '100%',
+            height: '100%'
+        };
+
+        if (cardRect.left === targetRect.left
+            && cardRect.top === targetRect.top
+            && cardRect.width === targetRect.width
+            && cardRect.height === targetRect.height
+        ) {
+            return;
+        }
+
+        setTimeout(() => {
+            setCardRect(targetRect);
+            setTransitionStatus('running');
+            setTimeout(() => {
+                setTransitionStatus('finished');
+            }, theme.transitions.duration.enteringScreen)
+        }, 10);
+    }, [cardRect, theme.transitions.duration.enteringScreen]);
+
+    return <Box
+        width='100%'
+        height='100%'
+        p={`${paddingY}px ${paddingX}px`}
+        position='relative'
+        ref={containerElem}
+    >
+        {cardRect && <CardPaper
+            sx={{
+                width: cardRect.width,
+                height: cardRect.height,
+                position: 'relative',
+                translate: `${cardRect.left}px ${cardRect.top}px`,
+                transition: theme.transitions.create(['translate', 'width', 'height'], {
+                    easing: theme.transitions.easing.sharp,
+                    duration: theme.transitions.duration.enteringScreen,
+                }),
+                padding: '20px 16px'
+            }}
+        >
+            <Box
+                display='flex'
+                flexDirection='column'
+                height='100%'
+            >
+                <CommandResultItemHeader rs={props.rs} />
+                <Box width='100%' flex='1 1 auto' overflow='hidden'>
+                    {transitionStatus === 'finished' &&
+                        <Suspense fallback={<Loading />}>
+                            <Content />
+                        </Suspense>
+                    }
+                </Box>
+            </Box>
+        </CardPaper>}
+    </Box>;
+});
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
index 1ead486b3..cbf643318 100644
--- a/pkg/webui/ui/src/components/targets-view/Projects.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Projects.tsx
@@ -1,10 +1,10 @@
 import { getLastPathElement } from "../../utils/misc";
-import Paper from "@mui/material/Paper";
 import { Box, Typography } from "@mui/material";
 import React from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
+import { CardPaper } from "./Card";
 
 export const ProjectItem = (props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
@@ -17,16 +17,9 @@ export const ProjectItem = (props: { ps: ProjectSummary }) => {
         </> : <></>}
     </Box>
 
-    return <Paper
-        elevation={5}
-        sx={{
-            width: "100%",
-            height: "100%",
-            borderRadius: '12px',
-            border: '1px solid #59A588',
-            boxShadow: '4px 4px 10px #1E617A',
-            padding: '5px 16px'
-        }}>
+    return <CardPaper
+        sx={{ padding: '5px 16px' }}
+    >
         <Box display="flex" flexDirection={"column"} justifyContent='center' height={"100%"}>
             <Box display='flex' alignItems='center' gap='15px'>
                 {name && (
@@ -59,5 +52,5 @@ export const ProjectItem = (props: { ps: ProjectSummary }) => {
                 </Box>
             </Box>
         </Box>
-    </Paper>
+    </CardPaper>
 }
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/Targets.tsx
index b12ffa5e1..5127a4b09 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Targets.tsx
@@ -1,6 +1,5 @@
 import { KluctlDeploymentInfo } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
-import Paper from "@mui/material/Paper";
 import { Box, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
@@ -9,6 +8,7 @@ import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
 import { ApiContext } from "../App";
+import { CardPaper } from "./Card";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -116,7 +116,7 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
 
     const contextTooltip = <Box textAlign={"center"}>
         <Typography variant="subtitle2">All known contexts:</Typography>
-        {allContexts.map(context=> (
+        {allContexts.map(context => (
             <Typography key={context} variant="subtitle2">{context}</Typography>
         ))}
     </Box>
@@ -126,16 +126,8 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
         targetName = "<no-name>"
     }
 
-    return <Paper
-        elevation={5}
-        sx={{
-            width: "100%",
-            height: "100%",
-            borderRadius: '12px',
-            border: '1px solid #59A588',
-            boxShadow: '4px 4px 10px #1E617A',
-            padding: '20px 16px 12px 16px'
-        }}
+    return <CardPaper
+        sx={{ padding: '20px 16px 12px 16px' }}
         onClick={e => props.onSelectTarget(props.ts)}
     >
         <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
@@ -184,5 +176,5 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
                 </Box>
             </Box>
         </Box>
-    </Paper>
+    </CardPaper>
 }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 228519b0d..e4dfe1b66 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -11,6 +11,7 @@ import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
+import { HistoryCards } from "./HistoryCards";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -140,7 +141,7 @@ export const TargetsView = () => {
         setSelectedCardRect(undefined);
     }, []);
 
-    const doSetSelectedCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
+    const onSelectCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
         onTargetDetailsDrawerClose();
         setSelectedCommandResult(o);
     }, [onTargetDetailsDrawerClose]);
@@ -150,14 +151,23 @@ export const TargetsView = () => {
         setSelectedTargetSummary(ts);
     }, [onCommandResultDetailsDrawerClose]);
 
+    if (selectedCommandResult && selectedCardRect) {
+        return <HistoryCards 
+            rs={selectedCommandResult.rs}
+            ts={selectedCommandResult.ts}
+            ps={selectedCommandResult.ps}
+            initialCardRect={selectedCardRect}
+        />;
+    }
+
     return <Box minWidth={colWidth * 3} p='0 40px'>
-        <CommandResultDetailsDrawer
+        {/* <CommandResultDetailsDrawer
             rs={selectedCommandResult?.rs}
             ts={selectedCommandResult?.ts}
             ps={selectedCommandResult?.ps}
             onClose={onCommandResultDetailsDrawerClose}
             selectedCardRect={selectedCardRect}
-        />
+        /> */}
         <TargetDetailsDrawer
             ts={selectedTargetSummary}
             onClose={onTargetDetailsDrawerClose}
@@ -196,7 +206,7 @@ export const TargetsView = () => {
                                 <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
                                     <svg
                                         xmlns='http://www.w3.org/2000/svg'
-                                        fill='none'
+                                        fill='none' 
                                         style={{
                                             height: `${2 * circleRadius + strokeWidth}`,
                                             width: '100%'
@@ -256,7 +266,7 @@ export const TargetsView = () => {
                                             ps={ps}
                                             ts={ts}
                                             rs={rs}
-                                            onSelectCommandResult={(rs) => doSetSelectedCommandResult({rs, ts, ps})}
+                                            onSelectCommandResult={(rs) => onSelectCommandResult({rs, ts, ps})}
                                         />
                                     </Card>
                                 })}

From cdd437fcf11e536514dae46361b5d57a70cc15a6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Jun 2023 15:57:42 +0200
Subject: [PATCH 1190/2268] fix: Migrate to new way of loading

---
 .../components/targets-view/HistoryCards.tsx  | 42 ++++++++-----------
 .../components/targets-view/TargetsView.tsx   |  1 -
 2 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
index 63baafce3..7b74b1be9 100644
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -1,23 +1,23 @@
-import React, { Suspense, useEffect, useRef, useState } from "react";
+import React, { useContext, useEffect, useRef, useState } from "react";
 import { Box, Tab, useTheme } from "@mui/material";
 import { CommandResultSummary } from "../../models";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardPaper, cardHeight, cardWidth } from "./Card";
 import { CommandResultItemHeader } from "./CommandResultItem";
-import { Loading } from "../Loading";
-import { NodeData } from "../result-view/nodes/NodeData";
-import { api, usePromise } from "../../api";
+import { Loading, useLoadingHelper } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
+import { Api } from "../../api";
+import { ApiContext } from "../App";
 
-async function doGetRootNode(rs: CommandResultSummary) {
-    const shortNames = api.getShortNames()
-    const r = api.getResult(rs.id)
+async function doGetRootNode(api: Api, rs: CommandResultSummary) {
+    const shortNames = await api.getShortNames()
+    const r = await api.getResult(rs.id)
     const builder = new NodeBuilder({
-        shortNames: await shortNames,
+        shortNames: shortNames,
         summary: rs,
-        commandResult: await r,
+        commandResult: r,
     })
     const [node] = builder.buildRoot()
     return node
@@ -69,23 +69,15 @@ function CardContent(props: { provider: SidePanelProvider }) {
 }
 
 export const HistoryCards = React.memo((props: HistoryCardsProps) => {
+    const api = useContext(ApiContext)
     const theme = useTheme();
     const containerElem = useRef<HTMLElement>();
     const [cardRect, setCardRect] = useState<Rect | undefined>();
     const [transitionStatus, setTransitionStatus] = useState<TransitionStatus>('not-started');
-    const [promise, setPromise] = useState<Promise<NodeData>>(new Promise(() => undefined));
 
-    const Content = () => {
-        const node = usePromise(promise)
-        return <CardContent provider={node} />;
-    }
-
-    useEffect(() => {
-        if (props.rs === undefined) {
-            return
-        }
-        setPromise(doGetRootNode(props.rs));
-    }, [props.rs]);
+    const [loading, loadingError, node] = useLoadingHelper(() => {
+        return doGetRootNode(api, props.rs)
+    }, [api, props.rs])
 
     useEffect(() => {
         const rect = containerElem.current?.getBoundingClientRect();
@@ -133,6 +125,10 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
         }, 10);
     }, [cardRect, theme.transitions.duration.enteringScreen]);
 
+    if (loadingError) {
+        return <>Error</>
+    }
+
     return <Box
         width='100%'
         height='100%'
@@ -161,9 +157,7 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
                 <CommandResultItemHeader rs={props.rs} />
                 <Box width='100%' flex='1 1 auto' overflow='hidden'>
                     {transitionStatus === 'finished' &&
-                        <Suspense fallback={<Loading />}>
-                            <Content />
-                        </Suspense>
+                        (loading ? <Loading/> : <CardContent provider={node!} />)
                     }
                 </Box>
             </Box>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index e4dfe1b66..77683560d 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -6,7 +6,6 @@ import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
-import { CommandResultDetailsDrawer } from "./CommandResultDetailsDrawer";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";

From 4fb00ad1ab11d5d62f4e9d809e9df9e7652fa50f Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 15 Jun 2023 05:22:16 +0600
Subject: [PATCH 1191/2268] Added new history cards view.

---
 .../components/targets-view/HistoryCards.tsx  | 251 ++++++++++++++----
 .../components/targets-view/TargetsView.tsx   |  38 +--
 pkg/webui/ui/src/components/theme.ts          |  30 +++
 pkg/webui/ui/src/icons/Icons.tsx              |  16 +-
 pkg/webui/ui/src/icons/close-light.svg        |   3 +
 .../ui/src/icons/triangle-left-light.svg      |   4 +
 .../ui/src/icons/triangle-right-light.svg     |   4 +
 7 files changed, 266 insertions(+), 80 deletions(-)
 create mode 100644 pkg/webui/ui/src/icons/close-light.svg
 create mode 100644 pkg/webui/ui/src/icons/triangle-left-light.svg
 create mode 100644 pkg/webui/ui/src/icons/triangle-right-light.svg

diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
index 7b74b1be9..2570361f8 100644
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -1,7 +1,7 @@
-import React, { useContext, useEffect, useRef, useState } from "react";
-import { Box, Tab, useTheme } from "@mui/material";
+import React, { useCallback, useContext, useEffect, useMemo, useRef, useState } from "react";
+import { Box, Divider, IconButton, SxProps, Tab, Tooltip, useTheme } from "@mui/material";
 import { CommandResultSummary } from "../../models";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { TargetSummary } from "../../project-summaries";
 import { CardPaper, cardHeight, cardWidth } from "./Card";
 import { CommandResultItemHeader } from "./CommandResultItem";
 import { Loading, useLoadingHelper } from "../Loading";
@@ -10,6 +10,8 @@ import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { Api } from "../../api";
 import { ApiContext } from "../App";
+import { useNavigate } from "react-router";
+import { CloseLightIcon, TreeViewIcon, TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary) {
     const shortNames = await api.getShortNames()
@@ -26,13 +28,10 @@ async function doGetRootNode(api: Api, rs: CommandResultSummary) {
 export interface HistoryCardsProps {
     rs: CommandResultSummary,
     ts: TargetSummary,
-    ps: ProjectSummary,
-    initialCardRect: DOMRect
+    initialCardRect: DOMRect,
+    onClose: () => void
 }
 
-const paddingY = 25;
-const paddingX = 120;
-
 interface Rect {
     left: number,
     top: number,
@@ -42,7 +41,7 @@ interface Rect {
 
 type TransitionStatus = 'not-started' | 'running' | 'finished'
 
-function CardContent(props: { provider: SidePanelProvider }) {
+const CardContent = React.memo((props: { provider: SidePanelProvider }) => {
     const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
 
     if (!props.provider
@@ -53,31 +52,126 @@ function CardContent(props: { provider: SidePanelProvider }) {
     }
 
     return <TabContext value={selectedTab}>
-        <TabList onChange={handleTabChange}>
-            {tabs.map((tab, i) => {
-                return <Tab label={tab.label} value={tab.label} key={tab.label} />
-            })}
-        </TabList>
+        <Box height='36px' flex='0 0 auto' p='0 30px' mt='12px'>
+            <TabList onChange={handleTabChange}>
+                {tabs.map((tab, i) => {
+                    return <Tab label={tab.label} value={tab.label} key={tab.label} />
+                })}
+            </TabList>
+        </Box>
+        <Divider sx={{ margin: 0 }} />
         <Box overflow='auto' p='30px'>
             {tabs.map(tab => {
-                return <TabPanel value={tab.label} sx={{ padding: 0 }}>
+                return <TabPanel key={tab.label} value={tab.label} sx={{ padding: 0 }}>
                     {tab.content}
                 </TabPanel>
             })}
         </Box>
     </TabContext>
-}
+});
+
+const ArrowButton = React.memo((props: {
+    direction: 'left' | 'right',
+    onClick: () => void,
+    hidden: boolean
+}) => {
+    const Icon = {
+        left: TriangleLeftLightIcon,
+        right: TriangleRightLightIcon
+    }[props.direction];
+
+    return <Box flex='0 0 auto' height='100%' width='80px' display='flex' justifyContent='center' alignItems='center'>
+        {!props.hidden &&
+            <IconButton onClick={props.onClick}>
+                <Icon />
+            </IconButton>
+        }
+    </Box>
+});
+
+const HistoryCard = React.memo((props: {
+    rs: CommandResultSummary,
+    sx?: SxProps
+    transitionFinished?: boolean,
+    onClose?: () => void;
+}) => {
+    const navigate = useNavigate();
+    const api = useContext(ApiContext);
+    const [loading, loadingError, node] = useLoadingHelper(() => {
+        return doGetRootNode(api, props.rs)
+    }, [api, props.rs]);
+
+    if (loadingError) {
+        return <>Error</>
+    }
+
+    return <CardPaper
+        sx={{
+            position: 'relative',
+            ...props.sx
+        }}
+    >
+        <Box
+            position='absolute'
+            right='10px'
+            top='10px'
+        >
+            {props.transitionFinished && (
+                <IconButton onClick={props.onClose}>
+                    <CloseLightIcon />
+                </IconButton>
+            )}
+        </Box>
+        <Box
+            display='flex'
+            flexDirection='column'
+            height='100%'
+            justifyContent='space-between'
+        >
+            <Box p='0 16px' flex='0 0 auto'>
+                <CommandResultItemHeader rs={props.rs} />
+            </Box>
+            <Box width='100%' flex='1 1 auto' overflow='hidden' display='flex' flexDirection='column'>
+                {props.transitionFinished && (
+                    loading
+                        ? <Loading />
+                        : <CardContent provider={node!} />
+                )}
+            </Box>
+            <Box
+                flex='0 0 auto'
+                height='39px'
+                display='flex'
+                alignItems='center'
+                justifyContent='end'
+                p='0 30px'
+            >
+                <IconButton
+                    onClick={e => {
+                        e.stopPropagation();
+                        navigate(`/results/${props.rs.id}`);
+                    }}
+                    sx={{
+                        padding: 0,
+                        width: 32,
+                        height: 32
+                    }}
+                >
+                    <Tooltip title='Open Result Tree'>
+                        <Box display='flex'><TreeViewIcon /></Box>
+                    </Tooltip>
+                </IconButton>
+            </Box>
+        </Box>
+    </CardPaper>
+});
 
 export const HistoryCards = React.memo((props: HistoryCardsProps) => {
-    const api = useContext(ApiContext)
     const theme = useTheme();
     const containerElem = useRef<HTMLElement>();
     const [cardRect, setCardRect] = useState<Rect | undefined>();
     const [transitionStatus, setTransitionStatus] = useState<TransitionStatus>('not-started');
-
-    const [loading, loadingError, node] = useLoadingHelper(() => {
-        return doGetRootNode(api, props.rs)
-    }, [api, props.rs])
+    const [currentRS, setCurrentRS] = useState(props.rs);
 
     useEffect(() => {
         const rect = containerElem.current?.getBoundingClientRect();
@@ -87,8 +181,8 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
         }
 
         const initialRect = {
-            left: props.initialCardRect.left - rect.left - paddingX,
-            top: props.initialCardRect.top - rect.top - paddingY,
+            left: props.initialCardRect.left - rect.left,
+            top: props.initialCardRect.top - rect.top,
             width: cardWidth,
             height: cardHeight
         };
@@ -121,46 +215,95 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             setTransitionStatus('running');
             setTimeout(() => {
                 setTransitionStatus('finished');
-            }, theme.transitions.duration.enteringScreen)
+            }, theme.transitions.duration.enteringScreen);
         }, 10);
     }, [cardRect, theme.transitions.duration.enteringScreen]);
 
-    if (loadingError) {
-        return <>Error</>
-    }
+    const currentRSIndex = useMemo(
+        () => props.ts.commandResults.indexOf(currentRS),
+        [currentRS, props.ts.commandResults]
+    )
+
+    const onLeftArrowClick = useCallback(() => {
+        if (currentRSIndex > 0) {
+            setCurrentRS(props.ts.commandResults[currentRSIndex - 1]);
+        }
+    }, [currentRSIndex, props.ts.commandResults]);
+
+    const onRightArrowClick = useCallback(() => {
+        if (currentRSIndex < props.ts.commandResults.length - 1) {
+            setCurrentRS(props.ts.commandResults[currentRSIndex + 1]);
+        }
+    }, [currentRSIndex, props.ts.commandResults]);
 
     return <Box
         width='100%'
         height='100%'
-        p={`${paddingY}px ${paddingX}px`}
-        position='relative'
-        ref={containerElem}
+        p='25px 40px'
+        display='flex'
     >
-        {cardRect && <CardPaper
-            sx={{
-                width: cardRect.width,
-                height: cardRect.height,
-                position: 'relative',
-                translate: `${cardRect.left}px ${cardRect.top}px`,
-                transition: theme.transitions.create(['translate', 'width', 'height'], {
-                    easing: theme.transitions.easing.sharp,
-                    duration: theme.transitions.duration.enteringScreen,
-                }),
-                padding: '20px 16px'
-            }}
+        <ArrowButton
+            direction='left'
+            onClick={onLeftArrowClick}
+            hidden={currentRSIndex === 0 || transitionStatus !== 'finished'}
+        />
+        <Box
+            flex='1 1 auto'
+            display='flex'
+            ref={containerElem}
+            overflow={transitionStatus === 'finished' ? 'hidden' : 'unset'}
         >
-            <Box
-                display='flex'
-                flexDirection='column'
-                height='100%'
-            >
-                <CommandResultItemHeader rs={props.rs} />
-                <Box width='100%' flex='1 1 auto' overflow='hidden'>
-                    {transitionStatus === 'finished' &&
-                        (loading ? <Loading/> : <CardContent provider={node!} />)
-                    }
+            {transitionStatus !== 'finished' && cardRect && <HistoryCard
+                sx={{
+                    width: cardRect.width,
+                    height: cardRect.height,
+                    flex: '0 0 auto',
+                    translate: `${cardRect.left}px ${cardRect.top}px`,
+                    transition: theme.transitions.create(['translate', 'width', 'height'], {
+                        easing: theme.transitions.easing.sharp,
+                        duration: theme.transitions.duration.enteringScreen,
+                    }),
+                    padding: '20px 0'
+                }}
+                rs={currentRS}
+                onClose={props.onClose}
+            />}
+            {transitionStatus === 'finished' &&
+                <Box
+                    flex='1 1 auto'
+                    width='100%'
+                    height='100%'
+                    display='flex'
+                    gap='20px'
+                    sx={{
+                        translate: `calc((-100% - 20px) * ${currentRSIndex})`,
+                        transition: theme.transitions.create(['translate'], {
+                            easing: theme.transitions.easing.sharp,
+                            duration: theme.transitions.duration.enteringScreen,
+                        })
+                    }}
+                >
+                    {props.ts.commandResults.map((rs) =>
+                        <HistoryCard
+                            sx={{
+                                width: '100%',
+                                height: '100%',
+                                flex: '0 0 auto',
+                                padding: '20px 0'
+                            }}
+                            rs={rs}
+                            key={rs.id}
+                            transitionFinished={transitionStatus === 'finished'}
+                            onClose={props.onClose}
+                        />
+                    )}
                 </Box>
-            </Box>
-        </CardPaper>}
+            }
+        </Box>
+        <ArrowButton
+            direction='right'
+            onClick={onRightArrowClick}
+            hidden={currentRSIndex === props.ts.commandResults.length - 1 || transitionStatus !== 'finished'}
+        />
     </Box>;
 });
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 77683560d..b46d9a909 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -8,7 +8,7 @@ import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { HistoryCards } from "./HistoryCards";
 
@@ -124,7 +124,7 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
 
 export const TargetsView = () => {
     const theme = useTheme();
-    const [selectedCommandResult, setSelectedCommandResult] = useState<{rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary} | undefined>();
+    const [selectedCommandResult, setSelectedCommandResult] = useState<{ rs: CommandResultSummary, ts: TargetSummary } | undefined>();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
     const [selectedCardRect, setSelectedCardRect] = useState<DOMRect | undefined>();
 
@@ -135,38 +135,26 @@ export const TargetsView = () => {
         setSelectedTargetSummary(undefined);
     }, []);
 
-    const onCommandResultDetailsDrawerClose = useCallback(() => {
-        setSelectedCommandResult(undefined);
-        setSelectedCardRect(undefined);
-    }, []);
-
-    const onSelectCommandResult = useCallback((o?: {rs: CommandResultSummary, ts: TargetSummary, ps: ProjectSummary}) => {
+    const onSelectCommandResult = useCallback((o?: { rs: CommandResultSummary, ts: TargetSummary }) => {
         onTargetDetailsDrawerClose();
         setSelectedCommandResult(o);
     }, [onTargetDetailsDrawerClose]);
-    
-    const doSetSelectedTargetSummary = useCallback((ts?: TargetSummary) => {
-        onCommandResultDetailsDrawerClose();
-        setSelectedTargetSummary(ts);
-    }, [onCommandResultDetailsDrawerClose]);
+
+    const onHistoryCardsClose = useCallback(() => {
+        setSelectedCommandResult(undefined);
+        setSelectedCardRect(undefined);
+    }, []);
 
     if (selectedCommandResult && selectedCardRect) {
-        return <HistoryCards 
+        return <HistoryCards
             rs={selectedCommandResult.rs}
             ts={selectedCommandResult.ts}
-            ps={selectedCommandResult.ps}
             initialCardRect={selectedCardRect}
+            onClose={onHistoryCardsClose}
         />;
     }
 
     return <Box minWidth={colWidth * 3} p='0 40px'>
-        {/* <CommandResultDetailsDrawer
-            rs={selectedCommandResult?.rs}
-            ts={selectedCommandResult?.ts}
-            ps={selectedCommandResult?.ps}
-            onClose={onCommandResultDetailsDrawerClose}
-            selectedCardRect={selectedCardRect}
-        /> */}
         <TargetDetailsDrawer
             ts={selectedTargetSummary}
             onClose={onTargetDetailsDrawerClose}
@@ -200,12 +188,12 @@ export const TargetsView = () => {
                             return <Box key={buildListKey(ts.target)} display='flex'>
                                 <Card>
                                     <TargetItem ps={ps} ts={ts}
-                                        onSelectTarget={(ts) => doSetSelectedTargetSummary(ts)} />
+                                        onSelectTarget={setSelectedTargetSummary} />
                                 </Card>
                                 <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
                                     <svg
                                         xmlns='http://www.w3.org/2000/svg'
-                                        fill='none' 
+                                        fill='none'
                                         style={{
                                             height: `${2 * circleRadius + strokeWidth}`,
                                             width: '100%'
@@ -265,7 +253,7 @@ export const TargetsView = () => {
                                             ps={ps}
                                             ts={ts}
                                             rs={rs}
-                                            onSelectCommandResult={(rs) => onSelectCommandResult({rs, ts, ps})}
+                                            onSelectCommandResult={(rs) => onSelectCommandResult({ rs, ts })}
                                         />
                                     </Card>
                                 })}
diff --git a/pkg/webui/ui/src/components/theme.ts b/pkg/webui/ui/src/components/theme.ts
index 85c0250e6..639a52406 100644
--- a/pkg/webui/ui/src/components/theme.ts
+++ b/pkg/webui/ui/src/components/theme.ts
@@ -95,6 +95,36 @@ export const light = createTheme(common, {
                 }
             }
         },
+        MuiTabs: {
+            styleOverrides: {
+                root: {
+                    height: '36px',
+                    minHeight: 0,
+                    textTransform: 'none'
+                },
+                indicator: {
+                    backgroundColor: '#59A588'
+                }
+            }
+        },
+        MuiTab: {
+            styleOverrides: {
+                root: {
+                    height: '36px',
+                    minHeight: 0,
+                    fontWeight: 400,
+                    fontSize: '16px',
+                    lineHeight: '22px',
+                    letterSpacing: '1px',
+                    textTransform: 'none',
+                    padding: '7px 5px',
+                    color: '#8A8E91',
+                    '&.Mui-selected': {
+                        color: paletteLight.text.primary
+                    }
+                }
+            }
+        },
         MuiAppBar: {
             styleOverrides: {
                 root: {
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 7abba98ce..967aa08ca 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -10,6 +10,7 @@ import { ReactComponent as CpuIconSvg } from './cpu.svg';
 import { ReactComponent as FingerScanIconSvg } from './finger-scan.svg';
 import { ReactComponent as TreeViewIconSvg } from './tree-view.svg';
 import { ReactComponent as CloseIconSvg } from './close.svg';
+import { ReactComponent as CloseLightIconSvg } from './close-light.svg';
 import { ReactComponent as DeployIconSvg } from './deploy.svg';
 import { ReactComponent as PruneIconSvg } from './prune.svg';
 import { ReactComponent as DiffIconSvg } from './diff.svg';
@@ -27,6 +28,8 @@ import { ReactComponent as WarningSignIconSvg } from './warning-sign.svg';
 import { ReactComponent as ChangesIconSvg } from './changes.svg';
 import { ReactComponent as StarIconSvg } from './star.svg';
 import { ReactComponent as TriangleDownIconSvg } from './triangle-down.svg';
+import { ReactComponent as TriangleLeftLightIconSvg } from './triangle-left-light.svg';
+import { ReactComponent as TriangleRightLightIconSvg } from './triangle-right-light.svg';
 import { ReactComponent as TriangleRightIconSvg } from './triangle-right.svg';
 import { ReactComponent as BracketsCurlyIconSvg } from './brackets-curly.svg';
 import { ReactComponent as BracketsSquareIconSvg } from './brackets-square.svg';
@@ -103,6 +106,10 @@ export const CloseIcon = () => {
     return <CloseIconSvg width="24px" height="24px" />
 }
 
+export const CloseLightIcon = () => {
+    return <CloseLightIconSvg width="24px" height="24px" />
+}
+
 export const WarningIcon = () => {
     return <WarningIconSvg width="24px" height="24px" />
 }
@@ -159,10 +166,17 @@ export const TriangleDownIcon = () => {
     return <TriangleDownIconSvg width="50px" height="50px" />
 }
 
+export const TriangleLeftLightIcon = () => {
+    return <TriangleLeftLightIconSvg width="50px" height="50px" />
+}
+
+export const TriangleRightLightIcon = () => {
+    return <TriangleRightLightIconSvg width="50px" height="50px" />
+}
+
 export const TriangleRightIcon = () => {
     return <TriangleRightIconSvg width="50px" height="50px" />
 }
-
 export const BracketsCurlyIcon = () => {
     return <BracketsCurlyIconSvg width="22px" height="18px" />
 }
diff --git a/pkg/webui/ui/src/icons/close-light.svg b/pkg/webui/ui/src/icons/close-light.svg
new file mode 100644
index 000000000..a00259719
--- /dev/null
+++ b/pkg/webui/ui/src/icons/close-light.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/triangle-left-light.svg b/pkg/webui/ui/src/icons/triangle-left-light.svg
new file mode 100644
index 000000000..6731d308d
--- /dev/null
+++ b/pkg/webui/ui/src/icons/triangle-left-light.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M22.4377 32.25L32.9585 24.3542V12.6667C32.9585 10.6667 30.5418 9.66667 29.1252 11.0833L18.3335 21.875C16.6043 23.6042 16.6043 26.4167 18.3335 28.1458L22.4377 32.25Z" fill="#DFEBE9"/>
+<path d="M32.4585 25.3546V37.3333C32.4585 38.8863 30.5801 39.6671 29.4773 38.5826C29.4769 38.5822 29.4765 38.5817 29.4761 38.5813L23.1987 32.304L32.4585 25.3546Z" fill="#DFEBE9" stroke="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/src/icons/triangle-right-light.svg b/pkg/webui/ui/src/icons/triangle-right-light.svg
new file mode 100644
index 000000000..500b3f1e8
--- /dev/null
+++ b/pkg/webui/ui/src/icons/triangle-right-light.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M27.5623 17.75L17.0415 25.6458V37.3333C17.0415 39.3333 19.4582 40.3333 20.8748 38.9167L31.6665 28.125C33.3957 26.3958 33.3957 23.5833 31.6665 21.8542L27.5623 17.75Z" fill="#DFEBE9"/>
+<path d="M17.0415 12.6667V25.6458L27.5623 17.75L20.8748 11.0625C19.4582 9.66667 17.0415 10.6667 17.0415 12.6667Z" fill="#DFEBE9"/>
+</svg>

From 5abe6caee130d332b40ae18255cb138cb111f9c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 08:23:17 +0200
Subject: [PATCH 1192/2268] fix: Make sure it's clear that search is not
 implemneted yet

---
 pkg/webui/ui/src/components/LeftDrawer.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 75e4d18bb..b3dab16ae 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -170,7 +170,7 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                             lineHeight: '20px',
                             fontSize: '18px'
                         }}
-                        placeholder='Search'
+                        placeholder='Search (not impl. yet)'
                     />
                     <IconButton sx={{ padding: 0, height: 40, width: 40 }}>
                         <SearchIcon />

From 863f46b5661c68f3aeea0bf977bada8e3d9b9619 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 08:23:46 +0200
Subject: [PATCH 1193/2268] chore: Run npm run build

---
 pkg/webui/ui/build/asset-manifest.json        |    3 +
 pkg/webui/ui/build/index.html                 |    2 +-
 pkg/webui/ui/build/static/js/main.js          | 3612 +++++++++--------
 .../ui/build/static/media/close-light.svg     |    3 +
 .../static/media/triangle-left-light.svg      |    4 +
 .../static/media/triangle-right-light.svg     |    4 +
 6 files changed, 1868 insertions(+), 1760 deletions(-)
 create mode 100644 pkg/webui/ui/build/static/media/close-light.svg
 create mode 100644 pkg/webui/ui/build/static/media/triangle-left-light.svg
 create mode 100644 pkg/webui/ui/build/static/media/triangle-right-light.svg

diff --git a/pkg/webui/ui/build/asset-manifest.json b/pkg/webui/ui/build/asset-manifest.json
index 351d6bcf7..dfdfa5fab 100644
--- a/pkg/webui/ui/build/asset-manifest.json
+++ b/pkg/webui/ui/build/asset-manifest.json
@@ -16,6 +16,7 @@
     "static/media/checkbox-checked.svg": "static/media/checkbox-checked.svg",
     "static/media/checkbox-disabled.svg": "static/media/checkbox-disabled.svg",
     "static/media/checkbox.svg": "static/media/checkbox.svg",
+    "static/media/close-light.svg": "static/media/close-light.svg",
     "static/media/close.svg": "static/media/close.svg",
     "static/media/cpu.svg": "static/media/cpu.svg",
     "static/media/deploy.svg": "static/media/deploy.svg",
@@ -44,6 +45,8 @@
     "static/media/trash.svg": "static/media/trash.svg",
     "static/media/tree-view.svg": "static/media/tree-view.svg",
     "static/media/triangle-down.svg": "static/media/triangle-down.svg",
+    "static/media/triangle-left-light.svg": "static/media/triangle-left-light.svg",
+    "static/media/triangle-right-light.svg": "static/media/triangle-right-light.svg",
     "static/media/triangle-right.svg": "static/media/triangle-right.svg",
     "static/media/warning-sign.svg": "static/media/warning-sign.svg",
     "static/media/warning.svg": "static/media/warning.svg"
diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 08726c8bf..95134f6bf 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.1b77f1d8.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.4093ded8.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 4a9d496ae..361e5411f 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -48107,6 +48107,35 @@ function SvgClose(_ref, svgRef) {
 var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
 /* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.76fdca7f91598011401cb97d4b490d52.svg");
 
+;// CONCATENATED MODULE: ./src/icons/close-light.svg
+var close_light_path;
+var close_light_excluded = ["title", "titleId"];
+function close_light_extends() { close_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return close_light_extends.apply(this, arguments); }
+function close_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = close_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function close_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgCloseLight(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = close_light_objectWithoutProperties(_ref, close_light_excluded);
+  return /*#__PURE__*/react.createElement("svg", close_light_extends({
+    width: 24,
+    height: 24,
+    viewBox: "0 0 24 24",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, close_light_path || (close_light_path = /*#__PURE__*/react.createElement("path", {
+    d: "M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z",
+    fill: "#39403E"
+  })));
+}
+var close_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCloseLight);
+/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.eb8a7d21cff89473a30809cdaacf6446.svg");
+
 ;// CONCATENATED MODULE: ./src/icons/deploy.svg
 var deploy_circle, deploy_path, _g;
 var deploy_excluded = ["title", "titleId"];
@@ -48789,6 +48818,73 @@ function SvgTriangleDown(_ref, svgRef) {
 var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
 /* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.cb859bf44378ddfd76730eb4a9f90a89.svg");
 
+;// CONCATENATED MODULE: ./src/icons/triangle-left-light.svg
+var triangle_left_light_path, triangle_left_light_path2;
+var triangle_left_light_excluded = ["title", "titleId"];
+function triangle_left_light_extends() { triangle_left_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_left_light_extends.apply(this, arguments); }
+function triangle_left_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_left_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function triangle_left_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTriangleLeftLight(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = triangle_left_light_objectWithoutProperties(_ref, triangle_left_light_excluded);
+  return /*#__PURE__*/react.createElement("svg", triangle_left_light_extends({
+    width: 50,
+    height: 50,
+    viewBox: "0 0 50 50",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, triangle_left_light_path || (triangle_left_light_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M22.4377 32.25L32.9585 24.3542V12.6667C32.9585 10.6667 30.5418 9.66667 29.1252 11.0833L18.3335 21.875C16.6043 23.6042 16.6043 26.4167 18.3335 28.1458L22.4377 32.25Z",
+    fill: "#DFEBE9"
+  })), triangle_left_light_path2 || (triangle_left_light_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M32.4585 25.3546V37.3333C32.4585 38.8863 30.5801 39.6671 29.4773 38.5826C29.4769 38.5822 29.4765 38.5817 29.4761 38.5813L23.1987 32.304L32.4585 25.3546Z",
+    fill: "#DFEBE9",
+    stroke: "#DFEBE9"
+  })));
+}
+var triangle_left_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleLeftLight);
+/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.723aa352c7195ed6c2c94748badb018c.svg");
+
+;// CONCATENATED MODULE: ./src/icons/triangle-right-light.svg
+var triangle_right_light_path, triangle_right_light_path2;
+var triangle_right_light_excluded = ["title", "titleId"];
+function triangle_right_light_extends() { triangle_right_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_right_light_extends.apply(this, arguments); }
+function triangle_right_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_right_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
+function triangle_right_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
+
+function SvgTriangleRightLight(_ref, svgRef) {
+  var title = _ref.title,
+    titleId = _ref.titleId,
+    props = triangle_right_light_objectWithoutProperties(_ref, triangle_right_light_excluded);
+  return /*#__PURE__*/react.createElement("svg", triangle_right_light_extends({
+    width: 50,
+    height: 50,
+    viewBox: "0 0 50 50",
+    fill: "none",
+    xmlns: "http://www.w3.org/2000/svg",
+    ref: svgRef,
+    "aria-labelledby": titleId
+  }, props), title ? /*#__PURE__*/react.createElement("title", {
+    id: titleId
+  }, title) : null, triangle_right_light_path || (triangle_right_light_path = /*#__PURE__*/react.createElement("path", {
+    opacity: 0.4,
+    d: "M27.5623 17.75L17.0415 25.6458V37.3333C17.0415 39.3333 19.4582 40.3333 20.8748 38.9167L31.6665 28.125C33.3957 26.3958 33.3957 23.5833 31.6665 21.8542L27.5623 17.75Z",
+    fill: "#DFEBE9"
+  })), triangle_right_light_path2 || (triangle_right_light_path2 = /*#__PURE__*/react.createElement("path", {
+    d: "M17.0415 12.6667V25.6458L27.5623 17.75L20.8748 11.0625C19.4582 9.66667 17.0415 10.6667 17.0415 12.6667Z",
+    fill: "#DFEBE9"
+  })));
+}
+var triangle_right_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRightLight);
+/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.22d8903e553c49bf9b0100b61fe7254f.svg");
+
 ;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
 var triangle_right_path, triangle_right_path2;
 var triangle_right_excluded = ["title", "titleId"];
@@ -49032,11 +49128,11 @@ var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
 /* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.6bf4795a2f5623b297789116effd0bec.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/Icons.tsx
-var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
+var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var CloseLightIcon=function CloseLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_light_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleLeftLightIcon=function TriangleLeftLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_left_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightLightIcon=function TriangleRightLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
 ;// CONCATENATED MODULE: ./src/components/theme.ts
-var paletteDark={primary:{main:'#DFEBE9'},background:{default:'#222222',paper:'#222222'},text:{primary:'#DFEBE9'}};var paletteLight={primary:{main:'#222222'},secondary:{main:'#39403E'},background:{default:'#DFEBE9',paper:'#DFEBE9'},text:{primary:'#222222'}};var theme_common=styles_createTheme({consts:{appBarHeight:106,leftDrawerWidthOpen:224,leftDrawerWidthClosed:96},typography:{fontFamily:'Nunito Variable'},components:{MuiBackdrop:{styleOverrides:{root:{backgroundColor:'rgba(0, 0, 0, 0.65)'},invisible:{backgroundColor:'transparent'}}}}});var theme_light=styles_createTheme(theme_common,{palette:paletteLight,typography:{h1:{color:paletteLight.text.primary,fontWeight:700,fontSize:'32px',lineHeight:'44px',letterSpacing:'1px'},h2:{color:paletteLight.text.primary,fontWeight:700,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},h5:{color:paletteLight.secondary.main,fontWeight:700,fontSize:'22px',lineHeight:'30px',letterSpacing:'1px'},h6:{color:paletteLight.secondary.main,fontWeight:800,fontSize:'20px',lineHeight:'27px'},subtitle1:{color:paletteLight.secondary.main},subtitle2:{fontSize:'14px',lineHeight:1.2}},components:{MuiDivider:{styleOverrides:{root:{borderColor:paletteLight.secondary.main}}},MuiAppBar:{styleOverrides:{root:{color:paletteLight.primary.main}}},MuiTableCell:{styleOverrides:{root:{border:'none',borderTop:"0.5px solid ".concat(paletteLight.secondary.main),fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',position:'relative',':after':{content:'""',position:'absolute',top:'10px',right:0,bottom:'10px',display:'block',borderRight:"0.5px solid ".concat(paletteLight.secondary.main)},':last-of-type:after':{content:'none'},':last-of-type':{overflowWrap:'anywhere'}},head:{border:'none'}}}}});var theme_dark=styles_createTheme(theme_common,{palette:paletteDark,typography:{allVariants:{color:paletteDark.text.primary},h4:{color:paletteDark.text.primary,fontWeight:700,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}},components:{MuiListItem:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiButtonBase:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiDrawer:{styleOverrides:{root:{border:'none'},paper:{border:'none'}}},MuiDivider:{styleOverrides:{root:{background:paletteDark.primary.main,opacity:0.2,margin:'0 13px'}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteDark.text.primary}}}}}});
+var paletteDark={primary:{main:'#DFEBE9'},background:{default:'#222222',paper:'#222222'},text:{primary:'#DFEBE9'}};var paletteLight={primary:{main:'#222222'},secondary:{main:'#39403E'},background:{default:'#DFEBE9',paper:'#DFEBE9'},text:{primary:'#222222'}};var theme_common=styles_createTheme({consts:{appBarHeight:106,leftDrawerWidthOpen:224,leftDrawerWidthClosed:96},typography:{fontFamily:'Nunito Variable'},components:{MuiBackdrop:{styleOverrides:{root:{backgroundColor:'rgba(0, 0, 0, 0.65)'},invisible:{backgroundColor:'transparent'}}}}});var theme_light=styles_createTheme(theme_common,{palette:paletteLight,typography:{h1:{color:paletteLight.text.primary,fontWeight:700,fontSize:'32px',lineHeight:'44px',letterSpacing:'1px'},h2:{color:paletteLight.text.primary,fontWeight:700,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},h5:{color:paletteLight.secondary.main,fontWeight:700,fontSize:'22px',lineHeight:'30px',letterSpacing:'1px'},h6:{color:paletteLight.secondary.main,fontWeight:800,fontSize:'20px',lineHeight:'27px'},subtitle1:{color:paletteLight.secondary.main},subtitle2:{fontSize:'14px',lineHeight:1.2}},components:{MuiDivider:{styleOverrides:{root:{borderColor:paletteLight.secondary.main}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteLight.text.primary}}}},MuiAppBar:{styleOverrides:{root:{color:paletteLight.primary.main}}},MuiTableCell:{styleOverrides:{root:{border:'none',borderTop:"0.5px solid ".concat(paletteLight.secondary.main),fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',position:'relative',':after':{content:'""',position:'absolute',top:'10px',right:0,bottom:'10px',display:'block',borderRight:"0.5px solid ".concat(paletteLight.secondary.main)},':last-of-type:after':{content:'none'},':last-of-type':{overflowWrap:'anywhere'}},head:{border:'none'}}}}});var theme_dark=styles_createTheme(theme_common,{palette:paletteDark,typography:{allVariants:{color:paletteDark.text.primary},h4:{color:paletteDark.text.primary,fontWeight:700,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}},components:{MuiListItem:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiButtonBase:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiDrawer:{styleOverrides:{root:{border:'none'},paper:{border:'none'}}},MuiDivider:{styleOverrides:{root:{background:paletteDark.primary.main,opacity:0.2,margin:'0 13px'}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteDark.text.primary}}}}}});
 ;// CONCATENATED MODULE: ./src/components/LeftDrawer.tsx
-var openedMixin=function openedMixin(theme){return{width:theme.consts.leftDrawerWidthOpen,transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),overflowX:'hidden'};};var closedMixin=function closedMixin(theme){return{transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen}),overflowX:'hidden',width:theme.consts.leftDrawerWidthClosed};};var DrawerHeader=styles_styled('div')(function(_ref){var theme=_ref.theme;return _objectSpread2({height:theme.consts.appBarHeight,padding:'31px 23px 0 23px'},theme.mixins.toolbar);});var LeftDrawer_AppBar=styles_styled(AppBar_AppBar,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref2){var theme=_ref2.theme,open=_ref2.open;return _objectSpread2({height:theme.consts.appBarHeight,border:'none',boxShadow:'none',background:'transparent',padding:'40px 40px 0 40px',marginLeft:theme.consts.leftDrawerWidthClosed,justifyContent:'space-between',width:"calc(100% - ".concat(theme.consts.leftDrawerWidthClosed,"px)"),zIndex:theme.zIndex.drawer+1,transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen})},open&&{marginLeft:theme.consts.leftDrawerWidthOpen,width:"calc(100% - ".concat(theme.consts.leftDrawerWidthOpen,"px)"),transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})});});var LeftDrawer_Drawer=styles_styled(Drawer_Drawer,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref3){var theme=_ref3.theme,open=_ref3.open;return _objectSpread2(_objectSpread2({width:theme.consts.leftDrawerWidthOpen,flexShrink:0,whiteSpace:'nowrap',boxSizing:'border-box',borderRadius:'0px 20px 20px 0px'},open&&_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})})),!open&&_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})}));});function Item(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{component:Link,to:props.to,disablePadding:true,sx:{display:'block',margin:'14px 0'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemButton_ListItemButton,{sx:{height:'60px',justifyContent:'start',alignItems:'center',gap:'15px',padding:'0 24px'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIcon_ListItemIcon,{sx:{minWidth:0,flex:'0 0 auto',justifyContent:'center',alignItems:'center'},children:props.icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:props.text,sx:{display:props.open?'block':'none',margin:0},primaryTypographyProps:{fontWeight:500,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}})]})},props.text);}function LeftDrawer(props){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),open=_useState2[0],setOpen=_useState2[1];var location=dist_useLocation();var navigate=dist_useNavigate();var theme=styles_useTheme_useTheme();var toggleDrawer=function toggleDrawer(){setOpen(function(o){return!o;});};var path=location.pathname.split('/')[1];var header=null;switch(path){case'targets':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Dashboard"}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"40px",maxWidth:"314px",flexGrow:1,borderRadius:"10px",display:"flex",justifyContent:"space-between",alignItems:"center",padding:"0 9px 0 15px",sx:{background:theme.palette.background.default},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",style:{background:'none',border:'none',outline:'none',height:'20px',lineHeight:'20px',fontSize:'18px'},placeholder:"Search"}),/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0,height:40,width:40},children:/*#__PURE__*/(0,jsx_runtime.jsx)(SearchIcon,{})})]})]});break;case'results':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"start",gap:"12px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0},onClick:function onClick(){return navigate('/targets');},children:/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowLeftIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Result Tree"})]});break;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer_AppBar,{position:"fixed",open:open,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",justifyContent:"space-between",children:header})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsxs)(LeftDrawer_Drawer,{variant:"permanent",open:open,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(IconButton_IconButton,{onClick:toggleDrawer,sx:{gap:'13px',padding:0},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlLogo,{}),open&&/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlText,{})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(List_List,{sx:{padding:'10px 0 0 0'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Item,{text:"Targets",open:open,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsIcon,{}),to:"targets"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{component:"main",sx:{flexGrow:1,height:'100%',overflow:'hidden'},minWidth:0,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"calc(100% - ".concat(theme.consts.appBarHeight,"px)"),overflow:"auto",children:props.content})]})]});}
+var openedMixin=function openedMixin(theme){return{width:theme.consts.leftDrawerWidthOpen,transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),overflowX:'hidden'};};var closedMixin=function closedMixin(theme){return{transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen}),overflowX:'hidden',width:theme.consts.leftDrawerWidthClosed};};var DrawerHeader=styles_styled('div')(function(_ref){var theme=_ref.theme;return _objectSpread2({height:theme.consts.appBarHeight,padding:'31px 23px 0 23px'},theme.mixins.toolbar);});var LeftDrawer_AppBar=styles_styled(AppBar_AppBar,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref2){var theme=_ref2.theme,open=_ref2.open;return _objectSpread2({height:theme.consts.appBarHeight,border:'none',boxShadow:'none',background:'transparent',padding:'40px 40px 0 40px',marginLeft:theme.consts.leftDrawerWidthClosed,justifyContent:'space-between',width:"calc(100% - ".concat(theme.consts.leftDrawerWidthClosed,"px)"),zIndex:theme.zIndex.drawer+1,transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen})},open&&{marginLeft:theme.consts.leftDrawerWidthOpen,width:"calc(100% - ".concat(theme.consts.leftDrawerWidthOpen,"px)"),transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})});});var LeftDrawer_Drawer=styles_styled(Drawer_Drawer,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref3){var theme=_ref3.theme,open=_ref3.open;return _objectSpread2(_objectSpread2({width:theme.consts.leftDrawerWidthOpen,flexShrink:0,whiteSpace:'nowrap',boxSizing:'border-box',borderRadius:'0px 20px 20px 0px'},open&&_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})})),!open&&_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})}));});function Item(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{component:Link,to:props.to,disablePadding:true,sx:{display:'block',margin:'14px 0'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemButton_ListItemButton,{sx:{height:'60px',justifyContent:'start',alignItems:'center',gap:'15px',padding:'0 24px'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIcon_ListItemIcon,{sx:{minWidth:0,flex:'0 0 auto',justifyContent:'center',alignItems:'center'},children:props.icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:props.text,sx:{display:props.open?'block':'none',margin:0},primaryTypographyProps:{fontWeight:500,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}})]})},props.text);}function LeftDrawer(props){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),open=_useState2[0],setOpen=_useState2[1];var location=dist_useLocation();var navigate=dist_useNavigate();var theme=styles_useTheme_useTheme();var toggleDrawer=function toggleDrawer(){setOpen(function(o){return!o;});};var path=location.pathname.split('/')[1];var header=null;switch(path){case'targets':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Dashboard"}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"40px",maxWidth:"314px",flexGrow:1,borderRadius:"10px",display:"flex",justifyContent:"space-between",alignItems:"center",padding:"0 9px 0 15px",sx:{background:theme.palette.background.default},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",style:{background:'none',border:'none',outline:'none',height:'20px',lineHeight:'20px',fontSize:'18px'},placeholder:"Search (not impl. yet)"}),/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0,height:40,width:40},children:/*#__PURE__*/(0,jsx_runtime.jsx)(SearchIcon,{})})]})]});break;case'results':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"start",gap:"12px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0},onClick:function onClick(){return navigate('/targets');},children:/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowLeftIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Result Tree"})]});break;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer_AppBar,{position:"fixed",open:open,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",justifyContent:"space-between",children:header})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsxs)(LeftDrawer_Drawer,{variant:"permanent",open:open,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(IconButton_IconButton,{onClick:toggleDrawer,sx:{gap:'13px',padding:0},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlLogo,{}),open&&/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlText,{})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(List_List,{sx:{padding:'10px 0 0 0'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Item,{text:"Targets",open:open,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsIcon,{}),to:"targets"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{component:"main",sx:{flexGrow:1,height:'100%',overflow:'hidden'},minWidth:0,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"calc(100% - ".concat(theme.consts.appBarHeight,"px)"),overflow:"auto",children:props.content})]})]});}
 ;// CONCATENATED MODULE: ./src/models.ts
 /* Do not change, this code is generated from Golang structs */var DeploymentError=/*#__PURE__*/function(){function DeploymentError(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentError);this.ref=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.message=source["message"];}createClass_createClass(DeploymentError,[{key:"convertValues",value:function convertValues(a,classs){var _this=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i=0,_Object$keys=Object.keys(a);_i<_Object$keys.length;_i++){var _key=_Object$keys[_i];a[_key]=new classs(a[_key]);}return a;}return new classs(a);}return a;}}]);return DeploymentError;}();var Change=/*#__PURE__*/createClass_createClass(function Change(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Change);this.type=void 0;this.jsonPath=void 0;this.oldValue=void 0;this.newValue=void 0;this.unifiedDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.type=source["type"];this.jsonPath=source["jsonPath"];this.oldValue=source["oldValue"];this.newValue=source["newValue"];this.unifiedDiff=source["unifiedDiff"];});var ResultObject=/*#__PURE__*/function(){function ResultObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ResultObject);this.ref=void 0;this.changes=void 0;this.new=void 0;this.orphan=void 0;this.deleted=void 0;this.hook=void 0;this.rendered=void 0;this.remote=void 0;this.applied=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);this.new=source["new"];this.orphan=source["orphan"];this.deleted=source["deleted"];this.hook=source["hook"];this.rendered=source["rendered"];this.remote=source["remote"];this.applied=source["applied"];}createClass_createClass(ResultObject,[{key:"convertValues",value:function convertValues(a,classs){var _this2=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this2.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i2=0,_Object$keys2=Object.keys(a);_i2<_Object$keys2.length;_i2++){var _key2=_Object$keys2[_i2];a[_key2]=new classs(a[_key2]);}return a;}return new classs(a);}return a;}}]);return ResultObject;}();var IgnoreForDiffItemConfig=/*#__PURE__*/createClass_createClass(function IgnoreForDiffItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,IgnoreForDiffItemConfig);this.fieldPath=void 0;this.fieldPathRegex=void 0;this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.fieldPath=source["fieldPath"];this.fieldPathRegex=source["fieldPathRegex"];this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var HelmChartConfig=/*#__PURE__*/createClass_createClass(function HelmChartConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,HelmChartConfig);this.repo=void 0;this.path=void 0;this.credentialsId=void 0;this.chartName=void 0;this.chartVersion=void 0;this.updateConstraints=void 0;this.releaseName=void 0;this.namespace=void 0;this.output=void 0;this.skipCRDs=void 0;this.skipUpdate=void 0;this.skipPrePull=void 0;if('string'===typeof source)source=JSON.parse(source);this.repo=source["repo"];this.path=source["path"];this.credentialsId=source["credentialsId"];this.chartName=source["chartName"];this.chartVersion=source["chartVersion"];this.updateConstraints=source["updateConstraints"];this.releaseName=source["releaseName"];this.namespace=source["namespace"];this.output=source["output"];this.skipCRDs=source["skipCRDs"];this.skipUpdate=source["skipUpdate"];this.skipPrePull=source["skipPrePull"];});var DeleteObjectItemConfig=/*#__PURE__*/createClass_createClass(function DeleteObjectItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeleteObjectItemConfig);this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var GitProject=/*#__PURE__*/createClass_createClass(function GitProject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitProject);this.url=void 0;this.ref=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];});var DeploymentItemConfig=/*#__PURE__*/function(){function DeploymentItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentItemConfig);this.path=void 0;this.include=void 0;this.git=void 0;this.tags=void 0;this.barrier=void 0;this.message=void 0;this.waitReadiness=void 0;this.vars=void 0;this.skipDeleteIfTags=void 0;this.onlyRender=void 0;this.alwaysDeploy=void 0;this.deleteObjects=void 0;this.when=void 0;this.renderedHelmChartConfig=void 0;this.renderedObjects=void 0;this.renderedInclude=void 0;if('string'===typeof source)source=JSON.parse(source);this.path=source["path"];this.include=source["include"];this.git=this.convertValues(source["git"],GitProject);this.tags=source["tags"];this.barrier=source["barrier"];this.message=source["message"];this.waitReadiness=source["waitReadiness"];this.vars=this.convertValues(source["vars"],VarsSource);this.skipDeleteIfTags=source["skipDeleteIfTags"];this.onlyRender=source["onlyRender"];this.alwaysDeploy=source["alwaysDeploy"];this.deleteObjects=this.convertValues(source["deleteObjects"],DeleteObjectItemConfig);this.when=source["when"];this.renderedHelmChartConfig=this.convertValues(source["renderedHelmChartConfig"],HelmChartConfig);this.renderedObjects=this.convertValues(source["renderedObjects"],models_ObjectRef);this.renderedInclude=this.convertValues(source["renderedInclude"],DeploymentProjectConfig);}createClass_createClass(DeploymentItemConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this3=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this3.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i3=0,_Object$keys3=Object.keys(a);_i3<_Object$keys3.length;_i3++){var _key3=_Object$keys3[_i3];a[_key3]=new classs(a[_key3]);}return a;}return new classs(a);}return a;}}]);return DeploymentItemConfig;}();var SealedSecretsConfig=/*#__PURE__*/createClass_createClass(function SealedSecretsConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealedSecretsConfig);this.outputPattern=void 0;if('string'===typeof source)source=JSON.parse(source);this.outputPattern=source["outputPattern"];});var VarsSourceVault=/*#__PURE__*/createClass_createClass(function VarsSourceVault(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceVault);this.address=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.address=source["address"];this.path=source["path"];});var VarsSourceAwsSecretsManager=/*#__PURE__*/createClass_createClass(function VarsSourceAwsSecretsManager(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceAwsSecretsManager);this.secretName=void 0;this.region=void 0;this.profile=void 0;if('string'===typeof source)source=JSON.parse(source);this.secretName=source["secretName"];this.region=source["region"];this.profile=source["profile"];});var VarsSourceHttp=/*#__PURE__*/createClass_createClass(function VarsSourceHttp(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceHttp);this.url=void 0;this.method=void 0;this.body=void 0;this.headers=void 0;this.jsonPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.method=source["method"];this.body=source["body"];this.headers=source["headers"];this.jsonPath=source["jsonPath"];});var VarsSourceClusterConfigMapOrSecret=/*#__PURE__*/createClass_createClass(function VarsSourceClusterConfigMapOrSecret(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceClusterConfigMapOrSecret);this.name=void 0;this.labels=void 0;this.namespace=void 0;this.key=void 0;this.targetPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.labels=source["labels"];this.namespace=source["namespace"];this.key=source["key"];this.targetPath=source["targetPath"];});var VarsSourceGit=/*#__PURE__*/createClass_createClass(function VarsSourceGit(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceGit);this.url=void 0;this.ref=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.path=source["path"];});var VarsSource=/*#__PURE__*/function(){function VarsSource(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSource);this.ignoreMissing=void 0;this.noOverride=void 0;this.values=void 0;this.file=void 0;this.git=void 0;this.clusterConfigMap=void 0;this.clusterSecret=void 0;this.systemEnvVars=void 0;this.http=void 0;this.awsSecretsManager=void 0;this.vault=void 0;this.when=void 0;this.renderedVars=void 0;if('string'===typeof source)source=JSON.parse(source);this.ignoreMissing=source["ignoreMissing"];this.noOverride=source["noOverride"];this.values=source["values"];this.file=source["file"];this.git=this.convertValues(source["git"],VarsSourceGit);this.clusterConfigMap=this.convertValues(source["clusterConfigMap"],VarsSourceClusterConfigMapOrSecret);this.clusterSecret=this.convertValues(source["clusterSecret"],VarsSourceClusterConfigMapOrSecret);this.systemEnvVars=source["systemEnvVars"];this.http=this.convertValues(source["http"],VarsSourceHttp);this.awsSecretsManager=this.convertValues(source["awsSecretsManager"],VarsSourceAwsSecretsManager);this.vault=this.convertValues(source["vault"],VarsSourceVault);this.when=source["when"];this.renderedVars=source["renderedVars"];}createClass_createClass(VarsSource,[{key:"convertValues",value:function convertValues(a,classs){var _this4=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this4.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i4=0,_Object$keys4=Object.keys(a);_i4<_Object$keys4.length;_i4++){var _key4=_Object$keys4[_i4];a[_key4]=new classs(a[_key4]);}return a;}return new classs(a);}return a;}}]);return VarsSource;}();var DeploymentProjectConfig=/*#__PURE__*/function(){function DeploymentProjectConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentProjectConfig);this.vars=void 0;this.sealedSecrets=void 0;this.when=void 0;this.deployments=void 0;this.commonLabels=void 0;this.commonAnnotations=void 0;this.overrideNamespace=void 0;this.tags=void 0;this.ignoreForDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.vars=this.convertValues(source["vars"],VarsSource);this.sealedSecrets=this.convertValues(source["sealedSecrets"],SealedSecretsConfig);this.when=source["when"];this.deployments=this.convertValues(source["deployments"],DeploymentItemConfig);this.commonLabels=source["commonLabels"];this.commonAnnotations=source["commonAnnotations"];this.overrideNamespace=source["overrideNamespace"];this.tags=source["tags"];this.ignoreForDiff=this.convertValues(source["ignoreForDiff"],IgnoreForDiffItemConfig);}createClass_createClass(DeploymentProjectConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this5=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this5.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i5=0,_Object$keys5=Object.keys(a);_i5<_Object$keys5.length;_i5++){var _key5=_Object$keys5[_i5];a[_key5]=new classs(a[_key5]);}return a;}return new classs(a);}return a;}}]);return DeploymentProjectConfig;}();var ClusterInfo=/*#__PURE__*/createClass_createClass(function ClusterInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ClusterInfo);this.clusterId=void 0;if('string'===typeof source)source=JSON.parse(source);this.clusterId=source["clusterId"];});var GitInfo=/*#__PURE__*/createClass_createClass(function GitInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitInfo);this.url=void 0;this.ref=void 0;this.subDir=void 0;this.commit=void 0;this.dirty=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];this.commit=source["commit"];this.dirty=source["dirty"];});var KluctlDeploymentInfo=/*#__PURE__*/createClass_createClass(function KluctlDeploymentInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,KluctlDeploymentInfo);this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.namespace=source["namespace"];});var CommandInfo=/*#__PURE__*/function(){function CommandInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandInfo);this.initiator=void 0;this.startTime=void 0;this.endTime=void 0;this.kluctlDeployment=void 0;this.command=void 0;this.target=void 0;this.targetNameOverride=void 0;this.contextOverride=void 0;this.args=void 0;this.images=void 0;this.dryRun=void 0;this.noWait=void 0;this.forceApply=void 0;this.replaceOnError=void 0;this.forceReplaceOnError=void 0;this.abortOnError=void 0;this.includeTags=void 0;this.excludeTags=void 0;this.includeDeploymentDirs=void 0;this.excludeDeploymentDirs=void 0;if('string'===typeof source)source=JSON.parse(source);this.initiator=source["initiator"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.kluctlDeployment=this.convertValues(source["kluctlDeployment"],KluctlDeploymentInfo);this.command=source["command"];this.target=source["target"];this.targetNameOverride=source["targetNameOverride"];this.contextOverride=source["contextOverride"];this.args=source["args"];this.images=this.convertValues(source["images"],FixedImage);this.dryRun=source["dryRun"];this.noWait=source["noWait"];this.forceApply=source["forceApply"];this.replaceOnError=source["replaceOnError"];this.forceReplaceOnError=source["forceReplaceOnError"];this.abortOnError=source["abortOnError"];this.includeTags=source["includeTags"];this.excludeTags=source["excludeTags"];this.includeDeploymentDirs=source["includeDeploymentDirs"];this.excludeDeploymentDirs=source["excludeDeploymentDirs"];}createClass_createClass(CommandInfo,[{key:"convertValues",value:function convertValues(a,classs){var _this6=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this6.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i6=0,_Object$keys6=Object.keys(a);_i6<_Object$keys6.length;_i6++){var _key6=_Object$keys6[_i6];a[_key6]=new classs(a[_key6]);}return a;}return new classs(a);}return a;}}]);return CommandInfo;}();var models_ObjectRef=/*#__PURE__*/createClass_createClass(function ObjectRef(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ObjectRef);this.group=void 0;this.version=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.version=source["version"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var FixedImage=/*#__PURE__*/function(){function FixedImage(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,FixedImage);this.image=void 0;this.resultImage=void 0;this.deployedImage=void 0;this.namespace=void 0;this.object=void 0;this.deployment=void 0;this.container=void 0;this.deployTags=void 0;this.deploymentDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.image=source["image"];this.resultImage=source["resultImage"];this.deployedImage=source["deployedImage"];this.namespace=source["namespace"];this.object=this.convertValues(source["object"],models_ObjectRef);this.deployment=source["deployment"];this.container=source["container"];this.deployTags=source["deployTags"];this.deploymentDir=source["deploymentDir"];}createClass_createClass(FixedImage,[{key:"convertValues",value:function convertValues(a,classs){var _this7=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this7.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i7=0,_Object$keys7=Object.keys(a);_i7<_Object$keys7.length;_i7++){var _key7=_Object$keys7[_i7];a[_key7]=new classs(a[_key7]);}return a;}return new classs(a);}return a;}}]);return FixedImage;}();var SealingConfig=/*#__PURE__*/createClass_createClass(function SealingConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealingConfig);this.args=void 0;this.secretSets=void 0;this.certFile=void 0;if('string'===typeof source)source=JSON.parse(source);this.args=source["args"];this.secretSets=source["secretSets"];this.certFile=source["certFile"];});var Target=/*#__PURE__*/function(){function Target(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Target);this.name=void 0;this.context=void 0;this.args=void 0;this.sealingConfig=void 0;this.images=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.context=source["context"];this.args=source["args"];this.sealingConfig=this.convertValues(source["sealingConfig"],SealingConfig);this.images=this.convertValues(source["images"],FixedImage);this.discriminator=source["discriminator"];}createClass_createClass(Target,[{key:"convertValues",value:function convertValues(a,classs){var _this8=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this8.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i8=0,_Object$keys8=Object.keys(a);_i8<_Object$keys8.length;_i8++){var _key8=_Object$keys8[_i8];a[_key8]=new classs(a[_key8]);}return a;}return new classs(a);}return a;}}]);return Target;}();var TargetKey=/*#__PURE__*/createClass_createClass(function TargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,TargetKey);this.targetName=void 0;this.clusterId=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.targetName=source["targetName"];this.clusterId=source["clusterId"];this.discriminator=source["discriminator"];});var ProjectKey=/*#__PURE__*/createClass_createClass(function ProjectKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectKey);this.gitRepoKey=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.gitRepoKey=source["gitRepoKey"];this.subDir=source["subDir"];});var CommandResult=/*#__PURE__*/function(){function CommandResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResult);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.command=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.deployment=void 0;this.objects=void 0;this.errors=void 0;this.warnings=void 0;this.seenImages=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.command=this.convertValues(source["command"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.deployment=this.convertValues(source["deployment"],DeploymentProjectConfig);this.objects=this.convertValues(source["objects"],ResultObject);this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.seenImages=this.convertValues(source["seenImages"],FixedImage);}createClass_createClass(CommandResult,[{key:"convertValues",value:function convertValues(a,classs){var _this9=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this9.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i9=0,_Object$keys9=Object.keys(a);_i9<_Object$keys9.length;_i9++){var _key9=_Object$keys9[_i9];a[_key9]=new classs(a[_key9]);}return a;}return new classs(a);}return a;}}]);return CommandResult;}();var CommandResultSummary=/*#__PURE__*/function(){function CommandResultSummary(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResultSummary);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.commandInfo=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.renderedObjects=void 0;this.remoteObjects=void 0;this.appliedObjects=void 0;this.appliedHookObjects=void 0;this.newObjects=void 0;this.changedObjects=void 0;this.orphanObjects=void 0;this.deletedObjects=void 0;this.errors=void 0;this.warnings=void 0;this.totalChanges=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.commandInfo=this.convertValues(source["commandInfo"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.renderedObjects=source["renderedObjects"];this.remoteObjects=source["remoteObjects"];this.appliedObjects=source["appliedObjects"];this.appliedHookObjects=source["appliedHookObjects"];this.newObjects=source["newObjects"];this.changedObjects=source["changedObjects"];this.orphanObjects=source["orphanObjects"];this.deletedObjects=source["deletedObjects"];this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.totalChanges=source["totalChanges"];}createClass_createClass(CommandResultSummary,[{key:"convertValues",value:function convertValues(a,classs){var _this10=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this10.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i10=0,_Object$keys10=Object.keys(a);_i10<_Object$keys10.length;_i10++){var _key10=_Object$keys10[_i10];a[_key10]=new classs(a[_key10]);}return a;}return new classs(a);}return a;}}]);return CommandResultSummary;}();var ChangedObject=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ChangedObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ChangedObject);this.ref=void 0;this.changes=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);}_createClass(ChangedObject,[{key:"convertValues",value:function convertValues(a,classs){var _this11=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this11.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i11=0,_Object$keys11=Object.keys(a);_i11<_Object$keys11.length;_i11++){var _key11=_Object$keys11[_i11];a[_key11]=new classs(a[_key11]);}return a;}return new classs(a);}return a;}}]);return ChangedObject;}()));var ValidateResultEntry=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResultEntry(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResultEntry);this.ref=void 0;this.annotation=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.annotation=source["annotation"];this.message=source["message"];}_createClass(ValidateResultEntry,[{key:"convertValues",value:function convertValues(a,classs){var _this12=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this12.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i12=0,_Object$keys12=Object.keys(a);_i12<_Object$keys12.length;_i12++){var _key12=_Object$keys12[_i12];a[_key12]=new classs(a[_key12]);}return a;}return new classs(a);}return a;}}]);return ValidateResultEntry;}()));var ValidateResult=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResult);this.id=void 0;this.startTime=void 0;this.endTime=void 0;this.ready=void 0;this.warnings=void 0;this.errors=void 0;this.results=void 0;this.drift=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.ready=source["ready"];this.warnings=this.convertValues(source["warnings"],DeploymentError);this.errors=this.convertValues(source["errors"],DeploymentError);this.results=this.convertValues(source["results"],ValidateResultEntry);this.drift=this.convertValues(source["drift"],ChangedObject);}_createClass(ValidateResult,[{key:"convertValues",value:function convertValues(a,classs){var _this13=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this13.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i13=0,_Object$keys13=Object.keys(a);_i13<_Object$keys13.length;_i13++){var _key13=_Object$keys13[_i13];a[_key13]=new classs(a[_key13]);}return a;}return new classs(a);}return a;}}]);return ValidateResult;}()));var ShortName=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function ShortName(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ShortName);this.group=void 0;this.kind=void 0;this.shortName=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.shortName=source["shortName"];})));var UnstructuredObject=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function UnstructuredObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,UnstructuredObject);if('string'===typeof source)source=JSON.parse(source);})));var ProjectTargetKey=/*#__PURE__*/function(){function ProjectTargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectTargetKey);this.project=void 0;this.target=void 0;if('string'===typeof source)source=JSON.parse(source);this.project=this.convertValues(source["project"],ProjectKey);this.target=this.convertValues(source["target"],TargetKey);}createClass_createClass(ProjectTargetKey,[{key:"convertValues",value:function convertValues(a,classs){var _this14=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this14.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i14=0,_Object$keys14=Object.keys(a);_i14<_Object$keys14.length;_i14++){var _key14=_Object$keys14[_i14];a[_key14]=new classs(a[_key14]);}return a;}return new classs(a);}return a;}}]);return ProjectTargetKey;}();
 // EXTERNAL MODULE: ./node_modules/lodash/lodash.js
@@ -52222,8 +52318,27 @@ var Loading=function Loading(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_B
 function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var ApiContext=/*#__PURE__*/(0,react.createContext)(new StaticApi());var LoggedInApp=function LoggedInApp(props){var api=(0,react.useContext)(ApiContext);var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summariesRef=(0,react.useRef)(new Map());var validateResultsRef=(0,react.useRef)(new Map());var _useState3=(0,react.useState)(summariesRef.current),_useState4=slicedToArray_slicedToArray(_useState3,2),summaries=_useState4[0],setSummaries=_useState4[1];var _useState5=(0,react.useState)(validateResultsRef.current),_useState6=slicedToArray_slicedToArray(_useState5,2),validateResults=_useState6[0],setValidateResults=_useState6[1];var onUnauthorized=props.onUnauthorized;(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summariesRef.current.set(rs.id,rs);setSummaries(new Map(summariesRef.current));};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summariesRef.current.delete(id);setSummaries(new Map(summariesRef.current));};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResultsRef.current.set(JSON.stringify(key),vr);setValidateResults(new Map(validateResultsRef.current));};console.log("starting listenResults");var cancel;cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;case"auth_result":if(!msg.success){cancel.then(function(c){return c();});onUnauthorized();}}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[api,onUnauthorized]);var projects=(0,react.useMemo)(function(){return buildProjectSummaries(summaries,validateResults);},[summaries,validateResults]);var appContext={summaries:summariesRef.current,projects:projects,validateResults:validateResults};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};var App=function App(){var _useState7=(0,react.useState)(),_useState8=slicedToArray_slicedToArray(_useState7,2),api=_useState8[0],setApi=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),needToken=_useState10[0],setNeedToken=_useState10[1];var storage=localStorage;var getToken=function getToken(){var token=storage.getItem("token");if(!token){return"";}return JSON.parse(token);};var setToken=function setToken(token){if(!token){storage.removeItem("token");}else{storage.setItem("token",JSON.stringify(token));}};var onUnauthorized=function onUnauthorized(){console.log("handle onUnauthorized");setToken(undefined);setApi(undefined);setNeedToken(true);};var onTokenRefresh=function onTokenRefresh(newToken){console.log("handle onTokenRefresh");setToken(newToken);};var handleLoginSucceeded=function handleLoginSucceeded(token){console.log("handle saveToken");setToken(token);setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));};(0,react.useEffect)(function(){if(api){return;}var doInit=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var isStatic,noAuthApi;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return checkStaticBuild();case 2:isStatic=_context.sent;if(!isStatic){_context.next=7;break;}setApi(new StaticApi());_context.next=19;break;case 7:// check if we don't need auth (running locally?)
 noAuthApi=new RealApi(undefined,undefined,undefined);_context.prev=8;_context.next=11;return noAuthApi.getShortNames();case 11:setToken(undefined);setNeedToken(false);setApi(noAuthApi);_context.next=19;break;case 16:_context.prev=16;_context.t0=_context["catch"](8);if(!getToken()){setNeedToken(true);}else{setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));}case 19:case"end":return _context.stop();}},_callee,null,[[8,16]]);}));return function doInit(){return _ref.apply(this,arguments);};}();doInit();// eslint-disable-next-line react-hooks/exhaustive-deps
 },[]);if(needToken&&!getToken()){return/*#__PURE__*/(0,jsx_runtime.jsx)(Login,{setToken:handleLoginSucceeded});}if(!api){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(ApiContext.Provider,{value:api,children:/*#__PURE__*/(0,jsx_runtime.jsx)(LoggedInApp,{onUnauthorized:onUnauthorized})});};/* harmony default export */ var components_App = (App);
+;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutProperties.js
+
+function objectWithoutProperties_objectWithoutProperties(source, excluded) {
+  if (source == null) return {};
+  var target = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded);
+  var key, i;
+  if (Object.getOwnPropertySymbols) {
+    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);
+    for (i = 0; i < sourceSymbolKeys.length; i++) {
+      key = sourceSymbolKeys[i];
+      if (excluded.indexOf(key) >= 0) continue;
+      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
+      target[key] = source[key];
+    }
+  }
+  return target;
+}
+;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
+var Card_excluded=["sx"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function CardPaper(props){var sx=props.sx,rest=objectWithoutProperties_objectWithoutProperties(props,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,_objectSpread2({elevation:5,sx:_objectSpread2({width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A'},sx)},rest));}function Card(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},props));}function CardCol(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},props));}function CardRow(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},props));}
 ;// CONCATENATED MODULE: ./src/components/targets-view/Projects.tsx
-var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
+var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/svgIconClasses.js
 
 
@@ -53373,7 +53488,7 @@ var ActionsMenu=function ActionsMenu(props){var _React$useState=react.useState(n
 ;// CONCATENATED MODULE: ./src/utils/duration.ts
 function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};
 ;// CONCATENATED MODULE: ./src/components/targets-view/Targets.tsx
-var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var api=(0,react.useContext)(ApiContext);var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
+var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var api=(0,react.useContext)(ApiContext);var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
 ;// CONCATENATED MODULE: ./node_modules/js-yaml/dist/js-yaml.mjs
 /*! js-yaml 4.1.0 https://github.com/nodeca/js-yaml @license MIT */
 function isNothing(subject) {
@@ -56487,23 +56602,6 @@ var jsYaml = {
 };
 /* harmony default export */ var js_yaml = ((/* unused pure expression or super */ null && (jsYaml)));
 
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutProperties.js
-
-function objectWithoutProperties_objectWithoutProperties(source, excluded) {
-  if (source == null) return {};
-  var target = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded);
-  var key, i;
-  if (Object.getOwnPropertySymbols) {
-    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);
-    for (i = 0; i < sourceSymbolKeys.length; i++) {
-      key = sourceSymbolKeys[i];
-      if (excluded.indexOf(key) >= 0) continue;
-      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
-      target[key] = source[key];
-    }
-  }
-  return target;
-}
 ;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/create-element.js
 
 
@@ -57167,28 +57265,21 @@ esm_light.registerLanguage('yaml',hljs_yaml);esm_light.registerLanguage('diff',h
 ;// CONCATENATED MODULE: ./src/components/result-view/CommandResultStatusLine.tsx
 var StatusLine=function StatusLine(props){var children=[];var doPush=function doPush(n,t,icon){if(n){children.push(/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:n+" "+t,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"center",width:"24px",height:"24px",children:icon})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{fontSize:"10px",align:"center",children:n})]},t));}};doPush(props.errors,"total errors.",/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorIcon,{}));doPush(props.warnings,"total warnings.",/*#__PURE__*/(0,jsx_runtime.jsx)(WarningIcon,{}));doPush(props.newObjects,"new objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(AddedIcon,{}));doPush(props.deletedObjects,"deleted objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(TrashIcon,{}));doPush(props.orphanObjects,"orphan objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(OrphanIcon,{}));doPush(props.changedObjects,"changed objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(ChangedIcon,{}));return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",children:children});};var CommandResultStatusLine=function CommandResultStatusLine(props){var _props$rs$errors,_props$rs$warnings;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_props$rs$errors=props.rs.errors)===null||_props$rs$errors===void 0?void 0:_props$rs$errors.length,warnings:(_props$rs$warnings=props.rs.warnings)===null||_props$rs$warnings===void 0?void 0:_props$rs$warnings.length,changedObjects:props.rs.changedObjects,newObjects:props.rs.newObjects,deletedObjects:props.rs.deletedObjects,orphanObjects:props.rs.orphanObjects});};var ValidateResultStatusLine=function ValidateResultStatusLine(props){var _props$vr,_props$vr$errors,_props$vr2,_props$vr2$warnings,_props$vr3,_props$vr3$drift;return/*#__PURE__*/_jsx(StatusLine,{errors:(_props$vr=props.vr)===null||_props$vr===void 0?void 0:(_props$vr$errors=_props$vr.errors)===null||_props$vr$errors===void 0?void 0:_props$vr$errors.length,warnings:(_props$vr2=props.vr)===null||_props$vr2===void 0?void 0:(_props$vr2$warnings=_props$vr2.warnings)===null||_props$vr2$warnings===void 0?void 0:_props$vr2$warnings.length,changedObjects:(_props$vr3=props.vr)===null||_props$vr3===void 0?void 0:(_props$vr3$drift=_props$vr3.drift)===null||_props$vr3$drift===void 0?void 0:_props$vr3$drift.length});};
 ;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultItem.tsx
-var CommandResultItem=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult,selected=props.selected;var navigate=dist_useNavigate();var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{elevation:5,sx:{width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A',padding:'20px 16px 5px 16px',outline:selected?'8px solid #59A588':'none'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/TableContext.js
+var CommandResultItemHeader=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs;var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]});});var CommandResultItem=/*#__PURE__*/react.memo(function(props){var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult;var navigate=dist_useNavigate();return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'20px 16px 5px 16px'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:rs}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/tabClasses.js
 
 
-/**
- * @ignore - internal component.
- */
-var TableContext = /*#__PURE__*/react.createContext();
-if (false) {}
-/* harmony default export */ var Table_TableContext = (TableContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/tableClasses.js
+function getTabUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTab', slot);
+}
+var tabClasses = generateUtilityClasses('MuiTab', ['root', 'labelIcon', 'textColorInherit', 'textColorPrimary', 'textColorSecondary', 'selected', 'disabled', 'fullWidth', 'wrapped', 'iconWrapper']);
+/* harmony default export */ var Tab_tabClasses = (tabClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/Tab.js
 
 
-function getTableUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTable', slot);
-}
-var tableClasses = generateUtilityClasses('MuiTable', ['root', 'stickyHeader']);
-/* harmony default export */ var Table_tableClasses = ((/* unused pure expression or super */ null && (tableClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Table.js
 
+var Tab_excluded = ["className", "disabled", "disableFocusRipple", "fullWidth", "icon", "iconPosition", "indicator", "label", "onChange", "onClick", "onFocus", "selected", "selectionFollowsFocus", "textColor", "value", "wrapped"];
 
-var Table_excluded = ["className", "component", "padding", "size", "stickyHeader"];
 
 
 
@@ -57198,171 +57289,428 @@ var Table_excluded = ["className", "component", "padding", "size", "stickyHeader
 
 
 
-var Table_useUtilityClasses = function useUtilityClasses(ownerState) {
+
+var Tab_useUtilityClasses = function useUtilityClasses(ownerState) {
   var classes = ownerState.classes,
-    stickyHeader = ownerState.stickyHeader;
+    textColor = ownerState.textColor,
+    fullWidth = ownerState.fullWidth,
+    wrapped = ownerState.wrapped,
+    icon = ownerState.icon,
+    label = ownerState.label,
+    selected = ownerState.selected,
+    disabled = ownerState.disabled;
   var slots = {
-    root: ['root', stickyHeader && 'stickyHeader']
+    root: ['root', icon && label && 'labelIcon', "textColor".concat(utils_capitalize(textColor)), fullWidth && 'fullWidth', wrapped && 'wrapped', selected && 'selected', disabled && 'disabled'],
+    iconWrapper: ['iconWrapper']
   };
-  return composeClasses(slots, getTableUtilityClass, classes);
+  return composeClasses(slots, getTabUtilityClass, classes);
 };
-var TableRoot = styles_styled('table', {
-  name: 'MuiTable',
+var TabRoot = styles_styled(ButtonBase_ButtonBase, {
+  name: 'MuiTab',
   slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
     var ownerState = props.ownerState;
-    return [styles.root, ownerState.stickyHeader && styles.stickyHeader];
+    return [styles.root, ownerState.label && ownerState.icon && styles.labelIcon, styles["textColor".concat(utils_capitalize(ownerState.textColor))], ownerState.fullWidth && styles.fullWidth, ownerState.wrapped && styles.wrapped];
   }
 })(function (_ref) {
+  var _ref3, _ref4, _ref5;
   var theme = _ref.theme,
     ownerState = _ref.ownerState;
-  return extends_extends({
-    display: 'table',
-    width: '100%',
-    borderCollapse: 'collapse',
-    borderSpacing: 0,
-    '& caption': extends_extends({}, theme.typography.body2, {
-      padding: theme.spacing(2),
-      color: (theme.vars || theme).palette.text.secondary,
-      textAlign: 'left',
-      captionSide: 'bottom'
-    })
-  }, ownerState.stickyHeader && {
-    borderCollapse: 'separate'
+  return extends_extends({}, theme.typography.button, {
+    maxWidth: 360,
+    minWidth: 90,
+    position: 'relative',
+    minHeight: 48,
+    flexShrink: 0,
+    padding: '12px 16px',
+    overflow: 'hidden',
+    whiteSpace: 'normal',
+    textAlign: 'center'
+  }, ownerState.label && {
+    flexDirection: ownerState.iconPosition === 'top' || ownerState.iconPosition === 'bottom' ? 'column' : 'row'
+  }, {
+    lineHeight: 1.25
+  }, ownerState.icon && ownerState.label && defineProperty_defineProperty({
+    minHeight: 72,
+    paddingTop: 9,
+    paddingBottom: 9
+  }, "& > .".concat(Tab_tabClasses.iconWrapper), extends_extends({}, ownerState.iconPosition === 'top' && {
+    marginBottom: 6
+  }, ownerState.iconPosition === 'bottom' && {
+    marginTop: 6
+  }, ownerState.iconPosition === 'start' && {
+    marginRight: theme.spacing(1)
+  }, ownerState.iconPosition === 'end' && {
+    marginLeft: theme.spacing(1)
+  })), ownerState.textColor === 'inherit' && (_ref3 = {
+    color: 'inherit',
+    opacity: 0.6
+  }, defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.selected), {
+    opacity: 1
+  }), defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.disabled), {
+    opacity: (theme.vars || theme).palette.action.disabledOpacity
+  }), _ref3), ownerState.textColor === 'primary' && (_ref4 = {
+    color: (theme.vars || theme).palette.text.secondary
+  }, defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.selected), {
+    color: (theme.vars || theme).palette.primary.main
+  }), defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.disabled), {
+    color: (theme.vars || theme).palette.text.disabled
+  }), _ref4), ownerState.textColor === 'secondary' && (_ref5 = {
+    color: (theme.vars || theme).palette.text.secondary
+  }, defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.selected), {
+    color: (theme.vars || theme).palette.secondary.main
+  }), defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.disabled), {
+    color: (theme.vars || theme).palette.text.disabled
+  }), _ref5), ownerState.fullWidth && {
+    flexShrink: 1,
+    flexGrow: 1,
+    flexBasis: 0,
+    maxWidth: 'none'
+  }, ownerState.wrapped && {
+    fontSize: theme.typography.pxToRem(12)
   });
 });
-var defaultComponent = 'table';
-var Table = /*#__PURE__*/react.forwardRef(function Table(inProps, ref) {
+var Tab = /*#__PURE__*/react.forwardRef(function Tab(inProps, ref) {
   var props = useThemeProps_useThemeProps({
     props: inProps,
-    name: 'MuiTable'
+    name: 'MuiTab'
   });
   var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? defaultComponent : _props$component,
-    _props$padding = props.padding,
-    padding = _props$padding === void 0 ? 'normal' : _props$padding,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 'medium' : _props$size,
-    _props$stickyHeader = props.stickyHeader,
-    stickyHeader = _props$stickyHeader === void 0 ? false : _props$stickyHeader,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Table_excluded);
+    _props$disabled = props.disabled,
+    disabled = _props$disabled === void 0 ? false : _props$disabled,
+    _props$disableFocusRi = props.disableFocusRipple,
+    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
+    fullWidth = props.fullWidth,
+    iconProp = props.icon,
+    _props$iconPosition = props.iconPosition,
+    iconPosition = _props$iconPosition === void 0 ? 'top' : _props$iconPosition,
+    indicator = props.indicator,
+    label = props.label,
+    onChange = props.onChange,
+    onClick = props.onClick,
+    onFocus = props.onFocus,
+    selected = props.selected,
+    selectionFollowsFocus = props.selectionFollowsFocus,
+    _props$textColor = props.textColor,
+    textColor = _props$textColor === void 0 ? 'inherit' : _props$textColor,
+    value = props.value,
+    _props$wrapped = props.wrapped,
+    wrapped = _props$wrapped === void 0 ? false : _props$wrapped,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tab_excluded);
   var ownerState = extends_extends({}, props, {
-    component: component,
-    padding: padding,
-    size: size,
-    stickyHeader: stickyHeader
-  });
-  var classes = Table_useUtilityClasses(ownerState);
-  var table = react.useMemo(function () {
-    return {
-      padding: padding,
-      size: size,
-      stickyHeader: stickyHeader
-    };
-  }, [padding, size, stickyHeader]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_TableContext.Provider, {
-    value: table,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableRoot, extends_extends({
-      as: component,
-      role: component === defaultComponent ? null : 'table',
-      ref: ref,
-      className: clsx_m(classes.root, className),
-      ownerState: ownerState
-    }, other))
+    disabled: disabled,
+    disableFocusRipple: disableFocusRipple,
+    selected: selected,
+    icon: !!iconProp,
+    iconPosition: iconPosition,
+    label: !!label,
+    fullWidth: fullWidth,
+    textColor: textColor,
+    wrapped: wrapped
   });
+  var classes = Tab_useUtilityClasses(ownerState);
+  var icon = iconProp && label && /*#__PURE__*/react.isValidElement(iconProp) ? /*#__PURE__*/react.cloneElement(iconProp, {
+    className: clsx_m(classes.iconWrapper, iconProp.props.className)
+  }) : iconProp;
+  var handleClick = function handleClick(event) {
+    if (!selected && onChange) {
+      onChange(event, value);
+    }
+    if (onClick) {
+      onClick(event);
+    }
+  };
+  var handleFocus = function handleFocus(event) {
+    if (selectionFollowsFocus && !selected && onChange) {
+      onChange(event, value);
+    }
+    if (onFocus) {
+      onFocus(event);
+    }
+  };
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabRoot, extends_extends({
+    focusRipple: !disableFocusRipple,
+    className: clsx_m(classes.root, className),
+    ref: ref,
+    role: "tab",
+    "aria-selected": selected,
+    disabled: disabled,
+    onClick: handleClick,
+    onFocus: handleFocus,
+    ownerState: ownerState,
+    tabIndex: selected ? 0 : -1
+  }, other, {
+    children: [iconPosition === 'top' || iconPosition === 'start' ? /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+      children: [icon, label]
+    }) : /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
+      children: [label, icon]
+    }), indicator]
+  }));
 });
  false ? 0 : void 0;
-/* harmony default export */ var Table_Table = (Table);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Tablelvl2Context.js
+/* harmony default export */ var Tab_Tab = (Tab);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabContext/TabContext.js
+
+
 
 
 /**
- * @ignore - internal component.
+ * @type {React.Context<{ idPrefix: string; value: string } | null>}
  */
-var Tablelvl2Context = /*#__PURE__*/react.createContext();
-if (false) {}
-/* harmony default export */ var Table_Tablelvl2Context = (Tablelvl2Context);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/tableBodyClasses.js
 
+var Context = /*#__PURE__*/react.createContext(null);
+if (false) {}
+function useUniquePrefix() {
+  var _React$useState = react.useState(null),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    id = _React$useState2[0],
+    setId = _React$useState2[1];
+  react.useEffect(function () {
+    setId("mui-p-".concat(Math.round(Math.random() * 1e5)));
+  }, []);
+  return id;
+}
+function TabContext(props) {
+  var children = props.children,
+    value = props.value;
+  var idPrefix = useUniquePrefix();
+  var context = react.useMemo(function () {
+    return {
+      idPrefix: idPrefix,
+      value: value
+    };
+  }, [idPrefix, value]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Context.Provider, {
+    value: context,
+    children: children
+  });
+}
+ false ? 0 : void 0;
 
-function getTableBodyUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableBody', slot);
+/**
+ * @returns {unknown}
+ */
+function useTabContext() {
+  return react.useContext(Context);
 }
-var tableBodyClasses = generateUtilityClasses('MuiTableBody', ['root']);
-/* harmony default export */ var TableBody_tableBodyClasses = ((/* unused pure expression or super */ null && (tableBodyClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/TableBody.js
+function getPanelId(context, value) {
+  var idPrefix = context.idPrefix;
+  if (idPrefix === null) {
+    return null;
+  }
+  return "".concat(context.idPrefix, "-P-").concat(value);
+}
+function getTabId(context, value) {
+  var idPrefix = context.idPrefix;
+  if (idPrefix === null) {
+    return null;
+  }
+  return "".concat(context.idPrefix, "-T-").concat(value);
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/scrollLeft.js
+// Source from https://github.com/alitaheri/normalize-scroll-left
+var cachedType;
 
+/**
+ * Based on the jquery plugin https://github.com/othree/jquery.rtl-scroll-type
+ *
+ * Types of scrollLeft, assuming scrollWidth=100 and direction is rtl.
+ *
+ * Type             | <- Most Left | Most Right -> | Initial
+ * ---------------- | ------------ | ------------- | -------
+ * default          | 0            | 100           | 100
+ * negative (spec*) | -100         | 0             | 0
+ * reverse          | 100          | 0             | 0
+ *
+ * Edge 85: default
+ * Safari 14: negative
+ * Chrome 85: negative
+ * Firefox 81: negative
+ * IE11: reverse
+ *
+ * spec* https://drafts.csswg.org/cssom-view/#dom-window-scroll
+ */
+function detectScrollType() {
+  if (cachedType) {
+    return cachedType;
+  }
+  var dummy = document.createElement('div');
+  var container = document.createElement('div');
+  container.style.width = '10px';
+  container.style.height = '1px';
+  dummy.appendChild(container);
+  dummy.dir = 'rtl';
+  dummy.style.fontSize = '14px';
+  dummy.style.width = '4px';
+  dummy.style.height = '1px';
+  dummy.style.position = 'absolute';
+  dummy.style.top = '-1000px';
+  dummy.style.overflow = 'scroll';
+  document.body.appendChild(dummy);
+  cachedType = 'reverse';
+  if (dummy.scrollLeft > 0) {
+    cachedType = 'default';
+  } else {
+    dummy.scrollLeft = 1;
+    if (dummy.scrollLeft === 0) {
+      cachedType = 'negative';
+    }
+  }
+  document.body.removeChild(dummy);
+  return cachedType;
+}
 
-var TableBody_excluded = ["className", "component"];
+// Based on https://stackoverflow.com/a/24394376
+function getNormalizedScrollLeft(element, direction) {
+  var scrollLeft = element.scrollLeft;
 
+  // Perform the calculations only when direction is rtl to avoid messing up the ltr behavior
+  if (direction !== 'rtl') {
+    return scrollLeft;
+  }
+  var type = detectScrollType();
+  switch (type) {
+    case 'negative':
+      return element.scrollWidth - element.clientWidth + scrollLeft;
+    case 'reverse':
+      return element.scrollWidth - element.clientWidth - scrollLeft;
+    default:
+      return scrollLeft;
+  }
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/animate.js
+function easeInOutSin(time) {
+  return (1 + Math.sin(Math.PI * time - Math.PI / 2)) / 2;
+}
+function animate(property, element, to) {
+  var options = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  var cb = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : function () {};
+  var _options$ease = options.ease,
+    ease = _options$ease === void 0 ? easeInOutSin : _options$ease,
+    _options$duration = options.duration,
+    duration = _options$duration === void 0 ? 300 : _options$duration;
+  var start = null;
+  var from = element[property];
+  var cancelled = false;
+  var cancel = function cancel() {
+    cancelled = true;
+  };
+  var step = function step(timestamp) {
+    if (cancelled) {
+      cb(new Error('Animation cancelled'));
+      return;
+    }
+    if (start === null) {
+      start = timestamp;
+    }
+    var time = Math.min(1, (timestamp - start) / duration);
+    element[property] = ease(time) * (to - from) + from;
+    if (time >= 1) {
+      requestAnimationFrame(function () {
+        cb(null);
+      });
+      return;
+    }
+    requestAnimationFrame(step);
+  };
+  if (from === to) {
+    cb(new Error('Element already at target position'));
+    return cancel;
+  }
+  requestAnimationFrame(step);
+  return cancel;
+}
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/ScrollbarSize.js
 
 
+var ScrollbarSize_excluded = ["onChange"];
 
 
 
 
 
+var ScrollbarSize_styles = {
+  width: 99,
+  height: 99,
+  position: 'absolute',
+  top: -9999,
+  overflow: 'scroll'
+};
 
-var TableBody_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
+/**
+ * @ignore - internal component.
+ * The component originates from https://github.com/STORIS/react-scrollbar-size.
+ * It has been moved into the core in order to minimize the bundle size.
+ */
+function ScrollbarSize(props) {
+  var onChange = props.onChange,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ScrollbarSize_excluded);
+  var scrollbarHeight = react.useRef();
+  var nodeRef = react.useRef(null);
+  var setMeasurements = function setMeasurements() {
+    scrollbarHeight.current = nodeRef.current.offsetHeight - nodeRef.current.clientHeight;
   };
-  return composeClasses(slots, getTableBodyUtilityClass, classes);
-};
-var TableBodyRoot = styles_styled('tbody', {
-  name: 'MuiTableBody',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  display: 'table-row-group'
-});
-var tablelvl2 = {
-  variant: 'body'
-};
-var TableBody_defaultComponent = 'tbody';
-var TableBody = /*#__PURE__*/react.forwardRef(function TableBody(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableBody'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableBody_defaultComponent : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableBody_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
-  });
-  var classes = TableBody_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
-    value: tablelvl2,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableBodyRoot, extends_extends({
-      className: clsx_m(classes.root, className),
-      as: component,
-      ref: ref,
-      role: component === TableBody_defaultComponent ? null : 'rowgroup',
-      ownerState: ownerState
-    }, other))
-  });
-});
+  utils_useEnhancedEffect(function () {
+    var handleResize = utils_debounce(function () {
+      var prevHeight = scrollbarHeight.current;
+      setMeasurements();
+      if (prevHeight !== scrollbarHeight.current) {
+        onChange(scrollbarHeight.current);
+      }
+    });
+    var containerWindow = utils_ownerWindow(nodeRef.current);
+    containerWindow.addEventListener('resize', handleResize);
+    return function () {
+      handleResize.clear();
+      containerWindow.removeEventListener('resize', handleResize);
+    };
+  }, [onChange]);
+  react.useEffect(function () {
+    setMeasurements();
+    onChange(scrollbarHeight.current);
+  }, [onChange]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)("div", extends_extends({
+    style: ScrollbarSize_styles,
+    ref: nodeRef
+  }, other));
+}
  false ? 0 : void 0;
-/* harmony default export */ var TableBody_TableBody = (TableBody);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/tableCellClasses.js
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowLeft.js
 
 
-function getTableCellUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableCell', slot);
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var KeyboardArrowLeft = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M15.41 16.09l-4.58-4.59 4.58-4.59L14 5.5l-6 6 6 6z"
+}), 'KeyboardArrowLeft'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowRight.js
+
+
+
+/**
+ * @ignore - internal component.
+ */
+
+/* harmony default export */ var KeyboardArrowRight = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M8.59 16.34l4.58-4.59-4.58-4.59L10 5.75l6 6-6 6z"
+}), 'KeyboardArrowRight'));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/tabScrollButtonClasses.js
+
+
+function getTabScrollButtonUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabScrollButton', slot);
 }
-var tableCellClasses = generateUtilityClasses('MuiTableCell', ['root', 'head', 'body', 'footer', 'sizeSmall', 'sizeMedium', 'paddingCheckbox', 'paddingNone', 'alignLeft', 'alignCenter', 'alignRight', 'alignJustify', 'stickyHeader']);
-/* harmony default export */ var TableCell_tableCellClasses = (tableCellClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/TableCell.js
+var tabScrollButtonClasses = generateUtilityClasses('MuiTabScrollButton', ['root', 'vertical', 'horizontal', 'disabled']);
+/* harmony default export */ var TabScrollButton_tabScrollButtonClasses = (tabScrollButtonClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/TabScrollButton.js
 
 
 
-var TableCell_excluded = ["align", "className", "component", "padding", "scope", "size", "sortDirection", "variant"];
+var TabScrollButton_excluded = ["className", "slots", "slotProps", "direction", "orientation", "disabled"];
+/* eslint-disable jsx-a11y/aria-role */
 
 
 
@@ -57375,279 +57723,113 @@ var TableCell_excluded = ["align", "className", "component", "padding", "scope",
 
 
 
-var TableCell_useUtilityClasses = function useUtilityClasses(ownerState) {
+var TabScrollButton_useUtilityClasses = function useUtilityClasses(ownerState) {
   var classes = ownerState.classes,
-    variant = ownerState.variant,
-    align = ownerState.align,
-    padding = ownerState.padding,
-    size = ownerState.size,
-    stickyHeader = ownerState.stickyHeader;
+    orientation = ownerState.orientation,
+    disabled = ownerState.disabled;
   var slots = {
-    root: ['root', variant, stickyHeader && 'stickyHeader', align !== 'inherit' && "align".concat(utils_capitalize(align)), padding !== 'normal' && "padding".concat(utils_capitalize(padding)), "size".concat(utils_capitalize(size))]
+    root: ['root', orientation, disabled && 'disabled']
   };
-  return composeClasses(slots, getTableCellUtilityClass, classes);
+  return composeClasses(slots, getTabScrollButtonUtilityClass, classes);
 };
-var TableCellRoot = styles_styled('td', {
-  name: 'MuiTableCell',
+var TabScrollButtonRoot = styles_styled(ButtonBase_ButtonBase, {
+  name: 'MuiTabScrollButton',
   slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
     var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.variant], styles["size".concat(utils_capitalize(ownerState.size))], ownerState.padding !== 'normal' && styles["padding".concat(utils_capitalize(ownerState.padding))], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.stickyHeader && styles.stickyHeader];
+    return [styles.root, ownerState.orientation && styles[ownerState.orientation]];
   }
 })(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({}, theme.typography.body2, {
-    display: 'table-cell',
-    verticalAlign: 'inherit',
-    // Workaround for a rendering bug with spanned columns in Chrome 62.0.
-    // Removes the alpha (sets it to 1), and lightens or darkens the theme color.
-    borderBottom: theme.vars ? "1px solid ".concat(theme.vars.palette.TableCell.border) : "1px solid\n    ".concat(theme.palette.mode === 'light' ? lighten(alpha(theme.palette.divider, 1), 0.88) : darken(alpha(theme.palette.divider, 1), 0.68)),
-    textAlign: 'left',
-    padding: 16
-  }, ownerState.variant === 'head' && {
-    color: (theme.vars || theme).palette.text.primary,
-    lineHeight: theme.typography.pxToRem(24),
-    fontWeight: theme.typography.fontWeightMedium
-  }, ownerState.variant === 'body' && {
-    color: (theme.vars || theme).palette.text.primary
-  }, ownerState.variant === 'footer' && {
-    color: (theme.vars || theme).palette.text.secondary,
-    lineHeight: theme.typography.pxToRem(21),
-    fontSize: theme.typography.pxToRem(12)
-  }, ownerState.size === 'small' && defineProperty_defineProperty({
-    padding: '6px 16px'
-  }, "&.".concat(TableCell_tableCellClasses.paddingCheckbox), {
-    width: 24,
-    // prevent the checkbox column from growing
-    padding: '0 12px 0 16px',
-    '& > *': {
-      padding: 0
+  var ownerState = _ref.ownerState;
+  return extends_extends(defineProperty_defineProperty({
+    width: 40,
+    flexShrink: 0,
+    opacity: 0.8
+  }, "&.".concat(TabScrollButton_tabScrollButtonClasses.disabled), {
+    opacity: 0
+  }), ownerState.orientation === 'vertical' && {
+    width: '100%',
+    height: 40,
+    '& svg': {
+      transform: "rotate(".concat(ownerState.isRtl ? -90 : 90, "deg)")
     }
-  }), ownerState.padding === 'checkbox' && {
-    width: 48,
-    // prevent the checkbox column from growing
-    padding: '0 0 0 4px'
-  }, ownerState.padding === 'none' && {
-    padding: 0
-  }, ownerState.align === 'left' && {
-    textAlign: 'left'
-  }, ownerState.align === 'center' && {
-    textAlign: 'center'
-  }, ownerState.align === 'right' && {
-    textAlign: 'right',
-    flexDirection: 'row-reverse'
-  }, ownerState.align === 'justify' && {
-    textAlign: 'justify'
-  }, ownerState.stickyHeader && {
-    position: 'sticky',
-    top: 0,
-    zIndex: 2,
-    backgroundColor: (theme.vars || theme).palette.background.default
   });
 });
-
-/**
- * The component renders a `<th>` element when the parent context is a header
- * or otherwise a `<td>` element.
- */
-var TableCell = /*#__PURE__*/react.forwardRef(function TableCell(inProps, ref) {
+var TabScrollButton = /*#__PURE__*/react.forwardRef(function TabScrollButton(inProps, ref) {
+  var _slots$StartScrollBut, _slots$EndScrollButto;
   var props = useThemeProps_useThemeProps({
     props: inProps,
-    name: 'MuiTableCell'
+    name: 'MuiTabScrollButton'
   });
-  var _props$align = props.align,
-    align = _props$align === void 0 ? 'inherit' : _props$align,
-    className = props.className,
-    componentProp = props.component,
-    paddingProp = props.padding,
-    scopeProp = props.scope,
-    sizeProp = props.size,
-    sortDirection = props.sortDirection,
-    variantProp = props.variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableCell_excluded);
-  var table = react.useContext(Table_TableContext);
-  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
-  var isHeadCell = tablelvl2 && tablelvl2.variant === 'head';
-  var component;
-  if (componentProp) {
-    component = componentProp;
-  } else {
-    component = isHeadCell ? 'th' : 'td';
-  }
-  var scope = scopeProp;
-  // scope is not a valid attribute for <td/> elements.
-  // source: https://html.spec.whatwg.org/multipage/tables.html#the-td-element
-  if (component === 'td') {
-    scope = undefined;
-  } else if (!scope && isHeadCell) {
-    scope = 'col';
-  }
-  var variant = variantProp || tablelvl2 && tablelvl2.variant;
-  var ownerState = extends_extends({}, props, {
-    align: align,
-    component: component,
-    padding: paddingProp || (table && table.padding ? table.padding : 'normal'),
-    size: sizeProp || (table && table.size ? table.size : 'medium'),
-    sortDirection: sortDirection,
-    stickyHeader: variant === 'head' && table && table.stickyHeader,
-    variant: variant
+  var className = props.className,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    direction = props.direction,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabScrollButton_excluded);
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ownerState = extends_extends({
+    isRtl: isRtl
+  }, props);
+  var classes = TabScrollButton_useUtilityClasses(ownerState);
+  var StartButtonIcon = (_slots$StartScrollBut = slots.StartScrollButtonIcon) != null ? _slots$StartScrollBut : KeyboardArrowLeft;
+  var EndButtonIcon = (_slots$EndScrollButto = slots.EndScrollButtonIcon) != null ? _slots$EndScrollButto : KeyboardArrowRight;
+  var startButtonIconProps = useSlotProps({
+    elementType: StartButtonIcon,
+    externalSlotProps: slotProps.startScrollButtonIcon,
+    additionalProps: {
+      fontSize: 'small'
+    },
+    ownerState: ownerState
   });
-  var classes = TableCell_useUtilityClasses(ownerState);
-  var ariaSort = null;
-  if (sortDirection) {
-    ariaSort = sortDirection === 'asc' ? 'ascending' : 'descending';
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableCellRoot, extends_extends({
-    as: component,
-    ref: ref,
-    className: clsx_m(classes.root, className),
-    "aria-sort": ariaSort,
-    scope: scope,
+  var endButtonIconProps = useSlotProps({
+    elementType: EndButtonIcon,
+    externalSlotProps: slotProps.endScrollButtonIcon,
+    additionalProps: {
+      fontSize: 'small'
+    },
     ownerState: ownerState
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableCell_TableCell = (TableCell);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/tableContainerClasses.js
-
-
-function getTableContainerUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableContainer', slot);
-}
-var tableContainerClasses = generateUtilityClasses('MuiTableContainer', ['root']);
-/* harmony default export */ var TableContainer_tableContainerClasses = ((/* unused pure expression or super */ null && (tableContainerClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/TableContainer.js
-
-
-var TableContainer_excluded = ["className", "component"];
-
-
-
-
-
-
-
-
-var TableContainer_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTableContainerUtilityClass, classes);
-};
-var TableContainerRoot = styles_styled('div', {
-  name: 'MuiTableContainer',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  width: '100%',
-  overflowX: 'auto'
-});
-var TableContainer = /*#__PURE__*/react.forwardRef(function TableContainer(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableContainer'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableContainer_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
   });
-  var classes = TableContainer_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableContainerRoot, extends_extends({
-    ref: ref,
-    as: component,
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabScrollButtonRoot, extends_extends({
+    component: "div",
     className: clsx_m(classes.root, className),
-    ownerState: ownerState
-  }, other));
+    ref: ref,
+    role: null,
+    ownerState: ownerState,
+    tabIndex: null
+  }, other, {
+    children: direction === 'left' ? /*#__PURE__*/(0,jsx_runtime.jsx)(StartButtonIcon, extends_extends({}, startButtonIconProps)) : /*#__PURE__*/(0,jsx_runtime.jsx)(EndButtonIcon, extends_extends({}, endButtonIconProps))
+  }));
 });
  false ? 0 : void 0;
-/* harmony default export */ var TableContainer_TableContainer = (TableContainer);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/tableHeadClasses.js
+/* harmony default export */ var TabScrollButton_TabScrollButton = (TabScrollButton);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/tabsClasses.js
 
 
-function getTableHeadUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableHead', slot);
+function getTabsUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabs', slot);
 }
-var tableHeadClasses = generateUtilityClasses('MuiTableHead', ['root']);
-/* harmony default export */ var TableHead_tableHeadClasses = ((/* unused pure expression or super */ null && (tableHeadClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/TableHead.js
-
+var tabsClasses = generateUtilityClasses('MuiTabs', ['root', 'vertical', 'flexContainer', 'flexContainerVertical', 'centered', 'scroller', 'fixed', 'scrollableX', 'scrollableY', 'hideScrollbar', 'scrollButtons', 'scrollButtonsHideMobile', 'indicator']);
+/* harmony default export */ var Tabs_tabsClasses = (tabsClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/Tabs.js
 
-var TableHead_excluded = ["className", "component"];
 
 
 
+var Tabs_excluded = ["aria-label", "aria-labelledby", "action", "centered", "children", "className", "component", "allowScrollButtonsMobile", "indicatorColor", "onChange", "orientation", "ScrollButtonComponent", "scrollButtons", "selectionFollowsFocus", "slots", "slotProps", "TabIndicatorProps", "TabScrollButtonProps", "textColor", "value", "variant", "visibleScrollbar"];
 
 
 
 
 
 
-var TableHead_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTableHeadUtilityClass, classes);
-};
-var TableHeadRoot = styles_styled('thead', {
-  name: 'MuiTableHead',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  display: 'table-header-group'
-});
-var TableHead_tablelvl2 = {
-  variant: 'head'
-};
-var TableHead_defaultComponent = 'thead';
-var TableHead = /*#__PURE__*/react.forwardRef(function TableHead(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableHead'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableHead_defaultComponent : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableHead_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
-  });
-  var classes = TableHead_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
-    value: TableHead_tablelvl2,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableHeadRoot, extends_extends({
-      as: component,
-      className: clsx_m(classes.root, className),
-      ref: ref,
-      role: component === TableHead_defaultComponent ? null : 'rowgroup',
-      ownerState: ownerState
-    }, other))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableHead_TableHead = (TableHead);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/tableRowClasses.js
 
 
-function getTableRowUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableRow', slot);
-}
-var tableRowClasses = generateUtilityClasses('MuiTableRow', ['root', 'selected', 'hover', 'head', 'footer']);
-/* harmony default export */ var TableRow_tableRowClasses = (tableRowClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/TableRow.js
 
 
 
-var TableRow_excluded = ["className", "component", "hover", "selected"];
 
 
 
@@ -57657,752 +57839,773 @@ var TableRow_excluded = ["className", "component", "hover", "selected"];
 
 
 
+var Tabs_nextItem = function nextItem(list, item) {
+  if (list === item) {
+    return list.firstChild;
+  }
+  if (item && item.nextElementSibling) {
+    return item.nextElementSibling;
+  }
+  return list.firstChild;
+};
+var Tabs_previousItem = function previousItem(list, item) {
+  if (list === item) {
+    return list.lastChild;
+  }
+  if (item && item.previousElementSibling) {
+    return item.previousElementSibling;
+  }
+  return list.lastChild;
+};
+var Tabs_moveFocus = function moveFocus(list, currentFocus, traversalFunction) {
+  var wrappedOnce = false;
+  var nextFocus = traversalFunction(list, currentFocus);
+  while (nextFocus) {
+    // Prevent infinite loop.
+    if (nextFocus === list.firstChild) {
+      if (wrappedOnce) {
+        return;
+      }
+      wrappedOnce = true;
+    }
 
-var TableRow_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    selected = ownerState.selected,
-    hover = ownerState.hover,
-    head = ownerState.head,
-    footer = ownerState.footer;
+    // Same logic as useAutocomplete.js
+    var nextFocusDisabled = nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
+    if (!nextFocus.hasAttribute('tabindex') || nextFocusDisabled) {
+      // Move to the next element.
+      nextFocus = traversalFunction(list, nextFocus);
+    } else {
+      nextFocus.focus();
+      return;
+    }
+  }
+};
+var Tabs_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var vertical = ownerState.vertical,
+    fixed = ownerState.fixed,
+    hideScrollbar = ownerState.hideScrollbar,
+    scrollableX = ownerState.scrollableX,
+    scrollableY = ownerState.scrollableY,
+    centered = ownerState.centered,
+    scrollButtonsHideMobile = ownerState.scrollButtonsHideMobile,
+    classes = ownerState.classes;
   var slots = {
-    root: ['root', selected && 'selected', hover && 'hover', head && 'head', footer && 'footer']
+    root: ['root', vertical && 'vertical'],
+    scroller: ['scroller', fixed && 'fixed', hideScrollbar && 'hideScrollbar', scrollableX && 'scrollableX', scrollableY && 'scrollableY'],
+    flexContainer: ['flexContainer', vertical && 'flexContainerVertical', centered && 'centered'],
+    indicator: ['indicator'],
+    scrollButtons: ['scrollButtons', scrollButtonsHideMobile && 'scrollButtonsHideMobile'],
+    scrollableX: [scrollableX && 'scrollableX'],
+    hideScrollbar: [hideScrollbar && 'hideScrollbar']
   };
-  return composeClasses(slots, getTableRowUtilityClass, classes);
+  return composeClasses(slots, getTabsUtilityClass, classes);
 };
-var TableRowRoot = styles_styled('tr', {
-  name: 'MuiTableRow',
+var TabsRoot = styles_styled('div', {
+  name: 'MuiTabs',
   slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
     var ownerState = props.ownerState;
-    return [styles.root, ownerState.head && styles.head, ownerState.footer && styles.footer];
+    return [defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), styles.scrollButtons), defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), ownerState.scrollButtonsHideMobile && styles.scrollButtonsHideMobile), styles.root, ownerState.vertical && styles.vertical];
   }
-})(function (_ref) {
-  var _ref2;
-  var theme = _ref.theme;
-  return _ref2 = {
-    color: 'inherit',
-    display: 'table-row',
-    verticalAlign: 'middle',
-    // We disable the focus ring for mouse, touch and keyboard users.
-    outline: 0
-  }, defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.hover, ":hover"), {
-    backgroundColor: (theme.vars || theme).palette.action.hover
-  }), defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.selected), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
-    '&:hover': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity)
-    }
-  }), _ref2;
+})(function (_ref3) {
+  var ownerState = _ref3.ownerState,
+    theme = _ref3.theme;
+  return extends_extends({
+    overflow: 'hidden',
+    minHeight: 48,
+    // Add iOS momentum scrolling for iOS < 13.0
+    WebkitOverflowScrolling: 'touch',
+    display: 'flex'
+  }, ownerState.vertical && {
+    flexDirection: 'column'
+  }, ownerState.scrollButtonsHideMobile && defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), defineProperty_defineProperty({}, theme.breakpoints.down('sm'), {
+    display: 'none'
+  })));
 });
-var TableRow_defaultComponent = 'tr';
-/**
- * Will automatically set dynamic row height
- * based on the material table element parent (head, body, etc).
- */
-var TableRow = /*#__PURE__*/react.forwardRef(function TableRow(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableRow'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableRow_defaultComponent : _props$component,
-    _props$hover = props.hover,
-    hover = _props$hover === void 0 ? false : _props$hover,
-    _props$selected = props.selected,
-    selected = _props$selected === void 0 ? false : _props$selected,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableRow_excluded);
-  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    hover: hover,
-    selected: selected,
-    head: tablelvl2 && tablelvl2.variant === 'head',
-    footer: tablelvl2 && tablelvl2.variant === 'footer'
-  });
-  var classes = TableRow_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableRowRoot, extends_extends({
-    as: component,
-    ref: ref,
-    className: clsx_m(classes.root, className),
-    role: component === TableRow_defaultComponent ? null : 'row',
-    ownerState: ownerState
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableRow_TableRow = (TableRow);
-// EXTERNAL MODULE: ./node_modules/js-sha256/src/sha256.js
-var sha256 = __webpack_require__(981);
-;// CONCATENATED MODULE: ./src/utils/listKey.ts
-function buildListKey(o){var j=JSON.stringify(o);return (0,sha256.sha256)(j);}
-;// CONCATENATED MODULE: ./src/components/result-view/ChangesTable.tsx
-var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},buildRefString(ref));})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},buildListKey(c));})})]})},buildRefString(co.ref));})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
-;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
-function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},buildListKey(e));})})]})})})});}
-;// CONCATENATED MODULE: ./src/components/ObjectYaml.tsx
-var ObjectYaml=function ObjectYaml(props){var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(/*#__PURE__*/asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);})),[props.treeProps.summary.id,props.objectRef,props.objectType]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],error=_useLoadingHelper2[1],content=_useLoadingHelper2[2];if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(error){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}else{return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:content,language:"yaml"});}};
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeData.tsx
-var DiffStatus=/*#__PURE__*/function(){function DiffStatus(){classCallCheck_classCallCheck(this,DiffStatus);this.newObjects=[];this.deletedObjects=[];this.orphanObjects=[];this.changedObjects=[];this.totalInsertions=0;this.totalDeletions=0;this.totalUpdates=0;}createClass_createClass(DiffStatus,[{key:"addChangedObject",value:function addChangedObject(co){var _co$changes,_this=this;this.changedObjects.push(co);(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.forEach(function(x){switch(x.type){case"insert":_this.totalInsertions++;break;case"delete":_this.totalDeletions++;break;case"update":_this.totalUpdates++;break;}});}},{key:"merge",value:function merge(other){this.newObjects=this.newObjects.concat(other.newObjects);this.deletedObjects=this.deletedObjects.concat(other.deletedObjects);this.orphanObjects=this.orphanObjects.concat(other.orphanObjects);this.changedObjects=this.changedObjects.concat(other.changedObjects);this.totalInsertions+=other.totalInsertions;this.totalDeletions+=other.totalDeletions;this.totalUpdates+=other.totalUpdates;}},{key:"hasDiffs",value:function hasDiffs(){if(this.newObjects.length||this.deletedObjects.length||this.orphanObjects.length){return true;}if(this.changedObjects.find(function(co){var _co$changes2;return((_co$changes2=co.changes)===null||_co$changes2===void 0?void 0:_co$changes2.length)!==0;})){return true;}return false;}}]);return DiffStatus;}();var HealthStatus=/*#__PURE__*/function(){function HealthStatus(){classCallCheck_classCallCheck(this,HealthStatus);this.errors=[];this.warnings=[];}createClass_createClass(HealthStatus,[{key:"merge",value:function merge(other){this.errors=this.errors.concat(other.errors);this.warnings=this.warnings.concat(other.warnings);}}]);return HealthStatus;}();var NodeData=/*#__PURE__*/function(){function NodeData(props,id,hasHealthStatus,hasDiffStatus){classCallCheck_classCallCheck(this,NodeData);this.props=void 0;this.id=void 0;this.children=[];this.healthStatus=void 0;this.diffStatus=void 0;this.props=props;this.id=id;if(hasHealthStatus){this.healthStatus=new HealthStatus();}if(hasDiffStatus){this.diffStatus=new DiffStatus();}}createClass_createClass(NodeData,[{key:"pushChild",value:function pushChild(child,front){if(front){this.children.unshift(child);}else{this.children.push(child);}this.merge(child);}},{key:"merge",value:function merge(other){if(this.diffStatus&&other.diffStatus){this.diffStatus.merge(other.diffStatus);}if(this.healthStatus&&other.healthStatus){this.healthStatus.merge(other.healthStatus);}}},{key:"buildStatusLine",value:function buildStatusLine(){var _this$healthStatus,_this$healthStatus2,_this$diffStatus,_this$diffStatus2,_this$diffStatus3,_this$diffStatus4;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_this$healthStatus=this.healthStatus)===null||_this$healthStatus===void 0?void 0:_this$healthStatus.errors.length,warnings:(_this$healthStatus2=this.healthStatus)===null||_this$healthStatus2===void 0?void 0:_this$healthStatus2.warnings.length,changedObjects:(_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.changedObjects.length,newObjects:(_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.newObjects.length,deletedObjects:(_this$diffStatus3=this.diffStatus)===null||_this$diffStatus3===void 0?void 0:_this$diffStatus3.deletedObjects.length,orphanObjects:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.orphanObjects.length});}},{key:"buildTreeItem",value:function buildTreeItem(hasChildren){var _this$healthStatus3,_this$healthStatus4,_this$diffStatus5,_this$diffStatus6,_this$diffStatus7,_this$diffStatus8;var _this$buildIcon=this.buildIcon(),_this$buildIcon2=slicedToArray_slicedToArray(_this$buildIcon,2),icon=_this$buildIcon2[0],iconText=_this$buildIcon2[1];var hasStatusLine=[(_this$healthStatus3=this.healthStatus)===null||_this$healthStatus3===void 0?void 0:_this$healthStatus3.errors.length,(_this$healthStatus4=this.healthStatus)===null||_this$healthStatus4===void 0?void 0:_this$healthStatus4.warnings.length,(_this$diffStatus5=this.diffStatus)===null||_this$diffStatus5===void 0?void 0:_this$diffStatus5.changedObjects.length,(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.newObjects.length,(_this$diffStatus7=this.diffStatus)===null||_this$diffStatus7===void 0?void 0:_this$diffStatus7.deletedObjects.length,(_this$diffStatus8=this.diffStatus)===null||_this$diffStatus8===void 0?void 0:_this$diffStatus8.orphanObjects.length].some(function(x){return(x||0)>0;});return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",width:"30px",height:"100%",flex:"0 0 auto",mr:"13px",sx:{'& svg':{width:'30px',height:'30px'}},children:[icon,/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",component:"div",fontSize:"12px",fontWeight:400,lineHeight:"16px",height:"16px",children:iconText})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",py:"15px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,_objectSpread2(_objectSpread2({variant:"h6",component:"div",sx:{wordBreak:'break-all'}},hasChildren?{}:{fontSize:'16px',lineHeight:'22px'}),{},{children:this.buildSidePanelTitle()}))}),hasStatusLine&&/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"100%",width:"172px",flex:"0 0 auto",display:"flex",alignItems:"center",px:"14px",ml:"14px",position:"relative",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),this.buildStatusLine()]})]});}},{key:"buildDiffAndHealthPages",value:function buildDiffAndHealthPages(tabs){this.buildChangesPage(tabs);this.buildErrorsPage(tabs);this.buildWarningsPage(tabs);}},{key:"buildObjectPage",value:function buildObjectPage(ref,objectType){return/*#__PURE__*/(0,jsx_runtime.jsx)(ObjectYaml,{treeProps:this.props,objectRef:ref,objectType:objectType});}},{key:"buildChangesPage",value:function buildChangesPage(tabs){var _this$diffStatus9;if(!((_this$diffStatus9=this.diffStatus)!==null&&_this$diffStatus9!==void 0&&_this$diffStatus9.hasDiffs())){return undefined;}tabs.push({label:"Changes",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}},{key:"buildErrorsPage",value:function buildErrorsPage(tabs){var _this$healthStatus5;if(!((_this$healthStatus5=this.healthStatus)!==null&&_this$healthStatus5!==void 0&&_this$healthStatus5.errors.length)){return undefined;}tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.errors})});}},{key:"buildWarningsPage",value:function buildWarningsPage(tabs){var _this$healthStatus6;if(!((_this$healthStatus6=this.healthStatus)!==null&&_this$healthStatus6!==void 0&&_this$healthStatus6.warnings.length)){return undefined;}tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.warnings})});}}]);return NodeData;}();
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Category.js
-
-
-/* harmony default export */ var Category = (createSvgIcon([/*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "m12 2-5.5 9h11z"
-}, "0"), /*#__PURE__*/(0,jsx_runtime.jsx)("circle", {
-  cx: "17.5",
-  cy: "17.5",
-  r: "4.5"
-}, "1"), /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M3 13.5h8v8H3z"
-}, "2")], 'Category'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Settings.js
-
-
-/* harmony default export */ var Settings = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94l-.36-2.54c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L2.74 8.87c-.12.21-.08.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.12-.22.07-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"
-}), 'Settings'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Lock.js
-
-
-/* harmony default export */ var Lock = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"
-}), 'Lock'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Dvr.js
-
-
-/* harmony default export */ var Dvr = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M21 3H3c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h5v2h8v-2h5c1.1 0 1.99-.9 1.99-2L23 5c0-1.1-.9-2-2-2zm0 14H3V5h18v12zm-2-9H8v2h11V8zm0 4H8v2h11v-2zM7 8H5v2h2V8zm0 4H5v2h2v-2z"
-}), 'Dvr'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Http.js
-
-
-/* harmony default export */ var Http = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M4.5 11h-2V9H1v6h1.5v-2.5h2V15H6V9H4.5v2zm2.5-.5h1.5V15H10v-4.5h1.5V9H7v1.5zm5.5 0H14V15h1.5v-4.5H17V9h-4.5v1.5zm9-1.5H18v6h1.5v-2h2c.8 0 1.5-.7 1.5-1.5v-1c0-.8-.7-1.5-1.5-1.5zm0 2.5h-2v-1h2v1z"
-}), 'Http'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Cloud.js
-
-
-/* harmony default export */ var Cloud = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96z"
-}), 'Cloud'));
-;// CONCATENATED MODULE: ./src/components/PropertiesTable.tsx
-function PropertiesTable(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Name"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Value"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.properties.map(function(row){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.name}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.value})]},row.name);})})]})});}
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceNode.tsx
-var VarsSourceNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceNodeData,_NodeData);var _super=_createSuper(VarsSourceNodeData);function VarsSourceNodeData(props,id,varsSource){var _this$varsSource$clus;var _this;classCallCheck_classCallCheck(this,VarsSourceNodeData);_this=_super.call(this,props,id,false,false);_this.varsSource=void 0;_this.labelsYaml=void 0;_this.renderedVarsYaml=void 0;_this.varsSource=varsSource;var labels=(_this$varsSource$clus=_this.varsSource.clusterConfigMap)===null||_this$varsSource$clus===void 0?void 0:_this$varsSource$clus.labels;if(!labels){var _this$varsSource$clus2;labels=(_this$varsSource$clus2=_this.varsSource.clusterSecret)===null||_this$varsSource$clus2===void 0?void 0:_this$varsSource$clus2.labels;}if(labels){_this.labelsYaml=dump(labels);}_this.renderedVarsYaml=dump(_this.varsSource.renderedVars);return _this;}createClass_createClass(VarsSourceNodeData,[{key:"getVarsSourceHandler",value:function getVarsSourceHandler(){var _this2=this;if(this.varsSource.values){return{type:"values",label:function label(){if(_this2.varsSource.renderedVars){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;}else{return"empty values";}},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}else if(this.varsSource.file){return{type:"file",label:function label(){return _this2.varsSource.file;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(FileIcon,{});},sourceProps:function sourceProps(){return[{name:"File",value:_this2.varsSource.file}];}};}else if(this.varsSource.git){return{type:"git",label:function label(){var s=_this2.varsSource.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.git.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.git.url});sourceProps.push({name:"Path",value:_this2.varsSource.git.path});var ref="HEAD";if(_this2.varsSource.git.ref){ref=_this2.varsSource.git.ref;}sourceProps.push({name:"Ref",value:ref});return sourceProps;}};}else if(this.varsSource.clusterConfigMap||this.varsSource.clusterSecret){var vs=this.varsSource.clusterConfigMap?this.varsSource.clusterConfigMap:this.varsSource.clusterSecret;var type=this.varsSource.clusterConfigMap?"cm":"secret";var _icon=this.varsSource.clusterConfigMap?/*#__PURE__*/(0,jsx_runtime.jsx)(Settings,{fontSize:"large"}):/*#__PURE__*/(0,jsx_runtime.jsx)(Lock,{fontSize:"large"});return{type:type,label:function label(){var _this2$varsSource$clu;return(_this2$varsSource$clu=_this2.varsSource.clusterConfigMap)===null||_this2$varsSource$clu===void 0?void 0:_this2$varsSource$clu.name;},icon:function icon(){return _icon;},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Name",value:vs.name});sourceProps.push({name:"Namespace",value:vs.namespace});sourceProps.push({name:"Key",value:vs.key});if(vs.labels){sourceProps.push({name:"Labels",value:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:_this2.labelsYaml,language:"yaml"})});}return sourceProps;}};}else if(this.varsSource.systemEnvVars){return{type:"systemEnvVar",label:function label(){return"systemEnvVars";},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Dvr,{fontSize:"large"});},sourceProps:function sourceProps(){// TODO
-return[];}};}else if(this.varsSource.http){return{type:"http",label:function label(){return _this2.varsSource.http.url;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Http,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.http.url});sourceProps.push({name:"Method",value:_this2.varsSource.http.method||"GET"});if(_this2.varsSource.http.jsonPath){sourceProps.push({name:"JsonPath",value:_this2.varsSource.http.jsonPath});}return sourceProps;}};}else if(this.varsSource.awsSecretsManager){return{type:"awsSecretsManager",label:function label(){return _this2.varsSource.awsSecretsManager.secretName;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"SecretName",value:_this2.varsSource.awsSecretsManager.secretName});if(_this2.varsSource.awsSecretsManager.region){sourceProps.push({name:"Region",value:_this2.varsSource.awsSecretsManager.region});}if(_this2.varsSource.awsSecretsManager.profile){sourceProps.push({name:"Profile",value:_this2.varsSource.awsSecretsManager.profile});}return sourceProps;}};}else if(this.varsSource.vault){return{type:"vault",label:function label(){return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[_this2.varsSource.vault.address,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.vault.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Address",value:_this2.varsSource.vault.address});sourceProps.push({name:"Path",value:_this2.varsSource.vault.path});return sourceProps;}};}else{return{type:"unknown",label:function label(){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getVarsSourceHandler().label();}},{key:"buildIcon",value:function buildIcon(){var h=this.getVarsSourceHandler();return[h.icon(),h.type];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()},{label:"Vars",content:this.buildVarsPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var h=this.getVarsSourceHandler();var props=[{name:"Type",value:h.type}].concat(toConsumableArray_toConsumableArray(h.sourceProps()),[{name:"IgnoreMissing",value:!!this.varsSource.ignoreMissing+""},{name:"NoOverride",value:!!this.varsSource.noOverride+""}]);if(this.varsSource.when){props.push({name:"When",value:this.varsSource.when});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildVarsPage",value:function buildVarsPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{overflowY:'scroll',// Enable vertical scrolling
-//maxHeight: '400px', // Set a fixed height
-border:'1px solid #ccc',// Optional border
-padding:'10px'// Optional padding
-},children:/*#__PURE__*/(0,jsx_runtime.jsx)("pre",{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.renderedVarsYaml,language:"yaml"})})});}}]);return VarsSourceNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Source.js
-
-
-/* harmony default export */ var Source = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M20 6h-8l-2-2H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2zm-6 10H6v-2h8v2zm4-4H6v-2h12v2z"
-}), 'Source'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemNode.tsx
-var DeploymentItemNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemNodeData,_NodeData);var _super=_createSuper(DeploymentItemNodeData);function DeploymentItemNodeData(props,id,deploymentItem){var _this;classCallCheck_classCallCheck(this,DeploymentItemNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.deploymentItem=deploymentItem;return _this;}createClass_createClass(DeploymentItemNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.deploymentItem.path;}},{key:"buildIcon",value:function buildIcon(){var iconText="di";return[/*#__PURE__*/(0,jsx_runtime.jsx)(Source,{fontSize:"large"}),iconText];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];props.push({name:"Path",value:this.deploymentItem.path});buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemNodeData;}(NodeData);function buildDeploymentItemSummaryProps(di,props){if(di.barrier!==undefined){props.push({name:"Barrier",value:di.barrier+""});}if(di.waitReadiness!==undefined){props.push({name:"WaitReadiness",value:di.waitReadiness+""});}if(di.skipDeleteIfTags!==undefined){props.push({name:"SkipDeleteIfTags",value:di.skipDeleteIfTags+""});}if(di.onlyRender!==undefined){props.push({name:"OnlyRender",value:di.onlyRender+""});}if(di.alwaysDeploy!==undefined){props.push({name:"AlwaysDeploy",value:di.alwaysDeploy+""});}if(di.deleteObjects){// TODO this is ugly
-props.push({name:"DeleteObjects",value:JSON.stringify(di.deleteObjects)});}if(di.when){props.push({name:"When",value:di.when});}}
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SettingsEthernet.js
-
-
-/* harmony default export */ var SettingsEthernet = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M7.77 6.76 6.23 5.48.82 12l5.41 6.52 1.54-1.28L3.42 12l4.35-5.24zM7 13h2v-2H7v2zm10-2h-2v2h2v-2zm-6 2h2v-2h-2v2zm6.77-7.52-1.54 1.28L20.58 12l-4.35 5.24 1.54 1.28L23.18 12l-5.41-6.52z"
-}), 'SettingsEthernet'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SmartToy.js
-
-
-/* harmony default export */ var SmartToy = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M20 9V7c0-1.1-.9-2-2-2h-3c0-1.66-1.34-3-3-3S9 3.34 9 5H6c-1.1 0-2 .9-2 2v2c-1.66 0-3 1.34-3 3s1.34 3 3 3v4c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2v-4c1.66 0 3-1.34 3-3s-1.34-3-3-3zM7.5 11.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5S9.83 13 9 13s-1.5-.67-1.5-1.5zM16 17H8v-2h8v2zm-1-4c-.83 0-1.5-.67-1.5-1.5S14.17 10 15 10s1.5.67 1.5 1.5S15.83 13 15 13z"
-}), 'SmartToy'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/ObjectNode.tsx
-var kindMapping={"/ConfigMap":{icon:Settings},"apps/Deployment":{icon:PublishedWithChanges},"Service":{icon:SettingsEthernet},"ServiceAccount":{icon:SmartToy}};var ObjectNodeData=/*#__PURE__*/function(_NodeData){_inherits(ObjectNodeData,_NodeData);var _super=_createSuper(ObjectNodeData);function ObjectNodeData(props,id,objectRef){var _this;classCallCheck_classCallCheck(this,ObjectNodeData);_this=_super.call(this,props,id,true,true);_this.objectRef=void 0;_this.objectRef=objectRef;return _this;}createClass_createClass(ObjectNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.objectRef.name;}},{key:"buildIcon",value:function buildIcon(){var _this2=this;var sn=this.props.shortNames.find(function(sn){return sn.group===_this2.objectRef.group&&sn.kind===_this2.objectRef.kind;});var snStr=(sn===null||sn===void 0?void 0:sn.shortName)||"";var m=kindMapping[this.objectRef.group+"/"+this.objectRef.kind];if(m!==undefined){return[/*#__PURE__*/react.createElement(m.icon,{fontSize:"large"}),snStr];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsCurlyIcon,{}),snStr];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _findObjectByRef,_findObjectByRef2,_findObjectByRef3;var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);if((_findObjectByRef=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef!==void 0&&_findObjectByRef.rendered){tabs.push({label:"Rendered",content:this.buildObjectPage(this.objectRef,ObjectType.Rendered)});}if((_findObjectByRef2=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef2!==void 0&&_findObjectByRef2.remote){tabs.push({label:"Remote",content:this.buildObjectPage(this.objectRef,ObjectType.Remote)});}if((_findObjectByRef3=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef3!==void 0&&_findObjectByRef3.applied){tabs.push({label:"Applied",content:this.buildObjectPage(this.objectRef,ObjectType.Applied)});}return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _o$rendered;var props=[];var apiVersion=this.objectRef.version;if(this.objectRef.group){apiVersion=this.objectRef.group+"/"+this.objectRef.version;}props.push({name:"ApiVersion",value:apiVersion});props.push({name:"Kind",value:this.objectRef.kind});props.push({name:"Name",value:this.objectRef.name});if(this.objectRef.namespace){props.push({name:"Namespace",value:this.objectRef.namespace});}var o=findObjectByRef(this.props.commandResult.objects,this.objectRef);var annotations=o===null||o===void 0?void 0:(_o$rendered=o.rendered)===null||_o$rendered===void 0?void 0:_o$rendered.metadata.annotations;if(annotations){Object.keys(annotations).forEach(function(k){if(k.indexOf("kluctl.io/")!==-1){props.push({name:k,value:annotations[k]});}});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return ObjectNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/CommandResultNode.tsx
-var CommandResultNodeData=/*#__PURE__*/function(_NodeData){_inherits(CommandResultNodeData,_NodeData);var _super=_createSuper(CommandResultNodeData);function CommandResultNodeData(props,id){var _this$props$commandRe;var _this;classCallCheck_classCallCheck(this,CommandResultNodeData);_this=_super.call(this,props,id,true,true);_this.dumpedTargetYaml=void 0;if((_this$props$commandRe=_this.props.commandResult.command)!==null&&_this$props$commandRe!==void 0&&_this$props$commandRe.target){_this.dumpedTargetYaml=dump(_this.props.commandResult.command.target);}return _this;}createClass_createClass(CommandResultNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"CommandResult";}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(DeployIcon,{}),"result"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];if(this.dumpedTargetYaml){var page=this.buildTargetPage();tabs.push({label:"Target",content:page});}this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$props$commandRe2,_this$props$commandRe3;var props=[{name:"Initiator",value:(_this$props$commandRe2=this.props.commandResult.command)===null||_this$props$commandRe2===void 0?void 0:_this$props$commandRe2.initiator},{name:"Command",value:(_this$props$commandRe3=this.props.commandResult.command)===null||_this$props$commandRe3===void 0?void 0:_this$props$commandRe3.command}];return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildTargetPage",value:function buildTargetPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.dumpedTargetYaml,language:"yaml"});}}]);return CommandResultNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceCollectionNode.tsx
-var VarsSourceCollectionNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceCollectionNodeData,_NodeData);var _super=_createSuper(VarsSourceCollectionNodeData);function VarsSourceCollectionNodeData(props,id){var _this;classCallCheck_classCallCheck(this,VarsSourceCollectionNodeData);_this=_super.call(this,props,id,false,false);_this.varsSources=[];return _this;}createClass_createClass(VarsSourceCollectionNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"vars: "+this.varsSources.length;}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsSquareIcon,{}),"vars"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){return[];}}]);return VarsSourceCollectionNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
-var DeploymentItemIncludeNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemIncludeNodeData,_NodeData);var _super=_createSuper(DeploymentItemIncludeNodeData);function DeploymentItemIncludeNodeData(props,id,deploymentItem,includedDeployment){var _this;classCallCheck_classCallCheck(this,DeploymentItemIncludeNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.includedDeployment=void 0;_this.deploymentItem=deploymentItem;_this.includedDeployment=includedDeployment;return _this;}createClass_createClass(DeploymentItemIncludeNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deploymentItem.include){return this.deploymentItem.include;}else if(this.deploymentItem.git){var s=this.deploymentItem.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,this.deploymentItem.git.subDir&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),this.deploymentItem.git.subDir]})]});}else{return"unknown include";}}},{key:"buildIcon",value:function buildIcon(){if(this.deploymentItem.git){return[/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{}),"git"];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(IncludeIcon,{}),"include"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];if(this.deploymentItem.include){props.push({name:"Type",value:"LocalInclude"});props.push({name:"Path",value:this.deploymentItem.include});}else if(this.deploymentItem.git){props.push({name:"Type",value:"GitInclude"});props.push({name:"Url",value:this.deploymentItem.git.url});props.push({name:"SubDir",value:this.deploymentItem.git.subDir});var ref="HEAD";if(this.deploymentItem.git.ref){ref=this.deploymentItem.git.ref;}props.push({name:"Ref",value:ref});}else{props.push({name:"Type",value:"Unknown"});}buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemIncludeNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Delete.js
-
-
-/* harmony default export */ var Delete = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"
-}), 'Delete'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/LinkOff.js
-
-
-/* harmony default export */ var LinkOff = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M17 7h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1 0 1.43-.98 2.63-2.31 2.98l1.46 1.46C20.88 15.61 22 13.95 22 12c0-2.76-2.24-5-5-5zm-1 4h-2.19l2 2H16zM2 4.27l3.11 3.11C3.29 8.12 2 9.91 2 12c0 2.76 2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1 0-1.59 1.21-2.9 2.76-3.07L8.73 11H8v2h2.73L13 15.27V17h1.73l4.01 4L20 19.74 3.27 3 2 4.27z"
-}), 'LinkOff'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
-var DeletedOrOrphanObjectsCollectionNode=/*#__PURE__*/function(_NodeData){_inherits(DeletedOrOrphanObjectsCollectionNode,_NodeData);var _super=_createSuper(DeletedOrOrphanObjectsCollectionNode);function DeletedOrOrphanObjectsCollectionNode(props,id,deleted){var _this;classCallCheck_classCallCheck(this,DeletedOrOrphanObjectsCollectionNode);_this=_super.call(this,props,id,false,true);_this.deleted=void 0;_this.deleted=deleted;return _this;}createClass_createClass(DeletedOrOrphanObjectsCollectionNode,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deleted){var _this$diffStatus;return"".concat((_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.deletedObjects.length," objects deleted");}else{var _this$diffStatus2;return"".concat((_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.orphanObjects.length," objects orphaned");}}},{key:"buildIcon",value:function buildIcon(){if(this.deleted){return[/*#__PURE__*/(0,jsx_runtime.jsx)(Delete,{fontSize:"large"}),"deleted"];}else{return[/*#__PURE__*/(0,jsx_runtime.jsx)(LinkOff,{fontSize:"large"}),"orphans"];}}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$diffStatus3,_this$diffStatus5;var props=[];if((_this$diffStatus3=this.diffStatus)!==null&&_this$diffStatus3!==void 0&&_this$diffStatus3.deletedObjects.length){var _this$diffStatus4;props.push({name:"Deleted",value:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.deletedObjects.length});}if((_this$diffStatus5=this.diffStatus)!==null&&_this$diffStatus5!==void 0&&_this$diffStatus5.orphanObjects.length){var _this$diffStatus6;props.push({name:"Orphaned",value:(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.orphanObjects.length});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeletedOrOrphanObjectsCollectionNode;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeBuilder.ts
-var NodeBuilder=/*#__PURE__*/function(){function NodeBuilder(props){var _props$commandResult$,_this=this,_props$commandResult$2,_props$commandResult$3;classCallCheck_classCallCheck(this,NodeBuilder);this.props=void 0;this.changedObjectsMap=new Map();this.newObjectsMap=new Map();this.orphanObjectsMap=new Map();this.deletedObjectsMap=new Map();this.errorsMap=new Map();this.warningsMap=new Map();this.props=props;(_props$commandResult$=props.commandResult.objects)===null||_props$commandResult$===void 0?void 0:_props$commandResult$.forEach(function(o){var _o$changes;var key=buildObjectRefKey(o.ref);if((_o$changes=o.changes)!==null&&_o$changes!==void 0&&_o$changes.length){_this.changedObjectsMap.set(key,o);}if(o.new){_this.newObjectsMap.set(key,o.ref);}if(o.orphan){_this.orphanObjectsMap.set(key,o.ref);}if(o.deleted){_this.deletedObjectsMap.set(key,o.ref);}});(_props$commandResult$2=props.commandResult.errors)===null||_props$commandResult$2===void 0?void 0:_props$commandResult$2.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.errorsMap.get(key);if(!l){l=[e];_this.errorsMap.set(key,l);}else{l.push(e);}});(_props$commandResult$3=props.commandResult.warnings)===null||_props$commandResult$3===void 0?void 0:_props$commandResult$3.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.warningsMap.get(key);if(!l){l=[e];_this.warningsMap.set(key,l);}else{l.push(e);}});}createClass_createClass(NodeBuilder,[{key:"buildRoot",value:function buildRoot(){var rootNode=new CommandResultNodeData(this.props,"root");if(this.props.commandResult.deployment){this.buildDeploymentProjectChildren(rootNode,this.props.commandResult.deployment);}if(this.deletedObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,true,Array.from(this.deletedObjectsMap.values()));}if(this.orphanObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,false,Array.from(this.orphanObjectsMap.values()));}var nodeMap=new Map();function collect(n){nodeMap.set(n.id,n);n.children.forEach(function(c){collect(c);});}collect(rootNode);return[rootNode,nodeMap];}},{key:"buildDeploymentProjectChildren",value:function buildDeploymentProjectChildren(node,deploymentProject){var _deploymentProject$de,_this2=this;if(deploymentProject.vars){this.buildVarsSourceCollectionNode(node,deploymentProject.vars);}(_deploymentProject$de=deploymentProject.deployments)===null||_deploymentProject$de===void 0?void 0:_deploymentProject$de.forEach(function(deploymentItem,i){_this2.buildDeploymentItemNode(node,deploymentItem,i);});}},{key:"buildVarsSourceCollectionNode",value:function buildVarsSourceCollectionNode(parentNode,varsSources){var _node$varsSources,_this3=this;if(varsSources===undefined){return;}var newId="".concat(parentNode.id,"/(vars)");var node=new VarsSourceCollectionNodeData(this.props,newId);(_node$varsSources=node.varsSources).push.apply(_node$varsSources,toConsumableArray_toConsumableArray(varsSources));varsSources.forEach(function(vs,i){_this3.buildVarsSourceNode(node,vs,i);});parentNode.pushChild(node);return node;}},{key:"buildVarsSourceNode",value:function buildVarsSourceNode(parentNode,varsSource,index){var newId="".concat(parentNode.id,"/").concat(index,"}");var node=new VarsSourceNodeData(this.props,newId,varsSource);parentNode.pushChild(node);return node;}},{key:"buildDeploymentItemNode",value:function buildDeploymentItemNode(parentNode,deploymentItem,index){var _this4=this;var node;var newId="".concat(parentNode.id,"/(dis)/").concat(index);if(deploymentItem.path){var _deploymentItem$rende;node=new DeploymentItemNodeData(this.props,newId,deploymentItem);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);(_deploymentItem$rende=deploymentItem.renderedObjects)===null||_deploymentItem$rende===void 0?void 0:_deploymentItem$rende.forEach(function(renderedObject){_this4.buildObjectNode(node,renderedObject);});}else if(deploymentItem.include||deploymentItem.git){node=new DeploymentItemIncludeNodeData(this.props,newId,deploymentItem,deploymentItem.renderedInclude);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);if(deploymentItem.renderedInclude){this.buildDeploymentProjectChildren(node,deploymentItem.renderedInclude);}}else{return node;}parentNode.pushChild(node);return node;}},{key:"buildObjectNode",value:function buildObjectNode(parentNode,objectRef){var _this$errorsMap$get,_this$warningsMap$get;var newId="".concat(parentNode.id,"/(obj)/").concat(buildObjectRefKey(objectRef));var node=new ObjectNodeData(this.props,newId,objectRef);var key=buildObjectRefKey(objectRef);if(this.changedObjectsMap.has(key)){var _node$diffStatus;(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.addChangedObject(this.changedObjectsMap.get(key));}if(this.newObjectsMap.has(key)){var _node$diffStatus2;(_node$diffStatus2=node.diffStatus)===null||_node$diffStatus2===void 0?void 0:_node$diffStatus2.newObjects.push(objectRef);}if(this.deletedObjectsMap.has(key)){var _node$diffStatus3;(_node$diffStatus3=node.diffStatus)===null||_node$diffStatus3===void 0?void 0:_node$diffStatus3.deletedObjects.push(objectRef);}if(this.orphanObjectsMap.has(key)){var _node$diffStatus4;(_node$diffStatus4=node.diffStatus)===null||_node$diffStatus4===void 0?void 0:_node$diffStatus4.orphanObjects.push(objectRef);}(_this$errorsMap$get=this.errorsMap.get(key))===null||_this$errorsMap$get===void 0?void 0:_this$errorsMap$get.forEach(function(e){var _node$healthStatus;(_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.push(e);});(_this$warningsMap$get=this.warningsMap.get(key))===null||_this$warningsMap$get===void 0?void 0:_this$warningsMap$get.forEach(function(e){var _node$healthStatus2;(_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.push(e);});parentNode.pushChild(node);return node;}},{key:"buildDeletedOrOrphanNode",value:function buildDeletedOrOrphanNode(parentNode,deleted,refs){var _this5=this;var idType=deleted?"deleted":"orphaned";var newId="".concat(parentNode.id,"/(").concat(idType,")");var node=new DeletedOrOrphanObjectsCollectionNode(this.props,newId,deleted);refs.forEach(function(ref){_this5.buildObjectNode(node,ref);});parentNode.pushChild(node,true);return node;}}]);return NodeBuilder;}();function buildObjectRefKey(ref){return[ref.group,ref.version,ref.kind,ref.namespace,ref.name].join("+");}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/tabClasses.js
-
-
-function getTabUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTab', slot);
-}
-var tabClasses = generateUtilityClasses('MuiTab', ['root', 'labelIcon', 'textColorInherit', 'textColorPrimary', 'textColorSecondary', 'selected', 'disabled', 'fullWidth', 'wrapped', 'iconWrapper']);
-/* harmony default export */ var Tab_tabClasses = (tabClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/Tab.js
-
-
-
-var Tab_excluded = ["className", "disabled", "disableFocusRipple", "fullWidth", "icon", "iconPosition", "indicator", "label", "onChange", "onClick", "onFocus", "selected", "selectionFollowsFocus", "textColor", "value", "wrapped"];
-
-
-
-
-
-
-
-
-
-
-
-var Tab_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    textColor = ownerState.textColor,
-    fullWidth = ownerState.fullWidth,
-    wrapped = ownerState.wrapped,
-    icon = ownerState.icon,
-    label = ownerState.label,
-    selected = ownerState.selected,
-    disabled = ownerState.disabled;
-  var slots = {
-    root: ['root', icon && label && 'labelIcon', "textColor".concat(utils_capitalize(textColor)), fullWidth && 'fullWidth', wrapped && 'wrapped', selected && 'selected', disabled && 'disabled'],
-    iconWrapper: ['iconWrapper']
-  };
-  return composeClasses(slots, getTabUtilityClass, classes);
-};
-var TabRoot = styles_styled(ButtonBase_ButtonBase, {
-  name: 'MuiTab',
-  slot: 'Root',
+var TabsScroller = styles_styled('div', {
+  name: 'MuiTabs',
+  slot: 'Scroller',
   overridesResolver: function overridesResolver(props, styles) {
     var ownerState = props.ownerState;
-    return [styles.root, ownerState.label && ownerState.icon && styles.labelIcon, styles["textColor".concat(utils_capitalize(ownerState.textColor))], ownerState.fullWidth && styles.fullWidth, ownerState.wrapped && styles.wrapped];
+    return [styles.scroller, ownerState.fixed && styles.fixed, ownerState.hideScrollbar && styles.hideScrollbar, ownerState.scrollableX && styles.scrollableX, ownerState.scrollableY && styles.scrollableY];
   }
-})(function (_ref) {
-  var _ref3, _ref4, _ref5;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({}, theme.typography.button, {
-    maxWidth: 360,
-    minWidth: 90,
+})(function (_ref5) {
+  var ownerState = _ref5.ownerState;
+  return extends_extends({
     position: 'relative',
-    minHeight: 48,
-    flexShrink: 0,
-    padding: '12px 16px',
-    overflow: 'hidden',
-    whiteSpace: 'normal',
-    textAlign: 'center'
-  }, ownerState.label && {
-    flexDirection: ownerState.iconPosition === 'top' || ownerState.iconPosition === 'bottom' ? 'column' : 'row'
-  }, {
-    lineHeight: 1.25
-  }, ownerState.icon && ownerState.label && defineProperty_defineProperty({
-    minHeight: 72,
-    paddingTop: 9,
-    paddingBottom: 9
-  }, "& > .".concat(Tab_tabClasses.iconWrapper), extends_extends({}, ownerState.iconPosition === 'top' && {
-    marginBottom: 6
-  }, ownerState.iconPosition === 'bottom' && {
-    marginTop: 6
-  }, ownerState.iconPosition === 'start' && {
-    marginRight: theme.spacing(1)
-  }, ownerState.iconPosition === 'end' && {
-    marginLeft: theme.spacing(1)
-  })), ownerState.textColor === 'inherit' && (_ref3 = {
-    color: 'inherit',
-    opacity: 0.6
-  }, defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.selected), {
-    opacity: 1
-  }), defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity
-  }), _ref3), ownerState.textColor === 'primary' && (_ref4 = {
-    color: (theme.vars || theme).palette.text.secondary
-  }, defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.selected), {
-    color: (theme.vars || theme).palette.primary.main
-  }), defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.disabled), {
-    color: (theme.vars || theme).palette.text.disabled
-  }), _ref4), ownerState.textColor === 'secondary' && (_ref5 = {
-    color: (theme.vars || theme).palette.text.secondary
-  }, defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.selected), {
-    color: (theme.vars || theme).palette.secondary.main
-  }), defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.disabled), {
-    color: (theme.vars || theme).palette.text.disabled
-  }), _ref5), ownerState.fullWidth && {
-    flexShrink: 1,
-    flexGrow: 1,
-    flexBasis: 0,
-    maxWidth: 'none'
-  }, ownerState.wrapped && {
-    fontSize: theme.typography.pxToRem(12)
+    display: 'inline-block',
+    flex: '1 1 auto',
+    whiteSpace: 'nowrap'
+  }, ownerState.fixed && {
+    overflowX: 'hidden',
+    width: '100%'
+  }, ownerState.hideScrollbar && {
+    // Hide dimensionless scrollbar on macOS
+    scrollbarWidth: 'none',
+    // Firefox
+    '&::-webkit-scrollbar': {
+      display: 'none' // Safari + Chrome
+    }
+  }, ownerState.scrollableX && {
+    overflowX: 'auto',
+    overflowY: 'hidden'
+  }, ownerState.scrollableY && {
+    overflowY: 'auto',
+    overflowX: 'hidden'
   });
 });
-var Tab = /*#__PURE__*/react.forwardRef(function Tab(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTab'
+var FlexContainer = styles_styled('div', {
+  name: 'MuiTabs',
+  slot: 'FlexContainer',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.flexContainer, ownerState.vertical && styles.flexContainerVertical, ownerState.centered && styles.centered];
+  }
+})(function (_ref6) {
+  var ownerState = _ref6.ownerState;
+  return extends_extends({
+    display: 'flex'
+  }, ownerState.vertical && {
+    flexDirection: 'column'
+  }, ownerState.centered && {
+    justifyContent: 'center'
   });
-  var className = props.className,
-    _props$disabled = props.disabled,
-    disabled = _props$disabled === void 0 ? false : _props$disabled,
-    _props$disableFocusRi = props.disableFocusRipple,
-    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
-    fullWidth = props.fullWidth,
-    iconProp = props.icon,
-    _props$iconPosition = props.iconPosition,
-    iconPosition = _props$iconPosition === void 0 ? 'top' : _props$iconPosition,
-    indicator = props.indicator,
-    label = props.label,
+});
+var TabsIndicator = styles_styled('span', {
+  name: 'MuiTabs',
+  slot: 'Indicator',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.indicator;
+  }
+})(function (_ref7) {
+  var ownerState = _ref7.ownerState,
+    theme = _ref7.theme;
+  return extends_extends({
+    position: 'absolute',
+    height: 2,
+    bottom: 0,
+    width: '100%',
+    transition: theme.transitions.create()
+  }, ownerState.indicatorColor === 'primary' && {
+    backgroundColor: (theme.vars || theme).palette.primary.main
+  }, ownerState.indicatorColor === 'secondary' && {
+    backgroundColor: (theme.vars || theme).palette.secondary.main
+  }, ownerState.vertical && {
+    height: '100%',
+    width: 2,
+    right: 0
+  });
+});
+var TabsScrollbarSize = styles_styled(ScrollbarSize, {
+  name: 'MuiTabs',
+  slot: 'ScrollbarSize'
+})({
+  overflowX: 'auto',
+  overflowY: 'hidden',
+  // Hide dimensionless scrollbar on macOS
+  scrollbarWidth: 'none',
+  // Firefox
+  '&::-webkit-scrollbar': {
+    display: 'none' // Safari + Chrome
+  }
+});
+
+var defaultIndicatorStyle = {};
+var warnedOnceTabPresent = false;
+var Tabs = /*#__PURE__*/react.forwardRef(function Tabs(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTabs'
+  });
+  var theme = styles_useTheme_useTheme();
+  var isRtl = theme.direction === 'rtl';
+  var ariaLabel = props['aria-label'],
+    ariaLabelledBy = props['aria-labelledby'],
+    action = props.action,
+    _props$centered = props.centered,
+    centered = _props$centered === void 0 ? false : _props$centered,
+    childrenProp = props.children,
+    className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    _props$allowScrollBut = props.allowScrollButtonsMobile,
+    allowScrollButtonsMobile = _props$allowScrollBut === void 0 ? false : _props$allowScrollBut,
+    _props$indicatorColor = props.indicatorColor,
+    indicatorColor = _props$indicatorColor === void 0 ? 'primary' : _props$indicatorColor,
     onChange = props.onChange,
-    onClick = props.onClick,
-    onFocus = props.onFocus,
-    selected = props.selected,
+    _props$orientation = props.orientation,
+    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
+    _props$ScrollButtonCo = props.ScrollButtonComponent,
+    ScrollButtonComponent = _props$ScrollButtonCo === void 0 ? TabScrollButton_TabScrollButton : _props$ScrollButtonCo,
+    _props$scrollButtons = props.scrollButtons,
+    scrollButtons = _props$scrollButtons === void 0 ? 'auto' : _props$scrollButtons,
     selectionFollowsFocus = props.selectionFollowsFocus,
+    _props$slots = props.slots,
+    slots = _props$slots === void 0 ? {} : _props$slots,
+    _props$slotProps = props.slotProps,
+    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
+    _props$TabIndicatorPr = props.TabIndicatorProps,
+    TabIndicatorProps = _props$TabIndicatorPr === void 0 ? {} : _props$TabIndicatorPr,
+    _props$TabScrollButto = props.TabScrollButtonProps,
+    TabScrollButtonProps = _props$TabScrollButto === void 0 ? {} : _props$TabScrollButto,
     _props$textColor = props.textColor,
-    textColor = _props$textColor === void 0 ? 'inherit' : _props$textColor,
+    textColor = _props$textColor === void 0 ? 'primary' : _props$textColor,
     value = props.value,
-    _props$wrapped = props.wrapped,
-    wrapped = _props$wrapped === void 0 ? false : _props$wrapped,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tab_excluded);
+    _props$variant = props.variant,
+    variant = _props$variant === void 0 ? 'standard' : _props$variant,
+    _props$visibleScrollb = props.visibleScrollbar,
+    visibleScrollbar = _props$visibleScrollb === void 0 ? false : _props$visibleScrollb,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tabs_excluded);
+  var scrollable = variant === 'scrollable';
+  var vertical = orientation === 'vertical';
+  var scrollStart = vertical ? 'scrollTop' : 'scrollLeft';
+  var start = vertical ? 'top' : 'left';
+  var end = vertical ? 'bottom' : 'right';
+  var clientSize = vertical ? 'clientHeight' : 'clientWidth';
+  var size = vertical ? 'height' : 'width';
   var ownerState = extends_extends({}, props, {
-    disabled: disabled,
-    disableFocusRipple: disableFocusRipple,
-    selected: selected,
-    icon: !!iconProp,
-    iconPosition: iconPosition,
-    label: !!label,
-    fullWidth: fullWidth,
+    component: component,
+    allowScrollButtonsMobile: allowScrollButtonsMobile,
+    indicatorColor: indicatorColor,
+    orientation: orientation,
+    vertical: vertical,
+    scrollButtons: scrollButtons,
     textColor: textColor,
-    wrapped: wrapped
+    variant: variant,
+    visibleScrollbar: visibleScrollbar,
+    fixed: !scrollable,
+    hideScrollbar: scrollable && !visibleScrollbar,
+    scrollableX: scrollable && !vertical,
+    scrollableY: scrollable && vertical,
+    centered: centered && !scrollable,
+    scrollButtonsHideMobile: !allowScrollButtonsMobile
   });
-  var classes = Tab_useUtilityClasses(ownerState);
-  var icon = iconProp && label && /*#__PURE__*/react.isValidElement(iconProp) ? /*#__PURE__*/react.cloneElement(iconProp, {
-    className: clsx_m(classes.iconWrapper, iconProp.props.className)
-  }) : iconProp;
-  var handleClick = function handleClick(event) {
-    if (!selected && onChange) {
-      onChange(event, value);
+  var classes = Tabs_useUtilityClasses(ownerState);
+  var startScrollButtonIconProps = useSlotProps({
+    elementType: slots.StartScrollButtonIcon,
+    externalSlotProps: slotProps.startScrollButtonIcon,
+    ownerState: ownerState
+  });
+  var endScrollButtonIconProps = useSlotProps({
+    elementType: slots.EndScrollButtonIcon,
+    externalSlotProps: slotProps.endScrollButtonIcon,
+    ownerState: ownerState
+  });
+  if (false) {}
+  var _React$useState = react.useState(false),
+    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
+    mounted = _React$useState2[0],
+    setMounted = _React$useState2[1];
+  var _React$useState3 = react.useState(defaultIndicatorStyle),
+    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
+    indicatorStyle = _React$useState4[0],
+    setIndicatorStyle = _React$useState4[1];
+  var _React$useState5 = react.useState({
+      start: false,
+      end: false
+    }),
+    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
+    displayScroll = _React$useState6[0],
+    setDisplayScroll = _React$useState6[1];
+  var _React$useState7 = react.useState({
+      overflow: 'hidden',
+      scrollbarWidth: 0
+    }),
+    _React$useState8 = slicedToArray_slicedToArray(_React$useState7, 2),
+    scrollerStyle = _React$useState8[0],
+    setScrollerStyle = _React$useState8[1];
+  var valueToIndex = new Map();
+  var tabsRef = react.useRef(null);
+  var tabListRef = react.useRef(null);
+  var getTabsMeta = function getTabsMeta() {
+    var tabsNode = tabsRef.current;
+    var tabsMeta;
+    if (tabsNode) {
+      var rect = tabsNode.getBoundingClientRect();
+      // create a new object with ClientRect class props + scrollLeft
+      tabsMeta = {
+        clientWidth: tabsNode.clientWidth,
+        scrollLeft: tabsNode.scrollLeft,
+        scrollTop: tabsNode.scrollTop,
+        scrollLeftNormalized: getNormalizedScrollLeft(tabsNode, theme.direction),
+        scrollWidth: tabsNode.scrollWidth,
+        top: rect.top,
+        bottom: rect.bottom,
+        left: rect.left,
+        right: rect.right
+      };
     }
-    if (onClick) {
-      onClick(event);
+    var tabMeta;
+    if (tabsNode && value !== false) {
+      var _children = tabListRef.current.children;
+      if (_children.length > 0) {
+        var tab = _children[valueToIndex.get(value)];
+        if (false) {}
+        tabMeta = tab ? tab.getBoundingClientRect() : null;
+        if (false) {}
+      }
     }
+    return {
+      tabsMeta: tabsMeta,
+      tabMeta: tabMeta
+    };
   };
-  var handleFocus = function handleFocus(event) {
-    if (selectionFollowsFocus && !selected && onChange) {
-      onChange(event, value);
+  var updateIndicatorState = utils_useEventCallback(function () {
+    var _newIndicatorStyle;
+    var _getTabsMeta = getTabsMeta(),
+      tabsMeta = _getTabsMeta.tabsMeta,
+      tabMeta = _getTabsMeta.tabMeta;
+    var startValue = 0;
+    var startIndicator;
+    if (vertical) {
+      startIndicator = 'top';
+      if (tabMeta && tabsMeta) {
+        startValue = tabMeta.top - tabsMeta.top + tabsMeta.scrollTop;
+      }
+    } else {
+      startIndicator = isRtl ? 'right' : 'left';
+      if (tabMeta && tabsMeta) {
+        var correction = isRtl ? tabsMeta.scrollLeftNormalized + tabsMeta.clientWidth - tabsMeta.scrollWidth : tabsMeta.scrollLeft;
+        startValue = (isRtl ? -1 : 1) * (tabMeta[startIndicator] - tabsMeta[startIndicator] + correction);
+      }
     }
-    if (onFocus) {
-      onFocus(event);
+    var newIndicatorStyle = (_newIndicatorStyle = {}, defineProperty_defineProperty(_newIndicatorStyle, startIndicator, startValue), defineProperty_defineProperty(_newIndicatorStyle, size, tabMeta ? tabMeta[size] : 0), _newIndicatorStyle);
+
+    // IE11 support, replace with Number.isNaN
+    // eslint-disable-next-line no-restricted-globals
+    if (isNaN(indicatorStyle[startIndicator]) || isNaN(indicatorStyle[size])) {
+      setIndicatorStyle(newIndicatorStyle);
+    } else {
+      var dStart = Math.abs(indicatorStyle[startIndicator] - newIndicatorStyle[startIndicator]);
+      var dSize = Math.abs(indicatorStyle[size] - newIndicatorStyle[size]);
+      if (dStart >= 1 || dSize >= 1) {
+        setIndicatorStyle(newIndicatorStyle);
+      }
     }
-  };
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabRoot, extends_extends({
-    focusRipple: !disableFocusRipple,
-    className: clsx_m(classes.root, className),
-    ref: ref,
-    role: "tab",
-    "aria-selected": selected,
-    disabled: disabled,
-    onClick: handleClick,
-    onFocus: handleFocus,
-    ownerState: ownerState,
-    tabIndex: selected ? 0 : -1
-  }, other, {
-    children: [iconPosition === 'top' || iconPosition === 'start' ? /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-      children: [icon, label]
-    }) : /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-      children: [label, icon]
-    }), indicator]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Tab_Tab = (Tab);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabContext/TabContext.js
-
-
-
-
-/**
- * @type {React.Context<{ idPrefix: string; value: string } | null>}
- */
-
-var Context = /*#__PURE__*/react.createContext(null);
-if (false) {}
-function useUniquePrefix() {
-  var _React$useState = react.useState(null),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    id = _React$useState2[0],
-    setId = _React$useState2[1];
-  react.useEffect(function () {
-    setId("mui-p-".concat(Math.round(Math.random() * 1e5)));
-  }, []);
-  return id;
-}
-function TabContext(props) {
-  var children = props.children,
-    value = props.value;
-  var idPrefix = useUniquePrefix();
-  var context = react.useMemo(function () {
-    return {
-      idPrefix: idPrefix,
-      value: value
-    };
-  }, [idPrefix, value]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Context.Provider, {
-    value: context,
-    children: children
   });
-}
- false ? 0 : void 0;
-
-/**
- * @returns {unknown}
- */
-function useTabContext() {
-  return react.useContext(Context);
-}
-function getPanelId(context, value) {
-  var idPrefix = context.idPrefix;
-  if (idPrefix === null) {
-    return null;
-  }
-  return "".concat(context.idPrefix, "-P-").concat(value);
-}
-function getTabId(context, value) {
-  var idPrefix = context.idPrefix;
-  if (idPrefix === null) {
-    return null;
-  }
-  return "".concat(context.idPrefix, "-T-").concat(value);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/scrollLeft.js
-// Source from https://github.com/alitaheri/normalize-scroll-left
-var cachedType;
-
-/**
- * Based on the jquery plugin https://github.com/othree/jquery.rtl-scroll-type
- *
- * Types of scrollLeft, assuming scrollWidth=100 and direction is rtl.
- *
- * Type             | <- Most Left | Most Right -> | Initial
- * ---------------- | ------------ | ------------- | -------
- * default          | 0            | 100           | 100
- * negative (spec*) | -100         | 0             | 0
- * reverse          | 100          | 0             | 0
- *
- * Edge 85: default
- * Safari 14: negative
- * Chrome 85: negative
- * Firefox 81: negative
- * IE11: reverse
- *
- * spec* https://drafts.csswg.org/cssom-view/#dom-window-scroll
- */
-function detectScrollType() {
-  if (cachedType) {
-    return cachedType;
-  }
-  var dummy = document.createElement('div');
-  var container = document.createElement('div');
-  container.style.width = '10px';
-  container.style.height = '1px';
-  dummy.appendChild(container);
-  dummy.dir = 'rtl';
-  dummy.style.fontSize = '14px';
-  dummy.style.width = '4px';
-  dummy.style.height = '1px';
-  dummy.style.position = 'absolute';
-  dummy.style.top = '-1000px';
-  dummy.style.overflow = 'scroll';
-  document.body.appendChild(dummy);
-  cachedType = 'reverse';
-  if (dummy.scrollLeft > 0) {
-    cachedType = 'default';
-  } else {
-    dummy.scrollLeft = 1;
-    if (dummy.scrollLeft === 0) {
-      cachedType = 'negative';
+  var scroll = function scroll(scrollValue) {
+    var _ref8 = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
+      _ref8$animation = _ref8.animation,
+      animation = _ref8$animation === void 0 ? true : _ref8$animation;
+    if (animation) {
+      animate(scrollStart, tabsRef.current, scrollValue, {
+        duration: theme.transitions.duration.standard
+      });
+    } else {
+      tabsRef.current[scrollStart] = scrollValue;
     }
-  }
-  document.body.removeChild(dummy);
-  return cachedType;
-}
-
-// Based on https://stackoverflow.com/a/24394376
-function getNormalizedScrollLeft(element, direction) {
-  var scrollLeft = element.scrollLeft;
-
-  // Perform the calculations only when direction is rtl to avoid messing up the ltr behavior
-  if (direction !== 'rtl') {
-    return scrollLeft;
-  }
-  var type = detectScrollType();
-  switch (type) {
-    case 'negative':
-      return element.scrollWidth - element.clientWidth + scrollLeft;
-    case 'reverse':
-      return element.scrollWidth - element.clientWidth - scrollLeft;
-    default:
-      return scrollLeft;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/animate.js
-function easeInOutSin(time) {
-  return (1 + Math.sin(Math.PI * time - Math.PI / 2)) / 2;
-}
-function animate(property, element, to) {
-  var options = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  var cb = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : function () {};
-  var _options$ease = options.ease,
-    ease = _options$ease === void 0 ? easeInOutSin : _options$ease,
-    _options$duration = options.duration,
-    duration = _options$duration === void 0 ? 300 : _options$duration;
-  var start = null;
-  var from = element[property];
-  var cancelled = false;
-  var cancel = function cancel() {
-    cancelled = true;
   };
-  var step = function step(timestamp) {
-    if (cancelled) {
-      cb(new Error('Animation cancelled'));
-      return;
-    }
-    if (start === null) {
-      start = timestamp;
+  var moveTabsScroll = function moveTabsScroll(delta) {
+    var scrollValue = tabsRef.current[scrollStart];
+    if (vertical) {
+      scrollValue += delta;
+    } else {
+      scrollValue += delta * (isRtl ? -1 : 1);
+      // Fix for Edge
+      scrollValue *= isRtl && detectScrollType() === 'reverse' ? -1 : 1;
     }
-    var time = Math.min(1, (timestamp - start) / duration);
-    element[property] = ease(time) * (to - from) + from;
-    if (time >= 1) {
-      requestAnimationFrame(function () {
-        cb(null);
-      });
-      return;
+    scroll(scrollValue);
+  };
+  var getScrollSize = function getScrollSize() {
+    var containerSize = tabsRef.current[clientSize];
+    var totalSize = 0;
+    var children = Array.from(tabListRef.current.children);
+    for (var i = 0; i < children.length; i += 1) {
+      var tab = children[i];
+      if (totalSize + tab[clientSize] > containerSize) {
+        // If the first item is longer than the container size, then only scroll
+        // by the container size.
+        if (i === 0) {
+          totalSize = containerSize;
+        }
+        break;
+      }
+      totalSize += tab[clientSize];
     }
-    requestAnimationFrame(step);
+    return totalSize;
   };
-  if (from === to) {
-    cb(new Error('Element already at target position'));
-    return cancel;
-  }
-  requestAnimationFrame(step);
-  return cancel;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/ScrollbarSize.js
-
-
-var ScrollbarSize_excluded = ["onChange"];
-
-
-
-
-
-var ScrollbarSize_styles = {
-  width: 99,
-  height: 99,
-  position: 'absolute',
-  top: -9999,
-  overflow: 'scroll'
-};
-
-/**
- * @ignore - internal component.
- * The component originates from https://github.com/STORIS/react-scrollbar-size.
- * It has been moved into the core in order to minimize the bundle size.
- */
-function ScrollbarSize(props) {
-  var onChange = props.onChange,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ScrollbarSize_excluded);
-  var scrollbarHeight = react.useRef();
-  var nodeRef = react.useRef(null);
-  var setMeasurements = function setMeasurements() {
-    scrollbarHeight.current = nodeRef.current.offsetHeight - nodeRef.current.clientHeight;
+  var handleStartScrollClick = function handleStartScrollClick() {
+    moveTabsScroll(-1 * getScrollSize());
   };
-  utils_useEnhancedEffect(function () {
-    var handleResize = utils_debounce(function () {
-      var prevHeight = scrollbarHeight.current;
-      setMeasurements();
-      if (prevHeight !== scrollbarHeight.current) {
-        onChange(scrollbarHeight.current);
+  var handleEndScrollClick = function handleEndScrollClick() {
+    moveTabsScroll(getScrollSize());
+  };
+
+  // TODO Remove <ScrollbarSize /> as browser support for hiding the scrollbar
+  // with CSS improves.
+  var handleScrollbarSizeChange = react.useCallback(function (scrollbarWidth) {
+    setScrollerStyle({
+      overflow: null,
+      scrollbarWidth: scrollbarWidth
+    });
+  }, []);
+  var getConditionalElements = function getConditionalElements() {
+    var conditionalElements = {};
+    conditionalElements.scrollbarSizeListener = scrollable ? /*#__PURE__*/(0,jsx_runtime.jsx)(TabsScrollbarSize, {
+      onChange: handleScrollbarSizeChange,
+      className: clsx_m(classes.scrollableX, classes.hideScrollbar)
+    }) : null;
+    var scrollButtonsActive = displayScroll.start || displayScroll.end;
+    var showScrollButtons = scrollable && (scrollButtons === 'auto' && scrollButtonsActive || scrollButtons === true);
+    conditionalElements.scrollButtonStart = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
+      slots: {
+        StartScrollButtonIcon: slots.StartScrollButtonIcon
+      },
+      slotProps: {
+        startScrollButtonIcon: startScrollButtonIconProps
+      },
+      orientation: orientation,
+      direction: isRtl ? 'right' : 'left',
+      onClick: handleStartScrollClick,
+      disabled: !displayScroll.start
+    }, TabScrollButtonProps, {
+      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
+    })) : null;
+    conditionalElements.scrollButtonEnd = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
+      slots: {
+        EndScrollButtonIcon: slots.EndScrollButtonIcon
+      },
+      slotProps: {
+        endScrollButtonIcon: endScrollButtonIconProps
+      },
+      orientation: orientation,
+      direction: isRtl ? 'left' : 'right',
+      onClick: handleEndScrollClick,
+      disabled: !displayScroll.end
+    }, TabScrollButtonProps, {
+      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
+    })) : null;
+    return conditionalElements;
+  };
+  var scrollSelectedIntoView = utils_useEventCallback(function (animation) {
+    var _getTabsMeta2 = getTabsMeta(),
+      tabsMeta = _getTabsMeta2.tabsMeta,
+      tabMeta = _getTabsMeta2.tabMeta;
+    if (!tabMeta || !tabsMeta) {
+      return;
+    }
+    if (tabMeta[start] < tabsMeta[start]) {
+      // left side of button is out of view
+      var nextScrollStart = tabsMeta[scrollStart] + (tabMeta[start] - tabsMeta[start]);
+      scroll(nextScrollStart, {
+        animation: animation
+      });
+    } else if (tabMeta[end] > tabsMeta[end]) {
+      // right side of button is out of view
+      var _nextScrollStart = tabsMeta[scrollStart] + (tabMeta[end] - tabsMeta[end]);
+      scroll(_nextScrollStart, {
+        animation: animation
+      });
+    }
+  });
+  var updateScrollButtonState = utils_useEventCallback(function () {
+    if (scrollable && scrollButtons !== false) {
+      var _tabsRef$current = tabsRef.current,
+        scrollTop = _tabsRef$current.scrollTop,
+        scrollHeight = _tabsRef$current.scrollHeight,
+        clientHeight = _tabsRef$current.clientHeight,
+        scrollWidth = _tabsRef$current.scrollWidth,
+        clientWidth = _tabsRef$current.clientWidth;
+      var showStartScroll;
+      var showEndScroll;
+      if (vertical) {
+        showStartScroll = scrollTop > 1;
+        showEndScroll = scrollTop < scrollHeight - clientHeight - 1;
+      } else {
+        var scrollLeft = getNormalizedScrollLeft(tabsRef.current, theme.direction);
+        // use 1 for the potential rounding error with browser zooms.
+        showStartScroll = isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
+        showEndScroll = !isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
+      }
+      if (showStartScroll !== displayScroll.start || showEndScroll !== displayScroll.end) {
+        setDisplayScroll({
+          start: showStartScroll,
+          end: showEndScroll
+        });
+      }
+    }
+  });
+  react.useEffect(function () {
+    var handleResize = utils_debounce(function () {
+      // If the Tabs component is replaced by Suspense with a fallback, the last
+      // ResizeObserver's handler that runs because of the change in the layout is trying to
+      // access a dom node that is no longer there (as the fallback component is being shown instead).
+      // See https://github.com/mui/material-ui/issues/33276
+      // TODO: Add tests that will ensure the component is not failing when
+      // replaced by Suspense with a fallback, once React is updated to version 18
+      if (tabsRef.current) {
+        updateIndicatorState();
+        updateScrollButtonState();
       }
     });
-    var containerWindow = utils_ownerWindow(nodeRef.current);
-    containerWindow.addEventListener('resize', handleResize);
+    var win = utils_ownerWindow(tabsRef.current);
+    win.addEventListener('resize', handleResize);
+    var resizeObserver;
+    if (typeof ResizeObserver !== 'undefined') {
+      resizeObserver = new ResizeObserver(handleResize);
+      Array.from(tabListRef.current.children).forEach(function (child) {
+        resizeObserver.observe(child);
+      });
+    }
     return function () {
       handleResize.clear();
-      containerWindow.removeEventListener('resize', handleResize);
+      win.removeEventListener('resize', handleResize);
+      if (resizeObserver) {
+        resizeObserver.disconnect();
+      }
     };
-  }, [onChange]);
+  }, [updateIndicatorState, updateScrollButtonState]);
+  var handleTabsScroll = react.useMemo(function () {
+    return utils_debounce(function () {
+      updateScrollButtonState();
+    });
+  }, [updateScrollButtonState]);
   react.useEffect(function () {
-    setMeasurements();
-    onChange(scrollbarHeight.current);
-  }, [onChange]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)("div", extends_extends({
-    style: ScrollbarSize_styles,
-    ref: nodeRef
-  }, other));
-}
- false ? 0 : void 0;
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowLeft.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var KeyboardArrowLeft = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M15.41 16.09l-4.58-4.59 4.58-4.59L14 5.5l-6 6 6 6z"
-}), 'KeyboardArrowLeft'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowRight.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var KeyboardArrowRight = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M8.59 16.34l4.58-4.59-4.58-4.59L10 5.75l6 6-6 6z"
-}), 'KeyboardArrowRight'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/tabScrollButtonClasses.js
-
-
-function getTabScrollButtonUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabScrollButton', slot);
-}
-var tabScrollButtonClasses = generateUtilityClasses('MuiTabScrollButton', ['root', 'vertical', 'horizontal', 'disabled']);
-/* harmony default export */ var TabScrollButton_tabScrollButtonClasses = (tabScrollButtonClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/TabScrollButton.js
-
-
-
-var TabScrollButton_excluded = ["className", "slots", "slotProps", "direction", "orientation", "disabled"];
-/* eslint-disable jsx-a11y/aria-role */
-
-
-
-
-
-
-
-
-
-
-
-
-var TabScrollButton_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    orientation = ownerState.orientation,
-    disabled = ownerState.disabled;
-  var slots = {
-    root: ['root', orientation, disabled && 'disabled']
-  };
-  return composeClasses(slots, getTabScrollButtonUtilityClass, classes);
-};
-var TabScrollButtonRoot = styles_styled(ButtonBase_ButtonBase, {
-  name: 'MuiTabScrollButton',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.orientation && styles[ownerState.orientation]];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState;
-  return extends_extends(defineProperty_defineProperty({
-    width: 40,
-    flexShrink: 0,
-    opacity: 0.8
-  }, "&.".concat(TabScrollButton_tabScrollButtonClasses.disabled), {
-    opacity: 0
-  }), ownerState.orientation === 'vertical' && {
-    width: '100%',
-    height: 40,
-    '& svg': {
-      transform: "rotate(".concat(ownerState.isRtl ? -90 : 90, "deg)")
-    }
-  });
-});
-var TabScrollButton = /*#__PURE__*/react.forwardRef(function TabScrollButton(inProps, ref) {
-  var _slots$StartScrollBut, _slots$EndScrollButto;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTabScrollButton'
+    return function () {
+      handleTabsScroll.clear();
+    };
+  }, [handleTabsScroll]);
+  react.useEffect(function () {
+    setMounted(true);
+  }, []);
+  react.useEffect(function () {
+    updateIndicatorState();
+    updateScrollButtonState();
   });
-  var className = props.className,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    direction = props.direction,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabScrollButton_excluded);
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ownerState = extends_extends({
-    isRtl: isRtl
-  }, props);
-  var classes = TabScrollButton_useUtilityClasses(ownerState);
-  var StartButtonIcon = (_slots$StartScrollBut = slots.StartScrollButtonIcon) != null ? _slots$StartScrollBut : KeyboardArrowLeft;
-  var EndButtonIcon = (_slots$EndScrollButto = slots.EndScrollButtonIcon) != null ? _slots$EndScrollButto : KeyboardArrowRight;
-  var startButtonIconProps = useSlotProps({
-    elementType: StartButtonIcon,
-    externalSlotProps: slotProps.startScrollButtonIcon,
-    additionalProps: {
-      fontSize: 'small'
-    },
-    ownerState: ownerState
-  });
-  var endButtonIconProps = useSlotProps({
-    elementType: EndButtonIcon,
-    externalSlotProps: slotProps.endScrollButtonIcon,
-    additionalProps: {
-      fontSize: 'small'
-    },
-    ownerState: ownerState
+  react.useEffect(function () {
+    // Don't animate on the first render.
+    scrollSelectedIntoView(defaultIndicatorStyle !== indicatorStyle);
+  }, [scrollSelectedIntoView, indicatorStyle]);
+  react.useImperativeHandle(action, function () {
+    return {
+      updateIndicator: updateIndicatorState,
+      updateScrollButtons: updateScrollButtonState
+    };
+  }, [updateIndicatorState, updateScrollButtonState]);
+  var indicator = /*#__PURE__*/(0,jsx_runtime.jsx)(TabsIndicator, extends_extends({}, TabIndicatorProps, {
+    className: clsx_m(classes.indicator, TabIndicatorProps.className),
+    ownerState: ownerState,
+    style: extends_extends({}, indicatorStyle, TabIndicatorProps.style)
+  }));
+  var childIndex = 0;
+  var children = react.Children.map(childrenProp, function (child) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      return null;
+    }
+    if (false) {}
+    var childValue = child.props.value === undefined ? childIndex : child.props.value;
+    valueToIndex.set(childValue, childIndex);
+    var selected = childValue === value;
+    childIndex += 1;
+    return /*#__PURE__*/react.cloneElement(child, extends_extends({
+      fullWidth: variant === 'fullWidth',
+      indicator: selected && !mounted && indicator,
+      selected: selected,
+      selectionFollowsFocus: selectionFollowsFocus,
+      onChange: onChange,
+      textColor: textColor,
+      value: childValue
+    }, childIndex === 1 && value === false && !child.props.tabIndex ? {
+      tabIndex: 0
+    } : {}));
   });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabScrollButtonRoot, extends_extends({
-    component: "div",
+  var handleKeyDown = function handleKeyDown(event) {
+    var list = tabListRef.current;
+    var currentFocus = utils_ownerDocument(list).activeElement;
+    // Keyboard navigation assumes that [role="tab"] are siblings
+    // though we might warn in the future about nested, interactive elements
+    // as a a11y violation
+    var role = currentFocus.getAttribute('role');
+    if (role !== 'tab') {
+      return;
+    }
+    var previousItemKey = orientation === 'horizontal' ? 'ArrowLeft' : 'ArrowUp';
+    var nextItemKey = orientation === 'horizontal' ? 'ArrowRight' : 'ArrowDown';
+    if (orientation === 'horizontal' && isRtl) {
+      // swap previousItemKey with nextItemKey
+      previousItemKey = 'ArrowRight';
+      nextItemKey = 'ArrowLeft';
+    }
+    switch (event.key) {
+      case previousItemKey:
+        event.preventDefault();
+        Tabs_moveFocus(list, currentFocus, Tabs_previousItem);
+        break;
+      case nextItemKey:
+        event.preventDefault();
+        Tabs_moveFocus(list, currentFocus, Tabs_nextItem);
+        break;
+      case 'Home':
+        event.preventDefault();
+        Tabs_moveFocus(list, null, Tabs_nextItem);
+        break;
+      case 'End':
+        event.preventDefault();
+        Tabs_moveFocus(list, null, Tabs_previousItem);
+        break;
+      default:
+        break;
+    }
+  };
+  var conditionalElements = getConditionalElements();
+  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsRoot, extends_extends({
     className: clsx_m(classes.root, className),
-    ref: ref,
-    role: null,
     ownerState: ownerState,
-    tabIndex: null
+    ref: ref,
+    as: component
   }, other, {
-    children: direction === 'left' ? /*#__PURE__*/(0,jsx_runtime.jsx)(StartButtonIcon, extends_extends({}, startButtonIconProps)) : /*#__PURE__*/(0,jsx_runtime.jsx)(EndButtonIcon, extends_extends({}, endButtonIconProps))
+    children: [conditionalElements.scrollButtonStart, conditionalElements.scrollbarSizeListener, /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsScroller, {
+      className: classes.scroller,
+      ownerState: ownerState,
+      style: defineProperty_defineProperty({
+        overflow: scrollerStyle.overflow
+      }, vertical ? "margin".concat(isRtl ? 'Left' : 'Right') : 'marginBottom', visibleScrollbar ? undefined : -scrollerStyle.scrollbarWidth),
+      ref: tabsRef,
+      onScroll: handleTabsScroll,
+      children: [/*#__PURE__*/(0,jsx_runtime.jsx)(FlexContainer, {
+        "aria-label": ariaLabel,
+        "aria-labelledby": ariaLabelledBy,
+        "aria-orientation": orientation === 'vertical' ? 'vertical' : null,
+        className: classes.flexContainer,
+        ownerState: ownerState,
+        onKeyDown: handleKeyDown,
+        ref: tabListRef,
+        role: "tablist",
+        children: children
+      }), mounted && indicator]
+    }), conditionalElements.scrollButtonEnd]
   }));
 });
  false ? 0 : void 0;
-/* harmony default export */ var TabScrollButton_TabScrollButton = (TabScrollButton);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/tabsClasses.js
+/* harmony default export */ var Tabs_Tabs = (Tabs);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabList/TabList.js
 
 
-function getTabsUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabs', slot);
+var TabList_excluded = ["children"];
+
+
+
+
+
+var TabList = /*#__PURE__*/react.forwardRef(function TabList(props, ref) {
+  var childrenProp = props.children,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabList_excluded);
+  var context = useTabContext();
+  if (context === null) {
+    throw new TypeError('No TabContext provided');
+  }
+  var children = react.Children.map(childrenProp, function (child) {
+    if (! /*#__PURE__*/react.isValidElement(child)) {
+      return null;
+    }
+    return /*#__PURE__*/react.cloneElement(child, {
+      // SOMEDAY: `Tabs` will set those themselves
+      'aria-controls': getPanelId(context, child.props.value),
+      id: getTabId(context, child.props.value)
+    });
+  });
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Tabs_Tabs, extends_extends({}, other, {
+    ref: ref,
+    value: context.value,
+    children: children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TabList_TabList = (TabList);
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/tabPanelClasses.js
+
+
+function getTabPanelUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTabPanel', slot);
 }
-var tabsClasses = generateUtilityClasses('MuiTabs', ['root', 'vertical', 'flexContainer', 'flexContainerVertical', 'centered', 'scroller', 'fixed', 'scrollableX', 'scrollableY', 'hideScrollbar', 'scrollButtons', 'scrollButtonsHideMobile', 'indicator']);
-/* harmony default export */ var Tabs_tabsClasses = (tabsClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/Tabs.js
+var tabPanelClasses = generateUtilityClasses('MuiTabPanel', ['root']);
+/* harmony default export */ var TabPanel_tabPanelClasses = ((/* unused pure expression or super */ null && (tabPanelClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/TabPanel.js
+
 
+var TabPanel_excluded = ["children", "className", "value"];
 
 
 
-var Tabs_excluded = ["aria-label", "aria-labelledby", "action", "centered", "children", "className", "component", "allowScrollButtonsMobile", "indicatorColor", "onChange", "orientation", "ScrollButtonComponent", "scrollButtons", "selectionFollowsFocus", "slots", "slotProps", "TabIndicatorProps", "TabScrollButtonProps", "textColor", "value", "variant", "visibleScrollbar"];
 
 
 
 
 
+var TabPanel_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTabPanelUtilityClass, classes);
+};
+var TabPanelRoot = styles_styled('div', {
+  name: 'MuiTabPanel',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})(function (_ref) {
+  var theme = _ref.theme;
+  return {
+    padding: theme.spacing(3)
+  };
+});
+var TabPanel = /*#__PURE__*/react.forwardRef(function TabPanel(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTabPanel'
+  });
+  var children = props.children,
+    className = props.className,
+    value = props.value,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabPanel_excluded);
+  var ownerState = extends_extends({}, props);
+  var classes = TabPanel_useUtilityClasses(ownerState);
+  var context = useTabContext();
+  if (context === null) {
+    throw new TypeError('No TabContext provided');
+  }
+  var id = getPanelId(context, value);
+  var tabId = getTabId(context, value);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabPanelRoot, extends_extends({
+    "aria-labelledby": tabId,
+    className: clsx_m(classes.root, className),
+    hidden: value !== context.value,
+    id: id,
+    ref: ref,
+    role: "tabpanel",
+    ownerState: ownerState
+  }, other, {
+    children: value === context.value && children
+  }));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TabPanel_TabPanel = (TabPanel);
+;// CONCATENATED MODULE: ./src/components/result-view/SidePanel.tsx
+function useSidePanelTabs(provider){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedTab=_useState2[0],setSelectedTab=_useState2[1];var handleTabChange=(0,react.useCallback)(function(_e,value){setSelectedTab(value);},[]);var tabs=(0,react.useMemo)(function(){return(provider===null||provider===void 0?void 0:provider.buildSidePanelTabs())||[];},[provider]);(0,react.useEffect)(function(){if(!(tabs!==null&&tabs!==void 0&&tabs.length)){setSelectedTab("");return;}if(!selectedTab){setSelectedTab(tabs[0].label);return;}if(!tabs.find(function(x){return x.label===selectedTab;})){// reset it after the type of selected item has changed
+setSelectedTab(tabs[0].label);}},[selectedTab,tabs]);return{tabs:tabs,selectedTab:selectedTab,handleTabChange:handleTabChange};}var SidePanel=function SidePanel(props){var theme=styles_useTheme_useTheme();var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},tab.label);})})]})});};
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/TableContext.js
 
 
+/**
+ * @ignore - internal component.
+ */
+var TableContext = /*#__PURE__*/react.createContext();
+if (false) {}
+/* harmony default export */ var Table_TableContext = (TableContext);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/tableClasses.js
 
 
+function getTableUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTable', slot);
+}
+var tableClasses = generateUtilityClasses('MuiTable', ['root', 'stickyHeader']);
+/* harmony default export */ var Table_tableClasses = ((/* unused pure expression or super */ null && (tableClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Table.js
 
 
+var Table_excluded = ["className", "component", "padding", "size", "stickyHeader"];
 
 
 
@@ -58412,691 +58615,458 @@ var Tabs_excluded = ["aria-label", "aria-labelledby", "action", "centered", "chi
 
 
 
-var Tabs_nextItem = function nextItem(list, item) {
-  if (list === item) {
-    return list.firstChild;
-  }
-  if (item && item.nextElementSibling) {
-    return item.nextElementSibling;
-  }
-  return list.firstChild;
+var Table_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    stickyHeader = ownerState.stickyHeader;
+  var slots = {
+    root: ['root', stickyHeader && 'stickyHeader']
+  };
+  return composeClasses(slots, getTableUtilityClass, classes);
 };
-var Tabs_previousItem = function previousItem(list, item) {
-  if (list === item) {
-    return list.lastChild;
-  }
-  if (item && item.previousElementSibling) {
-    return item.previousElementSibling;
-  }
-  return list.lastChild;
-};
-var Tabs_moveFocus = function moveFocus(list, currentFocus, traversalFunction) {
-  var wrappedOnce = false;
-  var nextFocus = traversalFunction(list, currentFocus);
-  while (nextFocus) {
-    // Prevent infinite loop.
-    if (nextFocus === list.firstChild) {
-      if (wrappedOnce) {
-        return;
-      }
-      wrappedOnce = true;
-    }
-
-    // Same logic as useAutocomplete.js
-    var nextFocusDisabled = nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
-    if (!nextFocus.hasAttribute('tabindex') || nextFocusDisabled) {
-      // Move to the next element.
-      nextFocus = traversalFunction(list, nextFocus);
-    } else {
-      nextFocus.focus();
-      return;
-    }
-  }
-};
-var Tabs_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var vertical = ownerState.vertical,
-    fixed = ownerState.fixed,
-    hideScrollbar = ownerState.hideScrollbar,
-    scrollableX = ownerState.scrollableX,
-    scrollableY = ownerState.scrollableY,
-    centered = ownerState.centered,
-    scrollButtonsHideMobile = ownerState.scrollButtonsHideMobile,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', vertical && 'vertical'],
-    scroller: ['scroller', fixed && 'fixed', hideScrollbar && 'hideScrollbar', scrollableX && 'scrollableX', scrollableY && 'scrollableY'],
-    flexContainer: ['flexContainer', vertical && 'flexContainerVertical', centered && 'centered'],
-    indicator: ['indicator'],
-    scrollButtons: ['scrollButtons', scrollButtonsHideMobile && 'scrollButtonsHideMobile'],
-    scrollableX: [scrollableX && 'scrollableX'],
-    hideScrollbar: [hideScrollbar && 'hideScrollbar']
-  };
-  return composeClasses(slots, getTabsUtilityClass, classes);
-};
-var TabsRoot = styles_styled('div', {
-  name: 'MuiTabs',
+var TableRoot = styles_styled('table', {
+  name: 'MuiTable',
   slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
     var ownerState = props.ownerState;
-    return [defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), styles.scrollButtons), defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), ownerState.scrollButtonsHideMobile && styles.scrollButtonsHideMobile), styles.root, ownerState.vertical && styles.vertical];
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState,
-    theme = _ref3.theme;
-  return extends_extends({
-    overflow: 'hidden',
-    minHeight: 48,
-    // Add iOS momentum scrolling for iOS < 13.0
-    WebkitOverflowScrolling: 'touch',
-    display: 'flex'
-  }, ownerState.vertical && {
-    flexDirection: 'column'
-  }, ownerState.scrollButtonsHideMobile && defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), defineProperty_defineProperty({}, theme.breakpoints.down('sm'), {
-    display: 'none'
-  })));
-});
-var TabsScroller = styles_styled('div', {
-  name: 'MuiTabs',
-  slot: 'Scroller',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.scroller, ownerState.fixed && styles.fixed, ownerState.hideScrollbar && styles.hideScrollbar, ownerState.scrollableX && styles.scrollableX, ownerState.scrollableY && styles.scrollableY];
+    return [styles.root, ownerState.stickyHeader && styles.stickyHeader];
   }
-})(function (_ref5) {
-  var ownerState = _ref5.ownerState;
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
   return extends_extends({
-    position: 'relative',
-    display: 'inline-block',
-    flex: '1 1 auto',
-    whiteSpace: 'nowrap'
-  }, ownerState.fixed && {
-    overflowX: 'hidden',
-    width: '100%'
-  }, ownerState.hideScrollbar && {
-    // Hide dimensionless scrollbar on macOS
-    scrollbarWidth: 'none',
-    // Firefox
-    '&::-webkit-scrollbar': {
-      display: 'none' // Safari + Chrome
-    }
-  }, ownerState.scrollableX && {
-    overflowX: 'auto',
-    overflowY: 'hidden'
-  }, ownerState.scrollableY && {
-    overflowY: 'auto',
-    overflowX: 'hidden'
+    display: 'table',
+    width: '100%',
+    borderCollapse: 'collapse',
+    borderSpacing: 0,
+    '& caption': extends_extends({}, theme.typography.body2, {
+      padding: theme.spacing(2),
+      color: (theme.vars || theme).palette.text.secondary,
+      textAlign: 'left',
+      captionSide: 'bottom'
+    })
+  }, ownerState.stickyHeader && {
+    borderCollapse: 'separate'
   });
 });
-var FlexContainer = styles_styled('div', {
-  name: 'MuiTabs',
-  slot: 'FlexContainer',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.flexContainer, ownerState.vertical && styles.flexContainerVertical, ownerState.centered && styles.centered];
-  }
-})(function (_ref6) {
-  var ownerState = _ref6.ownerState;
-  return extends_extends({
-    display: 'flex'
-  }, ownerState.vertical && {
-    flexDirection: 'column'
-  }, ownerState.centered && {
-    justifyContent: 'center'
+var defaultComponent = 'table';
+var Table = /*#__PURE__*/react.forwardRef(function Table(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTable'
+  });
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? defaultComponent : _props$component,
+    _props$padding = props.padding,
+    padding = _props$padding === void 0 ? 'normal' : _props$padding,
+    _props$size = props.size,
+    size = _props$size === void 0 ? 'medium' : _props$size,
+    _props$stickyHeader = props.stickyHeader,
+    stickyHeader = _props$stickyHeader === void 0 ? false : _props$stickyHeader,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Table_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    padding: padding,
+    size: size,
+    stickyHeader: stickyHeader
+  });
+  var classes = Table_useUtilityClasses(ownerState);
+  var table = react.useMemo(function () {
+    return {
+      padding: padding,
+      size: size,
+      stickyHeader: stickyHeader
+    };
+  }, [padding, size, stickyHeader]);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_TableContext.Provider, {
+    value: table,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableRoot, extends_extends({
+      as: component,
+      role: component === defaultComponent ? null : 'table',
+      ref: ref,
+      className: clsx_m(classes.root, className),
+      ownerState: ownerState
+    }, other))
   });
 });
-var TabsIndicator = styles_styled('span', {
-  name: 'MuiTabs',
-  slot: 'Indicator',
+ false ? 0 : void 0;
+/* harmony default export */ var Table_Table = (Table);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Tablelvl2Context.js
+
+
+/**
+ * @ignore - internal component.
+ */
+var Tablelvl2Context = /*#__PURE__*/react.createContext();
+if (false) {}
+/* harmony default export */ var Table_Tablelvl2Context = (Tablelvl2Context);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/tableBodyClasses.js
+
+
+function getTableBodyUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableBody', slot);
+}
+var tableBodyClasses = generateUtilityClasses('MuiTableBody', ['root']);
+/* harmony default export */ var TableBody_tableBodyClasses = ((/* unused pure expression or super */ null && (tableBodyClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/TableBody.js
+
+
+var TableBody_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+
+var TableBody_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTableBodyUtilityClass, classes);
+};
+var TableBodyRoot = styles_styled('tbody', {
+  name: 'MuiTableBody',
+  slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
-    return styles.indicator;
+    return styles.root;
   }
-})(function (_ref7) {
-  var ownerState = _ref7.ownerState,
-    theme = _ref7.theme;
-  return extends_extends({
-    position: 'absolute',
-    height: 2,
-    bottom: 0,
-    width: '100%',
-    transition: theme.transitions.create()
-  }, ownerState.indicatorColor === 'primary' && {
-    backgroundColor: (theme.vars || theme).palette.primary.main
-  }, ownerState.indicatorColor === 'secondary' && {
-    backgroundColor: (theme.vars || theme).palette.secondary.main
-  }, ownerState.vertical && {
-    height: '100%',
-    width: 2,
-    right: 0
-  });
-});
-var TabsScrollbarSize = styles_styled(ScrollbarSize, {
-  name: 'MuiTabs',
-  slot: 'ScrollbarSize'
 })({
-  overflowX: 'auto',
-  overflowY: 'hidden',
-  // Hide dimensionless scrollbar on macOS
-  scrollbarWidth: 'none',
-  // Firefox
-  '&::-webkit-scrollbar': {
-    display: 'none' // Safari + Chrome
-  }
+  display: 'table-row-group'
 });
-
-var defaultIndicatorStyle = {};
-var warnedOnceTabPresent = false;
-var Tabs = /*#__PURE__*/react.forwardRef(function Tabs(inProps, ref) {
+var tablelvl2 = {
+  variant: 'body'
+};
+var TableBody_defaultComponent = 'tbody';
+var TableBody = /*#__PURE__*/react.forwardRef(function TableBody(inProps, ref) {
   var props = useThemeProps_useThemeProps({
     props: inProps,
-    name: 'MuiTabs'
+    name: 'MuiTableBody'
   });
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ariaLabel = props['aria-label'],
-    ariaLabelledBy = props['aria-labelledby'],
-    action = props.action,
-    _props$centered = props.centered,
-    centered = _props$centered === void 0 ? false : _props$centered,
-    childrenProp = props.children,
-    className = props.className,
+  var className = props.className,
     _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    _props$allowScrollBut = props.allowScrollButtonsMobile,
-    allowScrollButtonsMobile = _props$allowScrollBut === void 0 ? false : _props$allowScrollBut,
-    _props$indicatorColor = props.indicatorColor,
-    indicatorColor = _props$indicatorColor === void 0 ? 'primary' : _props$indicatorColor,
-    onChange = props.onChange,
-    _props$orientation = props.orientation,
-    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
-    _props$ScrollButtonCo = props.ScrollButtonComponent,
-    ScrollButtonComponent = _props$ScrollButtonCo === void 0 ? TabScrollButton_TabScrollButton : _props$ScrollButtonCo,
-    _props$scrollButtons = props.scrollButtons,
-    scrollButtons = _props$scrollButtons === void 0 ? 'auto' : _props$scrollButtons,
-    selectionFollowsFocus = props.selectionFollowsFocus,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$TabIndicatorPr = props.TabIndicatorProps,
-    TabIndicatorProps = _props$TabIndicatorPr === void 0 ? {} : _props$TabIndicatorPr,
-    _props$TabScrollButto = props.TabScrollButtonProps,
-    TabScrollButtonProps = _props$TabScrollButto === void 0 ? {} : _props$TabScrollButto,
-    _props$textColor = props.textColor,
-    textColor = _props$textColor === void 0 ? 'primary' : _props$textColor,
-    value = props.value,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'standard' : _props$variant,
-    _props$visibleScrollb = props.visibleScrollbar,
-    visibleScrollbar = _props$visibleScrollb === void 0 ? false : _props$visibleScrollb,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tabs_excluded);
-  var scrollable = variant === 'scrollable';
-  var vertical = orientation === 'vertical';
-  var scrollStart = vertical ? 'scrollTop' : 'scrollLeft';
-  var start = vertical ? 'top' : 'left';
-  var end = vertical ? 'bottom' : 'right';
-  var clientSize = vertical ? 'clientHeight' : 'clientWidth';
-  var size = vertical ? 'height' : 'width';
+    component = _props$component === void 0 ? TableBody_defaultComponent : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableBody_excluded);
   var ownerState = extends_extends({}, props, {
-    component: component,
-    allowScrollButtonsMobile: allowScrollButtonsMobile,
-    indicatorColor: indicatorColor,
-    orientation: orientation,
-    vertical: vertical,
-    scrollButtons: scrollButtons,
-    textColor: textColor,
-    variant: variant,
-    visibleScrollbar: visibleScrollbar,
-    fixed: !scrollable,
-    hideScrollbar: scrollable && !visibleScrollbar,
-    scrollableX: scrollable && !vertical,
-    scrollableY: scrollable && vertical,
-    centered: centered && !scrollable,
-    scrollButtonsHideMobile: !allowScrollButtonsMobile
-  });
-  var classes = Tabs_useUtilityClasses(ownerState);
-  var startScrollButtonIconProps = useSlotProps({
-    elementType: slots.StartScrollButtonIcon,
-    externalSlotProps: slotProps.startScrollButtonIcon,
-    ownerState: ownerState
+    component: component
   });
-  var endScrollButtonIconProps = useSlotProps({
-    elementType: slots.EndScrollButtonIcon,
-    externalSlotProps: slotProps.endScrollButtonIcon,
-    ownerState: ownerState
+  var classes = TableBody_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
+    value: tablelvl2,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableBodyRoot, extends_extends({
+      className: clsx_m(classes.root, className),
+      as: component,
+      ref: ref,
+      role: component === TableBody_defaultComponent ? null : 'rowgroup',
+      ownerState: ownerState
+    }, other))
   });
-  if (false) {}
-  var _React$useState = react.useState(false),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    mounted = _React$useState2[0],
-    setMounted = _React$useState2[1];
-  var _React$useState3 = react.useState(defaultIndicatorStyle),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    indicatorStyle = _React$useState4[0],
-    setIndicatorStyle = _React$useState4[1];
-  var _React$useState5 = react.useState({
-      start: false,
-      end: false
-    }),
-    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
-    displayScroll = _React$useState6[0],
-    setDisplayScroll = _React$useState6[1];
-  var _React$useState7 = react.useState({
-      overflow: 'hidden',
-      scrollbarWidth: 0
-    }),
-    _React$useState8 = slicedToArray_slicedToArray(_React$useState7, 2),
-    scrollerStyle = _React$useState8[0],
-    setScrollerStyle = _React$useState8[1];
-  var valueToIndex = new Map();
-  var tabsRef = react.useRef(null);
-  var tabListRef = react.useRef(null);
-  var getTabsMeta = function getTabsMeta() {
-    var tabsNode = tabsRef.current;
-    var tabsMeta;
-    if (tabsNode) {
-      var rect = tabsNode.getBoundingClientRect();
-      // create a new object with ClientRect class props + scrollLeft
-      tabsMeta = {
-        clientWidth: tabsNode.clientWidth,
-        scrollLeft: tabsNode.scrollLeft,
-        scrollTop: tabsNode.scrollTop,
-        scrollLeftNormalized: getNormalizedScrollLeft(tabsNode, theme.direction),
-        scrollWidth: tabsNode.scrollWidth,
-        top: rect.top,
-        bottom: rect.bottom,
-        left: rect.left,
-        right: rect.right
-      };
-    }
-    var tabMeta;
-    if (tabsNode && value !== false) {
-      var _children = tabListRef.current.children;
-      if (_children.length > 0) {
-        var tab = _children[valueToIndex.get(value)];
-        if (false) {}
-        tabMeta = tab ? tab.getBoundingClientRect() : null;
-        if (false) {}
-      }
-    }
-    return {
-      tabsMeta: tabsMeta,
-      tabMeta: tabMeta
-    };
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableBody_TableBody = (TableBody);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/tableCellClasses.js
+
+
+function getTableCellUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableCell', slot);
+}
+var tableCellClasses = generateUtilityClasses('MuiTableCell', ['root', 'head', 'body', 'footer', 'sizeSmall', 'sizeMedium', 'paddingCheckbox', 'paddingNone', 'alignLeft', 'alignCenter', 'alignRight', 'alignJustify', 'stickyHeader']);
+/* harmony default export */ var TableCell_tableCellClasses = (tableCellClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/TableCell.js
+
+
+
+var TableCell_excluded = ["align", "className", "component", "padding", "scope", "size", "sortDirection", "variant"];
+
+
+
+
+
+
+
+
+
+
+
+
+var TableCell_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    variant = ownerState.variant,
+    align = ownerState.align,
+    padding = ownerState.padding,
+    size = ownerState.size,
+    stickyHeader = ownerState.stickyHeader;
+  var slots = {
+    root: ['root', variant, stickyHeader && 'stickyHeader', align !== 'inherit' && "align".concat(utils_capitalize(align)), padding !== 'normal' && "padding".concat(utils_capitalize(padding)), "size".concat(utils_capitalize(size))]
   };
-  var updateIndicatorState = utils_useEventCallback(function () {
-    var _newIndicatorStyle;
-    var _getTabsMeta = getTabsMeta(),
-      tabsMeta = _getTabsMeta.tabsMeta,
-      tabMeta = _getTabsMeta.tabMeta;
-    var startValue = 0;
-    var startIndicator;
-    if (vertical) {
-      startIndicator = 'top';
-      if (tabMeta && tabsMeta) {
-        startValue = tabMeta.top - tabsMeta.top + tabsMeta.scrollTop;
-      }
-    } else {
-      startIndicator = isRtl ? 'right' : 'left';
-      if (tabMeta && tabsMeta) {
-        var correction = isRtl ? tabsMeta.scrollLeftNormalized + tabsMeta.clientWidth - tabsMeta.scrollWidth : tabsMeta.scrollLeft;
-        startValue = (isRtl ? -1 : 1) * (tabMeta[startIndicator] - tabsMeta[startIndicator] + correction);
-      }
+  return composeClasses(slots, getTableCellUtilityClass, classes);
+};
+var TableCellRoot = styles_styled('td', {
+  name: 'MuiTableCell',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    var ownerState = props.ownerState;
+    return [styles.root, styles[ownerState.variant], styles["size".concat(utils_capitalize(ownerState.size))], ownerState.padding !== 'normal' && styles["padding".concat(utils_capitalize(ownerState.padding))], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.stickyHeader && styles.stickyHeader];
+  }
+})(function (_ref) {
+  var theme = _ref.theme,
+    ownerState = _ref.ownerState;
+  return extends_extends({}, theme.typography.body2, {
+    display: 'table-cell',
+    verticalAlign: 'inherit',
+    // Workaround for a rendering bug with spanned columns in Chrome 62.0.
+    // Removes the alpha (sets it to 1), and lightens or darkens the theme color.
+    borderBottom: theme.vars ? "1px solid ".concat(theme.vars.palette.TableCell.border) : "1px solid\n    ".concat(theme.palette.mode === 'light' ? lighten(alpha(theme.palette.divider, 1), 0.88) : darken(alpha(theme.palette.divider, 1), 0.68)),
+    textAlign: 'left',
+    padding: 16
+  }, ownerState.variant === 'head' && {
+    color: (theme.vars || theme).palette.text.primary,
+    lineHeight: theme.typography.pxToRem(24),
+    fontWeight: theme.typography.fontWeightMedium
+  }, ownerState.variant === 'body' && {
+    color: (theme.vars || theme).palette.text.primary
+  }, ownerState.variant === 'footer' && {
+    color: (theme.vars || theme).palette.text.secondary,
+    lineHeight: theme.typography.pxToRem(21),
+    fontSize: theme.typography.pxToRem(12)
+  }, ownerState.size === 'small' && defineProperty_defineProperty({
+    padding: '6px 16px'
+  }, "&.".concat(TableCell_tableCellClasses.paddingCheckbox), {
+    width: 24,
+    // prevent the checkbox column from growing
+    padding: '0 12px 0 16px',
+    '& > *': {
+      padding: 0
     }
-    var newIndicatorStyle = (_newIndicatorStyle = {}, defineProperty_defineProperty(_newIndicatorStyle, startIndicator, startValue), defineProperty_defineProperty(_newIndicatorStyle, size, tabMeta ? tabMeta[size] : 0), _newIndicatorStyle);
+  }), ownerState.padding === 'checkbox' && {
+    width: 48,
+    // prevent the checkbox column from growing
+    padding: '0 0 0 4px'
+  }, ownerState.padding === 'none' && {
+    padding: 0
+  }, ownerState.align === 'left' && {
+    textAlign: 'left'
+  }, ownerState.align === 'center' && {
+    textAlign: 'center'
+  }, ownerState.align === 'right' && {
+    textAlign: 'right',
+    flexDirection: 'row-reverse'
+  }, ownerState.align === 'justify' && {
+    textAlign: 'justify'
+  }, ownerState.stickyHeader && {
+    position: 'sticky',
+    top: 0,
+    zIndex: 2,
+    backgroundColor: (theme.vars || theme).palette.background.default
+  });
+});
 
-    // IE11 support, replace with Number.isNaN
-    // eslint-disable-next-line no-restricted-globals
-    if (isNaN(indicatorStyle[startIndicator]) || isNaN(indicatorStyle[size])) {
-      setIndicatorStyle(newIndicatorStyle);
-    } else {
-      var dStart = Math.abs(indicatorStyle[startIndicator] - newIndicatorStyle[startIndicator]);
-      var dSize = Math.abs(indicatorStyle[size] - newIndicatorStyle[size]);
-      if (dStart >= 1 || dSize >= 1) {
-        setIndicatorStyle(newIndicatorStyle);
-      }
-    }
+/**
+ * The component renders a `<th>` element when the parent context is a header
+ * or otherwise a `<td>` element.
+ */
+var TableCell = /*#__PURE__*/react.forwardRef(function TableCell(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableCell'
   });
-  var scroll = function scroll(scrollValue) {
-    var _ref8 = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
-      _ref8$animation = _ref8.animation,
-      animation = _ref8$animation === void 0 ? true : _ref8$animation;
-    if (animation) {
-      animate(scrollStart, tabsRef.current, scrollValue, {
-        duration: theme.transitions.duration.standard
-      });
-    } else {
-      tabsRef.current[scrollStart] = scrollValue;
-    }
-  };
-  var moveTabsScroll = function moveTabsScroll(delta) {
-    var scrollValue = tabsRef.current[scrollStart];
-    if (vertical) {
-      scrollValue += delta;
-    } else {
-      scrollValue += delta * (isRtl ? -1 : 1);
-      // Fix for Edge
-      scrollValue *= isRtl && detectScrollType() === 'reverse' ? -1 : 1;
-    }
-    scroll(scrollValue);
-  };
-  var getScrollSize = function getScrollSize() {
-    var containerSize = tabsRef.current[clientSize];
-    var totalSize = 0;
-    var children = Array.from(tabListRef.current.children);
-    for (var i = 0; i < children.length; i += 1) {
-      var tab = children[i];
-      if (totalSize + tab[clientSize] > containerSize) {
-        // If the first item is longer than the container size, then only scroll
-        // by the container size.
-        if (i === 0) {
-          totalSize = containerSize;
-        }
-        break;
-      }
-      totalSize += tab[clientSize];
-    }
-    return totalSize;
-  };
-  var handleStartScrollClick = function handleStartScrollClick() {
-    moveTabsScroll(-1 * getScrollSize());
-  };
-  var handleEndScrollClick = function handleEndScrollClick() {
-    moveTabsScroll(getScrollSize());
-  };
+  var _props$align = props.align,
+    align = _props$align === void 0 ? 'inherit' : _props$align,
+    className = props.className,
+    componentProp = props.component,
+    paddingProp = props.padding,
+    scopeProp = props.scope,
+    sizeProp = props.size,
+    sortDirection = props.sortDirection,
+    variantProp = props.variant,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableCell_excluded);
+  var table = react.useContext(Table_TableContext);
+  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
+  var isHeadCell = tablelvl2 && tablelvl2.variant === 'head';
+  var component;
+  if (componentProp) {
+    component = componentProp;
+  } else {
+    component = isHeadCell ? 'th' : 'td';
+  }
+  var scope = scopeProp;
+  // scope is not a valid attribute for <td/> elements.
+  // source: https://html.spec.whatwg.org/multipage/tables.html#the-td-element
+  if (component === 'td') {
+    scope = undefined;
+  } else if (!scope && isHeadCell) {
+    scope = 'col';
+  }
+  var variant = variantProp || tablelvl2 && tablelvl2.variant;
+  var ownerState = extends_extends({}, props, {
+    align: align,
+    component: component,
+    padding: paddingProp || (table && table.padding ? table.padding : 'normal'),
+    size: sizeProp || (table && table.size ? table.size : 'medium'),
+    sortDirection: sortDirection,
+    stickyHeader: variant === 'head' && table && table.stickyHeader,
+    variant: variant
+  });
+  var classes = TableCell_useUtilityClasses(ownerState);
+  var ariaSort = null;
+  if (sortDirection) {
+    ariaSort = sortDirection === 'asc' ? 'ascending' : 'descending';
+  }
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableCellRoot, extends_extends({
+    as: component,
+    ref: ref,
+    className: clsx_m(classes.root, className),
+    "aria-sort": ariaSort,
+    scope: scope,
+    ownerState: ownerState
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableCell_TableCell = (TableCell);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/tableContainerClasses.js
 
-  // TODO Remove <ScrollbarSize /> as browser support for hiding the scrollbar
-  // with CSS improves.
-  var handleScrollbarSizeChange = react.useCallback(function (scrollbarWidth) {
-    setScrollerStyle({
-      overflow: null,
-      scrollbarWidth: scrollbarWidth
-    });
-  }, []);
-  var getConditionalElements = function getConditionalElements() {
-    var conditionalElements = {};
-    conditionalElements.scrollbarSizeListener = scrollable ? /*#__PURE__*/(0,jsx_runtime.jsx)(TabsScrollbarSize, {
-      onChange: handleScrollbarSizeChange,
-      className: clsx_m(classes.scrollableX, classes.hideScrollbar)
-    }) : null;
-    var scrollButtonsActive = displayScroll.start || displayScroll.end;
-    var showScrollButtons = scrollable && (scrollButtons === 'auto' && scrollButtonsActive || scrollButtons === true);
-    conditionalElements.scrollButtonStart = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
-      slots: {
-        StartScrollButtonIcon: slots.StartScrollButtonIcon
-      },
-      slotProps: {
-        startScrollButtonIcon: startScrollButtonIconProps
-      },
-      orientation: orientation,
-      direction: isRtl ? 'right' : 'left',
-      onClick: handleStartScrollClick,
-      disabled: !displayScroll.start
-    }, TabScrollButtonProps, {
-      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
-    })) : null;
-    conditionalElements.scrollButtonEnd = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
-      slots: {
-        EndScrollButtonIcon: slots.EndScrollButtonIcon
-      },
-      slotProps: {
-        endScrollButtonIcon: endScrollButtonIconProps
-      },
-      orientation: orientation,
-      direction: isRtl ? 'left' : 'right',
-      onClick: handleEndScrollClick,
-      disabled: !displayScroll.end
-    }, TabScrollButtonProps, {
-      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
-    })) : null;
-    return conditionalElements;
+
+function getTableContainerUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableContainer', slot);
+}
+var tableContainerClasses = generateUtilityClasses('MuiTableContainer', ['root']);
+/* harmony default export */ var TableContainer_tableContainerClasses = ((/* unused pure expression or super */ null && (tableContainerClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/TableContainer.js
+
+
+var TableContainer_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+var TableContainer_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
   };
-  var scrollSelectedIntoView = utils_useEventCallback(function (animation) {
-    var _getTabsMeta2 = getTabsMeta(),
-      tabsMeta = _getTabsMeta2.tabsMeta,
-      tabMeta = _getTabsMeta2.tabMeta;
-    if (!tabMeta || !tabsMeta) {
-      return;
-    }
-    if (tabMeta[start] < tabsMeta[start]) {
-      // left side of button is out of view
-      var nextScrollStart = tabsMeta[scrollStart] + (tabMeta[start] - tabsMeta[start]);
-      scroll(nextScrollStart, {
-        animation: animation
-      });
-    } else if (tabMeta[end] > tabsMeta[end]) {
-      // right side of button is out of view
-      var _nextScrollStart = tabsMeta[scrollStart] + (tabMeta[end] - tabsMeta[end]);
-      scroll(_nextScrollStart, {
-        animation: animation
-      });
-    }
+  return composeClasses(slots, getTableContainerUtilityClass, classes);
+};
+var TableContainerRoot = styles_styled('div', {
+  name: 'MuiTableContainer',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  width: '100%',
+  overflowX: 'auto'
+});
+var TableContainer = /*#__PURE__*/react.forwardRef(function TableContainer(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableContainer'
   });
-  var updateScrollButtonState = utils_useEventCallback(function () {
-    if (scrollable && scrollButtons !== false) {
-      var _tabsRef$current = tabsRef.current,
-        scrollTop = _tabsRef$current.scrollTop,
-        scrollHeight = _tabsRef$current.scrollHeight,
-        clientHeight = _tabsRef$current.clientHeight,
-        scrollWidth = _tabsRef$current.scrollWidth,
-        clientWidth = _tabsRef$current.clientWidth;
-      var showStartScroll;
-      var showEndScroll;
-      if (vertical) {
-        showStartScroll = scrollTop > 1;
-        showEndScroll = scrollTop < scrollHeight - clientHeight - 1;
-      } else {
-        var scrollLeft = getNormalizedScrollLeft(tabsRef.current, theme.direction);
-        // use 1 for the potential rounding error with browser zooms.
-        showStartScroll = isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
-        showEndScroll = !isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
-      }
-      if (showStartScroll !== displayScroll.start || showEndScroll !== displayScroll.end) {
-        setDisplayScroll({
-          start: showStartScroll,
-          end: showEndScroll
-        });
-      }
-    }
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? 'div' : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableContainer_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component
   });
-  react.useEffect(function () {
-    var handleResize = utils_debounce(function () {
-      // If the Tabs component is replaced by Suspense with a fallback, the last
-      // ResizeObserver's handler that runs because of the change in the layout is trying to
-      // access a dom node that is no longer there (as the fallback component is being shown instead).
-      // See https://github.com/mui/material-ui/issues/33276
-      // TODO: Add tests that will ensure the component is not failing when
-      // replaced by Suspense with a fallback, once React is updated to version 18
-      if (tabsRef.current) {
-        updateIndicatorState();
-        updateScrollButtonState();
-      }
-    });
-    var win = utils_ownerWindow(tabsRef.current);
-    win.addEventListener('resize', handleResize);
-    var resizeObserver;
-    if (typeof ResizeObserver !== 'undefined') {
-      resizeObserver = new ResizeObserver(handleResize);
-      Array.from(tabListRef.current.children).forEach(function (child) {
-        resizeObserver.observe(child);
-      });
-    }
-    return function () {
-      handleResize.clear();
-      win.removeEventListener('resize', handleResize);
-      if (resizeObserver) {
-        resizeObserver.disconnect();
-      }
-    };
-  }, [updateIndicatorState, updateScrollButtonState]);
-  var handleTabsScroll = react.useMemo(function () {
-    return utils_debounce(function () {
-      updateScrollButtonState();
-    });
-  }, [updateScrollButtonState]);
-  react.useEffect(function () {
-    return function () {
-      handleTabsScroll.clear();
-    };
-  }, [handleTabsScroll]);
-  react.useEffect(function () {
-    setMounted(true);
-  }, []);
-  react.useEffect(function () {
-    updateIndicatorState();
-    updateScrollButtonState();
+  var classes = TableContainer_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableContainerRoot, extends_extends({
+    ref: ref,
+    as: component,
+    className: clsx_m(classes.root, className),
+    ownerState: ownerState
+  }, other));
+});
+ false ? 0 : void 0;
+/* harmony default export */ var TableContainer_TableContainer = (TableContainer);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/tableHeadClasses.js
+
+
+function getTableHeadUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableHead', slot);
+}
+var tableHeadClasses = generateUtilityClasses('MuiTableHead', ['root']);
+/* harmony default export */ var TableHead_tableHeadClasses = ((/* unused pure expression or super */ null && (tableHeadClasses)));
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/TableHead.js
+
+
+var TableHead_excluded = ["className", "component"];
+
+
+
+
+
+
+
+
+
+var TableHead_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes;
+  var slots = {
+    root: ['root']
+  };
+  return composeClasses(slots, getTableHeadUtilityClass, classes);
+};
+var TableHeadRoot = styles_styled('thead', {
+  name: 'MuiTableHead',
+  slot: 'Root',
+  overridesResolver: function overridesResolver(props, styles) {
+    return styles.root;
+  }
+})({
+  display: 'table-header-group'
+});
+var TableHead_tablelvl2 = {
+  variant: 'head'
+};
+var TableHead_defaultComponent = 'thead';
+var TableHead = /*#__PURE__*/react.forwardRef(function TableHead(inProps, ref) {
+  var props = useThemeProps_useThemeProps({
+    props: inProps,
+    name: 'MuiTableHead'
   });
-  react.useEffect(function () {
-    // Don't animate on the first render.
-    scrollSelectedIntoView(defaultIndicatorStyle !== indicatorStyle);
-  }, [scrollSelectedIntoView, indicatorStyle]);
-  react.useImperativeHandle(action, function () {
-    return {
-      updateIndicator: updateIndicatorState,
-      updateScrollButtons: updateScrollButtonState
-    };
-  }, [updateIndicatorState, updateScrollButtonState]);
-  var indicator = /*#__PURE__*/(0,jsx_runtime.jsx)(TabsIndicator, extends_extends({}, TabIndicatorProps, {
-    className: clsx_m(classes.indicator, TabIndicatorProps.className),
-    ownerState: ownerState,
-    style: extends_extends({}, indicatorStyle, TabIndicatorProps.style)
-  }));
-  var childIndex = 0;
-  var children = react.Children.map(childrenProp, function (child) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      return null;
-    }
-    if (false) {}
-    var childValue = child.props.value === undefined ? childIndex : child.props.value;
-    valueToIndex.set(childValue, childIndex);
-    var selected = childValue === value;
-    childIndex += 1;
-    return /*#__PURE__*/react.cloneElement(child, extends_extends({
-      fullWidth: variant === 'fullWidth',
-      indicator: selected && !mounted && indicator,
-      selected: selected,
-      selectionFollowsFocus: selectionFollowsFocus,
-      onChange: onChange,
-      textColor: textColor,
-      value: childValue
-    }, childIndex === 1 && value === false && !child.props.tabIndex ? {
-      tabIndex: 0
-    } : {}));
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? TableHead_defaultComponent : _props$component,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableHead_excluded);
+  var ownerState = extends_extends({}, props, {
+    component: component
+  });
+  var classes = TableHead_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
+    value: TableHead_tablelvl2,
+    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableHeadRoot, extends_extends({
+      as: component,
+      className: clsx_m(classes.root, className),
+      ref: ref,
+      role: component === TableHead_defaultComponent ? null : 'rowgroup',
+      ownerState: ownerState
+    }, other))
   });
-  var handleKeyDown = function handleKeyDown(event) {
-    var list = tabListRef.current;
-    var currentFocus = utils_ownerDocument(list).activeElement;
-    // Keyboard navigation assumes that [role="tab"] are siblings
-    // though we might warn in the future about nested, interactive elements
-    // as a a11y violation
-    var role = currentFocus.getAttribute('role');
-    if (role !== 'tab') {
-      return;
-    }
-    var previousItemKey = orientation === 'horizontal' ? 'ArrowLeft' : 'ArrowUp';
-    var nextItemKey = orientation === 'horizontal' ? 'ArrowRight' : 'ArrowDown';
-    if (orientation === 'horizontal' && isRtl) {
-      // swap previousItemKey with nextItemKey
-      previousItemKey = 'ArrowRight';
-      nextItemKey = 'ArrowLeft';
-    }
-    switch (event.key) {
-      case previousItemKey:
-        event.preventDefault();
-        Tabs_moveFocus(list, currentFocus, Tabs_previousItem);
-        break;
-      case nextItemKey:
-        event.preventDefault();
-        Tabs_moveFocus(list, currentFocus, Tabs_nextItem);
-        break;
-      case 'Home':
-        event.preventDefault();
-        Tabs_moveFocus(list, null, Tabs_nextItem);
-        break;
-      case 'End':
-        event.preventDefault();
-        Tabs_moveFocus(list, null, Tabs_previousItem);
-        break;
-      default:
-        break;
-    }
-  };
-  var conditionalElements = getConditionalElements();
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref,
-    as: component
-  }, other, {
-    children: [conditionalElements.scrollButtonStart, conditionalElements.scrollbarSizeListener, /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsScroller, {
-      className: classes.scroller,
-      ownerState: ownerState,
-      style: defineProperty_defineProperty({
-        overflow: scrollerStyle.overflow
-      }, vertical ? "margin".concat(isRtl ? 'Left' : 'Right') : 'marginBottom', visibleScrollbar ? undefined : -scrollerStyle.scrollbarWidth),
-      ref: tabsRef,
-      onScroll: handleTabsScroll,
-      children: [/*#__PURE__*/(0,jsx_runtime.jsx)(FlexContainer, {
-        "aria-label": ariaLabel,
-        "aria-labelledby": ariaLabelledBy,
-        "aria-orientation": orientation === 'vertical' ? 'vertical' : null,
-        className: classes.flexContainer,
-        ownerState: ownerState,
-        onKeyDown: handleKeyDown,
-        ref: tabListRef,
-        role: "tablist",
-        children: children
-      }), mounted && indicator]
-    }), conditionalElements.scrollButtonEnd]
-  }));
 });
  false ? 0 : void 0;
-/* harmony default export */ var Tabs_Tabs = (Tabs);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabList/TabList.js
-
-
-var TabList_excluded = ["children"];
-
-
+/* harmony default export */ var TableHead_TableHead = (TableHead);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/tableRowClasses.js
 
 
+function getTableRowUtilityClass(slot) {
+  return generateUtilityClass_generateUtilityClass('MuiTableRow', slot);
+}
+var tableRowClasses = generateUtilityClasses('MuiTableRow', ['root', 'selected', 'hover', 'head', 'footer']);
+/* harmony default export */ var TableRow_tableRowClasses = (tableRowClasses);
+;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/TableRow.js
 
-var TabList = /*#__PURE__*/react.forwardRef(function TabList(props, ref) {
-  var childrenProp = props.children,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabList_excluded);
-  var context = useTabContext();
-  if (context === null) {
-    throw new TypeError('No TabContext provided');
-  }
-  var children = react.Children.map(childrenProp, function (child) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      return null;
-    }
-    return /*#__PURE__*/react.cloneElement(child, {
-      // SOMEDAY: `Tabs` will set those themselves
-      'aria-controls': getPanelId(context, child.props.value),
-      id: getTabId(context, child.props.value)
-    });
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Tabs_Tabs, extends_extends({}, other, {
-    ref: ref,
-    value: context.value,
-    children: children
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TabList_TabList = (TabList);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/tabPanelClasses.js
 
 
-function getTabPanelUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabPanel', slot);
-}
-var tabPanelClasses = generateUtilityClasses('MuiTabPanel', ['root']);
-/* harmony default export */ var TabPanel_tabPanelClasses = ((/* unused pure expression or super */ null && (tabPanelClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/TabPanel.js
+var TableRow_excluded = ["className", "component", "hover", "selected"];
 
 
-var TabPanel_excluded = ["children", "className", "value"];
 
 
 
@@ -59105,72 +59075,196 @@ var TabPanel_excluded = ["children", "className", "value"];
 
 
 
-var TabPanel_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
+var TableRow_useUtilityClasses = function useUtilityClasses(ownerState) {
+  var classes = ownerState.classes,
+    selected = ownerState.selected,
+    hover = ownerState.hover,
+    head = ownerState.head,
+    footer = ownerState.footer;
   var slots = {
-    root: ['root']
+    root: ['root', selected && 'selected', hover && 'hover', head && 'head', footer && 'footer']
   };
-  return composeClasses(slots, getTabPanelUtilityClass, classes);
+  return composeClasses(slots, getTableRowUtilityClass, classes);
 };
-var TabPanelRoot = styles_styled('div', {
-  name: 'MuiTabPanel',
+var TableRowRoot = styles_styled('tr', {
+  name: 'MuiTableRow',
   slot: 'Root',
   overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
+    var ownerState = props.ownerState;
+    return [styles.root, ownerState.head && styles.head, ownerState.footer && styles.footer];
   }
 })(function (_ref) {
+  var _ref2;
   var theme = _ref.theme;
-  return {
-    padding: theme.spacing(3)
-  };
+  return _ref2 = {
+    color: 'inherit',
+    display: 'table-row',
+    verticalAlign: 'middle',
+    // We disable the focus ring for mouse, touch and keyboard users.
+    outline: 0
+  }, defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.hover, ":hover"), {
+    backgroundColor: (theme.vars || theme).palette.action.hover
+  }), defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.selected), {
+    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
+    '&:hover': {
+      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity)
+    }
+  }), _ref2;
 });
-var TabPanel = /*#__PURE__*/react.forwardRef(function TabPanel(inProps, ref) {
+var TableRow_defaultComponent = 'tr';
+/**
+ * Will automatically set dynamic row height
+ * based on the material table element parent (head, body, etc).
+ */
+var TableRow = /*#__PURE__*/react.forwardRef(function TableRow(inProps, ref) {
   var props = useThemeProps_useThemeProps({
     props: inProps,
-    name: 'MuiTabPanel'
+    name: 'MuiTableRow'
   });
-  var children = props.children,
-    className = props.className,
-    value = props.value,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabPanel_excluded);
-  var ownerState = extends_extends({}, props);
-  var classes = TabPanel_useUtilityClasses(ownerState);
-  var context = useTabContext();
-  if (context === null) {
-    throw new TypeError('No TabContext provided');
-  }
-  var id = getPanelId(context, value);
-  var tabId = getTabId(context, value);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabPanelRoot, extends_extends({
-    "aria-labelledby": tabId,
-    className: clsx_m(classes.root, className),
-    hidden: value !== context.value,
-    id: id,
+  var className = props.className,
+    _props$component = props.component,
+    component = _props$component === void 0 ? TableRow_defaultComponent : _props$component,
+    _props$hover = props.hover,
+    hover = _props$hover === void 0 ? false : _props$hover,
+    _props$selected = props.selected,
+    selected = _props$selected === void 0 ? false : _props$selected,
+    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableRow_excluded);
+  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
+  var ownerState = extends_extends({}, props, {
+    component: component,
+    hover: hover,
+    selected: selected,
+    head: tablelvl2 && tablelvl2.variant === 'head',
+    footer: tablelvl2 && tablelvl2.variant === 'footer'
+  });
+  var classes = TableRow_useUtilityClasses(ownerState);
+  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableRowRoot, extends_extends({
+    as: component,
     ref: ref,
-    role: "tabpanel",
+    className: clsx_m(classes.root, className),
+    role: component === TableRow_defaultComponent ? null : 'row',
     ownerState: ownerState
-  }, other, {
-    children: value === context.value && children
-  }));
+  }, other));
 });
  false ? 0 : void 0;
-/* harmony default export */ var TabPanel_TabPanel = (TabPanel);
-;// CONCATENATED MODULE: ./src/components/result-view/SidePanel.tsx
-var SidePanel=function SidePanel(props){var _props$provider;var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedTab=_useState2[0],setSelectedTab=_useState2[1];var theme=styles_useTheme_useTheme();function handleTabChange(_e,value){setSelectedTab(value);}var tabs=(_props$provider=props.provider)===null||_props$provider===void 0?void 0:_props$provider.buildSidePanelTabs();if(!tabs){tabs=[];}(0,react.useEffect)(function(){var _tabs;if(!((_tabs=tabs)!==null&&_tabs!==void 0&&_tabs.length)){setSelectedTab("");return;}if(!selectedTab){setSelectedTab(tabs[0].label);return;}if(!tabs.find(function(x){return x.label===selectedTab;})){// reset it after the type of selected item has changed
-setSelectedTab(tabs[0].label);}// ignore that it wants us to add selectedTab to the deps (it would cause and endless loop)
-// eslint-disable-next-line
-},[props.provider]);if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},tab.label);})})]})});};
-;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
-var Card_excluded=["children"],Card_excluded2=["children"],Card_excluded3=["children"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function Card(_ref){var children=_ref.children,rest=objectWithoutProperties_objectWithoutProperties(_ref,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},rest),{},{children:children}));}function CardCol(_ref2){var children=_ref2.children,rest=objectWithoutProperties_objectWithoutProperties(_ref2,Card_excluded2);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}function CardRow(_ref3){var children=_ref3.children,rest=objectWithoutProperties_objectWithoutProperties(_ref3,Card_excluded3);return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},rest),{},{children:children}));}
-;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultDetailsDrawer.tsx
-var sidePanelWidth=720;function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CommandResultDetailsDrawer=/*#__PURE__*/react.memo(function(props){var ps=props.ps,ts=props.ts,selectedCardRect=props.selectedCardRect;var api=(0,react.useContext)(ApiContext);var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(ts),_useState4=slicedToArray_slicedToArray(_useState3,2),prevTargetSummary=_useState4[0],setPrevTargetSummary=_useState4[1];var _useState5=(0,react.useState)([]),_useState6=slicedToArray_slicedToArray(_useState5,2),cardsCoords=_useState6[0],setCardsCoords=_useState6[1];var _useState7=(0,react.useState)(false),_useState8=slicedToArray_slicedToArray(_useState7,2),transitionRunning=_useState8[0],setTransitionRunning=_useState8[1];if(prevTargetSummary!==ts){var _ts$commandResults;setPrevTargetSummary(ts);setSelectedCommandResult(ts===null||ts===void 0?void 0:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults[0]);}var _useLoadingHelper=useLoadingHelper(function(){if(selectedCommandResult===undefined){return Promise.resolve(undefined);}return doGetRootNode(api,selectedCommandResult);},[selectedCommandResult]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],nodeData=_useLoadingHelper2[2];var cardsContainerElem=(0,react.useRef)();(0,react.useEffect)(function(){var _cardsContainerElem$c;var rect=(_cardsContainerElem$c=cardsContainerElem.current)===null||_cardsContainerElem$c===void 0?void 0:_cardsContainerElem$c.getBoundingClientRect();if(!rect||!selectedCardRect||!(ts!==null&&ts!==void 0&&ts.commandResults)){setCardsCoords([]);return;}var initialCoords=ts.commandResults.map(function(){return{left:selectedCardRect.left-rect.left,top:selectedCardRect.top-rect.top};});setCardsCoords(initialCoords);setTransitionRunning(true);},[selectedCardRect,ts===null||ts===void 0?void 0:ts.commandResults]);(0,react.useEffect)(function(){if(cardsCoords.length>0){var targetCoords=cardsCoords.map(function(_,i){return{left:0,top:i*(cardHeight+cardGap)};});if(cardsCoords.length===targetCoords.length&&cardsCoords.every(function(_ref,i){var left=_ref.left,top=_ref.top;return targetCoords[i].left===left&&targetCoords[i].top===top;})){return;}setTimeout(function(){setCardsCoords(targetCoords);setTimeout(function(){setTransitionRunning(false);},theme.transitions.duration.enteringScreen);},10);}},[cardsCoords,theme.transitions.duration.enteringScreen]);var zIndex=theme.zIndex.modal+1;var cards=(0,react.useMemo)(function(){if(!(ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&cardsCoords.length>0)){return null;}return ts.commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{position:'absolute',translate:"".concat(cardsCoords[i].left,"px ").concat(cardsCoords[i].top,"px"),zIndex:zIndex,transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:setSelectedCommandResult,selected:rs===selectedCommandResult})},rs.id);});},[ps,ts,cardsCoords,zIndex,theme.transitions,selectedCommandResult]);if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[ps&&ts&&ts.commandResults&&ts.commandResults.length>0&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{position:'fixed',top:0,bottom:0,right:sidePanelWidth,width:"calc(100% - ".concat(sidePanelWidth,"px)"),overflowX:'visible',overflowY:transitionRunning?'visible':'auto',display:'flex',flexDirection:'column',alignItems:'center',justifyContent:'center',padding:'25px 0',zIndex:zIndex},onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{onClick:function onClick(e){return e.stopPropagation();},position:"relative",width:cardWidth,height:cardHeight*ts.commandResults.length+cardGap*(ts.commandResults.length-1),ref:cardsContainerElem,children:cards})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.rs!==undefined,onClose:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:sidePanelWidth,height:"100%",children:loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:nodeData,onClose:props.onClose})})})})]});});
+/* harmony default export */ var TableRow_TableRow = (TableRow);
+;// CONCATENATED MODULE: ./src/components/PropertiesTable.tsx
+function PropertiesTable(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Name"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Value"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.properties.map(function(row){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.name}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.value})]},row.name);})})]})});}
+// EXTERNAL MODULE: ./node_modules/js-sha256/src/sha256.js
+var sha256 = __webpack_require__(981);
+;// CONCATENATED MODULE: ./src/utils/listKey.ts
+function buildListKey(o){var j=JSON.stringify(o);return (0,sha256.sha256)(j);}
+;// CONCATENATED MODULE: ./src/components/result-view/ChangesTable.tsx
+var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},buildRefString(ref));})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},buildListKey(c));})})]})},buildRefString(co.ref));})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
+;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
+function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},buildListKey(e));})})]})})})});}
+;// CONCATENATED MODULE: ./src/components/ObjectYaml.tsx
+var ObjectYaml=function ObjectYaml(props){var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(/*#__PURE__*/asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);})),[props.treeProps.summary.id,props.objectRef,props.objectType]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],error=_useLoadingHelper2[1],content=_useLoadingHelper2[2];if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(error){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}else{return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:content,language:"yaml"});}};
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeData.tsx
+var DiffStatus=/*#__PURE__*/function(){function DiffStatus(){classCallCheck_classCallCheck(this,DiffStatus);this.newObjects=[];this.deletedObjects=[];this.orphanObjects=[];this.changedObjects=[];this.totalInsertions=0;this.totalDeletions=0;this.totalUpdates=0;}createClass_createClass(DiffStatus,[{key:"addChangedObject",value:function addChangedObject(co){var _co$changes,_this=this;this.changedObjects.push(co);(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.forEach(function(x){switch(x.type){case"insert":_this.totalInsertions++;break;case"delete":_this.totalDeletions++;break;case"update":_this.totalUpdates++;break;}});}},{key:"merge",value:function merge(other){this.newObjects=this.newObjects.concat(other.newObjects);this.deletedObjects=this.deletedObjects.concat(other.deletedObjects);this.orphanObjects=this.orphanObjects.concat(other.orphanObjects);this.changedObjects=this.changedObjects.concat(other.changedObjects);this.totalInsertions+=other.totalInsertions;this.totalDeletions+=other.totalDeletions;this.totalUpdates+=other.totalUpdates;}},{key:"hasDiffs",value:function hasDiffs(){if(this.newObjects.length||this.deletedObjects.length||this.orphanObjects.length){return true;}if(this.changedObjects.find(function(co){var _co$changes2;return((_co$changes2=co.changes)===null||_co$changes2===void 0?void 0:_co$changes2.length)!==0;})){return true;}return false;}}]);return DiffStatus;}();var HealthStatus=/*#__PURE__*/function(){function HealthStatus(){classCallCheck_classCallCheck(this,HealthStatus);this.errors=[];this.warnings=[];}createClass_createClass(HealthStatus,[{key:"merge",value:function merge(other){this.errors=this.errors.concat(other.errors);this.warnings=this.warnings.concat(other.warnings);}}]);return HealthStatus;}();var NodeData=/*#__PURE__*/function(){function NodeData(props,id,hasHealthStatus,hasDiffStatus){classCallCheck_classCallCheck(this,NodeData);this.props=void 0;this.id=void 0;this.children=[];this.healthStatus=void 0;this.diffStatus=void 0;this.props=props;this.id=id;if(hasHealthStatus){this.healthStatus=new HealthStatus();}if(hasDiffStatus){this.diffStatus=new DiffStatus();}}createClass_createClass(NodeData,[{key:"pushChild",value:function pushChild(child,front){if(front){this.children.unshift(child);}else{this.children.push(child);}this.merge(child);}},{key:"merge",value:function merge(other){if(this.diffStatus&&other.diffStatus){this.diffStatus.merge(other.diffStatus);}if(this.healthStatus&&other.healthStatus){this.healthStatus.merge(other.healthStatus);}}},{key:"buildStatusLine",value:function buildStatusLine(){var _this$healthStatus,_this$healthStatus2,_this$diffStatus,_this$diffStatus2,_this$diffStatus3,_this$diffStatus4;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_this$healthStatus=this.healthStatus)===null||_this$healthStatus===void 0?void 0:_this$healthStatus.errors.length,warnings:(_this$healthStatus2=this.healthStatus)===null||_this$healthStatus2===void 0?void 0:_this$healthStatus2.warnings.length,changedObjects:(_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.changedObjects.length,newObjects:(_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.newObjects.length,deletedObjects:(_this$diffStatus3=this.diffStatus)===null||_this$diffStatus3===void 0?void 0:_this$diffStatus3.deletedObjects.length,orphanObjects:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.orphanObjects.length});}},{key:"buildTreeItem",value:function buildTreeItem(hasChildren){var _this$healthStatus3,_this$healthStatus4,_this$diffStatus5,_this$diffStatus6,_this$diffStatus7,_this$diffStatus8;var _this$buildIcon=this.buildIcon(),_this$buildIcon2=slicedToArray_slicedToArray(_this$buildIcon,2),icon=_this$buildIcon2[0],iconText=_this$buildIcon2[1];var hasStatusLine=[(_this$healthStatus3=this.healthStatus)===null||_this$healthStatus3===void 0?void 0:_this$healthStatus3.errors.length,(_this$healthStatus4=this.healthStatus)===null||_this$healthStatus4===void 0?void 0:_this$healthStatus4.warnings.length,(_this$diffStatus5=this.diffStatus)===null||_this$diffStatus5===void 0?void 0:_this$diffStatus5.changedObjects.length,(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.newObjects.length,(_this$diffStatus7=this.diffStatus)===null||_this$diffStatus7===void 0?void 0:_this$diffStatus7.deletedObjects.length,(_this$diffStatus8=this.diffStatus)===null||_this$diffStatus8===void 0?void 0:_this$diffStatus8.orphanObjects.length].some(function(x){return(x||0)>0;});return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",width:"30px",height:"100%",flex:"0 0 auto",mr:"13px",sx:{'& svg':{width:'30px',height:'30px'}},children:[icon,/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",component:"div",fontSize:"12px",fontWeight:400,lineHeight:"16px",height:"16px",children:iconText})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",py:"15px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,_objectSpread2(_objectSpread2({variant:"h6",component:"div",sx:{wordBreak:'break-all'}},hasChildren?{}:{fontSize:'16px',lineHeight:'22px'}),{},{children:this.buildSidePanelTitle()}))}),hasStatusLine&&/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"100%",width:"172px",flex:"0 0 auto",display:"flex",alignItems:"center",px:"14px",ml:"14px",position:"relative",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),this.buildStatusLine()]})]});}},{key:"buildDiffAndHealthPages",value:function buildDiffAndHealthPages(tabs){this.buildChangesPage(tabs);this.buildErrorsPage(tabs);this.buildWarningsPage(tabs);}},{key:"buildObjectPage",value:function buildObjectPage(ref,objectType){return/*#__PURE__*/(0,jsx_runtime.jsx)(ObjectYaml,{treeProps:this.props,objectRef:ref,objectType:objectType});}},{key:"buildChangesPage",value:function buildChangesPage(tabs){var _this$diffStatus9;if(!((_this$diffStatus9=this.diffStatus)!==null&&_this$diffStatus9!==void 0&&_this$diffStatus9.hasDiffs())){return undefined;}tabs.push({label:"Changes",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}},{key:"buildErrorsPage",value:function buildErrorsPage(tabs){var _this$healthStatus5;if(!((_this$healthStatus5=this.healthStatus)!==null&&_this$healthStatus5!==void 0&&_this$healthStatus5.errors.length)){return undefined;}tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.errors})});}},{key:"buildWarningsPage",value:function buildWarningsPage(tabs){var _this$healthStatus6;if(!((_this$healthStatus6=this.healthStatus)!==null&&_this$healthStatus6!==void 0&&_this$healthStatus6.warnings.length)){return undefined;}tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.warnings})});}}]);return NodeData;}();
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetDetailsDrawer.tsx
 var MyProvider=/*#__PURE__*/function(){function MyProvider(ts){var _this$ts,_this$ts$lastValidate,_this$ts$lastValidate2,_this=this;classCallCheck_classCallCheck(this,MyProvider);this.ts=void 0;this.diffStatus=void 0;this.ts=ts;this.diffStatus=new DiffStatus();(_this$ts=this.ts)===null||_this$ts===void 0?void 0:(_this$ts$lastValidate=_this$ts.lastValidateResult)===null||_this$ts$lastValidate===void 0?void 0:(_this$ts$lastValidate2=_this$ts$lastValidate.drift)===null||_this$ts$lastValidate2===void 0?void 0:_this$ts$lastValidate2.forEach(function(co){_this.diffStatus.addChangedObject(co);});}createClass_createClass(MyProvider,[{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _this$ts$lastValidate3,_this$ts$lastValidate4,_this$ts$lastValidate5,_this$ts$lastValidate6;if(!this.ts){return[];}var tabs=[{label:"Summary",content:this.buildSummaryTab()}];if(this.ts.target)if(this.diffStatus.changedObjects.length){tabs.push({label:"Drift",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}if((_this$ts$lastValidate3=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate3!==void 0&&(_this$ts$lastValidate4=_this$ts$lastValidate3.errors)!==null&&_this$ts$lastValidate4!==void 0&&_this$ts$lastValidate4.length){tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.errors})});}if((_this$ts$lastValidate5=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate5!==void 0&&(_this$ts$lastValidate6=_this$ts$lastValidate5.warnings)!==null&&_this$ts$lastValidate6!==void 0&&_this$ts$lastValidate6.length){tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.warnings})});}return tabs;}},{key:"buildSummaryTab",value:function buildSummaryTab(){var _this$ts2,_this$ts3,_this$ts4,_this$ts4$lastValidat,_this$ts4$lastValidat2,_this$ts5,_this$ts5$lastValidat,_this$ts5$lastValidat2,_this$ts6,_this$ts6$lastValidat,_this$ts6$lastValidat2;var props=[{name:"Target Name",value:this.getTargetName()},{name:"Discriminator",value:(_this$ts2=this.ts)===null||_this$ts2===void 0?void 0:_this$ts2.target.discriminator}];if((_this$ts3=this.ts)!==null&&_this$ts3!==void 0&&_this$ts3.lastValidateResult){props.push({name:"Ready",value:this.ts.lastValidateResult.ready+""});}if((_this$ts4=this.ts)!==null&&_this$ts4!==void 0&&(_this$ts4$lastValidat=_this$ts4.lastValidateResult)!==null&&_this$ts4$lastValidat!==void 0&&(_this$ts4$lastValidat2=_this$ts4$lastValidat.errors)!==null&&_this$ts4$lastValidat2!==void 0&&_this$ts4$lastValidat2.length){props.push({name:"Errors",value:this.ts.lastValidateResult.errors.length+""});}if((_this$ts5=this.ts)!==null&&_this$ts5!==void 0&&(_this$ts5$lastValidat=_this$ts5.lastValidateResult)!==null&&_this$ts5$lastValidat!==void 0&&(_this$ts5$lastValidat2=_this$ts5$lastValidat.warnings)!==null&&_this$ts5$lastValidat2!==void 0&&_this$ts5$lastValidat2.length){props.push({name:"Warnings",value:this.ts.lastValidateResult.warnings.length+""});}if((_this$ts6=this.ts)!==null&&_this$ts6!==void 0&&(_this$ts6$lastValidat=_this$ts6.lastValidateResult)!==null&&_this$ts6$lastValidat!==void 0&&(_this$ts6$lastValidat2=_this$ts6$lastValidat.drift)!==null&&_this$ts6$lastValidat2!==void 0&&_this$ts6$lastValidat2.length){props.push({name:"Drifted Objects",value:this.ts.lastValidateResult.drift.length+""});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"getTargetName",value:function getTargetName(){if(!this.ts){return"";}var name="<no-name>";if(this.ts.target.targetName){name=this.ts.target.targetName;}return name;}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getTargetName();}}]);return MyProvider;}();var TargetDetailsDrawer=/*#__PURE__*/react.memo(function(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.ts!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"600px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:new MyProvider(props.ts),onClose:props.onClose})})})});});
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Category.js
+
+
+/* harmony default export */ var Category = (createSvgIcon([/*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "m12 2-5.5 9h11z"
+}, "0"), /*#__PURE__*/(0,jsx_runtime.jsx)("circle", {
+  cx: "17.5",
+  cy: "17.5",
+  r: "4.5"
+}, "1"), /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M3 13.5h8v8H3z"
+}, "2")], 'Category'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Settings.js
+
+
+/* harmony default export */ var Settings = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94l-.36-2.54c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L2.74 8.87c-.12.21-.08.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.12-.22.07-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"
+}), 'Settings'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Lock.js
+
+
+/* harmony default export */ var Lock = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"
+}), 'Lock'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Dvr.js
+
+
+/* harmony default export */ var Dvr = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M21 3H3c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h5v2h8v-2h5c1.1 0 1.99-.9 1.99-2L23 5c0-1.1-.9-2-2-2zm0 14H3V5h18v12zm-2-9H8v2h11V8zm0 4H8v2h11v-2zM7 8H5v2h2V8zm0 4H5v2h2v-2z"
+}), 'Dvr'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Http.js
+
+
+/* harmony default export */ var Http = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M4.5 11h-2V9H1v6h1.5v-2.5h2V15H6V9H4.5v2zm2.5-.5h1.5V15H10v-4.5h1.5V9H7v1.5zm5.5 0H14V15h1.5v-4.5H17V9h-4.5v1.5zm9-1.5H18v6h1.5v-2h2c.8 0 1.5-.7 1.5-1.5v-1c0-.8-.7-1.5-1.5-1.5zm0 2.5h-2v-1h2v1z"
+}), 'Http'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Cloud.js
+
+
+/* harmony default export */ var Cloud = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96z"
+}), 'Cloud'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceNode.tsx
+var VarsSourceNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceNodeData,_NodeData);var _super=_createSuper(VarsSourceNodeData);function VarsSourceNodeData(props,id,varsSource){var _this$varsSource$clus;var _this;classCallCheck_classCallCheck(this,VarsSourceNodeData);_this=_super.call(this,props,id,false,false);_this.varsSource=void 0;_this.labelsYaml=void 0;_this.renderedVarsYaml=void 0;_this.varsSource=varsSource;var labels=(_this$varsSource$clus=_this.varsSource.clusterConfigMap)===null||_this$varsSource$clus===void 0?void 0:_this$varsSource$clus.labels;if(!labels){var _this$varsSource$clus2;labels=(_this$varsSource$clus2=_this.varsSource.clusterSecret)===null||_this$varsSource$clus2===void 0?void 0:_this$varsSource$clus2.labels;}if(labels){_this.labelsYaml=dump(labels);}_this.renderedVarsYaml=dump(_this.varsSource.renderedVars);return _this;}createClass_createClass(VarsSourceNodeData,[{key:"getVarsSourceHandler",value:function getVarsSourceHandler(){var _this2=this;if(this.varsSource.values){return{type:"values",label:function label(){if(_this2.varsSource.renderedVars){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;}else{return"empty values";}},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}else if(this.varsSource.file){return{type:"file",label:function label(){return _this2.varsSource.file;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(FileIcon,{});},sourceProps:function sourceProps(){return[{name:"File",value:_this2.varsSource.file}];}};}else if(this.varsSource.git){return{type:"git",label:function label(){var s=_this2.varsSource.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.git.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.git.url});sourceProps.push({name:"Path",value:_this2.varsSource.git.path});var ref="HEAD";if(_this2.varsSource.git.ref){ref=_this2.varsSource.git.ref;}sourceProps.push({name:"Ref",value:ref});return sourceProps;}};}else if(this.varsSource.clusterConfigMap||this.varsSource.clusterSecret){var vs=this.varsSource.clusterConfigMap?this.varsSource.clusterConfigMap:this.varsSource.clusterSecret;var type=this.varsSource.clusterConfigMap?"cm":"secret";var _icon=this.varsSource.clusterConfigMap?/*#__PURE__*/(0,jsx_runtime.jsx)(Settings,{fontSize:"large"}):/*#__PURE__*/(0,jsx_runtime.jsx)(Lock,{fontSize:"large"});return{type:type,label:function label(){var _this2$varsSource$clu;return(_this2$varsSource$clu=_this2.varsSource.clusterConfigMap)===null||_this2$varsSource$clu===void 0?void 0:_this2$varsSource$clu.name;},icon:function icon(){return _icon;},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Name",value:vs.name});sourceProps.push({name:"Namespace",value:vs.namespace});sourceProps.push({name:"Key",value:vs.key});if(vs.labels){sourceProps.push({name:"Labels",value:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:_this2.labelsYaml,language:"yaml"})});}return sourceProps;}};}else if(this.varsSource.systemEnvVars){return{type:"systemEnvVar",label:function label(){return"systemEnvVars";},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Dvr,{fontSize:"large"});},sourceProps:function sourceProps(){// TODO
+return[];}};}else if(this.varsSource.http){return{type:"http",label:function label(){return _this2.varsSource.http.url;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Http,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.http.url});sourceProps.push({name:"Method",value:_this2.varsSource.http.method||"GET"});if(_this2.varsSource.http.jsonPath){sourceProps.push({name:"JsonPath",value:_this2.varsSource.http.jsonPath});}return sourceProps;}};}else if(this.varsSource.awsSecretsManager){return{type:"awsSecretsManager",label:function label(){return _this2.varsSource.awsSecretsManager.secretName;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"SecretName",value:_this2.varsSource.awsSecretsManager.secretName});if(_this2.varsSource.awsSecretsManager.region){sourceProps.push({name:"Region",value:_this2.varsSource.awsSecretsManager.region});}if(_this2.varsSource.awsSecretsManager.profile){sourceProps.push({name:"Profile",value:_this2.varsSource.awsSecretsManager.profile});}return sourceProps;}};}else if(this.varsSource.vault){return{type:"vault",label:function label(){return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[_this2.varsSource.vault.address,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.vault.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Address",value:_this2.varsSource.vault.address});sourceProps.push({name:"Path",value:_this2.varsSource.vault.path});return sourceProps;}};}else{return{type:"unknown",label:function label(){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getVarsSourceHandler().label();}},{key:"buildIcon",value:function buildIcon(){var h=this.getVarsSourceHandler();return[h.icon(),h.type];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()},{label:"Vars",content:this.buildVarsPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var h=this.getVarsSourceHandler();var props=[{name:"Type",value:h.type}].concat(toConsumableArray_toConsumableArray(h.sourceProps()),[{name:"IgnoreMissing",value:!!this.varsSource.ignoreMissing+""},{name:"NoOverride",value:!!this.varsSource.noOverride+""}]);if(this.varsSource.when){props.push({name:"When",value:this.varsSource.when});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildVarsPage",value:function buildVarsPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{overflowY:'scroll',// Enable vertical scrolling
+//maxHeight: '400px', // Set a fixed height
+border:'1px solid #ccc',// Optional border
+padding:'10px'// Optional padding
+},children:/*#__PURE__*/(0,jsx_runtime.jsx)("pre",{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.renderedVarsYaml,language:"yaml"})})});}}]);return VarsSourceNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Source.js
+
+
+/* harmony default export */ var Source = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M20 6h-8l-2-2H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2zm-6 10H6v-2h8v2zm4-4H6v-2h12v2z"
+}), 'Source'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemNode.tsx
+var DeploymentItemNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemNodeData,_NodeData);var _super=_createSuper(DeploymentItemNodeData);function DeploymentItemNodeData(props,id,deploymentItem){var _this;classCallCheck_classCallCheck(this,DeploymentItemNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.deploymentItem=deploymentItem;return _this;}createClass_createClass(DeploymentItemNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.deploymentItem.path;}},{key:"buildIcon",value:function buildIcon(){var iconText="di";return[/*#__PURE__*/(0,jsx_runtime.jsx)(Source,{fontSize:"large"}),iconText];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];props.push({name:"Path",value:this.deploymentItem.path});buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemNodeData;}(NodeData);function buildDeploymentItemSummaryProps(di,props){if(di.barrier!==undefined){props.push({name:"Barrier",value:di.barrier+""});}if(di.waitReadiness!==undefined){props.push({name:"WaitReadiness",value:di.waitReadiness+""});}if(di.skipDeleteIfTags!==undefined){props.push({name:"SkipDeleteIfTags",value:di.skipDeleteIfTags+""});}if(di.onlyRender!==undefined){props.push({name:"OnlyRender",value:di.onlyRender+""});}if(di.alwaysDeploy!==undefined){props.push({name:"AlwaysDeploy",value:di.alwaysDeploy+""});}if(di.deleteObjects){// TODO this is ugly
+props.push({name:"DeleteObjects",value:JSON.stringify(di.deleteObjects)});}if(di.when){props.push({name:"When",value:di.when});}}
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SettingsEthernet.js
+
+
+/* harmony default export */ var SettingsEthernet = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M7.77 6.76 6.23 5.48.82 12l5.41 6.52 1.54-1.28L3.42 12l4.35-5.24zM7 13h2v-2H7v2zm10-2h-2v2h2v-2zm-6 2h2v-2h-2v2zm6.77-7.52-1.54 1.28L20.58 12l-4.35 5.24 1.54 1.28L23.18 12l-5.41-6.52z"
+}), 'SettingsEthernet'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SmartToy.js
+
+
+/* harmony default export */ var SmartToy = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M20 9V7c0-1.1-.9-2-2-2h-3c0-1.66-1.34-3-3-3S9 3.34 9 5H6c-1.1 0-2 .9-2 2v2c-1.66 0-3 1.34-3 3s1.34 3 3 3v4c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2v-4c1.66 0 3-1.34 3-3s-1.34-3-3-3zM7.5 11.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5S9.83 13 9 13s-1.5-.67-1.5-1.5zM16 17H8v-2h8v2zm-1-4c-.83 0-1.5-.67-1.5-1.5S14.17 10 15 10s1.5.67 1.5 1.5S15.83 13 15 13z"
+}), 'SmartToy'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/ObjectNode.tsx
+var kindMapping={"/ConfigMap":{icon:Settings},"apps/Deployment":{icon:PublishedWithChanges},"Service":{icon:SettingsEthernet},"ServiceAccount":{icon:SmartToy}};var ObjectNodeData=/*#__PURE__*/function(_NodeData){_inherits(ObjectNodeData,_NodeData);var _super=_createSuper(ObjectNodeData);function ObjectNodeData(props,id,objectRef){var _this;classCallCheck_classCallCheck(this,ObjectNodeData);_this=_super.call(this,props,id,true,true);_this.objectRef=void 0;_this.objectRef=objectRef;return _this;}createClass_createClass(ObjectNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.objectRef.name;}},{key:"buildIcon",value:function buildIcon(){var _this2=this;var sn=this.props.shortNames.find(function(sn){return sn.group===_this2.objectRef.group&&sn.kind===_this2.objectRef.kind;});var snStr=(sn===null||sn===void 0?void 0:sn.shortName)||"";var m=kindMapping[this.objectRef.group+"/"+this.objectRef.kind];if(m!==undefined){return[/*#__PURE__*/react.createElement(m.icon,{fontSize:"large"}),snStr];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsCurlyIcon,{}),snStr];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _findObjectByRef,_findObjectByRef2,_findObjectByRef3;var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);if((_findObjectByRef=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef!==void 0&&_findObjectByRef.rendered){tabs.push({label:"Rendered",content:this.buildObjectPage(this.objectRef,ObjectType.Rendered)});}if((_findObjectByRef2=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef2!==void 0&&_findObjectByRef2.remote){tabs.push({label:"Remote",content:this.buildObjectPage(this.objectRef,ObjectType.Remote)});}if((_findObjectByRef3=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef3!==void 0&&_findObjectByRef3.applied){tabs.push({label:"Applied",content:this.buildObjectPage(this.objectRef,ObjectType.Applied)});}return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _o$rendered;var props=[];var apiVersion=this.objectRef.version;if(this.objectRef.group){apiVersion=this.objectRef.group+"/"+this.objectRef.version;}props.push({name:"ApiVersion",value:apiVersion});props.push({name:"Kind",value:this.objectRef.kind});props.push({name:"Name",value:this.objectRef.name});if(this.objectRef.namespace){props.push({name:"Namespace",value:this.objectRef.namespace});}var o=findObjectByRef(this.props.commandResult.objects,this.objectRef);var annotations=o===null||o===void 0?void 0:(_o$rendered=o.rendered)===null||_o$rendered===void 0?void 0:_o$rendered.metadata.annotations;if(annotations){Object.keys(annotations).forEach(function(k){if(k.indexOf("kluctl.io/")!==-1){props.push({name:k,value:annotations[k]});}});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return ObjectNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/CommandResultNode.tsx
+var CommandResultNodeData=/*#__PURE__*/function(_NodeData){_inherits(CommandResultNodeData,_NodeData);var _super=_createSuper(CommandResultNodeData);function CommandResultNodeData(props,id){var _this$props$commandRe;var _this;classCallCheck_classCallCheck(this,CommandResultNodeData);_this=_super.call(this,props,id,true,true);_this.dumpedTargetYaml=void 0;if((_this$props$commandRe=_this.props.commandResult.command)!==null&&_this$props$commandRe!==void 0&&_this$props$commandRe.target){_this.dumpedTargetYaml=dump(_this.props.commandResult.command.target);}return _this;}createClass_createClass(CommandResultNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"CommandResult";}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(DeployIcon,{}),"result"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];if(this.dumpedTargetYaml){var page=this.buildTargetPage();tabs.push({label:"Target",content:page});}this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$props$commandRe2,_this$props$commandRe3;var props=[{name:"Initiator",value:(_this$props$commandRe2=this.props.commandResult.command)===null||_this$props$commandRe2===void 0?void 0:_this$props$commandRe2.initiator},{name:"Command",value:(_this$props$commandRe3=this.props.commandResult.command)===null||_this$props$commandRe3===void 0?void 0:_this$props$commandRe3.command}];return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildTargetPage",value:function buildTargetPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.dumpedTargetYaml,language:"yaml"});}}]);return CommandResultNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceCollectionNode.tsx
+var VarsSourceCollectionNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceCollectionNodeData,_NodeData);var _super=_createSuper(VarsSourceCollectionNodeData);function VarsSourceCollectionNodeData(props,id){var _this;classCallCheck_classCallCheck(this,VarsSourceCollectionNodeData);_this=_super.call(this,props,id,false,false);_this.varsSources=[];return _this;}createClass_createClass(VarsSourceCollectionNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"vars: "+this.varsSources.length;}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsSquareIcon,{}),"vars"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){return[];}}]);return VarsSourceCollectionNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+var DeploymentItemIncludeNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemIncludeNodeData,_NodeData);var _super=_createSuper(DeploymentItemIncludeNodeData);function DeploymentItemIncludeNodeData(props,id,deploymentItem,includedDeployment){var _this;classCallCheck_classCallCheck(this,DeploymentItemIncludeNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.includedDeployment=void 0;_this.deploymentItem=deploymentItem;_this.includedDeployment=includedDeployment;return _this;}createClass_createClass(DeploymentItemIncludeNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deploymentItem.include){return this.deploymentItem.include;}else if(this.deploymentItem.git){var s=this.deploymentItem.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,this.deploymentItem.git.subDir&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),this.deploymentItem.git.subDir]})]});}else{return"unknown include";}}},{key:"buildIcon",value:function buildIcon(){if(this.deploymentItem.git){return[/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{}),"git"];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(IncludeIcon,{}),"include"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];if(this.deploymentItem.include){props.push({name:"Type",value:"LocalInclude"});props.push({name:"Path",value:this.deploymentItem.include});}else if(this.deploymentItem.git){props.push({name:"Type",value:"GitInclude"});props.push({name:"Url",value:this.deploymentItem.git.url});props.push({name:"SubDir",value:this.deploymentItem.git.subDir});var ref="HEAD";if(this.deploymentItem.git.ref){ref=this.deploymentItem.git.ref;}props.push({name:"Ref",value:ref});}else{props.push({name:"Type",value:"Unknown"});}buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemIncludeNodeData;}(NodeData);
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Delete.js
+
+
+/* harmony default export */ var Delete = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"
+}), 'Delete'));
+;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/LinkOff.js
+
+
+/* harmony default export */ var LinkOff = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
+  d: "M17 7h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1 0 1.43-.98 2.63-2.31 2.98l1.46 1.46C20.88 15.61 22 13.95 22 12c0-2.76-2.24-5-5-5zm-1 4h-2.19l2 2H16zM2 4.27l3.11 3.11C3.29 8.12 2 9.91 2 12c0 2.76 2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1 0-1.59 1.21-2.9 2.76-3.07L8.73 11H8v2h2.73L13 15.27V17h1.73l4.01 4L20 19.74 3.27 3 2 4.27z"
+}), 'LinkOff'));
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
+var DeletedOrOrphanObjectsCollectionNode=/*#__PURE__*/function(_NodeData){_inherits(DeletedOrOrphanObjectsCollectionNode,_NodeData);var _super=_createSuper(DeletedOrOrphanObjectsCollectionNode);function DeletedOrOrphanObjectsCollectionNode(props,id,deleted){var _this;classCallCheck_classCallCheck(this,DeletedOrOrphanObjectsCollectionNode);_this=_super.call(this,props,id,false,true);_this.deleted=void 0;_this.deleted=deleted;return _this;}createClass_createClass(DeletedOrOrphanObjectsCollectionNode,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deleted){var _this$diffStatus;return"".concat((_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.deletedObjects.length," objects deleted");}else{var _this$diffStatus2;return"".concat((_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.orphanObjects.length," objects orphaned");}}},{key:"buildIcon",value:function buildIcon(){if(this.deleted){return[/*#__PURE__*/(0,jsx_runtime.jsx)(Delete,{fontSize:"large"}),"deleted"];}else{return[/*#__PURE__*/(0,jsx_runtime.jsx)(LinkOff,{fontSize:"large"}),"orphans"];}}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$diffStatus3,_this$diffStatus5;var props=[];if((_this$diffStatus3=this.diffStatus)!==null&&_this$diffStatus3!==void 0&&_this$diffStatus3.deletedObjects.length){var _this$diffStatus4;props.push({name:"Deleted",value:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.deletedObjects.length});}if((_this$diffStatus5=this.diffStatus)!==null&&_this$diffStatus5!==void 0&&_this$diffStatus5.orphanObjects.length){var _this$diffStatus6;props.push({name:"Orphaned",value:(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.orphanObjects.length});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeletedOrOrphanObjectsCollectionNode;}(NodeData);
+;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeBuilder.ts
+var NodeBuilder=/*#__PURE__*/function(){function NodeBuilder(props){var _props$commandResult$,_this=this,_props$commandResult$2,_props$commandResult$3;classCallCheck_classCallCheck(this,NodeBuilder);this.props=void 0;this.changedObjectsMap=new Map();this.newObjectsMap=new Map();this.orphanObjectsMap=new Map();this.deletedObjectsMap=new Map();this.errorsMap=new Map();this.warningsMap=new Map();this.props=props;(_props$commandResult$=props.commandResult.objects)===null||_props$commandResult$===void 0?void 0:_props$commandResult$.forEach(function(o){var _o$changes;var key=buildObjectRefKey(o.ref);if((_o$changes=o.changes)!==null&&_o$changes!==void 0&&_o$changes.length){_this.changedObjectsMap.set(key,o);}if(o.new){_this.newObjectsMap.set(key,o.ref);}if(o.orphan){_this.orphanObjectsMap.set(key,o.ref);}if(o.deleted){_this.deletedObjectsMap.set(key,o.ref);}});(_props$commandResult$2=props.commandResult.errors)===null||_props$commandResult$2===void 0?void 0:_props$commandResult$2.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.errorsMap.get(key);if(!l){l=[e];_this.errorsMap.set(key,l);}else{l.push(e);}});(_props$commandResult$3=props.commandResult.warnings)===null||_props$commandResult$3===void 0?void 0:_props$commandResult$3.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.warningsMap.get(key);if(!l){l=[e];_this.warningsMap.set(key,l);}else{l.push(e);}});}createClass_createClass(NodeBuilder,[{key:"buildRoot",value:function buildRoot(){var rootNode=new CommandResultNodeData(this.props,"root");if(this.props.commandResult.deployment){this.buildDeploymentProjectChildren(rootNode,this.props.commandResult.deployment);}if(this.deletedObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,true,Array.from(this.deletedObjectsMap.values()));}if(this.orphanObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,false,Array.from(this.orphanObjectsMap.values()));}var nodeMap=new Map();function collect(n){nodeMap.set(n.id,n);n.children.forEach(function(c){collect(c);});}collect(rootNode);return[rootNode,nodeMap];}},{key:"buildDeploymentProjectChildren",value:function buildDeploymentProjectChildren(node,deploymentProject){var _deploymentProject$de,_this2=this;if(deploymentProject.vars){this.buildVarsSourceCollectionNode(node,deploymentProject.vars);}(_deploymentProject$de=deploymentProject.deployments)===null||_deploymentProject$de===void 0?void 0:_deploymentProject$de.forEach(function(deploymentItem,i){_this2.buildDeploymentItemNode(node,deploymentItem,i);});}},{key:"buildVarsSourceCollectionNode",value:function buildVarsSourceCollectionNode(parentNode,varsSources){var _node$varsSources,_this3=this;if(varsSources===undefined){return;}var newId="".concat(parentNode.id,"/(vars)");var node=new VarsSourceCollectionNodeData(this.props,newId);(_node$varsSources=node.varsSources).push.apply(_node$varsSources,toConsumableArray_toConsumableArray(varsSources));varsSources.forEach(function(vs,i){_this3.buildVarsSourceNode(node,vs,i);});parentNode.pushChild(node);return node;}},{key:"buildVarsSourceNode",value:function buildVarsSourceNode(parentNode,varsSource,index){var newId="".concat(parentNode.id,"/").concat(index,"}");var node=new VarsSourceNodeData(this.props,newId,varsSource);parentNode.pushChild(node);return node;}},{key:"buildDeploymentItemNode",value:function buildDeploymentItemNode(parentNode,deploymentItem,index){var _this4=this;var node;var newId="".concat(parentNode.id,"/(dis)/").concat(index);if(deploymentItem.path){var _deploymentItem$rende;node=new DeploymentItemNodeData(this.props,newId,deploymentItem);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);(_deploymentItem$rende=deploymentItem.renderedObjects)===null||_deploymentItem$rende===void 0?void 0:_deploymentItem$rende.forEach(function(renderedObject){_this4.buildObjectNode(node,renderedObject);});}else if(deploymentItem.include||deploymentItem.git){node=new DeploymentItemIncludeNodeData(this.props,newId,deploymentItem,deploymentItem.renderedInclude);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);if(deploymentItem.renderedInclude){this.buildDeploymentProjectChildren(node,deploymentItem.renderedInclude);}}else{return node;}parentNode.pushChild(node);return node;}},{key:"buildObjectNode",value:function buildObjectNode(parentNode,objectRef){var _this$errorsMap$get,_this$warningsMap$get;var newId="".concat(parentNode.id,"/(obj)/").concat(buildObjectRefKey(objectRef));var node=new ObjectNodeData(this.props,newId,objectRef);var key=buildObjectRefKey(objectRef);if(this.changedObjectsMap.has(key)){var _node$diffStatus;(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.addChangedObject(this.changedObjectsMap.get(key));}if(this.newObjectsMap.has(key)){var _node$diffStatus2;(_node$diffStatus2=node.diffStatus)===null||_node$diffStatus2===void 0?void 0:_node$diffStatus2.newObjects.push(objectRef);}if(this.deletedObjectsMap.has(key)){var _node$diffStatus3;(_node$diffStatus3=node.diffStatus)===null||_node$diffStatus3===void 0?void 0:_node$diffStatus3.deletedObjects.push(objectRef);}if(this.orphanObjectsMap.has(key)){var _node$diffStatus4;(_node$diffStatus4=node.diffStatus)===null||_node$diffStatus4===void 0?void 0:_node$diffStatus4.orphanObjects.push(objectRef);}(_this$errorsMap$get=this.errorsMap.get(key))===null||_this$errorsMap$get===void 0?void 0:_this$errorsMap$get.forEach(function(e){var _node$healthStatus;(_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.push(e);});(_this$warningsMap$get=this.warningsMap.get(key))===null||_this$warningsMap$get===void 0?void 0:_this$warningsMap$get.forEach(function(e){var _node$healthStatus2;(_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.push(e);});parentNode.pushChild(node);return node;}},{key:"buildDeletedOrOrphanNode",value:function buildDeletedOrOrphanNode(parentNode,deleted,refs){var _this5=this;var idType=deleted?"deleted":"orphaned";var newId="".concat(parentNode.id,"/(").concat(idType,")");var node=new DeletedOrOrphanObjectsCollectionNode(this.props,newId,deleted);refs.forEach(function(ref){_this5.buildObjectNode(node,ref);});parentNode.pushChild(node,true);return node;}}]);return NodeBuilder;}();function buildObjectRefKey(ref){return[ref.group,ref.version,ref.kind,ref.namespace,ref.name].join("+");}
+;// CONCATENATED MODULE: ./src/components/targets-view/HistoryCards.tsx
+function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CardContent=/*#__PURE__*/react.memo(function(props){var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!props.provider||!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return null;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",mt:"12px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:tab.content},tab.label);})})]});});var ArrowButton=/*#__PURE__*/react.memo(function(props){var Icon={left:TriangleLeftLightIcon,right:TriangleRightLightIcon}[props.direction];return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"100%",width:"80px",display:"flex",justifyContent:"center",alignItems:"center",children:!props.hidden&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClick,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})});});var HistoryCard=/*#__PURE__*/react.memo(function(props){var navigate=dist_useNavigate();var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(function(){return doGetRootNode(api,props.rs);},[api,props.rs]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],node=_useLoadingHelper2[2];if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(CardPaper,{sx:_objectSpread2({position:'relative'},props.sx),children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{position:"absolute",right:"10px",top:"10px",children:props.transitionFinished&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseLightIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",height:"100%",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"0 16px",flex:"0 0 auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:props.rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",flex:"1 1 auto",overflow:"hidden",display:"flex",flexDirection:"column",children:props.transitionFinished&&(loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(CardContent,{provider:node}))}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"39px",display:"flex",alignItems:"center",justifyContent:"end",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(props.rs.id));},sx:{padding:0,width:32,height:32},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]});});var HistoryCards=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();var containerElem=(0,react.useRef)();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),cardRect=_useState2[0],setCardRect=_useState2[1];var _useState3=(0,react.useState)('not-started'),_useState4=slicedToArray_slicedToArray(_useState3,2),transitionStatus=_useState4[0],setTransitionStatus=_useState4[1];var _useState5=(0,react.useState)(props.rs),_useState6=slicedToArray_slicedToArray(_useState5,2),currentRS=_useState6[0],setCurrentRS=_useState6[1];(0,react.useEffect)(function(){var _containerElem$curren;var rect=(_containerElem$curren=containerElem.current)===null||_containerElem$curren===void 0?void 0:_containerElem$curren.getBoundingClientRect();if(!rect){setCardRect(undefined);return;}var initialRect={left:props.initialCardRect.left-rect.left,top:props.initialCardRect.top-rect.top,width:cardWidth,height:cardHeight};setCardRect(initialRect);},[props.initialCardRect]);(0,react.useEffect)(function(){if(!cardRect){return;}var targetRect={left:0,top:0,width:'100%',height:'100%'};if(cardRect.left===targetRect.left&&cardRect.top===targetRect.top&&cardRect.width===targetRect.width&&cardRect.height===targetRect.height){return;}setTimeout(function(){setCardRect(targetRect);setTransitionStatus('running');setTimeout(function(){setTransitionStatus('finished');},theme.transitions.duration.enteringScreen);},10);},[cardRect,theme.transitions.duration.enteringScreen]);var currentRSIndex=(0,react.useMemo)(function(){return props.ts.commandResults.indexOf(currentRS);},[currentRS,props.ts.commandResults]);var onLeftArrowClick=(0,react.useCallback)(function(){if(currentRSIndex>0){setCurrentRS(props.ts.commandResults[currentRSIndex-1]);}},[currentRSIndex,props.ts.commandResults]);var onRightArrowClick=(0,react.useCallback)(function(){if(currentRSIndex<props.ts.commandResults.length-1){setCurrentRS(props.ts.commandResults[currentRSIndex+1]);}},[currentRSIndex,props.ts.commandResults]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",p:"25px 40px",display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"left",onClick:onLeftArrowClick,hidden:currentRSIndex===0||transitionStatus!=='finished'}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",ref:containerElem,overflow:transitionStatus==='finished'?'hidden':'unset',children:[transitionStatus!=='finished'&&cardRect&&/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:cardRect.width,height:cardRect.height,flex:'0 0 auto',translate:"".concat(cardRect.left,"px ").concat(cardRect.top,"px"),transition:theme.transitions.create(['translate','width','height'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),padding:'20px 0'},rs:currentRS,onClose:props.onClose}),transitionStatus==='finished'&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",width:"100%",height:"100%",display:"flex",gap:"20px",sx:{translate:"calc((-100% - 20px) * ".concat(currentRSIndex,")"),transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:props.ts.commandResults.map(function(rs){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:'100%',height:'100%',flex:'0 0 auto',padding:'20px 0'},rs:rs,transitionFinished:transitionStatus==='finished',onClose:props.onClose},rs.id);})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"right",onClick:onRightArrowClick,hidden:currentRSIndex===props.ts.commandResults.length-1||transitionStatus!=='finished'})]});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
 var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," -").concat(curveRadius,"\n                        v ").concat(cy-rootCenterY+curveRadius*2,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," -").concat(curveRadius,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                    ");}else{// target is lower than root.
-d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var onCommandResultDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);var doSetSelectedCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var doSetSelectedTargetSummary=(0,react.useCallback)(function(ts){onCommandResultDetailsDrawerClose();setSelectedTargetSummary(ts);},[onCommandResultDetailsDrawerClose]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultDetailsDrawer,{rs:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.rs,ts:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ts,ps:selectedCommandResult===null||selectedCommandResult===void 0?void 0:selectedCommandResult.ps,onClose:onCommandResultDetailsDrawerClose,selectedCardRect:selectedCardRect}),/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:function onSelectTarget(ts){return doSetSelectedTargetSummary(ts);}})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return doSetSelectedCommandResult({rs:rs,ts:ts,ps:ps});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
+d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var _onSelectCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var onHistoryCardsClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);if(selectedCommandResult&&selectedCardRect){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCards,{rs:selectedCommandResult.rs,ts:selectedCommandResult.ts,initialCardRect:selectedCardRect,onClose:onHistoryCardsClose});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:setSelectedTargetSummary})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return _onSelectCommandResult({rs:rs,ts:ts});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/FormControlContext.js
 
 /**
@@ -61455,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.1b77f1d8.js.map
\ No newline at end of file
+//# sourceMappingURL=main.4093ded8.js.map
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/close-light.svg b/pkg/webui/ui/build/static/media/close-light.svg
new file mode 100644
index 000000000..a00259719
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/close-light.svg
@@ -0,0 +1,3 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#39403E"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-left-light.svg b/pkg/webui/ui/build/static/media/triangle-left-light.svg
new file mode 100644
index 000000000..6731d308d
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/triangle-left-light.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M22.4377 32.25L32.9585 24.3542V12.6667C32.9585 10.6667 30.5418 9.66667 29.1252 11.0833L18.3335 21.875C16.6043 23.6042 16.6043 26.4167 18.3335 28.1458L22.4377 32.25Z" fill="#DFEBE9"/>
+<path d="M32.4585 25.3546V37.3333C32.4585 38.8863 30.5801 39.6671 29.4773 38.5826C29.4769 38.5822 29.4765 38.5817 29.4761 38.5813L23.1987 32.304L32.4585 25.3546Z" fill="#DFEBE9" stroke="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-right-light.svg b/pkg/webui/ui/build/static/media/triangle-right-light.svg
new file mode 100644
index 000000000..500b3f1e8
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/triangle-right-light.svg
@@ -0,0 +1,4 @@
+<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M27.5623 17.75L17.0415 25.6458V37.3333C17.0415 39.3333 19.4582 40.3333 20.8748 38.9167L31.6665 28.125C33.3957 26.3958 33.3957 23.5833 31.6665 21.8542L27.5623 17.75Z" fill="#DFEBE9"/>
+<path d="M17.0415 12.6667V25.6458L27.5623 17.75L20.8748 11.0625C19.4582 9.66667 17.0415 10.6667 17.0415 12.6667Z" fill="#DFEBE9"/>
+</svg>

From 1b14e82beac14795a65aa4d58ada0543a84e0150 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 09:12:35 +0200
Subject: [PATCH 1194/2268] feat: Enable writing of command results by default
 (#580)

* feat: Enable writing of command results by default

* tests: Don't pass --write-command-result
---
 cmd/kluctl/args/project.go                  | 2 +-
 docs/reference/commands/common-arguments.md | 3 ++-
 e2e/gitops_test.go                          | 1 -
 e2e/results_test.go                         | 8 ++++----
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 880426843..b09afefbb 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -44,7 +44,7 @@ type TargetFlags struct {
 }
 
 type CommandResultFlags struct {
-	WriteCommandResult      bool   `group:"results" help:"Enable writing of command results into the cluster."`
+	WriteCommandResult      bool   `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
 	ForceWriteCommandResult bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
 	CommandResultNamespace  string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
 	KeepCommandResultsCount int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 192cf6433..8a25add90 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -138,7 +138,8 @@ Command Results:
                                           "kluctl-results")
       --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
       --keep-command-results-count int    Configure how many old command results to keep. (default 10)
-      --write-command-result              Enable writing of command results into the cluster.
+      --write-command-result              Enable writing of command results into the cluster. This is enabled by
+                                          default. (default true)
 
 ```
 <!-- END SECTION -->
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 72d4dc89f..a9c5d1c10 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -101,7 +101,6 @@ func (suite *GitopsTestSuite) startController() {
 		tmpKubeconfig,
 		"--context",
 		"context1",
-		"--write-command-result",
 	}
 	done := make(chan struct{})
 	go func() {
diff --git a/e2e/results_test.go b/e2e/results_test.go
index ae859d7c8..2bcd243fb 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -39,7 +39,7 @@ func TestWriteResult(t *testing.T) {
 		name:      "cm",
 		namespace: p.TestSlug(),
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
 	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0)
@@ -67,7 +67,7 @@ func TestWriteResult(t *testing.T) {
 		_ = o.SetNestedField("v2", "data", "d1")
 		return nil
 	}, "")
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)
@@ -84,7 +84,7 @@ func TestWriteResult(t *testing.T) {
 		_ = o.RemoveNestedField("deployments", 1)
 		return nil
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--write-command-result")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)
@@ -95,7 +95,7 @@ func TestWriteResult(t *testing.T) {
 		OrphanObjects:  1,
 	}, summaries[0])
 
-	p.KluctlMust("prune", "--yes", "-t", "test", "--write-command-result")
+	p.KluctlMust("prune", "--yes", "-t", "test")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)

From b31683b6b0609840a32251dad2355d0fa04264dc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 11:18:58 +0200
Subject: [PATCH 1195/2268] fix: Add missing service to webui deployment

---
 install/webui/webui/deployment.yaml | 14 +++++++++-----
 install/webui/webui/service.yaml    | 13 +++++++++++++
 2 files changed, 22 insertions(+), 5 deletions(-)
 create mode 100644 install/webui/webui/service.yaml

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 109a6eea4..dedf908b5 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -5,10 +5,10 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    app.kubernetes.io/component: kluctl-webui
-    app.kubernetes.io/instance: kluctl-controller
-    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/component: deployment
+    app.kubernetes.io/instance: kluctl-webui
     app.kubernetes.io/name: kluctl-webui
+    app.kubernetes.io/managed-by: kluctl
     control-plane: kluctl-webui
   name: kluctl-webui
   namespace: kluctl-system
@@ -16,11 +16,15 @@ spec:
   replicas: 1
   selector:
     matchLabels:
-      control-plane: kluctl-controller
+      app.kubernetes.io/component: deployment
+      app.kubernetes.io/instance: kluctl-webui
+      app.kubernetes.io/name: kluctl-webui
   template:
     metadata:
       labels:
-        control-plane: kluctl-controller
+        app.kubernetes.io/component: deployment
+        app.kubernetes.io/instance: kluctl-webui
+        app.kubernetes.io/name: kluctl-webui
     spec:
       containers:
       - name: webui
diff --git a/install/webui/webui/service.yaml b/install/webui/webui/service.yaml
new file mode 100644
index 000000000..4c28ef2c4
--- /dev/null
+++ b/install/webui/webui/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kluctl-webui
+  namespace: kluctl-system
+spec:
+  ports:
+    - port: 8080
+      targetPort: 8080
+  selector:
+    app.kubernetes.io/component: deployment
+    app.kubernetes.io/instance: kluctl-webui
+    app.kubernetes.io/name: kluctl-webui

From fc33f588ac83e8329a6febca97699796c2342a0d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 11:50:24 +0200
Subject: [PATCH 1196/2268] fix: Smaller initialDelaySeconds in webui
 deployment

---
 install/webui/webui/deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index dedf908b5..f50c31b72 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -43,7 +43,7 @@ spec:
           httpGet:
             path: /
             port: 8080
-          initialDelaySeconds: 15
+          initialDelaySeconds: 5
           periodSeconds: 20
         readinessProbe:
           httpGet:

From ac4d71d3c289ef1078b8c49a3c4929b156958234 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 11:25:25 +0200
Subject: [PATCH 1197/2268] fix: Use wss protocol when needed

---
 pkg/webui/ui/build/index.html        | 2 +-
 pkg/webui/ui/build/static/js/main.js | 4 ++--
 pkg/webui/ui/src/api.tsx             | 6 +++++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 95134f6bf..31e223a49 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.4093ded8.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.7c75d535.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 361e5411f..882a0ead2 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -52128,7 +52128,7 @@ var loadedScripts=new Map();var loadScript=function loadScript(fileUrl){var asyn
 ;// CONCATENATED MODULE: ./src/utils/misc.ts
 function getLastPathElement(url){if(url===undefined){return undefined;}if(!url){return"";}var s=url.split("/");return s[s.length-1];}function sleep(ms){return new Promise(function(resolve){return setTimeout(resolve,ms);});}
 ;// CONCATENATED MODULE: ./src/api.tsx
-var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});function checkStaticBuild(){return _checkStaticBuild.apply(this,arguments);}function _checkStaticBuild(){_checkStaticBuild=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:p=loadScript(staticPath+"/summaries.js");_context19.prev=1;_context19.next=4;return p;case 4:return _context19.abrupt("return",true);case 7:_context19.prev=7;_context19.t0=_context19["catch"](1);return _context19.abrupt("return",false);case 10:case"end":return _context19.stop();}},_callee19,null,[[1,7]]);}));return _checkStaticBuild.apply(this,arguments);}var RealApi=/*#__PURE__*/function(){function RealApi(getToken,onUnauthorized,onTokenRefresh){classCallCheck_classCallCheck(this,RealApi);this.getToken=void 0;this.onUnauthorized=void 0;this.onTokenRefresh=void 0;this.getToken=getToken;this.onUnauthorized=onUnauthorized;this.onTokenRefresh=onTokenRefresh;}createClass_createClass(RealApi,[{key:"setAuthorizationHeader",value:function setAuthorizationHeader(headers){if(!this.getToken){return;}headers['Authorization']="Bearer "+this.getToken();}},{key:"refreshToken",value:function(){var _refreshToken=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var headers,resp,j;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:headers={'Accept':'application/json'};this.setAuthorizationHeader(headers);_context.next=4;return fetch("/auth/refresh",{method:"POST",headers:headers});case 4:resp=_context.sent;if(!(resp.status===401)){_context.next=8;break;}if(this.onUnauthorized){this.onUnauthorized();}throw Error(resp.statusText);case 8:_context.next=10;return resp.json();case 10:j=_context.sent;if(this.onTokenRefresh){this.onTokenRefresh(j.token);}case 12:case"end":return _context.stop();}},_callee,this);}));function refreshToken(){return _refreshToken.apply(this,arguments);}return refreshToken;}()},{key:"handleErrors",value:function(){var _handleErrors=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(response,retry){var newResp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:if(response.ok){_context2.next=16;break;}if(!(response.status===401)){_context2.next=15;break;}if(!(this.getToken&&retry)){_context2.next=14;break;}console.log("retrying with token refresh");_context2.next=6;return this.refreshToken();case 6:_context2.next=8;return retry();case 8:newResp=_context2.sent;_context2.next=11;return this.handleErrors(newResp);case 11:return _context2.abrupt("return",_context2.sent);case 14:if(this.onUnauthorized){this.onUnauthorized();}case 15:throw Error(response.statusText);case 16:return _context2.abrupt("return",response);case 17:case"end":return _context2.stop();}},_callee2,this);}));function handleErrors(_x,_x2){return _handleErrors.apply(this,arguments);}return handleErrors;}()},{key:"doGet",value:function(){var _doGet=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(path,params){var _this=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:url=path;if(params){url+="?"+params.toString();}doFetch=function doFetch(){var headers={'Accept':'application/json'};_this.setAuthorizationHeader(headers);return fetch(url,{method:"GET",headers:headers});};_context3.next=5;return doFetch();case 5:resp=_context3.sent;_context3.next=8;return this.handleErrors(resp,doFetch);case 8:resp=_context3.sent;return _context3.abrupt("return",resp.json());case 10:case"end":return _context3.stop();}},_callee3,this);}));function doGet(_x3,_x4){return _doGet.apply(this,arguments);}return doGet;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(path,body){var _this2=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:url=path;doFetch=function doFetch(){var headers={'Accept':'application/json','Content-Type':'application/json'};_this2.setAuthorizationHeader(headers);return fetch(url,{method:"POST",body:JSON.stringify(body),headers:headers});};_context4.next=4;return doFetch();case 4:resp=_context4.sent;_context4.next=7;return this.handleErrors(resp,doFetch);case 7:resp=_context4.sent;return _context4.abrupt("return",resp);case 9:case"end":return _context4.stop();}},_callee4,this);}));function doPost(_x5,_x6){return _doPost.apply(this,arguments);}return doPost;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:return _context5.abrupt("return",this.doGet("/api/getShortNames"));case 1:case"end":return _context5.stop();}},_callee5,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){var host,url,params,getToken,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:host=window.location.host;if(false){}url="ws://".concat(host,"/api/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();getToken=this.getToken;cancelled=false;connect=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:if(!cancelled){_context6.next=2;break;}return _context6.abrupt("return");case 2:console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");if(getToken){ws.send(JSON.stringify({"type":"auth","token":getToken()}));}};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};case 8:case"end":return _context6.stop();}},_callee6);}));return function connect(){return _ref.apply(this,arguments);};}();_context7.next=12;return connect();case 12:return _context7.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 13:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x7,_x8,_x9){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context8.next=4;return this.doGet("/api/getResult",params);case 4:json=_context8.sent;return _context8.abrupt("return",new CommandResult(json));case 6:case"end":return _context8.stop();}},_callee8,this);}));function getResult(_x10){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context9.next=4;return this.doGet("/api/getResultSummary",params);case 4:json=_context9.sent;return _context9.abrupt("return",new CommandResultSummary(json));case 6:case"end":return _context9.stop();}},_callee9,this);}));function getResultSummary(_x11){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(resultId,ref,objectType){var params;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);params.set("objectType",objectType);buildRefParams(ref,params);_context10.next=6;return this.doGet("/api/getResultObject",params);case 6:return _context10.abrupt("return",_context10.sent);case 7:case"end":return _context10.stop();}},_callee10,this);}));function getResultObject(_x12,_x13,_x14){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:return _context11.abrupt("return",this.doPost("/api/validateNow",{"project":project,"target":target}));case 1:case"end":return _context11.stop();}},_callee11,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:return _context12.abrupt("return",this.doPost("/api/deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context12.stop();}},_callee12,this);}));function deployNow(_x17,_x18,_x19){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:return _context13.abrupt("return",this.doPost("/api/reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context13.stop();}},_callee13,this);}));function reconcileNow(_x20,_x21,_x22){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:_context14.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context14.abrupt("return",staticShortNames);case 3:case"end":return _context14.stop();}},_callee14);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:_context15.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context15.abrupt("return",function(){});case 4:case"end":return _context15.stop();}},_callee15);}));function listenUpdates(_x23,_x24,_x25){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:_context16.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context16.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context16.stop();}},_callee16);}));function getResult(_x26){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:_context17.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context17.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context17.stop();}},_callee17);}));function getResultSummary(_x27){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:_context18.next=2;return this.getResult(resultId);case 2:result=_context18.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context18.next=6;break;}throw new Error("object not found");case 6:_context18.t0=objectType;_context18.next=_context18.t0===ObjectType.Rendered?9:_context18.t0===ObjectType.Remote?10:_context18.t0===ObjectType.Applied?11:12;break;case 9:return _context18.abrupt("return",object.rendered);case 10:return _context18.abrupt("return",object.remote);case 11:return _context18.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context18.stop();}},_callee18,this);}));function getResultObject(_x28,_x29,_x30){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function buildRefParams(ref,params){params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}
+var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});function checkStaticBuild(){return _checkStaticBuild.apply(this,arguments);}function _checkStaticBuild(){_checkStaticBuild=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:p=loadScript(staticPath+"/summaries.js");_context19.prev=1;_context19.next=4;return p;case 4:return _context19.abrupt("return",true);case 7:_context19.prev=7;_context19.t0=_context19["catch"](1);return _context19.abrupt("return",false);case 10:case"end":return _context19.stop();}},_callee19,null,[[1,7]]);}));return _checkStaticBuild.apply(this,arguments);}var RealApi=/*#__PURE__*/function(){function RealApi(getToken,onUnauthorized,onTokenRefresh){classCallCheck_classCallCheck(this,RealApi);this.getToken=void 0;this.onUnauthorized=void 0;this.onTokenRefresh=void 0;this.getToken=getToken;this.onUnauthorized=onUnauthorized;this.onTokenRefresh=onTokenRefresh;}createClass_createClass(RealApi,[{key:"setAuthorizationHeader",value:function setAuthorizationHeader(headers){if(!this.getToken){return;}headers['Authorization']="Bearer "+this.getToken();}},{key:"refreshToken",value:function(){var _refreshToken=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var headers,resp,j;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:headers={'Accept':'application/json'};this.setAuthorizationHeader(headers);_context.next=4;return fetch("/auth/refresh",{method:"POST",headers:headers});case 4:resp=_context.sent;if(!(resp.status===401)){_context.next=8;break;}if(this.onUnauthorized){this.onUnauthorized();}throw Error(resp.statusText);case 8:_context.next=10;return resp.json();case 10:j=_context.sent;if(this.onTokenRefresh){this.onTokenRefresh(j.token);}case 12:case"end":return _context.stop();}},_callee,this);}));function refreshToken(){return _refreshToken.apply(this,arguments);}return refreshToken;}()},{key:"handleErrors",value:function(){var _handleErrors=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(response,retry){var newResp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:if(response.ok){_context2.next=16;break;}if(!(response.status===401)){_context2.next=15;break;}if(!(this.getToken&&retry)){_context2.next=14;break;}console.log("retrying with token refresh");_context2.next=6;return this.refreshToken();case 6:_context2.next=8;return retry();case 8:newResp=_context2.sent;_context2.next=11;return this.handleErrors(newResp);case 11:return _context2.abrupt("return",_context2.sent);case 14:if(this.onUnauthorized){this.onUnauthorized();}case 15:throw Error(response.statusText);case 16:return _context2.abrupt("return",response);case 17:case"end":return _context2.stop();}},_callee2,this);}));function handleErrors(_x,_x2){return _handleErrors.apply(this,arguments);}return handleErrors;}()},{key:"doGet",value:function(){var _doGet=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(path,params){var _this=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:url=path;if(params){url+="?"+params.toString();}doFetch=function doFetch(){var headers={'Accept':'application/json'};_this.setAuthorizationHeader(headers);return fetch(url,{method:"GET",headers:headers});};_context3.next=5;return doFetch();case 5:resp=_context3.sent;_context3.next=8;return this.handleErrors(resp,doFetch);case 8:resp=_context3.sent;return _context3.abrupt("return",resp.json());case 10:case"end":return _context3.stop();}},_callee3,this);}));function doGet(_x3,_x4){return _doGet.apply(this,arguments);}return doGet;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(path,body){var _this2=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:url=path;doFetch=function doFetch(){var headers={'Accept':'application/json','Content-Type':'application/json'};_this2.setAuthorizationHeader(headers);return fetch(url,{method:"POST",body:JSON.stringify(body),headers:headers});};_context4.next=4;return doFetch();case 4:resp=_context4.sent;_context4.next=7;return this.handleErrors(resp,doFetch);case 7:resp=_context4.sent;return _context4.abrupt("return",resp);case 9:case"end":return _context4.stop();}},_callee4,this);}));function doPost(_x5,_x6){return _doPost.apply(this,arguments);}return doPost;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:return _context5.abrupt("return",this.doGet("/api/getShortNames"));case 1:case"end":return _context5.stop();}},_callee5,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){var host,proto,url,params,getToken,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:host=window.location.host;proto="wss";if(false){}if(window.location.protocol!=="https:"){proto="ws";}url="".concat(proto,"://").concat(host,"/api/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();getToken=this.getToken;cancelled=false;connect=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:if(!cancelled){_context6.next=2;break;}return _context6.abrupt("return");case 2:console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");if(getToken){ws.send(JSON.stringify({"type":"auth","token":getToken()}));}};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};case 8:case"end":return _context6.stop();}},_callee6);}));return function connect(){return _ref.apply(this,arguments);};}();_context7.next=14;return connect();case 14:return _context7.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 15:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x7,_x8,_x9){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context8.next=4;return this.doGet("/api/getResult",params);case 4:json=_context8.sent;return _context8.abrupt("return",new CommandResult(json));case 6:case"end":return _context8.stop();}},_callee8,this);}));function getResult(_x10){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context9.next=4;return this.doGet("/api/getResultSummary",params);case 4:json=_context9.sent;return _context9.abrupt("return",new CommandResultSummary(json));case 6:case"end":return _context9.stop();}},_callee9,this);}));function getResultSummary(_x11){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(resultId,ref,objectType){var params;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);params.set("objectType",objectType);buildRefParams(ref,params);_context10.next=6;return this.doGet("/api/getResultObject",params);case 6:return _context10.abrupt("return",_context10.sent);case 7:case"end":return _context10.stop();}},_callee10,this);}));function getResultObject(_x12,_x13,_x14){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:return _context11.abrupt("return",this.doPost("/api/validateNow",{"project":project,"target":target}));case 1:case"end":return _context11.stop();}},_callee11,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:return _context12.abrupt("return",this.doPost("/api/deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context12.stop();}},_callee12,this);}));function deployNow(_x17,_x18,_x19){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:return _context13.abrupt("return",this.doPost("/api/reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context13.stop();}},_callee13,this);}));function reconcileNow(_x20,_x21,_x22){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:_context14.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context14.abrupt("return",staticShortNames);case 3:case"end":return _context14.stop();}},_callee14);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:_context15.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context15.abrupt("return",function(){});case 4:case"end":return _context15.stop();}},_callee15);}));function listenUpdates(_x23,_x24,_x25){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:_context16.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context16.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context16.stop();}},_callee16);}));function getResult(_x26){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:_context17.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context17.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context17.stop();}},_callee17);}));function getResultSummary(_x27){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:_context18.next=2;return this.getResult(resultId);case 2:result=_context18.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context18.next=6;break;}throw new Error("object not found");case 6:_context18.t0=objectType;_context18.next=_context18.t0===ObjectType.Rendered?9:_context18.t0===ObjectType.Remote?10:_context18.t0===ObjectType.Applied?11:12;break;case 9:return _context18.abrupt("return",object.rendered);case 10:return _context18.abrupt("return",object.remote);case 11:return _context18.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context18.stop();}},_callee18,this);}));function getResultObject(_x28,_x29,_x30){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function buildRefParams(ref,params){params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}
 ;// CONCATENATED MODULE: ./src/project-summaries.ts
 function compareSummaries(a,b){return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime)||b.commandInfo.endTime.localeCompare(b.commandInfo.endTime)||(b.commandInfo.command||"").localeCompare(a.commandInfo.command||"");}function buildProjectSummaries(summaries,validateResults){var sorted=Array.from(summaries.values());sorted.sort(compareSummaries);var m=new Map();sorted.forEach(function(rs){var projectKey=JSON.stringify(rs.projectKey);var p=m.get(projectKey);if(!p){p={project:rs.projectKey,targets:[]};m.set(projectKey,p);}var ptKey=new ProjectTargetKey();ptKey.project=rs.projectKey;ptKey.target=rs.targetKey;var vr=validateResults.get(JSON.stringify(ptKey));var target=p.targets.find(function(t){return lodash_default().isEqual(t.target,rs.targetKey);});if(!target){target={target:rs.targetKey,lastValidateResult:vr,commandResults:[]};p.targets.push(target);}target.commandResults.push(rs);});var ret=[];m.forEach(function(p){p.targets.sort(function(a,b){var _ref;return(a.target.targetName||"").localeCompare(b.target.targetName||"")||a.target.clusterId.localeCompare(b.target.clusterId)||((_ref=a.target.discriminator||"")===null||_ref===void 0?void 0:_ref.localeCompare(b.target.discriminator||""));});ret.push(p);});ret.sort(function(a,b){return(a.project.gitRepoKey||"").localeCompare(b.project.gitRepoKey||"")||(a.project.subDir||"").localeCompare(b.project.subDir||"");});return ret;}
 ;// CONCATENATED MODULE: ./src/components/Login.tsx
@@ -61549,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.4093ded8.js.map
\ No newline at end of file
+//# sourceMappingURL=main.7c75d535.js.map
\ No newline at end of file
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 2bd092be2..9c325ec86 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -152,10 +152,14 @@ export class RealApi implements Api {
 
     async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
         let host = window.location.host
+        let proto = "wss"
         if (process.env.NODE_ENV === 'development') {
             host = "localhost:9090"
         }
-        let url = `ws://${host}/api/ws`
+        if (window.location.protocol !== "https:") {
+            proto = "ws"
+        }
+        let url = `${proto}://${host}/api/ws`
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)

From 0add46776f2f5ba5f897a6cc67af9ac03638474a Mon Sep 17 00:00:00 2001
From: nett_hier <66856670+netthier@users.noreply.github.com>
Date: Thu, 15 Jun 2023 11:52:01 +0200
Subject: [PATCH 1198/2268] fix: Set seccompProfile for controller deployment
 (#571)

Signed-off-by: netthier <admin@netthier.net>
---
 config/manager/manager.yaml                | 9 ++-------
 install/controller/controller/manager.yaml | 2 ++
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 4700ace09..5115bc02c 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -58,13 +58,8 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: controller
         image: ghcr.io/kluctl/kluctl:latest
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 8ef9d3e81..6fe0ebe3a 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -73,5 +73,7 @@ spec:
             - ALL
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: kluctl-controller
       terminationGracePeriodSeconds: 10

From d4fba8fe720de3aa9b08f57ede2df2211efd75e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 14:25:20 +0200
Subject: [PATCH 1199/2268] ci: Add warning header to generated manifests
 (#572)

---
 Makefile                                   | 9 ++++++---
 install/controller/controller/crd.yaml     | 1 +
 install/controller/controller/manager.yaml | 1 +
 install/controller/controller/rbac.yaml    | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index c7bea97f0..4023149a4 100644
--- a/Makefile
+++ b/Makefile
@@ -60,9 +60,12 @@ help: ## Display this help.
 .PHONY: manifests
 manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=kluctl-controller-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
-	$(KUSTOMIZE) build config/crd > install/controller/controller/crd.yaml
-	$(KUSTOMIZE) build config/rbac > install/controller/controller/rbac.yaml
-	$(KUSTOMIZE) build config/manager > install/controller/controller/manager.yaml
+	@echo "# Warning, this file is generated via \"make manifests\", don't edit it directly but instead change the files in config/crd" > install/controller/controller/crd.yaml
+	$(KUSTOMIZE) build config/crd >> install/controller/controller/crd.yaml
+	@echo "# Warning, this file is generated via \"make manifests\", don't edit it directly but instead change the files in config/rbac" > install/controller/controller/rbac.yaml
+	$(KUSTOMIZE) build config/rbac >> install/controller/controller/rbac.yaml
+	@echo "# Warning, this file is generated via \"make manifests\", don't edit it directly but instead change the files in config/manager" > install/controller/controller/manager.yaml
+	$(KUSTOMIZE) build config/manager >> install/controller/controller/manager.yaml
 
 # Generate API reference documentation
 api-docs: gen-crd-api-reference-docs
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index dd1e01c15..0159cc23b 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -1,3 +1,4 @@
+# Warning, this file is generated via "make manifests", don't edit it directly but instead change the files in config/crd
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 6fe0ebe3a..acec1201a 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -1,3 +1,4 @@
+# Warning, this file is generated via "make manifests", don't edit it directly but instead change the files in config/manager
 apiVersion: v1
 kind: Namespace
 metadata:
diff --git a/install/controller/controller/rbac.yaml b/install/controller/controller/rbac.yaml
index aa7d7bccb..9072415fc 100644
--- a/install/controller/controller/rbac.yaml
+++ b/install/controller/controller/rbac.yaml
@@ -1,3 +1,4 @@
+# Warning, this file is generated via "make manifests", don't edit it directly but instead change the files in config/rbac
 apiVersion: v1
 kind: ServiceAccount
 metadata:

From 87110b16c399ca4df37d900b84c6d009b78a68da Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 14:51:19 +0200
Subject: [PATCH 1200/2268] fix: Don't treat deleted objects still as orphan
 (#582)

---
 pkg/deployment/commands/utils.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/pkg/deployment/commands/utils.go b/pkg/deployment/commands/utils.go
index ebb2b08b2..44ca0359c 100644
--- a/pkg/deployment/commands/utils.go
+++ b/pkg/deployment/commands/utils.go
@@ -86,13 +86,22 @@ func collectObjects(c *deployment.DeploymentCollection, ru *utils.RemoteObjectUt
 			o.New = true
 		}
 	}
-	for _, x := range orphans {
-		o := getOrCreate(x)
-		o.Orphan = true
-	}
+
+	deletedMap := map[k8s.ObjectRef]bool{}
 	for _, x := range deleted {
 		o := getOrCreate(x)
 		o.Deleted = true
+		deletedMap[o.Ref] = true
+	}
+	for _, x := range orphans {
+		if _, ok := deletedMap[x]; ok {
+			// orphan object also got deleted? This can only mean that deletion did not wait for the object to disappear,
+			// so we should treat this object not as orphan anymore
+			continue
+		}
+		o := getOrCreate(x)
+		o.Orphan = true
+
 	}
 
 	for ref, o := range m {

From acc6d97ee650512078bbf214aac1cf4a895ae241 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 16:50:14 +0200
Subject: [PATCH 1201/2268] fix: Fix snapshot detection and version replacement
 via prepare-release.sh (#583)

---
 hack/prepare-release.sh             | 1 +
 install/webui/webui/deployment.yaml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index b306fb781..380832889 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -28,6 +28,7 @@ FILES=""
 FILES="$FILES install/controller/.kluctl.yaml"
 FILES="$FILES install/controller/controller/kustomization.yaml"
 FILES="$FILES install/webui/.kluctl.yaml"
+FILES="$FILES install/webui/webui/deployment.yaml"
 FILES="$FILES docs/installation.md"
 
 for f in $FILES; do
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index f50c31b72..d832b2ef4 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_version = get_var("args.kluctl_version", "v2.20.4") %}
-{% set pull_policy = "Always" if "-devel" in kluctl_version or "-snapshot" in kluctl_version else "IfNotPresent" %}
+{% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 apiVersion: apps/v1
 kind: Deployment

From 3d8a94c9c1f1890f810fe568a7a3e87c6de3808f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 16:59:11 +0200
Subject: [PATCH 1202/2268] fix: Rename controller_version to kluctl_version
 and fix snapshot detection (#585)

---
 cmd/kluctl/commands/cmd_controller_install.go    |  8 ++++----
 install/controller/.kluctl.yaml                  |  2 +-
 install/controller/controller/kustomization.yaml | 13 +++++--------
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
index d5e3db490..1e70e16a8 100644
--- a/cmd/kluctl/commands/cmd_controller_install.go
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -14,8 +14,8 @@ type controllerInstallCmd struct {
 	args.DryRunFlags
 	args.CommandResultFlags
 
-	Context           string `group:"misc" help:"Override the context to use."`
-	ControllerVersion string `group:"misc" help:"Specify the controller version to install."`
+	Context       string `group:"misc" help:"Override the context to use."`
+	KluctlVersion string `group:"misc" help:"Specify the controller version to install."`
 }
 
 func (cmd *controllerInstallCmd) Help() string {
@@ -29,8 +29,8 @@ func (cmd *controllerInstallCmd) Run(ctx context.Context) error {
 	}
 
 	var deployArgs []string
-	if cmd.ControllerVersion != "" {
-		deployArgs = append(deployArgs, fmt.Sprintf("controller_version=%s", cmd.ControllerVersion))
+	if cmd.KluctlVersion != "" {
+		deployArgs = append(deployArgs, fmt.Sprintf("kluctl_version=%s", cmd.KluctlVersion))
 	}
 
 	cmd2 := deployCmd{
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 61be49c62..f85272bec 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -1,7 +1,7 @@
 discriminator: kluctl.io-controller
 
 args:
-  - name: controller_version
+  - name: kluctl_version
     default: v2.20.4
   - name: controller_args
     default: []
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index be62c808a..a7551b296 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,4 +1,6 @@
-{% set controller_version = get_var("args.controller_version", "v2.20.4") %}
+# TODO remove controller_version
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.4") %}
+{% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
   - crd.yaml
@@ -12,19 +14,14 @@ patches:
     patch: |-
       - op: add
         path: /spec/template/spec/containers/0/image
-        value: ghcr.io/kluctl/kluctl:{{ controller_version }}
+        value: ghcr.io/kluctl/kluctl:{{ kluctl_version }}
   - target:
       kind: Deployment
       name: kluctl-controller
     patch: |-
-      - op: test
-        path: /kind
-        value: Deployment # this is just a dummy test to avoid empty patches
-{% if "-devel" in controller_version %}
       - op: add
         path: /spec/template/spec/containers/0/imagePullPolicy
-        value: Always
-{% endif %}
+        value: {{ pull_policy }}
 {% for a in get_var("args.controller_args", []) %}
       - op: add
         path: /spec/template/spec/containers/0/args/-

From d0fb711aefaf89a0226b86b85fd605fb765e47a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 17:11:10 +0200
Subject: [PATCH 1203/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/controller-install.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/reference/commands/controller-install.md b/docs/reference/commands/controller-install.md
index 516e9ee91..fcaabfd83 100644
--- a/docs/reference/commands/controller-install.md
+++ b/docs/reference/commands/controller-install.md
@@ -28,10 +28,10 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --context string              Override the context to use.
-      --controller-version string   Specify the controller version to install.
-      --dry-run                     Performs all kubernetes API calls in dry-run mode.
-  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
+      --context string          Override the context to use.
+      --dry-run                 Performs all kubernetes API calls in dry-run mode.
+      --kluctl-version string   Specify the controller version to install.
+  -y, --yes                     Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
 
 ```
 <!-- END SECTION -->

From 2087c139f9d9cb7de70f5a04c35ffe9ddf51d142 Mon Sep 17 00:00:00 2001
From: Aleksei Vagarenko <vagarenko@gmail.com>
Date: Thu, 15 Jun 2023 21:12:45 +0600
Subject: [PATCH 1204/2268] fix: Fix cropping of sliding history card
 animations (#584)

* Update sliding animations.

* Update build.
---
 pkg/webui/ui/build/index.html                 |  2 +-
 pkg/webui/ui/build/static/css/main.css        |  2 +-
 pkg/webui/ui/build/static/js/main.js          | 78 +++++++++----------
 .../components/targets-view/HistoryCards.tsx  | 28 +++++--
 4 files changed, 63 insertions(+), 47 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 31e223a49..d31444bc3 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.7c75d535.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.5e199973.js"></script><link href="./static/css/main.css?f=main.94bdb1a0.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
index a8874843f..38a0dc2e1 100644
--- a/pkg/webui/ui/build/static/css/main.css
+++ b/pkg/webui/ui/build/static/css/main.css
@@ -84,4 +84,4 @@ body,
   unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
-/*# sourceMappingURL=main.9c2b54a7.css.map*/
\ No newline at end of file
+/*# sourceMappingURL=main.94bdb1a0.css.map*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 882a0ead2..bb1335e47 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -47615,7 +47615,7 @@ function SvgKluctlText(_ref, svgRef) {
   })));
 }
 var ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlText);
-/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.f97d4b1ffe2002c0802e2e1ad2044bab.svg");
+/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.1392c9ce908d475e5086961a5b3a3072.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/git.svg
 var _defs;
@@ -47683,7 +47683,7 @@ function SvgKluctlLogo(_ref, svgRef) {
   })));
 }
 var kluctl_logo_ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlLogo);
-/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.252d0acc30f14f58acd1b5faac05c17b.svg");
+/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.928b5d24c522acfce937ce451da78cfd.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/search.svg
 var search_path, search_path2;
@@ -47716,7 +47716,7 @@ function SvgSearch(_ref, svgRef) {
   })));
 }
 var search_ForwardRef = /*#__PURE__*/react.forwardRef(SvgSearch);
-/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.10cfa92f61b9621ea7fe3d64cac12eee.svg");
+/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.301f22f9e2228136d62b0edb7d97c86e.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/targets.svg
 var _circle, targets_path, targets_path2, targets_path3;
@@ -47763,7 +47763,7 @@ function SvgTargets(_ref, svgRef) {
   })));
 }
 var targets_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTargets);
-/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.2b39a3a176679d8e9ed00f0b3bfd3ba5.svg");
+/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.ddda17cc51371fc22f6fc66cb7986073.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/target.svg
 var _ellipse, target_path, target_path2;
@@ -47808,7 +47808,7 @@ function SvgTarget(_ref, svgRef) {
   })));
 }
 var target_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTarget);
-/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.1dd672dc23cacf59e90fbb277c9bdd9d.svg");
+/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.0750f7a6c362d82cc7fb678f9260c46d.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/relation-hline.svg
 var relation_hline_path, relation_hline_circle, _circle2;
@@ -47852,7 +47852,7 @@ function SvgRelationHline(_ref, svgRef) {
   })));
 }
 var relation_hline_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgRelationHline)));
-/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.91c9012405859f512c983b2985999ad7.svg");
+/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.871cfae94c944beb7d05364a2cee37f1.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/project.svg
 var project_ellipse, project_path, project_path2;
@@ -47899,7 +47899,7 @@ function SvgProject(_ref, svgRef) {
   })));
 }
 var project_ForwardRef = /*#__PURE__*/react.forwardRef(SvgProject);
-/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.66e77c7ad83b85f0325c2e0ffed64b8c.svg");
+/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.637cf85e6cadcedc900412158dfa7372.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/cpu.svg
 var cpu_path, cpu_path2, cpu_path3, cpu_path4, cpu_path5, _path6, _path7, _path8, _path9, _path10, _path11, _path12, _path13, _path14;
@@ -47968,7 +47968,7 @@ function SvgCpu(_ref, svgRef) {
   })));
 }
 var cpu_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCpu);
-/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.a3fa0b9152cb81606a7da57c1b07cc85.svg");
+/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.b47d73a3f55d2fa8fa37d8ed73d178c4.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/finger-scan.svg
 var finger_scan_path, finger_scan_path2, finger_scan_path3, finger_scan_path4, finger_scan_path5, finger_scan_path6;
@@ -48034,7 +48034,7 @@ function SvgFingerScan(_ref, svgRef) {
   })));
 }
 var finger_scan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFingerScan);
-/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.ab3c987f3fd693b908ef65df4c2cd433.svg");
+/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.2c034cf5598ca4927432b008dc2304c4.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/tree-view.svg
 var tree_view_path, tree_view_path2, tree_view_path3, tree_view_path4, tree_view_path5;
@@ -48076,7 +48076,7 @@ function SvgTreeView(_ref, svgRef) {
   })));
 }
 var tree_view_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTreeView);
-/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.a2f07b1cebd3235db357cc2b6e4c8c0d.svg");
+/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.3c49a19936c3ecef1167c9ae1aad9102.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/close.svg
 var close_path;
@@ -48105,7 +48105,7 @@ function SvgClose(_ref, svgRef) {
   })));
 }
 var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
-/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.76fdca7f91598011401cb97d4b490d52.svg");
+/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.06c69ef83805e9ea03cc487136b57b43.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/close-light.svg
 var close_light_path;
@@ -48134,7 +48134,7 @@ function SvgCloseLight(_ref, svgRef) {
   })));
 }
 var close_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCloseLight);
-/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.eb8a7d21cff89473a30809cdaacf6446.svg");
+/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.3f339905970f9885aae8cc76977a1abb.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/deploy.svg
 var deploy_circle, deploy_path, _g;
@@ -48186,7 +48186,7 @@ function SvgDeploy(_ref, svgRef) {
   }))));
 }
 var deploy_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDeploy);
-/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.2d28f597e81eb12910b9816b567b11ce.svg");
+/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.62f738f9b93ba10869f740e158192270.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/prune.svg
 var prune_circle, prune_path, prune_path2, prune_path3, prune_path4, prune_path5;
@@ -48250,7 +48250,7 @@ function SvgPrune(_ref, svgRef) {
   })));
 }
 var prune_ForwardRef = /*#__PURE__*/react.forwardRef(SvgPrune);
-/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.a5f592f5851c37276e764af73b2a8a56.svg");
+/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.ac5564f5a55a590b9d82c5e6aac239fd.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/diff.svg
 var diff_circle, diff_g, diff_path;
@@ -48301,7 +48301,7 @@ function SvgDiff(_ref, svgRef) {
   })));
 }
 var diff_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDiff);
-/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.37d81f4e01925715c51f42684bf21554.svg");
+/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.e79db65b5d7c3fb43104133da0dc8368.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/warning.svg
 var warning_path, warning_path2, warning_path3;
@@ -48336,7 +48336,7 @@ function SvgWarning(_ref, svgRef) {
   })));
 }
 var warning_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarning);
-/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.dd1c59340347be553c83108e04d6be04.svg");
+/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.ddf48b11eb0bb3fbca783743bfd0ae08.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/error.svg
 var error_path, error_path2;
@@ -48368,7 +48368,7 @@ function SvgError(_ref, svgRef) {
   })));
 }
 var error_ForwardRef = /*#__PURE__*/react.forwardRef(SvgError);
-/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.c59bc8c7d7f86a588a16bc6ec27d448a.svg");
+/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.ee4b3e05eeb403dd3e8a8f65cc782fd4.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/trash.svg
 var trash_path, trash_path2, trash_path3, trash_path4;
@@ -48411,7 +48411,7 @@ function SvgTrash(_ref, svgRef) {
   })));
 }
 var trash_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTrash);
-/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.b782f36f610aae639750393e0793c538.svg");
+/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.025b2d3120e905c307efe6236bb4d3a2.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/orphan.svg
 var orphan_path, orphan_path2, orphan_path3, orphan_path4;
@@ -48453,7 +48453,7 @@ function SvgOrphan(_ref, svgRef) {
   })));
 }
 var orphan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgOrphan);
-/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.6fde4d55f3fb9bbd2738b0b61fcee146.svg");
+/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.05f9bb90537f7ff1ab68bc2c4806352c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/added.svg
 var added_path, added_path2;
@@ -48486,7 +48486,7 @@ function SvgAdded(_ref, svgRef) {
   })));
 }
 var added_ForwardRef = /*#__PURE__*/react.forwardRef(SvgAdded);
-/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.a633ace445f83e4ab52d3c80cc788e1e.svg");
+/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.54530b6cceb257eddeb8f0016f3c9821.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/changed.svg
 var changed_path, changed_path2, changed_path3;
@@ -48522,7 +48522,7 @@ function SvgChanged(_ref, svgRef) {
   })));
 }
 var changed_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanged);
-/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.a9c091de612ab63c8d38d83dbb73e505.svg");
+/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.27c5207a7397f2557ac197a3636da39d.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox.svg
 var _rect;
@@ -48557,7 +48557,7 @@ function SvgCheckbox(_ref, svgRef) {
   })));
 }
 var checkbox_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckbox);
-/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.90148614b6ab0451aac6f71db92028fd.svg");
+/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.bcc364182a1a03dc753e7402a023eee2.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-checked.svg
 var checkbox_checked_rect, checkbox_checked_path, _rect2;
@@ -48601,7 +48601,7 @@ function SvgCheckboxChecked(_ref, svgRef) {
   })));
 }
 var checkbox_checked_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckboxChecked);
-/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.1c552519ffded79bb8ad25822c2573bb.svg");
+/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.57f61c3bde08a33c0bd9136714a3d3b3.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-disabled.svg
 var checkbox_disabled_rect, checkbox_disabled_rect2;
@@ -48644,7 +48644,7 @@ function SvgCheckboxDisabled(_ref, svgRef) {
   })));
 }
 var checkbox_disabled_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgCheckboxDisabled)));
-/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.f7de3b059a1f9fc60f809e7d3fd601e2.svg");
+/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.83ae46d3015ca4b4114b8a785857ef00.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/arrow-left.svg
 var arrow_left_path, arrow_left_path2;
@@ -48677,7 +48677,7 @@ function SvgArrowLeft(_ref, svgRef) {
   })));
 }
 var arrow_left_ForwardRef = /*#__PURE__*/react.forwardRef(SvgArrowLeft);
-/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.0e69d1eb25254a957b660d86b58b7594.svg");
+/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.55965a5b737ce5b390f6ce9053ef61f4.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/warning-sign.svg
 var warning_sign_path, warning_sign_path2, warning_sign_path3;
@@ -48713,7 +48713,7 @@ function SvgWarningSign(_ref, svgRef) {
   })));
 }
 var warning_sign_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarningSign);
-/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.fb9ebdb743ce95ba858869fcc9772754.svg");
+/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.a4dd71daaeea7e2f3212daa2159c2c55.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/changes.svg
 var changes_path, changes_path2, changes_path3;
@@ -48750,7 +48750,7 @@ function SvgChanges(_ref, svgRef) {
   })));
 }
 var changes_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanges);
-/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.b1e048d4a195559cfe9376069cd93bea.svg");
+/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.ceb3f50f60cb8242ab5c9a5bfecb20f8.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/star.svg
 var star_path, star_path2;
@@ -48783,7 +48783,7 @@ function SvgStar(_ref, svgRef) {
   })));
 }
 var star_ForwardRef = /*#__PURE__*/react.forwardRef(SvgStar);
-/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.0c433d1c6ccb36781955621fc40f0540.svg");
+/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.231e6e122fdf32a9487349a189a2a100.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-down.svg
 var triangle_down_path, triangle_down_path2;
@@ -48816,7 +48816,7 @@ function SvgTriangleDown(_ref, svgRef) {
   })));
 }
 var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
-/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.cb859bf44378ddfd76730eb4a9f90a89.svg");
+/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.60eb89e2ef7264593e9b4daf2377cc6c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-left-light.svg
 var triangle_left_light_path, triangle_left_light_path2;
@@ -48850,7 +48850,7 @@ function SvgTriangleLeftLight(_ref, svgRef) {
   })));
 }
 var triangle_left_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleLeftLight);
-/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.723aa352c7195ed6c2c94748badb018c.svg");
+/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.65fea1fe6bee135dd5ccdcfd6ee5ba02.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right-light.svg
 var triangle_right_light_path, triangle_right_light_path2;
@@ -48883,7 +48883,7 @@ function SvgTriangleRightLight(_ref, svgRef) {
   })));
 }
 var triangle_right_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRightLight);
-/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.22d8903e553c49bf9b0100b61fe7254f.svg");
+/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.0436dfced580e6b8bf6a64dbbb6b6ebd.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
 var triangle_right_path, triangle_right_path2;
@@ -48917,7 +48917,7 @@ function SvgTriangleRight(_ref, svgRef) {
   })));
 }
 var triangle_right_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRight);
-/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.795bcf3f22906edc57cecb48328c9f89.svg");
+/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.4ec8dee9a1ea90ac8936f504d81720ca.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-curly.svg
 var brackets_curly_path;
@@ -48946,7 +48946,7 @@ function SvgBracketsCurly(_ref, svgRef) {
   })));
 }
 var brackets_curly_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsCurly);
-/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.99e04241d2e10a7cfb60d2c695401adc.svg");
+/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.d831d285bb85a307a76da8c13f76fa9b.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-square.svg
 var brackets_square_path;
@@ -48975,7 +48975,7 @@ function SvgBracketsSquare(_ref, svgRef) {
   })));
 }
 var brackets_square_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsSquare);
-/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.3daecb55d1cd657d5682c02cfe8563d5.svg");
+/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.c743c4f98f9a2cdddff2e1ec7843d74c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/file.svg
 var file_path, file_path2, file_path3;
@@ -49011,7 +49011,7 @@ function SvgFile(_ref, svgRef) {
   })));
 }
 var file_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFile);
-/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.f2670ef3fe4fae6122bb957ea2390db0.svg");
+/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.82db4ab2b22fca5dc01ef7cc944e4cae.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/result.svg
 var result_circle, result_path, result_g;
@@ -49063,7 +49063,7 @@ function SvgResult(_ref, svgRef) {
   }))));
 }
 var result_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgResult)));
-/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.cc7a9a9173a072950aee17843ff145ba.svg");
+/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.f37cb0485efb4bdd26bde5626dcc236b.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/include.svg
 var include_circle, include_path, include_path2, include_path3, include_path4;
@@ -49125,7 +49125,7 @@ function SvgInclude(_ref, svgRef) {
   })));
 }
 var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
-/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.6bf4795a2f5623b297789116effd0bec.svg");
+/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.758427058cde3728cc49a2a93848150c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/Icons.tsx
 var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var CloseLightIcon=function CloseLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_light_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleLeftLightIcon=function TriangleLeftLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_left_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightLightIcon=function TriangleRightLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
@@ -59259,7 +59259,7 @@ var DeletedOrOrphanObjectsCollectionNode=/*#__PURE__*/function(_NodeData){_inher
 ;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeBuilder.ts
 var NodeBuilder=/*#__PURE__*/function(){function NodeBuilder(props){var _props$commandResult$,_this=this,_props$commandResult$2,_props$commandResult$3;classCallCheck_classCallCheck(this,NodeBuilder);this.props=void 0;this.changedObjectsMap=new Map();this.newObjectsMap=new Map();this.orphanObjectsMap=new Map();this.deletedObjectsMap=new Map();this.errorsMap=new Map();this.warningsMap=new Map();this.props=props;(_props$commandResult$=props.commandResult.objects)===null||_props$commandResult$===void 0?void 0:_props$commandResult$.forEach(function(o){var _o$changes;var key=buildObjectRefKey(o.ref);if((_o$changes=o.changes)!==null&&_o$changes!==void 0&&_o$changes.length){_this.changedObjectsMap.set(key,o);}if(o.new){_this.newObjectsMap.set(key,o.ref);}if(o.orphan){_this.orphanObjectsMap.set(key,o.ref);}if(o.deleted){_this.deletedObjectsMap.set(key,o.ref);}});(_props$commandResult$2=props.commandResult.errors)===null||_props$commandResult$2===void 0?void 0:_props$commandResult$2.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.errorsMap.get(key);if(!l){l=[e];_this.errorsMap.set(key,l);}else{l.push(e);}});(_props$commandResult$3=props.commandResult.warnings)===null||_props$commandResult$3===void 0?void 0:_props$commandResult$3.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.warningsMap.get(key);if(!l){l=[e];_this.warningsMap.set(key,l);}else{l.push(e);}});}createClass_createClass(NodeBuilder,[{key:"buildRoot",value:function buildRoot(){var rootNode=new CommandResultNodeData(this.props,"root");if(this.props.commandResult.deployment){this.buildDeploymentProjectChildren(rootNode,this.props.commandResult.deployment);}if(this.deletedObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,true,Array.from(this.deletedObjectsMap.values()));}if(this.orphanObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,false,Array.from(this.orphanObjectsMap.values()));}var nodeMap=new Map();function collect(n){nodeMap.set(n.id,n);n.children.forEach(function(c){collect(c);});}collect(rootNode);return[rootNode,nodeMap];}},{key:"buildDeploymentProjectChildren",value:function buildDeploymentProjectChildren(node,deploymentProject){var _deploymentProject$de,_this2=this;if(deploymentProject.vars){this.buildVarsSourceCollectionNode(node,deploymentProject.vars);}(_deploymentProject$de=deploymentProject.deployments)===null||_deploymentProject$de===void 0?void 0:_deploymentProject$de.forEach(function(deploymentItem,i){_this2.buildDeploymentItemNode(node,deploymentItem,i);});}},{key:"buildVarsSourceCollectionNode",value:function buildVarsSourceCollectionNode(parentNode,varsSources){var _node$varsSources,_this3=this;if(varsSources===undefined){return;}var newId="".concat(parentNode.id,"/(vars)");var node=new VarsSourceCollectionNodeData(this.props,newId);(_node$varsSources=node.varsSources).push.apply(_node$varsSources,toConsumableArray_toConsumableArray(varsSources));varsSources.forEach(function(vs,i){_this3.buildVarsSourceNode(node,vs,i);});parentNode.pushChild(node);return node;}},{key:"buildVarsSourceNode",value:function buildVarsSourceNode(parentNode,varsSource,index){var newId="".concat(parentNode.id,"/").concat(index,"}");var node=new VarsSourceNodeData(this.props,newId,varsSource);parentNode.pushChild(node);return node;}},{key:"buildDeploymentItemNode",value:function buildDeploymentItemNode(parentNode,deploymentItem,index){var _this4=this;var node;var newId="".concat(parentNode.id,"/(dis)/").concat(index);if(deploymentItem.path){var _deploymentItem$rende;node=new DeploymentItemNodeData(this.props,newId,deploymentItem);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);(_deploymentItem$rende=deploymentItem.renderedObjects)===null||_deploymentItem$rende===void 0?void 0:_deploymentItem$rende.forEach(function(renderedObject){_this4.buildObjectNode(node,renderedObject);});}else if(deploymentItem.include||deploymentItem.git){node=new DeploymentItemIncludeNodeData(this.props,newId,deploymentItem,deploymentItem.renderedInclude);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);if(deploymentItem.renderedInclude){this.buildDeploymentProjectChildren(node,deploymentItem.renderedInclude);}}else{return node;}parentNode.pushChild(node);return node;}},{key:"buildObjectNode",value:function buildObjectNode(parentNode,objectRef){var _this$errorsMap$get,_this$warningsMap$get;var newId="".concat(parentNode.id,"/(obj)/").concat(buildObjectRefKey(objectRef));var node=new ObjectNodeData(this.props,newId,objectRef);var key=buildObjectRefKey(objectRef);if(this.changedObjectsMap.has(key)){var _node$diffStatus;(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.addChangedObject(this.changedObjectsMap.get(key));}if(this.newObjectsMap.has(key)){var _node$diffStatus2;(_node$diffStatus2=node.diffStatus)===null||_node$diffStatus2===void 0?void 0:_node$diffStatus2.newObjects.push(objectRef);}if(this.deletedObjectsMap.has(key)){var _node$diffStatus3;(_node$diffStatus3=node.diffStatus)===null||_node$diffStatus3===void 0?void 0:_node$diffStatus3.deletedObjects.push(objectRef);}if(this.orphanObjectsMap.has(key)){var _node$diffStatus4;(_node$diffStatus4=node.diffStatus)===null||_node$diffStatus4===void 0?void 0:_node$diffStatus4.orphanObjects.push(objectRef);}(_this$errorsMap$get=this.errorsMap.get(key))===null||_this$errorsMap$get===void 0?void 0:_this$errorsMap$get.forEach(function(e){var _node$healthStatus;(_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.push(e);});(_this$warningsMap$get=this.warningsMap.get(key))===null||_this$warningsMap$get===void 0?void 0:_this$warningsMap$get.forEach(function(e){var _node$healthStatus2;(_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.push(e);});parentNode.pushChild(node);return node;}},{key:"buildDeletedOrOrphanNode",value:function buildDeletedOrOrphanNode(parentNode,deleted,refs){var _this5=this;var idType=deleted?"deleted":"orphaned";var newId="".concat(parentNode.id,"/(").concat(idType,")");var node=new DeletedOrOrphanObjectsCollectionNode(this.props,newId,deleted);refs.forEach(function(ref){_this5.buildObjectNode(node,ref);});parentNode.pushChild(node,true);return node;}}]);return NodeBuilder;}();function buildObjectRefKey(ref){return[ref.group,ref.version,ref.kind,ref.namespace,ref.name].join("+");}
 ;// CONCATENATED MODULE: ./src/components/targets-view/HistoryCards.tsx
-function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CardContent=/*#__PURE__*/react.memo(function(props){var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!props.provider||!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return null;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",mt:"12px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:tab.content},tab.label);})})]});});var ArrowButton=/*#__PURE__*/react.memo(function(props){var Icon={left:TriangleLeftLightIcon,right:TriangleRightLightIcon}[props.direction];return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"100%",width:"80px",display:"flex",justifyContent:"center",alignItems:"center",children:!props.hidden&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClick,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})});});var HistoryCard=/*#__PURE__*/react.memo(function(props){var navigate=dist_useNavigate();var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(function(){return doGetRootNode(api,props.rs);},[api,props.rs]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],node=_useLoadingHelper2[2];if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(CardPaper,{sx:_objectSpread2({position:'relative'},props.sx),children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{position:"absolute",right:"10px",top:"10px",children:props.transitionFinished&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseLightIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",height:"100%",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"0 16px",flex:"0 0 auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:props.rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",flex:"1 1 auto",overflow:"hidden",display:"flex",flexDirection:"column",children:props.transitionFinished&&(loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(CardContent,{provider:node}))}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"39px",display:"flex",alignItems:"center",justifyContent:"end",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(props.rs.id));},sx:{padding:0,width:32,height:32},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]});});var HistoryCards=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();var containerElem=(0,react.useRef)();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),cardRect=_useState2[0],setCardRect=_useState2[1];var _useState3=(0,react.useState)('not-started'),_useState4=slicedToArray_slicedToArray(_useState3,2),transitionStatus=_useState4[0],setTransitionStatus=_useState4[1];var _useState5=(0,react.useState)(props.rs),_useState6=slicedToArray_slicedToArray(_useState5,2),currentRS=_useState6[0],setCurrentRS=_useState6[1];(0,react.useEffect)(function(){var _containerElem$curren;var rect=(_containerElem$curren=containerElem.current)===null||_containerElem$curren===void 0?void 0:_containerElem$curren.getBoundingClientRect();if(!rect){setCardRect(undefined);return;}var initialRect={left:props.initialCardRect.left-rect.left,top:props.initialCardRect.top-rect.top,width:cardWidth,height:cardHeight};setCardRect(initialRect);},[props.initialCardRect]);(0,react.useEffect)(function(){if(!cardRect){return;}var targetRect={left:0,top:0,width:'100%',height:'100%'};if(cardRect.left===targetRect.left&&cardRect.top===targetRect.top&&cardRect.width===targetRect.width&&cardRect.height===targetRect.height){return;}setTimeout(function(){setCardRect(targetRect);setTransitionStatus('running');setTimeout(function(){setTransitionStatus('finished');},theme.transitions.duration.enteringScreen);},10);},[cardRect,theme.transitions.duration.enteringScreen]);var currentRSIndex=(0,react.useMemo)(function(){return props.ts.commandResults.indexOf(currentRS);},[currentRS,props.ts.commandResults]);var onLeftArrowClick=(0,react.useCallback)(function(){if(currentRSIndex>0){setCurrentRS(props.ts.commandResults[currentRSIndex-1]);}},[currentRSIndex,props.ts.commandResults]);var onRightArrowClick=(0,react.useCallback)(function(){if(currentRSIndex<props.ts.commandResults.length-1){setCurrentRS(props.ts.commandResults[currentRSIndex+1]);}},[currentRSIndex,props.ts.commandResults]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",p:"25px 40px",display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"left",onClick:onLeftArrowClick,hidden:currentRSIndex===0||transitionStatus!=='finished'}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",ref:containerElem,overflow:transitionStatus==='finished'?'hidden':'unset',children:[transitionStatus!=='finished'&&cardRect&&/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:cardRect.width,height:cardRect.height,flex:'0 0 auto',translate:"".concat(cardRect.left,"px ").concat(cardRect.top,"px"),transition:theme.transitions.create(['translate','width','height'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),padding:'20px 0'},rs:currentRS,onClose:props.onClose}),transitionStatus==='finished'&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",width:"100%",height:"100%",display:"flex",gap:"20px",sx:{translate:"calc((-100% - 20px) * ".concat(currentRSIndex,")"),transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:props.ts.commandResults.map(function(rs){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:'100%',height:'100%',flex:'0 0 auto',padding:'20px 0'},rs:rs,transitionFinished:transitionStatus==='finished',onClose:props.onClose},rs.id);})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"right",onClick:onRightArrowClick,hidden:currentRSIndex===props.ts.commandResults.length-1||transitionStatus!=='finished'})]});});
+function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CardContent=/*#__PURE__*/react.memo(function(props){var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!props.provider||!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return null;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",mt:"12px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:tab.content},tab.label);})})]});});var arrowButtonWidth=80;var ArrowButton=/*#__PURE__*/react.memo(function(props){var Icon={left:TriangleLeftLightIcon,right:TriangleRightLightIcon}[props.direction];return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({flex:"0 0 auto",height:"100%",width:"".concat(arrowButtonWidth,"px"),display:"flex",justifyContent:"center",alignItems:"center",position:"relative"},defineProperty_defineProperty({},props.direction,0)),{},{children:!props.hidden&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClick,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}));});var HistoryCard=/*#__PURE__*/react.memo(function(props){var navigate=dist_useNavigate();var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(function(){return doGetRootNode(api,props.rs);},[api,props.rs]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],node=_useLoadingHelper2[2];if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(CardPaper,{sx:_objectSpread2({position:'relative'},props.sx),children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{position:"absolute",right:"10px",top:"10px",children:props.transitionFinished&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseLightIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",height:"100%",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"0 16px",flex:"0 0 auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:props.rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",flex:"1 1 auto",overflow:"hidden",display:"flex",flexDirection:"column",children:props.transitionFinished&&(loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(CardContent,{provider:node}))}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"39px",display:"flex",alignItems:"center",justifyContent:"end",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(props.rs.id));},sx:{padding:0,width:32,height:32},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]});});var HistoryCards=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();var containerElem=(0,react.useRef)();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),cardRect=_useState2[0],setCardRect=_useState2[1];var _useState3=(0,react.useState)('not-started'),_useState4=slicedToArray_slicedToArray(_useState3,2),transitionStatus=_useState4[0],setTransitionStatus=_useState4[1];var _useState5=(0,react.useState)(props.rs),_useState6=slicedToArray_slicedToArray(_useState5,2),currentRS=_useState6[0],setCurrentRS=_useState6[1];(0,react.useEffect)(function(){var _containerElem$curren;var rect=(_containerElem$curren=containerElem.current)===null||_containerElem$curren===void 0?void 0:_containerElem$curren.getBoundingClientRect();if(!rect){setCardRect(undefined);return;}var initialRect={left:props.initialCardRect.left-rect.left,top:props.initialCardRect.top-rect.top,width:cardWidth,height:cardHeight};setCardRect(initialRect);},[props.initialCardRect]);(0,react.useEffect)(function(){if(!cardRect){return;}var targetRect={left:0,top:0,width:'100%',height:'100%'};if(cardRect.left===targetRect.left&&cardRect.top===targetRect.top&&cardRect.width===targetRect.width&&cardRect.height===targetRect.height){return;}setTimeout(function(){setCardRect(targetRect);setTransitionStatus('running');setTimeout(function(){setTransitionStatus('finished');},theme.transitions.duration.enteringScreen);},10);},[cardRect,theme.transitions.duration.enteringScreen]);var currentRSIndex=(0,react.useMemo)(function(){return props.ts.commandResults.indexOf(currentRS);},[currentRS,props.ts.commandResults]);var onLeftArrowClick=(0,react.useCallback)(function(){if(currentRSIndex>0){setCurrentRS(props.ts.commandResults[currentRSIndex-1]);}},[currentRSIndex,props.ts.commandResults]);var onRightArrowClick=(0,react.useCallback)(function(){if(currentRSIndex<props.ts.commandResults.length-1){setCurrentRS(props.ts.commandResults[currentRSIndex+1]);}},[currentRSIndex,props.ts.commandResults]);var paddingX=40;var gap=2*(paddingX+arrowButtonWidth);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",p:"25px ".concat(paddingX,"px"),display:"flex",position:"relative",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"left",onClick:onLeftArrowClick,hidden:currentRSIndex===0||transitionStatus!=='finished'}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"0 0 auto",width:"calc(100% - ".concat(arrowButtonWidth,"px * 2)"),display:"flex",ref:containerElem,children:[transitionStatus!=='finished'&&cardRect&&/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:cardRect.width,height:cardRect.height,flex:'0 0 auto',translate:"".concat(cardRect.left,"px ").concat(cardRect.top,"px"),transition:theme.transitions.create(['translate','width','height'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),padding:'20px 0'},rs:currentRS,onClose:props.onClose}),transitionStatus==='finished'&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",width:"100%",height:"100%",display:"flex",gap:"".concat(gap,"px"),sx:{translate:"calc((-100% - ".concat(gap,"px) * ").concat(currentRSIndex,")"),transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:props.ts.commandResults.map(function(rs){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:'100%',height:'100%',flex:'0 0 auto',padding:'20px 0'},rs:rs,transitionFinished:transitionStatus==='finished',onClose:props.onClose},rs.id);})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"right",onClick:onRightArrowClick,hidden:currentRSIndex===props.ts.commandResults.length-1||transitionStatus!=='finished'})]});});
 ;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
 var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
@@ -61549,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.7c75d535.js.map
\ No newline at end of file
+//# sourceMappingURL=main.5e199973.js.map
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
index 2570361f8..f9fc60a4a 100644
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -70,6 +70,8 @@ const CardContent = React.memo((props: { provider: SidePanelProvider }) => {
     </TabContext>
 });
 
+const arrowButtonWidth = 80;
+
 const ArrowButton = React.memo((props: {
     direction: 'left' | 'right',
     onClick: () => void,
@@ -80,7 +82,16 @@ const ArrowButton = React.memo((props: {
         right: TriangleRightLightIcon
     }[props.direction];
 
-    return <Box flex='0 0 auto' height='100%' width='80px' display='flex' justifyContent='center' alignItems='center'>
+    return <Box
+        flex='0 0 auto'
+        height='100%'
+        width={`${arrowButtonWidth}px`}
+        display='flex'
+        justifyContent='center'
+        alignItems='center'
+        position='relative'
+        {...{ [props.direction]: 0 }}
+    >
         {!props.hidden &&
             <IconButton onClick={props.onClick}>
                 <Icon />
@@ -236,11 +247,16 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
         }
     }, [currentRSIndex, props.ts.commandResults]);
 
+    const paddingX = 40;
+    const gap = 2 * (paddingX + arrowButtonWidth);
+
     return <Box
         width='100%'
         height='100%'
-        p='25px 40px'
+        p={`25px ${paddingX}px`}
         display='flex'
+        position='relative'
+        overflow='hidden'
     >
         <ArrowButton
             direction='left'
@@ -248,10 +264,10 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             hidden={currentRSIndex === 0 || transitionStatus !== 'finished'}
         />
         <Box
-            flex='1 1 auto'
+            flex='0 0 auto'
+            width={`calc(100% - ${arrowButtonWidth}px * 2)`}
             display='flex'
             ref={containerElem}
-            overflow={transitionStatus === 'finished' ? 'hidden' : 'unset'}
         >
             {transitionStatus !== 'finished' && cardRect && <HistoryCard
                 sx={{
@@ -274,9 +290,9 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
                     width='100%'
                     height='100%'
                     display='flex'
-                    gap='20px'
+                    gap={`${gap}px`}
                     sx={{
-                        translate: `calc((-100% - 20px) * ${currentRSIndex})`,
+                        translate: `calc((-100% - ${gap}px) * ${currentRSIndex})`,
                         transition: theme.transitions.create(['translate'], {
                             easing: theme.transitions.easing.sharp,
                             duration: theme.transitions.duration.enteringScreen,

From ca1908e0f47d2c2865dc0debda39e20a8ef12851 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 17:21:31 +0200
Subject: [PATCH 1205/2268] chore: Re-run npm build

---
 pkg/webui/ui/build/index.html          |  2 +-
 pkg/webui/ui/build/static/css/main.css |  2 +-
 pkg/webui/ui/build/static/js/main.js   | 76 +++++++++++++-------------
 3 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index d31444bc3..7b9e36bcf 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.5e199973.js"></script><link href="./static/css/main.css?f=main.94bdb1a0.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.45a7295d.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
index 38a0dc2e1..a8874843f 100644
--- a/pkg/webui/ui/build/static/css/main.css
+++ b/pkg/webui/ui/build/static/css/main.css
@@ -84,4 +84,4 @@ body,
   unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
-/*# sourceMappingURL=main.94bdb1a0.css.map*/
\ No newline at end of file
+/*# sourceMappingURL=main.9c2b54a7.css.map*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index bb1335e47..7fc426284 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -47615,7 +47615,7 @@ function SvgKluctlText(_ref, svgRef) {
   })));
 }
 var ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlText);
-/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.1392c9ce908d475e5086961a5b3a3072.svg");
+/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.f97d4b1ffe2002c0802e2e1ad2044bab.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/git.svg
 var _defs;
@@ -47683,7 +47683,7 @@ function SvgKluctlLogo(_ref, svgRef) {
   })));
 }
 var kluctl_logo_ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlLogo);
-/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.928b5d24c522acfce937ce451da78cfd.svg");
+/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.252d0acc30f14f58acd1b5faac05c17b.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/search.svg
 var search_path, search_path2;
@@ -47716,7 +47716,7 @@ function SvgSearch(_ref, svgRef) {
   })));
 }
 var search_ForwardRef = /*#__PURE__*/react.forwardRef(SvgSearch);
-/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.301f22f9e2228136d62b0edb7d97c86e.svg");
+/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.10cfa92f61b9621ea7fe3d64cac12eee.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/targets.svg
 var _circle, targets_path, targets_path2, targets_path3;
@@ -47763,7 +47763,7 @@ function SvgTargets(_ref, svgRef) {
   })));
 }
 var targets_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTargets);
-/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.ddda17cc51371fc22f6fc66cb7986073.svg");
+/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.2b39a3a176679d8e9ed00f0b3bfd3ba5.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/target.svg
 var _ellipse, target_path, target_path2;
@@ -47808,7 +47808,7 @@ function SvgTarget(_ref, svgRef) {
   })));
 }
 var target_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTarget);
-/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.0750f7a6c362d82cc7fb678f9260c46d.svg");
+/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.1dd672dc23cacf59e90fbb277c9bdd9d.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/relation-hline.svg
 var relation_hline_path, relation_hline_circle, _circle2;
@@ -47852,7 +47852,7 @@ function SvgRelationHline(_ref, svgRef) {
   })));
 }
 var relation_hline_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgRelationHline)));
-/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.871cfae94c944beb7d05364a2cee37f1.svg");
+/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.91c9012405859f512c983b2985999ad7.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/project.svg
 var project_ellipse, project_path, project_path2;
@@ -47899,7 +47899,7 @@ function SvgProject(_ref, svgRef) {
   })));
 }
 var project_ForwardRef = /*#__PURE__*/react.forwardRef(SvgProject);
-/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.637cf85e6cadcedc900412158dfa7372.svg");
+/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.66e77c7ad83b85f0325c2e0ffed64b8c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/cpu.svg
 var cpu_path, cpu_path2, cpu_path3, cpu_path4, cpu_path5, _path6, _path7, _path8, _path9, _path10, _path11, _path12, _path13, _path14;
@@ -47968,7 +47968,7 @@ function SvgCpu(_ref, svgRef) {
   })));
 }
 var cpu_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCpu);
-/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.b47d73a3f55d2fa8fa37d8ed73d178c4.svg");
+/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.a3fa0b9152cb81606a7da57c1b07cc85.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/finger-scan.svg
 var finger_scan_path, finger_scan_path2, finger_scan_path3, finger_scan_path4, finger_scan_path5, finger_scan_path6;
@@ -48034,7 +48034,7 @@ function SvgFingerScan(_ref, svgRef) {
   })));
 }
 var finger_scan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFingerScan);
-/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.2c034cf5598ca4927432b008dc2304c4.svg");
+/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.ab3c987f3fd693b908ef65df4c2cd433.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/tree-view.svg
 var tree_view_path, tree_view_path2, tree_view_path3, tree_view_path4, tree_view_path5;
@@ -48076,7 +48076,7 @@ function SvgTreeView(_ref, svgRef) {
   })));
 }
 var tree_view_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTreeView);
-/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.3c49a19936c3ecef1167c9ae1aad9102.svg");
+/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.a2f07b1cebd3235db357cc2b6e4c8c0d.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/close.svg
 var close_path;
@@ -48105,7 +48105,7 @@ function SvgClose(_ref, svgRef) {
   })));
 }
 var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
-/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.06c69ef83805e9ea03cc487136b57b43.svg");
+/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.76fdca7f91598011401cb97d4b490d52.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/close-light.svg
 var close_light_path;
@@ -48134,7 +48134,7 @@ function SvgCloseLight(_ref, svgRef) {
   })));
 }
 var close_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCloseLight);
-/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.3f339905970f9885aae8cc76977a1abb.svg");
+/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.eb8a7d21cff89473a30809cdaacf6446.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/deploy.svg
 var deploy_circle, deploy_path, _g;
@@ -48186,7 +48186,7 @@ function SvgDeploy(_ref, svgRef) {
   }))));
 }
 var deploy_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDeploy);
-/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.62f738f9b93ba10869f740e158192270.svg");
+/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.2d28f597e81eb12910b9816b567b11ce.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/prune.svg
 var prune_circle, prune_path, prune_path2, prune_path3, prune_path4, prune_path5;
@@ -48250,7 +48250,7 @@ function SvgPrune(_ref, svgRef) {
   })));
 }
 var prune_ForwardRef = /*#__PURE__*/react.forwardRef(SvgPrune);
-/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.ac5564f5a55a590b9d82c5e6aac239fd.svg");
+/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.a5f592f5851c37276e764af73b2a8a56.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/diff.svg
 var diff_circle, diff_g, diff_path;
@@ -48301,7 +48301,7 @@ function SvgDiff(_ref, svgRef) {
   })));
 }
 var diff_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDiff);
-/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.e79db65b5d7c3fb43104133da0dc8368.svg");
+/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.37d81f4e01925715c51f42684bf21554.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/warning.svg
 var warning_path, warning_path2, warning_path3;
@@ -48336,7 +48336,7 @@ function SvgWarning(_ref, svgRef) {
   })));
 }
 var warning_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarning);
-/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.ddf48b11eb0bb3fbca783743bfd0ae08.svg");
+/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.dd1c59340347be553c83108e04d6be04.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/error.svg
 var error_path, error_path2;
@@ -48368,7 +48368,7 @@ function SvgError(_ref, svgRef) {
   })));
 }
 var error_ForwardRef = /*#__PURE__*/react.forwardRef(SvgError);
-/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.ee4b3e05eeb403dd3e8a8f65cc782fd4.svg");
+/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.c59bc8c7d7f86a588a16bc6ec27d448a.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/trash.svg
 var trash_path, trash_path2, trash_path3, trash_path4;
@@ -48411,7 +48411,7 @@ function SvgTrash(_ref, svgRef) {
   })));
 }
 var trash_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTrash);
-/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.025b2d3120e905c307efe6236bb4d3a2.svg");
+/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.b782f36f610aae639750393e0793c538.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/orphan.svg
 var orphan_path, orphan_path2, orphan_path3, orphan_path4;
@@ -48453,7 +48453,7 @@ function SvgOrphan(_ref, svgRef) {
   })));
 }
 var orphan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgOrphan);
-/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.05f9bb90537f7ff1ab68bc2c4806352c.svg");
+/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.6fde4d55f3fb9bbd2738b0b61fcee146.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/added.svg
 var added_path, added_path2;
@@ -48486,7 +48486,7 @@ function SvgAdded(_ref, svgRef) {
   })));
 }
 var added_ForwardRef = /*#__PURE__*/react.forwardRef(SvgAdded);
-/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.54530b6cceb257eddeb8f0016f3c9821.svg");
+/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.a633ace445f83e4ab52d3c80cc788e1e.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/changed.svg
 var changed_path, changed_path2, changed_path3;
@@ -48522,7 +48522,7 @@ function SvgChanged(_ref, svgRef) {
   })));
 }
 var changed_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanged);
-/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.27c5207a7397f2557ac197a3636da39d.svg");
+/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.a9c091de612ab63c8d38d83dbb73e505.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox.svg
 var _rect;
@@ -48557,7 +48557,7 @@ function SvgCheckbox(_ref, svgRef) {
   })));
 }
 var checkbox_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckbox);
-/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.bcc364182a1a03dc753e7402a023eee2.svg");
+/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.90148614b6ab0451aac6f71db92028fd.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-checked.svg
 var checkbox_checked_rect, checkbox_checked_path, _rect2;
@@ -48601,7 +48601,7 @@ function SvgCheckboxChecked(_ref, svgRef) {
   })));
 }
 var checkbox_checked_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckboxChecked);
-/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.57f61c3bde08a33c0bd9136714a3d3b3.svg");
+/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.1c552519ffded79bb8ad25822c2573bb.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-disabled.svg
 var checkbox_disabled_rect, checkbox_disabled_rect2;
@@ -48644,7 +48644,7 @@ function SvgCheckboxDisabled(_ref, svgRef) {
   })));
 }
 var checkbox_disabled_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgCheckboxDisabled)));
-/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.83ae46d3015ca4b4114b8a785857ef00.svg");
+/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.f7de3b059a1f9fc60f809e7d3fd601e2.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/arrow-left.svg
 var arrow_left_path, arrow_left_path2;
@@ -48677,7 +48677,7 @@ function SvgArrowLeft(_ref, svgRef) {
   })));
 }
 var arrow_left_ForwardRef = /*#__PURE__*/react.forwardRef(SvgArrowLeft);
-/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.55965a5b737ce5b390f6ce9053ef61f4.svg");
+/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.0e69d1eb25254a957b660d86b58b7594.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/warning-sign.svg
 var warning_sign_path, warning_sign_path2, warning_sign_path3;
@@ -48713,7 +48713,7 @@ function SvgWarningSign(_ref, svgRef) {
   })));
 }
 var warning_sign_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarningSign);
-/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.a4dd71daaeea7e2f3212daa2159c2c55.svg");
+/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.fb9ebdb743ce95ba858869fcc9772754.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/changes.svg
 var changes_path, changes_path2, changes_path3;
@@ -48750,7 +48750,7 @@ function SvgChanges(_ref, svgRef) {
   })));
 }
 var changes_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanges);
-/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.ceb3f50f60cb8242ab5c9a5bfecb20f8.svg");
+/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.b1e048d4a195559cfe9376069cd93bea.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/star.svg
 var star_path, star_path2;
@@ -48783,7 +48783,7 @@ function SvgStar(_ref, svgRef) {
   })));
 }
 var star_ForwardRef = /*#__PURE__*/react.forwardRef(SvgStar);
-/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.231e6e122fdf32a9487349a189a2a100.svg");
+/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.0c433d1c6ccb36781955621fc40f0540.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-down.svg
 var triangle_down_path, triangle_down_path2;
@@ -48816,7 +48816,7 @@ function SvgTriangleDown(_ref, svgRef) {
   })));
 }
 var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
-/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.60eb89e2ef7264593e9b4daf2377cc6c.svg");
+/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.cb859bf44378ddfd76730eb4a9f90a89.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-left-light.svg
 var triangle_left_light_path, triangle_left_light_path2;
@@ -48850,7 +48850,7 @@ function SvgTriangleLeftLight(_ref, svgRef) {
   })));
 }
 var triangle_left_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleLeftLight);
-/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.65fea1fe6bee135dd5ccdcfd6ee5ba02.svg");
+/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.723aa352c7195ed6c2c94748badb018c.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right-light.svg
 var triangle_right_light_path, triangle_right_light_path2;
@@ -48883,7 +48883,7 @@ function SvgTriangleRightLight(_ref, svgRef) {
   })));
 }
 var triangle_right_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRightLight);
-/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.0436dfced580e6b8bf6a64dbbb6b6ebd.svg");
+/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.22d8903e553c49bf9b0100b61fe7254f.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
 var triangle_right_path, triangle_right_path2;
@@ -48917,7 +48917,7 @@ function SvgTriangleRight(_ref, svgRef) {
   })));
 }
 var triangle_right_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRight);
-/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.4ec8dee9a1ea90ac8936f504d81720ca.svg");
+/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.795bcf3f22906edc57cecb48328c9f89.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-curly.svg
 var brackets_curly_path;
@@ -48946,7 +48946,7 @@ function SvgBracketsCurly(_ref, svgRef) {
   })));
 }
 var brackets_curly_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsCurly);
-/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.d831d285bb85a307a76da8c13f76fa9b.svg");
+/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.99e04241d2e10a7cfb60d2c695401adc.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-square.svg
 var brackets_square_path;
@@ -48975,7 +48975,7 @@ function SvgBracketsSquare(_ref, svgRef) {
   })));
 }
 var brackets_square_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsSquare);
-/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.c743c4f98f9a2cdddff2e1ec7843d74c.svg");
+/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.3daecb55d1cd657d5682c02cfe8563d5.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/file.svg
 var file_path, file_path2, file_path3;
@@ -49011,7 +49011,7 @@ function SvgFile(_ref, svgRef) {
   })));
 }
 var file_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFile);
-/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.82db4ab2b22fca5dc01ef7cc944e4cae.svg");
+/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.f2670ef3fe4fae6122bb957ea2390db0.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/result.svg
 var result_circle, result_path, result_g;
@@ -49063,7 +49063,7 @@ function SvgResult(_ref, svgRef) {
   }))));
 }
 var result_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgResult)));
-/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.f37cb0485efb4bdd26bde5626dcc236b.svg");
+/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.cc7a9a9173a072950aee17843ff145ba.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/include.svg
 var include_circle, include_path, include_path2, include_path3, include_path4;
@@ -49125,7 +49125,7 @@ function SvgInclude(_ref, svgRef) {
   })));
 }
 var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
-/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.758427058cde3728cc49a2a93848150c.svg");
+/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.6bf4795a2f5623b297789116effd0bec.svg");
 
 ;// CONCATENATED MODULE: ./src/icons/Icons.tsx
 var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var CloseLightIcon=function CloseLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_light_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleLeftLightIcon=function TriangleLeftLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_left_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightLightIcon=function TriangleRightLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
@@ -61549,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.5e199973.js.map
\ No newline at end of file
+//# sourceMappingURL=main.45a7295d.js.map
\ No newline at end of file

From fdbc61129ae175a3abf4b77e233c6bb86eebcf84 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 22:06:57 +0200
Subject: [PATCH 1206/2268] fix: Enforce LF line-ending for .svg files (#586)

---
 pkg/webui/ui/.gitattributes | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 pkg/webui/ui/.gitattributes

diff --git a/pkg/webui/ui/.gitattributes b/pkg/webui/ui/.gitattributes
new file mode 100644
index 000000000..0c34d559f
--- /dev/null
+++ b/pkg/webui/ui/.gitattributes
@@ -0,0 +1 @@
+*.svg text eol=lf
\ No newline at end of file

From eda6ac8f62107e3949c4d1a303d8c050100d1fec Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 15 Jun 2023 22:12:07 +0200
Subject: [PATCH 1207/2268] fix: Also treat *.map as eol=lf (#588)

---
 pkg/webui/ui/.gitattributes | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/ui/.gitattributes b/pkg/webui/ui/.gitattributes
index 0c34d559f..447692d7d 100644
--- a/pkg/webui/ui/.gitattributes
+++ b/pkg/webui/ui/.gitattributes
@@ -1 +1,2 @@
-*.svg text eol=lf
\ No newline at end of file
+*.svg text eol=lf
+*.map text eol=lf

From 121660189e0fac13a89b026060c0290fd3d331f7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 16 Jun 2023 00:34:09 +0200
Subject: [PATCH 1208/2268] fix: Instead of using .gitattributes to fix CRLF
 issues, implement it via fix-assets (#589)

---
 pkg/webui/ui/.gitattributes               |  2 -
 pkg/webui/ui/build/index.html             |  2 +-
 pkg/webui/ui/build/static/css/main.css    | 12 ++--
 pkg/webui/ui/build/static/js/787.chunk.js |  2 +-
 pkg/webui/ui/build/static/js/main.js      | 78 +++++++++++------------
 pkg/webui/ui/fix-assets/main.go           | 63 ++++++++++++++++--
 6 files changed, 105 insertions(+), 54 deletions(-)
 delete mode 100644 pkg/webui/ui/.gitattributes

diff --git a/pkg/webui/ui/.gitattributes b/pkg/webui/ui/.gitattributes
deleted file mode 100644
index 447692d7d..000000000
--- a/pkg/webui/ui/.gitattributes
+++ /dev/null
@@ -1,2 +0,0 @@
-*.svg text eol=lf
-*.map text eol=lf
diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 7b9e36bcf..044a50d48 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?f=main.45a7295d.js"></script><link href="./static/css/main.css?f=main.9c2b54a7.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?h=217f55cfc94c5ad2da112c26570ba88a95e04d06fbc1586980a389f583333155"></script><link href="./static/css/main.css?h=22248bb46258e7e9fe02b3427c76e5e190e9618be5fb809a11726ecedec33b55" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
index a8874843f..86c1ca612 100644
--- a/pkg/webui/ui/build/static/css/main.css
+++ b/pkg/webui/ui/build/static/css/main.css
@@ -36,7 +36,7 @@ body,
   font-display: swap;
   font-display: var(--fontsource-display, swap);
   font-weight: 200 1000;
-  src: url(../../static/media/nunito-cyrillic-ext-wght-normal.woff2?f=nunito-cyrillic-ext-wght-normal.c18a3502d6473272bdc3.woff2) format('woff2-variations');
+  src: url(../../static/media/nunito-cyrillic-ext-wght-normal.woff2?h=b2611fa3f916d23df9b0735ba668944500ff23b73f9da4fbb10818c875d482a0) format('woff2-variations');
   unicode-range: U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;
 }
 
@@ -47,7 +47,7 @@ body,
   font-display: swap;
   font-display: var(--fontsource-display, swap);
   font-weight: 200 1000;
-  src: url(../../static/media/nunito-cyrillic-wght-normal.woff2?f=nunito-cyrillic-wght-normal.ab3faa41df1758ee5b88.woff2) format('woff2-variations');
+  src: url(../../static/media/nunito-cyrillic-wght-normal.woff2?h=7ca4b4bb8be6840990cc92b2dee938f142df99c93ce85063b391a09369b63b17) format('woff2-variations');
   unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;
 }
 
@@ -58,7 +58,7 @@ body,
   font-display: swap;
   font-display: var(--fontsource-display, swap);
   font-weight: 200 1000;
-  src: url(../../static/media/nunito-vietnamese-wght-normal.woff2?f=nunito-vietnamese-wght-normal.864aa311404227008fae.woff2) format('woff2-variations');
+  src: url(../../static/media/nunito-vietnamese-wght-normal.woff2?h=0ef9726dbc36b5871efa4b0cfdc43fd1bfed5dd48aeb70dc8210e8cb9bc9247b) format('woff2-variations');
   unicode-range: U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;
 }
 
@@ -69,7 +69,7 @@ body,
   font-display: swap;
   font-display: var(--fontsource-display, swap);
   font-weight: 200 1000;
-  src: url(../../static/media/nunito-latin-ext-wght-normal.woff2?f=nunito-latin-ext-wght-normal.b2120f41c4a82a277229.woff2) format('woff2-variations');
+  src: url(../../static/media/nunito-latin-ext-wght-normal.woff2?h=89def7428656f40331c1430ee1dc1846ed1e30d7001707b548f9f816d27264a5) format('woff2-variations');
   unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;
 }
 
@@ -80,8 +80,8 @@ body,
   font-display: swap;
   font-display: var(--fontsource-display, swap);
   font-weight: 200 1000;
-  src: url(../../static/media/nunito-latin-wght-normal.woff2?f=nunito-latin-wght-normal.07adf0b2f5cb89c62ba7.woff2) format('woff2-variations');
+  src: url(../../static/media/nunito-latin-wght-normal.woff2?h=96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357) format('woff2-variations');
   unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
-/*# sourceMappingURL=main.9c2b54a7.css.map*/
\ No newline at end of file
+/*# sourceMappingURL=main.css.map?h=9212af710a168fca4ce287f416924bf456fbc497b2cc289b74211c435224c397*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/787.chunk.js b/pkg/webui/ui/build/static/js/787.chunk.js
index 748939666..15b544b3a 100644
--- a/pkg/webui/ui/build/static/js/787.chunk.js
+++ b/pkg/webui/ui/build/static/js/787.chunk.js
@@ -236,4 +236,4 @@ var e,
 /***/ })
 
 }]);
-//# sourceMappingURL=787.98a1313e.chunk.js.map
\ No newline at end of file
+//# sourceMappingURL=787.chunk.js.map?h=47820fdbf26705ec6b47ae95042786f8669103d43ced5b19492db0ef8a1a30eb
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 7fc426284..7f430b626 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -47615,7 +47615,7 @@ function SvgKluctlText(_ref, svgRef) {
   })));
 }
 var ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlText);
-/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?f=kluctl-text.f97d4b1ffe2002c0802e2e1ad2044bab.svg");
+/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?h=5599a99d8e965c1475a0712854d4c20b8f920a28267ed65213cbdcba720a1a33");
 
 ;// CONCATENATED MODULE: ./src/icons/git.svg
 var _defs;
@@ -47654,7 +47654,7 @@ function SvgGit(_ref, svgRef) {
   })));
 }
 var git_ForwardRef = /*#__PURE__*/react.forwardRef(SvgGit);
-/* harmony default export */ var git = (__webpack_require__.p + "static/media/git.svg?f=git.53474401b92b10a2c44571348999e714.svg");
+/* harmony default export */ var git = (__webpack_require__.p + "static/media/git.svg?h=2989537d0badbe5ef04e33d0c26fed9dd7f949310e0eb0f85dcbf9ff43e1e231");
 
 ;// CONCATENATED MODULE: ./src/icons/kluctl-logo.svg
 var kluctl_logo_path;
@@ -47683,7 +47683,7 @@ function SvgKluctlLogo(_ref, svgRef) {
   })));
 }
 var kluctl_logo_ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlLogo);
-/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?f=kluctl-logo.252d0acc30f14f58acd1b5faac05c17b.svg");
+/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?h=7d059c061a18c3766a797697efc167ad38bfd4871a68abd35614a49684ea83cb");
 
 ;// CONCATENATED MODULE: ./src/icons/search.svg
 var search_path, search_path2;
@@ -47716,7 +47716,7 @@ function SvgSearch(_ref, svgRef) {
   })));
 }
 var search_ForwardRef = /*#__PURE__*/react.forwardRef(SvgSearch);
-/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?f=search.10cfa92f61b9621ea7fe3d64cac12eee.svg");
+/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?h=7e9ab6fee66c4ecdfb04a958152201a6c415cea8e98368f513f7e38bbcb59265");
 
 ;// CONCATENATED MODULE: ./src/icons/targets.svg
 var _circle, targets_path, targets_path2, targets_path3;
@@ -47763,7 +47763,7 @@ function SvgTargets(_ref, svgRef) {
   })));
 }
 var targets_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTargets);
-/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?f=targets.2b39a3a176679d8e9ed00f0b3bfd3ba5.svg");
+/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?h=a44bb94e204eb47bd105d1a987b6d514bb4b84d4e57c6597d7339a9dbc926224");
 
 ;// CONCATENATED MODULE: ./src/icons/target.svg
 var _ellipse, target_path, target_path2;
@@ -47808,7 +47808,7 @@ function SvgTarget(_ref, svgRef) {
   })));
 }
 var target_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTarget);
-/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?f=target.1dd672dc23cacf59e90fbb277c9bdd9d.svg");
+/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?h=49b4146149b8d455ad856589b7c88f795a8a43c6ddba7d0014be1550fb552723");
 
 ;// CONCATENATED MODULE: ./src/icons/relation-hline.svg
 var relation_hline_path, relation_hline_circle, _circle2;
@@ -47852,7 +47852,7 @@ function SvgRelationHline(_ref, svgRef) {
   })));
 }
 var relation_hline_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgRelationHline)));
-/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?f=relation-hline.91c9012405859f512c983b2985999ad7.svg");
+/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?h=d8e3ff7b79ea251ab37f8117527bd452a5ca962eb1ca21c6e7b8e285ee57468c");
 
 ;// CONCATENATED MODULE: ./src/icons/project.svg
 var project_ellipse, project_path, project_path2;
@@ -47899,7 +47899,7 @@ function SvgProject(_ref, svgRef) {
   })));
 }
 var project_ForwardRef = /*#__PURE__*/react.forwardRef(SvgProject);
-/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?f=project.66e77c7ad83b85f0325c2e0ffed64b8c.svg");
+/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?h=44199fa94e808397355a59b736af8b3c2bf87f2f6a5205c31b415a873a4d4d8f");
 
 ;// CONCATENATED MODULE: ./src/icons/cpu.svg
 var cpu_path, cpu_path2, cpu_path3, cpu_path4, cpu_path5, _path6, _path7, _path8, _path9, _path10, _path11, _path12, _path13, _path14;
@@ -47968,7 +47968,7 @@ function SvgCpu(_ref, svgRef) {
   })));
 }
 var cpu_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCpu);
-/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?f=cpu.a3fa0b9152cb81606a7da57c1b07cc85.svg");
+/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?h=4f20d8f5d919bccd9f172faa8762929f37ddd85a6e458fe84b53e349a1d1a125");
 
 ;// CONCATENATED MODULE: ./src/icons/finger-scan.svg
 var finger_scan_path, finger_scan_path2, finger_scan_path3, finger_scan_path4, finger_scan_path5, finger_scan_path6;
@@ -48034,7 +48034,7 @@ function SvgFingerScan(_ref, svgRef) {
   })));
 }
 var finger_scan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFingerScan);
-/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?f=finger-scan.ab3c987f3fd693b908ef65df4c2cd433.svg");
+/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?h=415c47592edb926869c3c59c6ef803d1faf7ab06b4d0110031222a21a61abc7f");
 
 ;// CONCATENATED MODULE: ./src/icons/tree-view.svg
 var tree_view_path, tree_view_path2, tree_view_path3, tree_view_path4, tree_view_path5;
@@ -48076,7 +48076,7 @@ function SvgTreeView(_ref, svgRef) {
   })));
 }
 var tree_view_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTreeView);
-/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?f=tree-view.a2f07b1cebd3235db357cc2b6e4c8c0d.svg");
+/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?h=9ef6fdcafc96d72a91f43a39e2cd00344b439cd3f3ff289363ad0a8baada77a6");
 
 ;// CONCATENATED MODULE: ./src/icons/close.svg
 var close_path;
@@ -48105,7 +48105,7 @@ function SvgClose(_ref, svgRef) {
   })));
 }
 var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
-/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?f=close.76fdca7f91598011401cb97d4b490d52.svg");
+/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?h=f8d9dcdf085e62ba04b182f66ef408c71c13691bd83ed431aac09c981b3b3a8d");
 
 ;// CONCATENATED MODULE: ./src/icons/close-light.svg
 var close_light_path;
@@ -48134,7 +48134,7 @@ function SvgCloseLight(_ref, svgRef) {
   })));
 }
 var close_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCloseLight);
-/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?f=close-light.eb8a7d21cff89473a30809cdaacf6446.svg");
+/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?h=19c3aa7cdc6bf35102d6f9437c6a0d4412e6e349c926b591122af8a8df11ee7e");
 
 ;// CONCATENATED MODULE: ./src/icons/deploy.svg
 var deploy_circle, deploy_path, _g;
@@ -48186,7 +48186,7 @@ function SvgDeploy(_ref, svgRef) {
   }))));
 }
 var deploy_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDeploy);
-/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?f=deploy.2d28f597e81eb12910b9816b567b11ce.svg");
+/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?h=5ef5e7631c6b158f7ed8e25d00e145bb139937a3def2af691a45ee930a906bcc");
 
 ;// CONCATENATED MODULE: ./src/icons/prune.svg
 var prune_circle, prune_path, prune_path2, prune_path3, prune_path4, prune_path5;
@@ -48250,7 +48250,7 @@ function SvgPrune(_ref, svgRef) {
   })));
 }
 var prune_ForwardRef = /*#__PURE__*/react.forwardRef(SvgPrune);
-/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?f=prune.a5f592f5851c37276e764af73b2a8a56.svg");
+/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?h=782022127a83a36b114977736d9e36c4101fce39ad822abee1a474eff352a604");
 
 ;// CONCATENATED MODULE: ./src/icons/diff.svg
 var diff_circle, diff_g, diff_path;
@@ -48301,7 +48301,7 @@ function SvgDiff(_ref, svgRef) {
   })));
 }
 var diff_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDiff);
-/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?f=diff.37d81f4e01925715c51f42684bf21554.svg");
+/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?h=e5b9cc64086c22cbd40424e67cf80f9696e32fe5640c5cedce8774233059b146");
 
 ;// CONCATENATED MODULE: ./src/icons/warning.svg
 var warning_path, warning_path2, warning_path3;
@@ -48336,7 +48336,7 @@ function SvgWarning(_ref, svgRef) {
   })));
 }
 var warning_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarning);
-/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?f=warning.dd1c59340347be553c83108e04d6be04.svg");
+/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?h=3f478d508e7172505f66b7dadbd81d0e156360ff8bc0de0d12ec851c42ac864f");
 
 ;// CONCATENATED MODULE: ./src/icons/error.svg
 var error_path, error_path2;
@@ -48368,7 +48368,7 @@ function SvgError(_ref, svgRef) {
   })));
 }
 var error_ForwardRef = /*#__PURE__*/react.forwardRef(SvgError);
-/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?f=error.c59bc8c7d7f86a588a16bc6ec27d448a.svg");
+/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?h=9a026f75493e261450266b437a9e4a5c1cb049ba2ee56efa107230a3d057c468");
 
 ;// CONCATENATED MODULE: ./src/icons/trash.svg
 var trash_path, trash_path2, trash_path3, trash_path4;
@@ -48411,7 +48411,7 @@ function SvgTrash(_ref, svgRef) {
   })));
 }
 var trash_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTrash);
-/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?f=trash.b782f36f610aae639750393e0793c538.svg");
+/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?h=414c070724e5b79d4382fb146751a613df58166e88df2baa42fffa71aee32f8a");
 
 ;// CONCATENATED MODULE: ./src/icons/orphan.svg
 var orphan_path, orphan_path2, orphan_path3, orphan_path4;
@@ -48453,7 +48453,7 @@ function SvgOrphan(_ref, svgRef) {
   })));
 }
 var orphan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgOrphan);
-/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?f=orphan.6fde4d55f3fb9bbd2738b0b61fcee146.svg");
+/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?h=75637a27d6cf40bee4022eff91c852ecca4f0bcc7c8c78bf3cd02cd76a5fba66");
 
 ;// CONCATENATED MODULE: ./src/icons/added.svg
 var added_path, added_path2;
@@ -48486,7 +48486,7 @@ function SvgAdded(_ref, svgRef) {
   })));
 }
 var added_ForwardRef = /*#__PURE__*/react.forwardRef(SvgAdded);
-/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?f=added.a633ace445f83e4ab52d3c80cc788e1e.svg");
+/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?h=af4dd83591778905da5dcbc1833893ff89a96495158cab04e1b7b415284b0388");
 
 ;// CONCATENATED MODULE: ./src/icons/changed.svg
 var changed_path, changed_path2, changed_path3;
@@ -48522,7 +48522,7 @@ function SvgChanged(_ref, svgRef) {
   })));
 }
 var changed_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanged);
-/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?f=changed.a9c091de612ab63c8d38d83dbb73e505.svg");
+/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?h=a30883ccb8a4cd3e6416232dd4032ffd8e66e0ffee0111be7c7a98268a4a1605");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox.svg
 var _rect;
@@ -48557,7 +48557,7 @@ function SvgCheckbox(_ref, svgRef) {
   })));
 }
 var checkbox_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckbox);
-/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?f=checkbox.90148614b6ab0451aac6f71db92028fd.svg");
+/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?h=0303869c42d1b682ecbb742cc0854c5638754d1330c39b80b6be07d82fd4fcea");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-checked.svg
 var checkbox_checked_rect, checkbox_checked_path, _rect2;
@@ -48601,7 +48601,7 @@ function SvgCheckboxChecked(_ref, svgRef) {
   })));
 }
 var checkbox_checked_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckboxChecked);
-/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?f=checkbox-checked.1c552519ffded79bb8ad25822c2573bb.svg");
+/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?h=92ab4f2e6bfa34dbb548604d6ad1ae00f19076060aacd9c2a2c6ca31f469079c");
 
 ;// CONCATENATED MODULE: ./src/icons/checkbox-disabled.svg
 var checkbox_disabled_rect, checkbox_disabled_rect2;
@@ -48644,7 +48644,7 @@ function SvgCheckboxDisabled(_ref, svgRef) {
   })));
 }
 var checkbox_disabled_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgCheckboxDisabled)));
-/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?f=checkbox-disabled.f7de3b059a1f9fc60f809e7d3fd601e2.svg");
+/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?h=94fbeaf8068db2fddb43810b7f56cf4271d719f30f0ea327108e57af9d275856");
 
 ;// CONCATENATED MODULE: ./src/icons/arrow-left.svg
 var arrow_left_path, arrow_left_path2;
@@ -48677,7 +48677,7 @@ function SvgArrowLeft(_ref, svgRef) {
   })));
 }
 var arrow_left_ForwardRef = /*#__PURE__*/react.forwardRef(SvgArrowLeft);
-/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?f=arrow-left.0e69d1eb25254a957b660d86b58b7594.svg");
+/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?h=183e112934d3d7e04d2e2fe78ee2f47a7f04210313c736747ee3370f4656f22f");
 
 ;// CONCATENATED MODULE: ./src/icons/warning-sign.svg
 var warning_sign_path, warning_sign_path2, warning_sign_path3;
@@ -48713,7 +48713,7 @@ function SvgWarningSign(_ref, svgRef) {
   })));
 }
 var warning_sign_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarningSign);
-/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?f=warning-sign.fb9ebdb743ce95ba858869fcc9772754.svg");
+/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?h=6512b04406700d29462a623eb41ae95760073332a6f28960317702dd61d21144");
 
 ;// CONCATENATED MODULE: ./src/icons/changes.svg
 var changes_path, changes_path2, changes_path3;
@@ -48750,7 +48750,7 @@ function SvgChanges(_ref, svgRef) {
   })));
 }
 var changes_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanges);
-/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?f=changes.b1e048d4a195559cfe9376069cd93bea.svg");
+/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?h=8a3b67f711bfd0e1b818331d3204b053b1d8225655238c5e585e5d8fbfbb70d0");
 
 ;// CONCATENATED MODULE: ./src/icons/star.svg
 var star_path, star_path2;
@@ -48783,7 +48783,7 @@ function SvgStar(_ref, svgRef) {
   })));
 }
 var star_ForwardRef = /*#__PURE__*/react.forwardRef(SvgStar);
-/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?f=star.0c433d1c6ccb36781955621fc40f0540.svg");
+/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?h=2301326ebc4d30ade3aee8dc4d89c3cdeb89fa6fe5a86f088d6437b193a02f7e");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-down.svg
 var triangle_down_path, triangle_down_path2;
@@ -48816,7 +48816,7 @@ function SvgTriangleDown(_ref, svgRef) {
   })));
 }
 var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
-/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?f=triangle-down.cb859bf44378ddfd76730eb4a9f90a89.svg");
+/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?h=b3825504f7a87e2008f015a505eae34a4d4b3de056523b32aef0f3ee97dddc48");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-left-light.svg
 var triangle_left_light_path, triangle_left_light_path2;
@@ -48850,7 +48850,7 @@ function SvgTriangleLeftLight(_ref, svgRef) {
   })));
 }
 var triangle_left_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleLeftLight);
-/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?f=triangle-left-light.723aa352c7195ed6c2c94748badb018c.svg");
+/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?h=df35ecb761287084bb4d0cbc4ffbfe1fc2a293d207e6290abd825463f189aba0");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right-light.svg
 var triangle_right_light_path, triangle_right_light_path2;
@@ -48883,7 +48883,7 @@ function SvgTriangleRightLight(_ref, svgRef) {
   })));
 }
 var triangle_right_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRightLight);
-/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?f=triangle-right-light.22d8903e553c49bf9b0100b61fe7254f.svg");
+/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?h=669c6e13b5b122615e60e89ab2b01dc4073f13c891c0affdc26c7c92c7e187d9");
 
 ;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
 var triangle_right_path, triangle_right_path2;
@@ -48917,7 +48917,7 @@ function SvgTriangleRight(_ref, svgRef) {
   })));
 }
 var triangle_right_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRight);
-/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?f=triangle-right.795bcf3f22906edc57cecb48328c9f89.svg");
+/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?h=4e2adfe1227483c7faec85cc2dd2c47b720b45484b561af3f1dc9cb71a0c76e3");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-curly.svg
 var brackets_curly_path;
@@ -48946,7 +48946,7 @@ function SvgBracketsCurly(_ref, svgRef) {
   })));
 }
 var brackets_curly_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsCurly);
-/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?f=brackets-curly.99e04241d2e10a7cfb60d2c695401adc.svg");
+/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?h=52ca1e6781ac563ec8694c3e48173bed7f18c48f39bdcf5c35418cb4f0db5231");
 
 ;// CONCATENATED MODULE: ./src/icons/brackets-square.svg
 var brackets_square_path;
@@ -48975,7 +48975,7 @@ function SvgBracketsSquare(_ref, svgRef) {
   })));
 }
 var brackets_square_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsSquare);
-/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?f=brackets-square.3daecb55d1cd657d5682c02cfe8563d5.svg");
+/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?h=2cb41787d8487f94387e48d5d2df0c2d1476a426e7db05bfd18c9ca83b1c3203");
 
 ;// CONCATENATED MODULE: ./src/icons/file.svg
 var file_path, file_path2, file_path3;
@@ -49011,7 +49011,7 @@ function SvgFile(_ref, svgRef) {
   })));
 }
 var file_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFile);
-/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?f=file.f2670ef3fe4fae6122bb957ea2390db0.svg");
+/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?h=a5cdec22db8a9870f965606ebe636175c096705f5230dc3ef5fb8c69e8481e52");
 
 ;// CONCATENATED MODULE: ./src/icons/result.svg
 var result_circle, result_path, result_g;
@@ -49063,7 +49063,7 @@ function SvgResult(_ref, svgRef) {
   }))));
 }
 var result_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgResult)));
-/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?f=result.cc7a9a9173a072950aee17843ff145ba.svg");
+/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?h=109429f6ac0c3258b03a2931285d539bbe05c832b2ffc74bfc4e0186ed415c4e");
 
 ;// CONCATENATED MODULE: ./src/icons/include.svg
 var include_circle, include_path, include_path2, include_path3, include_path4;
@@ -49125,7 +49125,7 @@ function SvgInclude(_ref, svgRef) {
   })));
 }
 var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
-/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?f=include.6bf4795a2f5623b297789116effd0bec.svg");
+/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?h=09e12f819cefe6871ba002f11807c529f4a7c11f4ec84c1a15945fe9a267d26d");
 
 ;// CONCATENATED MODULE: ./src/icons/Icons.tsx
 var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var CloseLightIcon=function CloseLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_light_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleLeftLightIcon=function TriangleLeftLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_left_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightLightIcon=function TriangleRightLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
@@ -61549,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.45a7295d.js.map
\ No newline at end of file
+//# sourceMappingURL=main.js.map?h=1b699a9c9a029bfaa14bdc9c1ea688196c3b803b93226977d03fa0803d4391b3
\ No newline at end of file
diff --git a/pkg/webui/ui/fix-assets/main.go b/pkg/webui/ui/fix-assets/main.go
index 76132b6a9..722e6e416 100644
--- a/pkg/webui/ui/fix-assets/main.go
+++ b/pkg/webui/ui/fix-assets/main.go
@@ -1,13 +1,19 @@
 package main
 
 import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
+	"fmt"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/util/rand"
+	"mime"
 	"os"
 	"path"
 	"path/filepath"
 	"regexp"
+	"sort"
 	"strings"
 )
 
@@ -37,8 +43,22 @@ func main() {
 
 	hashRegex := regexp.MustCompile(`([a-z-0-9-_]*)(\.[a-f0-9]*)(\.chunk)?\.(js|css)(\.map)?`)
 
+	var sortedByLen []string
+	for p1 := range manifest.Files {
+		sortedByLen = append(sortedByLen, p1)
+	}
+	sort.Slice(sortedByLen, func(i, j int) bool {
+		l1 := len(sortedByLen[i])
+		l2 := len(sortedByLen[j])
+		if l1 != l2 {
+			return l2 < l1
+		}
+		return sortedByLen[i] < sortedByLen[j]
+	})
+
 	newEntries := map[string]string{}
-	for p1, p2 := range manifest.Files {
+	for _, p1 := range sortedByLen {
+		p2 := manifest.Files[p1]
 		oldName := path.Base(p2)
 		newName := path.Base(p1)
 		oldPath := path.Join(path.Dir(p2), oldName)
@@ -59,10 +79,11 @@ func main() {
 		}
 
 		// we assume that .map files are implicitly replaced by the non-.map versions
-		if !strings.HasSuffix(oldName, ".map") {
-			err = replaceInFiles(".", oldName, newName+"?f="+oldName)
-			doError(err)
-		}
+		//if !strings.HasSuffix(oldName, ".map") {
+		contentHash := calcContentHash(oldPath)
+		err = replaceInFiles(".", oldName, newName+"?h="+contentHash)
+		doError(err)
+		//}
 
 		err = os.Rename(oldPath, newPath)
 		doError(err)
@@ -83,6 +104,38 @@ func main() {
 	doError(err)
 }
 
+func calcContentHash(p string) string {
+	b, err := os.ReadFile(p)
+	if err != nil {
+		panic(err)
+	}
+
+	if isText(p) {
+		// replace CR LF \r\n (windows) with LF \n (unix)
+		b = bytes.ReplaceAll(b, []byte{13, 10}, []byte{10})
+		// replace CF \r (mac) with LF \n (unix)
+		b = bytes.ReplaceAll(b, []byte{13}, []byte{10})
+	}
+
+	s := sha256.Sum256(b)
+	ret := hex.EncodeToString(s[:])
+
+	os.Stderr.WriteString(fmt.Sprintf("%s: %s\n", p, ret))
+
+	return ret
+}
+
+func isText(p string) bool {
+	mt := mime.TypeByExtension(path.Ext(p))
+	if strings.HasPrefix(mt, "text/") {
+		return true
+	}
+	if strings.Index(mt, "+xml") != -1 {
+		return true
+	}
+	return false
+}
+
 func replaceInFiles(dir string, s string, r string) error {
 	return filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
 		if d.IsDir() {

From 45bfeb66e2483c400696bbdb84cc4958aece98d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 17 Jun 2023 00:34:18 +0200
Subject: [PATCH 1209/2268] ci: Add workflow that creates PR comments for
 preview-runs

---
 .github/workflows/preview-comment.yml | 73 +++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 .github/workflows/preview-comment.yml

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
new file mode 100644
index 000000000..1fd73b736
--- /dev/null
+++ b/.github/workflows/preview-comment.yml
@@ -0,0 +1,73 @@
+name: preview-comment
+
+on:
+  workflow_run:
+    workflows:
+      - preview-run
+    types:
+      - requested
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  preview-comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let matchArtifact = undefined
+            while (true) {
+              console.log("do listWorkflowRunArtifacts")
+              let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+                 owner: context.repo.owner,
+                 repo: context.repo.repo,
+                 run_id: context.payload.workflow_run.id,
+              });
+              matchArtifact = allArtifacts.data.artifacts.find((artifact) => {
+                return artifact.name == "preview-run-info"
+              });
+              if (matchArtifact) {
+                console.log("found artifact " + matchArtifact.id)
+                break
+              }
+              console.log("artifact not found, retrying")
+              await new Promise(r => setTimeout(r, 5000));
+            }
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-run-info.zip`, Buffer.from(download.data));
+      - name: 'Unzip artifact'
+        run: unzip preview-run-info.zip
+      - run: |
+          ls -lah
+          find
+      - name: Build comment text
+        run: |
+          cat <<EOF > comment.md
+          # 🤖 Preview Environment is starting up and will be reachable soon.
+          ipfs-id: `$(cat ipfs_id)`
+          
+          # ipfs forward commands
+          http: `ipfs p2p forward /x/kluctl-webui /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
+          ssh: `ipfs p2p forward /x/ssh /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
+          k8s: `ipfs p2p forward /x/k /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
+          
+          # kubeconfig
+          ```
+          $(cat kubeconfig)
+          ```
+          EOF
+      - uses: mshick/add-pr-comment@v2
+        with:
+          message-id: preview-run-info
+          message-path: |
+            comment.md

From 6cb0e6cd650f51c7c91a8b662682683aa7a69b52 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 16 Jun 2023 10:13:33 +0200
Subject: [PATCH 1210/2268] chore: Cleanup commented out code

---
 pkg/webui/ui/fix-assets/main.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkg/webui/ui/fix-assets/main.go b/pkg/webui/ui/fix-assets/main.go
index 722e6e416..6941a3a26 100644
--- a/pkg/webui/ui/fix-assets/main.go
+++ b/pkg/webui/ui/fix-assets/main.go
@@ -78,12 +78,9 @@ func main() {
 			manifest.Files[p1] = newPath
 		}
 
-		// we assume that .map files are implicitly replaced by the non-.map versions
-		//if !strings.HasSuffix(oldName, ".map") {
 		contentHash := calcContentHash(oldPath)
 		err = replaceInFiles(".", oldName, newName+"?h="+contentHash)
 		doError(err)
-		//}
 
 		err = os.Rename(oldPath, newPath)
 		doError(err)

From a0652f6c666f0dfff08bd7e0eea7e84c0f53f3f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 16 Jun 2023 14:45:45 +0200
Subject: [PATCH 1211/2268] feat: Allow to pass Kluctl image to deployments

---
 install/controller/.kluctl.yaml                  | 2 ++
 install/controller/controller/kustomization.yaml | 3 ++-
 install/webui/.kluctl.yaml                       | 2 ++
 install/webui/webui/deployment.yaml              | 3 ++-
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index f85272bec..778f36af8 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -1,6 +1,8 @@
 discriminator: kluctl.io-controller
 
 args:
+  - name: kluctl_image
+    default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
     default: v2.20.4
   - name: controller_args
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index a7551b296..b18e9fed5 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,3 +1,4 @@
+{% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
 {% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.4") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
@@ -14,7 +15,7 @@ patches:
     patch: |-
       - op: add
         path: /spec/template/spec/containers/0/image
-        value: ghcr.io/kluctl/kluctl:{{ kluctl_version }}
+        value: {{ kluctl_image }}:{{ kluctl_version }}
   - target:
       kind: Deployment
       name: kluctl-controller
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 961fb60c4..b52dcb538 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -1,6 +1,8 @@
 discriminator: kluctl.io-webui
 
 args:
+  - name: kluctl_image
+    default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
     default: v2.20.4
   - name: webui_args
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index d832b2ef4..9cff9cff5 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,3 +1,4 @@
+{% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 {% set kluctl_version = get_var("args.kluctl_version", "v2.20.4") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
@@ -28,7 +29,7 @@ spec:
     spec:
       containers:
       - name: webui
-        image: ghcr.io/kluctl/kluctl:{{ kluctl_version }}
+        image: {{ kluctl_image }}:{{ kluctl_version }}
         imagePullPolicy: {{ pull_policy }}
         command:
           - kluctl

From 553893a7500751e70b1b45273e7786f984baf96f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 16 Jun 2023 10:14:03 +0200
Subject: [PATCH 1212/2268] fix: Make goreleaser, Dockerfile and Makefile all
 use the same binary name

---
 .goreleaser.yaml | 2 +-
 Dockerfile       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index c8ebae4c9..3f829010a 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -3,7 +3,7 @@ before:
     - go mod tidy
 builds:
   - <<: &build_defaults
-      binary: kluctl
+      binary: bin/kluctl
       env:
         - CGO_ENABLED=0
       main: ./cmd
diff --git a/Dockerfile b/Dockerfile
index 91818c999..3515958cd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@ RUN apk add git
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache
 
-ARG BIN_PATH=kluctl
+ARG BIN_PATH=bin/kluctl
 COPY $BIN_PATH /usr/bin/
 
 USER 65532:65532

From 234fd06ad7468b6d87dc4ba570fa87252e0e943c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 20 Jun 2023 15:36:49 +0200
Subject: [PATCH 1213/2268] ci: Implement IPFS based webui previews

---
 .github/workflows/preview-comment.yml | 154 ++++++---
 .github/workflows/preview-run.yml     | 182 ++++++++++
 hack/ipfs-exchange-info/go.mod        |  64 ++++
 hack/ipfs-exchange-info/go.sum        | 285 ++++++++++++++++
 hack/ipfs-exchange-info/main.go       | 465 ++++++++++++++++++++++++++
 5 files changed, 1101 insertions(+), 49 deletions(-)
 create mode 100644 .github/workflows/preview-run.yml
 create mode 100644 hack/ipfs-exchange-info/go.mod
 create mode 100644 hack/ipfs-exchange-info/go.sum
 create mode 100644 hack/ipfs-exchange-info/main.go

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
index 1fd73b736..3128a5f24 100644
--- a/.github/workflows/preview-comment.yml
+++ b/.github/workflows/preview-comment.yml
@@ -1,73 +1,129 @@
 name: preview-comment
 
 on:
-  workflow_run:
-    workflows:
-      - preview-run
-    types:
-      - requested
+  pull_request_target:
+    types: [labeled, synchronize]
+    branches:
+      - main
 
 permissions:
   contents: read
+  issues: write
   pull-requests: write
 
+concurrency: preview-comment
+
 jobs:
   preview-comment:
+    if: ${{ github.event.label.name == 'preview' || contains(github.event.pull_request.labels.*.name, 'preview') }}
     runs-on: ubuntu-latest
     steps:
-      - name: 'Download artifact'
-        uses: actions/github-script@v6
+      - name: Reset PR comment
+        uses: mshick/add-pr-comment@v2
+        with:
+          issue: ${{ github.pull_request.number }}
+          message-id: preview-run-info
+          message: |
+            # 🤖 Preview Environment
+            The preview environment is starting up and will be available soon.
+      - uses: actions/checkout@v2
         with:
-          script: |
-            let matchArtifact = undefined
-            while (true) {
-              console.log("do listWorkflowRunArtifacts")
-              let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-                 owner: context.repo.owner,
-                 repo: context.repo.repo,
-                 run_id: context.payload.workflow_run.id,
-              });
-              matchArtifact = allArtifacts.data.artifacts.find((artifact) => {
-                return artifact.name == "preview-run-info"
-              });
-              if (matchArtifact) {
-                console.log("found artifact " + matchArtifact.id)
-                break
-              }
-              console.log("artifact not found, retrying")
-              await new Promise(r => setTimeout(r, 5000));
-            }
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-run-info.zip`, Buffer.from(download.data));
-      - name: 'Unzip artifact'
-        run: unzip preview-run-info.zip
-      - run: |
-          ls -lah
-          find
+          # Warning, do not try to checkout the base branch here as it would introduce enormous security risks!
+          # Also don't introduce a cache in this workflow!
+          ref: main
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
+      - name: Install some tools
+        run: |
+          sudo apt update
+          sudo apt install -y ncat
+          wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz
+          tar xzf age-v1.1.1-linux-amd64.tar.gz
+          sudo mv age/age* /usr/bin/
+      - name: Install ipfs
+        run: |
+          wget -q https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz
+          tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz
+          ./kubo/install.sh
+      - name: ipfs init
+        run: |
+          ipfs init
+          ipfs config --json Experimental.Libp2pStreamMounting true
+          ipfs config --json Ipns.UsePubsub true
+          ipfs daemon &
+          sleep 1
+          while ! ipfs id &> /dev/null; do
+            echo "waiting for the daemon"
+            sleep 1
+          done
+      - name: Import ipfs key
+        run: |
+          echo "${{ secrets.KLUCTL_PREVIEW_IPNS_KEY }}" | base64 -d > kluctl-preview-comment.pem
+          ipfs key import kluctl-preview-comment kluctl-preview-comment.pem -f pem-pkcs8-cleartext
+      - name: Build ipfs-exchange-info
+        run: |
+          (cd ./hack/ipfs-exchange-info && go build ./)
+      - name: Publish own ID
+        run: |
+          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode publish-ipns --ipns-key kluctl-preview-comment -pr-number ${{ github.event.pull_request.number }}
+      - name: Receive info
+        id: info
+        run: |
+          echo "${{ secrets.KLUCTL_PREVIEW_AGE_KEY }}" > age.key
+          while ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode receive-info \
+            --age-key-file age.key --repo-name "${{ github.repository }}" -pr-number ${{ github.event.pull_request.number }} > info.json; do
+            sleep 1
+          done
+
+          cat info.json | jq ".ipfsId" -r > ipfs_id
+          cat info.json | jq ".staticIpnsName" -r > static_ipns_name
+
+          echo "ipfs_id=$(cat ipfs_id)"
+          echo "static_ipns_name=$(cat static_ipns_name)"
       - name: Build comment text
         run: |
           cat <<EOF > comment.md
-          # 🤖 Preview Environment is starting up and will be reachable soon.
-          ipfs-id: `$(cat ipfs_id)`
+          # 🤖 Preview Environment
+          The preview environment is running.
+          
+          # Accessing the static preview UI
+          This version of the UI is static but updated regularly. The updates will lag quite a lot, as IPFS needs
+          some time to propagate changes. You'd also need to refresh the page to get an update. This version of the UI
+          is not able to interact with the cluster, due to missing WebSockets support in IPFS. Use IPFS p2p forwarding
+          if you need this.
+          
+          The public gateway url is: https://ipfs.io/ipns/$(cat static_ipns_name)/index.html
           
-          # ipfs forward commands
-          http: `ipfs p2p forward /x/kluctl-webui /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
-          ssh: `ipfs p2p forward /x/ssh /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
-          k8s: `ipfs p2p forward /x/k /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)`
+          For much better perforamance and update-speed, install and start [IPFS Kubo](https://github.com/ipfs/kubo/)
+          locally and use this URL: http://$(cat static_ipns_name).ipns.localhost:8080/index.html
           
-          # kubeconfig
-          ```
-          $(cat kubeconfig)
-          ```
+          If you configured a different gateway port then the default (8080), fix the url accordingly.
+          
+          # Accessing the dynamic preview UI
+          First, install and start [IPFS Kubo](https://github.com/ipfs/kubo/) locally.
+          Then run the \`http\` forward command from below.
+          After that, the UI will be accessible through http://localhost:9090.
+          
+          IPFS forward commands:
+          http: \`ipfs p2p forward /x/kluctl-webui /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)\`
+          ssh: \`ipfs p2p forward /x/ssh /ip4/127.0.0.1/tcp/2222 /p2p/$(cat ipfs_id)\`
+          k8s: \`ipfs p2p forward /x/k /ip4/127.0.0.1/tcp/6443 /p2p/$(cat ipfs_id)\`
+          
+          When asked for credentials, use admin:admin.
+          
+          # Shutting it down
+          Either cancel the pipeline in the PR or simply wait for 30 minutes until it auto-terminates.
           EOF
       - uses: mshick/add-pr-comment@v2
         with:
+          issue: ${{ github.pull_request.number }}
           message-id: preview-run-info
           message-path: |
             comment.md
+      - name: Sleep a bit
+        run: |
+          # Sleep a few seconds to give IPFS p2p streams enough time to flush
+          sleep 10
\ No newline at end of file
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
new file mode 100644
index 000000000..627328776
--- /dev/null
+++ b/.github/workflows/preview-run.yml
@@ -0,0 +1,182 @@
+name: preview-run
+
+on:
+  pull_request:
+    types: [labeled, synchronize]
+    branches:
+      - main
+
+concurrency:
+  group: preview-run
+  cancel-in-progress: true
+
+jobs:
+  preview-run:
+    if: ${{ github.event.label.name == 'preview' || contains(github.event.pull_request.labels.*.name, 'preview') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ${{ runner.os }}-preview-build-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-preview-build-
+      - name: Install some tools
+        run: |
+          sudo apt update
+          sudo apt install -y ncat
+          wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz
+          tar xzf age-v1.1.1-linux-amd64.tar.gz
+          sudo mv age/age* /usr/bin/
+      # SETUP IPFS
+      - name: Install ipfs
+        run: |
+          wget -q https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz
+          tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz
+          ./kubo/install.sh
+      - name: Setup ipfs
+        run: |
+          ipfs init
+          ipfs config --json Experimental.Libp2pStreamMounting true
+          ipfs config --json Ipns.UsePubsub true
+          ipfs daemon --enable-pubsub-experiment &
+          sleep 1
+          while ! ipfs id &> /dev/null; do
+            echo "waiting for the daemon"
+            sleep 1
+          done
+          # kick of ipns resolving in the background to warm it up
+          ipfs name resolve k51qzi5uqu5diql7mejg4dfn35igqqf22202vgv3sepjrsobtya2xihqqtshbe &
+      - name: Setup ssh
+        run: |
+          mkdir -p ~/.ssh
+          echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtWJls6XlpszR5zMjiK7cdUnSBI/p7tWaEHykJZrlwHRepNIckPk4ftOsOfiLb+2K/TntPGa0NMWM0uccRNXJ1/hgT5uiA8MpR8d1SGV5QtVwzJkDTXN8iwcTu1zcIUoL2FvQUm/P4hHI4BdcS9GyokOnqh296RRtajnzWZlGtBHRMPt9S7eil9kl5sOuHQIsZHjYkqLb7PSyVWeeMzEEeI28L2ZDrfBBgBNiE4ibVBlRbUeArRO5coV2Vn9uafzOIXT13apo0bhacv5FEmmsEcDGelZWKVInoUQHDnsr7UQPDHS2OsdtZRCluvRYH5ZC4SvrDeuZe4AKjc8iDeNuZLlzn7cgwGZDNHJ1PwAWwEz4/yF0vshA7mfrXLhjJ4+vN4enlQqDYqvudJ3x4uKO67panc+Gmaq76mxh81bJHNnlothEs9K9WfGcXAlBBjuk/0kmIf6I1ICA/dxCKa0sAMbolZHoBuoVUszQdlVrDkwPmzNCenBX/MPDJl08FJFc= ablock@Alexanders-MacBook-Pro.local" >> ~/.ssh/authorized_keys
+          sudo systemctl enable ssh
+          sudo systemctl start ssh
+          ipfs p2p listen /x/ssh /ip4/127.0.0.1/tcp/22
+          
+          ssh-keygen -f scp_key -P ""
+          cat scp_key.pub >> ~/.ssh/authorized_keys
+      # SETUP KIND
+      - name: Setup Kind cluster
+        run: |
+          cat <<EOF > kind-config.yaml
+          kind: Cluster
+          apiVersion: kind.x-k8s.io/v1alpha4
+          networking:
+            apiServerAddress: "127.0.0.1"
+            apiServerPort: 6443
+          nodes:
+            - role: control-plane
+              kubeadmConfigPatches:
+                - |
+                  kind: InitConfiguration
+                  nodeRegistration:
+                    kubeletExtraArgs:
+                      node-labels: "ingress-ready=true"
+              extraPortMappings:
+                - containerPort: 80
+                  hostPort: 80
+                  protocol: TCP
+                - containerPort: 443
+                  hostPort: 443
+                  protocol: TCP
+          EOF
+          curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
+          kind create cluster --config kind-config.yaml
+      - name: Kind info
+        run: |
+          kubectl cluster-info
+      # BUILD
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Build binary
+        run: |
+          go build -o bin/kluctl cmd/main.go
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: false
+          load: true
+          tags: kluctl:preview
+      # LOAD IMAGE
+      - name: Load image to Kind
+        run: |
+          kind load docker-image kluctl:preview
+      # INSTALL
+      - name: Install Kluctl Controller
+        run: |
+          cd install/controller
+          ../../bin/kluctl deploy --yes -a kluctl_image=kluctl -a kluctl_version=preview
+      - name: Install Kluctl Webui
+        run: |
+          cd install/webui
+          ../../bin/kluctl deploy --yes -a kluctl_image=kluctl -a kluctl_version=preview
+          kubectl -n kluctl-system create secret generic admin-secret --from-literal adminPassword=admin --from-literal secret=dummy
+      - name: Run kubectl port-forward
+        run: |
+          kubectl -n kluctl-system port-forward svc/kluctl-webui 9090:8080 &
+      - name: Listen ipfs/p2p
+        run: |
+          ipfs p2p listen /x/k /ip4/127.0.0.1/tcp/6443
+          ipfs p2p listen /x/kluctl-webui /ip4/127.0.0.1/tcp/9090
+      # SEND INFO
+      - name: Build ipfs-exchange-info
+        run: |
+          (cd ./hack/ipfs-exchange-info && go build ./)
+      - name: send info
+        run: |
+          static_ipns_name=$(ipfs key gen static-webui)
+          while true; do
+            if ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode resolve-ipns -pr-number ${{ github.event.pull_request.number }} -ipns-name k51qzi5uqu5diql7mejg4dfn35igqqf22202vgv3sepjrsobtya2xihqqtshbe > ipfs_id; then
+              echo "Resolving IPNS failed...retrying..."
+              sleep 1
+              continue
+            fi
+            echo "ipfs_id=$(cat ipfs_id)"
+            if ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode send-info -pr-number ${{ github.event.pull_request.number }} -age-pub-key age1dhueesr5qj8e8uy298k7z8x3ntv620rde89phumg0kvjx2t32elsm759z7 --ipfs-id $(cat ipfs_id) --static-ipns-name $static_ipns_name; then
+              echo "Resolving info failed...retrying..."
+              sleep 1
+              continue
+            fi
+            break
+          done
+        env:
+          # we send the GITHUB_TOKEN to the preview-comment workflow. This token is then verified to be from a workflow
+          # that runs inside this repo, which can only be a workflow that got manually approved. The token is encrypted
+          # via age
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # GENERATE STATIC WEBUI
+      - name: Publish static webui and sleep
+        run: |
+          (
+            old_cid=""
+            while true; do
+              rm -rf kluctl-webui-static
+              if ./bin/kluctl webui --static-path=kluctl-webui-static; then
+                cid=$(ipfs add -r -Q kluctl-webui-static)
+                if [ "$cid" != "$old_cid" ]; then
+                  echo "Publishing $cid..."
+                  ipfs name publish --key static-webui /ipfs/$cid || true
+                  old_cid="$cid"
+                fi
+              else
+                echo "Building static webui failed"
+              fi
+              sleep 1
+            done
+          ) &
+          echo "Sleeping..."
+          sleep 1800
diff --git a/hack/ipfs-exchange-info/go.mod b/hack/ipfs-exchange-info/go.mod
new file mode 100644
index 000000000..1a78cc690
--- /dev/null
+++ b/hack/ipfs-exchange-info/go.mod
@@ -0,0 +1,64 @@
+module github.com/kluctl/kluctl/hack/ipfs-exchange-info
+
+go 1.20
+
+require (
+	filippo.io/age v1.1.1
+	github.com/ipfs/boxo v0.10.1
+	github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46
+	github.com/sirupsen/logrus v1.9.3
+)
+
+require (
+	github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/ipfs/bbloom v0.0.4 // indirect
+	github.com/ipfs/go-block-format v0.1.2 // indirect
+	github.com/ipfs/go-cid v0.4.1 // indirect
+	github.com/ipfs/go-datastore v0.6.0 // indirect
+	github.com/ipfs/go-ipfs-cmds v0.9.0 // indirect
+	github.com/ipfs/go-ipfs-util v0.0.3 // indirect
+	github.com/ipfs/go-ipld-format v0.5.0 // indirect
+	github.com/ipfs/go-ipld-legacy v0.2.1 // indirect
+	github.com/ipfs/go-log v1.0.5 // indirect
+	github.com/ipfs/go-log/v2 v2.5.1 // indirect
+	github.com/ipfs/go-metrics-interface v0.0.1 // indirect
+	github.com/ipld/go-codec-dagpb v1.6.0 // indirect
+	github.com/ipld/go-ipld-prime v0.20.0 // indirect
+	github.com/jbenet/goprocess v0.1.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
+	github.com/libp2p/go-libp2p v0.27.6 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mr-tron/base58 v1.2.0 // indirect
+	github.com/multiformats/go-base32 v0.1.0 // indirect
+	github.com/multiformats/go-base36 v0.2.0 // indirect
+	github.com/multiformats/go-multiaddr v0.9.0 // indirect
+	github.com/multiformats/go-multibase v0.2.0 // indirect
+	github.com/multiformats/go-multicodec v0.9.0 // indirect
+	github.com/multiformats/go-multihash v0.2.3 // indirect
+	github.com/multiformats/go-multistream v0.4.1 // indirect
+	github.com/multiformats/go-varint v0.0.7 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/polydawn/refmt v0.89.0 // indirect
+	github.com/rs/cors v1.7.0 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.24.0 // indirect
+	golang.org/x/crypto v0.10.0 // indirect
+	golang.org/x/sys v0.9.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+	lukechampine.com/blake3 v1.2.1 // indirect
+)
diff --git a/hack/ipfs-exchange-info/go.sum b/hack/ipfs-exchange-info/go.sum
new file mode 100644
index 000000000..0dfefaac6
--- /dev/null
+++ b/hack/ipfs-exchange-info/go.sum
@@ -0,0 +1,285 @@
+filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
+filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 h1:HVTnpeuvF6Owjd5mniCL8DEXo7uYXdQEmOP4FJbV5tg=
+github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3/go.mod h1:p1d6YEZWvFzEh4KLyvBcVSnrfNDDvK2zfK/4x2v/4pE=
+github.com/cskr/pubsub v1.0.2 h1:vlOzMhl6PFn60gRlTQQsIfVwaPB/B/8MziK8FhEPt/0=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
+github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 h1:BBso6MBKW8ncyZLv37o+KNyy0HrrHgfnOaGQC2qvN+A=
+github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
+github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY=
+github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
+github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
+github.com/ipfs/boxo v0.10.1 h1:q0ZhbyN6iNZLipd6txt1xotCiP/icfvdAQ4YpUi+cL4=
+github.com/ipfs/boxo v0.10.1/go.mod h1:1qgKq45mPRCxf4ZPoJV2lnXxyxucigILMJOrQrVivv8=
+github.com/ipfs/go-block-format v0.1.2 h1:GAjkfhVx1f4YTODS6Esrj1wt2HhrtwTnhEr+DyPUaJo=
+github.com/ipfs/go-block-format v0.1.2/go.mod h1:mACVcrxarQKstUU3Yf/RdwbC4DzPV6++rO2a3d+a/KE=
+github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=
+github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=
+github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=
+github.com/ipfs/go-datastore v0.6.0/go.mod h1:rt5M3nNbSO/8q1t4LNkLyUwRs8HupMeN/8O4Vn9YAT8=
+github.com/ipfs/go-detect-race v0.0.1 h1:qX/xay2W3E4Q1U7d9lNs1sU9nvguX0a7319XbyQ6cOk=
+github.com/ipfs/go-ipfs-blocksutil v0.0.1 h1:Eh/H4pc1hsvhzsQoMEP3Bke/aW5P5rVM1IWFJMcGIPQ=
+github.com/ipfs/go-ipfs-cmds v0.9.0 h1:K0VcXg1l1k6aY6sHnoxYcyimyJQbcV1ueXuWgThmK9Q=
+github.com/ipfs/go-ipfs-cmds v0.9.0/go.mod h1:SBFHK8WNwC416QWH9Vz1Ql42SSMAOqKpaHUMBu3jpLo=
+github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
+github.com/ipfs/go-ipfs-pq v0.0.3 h1:YpoHVJB+jzK15mr/xsWC574tyDLkezVrDNeaalQBsTE=
+github.com/ipfs/go-ipfs-util v0.0.3 h1:2RFdGez6bu2ZlZdI+rWfIdbQb1KudQp3VGwPtdNCmE0=
+github.com/ipfs/go-ipfs-util v0.0.3/go.mod h1:LHzG1a0Ig4G+iZ26UUOMjHd+lfM84LZCrn17xAKWBvs=
+github.com/ipfs/go-ipld-cbor v0.0.6 h1:pYuWHyvSpIsOOLw4Jy7NbBkCyzLDcl64Bf/LZW7eBQ0=
+github.com/ipfs/go-ipld-format v0.5.0 h1:WyEle9K96MSrvr47zZHKKcDxJ/vlpET6PSiQsAFO+Ds=
+github.com/ipfs/go-ipld-format v0.5.0/go.mod h1:ImdZqJQaEouMjCvqCe0ORUS+uoBmf7Hf+EO/jh+nk3M=
+github.com/ipfs/go-ipld-legacy v0.2.1 h1:mDFtrBpmU7b//LzLSypVrXsD8QxkEWxu5qVxN99/+tk=
+github.com/ipfs/go-ipld-legacy v0.2.1/go.mod h1:782MOUghNzMO2DER0FlBR94mllfdCJCkTtDtPM51otM=
+github.com/ipfs/go-log v1.0.5 h1:2dOuUCB1Z7uoczMWgAyDck5JLb72zHzrMnGnCNNbvY8=
+github.com/ipfs/go-log v1.0.5/go.mod h1:j0b8ZoR+7+R99LD9jZ6+AJsrzkPbSXbZfGakb5JPtIo=
+github.com/ipfs/go-log/v2 v2.1.3/go.mod h1:/8d0SH3Su5Ooc31QlL1WysJhvyOTDCjcCZ9Axpmri6g=
+github.com/ipfs/go-log/v2 v2.5.1 h1:1XdUzF7048prq4aBjDQQ4SL5RxftpRGdXhNRwKSAlcY=
+github.com/ipfs/go-log/v2 v2.5.1/go.mod h1:prSpmC1Gpllc9UYWxDiZDreBYw7zp4Iqp1kOLU9U5UI=
+github.com/ipfs/go-metrics-interface v0.0.1 h1:j+cpbjYvu4R8zbleSs36gvB7jR+wsL2fGD6n0jO4kdg=
+github.com/ipfs/go-metrics-interface v0.0.1/go.mod h1:6s6euYU4zowdslK0GKHmqaIZ3j/b/tL7HTWtJ4VPgWY=
+github.com/ipfs/go-peertaskqueue v0.8.1 h1:YhxAs1+wxb5jk7RvS0LHdyiILpNmRIRnZVztekOF0pg=
+github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46 h1:slTRRjlz5fOCtMXRt6HXhEgxksV0XzWjgpgp4Z8iChU=
+github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46/go.mod h1:dxRoDwePol9YV+P7Q96LcN21jiOF3nF8xRC4ij72BIQ=
+github.com/ipld/go-codec-dagpb v1.6.0 h1:9nYazfyu9B1p3NAgfVdpRco3Fs2nFC72DqVsMj6rOcc=
+github.com/ipld/go-codec-dagpb v1.6.0/go.mod h1:ANzFhfP2uMJxRBr8CE+WQWs5UsNa0pYtmKZ+agnUw9s=
+github.com/ipld/go-ipld-prime v0.20.0 h1:Ud3VwE9ClxpO2LkCYP7vWPc0Fo+dYdYzgxUJZ3uRG4g=
+github.com/ipld/go-ipld-prime v0.20.0/go.mod h1:PzqZ/ZR981eKbgdr3y2DJYeD/8bgMawdGVlJDE8kK+M=
+github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=
+github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk=
+github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0o=
+github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
+github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
+github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c=
+github.com/libp2p/go-libp2p v0.27.6 h1:KmGU5kskCaaerm53heqzfGOlrW2z8icZ+fnyqgrZs38=
+github.com/libp2p/go-libp2p v0.27.6/go.mod h1:oMfQGTb9CHnrOuSM6yMmyK2lXz3qIhnkn2+oK3B1Y2g=
+github.com/libp2p/go-libp2p-asn-util v0.3.0 h1:gMDcMyYiZKkocGXDQ5nsUQyquC9+H+iLEQHwOCZ7s8s=
+github.com/libp2p/go-libp2p-record v0.2.0 h1:oiNUOCWno2BFuxt3my4i1frNrt7PerzB3queqa1NkQ0=
+github.com/libp2p/go-libp2p-testing v0.12.0 h1:EPvBb4kKMWO29qP4mZGyhVzUyR25dvfUIK5WDu6iPUA=
+github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
+github.com/libp2p/go-nat v0.1.0 h1:MfVsH6DLcpa04Xr+p8hmVRG4juse0s3J8HyNWYHffXg=
+github.com/libp2p/go-netroute v0.2.1 h1:V8kVrpD8GK0Riv15/7VN6RbUQ3URNZVosw7H2v9tksU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
+github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
+github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
+github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
+github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
+github.com/multiformats/go-multiaddr v0.9.0 h1:3h4V1LHIk5w4hJHekMKWALPXErDfz/sggzwC/NcqbDQ=
+github.com/multiformats/go-multiaddr v0.9.0/go.mod h1:mI67Lb1EeTOYb8GQfL/7wpIZwc46ElrvzhYnoJOmTT0=
+github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A=
+github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
+github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
+github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk=
+github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3IbPKOXWJkmg=
+github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k=
+github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
+github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
+github.com/multiformats/go-multistream v0.4.1 h1:rFy0Iiyn3YT0asivDUIR05leAdwZq3de4741sbiSdfo=
+github.com/multiformats/go-multistream v0.4.1/go.mod h1:Mz5eykRVAjJWckE2U78c6xqdtyNUEhKSM0Lwar2p77Q=
+github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
+github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
+github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
+github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
+github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
+github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
+github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
+github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
+github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
+github.com/quic-go/webtransport-go v0.5.3 h1:5XMlzemqB4qmOlgIus5zB45AcZ2kCgCy2EptUrfOPWU=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
+github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
+github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/warpfork/go-testmark v0.11.0 h1:J6LnV8KpceDvo7spaNU4+DauH2n1x+6RaO2rJrmpQ9U=
+github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSDJfjId/PEGEShv6ugrt4kYsC5UIDaQ=
+github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
+github.com/whyrusleeping/cbor-gen v0.0.0-20230126041949-52956bd4c9aa h1:EyA027ZAkuaCLoxVX4r1TZMPy1d31fM6hbfQ4OU4I5o=
+github.com/whyrusleeping/chunker v0.0.0-20181014151217-fe64bd25879f h1:jQa4QT2UP9WYv2nzyawpKMOCl+Z/jW7djv2/J50lj9E=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
+go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
+go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
+go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
+go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
+lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
diff --git a/hack/ipfs-exchange-info/main.go b/hack/ipfs-exchange-info/main.go
new file mode 100644
index 000000000..f188087bc
--- /dev/null
+++ b/hack/ipfs-exchange-info/main.go
@@ -0,0 +1,465 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/gob"
+	"encoding/json"
+	"filippo.io/age"
+	"flag"
+	"fmt"
+	"github.com/ipfs/boxo/coreiface/options"
+	"github.com/ipfs/boxo/files"
+	log "github.com/sirupsen/logrus"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/ipfs/kubo/client/rpc"
+)
+
+var modeFlag string
+var ipnsKey string
+var ipnsName string
+var ipfsId string
+var staticIpnsName string
+var prNumber int
+var ageKeyFile string
+var agePubKey string
+var repoName string
+
+func ParseFlags() error {
+	flag.StringVar(&modeFlag, "mode", "", "Mode")
+	flag.StringVar(&ipnsKey, "ipns-key", "", "IPNS key name")
+	flag.StringVar(&ipnsName, "ipns-name", "", "IPNS name")
+	flag.StringVar(&staticIpnsName, "static-ipns-name", "", "Static Webui IPNS name")
+	flag.IntVar(&prNumber, "pr-number", 0, "PR number")
+	flag.StringVar(&ipfsId, "ipfs-id", "", "IPFS id")
+	flag.StringVar(&ageKeyFile, "age-key-file", "", "AGE key file")
+	flag.StringVar(&agePubKey, "age-pub-key", "", "AGE pubkey")
+	flag.StringVar(&repoName, "repo-name", "", "Repo name")
+	flag.Parse()
+
+	return nil
+}
+
+func main() {
+	err := ParseFlags()
+	if err != nil {
+		panic(err)
+	}
+
+	// "Connect" to local node
+	node, err := rpc.NewLocalApi()
+	if err != nil {
+		log.Error(err)
+		os.Exit(1)
+	}
+
+	switch modeFlag {
+	case "publish-ipns":
+		err = doPublishIpns(node)
+	case "resolve-ipns":
+		err = doResolve(node)
+	case "send-info":
+		err = doSend(node)
+	case "receive-info":
+		err = doReceive(node)
+	default:
+		err = fmt.Errorf("unknown mode %s", modeFlag)
+	}
+
+	if err != nil {
+		log.Error(err)
+		log.Exit(1)
+	} else {
+		log.Exit(0)
+	}
+}
+
+type ipnsInfo struct {
+	PrNumber int    `json:"prNumber"`
+	IpfsId   string `json:"ipfsId"`
+}
+
+type workflowInfo struct {
+	PrNumber       int    `json:"prNumber"`
+	IpfsId         string `json:"ipfsId"`
+	StaticIpnsName string `json:"staticIpnsName"`
+	GithubToken    string `json:"githubToken"`
+}
+
+func doPublishIpns(node *rpc.HttpApi) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+
+	selfKey, err := node.Key().Self(ctx)
+	if err != nil {
+		return err
+	}
+
+	info := ipnsInfo{
+		PrNumber: prNumber,
+		IpfsId:   selfKey.ID().String(),
+	}
+	b, err := json.Marshal(&info)
+	if err != nil {
+		return err
+	}
+	log.Info("publishing: ", string(b))
+
+	f := files.NewBytesFile(b)
+
+	pth, err := node.Unixfs().Add(ctx, f)
+	if err != nil {
+		return err
+	}
+
+	log.Info("path: ", pth.String())
+
+	ipnsEntry, err := node.Name().Publish(ctx, pth, options.Name.Key(ipnsKey), options.Name.TTL(10*time.Second))
+	if err != nil {
+		return err
+	}
+
+	log.Info("published as ", ipnsEntry.Name())
+
+	return nil
+}
+
+func doResolve(node *rpc.HttpApi) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	log.Info("Resolving: ", ipnsName)
+
+	resolved, err := node.Name().Resolve(ctx, ipnsName, options.Name.Cache(false))
+	if err != nil {
+		return err
+	}
+
+	log.Info("Resolved to: ", resolved.String())
+
+	nd, err := node.Unixfs().Get(ctx, resolved)
+	if err != nil {
+		return err
+	}
+	defer nd.Close()
+
+	f, ok := nd.(files.File)
+	if !ok {
+		return fmt.Errorf("%s is not a file", resolved.String())
+	}
+
+	b, err := io.ReadAll(f)
+	if err != nil {
+		return err
+	}
+
+	var info ipnsInfo
+	err = json.Unmarshal(b, &info)
+	if err != nil {
+		return err
+	}
+
+	log.Info("IPNS Info: ", string(b))
+
+	if info.PrNumber != prNumber {
+		return fmt.Errorf("IPNS entry not up-to-date")
+	}
+
+	_, err = os.Stdout.WriteString(info.IpfsId + "\n")
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func doSend(node *rpc.HttpApi) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	selfKey, err := node.Key().Self(ctx)
+	if err != nil {
+		return err
+	}
+
+	info := workflowInfo{
+		PrNumber:       prNumber,
+		GithubToken:    os.Getenv("GITHUB_TOKEN"),
+		IpfsId:         selfKey.ID().String(),
+		StaticIpnsName: staticIpnsName,
+	}
+
+	b, err := json.Marshal(&info)
+	if err != nil {
+		return err
+	}
+
+	ageRecipient, err := age.ParseX25519Recipient(agePubKey)
+	if err != nil {
+		return err
+	}
+
+	w := bytes.NewBuffer(nil)
+	e, err := age.Encrypt(w, ageRecipient)
+	if err != nil {
+		return err
+	}
+	_, err = e.Write(b)
+	if err != nil {
+		return err
+	}
+	err = e.Close()
+	if err != nil {
+		return err
+	}
+	b = w.Bytes()
+
+	log.Info("Sending info...")
+
+	err = p2pSendFile(ctx, node, ipfsId, b)
+	if err != nil {
+		return err
+	}
+
+	log.Info("Done sending info.")
+
+	return nil
+
+}
+
+func doReceive(node *rpc.HttpApi) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+
+	log.Info("Receiving info...")
+
+	b, err := p2pReceiveFile(ctx, node)
+	if err != nil {
+		return err
+	}
+
+	log.Info("Done receiving info.")
+
+	idsBytes, err := os.ReadFile(ageKeyFile)
+	if err != nil {
+		return err
+	}
+	ageIds, err := age.ParseIdentities(bytes.NewReader(idsBytes))
+	if err != nil {
+		return err
+	}
+	d, err := age.Decrypt(bytes.NewReader(b), ageIds...)
+	if err != nil {
+		return err
+	}
+
+	w := bytes.NewBuffer(nil)
+	_, err = io.Copy(w, d)
+	if err != nil {
+		return err
+	}
+	b = w.Bytes()
+
+	var info workflowInfo
+	err = json.Unmarshal(b, &info)
+	if err != nil {
+		return err
+	}
+
+	if info.PrNumber != prNumber {
+		return fmt.Errorf("%d is not the expected (%d) PR number", info.PrNumber, prNumber)
+	}
+
+	log.Info("Checking Github token...")
+
+	err = checkGithubToken(ctx, info.GithubToken)
+	if err != nil {
+		return err
+	}
+
+	log.Info("Done checking Github token...")
+
+	info.GithubToken = ""
+
+	b, err = json.Marshal(&info)
+	if err != nil {
+		return err
+	}
+	_, _ = os.Stdout.WriteString(string(b) + "\n")
+
+	return nil
+}
+
+func doGithubRequest(ctx context.Context, method string, url string, body string, token string) ([]byte, error) {
+	log.Info("request: ", method, url)
+
+	req, err := http.NewRequest(method, url, strings.NewReader(body))
+	if err != nil {
+		log.Error("NewRequest failed: ", err)
+		return nil, err
+	}
+	req = req.WithContext(ctx)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", fmt.Sprintf("token %s", token))
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		log.Error("Request failed: ", err)
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		log.Error(fmt.Sprintf("Request failed: %d - %v", resp.StatusCode, resp.Status))
+		return nil, fmt.Errorf("http error: %s", resp.Status)
+	}
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Error("Failed to read body: ", err)
+		return nil, err
+	}
+
+	return b, nil
+}
+
+func checkGithubToken(ctx context.Context, token string) error {
+	body := fmt.Sprintf(`{"query": "query UserCurrent{viewer{login}}"}`)
+	b, err := doGithubRequest(ctx, "POST", "https://api.github.com/graphql", body, token)
+	if err != nil {
+		return err
+	}
+	log.Info("body=", string(b))
+
+	var r struct {
+		Data struct {
+			Viewer struct {
+				Login string `json:"login"`
+			} `json:"viewer"`
+		} `json:"data"`
+	}
+	err = json.Unmarshal(b, &r)
+	if err != nil {
+		log.Error("Unmarshal failed: ", err)
+		return err
+	}
+	if r.Data.Viewer.Login != "github-actions[bot]" {
+		log.Error("unexpected response from github")
+		return fmt.Errorf("unexpected response from github")
+	}
+
+	log.Info("Querying repositories...")
+
+	b, err = doGithubRequest(ctx, "GET", "https://api.github.com/installation/repositories", "", token)
+	if err != nil {
+		return err
+	}
+	log.Info("body=", string(b))
+
+	var r2 struct {
+		Repositories []struct {
+			FullName string `json:"full_name"`
+		} `json:"repositories"`
+	}
+	err = json.Unmarshal(b, &r2)
+	if err != nil {
+		return err
+	}
+	if len(r2.Repositories) != 1 {
+		return fmt.Errorf("unexpected repositories count %d", len(r2.Repositories))
+	}
+	if r2.Repositories[0].FullName != repoName {
+		return fmt.Errorf("%s is not the expected repo name", r2.Repositories[0].FullName)
+	}
+
+	return nil
+}
+
+func p2pSendFile(ctx context.Context, node *rpc.HttpApi, ipfsId string, data []byte) error {
+	// close the old one
+	_, _ = node.Request("p2p/close").
+		Option("protocol", "/x/kluctl-preview-info").
+		Option("listen-address", "/ip4/127.0.0.1/tcp/10001").
+		Send(ctx)
+
+	_, err := node.Request("p2p/forward", "/x/kluctl-preview-info", "/ip4/127.0.0.1/tcp/10001", fmt.Sprintf("/p2p/%s", ipfsId)).
+		Send(ctx)
+	if err != nil {
+		return err
+	}
+
+	c, err := net.Dial("tcp", "127.0.0.1:10001")
+	if err != nil {
+		return err
+	}
+	defer c.Close()
+
+	e := gob.NewEncoder(c)
+	d := gob.NewDecoder(c)
+
+	err = e.Encode(data)
+	if err != nil {
+		return err
+	}
+
+	var ok string
+	err = d.Decode(&ok)
+	if err != nil {
+		return err
+	}
+	if ok != "ok" {
+		return fmt.Errorf("did not receive ok")
+	}
+
+	return nil
+}
+
+func p2pReceiveFile(ctx context.Context, node *rpc.HttpApi) ([]byte, error) {
+	l, err := net.Listen("tcp", "127.0.0.1:10002")
+	if err != nil {
+		return nil, err
+	}
+	defer l.Close()
+	addr := l.Addr().(*net.TCPAddr)
+
+	targetAddr := fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", addr.Port)
+
+	// close the old one
+	_, _ = node.Request("p2p/close").
+		Option("protocol", "/x/kluctl-preview-info").
+		Option("target-address", targetAddr).
+		Send(ctx)
+	_, err = node.Request("p2p/listen", "/x/kluctl-preview-info", targetAddr).
+		Send(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := l.Accept()
+	if err != nil {
+		return nil, err
+	}
+	defer c.Close()
+
+	d := gob.NewDecoder(c)
+	e := gob.NewEncoder(c)
+
+	var data []byte
+	err = d.Decode(&data)
+	if err != nil {
+		return nil, err
+	}
+
+	ok := "ok"
+	err = e.Encode(&ok)
+	if err != nil {
+		return nil, err
+	}
+
+	return data, nil
+}

From 02a0977795f011fd9b95d2ef689b1a09b7afc2b3 Mon Sep 17 00:00:00 2001
From: Aleksei Vagarenko <vagarenko@gmail.com>
Date: Wed, 21 Jun 2023 03:59:16 +0600
Subject: [PATCH 1214/2268] Fix visual bug on the Targets page in Firefox
 browser. (#593)

---
 pkg/webui/ui/build/index.html                 |  2 +-
 pkg/webui/ui/build/static/css/main.css        |  2 +-
 pkg/webui/ui/build/static/js/main.js          |  4 ++--
 .../components/targets-view/TargetsView.tsx   | 20 +++++++++----------
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
index 044a50d48..0ef404b56 100644
--- a/pkg/webui/ui/build/index.html
+++ b/pkg/webui/ui/build/index.html
@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?h=217f55cfc94c5ad2da112c26570ba88a95e04d06fbc1586980a389f583333155"></script><link href="./static/css/main.css?h=22248bb46258e7e9fe02b3427c76e5e190e9618be5fb809a11726ecedec33b55" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?h=3a6ac9d7f0c4b1128b39930826bf7e86b0d25c0eb85ab83f3a327471e3913903"></script><link href="./static/css/main.css?h=f4bb44d0b6f157dbfe2a615fda4c62b5fbeeb80df0236a9e8143fc51e5737605" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
index 86c1ca612..70ec57003 100644
--- a/pkg/webui/ui/build/static/css/main.css
+++ b/pkg/webui/ui/build/static/css/main.css
@@ -84,4 +84,4 @@ body,
   unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
 }
 
-/*# sourceMappingURL=main.css.map?h=9212af710a168fca4ce287f416924bf456fbc497b2cc289b74211c435224c397*/
\ No newline at end of file
+/*# sourceMappingURL=main.css.map?h=b04a21858ecfe46c93b33bc95788b6861c50ee3a7852bdb7721e314a3ee95b80*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
index 7f430b626..a7625bb71 100644
--- a/pkg/webui/ui/build/static/js/main.js
+++ b/pkg/webui/ui/build/static/js/main.js
@@ -59264,7 +59264,7 @@ function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}func
 var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
 d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," -").concat(curveRadius,"\n                        v ").concat(cy-rootCenterY+curveRadius*2,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," -").concat(curveRadius,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                    ");}else{// target is lower than root.
-d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var _onSelectCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var onHistoryCardsClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);if(selectedCommandResult&&selectedCardRect){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCards,{rs:selectedCommandResult.rs,ts:selectedCommandResult.ts,initialCardRect:selectedCardRect,onClose:onHistoryCardsClose});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:setSelectedTargetSummary})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",style:{height:"".concat(2*circleRadius+strokeWidth),width:'100%'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(-50% + ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"50%",cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{viewBox:"0 0 ".concat(2*circleRadius+strokeWidth," ").concat(2*circleRadius+strokeWidth),fill:"none",x:"calc(50% - ".concat(circleRadius+strokeWidth/2,"px)"),children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:circleRadius+strokeWidth/2})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return _onSelectCommandResult({rs:rs,ts:ts});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
+d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var _onSelectCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var onHistoryCardsClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);if(selectedCommandResult&&selectedCardRect){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCards,{rs:selectedCommandResult.rs,ts:selectedCommandResult.ts,initialCardRect:selectedCardRect,onClose:onHistoryCardsClose});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:setSelectedTargetSummary})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",height:"".concat(2*circleRadius+strokeWidth,"px"),width:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{height:"100%",width:"100%",viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{fill:"none",height:"100%",width:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{fill:"none",height:"100%",width:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"calc(100% - ".concat(circleRadius+strokeWidth/2,"px)"),cy:"50%"})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return _onSelectCommandResult({rs:rs,ts:ts});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
 ;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/FormControlContext.js
 
 /**
@@ -61549,4 +61549,4 @@ src_reportWebVitals();
 }();
 /******/ })()
 ;
-//# sourceMappingURL=main.js.map?h=1b699a9c9a029bfaa14bdc9c1ea688196c3b803b93226977d03fa0803d4391b3
\ No newline at end of file
+//# sourceMappingURL=main.js.map?h=78c4c4c483e67ca4e22633b40ed284568a0c099b2867977f835076fe1c0315b5
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index b46d9a909..815aa98ee 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -194,12 +194,12 @@ export const TargetsView = () => {
                                     <svg
                                         xmlns='http://www.w3.org/2000/svg'
                                         fill='none'
-                                        style={{
-                                            height: `${2 * circleRadius + strokeWidth}`,
-                                            width: '100%'
-                                        }}
+                                        height={`${2 * circleRadius + strokeWidth}px`}
+                                        width='100%'
                                     >
                                         <svg
+                                            height='100%'
+                                            width='100%'
                                             viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
                                             fill='none'
                                             preserveAspectRatio='none'
@@ -214,18 +214,18 @@ export const TargetsView = () => {
                                             />
                                         </svg>
                                         <svg
-                                            viewBox={`0 0 ${2 * circleRadius + strokeWidth} ${2 * circleRadius + strokeWidth}`}
                                             fill='none'
-                                            x={`calc(-50% + ${circleRadius + strokeWidth / 2}px)`}
+                                            height='100%'
+                                            width='100%'
                                         >
-                                            <Circle cx='50%' cy='50%' />
+                                            <Circle cx={circleRadius + strokeWidth / 2} cy='50%' />
                                         </svg>
                                         <svg
-                                            viewBox={`0 0 ${2 * circleRadius + strokeWidth} ${2 * circleRadius + strokeWidth}`}
                                             fill='none'
-                                            x={`calc(50% - ${circleRadius + strokeWidth / 2}px)`}
+                                            height='100%'
+                                            width='100%'
                                         >
-                                            <Circle cx={circleRadius + strokeWidth / 2} cy={circleRadius + strokeWidth / 2} />
+                                            <Circle cx={`calc(100% - ${circleRadius + strokeWidth / 2}px)`} cy='50%' />
                                         </svg>
                                     </svg>
                                 </Box>

From 636469345cf6c08b8f8ccb49dc997858aee76267 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 09:10:49 +0200
Subject: [PATCH 1215/2268] ci: Remove npm build folder from git

---
 .github/workflows/tests.yml                   |    11 -
 pkg/webui/ui/.gitignore                       |     3 +
 pkg/webui/ui/build.js                         |     7 -
 pkg/webui/ui/build/.gitignore                 |     1 -
 pkg/webui/ui/build/.gitkeep                   |     0
 pkg/webui/ui/build/asset-manifest.json        |    58 -
 pkg/webui/ui/build/favicon.ico                |   Bin 15406 -> 0 bytes
 pkg/webui/ui/build/index.html                 |     1 -
 pkg/webui/ui/build/logo192.png                |   Bin 13703 -> 0 bytes
 pkg/webui/ui/build/logo512.png                |   Bin 26403 -> 0 bytes
 pkg/webui/ui/build/manifest.json              |    25 -
 pkg/webui/ui/build/robots.txt                 |     3 -
 pkg/webui/ui/build/static/css/main.css        |    87 -
 pkg/webui/ui/build/static/js/787.chunk.js     |   239 -
 pkg/webui/ui/build/static/js/main.js          | 61552 ----------------
 pkg/webui/ui/build/static/media/added.svg     |     4 -
 .../ui/build/static/media/arrow-left.svg      |     4 -
 .../ui/build/static/media/brackets-curly.svg  |     3 -
 .../ui/build/static/media/brackets-square.svg |     3 -
 pkg/webui/ui/build/static/media/changed.svg   |     5 -
 pkg/webui/ui/build/static/media/changes.svg   |     5 -
 .../build/static/media/checkbox-checked.svg   |     5 -
 .../build/static/media/checkbox-disabled.svg  |     4 -
 pkg/webui/ui/build/static/media/checkbox.svg  |     3 -
 .../ui/build/static/media/close-light.svg     |     3 -
 pkg/webui/ui/build/static/media/close.svg     |     3 -
 pkg/webui/ui/build/static/media/cpu.svg       |    16 -
 pkg/webui/ui/build/static/media/deploy.svg    |     8 -
 pkg/webui/ui/build/static/media/diff.svg      |     8 -
 pkg/webui/ui/build/static/media/error.svg     |     4 -
 pkg/webui/ui/build/static/media/file.svg      |     5 -
 .../ui/build/static/media/finger-scan.svg     |     8 -
 pkg/webui/ui/build/static/media/git.svg       |     1 -
 pkg/webui/ui/build/static/media/include.svg   |     7 -
 .../ui/build/static/media/kluctl-logo.svg     |     3 -
 .../ui/build/static/media/kluctl-text.svg     |     7 -
 .../nunito-cyrillic-ext-wght-normal.woff2     |   Bin 28960 -> 0 bytes
 .../media/nunito-cyrillic-wght-normal.woff2   |   Bin 20824 -> 0 bytes
 .../media/nunito-latin-ext-wght-normal.woff2  |   Bin 32720 -> 0 bytes
 .../media/nunito-latin-wght-normal.woff2      |   Bin 35904 -> 0 bytes
 .../media/nunito-vietnamese-wght-normal.woff2 |   Bin 10632 -> 0 bytes
 pkg/webui/ui/build/static/media/orphan.svg    |     6 -
 pkg/webui/ui/build/static/media/project.svg   |     5 -
 pkg/webui/ui/build/static/media/prune.svg     |     8 -
 .../ui/build/static/media/relation-hline.svg  |     5 -
 pkg/webui/ui/build/static/media/result.svg    |     8 -
 pkg/webui/ui/build/static/media/search.svg    |     4 -
 pkg/webui/ui/build/static/media/star.svg      |     4 -
 pkg/webui/ui/build/static/media/target.svg    |     5 -
 pkg/webui/ui/build/static/media/targets.svg   |     6 -
 pkg/webui/ui/build/static/media/trash.svg     |     6 -
 pkg/webui/ui/build/static/media/tree-view.svg |     7 -
 .../ui/build/static/media/triangle-down.svg   |     4 -
 .../static/media/triangle-left-light.svg      |     4 -
 .../static/media/triangle-right-light.svg     |     4 -
 .../ui/build/static/media/triangle-right.svg  |     4 -
 .../ui/build/static/media/warning-sign.svg    |     5 -
 pkg/webui/ui/build/static/media/warning.svg   |     5 -
 pkg/webui/ui/build/staticbuild.js             |     1 -
 pkg/webui/ui/fix-assets/main.go               |   169 -
 pkg/webui/ui/package-lock.json                |   396 +-
 pkg/webui/ui/package.json                     |     8 +-
 62 files changed, 7 insertions(+), 62753 deletions(-)
 delete mode 100644 pkg/webui/ui/build.js
 delete mode 100644 pkg/webui/ui/build/.gitignore
 create mode 100644 pkg/webui/ui/build/.gitkeep
 delete mode 100644 pkg/webui/ui/build/asset-manifest.json
 delete mode 100644 pkg/webui/ui/build/favicon.ico
 delete mode 100644 pkg/webui/ui/build/index.html
 delete mode 100644 pkg/webui/ui/build/logo192.png
 delete mode 100644 pkg/webui/ui/build/logo512.png
 delete mode 100644 pkg/webui/ui/build/manifest.json
 delete mode 100644 pkg/webui/ui/build/robots.txt
 delete mode 100644 pkg/webui/ui/build/static/css/main.css
 delete mode 100644 pkg/webui/ui/build/static/js/787.chunk.js
 delete mode 100644 pkg/webui/ui/build/static/js/main.js
 delete mode 100644 pkg/webui/ui/build/static/media/added.svg
 delete mode 100644 pkg/webui/ui/build/static/media/arrow-left.svg
 delete mode 100644 pkg/webui/ui/build/static/media/brackets-curly.svg
 delete mode 100644 pkg/webui/ui/build/static/media/brackets-square.svg
 delete mode 100644 pkg/webui/ui/build/static/media/changed.svg
 delete mode 100644 pkg/webui/ui/build/static/media/changes.svg
 delete mode 100644 pkg/webui/ui/build/static/media/checkbox-checked.svg
 delete mode 100644 pkg/webui/ui/build/static/media/checkbox-disabled.svg
 delete mode 100644 pkg/webui/ui/build/static/media/checkbox.svg
 delete mode 100644 pkg/webui/ui/build/static/media/close-light.svg
 delete mode 100644 pkg/webui/ui/build/static/media/close.svg
 delete mode 100644 pkg/webui/ui/build/static/media/cpu.svg
 delete mode 100644 pkg/webui/ui/build/static/media/deploy.svg
 delete mode 100644 pkg/webui/ui/build/static/media/diff.svg
 delete mode 100644 pkg/webui/ui/build/static/media/error.svg
 delete mode 100644 pkg/webui/ui/build/static/media/file.svg
 delete mode 100644 pkg/webui/ui/build/static/media/finger-scan.svg
 delete mode 100644 pkg/webui/ui/build/static/media/git.svg
 delete mode 100644 pkg/webui/ui/build/static/media/include.svg
 delete mode 100644 pkg/webui/ui/build/static/media/kluctl-logo.svg
 delete mode 100644 pkg/webui/ui/build/static/media/kluctl-text.svg
 delete mode 100644 pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2
 delete mode 100644 pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2
 delete mode 100644 pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2
 delete mode 100644 pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2
 delete mode 100644 pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2
 delete mode 100644 pkg/webui/ui/build/static/media/orphan.svg
 delete mode 100644 pkg/webui/ui/build/static/media/project.svg
 delete mode 100644 pkg/webui/ui/build/static/media/prune.svg
 delete mode 100644 pkg/webui/ui/build/static/media/relation-hline.svg
 delete mode 100644 pkg/webui/ui/build/static/media/result.svg
 delete mode 100644 pkg/webui/ui/build/static/media/search.svg
 delete mode 100644 pkg/webui/ui/build/static/media/star.svg
 delete mode 100644 pkg/webui/ui/build/static/media/target.svg
 delete mode 100644 pkg/webui/ui/build/static/media/targets.svg
 delete mode 100644 pkg/webui/ui/build/static/media/trash.svg
 delete mode 100644 pkg/webui/ui/build/static/media/tree-view.svg
 delete mode 100644 pkg/webui/ui/build/static/media/triangle-down.svg
 delete mode 100644 pkg/webui/ui/build/static/media/triangle-left-light.svg
 delete mode 100644 pkg/webui/ui/build/static/media/triangle-right-light.svg
 delete mode 100644 pkg/webui/ui/build/static/media/triangle-right.svg
 delete mode 100644 pkg/webui/ui/build/static/media/warning-sign.svg
 delete mode 100644 pkg/webui/ui/build/static/media/warning.svg
 delete mode 100644 pkg/webui/ui/build/staticbuild.js
 delete mode 100644 pkg/webui/ui/fix-assets/main.go

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 74553224f..c2674e099 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -72,17 +72,6 @@ jobs:
             git diff
             exit 1
           fi
-      - name: Verify webui build is up-to-date
-        run: |
-          cd pkg/webui/ui
-          npm install
-          npm run build
-          if [ ! -z "$(git status --porcelain)" ]; then
-            echo "npm run build must be invoked and the result committed"
-            git status
-            git diff
-            exit 1
-          fi
 
   tests:
     strategy:
diff --git a/pkg/webui/ui/.gitignore b/pkg/webui/ui/.gitignore
index f471c1a59..3b5e29e26 100644
--- a/pkg/webui/ui/.gitignore
+++ b/pkg/webui/ui/.gitignore
@@ -23,3 +23,6 @@ yarn-error.log*
 *.js.map
 
 /public/staticdata
+
+/build/*
+!/build/.gitkeep
diff --git a/pkg/webui/ui/build.js b/pkg/webui/ui/build.js
deleted file mode 100644
index 17db0e576..000000000
--- a/pkg/webui/ui/build.js
+++ /dev/null
@@ -1,7 +0,0 @@
-const rewire = require('rewire');
-const defaults = rewire('react-scripts/scripts/build.js');
-const config = defaults.__get__('config');
-
-// we disable minimize as we're actually committing the build folder into git, so that people who don't want to deal
-// with the UI while working on Go code don't have to use npm and friends
-config.optimization.minimize = false
diff --git a/pkg/webui/ui/build/.gitignore b/pkg/webui/ui/build/.gitignore
deleted file mode 100644
index c9e9f1beb..000000000
--- a/pkg/webui/ui/build/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-staticdata
\ No newline at end of file
diff --git a/pkg/webui/ui/build/.gitkeep b/pkg/webui/ui/build/.gitkeep
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/webui/ui/build/asset-manifest.json b/pkg/webui/ui/build/asset-manifest.json
deleted file mode 100644
index dfdfa5fab..000000000
--- a/pkg/webui/ui/build/asset-manifest.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "files": {
-    "787.chunk.js": "static/js/787.chunk.js",
-    "787.chunk.js.map": "static/js/787.chunk.js.map",
-    "index.html": "index.html",
-    "main.css": "static/css/main.css",
-    "main.css.map": "static/css/main.css.map",
-    "main.js": "static/js/main.js",
-    "main.js.map": "static/js/main.js.map",
-    "static/media/added.svg": "static/media/added.svg",
-    "static/media/arrow-left.svg": "static/media/arrow-left.svg",
-    "static/media/brackets-curly.svg": "static/media/brackets-curly.svg",
-    "static/media/brackets-square.svg": "static/media/brackets-square.svg",
-    "static/media/changed.svg": "static/media/changed.svg",
-    "static/media/changes.svg": "static/media/changes.svg",
-    "static/media/checkbox-checked.svg": "static/media/checkbox-checked.svg",
-    "static/media/checkbox-disabled.svg": "static/media/checkbox-disabled.svg",
-    "static/media/checkbox.svg": "static/media/checkbox.svg",
-    "static/media/close-light.svg": "static/media/close-light.svg",
-    "static/media/close.svg": "static/media/close.svg",
-    "static/media/cpu.svg": "static/media/cpu.svg",
-    "static/media/deploy.svg": "static/media/deploy.svg",
-    "static/media/diff.svg": "static/media/diff.svg",
-    "static/media/error.svg": "static/media/error.svg",
-    "static/media/file.svg": "static/media/file.svg",
-    "static/media/finger-scan.svg": "static/media/finger-scan.svg",
-    "static/media/git.svg": "static/media/git.svg",
-    "static/media/include.svg": "static/media/include.svg",
-    "static/media/kluctl-logo.svg": "static/media/kluctl-logo.svg",
-    "static/media/kluctl-text.svg": "static/media/kluctl-text.svg",
-    "static/media/nunito-cyrillic-ext-wght-normal.woff2": "static/media/nunito-cyrillic-ext-wght-normal.woff2",
-    "static/media/nunito-cyrillic-wght-normal.woff2": "static/media/nunito-cyrillic-wght-normal.woff2",
-    "static/media/nunito-latin-ext-wght-normal.woff2": "static/media/nunito-latin-ext-wght-normal.woff2",
-    "static/media/nunito-latin-wght-normal.woff2": "static/media/nunito-latin-wght-normal.woff2",
-    "static/media/nunito-vietnamese-wght-normal.woff2": "static/media/nunito-vietnamese-wght-normal.woff2",
-    "static/media/orphan.svg": "static/media/orphan.svg",
-    "static/media/project.svg": "static/media/project.svg",
-    "static/media/prune.svg": "static/media/prune.svg",
-    "static/media/relation-hline.svg": "static/media/relation-hline.svg",
-    "static/media/result.svg": "static/media/result.svg",
-    "static/media/search.svg": "static/media/search.svg",
-    "static/media/star.svg": "static/media/star.svg",
-    "static/media/target.svg": "static/media/target.svg",
-    "static/media/targets.svg": "static/media/targets.svg",
-    "static/media/trash.svg": "static/media/trash.svg",
-    "static/media/tree-view.svg": "static/media/tree-view.svg",
-    "static/media/triangle-down.svg": "static/media/triangle-down.svg",
-    "static/media/triangle-left-light.svg": "static/media/triangle-left-light.svg",
-    "static/media/triangle-right-light.svg": "static/media/triangle-right-light.svg",
-    "static/media/triangle-right.svg": "static/media/triangle-right.svg",
-    "static/media/warning-sign.svg": "static/media/warning-sign.svg",
-    "static/media/warning.svg": "static/media/warning.svg"
-  },
-  "entrypoints": [
-    "static/css/main.css",
-    "static/js/main.js"
-  ]
-}
\ No newline at end of file
diff --git a/pkg/webui/ui/build/favicon.ico b/pkg/webui/ui/build/favicon.ico
deleted file mode 100644
index 496bbc69cabfce158be2fbc7e709e8a81a5bc95e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 15406
zcmeHO3v^V)8D6vxTWwWZwYJ*gQCn+UYisN2sUD@R)x%@&y$Qy*0*Z(SJr#<I4`j{0
z0uj{kkSHdQWS@|P@REmsJT&E@fPln8h#&z4l!u^znCbW3-Pug;-n+X5RC?My=VtDm
z`Cs$TKmYvm&&1{G;5ylL#u+Y@om~CC;c{K+a=AKnN_<~(rpr}^y2~$5w*TDadgCmY
z>k_~K1sI8X6j^_Pc$c$$5q)hSqBj@C_1{Q@LcIGU`Zm<B4U}~Ob^D($q!j>8@bQIo
zzk~u!KkI6i3>TnrqpY`<!BDp|0sD@LAJ)rcyFaW?EQ;MI;)}cugpu`jr9Z5l;|uHW
zfyO(s9q;S$Z1GL({u5az%aQSdj=rc{_rwcMlXbpu_p1T_MPb<eD?WS=#I&nqyJt-2
z(|jSfPF#OPTa9+%i)fnyF~a~%2g2cd3hLJ+9;4dC6|N41AuMt55O-Jd-P9ZCQPv_n
zTU+ZjzO#;PVnp@r;)Ut`#DqDI?kI}qUG0zRCH|29s6T8x7>Mdm0cH{5ED!1ok3XvY
zW7L#BgJX;QCBv(4O7+Q<FZl=Kc#Q>DKo8fdFm~@AkLM(R#N7+HyD*LmAlGiZ?+HY-
zc^H?EeNm&YXF+FJYug{k6#Xs)?1m)Yk%WMrMqw<+B;NJnM4Pr5_Tcl>8Z>Y72i#J&
zjhWh4JU^xP3;{i}0X$=T_|7`en?|_eNjHn}vj>i2J%7HiG2+>pyTts}6$ge+?Ece4
zE$|~+BX~8)Z}jQ>XKU^}Fnh&|A~b)<2w7h;v&*-^=MFrV$+|$5erZBpT?C?en3ahi
zVF*hcS!Y)UqQ?Eiub4X+_{RNqFq!H+5u?-db-fzv>Yv->jk_<%1bZxP^fR6CbjCyf
z)ZU*zYCMSkHp6BPKtGj5@#{`^qQy4AhA=*#(N_`I2{xB{)o;l$gA5TTT-Z@K1&1-h
z_zKui4=4C+^_Z8{D!t_U=MR>o+X(#Bx6poAg<st`k8^!eHa<@6u<?jWPriG`-_X&D
z;|aTeDBES(xa}>0adXs{m4@{jy8b(8wMcrh^hUe=(gyZ2+0Js#n=gsj!on8Pu)-eA
zcOb0w1id3F?LbJ&x6*(QxLLxCs=G(TUh}pD!uowyxb}SeBJMjuyHyWieYlkl+DA(M
z$+Eu{=2*UA+ujuYu(sMt3+v0<vfUTfQa;cM*WT}fc)`h_zeMs-eJ9^#J;vd6k0*UC
z$;3Ah(z{}=Rl-)s`9lUGCi`C??7jqi4v`nupP+;SPcx38-|>dJUo7jbWnpFa-(pUU
z16(C}vK>78NZHLY%sH$Lby^3wCMDtaVQs(5w2iR7FG0fySb6fBw7enB0~k~G1T5kJ
zlQ-5)^e6q%8hsJtPOB~pqwYVZ!zS>95$$&>f3E425&dbj#fj?V-Nt97!)co_kDj9L
zO&bX5qtjs${1H!#B1~eOw4s1==$mfFNoYR=9n5l~XH$RBrp~H6TNuWvm9IW7%I6Fc
zQ|q4-4O{9N8%_&iJqArPR!q_+KILXiw+YY3c&t2f`%c(J6Y!gc$8Xv?{*?iTYF;lE
zQ{EUUiYMQ^YFJhNc^ogsK=i5JsBxjk<2p$lL%t8I)4o?&rCkMGt;{A1#$XlW<f3>%
z+B(g#ArJDh<74G({l<EHdp7>?_jg$Fj?*{e#PQkq!!MM%l5ys7;_LE6v>$`-^lZFS
z?O|<>FO>hYW95&1%y+Oaco_ZOD`}&DlNr;XTqx^ME`krtV{DYFGvhVgmu+8WC!;@_
z_iOr8JRhd$nR7rJD`R-tkZj{#EJ>#WY_vqyn`M-~Q5#LaWyedc!y526;Bd~R%`dEP
zRqD9X&r3MQ^a`C!cCyhMcK=m@O}#>Q=YZZPlBO)jPP-4XX!VTmQowkDkGodFSZS7)
zUhz$|+3ocN)}MWzioCN`T6_omZIYfWm#mG8aWfv+>kD;Fvn4NL8wm%ReXR5_cITsg
zPYMP)9Y1S;Sg^VhYp45GD?InVD(u2F5mCRsmg6wM3d?WU-%Apne%~I({g8xVIrpuX
z#p1Ow5eS?6@ir&}XzLMuBjIXae@1NDzEX^=zJ0w_?-B`iCikTD<Ev!7S|(%i^|6IM
zv9zI1Y;1lLH1BBSyi(!hdqQVgCG<%@TkfyUKUcP?Wik#?ZM0=*ymf!7!jgtBs+W-_
z*7FJEp|-c@9lC#-dQu;Z!ISNw)gB!1Ro6@G+i#&PX)$SgXy<|hU9OXTFN*aLyFd9r
z1Y>#Ya=|?wFw`~omgRFE7H>B#5KGoh65fdBIUclgp}}?B7uAN1p4w;k=&ASaX1s5g
zzsZHx|2howB;0WH!gDNn5}>#Fc`Mu(aExH5+hDJUkq=qmuhhDE%6pyC1~9`1VPRJq
zXmH>4IqYsbXbmUr3~0yPl#Jh($vLK!pJI(3;^dQ6#tGkR48hv@nSw8U)>3b!_6rsM
zc)iEDPYr8zHatz<h$FW9W7=P`@$*KE&hXXSt#pFXeB{av(yH+YPg<;=jc&Gf>K-yW
z?wc_FU*LHHbUI|9)d4x@#~@>yyb1d<W9euyYk4W<-yDc`P31o`&^oH7<o<LUd1ZJ;
zGDdPD+!t;1X?FON7Z-{5cdqAoMKjj@KRD57Z+&t<*ks2$RfiZi(;V=WcRs}*(q2fx
zE4rAmY>Zg9c`<d<L|*NcGZP;7NzhMgzDnVrkV&hA{Hb#lD=kk|m+#}8C~B2|?6iK6
zeUT`eJrK0Dm#uim>w6gXTbN@!6G*dP%7pl5F7usE{1{)u2fU`r|IFlD#mbGdaaQGT
zDT?-(X?N!2M6W&d>;qy{?#I4R<w(B2TjUTgl9!zgR=he`Oq@HoB^b$@UZk9bv`4mF
zar~7xoQrXulV(fIkyYmZ-ieMcWL$}Ues0t6dhZ0|LMOa0qn`1$x%OJ;Kv;X&i63l-
zzSHWzmc!;4E_~&`!YcEe_uaNKY4uKm0B&hpSiPw*WL)6{|7F+n{1LIsy^v|YDwmo=
zmNKZh<Rt8V__KbbAz_ZSq)jkqF*wVawaSM+5k4ud%FkS|3d48U&NC_u*6Ijxt#D4?
zo^s=iKwQ7nZl7rS1)RZw{wC0UA5TLtqCe^>b${21o?6d50_JmTJ~OH}$Q&f$=o3Mk
zc~8^!;b%XjA5&>Ky>m~EHT#hy{+5J{TBTg$$OrV)oRyqk^zk(uk6iXJIIDgD@Y1&&
z#NPU84{66KyP0E8=6?;u+{Qgl^2&PhByXJM@~kgyy`jvM9p@6v-)CA=kz+T8Fuy8u
zWRizkQr5P4T%46g^%dZ=0`w7ICv*?lm%+!{<{wCpJc4oUBH%p*zTlnaucUq<vnhL1
z1{eu@m^Ov{%p=7W*Pp7&E#DJ&K@#Wnndxa$)Vlx@pJnmv>raK;gMm+<mgW3`{W8x;
z(#9qefB1~;fr$HY<^~b#bmYE(Id5}q;@ol8m(;};!V<^C1r5$ijNKE!{U8T?!7~Ts
z{Ymc#)}Xby;H1N7JD{r>7#AP(Fcj^)yCP-GR<6NbXDD$=13qPEuDHYE1!k@=w$RI*
zCG%nZbH#OlLmXt-#X?#7VB%!N<DRSnXFJ^2Oj}wa>gq>|4b98N&OKY0KLxIKH*Fvp
zk6HJloYV9f`_a#RfZ<sl*D2Oz<csz!vfH+k-yzrod6-Wy*5km-vj!fjePcumbG~ce
zTV&>5N7dc^8DyHsHG%WSQ{MGQ!0C^%tU_6XwwE}!z2?{$y@JT=qW(7c;hrWO@>Iw<
zjzXVm@%=vh40*RhX7ip?9enK=(*|)@34D8z4<Bz-?~VNq>a;@cJ;0*|yeMOTtcT}N
z_S6r4i+d0DiEBnCU&(ww?^>8^Vj|z(e6;dI&&^naI@53Q95xd_&ULP(<Y(@Wj`KMZ
z_T*f<k4pd4V@h{l?+edWCLFE&@HrI_J5#RWtLRmS#CeTr$48}q^tYM0ps%YBi91!@
zc{Y?Sr{dTz_=^v5UevoiXMyb<9L80?n05_pCJfmRDRx7j%DaNh;oGh0iM29n#<;Ei
zHw@UYUK@z%T`@P?oW-?QMkl<)d9OB>dV`FuGH~v~mvWE7_#C-e?r9F-k-GnscaDZt
z=by*e4D}(UjW8|1`v`ur+8^$bx|8T6N3QkMb)Y8i2k^C*fqpTb)OoSOpX*sUV;M=8
zevUd#!G!gxs*MyBAeS07&-tutCi`*_{31mW{m=CAr7QY6=JO;!Yf0bEJHF6a5HimO
zuiYtGT6IcZhhRr9QeKtDAjGI>E0;LPSyk{3unJRDT5vkrN8@4tNz3vuKdmi>9)@GQ
z-MQKp?__{hIdCX*TN|<Rz#W%Byx=TVF1{!Blxm($tG2thk&L-{Z`mSyn{Ud1yS#eY
zm<+i+@}&)6T^s~>2c77G`7$%tjeBLm>9?IpJnN4(XO3G^F6<lTIo(4qD!uM>=xRj{
zF$nGIpQ@dv@r5oS{{km{RJ{6_n7M2$`f$re*w>$|`10G_GvY2?D;;e$>twsN3?hdD
zTlse@d>j3X=WBb3@B)v(S^7NQ*|*}$Z{7h${M2Yir)vI_$Zt1@QB&{X9oj*e_Qc*$
zkBgJ`m$VCQN3c@6Nb<3k)G6Y%f#`$Xd^UCV!R{u3xU(_S{T1deA-g3XrHj&;4~VV1
z-W4;KzW{lRWr(F5bF`H0=_+>@s}6X_-72^G?TO#e5p&g=-!kv|u56qmcJAFGo~`Yf
zF~7=r2OEp2yyLhdK-stKSSOyV>4|ko>!$Lxd&k|Jwz(e8gT&d49eApaYZ%~;aE@`G
z6^!NMuB=b&JFrX4Uo{alv{<H`5o1`BhVnlOOB<$&4O^Fs@vl6@d+B4X_XbnUl^67X
zy{ZGg!_O{OKx|)08@_r>$&}t=>H0czpS5GpX58;66T>Inw2QjS6lY7K@Ev)k3}O7Q
z1^g)N9eWg`q$G!Y8Sf}rW#>2i%aKfTSn?(h@&XR>Xa;@wPV{LVWs)$tl*Ki9XM3aF
zuje|(`<J<{AK;VxzlpX!#OxDt47u<oFW#3WZ*NS$F4LJvF7$GRp>M-@rS4#uGAGvn
zzGDpD{;FijRb~|q|Ci7O`bQj=u6yQeQ2&v<AFSe?DDSY-yC5TT2T8x5D0x2jFWlL}
z`PP2!%TE+}t#Z&_+pb$WVvRhp2zSm79zK8=+t`i$nqkE|QNEccr;Stp^xyd3BT+T)
zNkJdDcn$8iA=l@0AMAwbLo`o^9c|_RX3bbOTD-YomUw0PIL3X*n>zn5;E5tX&w~m>
k-LAl1ECQML7Eiu)AL7+G?;m^__cBhDe*a&N|4t432jt`J!vFvP

diff --git a/pkg/webui/ui/build/index.html b/pkg/webui/ui/build/index.html
deleted file mode 100644
index 0ef404b56..000000000
--- a/pkg/webui/ui/build/index.html
+++ /dev/null
@@ -1 +0,0 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>React App</title><script defer="defer" src="./static/js/main.js?h=3a6ac9d7f0c4b1128b39930826bf7e86b0d25c0eb85ab83f3a327471e3913903"></script><link href="./static/css/main.css?h=f4bb44d0b6f157dbfe2a615fda4c62b5fbeeb80df0236a9e8143fc51e5737605" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><script src="./staticbuild.js"></script><div id="root"></div></body></html>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/logo192.png b/pkg/webui/ui/build/logo192.png
deleted file mode 100644
index 11f22322c00fe673d7aa1530ecfd53fbc82b2373..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13703
zcmXY&V|3tLw1!h#Q@c}RYE3(}+o|oTt*LE$YTLGL+qP}@_Ph7~NY2X2TFFk<IXinl
z@0$==X;B1N99RGV5X8lV<iEzQ|2AmIuf6=51=QC7Vka*u08~ui9RmOnATGqO=&XIN
z1!J$E^z!L(NoG3QF`7d}#6(OD8adjuH9~9&D{)MG5gNJsf*D^R7FQ6=$;rt~chm$}
zN?>QfeI4yI5rx8rLi^(Sp1sbHxjepRrplYlV8kRo&iEf>^m3#fc#ghbythAIJiJ0*
z>$!qgq+BcBVwf31A&eY@uAqnJq`?n}A(sV(yTRNw=zPe@nKFXYR?bm7(X~u8FWMib
zG=Z4yoU_+I_inoKbhj9P%0gHeZ+!#W{aBvhn0Zu!F-&Mn4id<IAwg1MR$}OZ?*Pz@
zI^D{IN=GO3;0509V4Vm6cl8F+KqLH`T*~nix$5e*Yquz$Od)t>JIq3x$MWdH_-Vr*
z!Ei6Y#99^_k!g1t{Pzr;-3$RGyO^<N#6+PymkoljH-GU(8w`8~^bPm@DJ_1CdXC*_
zgJ-AZMkCzn=p#ODgB#Fhr0~eYMq!!q=GBIU?DK@%<xR9uBt~nq&$!J4i2ImXmOvaj
z{z6yD<ixT>)gYQSyDgR9F7CMq1#>oDS9#iNoG+T=x_3E%$kma_H-6hmO+$xl*)UM*
z2hrhMjH05Jr{OmL5C~;rwYj1Z`dQu^B6jJ8($aXmS8F7P#!^e}jgy37vD^s9-0=*I
zvVVqyWsLA4je@w^_ij8)dT@BUw^K4^iA#wH;{lNN_3P<QbY0K)<u^kVUXyGTT_q(!
zwDnbFIc}$sNAnHL(x!{p_$l=jy8$XDPX_OglrI<h7Hf^OmrjrkRLG|N*s&P6Tb{AX
zC{W%Y>zO-_?Z3O?vrEjZr1(<%FtAqKfWUifaF~P@;i|3&Key|ro#mw}>!428ftwh~
z!R73g@Wsa{K0H7-GI$PD1qanAs2Gxa)m~tNOn;iE*brZd_j1jDkS8r-J^o`AByX#G
zr#iAT(7csubPxnt<T8rNwxM*UEDU&Kgl7#BmN8v~a7t$e<zCI$DwOs_q*c9zfK~oL
zQc8IovJPjp^($wYt?q|@m68+vy5*g#ME9JokY0k^>AR5st<2de7{8rHPNp#wcf9k}
z`r>u#r@Iak<EDICGBbO)5sT^cPr%->Gd6wXM!=j74Ar5;MAqVDf7eERF!tn)$7`O#
z`8E{^?2~7_fX-=5JT({lTvTBS6Uuu+n?QZfBC$x#7-&*242A5U;M_Lgax^tc-(<gB
z4f%!9f%X&IQ}kMP;SIM2%xGA|&B6U742;jXGxEpCc>%QHcgD<o1z|ruYAWZO65Q!l
z%R^3w0W>K;(K**8=E`ZVj8crXt0mXmcN5r`9bjsC^g+$#J!=QoJL<>P>6}t#(i-bW
zC!GB0j|k4sUvQ(1FHsKN>Yp`ZqMgiB?y+*{Um;dV(>cG{2h7ED_D4}A7*uaR_^52h
zWEk^ZkT1rCe7b;bUOuhM@F05Y2iA7O{soT0)0cs0t9z4mlql_($cORBGX%|FuQ1MP
zeIQx2o1pz)abORL0emeB?Mk9~nSW8F&E`SuR6Kn9I~U$(LOMb09rfOR)_rsd!vd@X
z)I`uW?TCXQS)GKt)<AkSF1M2zeYu1?d{&q=I%LSTwA7UgTn%|StC()AJnC1x7X;dI
zi_;|`0-#z23IU9I;YcMvSRCclAK3KK*l20L0zA896rLniGK0z_nX=?m!Xg=XYcV-~
z|NXYp)?qUMl0|RDL*?dks*Idbc?qeCWhRJHPLu-`I$Qe(UYJt*QS84QqR*me9eBM8
zoDi(R2wFqubW-`F+|J?`oQwKz{gzaY03#Z+s>R$J2mPy@WOf&V+Nm9rVOPtu-4qx8
zzmwW;ugCO|>P+if0gl#=I(lZ)R$y90i~p`b2Xr5ZP8VNQt5zwHX5?LxrG&hsmG)2J
zamZu}X9s;3U@(DSg1Z^;`?-}?!#{GWAXr37N!5Rhy2&~%5i5)D1%@>>o(p>`jV|C0
zo@2IwdOIo~WhUi8bDlkZkjmLX%K{6;jHZo$8?_t<6KwrMS9oUD>E;@Kz5a9o=|;=U
z&q55^D~!xw*o8B>D_uDIsi+Aa9;DxMY)?(&y0W4klQp-XuwB06!K?GAS6I6caA@-b
zf*zL<fd9)$Yx$~1KM$VHKV}TL+h(PL3o|%F_<70tzX<<b=%e?umdIVmi|bi?4LOF{
zV%TryKxA};3$Xt2dy<NA(ED0l6rINtqt=iC_0hje2btnYP1l)URXXo254j_mo$VEM
zx4r03?lFL+uve$#Ogjua?Jw9T7sEW82~c#gLsCQ6q4t@J?TUuh+VVsx^4+b7Q`u;V
z`-1}bcPG#ik<|t9i)<zb_o#^AN}VV)5o43@xdJvQ)22jq5V^~YYyViBTS3Z5bZV5e
zI+o5_CkjBi24mjdCkPDCKLLFc=XbtOMb>+m`31Y#w7R;Ywl~^il+rrF4q!;LhPr3-
z_YD4{Kc>uWo*`acNoK3Fk~JHMQ=ooG$N|+9!AV`=tZOY#m=p-#&FF-Y+3!<Y$vCho
zMpVH9>tv2fyG=y9LZnD(>9IJ_#aN+eYtGqFi4nrXe3`c%7BF4P1f+H;UW-;`A0`x1
zUONOTjo|H>2bT{ewv8vD?*#zSe7Z(gmH|Ku55phvZNN%7t~0JcCXOpjPNiZZb7eFq
zm{7|8EGPzkkkA{F4l>E)C)PYwfI_WUuoqqgj`qpFysq)G`Q>axSFSC6c4J<jkx=Fu
zgw00=G(bNzjh32qwG%oGL$b^4M66-YuH~T{o8rz}boQ$M(){|ig7%(~L?sN_>gRSG
z;)RJj>JpqLF8>jZ#H(KgO<!G1nRpbq7Ow!hM`o*eL;gR37}7FnQ^Vgq!<N5vWfOUt
z&h|b`l8<=Nb&T3xcWukoUT8X28wgrQ4E54l0{HBNnC}zhUwcKR@{lEJ5x~6RdlKqb
zFCdPtWo1M&R?CqtIM|;Va94avVBK5yRovS=(K}Y&P)TW0{^*`T?rtEwdO3J;c)BXe
z`LDv+5`s<VX4?x?Ij}C!sYXAW<l?oO3=Q(rZ(4B|D?Qp9x$;~MXByP&>Ktw~)hwzV
zEnbr@{b1z)!L_=M`o+GTdtX}hlo;RP4pR@uOdY&cSDaydn8#7-8?iclf(_}7_BdAy
zv*Q7L6wCNt-T2(b{JkD_;KknW^7<@9ANqU{RCInH<nUQ^RT@Qyn;{6H=1H3lP?(%n
z#p*B<?ot6w*qaFtdZ+sC8(f*JB!a;`t%bhQs&iLvNinV0?_jLyJL;OgKN^56G40=V
za*lhoNJh4Vox~dC!rrE*I(#2RhahY$=zsv?-G(Q>&)tM3)I!b^OE2BKtR-Vw#r@~A
z196g8OEw4}Tk`p<P;&5Kv4oCrx3hJcH}k+0@&qG3n;?#JVcic5P(yVJC?6$)u+=wr
z`E!~Iuc@MuuO#<(*8BHgvsct=gI*kq<<8YdH4U}YCCsjTZt1~iig%EA&U^2%WMoy(
z^;(1|TDmeg&>d?_iCVjep+qBS;0&VK3v!zGe&9Zapiuv9OIOrG{>N(50+g?Z(g(*5
z_-u5|*cqpPva1J-iq+E(W13Puj{xZJ<9?A=iCEyq;;s#EZQ&^~F_$fIXm9LO*$Xh^
zQ^hX0WvkDxjD?Lc5Y{@0+E^>E7VsAfh0?3amahn2?{!$eKsUgJ+@1cqMoJ1{DZ}6b
zB%5RB1uJn*0FPEB1%_}x#8=>r2raO*mJT!K&vO!?S8vuBxz6{8AEl7tWNcx^!E&4a
zuB$exk;(F~T2ZKb->Mh`pnpN^zRbW63h1*0RtkH*W-iqX1`(wZcCck>$-{*cvcMl^
zIG1E{MnFiY&<l4re!^w>_fe1cssy;<aajQ2)MNN0N!k!o)N6coHDo)Hb|N}Di5t<I
z(LVc)+^dZHUbWTt-hX2Hxci#gf0DQ%2A>=vz${iH?~9@zM4*ku{AAyImIW(dgONWo
zoUZw}91TqVm4fbyzGlNVhTMAq)}5Oe-al;lc1to;*lAadTk{#kWl|;MJ(y^C&?H!|
z(CVoQL?=&Kx;+fTlQ{+K3Ry0L&xg{uWd?+QU@mSCCEja)zHrBt!6fN_>oino+datR
zc#k#3-d7BEJ*!Q7&r*+Qr5;vQiut$Bs}6WNe9SeJ<ct$d4IvBKjh%o=AHf{vV>_J0
zmp|iuzPxaMb~1O$&KJysg^8>wP{eLABH))GV*oL585dcyhTpwM{aCRixtr-3n#>8g
zY`0k*N=D<eQ^PVv1H5pisr4qp6NFGY^ilNA*>&#V3flSST#8A1Q5LFwi7ddi$nqJi
zSr|v{WU^^5!A-Y6CuI7Cx!(j;j_--=E@r2eF3CPSbYxuB3ThWhzl)KG07UsFCscW+
zzX7IwVCk9SzQ6sDoMd_@Q=!q|-q_i$9}2nNm)}2Lx!>+1jir!FY5l1G!f_ZT<-4`W
zcZQB1qm1p-xDZ{9JB9dfcv&At&$EplDw6Fxki7Cbrsgk+ms{oao>2Z?kFfhWUkk}=
z=Ja=xHDHGwvwtXS^ciO3uxUp`F~TZbfzbM);!o)GTsWXtU@XC0`zd415FYpY>zgI&
zpDc2OcE(ZuW43t(T5J16%%PQ>c?(`;a(eF<i#fz$G<@1pN&BDrD6e-!8TxBp2m(4<
z164qb$|hahAKeI2u;APKXfugNbFEpZ`%P!PBeqf5Qx~r(o(T<{H2t`(yH0^j_ff)V
zHrxCOy9Sa-MF%Gtc4XCyc;z}@v*2^IAy18!$Z?rWl%`1fRiWI`W^vHw<msbDFL#*s
z^{YlMsE&QMdDcMiP=35PW<>Y0mYZPq$*9l`EyI5A@{`NsLKoIYtMF+;<6cygab<Ek
zTDVo~FDE2E-SWt4-++95{6HBtzw1uNbThuy0x&K%#bw#kQK@RTN&FDImS_5q1t_5C
zB$>=K${n{PBIQMwTWwE@u=~WeeL(QvY4qGTujk$QpQUy(Ll&VmWlMLcX@nS%Rt;z0
zuh#pqIRf21{de@&DGE*<0QSIKurc~Lg99w4MCie&J>ND(;qAo;%?FDi!enHFwPZnt
z6P8cfz&}pb{q5GH=#M1*r`_0am5Va)7#IMtI0_y9`9cXdxh4ZF_X=LK9ufQCLD>rn
zLqaQBPk+RC65B}n;kT_b8%Tn#V=`<GU5XvV!Js`*V<_TNYEaI=Tne=1yAMqMk5VlO
z6|ca>gjZ`W_7jS!q8_S3nCvnj*&V4t8Eu7(ZLk+Ja)9c*g<lD66QlVJ?S*VhA-EgP
zW-3L^HSDjbvEVVE+F~%2P!m30$)wM{^;=hRlX<ODhg2nkiVEe;p*=UmV@9IwQ+Tu_
zGS748^OI)~A(Cpd4vuO<a=DuiQ5n1UC6<3YhBpII+(3XvqotnR8p9To=2AQ1p4vAT
zi<f>wYbb(LI^&+bi9-7)4gGaoF}k5wFcdE-zV%q`Zg8J!899@yx4Sb!-(oBK^zVc}
zX=xi(t(CnCyMM+M4x0$xADO2vfuerIg?i$*>U$|c9C&?VA9!AV78q}#GE`8F+dt7m
z1#bOO1%mhbD66EHVq54#)`s6bjD<3^<b7qlZoQBhs-#H%4)@%NZw4Ww_Lf9a+B!Cv
zEj$Agv-xq=eG13e?+a2BBHN$Ut#&e?N9kg<8}of7TJpc^#7z!X@75f3qCVA#)P@1G
zrz(KRLyXE^ifBL)D9D53Ug*M}*|lF|xss@h^QL^IXdo=JQ!^nWV{0vPo_mk6B+3yc
zpRO{^fzJB=0)MNQT9P+z>c59++dG;YpU7a7&$B6&cmv8(O-k~5Z1W=k!TTSx7MK#;
z2oPHVLXhiVOE6X0E8f&HsZ%Fm5m?BZ9+kfTk=hOKsZe~iq2eCPoI})PHlQ$`sz&oU
zoP~Sm@NK+ero`%xeL8c_?-oIAC-MgADoIGWIjv4EJkgwc0UeW{o1gM3OTg7SlvXQA
zW|#h*Lk*+6?Rk^TDxFE{93J6k1E-E3e0-mcDy_!{hN*hIV&mv=mjQRVfsK`E%kH!o
zp>J*LZ3TpC1$)E7u9J{K(ye6zI=lZUE*cwPpf5UZbC0P!L}NBc%o8eRal$UpS?gOj
z16>m-&MUuOAr9{fzZI=d8-*8V^phaWU<$EZbC}(AQfvibdO=&6*6W9qo3m7~twTxB
z8WjSzB$bU6sQ}&9<SSN%ALQt#S+#m)n%lV`%4kuNIs>a8`nBy*DP^9Iu(Y^QWS&O2
znD}3r(~_=NYOr1sJ=shY7ml}&82F$I+~E3g97w=LWGyFju}f@zu_9QUcDlq_vWY#!
z_nvK@+c4N$K2IOj6ceo@+rT2y9Vb<L&z)>oos500f^A*Z8S-FN@xFk=Gz!ahVuS&B
z;t42WANW9EI>U2!&Nkyq;j=0&Su<5cjyl*IN>&Ig!f<dbf_JfnQE?Vt@%<Z%k^0SF
zU80oAvVpe?p5osGH(YIc*}`Xpin9pqnC%JA2i{RZHV{1$3s<0Bz{dsClQq;wYEKjM
z2U4hFCfwqA*vL#g<Nk>wv}A<2?K|0ABq?xawWy^t0r8KNE^^_fIcG-jb~c=hj{y&0
za;0J}%m590D8p7cfImyOWyqi!w#RaGY3JD-7<aCE*8ZJJFIXV1yD<{Zn6Jk1$y_z=
zptyWns0kwcFV$gSMiu9nB|Dtxf?hh);OBWB6>#N~)#c!uGet7Sh3Ne`4oTvNno;4`
z=WO7FIT;p4&q~kXx1Qd}WWNBv0w`glOvr8K1`G@y&kiyrDWyQMJ-T;J(CK+Mf{eg-
zE6w&aKRC0z7Jy_8m`HTT>B7o!`iWq7<7G1^iK4D{b>SPyM;?Iz%3<vp{6-AKuLQCe
zYu$Z!5_yw<A(p*xvEMMz#;EblFL0;qfg#9I^uPl)8TN?i5@>0|t+gX{y8QCIo2ea^
zASx%^I}q=VTSopQ*@_IteU>n#e`V<FQnHmYWP-@s3f>!6&@X(;f0~znTrD~>5ChQR
z!S3&#9wqli$aKQ2SbKZFKg{E9g@WEz#e7APR8O^xSmtxq&tn!vCgCj&k^n$_Wq;zA
zAM`Dv;VH~GnZEgN+f{tP6GI?QJ%CAn<L4l`z7(E@MlO)mpmEce*I$YVP#uE06QI0P
z-AU!@v$GW8`0rE4twu=m>C)TK!g(l-IRitx%djDsAT3SP8(raAI-V-XJPO#E7uu)q
zC5$n<^Wi}vP<#<2(vH+LMoTN9q}D1A)V(1`*&-=i){4-*;cZeF2-e<cjkPp7v?K$7
z?4HwUay1TeC9FvCz)FI!+Jr}zzI+hm{Tghc{2Y+gA+mI<wdm)(_I<(BtE0_E-NRxz
zf|@FKLR0J6uqjh8$V$-zfzQYhrUThinYF`STX~|g8*W}<_E=Hmy?Z4JJEq@7N3}%&
z#RwX?0i`M?SUV{*gO;~7r$UGoFsL)=V9bv<1d`<WtH7eUPCQ+Vq(Vw0SBtNoY?u`b
zFr?c<11N!jHncVs1}mCTd$fSrj=8r%sOp>!U<;2#`V;balnGP<`|Sh9?U$#nvTrMq
z2ZvdG(bpSzWSX=I^9<1%KE*Fq^dfkU9l%0~;KTQi(2=GY9xApw<-xM+u)7awFa<t^
zp}x}bi+%Ort@p-!v|K>N$5>r(HwEOb^^?O96vocq-^A~aW7ganJsxg>my^}3eei%8
zyRcD;3X-a|zRxQ5k>SmA{5kCO)4khDq6fAfq+9E22pk~A(|!L<{M-<tIA33o<b|_s
zI6wOBY|8v~DYvjCu&wMCA6%Py*j7yBEQy*C#ybT%>Wi!yUC)@1i*f2chw_?%TD5bN
zOzu;LoAxIo4*TOPVjnwdRe;6}{8+QQ$A!4o$~Fj;p&j~dsOJ(z)R(`Qm7=T_@|~jk
z5`=4&X3i;>%1#Qp9Qsp4m2zOLh$ho9^HGo@wMrANpx9y~Il-2JS7p8+{?^2PEe5;A
z*Gp0%DHEub!<9;f9=fP&6#S^}C{$Rh7zQ5_S~(vJe*B(3nne_Z=$at%l2SZv8G6jl
zr^Ddx^bPGAek=6{ZhRVX7d&mi;x8Xs7+&(C6ys0NEMd4Tyq*G+BLPXoXj3QRy*}Ge
z*=lh=`GAs=5utG-2&LjOb!j7E7hr4Jn~F<H+vp8mm`fvt=U6xwN>BgzR|P=iceE;#
zWQp4yeu~XCS9UAPWKQDu_zkTa8P;zF#U@4EukzvPioqG3@f`eGnW0`+fEdKqZnW$p
zu8zsN#22ntJHfK---fqVE$G70I3CaGvof2*<-SfEcn*nXXvBq@B!?_wPbr4fn}?Or
zM2py;i727GNDW{Pe9~!tQu&!FNhIk}4K1W1G!5a8fLXvIHK<ocX7cUdy&s|*Gk=i)
zY<ZV`>)953L3E>LudT@@oaZFbR$=kpCmi<LHd!-kF70_Sh+=Udi#+Kj2JxRQ2@yGn
z2|+Q@U^sq(`*@Cl)A_ukg8p@}2&b~t7j*2dKa{}+QHmdpYhhXyZHXn;xfF%aQx`s6
zVD1@i!UEw%V4o%hA<8{k6`CFD4u_Ba+iZn!`JEa4+XKq%s`d^AM&7Rurdh?h6RR2^
z8lU(UPven5>^sIyRT5P)U2grZ$FJrs(Gq_r<-BImTq<%Y9Do)7J5mJ976Nn{_OJnA
z1QRk=jM_Pc>KvnyR+Dv{<1q^kR9AKv{)VuT0e&M<v|ncQW$~4yMOhjc=U}m^-d|u2
z*7D?Zf-TJ;K4dE=eM4^3TgNkux?Qc>(^K@%?rCBu7!eU&hg&VI*M`YsOvIU%mlhOy
zPqT>jJ<H_$kZB}XR)*>-Tmcu1Jh@N>?pUKxmKU0_!KP(L{!$Gx6d(8dK1l?q2a1N4
zi@i0ryR@muM9prolt>*JqW8-NaIqGPbw?NA`foj$fRP^x43{-qvyH(#N4IQ*ylI(|
zdKW07IMWZk;ZzQYU#pONxuF!nrC-*r6DFR@{0Zy;!4HgPC0<`ofx00V;8F;CFqz9K
zu4&Rsd=`F^og9|F@^uQzn|Lu^ptrSpHe&EW5m_WI{}%>+tI=!;3KU=aXjXHj_tC<x
zDdkX|Y(MsL@}NR$xXEuk07S0Mb)atchw>#gi7&1t=g#kJ2RBkgZ*@lO4|Q!(^KX;i
zw_;3i+eDsvy9P1FV;L_w4<SkJ@R2xofS+?=F_w{ts+xWFD&R@@IOb>0Fn6I!<*p{u
zDRy4^94Jzbsayb}ai#7xu@7BX!35(dCTM~)*G__?m?rP-3k=j)4Jw?g14vd%wHk-u
zt-QPr3A&ELag(@iVHG=#^Ub$#!@~>a<l<&CIeML7g^(dcE8E5%L~n*fY+j%Ee9#ro
z{ALGXmOuWDlOv~v)yhFTfn|#SikwwWTuKALz2^iLZMwzcNhRT}z+}_oL`cPFf*-v5
zZM)wBgyp;{OzMw$!$jWNXUh23qc<3ZCotlB$d8AAmGW7WYmP{Y3z>|22b9#Rq{!40
z90vwj$rMoEfG&aMNa$&I`*uzRBl`9S!QuFzn#{Eoa{hJMmyMXp2&N<6Qf#L0ElM3q
z?MlJ36MFJj9m~w*G3BrN{*xRKX-{6%CcV-5HU!7q?JJpdl|6<gFgE7PUc~kS?d#|k
zFd&N8V6p&SA`noZq(<A(sllS`4-2PMEk&u#n@NkIp^<HRSjA^eTwq4vi33U$1H<YY
z;q+rMmVKBMcLP?>IhiQwI#;4CP3aVIyZjp`&Z18iJg6N#@t@0jvSjwi;#x$ldZ8n8
zO0H><4Eir>;Y1*%;s-Rn?<baPXjr$$sr?fwRS7zjy_$iqAey2Bph%_jNKw>~$ZQir
z?j&`+5jT3B$5lfB5Hg(E+Rn?@{aN}!nM9yM0SBDVEc?_EV+ib7H8ASAAUHm&@7+Qk
z1sSk3?n%!_$TKNnt{Oz+o?gjy`5ej8NKq`>iHI11F3QVFrUk)}pJw`wqTKIGN4t`x
zP^-M8)<M{Lu?`Y-rT52><3TC@wPW<eYi71QewA%p-9GA5a}EixrPW+Eb`a?1)*%%#
z6xxx-Peh3ZtNsE^X;V40ds&xrZLFLu))Ay(=oF2|{s#*}ccz>58x1O^+GXq2D5Z_o
zeWIr-+llKMr=^WSe4mTOGOyV6YL{<7H0Q5J9E>}oG`6cIJbk&vB8&#1HI^;g&8~z}
zOtyJn@Gzx`=jbAJk58m}i;Ye=IL{~0%a10!Z&)CPi6X=v{4aUEQ20n-I!`|iLtsko
zMIkM+aUvF@MER`2Asvn*{u(3jzZ#WK^`so(zWE4y&M7*V$dX0En?U#<G=Nhoeo{Yt
zda8viCUi!vqx-zNzu}Xybyj^fVy*f3ne{ZG87Av%PGF&xGpo@}np~i+BvYK(*shJI
zz8jXm1eMSzg{opgM+CvNJr}K48c|!RBhxmb?R+vUe`Ws}y!ctGfV6btqT&Ah%K3I)
z%e1-H)j35&hP~WK2+1d*yJ4c|dH%Bn$Z4eCv6Vvxc~(rY_6;PjtJjLll%r@ci_(D7
z4p3NexW3(>VQKrge^qU2K*a1K=TB+>@jgv&B00@0uC&s92(-|`t`InVCjikxiAFu*
zMIwj<(Q@t1!Q;rPvOTSIK8bx^QgE4)p-160RgxYrP<)(=#op<J%)6c2ch;mN0Ldke
zHmLrd`zeeyZOrh)j1~GpC4M*ivn^!v@!1-hd7Gw+EcxtWkREjI6MJ6>{&abA%n<xc
zPk<g&3nptqtq{vH6PR{G)=R%^0-=1Kns5zgE7Wb=r<lg~3)=3vct=!eF`l+B+pOi5
zEt2@o=>5fCKf$LnqguuA+WF&kHo%0R5ymcI7K{=Md0w<E|83W%m6s{6s(wpD5NS*z
z87n96Sr-!uiweU60Cd*>yZ|!l==nO*D<p1ajWSGn=AesyHXJ_E;D1kd4KGDK5xL(A
zr;k>*h5p1|YO~;X&O-oQJ;IJo7sTFytPlWlRe}#XfKj_;{kzsS^7#NaJ#$r%<g4e!
z&@&Ecf)#oem@bIRmwI_t_4rjnboosR#TfbZLNE<sYfpbz==D-dqpn}e3(w~Z`)<Eg
zA+I7`l%LjYB^x-k?lJD~dYpffkb5qdZtor_k6v^YZdY?E)QFHwGo|zEM=G&Xdm3l_
zj^EG_H1w&kG8Vwa*wItAp#V7)7Iw4e{GO<?f3OmH<8fa}$#@wL6n$R#OXtcFlheCd
zfbMepGL`?--=P<IidWxqO@y(vLLT3L|B_PBMSdnR*_}|y)&~WPox~1~rebHar`Y3J
z13&q)yujL)N|oQ8_*e8#Bj6ovbuV0CXSsk6xCs#)7*R}pFtOGK(%tF&?IM^sDY}#y
zg?SrnW-VCa<X_uO!&NS6fOjLReqhzrU1(?@!exs6Wc^E3);=Lo%kU70Q5>DPk9M==
zte+1BLBz~ut1eVMuIY#ePzXXAH8N=b4_LyBZ7hV2*Re3lS;nY*d30Ii#zQGVYF#B$
zBl&<8S~p#O?`x|4Im<}%jl|Yq8g-pk`!7A}A2_~^t<Yu{QV=)Fd?F`Kxv_IlFLH0a
z8*01XgHoE9A&8aLjJ5}H-$R9|h_m!b&mncq!xl>;)P7z}NBI_+tHzrVD1GO*q2;rM
zph_6QHE=rQhQ3l@+_^`ROgd943qz{lZ1Sj{RXc1eT|N(12N>9(i+V?x2(MQs8GaGS
ze?}vvB`BxHau$bTk^3ir$xezbAuK||WeDZM7N(J_su9#zR-GWEkHfcRD^J_qS`Q__
zLq;g)U;tg0INzJAQMF%fX`K7PIy_KC4k<VI$~IsK<n9cN!w!-O^UXU>RfFBh>#Ke+
zyE)`Wyr>5%+}I69`>KGLp(A|EJ@Iw1W$RcRs}4d<ZzW!K!%75Y;qo1!An?pT_;}N!
z(Vwvtn1rkEbJJi7MG3{m3cb+__oB_8tg}#ztDz%we6esdV-A?TV1XQfo{@lR!hQ(G
zRWXiHSUOeo_Yrm0aMC(5x-|Y@y%eeQ-7BqNjySXmaK86MI+8;d4!%;>D}M-VL>B?p
z61HQJN!tucMRW0_H?afZ*z3rh?6QFm$+B5KBZ>6)zIb>>gzygFgaI}MGtQOub3&(8
z636-JBYB;BABNB6XHVoDTVo0|J+x2GjO1W~$Xzb~>@Y<0BbCr(;6AQCAu5joRw+2#
zW<6Jt1e_iZSU3n#iQqe?Z@aB`tpt<pK@bsYb%~&{k&}2G3oh6bbTHYhMlKrpTRqGA
zbry>!77#<qHZ0!^E@UjUMl+yEyw6|yGH-1+b6|qfNa)Ys`s<O@TN!lf^_)H=`5-#9
zkfqXCFbBfToacOxT4GhJVPPk$k*4^><1Cf0hE5rA_+BmL_y}Jp7AJosDTlZ|M^DPB
zW}0PZ;HO4Ejb+K>8xDb7C+-lH@a#*>L3}LbZQ~1e4D~g|_owcfGQ8(!^m^f%Jxi<l
zcUI7f*<%9^=*hUeU$(yg8Zq~HAc>#-XB-{^lL+Z1#$1@NG$Pa}`qL9ZF=SAS*oWLB
zl_9N_L+Dd8d5&LG9A82B9PbhqR+)*e@P-r{42BgxV+J-7K_|D_je=MVGzc&;z{PR0
z4sQ*Rm^Jg0BcmVG<za0JiKa-?->+!g`ln2cjw?dy4cy6<)`s)e3LeWb=aO{K0)5?N
zmS(%TJ>H&rSwb9sQd<3asByS$DIe||>6B7Geu}_uBvp;!$%uX6+j4l%TKP6Car5>&
zzKRR!p<K^@j8sa<j=Ei`@yqR`HtBO0s6l-0%5oZ3c3Gawcx#uzR$hY{(L}LRwwC=6
z)t0DT5&tI(^b=H4jmePwujQcvXZ$>Q|4k|wI4Aea7dw*}sny}2&>^XS9D!Mp_jQex
z8;li1sLOaEfwQGo4A~1+Jo+IOz7F0}{FAv=HOlh!j7o)%(h9)0ANr4592EZAYa=5c
z8Oj-6SE{`KL-Z2MNF$u*^Q;lk_YTKIPFq0_ElSpYZ)pU*FO4h$c2vL{`o_)JzNG2A
zF@|(4UbJcS6w@1a!@1Jd2JO$^QpcDen{O;sgsEU=F>Id9HZN}*e8FviiA6~@ZZoty
z%BWBhTd8X88<m<cIdi+fJ+~AAj4O$`6+f_h=@3N@zi<^CedNJj!n6n1wL&*B3K>`t
z>2UgORu$8DMlGOc1d0T;ciodhquxal7;&MUG<s!~?+GlP!|ocU^DrcR%Eu(%`bs~G
zpxAMykJMx&(3L=7=S`)<-@&e+^zbuiW0rL!nJnLYsr|-LFUcN~z#Lne=7TM>;pf9O
zd`mcy>*y}Psu;?241vZ8_}D^vNl7wWDo;X9*M#BP14v4ev?-jytaK2nn+HVtPT~c*
zmPL-IrPfY|mQbojwbKfoeiFSBGd225_obS|R@Kw4AthI;(Y7GW6evv)qv1Hwic_Rf
z{iE&i4r6cpIr+<@*<-YVpnT^?uL~88q!}02&hF`Dl%)RiH=|oh=(uUpg&7v#T{#!g
zur~{X^gOVI^g$LdNeYI^l9!`!w{;|Z%t2A^=*(RK*XlL>akkT(XcS9$2`J`>jQB-0
zKgUo=`TZmXrPGFIeL{5vVy!~RI|nP-jRC9t6EJHQu=~AS*cv6<<J+CD#KO+Mz-z|Z
ztOy;yFQjR`QV0e_g)QLgk?7^Ad>N=f{{5!2ag-gR9wzPO=x(ao@jiTUvf_62EYbOO
ze)3jqsT5$0>}*iQ<ZyygE^pD~{BbnEEnTtd6$}2=D59&1!x4X@ou%S>iKX_Yh%?yZ
zvNp)f$7s4R>Y3eMTh+-DE4~U}Y^63daLW-^!2{}DiOG1`!_Zu*Bv-m<O9U3ja8uty
z{-s+u9clye2fiF>@S#xHO|2}w-;=v``}5K_lHe`w*Oe1+l?wxwy~)0$FSwpLxk~4f
zUzZAynS>cu>h!AE(^x7Ly|=4)$4|I`x2BW!#-j4jR#oyQ+E&6dIk&FDTC)@KkuX?b
zk3j!!v&+Z*gzJ|;n#F6R*arf1X>W}{=;~p$Mh0=FH7WfvA59jd06*AgG~mm7Ggtp@
zc7Sj!Dd!i6?L|LqKZG|W)xu&53{iY07LvouWi|J<1<P{>2mhfLpKM+pLy13`pk)fo
zjU)Bg`%G_dIf+-@Y=oiM_@V|Rp=s&mDGqdiU&pdb-Lm=lSE|Q`mE-@Ju1zvJwuus=
z5ndqA($gq*Y%&9UiHHYGI_#7v15qVgqlbq3Z)Qe^WRpoV3f0s%2Kr8ZXJrk=;$VUt
zJUY?qMY6MBgyWLS;$3(3U6N(INLxoBBxdStAmuJq<QQR&x!@?-F<$-o2WTL!p`VWn
zOo^*qQQfu3vb7|)6e1v)CjI-gV}XU?qxiN#$>W`jKFc6cWD6%Jt<imc@g}Kz?uU}M
z^FjfeS6Oj8ObQ-AT3lLU`pFm<?_CWRUKaCX@Yg@*l;zu75x(tYAY9*={EVcV9o_g~
zh(j)x>Wk6nhi05<=DX}|U0T~9eHM`}(IxS^3J5LC$HEctYWcjdLC=d<!T*5Qm63g=
zON&jwh(E)FWUF`Go-hfRE}`$|E~n|Hk#W|xs*AdL?PTGuVXr(3s36nXRls7@&F$G~
z*$EdX6v1Uoo_=320A$nQ+t$cXAwjFK@Wr~_z0`~*Hp3U(SUetl*F^bP=D}0p2UJo5
z&f#Wk*;2B2OB4wnt%1$0#{^zLphE4RiscdKCC(su?cHLblfm{}sUn8a1c$Pj5|>3c
z!XP_zq&e_ZLqM)Z&NM4nfFRw|5@Rn)ID1DZT)lo?!oZ<0emK@NUKGY1fs(7g%w+{)
zvwJ$xrv=k6Oyo(F#(XyjOO*77c6hA$Jn3GtDEh>4+=yr#e4drsFz}hIBxrC97jv0C
zEyVIh!9x?YYtSIup-B{EkG-bY(g0#tVo-#fUS%umYj)gVbqKoaCdR5ec)vYuRyA6E
zpg{7-p<3jU)Q_M$>I=x~oNPgNBlVWNSUHfXk$;QLV`gmiAPDGF6WvW`EYrQG#8HcO
z>X3LVMq#TsbHEVEbmY<g^TETj+0;-Waqy@kcM+lF7!s&w@BlF8So<#gHR*Z9@_r@$
zmlEV%3I1a^9~<eDpe`0t`A%yGgdQx{u*q!lVhs){%~~}6pg(LBLwETSq#24Vx!RX(
zETe7)-Z;08eT{8_!fOrCnM-v!4?uVFQ3WMp3V7xQu@+G)uyZqjf6=(!-<@&KYZvUP
z-(;(XAZTR)Ti0;vOL%X+9*fZ{TbA4Wd01IbO-e{#DmVxM$lq##`S&P5=Vh|;PeK#F
ztrs{GSp2xDoO_;N%jtQ6RLV3#XoWxZV7vHP_!7SUb(yOXmCxc=@}h<t4w!KI3EQE)
zP)031g8#Rgm=Jh(Z*LyKmeZ>R4@%UMa|p&VRWxv6Jv#guMf0wSm@-qKb>3=2OLLkb
zbU$&#TMJ6;bZ_n8@FC^VC{VgSQuRXZV*%u0H7Ss{xltz`z?n0MQ<B@i2b~4bL18I`
zr(8A4n1!5$4P>dbqVf@0@HSz3X~~CQHd+=<2E><Os`TG{GaUovixE~+%z!vR=?+)U
zJ*|@beS&TZH!v^LYFXC~39>cOim{~vQpeU)fQM{sf8z5x@teQZXx{D=fB%)iWBHeA
z%XLr-dD4agmsnIwpF2M!iSk#))OgAR$RxE4JIoQy81bJJ)!YT~!Z9rrDE@Yk!6wc^
zLz$YU1cOC^bUa2F6xJuAGBI3M>L8@2b!+88b`GX8?m|+M8QfXlNdoVhf1c3Bs7dgd
znk<q=QbW>3pirBjs^@K^H&6qEkiWJ29D)_+A?dwsNnboyT=TdPV`(IN;o4B^K$7uN
z4_8|Cyfp`5u0$VGp&v?7oP_lCiD2bdk_7GgvToQ{+#GKP2XuUC4s0*l{6ps)Lh;1S
zk_a-t%;eBC*K&ESu$>`NG@`t9ZlEBZXmtjYe5mrVBSi(R_(<UTr~v~{Ex`_#`$1k#
zfatxk^;Q|wz2&2U<%g-9;u_l(EIjwVSWMddDqGjR9Lj^zaIJF?tp1<*hjDz&_1njy
zNpa=YdPb=KVBPu{L!7hnVwWyjf&nL!{V>jtul7|L_&KXn?|EXBw-KfsGVbA3I>Y6B
ze)@Pd(X!uhD_Ac}B<@4zV?7p^1m^uE-$8Hb${}xyN-*ICR!jKLW}r2ivn9Jxqa{9a
z&9V~~QT=9r^FB<Z>jIG}Zv>qGii=F-Z`YB{)G$JL|Ff39s93RxK`k`S14B2FVc1l{
zAZu=v|MJB##q8vFEIC?DL%JkJ3AW~)<WEbC`$28EAmF|qf_6Fw9Nq+|O=RM<dimB9
zY5++bhQWG_j>Ggze8S9MJ|5f8GURs!YYpFj=IK-Ls2?n_@4xVeafvB<X&T;aRk_q3
zM0`zUq|%c>`EGtJ+6Y^D`h@3#!H}ufpNP!jW>o{SEv{7B8XunL&=)!wi}6O%t{TRw
zBy<=GKow?_6~r@nmpDq4qIdUCz+2e7vv2gzi`H)*u`aEC>`3<i3rgY3{bIlV`)oA9
z1g^oyXg&-KczSfo)LCeZ;oi5Q!t{R~nZchO4{e=x)rSQhdZ^fa;=dgIM)pJk3xhk6
zF=OJcsH#C07bc*NjWnoy9oZ6Kal@~m%a~eWJm*n)Ql4MF?<%XqgB8|Cz}{S3<e_u?
zu3v1u8p8YSt4RLN&W9fk@5`fQul;pO-lJwf0-yMuDZclxPx<`%Y)V5%snj%n;d~8z
zQPj@e*xxKP4P3B$X{I_7DcmyKWknAb`2QMwR@k~j(~nqOGv;48R^Avgt7GG+Ir6w$
z`^TN-Cc<n*TlZrsIk=HWEmnUi@9ioim`Uxx#xxugp_ZOlE^!uV0l?5kS(z(!Rj8Bp
z&1Z?l#J8J9g4q_5r2xsN;XI%Msk>?EN9I7f3rxlFBSq$mlE&h0u}oNX>CVvX<|CNC
zRP!PmWdhU8AR1s0uCU(R56`p*n|0CM^CtAA-G8?yZSjCcmZY_jG7!j+djY-wGP|Mm
zzQXsEly~kNljV2BX8Qy{bSkFA+ZC$uBxSQ70MVLT5(?0@<Ip0}oTCu4U0*i8dH#hc
zvHCAJ4liZjpOkvODe5o2SAXmuzq-&%vllVc5`e7|Z^TLZ>iFNZ2hybbHx{XpyjVx%
z3?L=qgeD{UbJK2w%;w_$gI3=ZS4&0mT<4dI48JNlJNpr~6xA~jK2J#WJ?-B4*ln>y
zKlqkP7LT1$q7n~yrWwz<+b4*8j05e#E;yh*xK0qqrr#GnXtTj4&tpoTo*d*W;Iph~
zGQupHh!%JPgR2Dj0Atl_sp<Q>%Io(MY$P_Bng)->rm{qS;Q(yPaz$?T&e(%B>^LDb
zrBHET=!p!oC6ESh+KxXJz(J=q|3rw${y)1&Jczr&;K&@v;3`a<HlCl17j{Atgg5={
zZp%44WAEL%DkwPE?td$L?~v7jOL-HyHK8kpW96<LHrrH93o(ts_~q%Epmx<T@FNL=
zPl`bv*6t5k!Kvi#u<=mjd+K-$3x_fjrARPIy>Id#>hZDW&2S%Vs&qyqp!r2tp$v(?
zn_DEh4-&j1CL~i~q+KERzO^&khghwKqdNt`cPuIkhcgTMmFP*$%F3gqT8**CQe_N`
z50a1Pnrp+4B&les3r`0(xxXAHA)RnS+^vCYjgLLBE&O-DqfUvy9h$cl<ntEU!5y1c
z8{B5ooZ2f-9{&kR=|K~~Cp9F3#=X3pqtq@Sgy}miVod4eQ>6(#nK{aoE?2*tU&}2<
z=l+HlFyHC(7gCHOo>P|{E3=4g4dd9|#B~)veC;m;u&lEg7_HYDjt&nNMgyFnj~Qfs
zsU%fNXmoVqqiO)`&qH)cmfR-kdyN{V_-ri%VsQ}sv2sqMfk~ksi;tMgilbhKdE7M=
zp{dw4=7acv88O42gR$PP)O~RJqQsmjlfa+x{E5iXHbs$=;94W$_p+vu{WNUO4{nX|
z5l#f~9HG@Dd|!U(@lkFwOt|S}c+G(<U7={Ckdz$8D@I1I!7V1Z*~gOl<potW0J@&$
bgK+1F=^KA)H~80|Re-p#v`~eBj_>~fqly^;

diff --git a/pkg/webui/ui/build/logo512.png b/pkg/webui/ui/build/logo512.png
deleted file mode 100644
index 2bc3b0b03aa840a3beb5879dafeaa47c65dd1ce7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 26403
zcmb@tbySpV8#nsQFvt+XP?EwBItWTBEi#0pgft={NOw0gC@~-<DWM>UG=g*qBB3JP
zUDDkR=V9;te&0F&pS4)RTHencSI6%PRa23>PDD=x0Kjzxc^P#8fP#NQ0r)lW*Pdtp
z3HS@*qAn)|6m>E#0{{|Gkdf5%G+cX6=*ehy-iFz<k74RgNMSwHD?rAb?x<GJTi(9I
zKB3T_t1ct?xY+J?Ay<cO`#gjr1nTUHQno6MeMS9PatjR;fk7mrYZ=u?rJ~qtH!nw+
z-c=~LM|zk~dMu<YZg2N|YgpYqU0?H<OnUz!Pyzu2=u&nUaFL-BzQqc!OQl{T&(xH_
zPZZAPHrbncFgLaIvuwEJ+Ur>~at5Z`v?_OuL~udNT{`B}ZzZ>fR!~15M%|Isaeo<Z
z13L{81GmG$(SQt$>4hYkDnOKLs54Xux3l<%4D)+XpVYbHMm`#Vy<`U<NK>6?O1LIc
zEv@UOp2=C4Gj?`p%)7nv?@xR^EC3h21wf|bs0IVDFj!f|ILYi80mY|Y9iq*V8b0;j
z@#q_HY@;j;3Gh-N(}94R3OyQU!<xqdnxVq?DpSH|6#s^?OCrC63n<2Y<G3XPo^hRu
z$PPHPr&$@%?WBPR1z9gd7Dys5z$LR&rkXh%kPiOpj9iCkcPqU^b7GW*PV>hb{Q%U7
z6@VbJ?K2W|5tf#hozX?Jf+Z(Se`Pk^W-qY1e^6mKG6)=dv_}!&jK!KKeIf6$=i|ug
zqOhH4<U<v8JT~}E-Wc+<I)P=TiUQZ3fXTXWrLL8`n;d7LZFTeFCJc?#g(86OJ3$_Z
zoF`b9&*k%q@ieU#_-yVfk`CX*9#Ma!K&V9lFs!$@bSob#??L3+H2Ld%oz@)o#Vp5~
z@AmxMZuZ!CBmiY4L<6`_ght5eSB<|s3`$3$SBg}hzpFB=nV9ad9G@iUtKwmt`|Uon
zi}`eFcq~?5$=|()!x`ADcIZ?olD?4yV1WoMfOti&f^NJSfb2RWW2hDrh#Hu<rTL=#
ze2sZ25_6%D)76#gWL=U%a-Vi_iwKJBW`@9lKiA-a%1Eru#X#<Z4!f#X>IDr#=V4qs
zsgcZmUk6MuSwBNNm--`4Tg(Vm!JEc|BBIF}h#`P{hsjK>PrXf&4R5;S=<=L)_jdnf
z^1{`+cjCu_fcfih3&^`h!cfQnVIZbo?LF-d0fZU$p#3hz+vvVMuj^BpE3WZTw$1Mb
z%jcVgSy>;V(6oxe(10+Ishq4$Py|96UHXg}X@WZ4KPbnG%<hxG1R4oRttWmtiR<J(
zlfkLt02bOA7>ttw3*_M7#OOv)R95r4_*O#yW<3hoC?*i_o1q=`OL>1rqyGIhZURtw
z>9HbfF#U@afU~CpFmw|EFdrg~-gCo9=#eStJZ<N*=%H~R{t=bpZ-+S<3fdbRx|nGf
zGI}adx67rGaOw;-1(gH>^2!*EMjAuQ6OM1Njq*+NewdhYZ*3{tU(olg*lgd5Kb%T$
z$6%s((yFMYiJ8MC(^)||3&RxyusX_|TDDqz=I8azwIN$~Etn<V9!%Klynxht*W_$Z
z+K8Xd$&9E>90gbq@WLR7MpD2WfMu{E`vw~{t_>zlWw8vrPUU8Hoam))UmovdczD{x
zjkR#)g@J@C##19Fzk$UHLEY?1RTk>@utKYrg~3__-4hlD-0YzZ=Zhlz%&U7VtN8jt
zvOWUAH{n?HB}i}Hn@9u#Lfv&CB>VK|1LBYO=Y%TzN}0WUED`RIz%oDuZA=LYIxP_b
z{J`Lw)?)ZPp5x7$b{~dsa#~O(Vb_ImJ<Y%4eix~RUsJ;UCK#HaFtjle{Nx?k)hCRd
z7e1!dmD@g=@jI9Ol3%(A8@bVdG*MzG3V=i(kpn;v%zDfs(xj#TO~$$Gx@z-0w$1RA
zpyOgyiY$xw$6!i}xXZBgHC{+S6*(5b>B~J;{R^9QKbT_3fs<nmus`Lf2(gXyS9gRV
z5KoYuP~*iH`aRdPjsCtF&d%5AZjNNGJt#T<YG-Z#{$cf4ISUDB%1%I2hW!pe0$?k5
zT|`ke>gh_$&qF=Wi?a;?71c52R@!AOk_Dj_2WoIeg!HI01#Wkw;inR$!T&<lbywnI
zx+b)Wu3Lbg7K?7UA|oRb84a#=d1vSjK?13}EsBU7833A2!Ez=B7iL#W6k-s`tR_w5
zs<-vrH?CRz)9yRqI5<Ai|3j(Bmp4NXe*&@V%Bu6Wgcdd{2SAbj;*TGblXu^B5g;Fs
zp?b7e?2jSeO4LdFn9tNO<u*Bt?-)UH4cUzXwV31@9L^dYw|==_wf8inCy)<yk`dAl
zeB1g?3-bkOwiQIyirkWbDo_IRzt1<IXkeNW2JN|`W~4Z48?N!_xb%R-J^tcmW(;Gz
z^XhV}RqYFXv1emL87CEt)qY|Cn`lWoL&Gj3RWN7;Y(Ohuj6kCSNQbpRs4lC6%5Ev~
zR>!Hs=gI`k-y*!!(Y4#s9u|QE;93SsEYSD_iv^(N+N-tU!}5@#IG64AQHS0e(jh*-
zPdnQ%k8gf?v_5)62wEe14G%FK2*7|~C=7;>pWVNl9Io4do~_njb{{f1Uk<*60}yFq
zn*Sp?<ggfSfd7<HHtF^FCF^wItvAalWaAq(_z0lr?RNlF3M?HEfP}Lf0C7p)Blw={
zKPs2R$R_7&ZvD3cWE>t60RxGc!I_ZZgL>i?L~{sKH3hXGk#PVw1l~eup#ZwH;)>nH
z^~+m%r%j2BQQw0OuJ2v^o{t>*VuZU14E;0)pu><x5-b`4O2UPl+eT7iU%Iu0s?5O-
zGToUSjzxZ^eH1GThye<#!YkLoCpHG_irs#~*2>9j2vUhoP8c5|2jj#@-K_r3ijWrs
zEr#-`M1vD&mPW2WLFPw4LAS*5`s;{9Am&^|df(*AW6Tpe5P~=B_LvJ9Ao*C^hOvmn
zoL#*3=(*4QZQkpdBVprxQQB9H7FWVaf<$6Ln`ed_yG|#or1K?xAj@RFg<2a89Ld57
zkXR3h@ijF1iVWmb?@zISV<!=pWV*!Ft8A~BhX4h##t{OUhTcecg_gM5lK!79K@sA9
zjs~i*L0L#pp+IU+!!5mbhnkn-rdb<Zc%YYG-At))U|?{>hP?@3&Wx{v^3&fTz~B|S
z0F|SK4O3T4`r6UHMc~0^pMa-yPCT~zNYQA9b#yd6m0;||QDDH+w>SAXNkYLF2&c0E
zO*7#f+o174Try=gMT5c^h(`}a{(qNZ&F42*XDvdgxIex)(x{kpR+D-oH*&>O7*;LS
zG2taN+Ys|BJ=spKNRj__x{Ye$kv;M4iaI7&#v_6NcF>*5OC>%vwS+m+A$9wQFUS&j
z>QHaM3w%9^u*SQcuD4*qI{Iju_m^u|?wCElb&TG_ylaqckTA{ngW6z}!ly+xg8JGM
z`wFkfVLIM#{l0(bKkJ%?Hr|J`|8E;<B(@#+j&41`@IIdrs0P1{8S~L(LO=>T>OKe?
zP(+`~)R;9FyqX-3`#Jmc0UQRJ6C|?OF~t@-jE@+@q@KS4WdNym8zj645CDLbfCv7z
ztbWfIOuPrz0p$v`!4L#I80|N<hNoC}<jOl4JMVT{UzuCIAN_0MS04SqEA$qqC5VTn
zGV&adH7L&NVZ~*OV;~J;_#LQ+=1>@vHGRHgF|=n1JC16)hw`_~p4^dP4SW0+iQosN
zG&+Fo`B%6xO`}nR)4^sGbAjalG5uH8(4#8+C<4D8Um|-i5|M!9MP6AeI2<OAZcn+!
zXMLSl#@1kNO`@Xk@rxLc=Fy+X<=MW$iixKSD-pnC)psITD(K)H6^T~SjcnkzhttAZ
z>%+OKUTyWa?t)hQ|NXyqoqs6r#Ge$(?aCz2tVz7Jlj~sttq+_|xan3b;0{SWd{5p`
zo?iLH-98{5B#t3SFVBzH7!ZyM0JKqrH}zc1A}Ag?9Rl8)*}E7Y5&|nb7`NoyS-i=u
zy2lU4%2YD9gvf(DkQs)@U-2LZG&(#?Zbp6K4Vs3b)Zm`}pkf}~g8LvG!FB2U9I59z
z=7H2mWEi+7N6Z!;lo}qM)>mW0*K&cUc7A0WU9o6Skn<0}4i=2-$@tzTUtjIP=gS}y
z?h&uBf4(q4u-4BCI=PEet+iRP2@m`BF>5!f5${`SL-tHR-?)mSMB~V>A51SA$+*@R
zGDz$j6H{jFcpxrP5jkCpk@vDZ1BC5nUe*r@)HUmip(>snT9b)Y6Iv!z$Kit8-<v%c
z0ZB!_@#68o!k>o`v?<cz`0gZTGL<y0b6hV5K6x|3u@F(uh14XU!%ym$>=}6+^aiu8
z%T2fEf;mjs%z0tfg=>qnT61?jH0m5iYf6-O`)33=q5F1)&q7P3sJ7{PGG5uI-gs=Q
zWg-Ra_2kxwEVzEi;L5UMUEGX1*6AW0v8`ZNR*`SM4|#rVn94xe`^}48`iAXLiyYp#
zFzn#q$z7+4hPw(`y=ys<t>$MnFEfMDz#dfHCduP|hQe18J0maK2HTWmeU$1(f{5H-
zL0&K)(4l;KUHCi-sJI+R3nq4`&N``|VRrxZoKOi&0Rk7~-PvFMg+kCW<=PuI^KDVT
zhtn^dn;;rl_IB@V-V4|WsbmfH7ot5EzKqqBq&R+Yq`d+8toK>HHuhHMqlV(#<CbFJ
z7d>hlir!uyPO+OfswwypRCj_(KN=^rTmQY0+<|fFq)sDpBeM92=-#=%$(|sJiZh15
z6iz}lP4KY^LTN}@0s>x*kF`%u5Fw<`(P%hedr3^2DR0nh9xQ_Cwzn3!qyCN@U-c7!
z>zF>Er*B<G1>K$-Bkv$@s$o}45o-8JD?ZnIH@N*+u43}58wv3nJB8!{Z!YrFXMc$P
zR@i?s(bi~jrnm*H>{hcWg<n>)QoGR<l)0Ja)GVX8c7=(aR^EK#=HW2qq;lX_>8{Is
z{fcaeo@mPq0%n1hk*7D6e;t>jO<?~SQUVF79=XO_0ZTs9?09g1^-o@`!dp{i=Y{wQ
zyVZ{0lS9+y&nQ>`FypIjK9(0U)-+0?Z?0ITojNlbSjD+qxVik<^$gp<xkSWUzXoz-
zI8HEMjH1VC%91g(ez#f78;4EA`s$={<ZOi0K9F=h^W%+K8T&Wcv<w4pt+*w47%(vu
z@|}7EpRaQyD4vcBIi0k}R9v$nf9j`ipGL9B6GUk0xsMzzFz3CV%On%d_pGNp?9uwO
z$L%%kQC;wThxkH<lKSzdx9MykYBot+;@@7f#@%6vE6NyX`Cx2H{l=&a)o~<OEIB>F
z6~Immq@Me{Pj*}@^C=on>s_{Z9i|<t*ms;6^;zRktW^WIVIpL(ldo^JojpHf1KV#4
ztC(c`l{x)7FQ;;9m<Z5oIE!GjUhbYaSS_t|v#UmX8?LR4?tgQ^Y{?=!XZmRZp0%Gb
zu!%M&Qa+Ag0sh*JSLuJ1*7%W+=Orl3(#I%2(^a?6>USAM9C*4QlP_voLy1s=q?adk
zQD*lvp}uEJqh1@$-b(KF7jSbaAscM^K4`HE<^NK@p7+Amvg<2$ynQucn``|^`{BGY
z??_VUWK!PL93XmF+$SCITO_-5(MTz65AJ8;eb-2vS`4C=nC3-jk-I9L^ngY()%Vz8
zZDSRTa5jF=b7zp$QL%!_*~ds3X4|0KG|{DeJZ{<B&iUBs6IU*0rhUJtbV35A&HHSd
z3r6clgnm`ehGko$Y$vMz_z3RkwW<I(M#HD;C#~-&mp?rX@pAV#I9s)>PG<n!#KTG!
zUTHcD!D5pkkygfQ%EKv`r=`LL-iQgm1&{h$EW>$q`J(<Cwk(D=z0$#*Hg&dH2n!0~
z(0BkLP?vE!JHLjRV|=7n|LV5enXZhr!*ESWK3r~#B^W)Csz<P^xlG76*}nyaAdS+%
z)N^XRA!_Q6y|^F0ozRnSA!40=3oKs^w=QL;g*)tRVc3E%x;ImcGAe>MkI$d@nPaX(
z^SRRtz`v}pviUd^*W?*8FR#5#|K!}4M&H5fKJC=jN)Q$&r;)h1;^2@vd&}2SaH56D
z`khDll;>l8A(QQPtS%f2Rya^DhTe@1I<Jc*%oe-)hN6mSR=h{?D*K3)Zk+DWp{Q4h
z1KC>@D1dk33c*D>^!|$ud)jPwJa+JRs0USLzhRtOmTcTxkAnE|4`VIw!mv{_*T04)
zGI~Pa7jMoqNuR9*N%R$VJzQ(sRM!`(*qQ?>X5p3z$3*1ocRDlcJ|Ka=D-q^N^QEEd
z_2ya)hb*oe-%*D)7d>I~4>ofNta?&-sz{xFNuqkTPZ_1|V&w+=D?3<K#@$p_ug~(f
z{U!$PIk=N&T6Y<c3_DhWnN^f(14lH+<?)u?$-!$6?}G@j67ft*d(V?pJ$>ygMP@>e
zyJ<gkFH#jB{UN<Sn`&hz($ygH!TE^J_3wt!ICA(k&qG<EN4q{Dgu+Jd+mN=NUuhD(
z)d8>LFWjO182RWEXd{2Uk}v@tt4Sy>1vqV=o5*7B9io|75$O=l(d}wcGUwP;N#M{F
z&+6AcR86griIX_mmTT<#V|E}O&QI{6>UMyOsJ~3Rc8H71+1s&A6^+QgbLz?V(I~ju
z`B82euywz#>2q5^CK4Yla>i`r7hL3b=1-7hTf^S+M$YX)#}>w>AbW{-MHwCMb<ig;
zK=#hxI<ceT5oZ4Ft%L*D`&&gR4v*s$dsf>seB`>7v;8C7X-f(n3j8s*b9SCc14m40
zze&}bEhWvL%?CZwe&PkzM}Eyk1aOiSlfCRsvQF?~BlnZ8X@=bn)T4y=W#<dSJJ&-<
zGWE-pd}EL&tE-ov^e}fkclzSZ$L?9%UNpu!HOu}c0tSLTO7pCfT?VNGD#li|wL?q0
zcx<ix`MUp3*Rci!AJ{7El!)%>e9(IGq#LTTCyV+Z$%6YVAyj_&H`3hdLJnj2x8z1i
z`{?kalp4iJ`w%s)Va_|i*Ad&5+@}MNy;{4xZo72Vq+Zh+5EgPQ`Krm;bL8%zTBq)Y
zHJE;Cl55>Gc)dT_)%%TCgvM)Mx0DoDih99FmqET4qsc=Ar^mbA6k4&9wbq8Fna)!R
z7na8?>puiZe{e~a90YCcJeJ7TN$?(tFp(Sf-Zk<o!~YD0H@~Pj{Q<naV~mDXb&q}-
zPYe5Azo3H-`(SV+Ui7VWPr7D!PI-W{QwWA#e7fr(?BB)b+W9g2#G~vj!52>L7RU`!
z9+QyK)WP;UEk&Wi5$Gn<Z_w{6qgJVp&FO-T$fG~aWjjOBHa7L|gimu<a}$RfHyiDr
zk9MW$${aTA#I1(WEm}|~KU=633=H6fnlk^^j?jI6Z%_PlQ_SunZmj0*&LVWspRm7j
zG4d{Tb+*{$c`Iq(WEbDS>K7>OoDL2DJ!c7Gugu#yD1ho{q9IYT;owN2Y{<RVlW)E6
zwgRU%?E?kImTeN{d9kcpbi^!H%}y03P?sLi9JW82Y)p=uL&31oQSr1WHX#N{p(x5-
zu40A@lfF$u%%q!1YLDA{x;f{eU|xhQGLpawj1d^fx*}J`%;|0!TJNu+`J^Rkfr%D-
z>vxM6imBEvMR7oP!Js#51-eAU^?gy=_w}21?{E$Z82`FnR_Aq}FZr%la#63wdgD@_
z@Z%e8PjyKHCpX6k>lr2V!fsRDrd<yUmjN7f;l(@b*Nfrgj{9uudy5{wH{Us(9~Klc
z5L8vX3PAkd)QMvD2?YuP^ax6o{vilm3bZVROPth$<-NSJN}<DV-(K?htp<!4pbC2n
zxGM0FmoAqEs_novRv9b}wZ4i%7R!xa&u<uQQ`DX<f+^a^ySB0K<mwiF84#Q^%7J&%
z5_RWf12p}QqH3Kc9Lv*Y?)m(F<VhobKBI4_uKQxO)!dNe#atRXm2_BOc|&rSzSQ6%
zxA8R%^jS)Epzy7OfhqsUkBdA<<oA}H4`bNGOyklnxX+bVewTg<2XJGVTob<0=Om6I
zk>G7A#{5SF1u9iOFt(+As{YRW>)E}j6DGb21NQIu1X|1C@{Y^uRc~V7?Lqf&HxEAL
zwyA8HD00>6#6G$dO|1CGCG=%IWp9rs2Nal1Bv_~0FsZ6!4f`?KkRRX2C<Uiv=j?xx
zDqsI{(O=0%$Y>m#Ve<+!${}N1E~#W;acOheW0V}7OY5ECB^qkwxV`*8#$eTAP2AU}
zX5qo6P;l+d*{<O5MDF60&r>YUOVjOi0abq<!my?OZw%d5#7AZXmaXf2zAyGc>KVnf
zlDyzRPg)Idt}K#~5IJrqp-R5tzap7@**o{aR*TMDwMD^}iU87xGpBMj{oMS{H02rN
zf}Exczmae<|0(n8uL(PhfjqI%X$Y6TR%8-bEE%OgpRFxZvO0?H5WhA1_*Vj+Q^u|L
zH6`)c>AX8nkfa2TT2nC#)mAaI)?T}Z%}c@xy>D5se@TQqdR7w7y;RqubsgNrQOl4q
z<n@br&i947ye~Mj-krAPU9NY~{5;bLDMd0As+*;YQ=@X98ce3P(#^9gcRhXfjzR8S
zAWze_v&JVweDp}{SS(6w!7%hDHu&JcRcCviX(o*#=%)8g^UBxb3~xE53mx@^<i$x{
zqLK(P^aAa78xkka>7<TwgXw!#`6!{tenC5W5~0$)34jN$-gX}48tGS`9qHWKFqUL>
z{1IhJ>&2RWlEetZW>@$K(kFJ=$C?Z<d%7b`rFq)g_l3tl2<P%2hOGgAn0mDC`ZLar
z>^)CT{Ah365LTl&9}7Fg<dIaI{{CC0rUy9AHf;3ktHj6JJ}g!DGJLgxOEk^WfpiO)
z3{OAKHmDI@N<KT$kpfajKa5p;{yBB1Z_Bt|S-|wfBh@QuwRfCzbP|GuKA$_VP2YhS
zWT7&=?4xCZ%fZ}@{CXnCtz7jaaqVnBxs8oGsLD1aIH3CORPYr*OS>RBwjpz0MYxT6
zyEg6YdI#p1P)Bf;#zloqEG7K#A>EIk)L@6_kXq%8rYM|UkK`k*A=}r7Dc*U7qhl3@
zo>sE-x%T}pTqoaAiq8X(X~Gm*wsAbQB-8WBknU=NwC7$gzEInT(ANS*TSWQ=E8Jjm
zTTGs_BtJlxtNX4Izt*+_-#}u+M3rfRiAyWV?-n=YLD{9FypGd6k?MP;=%;;4nK|2U
zOmFJc`R)^m*3Pv>4mp$+w+%*Ee`zgtQ9%#9uH__<TzntxVpeE&5l-%B(7E>a_wQ9d
z00EF6J{@>%JUm<^?8|tw{`4a9#|M|q^0I=qu{Wbfs0UwnZNRcSZADv<V&|jmn2DF4
z#1lyFXT!dZ#0e7VU#d8Hkpu18eo~86<LAzb)Z6*Zr0D8uMJCvLm8@yEdva0P((aQ(
zB|4QW6_uu1*CzN#2x$iO%-?by)NW8&RJuM8Fk)xv)XfT<%cyntCI>3TE23{)5JW-U
z<(_R>lhlZ%Co(^ZjC87^+}a^<=%sF`9W%fh=CeQ_X1cu0(W@3@-B|bg9Lb6^3QR(D
zxtd0md+idnF0D+nwV+<nK&Izm3h~Enq-bArpIAk1(JjxDoo{l&d0T&~OLKl!XO=VY
zD3<gtMgG~Nxnd(ZWB^voNr0Byy7fG+!(2o4#p;xs1vkA5tDjf@i=s6o@O*~Iyu_NI
z(U_y^FnQ$A@i(LAD>iAK*WV`jNRJ{BK8Bx0&rF#fR*t^?XuUg~lM{WTdIY~};l-Pa
zvLk`YBqx2LI8Ullelg(Rc1MpLs`$fF^xImEcHMf`FpH^Up$^ZN_APFH+{WQ!N#?hL
zC-nn*p5?kXh5&GTLon=?h&&bh{uozjAp~vgQ+S%|8YAv>@|sgkQx@o-ik~RbG>8c4
z@=VQpFUTw@^kF+9Z1BT1|MxnwuKtoj{(5}y8&$W{-vJz>HBaYj<Y_h8c@I9?4&Yh_
zCa7slBpYDd54Su;JHBW2Y`a)I{q@7FXFbtQ!)5jFFU381I*8iFXA=U+<wvii^Q}2B
zgY(q8J8aO_y8ic_=A~I-lEsbGS6MH44^l_=?Y#x&QSbJOw?R=(#*BC^4=Q`P8-+G%
zLnkj@hGrXcuKP;@p4KI!vhl%}L5GH!R%Ch~-e@l4O;`VnzAn(7sw|@+MY?(~RZ2g7
zk|?}Yu|1`WGP9>gCd#P)TjXm4&_$<uM0_#P61|WFj;zaTTH|G~X$FAoS<<UX=kyxa
zzki;`mrBHwVx8T+`wIT8sx%ZTe&d|4?(3e}8w@jhrM}QmLG6wASsj{Qw7w!Pvg!X=
zEt_I<p(eI7OT2R9@|&UrYkC~_dP%WU&FYv1<y0I5Km+U^qMFNo&SGU1JCzCbhP!|N
z>c>}I7<KC0fvBm_GQ&!kOYkZt-}*cDR{Mz>jMOLZ9S?bt;_gd!EuB2jG&|@ye0gAC
zJ7DdtVRyg+^rzmR(L3}|NMD|`u?lMQz>ka7T*qT!EI@~VHR2bXvx=pEcDl}gOPu~l
zJA=jfNG5wjrw<0-Tfu##FZ9%SejJo?XD8<+D^nc0+`-Bh+L-WrD3|^jkSViz{a3N(
z<*FxPG%jHpg<<6gUNl|)xv>%w)qW62(}Q83hXLGpM-C@wrV6Gyx(V&W!s`i+ow@!S
zce?`UvfO!=`Yz^1AS6QwwZAWP)4*Dk$g_nsET`C`3$BO|0%{L27GRdorzyY6bX>@?
zy+hV_;jjlIp*(cHuJd6o=V)f@xh*=le6WBoToFU|v!0_;qTFpRB_s9LK$LkB7tT^%
zeO0H>UiLv|I>UYHKl<fyLx0;Jv^W1ShuRyY>T=cm4-1f-WqA>poA!9y;|_3$hqFvv
zvk3ZMc*1I}oEHT)*PBAQ4$Wfv{o_})_hE9sZesZzN5}%5PI$vd%q>nXLM^`B`4t5>
zmg%B)HN6xrA*{VIvS>Jf_hQ&@jmL1}=E%LHX={h5^w=z1;QaT{Nw7t0pmkSY4+4-Q
zE~?fm=jE-%=b=WdSPp^7!ECp{G{1+eQb2QN)VUUm4`xnzO5ct1jbRo(`n}l=5%Nj&
zqMbckX`TW`*wt_@N?SGo+Z14S`AY5Bn08<H=j2$<u{{0dP0$qhDHZlYfm$HOpPlhj
z5DyVS^oec;XdT&a)Gy^PetRS(W3*#_JwFGY^Jw!oG4@&hzJaXmOHDj%)g)og#mu&0
zwTDt+$8)LFimeS6U8TK#@hMT81znZgka7JcRz+y|@E%z0rZ*$?H|631z%sB0EThb#
zYs`Ds|EYQUvo+E7x)e&~m<OBO`a)D*W+e|{CHp+8JmW7Z2uc`;A>G}Nd}MS=j!IG%
zUKBFIgtJRQf9Lb}r|iYu&Tp&99SK?<eymoXm24-56??}&Js~!_P_M``QFl7p;h~`;
zh7{Y=81s?a8I`!`B5wv1nH=IC$9~P2Y`bINmq8hGp!9lMZ0$)qe#UA<zC;IqdsKvS
zTlu%D!4}*NYS+0k;eHwh2v!MV9cB8Q%8k|_S_>$4U5S>OD?|M-PWL9cm*(?|Rzi1Q
zl;RzxVA7483*=V%K^r-1qu%99YG5g?@1opLvDtstRzUlg4ATBSlNk6SFfz#hIhAN-
z8U4l-S{3>S!U+cmqS+1jxiRa4cPdWs6#Ar};UREiiJ0pCVM451Euew36#T5G0975X
zamtBF3W<9FL(8W>4w<=1#p`~^JQ(6V%UWtbfXxN)N(IreB|wb};g$yI=9M3Tp}Mc&
zj#nrFjp)kZ>bLtZ&`uAfDMTKAB@%io(Ar0{S-hXH?No5D0-8Qv@T}c8nB0#qGUAPo
z@*QpZiML4?Qsb+8>S=@K+-xd8>V~gb;X%434DLDH2%RaJm+Uk`d=uF|728j^|7z>r
z>n>eltQ%{3Bklp6F&lvgY%8c&h^K>p>UKs~btc`J^<KV1E9iC}v5g8Iks@EoL&J{>
z@$1dL%BOuj4yy-rQBZDUnaW?+n2$AYV|n70=>{t2KPL#MX(bs}adqb_d)Xv-F_XV%
zvPU60cp%ytyTp_cMko7hwSKHHbTy%y-TlMA5BI~?u1or-P&CrC2R~tdZ+7;|G_z-5
zXF(^lr)xV&I|7($8PuQDyl2C6d|MVM2zkxmR2QzWCy0PB9H47N%*)0*X@6v<QHk&i
z-%lH>3~?I&!73-lXz{je?#V0+?M3k*f1jGQB6}{kQHl=kYqA>bD)j9!zU(7N<BhST
zg_{|(EE?mx8$U@6`K!FMo`|p{62XKq&0qmo&?=SU4)9yq-tuxr+n^=>Qu)~r>Mw_&
z9=dDRU1M2pM*)`K-t%=*sHgr`xr%S{YI2+j723tEEY9msQ*<HSt1;-~XI&}^4Bl?5
z^9?2Y2^#$!Mo$*L5(2HuJ5sSu@87NT@3ZO~_1~iNUHCWG+?i(k#lW%+ayPkz%q(B_
zZqY_UrSi`LAxP&jnOMrRZz(T1d;NN-{w<gic*neiTK9M247rzDA6dU-uuVV!^+$qb
z7DAhx+B{@8MC#rk8*ynG-TE6hW|ST?e<j4SJ7gv-5_~y`ztm{PofoDHG2g~~o-u<%
zx(QZ;4}!svzHulNK9uq!<?+y4-Q-p(`iN`;hSo*^ivDnWaG@hUyvNv!U+Q)}A#Xy>
zr|2Yiwj5hUu-Ve2*<YTN?X1$!wDnUVy}7p1U^wnvt#j>FI|z0WuCRY-lW<H<ZnxZe
z%|@DKOKOPVN9*01z21S3G8$lO4g025psaFZc;LrQ^U~$>cQ33OVHHLd${mHVDAWoQ
zDIALp`5oW`YW<h}iPrDxcL@Ukwu{p!qZN_)8QTg}pkoOfY>#F}lpkpQ7!KQzK$P%3
z8gJAD0<w7AbWqE$$skB$OW&%Tj>?NSd=-^sG`!Sktka3Y$6rSkfKI3@1cEGHzk+A!
zzO^;ksn1n5PU@{u?2WJl!~K}I4~O1Uwmh0TVKudlD`O7yL}{DI7~NUg#;9Ou?E(RK
z^jGuwNw(QBd|GIc5C{d}Vg1+4Mw<aKP4$9PH8{QlGrcMlJ6WfaukB)Uf*ggqgQb}i
z5E%HZz48J}n?kN$B@?31l=#+mC@r?JZqVA!qM4rJe1@p>h(c`Q!*Do5G2Tm32m(2N
z@!Upx!<p4z8TOHql7GWUK6&7To1Ec}lC)`;n8W0gaFcU;&pYO!u~tHK_tgK!VA+uX
ztG%<q<R2&5K2{aBgqgXstUx7TCZfPR$px2lrw&K>rg@pA_LuOZ7g|bBxnWo;JKdB(
z^CU8g9zu$&PrjT^)R1Je1kBWPHl^3I?bZ7znKgAi;kMgkDp?Oy*XxaE%XCaNVqXQJ
z0r}yw(Yk7JQ%!%086;t!26vXQzsQUQ_IuQe_h2eP=_h_9uMpNqqVLdoE7v5+CJ2bG
z7MnK+5Ztw%bq)G!rI=<oE(5lCi`jIB5^5t|{Pl{TQp}wT=nEalKPe}oCW54^m6rLg
zQkXnRPV>JLXs?{-L;(Rciq*S+Fhchsi$>{_6r8nIio?i`SvdE-m*EUA+li0Qu7F^#
z`qXU7FJj2WbiVhqsfv)YrgvJ`2T-1x|K$}@M3UOt>=t(MwSGe~=m+gAe|5u4<fgWw
zg<)AER=7GeHh+<RQPAPhstS}>ue{%J$0S^i;yGH4u<OFK<OkRdbKt9k^p6EPa}F!Z
z)(e^HK7I@~DmizcbCDh9`Lf}8hEg&q#I6iBI-Ct+Xl)4k?!JK7{dF2n(n#}ie{}Pf
z33FnH(hgU(K}L+T2n-u%xBVf`yu5<Egm6-vz3r<_bMf~#DjKV9AD^Wh^E-_y4RYst
z(xJg%k9*WnFX{I?9i0-N<_v`qGya9()Ksvu>DZ~58=q|EAA<AG(d;E>Pucj`bx(NA
zQ|MLq2Ps9LgNCBy59-$WrzjP!P1!r!C^6M)<W9D2{XDYTSxV3!Y|b8i%*NUo_?zFf
z$R)*BkGR`HF(=3Ur|jVkJt!$2D1*wZ-(r8vzrCknMgtgKbjk)&PK@R<c#?d*|6H-~
z6`+=9Fd18DmnITMt-<4ch;V49nsd9El(5s)@abG*p7;%U2gg$D6D!Fgzm?Blg#v<G
z<9DsxHQLv@XIa#iz@Ds>9FtvR-{POqubf&Z9HVz%MsyYx?=RSx{ZT3BxvS>^`Cs9b
z&gZU@O1NSh_1-dBdkonQJQ9>3N879e-%06_?@BjxzQl?Cg2$N3G~8Qi{Y4(QA@m6>
z{qPjTJrNQ4^;nR+cw>lvLd98iHaXdKpA>9=Rtkrfqsq<U*iY{M1{1^N!>)jEPoByI
zE$a_U5M9yLyd+QOyd8~K=_XAyqmI#WuT^*3_hGWe)hpz^vFmfP-^G|3aS)CFgQYRK
z9&ms0&v-2={)EQSR~EU0O182yCveKss79ss<#m3xY|&g#9rsL_-PKy4mDyOPn6mrc
zoUo(Rww0&`LI?=$d@*KGHZ}w5snl4rdjUBWB?6%1$9<zsd?eG#H|5R4=WhO7I4p;)
zrI*0{<>!P&VhrIGwrdNr^u@QZaG#)ggk+k~2$tjiBdw2)E_PYPLa*YlYyFfPsMJ#e
z4YfuRP9>^Nf)$y$$7D{q1a3#**VAb)3dAk#s;4LxQLQ!dsFrwj)Cgs^_|nVVApy4p
zFD6vYkNkQH_f-3ml<+sNIt7YYe-l?yEiSq}C?8*Lxgod>!Xglx7ex6grGHdIEpvE7
z!bFKoxM~NJ1%jV0Z-%jMzY{!_(0B0f&va@qPc~CwVLfwyj}zWb^H{k@6J}0=*=7NE
zNHYvpC+sZvO`!cukfZ)kdzYTU@BD-B^G6=GVcRm7lQqpF!$HuBtkqHT4}ZK?0@NPC
zb_l!%2P5$Qs#4O)DuY_MLdrpFRErWy?mhFu*P!{pk4hHdINu{%5a@Jazt(B#Fu`Z=
z(t%Kw{TiuF@AAC`0Ts71Z_pR6E#$u$VCK#E&c|USLkMOx0Yb0BkVyz;kSA8I2s6+b
zF4AT8NFHeqqB5CgHE-a}Uw#@AZ_Iu+;+>&X7lNz7Jw4|Co@q0Q{pod+uY!&|U{ThO
z@bp^yQY-ZBV-Q$@P`Ll`o2H+-fz(*gSJTJXO_SAo4y}3YRFw1}wxe6EO-${-cKEEp
ztvo!40-RT{qw~R>xtzl2M{9Znkms(_Teo_5*Iwm;Lhl|3?&VOy);p|rjBy#ldJ{qM
z!?H)<^yxu9f0;@65->*wL!*HJr2i{U<h?325MqLD>WCHJKk?ldR&T;A-1doz2Gd5`
z5*H%x-H9EGFcK{`0FwT!jp~mMXlm*qwRhf$s$UD>AgnW4ZJm628$0|Tn-#TgGO@C2
ziA9Gu!-^+(oLo%e=waya<Xovc<;R0^bf#@N(Ok~3fMUW=w3qgBpXWnfv^}nS3DQ8`
ze2T5G=A*cNpH_k4O)CmGDKv(>QLo|Ubp^C2NNLNj1-HPGrniY}Xu&ZH4+8!g9ZGYk
zKl}hMYLFC9(8LxEqQmjX?||)>f9jDts@Jv&pbBhT4xrCaeAbhr!vreP&K_$|l4XJy
zB{}}Zha(wj+3jA0yxWlNlv5}5rcx||LV+EmxJ-q?WX84<#LMUPpFo6X(_n;jkmoB(
z#MTu;1%-b129>T?EkU`>*5VT^hrmUmm1}&u>soDfT<MVfa9a>_0#LHtf}E+Ne^(&y
zkimp|+QAZS6oJM&EIJ*uXwVkoMSsHS7_8B&;;0z(5bnimn)mK^{CDWhC=s<r;5}(c
zmkIkjt<EJ9Ofb=pp0dNCt8m9o9XG*p5(okjodk01&xEA?C0nCN->CB~Bm^=-7#G&^
z<AzG|w$R9~jQ>9<Ff|alk+6#FT#Zwt|8+YU_^^=pPP;8b4UW|<<I{T_-hisr;4?Tk
z|C%RT9z$96doUt5W)ZiCHpaWU0^E#n`kJJfK23hJQ>IbDXi|;|2nQe7IHJziD<sD0
z`kiq~KklWRKJ%;1HS<~Cm3f8i2C>{gc<>I)+M(8(mSME?$+46gRurbVXXcZ!jTI$i
z(?AS^*e~ESt02r#0V!A*SA!T|Lb>@wrxJr_avQ(MJ%b^ke>dO$rkiayn%`hKjJSgO
z-Zqf~Sds4c;xmxG$4Wid*jcV%P3U)yx5ywkz{{IF<jH^aBu|7EV{$0{BT!(mFL1X4
zoGM?2d=A#Z(6`U3Y39Jx!w)up(sl*WQ+-DxVc?N0Xjz;k*r%<2hugYeXt~vPo3rA=
zv`>-hEBV!1WC{qU)zJlG44z<iO2)_smAOJ5Ngcs&K7@4qJ`cnh(fhK?;20oan=jjb
zjlQx*jSOA@8cwVpP8>vXHGgXfpu&}2qKlhyWkA-mTVGQr3<muY@AJ70YAAB!rmP<b
z4+|Kkw6t`P_n;<Q3-$ZRp+@_^wAZt)j5ouP{R(tNSNke8kg|~*>-ed}9o$m4lBT8b
z>X}dFLBt?drc6)wEdpp#YkJ#!b&x%&I;C9tAit5hj8Et;T$S&(+E+KWn{y{>^zZ`E
zq+%uIVF9I^HRh#e0|sgA8M;)<Q2>{LvBl@9nJ&TtNwhymot;BC9T6*tk9&n~9lu_2
zX*y{fcSr|bhD6!~3=P;n4}2pE`Ulub1j1O=a`fZ}uJG)bvlx@>kmxv-OcfB^j{g5)
zsaQZw9SDwat@j`+enJ9iT^vhFD5cQgAyU2zzP-8PkzSBZf?ksgPt1S|^MJFykou#w
z7er7+5Y48Rp)B9a1F^k4z4h*{&+}{Y+6}SK?!nONVrj)SEC9uzW7@nFa0G+9+ybA(
z(Q})9IRq{3<5QD=#BWHjMqtuptF)XfenZf3`&rX(*=j<N=F!E$sFLTY=ctm^3!7GM
zEGBphDFi;e`t<c03_KG7@C9&#+A_Qs7*F!g>ca7pioswCi*<#3hW!&%W9Y<iu8`5}
z6y-xKHWlR8-!<Z|6f%It<ty~<{_E}#iqWIMIFN?XvZ#_jHNLA!sU<$Kx?<KhWT&$$
z?0q%f34yr&Q1HU?{Uo1Q6M)W(mYpYgLTga=^4;w(3{d2SxXR0*qaD?kV|ZNjtVrH6
zM@ANqRPY%#5UJieZ^4vik~@Vzchitk0o!BX-YP8gwmfrb7&OH=JDXU&;s3BO63XWL
zIim8=tc_kK;;y8~5IlTBx^L1T;uXPZ4<n9g^zwK~z(e=Ep8qH9)_Ys1t>a-r(8*fc
zug}<(IVn(AxZgkVym@_HCu)t;y&=VsghK)bt&?f<P<g;a#6l(Ye=Xt*MEB@33_7&~
z&UV8D+xQH6HUxGfIW4i+-ynT7Hw=4S7Qxa<wR$gK`o$95HG)>qv&Sm2D3Tjb<{D%Z
zTvJ#2+AI*ZQZU|^dITZ=jO|8l(FI%qWlBfxHglLu-2o+9v7Bq<*Z(qORY81Bp8El=
zcgh!Eh4vZ7gTS?G(A6u0bK}!(5a^>yp3Ot?RB=V-EhF4k(O6(E>&ZteZ-^rrEelmA
zx+<*Egy#g{t{+0yB?@HrgF;*T9{DytV28T7JZt!+VarLrPOB~-2npbTyOQ_xg~ulo
zB`se@vO=0&RY28LwU7}a@9FF;6ny?mq|hY%LOa&~q{=H|H_Y%H_5u|I<dpxZ4$tAk
zL4~YaG?pKvd`s`Ck~q@Eb<+fhwx@Q6uF9<Kf>!M6nG|f^F}Ml!?i2^SL`TAKFxv=@
z%KH{TK0w)X5Flr<rt1Fr_+8_iCLECjz&Di|_)S_ZB}026-cxRkP5v&sX2|#7WDGaE
z2_<fcqv67s42mocZZy3$OMIuJFet*4{^L+mcft5fxT4Wwb1Qj|w&6LveC|xLHg}%=
z<D;9R#9Dx*_G+ih+Vzm?U&U*bCcaFjxt-R6M*&_DiMKB9xXdjsL~<t_@ih;Jf>0j*
z2ZSP6bT6Uf>=(Wag3#d~Ev_d~hXN{E%feg*es1ffq}=;)krv@9EE$x6BBZ~b{tssH
z$&o4y$Vut*rd2Iz2-ebk=OnzCuYSiJQ_{ScO<VtgzJFJ-?P%@v#lkd7TiVAx|AYGe
zqG#y3mdP1X_Ux{0*C`8;J|a35$d1wr^VgZ(Q%%T_$P%ts7MR#<_Z-hNik>K{^6rk*
z<c!FmiZD+dA~!u%QW^H}E@&p>d1C7|UYSWm3Z(|-HU&L6w0p!PX+G9qRL*jpuisHT
zuRohg4YRrM$dZs<=Cc{<t4LK8yKmw{*|QM8wzUcRe(-09(m21S@@^_Km<>QF0Z-=I
zvmZeu;QSB>rTv5|{xcXsF8T7#^DAm*$*iFy*@@Hs{SX-~15M3yU+d3?PdugJ1Xk{r
zzM<4Ym5AifU40AwKyPm`gOw>7YH1uGystAvmZw+a8=v!On&7_$=yV5Yg+2Uu<6!+0
zx5O?*r}|Ll)Bkn{pfiXZ1rM_1p?CKr^m=#GcpxC^c#1M}?x9==3mgRTUj1NE&^y`!
zHEj3i@l{)8Ce!dh6t;~_S;|mjF&+c~+64d-4=2gb`#4cC90{VziAQaQ2g`PGc8`=U
zJ3s^xSNo;XrtcZ#e0A=yi7P+*2y-xUpJ|_>yN?tsgnu)-Sg%gR7DN8qDhZ4fGczSB
zh5QbcEC>~Li%|Z`H@}?KpZ!TNz6fjK8I3hR`%&mJ1O=1eM4TmaWk500e@}hM#%t28
zR%6^?x-?u*MtG}S&d@)`|L8AXld0Q(Gh_>`C0ti;H0m3*xO){A|3kz$mg1oW{hqiI
zO3Sg1$~e}=`TR#&rNk!8NplB7kVt%VYT6=C%L63gzpw3rxsUlOiQ4QvExRQ3>0Njo
ztS%bAv&Qx02hG$enX(@T&)rW9<kPyqbkDb@6Fj+psm)EOYhfrWokvhxrfzXe{l;H~
zhv&Qz(-iK#7Cy5S;2Q}8zMY*P!kGTOQyt~fJKhLdm%aFTarx#11M!J|&rN}gQsXm8
zu|8+@TXNJ^)^-c4%~pwuk^hr3B!WFa>a&RaVeiq0gA}o)ps30Hc-0|-Hv~L2d%**E
zB6Mm%c)LZVLWwoRhvM4`mhV3v7qB=EY*SkGyVtgUXuZE#_hbt5^1~NVt_d>Ubf9st
zf#-nt+CTh(;~Mv~pQCGSMfj1M&Q<4IvA6aHPVINzl3>0M>dPK3rW=7M(&{$c(aa;(
zA5{O*7m9M+CycfHV(0#O2haEH%#Fs!@^~eFZ`h`*xA5}lwW-dc-wcPS+f=5dnp=b^
zLpE`m@9wSS<LqOVM2D~T=>}K`3`;jG{pO(#RQg{YfavjQoZZl5>%lOALsi*cg|Gjd
z=0^$Xvq3+hp4GIw+X*C3e+@>s8nyZn0Ui98N;3Lh5!b+Z%YU9BFB;HJCLR$vvWsS+
zT^V)$aK2Yb+?@tAjx<>GU(JABEep6L{~6T~9z1yD6Z~CFNh19X&G|T&w*6}BZB^M(
z8KD2!!YK*Q$u<$4`+xdWOc+o|a6M~mrD6R|_>uuu83t^e9S$(lzW!H}z=@>=A(fA=
zd0k37)VcL1Q<ckKrzZ8B3?zudD(p4)FDkEtz~Ayo#pZ7d17d6c3Ih1=wc8+jVlDgK
zCqH~aInx-kL9k+%d{zIQig*w}m`RHA`$Jgt!?%2{ZEt3Ux@dinmiJ`1lQylMlpNZ~
zAgc?`Dg2|%JW$kT1+#&#Od%Ju1Llm$Z*Hiv`s;Fi)gce`5hd_!^0{nyu-5_6|L6=r
zbYRwpjM6lW-g#UMX^D{E4cBycl^QMy0phXCB2jG1f7d`_8->V3lT^kR5p5sN;6SI9
zmPITd4BE(NfA@bBoraG){>CpW{o%m?PN2;b4H{k3EyYWpcZm(%PI=9B{evVp-5EaY
zYWNBN;L`%;AX4+H$kLmh_aj$c2w}R73DPZoM>+HUK4$}Dzt>f{V^gfvXxo1?qa2(V
z(EhZYdh|!85&iZf#Xl&Q;oDuSBkTkvAg<8|_j8PlQo7}}F|zmr&@efu|7|`<uF!0O
zw&wv)MR6z!BI~LlDa3uC{vIq54V4@G1xp#oVm?rvs#&QTpjgU@$y^2_y;?l%>Lqo6
zspMZ+LNUdq^9z&qxeR`~DRU;xzk8oJFk6|(0L>M4pQbW`$7V%()jZ_eK{5}d;#7|m
zm;w}88@~V?Q!ris2fQ%!j=54+*roMqE4d`9KyM*JW-lUruCYNAwo_sMghVt`wB0v`
z@+K8H7!ySkaL?vi-_1Fm)k+Qs)VSjckg=W2u%AD(hn;xoD-tGEOnC!;f6J6~&wmeD
z+OxBe7TWVxvK6~|gb=p<%hdl+uv9^k*{>#!TlYv~DyWDYNFI2m+I-{a;2HsPIv&Ut
zto_wppZun*Z^xX5FYm@O<+o2P-J3o=KRVUgQyNgRZ9z9_w)<Jt8V<jMFxG6_=rS-N
z`TD~R+W1^qM!@=oWCb5`OG&KH7s7XYB0n1}P54C$nY0==dnY#P412emf2AJio{ZjD
z5!rgWM)Grz&TD7Hr@6wlBiF{L$7M?5QmVo8fQ98(36;S84t}M2W;lEE{ZuS^3dZzB
z!2@GuXj-A<js`2<5b`nEgNJX^*q~gt6VV&(n7Ka;qZr{&`BghpGG(tb^NQiHGjfgu
ze5|X5@rCuP@|Q5}Y#+-*d<%w6#RQ!e*R7EpoO~$$Q-j?@yzC0U1rF^e^-FC8wvy>k
z2q`#8MHmRoofSxFw4b3<Lzbvm!Ko8Sp!#+@#+0PouKLUUPRtE}sp^R^7+MFCVW)RC
zE8XTuzCU7f)4^ESuc}|a<n3igj8j5nb0>&T$}T<m6Z&&H`I#4GLKKskdey_hG}h#L
zEZ>A{=w^knN&71Q!fjR**rQCKoiYmKIf6$tQdZbEAH4b6nJkc?q3~zI_+vRN;3b%Y
zAob<?e=UO05K<kK0VZiy9V_AgLca~fp4<UxW^^lK;(bw@C_+~iEJu`1hoM!ij;~<4
z_0925Np9HK6>5Z*>hW>hI=Hn(CHC1xYB$ZqXh{}-aPiB-isoK2RH1$U>U;2Z9_|WX
z{|YSE=PwEf-iX!QYb`gSK}T$$me(4-L_R39u&D_fm|v`&CWBqOn&pHnCjzE>u~Mx^
zf{4Of>GS%VEUi$C|3gn7RJ4ihbGgsQk2aZR&Gc-NFfV1~+VVLy+5Vl%;oFIwJyW`=
zd=C@;RG~@nJ2#d$E<jlEWCVjz+x~foZdLZmHiM{54l3U<A|%>UO7GWDv~#&^whFEN
zws{Q%iZMKU@n!yvT|K^P4+G${ezF1`{2vxzqV&K-D=YEG2Fa{~0``7khwoeAh!}ox
zcIt<aR<QqP&iLSF%;3(#`{pIakoJ<hGGK)BZyy!M5>J{{o|KR4LuS1}@A$*1^bBgf
zkUYH_{&kJo;?VG=P5cRA-TFV7U9`18&tdu(lH&8tLLRWx#+*==FJz;etB8#cTP$_n
z5l+t?l_K+U@ou)~kK8vVjCF%;dA)U^LIP*|k4yhxD0&vpy#mTPVS{y~v`}=s`|+RH
zl2`AoiVm0Y7Z87XJ3(f=8|>FxkPz<iH>vynrT|QNUap6C*A4GiOrG8Q$W6IHA_h>9
z0@<kb+j9uQ`x=6`z)l&NhN$8QH2Me&^CrgHv*tm+(2`G|DS}b^DPNv^vN{s@WYuC3
z%F9}t&fvCV_Ss(+?DlfWy5^n4r@y)+H-4<|Q1r}&F#VCk2ThYbhUuqifazLW(34${
z{x33<L`Z;r?RsX~2;Ce5h53z?IP1c}DL#|7w$JG>nkHJm+Gsxiud+bgrK6gL554gA
zspx)!leNxA*@L5kpF^lMAaIDX!}?r|oPp9%MutM!`23t70c89NUXSYQbB_%mGsTUw
z08)YLyi}%Z4&bRTNE1zy0O+$x-w@gvI##G|@OlOhWDA_wqH<@&EhaUFRM^|Dj?f2x
z0P{FcS(+Rce|!YTr2l&xFBdvK`WwowGH%M)o;LT^;jgxbBc$kK%yi=dy&2UtaMDXt
zj+~Znh@x>(rc(h-go}9ogCZMzOJc;tP%fQ|1OU->di8zz3S@MmU$(!-6J;^hY6`U5
zvSx^saNWIzFA2y@HQyiA_jp1xqTgfjisXci7YkU{hvE!iu3yPHF479SJT)r{V%~vp
zmVDgSnJb-78n^a(opCRf@3DM0W8poaB;f|VSDMjH!7wHe`*JyWX~eJw82e~^)q8P9
zF4p&|?Le{rhV7+Nf4H)S*U(@@m%{rOO)-51gBS|FhlaW_-yG_cDslnK`-$Xj*Ka;O
zZ11GKW73@2iMM?zhfXp5Aa&<N;N4FpAQAF+Rar1aSzI8m=4{mK>@ipgAQCgR9TW=!
zLlt*O#u|cLf1uuM=4`F4$2?%kj~on$&Ro9JHGI0?=bU+#bel)I!+IhKSO2!|_k2zj
zkJES>a1@9WR3mbZLrmQjUepjxc~%tZ5M-?r{5nze{0BF7ygsk|4<lRhZI6VKc6)Fh
zNLsKcPZa{r)@>zs;S70}TJ2{Z%dqpn91k{wo@ol6>4QZ8Kg}NUAv$o*`5cS0n*)Iv
z$1L4x98B`S^mnvBPOP|4LBc@bixX2(gorWqe9Zmb(uVFIVO@`t@Jwpium*rfUB<JC
zD}TeuG)$>=7TE09H5l>MZ(#Hb(8!H;%>0fszu{^s>qtJW#~z@YdhT-JPn{L{eyaa$
z7HvyES}I`Bva(}iOg8!dG<DTsQ8v;3WvQi?25C@Q5KsXDsYQBekVa`~L0VWsBo$CP
zr9(=Pl#~!@MM_dqx;yUhec!#$<>AlScb}O#@60*p7ke!Igf%H-c8%LmI4=Z&%Yua{
zsO%LJ8S;V|wRSwh!Xf*LiI3iKD3PZSJtGLkXKkUm1_`C7XW6k}FHVvYoZ~fJ#gc#~
zD6&~k#_q_dPBQoBKnU8v6TS|E%ipM#ExE17+K+o~f-fFMgKdUf1_Ho@i#To4Dyt-8
zWU&0eDLp<)N6dXyYkKD|&Jqi``p&wf@w*Av)})^%lwqsGKA*nY{rIIUcS<-(osYZD
zKHn42B@KPR>aVSQ(d9;z&b~s&{SO}#cUMaTdLN}D4nGay=$CFDHEn-|&S!?(=$1x>
zs=?bl5D)dkRk>7bi1!n2PE6`^Xcq4OX5J-f<8a3a%)Iet0I*KtNH-W!RmXBJf@g2A
zT4*;aJrt=U%DPB2$|+0MOUKWJmyLF8%Qa>tIAPp)Gr4RH#Y_+R=qCEKi^}JaW$vq;
z>C%1ha~$Q_g@)2`dxaNzC)R(DU8T_#KTKZr?)&Qry4-|DHekHWS*J?GJ6p)q<CkgP
zJtF1m3Fr~4CWX{Th3Wz1xlBj~gX!~V8V818r<jM?f7m{S<edHBb!8+?i*qAJty&`^
z@atWYzkWu=ml$UQN!yKC=VhvH!>}M#aqrS^w2n0;boVsKMkjhl!+!E<EU9zd=P>v+
z-X*KfJw7+H$d>tSS@3~#Wc+X1uR9)9^9<+%O51q-X)F5e&cKzTw|93hsvT2FZE@gy
z!N9--Fx1}VTj9Cz4TkYP)p}(v1F(UyFP*&AvDp2l+NIC-O1wG~8FhTa=Hu;O&Zb=6
z@1Ob%J+352XFRiS(TK;aXb&n>dA8<<+iY+cY?&fT+23nn&VClzot}X&M14c{t)##a
zSQTSph4YkEnxP)-sWFZ!b~g1{ENzj3?GHL%#XfWOV7{JXMdLg9nzuI@fR2!>235Qg
z3TS=(nIB~|&Y0}FVJZ(4*B<afv3#%)k5PL+;mvIl`^;=-qu=-KSm$$nvO+i5^F~P;
zQfN#@Mi%>Ci)NcQj)hpV@idgLzBNzP@_%uWnVj3B*HLkw<K9V<ttreb4Zgyj#my1c
z`IIQ%1KdBZ6$RLG_EJ)>D*Yvy4)08qKwp;u<4cl|DwLED1F-se1>$q2569}~)>vLP
zVYl2MjTXLAiX<kenVOTIfB&FBE8|f6IEGZf2IvS*C|n-gSrPF&7kWBCv2RuAI{Ys+
z=wg_*s$`v&d*u|!mjwns&h6JuS<r9RB*<V%iH4n4PtxA%r#@9x&^*g3q3a%BjIP3y
z&dY5{;wjwi$c2=B(}T|MD9##I_P!0ZQO46GO@}S#YKf)fT^R(MKY^LO6vX#EHg++O
zG&TNKrQ%{4+@S=lAS!)F{d1c0Jzy#<80Cqf)gGE!+IHnB)RZUNe?Sc`+WxnHn-zyi
zabG~H7UE<ZoOmuwzWgqzi_{)#s642TYPu0Y<6l!JTM?e)uc$Tl_Vl3bQ%w{;2khAQ
zY~$07!(>Zt|BM@K^@W*q)Di5Aq0q`_I`t+Y*XWfT%%iUEs+7q1mU(8W1uX63EN)rN
zjUFYu(tlk)*qCH)B1ABLnLPbP@J-23I0OfqQypVa8D6l{3!$z)r$jmg1`;(t2b0(<
zL+;LeN&b^d{vbK;%7o7w)B5M&bowTD6a7R_*q2Wls*k-&$ldMmhV`ui$Zff|;pX>c
zNg>Oz{DGv;mO4e+O#-s@lBj(HfO@bPKULsVhbg7za(f<@C2lVR;VX>cu1LZgbZ^<I
zRZv3>@36HbF{XhHSW<yC#))l4(kOU#3x@ff2c!Ko9&+ipWbib!%qVu;Mc|JK1F<ln
zlbP`DaXELbz1ts1SYVG(neL98HoAZOBgILxj^f{}PjmI^c_-Kr8$<gzCI8e_@@=mM
zmfm<37IUTa#kWO8*nC11IQ493{W-s-ze~&c_D(fM&;r^xp80QEjRI)U_VTI?9m$=3
zT!_fkdQEX7Uqav3SpABz5Lz)F=4$@tc+Ych)s&2*!kRD=APvSwHi9|+?RM&_Au~jH
z1-rT0{RUnb(ZUh!3YWLtQB&?(Rb{%J%i4@EI}}Q^If*8UDuuGy=WkIu0n<ZCo{sE@
zTvF(z^vGs+R35h<sf!;WDV^2_(k-$fbL6?Bq0?W)@4KE61OQWNRBZRq{E$we%rq90
zbQ+0YNBlmUJFs{xZW<_8^P4_Aa9Us@3^={-+Dx{bAovv5H7n>eqAiRcMe0+eu>U&!
z>5*y#yJZ6QyBPm6O#<j@u@w_OyDqs(t1bt%Kk2%)YQolJ05ZqnRq9U%(o(tntbeK|
z9R)+qIQ4F5^$9YuvCa(KCMjf|;eU+Br522VF#`tsvIS#O!iN|8)<m<FwZGkaW1Ynv
zR(9Q5cX?ONok6ki_dmJ5P6%4bR7!vnS~Q*Fbp4`nv7~JIFj3*IChWT}Gh1%(tP;8U
zMo)%Iebu1FWai!ds8}XR>k-Bd?Y}elzp6mzb0tG33vnl>h!LPE2i_r(#$Xriekr9=
z8YLo|?v`3-e8;QMnKGp6Cs_`&k0D_oQ}`FLl@OIHKFpOx7CTJQ(038r{*&zGX*#%2
znsXmObvV~vE+W<2^a2>z&F69c+iJP-*&K23xfy9@aR3X<RXoZ;;0=Esc#ue~tQHKq
z_64;WE=8OWXWC`fl*j>-%nd>gX69>5Ff2JhyPZ^hHzH(36|`DO<)t60fowE}CMuS{
zGC(N2;f_`b(>FarFjRnkPL358?swAVcjkW)nkh;4@^Q3M7D!BQ)?e)KG&!Qyo``o`
z7Cp686z$R0fpTavMq+G}O8(fhSR+<|K?StLs*9z4@tg(a;QsDIR}t+6g_iZ_>9#QA
zf~O_QrmLlXA}Jdh0v-#5|5?1WhoC>1UJ7__l>KIrDVrqw>Wx5v0#Hg^%QN!YUrQ@g
zVSHme$Ns9=kEvzie4MU&`imWw`J3qf^W>ny4yYIh+<uK;QyT45WbbyI#**SQ@OE-T
z$!}+*C`Arv-kehXv5-o<VlSAkbI*SPIEm!&-a(^Rv9zaAe3fbw<No6A7@_MbuHiKE
zMgD%#{?D%`Tys=WVAPYMhR6=0<O>0kK1~t-fkM0Z!eKht8TZ}7KYgx0pKwxwRV$nb
zu$V*?G_NIZDE%_ts;h``a7bQ>#IAQ~w)c7!qxQ1t;1iko=qpm50-Dqn;M63-%z3p<
z0FwsT6+D*D7gtH@pycYN(^c1^pj6$Pbj_pmBemY98!P2sMd6?Y30m+4&a?o(73>kd
z(7|TnYJsOJxxb4cz7x1#I?w!vc_D{M=;qkJSoU))?W^vYD|97}p;MDy9S&UOv0YCe
zYkxkz8*LKLBng7n8|x5Y!YynfiE^@L>kQ+qY&d#lk?i$j1;=fVdxZEJAmn~(3Ef#l
z8kr|1@MQrFye_JAV0V+vAJKk!?lfN!s-;Fd6ox%@Yz$?SBrr1rUn~IfI@3`6D~rg?
zJb(RHxMRhKfp$Lmj`{Z+#Uq0LUqex`_atk)9R71%&^>C^b|mQZwghX<`MciYmdU7<
z$v4p{vV@|Fi{>XB^Hl`urGytzJskI@Ur0gi4b2q=j_b1HMWhjwe#1^o#x2yyFW3-L
zikDcTf*%HBKD@2l+)|syKvv=7&{!vZ(H~m;UyI#^F?ZXoxrEMIAqFoN3U~-+WX22d
zGJPv*QXS>AoSp^e!)C7Xe|50lpOxSL;J3E*^ZZb;=<=6bE-(zV38KGM7i(0-3*UbF
zUW3hWSs$2E^l|%%N!YC+o74R7mkSzQzmvO<?*2dX4?P>&f11iX@11Q5J6&q5CB#F~
zgPrgIBLKKMV-P5RWkZZswkEqBWqL&c+8@!m15&DInVo!IxQmhyDP<&9>}ZUDRuB2A
zle!Lin0~j$$=~m9v__VJ+<)LZML7(s?V4&tY>jkLxTe%ancX8!D6akp6j6_-20807
zT&N&R-BcwZv4g)tNY@}q#5MppTL|urVaa6n3og56?F5J<v~cmnH5nv|T-?XgjJf{`
zV1%}h)*)MRis;An??Iy8ZtMB79Ex|IyXGQF`jt~5GaqJ%Rkt614V+Z`i!+L5sCxB}
zjUBNrcOzD1rrX)mcj8!5_CU?U;xco3+XEN(rL|CUuzriUNDB5x{CEIal>5$2VFV!Q
zw?!o!glWy`XBEz4k-cB*`D7{B{U+J4!K}Fau++Y{HnB@stbFP0(aoBV!y8^Q^zWt-
ztJzgL&~whxNvjt?UMQ*m<Nl_-ZlLmfgm;geb%K|Dk?=82|Ni6)QLZ*;hPdk_Zia#7
zBM!#3ZP~d{FfIw!>O^msXuhmOBDXCJW46=*j~r?byZWN#R5!?Q3yk!?9=Q|r85d??
zxJLMA9hXss^4=3yhelENt-J6~v<4~Ts;NbRkt``rD3!J06fsLc)@)AzGxPP~v9z3!
zs65Jd+tKHGN5ILIdeMMeyl7}mYOXb9SmZF&Smg8CG%dsUqdVm{6G{*^MQ+^eUhEEb
zHIw(@kki+ccKy~bo+*@%y+F@wHj3_}IHCn(3bP6;<>m_$W*C|HK1%{1)Cz9rgeY&e
zrWym<)Qr-znTz4H$s~PcA~AWtJltv&h;fk*!S|ZrH&3MA1l1l56@Ko`5XdU?Im&Fh
zwIqMR_}vI#61`Jl(vFIkyIuOJR~V?%bF+~10fhMebqDSzDGdhwmx`!0kJ>x3b~7yY
z!nC%{yiZ8}JGZf9K*TY!DjiBkXr)Y9tOP))P%Sum;6~&3PPQO&!GpOtJPZWmT062W
z;c7y6{<P#OW^@<O^5!{Ck0>xnQsaSF+BS`LAlXe2!_10oe_}(fixD`#Z~%l5{9#=+
zFn!CIw~4P^pFY+3vSMoZlO?^9G|>>Ch=w-dR&;}}e;W$N&40nrL5xlu>a;|wiZnT_
zb)ufGv?<44AK-OoFgs8rS+?6IN+pCh`~iB99=~vE7P(Ud^s;)+wAwK;HcMJTMj!0K
z_i9vn`{(<vcrFt%>5*9j!2%CTq6MhrGQv)20oNur6sOp<djcOn$*Rb%=Y;?D&`<YH
zn)w-0@tbjA(>2BT3pN3NIJV-LJ{9{(D-k+NiY&$|sWQwaTq+@^?ndQC|NaGezX`c%
zD4hAUvV=}vUKau50W3eMzlU-uzG;^3E?KKKmC-^EO0Oa|l#Tc>tLSyqUa#+-+;dj?
zf}CHD{~Wc|JTqP&V5)T7nJA8nfV$V}qQikum6UWTpD7su$#kv@ak!8|ql}VahZBwo
z1FPKe;cixEIxw>xYWqgZDoEZrh8ZS;<|r7?Qi|$neN6H8;rXP~S|=^Wsaon<ZLg74
zGrz`(WaE{tdkO2yR+5)T?_Do_t;rq54~PV%i2*%i*q$`Eb5V*nP|p9MrbGv(SbzGC
zO0+=ik{GI4kZT63c4sEMG;X+RR-SdDet3jvGMXpQ0_F=gBeOe8sXd`tD0b}9qqDoO
zXrg-ZEzR<byE)t1L=&ieMsM-N51ph5hb#DmmCzZ6Ib$*XFB7wnFQqRp{f3S)#UEY_
z6mZHC_WJi8C~oNRA)c8xev$BFyEWyA)^q36)epJm`VJ4x)RiFA)L4HFn@H$A(CL0$
zGwSbh;IUNA_iLNv!bj;1E*x#<&5*!QaM%2<e_NFw%Y{dW=Bd)Mnw->n^^5FB!EDE&
zz#<Rrd8nhH^TJ{2RqDH|pQJ3~obwBKpn<K!Zup8UDgqQsTU&xHr|w^B&e@WEuli)_
zF{Qb&%z4wmh4rcAGUCU?^X6M`YRc=_yH||F%qJHoh;b<K+7%(~N{YUeJ1<(2B_Cgs
zz9eGJ{9|Mm-~j@0dc0#q5QRHYo)TPHG8;Oozw|YAWo(u;c<m(N^Gwd|5aM(9nYX&U
z*#zyAG@<!gA-_#-Wk~}TP~LVdSYOEz1ax^!WMM3sufvo3n57mz=Tqv&m6<vO91VZ8
z6SGK?2E*aa9h&mNP;|Y-9Q$j2|En)7;8>*pCOc{6wy!IuzPYf+BeS;oH!sAetgyDf
z8wSWp$o9049m$^8FQ11$gC2DaX7PL*Hh(aLAarB%a7q37ug1H{pK7e(TxZJoeUg6(
zq9sv_g(l7ehLPz@a6yge3M%sF-jukLHACe#Z*de~?ySUITDiKQDU~#|n$DN(%#TF>
z^lGgSxPEzkW&U_eMdg)<o3Gt=%??Y8EO1F1r7*8DLtA6+Z#t?~yzWo-_#7Q#&LIVV
zWC_-r^Y??RFgvfx2pW^+wTuM=5|PAk*70Vh+fEOqBZ-M0Y95n5B4$7dkNW-8m?c}j
z3-o{Tc09M+CUsdUX8d16p-xV?A3ydBZY?3-ks0_gTh2?}fR7NRj#Mx5nWvgk`{vlN
zrq=(yyn7Pr@+N5X^CErOh7$|hp^CKA!$A;d>VUkBetvr|WBd4IiMWH$yQ`VQbLE=H
zd+Y^_WdAN1cf3u&W#X!b&pcSre&ARp@P-`00u$Mh1-d2<dfbk-#~>{Tm7|-YBpqEV
z*yIc~CBk4%w>4#acc*zY&6#+kZUgluAYIghin6ZR^zexv1K{Y(z|mt>KlE7uVO|L-
zn^w}vEsW(1y^!rWn*jEKf@$Z+TZ4niEN`Uaw(vM-=w_Emgw|iDdsl<B;-J^HbAERe
z=+uiPx7VSN3v#n{0L}Z7A+Xh$xnP+ppBm?$7b%MQf5@2W!KkG`oS%QEz<^2RIbx+M
z#}cPvWKXtBa9kds8s&P|ez&1aDm)ca=DmpY)L+z3xFoFpe%{2m_u3fhDu^?MUxz>%
zWu|^f0$D|dh+&kDBVG>9FZ&sR%kZPAi6@Od*S@F^*d{s}bL**4OcYg3GLm8#kt=zD
zjz%AW9Afj@fKN*^yi9pQUu$fmO<&8ieQkH?t!TE>D{7553QxkJ-b#82k_QBEbS9qi
ztZ7e8KWitB-$^Z&S5YdAIC1VpS-+s#ERrOIS|eTINf?CMe+`K7JZg*I09h3QNvp^8
za`ayYIe~<GJJLs9VOOPr6eDdwLa9dbs33pIEKlNz)^|8es?fboO}Em315t7RI)r5*
zTxH>^^D@;>5RHM3>Pcm(GvUt1!|`D)Zc&pNyE&a|N3-QY0#P}8W{AS}{pj6yzM1>q
zdm|XI(A3YS9bzAjQZqTzr=6d$F<|a{YcVfP2t2(-Edz0m-(ObbxRCmr`o1|%ME!Jr
zdE|zx>cWy{%Z!PCdT;ZXqX4;D!r_K}>Se5*EDfhLxJttAdns#HK6fH>Ssoxipu*8j
zWdtO5a}3t&f)VLx!eX=;*=39doh6;Q7gRBAAg@KRZ$z8VG1HPc_gnu~z5P=rJmd~C
zc-%w`$91(?HHGN;p~Y65aj}Bww(RI$(A4eGZ|?;FLorWhlT6~^aI*TItO%pZJaJ0?
zuhd-j7gl+FI~Ig&YFN*1@4b9fRl+f!NLyD&F>6W9{EszQpMMzb{r9p+z&2#S1f&K<
zWX4-tFU`1)0-vM6^ozIJiXGy#w`aU11>6mKd)&0s=`gnEIFwh4kERyBIhD!rI7~TL
z_sxz7jmQJ(7PIDgD|Q!^t+T!GVdU)}+mFlMYKvK0#pi0ykVt;=B?T0#`kJAWvV$+{
zFtg6ZwT940W(cYNeh^TLJXKp;1;j_z*na5?bv;*-pzyO0Wvd4g_I<sYLAsvHwIW1s
zEsxQ6-jM6b_LKiwO3YUe_uH6+@mwHUT8Bs^oT}%St2PZ(1dQDEUzf27MI}b?)R%f-
zD7lqN4Au4+)|lPm0kxsN*gPA5-**Z5_U75I*eb^Vr2fjYn(NOmNS30Do_#VBXBhkp
zF?)lgodLU=r1U0WLNiN~BlFRi**002XMlQ<aCB;uxJOjiP)9f`4I!4qlSN4cxv`|8
z-Pm@cFwJXcUCam*gt4S%zD&W<TMwPZE_}M5>P3A`ZD`AFe+q|gO)T&!!U3poUfLNj
z#4qi1nCQAC1`RY`2!0lSFhJ?qTgPLhbUoE9)y>%UfFTC{=3*DKedWOviKWQ~h|{pX
zkq|9<bU$CvP#XF+$v{%~t51Mrfy?`Q5SNNLSxdkWn@ENgD1h)GrAq#>sJ=zq$T@y?
zkVHTI@$JAeveL@$mRzA}`$yiwo&YE`PvW1U=}(tmplq6ik{#KeT^pc+F8v2JP~#4q
zeBo@PAfpE6oXPRBP%tkP`YEk`C&;Egsz4g7A3X3`@WZu_M(O0EY$_}+A6TF)TTv{j
zS{ORi&vvczWXO$9BM7V_0_zw2<ulz)7S@ON|KIa~Te*<eP8j~RMx(S4kP**AfSzr@
zcjIG<c=EUBk6!H2qk&P|z21gS2bM7mXJwV$0|XQ+{LR4|0Xc@9n34dI$p>l@a94Xk
zR+2wZZyWc*4cGO?>*vlt2RSyHzx+=GWG~exxW$~c7Z?TGY6N#0Qt0|K*e&|5)><U|
zb<d2#_O^KKpPf|ju<^zxgY#{8!zIJW0a%#OECO9~+jaPqEu4@4(qDR)y29*l^5=<h
zn$piNom_7sT+R@gpXRlbqc&{pFN5ZpA9G58(SHpW_*zd7Co6JU{m0TMb$!@dR_=+J
zug{G$0(21|u>&GQqY`4FF>|+Y)1^4peQLAA>mwwF?`%DjxAWmI0#v$`(Zq{(V0D}W
z2(!!%c3(I`N;J0CCk_AgP~Y4zn@f-a-g&-ZdnbMu?XA;&L}=9`6ImYbdgFwsG``Vq
zIl{n?vq^4~JQ#8w=q<+PiAQm%Bwx~%9hUFOLzPYO8FU!4mS@fMn6Q?akKb*;C1<YZ
zyA&LhrH1C~by0W2;6djmzVLvVJztL6pANT7e-NO5b#+*JA6djr*layARXsdK!O9l&
z$@C(o4Ya6qk({C)!@Z63u>tQd;oPnEM<~&iNmWd?i#QyvYB7(vhfAe$x}Esa7vHe(
z)`M2wsrdipF8L$kDx>(_AT7yfpz%oJNc{5Q)*kq$-x6P*9v2I+FgFf{S|-xX7MwK*
z^9-Z8jVOW&@=9@h(hB1EAsmT|d17?EL=PSw2KpUcc<tkKpV-iP%2tdeZhU6wW&;TD
zP{y<u90$`v%^yf3Je+b2BK%K1@U#&dA7}5i5ZxPbz<{A0-`r~zUMBh&eRC%Qt!hL0
zyc=)EJ@0k9lvh(<#9au&sk{D-066w@6WjcoK(rownA<0Qb+w(sZ}WR@sHIX#QRvZb
z|4s|UX;BC&Hf6)McWvFAUqXmT1qIjmZ?8Ml5)-g$nN6Ej6la&b<o$$m0}{rEK6^(|
zZH-erBb)q-e~an&Q!J=@B$zD(LZF(hid;18ALXu$CN_=IVWaO1T=3VuZe+Z8h|0o*
zNs$$G4gTbASXNN?AuNe>2#8=MStEr`Iqu4IbYH>BnI}vt(&EG?aR}nT8Wd>1Bh_`Z
zxu8$775f&dSyTX5bkg1J57#Ej{d;Hp!w<n2(xBuYB&t4HVo=6~bM$>C?LBXNtf@h&
z3T)7xu~YSYnwJsT#^Y&;Wkiv!UGu{J-I2GRJjaGX)oGSZ_Kd%xA@R!}^=Q4q785;g
z4xT$$kgj{dE%Uf3t(!JQ2HKg%>JYV@$yv(+gvceA`4O))?REb<V+#re%HD;lw_o;R
zCFmLkem$d}#zXrnQ6iLm8?GF3qalLambN(}k73It1x^ITl^O=tl$#Si7TWDhS%kJw
zn1)*JAh}4Y-9+!hpGBInwbgrz!J$w~cNDzVqQ|iev9F6YXeEPRH?zehZn3oeCBOQ+
zV;Gj`7yZ?*C^y}F9V#jpTn(lk1FLXo@RP+U<*Y?czffxEuq`b%*<t+yor=+4w%wE<
ztcr#3y%s~JtaEZkDP(To-3s%&QIV$qh`6kKFkWv0bu)c9n9nddP_Ra4y(wdy3`^h^
zSar^r7)dzl(VRqE7>ENGX0x)_dbB<gUqT)*Geax0v9LFy125IdHuNA%_TU@`ziEBT
zrEPCjhd5l_*yysgj%1SGr|(x68VSPZeQ5#|wZS8ixxBJQsgZ#xf#e#_8?goLCL{&*
zneY7G3f(rl_x-LGgdrvLwQVp>%pi66<;TVwIA7Z*s=b#EJrWKsZ2qj*_eXk|VYw1Z
z3nx0(>#{&At431O@ykt0$N_9#;fnQOC$XQZ^hQTXw+AFtkd-eo*!V63SC918sY%*@
zk-Uu61ILgT$y00e@9aM1H{=?71};Wnjng?iv8Xez{NnCkkK@UJZMWuAi(>QHwz0<o
zUQ;=xq;?yBJ9#Psi(z}!j*WTqAwR9_cIVp&q!S{@cXp+qP(7#nQ=cr49<i*@(8;Wa
z!n<nDaL0yVAL1#$5!Xqu%9`}N3ZaO6splZ6&YLc5VHA17559zOnz)YT2ruaa1CFwD
z?ogNS?>ff%9C?i5^>k+G?fvHXk!O_`(+N$ew?7keD8UB|G<aUwxtjddQv4G@@rKIt
z<|Hu@FT<LQ_+kAd<M}ZE+Qtn6Aewz_u{71bJ82rWLN(1h|Kv5vm8To3h(M<0*5cxF
zlW{FS7t>(EYZx37_f<%JrQ`lKHZz5cBbFJ%_n3pzFS10H1Vd&}FOG3}ljfE@PafE`
zJNMY}3`WWu-rkf*MQ-Kz{P`+ri~DE8$q^oX=G$<G-{kX9R55s<QJP|Cf(t)>toFek
zN?zu9wnHF(A{9(fX1{UtXS0BG_fT>Y7}iTTCuKck=3-S+av@A?#Jb3AJ3JtE4712#
z-NO-HJmZgLpAvssCh`3@QF(+Rc)@BZM+;1o)f7IvK3_WPA!xR<z%6)`)6(|DL)G{P
z4{0k0aYUD4m|;siIJOM!JP|$Kxsq66wBln0W-K{QN7mZR7;JL*3S1xO0=&c7Sry%U
z+ub$y{e@LGw-d23(6328>i14*tgmm{OMXqZ5L(DFT3#ktOVJO%XT=?TFexCNb0M}f
zpe>f?dw!fO+2=;8C0q;v#<kKDhQ;r>eVU=a9w-I;&U{cGPq_TC*|vyA(w{qN^GU;Z
zVc&*r?Z*_uDIXvhn)V@2nr40%?11Z6w+}T%R~$ZchmE2fM_IX0mC#Or*RM~FAf+}2
z3C%8rKJw)qkdQ%oIOjw<Nw~VnsiE`-j5$KXdB>GcA~N_VzsJ%kRDfVcH_DykS-n<H
z38okjGCM7C663|h!*q~h$$^b*2ApUoFa-x|Xz|&mWO(QnVqk_Bg56A9^+mcGn*2q?
z)bg+%hnaO1j<}c2oWcBtcpnX^I>ikd3XwXi&Ul6|%R}nCoU@l2%*%CaYe+jRjeI5J
z;7r*#M(a09DrV9FnfMDKN^};F_DMAi)g$rNZvM)R-ijQ1)%E@lj1d341Z+pO%tw5S
z#vj})?L9a7LjrklFr~HQ0{dfgjGH#Z8F&=$2EkY;zj<#uO7Fu-jg^s6rIoQ*X)KCN
kC)Jgl7IyDt1M(=32|CI*DI7{v>LBo^D2GCp%9sWI59Y;SdH?_b

diff --git a/pkg/webui/ui/build/manifest.json b/pkg/webui/ui/build/manifest.json
deleted file mode 100644
index 080d6c77a..000000000
--- a/pkg/webui/ui/build/manifest.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "short_name": "React App",
-  "name": "Create React App Sample",
-  "icons": [
-    {
-      "src": "favicon.ico",
-      "sizes": "64x64 32x32 24x24 16x16",
-      "type": "image/x-icon"
-    },
-    {
-      "src": "logo192.png",
-      "type": "image/png",
-      "sizes": "192x192"
-    },
-    {
-      "src": "logo512.png",
-      "type": "image/png",
-      "sizes": "512x512"
-    }
-  ],
-  "start_url": ".",
-  "display": "standalone",
-  "theme_color": "#000000",
-  "background_color": "#ffffff"
-}
diff --git a/pkg/webui/ui/build/robots.txt b/pkg/webui/ui/build/robots.txt
deleted file mode 100644
index e9e57dc4d..000000000
--- a/pkg/webui/ui/build/robots.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-# https://www.robotstxt.org/robotstxt.html
-User-agent: *
-Disallow:
diff --git a/pkg/webui/ui/build/static/css/main.css b/pkg/webui/ui/build/static/css/main.css
deleted file mode 100644
index 70ec57003..000000000
--- a/pkg/webui/ui/build/static/css/main.css
+++ /dev/null
@@ -1,87 +0,0 @@
-body {
-    margin: 0;
-    background: linear-gradient(180deg, #59A588 0%, #404846 100%);
-    background-attachment: fixed;
-}
-
-body, input {
-    font-family: 'Nunito Variable', 'Segoe UI', 'Oxygen',
-        'Ubuntu', 'Cantarell', 'Fira Sans', 'Droid Sans', 'Helvetica Neue', -apple-system, BlinkMacSystemFont,
-        sans-serif;
-    -webkit-font-smoothing: antialiased;
-    -moz-osx-font-smoothing: grayscale;
-}
-
-code {
-    font-family: source-code-pro, Menlo, Monaco, Consolas, 'Courier New',
-        monospace;
-}
-
-* {
-    box-sizing: border-box;
-}
-
-html,
-body,
-#root {
-    width: 100%;
-    height: 100%;
-    margin: 0;
-    padding: 0;
-}
-/* nunito-cyrillic-ext-wght-normal */
-@font-face {
-  font-family: 'Nunito Variable';
-  font-style: normal;
-  font-display: swap;
-  font-display: var(--fontsource-display, swap);
-  font-weight: 200 1000;
-  src: url(../../static/media/nunito-cyrillic-ext-wght-normal.woff2?h=b2611fa3f916d23df9b0735ba668944500ff23b73f9da4fbb10818c875d482a0) format('woff2-variations');
-  unicode-range: U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F;
-}
-
-/* nunito-cyrillic-wght-normal */
-@font-face {
-  font-family: 'Nunito Variable';
-  font-style: normal;
-  font-display: swap;
-  font-display: var(--fontsource-display, swap);
-  font-weight: 200 1000;
-  src: url(../../static/media/nunito-cyrillic-wght-normal.woff2?h=7ca4b4bb8be6840990cc92b2dee938f142df99c93ce85063b391a09369b63b17) format('woff2-variations');
-  unicode-range: U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116;
-}
-
-/* nunito-vietnamese-wght-normal */
-@font-face {
-  font-family: 'Nunito Variable';
-  font-style: normal;
-  font-display: swap;
-  font-display: var(--fontsource-display, swap);
-  font-weight: 200 1000;
-  src: url(../../static/media/nunito-vietnamese-wght-normal.woff2?h=0ef9726dbc36b5871efa4b0cfdc43fd1bfed5dd48aeb70dc8210e8cb9bc9247b) format('woff2-variations');
-  unicode-range: U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;
-}
-
-/* nunito-latin-ext-wght-normal */
-@font-face {
-  font-family: 'Nunito Variable';
-  font-style: normal;
-  font-display: swap;
-  font-display: var(--fontsource-display, swap);
-  font-weight: 200 1000;
-  src: url(../../static/media/nunito-latin-ext-wght-normal.woff2?h=89def7428656f40331c1430ee1dc1846ed1e30d7001707b548f9f816d27264a5) format('woff2-variations');
-  unicode-range: U+0100-02AF,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;
-}
-
-/* nunito-latin-wght-normal */
-@font-face {
-  font-family: 'Nunito Variable';
-  font-style: normal;
-  font-display: swap;
-  font-display: var(--fontsource-display, swap);
-  font-weight: 200 1000;
-  src: url(../../static/media/nunito-latin-wght-normal.woff2?h=96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357) format('woff2-variations');
-  unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;
-}
-
-/*# sourceMappingURL=main.css.map?h=b04a21858ecfe46c93b33bc95788b6861c50ee3a7852bdb7721e314a3ee95b80*/
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/787.chunk.js b/pkg/webui/ui/build/static/js/787.chunk.js
deleted file mode 100644
index 15b544b3a..000000000
--- a/pkg/webui/ui/build/static/js/787.chunk.js
+++ /dev/null
@@ -1,239 +0,0 @@
-"use strict";
-(self["webpackChunkkluctl_webui"] = self["webpackChunkkluctl_webui"] || []).push([[787],{
-
-/***/ 787:
-/***/ (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {
-
-__webpack_require__.r(__webpack_exports__);
-/* harmony export */ __webpack_require__.d(__webpack_exports__, {
-/* harmony export */   getCLS: function() { return /* binding */ h; },
-/* harmony export */   getFCP: function() { return /* binding */ d; },
-/* harmony export */   getFID: function() { return /* binding */ L; },
-/* harmony export */   getLCP: function() { return /* binding */ F; },
-/* harmony export */   getTTFB: function() { return /* binding */ P; }
-/* harmony export */ });
-var e,
-  t,
-  n,
-  i,
-  r = function r(e, t) {
-    return {
-      name: e,
-      value: void 0 === t ? -1 : t,
-      delta: 0,
-      entries: [],
-      id: "v2-".concat(Date.now(), "-").concat(Math.floor(8999999999999 * Math.random()) + 1e12)
-    };
-  },
-  a = function a(e, t) {
-    try {
-      if (PerformanceObserver.supportedEntryTypes.includes(e)) {
-        if ("first-input" === e && !("PerformanceEventTiming" in self)) return;
-        var n = new PerformanceObserver(function (e) {
-          return e.getEntries().map(t);
-        });
-        return n.observe({
-          type: e,
-          buffered: !0
-        }), n;
-      }
-    } catch (e) {}
-  },
-  o = function o(e, t) {
-    var n = function n(i) {
-      "pagehide" !== i.type && "hidden" !== document.visibilityState || (e(i), t && (removeEventListener("visibilitychange", n, !0), removeEventListener("pagehide", n, !0)));
-    };
-    addEventListener("visibilitychange", n, !0), addEventListener("pagehide", n, !0);
-  },
-  u = function u(e) {
-    addEventListener("pageshow", function (t) {
-      t.persisted && e(t);
-    }, !0);
-  },
-  c = function c(e, t, n) {
-    var i;
-    return function (r) {
-      t.value >= 0 && (r || n) && (t.delta = t.value - (i || 0), (t.delta || void 0 === i) && (i = t.value, e(t)));
-    };
-  },
-  f = -1,
-  s = function s() {
-    return "hidden" === document.visibilityState ? 0 : 1 / 0;
-  },
-  m = function m() {
-    o(function (e) {
-      var t = e.timeStamp;
-      f = t;
-    }, !0);
-  },
-  v = function v() {
-    return f < 0 && (f = s(), m(), u(function () {
-      setTimeout(function () {
-        f = s(), m();
-      }, 0);
-    })), {
-      get firstHiddenTime() {
-        return f;
-      }
-    };
-  },
-  d = function d(e, t) {
-    var n,
-      i = v(),
-      o = r("FCP"),
-      f = function f(e) {
-        "first-contentful-paint" === e.name && (m && m.disconnect(), e.startTime < i.firstHiddenTime && (o.value = e.startTime, o.entries.push(e), n(!0)));
-      },
-      s = window.performance && performance.getEntriesByName && performance.getEntriesByName("first-contentful-paint")[0],
-      m = s ? null : a("paint", f);
-    (s || m) && (n = c(e, o, t), s && f(s), u(function (i) {
-      o = r("FCP"), n = c(e, o, t), requestAnimationFrame(function () {
-        requestAnimationFrame(function () {
-          o.value = performance.now() - i.timeStamp, n(!0);
-        });
-      });
-    }));
-  },
-  p = !1,
-  l = -1,
-  h = function h(e, t) {
-    p || (d(function (e) {
-      l = e.value;
-    }), p = !0);
-    var n,
-      i = function i(t) {
-        l > -1 && e(t);
-      },
-      f = r("CLS", 0),
-      s = 0,
-      m = [],
-      v = function v(e) {
-        if (!e.hadRecentInput) {
-          var t = m[0],
-            i = m[m.length - 1];
-          s && e.startTime - i.startTime < 1e3 && e.startTime - t.startTime < 5e3 ? (s += e.value, m.push(e)) : (s = e.value, m = [e]), s > f.value && (f.value = s, f.entries = m, n());
-        }
-      },
-      h = a("layout-shift", v);
-    h && (n = c(i, f, t), o(function () {
-      h.takeRecords().map(v), n(!0);
-    }), u(function () {
-      s = 0, l = -1, f = r("CLS", 0), n = c(i, f, t);
-    }));
-  },
-  T = {
-    passive: !0,
-    capture: !0
-  },
-  y = new Date(),
-  g = function g(i, r) {
-    e || (e = r, t = i, n = new Date(), w(removeEventListener), E());
-  },
-  E = function E() {
-    if (t >= 0 && t < n - y) {
-      var r = {
-        entryType: "first-input",
-        name: e.type,
-        target: e.target,
-        cancelable: e.cancelable,
-        startTime: e.timeStamp,
-        processingStart: e.timeStamp + t
-      };
-      i.forEach(function (e) {
-        e(r);
-      }), i = [];
-    }
-  },
-  S = function S(e) {
-    if (e.cancelable) {
-      var t = (e.timeStamp > 1e12 ? new Date() : performance.now()) - e.timeStamp;
-      "pointerdown" == e.type ? function (e, t) {
-        var n = function n() {
-            g(e, t), r();
-          },
-          i = function i() {
-            r();
-          },
-          r = function r() {
-            removeEventListener("pointerup", n, T), removeEventListener("pointercancel", i, T);
-          };
-        addEventListener("pointerup", n, T), addEventListener("pointercancel", i, T);
-      }(t, e) : g(t, e);
-    }
-  },
-  w = function w(e) {
-    ["mousedown", "keydown", "touchstart", "pointerdown"].forEach(function (t) {
-      return e(t, S, T);
-    });
-  },
-  L = function L(n, f) {
-    var s,
-      m = v(),
-      d = r("FID"),
-      p = function p(e) {
-        e.startTime < m.firstHiddenTime && (d.value = e.processingStart - e.startTime, d.entries.push(e), s(!0));
-      },
-      l = a("first-input", p);
-    s = c(n, d, f), l && o(function () {
-      l.takeRecords().map(p), l.disconnect();
-    }, !0), l && u(function () {
-      var a;
-      d = r("FID"), s = c(n, d, f), i = [], t = -1, e = null, w(addEventListener), a = p, i.push(a), E();
-    });
-  },
-  b = {},
-  F = function F(e, t) {
-    var n,
-      i = v(),
-      f = r("LCP"),
-      s = function s(e) {
-        var t = e.startTime;
-        t < i.firstHiddenTime && (f.value = t, f.entries.push(e), n());
-      },
-      m = a("largest-contentful-paint", s);
-    if (m) {
-      n = c(e, f, t);
-      var d = function d() {
-        b[f.id] || (m.takeRecords().map(s), m.disconnect(), b[f.id] = !0, n(!0));
-      };
-      ["keydown", "click"].forEach(function (e) {
-        addEventListener(e, d, {
-          once: !0,
-          capture: !0
-        });
-      }), o(d, !0), u(function (i) {
-        f = r("LCP"), n = c(e, f, t), requestAnimationFrame(function () {
-          requestAnimationFrame(function () {
-            f.value = performance.now() - i.timeStamp, b[f.id] = !0, n(!0);
-          });
-        });
-      });
-    }
-  },
-  P = function P(e) {
-    var t,
-      n = r("TTFB");
-    t = function t() {
-      try {
-        var t = performance.getEntriesByType("navigation")[0] || function () {
-          var e = performance.timing,
-            t = {
-              entryType: "navigation",
-              startTime: 0
-            };
-          for (var n in e) "navigationStart" !== n && "toJSON" !== n && (t[n] = Math.max(e[n] - e.navigationStart, 0));
-          return t;
-        }();
-        if (n.value = n.delta = t.responseStart, n.value < 0 || n.value > performance.now()) return;
-        n.entries = [t], e(n);
-      } catch (e) {}
-    }, "complete" === document.readyState ? setTimeout(t, 0) : addEventListener("load", function () {
-      return setTimeout(t, 0);
-    });
-  };
-
-
-/***/ })
-
-}]);
-//# sourceMappingURL=787.chunk.js.map?h=47820fdbf26705ec6b47ae95042786f8669103d43ced5b19492db0ef8a1a30eb
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/js/main.js b/pkg/webui/ui/build/static/js/main.js
deleted file mode 100644
index a7625bb71..000000000
--- a/pkg/webui/ui/build/static/js/main.js
+++ /dev/null
@@ -1,61552 +0,0 @@
-/******/ (function() { // webpackBootstrap
-/******/ 	var __webpack_modules__ = ({
-
-/***/ 867:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-var formatter = __webpack_require__(707);
-var fault = create(Error);
-module.exports = fault;
-fault.eval = create(EvalError);
-fault.range = create(RangeError);
-fault.reference = create(ReferenceError);
-fault.syntax = create(SyntaxError);
-fault.type = create(TypeError);
-fault.uri = create(URIError);
-fault.create = create;
-
-// Create a new `EConstructor`, with the formatted `format` as a first argument.
-function create(EConstructor) {
-  FormattedError.displayName = EConstructor.displayName || EConstructor.name;
-  return FormattedError;
-  function FormattedError(format) {
-    if (format) {
-      format = formatter.apply(null, arguments);
-    }
-    return new EConstructor(format);
-  }
-}
-
-/***/ }),
-
-/***/ 707:
-/***/ (function(module) {
-
-//
-// format - printf-like string formatting for JavaScript
-// github.com/samsonjs/format
-// @_sjs
-//
-// Copyright 2010 - 2013 Sami Samhuri <sami@samhuri.net>
-//
-// MIT License
-// http://sjs.mit-license.org
-//
-
-;
-(function () {
-  //// Export the API
-  var namespace;
-
-  // CommonJS / Node module
-  if (true) {
-    namespace = module.exports = format;
-  }
-
-  // Browsers and other environments
-  else {}
-  namespace.format = format;
-  namespace.vsprintf = vsprintf;
-  if (typeof console !== 'undefined' && typeof console.log === 'function') {
-    namespace.printf = printf;
-  }
-  function printf( /* ... */
-  ) {
-    console.log(format.apply(null, arguments));
-  }
-  function vsprintf(fmt, replacements) {
-    return format.apply(null, [fmt].concat(replacements));
-  }
-  function format(fmt) {
-    var argIndex = 1 // skip initial format argument
-      ,
-      args = [].slice.call(arguments),
-      i = 0,
-      n = fmt.length,
-      result = '',
-      c,
-      escaped = false,
-      arg,
-      tmp,
-      leadingZero = false,
-      precision,
-      nextArg = function nextArg() {
-        return args[argIndex++];
-      },
-      slurpNumber = function slurpNumber() {
-        var digits = '';
-        while (/\d/.test(fmt[i])) {
-          digits += fmt[i++];
-          c = fmt[i];
-        }
-        return digits.length > 0 ? parseInt(digits) : null;
-      };
-    for (; i < n; ++i) {
-      c = fmt[i];
-      if (escaped) {
-        escaped = false;
-        if (c == '.') {
-          leadingZero = false;
-          c = fmt[++i];
-        } else if (c == '0' && fmt[i + 1] == '.') {
-          leadingZero = true;
-          i += 2;
-          c = fmt[i];
-        } else {
-          leadingZero = true;
-        }
-        precision = slurpNumber();
-        switch (c) {
-          case 'b':
-            // number in binary
-            result += parseInt(nextArg(), 10).toString(2);
-            break;
-          case 'c':
-            // character
-            arg = nextArg();
-            if (typeof arg === 'string' || arg instanceof String) result += arg;else result += String.fromCharCode(parseInt(arg, 10));
-            break;
-          case 'd':
-            // number in decimal
-            result += parseInt(nextArg(), 10);
-            break;
-          case 'f':
-            // floating point number
-            tmp = String(parseFloat(nextArg()).toFixed(precision || 6));
-            result += leadingZero ? tmp : tmp.replace(/^0/, '');
-            break;
-          case 'j':
-            // JSON
-            result += JSON.stringify(nextArg());
-            break;
-          case 'o':
-            // number in octal
-            result += '0' + parseInt(nextArg(), 10).toString(8);
-            break;
-          case 's':
-            // string
-            result += nextArg();
-            break;
-          case 'x':
-            // lowercase hexadecimal
-            result += '0x' + parseInt(nextArg(), 10).toString(16);
-            break;
-          case 'X':
-            // uppercase hexadecimal
-            result += '0x' + parseInt(nextArg(), 10).toString(16).toUpperCase();
-            break;
-          default:
-            result += c;
-            break;
-        }
-      } else if (c === '%') {
-        escaped = true;
-      } else {
-        result += c;
-      }
-    }
-    return result;
-  }
-})();
-
-/***/ }),
-
-/***/ 478:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var _slicedToArray = (__webpack_require__(424)["default"]);
-var _toConsumableArray = (__webpack_require__(861)["default"]);
-var _inherits = (__webpack_require__(655)["default"]);
-var _createSuper = (__webpack_require__(389)["default"]);
-var _classCallCheck = (__webpack_require__(690)["default"]);
-var _createClass = (__webpack_require__(728)["default"]);
-function deepFreeze(obj) {
-  if (obj instanceof Map) {
-    obj.clear = obj.delete = obj.set = function () {
-      throw new Error('map is read-only');
-    };
-  } else if (obj instanceof Set) {
-    obj.add = obj.clear = obj.delete = function () {
-      throw new Error('set is read-only');
-    };
-  }
-
-  // Freeze self
-  Object.freeze(obj);
-  Object.getOwnPropertyNames(obj).forEach(function (name) {
-    var prop = obj[name];
-
-    // Freeze prop if it is an object
-    if (typeof prop == 'object' && !Object.isFrozen(prop)) {
-      deepFreeze(prop);
-    }
-  });
-  return obj;
-}
-var deepFreezeEs6 = deepFreeze;
-var _default = deepFreeze;
-deepFreezeEs6.default = _default;
-
-/** @implements CallbackResponse */
-var Response = /*#__PURE__*/function () {
-  "use strict";
-
-  /**
-   * @param {CompiledMode} mode
-   */
-  function Response(mode) {
-    _classCallCheck(this, Response);
-    // eslint-disable-next-line no-undefined
-    if (mode.data === undefined) mode.data = {};
-    this.data = mode.data;
-    this.isMatchIgnored = false;
-  }
-  _createClass(Response, [{
-    key: "ignoreMatch",
-    value: function ignoreMatch() {
-      this.isMatchIgnored = true;
-    }
-  }]);
-  return Response;
-}();
-/**
- * @param {string} value
- * @returns {string}
- */
-function escapeHTML(value) {
-  return value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;');
-}
-
-/**
- * performs a shallow merge of multiple objects into one
- *
- * @template T
- * @param {T} original
- * @param {Record<string,any>[]} objects
- * @returns {T} a single new object
- */
-function inherit(original) {
-  /** @type Record<string,any> */
-  var result = Object.create(null);
-  for (var key in original) {
-    result[key] = original[key];
-  }
-  for (var _len = arguments.length, objects = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
-    objects[_key - 1] = arguments[_key];
-  }
-  objects.forEach(function (obj) {
-    for (var _key2 in obj) {
-      result[_key2] = obj[_key2];
-    }
-  });
-  return (/** @type {T} */result
-  );
-}
-
-/**
- * @typedef {object} Renderer
- * @property {(text: string) => void} addText
- * @property {(node: Node) => void} openNode
- * @property {(node: Node) => void} closeNode
- * @property {() => string} value
- */
-
-/** @typedef {{kind?: string, sublanguage?: boolean}} Node */
-/** @typedef {{walk: (r: Renderer) => void}} Tree */
-/** */
-
-var SPAN_CLOSE = '</span>';
-
-/**
- * Determines if a node needs to be wrapped in <span>
- *
- * @param {Node} node */
-var emitsWrappingTags = function emitsWrappingTags(node) {
-  return !!node.kind;
-};
-
-/** @type {Renderer} */
-var HTMLRenderer = /*#__PURE__*/function () {
-  "use strict";
-
-  /**
-   * Creates a new HTMLRenderer
-   *
-   * @param {Tree} parseTree - the parse tree (must support `walk` API)
-   * @param {{classPrefix: string}} options
-   */
-  function HTMLRenderer(parseTree, options) {
-    _classCallCheck(this, HTMLRenderer);
-    this.buffer = "";
-    this.classPrefix = options.classPrefix;
-    parseTree.walk(this);
-  }
-
-  /**
-   * Adds texts to the output stream
-   *
-   * @param {string} text */
-  _createClass(HTMLRenderer, [{
-    key: "addText",
-    value: function addText(text) {
-      this.buffer += escapeHTML(text);
-    }
-
-    /**
-     * Adds a node open to the output stream (if needed)
-     *
-     * @param {Node} node */
-  }, {
-    key: "openNode",
-    value: function openNode(node) {
-      if (!emitsWrappingTags(node)) return;
-      var className = node.kind;
-      if (!node.sublanguage) {
-        className = "".concat(this.classPrefix).concat(className);
-      }
-      this.span(className);
-    }
-
-    /**
-     * Adds a node close to the output stream (if needed)
-     *
-     * @param {Node} node */
-  }, {
-    key: "closeNode",
-    value: function closeNode(node) {
-      if (!emitsWrappingTags(node)) return;
-      this.buffer += SPAN_CLOSE;
-    }
-
-    /**
-     * returns the accumulated buffer
-    */
-  }, {
-    key: "value",
-    value: function value() {
-      return this.buffer;
-    }
-
-    // helpers
-
-    /**
-     * Builds a span element
-     *
-     * @param {string} className */
-  }, {
-    key: "span",
-    value: function span(className) {
-      this.buffer += "<span class=\"".concat(className, "\">");
-    }
-  }]);
-  return HTMLRenderer;
-}();
-/** @typedef {{kind?: string, sublanguage?: boolean, children: Node[]} | string} Node */
-/** @typedef {{kind?: string, sublanguage?: boolean, children: Node[]} } DataNode */
-/**  */
-var TokenTree = /*#__PURE__*/function () {
-  "use strict";
-
-  function TokenTree() {
-    _classCallCheck(this, TokenTree);
-    /** @type DataNode */
-    this.rootNode = {
-      children: []
-    };
-    this.stack = [this.rootNode];
-  }
-  _createClass(TokenTree, [{
-    key: "top",
-    get: function get() {
-      return this.stack[this.stack.length - 1];
-    }
-  }, {
-    key: "root",
-    get: function get() {
-      return this.rootNode;
-    }
-
-    /** @param {Node} node */
-  }, {
-    key: "add",
-    value: function add(node) {
-      this.top.children.push(node);
-    }
-
-    /** @param {string} kind */
-  }, {
-    key: "openNode",
-    value: function openNode(kind) {
-      /** @type Node */
-      var node = {
-        kind: kind,
-        children: []
-      };
-      this.add(node);
-      this.stack.push(node);
-    }
-  }, {
-    key: "closeNode",
-    value: function closeNode() {
-      if (this.stack.length > 1) {
-        return this.stack.pop();
-      }
-      // eslint-disable-next-line no-undefined
-      return undefined;
-    }
-  }, {
-    key: "closeAllNodes",
-    value: function closeAllNodes() {
-      while (this.closeNode());
-    }
-  }, {
-    key: "toJSON",
-    value: function toJSON() {
-      return JSON.stringify(this.rootNode, null, 4);
-    }
-
-    /**
-     * @typedef { import("./html_renderer").Renderer } Renderer
-     * @param {Renderer} builder
-     */
-  }, {
-    key: "walk",
-    value: function walk(builder) {
-      // this does not
-      return this.constructor._walk(builder, this.rootNode);
-      // this works
-      // return TokenTree._walk(builder, this.rootNode);
-    }
-
-    /**
-     * @param {Renderer} builder
-     * @param {Node} node
-     */
-  }], [{
-    key: "_walk",
-    value: function _walk(builder, node) {
-      var _this = this;
-      if (typeof node === "string") {
-        builder.addText(node);
-      } else if (node.children) {
-        builder.openNode(node);
-        node.children.forEach(function (child) {
-          return _this._walk(builder, child);
-        });
-        builder.closeNode(node);
-      }
-      return builder;
-    }
-
-    /**
-     * @param {Node} node
-     */
-  }, {
-    key: "_collapse",
-    value: function _collapse(node) {
-      if (typeof node === "string") return;
-      if (!node.children) return;
-      if (node.children.every(function (el) {
-        return typeof el === "string";
-      })) {
-        // node.text = node.children.join("");
-        // delete node.children;
-        node.children = [node.children.join("")];
-      } else {
-        node.children.forEach(function (child) {
-          TokenTree._collapse(child);
-        });
-      }
-    }
-  }]);
-  return TokenTree;
-}();
-/**
-  Currently this is all private API, but this is the minimal API necessary
-  that an Emitter must implement to fully support the parser.
-
-  Minimal interface:
-
-  - addKeyword(text, kind)
-  - addText(text)
-  - addSublanguage(emitter, subLanguageName)
-  - finalize()
-  - openNode(kind)
-  - closeNode()
-  - closeAllNodes()
-  - toHTML()
-
-*/
-/**
- * @implements {Emitter}
- */
-var TokenTreeEmitter = /*#__PURE__*/function (_TokenTree) {
-  "use strict";
-
-  _inherits(TokenTreeEmitter, _TokenTree);
-  var _super = _createSuper(TokenTreeEmitter);
-  /**
-   * @param {*} options
-   */
-  function TokenTreeEmitter(options) {
-    var _this2;
-    _classCallCheck(this, TokenTreeEmitter);
-    _this2 = _super.call(this);
-    _this2.options = options;
-    return _this2;
-  }
-
-  /**
-   * @param {string} text
-   * @param {string} kind
-   */
-  _createClass(TokenTreeEmitter, [{
-    key: "addKeyword",
-    value: function addKeyword(text, kind) {
-      if (text === "") {
-        return;
-      }
-      this.openNode(kind);
-      this.addText(text);
-      this.closeNode();
-    }
-
-    /**
-     * @param {string} text
-     */
-  }, {
-    key: "addText",
-    value: function addText(text) {
-      if (text === "") {
-        return;
-      }
-      this.add(text);
-    }
-
-    /**
-     * @param {Emitter & {root: DataNode}} emitter
-     * @param {string} name
-     */
-  }, {
-    key: "addSublanguage",
-    value: function addSublanguage(emitter, name) {
-      /** @type DataNode */
-      var node = emitter.root;
-      node.kind = name;
-      node.sublanguage = true;
-      this.add(node);
-    }
-  }, {
-    key: "toHTML",
-    value: function toHTML() {
-      var renderer = new HTMLRenderer(this, this.options);
-      return renderer.value();
-    }
-  }, {
-    key: "finalize",
-    value: function finalize() {
-      return true;
-    }
-  }]);
-  return TokenTreeEmitter;
-}(TokenTree);
-/**
- * @param {string} value
- * @returns {RegExp}
- * */
-function escape(value) {
-  return new RegExp(value.replace(/[-/\\^$*+?.()|[\]{}]/g, '\\$&'), 'm');
-}
-
-/**
- * @param {RegExp | string } re
- * @returns {string}
- */
-function source(re) {
-  if (!re) return null;
-  if (typeof re === "string") return re;
-  return re.source;
-}
-
-/**
- * @param {...(RegExp | string) } args
- * @returns {string}
- */
-function concat() {
-  for (var _len2 = arguments.length, args = new Array(_len2), _key3 = 0; _key3 < _len2; _key3++) {
-    args[_key3] = arguments[_key3];
-  }
-  var joined = args.map(function (x) {
-    return source(x);
-  }).join("");
-  return joined;
-}
-
-/**
- * Any of the passed expresssions may match
- *
- * Creates a huge this | this | that | that match
- * @param {(RegExp | string)[] } args
- * @returns {string}
- */
-function either() {
-  for (var _len3 = arguments.length, args = new Array(_len3), _key4 = 0; _key4 < _len3; _key4++) {
-    args[_key4] = arguments[_key4];
-  }
-  var joined = '(' + args.map(function (x) {
-    return source(x);
-  }).join("|") + ")";
-  return joined;
-}
-
-/**
- * @param {RegExp} re
- * @returns {number}
- */
-function countMatchGroups(re) {
-  return new RegExp(re.toString() + '|').exec('').length - 1;
-}
-
-/**
- * Does lexeme start with a regular expression match at the beginning
- * @param {RegExp} re
- * @param {string} lexeme
- */
-function startsWith(re, lexeme) {
-  var match = re && re.exec(lexeme);
-  return match && match.index === 0;
-}
-
-// BACKREF_RE matches an open parenthesis or backreference. To avoid
-// an incorrect parse, it additionally matches the following:
-// - [...] elements, where the meaning of parentheses and escapes change
-// - other escape sequences, so we do not misparse escape sequences as
-//   interesting elements
-// - non-matching or lookahead parentheses, which do not capture. These
-//   follow the '(' with a '?'.
-var BACKREF_RE = /\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./;
-
-// join logically computes regexps.join(separator), but fixes the
-// backreferences so they continue to match.
-// it also places each individual regular expression into it's own
-// match group, keeping track of the sequencing of those match groups
-// is currently an exercise for the caller. :-)
-/**
- * @param {(string | RegExp)[]} regexps
- * @param {string} separator
- * @returns {string}
- */
-function join(regexps) {
-  var separator = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "|";
-  var numCaptures = 0;
-  return regexps.map(function (regex) {
-    numCaptures += 1;
-    var offset = numCaptures;
-    var re = source(regex);
-    var out = '';
-    while (re.length > 0) {
-      var match = BACKREF_RE.exec(re);
-      if (!match) {
-        out += re;
-        break;
-      }
-      out += re.substring(0, match.index);
-      re = re.substring(match.index + match[0].length);
-      if (match[0][0] === '\\' && match[1]) {
-        // Adjust the backreference.
-        out += '\\' + String(Number(match[1]) + offset);
-      } else {
-        out += match[0];
-        if (match[0] === '(') {
-          numCaptures++;
-        }
-      }
-    }
-    return out;
-  }).map(function (re) {
-    return "(".concat(re, ")");
-  }).join(separator);
-}
-
-// Common regexps
-var MATCH_NOTHING_RE = /\b\B/;
-var IDENT_RE = '[a-zA-Z]\\w*';
-var UNDERSCORE_IDENT_RE = '[a-zA-Z_]\\w*';
-var NUMBER_RE = '\\b\\d+(\\.\\d+)?';
-var C_NUMBER_RE = '(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)'; // 0x..., 0..., decimal, float
-var BINARY_NUMBER_RE = '\\b(0b[01]+)'; // 0b...
-var RE_STARTERS_RE = '!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~';
-
-/**
-* @param { Partial<Mode> & {binary?: string | RegExp} } opts
-*/
-var SHEBANG = function SHEBANG() {
-  var opts = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var beginShebang = /^#![ ]*\//;
-  if (opts.binary) {
-    opts.begin = concat(beginShebang, /.*\b/, opts.binary, /\b.*/);
-  }
-  return inherit({
-    className: 'meta',
-    begin: beginShebang,
-    end: /$/,
-    relevance: 0,
-    /** @type {ModeCallback} */
-    "on:begin": function onBegin(m, resp) {
-      if (m.index !== 0) resp.ignoreMatch();
-    }
-  }, opts);
-};
-
-// Common modes
-var BACKSLASH_ESCAPE = {
-  begin: '\\\\[\\s\\S]',
-  relevance: 0
-};
-var APOS_STRING_MODE = {
-  className: 'string',
-  begin: '\'',
-  end: '\'',
-  illegal: '\\n',
-  contains: [BACKSLASH_ESCAPE]
-};
-var QUOTE_STRING_MODE = {
-  className: 'string',
-  begin: '"',
-  end: '"',
-  illegal: '\\n',
-  contains: [BACKSLASH_ESCAPE]
-};
-var PHRASAL_WORDS_MODE = {
-  begin: /\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/
-};
-/**
- * Creates a comment mode
- *
- * @param {string | RegExp} begin
- * @param {string | RegExp} end
- * @param {Mode | {}} [modeOptions]
- * @returns {Partial<Mode>}
- */
-var COMMENT = function COMMENT(begin, end) {
-  var modeOptions = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
-  var mode = inherit({
-    className: 'comment',
-    begin: begin,
-    end: end,
-    contains: []
-  }, modeOptions);
-  mode.contains.push(PHRASAL_WORDS_MODE);
-  mode.contains.push({
-    className: 'doctag',
-    begin: '(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):',
-    relevance: 0
-  });
-  return mode;
-};
-var C_LINE_COMMENT_MODE = COMMENT('//', '$');
-var C_BLOCK_COMMENT_MODE = COMMENT('/\\*', '\\*/');
-var HASH_COMMENT_MODE = COMMENT('#', '$');
-var NUMBER_MODE = {
-  className: 'number',
-  begin: NUMBER_RE,
-  relevance: 0
-};
-var C_NUMBER_MODE = {
-  className: 'number',
-  begin: C_NUMBER_RE,
-  relevance: 0
-};
-var BINARY_NUMBER_MODE = {
-  className: 'number',
-  begin: BINARY_NUMBER_RE,
-  relevance: 0
-};
-var CSS_NUMBER_MODE = {
-  className: 'number',
-  begin: NUMBER_RE + '(' + '%|em|ex|ch|rem' + '|vw|vh|vmin|vmax' + '|cm|mm|in|pt|pc|px' + '|deg|grad|rad|turn' + '|s|ms' + '|Hz|kHz' + '|dpi|dpcm|dppx' + ')?',
-  relevance: 0
-};
-var REGEXP_MODE = {
-  // this outer rule makes sure we actually have a WHOLE regex and not simply
-  // an expression such as:
-  //
-  //     3 / something
-  //
-  // (which will then blow up when regex's `illegal` sees the newline)
-  begin: /(?=\/[^/\n]*\/)/,
-  contains: [{
-    className: 'regexp',
-    begin: /\//,
-    end: /\/[gimuy]*/,
-    illegal: /\n/,
-    contains: [BACKSLASH_ESCAPE, {
-      begin: /\[/,
-      end: /\]/,
-      relevance: 0,
-      contains: [BACKSLASH_ESCAPE]
-    }]
-  }]
-};
-var TITLE_MODE = {
-  className: 'title',
-  begin: IDENT_RE,
-  relevance: 0
-};
-var UNDERSCORE_TITLE_MODE = {
-  className: 'title',
-  begin: UNDERSCORE_IDENT_RE,
-  relevance: 0
-};
-var METHOD_GUARD = {
-  // excludes method names from keyword processing
-  begin: '\\.\\s*' + UNDERSCORE_IDENT_RE,
-  relevance: 0
-};
-
-/**
- * Adds end same as begin mechanics to a mode
- *
- * Your mode must include at least a single () match group as that first match
- * group is what is used for comparison
- * @param {Partial<Mode>} mode
- */
-var END_SAME_AS_BEGIN = function END_SAME_AS_BEGIN(mode) {
-  return Object.assign(mode, {
-    /** @type {ModeCallback} */
-    'on:begin': function onBegin(m, resp) {
-      resp.data._beginMatch = m[1];
-    },
-    /** @type {ModeCallback} */
-    'on:end': function onEnd(m, resp) {
-      if (resp.data._beginMatch !== m[1]) resp.ignoreMatch();
-    }
-  });
-};
-var MODES = /*#__PURE__*/Object.freeze({
-  __proto__: null,
-  MATCH_NOTHING_RE: MATCH_NOTHING_RE,
-  IDENT_RE: IDENT_RE,
-  UNDERSCORE_IDENT_RE: UNDERSCORE_IDENT_RE,
-  NUMBER_RE: NUMBER_RE,
-  C_NUMBER_RE: C_NUMBER_RE,
-  BINARY_NUMBER_RE: BINARY_NUMBER_RE,
-  RE_STARTERS_RE: RE_STARTERS_RE,
-  SHEBANG: SHEBANG,
-  BACKSLASH_ESCAPE: BACKSLASH_ESCAPE,
-  APOS_STRING_MODE: APOS_STRING_MODE,
-  QUOTE_STRING_MODE: QUOTE_STRING_MODE,
-  PHRASAL_WORDS_MODE: PHRASAL_WORDS_MODE,
-  COMMENT: COMMENT,
-  C_LINE_COMMENT_MODE: C_LINE_COMMENT_MODE,
-  C_BLOCK_COMMENT_MODE: C_BLOCK_COMMENT_MODE,
-  HASH_COMMENT_MODE: HASH_COMMENT_MODE,
-  NUMBER_MODE: NUMBER_MODE,
-  C_NUMBER_MODE: C_NUMBER_MODE,
-  BINARY_NUMBER_MODE: BINARY_NUMBER_MODE,
-  CSS_NUMBER_MODE: CSS_NUMBER_MODE,
-  REGEXP_MODE: REGEXP_MODE,
-  TITLE_MODE: TITLE_MODE,
-  UNDERSCORE_TITLE_MODE: UNDERSCORE_TITLE_MODE,
-  METHOD_GUARD: METHOD_GUARD,
-  END_SAME_AS_BEGIN: END_SAME_AS_BEGIN
-});
-
-// Grammar extensions / plugins
-// See: https://github.com/highlightjs/highlight.js/issues/2833
-
-// Grammar extensions allow "syntactic sugar" to be added to the grammar modes
-// without requiring any underlying changes to the compiler internals.
-
-// `compileMatch` being the perfect small example of now allowing a grammar
-// author to write `match` when they desire to match a single expression rather
-// than being forced to use `begin`.  The extension then just moves `match` into
-// `begin` when it runs.  Ie, no features have been added, but we've just made
-// the experience of writing (and reading grammars) a little bit nicer.
-
-// ------
-
-// TODO: We need negative look-behind support to do this properly
-/**
- * Skip a match if it has a preceding dot
- *
- * This is used for `beginKeywords` to prevent matching expressions such as
- * `bob.keyword.do()`. The mode compiler automatically wires this up as a
- * special _internal_ 'on:begin' callback for modes with `beginKeywords`
- * @param {RegExpMatchArray} match
- * @param {CallbackResponse} response
- */
-function skipIfhasPrecedingDot(match, response) {
-  var before = match.input[match.index - 1];
-  if (before === ".") {
-    response.ignoreMatch();
-  }
-}
-
-/**
- * `beginKeywords` syntactic sugar
- * @type {CompilerExt}
- */
-function beginKeywords(mode, parent) {
-  if (!parent) return;
-  if (!mode.beginKeywords) return;
-
-  // for languages with keywords that include non-word characters checking for
-  // a word boundary is not sufficient, so instead we check for a word boundary
-  // or whitespace - this does no harm in any case since our keyword engine
-  // doesn't allow spaces in keywords anyways and we still check for the boundary
-  // first
-  mode.begin = '\\b(' + mode.beginKeywords.split(' ').join('|') + ')(?!\\.)(?=\\b|\\s)';
-  mode.__beforeBegin = skipIfhasPrecedingDot;
-  mode.keywords = mode.keywords || mode.beginKeywords;
-  delete mode.beginKeywords;
-
-  // prevents double relevance, the keywords themselves provide
-  // relevance, the mode doesn't need to double it
-  // eslint-disable-next-line no-undefined
-  if (mode.relevance === undefined) mode.relevance = 0;
-}
-
-/**
- * Allow `illegal` to contain an array of illegal values
- * @type {CompilerExt}
- */
-function compileIllegal(mode, _parent) {
-  if (!Array.isArray(mode.illegal)) return;
-  mode.illegal = either.apply(void 0, _toConsumableArray(mode.illegal));
-}
-
-/**
- * `match` to match a single expression for readability
- * @type {CompilerExt}
- */
-function compileMatch(mode, _parent) {
-  if (!mode.match) return;
-  if (mode.begin || mode.end) throw new Error("begin & end are not supported with match");
-  mode.begin = mode.match;
-  delete mode.match;
-}
-
-/**
- * provides the default 1 relevance to all modes
- * @type {CompilerExt}
- */
-function compileRelevance(mode, _parent) {
-  // eslint-disable-next-line no-undefined
-  if (mode.relevance === undefined) mode.relevance = 1;
-}
-
-// keywords that should have no default relevance value
-var COMMON_KEYWORDS = ['of', 'and', 'for', 'in', 'not', 'or', 'if', 'then', 'parent',
-// common variable name
-'list',
-// common variable name
-'value' // common variable name
-];
-
-var DEFAULT_KEYWORD_CLASSNAME = "keyword";
-
-/**
- * Given raw keywords from a language definition, compile them.
- *
- * @param {string | Record<string,string|string[]> | Array<string>} rawKeywords
- * @param {boolean} caseInsensitive
- */
-function compileKeywords(rawKeywords, caseInsensitive) {
-  var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : DEFAULT_KEYWORD_CLASSNAME;
-  /** @type KeywordDict */
-  var compiledKeywords = {};
-
-  // input can be a string of keywords, an array of keywords, or a object with
-  // named keys representing className (which can then point to a string or array)
-  if (typeof rawKeywords === 'string') {
-    compileList(className, rawKeywords.split(" "));
-  } else if (Array.isArray(rawKeywords)) {
-    compileList(className, rawKeywords);
-  } else {
-    Object.keys(rawKeywords).forEach(function (className) {
-      // collapse all our objects back into the parent object
-      Object.assign(compiledKeywords, compileKeywords(rawKeywords[className], caseInsensitive, className));
-    });
-  }
-  return compiledKeywords;
-
-  // ---
-
-  /**
-   * Compiles an individual list of keywords
-   *
-   * Ex: "for if when while|5"
-   *
-   * @param {string} className
-   * @param {Array<string>} keywordList
-   */
-  function compileList(className, keywordList) {
-    if (caseInsensitive) {
-      keywordList = keywordList.map(function (x) {
-        return x.toLowerCase();
-      });
-    }
-    keywordList.forEach(function (keyword) {
-      var pair = keyword.split('|');
-      compiledKeywords[pair[0]] = [className, scoreForKeyword(pair[0], pair[1])];
-    });
-  }
-}
-
-/**
- * Returns the proper score for a given keyword
- *
- * Also takes into account comment keywords, which will be scored 0 UNLESS
- * another score has been manually assigned.
- * @param {string} keyword
- * @param {string} [providedScore]
- */
-function scoreForKeyword(keyword, providedScore) {
-  // manual scores always win over common keywords
-  // so you can force a score of 1 if you really insist
-  if (providedScore) {
-    return Number(providedScore);
-  }
-  return commonKeyword(keyword) ? 0 : 1;
-}
-
-/**
- * Determines if a given keyword is common or not
- *
- * @param {string} keyword */
-function commonKeyword(keyword) {
-  return COMMON_KEYWORDS.includes(keyword.toLowerCase());
-}
-
-// compilation
-
-/**
- * Compiles a language definition result
- *
- * Given the raw result of a language definition (Language), compiles this so
- * that it is ready for highlighting code.
- * @param {Language} language
- * @param {{plugins: HLJSPlugin[]}} opts
- * @returns {CompiledLanguage}
- */
-function compileLanguage(language, _ref) {
-  var plugins = _ref.plugins;
-  /**
-   * Builds a regex with the case sensativility of the current language
-   *
-   * @param {RegExp | string} value
-   * @param {boolean} [global]
-   */
-  function langRe(value, global) {
-    return new RegExp(source(value), 'm' + (language.case_insensitive ? 'i' : '') + (global ? 'g' : ''));
-  }
-
-  /**
-    Stores multiple regular expressions and allows you to quickly search for
-    them all in a string simultaneously - returning the first match.  It does
-    this by creating a huge (a|b|c) regex - each individual item wrapped with ()
-    and joined by `|` - using match groups to track position.  When a match is
-    found checking which position in the array has content allows us to figure
-    out which of the original regexes / match groups triggered the match.
-     The match object itself (the result of `Regex.exec`) is returned but also
-    enhanced by merging in any meta-data that was registered with the regex.
-    This is how we keep track of which mode matched, and what type of rule
-    (`illegal`, `begin`, end, etc).
-  */
-  var MultiRegex = /*#__PURE__*/function () {
-    "use strict";
-
-    function MultiRegex() {
-      _classCallCheck(this, MultiRegex);
-      this.matchIndexes = {};
-      // @ts-ignore
-      this.regexes = [];
-      this.matchAt = 1;
-      this.position = 0;
-    }
-
-    // @ts-ignore
-    _createClass(MultiRegex, [{
-      key: "addRule",
-      value: function addRule(re, opts) {
-        opts.position = this.position++;
-        // @ts-ignore
-        this.matchIndexes[this.matchAt] = opts;
-        this.regexes.push([opts, re]);
-        this.matchAt += countMatchGroups(re) + 1;
-      }
-    }, {
-      key: "compile",
-      value: function compile() {
-        if (this.regexes.length === 0) {
-          // avoids the need to check length every time exec is called
-          // @ts-ignore
-          this.exec = function () {
-            return null;
-          };
-        }
-        var terminators = this.regexes.map(function (el) {
-          return el[1];
-        });
-        this.matcherRe = langRe(join(terminators), true);
-        this.lastIndex = 0;
-      }
-
-      /** @param {string} s */
-    }, {
-      key: "exec",
-      value: function exec(s) {
-        this.matcherRe.lastIndex = this.lastIndex;
-        var match = this.matcherRe.exec(s);
-        if (!match) {
-          return null;
-        }
-
-        // eslint-disable-next-line no-undefined
-        var i = match.findIndex(function (el, i) {
-          return i > 0 && el !== undefined;
-        });
-        // @ts-ignore
-        var matchData = this.matchIndexes[i];
-        // trim off any earlier non-relevant match groups (ie, the other regex
-        // match groups that make up the multi-matcher)
-        match.splice(0, i);
-        return Object.assign(match, matchData);
-      }
-    }]);
-    return MultiRegex;
-  }();
-  /*
-    Created to solve the key deficiently with MultiRegex - there is no way to
-    test for multiple matches at a single location.  Why would we need to do
-    that?  In the future a more dynamic engine will allow certain matches to be
-    ignored.  An example: if we matched say the 3rd regex in a large group but
-    decided to ignore it - we'd need to started testing again at the 4th
-    regex... but MultiRegex itself gives us no real way to do that.
-     So what this class creates MultiRegexs on the fly for whatever search
-    position they are needed.
-     NOTE: These additional MultiRegex objects are created dynamically.  For most
-    grammars most of the time we will never actually need anything more than the
-    first MultiRegex - so this shouldn't have too much overhead.
-     Say this is our search group, and we match regex3, but wish to ignore it.
-       regex1 | regex2 | regex3 | regex4 | regex5    ' ie, startAt = 0
-     What we need is a new MultiRegex that only includes the remaining
-    possibilities:
-       regex4 | regex5                               ' ie, startAt = 3
-     This class wraps all that complexity up in a simple API... `startAt` decides
-    where in the array of expressions to start doing the matching. It
-    auto-increments, so if a match is found at position 2, then startAt will be
-    set to 3.  If the end is reached startAt will return to 0.
-     MOST of the time the parser will be setting startAt manually to 0.
-  */
-  var ResumableMultiRegex = /*#__PURE__*/function () {
-    "use strict";
-
-    function ResumableMultiRegex() {
-      _classCallCheck(this, ResumableMultiRegex);
-      // @ts-ignore
-      this.rules = [];
-      // @ts-ignore
-      this.multiRegexes = [];
-      this.count = 0;
-      this.lastIndex = 0;
-      this.regexIndex = 0;
-    }
-
-    // @ts-ignore
-    _createClass(ResumableMultiRegex, [{
-      key: "getMatcher",
-      value: function getMatcher(index) {
-        if (this.multiRegexes[index]) return this.multiRegexes[index];
-        var matcher = new MultiRegex();
-        this.rules.slice(index).forEach(function (_ref2) {
-          var _ref3 = _slicedToArray(_ref2, 2),
-            re = _ref3[0],
-            opts = _ref3[1];
-          return matcher.addRule(re, opts);
-        });
-        matcher.compile();
-        this.multiRegexes[index] = matcher;
-        return matcher;
-      }
-    }, {
-      key: "resumingScanAtSamePosition",
-      value: function resumingScanAtSamePosition() {
-        return this.regexIndex !== 0;
-      }
-    }, {
-      key: "considerAll",
-      value: function considerAll() {
-        this.regexIndex = 0;
-      }
-
-      // @ts-ignore
-    }, {
-      key: "addRule",
-      value: function addRule(re, opts) {
-        this.rules.push([re, opts]);
-        if (opts.type === "begin") this.count++;
-      }
-
-      /** @param {string} s */
-    }, {
-      key: "exec",
-      value: function exec(s) {
-        var m = this.getMatcher(this.regexIndex);
-        m.lastIndex = this.lastIndex;
-        var result = m.exec(s);
-
-        // The following is because we have no easy way to say "resume scanning at the
-        // existing position but also skip the current rule ONLY". What happens is
-        // all prior rules are also skipped which can result in matching the wrong
-        // thing. Example of matching "booger":
-
-        // our matcher is [string, "booger", number]
-        //
-        // ....booger....
-
-        // if "booger" is ignored then we'd really need a regex to scan from the
-        // SAME position for only: [string, number] but ignoring "booger" (if it
-        // was the first match), a simple resume would scan ahead who knows how
-        // far looking only for "number", ignoring potential string matches (or
-        // future "booger" matches that might be valid.)
-
-        // So what we do: We execute two matchers, one resuming at the same
-        // position, but the second full matcher starting at the position after:
-
-        //     /--- resume first regex match here (for [number])
-        //     |/---- full match here for [string, "booger", number]
-        //     vv
-        // ....booger....
-
-        // Which ever results in a match first is then used. So this 3-4 step
-        // process essentially allows us to say "match at this position, excluding
-        // a prior rule that was ignored".
-        //
-        // 1. Match "booger" first, ignore. Also proves that [string] does non match.
-        // 2. Resume matching for [number]
-        // 3. Match at index + 1 for [string, "booger", number]
-        // 4. If #2 and #3 result in matches, which came first?
-        if (this.resumingScanAtSamePosition()) {
-          if (result && result.index === this.lastIndex) ;else {
-            // use the second matcher result
-            var m2 = this.getMatcher(0);
-            m2.lastIndex = this.lastIndex + 1;
-            result = m2.exec(s);
-          }
-        }
-        if (result) {
-          this.regexIndex += result.position + 1;
-          if (this.regexIndex === this.count) {
-            // wrap-around to considering all matches again
-            this.considerAll();
-          }
-        }
-        return result;
-      }
-    }]);
-    return ResumableMultiRegex;
-  }();
-  /**
-   * Given a mode, builds a huge ResumableMultiRegex that can be used to walk
-   * the content and find matches.
-   *
-   * @param {CompiledMode} mode
-   * @returns {ResumableMultiRegex}
-   */
-  function buildModeRegex(mode) {
-    var mm = new ResumableMultiRegex();
-    mode.contains.forEach(function (term) {
-      return mm.addRule(term.begin, {
-        rule: term,
-        type: "begin"
-      });
-    });
-    if (mode.terminatorEnd) {
-      mm.addRule(mode.terminatorEnd, {
-        type: "end"
-      });
-    }
-    if (mode.illegal) {
-      mm.addRule(mode.illegal, {
-        type: "illegal"
-      });
-    }
-    return mm;
-  }
-
-  /** skip vs abort vs ignore
-   *
-   * @skip   - The mode is still entered and exited normally (and contains rules apply),
-   *           but all content is held and added to the parent buffer rather than being
-   *           output when the mode ends.  Mostly used with `sublanguage` to build up
-   *           a single large buffer than can be parsed by sublanguage.
-   *
-   *             - The mode begin ands ends normally.
-   *             - Content matched is added to the parent mode buffer.
-   *             - The parser cursor is moved forward normally.
-   *
-   * @abort  - A hack placeholder until we have ignore.  Aborts the mode (as if it
-   *           never matched) but DOES NOT continue to match subsequent `contains`
-   *           modes.  Abort is bad/suboptimal because it can result in modes
-   *           farther down not getting applied because an earlier rule eats the
-   *           content but then aborts.
-   *
-   *             - The mode does not begin.
-   *             - Content matched by `begin` is added to the mode buffer.
-   *             - The parser cursor is moved forward accordingly.
-   *
-   * @ignore - Ignores the mode (as if it never matched) and continues to match any
-   *           subsequent `contains` modes.  Ignore isn't technically possible with
-   *           the current parser implementation.
-   *
-   *             - The mode does not begin.
-   *             - Content matched by `begin` is ignored.
-   *             - The parser cursor is not moved forward.
-   */
-
-  /**
-   * Compiles an individual mode
-   *
-   * This can raise an error if the mode contains certain detectable known logic
-   * issues.
-   * @param {Mode} mode
-   * @param {CompiledMode | null} [parent]
-   * @returns {CompiledMode | never}
-   */
-  function compileMode(mode, parent) {
-    var _ref4;
-    var cmode = /** @type CompiledMode */mode;
-    if (mode.isCompiled) return cmode;
-    [
-    // do this early so compiler extensions generally don't have to worry about
-    // the distinction between match/begin
-    compileMatch].forEach(function (ext) {
-      return ext(mode, parent);
-    });
-    language.compilerExtensions.forEach(function (ext) {
-      return ext(mode, parent);
-    });
-
-    // __beforeBegin is considered private API, internal use only
-    mode.__beforeBegin = null;
-    [beginKeywords,
-    // do this later so compiler extensions that come earlier have access to the
-    // raw array if they wanted to perhaps manipulate it, etc.
-    compileIllegal,
-    // default to 1 relevance if not specified
-    compileRelevance].forEach(function (ext) {
-      return ext(mode, parent);
-    });
-    mode.isCompiled = true;
-    var keywordPattern = null;
-    if (typeof mode.keywords === "object") {
-      keywordPattern = mode.keywords.$pattern;
-      delete mode.keywords.$pattern;
-    }
-    if (mode.keywords) {
-      mode.keywords = compileKeywords(mode.keywords, language.case_insensitive);
-    }
-
-    // both are not allowed
-    if (mode.lexemes && keywordPattern) {
-      throw new Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");
-    }
-
-    // `mode.lexemes` was the old standard before we added and now recommend
-    // using `keywords.$pattern` to pass the keyword pattern
-    keywordPattern = keywordPattern || mode.lexemes || /\w+/;
-    cmode.keywordPatternRe = langRe(keywordPattern, true);
-    if (parent) {
-      if (!mode.begin) mode.begin = /\B|\b/;
-      cmode.beginRe = langRe(mode.begin);
-      if (mode.endSameAsBegin) mode.end = mode.begin;
-      if (!mode.end && !mode.endsWithParent) mode.end = /\B|\b/;
-      if (mode.end) cmode.endRe = langRe(mode.end);
-      cmode.terminatorEnd = source(mode.end) || '';
-      if (mode.endsWithParent && parent.terminatorEnd) {
-        cmode.terminatorEnd += (mode.end ? '|' : '') + parent.terminatorEnd;
-      }
-    }
-    if (mode.illegal) cmode.illegalRe = langRe( /** @type {RegExp | string} */mode.illegal);
-    if (!mode.contains) mode.contains = [];
-    mode.contains = (_ref4 = []).concat.apply(_ref4, _toConsumableArray(mode.contains.map(function (c) {
-      return expandOrCloneMode(c === 'self' ? mode : c);
-    })));
-    mode.contains.forEach(function (c) {
-      compileMode( /** @type Mode */c, cmode);
-    });
-    if (mode.starts) {
-      compileMode(mode.starts, parent);
-    }
-    cmode.matcher = buildModeRegex(cmode);
-    return cmode;
-  }
-  if (!language.compilerExtensions) language.compilerExtensions = [];
-
-  // self is not valid at the top-level
-  if (language.contains && language.contains.includes('self')) {
-    throw new Error("ERR: contains `self` is not supported at the top-level of a language.  See documentation.");
-  }
-
-  // we need a null object, which inherit will guarantee
-  language.classNameAliases = inherit(language.classNameAliases || {});
-  return compileMode( /** @type Mode */language);
-}
-
-/**
- * Determines if a mode has a dependency on it's parent or not
- *
- * If a mode does have a parent dependency then often we need to clone it if
- * it's used in multiple places so that each copy points to the correct parent,
- * where-as modes without a parent can often safely be re-used at the bottom of
- * a mode chain.
- *
- * @param {Mode | null} mode
- * @returns {boolean} - is there a dependency on the parent?
- * */
-function dependencyOnParent(mode) {
-  if (!mode) return false;
-  return mode.endsWithParent || dependencyOnParent(mode.starts);
-}
-
-/**
- * Expands a mode or clones it if necessary
- *
- * This is necessary for modes with parental dependenceis (see notes on
- * `dependencyOnParent`) and for nodes that have `variants` - which must then be
- * exploded into their own individual modes at compile time.
- *
- * @param {Mode} mode
- * @returns {Mode | Mode[]}
- * */
-function expandOrCloneMode(mode) {
-  if (mode.variants && !mode.cachedVariants) {
-    mode.cachedVariants = mode.variants.map(function (variant) {
-      return inherit(mode, {
-        variants: null
-      }, variant);
-    });
-  }
-
-  // EXPAND
-  // if we have variants then essentially "replace" the mode with the variants
-  // this happens in compileMode, where this function is called from
-  if (mode.cachedVariants) {
-    return mode.cachedVariants;
-  }
-
-  // CLONE
-  // if we have dependencies on parents then we need a unique
-  // instance of ourselves, so we can be reused with many
-  // different parents without issue
-  if (dependencyOnParent(mode)) {
-    return inherit(mode, {
-      starts: mode.starts ? inherit(mode.starts) : null
-    });
-  }
-  if (Object.isFrozen(mode)) {
-    return inherit(mode);
-  }
-
-  // no special dependency issues, just return ourselves
-  return mode;
-}
-var version = "10.7.3";
-
-// @ts-nocheck
-
-function hasValueOrEmptyAttribute(value) {
-  return Boolean(value || value === "");
-}
-function BuildVuePlugin(hljs) {
-  var Component = {
-    props: ["language", "code", "autodetect"],
-    data: function data() {
-      return {
-        detectedLanguage: "",
-        unknownLanguage: false
-      };
-    },
-    computed: {
-      className: function className() {
-        if (this.unknownLanguage) return "";
-        return "hljs " + this.detectedLanguage;
-      },
-      highlighted: function highlighted() {
-        // no idea what language to use, return raw code
-        if (!this.autoDetect && !hljs.getLanguage(this.language)) {
-          console.warn("The language \"".concat(this.language, "\" you specified could not be found."));
-          this.unknownLanguage = true;
-          return escapeHTML(this.code);
-        }
-        var result = {};
-        if (this.autoDetect) {
-          result = hljs.highlightAuto(this.code);
-          this.detectedLanguage = result.language;
-        } else {
-          result = hljs.highlight(this.language, this.code, this.ignoreIllegals);
-          this.detectedLanguage = this.language;
-        }
-        return result.value;
-      },
-      autoDetect: function autoDetect() {
-        return !this.language || hasValueOrEmptyAttribute(this.autodetect);
-      },
-      ignoreIllegals: function ignoreIllegals() {
-        return true;
-      }
-    },
-    // this avoids needing to use a whole Vue compilation pipeline just
-    // to build Highlight.js
-    render: function render(createElement) {
-      return createElement("pre", {}, [createElement("code", {
-        class: this.className,
-        domProps: {
-          innerHTML: this.highlighted
-        }
-      })]);
-    } // template: `<pre><code :class="className" v-html="highlighted"></code></pre>`
-  };
-  var VuePlugin = {
-    install: function install(Vue) {
-      Vue.component('highlightjs', Component);
-    }
-  };
-  return {
-    Component: Component,
-    VuePlugin: VuePlugin
-  };
-}
-
-/* plugin itself */
-
-/** @type {HLJSPlugin} */
-var mergeHTMLPlugin = {
-  "after:highlightElement": function afterHighlightElement(_ref5) {
-    var el = _ref5.el,
-      result = _ref5.result,
-      text = _ref5.text;
-    var originalStream = nodeStream(el);
-    if (!originalStream.length) return;
-    var resultNode = document.createElement('div');
-    resultNode.innerHTML = result.value;
-    result.value = mergeStreams(originalStream, nodeStream(resultNode), text);
-  }
-};
-
-/* Stream merging support functions */
-
-/**
- * @typedef Event
- * @property {'start'|'stop'} event
- * @property {number} offset
- * @property {Node} node
- */
-
-/**
- * @param {Node} node
- */
-function tag(node) {
-  return node.nodeName.toLowerCase();
-}
-
-/**
- * @param {Node} node
- */
-function nodeStream(node) {
-  /** @type Event[] */
-  var result = [];
-  (function _nodeStream(node, offset) {
-    for (var child = node.firstChild; child; child = child.nextSibling) {
-      if (child.nodeType === 3) {
-        offset += child.nodeValue.length;
-      } else if (child.nodeType === 1) {
-        result.push({
-          event: 'start',
-          offset: offset,
-          node: child
-        });
-        offset = _nodeStream(child, offset);
-        // Prevent void elements from having an end tag that would actually
-        // double them in the output. There are more void elements in HTML
-        // but we list only those realistically expected in code display.
-        if (!tag(child).match(/br|hr|img|input/)) {
-          result.push({
-            event: 'stop',
-            offset: offset,
-            node: child
-          });
-        }
-      }
-    }
-    return offset;
-  })(node, 0);
-  return result;
-}
-
-/**
- * @param {any} original - the original stream
- * @param {any} highlighted - stream of the highlighted source
- * @param {string} value - the original source itself
- */
-function mergeStreams(original, highlighted, value) {
-  var processed = 0;
-  var result = '';
-  var nodeStack = [];
-  function selectStream() {
-    if (!original.length || !highlighted.length) {
-      return original.length ? original : highlighted;
-    }
-    if (original[0].offset !== highlighted[0].offset) {
-      return original[0].offset < highlighted[0].offset ? original : highlighted;
-    }
-
-    /*
-    To avoid starting the stream just before it should stop the order is
-    ensured that original always starts first and closes last:
-     if (event1 == 'start' && event2 == 'start')
-      return original;
-    if (event1 == 'start' && event2 == 'stop')
-      return highlighted;
-    if (event1 == 'stop' && event2 == 'start')
-      return original;
-    if (event1 == 'stop' && event2 == 'stop')
-      return highlighted;
-     ... which is collapsed to:
-    */
-    return highlighted[0].event === 'start' ? original : highlighted;
-  }
-
-  /**
-   * @param {Node} node
-   */
-  function open(node) {
-    /** @param {Attr} attr */
-    function attributeString(attr) {
-      return ' ' + attr.nodeName + '="' + escapeHTML(attr.value) + '"';
-    }
-    // @ts-ignore
-    result += '<' + tag(node) + [].map.call(node.attributes, attributeString).join('') + '>';
-  }
-
-  /**
-   * @param {Node} node
-   */
-  function close(node) {
-    result += '</' + tag(node) + '>';
-  }
-
-  /**
-   * @param {Event} event
-   */
-  function render(event) {
-    (event.event === 'start' ? open : close)(event.node);
-  }
-  while (original.length || highlighted.length) {
-    var stream = selectStream();
-    result += escapeHTML(value.substring(processed, stream[0].offset));
-    processed = stream[0].offset;
-    if (stream === original) {
-      /*
-      On any opening or closing tag of the original markup we first close
-      the entire highlighted node stack, then render the original tag along
-      with all the following original tags at the same offset and then
-      reopen all the tags on the highlighted stack.
-      */
-      nodeStack.reverse().forEach(close);
-      do {
-        render(stream.splice(0, 1)[0]);
-        stream = selectStream();
-      } while (stream === original && stream.length && stream[0].offset === processed);
-      nodeStack.reverse().forEach(open);
-    } else {
-      if (stream[0].event === 'start') {
-        nodeStack.push(stream[0].node);
-      } else {
-        nodeStack.pop();
-      }
-      render(stream.splice(0, 1)[0]);
-    }
-  }
-  return result + escapeHTML(value.substr(processed));
-}
-
-/*
-
-For the reasoning behind this please see:
-https://github.com/highlightjs/highlight.js/issues/2880#issuecomment-747275419
-
-*/
-
-/**
- * @type {Record<string, boolean>}
- */
-var seenDeprecations = {};
-
-/**
- * @param {string} message
- */
-var error = function error(message) {
-  console.error(message);
-};
-
-/**
- * @param {string} message
- * @param {any} args
- */
-var warn = function warn(message) {
-  var _console;
-  for (var _len4 = arguments.length, args = new Array(_len4 > 1 ? _len4 - 1 : 0), _key5 = 1; _key5 < _len4; _key5++) {
-    args[_key5 - 1] = arguments[_key5];
-  }
-  (_console = console).log.apply(_console, ["WARN: ".concat(message)].concat(args));
-};
-
-/**
- * @param {string} version
- * @param {string} message
- */
-var deprecated = function deprecated(version, message) {
-  if (seenDeprecations["".concat(version, "/").concat(message)]) return;
-  console.log("Deprecated as of ".concat(version, ". ").concat(message));
-  seenDeprecations["".concat(version, "/").concat(message)] = true;
-};
-
-/*
-Syntax highlighting with language autodetection.
-https://highlightjs.org/
-*/
-
-var escape$1 = escapeHTML;
-var inherit$1 = inherit;
-var NO_MATCH = Symbol("nomatch");
-
-/**
- * @param {any} hljs - object that is extended (legacy)
- * @returns {HLJSApi}
- */
-var HLJS = function HLJS(hljs) {
-  // Global internal variables used within the highlight.js library.
-  /** @type {Record<string, Language>} */
-  var languages = Object.create(null);
-  /** @type {Record<string, string>} */
-  var aliases = Object.create(null);
-  /** @type {HLJSPlugin[]} */
-  var plugins = [];
-
-  // safe/production mode - swallows more errors, tries to keep running
-  // even if a single syntax or parse hits a fatal error
-  var SAFE_MODE = true;
-  var fixMarkupRe = /(^(<[^>]+>|\t|)+|\n)/gm;
-  var LANGUAGE_NOT_FOUND = "Could not find the language '{}', did you forget to load/include a language module?";
-  /** @type {Language} */
-  var PLAINTEXT_LANGUAGE = {
-    disableAutodetect: true,
-    name: 'Plain text',
-    contains: []
-  };
-
-  // Global options used when within external APIs. This is modified when
-  // calling the `hljs.configure` function.
-  /** @type HLJSOptions */
-  var options = {
-    noHighlightRe: /^(no-?highlight)$/i,
-    languageDetectRe: /\blang(?:uage)?-([\w-]+)\b/i,
-    classPrefix: 'hljs-',
-    tabReplace: null,
-    useBR: false,
-    languages: null,
-    // beta configuration options, subject to change, welcome to discuss
-    // https://github.com/highlightjs/highlight.js/issues/1086
-    __emitter: TokenTreeEmitter
-  };
-
-  /* Utility functions */
-
-  /**
-   * Tests a language name to see if highlighting should be skipped
-   * @param {string} languageName
-   */
-  function shouldNotHighlight(languageName) {
-    return options.noHighlightRe.test(languageName);
-  }
-
-  /**
-   * @param {HighlightedHTMLElement} block - the HTML element to determine language for
-   */
-  function blockLanguage(block) {
-    var classes = block.className + ' ';
-    classes += block.parentNode ? block.parentNode.className : '';
-
-    // language-* takes precedence over non-prefixed class names.
-    var match = options.languageDetectRe.exec(classes);
-    if (match) {
-      var language = getLanguage(match[1]);
-      if (!language) {
-        warn(LANGUAGE_NOT_FOUND.replace("{}", match[1]));
-        warn("Falling back to no-highlight mode for this block.", block);
-      }
-      return language ? match[1] : 'no-highlight';
-    }
-    return classes.split(/\s+/).find(function (_class) {
-      return shouldNotHighlight(_class) || getLanguage(_class);
-    });
-  }
-
-  /**
-   * Core highlighting function.
-   *
-   * OLD API
-   * highlight(lang, code, ignoreIllegals, continuation)
-   *
-   * NEW API
-   * highlight(code, {lang, ignoreIllegals})
-   *
-   * @param {string} codeOrlanguageName - the language to use for highlighting
-   * @param {string | HighlightOptions} optionsOrCode - the code to highlight
-   * @param {boolean} [ignoreIllegals] - whether to ignore illegal matches, default is to bail
-   * @param {CompiledMode} [continuation] - current continuation mode, if any
-   *
-   * @returns {HighlightResult} Result - an object that represents the result
-   * @property {string} language - the language name
-   * @property {number} relevance - the relevance score
-   * @property {string} value - the highlighted HTML code
-   * @property {string} code - the original raw code
-   * @property {CompiledMode} top - top of the current mode stack
-   * @property {boolean} illegal - indicates whether any illegal matches were found
-  */
-  function highlight(codeOrlanguageName, optionsOrCode, ignoreIllegals, continuation) {
-    var code = "";
-    var languageName = "";
-    if (typeof optionsOrCode === "object") {
-      code = codeOrlanguageName;
-      ignoreIllegals = optionsOrCode.ignoreIllegals;
-      languageName = optionsOrCode.language;
-      // continuation not supported at all via the new API
-      // eslint-disable-next-line no-undefined
-      continuation = undefined;
-    } else {
-      // old API
-      deprecated("10.7.0", "highlight(lang, code, ...args) has been deprecated.");
-      deprecated("10.7.0", "Please use highlight(code, options) instead.\nhttps://github.com/highlightjs/highlight.js/issues/2277");
-      languageName = codeOrlanguageName;
-      code = optionsOrCode;
-    }
-
-    /** @type {BeforeHighlightContext} */
-    var context = {
-      code: code,
-      language: languageName
-    };
-    // the plugin can change the desired language or the code to be highlighted
-    // just be changing the object it was passed
-    fire("before:highlight", context);
-
-    // a before plugin can usurp the result completely by providing it's own
-    // in which case we don't even need to call highlight
-    var result = context.result ? context.result : _highlight(context.language, context.code, ignoreIllegals, continuation);
-    result.code = context.code;
-    // the plugin can change anything in result to suite it
-    fire("after:highlight", result);
-    return result;
-  }
-
-  /**
-   * private highlight that's used internally and does not fire callbacks
-   *
-   * @param {string} languageName - the language to use for highlighting
-   * @param {string} codeToHighlight - the code to highlight
-   * @param {boolean?} [ignoreIllegals] - whether to ignore illegal matches, default is to bail
-   * @param {CompiledMode?} [continuation] - current continuation mode, if any
-   * @returns {HighlightResult} - result of the highlight operation
-  */
-  function _highlight(languageName, codeToHighlight, ignoreIllegals, continuation) {
-    /**
-     * Return keyword data if a match is a keyword
-     * @param {CompiledMode} mode - current mode
-     * @param {RegExpMatchArray} match - regexp match data
-     * @returns {KeywordData | false}
-     */
-    function keywordData(mode, match) {
-      var matchText = language.case_insensitive ? match[0].toLowerCase() : match[0];
-      return Object.prototype.hasOwnProperty.call(mode.keywords, matchText) && mode.keywords[matchText];
-    }
-    function processKeywords() {
-      if (!top.keywords) {
-        emitter.addText(modeBuffer);
-        return;
-      }
-      var lastIndex = 0;
-      top.keywordPatternRe.lastIndex = 0;
-      var match = top.keywordPatternRe.exec(modeBuffer);
-      var buf = "";
-      while (match) {
-        buf += modeBuffer.substring(lastIndex, match.index);
-        var data = keywordData(top, match);
-        if (data) {
-          var _data = _slicedToArray(data, 2),
-            kind = _data[0],
-            keywordRelevance = _data[1];
-          emitter.addText(buf);
-          buf = "";
-          relevance += keywordRelevance;
-          if (kind.startsWith("_")) {
-            // _ implied for relevance only, do not highlight
-            // by applying a class name
-            buf += match[0];
-          } else {
-            var cssClass = language.classNameAliases[kind] || kind;
-            emitter.addKeyword(match[0], cssClass);
-          }
-        } else {
-          buf += match[0];
-        }
-        lastIndex = top.keywordPatternRe.lastIndex;
-        match = top.keywordPatternRe.exec(modeBuffer);
-      }
-      buf += modeBuffer.substr(lastIndex);
-      emitter.addText(buf);
-    }
-    function processSubLanguage() {
-      if (modeBuffer === "") return;
-      /** @type HighlightResult */
-      var result = null;
-      if (typeof top.subLanguage === 'string') {
-        if (!languages[top.subLanguage]) {
-          emitter.addText(modeBuffer);
-          return;
-        }
-        result = _highlight(top.subLanguage, modeBuffer, true, continuations[top.subLanguage]);
-        continuations[top.subLanguage] = /** @type {CompiledMode} */result.top;
-      } else {
-        result = highlightAuto(modeBuffer, top.subLanguage.length ? top.subLanguage : null);
-      }
-
-      // Counting embedded language score towards the host language may be disabled
-      // with zeroing the containing mode relevance. Use case in point is Markdown that
-      // allows XML everywhere and makes every XML snippet to have a much larger Markdown
-      // score.
-      if (top.relevance > 0) {
-        relevance += result.relevance;
-      }
-      emitter.addSublanguage(result.emitter, result.language);
-    }
-    function processBuffer() {
-      if (top.subLanguage != null) {
-        processSubLanguage();
-      } else {
-        processKeywords();
-      }
-      modeBuffer = '';
-    }
-
-    /**
-     * @param {Mode} mode - new mode to start
-     */
-    function startNewMode(mode) {
-      if (mode.className) {
-        emitter.openNode(language.classNameAliases[mode.className] || mode.className);
-      }
-      top = Object.create(mode, {
-        parent: {
-          value: top
-        }
-      });
-      return top;
-    }
-
-    /**
-     * @param {CompiledMode } mode - the mode to potentially end
-     * @param {RegExpMatchArray} match - the latest match
-     * @param {string} matchPlusRemainder - match plus remainder of content
-     * @returns {CompiledMode | void} - the next mode, or if void continue on in current mode
-     */
-    function endOfMode(mode, match, matchPlusRemainder) {
-      var matched = startsWith(mode.endRe, matchPlusRemainder);
-      if (matched) {
-        if (mode["on:end"]) {
-          var resp = new Response(mode);
-          mode["on:end"](match, resp);
-          if (resp.isMatchIgnored) matched = false;
-        }
-        if (matched) {
-          while (mode.endsParent && mode.parent) {
-            mode = mode.parent;
-          }
-          return mode;
-        }
-      }
-      // even if on:end fires an `ignore` it's still possible
-      // that we might trigger the end node because of a parent mode
-      if (mode.endsWithParent) {
-        return endOfMode(mode.parent, match, matchPlusRemainder);
-      }
-    }
-
-    /**
-     * Handle matching but then ignoring a sequence of text
-     *
-     * @param {string} lexeme - string containing full match text
-     */
-    function doIgnore(lexeme) {
-      if (top.matcher.regexIndex === 0) {
-        // no more regexs to potentially match here, so we move the cursor forward one
-        // space
-        modeBuffer += lexeme[0];
-        return 1;
-      } else {
-        // no need to move the cursor, we still have additional regexes to try and
-        // match at this very spot
-        resumeScanAtSamePosition = true;
-        return 0;
-      }
-    }
-
-    /**
-     * Handle the start of a new potential mode match
-     *
-     * @param {EnhancedMatch} match - the current match
-     * @returns {number} how far to advance the parse cursor
-     */
-    function doBeginMatch(match) {
-      var lexeme = match[0];
-      var newMode = match.rule;
-      var resp = new Response(newMode);
-      // first internal before callbacks, then the public ones
-      var beforeCallbacks = [newMode.__beforeBegin, newMode["on:begin"]];
-      for (var _i = 0, _beforeCallbacks = beforeCallbacks; _i < _beforeCallbacks.length; _i++) {
-        var cb = _beforeCallbacks[_i];
-        if (!cb) continue;
-        cb(match, resp);
-        if (resp.isMatchIgnored) return doIgnore(lexeme);
-      }
-      if (newMode && newMode.endSameAsBegin) {
-        newMode.endRe = escape(lexeme);
-      }
-      if (newMode.skip) {
-        modeBuffer += lexeme;
-      } else {
-        if (newMode.excludeBegin) {
-          modeBuffer += lexeme;
-        }
-        processBuffer();
-        if (!newMode.returnBegin && !newMode.excludeBegin) {
-          modeBuffer = lexeme;
-        }
-      }
-      startNewMode(newMode);
-      // if (mode["after:begin"]) {
-      //   let resp = new Response(mode);
-      //   mode["after:begin"](match, resp);
-      // }
-      return newMode.returnBegin ? 0 : lexeme.length;
-    }
-
-    /**
-     * Handle the potential end of mode
-     *
-     * @param {RegExpMatchArray} match - the current match
-     */
-    function doEndMatch(match) {
-      var lexeme = match[0];
-      var matchPlusRemainder = codeToHighlight.substr(match.index);
-      var endMode = endOfMode(top, match, matchPlusRemainder);
-      if (!endMode) {
-        return NO_MATCH;
-      }
-      var origin = top;
-      if (origin.skip) {
-        modeBuffer += lexeme;
-      } else {
-        if (!(origin.returnEnd || origin.excludeEnd)) {
-          modeBuffer += lexeme;
-        }
-        processBuffer();
-        if (origin.excludeEnd) {
-          modeBuffer = lexeme;
-        }
-      }
-      do {
-        if (top.className) {
-          emitter.closeNode();
-        }
-        if (!top.skip && !top.subLanguage) {
-          relevance += top.relevance;
-        }
-        top = top.parent;
-      } while (top !== endMode.parent);
-      if (endMode.starts) {
-        if (endMode.endSameAsBegin) {
-          endMode.starts.endRe = endMode.endRe;
-        }
-        startNewMode(endMode.starts);
-      }
-      return origin.returnEnd ? 0 : lexeme.length;
-    }
-    function processContinuations() {
-      var list = [];
-      for (var current = top; current !== language; current = current.parent) {
-        if (current.className) {
-          list.unshift(current.className);
-        }
-      }
-      list.forEach(function (item) {
-        return emitter.openNode(item);
-      });
-    }
-
-    /** @type {{type?: MatchType, index?: number, rule?: Mode}}} */
-    var lastMatch = {};
-
-    /**
-     *  Process an individual match
-     *
-     * @param {string} textBeforeMatch - text preceeding the match (since the last match)
-     * @param {EnhancedMatch} [match] - the match itself
-     */
-    function processLexeme(textBeforeMatch, match) {
-      var lexeme = match && match[0];
-
-      // add non-matched text to the current mode buffer
-      modeBuffer += textBeforeMatch;
-      if (lexeme == null) {
-        processBuffer();
-        return 0;
-      }
-
-      // we've found a 0 width match and we're stuck, so we need to advance
-      // this happens when we have badly behaved rules that have optional matchers to the degree that
-      // sometimes they can end up matching nothing at all
-      // Ref: https://github.com/highlightjs/highlight.js/issues/2140
-      if (lastMatch.type === "begin" && match.type === "end" && lastMatch.index === match.index && lexeme === "") {
-        // spit the "skipped" character that our regex choked on back into the output sequence
-        modeBuffer += codeToHighlight.slice(match.index, match.index + 1);
-        if (!SAFE_MODE) {
-          /** @type {AnnotatedError} */
-          var err = new Error('0 width match regex');
-          err.languageName = languageName;
-          err.badRule = lastMatch.rule;
-          throw err;
-        }
-        return 1;
-      }
-      lastMatch = match;
-      if (match.type === "begin") {
-        return doBeginMatch(match);
-      } else if (match.type === "illegal" && !ignoreIllegals) {
-        // illegal match, we do not continue processing
-        /** @type {AnnotatedError} */
-        var _err = new Error('Illegal lexeme "' + lexeme + '" for mode "' + (top.className || '<unnamed>') + '"');
-        _err.mode = top;
-        throw _err;
-      } else if (match.type === "end") {
-        var processed = doEndMatch(match);
-        if (processed !== NO_MATCH) {
-          return processed;
-        }
-      }
-
-      // edge case for when illegal matches $ (end of line) which is technically
-      // a 0 width match but not a begin/end match so it's not caught by the
-      // first handler (when ignoreIllegals is true)
-      if (match.type === "illegal" && lexeme === "") {
-        // advance so we aren't stuck in an infinite loop
-        return 1;
-      }
-
-      // infinite loops are BAD, this is a last ditch catch all. if we have a
-      // decent number of iterations yet our index (cursor position in our
-      // parsing) still 3x behind our index then something is very wrong
-      // so we bail
-      if (iterations > 100000 && iterations > match.index * 3) {
-        var _err2 = new Error('potential infinite loop, way more iterations than matches');
-        throw _err2;
-      }
-
-      /*
-      Why might be find ourselves here?  Only one occasion now.  An end match that was
-      triggered but could not be completed.  When might this happen?  When an `endSameasBegin`
-      rule sets the end rule to a specific match.  Since the overall mode termination rule that's
-      being used to scan the text isn't recompiled that means that any match that LOOKS like
-      the end (but is not, because it is not an exact match to the beginning) will
-      end up here.  A definite end match, but when `doEndMatch` tries to "reapply"
-      the end rule and fails to match, we wind up here, and just silently ignore the end.
-       This causes no real harm other than stopping a few times too many.
-      */
-
-      modeBuffer += lexeme;
-      return lexeme.length;
-    }
-    var language = getLanguage(languageName);
-    if (!language) {
-      error(LANGUAGE_NOT_FOUND.replace("{}", languageName));
-      throw new Error('Unknown language: "' + languageName + '"');
-    }
-    var md = compileLanguage(language, {
-      plugins: plugins
-    });
-    var result = '';
-    /** @type {CompiledMode} */
-    var top = continuation || md;
-    /** @type Record<string,CompiledMode> */
-    var continuations = {}; // keep continuations for sub-languages
-    var emitter = new options.__emitter(options);
-    processContinuations();
-    var modeBuffer = '';
-    var relevance = 0;
-    var index = 0;
-    var iterations = 0;
-    var resumeScanAtSamePosition = false;
-    try {
-      top.matcher.considerAll();
-      for (;;) {
-        iterations++;
-        if (resumeScanAtSamePosition) {
-          // only regexes not matched previously will now be
-          // considered for a potential match
-          resumeScanAtSamePosition = false;
-        } else {
-          top.matcher.considerAll();
-        }
-        top.matcher.lastIndex = index;
-        var match = top.matcher.exec(codeToHighlight);
-        // console.log("match", match[0], match.rule && match.rule.begin)
-
-        if (!match) break;
-        var beforeMatch = codeToHighlight.substring(index, match.index);
-        var processedCount = processLexeme(beforeMatch, match);
-        index = match.index + processedCount;
-      }
-      processLexeme(codeToHighlight.substr(index));
-      emitter.closeAllNodes();
-      emitter.finalize();
-      result = emitter.toHTML();
-      return {
-        // avoid possible breakage with v10 clients expecting
-        // this to always be an integer
-        relevance: Math.floor(relevance),
-        value: result,
-        language: languageName,
-        illegal: false,
-        emitter: emitter,
-        top: top
-      };
-    } catch (err) {
-      if (err.message && err.message.includes('Illegal')) {
-        return {
-          illegal: true,
-          illegalBy: {
-            msg: err.message,
-            context: codeToHighlight.slice(index - 100, index + 100),
-            mode: err.mode
-          },
-          sofar: result,
-          relevance: 0,
-          value: escape$1(codeToHighlight),
-          emitter: emitter
-        };
-      } else if (SAFE_MODE) {
-        return {
-          illegal: false,
-          relevance: 0,
-          value: escape$1(codeToHighlight),
-          emitter: emitter,
-          language: languageName,
-          top: top,
-          errorRaised: err
-        };
-      } else {
-        throw err;
-      }
-    }
-  }
-
-  /**
-   * returns a valid highlight result, without actually doing any actual work,
-   * auto highlight starts with this and it's possible for small snippets that
-   * auto-detection may not find a better match
-   * @param {string} code
-   * @returns {HighlightResult}
-   */
-  function justTextHighlightResult(code) {
-    var result = {
-      relevance: 0,
-      emitter: new options.__emitter(options),
-      value: escape$1(code),
-      illegal: false,
-      top: PLAINTEXT_LANGUAGE
-    };
-    result.emitter.addText(code);
-    return result;
-  }
-
-  /**
-  Highlighting with language detection. Accepts a string with the code to
-  highlight. Returns an object with the following properties:
-   - language (detected language)
-  - relevance (int)
-  - value (an HTML string with highlighting markup)
-  - second_best (object with the same structure for second-best heuristically
-    detected language, may be absent)
-     @param {string} code
-    @param {Array<string>} [languageSubset]
-    @returns {AutoHighlightResult}
-  */
-  function highlightAuto(code, languageSubset) {
-    languageSubset = languageSubset || options.languages || Object.keys(languages);
-    var plaintext = justTextHighlightResult(code);
-    var results = languageSubset.filter(getLanguage).filter(autoDetection).map(function (name) {
-      return _highlight(name, code, false);
-    });
-    results.unshift(plaintext); // plaintext is always an option
-
-    var sorted = results.sort(function (a, b) {
-      // sort base on relevance
-      if (a.relevance !== b.relevance) return b.relevance - a.relevance;
-
-      // always award the tie to the base language
-      // ie if C++ and Arduino are tied, it's more likely to be C++
-      if (a.language && b.language) {
-        if (getLanguage(a.language).supersetOf === b.language) {
-          return 1;
-        } else if (getLanguage(b.language).supersetOf === a.language) {
-          return -1;
-        }
-      }
-
-      // otherwise say they are equal, which has the effect of sorting on
-      // relevance while preserving the original ordering - which is how ties
-      // have historically been settled, ie the language that comes first always
-      // wins in the case of a tie
-      return 0;
-    });
-    var _sorted = _slicedToArray(sorted, 2),
-      best = _sorted[0],
-      secondBest = _sorted[1];
-
-    /** @type {AutoHighlightResult} */
-    var result = best;
-    result.second_best = secondBest;
-    return result;
-  }
-
-  /**
-  Post-processing of the highlighted markup:
-   - replace TABs with something more useful
-  - replace real line-breaks with '<br>' for non-pre containers
-     @param {string} html
-    @returns {string}
-  */
-  function fixMarkup(html) {
-    if (!(options.tabReplace || options.useBR)) {
-      return html;
-    }
-    return html.replace(fixMarkupRe, function (match) {
-      if (match === '\n') {
-        return options.useBR ? '<br>' : match;
-      } else if (options.tabReplace) {
-        return match.replace(/\t/g, options.tabReplace);
-      }
-      return match;
-    });
-  }
-
-  /**
-   * Builds new class name for block given the language name
-   *
-   * @param {HTMLElement} element
-   * @param {string} [currentLang]
-   * @param {string} [resultLang]
-   */
-  function updateClassName(element, currentLang, resultLang) {
-    var language = currentLang ? aliases[currentLang] : resultLang;
-    element.classList.add("hljs");
-    if (language) element.classList.add(language);
-  }
-
-  /** @type {HLJSPlugin} */
-  var brPlugin = {
-    "before:highlightElement": function beforeHighlightElement(_ref6) {
-      var el = _ref6.el;
-      if (options.useBR) {
-        el.innerHTML = el.innerHTML.replace(/\n/g, '').replace(/<br[ /]*>/g, '\n');
-      }
-    },
-    "after:highlightElement": function afterHighlightElement(_ref7) {
-      var result = _ref7.result;
-      if (options.useBR) {
-        result.value = result.value.replace(/\n/g, "<br>");
-      }
-    }
-  };
-  var TAB_REPLACE_RE = /^(<[^>]+>|\t)+/gm;
-  /** @type {HLJSPlugin} */
-  var tabReplacePlugin = {
-    "after:highlightElement": function afterHighlightElement(_ref8) {
-      var result = _ref8.result;
-      if (options.tabReplace) {
-        result.value = result.value.replace(TAB_REPLACE_RE, function (m) {
-          return m.replace(/\t/g, options.tabReplace);
-        });
-      }
-    }
-  };
-
-  /**
-   * Applies highlighting to a DOM node containing code. Accepts a DOM node and
-   * two optional parameters for fixMarkup.
-   *
-   * @param {HighlightedHTMLElement} element - the HTML element to highlight
-  */
-  function highlightElement(element) {
-    /** @type HTMLElement */
-    var node = null;
-    var language = blockLanguage(element);
-    if (shouldNotHighlight(language)) return;
-
-    // support for v10 API
-    fire("before:highlightElement", {
-      el: element,
-      language: language
-    });
-    node = element;
-    var text = node.textContent;
-    var result = language ? highlight(text, {
-      language: language,
-      ignoreIllegals: true
-    }) : highlightAuto(text);
-
-    // support for v10 API
-    fire("after:highlightElement", {
-      el: element,
-      result: result,
-      text: text
-    });
-    element.innerHTML = result.value;
-    updateClassName(element, language, result.language);
-    element.result = {
-      language: result.language,
-      // TODO: remove with version 11.0
-      re: result.relevance,
-      relavance: result.relevance
-    };
-    if (result.second_best) {
-      element.second_best = {
-        language: result.second_best.language,
-        // TODO: remove with version 11.0
-        re: result.second_best.relevance,
-        relavance: result.second_best.relevance
-      };
-    }
-  }
-
-  /**
-   * Updates highlight.js global options with the passed options
-   *
-   * @param {Partial<HLJSOptions>} userOptions
-   */
-  function configure(userOptions) {
-    if (userOptions.useBR) {
-      deprecated("10.3.0", "'useBR' will be removed entirely in v11.0");
-      deprecated("10.3.0", "Please see https://github.com/highlightjs/highlight.js/issues/2559");
-    }
-    options = inherit$1(options, userOptions);
-  }
-
-  /**
-   * Highlights to all <pre><code> blocks on a page
-   *
-   * @type {Function & {called?: boolean}}
-   */
-  // TODO: remove v12, deprecated
-  var initHighlighting = function initHighlighting() {
-    if (initHighlighting.called) return;
-    initHighlighting.called = true;
-    deprecated("10.6.0", "initHighlighting() is deprecated.  Use highlightAll() instead.");
-    var blocks = document.querySelectorAll('pre code');
-    blocks.forEach(highlightElement);
-  };
-
-  // Higlights all when DOMContentLoaded fires
-  // TODO: remove v12, deprecated
-  function initHighlightingOnLoad() {
-    deprecated("10.6.0", "initHighlightingOnLoad() is deprecated.  Use highlightAll() instead.");
-    wantsHighlight = true;
-  }
-  var wantsHighlight = false;
-
-  /**
-   * auto-highlights all pre>code elements on the page
-   */
-  function highlightAll() {
-    // if we are called too early in the loading process
-    if (document.readyState === "loading") {
-      wantsHighlight = true;
-      return;
-    }
-    var blocks = document.querySelectorAll('pre code');
-    blocks.forEach(highlightElement);
-  }
-  function boot() {
-    // if a highlight was requested before DOM was loaded, do now
-    if (wantsHighlight) highlightAll();
-  }
-
-  // make sure we are in the browser environment
-  if (typeof window !== 'undefined' && window.addEventListener) {
-    window.addEventListener('DOMContentLoaded', boot, false);
-  }
-
-  /**
-   * Register a language grammar module
-   *
-   * @param {string} languageName
-   * @param {LanguageFn} languageDefinition
-   */
-  function registerLanguage(languageName, languageDefinition) {
-    var lang = null;
-    try {
-      lang = languageDefinition(hljs);
-    } catch (error$1) {
-      error("Language definition for '{}' could not be registered.".replace("{}", languageName));
-      // hard or soft error
-      if (!SAFE_MODE) {
-        throw error$1;
-      } else {
-        error(error$1);
-      }
-      // languages that have serious errors are replaced with essentially a
-      // "plaintext" stand-in so that the code blocks will still get normal
-      // css classes applied to them - and one bad language won't break the
-      // entire highlighter
-      lang = PLAINTEXT_LANGUAGE;
-    }
-    // give it a temporary name if it doesn't have one in the meta-data
-    if (!lang.name) lang.name = languageName;
-    languages[languageName] = lang;
-    lang.rawDefinition = languageDefinition.bind(null, hljs);
-    if (lang.aliases) {
-      registerAliases(lang.aliases, {
-        languageName: languageName
-      });
-    }
-  }
-
-  /**
-   * Remove a language grammar module
-   *
-   * @param {string} languageName
-   */
-  function unregisterLanguage(languageName) {
-    delete languages[languageName];
-    for (var _i2 = 0, _Object$keys = Object.keys(aliases); _i2 < _Object$keys.length; _i2++) {
-      var alias = _Object$keys[_i2];
-      if (aliases[alias] === languageName) {
-        delete aliases[alias];
-      }
-    }
-  }
-
-  /**
-   * @returns {string[]} List of language internal names
-   */
-  function listLanguages() {
-    return Object.keys(languages);
-  }
-
-  /**
-    intended usage: When one language truly requires another
-     Unlike `getLanguage`, this will throw when the requested language
-    is not available.
-     @param {string} name - name of the language to fetch/require
-    @returns {Language | never}
-  */
-  function requireLanguage(name) {
-    deprecated("10.4.0", "requireLanguage will be removed entirely in v11.");
-    deprecated("10.4.0", "Please see https://github.com/highlightjs/highlight.js/pull/2844");
-    var lang = getLanguage(name);
-    if (lang) {
-      return lang;
-    }
-    var err = new Error('The \'{}\' language is required, but not loaded.'.replace('{}', name));
-    throw err;
-  }
-
-  /**
-   * @param {string} name - name of the language to retrieve
-   * @returns {Language | undefined}
-   */
-  function getLanguage(name) {
-    name = (name || '').toLowerCase();
-    return languages[name] || languages[aliases[name]];
-  }
-
-  /**
-   *
-   * @param {string|string[]} aliasList - single alias or list of aliases
-   * @param {{languageName: string}} opts
-   */
-  function registerAliases(aliasList, _ref9) {
-    var languageName = _ref9.languageName;
-    if (typeof aliasList === 'string') {
-      aliasList = [aliasList];
-    }
-    aliasList.forEach(function (alias) {
-      aliases[alias.toLowerCase()] = languageName;
-    });
-  }
-
-  /**
-   * Determines if a given language has auto-detection enabled
-   * @param {string} name - name of the language
-   */
-  function autoDetection(name) {
-    var lang = getLanguage(name);
-    return lang && !lang.disableAutodetect;
-  }
-
-  /**
-   * Upgrades the old highlightBlock plugins to the new
-   * highlightElement API
-   * @param {HLJSPlugin} plugin
-   */
-  function upgradePluginAPI(plugin) {
-    // TODO: remove with v12
-    if (plugin["before:highlightBlock"] && !plugin["before:highlightElement"]) {
-      plugin["before:highlightElement"] = function (data) {
-        plugin["before:highlightBlock"](Object.assign({
-          block: data.el
-        }, data));
-      };
-    }
-    if (plugin["after:highlightBlock"] && !plugin["after:highlightElement"]) {
-      plugin["after:highlightElement"] = function (data) {
-        plugin["after:highlightBlock"](Object.assign({
-          block: data.el
-        }, data));
-      };
-    }
-  }
-
-  /**
-   * @param {HLJSPlugin} plugin
-   */
-  function addPlugin(plugin) {
-    upgradePluginAPI(plugin);
-    plugins.push(plugin);
-  }
-
-  /**
-   *
-   * @param {PluginEvent} event
-   * @param {any} args
-   */
-  function fire(event, args) {
-    var cb = event;
-    plugins.forEach(function (plugin) {
-      if (plugin[cb]) {
-        plugin[cb](args);
-      }
-    });
-  }
-
-  /**
-  Note: fixMarkup is deprecated and will be removed entirely in v11
-   @param {string} arg
-  @returns {string}
-  */
-  function deprecateFixMarkup(arg) {
-    deprecated("10.2.0", "fixMarkup will be removed entirely in v11.0");
-    deprecated("10.2.0", "Please see https://github.com/highlightjs/highlight.js/issues/2534");
-    return fixMarkup(arg);
-  }
-
-  /**
-   *
-   * @param {HighlightedHTMLElement} el
-   */
-  function deprecateHighlightBlock(el) {
-    deprecated("10.7.0", "highlightBlock will be removed entirely in v12.0");
-    deprecated("10.7.0", "Please use highlightElement now.");
-    return highlightElement(el);
-  }
-
-  /* Interface definition */
-  Object.assign(hljs, {
-    highlight: highlight,
-    highlightAuto: highlightAuto,
-    highlightAll: highlightAll,
-    fixMarkup: deprecateFixMarkup,
-    highlightElement: highlightElement,
-    // TODO: Remove with v12 API
-    highlightBlock: deprecateHighlightBlock,
-    configure: configure,
-    initHighlighting: initHighlighting,
-    initHighlightingOnLoad: initHighlightingOnLoad,
-    registerLanguage: registerLanguage,
-    unregisterLanguage: unregisterLanguage,
-    listLanguages: listLanguages,
-    getLanguage: getLanguage,
-    registerAliases: registerAliases,
-    requireLanguage: requireLanguage,
-    autoDetection: autoDetection,
-    inherit: inherit$1,
-    addPlugin: addPlugin,
-    // plugins for frameworks
-    vuePlugin: BuildVuePlugin(hljs).VuePlugin
-  });
-  hljs.debugMode = function () {
-    SAFE_MODE = false;
-  };
-  hljs.safeMode = function () {
-    SAFE_MODE = true;
-  };
-  hljs.versionString = version;
-  for (var key in MODES) {
-    // @ts-ignore
-    if (typeof MODES[key] === "object") {
-      // @ts-ignore
-      deepFreezeEs6(MODES[key]);
-    }
-  }
-
-  // merge all the modes/regexs into our main object
-  Object.assign(hljs, MODES);
-
-  // built-in plugins, likely to be moved out of core in the future
-  hljs.addPlugin(brPlugin); // slated to be removed in v11
-  hljs.addPlugin(mergeHTMLPlugin);
-  hljs.addPlugin(tabReplacePlugin);
-  return hljs;
-};
-
-// export an "instance" of the highlighter
-var highlight = HLJS({});
-module.exports = highlight;
-
-/***/ }),
-
-/***/ 682:
-/***/ (function(module) {
-
-/*
-Language: Diff
-Description: Unified and context diff
-Author: Vasily Polovnyov <vast@whiteants.net>
-Website: https://www.gnu.org/software/diffutils/
-Category: common
-*/
-
-/** @type LanguageFn */
-function diff(hljs) {
-  return {
-    name: 'Diff',
-    aliases: ['patch'],
-    contains: [{
-      className: 'meta',
-      relevance: 10,
-      variants: [{
-        begin: /^@@ +-\d+,\d+ +\+\d+,\d+ +@@/
-      }, {
-        begin: /^\*\*\* +\d+,\d+ +\*\*\*\*$/
-      }, {
-        begin: /^--- +\d+,\d+ +----$/
-      }]
-    }, {
-      className: 'comment',
-      variants: [{
-        begin: /Index: /,
-        end: /$/
-      }, {
-        begin: /^index/,
-        end: /$/
-      }, {
-        begin: /={3,}/,
-        end: /$/
-      }, {
-        begin: /^-{3}/,
-        end: /$/
-      }, {
-        begin: /^\*{3} /,
-        end: /$/
-      }, {
-        begin: /^\+{3}/,
-        end: /$/
-      }, {
-        begin: /^\*{15}$/
-      }, {
-        begin: /^diff --git/,
-        end: /$/
-      }]
-    }, {
-      className: 'addition',
-      begin: /^\+/,
-      end: /$/
-    }, {
-      className: 'deletion',
-      begin: /^-/,
-      end: /$/
-    }, {
-      className: 'addition',
-      begin: /^!/,
-      end: /$/
-    }]
-  };
-}
-module.exports = diff;
-
-/***/ }),
-
-/***/ 712:
-/***/ (function(module) {
-
-/*
-Language: YAML
-Description: Yet Another Markdown Language
-Author: Stefan Wienert <stwienert@gmail.com>
-Contributors: Carl Baxter <carl@cbax.tech>
-Requires: ruby.js
-Website: https://yaml.org
-Category: common, config
-*/
-function yaml(hljs) {
-  var LITERALS = 'true false yes no null';
-
-  // YAML spec allows non-reserved URI characters in tags.
-  var URI_CHARACTERS = '[\\w#;/?:@&=+$,.~*\'()[\\]]+';
-
-  // Define keys as starting with a word character
-  // ...containing word chars, spaces, colons, forward-slashes, hyphens and periods
-  // ...and ending with a colon followed immediately by a space, tab or newline.
-  // The YAML spec allows for much more than this, but this covers most use-cases.
-  var KEY = {
-    className: 'attr',
-    variants: [{
-      begin: '\\w[\\w :\\/.-]*:(?=[ \t]|$)'
-    }, {
-      begin: '"\\w[\\w :\\/.-]*":(?=[ \t]|$)'
-    },
-    // double quoted keys
-    {
-      begin: '\'\\w[\\w :\\/.-]*\':(?=[ \t]|$)'
-    } // single quoted keys
-    ]
-  };
-
-  var TEMPLATE_VARIABLES = {
-    className: 'template-variable',
-    variants: [{
-      begin: /\{\{/,
-      end: /\}\}/
-    },
-    // jinja templates Ansible
-    {
-      begin: /%\{/,
-      end: /\}/
-    } // Ruby i18n
-    ]
-  };
-
-  var STRING = {
-    className: 'string',
-    relevance: 0,
-    variants: [{
-      begin: /'/,
-      end: /'/
-    }, {
-      begin: /"/,
-      end: /"/
-    }, {
-      begin: /\S+/
-    }],
-    contains: [hljs.BACKSLASH_ESCAPE, TEMPLATE_VARIABLES]
-  };
-
-  // Strings inside of value containers (objects) can't contain braces,
-  // brackets, or commas
-  var CONTAINER_STRING = hljs.inherit(STRING, {
-    variants: [{
-      begin: /'/,
-      end: /'/
-    }, {
-      begin: /"/,
-      end: /"/
-    }, {
-      begin: /[^\s,{}[\]]+/
-    }]
-  });
-  var DATE_RE = '[0-9]{4}(-[0-9][0-9]){0,2}';
-  var TIME_RE = '([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?';
-  var FRACTION_RE = '(\\.[0-9]*)?';
-  var ZONE_RE = '([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?';
-  var TIMESTAMP = {
-    className: 'number',
-    begin: '\\b' + DATE_RE + TIME_RE + FRACTION_RE + ZONE_RE + '\\b'
-  };
-  var VALUE_CONTAINER = {
-    end: ',',
-    endsWithParent: true,
-    excludeEnd: true,
-    keywords: LITERALS,
-    relevance: 0
-  };
-  var OBJECT = {
-    begin: /\{/,
-    end: /\}/,
-    contains: [VALUE_CONTAINER],
-    illegal: '\\n',
-    relevance: 0
-  };
-  var ARRAY = {
-    begin: '\\[',
-    end: '\\]',
-    contains: [VALUE_CONTAINER],
-    illegal: '\\n',
-    relevance: 0
-  };
-  var MODES = [KEY, {
-    className: 'meta',
-    begin: '^---\\s*$',
-    relevance: 10
-  }, {
-    // multi line string
-    // Blocks start with a | or > followed by a newline
-    //
-    // Indentation of subsequent lines must be the same to
-    // be considered part of the block
-    className: 'string',
-    begin: '[\\|>]([1-9]?[+-])?[ ]*\\n( +)[^ ][^\\n]*\\n(\\2[^\\n]+\\n?)*'
-  }, {
-    // Ruby/Rails erb
-    begin: '<%[%=-]?',
-    end: '[%-]?%>',
-    subLanguage: 'ruby',
-    excludeBegin: true,
-    excludeEnd: true,
-    relevance: 0
-  }, {
-    // named tags
-    className: 'type',
-    begin: '!\\w+!' + URI_CHARACTERS
-  },
-  // https://yaml.org/spec/1.2/spec.html#id2784064
-  {
-    // verbatim tags
-    className: 'type',
-    begin: '!<' + URI_CHARACTERS + ">"
-  }, {
-    // primary tags
-    className: 'type',
-    begin: '!' + URI_CHARACTERS
-  }, {
-    // secondary tags
-    className: 'type',
-    begin: '!!' + URI_CHARACTERS
-  }, {
-    // fragment id &ref
-    className: 'meta',
-    begin: '&' + hljs.UNDERSCORE_IDENT_RE + '$'
-  }, {
-    // fragment reference *ref
-    className: 'meta',
-    begin: '\\*' + hljs.UNDERSCORE_IDENT_RE + '$'
-  }, {
-    // array listing
-    className: 'bullet',
-    // TODO: remove |$ hack when we have proper look-ahead support
-    begin: '-(?=[ ]|$)',
-    relevance: 0
-  }, hljs.HASH_COMMENT_MODE, {
-    beginKeywords: LITERALS,
-    keywords: {
-      literal: LITERALS
-    }
-  }, TIMESTAMP,
-  // numbers are any valid C-style number that
-  // sit isolated from other words
-  {
-    className: 'number',
-    begin: hljs.C_NUMBER_RE + '\\b',
-    relevance: 0
-  }, OBJECT, ARRAY, STRING];
-  var VALUE_MODES = [].concat(MODES);
-  VALUE_MODES.pop();
-  VALUE_MODES.push(CONTAINER_STRING);
-  VALUE_CONTAINER.contains = VALUE_MODES;
-  return {
-    name: 'YAML',
-    case_insensitive: true,
-    aliases: ['yml'],
-    contains: MODES
-  };
-}
-module.exports = yaml;
-
-/***/ }),
-
-/***/ 110:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-var reactIs = __webpack_require__(309);
-
-/**
- * Copyright 2015, Yahoo! Inc.
- * Copyrights licensed under the New BSD License. See the accompanying LICENSE file for terms.
- */
-var REACT_STATICS = {
-  childContextTypes: true,
-  contextType: true,
-  contextTypes: true,
-  defaultProps: true,
-  displayName: true,
-  getDefaultProps: true,
-  getDerivedStateFromError: true,
-  getDerivedStateFromProps: true,
-  mixins: true,
-  propTypes: true,
-  type: true
-};
-var KNOWN_STATICS = {
-  name: true,
-  length: true,
-  prototype: true,
-  caller: true,
-  callee: true,
-  arguments: true,
-  arity: true
-};
-var FORWARD_REF_STATICS = {
-  '$$typeof': true,
-  render: true,
-  defaultProps: true,
-  displayName: true,
-  propTypes: true
-};
-var MEMO_STATICS = {
-  '$$typeof': true,
-  compare: true,
-  defaultProps: true,
-  displayName: true,
-  propTypes: true,
-  type: true
-};
-var TYPE_STATICS = {};
-TYPE_STATICS[reactIs.ForwardRef] = FORWARD_REF_STATICS;
-TYPE_STATICS[reactIs.Memo] = MEMO_STATICS;
-function getStatics(component) {
-  // React v16.11 and below
-  if (reactIs.isMemo(component)) {
-    return MEMO_STATICS;
-  } // React v16.12 and above
-
-  return TYPE_STATICS[component['$$typeof']] || REACT_STATICS;
-}
-var defineProperty = Object.defineProperty;
-var getOwnPropertyNames = Object.getOwnPropertyNames;
-var getOwnPropertySymbols = Object.getOwnPropertySymbols;
-var getOwnPropertyDescriptor = Object.getOwnPropertyDescriptor;
-var getPrototypeOf = Object.getPrototypeOf;
-var objectPrototype = Object.prototype;
-function hoistNonReactStatics(targetComponent, sourceComponent, blacklist) {
-  if (typeof sourceComponent !== 'string') {
-    // don't hoist over string (html) components
-    if (objectPrototype) {
-      var inheritedComponent = getPrototypeOf(sourceComponent);
-      if (inheritedComponent && inheritedComponent !== objectPrototype) {
-        hoistNonReactStatics(targetComponent, inheritedComponent, blacklist);
-      }
-    }
-    var keys = getOwnPropertyNames(sourceComponent);
-    if (getOwnPropertySymbols) {
-      keys = keys.concat(getOwnPropertySymbols(sourceComponent));
-    }
-    var targetStatics = getStatics(targetComponent);
-    var sourceStatics = getStatics(sourceComponent);
-    for (var i = 0; i < keys.length; ++i) {
-      var key = keys[i];
-      if (!KNOWN_STATICS[key] && !(blacklist && blacklist[key]) && !(sourceStatics && sourceStatics[key]) && !(targetStatics && targetStatics[key])) {
-        var descriptor = getOwnPropertyDescriptor(sourceComponent, key);
-        try {
-          // Avoid failures from read-only properties
-          defineProperty(targetComponent, key, descriptor);
-        } catch (e) {}
-      }
-    }
-  }
-  return targetComponent;
-}
-module.exports = hoistNonReactStatics;
-
-/***/ }),
-
-/***/ 746:
-/***/ (function(__unused_webpack_module, exports) {
-
-"use strict";
-/** @license React v16.13.1
- * react-is.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-
-
-var b = "function" === typeof Symbol && Symbol.for,
-  c = b ? Symbol.for("react.element") : 60103,
-  d = b ? Symbol.for("react.portal") : 60106,
-  e = b ? Symbol.for("react.fragment") : 60107,
-  f = b ? Symbol.for("react.strict_mode") : 60108,
-  g = b ? Symbol.for("react.profiler") : 60114,
-  h = b ? Symbol.for("react.provider") : 60109,
-  k = b ? Symbol.for("react.context") : 60110,
-  l = b ? Symbol.for("react.async_mode") : 60111,
-  m = b ? Symbol.for("react.concurrent_mode") : 60111,
-  n = b ? Symbol.for("react.forward_ref") : 60112,
-  p = b ? Symbol.for("react.suspense") : 60113,
-  q = b ? Symbol.for("react.suspense_list") : 60120,
-  r = b ? Symbol.for("react.memo") : 60115,
-  t = b ? Symbol.for("react.lazy") : 60116,
-  v = b ? Symbol.for("react.block") : 60121,
-  w = b ? Symbol.for("react.fundamental") : 60117,
-  x = b ? Symbol.for("react.responder") : 60118,
-  y = b ? Symbol.for("react.scope") : 60119;
-function z(a) {
-  if ("object" === typeof a && null !== a) {
-    var u = a.$$typeof;
-    switch (u) {
-      case c:
-        switch (a = a.type, a) {
-          case l:
-          case m:
-          case e:
-          case g:
-          case f:
-          case p:
-            return a;
-          default:
-            switch (a = a && a.$$typeof, a) {
-              case k:
-              case n:
-              case t:
-              case r:
-              case h:
-                return a;
-              default:
-                return u;
-            }
-        }
-      case d:
-        return u;
-    }
-  }
-}
-function A(a) {
-  return z(a) === m;
-}
-exports.AsyncMode = l;
-exports.ConcurrentMode = m;
-exports.ContextConsumer = k;
-exports.ContextProvider = h;
-exports.Element = c;
-exports.ForwardRef = n;
-exports.Fragment = e;
-exports.Lazy = t;
-exports.Memo = r;
-exports.Portal = d;
-exports.Profiler = g;
-exports.StrictMode = f;
-exports.Suspense = p;
-exports.isAsyncMode = function (a) {
-  return A(a) || z(a) === l;
-};
-exports.isConcurrentMode = A;
-exports.isContextConsumer = function (a) {
-  return z(a) === k;
-};
-exports.isContextProvider = function (a) {
-  return z(a) === h;
-};
-exports.isElement = function (a) {
-  return "object" === typeof a && null !== a && a.$$typeof === c;
-};
-exports.isForwardRef = function (a) {
-  return z(a) === n;
-};
-exports.isFragment = function (a) {
-  return z(a) === e;
-};
-exports.isLazy = function (a) {
-  return z(a) === t;
-};
-exports.isMemo = function (a) {
-  return z(a) === r;
-};
-exports.isPortal = function (a) {
-  return z(a) === d;
-};
-exports.isProfiler = function (a) {
-  return z(a) === g;
-};
-exports.isStrictMode = function (a) {
-  return z(a) === f;
-};
-exports.isSuspense = function (a) {
-  return z(a) === p;
-};
-exports.isValidElementType = function (a) {
-  return "string" === typeof a || "function" === typeof a || a === e || a === m || a === g || a === f || a === p || a === q || "object" === typeof a && null !== a && (a.$$typeof === t || a.$$typeof === r || a.$$typeof === h || a.$$typeof === k || a.$$typeof === n || a.$$typeof === w || a.$$typeof === x || a.$$typeof === y || a.$$typeof === v);
-};
-exports.typeOf = z;
-
-/***/ }),
-
-/***/ 309:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-if (true) {
-  module.exports = __webpack_require__(746);
-} else {}
-
-/***/ }),
-
-/***/ 981:
-/***/ (function(module, exports, __webpack_require__) {
-
-var __WEBPACK_AMD_DEFINE_RESULT__;/**
- * [js-sha256]{@link https://github.com/emn178/js-sha256}
- *
- * @version 0.9.0
- * @author Chen, Yi-Cyuan [emn178@gmail.com]
- * @copyright Chen, Yi-Cyuan 2014-2017
- * @license MIT
- */
-/*jslint bitwise: true */
-(function () {
-  'use strict';
-
-  var ERROR = 'input is invalid type';
-  var WINDOW = typeof window === 'object';
-  var root = WINDOW ? window : {};
-  if (root.JS_SHA256_NO_WINDOW) {
-    WINDOW = false;
-  }
-  var WEB_WORKER = !WINDOW && typeof self === 'object';
-  var NODE_JS = !root.JS_SHA256_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node;
-  if (NODE_JS) {
-    root = __webpack_require__.g;
-  } else if (WEB_WORKER) {
-    root = self;
-  }
-  var COMMON_JS = !root.JS_SHA256_NO_COMMON_JS && "object" === 'object' && module.exports;
-  var AMD =  true && __webpack_require__.amdO;
-  var ARRAY_BUFFER = !root.JS_SHA256_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined';
-  var HEX_CHARS = '0123456789abcdef'.split('');
-  var EXTRA = [-2147483648, 8388608, 32768, 128];
-  var SHIFT = [24, 16, 8, 0];
-  var K = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
-  var OUTPUT_TYPES = ['hex', 'array', 'digest', 'arrayBuffer'];
-  var blocks = [];
-  if (root.JS_SHA256_NO_NODE_JS || !Array.isArray) {
-    Array.isArray = function (obj) {
-      return Object.prototype.toString.call(obj) === '[object Array]';
-    };
-  }
-  if (ARRAY_BUFFER && (root.JS_SHA256_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView)) {
-    ArrayBuffer.isView = function (obj) {
-      return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer;
-    };
-  }
-  var createOutputMethod = function createOutputMethod(outputType, is224) {
-    return function (message) {
-      return new Sha256(is224, true).update(message)[outputType]();
-    };
-  };
-  var createMethod = function createMethod(is224) {
-    var method = createOutputMethod('hex', is224);
-    if (NODE_JS) {
-      method = nodeWrap(method, is224);
-    }
-    method.create = function () {
-      return new Sha256(is224);
-    };
-    method.update = function (message) {
-      return method.create().update(message);
-    };
-    for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
-      var type = OUTPUT_TYPES[i];
-      method[type] = createOutputMethod(type, is224);
-    }
-    return method;
-  };
-  var nodeWrap = function nodeWrap(method, is224) {
-    var crypto = eval("require('crypto')");
-    var Buffer = eval("require('buffer').Buffer");
-    var algorithm = is224 ? 'sha224' : 'sha256';
-    var nodeMethod = function nodeMethod(message) {
-      if (typeof message === 'string') {
-        return crypto.createHash(algorithm).update(message, 'utf8').digest('hex');
-      } else {
-        if (message === null || message === undefined) {
-          throw new Error(ERROR);
-        } else if (message.constructor === ArrayBuffer) {
-          message = new Uint8Array(message);
-        }
-      }
-      if (Array.isArray(message) || ArrayBuffer.isView(message) || message.constructor === Buffer) {
-        return crypto.createHash(algorithm).update(new Buffer(message)).digest('hex');
-      } else {
-        return method(message);
-      }
-    };
-    return nodeMethod;
-  };
-  var createHmacOutputMethod = function createHmacOutputMethod(outputType, is224) {
-    return function (key, message) {
-      return new HmacSha256(key, is224, true).update(message)[outputType]();
-    };
-  };
-  var createHmacMethod = function createHmacMethod(is224) {
-    var method = createHmacOutputMethod('hex', is224);
-    method.create = function (key) {
-      return new HmacSha256(key, is224);
-    };
-    method.update = function (key, message) {
-      return method.create(key).update(message);
-    };
-    for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
-      var type = OUTPUT_TYPES[i];
-      method[type] = createHmacOutputMethod(type, is224);
-    }
-    return method;
-  };
-  function Sha256(is224, sharedMemory) {
-    if (sharedMemory) {
-      blocks[0] = blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
-      this.blocks = blocks;
-    } else {
-      this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
-    }
-    if (is224) {
-      this.h0 = 0xc1059ed8;
-      this.h1 = 0x367cd507;
-      this.h2 = 0x3070dd17;
-      this.h3 = 0xf70e5939;
-      this.h4 = 0xffc00b31;
-      this.h5 = 0x68581511;
-      this.h6 = 0x64f98fa7;
-      this.h7 = 0xbefa4fa4;
-    } else {
-      // 256
-      this.h0 = 0x6a09e667;
-      this.h1 = 0xbb67ae85;
-      this.h2 = 0x3c6ef372;
-      this.h3 = 0xa54ff53a;
-      this.h4 = 0x510e527f;
-      this.h5 = 0x9b05688c;
-      this.h6 = 0x1f83d9ab;
-      this.h7 = 0x5be0cd19;
-    }
-    this.block = this.start = this.bytes = this.hBytes = 0;
-    this.finalized = this.hashed = false;
-    this.first = true;
-    this.is224 = is224;
-  }
-  Sha256.prototype.update = function (message) {
-    if (this.finalized) {
-      return;
-    }
-    var notString,
-      type = typeof message;
-    if (type !== 'string') {
-      if (type === 'object') {
-        if (message === null) {
-          throw new Error(ERROR);
-        } else if (ARRAY_BUFFER && message.constructor === ArrayBuffer) {
-          message = new Uint8Array(message);
-        } else if (!Array.isArray(message)) {
-          if (!ARRAY_BUFFER || !ArrayBuffer.isView(message)) {
-            throw new Error(ERROR);
-          }
-        }
-      } else {
-        throw new Error(ERROR);
-      }
-      notString = true;
-    }
-    var code,
-      index = 0,
-      i,
-      length = message.length,
-      blocks = this.blocks;
-    while (index < length) {
-      if (this.hashed) {
-        this.hashed = false;
-        blocks[0] = this.block;
-        blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
-      }
-      if (notString) {
-        for (i = this.start; index < length && i < 64; ++index) {
-          blocks[i >> 2] |= message[index] << SHIFT[i++ & 3];
-        }
-      } else {
-        for (i = this.start; index < length && i < 64; ++index) {
-          code = message.charCodeAt(index);
-          if (code < 0x80) {
-            blocks[i >> 2] |= code << SHIFT[i++ & 3];
-          } else if (code < 0x800) {
-            blocks[i >> 2] |= (0xc0 | code >> 6) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
-          } else if (code < 0xd800 || code >= 0xe000) {
-            blocks[i >> 2] |= (0xe0 | code >> 12) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
-          } else {
-            code = 0x10000 + ((code & 0x3ff) << 10 | message.charCodeAt(++index) & 0x3ff);
-            blocks[i >> 2] |= (0xf0 | code >> 18) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code >> 12 & 0x3f) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3];
-            blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3];
-          }
-        }
-      }
-      this.lastByteIndex = i;
-      this.bytes += i - this.start;
-      if (i >= 64) {
-        this.block = blocks[16];
-        this.start = i - 64;
-        this.hash();
-        this.hashed = true;
-      } else {
-        this.start = i;
-      }
-    }
-    if (this.bytes > 4294967295) {
-      this.hBytes += this.bytes / 4294967296 << 0;
-      this.bytes = this.bytes % 4294967296;
-    }
-    return this;
-  };
-  Sha256.prototype.finalize = function () {
-    if (this.finalized) {
-      return;
-    }
-    this.finalized = true;
-    var blocks = this.blocks,
-      i = this.lastByteIndex;
-    blocks[16] = this.block;
-    blocks[i >> 2] |= EXTRA[i & 3];
-    this.block = blocks[16];
-    if (i >= 56) {
-      if (!this.hashed) {
-        this.hash();
-      }
-      blocks[0] = this.block;
-      blocks[16] = blocks[1] = blocks[2] = blocks[3] = blocks[4] = blocks[5] = blocks[6] = blocks[7] = blocks[8] = blocks[9] = blocks[10] = blocks[11] = blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0;
-    }
-    blocks[14] = this.hBytes << 3 | this.bytes >>> 29;
-    blocks[15] = this.bytes << 3;
-    this.hash();
-  };
-  Sha256.prototype.hash = function () {
-    var a = this.h0,
-      b = this.h1,
-      c = this.h2,
-      d = this.h3,
-      e = this.h4,
-      f = this.h5,
-      g = this.h6,
-      h = this.h7,
-      blocks = this.blocks,
-      j,
-      s0,
-      s1,
-      maj,
-      t1,
-      t2,
-      ch,
-      ab,
-      da,
-      cd,
-      bc;
-    for (j = 16; j < 64; ++j) {
-      // rightrotate
-      t1 = blocks[j - 15];
-      s0 = (t1 >>> 7 | t1 << 25) ^ (t1 >>> 18 | t1 << 14) ^ t1 >>> 3;
-      t1 = blocks[j - 2];
-      s1 = (t1 >>> 17 | t1 << 15) ^ (t1 >>> 19 | t1 << 13) ^ t1 >>> 10;
-      blocks[j] = blocks[j - 16] + s0 + blocks[j - 7] + s1 << 0;
-    }
-    bc = b & c;
-    for (j = 0; j < 64; j += 4) {
-      if (this.first) {
-        if (this.is224) {
-          ab = 300032;
-          t1 = blocks[0] - 1413257819;
-          h = t1 - 150054599 << 0;
-          d = t1 + 24177077 << 0;
-        } else {
-          ab = 704751109;
-          t1 = blocks[0] - 210244248;
-          h = t1 - 1521486534 << 0;
-          d = t1 + 143694565 << 0;
-        }
-        this.first = false;
-      } else {
-        s0 = (a >>> 2 | a << 30) ^ (a >>> 13 | a << 19) ^ (a >>> 22 | a << 10);
-        s1 = (e >>> 6 | e << 26) ^ (e >>> 11 | e << 21) ^ (e >>> 25 | e << 7);
-        ab = a & b;
-        maj = ab ^ a & c ^ bc;
-        ch = e & f ^ ~e & g;
-        t1 = h + s1 + ch + K[j] + blocks[j];
-        t2 = s0 + maj;
-        h = d + t1 << 0;
-        d = t1 + t2 << 0;
-      }
-      s0 = (d >>> 2 | d << 30) ^ (d >>> 13 | d << 19) ^ (d >>> 22 | d << 10);
-      s1 = (h >>> 6 | h << 26) ^ (h >>> 11 | h << 21) ^ (h >>> 25 | h << 7);
-      da = d & a;
-      maj = da ^ d & b ^ ab;
-      ch = h & e ^ ~h & f;
-      t1 = g + s1 + ch + K[j + 1] + blocks[j + 1];
-      t2 = s0 + maj;
-      g = c + t1 << 0;
-      c = t1 + t2 << 0;
-      s0 = (c >>> 2 | c << 30) ^ (c >>> 13 | c << 19) ^ (c >>> 22 | c << 10);
-      s1 = (g >>> 6 | g << 26) ^ (g >>> 11 | g << 21) ^ (g >>> 25 | g << 7);
-      cd = c & d;
-      maj = cd ^ c & a ^ da;
-      ch = g & h ^ ~g & e;
-      t1 = f + s1 + ch + K[j + 2] + blocks[j + 2];
-      t2 = s0 + maj;
-      f = b + t1 << 0;
-      b = t1 + t2 << 0;
-      s0 = (b >>> 2 | b << 30) ^ (b >>> 13 | b << 19) ^ (b >>> 22 | b << 10);
-      s1 = (f >>> 6 | f << 26) ^ (f >>> 11 | f << 21) ^ (f >>> 25 | f << 7);
-      bc = b & c;
-      maj = bc ^ b & d ^ cd;
-      ch = f & g ^ ~f & h;
-      t1 = e + s1 + ch + K[j + 3] + blocks[j + 3];
-      t2 = s0 + maj;
-      e = a + t1 << 0;
-      a = t1 + t2 << 0;
-    }
-    this.h0 = this.h0 + a << 0;
-    this.h1 = this.h1 + b << 0;
-    this.h2 = this.h2 + c << 0;
-    this.h3 = this.h3 + d << 0;
-    this.h4 = this.h4 + e << 0;
-    this.h5 = this.h5 + f << 0;
-    this.h6 = this.h6 + g << 0;
-    this.h7 = this.h7 + h << 0;
-  };
-  Sha256.prototype.hex = function () {
-    this.finalize();
-    var h0 = this.h0,
-      h1 = this.h1,
-      h2 = this.h2,
-      h3 = this.h3,
-      h4 = this.h4,
-      h5 = this.h5,
-      h6 = this.h6,
-      h7 = this.h7;
-    var hex = HEX_CHARS[h0 >> 28 & 0x0F] + HEX_CHARS[h0 >> 24 & 0x0F] + HEX_CHARS[h0 >> 20 & 0x0F] + HEX_CHARS[h0 >> 16 & 0x0F] + HEX_CHARS[h0 >> 12 & 0x0F] + HEX_CHARS[h0 >> 8 & 0x0F] + HEX_CHARS[h0 >> 4 & 0x0F] + HEX_CHARS[h0 & 0x0F] + HEX_CHARS[h1 >> 28 & 0x0F] + HEX_CHARS[h1 >> 24 & 0x0F] + HEX_CHARS[h1 >> 20 & 0x0F] + HEX_CHARS[h1 >> 16 & 0x0F] + HEX_CHARS[h1 >> 12 & 0x0F] + HEX_CHARS[h1 >> 8 & 0x0F] + HEX_CHARS[h1 >> 4 & 0x0F] + HEX_CHARS[h1 & 0x0F] + HEX_CHARS[h2 >> 28 & 0x0F] + HEX_CHARS[h2 >> 24 & 0x0F] + HEX_CHARS[h2 >> 20 & 0x0F] + HEX_CHARS[h2 >> 16 & 0x0F] + HEX_CHARS[h2 >> 12 & 0x0F] + HEX_CHARS[h2 >> 8 & 0x0F] + HEX_CHARS[h2 >> 4 & 0x0F] + HEX_CHARS[h2 & 0x0F] + HEX_CHARS[h3 >> 28 & 0x0F] + HEX_CHARS[h3 >> 24 & 0x0F] + HEX_CHARS[h3 >> 20 & 0x0F] + HEX_CHARS[h3 >> 16 & 0x0F] + HEX_CHARS[h3 >> 12 & 0x0F] + HEX_CHARS[h3 >> 8 & 0x0F] + HEX_CHARS[h3 >> 4 & 0x0F] + HEX_CHARS[h3 & 0x0F] + HEX_CHARS[h4 >> 28 & 0x0F] + HEX_CHARS[h4 >> 24 & 0x0F] + HEX_CHARS[h4 >> 20 & 0x0F] + HEX_CHARS[h4 >> 16 & 0x0F] + HEX_CHARS[h4 >> 12 & 0x0F] + HEX_CHARS[h4 >> 8 & 0x0F] + HEX_CHARS[h4 >> 4 & 0x0F] + HEX_CHARS[h4 & 0x0F] + HEX_CHARS[h5 >> 28 & 0x0F] + HEX_CHARS[h5 >> 24 & 0x0F] + HEX_CHARS[h5 >> 20 & 0x0F] + HEX_CHARS[h5 >> 16 & 0x0F] + HEX_CHARS[h5 >> 12 & 0x0F] + HEX_CHARS[h5 >> 8 & 0x0F] + HEX_CHARS[h5 >> 4 & 0x0F] + HEX_CHARS[h5 & 0x0F] + HEX_CHARS[h6 >> 28 & 0x0F] + HEX_CHARS[h6 >> 24 & 0x0F] + HEX_CHARS[h6 >> 20 & 0x0F] + HEX_CHARS[h6 >> 16 & 0x0F] + HEX_CHARS[h6 >> 12 & 0x0F] + HEX_CHARS[h6 >> 8 & 0x0F] + HEX_CHARS[h6 >> 4 & 0x0F] + HEX_CHARS[h6 & 0x0F];
-    if (!this.is224) {
-      hex += HEX_CHARS[h7 >> 28 & 0x0F] + HEX_CHARS[h7 >> 24 & 0x0F] + HEX_CHARS[h7 >> 20 & 0x0F] + HEX_CHARS[h7 >> 16 & 0x0F] + HEX_CHARS[h7 >> 12 & 0x0F] + HEX_CHARS[h7 >> 8 & 0x0F] + HEX_CHARS[h7 >> 4 & 0x0F] + HEX_CHARS[h7 & 0x0F];
-    }
-    return hex;
-  };
-  Sha256.prototype.toString = Sha256.prototype.hex;
-  Sha256.prototype.digest = function () {
-    this.finalize();
-    var h0 = this.h0,
-      h1 = this.h1,
-      h2 = this.h2,
-      h3 = this.h3,
-      h4 = this.h4,
-      h5 = this.h5,
-      h6 = this.h6,
-      h7 = this.h7;
-    var arr = [h0 >> 24 & 0xFF, h0 >> 16 & 0xFF, h0 >> 8 & 0xFF, h0 & 0xFF, h1 >> 24 & 0xFF, h1 >> 16 & 0xFF, h1 >> 8 & 0xFF, h1 & 0xFF, h2 >> 24 & 0xFF, h2 >> 16 & 0xFF, h2 >> 8 & 0xFF, h2 & 0xFF, h3 >> 24 & 0xFF, h3 >> 16 & 0xFF, h3 >> 8 & 0xFF, h3 & 0xFF, h4 >> 24 & 0xFF, h4 >> 16 & 0xFF, h4 >> 8 & 0xFF, h4 & 0xFF, h5 >> 24 & 0xFF, h5 >> 16 & 0xFF, h5 >> 8 & 0xFF, h5 & 0xFF, h6 >> 24 & 0xFF, h6 >> 16 & 0xFF, h6 >> 8 & 0xFF, h6 & 0xFF];
-    if (!this.is224) {
-      arr.push(h7 >> 24 & 0xFF, h7 >> 16 & 0xFF, h7 >> 8 & 0xFF, h7 & 0xFF);
-    }
-    return arr;
-  };
-  Sha256.prototype.array = Sha256.prototype.digest;
-  Sha256.prototype.arrayBuffer = function () {
-    this.finalize();
-    var buffer = new ArrayBuffer(this.is224 ? 28 : 32);
-    var dataView = new DataView(buffer);
-    dataView.setUint32(0, this.h0);
-    dataView.setUint32(4, this.h1);
-    dataView.setUint32(8, this.h2);
-    dataView.setUint32(12, this.h3);
-    dataView.setUint32(16, this.h4);
-    dataView.setUint32(20, this.h5);
-    dataView.setUint32(24, this.h6);
-    if (!this.is224) {
-      dataView.setUint32(28, this.h7);
-    }
-    return buffer;
-  };
-  function HmacSha256(key, is224, sharedMemory) {
-    var i,
-      type = typeof key;
-    if (type === 'string') {
-      var bytes = [],
-        length = key.length,
-        index = 0,
-        code;
-      for (i = 0; i < length; ++i) {
-        code = key.charCodeAt(i);
-        if (code < 0x80) {
-          bytes[index++] = code;
-        } else if (code < 0x800) {
-          bytes[index++] = 0xc0 | code >> 6;
-          bytes[index++] = 0x80 | code & 0x3f;
-        } else if (code < 0xd800 || code >= 0xe000) {
-          bytes[index++] = 0xe0 | code >> 12;
-          bytes[index++] = 0x80 | code >> 6 & 0x3f;
-          bytes[index++] = 0x80 | code & 0x3f;
-        } else {
-          code = 0x10000 + ((code & 0x3ff) << 10 | key.charCodeAt(++i) & 0x3ff);
-          bytes[index++] = 0xf0 | code >> 18;
-          bytes[index++] = 0x80 | code >> 12 & 0x3f;
-          bytes[index++] = 0x80 | code >> 6 & 0x3f;
-          bytes[index++] = 0x80 | code & 0x3f;
-        }
-      }
-      key = bytes;
-    } else {
-      if (type === 'object') {
-        if (key === null) {
-          throw new Error(ERROR);
-        } else if (ARRAY_BUFFER && key.constructor === ArrayBuffer) {
-          key = new Uint8Array(key);
-        } else if (!Array.isArray(key)) {
-          if (!ARRAY_BUFFER || !ArrayBuffer.isView(key)) {
-            throw new Error(ERROR);
-          }
-        }
-      } else {
-        throw new Error(ERROR);
-      }
-    }
-    if (key.length > 64) {
-      key = new Sha256(is224, true).update(key).array();
-    }
-    var oKeyPad = [],
-      iKeyPad = [];
-    for (i = 0; i < 64; ++i) {
-      var b = key[i] || 0;
-      oKeyPad[i] = 0x5c ^ b;
-      iKeyPad[i] = 0x36 ^ b;
-    }
-    Sha256.call(this, is224, sharedMemory);
-    this.update(iKeyPad);
-    this.oKeyPad = oKeyPad;
-    this.inner = true;
-    this.sharedMemory = sharedMemory;
-  }
-  HmacSha256.prototype = new Sha256();
-  HmacSha256.prototype.finalize = function () {
-    Sha256.prototype.finalize.call(this);
-    if (this.inner) {
-      this.inner = false;
-      var innerHash = this.array();
-      Sha256.call(this, this.is224, this.sharedMemory);
-      this.update(this.oKeyPad);
-      this.update(innerHash);
-      Sha256.prototype.finalize.call(this);
-    }
-  };
-  var exports = createMethod();
-  exports.sha256 = exports;
-  exports.sha224 = createMethod(true);
-  exports.sha256.hmac = createHmacMethod();
-  exports.sha224.hmac = createHmacMethod(true);
-  if (COMMON_JS) {
-    module.exports = exports;
-  } else {
-    root.sha256 = exports.sha256;
-    root.sha224 = exports.sha224;
-    if (AMD) {
-      !(__WEBPACK_AMD_DEFINE_RESULT__ = (function () {
-        return exports;
-      }).call(exports, __webpack_require__, exports, module),
-		__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));
-    }
-  }
-})();
-
-/***/ }),
-
-/***/ 763:
-/***/ (function(module, exports, __webpack_require__) {
-
-/* module decorator */ module = __webpack_require__.nmd(module);
-var __WEBPACK_AMD_DEFINE_RESULT__;/**
- * @license
- * Lodash <https://lodash.com/>
- * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>
- * Released under MIT license <https://lodash.com/license>
- * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>
- * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
- */
-;
-(function () {
-  /** Used as a safe reference for `undefined` in pre-ES5 environments. */
-  var undefined;
-
-  /** Used as the semantic version number. */
-  var VERSION = '4.17.21';
-
-  /** Used as the size to enable large array optimizations. */
-  var LARGE_ARRAY_SIZE = 200;
-
-  /** Error message constants. */
-  var CORE_ERROR_TEXT = 'Unsupported core-js use. Try https://npms.io/search?q=ponyfill.',
-    FUNC_ERROR_TEXT = 'Expected a function',
-    INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
-
-  /** Used to stand-in for `undefined` hash values. */
-  var HASH_UNDEFINED = '__lodash_hash_undefined__';
-
-  /** Used as the maximum memoize cache size. */
-  var MAX_MEMOIZE_SIZE = 500;
-
-  /** Used as the internal argument placeholder. */
-  var PLACEHOLDER = '__lodash_placeholder__';
-
-  /** Used to compose bitmasks for cloning. */
-  var CLONE_DEEP_FLAG = 1,
-    CLONE_FLAT_FLAG = 2,
-    CLONE_SYMBOLS_FLAG = 4;
-
-  /** Used to compose bitmasks for value comparisons. */
-  var COMPARE_PARTIAL_FLAG = 1,
-    COMPARE_UNORDERED_FLAG = 2;
-
-  /** Used to compose bitmasks for function metadata. */
-  var WRAP_BIND_FLAG = 1,
-    WRAP_BIND_KEY_FLAG = 2,
-    WRAP_CURRY_BOUND_FLAG = 4,
-    WRAP_CURRY_FLAG = 8,
-    WRAP_CURRY_RIGHT_FLAG = 16,
-    WRAP_PARTIAL_FLAG = 32,
-    WRAP_PARTIAL_RIGHT_FLAG = 64,
-    WRAP_ARY_FLAG = 128,
-    WRAP_REARG_FLAG = 256,
-    WRAP_FLIP_FLAG = 512;
-
-  /** Used as default options for `_.truncate`. */
-  var DEFAULT_TRUNC_LENGTH = 30,
-    DEFAULT_TRUNC_OMISSION = '...';
-
-  /** Used to detect hot functions by number of calls within a span of milliseconds. */
-  var HOT_COUNT = 800,
-    HOT_SPAN = 16;
-
-  /** Used to indicate the type of lazy iteratees. */
-  var LAZY_FILTER_FLAG = 1,
-    LAZY_MAP_FLAG = 2,
-    LAZY_WHILE_FLAG = 3;
-
-  /** Used as references for various `Number` constants. */
-  var INFINITY = 1 / 0,
-    MAX_SAFE_INTEGER = 9007199254740991,
-    MAX_INTEGER = 1.7976931348623157e+308,
-    NAN = 0 / 0;
-
-  /** Used as references for the maximum length and index of an array. */
-  var MAX_ARRAY_LENGTH = 4294967295,
-    MAX_ARRAY_INDEX = MAX_ARRAY_LENGTH - 1,
-    HALF_MAX_ARRAY_LENGTH = MAX_ARRAY_LENGTH >>> 1;
-
-  /** Used to associate wrap methods with their bit flags. */
-  var wrapFlags = [['ary', WRAP_ARY_FLAG], ['bind', WRAP_BIND_FLAG], ['bindKey', WRAP_BIND_KEY_FLAG], ['curry', WRAP_CURRY_FLAG], ['curryRight', WRAP_CURRY_RIGHT_FLAG], ['flip', WRAP_FLIP_FLAG], ['partial', WRAP_PARTIAL_FLAG], ['partialRight', WRAP_PARTIAL_RIGHT_FLAG], ['rearg', WRAP_REARG_FLAG]];
-
-  /** `Object#toString` result references. */
-  var argsTag = '[object Arguments]',
-    arrayTag = '[object Array]',
-    asyncTag = '[object AsyncFunction]',
-    boolTag = '[object Boolean]',
-    dateTag = '[object Date]',
-    domExcTag = '[object DOMException]',
-    errorTag = '[object Error]',
-    funcTag = '[object Function]',
-    genTag = '[object GeneratorFunction]',
-    mapTag = '[object Map]',
-    numberTag = '[object Number]',
-    nullTag = '[object Null]',
-    objectTag = '[object Object]',
-    promiseTag = '[object Promise]',
-    proxyTag = '[object Proxy]',
-    regexpTag = '[object RegExp]',
-    setTag = '[object Set]',
-    stringTag = '[object String]',
-    symbolTag = '[object Symbol]',
-    undefinedTag = '[object Undefined]',
-    weakMapTag = '[object WeakMap]',
-    weakSetTag = '[object WeakSet]';
-  var arrayBufferTag = '[object ArrayBuffer]',
-    dataViewTag = '[object DataView]',
-    float32Tag = '[object Float32Array]',
-    float64Tag = '[object Float64Array]',
-    int8Tag = '[object Int8Array]',
-    int16Tag = '[object Int16Array]',
-    int32Tag = '[object Int32Array]',
-    uint8Tag = '[object Uint8Array]',
-    uint8ClampedTag = '[object Uint8ClampedArray]',
-    uint16Tag = '[object Uint16Array]',
-    uint32Tag = '[object Uint32Array]';
-
-  /** Used to match empty string literals in compiled template source. */
-  var reEmptyStringLeading = /\b__p \+= '';/g,
-    reEmptyStringMiddle = /\b(__p \+=) '' \+/g,
-    reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g;
-
-  /** Used to match HTML entities and HTML characters. */
-  var reEscapedHtml = /&(?:amp|lt|gt|quot|#39);/g,
-    reUnescapedHtml = /[&<>"']/g,
-    reHasEscapedHtml = RegExp(reEscapedHtml.source),
-    reHasUnescapedHtml = RegExp(reUnescapedHtml.source);
-
-  /** Used to match template delimiters. */
-  var reEscape = /<%-([\s\S]+?)%>/g,
-    reEvaluate = /<%([\s\S]+?)%>/g,
-    reInterpolate = /<%=([\s\S]+?)%>/g;
-
-  /** Used to match property names within property paths. */
-  var reIsDeepProp = /\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,
-    reIsPlainProp = /^\w*$/,
-    rePropName = /[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|$))/g;
-
-  /**
-   * Used to match `RegExp`
-   * [syntax characters](http://ecma-international.org/ecma-262/7.0/#sec-patterns).
-   */
-  var reRegExpChar = /[\\^$.*+?()[\]{}|]/g,
-    reHasRegExpChar = RegExp(reRegExpChar.source);
-
-  /** Used to match leading whitespace. */
-  var reTrimStart = /^\s+/;
-
-  /** Used to match a single whitespace character. */
-  var reWhitespace = /\s/;
-
-  /** Used to match wrap detail comments. */
-  var reWrapComment = /\{(?:\n\/\* \[wrapped with .+\] \*\/)?\n?/,
-    reWrapDetails = /\{\n\/\* \[wrapped with (.+)\] \*/,
-    reSplitDetails = /,? & /;
-
-  /** Used to match words composed of alphanumeric characters. */
-  var reAsciiWord = /[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g;
-
-  /**
-   * Used to validate the `validate` option in `_.template` variable.
-   *
-   * Forbids characters which could potentially change the meaning of the function argument definition:
-   * - "()," (modification of function parameters)
-   * - "=" (default value)
-   * - "[]{}" (destructuring of function parameters)
-   * - "/" (beginning of a comment)
-   * - whitespace
-   */
-  var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/;
-
-  /** Used to match backslashes in property paths. */
-  var reEscapeChar = /\\(\\)?/g;
-
-  /**
-   * Used to match
-   * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
-   */
-  var reEsTemplate = /\$\{([^\\}]*(?:\\.[^\\}]*)*)\}/g;
-
-  /** Used to match `RegExp` flags from their coerced string values. */
-  var reFlags = /\w*$/;
-
-  /** Used to detect bad signed hexadecimal string values. */
-  var reIsBadHex = /^[-+]0x[0-9a-f]+$/i;
-
-  /** Used to detect binary string values. */
-  var reIsBinary = /^0b[01]+$/i;
-
-  /** Used to detect host constructors (Safari). */
-  var reIsHostCtor = /^\[object .+?Constructor\]$/;
-
-  /** Used to detect octal string values. */
-  var reIsOctal = /^0o[0-7]+$/i;
-
-  /** Used to detect unsigned integer values. */
-  var reIsUint = /^(?:0|[1-9]\d*)$/;
-
-  /** Used to match Latin Unicode letters (excluding mathematical operators). */
-  var reLatin = /[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g;
-
-  /** Used to ensure capturing order of template delimiters. */
-  var reNoMatch = /($^)/;
-
-  /** Used to match unescaped characters in compiled string literals. */
-  var reUnescapedString = /['\n\r\u2028\u2029\\]/g;
-
-  /** Used to compose unicode character classes. */
-  var rsAstralRange = "\\ud800-\\udfff",
-    rsComboMarksRange = "\\u0300-\\u036f",
-    reComboHalfMarksRange = "\\ufe20-\\ufe2f",
-    rsComboSymbolsRange = "\\u20d0-\\u20ff",
-    rsComboRange = rsComboMarksRange + reComboHalfMarksRange + rsComboSymbolsRange,
-    rsDingbatRange = "\\u2700-\\u27bf",
-    rsLowerRange = 'a-z\\xdf-\\xf6\\xf8-\\xff',
-    rsMathOpRange = '\\xac\\xb1\\xd7\\xf7',
-    rsNonCharRange = '\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf',
-    rsPunctuationRange = "\\u2000-\\u206f",
-    rsSpaceRange = " \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",
-    rsUpperRange = 'A-Z\\xc0-\\xd6\\xd8-\\xde',
-    rsVarRange = "\\ufe0e\\ufe0f",
-    rsBreakRange = rsMathOpRange + rsNonCharRange + rsPunctuationRange + rsSpaceRange;
-
-  /** Used to compose unicode capture groups. */
-  var rsApos = "['\u2019]",
-    rsAstral = '[' + rsAstralRange + ']',
-    rsBreak = '[' + rsBreakRange + ']',
-    rsCombo = '[' + rsComboRange + ']',
-    rsDigits = '\\d+',
-    rsDingbat = '[' + rsDingbatRange + ']',
-    rsLower = '[' + rsLowerRange + ']',
-    rsMisc = '[^' + rsAstralRange + rsBreakRange + rsDigits + rsDingbatRange + rsLowerRange + rsUpperRange + ']',
-    rsFitz = "\\ud83c[\\udffb-\\udfff]",
-    rsModifier = '(?:' + rsCombo + '|' + rsFitz + ')',
-    rsNonAstral = '[^' + rsAstralRange + ']',
-    rsRegional = "(?:\\ud83c[\\udde6-\\uddff]){2}",
-    rsSurrPair = "[\\ud800-\\udbff][\\udc00-\\udfff]",
-    rsUpper = '[' + rsUpperRange + ']',
-    rsZWJ = "\\u200d";
-
-  /** Used to compose unicode regexes. */
-  var rsMiscLower = '(?:' + rsLower + '|' + rsMisc + ')',
-    rsMiscUpper = '(?:' + rsUpper + '|' + rsMisc + ')',
-    rsOptContrLower = '(?:' + rsApos + '(?:d|ll|m|re|s|t|ve))?',
-    rsOptContrUpper = '(?:' + rsApos + '(?:D|LL|M|RE|S|T|VE))?',
-    reOptMod = rsModifier + '?',
-    rsOptVar = '[' + rsVarRange + ']?',
-    rsOptJoin = '(?:' + rsZWJ + '(?:' + [rsNonAstral, rsRegional, rsSurrPair].join('|') + ')' + rsOptVar + reOptMod + ')*',
-    rsOrdLower = '\\d*(?:1st|2nd|3rd|(?![123])\\dth)(?=\\b|[A-Z_])',
-    rsOrdUpper = '\\d*(?:1ST|2ND|3RD|(?![123])\\dTH)(?=\\b|[a-z_])',
-    rsSeq = rsOptVar + reOptMod + rsOptJoin,
-    rsEmoji = '(?:' + [rsDingbat, rsRegional, rsSurrPair].join('|') + ')' + rsSeq,
-    rsSymbol = '(?:' + [rsNonAstral + rsCombo + '?', rsCombo, rsRegional, rsSurrPair, rsAstral].join('|') + ')';
-
-  /** Used to match apostrophes. */
-  var reApos = RegExp(rsApos, 'g');
-
-  /**
-   * Used to match [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks) and
-   * [combining diacritical marks for symbols](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks_for_Symbols).
-   */
-  var reComboMark = RegExp(rsCombo, 'g');
-
-  /** Used to match [string symbols](https://mathiasbynens.be/notes/javascript-unicode). */
-  var reUnicode = RegExp(rsFitz + '(?=' + rsFitz + ')|' + rsSymbol + rsSeq, 'g');
-
-  /** Used to match complex or compound words. */
-  var reUnicodeWord = RegExp([rsUpper + '?' + rsLower + '+' + rsOptContrLower + '(?=' + [rsBreak, rsUpper, '$'].join('|') + ')', rsMiscUpper + '+' + rsOptContrUpper + '(?=' + [rsBreak, rsUpper + rsMiscLower, '$'].join('|') + ')', rsUpper + '?' + rsMiscLower + '+' + rsOptContrLower, rsUpper + '+' + rsOptContrUpper, rsOrdUpper, rsOrdLower, rsDigits, rsEmoji].join('|'), 'g');
-
-  /** Used to detect strings with [zero-width joiners or code points from the astral planes](http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/). */
-  var reHasUnicode = RegExp('[' + rsZWJ + rsAstralRange + rsComboRange + rsVarRange + ']');
-
-  /** Used to detect strings that need a more robust regexp to match words. */
-  var reHasUnicodeWord = /[a-z][A-Z]|[A-Z]{2}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/;
-
-  /** Used to assign default `context` object properties. */
-  var contextProps = ['Array', 'Buffer', 'DataView', 'Date', 'Error', 'Float32Array', 'Float64Array', 'Function', 'Int8Array', 'Int16Array', 'Int32Array', 'Map', 'Math', 'Object', 'Promise', 'RegExp', 'Set', 'String', 'Symbol', 'TypeError', 'Uint8Array', 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array', 'WeakMap', '_', 'clearTimeout', 'isFinite', 'parseInt', 'setTimeout'];
-
-  /** Used to make template sourceURLs easier to identify. */
-  var templateCounter = -1;
-
-  /** Used to identify `toStringTag` values of typed arrays. */
-  var typedArrayTags = {};
-  typedArrayTags[float32Tag] = typedArrayTags[float64Tag] = typedArrayTags[int8Tag] = typedArrayTags[int16Tag] = typedArrayTags[int32Tag] = typedArrayTags[uint8Tag] = typedArrayTags[uint8ClampedTag] = typedArrayTags[uint16Tag] = typedArrayTags[uint32Tag] = true;
-  typedArrayTags[argsTag] = typedArrayTags[arrayTag] = typedArrayTags[arrayBufferTag] = typedArrayTags[boolTag] = typedArrayTags[dataViewTag] = typedArrayTags[dateTag] = typedArrayTags[errorTag] = typedArrayTags[funcTag] = typedArrayTags[mapTag] = typedArrayTags[numberTag] = typedArrayTags[objectTag] = typedArrayTags[regexpTag] = typedArrayTags[setTag] = typedArrayTags[stringTag] = typedArrayTags[weakMapTag] = false;
-
-  /** Used to identify `toStringTag` values supported by `_.clone`. */
-  var cloneableTags = {};
-  cloneableTags[argsTag] = cloneableTags[arrayTag] = cloneableTags[arrayBufferTag] = cloneableTags[dataViewTag] = cloneableTags[boolTag] = cloneableTags[dateTag] = cloneableTags[float32Tag] = cloneableTags[float64Tag] = cloneableTags[int8Tag] = cloneableTags[int16Tag] = cloneableTags[int32Tag] = cloneableTags[mapTag] = cloneableTags[numberTag] = cloneableTags[objectTag] = cloneableTags[regexpTag] = cloneableTags[setTag] = cloneableTags[stringTag] = cloneableTags[symbolTag] = cloneableTags[uint8Tag] = cloneableTags[uint8ClampedTag] = cloneableTags[uint16Tag] = cloneableTags[uint32Tag] = true;
-  cloneableTags[errorTag] = cloneableTags[funcTag] = cloneableTags[weakMapTag] = false;
-
-  /** Used to map Latin Unicode letters to basic Latin letters. */
-  var deburredLetters = {
-    // Latin-1 Supplement block.
-    '\xc0': 'A',
-    '\xc1': 'A',
-    '\xc2': 'A',
-    '\xc3': 'A',
-    '\xc4': 'A',
-    '\xc5': 'A',
-    '\xe0': 'a',
-    '\xe1': 'a',
-    '\xe2': 'a',
-    '\xe3': 'a',
-    '\xe4': 'a',
-    '\xe5': 'a',
-    '\xc7': 'C',
-    '\xe7': 'c',
-    '\xd0': 'D',
-    '\xf0': 'd',
-    '\xc8': 'E',
-    '\xc9': 'E',
-    '\xca': 'E',
-    '\xcb': 'E',
-    '\xe8': 'e',
-    '\xe9': 'e',
-    '\xea': 'e',
-    '\xeb': 'e',
-    '\xcc': 'I',
-    '\xcd': 'I',
-    '\xce': 'I',
-    '\xcf': 'I',
-    '\xec': 'i',
-    '\xed': 'i',
-    '\xee': 'i',
-    '\xef': 'i',
-    '\xd1': 'N',
-    '\xf1': 'n',
-    '\xd2': 'O',
-    '\xd3': 'O',
-    '\xd4': 'O',
-    '\xd5': 'O',
-    '\xd6': 'O',
-    '\xd8': 'O',
-    '\xf2': 'o',
-    '\xf3': 'o',
-    '\xf4': 'o',
-    '\xf5': 'o',
-    '\xf6': 'o',
-    '\xf8': 'o',
-    '\xd9': 'U',
-    '\xda': 'U',
-    '\xdb': 'U',
-    '\xdc': 'U',
-    '\xf9': 'u',
-    '\xfa': 'u',
-    '\xfb': 'u',
-    '\xfc': 'u',
-    '\xdd': 'Y',
-    '\xfd': 'y',
-    '\xff': 'y',
-    '\xc6': 'Ae',
-    '\xe6': 'ae',
-    '\xde': 'Th',
-    '\xfe': 'th',
-    '\xdf': 'ss',
-    // Latin Extended-A block.
-    "\u0100": 'A',
-    "\u0102": 'A',
-    "\u0104": 'A',
-    "\u0101": 'a',
-    "\u0103": 'a',
-    "\u0105": 'a',
-    "\u0106": 'C',
-    "\u0108": 'C',
-    "\u010A": 'C',
-    "\u010C": 'C',
-    "\u0107": 'c',
-    "\u0109": 'c',
-    "\u010B": 'c',
-    "\u010D": 'c',
-    "\u010E": 'D',
-    "\u0110": 'D',
-    "\u010F": 'd',
-    "\u0111": 'd',
-    "\u0112": 'E',
-    "\u0114": 'E',
-    "\u0116": 'E',
-    "\u0118": 'E',
-    "\u011A": 'E',
-    "\u0113": 'e',
-    "\u0115": 'e',
-    "\u0117": 'e',
-    "\u0119": 'e',
-    "\u011B": 'e',
-    "\u011C": 'G',
-    "\u011E": 'G',
-    "\u0120": 'G',
-    "\u0122": 'G',
-    "\u011D": 'g',
-    "\u011F": 'g',
-    "\u0121": 'g',
-    "\u0123": 'g',
-    "\u0124": 'H',
-    "\u0126": 'H',
-    "\u0125": 'h',
-    "\u0127": 'h',
-    "\u0128": 'I',
-    "\u012A": 'I',
-    "\u012C": 'I',
-    "\u012E": 'I',
-    "\u0130": 'I',
-    "\u0129": 'i',
-    "\u012B": 'i',
-    "\u012D": 'i',
-    "\u012F": 'i',
-    "\u0131": 'i',
-    "\u0134": 'J',
-    "\u0135": 'j',
-    "\u0136": 'K',
-    "\u0137": 'k',
-    "\u0138": 'k',
-    "\u0139": 'L',
-    "\u013B": 'L',
-    "\u013D": 'L',
-    "\u013F": 'L',
-    "\u0141": 'L',
-    "\u013A": 'l',
-    "\u013C": 'l',
-    "\u013E": 'l',
-    "\u0140": 'l',
-    "\u0142": 'l',
-    "\u0143": 'N',
-    "\u0145": 'N',
-    "\u0147": 'N',
-    "\u014A": 'N',
-    "\u0144": 'n',
-    "\u0146": 'n',
-    "\u0148": 'n',
-    "\u014B": 'n',
-    "\u014C": 'O',
-    "\u014E": 'O',
-    "\u0150": 'O',
-    "\u014D": 'o',
-    "\u014F": 'o',
-    "\u0151": 'o',
-    "\u0154": 'R',
-    "\u0156": 'R',
-    "\u0158": 'R',
-    "\u0155": 'r',
-    "\u0157": 'r',
-    "\u0159": 'r',
-    "\u015A": 'S',
-    "\u015C": 'S',
-    "\u015E": 'S',
-    "\u0160": 'S',
-    "\u015B": 's',
-    "\u015D": 's',
-    "\u015F": 's',
-    "\u0161": 's',
-    "\u0162": 'T',
-    "\u0164": 'T',
-    "\u0166": 'T',
-    "\u0163": 't',
-    "\u0165": 't',
-    "\u0167": 't',
-    "\u0168": 'U',
-    "\u016A": 'U',
-    "\u016C": 'U',
-    "\u016E": 'U',
-    "\u0170": 'U',
-    "\u0172": 'U',
-    "\u0169": 'u',
-    "\u016B": 'u',
-    "\u016D": 'u',
-    "\u016F": 'u',
-    "\u0171": 'u',
-    "\u0173": 'u',
-    "\u0174": 'W',
-    "\u0175": 'w',
-    "\u0176": 'Y',
-    "\u0177": 'y',
-    "\u0178": 'Y',
-    "\u0179": 'Z',
-    "\u017B": 'Z',
-    "\u017D": 'Z',
-    "\u017A": 'z',
-    "\u017C": 'z',
-    "\u017E": 'z',
-    "\u0132": 'IJ',
-    "\u0133": 'ij',
-    "\u0152": 'Oe',
-    "\u0153": 'oe',
-    "\u0149": "'n",
-    "\u017F": 's'
-  };
-
-  /** Used to map characters to HTML entities. */
-  var htmlEscapes = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#39;'
-  };
-
-  /** Used to map HTML entities to characters. */
-  var htmlUnescapes = {
-    '&amp;': '&',
-    '&lt;': '<',
-    '&gt;': '>',
-    '&quot;': '"',
-    '&#39;': "'"
-  };
-
-  /** Used to escape characters for inclusion in compiled string literals. */
-  var stringEscapes = {
-    '\\': '\\',
-    "'": "'",
-    '\n': 'n',
-    '\r': 'r',
-    "\u2028": 'u2028',
-    "\u2029": 'u2029'
-  };
-
-  /** Built-in method references without a dependency on `root`. */
-  var freeParseFloat = parseFloat,
-    freeParseInt = parseInt;
-
-  /** Detect free variable `global` from Node.js. */
-  var freeGlobal = typeof __webpack_require__.g == 'object' && __webpack_require__.g && __webpack_require__.g.Object === Object && __webpack_require__.g;
-
-  /** Detect free variable `self`. */
-  var freeSelf = typeof self == 'object' && self && self.Object === Object && self;
-
-  /** Used as a reference to the global object. */
-  var root = freeGlobal || freeSelf || Function('return this')();
-
-  /** Detect free variable `exports`. */
-  var freeExports =  true && exports && !exports.nodeType && exports;
-
-  /** Detect free variable `module`. */
-  var freeModule = freeExports && "object" == 'object' && module && !module.nodeType && module;
-
-  /** Detect the popular CommonJS extension `module.exports`. */
-  var moduleExports = freeModule && freeModule.exports === freeExports;
-
-  /** Detect free variable `process` from Node.js. */
-  var freeProcess = moduleExports && freeGlobal.process;
-
-  /** Used to access faster Node.js helpers. */
-  var nodeUtil = function () {
-    try {
-      // Use `util.types` for Node.js 10+.
-      var types = freeModule && freeModule.require && freeModule.require('util').types;
-      if (types) {
-        return types;
-      }
-
-      // Legacy `process.binding('util')` for Node.js < 10.
-      return freeProcess && freeProcess.binding && freeProcess.binding('util');
-    } catch (e) {}
-  }();
-
-  /* Node.js helper references. */
-  var nodeIsArrayBuffer = nodeUtil && nodeUtil.isArrayBuffer,
-    nodeIsDate = nodeUtil && nodeUtil.isDate,
-    nodeIsMap = nodeUtil && nodeUtil.isMap,
-    nodeIsRegExp = nodeUtil && nodeUtil.isRegExp,
-    nodeIsSet = nodeUtil && nodeUtil.isSet,
-    nodeIsTypedArray = nodeUtil && nodeUtil.isTypedArray;
-
-  /*--------------------------------------------------------------------------*/
-
-  /**
-   * A faster alternative to `Function#apply`, this function invokes `func`
-   * with the `this` binding of `thisArg` and the arguments of `args`.
-   *
-   * @private
-   * @param {Function} func The function to invoke.
-   * @param {*} thisArg The `this` binding of `func`.
-   * @param {Array} args The arguments to invoke `func` with.
-   * @returns {*} Returns the result of `func`.
-   */
-  function apply(func, thisArg, args) {
-    switch (args.length) {
-      case 0:
-        return func.call(thisArg);
-      case 1:
-        return func.call(thisArg, args[0]);
-      case 2:
-        return func.call(thisArg, args[0], args[1]);
-      case 3:
-        return func.call(thisArg, args[0], args[1], args[2]);
-    }
-    return func.apply(thisArg, args);
-  }
-
-  /**
-   * A specialized version of `baseAggregator` for arrays.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} setter The function to set `accumulator` values.
-   * @param {Function} iteratee The iteratee to transform keys.
-   * @param {Object} accumulator The initial aggregated object.
-   * @returns {Function} Returns `accumulator`.
-   */
-  function arrayAggregator(array, setter, iteratee, accumulator) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    while (++index < length) {
-      var value = array[index];
-      setter(accumulator, value, iteratee(value), array);
-    }
-    return accumulator;
-  }
-
-  /**
-   * A specialized version of `_.forEach` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {Array} Returns `array`.
-   */
-  function arrayEach(array, iteratee) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    while (++index < length) {
-      if (iteratee(array[index], index, array) === false) {
-        break;
-      }
-    }
-    return array;
-  }
-
-  /**
-   * A specialized version of `_.forEachRight` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {Array} Returns `array`.
-   */
-  function arrayEachRight(array, iteratee) {
-    var length = array == null ? 0 : array.length;
-    while (length--) {
-      if (iteratee(array[length], length, array) === false) {
-        break;
-      }
-    }
-    return array;
-  }
-
-  /**
-   * A specialized version of `_.every` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} predicate The function invoked per iteration.
-   * @returns {boolean} Returns `true` if all elements pass the predicate check,
-   *  else `false`.
-   */
-  function arrayEvery(array, predicate) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    while (++index < length) {
-      if (!predicate(array[index], index, array)) {
-        return false;
-      }
-    }
-    return true;
-  }
-
-  /**
-   * A specialized version of `_.filter` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} predicate The function invoked per iteration.
-   * @returns {Array} Returns the new filtered array.
-   */
-  function arrayFilter(array, predicate) {
-    var index = -1,
-      length = array == null ? 0 : array.length,
-      resIndex = 0,
-      result = [];
-    while (++index < length) {
-      var value = array[index];
-      if (predicate(value, index, array)) {
-        result[resIndex++] = value;
-      }
-    }
-    return result;
-  }
-
-  /**
-   * A specialized version of `_.includes` for arrays without support for
-   * specifying an index to search from.
-   *
-   * @private
-   * @param {Array} [array] The array to inspect.
-   * @param {*} target The value to search for.
-   * @returns {boolean} Returns `true` if `target` is found, else `false`.
-   */
-  function arrayIncludes(array, value) {
-    var length = array == null ? 0 : array.length;
-    return !!length && baseIndexOf(array, value, 0) > -1;
-  }
-
-  /**
-   * This function is like `arrayIncludes` except that it accepts a comparator.
-   *
-   * @private
-   * @param {Array} [array] The array to inspect.
-   * @param {*} target The value to search for.
-   * @param {Function} comparator The comparator invoked per element.
-   * @returns {boolean} Returns `true` if `target` is found, else `false`.
-   */
-  function arrayIncludesWith(array, value, comparator) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    while (++index < length) {
-      if (comparator(value, array[index])) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  /**
-   * A specialized version of `_.map` for arrays without support for iteratee
-   * shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {Array} Returns the new mapped array.
-   */
-  function arrayMap(array, iteratee) {
-    var index = -1,
-      length = array == null ? 0 : array.length,
-      result = Array(length);
-    while (++index < length) {
-      result[index] = iteratee(array[index], index, array);
-    }
-    return result;
-  }
-
-  /**
-   * Appends the elements of `values` to `array`.
-   *
-   * @private
-   * @param {Array} array The array to modify.
-   * @param {Array} values The values to append.
-   * @returns {Array} Returns `array`.
-   */
-  function arrayPush(array, values) {
-    var index = -1,
-      length = values.length,
-      offset = array.length;
-    while (++index < length) {
-      array[offset + index] = values[index];
-    }
-    return array;
-  }
-
-  /**
-   * A specialized version of `_.reduce` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @param {*} [accumulator] The initial value.
-   * @param {boolean} [initAccum] Specify using the first element of `array` as
-   *  the initial value.
-   * @returns {*} Returns the accumulated value.
-   */
-  function arrayReduce(array, iteratee, accumulator, initAccum) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    if (initAccum && length) {
-      accumulator = array[++index];
-    }
-    while (++index < length) {
-      accumulator = iteratee(accumulator, array[index], index, array);
-    }
-    return accumulator;
-  }
-
-  /**
-   * A specialized version of `_.reduceRight` for arrays without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @param {*} [accumulator] The initial value.
-   * @param {boolean} [initAccum] Specify using the last element of `array` as
-   *  the initial value.
-   * @returns {*} Returns the accumulated value.
-   */
-  function arrayReduceRight(array, iteratee, accumulator, initAccum) {
-    var length = array == null ? 0 : array.length;
-    if (initAccum && length) {
-      accumulator = array[--length];
-    }
-    while (length--) {
-      accumulator = iteratee(accumulator, array[length], length, array);
-    }
-    return accumulator;
-  }
-
-  /**
-   * A specialized version of `_.some` for arrays without support for iteratee
-   * shorthands.
-   *
-   * @private
-   * @param {Array} [array] The array to iterate over.
-   * @param {Function} predicate The function invoked per iteration.
-   * @returns {boolean} Returns `true` if any element passes the predicate check,
-   *  else `false`.
-   */
-  function arraySome(array, predicate) {
-    var index = -1,
-      length = array == null ? 0 : array.length;
-    while (++index < length) {
-      if (predicate(array[index], index, array)) {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  /**
-   * Gets the size of an ASCII `string`.
-   *
-   * @private
-   * @param {string} string The string inspect.
-   * @returns {number} Returns the string size.
-   */
-  var asciiSize = baseProperty('length');
-
-  /**
-   * Converts an ASCII `string` to an array.
-   *
-   * @private
-   * @param {string} string The string to convert.
-   * @returns {Array} Returns the converted array.
-   */
-  function asciiToArray(string) {
-    return string.split('');
-  }
-
-  /**
-   * Splits an ASCII `string` into an array of its words.
-   *
-   * @private
-   * @param {string} The string to inspect.
-   * @returns {Array} Returns the words of `string`.
-   */
-  function asciiWords(string) {
-    return string.match(reAsciiWord) || [];
-  }
-
-  /**
-   * The base implementation of methods like `_.findKey` and `_.findLastKey`,
-   * without support for iteratee shorthands, which iterates over `collection`
-   * using `eachFunc`.
-   *
-   * @private
-   * @param {Array|Object} collection The collection to inspect.
-   * @param {Function} predicate The function invoked per iteration.
-   * @param {Function} eachFunc The function to iterate over `collection`.
-   * @returns {*} Returns the found element or its key, else `undefined`.
-   */
-  function baseFindKey(collection, predicate, eachFunc) {
-    var result;
-    eachFunc(collection, function (value, key, collection) {
-      if (predicate(value, key, collection)) {
-        result = key;
-        return false;
-      }
-    });
-    return result;
-  }
-
-  /**
-   * The base implementation of `_.findIndex` and `_.findLastIndex` without
-   * support for iteratee shorthands.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {Function} predicate The function invoked per iteration.
-   * @param {number} fromIndex The index to search from.
-   * @param {boolean} [fromRight] Specify iterating from right to left.
-   * @returns {number} Returns the index of the matched value, else `-1`.
-   */
-  function baseFindIndex(array, predicate, fromIndex, fromRight) {
-    var length = array.length,
-      index = fromIndex + (fromRight ? 1 : -1);
-    while (fromRight ? index-- : ++index < length) {
-      if (predicate(array[index], index, array)) {
-        return index;
-      }
-    }
-    return -1;
-  }
-
-  /**
-   * The base implementation of `_.indexOf` without `fromIndex` bounds checks.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {*} value The value to search for.
-   * @param {number} fromIndex The index to search from.
-   * @returns {number} Returns the index of the matched value, else `-1`.
-   */
-  function baseIndexOf(array, value, fromIndex) {
-    return value === value ? strictIndexOf(array, value, fromIndex) : baseFindIndex(array, baseIsNaN, fromIndex);
-  }
-
-  /**
-   * This function is like `baseIndexOf` except that it accepts a comparator.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {*} value The value to search for.
-   * @param {number} fromIndex The index to search from.
-   * @param {Function} comparator The comparator invoked per element.
-   * @returns {number} Returns the index of the matched value, else `-1`.
-   */
-  function baseIndexOfWith(array, value, fromIndex, comparator) {
-    var index = fromIndex - 1,
-      length = array.length;
-    while (++index < length) {
-      if (comparator(array[index], value)) {
-        return index;
-      }
-    }
-    return -1;
-  }
-
-  /**
-   * The base implementation of `_.isNaN` without support for number objects.
-   *
-   * @private
-   * @param {*} value The value to check.
-   * @returns {boolean} Returns `true` if `value` is `NaN`, else `false`.
-   */
-  function baseIsNaN(value) {
-    return value !== value;
-  }
-
-  /**
-   * The base implementation of `_.mean` and `_.meanBy` without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} array The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {number} Returns the mean.
-   */
-  function baseMean(array, iteratee) {
-    var length = array == null ? 0 : array.length;
-    return length ? baseSum(array, iteratee) / length : NAN;
-  }
-
-  /**
-   * The base implementation of `_.property` without support for deep paths.
-   *
-   * @private
-   * @param {string} key The key of the property to get.
-   * @returns {Function} Returns the new accessor function.
-   */
-  function baseProperty(key) {
-    return function (object) {
-      return object == null ? undefined : object[key];
-    };
-  }
-
-  /**
-   * The base implementation of `_.propertyOf` without support for deep paths.
-   *
-   * @private
-   * @param {Object} object The object to query.
-   * @returns {Function} Returns the new accessor function.
-   */
-  function basePropertyOf(object) {
-    return function (key) {
-      return object == null ? undefined : object[key];
-    };
-  }
-
-  /**
-   * The base implementation of `_.reduce` and `_.reduceRight`, without support
-   * for iteratee shorthands, which iterates over `collection` using `eachFunc`.
-   *
-   * @private
-   * @param {Array|Object} collection The collection to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @param {*} accumulator The initial value.
-   * @param {boolean} initAccum Specify using the first or last element of
-   *  `collection` as the initial value.
-   * @param {Function} eachFunc The function to iterate over `collection`.
-   * @returns {*} Returns the accumulated value.
-   */
-  function baseReduce(collection, iteratee, accumulator, initAccum, eachFunc) {
-    eachFunc(collection, function (value, index, collection) {
-      accumulator = initAccum ? (initAccum = false, value) : iteratee(accumulator, value, index, collection);
-    });
-    return accumulator;
-  }
-
-  /**
-   * The base implementation of `_.sortBy` which uses `comparer` to define the
-   * sort order of `array` and replaces criteria objects with their corresponding
-   * values.
-   *
-   * @private
-   * @param {Array} array The array to sort.
-   * @param {Function} comparer The function to define sort order.
-   * @returns {Array} Returns `array`.
-   */
-  function baseSortBy(array, comparer) {
-    var length = array.length;
-    array.sort(comparer);
-    while (length--) {
-      array[length] = array[length].value;
-    }
-    return array;
-  }
-
-  /**
-   * The base implementation of `_.sum` and `_.sumBy` without support for
-   * iteratee shorthands.
-   *
-   * @private
-   * @param {Array} array The array to iterate over.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {number} Returns the sum.
-   */
-  function baseSum(array, iteratee) {
-    var result,
-      index = -1,
-      length = array.length;
-    while (++index < length) {
-      var current = iteratee(array[index]);
-      if (current !== undefined) {
-        result = result === undefined ? current : result + current;
-      }
-    }
-    return result;
-  }
-
-  /**
-   * The base implementation of `_.times` without support for iteratee shorthands
-   * or max array length checks.
-   *
-   * @private
-   * @param {number} n The number of times to invoke `iteratee`.
-   * @param {Function} iteratee The function invoked per iteration.
-   * @returns {Array} Returns the array of results.
-   */
-  function baseTimes(n, iteratee) {
-    var index = -1,
-      result = Array(n);
-    while (++index < n) {
-      result[index] = iteratee(index);
-    }
-    return result;
-  }
-
-  /**
-   * The base implementation of `_.toPairs` and `_.toPairsIn` which creates an array
-   * of key-value pairs for `object` corresponding to the property names of `props`.
-   *
-   * @private
-   * @param {Object} object The object to query.
-   * @param {Array} props The property names to get values for.
-   * @returns {Object} Returns the key-value pairs.
-   */
-  function baseToPairs(object, props) {
-    return arrayMap(props, function (key) {
-      return [key, object[key]];
-    });
-  }
-
-  /**
-   * The base implementation of `_.trim`.
-   *
-   * @private
-   * @param {string} string The string to trim.
-   * @returns {string} Returns the trimmed string.
-   */
-  function baseTrim(string) {
-    return string ? string.slice(0, trimmedEndIndex(string) + 1).replace(reTrimStart, '') : string;
-  }
-
-  /**
-   * The base implementation of `_.unary` without support for storing metadata.
-   *
-   * @private
-   * @param {Function} func The function to cap arguments for.
-   * @returns {Function} Returns the new capped function.
-   */
-  function baseUnary(func) {
-    return function (value) {
-      return func(value);
-    };
-  }
-
-  /**
-   * The base implementation of `_.values` and `_.valuesIn` which creates an
-   * array of `object` property values corresponding to the property names
-   * of `props`.
-   *
-   * @private
-   * @param {Object} object The object to query.
-   * @param {Array} props The property names to get values for.
-   * @returns {Object} Returns the array of property values.
-   */
-  function baseValues(object, props) {
-    return arrayMap(props, function (key) {
-      return object[key];
-    });
-  }
-
-  /**
-   * Checks if a `cache` value for `key` exists.
-   *
-   * @private
-   * @param {Object} cache The cache to query.
-   * @param {string} key The key of the entry to check.
-   * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
-   */
-  function cacheHas(cache, key) {
-    return cache.has(key);
-  }
-
-  /**
-   * Used by `_.trim` and `_.trimStart` to get the index of the first string symbol
-   * that is not found in the character symbols.
-   *
-   * @private
-   * @param {Array} strSymbols The string symbols to inspect.
-   * @param {Array} chrSymbols The character symbols to find.
-   * @returns {number} Returns the index of the first unmatched string symbol.
-   */
-  function charsStartIndex(strSymbols, chrSymbols) {
-    var index = -1,
-      length = strSymbols.length;
-    while (++index < length && baseIndexOf(chrSymbols, strSymbols[index], 0) > -1) {}
-    return index;
-  }
-
-  /**
-   * Used by `_.trim` and `_.trimEnd` to get the index of the last string symbol
-   * that is not found in the character symbols.
-   *
-   * @private
-   * @param {Array} strSymbols The string symbols to inspect.
-   * @param {Array} chrSymbols The character symbols to find.
-   * @returns {number} Returns the index of the last unmatched string symbol.
-   */
-  function charsEndIndex(strSymbols, chrSymbols) {
-    var index = strSymbols.length;
-    while (index-- && baseIndexOf(chrSymbols, strSymbols[index], 0) > -1) {}
-    return index;
-  }
-
-  /**
-   * Gets the number of `placeholder` occurrences in `array`.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {*} placeholder The placeholder to search for.
-   * @returns {number} Returns the placeholder count.
-   */
-  function countHolders(array, placeholder) {
-    var length = array.length,
-      result = 0;
-    while (length--) {
-      if (array[length] === placeholder) {
-        ++result;
-      }
-    }
-    return result;
-  }
-
-  /**
-   * Used by `_.deburr` to convert Latin-1 Supplement and Latin Extended-A
-   * letters to basic Latin letters.
-   *
-   * @private
-   * @param {string} letter The matched letter to deburr.
-   * @returns {string} Returns the deburred letter.
-   */
-  var deburrLetter = basePropertyOf(deburredLetters);
-
-  /**
-   * Used by `_.escape` to convert characters to HTML entities.
-   *
-   * @private
-   * @param {string} chr The matched character to escape.
-   * @returns {string} Returns the escaped character.
-   */
-  var escapeHtmlChar = basePropertyOf(htmlEscapes);
-
-  /**
-   * Used by `_.template` to escape characters for inclusion in compiled string literals.
-   *
-   * @private
-   * @param {string} chr The matched character to escape.
-   * @returns {string} Returns the escaped character.
-   */
-  function escapeStringChar(chr) {
-    return '\\' + stringEscapes[chr];
-  }
-
-  /**
-   * Gets the value at `key` of `object`.
-   *
-   * @private
-   * @param {Object} [object] The object to query.
-   * @param {string} key The key of the property to get.
-   * @returns {*} Returns the property value.
-   */
-  function getValue(object, key) {
-    return object == null ? undefined : object[key];
-  }
-
-  /**
-   * Checks if `string` contains Unicode symbols.
-   *
-   * @private
-   * @param {string} string The string to inspect.
-   * @returns {boolean} Returns `true` if a symbol is found, else `false`.
-   */
-  function hasUnicode(string) {
-    return reHasUnicode.test(string);
-  }
-
-  /**
-   * Checks if `string` contains a word composed of Unicode symbols.
-   *
-   * @private
-   * @param {string} string The string to inspect.
-   * @returns {boolean} Returns `true` if a word is found, else `false`.
-   */
-  function hasUnicodeWord(string) {
-    return reHasUnicodeWord.test(string);
-  }
-
-  /**
-   * Converts `iterator` to an array.
-   *
-   * @private
-   * @param {Object} iterator The iterator to convert.
-   * @returns {Array} Returns the converted array.
-   */
-  function iteratorToArray(iterator) {
-    var data,
-      result = [];
-    while (!(data = iterator.next()).done) {
-      result.push(data.value);
-    }
-    return result;
-  }
-
-  /**
-   * Converts `map` to its key-value pairs.
-   *
-   * @private
-   * @param {Object} map The map to convert.
-   * @returns {Array} Returns the key-value pairs.
-   */
-  function mapToArray(map) {
-    var index = -1,
-      result = Array(map.size);
-    map.forEach(function (value, key) {
-      result[++index] = [key, value];
-    });
-    return result;
-  }
-
-  /**
-   * Creates a unary function that invokes `func` with its argument transformed.
-   *
-   * @private
-   * @param {Function} func The function to wrap.
-   * @param {Function} transform The argument transform.
-   * @returns {Function} Returns the new function.
-   */
-  function overArg(func, transform) {
-    return function (arg) {
-      return func(transform(arg));
-    };
-  }
-
-  /**
-   * Replaces all `placeholder` elements in `array` with an internal placeholder
-   * and returns an array of their indexes.
-   *
-   * @private
-   * @param {Array} array The array to modify.
-   * @param {*} placeholder The placeholder to replace.
-   * @returns {Array} Returns the new array of placeholder indexes.
-   */
-  function replaceHolders(array, placeholder) {
-    var index = -1,
-      length = array.length,
-      resIndex = 0,
-      result = [];
-    while (++index < length) {
-      var value = array[index];
-      if (value === placeholder || value === PLACEHOLDER) {
-        array[index] = PLACEHOLDER;
-        result[resIndex++] = index;
-      }
-    }
-    return result;
-  }
-
-  /**
-   * Converts `set` to an array of its values.
-   *
-   * @private
-   * @param {Object} set The set to convert.
-   * @returns {Array} Returns the values.
-   */
-  function setToArray(set) {
-    var index = -1,
-      result = Array(set.size);
-    set.forEach(function (value) {
-      result[++index] = value;
-    });
-    return result;
-  }
-
-  /**
-   * Converts `set` to its value-value pairs.
-   *
-   * @private
-   * @param {Object} set The set to convert.
-   * @returns {Array} Returns the value-value pairs.
-   */
-  function setToPairs(set) {
-    var index = -1,
-      result = Array(set.size);
-    set.forEach(function (value) {
-      result[++index] = [value, value];
-    });
-    return result;
-  }
-
-  /**
-   * A specialized version of `_.indexOf` which performs strict equality
-   * comparisons of values, i.e. `===`.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {*} value The value to search for.
-   * @param {number} fromIndex The index to search from.
-   * @returns {number} Returns the index of the matched value, else `-1`.
-   */
-  function strictIndexOf(array, value, fromIndex) {
-    var index = fromIndex - 1,
-      length = array.length;
-    while (++index < length) {
-      if (array[index] === value) {
-        return index;
-      }
-    }
-    return -1;
-  }
-
-  /**
-   * A specialized version of `_.lastIndexOf` which performs strict equality
-   * comparisons of values, i.e. `===`.
-   *
-   * @private
-   * @param {Array} array The array to inspect.
-   * @param {*} value The value to search for.
-   * @param {number} fromIndex The index to search from.
-   * @returns {number} Returns the index of the matched value, else `-1`.
-   */
-  function strictLastIndexOf(array, value, fromIndex) {
-    var index = fromIndex + 1;
-    while (index--) {
-      if (array[index] === value) {
-        return index;
-      }
-    }
-    return index;
-  }
-
-  /**
-   * Gets the number of symbols in `string`.
-   *
-   * @private
-   * @param {string} string The string to inspect.
-   * @returns {number} Returns the string size.
-   */
-  function stringSize(string) {
-    return hasUnicode(string) ? unicodeSize(string) : asciiSize(string);
-  }
-
-  /**
-   * Converts `string` to an array.
-   *
-   * @private
-   * @param {string} string The string to convert.
-   * @returns {Array} Returns the converted array.
-   */
-  function stringToArray(string) {
-    return hasUnicode(string) ? unicodeToArray(string) : asciiToArray(string);
-  }
-
-  /**
-   * Used by `_.trim` and `_.trimEnd` to get the index of the last non-whitespace
-   * character of `string`.
-   *
-   * @private
-   * @param {string} string The string to inspect.
-   * @returns {number} Returns the index of the last non-whitespace character.
-   */
-  function trimmedEndIndex(string) {
-    var index = string.length;
-    while (index-- && reWhitespace.test(string.charAt(index))) {}
-    return index;
-  }
-
-  /**
-   * Used by `_.unescape` to convert HTML entities to characters.
-   *
-   * @private
-   * @param {string} chr The matched character to unescape.
-   * @returns {string} Returns the unescaped character.
-   */
-  var unescapeHtmlChar = basePropertyOf(htmlUnescapes);
-
-  /**
-   * Gets the size of a Unicode `string`.
-   *
-   * @private
-   * @param {string} string The string inspect.
-   * @returns {number} Returns the string size.
-   */
-  function unicodeSize(string) {
-    var result = reUnicode.lastIndex = 0;
-    while (reUnicode.test(string)) {
-      ++result;
-    }
-    return result;
-  }
-
-  /**
-   * Converts a Unicode `string` to an array.
-   *
-   * @private
-   * @param {string} string The string to convert.
-   * @returns {Array} Returns the converted array.
-   */
-  function unicodeToArray(string) {
-    return string.match(reUnicode) || [];
-  }
-
-  /**
-   * Splits a Unicode `string` into an array of its words.
-   *
-   * @private
-   * @param {string} The string to inspect.
-   * @returns {Array} Returns the words of `string`.
-   */
-  function unicodeWords(string) {
-    return string.match(reUnicodeWord) || [];
-  }
-
-  /*--------------------------------------------------------------------------*/
-
-  /**
-   * Create a new pristine `lodash` function using the `context` object.
-   *
-   * @static
-   * @memberOf _
-   * @since 1.1.0
-   * @category Util
-   * @param {Object} [context=root] The context object.
-   * @returns {Function} Returns a new `lodash` function.
-   * @example
-   *
-   * _.mixin({ 'foo': _.constant('foo') });
-   *
-   * var lodash = _.runInContext();
-   * lodash.mixin({ 'bar': lodash.constant('bar') });
-   *
-   * _.isFunction(_.foo);
-   * // => true
-   * _.isFunction(_.bar);
-   * // => false
-   *
-   * lodash.isFunction(lodash.foo);
-   * // => false
-   * lodash.isFunction(lodash.bar);
-   * // => true
-   *
-   * // Create a suped-up `defer` in Node.js.
-   * var defer = _.runInContext({ 'setTimeout': setImmediate }).defer;
-   */
-  var runInContext = function runInContext(context) {
-    context = context == null ? root : _.defaults(root.Object(), context, _.pick(root, contextProps));
-
-    /** Built-in constructor references. */
-    var Array = context.Array,
-      Date = context.Date,
-      Error = context.Error,
-      Function = context.Function,
-      Math = context.Math,
-      Object = context.Object,
-      RegExp = context.RegExp,
-      String = context.String,
-      TypeError = context.TypeError;
-
-    /** Used for built-in method references. */
-    var arrayProto = Array.prototype,
-      funcProto = Function.prototype,
-      objectProto = Object.prototype;
-
-    /** Used to detect overreaching core-js shims. */
-    var coreJsData = context['__core-js_shared__'];
-
-    /** Used to resolve the decompiled source of functions. */
-    var funcToString = funcProto.toString;
-
-    /** Used to check objects for own properties. */
-    var hasOwnProperty = objectProto.hasOwnProperty;
-
-    /** Used to generate unique IDs. */
-    var idCounter = 0;
-
-    /** Used to detect methods masquerading as native. */
-    var maskSrcKey = function () {
-      var uid = /[^.]+$/.exec(coreJsData && coreJsData.keys && coreJsData.keys.IE_PROTO || '');
-      return uid ? 'Symbol(src)_1.' + uid : '';
-    }();
-
-    /**
-     * Used to resolve the
-     * [`toStringTag`](http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
-     * of values.
-     */
-    var nativeObjectToString = objectProto.toString;
-
-    /** Used to infer the `Object` constructor. */
-    var objectCtorString = funcToString.call(Object);
-
-    /** Used to restore the original `_` reference in `_.noConflict`. */
-    var oldDash = root._;
-
-    /** Used to detect if a method is native. */
-    var reIsNative = RegExp('^' + funcToString.call(hasOwnProperty).replace(reRegExpChar, '\\$&').replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, '$1.*?') + '$');
-
-    /** Built-in value references. */
-    var Buffer = moduleExports ? context.Buffer : undefined,
-      Symbol = context.Symbol,
-      Uint8Array = context.Uint8Array,
-      allocUnsafe = Buffer ? Buffer.allocUnsafe : undefined,
-      getPrototype = overArg(Object.getPrototypeOf, Object),
-      objectCreate = Object.create,
-      propertyIsEnumerable = objectProto.propertyIsEnumerable,
-      splice = arrayProto.splice,
-      spreadableSymbol = Symbol ? Symbol.isConcatSpreadable : undefined,
-      symIterator = Symbol ? Symbol.iterator : undefined,
-      symToStringTag = Symbol ? Symbol.toStringTag : undefined;
-    var defineProperty = function () {
-      try {
-        var func = getNative(Object, 'defineProperty');
-        func({}, '', {});
-        return func;
-      } catch (e) {}
-    }();
-
-    /** Mocked built-ins. */
-    var ctxClearTimeout = context.clearTimeout !== root.clearTimeout && context.clearTimeout,
-      ctxNow = Date && Date.now !== root.Date.now && Date.now,
-      ctxSetTimeout = context.setTimeout !== root.setTimeout && context.setTimeout;
-
-    /* Built-in method references for those with the same name as other `lodash` methods. */
-    var nativeCeil = Math.ceil,
-      nativeFloor = Math.floor,
-      nativeGetSymbols = Object.getOwnPropertySymbols,
-      nativeIsBuffer = Buffer ? Buffer.isBuffer : undefined,
-      nativeIsFinite = context.isFinite,
-      nativeJoin = arrayProto.join,
-      nativeKeys = overArg(Object.keys, Object),
-      nativeMax = Math.max,
-      nativeMin = Math.min,
-      nativeNow = Date.now,
-      nativeParseInt = context.parseInt,
-      nativeRandom = Math.random,
-      nativeReverse = arrayProto.reverse;
-
-    /* Built-in method references that are verified to be native. */
-    var DataView = getNative(context, 'DataView'),
-      Map = getNative(context, 'Map'),
-      Promise = getNative(context, 'Promise'),
-      Set = getNative(context, 'Set'),
-      WeakMap = getNative(context, 'WeakMap'),
-      nativeCreate = getNative(Object, 'create');
-
-    /** Used to store function metadata. */
-    var metaMap = WeakMap && new WeakMap();
-
-    /** Used to lookup unminified function names. */
-    var realNames = {};
-
-    /** Used to detect maps, sets, and weakmaps. */
-    var dataViewCtorString = toSource(DataView),
-      mapCtorString = toSource(Map),
-      promiseCtorString = toSource(Promise),
-      setCtorString = toSource(Set),
-      weakMapCtorString = toSource(WeakMap);
-
-    /** Used to convert symbols to primitives and strings. */
-    var symbolProto = Symbol ? Symbol.prototype : undefined,
-      symbolValueOf = symbolProto ? symbolProto.valueOf : undefined,
-      symbolToString = symbolProto ? symbolProto.toString : undefined;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a `lodash` object which wraps `value` to enable implicit method
-     * chain sequences. Methods that operate on and return arrays, collections,
-     * and functions can be chained together. Methods that retrieve a single value
-     * or may return a primitive value will automatically end the chain sequence
-     * and return the unwrapped value. Otherwise, the value must be unwrapped
-     * with `_#value`.
-     *
-     * Explicit chain sequences, which must be unwrapped with `_#value`, may be
-     * enabled using `_.chain`.
-     *
-     * The execution of chained methods is lazy, that is, it's deferred until
-     * `_#value` is implicitly or explicitly called.
-     *
-     * Lazy evaluation allows several methods to support shortcut fusion.
-     * Shortcut fusion is an optimization to merge iteratee calls; this avoids
-     * the creation of intermediate arrays and can greatly reduce the number of
-     * iteratee executions. Sections of a chain sequence qualify for shortcut
-     * fusion if the section is applied to an array and iteratees accept only
-     * one argument. The heuristic for whether a section qualifies for shortcut
-     * fusion is subject to change.
-     *
-     * Chaining is supported in custom builds as long as the `_#value` method is
-     * directly or indirectly included in the build.
-     *
-     * In addition to lodash methods, wrappers have `Array` and `String` methods.
-     *
-     * The wrapper `Array` methods are:
-     * `concat`, `join`, `pop`, `push`, `shift`, `sort`, `splice`, and `unshift`
-     *
-     * The wrapper `String` methods are:
-     * `replace` and `split`
-     *
-     * The wrapper methods that support shortcut fusion are:
-     * `at`, `compact`, `drop`, `dropRight`, `dropWhile`, `filter`, `find`,
-     * `findLast`, `head`, `initial`, `last`, `map`, `reject`, `reverse`, `slice`,
-     * `tail`, `take`, `takeRight`, `takeRightWhile`, `takeWhile`, and `toArray`
-     *
-     * The chainable wrapper methods are:
-     * `after`, `ary`, `assign`, `assignIn`, `assignInWith`, `assignWith`, `at`,
-     * `before`, `bind`, `bindAll`, `bindKey`, `castArray`, `chain`, `chunk`,
-     * `commit`, `compact`, `concat`, `conforms`, `constant`, `countBy`, `create`,
-     * `curry`, `debounce`, `defaults`, `defaultsDeep`, `defer`, `delay`,
-     * `difference`, `differenceBy`, `differenceWith`, `drop`, `dropRight`,
-     * `dropRightWhile`, `dropWhile`, `extend`, `extendWith`, `fill`, `filter`,
-     * `flatMap`, `flatMapDeep`, `flatMapDepth`, `flatten`, `flattenDeep`,
-     * `flattenDepth`, `flip`, `flow`, `flowRight`, `fromPairs`, `functions`,
-     * `functionsIn`, `groupBy`, `initial`, `intersection`, `intersectionBy`,
-     * `intersectionWith`, `invert`, `invertBy`, `invokeMap`, `iteratee`, `keyBy`,
-     * `keys`, `keysIn`, `map`, `mapKeys`, `mapValues`, `matches`, `matchesProperty`,
-     * `memoize`, `merge`, `mergeWith`, `method`, `methodOf`, `mixin`, `negate`,
-     * `nthArg`, `omit`, `omitBy`, `once`, `orderBy`, `over`, `overArgs`,
-     * `overEvery`, `overSome`, `partial`, `partialRight`, `partition`, `pick`,
-     * `pickBy`, `plant`, `property`, `propertyOf`, `pull`, `pullAll`, `pullAllBy`,
-     * `pullAllWith`, `pullAt`, `push`, `range`, `rangeRight`, `rearg`, `reject`,
-     * `remove`, `rest`, `reverse`, `sampleSize`, `set`, `setWith`, `shuffle`,
-     * `slice`, `sort`, `sortBy`, `splice`, `spread`, `tail`, `take`, `takeRight`,
-     * `takeRightWhile`, `takeWhile`, `tap`, `throttle`, `thru`, `toArray`,
-     * `toPairs`, `toPairsIn`, `toPath`, `toPlainObject`, `transform`, `unary`,
-     * `union`, `unionBy`, `unionWith`, `uniq`, `uniqBy`, `uniqWith`, `unset`,
-     * `unshift`, `unzip`, `unzipWith`, `update`, `updateWith`, `values`,
-     * `valuesIn`, `without`, `wrap`, `xor`, `xorBy`, `xorWith`, `zip`,
-     * `zipObject`, `zipObjectDeep`, and `zipWith`
-     *
-     * The wrapper methods that are **not** chainable by default are:
-     * `add`, `attempt`, `camelCase`, `capitalize`, `ceil`, `clamp`, `clone`,
-     * `cloneDeep`, `cloneDeepWith`, `cloneWith`, `conformsTo`, `deburr`,
-     * `defaultTo`, `divide`, `each`, `eachRight`, `endsWith`, `eq`, `escape`,
-     * `escapeRegExp`, `every`, `find`, `findIndex`, `findKey`, `findLast`,
-     * `findLastIndex`, `findLastKey`, `first`, `floor`, `forEach`, `forEachRight`,
-     * `forIn`, `forInRight`, `forOwn`, `forOwnRight`, `get`, `gt`, `gte`, `has`,
-     * `hasIn`, `head`, `identity`, `includes`, `indexOf`, `inRange`, `invoke`,
-     * `isArguments`, `isArray`, `isArrayBuffer`, `isArrayLike`, `isArrayLikeObject`,
-     * `isBoolean`, `isBuffer`, `isDate`, `isElement`, `isEmpty`, `isEqual`,
-     * `isEqualWith`, `isError`, `isFinite`, `isFunction`, `isInteger`, `isLength`,
-     * `isMap`, `isMatch`, `isMatchWith`, `isNaN`, `isNative`, `isNil`, `isNull`,
-     * `isNumber`, `isObject`, `isObjectLike`, `isPlainObject`, `isRegExp`,
-     * `isSafeInteger`, `isSet`, `isString`, `isUndefined`, `isTypedArray`,
-     * `isWeakMap`, `isWeakSet`, `join`, `kebabCase`, `last`, `lastIndexOf`,
-     * `lowerCase`, `lowerFirst`, `lt`, `lte`, `max`, `maxBy`, `mean`, `meanBy`,
-     * `min`, `minBy`, `multiply`, `noConflict`, `noop`, `now`, `nth`, `pad`,
-     * `padEnd`, `padStart`, `parseInt`, `pop`, `random`, `reduce`, `reduceRight`,
-     * `repeat`, `result`, `round`, `runInContext`, `sample`, `shift`, `size`,
-     * `snakeCase`, `some`, `sortedIndex`, `sortedIndexBy`, `sortedLastIndex`,
-     * `sortedLastIndexBy`, `startCase`, `startsWith`, `stubArray`, `stubFalse`,
-     * `stubObject`, `stubString`, `stubTrue`, `subtract`, `sum`, `sumBy`,
-     * `template`, `times`, `toFinite`, `toInteger`, `toJSON`, `toLength`,
-     * `toLower`, `toNumber`, `toSafeInteger`, `toString`, `toUpper`, `trim`,
-     * `trimEnd`, `trimStart`, `truncate`, `unescape`, `uniqueId`, `upperCase`,
-     * `upperFirst`, `value`, and `words`
-     *
-     * @name _
-     * @constructor
-     * @category Seq
-     * @param {*} value The value to wrap in a `lodash` instance.
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * var wrapped = _([1, 2, 3]);
-     *
-     * // Returns an unwrapped value.
-     * wrapped.reduce(_.add);
-     * // => 6
-     *
-     * // Returns a wrapped value.
-     * var squares = wrapped.map(square);
-     *
-     * _.isArray(squares);
-     * // => false
-     *
-     * _.isArray(squares.value());
-     * // => true
-     */
-    function lodash(value) {
-      if (isObjectLike(value) && !isArray(value) && !(value instanceof LazyWrapper)) {
-        if (value instanceof LodashWrapper) {
-          return value;
-        }
-        if (hasOwnProperty.call(value, '__wrapped__')) {
-          return wrapperClone(value);
-        }
-      }
-      return new LodashWrapper(value);
-    }
-
-    /**
-     * The base implementation of `_.create` without support for assigning
-     * properties to the created object.
-     *
-     * @private
-     * @param {Object} proto The object to inherit from.
-     * @returns {Object} Returns the new object.
-     */
-    var baseCreate = function () {
-      function object() {}
-      return function (proto) {
-        if (!isObject(proto)) {
-          return {};
-        }
-        if (objectCreate) {
-          return objectCreate(proto);
-        }
-        object.prototype = proto;
-        var result = new object();
-        object.prototype = undefined;
-        return result;
-      };
-    }();
-
-    /**
-     * The function whose prototype chain sequence wrappers inherit from.
-     *
-     * @private
-     */
-    function baseLodash() {
-      // No operation performed.
-    }
-
-    /**
-     * The base constructor for creating `lodash` wrapper objects.
-     *
-     * @private
-     * @param {*} value The value to wrap.
-     * @param {boolean} [chainAll] Enable explicit method chain sequences.
-     */
-    function LodashWrapper(value, chainAll) {
-      this.__wrapped__ = value;
-      this.__actions__ = [];
-      this.__chain__ = !!chainAll;
-      this.__index__ = 0;
-      this.__values__ = undefined;
-    }
-
-    /**
-     * By default, the template delimiters used by lodash are like those in
-     * embedded Ruby (ERB) as well as ES2015 template strings. Change the
-     * following template settings to use alternative delimiters.
-     *
-     * @static
-     * @memberOf _
-     * @type {Object}
-     */
-    lodash.templateSettings = {
-      /**
-       * Used to detect `data` property values to be HTML-escaped.
-       *
-       * @memberOf _.templateSettings
-       * @type {RegExp}
-       */
-      'escape': reEscape,
-      /**
-       * Used to detect code to be evaluated.
-       *
-       * @memberOf _.templateSettings
-       * @type {RegExp}
-       */
-      'evaluate': reEvaluate,
-      /**
-       * Used to detect `data` property values to inject.
-       *
-       * @memberOf _.templateSettings
-       * @type {RegExp}
-       */
-      'interpolate': reInterpolate,
-      /**
-       * Used to reference the data object in the template text.
-       *
-       * @memberOf _.templateSettings
-       * @type {string}
-       */
-      'variable': '',
-      /**
-       * Used to import variables into the compiled template.
-       *
-       * @memberOf _.templateSettings
-       * @type {Object}
-       */
-      'imports': {
-        /**
-         * A reference to the `lodash` function.
-         *
-         * @memberOf _.templateSettings.imports
-         * @type {Function}
-         */
-        '_': lodash
-      }
-    };
-
-    // Ensure wrappers are instances of `baseLodash`.
-    lodash.prototype = baseLodash.prototype;
-    lodash.prototype.constructor = lodash;
-    LodashWrapper.prototype = baseCreate(baseLodash.prototype);
-    LodashWrapper.prototype.constructor = LodashWrapper;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a lazy wrapper object which wraps `value` to enable lazy evaluation.
-     *
-     * @private
-     * @constructor
-     * @param {*} value The value to wrap.
-     */
-    function LazyWrapper(value) {
-      this.__wrapped__ = value;
-      this.__actions__ = [];
-      this.__dir__ = 1;
-      this.__filtered__ = false;
-      this.__iteratees__ = [];
-      this.__takeCount__ = MAX_ARRAY_LENGTH;
-      this.__views__ = [];
-    }
-
-    /**
-     * Creates a clone of the lazy wrapper object.
-     *
-     * @private
-     * @name clone
-     * @memberOf LazyWrapper
-     * @returns {Object} Returns the cloned `LazyWrapper` object.
-     */
-    function lazyClone() {
-      var result = new LazyWrapper(this.__wrapped__);
-      result.__actions__ = copyArray(this.__actions__);
-      result.__dir__ = this.__dir__;
-      result.__filtered__ = this.__filtered__;
-      result.__iteratees__ = copyArray(this.__iteratees__);
-      result.__takeCount__ = this.__takeCount__;
-      result.__views__ = copyArray(this.__views__);
-      return result;
-    }
-
-    /**
-     * Reverses the direction of lazy iteration.
-     *
-     * @private
-     * @name reverse
-     * @memberOf LazyWrapper
-     * @returns {Object} Returns the new reversed `LazyWrapper` object.
-     */
-    function lazyReverse() {
-      if (this.__filtered__) {
-        var result = new LazyWrapper(this);
-        result.__dir__ = -1;
-        result.__filtered__ = true;
-      } else {
-        result = this.clone();
-        result.__dir__ *= -1;
-      }
-      return result;
-    }
-
-    /**
-     * Extracts the unwrapped value from its lazy wrapper.
-     *
-     * @private
-     * @name value
-     * @memberOf LazyWrapper
-     * @returns {*} Returns the unwrapped value.
-     */
-    function lazyValue() {
-      var array = this.__wrapped__.value(),
-        dir = this.__dir__,
-        isArr = isArray(array),
-        isRight = dir < 0,
-        arrLength = isArr ? array.length : 0,
-        view = getView(0, arrLength, this.__views__),
-        start = view.start,
-        end = view.end,
-        length = end - start,
-        index = isRight ? end : start - 1,
-        iteratees = this.__iteratees__,
-        iterLength = iteratees.length,
-        resIndex = 0,
-        takeCount = nativeMin(length, this.__takeCount__);
-      if (!isArr || !isRight && arrLength == length && takeCount == length) {
-        return baseWrapperValue(array, this.__actions__);
-      }
-      var result = [];
-      outer: while (length-- && resIndex < takeCount) {
-        index += dir;
-        var iterIndex = -1,
-          value = array[index];
-        while (++iterIndex < iterLength) {
-          var data = iteratees[iterIndex],
-            iteratee = data.iteratee,
-            type = data.type,
-            computed = iteratee(value);
-          if (type == LAZY_MAP_FLAG) {
-            value = computed;
-          } else if (!computed) {
-            if (type == LAZY_FILTER_FLAG) {
-              continue outer;
-            } else {
-              break outer;
-            }
-          }
-        }
-        result[resIndex++] = value;
-      }
-      return result;
-    }
-
-    // Ensure `LazyWrapper` is an instance of `baseLodash`.
-    LazyWrapper.prototype = baseCreate(baseLodash.prototype);
-    LazyWrapper.prototype.constructor = LazyWrapper;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a hash object.
-     *
-     * @private
-     * @constructor
-     * @param {Array} [entries] The key-value pairs to cache.
-     */
-    function Hash(entries) {
-      var index = -1,
-        length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-
-    /**
-     * Removes all key-value entries from the hash.
-     *
-     * @private
-     * @name clear
-     * @memberOf Hash
-     */
-    function hashClear() {
-      this.__data__ = nativeCreate ? nativeCreate(null) : {};
-      this.size = 0;
-    }
-
-    /**
-     * Removes `key` and its value from the hash.
-     *
-     * @private
-     * @name delete
-     * @memberOf Hash
-     * @param {Object} hash The hash to modify.
-     * @param {string} key The key of the value to remove.
-     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
-     */
-    function hashDelete(key) {
-      var result = this.has(key) && delete this.__data__[key];
-      this.size -= result ? 1 : 0;
-      return result;
-    }
-
-    /**
-     * Gets the hash value for `key`.
-     *
-     * @private
-     * @name get
-     * @memberOf Hash
-     * @param {string} key The key of the value to get.
-     * @returns {*} Returns the entry value.
-     */
-    function hashGet(key) {
-      var data = this.__data__;
-      if (nativeCreate) {
-        var result = data[key];
-        return result === HASH_UNDEFINED ? undefined : result;
-      }
-      return hasOwnProperty.call(data, key) ? data[key] : undefined;
-    }
-
-    /**
-     * Checks if a hash value for `key` exists.
-     *
-     * @private
-     * @name has
-     * @memberOf Hash
-     * @param {string} key The key of the entry to check.
-     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
-     */
-    function hashHas(key) {
-      var data = this.__data__;
-      return nativeCreate ? data[key] !== undefined : hasOwnProperty.call(data, key);
-    }
-
-    /**
-     * Sets the hash `key` to `value`.
-     *
-     * @private
-     * @name set
-     * @memberOf Hash
-     * @param {string} key The key of the value to set.
-     * @param {*} value The value to set.
-     * @returns {Object} Returns the hash instance.
-     */
-    function hashSet(key, value) {
-      var data = this.__data__;
-      this.size += this.has(key) ? 0 : 1;
-      data[key] = nativeCreate && value === undefined ? HASH_UNDEFINED : value;
-      return this;
-    }
-
-    // Add methods to `Hash`.
-    Hash.prototype.clear = hashClear;
-    Hash.prototype['delete'] = hashDelete;
-    Hash.prototype.get = hashGet;
-    Hash.prototype.has = hashHas;
-    Hash.prototype.set = hashSet;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates an list cache object.
-     *
-     * @private
-     * @constructor
-     * @param {Array} [entries] The key-value pairs to cache.
-     */
-    function ListCache(entries) {
-      var index = -1,
-        length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-
-    /**
-     * Removes all key-value entries from the list cache.
-     *
-     * @private
-     * @name clear
-     * @memberOf ListCache
-     */
-    function listCacheClear() {
-      this.__data__ = [];
-      this.size = 0;
-    }
-
-    /**
-     * Removes `key` and its value from the list cache.
-     *
-     * @private
-     * @name delete
-     * @memberOf ListCache
-     * @param {string} key The key of the value to remove.
-     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
-     */
-    function listCacheDelete(key) {
-      var data = this.__data__,
-        index = assocIndexOf(data, key);
-      if (index < 0) {
-        return false;
-      }
-      var lastIndex = data.length - 1;
-      if (index == lastIndex) {
-        data.pop();
-      } else {
-        splice.call(data, index, 1);
-      }
-      --this.size;
-      return true;
-    }
-
-    /**
-     * Gets the list cache value for `key`.
-     *
-     * @private
-     * @name get
-     * @memberOf ListCache
-     * @param {string} key The key of the value to get.
-     * @returns {*} Returns the entry value.
-     */
-    function listCacheGet(key) {
-      var data = this.__data__,
-        index = assocIndexOf(data, key);
-      return index < 0 ? undefined : data[index][1];
-    }
-
-    /**
-     * Checks if a list cache value for `key` exists.
-     *
-     * @private
-     * @name has
-     * @memberOf ListCache
-     * @param {string} key The key of the entry to check.
-     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
-     */
-    function listCacheHas(key) {
-      return assocIndexOf(this.__data__, key) > -1;
-    }
-
-    /**
-     * Sets the list cache `key` to `value`.
-     *
-     * @private
-     * @name set
-     * @memberOf ListCache
-     * @param {string} key The key of the value to set.
-     * @param {*} value The value to set.
-     * @returns {Object} Returns the list cache instance.
-     */
-    function listCacheSet(key, value) {
-      var data = this.__data__,
-        index = assocIndexOf(data, key);
-      if (index < 0) {
-        ++this.size;
-        data.push([key, value]);
-      } else {
-        data[index][1] = value;
-      }
-      return this;
-    }
-
-    // Add methods to `ListCache`.
-    ListCache.prototype.clear = listCacheClear;
-    ListCache.prototype['delete'] = listCacheDelete;
-    ListCache.prototype.get = listCacheGet;
-    ListCache.prototype.has = listCacheHas;
-    ListCache.prototype.set = listCacheSet;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a map cache object to store key-value pairs.
-     *
-     * @private
-     * @constructor
-     * @param {Array} [entries] The key-value pairs to cache.
-     */
-    function MapCache(entries) {
-      var index = -1,
-        length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-
-    /**
-     * Removes all key-value entries from the map.
-     *
-     * @private
-     * @name clear
-     * @memberOf MapCache
-     */
-    function mapCacheClear() {
-      this.size = 0;
-      this.__data__ = {
-        'hash': new Hash(),
-        'map': new (Map || ListCache)(),
-        'string': new Hash()
-      };
-    }
-
-    /**
-     * Removes `key` and its value from the map.
-     *
-     * @private
-     * @name delete
-     * @memberOf MapCache
-     * @param {string} key The key of the value to remove.
-     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
-     */
-    function mapCacheDelete(key) {
-      var result = getMapData(this, key)['delete'](key);
-      this.size -= result ? 1 : 0;
-      return result;
-    }
-
-    /**
-     * Gets the map value for `key`.
-     *
-     * @private
-     * @name get
-     * @memberOf MapCache
-     * @param {string} key The key of the value to get.
-     * @returns {*} Returns the entry value.
-     */
-    function mapCacheGet(key) {
-      return getMapData(this, key).get(key);
-    }
-
-    /**
-     * Checks if a map value for `key` exists.
-     *
-     * @private
-     * @name has
-     * @memberOf MapCache
-     * @param {string} key The key of the entry to check.
-     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
-     */
-    function mapCacheHas(key) {
-      return getMapData(this, key).has(key);
-    }
-
-    /**
-     * Sets the map `key` to `value`.
-     *
-     * @private
-     * @name set
-     * @memberOf MapCache
-     * @param {string} key The key of the value to set.
-     * @param {*} value The value to set.
-     * @returns {Object} Returns the map cache instance.
-     */
-    function mapCacheSet(key, value) {
-      var data = getMapData(this, key),
-        size = data.size;
-      data.set(key, value);
-      this.size += data.size == size ? 0 : 1;
-      return this;
-    }
-
-    // Add methods to `MapCache`.
-    MapCache.prototype.clear = mapCacheClear;
-    MapCache.prototype['delete'] = mapCacheDelete;
-    MapCache.prototype.get = mapCacheGet;
-    MapCache.prototype.has = mapCacheHas;
-    MapCache.prototype.set = mapCacheSet;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     *
-     * Creates an array cache object to store unique values.
-     *
-     * @private
-     * @constructor
-     * @param {Array} [values] The values to cache.
-     */
-    function SetCache(values) {
-      var index = -1,
-        length = values == null ? 0 : values.length;
-      this.__data__ = new MapCache();
-      while (++index < length) {
-        this.add(values[index]);
-      }
-    }
-
-    /**
-     * Adds `value` to the array cache.
-     *
-     * @private
-     * @name add
-     * @memberOf SetCache
-     * @alias push
-     * @param {*} value The value to cache.
-     * @returns {Object} Returns the cache instance.
-     */
-    function setCacheAdd(value) {
-      this.__data__.set(value, HASH_UNDEFINED);
-      return this;
-    }
-
-    /**
-     * Checks if `value` is in the array cache.
-     *
-     * @private
-     * @name has
-     * @memberOf SetCache
-     * @param {*} value The value to search for.
-     * @returns {number} Returns `true` if `value` is found, else `false`.
-     */
-    function setCacheHas(value) {
-      return this.__data__.has(value);
-    }
-
-    // Add methods to `SetCache`.
-    SetCache.prototype.add = SetCache.prototype.push = setCacheAdd;
-    SetCache.prototype.has = setCacheHas;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a stack cache object to store key-value pairs.
-     *
-     * @private
-     * @constructor
-     * @param {Array} [entries] The key-value pairs to cache.
-     */
-    function Stack(entries) {
-      var data = this.__data__ = new ListCache(entries);
-      this.size = data.size;
-    }
-
-    /**
-     * Removes all key-value entries from the stack.
-     *
-     * @private
-     * @name clear
-     * @memberOf Stack
-     */
-    function stackClear() {
-      this.__data__ = new ListCache();
-      this.size = 0;
-    }
-
-    /**
-     * Removes `key` and its value from the stack.
-     *
-     * @private
-     * @name delete
-     * @memberOf Stack
-     * @param {string} key The key of the value to remove.
-     * @returns {boolean} Returns `true` if the entry was removed, else `false`.
-     */
-    function stackDelete(key) {
-      var data = this.__data__,
-        result = data['delete'](key);
-      this.size = data.size;
-      return result;
-    }
-
-    /**
-     * Gets the stack value for `key`.
-     *
-     * @private
-     * @name get
-     * @memberOf Stack
-     * @param {string} key The key of the value to get.
-     * @returns {*} Returns the entry value.
-     */
-    function stackGet(key) {
-      return this.__data__.get(key);
-    }
-
-    /**
-     * Checks if a stack value for `key` exists.
-     *
-     * @private
-     * @name has
-     * @memberOf Stack
-     * @param {string} key The key of the entry to check.
-     * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`.
-     */
-    function stackHas(key) {
-      return this.__data__.has(key);
-    }
-
-    /**
-     * Sets the stack `key` to `value`.
-     *
-     * @private
-     * @name set
-     * @memberOf Stack
-     * @param {string} key The key of the value to set.
-     * @param {*} value The value to set.
-     * @returns {Object} Returns the stack cache instance.
-     */
-    function stackSet(key, value) {
-      var data = this.__data__;
-      if (data instanceof ListCache) {
-        var pairs = data.__data__;
-        if (!Map || pairs.length < LARGE_ARRAY_SIZE - 1) {
-          pairs.push([key, value]);
-          this.size = ++data.size;
-          return this;
-        }
-        data = this.__data__ = new MapCache(pairs);
-      }
-      data.set(key, value);
-      this.size = data.size;
-      return this;
-    }
-
-    // Add methods to `Stack`.
-    Stack.prototype.clear = stackClear;
-    Stack.prototype['delete'] = stackDelete;
-    Stack.prototype.get = stackGet;
-    Stack.prototype.has = stackHas;
-    Stack.prototype.set = stackSet;
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates an array of the enumerable property names of the array-like `value`.
-     *
-     * @private
-     * @param {*} value The value to query.
-     * @param {boolean} inherited Specify returning inherited property names.
-     * @returns {Array} Returns the array of property names.
-     */
-    function arrayLikeKeys(value, inherited) {
-      var isArr = isArray(value),
-        isArg = !isArr && isArguments(value),
-        isBuff = !isArr && !isArg && isBuffer(value),
-        isType = !isArr && !isArg && !isBuff && isTypedArray(value),
-        skipIndexes = isArr || isArg || isBuff || isType,
-        result = skipIndexes ? baseTimes(value.length, String) : [],
-        length = result.length;
-      for (var key in value) {
-        if ((inherited || hasOwnProperty.call(value, key)) && !(skipIndexes && (
-        // Safari 9 has enumerable `arguments.length` in strict mode.
-        key == 'length' ||
-        // Node.js 0.10 has enumerable non-index properties on buffers.
-        isBuff && (key == 'offset' || key == 'parent') ||
-        // PhantomJS 2 has enumerable non-index properties on typed arrays.
-        isType && (key == 'buffer' || key == 'byteLength' || key == 'byteOffset') ||
-        // Skip index properties.
-        isIndex(key, length)))) {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * A specialized version of `_.sample` for arrays.
-     *
-     * @private
-     * @param {Array} array The array to sample.
-     * @returns {*} Returns the random element.
-     */
-    function arraySample(array) {
-      var length = array.length;
-      return length ? array[baseRandom(0, length - 1)] : undefined;
-    }
-
-    /**
-     * A specialized version of `_.sampleSize` for arrays.
-     *
-     * @private
-     * @param {Array} array The array to sample.
-     * @param {number} n The number of elements to sample.
-     * @returns {Array} Returns the random elements.
-     */
-    function arraySampleSize(array, n) {
-      return shuffleSelf(copyArray(array), baseClamp(n, 0, array.length));
-    }
-
-    /**
-     * A specialized version of `_.shuffle` for arrays.
-     *
-     * @private
-     * @param {Array} array The array to shuffle.
-     * @returns {Array} Returns the new shuffled array.
-     */
-    function arrayShuffle(array) {
-      return shuffleSelf(copyArray(array));
-    }
-
-    /**
-     * This function is like `assignValue` except that it doesn't assign
-     * `undefined` values.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {string} key The key of the property to assign.
-     * @param {*} value The value to assign.
-     */
-    function assignMergeValue(object, key, value) {
-      if (value !== undefined && !eq(object[key], value) || value === undefined && !(key in object)) {
-        baseAssignValue(object, key, value);
-      }
-    }
-
-    /**
-     * Assigns `value` to `key` of `object` if the existing value is not equivalent
-     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {string} key The key of the property to assign.
-     * @param {*} value The value to assign.
-     */
-    function assignValue(object, key, value) {
-      var objValue = object[key];
-      if (!(hasOwnProperty.call(object, key) && eq(objValue, value)) || value === undefined && !(key in object)) {
-        baseAssignValue(object, key, value);
-      }
-    }
-
-    /**
-     * Gets the index at which the `key` is found in `array` of key-value pairs.
-     *
-     * @private
-     * @param {Array} array The array to inspect.
-     * @param {*} key The key to search for.
-     * @returns {number} Returns the index of the matched value, else `-1`.
-     */
-    function assocIndexOf(array, key) {
-      var length = array.length;
-      while (length--) {
-        if (eq(array[length][0], key)) {
-          return length;
-        }
-      }
-      return -1;
-    }
-
-    /**
-     * Aggregates elements of `collection` on `accumulator` with keys transformed
-     * by `iteratee` and values set by `setter`.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} setter The function to set `accumulator` values.
-     * @param {Function} iteratee The iteratee to transform keys.
-     * @param {Object} accumulator The initial aggregated object.
-     * @returns {Function} Returns `accumulator`.
-     */
-    function baseAggregator(collection, setter, iteratee, accumulator) {
-      baseEach(collection, function (value, key, collection) {
-        setter(accumulator, value, iteratee(value), collection);
-      });
-      return accumulator;
-    }
-
-    /**
-     * The base implementation of `_.assign` without support for multiple sources
-     * or `customizer` functions.
-     *
-     * @private
-     * @param {Object} object The destination object.
-     * @param {Object} source The source object.
-     * @returns {Object} Returns `object`.
-     */
-    function baseAssign(object, source) {
-      return object && copyObject(source, keys(source), object);
-    }
-
-    /**
-     * The base implementation of `_.assignIn` without support for multiple sources
-     * or `customizer` functions.
-     *
-     * @private
-     * @param {Object} object The destination object.
-     * @param {Object} source The source object.
-     * @returns {Object} Returns `object`.
-     */
-    function baseAssignIn(object, source) {
-      return object && copyObject(source, keysIn(source), object);
-    }
-
-    /**
-     * The base implementation of `assignValue` and `assignMergeValue` without
-     * value checks.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {string} key The key of the property to assign.
-     * @param {*} value The value to assign.
-     */
-    function baseAssignValue(object, key, value) {
-      if (key == '__proto__' && defineProperty) {
-        defineProperty(object, key, {
-          'configurable': true,
-          'enumerable': true,
-          'value': value,
-          'writable': true
-        });
-      } else {
-        object[key] = value;
-      }
-    }
-
-    /**
-     * The base implementation of `_.at` without support for individual paths.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {string[]} paths The property paths to pick.
-     * @returns {Array} Returns the picked elements.
-     */
-    function baseAt(object, paths) {
-      var index = -1,
-        length = paths.length,
-        result = Array(length),
-        skip = object == null;
-      while (++index < length) {
-        result[index] = skip ? undefined : get(object, paths[index]);
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.clamp` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {number} number The number to clamp.
-     * @param {number} [lower] The lower bound.
-     * @param {number} upper The upper bound.
-     * @returns {number} Returns the clamped number.
-     */
-    function baseClamp(number, lower, upper) {
-      if (number === number) {
-        if (upper !== undefined) {
-          number = number <= upper ? number : upper;
-        }
-        if (lower !== undefined) {
-          number = number >= lower ? number : lower;
-        }
-      }
-      return number;
-    }
-
-    /**
-     * The base implementation of `_.clone` and `_.cloneDeep` which tracks
-     * traversed objects.
-     *
-     * @private
-     * @param {*} value The value to clone.
-     * @param {boolean} bitmask The bitmask flags.
-     *  1 - Deep clone
-     *  2 - Flatten inherited properties
-     *  4 - Clone symbols
-     * @param {Function} [customizer] The function to customize cloning.
-     * @param {string} [key] The key of `value`.
-     * @param {Object} [object] The parent object of `value`.
-     * @param {Object} [stack] Tracks traversed objects and their clone counterparts.
-     * @returns {*} Returns the cloned value.
-     */
-    function baseClone(value, bitmask, customizer, key, object, stack) {
-      var result,
-        isDeep = bitmask & CLONE_DEEP_FLAG,
-        isFlat = bitmask & CLONE_FLAT_FLAG,
-        isFull = bitmask & CLONE_SYMBOLS_FLAG;
-      if (customizer) {
-        result = object ? customizer(value, key, object, stack) : customizer(value);
-      }
-      if (result !== undefined) {
-        return result;
-      }
-      if (!isObject(value)) {
-        return value;
-      }
-      var isArr = isArray(value);
-      if (isArr) {
-        result = initCloneArray(value);
-        if (!isDeep) {
-          return copyArray(value, result);
-        }
-      } else {
-        var tag = getTag(value),
-          isFunc = tag == funcTag || tag == genTag;
-        if (isBuffer(value)) {
-          return cloneBuffer(value, isDeep);
-        }
-        if (tag == objectTag || tag == argsTag || isFunc && !object) {
-          result = isFlat || isFunc ? {} : initCloneObject(value);
-          if (!isDeep) {
-            return isFlat ? copySymbolsIn(value, baseAssignIn(result, value)) : copySymbols(value, baseAssign(result, value));
-          }
-        } else {
-          if (!cloneableTags[tag]) {
-            return object ? value : {};
-          }
-          result = initCloneByTag(value, tag, isDeep);
-        }
-      }
-      // Check for circular references and return its corresponding clone.
-      stack || (stack = new Stack());
-      var stacked = stack.get(value);
-      if (stacked) {
-        return stacked;
-      }
-      stack.set(value, result);
-      if (isSet(value)) {
-        value.forEach(function (subValue) {
-          result.add(baseClone(subValue, bitmask, customizer, subValue, value, stack));
-        });
-      } else if (isMap(value)) {
-        value.forEach(function (subValue, key) {
-          result.set(key, baseClone(subValue, bitmask, customizer, key, value, stack));
-        });
-      }
-      var keysFunc = isFull ? isFlat ? getAllKeysIn : getAllKeys : isFlat ? keysIn : keys;
-      var props = isArr ? undefined : keysFunc(value);
-      arrayEach(props || value, function (subValue, key) {
-        if (props) {
-          key = subValue;
-          subValue = value[key];
-        }
-        // Recursively populate clone (susceptible to call stack limits).
-        assignValue(result, key, baseClone(subValue, bitmask, customizer, key, value, stack));
-      });
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.conforms` which doesn't clone `source`.
-     *
-     * @private
-     * @param {Object} source The object of property predicates to conform to.
-     * @returns {Function} Returns the new spec function.
-     */
-    function baseConforms(source) {
-      var props = keys(source);
-      return function (object) {
-        return baseConformsTo(object, source, props);
-      };
-    }
-
-    /**
-     * The base implementation of `_.conformsTo` which accepts `props` to check.
-     *
-     * @private
-     * @param {Object} object The object to inspect.
-     * @param {Object} source The object of property predicates to conform to.
-     * @returns {boolean} Returns `true` if `object` conforms, else `false`.
-     */
-    function baseConformsTo(object, source, props) {
-      var length = props.length;
-      if (object == null) {
-        return !length;
-      }
-      object = Object(object);
-      while (length--) {
-        var key = props[length],
-          predicate = source[key],
-          value = object[key];
-        if (value === undefined && !(key in object) || !predicate(value)) {
-          return false;
-        }
-      }
-      return true;
-    }
-
-    /**
-     * The base implementation of `_.delay` and `_.defer` which accepts `args`
-     * to provide to `func`.
-     *
-     * @private
-     * @param {Function} func The function to delay.
-     * @param {number} wait The number of milliseconds to delay invocation.
-     * @param {Array} args The arguments to provide to `func`.
-     * @returns {number|Object} Returns the timer id or timeout object.
-     */
-    function baseDelay(func, wait, args) {
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      return setTimeout(function () {
-        func.apply(undefined, args);
-      }, wait);
-    }
-
-    /**
-     * The base implementation of methods like `_.difference` without support
-     * for excluding multiple arrays or iteratee shorthands.
-     *
-     * @private
-     * @param {Array} array The array to inspect.
-     * @param {Array} values The values to exclude.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of filtered values.
-     */
-    function baseDifference(array, values, iteratee, comparator) {
-      var index = -1,
-        includes = arrayIncludes,
-        isCommon = true,
-        length = array.length,
-        result = [],
-        valuesLength = values.length;
-      if (!length) {
-        return result;
-      }
-      if (iteratee) {
-        values = arrayMap(values, baseUnary(iteratee));
-      }
-      if (comparator) {
-        includes = arrayIncludesWith;
-        isCommon = false;
-      } else if (values.length >= LARGE_ARRAY_SIZE) {
-        includes = cacheHas;
-        isCommon = false;
-        values = new SetCache(values);
-      }
-      outer: while (++index < length) {
-        var value = array[index],
-          computed = iteratee == null ? value : iteratee(value);
-        value = comparator || value !== 0 ? value : 0;
-        if (isCommon && computed === computed) {
-          var valuesIndex = valuesLength;
-          while (valuesIndex--) {
-            if (values[valuesIndex] === computed) {
-              continue outer;
-            }
-          }
-          result.push(value);
-        } else if (!includes(values, computed, comparator)) {
-          result.push(value);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.forEach` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @returns {Array|Object} Returns `collection`.
-     */
-    var baseEach = createBaseEach(baseForOwn);
-
-    /**
-     * The base implementation of `_.forEachRight` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @returns {Array|Object} Returns `collection`.
-     */
-    var baseEachRight = createBaseEach(baseForOwnRight, true);
-
-    /**
-     * The base implementation of `_.every` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} predicate The function invoked per iteration.
-     * @returns {boolean} Returns `true` if all elements pass the predicate check,
-     *  else `false`
-     */
-    function baseEvery(collection, predicate) {
-      var result = true;
-      baseEach(collection, function (value, index, collection) {
-        result = !!predicate(value, index, collection);
-        return result;
-      });
-      return result;
-    }
-
-    /**
-     * The base implementation of methods like `_.max` and `_.min` which accepts a
-     * `comparator` to determine the extremum value.
-     *
-     * @private
-     * @param {Array} array The array to iterate over.
-     * @param {Function} iteratee The iteratee invoked per iteration.
-     * @param {Function} comparator The comparator used to compare values.
-     * @returns {*} Returns the extremum value.
-     */
-    function baseExtremum(array, iteratee, comparator) {
-      var index = -1,
-        length = array.length;
-      while (++index < length) {
-        var value = array[index],
-          current = iteratee(value);
-        if (current != null && (computed === undefined ? current === current && !isSymbol(current) : comparator(current, computed))) {
-          var computed = current,
-            result = value;
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.fill` without an iteratee call guard.
-     *
-     * @private
-     * @param {Array} array The array to fill.
-     * @param {*} value The value to fill `array` with.
-     * @param {number} [start=0] The start position.
-     * @param {number} [end=array.length] The end position.
-     * @returns {Array} Returns `array`.
-     */
-    function baseFill(array, value, start, end) {
-      var length = array.length;
-      start = toInteger(start);
-      if (start < 0) {
-        start = -start > length ? 0 : length + start;
-      }
-      end = end === undefined || end > length ? length : toInteger(end);
-      if (end < 0) {
-        end += length;
-      }
-      end = start > end ? 0 : toLength(end);
-      while (start < end) {
-        array[start++] = value;
-      }
-      return array;
-    }
-
-    /**
-     * The base implementation of `_.filter` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} predicate The function invoked per iteration.
-     * @returns {Array} Returns the new filtered array.
-     */
-    function baseFilter(collection, predicate) {
-      var result = [];
-      baseEach(collection, function (value, index, collection) {
-        if (predicate(value, index, collection)) {
-          result.push(value);
-        }
-      });
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.flatten` with support for restricting flattening.
-     *
-     * @private
-     * @param {Array} array The array to flatten.
-     * @param {number} depth The maximum recursion depth.
-     * @param {boolean} [predicate=isFlattenable] The function invoked per iteration.
-     * @param {boolean} [isStrict] Restrict to values that pass `predicate` checks.
-     * @param {Array} [result=[]] The initial result value.
-     * @returns {Array} Returns the new flattened array.
-     */
-    function baseFlatten(array, depth, predicate, isStrict, result) {
-      var index = -1,
-        length = array.length;
-      predicate || (predicate = isFlattenable);
-      result || (result = []);
-      while (++index < length) {
-        var value = array[index];
-        if (depth > 0 && predicate(value)) {
-          if (depth > 1) {
-            // Recursively flatten arrays (susceptible to call stack limits).
-            baseFlatten(value, depth - 1, predicate, isStrict, result);
-          } else {
-            arrayPush(result, value);
-          }
-        } else if (!isStrict) {
-          result[result.length] = value;
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `baseForOwn` which iterates over `object`
-     * properties returned by `keysFunc` and invokes `iteratee` for each property.
-     * Iteratee functions may exit iteration early by explicitly returning `false`.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @param {Function} keysFunc The function to get the keys of `object`.
-     * @returns {Object} Returns `object`.
-     */
-    var baseFor = createBaseFor();
-
-    /**
-     * This function is like `baseFor` except that it iterates over properties
-     * in the opposite order.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @param {Function} keysFunc The function to get the keys of `object`.
-     * @returns {Object} Returns `object`.
-     */
-    var baseForRight = createBaseFor(true);
-
-    /**
-     * The base implementation of `_.forOwn` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     */
-    function baseForOwn(object, iteratee) {
-      return object && baseFor(object, iteratee, keys);
-    }
-
-    /**
-     * The base implementation of `_.forOwnRight` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     */
-    function baseForOwnRight(object, iteratee) {
-      return object && baseForRight(object, iteratee, keys);
-    }
-
-    /**
-     * The base implementation of `_.functions` which creates an array of
-     * `object` function property names filtered from `props`.
-     *
-     * @private
-     * @param {Object} object The object to inspect.
-     * @param {Array} props The property names to filter.
-     * @returns {Array} Returns the function names.
-     */
-    function baseFunctions(object, props) {
-      return arrayFilter(props, function (key) {
-        return isFunction(object[key]);
-      });
-    }
-
-    /**
-     * The base implementation of `_.get` without support for default values.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path of the property to get.
-     * @returns {*} Returns the resolved value.
-     */
-    function baseGet(object, path) {
-      path = castPath(path, object);
-      var index = 0,
-        length = path.length;
-      while (object != null && index < length) {
-        object = object[toKey(path[index++])];
-      }
-      return index && index == length ? object : undefined;
-    }
-
-    /**
-     * The base implementation of `getAllKeys` and `getAllKeysIn` which uses
-     * `keysFunc` and `symbolsFunc` to get the enumerable property names and
-     * symbols of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {Function} keysFunc The function to get the keys of `object`.
-     * @param {Function} symbolsFunc The function to get the symbols of `object`.
-     * @returns {Array} Returns the array of property names and symbols.
-     */
-    function baseGetAllKeys(object, keysFunc, symbolsFunc) {
-      var result = keysFunc(object);
-      return isArray(object) ? result : arrayPush(result, symbolsFunc(object));
-    }
-
-    /**
-     * The base implementation of `getTag` without fallbacks for buggy environments.
-     *
-     * @private
-     * @param {*} value The value to query.
-     * @returns {string} Returns the `toStringTag`.
-     */
-    function baseGetTag(value) {
-      if (value == null) {
-        return value === undefined ? undefinedTag : nullTag;
-      }
-      return symToStringTag && symToStringTag in Object(value) ? getRawTag(value) : objectToString(value);
-    }
-
-    /**
-     * The base implementation of `_.gt` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is greater than `other`,
-     *  else `false`.
-     */
-    function baseGt(value, other) {
-      return value > other;
-    }
-
-    /**
-     * The base implementation of `_.has` without support for deep paths.
-     *
-     * @private
-     * @param {Object} [object] The object to query.
-     * @param {Array|string} key The key to check.
-     * @returns {boolean} Returns `true` if `key` exists, else `false`.
-     */
-    function baseHas(object, key) {
-      return object != null && hasOwnProperty.call(object, key);
-    }
-
-    /**
-     * The base implementation of `_.hasIn` without support for deep paths.
-     *
-     * @private
-     * @param {Object} [object] The object to query.
-     * @param {Array|string} key The key to check.
-     * @returns {boolean} Returns `true` if `key` exists, else `false`.
-     */
-    function baseHasIn(object, key) {
-      return object != null && key in Object(object);
-    }
-
-    /**
-     * The base implementation of `_.inRange` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {number} number The number to check.
-     * @param {number} start The start of the range.
-     * @param {number} end The end of the range.
-     * @returns {boolean} Returns `true` if `number` is in the range, else `false`.
-     */
-    function baseInRange(number, start, end) {
-      return number >= nativeMin(start, end) && number < nativeMax(start, end);
-    }
-
-    /**
-     * The base implementation of methods like `_.intersection`, without support
-     * for iteratee shorthands, that accepts an array of arrays to inspect.
-     *
-     * @private
-     * @param {Array} arrays The arrays to inspect.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of shared values.
-     */
-    function baseIntersection(arrays, iteratee, comparator) {
-      var includes = comparator ? arrayIncludesWith : arrayIncludes,
-        length = arrays[0].length,
-        othLength = arrays.length,
-        othIndex = othLength,
-        caches = Array(othLength),
-        maxLength = Infinity,
-        result = [];
-      while (othIndex--) {
-        var array = arrays[othIndex];
-        if (othIndex && iteratee) {
-          array = arrayMap(array, baseUnary(iteratee));
-        }
-        maxLength = nativeMin(array.length, maxLength);
-        caches[othIndex] = !comparator && (iteratee || length >= 120 && array.length >= 120) ? new SetCache(othIndex && array) : undefined;
-      }
-      array = arrays[0];
-      var index = -1,
-        seen = caches[0];
-      outer: while (++index < length && result.length < maxLength) {
-        var value = array[index],
-          computed = iteratee ? iteratee(value) : value;
-        value = comparator || value !== 0 ? value : 0;
-        if (!(seen ? cacheHas(seen, computed) : includes(result, computed, comparator))) {
-          othIndex = othLength;
-          while (--othIndex) {
-            var cache = caches[othIndex];
-            if (!(cache ? cacheHas(cache, computed) : includes(arrays[othIndex], computed, comparator))) {
-              continue outer;
-            }
-          }
-          if (seen) {
-            seen.push(computed);
-          }
-          result.push(value);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.invert` and `_.invertBy` which inverts
-     * `object` with values transformed by `iteratee` and set by `setter`.
-     *
-     * @private
-     * @param {Object} object The object to iterate over.
-     * @param {Function} setter The function to set `accumulator` values.
-     * @param {Function} iteratee The iteratee to transform values.
-     * @param {Object} accumulator The initial inverted object.
-     * @returns {Function} Returns `accumulator`.
-     */
-    function baseInverter(object, setter, iteratee, accumulator) {
-      baseForOwn(object, function (value, key, object) {
-        setter(accumulator, iteratee(value), key, object);
-      });
-      return accumulator;
-    }
-
-    /**
-     * The base implementation of `_.invoke` without support for individual
-     * method arguments.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path of the method to invoke.
-     * @param {Array} args The arguments to invoke the method with.
-     * @returns {*} Returns the result of the invoked method.
-     */
-    function baseInvoke(object, path, args) {
-      path = castPath(path, object);
-      object = parent(object, path);
-      var func = object == null ? object : object[toKey(last(path))];
-      return func == null ? undefined : apply(func, object, args);
-    }
-
-    /**
-     * The base implementation of `_.isArguments`.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an `arguments` object,
-     */
-    function baseIsArguments(value) {
-      return isObjectLike(value) && baseGetTag(value) == argsTag;
-    }
-
-    /**
-     * The base implementation of `_.isArrayBuffer` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an array buffer, else `false`.
-     */
-    function baseIsArrayBuffer(value) {
-      return isObjectLike(value) && baseGetTag(value) == arrayBufferTag;
-    }
-
-    /**
-     * The base implementation of `_.isDate` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a date object, else `false`.
-     */
-    function baseIsDate(value) {
-      return isObjectLike(value) && baseGetTag(value) == dateTag;
-    }
-
-    /**
-     * The base implementation of `_.isEqual` which supports partial comparisons
-     * and tracks traversed objects.
-     *
-     * @private
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @param {boolean} bitmask The bitmask flags.
-     *  1 - Unordered comparison
-     *  2 - Partial comparison
-     * @param {Function} [customizer] The function to customize comparisons.
-     * @param {Object} [stack] Tracks traversed `value` and `other` objects.
-     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
-     */
-    function baseIsEqual(value, other, bitmask, customizer, stack) {
-      if (value === other) {
-        return true;
-      }
-      if (value == null || other == null || !isObjectLike(value) && !isObjectLike(other)) {
-        return value !== value && other !== other;
-      }
-      return baseIsEqualDeep(value, other, bitmask, customizer, baseIsEqual, stack);
-    }
-
-    /**
-     * A specialized version of `baseIsEqual` for arrays and objects which performs
-     * deep comparisons and tracks traversed objects enabling objects with circular
-     * references to be compared.
-     *
-     * @private
-     * @param {Object} object The object to compare.
-     * @param {Object} other The other object to compare.
-     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
-     * @param {Function} customizer The function to customize comparisons.
-     * @param {Function} equalFunc The function to determine equivalents of values.
-     * @param {Object} [stack] Tracks traversed `object` and `other` objects.
-     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
-     */
-    function baseIsEqualDeep(object, other, bitmask, customizer, equalFunc, stack) {
-      var objIsArr = isArray(object),
-        othIsArr = isArray(other),
-        objTag = objIsArr ? arrayTag : getTag(object),
-        othTag = othIsArr ? arrayTag : getTag(other);
-      objTag = objTag == argsTag ? objectTag : objTag;
-      othTag = othTag == argsTag ? objectTag : othTag;
-      var objIsObj = objTag == objectTag,
-        othIsObj = othTag == objectTag,
-        isSameTag = objTag == othTag;
-      if (isSameTag && isBuffer(object)) {
-        if (!isBuffer(other)) {
-          return false;
-        }
-        objIsArr = true;
-        objIsObj = false;
-      }
-      if (isSameTag && !objIsObj) {
-        stack || (stack = new Stack());
-        return objIsArr || isTypedArray(object) ? equalArrays(object, other, bitmask, customizer, equalFunc, stack) : equalByTag(object, other, objTag, bitmask, customizer, equalFunc, stack);
-      }
-      if (!(bitmask & COMPARE_PARTIAL_FLAG)) {
-        var objIsWrapped = objIsObj && hasOwnProperty.call(object, '__wrapped__'),
-          othIsWrapped = othIsObj && hasOwnProperty.call(other, '__wrapped__');
-        if (objIsWrapped || othIsWrapped) {
-          var objUnwrapped = objIsWrapped ? object.value() : object,
-            othUnwrapped = othIsWrapped ? other.value() : other;
-          stack || (stack = new Stack());
-          return equalFunc(objUnwrapped, othUnwrapped, bitmask, customizer, stack);
-        }
-      }
-      if (!isSameTag) {
-        return false;
-      }
-      stack || (stack = new Stack());
-      return equalObjects(object, other, bitmask, customizer, equalFunc, stack);
-    }
-
-    /**
-     * The base implementation of `_.isMap` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a map, else `false`.
-     */
-    function baseIsMap(value) {
-      return isObjectLike(value) && getTag(value) == mapTag;
-    }
-
-    /**
-     * The base implementation of `_.isMatch` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Object} object The object to inspect.
-     * @param {Object} source The object of property values to match.
-     * @param {Array} matchData The property names, values, and compare flags to match.
-     * @param {Function} [customizer] The function to customize comparisons.
-     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
-     */
-    function baseIsMatch(object, source, matchData, customizer) {
-      var index = matchData.length,
-        length = index,
-        noCustomizer = !customizer;
-      if (object == null) {
-        return !length;
-      }
-      object = Object(object);
-      while (index--) {
-        var data = matchData[index];
-        if (noCustomizer && data[2] ? data[1] !== object[data[0]] : !(data[0] in object)) {
-          return false;
-        }
-      }
-      while (++index < length) {
-        data = matchData[index];
-        var key = data[0],
-          objValue = object[key],
-          srcValue = data[1];
-        if (noCustomizer && data[2]) {
-          if (objValue === undefined && !(key in object)) {
-            return false;
-          }
-        } else {
-          var stack = new Stack();
-          if (customizer) {
-            var result = customizer(objValue, srcValue, key, object, source, stack);
-          }
-          if (!(result === undefined ? baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG, customizer, stack) : result)) {
-            return false;
-          }
-        }
-      }
-      return true;
-    }
-
-    /**
-     * The base implementation of `_.isNative` without bad shim checks.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a native function,
-     *  else `false`.
-     */
-    function baseIsNative(value) {
-      if (!isObject(value) || isMasked(value)) {
-        return false;
-      }
-      var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
-      return pattern.test(toSource(value));
-    }
-
-    /**
-     * The base implementation of `_.isRegExp` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a regexp, else `false`.
-     */
-    function baseIsRegExp(value) {
-      return isObjectLike(value) && baseGetTag(value) == regexpTag;
-    }
-
-    /**
-     * The base implementation of `_.isSet` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a set, else `false`.
-     */
-    function baseIsSet(value) {
-      return isObjectLike(value) && getTag(value) == setTag;
-    }
-
-    /**
-     * The base implementation of `_.isTypedArray` without Node.js optimizations.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a typed array, else `false`.
-     */
-    function baseIsTypedArray(value) {
-      return isObjectLike(value) && isLength(value.length) && !!typedArrayTags[baseGetTag(value)];
-    }
-
-    /**
-     * The base implementation of `_.iteratee`.
-     *
-     * @private
-     * @param {*} [value=_.identity] The value to convert to an iteratee.
-     * @returns {Function} Returns the iteratee.
-     */
-    function baseIteratee(value) {
-      // Don't store the `typeof` result in a variable to avoid a JIT bug in Safari 9.
-      // See https://bugs.webkit.org/show_bug.cgi?id=156034 for more details.
-      if (typeof value == 'function') {
-        return value;
-      }
-      if (value == null) {
-        return identity;
-      }
-      if (typeof value == 'object') {
-        return isArray(value) ? baseMatchesProperty(value[0], value[1]) : baseMatches(value);
-      }
-      return property(value);
-    }
-
-    /**
-     * The base implementation of `_.keys` which doesn't treat sparse arrays as dense.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names.
-     */
-    function baseKeys(object) {
-      if (!isPrototype(object)) {
-        return nativeKeys(object);
-      }
-      var result = [];
-      for (var key in Object(object)) {
-        if (hasOwnProperty.call(object, key) && key != 'constructor') {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.keysIn` which doesn't treat sparse arrays as dense.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names.
-     */
-    function baseKeysIn(object) {
-      if (!isObject(object)) {
-        return nativeKeysIn(object);
-      }
-      var isProto = isPrototype(object),
-        result = [];
-      for (var key in object) {
-        if (!(key == 'constructor' && (isProto || !hasOwnProperty.call(object, key)))) {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.lt` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is less than `other`,
-     *  else `false`.
-     */
-    function baseLt(value, other) {
-      return value < other;
-    }
-
-    /**
-     * The base implementation of `_.map` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} iteratee The function invoked per iteration.
-     * @returns {Array} Returns the new mapped array.
-     */
-    function baseMap(collection, iteratee) {
-      var index = -1,
-        result = isArrayLike(collection) ? Array(collection.length) : [];
-      baseEach(collection, function (value, key, collection) {
-        result[++index] = iteratee(value, key, collection);
-      });
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.matches` which doesn't clone `source`.
-     *
-     * @private
-     * @param {Object} source The object of property values to match.
-     * @returns {Function} Returns the new spec function.
-     */
-    function baseMatches(source) {
-      var matchData = getMatchData(source);
-      if (matchData.length == 1 && matchData[0][2]) {
-        return matchesStrictComparable(matchData[0][0], matchData[0][1]);
-      }
-      return function (object) {
-        return object === source || baseIsMatch(object, source, matchData);
-      };
-    }
-
-    /**
-     * The base implementation of `_.matchesProperty` which doesn't clone `srcValue`.
-     *
-     * @private
-     * @param {string} path The path of the property to get.
-     * @param {*} srcValue The value to match.
-     * @returns {Function} Returns the new spec function.
-     */
-    function baseMatchesProperty(path, srcValue) {
-      if (isKey(path) && isStrictComparable(srcValue)) {
-        return matchesStrictComparable(toKey(path), srcValue);
-      }
-      return function (object) {
-        var objValue = get(object, path);
-        return objValue === undefined && objValue === srcValue ? hasIn(object, path) : baseIsEqual(srcValue, objValue, COMPARE_PARTIAL_FLAG | COMPARE_UNORDERED_FLAG);
-      };
-    }
-
-    /**
-     * The base implementation of `_.merge` without support for multiple sources.
-     *
-     * @private
-     * @param {Object} object The destination object.
-     * @param {Object} source The source object.
-     * @param {number} srcIndex The index of `source`.
-     * @param {Function} [customizer] The function to customize merged values.
-     * @param {Object} [stack] Tracks traversed source values and their merged
-     *  counterparts.
-     */
-    function baseMerge(object, source, srcIndex, customizer, stack) {
-      if (object === source) {
-        return;
-      }
-      baseFor(source, function (srcValue, key) {
-        stack || (stack = new Stack());
-        if (isObject(srcValue)) {
-          baseMergeDeep(object, source, key, srcIndex, baseMerge, customizer, stack);
-        } else {
-          var newValue = customizer ? customizer(safeGet(object, key), srcValue, key + '', object, source, stack) : undefined;
-          if (newValue === undefined) {
-            newValue = srcValue;
-          }
-          assignMergeValue(object, key, newValue);
-        }
-      }, keysIn);
-    }
-
-    /**
-     * A specialized version of `baseMerge` for arrays and objects which performs
-     * deep merges and tracks traversed objects enabling objects with circular
-     * references to be merged.
-     *
-     * @private
-     * @param {Object} object The destination object.
-     * @param {Object} source The source object.
-     * @param {string} key The key of the value to merge.
-     * @param {number} srcIndex The index of `source`.
-     * @param {Function} mergeFunc The function to merge values.
-     * @param {Function} [customizer] The function to customize assigned values.
-     * @param {Object} [stack] Tracks traversed source values and their merged
-     *  counterparts.
-     */
-    function baseMergeDeep(object, source, key, srcIndex, mergeFunc, customizer, stack) {
-      var objValue = safeGet(object, key),
-        srcValue = safeGet(source, key),
-        stacked = stack.get(srcValue);
-      if (stacked) {
-        assignMergeValue(object, key, stacked);
-        return;
-      }
-      var newValue = customizer ? customizer(objValue, srcValue, key + '', object, source, stack) : undefined;
-      var isCommon = newValue === undefined;
-      if (isCommon) {
-        var isArr = isArray(srcValue),
-          isBuff = !isArr && isBuffer(srcValue),
-          isTyped = !isArr && !isBuff && isTypedArray(srcValue);
-        newValue = srcValue;
-        if (isArr || isBuff || isTyped) {
-          if (isArray(objValue)) {
-            newValue = objValue;
-          } else if (isArrayLikeObject(objValue)) {
-            newValue = copyArray(objValue);
-          } else if (isBuff) {
-            isCommon = false;
-            newValue = cloneBuffer(srcValue, true);
-          } else if (isTyped) {
-            isCommon = false;
-            newValue = cloneTypedArray(srcValue, true);
-          } else {
-            newValue = [];
-          }
-        } else if (isPlainObject(srcValue) || isArguments(srcValue)) {
-          newValue = objValue;
-          if (isArguments(objValue)) {
-            newValue = toPlainObject(objValue);
-          } else if (!isObject(objValue) || isFunction(objValue)) {
-            newValue = initCloneObject(srcValue);
-          }
-        } else {
-          isCommon = false;
-        }
-      }
-      if (isCommon) {
-        // Recursively merge objects and arrays (susceptible to call stack limits).
-        stack.set(srcValue, newValue);
-        mergeFunc(newValue, srcValue, srcIndex, customizer, stack);
-        stack['delete'](srcValue);
-      }
-      assignMergeValue(object, key, newValue);
-    }
-
-    /**
-     * The base implementation of `_.nth` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {Array} array The array to query.
-     * @param {number} n The index of the element to return.
-     * @returns {*} Returns the nth element of `array`.
-     */
-    function baseNth(array, n) {
-      var length = array.length;
-      if (!length) {
-        return;
-      }
-      n += n < 0 ? length : 0;
-      return isIndex(n, length) ? array[n] : undefined;
-    }
-
-    /**
-     * The base implementation of `_.orderBy` without param guards.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function[]|Object[]|string[]} iteratees The iteratees to sort by.
-     * @param {string[]} orders The sort orders of `iteratees`.
-     * @returns {Array} Returns the new sorted array.
-     */
-    function baseOrderBy(collection, iteratees, orders) {
-      if (iteratees.length) {
-        iteratees = arrayMap(iteratees, function (iteratee) {
-          if (isArray(iteratee)) {
-            return function (value) {
-              return baseGet(value, iteratee.length === 1 ? iteratee[0] : iteratee);
-            };
-          }
-          return iteratee;
-        });
-      } else {
-        iteratees = [identity];
-      }
-      var index = -1;
-      iteratees = arrayMap(iteratees, baseUnary(getIteratee()));
-      var result = baseMap(collection, function (value, key, collection) {
-        var criteria = arrayMap(iteratees, function (iteratee) {
-          return iteratee(value);
-        });
-        return {
-          'criteria': criteria,
-          'index': ++index,
-          'value': value
-        };
-      });
-      return baseSortBy(result, function (object, other) {
-        return compareMultiple(object, other, orders);
-      });
-    }
-
-    /**
-     * The base implementation of `_.pick` without support for individual
-     * property identifiers.
-     *
-     * @private
-     * @param {Object} object The source object.
-     * @param {string[]} paths The property paths to pick.
-     * @returns {Object} Returns the new object.
-     */
-    function basePick(object, paths) {
-      return basePickBy(object, paths, function (value, path) {
-        return hasIn(object, path);
-      });
-    }
-
-    /**
-     * The base implementation of  `_.pickBy` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Object} object The source object.
-     * @param {string[]} paths The property paths to pick.
-     * @param {Function} predicate The function invoked per property.
-     * @returns {Object} Returns the new object.
-     */
-    function basePickBy(object, paths, predicate) {
-      var index = -1,
-        length = paths.length,
-        result = {};
-      while (++index < length) {
-        var path = paths[index],
-          value = baseGet(object, path);
-        if (predicate(value, path)) {
-          baseSet(result, castPath(path, object), value);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * A specialized version of `baseProperty` which supports deep paths.
-     *
-     * @private
-     * @param {Array|string} path The path of the property to get.
-     * @returns {Function} Returns the new accessor function.
-     */
-    function basePropertyDeep(path) {
-      return function (object) {
-        return baseGet(object, path);
-      };
-    }
-
-    /**
-     * The base implementation of `_.pullAllBy` without support for iteratee
-     * shorthands.
-     *
-     * @private
-     * @param {Array} array The array to modify.
-     * @param {Array} values The values to remove.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns `array`.
-     */
-    function basePullAll(array, values, iteratee, comparator) {
-      var indexOf = comparator ? baseIndexOfWith : baseIndexOf,
-        index = -1,
-        length = values.length,
-        seen = array;
-      if (array === values) {
-        values = copyArray(values);
-      }
-      if (iteratee) {
-        seen = arrayMap(array, baseUnary(iteratee));
-      }
-      while (++index < length) {
-        var fromIndex = 0,
-          value = values[index],
-          computed = iteratee ? iteratee(value) : value;
-        while ((fromIndex = indexOf(seen, computed, fromIndex, comparator)) > -1) {
-          if (seen !== array) {
-            splice.call(seen, fromIndex, 1);
-          }
-          splice.call(array, fromIndex, 1);
-        }
-      }
-      return array;
-    }
-
-    /**
-     * The base implementation of `_.pullAt` without support for individual
-     * indexes or capturing the removed elements.
-     *
-     * @private
-     * @param {Array} array The array to modify.
-     * @param {number[]} indexes The indexes of elements to remove.
-     * @returns {Array} Returns `array`.
-     */
-    function basePullAt(array, indexes) {
-      var length = array ? indexes.length : 0,
-        lastIndex = length - 1;
-      while (length--) {
-        var index = indexes[length];
-        if (length == lastIndex || index !== previous) {
-          var previous = index;
-          if (isIndex(index)) {
-            splice.call(array, index, 1);
-          } else {
-            baseUnset(array, index);
-          }
-        }
-      }
-      return array;
-    }
-
-    /**
-     * The base implementation of `_.random` without support for returning
-     * floating-point numbers.
-     *
-     * @private
-     * @param {number} lower The lower bound.
-     * @param {number} upper The upper bound.
-     * @returns {number} Returns the random number.
-     */
-    function baseRandom(lower, upper) {
-      return lower + nativeFloor(nativeRandom() * (upper - lower + 1));
-    }
-
-    /**
-     * The base implementation of `_.range` and `_.rangeRight` which doesn't
-     * coerce arguments.
-     *
-     * @private
-     * @param {number} start The start of the range.
-     * @param {number} end The end of the range.
-     * @param {number} step The value to increment or decrement by.
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Array} Returns the range of numbers.
-     */
-    function baseRange(start, end, step, fromRight) {
-      var index = -1,
-        length = nativeMax(nativeCeil((end - start) / (step || 1)), 0),
-        result = Array(length);
-      while (length--) {
-        result[fromRight ? length : ++index] = start;
-        start += step;
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.repeat` which doesn't coerce arguments.
-     *
-     * @private
-     * @param {string} string The string to repeat.
-     * @param {number} n The number of times to repeat the string.
-     * @returns {string} Returns the repeated string.
-     */
-    function baseRepeat(string, n) {
-      var result = '';
-      if (!string || n < 1 || n > MAX_SAFE_INTEGER) {
-        return result;
-      }
-      // Leverage the exponentiation by squaring algorithm for a faster repeat.
-      // See https://en.wikipedia.org/wiki/Exponentiation_by_squaring for more details.
-      do {
-        if (n % 2) {
-          result += string;
-        }
-        n = nativeFloor(n / 2);
-        if (n) {
-          string += string;
-        }
-      } while (n);
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.rest` which doesn't validate or coerce arguments.
-     *
-     * @private
-     * @param {Function} func The function to apply a rest parameter to.
-     * @param {number} [start=func.length-1] The start position of the rest parameter.
-     * @returns {Function} Returns the new function.
-     */
-    function baseRest(func, start) {
-      return setToString(overRest(func, start, identity), func + '');
-    }
-
-    /**
-     * The base implementation of `_.sample`.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to sample.
-     * @returns {*} Returns the random element.
-     */
-    function baseSample(collection) {
-      return arraySample(values(collection));
-    }
-
-    /**
-     * The base implementation of `_.sampleSize` without param guards.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to sample.
-     * @param {number} n The number of elements to sample.
-     * @returns {Array} Returns the random elements.
-     */
-    function baseSampleSize(collection, n) {
-      var array = values(collection);
-      return shuffleSelf(array, baseClamp(n, 0, array.length));
-    }
-
-    /**
-     * The base implementation of `_.set`.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to set.
-     * @param {*} value The value to set.
-     * @param {Function} [customizer] The function to customize path creation.
-     * @returns {Object} Returns `object`.
-     */
-    function baseSet(object, path, value, customizer) {
-      if (!isObject(object)) {
-        return object;
-      }
-      path = castPath(path, object);
-      var index = -1,
-        length = path.length,
-        lastIndex = length - 1,
-        nested = object;
-      while (nested != null && ++index < length) {
-        var key = toKey(path[index]),
-          newValue = value;
-        if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
-          return object;
-        }
-        if (index != lastIndex) {
-          var objValue = nested[key];
-          newValue = customizer ? customizer(objValue, key, nested) : undefined;
-          if (newValue === undefined) {
-            newValue = isObject(objValue) ? objValue : isIndex(path[index + 1]) ? [] : {};
-          }
-        }
-        assignValue(nested, key, newValue);
-        nested = nested[key];
-      }
-      return object;
-    }
-
-    /**
-     * The base implementation of `setData` without support for hot loop shorting.
-     *
-     * @private
-     * @param {Function} func The function to associate metadata with.
-     * @param {*} data The metadata.
-     * @returns {Function} Returns `func`.
-     */
-    var baseSetData = !metaMap ? identity : function (func, data) {
-      metaMap.set(func, data);
-      return func;
-    };
-
-    /**
-     * The base implementation of `setToString` without support for hot loop shorting.
-     *
-     * @private
-     * @param {Function} func The function to modify.
-     * @param {Function} string The `toString` result.
-     * @returns {Function} Returns `func`.
-     */
-    var baseSetToString = !defineProperty ? identity : function (func, string) {
-      return defineProperty(func, 'toString', {
-        'configurable': true,
-        'enumerable': false,
-        'value': constant(string),
-        'writable': true
-      });
-    };
-
-    /**
-     * The base implementation of `_.shuffle`.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to shuffle.
-     * @returns {Array} Returns the new shuffled array.
-     */
-    function baseShuffle(collection) {
-      return shuffleSelf(values(collection));
-    }
-
-    /**
-     * The base implementation of `_.slice` without an iteratee call guard.
-     *
-     * @private
-     * @param {Array} array The array to slice.
-     * @param {number} [start=0] The start position.
-     * @param {number} [end=array.length] The end position.
-     * @returns {Array} Returns the slice of `array`.
-     */
-    function baseSlice(array, start, end) {
-      var index = -1,
-        length = array.length;
-      if (start < 0) {
-        start = -start > length ? 0 : length + start;
-      }
-      end = end > length ? length : end;
-      if (end < 0) {
-        end += length;
-      }
-      length = start > end ? 0 : end - start >>> 0;
-      start >>>= 0;
-      var result = Array(length);
-      while (++index < length) {
-        result[index] = array[index + start];
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.some` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} predicate The function invoked per iteration.
-     * @returns {boolean} Returns `true` if any element passes the predicate check,
-     *  else `false`.
-     */
-    function baseSome(collection, predicate) {
-      var result;
-      baseEach(collection, function (value, index, collection) {
-        result = predicate(value, index, collection);
-        return !result;
-      });
-      return !!result;
-    }
-
-    /**
-     * The base implementation of `_.sortedIndex` and `_.sortedLastIndex` which
-     * performs a binary search of `array` to determine the index at which `value`
-     * should be inserted into `array` in order to maintain its sort order.
-     *
-     * @private
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @param {boolean} [retHighest] Specify returning the highest qualified index.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     */
-    function baseSortedIndex(array, value, retHighest) {
-      var low = 0,
-        high = array == null ? low : array.length;
-      if (typeof value == 'number' && value === value && high <= HALF_MAX_ARRAY_LENGTH) {
-        while (low < high) {
-          var mid = low + high >>> 1,
-            computed = array[mid];
-          if (computed !== null && !isSymbol(computed) && (retHighest ? computed <= value : computed < value)) {
-            low = mid + 1;
-          } else {
-            high = mid;
-          }
-        }
-        return high;
-      }
-      return baseSortedIndexBy(array, value, identity, retHighest);
-    }
-
-    /**
-     * The base implementation of `_.sortedIndexBy` and `_.sortedLastIndexBy`
-     * which invokes `iteratee` for `value` and each element of `array` to compute
-     * their sort ranking. The iteratee is invoked with one argument; (value).
-     *
-     * @private
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @param {Function} iteratee The iteratee invoked per element.
-     * @param {boolean} [retHighest] Specify returning the highest qualified index.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     */
-    function baseSortedIndexBy(array, value, iteratee, retHighest) {
-      var low = 0,
-        high = array == null ? 0 : array.length;
-      if (high === 0) {
-        return 0;
-      }
-      value = iteratee(value);
-      var valIsNaN = value !== value,
-        valIsNull = value === null,
-        valIsSymbol = isSymbol(value),
-        valIsUndefined = value === undefined;
-      while (low < high) {
-        var mid = nativeFloor((low + high) / 2),
-          computed = iteratee(array[mid]),
-          othIsDefined = computed !== undefined,
-          othIsNull = computed === null,
-          othIsReflexive = computed === computed,
-          othIsSymbol = isSymbol(computed);
-        if (valIsNaN) {
-          var setLow = retHighest || othIsReflexive;
-        } else if (valIsUndefined) {
-          setLow = othIsReflexive && (retHighest || othIsDefined);
-        } else if (valIsNull) {
-          setLow = othIsReflexive && othIsDefined && (retHighest || !othIsNull);
-        } else if (valIsSymbol) {
-          setLow = othIsReflexive && othIsDefined && !othIsNull && (retHighest || !othIsSymbol);
-        } else if (othIsNull || othIsSymbol) {
-          setLow = false;
-        } else {
-          setLow = retHighest ? computed <= value : computed < value;
-        }
-        if (setLow) {
-          low = mid + 1;
-        } else {
-          high = mid;
-        }
-      }
-      return nativeMin(high, MAX_ARRAY_INDEX);
-    }
-
-    /**
-     * The base implementation of `_.sortedUniq` and `_.sortedUniqBy` without
-     * support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array} array The array to inspect.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @returns {Array} Returns the new duplicate free array.
-     */
-    function baseSortedUniq(array, iteratee) {
-      var index = -1,
-        length = array.length,
-        resIndex = 0,
-        result = [];
-      while (++index < length) {
-        var value = array[index],
-          computed = iteratee ? iteratee(value) : value;
-        if (!index || !eq(computed, seen)) {
-          var seen = computed;
-          result[resIndex++] = value === 0 ? 0 : value;
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.toNumber` which doesn't ensure correct
-     * conversions of binary, hexadecimal, or octal string values.
-     *
-     * @private
-     * @param {*} value The value to process.
-     * @returns {number} Returns the number.
-     */
-    function baseToNumber(value) {
-      if (typeof value == 'number') {
-        return value;
-      }
-      if (isSymbol(value)) {
-        return NAN;
-      }
-      return +value;
-    }
-
-    /**
-     * The base implementation of `_.toString` which doesn't convert nullish
-     * values to empty strings.
-     *
-     * @private
-     * @param {*} value The value to process.
-     * @returns {string} Returns the string.
-     */
-    function baseToString(value) {
-      // Exit early for strings to avoid a performance hit in some environments.
-      if (typeof value == 'string') {
-        return value;
-      }
-      if (isArray(value)) {
-        // Recursively convert values (susceptible to call stack limits).
-        return arrayMap(value, baseToString) + '';
-      }
-      if (isSymbol(value)) {
-        return symbolToString ? symbolToString.call(value) : '';
-      }
-      var result = value + '';
-      return result == '0' && 1 / value == -INFINITY ? '-0' : result;
-    }
-
-    /**
-     * The base implementation of `_.uniqBy` without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array} array The array to inspect.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new duplicate free array.
-     */
-    function baseUniq(array, iteratee, comparator) {
-      var index = -1,
-        includes = arrayIncludes,
-        length = array.length,
-        isCommon = true,
-        result = [],
-        seen = result;
-      if (comparator) {
-        isCommon = false;
-        includes = arrayIncludesWith;
-      } else if (length >= LARGE_ARRAY_SIZE) {
-        var set = iteratee ? null : createSet(array);
-        if (set) {
-          return setToArray(set);
-        }
-        isCommon = false;
-        includes = cacheHas;
-        seen = new SetCache();
-      } else {
-        seen = iteratee ? [] : result;
-      }
-      outer: while (++index < length) {
-        var value = array[index],
-          computed = iteratee ? iteratee(value) : value;
-        value = comparator || value !== 0 ? value : 0;
-        if (isCommon && computed === computed) {
-          var seenIndex = seen.length;
-          while (seenIndex--) {
-            if (seen[seenIndex] === computed) {
-              continue outer;
-            }
-          }
-          if (iteratee) {
-            seen.push(computed);
-          }
-          result.push(value);
-        } else if (!includes(seen, computed, comparator)) {
-          if (seen !== result) {
-            seen.push(computed);
-          }
-          result.push(value);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * The base implementation of `_.unset`.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The property path to unset.
-     * @returns {boolean} Returns `true` if the property is deleted, else `false`.
-     */
-    function baseUnset(object, path) {
-      path = castPath(path, object);
-      object = parent(object, path);
-      return object == null || delete object[toKey(last(path))];
-    }
-
-    /**
-     * The base implementation of `_.update`.
-     *
-     * @private
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to update.
-     * @param {Function} updater The function to produce the updated value.
-     * @param {Function} [customizer] The function to customize path creation.
-     * @returns {Object} Returns `object`.
-     */
-    function baseUpdate(object, path, updater, customizer) {
-      return baseSet(object, path, updater(baseGet(object, path)), customizer);
-    }
-
-    /**
-     * The base implementation of methods like `_.dropWhile` and `_.takeWhile`
-     * without support for iteratee shorthands.
-     *
-     * @private
-     * @param {Array} array The array to query.
-     * @param {Function} predicate The function invoked per iteration.
-     * @param {boolean} [isDrop] Specify dropping elements instead of taking them.
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Array} Returns the slice of `array`.
-     */
-    function baseWhile(array, predicate, isDrop, fromRight) {
-      var length = array.length,
-        index = fromRight ? length : -1;
-      while ((fromRight ? index-- : ++index < length) && predicate(array[index], index, array)) {}
-      return isDrop ? baseSlice(array, fromRight ? 0 : index, fromRight ? index + 1 : length) : baseSlice(array, fromRight ? index + 1 : 0, fromRight ? length : index);
-    }
-
-    /**
-     * The base implementation of `wrapperValue` which returns the result of
-     * performing a sequence of actions on the unwrapped `value`, where each
-     * successive action is supplied the return value of the previous.
-     *
-     * @private
-     * @param {*} value The unwrapped value.
-     * @param {Array} actions Actions to perform to resolve the unwrapped value.
-     * @returns {*} Returns the resolved value.
-     */
-    function baseWrapperValue(value, actions) {
-      var result = value;
-      if (result instanceof LazyWrapper) {
-        result = result.value();
-      }
-      return arrayReduce(actions, function (result, action) {
-        return action.func.apply(action.thisArg, arrayPush([result], action.args));
-      }, result);
-    }
-
-    /**
-     * The base implementation of methods like `_.xor`, without support for
-     * iteratee shorthands, that accepts an array of arrays to inspect.
-     *
-     * @private
-     * @param {Array} arrays The arrays to inspect.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of values.
-     */
-    function baseXor(arrays, iteratee, comparator) {
-      var length = arrays.length;
-      if (length < 2) {
-        return length ? baseUniq(arrays[0]) : [];
-      }
-      var index = -1,
-        result = Array(length);
-      while (++index < length) {
-        var array = arrays[index],
-          othIndex = -1;
-        while (++othIndex < length) {
-          if (othIndex != index) {
-            result[index] = baseDifference(result[index] || array, arrays[othIndex], iteratee, comparator);
-          }
-        }
-      }
-      return baseUniq(baseFlatten(result, 1), iteratee, comparator);
-    }
-
-    /**
-     * This base implementation of `_.zipObject` which assigns values using `assignFunc`.
-     *
-     * @private
-     * @param {Array} props The property identifiers.
-     * @param {Array} values The property values.
-     * @param {Function} assignFunc The function to assign values.
-     * @returns {Object} Returns the new object.
-     */
-    function baseZipObject(props, values, assignFunc) {
-      var index = -1,
-        length = props.length,
-        valsLength = values.length,
-        result = {};
-      while (++index < length) {
-        var value = index < valsLength ? values[index] : undefined;
-        assignFunc(result, props[index], value);
-      }
-      return result;
-    }
-
-    /**
-     * Casts `value` to an empty array if it's not an array like object.
-     *
-     * @private
-     * @param {*} value The value to inspect.
-     * @returns {Array|Object} Returns the cast array-like object.
-     */
-    function castArrayLikeObject(value) {
-      return isArrayLikeObject(value) ? value : [];
-    }
-
-    /**
-     * Casts `value` to `identity` if it's not a function.
-     *
-     * @private
-     * @param {*} value The value to inspect.
-     * @returns {Function} Returns cast function.
-     */
-    function castFunction(value) {
-      return typeof value == 'function' ? value : identity;
-    }
-
-    /**
-     * Casts `value` to a path array if it's not one.
-     *
-     * @private
-     * @param {*} value The value to inspect.
-     * @param {Object} [object] The object to query keys on.
-     * @returns {Array} Returns the cast property path array.
-     */
-    function castPath(value, object) {
-      if (isArray(value)) {
-        return value;
-      }
-      return isKey(value, object) ? [value] : stringToPath(toString(value));
-    }
-
-    /**
-     * A `baseRest` alias which can be replaced with `identity` by module
-     * replacement plugins.
-     *
-     * @private
-     * @type {Function}
-     * @param {Function} func The function to apply a rest parameter to.
-     * @returns {Function} Returns the new function.
-     */
-    var castRest = baseRest;
-
-    /**
-     * Casts `array` to a slice if it's needed.
-     *
-     * @private
-     * @param {Array} array The array to inspect.
-     * @param {number} start The start position.
-     * @param {number} [end=array.length] The end position.
-     * @returns {Array} Returns the cast slice.
-     */
-    function castSlice(array, start, end) {
-      var length = array.length;
-      end = end === undefined ? length : end;
-      return !start && end >= length ? array : baseSlice(array, start, end);
-    }
-
-    /**
-     * A simple wrapper around the global [`clearTimeout`](https://mdn.io/clearTimeout).
-     *
-     * @private
-     * @param {number|Object} id The timer id or timeout object of the timer to clear.
-     */
-    var clearTimeout = ctxClearTimeout || function (id) {
-      return root.clearTimeout(id);
-    };
-
-    /**
-     * Creates a clone of  `buffer`.
-     *
-     * @private
-     * @param {Buffer} buffer The buffer to clone.
-     * @param {boolean} [isDeep] Specify a deep clone.
-     * @returns {Buffer} Returns the cloned buffer.
-     */
-    function cloneBuffer(buffer, isDeep) {
-      if (isDeep) {
-        return buffer.slice();
-      }
-      var length = buffer.length,
-        result = allocUnsafe ? allocUnsafe(length) : new buffer.constructor(length);
-      buffer.copy(result);
-      return result;
-    }
-
-    /**
-     * Creates a clone of `arrayBuffer`.
-     *
-     * @private
-     * @param {ArrayBuffer} arrayBuffer The array buffer to clone.
-     * @returns {ArrayBuffer} Returns the cloned array buffer.
-     */
-    function cloneArrayBuffer(arrayBuffer) {
-      var result = new arrayBuffer.constructor(arrayBuffer.byteLength);
-      new Uint8Array(result).set(new Uint8Array(arrayBuffer));
-      return result;
-    }
-
-    /**
-     * Creates a clone of `dataView`.
-     *
-     * @private
-     * @param {Object} dataView The data view to clone.
-     * @param {boolean} [isDeep] Specify a deep clone.
-     * @returns {Object} Returns the cloned data view.
-     */
-    function cloneDataView(dataView, isDeep) {
-      var buffer = isDeep ? cloneArrayBuffer(dataView.buffer) : dataView.buffer;
-      return new dataView.constructor(buffer, dataView.byteOffset, dataView.byteLength);
-    }
-
-    /**
-     * Creates a clone of `regexp`.
-     *
-     * @private
-     * @param {Object} regexp The regexp to clone.
-     * @returns {Object} Returns the cloned regexp.
-     */
-    function cloneRegExp(regexp) {
-      var result = new regexp.constructor(regexp.source, reFlags.exec(regexp));
-      result.lastIndex = regexp.lastIndex;
-      return result;
-    }
-
-    /**
-     * Creates a clone of the `symbol` object.
-     *
-     * @private
-     * @param {Object} symbol The symbol object to clone.
-     * @returns {Object} Returns the cloned symbol object.
-     */
-    function cloneSymbol(symbol) {
-      return symbolValueOf ? Object(symbolValueOf.call(symbol)) : {};
-    }
-
-    /**
-     * Creates a clone of `typedArray`.
-     *
-     * @private
-     * @param {Object} typedArray The typed array to clone.
-     * @param {boolean} [isDeep] Specify a deep clone.
-     * @returns {Object} Returns the cloned typed array.
-     */
-    function cloneTypedArray(typedArray, isDeep) {
-      var buffer = isDeep ? cloneArrayBuffer(typedArray.buffer) : typedArray.buffer;
-      return new typedArray.constructor(buffer, typedArray.byteOffset, typedArray.length);
-    }
-
-    /**
-     * Compares values to sort them in ascending order.
-     *
-     * @private
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {number} Returns the sort order indicator for `value`.
-     */
-    function compareAscending(value, other) {
-      if (value !== other) {
-        var valIsDefined = value !== undefined,
-          valIsNull = value === null,
-          valIsReflexive = value === value,
-          valIsSymbol = isSymbol(value);
-        var othIsDefined = other !== undefined,
-          othIsNull = other === null,
-          othIsReflexive = other === other,
-          othIsSymbol = isSymbol(other);
-        if (!othIsNull && !othIsSymbol && !valIsSymbol && value > other || valIsSymbol && othIsDefined && othIsReflexive && !othIsNull && !othIsSymbol || valIsNull && othIsDefined && othIsReflexive || !valIsDefined && othIsReflexive || !valIsReflexive) {
-          return 1;
-        }
-        if (!valIsNull && !valIsSymbol && !othIsSymbol && value < other || othIsSymbol && valIsDefined && valIsReflexive && !valIsNull && !valIsSymbol || othIsNull && valIsDefined && valIsReflexive || !othIsDefined && valIsReflexive || !othIsReflexive) {
-          return -1;
-        }
-      }
-      return 0;
-    }
-
-    /**
-     * Used by `_.orderBy` to compare multiple properties of a value to another
-     * and stable sort them.
-     *
-     * If `orders` is unspecified, all values are sorted in ascending order. Otherwise,
-     * specify an order of "desc" for descending or "asc" for ascending sort order
-     * of corresponding values.
-     *
-     * @private
-     * @param {Object} object The object to compare.
-     * @param {Object} other The other object to compare.
-     * @param {boolean[]|string[]} orders The order to sort by for each property.
-     * @returns {number} Returns the sort order indicator for `object`.
-     */
-    function compareMultiple(object, other, orders) {
-      var index = -1,
-        objCriteria = object.criteria,
-        othCriteria = other.criteria,
-        length = objCriteria.length,
-        ordersLength = orders.length;
-      while (++index < length) {
-        var result = compareAscending(objCriteria[index], othCriteria[index]);
-        if (result) {
-          if (index >= ordersLength) {
-            return result;
-          }
-          var order = orders[index];
-          return result * (order == 'desc' ? -1 : 1);
-        }
-      }
-      // Fixes an `Array#sort` bug in the JS engine embedded in Adobe applications
-      // that causes it, under certain circumstances, to provide the same value for
-      // `object` and `other`. See https://github.com/jashkenas/underscore/pull/1247
-      // for more details.
-      //
-      // This also ensures a stable sort in V8 and other engines.
-      // See https://bugs.chromium.org/p/v8/issues/detail?id=90 for more details.
-      return object.index - other.index;
-    }
-
-    /**
-     * Creates an array that is the composition of partially applied arguments,
-     * placeholders, and provided arguments into a single array of arguments.
-     *
-     * @private
-     * @param {Array} args The provided arguments.
-     * @param {Array} partials The arguments to prepend to those provided.
-     * @param {Array} holders The `partials` placeholder indexes.
-     * @params {boolean} [isCurried] Specify composing for a curried function.
-     * @returns {Array} Returns the new array of composed arguments.
-     */
-    function composeArgs(args, partials, holders, isCurried) {
-      var argsIndex = -1,
-        argsLength = args.length,
-        holdersLength = holders.length,
-        leftIndex = -1,
-        leftLength = partials.length,
-        rangeLength = nativeMax(argsLength - holdersLength, 0),
-        result = Array(leftLength + rangeLength),
-        isUncurried = !isCurried;
-      while (++leftIndex < leftLength) {
-        result[leftIndex] = partials[leftIndex];
-      }
-      while (++argsIndex < holdersLength) {
-        if (isUncurried || argsIndex < argsLength) {
-          result[holders[argsIndex]] = args[argsIndex];
-        }
-      }
-      while (rangeLength--) {
-        result[leftIndex++] = args[argsIndex++];
-      }
-      return result;
-    }
-
-    /**
-     * This function is like `composeArgs` except that the arguments composition
-     * is tailored for `_.partialRight`.
-     *
-     * @private
-     * @param {Array} args The provided arguments.
-     * @param {Array} partials The arguments to append to those provided.
-     * @param {Array} holders The `partials` placeholder indexes.
-     * @params {boolean} [isCurried] Specify composing for a curried function.
-     * @returns {Array} Returns the new array of composed arguments.
-     */
-    function composeArgsRight(args, partials, holders, isCurried) {
-      var argsIndex = -1,
-        argsLength = args.length,
-        holdersIndex = -1,
-        holdersLength = holders.length,
-        rightIndex = -1,
-        rightLength = partials.length,
-        rangeLength = nativeMax(argsLength - holdersLength, 0),
-        result = Array(rangeLength + rightLength),
-        isUncurried = !isCurried;
-      while (++argsIndex < rangeLength) {
-        result[argsIndex] = args[argsIndex];
-      }
-      var offset = argsIndex;
-      while (++rightIndex < rightLength) {
-        result[offset + rightIndex] = partials[rightIndex];
-      }
-      while (++holdersIndex < holdersLength) {
-        if (isUncurried || argsIndex < argsLength) {
-          result[offset + holders[holdersIndex]] = args[argsIndex++];
-        }
-      }
-      return result;
-    }
-
-    /**
-     * Copies the values of `source` to `array`.
-     *
-     * @private
-     * @param {Array} source The array to copy values from.
-     * @param {Array} [array=[]] The array to copy values to.
-     * @returns {Array} Returns `array`.
-     */
-    function copyArray(source, array) {
-      var index = -1,
-        length = source.length;
-      array || (array = Array(length));
-      while (++index < length) {
-        array[index] = source[index];
-      }
-      return array;
-    }
-
-    /**
-     * Copies properties of `source` to `object`.
-     *
-     * @private
-     * @param {Object} source The object to copy properties from.
-     * @param {Array} props The property identifiers to copy.
-     * @param {Object} [object={}] The object to copy properties to.
-     * @param {Function} [customizer] The function to customize copied values.
-     * @returns {Object} Returns `object`.
-     */
-    function copyObject(source, props, object, customizer) {
-      var isNew = !object;
-      object || (object = {});
-      var index = -1,
-        length = props.length;
-      while (++index < length) {
-        var key = props[index];
-        var newValue = customizer ? customizer(object[key], source[key], key, object, source) : undefined;
-        if (newValue === undefined) {
-          newValue = source[key];
-        }
-        if (isNew) {
-          baseAssignValue(object, key, newValue);
-        } else {
-          assignValue(object, key, newValue);
-        }
-      }
-      return object;
-    }
-
-    /**
-     * Copies own symbols of `source` to `object`.
-     *
-     * @private
-     * @param {Object} source The object to copy symbols from.
-     * @param {Object} [object={}] The object to copy symbols to.
-     * @returns {Object} Returns `object`.
-     */
-    function copySymbols(source, object) {
-      return copyObject(source, getSymbols(source), object);
-    }
-
-    /**
-     * Copies own and inherited symbols of `source` to `object`.
-     *
-     * @private
-     * @param {Object} source The object to copy symbols from.
-     * @param {Object} [object={}] The object to copy symbols to.
-     * @returns {Object} Returns `object`.
-     */
-    function copySymbolsIn(source, object) {
-      return copyObject(source, getSymbolsIn(source), object);
-    }
-
-    /**
-     * Creates a function like `_.groupBy`.
-     *
-     * @private
-     * @param {Function} setter The function to set accumulator values.
-     * @param {Function} [initializer] The accumulator object initializer.
-     * @returns {Function} Returns the new aggregator function.
-     */
-    function createAggregator(setter, initializer) {
-      return function (collection, iteratee) {
-        var func = isArray(collection) ? arrayAggregator : baseAggregator,
-          accumulator = initializer ? initializer() : {};
-        return func(collection, setter, getIteratee(iteratee, 2), accumulator);
-      };
-    }
-
-    /**
-     * Creates a function like `_.assign`.
-     *
-     * @private
-     * @param {Function} assigner The function to assign values.
-     * @returns {Function} Returns the new assigner function.
-     */
-    function createAssigner(assigner) {
-      return baseRest(function (object, sources) {
-        var index = -1,
-          length = sources.length,
-          customizer = length > 1 ? sources[length - 1] : undefined,
-          guard = length > 2 ? sources[2] : undefined;
-        customizer = assigner.length > 3 && typeof customizer == 'function' ? (length--, customizer) : undefined;
-        if (guard && isIterateeCall(sources[0], sources[1], guard)) {
-          customizer = length < 3 ? undefined : customizer;
-          length = 1;
-        }
-        object = Object(object);
-        while (++index < length) {
-          var source = sources[index];
-          if (source) {
-            assigner(object, source, index, customizer);
-          }
-        }
-        return object;
-      });
-    }
-
-    /**
-     * Creates a `baseEach` or `baseEachRight` function.
-     *
-     * @private
-     * @param {Function} eachFunc The function to iterate over a collection.
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Function} Returns the new base function.
-     */
-    function createBaseEach(eachFunc, fromRight) {
-      return function (collection, iteratee) {
-        if (collection == null) {
-          return collection;
-        }
-        if (!isArrayLike(collection)) {
-          return eachFunc(collection, iteratee);
-        }
-        var length = collection.length,
-          index = fromRight ? length : -1,
-          iterable = Object(collection);
-        while (fromRight ? index-- : ++index < length) {
-          if (iteratee(iterable[index], index, iterable) === false) {
-            break;
-          }
-        }
-        return collection;
-      };
-    }
-
-    /**
-     * Creates a base function for methods like `_.forIn` and `_.forOwn`.
-     *
-     * @private
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Function} Returns the new base function.
-     */
-    function createBaseFor(fromRight) {
-      return function (object, iteratee, keysFunc) {
-        var index = -1,
-          iterable = Object(object),
-          props = keysFunc(object),
-          length = props.length;
-        while (length--) {
-          var key = props[fromRight ? length : ++index];
-          if (iteratee(iterable[key], key, iterable) === false) {
-            break;
-          }
-        }
-        return object;
-      };
-    }
-
-    /**
-     * Creates a function that wraps `func` to invoke it with the optional `this`
-     * binding of `thisArg`.
-     *
-     * @private
-     * @param {Function} func The function to wrap.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @param {*} [thisArg] The `this` binding of `func`.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createBind(func, bitmask, thisArg) {
-      var isBind = bitmask & WRAP_BIND_FLAG,
-        Ctor = createCtor(func);
-      function wrapper() {
-        var fn = this && this !== root && this instanceof wrapper ? Ctor : func;
-        return fn.apply(isBind ? thisArg : this, arguments);
-      }
-      return wrapper;
-    }
-
-    /**
-     * Creates a function like `_.lowerFirst`.
-     *
-     * @private
-     * @param {string} methodName The name of the `String` case method to use.
-     * @returns {Function} Returns the new case function.
-     */
-    function createCaseFirst(methodName) {
-      return function (string) {
-        string = toString(string);
-        var strSymbols = hasUnicode(string) ? stringToArray(string) : undefined;
-        var chr = strSymbols ? strSymbols[0] : string.charAt(0);
-        var trailing = strSymbols ? castSlice(strSymbols, 1).join('') : string.slice(1);
-        return chr[methodName]() + trailing;
-      };
-    }
-
-    /**
-     * Creates a function like `_.camelCase`.
-     *
-     * @private
-     * @param {Function} callback The function to combine each word.
-     * @returns {Function} Returns the new compounder function.
-     */
-    function createCompounder(callback) {
-      return function (string) {
-        return arrayReduce(words(deburr(string).replace(reApos, '')), callback, '');
-      };
-    }
-
-    /**
-     * Creates a function that produces an instance of `Ctor` regardless of
-     * whether it was invoked as part of a `new` expression or by `call` or `apply`.
-     *
-     * @private
-     * @param {Function} Ctor The constructor to wrap.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createCtor(Ctor) {
-      return function () {
-        // Use a `switch` statement to work with class constructors. See
-        // http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argumentslist
-        // for more details.
-        var args = arguments;
-        switch (args.length) {
-          case 0:
-            return new Ctor();
-          case 1:
-            return new Ctor(args[0]);
-          case 2:
-            return new Ctor(args[0], args[1]);
-          case 3:
-            return new Ctor(args[0], args[1], args[2]);
-          case 4:
-            return new Ctor(args[0], args[1], args[2], args[3]);
-          case 5:
-            return new Ctor(args[0], args[1], args[2], args[3], args[4]);
-          case 6:
-            return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5]);
-          case 7:
-            return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5], args[6]);
-        }
-        var thisBinding = baseCreate(Ctor.prototype),
-          result = Ctor.apply(thisBinding, args);
-
-        // Mimic the constructor's `return` behavior.
-        // See https://es5.github.io/#x13.2.2 for more details.
-        return isObject(result) ? result : thisBinding;
-      };
-    }
-
-    /**
-     * Creates a function that wraps `func` to enable currying.
-     *
-     * @private
-     * @param {Function} func The function to wrap.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @param {number} arity The arity of `func`.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createCurry(func, bitmask, arity) {
-      var Ctor = createCtor(func);
-      function wrapper() {
-        var length = arguments.length,
-          args = Array(length),
-          index = length,
-          placeholder = getHolder(wrapper);
-        while (index--) {
-          args[index] = arguments[index];
-        }
-        var holders = length < 3 && args[0] !== placeholder && args[length - 1] !== placeholder ? [] : replaceHolders(args, placeholder);
-        length -= holders.length;
-        if (length < arity) {
-          return createRecurry(func, bitmask, createHybrid, wrapper.placeholder, undefined, args, holders, undefined, undefined, arity - length);
-        }
-        var fn = this && this !== root && this instanceof wrapper ? Ctor : func;
-        return apply(fn, this, args);
-      }
-      return wrapper;
-    }
-
-    /**
-     * Creates a `_.find` or `_.findLast` function.
-     *
-     * @private
-     * @param {Function} findIndexFunc The function to find the collection index.
-     * @returns {Function} Returns the new find function.
-     */
-    function createFind(findIndexFunc) {
-      return function (collection, predicate, fromIndex) {
-        var iterable = Object(collection);
-        if (!isArrayLike(collection)) {
-          var iteratee = getIteratee(predicate, 3);
-          collection = keys(collection);
-          predicate = function predicate(key) {
-            return iteratee(iterable[key], key, iterable);
-          };
-        }
-        var index = findIndexFunc(collection, predicate, fromIndex);
-        return index > -1 ? iterable[iteratee ? collection[index] : index] : undefined;
-      };
-    }
-
-    /**
-     * Creates a `_.flow` or `_.flowRight` function.
-     *
-     * @private
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Function} Returns the new flow function.
-     */
-    function createFlow(fromRight) {
-      return flatRest(function (funcs) {
-        var length = funcs.length,
-          index = length,
-          prereq = LodashWrapper.prototype.thru;
-        if (fromRight) {
-          funcs.reverse();
-        }
-        while (index--) {
-          var func = funcs[index];
-          if (typeof func != 'function') {
-            throw new TypeError(FUNC_ERROR_TEXT);
-          }
-          if (prereq && !wrapper && getFuncName(func) == 'wrapper') {
-            var wrapper = new LodashWrapper([], true);
-          }
-        }
-        index = wrapper ? index : length;
-        while (++index < length) {
-          func = funcs[index];
-          var funcName = getFuncName(func),
-            data = funcName == 'wrapper' ? getData(func) : undefined;
-          if (data && isLaziable(data[0]) && data[1] == (WRAP_ARY_FLAG | WRAP_CURRY_FLAG | WRAP_PARTIAL_FLAG | WRAP_REARG_FLAG) && !data[4].length && data[9] == 1) {
-            wrapper = wrapper[getFuncName(data[0])].apply(wrapper, data[3]);
-          } else {
-            wrapper = func.length == 1 && isLaziable(func) ? wrapper[funcName]() : wrapper.thru(func);
-          }
-        }
-        return function () {
-          var args = arguments,
-            value = args[0];
-          if (wrapper && args.length == 1 && isArray(value)) {
-            return wrapper.plant(value).value();
-          }
-          var index = 0,
-            result = length ? funcs[index].apply(this, args) : value;
-          while (++index < length) {
-            result = funcs[index].call(this, result);
-          }
-          return result;
-        };
-      });
-    }
-
-    /**
-     * Creates a function that wraps `func` to invoke it with optional `this`
-     * binding of `thisArg`, partial application, and currying.
-     *
-     * @private
-     * @param {Function|string} func The function or method name to wrap.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @param {*} [thisArg] The `this` binding of `func`.
-     * @param {Array} [partials] The arguments to prepend to those provided to
-     *  the new function.
-     * @param {Array} [holders] The `partials` placeholder indexes.
-     * @param {Array} [partialsRight] The arguments to append to those provided
-     *  to the new function.
-     * @param {Array} [holdersRight] The `partialsRight` placeholder indexes.
-     * @param {Array} [argPos] The argument positions of the new function.
-     * @param {number} [ary] The arity cap of `func`.
-     * @param {number} [arity] The arity of `func`.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createHybrid(func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity) {
-      var isAry = bitmask & WRAP_ARY_FLAG,
-        isBind = bitmask & WRAP_BIND_FLAG,
-        isBindKey = bitmask & WRAP_BIND_KEY_FLAG,
-        isCurried = bitmask & (WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG),
-        isFlip = bitmask & WRAP_FLIP_FLAG,
-        Ctor = isBindKey ? undefined : createCtor(func);
-      function wrapper() {
-        var length = arguments.length,
-          args = Array(length),
-          index = length;
-        while (index--) {
-          args[index] = arguments[index];
-        }
-        if (isCurried) {
-          var placeholder = getHolder(wrapper),
-            holdersCount = countHolders(args, placeholder);
-        }
-        if (partials) {
-          args = composeArgs(args, partials, holders, isCurried);
-        }
-        if (partialsRight) {
-          args = composeArgsRight(args, partialsRight, holdersRight, isCurried);
-        }
-        length -= holdersCount;
-        if (isCurried && length < arity) {
-          var newHolders = replaceHolders(args, placeholder);
-          return createRecurry(func, bitmask, createHybrid, wrapper.placeholder, thisArg, args, newHolders, argPos, ary, arity - length);
-        }
-        var thisBinding = isBind ? thisArg : this,
-          fn = isBindKey ? thisBinding[func] : func;
-        length = args.length;
-        if (argPos) {
-          args = reorder(args, argPos);
-        } else if (isFlip && length > 1) {
-          args.reverse();
-        }
-        if (isAry && ary < length) {
-          args.length = ary;
-        }
-        if (this && this !== root && this instanceof wrapper) {
-          fn = Ctor || createCtor(fn);
-        }
-        return fn.apply(thisBinding, args);
-      }
-      return wrapper;
-    }
-
-    /**
-     * Creates a function like `_.invertBy`.
-     *
-     * @private
-     * @param {Function} setter The function to set accumulator values.
-     * @param {Function} toIteratee The function to resolve iteratees.
-     * @returns {Function} Returns the new inverter function.
-     */
-    function createInverter(setter, toIteratee) {
-      return function (object, iteratee) {
-        return baseInverter(object, setter, toIteratee(iteratee), {});
-      };
-    }
-
-    /**
-     * Creates a function that performs a mathematical operation on two values.
-     *
-     * @private
-     * @param {Function} operator The function to perform the operation.
-     * @param {number} [defaultValue] The value used for `undefined` arguments.
-     * @returns {Function} Returns the new mathematical operation function.
-     */
-    function createMathOperation(operator, defaultValue) {
-      return function (value, other) {
-        var result;
-        if (value === undefined && other === undefined) {
-          return defaultValue;
-        }
-        if (value !== undefined) {
-          result = value;
-        }
-        if (other !== undefined) {
-          if (result === undefined) {
-            return other;
-          }
-          if (typeof value == 'string' || typeof other == 'string') {
-            value = baseToString(value);
-            other = baseToString(other);
-          } else {
-            value = baseToNumber(value);
-            other = baseToNumber(other);
-          }
-          result = operator(value, other);
-        }
-        return result;
-      };
-    }
-
-    /**
-     * Creates a function like `_.over`.
-     *
-     * @private
-     * @param {Function} arrayFunc The function to iterate over iteratees.
-     * @returns {Function} Returns the new over function.
-     */
-    function createOver(arrayFunc) {
-      return flatRest(function (iteratees) {
-        iteratees = arrayMap(iteratees, baseUnary(getIteratee()));
-        return baseRest(function (args) {
-          var thisArg = this;
-          return arrayFunc(iteratees, function (iteratee) {
-            return apply(iteratee, thisArg, args);
-          });
-        });
-      });
-    }
-
-    /**
-     * Creates the padding for `string` based on `length`. The `chars` string
-     * is truncated if the number of characters exceeds `length`.
-     *
-     * @private
-     * @param {number} length The padding length.
-     * @param {string} [chars=' '] The string used as padding.
-     * @returns {string} Returns the padding for `string`.
-     */
-    function createPadding(length, chars) {
-      chars = chars === undefined ? ' ' : baseToString(chars);
-      var charsLength = chars.length;
-      if (charsLength < 2) {
-        return charsLength ? baseRepeat(chars, length) : chars;
-      }
-      var result = baseRepeat(chars, nativeCeil(length / stringSize(chars)));
-      return hasUnicode(chars) ? castSlice(stringToArray(result), 0, length).join('') : result.slice(0, length);
-    }
-
-    /**
-     * Creates a function that wraps `func` to invoke it with the `this` binding
-     * of `thisArg` and `partials` prepended to the arguments it receives.
-     *
-     * @private
-     * @param {Function} func The function to wrap.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @param {*} thisArg The `this` binding of `func`.
-     * @param {Array} partials The arguments to prepend to those provided to
-     *  the new function.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createPartial(func, bitmask, thisArg, partials) {
-      var isBind = bitmask & WRAP_BIND_FLAG,
-        Ctor = createCtor(func);
-      function wrapper() {
-        var argsIndex = -1,
-          argsLength = arguments.length,
-          leftIndex = -1,
-          leftLength = partials.length,
-          args = Array(leftLength + argsLength),
-          fn = this && this !== root && this instanceof wrapper ? Ctor : func;
-        while (++leftIndex < leftLength) {
-          args[leftIndex] = partials[leftIndex];
-        }
-        while (argsLength--) {
-          args[leftIndex++] = arguments[++argsIndex];
-        }
-        return apply(fn, isBind ? thisArg : this, args);
-      }
-      return wrapper;
-    }
-
-    /**
-     * Creates a `_.range` or `_.rangeRight` function.
-     *
-     * @private
-     * @param {boolean} [fromRight] Specify iterating from right to left.
-     * @returns {Function} Returns the new range function.
-     */
-    function createRange(fromRight) {
-      return function (start, end, step) {
-        if (step && typeof step != 'number' && isIterateeCall(start, end, step)) {
-          end = step = undefined;
-        }
-        // Ensure the sign of `-0` is preserved.
-        start = toFinite(start);
-        if (end === undefined) {
-          end = start;
-          start = 0;
-        } else {
-          end = toFinite(end);
-        }
-        step = step === undefined ? start < end ? 1 : -1 : toFinite(step);
-        return baseRange(start, end, step, fromRight);
-      };
-    }
-
-    /**
-     * Creates a function that performs a relational operation on two values.
-     *
-     * @private
-     * @param {Function} operator The function to perform the operation.
-     * @returns {Function} Returns the new relational operation function.
-     */
-    function createRelationalOperation(operator) {
-      return function (value, other) {
-        if (!(typeof value == 'string' && typeof other == 'string')) {
-          value = toNumber(value);
-          other = toNumber(other);
-        }
-        return operator(value, other);
-      };
-    }
-
-    /**
-     * Creates a function that wraps `func` to continue currying.
-     *
-     * @private
-     * @param {Function} func The function to wrap.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @param {Function} wrapFunc The function to create the `func` wrapper.
-     * @param {*} placeholder The placeholder value.
-     * @param {*} [thisArg] The `this` binding of `func`.
-     * @param {Array} [partials] The arguments to prepend to those provided to
-     *  the new function.
-     * @param {Array} [holders] The `partials` placeholder indexes.
-     * @param {Array} [argPos] The argument positions of the new function.
-     * @param {number} [ary] The arity cap of `func`.
-     * @param {number} [arity] The arity of `func`.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createRecurry(func, bitmask, wrapFunc, placeholder, thisArg, partials, holders, argPos, ary, arity) {
-      var isCurry = bitmask & WRAP_CURRY_FLAG,
-        newHolders = isCurry ? holders : undefined,
-        newHoldersRight = isCurry ? undefined : holders,
-        newPartials = isCurry ? partials : undefined,
-        newPartialsRight = isCurry ? undefined : partials;
-      bitmask |= isCurry ? WRAP_PARTIAL_FLAG : WRAP_PARTIAL_RIGHT_FLAG;
-      bitmask &= ~(isCurry ? WRAP_PARTIAL_RIGHT_FLAG : WRAP_PARTIAL_FLAG);
-      if (!(bitmask & WRAP_CURRY_BOUND_FLAG)) {
-        bitmask &= ~(WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG);
-      }
-      var newData = [func, bitmask, thisArg, newPartials, newHolders, newPartialsRight, newHoldersRight, argPos, ary, arity];
-      var result = wrapFunc.apply(undefined, newData);
-      if (isLaziable(func)) {
-        setData(result, newData);
-      }
-      result.placeholder = placeholder;
-      return setWrapToString(result, func, bitmask);
-    }
-
-    /**
-     * Creates a function like `_.round`.
-     *
-     * @private
-     * @param {string} methodName The name of the `Math` method to use when rounding.
-     * @returns {Function} Returns the new round function.
-     */
-    function createRound(methodName) {
-      var func = Math[methodName];
-      return function (number, precision) {
-        number = toNumber(number);
-        precision = precision == null ? 0 : nativeMin(toInteger(precision), 292);
-        if (precision && nativeIsFinite(number)) {
-          // Shift with exponential notation to avoid floating-point issues.
-          // See [MDN](https://mdn.io/round#Examples) for more details.
-          var pair = (toString(number) + 'e').split('e'),
-            value = func(pair[0] + 'e' + (+pair[1] + precision));
-          pair = (toString(value) + 'e').split('e');
-          return +(pair[0] + 'e' + (+pair[1] - precision));
-        }
-        return func(number);
-      };
-    }
-
-    /**
-     * Creates a set object of `values`.
-     *
-     * @private
-     * @param {Array} values The values to add to the set.
-     * @returns {Object} Returns the new set.
-     */
-    var createSet = !(Set && 1 / setToArray(new Set([, -0]))[1] == INFINITY) ? noop : function (values) {
-      return new Set(values);
-    };
-
-    /**
-     * Creates a `_.toPairs` or `_.toPairsIn` function.
-     *
-     * @private
-     * @param {Function} keysFunc The function to get the keys of a given object.
-     * @returns {Function} Returns the new pairs function.
-     */
-    function createToPairs(keysFunc) {
-      return function (object) {
-        var tag = getTag(object);
-        if (tag == mapTag) {
-          return mapToArray(object);
-        }
-        if (tag == setTag) {
-          return setToPairs(object);
-        }
-        return baseToPairs(object, keysFunc(object));
-      };
-    }
-
-    /**
-     * Creates a function that either curries or invokes `func` with optional
-     * `this` binding and partially applied arguments.
-     *
-     * @private
-     * @param {Function|string} func The function or method name to wrap.
-     * @param {number} bitmask The bitmask flags.
-     *    1 - `_.bind`
-     *    2 - `_.bindKey`
-     *    4 - `_.curry` or `_.curryRight` of a bound function
-     *    8 - `_.curry`
-     *   16 - `_.curryRight`
-     *   32 - `_.partial`
-     *   64 - `_.partialRight`
-     *  128 - `_.rearg`
-     *  256 - `_.ary`
-     *  512 - `_.flip`
-     * @param {*} [thisArg] The `this` binding of `func`.
-     * @param {Array} [partials] The arguments to be partially applied.
-     * @param {Array} [holders] The `partials` placeholder indexes.
-     * @param {Array} [argPos] The argument positions of the new function.
-     * @param {number} [ary] The arity cap of `func`.
-     * @param {number} [arity] The arity of `func`.
-     * @returns {Function} Returns the new wrapped function.
-     */
-    function createWrap(func, bitmask, thisArg, partials, holders, argPos, ary, arity) {
-      var isBindKey = bitmask & WRAP_BIND_KEY_FLAG;
-      if (!isBindKey && typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      var length = partials ? partials.length : 0;
-      if (!length) {
-        bitmask &= ~(WRAP_PARTIAL_FLAG | WRAP_PARTIAL_RIGHT_FLAG);
-        partials = holders = undefined;
-      }
-      ary = ary === undefined ? ary : nativeMax(toInteger(ary), 0);
-      arity = arity === undefined ? arity : toInteger(arity);
-      length -= holders ? holders.length : 0;
-      if (bitmask & WRAP_PARTIAL_RIGHT_FLAG) {
-        var partialsRight = partials,
-          holdersRight = holders;
-        partials = holders = undefined;
-      }
-      var data = isBindKey ? undefined : getData(func);
-      var newData = [func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity];
-      if (data) {
-        mergeData(newData, data);
-      }
-      func = newData[0];
-      bitmask = newData[1];
-      thisArg = newData[2];
-      partials = newData[3];
-      holders = newData[4];
-      arity = newData[9] = newData[9] === undefined ? isBindKey ? 0 : func.length : nativeMax(newData[9] - length, 0);
-      if (!arity && bitmask & (WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG)) {
-        bitmask &= ~(WRAP_CURRY_FLAG | WRAP_CURRY_RIGHT_FLAG);
-      }
-      if (!bitmask || bitmask == WRAP_BIND_FLAG) {
-        var result = createBind(func, bitmask, thisArg);
-      } else if (bitmask == WRAP_CURRY_FLAG || bitmask == WRAP_CURRY_RIGHT_FLAG) {
-        result = createCurry(func, bitmask, arity);
-      } else if ((bitmask == WRAP_PARTIAL_FLAG || bitmask == (WRAP_BIND_FLAG | WRAP_PARTIAL_FLAG)) && !holders.length) {
-        result = createPartial(func, bitmask, thisArg, partials);
-      } else {
-        result = createHybrid.apply(undefined, newData);
-      }
-      var setter = data ? baseSetData : setData;
-      return setWrapToString(setter(result, newData), func, bitmask);
-    }
-
-    /**
-     * Used by `_.defaults` to customize its `_.assignIn` use to assign properties
-     * of source objects to the destination object for all destination properties
-     * that resolve to `undefined`.
-     *
-     * @private
-     * @param {*} objValue The destination value.
-     * @param {*} srcValue The source value.
-     * @param {string} key The key of the property to assign.
-     * @param {Object} object The parent object of `objValue`.
-     * @returns {*} Returns the value to assign.
-     */
-    function customDefaultsAssignIn(objValue, srcValue, key, object) {
-      if (objValue === undefined || eq(objValue, objectProto[key]) && !hasOwnProperty.call(object, key)) {
-        return srcValue;
-      }
-      return objValue;
-    }
-
-    /**
-     * Used by `_.defaultsDeep` to customize its `_.merge` use to merge source
-     * objects into destination objects that are passed thru.
-     *
-     * @private
-     * @param {*} objValue The destination value.
-     * @param {*} srcValue The source value.
-     * @param {string} key The key of the property to merge.
-     * @param {Object} object The parent object of `objValue`.
-     * @param {Object} source The parent object of `srcValue`.
-     * @param {Object} [stack] Tracks traversed source values and their merged
-     *  counterparts.
-     * @returns {*} Returns the value to assign.
-     */
-    function customDefaultsMerge(objValue, srcValue, key, object, source, stack) {
-      if (isObject(objValue) && isObject(srcValue)) {
-        // Recursively merge objects and arrays (susceptible to call stack limits).
-        stack.set(srcValue, objValue);
-        baseMerge(objValue, srcValue, undefined, customDefaultsMerge, stack);
-        stack['delete'](srcValue);
-      }
-      return objValue;
-    }
-
-    /**
-     * Used by `_.omit` to customize its `_.cloneDeep` use to only clone plain
-     * objects.
-     *
-     * @private
-     * @param {*} value The value to inspect.
-     * @param {string} key The key of the property to inspect.
-     * @returns {*} Returns the uncloned value or `undefined` to defer cloning to `_.cloneDeep`.
-     */
-    function customOmitClone(value) {
-      return isPlainObject(value) ? undefined : value;
-    }
-
-    /**
-     * A specialized version of `baseIsEqualDeep` for arrays with support for
-     * partial deep comparisons.
-     *
-     * @private
-     * @param {Array} array The array to compare.
-     * @param {Array} other The other array to compare.
-     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
-     * @param {Function} customizer The function to customize comparisons.
-     * @param {Function} equalFunc The function to determine equivalents of values.
-     * @param {Object} stack Tracks traversed `array` and `other` objects.
-     * @returns {boolean} Returns `true` if the arrays are equivalent, else `false`.
-     */
-    function equalArrays(array, other, bitmask, customizer, equalFunc, stack) {
-      var isPartial = bitmask & COMPARE_PARTIAL_FLAG,
-        arrLength = array.length,
-        othLength = other.length;
-      if (arrLength != othLength && !(isPartial && othLength > arrLength)) {
-        return false;
-      }
-      // Check that cyclic values are equal.
-      var arrStacked = stack.get(array);
-      var othStacked = stack.get(other);
-      if (arrStacked && othStacked) {
-        return arrStacked == other && othStacked == array;
-      }
-      var index = -1,
-        result = true,
-        seen = bitmask & COMPARE_UNORDERED_FLAG ? new SetCache() : undefined;
-      stack.set(array, other);
-      stack.set(other, array);
-
-      // Ignore non-index properties.
-      while (++index < arrLength) {
-        var arrValue = array[index],
-          othValue = other[index];
-        if (customizer) {
-          var compared = isPartial ? customizer(othValue, arrValue, index, other, array, stack) : customizer(arrValue, othValue, index, array, other, stack);
-        }
-        if (compared !== undefined) {
-          if (compared) {
-            continue;
-          }
-          result = false;
-          break;
-        }
-        // Recursively compare arrays (susceptible to call stack limits).
-        if (seen) {
-          if (!arraySome(other, function (othValue, othIndex) {
-            if (!cacheHas(seen, othIndex) && (arrValue === othValue || equalFunc(arrValue, othValue, bitmask, customizer, stack))) {
-              return seen.push(othIndex);
-            }
-          })) {
-            result = false;
-            break;
-          }
-        } else if (!(arrValue === othValue || equalFunc(arrValue, othValue, bitmask, customizer, stack))) {
-          result = false;
-          break;
-        }
-      }
-      stack['delete'](array);
-      stack['delete'](other);
-      return result;
-    }
-
-    /**
-     * A specialized version of `baseIsEqualDeep` for comparing objects of
-     * the same `toStringTag`.
-     *
-     * **Note:** This function only supports comparing values with tags of
-     * `Boolean`, `Date`, `Error`, `Number`, `RegExp`, or `String`.
-     *
-     * @private
-     * @param {Object} object The object to compare.
-     * @param {Object} other The other object to compare.
-     * @param {string} tag The `toStringTag` of the objects to compare.
-     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
-     * @param {Function} customizer The function to customize comparisons.
-     * @param {Function} equalFunc The function to determine equivalents of values.
-     * @param {Object} stack Tracks traversed `object` and `other` objects.
-     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
-     */
-    function equalByTag(object, other, tag, bitmask, customizer, equalFunc, stack) {
-      switch (tag) {
-        case dataViewTag:
-          if (object.byteLength != other.byteLength || object.byteOffset != other.byteOffset) {
-            return false;
-          }
-          object = object.buffer;
-          other = other.buffer;
-        case arrayBufferTag:
-          if (object.byteLength != other.byteLength || !equalFunc(new Uint8Array(object), new Uint8Array(other))) {
-            return false;
-          }
-          return true;
-        case boolTag:
-        case dateTag:
-        case numberTag:
-          // Coerce booleans to `1` or `0` and dates to milliseconds.
-          // Invalid dates are coerced to `NaN`.
-          return eq(+object, +other);
-        case errorTag:
-          return object.name == other.name && object.message == other.message;
-        case regexpTag:
-        case stringTag:
-          // Coerce regexes to strings and treat strings, primitives and objects,
-          // as equal. See http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring
-          // for more details.
-          return object == other + '';
-        case mapTag:
-          var convert = mapToArray;
-        case setTag:
-          var isPartial = bitmask & COMPARE_PARTIAL_FLAG;
-          convert || (convert = setToArray);
-          if (object.size != other.size && !isPartial) {
-            return false;
-          }
-          // Assume cyclic values are equal.
-          var stacked = stack.get(object);
-          if (stacked) {
-            return stacked == other;
-          }
-          bitmask |= COMPARE_UNORDERED_FLAG;
-
-          // Recursively compare objects (susceptible to call stack limits).
-          stack.set(object, other);
-          var result = equalArrays(convert(object), convert(other), bitmask, customizer, equalFunc, stack);
-          stack['delete'](object);
-          return result;
-        case symbolTag:
-          if (symbolValueOf) {
-            return symbolValueOf.call(object) == symbolValueOf.call(other);
-          }
-      }
-      return false;
-    }
-
-    /**
-     * A specialized version of `baseIsEqualDeep` for objects with support for
-     * partial deep comparisons.
-     *
-     * @private
-     * @param {Object} object The object to compare.
-     * @param {Object} other The other object to compare.
-     * @param {number} bitmask The bitmask flags. See `baseIsEqual` for more details.
-     * @param {Function} customizer The function to customize comparisons.
-     * @param {Function} equalFunc The function to determine equivalents of values.
-     * @param {Object} stack Tracks traversed `object` and `other` objects.
-     * @returns {boolean} Returns `true` if the objects are equivalent, else `false`.
-     */
-    function equalObjects(object, other, bitmask, customizer, equalFunc, stack) {
-      var isPartial = bitmask & COMPARE_PARTIAL_FLAG,
-        objProps = getAllKeys(object),
-        objLength = objProps.length,
-        othProps = getAllKeys(other),
-        othLength = othProps.length;
-      if (objLength != othLength && !isPartial) {
-        return false;
-      }
-      var index = objLength;
-      while (index--) {
-        var key = objProps[index];
-        if (!(isPartial ? key in other : hasOwnProperty.call(other, key))) {
-          return false;
-        }
-      }
-      // Check that cyclic values are equal.
-      var objStacked = stack.get(object);
-      var othStacked = stack.get(other);
-      if (objStacked && othStacked) {
-        return objStacked == other && othStacked == object;
-      }
-      var result = true;
-      stack.set(object, other);
-      stack.set(other, object);
-      var skipCtor = isPartial;
-      while (++index < objLength) {
-        key = objProps[index];
-        var objValue = object[key],
-          othValue = other[key];
-        if (customizer) {
-          var compared = isPartial ? customizer(othValue, objValue, key, other, object, stack) : customizer(objValue, othValue, key, object, other, stack);
-        }
-        // Recursively compare objects (susceptible to call stack limits).
-        if (!(compared === undefined ? objValue === othValue || equalFunc(objValue, othValue, bitmask, customizer, stack) : compared)) {
-          result = false;
-          break;
-        }
-        skipCtor || (skipCtor = key == 'constructor');
-      }
-      if (result && !skipCtor) {
-        var objCtor = object.constructor,
-          othCtor = other.constructor;
-
-        // Non `Object` object instances with different constructors are not equal.
-        if (objCtor != othCtor && 'constructor' in object && 'constructor' in other && !(typeof objCtor == 'function' && objCtor instanceof objCtor && typeof othCtor == 'function' && othCtor instanceof othCtor)) {
-          result = false;
-        }
-      }
-      stack['delete'](object);
-      stack['delete'](other);
-      return result;
-    }
-
-    /**
-     * A specialized version of `baseRest` which flattens the rest array.
-     *
-     * @private
-     * @param {Function} func The function to apply a rest parameter to.
-     * @returns {Function} Returns the new function.
-     */
-    function flatRest(func) {
-      return setToString(overRest(func, undefined, flatten), func + '');
-    }
-
-    /**
-     * Creates an array of own enumerable property names and symbols of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names and symbols.
-     */
-    function getAllKeys(object) {
-      return baseGetAllKeys(object, keys, getSymbols);
-    }
-
-    /**
-     * Creates an array of own and inherited enumerable property names and
-     * symbols of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names and symbols.
-     */
-    function getAllKeysIn(object) {
-      return baseGetAllKeys(object, keysIn, getSymbolsIn);
-    }
-
-    /**
-     * Gets metadata for `func`.
-     *
-     * @private
-     * @param {Function} func The function to query.
-     * @returns {*} Returns the metadata for `func`.
-     */
-    var getData = !metaMap ? noop : function (func) {
-      return metaMap.get(func);
-    };
-
-    /**
-     * Gets the name of `func`.
-     *
-     * @private
-     * @param {Function} func The function to query.
-     * @returns {string} Returns the function name.
-     */
-    function getFuncName(func) {
-      var result = func.name + '',
-        array = realNames[result],
-        length = hasOwnProperty.call(realNames, result) ? array.length : 0;
-      while (length--) {
-        var data = array[length],
-          otherFunc = data.func;
-        if (otherFunc == null || otherFunc == func) {
-          return data.name;
-        }
-      }
-      return result;
-    }
-
-    /**
-     * Gets the argument placeholder value for `func`.
-     *
-     * @private
-     * @param {Function} func The function to inspect.
-     * @returns {*} Returns the placeholder value.
-     */
-    function getHolder(func) {
-      var object = hasOwnProperty.call(lodash, 'placeholder') ? lodash : func;
-      return object.placeholder;
-    }
-
-    /**
-     * Gets the appropriate "iteratee" function. If `_.iteratee` is customized,
-     * this function returns the custom method, otherwise it returns `baseIteratee`.
-     * If arguments are provided, the chosen function is invoked with them and
-     * its result is returned.
-     *
-     * @private
-     * @param {*} [value] The value to convert to an iteratee.
-     * @param {number} [arity] The arity of the created iteratee.
-     * @returns {Function} Returns the chosen function or its result.
-     */
-    function getIteratee() {
-      var result = lodash.iteratee || iteratee;
-      result = result === iteratee ? baseIteratee : result;
-      return arguments.length ? result(arguments[0], arguments[1]) : result;
-    }
-
-    /**
-     * Gets the data for `map`.
-     *
-     * @private
-     * @param {Object} map The map to query.
-     * @param {string} key The reference key.
-     * @returns {*} Returns the map data.
-     */
-    function getMapData(map, key) {
-      var data = map.__data__;
-      return isKeyable(key) ? data[typeof key == 'string' ? 'string' : 'hash'] : data.map;
-    }
-
-    /**
-     * Gets the property names, values, and compare flags of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the match data of `object`.
-     */
-    function getMatchData(object) {
-      var result = keys(object),
-        length = result.length;
-      while (length--) {
-        var key = result[length],
-          value = object[key];
-        result[length] = [key, value, isStrictComparable(value)];
-      }
-      return result;
-    }
-
-    /**
-     * Gets the native function at `key` of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {string} key The key of the method to get.
-     * @returns {*} Returns the function if it's native, else `undefined`.
-     */
-    function getNative(object, key) {
-      var value = getValue(object, key);
-      return baseIsNative(value) ? value : undefined;
-    }
-
-    /**
-     * A specialized version of `baseGetTag` which ignores `Symbol.toStringTag` values.
-     *
-     * @private
-     * @param {*} value The value to query.
-     * @returns {string} Returns the raw `toStringTag`.
-     */
-    function getRawTag(value) {
-      var isOwn = hasOwnProperty.call(value, symToStringTag),
-        tag = value[symToStringTag];
-      try {
-        value[symToStringTag] = undefined;
-        var unmasked = true;
-      } catch (e) {}
-      var result = nativeObjectToString.call(value);
-      if (unmasked) {
-        if (isOwn) {
-          value[symToStringTag] = tag;
-        } else {
-          delete value[symToStringTag];
-        }
-      }
-      return result;
-    }
-
-    /**
-     * Creates an array of the own enumerable symbols of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of symbols.
-     */
-    var getSymbols = !nativeGetSymbols ? stubArray : function (object) {
-      if (object == null) {
-        return [];
-      }
-      object = Object(object);
-      return arrayFilter(nativeGetSymbols(object), function (symbol) {
-        return propertyIsEnumerable.call(object, symbol);
-      });
-    };
-
-    /**
-     * Creates an array of the own and inherited enumerable symbols of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of symbols.
-     */
-    var getSymbolsIn = !nativeGetSymbols ? stubArray : function (object) {
-      var result = [];
-      while (object) {
-        arrayPush(result, getSymbols(object));
-        object = getPrototype(object);
-      }
-      return result;
-    };
-
-    /**
-     * Gets the `toStringTag` of `value`.
-     *
-     * @private
-     * @param {*} value The value to query.
-     * @returns {string} Returns the `toStringTag`.
-     */
-    var getTag = baseGetTag;
-
-    // Fallback for data views, maps, sets, and weak maps in IE 11 and promises in Node.js < 6.
-    if (DataView && getTag(new DataView(new ArrayBuffer(1))) != dataViewTag || Map && getTag(new Map()) != mapTag || Promise && getTag(Promise.resolve()) != promiseTag || Set && getTag(new Set()) != setTag || WeakMap && getTag(new WeakMap()) != weakMapTag) {
-      getTag = function getTag(value) {
-        var result = baseGetTag(value),
-          Ctor = result == objectTag ? value.constructor : undefined,
-          ctorString = Ctor ? toSource(Ctor) : '';
-        if (ctorString) {
-          switch (ctorString) {
-            case dataViewCtorString:
-              return dataViewTag;
-            case mapCtorString:
-              return mapTag;
-            case promiseCtorString:
-              return promiseTag;
-            case setCtorString:
-              return setTag;
-            case weakMapCtorString:
-              return weakMapTag;
-          }
-        }
-        return result;
-      };
-    }
-
-    /**
-     * Gets the view, applying any `transforms` to the `start` and `end` positions.
-     *
-     * @private
-     * @param {number} start The start of the view.
-     * @param {number} end The end of the view.
-     * @param {Array} transforms The transformations to apply to the view.
-     * @returns {Object} Returns an object containing the `start` and `end`
-     *  positions of the view.
-     */
-    function getView(start, end, transforms) {
-      var index = -1,
-        length = transforms.length;
-      while (++index < length) {
-        var data = transforms[index],
-          size = data.size;
-        switch (data.type) {
-          case 'drop':
-            start += size;
-            break;
-          case 'dropRight':
-            end -= size;
-            break;
-          case 'take':
-            end = nativeMin(end, start + size);
-            break;
-          case 'takeRight':
-            start = nativeMax(start, end - size);
-            break;
-        }
-      }
-      return {
-        'start': start,
-        'end': end
-      };
-    }
-
-    /**
-     * Extracts wrapper details from the `source` body comment.
-     *
-     * @private
-     * @param {string} source The source to inspect.
-     * @returns {Array} Returns the wrapper details.
-     */
-    function getWrapDetails(source) {
-      var match = source.match(reWrapDetails);
-      return match ? match[1].split(reSplitDetails) : [];
-    }
-
-    /**
-     * Checks if `path` exists on `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path to check.
-     * @param {Function} hasFunc The function to check properties.
-     * @returns {boolean} Returns `true` if `path` exists, else `false`.
-     */
-    function hasPath(object, path, hasFunc) {
-      path = castPath(path, object);
-      var index = -1,
-        length = path.length,
-        result = false;
-      while (++index < length) {
-        var key = toKey(path[index]);
-        if (!(result = object != null && hasFunc(object, key))) {
-          break;
-        }
-        object = object[key];
-      }
-      if (result || ++index != length) {
-        return result;
-      }
-      length = object == null ? 0 : object.length;
-      return !!length && isLength(length) && isIndex(key, length) && (isArray(object) || isArguments(object));
-    }
-
-    /**
-     * Initializes an array clone.
-     *
-     * @private
-     * @param {Array} array The array to clone.
-     * @returns {Array} Returns the initialized clone.
-     */
-    function initCloneArray(array) {
-      var length = array.length,
-        result = new array.constructor(length);
-
-      // Add properties assigned by `RegExp#exec`.
-      if (length && typeof array[0] == 'string' && hasOwnProperty.call(array, 'index')) {
-        result.index = array.index;
-        result.input = array.input;
-      }
-      return result;
-    }
-
-    /**
-     * Initializes an object clone.
-     *
-     * @private
-     * @param {Object} object The object to clone.
-     * @returns {Object} Returns the initialized clone.
-     */
-    function initCloneObject(object) {
-      return typeof object.constructor == 'function' && !isPrototype(object) ? baseCreate(getPrototype(object)) : {};
-    }
-
-    /**
-     * Initializes an object clone based on its `toStringTag`.
-     *
-     * **Note:** This function only supports cloning values with tags of
-     * `Boolean`, `Date`, `Error`, `Map`, `Number`, `RegExp`, `Set`, or `String`.
-     *
-     * @private
-     * @param {Object} object The object to clone.
-     * @param {string} tag The `toStringTag` of the object to clone.
-     * @param {boolean} [isDeep] Specify a deep clone.
-     * @returns {Object} Returns the initialized clone.
-     */
-    function initCloneByTag(object, tag, isDeep) {
-      var Ctor = object.constructor;
-      switch (tag) {
-        case arrayBufferTag:
-          return cloneArrayBuffer(object);
-        case boolTag:
-        case dateTag:
-          return new Ctor(+object);
-        case dataViewTag:
-          return cloneDataView(object, isDeep);
-        case float32Tag:
-        case float64Tag:
-        case int8Tag:
-        case int16Tag:
-        case int32Tag:
-        case uint8Tag:
-        case uint8ClampedTag:
-        case uint16Tag:
-        case uint32Tag:
-          return cloneTypedArray(object, isDeep);
-        case mapTag:
-          return new Ctor();
-        case numberTag:
-        case stringTag:
-          return new Ctor(object);
-        case regexpTag:
-          return cloneRegExp(object);
-        case setTag:
-          return new Ctor();
-        case symbolTag:
-          return cloneSymbol(object);
-      }
-    }
-
-    /**
-     * Inserts wrapper `details` in a comment at the top of the `source` body.
-     *
-     * @private
-     * @param {string} source The source to modify.
-     * @returns {Array} details The details to insert.
-     * @returns {string} Returns the modified source.
-     */
-    function insertWrapDetails(source, details) {
-      var length = details.length;
-      if (!length) {
-        return source;
-      }
-      var lastIndex = length - 1;
-      details[lastIndex] = (length > 1 ? '& ' : '') + details[lastIndex];
-      details = details.join(length > 2 ? ', ' : ' ');
-      return source.replace(reWrapComment, '{\n/* [wrapped with ' + details + '] */\n');
-    }
-
-    /**
-     * Checks if `value` is a flattenable `arguments` object or array.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is flattenable, else `false`.
-     */
-    function isFlattenable(value) {
-      return isArray(value) || isArguments(value) || !!(spreadableSymbol && value && value[spreadableSymbol]);
-    }
-
-    /**
-     * Checks if `value` is a valid array-like index.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @param {number} [length=MAX_SAFE_INTEGER] The upper bounds of a valid index.
-     * @returns {boolean} Returns `true` if `value` is a valid index, else `false`.
-     */
-    function isIndex(value, length) {
-      var type = typeof value;
-      length = length == null ? MAX_SAFE_INTEGER : length;
-      return !!length && (type == 'number' || type != 'symbol' && reIsUint.test(value)) && value > -1 && value % 1 == 0 && value < length;
-    }
-
-    /**
-     * Checks if the given arguments are from an iteratee call.
-     *
-     * @private
-     * @param {*} value The potential iteratee value argument.
-     * @param {*} index The potential iteratee index or key argument.
-     * @param {*} object The potential iteratee object argument.
-     * @returns {boolean} Returns `true` if the arguments are from an iteratee call,
-     *  else `false`.
-     */
-    function isIterateeCall(value, index, object) {
-      if (!isObject(object)) {
-        return false;
-      }
-      var type = typeof index;
-      if (type == 'number' ? isArrayLike(object) && isIndex(index, object.length) : type == 'string' && index in object) {
-        return eq(object[index], value);
-      }
-      return false;
-    }
-
-    /**
-     * Checks if `value` is a property name and not a property path.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @param {Object} [object] The object to query keys on.
-     * @returns {boolean} Returns `true` if `value` is a property name, else `false`.
-     */
-    function isKey(value, object) {
-      if (isArray(value)) {
-        return false;
-      }
-      var type = typeof value;
-      if (type == 'number' || type == 'symbol' || type == 'boolean' || value == null || isSymbol(value)) {
-        return true;
-      }
-      return reIsPlainProp.test(value) || !reIsDeepProp.test(value) || object != null && value in Object(object);
-    }
-
-    /**
-     * Checks if `value` is suitable for use as unique object key.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is suitable, else `false`.
-     */
-    function isKeyable(value) {
-      var type = typeof value;
-      return type == 'string' || type == 'number' || type == 'symbol' || type == 'boolean' ? value !== '__proto__' : value === null;
-    }
-
-    /**
-     * Checks if `func` has a lazy counterpart.
-     *
-     * @private
-     * @param {Function} func The function to check.
-     * @returns {boolean} Returns `true` if `func` has a lazy counterpart,
-     *  else `false`.
-     */
-    function isLaziable(func) {
-      var funcName = getFuncName(func),
-        other = lodash[funcName];
-      if (typeof other != 'function' || !(funcName in LazyWrapper.prototype)) {
-        return false;
-      }
-      if (func === other) {
-        return true;
-      }
-      var data = getData(other);
-      return !!data && func === data[0];
-    }
-
-    /**
-     * Checks if `func` has its source masked.
-     *
-     * @private
-     * @param {Function} func The function to check.
-     * @returns {boolean} Returns `true` if `func` is masked, else `false`.
-     */
-    function isMasked(func) {
-      return !!maskSrcKey && maskSrcKey in func;
-    }
-
-    /**
-     * Checks if `func` is capable of being masked.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `func` is maskable, else `false`.
-     */
-    var isMaskable = coreJsData ? isFunction : stubFalse;
-
-    /**
-     * Checks if `value` is likely a prototype object.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a prototype, else `false`.
-     */
-    function isPrototype(value) {
-      var Ctor = value && value.constructor,
-        proto = typeof Ctor == 'function' && Ctor.prototype || objectProto;
-      return value === proto;
-    }
-
-    /**
-     * Checks if `value` is suitable for strict equality comparisons, i.e. `===`.
-     *
-     * @private
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` if suitable for strict
-     *  equality comparisons, else `false`.
-     */
-    function isStrictComparable(value) {
-      return value === value && !isObject(value);
-    }
-
-    /**
-     * A specialized version of `matchesProperty` for source values suitable
-     * for strict equality comparisons, i.e. `===`.
-     *
-     * @private
-     * @param {string} key The key of the property to get.
-     * @param {*} srcValue The value to match.
-     * @returns {Function} Returns the new spec function.
-     */
-    function matchesStrictComparable(key, srcValue) {
-      return function (object) {
-        if (object == null) {
-          return false;
-        }
-        return object[key] === srcValue && (srcValue !== undefined || key in Object(object));
-      };
-    }
-
-    /**
-     * A specialized version of `_.memoize` which clears the memoized function's
-     * cache when it exceeds `MAX_MEMOIZE_SIZE`.
-     *
-     * @private
-     * @param {Function} func The function to have its output memoized.
-     * @returns {Function} Returns the new memoized function.
-     */
-    function memoizeCapped(func) {
-      var result = memoize(func, function (key) {
-        if (cache.size === MAX_MEMOIZE_SIZE) {
-          cache.clear();
-        }
-        return key;
-      });
-      var cache = result.cache;
-      return result;
-    }
-
-    /**
-     * Merges the function metadata of `source` into `data`.
-     *
-     * Merging metadata reduces the number of wrappers used to invoke a function.
-     * This is possible because methods like `_.bind`, `_.curry`, and `_.partial`
-     * may be applied regardless of execution order. Methods like `_.ary` and
-     * `_.rearg` modify function arguments, making the order in which they are
-     * executed important, preventing the merging of metadata. However, we make
-     * an exception for a safe combined case where curried functions have `_.ary`
-     * and or `_.rearg` applied.
-     *
-     * @private
-     * @param {Array} data The destination metadata.
-     * @param {Array} source The source metadata.
-     * @returns {Array} Returns `data`.
-     */
-    function mergeData(data, source) {
-      var bitmask = data[1],
-        srcBitmask = source[1],
-        newBitmask = bitmask | srcBitmask,
-        isCommon = newBitmask < (WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG | WRAP_ARY_FLAG);
-      var isCombo = srcBitmask == WRAP_ARY_FLAG && bitmask == WRAP_CURRY_FLAG || srcBitmask == WRAP_ARY_FLAG && bitmask == WRAP_REARG_FLAG && data[7].length <= source[8] || srcBitmask == (WRAP_ARY_FLAG | WRAP_REARG_FLAG) && source[7].length <= source[8] && bitmask == WRAP_CURRY_FLAG;
-
-      // Exit early if metadata can't be merged.
-      if (!(isCommon || isCombo)) {
-        return data;
-      }
-      // Use source `thisArg` if available.
-      if (srcBitmask & WRAP_BIND_FLAG) {
-        data[2] = source[2];
-        // Set when currying a bound function.
-        newBitmask |= bitmask & WRAP_BIND_FLAG ? 0 : WRAP_CURRY_BOUND_FLAG;
-      }
-      // Compose partial arguments.
-      var value = source[3];
-      if (value) {
-        var partials = data[3];
-        data[3] = partials ? composeArgs(partials, value, source[4]) : value;
-        data[4] = partials ? replaceHolders(data[3], PLACEHOLDER) : source[4];
-      }
-      // Compose partial right arguments.
-      value = source[5];
-      if (value) {
-        partials = data[5];
-        data[5] = partials ? composeArgsRight(partials, value, source[6]) : value;
-        data[6] = partials ? replaceHolders(data[5], PLACEHOLDER) : source[6];
-      }
-      // Use source `argPos` if available.
-      value = source[7];
-      if (value) {
-        data[7] = value;
-      }
-      // Use source `ary` if it's smaller.
-      if (srcBitmask & WRAP_ARY_FLAG) {
-        data[8] = data[8] == null ? source[8] : nativeMin(data[8], source[8]);
-      }
-      // Use source `arity` if one is not provided.
-      if (data[9] == null) {
-        data[9] = source[9];
-      }
-      // Use source `func` and merge bitmasks.
-      data[0] = source[0];
-      data[1] = newBitmask;
-      return data;
-    }
-
-    /**
-     * This function is like
-     * [`Object.keys`](http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
-     * except that it includes inherited enumerable properties.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names.
-     */
-    function nativeKeysIn(object) {
-      var result = [];
-      if (object != null) {
-        for (var key in Object(object)) {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-
-    /**
-     * Converts `value` to a string using `Object.prototype.toString`.
-     *
-     * @private
-     * @param {*} value The value to convert.
-     * @returns {string} Returns the converted string.
-     */
-    function objectToString(value) {
-      return nativeObjectToString.call(value);
-    }
-
-    /**
-     * A specialized version of `baseRest` which transforms the rest array.
-     *
-     * @private
-     * @param {Function} func The function to apply a rest parameter to.
-     * @param {number} [start=func.length-1] The start position of the rest parameter.
-     * @param {Function} transform The rest array transform.
-     * @returns {Function} Returns the new function.
-     */
-    function overRest(func, start, transform) {
-      start = nativeMax(start === undefined ? func.length - 1 : start, 0);
-      return function () {
-        var args = arguments,
-          index = -1,
-          length = nativeMax(args.length - start, 0),
-          array = Array(length);
-        while (++index < length) {
-          array[index] = args[start + index];
-        }
-        index = -1;
-        var otherArgs = Array(start + 1);
-        while (++index < start) {
-          otherArgs[index] = args[index];
-        }
-        otherArgs[start] = transform(array);
-        return apply(func, this, otherArgs);
-      };
-    }
-
-    /**
-     * Gets the parent value at `path` of `object`.
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {Array} path The path to get the parent value of.
-     * @returns {*} Returns the parent value.
-     */
-    function parent(object, path) {
-      return path.length < 2 ? object : baseGet(object, baseSlice(path, 0, -1));
-    }
-
-    /**
-     * Reorder `array` according to the specified indexes where the element at
-     * the first index is assigned as the first element, the element at
-     * the second index is assigned as the second element, and so on.
-     *
-     * @private
-     * @param {Array} array The array to reorder.
-     * @param {Array} indexes The arranged array indexes.
-     * @returns {Array} Returns `array`.
-     */
-    function reorder(array, indexes) {
-      var arrLength = array.length,
-        length = nativeMin(indexes.length, arrLength),
-        oldArray = copyArray(array);
-      while (length--) {
-        var index = indexes[length];
-        array[length] = isIndex(index, arrLength) ? oldArray[index] : undefined;
-      }
-      return array;
-    }
-
-    /**
-     * Gets the value at `key`, unless `key` is "__proto__" or "constructor".
-     *
-     * @private
-     * @param {Object} object The object to query.
-     * @param {string} key The key of the property to get.
-     * @returns {*} Returns the property value.
-     */
-    function safeGet(object, key) {
-      if (key === 'constructor' && typeof object[key] === 'function') {
-        return;
-      }
-      if (key == '__proto__') {
-        return;
-      }
-      return object[key];
-    }
-
-    /**
-     * Sets metadata for `func`.
-     *
-     * **Note:** If this function becomes hot, i.e. is invoked a lot in a short
-     * period of time, it will trip its breaker and transition to an identity
-     * function to avoid garbage collection pauses in V8. See
-     * [V8 issue 2070](https://bugs.chromium.org/p/v8/issues/detail?id=2070)
-     * for more details.
-     *
-     * @private
-     * @param {Function} func The function to associate metadata with.
-     * @param {*} data The metadata.
-     * @returns {Function} Returns `func`.
-     */
-    var setData = shortOut(baseSetData);
-
-    /**
-     * A simple wrapper around the global [`setTimeout`](https://mdn.io/setTimeout).
-     *
-     * @private
-     * @param {Function} func The function to delay.
-     * @param {number} wait The number of milliseconds to delay invocation.
-     * @returns {number|Object} Returns the timer id or timeout object.
-     */
-    var setTimeout = ctxSetTimeout || function (func, wait) {
-      return root.setTimeout(func, wait);
-    };
-
-    /**
-     * Sets the `toString` method of `func` to return `string`.
-     *
-     * @private
-     * @param {Function} func The function to modify.
-     * @param {Function} string The `toString` result.
-     * @returns {Function} Returns `func`.
-     */
-    var setToString = shortOut(baseSetToString);
-
-    /**
-     * Sets the `toString` method of `wrapper` to mimic the source of `reference`
-     * with wrapper details in a comment at the top of the source body.
-     *
-     * @private
-     * @param {Function} wrapper The function to modify.
-     * @param {Function} reference The reference function.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @returns {Function} Returns `wrapper`.
-     */
-    function setWrapToString(wrapper, reference, bitmask) {
-      var source = reference + '';
-      return setToString(wrapper, insertWrapDetails(source, updateWrapDetails(getWrapDetails(source), bitmask)));
-    }
-
-    /**
-     * Creates a function that'll short out and invoke `identity` instead
-     * of `func` when it's called `HOT_COUNT` or more times in `HOT_SPAN`
-     * milliseconds.
-     *
-     * @private
-     * @param {Function} func The function to restrict.
-     * @returns {Function} Returns the new shortable function.
-     */
-    function shortOut(func) {
-      var count = 0,
-        lastCalled = 0;
-      return function () {
-        var stamp = nativeNow(),
-          remaining = HOT_SPAN - (stamp - lastCalled);
-        lastCalled = stamp;
-        if (remaining > 0) {
-          if (++count >= HOT_COUNT) {
-            return arguments[0];
-          }
-        } else {
-          count = 0;
-        }
-        return func.apply(undefined, arguments);
-      };
-    }
-
-    /**
-     * A specialized version of `_.shuffle` which mutates and sets the size of `array`.
-     *
-     * @private
-     * @param {Array} array The array to shuffle.
-     * @param {number} [size=array.length] The size of `array`.
-     * @returns {Array} Returns `array`.
-     */
-    function shuffleSelf(array, size) {
-      var index = -1,
-        length = array.length,
-        lastIndex = length - 1;
-      size = size === undefined ? length : size;
-      while (++index < size) {
-        var rand = baseRandom(index, lastIndex),
-          value = array[rand];
-        array[rand] = array[index];
-        array[index] = value;
-      }
-      array.length = size;
-      return array;
-    }
-
-    /**
-     * Converts `string` to a property path array.
-     *
-     * @private
-     * @param {string} string The string to convert.
-     * @returns {Array} Returns the property path array.
-     */
-    var stringToPath = memoizeCapped(function (string) {
-      var result = [];
-      if (string.charCodeAt(0) === 46 /* . */) {
-        result.push('');
-      }
-      string.replace(rePropName, function (match, number, quote, subString) {
-        result.push(quote ? subString.replace(reEscapeChar, '$1') : number || match);
-      });
-      return result;
-    });
-
-    /**
-     * Converts `value` to a string key if it's not a string or symbol.
-     *
-     * @private
-     * @param {*} value The value to inspect.
-     * @returns {string|symbol} Returns the key.
-     */
-    function toKey(value) {
-      if (typeof value == 'string' || isSymbol(value)) {
-        return value;
-      }
-      var result = value + '';
-      return result == '0' && 1 / value == -INFINITY ? '-0' : result;
-    }
-
-    /**
-     * Converts `func` to its source code.
-     *
-     * @private
-     * @param {Function} func The function to convert.
-     * @returns {string} Returns the source code.
-     */
-    function toSource(func) {
-      if (func != null) {
-        try {
-          return funcToString.call(func);
-        } catch (e) {}
-        try {
-          return func + '';
-        } catch (e) {}
-      }
-      return '';
-    }
-
-    /**
-     * Updates wrapper `details` based on `bitmask` flags.
-     *
-     * @private
-     * @returns {Array} details The details to modify.
-     * @param {number} bitmask The bitmask flags. See `createWrap` for more details.
-     * @returns {Array} Returns `details`.
-     */
-    function updateWrapDetails(details, bitmask) {
-      arrayEach(wrapFlags, function (pair) {
-        var value = '_.' + pair[0];
-        if (bitmask & pair[1] && !arrayIncludes(details, value)) {
-          details.push(value);
-        }
-      });
-      return details.sort();
-    }
-
-    /**
-     * Creates a clone of `wrapper`.
-     *
-     * @private
-     * @param {Object} wrapper The wrapper to clone.
-     * @returns {Object} Returns the cloned wrapper.
-     */
-    function wrapperClone(wrapper) {
-      if (wrapper instanceof LazyWrapper) {
-        return wrapper.clone();
-      }
-      var result = new LodashWrapper(wrapper.__wrapped__, wrapper.__chain__);
-      result.__actions__ = copyArray(wrapper.__actions__);
-      result.__index__ = wrapper.__index__;
-      result.__values__ = wrapper.__values__;
-      return result;
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates an array of elements split into groups the length of `size`.
-     * If `array` can't be split evenly, the final chunk will be the remaining
-     * elements.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to process.
-     * @param {number} [size=1] The length of each chunk
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the new array of chunks.
-     * @example
-     *
-     * _.chunk(['a', 'b', 'c', 'd'], 2);
-     * // => [['a', 'b'], ['c', 'd']]
-     *
-     * _.chunk(['a', 'b', 'c', 'd'], 3);
-     * // => [['a', 'b', 'c'], ['d']]
-     */
-    function chunk(array, size, guard) {
-      if (guard ? isIterateeCall(array, size, guard) : size === undefined) {
-        size = 1;
-      } else {
-        size = nativeMax(toInteger(size), 0);
-      }
-      var length = array == null ? 0 : array.length;
-      if (!length || size < 1) {
-        return [];
-      }
-      var index = 0,
-        resIndex = 0,
-        result = Array(nativeCeil(length / size));
-      while (index < length) {
-        result[resIndex++] = baseSlice(array, index, index += size);
-      }
-      return result;
-    }
-
-    /**
-     * Creates an array with all falsey values removed. The values `false`, `null`,
-     * `0`, `""`, `undefined`, and `NaN` are falsey.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to compact.
-     * @returns {Array} Returns the new array of filtered values.
-     * @example
-     *
-     * _.compact([0, 1, false, 2, '', 3]);
-     * // => [1, 2, 3]
-     */
-    function compact(array) {
-      var index = -1,
-        length = array == null ? 0 : array.length,
-        resIndex = 0,
-        result = [];
-      while (++index < length) {
-        var value = array[index];
-        if (value) {
-          result[resIndex++] = value;
-        }
-      }
-      return result;
-    }
-
-    /**
-     * Creates a new array concatenating `array` with any additional arrays
-     * and/or values.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to concatenate.
-     * @param {...*} [values] The values to concatenate.
-     * @returns {Array} Returns the new concatenated array.
-     * @example
-     *
-     * var array = [1];
-     * var other = _.concat(array, 2, [3], [[4]]);
-     *
-     * console.log(other);
-     * // => [1, 2, 3, [4]]
-     *
-     * console.log(array);
-     * // => [1]
-     */
-    function concat() {
-      var length = arguments.length;
-      if (!length) {
-        return [];
-      }
-      var args = Array(length - 1),
-        array = arguments[0],
-        index = length;
-      while (index--) {
-        args[index - 1] = arguments[index];
-      }
-      return arrayPush(isArray(array) ? copyArray(array) : [array], baseFlatten(args, 1));
-    }
-
-    /**
-     * Creates an array of `array` values not included in the other given arrays
-     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons. The order and references of result values are
-     * determined by the first array.
-     *
-     * **Note:** Unlike `_.pullAll`, this method returns a new array.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {...Array} [values] The values to exclude.
-     * @returns {Array} Returns the new array of filtered values.
-     * @see _.without, _.xor
-     * @example
-     *
-     * _.difference([2, 1], [2, 3]);
-     * // => [1]
-     */
-    var difference = baseRest(function (array, values) {
-      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true)) : [];
-    });
-
-    /**
-     * This method is like `_.difference` except that it accepts `iteratee` which
-     * is invoked for each element of `array` and `values` to generate the criterion
-     * by which they're compared. The order and references of result values are
-     * determined by the first array. The iteratee is invoked with one argument:
-     * (value).
-     *
-     * **Note:** Unlike `_.pullAllBy`, this method returns a new array.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {...Array} [values] The values to exclude.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns the new array of filtered values.
-     * @example
-     *
-     * _.differenceBy([2.1, 1.2], [2.3, 3.4], Math.floor);
-     * // => [1.2]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.differenceBy([{ 'x': 2 }, { 'x': 1 }], [{ 'x': 1 }], 'x');
-     * // => [{ 'x': 2 }]
-     */
-    var differenceBy = baseRest(function (array, values) {
-      var iteratee = last(values);
-      if (isArrayLikeObject(iteratee)) {
-        iteratee = undefined;
-      }
-      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true), getIteratee(iteratee, 2)) : [];
-    });
-
-    /**
-     * This method is like `_.difference` except that it accepts `comparator`
-     * which is invoked to compare elements of `array` to `values`. The order and
-     * references of result values are determined by the first array. The comparator
-     * is invoked with two arguments: (arrVal, othVal).
-     *
-     * **Note:** Unlike `_.pullAllWith`, this method returns a new array.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {...Array} [values] The values to exclude.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of filtered values.
-     * @example
-     *
-     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
-     *
-     * _.differenceWith(objects, [{ 'x': 1, 'y': 2 }], _.isEqual);
-     * // => [{ 'x': 2, 'y': 1 }]
-     */
-    var differenceWith = baseRest(function (array, values) {
-      var comparator = last(values);
-      if (isArrayLikeObject(comparator)) {
-        comparator = undefined;
-      }
-      return isArrayLikeObject(array) ? baseDifference(array, baseFlatten(values, 1, isArrayLikeObject, true), undefined, comparator) : [];
-    });
-
-    /**
-     * Creates a slice of `array` with `n` elements dropped from the beginning.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.5.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {number} [n=1] The number of elements to drop.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.drop([1, 2, 3]);
-     * // => [2, 3]
-     *
-     * _.drop([1, 2, 3], 2);
-     * // => [3]
-     *
-     * _.drop([1, 2, 3], 5);
-     * // => []
-     *
-     * _.drop([1, 2, 3], 0);
-     * // => [1, 2, 3]
-     */
-    function drop(array, n, guard) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      n = guard || n === undefined ? 1 : toInteger(n);
-      return baseSlice(array, n < 0 ? 0 : n, length);
-    }
-
-    /**
-     * Creates a slice of `array` with `n` elements dropped from the end.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {number} [n=1] The number of elements to drop.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.dropRight([1, 2, 3]);
-     * // => [1, 2]
-     *
-     * _.dropRight([1, 2, 3], 2);
-     * // => [1]
-     *
-     * _.dropRight([1, 2, 3], 5);
-     * // => []
-     *
-     * _.dropRight([1, 2, 3], 0);
-     * // => [1, 2, 3]
-     */
-    function dropRight(array, n, guard) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      n = guard || n === undefined ? 1 : toInteger(n);
-      n = length - n;
-      return baseSlice(array, 0, n < 0 ? 0 : n);
-    }
-
-    /**
-     * Creates a slice of `array` excluding elements dropped from the end.
-     * Elements are dropped until `predicate` returns falsey. The predicate is
-     * invoked with three arguments: (value, index, array).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': true },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': false }
-     * ];
-     *
-     * _.dropRightWhile(users, function(o) { return !o.active; });
-     * // => objects for ['barney']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.dropRightWhile(users, { 'user': 'pebbles', 'active': false });
-     * // => objects for ['barney', 'fred']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.dropRightWhile(users, ['active', false]);
-     * // => objects for ['barney']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.dropRightWhile(users, 'active');
-     * // => objects for ['barney', 'fred', 'pebbles']
-     */
-    function dropRightWhile(array, predicate) {
-      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), true, true) : [];
-    }
-
-    /**
-     * Creates a slice of `array` excluding elements dropped from the beginning.
-     * Elements are dropped until `predicate` returns falsey. The predicate is
-     * invoked with three arguments: (value, index, array).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': false },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': true }
-     * ];
-     *
-     * _.dropWhile(users, function(o) { return !o.active; });
-     * // => objects for ['pebbles']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.dropWhile(users, { 'user': 'barney', 'active': false });
-     * // => objects for ['fred', 'pebbles']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.dropWhile(users, ['active', false]);
-     * // => objects for ['pebbles']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.dropWhile(users, 'active');
-     * // => objects for ['barney', 'fred', 'pebbles']
-     */
-    function dropWhile(array, predicate) {
-      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), true) : [];
-    }
-
-    /**
-     * Fills elements of `array` with `value` from `start` up to, but not
-     * including, `end`.
-     *
-     * **Note:** This method mutates `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.2.0
-     * @category Array
-     * @param {Array} array The array to fill.
-     * @param {*} value The value to fill `array` with.
-     * @param {number} [start=0] The start position.
-     * @param {number} [end=array.length] The end position.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = [1, 2, 3];
-     *
-     * _.fill(array, 'a');
-     * console.log(array);
-     * // => ['a', 'a', 'a']
-     *
-     * _.fill(Array(3), 2);
-     * // => [2, 2, 2]
-     *
-     * _.fill([4, 6, 8, 10], '*', 1, 3);
-     * // => [4, '*', '*', 10]
-     */
-    function fill(array, value, start, end) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      if (start && typeof start != 'number' && isIterateeCall(array, value, start)) {
-        start = 0;
-        end = length;
-      }
-      return baseFill(array, value, start, end);
-    }
-
-    /**
-     * This method is like `_.find` except that it returns the index of the first
-     * element `predicate` returns truthy for instead of the element itself.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param {number} [fromIndex=0] The index to search from.
-     * @returns {number} Returns the index of the found element, else `-1`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': false },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': true }
-     * ];
-     *
-     * _.findIndex(users, function(o) { return o.user == 'barney'; });
-     * // => 0
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.findIndex(users, { 'user': 'fred', 'active': false });
-     * // => 1
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.findIndex(users, ['active', false]);
-     * // => 0
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.findIndex(users, 'active');
-     * // => 2
-     */
-    function findIndex(array, predicate, fromIndex) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return -1;
-      }
-      var index = fromIndex == null ? 0 : toInteger(fromIndex);
-      if (index < 0) {
-        index = nativeMax(length + index, 0);
-      }
-      return baseFindIndex(array, getIteratee(predicate, 3), index);
-    }
-
-    /**
-     * This method is like `_.findIndex` except that it iterates over elements
-     * of `collection` from right to left.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param {number} [fromIndex=array.length-1] The index to search from.
-     * @returns {number} Returns the index of the found element, else `-1`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': true },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': false }
-     * ];
-     *
-     * _.findLastIndex(users, function(o) { return o.user == 'pebbles'; });
-     * // => 2
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.findLastIndex(users, { 'user': 'barney', 'active': true });
-     * // => 0
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.findLastIndex(users, ['active', false]);
-     * // => 2
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.findLastIndex(users, 'active');
-     * // => 0
-     */
-    function findLastIndex(array, predicate, fromIndex) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return -1;
-      }
-      var index = length - 1;
-      if (fromIndex !== undefined) {
-        index = toInteger(fromIndex);
-        index = fromIndex < 0 ? nativeMax(length + index, 0) : nativeMin(index, length - 1);
-      }
-      return baseFindIndex(array, getIteratee(predicate, 3), index, true);
-    }
-
-    /**
-     * Flattens `array` a single level deep.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to flatten.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * _.flatten([1, [2, [3, [4]], 5]]);
-     * // => [1, 2, [3, [4]], 5]
-     */
-    function flatten(array) {
-      var length = array == null ? 0 : array.length;
-      return length ? baseFlatten(array, 1) : [];
-    }
-
-    /**
-     * Recursively flattens `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to flatten.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * _.flattenDeep([1, [2, [3, [4]], 5]]);
-     * // => [1, 2, 3, 4, 5]
-     */
-    function flattenDeep(array) {
-      var length = array == null ? 0 : array.length;
-      return length ? baseFlatten(array, INFINITY) : [];
-    }
-
-    /**
-     * Recursively flatten `array` up to `depth` times.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.4.0
-     * @category Array
-     * @param {Array} array The array to flatten.
-     * @param {number} [depth=1] The maximum recursion depth.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * var array = [1, [2, [3, [4]], 5]];
-     *
-     * _.flattenDepth(array, 1);
-     * // => [1, 2, [3, [4]], 5]
-     *
-     * _.flattenDepth(array, 2);
-     * // => [1, 2, 3, [4], 5]
-     */
-    function flattenDepth(array, depth) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      depth = depth === undefined ? 1 : toInteger(depth);
-      return baseFlatten(array, depth);
-    }
-
-    /**
-     * The inverse of `_.toPairs`; this method returns an object composed
-     * from key-value `pairs`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} pairs The key-value pairs.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * _.fromPairs([['a', 1], ['b', 2]]);
-     * // => { 'a': 1, 'b': 2 }
-     */
-    function fromPairs(pairs) {
-      var index = -1,
-        length = pairs == null ? 0 : pairs.length,
-        result = {};
-      while (++index < length) {
-        var pair = pairs[index];
-        result[pair[0]] = pair[1];
-      }
-      return result;
-    }
-
-    /**
-     * Gets the first element of `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @alias first
-     * @category Array
-     * @param {Array} array The array to query.
-     * @returns {*} Returns the first element of `array`.
-     * @example
-     *
-     * _.head([1, 2, 3]);
-     * // => 1
-     *
-     * _.head([]);
-     * // => undefined
-     */
-    function head(array) {
-      return array && array.length ? array[0] : undefined;
-    }
-
-    /**
-     * Gets the index at which the first occurrence of `value` is found in `array`
-     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons. If `fromIndex` is negative, it's used as the
-     * offset from the end of `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {*} value The value to search for.
-     * @param {number} [fromIndex=0] The index to search from.
-     * @returns {number} Returns the index of the matched value, else `-1`.
-     * @example
-     *
-     * _.indexOf([1, 2, 1, 2], 2);
-     * // => 1
-     *
-     * // Search from the `fromIndex`.
-     * _.indexOf([1, 2, 1, 2], 2, 2);
-     * // => 3
-     */
-    function indexOf(array, value, fromIndex) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return -1;
-      }
-      var index = fromIndex == null ? 0 : toInteger(fromIndex);
-      if (index < 0) {
-        index = nativeMax(length + index, 0);
-      }
-      return baseIndexOf(array, value, index);
-    }
-
-    /**
-     * Gets all but the last element of `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.initial([1, 2, 3]);
-     * // => [1, 2]
-     */
-    function initial(array) {
-      var length = array == null ? 0 : array.length;
-      return length ? baseSlice(array, 0, -1) : [];
-    }
-
-    /**
-     * Creates an array of unique values that are included in all given arrays
-     * using [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons. The order and references of result values are
-     * determined by the first array.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @returns {Array} Returns the new array of intersecting values.
-     * @example
-     *
-     * _.intersection([2, 1], [2, 3]);
-     * // => [2]
-     */
-    var intersection = baseRest(function (arrays) {
-      var mapped = arrayMap(arrays, castArrayLikeObject);
-      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped) : [];
-    });
-
-    /**
-     * This method is like `_.intersection` except that it accepts `iteratee`
-     * which is invoked for each element of each `arrays` to generate the criterion
-     * by which they're compared. The order and references of result values are
-     * determined by the first array. The iteratee is invoked with one argument:
-     * (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns the new array of intersecting values.
-     * @example
-     *
-     * _.intersectionBy([2.1, 1.2], [2.3, 3.4], Math.floor);
-     * // => [2.1]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.intersectionBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
-     * // => [{ 'x': 1 }]
-     */
-    var intersectionBy = baseRest(function (arrays) {
-      var iteratee = last(arrays),
-        mapped = arrayMap(arrays, castArrayLikeObject);
-      if (iteratee === last(mapped)) {
-        iteratee = undefined;
-      } else {
-        mapped.pop();
-      }
-      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, getIteratee(iteratee, 2)) : [];
-    });
-
-    /**
-     * This method is like `_.intersection` except that it accepts `comparator`
-     * which is invoked to compare elements of `arrays`. The order and references
-     * of result values are determined by the first array. The comparator is
-     * invoked with two arguments: (arrVal, othVal).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of intersecting values.
-     * @example
-     *
-     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
-     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
-     *
-     * _.intersectionWith(objects, others, _.isEqual);
-     * // => [{ 'x': 1, 'y': 2 }]
-     */
-    var intersectionWith = baseRest(function (arrays) {
-      var comparator = last(arrays),
-        mapped = arrayMap(arrays, castArrayLikeObject);
-      comparator = typeof comparator == 'function' ? comparator : undefined;
-      if (comparator) {
-        mapped.pop();
-      }
-      return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, undefined, comparator) : [];
-    });
-
-    /**
-     * Converts all elements in `array` into a string separated by `separator`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to convert.
-     * @param {string} [separator=','] The element separator.
-     * @returns {string} Returns the joined string.
-     * @example
-     *
-     * _.join(['a', 'b', 'c'], '~');
-     * // => 'a~b~c'
-     */
-    function join(array, separator) {
-      return array == null ? '' : nativeJoin.call(array, separator);
-    }
-
-    /**
-     * Gets the last element of `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @returns {*} Returns the last element of `array`.
-     * @example
-     *
-     * _.last([1, 2, 3]);
-     * // => 3
-     */
-    function last(array) {
-      var length = array == null ? 0 : array.length;
-      return length ? array[length - 1] : undefined;
-    }
-
-    /**
-     * This method is like `_.indexOf` except that it iterates over elements of
-     * `array` from right to left.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {*} value The value to search for.
-     * @param {number} [fromIndex=array.length-1] The index to search from.
-     * @returns {number} Returns the index of the matched value, else `-1`.
-     * @example
-     *
-     * _.lastIndexOf([1, 2, 1, 2], 2);
-     * // => 3
-     *
-     * // Search from the `fromIndex`.
-     * _.lastIndexOf([1, 2, 1, 2], 2, 2);
-     * // => 1
-     */
-    function lastIndexOf(array, value, fromIndex) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return -1;
-      }
-      var index = length;
-      if (fromIndex !== undefined) {
-        index = toInteger(fromIndex);
-        index = index < 0 ? nativeMax(length + index, 0) : nativeMin(index, length - 1);
-      }
-      return value === value ? strictLastIndexOf(array, value, index) : baseFindIndex(array, baseIsNaN, index, true);
-    }
-
-    /**
-     * Gets the element at index `n` of `array`. If `n` is negative, the nth
-     * element from the end is returned.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.11.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {number} [n=0] The index of the element to return.
-     * @returns {*} Returns the nth element of `array`.
-     * @example
-     *
-     * var array = ['a', 'b', 'c', 'd'];
-     *
-     * _.nth(array, 1);
-     * // => 'b'
-     *
-     * _.nth(array, -2);
-     * // => 'c';
-     */
-    function nth(array, n) {
-      return array && array.length ? baseNth(array, toInteger(n)) : undefined;
-    }
-
-    /**
-     * Removes all given values from `array` using
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons.
-     *
-     * **Note:** Unlike `_.without`, this method mutates `array`. Use `_.remove`
-     * to remove elements from an array by predicate.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {...*} [values] The values to remove.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = ['a', 'b', 'c', 'a', 'b', 'c'];
-     *
-     * _.pull(array, 'a', 'c');
-     * console.log(array);
-     * // => ['b', 'b']
-     */
-    var pull = baseRest(pullAll);
-
-    /**
-     * This method is like `_.pull` except that it accepts an array of values to remove.
-     *
-     * **Note:** Unlike `_.difference`, this method mutates `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {Array} values The values to remove.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = ['a', 'b', 'c', 'a', 'b', 'c'];
-     *
-     * _.pullAll(array, ['a', 'c']);
-     * console.log(array);
-     * // => ['b', 'b']
-     */
-    function pullAll(array, values) {
-      return array && array.length && values && values.length ? basePullAll(array, values) : array;
-    }
-
-    /**
-     * This method is like `_.pullAll` except that it accepts `iteratee` which is
-     * invoked for each element of `array` and `values` to generate the criterion
-     * by which they're compared. The iteratee is invoked with one argument: (value).
-     *
-     * **Note:** Unlike `_.differenceBy`, this method mutates `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {Array} values The values to remove.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = [{ 'x': 1 }, { 'x': 2 }, { 'x': 3 }, { 'x': 1 }];
-     *
-     * _.pullAllBy(array, [{ 'x': 1 }, { 'x': 3 }], 'x');
-     * console.log(array);
-     * // => [{ 'x': 2 }]
-     */
-    function pullAllBy(array, values, iteratee) {
-      return array && array.length && values && values.length ? basePullAll(array, values, getIteratee(iteratee, 2)) : array;
-    }
-
-    /**
-     * This method is like `_.pullAll` except that it accepts `comparator` which
-     * is invoked to compare elements of `array` to `values`. The comparator is
-     * invoked with two arguments: (arrVal, othVal).
-     *
-     * **Note:** Unlike `_.differenceWith`, this method mutates `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.6.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {Array} values The values to remove.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = [{ 'x': 1, 'y': 2 }, { 'x': 3, 'y': 4 }, { 'x': 5, 'y': 6 }];
-     *
-     * _.pullAllWith(array, [{ 'x': 3, 'y': 4 }], _.isEqual);
-     * console.log(array);
-     * // => [{ 'x': 1, 'y': 2 }, { 'x': 5, 'y': 6 }]
-     */
-    function pullAllWith(array, values, comparator) {
-      return array && array.length && values && values.length ? basePullAll(array, values, undefined, comparator) : array;
-    }
-
-    /**
-     * Removes elements from `array` corresponding to `indexes` and returns an
-     * array of removed elements.
-     *
-     * **Note:** Unlike `_.at`, this method mutates `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {...(number|number[])} [indexes] The indexes of elements to remove.
-     * @returns {Array} Returns the new array of removed elements.
-     * @example
-     *
-     * var array = ['a', 'b', 'c', 'd'];
-     * var pulled = _.pullAt(array, [1, 3]);
-     *
-     * console.log(array);
-     * // => ['a', 'c']
-     *
-     * console.log(pulled);
-     * // => ['b', 'd']
-     */
-    var pullAt = flatRest(function (array, indexes) {
-      var length = array == null ? 0 : array.length,
-        result = baseAt(array, indexes);
-      basePullAt(array, arrayMap(indexes, function (index) {
-        return isIndex(index, length) ? +index : index;
-      }).sort(compareAscending));
-      return result;
-    });
-
-    /**
-     * Removes all elements from `array` that `predicate` returns truthy for
-     * and returns an array of the removed elements. The predicate is invoked
-     * with three arguments: (value, index, array).
-     *
-     * **Note:** Unlike `_.filter`, this method mutates `array`. Use `_.pull`
-     * to pull elements from an array by value.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new array of removed elements.
-     * @example
-     *
-     * var array = [1, 2, 3, 4];
-     * var evens = _.remove(array, function(n) {
-     *   return n % 2 == 0;
-     * });
-     *
-     * console.log(array);
-     * // => [1, 3]
-     *
-     * console.log(evens);
-     * // => [2, 4]
-     */
-    function remove(array, predicate) {
-      var result = [];
-      if (!(array && array.length)) {
-        return result;
-      }
-      var index = -1,
-        indexes = [],
-        length = array.length;
-      predicate = getIteratee(predicate, 3);
-      while (++index < length) {
-        var value = array[index];
-        if (predicate(value, index, array)) {
-          result.push(value);
-          indexes.push(index);
-        }
-      }
-      basePullAt(array, indexes);
-      return result;
-    }
-
-    /**
-     * Reverses `array` so that the first element becomes the last, the second
-     * element becomes the second to last, and so on.
-     *
-     * **Note:** This method mutates `array` and is based on
-     * [`Array#reverse`](https://mdn.io/Array/reverse).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to modify.
-     * @returns {Array} Returns `array`.
-     * @example
-     *
-     * var array = [1, 2, 3];
-     *
-     * _.reverse(array);
-     * // => [3, 2, 1]
-     *
-     * console.log(array);
-     * // => [3, 2, 1]
-     */
-    function reverse(array) {
-      return array == null ? array : nativeReverse.call(array);
-    }
-
-    /**
-     * Creates a slice of `array` from `start` up to, but not including, `end`.
-     *
-     * **Note:** This method is used instead of
-     * [`Array#slice`](https://mdn.io/Array/slice) to ensure dense arrays are
-     * returned.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to slice.
-     * @param {number} [start=0] The start position.
-     * @param {number} [end=array.length] The end position.
-     * @returns {Array} Returns the slice of `array`.
-     */
-    function slice(array, start, end) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      if (end && typeof end != 'number' && isIterateeCall(array, start, end)) {
-        start = 0;
-        end = length;
-      } else {
-        start = start == null ? 0 : toInteger(start);
-        end = end === undefined ? length : toInteger(end);
-      }
-      return baseSlice(array, start, end);
-    }
-
-    /**
-     * Uses a binary search to determine the lowest index at which `value`
-     * should be inserted into `array` in order to maintain its sort order.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     * @example
-     *
-     * _.sortedIndex([30, 50], 40);
-     * // => 1
-     */
-    function sortedIndex(array, value) {
-      return baseSortedIndex(array, value);
-    }
-
-    /**
-     * This method is like `_.sortedIndex` except that it accepts `iteratee`
-     * which is invoked for `value` and each element of `array` to compute their
-     * sort ranking. The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     * @example
-     *
-     * var objects = [{ 'x': 4 }, { 'x': 5 }];
-     *
-     * _.sortedIndexBy(objects, { 'x': 4 }, function(o) { return o.x; });
-     * // => 0
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.sortedIndexBy(objects, { 'x': 4 }, 'x');
-     * // => 0
-     */
-    function sortedIndexBy(array, value, iteratee) {
-      return baseSortedIndexBy(array, value, getIteratee(iteratee, 2));
-    }
-
-    /**
-     * This method is like `_.indexOf` except that it performs a binary
-     * search on a sorted `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {*} value The value to search for.
-     * @returns {number} Returns the index of the matched value, else `-1`.
-     * @example
-     *
-     * _.sortedIndexOf([4, 5, 5, 5, 6], 5);
-     * // => 1
-     */
-    function sortedIndexOf(array, value) {
-      var length = array == null ? 0 : array.length;
-      if (length) {
-        var index = baseSortedIndex(array, value);
-        if (index < length && eq(array[index], value)) {
-          return index;
-        }
-      }
-      return -1;
-    }
-
-    /**
-     * This method is like `_.sortedIndex` except that it returns the highest
-     * index at which `value` should be inserted into `array` in order to
-     * maintain its sort order.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     * @example
-     *
-     * _.sortedLastIndex([4, 5, 5, 5, 6], 5);
-     * // => 4
-     */
-    function sortedLastIndex(array, value) {
-      return baseSortedIndex(array, value, true);
-    }
-
-    /**
-     * This method is like `_.sortedLastIndex` except that it accepts `iteratee`
-     * which is invoked for `value` and each element of `array` to compute their
-     * sort ranking. The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The sorted array to inspect.
-     * @param {*} value The value to evaluate.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {number} Returns the index at which `value` should be inserted
-     *  into `array`.
-     * @example
-     *
-     * var objects = [{ 'x': 4 }, { 'x': 5 }];
-     *
-     * _.sortedLastIndexBy(objects, { 'x': 4 }, function(o) { return o.x; });
-     * // => 1
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.sortedLastIndexBy(objects, { 'x': 4 }, 'x');
-     * // => 1
-     */
-    function sortedLastIndexBy(array, value, iteratee) {
-      return baseSortedIndexBy(array, value, getIteratee(iteratee, 2), true);
-    }
-
-    /**
-     * This method is like `_.lastIndexOf` except that it performs a binary
-     * search on a sorted `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {*} value The value to search for.
-     * @returns {number} Returns the index of the matched value, else `-1`.
-     * @example
-     *
-     * _.sortedLastIndexOf([4, 5, 5, 5, 6], 5);
-     * // => 3
-     */
-    function sortedLastIndexOf(array, value) {
-      var length = array == null ? 0 : array.length;
-      if (length) {
-        var index = baseSortedIndex(array, value, true) - 1;
-        if (eq(array[index], value)) {
-          return index;
-        }
-      }
-      return -1;
-    }
-
-    /**
-     * This method is like `_.uniq` except that it's designed and optimized
-     * for sorted arrays.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @returns {Array} Returns the new duplicate free array.
-     * @example
-     *
-     * _.sortedUniq([1, 1, 2]);
-     * // => [1, 2]
-     */
-    function sortedUniq(array) {
-      return array && array.length ? baseSortedUniq(array) : [];
-    }
-
-    /**
-     * This method is like `_.uniqBy` except that it's designed and optimized
-     * for sorted arrays.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {Function} [iteratee] The iteratee invoked per element.
-     * @returns {Array} Returns the new duplicate free array.
-     * @example
-     *
-     * _.sortedUniqBy([1.1, 1.2, 2.3, 2.4], Math.floor);
-     * // => [1.1, 2.3]
-     */
-    function sortedUniqBy(array, iteratee) {
-      return array && array.length ? baseSortedUniq(array, getIteratee(iteratee, 2)) : [];
-    }
-
-    /**
-     * Gets all but the first element of `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.tail([1, 2, 3]);
-     * // => [2, 3]
-     */
-    function tail(array) {
-      var length = array == null ? 0 : array.length;
-      return length ? baseSlice(array, 1, length) : [];
-    }
-
-    /**
-     * Creates a slice of `array` with `n` elements taken from the beginning.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {number} [n=1] The number of elements to take.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.take([1, 2, 3]);
-     * // => [1]
-     *
-     * _.take([1, 2, 3], 2);
-     * // => [1, 2]
-     *
-     * _.take([1, 2, 3], 5);
-     * // => [1, 2, 3]
-     *
-     * _.take([1, 2, 3], 0);
-     * // => []
-     */
-    function take(array, n, guard) {
-      if (!(array && array.length)) {
-        return [];
-      }
-      n = guard || n === undefined ? 1 : toInteger(n);
-      return baseSlice(array, 0, n < 0 ? 0 : n);
-    }
-
-    /**
-     * Creates a slice of `array` with `n` elements taken from the end.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {number} [n=1] The number of elements to take.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * _.takeRight([1, 2, 3]);
-     * // => [3]
-     *
-     * _.takeRight([1, 2, 3], 2);
-     * // => [2, 3]
-     *
-     * _.takeRight([1, 2, 3], 5);
-     * // => [1, 2, 3]
-     *
-     * _.takeRight([1, 2, 3], 0);
-     * // => []
-     */
-    function takeRight(array, n, guard) {
-      var length = array == null ? 0 : array.length;
-      if (!length) {
-        return [];
-      }
-      n = guard || n === undefined ? 1 : toInteger(n);
-      n = length - n;
-      return baseSlice(array, n < 0 ? 0 : n, length);
-    }
-
-    /**
-     * Creates a slice of `array` with elements taken from the end. Elements are
-     * taken until `predicate` returns falsey. The predicate is invoked with
-     * three arguments: (value, index, array).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': true },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': false }
-     * ];
-     *
-     * _.takeRightWhile(users, function(o) { return !o.active; });
-     * // => objects for ['fred', 'pebbles']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.takeRightWhile(users, { 'user': 'pebbles', 'active': false });
-     * // => objects for ['pebbles']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.takeRightWhile(users, ['active', false]);
-     * // => objects for ['fred', 'pebbles']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.takeRightWhile(users, 'active');
-     * // => []
-     */
-    function takeRightWhile(array, predicate) {
-      return array && array.length ? baseWhile(array, getIteratee(predicate, 3), false, true) : [];
-    }
-
-    /**
-     * Creates a slice of `array` with elements taken from the beginning. Elements
-     * are taken until `predicate` returns falsey. The predicate is invoked with
-     * three arguments: (value, index, array).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Array
-     * @param {Array} array The array to query.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the slice of `array`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'active': false },
-     *   { 'user': 'fred',    'active': false },
-     *   { 'user': 'pebbles', 'active': true }
-     * ];
-     *
-     * _.takeWhile(users, function(o) { return !o.active; });
-     * // => objects for ['barney', 'fred']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.takeWhile(users, { 'user': 'barney', 'active': false });
-     * // => objects for ['barney']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.takeWhile(users, ['active', false]);
-     * // => objects for ['barney', 'fred']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.takeWhile(users, 'active');
-     * // => []
-     */
-    function takeWhile(array, predicate) {
-      return array && array.length ? baseWhile(array, getIteratee(predicate, 3)) : [];
-    }
-
-    /**
-     * Creates an array of unique values, in order, from all given arrays using
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @returns {Array} Returns the new array of combined values.
-     * @example
-     *
-     * _.union([2], [1, 2]);
-     * // => [2, 1]
-     */
-    var union = baseRest(function (arrays) {
-      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true));
-    });
-
-    /**
-     * This method is like `_.union` except that it accepts `iteratee` which is
-     * invoked for each element of each `arrays` to generate the criterion by
-     * which uniqueness is computed. Result values are chosen from the first
-     * array in which the value occurs. The iteratee is invoked with one argument:
-     * (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns the new array of combined values.
-     * @example
-     *
-     * _.unionBy([2.1], [1.2, 2.3], Math.floor);
-     * // => [2.1, 1.2]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.unionBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
-     * // => [{ 'x': 1 }, { 'x': 2 }]
-     */
-    var unionBy = baseRest(function (arrays) {
-      var iteratee = last(arrays);
-      if (isArrayLikeObject(iteratee)) {
-        iteratee = undefined;
-      }
-      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true), getIteratee(iteratee, 2));
-    });
-
-    /**
-     * This method is like `_.union` except that it accepts `comparator` which
-     * is invoked to compare elements of `arrays`. Result values are chosen from
-     * the first array in which the value occurs. The comparator is invoked
-     * with two arguments: (arrVal, othVal).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of combined values.
-     * @example
-     *
-     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
-     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
-     *
-     * _.unionWith(objects, others, _.isEqual);
-     * // => [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }, { 'x': 1, 'y': 1 }]
-     */
-    var unionWith = baseRest(function (arrays) {
-      var comparator = last(arrays);
-      comparator = typeof comparator == 'function' ? comparator : undefined;
-      return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true), undefined, comparator);
-    });
-
-    /**
-     * Creates a duplicate-free version of an array, using
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons, in which only the first occurrence of each element
-     * is kept. The order of result values is determined by the order they occur
-     * in the array.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @returns {Array} Returns the new duplicate free array.
-     * @example
-     *
-     * _.uniq([2, 1, 2]);
-     * // => [2, 1]
-     */
-    function uniq(array) {
-      return array && array.length ? baseUniq(array) : [];
-    }
-
-    /**
-     * This method is like `_.uniq` except that it accepts `iteratee` which is
-     * invoked for each element in `array` to generate the criterion by which
-     * uniqueness is computed. The order of result values is determined by the
-     * order they occur in the array. The iteratee is invoked with one argument:
-     * (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns the new duplicate free array.
-     * @example
-     *
-     * _.uniqBy([2.1, 1.2, 2.3], Math.floor);
-     * // => [2.1, 1.2]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.uniqBy([{ 'x': 1 }, { 'x': 2 }, { 'x': 1 }], 'x');
-     * // => [{ 'x': 1 }, { 'x': 2 }]
-     */
-    function uniqBy(array, iteratee) {
-      return array && array.length ? baseUniq(array, getIteratee(iteratee, 2)) : [];
-    }
-
-    /**
-     * This method is like `_.uniq` except that it accepts `comparator` which
-     * is invoked to compare elements of `array`. The order of result values is
-     * determined by the order they occur in the array.The comparator is invoked
-     * with two arguments: (arrVal, othVal).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new duplicate free array.
-     * @example
-     *
-     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }, { 'x': 1, 'y': 2 }];
-     *
-     * _.uniqWith(objects, _.isEqual);
-     * // => [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }]
-     */
-    function uniqWith(array, comparator) {
-      comparator = typeof comparator == 'function' ? comparator : undefined;
-      return array && array.length ? baseUniq(array, undefined, comparator) : [];
-    }
-
-    /**
-     * This method is like `_.zip` except that it accepts an array of grouped
-     * elements and creates an array regrouping the elements to their pre-zip
-     * configuration.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.2.0
-     * @category Array
-     * @param {Array} array The array of grouped elements to process.
-     * @returns {Array} Returns the new array of regrouped elements.
-     * @example
-     *
-     * var zipped = _.zip(['a', 'b'], [1, 2], [true, false]);
-     * // => [['a', 1, true], ['b', 2, false]]
-     *
-     * _.unzip(zipped);
-     * // => [['a', 'b'], [1, 2], [true, false]]
-     */
-    function unzip(array) {
-      if (!(array && array.length)) {
-        return [];
-      }
-      var length = 0;
-      array = arrayFilter(array, function (group) {
-        if (isArrayLikeObject(group)) {
-          length = nativeMax(group.length, length);
-          return true;
-        }
-      });
-      return baseTimes(length, function (index) {
-        return arrayMap(array, baseProperty(index));
-      });
-    }
-
-    /**
-     * This method is like `_.unzip` except that it accepts `iteratee` to specify
-     * how regrouped values should be combined. The iteratee is invoked with the
-     * elements of each group: (...group).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.8.0
-     * @category Array
-     * @param {Array} array The array of grouped elements to process.
-     * @param {Function} [iteratee=_.identity] The function to combine
-     *  regrouped values.
-     * @returns {Array} Returns the new array of regrouped elements.
-     * @example
-     *
-     * var zipped = _.zip([1, 2], [10, 20], [100, 200]);
-     * // => [[1, 10, 100], [2, 20, 200]]
-     *
-     * _.unzipWith(zipped, _.add);
-     * // => [3, 30, 300]
-     */
-    function unzipWith(array, iteratee) {
-      if (!(array && array.length)) {
-        return [];
-      }
-      var result = unzip(array);
-      if (iteratee == null) {
-        return result;
-      }
-      return arrayMap(result, function (group) {
-        return apply(iteratee, undefined, group);
-      });
-    }
-
-    /**
-     * Creates an array excluding all given values using
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * for equality comparisons.
-     *
-     * **Note:** Unlike `_.pull`, this method returns a new array.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {Array} array The array to inspect.
-     * @param {...*} [values] The values to exclude.
-     * @returns {Array} Returns the new array of filtered values.
-     * @see _.difference, _.xor
-     * @example
-     *
-     * _.without([2, 1, 2, 3], 1, 2);
-     * // => [3]
-     */
-    var without = baseRest(function (array, values) {
-      return isArrayLikeObject(array) ? baseDifference(array, values) : [];
-    });
-
-    /**
-     * Creates an array of unique values that is the
-     * [symmetric difference](https://en.wikipedia.org/wiki/Symmetric_difference)
-     * of the given arrays. The order of result values is determined by the order
-     * they occur in the arrays.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.4.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @returns {Array} Returns the new array of filtered values.
-     * @see _.difference, _.without
-     * @example
-     *
-     * _.xor([2, 1], [2, 3]);
-     * // => [1, 3]
-     */
-    var xor = baseRest(function (arrays) {
-      return baseXor(arrayFilter(arrays, isArrayLikeObject));
-    });
-
-    /**
-     * This method is like `_.xor` except that it accepts `iteratee` which is
-     * invoked for each element of each `arrays` to generate the criterion by
-     * which by which they're compared. The order of result values is determined
-     * by the order they occur in the arrays. The iteratee is invoked with one
-     * argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Array} Returns the new array of filtered values.
-     * @example
-     *
-     * _.xorBy([2.1, 1.2], [2.3, 3.4], Math.floor);
-     * // => [1.2, 3.4]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.xorBy([{ 'x': 1 }], [{ 'x': 2 }, { 'x': 1 }], 'x');
-     * // => [{ 'x': 2 }]
-     */
-    var xorBy = baseRest(function (arrays) {
-      var iteratee = last(arrays);
-      if (isArrayLikeObject(iteratee)) {
-        iteratee = undefined;
-      }
-      return baseXor(arrayFilter(arrays, isArrayLikeObject), getIteratee(iteratee, 2));
-    });
-
-    /**
-     * This method is like `_.xor` except that it accepts `comparator` which is
-     * invoked to compare elements of `arrays`. The order of result values is
-     * determined by the order they occur in the arrays. The comparator is invoked
-     * with two arguments: (arrVal, othVal).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to inspect.
-     * @param {Function} [comparator] The comparator invoked per element.
-     * @returns {Array} Returns the new array of filtered values.
-     * @example
-     *
-     * var objects = [{ 'x': 1, 'y': 2 }, { 'x': 2, 'y': 1 }];
-     * var others = [{ 'x': 1, 'y': 1 }, { 'x': 1, 'y': 2 }];
-     *
-     * _.xorWith(objects, others, _.isEqual);
-     * // => [{ 'x': 2, 'y': 1 }, { 'x': 1, 'y': 1 }]
-     */
-    var xorWith = baseRest(function (arrays) {
-      var comparator = last(arrays);
-      comparator = typeof comparator == 'function' ? comparator : undefined;
-      return baseXor(arrayFilter(arrays, isArrayLikeObject), undefined, comparator);
-    });
-
-    /**
-     * Creates an array of grouped elements, the first of which contains the
-     * first elements of the given arrays, the second of which contains the
-     * second elements of the given arrays, and so on.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to process.
-     * @returns {Array} Returns the new array of grouped elements.
-     * @example
-     *
-     * _.zip(['a', 'b'], [1, 2], [true, false]);
-     * // => [['a', 1, true], ['b', 2, false]]
-     */
-    var zip = baseRest(unzip);
-
-    /**
-     * This method is like `_.fromPairs` except that it accepts two arrays,
-     * one of property identifiers and one of corresponding values.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.4.0
-     * @category Array
-     * @param {Array} [props=[]] The property identifiers.
-     * @param {Array} [values=[]] The property values.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * _.zipObject(['a', 'b'], [1, 2]);
-     * // => { 'a': 1, 'b': 2 }
-     */
-    function zipObject(props, values) {
-      return baseZipObject(props || [], values || [], assignValue);
-    }
-
-    /**
-     * This method is like `_.zipObject` except that it supports property paths.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.1.0
-     * @category Array
-     * @param {Array} [props=[]] The property identifiers.
-     * @param {Array} [values=[]] The property values.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * _.zipObjectDeep(['a.b[0].c', 'a.b[1].d'], [1, 2]);
-     * // => { 'a': { 'b': [{ 'c': 1 }, { 'd': 2 }] } }
-     */
-    function zipObjectDeep(props, values) {
-      return baseZipObject(props || [], values || [], baseSet);
-    }
-
-    /**
-     * This method is like `_.zip` except that it accepts `iteratee` to specify
-     * how grouped values should be combined. The iteratee is invoked with the
-     * elements of each group: (...group).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.8.0
-     * @category Array
-     * @param {...Array} [arrays] The arrays to process.
-     * @param {Function} [iteratee=_.identity] The function to combine
-     *  grouped values.
-     * @returns {Array} Returns the new array of grouped elements.
-     * @example
-     *
-     * _.zipWith([1, 2], [10, 20], [100, 200], function(a, b, c) {
-     *   return a + b + c;
-     * });
-     * // => [111, 222]
-     */
-    var zipWith = baseRest(function (arrays) {
-      var length = arrays.length,
-        iteratee = length > 1 ? arrays[length - 1] : undefined;
-      iteratee = typeof iteratee == 'function' ? (arrays.pop(), iteratee) : undefined;
-      return unzipWith(arrays, iteratee);
-    });
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates a `lodash` wrapper instance that wraps `value` with explicit method
-     * chain sequences enabled. The result of such sequences must be unwrapped
-     * with `_#value`.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.3.0
-     * @category Seq
-     * @param {*} value The value to wrap.
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'age': 36 },
-     *   { 'user': 'fred',    'age': 40 },
-     *   { 'user': 'pebbles', 'age': 1 }
-     * ];
-     *
-     * var youngest = _
-     *   .chain(users)
-     *   .sortBy('age')
-     *   .map(function(o) {
-     *     return o.user + ' is ' + o.age;
-     *   })
-     *   .head()
-     *   .value();
-     * // => 'pebbles is 1'
-     */
-    function chain(value) {
-      var result = lodash(value);
-      result.__chain__ = true;
-      return result;
-    }
-
-    /**
-     * This method invokes `interceptor` and returns `value`. The interceptor
-     * is invoked with one argument; (value). The purpose of this method is to
-     * "tap into" a method chain sequence in order to modify intermediate results.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Seq
-     * @param {*} value The value to provide to `interceptor`.
-     * @param {Function} interceptor The function to invoke.
-     * @returns {*} Returns `value`.
-     * @example
-     *
-     * _([1, 2, 3])
-     *  .tap(function(array) {
-     *    // Mutate input array.
-     *    array.pop();
-     *  })
-     *  .reverse()
-     *  .value();
-     * // => [2, 1]
-     */
-    function tap(value, interceptor) {
-      interceptor(value);
-      return value;
-    }
-
-    /**
-     * This method is like `_.tap` except that it returns the result of `interceptor`.
-     * The purpose of this method is to "pass thru" values replacing intermediate
-     * results in a method chain sequence.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Seq
-     * @param {*} value The value to provide to `interceptor`.
-     * @param {Function} interceptor The function to invoke.
-     * @returns {*} Returns the result of `interceptor`.
-     * @example
-     *
-     * _('  abc  ')
-     *  .chain()
-     *  .trim()
-     *  .thru(function(value) {
-     *    return [value];
-     *  })
-     *  .value();
-     * // => ['abc']
-     */
-    function thru(value, interceptor) {
-      return interceptor(value);
-    }
-
-    /**
-     * This method is the wrapper version of `_.at`.
-     *
-     * @name at
-     * @memberOf _
-     * @since 1.0.0
-     * @category Seq
-     * @param {...(string|string[])} [paths] The property paths to pick.
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 3 } }, 4] };
-     *
-     * _(object).at(['a[0].b.c', 'a[1]']).value();
-     * // => [3, 4]
-     */
-    var wrapperAt = flatRest(function (paths) {
-      var length = paths.length,
-        start = length ? paths[0] : 0,
-        value = this.__wrapped__,
-        interceptor = function interceptor(object) {
-          return baseAt(object, paths);
-        };
-      if (length > 1 || this.__actions__.length || !(value instanceof LazyWrapper) || !isIndex(start)) {
-        return this.thru(interceptor);
-      }
-      value = value.slice(start, +start + (length ? 1 : 0));
-      value.__actions__.push({
-        'func': thru,
-        'args': [interceptor],
-        'thisArg': undefined
-      });
-      return new LodashWrapper(value, this.__chain__).thru(function (array) {
-        if (length && !array.length) {
-          array.push(undefined);
-        }
-        return array;
-      });
-    });
-
-    /**
-     * Creates a `lodash` wrapper instance with explicit method chain sequences enabled.
-     *
-     * @name chain
-     * @memberOf _
-     * @since 0.1.0
-     * @category Seq
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney', 'age': 36 },
-     *   { 'user': 'fred',   'age': 40 }
-     * ];
-     *
-     * // A sequence without explicit chaining.
-     * _(users).head();
-     * // => { 'user': 'barney', 'age': 36 }
-     *
-     * // A sequence with explicit chaining.
-     * _(users)
-     *   .chain()
-     *   .head()
-     *   .pick('user')
-     *   .value();
-     * // => { 'user': 'barney' }
-     */
-    function wrapperChain() {
-      return chain(this);
-    }
-
-    /**
-     * Executes the chain sequence and returns the wrapped result.
-     *
-     * @name commit
-     * @memberOf _
-     * @since 3.2.0
-     * @category Seq
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * var array = [1, 2];
-     * var wrapped = _(array).push(3);
-     *
-     * console.log(array);
-     * // => [1, 2]
-     *
-     * wrapped = wrapped.commit();
-     * console.log(array);
-     * // => [1, 2, 3]
-     *
-     * wrapped.last();
-     * // => 3
-     *
-     * console.log(array);
-     * // => [1, 2, 3]
-     */
-    function wrapperCommit() {
-      return new LodashWrapper(this.value(), this.__chain__);
-    }
-
-    /**
-     * Gets the next value on a wrapped object following the
-     * [iterator protocol](https://mdn.io/iteration_protocols#iterator).
-     *
-     * @name next
-     * @memberOf _
-     * @since 4.0.0
-     * @category Seq
-     * @returns {Object} Returns the next iterator value.
-     * @example
-     *
-     * var wrapped = _([1, 2]);
-     *
-     * wrapped.next();
-     * // => { 'done': false, 'value': 1 }
-     *
-     * wrapped.next();
-     * // => { 'done': false, 'value': 2 }
-     *
-     * wrapped.next();
-     * // => { 'done': true, 'value': undefined }
-     */
-    function wrapperNext() {
-      if (this.__values__ === undefined) {
-        this.__values__ = toArray(this.value());
-      }
-      var done = this.__index__ >= this.__values__.length,
-        value = done ? undefined : this.__values__[this.__index__++];
-      return {
-        'done': done,
-        'value': value
-      };
-    }
-
-    /**
-     * Enables the wrapper to be iterable.
-     *
-     * @name Symbol.iterator
-     * @memberOf _
-     * @since 4.0.0
-     * @category Seq
-     * @returns {Object} Returns the wrapper object.
-     * @example
-     *
-     * var wrapped = _([1, 2]);
-     *
-     * wrapped[Symbol.iterator]() === wrapped;
-     * // => true
-     *
-     * Array.from(wrapped);
-     * // => [1, 2]
-     */
-    function wrapperToIterator() {
-      return this;
-    }
-
-    /**
-     * Creates a clone of the chain sequence planting `value` as the wrapped value.
-     *
-     * @name plant
-     * @memberOf _
-     * @since 3.2.0
-     * @category Seq
-     * @param {*} value The value to plant.
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * var wrapped = _([1, 2]).map(square);
-     * var other = wrapped.plant([3, 4]);
-     *
-     * other.value();
-     * // => [9, 16]
-     *
-     * wrapped.value();
-     * // => [1, 4]
-     */
-    function wrapperPlant(value) {
-      var result,
-        parent = this;
-      while (parent instanceof baseLodash) {
-        var clone = wrapperClone(parent);
-        clone.__index__ = 0;
-        clone.__values__ = undefined;
-        if (result) {
-          previous.__wrapped__ = clone;
-        } else {
-          result = clone;
-        }
-        var previous = clone;
-        parent = parent.__wrapped__;
-      }
-      previous.__wrapped__ = value;
-      return result;
-    }
-
-    /**
-     * This method is the wrapper version of `_.reverse`.
-     *
-     * **Note:** This method mutates the wrapped array.
-     *
-     * @name reverse
-     * @memberOf _
-     * @since 0.1.0
-     * @category Seq
-     * @returns {Object} Returns the new `lodash` wrapper instance.
-     * @example
-     *
-     * var array = [1, 2, 3];
-     *
-     * _(array).reverse().value()
-     * // => [3, 2, 1]
-     *
-     * console.log(array);
-     * // => [3, 2, 1]
-     */
-    function wrapperReverse() {
-      var value = this.__wrapped__;
-      if (value instanceof LazyWrapper) {
-        var wrapped = value;
-        if (this.__actions__.length) {
-          wrapped = new LazyWrapper(this);
-        }
-        wrapped = wrapped.reverse();
-        wrapped.__actions__.push({
-          'func': thru,
-          'args': [reverse],
-          'thisArg': undefined
-        });
-        return new LodashWrapper(wrapped, this.__chain__);
-      }
-      return this.thru(reverse);
-    }
-
-    /**
-     * Executes the chain sequence to resolve the unwrapped value.
-     *
-     * @name value
-     * @memberOf _
-     * @since 0.1.0
-     * @alias toJSON, valueOf
-     * @category Seq
-     * @returns {*} Returns the resolved unwrapped value.
-     * @example
-     *
-     * _([1, 2, 3]).value();
-     * // => [1, 2, 3]
-     */
-    function wrapperValue() {
-      return baseWrapperValue(this.__wrapped__, this.__actions__);
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Creates an object composed of keys generated from the results of running
-     * each element of `collection` thru `iteratee`. The corresponding value of
-     * each key is the number of times the key was returned by `iteratee`. The
-     * iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.5.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
-     * @returns {Object} Returns the composed aggregate object.
-     * @example
-     *
-     * _.countBy([6.1, 4.2, 6.3], Math.floor);
-     * // => { '4': 1, '6': 2 }
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.countBy(['one', 'two', 'three'], 'length');
-     * // => { '3': 2, '5': 1 }
-     */
-    var countBy = createAggregator(function (result, value, key) {
-      if (hasOwnProperty.call(result, key)) {
-        ++result[key];
-      } else {
-        baseAssignValue(result, key, 1);
-      }
-    });
-
-    /**
-     * Checks if `predicate` returns truthy for **all** elements of `collection`.
-     * Iteration is stopped once `predicate` returns falsey. The predicate is
-     * invoked with three arguments: (value, index|key, collection).
-     *
-     * **Note:** This method returns `true` for
-     * [empty collections](https://en.wikipedia.org/wiki/Empty_set) because
-     * [everything is true](https://en.wikipedia.org/wiki/Vacuous_truth) of
-     * elements of empty collections.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {boolean} Returns `true` if all elements pass the predicate check,
-     *  else `false`.
-     * @example
-     *
-     * _.every([true, 1, null, 'yes'], Boolean);
-     * // => false
-     *
-     * var users = [
-     *   { 'user': 'barney', 'age': 36, 'active': false },
-     *   { 'user': 'fred',   'age': 40, 'active': false }
-     * ];
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.every(users, { 'user': 'barney', 'active': false });
-     * // => false
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.every(users, ['active', false]);
-     * // => true
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.every(users, 'active');
-     * // => false
-     */
-    function every(collection, predicate, guard) {
-      var func = isArray(collection) ? arrayEvery : baseEvery;
-      if (guard && isIterateeCall(collection, predicate, guard)) {
-        predicate = undefined;
-      }
-      return func(collection, getIteratee(predicate, 3));
-    }
-
-    /**
-     * Iterates over elements of `collection`, returning an array of all elements
-     * `predicate` returns truthy for. The predicate is invoked with three
-     * arguments: (value, index|key, collection).
-     *
-     * **Note:** Unlike `_.remove`, this method returns a new array.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new filtered array.
-     * @see _.reject
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney', 'age': 36, 'active': true },
-     *   { 'user': 'fred',   'age': 40, 'active': false }
-     * ];
-     *
-     * _.filter(users, function(o) { return !o.active; });
-     * // => objects for ['fred']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.filter(users, { 'age': 36, 'active': true });
-     * // => objects for ['barney']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.filter(users, ['active', false]);
-     * // => objects for ['fred']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.filter(users, 'active');
-     * // => objects for ['barney']
-     *
-     * // Combining several predicates using `_.overEvery` or `_.overSome`.
-     * _.filter(users, _.overSome([{ 'age': 36 }, ['age', 40]]));
-     * // => objects for ['fred', 'barney']
-     */
-    function filter(collection, predicate) {
-      var func = isArray(collection) ? arrayFilter : baseFilter;
-      return func(collection, getIteratee(predicate, 3));
-    }
-
-    /**
-     * Iterates over elements of `collection`, returning the first element
-     * `predicate` returns truthy for. The predicate is invoked with three
-     * arguments: (value, index|key, collection).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param {number} [fromIndex=0] The index to search from.
-     * @returns {*} Returns the matched element, else `undefined`.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'age': 36, 'active': true },
-     *   { 'user': 'fred',    'age': 40, 'active': false },
-     *   { 'user': 'pebbles', 'age': 1,  'active': true }
-     * ];
-     *
-     * _.find(users, function(o) { return o.age < 40; });
-     * // => object for 'barney'
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.find(users, { 'age': 1, 'active': true });
-     * // => object for 'pebbles'
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.find(users, ['active', false]);
-     * // => object for 'fred'
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.find(users, 'active');
-     * // => object for 'barney'
-     */
-    var find = createFind(findIndex);
-
-    /**
-     * This method is like `_.find` except that it iterates over elements of
-     * `collection` from right to left.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param {number} [fromIndex=collection.length-1] The index to search from.
-     * @returns {*} Returns the matched element, else `undefined`.
-     * @example
-     *
-     * _.findLast([1, 2, 3, 4], function(n) {
-     *   return n % 2 == 1;
-     * });
-     * // => 3
-     */
-    var findLast = createFind(findLastIndex);
-
-    /**
-     * Creates a flattened array of values by running each element in `collection`
-     * thru `iteratee` and flattening the mapped results. The iteratee is invoked
-     * with three arguments: (value, index|key, collection).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * function duplicate(n) {
-     *   return [n, n];
-     * }
-     *
-     * _.flatMap([1, 2], duplicate);
-     * // => [1, 1, 2, 2]
-     */
-    function flatMap(collection, iteratee) {
-      return baseFlatten(map(collection, iteratee), 1);
-    }
-
-    /**
-     * This method is like `_.flatMap` except that it recursively flattens the
-     * mapped results.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.7.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * function duplicate(n) {
-     *   return [[[n, n]]];
-     * }
-     *
-     * _.flatMapDeep([1, 2], duplicate);
-     * // => [1, 1, 2, 2]
-     */
-    function flatMapDeep(collection, iteratee) {
-      return baseFlatten(map(collection, iteratee), INFINITY);
-    }
-
-    /**
-     * This method is like `_.flatMap` except that it recursively flattens the
-     * mapped results up to `depth` times.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.7.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @param {number} [depth=1] The maximum recursion depth.
-     * @returns {Array} Returns the new flattened array.
-     * @example
-     *
-     * function duplicate(n) {
-     *   return [[[n, n]]];
-     * }
-     *
-     * _.flatMapDepth([1, 2], duplicate, 2);
-     * // => [[1, 1], [2, 2]]
-     */
-    function flatMapDepth(collection, iteratee, depth) {
-      depth = depth === undefined ? 1 : toInteger(depth);
-      return baseFlatten(map(collection, iteratee), depth);
-    }
-
-    /**
-     * Iterates over elements of `collection` and invokes `iteratee` for each element.
-     * The iteratee is invoked with three arguments: (value, index|key, collection).
-     * Iteratee functions may exit iteration early by explicitly returning `false`.
-     *
-     * **Note:** As with other "Collections" methods, objects with a "length"
-     * property are iterated like arrays. To avoid this behavior use `_.forIn`
-     * or `_.forOwn` for object iteration.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @alias each
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array|Object} Returns `collection`.
-     * @see _.forEachRight
-     * @example
-     *
-     * _.forEach([1, 2], function(value) {
-     *   console.log(value);
-     * });
-     * // => Logs `1` then `2`.
-     *
-     * _.forEach({ 'a': 1, 'b': 2 }, function(value, key) {
-     *   console.log(key);
-     * });
-     * // => Logs 'a' then 'b' (iteration order is not guaranteed).
-     */
-    function forEach(collection, iteratee) {
-      var func = isArray(collection) ? arrayEach : baseEach;
-      return func(collection, getIteratee(iteratee, 3));
-    }
-
-    /**
-     * This method is like `_.forEach` except that it iterates over elements of
-     * `collection` from right to left.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @alias eachRight
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array|Object} Returns `collection`.
-     * @see _.forEach
-     * @example
-     *
-     * _.forEachRight([1, 2], function(value) {
-     *   console.log(value);
-     * });
-     * // => Logs `2` then `1`.
-     */
-    function forEachRight(collection, iteratee) {
-      var func = isArray(collection) ? arrayEachRight : baseEachRight;
-      return func(collection, getIteratee(iteratee, 3));
-    }
-
-    /**
-     * Creates an object composed of keys generated from the results of running
-     * each element of `collection` thru `iteratee`. The order of grouped values
-     * is determined by the order they occur in `collection`. The corresponding
-     * value of each key is an array of elements responsible for generating the
-     * key. The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
-     * @returns {Object} Returns the composed aggregate object.
-     * @example
-     *
-     * _.groupBy([6.1, 4.2, 6.3], Math.floor);
-     * // => { '4': [4.2], '6': [6.1, 6.3] }
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.groupBy(['one', 'two', 'three'], 'length');
-     * // => { '3': ['one', 'two'], '5': ['three'] }
-     */
-    var groupBy = createAggregator(function (result, value, key) {
-      if (hasOwnProperty.call(result, key)) {
-        result[key].push(value);
-      } else {
-        baseAssignValue(result, key, [value]);
-      }
-    });
-
-    /**
-     * Checks if `value` is in `collection`. If `collection` is a string, it's
-     * checked for a substring of `value`, otherwise
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * is used for equality comparisons. If `fromIndex` is negative, it's used as
-     * the offset from the end of `collection`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object|string} collection The collection to inspect.
-     * @param {*} value The value to search for.
-     * @param {number} [fromIndex=0] The index to search from.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.reduce`.
-     * @returns {boolean} Returns `true` if `value` is found, else `false`.
-     * @example
-     *
-     * _.includes([1, 2, 3], 1);
-     * // => true
-     *
-     * _.includes([1, 2, 3], 1, 2);
-     * // => false
-     *
-     * _.includes({ 'a': 1, 'b': 2 }, 1);
-     * // => true
-     *
-     * _.includes('abcd', 'bc');
-     * // => true
-     */
-    function includes(collection, value, fromIndex, guard) {
-      collection = isArrayLike(collection) ? collection : values(collection);
-      fromIndex = fromIndex && !guard ? toInteger(fromIndex) : 0;
-      var length = collection.length;
-      if (fromIndex < 0) {
-        fromIndex = nativeMax(length + fromIndex, 0);
-      }
-      return isString(collection) ? fromIndex <= length && collection.indexOf(value, fromIndex) > -1 : !!length && baseIndexOf(collection, value, fromIndex) > -1;
-    }
-
-    /**
-     * Invokes the method at `path` of each element in `collection`, returning
-     * an array of the results of each invoked method. Any additional arguments
-     * are provided to each invoked method. If `path` is a function, it's invoked
-     * for, and `this` bound to, each element in `collection`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Array|Function|string} path The path of the method to invoke or
-     *  the function invoked per iteration.
-     * @param {...*} [args] The arguments to invoke each method with.
-     * @returns {Array} Returns the array of results.
-     * @example
-     *
-     * _.invokeMap([[5, 1, 7], [3, 2, 1]], 'sort');
-     * // => [[1, 5, 7], [1, 2, 3]]
-     *
-     * _.invokeMap([123, 456], String.prototype.split, '');
-     * // => [['1', '2', '3'], ['4', '5', '6']]
-     */
-    var invokeMap = baseRest(function (collection, path, args) {
-      var index = -1,
-        isFunc = typeof path == 'function',
-        result = isArrayLike(collection) ? Array(collection.length) : [];
-      baseEach(collection, function (value) {
-        result[++index] = isFunc ? apply(path, value, args) : baseInvoke(value, path, args);
-      });
-      return result;
-    });
-
-    /**
-     * Creates an object composed of keys generated from the results of running
-     * each element of `collection` thru `iteratee`. The corresponding value of
-     * each key is the last element responsible for generating the key. The
-     * iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee to transform keys.
-     * @returns {Object} Returns the composed aggregate object.
-     * @example
-     *
-     * var array = [
-     *   { 'dir': 'left', 'code': 97 },
-     *   { 'dir': 'right', 'code': 100 }
-     * ];
-     *
-     * _.keyBy(array, function(o) {
-     *   return String.fromCharCode(o.code);
-     * });
-     * // => { 'a': { 'dir': 'left', 'code': 97 }, 'd': { 'dir': 'right', 'code': 100 } }
-     *
-     * _.keyBy(array, 'dir');
-     * // => { 'left': { 'dir': 'left', 'code': 97 }, 'right': { 'dir': 'right', 'code': 100 } }
-     */
-    var keyBy = createAggregator(function (result, value, key) {
-      baseAssignValue(result, key, value);
-    });
-
-    /**
-     * Creates an array of values by running each element in `collection` thru
-     * `iteratee`. The iteratee is invoked with three arguments:
-     * (value, index|key, collection).
-     *
-     * Many lodash methods are guarded to work as iteratees for methods like
-     * `_.every`, `_.filter`, `_.map`, `_.mapValues`, `_.reject`, and `_.some`.
-     *
-     * The guarded methods are:
-     * `ary`, `chunk`, `curry`, `curryRight`, `drop`, `dropRight`, `every`,
-     * `fill`, `invert`, `parseInt`, `random`, `range`, `rangeRight`, `repeat`,
-     * `sampleSize`, `slice`, `some`, `sortBy`, `split`, `take`, `takeRight`,
-     * `template`, `trim`, `trimEnd`, `trimStart`, and `words`
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new mapped array.
-     * @example
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * _.map([4, 8], square);
-     * // => [16, 64]
-     *
-     * _.map({ 'a': 4, 'b': 8 }, square);
-     * // => [16, 64] (iteration order is not guaranteed)
-     *
-     * var users = [
-     *   { 'user': 'barney' },
-     *   { 'user': 'fred' }
-     * ];
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.map(users, 'user');
-     * // => ['barney', 'fred']
-     */
-    function map(collection, iteratee) {
-      var func = isArray(collection) ? arrayMap : baseMap;
-      return func(collection, getIteratee(iteratee, 3));
-    }
-
-    /**
-     * This method is like `_.sortBy` except that it allows specifying the sort
-     * orders of the iteratees to sort by. If `orders` is unspecified, all values
-     * are sorted in ascending order. Otherwise, specify an order of "desc" for
-     * descending or "asc" for ascending sort order of corresponding values.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Array[]|Function[]|Object[]|string[]} [iteratees=[_.identity]]
-     *  The iteratees to sort by.
-     * @param {string[]} [orders] The sort orders of `iteratees`.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.reduce`.
-     * @returns {Array} Returns the new sorted array.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'fred',   'age': 48 },
-     *   { 'user': 'barney', 'age': 34 },
-     *   { 'user': 'fred',   'age': 40 },
-     *   { 'user': 'barney', 'age': 36 }
-     * ];
-     *
-     * // Sort by `user` in ascending order and by `age` in descending order.
-     * _.orderBy(users, ['user', 'age'], ['asc', 'desc']);
-     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 40]]
-     */
-    function orderBy(collection, iteratees, orders, guard) {
-      if (collection == null) {
-        return [];
-      }
-      if (!isArray(iteratees)) {
-        iteratees = iteratees == null ? [] : [iteratees];
-      }
-      orders = guard ? undefined : orders;
-      if (!isArray(orders)) {
-        orders = orders == null ? [] : [orders];
-      }
-      return baseOrderBy(collection, iteratees, orders);
-    }
-
-    /**
-     * Creates an array of elements split into two groups, the first of which
-     * contains elements `predicate` returns truthy for, the second of which
-     * contains elements `predicate` returns falsey for. The predicate is
-     * invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the array of grouped elements.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney',  'age': 36, 'active': false },
-     *   { 'user': 'fred',    'age': 40, 'active': true },
-     *   { 'user': 'pebbles', 'age': 1,  'active': false }
-     * ];
-     *
-     * _.partition(users, function(o) { return o.active; });
-     * // => objects for [['fred'], ['barney', 'pebbles']]
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.partition(users, { 'age': 1, 'active': false });
-     * // => objects for [['pebbles'], ['barney', 'fred']]
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.partition(users, ['active', false]);
-     * // => objects for [['barney', 'pebbles'], ['fred']]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.partition(users, 'active');
-     * // => objects for [['fred'], ['barney', 'pebbles']]
-     */
-    var partition = createAggregator(function (result, value, key) {
-      result[key ? 0 : 1].push(value);
-    }, function () {
-      return [[], []];
-    });
-
-    /**
-     * Reduces `collection` to a value which is the accumulated result of running
-     * each element in `collection` thru `iteratee`, where each successive
-     * invocation is supplied the return value of the previous. If `accumulator`
-     * is not given, the first element of `collection` is used as the initial
-     * value. The iteratee is invoked with four arguments:
-     * (accumulator, value, index|key, collection).
-     *
-     * Many lodash methods are guarded to work as iteratees for methods like
-     * `_.reduce`, `_.reduceRight`, and `_.transform`.
-     *
-     * The guarded methods are:
-     * `assign`, `defaults`, `defaultsDeep`, `includes`, `merge`, `orderBy`,
-     * and `sortBy`
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @param {*} [accumulator] The initial value.
-     * @returns {*} Returns the accumulated value.
-     * @see _.reduceRight
-     * @example
-     *
-     * _.reduce([1, 2], function(sum, n) {
-     *   return sum + n;
-     * }, 0);
-     * // => 3
-     *
-     * _.reduce({ 'a': 1, 'b': 2, 'c': 1 }, function(result, value, key) {
-     *   (result[value] || (result[value] = [])).push(key);
-     *   return result;
-     * }, {});
-     * // => { '1': ['a', 'c'], '2': ['b'] } (iteration order is not guaranteed)
-     */
-    function reduce(collection, iteratee, accumulator) {
-      var func = isArray(collection) ? arrayReduce : baseReduce,
-        initAccum = arguments.length < 3;
-      return func(collection, getIteratee(iteratee, 4), accumulator, initAccum, baseEach);
-    }
-
-    /**
-     * This method is like `_.reduce` except that it iterates over elements of
-     * `collection` from right to left.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @param {*} [accumulator] The initial value.
-     * @returns {*} Returns the accumulated value.
-     * @see _.reduce
-     * @example
-     *
-     * var array = [[0, 1], [2, 3], [4, 5]];
-     *
-     * _.reduceRight(array, function(flattened, other) {
-     *   return flattened.concat(other);
-     * }, []);
-     * // => [4, 5, 2, 3, 0, 1]
-     */
-    function reduceRight(collection, iteratee, accumulator) {
-      var func = isArray(collection) ? arrayReduceRight : baseReduce,
-        initAccum = arguments.length < 3;
-      return func(collection, getIteratee(iteratee, 4), accumulator, initAccum, baseEachRight);
-    }
-
-    /**
-     * The opposite of `_.filter`; this method returns the elements of `collection`
-     * that `predicate` does **not** return truthy for.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the new filtered array.
-     * @see _.filter
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney', 'age': 36, 'active': false },
-     *   { 'user': 'fred',   'age': 40, 'active': true }
-     * ];
-     *
-     * _.reject(users, function(o) { return !o.active; });
-     * // => objects for ['fred']
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.reject(users, { 'age': 40, 'active': true });
-     * // => objects for ['barney']
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.reject(users, ['active', false]);
-     * // => objects for ['fred']
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.reject(users, 'active');
-     * // => objects for ['barney']
-     */
-    function reject(collection, predicate) {
-      var func = isArray(collection) ? arrayFilter : baseFilter;
-      return func(collection, negate(getIteratee(predicate, 3)));
-    }
-
-    /**
-     * Gets a random element from `collection`.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to sample.
-     * @returns {*} Returns the random element.
-     * @example
-     *
-     * _.sample([1, 2, 3, 4]);
-     * // => 2
-     */
-    function sample(collection) {
-      var func = isArray(collection) ? arraySample : baseSample;
-      return func(collection);
-    }
-
-    /**
-     * Gets `n` random elements at unique keys from `collection` up to the
-     * size of `collection`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to sample.
-     * @param {number} [n=1] The number of elements to sample.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the random elements.
-     * @example
-     *
-     * _.sampleSize([1, 2, 3], 2);
-     * // => [3, 1]
-     *
-     * _.sampleSize([1, 2, 3], 4);
-     * // => [2, 3, 1]
-     */
-    function sampleSize(collection, n, guard) {
-      if (guard ? isIterateeCall(collection, n, guard) : n === undefined) {
-        n = 1;
-      } else {
-        n = toInteger(n);
-      }
-      var func = isArray(collection) ? arraySampleSize : baseSampleSize;
-      return func(collection, n);
-    }
-
-    /**
-     * Creates an array of shuffled values, using a version of the
-     * [Fisher-Yates shuffle](https://en.wikipedia.org/wiki/Fisher-Yates_shuffle).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to shuffle.
-     * @returns {Array} Returns the new shuffled array.
-     * @example
-     *
-     * _.shuffle([1, 2, 3, 4]);
-     * // => [4, 1, 3, 2]
-     */
-    function shuffle(collection) {
-      var func = isArray(collection) ? arrayShuffle : baseShuffle;
-      return func(collection);
-    }
-
-    /**
-     * Gets the size of `collection` by returning its length for array-like
-     * values or the number of own enumerable string keyed properties for objects.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object|string} collection The collection to inspect.
-     * @returns {number} Returns the collection size.
-     * @example
-     *
-     * _.size([1, 2, 3]);
-     * // => 3
-     *
-     * _.size({ 'a': 1, 'b': 2 });
-     * // => 2
-     *
-     * _.size('pebbles');
-     * // => 7
-     */
-    function size(collection) {
-      if (collection == null) {
-        return 0;
-      }
-      if (isArrayLike(collection)) {
-        return isString(collection) ? stringSize(collection) : collection.length;
-      }
-      var tag = getTag(collection);
-      if (tag == mapTag || tag == setTag) {
-        return collection.size;
-      }
-      return baseKeys(collection).length;
-    }
-
-    /**
-     * Checks if `predicate` returns truthy for **any** element of `collection`.
-     * Iteration is stopped once `predicate` returns truthy. The predicate is
-     * invoked with three arguments: (value, index|key, collection).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {boolean} Returns `true` if any element passes the predicate check,
-     *  else `false`.
-     * @example
-     *
-     * _.some([null, 0, 'yes', false], Boolean);
-     * // => true
-     *
-     * var users = [
-     *   { 'user': 'barney', 'active': true },
-     *   { 'user': 'fred',   'active': false }
-     * ];
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.some(users, { 'user': 'barney', 'active': false });
-     * // => false
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.some(users, ['active', false]);
-     * // => true
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.some(users, 'active');
-     * // => true
-     */
-    function some(collection, predicate, guard) {
-      var func = isArray(collection) ? arraySome : baseSome;
-      if (guard && isIterateeCall(collection, predicate, guard)) {
-        predicate = undefined;
-      }
-      return func(collection, getIteratee(predicate, 3));
-    }
-
-    /**
-     * Creates an array of elements, sorted in ascending order by the results of
-     * running each element in a collection thru each iteratee. This method
-     * performs a stable sort, that is, it preserves the original sort order of
-     * equal elements. The iteratees are invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Collection
-     * @param {Array|Object} collection The collection to iterate over.
-     * @param {...(Function|Function[])} [iteratees=[_.identity]]
-     *  The iteratees to sort by.
-     * @returns {Array} Returns the new sorted array.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'fred',   'age': 48 },
-     *   { 'user': 'barney', 'age': 36 },
-     *   { 'user': 'fred',   'age': 30 },
-     *   { 'user': 'barney', 'age': 34 }
-     * ];
-     *
-     * _.sortBy(users, [function(o) { return o.user; }]);
-     * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 30]]
-     *
-     * _.sortBy(users, ['user', 'age']);
-     * // => objects for [['barney', 34], ['barney', 36], ['fred', 30], ['fred', 48]]
-     */
-    var sortBy = baseRest(function (collection, iteratees) {
-      if (collection == null) {
-        return [];
-      }
-      var length = iteratees.length;
-      if (length > 1 && isIterateeCall(collection, iteratees[0], iteratees[1])) {
-        iteratees = [];
-      } else if (length > 2 && isIterateeCall(iteratees[0], iteratees[1], iteratees[2])) {
-        iteratees = [iteratees[0]];
-      }
-      return baseOrderBy(collection, baseFlatten(iteratees, 1), []);
-    });
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Gets the timestamp of the number of milliseconds that have elapsed since
-     * the Unix epoch (1 January 1970 00:00:00 UTC).
-     *
-     * @static
-     * @memberOf _
-     * @since 2.4.0
-     * @category Date
-     * @returns {number} Returns the timestamp.
-     * @example
-     *
-     * _.defer(function(stamp) {
-     *   console.log(_.now() - stamp);
-     * }, _.now());
-     * // => Logs the number of milliseconds it took for the deferred invocation.
-     */
-    var now = ctxNow || function () {
-      return root.Date.now();
-    };
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * The opposite of `_.before`; this method creates a function that invokes
-     * `func` once it's called `n` or more times.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {number} n The number of calls before `func` is invoked.
-     * @param {Function} func The function to restrict.
-     * @returns {Function} Returns the new restricted function.
-     * @example
-     *
-     * var saves = ['profile', 'settings'];
-     *
-     * var done = _.after(saves.length, function() {
-     *   console.log('done saving!');
-     * });
-     *
-     * _.forEach(saves, function(type) {
-     *   asyncSave({ 'type': type, 'complete': done });
-     * });
-     * // => Logs 'done saving!' after the two async saves have completed.
-     */
-    function after(n, func) {
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      n = toInteger(n);
-      return function () {
-        if (--n < 1) {
-          return func.apply(this, arguments);
-        }
-      };
-    }
-
-    /**
-     * Creates a function that invokes `func`, with up to `n` arguments,
-     * ignoring any additional arguments.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Function
-     * @param {Function} func The function to cap arguments for.
-     * @param {number} [n=func.length] The arity cap.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Function} Returns the new capped function.
-     * @example
-     *
-     * _.map(['6', '8', '10'], _.ary(parseInt, 1));
-     * // => [6, 8, 10]
-     */
-    function ary(func, n, guard) {
-      n = guard ? undefined : n;
-      n = func && n == null ? func.length : n;
-      return createWrap(func, WRAP_ARY_FLAG, undefined, undefined, undefined, undefined, n);
-    }
-
-    /**
-     * Creates a function that invokes `func`, with the `this` binding and arguments
-     * of the created function, while it's called less than `n` times. Subsequent
-     * calls to the created function return the result of the last `func` invocation.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Function
-     * @param {number} n The number of calls at which `func` is no longer invoked.
-     * @param {Function} func The function to restrict.
-     * @returns {Function} Returns the new restricted function.
-     * @example
-     *
-     * jQuery(element).on('click', _.before(5, addContactToList));
-     * // => Allows adding up to 4 contacts to the list.
-     */
-    function before(n, func) {
-      var result;
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      n = toInteger(n);
-      return function () {
-        if (--n > 0) {
-          result = func.apply(this, arguments);
-        }
-        if (n <= 1) {
-          func = undefined;
-        }
-        return result;
-      };
-    }
-
-    /**
-     * Creates a function that invokes `func` with the `this` binding of `thisArg`
-     * and `partials` prepended to the arguments it receives.
-     *
-     * The `_.bind.placeholder` value, which defaults to `_` in monolithic builds,
-     * may be used as a placeholder for partially applied arguments.
-     *
-     * **Note:** Unlike native `Function#bind`, this method doesn't set the "length"
-     * property of bound functions.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to bind.
-     * @param {*} thisArg The `this` binding of `func`.
-     * @param {...*} [partials] The arguments to be partially applied.
-     * @returns {Function} Returns the new bound function.
-     * @example
-     *
-     * function greet(greeting, punctuation) {
-     *   return greeting + ' ' + this.user + punctuation;
-     * }
-     *
-     * var object = { 'user': 'fred' };
-     *
-     * var bound = _.bind(greet, object, 'hi');
-     * bound('!');
-     * // => 'hi fred!'
-     *
-     * // Bound with placeholders.
-     * var bound = _.bind(greet, object, _, '!');
-     * bound('hi');
-     * // => 'hi fred!'
-     */
-    var bind = baseRest(function (func, thisArg, partials) {
-      var bitmask = WRAP_BIND_FLAG;
-      if (partials.length) {
-        var holders = replaceHolders(partials, getHolder(bind));
-        bitmask |= WRAP_PARTIAL_FLAG;
-      }
-      return createWrap(func, bitmask, thisArg, partials, holders);
-    });
-
-    /**
-     * Creates a function that invokes the method at `object[key]` with `partials`
-     * prepended to the arguments it receives.
-     *
-     * This method differs from `_.bind` by allowing bound functions to reference
-     * methods that may be redefined or don't yet exist. See
-     * [Peter Michaux's article](http://peter.michaux.ca/articles/lazy-function-definition-pattern)
-     * for more details.
-     *
-     * The `_.bindKey.placeholder` value, which defaults to `_` in monolithic
-     * builds, may be used as a placeholder for partially applied arguments.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.10.0
-     * @category Function
-     * @param {Object} object The object to invoke the method on.
-     * @param {string} key The key of the method.
-     * @param {...*} [partials] The arguments to be partially applied.
-     * @returns {Function} Returns the new bound function.
-     * @example
-     *
-     * var object = {
-     *   'user': 'fred',
-     *   'greet': function(greeting, punctuation) {
-     *     return greeting + ' ' + this.user + punctuation;
-     *   }
-     * };
-     *
-     * var bound = _.bindKey(object, 'greet', 'hi');
-     * bound('!');
-     * // => 'hi fred!'
-     *
-     * object.greet = function(greeting, punctuation) {
-     *   return greeting + 'ya ' + this.user + punctuation;
-     * };
-     *
-     * bound('!');
-     * // => 'hiya fred!'
-     *
-     * // Bound with placeholders.
-     * var bound = _.bindKey(object, 'greet', _, '!');
-     * bound('hi');
-     * // => 'hiya fred!'
-     */
-    var bindKey = baseRest(function (object, key, partials) {
-      var bitmask = WRAP_BIND_FLAG | WRAP_BIND_KEY_FLAG;
-      if (partials.length) {
-        var holders = replaceHolders(partials, getHolder(bindKey));
-        bitmask |= WRAP_PARTIAL_FLAG;
-      }
-      return createWrap(key, bitmask, object, partials, holders);
-    });
-
-    /**
-     * Creates a function that accepts arguments of `func` and either invokes
-     * `func` returning its result, if at least `arity` number of arguments have
-     * been provided, or returns a function that accepts the remaining `func`
-     * arguments, and so on. The arity of `func` may be specified if `func.length`
-     * is not sufficient.
-     *
-     * The `_.curry.placeholder` value, which defaults to `_` in monolithic builds,
-     * may be used as a placeholder for provided arguments.
-     *
-     * **Note:** This method doesn't set the "length" property of curried functions.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Function
-     * @param {Function} func The function to curry.
-     * @param {number} [arity=func.length] The arity of `func`.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Function} Returns the new curried function.
-     * @example
-     *
-     * var abc = function(a, b, c) {
-     *   return [a, b, c];
-     * };
-     *
-     * var curried = _.curry(abc);
-     *
-     * curried(1)(2)(3);
-     * // => [1, 2, 3]
-     *
-     * curried(1, 2)(3);
-     * // => [1, 2, 3]
-     *
-     * curried(1, 2, 3);
-     * // => [1, 2, 3]
-     *
-     * // Curried with placeholders.
-     * curried(1)(_, 3)(2);
-     * // => [1, 2, 3]
-     */
-    function curry(func, arity, guard) {
-      arity = guard ? undefined : arity;
-      var result = createWrap(func, WRAP_CURRY_FLAG, undefined, undefined, undefined, undefined, undefined, arity);
-      result.placeholder = curry.placeholder;
-      return result;
-    }
-
-    /**
-     * This method is like `_.curry` except that arguments are applied to `func`
-     * in the manner of `_.partialRight` instead of `_.partial`.
-     *
-     * The `_.curryRight.placeholder` value, which defaults to `_` in monolithic
-     * builds, may be used as a placeholder for provided arguments.
-     *
-     * **Note:** This method doesn't set the "length" property of curried functions.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Function
-     * @param {Function} func The function to curry.
-     * @param {number} [arity=func.length] The arity of `func`.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Function} Returns the new curried function.
-     * @example
-     *
-     * var abc = function(a, b, c) {
-     *   return [a, b, c];
-     * };
-     *
-     * var curried = _.curryRight(abc);
-     *
-     * curried(3)(2)(1);
-     * // => [1, 2, 3]
-     *
-     * curried(2, 3)(1);
-     * // => [1, 2, 3]
-     *
-     * curried(1, 2, 3);
-     * // => [1, 2, 3]
-     *
-     * // Curried with placeholders.
-     * curried(3)(1, _)(2);
-     * // => [1, 2, 3]
-     */
-    function curryRight(func, arity, guard) {
-      arity = guard ? undefined : arity;
-      var result = createWrap(func, WRAP_CURRY_RIGHT_FLAG, undefined, undefined, undefined, undefined, undefined, arity);
-      result.placeholder = curryRight.placeholder;
-      return result;
-    }
-
-    /**
-     * Creates a debounced function that delays invoking `func` until after `wait`
-     * milliseconds have elapsed since the last time the debounced function was
-     * invoked. The debounced function comes with a `cancel` method to cancel
-     * delayed `func` invocations and a `flush` method to immediately invoke them.
-     * Provide `options` to indicate whether `func` should be invoked on the
-     * leading and/or trailing edge of the `wait` timeout. The `func` is invoked
-     * with the last arguments provided to the debounced function. Subsequent
-     * calls to the debounced function return the result of the last `func`
-     * invocation.
-     *
-     * **Note:** If `leading` and `trailing` options are `true`, `func` is
-     * invoked on the trailing edge of the timeout only if the debounced function
-     * is invoked more than once during the `wait` timeout.
-     *
-     * If `wait` is `0` and `leading` is `false`, `func` invocation is deferred
-     * until to the next tick, similar to `setTimeout` with a timeout of `0`.
-     *
-     * See [David Corbacho's article](https://css-tricks.com/debouncing-throttling-explained-examples/)
-     * for details over the differences between `_.debounce` and `_.throttle`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to debounce.
-     * @param {number} [wait=0] The number of milliseconds to delay.
-     * @param {Object} [options={}] The options object.
-     * @param {boolean} [options.leading=false]
-     *  Specify invoking on the leading edge of the timeout.
-     * @param {number} [options.maxWait]
-     *  The maximum time `func` is allowed to be delayed before it's invoked.
-     * @param {boolean} [options.trailing=true]
-     *  Specify invoking on the trailing edge of the timeout.
-     * @returns {Function} Returns the new debounced function.
-     * @example
-     *
-     * // Avoid costly calculations while the window size is in flux.
-     * jQuery(window).on('resize', _.debounce(calculateLayout, 150));
-     *
-     * // Invoke `sendMail` when clicked, debouncing subsequent calls.
-     * jQuery(element).on('click', _.debounce(sendMail, 300, {
-     *   'leading': true,
-     *   'trailing': false
-     * }));
-     *
-     * // Ensure `batchLog` is invoked once after 1 second of debounced calls.
-     * var debounced = _.debounce(batchLog, 250, { 'maxWait': 1000 });
-     * var source = new EventSource('/stream');
-     * jQuery(source).on('message', debounced);
-     *
-     * // Cancel the trailing debounced invocation.
-     * jQuery(window).on('popstate', debounced.cancel);
-     */
-    function debounce(func, wait, options) {
-      var lastArgs,
-        lastThis,
-        maxWait,
-        result,
-        timerId,
-        lastCallTime,
-        lastInvokeTime = 0,
-        leading = false,
-        maxing = false,
-        trailing = true;
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      wait = toNumber(wait) || 0;
-      if (isObject(options)) {
-        leading = !!options.leading;
-        maxing = 'maxWait' in options;
-        maxWait = maxing ? nativeMax(toNumber(options.maxWait) || 0, wait) : maxWait;
-        trailing = 'trailing' in options ? !!options.trailing : trailing;
-      }
-      function invokeFunc(time) {
-        var args = lastArgs,
-          thisArg = lastThis;
-        lastArgs = lastThis = undefined;
-        lastInvokeTime = time;
-        result = func.apply(thisArg, args);
-        return result;
-      }
-      function leadingEdge(time) {
-        // Reset any `maxWait` timer.
-        lastInvokeTime = time;
-        // Start the timer for the trailing edge.
-        timerId = setTimeout(timerExpired, wait);
-        // Invoke the leading edge.
-        return leading ? invokeFunc(time) : result;
-      }
-      function remainingWait(time) {
-        var timeSinceLastCall = time - lastCallTime,
-          timeSinceLastInvoke = time - lastInvokeTime,
-          timeWaiting = wait - timeSinceLastCall;
-        return maxing ? nativeMin(timeWaiting, maxWait - timeSinceLastInvoke) : timeWaiting;
-      }
-      function shouldInvoke(time) {
-        var timeSinceLastCall = time - lastCallTime,
-          timeSinceLastInvoke = time - lastInvokeTime;
-
-        // Either this is the first call, activity has stopped and we're at the
-        // trailing edge, the system time has gone backwards and we're treating
-        // it as the trailing edge, or we've hit the `maxWait` limit.
-        return lastCallTime === undefined || timeSinceLastCall >= wait || timeSinceLastCall < 0 || maxing && timeSinceLastInvoke >= maxWait;
-      }
-      function timerExpired() {
-        var time = now();
-        if (shouldInvoke(time)) {
-          return trailingEdge(time);
-        }
-        // Restart the timer.
-        timerId = setTimeout(timerExpired, remainingWait(time));
-      }
-      function trailingEdge(time) {
-        timerId = undefined;
-
-        // Only invoke if we have `lastArgs` which means `func` has been
-        // debounced at least once.
-        if (trailing && lastArgs) {
-          return invokeFunc(time);
-        }
-        lastArgs = lastThis = undefined;
-        return result;
-      }
-      function cancel() {
-        if (timerId !== undefined) {
-          clearTimeout(timerId);
-        }
-        lastInvokeTime = 0;
-        lastArgs = lastCallTime = lastThis = timerId = undefined;
-      }
-      function flush() {
-        return timerId === undefined ? result : trailingEdge(now());
-      }
-      function debounced() {
-        var time = now(),
-          isInvoking = shouldInvoke(time);
-        lastArgs = arguments;
-        lastThis = this;
-        lastCallTime = time;
-        if (isInvoking) {
-          if (timerId === undefined) {
-            return leadingEdge(lastCallTime);
-          }
-          if (maxing) {
-            // Handle invocations in a tight loop.
-            clearTimeout(timerId);
-            timerId = setTimeout(timerExpired, wait);
-            return invokeFunc(lastCallTime);
-          }
-        }
-        if (timerId === undefined) {
-          timerId = setTimeout(timerExpired, wait);
-        }
-        return result;
-      }
-      debounced.cancel = cancel;
-      debounced.flush = flush;
-      return debounced;
-    }
-
-    /**
-     * Defers invoking the `func` until the current call stack has cleared. Any
-     * additional arguments are provided to `func` when it's invoked.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to defer.
-     * @param {...*} [args] The arguments to invoke `func` with.
-     * @returns {number} Returns the timer id.
-     * @example
-     *
-     * _.defer(function(text) {
-     *   console.log(text);
-     * }, 'deferred');
-     * // => Logs 'deferred' after one millisecond.
-     */
-    var defer = baseRest(function (func, args) {
-      return baseDelay(func, 1, args);
-    });
-
-    /**
-     * Invokes `func` after `wait` milliseconds. Any additional arguments are
-     * provided to `func` when it's invoked.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to delay.
-     * @param {number} wait The number of milliseconds to delay invocation.
-     * @param {...*} [args] The arguments to invoke `func` with.
-     * @returns {number} Returns the timer id.
-     * @example
-     *
-     * _.delay(function(text) {
-     *   console.log(text);
-     * }, 1000, 'later');
-     * // => Logs 'later' after one second.
-     */
-    var delay = baseRest(function (func, wait, args) {
-      return baseDelay(func, toNumber(wait) || 0, args);
-    });
-
-    /**
-     * Creates a function that invokes `func` with arguments reversed.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Function
-     * @param {Function} func The function to flip arguments for.
-     * @returns {Function} Returns the new flipped function.
-     * @example
-     *
-     * var flipped = _.flip(function() {
-     *   return _.toArray(arguments);
-     * });
-     *
-     * flipped('a', 'b', 'c', 'd');
-     * // => ['d', 'c', 'b', 'a']
-     */
-    function flip(func) {
-      return createWrap(func, WRAP_FLIP_FLAG);
-    }
-
-    /**
-     * Creates a function that memoizes the result of `func`. If `resolver` is
-     * provided, it determines the cache key for storing the result based on the
-     * arguments provided to the memoized function. By default, the first argument
-     * provided to the memoized function is used as the map cache key. The `func`
-     * is invoked with the `this` binding of the memoized function.
-     *
-     * **Note:** The cache is exposed as the `cache` property on the memoized
-     * function. Its creation may be customized by replacing the `_.memoize.Cache`
-     * constructor with one whose instances implement the
-     * [`Map`](http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
-     * method interface of `clear`, `delete`, `get`, `has`, and `set`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to have its output memoized.
-     * @param {Function} [resolver] The function to resolve the cache key.
-     * @returns {Function} Returns the new memoized function.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': 2 };
-     * var other = { 'c': 3, 'd': 4 };
-     *
-     * var values = _.memoize(_.values);
-     * values(object);
-     * // => [1, 2]
-     *
-     * values(other);
-     * // => [3, 4]
-     *
-     * object.a = 2;
-     * values(object);
-     * // => [1, 2]
-     *
-     * // Modify the result cache.
-     * values.cache.set(object, ['a', 'b']);
-     * values(object);
-     * // => ['a', 'b']
-     *
-     * // Replace `_.memoize.Cache`.
-     * _.memoize.Cache = WeakMap;
-     */
-    function memoize(func, resolver) {
-      if (typeof func != 'function' || resolver != null && typeof resolver != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      var memoized = function memoized() {
-        var args = arguments,
-          key = resolver ? resolver.apply(this, args) : args[0],
-          cache = memoized.cache;
-        if (cache.has(key)) {
-          return cache.get(key);
-        }
-        var result = func.apply(this, args);
-        memoized.cache = cache.set(key, result) || cache;
-        return result;
-      };
-      memoized.cache = new (memoize.Cache || MapCache)();
-      return memoized;
-    }
-
-    // Expose `MapCache`.
-    memoize.Cache = MapCache;
-
-    /**
-     * Creates a function that negates the result of the predicate `func`. The
-     * `func` predicate is invoked with the `this` binding and arguments of the
-     * created function.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Function
-     * @param {Function} predicate The predicate to negate.
-     * @returns {Function} Returns the new negated function.
-     * @example
-     *
-     * function isEven(n) {
-     *   return n % 2 == 0;
-     * }
-     *
-     * _.filter([1, 2, 3, 4, 5, 6], _.negate(isEven));
-     * // => [1, 3, 5]
-     */
-    function negate(predicate) {
-      if (typeof predicate != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      return function () {
-        var args = arguments;
-        switch (args.length) {
-          case 0:
-            return !predicate.call(this);
-          case 1:
-            return !predicate.call(this, args[0]);
-          case 2:
-            return !predicate.call(this, args[0], args[1]);
-          case 3:
-            return !predicate.call(this, args[0], args[1], args[2]);
-        }
-        return !predicate.apply(this, args);
-      };
-    }
-
-    /**
-     * Creates a function that is restricted to invoking `func` once. Repeat calls
-     * to the function return the value of the first invocation. The `func` is
-     * invoked with the `this` binding and arguments of the created function.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to restrict.
-     * @returns {Function} Returns the new restricted function.
-     * @example
-     *
-     * var initialize = _.once(createApplication);
-     * initialize();
-     * initialize();
-     * // => `createApplication` is invoked once
-     */
-    function once(func) {
-      return before(2, func);
-    }
-
-    /**
-     * Creates a function that invokes `func` with its arguments transformed.
-     *
-     * @static
-     * @since 4.0.0
-     * @memberOf _
-     * @category Function
-     * @param {Function} func The function to wrap.
-     * @param {...(Function|Function[])} [transforms=[_.identity]]
-     *  The argument transforms.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * function doubled(n) {
-     *   return n * 2;
-     * }
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * var func = _.overArgs(function(x, y) {
-     *   return [x, y];
-     * }, [square, doubled]);
-     *
-     * func(9, 3);
-     * // => [81, 6]
-     *
-     * func(10, 5);
-     * // => [100, 10]
-     */
-    var overArgs = castRest(function (func, transforms) {
-      transforms = transforms.length == 1 && isArray(transforms[0]) ? arrayMap(transforms[0], baseUnary(getIteratee())) : arrayMap(baseFlatten(transforms, 1), baseUnary(getIteratee()));
-      var funcsLength = transforms.length;
-      return baseRest(function (args) {
-        var index = -1,
-          length = nativeMin(args.length, funcsLength);
-        while (++index < length) {
-          args[index] = transforms[index].call(this, args[index]);
-        }
-        return apply(func, this, args);
-      });
-    });
-
-    /**
-     * Creates a function that invokes `func` with `partials` prepended to the
-     * arguments it receives. This method is like `_.bind` except it does **not**
-     * alter the `this` binding.
-     *
-     * The `_.partial.placeholder` value, which defaults to `_` in monolithic
-     * builds, may be used as a placeholder for partially applied arguments.
-     *
-     * **Note:** This method doesn't set the "length" property of partially
-     * applied functions.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.2.0
-     * @category Function
-     * @param {Function} func The function to partially apply arguments to.
-     * @param {...*} [partials] The arguments to be partially applied.
-     * @returns {Function} Returns the new partially applied function.
-     * @example
-     *
-     * function greet(greeting, name) {
-     *   return greeting + ' ' + name;
-     * }
-     *
-     * var sayHelloTo = _.partial(greet, 'hello');
-     * sayHelloTo('fred');
-     * // => 'hello fred'
-     *
-     * // Partially applied with placeholders.
-     * var greetFred = _.partial(greet, _, 'fred');
-     * greetFred('hi');
-     * // => 'hi fred'
-     */
-    var partial = baseRest(function (func, partials) {
-      var holders = replaceHolders(partials, getHolder(partial));
-      return createWrap(func, WRAP_PARTIAL_FLAG, undefined, partials, holders);
-    });
-
-    /**
-     * This method is like `_.partial` except that partially applied arguments
-     * are appended to the arguments it receives.
-     *
-     * The `_.partialRight.placeholder` value, which defaults to `_` in monolithic
-     * builds, may be used as a placeholder for partially applied arguments.
-     *
-     * **Note:** This method doesn't set the "length" property of partially
-     * applied functions.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.0.0
-     * @category Function
-     * @param {Function} func The function to partially apply arguments to.
-     * @param {...*} [partials] The arguments to be partially applied.
-     * @returns {Function} Returns the new partially applied function.
-     * @example
-     *
-     * function greet(greeting, name) {
-     *   return greeting + ' ' + name;
-     * }
-     *
-     * var greetFred = _.partialRight(greet, 'fred');
-     * greetFred('hi');
-     * // => 'hi fred'
-     *
-     * // Partially applied with placeholders.
-     * var sayHelloTo = _.partialRight(greet, 'hello', _);
-     * sayHelloTo('fred');
-     * // => 'hello fred'
-     */
-    var partialRight = baseRest(function (func, partials) {
-      var holders = replaceHolders(partials, getHolder(partialRight));
-      return createWrap(func, WRAP_PARTIAL_RIGHT_FLAG, undefined, partials, holders);
-    });
-
-    /**
-     * Creates a function that invokes `func` with arguments arranged according
-     * to the specified `indexes` where the argument value at the first index is
-     * provided as the first argument, the argument value at the second index is
-     * provided as the second argument, and so on.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Function
-     * @param {Function} func The function to rearrange arguments for.
-     * @param {...(number|number[])} indexes The arranged argument indexes.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var rearged = _.rearg(function(a, b, c) {
-     *   return [a, b, c];
-     * }, [2, 0, 1]);
-     *
-     * rearged('b', 'c', 'a')
-     * // => ['a', 'b', 'c']
-     */
-    var rearg = flatRest(function (func, indexes) {
-      return createWrap(func, WRAP_REARG_FLAG, undefined, undefined, undefined, indexes);
-    });
-
-    /**
-     * Creates a function that invokes `func` with the `this` binding of the
-     * created function and arguments from `start` and beyond provided as
-     * an array.
-     *
-     * **Note:** This method is based on the
-     * [rest parameter](https://mdn.io/rest_parameters).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Function
-     * @param {Function} func The function to apply a rest parameter to.
-     * @param {number} [start=func.length-1] The start position of the rest parameter.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var say = _.rest(function(what, names) {
-     *   return what + ' ' + _.initial(names).join(', ') +
-     *     (_.size(names) > 1 ? ', & ' : '') + _.last(names);
-     * });
-     *
-     * say('hello', 'fred', 'barney', 'pebbles');
-     * // => 'hello fred, barney, & pebbles'
-     */
-    function rest(func, start) {
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      start = start === undefined ? start : toInteger(start);
-      return baseRest(func, start);
-    }
-
-    /**
-     * Creates a function that invokes `func` with the `this` binding of the
-     * create function and an array of arguments much like
-     * [`Function#apply`](http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).
-     *
-     * **Note:** This method is based on the
-     * [spread operator](https://mdn.io/spread_operator).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.2.0
-     * @category Function
-     * @param {Function} func The function to spread arguments over.
-     * @param {number} [start=0] The start position of the spread.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var say = _.spread(function(who, what) {
-     *   return who + ' says ' + what;
-     * });
-     *
-     * say(['fred', 'hello']);
-     * // => 'fred says hello'
-     *
-     * var numbers = Promise.all([
-     *   Promise.resolve(40),
-     *   Promise.resolve(36)
-     * ]);
-     *
-     * numbers.then(_.spread(function(x, y) {
-     *   return x + y;
-     * }));
-     * // => a Promise of 76
-     */
-    function spread(func, start) {
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      start = start == null ? 0 : nativeMax(toInteger(start), 0);
-      return baseRest(function (args) {
-        var array = args[start],
-          otherArgs = castSlice(args, 0, start);
-        if (array) {
-          arrayPush(otherArgs, array);
-        }
-        return apply(func, this, otherArgs);
-      });
-    }
-
-    /**
-     * Creates a throttled function that only invokes `func` at most once per
-     * every `wait` milliseconds. The throttled function comes with a `cancel`
-     * method to cancel delayed `func` invocations and a `flush` method to
-     * immediately invoke them. Provide `options` to indicate whether `func`
-     * should be invoked on the leading and/or trailing edge of the `wait`
-     * timeout. The `func` is invoked with the last arguments provided to the
-     * throttled function. Subsequent calls to the throttled function return the
-     * result of the last `func` invocation.
-     *
-     * **Note:** If `leading` and `trailing` options are `true`, `func` is
-     * invoked on the trailing edge of the timeout only if the throttled function
-     * is invoked more than once during the `wait` timeout.
-     *
-     * If `wait` is `0` and `leading` is `false`, `func` invocation is deferred
-     * until to the next tick, similar to `setTimeout` with a timeout of `0`.
-     *
-     * See [David Corbacho's article](https://css-tricks.com/debouncing-throttling-explained-examples/)
-     * for details over the differences between `_.throttle` and `_.debounce`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {Function} func The function to throttle.
-     * @param {number} [wait=0] The number of milliseconds to throttle invocations to.
-     * @param {Object} [options={}] The options object.
-     * @param {boolean} [options.leading=true]
-     *  Specify invoking on the leading edge of the timeout.
-     * @param {boolean} [options.trailing=true]
-     *  Specify invoking on the trailing edge of the timeout.
-     * @returns {Function} Returns the new throttled function.
-     * @example
-     *
-     * // Avoid excessively updating the position while scrolling.
-     * jQuery(window).on('scroll', _.throttle(updatePosition, 100));
-     *
-     * // Invoke `renewToken` when the click event is fired, but not more than once every 5 minutes.
-     * var throttled = _.throttle(renewToken, 300000, { 'trailing': false });
-     * jQuery(element).on('click', throttled);
-     *
-     * // Cancel the trailing throttled invocation.
-     * jQuery(window).on('popstate', throttled.cancel);
-     */
-    function throttle(func, wait, options) {
-      var leading = true,
-        trailing = true;
-      if (typeof func != 'function') {
-        throw new TypeError(FUNC_ERROR_TEXT);
-      }
-      if (isObject(options)) {
-        leading = 'leading' in options ? !!options.leading : leading;
-        trailing = 'trailing' in options ? !!options.trailing : trailing;
-      }
-      return debounce(func, wait, {
-        'leading': leading,
-        'maxWait': wait,
-        'trailing': trailing
-      });
-    }
-
-    /**
-     * Creates a function that accepts up to one argument, ignoring any
-     * additional arguments.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Function
-     * @param {Function} func The function to cap arguments for.
-     * @returns {Function} Returns the new capped function.
-     * @example
-     *
-     * _.map(['6', '8', '10'], _.unary(parseInt));
-     * // => [6, 8, 10]
-     */
-    function unary(func) {
-      return ary(func, 1);
-    }
-
-    /**
-     * Creates a function that provides `value` to `wrapper` as its first
-     * argument. Any additional arguments provided to the function are appended
-     * to those provided to the `wrapper`. The wrapper is invoked with the `this`
-     * binding of the created function.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Function
-     * @param {*} value The value to wrap.
-     * @param {Function} [wrapper=identity] The wrapper function.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var p = _.wrap(_.escape, function(func, text) {
-     *   return '<p>' + func(text) + '</p>';
-     * });
-     *
-     * p('fred, barney, & pebbles');
-     * // => '<p>fred, barney, &amp; pebbles</p>'
-     */
-    function wrap(value, wrapper) {
-      return partial(castFunction(wrapper), value);
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Casts `value` as an array if it's not one.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.4.0
-     * @category Lang
-     * @param {*} value The value to inspect.
-     * @returns {Array} Returns the cast array.
-     * @example
-     *
-     * _.castArray(1);
-     * // => [1]
-     *
-     * _.castArray({ 'a': 1 });
-     * // => [{ 'a': 1 }]
-     *
-     * _.castArray('abc');
-     * // => ['abc']
-     *
-     * _.castArray(null);
-     * // => [null]
-     *
-     * _.castArray(undefined);
-     * // => [undefined]
-     *
-     * _.castArray();
-     * // => []
-     *
-     * var array = [1, 2, 3];
-     * console.log(_.castArray(array) === array);
-     * // => true
-     */
-    function castArray() {
-      if (!arguments.length) {
-        return [];
-      }
-      var value = arguments[0];
-      return isArray(value) ? value : [value];
-    }
-
-    /**
-     * Creates a shallow clone of `value`.
-     *
-     * **Note:** This method is loosely based on the
-     * [structured clone algorithm](https://mdn.io/Structured_clone_algorithm)
-     * and supports cloning arrays, array buffers, booleans, date objects, maps,
-     * numbers, `Object` objects, regexes, sets, strings, symbols, and typed
-     * arrays. The own enumerable properties of `arguments` objects are cloned
-     * as plain objects. An empty object is returned for uncloneable values such
-     * as error objects, functions, DOM nodes, and WeakMaps.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to clone.
-     * @returns {*} Returns the cloned value.
-     * @see _.cloneDeep
-     * @example
-     *
-     * var objects = [{ 'a': 1 }, { 'b': 2 }];
-     *
-     * var shallow = _.clone(objects);
-     * console.log(shallow[0] === objects[0]);
-     * // => true
-     */
-    function clone(value) {
-      return baseClone(value, CLONE_SYMBOLS_FLAG);
-    }
-
-    /**
-     * This method is like `_.clone` except that it accepts `customizer` which
-     * is invoked to produce the cloned value. If `customizer` returns `undefined`,
-     * cloning is handled by the method instead. The `customizer` is invoked with
-     * up to four arguments; (value [, index|key, object, stack]).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to clone.
-     * @param {Function} [customizer] The function to customize cloning.
-     * @returns {*} Returns the cloned value.
-     * @see _.cloneDeepWith
-     * @example
-     *
-     * function customizer(value) {
-     *   if (_.isElement(value)) {
-     *     return value.cloneNode(false);
-     *   }
-     * }
-     *
-     * var el = _.cloneWith(document.body, customizer);
-     *
-     * console.log(el === document.body);
-     * // => false
-     * console.log(el.nodeName);
-     * // => 'BODY'
-     * console.log(el.childNodes.length);
-     * // => 0
-     */
-    function cloneWith(value, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      return baseClone(value, CLONE_SYMBOLS_FLAG, customizer);
-    }
-
-    /**
-     * This method is like `_.clone` except that it recursively clones `value`.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.0.0
-     * @category Lang
-     * @param {*} value The value to recursively clone.
-     * @returns {*} Returns the deep cloned value.
-     * @see _.clone
-     * @example
-     *
-     * var objects = [{ 'a': 1 }, { 'b': 2 }];
-     *
-     * var deep = _.cloneDeep(objects);
-     * console.log(deep[0] === objects[0]);
-     * // => false
-     */
-    function cloneDeep(value) {
-      return baseClone(value, CLONE_DEEP_FLAG | CLONE_SYMBOLS_FLAG);
-    }
-
-    /**
-     * This method is like `_.cloneWith` except that it recursively clones `value`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to recursively clone.
-     * @param {Function} [customizer] The function to customize cloning.
-     * @returns {*} Returns the deep cloned value.
-     * @see _.cloneWith
-     * @example
-     *
-     * function customizer(value) {
-     *   if (_.isElement(value)) {
-     *     return value.cloneNode(true);
-     *   }
-     * }
-     *
-     * var el = _.cloneDeepWith(document.body, customizer);
-     *
-     * console.log(el === document.body);
-     * // => false
-     * console.log(el.nodeName);
-     * // => 'BODY'
-     * console.log(el.childNodes.length);
-     * // => 20
-     */
-    function cloneDeepWith(value, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      return baseClone(value, CLONE_DEEP_FLAG | CLONE_SYMBOLS_FLAG, customizer);
-    }
-
-    /**
-     * Checks if `object` conforms to `source` by invoking the predicate
-     * properties of `source` with the corresponding property values of `object`.
-     *
-     * **Note:** This method is equivalent to `_.conforms` when `source` is
-     * partially applied.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.14.0
-     * @category Lang
-     * @param {Object} object The object to inspect.
-     * @param {Object} source The object of property predicates to conform to.
-     * @returns {boolean} Returns `true` if `object` conforms, else `false`.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': 2 };
-     *
-     * _.conformsTo(object, { 'b': function(n) { return n > 1; } });
-     * // => true
-     *
-     * _.conformsTo(object, { 'b': function(n) { return n > 2; } });
-     * // => false
-     */
-    function conformsTo(object, source) {
-      return source == null || baseConformsTo(object, source, keys(source));
-    }
-
-    /**
-     * Performs a
-     * [`SameValueZero`](http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
-     * comparison between two values to determine if they are equivalent.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
-     * @example
-     *
-     * var object = { 'a': 1 };
-     * var other = { 'a': 1 };
-     *
-     * _.eq(object, object);
-     * // => true
-     *
-     * _.eq(object, other);
-     * // => false
-     *
-     * _.eq('a', 'a');
-     * // => true
-     *
-     * _.eq('a', Object('a'));
-     * // => false
-     *
-     * _.eq(NaN, NaN);
-     * // => true
-     */
-    function eq(value, other) {
-      return value === other || value !== value && other !== other;
-    }
-
-    /**
-     * Checks if `value` is greater than `other`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.9.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is greater than `other`,
-     *  else `false`.
-     * @see _.lt
-     * @example
-     *
-     * _.gt(3, 1);
-     * // => true
-     *
-     * _.gt(3, 3);
-     * // => false
-     *
-     * _.gt(1, 3);
-     * // => false
-     */
-    var gt = createRelationalOperation(baseGt);
-
-    /**
-     * Checks if `value` is greater than or equal to `other`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.9.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is greater than or equal to
-     *  `other`, else `false`.
-     * @see _.lte
-     * @example
-     *
-     * _.gte(3, 1);
-     * // => true
-     *
-     * _.gte(3, 3);
-     * // => true
-     *
-     * _.gte(1, 3);
-     * // => false
-     */
-    var gte = createRelationalOperation(function (value, other) {
-      return value >= other;
-    });
-
-    /**
-     * Checks if `value` is likely an `arguments` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an `arguments` object,
-     *  else `false`.
-     * @example
-     *
-     * _.isArguments(function() { return arguments; }());
-     * // => true
-     *
-     * _.isArguments([1, 2, 3]);
-     * // => false
-     */
-    var isArguments = baseIsArguments(function () {
-      return arguments;
-    }()) ? baseIsArguments : function (value) {
-      return isObjectLike(value) && hasOwnProperty.call(value, 'callee') && !propertyIsEnumerable.call(value, 'callee');
-    };
-
-    /**
-     * Checks if `value` is classified as an `Array` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an array, else `false`.
-     * @example
-     *
-     * _.isArray([1, 2, 3]);
-     * // => true
-     *
-     * _.isArray(document.body.children);
-     * // => false
-     *
-     * _.isArray('abc');
-     * // => false
-     *
-     * _.isArray(_.noop);
-     * // => false
-     */
-    var isArray = Array.isArray;
-
-    /**
-     * Checks if `value` is classified as an `ArrayBuffer` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an array buffer, else `false`.
-     * @example
-     *
-     * _.isArrayBuffer(new ArrayBuffer(2));
-     * // => true
-     *
-     * _.isArrayBuffer(new Array(2));
-     * // => false
-     */
-    var isArrayBuffer = nodeIsArrayBuffer ? baseUnary(nodeIsArrayBuffer) : baseIsArrayBuffer;
-
-    /**
-     * Checks if `value` is array-like. A value is considered array-like if it's
-     * not a function and has a `value.length` that's an integer greater than or
-     * equal to `0` and less than or equal to `Number.MAX_SAFE_INTEGER`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is array-like, else `false`.
-     * @example
-     *
-     * _.isArrayLike([1, 2, 3]);
-     * // => true
-     *
-     * _.isArrayLike(document.body.children);
-     * // => true
-     *
-     * _.isArrayLike('abc');
-     * // => true
-     *
-     * _.isArrayLike(_.noop);
-     * // => false
-     */
-    function isArrayLike(value) {
-      return value != null && isLength(value.length) && !isFunction(value);
-    }
-
-    /**
-     * This method is like `_.isArrayLike` except that it also checks if `value`
-     * is an object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an array-like object,
-     *  else `false`.
-     * @example
-     *
-     * _.isArrayLikeObject([1, 2, 3]);
-     * // => true
-     *
-     * _.isArrayLikeObject(document.body.children);
-     * // => true
-     *
-     * _.isArrayLikeObject('abc');
-     * // => false
-     *
-     * _.isArrayLikeObject(_.noop);
-     * // => false
-     */
-    function isArrayLikeObject(value) {
-      return isObjectLike(value) && isArrayLike(value);
-    }
-
-    /**
-     * Checks if `value` is classified as a boolean primitive or object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a boolean, else `false`.
-     * @example
-     *
-     * _.isBoolean(false);
-     * // => true
-     *
-     * _.isBoolean(null);
-     * // => false
-     */
-    function isBoolean(value) {
-      return value === true || value === false || isObjectLike(value) && baseGetTag(value) == boolTag;
-    }
-
-    /**
-     * Checks if `value` is a buffer.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a buffer, else `false`.
-     * @example
-     *
-     * _.isBuffer(new Buffer(2));
-     * // => true
-     *
-     * _.isBuffer(new Uint8Array(2));
-     * // => false
-     */
-    var isBuffer = nativeIsBuffer || stubFalse;
-
-    /**
-     * Checks if `value` is classified as a `Date` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a date object, else `false`.
-     * @example
-     *
-     * _.isDate(new Date);
-     * // => true
-     *
-     * _.isDate('Mon April 23 2012');
-     * // => false
-     */
-    var isDate = nodeIsDate ? baseUnary(nodeIsDate) : baseIsDate;
-
-    /**
-     * Checks if `value` is likely a DOM element.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a DOM element, else `false`.
-     * @example
-     *
-     * _.isElement(document.body);
-     * // => true
-     *
-     * _.isElement('<body>');
-     * // => false
-     */
-    function isElement(value) {
-      return isObjectLike(value) && value.nodeType === 1 && !isPlainObject(value);
-    }
-
-    /**
-     * Checks if `value` is an empty object, collection, map, or set.
-     *
-     * Objects are considered empty if they have no own enumerable string keyed
-     * properties.
-     *
-     * Array-like values such as `arguments` objects, arrays, buffers, strings, or
-     * jQuery-like collections are considered empty if they have a `length` of `0`.
-     * Similarly, maps and sets are considered empty if they have a `size` of `0`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is empty, else `false`.
-     * @example
-     *
-     * _.isEmpty(null);
-     * // => true
-     *
-     * _.isEmpty(true);
-     * // => true
-     *
-     * _.isEmpty(1);
-     * // => true
-     *
-     * _.isEmpty([1, 2, 3]);
-     * // => false
-     *
-     * _.isEmpty({ 'a': 1 });
-     * // => false
-     */
-    function isEmpty(value) {
-      if (value == null) {
-        return true;
-      }
-      if (isArrayLike(value) && (isArray(value) || typeof value == 'string' || typeof value.splice == 'function' || isBuffer(value) || isTypedArray(value) || isArguments(value))) {
-        return !value.length;
-      }
-      var tag = getTag(value);
-      if (tag == mapTag || tag == setTag) {
-        return !value.size;
-      }
-      if (isPrototype(value)) {
-        return !baseKeys(value).length;
-      }
-      for (var key in value) {
-        if (hasOwnProperty.call(value, key)) {
-          return false;
-        }
-      }
-      return true;
-    }
-
-    /**
-     * Performs a deep comparison between two values to determine if they are
-     * equivalent.
-     *
-     * **Note:** This method supports comparing arrays, array buffers, booleans,
-     * date objects, error objects, maps, numbers, `Object` objects, regexes,
-     * sets, strings, symbols, and typed arrays. `Object` objects are compared
-     * by their own, not inherited, enumerable properties. Functions and DOM
-     * nodes are compared by strict equality, i.e. `===`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
-     * @example
-     *
-     * var object = { 'a': 1 };
-     * var other = { 'a': 1 };
-     *
-     * _.isEqual(object, other);
-     * // => true
-     *
-     * object === other;
-     * // => false
-     */
-    function isEqual(value, other) {
-      return baseIsEqual(value, other);
-    }
-
-    /**
-     * This method is like `_.isEqual` except that it accepts `customizer` which
-     * is invoked to compare values. If `customizer` returns `undefined`, comparisons
-     * are handled by the method instead. The `customizer` is invoked with up to
-     * six arguments: (objValue, othValue [, index|key, object, other, stack]).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @param {Function} [customizer] The function to customize comparisons.
-     * @returns {boolean} Returns `true` if the values are equivalent, else `false`.
-     * @example
-     *
-     * function isGreeting(value) {
-     *   return /^h(?:i|ello)$/.test(value);
-     * }
-     *
-     * function customizer(objValue, othValue) {
-     *   if (isGreeting(objValue) && isGreeting(othValue)) {
-     *     return true;
-     *   }
-     * }
-     *
-     * var array = ['hello', 'goodbye'];
-     * var other = ['hi', 'goodbye'];
-     *
-     * _.isEqualWith(array, other, customizer);
-     * // => true
-     */
-    function isEqualWith(value, other, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      var result = customizer ? customizer(value, other) : undefined;
-      return result === undefined ? baseIsEqual(value, other, undefined, customizer) : !!result;
-    }
-
-    /**
-     * Checks if `value` is an `Error`, `EvalError`, `RangeError`, `ReferenceError`,
-     * `SyntaxError`, `TypeError`, or `URIError` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an error object, else `false`.
-     * @example
-     *
-     * _.isError(new Error);
-     * // => true
-     *
-     * _.isError(Error);
-     * // => false
-     */
-    function isError(value) {
-      if (!isObjectLike(value)) {
-        return false;
-      }
-      var tag = baseGetTag(value);
-      return tag == errorTag || tag == domExcTag || typeof value.message == 'string' && typeof value.name == 'string' && !isPlainObject(value);
-    }
-
-    /**
-     * Checks if `value` is a finite primitive number.
-     *
-     * **Note:** This method is based on
-     * [`Number.isFinite`](https://mdn.io/Number/isFinite).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a finite number, else `false`.
-     * @example
-     *
-     * _.isFinite(3);
-     * // => true
-     *
-     * _.isFinite(Number.MIN_VALUE);
-     * // => true
-     *
-     * _.isFinite(Infinity);
-     * // => false
-     *
-     * _.isFinite('3');
-     * // => false
-     */
-    function isFinite(value) {
-      return typeof value == 'number' && nativeIsFinite(value);
-    }
-
-    /**
-     * Checks if `value` is classified as a `Function` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a function, else `false`.
-     * @example
-     *
-     * _.isFunction(_);
-     * // => true
-     *
-     * _.isFunction(/abc/);
-     * // => false
-     */
-    function isFunction(value) {
-      if (!isObject(value)) {
-        return false;
-      }
-      // The use of `Object#toString` avoids issues with the `typeof` operator
-      // in Safari 9 which returns 'object' for typed arrays and other constructors.
-      var tag = baseGetTag(value);
-      return tag == funcTag || tag == genTag || tag == asyncTag || tag == proxyTag;
-    }
-
-    /**
-     * Checks if `value` is an integer.
-     *
-     * **Note:** This method is based on
-     * [`Number.isInteger`](https://mdn.io/Number/isInteger).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an integer, else `false`.
-     * @example
-     *
-     * _.isInteger(3);
-     * // => true
-     *
-     * _.isInteger(Number.MIN_VALUE);
-     * // => false
-     *
-     * _.isInteger(Infinity);
-     * // => false
-     *
-     * _.isInteger('3');
-     * // => false
-     */
-    function isInteger(value) {
-      return typeof value == 'number' && value == toInteger(value);
-    }
-
-    /**
-     * Checks if `value` is a valid array-like length.
-     *
-     * **Note:** This method is loosely based on
-     * [`ToLength`](http://ecma-international.org/ecma-262/7.0/#sec-tolength).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a valid length, else `false`.
-     * @example
-     *
-     * _.isLength(3);
-     * // => true
-     *
-     * _.isLength(Number.MIN_VALUE);
-     * // => false
-     *
-     * _.isLength(Infinity);
-     * // => false
-     *
-     * _.isLength('3');
-     * // => false
-     */
-    function isLength(value) {
-      return typeof value == 'number' && value > -1 && value % 1 == 0 && value <= MAX_SAFE_INTEGER;
-    }
-
-    /**
-     * Checks if `value` is the
-     * [language type](http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
-     * of `Object`. (e.g. arrays, functions, objects, regexes, `new Number(0)`, and `new String('')`)
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is an object, else `false`.
-     * @example
-     *
-     * _.isObject({});
-     * // => true
-     *
-     * _.isObject([1, 2, 3]);
-     * // => true
-     *
-     * _.isObject(_.noop);
-     * // => true
-     *
-     * _.isObject(null);
-     * // => false
-     */
-    function isObject(value) {
-      var type = typeof value;
-      return value != null && (type == 'object' || type == 'function');
-    }
-
-    /**
-     * Checks if `value` is object-like. A value is object-like if it's not `null`
-     * and has a `typeof` result of "object".
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is object-like, else `false`.
-     * @example
-     *
-     * _.isObjectLike({});
-     * // => true
-     *
-     * _.isObjectLike([1, 2, 3]);
-     * // => true
-     *
-     * _.isObjectLike(_.noop);
-     * // => false
-     *
-     * _.isObjectLike(null);
-     * // => false
-     */
-    function isObjectLike(value) {
-      return value != null && typeof value == 'object';
-    }
-
-    /**
-     * Checks if `value` is classified as a `Map` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a map, else `false`.
-     * @example
-     *
-     * _.isMap(new Map);
-     * // => true
-     *
-     * _.isMap(new WeakMap);
-     * // => false
-     */
-    var isMap = nodeIsMap ? baseUnary(nodeIsMap) : baseIsMap;
-
-    /**
-     * Performs a partial deep comparison between `object` and `source` to
-     * determine if `object` contains equivalent property values.
-     *
-     * **Note:** This method is equivalent to `_.matches` when `source` is
-     * partially applied.
-     *
-     * Partial comparisons will match empty array and empty object `source`
-     * values against any array or object value, respectively. See `_.isEqual`
-     * for a list of supported value comparisons.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Lang
-     * @param {Object} object The object to inspect.
-     * @param {Object} source The object of property values to match.
-     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': 2 };
-     *
-     * _.isMatch(object, { 'b': 2 });
-     * // => true
-     *
-     * _.isMatch(object, { 'b': 1 });
-     * // => false
-     */
-    function isMatch(object, source) {
-      return object === source || baseIsMatch(object, source, getMatchData(source));
-    }
-
-    /**
-     * This method is like `_.isMatch` except that it accepts `customizer` which
-     * is invoked to compare values. If `customizer` returns `undefined`, comparisons
-     * are handled by the method instead. The `customizer` is invoked with five
-     * arguments: (objValue, srcValue, index|key, object, source).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {Object} object The object to inspect.
-     * @param {Object} source The object of property values to match.
-     * @param {Function} [customizer] The function to customize comparisons.
-     * @returns {boolean} Returns `true` if `object` is a match, else `false`.
-     * @example
-     *
-     * function isGreeting(value) {
-     *   return /^h(?:i|ello)$/.test(value);
-     * }
-     *
-     * function customizer(objValue, srcValue) {
-     *   if (isGreeting(objValue) && isGreeting(srcValue)) {
-     *     return true;
-     *   }
-     * }
-     *
-     * var object = { 'greeting': 'hello' };
-     * var source = { 'greeting': 'hi' };
-     *
-     * _.isMatchWith(object, source, customizer);
-     * // => true
-     */
-    function isMatchWith(object, source, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      return baseIsMatch(object, source, getMatchData(source), customizer);
-    }
-
-    /**
-     * Checks if `value` is `NaN`.
-     *
-     * **Note:** This method is based on
-     * [`Number.isNaN`](https://mdn.io/Number/isNaN) and is not the same as
-     * global [`isNaN`](https://mdn.io/isNaN) which returns `true` for
-     * `undefined` and other non-number values.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is `NaN`, else `false`.
-     * @example
-     *
-     * _.isNaN(NaN);
-     * // => true
-     *
-     * _.isNaN(new Number(NaN));
-     * // => true
-     *
-     * isNaN(undefined);
-     * // => true
-     *
-     * _.isNaN(undefined);
-     * // => false
-     */
-    function isNaN(value) {
-      // An `NaN` primitive is the only value that is not equal to itself.
-      // Perform the `toStringTag` check first to avoid errors with some
-      // ActiveX objects in IE.
-      return isNumber(value) && value != +value;
-    }
-
-    /**
-     * Checks if `value` is a pristine native function.
-     *
-     * **Note:** This method can't reliably detect native functions in the presence
-     * of the core-js package because core-js circumvents this kind of detection.
-     * Despite multiple requests, the core-js maintainer has made it clear: any
-     * attempt to fix the detection will be obstructed. As a result, we're left
-     * with little choice but to throw an error. Unfortunately, this also affects
-     * packages, like [babel-polyfill](https://www.npmjs.com/package/babel-polyfill),
-     * which rely on core-js.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a native function,
-     *  else `false`.
-     * @example
-     *
-     * _.isNative(Array.prototype.push);
-     * // => true
-     *
-     * _.isNative(_);
-     * // => false
-     */
-    function isNative(value) {
-      if (isMaskable(value)) {
-        throw new Error(CORE_ERROR_TEXT);
-      }
-      return baseIsNative(value);
-    }
-
-    /**
-     * Checks if `value` is `null`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is `null`, else `false`.
-     * @example
-     *
-     * _.isNull(null);
-     * // => true
-     *
-     * _.isNull(void 0);
-     * // => false
-     */
-    function isNull(value) {
-      return value === null;
-    }
-
-    /**
-     * Checks if `value` is `null` or `undefined`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is nullish, else `false`.
-     * @example
-     *
-     * _.isNil(null);
-     * // => true
-     *
-     * _.isNil(void 0);
-     * // => true
-     *
-     * _.isNil(NaN);
-     * // => false
-     */
-    function isNil(value) {
-      return value == null;
-    }
-
-    /**
-     * Checks if `value` is classified as a `Number` primitive or object.
-     *
-     * **Note:** To exclude `Infinity`, `-Infinity`, and `NaN`, which are
-     * classified as numbers, use the `_.isFinite` method.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a number, else `false`.
-     * @example
-     *
-     * _.isNumber(3);
-     * // => true
-     *
-     * _.isNumber(Number.MIN_VALUE);
-     * // => true
-     *
-     * _.isNumber(Infinity);
-     * // => true
-     *
-     * _.isNumber('3');
-     * // => false
-     */
-    function isNumber(value) {
-      return typeof value == 'number' || isObjectLike(value) && baseGetTag(value) == numberTag;
-    }
-
-    /**
-     * Checks if `value` is a plain object, that is, an object created by the
-     * `Object` constructor or one with a `[[Prototype]]` of `null`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.8.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a plain object, else `false`.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     * }
-     *
-     * _.isPlainObject(new Foo);
-     * // => false
-     *
-     * _.isPlainObject([1, 2, 3]);
-     * // => false
-     *
-     * _.isPlainObject({ 'x': 0, 'y': 0 });
-     * // => true
-     *
-     * _.isPlainObject(Object.create(null));
-     * // => true
-     */
-    function isPlainObject(value) {
-      if (!isObjectLike(value) || baseGetTag(value) != objectTag) {
-        return false;
-      }
-      var proto = getPrototype(value);
-      if (proto === null) {
-        return true;
-      }
-      var Ctor = hasOwnProperty.call(proto, 'constructor') && proto.constructor;
-      return typeof Ctor == 'function' && Ctor instanceof Ctor && funcToString.call(Ctor) == objectCtorString;
-    }
-
-    /**
-     * Checks if `value` is classified as a `RegExp` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.1.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a regexp, else `false`.
-     * @example
-     *
-     * _.isRegExp(/abc/);
-     * // => true
-     *
-     * _.isRegExp('/abc/');
-     * // => false
-     */
-    var isRegExp = nodeIsRegExp ? baseUnary(nodeIsRegExp) : baseIsRegExp;
-
-    /**
-     * Checks if `value` is a safe integer. An integer is safe if it's an IEEE-754
-     * double precision number which isn't the result of a rounded unsafe integer.
-     *
-     * **Note:** This method is based on
-     * [`Number.isSafeInteger`](https://mdn.io/Number/isSafeInteger).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a safe integer, else `false`.
-     * @example
-     *
-     * _.isSafeInteger(3);
-     * // => true
-     *
-     * _.isSafeInteger(Number.MIN_VALUE);
-     * // => false
-     *
-     * _.isSafeInteger(Infinity);
-     * // => false
-     *
-     * _.isSafeInteger('3');
-     * // => false
-     */
-    function isSafeInteger(value) {
-      return isInteger(value) && value >= -MAX_SAFE_INTEGER && value <= MAX_SAFE_INTEGER;
-    }
-
-    /**
-     * Checks if `value` is classified as a `Set` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a set, else `false`.
-     * @example
-     *
-     * _.isSet(new Set);
-     * // => true
-     *
-     * _.isSet(new WeakSet);
-     * // => false
-     */
-    var isSet = nodeIsSet ? baseUnary(nodeIsSet) : baseIsSet;
-
-    /**
-     * Checks if `value` is classified as a `String` primitive or object.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a string, else `false`.
-     * @example
-     *
-     * _.isString('abc');
-     * // => true
-     *
-     * _.isString(1);
-     * // => false
-     */
-    function isString(value) {
-      return typeof value == 'string' || !isArray(value) && isObjectLike(value) && baseGetTag(value) == stringTag;
-    }
-
-    /**
-     * Checks if `value` is classified as a `Symbol` primitive or object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a symbol, else `false`.
-     * @example
-     *
-     * _.isSymbol(Symbol.iterator);
-     * // => true
-     *
-     * _.isSymbol('abc');
-     * // => false
-     */
-    function isSymbol(value) {
-      return typeof value == 'symbol' || isObjectLike(value) && baseGetTag(value) == symbolTag;
-    }
-
-    /**
-     * Checks if `value` is classified as a typed array.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a typed array, else `false`.
-     * @example
-     *
-     * _.isTypedArray(new Uint8Array);
-     * // => true
-     *
-     * _.isTypedArray([]);
-     * // => false
-     */
-    var isTypedArray = nodeIsTypedArray ? baseUnary(nodeIsTypedArray) : baseIsTypedArray;
-
-    /**
-     * Checks if `value` is `undefined`.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is `undefined`, else `false`.
-     * @example
-     *
-     * _.isUndefined(void 0);
-     * // => true
-     *
-     * _.isUndefined(null);
-     * // => false
-     */
-    function isUndefined(value) {
-      return value === undefined;
-    }
-
-    /**
-     * Checks if `value` is classified as a `WeakMap` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a weak map, else `false`.
-     * @example
-     *
-     * _.isWeakMap(new WeakMap);
-     * // => true
-     *
-     * _.isWeakMap(new Map);
-     * // => false
-     */
-    function isWeakMap(value) {
-      return isObjectLike(value) && getTag(value) == weakMapTag;
-    }
-
-    /**
-     * Checks if `value` is classified as a `WeakSet` object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.3.0
-     * @category Lang
-     * @param {*} value The value to check.
-     * @returns {boolean} Returns `true` if `value` is a weak set, else `false`.
-     * @example
-     *
-     * _.isWeakSet(new WeakSet);
-     * // => true
-     *
-     * _.isWeakSet(new Set);
-     * // => false
-     */
-    function isWeakSet(value) {
-      return isObjectLike(value) && baseGetTag(value) == weakSetTag;
-    }
-
-    /**
-     * Checks if `value` is less than `other`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.9.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is less than `other`,
-     *  else `false`.
-     * @see _.gt
-     * @example
-     *
-     * _.lt(1, 3);
-     * // => true
-     *
-     * _.lt(3, 3);
-     * // => false
-     *
-     * _.lt(3, 1);
-     * // => false
-     */
-    var lt = createRelationalOperation(baseLt);
-
-    /**
-     * Checks if `value` is less than or equal to `other`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.9.0
-     * @category Lang
-     * @param {*} value The value to compare.
-     * @param {*} other The other value to compare.
-     * @returns {boolean} Returns `true` if `value` is less than or equal to
-     *  `other`, else `false`.
-     * @see _.gte
-     * @example
-     *
-     * _.lte(1, 3);
-     * // => true
-     *
-     * _.lte(3, 3);
-     * // => true
-     *
-     * _.lte(3, 1);
-     * // => false
-     */
-    var lte = createRelationalOperation(function (value, other) {
-      return value <= other;
-    });
-
-    /**
-     * Converts `value` to an array.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {Array} Returns the converted array.
-     * @example
-     *
-     * _.toArray({ 'a': 1, 'b': 2 });
-     * // => [1, 2]
-     *
-     * _.toArray('abc');
-     * // => ['a', 'b', 'c']
-     *
-     * _.toArray(1);
-     * // => []
-     *
-     * _.toArray(null);
-     * // => []
-     */
-    function toArray(value) {
-      if (!value) {
-        return [];
-      }
-      if (isArrayLike(value)) {
-        return isString(value) ? stringToArray(value) : copyArray(value);
-      }
-      if (symIterator && value[symIterator]) {
-        return iteratorToArray(value[symIterator]());
-      }
-      var tag = getTag(value),
-        func = tag == mapTag ? mapToArray : tag == setTag ? setToArray : values;
-      return func(value);
-    }
-
-    /**
-     * Converts `value` to a finite number.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.12.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {number} Returns the converted number.
-     * @example
-     *
-     * _.toFinite(3.2);
-     * // => 3.2
-     *
-     * _.toFinite(Number.MIN_VALUE);
-     * // => 5e-324
-     *
-     * _.toFinite(Infinity);
-     * // => 1.7976931348623157e+308
-     *
-     * _.toFinite('3.2');
-     * // => 3.2
-     */
-    function toFinite(value) {
-      if (!value) {
-        return value === 0 ? value : 0;
-      }
-      value = toNumber(value);
-      if (value === INFINITY || value === -INFINITY) {
-        var sign = value < 0 ? -1 : 1;
-        return sign * MAX_INTEGER;
-      }
-      return value === value ? value : 0;
-    }
-
-    /**
-     * Converts `value` to an integer.
-     *
-     * **Note:** This method is loosely based on
-     * [`ToInteger`](http://www.ecma-international.org/ecma-262/7.0/#sec-tointeger).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {number} Returns the converted integer.
-     * @example
-     *
-     * _.toInteger(3.2);
-     * // => 3
-     *
-     * _.toInteger(Number.MIN_VALUE);
-     * // => 0
-     *
-     * _.toInteger(Infinity);
-     * // => 1.7976931348623157e+308
-     *
-     * _.toInteger('3.2');
-     * // => 3
-     */
-    function toInteger(value) {
-      var result = toFinite(value),
-        remainder = result % 1;
-      return result === result ? remainder ? result - remainder : result : 0;
-    }
-
-    /**
-     * Converts `value` to an integer suitable for use as the length of an
-     * array-like object.
-     *
-     * **Note:** This method is based on
-     * [`ToLength`](http://ecma-international.org/ecma-262/7.0/#sec-tolength).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {number} Returns the converted integer.
-     * @example
-     *
-     * _.toLength(3.2);
-     * // => 3
-     *
-     * _.toLength(Number.MIN_VALUE);
-     * // => 0
-     *
-     * _.toLength(Infinity);
-     * // => 4294967295
-     *
-     * _.toLength('3.2');
-     * // => 3
-     */
-    function toLength(value) {
-      return value ? baseClamp(toInteger(value), 0, MAX_ARRAY_LENGTH) : 0;
-    }
-
-    /**
-     * Converts `value` to a number.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to process.
-     * @returns {number} Returns the number.
-     * @example
-     *
-     * _.toNumber(3.2);
-     * // => 3.2
-     *
-     * _.toNumber(Number.MIN_VALUE);
-     * // => 5e-324
-     *
-     * _.toNumber(Infinity);
-     * // => Infinity
-     *
-     * _.toNumber('3.2');
-     * // => 3.2
-     */
-    function toNumber(value) {
-      if (typeof value == 'number') {
-        return value;
-      }
-      if (isSymbol(value)) {
-        return NAN;
-      }
-      if (isObject(value)) {
-        var other = typeof value.valueOf == 'function' ? value.valueOf() : value;
-        value = isObject(other) ? other + '' : other;
-      }
-      if (typeof value != 'string') {
-        return value === 0 ? value : +value;
-      }
-      value = baseTrim(value);
-      var isBinary = reIsBinary.test(value);
-      return isBinary || reIsOctal.test(value) ? freeParseInt(value.slice(2), isBinary ? 2 : 8) : reIsBadHex.test(value) ? NAN : +value;
-    }
-
-    /**
-     * Converts `value` to a plain object flattening inherited enumerable string
-     * keyed properties of `value` to own properties of the plain object.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {Object} Returns the converted plain object.
-     * @example
-     *
-     * function Foo() {
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.assign({ 'a': 1 }, new Foo);
-     * // => { 'a': 1, 'b': 2 }
-     *
-     * _.assign({ 'a': 1 }, _.toPlainObject(new Foo));
-     * // => { 'a': 1, 'b': 2, 'c': 3 }
-     */
-    function toPlainObject(value) {
-      return copyObject(value, keysIn(value));
-    }
-
-    /**
-     * Converts `value` to a safe integer. A safe integer can be compared and
-     * represented correctly.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {number} Returns the converted integer.
-     * @example
-     *
-     * _.toSafeInteger(3.2);
-     * // => 3
-     *
-     * _.toSafeInteger(Number.MIN_VALUE);
-     * // => 0
-     *
-     * _.toSafeInteger(Infinity);
-     * // => 9007199254740991
-     *
-     * _.toSafeInteger('3.2');
-     * // => 3
-     */
-    function toSafeInteger(value) {
-      return value ? baseClamp(toInteger(value), -MAX_SAFE_INTEGER, MAX_SAFE_INTEGER) : value === 0 ? value : 0;
-    }
-
-    /**
-     * Converts `value` to a string. An empty string is returned for `null`
-     * and `undefined` values. The sign of `-0` is preserved.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Lang
-     * @param {*} value The value to convert.
-     * @returns {string} Returns the converted string.
-     * @example
-     *
-     * _.toString(null);
-     * // => ''
-     *
-     * _.toString(-0);
-     * // => '-0'
-     *
-     * _.toString([1, 2, 3]);
-     * // => '1,2,3'
-     */
-    function toString(value) {
-      return value == null ? '' : baseToString(value);
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Assigns own enumerable string keyed properties of source objects to the
-     * destination object. Source objects are applied from left to right.
-     * Subsequent sources overwrite property assignments of previous sources.
-     *
-     * **Note:** This method mutates `object` and is loosely based on
-     * [`Object.assign`](https://mdn.io/Object/assign).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.10.0
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} [sources] The source objects.
-     * @returns {Object} Returns `object`.
-     * @see _.assignIn
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     * }
-     *
-     * function Bar() {
-     *   this.c = 3;
-     * }
-     *
-     * Foo.prototype.b = 2;
-     * Bar.prototype.d = 4;
-     *
-     * _.assign({ 'a': 0 }, new Foo, new Bar);
-     * // => { 'a': 1, 'c': 3 }
-     */
-    var assign = createAssigner(function (object, source) {
-      if (isPrototype(source) || isArrayLike(source)) {
-        copyObject(source, keys(source), object);
-        return;
-      }
-      for (var key in source) {
-        if (hasOwnProperty.call(source, key)) {
-          assignValue(object, key, source[key]);
-        }
-      }
-    });
-
-    /**
-     * This method is like `_.assign` except that it iterates over own and
-     * inherited source properties.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @alias extend
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} [sources] The source objects.
-     * @returns {Object} Returns `object`.
-     * @see _.assign
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     * }
-     *
-     * function Bar() {
-     *   this.c = 3;
-     * }
-     *
-     * Foo.prototype.b = 2;
-     * Bar.prototype.d = 4;
-     *
-     * _.assignIn({ 'a': 0 }, new Foo, new Bar);
-     * // => { 'a': 1, 'b': 2, 'c': 3, 'd': 4 }
-     */
-    var assignIn = createAssigner(function (object, source) {
-      copyObject(source, keysIn(source), object);
-    });
-
-    /**
-     * This method is like `_.assignIn` except that it accepts `customizer`
-     * which is invoked to produce the assigned values. If `customizer` returns
-     * `undefined`, assignment is handled by the method instead. The `customizer`
-     * is invoked with five arguments: (objValue, srcValue, key, object, source).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @alias extendWith
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} sources The source objects.
-     * @param {Function} [customizer] The function to customize assigned values.
-     * @returns {Object} Returns `object`.
-     * @see _.assignWith
-     * @example
-     *
-     * function customizer(objValue, srcValue) {
-     *   return _.isUndefined(objValue) ? srcValue : objValue;
-     * }
-     *
-     * var defaults = _.partialRight(_.assignInWith, customizer);
-     *
-     * defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
-     * // => { 'a': 1, 'b': 2 }
-     */
-    var assignInWith = createAssigner(function (object, source, srcIndex, customizer) {
-      copyObject(source, keysIn(source), object, customizer);
-    });
-
-    /**
-     * This method is like `_.assign` except that it accepts `customizer`
-     * which is invoked to produce the assigned values. If `customizer` returns
-     * `undefined`, assignment is handled by the method instead. The `customizer`
-     * is invoked with five arguments: (objValue, srcValue, key, object, source).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} sources The source objects.
-     * @param {Function} [customizer] The function to customize assigned values.
-     * @returns {Object} Returns `object`.
-     * @see _.assignInWith
-     * @example
-     *
-     * function customizer(objValue, srcValue) {
-     *   return _.isUndefined(objValue) ? srcValue : objValue;
-     * }
-     *
-     * var defaults = _.partialRight(_.assignWith, customizer);
-     *
-     * defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
-     * // => { 'a': 1, 'b': 2 }
-     */
-    var assignWith = createAssigner(function (object, source, srcIndex, customizer) {
-      copyObject(source, keys(source), object, customizer);
-    });
-
-    /**
-     * Creates an array of values corresponding to `paths` of `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.0.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {...(string|string[])} [paths] The property paths to pick.
-     * @returns {Array} Returns the picked values.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 3 } }, 4] };
-     *
-     * _.at(object, ['a[0].b.c', 'a[1]']);
-     * // => [3, 4]
-     */
-    var at = flatRest(baseAt);
-
-    /**
-     * Creates an object that inherits from the `prototype` object. If a
-     * `properties` object is given, its own enumerable string keyed properties
-     * are assigned to the created object.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.3.0
-     * @category Object
-     * @param {Object} prototype The object to inherit from.
-     * @param {Object} [properties] The properties to assign to the object.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * function Shape() {
-     *   this.x = 0;
-     *   this.y = 0;
-     * }
-     *
-     * function Circle() {
-     *   Shape.call(this);
-     * }
-     *
-     * Circle.prototype = _.create(Shape.prototype, {
-     *   'constructor': Circle
-     * });
-     *
-     * var circle = new Circle;
-     * circle instanceof Circle;
-     * // => true
-     *
-     * circle instanceof Shape;
-     * // => true
-     */
-    function create(prototype, properties) {
-      var result = baseCreate(prototype);
-      return properties == null ? result : baseAssign(result, properties);
-    }
-
-    /**
-     * Assigns own and inherited enumerable string keyed properties of source
-     * objects to the destination object for all destination properties that
-     * resolve to `undefined`. Source objects are applied from left to right.
-     * Once a property is set, additional values of the same property are ignored.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} [sources] The source objects.
-     * @returns {Object} Returns `object`.
-     * @see _.defaultsDeep
-     * @example
-     *
-     * _.defaults({ 'a': 1 }, { 'b': 2 }, { 'a': 3 });
-     * // => { 'a': 1, 'b': 2 }
-     */
-    var defaults = baseRest(function (object, sources) {
-      object = Object(object);
-      var index = -1;
-      var length = sources.length;
-      var guard = length > 2 ? sources[2] : undefined;
-      if (guard && isIterateeCall(sources[0], sources[1], guard)) {
-        length = 1;
-      }
-      while (++index < length) {
-        var source = sources[index];
-        var props = keysIn(source);
-        var propsIndex = -1;
-        var propsLength = props.length;
-        while (++propsIndex < propsLength) {
-          var key = props[propsIndex];
-          var value = object[key];
-          if (value === undefined || eq(value, objectProto[key]) && !hasOwnProperty.call(object, key)) {
-            object[key] = source[key];
-          }
-        }
-      }
-      return object;
-    });
-
-    /**
-     * This method is like `_.defaults` except that it recursively assigns
-     * default properties.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.10.0
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} [sources] The source objects.
-     * @returns {Object} Returns `object`.
-     * @see _.defaults
-     * @example
-     *
-     * _.defaultsDeep({ 'a': { 'b': 2 } }, { 'a': { 'b': 1, 'c': 3 } });
-     * // => { 'a': { 'b': 2, 'c': 3 } }
-     */
-    var defaultsDeep = baseRest(function (args) {
-      args.push(undefined, customDefaultsMerge);
-      return apply(mergeWith, undefined, args);
-    });
-
-    /**
-     * This method is like `_.find` except that it returns the key of the first
-     * element `predicate` returns truthy for instead of the element itself.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.1.0
-     * @category Object
-     * @param {Object} object The object to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {string|undefined} Returns the key of the matched element,
-     *  else `undefined`.
-     * @example
-     *
-     * var users = {
-     *   'barney':  { 'age': 36, 'active': true },
-     *   'fred':    { 'age': 40, 'active': false },
-     *   'pebbles': { 'age': 1,  'active': true }
-     * };
-     *
-     * _.findKey(users, function(o) { return o.age < 40; });
-     * // => 'barney' (iteration order is not guaranteed)
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.findKey(users, { 'age': 1, 'active': true });
-     * // => 'pebbles'
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.findKey(users, ['active', false]);
-     * // => 'fred'
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.findKey(users, 'active');
-     * // => 'barney'
-     */
-    function findKey(object, predicate) {
-      return baseFindKey(object, getIteratee(predicate, 3), baseForOwn);
-    }
-
-    /**
-     * This method is like `_.findKey` except that it iterates over elements of
-     * a collection in the opposite order.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Object
-     * @param {Object} object The object to inspect.
-     * @param {Function} [predicate=_.identity] The function invoked per iteration.
-     * @returns {string|undefined} Returns the key of the matched element,
-     *  else `undefined`.
-     * @example
-     *
-     * var users = {
-     *   'barney':  { 'age': 36, 'active': true },
-     *   'fred':    { 'age': 40, 'active': false },
-     *   'pebbles': { 'age': 1,  'active': true }
-     * };
-     *
-     * _.findLastKey(users, function(o) { return o.age < 40; });
-     * // => returns 'pebbles' assuming `_.findKey` returns 'barney'
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.findLastKey(users, { 'age': 36, 'active': true });
-     * // => 'barney'
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.findLastKey(users, ['active', false]);
-     * // => 'fred'
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.findLastKey(users, 'active');
-     * // => 'pebbles'
-     */
-    function findLastKey(object, predicate) {
-      return baseFindKey(object, getIteratee(predicate, 3), baseForOwnRight);
-    }
-
-    /**
-     * Iterates over own and inherited enumerable string keyed properties of an
-     * object and invokes `iteratee` for each property. The iteratee is invoked
-     * with three arguments: (value, key, object). Iteratee functions may exit
-     * iteration early by explicitly returning `false`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.3.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     * @see _.forInRight
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.forIn(new Foo, function(value, key) {
-     *   console.log(key);
-     * });
-     * // => Logs 'a', 'b', then 'c' (iteration order is not guaranteed).
-     */
-    function forIn(object, iteratee) {
-      return object == null ? object : baseFor(object, getIteratee(iteratee, 3), keysIn);
-    }
-
-    /**
-     * This method is like `_.forIn` except that it iterates over properties of
-     * `object` in the opposite order.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     * @see _.forIn
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.forInRight(new Foo, function(value, key) {
-     *   console.log(key);
-     * });
-     * // => Logs 'c', 'b', then 'a' assuming `_.forIn` logs 'a', 'b', then 'c'.
-     */
-    function forInRight(object, iteratee) {
-      return object == null ? object : baseForRight(object, getIteratee(iteratee, 3), keysIn);
-    }
-
-    /**
-     * Iterates over own enumerable string keyed properties of an object and
-     * invokes `iteratee` for each property. The iteratee is invoked with three
-     * arguments: (value, key, object). Iteratee functions may exit iteration
-     * early by explicitly returning `false`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.3.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     * @see _.forOwnRight
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.forOwn(new Foo, function(value, key) {
-     *   console.log(key);
-     * });
-     * // => Logs 'a' then 'b' (iteration order is not guaranteed).
-     */
-    function forOwn(object, iteratee) {
-      return object && baseForOwn(object, getIteratee(iteratee, 3));
-    }
-
-    /**
-     * This method is like `_.forOwn` except that it iterates over properties of
-     * `object` in the opposite order.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.0.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns `object`.
-     * @see _.forOwn
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.forOwnRight(new Foo, function(value, key) {
-     *   console.log(key);
-     * });
-     * // => Logs 'b' then 'a' assuming `_.forOwn` logs 'a' then 'b'.
-     */
-    function forOwnRight(object, iteratee) {
-      return object && baseForOwnRight(object, getIteratee(iteratee, 3));
-    }
-
-    /**
-     * Creates an array of function property names from own enumerable properties
-     * of `object`.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The object to inspect.
-     * @returns {Array} Returns the function names.
-     * @see _.functionsIn
-     * @example
-     *
-     * function Foo() {
-     *   this.a = _.constant('a');
-     *   this.b = _.constant('b');
-     * }
-     *
-     * Foo.prototype.c = _.constant('c');
-     *
-     * _.functions(new Foo);
-     * // => ['a', 'b']
-     */
-    function functions(object) {
-      return object == null ? [] : baseFunctions(object, keys(object));
-    }
-
-    /**
-     * Creates an array of function property names from own and inherited
-     * enumerable properties of `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The object to inspect.
-     * @returns {Array} Returns the function names.
-     * @see _.functions
-     * @example
-     *
-     * function Foo() {
-     *   this.a = _.constant('a');
-     *   this.b = _.constant('b');
-     * }
-     *
-     * Foo.prototype.c = _.constant('c');
-     *
-     * _.functionsIn(new Foo);
-     * // => ['a', 'b', 'c']
-     */
-    function functionsIn(object) {
-      return object == null ? [] : baseFunctions(object, keysIn(object));
-    }
-
-    /**
-     * Gets the value at `path` of `object`. If the resolved value is
-     * `undefined`, the `defaultValue` is returned in its place.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.7.0
-     * @category Object
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path of the property to get.
-     * @param {*} [defaultValue] The value returned for `undefined` resolved values.
-     * @returns {*} Returns the resolved value.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
-     *
-     * _.get(object, 'a[0].b.c');
-     * // => 3
-     *
-     * _.get(object, ['a', '0', 'b', 'c']);
-     * // => 3
-     *
-     * _.get(object, 'a.b.c', 'default');
-     * // => 'default'
-     */
-    function get(object, path, defaultValue) {
-      var result = object == null ? undefined : baseGet(object, path);
-      return result === undefined ? defaultValue : result;
-    }
-
-    /**
-     * Checks if `path` is a direct property of `object`.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path to check.
-     * @returns {boolean} Returns `true` if `path` exists, else `false`.
-     * @example
-     *
-     * var object = { 'a': { 'b': 2 } };
-     * var other = _.create({ 'a': _.create({ 'b': 2 }) });
-     *
-     * _.has(object, 'a');
-     * // => true
-     *
-     * _.has(object, 'a.b');
-     * // => true
-     *
-     * _.has(object, ['a', 'b']);
-     * // => true
-     *
-     * _.has(other, 'a');
-     * // => false
-     */
-    function has(object, path) {
-      return object != null && hasPath(object, path, baseHas);
-    }
-
-    /**
-     * Checks if `path` is a direct or inherited property of `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path to check.
-     * @returns {boolean} Returns `true` if `path` exists, else `false`.
-     * @example
-     *
-     * var object = _.create({ 'a': _.create({ 'b': 2 }) });
-     *
-     * _.hasIn(object, 'a');
-     * // => true
-     *
-     * _.hasIn(object, 'a.b');
-     * // => true
-     *
-     * _.hasIn(object, ['a', 'b']);
-     * // => true
-     *
-     * _.hasIn(object, 'b');
-     * // => false
-     */
-    function hasIn(object, path) {
-      return object != null && hasPath(object, path, baseHasIn);
-    }
-
-    /**
-     * Creates an object composed of the inverted keys and values of `object`.
-     * If `object` contains duplicate values, subsequent values overwrite
-     * property assignments of previous values.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.7.0
-     * @category Object
-     * @param {Object} object The object to invert.
-     * @returns {Object} Returns the new inverted object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': 2, 'c': 1 };
-     *
-     * _.invert(object);
-     * // => { '1': 'c', '2': 'b' }
-     */
-    var invert = createInverter(function (result, value, key) {
-      if (value != null && typeof value.toString != 'function') {
-        value = nativeObjectToString.call(value);
-      }
-      result[value] = key;
-    }, constant(identity));
-
-    /**
-     * This method is like `_.invert` except that the inverted object is generated
-     * from the results of running each element of `object` thru `iteratee`. The
-     * corresponding inverted value of each inverted key is an array of keys
-     * responsible for generating the inverted value. The iteratee is invoked
-     * with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.1.0
-     * @category Object
-     * @param {Object} object The object to invert.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {Object} Returns the new inverted object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': 2, 'c': 1 };
-     *
-     * _.invertBy(object);
-     * // => { '1': ['a', 'c'], '2': ['b'] }
-     *
-     * _.invertBy(object, function(value) {
-     *   return 'group' + value;
-     * });
-     * // => { 'group1': ['a', 'c'], 'group2': ['b'] }
-     */
-    var invertBy = createInverter(function (result, value, key) {
-      if (value != null && typeof value.toString != 'function') {
-        value = nativeObjectToString.call(value);
-      }
-      if (hasOwnProperty.call(result, value)) {
-        result[value].push(key);
-      } else {
-        result[value] = [key];
-      }
-    }, getIteratee);
-
-    /**
-     * Invokes the method at `path` of `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path of the method to invoke.
-     * @param {...*} [args] The arguments to invoke the method with.
-     * @returns {*} Returns the result of the invoked method.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': [1, 2, 3, 4] } }] };
-     *
-     * _.invoke(object, 'a[0].b.c.slice', 1, 3);
-     * // => [2, 3]
-     */
-    var invoke = baseRest(baseInvoke);
-
-    /**
-     * Creates an array of the own enumerable property names of `object`.
-     *
-     * **Note:** Non-object values are coerced to objects. See the
-     * [ES spec](http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
-     * for more details.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.keys(new Foo);
-     * // => ['a', 'b'] (iteration order is not guaranteed)
-     *
-     * _.keys('hi');
-     * // => ['0', '1']
-     */
-    function keys(object) {
-      return isArrayLike(object) ? arrayLikeKeys(object) : baseKeys(object);
-    }
-
-    /**
-     * Creates an array of the own and inherited enumerable property names of `object`.
-     *
-     * **Note:** Non-object values are coerced to objects.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property names.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.keysIn(new Foo);
-     * // => ['a', 'b', 'c'] (iteration order is not guaranteed)
-     */
-    function keysIn(object) {
-      return isArrayLike(object) ? arrayLikeKeys(object, true) : baseKeysIn(object);
-    }
-
-    /**
-     * The opposite of `_.mapValues`; this method creates an object with the
-     * same values as `object` and keys generated by running each own enumerable
-     * string keyed property of `object` thru `iteratee`. The iteratee is invoked
-     * with three arguments: (value, key, object).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.8.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns the new mapped object.
-     * @see _.mapValues
-     * @example
-     *
-     * _.mapKeys({ 'a': 1, 'b': 2 }, function(value, key) {
-     *   return key + value;
-     * });
-     * // => { 'a1': 1, 'b2': 2 }
-     */
-    function mapKeys(object, iteratee) {
-      var result = {};
-      iteratee = getIteratee(iteratee, 3);
-      baseForOwn(object, function (value, key, object) {
-        baseAssignValue(result, iteratee(value, key, object), value);
-      });
-      return result;
-    }
-
-    /**
-     * Creates an object with the same keys as `object` and values generated
-     * by running each own enumerable string keyed property of `object` thru
-     * `iteratee`. The iteratee is invoked with three arguments:
-     * (value, key, object).
-     *
-     * @static
-     * @memberOf _
-     * @since 2.4.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Object} Returns the new mapped object.
-     * @see _.mapKeys
-     * @example
-     *
-     * var users = {
-     *   'fred':    { 'user': 'fred',    'age': 40 },
-     *   'pebbles': { 'user': 'pebbles', 'age': 1 }
-     * };
-     *
-     * _.mapValues(users, function(o) { return o.age; });
-     * // => { 'fred': 40, 'pebbles': 1 } (iteration order is not guaranteed)
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.mapValues(users, 'age');
-     * // => { 'fred': 40, 'pebbles': 1 } (iteration order is not guaranteed)
-     */
-    function mapValues(object, iteratee) {
-      var result = {};
-      iteratee = getIteratee(iteratee, 3);
-      baseForOwn(object, function (value, key, object) {
-        baseAssignValue(result, key, iteratee(value, key, object));
-      });
-      return result;
-    }
-
-    /**
-     * This method is like `_.assign` except that it recursively merges own and
-     * inherited enumerable string keyed properties of source objects into the
-     * destination object. Source properties that resolve to `undefined` are
-     * skipped if a destination value exists. Array and plain object properties
-     * are merged recursively. Other objects and value types are overridden by
-     * assignment. Source objects are applied from left to right. Subsequent
-     * sources overwrite property assignments of previous sources.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.5.0
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} [sources] The source objects.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var object = {
-     *   'a': [{ 'b': 2 }, { 'd': 4 }]
-     * };
-     *
-     * var other = {
-     *   'a': [{ 'c': 3 }, { 'e': 5 }]
-     * };
-     *
-     * _.merge(object, other);
-     * // => { 'a': [{ 'b': 2, 'c': 3 }, { 'd': 4, 'e': 5 }] }
-     */
-    var merge = createAssigner(function (object, source, srcIndex) {
-      baseMerge(object, source, srcIndex);
-    });
-
-    /**
-     * This method is like `_.merge` except that it accepts `customizer` which
-     * is invoked to produce the merged values of the destination and source
-     * properties. If `customizer` returns `undefined`, merging is handled by the
-     * method instead. The `customizer` is invoked with six arguments:
-     * (objValue, srcValue, key, object, source, stack).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The destination object.
-     * @param {...Object} sources The source objects.
-     * @param {Function} customizer The function to customize assigned values.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * function customizer(objValue, srcValue) {
-     *   if (_.isArray(objValue)) {
-     *     return objValue.concat(srcValue);
-     *   }
-     * }
-     *
-     * var object = { 'a': [1], 'b': [2] };
-     * var other = { 'a': [3], 'b': [4] };
-     *
-     * _.mergeWith(object, other, customizer);
-     * // => { 'a': [1, 3], 'b': [2, 4] }
-     */
-    var mergeWith = createAssigner(function (object, source, srcIndex, customizer) {
-      baseMerge(object, source, srcIndex, customizer);
-    });
-
-    /**
-     * The opposite of `_.pick`; this method creates an object composed of the
-     * own and inherited enumerable property paths of `object` that are not omitted.
-     *
-     * **Note:** This method is considerably slower than `_.pick`.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The source object.
-     * @param {...(string|string[])} [paths] The property paths to omit.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': '2', 'c': 3 };
-     *
-     * _.omit(object, ['a', 'c']);
-     * // => { 'b': '2' }
-     */
-    var omit = flatRest(function (object, paths) {
-      var result = {};
-      if (object == null) {
-        return result;
-      }
-      var isDeep = false;
-      paths = arrayMap(paths, function (path) {
-        path = castPath(path, object);
-        isDeep || (isDeep = path.length > 1);
-        return path;
-      });
-      copyObject(object, getAllKeysIn(object), result);
-      if (isDeep) {
-        result = baseClone(result, CLONE_DEEP_FLAG | CLONE_FLAT_FLAG | CLONE_SYMBOLS_FLAG, customOmitClone);
-      }
-      var length = paths.length;
-      while (length--) {
-        baseUnset(result, paths[length]);
-      }
-      return result;
-    });
-
-    /**
-     * The opposite of `_.pickBy`; this method creates an object composed of
-     * the own and inherited enumerable string keyed properties of `object` that
-     * `predicate` doesn't return truthy for. The predicate is invoked with two
-     * arguments: (value, key).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The source object.
-     * @param {Function} [predicate=_.identity] The function invoked per property.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': '2', 'c': 3 };
-     *
-     * _.omitBy(object, _.isNumber);
-     * // => { 'b': '2' }
-     */
-    function omitBy(object, predicate) {
-      return pickBy(object, negate(getIteratee(predicate)));
-    }
-
-    /**
-     * Creates an object composed of the picked `object` properties.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The source object.
-     * @param {...(string|string[])} [paths] The property paths to pick.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': '2', 'c': 3 };
-     *
-     * _.pick(object, ['a', 'c']);
-     * // => { 'a': 1, 'c': 3 }
-     */
-    var pick = flatRest(function (object, paths) {
-      return object == null ? {} : basePick(object, paths);
-    });
-
-    /**
-     * Creates an object composed of the `object` properties `predicate` returns
-     * truthy for. The predicate is invoked with two arguments: (value, key).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The source object.
-     * @param {Function} [predicate=_.identity] The function invoked per property.
-     * @returns {Object} Returns the new object.
-     * @example
-     *
-     * var object = { 'a': 1, 'b': '2', 'c': 3 };
-     *
-     * _.pickBy(object, _.isNumber);
-     * // => { 'a': 1, 'c': 3 }
-     */
-    function pickBy(object, predicate) {
-      if (object == null) {
-        return {};
-      }
-      var props = arrayMap(getAllKeysIn(object), function (prop) {
-        return [prop];
-      });
-      predicate = getIteratee(predicate);
-      return basePickBy(object, props, function (value, path) {
-        return predicate(value, path[0]);
-      });
-    }
-
-    /**
-     * This method is like `_.get` except that if the resolved value is a
-     * function it's invoked with the `this` binding of its parent object and
-     * its result is returned.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The object to query.
-     * @param {Array|string} path The path of the property to resolve.
-     * @param {*} [defaultValue] The value returned for `undefined` resolved values.
-     * @returns {*} Returns the resolved value.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c1': 3, 'c2': _.constant(4) } }] };
-     *
-     * _.result(object, 'a[0].b.c1');
-     * // => 3
-     *
-     * _.result(object, 'a[0].b.c2');
-     * // => 4
-     *
-     * _.result(object, 'a[0].b.c3', 'default');
-     * // => 'default'
-     *
-     * _.result(object, 'a[0].b.c3', _.constant('default'));
-     * // => 'default'
-     */
-    function result(object, path, defaultValue) {
-      path = castPath(path, object);
-      var index = -1,
-        length = path.length;
-
-      // Ensure the loop is entered when path is empty.
-      if (!length) {
-        length = 1;
-        object = undefined;
-      }
-      while (++index < length) {
-        var value = object == null ? undefined : object[toKey(path[index])];
-        if (value === undefined) {
-          index = length;
-          value = defaultValue;
-        }
-        object = isFunction(value) ? value.call(object) : value;
-      }
-      return object;
-    }
-
-    /**
-     * Sets the value at `path` of `object`. If a portion of `path` doesn't exist,
-     * it's created. Arrays are created for missing index properties while objects
-     * are created for all other missing properties. Use `_.setWith` to customize
-     * `path` creation.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.7.0
-     * @category Object
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to set.
-     * @param {*} value The value to set.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
-     *
-     * _.set(object, 'a[0].b.c', 4);
-     * console.log(object.a[0].b.c);
-     * // => 4
-     *
-     * _.set(object, ['x', '0', 'y', 'z'], 5);
-     * console.log(object.x[0].y.z);
-     * // => 5
-     */
-    function set(object, path, value) {
-      return object == null ? object : baseSet(object, path, value);
-    }
-
-    /**
-     * This method is like `_.set` except that it accepts `customizer` which is
-     * invoked to produce the objects of `path`.  If `customizer` returns `undefined`
-     * path creation is handled by the method instead. The `customizer` is invoked
-     * with three arguments: (nsValue, key, nsObject).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to set.
-     * @param {*} value The value to set.
-     * @param {Function} [customizer] The function to customize assigned values.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var object = {};
-     *
-     * _.setWith(object, '[0][1]', 'a', Object);
-     * // => { '0': { '1': 'a' } }
-     */
-    function setWith(object, path, value, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      return object == null ? object : baseSet(object, path, value, customizer);
-    }
-
-    /**
-     * Creates an array of own enumerable string keyed-value pairs for `object`
-     * which can be consumed by `_.fromPairs`. If `object` is a map or set, its
-     * entries are returned.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @alias entries
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the key-value pairs.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.toPairs(new Foo);
-     * // => [['a', 1], ['b', 2]] (iteration order is not guaranteed)
-     */
-    var toPairs = createToPairs(keys);
-
-    /**
-     * Creates an array of own and inherited enumerable string keyed-value pairs
-     * for `object` which can be consumed by `_.fromPairs`. If `object` is a map
-     * or set, its entries are returned.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @alias entriesIn
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the key-value pairs.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.toPairsIn(new Foo);
-     * // => [['a', 1], ['b', 2], ['c', 3]] (iteration order is not guaranteed)
-     */
-    var toPairsIn = createToPairs(keysIn);
-
-    /**
-     * An alternative to `_.reduce`; this method transforms `object` to a new
-     * `accumulator` object which is the result of running each of its own
-     * enumerable string keyed properties thru `iteratee`, with each invocation
-     * potentially mutating the `accumulator` object. If `accumulator` is not
-     * provided, a new object with the same `[[Prototype]]` will be used. The
-     * iteratee is invoked with four arguments: (accumulator, value, key, object).
-     * Iteratee functions may exit iteration early by explicitly returning `false`.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.3.0
-     * @category Object
-     * @param {Object} object The object to iterate over.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @param {*} [accumulator] The custom accumulator value.
-     * @returns {*} Returns the accumulated value.
-     * @example
-     *
-     * _.transform([2, 3, 4], function(result, n) {
-     *   result.push(n *= n);
-     *   return n % 2 == 0;
-     * }, []);
-     * // => [4, 9]
-     *
-     * _.transform({ 'a': 1, 'b': 2, 'c': 1 }, function(result, value, key) {
-     *   (result[value] || (result[value] = [])).push(key);
-     * }, {});
-     * // => { '1': ['a', 'c'], '2': ['b'] }
-     */
-    function transform(object, iteratee, accumulator) {
-      var isArr = isArray(object),
-        isArrLike = isArr || isBuffer(object) || isTypedArray(object);
-      iteratee = getIteratee(iteratee, 4);
-      if (accumulator == null) {
-        var Ctor = object && object.constructor;
-        if (isArrLike) {
-          accumulator = isArr ? new Ctor() : [];
-        } else if (isObject(object)) {
-          accumulator = isFunction(Ctor) ? baseCreate(getPrototype(object)) : {};
-        } else {
-          accumulator = {};
-        }
-      }
-      (isArrLike ? arrayEach : baseForOwn)(object, function (value, index, object) {
-        return iteratee(accumulator, value, index, object);
-      });
-      return accumulator;
-    }
-
-    /**
-     * Removes the property at `path` of `object`.
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Object
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to unset.
-     * @returns {boolean} Returns `true` if the property is deleted, else `false`.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 7 } }] };
-     * _.unset(object, 'a[0].b.c');
-     * // => true
-     *
-     * console.log(object);
-     * // => { 'a': [{ 'b': {} }] };
-     *
-     * _.unset(object, ['a', '0', 'b', 'c']);
-     * // => true
-     *
-     * console.log(object);
-     * // => { 'a': [{ 'b': {} }] };
-     */
-    function unset(object, path) {
-      return object == null ? true : baseUnset(object, path);
-    }
-
-    /**
-     * This method is like `_.set` except that accepts `updater` to produce the
-     * value to set. Use `_.updateWith` to customize `path` creation. The `updater`
-     * is invoked with one argument: (value).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.6.0
-     * @category Object
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to set.
-     * @param {Function} updater The function to produce the updated value.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var object = { 'a': [{ 'b': { 'c': 3 } }] };
-     *
-     * _.update(object, 'a[0].b.c', function(n) { return n * n; });
-     * console.log(object.a[0].b.c);
-     * // => 9
-     *
-     * _.update(object, 'x[0].y.z', function(n) { return n ? n + 1 : 0; });
-     * console.log(object.x[0].y.z);
-     * // => 0
-     */
-    function update(object, path, updater) {
-      return object == null ? object : baseUpdate(object, path, castFunction(updater));
-    }
-
-    /**
-     * This method is like `_.update` except that it accepts `customizer` which is
-     * invoked to produce the objects of `path`.  If `customizer` returns `undefined`
-     * path creation is handled by the method instead. The `customizer` is invoked
-     * with three arguments: (nsValue, key, nsObject).
-     *
-     * **Note:** This method mutates `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.6.0
-     * @category Object
-     * @param {Object} object The object to modify.
-     * @param {Array|string} path The path of the property to set.
-     * @param {Function} updater The function to produce the updated value.
-     * @param {Function} [customizer] The function to customize assigned values.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var object = {};
-     *
-     * _.updateWith(object, '[0][1]', _.constant('a'), Object);
-     * // => { '0': { '1': 'a' } }
-     */
-    function updateWith(object, path, updater, customizer) {
-      customizer = typeof customizer == 'function' ? customizer : undefined;
-      return object == null ? object : baseUpdate(object, path, castFunction(updater), customizer);
-    }
-
-    /**
-     * Creates an array of the own enumerable string keyed property values of `object`.
-     *
-     * **Note:** Non-object values are coerced to objects.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property values.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.values(new Foo);
-     * // => [1, 2] (iteration order is not guaranteed)
-     *
-     * _.values('hi');
-     * // => ['h', 'i']
-     */
-    function values(object) {
-      return object == null ? [] : baseValues(object, keys(object));
-    }
-
-    /**
-     * Creates an array of the own and inherited enumerable string keyed property
-     * values of `object`.
-     *
-     * **Note:** Non-object values are coerced to objects.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Object
-     * @param {Object} object The object to query.
-     * @returns {Array} Returns the array of property values.
-     * @example
-     *
-     * function Foo() {
-     *   this.a = 1;
-     *   this.b = 2;
-     * }
-     *
-     * Foo.prototype.c = 3;
-     *
-     * _.valuesIn(new Foo);
-     * // => [1, 2, 3] (iteration order is not guaranteed)
-     */
-    function valuesIn(object) {
-      return object == null ? [] : baseValues(object, keysIn(object));
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Clamps `number` within the inclusive `lower` and `upper` bounds.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Number
-     * @param {number} number The number to clamp.
-     * @param {number} [lower] The lower bound.
-     * @param {number} upper The upper bound.
-     * @returns {number} Returns the clamped number.
-     * @example
-     *
-     * _.clamp(-10, -5, 5);
-     * // => -5
-     *
-     * _.clamp(10, -5, 5);
-     * // => 5
-     */
-    function clamp(number, lower, upper) {
-      if (upper === undefined) {
-        upper = lower;
-        lower = undefined;
-      }
-      if (upper !== undefined) {
-        upper = toNumber(upper);
-        upper = upper === upper ? upper : 0;
-      }
-      if (lower !== undefined) {
-        lower = toNumber(lower);
-        lower = lower === lower ? lower : 0;
-      }
-      return baseClamp(toNumber(number), lower, upper);
-    }
-
-    /**
-     * Checks if `n` is between `start` and up to, but not including, `end`. If
-     * `end` is not specified, it's set to `start` with `start` then set to `0`.
-     * If `start` is greater than `end` the params are swapped to support
-     * negative ranges.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.3.0
-     * @category Number
-     * @param {number} number The number to check.
-     * @param {number} [start=0] The start of the range.
-     * @param {number} end The end of the range.
-     * @returns {boolean} Returns `true` if `number` is in the range, else `false`.
-     * @see _.range, _.rangeRight
-     * @example
-     *
-     * _.inRange(3, 2, 4);
-     * // => true
-     *
-     * _.inRange(4, 8);
-     * // => true
-     *
-     * _.inRange(4, 2);
-     * // => false
-     *
-     * _.inRange(2, 2);
-     * // => false
-     *
-     * _.inRange(1.2, 2);
-     * // => true
-     *
-     * _.inRange(5.2, 4);
-     * // => false
-     *
-     * _.inRange(-3, -2, -6);
-     * // => true
-     */
-    function inRange(number, start, end) {
-      start = toFinite(start);
-      if (end === undefined) {
-        end = start;
-        start = 0;
-      } else {
-        end = toFinite(end);
-      }
-      number = toNumber(number);
-      return baseInRange(number, start, end);
-    }
-
-    /**
-     * Produces a random number between the inclusive `lower` and `upper` bounds.
-     * If only one argument is provided a number between `0` and the given number
-     * is returned. If `floating` is `true`, or either `lower` or `upper` are
-     * floats, a floating-point number is returned instead of an integer.
-     *
-     * **Note:** JavaScript follows the IEEE-754 standard for resolving
-     * floating-point values which can produce unexpected results.
-     *
-     * @static
-     * @memberOf _
-     * @since 0.7.0
-     * @category Number
-     * @param {number} [lower=0] The lower bound.
-     * @param {number} [upper=1] The upper bound.
-     * @param {boolean} [floating] Specify returning a floating-point number.
-     * @returns {number} Returns the random number.
-     * @example
-     *
-     * _.random(0, 5);
-     * // => an integer between 0 and 5
-     *
-     * _.random(5);
-     * // => also an integer between 0 and 5
-     *
-     * _.random(5, true);
-     * // => a floating-point number between 0 and 5
-     *
-     * _.random(1.2, 5.2);
-     * // => a floating-point number between 1.2 and 5.2
-     */
-    function random(lower, upper, floating) {
-      if (floating && typeof floating != 'boolean' && isIterateeCall(lower, upper, floating)) {
-        upper = floating = undefined;
-      }
-      if (floating === undefined) {
-        if (typeof upper == 'boolean') {
-          floating = upper;
-          upper = undefined;
-        } else if (typeof lower == 'boolean') {
-          floating = lower;
-          lower = undefined;
-        }
-      }
-      if (lower === undefined && upper === undefined) {
-        lower = 0;
-        upper = 1;
-      } else {
-        lower = toFinite(lower);
-        if (upper === undefined) {
-          upper = lower;
-          lower = 0;
-        } else {
-          upper = toFinite(upper);
-        }
-      }
-      if (lower > upper) {
-        var temp = lower;
-        lower = upper;
-        upper = temp;
-      }
-      if (floating || lower % 1 || upper % 1) {
-        var rand = nativeRandom();
-        return nativeMin(lower + rand * (upper - lower + freeParseFloat('1e-' + ((rand + '').length - 1))), upper);
-      }
-      return baseRandom(lower, upper);
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Converts `string` to [camel case](https://en.wikipedia.org/wiki/CamelCase).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the camel cased string.
-     * @example
-     *
-     * _.camelCase('Foo Bar');
-     * // => 'fooBar'
-     *
-     * _.camelCase('--foo-bar--');
-     * // => 'fooBar'
-     *
-     * _.camelCase('__FOO_BAR__');
-     * // => 'fooBar'
-     */
-    var camelCase = createCompounder(function (result, word, index) {
-      word = word.toLowerCase();
-      return result + (index ? capitalize(word) : word);
-    });
-
-    /**
-     * Converts the first character of `string` to upper case and the remaining
-     * to lower case.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to capitalize.
-     * @returns {string} Returns the capitalized string.
-     * @example
-     *
-     * _.capitalize('FRED');
-     * // => 'Fred'
-     */
-    function capitalize(string) {
-      return upperFirst(toString(string).toLowerCase());
-    }
-
-    /**
-     * Deburrs `string` by converting
-     * [Latin-1 Supplement](https://en.wikipedia.org/wiki/Latin-1_Supplement_(Unicode_block)#Character_table)
-     * and [Latin Extended-A](https://en.wikipedia.org/wiki/Latin_Extended-A)
-     * letters to basic Latin letters and removing
-     * [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to deburr.
-     * @returns {string} Returns the deburred string.
-     * @example
-     *
-     * _.deburr('déjà vu');
-     * // => 'deja vu'
-     */
-    function deburr(string) {
-      string = toString(string);
-      return string && string.replace(reLatin, deburrLetter).replace(reComboMark, '');
-    }
-
-    /**
-     * Checks if `string` ends with the given target string.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to inspect.
-     * @param {string} [target] The string to search for.
-     * @param {number} [position=string.length] The position to search up to.
-     * @returns {boolean} Returns `true` if `string` ends with `target`,
-     *  else `false`.
-     * @example
-     *
-     * _.endsWith('abc', 'c');
-     * // => true
-     *
-     * _.endsWith('abc', 'b');
-     * // => false
-     *
-     * _.endsWith('abc', 'b', 2);
-     * // => true
-     */
-    function endsWith(string, target, position) {
-      string = toString(string);
-      target = baseToString(target);
-      var length = string.length;
-      position = position === undefined ? length : baseClamp(toInteger(position), 0, length);
-      var end = position;
-      position -= target.length;
-      return position >= 0 && string.slice(position, end) == target;
-    }
-
-    /**
-     * Converts the characters "&", "<", ">", '"', and "'" in `string` to their
-     * corresponding HTML entities.
-     *
-     * **Note:** No other characters are escaped. To escape additional
-     * characters use a third-party library like [_he_](https://mths.be/he).
-     *
-     * Though the ">" character is escaped for symmetry, characters like
-     * ">" and "/" don't need escaping in HTML and have no special meaning
-     * unless they're part of a tag or unquoted attribute value. See
-     * [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands)
-     * (under "semi-related fun fact") for more details.
-     *
-     * When working with HTML you should always
-     * [quote attribute values](http://wonko.com/post/html-escaping) to reduce
-     * XSS vectors.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category String
-     * @param {string} [string=''] The string to escape.
-     * @returns {string} Returns the escaped string.
-     * @example
-     *
-     * _.escape('fred, barney, & pebbles');
-     * // => 'fred, barney, &amp; pebbles'
-     */
-    function escape(string) {
-      string = toString(string);
-      return string && reHasUnescapedHtml.test(string) ? string.replace(reUnescapedHtml, escapeHtmlChar) : string;
-    }
-
-    /**
-     * Escapes the `RegExp` special characters "^", "$", "\", ".", "*", "+",
-     * "?", "(", ")", "[", "]", "{", "}", and "|" in `string`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to escape.
-     * @returns {string} Returns the escaped string.
-     * @example
-     *
-     * _.escapeRegExp('[lodash](https://lodash.com/)');
-     * // => '\[lodash\]\(https://lodash\.com/\)'
-     */
-    function escapeRegExp(string) {
-      string = toString(string);
-      return string && reHasRegExpChar.test(string) ? string.replace(reRegExpChar, '\\$&') : string;
-    }
-
-    /**
-     * Converts `string` to
-     * [kebab case](https://en.wikipedia.org/wiki/Letter_case#Special_case_styles).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the kebab cased string.
-     * @example
-     *
-     * _.kebabCase('Foo Bar');
-     * // => 'foo-bar'
-     *
-     * _.kebabCase('fooBar');
-     * // => 'foo-bar'
-     *
-     * _.kebabCase('__FOO_BAR__');
-     * // => 'foo-bar'
-     */
-    var kebabCase = createCompounder(function (result, word, index) {
-      return result + (index ? '-' : '') + word.toLowerCase();
-    });
-
-    /**
-     * Converts `string`, as space separated words, to lower case.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the lower cased string.
-     * @example
-     *
-     * _.lowerCase('--Foo-Bar--');
-     * // => 'foo bar'
-     *
-     * _.lowerCase('fooBar');
-     * // => 'foo bar'
-     *
-     * _.lowerCase('__FOO_BAR__');
-     * // => 'foo bar'
-     */
-    var lowerCase = createCompounder(function (result, word, index) {
-      return result + (index ? ' ' : '') + word.toLowerCase();
-    });
-
-    /**
-     * Converts the first character of `string` to lower case.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the converted string.
-     * @example
-     *
-     * _.lowerFirst('Fred');
-     * // => 'fred'
-     *
-     * _.lowerFirst('FRED');
-     * // => 'fRED'
-     */
-    var lowerFirst = createCaseFirst('toLowerCase');
-
-    /**
-     * Pads `string` on the left and right sides if it's shorter than `length`.
-     * Padding characters are truncated if they can't be evenly divided by `length`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to pad.
-     * @param {number} [length=0] The padding length.
-     * @param {string} [chars=' '] The string used as padding.
-     * @returns {string} Returns the padded string.
-     * @example
-     *
-     * _.pad('abc', 8);
-     * // => '  abc   '
-     *
-     * _.pad('abc', 8, '_-');
-     * // => '_-abc_-_'
-     *
-     * _.pad('abc', 3);
-     * // => 'abc'
-     */
-    function pad(string, length, chars) {
-      string = toString(string);
-      length = toInteger(length);
-      var strLength = length ? stringSize(string) : 0;
-      if (!length || strLength >= length) {
-        return string;
-      }
-      var mid = (length - strLength) / 2;
-      return createPadding(nativeFloor(mid), chars) + string + createPadding(nativeCeil(mid), chars);
-    }
-
-    /**
-     * Pads `string` on the right side if it's shorter than `length`. Padding
-     * characters are truncated if they exceed `length`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to pad.
-     * @param {number} [length=0] The padding length.
-     * @param {string} [chars=' '] The string used as padding.
-     * @returns {string} Returns the padded string.
-     * @example
-     *
-     * _.padEnd('abc', 6);
-     * // => 'abc   '
-     *
-     * _.padEnd('abc', 6, '_-');
-     * // => 'abc_-_'
-     *
-     * _.padEnd('abc', 3);
-     * // => 'abc'
-     */
-    function padEnd(string, length, chars) {
-      string = toString(string);
-      length = toInteger(length);
-      var strLength = length ? stringSize(string) : 0;
-      return length && strLength < length ? string + createPadding(length - strLength, chars) : string;
-    }
-
-    /**
-     * Pads `string` on the left side if it's shorter than `length`. Padding
-     * characters are truncated if they exceed `length`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to pad.
-     * @param {number} [length=0] The padding length.
-     * @param {string} [chars=' '] The string used as padding.
-     * @returns {string} Returns the padded string.
-     * @example
-     *
-     * _.padStart('abc', 6);
-     * // => '   abc'
-     *
-     * _.padStart('abc', 6, '_-');
-     * // => '_-_abc'
-     *
-     * _.padStart('abc', 3);
-     * // => 'abc'
-     */
-    function padStart(string, length, chars) {
-      string = toString(string);
-      length = toInteger(length);
-      var strLength = length ? stringSize(string) : 0;
-      return length && strLength < length ? createPadding(length - strLength, chars) + string : string;
-    }
-
-    /**
-     * Converts `string` to an integer of the specified radix. If `radix` is
-     * `undefined` or `0`, a `radix` of `10` is used unless `value` is a
-     * hexadecimal, in which case a `radix` of `16` is used.
-     *
-     * **Note:** This method aligns with the
-     * [ES5 implementation](https://es5.github.io/#x15.1.2.2) of `parseInt`.
-     *
-     * @static
-     * @memberOf _
-     * @since 1.1.0
-     * @category String
-     * @param {string} string The string to convert.
-     * @param {number} [radix=10] The radix to interpret `value` by.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {number} Returns the converted integer.
-     * @example
-     *
-     * _.parseInt('08');
-     * // => 8
-     *
-     * _.map(['6', '08', '10'], _.parseInt);
-     * // => [6, 8, 10]
-     */
-    function parseInt(string, radix, guard) {
-      if (guard || radix == null) {
-        radix = 0;
-      } else if (radix) {
-        radix = +radix;
-      }
-      return nativeParseInt(toString(string).replace(reTrimStart, ''), radix || 0);
-    }
-
-    /**
-     * Repeats the given string `n` times.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to repeat.
-     * @param {number} [n=1] The number of times to repeat the string.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {string} Returns the repeated string.
-     * @example
-     *
-     * _.repeat('*', 3);
-     * // => '***'
-     *
-     * _.repeat('abc', 2);
-     * // => 'abcabc'
-     *
-     * _.repeat('abc', 0);
-     * // => ''
-     */
-    function repeat(string, n, guard) {
-      if (guard ? isIterateeCall(string, n, guard) : n === undefined) {
-        n = 1;
-      } else {
-        n = toInteger(n);
-      }
-      return baseRepeat(toString(string), n);
-    }
-
-    /**
-     * Replaces matches for `pattern` in `string` with `replacement`.
-     *
-     * **Note:** This method is based on
-     * [`String#replace`](https://mdn.io/String/replace).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to modify.
-     * @param {RegExp|string} pattern The pattern to replace.
-     * @param {Function|string} replacement The match replacement.
-     * @returns {string} Returns the modified string.
-     * @example
-     *
-     * _.replace('Hi Fred', 'Fred', 'Barney');
-     * // => 'Hi Barney'
-     */
-    function replace() {
-      var args = arguments,
-        string = toString(args[0]);
-      return args.length < 3 ? string : string.replace(args[1], args[2]);
-    }
-
-    /**
-     * Converts `string` to
-     * [snake case](https://en.wikipedia.org/wiki/Snake_case).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the snake cased string.
-     * @example
-     *
-     * _.snakeCase('Foo Bar');
-     * // => 'foo_bar'
-     *
-     * _.snakeCase('fooBar');
-     * // => 'foo_bar'
-     *
-     * _.snakeCase('--FOO-BAR--');
-     * // => 'foo_bar'
-     */
-    var snakeCase = createCompounder(function (result, word, index) {
-      return result + (index ? '_' : '') + word.toLowerCase();
-    });
-
-    /**
-     * Splits `string` by `separator`.
-     *
-     * **Note:** This method is based on
-     * [`String#split`](https://mdn.io/String/split).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to split.
-     * @param {RegExp|string} separator The separator pattern to split by.
-     * @param {number} [limit] The length to truncate results to.
-     * @returns {Array} Returns the string segments.
-     * @example
-     *
-     * _.split('a-b-c', '-', 2);
-     * // => ['a', 'b']
-     */
-    function split(string, separator, limit) {
-      if (limit && typeof limit != 'number' && isIterateeCall(string, separator, limit)) {
-        separator = limit = undefined;
-      }
-      limit = limit === undefined ? MAX_ARRAY_LENGTH : limit >>> 0;
-      if (!limit) {
-        return [];
-      }
-      string = toString(string);
-      if (string && (typeof separator == 'string' || separator != null && !isRegExp(separator))) {
-        separator = baseToString(separator);
-        if (!separator && hasUnicode(string)) {
-          return castSlice(stringToArray(string), 0, limit);
-        }
-      }
-      return string.split(separator, limit);
-    }
-
-    /**
-     * Converts `string` to
-     * [start case](https://en.wikipedia.org/wiki/Letter_case#Stylistic_or_specialised_usage).
-     *
-     * @static
-     * @memberOf _
-     * @since 3.1.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the start cased string.
-     * @example
-     *
-     * _.startCase('--foo-bar--');
-     * // => 'Foo Bar'
-     *
-     * _.startCase('fooBar');
-     * // => 'Foo Bar'
-     *
-     * _.startCase('__FOO_BAR__');
-     * // => 'FOO BAR'
-     */
-    var startCase = createCompounder(function (result, word, index) {
-      return result + (index ? ' ' : '') + upperFirst(word);
-    });
-
-    /**
-     * Checks if `string` starts with the given target string.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to inspect.
-     * @param {string} [target] The string to search for.
-     * @param {number} [position=0] The position to search from.
-     * @returns {boolean} Returns `true` if `string` starts with `target`,
-     *  else `false`.
-     * @example
-     *
-     * _.startsWith('abc', 'a');
-     * // => true
-     *
-     * _.startsWith('abc', 'b');
-     * // => false
-     *
-     * _.startsWith('abc', 'b', 1);
-     * // => true
-     */
-    function startsWith(string, target, position) {
-      string = toString(string);
-      position = position == null ? 0 : baseClamp(toInteger(position), 0, string.length);
-      target = baseToString(target);
-      return string.slice(position, position + target.length) == target;
-    }
-
-    /**
-     * Creates a compiled template function that can interpolate data properties
-     * in "interpolate" delimiters, HTML-escape interpolated data properties in
-     * "escape" delimiters, and execute JavaScript in "evaluate" delimiters. Data
-     * properties may be accessed as free variables in the template. If a setting
-     * object is given, it takes precedence over `_.templateSettings` values.
-     *
-     * **Note:** In the development build `_.template` utilizes
-     * [sourceURLs](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
-     * for easier debugging.
-     *
-     * For more information on precompiling templates see
-     * [lodash's custom builds documentation](https://lodash.com/custom-builds).
-     *
-     * For more information on Chrome extension sandboxes see
-     * [Chrome's extensions documentation](https://developer.chrome.com/extensions/sandboxingEval).
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category String
-     * @param {string} [string=''] The template string.
-     * @param {Object} [options={}] The options object.
-     * @param {RegExp} [options.escape=_.templateSettings.escape]
-     *  The HTML "escape" delimiter.
-     * @param {RegExp} [options.evaluate=_.templateSettings.evaluate]
-     *  The "evaluate" delimiter.
-     * @param {Object} [options.imports=_.templateSettings.imports]
-     *  An object to import into the template as free variables.
-     * @param {RegExp} [options.interpolate=_.templateSettings.interpolate]
-     *  The "interpolate" delimiter.
-     * @param {string} [options.sourceURL='lodash.templateSources[n]']
-     *  The sourceURL of the compiled template.
-     * @param {string} [options.variable='obj']
-     *  The data object variable name.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Function} Returns the compiled template function.
-     * @example
-     *
-     * // Use the "interpolate" delimiter to create a compiled template.
-     * var compiled = _.template('hello <%= user %>!');
-     * compiled({ 'user': 'fred' });
-     * // => 'hello fred!'
-     *
-     * // Use the HTML "escape" delimiter to escape data property values.
-     * var compiled = _.template('<b><%- value %></b>');
-     * compiled({ 'value': '<script>' });
-     * // => '<b>&lt;script&gt;</b>'
-     *
-     * // Use the "evaluate" delimiter to execute JavaScript and generate HTML.
-     * var compiled = _.template('<% _.forEach(users, function(user) { %><li><%- user %></li><% }); %>');
-     * compiled({ 'users': ['fred', 'barney'] });
-     * // => '<li>fred</li><li>barney</li>'
-     *
-     * // Use the internal `print` function in "evaluate" delimiters.
-     * var compiled = _.template('<% print("hello " + user); %>!');
-     * compiled({ 'user': 'barney' });
-     * // => 'hello barney!'
-     *
-     * // Use the ES template literal delimiter as an "interpolate" delimiter.
-     * // Disable support by replacing the "interpolate" delimiter.
-     * var compiled = _.template('hello ${ user }!');
-     * compiled({ 'user': 'pebbles' });
-     * // => 'hello pebbles!'
-     *
-     * // Use backslashes to treat delimiters as plain text.
-     * var compiled = _.template('<%= "\\<%- value %\\>" %>');
-     * compiled({ 'value': 'ignored' });
-     * // => '<%- value %>'
-     *
-     * // Use the `imports` option to import `jQuery` as `jq`.
-     * var text = '<% jq.each(users, function(user) { %><li><%- user %></li><% }); %>';
-     * var compiled = _.template(text, { 'imports': { 'jq': jQuery } });
-     * compiled({ 'users': ['fred', 'barney'] });
-     * // => '<li>fred</li><li>barney</li>'
-     *
-     * // Use the `sourceURL` option to specify a custom sourceURL for the template.
-     * var compiled = _.template('hello <%= user %>!', { 'sourceURL': '/basic/greeting.jst' });
-     * compiled(data);
-     * // => Find the source of "greeting.jst" under the Sources tab or Resources panel of the web inspector.
-     *
-     * // Use the `variable` option to ensure a with-statement isn't used in the compiled template.
-     * var compiled = _.template('hi <%= data.user %>!', { 'variable': 'data' });
-     * compiled.source;
-     * // => function(data) {
-     * //   var __t, __p = '';
-     * //   __p += 'hi ' + ((__t = ( data.user )) == null ? '' : __t) + '!';
-     * //   return __p;
-     * // }
-     *
-     * // Use custom template delimiters.
-     * _.templateSettings.interpolate = /{{([\s\S]+?)}}/g;
-     * var compiled = _.template('hello {{ user }}!');
-     * compiled({ 'user': 'mustache' });
-     * // => 'hello mustache!'
-     *
-     * // Use the `source` property to inline compiled templates for meaningful
-     * // line numbers in error messages and stack traces.
-     * fs.writeFileSync(path.join(process.cwd(), 'jst.js'), '\
-     *   var JST = {\
-     *     "main": ' + _.template(mainText).source + '\
-     *   };\
-     * ');
-     */
-    function template(string, options, guard) {
-      // Based on John Resig's `tmpl` implementation
-      // (http://ejohn.org/blog/javascript-micro-templating/)
-      // and Laura Doktorova's doT.js (https://github.com/olado/doT).
-      var settings = lodash.templateSettings;
-      if (guard && isIterateeCall(string, options, guard)) {
-        options = undefined;
-      }
-      string = toString(string);
-      options = assignInWith({}, options, settings, customDefaultsAssignIn);
-      var imports = assignInWith({}, options.imports, settings.imports, customDefaultsAssignIn),
-        importsKeys = keys(imports),
-        importsValues = baseValues(imports, importsKeys);
-      var isEscaping,
-        isEvaluating,
-        index = 0,
-        interpolate = options.interpolate || reNoMatch,
-        source = "__p += '";
-
-      // Compile the regexp to match each delimiter.
-      var reDelimiters = RegExp((options.escape || reNoMatch).source + '|' + interpolate.source + '|' + (interpolate === reInterpolate ? reEsTemplate : reNoMatch).source + '|' + (options.evaluate || reNoMatch).source + '|$', 'g');
-
-      // Use a sourceURL for easier debugging.
-      // The sourceURL gets injected into the source that's eval-ed, so be careful
-      // to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in
-      // and escape the comment, thus injecting code that gets evaled.
-      var sourceURL = '//# sourceURL=' + (hasOwnProperty.call(options, 'sourceURL') ? (options.sourceURL + '').replace(/\s/g, ' ') : 'lodash.templateSources[' + ++templateCounter + ']') + '\n';
-      string.replace(reDelimiters, function (match, escapeValue, interpolateValue, esTemplateValue, evaluateValue, offset) {
-        interpolateValue || (interpolateValue = esTemplateValue);
-
-        // Escape characters that can't be included in string literals.
-        source += string.slice(index, offset).replace(reUnescapedString, escapeStringChar);
-
-        // Replace delimiters with snippets.
-        if (escapeValue) {
-          isEscaping = true;
-          source += "' +\n__e(" + escapeValue + ") +\n'";
-        }
-        if (evaluateValue) {
-          isEvaluating = true;
-          source += "';\n" + evaluateValue + ";\n__p += '";
-        }
-        if (interpolateValue) {
-          source += "' +\n((__t = (" + interpolateValue + ")) == null ? '' : __t) +\n'";
-        }
-        index = offset + match.length;
-
-        // The JS engine embedded in Adobe products needs `match` returned in
-        // order to produce the correct `offset` value.
-        return match;
-      });
-      source += "';\n";
-
-      // If `variable` is not specified wrap a with-statement around the generated
-      // code to add the data object to the top of the scope chain.
-      var variable = hasOwnProperty.call(options, 'variable') && options.variable;
-      if (!variable) {
-        source = 'with (obj) {\n' + source + '\n}\n';
-      }
-      // Throw an error if a forbidden character was found in `variable`, to prevent
-      // potential command injection attacks.
-      else if (reForbiddenIdentifierChars.test(variable)) {
-        throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT);
-      }
-
-      // Cleanup code by stripping empty strings.
-      source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source).replace(reEmptyStringMiddle, '$1').replace(reEmptyStringTrailing, '$1;');
-
-      // Frame code as the function body.
-      source = 'function(' + (variable || 'obj') + ') {\n' + (variable ? '' : 'obj || (obj = {});\n') + "var __t, __p = ''" + (isEscaping ? ', __e = _.escape' : '') + (isEvaluating ? ', __j = Array.prototype.join;\n' + "function print() { __p += __j.call(arguments, '') }\n" : ';\n') + source + 'return __p\n}';
-      var result = attempt(function () {
-        return Function(importsKeys, sourceURL + 'return ' + source).apply(undefined, importsValues);
-      });
-
-      // Provide the compiled function's source by its `toString` method or
-      // the `source` property as a convenience for inlining compiled templates.
-      result.source = source;
-      if (isError(result)) {
-        throw result;
-      }
-      return result;
-    }
-
-    /**
-     * Converts `string`, as a whole, to lower case just like
-     * [String#toLowerCase](https://mdn.io/toLowerCase).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the lower cased string.
-     * @example
-     *
-     * _.toLower('--Foo-Bar--');
-     * // => '--foo-bar--'
-     *
-     * _.toLower('fooBar');
-     * // => 'foobar'
-     *
-     * _.toLower('__FOO_BAR__');
-     * // => '__foo_bar__'
-     */
-    function toLower(value) {
-      return toString(value).toLowerCase();
-    }
-
-    /**
-     * Converts `string`, as a whole, to upper case just like
-     * [String#toUpperCase](https://mdn.io/toUpperCase).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the upper cased string.
-     * @example
-     *
-     * _.toUpper('--foo-bar--');
-     * // => '--FOO-BAR--'
-     *
-     * _.toUpper('fooBar');
-     * // => 'FOOBAR'
-     *
-     * _.toUpper('__foo_bar__');
-     * // => '__FOO_BAR__'
-     */
-    function toUpper(value) {
-      return toString(value).toUpperCase();
-    }
-
-    /**
-     * Removes leading and trailing whitespace or specified characters from `string`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to trim.
-     * @param {string} [chars=whitespace] The characters to trim.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {string} Returns the trimmed string.
-     * @example
-     *
-     * _.trim('  abc  ');
-     * // => 'abc'
-     *
-     * _.trim('-_-abc-_-', '_-');
-     * // => 'abc'
-     *
-     * _.map(['  foo  ', '  bar  '], _.trim);
-     * // => ['foo', 'bar']
-     */
-    function trim(string, chars, guard) {
-      string = toString(string);
-      if (string && (guard || chars === undefined)) {
-        return baseTrim(string);
-      }
-      if (!string || !(chars = baseToString(chars))) {
-        return string;
-      }
-      var strSymbols = stringToArray(string),
-        chrSymbols = stringToArray(chars),
-        start = charsStartIndex(strSymbols, chrSymbols),
-        end = charsEndIndex(strSymbols, chrSymbols) + 1;
-      return castSlice(strSymbols, start, end).join('');
-    }
-
-    /**
-     * Removes trailing whitespace or specified characters from `string`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to trim.
-     * @param {string} [chars=whitespace] The characters to trim.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {string} Returns the trimmed string.
-     * @example
-     *
-     * _.trimEnd('  abc  ');
-     * // => '  abc'
-     *
-     * _.trimEnd('-_-abc-_-', '_-');
-     * // => '-_-abc'
-     */
-    function trimEnd(string, chars, guard) {
-      string = toString(string);
-      if (string && (guard || chars === undefined)) {
-        return string.slice(0, trimmedEndIndex(string) + 1);
-      }
-      if (!string || !(chars = baseToString(chars))) {
-        return string;
-      }
-      var strSymbols = stringToArray(string),
-        end = charsEndIndex(strSymbols, stringToArray(chars)) + 1;
-      return castSlice(strSymbols, 0, end).join('');
-    }
-
-    /**
-     * Removes leading whitespace or specified characters from `string`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to trim.
-     * @param {string} [chars=whitespace] The characters to trim.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {string} Returns the trimmed string.
-     * @example
-     *
-     * _.trimStart('  abc  ');
-     * // => 'abc  '
-     *
-     * _.trimStart('-_-abc-_-', '_-');
-     * // => 'abc-_-'
-     */
-    function trimStart(string, chars, guard) {
-      string = toString(string);
-      if (string && (guard || chars === undefined)) {
-        return string.replace(reTrimStart, '');
-      }
-      if (!string || !(chars = baseToString(chars))) {
-        return string;
-      }
-      var strSymbols = stringToArray(string),
-        start = charsStartIndex(strSymbols, stringToArray(chars));
-      return castSlice(strSymbols, start).join('');
-    }
-
-    /**
-     * Truncates `string` if it's longer than the given maximum string length.
-     * The last characters of the truncated string are replaced with the omission
-     * string which defaults to "...".
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to truncate.
-     * @param {Object} [options={}] The options object.
-     * @param {number} [options.length=30] The maximum string length.
-     * @param {string} [options.omission='...'] The string to indicate text is omitted.
-     * @param {RegExp|string} [options.separator] The separator pattern to truncate to.
-     * @returns {string} Returns the truncated string.
-     * @example
-     *
-     * _.truncate('hi-diddly-ho there, neighborino');
-     * // => 'hi-diddly-ho there, neighbo...'
-     *
-     * _.truncate('hi-diddly-ho there, neighborino', {
-     *   'length': 24,
-     *   'separator': ' '
-     * });
-     * // => 'hi-diddly-ho there,...'
-     *
-     * _.truncate('hi-diddly-ho there, neighborino', {
-     *   'length': 24,
-     *   'separator': /,? +/
-     * });
-     * // => 'hi-diddly-ho there...'
-     *
-     * _.truncate('hi-diddly-ho there, neighborino', {
-     *   'omission': ' [...]'
-     * });
-     * // => 'hi-diddly-ho there, neig [...]'
-     */
-    function truncate(string, options) {
-      var length = DEFAULT_TRUNC_LENGTH,
-        omission = DEFAULT_TRUNC_OMISSION;
-      if (isObject(options)) {
-        var separator = 'separator' in options ? options.separator : separator;
-        length = 'length' in options ? toInteger(options.length) : length;
-        omission = 'omission' in options ? baseToString(options.omission) : omission;
-      }
-      string = toString(string);
-      var strLength = string.length;
-      if (hasUnicode(string)) {
-        var strSymbols = stringToArray(string);
-        strLength = strSymbols.length;
-      }
-      if (length >= strLength) {
-        return string;
-      }
-      var end = length - stringSize(omission);
-      if (end < 1) {
-        return omission;
-      }
-      var result = strSymbols ? castSlice(strSymbols, 0, end).join('') : string.slice(0, end);
-      if (separator === undefined) {
-        return result + omission;
-      }
-      if (strSymbols) {
-        end += result.length - end;
-      }
-      if (isRegExp(separator)) {
-        if (string.slice(end).search(separator)) {
-          var match,
-            substring = result;
-          if (!separator.global) {
-            separator = RegExp(separator.source, toString(reFlags.exec(separator)) + 'g');
-          }
-          separator.lastIndex = 0;
-          while (match = separator.exec(substring)) {
-            var newEnd = match.index;
-          }
-          result = result.slice(0, newEnd === undefined ? end : newEnd);
-        }
-      } else if (string.indexOf(baseToString(separator), end) != end) {
-        var index = result.lastIndexOf(separator);
-        if (index > -1) {
-          result = result.slice(0, index);
-        }
-      }
-      return result + omission;
-    }
-
-    /**
-     * The inverse of `_.escape`; this method converts the HTML entities
-     * `&amp;`, `&lt;`, `&gt;`, `&quot;`, and `&#39;` in `string` to
-     * their corresponding characters.
-     *
-     * **Note:** No other HTML entities are unescaped. To unescape additional
-     * HTML entities use a third-party library like [_he_](https://mths.be/he).
-     *
-     * @static
-     * @memberOf _
-     * @since 0.6.0
-     * @category String
-     * @param {string} [string=''] The string to unescape.
-     * @returns {string} Returns the unescaped string.
-     * @example
-     *
-     * _.unescape('fred, barney, &amp; pebbles');
-     * // => 'fred, barney, & pebbles'
-     */
-    function unescape(string) {
-      string = toString(string);
-      return string && reHasEscapedHtml.test(string) ? string.replace(reEscapedHtml, unescapeHtmlChar) : string;
-    }
-
-    /**
-     * Converts `string`, as space separated words, to upper case.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the upper cased string.
-     * @example
-     *
-     * _.upperCase('--foo-bar');
-     * // => 'FOO BAR'
-     *
-     * _.upperCase('fooBar');
-     * // => 'FOO BAR'
-     *
-     * _.upperCase('__foo_bar__');
-     * // => 'FOO BAR'
-     */
-    var upperCase = createCompounder(function (result, word, index) {
-      return result + (index ? ' ' : '') + word.toUpperCase();
-    });
-
-    /**
-     * Converts the first character of `string` to upper case.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category String
-     * @param {string} [string=''] The string to convert.
-     * @returns {string} Returns the converted string.
-     * @example
-     *
-     * _.upperFirst('fred');
-     * // => 'Fred'
-     *
-     * _.upperFirst('FRED');
-     * // => 'FRED'
-     */
-    var upperFirst = createCaseFirst('toUpperCase');
-
-    /**
-     * Splits `string` into an array of its words.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category String
-     * @param {string} [string=''] The string to inspect.
-     * @param {RegExp|string} [pattern] The pattern to match words.
-     * @param- {Object} [guard] Enables use as an iteratee for methods like `_.map`.
-     * @returns {Array} Returns the words of `string`.
-     * @example
-     *
-     * _.words('fred, barney, & pebbles');
-     * // => ['fred', 'barney', 'pebbles']
-     *
-     * _.words('fred, barney, & pebbles', /[^, ]+/g);
-     * // => ['fred', 'barney', '&', 'pebbles']
-     */
-    function words(string, pattern, guard) {
-      string = toString(string);
-      pattern = guard ? undefined : pattern;
-      if (pattern === undefined) {
-        return hasUnicodeWord(string) ? unicodeWords(string) : asciiWords(string);
-      }
-      return string.match(pattern) || [];
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Attempts to invoke `func`, returning either the result or the caught error
-     * object. Any additional arguments are provided to `func` when it's invoked.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Util
-     * @param {Function} func The function to attempt.
-     * @param {...*} [args] The arguments to invoke `func` with.
-     * @returns {*} Returns the `func` result or error object.
-     * @example
-     *
-     * // Avoid throwing errors for invalid selectors.
-     * var elements = _.attempt(function(selector) {
-     *   return document.querySelectorAll(selector);
-     * }, '>_>');
-     *
-     * if (_.isError(elements)) {
-     *   elements = [];
-     * }
-     */
-    var attempt = baseRest(function (func, args) {
-      try {
-        return apply(func, undefined, args);
-      } catch (e) {
-        return isError(e) ? e : new Error(e);
-      }
-    });
-
-    /**
-     * Binds methods of an object to the object itself, overwriting the existing
-     * method.
-     *
-     * **Note:** This method doesn't set the "length" property of bound functions.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {Object} object The object to bind and assign the bound methods to.
-     * @param {...(string|string[])} methodNames The object method names to bind.
-     * @returns {Object} Returns `object`.
-     * @example
-     *
-     * var view = {
-     *   'label': 'docs',
-     *   'click': function() {
-     *     console.log('clicked ' + this.label);
-     *   }
-     * };
-     *
-     * _.bindAll(view, ['click']);
-     * jQuery(element).on('click', view.click);
-     * // => Logs 'clicked docs' when clicked.
-     */
-    var bindAll = flatRest(function (object, methodNames) {
-      arrayEach(methodNames, function (key) {
-        key = toKey(key);
-        baseAssignValue(object, key, bind(object[key], object));
-      });
-      return object;
-    });
-
-    /**
-     * Creates a function that iterates over `pairs` and invokes the corresponding
-     * function of the first predicate to return truthy. The predicate-function
-     * pairs are invoked with the `this` binding and arguments of the created
-     * function.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {Array} pairs The predicate-function pairs.
-     * @returns {Function} Returns the new composite function.
-     * @example
-     *
-     * var func = _.cond([
-     *   [_.matches({ 'a': 1 }),           _.constant('matches A')],
-     *   [_.conforms({ 'b': _.isNumber }), _.constant('matches B')],
-     *   [_.stubTrue,                      _.constant('no match')]
-     * ]);
-     *
-     * func({ 'a': 1, 'b': 2 });
-     * // => 'matches A'
-     *
-     * func({ 'a': 0, 'b': 1 });
-     * // => 'matches B'
-     *
-     * func({ 'a': '1', 'b': '2' });
-     * // => 'no match'
-     */
-    function cond(pairs) {
-      var length = pairs == null ? 0 : pairs.length,
-        toIteratee = getIteratee();
-      pairs = !length ? [] : arrayMap(pairs, function (pair) {
-        if (typeof pair[1] != 'function') {
-          throw new TypeError(FUNC_ERROR_TEXT);
-        }
-        return [toIteratee(pair[0]), pair[1]];
-      });
-      return baseRest(function (args) {
-        var index = -1;
-        while (++index < length) {
-          var pair = pairs[index];
-          if (apply(pair[0], this, args)) {
-            return apply(pair[1], this, args);
-          }
-        }
-      });
-    }
-
-    /**
-     * Creates a function that invokes the predicate properties of `source` with
-     * the corresponding property values of a given object, returning `true` if
-     * all predicates return truthy, else `false`.
-     *
-     * **Note:** The created function is equivalent to `_.conformsTo` with
-     * `source` partially applied.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {Object} source The object of property predicates to conform to.
-     * @returns {Function} Returns the new spec function.
-     * @example
-     *
-     * var objects = [
-     *   { 'a': 2, 'b': 1 },
-     *   { 'a': 1, 'b': 2 }
-     * ];
-     *
-     * _.filter(objects, _.conforms({ 'b': function(n) { return n > 1; } }));
-     * // => [{ 'a': 1, 'b': 2 }]
-     */
-    function conforms(source) {
-      return baseConforms(baseClone(source, CLONE_DEEP_FLAG));
-    }
-
-    /**
-     * Creates a function that returns `value`.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.4.0
-     * @category Util
-     * @param {*} value The value to return from the new function.
-     * @returns {Function} Returns the new constant function.
-     * @example
-     *
-     * var objects = _.times(2, _.constant({ 'a': 1 }));
-     *
-     * console.log(objects);
-     * // => [{ 'a': 1 }, { 'a': 1 }]
-     *
-     * console.log(objects[0] === objects[1]);
-     * // => true
-     */
-    function constant(value) {
-      return function () {
-        return value;
-      };
-    }
-
-    /**
-     * Checks `value` to determine whether a default value should be returned in
-     * its place. The `defaultValue` is returned if `value` is `NaN`, `null`,
-     * or `undefined`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.14.0
-     * @category Util
-     * @param {*} value The value to check.
-     * @param {*} defaultValue The default value.
-     * @returns {*} Returns the resolved value.
-     * @example
-     *
-     * _.defaultTo(1, 10);
-     * // => 1
-     *
-     * _.defaultTo(undefined, 10);
-     * // => 10
-     */
-    function defaultTo(value, defaultValue) {
-      return value == null || value !== value ? defaultValue : value;
-    }
-
-    /**
-     * Creates a function that returns the result of invoking the given functions
-     * with the `this` binding of the created function, where each successive
-     * invocation is supplied the return value of the previous.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Util
-     * @param {...(Function|Function[])} [funcs] The functions to invoke.
-     * @returns {Function} Returns the new composite function.
-     * @see _.flowRight
-     * @example
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * var addSquare = _.flow([_.add, square]);
-     * addSquare(1, 2);
-     * // => 9
-     */
-    var flow = createFlow();
-
-    /**
-     * This method is like `_.flow` except that it creates a function that
-     * invokes the given functions from right to left.
-     *
-     * @static
-     * @since 3.0.0
-     * @memberOf _
-     * @category Util
-     * @param {...(Function|Function[])} [funcs] The functions to invoke.
-     * @returns {Function} Returns the new composite function.
-     * @see _.flow
-     * @example
-     *
-     * function square(n) {
-     *   return n * n;
-     * }
-     *
-     * var addSquare = _.flowRight([square, _.add]);
-     * addSquare(1, 2);
-     * // => 9
-     */
-    var flowRight = createFlow(true);
-
-    /**
-     * This method returns the first argument it receives.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {*} value Any value.
-     * @returns {*} Returns `value`.
-     * @example
-     *
-     * var object = { 'a': 1 };
-     *
-     * console.log(_.identity(object) === object);
-     * // => true
-     */
-    function identity(value) {
-      return value;
-    }
-
-    /**
-     * Creates a function that invokes `func` with the arguments of the created
-     * function. If `func` is a property name, the created function returns the
-     * property value for a given element. If `func` is an array or object, the
-     * created function returns `true` for elements that contain the equivalent
-     * source properties, otherwise it returns `false`.
-     *
-     * @static
-     * @since 4.0.0
-     * @memberOf _
-     * @category Util
-     * @param {*} [func=_.identity] The value to convert to a callback.
-     * @returns {Function} Returns the callback.
-     * @example
-     *
-     * var users = [
-     *   { 'user': 'barney', 'age': 36, 'active': true },
-     *   { 'user': 'fred',   'age': 40, 'active': false }
-     * ];
-     *
-     * // The `_.matches` iteratee shorthand.
-     * _.filter(users, _.iteratee({ 'user': 'barney', 'active': true }));
-     * // => [{ 'user': 'barney', 'age': 36, 'active': true }]
-     *
-     * // The `_.matchesProperty` iteratee shorthand.
-     * _.filter(users, _.iteratee(['user', 'fred']));
-     * // => [{ 'user': 'fred', 'age': 40 }]
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.map(users, _.iteratee('user'));
-     * // => ['barney', 'fred']
-     *
-     * // Create custom iteratee shorthands.
-     * _.iteratee = _.wrap(_.iteratee, function(iteratee, func) {
-     *   return !_.isRegExp(func) ? iteratee(func) : function(string) {
-     *     return func.test(string);
-     *   };
-     * });
-     *
-     * _.filter(['abc', 'def'], /ef/);
-     * // => ['def']
-     */
-    function iteratee(func) {
-      return baseIteratee(typeof func == 'function' ? func : baseClone(func, CLONE_DEEP_FLAG));
-    }
-
-    /**
-     * Creates a function that performs a partial deep comparison between a given
-     * object and `source`, returning `true` if the given object has equivalent
-     * property values, else `false`.
-     *
-     * **Note:** The created function is equivalent to `_.isMatch` with `source`
-     * partially applied.
-     *
-     * Partial comparisons will match empty array and empty object `source`
-     * values against any array or object value, respectively. See `_.isEqual`
-     * for a list of supported value comparisons.
-     *
-     * **Note:** Multiple values can be checked by combining several matchers
-     * using `_.overSome`
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Util
-     * @param {Object} source The object of property values to match.
-     * @returns {Function} Returns the new spec function.
-     * @example
-     *
-     * var objects = [
-     *   { 'a': 1, 'b': 2, 'c': 3 },
-     *   { 'a': 4, 'b': 5, 'c': 6 }
-     * ];
-     *
-     * _.filter(objects, _.matches({ 'a': 4, 'c': 6 }));
-     * // => [{ 'a': 4, 'b': 5, 'c': 6 }]
-     *
-     * // Checking for several possible values
-     * _.filter(objects, _.overSome([_.matches({ 'a': 1 }), _.matches({ 'a': 4 })]));
-     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
-     */
-    function matches(source) {
-      return baseMatches(baseClone(source, CLONE_DEEP_FLAG));
-    }
-
-    /**
-     * Creates a function that performs a partial deep comparison between the
-     * value at `path` of a given object to `srcValue`, returning `true` if the
-     * object value is equivalent, else `false`.
-     *
-     * **Note:** Partial comparisons will match empty array and empty object
-     * `srcValue` values against any array or object value, respectively. See
-     * `_.isEqual` for a list of supported value comparisons.
-     *
-     * **Note:** Multiple values can be checked by combining several matchers
-     * using `_.overSome`
-     *
-     * @static
-     * @memberOf _
-     * @since 3.2.0
-     * @category Util
-     * @param {Array|string} path The path of the property to get.
-     * @param {*} srcValue The value to match.
-     * @returns {Function} Returns the new spec function.
-     * @example
-     *
-     * var objects = [
-     *   { 'a': 1, 'b': 2, 'c': 3 },
-     *   { 'a': 4, 'b': 5, 'c': 6 }
-     * ];
-     *
-     * _.find(objects, _.matchesProperty('a', 4));
-     * // => { 'a': 4, 'b': 5, 'c': 6 }
-     *
-     * // Checking for several possible values
-     * _.filter(objects, _.overSome([_.matchesProperty('a', 1), _.matchesProperty('a', 4)]));
-     * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }]
-     */
-    function matchesProperty(path, srcValue) {
-      return baseMatchesProperty(path, baseClone(srcValue, CLONE_DEEP_FLAG));
-    }
-
-    /**
-     * Creates a function that invokes the method at `path` of a given object.
-     * Any additional arguments are provided to the invoked method.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.7.0
-     * @category Util
-     * @param {Array|string} path The path of the method to invoke.
-     * @param {...*} [args] The arguments to invoke the method with.
-     * @returns {Function} Returns the new invoker function.
-     * @example
-     *
-     * var objects = [
-     *   { 'a': { 'b': _.constant(2) } },
-     *   { 'a': { 'b': _.constant(1) } }
-     * ];
-     *
-     * _.map(objects, _.method('a.b'));
-     * // => [2, 1]
-     *
-     * _.map(objects, _.method(['a', 'b']));
-     * // => [2, 1]
-     */
-    var method = baseRest(function (path, args) {
-      return function (object) {
-        return baseInvoke(object, path, args);
-      };
-    });
-
-    /**
-     * The opposite of `_.method`; this method creates a function that invokes
-     * the method at a given path of `object`. Any additional arguments are
-     * provided to the invoked method.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.7.0
-     * @category Util
-     * @param {Object} object The object to query.
-     * @param {...*} [args] The arguments to invoke the method with.
-     * @returns {Function} Returns the new invoker function.
-     * @example
-     *
-     * var array = _.times(3, _.constant),
-     *     object = { 'a': array, 'b': array, 'c': array };
-     *
-     * _.map(['a[2]', 'c[0]'], _.methodOf(object));
-     * // => [2, 0]
-     *
-     * _.map([['a', '2'], ['c', '0']], _.methodOf(object));
-     * // => [2, 0]
-     */
-    var methodOf = baseRest(function (object, args) {
-      return function (path) {
-        return baseInvoke(object, path, args);
-      };
-    });
-
-    /**
-     * Adds all own enumerable string keyed function properties of a source
-     * object to the destination object. If `object` is a function, then methods
-     * are added to its prototype as well.
-     *
-     * **Note:** Use `_.runInContext` to create a pristine `lodash` function to
-     * avoid conflicts caused by modifying the original.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {Function|Object} [object=lodash] The destination object.
-     * @param {Object} source The object of functions to add.
-     * @param {Object} [options={}] The options object.
-     * @param {boolean} [options.chain=true] Specify whether mixins are chainable.
-     * @returns {Function|Object} Returns `object`.
-     * @example
-     *
-     * function vowels(string) {
-     *   return _.filter(string, function(v) {
-     *     return /[aeiou]/i.test(v);
-     *   });
-     * }
-     *
-     * _.mixin({ 'vowels': vowels });
-     * _.vowels('fred');
-     * // => ['e']
-     *
-     * _('fred').vowels().value();
-     * // => ['e']
-     *
-     * _.mixin({ 'vowels': vowels }, { 'chain': false });
-     * _('fred').vowels();
-     * // => ['e']
-     */
-    function mixin(object, source, options) {
-      var props = keys(source),
-        methodNames = baseFunctions(source, props);
-      if (options == null && !(isObject(source) && (methodNames.length || !props.length))) {
-        options = source;
-        source = object;
-        object = this;
-        methodNames = baseFunctions(source, keys(source));
-      }
-      var chain = !(isObject(options) && 'chain' in options) || !!options.chain,
-        isFunc = isFunction(object);
-      arrayEach(methodNames, function (methodName) {
-        var func = source[methodName];
-        object[methodName] = func;
-        if (isFunc) {
-          object.prototype[methodName] = function () {
-            var chainAll = this.__chain__;
-            if (chain || chainAll) {
-              var result = object(this.__wrapped__),
-                actions = result.__actions__ = copyArray(this.__actions__);
-              actions.push({
-                'func': func,
-                'args': arguments,
-                'thisArg': object
-              });
-              result.__chain__ = chainAll;
-              return result;
-            }
-            return func.apply(object, arrayPush([this.value()], arguments));
-          };
-        }
-      });
-      return object;
-    }
-
-    /**
-     * Reverts the `_` variable to its previous value and returns a reference to
-     * the `lodash` function.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @returns {Function} Returns the `lodash` function.
-     * @example
-     *
-     * var lodash = _.noConflict();
-     */
-    function noConflict() {
-      if (root._ === this) {
-        root._ = oldDash;
-      }
-      return this;
-    }
-
-    /**
-     * This method returns `undefined`.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.3.0
-     * @category Util
-     * @example
-     *
-     * _.times(2, _.noop);
-     * // => [undefined, undefined]
-     */
-    function noop() {
-      // No operation performed.
-    }
-
-    /**
-     * Creates a function that gets the argument at index `n`. If `n` is negative,
-     * the nth argument from the end is returned.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {number} [n=0] The index of the argument to return.
-     * @returns {Function} Returns the new pass-thru function.
-     * @example
-     *
-     * var func = _.nthArg(1);
-     * func('a', 'b', 'c', 'd');
-     * // => 'b'
-     *
-     * var func = _.nthArg(-2);
-     * func('a', 'b', 'c', 'd');
-     * // => 'c'
-     */
-    function nthArg(n) {
-      n = toInteger(n);
-      return baseRest(function (args) {
-        return baseNth(args, n);
-      });
-    }
-
-    /**
-     * Creates a function that invokes `iteratees` with the arguments it receives
-     * and returns their results.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {...(Function|Function[])} [iteratees=[_.identity]]
-     *  The iteratees to invoke.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var func = _.over([Math.max, Math.min]);
-     *
-     * func(1, 2, 3, 4);
-     * // => [4, 1]
-     */
-    var over = createOver(arrayMap);
-
-    /**
-     * Creates a function that checks if **all** of the `predicates` return
-     * truthy when invoked with the arguments it receives.
-     *
-     * Following shorthands are possible for providing predicates.
-     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
-     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {...(Function|Function[])} [predicates=[_.identity]]
-     *  The predicates to check.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var func = _.overEvery([Boolean, isFinite]);
-     *
-     * func('1');
-     * // => true
-     *
-     * func(null);
-     * // => false
-     *
-     * func(NaN);
-     * // => false
-     */
-    var overEvery = createOver(arrayEvery);
-
-    /**
-     * Creates a function that checks if **any** of the `predicates` return
-     * truthy when invoked with the arguments it receives.
-     *
-     * Following shorthands are possible for providing predicates.
-     * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate.
-     * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {...(Function|Function[])} [predicates=[_.identity]]
-     *  The predicates to check.
-     * @returns {Function} Returns the new function.
-     * @example
-     *
-     * var func = _.overSome([Boolean, isFinite]);
-     *
-     * func('1');
-     * // => true
-     *
-     * func(null);
-     * // => true
-     *
-     * func(NaN);
-     * // => false
-     *
-     * var matchesFunc = _.overSome([{ 'a': 1 }, { 'a': 2 }])
-     * var matchesPropertyFunc = _.overSome([['a', 1], ['a', 2]])
-     */
-    var overSome = createOver(arraySome);
-
-    /**
-     * Creates a function that returns the value at `path` of a given object.
-     *
-     * @static
-     * @memberOf _
-     * @since 2.4.0
-     * @category Util
-     * @param {Array|string} path The path of the property to get.
-     * @returns {Function} Returns the new accessor function.
-     * @example
-     *
-     * var objects = [
-     *   { 'a': { 'b': 2 } },
-     *   { 'a': { 'b': 1 } }
-     * ];
-     *
-     * _.map(objects, _.property('a.b'));
-     * // => [2, 1]
-     *
-     * _.map(_.sortBy(objects, _.property(['a', 'b'])), 'a.b');
-     * // => [1, 2]
-     */
-    function property(path) {
-      return isKey(path) ? baseProperty(toKey(path)) : basePropertyDeep(path);
-    }
-
-    /**
-     * The opposite of `_.property`; this method creates a function that returns
-     * the value at a given path of `object`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.0.0
-     * @category Util
-     * @param {Object} object The object to query.
-     * @returns {Function} Returns the new accessor function.
-     * @example
-     *
-     * var array = [0, 1, 2],
-     *     object = { 'a': array, 'b': array, 'c': array };
-     *
-     * _.map(['a[2]', 'c[0]'], _.propertyOf(object));
-     * // => [2, 0]
-     *
-     * _.map([['a', '2'], ['c', '0']], _.propertyOf(object));
-     * // => [2, 0]
-     */
-    function propertyOf(object) {
-      return function (path) {
-        return object == null ? undefined : baseGet(object, path);
-      };
-    }
-
-    /**
-     * Creates an array of numbers (positive and/or negative) progressing from
-     * `start` up to, but not including, `end`. A step of `-1` is used if a negative
-     * `start` is specified without an `end` or `step`. If `end` is not specified,
-     * it's set to `start` with `start` then set to `0`.
-     *
-     * **Note:** JavaScript follows the IEEE-754 standard for resolving
-     * floating-point values which can produce unexpected results.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {number} [start=0] The start of the range.
-     * @param {number} end The end of the range.
-     * @param {number} [step=1] The value to increment or decrement by.
-     * @returns {Array} Returns the range of numbers.
-     * @see _.inRange, _.rangeRight
-     * @example
-     *
-     * _.range(4);
-     * // => [0, 1, 2, 3]
-     *
-     * _.range(-4);
-     * // => [0, -1, -2, -3]
-     *
-     * _.range(1, 5);
-     * // => [1, 2, 3, 4]
-     *
-     * _.range(0, 20, 5);
-     * // => [0, 5, 10, 15]
-     *
-     * _.range(0, -4, -1);
-     * // => [0, -1, -2, -3]
-     *
-     * _.range(1, 4, 0);
-     * // => [1, 1, 1]
-     *
-     * _.range(0);
-     * // => []
-     */
-    var range = createRange();
-
-    /**
-     * This method is like `_.range` except that it populates values in
-     * descending order.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {number} [start=0] The start of the range.
-     * @param {number} end The end of the range.
-     * @param {number} [step=1] The value to increment or decrement by.
-     * @returns {Array} Returns the range of numbers.
-     * @see _.inRange, _.range
-     * @example
-     *
-     * _.rangeRight(4);
-     * // => [3, 2, 1, 0]
-     *
-     * _.rangeRight(-4);
-     * // => [-3, -2, -1, 0]
-     *
-     * _.rangeRight(1, 5);
-     * // => [4, 3, 2, 1]
-     *
-     * _.rangeRight(0, 20, 5);
-     * // => [15, 10, 5, 0]
-     *
-     * _.rangeRight(0, -4, -1);
-     * // => [-3, -2, -1, 0]
-     *
-     * _.rangeRight(1, 4, 0);
-     * // => [1, 1, 1]
-     *
-     * _.rangeRight(0);
-     * // => []
-     */
-    var rangeRight = createRange(true);
-
-    /**
-     * This method returns a new empty array.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.13.0
-     * @category Util
-     * @returns {Array} Returns the new empty array.
-     * @example
-     *
-     * var arrays = _.times(2, _.stubArray);
-     *
-     * console.log(arrays);
-     * // => [[], []]
-     *
-     * console.log(arrays[0] === arrays[1]);
-     * // => false
-     */
-    function stubArray() {
-      return [];
-    }
-
-    /**
-     * This method returns `false`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.13.0
-     * @category Util
-     * @returns {boolean} Returns `false`.
-     * @example
-     *
-     * _.times(2, _.stubFalse);
-     * // => [false, false]
-     */
-    function stubFalse() {
-      return false;
-    }
-
-    /**
-     * This method returns a new empty object.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.13.0
-     * @category Util
-     * @returns {Object} Returns the new empty object.
-     * @example
-     *
-     * var objects = _.times(2, _.stubObject);
-     *
-     * console.log(objects);
-     * // => [{}, {}]
-     *
-     * console.log(objects[0] === objects[1]);
-     * // => false
-     */
-    function stubObject() {
-      return {};
-    }
-
-    /**
-     * This method returns an empty string.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.13.0
-     * @category Util
-     * @returns {string} Returns the empty string.
-     * @example
-     *
-     * _.times(2, _.stubString);
-     * // => ['', '']
-     */
-    function stubString() {
-      return '';
-    }
-
-    /**
-     * This method returns `true`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.13.0
-     * @category Util
-     * @returns {boolean} Returns `true`.
-     * @example
-     *
-     * _.times(2, _.stubTrue);
-     * // => [true, true]
-     */
-    function stubTrue() {
-      return true;
-    }
-
-    /**
-     * Invokes the iteratee `n` times, returning an array of the results of
-     * each invocation. The iteratee is invoked with one argument; (index).
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {number} n The number of times to invoke `iteratee`.
-     * @param {Function} [iteratee=_.identity] The function invoked per iteration.
-     * @returns {Array} Returns the array of results.
-     * @example
-     *
-     * _.times(3, String);
-     * // => ['0', '1', '2']
-     *
-     *  _.times(4, _.constant(0));
-     * // => [0, 0, 0, 0]
-     */
-    function times(n, iteratee) {
-      n = toInteger(n);
-      if (n < 1 || n > MAX_SAFE_INTEGER) {
-        return [];
-      }
-      var index = MAX_ARRAY_LENGTH,
-        length = nativeMin(n, MAX_ARRAY_LENGTH);
-      iteratee = getIteratee(iteratee);
-      n -= MAX_ARRAY_LENGTH;
-      var result = baseTimes(length, iteratee);
-      while (++index < n) {
-        iteratee(index);
-      }
-      return result;
-    }
-
-    /**
-     * Converts `value` to a property path array.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Util
-     * @param {*} value The value to convert.
-     * @returns {Array} Returns the new property path array.
-     * @example
-     *
-     * _.toPath('a.b.c');
-     * // => ['a', 'b', 'c']
-     *
-     * _.toPath('a[0].b.c');
-     * // => ['a', '0', 'b', 'c']
-     */
-    function toPath(value) {
-      if (isArray(value)) {
-        return arrayMap(value, toKey);
-      }
-      return isSymbol(value) ? [value] : copyArray(stringToPath(toString(value)));
-    }
-
-    /**
-     * Generates a unique ID. If `prefix` is given, the ID is appended to it.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Util
-     * @param {string} [prefix=''] The value to prefix the ID with.
-     * @returns {string} Returns the unique ID.
-     * @example
-     *
-     * _.uniqueId('contact_');
-     * // => 'contact_104'
-     *
-     * _.uniqueId();
-     * // => '105'
-     */
-    function uniqueId(prefix) {
-      var id = ++idCounter;
-      return toString(prefix) + id;
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * Adds two numbers.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.4.0
-     * @category Math
-     * @param {number} augend The first number in an addition.
-     * @param {number} addend The second number in an addition.
-     * @returns {number} Returns the total.
-     * @example
-     *
-     * _.add(6, 4);
-     * // => 10
-     */
-    var add = createMathOperation(function (augend, addend) {
-      return augend + addend;
-    }, 0);
-
-    /**
-     * Computes `number` rounded up to `precision`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.10.0
-     * @category Math
-     * @param {number} number The number to round up.
-     * @param {number} [precision=0] The precision to round up to.
-     * @returns {number} Returns the rounded up number.
-     * @example
-     *
-     * _.ceil(4.006);
-     * // => 5
-     *
-     * _.ceil(6.004, 2);
-     * // => 6.01
-     *
-     * _.ceil(6040, -2);
-     * // => 6100
-     */
-    var ceil = createRound('ceil');
-
-    /**
-     * Divide two numbers.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.7.0
-     * @category Math
-     * @param {number} dividend The first number in a division.
-     * @param {number} divisor The second number in a division.
-     * @returns {number} Returns the quotient.
-     * @example
-     *
-     * _.divide(6, 4);
-     * // => 1.5
-     */
-    var divide = createMathOperation(function (dividend, divisor) {
-      return dividend / divisor;
-    }, 1);
-
-    /**
-     * Computes `number` rounded down to `precision`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.10.0
-     * @category Math
-     * @param {number} number The number to round down.
-     * @param {number} [precision=0] The precision to round down to.
-     * @returns {number} Returns the rounded down number.
-     * @example
-     *
-     * _.floor(4.006);
-     * // => 4
-     *
-     * _.floor(0.046, 2);
-     * // => 0.04
-     *
-     * _.floor(4060, -2);
-     * // => 4000
-     */
-    var floor = createRound('floor');
-
-    /**
-     * Computes the maximum value of `array`. If `array` is empty or falsey,
-     * `undefined` is returned.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @returns {*} Returns the maximum value.
-     * @example
-     *
-     * _.max([4, 2, 8, 6]);
-     * // => 8
-     *
-     * _.max([]);
-     * // => undefined
-     */
-    function max(array) {
-      return array && array.length ? baseExtremum(array, identity, baseGt) : undefined;
-    }
-
-    /**
-     * This method is like `_.max` except that it accepts `iteratee` which is
-     * invoked for each element in `array` to generate the criterion by which
-     * the value is ranked. The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {*} Returns the maximum value.
-     * @example
-     *
-     * var objects = [{ 'n': 1 }, { 'n': 2 }];
-     *
-     * _.maxBy(objects, function(o) { return o.n; });
-     * // => { 'n': 2 }
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.maxBy(objects, 'n');
-     * // => { 'n': 2 }
-     */
-    function maxBy(array, iteratee) {
-      return array && array.length ? baseExtremum(array, getIteratee(iteratee, 2), baseGt) : undefined;
-    }
-
-    /**
-     * Computes the mean of the values in `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @returns {number} Returns the mean.
-     * @example
-     *
-     * _.mean([4, 2, 8, 6]);
-     * // => 5
-     */
-    function mean(array) {
-      return baseMean(array, identity);
-    }
-
-    /**
-     * This method is like `_.mean` except that it accepts `iteratee` which is
-     * invoked for each element in `array` to generate the value to be averaged.
-     * The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.7.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {number} Returns the mean.
-     * @example
-     *
-     * var objects = [{ 'n': 4 }, { 'n': 2 }, { 'n': 8 }, { 'n': 6 }];
-     *
-     * _.meanBy(objects, function(o) { return o.n; });
-     * // => 5
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.meanBy(objects, 'n');
-     * // => 5
-     */
-    function meanBy(array, iteratee) {
-      return baseMean(array, getIteratee(iteratee, 2));
-    }
-
-    /**
-     * Computes the minimum value of `array`. If `array` is empty or falsey,
-     * `undefined` is returned.
-     *
-     * @static
-     * @since 0.1.0
-     * @memberOf _
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @returns {*} Returns the minimum value.
-     * @example
-     *
-     * _.min([4, 2, 8, 6]);
-     * // => 2
-     *
-     * _.min([]);
-     * // => undefined
-     */
-    function min(array) {
-      return array && array.length ? baseExtremum(array, identity, baseLt) : undefined;
-    }
-
-    /**
-     * This method is like `_.min` except that it accepts `iteratee` which is
-     * invoked for each element in `array` to generate the criterion by which
-     * the value is ranked. The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {*} Returns the minimum value.
-     * @example
-     *
-     * var objects = [{ 'n': 1 }, { 'n': 2 }];
-     *
-     * _.minBy(objects, function(o) { return o.n; });
-     * // => { 'n': 1 }
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.minBy(objects, 'n');
-     * // => { 'n': 1 }
-     */
-    function minBy(array, iteratee) {
-      return array && array.length ? baseExtremum(array, getIteratee(iteratee, 2), baseLt) : undefined;
-    }
-
-    /**
-     * Multiply two numbers.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.7.0
-     * @category Math
-     * @param {number} multiplier The first number in a multiplication.
-     * @param {number} multiplicand The second number in a multiplication.
-     * @returns {number} Returns the product.
-     * @example
-     *
-     * _.multiply(6, 4);
-     * // => 24
-     */
-    var multiply = createMathOperation(function (multiplier, multiplicand) {
-      return multiplier * multiplicand;
-    }, 1);
-
-    /**
-     * Computes `number` rounded to `precision`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.10.0
-     * @category Math
-     * @param {number} number The number to round.
-     * @param {number} [precision=0] The precision to round to.
-     * @returns {number} Returns the rounded number.
-     * @example
-     *
-     * _.round(4.006);
-     * // => 4
-     *
-     * _.round(4.006, 2);
-     * // => 4.01
-     *
-     * _.round(4060, -2);
-     * // => 4100
-     */
-    var round = createRound('round');
-
-    /**
-     * Subtract two numbers.
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Math
-     * @param {number} minuend The first number in a subtraction.
-     * @param {number} subtrahend The second number in a subtraction.
-     * @returns {number} Returns the difference.
-     * @example
-     *
-     * _.subtract(6, 4);
-     * // => 2
-     */
-    var subtract = createMathOperation(function (minuend, subtrahend) {
-      return minuend - subtrahend;
-    }, 0);
-
-    /**
-     * Computes the sum of the values in `array`.
-     *
-     * @static
-     * @memberOf _
-     * @since 3.4.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @returns {number} Returns the sum.
-     * @example
-     *
-     * _.sum([4, 2, 8, 6]);
-     * // => 20
-     */
-    function sum(array) {
-      return array && array.length ? baseSum(array, identity) : 0;
-    }
-
-    /**
-     * This method is like `_.sum` except that it accepts `iteratee` which is
-     * invoked for each element in `array` to generate the value to be summed.
-     * The iteratee is invoked with one argument: (value).
-     *
-     * @static
-     * @memberOf _
-     * @since 4.0.0
-     * @category Math
-     * @param {Array} array The array to iterate over.
-     * @param {Function} [iteratee=_.identity] The iteratee invoked per element.
-     * @returns {number} Returns the sum.
-     * @example
-     *
-     * var objects = [{ 'n': 4 }, { 'n': 2 }, { 'n': 8 }, { 'n': 6 }];
-     *
-     * _.sumBy(objects, function(o) { return o.n; });
-     * // => 20
-     *
-     * // The `_.property` iteratee shorthand.
-     * _.sumBy(objects, 'n');
-     * // => 20
-     */
-    function sumBy(array, iteratee) {
-      return array && array.length ? baseSum(array, getIteratee(iteratee, 2)) : 0;
-    }
-
-    /*------------------------------------------------------------------------*/
-
-    // Add methods that return wrapped values in chain sequences.
-    lodash.after = after;
-    lodash.ary = ary;
-    lodash.assign = assign;
-    lodash.assignIn = assignIn;
-    lodash.assignInWith = assignInWith;
-    lodash.assignWith = assignWith;
-    lodash.at = at;
-    lodash.before = before;
-    lodash.bind = bind;
-    lodash.bindAll = bindAll;
-    lodash.bindKey = bindKey;
-    lodash.castArray = castArray;
-    lodash.chain = chain;
-    lodash.chunk = chunk;
-    lodash.compact = compact;
-    lodash.concat = concat;
-    lodash.cond = cond;
-    lodash.conforms = conforms;
-    lodash.constant = constant;
-    lodash.countBy = countBy;
-    lodash.create = create;
-    lodash.curry = curry;
-    lodash.curryRight = curryRight;
-    lodash.debounce = debounce;
-    lodash.defaults = defaults;
-    lodash.defaultsDeep = defaultsDeep;
-    lodash.defer = defer;
-    lodash.delay = delay;
-    lodash.difference = difference;
-    lodash.differenceBy = differenceBy;
-    lodash.differenceWith = differenceWith;
-    lodash.drop = drop;
-    lodash.dropRight = dropRight;
-    lodash.dropRightWhile = dropRightWhile;
-    lodash.dropWhile = dropWhile;
-    lodash.fill = fill;
-    lodash.filter = filter;
-    lodash.flatMap = flatMap;
-    lodash.flatMapDeep = flatMapDeep;
-    lodash.flatMapDepth = flatMapDepth;
-    lodash.flatten = flatten;
-    lodash.flattenDeep = flattenDeep;
-    lodash.flattenDepth = flattenDepth;
-    lodash.flip = flip;
-    lodash.flow = flow;
-    lodash.flowRight = flowRight;
-    lodash.fromPairs = fromPairs;
-    lodash.functions = functions;
-    lodash.functionsIn = functionsIn;
-    lodash.groupBy = groupBy;
-    lodash.initial = initial;
-    lodash.intersection = intersection;
-    lodash.intersectionBy = intersectionBy;
-    lodash.intersectionWith = intersectionWith;
-    lodash.invert = invert;
-    lodash.invertBy = invertBy;
-    lodash.invokeMap = invokeMap;
-    lodash.iteratee = iteratee;
-    lodash.keyBy = keyBy;
-    lodash.keys = keys;
-    lodash.keysIn = keysIn;
-    lodash.map = map;
-    lodash.mapKeys = mapKeys;
-    lodash.mapValues = mapValues;
-    lodash.matches = matches;
-    lodash.matchesProperty = matchesProperty;
-    lodash.memoize = memoize;
-    lodash.merge = merge;
-    lodash.mergeWith = mergeWith;
-    lodash.method = method;
-    lodash.methodOf = methodOf;
-    lodash.mixin = mixin;
-    lodash.negate = negate;
-    lodash.nthArg = nthArg;
-    lodash.omit = omit;
-    lodash.omitBy = omitBy;
-    lodash.once = once;
-    lodash.orderBy = orderBy;
-    lodash.over = over;
-    lodash.overArgs = overArgs;
-    lodash.overEvery = overEvery;
-    lodash.overSome = overSome;
-    lodash.partial = partial;
-    lodash.partialRight = partialRight;
-    lodash.partition = partition;
-    lodash.pick = pick;
-    lodash.pickBy = pickBy;
-    lodash.property = property;
-    lodash.propertyOf = propertyOf;
-    lodash.pull = pull;
-    lodash.pullAll = pullAll;
-    lodash.pullAllBy = pullAllBy;
-    lodash.pullAllWith = pullAllWith;
-    lodash.pullAt = pullAt;
-    lodash.range = range;
-    lodash.rangeRight = rangeRight;
-    lodash.rearg = rearg;
-    lodash.reject = reject;
-    lodash.remove = remove;
-    lodash.rest = rest;
-    lodash.reverse = reverse;
-    lodash.sampleSize = sampleSize;
-    lodash.set = set;
-    lodash.setWith = setWith;
-    lodash.shuffle = shuffle;
-    lodash.slice = slice;
-    lodash.sortBy = sortBy;
-    lodash.sortedUniq = sortedUniq;
-    lodash.sortedUniqBy = sortedUniqBy;
-    lodash.split = split;
-    lodash.spread = spread;
-    lodash.tail = tail;
-    lodash.take = take;
-    lodash.takeRight = takeRight;
-    lodash.takeRightWhile = takeRightWhile;
-    lodash.takeWhile = takeWhile;
-    lodash.tap = tap;
-    lodash.throttle = throttle;
-    lodash.thru = thru;
-    lodash.toArray = toArray;
-    lodash.toPairs = toPairs;
-    lodash.toPairsIn = toPairsIn;
-    lodash.toPath = toPath;
-    lodash.toPlainObject = toPlainObject;
-    lodash.transform = transform;
-    lodash.unary = unary;
-    lodash.union = union;
-    lodash.unionBy = unionBy;
-    lodash.unionWith = unionWith;
-    lodash.uniq = uniq;
-    lodash.uniqBy = uniqBy;
-    lodash.uniqWith = uniqWith;
-    lodash.unset = unset;
-    lodash.unzip = unzip;
-    lodash.unzipWith = unzipWith;
-    lodash.update = update;
-    lodash.updateWith = updateWith;
-    lodash.values = values;
-    lodash.valuesIn = valuesIn;
-    lodash.without = without;
-    lodash.words = words;
-    lodash.wrap = wrap;
-    lodash.xor = xor;
-    lodash.xorBy = xorBy;
-    lodash.xorWith = xorWith;
-    lodash.zip = zip;
-    lodash.zipObject = zipObject;
-    lodash.zipObjectDeep = zipObjectDeep;
-    lodash.zipWith = zipWith;
-
-    // Add aliases.
-    lodash.entries = toPairs;
-    lodash.entriesIn = toPairsIn;
-    lodash.extend = assignIn;
-    lodash.extendWith = assignInWith;
-
-    // Add methods to `lodash.prototype`.
-    mixin(lodash, lodash);
-
-    /*------------------------------------------------------------------------*/
-
-    // Add methods that return unwrapped values in chain sequences.
-    lodash.add = add;
-    lodash.attempt = attempt;
-    lodash.camelCase = camelCase;
-    lodash.capitalize = capitalize;
-    lodash.ceil = ceil;
-    lodash.clamp = clamp;
-    lodash.clone = clone;
-    lodash.cloneDeep = cloneDeep;
-    lodash.cloneDeepWith = cloneDeepWith;
-    lodash.cloneWith = cloneWith;
-    lodash.conformsTo = conformsTo;
-    lodash.deburr = deburr;
-    lodash.defaultTo = defaultTo;
-    lodash.divide = divide;
-    lodash.endsWith = endsWith;
-    lodash.eq = eq;
-    lodash.escape = escape;
-    lodash.escapeRegExp = escapeRegExp;
-    lodash.every = every;
-    lodash.find = find;
-    lodash.findIndex = findIndex;
-    lodash.findKey = findKey;
-    lodash.findLast = findLast;
-    lodash.findLastIndex = findLastIndex;
-    lodash.findLastKey = findLastKey;
-    lodash.floor = floor;
-    lodash.forEach = forEach;
-    lodash.forEachRight = forEachRight;
-    lodash.forIn = forIn;
-    lodash.forInRight = forInRight;
-    lodash.forOwn = forOwn;
-    lodash.forOwnRight = forOwnRight;
-    lodash.get = get;
-    lodash.gt = gt;
-    lodash.gte = gte;
-    lodash.has = has;
-    lodash.hasIn = hasIn;
-    lodash.head = head;
-    lodash.identity = identity;
-    lodash.includes = includes;
-    lodash.indexOf = indexOf;
-    lodash.inRange = inRange;
-    lodash.invoke = invoke;
-    lodash.isArguments = isArguments;
-    lodash.isArray = isArray;
-    lodash.isArrayBuffer = isArrayBuffer;
-    lodash.isArrayLike = isArrayLike;
-    lodash.isArrayLikeObject = isArrayLikeObject;
-    lodash.isBoolean = isBoolean;
-    lodash.isBuffer = isBuffer;
-    lodash.isDate = isDate;
-    lodash.isElement = isElement;
-    lodash.isEmpty = isEmpty;
-    lodash.isEqual = isEqual;
-    lodash.isEqualWith = isEqualWith;
-    lodash.isError = isError;
-    lodash.isFinite = isFinite;
-    lodash.isFunction = isFunction;
-    lodash.isInteger = isInteger;
-    lodash.isLength = isLength;
-    lodash.isMap = isMap;
-    lodash.isMatch = isMatch;
-    lodash.isMatchWith = isMatchWith;
-    lodash.isNaN = isNaN;
-    lodash.isNative = isNative;
-    lodash.isNil = isNil;
-    lodash.isNull = isNull;
-    lodash.isNumber = isNumber;
-    lodash.isObject = isObject;
-    lodash.isObjectLike = isObjectLike;
-    lodash.isPlainObject = isPlainObject;
-    lodash.isRegExp = isRegExp;
-    lodash.isSafeInteger = isSafeInteger;
-    lodash.isSet = isSet;
-    lodash.isString = isString;
-    lodash.isSymbol = isSymbol;
-    lodash.isTypedArray = isTypedArray;
-    lodash.isUndefined = isUndefined;
-    lodash.isWeakMap = isWeakMap;
-    lodash.isWeakSet = isWeakSet;
-    lodash.join = join;
-    lodash.kebabCase = kebabCase;
-    lodash.last = last;
-    lodash.lastIndexOf = lastIndexOf;
-    lodash.lowerCase = lowerCase;
-    lodash.lowerFirst = lowerFirst;
-    lodash.lt = lt;
-    lodash.lte = lte;
-    lodash.max = max;
-    lodash.maxBy = maxBy;
-    lodash.mean = mean;
-    lodash.meanBy = meanBy;
-    lodash.min = min;
-    lodash.minBy = minBy;
-    lodash.stubArray = stubArray;
-    lodash.stubFalse = stubFalse;
-    lodash.stubObject = stubObject;
-    lodash.stubString = stubString;
-    lodash.stubTrue = stubTrue;
-    lodash.multiply = multiply;
-    lodash.nth = nth;
-    lodash.noConflict = noConflict;
-    lodash.noop = noop;
-    lodash.now = now;
-    lodash.pad = pad;
-    lodash.padEnd = padEnd;
-    lodash.padStart = padStart;
-    lodash.parseInt = parseInt;
-    lodash.random = random;
-    lodash.reduce = reduce;
-    lodash.reduceRight = reduceRight;
-    lodash.repeat = repeat;
-    lodash.replace = replace;
-    lodash.result = result;
-    lodash.round = round;
-    lodash.runInContext = runInContext;
-    lodash.sample = sample;
-    lodash.size = size;
-    lodash.snakeCase = snakeCase;
-    lodash.some = some;
-    lodash.sortedIndex = sortedIndex;
-    lodash.sortedIndexBy = sortedIndexBy;
-    lodash.sortedIndexOf = sortedIndexOf;
-    lodash.sortedLastIndex = sortedLastIndex;
-    lodash.sortedLastIndexBy = sortedLastIndexBy;
-    lodash.sortedLastIndexOf = sortedLastIndexOf;
-    lodash.startCase = startCase;
-    lodash.startsWith = startsWith;
-    lodash.subtract = subtract;
-    lodash.sum = sum;
-    lodash.sumBy = sumBy;
-    lodash.template = template;
-    lodash.times = times;
-    lodash.toFinite = toFinite;
-    lodash.toInteger = toInteger;
-    lodash.toLength = toLength;
-    lodash.toLower = toLower;
-    lodash.toNumber = toNumber;
-    lodash.toSafeInteger = toSafeInteger;
-    lodash.toString = toString;
-    lodash.toUpper = toUpper;
-    lodash.trim = trim;
-    lodash.trimEnd = trimEnd;
-    lodash.trimStart = trimStart;
-    lodash.truncate = truncate;
-    lodash.unescape = unescape;
-    lodash.uniqueId = uniqueId;
-    lodash.upperCase = upperCase;
-    lodash.upperFirst = upperFirst;
-
-    // Add aliases.
-    lodash.each = forEach;
-    lodash.eachRight = forEachRight;
-    lodash.first = head;
-    mixin(lodash, function () {
-      var source = {};
-      baseForOwn(lodash, function (func, methodName) {
-        if (!hasOwnProperty.call(lodash.prototype, methodName)) {
-          source[methodName] = func;
-        }
-      });
-      return source;
-    }(), {
-      'chain': false
-    });
-
-    /*------------------------------------------------------------------------*/
-
-    /**
-     * The semantic version number.
-     *
-     * @static
-     * @memberOf _
-     * @type {string}
-     */
-    lodash.VERSION = VERSION;
-
-    // Assign default placeholders.
-    arrayEach(['bind', 'bindKey', 'curry', 'curryRight', 'partial', 'partialRight'], function (methodName) {
-      lodash[methodName].placeholder = lodash;
-    });
-
-    // Add `LazyWrapper` methods for `_.drop` and `_.take` variants.
-    arrayEach(['drop', 'take'], function (methodName, index) {
-      LazyWrapper.prototype[methodName] = function (n) {
-        n = n === undefined ? 1 : nativeMax(toInteger(n), 0);
-        var result = this.__filtered__ && !index ? new LazyWrapper(this) : this.clone();
-        if (result.__filtered__) {
-          result.__takeCount__ = nativeMin(n, result.__takeCount__);
-        } else {
-          result.__views__.push({
-            'size': nativeMin(n, MAX_ARRAY_LENGTH),
-            'type': methodName + (result.__dir__ < 0 ? 'Right' : '')
-          });
-        }
-        return result;
-      };
-      LazyWrapper.prototype[methodName + 'Right'] = function (n) {
-        return this.reverse()[methodName](n).reverse();
-      };
-    });
-
-    // Add `LazyWrapper` methods that accept an `iteratee` value.
-    arrayEach(['filter', 'map', 'takeWhile'], function (methodName, index) {
-      var type = index + 1,
-        isFilter = type == LAZY_FILTER_FLAG || type == LAZY_WHILE_FLAG;
-      LazyWrapper.prototype[methodName] = function (iteratee) {
-        var result = this.clone();
-        result.__iteratees__.push({
-          'iteratee': getIteratee(iteratee, 3),
-          'type': type
-        });
-        result.__filtered__ = result.__filtered__ || isFilter;
-        return result;
-      };
-    });
-
-    // Add `LazyWrapper` methods for `_.head` and `_.last`.
-    arrayEach(['head', 'last'], function (methodName, index) {
-      var takeName = 'take' + (index ? 'Right' : '');
-      LazyWrapper.prototype[methodName] = function () {
-        return this[takeName](1).value()[0];
-      };
-    });
-
-    // Add `LazyWrapper` methods for `_.initial` and `_.tail`.
-    arrayEach(['initial', 'tail'], function (methodName, index) {
-      var dropName = 'drop' + (index ? '' : 'Right');
-      LazyWrapper.prototype[methodName] = function () {
-        return this.__filtered__ ? new LazyWrapper(this) : this[dropName](1);
-      };
-    });
-    LazyWrapper.prototype.compact = function () {
-      return this.filter(identity);
-    };
-    LazyWrapper.prototype.find = function (predicate) {
-      return this.filter(predicate).head();
-    };
-    LazyWrapper.prototype.findLast = function (predicate) {
-      return this.reverse().find(predicate);
-    };
-    LazyWrapper.prototype.invokeMap = baseRest(function (path, args) {
-      if (typeof path == 'function') {
-        return new LazyWrapper(this);
-      }
-      return this.map(function (value) {
-        return baseInvoke(value, path, args);
-      });
-    });
-    LazyWrapper.prototype.reject = function (predicate) {
-      return this.filter(negate(getIteratee(predicate)));
-    };
-    LazyWrapper.prototype.slice = function (start, end) {
-      start = toInteger(start);
-      var result = this;
-      if (result.__filtered__ && (start > 0 || end < 0)) {
-        return new LazyWrapper(result);
-      }
-      if (start < 0) {
-        result = result.takeRight(-start);
-      } else if (start) {
-        result = result.drop(start);
-      }
-      if (end !== undefined) {
-        end = toInteger(end);
-        result = end < 0 ? result.dropRight(-end) : result.take(end - start);
-      }
-      return result;
-    };
-    LazyWrapper.prototype.takeRightWhile = function (predicate) {
-      return this.reverse().takeWhile(predicate).reverse();
-    };
-    LazyWrapper.prototype.toArray = function () {
-      return this.take(MAX_ARRAY_LENGTH);
-    };
-
-    // Add `LazyWrapper` methods to `lodash.prototype`.
-    baseForOwn(LazyWrapper.prototype, function (func, methodName) {
-      var checkIteratee = /^(?:filter|find|map|reject)|While$/.test(methodName),
-        isTaker = /^(?:head|last)$/.test(methodName),
-        lodashFunc = lodash[isTaker ? 'take' + (methodName == 'last' ? 'Right' : '') : methodName],
-        retUnwrapped = isTaker || /^find/.test(methodName);
-      if (!lodashFunc) {
-        return;
-      }
-      lodash.prototype[methodName] = function () {
-        var value = this.__wrapped__,
-          args = isTaker ? [1] : arguments,
-          isLazy = value instanceof LazyWrapper,
-          iteratee = args[0],
-          useLazy = isLazy || isArray(value);
-        var interceptor = function interceptor(value) {
-          var result = lodashFunc.apply(lodash, arrayPush([value], args));
-          return isTaker && chainAll ? result[0] : result;
-        };
-        if (useLazy && checkIteratee && typeof iteratee == 'function' && iteratee.length != 1) {
-          // Avoid lazy use if the iteratee has a "length" value other than `1`.
-          isLazy = useLazy = false;
-        }
-        var chainAll = this.__chain__,
-          isHybrid = !!this.__actions__.length,
-          isUnwrapped = retUnwrapped && !chainAll,
-          onlyLazy = isLazy && !isHybrid;
-        if (!retUnwrapped && useLazy) {
-          value = onlyLazy ? value : new LazyWrapper(this);
-          var result = func.apply(value, args);
-          result.__actions__.push({
-            'func': thru,
-            'args': [interceptor],
-            'thisArg': undefined
-          });
-          return new LodashWrapper(result, chainAll);
-        }
-        if (isUnwrapped && onlyLazy) {
-          return func.apply(this, args);
-        }
-        result = this.thru(interceptor);
-        return isUnwrapped ? isTaker ? result.value()[0] : result.value() : result;
-      };
-    });
-
-    // Add `Array` methods to `lodash.prototype`.
-    arrayEach(['pop', 'push', 'shift', 'sort', 'splice', 'unshift'], function (methodName) {
-      var func = arrayProto[methodName],
-        chainName = /^(?:push|sort|unshift)$/.test(methodName) ? 'tap' : 'thru',
-        retUnwrapped = /^(?:pop|shift)$/.test(methodName);
-      lodash.prototype[methodName] = function () {
-        var args = arguments;
-        if (retUnwrapped && !this.__chain__) {
-          var value = this.value();
-          return func.apply(isArray(value) ? value : [], args);
-        }
-        return this[chainName](function (value) {
-          return func.apply(isArray(value) ? value : [], args);
-        });
-      };
-    });
-
-    // Map minified method names to their real names.
-    baseForOwn(LazyWrapper.prototype, function (func, methodName) {
-      var lodashFunc = lodash[methodName];
-      if (lodashFunc) {
-        var key = lodashFunc.name + '';
-        if (!hasOwnProperty.call(realNames, key)) {
-          realNames[key] = [];
-        }
-        realNames[key].push({
-          'name': methodName,
-          'func': lodashFunc
-        });
-      }
-    });
-    realNames[createHybrid(undefined, WRAP_BIND_KEY_FLAG).name] = [{
-      'name': 'wrapper',
-      'func': undefined
-    }];
-
-    // Add methods to `LazyWrapper`.
-    LazyWrapper.prototype.clone = lazyClone;
-    LazyWrapper.prototype.reverse = lazyReverse;
-    LazyWrapper.prototype.value = lazyValue;
-
-    // Add chain sequence methods to the `lodash` wrapper.
-    lodash.prototype.at = wrapperAt;
-    lodash.prototype.chain = wrapperChain;
-    lodash.prototype.commit = wrapperCommit;
-    lodash.prototype.next = wrapperNext;
-    lodash.prototype.plant = wrapperPlant;
-    lodash.prototype.reverse = wrapperReverse;
-    lodash.prototype.toJSON = lodash.prototype.valueOf = lodash.prototype.value = wrapperValue;
-
-    // Add lazy aliases.
-    lodash.prototype.first = lodash.prototype.head;
-    if (symIterator) {
-      lodash.prototype[symIterator] = wrapperToIterator;
-    }
-    return lodash;
-  };
-
-  /*--------------------------------------------------------------------------*/
-
-  // Export lodash.
-  var _ = runInContext();
-
-  // Some AMD build optimizers, like r.js, check for condition patterns like:
-  if (true) {
-    // Expose Lodash on the global object to prevent errors when Lodash is
-    // loaded by a script tag in the presence of an AMD loader.
-    // See http://requirejs.org/docs/errors.html#mismatch for more details.
-    // Use `_.noConflict` to remove Lodash from the global object.
-    root._ = _;
-
-    // Define as an anonymous module so, through path mapping, it can be
-    // referenced as the "underscore" module.
-    !(__WEBPACK_AMD_DEFINE_RESULT__ = (function () {
-      return _;
-    }).call(exports, __webpack_require__, exports, module),
-		__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));
-  }
-  // Check for `exports` after `define` in case a build optimizer adds it.
-  else {}
-}).call(this);
-
-/***/ }),
-
-/***/ 905:
-/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
-
-"use strict";
-
-
-var high = __webpack_require__(478);
-var fault = __webpack_require__(867);
-exports.highlight = highlight;
-exports.highlightAuto = highlightAuto;
-exports.registerLanguage = registerLanguage;
-exports.listLanguages = listLanguages;
-exports.registerAlias = registerAlias;
-Emitter.prototype.addText = text;
-Emitter.prototype.addKeyword = addKeyword;
-Emitter.prototype.addSublanguage = addSublanguage;
-Emitter.prototype.openNode = open;
-Emitter.prototype.closeNode = close;
-Emitter.prototype.closeAllNodes = noop;
-Emitter.prototype.finalize = noop;
-Emitter.prototype.toHTML = toHtmlNoop;
-var defaultPrefix = 'hljs-';
-
-// Highlighting `value` in the language `name`.
-function highlight(name, value, options) {
-  var before = high.configure({});
-  var settings = options || {};
-  var prefix = settings.prefix;
-  var result;
-  if (typeof name !== 'string') {
-    throw fault('Expected `string` for name, got `%s`', name);
-  }
-  if (!high.getLanguage(name)) {
-    throw fault('Unknown language: `%s` is not registered', name);
-  }
-  if (typeof value !== 'string') {
-    throw fault('Expected `string` for value, got `%s`', value);
-  }
-  if (prefix === null || prefix === undefined) {
-    prefix = defaultPrefix;
-  }
-  high.configure({
-    __emitter: Emitter,
-    classPrefix: prefix
-  });
-  result = high.highlight(value, {
-    language: name,
-    ignoreIllegals: true
-  });
-  high.configure(before || {});
-
-  /* istanbul ignore if - Highlight.js seems to use this (currently) for broken
-   * grammars, so let’s keep it in there just to be sure. */
-  if (result.errorRaised) {
-    throw result.errorRaised;
-  }
-  return {
-    relevance: result.relevance,
-    language: result.language,
-    value: result.emitter.rootNode.children
-  };
-}
-function highlightAuto(value, options) {
-  var settings = options || {};
-  var subset = settings.subset || high.listLanguages();
-  var prefix = settings.prefix;
-  var length = subset.length;
-  var index = -1;
-  var result;
-  var secondBest;
-  var current;
-  var name;
-  if (prefix === null || prefix === undefined) {
-    prefix = defaultPrefix;
-  }
-  if (typeof value !== 'string') {
-    throw fault('Expected `string` for value, got `%s`', value);
-  }
-  secondBest = {
-    relevance: 0,
-    language: null,
-    value: []
-  };
-  result = {
-    relevance: 0,
-    language: null,
-    value: []
-  };
-  while (++index < length) {
-    name = subset[index];
-    if (!high.getLanguage(name)) {
-      continue;
-    }
-    current = highlight(name, value, options);
-    current.language = name;
-    if (current.relevance > secondBest.relevance) {
-      secondBest = current;
-    }
-    if (current.relevance > result.relevance) {
-      secondBest = result;
-      result = current;
-    }
-  }
-  if (secondBest.language) {
-    result.secondBest = secondBest;
-  }
-  return result;
-}
-
-// Register a language.
-function registerLanguage(name, syntax) {
-  high.registerLanguage(name, syntax);
-}
-
-// Get a list of all registered languages.
-function listLanguages() {
-  return high.listLanguages();
-}
-
-// Register more aliases for an already registered language.
-function registerAlias(name, alias) {
-  var map = name;
-  var key;
-  if (alias) {
-    map = {};
-    map[name] = alias;
-  }
-  for (key in map) {
-    high.registerAliases(map[key], {
-      languageName: key
-    });
-  }
-}
-function Emitter(options) {
-  this.options = options;
-  this.rootNode = {
-    children: []
-  };
-  this.stack = [this.rootNode];
-}
-function addKeyword(value, name) {
-  this.openNode(name);
-  this.addText(value);
-  this.closeNode();
-}
-function addSublanguage(other, name) {
-  var stack = this.stack;
-  var current = stack[stack.length - 1];
-  var results = other.rootNode.children;
-  var node = name ? {
-    type: 'element',
-    tagName: 'span',
-    properties: {
-      className: [name]
-    },
-    children: results
-  } : results;
-  current.children = current.children.concat(node);
-}
-function text(value) {
-  var stack = this.stack;
-  var current;
-  var tail;
-  if (value === '') return;
-  current = stack[stack.length - 1];
-  tail = current.children[current.children.length - 1];
-  if (tail && tail.type === 'text') {
-    tail.value += value;
-  } else {
-    current.children.push({
-      type: 'text',
-      value: value
-    });
-  }
-}
-function open(name) {
-  var stack = this.stack;
-  var className = this.options.classPrefix + name;
-  var current = stack[stack.length - 1];
-  var child = {
-    type: 'element',
-    tagName: 'span',
-    properties: {
-      className: [className]
-    },
-    children: []
-  };
-  current.children.push(child);
-  stack.push(child);
-}
-function close() {
-  this.stack.pop();
-}
-function toHtmlNoop() {
-  return '';
-}
-function noop() {}
-
-/***/ }),
-
-/***/ 463:
-/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
-
-"use strict";
-/**
- * @license React
- * react-dom.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-/*
- Modernizr 3.0.0pre (Custom Build) | MIT
-*/
-
-
-var aa = __webpack_require__(791),
-  ca = __webpack_require__(296);
-function p(a) {
-  for (var b = "https://reactjs.org/docs/error-decoder.html?invariant=" + a, c = 1; c < arguments.length; c++) b += "&args[]=" + encodeURIComponent(arguments[c]);
-  return "Minified React error #" + a + "; visit " + b + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
-}
-var da = new Set(),
-  ea = {};
-function fa(a, b) {
-  ha(a, b);
-  ha(a + "Capture", b);
-}
-function ha(a, b) {
-  ea[a] = b;
-  for (a = 0; a < b.length; a++) da.add(b[a]);
-}
-var ia = !("undefined" === typeof window || "undefined" === typeof window.document || "undefined" === typeof window.document.createElement),
-  ja = Object.prototype.hasOwnProperty,
-  ka = /^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD][:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\-.0-9\u00B7\u0300-\u036F\u203F-\u2040]*$/,
-  la = {},
-  ma = {};
-function oa(a) {
-  if (ja.call(ma, a)) return !0;
-  if (ja.call(la, a)) return !1;
-  if (ka.test(a)) return ma[a] = !0;
-  la[a] = !0;
-  return !1;
-}
-function pa(a, b, c, d) {
-  if (null !== c && 0 === c.type) return !1;
-  switch (typeof b) {
-    case "function":
-    case "symbol":
-      return !0;
-    case "boolean":
-      if (d) return !1;
-      if (null !== c) return !c.acceptsBooleans;
-      a = a.toLowerCase().slice(0, 5);
-      return "data-" !== a && "aria-" !== a;
-    default:
-      return !1;
-  }
-}
-function qa(a, b, c, d) {
-  if (null === b || "undefined" === typeof b || pa(a, b, c, d)) return !0;
-  if (d) return !1;
-  if (null !== c) switch (c.type) {
-    case 3:
-      return !b;
-    case 4:
-      return !1 === b;
-    case 5:
-      return isNaN(b);
-    case 6:
-      return isNaN(b) || 1 > b;
-  }
-  return !1;
-}
-function v(a, b, c, d, e, f, g) {
-  this.acceptsBooleans = 2 === b || 3 === b || 4 === b;
-  this.attributeName = d;
-  this.attributeNamespace = e;
-  this.mustUseProperty = c;
-  this.propertyName = a;
-  this.type = b;
-  this.sanitizeURL = f;
-  this.removeEmptyString = g;
-}
-var z = {};
-"children dangerouslySetInnerHTML defaultValue defaultChecked innerHTML suppressContentEditableWarning suppressHydrationWarning style".split(" ").forEach(function (a) {
-  z[a] = new v(a, 0, !1, a, null, !1, !1);
-});
-[["acceptCharset", "accept-charset"], ["className", "class"], ["htmlFor", "for"], ["httpEquiv", "http-equiv"]].forEach(function (a) {
-  var b = a[0];
-  z[b] = new v(b, 1, !1, a[1], null, !1, !1);
-});
-["contentEditable", "draggable", "spellCheck", "value"].forEach(function (a) {
-  z[a] = new v(a, 2, !1, a.toLowerCase(), null, !1, !1);
-});
-["autoReverse", "externalResourcesRequired", "focusable", "preserveAlpha"].forEach(function (a) {
-  z[a] = new v(a, 2, !1, a, null, !1, !1);
-});
-"allowFullScreen async autoFocus autoPlay controls default defer disabled disablePictureInPicture disableRemotePlayback formNoValidate hidden loop noModule noValidate open playsInline readOnly required reversed scoped seamless itemScope".split(" ").forEach(function (a) {
-  z[a] = new v(a, 3, !1, a.toLowerCase(), null, !1, !1);
-});
-["checked", "multiple", "muted", "selected"].forEach(function (a) {
-  z[a] = new v(a, 3, !0, a, null, !1, !1);
-});
-["capture", "download"].forEach(function (a) {
-  z[a] = new v(a, 4, !1, a, null, !1, !1);
-});
-["cols", "rows", "size", "span"].forEach(function (a) {
-  z[a] = new v(a, 6, !1, a, null, !1, !1);
-});
-["rowSpan", "start"].forEach(function (a) {
-  z[a] = new v(a, 5, !1, a.toLowerCase(), null, !1, !1);
-});
-var ra = /[\-:]([a-z])/g;
-function sa(a) {
-  return a[1].toUpperCase();
-}
-"accent-height alignment-baseline arabic-form baseline-shift cap-height clip-path clip-rule color-interpolation color-interpolation-filters color-profile color-rendering dominant-baseline enable-background fill-opacity fill-rule flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-name glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x horiz-origin-x image-rendering letter-spacing lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width text-anchor text-decoration text-rendering underline-position underline-thickness unicode-bidi unicode-range units-per-em v-alphabetic v-hanging v-ideographic v-mathematical vector-effect vert-adv-y vert-origin-x vert-origin-y word-spacing writing-mode xmlns:xlink x-height".split(" ").forEach(function (a) {
-  var b = a.replace(ra, sa);
-  z[b] = new v(b, 1, !1, a, null, !1, !1);
-});
-"xlink:actuate xlink:arcrole xlink:role xlink:show xlink:title xlink:type".split(" ").forEach(function (a) {
-  var b = a.replace(ra, sa);
-  z[b] = new v(b, 1, !1, a, "http://www.w3.org/1999/xlink", !1, !1);
-});
-["xml:base", "xml:lang", "xml:space"].forEach(function (a) {
-  var b = a.replace(ra, sa);
-  z[b] = new v(b, 1, !1, a, "http://www.w3.org/XML/1998/namespace", !1, !1);
-});
-["tabIndex", "crossOrigin"].forEach(function (a) {
-  z[a] = new v(a, 1, !1, a.toLowerCase(), null, !1, !1);
-});
-z.xlinkHref = new v("xlinkHref", 1, !1, "xlink:href", "http://www.w3.org/1999/xlink", !0, !1);
-["src", "href", "action", "formAction"].forEach(function (a) {
-  z[a] = new v(a, 1, !1, a.toLowerCase(), null, !0, !0);
-});
-function ta(a, b, c, d) {
-  var e = z.hasOwnProperty(b) ? z[b] : null;
-  if (null !== e ? 0 !== e.type : d || !(2 < b.length) || "o" !== b[0] && "O" !== b[0] || "n" !== b[1] && "N" !== b[1]) qa(b, c, e, d) && (c = null), d || null === e ? oa(b) && (null === c ? a.removeAttribute(b) : a.setAttribute(b, "" + c)) : e.mustUseProperty ? a[e.propertyName] = null === c ? 3 === e.type ? !1 : "" : c : (b = e.attributeName, d = e.attributeNamespace, null === c ? a.removeAttribute(b) : (e = e.type, c = 3 === e || 4 === e && !0 === c ? "" : "" + c, d ? a.setAttributeNS(d, b, c) : a.setAttribute(b, c)));
-}
-var ua = aa.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED,
-  va = Symbol.for("react.element"),
-  wa = Symbol.for("react.portal"),
-  ya = Symbol.for("react.fragment"),
-  za = Symbol.for("react.strict_mode"),
-  Aa = Symbol.for("react.profiler"),
-  Ba = Symbol.for("react.provider"),
-  Ca = Symbol.for("react.context"),
-  Da = Symbol.for("react.forward_ref"),
-  Ea = Symbol.for("react.suspense"),
-  Fa = Symbol.for("react.suspense_list"),
-  Ga = Symbol.for("react.memo"),
-  Ha = Symbol.for("react.lazy");
-Symbol.for("react.scope");
-Symbol.for("react.debug_trace_mode");
-var Ia = Symbol.for("react.offscreen");
-Symbol.for("react.legacy_hidden");
-Symbol.for("react.cache");
-Symbol.for("react.tracing_marker");
-var Ja = Symbol.iterator;
-function Ka(a) {
-  if (null === a || "object" !== typeof a) return null;
-  a = Ja && a[Ja] || a["@@iterator"];
-  return "function" === typeof a ? a : null;
-}
-var A = Object.assign,
-  La;
-function Ma(a) {
-  if (void 0 === La) try {
-    throw Error();
-  } catch (c) {
-    var b = c.stack.trim().match(/\n( *(at )?)/);
-    La = b && b[1] || "";
-  }
-  return "\n" + La + a;
-}
-var Na = !1;
-function Oa(a, b) {
-  if (!a || Na) return "";
-  Na = !0;
-  var c = Error.prepareStackTrace;
-  Error.prepareStackTrace = void 0;
-  try {
-    if (b) {
-      if (b = function b() {
-        throw Error();
-      }, Object.defineProperty(b.prototype, "props", {
-        set: function set() {
-          throw Error();
-        }
-      }), "object" === typeof Reflect && Reflect.construct) {
-        try {
-          Reflect.construct(b, []);
-        } catch (l) {
-          var d = l;
-        }
-        Reflect.construct(a, [], b);
-      } else {
-        try {
-          b.call();
-        } catch (l) {
-          d = l;
-        }
-        a.call(b.prototype);
-      }
-    } else {
-      try {
-        throw Error();
-      } catch (l) {
-        d = l;
-      }
-      a();
-    }
-  } catch (l) {
-    if (l && d && "string" === typeof l.stack) {
-      for (var e = l.stack.split("\n"), f = d.stack.split("\n"), g = e.length - 1, h = f.length - 1; 1 <= g && 0 <= h && e[g] !== f[h];) h--;
-      for (; 1 <= g && 0 <= h; g--, h--) if (e[g] !== f[h]) {
-        if (1 !== g || 1 !== h) {
-          do if (g--, h--, 0 > h || e[g] !== f[h]) {
-            var k = "\n" + e[g].replace(" at new ", " at ");
-            a.displayName && k.includes("<anonymous>") && (k = k.replace("<anonymous>", a.displayName));
-            return k;
-          } while (1 <= g && 0 <= h);
-        }
-        break;
-      }
-    }
-  } finally {
-    Na = !1, Error.prepareStackTrace = c;
-  }
-  return (a = a ? a.displayName || a.name : "") ? Ma(a) : "";
-}
-function Pa(a) {
-  switch (a.tag) {
-    case 5:
-      return Ma(a.type);
-    case 16:
-      return Ma("Lazy");
-    case 13:
-      return Ma("Suspense");
-    case 19:
-      return Ma("SuspenseList");
-    case 0:
-    case 2:
-    case 15:
-      return a = Oa(a.type, !1), a;
-    case 11:
-      return a = Oa(a.type.render, !1), a;
-    case 1:
-      return a = Oa(a.type, !0), a;
-    default:
-      return "";
-  }
-}
-function Qa(a) {
-  if (null == a) return null;
-  if ("function" === typeof a) return a.displayName || a.name || null;
-  if ("string" === typeof a) return a;
-  switch (a) {
-    case ya:
-      return "Fragment";
-    case wa:
-      return "Portal";
-    case Aa:
-      return "Profiler";
-    case za:
-      return "StrictMode";
-    case Ea:
-      return "Suspense";
-    case Fa:
-      return "SuspenseList";
-  }
-  if ("object" === typeof a) switch (a.$$typeof) {
-    case Ca:
-      return (a.displayName || "Context") + ".Consumer";
-    case Ba:
-      return (a._context.displayName || "Context") + ".Provider";
-    case Da:
-      var b = a.render;
-      a = a.displayName;
-      a || (a = b.displayName || b.name || "", a = "" !== a ? "ForwardRef(" + a + ")" : "ForwardRef");
-      return a;
-    case Ga:
-      return b = a.displayName || null, null !== b ? b : Qa(a.type) || "Memo";
-    case Ha:
-      b = a._payload;
-      a = a._init;
-      try {
-        return Qa(a(b));
-      } catch (c) {}
-  }
-  return null;
-}
-function Ra(a) {
-  var b = a.type;
-  switch (a.tag) {
-    case 24:
-      return "Cache";
-    case 9:
-      return (b.displayName || "Context") + ".Consumer";
-    case 10:
-      return (b._context.displayName || "Context") + ".Provider";
-    case 18:
-      return "DehydratedFragment";
-    case 11:
-      return a = b.render, a = a.displayName || a.name || "", b.displayName || ("" !== a ? "ForwardRef(" + a + ")" : "ForwardRef");
-    case 7:
-      return "Fragment";
-    case 5:
-      return b;
-    case 4:
-      return "Portal";
-    case 3:
-      return "Root";
-    case 6:
-      return "Text";
-    case 16:
-      return Qa(b);
-    case 8:
-      return b === za ? "StrictMode" : "Mode";
-    case 22:
-      return "Offscreen";
-    case 12:
-      return "Profiler";
-    case 21:
-      return "Scope";
-    case 13:
-      return "Suspense";
-    case 19:
-      return "SuspenseList";
-    case 25:
-      return "TracingMarker";
-    case 1:
-    case 0:
-    case 17:
-    case 2:
-    case 14:
-    case 15:
-      if ("function" === typeof b) return b.displayName || b.name || null;
-      if ("string" === typeof b) return b;
-  }
-  return null;
-}
-function Sa(a) {
-  switch (typeof a) {
-    case "boolean":
-    case "number":
-    case "string":
-    case "undefined":
-      return a;
-    case "object":
-      return a;
-    default:
-      return "";
-  }
-}
-function Ta(a) {
-  var b = a.type;
-  return (a = a.nodeName) && "input" === a.toLowerCase() && ("checkbox" === b || "radio" === b);
-}
-function Ua(a) {
-  var b = Ta(a) ? "checked" : "value",
-    c = Object.getOwnPropertyDescriptor(a.constructor.prototype, b),
-    d = "" + a[b];
-  if (!a.hasOwnProperty(b) && "undefined" !== typeof c && "function" === typeof c.get && "function" === typeof c.set) {
-    var e = c.get,
-      f = c.set;
-    Object.defineProperty(a, b, {
-      configurable: !0,
-      get: function get() {
-        return e.call(this);
-      },
-      set: function set(a) {
-        d = "" + a;
-        f.call(this, a);
-      }
-    });
-    Object.defineProperty(a, b, {
-      enumerable: c.enumerable
-    });
-    return {
-      getValue: function getValue() {
-        return d;
-      },
-      setValue: function setValue(a) {
-        d = "" + a;
-      },
-      stopTracking: function stopTracking() {
-        a._valueTracker = null;
-        delete a[b];
-      }
-    };
-  }
-}
-function Va(a) {
-  a._valueTracker || (a._valueTracker = Ua(a));
-}
-function Wa(a) {
-  if (!a) return !1;
-  var b = a._valueTracker;
-  if (!b) return !0;
-  var c = b.getValue();
-  var d = "";
-  a && (d = Ta(a) ? a.checked ? "true" : "false" : a.value);
-  a = d;
-  return a !== c ? (b.setValue(a), !0) : !1;
-}
-function Xa(a) {
-  a = a || ("undefined" !== typeof document ? document : void 0);
-  if ("undefined" === typeof a) return null;
-  try {
-    return a.activeElement || a.body;
-  } catch (b) {
-    return a.body;
-  }
-}
-function Ya(a, b) {
-  var c = b.checked;
-  return A({}, b, {
-    defaultChecked: void 0,
-    defaultValue: void 0,
-    value: void 0,
-    checked: null != c ? c : a._wrapperState.initialChecked
-  });
-}
-function Za(a, b) {
-  var c = null == b.defaultValue ? "" : b.defaultValue,
-    d = null != b.checked ? b.checked : b.defaultChecked;
-  c = Sa(null != b.value ? b.value : c);
-  a._wrapperState = {
-    initialChecked: d,
-    initialValue: c,
-    controlled: "checkbox" === b.type || "radio" === b.type ? null != b.checked : null != b.value
-  };
-}
-function ab(a, b) {
-  b = b.checked;
-  null != b && ta(a, "checked", b, !1);
-}
-function bb(a, b) {
-  ab(a, b);
-  var c = Sa(b.value),
-    d = b.type;
-  if (null != c) {
-    if ("number" === d) {
-      if (0 === c && "" === a.value || a.value != c) a.value = "" + c;
-    } else a.value !== "" + c && (a.value = "" + c);
-  } else if ("submit" === d || "reset" === d) {
-    a.removeAttribute("value");
-    return;
-  }
-  b.hasOwnProperty("value") ? cb(a, b.type, c) : b.hasOwnProperty("defaultValue") && cb(a, b.type, Sa(b.defaultValue));
-  null == b.checked && null != b.defaultChecked && (a.defaultChecked = !!b.defaultChecked);
-}
-function db(a, b, c) {
-  if (b.hasOwnProperty("value") || b.hasOwnProperty("defaultValue")) {
-    var d = b.type;
-    if (!("submit" !== d && "reset" !== d || void 0 !== b.value && null !== b.value)) return;
-    b = "" + a._wrapperState.initialValue;
-    c || b === a.value || (a.value = b);
-    a.defaultValue = b;
-  }
-  c = a.name;
-  "" !== c && (a.name = "");
-  a.defaultChecked = !!a._wrapperState.initialChecked;
-  "" !== c && (a.name = c);
-}
-function cb(a, b, c) {
-  if ("number" !== b || Xa(a.ownerDocument) !== a) null == c ? a.defaultValue = "" + a._wrapperState.initialValue : a.defaultValue !== "" + c && (a.defaultValue = "" + c);
-}
-var eb = Array.isArray;
-function fb(a, b, c, d) {
-  a = a.options;
-  if (b) {
-    b = {};
-    for (var e = 0; e < c.length; e++) b["$" + c[e]] = !0;
-    for (c = 0; c < a.length; c++) e = b.hasOwnProperty("$" + a[c].value), a[c].selected !== e && (a[c].selected = e), e && d && (a[c].defaultSelected = !0);
-  } else {
-    c = "" + Sa(c);
-    b = null;
-    for (e = 0; e < a.length; e++) {
-      if (a[e].value === c) {
-        a[e].selected = !0;
-        d && (a[e].defaultSelected = !0);
-        return;
-      }
-      null !== b || a[e].disabled || (b = a[e]);
-    }
-    null !== b && (b.selected = !0);
-  }
-}
-function gb(a, b) {
-  if (null != b.dangerouslySetInnerHTML) throw Error(p(91));
-  return A({}, b, {
-    value: void 0,
-    defaultValue: void 0,
-    children: "" + a._wrapperState.initialValue
-  });
-}
-function hb(a, b) {
-  var c = b.value;
-  if (null == c) {
-    c = b.children;
-    b = b.defaultValue;
-    if (null != c) {
-      if (null != b) throw Error(p(92));
-      if (eb(c)) {
-        if (1 < c.length) throw Error(p(93));
-        c = c[0];
-      }
-      b = c;
-    }
-    null == b && (b = "");
-    c = b;
-  }
-  a._wrapperState = {
-    initialValue: Sa(c)
-  };
-}
-function ib(a, b) {
-  var c = Sa(b.value),
-    d = Sa(b.defaultValue);
-  null != c && (c = "" + c, c !== a.value && (a.value = c), null == b.defaultValue && a.defaultValue !== c && (a.defaultValue = c));
-  null != d && (a.defaultValue = "" + d);
-}
-function jb(a) {
-  var b = a.textContent;
-  b === a._wrapperState.initialValue && "" !== b && null !== b && (a.value = b);
-}
-function kb(a) {
-  switch (a) {
-    case "svg":
-      return "http://www.w3.org/2000/svg";
-    case "math":
-      return "http://www.w3.org/1998/Math/MathML";
-    default:
-      return "http://www.w3.org/1999/xhtml";
-  }
-}
-function lb(a, b) {
-  return null == a || "http://www.w3.org/1999/xhtml" === a ? kb(b) : "http://www.w3.org/2000/svg" === a && "foreignObject" === b ? "http://www.w3.org/1999/xhtml" : a;
-}
-var mb,
-  nb = function (a) {
-    return "undefined" !== typeof MSApp && MSApp.execUnsafeLocalFunction ? function (b, c, d, e) {
-      MSApp.execUnsafeLocalFunction(function () {
-        return a(b, c, d, e);
-      });
-    } : a;
-  }(function (a, b) {
-    if ("http://www.w3.org/2000/svg" !== a.namespaceURI || "innerHTML" in a) a.innerHTML = b;else {
-      mb = mb || document.createElement("div");
-      mb.innerHTML = "<svg>" + b.valueOf().toString() + "</svg>";
-      for (b = mb.firstChild; a.firstChild;) a.removeChild(a.firstChild);
-      for (; b.firstChild;) a.appendChild(b.firstChild);
-    }
-  });
-function ob(a, b) {
-  if (b) {
-    var c = a.firstChild;
-    if (c && c === a.lastChild && 3 === c.nodeType) {
-      c.nodeValue = b;
-      return;
-    }
-  }
-  a.textContent = b;
-}
-var pb = {
-    animationIterationCount: !0,
-    aspectRatio: !0,
-    borderImageOutset: !0,
-    borderImageSlice: !0,
-    borderImageWidth: !0,
-    boxFlex: !0,
-    boxFlexGroup: !0,
-    boxOrdinalGroup: !0,
-    columnCount: !0,
-    columns: !0,
-    flex: !0,
-    flexGrow: !0,
-    flexPositive: !0,
-    flexShrink: !0,
-    flexNegative: !0,
-    flexOrder: !0,
-    gridArea: !0,
-    gridRow: !0,
-    gridRowEnd: !0,
-    gridRowSpan: !0,
-    gridRowStart: !0,
-    gridColumn: !0,
-    gridColumnEnd: !0,
-    gridColumnSpan: !0,
-    gridColumnStart: !0,
-    fontWeight: !0,
-    lineClamp: !0,
-    lineHeight: !0,
-    opacity: !0,
-    order: !0,
-    orphans: !0,
-    tabSize: !0,
-    widows: !0,
-    zIndex: !0,
-    zoom: !0,
-    fillOpacity: !0,
-    floodOpacity: !0,
-    stopOpacity: !0,
-    strokeDasharray: !0,
-    strokeDashoffset: !0,
-    strokeMiterlimit: !0,
-    strokeOpacity: !0,
-    strokeWidth: !0
-  },
-  qb = ["Webkit", "ms", "Moz", "O"];
-Object.keys(pb).forEach(function (a) {
-  qb.forEach(function (b) {
-    b = b + a.charAt(0).toUpperCase() + a.substring(1);
-    pb[b] = pb[a];
-  });
-});
-function rb(a, b, c) {
-  return null == b || "boolean" === typeof b || "" === b ? "" : c || "number" !== typeof b || 0 === b || pb.hasOwnProperty(a) && pb[a] ? ("" + b).trim() : b + "px";
-}
-function sb(a, b) {
-  a = a.style;
-  for (var c in b) if (b.hasOwnProperty(c)) {
-    var d = 0 === c.indexOf("--"),
-      e = rb(c, b[c], d);
-    "float" === c && (c = "cssFloat");
-    d ? a.setProperty(c, e) : a[c] = e;
-  }
-}
-var tb = A({
-  menuitem: !0
-}, {
-  area: !0,
-  base: !0,
-  br: !0,
-  col: !0,
-  embed: !0,
-  hr: !0,
-  img: !0,
-  input: !0,
-  keygen: !0,
-  link: !0,
-  meta: !0,
-  param: !0,
-  source: !0,
-  track: !0,
-  wbr: !0
-});
-function ub(a, b) {
-  if (b) {
-    if (tb[a] && (null != b.children || null != b.dangerouslySetInnerHTML)) throw Error(p(137, a));
-    if (null != b.dangerouslySetInnerHTML) {
-      if (null != b.children) throw Error(p(60));
-      if ("object" !== typeof b.dangerouslySetInnerHTML || !("__html" in b.dangerouslySetInnerHTML)) throw Error(p(61));
-    }
-    if (null != b.style && "object" !== typeof b.style) throw Error(p(62));
-  }
-}
-function vb(a, b) {
-  if (-1 === a.indexOf("-")) return "string" === typeof b.is;
-  switch (a) {
-    case "annotation-xml":
-    case "color-profile":
-    case "font-face":
-    case "font-face-src":
-    case "font-face-uri":
-    case "font-face-format":
-    case "font-face-name":
-    case "missing-glyph":
-      return !1;
-    default:
-      return !0;
-  }
-}
-var wb = null;
-function xb(a) {
-  a = a.target || a.srcElement || window;
-  a.correspondingUseElement && (a = a.correspondingUseElement);
-  return 3 === a.nodeType ? a.parentNode : a;
-}
-var yb = null,
-  zb = null,
-  Ab = null;
-function Bb(a) {
-  if (a = Cb(a)) {
-    if ("function" !== typeof yb) throw Error(p(280));
-    var b = a.stateNode;
-    b && (b = Db(b), yb(a.stateNode, a.type, b));
-  }
-}
-function Eb(a) {
-  zb ? Ab ? Ab.push(a) : Ab = [a] : zb = a;
-}
-function Fb() {
-  if (zb) {
-    var a = zb,
-      b = Ab;
-    Ab = zb = null;
-    Bb(a);
-    if (b) for (a = 0; a < b.length; a++) Bb(b[a]);
-  }
-}
-function Gb(a, b) {
-  return a(b);
-}
-function Hb() {}
-var Ib = !1;
-function Jb(a, b, c) {
-  if (Ib) return a(b, c);
-  Ib = !0;
-  try {
-    return Gb(a, b, c);
-  } finally {
-    if (Ib = !1, null !== zb || null !== Ab) Hb(), Fb();
-  }
-}
-function Kb(a, b) {
-  var c = a.stateNode;
-  if (null === c) return null;
-  var d = Db(c);
-  if (null === d) return null;
-  c = d[b];
-  a: switch (b) {
-    case "onClick":
-    case "onClickCapture":
-    case "onDoubleClick":
-    case "onDoubleClickCapture":
-    case "onMouseDown":
-    case "onMouseDownCapture":
-    case "onMouseMove":
-    case "onMouseMoveCapture":
-    case "onMouseUp":
-    case "onMouseUpCapture":
-    case "onMouseEnter":
-      (d = !d.disabled) || (a = a.type, d = !("button" === a || "input" === a || "select" === a || "textarea" === a));
-      a = !d;
-      break a;
-    default:
-      a = !1;
-  }
-  if (a) return null;
-  if (c && "function" !== typeof c) throw Error(p(231, b, typeof c));
-  return c;
-}
-var Lb = !1;
-if (ia) try {
-  var Mb = {};
-  Object.defineProperty(Mb, "passive", {
-    get: function get() {
-      Lb = !0;
-    }
-  });
-  window.addEventListener("test", Mb, Mb);
-  window.removeEventListener("test", Mb, Mb);
-} catch (a) {
-  Lb = !1;
-}
-function Nb(a, b, c, d, e, f, g, h, k) {
-  var l = Array.prototype.slice.call(arguments, 3);
-  try {
-    b.apply(c, l);
-  } catch (m) {
-    this.onError(m);
-  }
-}
-var Ob = !1,
-  Pb = null,
-  Qb = !1,
-  Rb = null,
-  Sb = {
-    onError: function onError(a) {
-      Ob = !0;
-      Pb = a;
-    }
-  };
-function Tb(a, b, c, d, e, f, g, h, k) {
-  Ob = !1;
-  Pb = null;
-  Nb.apply(Sb, arguments);
-}
-function Ub(a, b, c, d, e, f, g, h, k) {
-  Tb.apply(this, arguments);
-  if (Ob) {
-    if (Ob) {
-      var l = Pb;
-      Ob = !1;
-      Pb = null;
-    } else throw Error(p(198));
-    Qb || (Qb = !0, Rb = l);
-  }
-}
-function Vb(a) {
-  var b = a,
-    c = a;
-  if (a.alternate) for (; b.return;) b = b.return;else {
-    a = b;
-    do b = a, 0 !== (b.flags & 4098) && (c = b.return), a = b.return; while (a);
-  }
-  return 3 === b.tag ? c : null;
-}
-function Wb(a) {
-  if (13 === a.tag) {
-    var b = a.memoizedState;
-    null === b && (a = a.alternate, null !== a && (b = a.memoizedState));
-    if (null !== b) return b.dehydrated;
-  }
-  return null;
-}
-function Xb(a) {
-  if (Vb(a) !== a) throw Error(p(188));
-}
-function Yb(a) {
-  var b = a.alternate;
-  if (!b) {
-    b = Vb(a);
-    if (null === b) throw Error(p(188));
-    return b !== a ? null : a;
-  }
-  for (var c = a, d = b;;) {
-    var e = c.return;
-    if (null === e) break;
-    var f = e.alternate;
-    if (null === f) {
-      d = e.return;
-      if (null !== d) {
-        c = d;
-        continue;
-      }
-      break;
-    }
-    if (e.child === f.child) {
-      for (f = e.child; f;) {
-        if (f === c) return Xb(e), a;
-        if (f === d) return Xb(e), b;
-        f = f.sibling;
-      }
-      throw Error(p(188));
-    }
-    if (c.return !== d.return) c = e, d = f;else {
-      for (var g = !1, h = e.child; h;) {
-        if (h === c) {
-          g = !0;
-          c = e;
-          d = f;
-          break;
-        }
-        if (h === d) {
-          g = !0;
-          d = e;
-          c = f;
-          break;
-        }
-        h = h.sibling;
-      }
-      if (!g) {
-        for (h = f.child; h;) {
-          if (h === c) {
-            g = !0;
-            c = f;
-            d = e;
-            break;
-          }
-          if (h === d) {
-            g = !0;
-            d = f;
-            c = e;
-            break;
-          }
-          h = h.sibling;
-        }
-        if (!g) throw Error(p(189));
-      }
-    }
-    if (c.alternate !== d) throw Error(p(190));
-  }
-  if (3 !== c.tag) throw Error(p(188));
-  return c.stateNode.current === c ? a : b;
-}
-function Zb(a) {
-  a = Yb(a);
-  return null !== a ? $b(a) : null;
-}
-function $b(a) {
-  if (5 === a.tag || 6 === a.tag) return a;
-  for (a = a.child; null !== a;) {
-    var b = $b(a);
-    if (null !== b) return b;
-    a = a.sibling;
-  }
-  return null;
-}
-var ac = ca.unstable_scheduleCallback,
-  bc = ca.unstable_cancelCallback,
-  cc = ca.unstable_shouldYield,
-  dc = ca.unstable_requestPaint,
-  B = ca.unstable_now,
-  ec = ca.unstable_getCurrentPriorityLevel,
-  fc = ca.unstable_ImmediatePriority,
-  gc = ca.unstable_UserBlockingPriority,
-  hc = ca.unstable_NormalPriority,
-  ic = ca.unstable_LowPriority,
-  jc = ca.unstable_IdlePriority,
-  kc = null,
-  lc = null;
-function mc(a) {
-  if (lc && "function" === typeof lc.onCommitFiberRoot) try {
-    lc.onCommitFiberRoot(kc, a, void 0, 128 === (a.current.flags & 128));
-  } catch (b) {}
-}
-var oc = Math.clz32 ? Math.clz32 : nc,
-  pc = Math.log,
-  qc = Math.LN2;
-function nc(a) {
-  a >>>= 0;
-  return 0 === a ? 32 : 31 - (pc(a) / qc | 0) | 0;
-}
-var rc = 64,
-  sc = 4194304;
-function tc(a) {
-  switch (a & -a) {
-    case 1:
-      return 1;
-    case 2:
-      return 2;
-    case 4:
-      return 4;
-    case 8:
-      return 8;
-    case 16:
-      return 16;
-    case 32:
-      return 32;
-    case 64:
-    case 128:
-    case 256:
-    case 512:
-    case 1024:
-    case 2048:
-    case 4096:
-    case 8192:
-    case 16384:
-    case 32768:
-    case 65536:
-    case 131072:
-    case 262144:
-    case 524288:
-    case 1048576:
-    case 2097152:
-      return a & 4194240;
-    case 4194304:
-    case 8388608:
-    case 16777216:
-    case 33554432:
-    case 67108864:
-      return a & 130023424;
-    case 134217728:
-      return 134217728;
-    case 268435456:
-      return 268435456;
-    case 536870912:
-      return 536870912;
-    case 1073741824:
-      return 1073741824;
-    default:
-      return a;
-  }
-}
-function uc(a, b) {
-  var c = a.pendingLanes;
-  if (0 === c) return 0;
-  var d = 0,
-    e = a.suspendedLanes,
-    f = a.pingedLanes,
-    g = c & 268435455;
-  if (0 !== g) {
-    var h = g & ~e;
-    0 !== h ? d = tc(h) : (f &= g, 0 !== f && (d = tc(f)));
-  } else g = c & ~e, 0 !== g ? d = tc(g) : 0 !== f && (d = tc(f));
-  if (0 === d) return 0;
-  if (0 !== b && b !== d && 0 === (b & e) && (e = d & -d, f = b & -b, e >= f || 16 === e && 0 !== (f & 4194240))) return b;
-  0 !== (d & 4) && (d |= c & 16);
-  b = a.entangledLanes;
-  if (0 !== b) for (a = a.entanglements, b &= d; 0 < b;) c = 31 - oc(b), e = 1 << c, d |= a[c], b &= ~e;
-  return d;
-}
-function vc(a, b) {
-  switch (a) {
-    case 1:
-    case 2:
-    case 4:
-      return b + 250;
-    case 8:
-    case 16:
-    case 32:
-    case 64:
-    case 128:
-    case 256:
-    case 512:
-    case 1024:
-    case 2048:
-    case 4096:
-    case 8192:
-    case 16384:
-    case 32768:
-    case 65536:
-    case 131072:
-    case 262144:
-    case 524288:
-    case 1048576:
-    case 2097152:
-      return b + 5E3;
-    case 4194304:
-    case 8388608:
-    case 16777216:
-    case 33554432:
-    case 67108864:
-      return -1;
-    case 134217728:
-    case 268435456:
-    case 536870912:
-    case 1073741824:
-      return -1;
-    default:
-      return -1;
-  }
-}
-function wc(a, b) {
-  for (var c = a.suspendedLanes, d = a.pingedLanes, e = a.expirationTimes, f = a.pendingLanes; 0 < f;) {
-    var g = 31 - oc(f),
-      h = 1 << g,
-      k = e[g];
-    if (-1 === k) {
-      if (0 === (h & c) || 0 !== (h & d)) e[g] = vc(h, b);
-    } else k <= b && (a.expiredLanes |= h);
-    f &= ~h;
-  }
-}
-function xc(a) {
-  a = a.pendingLanes & -1073741825;
-  return 0 !== a ? a : a & 1073741824 ? 1073741824 : 0;
-}
-function yc() {
-  var a = rc;
-  rc <<= 1;
-  0 === (rc & 4194240) && (rc = 64);
-  return a;
-}
-function zc(a) {
-  for (var b = [], c = 0; 31 > c; c++) b.push(a);
-  return b;
-}
-function Ac(a, b, c) {
-  a.pendingLanes |= b;
-  536870912 !== b && (a.suspendedLanes = 0, a.pingedLanes = 0);
-  a = a.eventTimes;
-  b = 31 - oc(b);
-  a[b] = c;
-}
-function Bc(a, b) {
-  var c = a.pendingLanes & ~b;
-  a.pendingLanes = b;
-  a.suspendedLanes = 0;
-  a.pingedLanes = 0;
-  a.expiredLanes &= b;
-  a.mutableReadLanes &= b;
-  a.entangledLanes &= b;
-  b = a.entanglements;
-  var d = a.eventTimes;
-  for (a = a.expirationTimes; 0 < c;) {
-    var e = 31 - oc(c),
-      f = 1 << e;
-    b[e] = 0;
-    d[e] = -1;
-    a[e] = -1;
-    c &= ~f;
-  }
-}
-function Cc(a, b) {
-  var c = a.entangledLanes |= b;
-  for (a = a.entanglements; c;) {
-    var d = 31 - oc(c),
-      e = 1 << d;
-    e & b | a[d] & b && (a[d] |= b);
-    c &= ~e;
-  }
-}
-var C = 0;
-function Dc(a) {
-  a &= -a;
-  return 1 < a ? 4 < a ? 0 !== (a & 268435455) ? 16 : 536870912 : 4 : 1;
-}
-var Ec,
-  Fc,
-  Gc,
-  Hc,
-  Ic,
-  Jc = !1,
-  Kc = [],
-  Lc = null,
-  Mc = null,
-  Nc = null,
-  Oc = new Map(),
-  Pc = new Map(),
-  Qc = [],
-  Rc = "mousedown mouseup touchcancel touchend touchstart auxclick dblclick pointercancel pointerdown pointerup dragend dragstart drop compositionend compositionstart keydown keypress keyup input textInput copy cut paste click change contextmenu reset submit".split(" ");
-function Sc(a, b) {
-  switch (a) {
-    case "focusin":
-    case "focusout":
-      Lc = null;
-      break;
-    case "dragenter":
-    case "dragleave":
-      Mc = null;
-      break;
-    case "mouseover":
-    case "mouseout":
-      Nc = null;
-      break;
-    case "pointerover":
-    case "pointerout":
-      Oc.delete(b.pointerId);
-      break;
-    case "gotpointercapture":
-    case "lostpointercapture":
-      Pc.delete(b.pointerId);
-  }
-}
-function Tc(a, b, c, d, e, f) {
-  if (null === a || a.nativeEvent !== f) return a = {
-    blockedOn: b,
-    domEventName: c,
-    eventSystemFlags: d,
-    nativeEvent: f,
-    targetContainers: [e]
-  }, null !== b && (b = Cb(b), null !== b && Fc(b)), a;
-  a.eventSystemFlags |= d;
-  b = a.targetContainers;
-  null !== e && -1 === b.indexOf(e) && b.push(e);
-  return a;
-}
-function Uc(a, b, c, d, e) {
-  switch (b) {
-    case "focusin":
-      return Lc = Tc(Lc, a, b, c, d, e), !0;
-    case "dragenter":
-      return Mc = Tc(Mc, a, b, c, d, e), !0;
-    case "mouseover":
-      return Nc = Tc(Nc, a, b, c, d, e), !0;
-    case "pointerover":
-      var f = e.pointerId;
-      Oc.set(f, Tc(Oc.get(f) || null, a, b, c, d, e));
-      return !0;
-    case "gotpointercapture":
-      return f = e.pointerId, Pc.set(f, Tc(Pc.get(f) || null, a, b, c, d, e)), !0;
-  }
-  return !1;
-}
-function Vc(a) {
-  var b = Wc(a.target);
-  if (null !== b) {
-    var c = Vb(b);
-    if (null !== c) if (b = c.tag, 13 === b) {
-      if (b = Wb(c), null !== b) {
-        a.blockedOn = b;
-        Ic(a.priority, function () {
-          Gc(c);
-        });
-        return;
-      }
-    } else if (3 === b && c.stateNode.current.memoizedState.isDehydrated) {
-      a.blockedOn = 3 === c.tag ? c.stateNode.containerInfo : null;
-      return;
-    }
-  }
-  a.blockedOn = null;
-}
-function Xc(a) {
-  if (null !== a.blockedOn) return !1;
-  for (var b = a.targetContainers; 0 < b.length;) {
-    var c = Yc(a.domEventName, a.eventSystemFlags, b[0], a.nativeEvent);
-    if (null === c) {
-      c = a.nativeEvent;
-      var d = new c.constructor(c.type, c);
-      wb = d;
-      c.target.dispatchEvent(d);
-      wb = null;
-    } else return b = Cb(c), null !== b && Fc(b), a.blockedOn = c, !1;
-    b.shift();
-  }
-  return !0;
-}
-function Zc(a, b, c) {
-  Xc(a) && c.delete(b);
-}
-function $c() {
-  Jc = !1;
-  null !== Lc && Xc(Lc) && (Lc = null);
-  null !== Mc && Xc(Mc) && (Mc = null);
-  null !== Nc && Xc(Nc) && (Nc = null);
-  Oc.forEach(Zc);
-  Pc.forEach(Zc);
-}
-function ad(a, b) {
-  a.blockedOn === b && (a.blockedOn = null, Jc || (Jc = !0, ca.unstable_scheduleCallback(ca.unstable_NormalPriority, $c)));
-}
-function bd(a) {
-  function b(b) {
-    return ad(b, a);
-  }
-  if (0 < Kc.length) {
-    ad(Kc[0], a);
-    for (var c = 1; c < Kc.length; c++) {
-      var d = Kc[c];
-      d.blockedOn === a && (d.blockedOn = null);
-    }
-  }
-  null !== Lc && ad(Lc, a);
-  null !== Mc && ad(Mc, a);
-  null !== Nc && ad(Nc, a);
-  Oc.forEach(b);
-  Pc.forEach(b);
-  for (c = 0; c < Qc.length; c++) d = Qc[c], d.blockedOn === a && (d.blockedOn = null);
-  for (; 0 < Qc.length && (c = Qc[0], null === c.blockedOn);) Vc(c), null === c.blockedOn && Qc.shift();
-}
-var cd = ua.ReactCurrentBatchConfig,
-  dd = !0;
-function ed(a, b, c, d) {
-  var e = C,
-    f = cd.transition;
-  cd.transition = null;
-  try {
-    C = 1, fd(a, b, c, d);
-  } finally {
-    C = e, cd.transition = f;
-  }
-}
-function gd(a, b, c, d) {
-  var e = C,
-    f = cd.transition;
-  cd.transition = null;
-  try {
-    C = 4, fd(a, b, c, d);
-  } finally {
-    C = e, cd.transition = f;
-  }
-}
-function fd(a, b, c, d) {
-  if (dd) {
-    var e = Yc(a, b, c, d);
-    if (null === e) hd(a, b, d, id, c), Sc(a, d);else if (Uc(e, a, b, c, d)) d.stopPropagation();else if (Sc(a, d), b & 4 && -1 < Rc.indexOf(a)) {
-      for (; null !== e;) {
-        var f = Cb(e);
-        null !== f && Ec(f);
-        f = Yc(a, b, c, d);
-        null === f && hd(a, b, d, id, c);
-        if (f === e) break;
-        e = f;
-      }
-      null !== e && d.stopPropagation();
-    } else hd(a, b, d, null, c);
-  }
-}
-var id = null;
-function Yc(a, b, c, d) {
-  id = null;
-  a = xb(d);
-  a = Wc(a);
-  if (null !== a) if (b = Vb(a), null === b) a = null;else if (c = b.tag, 13 === c) {
-    a = Wb(b);
-    if (null !== a) return a;
-    a = null;
-  } else if (3 === c) {
-    if (b.stateNode.current.memoizedState.isDehydrated) return 3 === b.tag ? b.stateNode.containerInfo : null;
-    a = null;
-  } else b !== a && (a = null);
-  id = a;
-  return null;
-}
-function jd(a) {
-  switch (a) {
-    case "cancel":
-    case "click":
-    case "close":
-    case "contextmenu":
-    case "copy":
-    case "cut":
-    case "auxclick":
-    case "dblclick":
-    case "dragend":
-    case "dragstart":
-    case "drop":
-    case "focusin":
-    case "focusout":
-    case "input":
-    case "invalid":
-    case "keydown":
-    case "keypress":
-    case "keyup":
-    case "mousedown":
-    case "mouseup":
-    case "paste":
-    case "pause":
-    case "play":
-    case "pointercancel":
-    case "pointerdown":
-    case "pointerup":
-    case "ratechange":
-    case "reset":
-    case "resize":
-    case "seeked":
-    case "submit":
-    case "touchcancel":
-    case "touchend":
-    case "touchstart":
-    case "volumechange":
-    case "change":
-    case "selectionchange":
-    case "textInput":
-    case "compositionstart":
-    case "compositionend":
-    case "compositionupdate":
-    case "beforeblur":
-    case "afterblur":
-    case "beforeinput":
-    case "blur":
-    case "fullscreenchange":
-    case "focus":
-    case "hashchange":
-    case "popstate":
-    case "select":
-    case "selectstart":
-      return 1;
-    case "drag":
-    case "dragenter":
-    case "dragexit":
-    case "dragleave":
-    case "dragover":
-    case "mousemove":
-    case "mouseout":
-    case "mouseover":
-    case "pointermove":
-    case "pointerout":
-    case "pointerover":
-    case "scroll":
-    case "toggle":
-    case "touchmove":
-    case "wheel":
-    case "mouseenter":
-    case "mouseleave":
-    case "pointerenter":
-    case "pointerleave":
-      return 4;
-    case "message":
-      switch (ec()) {
-        case fc:
-          return 1;
-        case gc:
-          return 4;
-        case hc:
-        case ic:
-          return 16;
-        case jc:
-          return 536870912;
-        default:
-          return 16;
-      }
-    default:
-      return 16;
-  }
-}
-var kd = null,
-  ld = null,
-  md = null;
-function nd() {
-  if (md) return md;
-  var a,
-    b = ld,
-    c = b.length,
-    d,
-    e = "value" in kd ? kd.value : kd.textContent,
-    f = e.length;
-  for (a = 0; a < c && b[a] === e[a]; a++);
-  var g = c - a;
-  for (d = 1; d <= g && b[c - d] === e[f - d]; d++);
-  return md = e.slice(a, 1 < d ? 1 - d : void 0);
-}
-function od(a) {
-  var b = a.keyCode;
-  "charCode" in a ? (a = a.charCode, 0 === a && 13 === b && (a = 13)) : a = b;
-  10 === a && (a = 13);
-  return 32 <= a || 13 === a ? a : 0;
-}
-function pd() {
-  return !0;
-}
-function qd() {
-  return !1;
-}
-function rd(a) {
-  function b(b, d, e, f, g) {
-    this._reactName = b;
-    this._targetInst = e;
-    this.type = d;
-    this.nativeEvent = f;
-    this.target = g;
-    this.currentTarget = null;
-    for (var c in a) a.hasOwnProperty(c) && (b = a[c], this[c] = b ? b(f) : f[c]);
-    this.isDefaultPrevented = (null != f.defaultPrevented ? f.defaultPrevented : !1 === f.returnValue) ? pd : qd;
-    this.isPropagationStopped = qd;
-    return this;
-  }
-  A(b.prototype, {
-    preventDefault: function preventDefault() {
-      this.defaultPrevented = !0;
-      var a = this.nativeEvent;
-      a && (a.preventDefault ? a.preventDefault() : "unknown" !== typeof a.returnValue && (a.returnValue = !1), this.isDefaultPrevented = pd);
-    },
-    stopPropagation: function stopPropagation() {
-      var a = this.nativeEvent;
-      a && (a.stopPropagation ? a.stopPropagation() : "unknown" !== typeof a.cancelBubble && (a.cancelBubble = !0), this.isPropagationStopped = pd);
-    },
-    persist: function persist() {},
-    isPersistent: pd
-  });
-  return b;
-}
-var sd = {
-    eventPhase: 0,
-    bubbles: 0,
-    cancelable: 0,
-    timeStamp: function timeStamp(a) {
-      return a.timeStamp || Date.now();
-    },
-    defaultPrevented: 0,
-    isTrusted: 0
-  },
-  td = rd(sd),
-  ud = A({}, sd, {
-    view: 0,
-    detail: 0
-  }),
-  vd = rd(ud),
-  wd,
-  xd,
-  yd,
-  Ad = A({}, ud, {
-    screenX: 0,
-    screenY: 0,
-    clientX: 0,
-    clientY: 0,
-    pageX: 0,
-    pageY: 0,
-    ctrlKey: 0,
-    shiftKey: 0,
-    altKey: 0,
-    metaKey: 0,
-    getModifierState: zd,
-    button: 0,
-    buttons: 0,
-    relatedTarget: function relatedTarget(a) {
-      return void 0 === a.relatedTarget ? a.fromElement === a.srcElement ? a.toElement : a.fromElement : a.relatedTarget;
-    },
-    movementX: function movementX(a) {
-      if ("movementX" in a) return a.movementX;
-      a !== yd && (yd && "mousemove" === a.type ? (wd = a.screenX - yd.screenX, xd = a.screenY - yd.screenY) : xd = wd = 0, yd = a);
-      return wd;
-    },
-    movementY: function movementY(a) {
-      return "movementY" in a ? a.movementY : xd;
-    }
-  }),
-  Bd = rd(Ad),
-  Cd = A({}, Ad, {
-    dataTransfer: 0
-  }),
-  Dd = rd(Cd),
-  Ed = A({}, ud, {
-    relatedTarget: 0
-  }),
-  Fd = rd(Ed),
-  Gd = A({}, sd, {
-    animationName: 0,
-    elapsedTime: 0,
-    pseudoElement: 0
-  }),
-  Hd = rd(Gd),
-  Id = A({}, sd, {
-    clipboardData: function clipboardData(a) {
-      return "clipboardData" in a ? a.clipboardData : window.clipboardData;
-    }
-  }),
-  Jd = rd(Id),
-  Kd = A({}, sd, {
-    data: 0
-  }),
-  Ld = rd(Kd),
-  Md = {
-    Esc: "Escape",
-    Spacebar: " ",
-    Left: "ArrowLeft",
-    Up: "ArrowUp",
-    Right: "ArrowRight",
-    Down: "ArrowDown",
-    Del: "Delete",
-    Win: "OS",
-    Menu: "ContextMenu",
-    Apps: "ContextMenu",
-    Scroll: "ScrollLock",
-    MozPrintableKey: "Unidentified"
-  },
-  Nd = {
-    8: "Backspace",
-    9: "Tab",
-    12: "Clear",
-    13: "Enter",
-    16: "Shift",
-    17: "Control",
-    18: "Alt",
-    19: "Pause",
-    20: "CapsLock",
-    27: "Escape",
-    32: " ",
-    33: "PageUp",
-    34: "PageDown",
-    35: "End",
-    36: "Home",
-    37: "ArrowLeft",
-    38: "ArrowUp",
-    39: "ArrowRight",
-    40: "ArrowDown",
-    45: "Insert",
-    46: "Delete",
-    112: "F1",
-    113: "F2",
-    114: "F3",
-    115: "F4",
-    116: "F5",
-    117: "F6",
-    118: "F7",
-    119: "F8",
-    120: "F9",
-    121: "F10",
-    122: "F11",
-    123: "F12",
-    144: "NumLock",
-    145: "ScrollLock",
-    224: "Meta"
-  },
-  Od = {
-    Alt: "altKey",
-    Control: "ctrlKey",
-    Meta: "metaKey",
-    Shift: "shiftKey"
-  };
-function Pd(a) {
-  var b = this.nativeEvent;
-  return b.getModifierState ? b.getModifierState(a) : (a = Od[a]) ? !!b[a] : !1;
-}
-function zd() {
-  return Pd;
-}
-var Qd = A({}, ud, {
-    key: function key(a) {
-      if (a.key) {
-        var b = Md[a.key] || a.key;
-        if ("Unidentified" !== b) return b;
-      }
-      return "keypress" === a.type ? (a = od(a), 13 === a ? "Enter" : String.fromCharCode(a)) : "keydown" === a.type || "keyup" === a.type ? Nd[a.keyCode] || "Unidentified" : "";
-    },
-    code: 0,
-    location: 0,
-    ctrlKey: 0,
-    shiftKey: 0,
-    altKey: 0,
-    metaKey: 0,
-    repeat: 0,
-    locale: 0,
-    getModifierState: zd,
-    charCode: function charCode(a) {
-      return "keypress" === a.type ? od(a) : 0;
-    },
-    keyCode: function keyCode(a) {
-      return "keydown" === a.type || "keyup" === a.type ? a.keyCode : 0;
-    },
-    which: function which(a) {
-      return "keypress" === a.type ? od(a) : "keydown" === a.type || "keyup" === a.type ? a.keyCode : 0;
-    }
-  }),
-  Rd = rd(Qd),
-  Sd = A({}, Ad, {
-    pointerId: 0,
-    width: 0,
-    height: 0,
-    pressure: 0,
-    tangentialPressure: 0,
-    tiltX: 0,
-    tiltY: 0,
-    twist: 0,
-    pointerType: 0,
-    isPrimary: 0
-  }),
-  Td = rd(Sd),
-  Ud = A({}, ud, {
-    touches: 0,
-    targetTouches: 0,
-    changedTouches: 0,
-    altKey: 0,
-    metaKey: 0,
-    ctrlKey: 0,
-    shiftKey: 0,
-    getModifierState: zd
-  }),
-  Vd = rd(Ud),
-  Wd = A({}, sd, {
-    propertyName: 0,
-    elapsedTime: 0,
-    pseudoElement: 0
-  }),
-  Xd = rd(Wd),
-  Yd = A({}, Ad, {
-    deltaX: function deltaX(a) {
-      return "deltaX" in a ? a.deltaX : "wheelDeltaX" in a ? -a.wheelDeltaX : 0;
-    },
-    deltaY: function deltaY(a) {
-      return "deltaY" in a ? a.deltaY : "wheelDeltaY" in a ? -a.wheelDeltaY : "wheelDelta" in a ? -a.wheelDelta : 0;
-    },
-    deltaZ: 0,
-    deltaMode: 0
-  }),
-  Zd = rd(Yd),
-  $d = [9, 13, 27, 32],
-  ae = ia && "CompositionEvent" in window,
-  be = null;
-ia && "documentMode" in document && (be = document.documentMode);
-var ce = ia && "TextEvent" in window && !be,
-  de = ia && (!ae || be && 8 < be && 11 >= be),
-  ee = String.fromCharCode(32),
-  fe = !1;
-function ge(a, b) {
-  switch (a) {
-    case "keyup":
-      return -1 !== $d.indexOf(b.keyCode);
-    case "keydown":
-      return 229 !== b.keyCode;
-    case "keypress":
-    case "mousedown":
-    case "focusout":
-      return !0;
-    default:
-      return !1;
-  }
-}
-function he(a) {
-  a = a.detail;
-  return "object" === typeof a && "data" in a ? a.data : null;
-}
-var ie = !1;
-function je(a, b) {
-  switch (a) {
-    case "compositionend":
-      return he(b);
-    case "keypress":
-      if (32 !== b.which) return null;
-      fe = !0;
-      return ee;
-    case "textInput":
-      return a = b.data, a === ee && fe ? null : a;
-    default:
-      return null;
-  }
-}
-function ke(a, b) {
-  if (ie) return "compositionend" === a || !ae && ge(a, b) ? (a = nd(), md = ld = kd = null, ie = !1, a) : null;
-  switch (a) {
-    case "paste":
-      return null;
-    case "keypress":
-      if (!(b.ctrlKey || b.altKey || b.metaKey) || b.ctrlKey && b.altKey) {
-        if (b.char && 1 < b.char.length) return b.char;
-        if (b.which) return String.fromCharCode(b.which);
-      }
-      return null;
-    case "compositionend":
-      return de && "ko" !== b.locale ? null : b.data;
-    default:
-      return null;
-  }
-}
-var le = {
-  color: !0,
-  date: !0,
-  datetime: !0,
-  "datetime-local": !0,
-  email: !0,
-  month: !0,
-  number: !0,
-  password: !0,
-  range: !0,
-  search: !0,
-  tel: !0,
-  text: !0,
-  time: !0,
-  url: !0,
-  week: !0
-};
-function me(a) {
-  var b = a && a.nodeName && a.nodeName.toLowerCase();
-  return "input" === b ? !!le[a.type] : "textarea" === b ? !0 : !1;
-}
-function ne(a, b, c, d) {
-  Eb(d);
-  b = oe(b, "onChange");
-  0 < b.length && (c = new td("onChange", "change", null, c, d), a.push({
-    event: c,
-    listeners: b
-  }));
-}
-var pe = null,
-  qe = null;
-function re(a) {
-  se(a, 0);
-}
-function te(a) {
-  var b = ue(a);
-  if (Wa(b)) return a;
-}
-function ve(a, b) {
-  if ("change" === a) return b;
-}
-var we = !1;
-if (ia) {
-  var xe;
-  if (ia) {
-    var ye = ("oninput" in document);
-    if (!ye) {
-      var ze = document.createElement("div");
-      ze.setAttribute("oninput", "return;");
-      ye = "function" === typeof ze.oninput;
-    }
-    xe = ye;
-  } else xe = !1;
-  we = xe && (!document.documentMode || 9 < document.documentMode);
-}
-function Ae() {
-  pe && (pe.detachEvent("onpropertychange", Be), qe = pe = null);
-}
-function Be(a) {
-  if ("value" === a.propertyName && te(qe)) {
-    var b = [];
-    ne(b, qe, a, xb(a));
-    Jb(re, b);
-  }
-}
-function Ce(a, b, c) {
-  "focusin" === a ? (Ae(), pe = b, qe = c, pe.attachEvent("onpropertychange", Be)) : "focusout" === a && Ae();
-}
-function De(a) {
-  if ("selectionchange" === a || "keyup" === a || "keydown" === a) return te(qe);
-}
-function Ee(a, b) {
-  if ("click" === a) return te(b);
-}
-function Fe(a, b) {
-  if ("input" === a || "change" === a) return te(b);
-}
-function Ge(a, b) {
-  return a === b && (0 !== a || 1 / a === 1 / b) || a !== a && b !== b;
-}
-var He = "function" === typeof Object.is ? Object.is : Ge;
-function Ie(a, b) {
-  if (He(a, b)) return !0;
-  if ("object" !== typeof a || null === a || "object" !== typeof b || null === b) return !1;
-  var c = Object.keys(a),
-    d = Object.keys(b);
-  if (c.length !== d.length) return !1;
-  for (d = 0; d < c.length; d++) {
-    var e = c[d];
-    if (!ja.call(b, e) || !He(a[e], b[e])) return !1;
-  }
-  return !0;
-}
-function Je(a) {
-  for (; a && a.firstChild;) a = a.firstChild;
-  return a;
-}
-function Ke(a, b) {
-  var c = Je(a);
-  a = 0;
-  for (var d; c;) {
-    if (3 === c.nodeType) {
-      d = a + c.textContent.length;
-      if (a <= b && d >= b) return {
-        node: c,
-        offset: b - a
-      };
-      a = d;
-    }
-    a: {
-      for (; c;) {
-        if (c.nextSibling) {
-          c = c.nextSibling;
-          break a;
-        }
-        c = c.parentNode;
-      }
-      c = void 0;
-    }
-    c = Je(c);
-  }
-}
-function Le(a, b) {
-  return a && b ? a === b ? !0 : a && 3 === a.nodeType ? !1 : b && 3 === b.nodeType ? Le(a, b.parentNode) : "contains" in a ? a.contains(b) : a.compareDocumentPosition ? !!(a.compareDocumentPosition(b) & 16) : !1 : !1;
-}
-function Me() {
-  for (var a = window, b = Xa(); b instanceof a.HTMLIFrameElement;) {
-    try {
-      var c = "string" === typeof b.contentWindow.location.href;
-    } catch (d) {
-      c = !1;
-    }
-    if (c) a = b.contentWindow;else break;
-    b = Xa(a.document);
-  }
-  return b;
-}
-function Ne(a) {
-  var b = a && a.nodeName && a.nodeName.toLowerCase();
-  return b && ("input" === b && ("text" === a.type || "search" === a.type || "tel" === a.type || "url" === a.type || "password" === a.type) || "textarea" === b || "true" === a.contentEditable);
-}
-function Oe(a) {
-  var b = Me(),
-    c = a.focusedElem,
-    d = a.selectionRange;
-  if (b !== c && c && c.ownerDocument && Le(c.ownerDocument.documentElement, c)) {
-    if (null !== d && Ne(c)) if (b = d.start, a = d.end, void 0 === a && (a = b), "selectionStart" in c) c.selectionStart = b, c.selectionEnd = Math.min(a, c.value.length);else if (a = (b = c.ownerDocument || document) && b.defaultView || window, a.getSelection) {
-      a = a.getSelection();
-      var e = c.textContent.length,
-        f = Math.min(d.start, e);
-      d = void 0 === d.end ? f : Math.min(d.end, e);
-      !a.extend && f > d && (e = d, d = f, f = e);
-      e = Ke(c, f);
-      var g = Ke(c, d);
-      e && g && (1 !== a.rangeCount || a.anchorNode !== e.node || a.anchorOffset !== e.offset || a.focusNode !== g.node || a.focusOffset !== g.offset) && (b = b.createRange(), b.setStart(e.node, e.offset), a.removeAllRanges(), f > d ? (a.addRange(b), a.extend(g.node, g.offset)) : (b.setEnd(g.node, g.offset), a.addRange(b)));
-    }
-    b = [];
-    for (a = c; a = a.parentNode;) 1 === a.nodeType && b.push({
-      element: a,
-      left: a.scrollLeft,
-      top: a.scrollTop
-    });
-    "function" === typeof c.focus && c.focus();
-    for (c = 0; c < b.length; c++) a = b[c], a.element.scrollLeft = a.left, a.element.scrollTop = a.top;
-  }
-}
-var Pe = ia && "documentMode" in document && 11 >= document.documentMode,
-  Qe = null,
-  Re = null,
-  Se = null,
-  Te = !1;
-function Ue(a, b, c) {
-  var d = c.window === c ? c.document : 9 === c.nodeType ? c : c.ownerDocument;
-  Te || null == Qe || Qe !== Xa(d) || (d = Qe, "selectionStart" in d && Ne(d) ? d = {
-    start: d.selectionStart,
-    end: d.selectionEnd
-  } : (d = (d.ownerDocument && d.ownerDocument.defaultView || window).getSelection(), d = {
-    anchorNode: d.anchorNode,
-    anchorOffset: d.anchorOffset,
-    focusNode: d.focusNode,
-    focusOffset: d.focusOffset
-  }), Se && Ie(Se, d) || (Se = d, d = oe(Re, "onSelect"), 0 < d.length && (b = new td("onSelect", "select", null, b, c), a.push({
-    event: b,
-    listeners: d
-  }), b.target = Qe)));
-}
-function Ve(a, b) {
-  var c = {};
-  c[a.toLowerCase()] = b.toLowerCase();
-  c["Webkit" + a] = "webkit" + b;
-  c["Moz" + a] = "moz" + b;
-  return c;
-}
-var We = {
-    animationend: Ve("Animation", "AnimationEnd"),
-    animationiteration: Ve("Animation", "AnimationIteration"),
-    animationstart: Ve("Animation", "AnimationStart"),
-    transitionend: Ve("Transition", "TransitionEnd")
-  },
-  Xe = {},
-  Ye = {};
-ia && (Ye = document.createElement("div").style, "AnimationEvent" in window || (delete We.animationend.animation, delete We.animationiteration.animation, delete We.animationstart.animation), "TransitionEvent" in window || delete We.transitionend.transition);
-function Ze(a) {
-  if (Xe[a]) return Xe[a];
-  if (!We[a]) return a;
-  var b = We[a],
-    c;
-  for (c in b) if (b.hasOwnProperty(c) && c in Ye) return Xe[a] = b[c];
-  return a;
-}
-var $e = Ze("animationend"),
-  af = Ze("animationiteration"),
-  bf = Ze("animationstart"),
-  cf = Ze("transitionend"),
-  df = new Map(),
-  ef = "abort auxClick cancel canPlay canPlayThrough click close contextMenu copy cut drag dragEnd dragEnter dragExit dragLeave dragOver dragStart drop durationChange emptied encrypted ended error gotPointerCapture input invalid keyDown keyPress keyUp load loadedData loadedMetadata loadStart lostPointerCapture mouseDown mouseMove mouseOut mouseOver mouseUp paste pause play playing pointerCancel pointerDown pointerMove pointerOut pointerOver pointerUp progress rateChange reset resize seeked seeking stalled submit suspend timeUpdate touchCancel touchEnd touchStart volumeChange scroll toggle touchMove waiting wheel".split(" ");
-function ff(a, b) {
-  df.set(a, b);
-  fa(b, [a]);
-}
-for (var gf = 0; gf < ef.length; gf++) {
-  var hf = ef[gf],
-    jf = hf.toLowerCase(),
-    kf = hf[0].toUpperCase() + hf.slice(1);
-  ff(jf, "on" + kf);
-}
-ff($e, "onAnimationEnd");
-ff(af, "onAnimationIteration");
-ff(bf, "onAnimationStart");
-ff("dblclick", "onDoubleClick");
-ff("focusin", "onFocus");
-ff("focusout", "onBlur");
-ff(cf, "onTransitionEnd");
-ha("onMouseEnter", ["mouseout", "mouseover"]);
-ha("onMouseLeave", ["mouseout", "mouseover"]);
-ha("onPointerEnter", ["pointerout", "pointerover"]);
-ha("onPointerLeave", ["pointerout", "pointerover"]);
-fa("onChange", "change click focusin focusout input keydown keyup selectionchange".split(" "));
-fa("onSelect", "focusout contextmenu dragend focusin keydown keyup mousedown mouseup selectionchange".split(" "));
-fa("onBeforeInput", ["compositionend", "keypress", "textInput", "paste"]);
-fa("onCompositionEnd", "compositionend focusout keydown keypress keyup mousedown".split(" "));
-fa("onCompositionStart", "compositionstart focusout keydown keypress keyup mousedown".split(" "));
-fa("onCompositionUpdate", "compositionupdate focusout keydown keypress keyup mousedown".split(" "));
-var lf = "abort canplay canplaythrough durationchange emptied encrypted ended error loadeddata loadedmetadata loadstart pause play playing progress ratechange resize seeked seeking stalled suspend timeupdate volumechange waiting".split(" "),
-  mf = new Set("cancel close invalid load scroll toggle".split(" ").concat(lf));
-function nf(a, b, c) {
-  var d = a.type || "unknown-event";
-  a.currentTarget = c;
-  Ub(d, b, void 0, a);
-  a.currentTarget = null;
-}
-function se(a, b) {
-  b = 0 !== (b & 4);
-  for (var c = 0; c < a.length; c++) {
-    var d = a[c],
-      e = d.event;
-    d = d.listeners;
-    a: {
-      var f = void 0;
-      if (b) for (var g = d.length - 1; 0 <= g; g--) {
-        var h = d[g],
-          k = h.instance,
-          l = h.currentTarget;
-        h = h.listener;
-        if (k !== f && e.isPropagationStopped()) break a;
-        nf(e, h, l);
-        f = k;
-      } else for (g = 0; g < d.length; g++) {
-        h = d[g];
-        k = h.instance;
-        l = h.currentTarget;
-        h = h.listener;
-        if (k !== f && e.isPropagationStopped()) break a;
-        nf(e, h, l);
-        f = k;
-      }
-    }
-  }
-  if (Qb) throw a = Rb, Qb = !1, Rb = null, a;
-}
-function D(a, b) {
-  var c = b[of];
-  void 0 === c && (c = b[of] = new Set());
-  var d = a + "__bubble";
-  c.has(d) || (pf(b, a, 2, !1), c.add(d));
-}
-function qf(a, b, c) {
-  var d = 0;
-  b && (d |= 4);
-  pf(c, a, d, b);
-}
-var rf = "_reactListening" + Math.random().toString(36).slice(2);
-function sf(a) {
-  if (!a[rf]) {
-    a[rf] = !0;
-    da.forEach(function (b) {
-      "selectionchange" !== b && (mf.has(b) || qf(b, !1, a), qf(b, !0, a));
-    });
-    var b = 9 === a.nodeType ? a : a.ownerDocument;
-    null === b || b[rf] || (b[rf] = !0, qf("selectionchange", !1, b));
-  }
-}
-function pf(a, b, c, d) {
-  switch (jd(b)) {
-    case 1:
-      var e = ed;
-      break;
-    case 4:
-      e = gd;
-      break;
-    default:
-      e = fd;
-  }
-  c = e.bind(null, b, c, a);
-  e = void 0;
-  !Lb || "touchstart" !== b && "touchmove" !== b && "wheel" !== b || (e = !0);
-  d ? void 0 !== e ? a.addEventListener(b, c, {
-    capture: !0,
-    passive: e
-  }) : a.addEventListener(b, c, !0) : void 0 !== e ? a.addEventListener(b, c, {
-    passive: e
-  }) : a.addEventListener(b, c, !1);
-}
-function hd(a, b, c, d, e) {
-  var f = d;
-  if (0 === (b & 1) && 0 === (b & 2) && null !== d) a: for (;;) {
-    if (null === d) return;
-    var g = d.tag;
-    if (3 === g || 4 === g) {
-      var h = d.stateNode.containerInfo;
-      if (h === e || 8 === h.nodeType && h.parentNode === e) break;
-      if (4 === g) for (g = d.return; null !== g;) {
-        var k = g.tag;
-        if (3 === k || 4 === k) if (k = g.stateNode.containerInfo, k === e || 8 === k.nodeType && k.parentNode === e) return;
-        g = g.return;
-      }
-      for (; null !== h;) {
-        g = Wc(h);
-        if (null === g) return;
-        k = g.tag;
-        if (5 === k || 6 === k) {
-          d = f = g;
-          continue a;
-        }
-        h = h.parentNode;
-      }
-    }
-    d = d.return;
-  }
-  Jb(function () {
-    var d = f,
-      e = xb(c),
-      g = [];
-    a: {
-      var h = df.get(a);
-      if (void 0 !== h) {
-        var k = td,
-          n = a;
-        switch (a) {
-          case "keypress":
-            if (0 === od(c)) break a;
-          case "keydown":
-          case "keyup":
-            k = Rd;
-            break;
-          case "focusin":
-            n = "focus";
-            k = Fd;
-            break;
-          case "focusout":
-            n = "blur";
-            k = Fd;
-            break;
-          case "beforeblur":
-          case "afterblur":
-            k = Fd;
-            break;
-          case "click":
-            if (2 === c.button) break a;
-          case "auxclick":
-          case "dblclick":
-          case "mousedown":
-          case "mousemove":
-          case "mouseup":
-          case "mouseout":
-          case "mouseover":
-          case "contextmenu":
-            k = Bd;
-            break;
-          case "drag":
-          case "dragend":
-          case "dragenter":
-          case "dragexit":
-          case "dragleave":
-          case "dragover":
-          case "dragstart":
-          case "drop":
-            k = Dd;
-            break;
-          case "touchcancel":
-          case "touchend":
-          case "touchmove":
-          case "touchstart":
-            k = Vd;
-            break;
-          case $e:
-          case af:
-          case bf:
-            k = Hd;
-            break;
-          case cf:
-            k = Xd;
-            break;
-          case "scroll":
-            k = vd;
-            break;
-          case "wheel":
-            k = Zd;
-            break;
-          case "copy":
-          case "cut":
-          case "paste":
-            k = Jd;
-            break;
-          case "gotpointercapture":
-          case "lostpointercapture":
-          case "pointercancel":
-          case "pointerdown":
-          case "pointermove":
-          case "pointerout":
-          case "pointerover":
-          case "pointerup":
-            k = Td;
-        }
-        var t = 0 !== (b & 4),
-          J = !t && "scroll" === a,
-          x = t ? null !== h ? h + "Capture" : null : h;
-        t = [];
-        for (var w = d, u; null !== w;) {
-          u = w;
-          var F = u.stateNode;
-          5 === u.tag && null !== F && (u = F, null !== x && (F = Kb(w, x), null != F && t.push(tf(w, F, u))));
-          if (J) break;
-          w = w.return;
-        }
-        0 < t.length && (h = new k(h, n, null, c, e), g.push({
-          event: h,
-          listeners: t
-        }));
-      }
-    }
-    if (0 === (b & 7)) {
-      a: {
-        h = "mouseover" === a || "pointerover" === a;
-        k = "mouseout" === a || "pointerout" === a;
-        if (h && c !== wb && (n = c.relatedTarget || c.fromElement) && (Wc(n) || n[uf])) break a;
-        if (k || h) {
-          h = e.window === e ? e : (h = e.ownerDocument) ? h.defaultView || h.parentWindow : window;
-          if (k) {
-            if (n = c.relatedTarget || c.toElement, k = d, n = n ? Wc(n) : null, null !== n && (J = Vb(n), n !== J || 5 !== n.tag && 6 !== n.tag)) n = null;
-          } else k = null, n = d;
-          if (k !== n) {
-            t = Bd;
-            F = "onMouseLeave";
-            x = "onMouseEnter";
-            w = "mouse";
-            if ("pointerout" === a || "pointerover" === a) t = Td, F = "onPointerLeave", x = "onPointerEnter", w = "pointer";
-            J = null == k ? h : ue(k);
-            u = null == n ? h : ue(n);
-            h = new t(F, w + "leave", k, c, e);
-            h.target = J;
-            h.relatedTarget = u;
-            F = null;
-            Wc(e) === d && (t = new t(x, w + "enter", n, c, e), t.target = u, t.relatedTarget = J, F = t);
-            J = F;
-            if (k && n) b: {
-              t = k;
-              x = n;
-              w = 0;
-              for (u = t; u; u = vf(u)) w++;
-              u = 0;
-              for (F = x; F; F = vf(F)) u++;
-              for (; 0 < w - u;) t = vf(t), w--;
-              for (; 0 < u - w;) x = vf(x), u--;
-              for (; w--;) {
-                if (t === x || null !== x && t === x.alternate) break b;
-                t = vf(t);
-                x = vf(x);
-              }
-              t = null;
-            } else t = null;
-            null !== k && wf(g, h, k, t, !1);
-            null !== n && null !== J && wf(g, J, n, t, !0);
-          }
-        }
-      }
-      a: {
-        h = d ? ue(d) : window;
-        k = h.nodeName && h.nodeName.toLowerCase();
-        if ("select" === k || "input" === k && "file" === h.type) var na = ve;else if (me(h)) {
-          if (we) na = Fe;else {
-            na = De;
-            var xa = Ce;
-          }
-        } else (k = h.nodeName) && "input" === k.toLowerCase() && ("checkbox" === h.type || "radio" === h.type) && (na = Ee);
-        if (na && (na = na(a, d))) {
-          ne(g, na, c, e);
-          break a;
-        }
-        xa && xa(a, h, d);
-        "focusout" === a && (xa = h._wrapperState) && xa.controlled && "number" === h.type && cb(h, "number", h.value);
-      }
-      xa = d ? ue(d) : window;
-      switch (a) {
-        case "focusin":
-          if (me(xa) || "true" === xa.contentEditable) Qe = xa, Re = d, Se = null;
-          break;
-        case "focusout":
-          Se = Re = Qe = null;
-          break;
-        case "mousedown":
-          Te = !0;
-          break;
-        case "contextmenu":
-        case "mouseup":
-        case "dragend":
-          Te = !1;
-          Ue(g, c, e);
-          break;
-        case "selectionchange":
-          if (Pe) break;
-        case "keydown":
-        case "keyup":
-          Ue(g, c, e);
-      }
-      var $a;
-      if (ae) b: {
-        switch (a) {
-          case "compositionstart":
-            var ba = "onCompositionStart";
-            break b;
-          case "compositionend":
-            ba = "onCompositionEnd";
-            break b;
-          case "compositionupdate":
-            ba = "onCompositionUpdate";
-            break b;
-        }
-        ba = void 0;
-      } else ie ? ge(a, c) && (ba = "onCompositionEnd") : "keydown" === a && 229 === c.keyCode && (ba = "onCompositionStart");
-      ba && (de && "ko" !== c.locale && (ie || "onCompositionStart" !== ba ? "onCompositionEnd" === ba && ie && ($a = nd()) : (kd = e, ld = "value" in kd ? kd.value : kd.textContent, ie = !0)), xa = oe(d, ba), 0 < xa.length && (ba = new Ld(ba, a, null, c, e), g.push({
-        event: ba,
-        listeners: xa
-      }), $a ? ba.data = $a : ($a = he(c), null !== $a && (ba.data = $a))));
-      if ($a = ce ? je(a, c) : ke(a, c)) d = oe(d, "onBeforeInput"), 0 < d.length && (e = new Ld("onBeforeInput", "beforeinput", null, c, e), g.push({
-        event: e,
-        listeners: d
-      }), e.data = $a);
-    }
-    se(g, b);
-  });
-}
-function tf(a, b, c) {
-  return {
-    instance: a,
-    listener: b,
-    currentTarget: c
-  };
-}
-function oe(a, b) {
-  for (var c = b + "Capture", d = []; null !== a;) {
-    var e = a,
-      f = e.stateNode;
-    5 === e.tag && null !== f && (e = f, f = Kb(a, c), null != f && d.unshift(tf(a, f, e)), f = Kb(a, b), null != f && d.push(tf(a, f, e)));
-    a = a.return;
-  }
-  return d;
-}
-function vf(a) {
-  if (null === a) return null;
-  do a = a.return; while (a && 5 !== a.tag);
-  return a ? a : null;
-}
-function wf(a, b, c, d, e) {
-  for (var f = b._reactName, g = []; null !== c && c !== d;) {
-    var h = c,
-      k = h.alternate,
-      l = h.stateNode;
-    if (null !== k && k === d) break;
-    5 === h.tag && null !== l && (h = l, e ? (k = Kb(c, f), null != k && g.unshift(tf(c, k, h))) : e || (k = Kb(c, f), null != k && g.push(tf(c, k, h))));
-    c = c.return;
-  }
-  0 !== g.length && a.push({
-    event: b,
-    listeners: g
-  });
-}
-var xf = /\r\n?/g,
-  yf = /\u0000|\uFFFD/g;
-function zf(a) {
-  return ("string" === typeof a ? a : "" + a).replace(xf, "\n").replace(yf, "");
-}
-function Af(a, b, c) {
-  b = zf(b);
-  if (zf(a) !== b && c) throw Error(p(425));
-}
-function Bf() {}
-var Cf = null,
-  Df = null;
-function Ef(a, b) {
-  return "textarea" === a || "noscript" === a || "string" === typeof b.children || "number" === typeof b.children || "object" === typeof b.dangerouslySetInnerHTML && null !== b.dangerouslySetInnerHTML && null != b.dangerouslySetInnerHTML.__html;
-}
-var Ff = "function" === typeof setTimeout ? setTimeout : void 0,
-  Gf = "function" === typeof clearTimeout ? clearTimeout : void 0,
-  Hf = "function" === typeof Promise ? Promise : void 0,
-  Jf = "function" === typeof queueMicrotask ? queueMicrotask : "undefined" !== typeof Hf ? function (a) {
-    return Hf.resolve(null).then(a).catch(If);
-  } : Ff;
-function If(a) {
-  setTimeout(function () {
-    throw a;
-  });
-}
-function Kf(a, b) {
-  var c = b,
-    d = 0;
-  do {
-    var e = c.nextSibling;
-    a.removeChild(c);
-    if (e && 8 === e.nodeType) if (c = e.data, "/$" === c) {
-      if (0 === d) {
-        a.removeChild(e);
-        bd(b);
-        return;
-      }
-      d--;
-    } else "$" !== c && "$?" !== c && "$!" !== c || d++;
-    c = e;
-  } while (c);
-  bd(b);
-}
-function Lf(a) {
-  for (; null != a; a = a.nextSibling) {
-    var b = a.nodeType;
-    if (1 === b || 3 === b) break;
-    if (8 === b) {
-      b = a.data;
-      if ("$" === b || "$!" === b || "$?" === b) break;
-      if ("/$" === b) return null;
-    }
-  }
-  return a;
-}
-function Mf(a) {
-  a = a.previousSibling;
-  for (var b = 0; a;) {
-    if (8 === a.nodeType) {
-      var c = a.data;
-      if ("$" === c || "$!" === c || "$?" === c) {
-        if (0 === b) return a;
-        b--;
-      } else "/$" === c && b++;
-    }
-    a = a.previousSibling;
-  }
-  return null;
-}
-var Nf = Math.random().toString(36).slice(2),
-  Of = "__reactFiber$" + Nf,
-  Pf = "__reactProps$" + Nf,
-  uf = "__reactContainer$" + Nf,
-  of = "__reactEvents$" + Nf,
-  Qf = "__reactListeners$" + Nf,
-  Rf = "__reactHandles$" + Nf;
-function Wc(a) {
-  var b = a[Of];
-  if (b) return b;
-  for (var c = a.parentNode; c;) {
-    if (b = c[uf] || c[Of]) {
-      c = b.alternate;
-      if (null !== b.child || null !== c && null !== c.child) for (a = Mf(a); null !== a;) {
-        if (c = a[Of]) return c;
-        a = Mf(a);
-      }
-      return b;
-    }
-    a = c;
-    c = a.parentNode;
-  }
-  return null;
-}
-function Cb(a) {
-  a = a[Of] || a[uf];
-  return !a || 5 !== a.tag && 6 !== a.tag && 13 !== a.tag && 3 !== a.tag ? null : a;
-}
-function ue(a) {
-  if (5 === a.tag || 6 === a.tag) return a.stateNode;
-  throw Error(p(33));
-}
-function Db(a) {
-  return a[Pf] || null;
-}
-var Sf = [],
-  Tf = -1;
-function Uf(a) {
-  return {
-    current: a
-  };
-}
-function E(a) {
-  0 > Tf || (a.current = Sf[Tf], Sf[Tf] = null, Tf--);
-}
-function G(a, b) {
-  Tf++;
-  Sf[Tf] = a.current;
-  a.current = b;
-}
-var Vf = {},
-  H = Uf(Vf),
-  Wf = Uf(!1),
-  Xf = Vf;
-function Yf(a, b) {
-  var c = a.type.contextTypes;
-  if (!c) return Vf;
-  var d = a.stateNode;
-  if (d && d.__reactInternalMemoizedUnmaskedChildContext === b) return d.__reactInternalMemoizedMaskedChildContext;
-  var e = {},
-    f;
-  for (f in c) e[f] = b[f];
-  d && (a = a.stateNode, a.__reactInternalMemoizedUnmaskedChildContext = b, a.__reactInternalMemoizedMaskedChildContext = e);
-  return e;
-}
-function Zf(a) {
-  a = a.childContextTypes;
-  return null !== a && void 0 !== a;
-}
-function $f() {
-  E(Wf);
-  E(H);
-}
-function ag(a, b, c) {
-  if (H.current !== Vf) throw Error(p(168));
-  G(H, b);
-  G(Wf, c);
-}
-function bg(a, b, c) {
-  var d = a.stateNode;
-  b = b.childContextTypes;
-  if ("function" !== typeof d.getChildContext) return c;
-  d = d.getChildContext();
-  for (var e in d) if (!(e in b)) throw Error(p(108, Ra(a) || "Unknown", e));
-  return A({}, c, d);
-}
-function cg(a) {
-  a = (a = a.stateNode) && a.__reactInternalMemoizedMergedChildContext || Vf;
-  Xf = H.current;
-  G(H, a);
-  G(Wf, Wf.current);
-  return !0;
-}
-function dg(a, b, c) {
-  var d = a.stateNode;
-  if (!d) throw Error(p(169));
-  c ? (a = bg(a, b, Xf), d.__reactInternalMemoizedMergedChildContext = a, E(Wf), E(H), G(H, a)) : E(Wf);
-  G(Wf, c);
-}
-var eg = null,
-  fg = !1,
-  gg = !1;
-function hg(a) {
-  null === eg ? eg = [a] : eg.push(a);
-}
-function ig(a) {
-  fg = !0;
-  hg(a);
-}
-function jg() {
-  if (!gg && null !== eg) {
-    gg = !0;
-    var a = 0,
-      b = C;
-    try {
-      var c = eg;
-      for (C = 1; a < c.length; a++) {
-        var d = c[a];
-        do d = d(!0); while (null !== d);
-      }
-      eg = null;
-      fg = !1;
-    } catch (e) {
-      throw null !== eg && (eg = eg.slice(a + 1)), ac(fc, jg), e;
-    } finally {
-      C = b, gg = !1;
-    }
-  }
-  return null;
-}
-var kg = [],
-  lg = 0,
-  mg = null,
-  ng = 0,
-  og = [],
-  pg = 0,
-  qg = null,
-  rg = 1,
-  sg = "";
-function tg(a, b) {
-  kg[lg++] = ng;
-  kg[lg++] = mg;
-  mg = a;
-  ng = b;
-}
-function ug(a, b, c) {
-  og[pg++] = rg;
-  og[pg++] = sg;
-  og[pg++] = qg;
-  qg = a;
-  var d = rg;
-  a = sg;
-  var e = 32 - oc(d) - 1;
-  d &= ~(1 << e);
-  c += 1;
-  var f = 32 - oc(b) + e;
-  if (30 < f) {
-    var g = e - e % 5;
-    f = (d & (1 << g) - 1).toString(32);
-    d >>= g;
-    e -= g;
-    rg = 1 << 32 - oc(b) + e | c << e | d;
-    sg = f + a;
-  } else rg = 1 << f | c << e | d, sg = a;
-}
-function vg(a) {
-  null !== a.return && (tg(a, 1), ug(a, 1, 0));
-}
-function wg(a) {
-  for (; a === mg;) mg = kg[--lg], kg[lg] = null, ng = kg[--lg], kg[lg] = null;
-  for (; a === qg;) qg = og[--pg], og[pg] = null, sg = og[--pg], og[pg] = null, rg = og[--pg], og[pg] = null;
-}
-var xg = null,
-  yg = null,
-  I = !1,
-  zg = null;
-function Ag(a, b) {
-  var c = Bg(5, null, null, 0);
-  c.elementType = "DELETED";
-  c.stateNode = b;
-  c.return = a;
-  b = a.deletions;
-  null === b ? (a.deletions = [c], a.flags |= 16) : b.push(c);
-}
-function Cg(a, b) {
-  switch (a.tag) {
-    case 5:
-      var c = a.type;
-      b = 1 !== b.nodeType || c.toLowerCase() !== b.nodeName.toLowerCase() ? null : b;
-      return null !== b ? (a.stateNode = b, xg = a, yg = Lf(b.firstChild), !0) : !1;
-    case 6:
-      return b = "" === a.pendingProps || 3 !== b.nodeType ? null : b, null !== b ? (a.stateNode = b, xg = a, yg = null, !0) : !1;
-    case 13:
-      return b = 8 !== b.nodeType ? null : b, null !== b ? (c = null !== qg ? {
-        id: rg,
-        overflow: sg
-      } : null, a.memoizedState = {
-        dehydrated: b,
-        treeContext: c,
-        retryLane: 1073741824
-      }, c = Bg(18, null, null, 0), c.stateNode = b, c.return = a, a.child = c, xg = a, yg = null, !0) : !1;
-    default:
-      return !1;
-  }
-}
-function Dg(a) {
-  return 0 !== (a.mode & 1) && 0 === (a.flags & 128);
-}
-function Eg(a) {
-  if (I) {
-    var b = yg;
-    if (b) {
-      var c = b;
-      if (!Cg(a, b)) {
-        if (Dg(a)) throw Error(p(418));
-        b = Lf(c.nextSibling);
-        var d = xg;
-        b && Cg(a, b) ? Ag(d, c) : (a.flags = a.flags & -4097 | 2, I = !1, xg = a);
-      }
-    } else {
-      if (Dg(a)) throw Error(p(418));
-      a.flags = a.flags & -4097 | 2;
-      I = !1;
-      xg = a;
-    }
-  }
-}
-function Fg(a) {
-  for (a = a.return; null !== a && 5 !== a.tag && 3 !== a.tag && 13 !== a.tag;) a = a.return;
-  xg = a;
-}
-function Gg(a) {
-  if (a !== xg) return !1;
-  if (!I) return Fg(a), I = !0, !1;
-  var b;
-  (b = 3 !== a.tag) && !(b = 5 !== a.tag) && (b = a.type, b = "head" !== b && "body" !== b && !Ef(a.type, a.memoizedProps));
-  if (b && (b = yg)) {
-    if (Dg(a)) throw Hg(), Error(p(418));
-    for (; b;) Ag(a, b), b = Lf(b.nextSibling);
-  }
-  Fg(a);
-  if (13 === a.tag) {
-    a = a.memoizedState;
-    a = null !== a ? a.dehydrated : null;
-    if (!a) throw Error(p(317));
-    a: {
-      a = a.nextSibling;
-      for (b = 0; a;) {
-        if (8 === a.nodeType) {
-          var c = a.data;
-          if ("/$" === c) {
-            if (0 === b) {
-              yg = Lf(a.nextSibling);
-              break a;
-            }
-            b--;
-          } else "$" !== c && "$!" !== c && "$?" !== c || b++;
-        }
-        a = a.nextSibling;
-      }
-      yg = null;
-    }
-  } else yg = xg ? Lf(a.stateNode.nextSibling) : null;
-  return !0;
-}
-function Hg() {
-  for (var a = yg; a;) a = Lf(a.nextSibling);
-}
-function Ig() {
-  yg = xg = null;
-  I = !1;
-}
-function Jg(a) {
-  null === zg ? zg = [a] : zg.push(a);
-}
-var Kg = ua.ReactCurrentBatchConfig;
-function Lg(a, b) {
-  if (a && a.defaultProps) {
-    b = A({}, b);
-    a = a.defaultProps;
-    for (var c in a) void 0 === b[c] && (b[c] = a[c]);
-    return b;
-  }
-  return b;
-}
-var Mg = Uf(null),
-  Ng = null,
-  Og = null,
-  Pg = null;
-function Qg() {
-  Pg = Og = Ng = null;
-}
-function Rg(a) {
-  var b = Mg.current;
-  E(Mg);
-  a._currentValue = b;
-}
-function Sg(a, b, c) {
-  for (; null !== a;) {
-    var d = a.alternate;
-    (a.childLanes & b) !== b ? (a.childLanes |= b, null !== d && (d.childLanes |= b)) : null !== d && (d.childLanes & b) !== b && (d.childLanes |= b);
-    if (a === c) break;
-    a = a.return;
-  }
-}
-function Tg(a, b) {
-  Ng = a;
-  Pg = Og = null;
-  a = a.dependencies;
-  null !== a && null !== a.firstContext && (0 !== (a.lanes & b) && (Ug = !0), a.firstContext = null);
-}
-function Vg(a) {
-  var b = a._currentValue;
-  if (Pg !== a) if (a = {
-    context: a,
-    memoizedValue: b,
-    next: null
-  }, null === Og) {
-    if (null === Ng) throw Error(p(308));
-    Og = a;
-    Ng.dependencies = {
-      lanes: 0,
-      firstContext: a
-    };
-  } else Og = Og.next = a;
-  return b;
-}
-var Wg = null;
-function Xg(a) {
-  null === Wg ? Wg = [a] : Wg.push(a);
-}
-function Yg(a, b, c, d) {
-  var e = b.interleaved;
-  null === e ? (c.next = c, Xg(b)) : (c.next = e.next, e.next = c);
-  b.interleaved = c;
-  return Zg(a, d);
-}
-function Zg(a, b) {
-  a.lanes |= b;
-  var c = a.alternate;
-  null !== c && (c.lanes |= b);
-  c = a;
-  for (a = a.return; null !== a;) a.childLanes |= b, c = a.alternate, null !== c && (c.childLanes |= b), c = a, a = a.return;
-  return 3 === c.tag ? c.stateNode : null;
-}
-var $g = !1;
-function ah(a) {
-  a.updateQueue = {
-    baseState: a.memoizedState,
-    firstBaseUpdate: null,
-    lastBaseUpdate: null,
-    shared: {
-      pending: null,
-      interleaved: null,
-      lanes: 0
-    },
-    effects: null
-  };
-}
-function bh(a, b) {
-  a = a.updateQueue;
-  b.updateQueue === a && (b.updateQueue = {
-    baseState: a.baseState,
-    firstBaseUpdate: a.firstBaseUpdate,
-    lastBaseUpdate: a.lastBaseUpdate,
-    shared: a.shared,
-    effects: a.effects
-  });
-}
-function ch(a, b) {
-  return {
-    eventTime: a,
-    lane: b,
-    tag: 0,
-    payload: null,
-    callback: null,
-    next: null
-  };
-}
-function dh(a, b, c) {
-  var d = a.updateQueue;
-  if (null === d) return null;
-  d = d.shared;
-  if (0 !== (K & 2)) {
-    var e = d.pending;
-    null === e ? b.next = b : (b.next = e.next, e.next = b);
-    d.pending = b;
-    return Zg(a, c);
-  }
-  e = d.interleaved;
-  null === e ? (b.next = b, Xg(d)) : (b.next = e.next, e.next = b);
-  d.interleaved = b;
-  return Zg(a, c);
-}
-function eh(a, b, c) {
-  b = b.updateQueue;
-  if (null !== b && (b = b.shared, 0 !== (c & 4194240))) {
-    var d = b.lanes;
-    d &= a.pendingLanes;
-    c |= d;
-    b.lanes = c;
-    Cc(a, c);
-  }
-}
-function fh(a, b) {
-  var c = a.updateQueue,
-    d = a.alternate;
-  if (null !== d && (d = d.updateQueue, c === d)) {
-    var e = null,
-      f = null;
-    c = c.firstBaseUpdate;
-    if (null !== c) {
-      do {
-        var g = {
-          eventTime: c.eventTime,
-          lane: c.lane,
-          tag: c.tag,
-          payload: c.payload,
-          callback: c.callback,
-          next: null
-        };
-        null === f ? e = f = g : f = f.next = g;
-        c = c.next;
-      } while (null !== c);
-      null === f ? e = f = b : f = f.next = b;
-    } else e = f = b;
-    c = {
-      baseState: d.baseState,
-      firstBaseUpdate: e,
-      lastBaseUpdate: f,
-      shared: d.shared,
-      effects: d.effects
-    };
-    a.updateQueue = c;
-    return;
-  }
-  a = c.lastBaseUpdate;
-  null === a ? c.firstBaseUpdate = b : a.next = b;
-  c.lastBaseUpdate = b;
-}
-function gh(a, b, c, d) {
-  var e = a.updateQueue;
-  $g = !1;
-  var f = e.firstBaseUpdate,
-    g = e.lastBaseUpdate,
-    h = e.shared.pending;
-  if (null !== h) {
-    e.shared.pending = null;
-    var k = h,
-      l = k.next;
-    k.next = null;
-    null === g ? f = l : g.next = l;
-    g = k;
-    var m = a.alternate;
-    null !== m && (m = m.updateQueue, h = m.lastBaseUpdate, h !== g && (null === h ? m.firstBaseUpdate = l : h.next = l, m.lastBaseUpdate = k));
-  }
-  if (null !== f) {
-    var q = e.baseState;
-    g = 0;
-    m = l = k = null;
-    h = f;
-    do {
-      var r = h.lane,
-        y = h.eventTime;
-      if ((d & r) === r) {
-        null !== m && (m = m.next = {
-          eventTime: y,
-          lane: 0,
-          tag: h.tag,
-          payload: h.payload,
-          callback: h.callback,
-          next: null
-        });
-        a: {
-          var n = a,
-            t = h;
-          r = b;
-          y = c;
-          switch (t.tag) {
-            case 1:
-              n = t.payload;
-              if ("function" === typeof n) {
-                q = n.call(y, q, r);
-                break a;
-              }
-              q = n;
-              break a;
-            case 3:
-              n.flags = n.flags & -65537 | 128;
-            case 0:
-              n = t.payload;
-              r = "function" === typeof n ? n.call(y, q, r) : n;
-              if (null === r || void 0 === r) break a;
-              q = A({}, q, r);
-              break a;
-            case 2:
-              $g = !0;
-          }
-        }
-        null !== h.callback && 0 !== h.lane && (a.flags |= 64, r = e.effects, null === r ? e.effects = [h] : r.push(h));
-      } else y = {
-        eventTime: y,
-        lane: r,
-        tag: h.tag,
-        payload: h.payload,
-        callback: h.callback,
-        next: null
-      }, null === m ? (l = m = y, k = q) : m = m.next = y, g |= r;
-      h = h.next;
-      if (null === h) if (h = e.shared.pending, null === h) break;else r = h, h = r.next, r.next = null, e.lastBaseUpdate = r, e.shared.pending = null;
-    } while (1);
-    null === m && (k = q);
-    e.baseState = k;
-    e.firstBaseUpdate = l;
-    e.lastBaseUpdate = m;
-    b = e.shared.interleaved;
-    if (null !== b) {
-      e = b;
-      do g |= e.lane, e = e.next; while (e !== b);
-    } else null === f && (e.shared.lanes = 0);
-    hh |= g;
-    a.lanes = g;
-    a.memoizedState = q;
-  }
-}
-function ih(a, b, c) {
-  a = b.effects;
-  b.effects = null;
-  if (null !== a) for (b = 0; b < a.length; b++) {
-    var d = a[b],
-      e = d.callback;
-    if (null !== e) {
-      d.callback = null;
-      d = c;
-      if ("function" !== typeof e) throw Error(p(191, e));
-      e.call(d);
-    }
-  }
-}
-var jh = new aa.Component().refs;
-function kh(a, b, c, d) {
-  b = a.memoizedState;
-  c = c(d, b);
-  c = null === c || void 0 === c ? b : A({}, b, c);
-  a.memoizedState = c;
-  0 === a.lanes && (a.updateQueue.baseState = c);
-}
-var nh = {
-  isMounted: function isMounted(a) {
-    return (a = a._reactInternals) ? Vb(a) === a : !1;
-  },
-  enqueueSetState: function enqueueSetState(a, b, c) {
-    a = a._reactInternals;
-    var d = L(),
-      e = lh(a),
-      f = ch(d, e);
-    f.payload = b;
-    void 0 !== c && null !== c && (f.callback = c);
-    b = dh(a, f, e);
-    null !== b && (mh(b, a, e, d), eh(b, a, e));
-  },
-  enqueueReplaceState: function enqueueReplaceState(a, b, c) {
-    a = a._reactInternals;
-    var d = L(),
-      e = lh(a),
-      f = ch(d, e);
-    f.tag = 1;
-    f.payload = b;
-    void 0 !== c && null !== c && (f.callback = c);
-    b = dh(a, f, e);
-    null !== b && (mh(b, a, e, d), eh(b, a, e));
-  },
-  enqueueForceUpdate: function enqueueForceUpdate(a, b) {
-    a = a._reactInternals;
-    var c = L(),
-      d = lh(a),
-      e = ch(c, d);
-    e.tag = 2;
-    void 0 !== b && null !== b && (e.callback = b);
-    b = dh(a, e, d);
-    null !== b && (mh(b, a, d, c), eh(b, a, d));
-  }
-};
-function oh(a, b, c, d, e, f, g) {
-  a = a.stateNode;
-  return "function" === typeof a.shouldComponentUpdate ? a.shouldComponentUpdate(d, f, g) : b.prototype && b.prototype.isPureReactComponent ? !Ie(c, d) || !Ie(e, f) : !0;
-}
-function ph(a, b, c) {
-  var d = !1,
-    e = Vf;
-  var f = b.contextType;
-  "object" === typeof f && null !== f ? f = Vg(f) : (e = Zf(b) ? Xf : H.current, d = b.contextTypes, f = (d = null !== d && void 0 !== d) ? Yf(a, e) : Vf);
-  b = new b(c, f);
-  a.memoizedState = null !== b.state && void 0 !== b.state ? b.state : null;
-  b.updater = nh;
-  a.stateNode = b;
-  b._reactInternals = a;
-  d && (a = a.stateNode, a.__reactInternalMemoizedUnmaskedChildContext = e, a.__reactInternalMemoizedMaskedChildContext = f);
-  return b;
-}
-function qh(a, b, c, d) {
-  a = b.state;
-  "function" === typeof b.componentWillReceiveProps && b.componentWillReceiveProps(c, d);
-  "function" === typeof b.UNSAFE_componentWillReceiveProps && b.UNSAFE_componentWillReceiveProps(c, d);
-  b.state !== a && nh.enqueueReplaceState(b, b.state, null);
-}
-function rh(a, b, c, d) {
-  var e = a.stateNode;
-  e.props = c;
-  e.state = a.memoizedState;
-  e.refs = jh;
-  ah(a);
-  var f = b.contextType;
-  "object" === typeof f && null !== f ? e.context = Vg(f) : (f = Zf(b) ? Xf : H.current, e.context = Yf(a, f));
-  e.state = a.memoizedState;
-  f = b.getDerivedStateFromProps;
-  "function" === typeof f && (kh(a, b, f, c), e.state = a.memoizedState);
-  "function" === typeof b.getDerivedStateFromProps || "function" === typeof e.getSnapshotBeforeUpdate || "function" !== typeof e.UNSAFE_componentWillMount && "function" !== typeof e.componentWillMount || (b = e.state, "function" === typeof e.componentWillMount && e.componentWillMount(), "function" === typeof e.UNSAFE_componentWillMount && e.UNSAFE_componentWillMount(), b !== e.state && nh.enqueueReplaceState(e, e.state, null), gh(a, c, e, d), e.state = a.memoizedState);
-  "function" === typeof e.componentDidMount && (a.flags |= 4194308);
-}
-function sh(a, b, c) {
-  a = c.ref;
-  if (null !== a && "function" !== typeof a && "object" !== typeof a) {
-    if (c._owner) {
-      c = c._owner;
-      if (c) {
-        if (1 !== c.tag) throw Error(p(309));
-        var d = c.stateNode;
-      }
-      if (!d) throw Error(p(147, a));
-      var e = d,
-        f = "" + a;
-      if (null !== b && null !== b.ref && "function" === typeof b.ref && b.ref._stringRef === f) return b.ref;
-      b = function b(a) {
-        var b = e.refs;
-        b === jh && (b = e.refs = {});
-        null === a ? delete b[f] : b[f] = a;
-      };
-      b._stringRef = f;
-      return b;
-    }
-    if ("string" !== typeof a) throw Error(p(284));
-    if (!c._owner) throw Error(p(290, a));
-  }
-  return a;
-}
-function th(a, b) {
-  a = Object.prototype.toString.call(b);
-  throw Error(p(31, "[object Object]" === a ? "object with keys {" + Object.keys(b).join(", ") + "}" : a));
-}
-function uh(a) {
-  var b = a._init;
-  return b(a._payload);
-}
-function vh(a) {
-  function b(b, c) {
-    if (a) {
-      var d = b.deletions;
-      null === d ? (b.deletions = [c], b.flags |= 16) : d.push(c);
-    }
-  }
-  function c(c, d) {
-    if (!a) return null;
-    for (; null !== d;) b(c, d), d = d.sibling;
-    return null;
-  }
-  function d(a, b) {
-    for (a = new Map(); null !== b;) null !== b.key ? a.set(b.key, b) : a.set(b.index, b), b = b.sibling;
-    return a;
-  }
-  function e(a, b) {
-    a = wh(a, b);
-    a.index = 0;
-    a.sibling = null;
-    return a;
-  }
-  function f(b, c, d) {
-    b.index = d;
-    if (!a) return b.flags |= 1048576, c;
-    d = b.alternate;
-    if (null !== d) return d = d.index, d < c ? (b.flags |= 2, c) : d;
-    b.flags |= 2;
-    return c;
-  }
-  function g(b) {
-    a && null === b.alternate && (b.flags |= 2);
-    return b;
-  }
-  function h(a, b, c, d) {
-    if (null === b || 6 !== b.tag) return b = xh(c, a.mode, d), b.return = a, b;
-    b = e(b, c);
-    b.return = a;
-    return b;
-  }
-  function k(a, b, c, d) {
-    var f = c.type;
-    if (f === ya) return m(a, b, c.props.children, d, c.key);
-    if (null !== b && (b.elementType === f || "object" === typeof f && null !== f && f.$$typeof === Ha && uh(f) === b.type)) return d = e(b, c.props), d.ref = sh(a, b, c), d.return = a, d;
-    d = yh(c.type, c.key, c.props, null, a.mode, d);
-    d.ref = sh(a, b, c);
-    d.return = a;
-    return d;
-  }
-  function l(a, b, c, d) {
-    if (null === b || 4 !== b.tag || b.stateNode.containerInfo !== c.containerInfo || b.stateNode.implementation !== c.implementation) return b = zh(c, a.mode, d), b.return = a, b;
-    b = e(b, c.children || []);
-    b.return = a;
-    return b;
-  }
-  function m(a, b, c, d, f) {
-    if (null === b || 7 !== b.tag) return b = Ah(c, a.mode, d, f), b.return = a, b;
-    b = e(b, c);
-    b.return = a;
-    return b;
-  }
-  function q(a, b, c) {
-    if ("string" === typeof b && "" !== b || "number" === typeof b) return b = xh("" + b, a.mode, c), b.return = a, b;
-    if ("object" === typeof b && null !== b) {
-      switch (b.$$typeof) {
-        case va:
-          return c = yh(b.type, b.key, b.props, null, a.mode, c), c.ref = sh(a, null, b), c.return = a, c;
-        case wa:
-          return b = zh(b, a.mode, c), b.return = a, b;
-        case Ha:
-          var d = b._init;
-          return q(a, d(b._payload), c);
-      }
-      if (eb(b) || Ka(b)) return b = Ah(b, a.mode, c, null), b.return = a, b;
-      th(a, b);
-    }
-    return null;
-  }
-  function r(a, b, c, d) {
-    var e = null !== b ? b.key : null;
-    if ("string" === typeof c && "" !== c || "number" === typeof c) return null !== e ? null : h(a, b, "" + c, d);
-    if ("object" === typeof c && null !== c) {
-      switch (c.$$typeof) {
-        case va:
-          return c.key === e ? k(a, b, c, d) : null;
-        case wa:
-          return c.key === e ? l(a, b, c, d) : null;
-        case Ha:
-          return e = c._init, r(a, b, e(c._payload), d);
-      }
-      if (eb(c) || Ka(c)) return null !== e ? null : m(a, b, c, d, null);
-      th(a, c);
-    }
-    return null;
-  }
-  function y(a, b, c, d, e) {
-    if ("string" === typeof d && "" !== d || "number" === typeof d) return a = a.get(c) || null, h(b, a, "" + d, e);
-    if ("object" === typeof d && null !== d) {
-      switch (d.$$typeof) {
-        case va:
-          return a = a.get(null === d.key ? c : d.key) || null, k(b, a, d, e);
-        case wa:
-          return a = a.get(null === d.key ? c : d.key) || null, l(b, a, d, e);
-        case Ha:
-          var f = d._init;
-          return y(a, b, c, f(d._payload), e);
-      }
-      if (eb(d) || Ka(d)) return a = a.get(c) || null, m(b, a, d, e, null);
-      th(b, d);
-    }
-    return null;
-  }
-  function n(e, g, h, k) {
-    for (var l = null, m = null, u = g, w = g = 0, x = null; null !== u && w < h.length; w++) {
-      u.index > w ? (x = u, u = null) : x = u.sibling;
-      var n = r(e, u, h[w], k);
-      if (null === n) {
-        null === u && (u = x);
-        break;
-      }
-      a && u && null === n.alternate && b(e, u);
-      g = f(n, g, w);
-      null === m ? l = n : m.sibling = n;
-      m = n;
-      u = x;
-    }
-    if (w === h.length) return c(e, u), I && tg(e, w), l;
-    if (null === u) {
-      for (; w < h.length; w++) u = q(e, h[w], k), null !== u && (g = f(u, g, w), null === m ? l = u : m.sibling = u, m = u);
-      I && tg(e, w);
-      return l;
-    }
-    for (u = d(e, u); w < h.length; w++) x = y(u, e, w, h[w], k), null !== x && (a && null !== x.alternate && u.delete(null === x.key ? w : x.key), g = f(x, g, w), null === m ? l = x : m.sibling = x, m = x);
-    a && u.forEach(function (a) {
-      return b(e, a);
-    });
-    I && tg(e, w);
-    return l;
-  }
-  function t(e, g, h, k) {
-    var l = Ka(h);
-    if ("function" !== typeof l) throw Error(p(150));
-    h = l.call(h);
-    if (null == h) throw Error(p(151));
-    for (var u = l = null, m = g, w = g = 0, x = null, n = h.next(); null !== m && !n.done; w++, n = h.next()) {
-      m.index > w ? (x = m, m = null) : x = m.sibling;
-      var t = r(e, m, n.value, k);
-      if (null === t) {
-        null === m && (m = x);
-        break;
-      }
-      a && m && null === t.alternate && b(e, m);
-      g = f(t, g, w);
-      null === u ? l = t : u.sibling = t;
-      u = t;
-      m = x;
-    }
-    if (n.done) return c(e, m), I && tg(e, w), l;
-    if (null === m) {
-      for (; !n.done; w++, n = h.next()) n = q(e, n.value, k), null !== n && (g = f(n, g, w), null === u ? l = n : u.sibling = n, u = n);
-      I && tg(e, w);
-      return l;
-    }
-    for (m = d(e, m); !n.done; w++, n = h.next()) n = y(m, e, w, n.value, k), null !== n && (a && null !== n.alternate && m.delete(null === n.key ? w : n.key), g = f(n, g, w), null === u ? l = n : u.sibling = n, u = n);
-    a && m.forEach(function (a) {
-      return b(e, a);
-    });
-    I && tg(e, w);
-    return l;
-  }
-  function J(a, d, f, h) {
-    "object" === typeof f && null !== f && f.type === ya && null === f.key && (f = f.props.children);
-    if ("object" === typeof f && null !== f) {
-      switch (f.$$typeof) {
-        case va:
-          a: {
-            for (var k = f.key, l = d; null !== l;) {
-              if (l.key === k) {
-                k = f.type;
-                if (k === ya) {
-                  if (7 === l.tag) {
-                    c(a, l.sibling);
-                    d = e(l, f.props.children);
-                    d.return = a;
-                    a = d;
-                    break a;
-                  }
-                } else if (l.elementType === k || "object" === typeof k && null !== k && k.$$typeof === Ha && uh(k) === l.type) {
-                  c(a, l.sibling);
-                  d = e(l, f.props);
-                  d.ref = sh(a, l, f);
-                  d.return = a;
-                  a = d;
-                  break a;
-                }
-                c(a, l);
-                break;
-              } else b(a, l);
-              l = l.sibling;
-            }
-            f.type === ya ? (d = Ah(f.props.children, a.mode, h, f.key), d.return = a, a = d) : (h = yh(f.type, f.key, f.props, null, a.mode, h), h.ref = sh(a, d, f), h.return = a, a = h);
-          }
-          return g(a);
-        case wa:
-          a: {
-            for (l = f.key; null !== d;) {
-              if (d.key === l) {
-                if (4 === d.tag && d.stateNode.containerInfo === f.containerInfo && d.stateNode.implementation === f.implementation) {
-                  c(a, d.sibling);
-                  d = e(d, f.children || []);
-                  d.return = a;
-                  a = d;
-                  break a;
-                } else {
-                  c(a, d);
-                  break;
-                }
-              } else b(a, d);
-              d = d.sibling;
-            }
-            d = zh(f, a.mode, h);
-            d.return = a;
-            a = d;
-          }
-          return g(a);
-        case Ha:
-          return l = f._init, J(a, d, l(f._payload), h);
-      }
-      if (eb(f)) return n(a, d, f, h);
-      if (Ka(f)) return t(a, d, f, h);
-      th(a, f);
-    }
-    return "string" === typeof f && "" !== f || "number" === typeof f ? (f = "" + f, null !== d && 6 === d.tag ? (c(a, d.sibling), d = e(d, f), d.return = a, a = d) : (c(a, d), d = xh(f, a.mode, h), d.return = a, a = d), g(a)) : c(a, d);
-  }
-  return J;
-}
-var Bh = vh(!0),
-  Ch = vh(!1),
-  Dh = {},
-  Eh = Uf(Dh),
-  Fh = Uf(Dh),
-  Gh = Uf(Dh);
-function Hh(a) {
-  if (a === Dh) throw Error(p(174));
-  return a;
-}
-function Ih(a, b) {
-  G(Gh, b);
-  G(Fh, a);
-  G(Eh, Dh);
-  a = b.nodeType;
-  switch (a) {
-    case 9:
-    case 11:
-      b = (b = b.documentElement) ? b.namespaceURI : lb(null, "");
-      break;
-    default:
-      a = 8 === a ? b.parentNode : b, b = a.namespaceURI || null, a = a.tagName, b = lb(b, a);
-  }
-  E(Eh);
-  G(Eh, b);
-}
-function Jh() {
-  E(Eh);
-  E(Fh);
-  E(Gh);
-}
-function Kh(a) {
-  Hh(Gh.current);
-  var b = Hh(Eh.current);
-  var c = lb(b, a.type);
-  b !== c && (G(Fh, a), G(Eh, c));
-}
-function Lh(a) {
-  Fh.current === a && (E(Eh), E(Fh));
-}
-var M = Uf(0);
-function Mh(a) {
-  for (var b = a; null !== b;) {
-    if (13 === b.tag) {
-      var c = b.memoizedState;
-      if (null !== c && (c = c.dehydrated, null === c || "$?" === c.data || "$!" === c.data)) return b;
-    } else if (19 === b.tag && void 0 !== b.memoizedProps.revealOrder) {
-      if (0 !== (b.flags & 128)) return b;
-    } else if (null !== b.child) {
-      b.child.return = b;
-      b = b.child;
-      continue;
-    }
-    if (b === a) break;
-    for (; null === b.sibling;) {
-      if (null === b.return || b.return === a) return null;
-      b = b.return;
-    }
-    b.sibling.return = b.return;
-    b = b.sibling;
-  }
-  return null;
-}
-var Nh = [];
-function Oh() {
-  for (var a = 0; a < Nh.length; a++) Nh[a]._workInProgressVersionPrimary = null;
-  Nh.length = 0;
-}
-var Ph = ua.ReactCurrentDispatcher,
-  Qh = ua.ReactCurrentBatchConfig,
-  Rh = 0,
-  N = null,
-  O = null,
-  P = null,
-  Sh = !1,
-  Th = !1,
-  Uh = 0,
-  Vh = 0;
-function Q() {
-  throw Error(p(321));
-}
-function Wh(a, b) {
-  if (null === b) return !1;
-  for (var c = 0; c < b.length && c < a.length; c++) if (!He(a[c], b[c])) return !1;
-  return !0;
-}
-function Xh(a, b, c, d, e, f) {
-  Rh = f;
-  N = b;
-  b.memoizedState = null;
-  b.updateQueue = null;
-  b.lanes = 0;
-  Ph.current = null === a || null === a.memoizedState ? Yh : Zh;
-  a = c(d, e);
-  if (Th) {
-    f = 0;
-    do {
-      Th = !1;
-      Uh = 0;
-      if (25 <= f) throw Error(p(301));
-      f += 1;
-      P = O = null;
-      b.updateQueue = null;
-      Ph.current = $h;
-      a = c(d, e);
-    } while (Th);
-  }
-  Ph.current = ai;
-  b = null !== O && null !== O.next;
-  Rh = 0;
-  P = O = N = null;
-  Sh = !1;
-  if (b) throw Error(p(300));
-  return a;
-}
-function bi() {
-  var a = 0 !== Uh;
-  Uh = 0;
-  return a;
-}
-function ci() {
-  var a = {
-    memoizedState: null,
-    baseState: null,
-    baseQueue: null,
-    queue: null,
-    next: null
-  };
-  null === P ? N.memoizedState = P = a : P = P.next = a;
-  return P;
-}
-function di() {
-  if (null === O) {
-    var a = N.alternate;
-    a = null !== a ? a.memoizedState : null;
-  } else a = O.next;
-  var b = null === P ? N.memoizedState : P.next;
-  if (null !== b) P = b, O = a;else {
-    if (null === a) throw Error(p(310));
-    O = a;
-    a = {
-      memoizedState: O.memoizedState,
-      baseState: O.baseState,
-      baseQueue: O.baseQueue,
-      queue: O.queue,
-      next: null
-    };
-    null === P ? N.memoizedState = P = a : P = P.next = a;
-  }
-  return P;
-}
-function ei(a, b) {
-  return "function" === typeof b ? b(a) : b;
-}
-function fi(a) {
-  var b = di(),
-    c = b.queue;
-  if (null === c) throw Error(p(311));
-  c.lastRenderedReducer = a;
-  var d = O,
-    e = d.baseQueue,
-    f = c.pending;
-  if (null !== f) {
-    if (null !== e) {
-      var g = e.next;
-      e.next = f.next;
-      f.next = g;
-    }
-    d.baseQueue = e = f;
-    c.pending = null;
-  }
-  if (null !== e) {
-    f = e.next;
-    d = d.baseState;
-    var h = g = null,
-      k = null,
-      l = f;
-    do {
-      var m = l.lane;
-      if ((Rh & m) === m) null !== k && (k = k.next = {
-        lane: 0,
-        action: l.action,
-        hasEagerState: l.hasEagerState,
-        eagerState: l.eagerState,
-        next: null
-      }), d = l.hasEagerState ? l.eagerState : a(d, l.action);else {
-        var q = {
-          lane: m,
-          action: l.action,
-          hasEagerState: l.hasEagerState,
-          eagerState: l.eagerState,
-          next: null
-        };
-        null === k ? (h = k = q, g = d) : k = k.next = q;
-        N.lanes |= m;
-        hh |= m;
-      }
-      l = l.next;
-    } while (null !== l && l !== f);
-    null === k ? g = d : k.next = h;
-    He(d, b.memoizedState) || (Ug = !0);
-    b.memoizedState = d;
-    b.baseState = g;
-    b.baseQueue = k;
-    c.lastRenderedState = d;
-  }
-  a = c.interleaved;
-  if (null !== a) {
-    e = a;
-    do f = e.lane, N.lanes |= f, hh |= f, e = e.next; while (e !== a);
-  } else null === e && (c.lanes = 0);
-  return [b.memoizedState, c.dispatch];
-}
-function gi(a) {
-  var b = di(),
-    c = b.queue;
-  if (null === c) throw Error(p(311));
-  c.lastRenderedReducer = a;
-  var d = c.dispatch,
-    e = c.pending,
-    f = b.memoizedState;
-  if (null !== e) {
-    c.pending = null;
-    var g = e = e.next;
-    do f = a(f, g.action), g = g.next; while (g !== e);
-    He(f, b.memoizedState) || (Ug = !0);
-    b.memoizedState = f;
-    null === b.baseQueue && (b.baseState = f);
-    c.lastRenderedState = f;
-  }
-  return [f, d];
-}
-function hi() {}
-function ii(a, b) {
-  var c = N,
-    d = di(),
-    e = b(),
-    f = !He(d.memoizedState, e);
-  f && (d.memoizedState = e, Ug = !0);
-  d = d.queue;
-  ji(ki.bind(null, c, d, a), [a]);
-  if (d.getSnapshot !== b || f || null !== P && P.memoizedState.tag & 1) {
-    c.flags |= 2048;
-    li(9, mi.bind(null, c, d, e, b), void 0, null);
-    if (null === R) throw Error(p(349));
-    0 !== (Rh & 30) || ni(c, b, e);
-  }
-  return e;
-}
-function ni(a, b, c) {
-  a.flags |= 16384;
-  a = {
-    getSnapshot: b,
-    value: c
-  };
-  b = N.updateQueue;
-  null === b ? (b = {
-    lastEffect: null,
-    stores: null
-  }, N.updateQueue = b, b.stores = [a]) : (c = b.stores, null === c ? b.stores = [a] : c.push(a));
-}
-function mi(a, b, c, d) {
-  b.value = c;
-  b.getSnapshot = d;
-  oi(b) && pi(a);
-}
-function ki(a, b, c) {
-  return c(function () {
-    oi(b) && pi(a);
-  });
-}
-function oi(a) {
-  var b = a.getSnapshot;
-  a = a.value;
-  try {
-    var c = b();
-    return !He(a, c);
-  } catch (d) {
-    return !0;
-  }
-}
-function pi(a) {
-  var b = Zg(a, 1);
-  null !== b && mh(b, a, 1, -1);
-}
-function qi(a) {
-  var b = ci();
-  "function" === typeof a && (a = a());
-  b.memoizedState = b.baseState = a;
-  a = {
-    pending: null,
-    interleaved: null,
-    lanes: 0,
-    dispatch: null,
-    lastRenderedReducer: ei,
-    lastRenderedState: a
-  };
-  b.queue = a;
-  a = a.dispatch = ri.bind(null, N, a);
-  return [b.memoizedState, a];
-}
-function li(a, b, c, d) {
-  a = {
-    tag: a,
-    create: b,
-    destroy: c,
-    deps: d,
-    next: null
-  };
-  b = N.updateQueue;
-  null === b ? (b = {
-    lastEffect: null,
-    stores: null
-  }, N.updateQueue = b, b.lastEffect = a.next = a) : (c = b.lastEffect, null === c ? b.lastEffect = a.next = a : (d = c.next, c.next = a, a.next = d, b.lastEffect = a));
-  return a;
-}
-function si() {
-  return di().memoizedState;
-}
-function ti(a, b, c, d) {
-  var e = ci();
-  N.flags |= a;
-  e.memoizedState = li(1 | b, c, void 0, void 0 === d ? null : d);
-}
-function ui(a, b, c, d) {
-  var e = di();
-  d = void 0 === d ? null : d;
-  var f = void 0;
-  if (null !== O) {
-    var g = O.memoizedState;
-    f = g.destroy;
-    if (null !== d && Wh(d, g.deps)) {
-      e.memoizedState = li(b, c, f, d);
-      return;
-    }
-  }
-  N.flags |= a;
-  e.memoizedState = li(1 | b, c, f, d);
-}
-function vi(a, b) {
-  return ti(8390656, 8, a, b);
-}
-function ji(a, b) {
-  return ui(2048, 8, a, b);
-}
-function wi(a, b) {
-  return ui(4, 2, a, b);
-}
-function xi(a, b) {
-  return ui(4, 4, a, b);
-}
-function yi(a, b) {
-  if ("function" === typeof b) return a = a(), b(a), function () {
-    b(null);
-  };
-  if (null !== b && void 0 !== b) return a = a(), b.current = a, function () {
-    b.current = null;
-  };
-}
-function zi(a, b, c) {
-  c = null !== c && void 0 !== c ? c.concat([a]) : null;
-  return ui(4, 4, yi.bind(null, b, a), c);
-}
-function Ai() {}
-function Bi(a, b) {
-  var c = di();
-  b = void 0 === b ? null : b;
-  var d = c.memoizedState;
-  if (null !== d && null !== b && Wh(b, d[1])) return d[0];
-  c.memoizedState = [a, b];
-  return a;
-}
-function Ci(a, b) {
-  var c = di();
-  b = void 0 === b ? null : b;
-  var d = c.memoizedState;
-  if (null !== d && null !== b && Wh(b, d[1])) return d[0];
-  a = a();
-  c.memoizedState = [a, b];
-  return a;
-}
-function Di(a, b, c) {
-  if (0 === (Rh & 21)) return a.baseState && (a.baseState = !1, Ug = !0), a.memoizedState = c;
-  He(c, b) || (c = yc(), N.lanes |= c, hh |= c, a.baseState = !0);
-  return b;
-}
-function Ei(a, b) {
-  var c = C;
-  C = 0 !== c && 4 > c ? c : 4;
-  a(!0);
-  var d = Qh.transition;
-  Qh.transition = {};
-  try {
-    a(!1), b();
-  } finally {
-    C = c, Qh.transition = d;
-  }
-}
-function Fi() {
-  return di().memoizedState;
-}
-function Gi(a, b, c) {
-  var d = lh(a);
-  c = {
-    lane: d,
-    action: c,
-    hasEagerState: !1,
-    eagerState: null,
-    next: null
-  };
-  if (Hi(a)) Ii(b, c);else if (c = Yg(a, b, c, d), null !== c) {
-    var e = L();
-    mh(c, a, d, e);
-    Ji(c, b, d);
-  }
-}
-function ri(a, b, c) {
-  var d = lh(a),
-    e = {
-      lane: d,
-      action: c,
-      hasEagerState: !1,
-      eagerState: null,
-      next: null
-    };
-  if (Hi(a)) Ii(b, e);else {
-    var f = a.alternate;
-    if (0 === a.lanes && (null === f || 0 === f.lanes) && (f = b.lastRenderedReducer, null !== f)) try {
-      var g = b.lastRenderedState,
-        h = f(g, c);
-      e.hasEagerState = !0;
-      e.eagerState = h;
-      if (He(h, g)) {
-        var k = b.interleaved;
-        null === k ? (e.next = e, Xg(b)) : (e.next = k.next, k.next = e);
-        b.interleaved = e;
-        return;
-      }
-    } catch (l) {} finally {}
-    c = Yg(a, b, e, d);
-    null !== c && (e = L(), mh(c, a, d, e), Ji(c, b, d));
-  }
-}
-function Hi(a) {
-  var b = a.alternate;
-  return a === N || null !== b && b === N;
-}
-function Ii(a, b) {
-  Th = Sh = !0;
-  var c = a.pending;
-  null === c ? b.next = b : (b.next = c.next, c.next = b);
-  a.pending = b;
-}
-function Ji(a, b, c) {
-  if (0 !== (c & 4194240)) {
-    var d = b.lanes;
-    d &= a.pendingLanes;
-    c |= d;
-    b.lanes = c;
-    Cc(a, c);
-  }
-}
-var ai = {
-    readContext: Vg,
-    useCallback: Q,
-    useContext: Q,
-    useEffect: Q,
-    useImperativeHandle: Q,
-    useInsertionEffect: Q,
-    useLayoutEffect: Q,
-    useMemo: Q,
-    useReducer: Q,
-    useRef: Q,
-    useState: Q,
-    useDebugValue: Q,
-    useDeferredValue: Q,
-    useTransition: Q,
-    useMutableSource: Q,
-    useSyncExternalStore: Q,
-    useId: Q,
-    unstable_isNewReconciler: !1
-  },
-  Yh = {
-    readContext: Vg,
-    useCallback: function useCallback(a, b) {
-      ci().memoizedState = [a, void 0 === b ? null : b];
-      return a;
-    },
-    useContext: Vg,
-    useEffect: vi,
-    useImperativeHandle: function useImperativeHandle(a, b, c) {
-      c = null !== c && void 0 !== c ? c.concat([a]) : null;
-      return ti(4194308, 4, yi.bind(null, b, a), c);
-    },
-    useLayoutEffect: function useLayoutEffect(a, b) {
-      return ti(4194308, 4, a, b);
-    },
-    useInsertionEffect: function useInsertionEffect(a, b) {
-      return ti(4, 2, a, b);
-    },
-    useMemo: function useMemo(a, b) {
-      var c = ci();
-      b = void 0 === b ? null : b;
-      a = a();
-      c.memoizedState = [a, b];
-      return a;
-    },
-    useReducer: function useReducer(a, b, c) {
-      var d = ci();
-      b = void 0 !== c ? c(b) : b;
-      d.memoizedState = d.baseState = b;
-      a = {
-        pending: null,
-        interleaved: null,
-        lanes: 0,
-        dispatch: null,
-        lastRenderedReducer: a,
-        lastRenderedState: b
-      };
-      d.queue = a;
-      a = a.dispatch = Gi.bind(null, N, a);
-      return [d.memoizedState, a];
-    },
-    useRef: function useRef(a) {
-      var b = ci();
-      a = {
-        current: a
-      };
-      return b.memoizedState = a;
-    },
-    useState: qi,
-    useDebugValue: Ai,
-    useDeferredValue: function useDeferredValue(a) {
-      return ci().memoizedState = a;
-    },
-    useTransition: function useTransition() {
-      var a = qi(!1),
-        b = a[0];
-      a = Ei.bind(null, a[1]);
-      ci().memoizedState = a;
-      return [b, a];
-    },
-    useMutableSource: function useMutableSource() {},
-    useSyncExternalStore: function useSyncExternalStore(a, b, c) {
-      var d = N,
-        e = ci();
-      if (I) {
-        if (void 0 === c) throw Error(p(407));
-        c = c();
-      } else {
-        c = b();
-        if (null === R) throw Error(p(349));
-        0 !== (Rh & 30) || ni(d, b, c);
-      }
-      e.memoizedState = c;
-      var f = {
-        value: c,
-        getSnapshot: b
-      };
-      e.queue = f;
-      vi(ki.bind(null, d, f, a), [a]);
-      d.flags |= 2048;
-      li(9, mi.bind(null, d, f, c, b), void 0, null);
-      return c;
-    },
-    useId: function useId() {
-      var a = ci(),
-        b = R.identifierPrefix;
-      if (I) {
-        var c = sg;
-        var d = rg;
-        c = (d & ~(1 << 32 - oc(d) - 1)).toString(32) + c;
-        b = ":" + b + "R" + c;
-        c = Uh++;
-        0 < c && (b += "H" + c.toString(32));
-        b += ":";
-      } else c = Vh++, b = ":" + b + "r" + c.toString(32) + ":";
-      return a.memoizedState = b;
-    },
-    unstable_isNewReconciler: !1
-  },
-  Zh = {
-    readContext: Vg,
-    useCallback: Bi,
-    useContext: Vg,
-    useEffect: ji,
-    useImperativeHandle: zi,
-    useInsertionEffect: wi,
-    useLayoutEffect: xi,
-    useMemo: Ci,
-    useReducer: fi,
-    useRef: si,
-    useState: function useState() {
-      return fi(ei);
-    },
-    useDebugValue: Ai,
-    useDeferredValue: function useDeferredValue(a) {
-      var b = di();
-      return Di(b, O.memoizedState, a);
-    },
-    useTransition: function useTransition() {
-      var a = fi(ei)[0],
-        b = di().memoizedState;
-      return [a, b];
-    },
-    useMutableSource: hi,
-    useSyncExternalStore: ii,
-    useId: Fi,
-    unstable_isNewReconciler: !1
-  },
-  $h = {
-    readContext: Vg,
-    useCallback: Bi,
-    useContext: Vg,
-    useEffect: ji,
-    useImperativeHandle: zi,
-    useInsertionEffect: wi,
-    useLayoutEffect: xi,
-    useMemo: Ci,
-    useReducer: gi,
-    useRef: si,
-    useState: function useState() {
-      return gi(ei);
-    },
-    useDebugValue: Ai,
-    useDeferredValue: function useDeferredValue(a) {
-      var b = di();
-      return null === O ? b.memoizedState = a : Di(b, O.memoizedState, a);
-    },
-    useTransition: function useTransition() {
-      var a = gi(ei)[0],
-        b = di().memoizedState;
-      return [a, b];
-    },
-    useMutableSource: hi,
-    useSyncExternalStore: ii,
-    useId: Fi,
-    unstable_isNewReconciler: !1
-  };
-function Ki(a, b) {
-  try {
-    var c = "",
-      d = b;
-    do c += Pa(d), d = d.return; while (d);
-    var e = c;
-  } catch (f) {
-    e = "\nError generating stack: " + f.message + "\n" + f.stack;
-  }
-  return {
-    value: a,
-    source: b,
-    stack: e,
-    digest: null
-  };
-}
-function Li(a, b, c) {
-  return {
-    value: a,
-    source: null,
-    stack: null != c ? c : null,
-    digest: null != b ? b : null
-  };
-}
-function Mi(a, b) {
-  try {
-    console.error(b.value);
-  } catch (c) {
-    setTimeout(function () {
-      throw c;
-    });
-  }
-}
-var Ni = "function" === typeof WeakMap ? WeakMap : Map;
-function Oi(a, b, c) {
-  c = ch(-1, c);
-  c.tag = 3;
-  c.payload = {
-    element: null
-  };
-  var d = b.value;
-  c.callback = function () {
-    Pi || (Pi = !0, Qi = d);
-    Mi(a, b);
-  };
-  return c;
-}
-function Ri(a, b, c) {
-  c = ch(-1, c);
-  c.tag = 3;
-  var d = a.type.getDerivedStateFromError;
-  if ("function" === typeof d) {
-    var e = b.value;
-    c.payload = function () {
-      return d(e);
-    };
-    c.callback = function () {
-      Mi(a, b);
-    };
-  }
-  var f = a.stateNode;
-  null !== f && "function" === typeof f.componentDidCatch && (c.callback = function () {
-    Mi(a, b);
-    "function" !== typeof d && (null === Si ? Si = new Set([this]) : Si.add(this));
-    var c = b.stack;
-    this.componentDidCatch(b.value, {
-      componentStack: null !== c ? c : ""
-    });
-  });
-  return c;
-}
-function Ti(a, b, c) {
-  var d = a.pingCache;
-  if (null === d) {
-    d = a.pingCache = new Ni();
-    var e = new Set();
-    d.set(b, e);
-  } else e = d.get(b), void 0 === e && (e = new Set(), d.set(b, e));
-  e.has(c) || (e.add(c), a = Ui.bind(null, a, b, c), b.then(a, a));
-}
-function Vi(a) {
-  do {
-    var b;
-    if (b = 13 === a.tag) b = a.memoizedState, b = null !== b ? null !== b.dehydrated ? !0 : !1 : !0;
-    if (b) return a;
-    a = a.return;
-  } while (null !== a);
-  return null;
-}
-function Wi(a, b, c, d, e) {
-  if (0 === (a.mode & 1)) return a === b ? a.flags |= 65536 : (a.flags |= 128, c.flags |= 131072, c.flags &= -52805, 1 === c.tag && (null === c.alternate ? c.tag = 17 : (b = ch(-1, 1), b.tag = 2, dh(c, b, 1))), c.lanes |= 1), a;
-  a.flags |= 65536;
-  a.lanes = e;
-  return a;
-}
-var Xi = ua.ReactCurrentOwner,
-  Ug = !1;
-function Yi(a, b, c, d) {
-  b.child = null === a ? Ch(b, null, c, d) : Bh(b, a.child, c, d);
-}
-function Zi(a, b, c, d, e) {
-  c = c.render;
-  var f = b.ref;
-  Tg(b, e);
-  d = Xh(a, b, c, d, f, e);
-  c = bi();
-  if (null !== a && !Ug) return b.updateQueue = a.updateQueue, b.flags &= -2053, a.lanes &= ~e, $i(a, b, e);
-  I && c && vg(b);
-  b.flags |= 1;
-  Yi(a, b, d, e);
-  return b.child;
-}
-function aj(a, b, c, d, e) {
-  if (null === a) {
-    var f = c.type;
-    if ("function" === typeof f && !bj(f) && void 0 === f.defaultProps && null === c.compare && void 0 === c.defaultProps) return b.tag = 15, b.type = f, cj(a, b, f, d, e);
-    a = yh(c.type, null, d, b, b.mode, e);
-    a.ref = b.ref;
-    a.return = b;
-    return b.child = a;
-  }
-  f = a.child;
-  if (0 === (a.lanes & e)) {
-    var g = f.memoizedProps;
-    c = c.compare;
-    c = null !== c ? c : Ie;
-    if (c(g, d) && a.ref === b.ref) return $i(a, b, e);
-  }
-  b.flags |= 1;
-  a = wh(f, d);
-  a.ref = b.ref;
-  a.return = b;
-  return b.child = a;
-}
-function cj(a, b, c, d, e) {
-  if (null !== a) {
-    var f = a.memoizedProps;
-    if (Ie(f, d) && a.ref === b.ref) if (Ug = !1, b.pendingProps = d = f, 0 !== (a.lanes & e)) 0 !== (a.flags & 131072) && (Ug = !0);else return b.lanes = a.lanes, $i(a, b, e);
-  }
-  return dj(a, b, c, d, e);
-}
-function ej(a, b, c) {
-  var d = b.pendingProps,
-    e = d.children,
-    f = null !== a ? a.memoizedState : null;
-  if ("hidden" === d.mode) {
-    if (0 === (b.mode & 1)) b.memoizedState = {
-      baseLanes: 0,
-      cachePool: null,
-      transitions: null
-    }, G(fj, gj), gj |= c;else {
-      if (0 === (c & 1073741824)) return a = null !== f ? f.baseLanes | c : c, b.lanes = b.childLanes = 1073741824, b.memoizedState = {
-        baseLanes: a,
-        cachePool: null,
-        transitions: null
-      }, b.updateQueue = null, G(fj, gj), gj |= a, null;
-      b.memoizedState = {
-        baseLanes: 0,
-        cachePool: null,
-        transitions: null
-      };
-      d = null !== f ? f.baseLanes : c;
-      G(fj, gj);
-      gj |= d;
-    }
-  } else null !== f ? (d = f.baseLanes | c, b.memoizedState = null) : d = c, G(fj, gj), gj |= d;
-  Yi(a, b, e, c);
-  return b.child;
-}
-function hj(a, b) {
-  var c = b.ref;
-  if (null === a && null !== c || null !== a && a.ref !== c) b.flags |= 512, b.flags |= 2097152;
-}
-function dj(a, b, c, d, e) {
-  var f = Zf(c) ? Xf : H.current;
-  f = Yf(b, f);
-  Tg(b, e);
-  c = Xh(a, b, c, d, f, e);
-  d = bi();
-  if (null !== a && !Ug) return b.updateQueue = a.updateQueue, b.flags &= -2053, a.lanes &= ~e, $i(a, b, e);
-  I && d && vg(b);
-  b.flags |= 1;
-  Yi(a, b, c, e);
-  return b.child;
-}
-function ij(a, b, c, d, e) {
-  if (Zf(c)) {
-    var f = !0;
-    cg(b);
-  } else f = !1;
-  Tg(b, e);
-  if (null === b.stateNode) jj(a, b), ph(b, c, d), rh(b, c, d, e), d = !0;else if (null === a) {
-    var g = b.stateNode,
-      h = b.memoizedProps;
-    g.props = h;
-    var k = g.context,
-      l = c.contextType;
-    "object" === typeof l && null !== l ? l = Vg(l) : (l = Zf(c) ? Xf : H.current, l = Yf(b, l));
-    var m = c.getDerivedStateFromProps,
-      q = "function" === typeof m || "function" === typeof g.getSnapshotBeforeUpdate;
-    q || "function" !== typeof g.UNSAFE_componentWillReceiveProps && "function" !== typeof g.componentWillReceiveProps || (h !== d || k !== l) && qh(b, g, d, l);
-    $g = !1;
-    var r = b.memoizedState;
-    g.state = r;
-    gh(b, d, g, e);
-    k = b.memoizedState;
-    h !== d || r !== k || Wf.current || $g ? ("function" === typeof m && (kh(b, c, m, d), k = b.memoizedState), (h = $g || oh(b, c, h, d, r, k, l)) ? (q || "function" !== typeof g.UNSAFE_componentWillMount && "function" !== typeof g.componentWillMount || ("function" === typeof g.componentWillMount && g.componentWillMount(), "function" === typeof g.UNSAFE_componentWillMount && g.UNSAFE_componentWillMount()), "function" === typeof g.componentDidMount && (b.flags |= 4194308)) : ("function" === typeof g.componentDidMount && (b.flags |= 4194308), b.memoizedProps = d, b.memoizedState = k), g.props = d, g.state = k, g.context = l, d = h) : ("function" === typeof g.componentDidMount && (b.flags |= 4194308), d = !1);
-  } else {
-    g = b.stateNode;
-    bh(a, b);
-    h = b.memoizedProps;
-    l = b.type === b.elementType ? h : Lg(b.type, h);
-    g.props = l;
-    q = b.pendingProps;
-    r = g.context;
-    k = c.contextType;
-    "object" === typeof k && null !== k ? k = Vg(k) : (k = Zf(c) ? Xf : H.current, k = Yf(b, k));
-    var y = c.getDerivedStateFromProps;
-    (m = "function" === typeof y || "function" === typeof g.getSnapshotBeforeUpdate) || "function" !== typeof g.UNSAFE_componentWillReceiveProps && "function" !== typeof g.componentWillReceiveProps || (h !== q || r !== k) && qh(b, g, d, k);
-    $g = !1;
-    r = b.memoizedState;
-    g.state = r;
-    gh(b, d, g, e);
-    var n = b.memoizedState;
-    h !== q || r !== n || Wf.current || $g ? ("function" === typeof y && (kh(b, c, y, d), n = b.memoizedState), (l = $g || oh(b, c, l, d, r, n, k) || !1) ? (m || "function" !== typeof g.UNSAFE_componentWillUpdate && "function" !== typeof g.componentWillUpdate || ("function" === typeof g.componentWillUpdate && g.componentWillUpdate(d, n, k), "function" === typeof g.UNSAFE_componentWillUpdate && g.UNSAFE_componentWillUpdate(d, n, k)), "function" === typeof g.componentDidUpdate && (b.flags |= 4), "function" === typeof g.getSnapshotBeforeUpdate && (b.flags |= 1024)) : ("function" !== typeof g.componentDidUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 4), "function" !== typeof g.getSnapshotBeforeUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 1024), b.memoizedProps = d, b.memoizedState = n), g.props = d, g.state = n, g.context = k, d = l) : ("function" !== typeof g.componentDidUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 4), "function" !== typeof g.getSnapshotBeforeUpdate || h === a.memoizedProps && r === a.memoizedState || (b.flags |= 1024), d = !1);
-  }
-  return kj(a, b, c, d, f, e);
-}
-function kj(a, b, c, d, e, f) {
-  hj(a, b);
-  var g = 0 !== (b.flags & 128);
-  if (!d && !g) return e && dg(b, c, !1), $i(a, b, f);
-  d = b.stateNode;
-  Xi.current = b;
-  var h = g && "function" !== typeof c.getDerivedStateFromError ? null : d.render();
-  b.flags |= 1;
-  null !== a && g ? (b.child = Bh(b, a.child, null, f), b.child = Bh(b, null, h, f)) : Yi(a, b, h, f);
-  b.memoizedState = d.state;
-  e && dg(b, c, !0);
-  return b.child;
-}
-function lj(a) {
-  var b = a.stateNode;
-  b.pendingContext ? ag(a, b.pendingContext, b.pendingContext !== b.context) : b.context && ag(a, b.context, !1);
-  Ih(a, b.containerInfo);
-}
-function mj(a, b, c, d, e) {
-  Ig();
-  Jg(e);
-  b.flags |= 256;
-  Yi(a, b, c, d);
-  return b.child;
-}
-var nj = {
-  dehydrated: null,
-  treeContext: null,
-  retryLane: 0
-};
-function oj(a) {
-  return {
-    baseLanes: a,
-    cachePool: null,
-    transitions: null
-  };
-}
-function pj(a, b, c) {
-  var d = b.pendingProps,
-    e = M.current,
-    f = !1,
-    g = 0 !== (b.flags & 128),
-    h;
-  (h = g) || (h = null !== a && null === a.memoizedState ? !1 : 0 !== (e & 2));
-  if (h) f = !0, b.flags &= -129;else if (null === a || null !== a.memoizedState) e |= 1;
-  G(M, e & 1);
-  if (null === a) {
-    Eg(b);
-    a = b.memoizedState;
-    if (null !== a && (a = a.dehydrated, null !== a)) return 0 === (b.mode & 1) ? b.lanes = 1 : "$!" === a.data ? b.lanes = 8 : b.lanes = 1073741824, null;
-    g = d.children;
-    a = d.fallback;
-    return f ? (d = b.mode, f = b.child, g = {
-      mode: "hidden",
-      children: g
-    }, 0 === (d & 1) && null !== f ? (f.childLanes = 0, f.pendingProps = g) : f = qj(g, d, 0, null), a = Ah(a, d, c, null), f.return = b, a.return = b, f.sibling = a, b.child = f, b.child.memoizedState = oj(c), b.memoizedState = nj, a) : rj(b, g);
-  }
-  e = a.memoizedState;
-  if (null !== e && (h = e.dehydrated, null !== h)) return sj(a, b, g, d, h, e, c);
-  if (f) {
-    f = d.fallback;
-    g = b.mode;
-    e = a.child;
-    h = e.sibling;
-    var k = {
-      mode: "hidden",
-      children: d.children
-    };
-    0 === (g & 1) && b.child !== e ? (d = b.child, d.childLanes = 0, d.pendingProps = k, b.deletions = null) : (d = wh(e, k), d.subtreeFlags = e.subtreeFlags & 14680064);
-    null !== h ? f = wh(h, f) : (f = Ah(f, g, c, null), f.flags |= 2);
-    f.return = b;
-    d.return = b;
-    d.sibling = f;
-    b.child = d;
-    d = f;
-    f = b.child;
-    g = a.child.memoizedState;
-    g = null === g ? oj(c) : {
-      baseLanes: g.baseLanes | c,
-      cachePool: null,
-      transitions: g.transitions
-    };
-    f.memoizedState = g;
-    f.childLanes = a.childLanes & ~c;
-    b.memoizedState = nj;
-    return d;
-  }
-  f = a.child;
-  a = f.sibling;
-  d = wh(f, {
-    mode: "visible",
-    children: d.children
-  });
-  0 === (b.mode & 1) && (d.lanes = c);
-  d.return = b;
-  d.sibling = null;
-  null !== a && (c = b.deletions, null === c ? (b.deletions = [a], b.flags |= 16) : c.push(a));
-  b.child = d;
-  b.memoizedState = null;
-  return d;
-}
-function rj(a, b) {
-  b = qj({
-    mode: "visible",
-    children: b
-  }, a.mode, 0, null);
-  b.return = a;
-  return a.child = b;
-}
-function tj(a, b, c, d) {
-  null !== d && Jg(d);
-  Bh(b, a.child, null, c);
-  a = rj(b, b.pendingProps.children);
-  a.flags |= 2;
-  b.memoizedState = null;
-  return a;
-}
-function sj(a, b, c, d, e, f, g) {
-  if (c) {
-    if (b.flags & 256) return b.flags &= -257, d = Li(Error(p(422))), tj(a, b, g, d);
-    if (null !== b.memoizedState) return b.child = a.child, b.flags |= 128, null;
-    f = d.fallback;
-    e = b.mode;
-    d = qj({
-      mode: "visible",
-      children: d.children
-    }, e, 0, null);
-    f = Ah(f, e, g, null);
-    f.flags |= 2;
-    d.return = b;
-    f.return = b;
-    d.sibling = f;
-    b.child = d;
-    0 !== (b.mode & 1) && Bh(b, a.child, null, g);
-    b.child.memoizedState = oj(g);
-    b.memoizedState = nj;
-    return f;
-  }
-  if (0 === (b.mode & 1)) return tj(a, b, g, null);
-  if ("$!" === e.data) {
-    d = e.nextSibling && e.nextSibling.dataset;
-    if (d) var h = d.dgst;
-    d = h;
-    f = Error(p(419));
-    d = Li(f, d, void 0);
-    return tj(a, b, g, d);
-  }
-  h = 0 !== (g & a.childLanes);
-  if (Ug || h) {
-    d = R;
-    if (null !== d) {
-      switch (g & -g) {
-        case 4:
-          e = 2;
-          break;
-        case 16:
-          e = 8;
-          break;
-        case 64:
-        case 128:
-        case 256:
-        case 512:
-        case 1024:
-        case 2048:
-        case 4096:
-        case 8192:
-        case 16384:
-        case 32768:
-        case 65536:
-        case 131072:
-        case 262144:
-        case 524288:
-        case 1048576:
-        case 2097152:
-        case 4194304:
-        case 8388608:
-        case 16777216:
-        case 33554432:
-        case 67108864:
-          e = 32;
-          break;
-        case 536870912:
-          e = 268435456;
-          break;
-        default:
-          e = 0;
-      }
-      e = 0 !== (e & (d.suspendedLanes | g)) ? 0 : e;
-      0 !== e && e !== f.retryLane && (f.retryLane = e, Zg(a, e), mh(d, a, e, -1));
-    }
-    uj();
-    d = Li(Error(p(421)));
-    return tj(a, b, g, d);
-  }
-  if ("$?" === e.data) return b.flags |= 128, b.child = a.child, b = vj.bind(null, a), e._reactRetry = b, null;
-  a = f.treeContext;
-  yg = Lf(e.nextSibling);
-  xg = b;
-  I = !0;
-  zg = null;
-  null !== a && (og[pg++] = rg, og[pg++] = sg, og[pg++] = qg, rg = a.id, sg = a.overflow, qg = b);
-  b = rj(b, d.children);
-  b.flags |= 4096;
-  return b;
-}
-function wj(a, b, c) {
-  a.lanes |= b;
-  var d = a.alternate;
-  null !== d && (d.lanes |= b);
-  Sg(a.return, b, c);
-}
-function xj(a, b, c, d, e) {
-  var f = a.memoizedState;
-  null === f ? a.memoizedState = {
-    isBackwards: b,
-    rendering: null,
-    renderingStartTime: 0,
-    last: d,
-    tail: c,
-    tailMode: e
-  } : (f.isBackwards = b, f.rendering = null, f.renderingStartTime = 0, f.last = d, f.tail = c, f.tailMode = e);
-}
-function yj(a, b, c) {
-  var d = b.pendingProps,
-    e = d.revealOrder,
-    f = d.tail;
-  Yi(a, b, d.children, c);
-  d = M.current;
-  if (0 !== (d & 2)) d = d & 1 | 2, b.flags |= 128;else {
-    if (null !== a && 0 !== (a.flags & 128)) a: for (a = b.child; null !== a;) {
-      if (13 === a.tag) null !== a.memoizedState && wj(a, c, b);else if (19 === a.tag) wj(a, c, b);else if (null !== a.child) {
-        a.child.return = a;
-        a = a.child;
-        continue;
-      }
-      if (a === b) break a;
-      for (; null === a.sibling;) {
-        if (null === a.return || a.return === b) break a;
-        a = a.return;
-      }
-      a.sibling.return = a.return;
-      a = a.sibling;
-    }
-    d &= 1;
-  }
-  G(M, d);
-  if (0 === (b.mode & 1)) b.memoizedState = null;else switch (e) {
-    case "forwards":
-      c = b.child;
-      for (e = null; null !== c;) a = c.alternate, null !== a && null === Mh(a) && (e = c), c = c.sibling;
-      c = e;
-      null === c ? (e = b.child, b.child = null) : (e = c.sibling, c.sibling = null);
-      xj(b, !1, e, c, f);
-      break;
-    case "backwards":
-      c = null;
-      e = b.child;
-      for (b.child = null; null !== e;) {
-        a = e.alternate;
-        if (null !== a && null === Mh(a)) {
-          b.child = e;
-          break;
-        }
-        a = e.sibling;
-        e.sibling = c;
-        c = e;
-        e = a;
-      }
-      xj(b, !0, c, null, f);
-      break;
-    case "together":
-      xj(b, !1, null, null, void 0);
-      break;
-    default:
-      b.memoizedState = null;
-  }
-  return b.child;
-}
-function jj(a, b) {
-  0 === (b.mode & 1) && null !== a && (a.alternate = null, b.alternate = null, b.flags |= 2);
-}
-function $i(a, b, c) {
-  null !== a && (b.dependencies = a.dependencies);
-  hh |= b.lanes;
-  if (0 === (c & b.childLanes)) return null;
-  if (null !== a && b.child !== a.child) throw Error(p(153));
-  if (null !== b.child) {
-    a = b.child;
-    c = wh(a, a.pendingProps);
-    b.child = c;
-    for (c.return = b; null !== a.sibling;) a = a.sibling, c = c.sibling = wh(a, a.pendingProps), c.return = b;
-    c.sibling = null;
-  }
-  return b.child;
-}
-function zj(a, b, c) {
-  switch (b.tag) {
-    case 3:
-      lj(b);
-      Ig();
-      break;
-    case 5:
-      Kh(b);
-      break;
-    case 1:
-      Zf(b.type) && cg(b);
-      break;
-    case 4:
-      Ih(b, b.stateNode.containerInfo);
-      break;
-    case 10:
-      var d = b.type._context,
-        e = b.memoizedProps.value;
-      G(Mg, d._currentValue);
-      d._currentValue = e;
-      break;
-    case 13:
-      d = b.memoizedState;
-      if (null !== d) {
-        if (null !== d.dehydrated) return G(M, M.current & 1), b.flags |= 128, null;
-        if (0 !== (c & b.child.childLanes)) return pj(a, b, c);
-        G(M, M.current & 1);
-        a = $i(a, b, c);
-        return null !== a ? a.sibling : null;
-      }
-      G(M, M.current & 1);
-      break;
-    case 19:
-      d = 0 !== (c & b.childLanes);
-      if (0 !== (a.flags & 128)) {
-        if (d) return yj(a, b, c);
-        b.flags |= 128;
-      }
-      e = b.memoizedState;
-      null !== e && (e.rendering = null, e.tail = null, e.lastEffect = null);
-      G(M, M.current);
-      if (d) break;else return null;
-    case 22:
-    case 23:
-      return b.lanes = 0, ej(a, b, c);
-  }
-  return $i(a, b, c);
-}
-var Aj, Bj, Cj, Dj;
-Aj = function Aj(a, b) {
-  for (var c = b.child; null !== c;) {
-    if (5 === c.tag || 6 === c.tag) a.appendChild(c.stateNode);else if (4 !== c.tag && null !== c.child) {
-      c.child.return = c;
-      c = c.child;
-      continue;
-    }
-    if (c === b) break;
-    for (; null === c.sibling;) {
-      if (null === c.return || c.return === b) return;
-      c = c.return;
-    }
-    c.sibling.return = c.return;
-    c = c.sibling;
-  }
-};
-Bj = function Bj() {};
-Cj = function Cj(a, b, c, d) {
-  var e = a.memoizedProps;
-  if (e !== d) {
-    a = b.stateNode;
-    Hh(Eh.current);
-    var f = null;
-    switch (c) {
-      case "input":
-        e = Ya(a, e);
-        d = Ya(a, d);
-        f = [];
-        break;
-      case "select":
-        e = A({}, e, {
-          value: void 0
-        });
-        d = A({}, d, {
-          value: void 0
-        });
-        f = [];
-        break;
-      case "textarea":
-        e = gb(a, e);
-        d = gb(a, d);
-        f = [];
-        break;
-      default:
-        "function" !== typeof e.onClick && "function" === typeof d.onClick && (a.onclick = Bf);
-    }
-    ub(c, d);
-    var g;
-    c = null;
-    for (l in e) if (!d.hasOwnProperty(l) && e.hasOwnProperty(l) && null != e[l]) if ("style" === l) {
-      var h = e[l];
-      for (g in h) h.hasOwnProperty(g) && (c || (c = {}), c[g] = "");
-    } else "dangerouslySetInnerHTML" !== l && "children" !== l && "suppressContentEditableWarning" !== l && "suppressHydrationWarning" !== l && "autoFocus" !== l && (ea.hasOwnProperty(l) ? f || (f = []) : (f = f || []).push(l, null));
-    for (l in d) {
-      var k = d[l];
-      h = null != e ? e[l] : void 0;
-      if (d.hasOwnProperty(l) && k !== h && (null != k || null != h)) if ("style" === l) {
-        if (h) {
-          for (g in h) !h.hasOwnProperty(g) || k && k.hasOwnProperty(g) || (c || (c = {}), c[g] = "");
-          for (g in k) k.hasOwnProperty(g) && h[g] !== k[g] && (c || (c = {}), c[g] = k[g]);
-        } else c || (f || (f = []), f.push(l, c)), c = k;
-      } else "dangerouslySetInnerHTML" === l ? (k = k ? k.__html : void 0, h = h ? h.__html : void 0, null != k && h !== k && (f = f || []).push(l, k)) : "children" === l ? "string" !== typeof k && "number" !== typeof k || (f = f || []).push(l, "" + k) : "suppressContentEditableWarning" !== l && "suppressHydrationWarning" !== l && (ea.hasOwnProperty(l) ? (null != k && "onScroll" === l && D("scroll", a), f || h === k || (f = [])) : (f = f || []).push(l, k));
-    }
-    c && (f = f || []).push("style", c);
-    var l = f;
-    if (b.updateQueue = l) b.flags |= 4;
-  }
-};
-Dj = function Dj(a, b, c, d) {
-  c !== d && (b.flags |= 4);
-};
-function Ej(a, b) {
-  if (!I) switch (a.tailMode) {
-    case "hidden":
-      b = a.tail;
-      for (var c = null; null !== b;) null !== b.alternate && (c = b), b = b.sibling;
-      null === c ? a.tail = null : c.sibling = null;
-      break;
-    case "collapsed":
-      c = a.tail;
-      for (var d = null; null !== c;) null !== c.alternate && (d = c), c = c.sibling;
-      null === d ? b || null === a.tail ? a.tail = null : a.tail.sibling = null : d.sibling = null;
-  }
-}
-function S(a) {
-  var b = null !== a.alternate && a.alternate.child === a.child,
-    c = 0,
-    d = 0;
-  if (b) for (var e = a.child; null !== e;) c |= e.lanes | e.childLanes, d |= e.subtreeFlags & 14680064, d |= e.flags & 14680064, e.return = a, e = e.sibling;else for (e = a.child; null !== e;) c |= e.lanes | e.childLanes, d |= e.subtreeFlags, d |= e.flags, e.return = a, e = e.sibling;
-  a.subtreeFlags |= d;
-  a.childLanes = c;
-  return b;
-}
-function Fj(a, b, c) {
-  var d = b.pendingProps;
-  wg(b);
-  switch (b.tag) {
-    case 2:
-    case 16:
-    case 15:
-    case 0:
-    case 11:
-    case 7:
-    case 8:
-    case 12:
-    case 9:
-    case 14:
-      return S(b), null;
-    case 1:
-      return Zf(b.type) && $f(), S(b), null;
-    case 3:
-      d = b.stateNode;
-      Jh();
-      E(Wf);
-      E(H);
-      Oh();
-      d.pendingContext && (d.context = d.pendingContext, d.pendingContext = null);
-      if (null === a || null === a.child) Gg(b) ? b.flags |= 4 : null === a || a.memoizedState.isDehydrated && 0 === (b.flags & 256) || (b.flags |= 1024, null !== zg && (Gj(zg), zg = null));
-      Bj(a, b);
-      S(b);
-      return null;
-    case 5:
-      Lh(b);
-      var e = Hh(Gh.current);
-      c = b.type;
-      if (null !== a && null != b.stateNode) Cj(a, b, c, d, e), a.ref !== b.ref && (b.flags |= 512, b.flags |= 2097152);else {
-        if (!d) {
-          if (null === b.stateNode) throw Error(p(166));
-          S(b);
-          return null;
-        }
-        a = Hh(Eh.current);
-        if (Gg(b)) {
-          d = b.stateNode;
-          c = b.type;
-          var f = b.memoizedProps;
-          d[Of] = b;
-          d[Pf] = f;
-          a = 0 !== (b.mode & 1);
-          switch (c) {
-            case "dialog":
-              D("cancel", d);
-              D("close", d);
-              break;
-            case "iframe":
-            case "object":
-            case "embed":
-              D("load", d);
-              break;
-            case "video":
-            case "audio":
-              for (e = 0; e < lf.length; e++) D(lf[e], d);
-              break;
-            case "source":
-              D("error", d);
-              break;
-            case "img":
-            case "image":
-            case "link":
-              D("error", d);
-              D("load", d);
-              break;
-            case "details":
-              D("toggle", d);
-              break;
-            case "input":
-              Za(d, f);
-              D("invalid", d);
-              break;
-            case "select":
-              d._wrapperState = {
-                wasMultiple: !!f.multiple
-              };
-              D("invalid", d);
-              break;
-            case "textarea":
-              hb(d, f), D("invalid", d);
-          }
-          ub(c, f);
-          e = null;
-          for (var g in f) if (f.hasOwnProperty(g)) {
-            var h = f[g];
-            "children" === g ? "string" === typeof h ? d.textContent !== h && (!0 !== f.suppressHydrationWarning && Af(d.textContent, h, a), e = ["children", h]) : "number" === typeof h && d.textContent !== "" + h && (!0 !== f.suppressHydrationWarning && Af(d.textContent, h, a), e = ["children", "" + h]) : ea.hasOwnProperty(g) && null != h && "onScroll" === g && D("scroll", d);
-          }
-          switch (c) {
-            case "input":
-              Va(d);
-              db(d, f, !0);
-              break;
-            case "textarea":
-              Va(d);
-              jb(d);
-              break;
-            case "select":
-            case "option":
-              break;
-            default:
-              "function" === typeof f.onClick && (d.onclick = Bf);
-          }
-          d = e;
-          b.updateQueue = d;
-          null !== d && (b.flags |= 4);
-        } else {
-          g = 9 === e.nodeType ? e : e.ownerDocument;
-          "http://www.w3.org/1999/xhtml" === a && (a = kb(c));
-          "http://www.w3.org/1999/xhtml" === a ? "script" === c ? (a = g.createElement("div"), a.innerHTML = "<script>\x3c/script>", a = a.removeChild(a.firstChild)) : "string" === typeof d.is ? a = g.createElement(c, {
-            is: d.is
-          }) : (a = g.createElement(c), "select" === c && (g = a, d.multiple ? g.multiple = !0 : d.size && (g.size = d.size))) : a = g.createElementNS(a, c);
-          a[Of] = b;
-          a[Pf] = d;
-          Aj(a, b, !1, !1);
-          b.stateNode = a;
-          a: {
-            g = vb(c, d);
-            switch (c) {
-              case "dialog":
-                D("cancel", a);
-                D("close", a);
-                e = d;
-                break;
-              case "iframe":
-              case "object":
-              case "embed":
-                D("load", a);
-                e = d;
-                break;
-              case "video":
-              case "audio":
-                for (e = 0; e < lf.length; e++) D(lf[e], a);
-                e = d;
-                break;
-              case "source":
-                D("error", a);
-                e = d;
-                break;
-              case "img":
-              case "image":
-              case "link":
-                D("error", a);
-                D("load", a);
-                e = d;
-                break;
-              case "details":
-                D("toggle", a);
-                e = d;
-                break;
-              case "input":
-                Za(a, d);
-                e = Ya(a, d);
-                D("invalid", a);
-                break;
-              case "option":
-                e = d;
-                break;
-              case "select":
-                a._wrapperState = {
-                  wasMultiple: !!d.multiple
-                };
-                e = A({}, d, {
-                  value: void 0
-                });
-                D("invalid", a);
-                break;
-              case "textarea":
-                hb(a, d);
-                e = gb(a, d);
-                D("invalid", a);
-                break;
-              default:
-                e = d;
-            }
-            ub(c, e);
-            h = e;
-            for (f in h) if (h.hasOwnProperty(f)) {
-              var k = h[f];
-              "style" === f ? sb(a, k) : "dangerouslySetInnerHTML" === f ? (k = k ? k.__html : void 0, null != k && nb(a, k)) : "children" === f ? "string" === typeof k ? ("textarea" !== c || "" !== k) && ob(a, k) : "number" === typeof k && ob(a, "" + k) : "suppressContentEditableWarning" !== f && "suppressHydrationWarning" !== f && "autoFocus" !== f && (ea.hasOwnProperty(f) ? null != k && "onScroll" === f && D("scroll", a) : null != k && ta(a, f, k, g));
-            }
-            switch (c) {
-              case "input":
-                Va(a);
-                db(a, d, !1);
-                break;
-              case "textarea":
-                Va(a);
-                jb(a);
-                break;
-              case "option":
-                null != d.value && a.setAttribute("value", "" + Sa(d.value));
-                break;
-              case "select":
-                a.multiple = !!d.multiple;
-                f = d.value;
-                null != f ? fb(a, !!d.multiple, f, !1) : null != d.defaultValue && fb(a, !!d.multiple, d.defaultValue, !0);
-                break;
-              default:
-                "function" === typeof e.onClick && (a.onclick = Bf);
-            }
-            switch (c) {
-              case "button":
-              case "input":
-              case "select":
-              case "textarea":
-                d = !!d.autoFocus;
-                break a;
-              case "img":
-                d = !0;
-                break a;
-              default:
-                d = !1;
-            }
-          }
-          d && (b.flags |= 4);
-        }
-        null !== b.ref && (b.flags |= 512, b.flags |= 2097152);
-      }
-      S(b);
-      return null;
-    case 6:
-      if (a && null != b.stateNode) Dj(a, b, a.memoizedProps, d);else {
-        if ("string" !== typeof d && null === b.stateNode) throw Error(p(166));
-        c = Hh(Gh.current);
-        Hh(Eh.current);
-        if (Gg(b)) {
-          d = b.stateNode;
-          c = b.memoizedProps;
-          d[Of] = b;
-          if (f = d.nodeValue !== c) if (a = xg, null !== a) switch (a.tag) {
-            case 3:
-              Af(d.nodeValue, c, 0 !== (a.mode & 1));
-              break;
-            case 5:
-              !0 !== a.memoizedProps.suppressHydrationWarning && Af(d.nodeValue, c, 0 !== (a.mode & 1));
-          }
-          f && (b.flags |= 4);
-        } else d = (9 === c.nodeType ? c : c.ownerDocument).createTextNode(d), d[Of] = b, b.stateNode = d;
-      }
-      S(b);
-      return null;
-    case 13:
-      E(M);
-      d = b.memoizedState;
-      if (null === a || null !== a.memoizedState && null !== a.memoizedState.dehydrated) {
-        if (I && null !== yg && 0 !== (b.mode & 1) && 0 === (b.flags & 128)) Hg(), Ig(), b.flags |= 98560, f = !1;else if (f = Gg(b), null !== d && null !== d.dehydrated) {
-          if (null === a) {
-            if (!f) throw Error(p(318));
-            f = b.memoizedState;
-            f = null !== f ? f.dehydrated : null;
-            if (!f) throw Error(p(317));
-            f[Of] = b;
-          } else Ig(), 0 === (b.flags & 128) && (b.memoizedState = null), b.flags |= 4;
-          S(b);
-          f = !1;
-        } else null !== zg && (Gj(zg), zg = null), f = !0;
-        if (!f) return b.flags & 65536 ? b : null;
-      }
-      if (0 !== (b.flags & 128)) return b.lanes = c, b;
-      d = null !== d;
-      d !== (null !== a && null !== a.memoizedState) && d && (b.child.flags |= 8192, 0 !== (b.mode & 1) && (null === a || 0 !== (M.current & 1) ? 0 === T && (T = 3) : uj()));
-      null !== b.updateQueue && (b.flags |= 4);
-      S(b);
-      return null;
-    case 4:
-      return Jh(), Bj(a, b), null === a && sf(b.stateNode.containerInfo), S(b), null;
-    case 10:
-      return Rg(b.type._context), S(b), null;
-    case 17:
-      return Zf(b.type) && $f(), S(b), null;
-    case 19:
-      E(M);
-      f = b.memoizedState;
-      if (null === f) return S(b), null;
-      d = 0 !== (b.flags & 128);
-      g = f.rendering;
-      if (null === g) {
-        if (d) Ej(f, !1);else {
-          if (0 !== T || null !== a && 0 !== (a.flags & 128)) for (a = b.child; null !== a;) {
-            g = Mh(a);
-            if (null !== g) {
-              b.flags |= 128;
-              Ej(f, !1);
-              d = g.updateQueue;
-              null !== d && (b.updateQueue = d, b.flags |= 4);
-              b.subtreeFlags = 0;
-              d = c;
-              for (c = b.child; null !== c;) f = c, a = d, f.flags &= 14680066, g = f.alternate, null === g ? (f.childLanes = 0, f.lanes = a, f.child = null, f.subtreeFlags = 0, f.memoizedProps = null, f.memoizedState = null, f.updateQueue = null, f.dependencies = null, f.stateNode = null) : (f.childLanes = g.childLanes, f.lanes = g.lanes, f.child = g.child, f.subtreeFlags = 0, f.deletions = null, f.memoizedProps = g.memoizedProps, f.memoizedState = g.memoizedState, f.updateQueue = g.updateQueue, f.type = g.type, a = g.dependencies, f.dependencies = null === a ? null : {
-                lanes: a.lanes,
-                firstContext: a.firstContext
-              }), c = c.sibling;
-              G(M, M.current & 1 | 2);
-              return b.child;
-            }
-            a = a.sibling;
-          }
-          null !== f.tail && B() > Hj && (b.flags |= 128, d = !0, Ej(f, !1), b.lanes = 4194304);
-        }
-      } else {
-        if (!d) if (a = Mh(g), null !== a) {
-          if (b.flags |= 128, d = !0, c = a.updateQueue, null !== c && (b.updateQueue = c, b.flags |= 4), Ej(f, !0), null === f.tail && "hidden" === f.tailMode && !g.alternate && !I) return S(b), null;
-        } else 2 * B() - f.renderingStartTime > Hj && 1073741824 !== c && (b.flags |= 128, d = !0, Ej(f, !1), b.lanes = 4194304);
-        f.isBackwards ? (g.sibling = b.child, b.child = g) : (c = f.last, null !== c ? c.sibling = g : b.child = g, f.last = g);
-      }
-      if (null !== f.tail) return b = f.tail, f.rendering = b, f.tail = b.sibling, f.renderingStartTime = B(), b.sibling = null, c = M.current, G(M, d ? c & 1 | 2 : c & 1), b;
-      S(b);
-      return null;
-    case 22:
-    case 23:
-      return Ij(), d = null !== b.memoizedState, null !== a && null !== a.memoizedState !== d && (b.flags |= 8192), d && 0 !== (b.mode & 1) ? 0 !== (gj & 1073741824) && (S(b), b.subtreeFlags & 6 && (b.flags |= 8192)) : S(b), null;
-    case 24:
-      return null;
-    case 25:
-      return null;
-  }
-  throw Error(p(156, b.tag));
-}
-function Jj(a, b) {
-  wg(b);
-  switch (b.tag) {
-    case 1:
-      return Zf(b.type) && $f(), a = b.flags, a & 65536 ? (b.flags = a & -65537 | 128, b) : null;
-    case 3:
-      return Jh(), E(Wf), E(H), Oh(), a = b.flags, 0 !== (a & 65536) && 0 === (a & 128) ? (b.flags = a & -65537 | 128, b) : null;
-    case 5:
-      return Lh(b), null;
-    case 13:
-      E(M);
-      a = b.memoizedState;
-      if (null !== a && null !== a.dehydrated) {
-        if (null === b.alternate) throw Error(p(340));
-        Ig();
-      }
-      a = b.flags;
-      return a & 65536 ? (b.flags = a & -65537 | 128, b) : null;
-    case 19:
-      return E(M), null;
-    case 4:
-      return Jh(), null;
-    case 10:
-      return Rg(b.type._context), null;
-    case 22:
-    case 23:
-      return Ij(), null;
-    case 24:
-      return null;
-    default:
-      return null;
-  }
-}
-var Kj = !1,
-  U = !1,
-  Lj = "function" === typeof WeakSet ? WeakSet : Set,
-  V = null;
-function Mj(a, b) {
-  var c = a.ref;
-  if (null !== c) if ("function" === typeof c) try {
-    c(null);
-  } catch (d) {
-    W(a, b, d);
-  } else c.current = null;
-}
-function Nj(a, b, c) {
-  try {
-    c();
-  } catch (d) {
-    W(a, b, d);
-  }
-}
-var Oj = !1;
-function Pj(a, b) {
-  Cf = dd;
-  a = Me();
-  if (Ne(a)) {
-    if ("selectionStart" in a) var c = {
-      start: a.selectionStart,
-      end: a.selectionEnd
-    };else a: {
-      c = (c = a.ownerDocument) && c.defaultView || window;
-      var d = c.getSelection && c.getSelection();
-      if (d && 0 !== d.rangeCount) {
-        c = d.anchorNode;
-        var e = d.anchorOffset,
-          f = d.focusNode;
-        d = d.focusOffset;
-        try {
-          c.nodeType, f.nodeType;
-        } catch (F) {
-          c = null;
-          break a;
-        }
-        var g = 0,
-          h = -1,
-          k = -1,
-          l = 0,
-          m = 0,
-          q = a,
-          r = null;
-        b: for (;;) {
-          for (var y;;) {
-            q !== c || 0 !== e && 3 !== q.nodeType || (h = g + e);
-            q !== f || 0 !== d && 3 !== q.nodeType || (k = g + d);
-            3 === q.nodeType && (g += q.nodeValue.length);
-            if (null === (y = q.firstChild)) break;
-            r = q;
-            q = y;
-          }
-          for (;;) {
-            if (q === a) break b;
-            r === c && ++l === e && (h = g);
-            r === f && ++m === d && (k = g);
-            if (null !== (y = q.nextSibling)) break;
-            q = r;
-            r = q.parentNode;
-          }
-          q = y;
-        }
-        c = -1 === h || -1 === k ? null : {
-          start: h,
-          end: k
-        };
-      } else c = null;
-    }
-    c = c || {
-      start: 0,
-      end: 0
-    };
-  } else c = null;
-  Df = {
-    focusedElem: a,
-    selectionRange: c
-  };
-  dd = !1;
-  for (V = b; null !== V;) if (b = V, a = b.child, 0 !== (b.subtreeFlags & 1028) && null !== a) a.return = b, V = a;else for (; null !== V;) {
-    b = V;
-    try {
-      var n = b.alternate;
-      if (0 !== (b.flags & 1024)) switch (b.tag) {
-        case 0:
-        case 11:
-        case 15:
-          break;
-        case 1:
-          if (null !== n) {
-            var t = n.memoizedProps,
-              J = n.memoizedState,
-              x = b.stateNode,
-              w = x.getSnapshotBeforeUpdate(b.elementType === b.type ? t : Lg(b.type, t), J);
-            x.__reactInternalSnapshotBeforeUpdate = w;
-          }
-          break;
-        case 3:
-          var u = b.stateNode.containerInfo;
-          1 === u.nodeType ? u.textContent = "" : 9 === u.nodeType && u.documentElement && u.removeChild(u.documentElement);
-          break;
-        case 5:
-        case 6:
-        case 4:
-        case 17:
-          break;
-        default:
-          throw Error(p(163));
-      }
-    } catch (F) {
-      W(b, b.return, F);
-    }
-    a = b.sibling;
-    if (null !== a) {
-      a.return = b.return;
-      V = a;
-      break;
-    }
-    V = b.return;
-  }
-  n = Oj;
-  Oj = !1;
-  return n;
-}
-function Qj(a, b, c) {
-  var d = b.updateQueue;
-  d = null !== d ? d.lastEffect : null;
-  if (null !== d) {
-    var e = d = d.next;
-    do {
-      if ((e.tag & a) === a) {
-        var f = e.destroy;
-        e.destroy = void 0;
-        void 0 !== f && Nj(b, c, f);
-      }
-      e = e.next;
-    } while (e !== d);
-  }
-}
-function Rj(a, b) {
-  b = b.updateQueue;
-  b = null !== b ? b.lastEffect : null;
-  if (null !== b) {
-    var c = b = b.next;
-    do {
-      if ((c.tag & a) === a) {
-        var d = c.create;
-        c.destroy = d();
-      }
-      c = c.next;
-    } while (c !== b);
-  }
-}
-function Sj(a) {
-  var b = a.ref;
-  if (null !== b) {
-    var c = a.stateNode;
-    switch (a.tag) {
-      case 5:
-        a = c;
-        break;
-      default:
-        a = c;
-    }
-    "function" === typeof b ? b(a) : b.current = a;
-  }
-}
-function Tj(a) {
-  var b = a.alternate;
-  null !== b && (a.alternate = null, Tj(b));
-  a.child = null;
-  a.deletions = null;
-  a.sibling = null;
-  5 === a.tag && (b = a.stateNode, null !== b && (delete b[Of], delete b[Pf], delete b[of], delete b[Qf], delete b[Rf]));
-  a.stateNode = null;
-  a.return = null;
-  a.dependencies = null;
-  a.memoizedProps = null;
-  a.memoizedState = null;
-  a.pendingProps = null;
-  a.stateNode = null;
-  a.updateQueue = null;
-}
-function Uj(a) {
-  return 5 === a.tag || 3 === a.tag || 4 === a.tag;
-}
-function Vj(a) {
-  a: for (;;) {
-    for (; null === a.sibling;) {
-      if (null === a.return || Uj(a.return)) return null;
-      a = a.return;
-    }
-    a.sibling.return = a.return;
-    for (a = a.sibling; 5 !== a.tag && 6 !== a.tag && 18 !== a.tag;) {
-      if (a.flags & 2) continue a;
-      if (null === a.child || 4 === a.tag) continue a;else a.child.return = a, a = a.child;
-    }
-    if (!(a.flags & 2)) return a.stateNode;
-  }
-}
-function Wj(a, b, c) {
-  var d = a.tag;
-  if (5 === d || 6 === d) a = a.stateNode, b ? 8 === c.nodeType ? c.parentNode.insertBefore(a, b) : c.insertBefore(a, b) : (8 === c.nodeType ? (b = c.parentNode, b.insertBefore(a, c)) : (b = c, b.appendChild(a)), c = c._reactRootContainer, null !== c && void 0 !== c || null !== b.onclick || (b.onclick = Bf));else if (4 !== d && (a = a.child, null !== a)) for (Wj(a, b, c), a = a.sibling; null !== a;) Wj(a, b, c), a = a.sibling;
-}
-function Xj(a, b, c) {
-  var d = a.tag;
-  if (5 === d || 6 === d) a = a.stateNode, b ? c.insertBefore(a, b) : c.appendChild(a);else if (4 !== d && (a = a.child, null !== a)) for (Xj(a, b, c), a = a.sibling; null !== a;) Xj(a, b, c), a = a.sibling;
-}
-var X = null,
-  Yj = !1;
-function Zj(a, b, c) {
-  for (c = c.child; null !== c;) ak(a, b, c), c = c.sibling;
-}
-function ak(a, b, c) {
-  if (lc && "function" === typeof lc.onCommitFiberUnmount) try {
-    lc.onCommitFiberUnmount(kc, c);
-  } catch (h) {}
-  switch (c.tag) {
-    case 5:
-      U || Mj(c, b);
-    case 6:
-      var d = X,
-        e = Yj;
-      X = null;
-      Zj(a, b, c);
-      X = d;
-      Yj = e;
-      null !== X && (Yj ? (a = X, c = c.stateNode, 8 === a.nodeType ? a.parentNode.removeChild(c) : a.removeChild(c)) : X.removeChild(c.stateNode));
-      break;
-    case 18:
-      null !== X && (Yj ? (a = X, c = c.stateNode, 8 === a.nodeType ? Kf(a.parentNode, c) : 1 === a.nodeType && Kf(a, c), bd(a)) : Kf(X, c.stateNode));
-      break;
-    case 4:
-      d = X;
-      e = Yj;
-      X = c.stateNode.containerInfo;
-      Yj = !0;
-      Zj(a, b, c);
-      X = d;
-      Yj = e;
-      break;
-    case 0:
-    case 11:
-    case 14:
-    case 15:
-      if (!U && (d = c.updateQueue, null !== d && (d = d.lastEffect, null !== d))) {
-        e = d = d.next;
-        do {
-          var f = e,
-            g = f.destroy;
-          f = f.tag;
-          void 0 !== g && (0 !== (f & 2) ? Nj(c, b, g) : 0 !== (f & 4) && Nj(c, b, g));
-          e = e.next;
-        } while (e !== d);
-      }
-      Zj(a, b, c);
-      break;
-    case 1:
-      if (!U && (Mj(c, b), d = c.stateNode, "function" === typeof d.componentWillUnmount)) try {
-        d.props = c.memoizedProps, d.state = c.memoizedState, d.componentWillUnmount();
-      } catch (h) {
-        W(c, b, h);
-      }
-      Zj(a, b, c);
-      break;
-    case 21:
-      Zj(a, b, c);
-      break;
-    case 22:
-      c.mode & 1 ? (U = (d = U) || null !== c.memoizedState, Zj(a, b, c), U = d) : Zj(a, b, c);
-      break;
-    default:
-      Zj(a, b, c);
-  }
-}
-function bk(a) {
-  var b = a.updateQueue;
-  if (null !== b) {
-    a.updateQueue = null;
-    var c = a.stateNode;
-    null === c && (c = a.stateNode = new Lj());
-    b.forEach(function (b) {
-      var d = ck.bind(null, a, b);
-      c.has(b) || (c.add(b), b.then(d, d));
-    });
-  }
-}
-function dk(a, b) {
-  var c = b.deletions;
-  if (null !== c) for (var d = 0; d < c.length; d++) {
-    var e = c[d];
-    try {
-      var f = a,
-        g = b,
-        h = g;
-      a: for (; null !== h;) {
-        switch (h.tag) {
-          case 5:
-            X = h.stateNode;
-            Yj = !1;
-            break a;
-          case 3:
-            X = h.stateNode.containerInfo;
-            Yj = !0;
-            break a;
-          case 4:
-            X = h.stateNode.containerInfo;
-            Yj = !0;
-            break a;
-        }
-        h = h.return;
-      }
-      if (null === X) throw Error(p(160));
-      ak(f, g, e);
-      X = null;
-      Yj = !1;
-      var k = e.alternate;
-      null !== k && (k.return = null);
-      e.return = null;
-    } catch (l) {
-      W(e, b, l);
-    }
-  }
-  if (b.subtreeFlags & 12854) for (b = b.child; null !== b;) ek(b, a), b = b.sibling;
-}
-function ek(a, b) {
-  var c = a.alternate,
-    d = a.flags;
-  switch (a.tag) {
-    case 0:
-    case 11:
-    case 14:
-    case 15:
-      dk(b, a);
-      fk(a);
-      if (d & 4) {
-        try {
-          Qj(3, a, a.return), Rj(3, a);
-        } catch (t) {
-          W(a, a.return, t);
-        }
-        try {
-          Qj(5, a, a.return);
-        } catch (t) {
-          W(a, a.return, t);
-        }
-      }
-      break;
-    case 1:
-      dk(b, a);
-      fk(a);
-      d & 512 && null !== c && Mj(c, c.return);
-      break;
-    case 5:
-      dk(b, a);
-      fk(a);
-      d & 512 && null !== c && Mj(c, c.return);
-      if (a.flags & 32) {
-        var e = a.stateNode;
-        try {
-          ob(e, "");
-        } catch (t) {
-          W(a, a.return, t);
-        }
-      }
-      if (d & 4 && (e = a.stateNode, null != e)) {
-        var f = a.memoizedProps,
-          g = null !== c ? c.memoizedProps : f,
-          h = a.type,
-          k = a.updateQueue;
-        a.updateQueue = null;
-        if (null !== k) try {
-          "input" === h && "radio" === f.type && null != f.name && ab(e, f);
-          vb(h, g);
-          var l = vb(h, f);
-          for (g = 0; g < k.length; g += 2) {
-            var m = k[g],
-              q = k[g + 1];
-            "style" === m ? sb(e, q) : "dangerouslySetInnerHTML" === m ? nb(e, q) : "children" === m ? ob(e, q) : ta(e, m, q, l);
-          }
-          switch (h) {
-            case "input":
-              bb(e, f);
-              break;
-            case "textarea":
-              ib(e, f);
-              break;
-            case "select":
-              var r = e._wrapperState.wasMultiple;
-              e._wrapperState.wasMultiple = !!f.multiple;
-              var y = f.value;
-              null != y ? fb(e, !!f.multiple, y, !1) : r !== !!f.multiple && (null != f.defaultValue ? fb(e, !!f.multiple, f.defaultValue, !0) : fb(e, !!f.multiple, f.multiple ? [] : "", !1));
-          }
-          e[Pf] = f;
-        } catch (t) {
-          W(a, a.return, t);
-        }
-      }
-      break;
-    case 6:
-      dk(b, a);
-      fk(a);
-      if (d & 4) {
-        if (null === a.stateNode) throw Error(p(162));
-        e = a.stateNode;
-        f = a.memoizedProps;
-        try {
-          e.nodeValue = f;
-        } catch (t) {
-          W(a, a.return, t);
-        }
-      }
-      break;
-    case 3:
-      dk(b, a);
-      fk(a);
-      if (d & 4 && null !== c && c.memoizedState.isDehydrated) try {
-        bd(b.containerInfo);
-      } catch (t) {
-        W(a, a.return, t);
-      }
-      break;
-    case 4:
-      dk(b, a);
-      fk(a);
-      break;
-    case 13:
-      dk(b, a);
-      fk(a);
-      e = a.child;
-      e.flags & 8192 && (f = null !== e.memoizedState, e.stateNode.isHidden = f, !f || null !== e.alternate && null !== e.alternate.memoizedState || (gk = B()));
-      d & 4 && bk(a);
-      break;
-    case 22:
-      m = null !== c && null !== c.memoizedState;
-      a.mode & 1 ? (U = (l = U) || m, dk(b, a), U = l) : dk(b, a);
-      fk(a);
-      if (d & 8192) {
-        l = null !== a.memoizedState;
-        if ((a.stateNode.isHidden = l) && !m && 0 !== (a.mode & 1)) for (V = a, m = a.child; null !== m;) {
-          for (q = V = m; null !== V;) {
-            r = V;
-            y = r.child;
-            switch (r.tag) {
-              case 0:
-              case 11:
-              case 14:
-              case 15:
-                Qj(4, r, r.return);
-                break;
-              case 1:
-                Mj(r, r.return);
-                var n = r.stateNode;
-                if ("function" === typeof n.componentWillUnmount) {
-                  d = r;
-                  c = r.return;
-                  try {
-                    b = d, n.props = b.memoizedProps, n.state = b.memoizedState, n.componentWillUnmount();
-                  } catch (t) {
-                    W(d, c, t);
-                  }
-                }
-                break;
-              case 5:
-                Mj(r, r.return);
-                break;
-              case 22:
-                if (null !== r.memoizedState) {
-                  hk(q);
-                  continue;
-                }
-            }
-            null !== y ? (y.return = r, V = y) : hk(q);
-          }
-          m = m.sibling;
-        }
-        a: for (m = null, q = a;;) {
-          if (5 === q.tag) {
-            if (null === m) {
-              m = q;
-              try {
-                e = q.stateNode, l ? (f = e.style, "function" === typeof f.setProperty ? f.setProperty("display", "none", "important") : f.display = "none") : (h = q.stateNode, k = q.memoizedProps.style, g = void 0 !== k && null !== k && k.hasOwnProperty("display") ? k.display : null, h.style.display = rb("display", g));
-              } catch (t) {
-                W(a, a.return, t);
-              }
-            }
-          } else if (6 === q.tag) {
-            if (null === m) try {
-              q.stateNode.nodeValue = l ? "" : q.memoizedProps;
-            } catch (t) {
-              W(a, a.return, t);
-            }
-          } else if ((22 !== q.tag && 23 !== q.tag || null === q.memoizedState || q === a) && null !== q.child) {
-            q.child.return = q;
-            q = q.child;
-            continue;
-          }
-          if (q === a) break a;
-          for (; null === q.sibling;) {
-            if (null === q.return || q.return === a) break a;
-            m === q && (m = null);
-            q = q.return;
-          }
-          m === q && (m = null);
-          q.sibling.return = q.return;
-          q = q.sibling;
-        }
-      }
-      break;
-    case 19:
-      dk(b, a);
-      fk(a);
-      d & 4 && bk(a);
-      break;
-    case 21:
-      break;
-    default:
-      dk(b, a), fk(a);
-  }
-}
-function fk(a) {
-  var b = a.flags;
-  if (b & 2) {
-    try {
-      a: {
-        for (var c = a.return; null !== c;) {
-          if (Uj(c)) {
-            var d = c;
-            break a;
-          }
-          c = c.return;
-        }
-        throw Error(p(160));
-      }
-      switch (d.tag) {
-        case 5:
-          var e = d.stateNode;
-          d.flags & 32 && (ob(e, ""), d.flags &= -33);
-          var f = Vj(a);
-          Xj(a, f, e);
-          break;
-        case 3:
-        case 4:
-          var g = d.stateNode.containerInfo,
-            h = Vj(a);
-          Wj(a, h, g);
-          break;
-        default:
-          throw Error(p(161));
-      }
-    } catch (k) {
-      W(a, a.return, k);
-    }
-    a.flags &= -3;
-  }
-  b & 4096 && (a.flags &= -4097);
-}
-function ik(a, b, c) {
-  V = a;
-  jk(a, b, c);
-}
-function jk(a, b, c) {
-  for (var d = 0 !== (a.mode & 1); null !== V;) {
-    var e = V,
-      f = e.child;
-    if (22 === e.tag && d) {
-      var g = null !== e.memoizedState || Kj;
-      if (!g) {
-        var h = e.alternate,
-          k = null !== h && null !== h.memoizedState || U;
-        h = Kj;
-        var l = U;
-        Kj = g;
-        if ((U = k) && !l) for (V = e; null !== V;) g = V, k = g.child, 22 === g.tag && null !== g.memoizedState ? kk(e) : null !== k ? (k.return = g, V = k) : kk(e);
-        for (; null !== f;) V = f, jk(f, b, c), f = f.sibling;
-        V = e;
-        Kj = h;
-        U = l;
-      }
-      lk(a, b, c);
-    } else 0 !== (e.subtreeFlags & 8772) && null !== f ? (f.return = e, V = f) : lk(a, b, c);
-  }
-}
-function lk(a) {
-  for (; null !== V;) {
-    var b = V;
-    if (0 !== (b.flags & 8772)) {
-      var c = b.alternate;
-      try {
-        if (0 !== (b.flags & 8772)) switch (b.tag) {
-          case 0:
-          case 11:
-          case 15:
-            U || Rj(5, b);
-            break;
-          case 1:
-            var d = b.stateNode;
-            if (b.flags & 4 && !U) if (null === c) d.componentDidMount();else {
-              var e = b.elementType === b.type ? c.memoizedProps : Lg(b.type, c.memoizedProps);
-              d.componentDidUpdate(e, c.memoizedState, d.__reactInternalSnapshotBeforeUpdate);
-            }
-            var f = b.updateQueue;
-            null !== f && ih(b, f, d);
-            break;
-          case 3:
-            var g = b.updateQueue;
-            if (null !== g) {
-              c = null;
-              if (null !== b.child) switch (b.child.tag) {
-                case 5:
-                  c = b.child.stateNode;
-                  break;
-                case 1:
-                  c = b.child.stateNode;
-              }
-              ih(b, g, c);
-            }
-            break;
-          case 5:
-            var h = b.stateNode;
-            if (null === c && b.flags & 4) {
-              c = h;
-              var k = b.memoizedProps;
-              switch (b.type) {
-                case "button":
-                case "input":
-                case "select":
-                case "textarea":
-                  k.autoFocus && c.focus();
-                  break;
-                case "img":
-                  k.src && (c.src = k.src);
-              }
-            }
-            break;
-          case 6:
-            break;
-          case 4:
-            break;
-          case 12:
-            break;
-          case 13:
-            if (null === b.memoizedState) {
-              var l = b.alternate;
-              if (null !== l) {
-                var m = l.memoizedState;
-                if (null !== m) {
-                  var q = m.dehydrated;
-                  null !== q && bd(q);
-                }
-              }
-            }
-            break;
-          case 19:
-          case 17:
-          case 21:
-          case 22:
-          case 23:
-          case 25:
-            break;
-          default:
-            throw Error(p(163));
-        }
-        U || b.flags & 512 && Sj(b);
-      } catch (r) {
-        W(b, b.return, r);
-      }
-    }
-    if (b === a) {
-      V = null;
-      break;
-    }
-    c = b.sibling;
-    if (null !== c) {
-      c.return = b.return;
-      V = c;
-      break;
-    }
-    V = b.return;
-  }
-}
-function hk(a) {
-  for (; null !== V;) {
-    var b = V;
-    if (b === a) {
-      V = null;
-      break;
-    }
-    var c = b.sibling;
-    if (null !== c) {
-      c.return = b.return;
-      V = c;
-      break;
-    }
-    V = b.return;
-  }
-}
-function kk(a) {
-  for (; null !== V;) {
-    var b = V;
-    try {
-      switch (b.tag) {
-        case 0:
-        case 11:
-        case 15:
-          var c = b.return;
-          try {
-            Rj(4, b);
-          } catch (k) {
-            W(b, c, k);
-          }
-          break;
-        case 1:
-          var d = b.stateNode;
-          if ("function" === typeof d.componentDidMount) {
-            var e = b.return;
-            try {
-              d.componentDidMount();
-            } catch (k) {
-              W(b, e, k);
-            }
-          }
-          var f = b.return;
-          try {
-            Sj(b);
-          } catch (k) {
-            W(b, f, k);
-          }
-          break;
-        case 5:
-          var g = b.return;
-          try {
-            Sj(b);
-          } catch (k) {
-            W(b, g, k);
-          }
-      }
-    } catch (k) {
-      W(b, b.return, k);
-    }
-    if (b === a) {
-      V = null;
-      break;
-    }
-    var h = b.sibling;
-    if (null !== h) {
-      h.return = b.return;
-      V = h;
-      break;
-    }
-    V = b.return;
-  }
-}
-var mk = Math.ceil,
-  nk = ua.ReactCurrentDispatcher,
-  ok = ua.ReactCurrentOwner,
-  pk = ua.ReactCurrentBatchConfig,
-  K = 0,
-  R = null,
-  Y = null,
-  Z = 0,
-  gj = 0,
-  fj = Uf(0),
-  T = 0,
-  qk = null,
-  hh = 0,
-  rk = 0,
-  sk = 0,
-  tk = null,
-  uk = null,
-  gk = 0,
-  Hj = Infinity,
-  vk = null,
-  Pi = !1,
-  Qi = null,
-  Si = null,
-  wk = !1,
-  xk = null,
-  yk = 0,
-  zk = 0,
-  Ak = null,
-  Bk = -1,
-  Ck = 0;
-function L() {
-  return 0 !== (K & 6) ? B() : -1 !== Bk ? Bk : Bk = B();
-}
-function lh(a) {
-  if (0 === (a.mode & 1)) return 1;
-  if (0 !== (K & 2) && 0 !== Z) return Z & -Z;
-  if (null !== Kg.transition) return 0 === Ck && (Ck = yc()), Ck;
-  a = C;
-  if (0 !== a) return a;
-  a = window.event;
-  a = void 0 === a ? 16 : jd(a.type);
-  return a;
-}
-function mh(a, b, c, d) {
-  if (50 < zk) throw zk = 0, Ak = null, Error(p(185));
-  Ac(a, c, d);
-  if (0 === (K & 2) || a !== R) a === R && (0 === (K & 2) && (rk |= c), 4 === T && Dk(a, Z)), Ek(a, d), 1 === c && 0 === K && 0 === (b.mode & 1) && (Hj = B() + 500, fg && jg());
-}
-function Ek(a, b) {
-  var c = a.callbackNode;
-  wc(a, b);
-  var d = uc(a, a === R ? Z : 0);
-  if (0 === d) null !== c && bc(c), a.callbackNode = null, a.callbackPriority = 0;else if (b = d & -d, a.callbackPriority !== b) {
-    null != c && bc(c);
-    if (1 === b) 0 === a.tag ? ig(Fk.bind(null, a)) : hg(Fk.bind(null, a)), Jf(function () {
-      0 === (K & 6) && jg();
-    }), c = null;else {
-      switch (Dc(d)) {
-        case 1:
-          c = fc;
-          break;
-        case 4:
-          c = gc;
-          break;
-        case 16:
-          c = hc;
-          break;
-        case 536870912:
-          c = jc;
-          break;
-        default:
-          c = hc;
-      }
-      c = Gk(c, Hk.bind(null, a));
-    }
-    a.callbackPriority = b;
-    a.callbackNode = c;
-  }
-}
-function Hk(a, b) {
-  Bk = -1;
-  Ck = 0;
-  if (0 !== (K & 6)) throw Error(p(327));
-  var c = a.callbackNode;
-  if (Ik() && a.callbackNode !== c) return null;
-  var d = uc(a, a === R ? Z : 0);
-  if (0 === d) return null;
-  if (0 !== (d & 30) || 0 !== (d & a.expiredLanes) || b) b = Jk(a, d);else {
-    b = d;
-    var e = K;
-    K |= 2;
-    var f = Kk();
-    if (R !== a || Z !== b) vk = null, Hj = B() + 500, Lk(a, b);
-    do try {
-      Mk();
-      break;
-    } catch (h) {
-      Nk(a, h);
-    } while (1);
-    Qg();
-    nk.current = f;
-    K = e;
-    null !== Y ? b = 0 : (R = null, Z = 0, b = T);
-  }
-  if (0 !== b) {
-    2 === b && (e = xc(a), 0 !== e && (d = e, b = Ok(a, e)));
-    if (1 === b) throw c = qk, Lk(a, 0), Dk(a, d), Ek(a, B()), c;
-    if (6 === b) Dk(a, d);else {
-      e = a.current.alternate;
-      if (0 === (d & 30) && !Pk(e) && (b = Jk(a, d), 2 === b && (f = xc(a), 0 !== f && (d = f, b = Ok(a, f))), 1 === b)) throw c = qk, Lk(a, 0), Dk(a, d), Ek(a, B()), c;
-      a.finishedWork = e;
-      a.finishedLanes = d;
-      switch (b) {
-        case 0:
-        case 1:
-          throw Error(p(345));
-        case 2:
-          Qk(a, uk, vk);
-          break;
-        case 3:
-          Dk(a, d);
-          if ((d & 130023424) === d && (b = gk + 500 - B(), 10 < b)) {
-            if (0 !== uc(a, 0)) break;
-            e = a.suspendedLanes;
-            if ((e & d) !== d) {
-              L();
-              a.pingedLanes |= a.suspendedLanes & e;
-              break;
-            }
-            a.timeoutHandle = Ff(Qk.bind(null, a, uk, vk), b);
-            break;
-          }
-          Qk(a, uk, vk);
-          break;
-        case 4:
-          Dk(a, d);
-          if ((d & 4194240) === d) break;
-          b = a.eventTimes;
-          for (e = -1; 0 < d;) {
-            var g = 31 - oc(d);
-            f = 1 << g;
-            g = b[g];
-            g > e && (e = g);
-            d &= ~f;
-          }
-          d = e;
-          d = B() - d;
-          d = (120 > d ? 120 : 480 > d ? 480 : 1080 > d ? 1080 : 1920 > d ? 1920 : 3E3 > d ? 3E3 : 4320 > d ? 4320 : 1960 * mk(d / 1960)) - d;
-          if (10 < d) {
-            a.timeoutHandle = Ff(Qk.bind(null, a, uk, vk), d);
-            break;
-          }
-          Qk(a, uk, vk);
-          break;
-        case 5:
-          Qk(a, uk, vk);
-          break;
-        default:
-          throw Error(p(329));
-      }
-    }
-  }
-  Ek(a, B());
-  return a.callbackNode === c ? Hk.bind(null, a) : null;
-}
-function Ok(a, b) {
-  var c = tk;
-  a.current.memoizedState.isDehydrated && (Lk(a, b).flags |= 256);
-  a = Jk(a, b);
-  2 !== a && (b = uk, uk = c, null !== b && Gj(b));
-  return a;
-}
-function Gj(a) {
-  null === uk ? uk = a : uk.push.apply(uk, a);
-}
-function Pk(a) {
-  for (var b = a;;) {
-    if (b.flags & 16384) {
-      var c = b.updateQueue;
-      if (null !== c && (c = c.stores, null !== c)) for (var d = 0; d < c.length; d++) {
-        var e = c[d],
-          f = e.getSnapshot;
-        e = e.value;
-        try {
-          if (!He(f(), e)) return !1;
-        } catch (g) {
-          return !1;
-        }
-      }
-    }
-    c = b.child;
-    if (b.subtreeFlags & 16384 && null !== c) c.return = b, b = c;else {
-      if (b === a) break;
-      for (; null === b.sibling;) {
-        if (null === b.return || b.return === a) return !0;
-        b = b.return;
-      }
-      b.sibling.return = b.return;
-      b = b.sibling;
-    }
-  }
-  return !0;
-}
-function Dk(a, b) {
-  b &= ~sk;
-  b &= ~rk;
-  a.suspendedLanes |= b;
-  a.pingedLanes &= ~b;
-  for (a = a.expirationTimes; 0 < b;) {
-    var c = 31 - oc(b),
-      d = 1 << c;
-    a[c] = -1;
-    b &= ~d;
-  }
-}
-function Fk(a) {
-  if (0 !== (K & 6)) throw Error(p(327));
-  Ik();
-  var b = uc(a, 0);
-  if (0 === (b & 1)) return Ek(a, B()), null;
-  var c = Jk(a, b);
-  if (0 !== a.tag && 2 === c) {
-    var d = xc(a);
-    0 !== d && (b = d, c = Ok(a, d));
-  }
-  if (1 === c) throw c = qk, Lk(a, 0), Dk(a, b), Ek(a, B()), c;
-  if (6 === c) throw Error(p(345));
-  a.finishedWork = a.current.alternate;
-  a.finishedLanes = b;
-  Qk(a, uk, vk);
-  Ek(a, B());
-  return null;
-}
-function Rk(a, b) {
-  var c = K;
-  K |= 1;
-  try {
-    return a(b);
-  } finally {
-    K = c, 0 === K && (Hj = B() + 500, fg && jg());
-  }
-}
-function Sk(a) {
-  null !== xk && 0 === xk.tag && 0 === (K & 6) && Ik();
-  var b = K;
-  K |= 1;
-  var c = pk.transition,
-    d = C;
-  try {
-    if (pk.transition = null, C = 1, a) return a();
-  } finally {
-    C = d, pk.transition = c, K = b, 0 === (K & 6) && jg();
-  }
-}
-function Ij() {
-  gj = fj.current;
-  E(fj);
-}
-function Lk(a, b) {
-  a.finishedWork = null;
-  a.finishedLanes = 0;
-  var c = a.timeoutHandle;
-  -1 !== c && (a.timeoutHandle = -1, Gf(c));
-  if (null !== Y) for (c = Y.return; null !== c;) {
-    var d = c;
-    wg(d);
-    switch (d.tag) {
-      case 1:
-        d = d.type.childContextTypes;
-        null !== d && void 0 !== d && $f();
-        break;
-      case 3:
-        Jh();
-        E(Wf);
-        E(H);
-        Oh();
-        break;
-      case 5:
-        Lh(d);
-        break;
-      case 4:
-        Jh();
-        break;
-      case 13:
-        E(M);
-        break;
-      case 19:
-        E(M);
-        break;
-      case 10:
-        Rg(d.type._context);
-        break;
-      case 22:
-      case 23:
-        Ij();
-    }
-    c = c.return;
-  }
-  R = a;
-  Y = a = wh(a.current, null);
-  Z = gj = b;
-  T = 0;
-  qk = null;
-  sk = rk = hh = 0;
-  uk = tk = null;
-  if (null !== Wg) {
-    for (b = 0; b < Wg.length; b++) if (c = Wg[b], d = c.interleaved, null !== d) {
-      c.interleaved = null;
-      var e = d.next,
-        f = c.pending;
-      if (null !== f) {
-        var g = f.next;
-        f.next = e;
-        d.next = g;
-      }
-      c.pending = d;
-    }
-    Wg = null;
-  }
-  return a;
-}
-function Nk(a, b) {
-  do {
-    var c = Y;
-    try {
-      Qg();
-      Ph.current = ai;
-      if (Sh) {
-        for (var d = N.memoizedState; null !== d;) {
-          var e = d.queue;
-          null !== e && (e.pending = null);
-          d = d.next;
-        }
-        Sh = !1;
-      }
-      Rh = 0;
-      P = O = N = null;
-      Th = !1;
-      Uh = 0;
-      ok.current = null;
-      if (null === c || null === c.return) {
-        T = 1;
-        qk = b;
-        Y = null;
-        break;
-      }
-      a: {
-        var f = a,
-          g = c.return,
-          h = c,
-          k = b;
-        b = Z;
-        h.flags |= 32768;
-        if (null !== k && "object" === typeof k && "function" === typeof k.then) {
-          var l = k,
-            m = h,
-            q = m.tag;
-          if (0 === (m.mode & 1) && (0 === q || 11 === q || 15 === q)) {
-            var r = m.alternate;
-            r ? (m.updateQueue = r.updateQueue, m.memoizedState = r.memoizedState, m.lanes = r.lanes) : (m.updateQueue = null, m.memoizedState = null);
-          }
-          var y = Vi(g);
-          if (null !== y) {
-            y.flags &= -257;
-            Wi(y, g, h, f, b);
-            y.mode & 1 && Ti(f, l, b);
-            b = y;
-            k = l;
-            var n = b.updateQueue;
-            if (null === n) {
-              var t = new Set();
-              t.add(k);
-              b.updateQueue = t;
-            } else n.add(k);
-            break a;
-          } else {
-            if (0 === (b & 1)) {
-              Ti(f, l, b);
-              uj();
-              break a;
-            }
-            k = Error(p(426));
-          }
-        } else if (I && h.mode & 1) {
-          var J = Vi(g);
-          if (null !== J) {
-            0 === (J.flags & 65536) && (J.flags |= 256);
-            Wi(J, g, h, f, b);
-            Jg(Ki(k, h));
-            break a;
-          }
-        }
-        f = k = Ki(k, h);
-        4 !== T && (T = 2);
-        null === tk ? tk = [f] : tk.push(f);
-        f = g;
-        do {
-          switch (f.tag) {
-            case 3:
-              f.flags |= 65536;
-              b &= -b;
-              f.lanes |= b;
-              var x = Oi(f, k, b);
-              fh(f, x);
-              break a;
-            case 1:
-              h = k;
-              var w = f.type,
-                u = f.stateNode;
-              if (0 === (f.flags & 128) && ("function" === typeof w.getDerivedStateFromError || null !== u && "function" === typeof u.componentDidCatch && (null === Si || !Si.has(u)))) {
-                f.flags |= 65536;
-                b &= -b;
-                f.lanes |= b;
-                var F = Ri(f, h, b);
-                fh(f, F);
-                break a;
-              }
-          }
-          f = f.return;
-        } while (null !== f);
-      }
-      Tk(c);
-    } catch (na) {
-      b = na;
-      Y === c && null !== c && (Y = c = c.return);
-      continue;
-    }
-    break;
-  } while (1);
-}
-function Kk() {
-  var a = nk.current;
-  nk.current = ai;
-  return null === a ? ai : a;
-}
-function uj() {
-  if (0 === T || 3 === T || 2 === T) T = 4;
-  null === R || 0 === (hh & 268435455) && 0 === (rk & 268435455) || Dk(R, Z);
-}
-function Jk(a, b) {
-  var c = K;
-  K |= 2;
-  var d = Kk();
-  if (R !== a || Z !== b) vk = null, Lk(a, b);
-  do try {
-    Uk();
-    break;
-  } catch (e) {
-    Nk(a, e);
-  } while (1);
-  Qg();
-  K = c;
-  nk.current = d;
-  if (null !== Y) throw Error(p(261));
-  R = null;
-  Z = 0;
-  return T;
-}
-function Uk() {
-  for (; null !== Y;) Vk(Y);
-}
-function Mk() {
-  for (; null !== Y && !cc();) Vk(Y);
-}
-function Vk(a) {
-  var b = Wk(a.alternate, a, gj);
-  a.memoizedProps = a.pendingProps;
-  null === b ? Tk(a) : Y = b;
-  ok.current = null;
-}
-function Tk(a) {
-  var b = a;
-  do {
-    var c = b.alternate;
-    a = b.return;
-    if (0 === (b.flags & 32768)) {
-      if (c = Fj(c, b, gj), null !== c) {
-        Y = c;
-        return;
-      }
-    } else {
-      c = Jj(c, b);
-      if (null !== c) {
-        c.flags &= 32767;
-        Y = c;
-        return;
-      }
-      if (null !== a) a.flags |= 32768, a.subtreeFlags = 0, a.deletions = null;else {
-        T = 6;
-        Y = null;
-        return;
-      }
-    }
-    b = b.sibling;
-    if (null !== b) {
-      Y = b;
-      return;
-    }
-    Y = b = a;
-  } while (null !== b);
-  0 === T && (T = 5);
-}
-function Qk(a, b, c) {
-  var d = C,
-    e = pk.transition;
-  try {
-    pk.transition = null, C = 1, Xk(a, b, c, d);
-  } finally {
-    pk.transition = e, C = d;
-  }
-  return null;
-}
-function Xk(a, b, c, d) {
-  do Ik(); while (null !== xk);
-  if (0 !== (K & 6)) throw Error(p(327));
-  c = a.finishedWork;
-  var e = a.finishedLanes;
-  if (null === c) return null;
-  a.finishedWork = null;
-  a.finishedLanes = 0;
-  if (c === a.current) throw Error(p(177));
-  a.callbackNode = null;
-  a.callbackPriority = 0;
-  var f = c.lanes | c.childLanes;
-  Bc(a, f);
-  a === R && (Y = R = null, Z = 0);
-  0 === (c.subtreeFlags & 2064) && 0 === (c.flags & 2064) || wk || (wk = !0, Gk(hc, function () {
-    Ik();
-    return null;
-  }));
-  f = 0 !== (c.flags & 15990);
-  if (0 !== (c.subtreeFlags & 15990) || f) {
-    f = pk.transition;
-    pk.transition = null;
-    var g = C;
-    C = 1;
-    var h = K;
-    K |= 4;
-    ok.current = null;
-    Pj(a, c);
-    ek(c, a);
-    Oe(Df);
-    dd = !!Cf;
-    Df = Cf = null;
-    a.current = c;
-    ik(c, a, e);
-    dc();
-    K = h;
-    C = g;
-    pk.transition = f;
-  } else a.current = c;
-  wk && (wk = !1, xk = a, yk = e);
-  f = a.pendingLanes;
-  0 === f && (Si = null);
-  mc(c.stateNode, d);
-  Ek(a, B());
-  if (null !== b) for (d = a.onRecoverableError, c = 0; c < b.length; c++) e = b[c], d(e.value, {
-    componentStack: e.stack,
-    digest: e.digest
-  });
-  if (Pi) throw Pi = !1, a = Qi, Qi = null, a;
-  0 !== (yk & 1) && 0 !== a.tag && Ik();
-  f = a.pendingLanes;
-  0 !== (f & 1) ? a === Ak ? zk++ : (zk = 0, Ak = a) : zk = 0;
-  jg();
-  return null;
-}
-function Ik() {
-  if (null !== xk) {
-    var a = Dc(yk),
-      b = pk.transition,
-      c = C;
-    try {
-      pk.transition = null;
-      C = 16 > a ? 16 : a;
-      if (null === xk) var d = !1;else {
-        a = xk;
-        xk = null;
-        yk = 0;
-        if (0 !== (K & 6)) throw Error(p(331));
-        var e = K;
-        K |= 4;
-        for (V = a.current; null !== V;) {
-          var f = V,
-            g = f.child;
-          if (0 !== (V.flags & 16)) {
-            var h = f.deletions;
-            if (null !== h) {
-              for (var k = 0; k < h.length; k++) {
-                var l = h[k];
-                for (V = l; null !== V;) {
-                  var m = V;
-                  switch (m.tag) {
-                    case 0:
-                    case 11:
-                    case 15:
-                      Qj(8, m, f);
-                  }
-                  var q = m.child;
-                  if (null !== q) q.return = m, V = q;else for (; null !== V;) {
-                    m = V;
-                    var r = m.sibling,
-                      y = m.return;
-                    Tj(m);
-                    if (m === l) {
-                      V = null;
-                      break;
-                    }
-                    if (null !== r) {
-                      r.return = y;
-                      V = r;
-                      break;
-                    }
-                    V = y;
-                  }
-                }
-              }
-              var n = f.alternate;
-              if (null !== n) {
-                var t = n.child;
-                if (null !== t) {
-                  n.child = null;
-                  do {
-                    var J = t.sibling;
-                    t.sibling = null;
-                    t = J;
-                  } while (null !== t);
-                }
-              }
-              V = f;
-            }
-          }
-          if (0 !== (f.subtreeFlags & 2064) && null !== g) g.return = f, V = g;else b: for (; null !== V;) {
-            f = V;
-            if (0 !== (f.flags & 2048)) switch (f.tag) {
-              case 0:
-              case 11:
-              case 15:
-                Qj(9, f, f.return);
-            }
-            var x = f.sibling;
-            if (null !== x) {
-              x.return = f.return;
-              V = x;
-              break b;
-            }
-            V = f.return;
-          }
-        }
-        var w = a.current;
-        for (V = w; null !== V;) {
-          g = V;
-          var u = g.child;
-          if (0 !== (g.subtreeFlags & 2064) && null !== u) u.return = g, V = u;else b: for (g = w; null !== V;) {
-            h = V;
-            if (0 !== (h.flags & 2048)) try {
-              switch (h.tag) {
-                case 0:
-                case 11:
-                case 15:
-                  Rj(9, h);
-              }
-            } catch (na) {
-              W(h, h.return, na);
-            }
-            if (h === g) {
-              V = null;
-              break b;
-            }
-            var F = h.sibling;
-            if (null !== F) {
-              F.return = h.return;
-              V = F;
-              break b;
-            }
-            V = h.return;
-          }
-        }
-        K = e;
-        jg();
-        if (lc && "function" === typeof lc.onPostCommitFiberRoot) try {
-          lc.onPostCommitFiberRoot(kc, a);
-        } catch (na) {}
-        d = !0;
-      }
-      return d;
-    } finally {
-      C = c, pk.transition = b;
-    }
-  }
-  return !1;
-}
-function Yk(a, b, c) {
-  b = Ki(c, b);
-  b = Oi(a, b, 1);
-  a = dh(a, b, 1);
-  b = L();
-  null !== a && (Ac(a, 1, b), Ek(a, b));
-}
-function W(a, b, c) {
-  if (3 === a.tag) Yk(a, a, c);else for (; null !== b;) {
-    if (3 === b.tag) {
-      Yk(b, a, c);
-      break;
-    } else if (1 === b.tag) {
-      var d = b.stateNode;
-      if ("function" === typeof b.type.getDerivedStateFromError || "function" === typeof d.componentDidCatch && (null === Si || !Si.has(d))) {
-        a = Ki(c, a);
-        a = Ri(b, a, 1);
-        b = dh(b, a, 1);
-        a = L();
-        null !== b && (Ac(b, 1, a), Ek(b, a));
-        break;
-      }
-    }
-    b = b.return;
-  }
-}
-function Ui(a, b, c) {
-  var d = a.pingCache;
-  null !== d && d.delete(b);
-  b = L();
-  a.pingedLanes |= a.suspendedLanes & c;
-  R === a && (Z & c) === c && (4 === T || 3 === T && (Z & 130023424) === Z && 500 > B() - gk ? Lk(a, 0) : sk |= c);
-  Ek(a, b);
-}
-function Zk(a, b) {
-  0 === b && (0 === (a.mode & 1) ? b = 1 : (b = sc, sc <<= 1, 0 === (sc & 130023424) && (sc = 4194304)));
-  var c = L();
-  a = Zg(a, b);
-  null !== a && (Ac(a, b, c), Ek(a, c));
-}
-function vj(a) {
-  var b = a.memoizedState,
-    c = 0;
-  null !== b && (c = b.retryLane);
-  Zk(a, c);
-}
-function ck(a, b) {
-  var c = 0;
-  switch (a.tag) {
-    case 13:
-      var d = a.stateNode;
-      var e = a.memoizedState;
-      null !== e && (c = e.retryLane);
-      break;
-    case 19:
-      d = a.stateNode;
-      break;
-    default:
-      throw Error(p(314));
-  }
-  null !== d && d.delete(b);
-  Zk(a, c);
-}
-var Wk;
-Wk = function Wk(a, b, c) {
-  if (null !== a) {
-    if (a.memoizedProps !== b.pendingProps || Wf.current) Ug = !0;else {
-      if (0 === (a.lanes & c) && 0 === (b.flags & 128)) return Ug = !1, zj(a, b, c);
-      Ug = 0 !== (a.flags & 131072) ? !0 : !1;
-    }
-  } else Ug = !1, I && 0 !== (b.flags & 1048576) && ug(b, ng, b.index);
-  b.lanes = 0;
-  switch (b.tag) {
-    case 2:
-      var d = b.type;
-      jj(a, b);
-      a = b.pendingProps;
-      var e = Yf(b, H.current);
-      Tg(b, c);
-      e = Xh(null, b, d, a, e, c);
-      var f = bi();
-      b.flags |= 1;
-      "object" === typeof e && null !== e && "function" === typeof e.render && void 0 === e.$$typeof ? (b.tag = 1, b.memoizedState = null, b.updateQueue = null, Zf(d) ? (f = !0, cg(b)) : f = !1, b.memoizedState = null !== e.state && void 0 !== e.state ? e.state : null, ah(b), e.updater = nh, b.stateNode = e, e._reactInternals = b, rh(b, d, a, c), b = kj(null, b, d, !0, f, c)) : (b.tag = 0, I && f && vg(b), Yi(null, b, e, c), b = b.child);
-      return b;
-    case 16:
-      d = b.elementType;
-      a: {
-        jj(a, b);
-        a = b.pendingProps;
-        e = d._init;
-        d = e(d._payload);
-        b.type = d;
-        e = b.tag = $k(d);
-        a = Lg(d, a);
-        switch (e) {
-          case 0:
-            b = dj(null, b, d, a, c);
-            break a;
-          case 1:
-            b = ij(null, b, d, a, c);
-            break a;
-          case 11:
-            b = Zi(null, b, d, a, c);
-            break a;
-          case 14:
-            b = aj(null, b, d, Lg(d.type, a), c);
-            break a;
-        }
-        throw Error(p(306, d, ""));
-      }
-      return b;
-    case 0:
-      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), dj(a, b, d, e, c);
-    case 1:
-      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), ij(a, b, d, e, c);
-    case 3:
-      a: {
-        lj(b);
-        if (null === a) throw Error(p(387));
-        d = b.pendingProps;
-        f = b.memoizedState;
-        e = f.element;
-        bh(a, b);
-        gh(b, d, null, c);
-        var g = b.memoizedState;
-        d = g.element;
-        if (f.isDehydrated) {
-          if (f = {
-            element: d,
-            isDehydrated: !1,
-            cache: g.cache,
-            pendingSuspenseBoundaries: g.pendingSuspenseBoundaries,
-            transitions: g.transitions
-          }, b.updateQueue.baseState = f, b.memoizedState = f, b.flags & 256) {
-            e = Ki(Error(p(423)), b);
-            b = mj(a, b, d, c, e);
-            break a;
-          } else if (d !== e) {
-            e = Ki(Error(p(424)), b);
-            b = mj(a, b, d, c, e);
-            break a;
-          } else for (yg = Lf(b.stateNode.containerInfo.firstChild), xg = b, I = !0, zg = null, c = Ch(b, null, d, c), b.child = c; c;) c.flags = c.flags & -3 | 4096, c = c.sibling;
-        } else {
-          Ig();
-          if (d === e) {
-            b = $i(a, b, c);
-            break a;
-          }
-          Yi(a, b, d, c);
-        }
-        b = b.child;
-      }
-      return b;
-    case 5:
-      return Kh(b), null === a && Eg(b), d = b.type, e = b.pendingProps, f = null !== a ? a.memoizedProps : null, g = e.children, Ef(d, e) ? g = null : null !== f && Ef(d, f) && (b.flags |= 32), hj(a, b), Yi(a, b, g, c), b.child;
-    case 6:
-      return null === a && Eg(b), null;
-    case 13:
-      return pj(a, b, c);
-    case 4:
-      return Ih(b, b.stateNode.containerInfo), d = b.pendingProps, null === a ? b.child = Bh(b, null, d, c) : Yi(a, b, d, c), b.child;
-    case 11:
-      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), Zi(a, b, d, e, c);
-    case 7:
-      return Yi(a, b, b.pendingProps, c), b.child;
-    case 8:
-      return Yi(a, b, b.pendingProps.children, c), b.child;
-    case 12:
-      return Yi(a, b, b.pendingProps.children, c), b.child;
-    case 10:
-      a: {
-        d = b.type._context;
-        e = b.pendingProps;
-        f = b.memoizedProps;
-        g = e.value;
-        G(Mg, d._currentValue);
-        d._currentValue = g;
-        if (null !== f) if (He(f.value, g)) {
-          if (f.children === e.children && !Wf.current) {
-            b = $i(a, b, c);
-            break a;
-          }
-        } else for (f = b.child, null !== f && (f.return = b); null !== f;) {
-          var h = f.dependencies;
-          if (null !== h) {
-            g = f.child;
-            for (var k = h.firstContext; null !== k;) {
-              if (k.context === d) {
-                if (1 === f.tag) {
-                  k = ch(-1, c & -c);
-                  k.tag = 2;
-                  var l = f.updateQueue;
-                  if (null !== l) {
-                    l = l.shared;
-                    var m = l.pending;
-                    null === m ? k.next = k : (k.next = m.next, m.next = k);
-                    l.pending = k;
-                  }
-                }
-                f.lanes |= c;
-                k = f.alternate;
-                null !== k && (k.lanes |= c);
-                Sg(f.return, c, b);
-                h.lanes |= c;
-                break;
-              }
-              k = k.next;
-            }
-          } else if (10 === f.tag) g = f.type === b.type ? null : f.child;else if (18 === f.tag) {
-            g = f.return;
-            if (null === g) throw Error(p(341));
-            g.lanes |= c;
-            h = g.alternate;
-            null !== h && (h.lanes |= c);
-            Sg(g, c, b);
-            g = f.sibling;
-          } else g = f.child;
-          if (null !== g) g.return = f;else for (g = f; null !== g;) {
-            if (g === b) {
-              g = null;
-              break;
-            }
-            f = g.sibling;
-            if (null !== f) {
-              f.return = g.return;
-              g = f;
-              break;
-            }
-            g = g.return;
-          }
-          f = g;
-        }
-        Yi(a, b, e.children, c);
-        b = b.child;
-      }
-      return b;
-    case 9:
-      return e = b.type, d = b.pendingProps.children, Tg(b, c), e = Vg(e), d = d(e), b.flags |= 1, Yi(a, b, d, c), b.child;
-    case 14:
-      return d = b.type, e = Lg(d, b.pendingProps), e = Lg(d.type, e), aj(a, b, d, e, c);
-    case 15:
-      return cj(a, b, b.type, b.pendingProps, c);
-    case 17:
-      return d = b.type, e = b.pendingProps, e = b.elementType === d ? e : Lg(d, e), jj(a, b), b.tag = 1, Zf(d) ? (a = !0, cg(b)) : a = !1, Tg(b, c), ph(b, d, e), rh(b, d, e, c), kj(null, b, d, !0, a, c);
-    case 19:
-      return yj(a, b, c);
-    case 22:
-      return ej(a, b, c);
-  }
-  throw Error(p(156, b.tag));
-};
-function Gk(a, b) {
-  return ac(a, b);
-}
-function al(a, b, c, d) {
-  this.tag = a;
-  this.key = c;
-  this.sibling = this.child = this.return = this.stateNode = this.type = this.elementType = null;
-  this.index = 0;
-  this.ref = null;
-  this.pendingProps = b;
-  this.dependencies = this.memoizedState = this.updateQueue = this.memoizedProps = null;
-  this.mode = d;
-  this.subtreeFlags = this.flags = 0;
-  this.deletions = null;
-  this.childLanes = this.lanes = 0;
-  this.alternate = null;
-}
-function Bg(a, b, c, d) {
-  return new al(a, b, c, d);
-}
-function bj(a) {
-  a = a.prototype;
-  return !(!a || !a.isReactComponent);
-}
-function $k(a) {
-  if ("function" === typeof a) return bj(a) ? 1 : 0;
-  if (void 0 !== a && null !== a) {
-    a = a.$$typeof;
-    if (a === Da) return 11;
-    if (a === Ga) return 14;
-  }
-  return 2;
-}
-function wh(a, b) {
-  var c = a.alternate;
-  null === c ? (c = Bg(a.tag, b, a.key, a.mode), c.elementType = a.elementType, c.type = a.type, c.stateNode = a.stateNode, c.alternate = a, a.alternate = c) : (c.pendingProps = b, c.type = a.type, c.flags = 0, c.subtreeFlags = 0, c.deletions = null);
-  c.flags = a.flags & 14680064;
-  c.childLanes = a.childLanes;
-  c.lanes = a.lanes;
-  c.child = a.child;
-  c.memoizedProps = a.memoizedProps;
-  c.memoizedState = a.memoizedState;
-  c.updateQueue = a.updateQueue;
-  b = a.dependencies;
-  c.dependencies = null === b ? null : {
-    lanes: b.lanes,
-    firstContext: b.firstContext
-  };
-  c.sibling = a.sibling;
-  c.index = a.index;
-  c.ref = a.ref;
-  return c;
-}
-function yh(a, b, c, d, e, f) {
-  var g = 2;
-  d = a;
-  if ("function" === typeof a) bj(a) && (g = 1);else if ("string" === typeof a) g = 5;else a: switch (a) {
-    case ya:
-      return Ah(c.children, e, f, b);
-    case za:
-      g = 8;
-      e |= 8;
-      break;
-    case Aa:
-      return a = Bg(12, c, b, e | 2), a.elementType = Aa, a.lanes = f, a;
-    case Ea:
-      return a = Bg(13, c, b, e), a.elementType = Ea, a.lanes = f, a;
-    case Fa:
-      return a = Bg(19, c, b, e), a.elementType = Fa, a.lanes = f, a;
-    case Ia:
-      return qj(c, e, f, b);
-    default:
-      if ("object" === typeof a && null !== a) switch (a.$$typeof) {
-        case Ba:
-          g = 10;
-          break a;
-        case Ca:
-          g = 9;
-          break a;
-        case Da:
-          g = 11;
-          break a;
-        case Ga:
-          g = 14;
-          break a;
-        case Ha:
-          g = 16;
-          d = null;
-          break a;
-      }
-      throw Error(p(130, null == a ? a : typeof a, ""));
-  }
-  b = Bg(g, c, b, e);
-  b.elementType = a;
-  b.type = d;
-  b.lanes = f;
-  return b;
-}
-function Ah(a, b, c, d) {
-  a = Bg(7, a, d, b);
-  a.lanes = c;
-  return a;
-}
-function qj(a, b, c, d) {
-  a = Bg(22, a, d, b);
-  a.elementType = Ia;
-  a.lanes = c;
-  a.stateNode = {
-    isHidden: !1
-  };
-  return a;
-}
-function xh(a, b, c) {
-  a = Bg(6, a, null, b);
-  a.lanes = c;
-  return a;
-}
-function zh(a, b, c) {
-  b = Bg(4, null !== a.children ? a.children : [], a.key, b);
-  b.lanes = c;
-  b.stateNode = {
-    containerInfo: a.containerInfo,
-    pendingChildren: null,
-    implementation: a.implementation
-  };
-  return b;
-}
-function bl(a, b, c, d, e) {
-  this.tag = b;
-  this.containerInfo = a;
-  this.finishedWork = this.pingCache = this.current = this.pendingChildren = null;
-  this.timeoutHandle = -1;
-  this.callbackNode = this.pendingContext = this.context = null;
-  this.callbackPriority = 0;
-  this.eventTimes = zc(0);
-  this.expirationTimes = zc(-1);
-  this.entangledLanes = this.finishedLanes = this.mutableReadLanes = this.expiredLanes = this.pingedLanes = this.suspendedLanes = this.pendingLanes = 0;
-  this.entanglements = zc(0);
-  this.identifierPrefix = d;
-  this.onRecoverableError = e;
-  this.mutableSourceEagerHydrationData = null;
-}
-function cl(a, b, c, d, e, f, g, h, k) {
-  a = new bl(a, b, c, h, k);
-  1 === b ? (b = 1, !0 === f && (b |= 8)) : b = 0;
-  f = Bg(3, null, null, b);
-  a.current = f;
-  f.stateNode = a;
-  f.memoizedState = {
-    element: d,
-    isDehydrated: c,
-    cache: null,
-    transitions: null,
-    pendingSuspenseBoundaries: null
-  };
-  ah(f);
-  return a;
-}
-function dl(a, b, c) {
-  var d = 3 < arguments.length && void 0 !== arguments[3] ? arguments[3] : null;
-  return {
-    $$typeof: wa,
-    key: null == d ? null : "" + d,
-    children: a,
-    containerInfo: b,
-    implementation: c
-  };
-}
-function el(a) {
-  if (!a) return Vf;
-  a = a._reactInternals;
-  a: {
-    if (Vb(a) !== a || 1 !== a.tag) throw Error(p(170));
-    var b = a;
-    do {
-      switch (b.tag) {
-        case 3:
-          b = b.stateNode.context;
-          break a;
-        case 1:
-          if (Zf(b.type)) {
-            b = b.stateNode.__reactInternalMemoizedMergedChildContext;
-            break a;
-          }
-      }
-      b = b.return;
-    } while (null !== b);
-    throw Error(p(171));
-  }
-  if (1 === a.tag) {
-    var c = a.type;
-    if (Zf(c)) return bg(a, c, b);
-  }
-  return b;
-}
-function fl(a, b, c, d, e, f, g, h, k) {
-  a = cl(c, d, !0, a, e, f, g, h, k);
-  a.context = el(null);
-  c = a.current;
-  d = L();
-  e = lh(c);
-  f = ch(d, e);
-  f.callback = void 0 !== b && null !== b ? b : null;
-  dh(c, f, e);
-  a.current.lanes = e;
-  Ac(a, e, d);
-  Ek(a, d);
-  return a;
-}
-function gl(a, b, c, d) {
-  var e = b.current,
-    f = L(),
-    g = lh(e);
-  c = el(c);
-  null === b.context ? b.context = c : b.pendingContext = c;
-  b = ch(f, g);
-  b.payload = {
-    element: a
-  };
-  d = void 0 === d ? null : d;
-  null !== d && (b.callback = d);
-  a = dh(e, b, g);
-  null !== a && (mh(a, e, g, f), eh(a, e, g));
-  return g;
-}
-function hl(a) {
-  a = a.current;
-  if (!a.child) return null;
-  switch (a.child.tag) {
-    case 5:
-      return a.child.stateNode;
-    default:
-      return a.child.stateNode;
-  }
-}
-function il(a, b) {
-  a = a.memoizedState;
-  if (null !== a && null !== a.dehydrated) {
-    var c = a.retryLane;
-    a.retryLane = 0 !== c && c < b ? c : b;
-  }
-}
-function jl(a, b) {
-  il(a, b);
-  (a = a.alternate) && il(a, b);
-}
-function kl() {
-  return null;
-}
-var ll = "function" === typeof reportError ? reportError : function (a) {
-  console.error(a);
-};
-function ml(a) {
-  this._internalRoot = a;
-}
-nl.prototype.render = ml.prototype.render = function (a) {
-  var b = this._internalRoot;
-  if (null === b) throw Error(p(409));
-  gl(a, b, null, null);
-};
-nl.prototype.unmount = ml.prototype.unmount = function () {
-  var a = this._internalRoot;
-  if (null !== a) {
-    this._internalRoot = null;
-    var b = a.containerInfo;
-    Sk(function () {
-      gl(null, a, null, null);
-    });
-    b[uf] = null;
-  }
-};
-function nl(a) {
-  this._internalRoot = a;
-}
-nl.prototype.unstable_scheduleHydration = function (a) {
-  if (a) {
-    var b = Hc();
-    a = {
-      blockedOn: null,
-      target: a,
-      priority: b
-    };
-    for (var c = 0; c < Qc.length && 0 !== b && b < Qc[c].priority; c++);
-    Qc.splice(c, 0, a);
-    0 === c && Vc(a);
-  }
-};
-function ol(a) {
-  return !(!a || 1 !== a.nodeType && 9 !== a.nodeType && 11 !== a.nodeType);
-}
-function pl(a) {
-  return !(!a || 1 !== a.nodeType && 9 !== a.nodeType && 11 !== a.nodeType && (8 !== a.nodeType || " react-mount-point-unstable " !== a.nodeValue));
-}
-function ql() {}
-function rl(a, b, c, d, e) {
-  if (e) {
-    if ("function" === typeof d) {
-      var f = d;
-      d = function d() {
-        var a = hl(g);
-        f.call(a);
-      };
-    }
-    var g = fl(b, d, a, 0, null, !1, !1, "", ql);
-    a._reactRootContainer = g;
-    a[uf] = g.current;
-    sf(8 === a.nodeType ? a.parentNode : a);
-    Sk();
-    return g;
-  }
-  for (; e = a.lastChild;) a.removeChild(e);
-  if ("function" === typeof d) {
-    var h = d;
-    d = function d() {
-      var a = hl(k);
-      h.call(a);
-    };
-  }
-  var k = cl(a, 0, !1, null, null, !1, !1, "", ql);
-  a._reactRootContainer = k;
-  a[uf] = k.current;
-  sf(8 === a.nodeType ? a.parentNode : a);
-  Sk(function () {
-    gl(b, k, c, d);
-  });
-  return k;
-}
-function sl(a, b, c, d, e) {
-  var f = c._reactRootContainer;
-  if (f) {
-    var g = f;
-    if ("function" === typeof e) {
-      var h = e;
-      e = function e() {
-        var a = hl(g);
-        h.call(a);
-      };
-    }
-    gl(b, g, a, e);
-  } else g = rl(c, b, a, e, d);
-  return hl(g);
-}
-Ec = function Ec(a) {
-  switch (a.tag) {
-    case 3:
-      var b = a.stateNode;
-      if (b.current.memoizedState.isDehydrated) {
-        var c = tc(b.pendingLanes);
-        0 !== c && (Cc(b, c | 1), Ek(b, B()), 0 === (K & 6) && (Hj = B() + 500, jg()));
-      }
-      break;
-    case 13:
-      Sk(function () {
-        var b = Zg(a, 1);
-        if (null !== b) {
-          var c = L();
-          mh(b, a, 1, c);
-        }
-      }), jl(a, 1);
-  }
-};
-Fc = function Fc(a) {
-  if (13 === a.tag) {
-    var b = Zg(a, 134217728);
-    if (null !== b) {
-      var c = L();
-      mh(b, a, 134217728, c);
-    }
-    jl(a, 134217728);
-  }
-};
-Gc = function Gc(a) {
-  if (13 === a.tag) {
-    var b = lh(a),
-      c = Zg(a, b);
-    if (null !== c) {
-      var d = L();
-      mh(c, a, b, d);
-    }
-    jl(a, b);
-  }
-};
-Hc = function Hc() {
-  return C;
-};
-Ic = function Ic(a, b) {
-  var c = C;
-  try {
-    return C = a, b();
-  } finally {
-    C = c;
-  }
-};
-yb = function yb(a, b, c) {
-  switch (b) {
-    case "input":
-      bb(a, c);
-      b = c.name;
-      if ("radio" === c.type && null != b) {
-        for (c = a; c.parentNode;) c = c.parentNode;
-        c = c.querySelectorAll("input[name=" + JSON.stringify("" + b) + '][type="radio"]');
-        for (b = 0; b < c.length; b++) {
-          var d = c[b];
-          if (d !== a && d.form === a.form) {
-            var e = Db(d);
-            if (!e) throw Error(p(90));
-            Wa(d);
-            bb(d, e);
-          }
-        }
-      }
-      break;
-    case "textarea":
-      ib(a, c);
-      break;
-    case "select":
-      b = c.value, null != b && fb(a, !!c.multiple, b, !1);
-  }
-};
-Gb = Rk;
-Hb = Sk;
-var tl = {
-    usingClientEntryPoint: !1,
-    Events: [Cb, ue, Db, Eb, Fb, Rk]
-  },
-  ul = {
-    findFiberByHostInstance: Wc,
-    bundleType: 0,
-    version: "18.2.0",
-    rendererPackageName: "react-dom"
-  };
-var vl = {
-  bundleType: ul.bundleType,
-  version: ul.version,
-  rendererPackageName: ul.rendererPackageName,
-  rendererConfig: ul.rendererConfig,
-  overrideHookState: null,
-  overrideHookStateDeletePath: null,
-  overrideHookStateRenamePath: null,
-  overrideProps: null,
-  overridePropsDeletePath: null,
-  overridePropsRenamePath: null,
-  setErrorHandler: null,
-  setSuspenseHandler: null,
-  scheduleUpdate: null,
-  currentDispatcherRef: ua.ReactCurrentDispatcher,
-  findHostInstanceByFiber: function findHostInstanceByFiber(a) {
-    a = Zb(a);
-    return null === a ? null : a.stateNode;
-  },
-  findFiberByHostInstance: ul.findFiberByHostInstance || kl,
-  findHostInstancesForRefresh: null,
-  scheduleRefresh: null,
-  scheduleRoot: null,
-  setRefreshHandler: null,
-  getCurrentFiber: null,
-  reconcilerVersion: "18.2.0-next-9e3b772b8-20220608"
-};
-if ("undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__) {
-  var wl = __REACT_DEVTOOLS_GLOBAL_HOOK__;
-  if (!wl.isDisabled && wl.supportsFiber) try {
-    kc = wl.inject(vl), lc = wl;
-  } catch (a) {}
-}
-exports.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED = tl;
-exports.createPortal = function (a, b) {
-  var c = 2 < arguments.length && void 0 !== arguments[2] ? arguments[2] : null;
-  if (!ol(b)) throw Error(p(200));
-  return dl(a, b, null, c);
-};
-exports.createRoot = function (a, b) {
-  if (!ol(a)) throw Error(p(299));
-  var c = !1,
-    d = "",
-    e = ll;
-  null !== b && void 0 !== b && (!0 === b.unstable_strictMode && (c = !0), void 0 !== b.identifierPrefix && (d = b.identifierPrefix), void 0 !== b.onRecoverableError && (e = b.onRecoverableError));
-  b = cl(a, 1, !1, null, null, c, !1, d, e);
-  a[uf] = b.current;
-  sf(8 === a.nodeType ? a.parentNode : a);
-  return new ml(b);
-};
-exports.findDOMNode = function (a) {
-  if (null == a) return null;
-  if (1 === a.nodeType) return a;
-  var b = a._reactInternals;
-  if (void 0 === b) {
-    if ("function" === typeof a.render) throw Error(p(188));
-    a = Object.keys(a).join(",");
-    throw Error(p(268, a));
-  }
-  a = Zb(b);
-  a = null === a ? null : a.stateNode;
-  return a;
-};
-exports.flushSync = function (a) {
-  return Sk(a);
-};
-exports.hydrate = function (a, b, c) {
-  if (!pl(b)) throw Error(p(200));
-  return sl(null, a, b, !0, c);
-};
-exports.hydrateRoot = function (a, b, c) {
-  if (!ol(a)) throw Error(p(405));
-  var d = null != c && c.hydratedSources || null,
-    e = !1,
-    f = "",
-    g = ll;
-  null !== c && void 0 !== c && (!0 === c.unstable_strictMode && (e = !0), void 0 !== c.identifierPrefix && (f = c.identifierPrefix), void 0 !== c.onRecoverableError && (g = c.onRecoverableError));
-  b = fl(b, null, a, 1, null != c ? c : null, e, !1, f, g);
-  a[uf] = b.current;
-  sf(a);
-  if (d) for (a = 0; a < d.length; a++) c = d[a], e = c._getVersion, e = e(c._source), null == b.mutableSourceEagerHydrationData ? b.mutableSourceEagerHydrationData = [c, e] : b.mutableSourceEagerHydrationData.push(c, e);
-  return new nl(b);
-};
-exports.render = function (a, b, c) {
-  if (!pl(b)) throw Error(p(200));
-  return sl(null, a, b, !1, c);
-};
-exports.unmountComponentAtNode = function (a) {
-  if (!pl(a)) throw Error(p(40));
-  return a._reactRootContainer ? (Sk(function () {
-    sl(null, null, a, !1, function () {
-      a._reactRootContainer = null;
-      a[uf] = null;
-    });
-  }), !0) : !1;
-};
-exports.unstable_batchedUpdates = Rk;
-exports.unstable_renderSubtreeIntoContainer = function (a, b, c, d) {
-  if (!pl(c)) throw Error(p(200));
-  if (null == a || void 0 === a._reactInternals) throw Error(p(38));
-  return sl(a, b, c, !1, d);
-};
-exports.version = "18.2.0-next-9e3b772b8-20220608";
-
-/***/ }),
-
-/***/ 250:
-/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
-
-"use strict";
-
-
-var m = __webpack_require__(164);
-if (true) {
-  exports.createRoot = m.createRoot;
-  exports.hydrateRoot = m.hydrateRoot;
-} else { var i; }
-
-/***/ }),
-
-/***/ 164:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-function checkDCE() {
-  /* global __REACT_DEVTOOLS_GLOBAL_HOOK__ */
-  if (typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ === 'undefined' || typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE !== 'function') {
-    return;
-  }
-  if (false) {}
-  try {
-    // Verify that the code above has been dead code eliminated (DCE'd).
-    __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE(checkDCE);
-  } catch (err) {
-    // DevTools shouldn't crash React, no matter what.
-    // We should still report in case we break this code.
-    console.error(err);
-  }
-}
-if (true) {
-  // DCE check should happen before ReactDOM bundle executes so that
-  // DevTools can report bad minification during injection.
-  checkDCE();
-  module.exports = __webpack_require__(463);
-} else {}
-
-/***/ }),
-
-/***/ 372:
-/***/ (function(__unused_webpack_module, exports) {
-
-"use strict";
-var __webpack_unused_export__;
-/**
- * @license React
- * react-is.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-
-var b = Symbol.for("react.element"),
-  c = Symbol.for("react.portal"),
-  d = Symbol.for("react.fragment"),
-  e = Symbol.for("react.strict_mode"),
-  f = Symbol.for("react.profiler"),
-  g = Symbol.for("react.provider"),
-  h = Symbol.for("react.context"),
-  k = Symbol.for("react.server_context"),
-  l = Symbol.for("react.forward_ref"),
-  m = Symbol.for("react.suspense"),
-  n = Symbol.for("react.suspense_list"),
-  p = Symbol.for("react.memo"),
-  q = Symbol.for("react.lazy"),
-  t = Symbol.for("react.offscreen"),
-  u;
-u = Symbol.for("react.module.reference");
-function v(a) {
-  if ("object" === typeof a && null !== a) {
-    var r = a.$$typeof;
-    switch (r) {
-      case b:
-        switch (a = a.type, a) {
-          case d:
-          case f:
-          case e:
-          case m:
-          case n:
-            return a;
-          default:
-            switch (a = a && a.$$typeof, a) {
-              case k:
-              case h:
-              case l:
-              case q:
-              case p:
-              case g:
-                return a;
-              default:
-                return r;
-            }
-        }
-      case c:
-        return r;
-    }
-  }
-}
-__webpack_unused_export__ = h;
-__webpack_unused_export__ = g;
-__webpack_unused_export__ = b;
-__webpack_unused_export__ = l;
-__webpack_unused_export__ = d;
-__webpack_unused_export__ = q;
-__webpack_unused_export__ = p;
-__webpack_unused_export__ = c;
-__webpack_unused_export__ = f;
-__webpack_unused_export__ = e;
-__webpack_unused_export__ = m;
-__webpack_unused_export__ = n;
-__webpack_unused_export__ = function () {
-  return !1;
-};
-__webpack_unused_export__ = function () {
-  return !1;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === h;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === g;
-};
-__webpack_unused_export__ = function (a) {
-  return "object" === typeof a && null !== a && a.$$typeof === b;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === l;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === d;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === q;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === p;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === c;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === f;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === e;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === m;
-};
-__webpack_unused_export__ = function (a) {
-  return v(a) === n;
-};
-__webpack_unused_export__ = function (a) {
-  return "string" === typeof a || "function" === typeof a || a === d || a === f || a === e || a === m || a === n || a === t || "object" === typeof a && null !== a && (a.$$typeof === q || a.$$typeof === p || a.$$typeof === g || a.$$typeof === h || a.$$typeof === l || a.$$typeof === u || void 0 !== a.getModuleId) ? !0 : !1;
-};
-__webpack_unused_export__ = v;
-
-/***/ }),
-
-/***/ 441:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-if (true) {
-  /* unused reexport */ __webpack_require__(372);
-} else {}
-
-/***/ }),
-
-/***/ 374:
-/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
-
-"use strict";
-/**
- * @license React
- * react-jsx-runtime.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-
-var f = __webpack_require__(791),
-  k = Symbol.for("react.element"),
-  l = Symbol.for("react.fragment"),
-  m = Object.prototype.hasOwnProperty,
-  n = f.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED.ReactCurrentOwner,
-  p = {
-    key: !0,
-    ref: !0,
-    __self: !0,
-    __source: !0
-  };
-function q(c, a, g) {
-  var b,
-    d = {},
-    e = null,
-    h = null;
-  void 0 !== g && (e = "" + g);
-  void 0 !== a.key && (e = "" + a.key);
-  void 0 !== a.ref && (h = a.ref);
-  for (b in a) m.call(a, b) && !p.hasOwnProperty(b) && (d[b] = a[b]);
-  if (c && c.defaultProps) for (b in a = c.defaultProps, a) void 0 === d[b] && (d[b] = a[b]);
-  return {
-    $$typeof: k,
-    type: c,
-    key: e,
-    ref: h,
-    props: d,
-    _owner: n.current
-  };
-}
-exports.Fragment = l;
-exports.jsx = q;
-exports.jsxs = q;
-
-/***/ }),
-
-/***/ 117:
-/***/ (function(__unused_webpack_module, exports) {
-
-"use strict";
-/**
- * @license React
- * react.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-
-var l = Symbol.for("react.element"),
-  n = Symbol.for("react.portal"),
-  p = Symbol.for("react.fragment"),
-  q = Symbol.for("react.strict_mode"),
-  r = Symbol.for("react.profiler"),
-  t = Symbol.for("react.provider"),
-  u = Symbol.for("react.context"),
-  v = Symbol.for("react.forward_ref"),
-  w = Symbol.for("react.suspense"),
-  x = Symbol.for("react.memo"),
-  y = Symbol.for("react.lazy"),
-  z = Symbol.iterator;
-function A(a) {
-  if (null === a || "object" !== typeof a) return null;
-  a = z && a[z] || a["@@iterator"];
-  return "function" === typeof a ? a : null;
-}
-var B = {
-    isMounted: function isMounted() {
-      return !1;
-    },
-    enqueueForceUpdate: function enqueueForceUpdate() {},
-    enqueueReplaceState: function enqueueReplaceState() {},
-    enqueueSetState: function enqueueSetState() {}
-  },
-  C = Object.assign,
-  D = {};
-function E(a, b, e) {
-  this.props = a;
-  this.context = b;
-  this.refs = D;
-  this.updater = e || B;
-}
-E.prototype.isReactComponent = {};
-E.prototype.setState = function (a, b) {
-  if ("object" !== typeof a && "function" !== typeof a && null != a) throw Error("setState(...): takes an object of state variables to update or a function which returns an object of state variables.");
-  this.updater.enqueueSetState(this, a, b, "setState");
-};
-E.prototype.forceUpdate = function (a) {
-  this.updater.enqueueForceUpdate(this, a, "forceUpdate");
-};
-function F() {}
-F.prototype = E.prototype;
-function G(a, b, e) {
-  this.props = a;
-  this.context = b;
-  this.refs = D;
-  this.updater = e || B;
-}
-var H = G.prototype = new F();
-H.constructor = G;
-C(H, E.prototype);
-H.isPureReactComponent = !0;
-var I = Array.isArray,
-  J = Object.prototype.hasOwnProperty,
-  K = {
-    current: null
-  },
-  L = {
-    key: !0,
-    ref: !0,
-    __self: !0,
-    __source: !0
-  };
-function M(a, b, e) {
-  var d,
-    c = {},
-    k = null,
-    h = null;
-  if (null != b) for (d in void 0 !== b.ref && (h = b.ref), void 0 !== b.key && (k = "" + b.key), b) J.call(b, d) && !L.hasOwnProperty(d) && (c[d] = b[d]);
-  var g = arguments.length - 2;
-  if (1 === g) c.children = e;else if (1 < g) {
-    for (var f = Array(g), m = 0; m < g; m++) f[m] = arguments[m + 2];
-    c.children = f;
-  }
-  if (a && a.defaultProps) for (d in g = a.defaultProps, g) void 0 === c[d] && (c[d] = g[d]);
-  return {
-    $$typeof: l,
-    type: a,
-    key: k,
-    ref: h,
-    props: c,
-    _owner: K.current
-  };
-}
-function N(a, b) {
-  return {
-    $$typeof: l,
-    type: a.type,
-    key: b,
-    ref: a.ref,
-    props: a.props,
-    _owner: a._owner
-  };
-}
-function O(a) {
-  return "object" === typeof a && null !== a && a.$$typeof === l;
-}
-function escape(a) {
-  var b = {
-    "=": "=0",
-    ":": "=2"
-  };
-  return "$" + a.replace(/[=:]/g, function (a) {
-    return b[a];
-  });
-}
-var P = /\/+/g;
-function Q(a, b) {
-  return "object" === typeof a && null !== a && null != a.key ? escape("" + a.key) : b.toString(36);
-}
-function R(a, b, e, d, c) {
-  var k = typeof a;
-  if ("undefined" === k || "boolean" === k) a = null;
-  var h = !1;
-  if (null === a) h = !0;else switch (k) {
-    case "string":
-    case "number":
-      h = !0;
-      break;
-    case "object":
-      switch (a.$$typeof) {
-        case l:
-        case n:
-          h = !0;
-      }
-  }
-  if (h) return h = a, c = c(h), a = "" === d ? "." + Q(h, 0) : d, I(c) ? (e = "", null != a && (e = a.replace(P, "$&/") + "/"), R(c, b, e, "", function (a) {
-    return a;
-  })) : null != c && (O(c) && (c = N(c, e + (!c.key || h && h.key === c.key ? "" : ("" + c.key).replace(P, "$&/") + "/") + a)), b.push(c)), 1;
-  h = 0;
-  d = "" === d ? "." : d + ":";
-  if (I(a)) for (var g = 0; g < a.length; g++) {
-    k = a[g];
-    var f = d + Q(k, g);
-    h += R(k, b, e, f, c);
-  } else if (f = A(a), "function" === typeof f) for (a = f.call(a), g = 0; !(k = a.next()).done;) k = k.value, f = d + Q(k, g++), h += R(k, b, e, f, c);else if ("object" === k) throw b = String(a), Error("Objects are not valid as a React child (found: " + ("[object Object]" === b ? "object with keys {" + Object.keys(a).join(", ") + "}" : b) + "). If you meant to render a collection of children, use an array instead.");
-  return h;
-}
-function S(a, b, e) {
-  if (null == a) return a;
-  var d = [],
-    c = 0;
-  R(a, d, "", "", function (a) {
-    return b.call(e, a, c++);
-  });
-  return d;
-}
-function T(a) {
-  if (-1 === a._status) {
-    var b = a._result;
-    b = b();
-    b.then(function (b) {
-      if (0 === a._status || -1 === a._status) a._status = 1, a._result = b;
-    }, function (b) {
-      if (0 === a._status || -1 === a._status) a._status = 2, a._result = b;
-    });
-    -1 === a._status && (a._status = 0, a._result = b);
-  }
-  if (1 === a._status) return a._result.default;
-  throw a._result;
-}
-var U = {
-    current: null
-  },
-  V = {
-    transition: null
-  },
-  W = {
-    ReactCurrentDispatcher: U,
-    ReactCurrentBatchConfig: V,
-    ReactCurrentOwner: K
-  };
-exports.Children = {
-  map: S,
-  forEach: function forEach(a, b, e) {
-    S(a, function () {
-      b.apply(this, arguments);
-    }, e);
-  },
-  count: function count(a) {
-    var b = 0;
-    S(a, function () {
-      b++;
-    });
-    return b;
-  },
-  toArray: function toArray(a) {
-    return S(a, function (a) {
-      return a;
-    }) || [];
-  },
-  only: function only(a) {
-    if (!O(a)) throw Error("React.Children.only expected to receive a single React element child.");
-    return a;
-  }
-};
-exports.Component = E;
-exports.Fragment = p;
-exports.Profiler = r;
-exports.PureComponent = G;
-exports.StrictMode = q;
-exports.Suspense = w;
-exports.__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED = W;
-exports.cloneElement = function (a, b, e) {
-  if (null === a || void 0 === a) throw Error("React.cloneElement(...): The argument must be a React element, but you passed " + a + ".");
-  var d = C({}, a.props),
-    c = a.key,
-    k = a.ref,
-    h = a._owner;
-  if (null != b) {
-    void 0 !== b.ref && (k = b.ref, h = K.current);
-    void 0 !== b.key && (c = "" + b.key);
-    if (a.type && a.type.defaultProps) var g = a.type.defaultProps;
-    for (f in b) J.call(b, f) && !L.hasOwnProperty(f) && (d[f] = void 0 === b[f] && void 0 !== g ? g[f] : b[f]);
-  }
-  var f = arguments.length - 2;
-  if (1 === f) d.children = e;else if (1 < f) {
-    g = Array(f);
-    for (var m = 0; m < f; m++) g[m] = arguments[m + 2];
-    d.children = g;
-  }
-  return {
-    $$typeof: l,
-    type: a.type,
-    key: c,
-    ref: k,
-    props: d,
-    _owner: h
-  };
-};
-exports.createContext = function (a) {
-  a = {
-    $$typeof: u,
-    _currentValue: a,
-    _currentValue2: a,
-    _threadCount: 0,
-    Provider: null,
-    Consumer: null,
-    _defaultValue: null,
-    _globalName: null
-  };
-  a.Provider = {
-    $$typeof: t,
-    _context: a
-  };
-  return a.Consumer = a;
-};
-exports.createElement = M;
-exports.createFactory = function (a) {
-  var b = M.bind(null, a);
-  b.type = a;
-  return b;
-};
-exports.createRef = function () {
-  return {
-    current: null
-  };
-};
-exports.forwardRef = function (a) {
-  return {
-    $$typeof: v,
-    render: a
-  };
-};
-exports.isValidElement = O;
-exports.lazy = function (a) {
-  return {
-    $$typeof: y,
-    _payload: {
-      _status: -1,
-      _result: a
-    },
-    _init: T
-  };
-};
-exports.memo = function (a, b) {
-  return {
-    $$typeof: x,
-    type: a,
-    compare: void 0 === b ? null : b
-  };
-};
-exports.startTransition = function (a) {
-  var b = V.transition;
-  V.transition = {};
-  try {
-    a();
-  } finally {
-    V.transition = b;
-  }
-};
-exports.unstable_act = function () {
-  throw Error("act(...) is not supported in production builds of React.");
-};
-exports.useCallback = function (a, b) {
-  return U.current.useCallback(a, b);
-};
-exports.useContext = function (a) {
-  return U.current.useContext(a);
-};
-exports.useDebugValue = function () {};
-exports.useDeferredValue = function (a) {
-  return U.current.useDeferredValue(a);
-};
-exports.useEffect = function (a, b) {
-  return U.current.useEffect(a, b);
-};
-exports.useId = function () {
-  return U.current.useId();
-};
-exports.useImperativeHandle = function (a, b, e) {
-  return U.current.useImperativeHandle(a, b, e);
-};
-exports.useInsertionEffect = function (a, b) {
-  return U.current.useInsertionEffect(a, b);
-};
-exports.useLayoutEffect = function (a, b) {
-  return U.current.useLayoutEffect(a, b);
-};
-exports.useMemo = function (a, b) {
-  return U.current.useMemo(a, b);
-};
-exports.useReducer = function (a, b, e) {
-  return U.current.useReducer(a, b, e);
-};
-exports.useRef = function (a) {
-  return U.current.useRef(a);
-};
-exports.useState = function (a) {
-  return U.current.useState(a);
-};
-exports.useSyncExternalStore = function (a, b, e) {
-  return U.current.useSyncExternalStore(a, b, e);
-};
-exports.useTransition = function () {
-  return U.current.useTransition();
-};
-exports.version = "18.2.0";
-
-/***/ }),
-
-/***/ 791:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-if (true) {
-  module.exports = __webpack_require__(117);
-} else {}
-
-/***/ }),
-
-/***/ 184:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-if (true) {
-  module.exports = __webpack_require__(374);
-} else {}
-
-/***/ }),
-
-/***/ 813:
-/***/ (function(__unused_webpack_module, exports) {
-
-"use strict";
-/**
- * @license React
- * scheduler.production.min.js
- *
- * Copyright (c) Facebook, Inc. and its affiliates.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-
-
-function f(a, b) {
-  var c = a.length;
-  a.push(b);
-  a: for (; 0 < c;) {
-    var d = c - 1 >>> 1,
-      e = a[d];
-    if (0 < g(e, b)) a[d] = b, a[c] = e, c = d;else break a;
-  }
-}
-function h(a) {
-  return 0 === a.length ? null : a[0];
-}
-function k(a) {
-  if (0 === a.length) return null;
-  var b = a[0],
-    c = a.pop();
-  if (c !== b) {
-    a[0] = c;
-    a: for (var d = 0, e = a.length, w = e >>> 1; d < w;) {
-      var m = 2 * (d + 1) - 1,
-        C = a[m],
-        n = m + 1,
-        x = a[n];
-      if (0 > g(C, c)) n < e && 0 > g(x, C) ? (a[d] = x, a[n] = c, d = n) : (a[d] = C, a[m] = c, d = m);else if (n < e && 0 > g(x, c)) a[d] = x, a[n] = c, d = n;else break a;
-    }
-  }
-  return b;
-}
-function g(a, b) {
-  var c = a.sortIndex - b.sortIndex;
-  return 0 !== c ? c : a.id - b.id;
-}
-if ("object" === typeof performance && "function" === typeof performance.now) {
-  var l = performance;
-  exports.unstable_now = function () {
-    return l.now();
-  };
-} else {
-  var p = Date,
-    q = p.now();
-  exports.unstable_now = function () {
-    return p.now() - q;
-  };
-}
-var r = [],
-  t = [],
-  u = 1,
-  v = null,
-  y = 3,
-  z = !1,
-  A = !1,
-  B = !1,
-  D = "function" === typeof setTimeout ? setTimeout : null,
-  E = "function" === typeof clearTimeout ? clearTimeout : null,
-  F = "undefined" !== typeof setImmediate ? setImmediate : null;
-"undefined" !== typeof navigator && void 0 !== navigator.scheduling && void 0 !== navigator.scheduling.isInputPending && navigator.scheduling.isInputPending.bind(navigator.scheduling);
-function G(a) {
-  for (var b = h(t); null !== b;) {
-    if (null === b.callback) k(t);else if (b.startTime <= a) k(t), b.sortIndex = b.expirationTime, f(r, b);else break;
-    b = h(t);
-  }
-}
-function H(a) {
-  B = !1;
-  G(a);
-  if (!A) if (null !== h(r)) A = !0, I(J);else {
-    var b = h(t);
-    null !== b && K(H, b.startTime - a);
-  }
-}
-function J(a, b) {
-  A = !1;
-  B && (B = !1, E(L), L = -1);
-  z = !0;
-  var c = y;
-  try {
-    G(b);
-    for (v = h(r); null !== v && (!(v.expirationTime > b) || a && !M());) {
-      var d = v.callback;
-      if ("function" === typeof d) {
-        v.callback = null;
-        y = v.priorityLevel;
-        var e = d(v.expirationTime <= b);
-        b = exports.unstable_now();
-        "function" === typeof e ? v.callback = e : v === h(r) && k(r);
-        G(b);
-      } else k(r);
-      v = h(r);
-    }
-    if (null !== v) var w = !0;else {
-      var m = h(t);
-      null !== m && K(H, m.startTime - b);
-      w = !1;
-    }
-    return w;
-  } finally {
-    v = null, y = c, z = !1;
-  }
-}
-var N = !1,
-  O = null,
-  L = -1,
-  P = 5,
-  Q = -1;
-function M() {
-  return exports.unstable_now() - Q < P ? !1 : !0;
-}
-function R() {
-  if (null !== O) {
-    var a = exports.unstable_now();
-    Q = a;
-    var b = !0;
-    try {
-      b = O(!0, a);
-    } finally {
-      b ? S() : (N = !1, O = null);
-    }
-  } else N = !1;
-}
-var S;
-if ("function" === typeof F) S = function S() {
-  F(R);
-};else if ("undefined" !== typeof MessageChannel) {
-  var T = new MessageChannel(),
-    U = T.port2;
-  T.port1.onmessage = R;
-  S = function S() {
-    U.postMessage(null);
-  };
-} else S = function S() {
-  D(R, 0);
-};
-function I(a) {
-  O = a;
-  N || (N = !0, S());
-}
-function K(a, b) {
-  L = D(function () {
-    a(exports.unstable_now());
-  }, b);
-}
-exports.unstable_IdlePriority = 5;
-exports.unstable_ImmediatePriority = 1;
-exports.unstable_LowPriority = 4;
-exports.unstable_NormalPriority = 3;
-exports.unstable_Profiling = null;
-exports.unstable_UserBlockingPriority = 2;
-exports.unstable_cancelCallback = function (a) {
-  a.callback = null;
-};
-exports.unstable_continueExecution = function () {
-  A || z || (A = !0, I(J));
-};
-exports.unstable_forceFrameRate = function (a) {
-  0 > a || 125 < a ? console.error("forceFrameRate takes a positive int between 0 and 125, forcing frame rates higher than 125 fps is not supported") : P = 0 < a ? Math.floor(1E3 / a) : 5;
-};
-exports.unstable_getCurrentPriorityLevel = function () {
-  return y;
-};
-exports.unstable_getFirstCallbackNode = function () {
-  return h(r);
-};
-exports.unstable_next = function (a) {
-  switch (y) {
-    case 1:
-    case 2:
-    case 3:
-      var b = 3;
-      break;
-    default:
-      b = y;
-  }
-  var c = y;
-  y = b;
-  try {
-    return a();
-  } finally {
-    y = c;
-  }
-};
-exports.unstable_pauseExecution = function () {};
-exports.unstable_requestPaint = function () {};
-exports.unstable_runWithPriority = function (a, b) {
-  switch (a) {
-    case 1:
-    case 2:
-    case 3:
-    case 4:
-    case 5:
-      break;
-    default:
-      a = 3;
-  }
-  var c = y;
-  y = a;
-  try {
-    return b();
-  } finally {
-    y = c;
-  }
-};
-exports.unstable_scheduleCallback = function (a, b, c) {
-  var d = exports.unstable_now();
-  "object" === typeof c && null !== c ? (c = c.delay, c = "number" === typeof c && 0 < c ? d + c : d) : c = d;
-  switch (a) {
-    case 1:
-      var e = -1;
-      break;
-    case 2:
-      e = 250;
-      break;
-    case 5:
-      e = 1073741823;
-      break;
-    case 4:
-      e = 1E4;
-      break;
-    default:
-      e = 5E3;
-  }
-  e = c + e;
-  a = {
-    id: u++,
-    callback: b,
-    priorityLevel: a,
-    startTime: c,
-    expirationTime: e,
-    sortIndex: -1
-  };
-  c > d ? (a.sortIndex = c, f(t, a), null === h(r) && a === h(t) && (B ? (E(L), L = -1) : B = !0, K(H, c - d))) : (a.sortIndex = e, f(r, a), A || z || (A = !0, I(J)));
-  return a;
-};
-exports.unstable_shouldYield = M;
-exports.unstable_wrapCallback = function (a) {
-  var b = y;
-  return function () {
-    var c = y;
-    y = b;
-    try {
-      return a.apply(this, arguments);
-    } finally {
-      y = c;
-    }
-  };
-};
-
-/***/ }),
-
-/***/ 296:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-"use strict";
-
-
-if (true) {
-  module.exports = __webpack_require__(813);
-} else {}
-
-/***/ }),
-
-/***/ 897:
-/***/ (function(module) {
-
-function _arrayLikeToArray(arr, len) {
-  if (len == null || len > arr.length) len = arr.length;
-  for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i];
-  return arr2;
-}
-module.exports = _arrayLikeToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 889:
-/***/ (function(module) {
-
-function _arrayWithHoles(arr) {
-  if (Array.isArray(arr)) return arr;
-}
-module.exports = _arrayWithHoles, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 405:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var arrayLikeToArray = __webpack_require__(897);
-function _arrayWithoutHoles(arr) {
-  if (Array.isArray(arr)) return arrayLikeToArray(arr);
-}
-module.exports = _arrayWithoutHoles, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 115:
-/***/ (function(module) {
-
-function _assertThisInitialized(self) {
-  if (self === void 0) {
-    throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
-  }
-  return self;
-}
-module.exports = _assertThisInitialized, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 690:
-/***/ (function(module) {
-
-function _classCallCheck(instance, Constructor) {
-  if (!(instance instanceof Constructor)) {
-    throw new TypeError("Cannot call a class as a function");
-  }
-}
-module.exports = _classCallCheck, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 728:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var toPropertyKey = __webpack_require__(62);
-function _defineProperties(target, props) {
-  for (var i = 0; i < props.length; i++) {
-    var descriptor = props[i];
-    descriptor.enumerable = descriptor.enumerable || false;
-    descriptor.configurable = true;
-    if ("value" in descriptor) descriptor.writable = true;
-    Object.defineProperty(target, toPropertyKey(descriptor.key), descriptor);
-  }
-}
-function _createClass(Constructor, protoProps, staticProps) {
-  if (protoProps) _defineProperties(Constructor.prototype, protoProps);
-  if (staticProps) _defineProperties(Constructor, staticProps);
-  Object.defineProperty(Constructor, "prototype", {
-    writable: false
-  });
-  return Constructor;
-}
-module.exports = _createClass, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 389:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var getPrototypeOf = __webpack_require__(808);
-var isNativeReflectConstruct = __webpack_require__(617);
-var possibleConstructorReturn = __webpack_require__(993);
-function _createSuper(Derived) {
-  var hasNativeReflectConstruct = isNativeReflectConstruct();
-  return function _createSuperInternal() {
-    var Super = getPrototypeOf(Derived),
-      result;
-    if (hasNativeReflectConstruct) {
-      var NewTarget = getPrototypeOf(this).constructor;
-      result = Reflect.construct(Super, arguments, NewTarget);
-    } else {
-      result = Super.apply(this, arguments);
-    }
-    return possibleConstructorReturn(this, result);
-  };
-}
-module.exports = _createSuper, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 808:
-/***/ (function(module) {
-
-function _getPrototypeOf(o) {
-  module.exports = _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) {
-    return o.__proto__ || Object.getPrototypeOf(o);
-  }, module.exports.__esModule = true, module.exports["default"] = module.exports;
-  return _getPrototypeOf(o);
-}
-module.exports = _getPrototypeOf, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 655:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var setPrototypeOf = __webpack_require__(15);
-function _inherits(subClass, superClass) {
-  if (typeof superClass !== "function" && superClass !== null) {
-    throw new TypeError("Super expression must either be null or a function");
-  }
-  subClass.prototype = Object.create(superClass && superClass.prototype, {
-    constructor: {
-      value: subClass,
-      writable: true,
-      configurable: true
-    }
-  });
-  Object.defineProperty(subClass, "prototype", {
-    writable: false
-  });
-  if (superClass) setPrototypeOf(subClass, superClass);
-}
-module.exports = _inherits, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 617:
-/***/ (function(module) {
-
-function _isNativeReflectConstruct() {
-  if (typeof Reflect === "undefined" || !Reflect.construct) return false;
-  if (Reflect.construct.sham) return false;
-  if (typeof Proxy === "function") return true;
-  try {
-    Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));
-    return true;
-  } catch (e) {
-    return false;
-  }
-}
-module.exports = _isNativeReflectConstruct, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 498:
-/***/ (function(module) {
-
-function _iterableToArray(iter) {
-  if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
-}
-module.exports = _iterableToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 872:
-/***/ (function(module) {
-
-function _iterableToArrayLimit(arr, i) {
-  var _i = null == arr ? null : "undefined" != typeof Symbol && arr[Symbol.iterator] || arr["@@iterator"];
-  if (null != _i) {
-    var _s,
-      _e,
-      _x,
-      _r,
-      _arr = [],
-      _n = !0,
-      _d = !1;
-    try {
-      if (_x = (_i = _i.call(arr)).next, 0 === i) {
-        if (Object(_i) !== _i) return;
-        _n = !1;
-      } else for (; !(_n = (_s = _x.call(_i)).done) && (_arr.push(_s.value), _arr.length !== i); _n = !0);
-    } catch (err) {
-      _d = !0, _e = err;
-    } finally {
-      try {
-        if (!_n && null != _i["return"] && (_r = _i["return"](), Object(_r) !== _r)) return;
-      } finally {
-        if (_d) throw _e;
-      }
-    }
-    return _arr;
-  }
-}
-module.exports = _iterableToArrayLimit, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 218:
-/***/ (function(module) {
-
-function _nonIterableRest() {
-  throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
-}
-module.exports = _nonIterableRest, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 281:
-/***/ (function(module) {
-
-function _nonIterableSpread() {
-  throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
-}
-module.exports = _nonIterableSpread, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 993:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var _typeof = (__webpack_require__(698)["default"]);
-var assertThisInitialized = __webpack_require__(115);
-function _possibleConstructorReturn(self, call) {
-  if (call && (_typeof(call) === "object" || typeof call === "function")) {
-    return call;
-  } else if (call !== void 0) {
-    throw new TypeError("Derived constructors may only return object or undefined");
-  }
-  return assertThisInitialized(self);
-}
-module.exports = _possibleConstructorReturn, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 15:
-/***/ (function(module) {
-
-function _setPrototypeOf(o, p) {
-  module.exports = _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) {
-    o.__proto__ = p;
-    return o;
-  }, module.exports.__esModule = true, module.exports["default"] = module.exports;
-  return _setPrototypeOf(o, p);
-}
-module.exports = _setPrototypeOf, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 424:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var arrayWithHoles = __webpack_require__(889);
-var iterableToArrayLimit = __webpack_require__(872);
-var unsupportedIterableToArray = __webpack_require__(116);
-var nonIterableRest = __webpack_require__(218);
-function _slicedToArray(arr, i) {
-  return arrayWithHoles(arr) || iterableToArrayLimit(arr, i) || unsupportedIterableToArray(arr, i) || nonIterableRest();
-}
-module.exports = _slicedToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 861:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var arrayWithoutHoles = __webpack_require__(405);
-var iterableToArray = __webpack_require__(498);
-var unsupportedIterableToArray = __webpack_require__(116);
-var nonIterableSpread = __webpack_require__(281);
-function _toConsumableArray(arr) {
-  return arrayWithoutHoles(arr) || iterableToArray(arr) || unsupportedIterableToArray(arr) || nonIterableSpread();
-}
-module.exports = _toConsumableArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 36:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var _typeof = (__webpack_require__(698)["default"]);
-function _toPrimitive(input, hint) {
-  if (_typeof(input) !== "object" || input === null) return input;
-  var prim = input[Symbol.toPrimitive];
-  if (prim !== undefined) {
-    var res = prim.call(input, hint || "default");
-    if (_typeof(res) !== "object") return res;
-    throw new TypeError("@@toPrimitive must return a primitive value.");
-  }
-  return (hint === "string" ? String : Number)(input);
-}
-module.exports = _toPrimitive, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 62:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var _typeof = (__webpack_require__(698)["default"]);
-var toPrimitive = __webpack_require__(36);
-function _toPropertyKey(arg) {
-  var key = toPrimitive(arg, "string");
-  return _typeof(key) === "symbol" ? key : String(key);
-}
-module.exports = _toPropertyKey, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 698:
-/***/ (function(module) {
-
-function _typeof(obj) {
-  "@babel/helpers - typeof";
-
-  return (module.exports = _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) {
-    return typeof obj;
-  } : function (obj) {
-    return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
-  }, module.exports.__esModule = true, module.exports["default"] = module.exports), _typeof(obj);
-}
-module.exports = _typeof, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ }),
-
-/***/ 116:
-/***/ (function(module, __unused_webpack_exports, __webpack_require__) {
-
-var arrayLikeToArray = __webpack_require__(897);
-function _unsupportedIterableToArray(o, minLen) {
-  if (!o) return;
-  if (typeof o === "string") return arrayLikeToArray(o, minLen);
-  var n = Object.prototype.toString.call(o).slice(8, -1);
-  if (n === "Object" && o.constructor) n = o.constructor.name;
-  if (n === "Map" || n === "Set") return Array.from(o);
-  if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return arrayLikeToArray(o, minLen);
-}
-module.exports = _unsupportedIterableToArray, module.exports.__esModule = true, module.exports["default"] = module.exports;
-
-/***/ })
-
-/******/ 	});
-/************************************************************************/
-/******/ 	// The module cache
-/******/ 	var __webpack_module_cache__ = {};
-/******/ 	
-/******/ 	// The require function
-/******/ 	function __webpack_require__(moduleId) {
-/******/ 		// Check if module is in cache
-/******/ 		var cachedModule = __webpack_module_cache__[moduleId];
-/******/ 		if (cachedModule !== undefined) {
-/******/ 			return cachedModule.exports;
-/******/ 		}
-/******/ 		// Create a new module (and put it into the cache)
-/******/ 		var module = __webpack_module_cache__[moduleId] = {
-/******/ 			id: moduleId,
-/******/ 			loaded: false,
-/******/ 			exports: {}
-/******/ 		};
-/******/ 	
-/******/ 		// Execute the module function
-/******/ 		__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);
-/******/ 	
-/******/ 		// Flag the module as loaded
-/******/ 		module.loaded = true;
-/******/ 	
-/******/ 		// Return the exports of the module
-/******/ 		return module.exports;
-/******/ 	}
-/******/ 	
-/******/ 	// expose the modules object (__webpack_modules__)
-/******/ 	__webpack_require__.m = __webpack_modules__;
-/******/ 	
-/************************************************************************/
-/******/ 	/* webpack/runtime/amd options */
-/******/ 	!function() {
-/******/ 		__webpack_require__.amdO = {};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/compat get default export */
-/******/ 	!function() {
-/******/ 		// getDefaultExport function for compatibility with non-harmony modules
-/******/ 		__webpack_require__.n = function(module) {
-/******/ 			var getter = module && module.__esModule ?
-/******/ 				function() { return module['default']; } :
-/******/ 				function() { return module; };
-/******/ 			__webpack_require__.d(getter, { a: getter });
-/******/ 			return getter;
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/create fake namespace object */
-/******/ 	!function() {
-/******/ 		var getProto = Object.getPrototypeOf ? function(obj) { return Object.getPrototypeOf(obj); } : function(obj) { return obj.__proto__; };
-/******/ 		var leafPrototypes;
-/******/ 		// create a fake namespace object
-/******/ 		// mode & 1: value is a module id, require it
-/******/ 		// mode & 2: merge all properties of value into the ns
-/******/ 		// mode & 4: return value when already ns object
-/******/ 		// mode & 16: return value when it's Promise-like
-/******/ 		// mode & 8|1: behave like require
-/******/ 		__webpack_require__.t = function(value, mode) {
-/******/ 			if(mode & 1) value = this(value);
-/******/ 			if(mode & 8) return value;
-/******/ 			if(typeof value === 'object' && value) {
-/******/ 				if((mode & 4) && value.__esModule) return value;
-/******/ 				if((mode & 16) && typeof value.then === 'function') return value;
-/******/ 			}
-/******/ 			var ns = Object.create(null);
-/******/ 			__webpack_require__.r(ns);
-/******/ 			var def = {};
-/******/ 			leafPrototypes = leafPrototypes || [null, getProto({}), getProto([]), getProto(getProto)];
-/******/ 			for(var current = mode & 2 && value; typeof current == 'object' && !~leafPrototypes.indexOf(current); current = getProto(current)) {
-/******/ 				Object.getOwnPropertyNames(current).forEach(function(key) { def[key] = function() { return value[key]; }; });
-/******/ 			}
-/******/ 			def['default'] = function() { return value; };
-/******/ 			__webpack_require__.d(ns, def);
-/******/ 			return ns;
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/define property getters */
-/******/ 	!function() {
-/******/ 		// define getter functions for harmony exports
-/******/ 		__webpack_require__.d = function(exports, definition) {
-/******/ 			for(var key in definition) {
-/******/ 				if(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {
-/******/ 					Object.defineProperty(exports, key, { enumerable: true, get: definition[key] });
-/******/ 				}
-/******/ 			}
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/ensure chunk */
-/******/ 	!function() {
-/******/ 		__webpack_require__.f = {};
-/******/ 		// This file contains only the entry chunk.
-/******/ 		// The chunk loading function for additional chunks
-/******/ 		__webpack_require__.e = function(chunkId) {
-/******/ 			return Promise.all(Object.keys(__webpack_require__.f).reduce(function(promises, key) {
-/******/ 				__webpack_require__.f[key](chunkId, promises);
-/******/ 				return promises;
-/******/ 			}, []));
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/get javascript chunk filename */
-/******/ 	!function() {
-/******/ 		// This function allow to reference async chunks
-/******/ 		__webpack_require__.u = function(chunkId) {
-/******/ 			// return url for filenames based on template
-/******/ 			return "static/js/" + chunkId + "." + "98a1313e" + ".chunk.js";
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/get mini-css chunk filename */
-/******/ 	!function() {
-/******/ 		// This function allow to reference async chunks
-/******/ 		__webpack_require__.miniCssF = function(chunkId) {
-/******/ 			// return url for filenames based on template
-/******/ 			return undefined;
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/global */
-/******/ 	!function() {
-/******/ 		__webpack_require__.g = (function() {
-/******/ 			if (typeof globalThis === 'object') return globalThis;
-/******/ 			try {
-/******/ 				return this || new Function('return this')();
-/******/ 			} catch (e) {
-/******/ 				if (typeof window === 'object') return window;
-/******/ 			}
-/******/ 		})();
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/hasOwnProperty shorthand */
-/******/ 	!function() {
-/******/ 		__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/load script */
-/******/ 	!function() {
-/******/ 		var inProgress = {};
-/******/ 		var dataWebpackPrefix = "kluctl-webui:";
-/******/ 		// loadScript function to load a script via script tag
-/******/ 		__webpack_require__.l = function(url, done, key, chunkId) {
-/******/ 			if(inProgress[url]) { inProgress[url].push(done); return; }
-/******/ 			var script, needAttach;
-/******/ 			if(key !== undefined) {
-/******/ 				var scripts = document.getElementsByTagName("script");
-/******/ 				for(var i = 0; i < scripts.length; i++) {
-/******/ 					var s = scripts[i];
-/******/ 					if(s.getAttribute("src") == url || s.getAttribute("data-webpack") == dataWebpackPrefix + key) { script = s; break; }
-/******/ 				}
-/******/ 			}
-/******/ 			if(!script) {
-/******/ 				needAttach = true;
-/******/ 				script = document.createElement('script');
-/******/ 		
-/******/ 				script.charset = 'utf-8';
-/******/ 				script.timeout = 120;
-/******/ 				if (__webpack_require__.nc) {
-/******/ 					script.setAttribute("nonce", __webpack_require__.nc);
-/******/ 				}
-/******/ 				script.setAttribute("data-webpack", dataWebpackPrefix + key);
-/******/ 				script.src = url;
-/******/ 			}
-/******/ 			inProgress[url] = [done];
-/******/ 			var onScriptComplete = function(prev, event) {
-/******/ 				// avoid mem leaks in IE.
-/******/ 				script.onerror = script.onload = null;
-/******/ 				clearTimeout(timeout);
-/******/ 				var doneFns = inProgress[url];
-/******/ 				delete inProgress[url];
-/******/ 				script.parentNode && script.parentNode.removeChild(script);
-/******/ 				doneFns && doneFns.forEach(function(fn) { return fn(event); });
-/******/ 				if(prev) return prev(event);
-/******/ 			}
-/******/ 			var timeout = setTimeout(onScriptComplete.bind(null, undefined, { type: 'timeout', target: script }), 120000);
-/******/ 			script.onerror = onScriptComplete.bind(null, script.onerror);
-/******/ 			script.onload = onScriptComplete.bind(null, script.onload);
-/******/ 			needAttach && document.head.appendChild(script);
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/make namespace object */
-/******/ 	!function() {
-/******/ 		// define __esModule on exports
-/******/ 		__webpack_require__.r = function(exports) {
-/******/ 			if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
-/******/ 				Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-/******/ 			}
-/******/ 			Object.defineProperty(exports, '__esModule', { value: true });
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/node module decorator */
-/******/ 	!function() {
-/******/ 		__webpack_require__.nmd = function(module) {
-/******/ 			module.paths = [];
-/******/ 			if (!module.children) module.children = [];
-/******/ 			return module;
-/******/ 		};
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/publicPath */
-/******/ 	!function() {
-/******/ 		__webpack_require__.p = "./";
-/******/ 	}();
-/******/ 	
-/******/ 	/* webpack/runtime/jsonp chunk loading */
-/******/ 	!function() {
-/******/ 		// no baseURI
-/******/ 		
-/******/ 		// object to store loaded and loading chunks
-/******/ 		// undefined = chunk not loaded, null = chunk preloaded/prefetched
-/******/ 		// [resolve, reject, Promise] = chunk loading, 0 = chunk loaded
-/******/ 		var installedChunks = {
-/******/ 			179: 0
-/******/ 		};
-/******/ 		
-/******/ 		__webpack_require__.f.j = function(chunkId, promises) {
-/******/ 				// JSONP chunk loading for javascript
-/******/ 				var installedChunkData = __webpack_require__.o(installedChunks, chunkId) ? installedChunks[chunkId] : undefined;
-/******/ 				if(installedChunkData !== 0) { // 0 means "already installed".
-/******/ 		
-/******/ 					// a Promise means "currently loading".
-/******/ 					if(installedChunkData) {
-/******/ 						promises.push(installedChunkData[2]);
-/******/ 					} else {
-/******/ 						if(true) { // all chunks have JS
-/******/ 							// setup Promise in chunk cache
-/******/ 							var promise = new Promise(function(resolve, reject) { installedChunkData = installedChunks[chunkId] = [resolve, reject]; });
-/******/ 							promises.push(installedChunkData[2] = promise);
-/******/ 		
-/******/ 							// start chunk loading
-/******/ 							var url = __webpack_require__.p + __webpack_require__.u(chunkId);
-/******/ 							// create error before stack unwound to get useful stacktrace later
-/******/ 							var error = new Error();
-/******/ 							var loadingEnded = function(event) {
-/******/ 								if(__webpack_require__.o(installedChunks, chunkId)) {
-/******/ 									installedChunkData = installedChunks[chunkId];
-/******/ 									if(installedChunkData !== 0) installedChunks[chunkId] = undefined;
-/******/ 									if(installedChunkData) {
-/******/ 										var errorType = event && (event.type === 'load' ? 'missing' : event.type);
-/******/ 										var realSrc = event && event.target && event.target.src;
-/******/ 										error.message = 'Loading chunk ' + chunkId + ' failed.\n(' + errorType + ': ' + realSrc + ')';
-/******/ 										error.name = 'ChunkLoadError';
-/******/ 										error.type = errorType;
-/******/ 										error.request = realSrc;
-/******/ 										installedChunkData[1](error);
-/******/ 									}
-/******/ 								}
-/******/ 							};
-/******/ 							__webpack_require__.l(url, loadingEnded, "chunk-" + chunkId, chunkId);
-/******/ 						}
-/******/ 					}
-/******/ 				}
-/******/ 		};
-/******/ 		
-/******/ 		// no prefetching
-/******/ 		
-/******/ 		// no preloaded
-/******/ 		
-/******/ 		// no HMR
-/******/ 		
-/******/ 		// no HMR manifest
-/******/ 		
-/******/ 		// no on chunks loaded
-/******/ 		
-/******/ 		// install a JSONP callback for chunk loading
-/******/ 		var webpackJsonpCallback = function(parentChunkLoadingFunction, data) {
-/******/ 			var chunkIds = data[0];
-/******/ 			var moreModules = data[1];
-/******/ 			var runtime = data[2];
-/******/ 			// add "moreModules" to the modules object,
-/******/ 			// then flag all "chunkIds" as loaded and fire callback
-/******/ 			var moduleId, chunkId, i = 0;
-/******/ 			if(chunkIds.some(function(id) { return installedChunks[id] !== 0; })) {
-/******/ 				for(moduleId in moreModules) {
-/******/ 					if(__webpack_require__.o(moreModules, moduleId)) {
-/******/ 						__webpack_require__.m[moduleId] = moreModules[moduleId];
-/******/ 					}
-/******/ 				}
-/******/ 				if(runtime) var result = runtime(__webpack_require__);
-/******/ 			}
-/******/ 			if(parentChunkLoadingFunction) parentChunkLoadingFunction(data);
-/******/ 			for(;i < chunkIds.length; i++) {
-/******/ 				chunkId = chunkIds[i];
-/******/ 				if(__webpack_require__.o(installedChunks, chunkId) && installedChunks[chunkId]) {
-/******/ 					installedChunks[chunkId][0]();
-/******/ 				}
-/******/ 				installedChunks[chunkId] = 0;
-/******/ 			}
-/******/ 		
-/******/ 		}
-/******/ 		
-/******/ 		var chunkLoadingGlobal = self["webpackChunkkluctl_webui"] = self["webpackChunkkluctl_webui"] || [];
-/******/ 		chunkLoadingGlobal.forEach(webpackJsonpCallback.bind(null, 0));
-/******/ 		chunkLoadingGlobal.push = webpackJsonpCallback.bind(null, chunkLoadingGlobal.push.bind(chunkLoadingGlobal));
-/******/ 	}();
-/******/ 	
-/************************************************************************/
-var __webpack_exports__ = {};
-// This entry need to be wrapped in an IIFE because it need to be in strict mode.
-!function() {
-"use strict";
-
-// EXTERNAL MODULE: ./node_modules/react/index.js
-var react = __webpack_require__(791);
-var react_namespaceObject = /*#__PURE__*/__webpack_require__.t(react, 2);
-// EXTERNAL MODULE: ./node_modules/react-dom/client.js
-var client = __webpack_require__(250);
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayWithHoles.js
-function _arrayWithHoles(arr) {
-  if (Array.isArray(arr)) return arr;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/iterableToArrayLimit.js
-function _iterableToArrayLimit(arr, i) {
-  var _i = null == arr ? null : "undefined" != typeof Symbol && arr[Symbol.iterator] || arr["@@iterator"];
-  if (null != _i) {
-    var _s,
-      _e,
-      _x,
-      _r,
-      _arr = [],
-      _n = !0,
-      _d = !1;
-    try {
-      if (_x = (_i = _i.call(arr)).next, 0 === i) {
-        if (Object(_i) !== _i) return;
-        _n = !1;
-      } else for (; !(_n = (_s = _x.call(_i)).done) && (_arr.push(_s.value), _arr.length !== i); _n = !0);
-    } catch (err) {
-      _d = !0, _e = err;
-    } finally {
-      try {
-        if (!_n && null != _i["return"] && (_r = _i["return"](), Object(_r) !== _r)) return;
-      } finally {
-        if (_d) throw _e;
-      }
-    }
-    return _arr;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayLikeToArray.js
-function _arrayLikeToArray(arr, len) {
-  if (len == null || len > arr.length) len = arr.length;
-  for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i];
-  return arr2;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/unsupportedIterableToArray.js
-
-function _unsupportedIterableToArray(o, minLen) {
-  if (!o) return;
-  if (typeof o === "string") return _arrayLikeToArray(o, minLen);
-  var n = Object.prototype.toString.call(o).slice(8, -1);
-  if (n === "Object" && o.constructor) n = o.constructor.name;
-  if (n === "Map" || n === "Set") return Array.from(o);
-  if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/nonIterableRest.js
-function _nonIterableRest() {
-  throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/slicedToArray.js
-
-
-
-
-function slicedToArray_slicedToArray(arr, i) {
-  return _arrayWithHoles(arr) || _iterableToArrayLimit(arr, i) || _unsupportedIterableToArray(arr, i) || _nonIterableRest();
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/classCallCheck.js
-function classCallCheck_classCallCheck(instance, Constructor) {
-  if (!(instance instanceof Constructor)) {
-    throw new TypeError("Cannot call a class as a function");
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/typeof.js
-function _typeof(obj) {
-  "@babel/helpers - typeof";
-
-  return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) {
-    return typeof obj;
-  } : function (obj) {
-    return obj && "function" == typeof Symbol && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj;
-  }, _typeof(obj);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toPrimitive.js
-
-function _toPrimitive(input, hint) {
-  if (_typeof(input) !== "object" || input === null) return input;
-  var prim = input[Symbol.toPrimitive];
-  if (prim !== undefined) {
-    var res = prim.call(input, hint || "default");
-    if (_typeof(res) !== "object") return res;
-    throw new TypeError("@@toPrimitive must return a primitive value.");
-  }
-  return (hint === "string" ? String : Number)(input);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toPropertyKey.js
-
-
-function _toPropertyKey(arg) {
-  var key = _toPrimitive(arg, "string");
-  return _typeof(key) === "symbol" ? key : String(key);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createClass.js
-
-function _defineProperties(target, props) {
-  for (var i = 0; i < props.length; i++) {
-    var descriptor = props[i];
-    descriptor.enumerable = descriptor.enumerable || false;
-    descriptor.configurable = true;
-    if ("value" in descriptor) descriptor.writable = true;
-    Object.defineProperty(target, _toPropertyKey(descriptor.key), descriptor);
-  }
-}
-function createClass_createClass(Constructor, protoProps, staticProps) {
-  if (protoProps) _defineProperties(Constructor.prototype, protoProps);
-  if (staticProps) _defineProperties(Constructor, staticProps);
-  Object.defineProperty(Constructor, "prototype", {
-    writable: false
-  });
-  return Constructor;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/setPrototypeOf.js
-function _setPrototypeOf(o, p) {
-  _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) {
-    o.__proto__ = p;
-    return o;
-  };
-  return _setPrototypeOf(o, p);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/inherits.js
-
-function _inherits(subClass, superClass) {
-  if (typeof superClass !== "function" && superClass !== null) {
-    throw new TypeError("Super expression must either be null or a function");
-  }
-  subClass.prototype = Object.create(superClass && superClass.prototype, {
-    constructor: {
-      value: subClass,
-      writable: true,
-      configurable: true
-    }
-  });
-  Object.defineProperty(subClass, "prototype", {
-    writable: false
-  });
-  if (superClass) _setPrototypeOf(subClass, superClass);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/getPrototypeOf.js
-function _getPrototypeOf(o) {
-  _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) {
-    return o.__proto__ || Object.getPrototypeOf(o);
-  };
-  return _getPrototypeOf(o);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/isNativeReflectConstruct.js
-function _isNativeReflectConstruct() {
-  if (typeof Reflect === "undefined" || !Reflect.construct) return false;
-  if (Reflect.construct.sham) return false;
-  if (typeof Proxy === "function") return true;
-  try {
-    Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {}));
-    return true;
-  } catch (e) {
-    return false;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/assertThisInitialized.js
-function _assertThisInitialized(self) {
-  if (self === void 0) {
-    throw new ReferenceError("this hasn't been initialised - super() hasn't been called");
-  }
-  return self;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/possibleConstructorReturn.js
-
-
-function _possibleConstructorReturn(self, call) {
-  if (call && (_typeof(call) === "object" || typeof call === "function")) {
-    return call;
-  } else if (call !== void 0) {
-    throw new TypeError("Derived constructors may only return object or undefined");
-  }
-  return _assertThisInitialized(self);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createSuper.js
-
-
-
-function _createSuper(Derived) {
-  var hasNativeReflectConstruct = _isNativeReflectConstruct();
-  return function _createSuperInternal() {
-    var Super = _getPrototypeOf(Derived),
-      result;
-    if (hasNativeReflectConstruct) {
-      var NewTarget = _getPrototypeOf(this).constructor;
-      result = Reflect.construct(Super, arguments, NewTarget);
-    } else {
-      result = Super.apply(this, arguments);
-    }
-    return _possibleConstructorReturn(this, result);
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/regeneratorRuntime.js
-
-function regeneratorRuntime_regeneratorRuntime() {
-  "use strict"; /*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */
-  regeneratorRuntime_regeneratorRuntime = function _regeneratorRuntime() {
-    return exports;
-  };
-  var exports = {},
-    Op = Object.prototype,
-    hasOwn = Op.hasOwnProperty,
-    defineProperty = Object.defineProperty || function (obj, key, desc) {
-      obj[key] = desc.value;
-    },
-    $Symbol = "function" == typeof Symbol ? Symbol : {},
-    iteratorSymbol = $Symbol.iterator || "@@iterator",
-    asyncIteratorSymbol = $Symbol.asyncIterator || "@@asyncIterator",
-    toStringTagSymbol = $Symbol.toStringTag || "@@toStringTag";
-  function define(obj, key, value) {
-    return Object.defineProperty(obj, key, {
-      value: value,
-      enumerable: !0,
-      configurable: !0,
-      writable: !0
-    }), obj[key];
-  }
-  try {
-    define({}, "");
-  } catch (err) {
-    define = function define(obj, key, value) {
-      return obj[key] = value;
-    };
-  }
-  function wrap(innerFn, outerFn, self, tryLocsList) {
-    var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator,
-      generator = Object.create(protoGenerator.prototype),
-      context = new Context(tryLocsList || []);
-    return defineProperty(generator, "_invoke", {
-      value: makeInvokeMethod(innerFn, self, context)
-    }), generator;
-  }
-  function tryCatch(fn, obj, arg) {
-    try {
-      return {
-        type: "normal",
-        arg: fn.call(obj, arg)
-      };
-    } catch (err) {
-      return {
-        type: "throw",
-        arg: err
-      };
-    }
-  }
-  exports.wrap = wrap;
-  var ContinueSentinel = {};
-  function Generator() {}
-  function GeneratorFunction() {}
-  function GeneratorFunctionPrototype() {}
-  var IteratorPrototype = {};
-  define(IteratorPrototype, iteratorSymbol, function () {
-    return this;
-  });
-  var getProto = Object.getPrototypeOf,
-    NativeIteratorPrototype = getProto && getProto(getProto(values([])));
-  NativeIteratorPrototype && NativeIteratorPrototype !== Op && hasOwn.call(NativeIteratorPrototype, iteratorSymbol) && (IteratorPrototype = NativeIteratorPrototype);
-  var Gp = GeneratorFunctionPrototype.prototype = Generator.prototype = Object.create(IteratorPrototype);
-  function defineIteratorMethods(prototype) {
-    ["next", "throw", "return"].forEach(function (method) {
-      define(prototype, method, function (arg) {
-        return this._invoke(method, arg);
-      });
-    });
-  }
-  function AsyncIterator(generator, PromiseImpl) {
-    function invoke(method, arg, resolve, reject) {
-      var record = tryCatch(generator[method], generator, arg);
-      if ("throw" !== record.type) {
-        var result = record.arg,
-          value = result.value;
-        return value && "object" == _typeof(value) && hasOwn.call(value, "__await") ? PromiseImpl.resolve(value.__await).then(function (value) {
-          invoke("next", value, resolve, reject);
-        }, function (err) {
-          invoke("throw", err, resolve, reject);
-        }) : PromiseImpl.resolve(value).then(function (unwrapped) {
-          result.value = unwrapped, resolve(result);
-        }, function (error) {
-          return invoke("throw", error, resolve, reject);
-        });
-      }
-      reject(record.arg);
-    }
-    var previousPromise;
-    defineProperty(this, "_invoke", {
-      value: function value(method, arg) {
-        function callInvokeWithMethodAndArg() {
-          return new PromiseImpl(function (resolve, reject) {
-            invoke(method, arg, resolve, reject);
-          });
-        }
-        return previousPromise = previousPromise ? previousPromise.then(callInvokeWithMethodAndArg, callInvokeWithMethodAndArg) : callInvokeWithMethodAndArg();
-      }
-    });
-  }
-  function makeInvokeMethod(innerFn, self, context) {
-    var state = "suspendedStart";
-    return function (method, arg) {
-      if ("executing" === state) throw new Error("Generator is already running");
-      if ("completed" === state) {
-        if ("throw" === method) throw arg;
-        return doneResult();
-      }
-      for (context.method = method, context.arg = arg;;) {
-        var delegate = context.delegate;
-        if (delegate) {
-          var delegateResult = maybeInvokeDelegate(delegate, context);
-          if (delegateResult) {
-            if (delegateResult === ContinueSentinel) continue;
-            return delegateResult;
-          }
-        }
-        if ("next" === context.method) context.sent = context._sent = context.arg;else if ("throw" === context.method) {
-          if ("suspendedStart" === state) throw state = "completed", context.arg;
-          context.dispatchException(context.arg);
-        } else "return" === context.method && context.abrupt("return", context.arg);
-        state = "executing";
-        var record = tryCatch(innerFn, self, context);
-        if ("normal" === record.type) {
-          if (state = context.done ? "completed" : "suspendedYield", record.arg === ContinueSentinel) continue;
-          return {
-            value: record.arg,
-            done: context.done
-          };
-        }
-        "throw" === record.type && (state = "completed", context.method = "throw", context.arg = record.arg);
-      }
-    };
-  }
-  function maybeInvokeDelegate(delegate, context) {
-    var methodName = context.method,
-      method = delegate.iterator[methodName];
-    if (undefined === method) return context.delegate = null, "throw" === methodName && delegate.iterator["return"] && (context.method = "return", context.arg = undefined, maybeInvokeDelegate(delegate, context), "throw" === context.method) || "return" !== methodName && (context.method = "throw", context.arg = new TypeError("The iterator does not provide a '" + methodName + "' method")), ContinueSentinel;
-    var record = tryCatch(method, delegate.iterator, context.arg);
-    if ("throw" === record.type) return context.method = "throw", context.arg = record.arg, context.delegate = null, ContinueSentinel;
-    var info = record.arg;
-    return info ? info.done ? (context[delegate.resultName] = info.value, context.next = delegate.nextLoc, "return" !== context.method && (context.method = "next", context.arg = undefined), context.delegate = null, ContinueSentinel) : info : (context.method = "throw", context.arg = new TypeError("iterator result is not an object"), context.delegate = null, ContinueSentinel);
-  }
-  function pushTryEntry(locs) {
-    var entry = {
-      tryLoc: locs[0]
-    };
-    1 in locs && (entry.catchLoc = locs[1]), 2 in locs && (entry.finallyLoc = locs[2], entry.afterLoc = locs[3]), this.tryEntries.push(entry);
-  }
-  function resetTryEntry(entry) {
-    var record = entry.completion || {};
-    record.type = "normal", delete record.arg, entry.completion = record;
-  }
-  function Context(tryLocsList) {
-    this.tryEntries = [{
-      tryLoc: "root"
-    }], tryLocsList.forEach(pushTryEntry, this), this.reset(!0);
-  }
-  function values(iterable) {
-    if (iterable) {
-      var iteratorMethod = iterable[iteratorSymbol];
-      if (iteratorMethod) return iteratorMethod.call(iterable);
-      if ("function" == typeof iterable.next) return iterable;
-      if (!isNaN(iterable.length)) {
-        var i = -1,
-          next = function next() {
-            for (; ++i < iterable.length;) if (hasOwn.call(iterable, i)) return next.value = iterable[i], next.done = !1, next;
-            return next.value = undefined, next.done = !0, next;
-          };
-        return next.next = next;
-      }
-    }
-    return {
-      next: doneResult
-    };
-  }
-  function doneResult() {
-    return {
-      value: undefined,
-      done: !0
-    };
-  }
-  return GeneratorFunction.prototype = GeneratorFunctionPrototype, defineProperty(Gp, "constructor", {
-    value: GeneratorFunctionPrototype,
-    configurable: !0
-  }), defineProperty(GeneratorFunctionPrototype, "constructor", {
-    value: GeneratorFunction,
-    configurable: !0
-  }), GeneratorFunction.displayName = define(GeneratorFunctionPrototype, toStringTagSymbol, "GeneratorFunction"), exports.isGeneratorFunction = function (genFun) {
-    var ctor = "function" == typeof genFun && genFun.constructor;
-    return !!ctor && (ctor === GeneratorFunction || "GeneratorFunction" === (ctor.displayName || ctor.name));
-  }, exports.mark = function (genFun) {
-    return Object.setPrototypeOf ? Object.setPrototypeOf(genFun, GeneratorFunctionPrototype) : (genFun.__proto__ = GeneratorFunctionPrototype, define(genFun, toStringTagSymbol, "GeneratorFunction")), genFun.prototype = Object.create(Gp), genFun;
-  }, exports.awrap = function (arg) {
-    return {
-      __await: arg
-    };
-  }, defineIteratorMethods(AsyncIterator.prototype), define(AsyncIterator.prototype, asyncIteratorSymbol, function () {
-    return this;
-  }), exports.AsyncIterator = AsyncIterator, exports.async = function (innerFn, outerFn, self, tryLocsList, PromiseImpl) {
-    void 0 === PromiseImpl && (PromiseImpl = Promise);
-    var iter = new AsyncIterator(wrap(innerFn, outerFn, self, tryLocsList), PromiseImpl);
-    return exports.isGeneratorFunction(outerFn) ? iter : iter.next().then(function (result) {
-      return result.done ? result.value : iter.next();
-    });
-  }, defineIteratorMethods(Gp), define(Gp, toStringTagSymbol, "Generator"), define(Gp, iteratorSymbol, function () {
-    return this;
-  }), define(Gp, "toString", function () {
-    return "[object Generator]";
-  }), exports.keys = function (val) {
-    var object = Object(val),
-      keys = [];
-    for (var key in object) keys.push(key);
-    return keys.reverse(), function next() {
-      for (; keys.length;) {
-        var key = keys.pop();
-        if (key in object) return next.value = key, next.done = !1, next;
-      }
-      return next.done = !0, next;
-    };
-  }, exports.values = values, Context.prototype = {
-    constructor: Context,
-    reset: function reset(skipTempReset) {
-      if (this.prev = 0, this.next = 0, this.sent = this._sent = undefined, this.done = !1, this.delegate = null, this.method = "next", this.arg = undefined, this.tryEntries.forEach(resetTryEntry), !skipTempReset) for (var name in this) "t" === name.charAt(0) && hasOwn.call(this, name) && !isNaN(+name.slice(1)) && (this[name] = undefined);
-    },
-    stop: function stop() {
-      this.done = !0;
-      var rootRecord = this.tryEntries[0].completion;
-      if ("throw" === rootRecord.type) throw rootRecord.arg;
-      return this.rval;
-    },
-    dispatchException: function dispatchException(exception) {
-      if (this.done) throw exception;
-      var context = this;
-      function handle(loc, caught) {
-        return record.type = "throw", record.arg = exception, context.next = loc, caught && (context.method = "next", context.arg = undefined), !!caught;
-      }
-      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
-        var entry = this.tryEntries[i],
-          record = entry.completion;
-        if ("root" === entry.tryLoc) return handle("end");
-        if (entry.tryLoc <= this.prev) {
-          var hasCatch = hasOwn.call(entry, "catchLoc"),
-            hasFinally = hasOwn.call(entry, "finallyLoc");
-          if (hasCatch && hasFinally) {
-            if (this.prev < entry.catchLoc) return handle(entry.catchLoc, !0);
-            if (this.prev < entry.finallyLoc) return handle(entry.finallyLoc);
-          } else if (hasCatch) {
-            if (this.prev < entry.catchLoc) return handle(entry.catchLoc, !0);
-          } else {
-            if (!hasFinally) throw new Error("try statement without catch or finally");
-            if (this.prev < entry.finallyLoc) return handle(entry.finallyLoc);
-          }
-        }
-      }
-    },
-    abrupt: function abrupt(type, arg) {
-      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
-        var entry = this.tryEntries[i];
-        if (entry.tryLoc <= this.prev && hasOwn.call(entry, "finallyLoc") && this.prev < entry.finallyLoc) {
-          var finallyEntry = entry;
-          break;
-        }
-      }
-      finallyEntry && ("break" === type || "continue" === type) && finallyEntry.tryLoc <= arg && arg <= finallyEntry.finallyLoc && (finallyEntry = null);
-      var record = finallyEntry ? finallyEntry.completion : {};
-      return record.type = type, record.arg = arg, finallyEntry ? (this.method = "next", this.next = finallyEntry.finallyLoc, ContinueSentinel) : this.complete(record);
-    },
-    complete: function complete(record, afterLoc) {
-      if ("throw" === record.type) throw record.arg;
-      return "break" === record.type || "continue" === record.type ? this.next = record.arg : "return" === record.type ? (this.rval = this.arg = record.arg, this.method = "return", this.next = "end") : "normal" === record.type && afterLoc && (this.next = afterLoc), ContinueSentinel;
-    },
-    finish: function finish(finallyLoc) {
-      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
-        var entry = this.tryEntries[i];
-        if (entry.finallyLoc === finallyLoc) return this.complete(entry.completion, entry.afterLoc), resetTryEntry(entry), ContinueSentinel;
-      }
-    },
-    "catch": function _catch(tryLoc) {
-      for (var i = this.tryEntries.length - 1; i >= 0; --i) {
-        var entry = this.tryEntries[i];
-        if (entry.tryLoc === tryLoc) {
-          var record = entry.completion;
-          if ("throw" === record.type) {
-            var thrown = record.arg;
-            resetTryEntry(entry);
-          }
-          return thrown;
-        }
-      }
-      throw new Error("illegal catch attempt");
-    },
-    delegateYield: function delegateYield(iterable, resultName, nextLoc) {
-      return this.delegate = {
-        iterator: values(iterable),
-        resultName: resultName,
-        nextLoc: nextLoc
-      }, "next" === this.method && (this.arg = undefined), ContinueSentinel;
-    }
-  }, exports;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js
-function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
-  try {
-    var info = gen[key](arg);
-    var value = info.value;
-  } catch (error) {
-    reject(error);
-    return;
-  }
-  if (info.done) {
-    resolve(value);
-  } else {
-    Promise.resolve(value).then(_next, _throw);
-  }
-}
-function asyncToGenerator_asyncToGenerator(fn) {
-  return function () {
-    var self = this,
-      args = arguments;
-    return new Promise(function (resolve, reject) {
-      var gen = fn.apply(self, args);
-      function _next(value) {
-        asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
-      }
-      function _throw(err) {
-        asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
-      }
-      _next(undefined);
-    });
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/defineProperty.js
-
-function defineProperty_defineProperty(obj, key, value) {
-  key = _toPropertyKey(key);
-  if (key in obj) {
-    Object.defineProperty(obj, key, {
-      value: value,
-      enumerable: true,
-      configurable: true,
-      writable: true
-    });
-  } else {
-    obj[key] = value;
-  }
-  return obj;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/isNativeFunction.js
-function _isNativeFunction(fn) {
-  return Function.toString.call(fn).indexOf("[native code]") !== -1;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/construct.js
-
-
-function _construct(Parent, args, Class) {
-  if (_isNativeReflectConstruct()) {
-    _construct = Reflect.construct.bind();
-  } else {
-    _construct = function _construct(Parent, args, Class) {
-      var a = [null];
-      a.push.apply(a, args);
-      var Constructor = Function.bind.apply(Parent, a);
-      var instance = new Constructor();
-      if (Class) _setPrototypeOf(instance, Class.prototype);
-      return instance;
-    };
-  }
-  return _construct.apply(null, arguments);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/wrapNativeSuper.js
-
-
-
-
-function _wrapNativeSuper(Class) {
-  var _cache = typeof Map === "function" ? new Map() : undefined;
-  _wrapNativeSuper = function _wrapNativeSuper(Class) {
-    if (Class === null || !_isNativeFunction(Class)) return Class;
-    if (typeof Class !== "function") {
-      throw new TypeError("Super expression must either be null or a function");
-    }
-    if (typeof _cache !== "undefined") {
-      if (_cache.has(Class)) return _cache.get(Class);
-      _cache.set(Class, Wrapper);
-    }
-    function Wrapper() {
-      return _construct(Class, arguments, _getPrototypeOf(this).constructor);
-    }
-    Wrapper.prototype = Object.create(Class.prototype, {
-      constructor: {
-        value: Wrapper,
-        enumerable: false,
-        writable: true,
-        configurable: true
-      }
-    });
-    return _setPrototypeOf(Wrapper, Class);
-  };
-  return _wrapNativeSuper(Class);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/iterableToArray.js
-function _iterableToArray(iter) {
-  if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toArray.js
-
-
-
-
-function _toArray(arr) {
-  return _arrayWithHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableRest();
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/createForOfIteratorHelper.js
-
-function createForOfIteratorHelper_createForOfIteratorHelper(o, allowArrayLike) {
-  var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"];
-  if (!it) {
-    if (Array.isArray(o) || (it = _unsupportedIterableToArray(o)) || allowArrayLike && o && typeof o.length === "number") {
-      if (it) o = it;
-      var i = 0;
-      var F = function F() {};
-      return {
-        s: F,
-        n: function n() {
-          if (i >= o.length) return {
-            done: true
-          };
-          return {
-            done: false,
-            value: o[i++]
-          };
-        },
-        e: function e(_e) {
-          throw _e;
-        },
-        f: F
-      };
-    }
-    throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
-  }
-  var normalCompletion = true,
-    didErr = false,
-    err;
-  return {
-    s: function s() {
-      it = it.call(o);
-    },
-    n: function n() {
-      var step = it.next();
-      normalCompletion = step.done;
-      return step;
-    },
-    e: function e(_e2) {
-      didErr = true;
-      err = _e2;
-    },
-    f: function f() {
-      try {
-        if (!normalCompletion && it["return"] != null) it["return"]();
-      } finally {
-        if (didErr) throw err;
-      }
-    }
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/arrayWithoutHoles.js
-
-function _arrayWithoutHoles(arr) {
-  if (Array.isArray(arr)) return _arrayLikeToArray(arr);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/nonIterableSpread.js
-function _nonIterableSpread() {
-  throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/toConsumableArray.js
-
-
-
-
-function toConsumableArray_toConsumableArray(arr) {
-  return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread();
-}
-;// CONCATENATED MODULE: ./node_modules/@remix-run/router/dist/router.js
-
-
-
-
-
-
-
-
-
-
-
-
-/**
- * @remix-run/router v1.6.3
- *
- * Copyright (c) Remix Software Inc.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE.md file in the root directory of this source tree.
- *
- * @license MIT
- */
-function router_extends() {
-  router_extends = Object.assign ? Object.assign.bind() : function (target) {
-    for (var i = 1; i < arguments.length; i++) {
-      var source = arguments[i];
-      for (var key in source) {
-        if (Object.prototype.hasOwnProperty.call(source, key)) {
-          target[key] = source[key];
-        }
-      }
-    }
-    return target;
-  };
-  return router_extends.apply(this, arguments);
-}
-
-////////////////////////////////////////////////////////////////////////////////
-//#region Types and Constants
-////////////////////////////////////////////////////////////////////////////////
-/**
- * Actions represent the type of change to a location value.
- */
-var Action;
-(function (Action) {
-  /**
-   * A POP indicates a change to an arbitrary index in the history stack, such
-   * as a back or forward navigation. It does not describe the direction of the
-   * navigation, only that the current index changed.
-   *
-   * Note: This is the default action for newly created history objects.
-   */
-  Action["Pop"] = "POP";
-  /**
-   * A PUSH indicates a new entry being added to the history stack, such as when
-   * a link is clicked and a new page loads. When this happens, all subsequent
-   * entries in the stack are lost.
-   */
-  Action["Push"] = "PUSH";
-  /**
-   * A REPLACE indicates the entry at the current index in the history stack
-   * being replaced by a new one.
-   */
-  Action["Replace"] = "REPLACE";
-})(Action || (Action = {}));
-var PopStateEventType = "popstate";
-/**
- * Memory history stores the current location in memory. It is designed for use
- * in stateful non-browser environments like tests and React Native.
- */
-function router_createMemoryHistory(options) {
-  if (options === void 0) {
-    options = {};
-  }
-  var _options = options,
-    _options$initialEntri = _options.initialEntries,
-    initialEntries = _options$initialEntri === void 0 ? ["/"] : _options$initialEntri,
-    initialIndex = _options.initialIndex,
-    _options$v5Compat = _options.v5Compat,
-    v5Compat = _options$v5Compat === void 0 ? false : _options$v5Compat;
-  var entries; // Declare so we can access from createMemoryLocation
-  entries = initialEntries.map(function (entry, index) {
-    return createMemoryLocation(entry, typeof entry === "string" ? null : entry.state, index === 0 ? "default" : undefined);
-  });
-  var index = clampIndex(initialIndex == null ? entries.length - 1 : initialIndex);
-  var action = Action.Pop;
-  var listener = null;
-  function clampIndex(n) {
-    return Math.min(Math.max(n, 0), entries.length - 1);
-  }
-  function getCurrentLocation() {
-    return entries[index];
-  }
-  function createMemoryLocation(to, state, key) {
-    if (state === void 0) {
-      state = null;
-    }
-    var location = createLocation(entries ? getCurrentLocation().pathname : "/", to, state, key);
-    warning(location.pathname.charAt(0) === "/", "relative pathnames are not supported in memory history: " + JSON.stringify(to));
-    return location;
-  }
-  function createHref(to) {
-    return typeof to === "string" ? to : router_createPath(to);
-  }
-  var history = {
-    get index() {
-      return index;
-    },
-    get action() {
-      return action;
-    },
-    get location() {
-      return getCurrentLocation();
-    },
-    createHref: createHref,
-    createURL: function createURL(to) {
-      return new URL(createHref(to), "http://localhost");
-    },
-    encodeLocation: function encodeLocation(to) {
-      var path = typeof to === "string" ? parsePath(to) : to;
-      return {
-        pathname: path.pathname || "",
-        search: path.search || "",
-        hash: path.hash || ""
-      };
-    },
-    push: function push(to, state) {
-      action = Action.Push;
-      var nextLocation = createMemoryLocation(to, state);
-      index += 1;
-      entries.splice(index, entries.length, nextLocation);
-      if (v5Compat && listener) {
-        listener({
-          action: action,
-          location: nextLocation,
-          delta: 1
-        });
-      }
-    },
-    replace: function replace(to, state) {
-      action = Action.Replace;
-      var nextLocation = createMemoryLocation(to, state);
-      entries[index] = nextLocation;
-      if (v5Compat && listener) {
-        listener({
-          action: action,
-          location: nextLocation,
-          delta: 0
-        });
-      }
-    },
-    go: function go(delta) {
-      action = Action.Pop;
-      var nextIndex = clampIndex(index + delta);
-      var nextLocation = entries[nextIndex];
-      index = nextIndex;
-      if (listener) {
-        listener({
-          action: action,
-          location: nextLocation,
-          delta: delta
-        });
-      }
-    },
-    listen: function listen(fn) {
-      listener = fn;
-      return function () {
-        listener = null;
-      };
-    }
-  };
-  return history;
-}
-/**
- * Browser history stores the location in regular URLs. This is the standard for
- * most web apps, but it requires some configuration on the server to ensure you
- * serve the same app at multiple URLs.
- *
- * @see https://github.com/remix-run/history/tree/main/docs/api-reference.md#createbrowserhistory
- */
-function router_createBrowserHistory(options) {
-  if (options === void 0) {
-    options = {};
-  }
-  function createBrowserLocation(window, globalHistory) {
-    var _window$location = window.location,
-      pathname = _window$location.pathname,
-      search = _window$location.search,
-      hash = _window$location.hash;
-    return createLocation("", {
-      pathname: pathname,
-      search: search,
-      hash: hash
-    },
-    // state defaults to `null` because `window.history.state` does
-    globalHistory.state && globalHistory.state.usr || null, globalHistory.state && globalHistory.state.key || "default");
-  }
-  function createBrowserHref(window, to) {
-    return typeof to === "string" ? to : router_createPath(to);
-  }
-  return getUrlBasedHistory(createBrowserLocation, createBrowserHref, null, options);
-}
-/**
- * Hash history stores the location in window.location.hash. This makes it ideal
- * for situations where you don't want to send the location to the server for
- * some reason, either because you do cannot configure it or the URL space is
- * reserved for something else.
- *
- * @see https://github.com/remix-run/history/tree/main/docs/api-reference.md#createhashhistory
- */
-function router_createHashHistory(options) {
-  if (options === void 0) {
-    options = {};
-  }
-  function createHashLocation(window, globalHistory) {
-    var _parsePath = parsePath(window.location.hash.substr(1)),
-      _parsePath$pathname = _parsePath.pathname,
-      pathname = _parsePath$pathname === void 0 ? "/" : _parsePath$pathname,
-      _parsePath$search = _parsePath.search,
-      search = _parsePath$search === void 0 ? "" : _parsePath$search,
-      _parsePath$hash = _parsePath.hash,
-      hash = _parsePath$hash === void 0 ? "" : _parsePath$hash;
-    return createLocation("", {
-      pathname: pathname,
-      search: search,
-      hash: hash
-    },
-    // state defaults to `null` because `window.history.state` does
-    globalHistory.state && globalHistory.state.usr || null, globalHistory.state && globalHistory.state.key || "default");
-  }
-  function createHashHref(window, to) {
-    var base = window.document.querySelector("base");
-    var href = "";
-    if (base && base.getAttribute("href")) {
-      var url = window.location.href;
-      var hashIndex = url.indexOf("#");
-      href = hashIndex === -1 ? url : url.slice(0, hashIndex);
-    }
-    return href + "#" + (typeof to === "string" ? to : router_createPath(to));
-  }
-  function validateHashLocation(location, to) {
-    warning(location.pathname.charAt(0) === "/", "relative pathnames are not supported in hash history.push(" + JSON.stringify(to) + ")");
-  }
-  return getUrlBasedHistory(createHashLocation, createHashHref, validateHashLocation, options);
-}
-function invariant(value, message) {
-  if (value === false || value === null || typeof value === "undefined") {
-    throw new Error(message);
-  }
-}
-function warning(cond, message) {
-  if (!cond) {
-    // eslint-disable-next-line no-console
-    if (typeof console !== "undefined") console.warn(message);
-    try {
-      // Welcome to debugging history!
-      //
-      // This error is thrown as a convenience so you can more easily
-      // find the source for a warning that appears in the console by
-      // enabling "pause on exceptions" in your JavaScript debugger.
-      throw new Error(message);
-      // eslint-disable-next-line no-empty
-    } catch (e) {}
-  }
-}
-function createKey() {
-  return Math.random().toString(36).substr(2, 8);
-}
-/**
- * For browser-based histories, we combine the state and key into an object
- */
-function getHistoryState(location, index) {
-  return {
-    usr: location.state,
-    key: location.key,
-    idx: index
-  };
-}
-/**
- * Creates a Location object with a unique key from the given Path
- */
-function createLocation(current, to, state, key) {
-  if (state === void 0) {
-    state = null;
-  }
-  var location = router_extends({
-    pathname: typeof current === "string" ? current : current.pathname,
-    search: "",
-    hash: ""
-  }, typeof to === "string" ? parsePath(to) : to, {
-    state: state,
-    // TODO: This could be cleaned up.  push/replace should probably just take
-    // full Locations now and avoid the need to run through this flow at all
-    // But that's a pretty big refactor to the current test suite so going to
-    // keep as is for the time being and just let any incoming keys take precedence
-    key: to && to.key || key || createKey()
-  });
-  return location;
-}
-/**
- * Creates a string URL path from the given pathname, search, and hash components.
- */
-function router_createPath(_ref) {
-  var _ref$pathname = _ref.pathname,
-    pathname = _ref$pathname === void 0 ? "/" : _ref$pathname,
-    _ref$search = _ref.search,
-    search = _ref$search === void 0 ? "" : _ref$search,
-    _ref$hash = _ref.hash,
-    hash = _ref$hash === void 0 ? "" : _ref$hash;
-  if (search && search !== "?") pathname += search.charAt(0) === "?" ? search : "?" + search;
-  if (hash && hash !== "#") pathname += hash.charAt(0) === "#" ? hash : "#" + hash;
-  return pathname;
-}
-/**
- * Parses a string URL path into its separate pathname, search, and hash components.
- */
-function parsePath(path) {
-  var parsedPath = {};
-  if (path) {
-    var hashIndex = path.indexOf("#");
-    if (hashIndex >= 0) {
-      parsedPath.hash = path.substr(hashIndex);
-      path = path.substr(0, hashIndex);
-    }
-    var searchIndex = path.indexOf("?");
-    if (searchIndex >= 0) {
-      parsedPath.search = path.substr(searchIndex);
-      path = path.substr(0, searchIndex);
-    }
-    if (path) {
-      parsedPath.pathname = path;
-    }
-  }
-  return parsedPath;
-}
-function getUrlBasedHistory(getLocation, _createHref, validateLocation, options) {
-  if (options === void 0) {
-    options = {};
-  }
-  var _options2 = options,
-    _options2$window = _options2.window,
-    window = _options2$window === void 0 ? document.defaultView : _options2$window,
-    _options2$v5Compat = _options2.v5Compat,
-    v5Compat = _options2$v5Compat === void 0 ? false : _options2$v5Compat;
-  var globalHistory = window.history;
-  var action = Action.Pop;
-  var listener = null;
-  var index = getIndex();
-  // Index should only be null when we initialize. If not, it's because the
-  // user called history.pushState or history.replaceState directly, in which
-  // case we should log a warning as it will result in bugs.
-  if (index == null) {
-    index = 0;
-    globalHistory.replaceState(router_extends({}, globalHistory.state, {
-      idx: index
-    }), "");
-  }
-  function getIndex() {
-    var state = globalHistory.state || {
-      idx: null
-    };
-    return state.idx;
-  }
-  function handlePop() {
-    action = Action.Pop;
-    var nextIndex = getIndex();
-    var delta = nextIndex == null ? null : nextIndex - index;
-    index = nextIndex;
-    if (listener) {
-      listener({
-        action: action,
-        location: history.location,
-        delta: delta
-      });
-    }
-  }
-  function push(to, state) {
-    action = Action.Push;
-    var location = createLocation(history.location, to, state);
-    if (validateLocation) validateLocation(location, to);
-    index = getIndex() + 1;
-    var historyState = getHistoryState(location, index);
-    var url = history.createHref(location);
-    // try...catch because iOS limits us to 100 pushState calls :/
-    try {
-      globalHistory.pushState(historyState, "", url);
-    } catch (error) {
-      // If the exception is because `state` can't be serialized, let that throw
-      // outwards just like a replace call would so the dev knows the cause
-      // https://html.spec.whatwg.org/multipage/nav-history-apis.html#shared-history-push/replace-state-steps
-      // https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal
-      if (error instanceof DOMException && error.name === "DataCloneError") {
-        throw error;
-      }
-      // They are going to lose state here, but there is no real
-      // way to warn them about it since the page will refresh...
-      window.location.assign(url);
-    }
-    if (v5Compat && listener) {
-      listener({
-        action: action,
-        location: history.location,
-        delta: 1
-      });
-    }
-  }
-  function replace(to, state) {
-    action = Action.Replace;
-    var location = createLocation(history.location, to, state);
-    if (validateLocation) validateLocation(location, to);
-    index = getIndex();
-    var historyState = getHistoryState(location, index);
-    var url = history.createHref(location);
-    globalHistory.replaceState(historyState, "", url);
-    if (v5Compat && listener) {
-      listener({
-        action: action,
-        location: history.location,
-        delta: 0
-      });
-    }
-  }
-  function createURL(to) {
-    // window.location.origin is "null" (the literal string value) in Firefox
-    // under certain conditions, notably when serving from a local HTML file
-    // See https://bugzilla.mozilla.org/show_bug.cgi?id=878297
-    var base = window.location.origin !== "null" ? window.location.origin : window.location.href;
-    var href = typeof to === "string" ? to : router_createPath(to);
-    invariant(base, "No window.location.(origin|href) available to create URL for href: " + href);
-    return new URL(href, base);
-  }
-  var history = {
-    get action() {
-      return action;
-    },
-    get location() {
-      return getLocation(window, globalHistory);
-    },
-    listen: function listen(fn) {
-      if (listener) {
-        throw new Error("A history only accepts one active listener");
-      }
-      window.addEventListener(PopStateEventType, handlePop);
-      listener = fn;
-      return function () {
-        window.removeEventListener(PopStateEventType, handlePop);
-        listener = null;
-      };
-    },
-    createHref: function createHref(to) {
-      return _createHref(window, to);
-    },
-    createURL: createURL,
-    encodeLocation: function encodeLocation(to) {
-      // Encode a Location the same way window.location would
-      var url = createURL(to);
-      return {
-        pathname: url.pathname,
-        search: url.search,
-        hash: url.hash
-      };
-    },
-    push: push,
-    replace: replace,
-    go: function go(n) {
-      return globalHistory.go(n);
-    }
-  };
-  return history;
-}
-//#endregion
-
-var ResultType;
-(function (ResultType) {
-  ResultType["data"] = "data";
-  ResultType["deferred"] = "deferred";
-  ResultType["redirect"] = "redirect";
-  ResultType["error"] = "error";
-})(ResultType || (ResultType = {}));
-var immutableRouteKeys = new Set(["lazy", "caseSensitive", "path", "id", "index", "children"]);
-function isIndexRoute(route) {
-  return route.index === true;
-}
-// Walk the route tree generating unique IDs where necessary so we are working
-// solely with AgnosticDataRouteObject's within the Router
-function convertRoutesToDataRoutes(routes, mapRouteProperties, parentPath, manifest) {
-  if (parentPath === void 0) {
-    parentPath = [];
-  }
-  if (manifest === void 0) {
-    manifest = {};
-  }
-  return routes.map(function (route, index) {
-    var treePath = [].concat(toConsumableArray_toConsumableArray(parentPath), [index]);
-    var id = typeof route.id === "string" ? route.id : treePath.join("-");
-    invariant(route.index !== true || !route.children, "Cannot specify children on an index route");
-    invariant(!manifest[id], "Found a route id collision on id \"" + id + "\".  Route " + "id's must be globally unique within Data Router usages");
-    if (isIndexRoute(route)) {
-      var indexRoute = router_extends({}, route, mapRouteProperties(route), {
-        id: id
-      });
-      manifest[id] = indexRoute;
-      return indexRoute;
-    } else {
-      var pathOrLayoutRoute = router_extends({}, route, mapRouteProperties(route), {
-        id: id,
-        children: undefined
-      });
-      manifest[id] = pathOrLayoutRoute;
-      if (route.children) {
-        pathOrLayoutRoute.children = convertRoutesToDataRoutes(route.children, mapRouteProperties, treePath, manifest);
-      }
-      return pathOrLayoutRoute;
-    }
-  });
-}
-/**
- * Matches the given routes to a location and returns the match data.
- *
- * @see https://reactrouter.com/utils/match-routes
- */
-function matchRoutes(routes, locationArg, basename) {
-  if (basename === void 0) {
-    basename = "/";
-  }
-  var location = typeof locationArg === "string" ? parsePath(locationArg) : locationArg;
-  var pathname = router_stripBasename(location.pathname || "/", basename);
-  if (pathname == null) {
-    return null;
-  }
-  var branches = flattenRoutes(routes);
-  rankRouteBranches(branches);
-  var matches = null;
-  for (var i = 0; matches == null && i < branches.length; ++i) {
-    matches = matchRouteBranch(branches[i],
-    // Incoming pathnames are generally encoded from either window.location
-    // or from router.navigate, but we want to match against the unencoded
-    // paths in the route definitions.  Memory router locations won't be
-    // encoded here but there also shouldn't be anything to decode so this
-    // should be a safe operation.  This avoids needing matchRoutes to be
-    // history-aware.
-    safelyDecodeURI(pathname));
-  }
-  return matches;
-}
-function flattenRoutes(routes, branches, parentsMeta, parentPath) {
-  if (branches === void 0) {
-    branches = [];
-  }
-  if (parentsMeta === void 0) {
-    parentsMeta = [];
-  }
-  if (parentPath === void 0) {
-    parentPath = "";
-  }
-  var flattenRoute = function flattenRoute(route, index, relativePath) {
-    var meta = {
-      relativePath: relativePath === undefined ? route.path || "" : relativePath,
-      caseSensitive: route.caseSensitive === true,
-      childrenIndex: index,
-      route: route
-    };
-    if (meta.relativePath.startsWith("/")) {
-      invariant(meta.relativePath.startsWith(parentPath), "Absolute route path \"" + meta.relativePath + "\" nested under path " + ("\"" + parentPath + "\" is not valid. An absolute child route path ") + "must start with the combined path of all its parent routes.");
-      meta.relativePath = meta.relativePath.slice(parentPath.length);
-    }
-    var path = router_joinPaths([parentPath, meta.relativePath]);
-    var routesMeta = parentsMeta.concat(meta);
-    // Add the children before adding this route to the array so we traverse the
-    // route tree depth-first and child routes appear before their parents in
-    // the "flattened" version.
-    if (route.children && route.children.length > 0) {
-      invariant(
-      // Our types know better, but runtime JS may not!
-      // @ts-expect-error
-      route.index !== true, "Index routes must not have child routes. Please remove " + ("all child routes from route path \"" + path + "\"."));
-      flattenRoutes(route.children, branches, routesMeta, path);
-    }
-    // Routes without a path shouldn't ever match by themselves unless they are
-    // index routes, so don't add them to the list of possible branches.
-    if (route.path == null && !route.index) {
-      return;
-    }
-    branches.push({
-      path: path,
-      score: computeScore(path, route.index),
-      routesMeta: routesMeta
-    });
-  };
-  routes.forEach(function (route, index) {
-    var _route$path;
-    // coarse-grain check for optional params
-    if (route.path === "" || !((_route$path = route.path) != null && _route$path.includes("?"))) {
-      flattenRoute(route, index);
-    } else {
-      var _iterator = createForOfIteratorHelper_createForOfIteratorHelper(explodeOptionalSegments(route.path)),
-        _step;
-      try {
-        for (_iterator.s(); !(_step = _iterator.n()).done;) {
-          var exploded = _step.value;
-          flattenRoute(route, index, exploded);
-        }
-      } catch (err) {
-        _iterator.e(err);
-      } finally {
-        _iterator.f();
-      }
-    }
-  });
-  return branches;
-}
-/**
- * Computes all combinations of optional path segments for a given path,
- * excluding combinations that are ambiguous and of lower priority.
- *
- * For example, `/one/:two?/three/:four?/:five?` explodes to:
- * - `/one/three`
- * - `/one/:two/three`
- * - `/one/three/:four`
- * - `/one/three/:five`
- * - `/one/:two/three/:four`
- * - `/one/:two/three/:five`
- * - `/one/three/:four/:five`
- * - `/one/:two/three/:four/:five`
- */
-function explodeOptionalSegments(path) {
-  var segments = path.split("/");
-  if (segments.length === 0) return [];
-  var _segments = _toArray(segments),
-    first = _segments[0],
-    rest = _segments.slice(1);
-  // Optional path segments are denoted by a trailing `?`
-  var isOptional = first.endsWith("?");
-  // Compute the corresponding required segment: `foo?` -> `foo`
-  var required = first.replace(/\?$/, "");
-  if (rest.length === 0) {
-    // Intepret empty string as omitting an optional segment
-    // `["one", "", "three"]` corresponds to omitting `:two` from `/one/:two?/three` -> `/one/three`
-    return isOptional ? [required, ""] : [required];
-  }
-  var restExploded = explodeOptionalSegments(rest.join("/"));
-  var result = [];
-  // All child paths with the prefix.  Do this for all children before the
-  // optional version for all children so we get consistent ordering where the
-  // parent optional aspect is preferred as required.  Otherwise, we can get
-  // child sections interspersed where deeper optional segments are higher than
-  // parent optional segments, where for example, /:two would explodes _earlier_
-  // then /:one.  By always including the parent as required _for all children_
-  // first, we avoid this issue
-  result.push.apply(result, toConsumableArray_toConsumableArray(restExploded.map(function (subpath) {
-    return subpath === "" ? required : [required, subpath].join("/");
-  })));
-  // Then if this is an optional value, add all child versions without
-  if (isOptional) {
-    result.push.apply(result, toConsumableArray_toConsumableArray(restExploded));
-  }
-  // for absolute paths, ensure `/` instead of empty segment
-  return result.map(function (exploded) {
-    return path.startsWith("/") && exploded === "" ? "/" : exploded;
-  });
-}
-function rankRouteBranches(branches) {
-  branches.sort(function (a, b) {
-    return a.score !== b.score ? b.score - a.score // Higher score first
-    : compareIndexes(a.routesMeta.map(function (meta) {
-      return meta.childrenIndex;
-    }), b.routesMeta.map(function (meta) {
-      return meta.childrenIndex;
-    }));
-  });
-}
-var paramRe = /^:\w+$/;
-var dynamicSegmentValue = 3;
-var indexRouteValue = 2;
-var emptySegmentValue = 1;
-var staticSegmentValue = 10;
-var splatPenalty = -2;
-var isSplat = function isSplat(s) {
-  return s === "*";
-};
-function computeScore(path, index) {
-  var segments = path.split("/");
-  var initialScore = segments.length;
-  if (segments.some(isSplat)) {
-    initialScore += splatPenalty;
-  }
-  if (index) {
-    initialScore += indexRouteValue;
-  }
-  return segments.filter(function (s) {
-    return !isSplat(s);
-  }).reduce(function (score, segment) {
-    return score + (paramRe.test(segment) ? dynamicSegmentValue : segment === "" ? emptySegmentValue : staticSegmentValue);
-  }, initialScore);
-}
-function compareIndexes(a, b) {
-  var siblings = a.length === b.length && a.slice(0, -1).every(function (n, i) {
-    return n === b[i];
-  });
-  return siblings ?
-  // If two routes are siblings, we should try to match the earlier sibling
-  // first. This allows people to have fine-grained control over the matching
-  // behavior by simply putting routes with identical paths in the order they
-  // want them tried.
-  a[a.length - 1] - b[b.length - 1] :
-  // Otherwise, it doesn't really make sense to rank non-siblings by index,
-  // so they sort equally.
-  0;
-}
-function matchRouteBranch(branch, pathname) {
-  var routesMeta = branch.routesMeta;
-  var matchedParams = {};
-  var matchedPathname = "/";
-  var matches = [];
-  for (var i = 0; i < routesMeta.length; ++i) {
-    var meta = routesMeta[i];
-    var end = i === routesMeta.length - 1;
-    var remainingPathname = matchedPathname === "/" ? pathname : pathname.slice(matchedPathname.length) || "/";
-    var match = router_matchPath({
-      path: meta.relativePath,
-      caseSensitive: meta.caseSensitive,
-      end: end
-    }, remainingPathname);
-    if (!match) return null;
-    Object.assign(matchedParams, match.params);
-    var route = meta.route;
-    matches.push({
-      // TODO: Can this as be avoided?
-      params: matchedParams,
-      pathname: router_joinPaths([matchedPathname, match.pathname]),
-      pathnameBase: normalizePathname(router_joinPaths([matchedPathname, match.pathnameBase])),
-      route: route
-    });
-    if (match.pathnameBase !== "/") {
-      matchedPathname = router_joinPaths([matchedPathname, match.pathnameBase]);
-    }
-  }
-  return matches;
-}
-/**
- * Returns a path with params interpolated.
- *
- * @see https://reactrouter.com/utils/generate-path
- */
-function generatePath(originalPath, params) {
-  if (params === void 0) {
-    params = {};
-  }
-  var path = originalPath;
-  if (path.endsWith("*") && path !== "*" && !path.endsWith("/*")) {
-    warning(false, "Route path \"" + path + "\" will be treated as if it were " + ("\"" + path.replace(/\*$/, "/*") + "\" because the `*` character must ") + "always follow a `/` in the pattern. To get rid of this warning, " + ("please change the route path to \"" + path.replace(/\*$/, "/*") + "\"."));
-    path = path.replace(/\*$/, "/*");
-  }
-  // ensure `/` is added at the beginning if the path is absolute
-  var prefix = path.startsWith("/") ? "/" : "";
-  var segments = path.split(/\/+/).map(function (segment, index, array) {
-    var isLastSegment = index === array.length - 1;
-    // only apply the splat if it's the last segment
-    if (isLastSegment && segment === "*") {
-      var star = "*";
-      var starParam = params[star];
-      // Apply the splat
-      return starParam;
-    }
-    var keyMatch = segment.match(/^:(\w+)(\??)$/);
-    if (keyMatch) {
-      var _keyMatch = _slicedToArray(keyMatch, 3),
-        key = _keyMatch[1],
-        optional = _keyMatch[2];
-      var param = params[key];
-      if (optional === "?") {
-        return param == null ? "" : param;
-      }
-      if (param == null) {
-        invariant(false, "Missing \":" + key + "\" param");
-      }
-      return param;
-    }
-    // Remove any optional markers from optional static segments
-    return segment.replace(/\?$/g, "");
-  })
-  // Remove empty segments
-  .filter(function (segment) {
-    return !!segment;
-  });
-  return prefix + segments.join("/");
-}
-/**
- * Performs pattern matching on a URL pathname and returns information about
- * the match.
- *
- * @see https://reactrouter.com/utils/match-path
- */
-function router_matchPath(pattern, pathname) {
-  if (typeof pattern === "string") {
-    pattern = {
-      path: pattern,
-      caseSensitive: false,
-      end: true
-    };
-  }
-  var _compilePath = compilePath(pattern.path, pattern.caseSensitive, pattern.end),
-    _compilePath2 = slicedToArray_slicedToArray(_compilePath, 2),
-    matcher = _compilePath2[0],
-    paramNames = _compilePath2[1];
-  var match = pathname.match(matcher);
-  if (!match) return null;
-  var matchedPathname = match[0];
-  var pathnameBase = matchedPathname.replace(/(.)\/+$/, "$1");
-  var captureGroups = match.slice(1);
-  var params = paramNames.reduce(function (memo, paramName, index) {
-    // We need to compute the pathnameBase here using the raw splat value
-    // instead of using params["*"] later because it will be decoded then
-    if (paramName === "*") {
-      var splatValue = captureGroups[index] || "";
-      pathnameBase = matchedPathname.slice(0, matchedPathname.length - splatValue.length).replace(/(.)\/+$/, "$1");
-    }
-    memo[paramName] = safelyDecodeURIComponent(captureGroups[index] || "", paramName);
-    return memo;
-  }, {});
-  return {
-    params: params,
-    pathname: matchedPathname,
-    pathnameBase: pathnameBase,
-    pattern: pattern
-  };
-}
-function compilePath(path, caseSensitive, end) {
-  if (caseSensitive === void 0) {
-    caseSensitive = false;
-  }
-  if (end === void 0) {
-    end = true;
-  }
-  warning(path === "*" || !path.endsWith("*") || path.endsWith("/*"), "Route path \"" + path + "\" will be treated as if it were " + ("\"" + path.replace(/\*$/, "/*") + "\" because the `*` character must ") + "always follow a `/` in the pattern. To get rid of this warning, " + ("please change the route path to \"" + path.replace(/\*$/, "/*") + "\"."));
-  var paramNames = [];
-  var regexpSource = "^" + path.replace(/\/*\*?$/, "") // Ignore trailing / and /*, we'll handle it below
-  .replace(/^\/*/, "/") // Make sure it has a leading /
-  .replace(/[\\.*+^$?{}|()[\]]/g, "\\$&") // Escape special regex chars
-  .replace(/\/:(\w+)/g, function (_, paramName) {
-    paramNames.push(paramName);
-    return "/([^\\/]+)";
-  });
-  if (path.endsWith("*")) {
-    paramNames.push("*");
-    regexpSource += path === "*" || path === "/*" ? "(.*)$" // Already matched the initial /, just match the rest
-    : "(?:\\/(.+)|\\/*)$"; // Don't include the / in params["*"]
-  } else if (end) {
-    // When matching to the end, ignore trailing slashes
-    regexpSource += "\\/*$";
-  } else if (path !== "" && path !== "/") {
-    // If our path is non-empty and contains anything beyond an initial slash,
-    // then we have _some_ form of path in our regex so we should expect to
-    // match only if we find the end of this path segment.  Look for an optional
-    // non-captured trailing slash (to match a portion of the URL) or the end
-    // of the path (if we've matched to the end).  We used to do this with a
-    // word boundary but that gives false positives on routes like
-    // /user-preferences since `-` counts as a word boundary.
-    regexpSource += "(?:(?=\\/|$))";
-  } else ;
-  var matcher = new RegExp(regexpSource, caseSensitive ? undefined : "i");
-  return [matcher, paramNames];
-}
-function safelyDecodeURI(value) {
-  try {
-    return decodeURI(value);
-  } catch (error) {
-    warning(false, "The URL path \"" + value + "\" could not be decoded because it is is a " + "malformed URL segment. This is probably due to a bad percent " + ("encoding (" + error + ")."));
-    return value;
-  }
-}
-function safelyDecodeURIComponent(value, paramName) {
-  try {
-    return decodeURIComponent(value);
-  } catch (error) {
-    warning(false, "The value for the URL param \"" + paramName + "\" will not be decoded because" + (" the string \"" + value + "\" is a malformed URL segment. This is probably") + (" due to a bad percent encoding (" + error + ")."));
-    return value;
-  }
-}
-/**
- * @private
- */
-function router_stripBasename(pathname, basename) {
-  if (basename === "/") return pathname;
-  if (!pathname.toLowerCase().startsWith(basename.toLowerCase())) {
-    return null;
-  }
-  // We want to leave trailing slash behavior in the user's control, so if they
-  // specify a basename with a trailing slash, we should support it
-  var startIndex = basename.endsWith("/") ? basename.length - 1 : basename.length;
-  var nextChar = pathname.charAt(startIndex);
-  if (nextChar && nextChar !== "/") {
-    // pathname does not start with basename/
-    return null;
-  }
-  return pathname.slice(startIndex) || "/";
-}
-/**
- * Returns a resolved path object relative to the given pathname.
- *
- * @see https://reactrouter.com/utils/resolve-path
- */
-function resolvePath(to, fromPathname) {
-  if (fromPathname === void 0) {
-    fromPathname = "/";
-  }
-  var _ref3 = typeof to === "string" ? parsePath(to) : to,
-    toPathname = _ref3.pathname,
-    _ref3$search = _ref3.search,
-    search = _ref3$search === void 0 ? "" : _ref3$search,
-    _ref3$hash = _ref3.hash,
-    hash = _ref3$hash === void 0 ? "" : _ref3$hash;
-  var pathname = toPathname ? toPathname.startsWith("/") ? toPathname : resolvePathname(toPathname, fromPathname) : fromPathname;
-  return {
-    pathname: pathname,
-    search: normalizeSearch(search),
-    hash: normalizeHash(hash)
-  };
-}
-function resolvePathname(relativePath, fromPathname) {
-  var segments = fromPathname.replace(/\/+$/, "").split("/");
-  var relativeSegments = relativePath.split("/");
-  relativeSegments.forEach(function (segment) {
-    if (segment === "..") {
-      // Keep the root "" segment so the pathname starts at /
-      if (segments.length > 1) segments.pop();
-    } else if (segment !== ".") {
-      segments.push(segment);
-    }
-  });
-  return segments.length > 1 ? segments.join("/") : "/";
-}
-function getInvalidPathError(char, field, dest, path) {
-  return "Cannot include a '" + char + "' character in a manually specified " + ("`to." + field + "` field [" + JSON.stringify(path) + "].  Please separate it out to the ") + ("`to." + dest + "` field. Alternatively you may provide the full path as ") + "a string in <Link to=\"...\"> and the router will parse it for you.";
-}
-/**
- * @private
- *
- * When processing relative navigation we want to ignore ancestor routes that
- * do not contribute to the path, such that index/pathless layout routes don't
- * interfere.
- *
- * For example, when moving a route element into an index route and/or a
- * pathless layout route, relative link behavior contained within should stay
- * the same.  Both of the following examples should link back to the root:
- *
- *   <Route path="/">
- *     <Route path="accounts" element={<Link to=".."}>
- *   </Route>
- *
- *   <Route path="/">
- *     <Route path="accounts">
- *       <Route element={<AccountsLayout />}>       // <-- Does not contribute
- *         <Route index element={<Link to=".."} />  // <-- Does not contribute
- *       </Route
- *     </Route>
- *   </Route>
- */
-function getPathContributingMatches(matches) {
-  return matches.filter(function (match, index) {
-    return index === 0 || match.route.path && match.route.path.length > 0;
-  });
-}
-/**
- * @private
- */
-function router_resolveTo(toArg, routePathnames, locationPathname, isPathRelative) {
-  if (isPathRelative === void 0) {
-    isPathRelative = false;
-  }
-  var to;
-  if (typeof toArg === "string") {
-    to = parsePath(toArg);
-  } else {
-    to = router_extends({}, toArg);
-    invariant(!to.pathname || !to.pathname.includes("?"), getInvalidPathError("?", "pathname", "search", to));
-    invariant(!to.pathname || !to.pathname.includes("#"), getInvalidPathError("#", "pathname", "hash", to));
-    invariant(!to.search || !to.search.includes("#"), getInvalidPathError("#", "search", "hash", to));
-  }
-  var isEmptyPath = toArg === "" || to.pathname === "";
-  var toPathname = isEmptyPath ? "/" : to.pathname;
-  var from;
-  // Routing is relative to the current pathname if explicitly requested.
-  //
-  // If a pathname is explicitly provided in `to`, it should be relative to the
-  // route context. This is explained in `Note on `<Link to>` values` in our
-  // migration guide from v5 as a means of disambiguation between `to` values
-  // that begin with `/` and those that do not. However, this is problematic for
-  // `to` values that do not provide a pathname. `to` can simply be a search or
-  // hash string, in which case we should assume that the navigation is relative
-  // to the current location's pathname and *not* the route pathname.
-  if (isPathRelative || toPathname == null) {
-    from = locationPathname;
-  } else {
-    var routePathnameIndex = routePathnames.length - 1;
-    if (toPathname.startsWith("..")) {
-      var toSegments = toPathname.split("/");
-      // Each leading .. segment means "go up one route" instead of "go up one
-      // URL segment".  This is a key difference from how <a href> works and a
-      // major reason we call this a "to" value instead of a "href".
-      while (toSegments[0] === "..") {
-        toSegments.shift();
-        routePathnameIndex -= 1;
-      }
-      to.pathname = toSegments.join("/");
-    }
-    // If there are more ".." segments than parent routes, resolve relative to
-    // the root / URL.
-    from = routePathnameIndex >= 0 ? routePathnames[routePathnameIndex] : "/";
-  }
-  var path = resolvePath(to, from);
-  // Ensure the pathname has a trailing slash if the original "to" had one
-  var hasExplicitTrailingSlash = toPathname && toPathname !== "/" && toPathname.endsWith("/");
-  // Or if this was a link to the current path which has a trailing slash
-  var hasCurrentTrailingSlash = (isEmptyPath || toPathname === ".") && locationPathname.endsWith("/");
-  if (!path.pathname.endsWith("/") && (hasExplicitTrailingSlash || hasCurrentTrailingSlash)) {
-    path.pathname += "/";
-  }
-  return path;
-}
-/**
- * @private
- */
-function getToPathname(to) {
-  // Empty strings should be treated the same as / paths
-  return to === "" || to.pathname === "" ? "/" : typeof to === "string" ? parsePath(to).pathname : to.pathname;
-}
-/**
- * @private
- */
-var router_joinPaths = function joinPaths(paths) {
-  return paths.join("/").replace(/\/\/+/g, "/");
-};
-/**
- * @private
- */
-var normalizePathname = function normalizePathname(pathname) {
-  return pathname.replace(/\/+$/, "").replace(/^\/*/, "/");
-};
-/**
- * @private
- */
-var normalizeSearch = function normalizeSearch(search) {
-  return !search || search === "?" ? "" : search.startsWith("?") ? search : "?" + search;
-};
-/**
- * @private
- */
-var normalizeHash = function normalizeHash(hash) {
-  return !hash || hash === "#" ? "" : hash.startsWith("#") ? hash : "#" + hash;
-};
-/**
- * This is a shortcut for creating `application/json` responses. Converts `data`
- * to JSON and sets the `Content-Type` header.
- */
-var json = function json(data, init) {
-  if (init === void 0) {
-    init = {};
-  }
-  var responseInit = typeof init === "number" ? {
-    status: init
-  } : init;
-  var headers = new Headers(responseInit.headers);
-  if (!headers.has("Content-Type")) {
-    headers.set("Content-Type", "application/json; charset=utf-8");
-  }
-  return new Response(JSON.stringify(data), router_extends({}, responseInit, {
-    headers: headers
-  }));
-};
-var AbortedDeferredError = /*#__PURE__*/function (_Error) {
-  _inherits(AbortedDeferredError, _Error);
-  var _super = _createSuper(AbortedDeferredError);
-  function AbortedDeferredError() {
-    classCallCheck_classCallCheck(this, AbortedDeferredError);
-    return _super.apply(this, arguments);
-  }
-  return createClass_createClass(AbortedDeferredError);
-}( /*#__PURE__*/_wrapNativeSuper(Error));
-var DeferredData = /*#__PURE__*/(/* unused pure expression or super */ null && (function () {
-  function DeferredData(data, responseInit) {
-    var _this = this;
-    _classCallCheck(this, DeferredData);
-    this.pendingKeysSet = new Set();
-    this.subscribers = new Set();
-    this.deferredKeys = [];
-    invariant(data && typeof data === "object" && !Array.isArray(data), "defer() only accepts plain objects");
-    // Set up an AbortController + Promise we can race against to exit early
-    // cancellation
-    var reject;
-    this.abortPromise = new Promise(function (_, r) {
-      return reject = r;
-    });
-    this.controller = new AbortController();
-    var onAbort = function onAbort() {
-      return reject(new AbortedDeferredError("Deferred data aborted"));
-    };
-    this.unlistenAbortSignal = function () {
-      return _this.controller.signal.removeEventListener("abort", onAbort);
-    };
-    this.controller.signal.addEventListener("abort", onAbort);
-    this.data = Object.entries(data).reduce(function (acc, _ref) {
-      var _ref4 = _slicedToArray(_ref, 2),
-        key = _ref4[0],
-        value = _ref4[1];
-      return Object.assign(acc, _defineProperty({}, key, _this.trackPromise(key, value)));
-    }, {});
-    if (this.done) {
-      // All incoming values were resolved
-      this.unlistenAbortSignal();
-    }
-    this.init = responseInit;
-  }
-  _createClass(DeferredData, [{
-    key: "trackPromise",
-    value: function trackPromise(key, value) {
-      var _this2 = this;
-      if (!(value instanceof Promise)) {
-        return value;
-      }
-      this.deferredKeys.push(key);
-      this.pendingKeysSet.add(key);
-      // We store a little wrapper promise that will be extended with
-      // _data/_error props upon resolve/reject
-      var promise = Promise.race([value, this.abortPromise]).then(function (data) {
-        return _this2.onSettle(promise, key, null, data);
-      }, function (error) {
-        return _this2.onSettle(promise, key, error);
-      });
-      // Register rejection listeners to avoid uncaught promise rejections on
-      // errors or aborted deferred values
-      promise.catch(function () {});
-      Object.defineProperty(promise, "_tracked", {
-        get: function get() {
-          return true;
-        }
-      });
-      return promise;
-    }
-  }, {
-    key: "onSettle",
-    value: function onSettle(promise, key, error, data) {
-      if (this.controller.signal.aborted && error instanceof AbortedDeferredError) {
-        this.unlistenAbortSignal();
-        Object.defineProperty(promise, "_error", {
-          get: function get() {
-            return error;
-          }
-        });
-        return Promise.reject(error);
-      }
-      this.pendingKeysSet.delete(key);
-      if (this.done) {
-        // Nothing left to abort!
-        this.unlistenAbortSignal();
-      }
-      if (error) {
-        Object.defineProperty(promise, "_error", {
-          get: function get() {
-            return error;
-          }
-        });
-        this.emit(false, key);
-        return Promise.reject(error);
-      }
-      Object.defineProperty(promise, "_data", {
-        get: function get() {
-          return data;
-        }
-      });
-      this.emit(false, key);
-      return data;
-    }
-  }, {
-    key: "emit",
-    value: function emit(aborted, settledKey) {
-      this.subscribers.forEach(function (subscriber) {
-        return subscriber(aborted, settledKey);
-      });
-    }
-  }, {
-    key: "subscribe",
-    value: function subscribe(fn) {
-      var _this3 = this;
-      this.subscribers.add(fn);
-      return function () {
-        return _this3.subscribers.delete(fn);
-      };
-    }
-  }, {
-    key: "cancel",
-    value: function cancel() {
-      var _this4 = this;
-      this.controller.abort();
-      this.pendingKeysSet.forEach(function (v, k) {
-        return _this4.pendingKeysSet.delete(k);
-      });
-      this.emit(true);
-    }
-  }, {
-    key: "resolveData",
-    value: function () {
-      var _resolveData = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee(signal) {
-        var _this5 = this;
-        var aborted, onAbort;
-        return _regeneratorRuntime().wrap(function _callee$(_context) {
-          while (1) switch (_context.prev = _context.next) {
-            case 0:
-              aborted = false;
-              if (this.done) {
-                _context.next = 7;
-                break;
-              }
-              onAbort = function onAbort() {
-                return _this5.cancel();
-              };
-              signal.addEventListener("abort", onAbort);
-              _context.next = 6;
-              return new Promise(function (resolve) {
-                _this5.subscribe(function (aborted) {
-                  signal.removeEventListener("abort", onAbort);
-                  if (aborted || _this5.done) {
-                    resolve(aborted);
-                  }
-                });
-              });
-            case 6:
-              aborted = _context.sent;
-            case 7:
-              return _context.abrupt("return", aborted);
-            case 8:
-            case "end":
-              return _context.stop();
-          }
-        }, _callee, this);
-      }));
-      function resolveData(_x) {
-        return _resolveData.apply(this, arguments);
-      }
-      return resolveData;
-    }()
-  }, {
-    key: "done",
-    get: function get() {
-      return this.pendingKeysSet.size === 0;
-    }
-  }, {
-    key: "unwrappedData",
-    get: function get() {
-      invariant(this.data !== null && this.done, "Can only unwrap data on initialized and settled deferreds");
-      return Object.entries(this.data).reduce(function (acc, _ref2) {
-        var _ref5 = _slicedToArray(_ref2, 2),
-          key = _ref5[0],
-          value = _ref5[1];
-        return Object.assign(acc, _defineProperty({}, key, unwrapTrackedPromise(value)));
-      }, {});
-    }
-  }, {
-    key: "pendingKeys",
-    get: function get() {
-      return Array.from(this.pendingKeysSet);
-    }
-  }]);
-  return DeferredData;
-}()));
-function isTrackedPromise(value) {
-  return value instanceof Promise && value._tracked === true;
-}
-function unwrapTrackedPromise(value) {
-  if (!isTrackedPromise(value)) {
-    return value;
-  }
-  if (value._error) {
-    throw value._error;
-  }
-  return value._data;
-}
-var defer = function defer(data, init) {
-  if (init === void 0) {
-    init = {};
-  }
-  var responseInit = typeof init === "number" ? {
-    status: init
-  } : init;
-  return new DeferredData(data, responseInit);
-};
-/**
- * A redirect response. Sets the status code and the `Location` header.
- * Defaults to "302 Found".
- */
-var redirect = function redirect(url, init) {
-  if (init === void 0) {
-    init = 302;
-  }
-  var responseInit = init;
-  if (typeof responseInit === "number") {
-    responseInit = {
-      status: responseInit
-    };
-  } else if (typeof responseInit.status === "undefined") {
-    responseInit.status = 302;
-  }
-  var headers = new Headers(responseInit.headers);
-  headers.set("Location", url);
-  return new Response(null, router_extends({}, responseInit, {
-    headers: headers
-  }));
-};
-/**
- * @private
- * Utility class we use to hold auto-unwrapped 4xx/5xx Response bodies
- */
-var ErrorResponse = /*#__PURE__*/createClass_createClass(function ErrorResponse(status, statusText, data, internal) {
-  classCallCheck_classCallCheck(this, ErrorResponse);
-  if (internal === void 0) {
-    internal = false;
-  }
-  this.status = status;
-  this.statusText = statusText || "";
-  this.internal = internal;
-  if (data instanceof Error) {
-    this.data = data.toString();
-    this.error = data;
-  } else {
-    this.data = data;
-  }
-});
-/**
- * Check if the given error is an ErrorResponse generated from a 4xx/5xx
- * Response thrown from an action/loader
- */
-function isRouteErrorResponse(error) {
-  return error != null && typeof error.status === "number" && typeof error.statusText === "string" && typeof error.internal === "boolean" && "data" in error;
-}
-var validMutationMethodsArr = ["post", "put", "patch", "delete"];
-var validMutationMethods = new Set(validMutationMethodsArr);
-var validRequestMethodsArr = ["get"].concat(validMutationMethodsArr);
-var validRequestMethods = new Set(validRequestMethodsArr);
-var redirectStatusCodes = new Set([301, 302, 303, 307, 308]);
-var redirectPreserveMethodStatusCodes = new Set([307, 308]);
-var IDLE_NAVIGATION = {
-  state: "idle",
-  location: undefined,
-  formMethod: undefined,
-  formAction: undefined,
-  formEncType: undefined,
-  formData: undefined
-};
-var IDLE_FETCHER = {
-  state: "idle",
-  data: undefined,
-  formMethod: undefined,
-  formAction: undefined,
-  formEncType: undefined,
-  formData: undefined
-};
-var IDLE_BLOCKER = {
-  state: "unblocked",
-  proceed: undefined,
-  reset: undefined,
-  location: undefined
-};
-var ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
-var defaultMapRouteProperties = function defaultMapRouteProperties(route) {
-  return {
-    hasErrorBoundary: Boolean(route.hasErrorBoundary)
-  };
-};
-//#endregion
-////////////////////////////////////////////////////////////////////////////////
-//#region createRouter
-////////////////////////////////////////////////////////////////////////////////
-/**
- * Create a router and listen to history POP navigations
- */
-function router_createRouter(init) {
-  var routerWindow = init.window ? init.window : typeof window !== "undefined" ? window : undefined;
-  var isBrowser = typeof routerWindow !== "undefined" && typeof routerWindow.document !== "undefined" && typeof routerWindow.document.createElement !== "undefined";
-  var isServer = !isBrowser;
-  invariant(init.routes.length > 0, "You must provide a non-empty routes array to createRouter");
-  var mapRouteProperties;
-  if (init.mapRouteProperties) {
-    mapRouteProperties = init.mapRouteProperties;
-  } else if (init.detectErrorBoundary) {
-    // If they are still using the deprecated version, wrap it with the new API
-    var detectErrorBoundary = init.detectErrorBoundary;
-    mapRouteProperties = function mapRouteProperties(route) {
-      return {
-        hasErrorBoundary: detectErrorBoundary(route)
-      };
-    };
-  } else {
-    mapRouteProperties = defaultMapRouteProperties;
-  }
-  // Routes keyed by ID
-  var manifest = {};
-  // Routes in tree format for matching
-  var dataRoutes = convertRoutesToDataRoutes(init.routes, mapRouteProperties, undefined, manifest);
-  var inFlightDataRoutes;
-  var basename = init.basename || "/";
-  // Config driven behavior flags
-  var future = router_extends({
-    v7_normalizeFormMethod: false,
-    v7_prependBasename: false
-  }, init.future);
-  // Cleanup function for history
-  var unlistenHistory = null;
-  // Externally-provided functions to call on all state changes
-  var subscribers = new Set();
-  // Externally-provided object to hold scroll restoration locations during routing
-  var savedScrollPositions = null;
-  // Externally-provided function to get scroll restoration keys
-  var getScrollRestorationKey = null;
-  // Externally-provided function to get current scroll position
-  var getScrollPosition = null;
-  // One-time flag to control the initial hydration scroll restoration.  Because
-  // we don't get the saved positions from <ScrollRestoration /> until _after_
-  // the initial render, we need to manually trigger a separate updateState to
-  // send along the restoreScrollPosition
-  // Set to true if we have `hydrationData` since we assume we were SSR'd and that
-  // SSR did the initial scroll restoration.
-  var initialScrollRestored = init.hydrationData != null;
-  var initialMatches = matchRoutes(dataRoutes, init.history.location, basename);
-  var initialErrors = null;
-  if (initialMatches == null) {
-    // If we do not match a user-provided-route, fall back to the root
-    // to allow the error boundary to take over
-    var error = getInternalRouterError(404, {
-      pathname: init.history.location.pathname
-    });
-    var _getShortCircuitMatch = getShortCircuitMatches(dataRoutes),
-      matches = _getShortCircuitMatch.matches,
-      route = _getShortCircuitMatch.route;
-    initialMatches = matches;
-    initialErrors = defineProperty_defineProperty({}, route.id, error);
-  }
-  var initialized =
-  // All initialMatches need to be loaded before we're ready.  If we have lazy
-  // functions around still then we'll need to run them in initialize()
-  !initialMatches.some(function (m) {
-    return m.route.lazy;
-  }) && (
-  // And we have to either have no loaders or have been provided hydrationData
-  !initialMatches.some(function (m) {
-    return m.route.loader;
-  }) || init.hydrationData != null);
-  var router;
-  var state = {
-    historyAction: init.history.action,
-    location: init.history.location,
-    matches: initialMatches,
-    initialized: initialized,
-    navigation: IDLE_NAVIGATION,
-    // Don't restore on initial updateState() if we were SSR'd
-    restoreScrollPosition: init.hydrationData != null ? false : null,
-    preventScrollReset: false,
-    revalidation: "idle",
-    loaderData: init.hydrationData && init.hydrationData.loaderData || {},
-    actionData: init.hydrationData && init.hydrationData.actionData || null,
-    errors: init.hydrationData && init.hydrationData.errors || initialErrors,
-    fetchers: new Map(),
-    blockers: new Map()
-  };
-  // -- Stateful internal variables to manage navigations --
-  // Current navigation in progress (to be committed in completeNavigation)
-  var pendingAction = Action.Pop;
-  // Should the current navigation prevent the scroll reset if scroll cannot
-  // be restored?
-  var pendingPreventScrollReset = false;
-  // AbortController for the active navigation
-  var pendingNavigationController;
-  // We use this to avoid touching history in completeNavigation if a
-  // revalidation is entirely uninterrupted
-  var isUninterruptedRevalidation = false;
-  // Use this internal flag to force revalidation of all loaders:
-  //  - submissions (completed or interrupted)
-  //  - useRevalidator()
-  //  - X-Remix-Revalidate (from redirect)
-  var isRevalidationRequired = false;
-  // Use this internal array to capture routes that require revalidation due
-  // to a cancelled deferred on action submission
-  var cancelledDeferredRoutes = [];
-  // Use this internal array to capture fetcher loads that were cancelled by an
-  // action navigation and require revalidation
-  var cancelledFetcherLoads = [];
-  // AbortControllers for any in-flight fetchers
-  var fetchControllers = new Map();
-  // Track loads based on the order in which they started
-  var incrementingLoadId = 0;
-  // Track the outstanding pending navigation data load to be compared against
-  // the globally incrementing load when a fetcher load lands after a completed
-  // navigation
-  var pendingNavigationLoadId = -1;
-  // Fetchers that triggered data reloads as a result of their actions
-  var fetchReloadIds = new Map();
-  // Fetchers that triggered redirect navigations
-  var fetchRedirectIds = new Set();
-  // Most recent href/match for fetcher.load calls for fetchers
-  var fetchLoadMatches = new Map();
-  // Store DeferredData instances for active route matches.  When a
-  // route loader returns defer() we stick one in here.  Then, when a nested
-  // promise resolves we update loaderData.  If a new navigation starts we
-  // cancel active deferreds for eliminated routes.
-  var activeDeferreds = new Map();
-  // Store blocker functions in a separate Map outside of router state since
-  // we don't need to update UI state if they change
-  var blockerFunctions = new Map();
-  // Flag to ignore the next history update, so we can revert the URL change on
-  // a POP navigation that was blocked by the user without touching router state
-  var ignoreNextHistoryUpdate = false;
-  // Initialize the router, all side effects should be kicked off from here.
-  // Implemented as a Fluent API for ease of:
-  //   let router = createRouter(init).initialize();
-  function initialize() {
-    // If history informs us of a POP navigation, start the navigation but do not update
-    // state.  We'll update our own state once the navigation completes
-    unlistenHistory = init.history.listen(function (_ref) {
-      var historyAction = _ref.action,
-        location = _ref.location,
-        delta = _ref.delta;
-      // Ignore this event if it was just us resetting the URL from a
-      // blocked POP navigation
-      if (ignoreNextHistoryUpdate) {
-        ignoreNextHistoryUpdate = false;
-        return;
-      }
-      warning(blockerFunctions.size === 0 || delta != null, "You are trying to use a blocker on a POP navigation to a location " + "that was not created by @remix-run/router. This will fail silently in " + "production. This can happen if you are navigating outside the router " + "via `window.history.pushState`/`window.location.hash` instead of using " + "router navigation APIs.  This can also happen if you are using " + "createHashRouter and the user manually changes the URL.");
-      var blockerKey = shouldBlockNavigation({
-        currentLocation: state.location,
-        nextLocation: location,
-        historyAction: historyAction
-      });
-      if (blockerKey && delta != null) {
-        // Restore the URL to match the current UI, but don't update router state
-        ignoreNextHistoryUpdate = true;
-        init.history.go(delta * -1);
-        // Put the blocker into a blocked state
-        updateBlocker(blockerKey, {
-          state: "blocked",
-          location: location,
-          proceed: function proceed() {
-            updateBlocker(blockerKey, {
-              state: "proceeding",
-              proceed: undefined,
-              reset: undefined,
-              location: location
-            });
-            // Re-do the same POP navigation we just blocked
-            init.history.go(delta);
-          },
-          reset: function reset() {
-            deleteBlocker(blockerKey);
-            updateState({
-              blockers: new Map(router.state.blockers)
-            });
-          }
-        });
-        return;
-      }
-      return startNavigation(historyAction, location);
-    });
-    // Kick off initial data load if needed.  Use Pop to avoid modifying history
-    // Note we don't do any handling of lazy here.  For SPA's it'll get handled
-    // in the normal navigation flow.  For SSR it's expected that lazy modules are
-    // resolved prior to router creation since we can't go into a fallbackElement
-    // UI for SSR'd apps
-    if (!state.initialized) {
-      startNavigation(Action.Pop, state.location);
-    }
-    return router;
-  }
-  // Clean up a router and it's side effects
-  function dispose() {
-    if (unlistenHistory) {
-      unlistenHistory();
-    }
-    subscribers.clear();
-    pendingNavigationController && pendingNavigationController.abort();
-    state.fetchers.forEach(function (_, key) {
-      return deleteFetcher(key);
-    });
-    state.blockers.forEach(function (_, key) {
-      return deleteBlocker(key);
-    });
-  }
-  // Subscribe to state updates for the router
-  function subscribe(fn) {
-    subscribers.add(fn);
-    return function () {
-      return subscribers.delete(fn);
-    };
-  }
-  // Update our state and notify the calling context of the change
-  function updateState(newState) {
-    state = router_extends({}, state, newState);
-    subscribers.forEach(function (subscriber) {
-      return subscriber(state);
-    });
-  }
-  // Complete a navigation returning the state.navigation back to the IDLE_NAVIGATION
-  // and setting state.[historyAction/location/matches] to the new route.
-  // - Location is a required param
-  // - Navigation will always be set to IDLE_NAVIGATION
-  // - Can pass any other state in newState
-  function completeNavigation(location, newState) {
-    var _location$state, _location$state2;
-    // Deduce if we're in a loading/actionReload state:
-    // - We have committed actionData in the store
-    // - The current navigation was a mutation submission
-    // - We're past the submitting state and into the loading state
-    // - The location being loaded is not the result of a redirect
-    var isActionReload = state.actionData != null && state.navigation.formMethod != null && isMutationMethod(state.navigation.formMethod) && state.navigation.state === "loading" && ((_location$state = location.state) == null ? void 0 : _location$state._isRedirect) !== true;
-    var actionData;
-    if (newState.actionData) {
-      if (Object.keys(newState.actionData).length > 0) {
-        actionData = newState.actionData;
-      } else {
-        // Empty actionData -> clear prior actionData due to an action error
-        actionData = null;
-      }
-    } else if (isActionReload) {
-      // Keep the current data if we're wrapping up the action reload
-      actionData = state.actionData;
-    } else {
-      // Clear actionData on any other completed navigations
-      actionData = null;
-    }
-    // Always preserve any existing loaderData from re-used routes
-    var loaderData = newState.loaderData ? mergeLoaderData(state.loaderData, newState.loaderData, newState.matches || [], newState.errors) : state.loaderData;
-    // On a successful navigation we can assume we got through all blockers
-    // so we can start fresh
-    var _iterator2 = createForOfIteratorHelper_createForOfIteratorHelper(blockerFunctions),
-      _step2;
-    try {
-      for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
-        var _step2$value = slicedToArray_slicedToArray(_step2.value, 1),
-          key = _step2$value[0];
-        deleteBlocker(key);
-      }
-      // Always respect the user flag.  Otherwise don't reset on mutation
-      // submission navigations unless they redirect
-    } catch (err) {
-      _iterator2.e(err);
-    } finally {
-      _iterator2.f();
-    }
-    var preventScrollReset = pendingPreventScrollReset === true || state.navigation.formMethod != null && isMutationMethod(state.navigation.formMethod) && ((_location$state2 = location.state) == null ? void 0 : _location$state2._isRedirect) !== true;
-    if (inFlightDataRoutes) {
-      dataRoutes = inFlightDataRoutes;
-      inFlightDataRoutes = undefined;
-    }
-    updateState(router_extends({}, newState, {
-      actionData: actionData,
-      loaderData: loaderData,
-      historyAction: pendingAction,
-      location: location,
-      initialized: true,
-      navigation: IDLE_NAVIGATION,
-      revalidation: "idle",
-      restoreScrollPosition: getSavedScrollPosition(location, newState.matches || state.matches),
-      preventScrollReset: preventScrollReset,
-      blockers: new Map(state.blockers)
-    }));
-    if (isUninterruptedRevalidation) ;else if (pendingAction === Action.Pop) ;else if (pendingAction === Action.Push) {
-      init.history.push(location, location.state);
-    } else if (pendingAction === Action.Replace) {
-      init.history.replace(location, location.state);
-    }
-    // Reset stateful navigation vars
-    pendingAction = Action.Pop;
-    pendingPreventScrollReset = false;
-    isUninterruptedRevalidation = false;
-    isRevalidationRequired = false;
-    cancelledDeferredRoutes = [];
-    cancelledFetcherLoads = [];
-  }
-  // Trigger a navigation event, which can either be a numerical POP or a PUSH
-  // replace with an optional submission
-  function navigate(_x2, _x3) {
-    return _navigate.apply(this, arguments);
-  } // Revalidate all current loaders.  If a navigation is in progress or if this
-  // is interrupted by a navigation, allow this to "succeed" by calling all
-  // loaders during the next loader round
-  function _navigate() {
-    _navigate = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(to, opts) {
-      var normalizedPath, _normalizeNavigateOpt2, path, submission, error, currentLocation, nextLocation, userReplace, historyAction, preventScrollReset, blockerKey;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2) {
-        while (1) switch (_context2.prev = _context2.next) {
-          case 0:
-            if (!(typeof to === "number")) {
-              _context2.next = 3;
-              break;
-            }
-            init.history.go(to);
-            return _context2.abrupt("return");
-          case 3:
-            normalizedPath = normalizeTo(state.location, state.matches, basename, future.v7_prependBasename, to, opts == null ? void 0 : opts.fromRouteId, opts == null ? void 0 : opts.relative);
-            _normalizeNavigateOpt2 = normalizeNavigateOptions(future.v7_normalizeFormMethod, false, normalizedPath, opts), path = _normalizeNavigateOpt2.path, submission = _normalizeNavigateOpt2.submission, error = _normalizeNavigateOpt2.error;
-            currentLocation = state.location;
-            nextLocation = createLocation(state.location, path, opts && opts.state); // When using navigate as a PUSH/REPLACE we aren't reading an already-encoded
-            // URL from window.location, so we need to encode it here so the behavior
-            // remains the same as POP and non-data-router usages.  new URL() does all
-            // the same encoding we'd get from a history.pushState/window.location read
-            // without having to touch history
-            nextLocation = router_extends({}, nextLocation, init.history.encodeLocation(nextLocation));
-            userReplace = opts && opts.replace != null ? opts.replace : undefined;
-            historyAction = Action.Push;
-            if (userReplace === true) {
-              historyAction = Action.Replace;
-            } else if (userReplace === false) ;else if (submission != null && isMutationMethod(submission.formMethod) && submission.formAction === state.location.pathname + state.location.search) {
-              // By default on submissions to the current location we REPLACE so that
-              // users don't have to double-click the back button to get to the prior
-              // location.  If the user redirects to a different location from the
-              // action/loader this will be ignored and the redirect will be a PUSH
-              historyAction = Action.Replace;
-            }
-            preventScrollReset = opts && "preventScrollReset" in opts ? opts.preventScrollReset === true : undefined;
-            blockerKey = shouldBlockNavigation({
-              currentLocation: currentLocation,
-              nextLocation: nextLocation,
-              historyAction: historyAction
-            });
-            if (!blockerKey) {
-              _context2.next = 16;
-              break;
-            }
-            // Put the blocker into a blocked state
-            updateBlocker(blockerKey, {
-              state: "blocked",
-              location: nextLocation,
-              proceed: function proceed() {
-                updateBlocker(blockerKey, {
-                  state: "proceeding",
-                  proceed: undefined,
-                  reset: undefined,
-                  location: nextLocation
-                });
-                // Send the same navigation through
-                navigate(to, opts);
-              },
-              reset: function reset() {
-                deleteBlocker(blockerKey);
-                updateState({
-                  blockers: new Map(state.blockers)
-                });
-              }
-            });
-            return _context2.abrupt("return");
-          case 16:
-            _context2.next = 18;
-            return startNavigation(historyAction, nextLocation, {
-              submission: submission,
-              // Send through the formData serialization error if we have one so we can
-              // render at the right error boundary after we match routes
-              pendingError: error,
-              preventScrollReset: preventScrollReset,
-              replace: opts && opts.replace
-            });
-          case 18:
-            return _context2.abrupt("return", _context2.sent);
-          case 19:
-          case "end":
-            return _context2.stop();
-        }
-      }, _callee2);
-    }));
-    return _navigate.apply(this, arguments);
-  }
-  function revalidate() {
-    interruptActiveLoads();
-    updateState({
-      revalidation: "loading"
-    });
-    // If we're currently submitting an action, we don't need to start a new
-    // navigation, we'll just let the follow up loader execution call all loaders
-    if (state.navigation.state === "submitting") {
-      return;
-    }
-    // If we're currently in an idle state, start a new navigation for the current
-    // action/location and mark it as uninterrupted, which will skip the history
-    // update in completeNavigation
-    if (state.navigation.state === "idle") {
-      startNavigation(state.historyAction, state.location, {
-        startUninterruptedRevalidation: true
-      });
-      return;
-    }
-    // Otherwise, if we're currently in a loading state, just start a new
-    // navigation to the navigation.location but do not trigger an uninterrupted
-    // revalidation so that history correctly updates once the navigation completes
-    startNavigation(pendingAction || state.historyAction, state.navigation.location, {
-      overrideNavigation: state.navigation
-    });
-  }
-  // Start a navigation to the given action/location.  Can optionally provide a
-  // overrideNavigation which will override the normalLoad in the case of a redirect
-  // navigation
-  function startNavigation(_x4, _x5, _x6) {
-    return _startNavigation.apply(this, arguments);
-  } // Call the action matched by the leaf route for this navigation and handle
-  // redirects/errors
-  function _startNavigation() {
-    _startNavigation = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(historyAction, location, opts) {
-      var routesToUse, loadingNavigation, matches, _error, _getShortCircuitMatch2, notFoundMatches, _route, request, pendingActionData, pendingError, actionOutput, navigation, _yield$handleLoaders, shortCircuited, loaderData, errors;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3) {
-        while (1) switch (_context3.prev = _context3.next) {
-          case 0:
-            // Abort any in-progress navigations and start a new one. Unset any ongoing
-            // uninterrupted revalidations unless told otherwise, since we want this
-            // new navigation to update history normally
-            pendingNavigationController && pendingNavigationController.abort();
-            pendingNavigationController = null;
-            pendingAction = historyAction;
-            isUninterruptedRevalidation = (opts && opts.startUninterruptedRevalidation) === true;
-            // Save the current scroll position every time we start a new navigation,
-            // and track whether we should reset scroll on completion
-            saveScrollPosition(state.location, state.matches);
-            pendingPreventScrollReset = (opts && opts.preventScrollReset) === true;
-            routesToUse = inFlightDataRoutes || dataRoutes;
-            loadingNavigation = opts && opts.overrideNavigation;
-            matches = matchRoutes(routesToUse, location, basename); // Short circuit with a 404 on the root error boundary if we match nothing
-            if (matches) {
-              _context3.next = 15;
-              break;
-            }
-            _error = getInternalRouterError(404, {
-              pathname: location.pathname
-            });
-            _getShortCircuitMatch2 = getShortCircuitMatches(routesToUse), notFoundMatches = _getShortCircuitMatch2.matches, _route = _getShortCircuitMatch2.route; // Cancel all pending deferred on 404s since we don't keep any routes
-            cancelActiveDeferreds();
-            completeNavigation(location, {
-              matches: notFoundMatches,
-              loaderData: {},
-              errors: defineProperty_defineProperty({}, _route.id, _error)
-            });
-            return _context3.abrupt("return");
-          case 15:
-            if (!(state.initialized && !isRevalidationRequired && isHashChangeOnly(state.location, location) && !(opts && opts.submission && isMutationMethod(opts.submission.formMethod)))) {
-              _context3.next = 18;
-              break;
-            }
-            completeNavigation(location, {
-              matches: matches
-            });
-            return _context3.abrupt("return");
-          case 18:
-            // Create a controller/Request for this navigation
-            pendingNavigationController = new AbortController();
-            request = createClientSideRequest(init.history, location, pendingNavigationController.signal, opts && opts.submission);
-            if (!(opts && opts.pendingError)) {
-              _context3.next = 24;
-              break;
-            }
-            // If we have a pendingError, it means the user attempted a GET submission
-            // with binary FormData so assign here and skip to handleLoaders.  That
-            // way we handle calling loaders above the boundary etc.  It's not really
-            // different from an actionError in that sense.
-            pendingError = defineProperty_defineProperty({}, findNearestBoundary(matches).route.id, opts.pendingError);
-            _context3.next = 35;
-            break;
-          case 24:
-            if (!(opts && opts.submission && isMutationMethod(opts.submission.formMethod))) {
-              _context3.next = 35;
-              break;
-            }
-            _context3.next = 27;
-            return handleAction(request, location, opts.submission, matches, {
-              replace: opts.replace
-            });
-          case 27:
-            actionOutput = _context3.sent;
-            if (!actionOutput.shortCircuited) {
-              _context3.next = 30;
-              break;
-            }
-            return _context3.abrupt("return");
-          case 30:
-            pendingActionData = actionOutput.pendingActionData;
-            pendingError = actionOutput.pendingActionError;
-            navigation = router_extends({
-              state: "loading",
-              location: location
-            }, opts.submission);
-            loadingNavigation = navigation;
-            // Create a GET request for the loaders
-            request = new Request(request.url, {
-              signal: request.signal
-            });
-          case 35:
-            _context3.next = 37;
-            return handleLoaders(request, location, matches, loadingNavigation, opts && opts.submission, opts && opts.fetcherSubmission, opts && opts.replace, pendingActionData, pendingError);
-          case 37:
-            _yield$handleLoaders = _context3.sent;
-            shortCircuited = _yield$handleLoaders.shortCircuited;
-            loaderData = _yield$handleLoaders.loaderData;
-            errors = _yield$handleLoaders.errors;
-            if (!shortCircuited) {
-              _context3.next = 43;
-              break;
-            }
-            return _context3.abrupt("return");
-          case 43:
-            // Clean up now that the action/loaders have completed.  Don't clean up if
-            // we short circuited because pendingNavigationController will have already
-            // been assigned to a new controller for the next navigation
-            pendingNavigationController = null;
-            completeNavigation(location, router_extends({
-              matches: matches
-            }, pendingActionData ? {
-              actionData: pendingActionData
-            } : {}, {
-              loaderData: loaderData,
-              errors: errors
-            }));
-          case 45:
-          case "end":
-            return _context3.stop();
-        }
-      }, _callee3);
-    }));
-    return _startNavigation.apply(this, arguments);
-  }
-  function handleAction(_x7, _x8, _x9, _x10, _x11) {
-    return _handleAction.apply(this, arguments);
-  } // Call all applicable loaders for the given matches, handling redirects,
-  // errors, etc.
-  function _handleAction() {
-    _handleAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(request, location, submission, matches, opts) {
-      var navigation, result, actionMatch, replace, boundaryMatch;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4) {
-        while (1) switch (_context4.prev = _context4.next) {
-          case 0:
-            interruptActiveLoads();
-            // Put us in a submitting state
-            navigation = router_extends({
-              state: "submitting",
-              location: location
-            }, submission);
-            updateState({
-              navigation: navigation
-            });
-            // Call our action and get the result
-            actionMatch = getTargetMatch(matches, location);
-            if (!(!actionMatch.route.action && !actionMatch.route.lazy)) {
-              _context4.next = 8;
-              break;
-            }
-            result = {
-              type: ResultType.error,
-              error: getInternalRouterError(405, {
-                method: request.method,
-                pathname: location.pathname,
-                routeId: actionMatch.route.id
-              })
-            };
-            _context4.next = 13;
-            break;
-          case 8:
-            _context4.next = 10;
-            return callLoaderOrAction("action", request, actionMatch, matches, manifest, mapRouteProperties, basename);
-          case 10:
-            result = _context4.sent;
-            if (!request.signal.aborted) {
-              _context4.next = 13;
-              break;
-            }
-            return _context4.abrupt("return", {
-              shortCircuited: true
-            });
-          case 13:
-            if (!isRedirectResult(result)) {
-              _context4.next = 18;
-              break;
-            }
-            if (opts && opts.replace != null) {
-              replace = opts.replace;
-            } else {
-              // If the user didn't explicity indicate replace behavior, replace if
-              // we redirected to the exact same location we're currently at to avoid
-              // double back-buttons
-              replace = result.location === state.location.pathname + state.location.search;
-            }
-            _context4.next = 17;
-            return startRedirectNavigation(state, result, {
-              submission: submission,
-              replace: replace
-            });
-          case 17:
-            return _context4.abrupt("return", {
-              shortCircuited: true
-            });
-          case 18:
-            if (!isErrorResult(result)) {
-              _context4.next = 22;
-              break;
-            }
-            // Store off the pending error - we use it to determine which loaders
-            // to call and will commit it when we complete the navigation
-            boundaryMatch = findNearestBoundary(matches, actionMatch.route.id); // By default, all submissions are REPLACE navigations, but if the
-            // action threw an error that'll be rendered in an errorElement, we fall
-            // back to PUSH so that the user can use the back button to get back to
-            // the pre-submission form location to try again
-            if ((opts && opts.replace) !== true) {
-              pendingAction = Action.Push;
-            }
-            return _context4.abrupt("return", {
-              // Send back an empty object we can use to clear out any prior actionData
-              pendingActionData: {},
-              pendingActionError: defineProperty_defineProperty({}, boundaryMatch.route.id, result.error)
-            });
-          case 22:
-            if (!isDeferredResult(result)) {
-              _context4.next = 24;
-              break;
-            }
-            throw getInternalRouterError(400, {
-              type: "defer-action"
-            });
-          case 24:
-            return _context4.abrupt("return", {
-              pendingActionData: defineProperty_defineProperty({}, actionMatch.route.id, result.data)
-            });
-          case 25:
-          case "end":
-            return _context4.stop();
-        }
-      }, _callee4);
-    }));
-    return _handleAction.apply(this, arguments);
-  }
-  function handleLoaders(_x12, _x13, _x14, _x15, _x16, _x17, _x18, _x19, _x20) {
-    return _handleLoaders.apply(this, arguments);
-  }
-  function _handleLoaders() {
-    _handleLoaders = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(request, location, matches, overrideNavigation, submission, fetcherSubmission, replace, pendingActionData, pendingError) {
-      var loadingNavigation, navigation, activeSubmission, routesToUse, _getMatchesToLoad, _getMatchesToLoad2, matchesToLoad, revalidatingFetchers, _updatedFetchers, actionData, abortPendingFetchRevalidations, _yield$callLoadersAnd, results, loaderResults, fetcherResults, redirect, _processLoaderData, loaderData, errors, updatedFetchers, didAbortFetchLoads, shouldUpdateFetchers;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5) {
-        while (1) switch (_context5.prev = _context5.next) {
-          case 0:
-            // Figure out the right navigation we want to use for data loading
-            loadingNavigation = overrideNavigation;
-            if (!loadingNavigation) {
-              navigation = router_extends({
-                state: "loading",
-                location: location,
-                formMethod: undefined,
-                formAction: undefined,
-                formEncType: undefined,
-                formData: undefined
-              }, submission);
-              loadingNavigation = navigation;
-            }
-            // If this was a redirect from an action we don't have a "submission" but
-            // we have it on the loading navigation so use that if available
-            activeSubmission = submission || fetcherSubmission ? submission || fetcherSubmission : loadingNavigation.formMethod && loadingNavigation.formAction && loadingNavigation.formData && loadingNavigation.formEncType ? {
-              formMethod: loadingNavigation.formMethod,
-              formAction: loadingNavigation.formAction,
-              formData: loadingNavigation.formData,
-              formEncType: loadingNavigation.formEncType
-            } : undefined;
-            routesToUse = inFlightDataRoutes || dataRoutes;
-            _getMatchesToLoad = getMatchesToLoad(init.history, state, matches, activeSubmission, location, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, pendingActionData, pendingError), _getMatchesToLoad2 = slicedToArray_slicedToArray(_getMatchesToLoad, 2), matchesToLoad = _getMatchesToLoad2[0], revalidatingFetchers = _getMatchesToLoad2[1]; // Cancel pending deferreds for no-longer-matched routes or routes we're
-            // about to reload.  Note that if this is an action reload we would have
-            // already cancelled all pending deferreds so this would be a no-op
-            cancelActiveDeferreds(function (routeId) {
-              return !(matches && matches.some(function (m) {
-                return m.route.id === routeId;
-              })) || matchesToLoad && matchesToLoad.some(function (m) {
-                return m.route.id === routeId;
-              });
-            });
-            // Short circuit if we have no loaders to run
-            if (!(matchesToLoad.length === 0 && revalidatingFetchers.length === 0)) {
-              _context5.next = 10;
-              break;
-            }
-            _updatedFetchers = markFetchRedirectsDone();
-            completeNavigation(location, router_extends({
-              matches: matches,
-              loaderData: {},
-              // Commit pending error if we're short circuiting
-              errors: pendingError || null
-            }, pendingActionData ? {
-              actionData: pendingActionData
-            } : {}, _updatedFetchers ? {
-              fetchers: new Map(state.fetchers)
-            } : {}));
-            return _context5.abrupt("return", {
-              shortCircuited: true
-            });
-          case 10:
-            // If this is an uninterrupted revalidation, we remain in our current idle
-            // state.  If not, we need to switch to our loading state and load data,
-            // preserving any new action data or existing action data (in the case of
-            // a revalidation interrupting an actionReload)
-            if (!isUninterruptedRevalidation) {
-              revalidatingFetchers.forEach(function (rf) {
-                var fetcher = state.fetchers.get(rf.key);
-                var revalidatingFetcher = {
-                  state: "loading",
-                  data: fetcher && fetcher.data,
-                  formMethod: undefined,
-                  formAction: undefined,
-                  formEncType: undefined,
-                  formData: undefined,
-                  " _hasFetcherDoneAnything ": true
-                };
-                state.fetchers.set(rf.key, revalidatingFetcher);
-              });
-              actionData = pendingActionData || state.actionData;
-              updateState(router_extends({
-                navigation: loadingNavigation
-              }, actionData ? Object.keys(actionData).length === 0 ? {
-                actionData: null
-              } : {
-                actionData: actionData
-              } : {}, revalidatingFetchers.length > 0 ? {
-                fetchers: new Map(state.fetchers)
-              } : {}));
-            }
-            pendingNavigationLoadId = ++incrementingLoadId;
-            revalidatingFetchers.forEach(function (rf) {
-              if (rf.controller) {
-                // Fetchers use an independent AbortController so that aborting a fetcher
-                // (via deleteFetcher) does not abort the triggering navigation that
-                // triggered the revalidation
-                fetchControllers.set(rf.key, rf.controller);
-              }
-            });
-            // Proxy navigation abort through to revalidation fetchers
-            abortPendingFetchRevalidations = function abortPendingFetchRevalidations() {
-              return revalidatingFetchers.forEach(function (f) {
-                return abortFetcher(f.key);
-              });
-            };
-            if (pendingNavigationController) {
-              pendingNavigationController.signal.addEventListener("abort", abortPendingFetchRevalidations);
-            }
-            _context5.next = 17;
-            return callLoadersAndMaybeResolveData(state.matches, matches, matchesToLoad, revalidatingFetchers, request);
-          case 17:
-            _yield$callLoadersAnd = _context5.sent;
-            results = _yield$callLoadersAnd.results;
-            loaderResults = _yield$callLoadersAnd.loaderResults;
-            fetcherResults = _yield$callLoadersAnd.fetcherResults;
-            if (!request.signal.aborted) {
-              _context5.next = 23;
-              break;
-            }
-            return _context5.abrupt("return", {
-              shortCircuited: true
-            });
-          case 23:
-            // Clean up _after_ loaders have completed.  Don't clean up if we short
-            // circuited because fetchControllers would have been aborted and
-            // reassigned to new controllers for the next navigation
-            if (pendingNavigationController) {
-              pendingNavigationController.signal.removeEventListener("abort", abortPendingFetchRevalidations);
-            }
-            revalidatingFetchers.forEach(function (rf) {
-              return fetchControllers.delete(rf.key);
-            });
-            // If any loaders returned a redirect Response, start a new REPLACE navigation
-            redirect = findRedirect(results);
-            if (!redirect) {
-              _context5.next = 30;
-              break;
-            }
-            _context5.next = 29;
-            return startRedirectNavigation(state, redirect, {
-              replace: replace
-            });
-          case 29:
-            return _context5.abrupt("return", {
-              shortCircuited: true
-            });
-          case 30:
-            // Process and commit output from loaders
-            _processLoaderData = processLoaderData(state, matches, matchesToLoad, loaderResults, pendingError, revalidatingFetchers, fetcherResults, activeDeferreds), loaderData = _processLoaderData.loaderData, errors = _processLoaderData.errors; // Wire up subscribers to update loaderData as promises settle
-            activeDeferreds.forEach(function (deferredData, routeId) {
-              deferredData.subscribe(function (aborted) {
-                // Note: No need to updateState here since the TrackedPromise on
-                // loaderData is stable across resolve/reject
-                // Remove this instance if we were aborted or if promises have settled
-                if (aborted || deferredData.done) {
-                  activeDeferreds.delete(routeId);
-                }
-              });
-            });
-            updatedFetchers = markFetchRedirectsDone();
-            didAbortFetchLoads = abortStaleFetchLoads(pendingNavigationLoadId);
-            shouldUpdateFetchers = updatedFetchers || didAbortFetchLoads || revalidatingFetchers.length > 0;
-            return _context5.abrupt("return", router_extends({
-              loaderData: loaderData,
-              errors: errors
-            }, shouldUpdateFetchers ? {
-              fetchers: new Map(state.fetchers)
-            } : {}));
-          case 36:
-          case "end":
-            return _context5.stop();
-        }
-      }, _callee5);
-    }));
-    return _handleLoaders.apply(this, arguments);
-  }
-  function getFetcher(key) {
-    return state.fetchers.get(key) || IDLE_FETCHER;
-  }
-  // Trigger a fetcher load/submit for the given fetcher key
-  function fetch(key, routeId, href, opts) {
-    if (isServer) {
-      throw new Error("router.fetch() was called during the server render, but it shouldn't be. " + "You are likely calling a useFetcher() method in the body of your component. " + "Try moving it to a useEffect or a callback.");
-    }
-    if (fetchControllers.has(key)) abortFetcher(key);
-    var routesToUse = inFlightDataRoutes || dataRoutes;
-    var normalizedPath = normalizeTo(state.location, state.matches, basename, future.v7_prependBasename, href, routeId, opts == null ? void 0 : opts.relative);
-    var matches = matchRoutes(routesToUse, normalizedPath, basename);
-    if (!matches) {
-      setFetcherError(key, routeId, getInternalRouterError(404, {
-        pathname: normalizedPath
-      }));
-      return;
-    }
-    var _normalizeNavigateOpt = normalizeNavigateOptions(future.v7_normalizeFormMethod, true, normalizedPath, opts),
-      path = _normalizeNavigateOpt.path,
-      submission = _normalizeNavigateOpt.submission;
-    var match = getTargetMatch(matches, path);
-    pendingPreventScrollReset = (opts && opts.preventScrollReset) === true;
-    if (submission && isMutationMethod(submission.formMethod)) {
-      handleFetcherAction(key, routeId, path, match, matches, submission);
-      return;
-    }
-    // Store off the match so we can call it's shouldRevalidate on subsequent
-    // revalidations
-    fetchLoadMatches.set(key, {
-      routeId: routeId,
-      path: path
-    });
-    handleFetcherLoader(key, routeId, path, match, matches, submission);
-  }
-  // Call the action for the matched fetcher.submit(), and then handle redirects,
-  // errors, and revalidation
-  function handleFetcherAction(_x21, _x22, _x23, _x24, _x25, _x26) {
-    return _handleFetcherAction.apply(this, arguments);
-  } // Call the matched loader for fetcher.load(), handling redirects, errors, etc.
-  function _handleFetcherAction() {
-    _handleFetcherAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(key, routeId, path, match, requestMatches, submission) {
-      var _error2, existingFetcher, fetcher, abortController, fetchRequest, actionResult, loadingFetcher, nextLocation, revalidationRequest, routesToUse, matches, loadId, loadFetcher, _getMatchesToLoad3, _getMatchesToLoad4, matchesToLoad, revalidatingFetchers, abortPendingFetchRevalidations, _yield$callLoadersAnd2, results, loaderResults, fetcherResults, redirect, _processLoaderData2, loaderData, errors, doneFetcher, didAbortFetchLoads;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6) {
-        while (1) switch (_context6.prev = _context6.next) {
-          case 0:
-            interruptActiveLoads();
-            fetchLoadMatches.delete(key);
-            if (!(!match.route.action && !match.route.lazy)) {
-              _context6.next = 6;
-              break;
-            }
-            _error2 = getInternalRouterError(405, {
-              method: submission.formMethod,
-              pathname: path,
-              routeId: routeId
-            });
-            setFetcherError(key, routeId, _error2);
-            return _context6.abrupt("return");
-          case 6:
-            // Put this fetcher into it's submitting state
-            existingFetcher = state.fetchers.get(key);
-            fetcher = router_extends({
-              state: "submitting"
-            }, submission, {
-              data: existingFetcher && existingFetcher.data,
-              " _hasFetcherDoneAnything ": true
-            });
-            state.fetchers.set(key, fetcher);
-            updateState({
-              fetchers: new Map(state.fetchers)
-            });
-            // Call the action for the fetcher
-            abortController = new AbortController();
-            fetchRequest = createClientSideRequest(init.history, path, abortController.signal, submission);
-            fetchControllers.set(key, abortController);
-            _context6.next = 15;
-            return callLoaderOrAction("action", fetchRequest, match, requestMatches, manifest, mapRouteProperties, basename);
-          case 15:
-            actionResult = _context6.sent;
-            if (!fetchRequest.signal.aborted) {
-              _context6.next = 19;
-              break;
-            }
-            // We can delete this so long as we weren't aborted by ou our own fetcher
-            // re-submit which would have put _new_ controller is in fetchControllers
-            if (fetchControllers.get(key) === abortController) {
-              fetchControllers.delete(key);
-            }
-            return _context6.abrupt("return");
-          case 19:
-            if (!isRedirectResult(actionResult)) {
-              _context6.next = 26;
-              break;
-            }
-            fetchControllers.delete(key);
-            fetchRedirectIds.add(key);
-            loadingFetcher = router_extends({
-              state: "loading"
-            }, submission, {
-              data: undefined,
-              " _hasFetcherDoneAnything ": true
-            });
-            state.fetchers.set(key, loadingFetcher);
-            updateState({
-              fetchers: new Map(state.fetchers)
-            });
-            return _context6.abrupt("return", startRedirectNavigation(state, actionResult, {
-              submission: submission,
-              isFetchActionRedirect: true
-            }));
-          case 26:
-            if (!isErrorResult(actionResult)) {
-              _context6.next = 29;
-              break;
-            }
-            setFetcherError(key, routeId, actionResult.error);
-            return _context6.abrupt("return");
-          case 29:
-            if (!isDeferredResult(actionResult)) {
-              _context6.next = 31;
-              break;
-            }
-            throw getInternalRouterError(400, {
-              type: "defer-action"
-            });
-          case 31:
-            // Start the data load for current matches, or the next location if we're
-            // in the middle of a navigation
-            nextLocation = state.navigation.location || state.location;
-            revalidationRequest = createClientSideRequest(init.history, nextLocation, abortController.signal);
-            routesToUse = inFlightDataRoutes || dataRoutes;
-            matches = state.navigation.state !== "idle" ? matchRoutes(routesToUse, state.navigation.location, basename) : state.matches;
-            invariant(matches, "Didn't find any matches after fetcher action");
-            loadId = ++incrementingLoadId;
-            fetchReloadIds.set(key, loadId);
-            loadFetcher = router_extends({
-              state: "loading",
-              data: actionResult.data
-            }, submission, {
-              " _hasFetcherDoneAnything ": true
-            });
-            state.fetchers.set(key, loadFetcher);
-            _getMatchesToLoad3 = getMatchesToLoad(init.history, state, matches, submission, nextLocation, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, defineProperty_defineProperty({}, match.route.id, actionResult.data), undefined // No need to send through errors since we short circuit above
-            ), _getMatchesToLoad4 = slicedToArray_slicedToArray(_getMatchesToLoad3, 2), matchesToLoad = _getMatchesToLoad4[0], revalidatingFetchers = _getMatchesToLoad4[1]; // Put all revalidating fetchers into the loading state, except for the
-            // current fetcher which we want to keep in it's current loading state which
-            // contains it's action submission info + action data
-            revalidatingFetchers.filter(function (rf) {
-              return rf.key !== key;
-            }).forEach(function (rf) {
-              var staleKey = rf.key;
-              var existingFetcher = state.fetchers.get(staleKey);
-              var revalidatingFetcher = {
-                state: "loading",
-                data: existingFetcher && existingFetcher.data,
-                formMethod: undefined,
-                formAction: undefined,
-                formEncType: undefined,
-                formData: undefined,
-                " _hasFetcherDoneAnything ": true
-              };
-              state.fetchers.set(staleKey, revalidatingFetcher);
-              if (rf.controller) {
-                fetchControllers.set(staleKey, rf.controller);
-              }
-            });
-            updateState({
-              fetchers: new Map(state.fetchers)
-            });
-            abortPendingFetchRevalidations = function abortPendingFetchRevalidations() {
-              return revalidatingFetchers.forEach(function (rf) {
-                return abortFetcher(rf.key);
-              });
-            };
-            abortController.signal.addEventListener("abort", abortPendingFetchRevalidations);
-            _context6.next = 47;
-            return callLoadersAndMaybeResolveData(state.matches, matches, matchesToLoad, revalidatingFetchers, revalidationRequest);
-          case 47:
-            _yield$callLoadersAnd2 = _context6.sent;
-            results = _yield$callLoadersAnd2.results;
-            loaderResults = _yield$callLoadersAnd2.loaderResults;
-            fetcherResults = _yield$callLoadersAnd2.fetcherResults;
-            if (!abortController.signal.aborted) {
-              _context6.next = 53;
-              break;
-            }
-            return _context6.abrupt("return");
-          case 53:
-            abortController.signal.removeEventListener("abort", abortPendingFetchRevalidations);
-            fetchReloadIds.delete(key);
-            fetchControllers.delete(key);
-            revalidatingFetchers.forEach(function (r) {
-              return fetchControllers.delete(r.key);
-            });
-            redirect = findRedirect(results);
-            if (!redirect) {
-              _context6.next = 60;
-              break;
-            }
-            return _context6.abrupt("return", startRedirectNavigation(state, redirect));
-          case 60:
-            // Process and commit output from loaders
-            _processLoaderData2 = processLoaderData(state, state.matches, matchesToLoad, loaderResults, undefined, revalidatingFetchers, fetcherResults, activeDeferreds), loaderData = _processLoaderData2.loaderData, errors = _processLoaderData2.errors; // Since we let revalidations complete even if the submitting fetcher was
-            // deleted, only put it back to idle if it hasn't been deleted
-            if (state.fetchers.has(key)) {
-              doneFetcher = {
-                state: "idle",
-                data: actionResult.data,
-                formMethod: undefined,
-                formAction: undefined,
-                formEncType: undefined,
-                formData: undefined,
-                " _hasFetcherDoneAnything ": true
-              };
-              state.fetchers.set(key, doneFetcher);
-            }
-            didAbortFetchLoads = abortStaleFetchLoads(loadId); // If we are currently in a navigation loading state and this fetcher is
-            // more recent than the navigation, we want the newer data so abort the
-            // navigation and complete it with the fetcher data
-            if (state.navigation.state === "loading" && loadId > pendingNavigationLoadId) {
-              invariant(pendingAction, "Expected pending action");
-              pendingNavigationController && pendingNavigationController.abort();
-              completeNavigation(state.navigation.location, {
-                matches: matches,
-                loaderData: loaderData,
-                errors: errors,
-                fetchers: new Map(state.fetchers)
-              });
-            } else {
-              // otherwise just update with the fetcher data, preserving any existing
-              // loaderData for loaders that did not need to reload.  We have to
-              // manually merge here since we aren't going through completeNavigation
-              updateState(router_extends({
-                errors: errors,
-                loaderData: mergeLoaderData(state.loaderData, loaderData, matches, errors)
-              }, didAbortFetchLoads || revalidatingFetchers.length > 0 ? {
-                fetchers: new Map(state.fetchers)
-              } : {}));
-              isRevalidationRequired = false;
-            }
-          case 64:
-          case "end":
-            return _context6.stop();
-        }
-      }, _callee6);
-    }));
-    return _handleFetcherAction.apply(this, arguments);
-  }
-  function handleFetcherLoader(_x27, _x28, _x29, _x30, _x31, _x32) {
-    return _handleFetcherLoader.apply(this, arguments);
-  }
-  /**
-   * Utility function to handle redirects returned from an action or loader.
-   * Normally, a redirect "replaces" the navigation that triggered it.  So, for
-   * example:
-   *
-   *  - user is on /a
-   *  - user clicks a link to /b
-   *  - loader for /b redirects to /c
-   *
-   * In a non-JS app the browser would track the in-flight navigation to /b and
-   * then replace it with /c when it encountered the redirect response.  In
-   * the end it would only ever update the URL bar with /c.
-   *
-   * In client-side routing using pushState/replaceState, we aim to emulate
-   * this behavior and we also do not update history until the end of the
-   * navigation (including processed redirects).  This means that we never
-   * actually touch history until we've processed redirects, so we just use
-   * the history action from the original navigation (PUSH or REPLACE).
-   */
-  function _handleFetcherLoader() {
-    _handleFetcherLoader = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(key, routeId, path, match, matches, submission) {
-      var existingFetcher, loadingFetcher, abortController, fetchRequest, result, boundaryMatch, doneFetcher;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7) {
-        while (1) switch (_context7.prev = _context7.next) {
-          case 0:
-            existingFetcher = state.fetchers.get(key); // Put this fetcher into it's loading state
-            loadingFetcher = router_extends({
-              state: "loading",
-              formMethod: undefined,
-              formAction: undefined,
-              formEncType: undefined,
-              formData: undefined
-            }, submission, {
-              data: existingFetcher && existingFetcher.data,
-              " _hasFetcherDoneAnything ": true
-            });
-            state.fetchers.set(key, loadingFetcher);
-            updateState({
-              fetchers: new Map(state.fetchers)
-            });
-            // Call the loader for this fetcher route match
-            abortController = new AbortController();
-            fetchRequest = createClientSideRequest(init.history, path, abortController.signal);
-            fetchControllers.set(key, abortController);
-            _context7.next = 9;
-            return callLoaderOrAction("loader", fetchRequest, match, matches, manifest, mapRouteProperties, basename);
-          case 9:
-            result = _context7.sent;
-            if (!isDeferredResult(result)) {
-              _context7.next = 17;
-              break;
-            }
-            _context7.next = 13;
-            return resolveDeferredData(result, fetchRequest.signal, true);
-          case 13:
-            _context7.t0 = _context7.sent;
-            if (_context7.t0) {
-              _context7.next = 16;
-              break;
-            }
-            _context7.t0 = result;
-          case 16:
-            result = _context7.t0;
-          case 17:
-            // We can delete this so long as we weren't aborted by our our own fetcher
-            // re-load which would have put _new_ controller is in fetchControllers
-            if (fetchControllers.get(key) === abortController) {
-              fetchControllers.delete(key);
-            }
-            if (!fetchRequest.signal.aborted) {
-              _context7.next = 20;
-              break;
-            }
-            return _context7.abrupt("return");
-          case 20:
-            if (!isRedirectResult(result)) {
-              _context7.next = 25;
-              break;
-            }
-            fetchRedirectIds.add(key);
-            _context7.next = 24;
-            return startRedirectNavigation(state, result);
-          case 24:
-            return _context7.abrupt("return");
-          case 25:
-            if (!isErrorResult(result)) {
-              _context7.next = 30;
-              break;
-            }
-            boundaryMatch = findNearestBoundary(state.matches, routeId);
-            state.fetchers.delete(key);
-            // TODO: In remix, this would reset to IDLE_NAVIGATION if it was a catch -
-            // do we need to behave any differently with our non-redirect errors?
-            // What if it was a non-redirect Response?
-            updateState({
-              fetchers: new Map(state.fetchers),
-              errors: defineProperty_defineProperty({}, boundaryMatch.route.id, result.error)
-            });
-            return _context7.abrupt("return");
-          case 30:
-            invariant(!isDeferredResult(result), "Unhandled fetcher deferred data");
-            // Put the fetcher back into an idle state
-            doneFetcher = {
-              state: "idle",
-              data: result.data,
-              formMethod: undefined,
-              formAction: undefined,
-              formEncType: undefined,
-              formData: undefined,
-              " _hasFetcherDoneAnything ": true
-            };
-            state.fetchers.set(key, doneFetcher);
-            updateState({
-              fetchers: new Map(state.fetchers)
-            });
-          case 34:
-          case "end":
-            return _context7.stop();
-        }
-      }, _callee7);
-    }));
-    return _handleFetcherLoader.apply(this, arguments);
-  }
-  function startRedirectNavigation(_x33, _x34, _x35) {
-    return _startRedirectNavigation.apply(this, arguments);
-  }
-  function _startRedirectNavigation() {
-    _startRedirectNavigation = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(state, redirect, _temp) {
-      var _ref6, submission, replace, isFetchActionRedirect, redirectLocation, url, isDifferentBasename, redirectHistoryAction, _state$navigation, formMethod, formAction, formEncType, formData;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8) {
-        while (1) switch (_context8.prev = _context8.next) {
-          case 0:
-            _ref6 = _temp === void 0 ? {} : _temp, submission = _ref6.submission, replace = _ref6.replace, isFetchActionRedirect = _ref6.isFetchActionRedirect;
-            if (redirect.revalidate) {
-              isRevalidationRequired = true;
-            }
-            redirectLocation = createLocation(state.location, redirect.location,
-            // TODO: This can be removed once we get rid of useTransition in Remix v2
-            router_extends({
-              _isRedirect: true
-            }, isFetchActionRedirect ? {
-              _isFetchActionRedirect: true
-            } : {}));
-            invariant(redirectLocation, "Expected a location on the redirect navigation");
-            // Check if this an absolute external redirect that goes to a new origin
-            if (!(ABSOLUTE_URL_REGEX.test(redirect.location) && isBrowser)) {
-              _context8.next = 10;
-              break;
-            }
-            url = init.history.createURL(redirect.location);
-            isDifferentBasename = router_stripBasename(url.pathname, basename) == null;
-            if (!(routerWindow.location.origin !== url.origin || isDifferentBasename)) {
-              _context8.next = 10;
-              break;
-            }
-            if (replace) {
-              routerWindow.location.replace(redirect.location);
-            } else {
-              routerWindow.location.assign(redirect.location);
-            }
-            return _context8.abrupt("return");
-          case 10:
-            // There's no need to abort on redirects, since we don't detect the
-            // redirect until the action/loaders have settled
-            pendingNavigationController = null;
-            redirectHistoryAction = replace === true ? Action.Replace : Action.Push; // Use the incoming submission if provided, fallback on the active one in
-            // state.navigation
-            _state$navigation = state.navigation, formMethod = _state$navigation.formMethod, formAction = _state$navigation.formAction, formEncType = _state$navigation.formEncType, formData = _state$navigation.formData;
-            if (!submission && formMethod && formAction && formData && formEncType) {
-              submission = {
-                formMethod: formMethod,
-                formAction: formAction,
-                formEncType: formEncType,
-                formData: formData
-              };
-            }
-            // If this was a 307/308 submission we want to preserve the HTTP method and
-            // re-submit the GET/POST/PUT/PATCH/DELETE as a submission navigation to the
-            // redirected location
-            if (!(redirectPreserveMethodStatusCodes.has(redirect.status) && submission && isMutationMethod(submission.formMethod))) {
-              _context8.next = 19;
-              break;
-            }
-            _context8.next = 17;
-            return startNavigation(redirectHistoryAction, redirectLocation, {
-              submission: router_extends({}, submission, {
-                formAction: redirect.location
-              }),
-              // Preserve this flag across redirects
-              preventScrollReset: pendingPreventScrollReset
-            });
-          case 17:
-            _context8.next = 26;
-            break;
-          case 19:
-            if (!isFetchActionRedirect) {
-              _context8.next = 24;
-              break;
-            }
-            _context8.next = 22;
-            return startNavigation(redirectHistoryAction, redirectLocation, {
-              overrideNavigation: {
-                state: "loading",
-                location: redirectLocation,
-                formMethod: undefined,
-                formAction: undefined,
-                formEncType: undefined,
-                formData: undefined
-              },
-              fetcherSubmission: submission,
-              // Preserve this flag across redirects
-              preventScrollReset: pendingPreventScrollReset
-            });
-          case 22:
-            _context8.next = 26;
-            break;
-          case 24:
-            _context8.next = 26;
-            return startNavigation(redirectHistoryAction, redirectLocation, {
-              overrideNavigation: {
-                state: "loading",
-                location: redirectLocation,
-                formMethod: submission ? submission.formMethod : undefined,
-                formAction: submission ? submission.formAction : undefined,
-                formEncType: submission ? submission.formEncType : undefined,
-                formData: submission ? submission.formData : undefined
-              },
-              // Preserve this flag across redirects
-              preventScrollReset: pendingPreventScrollReset
-            });
-          case 26:
-          case "end":
-            return _context8.stop();
-        }
-      }, _callee8);
-    }));
-    return _startRedirectNavigation.apply(this, arguments);
-  }
-  function callLoadersAndMaybeResolveData(_x36, _x37, _x38, _x39, _x40) {
-    return _callLoadersAndMaybeResolveData.apply(this, arguments);
-  }
-  function _callLoadersAndMaybeResolveData() {
-    _callLoadersAndMaybeResolveData = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(currentMatches, matches, matchesToLoad, fetchersToLoad, request) {
-      var results, loaderResults, fetcherResults;
-      return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9) {
-        while (1) switch (_context9.prev = _context9.next) {
-          case 0:
-            _context9.next = 2;
-            return Promise.all([].concat(toConsumableArray_toConsumableArray(matchesToLoad.map(function (match) {
-              return callLoaderOrAction("loader", request, match, matches, manifest, mapRouteProperties, basename);
-            })), toConsumableArray_toConsumableArray(fetchersToLoad.map(function (f) {
-              if (f.matches && f.match && f.controller) {
-                return callLoaderOrAction("loader", createClientSideRequest(init.history, f.path, f.controller.signal), f.match, f.matches, manifest, mapRouteProperties, basename);
-              } else {
-                var _error3 = {
-                  type: ResultType.error,
-                  error: getInternalRouterError(404, {
-                    pathname: f.path
-                  })
-                };
-                return _error3;
-              }
-            }))));
-          case 2:
-            results = _context9.sent;
-            loaderResults = results.slice(0, matchesToLoad.length);
-            fetcherResults = results.slice(matchesToLoad.length);
-            _context9.next = 7;
-            return Promise.all([resolveDeferredResults(currentMatches, matchesToLoad, loaderResults, loaderResults.map(function () {
-              return request.signal;
-            }), false, state.loaderData), resolveDeferredResults(currentMatches, fetchersToLoad.map(function (f) {
-              return f.match;
-            }), fetcherResults, fetchersToLoad.map(function (f) {
-              return f.controller ? f.controller.signal : null;
-            }), true)]);
-          case 7:
-            return _context9.abrupt("return", {
-              results: results,
-              loaderResults: loaderResults,
-              fetcherResults: fetcherResults
-            });
-          case 8:
-          case "end":
-            return _context9.stop();
-        }
-      }, _callee9);
-    }));
-    return _callLoadersAndMaybeResolveData.apply(this, arguments);
-  }
-  function interruptActiveLoads() {
-    var _cancelledDeferredRou;
-    // Every interruption triggers a revalidation
-    isRevalidationRequired = true;
-    // Cancel pending route-level deferreds and mark cancelled routes for
-    // revalidation
-    (_cancelledDeferredRou = cancelledDeferredRoutes).push.apply(_cancelledDeferredRou, toConsumableArray_toConsumableArray(cancelActiveDeferreds()));
-    // Abort in-flight fetcher loads
-    fetchLoadMatches.forEach(function (_, key) {
-      if (fetchControllers.has(key)) {
-        cancelledFetcherLoads.push(key);
-        abortFetcher(key);
-      }
-    });
-  }
-  function setFetcherError(key, routeId, error) {
-    var boundaryMatch = findNearestBoundary(state.matches, routeId);
-    deleteFetcher(key);
-    updateState({
-      errors: defineProperty_defineProperty({}, boundaryMatch.route.id, error),
-      fetchers: new Map(state.fetchers)
-    });
-  }
-  function deleteFetcher(key) {
-    var fetcher = state.fetchers.get(key);
-    // Don't abort the controller if this is a deletion of a fetcher.submit()
-    // in it's loading phase since - we don't want to abort the corresponding
-    // revalidation and want them to complete and land
-    if (fetchControllers.has(key) && !(fetcher && fetcher.state === "loading" && fetchReloadIds.has(key))) {
-      abortFetcher(key);
-    }
-    fetchLoadMatches.delete(key);
-    fetchReloadIds.delete(key);
-    fetchRedirectIds.delete(key);
-    state.fetchers.delete(key);
-  }
-  function abortFetcher(key) {
-    var controller = fetchControllers.get(key);
-    invariant(controller, "Expected fetch controller: " + key);
-    controller.abort();
-    fetchControllers.delete(key);
-  }
-  function markFetchersDone(keys) {
-    var _iterator3 = createForOfIteratorHelper_createForOfIteratorHelper(keys),
-      _step3;
-    try {
-      for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
-        var key = _step3.value;
-        var fetcher = getFetcher(key);
-        var doneFetcher = {
-          state: "idle",
-          data: fetcher.data,
-          formMethod: undefined,
-          formAction: undefined,
-          formEncType: undefined,
-          formData: undefined,
-          " _hasFetcherDoneAnything ": true
-        };
-        state.fetchers.set(key, doneFetcher);
-      }
-    } catch (err) {
-      _iterator3.e(err);
-    } finally {
-      _iterator3.f();
-    }
-  }
-  function markFetchRedirectsDone() {
-    var doneKeys = [];
-    var updatedFetchers = false;
-    var _iterator4 = createForOfIteratorHelper_createForOfIteratorHelper(fetchRedirectIds),
-      _step4;
-    try {
-      for (_iterator4.s(); !(_step4 = _iterator4.n()).done;) {
-        var key = _step4.value;
-        var fetcher = state.fetchers.get(key);
-        invariant(fetcher, "Expected fetcher: " + key);
-        if (fetcher.state === "loading") {
-          fetchRedirectIds.delete(key);
-          doneKeys.push(key);
-          updatedFetchers = true;
-        }
-      }
-    } catch (err) {
-      _iterator4.e(err);
-    } finally {
-      _iterator4.f();
-    }
-    markFetchersDone(doneKeys);
-    return updatedFetchers;
-  }
-  function abortStaleFetchLoads(landedId) {
-    var yeetedKeys = [];
-    var _iterator5 = createForOfIteratorHelper_createForOfIteratorHelper(fetchReloadIds),
-      _step5;
-    try {
-      for (_iterator5.s(); !(_step5 = _iterator5.n()).done;) {
-        var _step5$value = slicedToArray_slicedToArray(_step5.value, 2),
-          key = _step5$value[0],
-          id = _step5$value[1];
-        if (id < landedId) {
-          var fetcher = state.fetchers.get(key);
-          invariant(fetcher, "Expected fetcher: " + key);
-          if (fetcher.state === "loading") {
-            abortFetcher(key);
-            fetchReloadIds.delete(key);
-            yeetedKeys.push(key);
-          }
-        }
-      }
-    } catch (err) {
-      _iterator5.e(err);
-    } finally {
-      _iterator5.f();
-    }
-    markFetchersDone(yeetedKeys);
-    return yeetedKeys.length > 0;
-  }
-  function getBlocker(key, fn) {
-    var blocker = state.blockers.get(key) || IDLE_BLOCKER;
-    if (blockerFunctions.get(key) !== fn) {
-      blockerFunctions.set(key, fn);
-    }
-    return blocker;
-  }
-  function deleteBlocker(key) {
-    state.blockers.delete(key);
-    blockerFunctions.delete(key);
-  }
-  // Utility function to update blockers, ensuring valid state transitions
-  function updateBlocker(key, newBlocker) {
-    var blocker = state.blockers.get(key) || IDLE_BLOCKER;
-    // Poor mans state machine :)
-    // https://mermaid.live/edit#pako:eNqVkc9OwzAMxl8l8nnjAYrEtDIOHEBIgwvKJTReGy3_lDpIqO27k6awMG0XcrLlnz87nwdonESogKXXBuE79rq75XZO3-yHds0RJVuv70YrPlUrCEe2HfrORS3rubqZfuhtpg5C9wk5tZ4VKcRUq88q9Z8RS0-48cE1iHJkL0ugbHuFLus9L6spZy8nX9MP2CNdomVaposqu3fGayT8T8-jJQwhepo_UtpgBQaDEUom04dZhAN1aJBDlUKJBxE1ceB2Smj0Mln-IBW5AFU2dwUiktt_2Qaq2dBfaKdEup85UV7Yd-dKjlnkabl2Pvr0DTkTreM
-    invariant(blocker.state === "unblocked" && newBlocker.state === "blocked" || blocker.state === "blocked" && newBlocker.state === "blocked" || blocker.state === "blocked" && newBlocker.state === "proceeding" || blocker.state === "blocked" && newBlocker.state === "unblocked" || blocker.state === "proceeding" && newBlocker.state === "unblocked", "Invalid blocker state transition: " + blocker.state + " -> " + newBlocker.state);
-    state.blockers.set(key, newBlocker);
-    updateState({
-      blockers: new Map(state.blockers)
-    });
-  }
-  function shouldBlockNavigation(_ref2) {
-    var currentLocation = _ref2.currentLocation,
-      nextLocation = _ref2.nextLocation,
-      historyAction = _ref2.historyAction;
-    if (blockerFunctions.size === 0) {
-      return;
-    }
-    // We ony support a single active blocker at the moment since we don't have
-    // any compelling use cases for multi-blocker yet
-    if (blockerFunctions.size > 1) {
-      warning(false, "A router only supports one blocker at a time");
-    }
-    var entries = Array.from(blockerFunctions.entries());
-    var _entries = slicedToArray_slicedToArray(entries[entries.length - 1], 2),
-      blockerKey = _entries[0],
-      blockerFunction = _entries[1];
-    var blocker = state.blockers.get(blockerKey);
-    if (blocker && blocker.state === "proceeding") {
-      // If the blocker is currently proceeding, we don't need to re-check
-      // it and can let this navigation continue
-      return;
-    }
-    // At this point, we know we're unblocked/blocked so we need to check the
-    // user-provided blocker function
-    if (blockerFunction({
-      currentLocation: currentLocation,
-      nextLocation: nextLocation,
-      historyAction: historyAction
-    })) {
-      return blockerKey;
-    }
-  }
-  function cancelActiveDeferreds(predicate) {
-    var cancelledRouteIds = [];
-    activeDeferreds.forEach(function (dfd, routeId) {
-      if (!predicate || predicate(routeId)) {
-        // Cancel the deferred - but do not remove from activeDeferreds here -
-        // we rely on the subscribers to do that so our tests can assert proper
-        // cleanup via _internalActiveDeferreds
-        dfd.cancel();
-        cancelledRouteIds.push(routeId);
-        activeDeferreds.delete(routeId);
-      }
-    });
-    return cancelledRouteIds;
-  }
-  // Opt in to capturing and reporting scroll positions during navigations,
-  // used by the <ScrollRestoration> component
-  function enableScrollRestoration(positions, getPosition, getKey) {
-    savedScrollPositions = positions;
-    getScrollPosition = getPosition;
-    getScrollRestorationKey = getKey || function (location) {
-      return location.key;
-    };
-    // Perform initial hydration scroll restoration, since we miss the boat on
-    // the initial updateState() because we've not yet rendered <ScrollRestoration/>
-    // and therefore have no savedScrollPositions available
-    if (!initialScrollRestored && state.navigation === IDLE_NAVIGATION) {
-      initialScrollRestored = true;
-      var y = getSavedScrollPosition(state.location, state.matches);
-      if (y != null) {
-        updateState({
-          restoreScrollPosition: y
-        });
-      }
-    }
-    return function () {
-      savedScrollPositions = null;
-      getScrollPosition = null;
-      getScrollRestorationKey = null;
-    };
-  }
-  function saveScrollPosition(location, matches) {
-    if (savedScrollPositions && getScrollRestorationKey && getScrollPosition) {
-      var userMatches = matches.map(function (m) {
-        return createUseMatchesMatch(m, state.loaderData);
-      });
-      var key = getScrollRestorationKey(location, userMatches) || location.key;
-      savedScrollPositions[key] = getScrollPosition();
-    }
-  }
-  function getSavedScrollPosition(location, matches) {
-    if (savedScrollPositions && getScrollRestorationKey && getScrollPosition) {
-      var userMatches = matches.map(function (m) {
-        return createUseMatchesMatch(m, state.loaderData);
-      });
-      var key = getScrollRestorationKey(location, userMatches) || location.key;
-      var y = savedScrollPositions[key];
-      if (typeof y === "number") {
-        return y;
-      }
-    }
-    return null;
-  }
-  function _internalSetRoutes(newRoutes) {
-    manifest = {};
-    inFlightDataRoutes = convertRoutesToDataRoutes(newRoutes, mapRouteProperties, undefined, manifest);
-  }
-  router = {
-    get basename() {
-      return basename;
-    },
-    get state() {
-      return state;
-    },
-    get routes() {
-      return dataRoutes;
-    },
-    initialize: initialize,
-    subscribe: subscribe,
-    enableScrollRestoration: enableScrollRestoration,
-    navigate: navigate,
-    fetch: fetch,
-    revalidate: revalidate,
-    // Passthrough to history-aware createHref used by useHref so we get proper
-    // hash-aware URLs in DOM paths
-    createHref: function createHref(to) {
-      return init.history.createHref(to);
-    },
-    encodeLocation: function encodeLocation(to) {
-      return init.history.encodeLocation(to);
-    },
-    getFetcher: getFetcher,
-    deleteFetcher: deleteFetcher,
-    dispose: dispose,
-    getBlocker: getBlocker,
-    deleteBlocker: deleteBlocker,
-    _internalFetchControllers: fetchControllers,
-    _internalActiveDeferreds: activeDeferreds,
-    // TODO: Remove setRoutes, it's temporary to avoid dealing with
-    // updating the tree while validating the update algorithm.
-    _internalSetRoutes: _internalSetRoutes
-  };
-  return router;
-}
-//#endregion
-////////////////////////////////////////////////////////////////////////////////
-//#region createStaticHandler
-////////////////////////////////////////////////////////////////////////////////
-var UNSAFE_DEFERRED_SYMBOL = Symbol("deferred");
-function createStaticHandler(routes, opts) {
-  invariant(routes.length > 0, "You must provide a non-empty routes array to createStaticHandler");
-  var manifest = {};
-  var basename = (opts ? opts.basename : null) || "/";
-  var mapRouteProperties;
-  if (opts != null && opts.mapRouteProperties) {
-    mapRouteProperties = opts.mapRouteProperties;
-  } else if (opts != null && opts.detectErrorBoundary) {
-    // If they are still using the deprecated version, wrap it with the new API
-    var detectErrorBoundary = opts.detectErrorBoundary;
-    mapRouteProperties = function mapRouteProperties(route) {
-      return {
-        hasErrorBoundary: detectErrorBoundary(route)
-      };
-    };
-  } else {
-    mapRouteProperties = defaultMapRouteProperties;
-  }
-  var dataRoutes = convertRoutesToDataRoutes(routes, mapRouteProperties, undefined, manifest);
-  /**
-   * The query() method is intended for document requests, in which we want to
-   * call an optional action and potentially multiple loaders for all nested
-   * routes.  It returns a StaticHandlerContext object, which is very similar
-   * to the router state (location, loaderData, actionData, errors, etc.) and
-   * also adds SSR-specific information such as the statusCode and headers
-   * from action/loaders Responses.
-   *
-   * It _should_ never throw and should report all errors through the
-   * returned context.errors object, properly associating errors to their error
-   * boundary.  Additionally, it tracks _deepestRenderedBoundaryId which can be
-   * used to emulate React error boundaries during SSr by performing a second
-   * pass only down to the boundaryId.
-   *
-   * The one exception where we do not return a StaticHandlerContext is when a
-   * redirect response is returned or thrown from any action/loader.  We
-   * propagate that out and return the raw Response so the HTTP server can
-   * return it directly.
-   */
-  function query(_x41, _x42) {
-    return _query.apply(this, arguments);
-  }
-  /**
-   * The queryRoute() method is intended for targeted route requests, either
-   * for fetch ?_data requests or resource route requests.  In this case, we
-   * are only ever calling a single action or loader, and we are returning the
-   * returned value directly.  In most cases, this will be a Response returned
-   * from the action/loader, but it may be a primitive or other value as well -
-   * and in such cases the calling context should handle that accordingly.
-   *
-   * We do respect the throw/return differentiation, so if an action/loader
-   * throws, then this method will throw the value.  This is important so we
-   * can do proper boundary identification in Remix where a thrown Response
-   * must go to the Catch Boundary but a returned Response is happy-path.
-   *
-   * One thing to note is that any Router-initiated Errors that make sense
-   * to associate with a status code will be thrown as an ErrorResponse
-   * instance which include the raw Error, such that the calling context can
-   * serialize the error as they see fit while including the proper response
-   * code.  Examples here are 404 and 405 errors that occur prior to reaching
-   * any user-defined loaders.
-   */
-  function _query() {
-    _query = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee10(request, _temp2) {
-      var _ref7, requestContext, url, method, location, matches, error, _getShortCircuitMatch3, methodNotAllowedMatches, route, _error4, _getShortCircuitMatch4, notFoundMatches, _route2, result;
-      return _regeneratorRuntime().wrap(function _callee10$(_context10) {
-        while (1) switch (_context10.prev = _context10.next) {
-          case 0:
-            _ref7 = _temp2 === void 0 ? {} : _temp2, requestContext = _ref7.requestContext;
-            url = new URL(request.url);
-            method = request.method;
-            location = createLocation("", router_createPath(url), null, "default");
-            matches = matchRoutes(dataRoutes, location, basename); // SSR supports HEAD requests while SPA doesn't
-            if (!(!isValidMethod(method) && method !== "HEAD")) {
-              _context10.next = 11;
-              break;
-            }
-            error = getInternalRouterError(405, {
-              method: method
-            });
-            _getShortCircuitMatch3 = getShortCircuitMatches(dataRoutes), methodNotAllowedMatches = _getShortCircuitMatch3.matches, route = _getShortCircuitMatch3.route;
-            return _context10.abrupt("return", {
-              basename: basename,
-              location: location,
-              matches: methodNotAllowedMatches,
-              loaderData: {},
-              actionData: null,
-              errors: _defineProperty({}, route.id, error),
-              statusCode: error.status,
-              loaderHeaders: {},
-              actionHeaders: {},
-              activeDeferreds: null
-            });
-          case 11:
-            if (matches) {
-              _context10.next = 15;
-              break;
-            }
-            _error4 = getInternalRouterError(404, {
-              pathname: location.pathname
-            });
-            _getShortCircuitMatch4 = getShortCircuitMatches(dataRoutes), notFoundMatches = _getShortCircuitMatch4.matches, _route2 = _getShortCircuitMatch4.route;
-            return _context10.abrupt("return", {
-              basename: basename,
-              location: location,
-              matches: notFoundMatches,
-              loaderData: {},
-              actionData: null,
-              errors: _defineProperty({}, _route2.id, _error4),
-              statusCode: _error4.status,
-              loaderHeaders: {},
-              actionHeaders: {},
-              activeDeferreds: null
-            });
-          case 15:
-            _context10.next = 17;
-            return queryImpl(request, location, matches, requestContext);
-          case 17:
-            result = _context10.sent;
-            if (!isResponse(result)) {
-              _context10.next = 20;
-              break;
-            }
-            return _context10.abrupt("return", result);
-          case 20:
-            return _context10.abrupt("return", router_extends({
-              location: location,
-              basename: basename
-            }, result));
-          case 21:
-          case "end":
-            return _context10.stop();
-        }
-      }, _callee10);
-    }));
-    return _query.apply(this, arguments);
-  }
-  function queryRoute(_x43, _x44) {
-    return _queryRoute.apply(this, arguments);
-  }
-  function _queryRoute() {
-    _queryRoute = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee11(request, _temp3) {
-      var _ref8, routeId, requestContext, url, method, location, matches, match, result, error, _result$activeDeferre, data;
-      return _regeneratorRuntime().wrap(function _callee11$(_context11) {
-        while (1) switch (_context11.prev = _context11.next) {
-          case 0:
-            _ref8 = _temp3 === void 0 ? {} : _temp3, routeId = _ref8.routeId, requestContext = _ref8.requestContext;
-            url = new URL(request.url);
-            method = request.method;
-            location = createLocation("", router_createPath(url), null, "default");
-            matches = matchRoutes(dataRoutes, location, basename); // SSR supports HEAD requests while SPA doesn't
-            if (!(!isValidMethod(method) && method !== "HEAD" && method !== "OPTIONS")) {
-              _context11.next = 9;
-              break;
-            }
-            throw getInternalRouterError(405, {
-              method: method
-            });
-          case 9:
-            if (matches) {
-              _context11.next = 11;
-              break;
-            }
-            throw getInternalRouterError(404, {
-              pathname: location.pathname
-            });
-          case 11:
-            match = routeId ? matches.find(function (m) {
-              return m.route.id === routeId;
-            }) : getTargetMatch(matches, location);
-            if (!(routeId && !match)) {
-              _context11.next = 16;
-              break;
-            }
-            throw getInternalRouterError(403, {
-              pathname: location.pathname,
-              routeId: routeId
-            });
-          case 16:
-            if (match) {
-              _context11.next = 18;
-              break;
-            }
-            throw getInternalRouterError(404, {
-              pathname: location.pathname
-            });
-          case 18:
-            _context11.next = 20;
-            return queryImpl(request, location, matches, requestContext, match);
-          case 20:
-            result = _context11.sent;
-            if (!isResponse(result)) {
-              _context11.next = 23;
-              break;
-            }
-            return _context11.abrupt("return", result);
-          case 23:
-            error = result.errors ? Object.values(result.errors)[0] : undefined;
-            if (!(error !== undefined)) {
-              _context11.next = 26;
-              break;
-            }
-            throw error;
-          case 26:
-            if (!result.actionData) {
-              _context11.next = 28;
-              break;
-            }
-            return _context11.abrupt("return", Object.values(result.actionData)[0]);
-          case 28:
-            if (!result.loaderData) {
-              _context11.next = 32;
-              break;
-            }
-            data = Object.values(result.loaderData)[0];
-            if ((_result$activeDeferre = result.activeDeferreds) != null && _result$activeDeferre[match.route.id]) {
-              data[UNSAFE_DEFERRED_SYMBOL] = result.activeDeferreds[match.route.id];
-            }
-            return _context11.abrupt("return", data);
-          case 32:
-            return _context11.abrupt("return", undefined);
-          case 33:
-          case "end":
-            return _context11.stop();
-        }
-      }, _callee11);
-    }));
-    return _queryRoute.apply(this, arguments);
-  }
-  function queryImpl(_x45, _x46, _x47, _x48, _x49) {
-    return _queryImpl.apply(this, arguments);
-  }
-  function _queryImpl() {
-    _queryImpl = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee12(request, location, matches, requestContext, routeMatch) {
-      var _result, result;
-      return _regeneratorRuntime().wrap(function _callee12$(_context12) {
-        while (1) switch (_context12.prev = _context12.next) {
-          case 0:
-            invariant(request.signal, "query()/queryRoute() requests must contain an AbortController signal");
-            _context12.prev = 1;
-            if (!isMutationMethod(request.method.toLowerCase())) {
-              _context12.next = 7;
-              break;
-            }
-            _context12.next = 5;
-            return submit(request, matches, routeMatch || getTargetMatch(matches, location), requestContext, routeMatch != null);
-          case 5:
-            _result = _context12.sent;
-            return _context12.abrupt("return", _result);
-          case 7:
-            _context12.next = 9;
-            return loadRouteData(request, matches, requestContext, routeMatch);
-          case 9:
-            result = _context12.sent;
-            return _context12.abrupt("return", isResponse(result) ? result : router_extends({}, result, {
-              actionData: null,
-              actionHeaders: {}
-            }));
-          case 13:
-            _context12.prev = 13;
-            _context12.t0 = _context12["catch"](1);
-            if (!isQueryRouteResponse(_context12.t0)) {
-              _context12.next = 19;
-              break;
-            }
-            if (!(_context12.t0.type === ResultType.error && !isRedirectResponse(_context12.t0.response))) {
-              _context12.next = 18;
-              break;
-            }
-            throw _context12.t0.response;
-          case 18:
-            return _context12.abrupt("return", _context12.t0.response);
-          case 19:
-            if (!isRedirectResponse(_context12.t0)) {
-              _context12.next = 21;
-              break;
-            }
-            return _context12.abrupt("return", _context12.t0);
-          case 21:
-            throw _context12.t0;
-          case 22:
-          case "end":
-            return _context12.stop();
-        }
-      }, _callee12, null, [[1, 13]]);
-    }));
-    return _queryImpl.apply(this, arguments);
-  }
-  function submit(_x50, _x51, _x52, _x53, _x54) {
-    return _submit.apply(this, arguments);
-  }
-  function _submit() {
-    _submit = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee13(request, matches, actionMatch, requestContext, isRouteRequest) {
-      var result, error, method, _error5, boundaryMatch, _context13, loaderRequest, context;
-      return _regeneratorRuntime().wrap(function _callee13$(_context14) {
-        while (1) switch (_context14.prev = _context14.next) {
-          case 0:
-            if (!(!actionMatch.route.action && !actionMatch.route.lazy)) {
-              _context14.next = 7;
-              break;
-            }
-            error = getInternalRouterError(405, {
-              method: request.method,
-              pathname: new URL(request.url).pathname,
-              routeId: actionMatch.route.id
-            });
-            if (!isRouteRequest) {
-              _context14.next = 4;
-              break;
-            }
-            throw error;
-          case 4:
-            result = {
-              type: ResultType.error,
-              error: error
-            };
-            _context14.next = 13;
-            break;
-          case 7:
-            _context14.next = 9;
-            return callLoaderOrAction("action", request, actionMatch, matches, manifest, mapRouteProperties, basename, true, isRouteRequest, requestContext);
-          case 9:
-            result = _context14.sent;
-            if (!request.signal.aborted) {
-              _context14.next = 13;
-              break;
-            }
-            method = isRouteRequest ? "queryRoute" : "query";
-            throw new Error(method + "() call aborted");
-          case 13:
-            if (!isRedirectResult(result)) {
-              _context14.next = 15;
-              break;
-            }
-            throw new Response(null, {
-              status: result.status,
-              headers: {
-                Location: result.location
-              }
-            });
-          case 15:
-            if (!isDeferredResult(result)) {
-              _context14.next = 20;
-              break;
-            }
-            _error5 = getInternalRouterError(400, {
-              type: "defer-action"
-            });
-            if (!isRouteRequest) {
-              _context14.next = 19;
-              break;
-            }
-            throw _error5;
-          case 19:
-            result = {
-              type: ResultType.error,
-              error: _error5
-            };
-          case 20:
-            if (!isRouteRequest) {
-              _context14.next = 24;
-              break;
-            }
-            if (!isErrorResult(result)) {
-              _context14.next = 23;
-              break;
-            }
-            throw result.error;
-          case 23:
-            return _context14.abrupt("return", {
-              matches: [actionMatch],
-              loaderData: {},
-              actionData: _defineProperty({}, actionMatch.route.id, result.data),
-              errors: null,
-              // Note: statusCode + headers are unused here since queryRoute will
-              // return the raw Response or value
-              statusCode: 200,
-              loaderHeaders: {},
-              actionHeaders: {},
-              activeDeferreds: null
-            });
-          case 24:
-            if (!isErrorResult(result)) {
-              _context14.next = 30;
-              break;
-            }
-            // Store off the pending error - we use it to determine which loaders
-            // to call and will commit it when we complete the navigation
-            boundaryMatch = findNearestBoundary(matches, actionMatch.route.id);
-            _context14.next = 28;
-            return loadRouteData(request, matches, requestContext, undefined, _defineProperty({}, boundaryMatch.route.id, result.error));
-          case 28:
-            _context13 = _context14.sent;
-            return _context14.abrupt("return", router_extends({}, _context13, {
-              statusCode: isRouteErrorResponse(result.error) ? result.error.status : 500,
-              actionData: null,
-              actionHeaders: router_extends({}, result.headers ? _defineProperty({}, actionMatch.route.id, result.headers) : {})
-            }));
-          case 30:
-            // Create a GET request for the loaders
-            loaderRequest = new Request(request.url, {
-              headers: request.headers,
-              redirect: request.redirect,
-              signal: request.signal
-            });
-            _context14.next = 33;
-            return loadRouteData(loaderRequest, matches, requestContext);
-          case 33:
-            context = _context14.sent;
-            return _context14.abrupt("return", router_extends({}, context, result.statusCode ? {
-              statusCode: result.statusCode
-            } : {}, {
-              actionData: _defineProperty({}, actionMatch.route.id, result.data),
-              actionHeaders: router_extends({}, result.headers ? _defineProperty({}, actionMatch.route.id, result.headers) : {})
-            }));
-          case 35:
-          case "end":
-            return _context14.stop();
-        }
-      }, _callee13);
-    }));
-    return _submit.apply(this, arguments);
-  }
-  function loadRouteData(_x55, _x56, _x57, _x58, _x59) {
-    return _loadRouteData.apply(this, arguments);
-  }
-  function _loadRouteData() {
-    _loadRouteData = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime().mark(function _callee14(request, matches, requestContext, routeMatch, pendingActionError) {
-      var isRouteRequest, requestMatches, matchesToLoad, results, method, activeDeferreds, context, executedLoaders;
-      return _regeneratorRuntime().wrap(function _callee14$(_context15) {
-        while (1) switch (_context15.prev = _context15.next) {
-          case 0:
-            isRouteRequest = routeMatch != null; // Short circuit if we have no loaders to run (queryRoute())
-            if (!(isRouteRequest && !(routeMatch != null && routeMatch.route.loader) && !(routeMatch != null && routeMatch.route.lazy))) {
-              _context15.next = 3;
-              break;
-            }
-            throw getInternalRouterError(400, {
-              method: request.method,
-              pathname: new URL(request.url).pathname,
-              routeId: routeMatch == null ? void 0 : routeMatch.route.id
-            });
-          case 3:
-            requestMatches = routeMatch ? [routeMatch] : getLoaderMatchesUntilBoundary(matches, Object.keys(pendingActionError || {})[0]);
-            matchesToLoad = requestMatches.filter(function (m) {
-              return m.route.loader || m.route.lazy;
-            }); // Short circuit if we have no loaders to run (query())
-            if (!(matchesToLoad.length === 0)) {
-              _context15.next = 7;
-              break;
-            }
-            return _context15.abrupt("return", {
-              matches: matches,
-              // Add a null for all matched routes for proper revalidation on the client
-              loaderData: matches.reduce(function (acc, m) {
-                return Object.assign(acc, _defineProperty({}, m.route.id, null));
-              }, {}),
-              errors: pendingActionError || null,
-              statusCode: 200,
-              loaderHeaders: {},
-              activeDeferreds: null
-            });
-          case 7:
-            _context15.next = 9;
-            return Promise.all(_toConsumableArray(matchesToLoad.map(function (match) {
-              return callLoaderOrAction("loader", request, match, matches, manifest, mapRouteProperties, basename, true, isRouteRequest, requestContext);
-            })));
-          case 9:
-            results = _context15.sent;
-            if (!request.signal.aborted) {
-              _context15.next = 13;
-              break;
-            }
-            method = isRouteRequest ? "queryRoute" : "query";
-            throw new Error(method + "() call aborted");
-          case 13:
-            // Process and commit output from loaders
-            activeDeferreds = new Map();
-            context = processRouteLoaderData(matches, matchesToLoad, results, pendingActionError, activeDeferreds); // Add a null for any non-loader matches for proper revalidation on the client
-            executedLoaders = new Set(matchesToLoad.map(function (match) {
-              return match.route.id;
-            }));
-            matches.forEach(function (match) {
-              if (!executedLoaders.has(match.route.id)) {
-                context.loaderData[match.route.id] = null;
-              }
-            });
-            return _context15.abrupt("return", router_extends({}, context, {
-              matches: matches,
-              activeDeferreds: activeDeferreds.size > 0 ? Object.fromEntries(activeDeferreds.entries()) : null
-            }));
-          case 18:
-          case "end":
-            return _context15.stop();
-        }
-      }, _callee14);
-    }));
-    return _loadRouteData.apply(this, arguments);
-  }
-  return {
-    dataRoutes: dataRoutes,
-    query: query,
-    queryRoute: queryRoute
-  };
-}
-//#endregion
-////////////////////////////////////////////////////////////////////////////////
-//#region Helpers
-////////////////////////////////////////////////////////////////////////////////
-/**
- * Given an existing StaticHandlerContext and an error thrown at render time,
- * provide an updated StaticHandlerContext suitable for a second SSR render
- */
-function getStaticContextFromError(routes, context, error) {
-  var newContext = router_extends({}, context, {
-    statusCode: 500,
-    errors: _defineProperty({}, context._deepestRenderedBoundaryId || routes[0].id, error)
-  });
-  return newContext;
-}
-function isSubmissionNavigation(opts) {
-  return opts != null && "formData" in opts;
-}
-function normalizeTo(location, matches, basename, prependBasename, to, fromRouteId, relative) {
-  var contextualMatches;
-  var activeRouteMatch;
-  if (fromRouteId != null && relative !== "path") {
-    // Grab matches up to the calling route so our route-relative logic is
-    // relative to the correct source route.  When using relative:path,
-    // fromRouteId is ignored since that is always relative to the current
-    // location path
-    contextualMatches = [];
-    var _iterator6 = createForOfIteratorHelper_createForOfIteratorHelper(matches),
-      _step6;
-    try {
-      for (_iterator6.s(); !(_step6 = _iterator6.n()).done;) {
-        var match = _step6.value;
-        contextualMatches.push(match);
-        if (match.route.id === fromRouteId) {
-          activeRouteMatch = match;
-          break;
-        }
-      }
-    } catch (err) {
-      _iterator6.e(err);
-    } finally {
-      _iterator6.f();
-    }
-  } else {
-    contextualMatches = matches;
-    activeRouteMatch = matches[matches.length - 1];
-  }
-  // Resolve the relative path
-  var path = router_resolveTo(to ? to : ".", getPathContributingMatches(contextualMatches).map(function (m) {
-    return m.pathnameBase;
-  }), router_stripBasename(location.pathname, basename) || location.pathname, relative === "path");
-  // When `to` is not specified we inherit search/hash from the current
-  // location, unlike when to="." and we just inherit the path.
-  // See https://github.com/remix-run/remix/issues/927
-  if (to == null) {
-    path.search = location.search;
-    path.hash = location.hash;
-  }
-  // Add an ?index param for matched index routes if we don't already have one
-  if ((to == null || to === "" || to === ".") && activeRouteMatch && activeRouteMatch.route.index && !hasNakedIndexQuery(path.search)) {
-    path.search = path.search ? path.search.replace(/^\?/, "?index&") : "?index";
-  }
-  // If we're operating within a basename, prepend it to the pathname.  If
-  // this is a root navigation, then just use the raw basename which allows
-  // the basename to have full control over the presence of a trailing slash
-  // on root actions
-  if (prependBasename && basename !== "/") {
-    path.pathname = path.pathname === "/" ? basename : router_joinPaths([basename, path.pathname]);
-  }
-  return router_createPath(path);
-}
-// Normalize navigation options by converting formMethod=GET formData objects to
-// URLSearchParams so they behave identically to links with query params
-function normalizeNavigateOptions(normalizeFormMethod, isFetcher, path, opts) {
-  // Return location verbatim on non-submission navigations
-  if (!opts || !isSubmissionNavigation(opts)) {
-    return {
-      path: path
-    };
-  }
-  if (opts.formMethod && !isValidMethod(opts.formMethod)) {
-    return {
-      path: path,
-      error: getInternalRouterError(405, {
-        method: opts.formMethod
-      })
-    };
-  }
-  // Create a Submission on non-GET navigations
-  var submission;
-  if (opts.formData) {
-    var formMethod = opts.formMethod || "get";
-    submission = {
-      formMethod: normalizeFormMethod ? formMethod.toUpperCase() : formMethod.toLowerCase(),
-      formAction: stripHashFromPath(path),
-      formEncType: opts && opts.formEncType || "application/x-www-form-urlencoded",
-      formData: opts.formData
-    };
-    if (isMutationMethod(submission.formMethod)) {
-      return {
-        path: path,
-        submission: submission
-      };
-    }
-  }
-  // Flatten submission onto URLSearchParams for GET submissions
-  var parsedPath = parsePath(path);
-  var searchParams = convertFormDataToSearchParams(opts.formData);
-  // On GET navigation submissions we can drop the ?index param from the
-  // resulting location since all loaders will run.  But fetcher GET submissions
-  // only run a single loader so we need to preserve any incoming ?index params
-  if (isFetcher && parsedPath.search && hasNakedIndexQuery(parsedPath.search)) {
-    searchParams.append("index", "");
-  }
-  parsedPath.search = "?" + searchParams;
-  return {
-    path: router_createPath(parsedPath),
-    submission: submission
-  };
-}
-// Filter out all routes below any caught error as they aren't going to
-// render so we don't need to load them
-function getLoaderMatchesUntilBoundary(matches, boundaryId) {
-  var boundaryMatches = matches;
-  if (boundaryId) {
-    var index = matches.findIndex(function (m) {
-      return m.route.id === boundaryId;
-    });
-    if (index >= 0) {
-      boundaryMatches = matches.slice(0, index);
-    }
-  }
-  return boundaryMatches;
-}
-function getMatchesToLoad(history, state, matches, submission, location, isRevalidationRequired, cancelledDeferredRoutes, cancelledFetcherLoads, fetchLoadMatches, routesToUse, basename, pendingActionData, pendingError) {
-  var actionResult = pendingError ? Object.values(pendingError)[0] : pendingActionData ? Object.values(pendingActionData)[0] : undefined;
-  var currentUrl = history.createURL(state.location);
-  var nextUrl = history.createURL(location);
-  // Pick navigation matches that are net-new or qualify for revalidation
-  var boundaryId = pendingError ? Object.keys(pendingError)[0] : undefined;
-  var boundaryMatches = getLoaderMatchesUntilBoundary(matches, boundaryId);
-  var navigationMatches = boundaryMatches.filter(function (match, index) {
-    if (match.route.lazy) {
-      // We haven't loaded this route yet so we don't know if it's got a loader!
-      return true;
-    }
-    if (match.route.loader == null) {
-      return false;
-    }
-    // Always call the loader on new route instances and pending defer cancellations
-    if (isNewLoader(state.loaderData, state.matches[index], match) || cancelledDeferredRoutes.some(function (id) {
-      return id === match.route.id;
-    })) {
-      return true;
-    }
-    // This is the default implementation for when we revalidate.  If the route
-    // provides it's own implementation, then we give them full control but
-    // provide this value so they can leverage it if needed after they check
-    // their own specific use cases
-    var currentRouteMatch = state.matches[index];
-    var nextRouteMatch = match;
-    return shouldRevalidateLoader(match, router_extends({
-      currentUrl: currentUrl,
-      currentParams: currentRouteMatch.params,
-      nextUrl: nextUrl,
-      nextParams: nextRouteMatch.params
-    }, submission, {
-      actionResult: actionResult,
-      defaultShouldRevalidate:
-      // Forced revalidation due to submission, useRevalidator, or X-Remix-Revalidate
-      isRevalidationRequired ||
-      // Clicked the same link, resubmitted a GET form
-      currentUrl.pathname + currentUrl.search === nextUrl.pathname + nextUrl.search ||
-      // Search params affect all loaders
-      currentUrl.search !== nextUrl.search || isNewRouteInstance(currentRouteMatch, nextRouteMatch)
-    }));
-  });
-  // Pick fetcher.loads that need to be revalidated
-  var revalidatingFetchers = [];
-  fetchLoadMatches.forEach(function (f, key) {
-    // Don't revalidate if fetcher won't be present in the subsequent render
-    if (!matches.some(function (m) {
-      return m.route.id === f.routeId;
-    })) {
-      return;
-    }
-    var fetcherMatches = matchRoutes(routesToUse, f.path, basename);
-    // If the fetcher path no longer matches, push it in with null matches so
-    // we can trigger a 404 in callLoadersAndMaybeResolveData
-    if (!fetcherMatches) {
-      revalidatingFetchers.push({
-        key: key,
-        routeId: f.routeId,
-        path: f.path,
-        matches: null,
-        match: null,
-        controller: null
-      });
-      return;
-    }
-    var fetcherMatch = getTargetMatch(fetcherMatches, f.path);
-    if (cancelledFetcherLoads.includes(key)) {
-      revalidatingFetchers.push({
-        key: key,
-        routeId: f.routeId,
-        path: f.path,
-        matches: fetcherMatches,
-        match: fetcherMatch,
-        controller: new AbortController()
-      });
-      return;
-    }
-    // Revalidating fetchers are decoupled from the route matches since they
-    // hit a static href, so they _always_ check shouldRevalidate and the
-    // default is strictly if a revalidation is explicitly required (action
-    // submissions, useRevalidator, X-Remix-Revalidate).
-    var shouldRevalidate = shouldRevalidateLoader(fetcherMatch, router_extends({
-      currentUrl: currentUrl,
-      currentParams: state.matches[state.matches.length - 1].params,
-      nextUrl: nextUrl,
-      nextParams: matches[matches.length - 1].params
-    }, submission, {
-      actionResult: actionResult,
-      // Forced revalidation due to submission, useRevalidator, or X-Remix-Revalidate
-      defaultShouldRevalidate: isRevalidationRequired
-    }));
-    if (shouldRevalidate) {
-      revalidatingFetchers.push({
-        key: key,
-        routeId: f.routeId,
-        path: f.path,
-        matches: fetcherMatches,
-        match: fetcherMatch,
-        controller: new AbortController()
-      });
-    }
-  });
-  return [navigationMatches, revalidatingFetchers];
-}
-function isNewLoader(currentLoaderData, currentMatch, match) {
-  var isNew =
-  // [a] -> [a, b]
-  !currentMatch ||
-  // [a, b] -> [a, c]
-  match.route.id !== currentMatch.route.id;
-  // Handle the case that we don't have data for a re-used route, potentially
-  // from a prior error or from a cancelled pending deferred
-  var isMissingData = currentLoaderData[match.route.id] === undefined;
-  // Always load if this is a net-new route or we don't yet have data
-  return isNew || isMissingData;
-}
-function isNewRouteInstance(currentMatch, match) {
-  var currentPath = currentMatch.route.path;
-  return (
-    // param change for this match, /users/123 -> /users/456
-    currentMatch.pathname !== match.pathname ||
-    // splat param changed, which is not present in match.path
-    // e.g. /files/images/avatar.jpg -> files/finances.xls
-    currentPath != null && currentPath.endsWith("*") && currentMatch.params["*"] !== match.params["*"]
-  );
-}
-function shouldRevalidateLoader(loaderMatch, arg) {
-  if (loaderMatch.route.shouldRevalidate) {
-    var routeChoice = loaderMatch.route.shouldRevalidate(arg);
-    if (typeof routeChoice === "boolean") {
-      return routeChoice;
-    }
-  }
-  return arg.defaultShouldRevalidate;
-}
-/**
- * Execute route.lazy() methods to lazily load route modules (loader, action,
- * shouldRevalidate) and update the routeManifest in place which shares objects
- * with dataRoutes so those get updated as well.
- */
-function loadLazyRouteModule(_x60, _x61, _x62) {
-  return _loadLazyRouteModule.apply(this, arguments);
-}
-function _loadLazyRouteModule() {
-  _loadLazyRouteModule = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(route, mapRouteProperties, manifest) {
-    var lazyRoute, routeToUpdate, routeUpdates, lazyRouteProperty, staticRouteValue, isPropertyStaticallyDefined;
-    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context16) {
-      while (1) switch (_context16.prev = _context16.next) {
-        case 0:
-          if (route.lazy) {
-            _context16.next = 2;
-            break;
-          }
-          return _context16.abrupt("return");
-        case 2:
-          _context16.next = 4;
-          return route.lazy();
-        case 4:
-          lazyRoute = _context16.sent;
-          if (route.lazy) {
-            _context16.next = 7;
-            break;
-          }
-          return _context16.abrupt("return");
-        case 7:
-          routeToUpdate = manifest[route.id];
-          invariant(routeToUpdate, "No route found in manifest");
-          // Update the route in place.  This should be safe because there's no way
-          // we could yet be sitting on this route as we can't get there without
-          // resolving lazy() first.
-          //
-          // This is different than the HMR "update" use-case where we may actively be
-          // on the route being updated.  The main concern boils down to "does this
-          // mutation affect any ongoing navigations or any current state.matches
-          // values?".  If not, it should be safe to update in place.
-          routeUpdates = {};
-          for (lazyRouteProperty in lazyRoute) {
-            staticRouteValue = routeToUpdate[lazyRouteProperty];
-            isPropertyStaticallyDefined = staticRouteValue !== undefined &&
-            // This property isn't static since it should always be updated based
-            // on the route updates
-            lazyRouteProperty !== "hasErrorBoundary";
-            warning(!isPropertyStaticallyDefined, "Route \"" + routeToUpdate.id + "\" has a static property \"" + lazyRouteProperty + "\" " + "defined but its lazy function is also returning a value for this property. " + ("The lazy route property \"" + lazyRouteProperty + "\" will be ignored."));
-            if (!isPropertyStaticallyDefined && !immutableRouteKeys.has(lazyRouteProperty)) {
-              routeUpdates[lazyRouteProperty] = lazyRoute[lazyRouteProperty];
-            }
-          }
-          // Mutate the route with the provided updates.  Do this first so we pass
-          // the updated version to mapRouteProperties
-          Object.assign(routeToUpdate, routeUpdates);
-          // Mutate the `hasErrorBoundary` property on the route based on the route
-          // updates and remove the `lazy` function so we don't resolve the lazy
-          // route again.
-          Object.assign(routeToUpdate, router_extends({}, mapRouteProperties(routeToUpdate), {
-            lazy: undefined
-          }));
-        case 13:
-        case "end":
-          return _context16.stop();
-      }
-    }, _callee15);
-  }));
-  return _loadLazyRouteModule.apply(this, arguments);
-}
-function callLoaderOrAction(_x63, _x64, _x65, _x66, _x67, _x68, _x69, _x70, _x71, _x72) {
-  return _callLoaderOrAction.apply(this, arguments);
-} // Utility method for creating the Request instances for loaders/actions during
-// client-side navigations and fetches.  During SSR we will always have a
-// Request instance from the static handler (query/queryRoute)
-function _callLoaderOrAction() {
-  _callLoaderOrAction = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(type, request, match, matches, manifest, mapRouteProperties, basename, isStaticRequest, isRouteRequest, requestContext) {
-    var resultType, result, onReject, runHandler, handler, values, url, pathname, _url, _pathname, status, location, currentUrl, _url2, isSameBasename, data, contentType, _result$init, _result$init2;
-    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context17) {
-      while (1) switch (_context17.prev = _context17.next) {
-        case 0:
-          if (isStaticRequest === void 0) {
-            isStaticRequest = false;
-          }
-          if (isRouteRequest === void 0) {
-            isRouteRequest = false;
-          }
-          runHandler = function runHandler(handler) {
-            // Setup a promise we can race against so that abort signals short circuit
-            var reject;
-            var abortPromise = new Promise(function (_, r) {
-              return reject = r;
-            });
-            onReject = function onReject() {
-              return reject();
-            };
-            request.signal.addEventListener("abort", onReject);
-            return Promise.race([handler({
-              request: request,
-              params: match.params,
-              context: requestContext
-            }), abortPromise]);
-          };
-          _context17.prev = 3;
-          handler = match.route[type];
-          if (!match.route.lazy) {
-            _context17.next = 31;
-            break;
-          }
-          if (!handler) {
-            _context17.next = 13;
-            break;
-          }
-          _context17.next = 9;
-          return Promise.all([runHandler(handler), loadLazyRouteModule(match.route, mapRouteProperties, manifest)]);
-        case 9:
-          values = _context17.sent;
-          result = values[0];
-          _context17.next = 29;
-          break;
-        case 13:
-          _context17.next = 15;
-          return loadLazyRouteModule(match.route, mapRouteProperties, manifest);
-        case 15:
-          handler = match.route[type];
-          if (!handler) {
-            _context17.next = 22;
-            break;
-          }
-          _context17.next = 19;
-          return runHandler(handler);
-        case 19:
-          result = _context17.sent;
-          _context17.next = 29;
-          break;
-        case 22:
-          if (!(type === "action")) {
-            _context17.next = 28;
-            break;
-          }
-          url = new URL(request.url);
-          pathname = url.pathname + url.search;
-          throw getInternalRouterError(405, {
-            method: request.method,
-            pathname: pathname,
-            routeId: match.route.id
-          });
-        case 28:
-          return _context17.abrupt("return", {
-            type: ResultType.data,
-            data: undefined
-          });
-        case 29:
-          _context17.next = 40;
-          break;
-        case 31:
-          if (handler) {
-            _context17.next = 37;
-            break;
-          }
-          _url = new URL(request.url);
-          _pathname = _url.pathname + _url.search;
-          throw getInternalRouterError(404, {
-            pathname: _pathname
-          });
-        case 37:
-          _context17.next = 39;
-          return runHandler(handler);
-        case 39:
-          result = _context17.sent;
-        case 40:
-          invariant(result !== undefined, "You defined " + (type === "action" ? "an action" : "a loader") + " for route " + ("\"" + match.route.id + "\" but didn't return anything from your `" + type + "` ") + "function. Please return a value or `null`.");
-          _context17.next = 47;
-          break;
-        case 43:
-          _context17.prev = 43;
-          _context17.t0 = _context17["catch"](3);
-          resultType = ResultType.error;
-          result = _context17.t0;
-        case 47:
-          _context17.prev = 47;
-          if (onReject) {
-            request.signal.removeEventListener("abort", onReject);
-          }
-          return _context17.finish(47);
-        case 50:
-          if (!isResponse(result)) {
-            _context17.next = 75;
-            break;
-          }
-          status = result.status; // Process redirects
-          if (!redirectStatusCodes.has(status)) {
-            _context17.next = 60;
-            break;
-          }
-          location = result.headers.get("Location");
-          invariant(location, "Redirects returned/thrown from loaders/actions must have a Location header");
-          // Support relative routing in internal redirects
-          if (!ABSOLUTE_URL_REGEX.test(location)) {
-            location = normalizeTo(new URL(request.url), matches.slice(0, matches.indexOf(match) + 1), basename, true, location);
-          } else if (!isStaticRequest) {
-            // Strip off the protocol+origin for same-origin + same-basename absolute
-            // redirects. If this is a static request, we can let it go back to the
-            // browser as-is
-            currentUrl = new URL(request.url);
-            _url2 = location.startsWith("//") ? new URL(currentUrl.protocol + location) : new URL(location);
-            isSameBasename = router_stripBasename(_url2.pathname, basename) != null;
-            if (_url2.origin === currentUrl.origin && isSameBasename) {
-              location = _url2.pathname + _url2.search + _url2.hash;
-            }
-          }
-          // Don't process redirects in the router during static requests requests.
-          // Instead, throw the Response and let the server handle it with an HTTP
-          // redirect.  We also update the Location header in place in this flow so
-          // basename and relative routing is taken into account
-          if (!isStaticRequest) {
-            _context17.next = 59;
-            break;
-          }
-          result.headers.set("Location", location);
-          throw result;
-        case 59:
-          return _context17.abrupt("return", {
-            type: ResultType.redirect,
-            status: status,
-            location: location,
-            revalidate: result.headers.get("X-Remix-Revalidate") !== null
-          });
-        case 60:
-          if (!isRouteRequest) {
-            _context17.next = 62;
-            break;
-          }
-          throw {
-            type: resultType || ResultType.data,
-            response: result
-          };
-        case 62:
-          contentType = result.headers.get("Content-Type"); // Check between word boundaries instead of startsWith() due to the last
-          // paragraph of https://httpwg.org/specs/rfc9110.html#field.content-type
-          if (!(contentType && /\bapplication\/json\b/.test(contentType))) {
-            _context17.next = 69;
-            break;
-          }
-          _context17.next = 66;
-          return result.json();
-        case 66:
-          data = _context17.sent;
-          _context17.next = 72;
-          break;
-        case 69:
-          _context17.next = 71;
-          return result.text();
-        case 71:
-          data = _context17.sent;
-        case 72:
-          if (!(resultType === ResultType.error)) {
-            _context17.next = 74;
-            break;
-          }
-          return _context17.abrupt("return", {
-            type: resultType,
-            error: new ErrorResponse(status, result.statusText, data),
-            headers: result.headers
-          });
-        case 74:
-          return _context17.abrupt("return", {
-            type: ResultType.data,
-            data: data,
-            statusCode: result.status,
-            headers: result.headers
-          });
-        case 75:
-          if (!(resultType === ResultType.error)) {
-            _context17.next = 77;
-            break;
-          }
-          return _context17.abrupt("return", {
-            type: resultType,
-            error: result
-          });
-        case 77:
-          if (!isDeferredData(result)) {
-            _context17.next = 79;
-            break;
-          }
-          return _context17.abrupt("return", {
-            type: ResultType.deferred,
-            deferredData: result,
-            statusCode: (_result$init = result.init) == null ? void 0 : _result$init.status,
-            headers: ((_result$init2 = result.init) == null ? void 0 : _result$init2.headers) && new Headers(result.init.headers)
-          });
-        case 79:
-          return _context17.abrupt("return", {
-            type: ResultType.data,
-            data: result
-          });
-        case 80:
-        case "end":
-          return _context17.stop();
-      }
-    }, _callee16, null, [[3, 43, 47, 50]]);
-  }));
-  return _callLoaderOrAction.apply(this, arguments);
-}
-function createClientSideRequest(history, location, signal, submission) {
-  var url = history.createURL(stripHashFromPath(location)).toString();
-  var init = {
-    signal: signal
-  };
-  if (submission && isMutationMethod(submission.formMethod)) {
-    var formMethod = submission.formMethod,
-      formEncType = submission.formEncType,
-      formData = submission.formData;
-    // Didn't think we needed this but it turns out unlike other methods, patch
-    // won't be properly normalized to uppercase and results in a 405 error.
-    // See: https://fetch.spec.whatwg.org/#concept-method
-    init.method = formMethod.toUpperCase();
-    init.body = formEncType === "application/x-www-form-urlencoded" ? convertFormDataToSearchParams(formData) : formData;
-  }
-  // Content-Type is inferred (https://fetch.spec.whatwg.org/#dom-request)
-  return new Request(url, init);
-}
-function convertFormDataToSearchParams(formData) {
-  var searchParams = new URLSearchParams();
-  var _iterator7 = createForOfIteratorHelper_createForOfIteratorHelper(formData.entries()),
-    _step7;
-  try {
-    for (_iterator7.s(); !(_step7 = _iterator7.n()).done;) {
-      var _step7$value = slicedToArray_slicedToArray(_step7.value, 2),
-        key = _step7$value[0],
-        value = _step7$value[1];
-      // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#converting-an-entry-list-to-a-list-of-name-value-pairs
-      searchParams.append(key, value instanceof File ? value.name : value);
-    }
-  } catch (err) {
-    _iterator7.e(err);
-  } finally {
-    _iterator7.f();
-  }
-  return searchParams;
-}
-function processRouteLoaderData(matches, matchesToLoad, results, pendingError, activeDeferreds) {
-  // Fill in loaderData/errors from our loaders
-  var loaderData = {};
-  var errors = null;
-  var statusCode;
-  var foundError = false;
-  var loaderHeaders = {};
-  // Process loader results into state.loaderData/state.errors
-  results.forEach(function (result, index) {
-    var id = matchesToLoad[index].route.id;
-    invariant(!isRedirectResult(result), "Cannot handle redirect results in processLoaderData");
-    if (isErrorResult(result)) {
-      // Look upwards from the matched route for the closest ancestor
-      // error boundary, defaulting to the root match
-      var boundaryMatch = findNearestBoundary(matches, id);
-      var error = result.error;
-      // If we have a pending action error, we report it at the highest-route
-      // that throws a loader error, and then clear it out to indicate that
-      // it was consumed
-      if (pendingError) {
-        error = Object.values(pendingError)[0];
-        pendingError = undefined;
-      }
-      errors = errors || {};
-      // Prefer higher error values if lower errors bubble to the same boundary
-      if (errors[boundaryMatch.route.id] == null) {
-        errors[boundaryMatch.route.id] = error;
-      }
-      // Clear our any prior loaderData for the throwing route
-      loaderData[id] = undefined;
-      // Once we find our first (highest) error, we set the status code and
-      // prevent deeper status codes from overriding
-      if (!foundError) {
-        foundError = true;
-        statusCode = isRouteErrorResponse(result.error) ? result.error.status : 500;
-      }
-      if (result.headers) {
-        loaderHeaders[id] = result.headers;
-      }
-    } else {
-      if (isDeferredResult(result)) {
-        activeDeferreds.set(id, result.deferredData);
-        loaderData[id] = result.deferredData.data;
-      } else {
-        loaderData[id] = result.data;
-      }
-      // Error status codes always override success status codes, but if all
-      // loaders are successful we take the deepest status code.
-      if (result.statusCode != null && result.statusCode !== 200 && !foundError) {
-        statusCode = result.statusCode;
-      }
-      if (result.headers) {
-        loaderHeaders[id] = result.headers;
-      }
-    }
-  });
-  // If we didn't consume the pending action error (i.e., all loaders
-  // resolved), then consume it here.  Also clear out any loaderData for the
-  // throwing route
-  if (pendingError) {
-    errors = pendingError;
-    loaderData[Object.keys(pendingError)[0]] = undefined;
-  }
-  return {
-    loaderData: loaderData,
-    errors: errors,
-    statusCode: statusCode || 200,
-    loaderHeaders: loaderHeaders
-  };
-}
-function processLoaderData(state, matches, matchesToLoad, results, pendingError, revalidatingFetchers, fetcherResults, activeDeferreds) {
-  var _processRouteLoaderDa = processRouteLoaderData(matches, matchesToLoad, results, pendingError, activeDeferreds),
-    loaderData = _processRouteLoaderDa.loaderData,
-    errors = _processRouteLoaderDa.errors;
-  // Process results from our revalidating fetchers
-  for (var index = 0; index < revalidatingFetchers.length; index++) {
-    var _revalidatingFetchers = revalidatingFetchers[index],
-      key = _revalidatingFetchers.key,
-      match = _revalidatingFetchers.match,
-      controller = _revalidatingFetchers.controller;
-    invariant(fetcherResults !== undefined && fetcherResults[index] !== undefined, "Did not find corresponding fetcher result");
-    var result = fetcherResults[index];
-    // Process fetcher non-redirect errors
-    if (controller && controller.signal.aborted) {
-      // Nothing to do for aborted fetchers
-      continue;
-    } else if (isErrorResult(result)) {
-      var boundaryMatch = findNearestBoundary(state.matches, match == null ? void 0 : match.route.id);
-      if (!(errors && errors[boundaryMatch.route.id])) {
-        errors = router_extends({}, errors, defineProperty_defineProperty({}, boundaryMatch.route.id, result.error));
-      }
-      state.fetchers.delete(key);
-    } else if (isRedirectResult(result)) {
-      // Should never get here, redirects should get processed above, but we
-      // keep this to type narrow to a success result in the else
-      invariant(false, "Unhandled fetcher revalidation redirect");
-    } else if (isDeferredResult(result)) {
-      // Should never get here, deferred data should be awaited for fetchers
-      // in resolveDeferredResults
-      invariant(false, "Unhandled fetcher deferred data");
-    } else {
-      var doneFetcher = {
-        state: "idle",
-        data: result.data,
-        formMethod: undefined,
-        formAction: undefined,
-        formEncType: undefined,
-        formData: undefined,
-        " _hasFetcherDoneAnything ": true
-      };
-      state.fetchers.set(key, doneFetcher);
-    }
-  }
-  return {
-    loaderData: loaderData,
-    errors: errors
-  };
-}
-function mergeLoaderData(loaderData, newLoaderData, matches, errors) {
-  var mergedLoaderData = router_extends({}, newLoaderData);
-  var _iterator8 = createForOfIteratorHelper_createForOfIteratorHelper(matches),
-    _step8;
-  try {
-    for (_iterator8.s(); !(_step8 = _iterator8.n()).done;) {
-      var match = _step8.value;
-      var id = match.route.id;
-      if (newLoaderData.hasOwnProperty(id)) {
-        if (newLoaderData[id] !== undefined) {
-          mergedLoaderData[id] = newLoaderData[id];
-        }
-      } else if (loaderData[id] !== undefined && match.route.loader) {
-        // Preserve existing keys not included in newLoaderData and where a loader
-        // wasn't removed by HMR
-        mergedLoaderData[id] = loaderData[id];
-      }
-      if (errors && errors.hasOwnProperty(id)) {
-        // Don't keep any loader data below the boundary
-        break;
-      }
-    }
-  } catch (err) {
-    _iterator8.e(err);
-  } finally {
-    _iterator8.f();
-  }
-  return mergedLoaderData;
-}
-// Find the nearest error boundary, looking upwards from the leaf route (or the
-// route specified by routeId) for the closest ancestor error boundary,
-// defaulting to the root match
-function findNearestBoundary(matches, routeId) {
-  var eligibleMatches = routeId ? matches.slice(0, matches.findIndex(function (m) {
-    return m.route.id === routeId;
-  }) + 1) : toConsumableArray_toConsumableArray(matches);
-  return eligibleMatches.reverse().find(function (m) {
-    return m.route.hasErrorBoundary === true;
-  }) || matches[0];
-}
-function getShortCircuitMatches(routes) {
-  // Prefer a root layout route if present, otherwise shim in a route object
-  var route = routes.find(function (r) {
-    return r.index || !r.path || r.path === "/";
-  }) || {
-    id: "__shim-error-route__"
-  };
-  return {
-    matches: [{
-      params: {},
-      pathname: "",
-      pathnameBase: "",
-      route: route
-    }],
-    route: route
-  };
-}
-function getInternalRouterError(status, _temp4) {
-  var _ref11 = _temp4 === void 0 ? {} : _temp4,
-    pathname = _ref11.pathname,
-    routeId = _ref11.routeId,
-    method = _ref11.method,
-    type = _ref11.type;
-  var statusText = "Unknown Server Error";
-  var errorMessage = "Unknown @remix-run/router error";
-  if (status === 400) {
-    statusText = "Bad Request";
-    if (method && pathname && routeId) {
-      errorMessage = "You made a " + method + " request to \"" + pathname + "\" but " + ("did not provide a `loader` for route \"" + routeId + "\", ") + "so there is no way to handle the request.";
-    } else if (type === "defer-action") {
-      errorMessage = "defer() is not supported in actions";
-    }
-  } else if (status === 403) {
-    statusText = "Forbidden";
-    errorMessage = "Route \"" + routeId + "\" does not match URL \"" + pathname + "\"";
-  } else if (status === 404) {
-    statusText = "Not Found";
-    errorMessage = "No route matches URL \"" + pathname + "\"";
-  } else if (status === 405) {
-    statusText = "Method Not Allowed";
-    if (method && pathname && routeId) {
-      errorMessage = "You made a " + method.toUpperCase() + " request to \"" + pathname + "\" but " + ("did not provide an `action` for route \"" + routeId + "\", ") + "so there is no way to handle the request.";
-    } else if (method) {
-      errorMessage = "Invalid request method \"" + method.toUpperCase() + "\"";
-    }
-  }
-  return new ErrorResponse(status || 500, statusText, new Error(errorMessage), true);
-}
-// Find any returned redirect errors, starting from the lowest match
-function findRedirect(results) {
-  for (var i = results.length - 1; i >= 0; i--) {
-    var result = results[i];
-    if (isRedirectResult(result)) {
-      return result;
-    }
-  }
-}
-function stripHashFromPath(path) {
-  var parsedPath = typeof path === "string" ? parsePath(path) : path;
-  return router_createPath(router_extends({}, parsedPath, {
-    hash: ""
-  }));
-}
-function isHashChangeOnly(a, b) {
-  if (a.pathname !== b.pathname || a.search !== b.search) {
-    return false;
-  }
-  if (a.hash === "") {
-    // /page -> /page#hash
-    return b.hash !== "";
-  } else if (a.hash === b.hash) {
-    // /page#hash -> /page#hash
-    return true;
-  } else if (b.hash !== "") {
-    // /page#hash -> /page#other
-    return true;
-  }
-  // If the hash is removed the browser will re-perform a request to the server
-  // /page#hash -> /page
-  return false;
-}
-function isDeferredResult(result) {
-  return result.type === ResultType.deferred;
-}
-function isErrorResult(result) {
-  return result.type === ResultType.error;
-}
-function isRedirectResult(result) {
-  return (result && result.type) === ResultType.redirect;
-}
-function isDeferredData(value) {
-  var deferred = value;
-  return deferred && typeof deferred === "object" && typeof deferred.data === "object" && typeof deferred.subscribe === "function" && typeof deferred.cancel === "function" && typeof deferred.resolveData === "function";
-}
-function isResponse(value) {
-  return value != null && typeof value.status === "number" && typeof value.statusText === "string" && typeof value.headers === "object" && typeof value.body !== "undefined";
-}
-function isRedirectResponse(result) {
-  if (!isResponse(result)) {
-    return false;
-  }
-  var status = result.status;
-  var location = result.headers.get("Location");
-  return status >= 300 && status <= 399 && location != null;
-}
-function isQueryRouteResponse(obj) {
-  return obj && isResponse(obj.response) && (obj.type === ResultType.data || ResultType.error);
-}
-function isValidMethod(method) {
-  return validRequestMethods.has(method.toLowerCase());
-}
-function isMutationMethod(method) {
-  return validMutationMethods.has(method.toLowerCase());
-}
-function resolveDeferredResults(_x73, _x74, _x75, _x76, _x77, _x78) {
-  return _resolveDeferredResults.apply(this, arguments);
-}
-function _resolveDeferredResults() {
-  _resolveDeferredResults = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(currentMatches, matchesToLoad, results, signals, isFetcher, currentLoaderData) {
-    var _loop, index, _ret;
-    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context19) {
-      while (1) switch (_context19.prev = _context19.next) {
-        case 0:
-          _loop = /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _loop(index) {
-            var result, match, currentMatch, isRevalidatingLoader, signal;
-            return regeneratorRuntime_regeneratorRuntime().wrap(function _loop$(_context18) {
-              while (1) switch (_context18.prev = _context18.next) {
-                case 0:
-                  result = results[index];
-                  match = matchesToLoad[index]; // If we don't have a match, then we can have a deferred result to do
-                  // anything with.  This is for revalidating fetchers where the route was
-                  // removed during HMR
-                  if (match) {
-                    _context18.next = 4;
-                    break;
-                  }
-                  return _context18.abrupt("return", "continue");
-                case 4:
-                  currentMatch = currentMatches.find(function (m) {
-                    return m.route.id === match.route.id;
-                  });
-                  isRevalidatingLoader = currentMatch != null && !isNewRouteInstance(currentMatch, match) && (currentLoaderData && currentLoaderData[match.route.id]) !== undefined;
-                  if (!(isDeferredResult(result) && (isFetcher || isRevalidatingLoader))) {
-                    _context18.next = 11;
-                    break;
-                  }
-                  // Note: we do not have to touch activeDeferreds here since we race them
-                  // against the signal in resolveDeferredData and they'll get aborted
-                  // there if needed
-                  signal = signals[index];
-                  invariant(signal, "Expected an AbortSignal for revalidating fetcher deferred result");
-                  _context18.next = 11;
-                  return resolveDeferredData(result, signal, isFetcher).then(function (result) {
-                    if (result) {
-                      results[index] = result || results[index];
-                    }
-                  });
-                case 11:
-                case "end":
-                  return _context18.stop();
-              }
-            }, _loop);
-          });
-          index = 0;
-        case 2:
-          if (!(index < results.length)) {
-            _context19.next = 10;
-            break;
-          }
-          return _context19.delegateYield(_loop(index), "t0", 4);
-        case 4:
-          _ret = _context19.t0;
-          if (!(_ret === "continue")) {
-            _context19.next = 7;
-            break;
-          }
-          return _context19.abrupt("continue", 7);
-        case 7:
-          index++;
-          _context19.next = 2;
-          break;
-        case 10:
-        case "end":
-          return _context19.stop();
-      }
-    }, _callee17);
-  }));
-  return _resolveDeferredResults.apply(this, arguments);
-}
-function resolveDeferredData(_x79, _x80, _x81) {
-  return _resolveDeferredData.apply(this, arguments);
-}
-function _resolveDeferredData() {
-  _resolveDeferredData = asyncToGenerator_asyncToGenerator( /*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(result, signal, unwrap) {
-    var aborted;
-    return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context20) {
-      while (1) switch (_context20.prev = _context20.next) {
-        case 0:
-          if (unwrap === void 0) {
-            unwrap = false;
-          }
-          _context20.next = 3;
-          return result.deferredData.resolveData(signal);
-        case 3:
-          aborted = _context20.sent;
-          if (!aborted) {
-            _context20.next = 6;
-            break;
-          }
-          return _context20.abrupt("return");
-        case 6:
-          if (!unwrap) {
-            _context20.next = 14;
-            break;
-          }
-          _context20.prev = 7;
-          return _context20.abrupt("return", {
-            type: ResultType.data,
-            data: result.deferredData.unwrappedData
-          });
-        case 11:
-          _context20.prev = 11;
-          _context20.t0 = _context20["catch"](7);
-          return _context20.abrupt("return", {
-            type: ResultType.error,
-            error: _context20.t0
-          });
-        case 14:
-          return _context20.abrupt("return", {
-            type: ResultType.data,
-            data: result.deferredData.data
-          });
-        case 15:
-        case "end":
-          return _context20.stop();
-      }
-    }, _callee18, null, [[7, 11]]);
-  }));
-  return _resolveDeferredData.apply(this, arguments);
-}
-function hasNakedIndexQuery(search) {
-  return new URLSearchParams(search).getAll("index").some(function (v) {
-    return v === "";
-  });
-}
-// Note: This should match the format exported by useMatches, so if you change
-// this please also change that :)  Eventually we'll DRY this up
-function createUseMatchesMatch(match, loaderData) {
-  var route = match.route,
-    pathname = match.pathname,
-    params = match.params;
-  return {
-    id: route.id,
-    pathname: pathname,
-    params: params,
-    data: loaderData[route.id],
-    handle: route.handle
-  };
-}
-function getTargetMatch(matches, location) {
-  var search = typeof location === "string" ? parsePath(location).search : location.search;
-  if (matches[matches.length - 1].route.index && hasNakedIndexQuery(search || "")) {
-    // Return the leaf index route when index is present
-    return matches[matches.length - 1];
-  }
-  // Otherwise grab the deepest "path contributing" match (ignoring index and
-  // pathless layout routes)
-  var pathMatches = getPathContributingMatches(matches);
-  return pathMatches[pathMatches.length - 1];
-}
-//#endregion
-
-
-;// CONCATENATED MODULE: ./node_modules/react-router/dist/index.js
-
-
-
-
-
-
-/**
- * React Router v6.12.1
- *
- * Copyright (c) Remix Software Inc.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE.md file in the root directory of this source tree.
- *
- * @license MIT
- */
-
-
-
-function dist_extends() {
-  dist_extends = Object.assign ? Object.assign.bind() : function (target) {
-    for (var i = 1; i < arguments.length; i++) {
-      var source = arguments[i];
-      for (var key in source) {
-        if (Object.prototype.hasOwnProperty.call(source, key)) {
-          target[key] = source[key];
-        }
-      }
-    }
-    return target;
-  };
-  return dist_extends.apply(this, arguments);
-}
-
-// Create react-specific types from the agnostic types in @remix-run/router to
-// export from react-router
-var DataRouterContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-var DataRouterStateContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-var AwaitContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-
-/**
- * A Navigator is a "location changer"; it's how you get to different locations.
- *
- * Every history instance conforms to the Navigator interface, but the
- * distinction is useful primarily when it comes to the low-level <Router> API
- * where both the location and a navigator must be provided separately in order
- * to avoid "tearing" that may occur in a suspense-enabled app if the action
- * and/or location were to be read directly from the history instance.
- */
-
-var NavigationContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-var LocationContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-var RouteContext = /*#__PURE__*/react.createContext({
-  outlet: null,
-  matches: [],
-  isDataRoute: false
-});
-if (false) {}
-var RouteErrorContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-
-/**
- * Returns the full href for the given "to" value. This is useful for building
- * custom links that are also accessible and preserve right-click behavior.
- *
- * @see https://reactrouter.com/hooks/use-href
- */
-function useHref(to, _temp) {
-  var _ref9 = _temp === void 0 ? {} : _temp,
-    relative = _ref9.relative;
-  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
-  var _React$useContext = react.useContext(NavigationContext),
-    basename = _React$useContext.basename,
-    navigator = _React$useContext.navigator;
-  var _useResolvedPath = dist_useResolvedPath(to, {
-      relative: relative
-    }),
-    hash = _useResolvedPath.hash,
-    pathname = _useResolvedPath.pathname,
-    search = _useResolvedPath.search;
-  var joinedPathname = pathname;
-
-  // If we're operating within a basename, prepend it to the pathname prior
-  // to creating the href.  If this is a root navigation, then just use the raw
-  // basename which allows the basename to have full control over the presence
-  // of a trailing slash on root links
-  if (basename !== "/") {
-    joinedPathname = pathname === "/" ? basename : router_joinPaths([basename, pathname]);
-  }
-  return navigator.createHref({
-    pathname: joinedPathname,
-    search: search,
-    hash: hash
-  });
-}
-
-/**
- * Returns true if this component is a descendant of a <Router>.
- *
- * @see https://reactrouter.com/hooks/use-in-router-context
- */
-function useInRouterContext() {
-  return react.useContext(LocationContext) != null;
-}
-
-/**
- * Returns the current location object, which represents the current URL in web
- * browsers.
- *
- * Note: If you're using this it may mean you're doing some of your own
- * "routing" in your app, and we'd like to know what your use case is. We may
- * be able to provide something higher-level to better suit your needs.
- *
- * @see https://reactrouter.com/hooks/use-location
- */
-function dist_useLocation() {
-  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
-  return react.useContext(LocationContext).location;
-}
-
-/**
- * Returns the current navigation action which describes how the router came to
- * the current location, either by a pop, push, or replace on the history stack.
- *
- * @see https://reactrouter.com/hooks/use-navigation-type
- */
-function useNavigationType() {
-  return React.useContext(LocationContext).navigationType;
-}
-
-/**
- * Returns a PathMatch object if the given pattern matches the current URL.
- * This is useful for components that need to know "active" state, e.g.
- * <NavLink>.
- *
- * @see https://reactrouter.com/hooks/use-match
- */
-function useMatch(pattern) {
-  !useInRouterContext() ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  var _useLocation = dist_useLocation(),
-    pathname = _useLocation.pathname;
-  return React.useMemo(function () {
-    return matchPath(pattern, pathname);
-  }, [pathname, pattern]);
-}
-
-/**
- * The interface for the navigate() function returned from useNavigate().
- */
-
-var navigateEffectWarning = (/* unused pure expression or super */ null && ("You should call navigate() in a React.useEffect(), not when " + "your component is first rendered."));
-
-// Mute warnings for calls to useNavigate in SSR environments
-function useIsomorphicLayoutEffect(cb) {
-  var isStatic = react.useContext(NavigationContext).static;
-  if (!isStatic) {
-    // We should be able to get rid of this once react 18.3 is released
-    // See: https://github.com/facebook/react/pull/26395
-    // eslint-disable-next-line react-hooks/rules-of-hooks
-    react.useLayoutEffect(cb);
-  }
-}
-
-/**
- * Returns an imperative method for changing the location. Used by <Link>s, but
- * may also be used by other elements to change the location.
- *
- * @see https://reactrouter.com/hooks/use-navigate
- */
-function dist_useNavigate() {
-  var _React$useContext2 = react.useContext(RouteContext),
-    isDataRoute = _React$useContext2.isDataRoute;
-  // Conditional usage is OK here because the usage of a data router is static
-  // eslint-disable-next-line react-hooks/rules-of-hooks
-  return isDataRoute ? useNavigateStable() : useNavigateUnstable();
-}
-function useNavigateUnstable() {
-  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
-  var dataRouterContext = react.useContext(DataRouterContext);
-  var _React$useContext3 = react.useContext(NavigationContext),
-    basename = _React$useContext3.basename,
-    navigator = _React$useContext3.navigator;
-  var _React$useContext4 = react.useContext(RouteContext),
-    matches = _React$useContext4.matches;
-  var _useLocation2 = dist_useLocation(),
-    locationPathname = _useLocation2.pathname;
-  var routePathnamesJson = JSON.stringify(getPathContributingMatches(matches).map(function (match) {
-    return match.pathnameBase;
-  }));
-  var activeRef = react.useRef(false);
-  useIsomorphicLayoutEffect(function () {
-    activeRef.current = true;
-  });
-  var navigate = react.useCallback(function (to, options) {
-    if (options === void 0) {
-      options = {};
-    }
-     false ? 0 : void 0;
-
-    // Short circuit here since if this happens on first render the navigate
-    // is useless because we haven't wired up our history listener yet
-    if (!activeRef.current) return;
-    if (typeof to === "number") {
-      navigator.go(to);
-      return;
-    }
-    var path = router_resolveTo(to, JSON.parse(routePathnamesJson), locationPathname, options.relative === "path");
-
-    // If we're operating within a basename, prepend it to the pathname prior
-    // to handing off to history (but only if we're not in a data router,
-    // otherwise it'll prepend the basename inside of the router).
-    // If this is a root navigation, then we navigate to the raw basename
-    // which allows the basename to have full control over the presence of a
-    // trailing slash on root links
-    if (dataRouterContext == null && basename !== "/") {
-      path.pathname = path.pathname === "/" ? basename : router_joinPaths([basename, path.pathname]);
-    }
-    (!!options.replace ? navigator.replace : navigator.push)(path, options.state, options);
-  }, [basename, navigator, routePathnamesJson, locationPathname, dataRouterContext]);
-  return navigate;
-}
-var OutletContext = /*#__PURE__*/react.createContext(null);
-
-/**
- * Returns the context (if provided) for the child route at this level of the route
- * hierarchy.
- * @see https://reactrouter.com/hooks/use-outlet-context
- */
-function useOutletContext() {
-  return react.useContext(OutletContext);
-}
-
-/**
- * Returns the element for the child route at this level of the route
- * hierarchy. Used internally by <Outlet> to render child routes.
- *
- * @see https://reactrouter.com/hooks/use-outlet
- */
-function useOutlet(context) {
-  var outlet = react.useContext(RouteContext).outlet;
-  if (outlet) {
-    return /*#__PURE__*/react.createElement(OutletContext.Provider, {
-      value: context
-    }, outlet);
-  }
-  return outlet;
-}
-
-/**
- * Returns an object of key/value pairs of the dynamic params from the current
- * URL that were matched by the route path.
- *
- * @see https://reactrouter.com/hooks/use-params
- */
-function useParams() {
-  var _React$useContext5 = react.useContext(RouteContext),
-    matches = _React$useContext5.matches;
-  var routeMatch = matches[matches.length - 1];
-  return routeMatch ? routeMatch.params : {};
-}
-
-/**
- * Resolves the pathname of the given `to` value against the current location.
- *
- * @see https://reactrouter.com/hooks/use-resolved-path
- */
-function dist_useResolvedPath(to, _temp2) {
-  var _ref10 = _temp2 === void 0 ? {} : _temp2,
-    relative = _ref10.relative;
-  var _React$useContext6 = react.useContext(RouteContext),
-    matches = _React$useContext6.matches;
-  var _useLocation3 = dist_useLocation(),
-    locationPathname = _useLocation3.pathname;
-  var routePathnamesJson = JSON.stringify(getPathContributingMatches(matches).map(function (match) {
-    return match.pathnameBase;
-  }));
-  return react.useMemo(function () {
-    return router_resolveTo(to, JSON.parse(routePathnamesJson), locationPathname, relative === "path");
-  }, [to, routePathnamesJson, locationPathname, relative]);
-}
-
-/**
- * Returns the element of the route that matched the current location, prepared
- * with the correct context to render the remainder of the route tree. Route
- * elements in the tree must render an <Outlet> to render their child route's
- * element.
- *
- * @see https://reactrouter.com/hooks/use-routes
- */
-function useRoutes(routes, locationArg) {
-  return useRoutesImpl(routes, locationArg);
-}
-
-// Internal implementation with accept optional param for RouterProvider usage
-function useRoutesImpl(routes, locationArg, dataRouterState) {
-  !useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
-  var _React$useContext7 = react.useContext(NavigationContext),
-    navigator = _React$useContext7.navigator;
-  var _React$useContext8 = react.useContext(RouteContext),
-    parentMatches = _React$useContext8.matches;
-  var routeMatch = parentMatches[parentMatches.length - 1];
-  var parentParams = routeMatch ? routeMatch.params : {};
-  var parentPathname = routeMatch ? routeMatch.pathname : "/";
-  var parentPathnameBase = routeMatch ? routeMatch.pathnameBase : "/";
-  var parentRoute = routeMatch && routeMatch.route;
-  if (false) { var parentPath; }
-  var locationFromContext = dist_useLocation();
-  var location;
-  if (locationArg) {
-    var _parsedLocationArg$pa;
-    var parsedLocationArg = typeof locationArg === "string" ? parsePath(locationArg) : locationArg;
-    !(parentPathnameBase === "/" || ((_parsedLocationArg$pa = parsedLocationArg.pathname) == null ? void 0 : _parsedLocationArg$pa.startsWith(parentPathnameBase))) ?  false ? 0 : invariant(false) : void 0;
-    location = parsedLocationArg;
-  } else {
-    location = locationFromContext;
-  }
-  var pathname = location.pathname || "/";
-  var remainingPathname = parentPathnameBase === "/" ? pathname : pathname.slice(parentPathnameBase.length) || "/";
-  var matches = matchRoutes(routes, {
-    pathname: remainingPathname
-  });
-  if (false) {}
-  var renderedMatches = _renderMatches(matches && matches.map(function (match) {
-    return Object.assign({}, match, {
-      params: Object.assign({}, parentParams, match.params),
-      pathname: router_joinPaths([parentPathnameBase,
-      // Re-encode pathnames that were decoded inside matchRoutes
-      navigator.encodeLocation ? navigator.encodeLocation(match.pathname).pathname : match.pathname]),
-      pathnameBase: match.pathnameBase === "/" ? parentPathnameBase : router_joinPaths([parentPathnameBase,
-      // Re-encode pathnames that were decoded inside matchRoutes
-      navigator.encodeLocation ? navigator.encodeLocation(match.pathnameBase).pathname : match.pathnameBase])
-    });
-  }), parentMatches, dataRouterState);
-
-  // When a user passes in a `locationArg`, the associated routes need to
-  // be wrapped in a new `LocationContext.Provider` in order for `useLocation`
-  // to use the scoped location instead of the global location.
-  if (locationArg && renderedMatches) {
-    return /*#__PURE__*/react.createElement(LocationContext.Provider, {
-      value: {
-        location: dist_extends({
-          pathname: "/",
-          search: "",
-          hash: "",
-          state: null,
-          key: "default"
-        }, location),
-        navigationType: Action.Pop
-      }
-    }, renderedMatches);
-  }
-  return renderedMatches;
-}
-function DefaultErrorComponent() {
-  var error = useRouteError();
-  var message = isRouteErrorResponse(error) ? error.status + " " + error.statusText : error instanceof Error ? error.message : JSON.stringify(error);
-  var stack = error instanceof Error ? error.stack : null;
-  var lightgrey = "rgba(200,200,200, 0.5)";
-  var preStyles = {
-    padding: "0.5rem",
-    backgroundColor: lightgrey
-  };
-  var codeStyles = {
-    padding: "2px 4px",
-    backgroundColor: lightgrey
-  };
-  var devInfo = null;
-  if (false) {}
-  return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement("h2", null, "Unexpected Application Error!"), /*#__PURE__*/react.createElement("h3", {
-    style: {
-      fontStyle: "italic"
-    }
-  }, message), stack ? /*#__PURE__*/react.createElement("pre", {
-    style: preStyles
-  }, stack) : null, devInfo);
-}
-var defaultErrorElement = /*#__PURE__*/react.createElement(DefaultErrorComponent, null);
-var RenderErrorBoundary = /*#__PURE__*/function (_React$Component) {
-  _inherits(RenderErrorBoundary, _React$Component);
-  var _super = _createSuper(RenderErrorBoundary);
-  function RenderErrorBoundary(props) {
-    var _this;
-    classCallCheck_classCallCheck(this, RenderErrorBoundary);
-    _this = _super.call(this, props);
-    _this.state = {
-      location: props.location,
-      revalidation: props.revalidation,
-      error: props.error
-    };
-    return _this;
-  }
-  createClass_createClass(RenderErrorBoundary, [{
-    key: "componentDidCatch",
-    value: function componentDidCatch(error, errorInfo) {
-      console.error("React Router caught the following error during render", error, errorInfo);
-    }
-  }, {
-    key: "render",
-    value: function render() {
-      return this.state.error ? /*#__PURE__*/react.createElement(RouteContext.Provider, {
-        value: this.props.routeContext
-      }, /*#__PURE__*/react.createElement(RouteErrorContext.Provider, {
-        value: this.state.error,
-        children: this.props.component
-      })) : this.props.children;
-    }
-  }], [{
-    key: "getDerivedStateFromError",
-    value: function getDerivedStateFromError(error) {
-      return {
-        error: error
-      };
-    }
-  }, {
-    key: "getDerivedStateFromProps",
-    value: function getDerivedStateFromProps(props, state) {
-      // When we get into an error state, the user will likely click "back" to the
-      // previous page that didn't have an error. Because this wraps the entire
-      // application, that will have no effect--the error page continues to display.
-      // This gives us a mechanism to recover from the error when the location changes.
-      //
-      // Whether we're in an error state or not, we update the location in state
-      // so that when we are in an error state, it gets reset when a new location
-      // comes in and the user recovers from the error.
-      if (state.location !== props.location || state.revalidation !== "idle" && props.revalidation === "idle") {
-        return {
-          error: props.error,
-          location: props.location,
-          revalidation: props.revalidation
-        };
-      }
-
-      // If we're not changing locations, preserve the location but still surface
-      // any new errors that may come through. We retain the existing error, we do
-      // this because the error provided from the app state may be cleared without
-      // the location changing.
-      return {
-        error: props.error || state.error,
-        location: state.location,
-        revalidation: props.revalidation || state.revalidation
-      };
-    }
-  }]);
-  return RenderErrorBoundary;
-}(react.Component);
-function RenderedRoute(_ref) {
-  var routeContext = _ref.routeContext,
-    match = _ref.match,
-    children = _ref.children;
-  var dataRouterContext = react.useContext(DataRouterContext);
-
-  // Track how deep we got in our render pass to emulate SSR componentDidCatch
-  // in a DataStaticRouter
-  if (dataRouterContext && dataRouterContext.static && dataRouterContext.staticContext && (match.route.errorElement || match.route.ErrorBoundary)) {
-    dataRouterContext.staticContext._deepestRenderedBoundaryId = match.route.id;
-  }
-  return /*#__PURE__*/react.createElement(RouteContext.Provider, {
-    value: routeContext
-  }, children);
-}
-function _renderMatches(matches, parentMatches, dataRouterState) {
-  var _dataRouterState2;
-  if (parentMatches === void 0) {
-    parentMatches = [];
-  }
-  if (dataRouterState === void 0) {
-    dataRouterState = null;
-  }
-  if (matches == null) {
-    var _dataRouterState;
-    if ((_dataRouterState = dataRouterState) != null && _dataRouterState.errors) {
-      // Don't bail if we have data router errors so we can render them in the
-      // boundary.  Use the pre-matched (or shimmed) matches
-      matches = dataRouterState.matches;
-    } else {
-      return null;
-    }
-  }
-  var renderedMatches = matches;
-
-  // If we have data errors, trim matches to the highest error boundary
-  var errors = (_dataRouterState2 = dataRouterState) == null ? void 0 : _dataRouterState2.errors;
-  if (errors != null) {
-    var errorIndex = renderedMatches.findIndex(function (m) {
-      return m.route.id && (errors == null ? void 0 : errors[m.route.id]);
-    });
-    !(errorIndex >= 0) ?  false ? 0 : invariant(false) : void 0;
-    renderedMatches = renderedMatches.slice(0, Math.min(renderedMatches.length, errorIndex + 1));
-  }
-  return renderedMatches.reduceRight(function (outlet, match, index) {
-    var error = match.route.id ? errors == null ? void 0 : errors[match.route.id] : null;
-    // Only data routers handle errors
-    var errorElement = null;
-    if (dataRouterState) {
-      errorElement = match.route.errorElement || defaultErrorElement;
-    }
-    var matches = parentMatches.concat(renderedMatches.slice(0, index + 1));
-    var getChildren = function getChildren() {
-      var children;
-      if (error) {
-        children = errorElement;
-      } else if (match.route.Component) {
-        // Note: This is a de-optimized path since React won't re-use the
-        // ReactElement since it's identity changes with each new
-        // React.createElement call.  We keep this so folks can use
-        // `<Route Component={...}>` in `<Routes>` but generally `Component`
-        // usage is only advised in `RouterProvider` when we can convert it to
-        // `element` ahead of time.
-        children = /*#__PURE__*/react.createElement(match.route.Component, null);
-      } else if (match.route.element) {
-        children = match.route.element;
-      } else {
-        children = outlet;
-      }
-      return /*#__PURE__*/react.createElement(RenderedRoute, {
-        match: match,
-        routeContext: {
-          outlet: outlet,
-          matches: matches,
-          isDataRoute: dataRouterState != null
-        },
-        children: children
-      });
-    };
-    // Only wrap in an error boundary within data router usages when we have an
-    // ErrorBoundary/errorElement on this route.  Otherwise let it bubble up to
-    // an ancestor ErrorBoundary/errorElement
-    return dataRouterState && (match.route.ErrorBoundary || match.route.errorElement || index === 0) ? /*#__PURE__*/react.createElement(RenderErrorBoundary, {
-      location: dataRouterState.location,
-      revalidation: dataRouterState.revalidation,
-      component: errorElement,
-      error: error,
-      children: getChildren(),
-      routeContext: {
-        outlet: null,
-        matches: matches,
-        isDataRoute: true
-      }
-    }) : getChildren();
-  }, null);
-}
-var DataRouterHook;
-(function (DataRouterHook) {
-  DataRouterHook["UseBlocker"] = "useBlocker";
-  DataRouterHook["UseRevalidator"] = "useRevalidator";
-  DataRouterHook["UseNavigateStable"] = "useNavigate";
-})(DataRouterHook || (DataRouterHook = {}));
-var DataRouterStateHook;
-(function (DataRouterStateHook) {
-  DataRouterStateHook["UseBlocker"] = "useBlocker";
-  DataRouterStateHook["UseLoaderData"] = "useLoaderData";
-  DataRouterStateHook["UseActionData"] = "useActionData";
-  DataRouterStateHook["UseRouteError"] = "useRouteError";
-  DataRouterStateHook["UseNavigation"] = "useNavigation";
-  DataRouterStateHook["UseRouteLoaderData"] = "useRouteLoaderData";
-  DataRouterStateHook["UseMatches"] = "useMatches";
-  DataRouterStateHook["UseRevalidator"] = "useRevalidator";
-  DataRouterStateHook["UseNavigateStable"] = "useNavigate";
-  DataRouterStateHook["UseRouteId"] = "useRouteId";
-})(DataRouterStateHook || (DataRouterStateHook = {}));
-function getDataRouterConsoleError(hookName) {
-  return hookName + " must be used within a data router.  See https://reactrouter.com/routers/picking-a-router.";
-}
-function useDataRouterContext(hookName) {
-  var ctx = react.useContext(DataRouterContext);
-  !ctx ?  false ? 0 : invariant(false) : void 0;
-  return ctx;
-}
-function useDataRouterState(hookName) {
-  var state = react.useContext(DataRouterStateContext);
-  !state ?  false ? 0 : invariant(false) : void 0;
-  return state;
-}
-function useRouteContext(hookName) {
-  var route = react.useContext(RouteContext);
-  !route ?  false ? 0 : invariant(false) : void 0;
-  return route;
-}
-
-// Internal version with hookName-aware debugging
-function useCurrentRouteId(hookName) {
-  var route = useRouteContext(hookName);
-  var thisRoute = route.matches[route.matches.length - 1];
-  !thisRoute.route.id ?  false ? 0 : invariant(false) : void 0;
-  return thisRoute.route.id;
-}
-
-/**
- * Returns the ID for the nearest contextual route
- */
-function useRouteId() {
-  return useCurrentRouteId(DataRouterStateHook.UseRouteId);
-}
-
-/**
- * Returns the current navigation, defaulting to an "idle" navigation when
- * no navigation is in progress
- */
-function dist_useNavigation() {
-  var state = useDataRouterState(DataRouterStateHook.UseNavigation);
-  return state.navigation;
-}
-
-/**
- * Returns a revalidate function for manually triggering revalidation, as well
- * as the current state of any manual revalidations
- */
-function useRevalidator() {
-  var dataRouterContext = useDataRouterContext(DataRouterHook.UseRevalidator);
-  var state = useDataRouterState(DataRouterStateHook.UseRevalidator);
-  return {
-    revalidate: dataRouterContext.router.revalidate,
-    state: state.revalidation
-  };
-}
-
-/**
- * Returns the active route matches, useful for accessing loaderData for
- * parent/child routes or the route "handle" property
- */
-function dist_useMatches() {
-  var _useDataRouterState = useDataRouterState(DataRouterStateHook.UseMatches),
-    matches = _useDataRouterState.matches,
-    loaderData = _useDataRouterState.loaderData;
-  return React.useMemo(function () {
-    return matches.map(function (match) {
-      var pathname = match.pathname,
-        params = match.params;
-      // Note: This structure matches that created by createUseMatchesMatch
-      // in the @remix-run/router , so if you change this please also change
-      // that :)  Eventually we'll DRY this up
-      return {
-        id: match.route.id,
-        pathname: pathname,
-        params: params,
-        data: loaderData[match.route.id],
-        handle: match.route.handle
-      };
-    });
-  }, [matches, loaderData]);
-}
-
-/**
- * Returns the loader data for the nearest ancestor Route loader
- */
-function useLoaderData() {
-  var state = useDataRouterState(DataRouterStateHook.UseLoaderData);
-  var routeId = useCurrentRouteId(DataRouterStateHook.UseLoaderData);
-  if (state.errors && state.errors[routeId] != null) {
-    console.error("You cannot `useLoaderData` in an errorElement (routeId: " + routeId + ")");
-    return undefined;
-  }
-  return state.loaderData[routeId];
-}
-
-/**
- * Returns the loaderData for the given routeId
- */
-function useRouteLoaderData(routeId) {
-  var state = useDataRouterState(DataRouterStateHook.UseRouteLoaderData);
-  return state.loaderData[routeId];
-}
-
-/**
- * Returns the action data for the nearest ancestor Route action
- */
-function useActionData() {
-  var state = useDataRouterState(DataRouterStateHook.UseActionData);
-  var route = React.useContext(RouteContext);
-  !route ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  return Object.values((state == null ? void 0 : state.actionData) || {})[0];
-}
-
-/**
- * Returns the nearest ancestor Route error, which could be a loader/action
- * error or a render error.  This is intended to be called from your
- * ErrorBoundary/errorElement to display a proper error message.
- */
-function useRouteError() {
-  var _state$errors;
-  var error = react.useContext(RouteErrorContext);
-  var state = useDataRouterState(DataRouterStateHook.UseRouteError);
-  var routeId = useCurrentRouteId(DataRouterStateHook.UseRouteError);
-
-  // If this was a render error, we put it in a RouteError context inside
-  // of RenderErrorBoundary
-  if (error) {
-    return error;
-  }
-
-  // Otherwise look for errors from our data router state
-  return (_state$errors = state.errors) == null ? void 0 : _state$errors[routeId];
-}
-
-/**
- * Returns the happy-path data from the nearest ancestor <Await /> value
- */
-function useAsyncValue() {
-  var value = React.useContext(AwaitContext);
-  return value == null ? void 0 : value._data;
-}
-
-/**
- * Returns the error from the nearest ancestor <Await /> value
- */
-function useAsyncError() {
-  var value = React.useContext(AwaitContext);
-  return value == null ? void 0 : value._error;
-}
-var blockerId = 0;
-
-/**
- * Allow the application to block navigations within the SPA and present the
- * user a confirmation dialog to confirm the navigation.  Mostly used to avoid
- * using half-filled form data.  This does not handle hard-reloads or
- * cross-origin navigations.
- */
-function useBlocker(shouldBlock) {
-  var _useDataRouterContext = useDataRouterContext(DataRouterHook.UseBlocker),
-    router = _useDataRouterContext.router;
-  var state = useDataRouterState(DataRouterStateHook.UseBlocker);
-  var _React$useState = React.useState(function () {
-      return String(++blockerId);
-    }),
-    _React$useState2 = _slicedToArray(_React$useState, 1),
-    blockerKey = _React$useState2[0];
-  var blockerFunction = React.useCallback(function (args) {
-    return typeof shouldBlock === "function" ? !!shouldBlock(args) : !!shouldBlock;
-  }, [shouldBlock]);
-  var blocker = router.getBlocker(blockerKey, blockerFunction);
-
-  // Cleanup on unmount
-  React.useEffect(function () {
-    return function () {
-      return router.deleteBlocker(blockerKey);
-    };
-  }, [router, blockerKey]);
-
-  // Prefer the blocker from state since DataRouterContext is memoized so this
-  // ensures we update on blocker state updates
-  return state.blockers.get(blockerKey) || blocker;
-}
-
-/**
- * Stable version of useNavigate that is used when we are in the context of
- * a RouterProvider.
- */
-function useNavigateStable() {
-  var _useDataRouterContext2 = useDataRouterContext(DataRouterHook.UseNavigateStable),
-    router = _useDataRouterContext2.router;
-  var id = useCurrentRouteId(DataRouterStateHook.UseNavigateStable);
-  var activeRef = react.useRef(false);
-  useIsomorphicLayoutEffect(function () {
-    activeRef.current = true;
-  });
-  var navigate = react.useCallback(function (to, options) {
-    if (options === void 0) {
-      options = {};
-    }
-     false ? 0 : void 0;
-
-    // Short circuit here since if this happens on first render the navigate
-    // is useless because we haven't wired up our router subscriber yet
-    if (!activeRef.current) return;
-    if (typeof to === "number") {
-      router.navigate(to);
-    } else {
-      router.navigate(to, dist_extends({
-        fromRouteId: id
-      }, options));
-    }
-  }, [router, id]);
-  return navigate;
-}
-var alreadyWarned = {};
-function warningOnce(key, cond, message) {
-  if (!cond && !alreadyWarned[key]) {
-    alreadyWarned[key] = true;
-     false ? 0 : void 0;
-  }
-}
-
-// Webpack + React 17 fails to compile on the usage of `React.startTransition` or
-// `React["startTransition"]` even if it's behind a feature detection of
-// `"startTransition" in React`. Moving this to a constant avoids the issue :/
-var START_TRANSITION = "startTransition";
-
-/**
- * Given a Remix Router instance, render the appropriate UI
- */
-function RouterProvider(_ref) {
-  var fallbackElement = _ref.fallbackElement,
-    router = _ref.router;
-  // Need to use a layout effect here so we are subscribed early enough to
-  // pick up on any render-driven redirects/navigations (useEffect/<Navigate>)
-  var _React$useState3 = react.useState(router.state),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    state = _React$useState4[0],
-    setStateImpl = _React$useState4[1];
-  var setState = react.useCallback(function (newState) {
-    START_TRANSITION in react_namespaceObject ? react_namespaceObject[START_TRANSITION](function () {
-      return setStateImpl(newState);
-    }) : setStateImpl(newState);
-  }, [setStateImpl]);
-  react.useLayoutEffect(function () {
-    return router.subscribe(setState);
-  }, [router, setState]);
-  var navigator = react.useMemo(function () {
-    return {
-      createHref: router.createHref,
-      encodeLocation: router.encodeLocation,
-      go: function go(n) {
-        return router.navigate(n);
-      },
-      push: function push(to, state, opts) {
-        return router.navigate(to, {
-          state: state,
-          preventScrollReset: opts == null ? void 0 : opts.preventScrollReset
-        });
-      },
-      replace: function replace(to, state, opts) {
-        return router.navigate(to, {
-          replace: true,
-          state: state,
-          preventScrollReset: opts == null ? void 0 : opts.preventScrollReset
-        });
-      }
-    };
-  }, [router]);
-  var basename = router.basename || "/";
-  var dataRouterContext = react.useMemo(function () {
-    return {
-      router: router,
-      navigator: navigator,
-      static: false,
-      basename: basename
-    };
-  }, [router, navigator, basename]);
-
-  // The fragment and {null} here are important!  We need them to keep React 18's
-  // useId happy when we are server-rendering since we may have a <script> here
-  // containing the hydrated server-side staticContext (from StaticRouterProvider).
-  // useId relies on the component tree structure to generate deterministic id's
-  // so we need to ensure it remains the same on the client even though
-  // we don't need the <script> tag
-  return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement(DataRouterContext.Provider, {
-    value: dataRouterContext
-  }, /*#__PURE__*/react.createElement(DataRouterStateContext.Provider, {
-    value: state
-  }, /*#__PURE__*/react.createElement(dist_Router, {
-    basename: basename,
-    location: state.location,
-    navigationType: state.historyAction,
-    navigator: navigator
-  }, state.initialized ? /*#__PURE__*/react.createElement(DataRoutes, {
-    routes: router.routes,
-    state: state
-  }) : fallbackElement))), null);
-}
-function DataRoutes(_ref2) {
-  var routes = _ref2.routes,
-    state = _ref2.state;
-  return useRoutesImpl(routes, undefined, state);
-}
-/**
- * A <Router> that stores all entries in memory.
- *
- * @see https://reactrouter.com/router-components/memory-router
- */
-function MemoryRouter(_ref3) {
-  var basename = _ref3.basename,
-    children = _ref3.children,
-    initialEntries = _ref3.initialEntries,
-    initialIndex = _ref3.initialIndex;
-  var historyRef = React.useRef();
-  if (historyRef.current == null) {
-    historyRef.current = createMemoryHistory({
-      initialEntries: initialEntries,
-      initialIndex: initialIndex,
-      v5Compat: true
-    });
-  }
-  var history = historyRef.current;
-  var _React$useState5 = React.useState({
-      action: history.action,
-      location: history.location
-    }),
-    _React$useState6 = _slicedToArray(_React$useState5, 2),
-    state = _React$useState6[0],
-    setStateImpl = _React$useState6[1];
-  var setState = React.useCallback(function (newState) {
-    START_TRANSITION in React ? React[START_TRANSITION](function () {
-      return setStateImpl(newState);
-    }) : setStateImpl(newState);
-  }, [setStateImpl]);
-  React.useLayoutEffect(function () {
-    return history.listen(setState);
-  }, [history, setState]);
-  return /*#__PURE__*/React.createElement(dist_Router, {
-    basename: basename,
-    children: children,
-    location: state.location,
-    navigationType: state.action,
-    navigator: history
-  });
-}
-/**
- * Changes the current location.
- *
- * Note: This API is mostly useful in React.Component subclasses that are not
- * able to use hooks. In functional components, we recommend you use the
- * `useNavigate` hook instead.
- *
- * @see https://reactrouter.com/components/navigate
- */
-function Navigate(_ref4) {
-  var to = _ref4.to,
-    replace = _ref4.replace,
-    state = _ref4.state,
-    relative = _ref4.relative;
-  !useInRouterContext() ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-   false ? 0 : void 0;
-  var _React$useContext9 = React.useContext(RouteContext),
-    matches = _React$useContext9.matches;
-  var _useLocation4 = dist_useLocation(),
-    locationPathname = _useLocation4.pathname;
-  var navigate = dist_useNavigate();
-
-  // Resolve the path outside of the effect so that when effects run twice in
-  // StrictMode they navigate to the same place
-  var path = resolveTo(to, UNSAFE_getPathContributingMatches(matches).map(function (match) {
-    return match.pathnameBase;
-  }), locationPathname, relative === "path");
-  var jsonPath = JSON.stringify(path);
-  React.useEffect(function () {
-    return navigate(JSON.parse(jsonPath), {
-      replace: replace,
-      state: state,
-      relative: relative
-    });
-  }, [navigate, jsonPath, relative, replace, state]);
-  return null;
-}
-/**
- * Renders the child route's element, if there is one.
- *
- * @see https://reactrouter.com/components/outlet
- */
-function Outlet(props) {
-  return useOutlet(props.context);
-}
-/**
- * Declares an element that should be rendered at a certain URL path.
- *
- * @see https://reactrouter.com/components/route
- */
-function Route(_props) {
-   false ? 0 : UNSAFE_invariant(false);
-}
-/**
- * Provides location context for the rest of the app.
- *
- * Note: You usually won't render a <Router> directly. Instead, you'll render a
- * router that is more specific to your environment such as a <BrowserRouter>
- * in web browsers or a <StaticRouter> for server rendering.
- *
- * @see https://reactrouter.com/router-components/router
- */
-function dist_Router(_ref5) {
-  var _ref5$basename = _ref5.basename,
-    basenameProp = _ref5$basename === void 0 ? "/" : _ref5$basename,
-    _ref5$children = _ref5.children,
-    children = _ref5$children === void 0 ? null : _ref5$children,
-    locationProp = _ref5.location,
-    _ref5$navigationType = _ref5.navigationType,
-    navigationType = _ref5$navigationType === void 0 ? Action.Pop : _ref5$navigationType,
-    navigator = _ref5.navigator,
-    _ref5$static = _ref5.static,
-    staticProp = _ref5$static === void 0 ? false : _ref5$static;
-  !!useInRouterContext() ?  false ? 0 : invariant(false) : void 0;
-
-  // Preserve trailing slashes on basename, so we can let the user control
-  // the enforcement of trailing slashes throughout the app
-  var basename = basenameProp.replace(/^\/*/, "/");
-  var navigationContext = react.useMemo(function () {
-    return {
-      basename: basename,
-      navigator: navigator,
-      static: staticProp
-    };
-  }, [basename, navigator, staticProp]);
-  if (typeof locationProp === "string") {
-    locationProp = parsePath(locationProp);
-  }
-  var _locationProp = locationProp,
-    _locationProp$pathnam = _locationProp.pathname,
-    pathname = _locationProp$pathnam === void 0 ? "/" : _locationProp$pathnam,
-    _locationProp$search = _locationProp.search,
-    search = _locationProp$search === void 0 ? "" : _locationProp$search,
-    _locationProp$hash = _locationProp.hash,
-    hash = _locationProp$hash === void 0 ? "" : _locationProp$hash,
-    _locationProp$state = _locationProp.state,
-    state = _locationProp$state === void 0 ? null : _locationProp$state,
-    _locationProp$key = _locationProp.key,
-    key = _locationProp$key === void 0 ? "default" : _locationProp$key;
-  var locationContext = react.useMemo(function () {
-    var trailingPathname = router_stripBasename(pathname, basename);
-    if (trailingPathname == null) {
-      return null;
-    }
-    return {
-      location: {
-        pathname: trailingPathname,
-        search: search,
-        hash: hash,
-        state: state,
-        key: key
-      },
-      navigationType: navigationType
-    };
-  }, [basename, pathname, search, hash, state, key, navigationType]);
-   false ? 0 : void 0;
-  if (locationContext == null) {
-    return null;
-  }
-  return /*#__PURE__*/react.createElement(NavigationContext.Provider, {
-    value: navigationContext
-  }, /*#__PURE__*/react.createElement(LocationContext.Provider, {
-    children: children,
-    value: locationContext
-  }));
-}
-/**
- * A container for a nested tree of <Route> elements that renders the branch
- * that best matches the current location.
- *
- * @see https://reactrouter.com/components/routes
- */
-function Routes(_ref6) {
-  var children = _ref6.children,
-    location = _ref6.location;
-  return useRoutes(createRoutesFromChildren(children), location);
-}
-/**
- * Component to use for rendering lazily loaded data from returning defer()
- * in a loader function
- */
-function Await(_ref7) {
-  var children = _ref7.children,
-    errorElement = _ref7.errorElement,
-    resolve = _ref7.resolve;
-  return /*#__PURE__*/React.createElement(AwaitErrorBoundary, {
-    resolve: resolve,
-    errorElement: errorElement
-  }, /*#__PURE__*/React.createElement(ResolveAwait, null, children));
-}
-var AwaitRenderStatus;
-(function (AwaitRenderStatus) {
-  AwaitRenderStatus[AwaitRenderStatus["pending"] = 0] = "pending";
-  AwaitRenderStatus[AwaitRenderStatus["success"] = 1] = "success";
-  AwaitRenderStatus[AwaitRenderStatus["error"] = 2] = "error";
-})(AwaitRenderStatus || (AwaitRenderStatus = {}));
-var neverSettledPromise = new Promise(function () {});
-var AwaitErrorBoundary = /*#__PURE__*/function (_React$Component2) {
-  _inherits(AwaitErrorBoundary, _React$Component2);
-  var _super2 = _createSuper(AwaitErrorBoundary);
-  function AwaitErrorBoundary(props) {
-    var _this2;
-    classCallCheck_classCallCheck(this, AwaitErrorBoundary);
-    _this2 = _super2.call(this, props);
-    _this2.state = {
-      error: null
-    };
-    return _this2;
-  }
-  createClass_createClass(AwaitErrorBoundary, [{
-    key: "componentDidCatch",
-    value: function componentDidCatch(error, errorInfo) {
-      console.error("<Await> caught the following error during render", error, errorInfo);
-    }
-  }, {
-    key: "render",
-    value: function render() {
-      var _this$props = this.props,
-        children = _this$props.children,
-        errorElement = _this$props.errorElement,
-        resolve = _this$props.resolve;
-      var promise = null;
-      var status = AwaitRenderStatus.pending;
-      if (!(resolve instanceof Promise)) {
-        // Didn't get a promise - provide as a resolved promise
-        status = AwaitRenderStatus.success;
-        promise = Promise.resolve();
-        Object.defineProperty(promise, "_tracked", {
-          get: function get() {
-            return true;
-          }
-        });
-        Object.defineProperty(promise, "_data", {
-          get: function get() {
-            return resolve;
-          }
-        });
-      } else if (this.state.error) {
-        // Caught a render error, provide it as a rejected promise
-        status = AwaitRenderStatus.error;
-        var renderError = this.state.error;
-        promise = Promise.reject().catch(function () {}); // Avoid unhandled rejection warnings
-        Object.defineProperty(promise, "_tracked", {
-          get: function get() {
-            return true;
-          }
-        });
-        Object.defineProperty(promise, "_error", {
-          get: function get() {
-            return renderError;
-          }
-        });
-      } else if (resolve._tracked) {
-        // Already tracked promise - check contents
-        promise = resolve;
-        status = promise._error !== undefined ? AwaitRenderStatus.error : promise._data !== undefined ? AwaitRenderStatus.success : AwaitRenderStatus.pending;
-      } else {
-        // Raw (untracked) promise - track it
-        status = AwaitRenderStatus.pending;
-        Object.defineProperty(resolve, "_tracked", {
-          get: function get() {
-            return true;
-          }
-        });
-        promise = resolve.then(function (data) {
-          return Object.defineProperty(resolve, "_data", {
-            get: function get() {
-              return data;
-            }
-          });
-        }, function (error) {
-          return Object.defineProperty(resolve, "_error", {
-            get: function get() {
-              return error;
-            }
-          });
-        });
-      }
-      if (status === AwaitRenderStatus.error && promise._error instanceof AbortedDeferredError) {
-        // Freeze the UI by throwing a never resolved promise
-        throw neverSettledPromise;
-      }
-      if (status === AwaitRenderStatus.error && !errorElement) {
-        // No errorElement, throw to the nearest route-level error boundary
-        throw promise._error;
-      }
-      if (status === AwaitRenderStatus.error) {
-        // Render via our errorElement
-        return /*#__PURE__*/react.createElement(AwaitContext.Provider, {
-          value: promise,
-          children: errorElement
-        });
-      }
-      if (status === AwaitRenderStatus.success) {
-        // Render children with resolved value
-        return /*#__PURE__*/react.createElement(AwaitContext.Provider, {
-          value: promise,
-          children: children
-        });
-      }
-
-      // Throw to the suspense boundary
-      throw promise;
-    }
-  }], [{
-    key: "getDerivedStateFromError",
-    value: function getDerivedStateFromError(error) {
-      return {
-        error: error
-      };
-    }
-  }]);
-  return AwaitErrorBoundary;
-}(react.Component);
-/**
- * @private
- * Indirection to leverage useAsyncValue for a render-prop API on <Await>
- */
-function ResolveAwait(_ref8) {
-  var children = _ref8.children;
-  var data = useAsyncValue();
-  var toRender = typeof children === "function" ? children(data) : children;
-  return /*#__PURE__*/React.createElement(React.Fragment, null, toRender);
-}
-
-///////////////////////////////////////////////////////////////////////////////
-// UTILS
-///////////////////////////////////////////////////////////////////////////////
-
-/**
- * Creates a route config from a React "children" object, which is usually
- * either a `<Route>` element or an array of them. Used internally by
- * `<Routes>` to create a route config from its children.
- *
- * @see https://reactrouter.com/utils/create-routes-from-children
- */
-function createRoutesFromChildren(children, parentPath) {
-  if (parentPath === void 0) {
-    parentPath = [];
-  }
-  var routes = [];
-  React.Children.forEach(children, function (element, index) {
-    if (! /*#__PURE__*/React.isValidElement(element)) {
-      // Ignore non-elements. This allows people to more easily inline
-      // conditionals in their route config.
-      return;
-    }
-    var treePath = [].concat(_toConsumableArray(parentPath), [index]);
-    if (element.type === React.Fragment) {
-      // Transparently support React.Fragment and its children.
-      routes.push.apply(routes, createRoutesFromChildren(element.props.children, treePath));
-      return;
-    }
-    !(element.type === Route) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-    !(!element.props.index || !element.props.children) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-    var route = {
-      id: element.props.id || treePath.join("-"),
-      caseSensitive: element.props.caseSensitive,
-      element: element.props.element,
-      Component: element.props.Component,
-      index: element.props.index,
-      path: element.props.path,
-      loader: element.props.loader,
-      action: element.props.action,
-      errorElement: element.props.errorElement,
-      ErrorBoundary: element.props.ErrorBoundary,
-      hasErrorBoundary: element.props.ErrorBoundary != null || element.props.errorElement != null,
-      shouldRevalidate: element.props.shouldRevalidate,
-      handle: element.props.handle,
-      lazy: element.props.lazy
-    };
-    if (element.props.children) {
-      route.children = createRoutesFromChildren(element.props.children, treePath);
-    }
-    routes.push(route);
-  });
-  return routes;
-}
-
-/**
- * Renders the result of `matchRoutes()` into a React element.
- */
-function renderMatches(matches) {
-  return _renderMatches(matches);
-}
-function mapRouteProperties(route) {
-  var updates = {
-    // Note: this check also occurs in createRoutesFromChildren so update
-    // there if you change this -- please and thank you!
-    hasErrorBoundary: route.ErrorBoundary != null || route.errorElement != null
-  };
-  if (route.Component) {
-    if (false) {}
-    Object.assign(updates, {
-      element: /*#__PURE__*/react.createElement(route.Component),
-      Component: undefined
-    });
-  }
-  if (route.ErrorBoundary) {
-    if (false) {}
-    Object.assign(updates, {
-      errorElement: /*#__PURE__*/react.createElement(route.ErrorBoundary),
-      ErrorBoundary: undefined
-    });
-  }
-  return updates;
-}
-function createMemoryRouter(routes, opts) {
-  return createRouter({
-    basename: opts == null ? void 0 : opts.basename,
-    future: dist_extends({}, opts == null ? void 0 : opts.future, {
-      v7_prependBasename: true
-    }),
-    history: createMemoryHistory({
-      initialEntries: opts == null ? void 0 : opts.initialEntries,
-      initialIndex: opts == null ? void 0 : opts.initialIndex
-    }),
-    hydrationData: opts == null ? void 0 : opts.hydrationData,
-    routes: routes,
-    mapRouteProperties: mapRouteProperties
-  }).initialize();
-}
-
-;// CONCATENATED MODULE: ./src/index.css
-// extracted by mini-css-extract-plugin
-/* harmony default export */ var src = ({});
-;// CONCATENATED MODULE: ./src/reportWebVitals.ts
-var reportWebVitals=function reportWebVitals(onPerfEntry){if(onPerfEntry&&onPerfEntry instanceof Function){__webpack_require__.e(/* import() */ 787).then(__webpack_require__.bind(__webpack_require__, 787)).then(function(_ref){var getCLS=_ref.getCLS,getFID=_ref.getFID,getFCP=_ref.getFCP,getLCP=_ref.getLCP,getTTFB=_ref.getTTFB;getCLS(onPerfEntry);getFID(onPerfEntry);getFCP(onPerfEntry);getLCP(onPerfEntry);getTTFB(onPerfEntry);});}};/* harmony default export */ var src_reportWebVitals = (reportWebVitals);
-;// CONCATENATED MODULE: ./node_modules/@fontsource-variable/nunito/index.css
-// extracted by mini-css-extract-plugin
-/* harmony default export */ var nunito = ({});
-;// CONCATENATED MODULE: ./node_modules/react-router-dom/dist/index.js
-
-
-
-/**
- * React Router DOM v6.12.1
- *
- * Copyright (c) Remix Software Inc.
- *
- * This source code is licensed under the MIT license found in the
- * LICENSE.md file in the root directory of this source tree.
- *
- * @license MIT
- */
-
-
-
-
-function react_router_dom_dist_extends() {
-  react_router_dom_dist_extends = Object.assign ? Object.assign.bind() : function (target) {
-    for (var i = 1; i < arguments.length; i++) {
-      var source = arguments[i];
-      for (var key in source) {
-        if (Object.prototype.hasOwnProperty.call(source, key)) {
-          target[key] = source[key];
-        }
-      }
-    }
-    return target;
-  };
-  return react_router_dom_dist_extends.apply(this, arguments);
-}
-function _objectWithoutPropertiesLoose(source, excluded) {
-  if (source == null) return {};
-  var target = {};
-  var sourceKeys = Object.keys(source);
-  var key, i;
-  for (i = 0; i < sourceKeys.length; i++) {
-    key = sourceKeys[i];
-    if (excluded.indexOf(key) >= 0) continue;
-    target[key] = source[key];
-  }
-  return target;
-}
-var defaultMethod = "get";
-var defaultEncType = "application/x-www-form-urlencoded";
-function isHtmlElement(object) {
-  return object != null && typeof object.tagName === "string";
-}
-function isButtonElement(object) {
-  return isHtmlElement(object) && object.tagName.toLowerCase() === "button";
-}
-function isFormElement(object) {
-  return isHtmlElement(object) && object.tagName.toLowerCase() === "form";
-}
-function isInputElement(object) {
-  return isHtmlElement(object) && object.tagName.toLowerCase() === "input";
-}
-function isModifiedEvent(event) {
-  return !!(event.metaKey || event.altKey || event.ctrlKey || event.shiftKey);
-}
-function shouldProcessLinkClick(event, target) {
-  return event.button === 0 && (
-  // Ignore everything but left clicks
-  !target || target === "_self") &&
-  // Let browser handle "target=_blank" etc.
-  !isModifiedEvent(event) // Ignore clicks with modifier keys
-  ;
-}
-/**
- * Creates a URLSearchParams object using the given initializer.
- *
- * This is identical to `new URLSearchParams(init)` except it also
- * supports arrays as values in the object form of the initializer
- * instead of just strings. This is convenient when you need multiple
- * values for a given key, but don't want to use an array initializer.
- *
- * For example, instead of:
- *
- *   let searchParams = new URLSearchParams([
- *     ['sort', 'name'],
- *     ['sort', 'price']
- *   ]);
- *
- * you can do:
- *
- *   let searchParams = createSearchParams({
- *     sort: ['name', 'price']
- *   });
- */
-function createSearchParams(init) {
-  if (init === void 0) {
-    init = "";
-  }
-  return new URLSearchParams(typeof init === "string" || Array.isArray(init) || init instanceof URLSearchParams ? init : Object.keys(init).reduce(function (memo, key) {
-    var value = init[key];
-    return memo.concat(Array.isArray(value) ? value.map(function (v) {
-      return [key, v];
-    }) : [[key, value]]);
-  }, []));
-}
-function getSearchParamsForLocation(locationSearch, defaultSearchParams) {
-  var searchParams = createSearchParams(locationSearch);
-  if (defaultSearchParams) {
-    var _iterator = _createForOfIteratorHelper(defaultSearchParams.keys()),
-      _step;
-    try {
-      var _loop = function _loop() {
-        var key = _step.value;
-        if (!searchParams.has(key)) {
-          defaultSearchParams.getAll(key).forEach(function (value) {
-            searchParams.append(key, value);
-          });
-        }
-      };
-      for (_iterator.s(); !(_step = _iterator.n()).done;) {
-        _loop();
-      }
-    } catch (err) {
-      _iterator.e(err);
-    } finally {
-      _iterator.f();
-    }
-  }
-  return searchParams;
-}
-function getFormSubmissionInfo(target, options, basename) {
-  var method;
-  var action = null;
-  var encType;
-  var formData;
-  if (isFormElement(target)) {
-    var submissionTrigger = options.submissionTrigger;
-    if (options.action) {
-      action = options.action;
-    } else {
-      // When grabbing the action from the element, it will have had the basename
-      // prefixed to ensure non-JS scenarios work, so strip it since we'll
-      // re-prefix in the router
-      var attr = target.getAttribute("action");
-      action = attr ? stripBasename(attr, basename) : null;
-    }
-    method = options.method || target.getAttribute("method") || defaultMethod;
-    encType = options.encType || target.getAttribute("enctype") || defaultEncType;
-    formData = new FormData(target);
-    if (submissionTrigger && submissionTrigger.name) {
-      formData.append(submissionTrigger.name, submissionTrigger.value);
-    }
-  } else if (isButtonElement(target) || isInputElement(target) && (target.type === "submit" || target.type === "image")) {
-    var form = target.form;
-    if (form == null) {
-      throw new Error("Cannot submit a <button> or <input type=\"submit\"> without a <form>");
-    }
-    // <button>/<input type="submit"> may override attributes of <form>
-    if (options.action) {
-      action = options.action;
-    } else {
-      // When grabbing the action from the element, it will have had the basename
-      // prefixed to ensure non-JS scenarios work, so strip it since we'll
-      // re-prefix in the router
-      var _attr = target.getAttribute("formaction") || form.getAttribute("action");
-      action = _attr ? stripBasename(_attr, basename) : null;
-    }
-    method = options.method || target.getAttribute("formmethod") || form.getAttribute("method") || defaultMethod;
-    encType = options.encType || target.getAttribute("formenctype") || form.getAttribute("enctype") || defaultEncType;
-    formData = new FormData(form);
-    // Include name + value from a <button>, appending in case the button name
-    // matches an existing input name
-    if (target.name) {
-      formData.append(target.name, target.value);
-    }
-  } else if (isHtmlElement(target)) {
-    throw new Error("Cannot submit element that is not <form>, <button>, or " + "<input type=\"submit|image\">");
-  } else {
-    method = options.method || defaultMethod;
-    action = options.action || null;
-    encType = options.encType || defaultEncType;
-    if (target instanceof FormData) {
-      formData = target;
-    } else {
-      formData = new FormData();
-      if (target instanceof URLSearchParams) {
-        var _iterator2 = _createForOfIteratorHelper(target),
-          _step2;
-        try {
-          for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
-            var _step2$value = _slicedToArray(_step2.value, 2),
-              name = _step2$value[0],
-              value = _step2$value[1];
-            formData.append(name, value);
-          }
-        } catch (err) {
-          _iterator2.e(err);
-        } finally {
-          _iterator2.f();
-        }
-      } else if (target != null) {
-        for (var _i = 0, _Object$keys = Object.keys(target); _i < _Object$keys.length; _i++) {
-          var _name = _Object$keys[_i];
-          formData.append(_name, target[_name]);
-        }
-      }
-    }
-  }
-  return {
-    action: action,
-    method: method.toLowerCase(),
-    encType: encType,
-    formData: formData
-  };
-}
-var _excluded = ["onClick", "relative", "reloadDocument", "replace", "state", "target", "to", "preventScrollReset"],
-  _excluded2 = (/* unused pure expression or super */ null && (["aria-current", "caseSensitive", "className", "end", "style", "to", "children"])),
-  _excluded3 = (/* unused pure expression or super */ null && (["reloadDocument", "replace", "method", "action", "onSubmit", "fetcherKey", "routeId", "relative", "preventScrollReset"]));
-function createBrowserRouter(routes, opts) {
-  return createRouter({
-    basename: opts == null ? void 0 : opts.basename,
-    future: react_router_dom_dist_extends({}, opts == null ? void 0 : opts.future, {
-      v7_prependBasename: true
-    }),
-    history: createBrowserHistory({
-      window: opts == null ? void 0 : opts.window
-    }),
-    hydrationData: (opts == null ? void 0 : opts.hydrationData) || parseHydrationData(),
-    routes: routes,
-    mapRouteProperties: UNSAFE_mapRouteProperties
-  }).initialize();
-}
-function createHashRouter(routes, opts) {
-  return router_createRouter({
-    basename: opts == null ? void 0 : opts.basename,
-    future: react_router_dom_dist_extends({}, opts == null ? void 0 : opts.future, {
-      v7_prependBasename: true
-    }),
-    history: router_createHashHistory({
-      window: opts == null ? void 0 : opts.window
-    }),
-    hydrationData: (opts == null ? void 0 : opts.hydrationData) || parseHydrationData(),
-    routes: routes,
-    mapRouteProperties: mapRouteProperties
-  }).initialize();
-}
-function parseHydrationData() {
-  var _window;
-  var state = (_window = window) == null ? void 0 : _window.__staticRouterHydrationData;
-  if (state && state.errors) {
-    state = react_router_dom_dist_extends({}, state, {
-      errors: deserializeErrors(state.errors)
-    });
-  }
-  return state;
-}
-function deserializeErrors(errors) {
-  if (!errors) return null;
-  var entries = Object.entries(errors);
-  var serialized = {};
-  for (var _i2 = 0, _entries = entries; _i2 < _entries.length; _i2++) {
-    var _entries$_i = slicedToArray_slicedToArray(_entries[_i2], 2),
-      key = _entries$_i[0],
-      val = _entries$_i[1];
-    // Hey you!  If you change this, please change the corresponding logic in
-    // serializeErrors in react-router-dom/server.tsx :)
-    if (val && val.__type === "RouteErrorResponse") {
-      serialized[key] = new ErrorResponse(val.status, val.statusText, val.data, val.internal === true);
-    } else if (val && val.__type === "Error") {
-      var error = new Error(val.message);
-      // Wipe away the client-side stack trace.  Nothing to fill it in with
-      // because we don't serialize SSR stack traces for security reasons
-      error.stack = "";
-      serialized[key] = error;
-    } else {
-      serialized[key] = val;
-    }
-  }
-  return serialized;
-}
-// Webpack + React 17 fails to compile on the usage of `React.startTransition` or
-// `React["startTransition"]` even if it's behind a feature detection of
-// `"startTransition" in React`. Moving this to a constant avoids the issue :/
-var dist_START_TRANSITION = "startTransition";
-/**
- * A `<Router>` for use in web browsers. Provides the cleanest URLs.
- */
-function BrowserRouter(_ref) {
-  var basename = _ref.basename,
-    children = _ref.children,
-    window = _ref.window;
-  var historyRef = React.useRef();
-  if (historyRef.current == null) {
-    historyRef.current = createBrowserHistory({
-      window: window,
-      v5Compat: true
-    });
-  }
-  var history = historyRef.current;
-  var _React$useState = React.useState({
-      action: history.action,
-      location: history.location
-    }),
-    _React$useState2 = _slicedToArray(_React$useState, 2),
-    state = _React$useState2[0],
-    setStateImpl = _React$useState2[1];
-  var setState = React.useCallback(function (newState) {
-    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
-      return setStateImpl(newState);
-    }) : setStateImpl(newState);
-  }, [setStateImpl]);
-  React.useLayoutEffect(function () {
-    return history.listen(setState);
-  }, [history, setState]);
-  return /*#__PURE__*/React.createElement(Router, {
-    basename: basename,
-    children: children,
-    location: state.location,
-    navigationType: state.action,
-    navigator: history
-  });
-}
-/**
- * A `<Router>` for use in web browsers. Stores the location in the hash
- * portion of the URL so it is not sent to the server.
- */
-function HashRouter(_ref2) {
-  var basename = _ref2.basename,
-    children = _ref2.children,
-    window = _ref2.window;
-  var historyRef = React.useRef();
-  if (historyRef.current == null) {
-    historyRef.current = createHashHistory({
-      window: window,
-      v5Compat: true
-    });
-  }
-  var history = historyRef.current;
-  var _React$useState3 = React.useState({
-      action: history.action,
-      location: history.location
-    }),
-    _React$useState4 = _slicedToArray(_React$useState3, 2),
-    state = _React$useState4[0],
-    setStateImpl = _React$useState4[1];
-  var setState = React.useCallback(function (newState) {
-    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
-      return setStateImpl(newState);
-    }) : setStateImpl(newState);
-  }, [setStateImpl]);
-  React.useLayoutEffect(function () {
-    return history.listen(setState);
-  }, [history, setState]);
-  return /*#__PURE__*/React.createElement(Router, {
-    basename: basename,
-    children: children,
-    location: state.location,
-    navigationType: state.action,
-    navigator: history
-  });
-}
-/**
- * A `<Router>` that accepts a pre-instantiated history object. It's important
- * to note that using your own history object is highly discouraged and may add
- * two versions of the history library to your bundles unless you use the same
- * version of the history library that React Router uses internally.
- */
-function HistoryRouter(_ref3) {
-  var basename = _ref3.basename,
-    children = _ref3.children,
-    history = _ref3.history;
-  var _React$useState5 = React.useState({
-      action: history.action,
-      location: history.location
-    }),
-    _React$useState6 = _slicedToArray(_React$useState5, 2),
-    state = _React$useState6[0],
-    setStateImpl = _React$useState6[1];
-  var setState = React.useCallback(function (newState) {
-    dist_START_TRANSITION in React ? React[dist_START_TRANSITION](function () {
-      return setStateImpl(newState);
-    }) : setStateImpl(newState);
-  }, [setStateImpl]);
-  React.useLayoutEffect(function () {
-    return history.listen(setState);
-  }, [history, setState]);
-  return /*#__PURE__*/React.createElement(Router, {
-    basename: basename,
-    children: children,
-    location: state.location,
-    navigationType: state.action,
-    navigator: history
-  });
-}
-if (false) {}
-var isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined" && typeof window.document.createElement !== "undefined";
-var dist_ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
-/**
- * The public API for rendering a history-aware <a>.
- */
-var Link = /*#__PURE__*/react.forwardRef(function LinkWithRef(_ref4, ref) {
-  var onClick = _ref4.onClick,
-    relative = _ref4.relative,
-    reloadDocument = _ref4.reloadDocument,
-    replace = _ref4.replace,
-    state = _ref4.state,
-    target = _ref4.target,
-    to = _ref4.to,
-    preventScrollReset = _ref4.preventScrollReset,
-    rest = _objectWithoutPropertiesLoose(_ref4, _excluded);
-  var _React$useContext = react.useContext(NavigationContext),
-    basename = _React$useContext.basename;
-  // Rendered into <a href> for absolute URLs
-  var absoluteHref;
-  var isExternal = false;
-  if (typeof to === "string" && dist_ABSOLUTE_URL_REGEX.test(to)) {
-    // Render the absolute href server- and client-side
-    absoluteHref = to;
-    // Only check for external origins client-side
-    if (isBrowser) {
-      try {
-        var currentUrl = new URL(window.location.href);
-        var targetUrl = to.startsWith("//") ? new URL(currentUrl.protocol + to) : new URL(to);
-        var path = router_stripBasename(targetUrl.pathname, basename);
-        if (targetUrl.origin === currentUrl.origin && path != null) {
-          // Strip the protocol/origin/basename for same-origin absolute URLs
-          to = path + targetUrl.search + targetUrl.hash;
-        } else {
-          isExternal = true;
-        }
-      } catch (e) {
-        // We can't do external URL detection without a valid URL
-         false ? 0 : void 0;
-      }
-    }
-  }
-  // Rendered into <a href> for relative URLs
-  var href = useHref(to, {
-    relative: relative
-  });
-  var internalOnClick = useLinkClickHandler(to, {
-    replace: replace,
-    state: state,
-    target: target,
-    preventScrollReset: preventScrollReset,
-    relative: relative
-  });
-  function handleClick(event) {
-    if (onClick) onClick(event);
-    if (!event.defaultPrevented) {
-      internalOnClick(event);
-    }
-  }
-  return /*#__PURE__*/(
-    // eslint-disable-next-line jsx-a11y/anchor-has-content
-    react.createElement("a", react_router_dom_dist_extends({}, rest, {
-      href: absoluteHref || href,
-      onClick: isExternal || reloadDocument ? onClick : handleClick,
-      ref: ref,
-      target: target
-    }))
-  );
-});
-if (false) {}
-/**
- * A <Link> wrapper that knows if it's "active" or not.
- */
-var NavLink = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function NavLinkWithRef(_ref5, ref) {
-  var _ref5$ariaCurrent = _ref5["aria-current"],
-    ariaCurrentProp = _ref5$ariaCurrent === void 0 ? "page" : _ref5$ariaCurrent,
-    _ref5$caseSensitive = _ref5.caseSensitive,
-    caseSensitive = _ref5$caseSensitive === void 0 ? false : _ref5$caseSensitive,
-    _ref5$className = _ref5.className,
-    classNameProp = _ref5$className === void 0 ? "" : _ref5$className,
-    _ref5$end = _ref5.end,
-    end = _ref5$end === void 0 ? false : _ref5$end,
-    styleProp = _ref5.style,
-    to = _ref5.to,
-    children = _ref5.children,
-    rest = _objectWithoutPropertiesLoose(_ref5, _excluded2);
-  var path = useResolvedPath(to, {
-    relative: rest.relative
-  });
-  var location = useLocation();
-  var routerState = React.useContext(UNSAFE_DataRouterStateContext);
-  var _React$useContext2 = React.useContext(UNSAFE_NavigationContext),
-    navigator = _React$useContext2.navigator;
-  var toPathname = navigator.encodeLocation ? navigator.encodeLocation(path).pathname : path.pathname;
-  var locationPathname = location.pathname;
-  var nextLocationPathname = routerState && routerState.navigation && routerState.navigation.location ? routerState.navigation.location.pathname : null;
-  if (!caseSensitive) {
-    locationPathname = locationPathname.toLowerCase();
-    nextLocationPathname = nextLocationPathname ? nextLocationPathname.toLowerCase() : null;
-    toPathname = toPathname.toLowerCase();
-  }
-  var isActive = locationPathname === toPathname || !end && locationPathname.startsWith(toPathname) && locationPathname.charAt(toPathname.length) === "/";
-  var isPending = nextLocationPathname != null && (nextLocationPathname === toPathname || !end && nextLocationPathname.startsWith(toPathname) && nextLocationPathname.charAt(toPathname.length) === "/");
-  var ariaCurrent = isActive ? ariaCurrentProp : undefined;
-  var className;
-  if (typeof classNameProp === "function") {
-    className = classNameProp({
-      isActive: isActive,
-      isPending: isPending
-    });
-  } else {
-    // If the className prop is not a function, we use a default `active`
-    // class for <NavLink />s that are active. In v5 `active` was the default
-    // value for `activeClassName`, but we are removing that API and can still
-    // use the old default behavior for a cleaner upgrade path and keep the
-    // simple styling rules working as they currently do.
-    className = [classNameProp, isActive ? "active" : null, isPending ? "pending" : null].filter(Boolean).join(" ");
-  }
-  var style = typeof styleProp === "function" ? styleProp({
-    isActive: isActive,
-    isPending: isPending
-  }) : styleProp;
-  return /*#__PURE__*/React.createElement(Link, react_router_dom_dist_extends({}, rest, {
-    "aria-current": ariaCurrent,
-    className: className,
-    ref: ref,
-    style: style,
-    to: to
-  }), typeof children === "function" ? children({
-    isActive: isActive,
-    isPending: isPending
-  }) : children);
-})));
-if (false) {}
-/**
- * A `@remix-run/router`-aware `<form>`. It behaves like a normal form except
- * that the interaction with the server is with `fetch` instead of new document
- * requests, allowing components to add nicer UX to the page as the form is
- * submitted and returns with data.
- */
-var Form = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function (props, ref) {
-  return /*#__PURE__*/React.createElement(FormImpl, react_router_dom_dist_extends({}, props, {
-    ref: ref
-  }));
-})));
-if (false) {}
-var FormImpl = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(function (_ref6, forwardedRef) {
-  var reloadDocument = _ref6.reloadDocument,
-    replace = _ref6.replace,
-    _ref6$method = _ref6.method,
-    method = _ref6$method === void 0 ? defaultMethod : _ref6$method,
-    action = _ref6.action,
-    onSubmit = _ref6.onSubmit,
-    fetcherKey = _ref6.fetcherKey,
-    routeId = _ref6.routeId,
-    relative = _ref6.relative,
-    preventScrollReset = _ref6.preventScrollReset,
-    props = _objectWithoutPropertiesLoose(_ref6, _excluded3);
-  var submit = useSubmitImpl(fetcherKey, routeId);
-  var formMethod = method.toLowerCase() === "get" ? "get" : "post";
-  var formAction = useFormAction(action, {
-    relative: relative
-  });
-  var submitHandler = function submitHandler(event) {
-    onSubmit && onSubmit(event);
-    if (event.defaultPrevented) return;
-    event.preventDefault();
-    var submitter = event.nativeEvent.submitter;
-    var submitMethod = (submitter == null ? void 0 : submitter.getAttribute("formmethod")) || method;
-    submit(submitter || event.currentTarget, {
-      method: submitMethod,
-      replace: replace,
-      relative: relative,
-      preventScrollReset: preventScrollReset
-    });
-  };
-  return /*#__PURE__*/React.createElement("form", react_router_dom_dist_extends({
-    ref: forwardedRef,
-    method: formMethod,
-    action: formAction,
-    onSubmit: reloadDocument ? onSubmit : submitHandler
-  }, props));
-})));
-if (false) {}
-/**
- * This component will emulate the browser's scroll restoration on location
- * changes.
- */
-function ScrollRestoration(_ref7) {
-  var getKey = _ref7.getKey,
-    storageKey = _ref7.storageKey;
-  useScrollRestoration({
-    getKey: getKey,
-    storageKey: storageKey
-  });
-  return null;
-}
-if (false) {}
-//#endregion
-////////////////////////////////////////////////////////////////////////////////
-//#region Hooks
-////////////////////////////////////////////////////////////////////////////////
-var dist_DataRouterHook;
-(function (DataRouterHook) {
-  DataRouterHook["UseScrollRestoration"] = "useScrollRestoration";
-  DataRouterHook["UseSubmitImpl"] = "useSubmitImpl";
-  DataRouterHook["UseFetcher"] = "useFetcher";
-})(dist_DataRouterHook || (dist_DataRouterHook = {}));
-var dist_DataRouterStateHook;
-(function (DataRouterStateHook) {
-  DataRouterStateHook["UseFetchers"] = "useFetchers";
-  DataRouterStateHook["UseScrollRestoration"] = "useScrollRestoration";
-})(dist_DataRouterStateHook || (dist_DataRouterStateHook = {}));
-function dist_getDataRouterConsoleError(hookName) {
-  return hookName + " must be used within a data router.  See https://reactrouter.com/routers/picking-a-router.";
-}
-function dist_useDataRouterContext(hookName) {
-  var ctx = React.useContext(UNSAFE_DataRouterContext);
-  !ctx ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  return ctx;
-}
-function dist_useDataRouterState(hookName) {
-  var state = React.useContext(UNSAFE_DataRouterStateContext);
-  !state ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  return state;
-}
-/**
- * Handles the click behavior for router `<Link>` components. This is useful if
- * you need to create custom `<Link>` components with the same click behavior we
- * use in our exported `<Link>`.
- */
-function useLinkClickHandler(to, _temp) {
-  var _ref9 = _temp === void 0 ? {} : _temp,
-    target = _ref9.target,
-    replaceProp = _ref9.replace,
-    state = _ref9.state,
-    preventScrollReset = _ref9.preventScrollReset,
-    relative = _ref9.relative;
-  var navigate = dist_useNavigate();
-  var location = dist_useLocation();
-  var path = dist_useResolvedPath(to, {
-    relative: relative
-  });
-  return react.useCallback(function (event) {
-    if (shouldProcessLinkClick(event, target)) {
-      event.preventDefault();
-      // If the URL hasn't changed, a regular <a> will do a replace instead of
-      // a push, so do the same here unless the replace prop is explicitly set
-      var replace = replaceProp !== undefined ? replaceProp : router_createPath(location) === router_createPath(path);
-      navigate(to, {
-        replace: replace,
-        state: state,
-        preventScrollReset: preventScrollReset,
-        relative: relative
-      });
-    }
-  }, [location, navigate, path, replaceProp, state, target, to, preventScrollReset, relative]);
-}
-/**
- * A convenient wrapper for reading and writing search parameters via the
- * URLSearchParams interface.
- */
-function useSearchParams(defaultInit) {
-   false ? 0 : void 0;
-  var defaultSearchParamsRef = React.useRef(createSearchParams(defaultInit));
-  var hasSetSearchParamsRef = React.useRef(false);
-  var location = useLocation();
-  var searchParams = React.useMemo(function () {
-    return (
-      // Only merge in the defaults if we haven't yet called setSearchParams.
-      // Once we call that we want those to take precedence, otherwise you can't
-      // remove a param with setSearchParams({}) if it has an initial value
-      getSearchParamsForLocation(location.search, hasSetSearchParamsRef.current ? null : defaultSearchParamsRef.current)
-    );
-  }, [location.search]);
-  var navigate = useNavigate();
-  var setSearchParams = React.useCallback(function (nextInit, navigateOptions) {
-    var newSearchParams = createSearchParams(typeof nextInit === "function" ? nextInit(searchParams) : nextInit);
-    hasSetSearchParamsRef.current = true;
-    navigate("?" + newSearchParams, navigateOptions);
-  }, [navigate, searchParams]);
-  return [searchParams, setSearchParams];
-}
-/**
- * Returns a function that may be used to programmatically submit a form (or
- * some arbitrary data) to the server.
- */
-function useSubmit() {
-  return useSubmitImpl();
-}
-function useSubmitImpl(fetcherKey, fetcherRouteId) {
-  var _useDataRouterContext = dist_useDataRouterContext(dist_DataRouterHook.UseSubmitImpl),
-    router = _useDataRouterContext.router;
-  var _React$useContext3 = React.useContext(UNSAFE_NavigationContext),
-    basename = _React$useContext3.basename;
-  var currentRouteId = UNSAFE_useRouteId();
-  return React.useCallback(function (target, options) {
-    if (options === void 0) {
-      options = {};
-    }
-    if (typeof document === "undefined") {
-      throw new Error("You are calling submit during the server render. " + "Try calling submit within a `useEffect` or callback instead.");
-    }
-    var _getFormSubmissionInf = getFormSubmissionInfo(target, options, basename),
-      action = _getFormSubmissionInf.action,
-      method = _getFormSubmissionInf.method,
-      encType = _getFormSubmissionInf.encType,
-      formData = _getFormSubmissionInf.formData;
-    // Base options shared between fetch() and navigate()
-    var opts = {
-      preventScrollReset: options.preventScrollReset,
-      formData: formData,
-      formMethod: method,
-      formEncType: encType
-    };
-    if (fetcherKey) {
-      !(fetcherRouteId != null) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-      router.fetch(fetcherKey, fetcherRouteId, action, opts);
-    } else {
-      router.navigate(action, react_router_dom_dist_extends({}, opts, {
-        replace: options.replace,
-        fromRouteId: currentRouteId
-      }));
-    }
-  }, [router, basename, fetcherKey, fetcherRouteId, currentRouteId]);
-}
-// v7: Eventually we should deprecate this entirely in favor of using the
-// router method directly?
-function useFormAction(action, _temp2) {
-  var _ref10 = _temp2 === void 0 ? {} : _temp2,
-    relative = _ref10.relative;
-  var _React$useContext4 = React.useContext(UNSAFE_NavigationContext),
-    basename = _React$useContext4.basename;
-  var routeContext = React.useContext(UNSAFE_RouteContext);
-  !routeContext ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  var _routeContext$matches = routeContext.matches.slice(-1),
-    _routeContext$matches2 = _slicedToArray(_routeContext$matches, 1),
-    match = _routeContext$matches2[0];
-  // Shallow clone path so we can modify it below, otherwise we modify the
-  // object referenced by useMemo inside useResolvedPath
-  var path = react_router_dom_dist_extends({}, useResolvedPath(action ? action : ".", {
-    relative: relative
-  }));
-  // Previously we set the default action to ".". The problem with this is that
-  // `useResolvedPath(".")` excludes search params and the hash of the resolved
-  // URL. This is the intended behavior of when "." is specifically provided as
-  // the form action, but inconsistent w/ browsers when the action is omitted.
-  // https://github.com/remix-run/remix/issues/927
-  var location = useLocation();
-  if (action == null) {
-    // Safe to write to these directly here since if action was undefined, we
-    // would have called useResolvedPath(".") which will never include a search
-    // or hash
-    path.search = location.search;
-    path.hash = location.hash;
-    // When grabbing search params from the URL, remove the automatically
-    // inserted ?index param so we match the useResolvedPath search behavior
-    // which would not include ?index
-    if (match.route.index) {
-      var params = new URLSearchParams(path.search);
-      params.delete("index");
-      path.search = params.toString() ? "?" + params.toString() : "";
-    }
-  }
-  if ((!action || action === ".") && match.route.index) {
-    path.search = path.search ? path.search.replace(/^\?/, "?index&") : "?index";
-  }
-  // If we're operating within a basename, prepend it to the pathname prior
-  // to creating the form action.  If this is a root navigation, then just use
-  // the raw basename which allows the basename to have full control over the
-  // presence of a trailing slash on root actions
-  if (basename !== "/") {
-    path.pathname = path.pathname === "/" ? basename : joinPaths([basename, path.pathname]);
-  }
-  return createPath(path);
-}
-function createFetcherForm(fetcherKey, routeId) {
-  var FetcherForm = /*#__PURE__*/React.forwardRef(function (props, ref) {
-    return /*#__PURE__*/React.createElement(FormImpl, react_router_dom_dist_extends({}, props, {
-      ref: ref,
-      fetcherKey: fetcherKey,
-      routeId: routeId
-    }));
-  });
-  if (false) {}
-  return FetcherForm;
-}
-var fetcherId = 0;
-/**
- * Interacts with route loaders and actions without causing a navigation. Great
- * for any interaction that stays on the same page.
- */
-function useFetcher() {
-  var _route$matches;
-  var _useDataRouterContext2 = dist_useDataRouterContext(dist_DataRouterHook.UseFetcher),
-    router = _useDataRouterContext2.router;
-  var route = React.useContext(UNSAFE_RouteContext);
-  !route ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  var routeId = (_route$matches = route.matches[route.matches.length - 1]) == null ? void 0 : _route$matches.route.id;
-  !(routeId != null) ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-  var _React$useState7 = React.useState(function () {
-      return String(++fetcherId);
-    }),
-    _React$useState8 = _slicedToArray(_React$useState7, 1),
-    fetcherKey = _React$useState8[0];
-  var _React$useState9 = React.useState(function () {
-      !routeId ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-      return createFetcherForm(fetcherKey, routeId);
-    }),
-    _React$useState10 = _slicedToArray(_React$useState9, 1),
-    Form = _React$useState10[0];
-  var _React$useState11 = React.useState(function () {
-      return function (href) {
-        !router ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-        !routeId ?  false ? 0 : UNSAFE_invariant(false) : void 0;
-        router.fetch(fetcherKey, routeId, href);
-      };
-    }),
-    _React$useState12 = _slicedToArray(_React$useState11, 1),
-    load = _React$useState12[0];
-  var submit = useSubmitImpl(fetcherKey, routeId);
-  var fetcher = router.getFetcher(fetcherKey);
-  var fetcherWithComponents = React.useMemo(function () {
-    return react_router_dom_dist_extends({
-      Form: Form,
-      submit: submit,
-      load: load
-    }, fetcher);
-  }, [fetcher, Form, submit, load]);
-  React.useEffect(function () {
-    // Is this busted when the React team gets real weird and calls effects
-    // twice on mount?  We really just need to garbage collect here when this
-    // fetcher is no longer around.
-    return function () {
-      if (!router) {
-        console.warn("No router available to clean up from useFetcher()");
-        return;
-      }
-      router.deleteFetcher(fetcherKey);
-    };
-  }, [router, fetcherKey]);
-  return fetcherWithComponents;
-}
-/**
- * Provides all fetchers currently on the page. Useful for layouts and parent
- * routes that need to provide pending/optimistic UI regarding the fetch.
- */
-function useFetchers() {
-  var state = dist_useDataRouterState(dist_DataRouterStateHook.UseFetchers);
-  return _toConsumableArray(state.fetchers.values());
-}
-var SCROLL_RESTORATION_STORAGE_KEY = "react-router-scroll-positions";
-var savedScrollPositions = {};
-/**
- * When rendered inside a RouterProvider, will restore scroll positions on navigations
- */
-function useScrollRestoration(_temp3) {
-  var _ref11 = _temp3 === void 0 ? {} : _temp3,
-    getKey = _ref11.getKey,
-    storageKey = _ref11.storageKey;
-  var _useDataRouterContext3 = dist_useDataRouterContext(dist_DataRouterHook.UseScrollRestoration),
-    router = _useDataRouterContext3.router;
-  var _useDataRouterState = dist_useDataRouterState(dist_DataRouterStateHook.UseScrollRestoration),
-    restoreScrollPosition = _useDataRouterState.restoreScrollPosition,
-    preventScrollReset = _useDataRouterState.preventScrollReset;
-  var location = useLocation();
-  var matches = useMatches();
-  var navigation = useNavigation();
-  // Trigger manual scroll restoration while we're active
-  React.useEffect(function () {
-    window.history.scrollRestoration = "manual";
-    return function () {
-      window.history.scrollRestoration = "auto";
-    };
-  }, []);
-  // Save positions on pagehide
-  usePageHide(React.useCallback(function () {
-    if (navigation.state === "idle") {
-      var key = (getKey ? getKey(location, matches) : null) || location.key;
-      savedScrollPositions[key] = window.scrollY;
-    }
-    sessionStorage.setItem(storageKey || SCROLL_RESTORATION_STORAGE_KEY, JSON.stringify(savedScrollPositions));
-    window.history.scrollRestoration = "auto";
-  }, [storageKey, getKey, navigation.state, location, matches]));
-  // Read in any saved scroll locations
-  if (typeof document !== "undefined") {
-    // eslint-disable-next-line react-hooks/rules-of-hooks
-    React.useLayoutEffect(function () {
-      try {
-        var sessionPositions = sessionStorage.getItem(storageKey || SCROLL_RESTORATION_STORAGE_KEY);
-        if (sessionPositions) {
-          savedScrollPositions = JSON.parse(sessionPositions);
-        }
-      } catch (e) {
-        // no-op, use default empty object
-      }
-    }, [storageKey]);
-    // Enable scroll restoration in the router
-    // eslint-disable-next-line react-hooks/rules-of-hooks
-    React.useLayoutEffect(function () {
-      var disableScrollRestoration = router == null ? void 0 : router.enableScrollRestoration(savedScrollPositions, function () {
-        return window.scrollY;
-      }, getKey);
-      return function () {
-        return disableScrollRestoration && disableScrollRestoration();
-      };
-    }, [router, getKey]);
-    // Restore scrolling when state.restoreScrollPosition changes
-    // eslint-disable-next-line react-hooks/rules-of-hooks
-    React.useLayoutEffect(function () {
-      // Explicit false means don't do anything (used for submissions)
-      if (restoreScrollPosition === false) {
-        return;
-      }
-      // been here before, scroll to it
-      if (typeof restoreScrollPosition === "number") {
-        window.scrollTo(0, restoreScrollPosition);
-        return;
-      }
-      // try to scroll to the hash
-      if (location.hash) {
-        var el = document.getElementById(location.hash.slice(1));
-        if (el) {
-          el.scrollIntoView();
-          return;
-        }
-      }
-      // Don't reset if this navigation opted out
-      if (preventScrollReset === true) {
-        return;
-      }
-      // otherwise go to the top on new locations
-      window.scrollTo(0, 0);
-    }, [location, restoreScrollPosition, preventScrollReset]);
-  }
-}
-/**
- * Setup a callback to be fired on the window's `beforeunload` event. This is
- * useful for saving some data to `window.localStorage` just before the page
- * refreshes.
- *
- * Note: The `callback` argument should be a function created with
- * `React.useCallback()`.
- */
-function useBeforeUnload(callback, options) {
-  var _ref12 = options || {},
-    capture = _ref12.capture;
-  React.useEffect(function () {
-    var opts = capture != null ? {
-      capture: capture
-    } : undefined;
-    window.addEventListener("beforeunload", callback, opts);
-    return function () {
-      window.removeEventListener("beforeunload", callback, opts);
-    };
-  }, [callback, capture]);
-}
-/**
- * Setup a callback to be fired on the window's `pagehide` event. This is
- * useful for saving some data to `window.localStorage` just before the page
- * refreshes.  This event is better supported than beforeunload across browsers.
- *
- * Note: The `callback` argument should be a function created with
- * `React.useCallback()`.
- */
-function usePageHide(callback, options) {
-  var _ref13 = options || {},
-    capture = _ref13.capture;
-  React.useEffect(function () {
-    var opts = capture != null ? {
-      capture: capture
-    } : undefined;
-    window.addEventListener("pagehide", callback, opts);
-    return function () {
-      window.removeEventListener("pagehide", callback, opts);
-    };
-  }, [callback, capture]);
-}
-/**
- * Wrapper around useBlocker to show a window.confirm prompt to users instead
- * of building a custom UI with useBlocker.
- *
- * Warning: This has *a lot of rough edges* and behaves very differently (and
- * very incorrectly in some cases) across browsers if user click addition
- * back/forward navigations while the confirm is open.  Use at your own risk.
- */
-function usePrompt(_ref8) {
-  var when = _ref8.when,
-    message = _ref8.message;
-  var blocker = unstable_useBlocker(when);
-  React.useEffect(function () {
-    if (blocker.state === "blocked" && !when) {
-      blocker.reset();
-    }
-  }, [blocker, when]);
-  React.useEffect(function () {
-    if (blocker.state === "blocked") {
-      var proceed = window.confirm(message);
-      if (proceed) {
-        setTimeout(blocker.proceed, 0);
-      } else {
-        blocker.reset();
-      }
-    }
-  }, [blocker, message]);
-}
-//#endregion
-
-
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/extends.js
-function extends_extends() {
-  extends_extends = Object.assign ? Object.assign.bind() : function (target) {
-    for (var i = 1; i < arguments.length; i++) {
-      var source = arguments[i];
-      for (var key in source) {
-        if (Object.prototype.hasOwnProperty.call(source, key)) {
-          target[key] = source[key];
-        }
-      }
-    }
-    return target;
-  };
-  return extends_extends.apply(this, arguments);
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutPropertiesLoose.js
-function objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded) {
-  if (source == null) return {};
-  var target = {};
-  var sourceKeys = Object.keys(source);
-  var key, i;
-  for (i = 0; i < sourceKeys.length; i++) {
-    key = sourceKeys[i];
-    if (excluded.indexOf(key) >= 0) continue;
-    target[key] = source[key];
-  }
-  return target;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/useTheme/ThemeContext.js
-
-var ThemeContext_ThemeContext = /*#__PURE__*/react.createContext(null);
-if (false) {}
-/* harmony default export */ var useTheme_ThemeContext = (ThemeContext_ThemeContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/useTheme/useTheme.js
-
-
-function useTheme() {
-  var theme = react.useContext(useTheme_ThemeContext);
-  if (false) {}
-  return theme;
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectSpread2.js
-
-function ownKeys(object, enumerableOnly) {
-  var keys = Object.keys(object);
-  if (Object.getOwnPropertySymbols) {
-    var symbols = Object.getOwnPropertySymbols(object);
-    enumerableOnly && (symbols = symbols.filter(function (sym) {
-      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
-    })), keys.push.apply(keys, symbols);
-  }
-  return keys;
-}
-function _objectSpread2(target) {
-  for (var i = 1; i < arguments.length; i++) {
-    var source = null != arguments[i] ? arguments[i] : {};
-    i % 2 ? ownKeys(Object(source), !0).forEach(function (key) {
-      defineProperty_defineProperty(target, key, source[key]);
-    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) {
-      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
-    });
-  }
-  return target;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/ThemeProvider/nested.js
-var hasSymbol = typeof Symbol === 'function' && Symbol.for;
-/* harmony default export */ var nested = (hasSymbol ? Symbol.for('mui.nested') : '__THEME_NESTED__');
-// EXTERNAL MODULE: ./node_modules/react/jsx-runtime.js
-var jsx_runtime = __webpack_require__(184);
-;// CONCATENATED MODULE: ./node_modules/@mui/private-theming/ThemeProvider/ThemeProvider.js
-
-
-
-
-
-
-
-
-// To support composition of theme.
-
-function mergeOuterLocalTheme(outerTheme, localTheme) {
-  if (typeof localTheme === 'function') {
-    var mergedTheme = localTheme(outerTheme);
-    if (false) {}
-    return mergedTheme;
-  }
-  return _objectSpread2(_objectSpread2({}, outerTheme), localTheme);
-}
-
-/**
- * This component takes a `theme` prop.
- * It makes the `theme` available down the React tree thanks to React context.
- * This component should preferably be used at **the root of your component tree**.
- */
-function ThemeProvider(props) {
-  var children = props.children,
-    localTheme = props.theme;
-  var outerTheme = useTheme();
-  if (false) {}
-  var theme = react.useMemo(function () {
-    var output = outerTheme === null ? localTheme : mergeOuterLocalTheme(outerTheme, localTheme);
-    if (output != null) {
-      output[nested] = outerTheme !== null;
-    }
-    return output;
-  }, [localTheme, outerTheme]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(useTheme_ThemeContext.Provider, {
-    value: theme,
-    children: children
-  });
-}
- false ? 0 : void 0;
-if (false) {}
-/* harmony default export */ var ThemeProvider_ThemeProvider = (ThemeProvider);
-;// CONCATENATED MODULE: ./node_modules/@emotion/sheet/dist/emotion-sheet.browser.esm.js
-/*
-
-Based off glamor's StyleSheet, thanks Sunil ❤️
-
-high performance StyleSheet for css-in-js systems
-
-- uses multiple style tags behind the scenes for millions of rules
-- uses `insertRule` for appending in production for *much* faster performance
-
-// usage
-
-import { StyleSheet } from '@emotion/sheet'
-
-let styleSheet = new StyleSheet({ key: '', container: document.head })
-
-styleSheet.insert('#box { border: 1px solid red; }')
-- appends a css rule into the stylesheet
-
-styleSheet.flush()
-- empties the stylesheet of all its contents
-
-*/
-// $FlowFixMe
-function sheetForTag(tag) {
-  if (tag.sheet) {
-    // $FlowFixMe
-    return tag.sheet;
-  } // this weirdness brought to you by firefox
-
-  /* istanbul ignore next */
-
-  for (var i = 0; i < document.styleSheets.length; i++) {
-    if (document.styleSheets[i].ownerNode === tag) {
-      // $FlowFixMe
-      return document.styleSheets[i];
-    }
-  }
-}
-function createStyleElement(options) {
-  var tag = document.createElement('style');
-  tag.setAttribute('data-emotion', options.key);
-  if (options.nonce !== undefined) {
-    tag.setAttribute('nonce', options.nonce);
-  }
-  tag.appendChild(document.createTextNode(''));
-  tag.setAttribute('data-s', '');
-  return tag;
-}
-var StyleSheet = /*#__PURE__*/function () {
-  // Using Node instead of HTMLElement since container may be a ShadowRoot
-  function StyleSheet(options) {
-    var _this = this;
-    this._insertTag = function (tag) {
-      var before;
-      if (_this.tags.length === 0) {
-        if (_this.insertionPoint) {
-          before = _this.insertionPoint.nextSibling;
-        } else if (_this.prepend) {
-          before = _this.container.firstChild;
-        } else {
-          before = _this.before;
-        }
-      } else {
-        before = _this.tags[_this.tags.length - 1].nextSibling;
-      }
-      _this.container.insertBefore(tag, before);
-      _this.tags.push(tag);
-    };
-    this.isSpeedy = options.speedy === undefined ? "production" === 'production' : options.speedy;
-    this.tags = [];
-    this.ctr = 0;
-    this.nonce = options.nonce; // key is the value of the data-emotion attribute, it's used to identify different sheets
-
-    this.key = options.key;
-    this.container = options.container;
-    this.prepend = options.prepend;
-    this.insertionPoint = options.insertionPoint;
-    this.before = null;
-  }
-  var _proto = StyleSheet.prototype;
-  _proto.hydrate = function hydrate(nodes) {
-    nodes.forEach(this._insertTag);
-  };
-  _proto.insert = function insert(rule) {
-    // the max length is how many rules we have per style tag, it's 65000 in speedy mode
-    // it's 1 in dev because we insert source maps that map a single rule to a location
-    // and you can only have one source map per style tag
-    if (this.ctr % (this.isSpeedy ? 65000 : 1) === 0) {
-      this._insertTag(createStyleElement(this));
-    }
-    var tag = this.tags[this.tags.length - 1];
-    if (false) { var isImportRule; }
-    if (this.isSpeedy) {
-      var sheet = sheetForTag(tag);
-      try {
-        // this is the ultrafast version, works across browsers
-        // the big drawback is that the css won't be editable in devtools
-        sheet.insertRule(rule, sheet.cssRules.length);
-      } catch (e) {
-        if (false) {}
-      }
-    } else {
-      tag.appendChild(document.createTextNode(rule));
-    }
-    this.ctr++;
-  };
-  _proto.flush = function flush() {
-    // $FlowFixMe
-    this.tags.forEach(function (tag) {
-      return tag.parentNode && tag.parentNode.removeChild(tag);
-    });
-    this.tags = [];
-    this.ctr = 0;
-    if (false) {}
-  };
-  return StyleSheet;
-}();
-
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Utility.js
-/**
- * @param {number}
- * @return {number}
- */
-var abs = Math.abs;
-
-/**
- * @param {number}
- * @return {string}
- */
-var Utility_from = String.fromCharCode;
-
-/**
- * @param {object}
- * @return {object}
- */
-var Utility_assign = Object.assign;
-
-/**
- * @param {string} value
- * @param {number} length
- * @return {number}
- */
-function hash(value, length) {
-  return Utility_charat(value, 0) ^ 45 ? (((length << 2 ^ Utility_charat(value, 0)) << 2 ^ Utility_charat(value, 1)) << 2 ^ Utility_charat(value, 2)) << 2 ^ Utility_charat(value, 3) : 0;
-}
-
-/**
- * @param {string} value
- * @return {string}
- */
-function trim(value) {
-  return value.trim();
-}
-
-/**
- * @param {string} value
- * @param {RegExp} pattern
- * @return {string?}
- */
-function Utility_match(value, pattern) {
-  return (value = pattern.exec(value)) ? value[0] : value;
-}
-
-/**
- * @param {string} value
- * @param {(string|RegExp)} pattern
- * @param {string} replacement
- * @return {string}
- */
-function Utility_replace(value, pattern, replacement) {
-  return value.replace(pattern, replacement);
-}
-
-/**
- * @param {string} value
- * @param {string} search
- * @return {number}
- */
-function indexof(value, search) {
-  return value.indexOf(search);
-}
-
-/**
- * @param {string} value
- * @param {number} index
- * @return {number}
- */
-function Utility_charat(value, index) {
-  return value.charCodeAt(index) | 0;
-}
-
-/**
- * @param {string} value
- * @param {number} begin
- * @param {number} end
- * @return {string}
- */
-function Utility_substr(value, begin, end) {
-  return value.slice(begin, end);
-}
-
-/**
- * @param {string} value
- * @return {number}
- */
-function Utility_strlen(value) {
-  return value.length;
-}
-
-/**
- * @param {any[]} value
- * @return {number}
- */
-function Utility_sizeof(value) {
-  return value.length;
-}
-
-/**
- * @param {any} value
- * @param {any[]} array
- * @return {any}
- */
-function Utility_append(value, array) {
-  return array.push(value), value;
-}
-
-/**
- * @param {string[]} array
- * @param {function} callback
- * @return {string}
- */
-function Utility_combine(array, callback) {
-  return array.map(callback).join('');
-}
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Tokenizer.js
-
-var line = 1;
-var column = 1;
-var Tokenizer_length = 0;
-var position = 0;
-var character = 0;
-var characters = '';
-
-/**
- * @param {string} value
- * @param {object | null} root
- * @param {object | null} parent
- * @param {string} type
- * @param {string[] | string} props
- * @param {object[] | string} children
- * @param {number} length
- */
-function node(value, root, parent, type, props, children, length) {
-  return {
-    value: value,
-    root: root,
-    parent: parent,
-    type: type,
-    props: props,
-    children: children,
-    line: line,
-    column: column,
-    length: length,
-    return: ''
-  };
-}
-
-/**
- * @param {object} root
- * @param {object} props
- * @return {object}
- */
-function Tokenizer_copy(root, props) {
-  return Utility_assign(node('', null, null, '', null, null, 0), root, {
-    length: -root.length
-  }, props);
-}
-
-/**
- * @return {number}
- */
-function Tokenizer_char() {
-  return character;
-}
-
-/**
- * @return {number}
- */
-function prev() {
-  character = position > 0 ? Utility_charat(characters, --position) : 0;
-  if (column--, character === 10) column = 1, line--;
-  return character;
-}
-
-/**
- * @return {number}
- */
-function next() {
-  character = position < Tokenizer_length ? Utility_charat(characters, position++) : 0;
-  if (column++, character === 10) column = 1, line++;
-  return character;
-}
-
-/**
- * @return {number}
- */
-function peek() {
-  return Utility_charat(characters, position);
-}
-
-/**
- * @return {number}
- */
-function caret() {
-  return position;
-}
-
-/**
- * @param {number} begin
- * @param {number} end
- * @return {string}
- */
-function slice(begin, end) {
-  return Utility_substr(characters, begin, end);
-}
-
-/**
- * @param {number} type
- * @return {number}
- */
-function token(type) {
-  switch (type) {
-    // \0 \t \n \r \s whitespace token
-    case 0:
-    case 9:
-    case 10:
-    case 13:
-    case 32:
-      return 5;
-    // ! + , / > @ ~ isolate token
-    case 33:
-    case 43:
-    case 44:
-    case 47:
-    case 62:
-    case 64:
-    case 126:
-    // ; { } breakpoint token
-    case 59:
-    case 123:
-    case 125:
-      return 4;
-    // : accompanied token
-    case 58:
-      return 3;
-    // " ' ( [ opening delimit token
-    case 34:
-    case 39:
-    case 40:
-    case 91:
-      return 2;
-    // ) ] closing delimit token
-    case 41:
-    case 93:
-      return 1;
-  }
-  return 0;
-}
-
-/**
- * @param {string} value
- * @return {any[]}
- */
-function alloc(value) {
-  return line = column = 1, Tokenizer_length = Utility_strlen(characters = value), position = 0, [];
-}
-
-/**
- * @param {any} value
- * @return {any}
- */
-function dealloc(value) {
-  return characters = '', value;
-}
-
-/**
- * @param {number} type
- * @return {string}
- */
-function delimit(type) {
-  return trim(slice(position - 1, delimiter(type === 91 ? type + 2 : type === 40 ? type + 1 : type)));
-}
-
-/**
- * @param {string} value
- * @return {string[]}
- */
-function Tokenizer_tokenize(value) {
-  return dealloc(tokenizer(alloc(value)));
-}
-
-/**
- * @param {number} type
- * @return {string}
- */
-function whitespace(type) {
-  while (character = peek()) if (character < 33) next();else break;
-  return token(type) > 2 || token(character) > 3 ? '' : ' ';
-}
-
-/**
- * @param {string[]} children
- * @return {string[]}
- */
-function tokenizer(children) {
-  while (next()) switch (token(character)) {
-    case 0:
-      append(identifier(position - 1), children);
-      break;
-    case 2:
-      append(delimit(character), children);
-      break;
-    default:
-      append(from(character), children);
-  }
-  return children;
-}
-
-/**
- * @param {number} index
- * @param {number} count
- * @return {string}
- */
-function escaping(index, count) {
-  while (--count && next())
-  // not 0-9 A-F a-f
-  if (character < 48 || character > 102 || character > 57 && character < 65 || character > 70 && character < 97) break;
-  return slice(index, caret() + (count < 6 && peek() == 32 && next() == 32));
-}
-
-/**
- * @param {number} type
- * @return {number}
- */
-function delimiter(type) {
-  while (next()) switch (character) {
-    // ] ) " '
-    case type:
-      return position;
-    // " '
-    case 34:
-    case 39:
-      if (type !== 34 && type !== 39) delimiter(character);
-      break;
-    // (
-    case 40:
-      if (type === 41) delimiter(type);
-      break;
-    // \
-    case 92:
-      next();
-      break;
-  }
-  return position;
-}
-
-/**
- * @param {number} type
- * @param {number} index
- * @return {number}
- */
-function commenter(type, index) {
-  while (next())
-  // //
-  if (type + character === 47 + 10) break;
-  // /*
-  else if (type + character === 42 + 42 && peek() === 47) break;
-  return '/*' + slice(index, position - 1) + '*' + Utility_from(type === 47 ? type : next());
-}
-
-/**
- * @param {number} index
- * @return {string}
- */
-function identifier(index) {
-  while (!token(peek())) next();
-  return slice(index, position);
-}
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Enum.js
-var Enum_MS = '-ms-';
-var Enum_MOZ = '-moz-';
-var Enum_WEBKIT = '-webkit-';
-var COMMENT = 'comm';
-var Enum_RULESET = 'rule';
-var Enum_DECLARATION = 'decl';
-var PAGE = '@page';
-var MEDIA = '@media';
-var IMPORT = '@import';
-var CHARSET = '@charset';
-var VIEWPORT = '@viewport';
-var SUPPORTS = '@supports';
-var DOCUMENT = '@document';
-var NAMESPACE = '@namespace';
-var Enum_KEYFRAMES = '@keyframes';
-var FONT_FACE = '@font-face';
-var COUNTER_STYLE = '@counter-style';
-var FONT_FEATURE_VALUES = '@font-feature-values';
-var LAYER = '@layer';
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Serializer.js
-
-
-
-/**
- * @param {object[]} children
- * @param {function} callback
- * @return {string}
- */
-function Serializer_serialize(children, callback) {
-  var output = '';
-  var length = Utility_sizeof(children);
-  for (var i = 0; i < length; i++) output += callback(children[i], i, children, callback) || '';
-  return output;
-}
-
-/**
- * @param {object} element
- * @param {number} index
- * @param {object[]} children
- * @param {function} callback
- * @return {string}
- */
-function stringify(element, index, children, callback) {
-  switch (element.type) {
-    case LAYER:
-      if (element.children.length) break;
-    case IMPORT:
-    case Enum_DECLARATION:
-      return element.return = element.return || element.value;
-    case COMMENT:
-      return '';
-    case Enum_KEYFRAMES:
-      return element.return = element.value + '{' + Serializer_serialize(element.children, callback) + '}';
-    case Enum_RULESET:
-      element.value = element.props.join(',');
-  }
-  return Utility_strlen(children = Serializer_serialize(element.children, callback)) ? element.return = element.value + '{' + children + '}' : '';
-}
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Middleware.js
-
-
-
-
-
-
-/**
- * @param {function[]} collection
- * @return {function}
- */
-function middleware(collection) {
-  var length = Utility_sizeof(collection);
-  return function (element, index, children, callback) {
-    var output = '';
-    for (var i = 0; i < length; i++) output += collection[i](element, index, children, callback) || '';
-    return output;
-  };
-}
-
-/**
- * @param {function} callback
- * @return {function}
- */
-function rulesheet(callback) {
-  return function (element) {
-    if (!element.root) if (element = element.return) callback(element);
-  };
-}
-
-/**
- * @param {object} element
- * @param {number} index
- * @param {object[]} children
- * @param {function} callback
- */
-function prefixer(element, index, children, callback) {
-  if (element.length > -1) if (!element.return) switch (element.type) {
-    case DECLARATION:
-      element.return = prefix(element.value, element.length, children);
-      return;
-    case KEYFRAMES:
-      return serialize([copy(element, {
-        value: replace(element.value, '@', '@' + WEBKIT)
-      })], callback);
-    case RULESET:
-      if (element.length) return combine(element.props, function (value) {
-        switch (match(value, /(::plac\w+|:read-\w+)/)) {
-          // :read-(only|write)
-          case ':read-only':
-          case ':read-write':
-            return serialize([copy(element, {
-              props: [replace(value, /:(read-\w+)/, ':' + MOZ + '$1')]
-            })], callback);
-          // :placeholder
-          case '::placeholder':
-            return serialize([copy(element, {
-              props: [replace(value, /:(plac\w+)/, ':' + WEBKIT + 'input-$1')]
-            }), copy(element, {
-              props: [replace(value, /:(plac\w+)/, ':' + MOZ + '$1')]
-            }), copy(element, {
-              props: [replace(value, /:(plac\w+)/, MS + 'input-$1')]
-            })], callback);
-        }
-        return '';
-      });
-  }
-}
-
-/**
- * @param {object} element
- * @param {number} index
- * @param {object[]} children
- */
-function namespace(element) {
-  switch (element.type) {
-    case RULESET:
-      element.props = element.props.map(function (value) {
-        return combine(tokenize(value), function (value, index, children) {
-          switch (charat(value, 0)) {
-            // \f
-            case 12:
-              return substr(value, 1, strlen(value));
-            // \0 ( + > ~
-            case 0:
-            case 40:
-            case 43:
-            case 62:
-            case 126:
-              return value;
-            // :
-            case 58:
-              if (children[++index] === 'global') children[index] = '', children[++index] = '\f' + substr(children[index], index = 1, -1);
-            // \s
-            case 32:
-              return index === 1 ? '' : value;
-            default:
-              switch (index) {
-                case 0:
-                  element = value;
-                  return sizeof(children) > 1 ? '' : value;
-                case index = sizeof(children) - 1:
-                case 2:
-                  return index === 2 ? value + element + element : value + element;
-                default:
-                  return value;
-              }
-          }
-        });
-      });
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/stylis/src/Parser.js
-
-
-
-
-/**
- * @param {string} value
- * @return {object[]}
- */
-function compile(value) {
-  return dealloc(parse('', null, null, null, [''], value = alloc(value), 0, [0], value));
-}
-
-/**
- * @param {string} value
- * @param {object} root
- * @param {object?} parent
- * @param {string[]} rule
- * @param {string[]} rules
- * @param {string[]} rulesets
- * @param {number[]} pseudo
- * @param {number[]} points
- * @param {string[]} declarations
- * @return {object}
- */
-function parse(value, root, parent, rule, rules, rulesets, pseudo, points, declarations) {
-  var index = 0;
-  var offset = 0;
-  var length = pseudo;
-  var atrule = 0;
-  var property = 0;
-  var previous = 0;
-  var variable = 1;
-  var scanning = 1;
-  var ampersand = 1;
-  var character = 0;
-  var type = '';
-  var props = rules;
-  var children = rulesets;
-  var reference = rule;
-  var characters = type;
-  while (scanning) switch (previous = character, character = next()) {
-    // (
-    case 40:
-      if (previous != 108 && Utility_charat(characters, length - 1) == 58) {
-        if (indexof(characters += Utility_replace(delimit(character), '&', '&\f'), '&\f') != -1) ampersand = -1;
-        break;
-      }
-    // " ' [
-    case 34:
-    case 39:
-    case 91:
-      characters += delimit(character);
-      break;
-    // \t \n \r \s
-    case 9:
-    case 10:
-    case 13:
-    case 32:
-      characters += whitespace(previous);
-      break;
-    // \
-    case 92:
-      characters += escaping(caret() - 1, 7);
-      continue;
-    // /
-    case 47:
-      switch (peek()) {
-        case 42:
-        case 47:
-          Utility_append(comment(commenter(next(), caret()), root, parent), declarations);
-          break;
-        default:
-          characters += '/';
-      }
-      break;
-    // {
-    case 123 * variable:
-      points[index++] = Utility_strlen(characters) * ampersand;
-    // } ; \0
-    case 125 * variable:
-    case 59:
-    case 0:
-      switch (character) {
-        // \0 }
-        case 0:
-        case 125:
-          scanning = 0;
-        // ;
-        case 59 + offset:
-          if (ampersand == -1) characters = Utility_replace(characters, /\f/g, '');
-          if (property > 0 && Utility_strlen(characters) - length) Utility_append(property > 32 ? declaration(characters + ';', rule, parent, length - 1) : declaration(Utility_replace(characters, ' ', '') + ';', rule, parent, length - 2), declarations);
-          break;
-        // @ ;
-        case 59:
-          characters += ';';
-        // { rule/at-rule
-        default:
-          Utility_append(reference = ruleset(characters, root, parent, index, offset, rules, points, type, props = [], children = [], length), rulesets);
-          if (character === 123) if (offset === 0) parse(characters, root, reference, reference, props, rulesets, length, points, children);else switch (atrule === 99 && Utility_charat(characters, 3) === 110 ? 100 : atrule) {
-            // d l m s
-            case 100:
-            case 108:
-            case 109:
-            case 115:
-              parse(value, reference, reference, rule && Utility_append(ruleset(value, reference, reference, 0, 0, rules, points, type, rules, props = [], length), children), rules, children, length, points, rule ? props : children);
-              break;
-            default:
-              parse(characters, reference, reference, reference, [''], children, 0, points, children);
-          }
-      }
-      index = offset = property = 0, variable = ampersand = 1, type = characters = '', length = pseudo;
-      break;
-    // :
-    case 58:
-      length = 1 + Utility_strlen(characters), property = previous;
-    default:
-      if (variable < 1) if (character == 123) --variable;else if (character == 125 && variable++ == 0 && prev() == 125) continue;
-      switch (characters += Utility_from(character), character * variable) {
-        // &
-        case 38:
-          ampersand = offset > 0 ? 1 : (characters += '\f', -1);
-          break;
-        // ,
-        case 44:
-          points[index++] = (Utility_strlen(characters) - 1) * ampersand, ampersand = 1;
-          break;
-        // @
-        case 64:
-          // -
-          if (peek() === 45) characters += delimit(next());
-          atrule = peek(), offset = length = Utility_strlen(type = characters += identifier(caret())), character++;
-          break;
-        // -
-        case 45:
-          if (previous === 45 && Utility_strlen(characters) == 2) variable = 0;
-      }
-  }
-  return rulesets;
-}
-
-/**
- * @param {string} value
- * @param {object} root
- * @param {object?} parent
- * @param {number} index
- * @param {number} offset
- * @param {string[]} rules
- * @param {number[]} points
- * @param {string} type
- * @param {string[]} props
- * @param {string[]} children
- * @param {number} length
- * @return {object}
- */
-function ruleset(value, root, parent, index, offset, rules, points, type, props, children, length) {
-  var post = offset - 1;
-  var rule = offset === 0 ? rules : [''];
-  var size = Utility_sizeof(rule);
-  for (var i = 0, j = 0, k = 0; i < index; ++i) for (var x = 0, y = Utility_substr(value, post + 1, post = abs(j = points[i])), z = value; x < size; ++x) if (z = trim(j > 0 ? rule[x] + ' ' + y : Utility_replace(y, /&\f/g, rule[x]))) props[k++] = z;
-  return node(value, root, parent, offset === 0 ? Enum_RULESET : type, props, children, length);
-}
-
-/**
- * @param {number} value
- * @param {object} root
- * @param {object?} parent
- * @return {object}
- */
-function comment(value, root, parent) {
-  return node(value, root, parent, COMMENT, Utility_from(Tokenizer_char()), Utility_substr(value, 2, -2), 0);
-}
-
-/**
- * @param {string} value
- * @param {object} root
- * @param {object?} parent
- * @param {number} length
- * @return {object}
- */
-function declaration(value, root, parent, length) {
-  return node(value, root, parent, Enum_DECLARATION, Utility_substr(value, 0, length), Utility_substr(value, length + 1, -1), length);
-}
-;// CONCATENATED MODULE: ./node_modules/@emotion/cache/dist/emotion-cache.browser.esm.js
-
-
-
-
-var identifierWithPointTracking = function identifierWithPointTracking(begin, points, index) {
-  var previous = 0;
-  var character = 0;
-  while (true) {
-    previous = character;
-    character = peek(); // &\f
-
-    if (previous === 38 && character === 12) {
-      points[index] = 1;
-    }
-    if (token(character)) {
-      break;
-    }
-    next();
-  }
-  return slice(begin, position);
-};
-var toRules = function toRules(parsed, points) {
-  // pretend we've started with a comma
-  var index = -1;
-  var character = 44;
-  do {
-    switch (token(character)) {
-      case 0:
-        // &\f
-        if (character === 38 && peek() === 12) {
-          // this is not 100% correct, we don't account for literal sequences here - like for example quoted strings
-          // stylis inserts \f after & to know when & where it should replace this sequence with the context selector
-          // and when it should just concatenate the outer and inner selectors
-          // it's very unlikely for this sequence to actually appear in a different context, so we just leverage this fact here
-          points[index] = 1;
-        }
-        parsed[index] += identifierWithPointTracking(position - 1, points, index);
-        break;
-      case 2:
-        parsed[index] += delimit(character);
-        break;
-      case 4:
-        // comma
-        if (character === 44) {
-          // colon
-          parsed[++index] = peek() === 58 ? '&\f' : '';
-          points[index] = parsed[index].length;
-          break;
-        }
-
-      // fallthrough
-
-      default:
-        parsed[index] += Utility_from(character);
-    }
-  } while (character = next());
-  return parsed;
-};
-var getRules = function getRules(value, points) {
-  return dealloc(toRules(alloc(value), points));
-}; // WeakSet would be more appropriate, but only WeakMap is supported in IE11
-
-var fixedElements = /* #__PURE__ */new WeakMap();
-var compat = function compat(element) {
-  if (element.type !== 'rule' || !element.parent ||
-  // positive .length indicates that this rule contains pseudo
-  // negative .length indicates that this rule has been already prefixed
-  element.length < 1) {
-    return;
-  }
-  var value = element.value,
-    parent = element.parent;
-  var isImplicitRule = element.column === parent.column && element.line === parent.line;
-  while (parent.type !== 'rule') {
-    parent = parent.parent;
-    if (!parent) return;
-  } // short-circuit for the simplest case
-
-  if (element.props.length === 1 && value.charCodeAt(0) !== 58
-  /* colon */ && !fixedElements.get(parent)) {
-    return;
-  } // if this is an implicitly inserted rule (the one eagerly inserted at the each new nested level)
-  // then the props has already been manipulated beforehand as they that array is shared between it and its "rule parent"
-
-  if (isImplicitRule) {
-    return;
-  }
-  fixedElements.set(element, true);
-  var points = [];
-  var rules = getRules(value, points);
-  var parentRules = parent.props;
-  for (var i = 0, k = 0; i < rules.length; i++) {
-    for (var j = 0; j < parentRules.length; j++, k++) {
-      element.props[k] = points[i] ? rules[i].replace(/&\f/g, parentRules[j]) : parentRules[j] + " " + rules[i];
-    }
-  }
-};
-var removeLabel = function removeLabel(element) {
-  if (element.type === 'decl') {
-    var value = element.value;
-    if (
-    // charcode for l
-    value.charCodeAt(0) === 108 &&
-    // charcode for b
-    value.charCodeAt(2) === 98) {
-      // this ignores label
-      element["return"] = '';
-      element.value = '';
-    }
-  }
-};
-var ignoreFlag = 'emotion-disable-server-rendering-unsafe-selector-warning-please-do-not-use-this-the-warning-exists-for-a-reason';
-var isIgnoringComment = function isIgnoringComment(element) {
-  return element.type === 'comm' && element.children.indexOf(ignoreFlag) > -1;
-};
-var createUnsafeSelectorsAlarm = function createUnsafeSelectorsAlarm(cache) {
-  return function (element, index, children) {
-    if (element.type !== 'rule' || cache.compat) return;
-    var unsafePseudoClasses = element.value.match(/(:first|:nth|:nth-last)-child/g);
-    if (unsafePseudoClasses) {
-      var isNested = !!element.parent; // in nested rules comments become children of the "auto-inserted" rule and that's always the `element.parent`
-      //
-      // considering this input:
-      // .a {
-      //   .b /* comm */ {}
-      //   color: hotpink;
-      // }
-      // we get output corresponding to this:
-      // .a {
-      //   & {
-      //     /* comm */
-      //     color: hotpink;
-      //   }
-      //   .b {}
-      // }
-
-      var commentContainer = isNested ? element.parent.children :
-      // global rule at the root level
-      children;
-      for (var i = commentContainer.length - 1; i >= 0; i--) {
-        var node = commentContainer[i];
-        if (node.line < element.line) {
-          break;
-        } // it is quite weird but comments are *usually* put at `column: element.column - 1`
-        // so we seek *from the end* for the node that is earlier than the rule's `element` and check that
-        // this will also match inputs like this:
-        // .a {
-        //   /* comm */
-        //   .b {}
-        // }
-        //
-        // but that is fine
-        //
-        // it would be the easiest to change the placement of the comment to be the first child of the rule:
-        // .a {
-        //   .b { /* comm */ }
-        // }
-        // with such inputs we wouldn't have to search for the comment at all
-        // TODO: consider changing this comment placement in the next major version
-
-        if (node.column < element.column) {
-          if (isIgnoringComment(node)) {
-            return;
-          }
-          break;
-        }
-      }
-      unsafePseudoClasses.forEach(function (unsafePseudoClass) {
-        console.error("The pseudo class \"" + unsafePseudoClass + "\" is potentially unsafe when doing server-side rendering. Try changing it to \"" + unsafePseudoClass.split('-child')[0] + "-of-type\".");
-      });
-    }
-  };
-};
-var isImportRule = function isImportRule(element) {
-  return element.type.charCodeAt(1) === 105 && element.type.charCodeAt(0) === 64;
-};
-var isPrependedWithRegularRules = function isPrependedWithRegularRules(index, children) {
-  for (var i = index - 1; i >= 0; i--) {
-    if (!isImportRule(children[i])) {
-      return true;
-    }
-  }
-  return false;
-}; // use this to remove incorrect elements from further processing
-// so they don't get handed to the `sheet` (or anything else)
-// as that could potentially lead to additional logs which in turn could be overhelming to the user
-
-var nullifyElement = function nullifyElement(element) {
-  element.type = '';
-  element.value = '';
-  element["return"] = '';
-  element.children = '';
-  element.props = '';
-};
-var incorrectImportAlarm = function incorrectImportAlarm(element, index, children) {
-  if (!isImportRule(element)) {
-    return;
-  }
-  if (element.parent) {
-    console.error("`@import` rules can't be nested inside other rules. Please move it to the top level and put it before regular rules. Keep in mind that they can only be used within global styles.");
-    nullifyElement(element);
-  } else if (isPrependedWithRegularRules(index, children)) {
-    console.error("`@import` rules can't be after other rules. Please put your `@import` rules before your other rules.");
-    nullifyElement(element);
-  }
-};
-
-/* eslint-disable no-fallthrough */
-
-function emotion_cache_browser_esm_prefix(value, length) {
-  switch (hash(value, length)) {
-    // color-adjust
-    case 5103:
-      return Enum_WEBKIT + 'print-' + value + value;
-    // animation, animation-(delay|direction|duration|fill-mode|iteration-count|name|play-state|timing-function)
-
-    case 5737:
-    case 4201:
-    case 3177:
-    case 3433:
-    case 1641:
-    case 4457:
-    case 2921: // text-decoration, filter, clip-path, backface-visibility, column, box-decoration-break
-
-    case 5572:
-    case 6356:
-    case 5844:
-    case 3191:
-    case 6645:
-    case 3005: // mask, mask-image, mask-(mode|clip|size), mask-(repeat|origin), mask-position, mask-composite,
-
-    case 6391:
-    case 5879:
-    case 5623:
-    case 6135:
-    case 4599:
-    case 4855: // background-clip, columns, column-(count|fill|gap|rule|rule-color|rule-style|rule-width|span|width)
-
-    case 4215:
-    case 6389:
-    case 5109:
-    case 5365:
-    case 5621:
-    case 3829:
-      return Enum_WEBKIT + value + value;
-    // appearance, user-select, transform, hyphens, text-size-adjust
-
-    case 5349:
-    case 4246:
-    case 4810:
-    case 6968:
-    case 2756:
-      return Enum_WEBKIT + value + Enum_MOZ + value + Enum_MS + value + value;
-    // flex, flex-direction
-
-    case 6828:
-    case 4268:
-      return Enum_WEBKIT + value + Enum_MS + value + value;
-    // order
-
-    case 6165:
-      return Enum_WEBKIT + value + Enum_MS + 'flex-' + value + value;
-    // align-items
-
-    case 5187:
-      return Enum_WEBKIT + value + Utility_replace(value, /(\w+).+(:[^]+)/, Enum_WEBKIT + 'box-$1$2' + Enum_MS + 'flex-$1$2') + value;
-    // align-self
-
-    case 5443:
-      return Enum_WEBKIT + value + Enum_MS + 'flex-item-' + Utility_replace(value, /flex-|-self/, '') + value;
-    // align-content
-
-    case 4675:
-      return Enum_WEBKIT + value + Enum_MS + 'flex-line-pack' + Utility_replace(value, /align-content|flex-|-self/, '') + value;
-    // flex-shrink
-
-    case 5548:
-      return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'shrink', 'negative') + value;
-    // flex-basis
-
-    case 5292:
-      return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'basis', 'preferred-size') + value;
-    // flex-grow
-
-    case 6060:
-      return Enum_WEBKIT + 'box-' + Utility_replace(value, '-grow', '') + Enum_WEBKIT + value + Enum_MS + Utility_replace(value, 'grow', 'positive') + value;
-    // transition
-
-    case 4554:
-      return Enum_WEBKIT + Utility_replace(value, /([^-])(transform)/g, '$1' + Enum_WEBKIT + '$2') + value;
-    // cursor
-
-    case 6187:
-      return Utility_replace(Utility_replace(Utility_replace(value, /(zoom-|grab)/, Enum_WEBKIT + '$1'), /(image-set)/, Enum_WEBKIT + '$1'), value, '') + value;
-    // background, background-image
-
-    case 5495:
-    case 3959:
-      return Utility_replace(value, /(image-set\([^]*)/, Enum_WEBKIT + '$1' + '$`$1');
-    // justify-content
-
-    case 4968:
-      return Utility_replace(Utility_replace(value, /(.+:)(flex-)?(.*)/, Enum_WEBKIT + 'box-pack:$3' + Enum_MS + 'flex-pack:$3'), /s.+-b[^;]+/, 'justify') + Enum_WEBKIT + value + value;
-    // (margin|padding)-inline-(start|end)
-
-    case 4095:
-    case 3583:
-    case 4068:
-    case 2532:
-      return Utility_replace(value, /(.+)-inline(.+)/, Enum_WEBKIT + '$1$2') + value;
-    // (min|max)?(width|height|inline-size|block-size)
-
-    case 8116:
-    case 7059:
-    case 5753:
-    case 5535:
-    case 5445:
-    case 5701:
-    case 4933:
-    case 4677:
-    case 5533:
-    case 5789:
-    case 5021:
-    case 4765:
-      // stretch, max-content, min-content, fill-available
-      if (Utility_strlen(value) - 1 - length > 6) switch (Utility_charat(value, length + 1)) {
-        // (m)ax-content, (m)in-content
-        case 109:
-          // -
-          if (Utility_charat(value, length + 4) !== 45) break;
-        // (f)ill-available, (f)it-content
-
-        case 102:
-          return Utility_replace(value, /(.+:)(.+)-([^]+)/, '$1' + Enum_WEBKIT + '$2-$3' + '$1' + Enum_MOZ + (Utility_charat(value, length + 3) == 108 ? '$3' : '$2-$3')) + value;
-        // (s)tretch
-
-        case 115:
-          return ~indexof(value, 'stretch') ? emotion_cache_browser_esm_prefix(Utility_replace(value, 'stretch', 'fill-available'), length) + value : value;
-      }
-      break;
-    // position: sticky
-
-    case 4949:
-      // (s)ticky?
-      if (Utility_charat(value, length + 1) !== 115) break;
-    // display: (flex|inline-flex)
-
-    case 6444:
-      switch (Utility_charat(value, Utility_strlen(value) - 3 - (~indexof(value, '!important') && 10))) {
-        // stic(k)y
-        case 107:
-          return Utility_replace(value, ':', ':' + Enum_WEBKIT) + value;
-        // (inline-)?fl(e)x
-
-        case 101:
-          return Utility_replace(value, /(.+:)([^;!]+)(;|!.+)?/, '$1' + Enum_WEBKIT + (Utility_charat(value, 14) === 45 ? 'inline-' : '') + 'box$3' + '$1' + Enum_WEBKIT + '$2$3' + '$1' + Enum_MS + '$2box$3') + value;
-      }
-      break;
-    // writing-mode
-
-    case 5936:
-      switch (Utility_charat(value, length + 11)) {
-        // vertical-l(r)
-        case 114:
-          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'tb') + value;
-        // vertical-r(l)
-
-        case 108:
-          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'tb-rl') + value;
-        // horizontal(-)tb
-
-        case 45:
-          return Enum_WEBKIT + value + Enum_MS + Utility_replace(value, /[svh]\w+-[tblr]{2}/, 'lr') + value;
-      }
-      return Enum_WEBKIT + value + Enum_MS + value + value;
-  }
-  return value;
-}
-var emotion_cache_browser_esm_prefixer = function prefixer(element, index, children, callback) {
-  if (element.length > -1) if (!element["return"]) switch (element.type) {
-    case Enum_DECLARATION:
-      element["return"] = emotion_cache_browser_esm_prefix(element.value, element.length);
-      break;
-    case Enum_KEYFRAMES:
-      return Serializer_serialize([Tokenizer_copy(element, {
-        value: Utility_replace(element.value, '@', '@' + Enum_WEBKIT)
-      })], callback);
-    case Enum_RULESET:
-      if (element.length) return Utility_combine(element.props, function (value) {
-        switch (Utility_match(value, /(::plac\w+|:read-\w+)/)) {
-          // :read-(only|write)
-          case ':read-only':
-          case ':read-write':
-            return Serializer_serialize([Tokenizer_copy(element, {
-              props: [Utility_replace(value, /:(read-\w+)/, ':' + Enum_MOZ + '$1')]
-            })], callback);
-          // :placeholder
-
-          case '::placeholder':
-            return Serializer_serialize([Tokenizer_copy(element, {
-              props: [Utility_replace(value, /:(plac\w+)/, ':' + Enum_WEBKIT + 'input-$1')]
-            }), Tokenizer_copy(element, {
-              props: [Utility_replace(value, /:(plac\w+)/, ':' + Enum_MOZ + '$1')]
-            }), Tokenizer_copy(element, {
-              props: [Utility_replace(value, /:(plac\w+)/, Enum_MS + 'input-$1')]
-            })], callback);
-        }
-        return '';
-      });
-  }
-};
-var defaultStylisPlugins = [emotion_cache_browser_esm_prefixer];
-var createCache = function createCache(options) {
-  var key = options.key;
-  if (false) {}
-  if (key === 'css') {
-    var ssrStyles = document.querySelectorAll("style[data-emotion]:not([data-s])"); // get SSRed styles out of the way of React's hydration
-    // document.head is a safe place to move them to(though note document.head is not necessarily the last place they will be)
-    // note this very very intentionally targets all style elements regardless of the key to ensure
-    // that creating a cache works inside of render of a React component
-
-    Array.prototype.forEach.call(ssrStyles, function (node) {
-      // we want to only move elements which have a space in the data-emotion attribute value
-      // because that indicates that it is an Emotion 11 server-side rendered style elements
-      // while we will already ignore Emotion 11 client-side inserted styles because of the :not([data-s]) part in the selector
-      // Emotion 10 client-side inserted styles did not have data-s (but importantly did not have a space in their data-emotion attributes)
-      // so checking for the space ensures that loading Emotion 11 after Emotion 10 has inserted some styles
-      // will not result in the Emotion 10 styles being destroyed
-      var dataEmotionAttribute = node.getAttribute('data-emotion');
-      if (dataEmotionAttribute.indexOf(' ') === -1) {
-        return;
-      }
-      document.head.appendChild(node);
-      node.setAttribute('data-s', '');
-    });
-  }
-  var stylisPlugins = options.stylisPlugins || defaultStylisPlugins;
-  if (false) {}
-  var inserted = {};
-  var container;
-  var nodesToHydrate = [];
-  {
-    container = options.container || document.head;
-    Array.prototype.forEach.call(
-    // this means we will ignore elements which don't have a space in them which
-    // means that the style elements we're looking at are only Emotion 11 server-rendered style elements
-    document.querySelectorAll("style[data-emotion^=\"" + key + " \"]"), function (node) {
-      var attrib = node.getAttribute("data-emotion").split(' '); // $FlowFixMe
-
-      for (var i = 1; i < attrib.length; i++) {
-        inserted[attrib[i]] = true;
-      }
-      nodesToHydrate.push(node);
-    });
-  }
-  var _insert;
-  var omnipresentPlugins = [compat, removeLabel];
-  if (false) {}
-  {
-    var currentSheet;
-    var finalizingPlugins = [stringify,  false ? 0 : rulesheet(function (rule) {
-      currentSheet.insert(rule);
-    })];
-    var serializer = middleware(omnipresentPlugins.concat(stylisPlugins, finalizingPlugins));
-    var stylis = function stylis(styles) {
-      return Serializer_serialize(compile(styles), serializer);
-    };
-    _insert = function insert(selector, serialized, sheet, shouldCache) {
-      currentSheet = sheet;
-      if (false) {}
-      stylis(selector ? selector + "{" + serialized.styles + "}" : serialized.styles);
-      if (shouldCache) {
-        cache.inserted[serialized.name] = true;
-      }
-    };
-  }
-  var cache = {
-    key: key,
-    sheet: new StyleSheet({
-      key: key,
-      container: container,
-      nonce: options.nonce,
-      speedy: options.speedy,
-      prepend: options.prepend,
-      insertionPoint: options.insertionPoint
-    }),
-    nonce: options.nonce,
-    inserted: inserted,
-    registered: {},
-    insert: _insert
-  };
-  cache.sheet.hydrate(nodesToHydrate);
-  return cache;
-};
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/hash/dist/emotion-hash.esm.js
-/* eslint-disable */
-// Inspired by https://github.com/garycourt/murmurhash-js
-// Ported from https://github.com/aappleby/smhasher/blob/61a0530f28277f2e850bfc39600ce61d02b518de/src/MurmurHash2.cpp#L37-L86
-function murmur2(str) {
-  // 'm' and 'r' are mixing constants generated offline.
-  // They're not really 'magic', they just happen to work well.
-  // const m = 0x5bd1e995;
-  // const r = 24;
-  // Initialize the hash
-  var h = 0; // Mix 4 bytes at a time into the hash
-
-  var k,
-    i = 0,
-    len = str.length;
-  for (; len >= 4; ++i, len -= 4) {
-    k = str.charCodeAt(i) & 0xff | (str.charCodeAt(++i) & 0xff) << 8 | (str.charCodeAt(++i) & 0xff) << 16 | (str.charCodeAt(++i) & 0xff) << 24;
-    k = /* Math.imul(k, m): */
-    (k & 0xffff) * 0x5bd1e995 + ((k >>> 16) * 0xe995 << 16);
-    k ^= /* k >>> r: */
-    k >>> 24;
-    h = /* Math.imul(k, m): */
-    (k & 0xffff) * 0x5bd1e995 + ((k >>> 16) * 0xe995 << 16) ^ /* Math.imul(h, m): */
-    (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
-  } // Handle the last few bytes of the input array
-
-  switch (len) {
-    case 3:
-      h ^= (str.charCodeAt(i + 2) & 0xff) << 16;
-    case 2:
-      h ^= (str.charCodeAt(i + 1) & 0xff) << 8;
-    case 1:
-      h ^= str.charCodeAt(i) & 0xff;
-      h = /* Math.imul(h, m): */
-      (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
-  } // Do a few final mixes of the hash to ensure the last few
-  // bytes are well-incorporated.
-
-  h ^= h >>> 13;
-  h = /* Math.imul(h, m): */
-  (h & 0xffff) * 0x5bd1e995 + ((h >>> 16) * 0xe995 << 16);
-  return ((h ^ h >>> 15) >>> 0).toString(36);
-}
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/unitless/dist/emotion-unitless.esm.js
-var unitlessKeys = {
-  animationIterationCount: 1,
-  aspectRatio: 1,
-  borderImageOutset: 1,
-  borderImageSlice: 1,
-  borderImageWidth: 1,
-  boxFlex: 1,
-  boxFlexGroup: 1,
-  boxOrdinalGroup: 1,
-  columnCount: 1,
-  columns: 1,
-  flex: 1,
-  flexGrow: 1,
-  flexPositive: 1,
-  flexShrink: 1,
-  flexNegative: 1,
-  flexOrder: 1,
-  gridRow: 1,
-  gridRowEnd: 1,
-  gridRowSpan: 1,
-  gridRowStart: 1,
-  gridColumn: 1,
-  gridColumnEnd: 1,
-  gridColumnSpan: 1,
-  gridColumnStart: 1,
-  msGridRow: 1,
-  msGridRowSpan: 1,
-  msGridColumn: 1,
-  msGridColumnSpan: 1,
-  fontWeight: 1,
-  lineHeight: 1,
-  opacity: 1,
-  order: 1,
-  orphans: 1,
-  tabSize: 1,
-  widows: 1,
-  zIndex: 1,
-  zoom: 1,
-  WebkitLineClamp: 1,
-  // SVG-related properties
-  fillOpacity: 1,
-  floodOpacity: 1,
-  stopOpacity: 1,
-  strokeDasharray: 1,
-  strokeDashoffset: 1,
-  strokeMiterlimit: 1,
-  strokeOpacity: 1,
-  strokeWidth: 1
-};
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/memoize/dist/emotion-memoize.esm.js
-function memoize(fn) {
-  var cache = Object.create(null);
-  return function (arg) {
-    if (cache[arg] === undefined) cache[arg] = fn(arg);
-    return cache[arg];
-  };
-}
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/serialize/dist/emotion-serialize.browser.esm.js
-
-
-
-var ILLEGAL_ESCAPE_SEQUENCE_ERROR = "You have illegal escape sequence in your template literal, most likely inside content's property value.\nBecause you write your CSS inside a JavaScript string you actually have to do double escaping, so for example \"content: '\\00d7';\" should become \"content: '\\\\00d7';\".\nYou can read more about this here:\nhttps://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#ES2018_revision_of_illegal_escape_sequences";
-var UNDEFINED_AS_OBJECT_KEY_ERROR = "You have passed in falsy value as style object's key (can happen when in example you pass unexported component as computed key).";
-var hyphenateRegex = /[A-Z]|^ms/g;
-var animationRegex = /_EMO_([^_]+?)_([^]*?)_EMO_/g;
-var isCustomProperty = function isCustomProperty(property) {
-  return property.charCodeAt(1) === 45;
-};
-var isProcessableValue = function isProcessableValue(value) {
-  return value != null && typeof value !== 'boolean';
-};
-var processStyleName = /* #__PURE__ */memoize(function (styleName) {
-  return isCustomProperty(styleName) ? styleName : styleName.replace(hyphenateRegex, '-$&').toLowerCase();
-});
-var processStyleValue = function processStyleValue(key, value) {
-  switch (key) {
-    case 'animation':
-    case 'animationName':
-      {
-        if (typeof value === 'string') {
-          return value.replace(animationRegex, function (match, p1, p2) {
-            cursor = {
-              name: p1,
-              styles: p2,
-              next: cursor
-            };
-            return p1;
-          });
-        }
-      }
-  }
-  if (unitlessKeys[key] !== 1 && !isCustomProperty(key) && typeof value === 'number' && value !== 0) {
-    return value + 'px';
-  }
-  return value;
-};
-if (false) { var hyphenatedCache, hyphenPattern, msPattern, oldProcessStyleValue, contentValues, contentValuePattern; }
-var noComponentSelectorMessage = (/* unused pure expression or super */ null && ('Component selectors can only be used in conjunction with ' + '@emotion/babel-plugin, the swc Emotion plugin, or another Emotion-aware ' + 'compiler transform.'));
-function handleInterpolation(mergedProps, registered, interpolation) {
-  if (interpolation == null) {
-    return '';
-  }
-  if (interpolation.__emotion_styles !== undefined) {
-    if (false) {}
-    return interpolation;
-  }
-  switch (typeof interpolation) {
-    case 'boolean':
-      {
-        return '';
-      }
-    case 'object':
-      {
-        if (interpolation.anim === 1) {
-          cursor = {
-            name: interpolation.name,
-            styles: interpolation.styles,
-            next: cursor
-          };
-          return interpolation.name;
-        }
-        if (interpolation.styles !== undefined) {
-          var next = interpolation.next;
-          if (next !== undefined) {
-            // not the most efficient thing ever but this is a pretty rare case
-            // and there will be very few iterations of this generally
-            while (next !== undefined) {
-              cursor = {
-                name: next.name,
-                styles: next.styles,
-                next: cursor
-              };
-              next = next.next;
-            }
-          }
-          var styles = interpolation.styles + ";";
-          if (false) {}
-          return styles;
-        }
-        return createStringFromObject(mergedProps, registered, interpolation);
-      }
-    case 'function':
-      {
-        if (mergedProps !== undefined) {
-          var previousCursor = cursor;
-          var result = interpolation(mergedProps);
-          cursor = previousCursor;
-          return handleInterpolation(mergedProps, registered, result);
-        } else if (false) {}
-        break;
-      }
-    case 'string':
-      if (false) { var replaced, matched; }
-      break;
-  } // finalize string values (regular strings and functions interpolated into css calls)
-
-  if (registered == null) {
-    return interpolation;
-  }
-  var cached = registered[interpolation];
-  return cached !== undefined ? cached : interpolation;
-}
-function createStringFromObject(mergedProps, registered, obj) {
-  var string = '';
-  if (Array.isArray(obj)) {
-    for (var i = 0; i < obj.length; i++) {
-      string += handleInterpolation(mergedProps, registered, obj[i]) + ";";
-    }
-  } else {
-    for (var _key in obj) {
-      var value = obj[_key];
-      if (typeof value !== 'object') {
-        if (registered != null && registered[value] !== undefined) {
-          string += _key + "{" + registered[value] + "}";
-        } else if (isProcessableValue(value)) {
-          string += processStyleName(_key) + ":" + processStyleValue(_key, value) + ";";
-        }
-      } else {
-        if (_key === 'NO_COMPONENT_SELECTOR' && "production" !== 'production') {}
-        if (Array.isArray(value) && typeof value[0] === 'string' && (registered == null || registered[value[0]] === undefined)) {
-          for (var _i = 0; _i < value.length; _i++) {
-            if (isProcessableValue(value[_i])) {
-              string += processStyleName(_key) + ":" + processStyleValue(_key, value[_i]) + ";";
-            }
-          }
-        } else {
-          var interpolated = handleInterpolation(mergedProps, registered, value);
-          switch (_key) {
-            case 'animation':
-            case 'animationName':
-              {
-                string += processStyleName(_key) + ":" + interpolated + ";";
-                break;
-              }
-            default:
-              {
-                if (false) {}
-                string += _key + "{" + interpolated + "}";
-              }
-          }
-        }
-      }
-    }
-  }
-  return string;
-}
-var labelPattern = /label:\s*([^\s;\n{]+)\s*(;|$)/g;
-var sourceMapPattern;
-if (false) {} // this is the cursor for keyframes
-// keyframes are stored on the SerializedStyles object as a linked list
-
-var cursor;
-var emotion_serialize_browser_esm_serializeStyles = function serializeStyles(args, registered, mergedProps) {
-  if (args.length === 1 && typeof args[0] === 'object' && args[0] !== null && args[0].styles !== undefined) {
-    return args[0];
-  }
-  var stringMode = true;
-  var styles = '';
-  cursor = undefined;
-  var strings = args[0];
-  if (strings == null || strings.raw === undefined) {
-    stringMode = false;
-    styles += handleInterpolation(mergedProps, registered, strings);
-  } else {
-    if (false) {}
-    styles += strings[0];
-  } // we start at 1 since we've already handled the first arg
-
-  for (var i = 1; i < args.length; i++) {
-    styles += handleInterpolation(mergedProps, registered, args[i]);
-    if (stringMode) {
-      if (false) {}
-      styles += strings[i];
-    }
-  }
-  var sourceMap;
-  if (false) {} // using a global regex with .exec is stateful so lastIndex has to be reset each time
-
-  labelPattern.lastIndex = 0;
-  var identifierName = '';
-  var match; // https://esbench.com/bench/5b809c2cf2949800a0f61fb5
-
-  while ((match = labelPattern.exec(styles)) !== null) {
-    identifierName += '-' +
-    // $FlowFixMe we know it's not null
-    match[1];
-  }
-  var name = murmur2(styles) + identifierName;
-  if (false) {}
-  return {
-    name: name,
-    styles: styles,
-    next: cursor
-  };
-};
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/use-insertion-effect-with-fallbacks/dist/emotion-use-insertion-effect-with-fallbacks.browser.esm.js
-
-var syncFallback = function syncFallback(create) {
-  return create();
-};
-var useInsertionEffect = react_namespaceObject['useInsertion' + 'Effect'] ? react_namespaceObject['useInsertion' + 'Effect'] : false;
-var emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectAlwaysWithSyncFallback = useInsertionEffect || syncFallback;
-var emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectWithLayoutFallback = useInsertionEffect || react.useLayoutEffect;
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/react/dist/emotion-element-c39617d8.browser.esm.js
-
-
-
-
-
-
-
-
-
-var emotion_element_c39617d8_browser_esm_isBrowser = "object" !== 'undefined';
-var emotion_element_c39617d8_browser_esm_hasOwnProperty = {}.hasOwnProperty;
-var EmotionCacheContext = /* #__PURE__ */react.createContext(
-// we're doing this to avoid preconstruct's dead code elimination in this one case
-// because this module is primarily intended for the browser and node
-// but it's also required in react native and similar environments sometimes
-// and we could have a special build just for that
-// but this is much easier and the native packages
-// might use a different theme context in the future anyway
-typeof HTMLElement !== 'undefined' ? /* #__PURE__ */createCache({
-  key: 'css'
-}) : null);
-if (false) {}
-var CacheProvider = EmotionCacheContext.Provider;
-var __unsafe_useEmotionCache = function useEmotionCache() {
-  return useContext(EmotionCacheContext);
-};
-var emotion_element_c39617d8_browser_esm_withEmotionCache = function withEmotionCache(func) {
-  // $FlowFixMe
-  return /*#__PURE__*/(0,react.forwardRef)(function (props, ref) {
-    // the cache will never be null in the browser
-    var cache = (0,react.useContext)(EmotionCacheContext);
-    return func(props, cache, ref);
-  });
-};
-if (!emotion_element_c39617d8_browser_esm_isBrowser) {
-  emotion_element_c39617d8_browser_esm_withEmotionCache = function withEmotionCache(func) {
-    return function (props) {
-      var cache = (0,react.useContext)(EmotionCacheContext);
-      if (cache === null) {
-        // yes, we're potentially creating this on every render
-        // it doesn't actually matter though since it's only on the server
-        // so there will only every be a single render
-        // that could change in the future because of suspense and etc. but for now,
-        // this works and i don't want to optimise for a future thing that we aren't sure about
-        cache = createCache({
-          key: 'css'
-        });
-        return /*#__PURE__*/react.createElement(EmotionCacheContext.Provider, {
-          value: cache
-        }, func(props, cache));
-      } else {
-        return func(props, cache);
-      }
-    };
-  };
-}
-var emotion_element_c39617d8_browser_esm_ThemeContext = /* #__PURE__ */react.createContext({});
-if (false) {}
-var emotion_element_c39617d8_browser_esm_useTheme = function useTheme() {
-  return React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
-};
-var getTheme = function getTheme(outerTheme, theme) {
-  if (typeof theme === 'function') {
-    var mergedTheme = theme(outerTheme);
-    if (false) {}
-    return mergedTheme;
-  }
-  if (false) {}
-  return _extends({}, outerTheme, theme);
-};
-var createCacheWithTheme = /* #__PURE__ */(/* unused pure expression or super */ null && (weakMemoize(function (outerTheme) {
-  return weakMemoize(function (theme) {
-    return getTheme(outerTheme, theme);
-  });
-})));
-var emotion_element_c39617d8_browser_esm_ThemeProvider = function ThemeProvider(props) {
-  var theme = React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
-  if (props.theme !== theme) {
-    theme = createCacheWithTheme(theme)(props.theme);
-  }
-  return /*#__PURE__*/React.createElement(emotion_element_c39617d8_browser_esm_ThemeContext.Provider, {
-    value: theme
-  }, props.children);
-};
-function withTheme(Component) {
-  var componentName = Component.displayName || Component.name || 'Component';
-  var render = function render(props, ref) {
-    var theme = React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
-    return /*#__PURE__*/React.createElement(Component, _extends({
-      theme: theme,
-      ref: ref
-    }, props));
-  }; // $FlowFixMe
-
-  var WithTheme = /*#__PURE__*/React.forwardRef(render);
-  WithTheme.displayName = "WithTheme(" + componentName + ")";
-  return hoistNonReactStatics(WithTheme, Component);
-}
-var getLastPart = function getLastPart(functionName) {
-  // The match may be something like 'Object.createEmotionProps' or
-  // 'Loader.prototype.render'
-  var parts = functionName.split('.');
-  return parts[parts.length - 1];
-};
-var getFunctionNameFromStackTraceLine = function getFunctionNameFromStackTraceLine(line) {
-  // V8
-  var match = /^\s+at\s+([A-Za-z0-9$.]+)\s/.exec(line);
-  if (match) return getLastPart(match[1]); // Safari / Firefox
-
-  match = /^([A-Za-z0-9$.]+)@/.exec(line);
-  if (match) return getLastPart(match[1]);
-  return undefined;
-};
-var internalReactFunctionNames = /* #__PURE__ */new Set(['renderWithHooks', 'processChild', 'finishClassComponent', 'renderToString']); // These identifiers come from error stacks, so they have to be valid JS
-// identifiers, thus we only need to replace what is a valid character for JS,
-// but not for CSS.
-
-var sanitizeIdentifier = function sanitizeIdentifier(identifier) {
-  return identifier.replace(/\$/g, '-');
-};
-var getLabelFromStackTrace = function getLabelFromStackTrace(stackTrace) {
-  if (!stackTrace) return undefined;
-  var lines = stackTrace.split('\n');
-  for (var i = 0; i < lines.length; i++) {
-    var functionName = getFunctionNameFromStackTraceLine(lines[i]); // The first line of V8 stack traces is just "Error"
-
-    if (!functionName) continue; // If we reach one of these, we have gone too far and should quit
-
-    if (internalReactFunctionNames.has(functionName)) break; // The component name is the first function in the stack that starts with an
-    // uppercase letter
-
-    if (/^[A-Z]/.test(functionName)) return sanitizeIdentifier(functionName);
-  }
-  return undefined;
-};
-var typePropName = '__EMOTION_TYPE_PLEASE_DO_NOT_USE__';
-var labelPropName = '__EMOTION_LABEL_PLEASE_DO_NOT_USE__';
-var emotion_element_c39617d8_browser_esm_createEmotionProps = function createEmotionProps(type, props) {
-  if (false) {}
-  var newProps = {};
-  for (var key in props) {
-    if (emotion_element_c39617d8_browser_esm_hasOwnProperty.call(props, key)) {
-      newProps[key] = props[key];
-    }
-  }
-  newProps[typePropName] = type; // For performance, only call getLabelFromStackTrace in development and when
-  // the label hasn't already been computed
-
-  if (false) { var label; }
-  return newProps;
-};
-var Insertion = function Insertion(_ref) {
-  var cache = _ref.cache,
-    serialized = _ref.serialized,
-    isStringTag = _ref.isStringTag;
-  registerStyles(cache, serialized, isStringTag);
-  useInsertionEffectAlwaysWithSyncFallback(function () {
-    return insertStyles(cache, serialized, isStringTag);
-  });
-  return null;
-};
-var emotion_element_c39617d8_browser_esm_Emotion = /* #__PURE__ */(/* unused pure expression or super */ null && (emotion_element_c39617d8_browser_esm_withEmotionCache(function (props, cache, ref) {
-  var cssProp = props.css; // so that using `css` from `emotion` and passing the result to the css prop works
-  // not passing the registered cache to serializeStyles because it would
-  // make certain babel optimisations not possible
-
-  if (typeof cssProp === 'string' && cache.registered[cssProp] !== undefined) {
-    cssProp = cache.registered[cssProp];
-  }
-  var WrappedComponent = props[typePropName];
-  var registeredStyles = [cssProp];
-  var className = '';
-  if (typeof props.className === 'string') {
-    className = getRegisteredStyles(cache.registered, registeredStyles, props.className);
-  } else if (props.className != null) {
-    className = props.className + " ";
-  }
-  var serialized = serializeStyles(registeredStyles, undefined, React.useContext(emotion_element_c39617d8_browser_esm_ThemeContext));
-  if (false) { var labelFromStack; }
-  className += cache.key + "-" + serialized.name;
-  var newProps = {};
-  for (var key in props) {
-    if (emotion_element_c39617d8_browser_esm_hasOwnProperty.call(props, key) && key !== 'css' && key !== typePropName && ( true || 0)) {
-      newProps[key] = props[key];
-    }
-  }
-  newProps.ref = ref;
-  newProps.className = className;
-  return /*#__PURE__*/React.createElement(React.Fragment, null, /*#__PURE__*/React.createElement(Insertion, {
-    cache: cache,
-    serialized: serialized,
-    isStringTag: typeof WrappedComponent === 'string'
-  }), /*#__PURE__*/React.createElement(WrappedComponent, newProps));
-})));
-if (false) {}
-var Emotion$1 = (/* unused pure expression or super */ null && (emotion_element_c39617d8_browser_esm_Emotion));
-
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeWithoutDefault.js
-
-
-function isObjectEmpty(obj) {
-  return Object.keys(obj).length === 0;
-}
-function useThemeWithoutDefault_useTheme() {
-  var defaultTheme = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null;
-  var contextTheme = react.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
-  return !contextTheme || isObjectEmpty(contextTheme) ? defaultTheme : contextTheme;
-}
-/* harmony default export */ var useThemeWithoutDefault = (useThemeWithoutDefault_useTheme);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/ThemeProvider/ThemeProvider.js
-
-
-
-
-
-
-
-
-
-var EMPTY_THEME = {};
-function useThemeScoping(themeId, upperTheme, localTheme) {
-  var isPrivate = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  return react.useMemo(function () {
-    var resolvedTheme = themeId ? upperTheme[themeId] || upperTheme : upperTheme;
-    if (typeof localTheme === 'function') {
-      var mergedTheme = localTheme(resolvedTheme);
-      var result = themeId ? extends_extends({}, upperTheme, defineProperty_defineProperty({}, themeId, mergedTheme)) : mergedTheme;
-      // must return a function for the private theme to NOT merge with the upper theme.
-      // see the test case "use provided theme from a callback" in ThemeProvider.test.js
-      if (isPrivate) {
-        return function () {
-          return result;
-        };
-      }
-      return result;
-    }
-    return themeId ? extends_extends({}, upperTheme, defineProperty_defineProperty({}, themeId, localTheme)) : extends_extends({}, upperTheme, localTheme);
-  }, [themeId, upperTheme, localTheme, isPrivate]);
-}
-
-/**
- * This component makes the `theme` available down the React tree.
- * It should preferably be used at **the root of your component tree**.
- *
- * <ThemeProvider theme={theme}> // existing use case
- * <ThemeProvider theme={{ id: theme }}> // theme scoping
- */
-function ThemeProvider_ThemeProvider_ThemeProvider(props) {
-  var children = props.children,
-    localTheme = props.theme,
-    themeId = props.themeId;
-  var upperTheme = useThemeWithoutDefault(EMPTY_THEME);
-  var upperPrivateTheme = useTheme() || EMPTY_THEME;
-  if (false) {}
-  var engineTheme = useThemeScoping(themeId, upperTheme, localTheme);
-  var privateTheme = useThemeScoping(themeId, upperPrivateTheme, localTheme, true);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(ThemeProvider_ThemeProvider, {
-    theme: privateTheme,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(emotion_element_c39617d8_browser_esm_ThemeContext.Provider, {
-      value: engineTheme,
-      children: children
-    })
-  });
-}
- false ? 0 : void 0;
-if (false) {}
-/* harmony default export */ var esm_ThemeProvider_ThemeProvider = (ThemeProvider_ThemeProvider_ThemeProvider);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/identifier.js
-/* harmony default export */ var styles_identifier = ('$$material');
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/ThemeProvider.js
-
-
-var ThemeProvider_excluded = ["theme"];
-
-
-
-
-
-function styles_ThemeProvider_ThemeProvider(_ref) {
-  var themeInput = _ref.theme,
-    props = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, ThemeProvider_excluded);
-  var scopedTheme = themeInput[styles_identifier];
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(esm_ThemeProvider_ThemeProvider, extends_extends({}, props, {
-    themeId: scopedTheme ? styles_identifier : undefined,
-    theme: scopedTheme || themeInput
-  }));
-}
- false ? 0 : void 0;
-;// CONCATENATED MODULE: ./node_modules/clsx/dist/clsx.m.js
-function r(e) {
-  var t,
-    f,
-    n = "";
-  if ("string" == typeof e || "number" == typeof e) n += e;else if ("object" == typeof e) if (Array.isArray(e)) for (t = 0; t < e.length; t++) e[t] && (f = r(e[t])) && (n && (n += " "), n += f);else for (t in e) e[t] && (n && (n += " "), n += t);
-  return n;
-}
-function clsx() {
-  for (var e, t, f = 0, n = ""; f < arguments.length;) (e = arguments[f++]) && (t = r(e)) && (n && (n += " "), n += t);
-  return n;
-}
-/* harmony default export */ var clsx_m = (clsx);
-;// CONCATENATED MODULE: ./node_modules/@emotion/is-prop-valid/dist/emotion-is-prop-valid.esm.js
-
-var reactPropsRegex = /^((children|dangerouslySetInnerHTML|key|ref|autoFocus|defaultValue|defaultChecked|innerHTML|suppressContentEditableWarning|suppressHydrationWarning|valueLink|abbr|accept|acceptCharset|accessKey|action|allow|allowUserMedia|allowPaymentRequest|allowFullScreen|allowTransparency|alt|async|autoComplete|autoPlay|capture|cellPadding|cellSpacing|challenge|charSet|checked|cite|classID|className|cols|colSpan|content|contentEditable|contextMenu|controls|controlsList|coords|crossOrigin|data|dateTime|decoding|default|defer|dir|disabled|disablePictureInPicture|download|draggable|encType|enterKeyHint|form|formAction|formEncType|formMethod|formNoValidate|formTarget|frameBorder|headers|height|hidden|high|href|hrefLang|htmlFor|httpEquiv|id|inputMode|integrity|is|keyParams|keyType|kind|label|lang|list|loading|loop|low|marginHeight|marginWidth|max|maxLength|media|mediaGroup|method|min|minLength|multiple|muted|name|nonce|noValidate|open|optimum|pattern|placeholder|playsInline|poster|preload|profile|radioGroup|readOnly|referrerPolicy|rel|required|reversed|role|rows|rowSpan|sandbox|scope|scoped|scrolling|seamless|selected|shape|size|sizes|slot|span|spellCheck|src|srcDoc|srcLang|srcSet|start|step|style|summary|tabIndex|target|title|translate|type|useMap|value|width|wmode|wrap|about|datatype|inlist|prefix|property|resource|typeof|vocab|autoCapitalize|autoCorrect|autoSave|color|incremental|fallback|inert|itemProp|itemScope|itemType|itemID|itemRef|on|option|results|security|unselectable|accentHeight|accumulate|additive|alignmentBaseline|allowReorder|alphabetic|amplitude|arabicForm|ascent|attributeName|attributeType|autoReverse|azimuth|baseFrequency|baselineShift|baseProfile|bbox|begin|bias|by|calcMode|capHeight|clip|clipPathUnits|clipPath|clipRule|colorInterpolation|colorInterpolationFilters|colorProfile|colorRendering|contentScriptType|contentStyleType|cursor|cx|cy|d|decelerate|descent|diffuseConstant|direction|display|divisor|dominantBaseline|dur|dx|dy|edgeMode|elevation|enableBackground|end|exponent|externalResourcesRequired|fill|fillOpacity|fillRule|filter|filterRes|filterUnits|floodColor|floodOpacity|focusable|fontFamily|fontSize|fontSizeAdjust|fontStretch|fontStyle|fontVariant|fontWeight|format|from|fr|fx|fy|g1|g2|glyphName|glyphOrientationHorizontal|glyphOrientationVertical|glyphRef|gradientTransform|gradientUnits|hanging|horizAdvX|horizOriginX|ideographic|imageRendering|in|in2|intercept|k|k1|k2|k3|k4|kernelMatrix|kernelUnitLength|kerning|keyPoints|keySplines|keyTimes|lengthAdjust|letterSpacing|lightingColor|limitingConeAngle|local|markerEnd|markerMid|markerStart|markerHeight|markerUnits|markerWidth|mask|maskContentUnits|maskUnits|mathematical|mode|numOctaves|offset|opacity|operator|order|orient|orientation|origin|overflow|overlinePosition|overlineThickness|panose1|paintOrder|pathLength|patternContentUnits|patternTransform|patternUnits|pointerEvents|points|pointsAtX|pointsAtY|pointsAtZ|preserveAlpha|preserveAspectRatio|primitiveUnits|r|radius|refX|refY|renderingIntent|repeatCount|repeatDur|requiredExtensions|requiredFeatures|restart|result|rotate|rx|ry|scale|seed|shapeRendering|slope|spacing|specularConstant|specularExponent|speed|spreadMethod|startOffset|stdDeviation|stemh|stemv|stitchTiles|stopColor|stopOpacity|strikethroughPosition|strikethroughThickness|string|stroke|strokeDasharray|strokeDashoffset|strokeLinecap|strokeLinejoin|strokeMiterlimit|strokeOpacity|strokeWidth|surfaceScale|systemLanguage|tableValues|targetX|targetY|textAnchor|textDecoration|textRendering|textLength|to|transform|u1|u2|underlinePosition|underlineThickness|unicode|unicodeBidi|unicodeRange|unitsPerEm|vAlphabetic|vHanging|vIdeographic|vMathematical|values|vectorEffect|version|vertAdvY|vertOriginX|vertOriginY|viewBox|viewTarget|visibility|widths|wordSpacing|writingMode|x|xHeight|x1|x2|xChannelSelector|xlinkActuate|xlinkArcrole|xlinkHref|xlinkRole|xlinkShow|xlinkTitle|xlinkType|xmlBase|xmlns|xmlnsXlink|xmlLang|xmlSpace|y|y1|y2|yChannelSelector|z|zoomAndPan|for|class|autofocus)|(([Dd][Aa][Tt][Aa]|[Aa][Rr][Ii][Aa]|x)-.*))$/; // https://esbench.com/bench/5bfee68a4cd7e6009ef61d23
-
-var isPropValid = /* #__PURE__ */memoize(function (prop) {
-  return reactPropsRegex.test(prop) || prop.charCodeAt(0) === 111
-  /* o */ && prop.charCodeAt(1) === 110
-  /* n */ && prop.charCodeAt(2) < 91;
-}
-/* Z+1 */);
-
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/utils/dist/emotion-utils.browser.esm.js
-var emotion_utils_browser_esm_isBrowser = "object" !== 'undefined';
-function emotion_utils_browser_esm_getRegisteredStyles(registered, registeredStyles, classNames) {
-  var rawClassName = '';
-  classNames.split(' ').forEach(function (className) {
-    if (registered[className] !== undefined) {
-      registeredStyles.push(registered[className] + ";");
-    } else {
-      rawClassName += className + " ";
-    }
-  });
-  return rawClassName;
-}
-var emotion_utils_browser_esm_registerStyles = function registerStyles(cache, serialized, isStringTag) {
-  var className = cache.key + "-" + serialized.name;
-  if (
-  // we only need to add the styles to the registered cache if the
-  // class name could be used further down
-  // the tree but if it's a string tag, we know it won't
-  // so we don't have to add it to registered cache.
-  // this improves memory usage since we can avoid storing the whole style string
-  (isStringTag === false ||
-  // we need to always store it if we're in compat mode and
-  // in node since emotion-server relies on whether a style is in
-  // the registered cache to know whether a style is global or not
-  // also, note that this check will be dead code eliminated in the browser
-  emotion_utils_browser_esm_isBrowser === false) && cache.registered[className] === undefined) {
-    cache.registered[className] = serialized.styles;
-  }
-};
-var emotion_utils_browser_esm_insertStyles = function insertStyles(cache, serialized, isStringTag) {
-  emotion_utils_browser_esm_registerStyles(cache, serialized, isStringTag);
-  var className = cache.key + "-" + serialized.name;
-  if (cache.inserted[serialized.name] === undefined) {
-    var current = serialized;
-    do {
-      cache.insert(serialized === current ? "." + className : '', current, cache.sheet, true);
-      current = current.next;
-    } while (current !== undefined);
-  }
-};
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/styled/base/dist/emotion-styled-base.browser.esm.js
-
-
-
-
-
-
-
-var testOmitPropsOnStringTag = isPropValid;
-var testOmitPropsOnComponent = function testOmitPropsOnComponent(key) {
-  return key !== 'theme';
-};
-var getDefaultShouldForwardProp = function getDefaultShouldForwardProp(tag) {
-  return typeof tag === 'string' &&
-  // 96 is one less than the char code
-  // for "a" so this is checking that
-  // it's a lowercase character
-  tag.charCodeAt(0) > 96 ? testOmitPropsOnStringTag : testOmitPropsOnComponent;
-};
-var composeShouldForwardProps = function composeShouldForwardProps(tag, options, isReal) {
-  var shouldForwardProp;
-  if (options) {
-    var optionsShouldForwardProp = options.shouldForwardProp;
-    shouldForwardProp = tag.__emotion_forwardProp && optionsShouldForwardProp ? function (propName) {
-      return tag.__emotion_forwardProp(propName) && optionsShouldForwardProp(propName);
-    } : optionsShouldForwardProp;
-  }
-  if (typeof shouldForwardProp !== 'function' && isReal) {
-    shouldForwardProp = tag.__emotion_forwardProp;
-  }
-  return shouldForwardProp;
-};
-var emotion_styled_base_browser_esm_ILLEGAL_ESCAPE_SEQUENCE_ERROR = "You have illegal escape sequence in your template literal, most likely inside content's property value.\nBecause you write your CSS inside a JavaScript string you actually have to do double escaping, so for example \"content: '\\00d7';\" should become \"content: '\\\\00d7';\".\nYou can read more about this here:\nhttps://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#ES2018_revision_of_illegal_escape_sequences";
-var emotion_styled_base_browser_esm_Insertion = function Insertion(_ref) {
-  var cache = _ref.cache,
-    serialized = _ref.serialized,
-    isStringTag = _ref.isStringTag;
-  emotion_utils_browser_esm_registerStyles(cache, serialized, isStringTag);
-  emotion_use_insertion_effect_with_fallbacks_browser_esm_useInsertionEffectAlwaysWithSyncFallback(function () {
-    return emotion_utils_browser_esm_insertStyles(cache, serialized, isStringTag);
-  });
-  return null;
-};
-var createStyled = function createStyled(tag, options) {
-  if (false) {}
-  var isReal = tag.__emotion_real === tag;
-  var baseTag = isReal && tag.__emotion_base || tag;
-  var identifierName;
-  var targetClassName;
-  if (options !== undefined) {
-    identifierName = options.label;
-    targetClassName = options.target;
-  }
-  var shouldForwardProp = composeShouldForwardProps(tag, options, isReal);
-  var defaultShouldForwardProp = shouldForwardProp || getDefaultShouldForwardProp(baseTag);
-  var shouldUseAs = !defaultShouldForwardProp('as');
-  return function () {
-    var args = arguments;
-    var styles = isReal && tag.__emotion_styles !== undefined ? tag.__emotion_styles.slice(0) : [];
-    if (identifierName !== undefined) {
-      styles.push("label:" + identifierName + ";");
-    }
-    if (args[0] == null || args[0].raw === undefined) {
-      styles.push.apply(styles, args);
-    } else {
-      if (false) {}
-      styles.push(args[0][0]);
-      var len = args.length;
-      var i = 1;
-      for (; i < len; i++) {
-        if (false) {}
-        styles.push(args[i], args[0][i]);
-      }
-    } // $FlowFixMe: we need to cast StatelessFunctionalComponent to our PrivateStyledComponent class
-
-    var Styled = emotion_element_c39617d8_browser_esm_withEmotionCache(function (props, cache, ref) {
-      var FinalTag = shouldUseAs && props.as || baseTag;
-      var className = '';
-      var classInterpolations = [];
-      var mergedProps = props;
-      if (props.theme == null) {
-        mergedProps = {};
-        for (var key in props) {
-          mergedProps[key] = props[key];
-        }
-        mergedProps.theme = react.useContext(emotion_element_c39617d8_browser_esm_ThemeContext);
-      }
-      if (typeof props.className === 'string') {
-        className = emotion_utils_browser_esm_getRegisteredStyles(cache.registered, classInterpolations, props.className);
-      } else if (props.className != null) {
-        className = props.className + " ";
-      }
-      var serialized = emotion_serialize_browser_esm_serializeStyles(styles.concat(classInterpolations), cache.registered, mergedProps);
-      className += cache.key + "-" + serialized.name;
-      if (targetClassName !== undefined) {
-        className += " " + targetClassName;
-      }
-      var finalShouldForwardProp = shouldUseAs && shouldForwardProp === undefined ? getDefaultShouldForwardProp(FinalTag) : defaultShouldForwardProp;
-      var newProps = {};
-      for (var _key in props) {
-        if (shouldUseAs && _key === 'as') continue;
-        if (
-        // $FlowFixMe
-        finalShouldForwardProp(_key)) {
-          newProps[_key] = props[_key];
-        }
-      }
-      newProps.className = className;
-      newProps.ref = ref;
-      return /*#__PURE__*/react.createElement(react.Fragment, null, /*#__PURE__*/react.createElement(emotion_styled_base_browser_esm_Insertion, {
-        cache: cache,
-        serialized: serialized,
-        isStringTag: typeof FinalTag === 'string'
-      }), /*#__PURE__*/react.createElement(FinalTag, newProps));
-    });
-    Styled.displayName = identifierName !== undefined ? identifierName : "Styled(" + (typeof baseTag === 'string' ? baseTag : baseTag.displayName || baseTag.name || 'Component') + ")";
-    Styled.defaultProps = tag.defaultProps;
-    Styled.__emotion_real = Styled;
-    Styled.__emotion_base = baseTag;
-    Styled.__emotion_styles = styles;
-    Styled.__emotion_forwardProp = shouldForwardProp;
-    Object.defineProperty(Styled, 'toString', {
-      value: function value() {
-        if (targetClassName === undefined && "production" !== 'production') {} // $FlowFixMe: coerce undefined to string
-
-        return "." + targetClassName;
-      }
-    });
-    Styled.withComponent = function (nextTag, nextOptions) {
-      return createStyled(nextTag, extends_extends({}, options, nextOptions, {
-        shouldForwardProp: composeShouldForwardProps(Styled, nextOptions, true)
-      })).apply(void 0, styles);
-    };
-    return Styled;
-  };
-};
-
-;// CONCATENATED MODULE: ./node_modules/@emotion/styled/dist/emotion-styled.browser.esm.js
-
-
-
-
-
-
-
-
-var tags = ['a', 'abbr', 'address', 'area', 'article', 'aside', 'audio', 'b', 'base', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br', 'button', 'canvas', 'caption', 'cite', 'code', 'col', 'colgroup', 'data', 'datalist', 'dd', 'del', 'details', 'dfn', 'dialog', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'header', 'hgroup', 'hr', 'html', 'i', 'iframe', 'img', 'input', 'ins', 'kbd', 'keygen', 'label', 'legend', 'li', 'link', 'main', 'map', 'mark', 'marquee', 'menu', 'menuitem', 'meta', 'meter', 'nav', 'noscript', 'object', 'ol', 'optgroup', 'option', 'output', 'p', 'param', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'script', 'section', 'select', 'small', 'source', 'span', 'strong', 'style', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'time', 'title', 'tr', 'track', 'u', 'ul', 'var', 'video', 'wbr',
-// SVG
-'circle', 'clipPath', 'defs', 'ellipse', 'foreignObject', 'g', 'image', 'line', 'linearGradient', 'mask', 'path', 'pattern', 'polygon', 'polyline', 'radialGradient', 'rect', 'stop', 'svg', 'text', 'tspan'];
-var newStyled = createStyled.bind();
-tags.forEach(function (tagName) {
-  // $FlowFixMe: we can ignore this because its exposed type is defined by the CreateStyled type
-  newStyled[tagName] = newStyled(tagName);
-});
-
-;// CONCATENATED MODULE: ./node_modules/@mui/styled-engine/index.js
-/**
- * @mui/styled-engine v5.13.2
- *
- * @license MIT
- * This source code is licensed under the MIT license found in the
- * LICENSE file in the root directory of this source tree.
- */
-/* eslint-disable no-underscore-dangle */
-
-function styled(tag, options) {
-  var stylesFactory = newStyled(tag, options);
-  if (false) {}
-  return stylesFactory;
-}
-
-// eslint-disable-next-line @typescript-eslint/naming-convention
-var internal_processStyles = function internal_processStyles(tag, processor) {
-  // Emotion attaches all the styles as `__emotion_styles`.
-  // Ref: https://github.com/emotion-js/emotion/blob/16d971d0da229596d6bcc39d282ba9753c9ee7cf/packages/styled/src/base.js#L186
-  if (Array.isArray(tag.__emotion_styles)) {
-    tag.__emotion_styles = processor(tag.__emotion_styles);
-  }
-};
-
-
-
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/formatMuiErrorMessage.js
-/**
- * WARNING: Don't import this directly.
- * Use `MuiError` from `@mui/utils/macros/MuiError.macro` instead.
- * @param {number} code
- */
-function formatMuiErrorMessage(code) {
-  // Apply babel-plugin-transform-template-literals in loose mode
-  // loose mode is safe iff we're concatenating primitives
-  // see https://babeljs.io/docs/en/babel-plugin-transform-template-literals#loose
-  /* eslint-disable prefer-template */
-  var url = 'https://mui.com/production-error/?code=' + code;
-  for (var i = 1; i < arguments.length; i += 1) {
-    // rest params over-transpile for this case
-    // eslint-disable-next-line prefer-rest-params
-    url += '&args[]=' + encodeURIComponent(arguments[i]);
-  }
-  return 'Minified MUI error #' + code + '; visit ' + url + ' for the full message.';
-  /* eslint-enable prefer-template */
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/capitalize.js
-
-// It should to be noted that this function isn't equivalent to `text-transform: capitalize`.
-//
-// A strict capitalization should uppercase the first letter of each word in the sentence.
-// We only handle the first word.
-function capitalize(string) {
-  if (typeof string !== 'string') {
-    throw new Error( false ? 0 : formatMuiErrorMessage(7));
-  }
-  return string.charAt(0).toUpperCase() + string.slice(1);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/deepmerge.js
-
-function isPlainObject(item) {
-  return item !== null && typeof item === 'object' && item.constructor === Object;
-}
-function deepClone(source) {
-  if (!isPlainObject(source)) {
-    return source;
-  }
-  var output = {};
-  Object.keys(source).forEach(function (key) {
-    output[key] = deepClone(source[key]);
-  });
-  return output;
-}
-function deepmerge_deepmerge(target, source) {
-  var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
-    clone: true
-  };
-  var output = options.clone ? _objectSpread2({}, target) : target;
-  if (isPlainObject(target) && isPlainObject(source)) {
-    Object.keys(source).forEach(function (key) {
-      // Avoid prototype pollution
-      if (key === '__proto__') {
-        return;
-      }
-      if (isPlainObject(source[key]) && key in target && isPlainObject(target[key])) {
-        // Since `output` is a clone of `target` and we have narrowed `target` in this block we can cast to the same type.
-        output[key] = deepmerge_deepmerge(target[key], source[key], options);
-      } else if (options.clone) {
-        output[key] = isPlainObject(source[key]) ? deepClone(source[key]) : source[key];
-      } else {
-        output[key] = source[key];
-      }
-    });
-  }
-  return output;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/merge.js
-
-function merge_merge(acc, item) {
-  if (!item) {
-    return acc;
-  }
-  return deepmerge_deepmerge(acc, item, {
-    clone: false // No need to clone deep, it's way faster.
-  });
-}
-
-/* harmony default export */ var esm_merge = (merge_merge);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/breakpoints.js
-
-
-
-
-
-
-// The breakpoint **start** at this value.
-// For instance with the first breakpoint xs: [xs, sm[.
-var values = {
-  xs: 0,
-  // phone
-  sm: 600,
-  // tablet
-  md: 900,
-  // small laptop
-  lg: 1200,
-  // desktop
-  xl: 1536 // large screen
-};
-
-var defaultBreakpoints = {
-  // Sorted ASC by size. That's important.
-  // It can't be configured as it's used statically for propTypes.
-  keys: ['xs', 'sm', 'md', 'lg', 'xl'],
-  up: function up(key) {
-    return "@media (min-width:".concat(values[key], "px)");
-  }
-};
-function handleBreakpoints(props, propValue, styleFromPropValue) {
-  var theme = props.theme || {};
-  if (Array.isArray(propValue)) {
-    var themeBreakpoints = theme.breakpoints || defaultBreakpoints;
-    return propValue.reduce(function (acc, item, index) {
-      acc[themeBreakpoints.up(themeBreakpoints.keys[index])] = styleFromPropValue(propValue[index]);
-      return acc;
-    }, {});
-  }
-  if (typeof propValue === 'object') {
-    var _themeBreakpoints = theme.breakpoints || defaultBreakpoints;
-    return Object.keys(propValue).reduce(function (acc, breakpoint) {
-      // key is breakpoint
-      if (Object.keys(_themeBreakpoints.values || values).indexOf(breakpoint) !== -1) {
-        var mediaKey = _themeBreakpoints.up(breakpoint);
-        acc[mediaKey] = styleFromPropValue(propValue[breakpoint], breakpoint);
-      } else {
-        var cssKey = breakpoint;
-        acc[cssKey] = propValue[cssKey];
-      }
-      return acc;
-    }, {});
-  }
-  var output = styleFromPropValue(propValue);
-  return output;
-}
-function breakpoints(styleFunction) {
-  // false positive
-  // eslint-disable-next-line react/function-component-definition
-  var newStyleFunction = function newStyleFunction(props) {
-    var theme = props.theme || {};
-    var base = styleFunction(props);
-    var themeBreakpoints = theme.breakpoints || defaultBreakpoints;
-    var extended = themeBreakpoints.keys.reduce(function (acc, key) {
-      if (props[key]) {
-        acc = acc || {};
-        acc[themeBreakpoints.up(key)] = styleFunction(_extends({
-          theme: theme
-        }, props[key]));
-      }
-      return acc;
-    }, null);
-    return merge(base, extended);
-  };
-  newStyleFunction.propTypes =  false ? 0 : {};
-  newStyleFunction.filterProps = ['xs', 'sm', 'md', 'lg', 'xl'].concat(_toConsumableArray(styleFunction.filterProps));
-  return newStyleFunction;
-}
-function createEmptyBreakpointObject() {
-  var breakpointsInput = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var _breakpointsInput$key;
-  var breakpointsInOrder = (_breakpointsInput$key = breakpointsInput.keys) == null ? void 0 : _breakpointsInput$key.reduce(function (acc, key) {
-    var breakpointStyleKey = breakpointsInput.up(key);
-    acc[breakpointStyleKey] = {};
-    return acc;
-  }, {});
-  return breakpointsInOrder || {};
-}
-function removeUnusedBreakpoints(breakpointKeys, style) {
-  return breakpointKeys.reduce(function (acc, key) {
-    var breakpointOutput = acc[key];
-    var isBreakpointUnused = !breakpointOutput || Object.keys(breakpointOutput).length === 0;
-    if (isBreakpointUnused) {
-      delete acc[key];
-    }
-    return acc;
-  }, style);
-}
-function mergeBreakpointsInOrder(breakpointsInput) {
-  var emptyBreakpoints = createEmptyBreakpointObject(breakpointsInput);
-  for (var _len = arguments.length, styles = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
-    styles[_key - 1] = arguments[_key];
-  }
-  var mergedOutput = [emptyBreakpoints].concat(styles).reduce(function (prev, next) {
-    return deepmerge(prev, next);
-  }, {});
-  return removeUnusedBreakpoints(Object.keys(emptyBreakpoints), mergedOutput);
-}
-
-// compute base for responsive values; e.g.,
-// [1,2,3] => {xs: true, sm: true, md: true}
-// {xs: 1, sm: 2, md: 3} => {xs: true, sm: true, md: true}
-function computeBreakpointsBase(breakpointValues, themeBreakpoints) {
-  // fixed value
-  if (typeof breakpointValues !== 'object') {
-    return {};
-  }
-  var base = {};
-  var breakpointsKeys = Object.keys(themeBreakpoints);
-  if (Array.isArray(breakpointValues)) {
-    breakpointsKeys.forEach(function (breakpoint, i) {
-      if (i < breakpointValues.length) {
-        base[breakpoint] = true;
-      }
-    });
-  } else {
-    breakpointsKeys.forEach(function (breakpoint) {
-      if (breakpointValues[breakpoint] != null) {
-        base[breakpoint] = true;
-      }
-    });
-  }
-  return base;
-}
-function resolveBreakpointValues(_ref) {
-  var breakpointValues = _ref.values,
-    themeBreakpoints = _ref.breakpoints,
-    customBase = _ref.base;
-  var base = customBase || computeBreakpointsBase(breakpointValues, themeBreakpoints);
-  var keys = Object.keys(base);
-  if (keys.length === 0) {
-    return breakpointValues;
-  }
-  var previous;
-  return keys.reduce(function (acc, breakpoint, i) {
-    if (Array.isArray(breakpointValues)) {
-      acc[breakpoint] = breakpointValues[i] != null ? breakpointValues[i] : breakpointValues[previous];
-      previous = i;
-    } else if (typeof breakpointValues === 'object') {
-      acc[breakpoint] = breakpointValues[breakpoint] != null ? breakpointValues[breakpoint] : breakpointValues[previous];
-      previous = breakpoint;
-    } else {
-      acc[breakpoint] = breakpointValues;
-    }
-    return acc;
-  }, {});
-}
-/* harmony default export */ var esm_breakpoints = ((/* unused pure expression or super */ null && (breakpoints)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/style.js
-
-
-
-
-function getPath(obj, path) {
-  var checkVars = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
-  if (!path || typeof path !== 'string') {
-    return null;
-  }
-
-  // Check if CSS variables are used
-  if (obj && obj.vars && checkVars) {
-    var val = "vars.".concat(path).split('.').reduce(function (acc, item) {
-      return acc && acc[item] ? acc[item] : null;
-    }, obj);
-    if (val != null) {
-      return val;
-    }
-  }
-  return path.split('.').reduce(function (acc, item) {
-    if (acc && acc[item] != null) {
-      return acc[item];
-    }
-    return null;
-  }, obj);
-}
-function getStyleValue(themeMapping, transform, propValueFinal) {
-  var userValue = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : propValueFinal;
-  var value;
-  if (typeof themeMapping === 'function') {
-    value = themeMapping(propValueFinal);
-  } else if (Array.isArray(themeMapping)) {
-    value = themeMapping[propValueFinal] || userValue;
-  } else {
-    value = getPath(themeMapping, propValueFinal) || userValue;
-  }
-  if (transform) {
-    value = transform(value, userValue, themeMapping);
-  }
-  return value;
-}
-function style(options) {
-  var prop = options.prop,
-    _options$cssProperty = options.cssProperty,
-    cssProperty = _options$cssProperty === void 0 ? options.prop : _options$cssProperty,
-    themeKey = options.themeKey,
-    transform = options.transform;
-
-  // false positive
-  // eslint-disable-next-line react/function-component-definition
-  var fn = function fn(props) {
-    if (props[prop] == null) {
-      return null;
-    }
-    var propValue = props[prop];
-    var theme = props.theme;
-    var themeMapping = getPath(theme, themeKey) || {};
-    var styleFromPropValue = function styleFromPropValue(propValueFinal) {
-      var value = getStyleValue(themeMapping, transform, propValueFinal);
-      if (propValueFinal === value && typeof propValueFinal === 'string') {
-        // Haven't found value
-        value = getStyleValue(themeMapping, transform, "".concat(prop).concat(propValueFinal === 'default' ? '' : capitalize(propValueFinal)), propValueFinal);
-      }
-      if (cssProperty === false) {
-        return value;
-      }
-      return defineProperty_defineProperty({}, cssProperty, value);
-    };
-    return handleBreakpoints(props, propValue, styleFromPropValue);
-  };
-  fn.propTypes =  false ? 0 : {};
-  fn.filterProps = [prop];
-  return fn;
-}
-/* harmony default export */ var esm_style = (style);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/memoize.js
-function memoize_memoize(fn) {
-  var cache = {};
-  return function (arg) {
-    if (cache[arg] === undefined) {
-      cache[arg] = fn(arg);
-    }
-    return cache[arg];
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/spacing.js
-
-
-
-
-
-
-var properties = {
-  m: 'margin',
-  p: 'padding'
-};
-var directions = {
-  t: 'Top',
-  r: 'Right',
-  b: 'Bottom',
-  l: 'Left',
-  x: ['Left', 'Right'],
-  y: ['Top', 'Bottom']
-};
-var aliases = {
-  marginX: 'mx',
-  marginY: 'my',
-  paddingX: 'px',
-  paddingY: 'py'
-};
-
-// memoize() impact:
-// From 300,000 ops/sec
-// To 350,000 ops/sec
-var getCssProperties = memoize_memoize(function (prop) {
-  // It's not a shorthand notation.
-  if (prop.length > 2) {
-    if (aliases[prop]) {
-      prop = aliases[prop];
-    } else {
-      return [prop];
-    }
-  }
-  var _prop$split = prop.split(''),
-    _prop$split2 = slicedToArray_slicedToArray(_prop$split, 2),
-    a = _prop$split2[0],
-    b = _prop$split2[1];
-  var property = properties[a];
-  var direction = directions[b] || '';
-  return Array.isArray(direction) ? direction.map(function (dir) {
-    return property + dir;
-  }) : [property + direction];
-});
-var marginKeys = ['m', 'mt', 'mr', 'mb', 'ml', 'mx', 'my', 'margin', 'marginTop', 'marginRight', 'marginBottom', 'marginLeft', 'marginX', 'marginY', 'marginInline', 'marginInlineStart', 'marginInlineEnd', 'marginBlock', 'marginBlockStart', 'marginBlockEnd'];
-var paddingKeys = ['p', 'pt', 'pr', 'pb', 'pl', 'px', 'py', 'padding', 'paddingTop', 'paddingRight', 'paddingBottom', 'paddingLeft', 'paddingX', 'paddingY', 'paddingInline', 'paddingInlineStart', 'paddingInlineEnd', 'paddingBlock', 'paddingBlockStart', 'paddingBlockEnd'];
-var spacingKeys = [].concat(marginKeys, paddingKeys);
-function createUnaryUnit(theme, themeKey, defaultValue, propName) {
-  var _getPath;
-  var themeSpacing = (_getPath = getPath(theme, themeKey, false)) != null ? _getPath : defaultValue;
-  if (typeof themeSpacing === 'number') {
-    return function (abs) {
-      if (typeof abs === 'string') {
-        return abs;
-      }
-      if (false) {}
-      return themeSpacing * abs;
-    };
-  }
-  if (Array.isArray(themeSpacing)) {
-    return function (abs) {
-      if (typeof abs === 'string') {
-        return abs;
-      }
-      if (false) {}
-      return themeSpacing[abs];
-    };
-  }
-  if (typeof themeSpacing === 'function') {
-    return themeSpacing;
-  }
-  if (false) {}
-  return function () {
-    return undefined;
-  };
-}
-function createUnarySpacing(theme) {
-  return createUnaryUnit(theme, 'spacing', 8, 'spacing');
-}
-function getValue(transformer, propValue) {
-  if (typeof propValue === 'string' || propValue == null) {
-    return propValue;
-  }
-  var abs = Math.abs(propValue);
-  var transformed = transformer(abs);
-  if (propValue >= 0) {
-    return transformed;
-  }
-  if (typeof transformed === 'number') {
-    return -transformed;
-  }
-  return "-".concat(transformed);
-}
-function getStyleFromPropValue(cssProperties, transformer) {
-  return function (propValue) {
-    return cssProperties.reduce(function (acc, cssProperty) {
-      acc[cssProperty] = getValue(transformer, propValue);
-      return acc;
-    }, {});
-  };
-}
-function resolveCssProperty(props, keys, prop, transformer) {
-  // Using a hash computation over an array iteration could be faster, but with only 28 items,
-  // it's doesn't worth the bundle size.
-  if (keys.indexOf(prop) === -1) {
-    return null;
-  }
-  var cssProperties = getCssProperties(prop);
-  var styleFromPropValue = getStyleFromPropValue(cssProperties, transformer);
-  var propValue = props[prop];
-  return handleBreakpoints(props, propValue, styleFromPropValue);
-}
-function spacing_style(props, keys) {
-  var transformer = createUnarySpacing(props.theme);
-  return Object.keys(props).map(function (prop) {
-    return resolveCssProperty(props, keys, prop, transformer);
-  }).reduce(esm_merge, {});
-}
-function margin(props) {
-  return spacing_style(props, marginKeys);
-}
-margin.propTypes =  false ? 0 : {};
-margin.filterProps = marginKeys;
-function padding(props) {
-  return spacing_style(props, paddingKeys);
-}
-padding.propTypes =  false ? 0 : {};
-padding.filterProps = paddingKeys;
-function spacing(props) {
-  return spacing_style(props, spacingKeys);
-}
-spacing.propTypes =  false ? 0 : {};
-spacing.filterProps = spacingKeys;
-/* harmony default export */ var esm_spacing = ((/* unused pure expression or super */ null && (spacing)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/compose.js
-
-function compose() {
-  for (var _len = arguments.length, styles = new Array(_len), _key = 0; _key < _len; _key++) {
-    styles[_key] = arguments[_key];
-  }
-  var handlers = styles.reduce(function (acc, style) {
-    style.filterProps.forEach(function (prop) {
-      acc[prop] = style;
-    });
-    return acc;
-  }, {});
-
-  // false positive
-  // eslint-disable-next-line react/function-component-definition
-  var fn = function fn(props) {
-    return Object.keys(props).reduce(function (acc, prop) {
-      if (handlers[prop]) {
-        return esm_merge(acc, handlers[prop](props));
-      }
-      return acc;
-    }, {});
-  };
-  fn.propTypes =  false ? 0 : {};
-  fn.filterProps = styles.reduce(function (acc, style) {
-    return acc.concat(style.filterProps);
-  }, []);
-  return fn;
-}
-/* harmony default export */ var esm_compose = (compose);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/borders.js
-
-
-
-
-
-function borderTransform(value) {
-  if (typeof value !== 'number') {
-    return value;
-  }
-  return "".concat(value, "px solid");
-}
-var border = esm_style({
-  prop: 'border',
-  themeKey: 'borders',
-  transform: borderTransform
-});
-var borderTop = esm_style({
-  prop: 'borderTop',
-  themeKey: 'borders',
-  transform: borderTransform
-});
-var borderRight = esm_style({
-  prop: 'borderRight',
-  themeKey: 'borders',
-  transform: borderTransform
-});
-var borderBottom = esm_style({
-  prop: 'borderBottom',
-  themeKey: 'borders',
-  transform: borderTransform
-});
-var borderLeft = esm_style({
-  prop: 'borderLeft',
-  themeKey: 'borders',
-  transform: borderTransform
-});
-var borderColor = esm_style({
-  prop: 'borderColor',
-  themeKey: 'palette'
-});
-var borderTopColor = esm_style({
-  prop: 'borderTopColor',
-  themeKey: 'palette'
-});
-var borderRightColor = esm_style({
-  prop: 'borderRightColor',
-  themeKey: 'palette'
-});
-var borderBottomColor = esm_style({
-  prop: 'borderBottomColor',
-  themeKey: 'palette'
-});
-var borderLeftColor = esm_style({
-  prop: 'borderLeftColor',
-  themeKey: 'palette'
-});
-
-// false positive
-// eslint-disable-next-line react/function-component-definition
-var borderRadius = function borderRadius(props) {
-  if (props.borderRadius !== undefined && props.borderRadius !== null) {
-    var transformer = createUnaryUnit(props.theme, 'shape.borderRadius', 4, 'borderRadius');
-    var styleFromPropValue = function styleFromPropValue(propValue) {
-      return {
-        borderRadius: getValue(transformer, propValue)
-      };
-    };
-    return handleBreakpoints(props, props.borderRadius, styleFromPropValue);
-  }
-  return null;
-};
-borderRadius.propTypes =  false ? 0 : {};
-borderRadius.filterProps = ['borderRadius'];
-var borders = esm_compose(border, borderTop, borderRight, borderBottom, borderLeft, borderColor, borderTopColor, borderRightColor, borderBottomColor, borderLeftColor, borderRadius);
-/* harmony default export */ var esm_borders = ((/* unused pure expression or super */ null && (borders)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/cssGrid.js
-
-
-
-
-
-
-// false positive
-// eslint-disable-next-line react/function-component-definition
-var gap = function gap(props) {
-  if (props.gap !== undefined && props.gap !== null) {
-    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'gap');
-    var styleFromPropValue = function styleFromPropValue(propValue) {
-      return {
-        gap: getValue(transformer, propValue)
-      };
-    };
-    return handleBreakpoints(props, props.gap, styleFromPropValue);
-  }
-  return null;
-};
-gap.propTypes =  false ? 0 : {};
-gap.filterProps = ['gap'];
-
-// false positive
-// eslint-disable-next-line react/function-component-definition
-var columnGap = function columnGap(props) {
-  if (props.columnGap !== undefined && props.columnGap !== null) {
-    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'columnGap');
-    var styleFromPropValue = function styleFromPropValue(propValue) {
-      return {
-        columnGap: getValue(transformer, propValue)
-      };
-    };
-    return handleBreakpoints(props, props.columnGap, styleFromPropValue);
-  }
-  return null;
-};
-columnGap.propTypes =  false ? 0 : {};
-columnGap.filterProps = ['columnGap'];
-
-// false positive
-// eslint-disable-next-line react/function-component-definition
-var rowGap = function rowGap(props) {
-  if (props.rowGap !== undefined && props.rowGap !== null) {
-    var transformer = createUnaryUnit(props.theme, 'spacing', 8, 'rowGap');
-    var styleFromPropValue = function styleFromPropValue(propValue) {
-      return {
-        rowGap: getValue(transformer, propValue)
-      };
-    };
-    return handleBreakpoints(props, props.rowGap, styleFromPropValue);
-  }
-  return null;
-};
-rowGap.propTypes =  false ? 0 : {};
-rowGap.filterProps = ['rowGap'];
-var gridColumn = esm_style({
-  prop: 'gridColumn'
-});
-var gridRow = esm_style({
-  prop: 'gridRow'
-});
-var gridAutoFlow = esm_style({
-  prop: 'gridAutoFlow'
-});
-var gridAutoColumns = esm_style({
-  prop: 'gridAutoColumns'
-});
-var gridAutoRows = esm_style({
-  prop: 'gridAutoRows'
-});
-var gridTemplateColumns = esm_style({
-  prop: 'gridTemplateColumns'
-});
-var gridTemplateRows = esm_style({
-  prop: 'gridTemplateRows'
-});
-var gridTemplateAreas = esm_style({
-  prop: 'gridTemplateAreas'
-});
-var gridArea = esm_style({
-  prop: 'gridArea'
-});
-var grid = esm_compose(gap, columnGap, rowGap, gridColumn, gridRow, gridAutoFlow, gridAutoColumns, gridAutoRows, gridTemplateColumns, gridTemplateRows, gridTemplateAreas, gridArea);
-/* harmony default export */ var cssGrid = ((/* unused pure expression or super */ null && (grid)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/palette.js
-
-
-function paletteTransform(value, userValue) {
-  if (userValue === 'grey') {
-    return userValue;
-  }
-  return value;
-}
-var color = esm_style({
-  prop: 'color',
-  themeKey: 'palette',
-  transform: paletteTransform
-});
-var bgcolor = esm_style({
-  prop: 'bgcolor',
-  cssProperty: 'backgroundColor',
-  themeKey: 'palette',
-  transform: paletteTransform
-});
-var backgroundColor = esm_style({
-  prop: 'backgroundColor',
-  themeKey: 'palette',
-  transform: paletteTransform
-});
-var palette = esm_compose(color, bgcolor, backgroundColor);
-/* harmony default export */ var esm_palette = ((/* unused pure expression or super */ null && (palette)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/sizing.js
-
-
-
-function sizingTransform(value) {
-  return value <= 1 && value !== 0 ? "".concat(value * 100, "%") : value;
-}
-var width = esm_style({
-  prop: 'width',
-  transform: sizingTransform
-});
-var maxWidth = function maxWidth(props) {
-  if (props.maxWidth !== undefined && props.maxWidth !== null) {
-    var styleFromPropValue = function styleFromPropValue(propValue) {
-      var _props$theme, _props$theme$breakpoi, _props$theme$breakpoi2;
-      var breakpoint = ((_props$theme = props.theme) == null ? void 0 : (_props$theme$breakpoi = _props$theme.breakpoints) == null ? void 0 : (_props$theme$breakpoi2 = _props$theme$breakpoi.values) == null ? void 0 : _props$theme$breakpoi2[propValue]) || values[propValue];
-      return {
-        maxWidth: breakpoint || sizingTransform(propValue)
-      };
-    };
-    return handleBreakpoints(props, props.maxWidth, styleFromPropValue);
-  }
-  return null;
-};
-maxWidth.filterProps = ['maxWidth'];
-var minWidth = esm_style({
-  prop: 'minWidth',
-  transform: sizingTransform
-});
-var height = esm_style({
-  prop: 'height',
-  transform: sizingTransform
-});
-var maxHeight = esm_style({
-  prop: 'maxHeight',
-  transform: sizingTransform
-});
-var minHeight = esm_style({
-  prop: 'minHeight',
-  transform: sizingTransform
-});
-var sizeWidth = esm_style({
-  prop: 'size',
-  cssProperty: 'width',
-  transform: sizingTransform
-});
-var sizeHeight = esm_style({
-  prop: 'size',
-  cssProperty: 'height',
-  transform: sizingTransform
-});
-var boxSizing = esm_style({
-  prop: 'boxSizing'
-});
-var sizing = esm_compose(width, maxWidth, minWidth, height, maxHeight, minHeight, boxSizing);
-/* harmony default export */ var esm_sizing = ((/* unused pure expression or super */ null && (sizing)));
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/defaultSxConfig.js
-
-
-
-
-
-var defaultSxConfig = {
-  // borders
-  border: {
-    themeKey: 'borders',
-    transform: borderTransform
-  },
-  borderTop: {
-    themeKey: 'borders',
-    transform: borderTransform
-  },
-  borderRight: {
-    themeKey: 'borders',
-    transform: borderTransform
-  },
-  borderBottom: {
-    themeKey: 'borders',
-    transform: borderTransform
-  },
-  borderLeft: {
-    themeKey: 'borders',
-    transform: borderTransform
-  },
-  borderColor: {
-    themeKey: 'palette'
-  },
-  borderTopColor: {
-    themeKey: 'palette'
-  },
-  borderRightColor: {
-    themeKey: 'palette'
-  },
-  borderBottomColor: {
-    themeKey: 'palette'
-  },
-  borderLeftColor: {
-    themeKey: 'palette'
-  },
-  borderRadius: {
-    themeKey: 'shape.borderRadius',
-    style: borderRadius
-  },
-  // palette
-  color: {
-    themeKey: 'palette',
-    transform: paletteTransform
-  },
-  bgcolor: {
-    themeKey: 'palette',
-    cssProperty: 'backgroundColor',
-    transform: paletteTransform
-  },
-  backgroundColor: {
-    themeKey: 'palette',
-    transform: paletteTransform
-  },
-  // spacing
-  p: {
-    style: padding
-  },
-  pt: {
-    style: padding
-  },
-  pr: {
-    style: padding
-  },
-  pb: {
-    style: padding
-  },
-  pl: {
-    style: padding
-  },
-  px: {
-    style: padding
-  },
-  py: {
-    style: padding
-  },
-  padding: {
-    style: padding
-  },
-  paddingTop: {
-    style: padding
-  },
-  paddingRight: {
-    style: padding
-  },
-  paddingBottom: {
-    style: padding
-  },
-  paddingLeft: {
-    style: padding
-  },
-  paddingX: {
-    style: padding
-  },
-  paddingY: {
-    style: padding
-  },
-  paddingInline: {
-    style: padding
-  },
-  paddingInlineStart: {
-    style: padding
-  },
-  paddingInlineEnd: {
-    style: padding
-  },
-  paddingBlock: {
-    style: padding
-  },
-  paddingBlockStart: {
-    style: padding
-  },
-  paddingBlockEnd: {
-    style: padding
-  },
-  m: {
-    style: margin
-  },
-  mt: {
-    style: margin
-  },
-  mr: {
-    style: margin
-  },
-  mb: {
-    style: margin
-  },
-  ml: {
-    style: margin
-  },
-  mx: {
-    style: margin
-  },
-  my: {
-    style: margin
-  },
-  margin: {
-    style: margin
-  },
-  marginTop: {
-    style: margin
-  },
-  marginRight: {
-    style: margin
-  },
-  marginBottom: {
-    style: margin
-  },
-  marginLeft: {
-    style: margin
-  },
-  marginX: {
-    style: margin
-  },
-  marginY: {
-    style: margin
-  },
-  marginInline: {
-    style: margin
-  },
-  marginInlineStart: {
-    style: margin
-  },
-  marginInlineEnd: {
-    style: margin
-  },
-  marginBlock: {
-    style: margin
-  },
-  marginBlockStart: {
-    style: margin
-  },
-  marginBlockEnd: {
-    style: margin
-  },
-  // display
-  displayPrint: {
-    cssProperty: false,
-    transform: function transform(value) {
-      return {
-        '@media print': {
-          display: value
-        }
-      };
-    }
-  },
-  display: {},
-  overflow: {},
-  textOverflow: {},
-  visibility: {},
-  whiteSpace: {},
-  // flexbox
-  flexBasis: {},
-  flexDirection: {},
-  flexWrap: {},
-  justifyContent: {},
-  alignItems: {},
-  alignContent: {},
-  order: {},
-  flex: {},
-  flexGrow: {},
-  flexShrink: {},
-  alignSelf: {},
-  justifyItems: {},
-  justifySelf: {},
-  // grid
-  gap: {
-    style: gap
-  },
-  rowGap: {
-    style: rowGap
-  },
-  columnGap: {
-    style: columnGap
-  },
-  gridColumn: {},
-  gridRow: {},
-  gridAutoFlow: {},
-  gridAutoColumns: {},
-  gridAutoRows: {},
-  gridTemplateColumns: {},
-  gridTemplateRows: {},
-  gridTemplateAreas: {},
-  gridArea: {},
-  // positions
-  position: {},
-  zIndex: {
-    themeKey: 'zIndex'
-  },
-  top: {},
-  right: {},
-  bottom: {},
-  left: {},
-  // shadows
-  boxShadow: {
-    themeKey: 'shadows'
-  },
-  // sizing
-  width: {
-    transform: sizingTransform
-  },
-  maxWidth: {
-    style: maxWidth
-  },
-  minWidth: {
-    transform: sizingTransform
-  },
-  height: {
-    transform: sizingTransform
-  },
-  maxHeight: {
-    transform: sizingTransform
-  },
-  minHeight: {
-    transform: sizingTransform
-  },
-  boxSizing: {},
-  // typography
-  fontFamily: {
-    themeKey: 'typography'
-  },
-  fontSize: {
-    themeKey: 'typography'
-  },
-  fontStyle: {
-    themeKey: 'typography'
-  },
-  fontWeight: {
-    themeKey: 'typography'
-  },
-  letterSpacing: {},
-  textTransform: {},
-  lineHeight: {},
-  textAlign: {},
-  typography: {
-    cssProperty: false,
-    themeKey: 'typography'
-  }
-};
-/* harmony default export */ var styleFunctionSx_defaultSxConfig = (defaultSxConfig);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/styleFunctionSx.js
-
-
-
-
-
-
-function objectsHaveSameKeys() {
-  for (var _len = arguments.length, objects = new Array(_len), _key = 0; _key < _len; _key++) {
-    objects[_key] = arguments[_key];
-  }
-  var allKeys = objects.reduce(function (keys, object) {
-    return keys.concat(Object.keys(object));
-  }, []);
-  var union = new Set(allKeys);
-  return objects.every(function (object) {
-    return union.size === Object.keys(object).length;
-  });
-}
-function callIfFn(maybeFn, arg) {
-  return typeof maybeFn === 'function' ? maybeFn(arg) : maybeFn;
-}
-
-// eslint-disable-next-line @typescript-eslint/naming-convention
-function unstable_createStyleFunctionSx() {
-  function getThemeValue(prop, val, theme, config) {
-    var _props;
-    var props = (_props = {}, defineProperty_defineProperty(_props, prop, val), defineProperty_defineProperty(_props, "theme", theme), _props);
-    var options = config[prop];
-    if (!options) {
-      return defineProperty_defineProperty({}, prop, val);
-    }
-    var _options$cssProperty = options.cssProperty,
-      cssProperty = _options$cssProperty === void 0 ? prop : _options$cssProperty,
-      themeKey = options.themeKey,
-      transform = options.transform,
-      style = options.style;
-    if (val == null) {
-      return null;
-    }
-    if (themeKey === 'typography' && val === 'inherit') {
-      return defineProperty_defineProperty({}, prop, val);
-    }
-    var themeMapping = getPath(theme, themeKey) || {};
-    if (style) {
-      return style(props);
-    }
-    var styleFromPropValue = function styleFromPropValue(propValueFinal) {
-      var value = getStyleValue(themeMapping, transform, propValueFinal);
-      if (propValueFinal === value && typeof propValueFinal === 'string') {
-        // Haven't found value
-        value = getStyleValue(themeMapping, transform, "".concat(prop).concat(propValueFinal === 'default' ? '' : capitalize(propValueFinal)), propValueFinal);
-      }
-      if (cssProperty === false) {
-        return value;
-      }
-      return defineProperty_defineProperty({}, cssProperty, value);
-    };
-    return handleBreakpoints(props, val, styleFromPropValue);
-  }
-  function styleFunctionSx(props) {
-    var _theme$unstable_sxCon;
-    var _ref4 = props || {},
-      sx = _ref4.sx,
-      _ref4$theme = _ref4.theme,
-      theme = _ref4$theme === void 0 ? {} : _ref4$theme;
-    if (!sx) {
-      return null; // Emotion & styled-components will neglect null
-    }
-
-    var config = (_theme$unstable_sxCon = theme.unstable_sxConfig) != null ? _theme$unstable_sxCon : styleFunctionSx_defaultSxConfig;
-
-    /*
-     * Receive `sxInput` as object or callback
-     * and then recursively check keys & values to create media query object styles.
-     * (the result will be used in `styled`)
-     */
-    function traverse(sxInput) {
-      var sxObject = sxInput;
-      if (typeof sxInput === 'function') {
-        sxObject = sxInput(theme);
-      } else if (typeof sxInput !== 'object') {
-        // value
-        return sxInput;
-      }
-      if (!sxObject) {
-        return null;
-      }
-      var emptyBreakpoints = createEmptyBreakpointObject(theme.breakpoints);
-      var breakpointsKeys = Object.keys(emptyBreakpoints);
-      var css = emptyBreakpoints;
-      Object.keys(sxObject).forEach(function (styleKey) {
-        var value = callIfFn(sxObject[styleKey], theme);
-        if (value !== null && value !== undefined) {
-          if (typeof value === 'object') {
-            if (config[styleKey]) {
-              css = esm_merge(css, getThemeValue(styleKey, value, theme, config));
-            } else {
-              var breakpointsValues = handleBreakpoints({
-                theme: theme
-              }, value, function (x) {
-                return defineProperty_defineProperty({}, styleKey, x);
-              });
-              if (objectsHaveSameKeys(breakpointsValues, value)) {
-                css[styleKey] = styleFunctionSx({
-                  sx: value,
-                  theme: theme
-                });
-              } else {
-                css = esm_merge(css, breakpointsValues);
-              }
-            }
-          } else {
-            css = esm_merge(css, getThemeValue(styleKey, value, theme, config));
-          }
-        }
-      });
-      return removeUnusedBreakpoints(breakpointsKeys, css);
-    }
-    return Array.isArray(sx) ? sx.map(traverse) : traverse(sx);
-  }
-  return styleFunctionSx;
-}
-var styleFunctionSx = unstable_createStyleFunctionSx();
-styleFunctionSx.filterProps = ['sx'];
-/* harmony default export */ var styleFunctionSx_styleFunctionSx = (styleFunctionSx);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/styleFunctionSx/extendSxProp.js
-
-
-
-var extendSxProp_excluded = ["sx"];
-
-
-var splitProps = function splitProps(props) {
-  var _props$theme$unstable, _props$theme;
-  var result = {
-    systemProps: {},
-    otherProps: {}
-  };
-  var config = (_props$theme$unstable = props == null ? void 0 : (_props$theme = props.theme) == null ? void 0 : _props$theme.unstable_sxConfig) != null ? _props$theme$unstable : styleFunctionSx_defaultSxConfig;
-  Object.keys(props).forEach(function (prop) {
-    if (config[prop]) {
-      result.systemProps[prop] = props[prop];
-    } else {
-      result.otherProps[prop] = props[prop];
-    }
-  });
-  return result;
-};
-function extendSxProp(props) {
-  var inSx = props.sx,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, extendSxProp_excluded);
-  var _splitProps = splitProps(other),
-    systemProps = _splitProps.systemProps,
-    otherProps = _splitProps.otherProps;
-  var finalSx;
-  if (Array.isArray(inSx)) {
-    finalSx = [systemProps].concat(toConsumableArray_toConsumableArray(inSx));
-  } else if (typeof inSx === 'function') {
-    finalSx = function finalSx() {
-      var result = inSx.apply(void 0, arguments);
-      if (!isPlainObject(result)) {
-        return systemProps;
-      }
-      return extends_extends({}, systemProps, result);
-    };
-  } else {
-    finalSx = extends_extends({}, systemProps, inSx);
-  }
-  return extends_extends({}, otherProps, {
-    sx: finalSx
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createBreakpoints.js
-
-
-
-var createBreakpoints_excluded = ["values", "unit", "step"];
-// Sorted ASC by size. That's important.
-// It can't be configured as it's used statically for propTypes.
-var breakpointKeys = (/* unused pure expression or super */ null && (['xs', 'sm', 'md', 'lg', 'xl']));
-var sortBreakpointsValues = function sortBreakpointsValues(values) {
-  var breakpointsAsArray = Object.keys(values).map(function (key) {
-    return {
-      key: key,
-      val: values[key]
-    };
-  }) || [];
-  // Sort in ascending order
-  breakpointsAsArray.sort(function (breakpoint1, breakpoint2) {
-    return breakpoint1.val - breakpoint2.val;
-  });
-  return breakpointsAsArray.reduce(function (acc, obj) {
-    return extends_extends({}, acc, defineProperty_defineProperty({}, obj.key, obj.val));
-  }, {});
-};
-
-// Keep in mind that @media is inclusive by the CSS specification.
-function createBreakpoints(breakpoints) {
-  var _breakpoints$values = breakpoints.values,
-    values = _breakpoints$values === void 0 ? {
-      xs: 0,
-      // phone
-      sm: 600,
-      // tablet
-      md: 900,
-      // small laptop
-      lg: 1200,
-      // desktop
-      xl: 1536 // large screen
-    } : _breakpoints$values,
-    _breakpoints$unit = breakpoints.unit,
-    unit = _breakpoints$unit === void 0 ? 'px' : _breakpoints$unit,
-    _breakpoints$step = breakpoints.step,
-    step = _breakpoints$step === void 0 ? 5 : _breakpoints$step,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(breakpoints, createBreakpoints_excluded);
-  var sortedValues = sortBreakpointsValues(values);
-  var keys = Object.keys(sortedValues);
-  function up(key) {
-    var value = typeof values[key] === 'number' ? values[key] : key;
-    return "@media (min-width:".concat(value).concat(unit, ")");
-  }
-  function down(key) {
-    var value = typeof values[key] === 'number' ? values[key] : key;
-    return "@media (max-width:".concat(value - step / 100).concat(unit, ")");
-  }
-  function between(start, end) {
-    var endIndex = keys.indexOf(end);
-    return "@media (min-width:".concat(typeof values[start] === 'number' ? values[start] : start).concat(unit, ") and ") + "(max-width:".concat((endIndex !== -1 && typeof values[keys[endIndex]] === 'number' ? values[keys[endIndex]] : end) - step / 100).concat(unit, ")");
-  }
-  function only(key) {
-    if (keys.indexOf(key) + 1 < keys.length) {
-      return between(key, keys[keys.indexOf(key) + 1]);
-    }
-    return up(key);
-  }
-  function not(key) {
-    // handle first and last key separately, for better readability
-    var keyIndex = keys.indexOf(key);
-    if (keyIndex === 0) {
-      return up(keys[1]);
-    }
-    if (keyIndex === keys.length - 1) {
-      return down(keys[keyIndex]);
-    }
-    return between(key, keys[keys.indexOf(key) + 1]).replace('@media', '@media not all and');
-  }
-  return extends_extends({
-    keys: keys,
-    values: sortedValues,
-    up: up,
-    down: down,
-    between: between,
-    only: only,
-    not: not,
-    unit: unit
-  }, other);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/shape.js
-var shape = {
-  borderRadius: 4
-};
-/* harmony default export */ var createTheme_shape = (shape);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createSpacing.js
-
-
-// The different signatures imply different meaning for their arguments that can't be expressed structurally.
-// We express the difference with variable names.
-/* tslint:disable:unified-signatures */
-/* tslint:enable:unified-signatures */
-
-function createSpacing() {
-  var spacingInput = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 8;
-  // Already transformed.
-  if (spacingInput.mui) {
-    return spacingInput;
-  }
-
-  // Material Design layouts are visually balanced. Most measurements align to an 8dp grid, which aligns both spacing and the overall layout.
-  // Smaller components, such as icons, can align to a 4dp grid.
-  // https://m2.material.io/design/layout/understanding-layout.html
-  var transform = createUnarySpacing({
-    spacing: spacingInput
-  });
-  var spacing = function spacing() {
-    for (var _len = arguments.length, argsInput = new Array(_len), _key = 0; _key < _len; _key++) {
-      argsInput[_key] = arguments[_key];
-    }
-    if (false) {}
-    var args = argsInput.length === 0 ? [1] : argsInput;
-    return args.map(function (argument) {
-      var output = transform(argument);
-      return typeof output === 'number' ? "".concat(output, "px") : output;
-    }).join(' ');
-  };
-  spacing.mui = true;
-  return spacing;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createTheme/createTheme.js
-
-
-var createTheme_excluded = ["breakpoints", "palette", "spacing", "shape"];
-
-
-
-
-
-
-function createTheme() {
-  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var _options$breakpoints = options.breakpoints,
-    breakpointsInput = _options$breakpoints === void 0 ? {} : _options$breakpoints,
-    _options$palette = options.palette,
-    paletteInput = _options$palette === void 0 ? {} : _options$palette,
-    spacingInput = options.spacing,
-    _options$shape = options.shape,
-    shapeInput = _options$shape === void 0 ? {} : _options$shape,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, createTheme_excluded);
-  var breakpoints = createBreakpoints(breakpointsInput);
-  var spacing = createSpacing(spacingInput);
-  var muiTheme = deepmerge_deepmerge({
-    breakpoints: breakpoints,
-    direction: 'ltr',
-    components: {},
-    // Inject component definitions.
-    palette: extends_extends({
-      mode: 'light'
-    }, paletteInput),
-    spacing: spacing,
-    shape: extends_extends({}, createTheme_shape, shapeInput)
-  }, other);
-  for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
-    args[_key - 1] = arguments[_key];
-  }
-  muiTheme = args.reduce(function (acc, argument) {
-    return deepmerge_deepmerge(acc, argument);
-  }, muiTheme);
-  muiTheme.unstable_sxConfig = extends_extends({}, styleFunctionSx_defaultSxConfig, other == null ? void 0 : other.unstable_sxConfig);
-  muiTheme.unstable_sx = function sx(props) {
-    return styleFunctionSx_styleFunctionSx({
-      sx: props,
-      theme: this
-    });
-  };
-  return muiTheme;
-}
-/* harmony default export */ var createTheme_createTheme = (createTheme);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useTheme.js
-
-
-var systemDefaultTheme = createTheme_createTheme();
-function useTheme_useTheme() {
-  var defaultTheme = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : systemDefaultTheme;
-  return useThemeWithoutDefault(defaultTheme);
-}
-/* harmony default export */ var esm_useTheme = (useTheme_useTheme);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createBox.js
-
-
-var createBox_excluded = ["className", "component"];
-
-
-
-
-
-
-function createBox() {
-  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var themeId = options.themeId,
-    defaultTheme = options.defaultTheme,
-    _options$defaultClass = options.defaultClassName,
-    defaultClassName = _options$defaultClass === void 0 ? 'MuiBox-root' : _options$defaultClass,
-    generateClassName = options.generateClassName;
-  var BoxRoot = styled('div', {
-    shouldForwardProp: function shouldForwardProp(prop) {
-      return prop !== 'theme' && prop !== 'sx' && prop !== 'as';
-    }
-  })(styleFunctionSx_styleFunctionSx);
-  var Box = /*#__PURE__*/react.forwardRef(function Box(inProps, ref) {
-    var theme = esm_useTheme(defaultTheme);
-    var _extendSxProp = extendSxProp(inProps),
-      className = _extendSxProp.className,
-      _extendSxProp$compone = _extendSxProp.component,
-      component = _extendSxProp$compone === void 0 ? 'div' : _extendSxProp$compone,
-      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_extendSxProp, createBox_excluded);
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(BoxRoot, extends_extends({
-      as: component,
-      ref: ref,
-      className: clsx_m(className, generateClassName ? generateClassName(defaultClassName) : defaultClassName),
-      theme: themeId ? theme[themeId] || theme : theme
-    }, other));
-  });
-  return Box;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ClassNameGenerator/ClassNameGenerator.js
-var defaultGenerator = function defaultGenerator(componentName) {
-  return componentName;
-};
-var createClassNameGenerator = function createClassNameGenerator() {
-  var _generate = defaultGenerator;
-  return {
-    configure: function configure(generator) {
-      _generate = generator;
-    },
-    generate: function generate(componentName) {
-      return _generate(componentName);
-    },
-    reset: function reset() {
-      _generate = defaultGenerator;
-    }
-  };
-};
-var ClassNameGenerator = createClassNameGenerator();
-/* harmony default export */ var ClassNameGenerator_ClassNameGenerator = (ClassNameGenerator);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createMixins.js
-
-
-function createMixins(breakpoints, mixins) {
-  var _toolbar;
-  return extends_extends({
-    toolbar: (_toolbar = {
-      minHeight: 56
-    }, defineProperty_defineProperty(_toolbar, breakpoints.up('xs'), {
-      '@media (orientation: landscape)': {
-        minHeight: 48
-      }
-    }), defineProperty_defineProperty(_toolbar, breakpoints.up('sm'), {
-      minHeight: 64
-    }), _toolbar)
-  }, mixins);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/colorManipulator.js
-
-/* eslint-disable @typescript-eslint/naming-convention */
-/**
- * Returns a number whose value is limited to the given range.
- * @param {number} value The value to be clamped
- * @param {number} min The lower boundary of the output range
- * @param {number} max The upper boundary of the output range
- * @returns {number} A number in the range [min, max]
- */
-function clamp(value) {
-  var min = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0;
-  var max = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 1;
-  if (false) {}
-  return Math.min(Math.max(min, value), max);
-}
-
-/**
- * Converts a color from CSS hex format to CSS rgb format.
- * @param {string} color - Hex color, i.e. #nnn or #nnnnnn
- * @returns {string} A CSS rgb color string
- */
-function hexToRgb(color) {
-  color = color.slice(1);
-  var re = new RegExp(".{1,".concat(color.length >= 6 ? 2 : 1, "}"), 'g');
-  var colors = color.match(re);
-  if (colors && colors[0].length === 1) {
-    colors = colors.map(function (n) {
-      return n + n;
-    });
-  }
-  return colors ? "rgb".concat(colors.length === 4 ? 'a' : '', "(").concat(colors.map(function (n, index) {
-    return index < 3 ? parseInt(n, 16) : Math.round(parseInt(n, 16) / 255 * 1000) / 1000;
-  }).join(', '), ")") : '';
-}
-function intToHex(int) {
-  var hex = int.toString(16);
-  return hex.length === 1 ? "0".concat(hex) : hex;
-}
-
-/**
- * Returns an object with the type and values of a color.
- *
- * Note: Does not support rgb % values.
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @returns {object} - A MUI color object: {type: string, values: number[]}
- */
-function decomposeColor(color) {
-  // Idempotent
-  if (color.type) {
-    return color;
-  }
-  if (color.charAt(0) === '#') {
-    return decomposeColor(hexToRgb(color));
-  }
-  var marker = color.indexOf('(');
-  var type = color.substring(0, marker);
-  if (['rgb', 'rgba', 'hsl', 'hsla', 'color'].indexOf(type) === -1) {
-    throw new Error( false ? 0 : formatMuiErrorMessage(9, color));
-  }
-  var values = color.substring(marker + 1, color.length - 1);
-  var colorSpace;
-  if (type === 'color') {
-    values = values.split(' ');
-    colorSpace = values.shift();
-    if (values.length === 4 && values[3].charAt(0) === '/') {
-      values[3] = values[3].slice(1);
-    }
-    if (['srgb', 'display-p3', 'a98-rgb', 'prophoto-rgb', 'rec-2020'].indexOf(colorSpace) === -1) {
-      throw new Error( false ? 0 : formatMuiErrorMessage(10, colorSpace));
-    }
-  } else {
-    values = values.split(',');
-  }
-  values = values.map(function (value) {
-    return parseFloat(value);
-  });
-  return {
-    type: type,
-    values: values,
-    colorSpace: colorSpace
-  };
-}
-
-/**
- * Returns a channel created from the input color.
- *
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @returns {string} - The channel for the color, that can be used in rgba or hsla colors
- */
-var colorChannel = function colorChannel(color) {
-  var decomposedColor = decomposeColor(color);
-  return decomposedColor.values.slice(0, 3).map(function (val, idx) {
-    return decomposedColor.type.indexOf('hsl') !== -1 && idx !== 0 ? "".concat(val, "%") : val;
-  }).join(' ');
-};
-var private_safeColorChannel = function private_safeColorChannel(color, warning) {
-  try {
-    return colorChannel(color);
-  } catch (error) {
-    if (warning && "production" !== 'production') {}
-    return color;
-  }
-};
-
-/**
- * Converts a color object with type and values to a string.
- * @param {object} color - Decomposed color
- * @param {string} color.type - One of: 'rgb', 'rgba', 'hsl', 'hsla', 'color'
- * @param {array} color.values - [n,n,n] or [n,n,n,n]
- * @returns {string} A CSS color string
- */
-function recomposeColor(color) {
-  var type = color.type,
-    colorSpace = color.colorSpace;
-  var values = color.values;
-  if (type.indexOf('rgb') !== -1) {
-    // Only convert the first 3 values to int (i.e. not alpha)
-    values = values.map(function (n, i) {
-      return i < 3 ? parseInt(n, 10) : n;
-    });
-  } else if (type.indexOf('hsl') !== -1) {
-    values[1] = "".concat(values[1], "%");
-    values[2] = "".concat(values[2], "%");
-  }
-  if (type.indexOf('color') !== -1) {
-    values = "".concat(colorSpace, " ").concat(values.join(' '));
-  } else {
-    values = "".concat(values.join(', '));
-  }
-  return "".concat(type, "(").concat(values, ")");
-}
-
-/**
- * Converts a color from CSS rgb format to CSS hex format.
- * @param {string} color - RGB color, i.e. rgb(n, n, n)
- * @returns {string} A CSS rgb color string, i.e. #nnnnnn
- */
-function rgbToHex(color) {
-  // Idempotent
-  if (color.indexOf('#') === 0) {
-    return color;
-  }
-  var _decomposeColor = decomposeColor(color),
-    values = _decomposeColor.values;
-  return "#".concat(values.map(function (n, i) {
-    return intToHex(i === 3 ? Math.round(255 * n) : n);
-  }).join(''));
-}
-
-/**
- * Converts a color from hsl format to rgb format.
- * @param {string} color - HSL color values
- * @returns {string} rgb color values
- */
-function hslToRgb(color) {
-  color = decomposeColor(color);
-  var _color = color,
-    values = _color.values;
-  var h = values[0];
-  var s = values[1] / 100;
-  var l = values[2] / 100;
-  var a = s * Math.min(l, 1 - l);
-  var f = function f(n) {
-    var k = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : (n + h / 30) % 12;
-    return l - a * Math.max(Math.min(k - 3, 9 - k, 1), -1);
-  };
-  var type = 'rgb';
-  var rgb = [Math.round(f(0) * 255), Math.round(f(8) * 255), Math.round(f(4) * 255)];
-  if (color.type === 'hsla') {
-    type += 'a';
-    rgb.push(values[3]);
-  }
-  return recomposeColor({
-    type: type,
-    values: rgb
-  });
-}
-/**
- * The relative brightness of any point in a color space,
- * normalized to 0 for darkest black and 1 for lightest white.
- *
- * Formula: https://www.w3.org/TR/WCAG20-TECHS/G17.html#G17-tests
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @returns {number} The relative brightness of the color in the range 0 - 1
- */
-function getLuminance(color) {
-  color = decomposeColor(color);
-  var rgb = color.type === 'hsl' || color.type === 'hsla' ? decomposeColor(hslToRgb(color)).values : color.values;
-  rgb = rgb.map(function (val) {
-    if (color.type !== 'color') {
-      val /= 255; // normalized
-    }
-
-    return val <= 0.03928 ? val / 12.92 : Math.pow((val + 0.055) / 1.055, 2.4);
-  });
-
-  // Truncate at 3 digits
-  return Number((0.2126 * rgb[0] + 0.7152 * rgb[1] + 0.0722 * rgb[2]).toFixed(3));
-}
-
-/**
- * Calculates the contrast ratio between two colors.
- *
- * Formula: https://www.w3.org/TR/WCAG20-TECHS/G17.html#G17-tests
- * @param {string} foreground - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla()
- * @param {string} background - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla()
- * @returns {number} A contrast ratio value in the range 0 - 21.
- */
-function getContrastRatio(foreground, background) {
-  var lumA = getLuminance(foreground);
-  var lumB = getLuminance(background);
-  return (Math.max(lumA, lumB) + 0.05) / (Math.min(lumA, lumB) + 0.05);
-}
-
-/**
- * Sets the absolute transparency of a color.
- * Any existing alpha values are overwritten.
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @param {number} value - value to set the alpha channel to in the range 0 - 1
- * @returns {string} A CSS color string. Hex input values are returned as rgb
- */
-function alpha(color, value) {
-  color = decomposeColor(color);
-  value = clamp(value);
-  if (color.type === 'rgb' || color.type === 'hsl') {
-    color.type += 'a';
-  }
-  if (color.type === 'color') {
-    color.values[3] = "/".concat(value);
-  } else {
-    color.values[3] = value;
-  }
-  return recomposeColor(color);
-}
-function private_safeAlpha(color, value, warning) {
-  try {
-    return alpha(color, value);
-  } catch (error) {
-    if (warning && "production" !== 'production') {}
-    return color;
-  }
-}
-
-/**
- * Darkens a color.
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @param {number} coefficient - multiplier in the range 0 - 1
- * @returns {string} A CSS color string. Hex input values are returned as rgb
- */
-function darken(color, coefficient) {
-  color = decomposeColor(color);
-  coefficient = clamp(coefficient);
-  if (color.type.indexOf('hsl') !== -1) {
-    color.values[2] *= 1 - coefficient;
-  } else if (color.type.indexOf('rgb') !== -1 || color.type.indexOf('color') !== -1) {
-    for (var i = 0; i < 3; i += 1) {
-      color.values[i] *= 1 - coefficient;
-    }
-  }
-  return recomposeColor(color);
-}
-function private_safeDarken(color, coefficient, warning) {
-  try {
-    return darken(color, coefficient);
-  } catch (error) {
-    if (warning && "production" !== 'production') {}
-    return color;
-  }
-}
-
-/**
- * Lightens a color.
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @param {number} coefficient - multiplier in the range 0 - 1
- * @returns {string} A CSS color string. Hex input values are returned as rgb
- */
-function lighten(color, coefficient) {
-  color = decomposeColor(color);
-  coefficient = clamp(coefficient);
-  if (color.type.indexOf('hsl') !== -1) {
-    color.values[2] += (100 - color.values[2]) * coefficient;
-  } else if (color.type.indexOf('rgb') !== -1) {
-    for (var i = 0; i < 3; i += 1) {
-      color.values[i] += (255 - color.values[i]) * coefficient;
-    }
-  } else if (color.type.indexOf('color') !== -1) {
-    for (var _i = 0; _i < 3; _i += 1) {
-      color.values[_i] += (1 - color.values[_i]) * coefficient;
-    }
-  }
-  return recomposeColor(color);
-}
-function private_safeLighten(color, coefficient, warning) {
-  try {
-    return lighten(color, coefficient);
-  } catch (error) {
-    if (warning && "production" !== 'production') {}
-    return color;
-  }
-}
-
-/**
- * Darken or lighten a color, depending on its luminance.
- * Light colors are darkened, dark colors are lightened.
- * @param {string} color - CSS color, i.e. one of: #nnn, #nnnnnn, rgb(), rgba(), hsl(), hsla(), color()
- * @param {number} coefficient=0.15 - multiplier in the range 0 - 1
- * @returns {string} A CSS color string. Hex input values are returned as rgb
- */
-function emphasize(color) {
-  var coefficient = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0.15;
-  return getLuminance(color) > 0.5 ? darken(color, coefficient) : lighten(color, coefficient);
-}
-function private_safeEmphasize(color, coefficient, warning) {
-  try {
-    return private_safeEmphasize(color, coefficient);
-  } catch (error) {
-    if (warning && "production" !== 'production') {}
-    return color;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/common.js
-var common = {
-  black: '#000',
-  white: '#fff'
-};
-/* harmony default export */ var colors_common = (common);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/grey.js
-var grey = {
-  50: '#fafafa',
-  100: '#f5f5f5',
-  200: '#eeeeee',
-  300: '#e0e0e0',
-  400: '#bdbdbd',
-  500: '#9e9e9e',
-  600: '#757575',
-  700: '#616161',
-  800: '#424242',
-  900: '#212121',
-  A100: '#f5f5f5',
-  A200: '#eeeeee',
-  A400: '#bdbdbd',
-  A700: '#616161'
-};
-/* harmony default export */ var colors_grey = (grey);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/purple.js
-var purple = {
-  50: '#f3e5f5',
-  100: '#e1bee7',
-  200: '#ce93d8',
-  300: '#ba68c8',
-  400: '#ab47bc',
-  500: '#9c27b0',
-  600: '#8e24aa',
-  700: '#7b1fa2',
-  800: '#6a1b9a',
-  900: '#4a148c',
-  A100: '#ea80fc',
-  A200: '#e040fb',
-  A400: '#d500f9',
-  A700: '#aa00ff'
-};
-/* harmony default export */ var colors_purple = (purple);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/red.js
-var red = {
-  50: '#ffebee',
-  100: '#ffcdd2',
-  200: '#ef9a9a',
-  300: '#e57373',
-  400: '#ef5350',
-  500: '#f44336',
-  600: '#e53935',
-  700: '#d32f2f',
-  800: '#c62828',
-  900: '#b71c1c',
-  A100: '#ff8a80',
-  A200: '#ff5252',
-  A400: '#ff1744',
-  A700: '#d50000'
-};
-/* harmony default export */ var colors_red = (red);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/orange.js
-var orange = {
-  50: '#fff3e0',
-  100: '#ffe0b2',
-  200: '#ffcc80',
-  300: '#ffb74d',
-  400: '#ffa726',
-  500: '#ff9800',
-  600: '#fb8c00',
-  700: '#f57c00',
-  800: '#ef6c00',
-  900: '#e65100',
-  A100: '#ffd180',
-  A200: '#ffab40',
-  A400: '#ff9100',
-  A700: '#ff6d00'
-};
-/* harmony default export */ var colors_orange = (orange);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/blue.js
-var blue = {
-  50: '#e3f2fd',
-  100: '#bbdefb',
-  200: '#90caf9',
-  300: '#64b5f6',
-  400: '#42a5f5',
-  500: '#2196f3',
-  600: '#1e88e5',
-  700: '#1976d2',
-  800: '#1565c0',
-  900: '#0d47a1',
-  A100: '#82b1ff',
-  A200: '#448aff',
-  A400: '#2979ff',
-  A700: '#2962ff'
-};
-/* harmony default export */ var colors_blue = (blue);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/lightBlue.js
-var lightBlue = {
-  50: '#e1f5fe',
-  100: '#b3e5fc',
-  200: '#81d4fa',
-  300: '#4fc3f7',
-  400: '#29b6f6',
-  500: '#03a9f4',
-  600: '#039be5',
-  700: '#0288d1',
-  800: '#0277bd',
-  900: '#01579b',
-  A100: '#80d8ff',
-  A200: '#40c4ff',
-  A400: '#00b0ff',
-  A700: '#0091ea'
-};
-/* harmony default export */ var colors_lightBlue = (lightBlue);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/colors/green.js
-var green = {
-  50: '#e8f5e9',
-  100: '#c8e6c9',
-  200: '#a5d6a7',
-  300: '#81c784',
-  400: '#66bb6a',
-  500: '#4caf50',
-  600: '#43a047',
-  700: '#388e3c',
-  800: '#2e7d32',
-  900: '#1b5e20',
-  A100: '#b9f6ca',
-  A200: '#69f0ae',
-  A400: '#00e676',
-  A700: '#00c853'
-};
-/* harmony default export */ var colors_green = (green);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createPalette.js
-
-
-
-var createPalette_excluded = ["mode", "contrastThreshold", "tonalOffset"];
-
-
-
-
-
-
-
-
-
-
-var light = {
-  // The colors used to style the text.
-  text: {
-    // The most important text.
-    primary: 'rgba(0, 0, 0, 0.87)',
-    // Secondary text.
-    secondary: 'rgba(0, 0, 0, 0.6)',
-    // Disabled text have even lower visual prominence.
-    disabled: 'rgba(0, 0, 0, 0.38)'
-  },
-  // The color used to divide different elements.
-  divider: 'rgba(0, 0, 0, 0.12)',
-  // The background colors used to style the surfaces.
-  // Consistency between these values is important.
-  background: {
-    paper: colors_common.white,
-    default: colors_common.white
-  },
-  // The colors used to style the action elements.
-  action: {
-    // The color of an active action like an icon button.
-    active: 'rgba(0, 0, 0, 0.54)',
-    // The color of an hovered action.
-    hover: 'rgba(0, 0, 0, 0.04)',
-    hoverOpacity: 0.04,
-    // The color of a selected action.
-    selected: 'rgba(0, 0, 0, 0.08)',
-    selectedOpacity: 0.08,
-    // The color of a disabled action.
-    disabled: 'rgba(0, 0, 0, 0.26)',
-    // The background color of a disabled action.
-    disabledBackground: 'rgba(0, 0, 0, 0.12)',
-    disabledOpacity: 0.38,
-    focus: 'rgba(0, 0, 0, 0.12)',
-    focusOpacity: 0.12,
-    activatedOpacity: 0.12
-  }
-};
-var dark = {
-  text: {
-    primary: colors_common.white,
-    secondary: 'rgba(255, 255, 255, 0.7)',
-    disabled: 'rgba(255, 255, 255, 0.5)',
-    icon: 'rgba(255, 255, 255, 0.5)'
-  },
-  divider: 'rgba(255, 255, 255, 0.12)',
-  background: {
-    paper: '#121212',
-    default: '#121212'
-  },
-  action: {
-    active: colors_common.white,
-    hover: 'rgba(255, 255, 255, 0.08)',
-    hoverOpacity: 0.08,
-    selected: 'rgba(255, 255, 255, 0.16)',
-    selectedOpacity: 0.16,
-    disabled: 'rgba(255, 255, 255, 0.3)',
-    disabledBackground: 'rgba(255, 255, 255, 0.12)',
-    disabledOpacity: 0.38,
-    focus: 'rgba(255, 255, 255, 0.12)',
-    focusOpacity: 0.12,
-    activatedOpacity: 0.24
-  }
-};
-function addLightOrDark(intent, direction, shade, tonalOffset) {
-  var tonalOffsetLight = tonalOffset.light || tonalOffset;
-  var tonalOffsetDark = tonalOffset.dark || tonalOffset * 1.5;
-  if (!intent[direction]) {
-    if (intent.hasOwnProperty(shade)) {
-      intent[direction] = intent[shade];
-    } else if (direction === 'light') {
-      intent.light = lighten(intent.main, tonalOffsetLight);
-    } else if (direction === 'dark') {
-      intent.dark = darken(intent.main, tonalOffsetDark);
-    }
-  }
-}
-function getDefaultPrimary() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_blue[200],
-      light: colors_blue[50],
-      dark: colors_blue[400]
-    };
-  }
-  return {
-    main: colors_blue[700],
-    light: colors_blue[400],
-    dark: colors_blue[800]
-  };
-}
-function getDefaultSecondary() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_purple[200],
-      light: colors_purple[50],
-      dark: colors_purple[400]
-    };
-  }
-  return {
-    main: colors_purple[500],
-    light: colors_purple[300],
-    dark: colors_purple[700]
-  };
-}
-function getDefaultError() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_red[500],
-      light: colors_red[300],
-      dark: colors_red[700]
-    };
-  }
-  return {
-    main: colors_red[700],
-    light: colors_red[400],
-    dark: colors_red[800]
-  };
-}
-function getDefaultInfo() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_lightBlue[400],
-      light: colors_lightBlue[300],
-      dark: colors_lightBlue[700]
-    };
-  }
-  return {
-    main: colors_lightBlue[700],
-    light: colors_lightBlue[500],
-    dark: colors_lightBlue[900]
-  };
-}
-function getDefaultSuccess() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_green[400],
-      light: colors_green[300],
-      dark: colors_green[700]
-    };
-  }
-  return {
-    main: colors_green[800],
-    light: colors_green[500],
-    dark: colors_green[900]
-  };
-}
-function getDefaultWarning() {
-  var mode = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'light';
-  if (mode === 'dark') {
-    return {
-      main: colors_orange[400],
-      light: colors_orange[300],
-      dark: colors_orange[700]
-    };
-  }
-  return {
-    main: '#ed6c02',
-    // closest to orange[800] that pass 3:1.
-    light: colors_orange[500],
-    dark: colors_orange[900]
-  };
-}
-function createPalette(palette) {
-  var _palette$mode = palette.mode,
-    mode = _palette$mode === void 0 ? 'light' : _palette$mode,
-    _palette$contrastThre = palette.contrastThreshold,
-    contrastThreshold = _palette$contrastThre === void 0 ? 3 : _palette$contrastThre,
-    _palette$tonalOffset = palette.tonalOffset,
-    tonalOffset = _palette$tonalOffset === void 0 ? 0.2 : _palette$tonalOffset,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(palette, createPalette_excluded);
-  var primary = palette.primary || getDefaultPrimary(mode);
-  var secondary = palette.secondary || getDefaultSecondary(mode);
-  var error = palette.error || getDefaultError(mode);
-  var info = palette.info || getDefaultInfo(mode);
-  var success = palette.success || getDefaultSuccess(mode);
-  var warning = palette.warning || getDefaultWarning(mode);
-
-  // Use the same logic as
-  // Bootstrap: https://github.com/twbs/bootstrap/blob/1d6e3710dd447de1a200f29e8fa521f8a0908f70/scss/_functions.scss#L59
-  // and material-components-web https://github.com/material-components/material-components-web/blob/ac46b8863c4dab9fc22c4c662dc6bd1b65dd652f/packages/mdc-theme/_functions.scss#L54
-  function getContrastText(background) {
-    var contrastText = getContrastRatio(background, dark.text.primary) >= contrastThreshold ? dark.text.primary : light.text.primary;
-    if (false) { var contrast; }
-    return contrastText;
-  }
-  var augmentColor = function augmentColor(_ref) {
-    var color = _ref.color,
-      name = _ref.name,
-      _ref$mainShade = _ref.mainShade,
-      mainShade = _ref$mainShade === void 0 ? 500 : _ref$mainShade,
-      _ref$lightShade = _ref.lightShade,
-      lightShade = _ref$lightShade === void 0 ? 300 : _ref$lightShade,
-      _ref$darkShade = _ref.darkShade,
-      darkShade = _ref$darkShade === void 0 ? 700 : _ref$darkShade;
-    color = extends_extends({}, color);
-    if (!color.main && color[mainShade]) {
-      color.main = color[mainShade];
-    }
-    if (!color.hasOwnProperty('main')) {
-      throw new Error( false ? 0 : formatMuiErrorMessage(11, name ? " (".concat(name, ")") : '', mainShade));
-    }
-    if (typeof color.main !== 'string') {
-      throw new Error( false ? 0 : formatMuiErrorMessage(12, name ? " (".concat(name, ")") : '', JSON.stringify(color.main)));
-    }
-    addLightOrDark(color, 'light', lightShade, tonalOffset);
-    addLightOrDark(color, 'dark', darkShade, tonalOffset);
-    if (!color.contrastText) {
-      color.contrastText = getContrastText(color.main);
-    }
-    return color;
-  };
-  var modes = {
-    dark: dark,
-    light: light
-  };
-  if (false) {}
-  var paletteOutput = deepmerge_deepmerge(extends_extends({
-    // A collection of common colors.
-    common: extends_extends({}, colors_common),
-    // prevent mutable object.
-    // The palette mode, can be light or dark.
-    mode: mode,
-    // The colors used to represent primary interface elements for a user.
-    primary: augmentColor({
-      color: primary,
-      name: 'primary'
-    }),
-    // The colors used to represent secondary interface elements for a user.
-    secondary: augmentColor({
-      color: secondary,
-      name: 'secondary',
-      mainShade: 'A400',
-      lightShade: 'A200',
-      darkShade: 'A700'
-    }),
-    // The colors used to represent interface elements that the user should be made aware of.
-    error: augmentColor({
-      color: error,
-      name: 'error'
-    }),
-    // The colors used to represent potentially dangerous actions or important messages.
-    warning: augmentColor({
-      color: warning,
-      name: 'warning'
-    }),
-    // The colors used to present information to the user that is neutral and not necessarily important.
-    info: augmentColor({
-      color: info,
-      name: 'info'
-    }),
-    // The colors used to indicate the successful completion of an action that user triggered.
-    success: augmentColor({
-      color: success,
-      name: 'success'
-    }),
-    // The grey colors.
-    grey: colors_grey,
-    // Used by `getContrastText()` to maximize the contrast between
-    // the background and the text.
-    contrastThreshold: contrastThreshold,
-    // Takes a background color and returns the text color that maximizes the contrast.
-    getContrastText: getContrastText,
-    // Generate a rich color object.
-    augmentColor: augmentColor,
-    // Used by the functions below to shift a color's luminance by approximately
-    // two indexes within its tonal palette.
-    // E.g., shift from Red 500 to Red 300 or Red 700.
-    tonalOffset: tonalOffset
-  }, modes[mode]), other);
-  return paletteOutput;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTypography.js
-
-
-var createTypography_excluded = ["fontFamily", "fontSize", "fontWeightLight", "fontWeightRegular", "fontWeightMedium", "fontWeightBold", "htmlFontSize", "allVariants", "pxToRem"];
-
-function round(value) {
-  return Math.round(value * 1e5) / 1e5;
-}
-var caseAllCaps = {
-  textTransform: 'uppercase'
-};
-var defaultFontFamily = '"Roboto", "Helvetica", "Arial", sans-serif';
-
-/**
- * @see @link{https://m2.material.io/design/typography/the-type-system.html}
- * @see @link{https://m2.material.io/design/typography/understanding-typography.html}
- */
-function createTypography(palette, typography) {
-  var _ref = typeof typography === 'function' ? typography(palette) : typography,
-    _ref$fontFamily = _ref.fontFamily,
-    fontFamily = _ref$fontFamily === void 0 ? defaultFontFamily : _ref$fontFamily,
-    _ref$fontSize = _ref.fontSize,
-    fontSize = _ref$fontSize === void 0 ? 14 : _ref$fontSize,
-    _ref$fontWeightLight = _ref.fontWeightLight,
-    fontWeightLight = _ref$fontWeightLight === void 0 ? 300 : _ref$fontWeightLight,
-    _ref$fontWeightRegula = _ref.fontWeightRegular,
-    fontWeightRegular = _ref$fontWeightRegula === void 0 ? 400 : _ref$fontWeightRegula,
-    _ref$fontWeightMedium = _ref.fontWeightMedium,
-    fontWeightMedium = _ref$fontWeightMedium === void 0 ? 500 : _ref$fontWeightMedium,
-    _ref$fontWeightBold = _ref.fontWeightBold,
-    fontWeightBold = _ref$fontWeightBold === void 0 ? 700 : _ref$fontWeightBold,
-    _ref$htmlFontSize = _ref.htmlFontSize,
-    htmlFontSize = _ref$htmlFontSize === void 0 ? 16 : _ref$htmlFontSize,
-    allVariants = _ref.allVariants,
-    pxToRem2 = _ref.pxToRem,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, createTypography_excluded);
-  if (false) {}
-  var coef = fontSize / 14;
-  var pxToRem = pxToRem2 || function (size) {
-    return "".concat(size / htmlFontSize * coef, "rem");
-  };
-  var buildVariant = function buildVariant(fontWeight, size, lineHeight, letterSpacing, casing) {
-    return extends_extends({
-      fontFamily: fontFamily,
-      fontWeight: fontWeight,
-      fontSize: pxToRem(size),
-      // Unitless following https://meyerweb.com/eric/thoughts/2006/02/08/unitless-line-heights/
-      lineHeight: lineHeight
-    }, fontFamily === defaultFontFamily ? {
-      letterSpacing: "".concat(round(letterSpacing / size), "em")
-    } : {}, casing, allVariants);
-  };
-  var variants = {
-    h1: buildVariant(fontWeightLight, 96, 1.167, -1.5),
-    h2: buildVariant(fontWeightLight, 60, 1.2, -0.5),
-    h3: buildVariant(fontWeightRegular, 48, 1.167, 0),
-    h4: buildVariant(fontWeightRegular, 34, 1.235, 0.25),
-    h5: buildVariant(fontWeightRegular, 24, 1.334, 0),
-    h6: buildVariant(fontWeightMedium, 20, 1.6, 0.15),
-    subtitle1: buildVariant(fontWeightRegular, 16, 1.75, 0.15),
-    subtitle2: buildVariant(fontWeightMedium, 14, 1.57, 0.1),
-    body1: buildVariant(fontWeightRegular, 16, 1.5, 0.15),
-    body2: buildVariant(fontWeightRegular, 14, 1.43, 0.15),
-    button: buildVariant(fontWeightMedium, 14, 1.75, 0.4, caseAllCaps),
-    caption: buildVariant(fontWeightRegular, 12, 1.66, 0.4),
-    overline: buildVariant(fontWeightRegular, 12, 2.66, 1, caseAllCaps),
-    inherit: {
-      fontFamily: 'inherit',
-      fontWeight: 'inherit',
-      fontSize: 'inherit',
-      lineHeight: 'inherit',
-      letterSpacing: 'inherit'
-    }
-  };
-  return deepmerge_deepmerge(extends_extends({
-    htmlFontSize: htmlFontSize,
-    pxToRem: pxToRem,
-    fontFamily: fontFamily,
-    fontSize: fontSize,
-    fontWeightLight: fontWeightLight,
-    fontWeightRegular: fontWeightRegular,
-    fontWeightMedium: fontWeightMedium,
-    fontWeightBold: fontWeightBold
-  }, variants), other, {
-    clone: false // No need to clone deep
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/shadows.js
-var shadowKeyUmbraOpacity = 0.2;
-var shadowKeyPenumbraOpacity = 0.14;
-var shadowAmbientShadowOpacity = 0.12;
-function createShadow() {
-  return ["".concat(arguments.length <= 0 ? undefined : arguments[0], "px ").concat(arguments.length <= 1 ? undefined : arguments[1], "px ").concat(arguments.length <= 2 ? undefined : arguments[2], "px ").concat(arguments.length <= 3 ? undefined : arguments[3], "px rgba(0,0,0,").concat(shadowKeyUmbraOpacity, ")"), "".concat(arguments.length <= 4 ? undefined : arguments[4], "px ").concat(arguments.length <= 5 ? undefined : arguments[5], "px ").concat(arguments.length <= 6 ? undefined : arguments[6], "px ").concat(arguments.length <= 7 ? undefined : arguments[7], "px rgba(0,0,0,").concat(shadowKeyPenumbraOpacity, ")"), "".concat(arguments.length <= 8 ? undefined : arguments[8], "px ").concat(arguments.length <= 9 ? undefined : arguments[9], "px ").concat(arguments.length <= 10 ? undefined : arguments[10], "px ").concat(arguments.length <= 11 ? undefined : arguments[11], "px rgba(0,0,0,").concat(shadowAmbientShadowOpacity, ")")].join(',');
-}
-
-// Values from https://github.com/material-components/material-components-web/blob/be8747f94574669cb5e7add1a7c54fa41a89cec7/packages/mdc-elevation/_variables.scss
-var shadows = ['none', createShadow(0, 2, 1, -1, 0, 1, 1, 0, 0, 1, 3, 0), createShadow(0, 3, 1, -2, 0, 2, 2, 0, 0, 1, 5, 0), createShadow(0, 3, 3, -2, 0, 3, 4, 0, 0, 1, 8, 0), createShadow(0, 2, 4, -1, 0, 4, 5, 0, 0, 1, 10, 0), createShadow(0, 3, 5, -1, 0, 5, 8, 0, 0, 1, 14, 0), createShadow(0, 3, 5, -1, 0, 6, 10, 0, 0, 1, 18, 0), createShadow(0, 4, 5, -2, 0, 7, 10, 1, 0, 2, 16, 1), createShadow(0, 5, 5, -3, 0, 8, 10, 1, 0, 3, 14, 2), createShadow(0, 5, 6, -3, 0, 9, 12, 1, 0, 3, 16, 2), createShadow(0, 6, 6, -3, 0, 10, 14, 1, 0, 4, 18, 3), createShadow(0, 6, 7, -4, 0, 11, 15, 1, 0, 4, 20, 3), createShadow(0, 7, 8, -4, 0, 12, 17, 2, 0, 5, 22, 4), createShadow(0, 7, 8, -4, 0, 13, 19, 2, 0, 5, 24, 4), createShadow(0, 7, 9, -4, 0, 14, 21, 2, 0, 5, 26, 4), createShadow(0, 8, 9, -5, 0, 15, 22, 2, 0, 6, 28, 5), createShadow(0, 8, 10, -5, 0, 16, 24, 2, 0, 6, 30, 5), createShadow(0, 8, 11, -5, 0, 17, 26, 2, 0, 6, 32, 5), createShadow(0, 9, 11, -5, 0, 18, 28, 2, 0, 7, 34, 6), createShadow(0, 9, 12, -6, 0, 19, 29, 2, 0, 7, 36, 6), createShadow(0, 10, 13, -6, 0, 20, 31, 3, 0, 8, 38, 7), createShadow(0, 10, 13, -6, 0, 21, 33, 3, 0, 8, 40, 7), createShadow(0, 10, 14, -6, 0, 22, 35, 3, 0, 8, 42, 7), createShadow(0, 11, 14, -7, 0, 23, 36, 3, 0, 9, 44, 8), createShadow(0, 11, 15, -7, 0, 24, 38, 3, 0, 9, 46, 8)];
-/* harmony default export */ var styles_shadows = (shadows);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTransitions.js
-
-
-var createTransitions_excluded = ["duration", "easing", "delay"];
-// Follow https://material.google.com/motion/duration-easing.html#duration-easing-natural-easing-curves
-// to learn the context in which each easing should be used.
-var easing = {
-  // This is the most common easing curve.
-  easeInOut: 'cubic-bezier(0.4, 0, 0.2, 1)',
-  // Objects enter the screen at full velocity from off-screen and
-  // slowly decelerate to a resting point.
-  easeOut: 'cubic-bezier(0.0, 0, 0.2, 1)',
-  // Objects leave the screen at full velocity. They do not decelerate when off-screen.
-  easeIn: 'cubic-bezier(0.4, 0, 1, 1)',
-  // The sharp curve is used by objects that may return to the screen at any time.
-  sharp: 'cubic-bezier(0.4, 0, 0.6, 1)'
-};
-
-// Follow https://m2.material.io/guidelines/motion/duration-easing.html#duration-easing-common-durations
-// to learn when use what timing
-var duration = {
-  shortest: 150,
-  shorter: 200,
-  short: 250,
-  // most basic recommended timing
-  standard: 300,
-  // this is to be used in complex animations
-  complex: 375,
-  // recommended when something is entering screen
-  enteringScreen: 225,
-  // recommended when something is leaving screen
-  leavingScreen: 195
-};
-function formatMs(milliseconds) {
-  return "".concat(Math.round(milliseconds), "ms");
-}
-function getAutoHeightDuration(height) {
-  if (!height) {
-    return 0;
-  }
-  var constant = height / 36;
-
-  // https://www.wolframalpha.com/input/?i=(4+%2B+15+*+(x+%2F+36+)+**+0.25+%2B+(x+%2F+36)+%2F+5)+*+10
-  return Math.round((4 + 15 * Math.pow(constant, 0.25) + constant / 5) * 10);
-}
-function createTransitions(inputTransitions) {
-  var mergedEasing = extends_extends({}, easing, inputTransitions.easing);
-  var mergedDuration = extends_extends({}, duration, inputTransitions.duration);
-  var create = function create() {
-    var props = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : ['all'];
-    var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-    var _options$duration = options.duration,
-      durationOption = _options$duration === void 0 ? mergedDuration.standard : _options$duration,
-      _options$easing = options.easing,
-      easingOption = _options$easing === void 0 ? mergedEasing.easeInOut : _options$easing,
-      _options$delay = options.delay,
-      delay = _options$delay === void 0 ? 0 : _options$delay,
-      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, createTransitions_excluded);
-    if (false) { var isNumber, isString; }
-    return (Array.isArray(props) ? props : [props]).map(function (animatedProp) {
-      return "".concat(animatedProp, " ").concat(typeof durationOption === 'string' ? durationOption : formatMs(durationOption), " ").concat(easingOption, " ").concat(typeof delay === 'string' ? delay : formatMs(delay));
-    }).join(',');
-  };
-  return extends_extends({
-    getAutoHeightDuration: getAutoHeightDuration,
-    create: create
-  }, inputTransitions, {
-    easing: mergedEasing,
-    duration: mergedDuration
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/zIndex.js
-// We need to centralize the zIndex definitions as they work
-// like global values in the browser.
-var zIndex = {
-  mobileStepper: 1000,
-  fab: 1050,
-  speedDial: 1050,
-  appBar: 1100,
-  drawer: 1200,
-  modal: 1300,
-  snackbar: 1400,
-  tooltip: 1500
-};
-/* harmony default export */ var styles_zIndex = (zIndex);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/createTheme.js
-
-
-
-
-var styles_createTheme_excluded = ["breakpoints", "mixins", "spacing", "palette", "transitions", "typography", "shape"];
-
-
-
-
-
-
-
-
-
-function styles_createTheme_createTheme() {
-  var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var _options$mixins = options.mixins,
-    mixinsInput = _options$mixins === void 0 ? {} : _options$mixins,
-    _options$palette = options.palette,
-    paletteInput = _options$palette === void 0 ? {} : _options$palette,
-    _options$transitions = options.transitions,
-    transitionsInput = _options$transitions === void 0 ? {} : _options$transitions,
-    _options$typography = options.typography,
-    typographyInput = _options$typography === void 0 ? {} : _options$typography,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(options, styles_createTheme_excluded);
-  if (options.vars) {
-    throw new Error( false ? 0 : formatMuiErrorMessage(18));
-  }
-  var palette = createPalette(paletteInput);
-  var systemTheme = createTheme_createTheme(options);
-  var muiTheme = deepmerge_deepmerge(systemTheme, {
-    mixins: createMixins(systemTheme.breakpoints, mixinsInput),
-    palette: palette,
-    // Don't use [...shadows] until you've verified its transpiled code is not invoking the iterator protocol.
-    shadows: styles_shadows.slice(),
-    typography: createTypography(palette, typographyInput),
-    transitions: createTransitions(transitionsInput),
-    zIndex: extends_extends({}, styles_zIndex)
-  });
-  muiTheme = deepmerge_deepmerge(muiTheme, other);
-  for (var _len = arguments.length, args = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
-    args[_key - 1] = arguments[_key];
-  }
-  muiTheme = args.reduce(function (acc, argument) {
-    return deepmerge_deepmerge(acc, argument);
-  }, muiTheme);
-  if (false) { var traverse, stateClasses; }
-  muiTheme.unstable_sxConfig = extends_extends({}, styleFunctionSx_defaultSxConfig, other == null ? void 0 : other.unstable_sxConfig);
-  muiTheme.unstable_sx = function sx(props) {
-    return styleFunctionSx_styleFunctionSx({
-      sx: props,
-      theme: this
-    });
-  };
-  return muiTheme;
-}
-var warnedOnce = false;
-function createMuiTheme() {
-  if (false) {}
-  return styles_createTheme_createTheme.apply(void 0, arguments);
-}
-/* harmony default export */ var styles_createTheme = (styles_createTheme_createTheme);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Box/Box.js
-
-
-
-
-
-var defaultTheme = styles_createTheme();
-var Box_Box = createBox({
-  themeId: styles_identifier,
-  defaultTheme: defaultTheme,
-  defaultClassName: 'MuiBox-root',
-  generateClassName: ClassNameGenerator_ClassNameGenerator.generate
-});
- false ? 0 : void 0;
-/* harmony default export */ var material_Box_Box = (Box_Box);
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/propsToClassKey.js
-
-var propsToClassKey_excluded = ["variant"];
-
-function isEmpty(string) {
-  return string.length === 0;
-}
-
-/**
- * Generates string classKey based on the properties provided. It starts with the
- * variant if defined, and then it appends all other properties in alphabetical order.
- * @param {object} props - the properties for which the classKey should be created.
- */
-function propsToClassKey(props) {
-  var variant = props.variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, propsToClassKey_excluded);
-  var classKey = variant || '';
-  Object.keys(other).sort().forEach(function (key) {
-    if (key === 'color') {
-      classKey += isEmpty(classKey) ? props[key] : capitalize(props[key]);
-    } else {
-      classKey += "".concat(isEmpty(classKey) ? key : capitalize(key)).concat(capitalize(props[key].toString()));
-    }
-  });
-  return classKey;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/createStyled.js
-
-
-
-
-var createStyled_excluded = ["name", "slot", "skipVariantsResolver", "skipSx", "overridesResolver"];
-/* eslint-disable no-underscore-dangle */
-
-
-
-
-
-function createStyled_isEmpty(obj) {
-  return Object.keys(obj).length === 0;
-}
-
-// https://github.com/emotion-js/emotion/blob/26ded6109fcd8ca9875cc2ce4564fee678a3f3c5/packages/styled/src/utils.js#L40
-function isStringTag(tag) {
-  return typeof tag === 'string' &&
-  // 96 is one less than the char code
-  // for "a" so this is checking that
-  // it's a lowercase character
-  tag.charCodeAt(0) > 96;
-}
-var getStyleOverrides = function getStyleOverrides(name, theme) {
-  if (theme.components && theme.components[name] && theme.components[name].styleOverrides) {
-    return theme.components[name].styleOverrides;
-  }
-  return null;
-};
-var getVariantStyles = function getVariantStyles(name, theme) {
-  var variants = [];
-  if (theme && theme.components && theme.components[name] && theme.components[name].variants) {
-    variants = theme.components[name].variants;
-  }
-  var variantsStyles = {};
-  variants.forEach(function (definition) {
-    var key = propsToClassKey(definition.props);
-    variantsStyles[key] = definition.style;
-  });
-  return variantsStyles;
-};
-var variantsResolver = function variantsResolver(props, styles, theme, name) {
-  var _theme$components, _theme$components$nam;
-  var _props$ownerState = props.ownerState,
-    ownerState = _props$ownerState === void 0 ? {} : _props$ownerState;
-  var variantsStyles = [];
-  var themeVariants = theme == null ? void 0 : (_theme$components = theme.components) == null ? void 0 : (_theme$components$nam = _theme$components[name]) == null ? void 0 : _theme$components$nam.variants;
-  if (themeVariants) {
-    themeVariants.forEach(function (themeVariant) {
-      var isMatch = true;
-      Object.keys(themeVariant.props).forEach(function (key) {
-        if (ownerState[key] !== themeVariant.props[key] && props[key] !== themeVariant.props[key]) {
-          isMatch = false;
-        }
-      });
-      if (isMatch) {
-        variantsStyles.push(styles[propsToClassKey(themeVariant.props)]);
-      }
-    });
-  }
-  return variantsStyles;
-};
-
-// Update /system/styled/#api in case if this changes
-function createStyled_shouldForwardProp(prop) {
-  return prop !== 'ownerState' && prop !== 'theme' && prop !== 'sx' && prop !== 'as';
-}
-var createStyled_systemDefaultTheme = createTheme_createTheme();
-var lowercaseFirstLetter = function lowercaseFirstLetter(string) {
-  return string.charAt(0).toLowerCase() + string.slice(1);
-};
-function resolveTheme(_ref) {
-  var defaultTheme = _ref.defaultTheme,
-    theme = _ref.theme,
-    themeId = _ref.themeId;
-  return createStyled_isEmpty(theme) ? defaultTheme : theme[themeId] || theme;
-}
-function createStyled_createStyled() {
-  var input = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-  var themeId = input.themeId,
-    _input$defaultTheme = input.defaultTheme,
-    defaultTheme = _input$defaultTheme === void 0 ? createStyled_systemDefaultTheme : _input$defaultTheme,
-    _input$rootShouldForw = input.rootShouldForwardProp,
-    rootShouldForwardProp = _input$rootShouldForw === void 0 ? createStyled_shouldForwardProp : _input$rootShouldForw,
-    _input$slotShouldForw = input.slotShouldForwardProp,
-    slotShouldForwardProp = _input$slotShouldForw === void 0 ? createStyled_shouldForwardProp : _input$slotShouldForw;
-  var systemSx = function systemSx(props) {
-    return styleFunctionSx_styleFunctionSx(extends_extends({}, props, {
-      theme: resolveTheme(extends_extends({}, props, {
-        defaultTheme: defaultTheme,
-        themeId: themeId
-      }))
-    }));
-  };
-  systemSx.__mui_systemSx = true;
-  return function (tag) {
-    var inputOptions = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-    // Filter out the `sx` style function from the previous styled component to prevent unnecessary styles generated by the composite components.
-    internal_processStyles(tag, function (styles) {
-      return styles.filter(function (style) {
-        return !(style != null && style.__mui_systemSx);
-      });
-    });
-    var componentName = inputOptions.name,
-      componentSlot = inputOptions.slot,
-      inputSkipVariantsResolver = inputOptions.skipVariantsResolver,
-      inputSkipSx = inputOptions.skipSx,
-      overridesResolver = inputOptions.overridesResolver,
-      options = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(inputOptions, createStyled_excluded);
-
-    // if skipVariantsResolver option is defined, take the value, otherwise, true for root and false for other slots.
-    var skipVariantsResolver = inputSkipVariantsResolver !== undefined ? inputSkipVariantsResolver : componentSlot && componentSlot !== 'Root' || false;
-    var skipSx = inputSkipSx || false;
-    var label;
-    if (false) {}
-    var shouldForwardPropOption = createStyled_shouldForwardProp;
-    if (componentSlot === 'Root') {
-      shouldForwardPropOption = rootShouldForwardProp;
-    } else if (componentSlot) {
-      // any other slot specified
-      shouldForwardPropOption = slotShouldForwardProp;
-    } else if (isStringTag(tag)) {
-      // for string (html) tag, preserve the behavior in emotion & styled-components.
-      shouldForwardPropOption = undefined;
-    }
-    var defaultStyledResolver = styled(tag, extends_extends({
-      shouldForwardProp: shouldForwardPropOption,
-      label: label
-    }, options));
-    var muiStyledResolver = function muiStyledResolver(styleArg) {
-      for (var _len = arguments.length, expressions = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++) {
-        expressions[_key - 1] = arguments[_key];
-      }
-      var expressionsWithDefaultTheme = expressions ? expressions.map(function (stylesArg) {
-        // On the server Emotion doesn't use React.forwardRef for creating components, so the created
-        // component stays as a function. This condition makes sure that we do not interpolate functions
-        // which are basically components used as a selectors.
-        return typeof stylesArg === 'function' && stylesArg.__emotion_real !== stylesArg ? function (props) {
-          return stylesArg(extends_extends({}, props, {
-            theme: resolveTheme(extends_extends({}, props, {
-              defaultTheme: defaultTheme,
-              themeId: themeId
-            }))
-          }));
-        } : stylesArg;
-      }) : [];
-      var transformedStyleArg = styleArg;
-      if (componentName && overridesResolver) {
-        expressionsWithDefaultTheme.push(function (props) {
-          var theme = resolveTheme(extends_extends({}, props, {
-            defaultTheme: defaultTheme,
-            themeId: themeId
-          }));
-          var styleOverrides = getStyleOverrides(componentName, theme);
-          if (styleOverrides) {
-            var resolvedStyleOverrides = {};
-            Object.entries(styleOverrides).forEach(function (_ref2) {
-              var _ref3 = slicedToArray_slicedToArray(_ref2, 2),
-                slotKey = _ref3[0],
-                slotStyle = _ref3[1];
-              resolvedStyleOverrides[slotKey] = typeof slotStyle === 'function' ? slotStyle(extends_extends({}, props, {
-                theme: theme
-              })) : slotStyle;
-            });
-            return overridesResolver(props, resolvedStyleOverrides);
-          }
-          return null;
-        });
-      }
-      if (componentName && !skipVariantsResolver) {
-        expressionsWithDefaultTheme.push(function (props) {
-          var theme = resolveTheme(extends_extends({}, props, {
-            defaultTheme: defaultTheme,
-            themeId: themeId
-          }));
-          return variantsResolver(props, getVariantStyles(componentName, theme), theme, componentName);
-        });
-      }
-      if (!skipSx) {
-        expressionsWithDefaultTheme.push(systemSx);
-      }
-      var numOfCustomFnsApplied = expressionsWithDefaultTheme.length - expressions.length;
-      if (Array.isArray(styleArg) && numOfCustomFnsApplied > 0) {
-        var placeholders = new Array(numOfCustomFnsApplied).fill('');
-        // If the type is array, than we need to add placeholders in the template for the overrides, variants and the sx styles.
-        transformedStyleArg = [].concat(toConsumableArray_toConsumableArray(styleArg), toConsumableArray_toConsumableArray(placeholders));
-        transformedStyleArg.raw = [].concat(toConsumableArray_toConsumableArray(styleArg.raw), toConsumableArray_toConsumableArray(placeholders));
-      } else if (typeof styleArg === 'function' &&
-      // On the server Emotion doesn't use React.forwardRef for creating components, so the created
-      // component stays as a function. This condition makes sure that we do not interpolate functions
-      // which are basically components used as a selectors.
-      styleArg.__emotion_real !== styleArg) {
-        // If the type is function, we need to define the default theme.
-        transformedStyleArg = function transformedStyleArg(props) {
-          return styleArg(extends_extends({}, props, {
-            theme: resolveTheme(extends_extends({}, props, {
-              defaultTheme: defaultTheme,
-              themeId: themeId
-            }))
-          }));
-        };
-      }
-      var Component = defaultStyledResolver.apply(void 0, [transformedStyleArg].concat(toConsumableArray_toConsumableArray(expressionsWithDefaultTheme)));
-      if (false) { var displayName; }
-      if (tag.muiName) {
-        Component.muiName = tag.muiName;
-      }
-      return Component;
-    };
-    if (defaultStyledResolver.withConfig) {
-      muiStyledResolver.withConfig = defaultStyledResolver.withConfig;
-    }
-    return muiStyledResolver;
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/defaultTheme.js
-
-var defaultTheme_defaultTheme = styles_createTheme();
-/* harmony default export */ var styles_defaultTheme = (defaultTheme_defaultTheme);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/styled.js
-
-
-
-var rootShouldForwardProp = function rootShouldForwardProp(prop) {
-  return createStyled_shouldForwardProp(prop) && prop !== 'classes';
-};
-var slotShouldForwardProp = (/* unused pure expression or super */ null && (shouldForwardProp));
-var styled_styled = createStyled_createStyled({
-  themeId: styles_identifier,
-  defaultTheme: styles_defaultTheme,
-  rootShouldForwardProp: rootShouldForwardProp
-});
-/* harmony default export */ var styles_styled = (styled_styled);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/useTheme.js
-
-
-
-
-function styles_useTheme_useTheme() {
-  var theme = esm_useTheme(styles_defaultTheme);
-  if (false) {}
-  return theme[styles_identifier] || theme;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/composeClasses/composeClasses.js
-function composeClasses(slots, getUtilityClass) {
-  var classes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : undefined;
-  var output = {};
-  Object.keys(slots).forEach(
-  // `Objet.keys(slots)` can't be wider than `T` because we infer `T` from `slots`.
-  // @ts-expect-error https://github.com/microsoft/TypeScript/pull/12253#issuecomment-263132208
-  function (slot) {
-    output[slot] = slots[slot].reduce(function (acc, key) {
-      if (key) {
-        var utilityClass = getUtilityClass(key);
-        if (utilityClass !== '') {
-          acc.push(utilityClass);
-        }
-        if (classes && classes[key]) {
-          acc.push(classes[key]);
-        }
-      }
-      return acc;
-    }, []).join(' ');
-  });
-  return output;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/setRef.js
-/**
- * TODO v5: consider making it private
- *
- * passes {value} to {ref}
- *
- * WARNING: Be sure to only call this inside a callback that is passed as a ref.
- * Otherwise, make sure to cleanup the previous {ref} if it changes. See
- * https://github.com/mui/material-ui/issues/13539
- *
- * Useful if you want to expose the ref of an inner component to the public API
- * while still using it inside the component.
- * @param ref A ref callback or ref object. If anything falsy, this is a no-op.
- */
-function setRef(ref, value) {
-  if (typeof ref === 'function') {
-    ref(value);
-  } else if (ref) {
-    ref.current = value;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useForkRef.js
-
-
-function useForkRef() {
-  for (var _len = arguments.length, refs = new Array(_len), _key = 0; _key < _len; _key++) {
-    refs[_key] = arguments[_key];
-  }
-  /**
-   * This will create a new function if the refs passed to this hook change and are all defined.
-   * This means react will call the old forkRef with `null` and the new forkRef
-   * with the ref. Cleanup naturally emerges from this behavior.
-   */
-  return react.useMemo(function () {
-    if (refs.every(function (ref) {
-      return ref == null;
-    })) {
-      return null;
-    }
-    return function (instance) {
-      refs.forEach(function (ref) {
-        setRef(ref, instance);
-      });
-    };
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, refs);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ownerDocument.js
-function ownerDocument(node) {
-  return node && node.ownerDocument || document;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useEnhancedEffect.js
-
-var useEnhancedEffect = typeof window !== 'undefined' ? react.useLayoutEffect : react.useEffect;
-/* harmony default export */ var esm_useEnhancedEffect = (useEnhancedEffect);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useEventCallback.js
-
-
-
-/**
- * https://github.com/facebook/react/issues/14099#issuecomment-440013892
- */
-function useEventCallback(fn) {
-  var ref = react.useRef(fn);
-  esm_useEnhancedEffect(function () {
-    ref.current = fn;
-  });
-  return react.useCallback(function () {
-    return (
-      // @ts-expect-error hide `this`
-      // tslint:disable-next-line:ban-comma-operator
-      (0, ref.current).apply(void 0, arguments)
-    );
-  }, []);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/createChainedFunction.js
-/**
- * Safe chained function.
- *
- * Will only create a new function if needed,
- * otherwise will pass back existing functions or null.
- */
-function createChainedFunction() {
-  for (var _len = arguments.length, funcs = new Array(_len), _key = 0; _key < _len; _key++) {
-    funcs[_key] = arguments[_key];
-  }
-  return funcs.reduce(function (acc, func) {
-    if (func == null) {
-      return acc;
-    }
-    return function chainedFunction() {
-      for (var _len2 = arguments.length, args = new Array(_len2), _key2 = 0; _key2 < _len2; _key2++) {
-        args[_key2] = arguments[_key2];
-      }
-      acc.apply(this, args);
-      func.apply(this, args);
-    };
-  }, function () {});
-}
-// EXTERNAL MODULE: ./node_modules/react-dom/index.js
-var react_dom = __webpack_require__(164);
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Portal/Portal.js
-
-
-
-
-
-
-function getContainer(container) {
-  return typeof container === 'function' ? container() : container;
-}
-
-/**
- * Portals provide a first-class way to render children into a DOM node
- * that exists outside the DOM hierarchy of the parent component.
- *
- * Demos:
- *
- * - [Portal](https://mui.com/base/react-portal/)
- *
- * API:
- *
- * - [Portal API](https://mui.com/base/react-portal/components-api/#portal)
- */
-var Portal = /*#__PURE__*/react.forwardRef(function Portal(props, forwardedRef) {
-  var children = props.children,
-    container = props.container,
-    _props$disablePortal = props.disablePortal,
-    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal;
-  var _React$useState = react.useState(null),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    mountNode = _React$useState2[0],
-    setMountNode = _React$useState2[1];
-  // @ts-expect-error TODO upstream fix
-  var handleRef = useForkRef( /*#__PURE__*/react.isValidElement(children) ? children.ref : null, forwardedRef);
-  esm_useEnhancedEffect(function () {
-    if (!disablePortal) {
-      setMountNode(getContainer(container) || document.body);
-    }
-  }, [container, disablePortal]);
-  esm_useEnhancedEffect(function () {
-    if (mountNode && !disablePortal) {
-      setRef(forwardedRef, mountNode);
-      return function () {
-        setRef(forwardedRef, null);
-      };
-    }
-    return undefined;
-  }, [forwardedRef, mountNode, disablePortal]);
-  if (disablePortal) {
-    if ( /*#__PURE__*/react.isValidElement(children)) {
-      var newProps = {
-        ref: handleRef
-      };
-      return /*#__PURE__*/react.cloneElement(children, newProps);
-    }
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(react.Fragment, {
-      children: children
-    });
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(react.Fragment, {
-    children: mountNode ? /*#__PURE__*/react_dom.createPortal(children, mountNode) : mountNode
-  });
-});
- false ? 0 : void 0;
-if (false) {}
-/* harmony default export */ var Portal_Portal = (Portal);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/ownerWindow.js
-
-function ownerWindow(node) {
-  var doc = ownerDocument(node);
-  return doc.defaultView || window;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/getScrollbarSize.js
-// A change of the browser zoom change the scrollbar size.
-// Credit https://github.com/twbs/bootstrap/blob/488fd8afc535ca3a6ad4dc581f5e89217b6a36ac/js/src/util/scrollbar.js#L14-L18
-function getScrollbarSize(doc) {
-  // https://developer.mozilla.org/en-US/docs/Web/API/Window/innerWidth#usage_notes
-  var documentWidth = doc.documentElement.clientWidth;
-  return Math.abs(window.innerWidth - documentWidth);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/ModalManager.js
-
-
-
-
-// Is a vertical scrollbar displayed?
-function isOverflowing(container) {
-  var doc = ownerDocument(container);
-  if (doc.body === container) {
-    return ownerWindow(container).innerWidth > doc.documentElement.clientWidth;
-  }
-  return container.scrollHeight > container.clientHeight;
-}
-function ariaHidden(element, show) {
-  if (show) {
-    element.setAttribute('aria-hidden', 'true');
-  } else {
-    element.removeAttribute('aria-hidden');
-  }
-}
-function getPaddingRight(element) {
-  return parseInt(ownerWindow(element).getComputedStyle(element).paddingRight, 10) || 0;
-}
-function isAriaHiddenForbiddenOnElement(element) {
-  // The forbidden HTML tags are the ones from ARIA specification that
-  // can be children of body and can't have aria-hidden attribute.
-  // cf. https://www.w3.org/TR/html-aria/#docconformance
-  var forbiddenTagNames = ['TEMPLATE', 'SCRIPT', 'STYLE', 'LINK', 'MAP', 'META', 'NOSCRIPT', 'PICTURE', 'COL', 'COLGROUP', 'PARAM', 'SLOT', 'SOURCE', 'TRACK'];
-  var isForbiddenTagName = forbiddenTagNames.indexOf(element.tagName) !== -1;
-  var isInputHidden = element.tagName === 'INPUT' && element.getAttribute('type') === 'hidden';
-  return isForbiddenTagName || isInputHidden;
-}
-function ariaHiddenSiblings(container, mountElement, currentElement, elementsToExclude, show) {
-  var blacklist = [mountElement, currentElement].concat(toConsumableArray_toConsumableArray(elementsToExclude));
-  [].forEach.call(container.children, function (element) {
-    var isNotExcludedElement = blacklist.indexOf(element) === -1;
-    var isNotForbiddenElement = !isAriaHiddenForbiddenOnElement(element);
-    if (isNotExcludedElement && isNotForbiddenElement) {
-      ariaHidden(element, show);
-    }
-  });
-}
-function findIndexOf(items, callback) {
-  var idx = -1;
-  items.some(function (item, index) {
-    if (callback(item)) {
-      idx = index;
-      return true;
-    }
-    return false;
-  });
-  return idx;
-}
-function handleContainer(containerInfo, props) {
-  var restoreStyle = [];
-  var container = containerInfo.container;
-  if (!props.disableScrollLock) {
-    if (isOverflowing(container)) {
-      // Compute the size before applying overflow hidden to avoid any scroll jumps.
-      var scrollbarSize = getScrollbarSize(ownerDocument(container));
-      restoreStyle.push({
-        value: container.style.paddingRight,
-        property: 'padding-right',
-        el: container
-      });
-      // Use computed style, here to get the real padding to add our scrollbar width.
-      container.style.paddingRight = "".concat(getPaddingRight(container) + scrollbarSize, "px");
-
-      // .mui-fixed is a global helper.
-      var fixedElements = ownerDocument(container).querySelectorAll('.mui-fixed');
-      [].forEach.call(fixedElements, function (element) {
-        restoreStyle.push({
-          value: element.style.paddingRight,
-          property: 'padding-right',
-          el: element
-        });
-        element.style.paddingRight = "".concat(getPaddingRight(element) + scrollbarSize, "px");
-      });
-    }
-    var scrollContainer;
-    if (container.parentNode instanceof DocumentFragment) {
-      scrollContainer = ownerDocument(container).body;
-    } else {
-      // Improve Gatsby support
-      // https://css-tricks.com/snippets/css/force-vertical-scrollbar/
-      var parent = container.parentElement;
-      var containerWindow = ownerWindow(container);
-      scrollContainer = (parent == null ? void 0 : parent.nodeName) === 'HTML' && containerWindow.getComputedStyle(parent).overflowY === 'scroll' ? parent : container;
-    }
-
-    // Block the scroll even if no scrollbar is visible to account for mobile keyboard
-    // screensize shrink.
-    restoreStyle.push({
-      value: scrollContainer.style.overflow,
-      property: 'overflow',
-      el: scrollContainer
-    }, {
-      value: scrollContainer.style.overflowX,
-      property: 'overflow-x',
-      el: scrollContainer
-    }, {
-      value: scrollContainer.style.overflowY,
-      property: 'overflow-y',
-      el: scrollContainer
-    });
-    scrollContainer.style.overflow = 'hidden';
-  }
-  var restore = function restore() {
-    restoreStyle.forEach(function (_ref) {
-      var value = _ref.value,
-        el = _ref.el,
-        property = _ref.property;
-      if (value) {
-        el.style.setProperty(property, value);
-      } else {
-        el.style.removeProperty(property);
-      }
-    });
-  };
-  return restore;
-}
-function getHiddenSiblings(container) {
-  var hiddenSiblings = [];
-  [].forEach.call(container.children, function (element) {
-    if (element.getAttribute('aria-hidden') === 'true') {
-      hiddenSiblings.push(element);
-    }
-  });
-  return hiddenSiblings;
-}
-/**
- * @ignore - do not document.
- *
- * Proper state management for containers and the modals in those containers.
- * Simplified, but inspired by react-overlay's ModalManager class.
- * Used by the Modal to ensure proper styling of containers.
- */
-var ModalManager = /*#__PURE__*/function () {
-  function ModalManager() {
-    classCallCheck_classCallCheck(this, ModalManager);
-    this.containers = void 0;
-    this.modals = void 0;
-    this.modals = [];
-    this.containers = [];
-  }
-  createClass_createClass(ModalManager, [{
-    key: "add",
-    value: function add(modal, container) {
-      var modalIndex = this.modals.indexOf(modal);
-      if (modalIndex !== -1) {
-        return modalIndex;
-      }
-      modalIndex = this.modals.length;
-      this.modals.push(modal);
-
-      // If the modal we are adding is already in the DOM.
-      if (modal.modalRef) {
-        ariaHidden(modal.modalRef, false);
-      }
-      var hiddenSiblings = getHiddenSiblings(container);
-      ariaHiddenSiblings(container, modal.mount, modal.modalRef, hiddenSiblings, true);
-      var containerIndex = findIndexOf(this.containers, function (item) {
-        return item.container === container;
-      });
-      if (containerIndex !== -1) {
-        this.containers[containerIndex].modals.push(modal);
-        return modalIndex;
-      }
-      this.containers.push({
-        modals: [modal],
-        container: container,
-        restore: null,
-        hiddenSiblings: hiddenSiblings
-      });
-      return modalIndex;
-    }
-  }, {
-    key: "mount",
-    value: function mount(modal, props) {
-      var containerIndex = findIndexOf(this.containers, function (item) {
-        return item.modals.indexOf(modal) !== -1;
-      });
-      var containerInfo = this.containers[containerIndex];
-      if (!containerInfo.restore) {
-        containerInfo.restore = handleContainer(containerInfo, props);
-      }
-    }
-  }, {
-    key: "remove",
-    value: function remove(modal) {
-      var ariaHiddenState = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
-      var modalIndex = this.modals.indexOf(modal);
-      if (modalIndex === -1) {
-        return modalIndex;
-      }
-      var containerIndex = findIndexOf(this.containers, function (item) {
-        return item.modals.indexOf(modal) !== -1;
-      });
-      var containerInfo = this.containers[containerIndex];
-      containerInfo.modals.splice(containerInfo.modals.indexOf(modal), 1);
-      this.modals.splice(modalIndex, 1);
-
-      // If that was the last modal in a container, clean up the container.
-      if (containerInfo.modals.length === 0) {
-        // The modal might be closed before it had the chance to be mounted in the DOM.
-        if (containerInfo.restore) {
-          containerInfo.restore();
-        }
-        if (modal.modalRef) {
-          // In case the modal wasn't in the DOM yet.
-          ariaHidden(modal.modalRef, ariaHiddenState);
-        }
-        ariaHiddenSiblings(containerInfo.container, modal.mount, modal.modalRef, containerInfo.hiddenSiblings, false);
-        this.containers.splice(containerIndex, 1);
-      } else {
-        // Otherwise make sure the next top modal is visible to a screen reader.
-        var nextTop = containerInfo.modals[containerInfo.modals.length - 1];
-        // as soon as a modal is adding its modalRef is undefined. it can't set
-        // aria-hidden because the dom element doesn't exist either
-        // when modal was unmounted before modalRef gets null
-        if (nextTop.modalRef) {
-          ariaHidden(nextTop.modalRef, false);
-        }
-      }
-      return modalIndex;
-    }
-  }, {
-    key: "isTopModal",
-    value: function isTopModal(modal) {
-      return this.modals.length > 0 && this.modals[this.modals.length - 1] === modal;
-    }
-  }]);
-  return ModalManager;
-}();
-
-;// CONCATENATED MODULE: ./node_modules/@mui/base/FocusTrap/FocusTrap.js
-/* eslint-disable consistent-return, jsx-a11y/no-noninteractive-tabindex */
-
-
-
-
-
-// Inspired by https://github.com/focus-trap/tabbable
-var candidatesSelector = ['input', 'select', 'textarea', 'a[href]', 'button', '[tabindex]', 'audio[controls]', 'video[controls]', '[contenteditable]:not([contenteditable="false"])'].join(',');
-function getTabIndex(node) {
-  var tabindexAttr = parseInt(node.getAttribute('tabindex') || '', 10);
-  if (!Number.isNaN(tabindexAttr)) {
-    return tabindexAttr;
-  }
-
-  // Browsers do not return `tabIndex` correctly for contentEditable nodes;
-  // https://bugs.chromium.org/p/chromium/issues/detail?id=661108&q=contenteditable%20tabindex&can=2
-  // so if they don't have a tabindex attribute specifically set, assume it's 0.
-  // in Chrome, <details/>, <audio controls/> and <video controls/> elements get a default
-  //  `tabIndex` of -1 when the 'tabindex' attribute isn't specified in the DOM,
-  //  yet they are still part of the regular tab order; in FF, they get a default
-  //  `tabIndex` of 0; since Chrome still puts those elements in the regular tab
-  //  order, consider their tab index to be 0.
-  if (node.contentEditable === 'true' || (node.nodeName === 'AUDIO' || node.nodeName === 'VIDEO' || node.nodeName === 'DETAILS') && node.getAttribute('tabindex') === null) {
-    return 0;
-  }
-  return node.tabIndex;
-}
-function isNonTabbableRadio(node) {
-  if (node.tagName !== 'INPUT' || node.type !== 'radio') {
-    return false;
-  }
-  if (!node.name) {
-    return false;
-  }
-  var getRadio = function getRadio(selector) {
-    return node.ownerDocument.querySelector("input[type=\"radio\"]".concat(selector));
-  };
-  var roving = getRadio("[name=\"".concat(node.name, "\"]:checked"));
-  if (!roving) {
-    roving = getRadio("[name=\"".concat(node.name, "\"]"));
-  }
-  return roving !== node;
-}
-function isNodeMatchingSelectorFocusable(node) {
-  if (node.disabled || node.tagName === 'INPUT' && node.type === 'hidden' || isNonTabbableRadio(node)) {
-    return false;
-  }
-  return true;
-}
-function defaultGetTabbable(root) {
-  var regularTabNodes = [];
-  var orderedTabNodes = [];
-  Array.from(root.querySelectorAll(candidatesSelector)).forEach(function (node, i) {
-    var nodeTabIndex = getTabIndex(node);
-    if (nodeTabIndex === -1 || !isNodeMatchingSelectorFocusable(node)) {
-      return;
-    }
-    if (nodeTabIndex === 0) {
-      regularTabNodes.push(node);
-    } else {
-      orderedTabNodes.push({
-        documentOrder: i,
-        tabIndex: nodeTabIndex,
-        node: node
-      });
-    }
-  });
-  return orderedTabNodes.sort(function (a, b) {
-    return a.tabIndex === b.tabIndex ? a.documentOrder - b.documentOrder : a.tabIndex - b.tabIndex;
-  }).map(function (a) {
-    return a.node;
-  }).concat(regularTabNodes);
-}
-function defaultIsEnabled() {
-  return true;
-}
-
-/**
- * Utility component that locks focus inside the component.
- *
- * Demos:
- *
- * - [Focus Trap](https://mui.com/base/react-focus-trap/)
- *
- * API:
- *
- * - [FocusTrap API](https://mui.com/base/react-focus-trap/components-api/#focus-trap)
- */
-function FocusTrap(props) {
-  var children = props.children,
-    _props$disableAutoFoc = props.disableAutoFocus,
-    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
-    _props$disableEnforce = props.disableEnforceFocus,
-    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
-    _props$disableRestore = props.disableRestoreFocus,
-    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
-    _props$getTabbable = props.getTabbable,
-    getTabbable = _props$getTabbable === void 0 ? defaultGetTabbable : _props$getTabbable,
-    _props$isEnabled = props.isEnabled,
-    isEnabled = _props$isEnabled === void 0 ? defaultIsEnabled : _props$isEnabled,
-    open = props.open;
-  var ignoreNextEnforceFocus = react.useRef(false);
-  var sentinelStart = react.useRef(null);
-  var sentinelEnd = react.useRef(null);
-  var nodeToRestore = react.useRef(null);
-  var reactFocusEventTarget = react.useRef(null);
-  // This variable is useful when disableAutoFocus is true.
-  // It waits for the active element to move into the component to activate.
-  var activated = react.useRef(false);
-  var rootRef = react.useRef(null);
-  // @ts-expect-error TODO upstream fix
-  var handleRef = useForkRef(children.ref, rootRef);
-  var lastKeydown = react.useRef(null);
-  react.useEffect(function () {
-    // We might render an empty child.
-    if (!open || !rootRef.current) {
-      return;
-    }
-    activated.current = !disableAutoFocus;
-  }, [disableAutoFocus, open]);
-  react.useEffect(function () {
-    // We might render an empty child.
-    if (!open || !rootRef.current) {
-      return;
-    }
-    var doc = ownerDocument(rootRef.current);
-    if (!rootRef.current.contains(doc.activeElement)) {
-      if (!rootRef.current.hasAttribute('tabIndex')) {
-        if (false) {}
-        rootRef.current.setAttribute('tabIndex', '-1');
-      }
-      if (activated.current) {
-        rootRef.current.focus();
-      }
-    }
-    return function () {
-      // restoreLastFocus()
-      if (!disableRestoreFocus) {
-        // In IE11 it is possible for document.activeElement to be null resulting
-        // in nodeToRestore.current being null.
-        // Not all elements in IE11 have a focus method.
-        // Once IE11 support is dropped the focus() call can be unconditional.
-        if (nodeToRestore.current && nodeToRestore.current.focus) {
-          ignoreNextEnforceFocus.current = true;
-          nodeToRestore.current.focus();
-        }
-        nodeToRestore.current = null;
-      }
-    };
-    // Missing `disableRestoreFocus` which is fine.
-    // We don't support changing that prop on an open FocusTrap
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [open]);
-  react.useEffect(function () {
-    // We might render an empty child.
-    if (!open || !rootRef.current) {
-      return;
-    }
-    var doc = ownerDocument(rootRef.current);
-    var contain = function contain(nativeEvent) {
-      var rootElement = rootRef.current;
-
-      // Cleanup functions are executed lazily in React 17.
-      // Contain can be called between the component being unmounted and its cleanup function being run.
-      if (rootElement === null) {
-        return;
-      }
-      if (!doc.hasFocus() || disableEnforceFocus || !isEnabled() || ignoreNextEnforceFocus.current) {
-        ignoreNextEnforceFocus.current = false;
-        return;
-      }
-      if (!rootElement.contains(doc.activeElement)) {
-        // if the focus event is not coming from inside the children's react tree, reset the refs
-        if (nativeEvent && reactFocusEventTarget.current !== nativeEvent.target || doc.activeElement !== reactFocusEventTarget.current) {
-          reactFocusEventTarget.current = null;
-        } else if (reactFocusEventTarget.current !== null) {
-          return;
-        }
-        if (!activated.current) {
-          return;
-        }
-        var tabbable = [];
-        if (doc.activeElement === sentinelStart.current || doc.activeElement === sentinelEnd.current) {
-          tabbable = getTabbable(rootRef.current);
-        }
-        if (tabbable.length > 0) {
-          var _lastKeydown$current, _lastKeydown$current2;
-          var isShiftTab = Boolean(((_lastKeydown$current = lastKeydown.current) == null ? void 0 : _lastKeydown$current.shiftKey) && ((_lastKeydown$current2 = lastKeydown.current) == null ? void 0 : _lastKeydown$current2.key) === 'Tab');
-          var focusNext = tabbable[0];
-          var focusPrevious = tabbable[tabbable.length - 1];
-          if (typeof focusNext !== 'string' && typeof focusPrevious !== 'string') {
-            if (isShiftTab) {
-              focusPrevious.focus();
-            } else {
-              focusNext.focus();
-            }
-          }
-        } else {
-          rootElement.focus();
-        }
-      }
-    };
-    var loopFocus = function loopFocus(nativeEvent) {
-      lastKeydown.current = nativeEvent;
-      if (disableEnforceFocus || !isEnabled() || nativeEvent.key !== 'Tab') {
-        return;
-      }
-
-      // Make sure the next tab starts from the right place.
-      // doc.activeElement refers to the origin.
-      if (doc.activeElement === rootRef.current && nativeEvent.shiftKey) {
-        // We need to ignore the next contain as
-        // it will try to move the focus back to the rootRef element.
-        ignoreNextEnforceFocus.current = true;
-        if (sentinelEnd.current) {
-          sentinelEnd.current.focus();
-        }
-      }
-    };
-    doc.addEventListener('focusin', contain);
-    doc.addEventListener('keydown', loopFocus, true);
-
-    // With Edge, Safari and Firefox, no focus related events are fired when the focused area stops being a focused area.
-    // e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=559561.
-    // Instead, we can look if the active element was restored on the BODY element.
-    //
-    // The whatwg spec defines how the browser should behave but does not explicitly mention any events:
-    // https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule.
-    var interval = setInterval(function () {
-      if (doc.activeElement && doc.activeElement.tagName === 'BODY') {
-        contain(null);
-      }
-    }, 50);
-    return function () {
-      clearInterval(interval);
-      doc.removeEventListener('focusin', contain);
-      doc.removeEventListener('keydown', loopFocus, true);
-    };
-  }, [disableAutoFocus, disableEnforceFocus, disableRestoreFocus, isEnabled, open, getTabbable]);
-  var onFocus = function onFocus(event) {
-    if (nodeToRestore.current === null) {
-      nodeToRestore.current = event.relatedTarget;
-    }
-    activated.current = true;
-    reactFocusEventTarget.current = event.target;
-    var childrenPropsHandler = children.props.onFocus;
-    if (childrenPropsHandler) {
-      childrenPropsHandler(event);
-    }
-  };
-  var handleFocusSentinel = function handleFocusSentinel(event) {
-    if (nodeToRestore.current === null) {
-      nodeToRestore.current = event.relatedTarget;
-    }
-    activated.current = true;
-  };
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-    children: [/*#__PURE__*/(0,jsx_runtime.jsx)("div", {
-      tabIndex: open ? 0 : -1,
-      onFocus: handleFocusSentinel,
-      ref: sentinelStart,
-      "data-testid": "sentinelStart"
-    }), /*#__PURE__*/react.cloneElement(children, {
-      ref: handleRef,
-      onFocus: onFocus
-    }), /*#__PURE__*/(0,jsx_runtime.jsx)("div", {
-      tabIndex: open ? 0 : -1,
-      onFocus: handleFocusSentinel,
-      ref: sentinelEnd,
-      "data-testid": "sentinelEnd"
-    })]
-  });
-}
- false ? 0 : void 0;
-if (false) {}
-/* harmony default export */ var FocusTrap_FocusTrap = (FocusTrap);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/generateUtilityClass/generateUtilityClass.js
-
-var globalStateClassesMapping = {
-  active: 'active',
-  checked: 'checked',
-  completed: 'completed',
-  disabled: 'disabled',
-  readOnly: 'readOnly',
-  error: 'error',
-  expanded: 'expanded',
-  focused: 'focused',
-  focusVisible: 'focusVisible',
-  required: 'required',
-  selected: 'selected'
-};
-function generateUtilityClass_generateUtilityClass(componentName, slot) {
-  var globalStatePrefix = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'Mui';
-  var globalStateClass = globalStateClassesMapping[slot];
-  return globalStateClass ? "".concat(globalStatePrefix, "-").concat(globalStateClass) : "".concat(ClassNameGenerator_ClassNameGenerator.generate(componentName), "-").concat(slot);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/generateUtilityClasses/generateUtilityClasses.js
-
-function generateUtilityClasses(componentName, slots) {
-  var globalStatePrefix = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'Mui';
-  var result = {};
-  slots.forEach(function (slot) {
-    result[slot] = generateUtilityClass_generateUtilityClass(componentName, slot, globalStatePrefix);
-  });
-  return result;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/modalClasses.js
-
-
-function getModalUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiModal', slot);
-}
-var modalClasses = generateUtilityClasses('MuiModal', ['root', 'hidden', 'backdrop']);
-/* harmony default export */ var Modal_modalClasses = ((/* unused pure expression or super */ null && (modalClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/isHostComponent.js
-/**
- * Determines if a given element is a DOM element name (i.e. not a React component).
- */
-function isHostComponent(element) {
-  return typeof element === 'string';
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/appendOwnerState.js
-
-
-
-/**
- * Type of the ownerState based on the type of an element it applies to.
- * This resolves to the provided OwnerState for React components and `undefined` for host components.
- * Falls back to `OwnerState | undefined` when the exact type can't be determined in development time.
- */
-
-/**
- * Appends the ownerState object to the props, merging with the existing one if necessary.
- *
- * @param elementType Type of the element that owns the `existingProps`. If the element is a DOM node or undefined, `ownerState` is not applied.
- * @param otherProps Props of the element.
- * @param ownerState
- */
-function appendOwnerState(elementType, otherProps, ownerState) {
-  if (elementType === undefined || isHostComponent(elementType)) {
-    return otherProps;
-  }
-  return extends_extends({}, otherProps, {
-    ownerState: extends_extends({}, otherProps.ownerState, ownerState)
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/extractEventHandlers.js
-/**
- * Extracts event handlers from a given object.
- * A prop is considered an event handler if it is a function and its name starts with `on`.
- *
- * @param object An object to extract event handlers from.
- * @param excludeKeys An array of keys to exclude from the returned object.
- */
-function extractEventHandlers(object) {
-  var excludeKeys = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
-  if (object === undefined) {
-    return {};
-  }
-  var result = {};
-  Object.keys(object).filter(function (prop) {
-    return prop.match(/^on[A-Z]/) && typeof object[prop] === 'function' && !excludeKeys.includes(prop);
-  }).forEach(function (prop) {
-    result[prop] = object[prop];
-  });
-  return result;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/omitEventHandlers.js
-/**
- * Removes event handlers from the given object.
- * A field is considered an event handler if it is a function with a name beginning with `on`.
- *
- * @param object Object to remove event handlers from.
- * @returns Object with event handlers removed.
- */
-function omitEventHandlers(object) {
-  if (object === undefined) {
-    return {};
-  }
-  var result = {};
-  Object.keys(object).filter(function (prop) {
-    return !(prop.match(/^on[A-Z]/) && typeof object[prop] === 'function');
-  }).forEach(function (prop) {
-    result[prop] = object[prop];
-  });
-  return result;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/mergeSlotProps.js
-
-
-
-
-/**
- * Merges the slot component internal props (usually coming from a hook)
- * with the externally provided ones.
- *
- * The merge order is (the latter overrides the former):
- * 1. The internal props (specified as a getter function to work with get*Props hook result)
- * 2. Additional props (specified internally on a Base UI component)
- * 3. External props specified on the owner component. These should only be used on a root slot.
- * 4. External props specified in the `slotProps.*` prop.
- * 5. The `className` prop - combined from all the above.
- * @param parameters
- * @returns
- */
-function mergeSlotProps(parameters) {
-  var getSlotProps = parameters.getSlotProps,
-    additionalProps = parameters.additionalProps,
-    externalSlotProps = parameters.externalSlotProps,
-    externalForwardedProps = parameters.externalForwardedProps,
-    className = parameters.className;
-  if (!getSlotProps) {
-    // The simpler case - getSlotProps is not defined, so no internal event handlers are defined,
-    // so we can simply merge all the props without having to worry about extracting event handlers.
-    var _joinedClasses = clsx_m(externalForwardedProps == null ? void 0 : externalForwardedProps.className, externalSlotProps == null ? void 0 : externalSlotProps.className, className, additionalProps == null ? void 0 : additionalProps.className);
-    var _mergedStyle = extends_extends({}, additionalProps == null ? void 0 : additionalProps.style, externalForwardedProps == null ? void 0 : externalForwardedProps.style, externalSlotProps == null ? void 0 : externalSlotProps.style);
-    var _props = extends_extends({}, additionalProps, externalForwardedProps, externalSlotProps);
-    if (_joinedClasses.length > 0) {
-      _props.className = _joinedClasses;
-    }
-    if (Object.keys(_mergedStyle).length > 0) {
-      _props.style = _mergedStyle;
-    }
-    return {
-      props: _props,
-      internalRef: undefined
-    };
-  }
-
-  // In this case, getSlotProps is responsible for calling the external event handlers.
-  // We don't need to include them in the merged props because of this.
-
-  var eventHandlers = extractEventHandlers(extends_extends({}, externalForwardedProps, externalSlotProps));
-  var componentsPropsWithoutEventHandlers = omitEventHandlers(externalSlotProps);
-  var otherPropsWithoutEventHandlers = omitEventHandlers(externalForwardedProps);
-  var internalSlotProps = getSlotProps(eventHandlers);
-
-  // The order of classes is important here.
-  // Emotion (that we use in libraries consuming Base UI) depends on this order
-  // to properly override style. It requires the most important classes to be last
-  // (see https://github.com/mui/material-ui/pull/33205) for the related discussion.
-  var joinedClasses = clsx_m(internalSlotProps == null ? void 0 : internalSlotProps.className, additionalProps == null ? void 0 : additionalProps.className, className, externalForwardedProps == null ? void 0 : externalForwardedProps.className, externalSlotProps == null ? void 0 : externalSlotProps.className);
-  var mergedStyle = extends_extends({}, internalSlotProps == null ? void 0 : internalSlotProps.style, additionalProps == null ? void 0 : additionalProps.style, externalForwardedProps == null ? void 0 : externalForwardedProps.style, externalSlotProps == null ? void 0 : externalSlotProps.style);
-  var props = extends_extends({}, internalSlotProps, additionalProps, otherPropsWithoutEventHandlers, componentsPropsWithoutEventHandlers);
-  if (joinedClasses.length > 0) {
-    props.className = joinedClasses;
-  }
-  if (Object.keys(mergedStyle).length > 0) {
-    props.style = mergedStyle;
-  }
-  return {
-    props: props,
-    internalRef: internalSlotProps.ref
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/resolveComponentProps.js
-/**
- * If `componentProps` is a function, calls it with the provided `ownerState`.
- * Otherwise, just returns `componentProps`.
- */
-function resolveComponentProps(componentProps, ownerState) {
-  if (typeof componentProps === 'function') {
-    return componentProps(ownerState);
-  }
-  return componentProps;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/useSlotProps.js
-
-
-var useSlotProps_excluded = ["elementType", "externalSlotProps", "ownerState"];
-
-
-
-
-/**
- * @ignore - do not document.
- * Builds the props to be passed into the slot of an unstyled component.
- * It merges the internal props of the component with the ones supplied by the user, allowing to customize the behavior.
- * If the slot component is not a host component, it also merges in the `ownerState`.
- *
- * @param parameters.getSlotProps - A function that returns the props to be passed to the slot component.
- */
-function useSlotProps(parameters) {
-  var _parameters$additiona;
-  var elementType = parameters.elementType,
-    externalSlotProps = parameters.externalSlotProps,
-    ownerState = parameters.ownerState,
-    rest = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(parameters, useSlotProps_excluded);
-  var resolvedComponentsProps = resolveComponentProps(externalSlotProps, ownerState);
-  var _mergeSlotProps = mergeSlotProps(extends_extends({}, rest, {
-      externalSlotProps: resolvedComponentsProps
-    })),
-    mergedProps = _mergeSlotProps.props,
-    internalRef = _mergeSlotProps.internalRef;
-  var ref = useForkRef(internalRef, resolvedComponentsProps == null ? void 0 : resolvedComponentsProps.ref, (_parameters$additiona = parameters.additionalProps) == null ? void 0 : _parameters$additiona.ref);
-  var props = appendOwnerState(elementType, extends_extends({}, mergedProps, {
-    ref: ref
-  }), ownerState);
-  return props;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/utils/ClassNameConfigurator.js
-
-
-var defaultContextValue = {
-  disableDefaultClasses: false
-};
-var ClassNameConfiguratorContext = /*#__PURE__*/react.createContext(defaultContextValue);
-/**
- * @ignore - internal hook.
- *
- * Wraps the `generateUtilityClass` function and controls how the classes are generated.
- * Currently it only affects whether the classes are applied or not.
- *
- * @returns Function to be called with the `generateUtilityClass` function specific to a component to generate the classes.
- */
-function useClassNamesOverride(generateUtilityClass) {
-  var _React$useContext = react.useContext(ClassNameConfiguratorContext),
-    disableDefaultClasses = _React$useContext.disableDefaultClasses;
-  return function (slot) {
-    if (disableDefaultClasses) {
-      return '';
-    }
-    return generateUtilityClass(slot);
-  };
-}
-
-/**
- * Allows to configure the components within to not apply any built-in classes.
- */
-function ClassNameConfigurator(props) {
-  var disableDefaultClasses = props.disableDefaultClasses,
-    children = props.children;
-  var contextValue = React.useMemo(function () {
-    return {
-      disableDefaultClasses: disableDefaultClasses != null ? disableDefaultClasses : false
-    };
-  }, [disableDefaultClasses]);
-  return /*#__PURE__*/_jsx(ClassNameConfiguratorContext.Provider, {
-    value: contextValue,
-    children: children
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Modal/Modal.js
-
-
-
-var Modal_excluded = ["children", "closeAfterTransition", "container", "disableAutoFocus", "disableEnforceFocus", "disableEscapeKeyDown", "disablePortal", "disableRestoreFocus", "disableScrollLock", "hideBackdrop", "keepMounted", "manager", "onBackdropClick", "onClose", "onKeyDown", "open", "onTransitionEnter", "onTransitionExited", "slotProps", "slots"];
-
-
-
-
-
-
-
-
-
-
-
-
-var useUtilityClasses = function useUtilityClasses(ownerState) {
-  var open = ownerState.open,
-    exited = ownerState.exited;
-  var slots = {
-    root: ['root', !open && exited && 'hidden'],
-    backdrop: ['backdrop']
-  };
-  return composeClasses(slots, useClassNamesOverride(getModalUtilityClass));
-};
-function Modal_getContainer(container) {
-  return typeof container === 'function' ? container() : container;
-}
-function getHasTransition(children) {
-  return children ? children.props.hasOwnProperty('in') : false;
-}
-
-// A modal manager used to track and manage the state of open Modals.
-// Modals don't open on the server so this won't conflict with concurrent requests.
-var defaultManager = new ModalManager();
-
-/**
- * Modal is a lower-level construct that is leveraged by the following components:
- *
- * *   [Dialog](https://mui.com/material-ui/api/dialog/)
- * *   [Drawer](https://mui.com/material-ui/api/drawer/)
- * *   [Menu](https://mui.com/material-ui/api/menu/)
- * *   [Popover](https://mui.com/material-ui/api/popover/)
- *
- * If you are creating a modal dialog, you probably want to use the [Dialog](https://mui.com/material-ui/api/dialog/) component
- * rather than directly using Modal.
- *
- * This component shares many concepts with [react-overlays](https://react-bootstrap.github.io/react-overlays/#modals).
- *
- * Demos:
- *
- * - [Modal](https://mui.com/base/react-modal/)
- *
- * API:
- *
- * - [Modal API](https://mui.com/base/react-modal/components-api/#modal)
- */
-var Modal = /*#__PURE__*/react.forwardRef(function Modal(props, forwardedRef) {
-  var _props$ariaHidden, _slots$root;
-  var children = props.children,
-    _props$closeAfterTran = props.closeAfterTransition,
-    closeAfterTransition = _props$closeAfterTran === void 0 ? false : _props$closeAfterTran,
-    container = props.container,
-    _props$disableAutoFoc = props.disableAutoFocus,
-    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
-    _props$disableEnforce = props.disableEnforceFocus,
-    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
-    _props$disableEscapeK = props.disableEscapeKeyDown,
-    disableEscapeKeyDown = _props$disableEscapeK === void 0 ? false : _props$disableEscapeK,
-    _props$disablePortal = props.disablePortal,
-    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
-    _props$disableRestore = props.disableRestoreFocus,
-    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
-    _props$disableScrollL = props.disableScrollLock,
-    disableScrollLock = _props$disableScrollL === void 0 ? false : _props$disableScrollL,
-    _props$hideBackdrop = props.hideBackdrop,
-    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
-    _props$keepMounted = props.keepMounted,
-    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
-    _props$manager = props.manager,
-    managerProp = _props$manager === void 0 ? defaultManager : _props$manager,
-    onBackdropClick = props.onBackdropClick,
-    onClose = props.onClose,
-    onKeyDown = props.onKeyDown,
-    open = props.open,
-    onTransitionEnter = props.onTransitionEnter,
-    onTransitionExited = props.onTransitionExited,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Modal_excluded);
-  // TODO: `modal`` must change its type in this file to match the type of methods
-  // provided by `ModalManager`
-  var manager = managerProp;
-  var _React$useState = react.useState(!open),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    exited = _React$useState2[0],
-    setExited = _React$useState2[1];
-  var modal = react.useRef({});
-  var mountNodeRef = react.useRef(null);
-  var modalRef = react.useRef(null);
-  var handleRef = useForkRef(modalRef, forwardedRef);
-  var hasTransition = getHasTransition(children);
-  var ariaHiddenProp = (_props$ariaHidden = props['aria-hidden']) != null ? _props$ariaHidden : true;
-  var getDoc = function getDoc() {
-    return ownerDocument(mountNodeRef.current);
-  };
-  var getModal = function getModal() {
-    modal.current.modalRef = modalRef.current;
-    modal.current.mountNode = mountNodeRef.current;
-    return modal.current;
-  };
-  var handleMounted = function handleMounted() {
-    manager.mount(getModal(), {
-      disableScrollLock: disableScrollLock
-    });
-
-    // Fix a bug on Chrome where the scroll isn't initially 0.
-    if (modalRef.current) {
-      modalRef.current.scrollTop = 0;
-    }
-  };
-  var handleOpen = useEventCallback(function () {
-    var resolvedContainer = Modal_getContainer(container) || getDoc().body;
-    manager.add(getModal(), resolvedContainer);
-
-    // The element was already mounted.
-    if (modalRef.current) {
-      handleMounted();
-    }
-  });
-  var isTopModal = react.useCallback(function () {
-    return manager.isTopModal(getModal());
-  }, [manager]);
-  var handlePortalRef = useEventCallback(function (node) {
-    mountNodeRef.current = node;
-    if (!node || !modalRef.current) {
-      return;
-    }
-    if (open && isTopModal()) {
-      handleMounted();
-    } else {
-      ariaHidden(modalRef.current, ariaHiddenProp);
-    }
-  });
-  var handleClose = react.useCallback(function () {
-    manager.remove(getModal(), ariaHiddenProp);
-  }, [manager, ariaHiddenProp]);
-  react.useEffect(function () {
-    return function () {
-      handleClose();
-    };
-  }, [handleClose]);
-  react.useEffect(function () {
-    if (open) {
-      handleOpen();
-    } else if (!hasTransition || !closeAfterTransition) {
-      handleClose();
-    }
-  }, [open, handleClose, hasTransition, closeAfterTransition, handleOpen]);
-  var ownerState = extends_extends({}, props, {
-    closeAfterTransition: closeAfterTransition,
-    disableAutoFocus: disableAutoFocus,
-    disableEnforceFocus: disableEnforceFocus,
-    disableEscapeKeyDown: disableEscapeKeyDown,
-    disablePortal: disablePortal,
-    disableRestoreFocus: disableRestoreFocus,
-    disableScrollLock: disableScrollLock,
-    exited: exited,
-    hideBackdrop: hideBackdrop,
-    keepMounted: keepMounted
-  });
-  var classes = useUtilityClasses(ownerState);
-  var handleEnter = function handleEnter() {
-    setExited(false);
-    if (onTransitionEnter) {
-      onTransitionEnter();
-    }
-  };
-  var handleExited = function handleExited() {
-    setExited(true);
-    if (onTransitionExited) {
-      onTransitionExited();
-    }
-    if (closeAfterTransition) {
-      handleClose();
-    }
-  };
-  var handleBackdropClick = function handleBackdropClick(event) {
-    if (event.target !== event.currentTarget) {
-      return;
-    }
-    if (onBackdropClick) {
-      onBackdropClick(event);
-    }
-    if (onClose) {
-      onClose(event, 'backdropClick');
-    }
-  };
-  var handleKeyDown = function handleKeyDown(event) {
-    if (onKeyDown) {
-      onKeyDown(event);
-    }
-
-    // The handler doesn't take event.defaultPrevented into account:
-    //
-    // event.preventDefault() is meant to stop default behaviors like
-    // clicking a checkbox to check it, hitting a button to submit a form,
-    // and hitting left arrow to move the cursor in a text input etc.
-    // Only special HTML elements have these default behaviors.
-    if (event.key !== 'Escape' || !isTopModal()) {
-      return;
-    }
-    if (!disableEscapeKeyDown) {
-      // Swallow the event, in case someone is listening for the escape key on the body.
-      event.stopPropagation();
-      if (onClose) {
-        onClose(event, 'escapeKeyDown');
-      }
-    }
-  };
-  var childProps = {};
-  if (children.props.tabIndex === undefined) {
-    childProps.tabIndex = '-1';
-  }
-
-  // It's a Transition like component
-  if (hasTransition) {
-    childProps.onEnter = createChainedFunction(handleEnter, children.props.onEnter);
-    childProps.onExited = createChainedFunction(handleExited, children.props.onExited);
-  }
-  var Root = (_slots$root = slots.root) != null ? _slots$root : 'div';
-  var rootProps = useSlotProps({
-    elementType: Root,
-    externalSlotProps: slotProps.root,
-    externalForwardedProps: other,
-    additionalProps: {
-      ref: handleRef,
-      role: 'presentation',
-      onKeyDown: handleKeyDown
-    },
-    className: classes.root,
-    ownerState: ownerState
-  });
-  var BackdropComponent = slots.backdrop;
-  var backdropProps = useSlotProps({
-    elementType: BackdropComponent,
-    externalSlotProps: slotProps.backdrop,
-    additionalProps: {
-      'aria-hidden': true,
-      onClick: handleBackdropClick,
-      open: open
-    },
-    className: classes.backdrop,
-    ownerState: ownerState
-  });
-  if (!keepMounted && !open && (!hasTransition || exited)) {
-    return null;
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Portal_Portal
-  // @ts-expect-error TODO: include ref to Base UI Portal props
-  , {
-    ref: handlePortalRef,
-    container: container,
-    disablePortal: disablePortal,
-    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(Root, extends_extends({}, rootProps, {
-      children: [!hideBackdrop && BackdropComponent ? /*#__PURE__*/(0,jsx_runtime.jsx)(BackdropComponent, extends_extends({}, backdropProps)) : null, /*#__PURE__*/(0,jsx_runtime.jsx)(FocusTrap_FocusTrap, {
-        disableEnforceFocus: disableEnforceFocus,
-        disableAutoFocus: disableAutoFocus,
-        disableRestoreFocus: disableRestoreFocus,
-        isEnabled: isTopModal,
-        open: open,
-        children: /*#__PURE__*/react.cloneElement(children, childProps)
-      })]
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var Modal_Modal = (Modal);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/resolveProps.js
-
-/**
- * Add keys, values of `defaultProps` that does not exist in `props`
- * @param {object} defaultProps
- * @param {object} props
- * @returns {object} resolved props
- */
-function resolveProps(defaultProps, props) {
-  var output = _objectSpread2({}, props);
-  Object.keys(defaultProps).forEach(function (propName) {
-    if (propName.toString().match(/^(components|slots)$/)) {
-      output[propName] = _objectSpread2(_objectSpread2({}, defaultProps[propName]), output[propName]);
-    } else if (propName.toString().match(/^(componentsProps|slotProps)$/)) {
-      var defaultSlotProps = defaultProps[propName] || {};
-      var slotProps = props[propName];
-      output[propName] = {};
-      if (!slotProps || !Object.keys(slotProps)) {
-        // Reduce the iteration if the slot props is empty
-        output[propName] = defaultSlotProps;
-      } else if (!defaultSlotProps || !Object.keys(defaultSlotProps)) {
-        // Reduce the iteration if the default slot props is empty
-        output[propName] = slotProps;
-      } else {
-        output[propName] = _objectSpread2({}, slotProps);
-        Object.keys(defaultSlotProps).forEach(function (slotPropName) {
-          output[propName][slotPropName] = resolveProps(defaultSlotProps[slotPropName], slotProps[slotPropName]);
-        });
-      }
-    } else if (output[propName] === undefined) {
-      output[propName] = defaultProps[propName];
-    }
-  });
-  return output;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeProps/getThemeProps.js
-
-function getThemeProps(params) {
-  var theme = params.theme,
-    name = params.name,
-    props = params.props;
-  if (!theme || !theme.components || !theme.components[name] || !theme.components[name].defaultProps) {
-    return props;
-  }
-  return resolveProps(theme.components[name].defaultProps, props);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/system/esm/useThemeProps/useThemeProps.js
-
-
-function useThemeProps(_ref) {
-  var props = _ref.props,
-    name = _ref.name,
-    defaultTheme = _ref.defaultTheme,
-    themeId = _ref.themeId;
-  var theme = esm_useTheme(defaultTheme);
-  if (themeId) {
-    theme = theme[themeId] || theme;
-  }
-  var mergedProps = getThemeProps({
-    theme: theme,
-    name: name,
-    props: props
-  });
-  return mergedProps;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/useThemeProps.js
-
-
-
-function useThemeProps_useThemeProps(_ref) {
-  var props = _ref.props,
-    name = _ref.name;
-  return useThemeProps({
-    props: props,
-    name: name,
-    defaultTheme: styles_defaultTheme,
-    themeId: styles_identifier
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/inheritsLoose.js
-
-function _inheritsLoose(subClass, superClass) {
-  subClass.prototype = Object.create(superClass.prototype);
-  subClass.prototype.constructor = subClass;
-  _setPrototypeOf(subClass, superClass);
-}
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/config.js
-/* harmony default export */ var config = ({
-  disabled: false
-});
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/TransitionGroupContext.js
-
-/* harmony default export */ var TransitionGroupContext = (react.createContext(null));
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/utils/reflow.js
-var forceReflow = function forceReflow(node) {
-  return node.scrollTop;
-};
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/Transition.js
-
-
-
-
-
-
-
-
-
-var UNMOUNTED = 'unmounted';
-var EXITED = 'exited';
-var ENTERING = 'entering';
-var ENTERED = 'entered';
-var EXITING = 'exiting';
-/**
- * The Transition component lets you describe a transition from one component
- * state to another _over time_ with a simple declarative API. Most commonly
- * it's used to animate the mounting and unmounting of a component, but can also
- * be used to describe in-place transition states as well.
- *
- * ---
- *
- * **Note**: `Transition` is a platform-agnostic base component. If you're using
- * transitions in CSS, you'll probably want to use
- * [`CSSTransition`](https://reactcommunity.org/react-transition-group/css-transition)
- * instead. It inherits all the features of `Transition`, but contains
- * additional features necessary to play nice with CSS transitions (hence the
- * name of the component).
- *
- * ---
- *
- * By default the `Transition` component does not alter the behavior of the
- * component it renders, it only tracks "enter" and "exit" states for the
- * components. It's up to you to give meaning and effect to those states. For
- * example we can add styles to a component when it enters or exits:
- *
- * ```jsx
- * import { Transition } from 'react-transition-group';
- *
- * const duration = 300;
- *
- * const defaultStyle = {
- *   transition: `opacity ${duration}ms ease-in-out`,
- *   opacity: 0,
- * }
- *
- * const transitionStyles = {
- *   entering: { opacity: 1 },
- *   entered:  { opacity: 1 },
- *   exiting:  { opacity: 0 },
- *   exited:  { opacity: 0 },
- * };
- *
- * const Fade = ({ in: inProp }) => (
- *   <Transition in={inProp} timeout={duration}>
- *     {state => (
- *       <div style={{
- *         ...defaultStyle,
- *         ...transitionStyles[state]
- *       }}>
- *         I'm a fade Transition!
- *       </div>
- *     )}
- *   </Transition>
- * );
- * ```
- *
- * There are 4 main states a Transition can be in:
- *  - `'entering'`
- *  - `'entered'`
- *  - `'exiting'`
- *  - `'exited'`
- *
- * Transition state is toggled via the `in` prop. When `true` the component
- * begins the "Enter" stage. During this stage, the component will shift from
- * its current transition state, to `'entering'` for the duration of the
- * transition and then to the `'entered'` stage once it's complete. Let's take
- * the following example (we'll use the
- * [useState](https://reactjs.org/docs/hooks-reference.html#usestate) hook):
- *
- * ```jsx
- * function App() {
- *   const [inProp, setInProp] = useState(false);
- *   return (
- *     <div>
- *       <Transition in={inProp} timeout={500}>
- *         {state => (
- *           // ...
- *         )}
- *       </Transition>
- *       <button onClick={() => setInProp(true)}>
- *         Click to Enter
- *       </button>
- *     </div>
- *   );
- * }
- * ```
- *
- * When the button is clicked the component will shift to the `'entering'` state
- * and stay there for 500ms (the value of `timeout`) before it finally switches
- * to `'entered'`.
- *
- * When `in` is `false` the same thing happens except the state moves from
- * `'exiting'` to `'exited'`.
- */
-
-var Transition = /*#__PURE__*/function (_React$Component) {
-  _inheritsLoose(Transition, _React$Component);
-  function Transition(props, context) {
-    var _this;
-    _this = _React$Component.call(this, props, context) || this;
-    var parentGroup = context; // In the context of a TransitionGroup all enters are really appears
-
-    var appear = parentGroup && !parentGroup.isMounting ? props.enter : props.appear;
-    var initialStatus;
-    _this.appearStatus = null;
-    if (props.in) {
-      if (appear) {
-        initialStatus = EXITED;
-        _this.appearStatus = ENTERING;
-      } else {
-        initialStatus = ENTERED;
-      }
-    } else {
-      if (props.unmountOnExit || props.mountOnEnter) {
-        initialStatus = UNMOUNTED;
-      } else {
-        initialStatus = EXITED;
-      }
-    }
-    _this.state = {
-      status: initialStatus
-    };
-    _this.nextCallback = null;
-    return _this;
-  }
-  Transition.getDerivedStateFromProps = function getDerivedStateFromProps(_ref, prevState) {
-    var nextIn = _ref.in;
-    if (nextIn && prevState.status === UNMOUNTED) {
-      return {
-        status: EXITED
-      };
-    }
-    return null;
-  } // getSnapshotBeforeUpdate(prevProps) {
-  //   let nextStatus = null
-  //   if (prevProps !== this.props) {
-  //     const { status } = this.state
-  //     if (this.props.in) {
-  //       if (status !== ENTERING && status !== ENTERED) {
-  //         nextStatus = ENTERING
-  //       }
-  //     } else {
-  //       if (status === ENTERING || status === ENTERED) {
-  //         nextStatus = EXITING
-  //       }
-  //     }
-  //   }
-  //   return { nextStatus }
-  // }
-  ;
-
-  var _proto = Transition.prototype;
-  _proto.componentDidMount = function componentDidMount() {
-    this.updateStatus(true, this.appearStatus);
-  };
-  _proto.componentDidUpdate = function componentDidUpdate(prevProps) {
-    var nextStatus = null;
-    if (prevProps !== this.props) {
-      var status = this.state.status;
-      if (this.props.in) {
-        if (status !== ENTERING && status !== ENTERED) {
-          nextStatus = ENTERING;
-        }
-      } else {
-        if (status === ENTERING || status === ENTERED) {
-          nextStatus = EXITING;
-        }
-      }
-    }
-    this.updateStatus(false, nextStatus);
-  };
-  _proto.componentWillUnmount = function componentWillUnmount() {
-    this.cancelNextCallback();
-  };
-  _proto.getTimeouts = function getTimeouts() {
-    var timeout = this.props.timeout;
-    var exit, enter, appear;
-    exit = enter = appear = timeout;
-    if (timeout != null && typeof timeout !== 'number') {
-      exit = timeout.exit;
-      enter = timeout.enter; // TODO: remove fallback for next major
-
-      appear = timeout.appear !== undefined ? timeout.appear : enter;
-    }
-    return {
-      exit: exit,
-      enter: enter,
-      appear: appear
-    };
-  };
-  _proto.updateStatus = function updateStatus(mounting, nextStatus) {
-    if (mounting === void 0) {
-      mounting = false;
-    }
-    if (nextStatus !== null) {
-      // nextStatus will always be ENTERING or EXITING.
-      this.cancelNextCallback();
-      if (nextStatus === ENTERING) {
-        if (this.props.unmountOnExit || this.props.mountOnEnter) {
-          var node = this.props.nodeRef ? this.props.nodeRef.current : react_dom.findDOMNode(this); // https://github.com/reactjs/react-transition-group/pull/749
-          // With unmountOnExit or mountOnEnter, the enter animation should happen at the transition between `exited` and `entering`.
-          // To make the animation happen,  we have to separate each rendering and avoid being processed as batched.
-
-          if (node) forceReflow(node);
-        }
-        this.performEnter(mounting);
-      } else {
-        this.performExit();
-      }
-    } else if (this.props.unmountOnExit && this.state.status === EXITED) {
-      this.setState({
-        status: UNMOUNTED
-      });
-    }
-  };
-  _proto.performEnter = function performEnter(mounting) {
-    var _this2 = this;
-    var enter = this.props.enter;
-    var appearing = this.context ? this.context.isMounting : mounting;
-    var _ref2 = this.props.nodeRef ? [appearing] : [react_dom.findDOMNode(this), appearing],
-      maybeNode = _ref2[0],
-      maybeAppearing = _ref2[1];
-    var timeouts = this.getTimeouts();
-    var enterTimeout = appearing ? timeouts.appear : timeouts.enter; // no enter animation skip right to ENTERED
-    // if we are mounting and running this it means appear _must_ be set
-
-    if (!mounting && !enter || config.disabled) {
-      this.safeSetState({
-        status: ENTERED
-      }, function () {
-        _this2.props.onEntered(maybeNode);
-      });
-      return;
-    }
-    this.props.onEnter(maybeNode, maybeAppearing);
-    this.safeSetState({
-      status: ENTERING
-    }, function () {
-      _this2.props.onEntering(maybeNode, maybeAppearing);
-      _this2.onTransitionEnd(enterTimeout, function () {
-        _this2.safeSetState({
-          status: ENTERED
-        }, function () {
-          _this2.props.onEntered(maybeNode, maybeAppearing);
-        });
-      });
-    });
-  };
-  _proto.performExit = function performExit() {
-    var _this3 = this;
-    var exit = this.props.exit;
-    var timeouts = this.getTimeouts();
-    var maybeNode = this.props.nodeRef ? undefined : react_dom.findDOMNode(this); // no exit animation skip right to EXITED
-
-    if (!exit || config.disabled) {
-      this.safeSetState({
-        status: EXITED
-      }, function () {
-        _this3.props.onExited(maybeNode);
-      });
-      return;
-    }
-    this.props.onExit(maybeNode);
-    this.safeSetState({
-      status: EXITING
-    }, function () {
-      _this3.props.onExiting(maybeNode);
-      _this3.onTransitionEnd(timeouts.exit, function () {
-        _this3.safeSetState({
-          status: EXITED
-        }, function () {
-          _this3.props.onExited(maybeNode);
-        });
-      });
-    });
-  };
-  _proto.cancelNextCallback = function cancelNextCallback() {
-    if (this.nextCallback !== null) {
-      this.nextCallback.cancel();
-      this.nextCallback = null;
-    }
-  };
-  _proto.safeSetState = function safeSetState(nextState, callback) {
-    // This shouldn't be necessary, but there are weird race conditions with
-    // setState callbacks and unmounting in testing, so always make sure that
-    // we can cancel any pending setState callbacks after we unmount.
-    callback = this.setNextCallback(callback);
-    this.setState(nextState, callback);
-  };
-  _proto.setNextCallback = function setNextCallback(callback) {
-    var _this4 = this;
-    var active = true;
-    this.nextCallback = function (event) {
-      if (active) {
-        active = false;
-        _this4.nextCallback = null;
-        callback(event);
-      }
-    };
-    this.nextCallback.cancel = function () {
-      active = false;
-    };
-    return this.nextCallback;
-  };
-  _proto.onTransitionEnd = function onTransitionEnd(timeout, handler) {
-    this.setNextCallback(handler);
-    var node = this.props.nodeRef ? this.props.nodeRef.current : react_dom.findDOMNode(this);
-    var doesNotHaveTimeoutOrListener = timeout == null && !this.props.addEndListener;
-    if (!node || doesNotHaveTimeoutOrListener) {
-      setTimeout(this.nextCallback, 0);
-      return;
-    }
-    if (this.props.addEndListener) {
-      var _ref3 = this.props.nodeRef ? [this.nextCallback] : [node, this.nextCallback],
-        maybeNode = _ref3[0],
-        maybeNextCallback = _ref3[1];
-      this.props.addEndListener(maybeNode, maybeNextCallback);
-    }
-    if (timeout != null) {
-      setTimeout(this.nextCallback, timeout);
-    }
-  };
-  _proto.render = function render() {
-    var status = this.state.status;
-    if (status === UNMOUNTED) {
-      return null;
-    }
-    var _this$props = this.props,
-      children = _this$props.children,
-      _in = _this$props.in,
-      _mountOnEnter = _this$props.mountOnEnter,
-      _unmountOnExit = _this$props.unmountOnExit,
-      _appear = _this$props.appear,
-      _enter = _this$props.enter,
-      _exit = _this$props.exit,
-      _timeout = _this$props.timeout,
-      _addEndListener = _this$props.addEndListener,
-      _onEnter = _this$props.onEnter,
-      _onEntering = _this$props.onEntering,
-      _onEntered = _this$props.onEntered,
-      _onExit = _this$props.onExit,
-      _onExiting = _this$props.onExiting,
-      _onExited = _this$props.onExited,
-      _nodeRef = _this$props.nodeRef,
-      childProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_this$props, ["children", "in", "mountOnEnter", "unmountOnExit", "appear", "enter", "exit", "timeout", "addEndListener", "onEnter", "onEntering", "onEntered", "onExit", "onExiting", "onExited", "nodeRef"]);
-    return /*#__PURE__*/(
-      // allows for nested Transitions
-      react.createElement(TransitionGroupContext.Provider, {
-        value: null
-      }, typeof children === 'function' ? children(status, childProps) : react.cloneElement(react.Children.only(children), childProps))
-    );
-  };
-  return Transition;
-}(react.Component);
-Transition.contextType = TransitionGroupContext;
-Transition.propTypes =  false ? 0 : {}; // Name the function so it is clearer in the documentation
-
-function noop() {}
-Transition.defaultProps = {
-  in: false,
-  mountOnEnter: false,
-  unmountOnExit: false,
-  appear: false,
-  enter: true,
-  exit: true,
-  onEnter: noop,
-  onEntering: noop,
-  onEntered: noop,
-  onExit: noop,
-  onExiting: noop,
-  onExited: noop
-};
-Transition.UNMOUNTED = UNMOUNTED;
-Transition.EXITED = EXITED;
-Transition.ENTERING = ENTERING;
-Transition.ENTERED = ENTERED;
-Transition.EXITING = EXITING;
-/* harmony default export */ var esm_Transition = (Transition);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/transitions/utils.js
-var reflow = function reflow(node) {
-  return node.scrollTop;
-};
-function getTransitionProps(props, options) {
-  var _style$transitionDura, _style$transitionTimi;
-  var timeout = props.timeout,
-    easing = props.easing,
-    _props$style = props.style,
-    style = _props$style === void 0 ? {} : _props$style;
-  return {
-    duration: (_style$transitionDura = style.transitionDuration) != null ? _style$transitionDura : typeof timeout === 'number' ? timeout : timeout[options.mode] || 0,
-    easing: (_style$transitionTimi = style.transitionTimingFunction) != null ? _style$transitionTimi : typeof easing === 'object' ? easing[options.mode] : easing,
-    delay: style.transitionDelay
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useForkRef.js
-
-/* harmony default export */ var utils_useForkRef = (useForkRef);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Fade/Fade.js
-
-
-var Fade_excluded = ["addEndListener", "appear", "children", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
-
-
-
-
-
-
-
-
-var styles = {
-  entering: {
-    opacity: 1
-  },
-  entered: {
-    opacity: 1
-  }
-};
-
-/**
- * The Fade transition is used by the [Modal](/material-ui/react-modal/) component.
- * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
- */
-var Fade = /*#__PURE__*/react.forwardRef(function Fade(props, ref) {
-  var theme = styles_useTheme_useTheme();
-  var defaultTimeout = {
-    enter: theme.transitions.duration.enteringScreen,
-    exit: theme.transitions.duration.leavingScreen
-  };
-  var addEndListener = props.addEndListener,
-    _props$appear = props.appear,
-    appear = _props$appear === void 0 ? true : _props$appear,
-    _children = props.children,
-    easing = props.easing,
-    inProp = props.in,
-    onEnter = props.onEnter,
-    onEntered = props.onEntered,
-    onEntering = props.onEntering,
-    onExit = props.onExit,
-    onExited = props.onExited,
-    onExiting = props.onExiting,
-    style = props.style,
-    _props$timeout = props.timeout,
-    timeout = _props$timeout === void 0 ? defaultTimeout : _props$timeout,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Fade_excluded);
-  var enableStrictModeCompat = true;
-  var nodeRef = react.useRef(null);
-  var handleRef = utils_useForkRef(nodeRef, _children.ref, ref);
-  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
-    return function (maybeIsAppearing) {
-      if (callback) {
-        var node = nodeRef.current;
-
-        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
-        if (maybeIsAppearing === undefined) {
-          callback(node);
-        } else {
-          callback(node, maybeIsAppearing);
-        }
-      }
-    };
-  };
-  var handleEntering = normalizedTransitionCallback(onEntering);
-  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
-    reflow(node); // So the animation always start from the start.
-
-    var transitionProps = getTransitionProps({
-      style: style,
-      timeout: timeout,
-      easing: easing
-    }, {
-      mode: 'enter'
-    });
-    node.style.webkitTransition = theme.transitions.create('opacity', transitionProps);
-    node.style.transition = theme.transitions.create('opacity', transitionProps);
-    if (onEnter) {
-      onEnter(node, isAppearing);
-    }
-  });
-  var handleEntered = normalizedTransitionCallback(onEntered);
-  var handleExiting = normalizedTransitionCallback(onExiting);
-  var handleExit = normalizedTransitionCallback(function (node) {
-    var transitionProps = getTransitionProps({
-      style: style,
-      timeout: timeout,
-      easing: easing
-    }, {
-      mode: 'exit'
-    });
-    node.style.webkitTransition = theme.transitions.create('opacity', transitionProps);
-    node.style.transition = theme.transitions.create('opacity', transitionProps);
-    if (onExit) {
-      onExit(node);
-    }
-  });
-  var handleExited = normalizedTransitionCallback(onExited);
-  var handleAddEndListener = function handleAddEndListener(next) {
-    if (addEndListener) {
-      // Old call signature before `react-transition-group` implemented `nodeRef`
-      addEndListener(nodeRef.current, next);
-    }
-  };
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    appear: appear,
-    in: inProp,
-    nodeRef: enableStrictModeCompat ? nodeRef : undefined,
-    onEnter: handleEnter,
-    onEntered: handleEntered,
-    onEntering: handleEntering,
-    onExit: handleExit,
-    onExited: handleExited,
-    onExiting: handleExiting,
-    addEndListener: handleAddEndListener,
-    timeout: timeout
-  }, other, {
-    children: function children(state, childProps) {
-      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
-        style: extends_extends({
-          opacity: 0,
-          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
-        }, styles[state], style, _children.props.style),
-        ref: handleRef
-      }, childProps));
-    }
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Fade_Fade = (Fade);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Backdrop/backdropClasses.js
-
-
-function getBackdropUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiBackdrop', slot);
-}
-var backdropClasses = generateUtilityClasses('MuiBackdrop', ['root', 'invisible']);
-/* harmony default export */ var Backdrop_backdropClasses = ((/* unused pure expression or super */ null && (backdropClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Backdrop/Backdrop.js
-
-
-var Backdrop_excluded = ["children", "className", "component", "components", "componentsProps", "invisible", "open", "slotProps", "slots", "TransitionComponent", "transitionDuration"];
-
-
-
-
-
-
-
-
-
-var Backdrop_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    invisible = ownerState.invisible;
-  var slots = {
-    root: ['root', invisible && 'invisible']
-  };
-  return composeClasses(slots, getBackdropUtilityClass, classes);
-};
-var BackdropRoot = styles_styled('div', {
-  name: 'MuiBackdrop',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.invisible && styles.invisible];
-  }
-})(function (_ref2) {
-  var ownerState = _ref2.ownerState;
-  return extends_extends({
-    position: 'fixed',
-    display: 'flex',
-    alignItems: 'center',
-    justifyContent: 'center',
-    right: 0,
-    bottom: 0,
-    top: 0,
-    left: 0,
-    backgroundColor: 'rgba(0, 0, 0, 0.5)',
-    WebkitTapHighlightColor: 'transparent'
-  }, ownerState.invisible && {
-    backgroundColor: 'transparent'
-  });
-});
-var Backdrop = /*#__PURE__*/react.forwardRef(function Backdrop(inProps, ref) {
-  var _slotProps$root, _ref, _slots$root;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiBackdrop'
-  });
-  var children = props.children,
-    className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    _props$components = props.components,
-    components = _props$components === void 0 ? {} : _props$components,
-    _props$componentsProp = props.componentsProps,
-    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
-    _props$invisible = props.invisible,
-    invisible = _props$invisible === void 0 ? false : _props$invisible,
-    open = props.open,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? Fade_Fade : _props$TransitionComp,
-    transitionDuration = props.transitionDuration,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Backdrop_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    invisible: invisible
-  });
-  var classes = Backdrop_useUtilityClasses(ownerState);
-  var rootSlotProps = (_slotProps$root = slotProps.root) != null ? _slotProps$root : componentsProps.root;
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    in: open,
-    timeout: transitionDuration
-  }, other, {
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(BackdropRoot, extends_extends({
-      "aria-hidden": true
-    }, rootSlotProps, {
-      as: (_ref = (_slots$root = slots.root) != null ? _slots$root : components.Root) != null ? _ref : component,
-      className: clsx_m(classes.root, className, rootSlotProps == null ? void 0 : rootSlotProps.className),
-      ownerState: extends_extends({}, ownerState, rootSlotProps == null ? void 0 : rootSlotProps.ownerState),
-      classes: classes,
-      ref: ref,
-      children: children
-    }))
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Backdrop_Backdrop = (Backdrop);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Modal/Modal.js
-
-
-
-var Modal_Modal_excluded = ["BackdropComponent", "BackdropProps", "classes", "className", "closeAfterTransition", "children", "container", "component", "components", "componentsProps", "disableAutoFocus", "disableEnforceFocus", "disableEscapeKeyDown", "disablePortal", "disableRestoreFocus", "disableScrollLock", "hideBackdrop", "keepMounted", "onBackdropClick", "onClose", "open", "slotProps", "slots", "theme"];
-
-
-
-
-
-
-
-
-
-
-var Modal_Modal_modalClasses = (/* unused pure expression or super */ null && (modalUnstyledClasses));
-var ModalRoot = styles_styled('div', {
-  name: 'MuiModal',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, !ownerState.open && ownerState.exited && styles.hidden];
-  }
-})(function (_ref3) {
-  var theme = _ref3.theme,
-    ownerState = _ref3.ownerState;
-  return extends_extends({
-    position: 'fixed',
-    zIndex: (theme.vars || theme).zIndex.modal,
-    right: 0,
-    bottom: 0,
-    top: 0,
-    left: 0
-  }, !ownerState.open && ownerState.exited && {
-    visibility: 'hidden'
-  });
-});
-var ModalBackdrop = styles_styled(Backdrop_Backdrop, {
-  name: 'MuiModal',
-  slot: 'Backdrop',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.backdrop;
-  }
-})({
-  zIndex: -1
-});
-
-/**
- * Modal is a lower-level construct that is leveraged by the following components:
- *
- * - [Dialog](/material-ui/api/dialog/)
- * - [Drawer](/material-ui/api/drawer/)
- * - [Menu](/material-ui/api/menu/)
- * - [Popover](/material-ui/api/popover/)
- *
- * If you are creating a modal dialog, you probably want to use the [Dialog](/material-ui/api/dialog/) component
- * rather than directly using Modal.
- *
- * This component shares many concepts with [react-overlays](https://react-bootstrap.github.io/react-overlays/#modals).
- */
-var Modal_Modal_Modal = /*#__PURE__*/react.forwardRef(function Modal(inProps, ref) {
-  var _ref, _slots$root, _ref2, _slots$backdrop, _slotProps$root, _slotProps$backdrop;
-  var props = useThemeProps_useThemeProps({
-    name: 'MuiModal',
-    props: inProps
-  });
-  var _props$BackdropCompon = props.BackdropComponent,
-    BackdropComponent = _props$BackdropCompon === void 0 ? ModalBackdrop : _props$BackdropCompon,
-    BackdropProps = props.BackdropProps,
-    classes = props.classes,
-    className = props.className,
-    _props$closeAfterTran = props.closeAfterTransition,
-    closeAfterTransition = _props$closeAfterTran === void 0 ? false : _props$closeAfterTran,
-    children = props.children,
-    container = props.container,
-    component = props.component,
-    _props$components = props.components,
-    components = _props$components === void 0 ? {} : _props$components,
-    _props$componentsProp = props.componentsProps,
-    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
-    _props$disableAutoFoc = props.disableAutoFocus,
-    disableAutoFocus = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
-    _props$disableEnforce = props.disableEnforceFocus,
-    disableEnforceFocus = _props$disableEnforce === void 0 ? false : _props$disableEnforce,
-    _props$disableEscapeK = props.disableEscapeKeyDown,
-    disableEscapeKeyDown = _props$disableEscapeK === void 0 ? false : _props$disableEscapeK,
-    _props$disablePortal = props.disablePortal,
-    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
-    _props$disableRestore = props.disableRestoreFocus,
-    disableRestoreFocus = _props$disableRestore === void 0 ? false : _props$disableRestore,
-    _props$disableScrollL = props.disableScrollLock,
-    disableScrollLock = _props$disableScrollL === void 0 ? false : _props$disableScrollL,
-    _props$hideBackdrop = props.hideBackdrop,
-    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
-    _props$keepMounted = props.keepMounted,
-    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
-    onBackdropClick = props.onBackdropClick,
-    onClose = props.onClose,
-    open = props.open,
-    slotProps = props.slotProps,
-    slots = props.slots,
-    theme = props.theme,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Modal_Modal_excluded);
-  var _React$useState = react.useState(true),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    exited = _React$useState2[0],
-    setExited = _React$useState2[1];
-  var commonProps = {
-    container: container,
-    closeAfterTransition: closeAfterTransition,
-    disableAutoFocus: disableAutoFocus,
-    disableEnforceFocus: disableEnforceFocus,
-    disableEscapeKeyDown: disableEscapeKeyDown,
-    disablePortal: disablePortal,
-    disableRestoreFocus: disableRestoreFocus,
-    disableScrollLock: disableScrollLock,
-    hideBackdrop: hideBackdrop,
-    keepMounted: keepMounted,
-    onBackdropClick: onBackdropClick,
-    onClose: onClose,
-    open: open
-  };
-  var ownerState = extends_extends({}, props, commonProps, {
-    exited: exited
-  });
-  var RootSlot = (_ref = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : components.Root) != null ? _ref : ModalRoot;
-  var BackdropSlot = (_ref2 = (_slots$backdrop = slots == null ? void 0 : slots.backdrop) != null ? _slots$backdrop : components.Backdrop) != null ? _ref2 : BackdropComponent;
-  var rootSlotProps = (_slotProps$root = slotProps == null ? void 0 : slotProps.root) != null ? _slotProps$root : componentsProps.root;
-  var backdropSlotProps = (_slotProps$backdrop = slotProps == null ? void 0 : slotProps.backdrop) != null ? _slotProps$backdrop : componentsProps.backdrop;
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Modal_Modal, extends_extends({
-    slots: {
-      root: RootSlot,
-      backdrop: BackdropSlot
-    },
-    slotProps: {
-      root: function root() {
-        return extends_extends({}, resolveComponentProps(rootSlotProps, ownerState), !isHostComponent(RootSlot) && {
-          as: component,
-          theme: theme
-        }, {
-          className: clsx_m(className, rootSlotProps == null ? void 0 : rootSlotProps.className, classes == null ? void 0 : classes.root, !ownerState.open && ownerState.exited && (classes == null ? void 0 : classes.hidden))
-        });
-      },
-      backdrop: function backdrop() {
-        return extends_extends({}, BackdropProps, resolveComponentProps(backdropSlotProps, ownerState), {
-          className: clsx_m(backdropSlotProps == null ? void 0 : backdropSlotProps.className, BackdropProps == null ? void 0 : BackdropProps.className, classes == null ? void 0 : classes.backdrop)
-        });
-      }
-    },
-    onTransitionEnter: function onTransitionEnter() {
-      return setExited(false);
-    },
-    onTransitionExited: function onTransitionExited() {
-      return setExited(true);
-    },
-    ref: ref
-  }, other, commonProps, {
-    children: children
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var material_Modal_Modal = (Modal_Modal_Modal);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/debounce.js
-// Corresponds to 10 frames at 60 Hz.
-// A few bytes payload overhead when lodash/debounce is ~3 kB and debounce ~300 B.
-function debounce(func) {
-  var wait = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 166;
-  var timeout;
-  function debounced() {
-    var _this = this;
-    for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
-      args[_key] = arguments[_key];
-    }
-    var later = function later() {
-      func.apply(_this, args);
-    };
-    clearTimeout(timeout);
-    timeout = setTimeout(later, wait);
-  }
-  debounced.clear = function () {
-    clearTimeout(timeout);
-  };
-  return debounced;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/debounce.js
-
-/* harmony default export */ var utils_debounce = (debounce);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/ownerWindow.js
-
-/* harmony default export */ var utils_ownerWindow = (ownerWindow);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Slide/Slide.js
-
-
-var Slide_excluded = ["addEndListener", "appear", "children", "container", "direction", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
-
-
-
-
-
-
-
-
-
-
-// Translate the node so it can't be seen on the screen.
-// Later, we're going to translate the node back to its original location with `none`.
-
-function getTranslateValue(direction, node, resolvedContainer) {
-  var rect = node.getBoundingClientRect();
-  var containerRect = resolvedContainer && resolvedContainer.getBoundingClientRect();
-  var containerWindow = utils_ownerWindow(node);
-  var transform;
-  if (node.fakeTransform) {
-    transform = node.fakeTransform;
-  } else {
-    var computedStyle = containerWindow.getComputedStyle(node);
-    transform = computedStyle.getPropertyValue('-webkit-transform') || computedStyle.getPropertyValue('transform');
-  }
-  var offsetX = 0;
-  var offsetY = 0;
-  if (transform && transform !== 'none' && typeof transform === 'string') {
-    var transformValues = transform.split('(')[1].split(')')[0].split(',');
-    offsetX = parseInt(transformValues[4], 10);
-    offsetY = parseInt(transformValues[5], 10);
-  }
-  if (direction === 'left') {
-    if (containerRect) {
-      return "translateX(".concat(containerRect.right + offsetX - rect.left, "px)");
-    }
-    return "translateX(".concat(containerWindow.innerWidth + offsetX - rect.left, "px)");
-  }
-  if (direction === 'right') {
-    if (containerRect) {
-      return "translateX(-".concat(rect.right - containerRect.left - offsetX, "px)");
-    }
-    return "translateX(-".concat(rect.left + rect.width - offsetX, "px)");
-  }
-  if (direction === 'up') {
-    if (containerRect) {
-      return "translateY(".concat(containerRect.bottom + offsetY - rect.top, "px)");
-    }
-    return "translateY(".concat(containerWindow.innerHeight + offsetY - rect.top, "px)");
-  }
-
-  // direction === 'down'
-  if (containerRect) {
-    return "translateY(-".concat(rect.top - containerRect.top + rect.height - offsetY, "px)");
-  }
-  return "translateY(-".concat(rect.top + rect.height - offsetY, "px)");
-}
-function resolveContainer(containerPropProp) {
-  return typeof containerPropProp === 'function' ? containerPropProp() : containerPropProp;
-}
-function setTranslateValue(direction, node, containerProp) {
-  var resolvedContainer = resolveContainer(containerProp);
-  var transform = getTranslateValue(direction, node, resolvedContainer);
-  if (transform) {
-    node.style.webkitTransform = transform;
-    node.style.transform = transform;
-  }
-}
-
-/**
- * The Slide transition is used by the [Drawer](/material-ui/react-drawer/) component.
- * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
- */
-var Slide = /*#__PURE__*/react.forwardRef(function Slide(props, ref) {
-  var theme = styles_useTheme_useTheme();
-  var defaultEasing = {
-    enter: theme.transitions.easing.easeOut,
-    exit: theme.transitions.easing.sharp
-  };
-  var defaultTimeout = {
-    enter: theme.transitions.duration.enteringScreen,
-    exit: theme.transitions.duration.leavingScreen
-  };
-  var addEndListener = props.addEndListener,
-    _props$appear = props.appear,
-    appear = _props$appear === void 0 ? true : _props$appear,
-    _children = props.children,
-    containerProp = props.container,
-    _props$direction = props.direction,
-    direction = _props$direction === void 0 ? 'down' : _props$direction,
-    _props$easing = props.easing,
-    easingProp = _props$easing === void 0 ? defaultEasing : _props$easing,
-    inProp = props.in,
-    onEnter = props.onEnter,
-    onEntered = props.onEntered,
-    onEntering = props.onEntering,
-    onExit = props.onExit,
-    onExited = props.onExited,
-    onExiting = props.onExiting,
-    style = props.style,
-    _props$timeout = props.timeout,
-    timeout = _props$timeout === void 0 ? defaultTimeout : _props$timeout,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Slide_excluded);
-  var childrenRef = react.useRef(null);
-  var handleRef = utils_useForkRef(_children.ref, childrenRef, ref);
-  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
-    return function (isAppearing) {
-      if (callback) {
-        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
-        if (isAppearing === undefined) {
-          callback(childrenRef.current);
-        } else {
-          callback(childrenRef.current, isAppearing);
-        }
-      }
-    };
-  };
-  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
-    setTranslateValue(direction, node, containerProp);
-    reflow(node);
-    if (onEnter) {
-      onEnter(node, isAppearing);
-    }
-  });
-  var handleEntering = normalizedTransitionCallback(function (node, isAppearing) {
-    var transitionProps = getTransitionProps({
-      timeout: timeout,
-      style: style,
-      easing: easingProp
-    }, {
-      mode: 'enter'
-    });
-    node.style.webkitTransition = theme.transitions.create('-webkit-transform', extends_extends({}, transitionProps));
-    node.style.transition = theme.transitions.create('transform', extends_extends({}, transitionProps));
-    node.style.webkitTransform = 'none';
-    node.style.transform = 'none';
-    if (onEntering) {
-      onEntering(node, isAppearing);
-    }
-  });
-  var handleEntered = normalizedTransitionCallback(onEntered);
-  var handleExiting = normalizedTransitionCallback(onExiting);
-  var handleExit = normalizedTransitionCallback(function (node) {
-    var transitionProps = getTransitionProps({
-      timeout: timeout,
-      style: style,
-      easing: easingProp
-    }, {
-      mode: 'exit'
-    });
-    node.style.webkitTransition = theme.transitions.create('-webkit-transform', transitionProps);
-    node.style.transition = theme.transitions.create('transform', transitionProps);
-    setTranslateValue(direction, node, containerProp);
-    if (onExit) {
-      onExit(node);
-    }
-  });
-  var handleExited = normalizedTransitionCallback(function (node) {
-    // No need for transitions when the component is hidden
-    node.style.webkitTransition = '';
-    node.style.transition = '';
-    if (onExited) {
-      onExited(node);
-    }
-  });
-  var handleAddEndListener = function handleAddEndListener(next) {
-    if (addEndListener) {
-      // Old call signature before `react-transition-group` implemented `nodeRef`
-      addEndListener(childrenRef.current, next);
-    }
-  };
-  var updatePosition = react.useCallback(function () {
-    if (childrenRef.current) {
-      setTranslateValue(direction, childrenRef.current, containerProp);
-    }
-  }, [direction, containerProp]);
-  react.useEffect(function () {
-    // Skip configuration where the position is screen size invariant.
-    if (inProp || direction === 'down' || direction === 'right') {
-      return undefined;
-    }
-    var handleResize = utils_debounce(function () {
-      if (childrenRef.current) {
-        setTranslateValue(direction, childrenRef.current, containerProp);
-      }
-    });
-    var containerWindow = utils_ownerWindow(childrenRef.current);
-    containerWindow.addEventListener('resize', handleResize);
-    return function () {
-      handleResize.clear();
-      containerWindow.removeEventListener('resize', handleResize);
-    };
-  }, [direction, inProp, containerProp]);
-  react.useEffect(function () {
-    if (!inProp) {
-      // We need to update the position of the drawer when the direction change and
-      // when it's hidden.
-      updatePosition();
-    }
-  }, [inProp, updatePosition]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    nodeRef: childrenRef,
-    onEnter: handleEnter,
-    onEntered: handleEntered,
-    onEntering: handleEntering,
-    onExit: handleExit,
-    onExited: handleExited,
-    onExiting: handleExiting,
-    addEndListener: handleAddEndListener,
-    appear: appear,
-    in: inProp,
-    timeout: timeout
-  }, other, {
-    children: function children(state, childProps) {
-      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
-        ref: handleRef,
-        style: extends_extends({
-          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
-        }, style, _children.props.style)
-      }, childProps));
-    }
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Slide_Slide = (Slide);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/styles/getOverlayAlpha.js
-// Inspired by https://github.com/material-components/material-components-ios/blob/bca36107405594d5b7b16265a5b0ed698f85a5ee/components/Elevation/src/UIColor%2BMaterialElevation.m#L61
-var getOverlayAlpha = function getOverlayAlpha(elevation) {
-  var alphaValue;
-  if (elevation < 1) {
-    alphaValue = 5.11916 * Math.pow(elevation, 2);
-  } else {
-    alphaValue = 4.5 * Math.log(elevation + 1) + 2;
-  }
-  return (alphaValue / 100).toFixed(2);
-};
-/* harmony default export */ var styles_getOverlayAlpha = (getOverlayAlpha);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Paper/paperClasses.js
-
-
-function getPaperUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiPaper', slot);
-}
-var paperClasses = generateUtilityClasses('MuiPaper', ['root', 'rounded', 'outlined', 'elevation', 'elevation0', 'elevation1', 'elevation2', 'elevation3', 'elevation4', 'elevation5', 'elevation6', 'elevation7', 'elevation8', 'elevation9', 'elevation10', 'elevation11', 'elevation12', 'elevation13', 'elevation14', 'elevation15', 'elevation16', 'elevation17', 'elevation18', 'elevation19', 'elevation20', 'elevation21', 'elevation22', 'elevation23', 'elevation24']);
-/* harmony default export */ var Paper_paperClasses = ((/* unused pure expression or super */ null && (paperClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Paper/Paper.js
-
-
-var Paper_excluded = ["className", "component", "elevation", "square", "variant"];
-
-
-
-
-
-
-
-
-
-
-
-
-var Paper_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var square = ownerState.square,
-    elevation = ownerState.elevation,
-    variant = ownerState.variant,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', variant, !square && 'rounded', variant === 'elevation' && "elevation".concat(elevation)]
-  };
-  return composeClasses(slots, getPaperUtilityClass, classes);
-};
-var PaperRoot = styles_styled('div', {
-  name: 'MuiPaper',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.variant], !ownerState.square && styles.rounded, ownerState.variant === 'elevation' && styles["elevation".concat(ownerState.elevation)]];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  var _theme$vars$overlays;
-  return extends_extends({
-    backgroundColor: (theme.vars || theme).palette.background.paper,
-    color: (theme.vars || theme).palette.text.primary,
-    transition: theme.transitions.create('box-shadow')
-  }, !ownerState.square && {
-    borderRadius: theme.shape.borderRadius
-  }, ownerState.variant === 'outlined' && {
-    border: "1px solid ".concat((theme.vars || theme).palette.divider)
-  }, ownerState.variant === 'elevation' && extends_extends({
-    boxShadow: (theme.vars || theme).shadows[ownerState.elevation]
-  }, !theme.vars && theme.palette.mode === 'dark' && {
-    backgroundImage: "linear-gradient(".concat(alpha('#fff', styles_getOverlayAlpha(ownerState.elevation)), ", ").concat(alpha('#fff', styles_getOverlayAlpha(ownerState.elevation)), ")")
-  }, theme.vars && {
-    backgroundImage: (_theme$vars$overlays = theme.vars.overlays) == null ? void 0 : _theme$vars$overlays[ownerState.elevation]
-  }));
-});
-var Paper = /*#__PURE__*/react.forwardRef(function Paper(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiPaper'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    _props$elevation = props.elevation,
-    elevation = _props$elevation === void 0 ? 1 : _props$elevation,
-    _props$square = props.square,
-    square = _props$square === void 0 ? false : _props$square,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'elevation' : _props$variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Paper_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    elevation: elevation,
-    square: square,
-    variant: variant
-  });
-  var classes = Paper_useUtilityClasses(ownerState);
-  if (false) { var theme; }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(PaperRoot, extends_extends({
-    as: component,
-    ownerState: ownerState,
-    className: clsx_m(classes.root, className),
-    ref: ref
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Paper_Paper = (Paper);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/capitalize.js
-
-/* harmony default export */ var utils_capitalize = (capitalize);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Drawer/drawerClasses.js
-
-
-function getDrawerUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiDrawer', slot);
-}
-var drawerClasses = generateUtilityClasses('MuiDrawer', ['root', 'docked', 'paper', 'paperAnchorLeft', 'paperAnchorRight', 'paperAnchorTop', 'paperAnchorBottom', 'paperAnchorDockedLeft', 'paperAnchorDockedRight', 'paperAnchorDockedTop', 'paperAnchorDockedBottom', 'modal']);
-/* harmony default export */ var Drawer_drawerClasses = ((/* unused pure expression or super */ null && (drawerClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Drawer/Drawer.js
-
-
-var Drawer_excluded = ["BackdropProps"],
-  Drawer_excluded2 = ["anchor", "BackdropProps", "children", "className", "elevation", "hideBackdrop", "ModalProps", "onClose", "open", "PaperProps", "SlideProps", "TransitionComponent", "transitionDuration", "variant"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var overridesResolver = function overridesResolver(props, styles) {
-  var ownerState = props.ownerState;
-  return [styles.root, (ownerState.variant === 'permanent' || ownerState.variant === 'persistent') && styles.docked, styles.modal];
-};
-var Drawer_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    anchor = ownerState.anchor,
-    variant = ownerState.variant;
-  var slots = {
-    root: ['root'],
-    docked: [(variant === 'permanent' || variant === 'persistent') && 'docked'],
-    modal: ['modal'],
-    paper: ['paper', "paperAnchor".concat(utils_capitalize(anchor)), variant !== 'temporary' && "paperAnchorDocked".concat(utils_capitalize(anchor))]
-  };
-  return composeClasses(slots, getDrawerUtilityClass, classes);
-};
-var DrawerRoot = styles_styled(material_Modal_Modal, {
-  name: 'MuiDrawer',
-  slot: 'Root',
-  overridesResolver: overridesResolver
-})(function (_ref) {
-  var theme = _ref.theme;
-  return {
-    zIndex: (theme.vars || theme).zIndex.drawer
-  };
-});
-var DrawerDockedRoot = styles_styled('div', {
-  shouldForwardProp: rootShouldForwardProp,
-  name: 'MuiDrawer',
-  slot: 'Docked',
-  skipVariantsResolver: false,
-  overridesResolver: overridesResolver
-})({
-  flex: '0 0 auto'
-});
-var DrawerPaper = styles_styled(Paper_Paper, {
-  name: 'MuiDrawer',
-  slot: 'Paper',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.paper, styles["paperAnchor".concat(utils_capitalize(ownerState.anchor))], ownerState.variant !== 'temporary' && styles["paperAnchorDocked".concat(utils_capitalize(ownerState.anchor))]];
-  }
-})(function (_ref2) {
-  var theme = _ref2.theme,
-    ownerState = _ref2.ownerState;
-  return extends_extends({
-    overflowY: 'auto',
-    display: 'flex',
-    flexDirection: 'column',
-    height: '100%',
-    flex: '1 0 auto',
-    zIndex: (theme.vars || theme).zIndex.drawer,
-    // Add iOS momentum scrolling for iOS < 13.0
-    WebkitOverflowScrolling: 'touch',
-    // temporary style
-    position: 'fixed',
-    top: 0,
-    // We disable the focus ring for mouse, touch and keyboard users.
-    // At some point, it would be better to keep it for keyboard users.
-    // :focus-ring CSS pseudo-class will help.
-    outline: 0
-  }, ownerState.anchor === 'left' && {
-    left: 0
-  }, ownerState.anchor === 'top' && {
-    top: 0,
-    left: 0,
-    right: 0,
-    height: 'auto',
-    maxHeight: '100%'
-  }, ownerState.anchor === 'right' && {
-    right: 0
-  }, ownerState.anchor === 'bottom' && {
-    top: 'auto',
-    left: 0,
-    bottom: 0,
-    right: 0,
-    height: 'auto',
-    maxHeight: '100%'
-  }, ownerState.anchor === 'left' && ownerState.variant !== 'temporary' && {
-    borderRight: "1px solid ".concat((theme.vars || theme).palette.divider)
-  }, ownerState.anchor === 'top' && ownerState.variant !== 'temporary' && {
-    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider)
-  }, ownerState.anchor === 'right' && ownerState.variant !== 'temporary' && {
-    borderLeft: "1px solid ".concat((theme.vars || theme).palette.divider)
-  }, ownerState.anchor === 'bottom' && ownerState.variant !== 'temporary' && {
-    borderTop: "1px solid ".concat((theme.vars || theme).palette.divider)
-  });
-});
-var oppositeDirection = {
-  left: 'right',
-  right: 'left',
-  top: 'down',
-  bottom: 'up'
-};
-function isHorizontal(anchor) {
-  return ['left', 'right'].indexOf(anchor) !== -1;
-}
-function getAnchor(theme, anchor) {
-  return theme.direction === 'rtl' && isHorizontal(anchor) ? oppositeDirection[anchor] : anchor;
-}
-
-/**
- * The props of the [Modal](/material-ui/api/modal/) component are available
- * when `variant="temporary"` is set.
- */
-var Drawer = /*#__PURE__*/react.forwardRef(function Drawer(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiDrawer'
-  });
-  var theme = styles_useTheme_useTheme();
-  var defaultTransitionDuration = {
-    enter: theme.transitions.duration.enteringScreen,
-    exit: theme.transitions.duration.leavingScreen
-  };
-  var _props$anchor = props.anchor,
-    anchorProp = _props$anchor === void 0 ? 'left' : _props$anchor,
-    BackdropProps = props.BackdropProps,
-    children = props.children,
-    className = props.className,
-    _props$elevation = props.elevation,
-    elevation = _props$elevation === void 0 ? 16 : _props$elevation,
-    _props$hideBackdrop = props.hideBackdrop,
-    hideBackdrop = _props$hideBackdrop === void 0 ? false : _props$hideBackdrop,
-    _props$ModalProps = props.ModalProps,
-    _props$ModalProps2 = _props$ModalProps === void 0 ? {} : _props$ModalProps,
-    BackdropPropsProp = _props$ModalProps2.BackdropProps,
-    onClose = props.onClose,
-    _props$open = props.open,
-    open = _props$open === void 0 ? false : _props$open,
-    _props$PaperProps = props.PaperProps,
-    PaperProps = _props$PaperProps === void 0 ? {} : _props$PaperProps,
-    SlideProps = props.SlideProps,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? Slide_Slide : _props$TransitionComp,
-    _props$transitionDura = props.transitionDuration,
-    transitionDuration = _props$transitionDura === void 0 ? defaultTransitionDuration : _props$transitionDura,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'temporary' : _props$variant,
-    ModalProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.ModalProps, Drawer_excluded),
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Drawer_excluded2);
-
-  // Let's assume that the Drawer will always be rendered on user space.
-  // We use this state is order to skip the appear transition during the
-  // initial mount of the component.
-  var mounted = react.useRef(false);
-  react.useEffect(function () {
-    mounted.current = true;
-  }, []);
-  var anchorInvariant = getAnchor(theme, anchorProp);
-  var anchor = anchorProp;
-  var ownerState = extends_extends({}, props, {
-    anchor: anchor,
-    elevation: elevation,
-    open: open,
-    variant: variant
-  }, other);
-  var classes = Drawer_useUtilityClasses(ownerState);
-  var drawer = /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerPaper, extends_extends({
-    elevation: variant === 'temporary' ? elevation : 0,
-    square: true
-  }, PaperProps, {
-    className: clsx_m(classes.paper, PaperProps.className),
-    ownerState: ownerState,
-    children: children
-  }));
-  if (variant === 'permanent') {
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerDockedRoot, extends_extends({
-      className: clsx_m(classes.root, classes.docked, className),
-      ownerState: ownerState,
-      ref: ref
-    }, other, {
-      children: drawer
-    }));
-  }
-  var slidingDrawer = /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    in: open,
-    direction: oppositeDirection[anchorInvariant],
-    timeout: transitionDuration,
-    appear: mounted.current
-  }, SlideProps, {
-    children: drawer
-  }));
-  if (variant === 'persistent') {
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerDockedRoot, extends_extends({
-      className: clsx_m(classes.root, classes.docked, className),
-      ownerState: ownerState,
-      ref: ref
-    }, other, {
-      children: slidingDrawer
-    }));
-  }
-
-  // variant === temporary
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(DrawerRoot, extends_extends({
-    BackdropProps: extends_extends({}, BackdropProps, BackdropPropsProp, {
-      transitionDuration: transitionDuration
-    }),
-    className: clsx_m(classes.root, classes.modal, className),
-    open: open,
-    ownerState: ownerState,
-    onClose: onClose,
-    hideBackdrop: hideBackdrop,
-    ref: ref
-  }, other, ModalProps, {
-    children: slidingDrawer
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Drawer_Drawer = (Drawer);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/AppBar/appBarClasses.js
-
-
-function getAppBarUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiAppBar', slot);
-}
-var appBarClasses = generateUtilityClasses('MuiAppBar', ['root', 'positionFixed', 'positionAbsolute', 'positionSticky', 'positionStatic', 'positionRelative', 'colorDefault', 'colorPrimary', 'colorSecondary', 'colorInherit', 'colorTransparent']);
-/* harmony default export */ var AppBar_appBarClasses = ((/* unused pure expression or super */ null && (appBarClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/AppBar/AppBar.js
-
-
-var AppBar_excluded = ["className", "color", "enableColorOnDark", "position"];
-
-
-
-
-
-
-
-
-
-
-var AppBar_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var color = ownerState.color,
-    position = ownerState.position,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', "color".concat(utils_capitalize(color)), "position".concat(utils_capitalize(position))]
-  };
-  return composeClasses(slots, getAppBarUtilityClass, classes);
-};
-
-// var2 is the fallback.
-// Ex. var1: 'var(--a)', var2: 'var(--b)'; return: 'var(--a, var(--b))'
-var joinVars = function joinVars(var1, var2) {
-  return var1 ? "".concat(var1 == null ? void 0 : var1.replace(')', ''), ", ").concat(var2, ")") : var2;
-};
-var AppBarRoot = styles_styled(Paper_Paper, {
-  name: 'MuiAppBar',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles["position".concat(utils_capitalize(ownerState.position))], styles["color".concat(utils_capitalize(ownerState.color))]];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  var backgroundColorDefault = theme.palette.mode === 'light' ? theme.palette.grey[100] : theme.palette.grey[900];
-  return extends_extends({
-    display: 'flex',
-    flexDirection: 'column',
-    width: '100%',
-    boxSizing: 'border-box',
-    // Prevent padding issue with the Modal and fixed positioned AppBar.
-    flexShrink: 0
-  }, ownerState.position === 'fixed' && {
-    position: 'fixed',
-    zIndex: (theme.vars || theme).zIndex.appBar,
-    top: 0,
-    left: 'auto',
-    right: 0,
-    '@media print': {
-      // Prevent the app bar to be visible on each printed page.
-      position: 'absolute'
-    }
-  }, ownerState.position === 'absolute' && {
-    position: 'absolute',
-    zIndex: (theme.vars || theme).zIndex.appBar,
-    top: 0,
-    left: 'auto',
-    right: 0
-  }, ownerState.position === 'sticky' && {
-    // ⚠️ sticky is not supported by IE11.
-    position: 'sticky',
-    zIndex: (theme.vars || theme).zIndex.appBar,
-    top: 0,
-    left: 'auto',
-    right: 0
-  }, ownerState.position === 'static' && {
-    position: 'static'
-  }, ownerState.position === 'relative' && {
-    position: 'relative'
-  }, !theme.vars && extends_extends({}, ownerState.color === 'default' && {
-    backgroundColor: backgroundColorDefault,
-    color: theme.palette.getContrastText(backgroundColorDefault)
-  }, ownerState.color && ownerState.color !== 'default' && ownerState.color !== 'inherit' && ownerState.color !== 'transparent' && {
-    backgroundColor: theme.palette[ownerState.color].main,
-    color: theme.palette[ownerState.color].contrastText
-  }, ownerState.color === 'inherit' && {
-    color: 'inherit'
-  }, theme.palette.mode === 'dark' && !ownerState.enableColorOnDark && {
-    backgroundColor: null,
-    color: null
-  }, ownerState.color === 'transparent' && extends_extends({
-    backgroundColor: 'transparent',
-    color: 'inherit'
-  }, theme.palette.mode === 'dark' && {
-    backgroundImage: 'none'
-  })), theme.vars && extends_extends({}, ownerState.color === 'default' && {
-    '--AppBar-background': ownerState.enableColorOnDark ? theme.vars.palette.AppBar.defaultBg : joinVars(theme.vars.palette.AppBar.darkBg, theme.vars.palette.AppBar.defaultBg),
-    '--AppBar-color': ownerState.enableColorOnDark ? theme.vars.palette.text.primary : joinVars(theme.vars.palette.AppBar.darkColor, theme.vars.palette.text.primary)
-  }, ownerState.color && !ownerState.color.match(/^(default|inherit|transparent)$/) && {
-    '--AppBar-background': ownerState.enableColorOnDark ? theme.vars.palette[ownerState.color].main : joinVars(theme.vars.palette.AppBar.darkBg, theme.vars.palette[ownerState.color].main),
-    '--AppBar-color': ownerState.enableColorOnDark ? theme.vars.palette[ownerState.color].contrastText : joinVars(theme.vars.palette.AppBar.darkColor, theme.vars.palette[ownerState.color].contrastText)
-  }, {
-    backgroundColor: 'var(--AppBar-background)',
-    color: ownerState.color === 'inherit' ? 'inherit' : 'var(--AppBar-color)'
-  }, ownerState.color === 'transparent' && {
-    backgroundImage: 'none',
-    backgroundColor: 'transparent',
-    color: 'inherit'
-  }));
-});
-var AppBar = /*#__PURE__*/react.forwardRef(function AppBar(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiAppBar'
-  });
-  var className = props.className,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'primary' : _props$color,
-    _props$enableColorOnD = props.enableColorOnDark,
-    enableColorOnDark = _props$enableColorOnD === void 0 ? false : _props$enableColorOnD,
-    _props$position = props.position,
-    position = _props$position === void 0 ? 'fixed' : _props$position,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, AppBar_excluded);
-  var ownerState = extends_extends({}, props, {
-    color: color,
-    position: position,
-    enableColorOnDark: enableColorOnDark
-  });
-  var classes = AppBar_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(AppBarRoot, extends_extends({
-    square: true,
-    component: "header",
-    ownerState: ownerState,
-    elevation: 4,
-    className: clsx_m(classes.root, className, position === 'fixed' && 'mui-fixed'),
-    ref: ref
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var AppBar_AppBar = (AppBar);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/List/ListContext.js
-
-
-/**
- * @ignore - internal component.
- */
-var ListContext = /*#__PURE__*/react.createContext({});
-if (false) {}
-/* harmony default export */ var List_ListContext = (ListContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/List/listClasses.js
-
-
-function getListUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiList', slot);
-}
-var listClasses = generateUtilityClasses('MuiList', ['root', 'padding', 'dense', 'subheader']);
-/* harmony default export */ var List_listClasses = ((/* unused pure expression or super */ null && (listClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/List/List.js
-
-
-var List_excluded = ["children", "className", "component", "dense", "disablePadding", "subheader"];
-
-
-
-
-
-
-
-
-
-
-var List_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    disablePadding = ownerState.disablePadding,
-    dense = ownerState.dense,
-    subheader = ownerState.subheader;
-  var slots = {
-    root: ['root', !disablePadding && 'padding', dense && 'dense', subheader && 'subheader']
-  };
-  return composeClasses(slots, getListUtilityClass, classes);
-};
-var ListRoot = styles_styled('ul', {
-  name: 'MuiList',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, !ownerState.disablePadding && styles.padding, ownerState.dense && styles.dense, ownerState.subheader && styles.subheader];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState;
-  return extends_extends({
-    listStyle: 'none',
-    margin: 0,
-    padding: 0,
-    position: 'relative'
-  }, !ownerState.disablePadding && {
-    paddingTop: 8,
-    paddingBottom: 8
-  }, ownerState.subheader && {
-    paddingTop: 0
-  });
-});
-var List = /*#__PURE__*/react.forwardRef(function List(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiList'
-  });
-  var children = props.children,
-    className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'ul' : _props$component,
-    _props$dense = props.dense,
-    dense = _props$dense === void 0 ? false : _props$dense,
-    _props$disablePadding = props.disablePadding,
-    disablePadding = _props$disablePadding === void 0 ? false : _props$disablePadding,
-    subheader = props.subheader,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, List_excluded);
-  var context = react.useMemo(function () {
-    return {
-      dense: dense
-    };
-  }, [dense]);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    dense: dense,
-    disablePadding: disablePadding
-  });
-  var classes = List_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
-    value: context,
-    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(ListRoot, extends_extends({
-      as: component,
-      className: clsx_m(classes.root, className),
-      ref: ref,
-      ownerState: ownerState
-    }, other, {
-      children: [subheader, children]
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var List_List = (List);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Divider/dividerClasses.js
-
-
-function getDividerUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiDivider', slot);
-}
-var dividerClasses = generateUtilityClasses('MuiDivider', ['root', 'absolute', 'fullWidth', 'inset', 'middle', 'flexItem', 'light', 'vertical', 'withChildren', 'withChildrenVertical', 'textAlignRight', 'textAlignLeft', 'wrapper', 'wrapperVertical']);
-/* harmony default export */ var Divider_dividerClasses = (dividerClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Divider/Divider.js
-
-
-var Divider_excluded = ["absolute", "children", "className", "component", "flexItem", "light", "orientation", "role", "textAlign", "variant"];
-
-
-
-
-
-
-
-
-
-var Divider_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var absolute = ownerState.absolute,
-    children = ownerState.children,
-    classes = ownerState.classes,
-    flexItem = ownerState.flexItem,
-    light = ownerState.light,
-    orientation = ownerState.orientation,
-    textAlign = ownerState.textAlign,
-    variant = ownerState.variant;
-  var slots = {
-    root: ['root', absolute && 'absolute', variant, light && 'light', orientation === 'vertical' && 'vertical', flexItem && 'flexItem', children && 'withChildren', children && orientation === 'vertical' && 'withChildrenVertical', textAlign === 'right' && orientation !== 'vertical' && 'textAlignRight', textAlign === 'left' && orientation !== 'vertical' && 'textAlignLeft'],
-    wrapper: ['wrapper', orientation === 'vertical' && 'wrapperVertical']
-  };
-  return composeClasses(slots, getDividerUtilityClass, classes);
-};
-var DividerRoot = styles_styled('div', {
-  name: 'MuiDivider',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.absolute && styles.absolute, styles[ownerState.variant], ownerState.light && styles.light, ownerState.orientation === 'vertical' && styles.vertical, ownerState.flexItem && styles.flexItem, ownerState.children && styles.withChildren, ownerState.children && ownerState.orientation === 'vertical' && styles.withChildrenVertical, ownerState.textAlign === 'right' && ownerState.orientation !== 'vertical' && styles.textAlignRight, ownerState.textAlign === 'left' && ownerState.orientation !== 'vertical' && styles.textAlignLeft];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    margin: 0,
-    // Reset browser default style.
-    flexShrink: 0,
-    borderWidth: 0,
-    borderStyle: 'solid',
-    borderColor: (theme.vars || theme).palette.divider,
-    borderBottomWidth: 'thin'
-  }, ownerState.absolute && {
-    position: 'absolute',
-    bottom: 0,
-    left: 0,
-    width: '100%'
-  }, ownerState.light && {
-    borderColor: theme.vars ? "rgba(".concat(theme.vars.palette.dividerChannel, " / 0.08)") : alpha(theme.palette.divider, 0.08)
-  }, ownerState.variant === 'inset' && {
-    marginLeft: 72
-  }, ownerState.variant === 'middle' && ownerState.orientation === 'horizontal' && {
-    marginLeft: theme.spacing(2),
-    marginRight: theme.spacing(2)
-  }, ownerState.variant === 'middle' && ownerState.orientation === 'vertical' && {
-    marginTop: theme.spacing(1),
-    marginBottom: theme.spacing(1)
-  }, ownerState.orientation === 'vertical' && {
-    height: '100%',
-    borderBottomWidth: 0,
-    borderRightWidth: 'thin'
-  }, ownerState.flexItem && {
-    alignSelf: 'stretch',
-    height: 'auto'
-  });
-}, function (_ref2) {
-  var ownerState = _ref2.ownerState;
-  return extends_extends({}, ownerState.children && {
-    display: 'flex',
-    whiteSpace: 'nowrap',
-    textAlign: 'center',
-    border: 0,
-    '&::before, &::after': {
-      content: '""',
-      alignSelf: 'center'
-    }
-  });
-}, function (_ref3) {
-  var theme = _ref3.theme,
-    ownerState = _ref3.ownerState;
-  return extends_extends({}, ownerState.children && ownerState.orientation !== 'vertical' && {
-    '&::before, &::after': {
-      width: '100%',
-      borderTop: "thin solid ".concat((theme.vars || theme).palette.divider)
-    }
-  });
-}, function (_ref4) {
-  var theme = _ref4.theme,
-    ownerState = _ref4.ownerState;
-  return extends_extends({}, ownerState.children && ownerState.orientation === 'vertical' && {
-    flexDirection: 'column',
-    '&::before, &::after': {
-      height: '100%',
-      borderLeft: "thin solid ".concat((theme.vars || theme).palette.divider)
-    }
-  });
-}, function (_ref5) {
-  var ownerState = _ref5.ownerState;
-  return extends_extends({}, ownerState.textAlign === 'right' && ownerState.orientation !== 'vertical' && {
-    '&::before': {
-      width: '90%'
-    },
-    '&::after': {
-      width: '10%'
-    }
-  }, ownerState.textAlign === 'left' && ownerState.orientation !== 'vertical' && {
-    '&::before': {
-      width: '10%'
-    },
-    '&::after': {
-      width: '90%'
-    }
-  });
-});
-var DividerWrapper = styles_styled('span', {
-  name: 'MuiDivider',
-  slot: 'Wrapper',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.wrapper, ownerState.orientation === 'vertical' && styles.wrapperVertical];
-  }
-})(function (_ref6) {
-  var theme = _ref6.theme,
-    ownerState = _ref6.ownerState;
-  return extends_extends({
-    display: 'inline-block',
-    paddingLeft: "calc(".concat(theme.spacing(1), " * 1.2)"),
-    paddingRight: "calc(".concat(theme.spacing(1), " * 1.2)")
-  }, ownerState.orientation === 'vertical' && {
-    paddingTop: "calc(".concat(theme.spacing(1), " * 1.2)"),
-    paddingBottom: "calc(".concat(theme.spacing(1), " * 1.2)")
-  });
-});
-var Divider = /*#__PURE__*/react.forwardRef(function Divider(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiDivider'
-  });
-  var _props$absolute = props.absolute,
-    absolute = _props$absolute === void 0 ? false : _props$absolute,
-    children = props.children,
-    className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? children ? 'div' : 'hr' : _props$component,
-    _props$flexItem = props.flexItem,
-    flexItem = _props$flexItem === void 0 ? false : _props$flexItem,
-    _props$light = props.light,
-    light = _props$light === void 0 ? false : _props$light,
-    _props$orientation = props.orientation,
-    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
-    _props$role = props.role,
-    role = _props$role === void 0 ? component !== 'hr' ? 'separator' : undefined : _props$role,
-    _props$textAlign = props.textAlign,
-    textAlign = _props$textAlign === void 0 ? 'center' : _props$textAlign,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'fullWidth' : _props$variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Divider_excluded);
-  var ownerState = extends_extends({}, props, {
-    absolute: absolute,
-    component: component,
-    flexItem: flexItem,
-    light: light,
-    orientation: orientation,
-    role: role,
-    textAlign: textAlign,
-    variant: variant
-  });
-  var classes = Divider_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(DividerRoot, extends_extends({
-    as: component,
-    className: clsx_m(classes.root, className),
-    role: role,
-    ref: ref,
-    ownerState: ownerState
-  }, other, {
-    children: children ? /*#__PURE__*/(0,jsx_runtime.jsx)(DividerWrapper, {
-      className: classes.wrapper,
-      ownerState: ownerState,
-      children: children
-    }) : null
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Divider_Divider = (Divider);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useEventCallback.js
-
-/* harmony default export */ var utils_useEventCallback = (useEventCallback);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useIsFocusVisible.js
-// based on https://github.com/WICG/focus-visible/blob/v4.1.5/src/focus-visible.js
-
-var hadKeyboardEvent = true;
-var hadFocusVisibleRecently = false;
-var hadFocusVisibleRecentlyTimeout;
-var inputTypesWhitelist = {
-  text: true,
-  search: true,
-  url: true,
-  tel: true,
-  email: true,
-  password: true,
-  number: true,
-  date: true,
-  month: true,
-  week: true,
-  time: true,
-  datetime: true,
-  'datetime-local': true
-};
-
-/**
- * Computes whether the given element should automatically trigger the
- * `focus-visible` class being added, i.e. whether it should always match
- * `:focus-visible` when focused.
- * @param {Element} node
- * @returns {boolean}
- */
-function focusTriggersKeyboardModality(node) {
-  var type = node.type,
-    tagName = node.tagName;
-  if (tagName === 'INPUT' && inputTypesWhitelist[type] && !node.readOnly) {
-    return true;
-  }
-  if (tagName === 'TEXTAREA' && !node.readOnly) {
-    return true;
-  }
-  if (node.isContentEditable) {
-    return true;
-  }
-  return false;
-}
-
-/**
- * Keep track of our keyboard modality state with `hadKeyboardEvent`.
- * If the most recent user interaction was via the keyboard;
- * and the key press did not include a meta, alt/option, or control key;
- * then the modality is keyboard. Otherwise, the modality is not keyboard.
- * @param {KeyboardEvent} event
- */
-function handleKeyDown(event) {
-  if (event.metaKey || event.altKey || event.ctrlKey) {
-    return;
-  }
-  hadKeyboardEvent = true;
-}
-
-/**
- * If at any point a user clicks with a pointing device, ensure that we change
- * the modality away from keyboard.
- * This avoids the situation where a user presses a key on an already focused
- * element, and then clicks on a different element, focusing it with a
- * pointing device, while we still think we're in keyboard modality.
- */
-function handlePointerDown() {
-  hadKeyboardEvent = false;
-}
-function handleVisibilityChange() {
-  if (this.visibilityState === 'hidden') {
-    // If the tab becomes active again, the browser will handle calling focus
-    // on the element (Safari actually calls it twice).
-    // If this tab change caused a blur on an element with focus-visible,
-    // re-apply the class when the user switches back to the tab.
-    if (hadFocusVisibleRecently) {
-      hadKeyboardEvent = true;
-    }
-  }
-}
-function prepare(doc) {
-  doc.addEventListener('keydown', handleKeyDown, true);
-  doc.addEventListener('mousedown', handlePointerDown, true);
-  doc.addEventListener('pointerdown', handlePointerDown, true);
-  doc.addEventListener('touchstart', handlePointerDown, true);
-  doc.addEventListener('visibilitychange', handleVisibilityChange, true);
-}
-function teardown(doc) {
-  doc.removeEventListener('keydown', handleKeyDown, true);
-  doc.removeEventListener('mousedown', handlePointerDown, true);
-  doc.removeEventListener('pointerdown', handlePointerDown, true);
-  doc.removeEventListener('touchstart', handlePointerDown, true);
-  doc.removeEventListener('visibilitychange', handleVisibilityChange, true);
-}
-function isFocusVisible(event) {
-  var target = event.target;
-  try {
-    return target.matches(':focus-visible');
-  } catch (error) {
-    // Browsers not implementing :focus-visible will throw a SyntaxError.
-    // We use our own heuristic for those browsers.
-    // Rethrow might be better if it's not the expected error but do we really
-    // want to crash if focus-visible malfunctioned?
-  }
-
-  // No need for validFocusTarget check. The user does that by attaching it to
-  // focusable events only.
-  return hadKeyboardEvent || focusTriggersKeyboardModality(target);
-}
-function useIsFocusVisible() {
-  var ref = react.useCallback(function (node) {
-    if (node != null) {
-      prepare(node.ownerDocument);
-    }
-  }, []);
-  var isFocusVisibleRef = react.useRef(false);
-
-  /**
-   * Should be called if a blur event is fired
-   */
-  function handleBlurVisible() {
-    // checking against potential state variable does not suffice if we focus and blur synchronously.
-    // React wouldn't have time to trigger a re-render so `focusVisible` would be stale.
-    // Ideally we would adjust `isFocusVisible(event)` to look at `relatedTarget` for blur events.
-    // This doesn't work in IE11 due to https://github.com/facebook/react/issues/3751
-    // TODO: check again if React releases their internal changes to focus event handling (https://github.com/facebook/react/pull/19186).
-    if (isFocusVisibleRef.current) {
-      // To detect a tab/window switch, we look for a blur event followed
-      // rapidly by a visibility change.
-      // If we don't see a visibility change within 100ms, it's probably a
-      // regular focus change.
-      hadFocusVisibleRecently = true;
-      window.clearTimeout(hadFocusVisibleRecentlyTimeout);
-      hadFocusVisibleRecentlyTimeout = window.setTimeout(function () {
-        hadFocusVisibleRecently = false;
-      }, 100);
-      isFocusVisibleRef.current = false;
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Should be called if a blur event is fired
-   */
-  function handleFocusVisible(event) {
-    if (isFocusVisible(event)) {
-      isFocusVisibleRef.current = true;
-      return true;
-    }
-    return false;
-  }
-  return {
-    isFocusVisibleRef: isFocusVisibleRef,
-    onFocus: handleFocusVisible,
-    onBlur: handleBlurVisible,
-    ref: ref
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useIsFocusVisible.js
-
-/* harmony default export */ var utils_useIsFocusVisible = (useIsFocusVisible);
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/taggedTemplateLiteral.js
-function _taggedTemplateLiteral(strings, raw) {
-  if (!raw) {
-    raw = strings.slice(0);
-  }
-  return Object.freeze(Object.defineProperties(strings, {
-    raw: {
-      value: Object.freeze(raw)
-    }
-  }));
-}
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/utils/ChildMapping.js
-
-/**
- * Given `this.props.children`, return an object mapping key to child.
- *
- * @param {*} children `this.props.children`
- * @return {object} Mapping of key to child
- */
-
-function getChildMapping(children, mapFn) {
-  var mapper = function mapper(child) {
-    return mapFn && (0,react.isValidElement)(child) ? mapFn(child) : child;
-  };
-  var result = Object.create(null);
-  if (children) react.Children.map(children, function (c) {
-    return c;
-  }).forEach(function (child) {
-    // run the map function here instead so that the key is the computed one
-    result[child.key] = mapper(child);
-  });
-  return result;
-}
-/**
- * When you're adding or removing children some may be added or removed in the
- * same render pass. We want to show *both* since we want to simultaneously
- * animate elements in and out. This function takes a previous set of keys
- * and a new set of keys and merges them with its best guess of the correct
- * ordering. In the future we may expose some of the utilities in
- * ReactMultiChild to make this easy, but for now React itself does not
- * directly have this concept of the union of prevChildren and nextChildren
- * so we implement it here.
- *
- * @param {object} prev prev children as returned from
- * `ReactTransitionChildMapping.getChildMapping()`.
- * @param {object} next next children as returned from
- * `ReactTransitionChildMapping.getChildMapping()`.
- * @return {object} a key set that contains all keys in `prev` and all keys
- * in `next` in a reasonable order.
- */
-
-function mergeChildMappings(prev, next) {
-  prev = prev || {};
-  next = next || {};
-  function getValueForKey(key) {
-    return key in next ? next[key] : prev[key];
-  } // For each key of `next`, the list of keys to insert before that key in
-  // the combined list
-
-  var nextKeysPending = Object.create(null);
-  var pendingKeys = [];
-  for (var prevKey in prev) {
-    if (prevKey in next) {
-      if (pendingKeys.length) {
-        nextKeysPending[prevKey] = pendingKeys;
-        pendingKeys = [];
-      }
-    } else {
-      pendingKeys.push(prevKey);
-    }
-  }
-  var i;
-  var childMapping = {};
-  for (var nextKey in next) {
-    if (nextKeysPending[nextKey]) {
-      for (i = 0; i < nextKeysPending[nextKey].length; i++) {
-        var pendingNextKey = nextKeysPending[nextKey][i];
-        childMapping[nextKeysPending[nextKey][i]] = getValueForKey(pendingNextKey);
-      }
-    }
-    childMapping[nextKey] = getValueForKey(nextKey);
-  } // Finally, add the keys which didn't appear before any key in `next`
-
-  for (i = 0; i < pendingKeys.length; i++) {
-    childMapping[pendingKeys[i]] = getValueForKey(pendingKeys[i]);
-  }
-  return childMapping;
-}
-function getProp(child, prop, props) {
-  return props[prop] != null ? props[prop] : child.props[prop];
-}
-function getInitialChildMapping(props, onExited) {
-  return getChildMapping(props.children, function (child) {
-    return (0,react.cloneElement)(child, {
-      onExited: onExited.bind(null, child),
-      in: true,
-      appear: getProp(child, 'appear', props),
-      enter: getProp(child, 'enter', props),
-      exit: getProp(child, 'exit', props)
-    });
-  });
-}
-function getNextChildMapping(nextProps, prevChildMapping, onExited) {
-  var nextChildMapping = getChildMapping(nextProps.children);
-  var children = mergeChildMappings(prevChildMapping, nextChildMapping);
-  Object.keys(children).forEach(function (key) {
-    var child = children[key];
-    if (!(0,react.isValidElement)(child)) return;
-    var hasPrev = (key in prevChildMapping);
-    var hasNext = (key in nextChildMapping);
-    var prevChild = prevChildMapping[key];
-    var isLeaving = (0,react.isValidElement)(prevChild) && !prevChild.props.in; // item is new (entering)
-
-    if (hasNext && (!hasPrev || isLeaving)) {
-      // console.log('entering', key)
-      children[key] = (0,react.cloneElement)(child, {
-        onExited: onExited.bind(null, child),
-        in: true,
-        exit: getProp(child, 'exit', nextProps),
-        enter: getProp(child, 'enter', nextProps)
-      });
-    } else if (!hasNext && hasPrev && !isLeaving) {
-      // item is old (exiting)
-      // console.log('leaving', key)
-      children[key] = (0,react.cloneElement)(child, {
-        in: false
-      });
-    } else if (hasNext && hasPrev && (0,react.isValidElement)(prevChild)) {
-      // item hasn't changed transition states
-      // copy over the last transition props;
-      // console.log('unchanged', key)
-      children[key] = (0,react.cloneElement)(child, {
-        onExited: onExited.bind(null, child),
-        in: prevChild.props.in,
-        exit: getProp(child, 'exit', nextProps),
-        enter: getProp(child, 'enter', nextProps)
-      });
-    }
-  });
-  return children;
-}
-;// CONCATENATED MODULE: ./node_modules/react-transition-group/esm/TransitionGroup.js
-
-
-
-
-
-
-
-
-var TransitionGroup_values = Object.values || function (obj) {
-  return Object.keys(obj).map(function (k) {
-    return obj[k];
-  });
-};
-var defaultProps = {
-  component: 'div',
-  childFactory: function childFactory(child) {
-    return child;
-  }
-};
-/**
- * The `<TransitionGroup>` component manages a set of transition components
- * (`<Transition>` and `<CSSTransition>`) in a list. Like with the transition
- * components, `<TransitionGroup>` is a state machine for managing the mounting
- * and unmounting of components over time.
- *
- * Consider the example below. As items are removed or added to the TodoList the
- * `in` prop is toggled automatically by the `<TransitionGroup>`.
- *
- * Note that `<TransitionGroup>`  does not define any animation behavior!
- * Exactly _how_ a list item animates is up to the individual transition
- * component. This means you can mix and match animations across different list
- * items.
- */
-
-var TransitionGroup = /*#__PURE__*/function (_React$Component) {
-  _inheritsLoose(TransitionGroup, _React$Component);
-  function TransitionGroup(props, context) {
-    var _this;
-    _this = _React$Component.call(this, props, context) || this;
-    var handleExited = _this.handleExited.bind(_assertThisInitialized(_this)); // Initial children should all be entering, dependent on appear
-
-    _this.state = {
-      contextValue: {
-        isMounting: true
-      },
-      handleExited: handleExited,
-      firstRender: true
-    };
-    return _this;
-  }
-  var _proto = TransitionGroup.prototype;
-  _proto.componentDidMount = function componentDidMount() {
-    this.mounted = true;
-    this.setState({
-      contextValue: {
-        isMounting: false
-      }
-    });
-  };
-  _proto.componentWillUnmount = function componentWillUnmount() {
-    this.mounted = false;
-  };
-  TransitionGroup.getDerivedStateFromProps = function getDerivedStateFromProps(nextProps, _ref) {
-    var prevChildMapping = _ref.children,
-      handleExited = _ref.handleExited,
-      firstRender = _ref.firstRender;
-    return {
-      children: firstRender ? getInitialChildMapping(nextProps, handleExited) : getNextChildMapping(nextProps, prevChildMapping, handleExited),
-      firstRender: false
-    };
-  } // node is `undefined` when user provided `nodeRef` prop
-  ;
-
-  _proto.handleExited = function handleExited(child, node) {
-    var currentChildMapping = getChildMapping(this.props.children);
-    if (child.key in currentChildMapping) return;
-    if (child.props.onExited) {
-      child.props.onExited(node);
-    }
-    if (this.mounted) {
-      this.setState(function (state) {
-        var children = extends_extends({}, state.children);
-        delete children[child.key];
-        return {
-          children: children
-        };
-      });
-    }
-  };
-  _proto.render = function render() {
-    var _this$props = this.props,
-      Component = _this$props.component,
-      childFactory = _this$props.childFactory,
-      props = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_this$props, ["component", "childFactory"]);
-    var contextValue = this.state.contextValue;
-    var children = TransitionGroup_values(this.state.children).map(childFactory);
-    delete props.appear;
-    delete props.enter;
-    delete props.exit;
-    if (Component === null) {
-      return /*#__PURE__*/react.createElement(TransitionGroupContext.Provider, {
-        value: contextValue
-      }, children);
-    }
-    return /*#__PURE__*/react.createElement(TransitionGroupContext.Provider, {
-      value: contextValue
-    }, /*#__PURE__*/react.createElement(Component, props, children));
-  };
-  return TransitionGroup;
-}(react.Component);
-TransitionGroup.propTypes =  false ? 0 : {};
-TransitionGroup.defaultProps = defaultProps;
-/* harmony default export */ var esm_TransitionGroup = (TransitionGroup);
-// EXTERNAL MODULE: ./node_modules/hoist-non-react-statics/dist/hoist-non-react-statics.cjs.js
-var hoist_non_react_statics_cjs = __webpack_require__(110);
-;// CONCATENATED MODULE: ./node_modules/@emotion/react/dist/emotion-react.browser.esm.js
-
-
-
-
-
-
-
-
-
-
-
-var pkg = {
-  name: "@emotion/react",
-  version: "11.11.1",
-  main: "dist/emotion-react.cjs.js",
-  module: "dist/emotion-react.esm.js",
-  browser: {
-    "./dist/emotion-react.esm.js": "./dist/emotion-react.browser.esm.js"
-  },
-  exports: {
-    ".": {
-      module: {
-        worker: "./dist/emotion-react.worker.esm.js",
-        browser: "./dist/emotion-react.browser.esm.js",
-        "default": "./dist/emotion-react.esm.js"
-      },
-      "import": "./dist/emotion-react.cjs.mjs",
-      "default": "./dist/emotion-react.cjs.js"
-    },
-    "./jsx-runtime": {
-      module: {
-        worker: "./jsx-runtime/dist/emotion-react-jsx-runtime.worker.esm.js",
-        browser: "./jsx-runtime/dist/emotion-react-jsx-runtime.browser.esm.js",
-        "default": "./jsx-runtime/dist/emotion-react-jsx-runtime.esm.js"
-      },
-      "import": "./jsx-runtime/dist/emotion-react-jsx-runtime.cjs.mjs",
-      "default": "./jsx-runtime/dist/emotion-react-jsx-runtime.cjs.js"
-    },
-    "./_isolated-hnrs": {
-      module: {
-        worker: "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.worker.esm.js",
-        browser: "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.browser.esm.js",
-        "default": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.esm.js"
-      },
-      "import": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.cjs.mjs",
-      "default": "./_isolated-hnrs/dist/emotion-react-_isolated-hnrs.cjs.js"
-    },
-    "./jsx-dev-runtime": {
-      module: {
-        worker: "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.worker.esm.js",
-        browser: "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.browser.esm.js",
-        "default": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.esm.js"
-      },
-      "import": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.cjs.mjs",
-      "default": "./jsx-dev-runtime/dist/emotion-react-jsx-dev-runtime.cjs.js"
-    },
-    "./package.json": "./package.json",
-    "./types/css-prop": "./types/css-prop.d.ts",
-    "./macro": {
-      types: {
-        "import": "./macro.d.mts",
-        "default": "./macro.d.ts"
-      },
-      "default": "./macro.js"
-    }
-  },
-  types: "types/index.d.ts",
-  files: ["src", "dist", "jsx-runtime", "jsx-dev-runtime", "_isolated-hnrs", "types/*.d.ts", "macro.*"],
-  sideEffects: false,
-  author: "Emotion Contributors",
-  license: "MIT",
-  scripts: {
-    "test:typescript": "dtslint types"
-  },
-  dependencies: {
-    "@babel/runtime": "^7.18.3",
-    "@emotion/babel-plugin": "^11.11.0",
-    "@emotion/cache": "^11.11.0",
-    "@emotion/serialize": "^1.1.2",
-    "@emotion/use-insertion-effect-with-fallbacks": "^1.0.1",
-    "@emotion/utils": "^1.2.1",
-    "@emotion/weak-memoize": "^0.3.1",
-    "hoist-non-react-statics": "^3.3.1"
-  },
-  peerDependencies: {
-    react: ">=16.8.0"
-  },
-  peerDependenciesMeta: {
-    "@types/react": {
-      optional: true
-    }
-  },
-  devDependencies: {
-    "@definitelytyped/dtslint": "0.0.112",
-    "@emotion/css": "11.11.0",
-    "@emotion/css-prettifier": "1.1.3",
-    "@emotion/server": "11.11.0",
-    "@emotion/styled": "11.11.0",
-    "html-tag-names": "^1.1.2",
-    react: "16.14.0",
-    "svg-tag-names": "^1.1.1",
-    typescript: "^4.5.5"
-  },
-  repository: "https://github.com/emotion-js/emotion/tree/main/packages/react",
-  publishConfig: {
-    access: "public"
-  },
-  "umd:main": "dist/emotion-react.umd.min.js",
-  preconstruct: {
-    entrypoints: ["./index.js", "./jsx-runtime.js", "./jsx-dev-runtime.js", "./_isolated-hnrs.js"],
-    umdName: "emotionReact",
-    exports: {
-      envConditions: ["browser", "worker"],
-      extra: {
-        "./types/css-prop": "./types/css-prop.d.ts",
-        "./macro": {
-          types: {
-            "import": "./macro.d.mts",
-            "default": "./macro.d.ts"
-          },
-          "default": "./macro.js"
-        }
-      }
-    }
-  }
-};
-var jsx = function jsx(type, props) {
-  var args = arguments;
-  if (props == null || !hasOwnProperty.call(props, 'css')) {
-    // $FlowFixMe
-    return React.createElement.apply(undefined, args);
-  }
-  var argsLength = args.length;
-  var createElementArgArray = new Array(argsLength);
-  createElementArgArray[0] = Emotion;
-  createElementArgArray[1] = createEmotionProps(type, props);
-  for (var i = 2; i < argsLength; i++) {
-    createElementArgArray[i] = args[i];
-  } // $FlowFixMe
-
-  return React.createElement.apply(null, createElementArgArray);
-};
-var warnedAboutCssPropForGlobal = false; // maintain place over rerenders.
-// initial render from browser, insertBefore context.sheet.tags[0] or if a style hasn't been inserted there yet, appendChild
-// initial client-side render from SSR, use place of hydrating tag
-
-var Global = /* #__PURE__ */(/* unused pure expression or super */ null && (withEmotionCache(function (props, cache) {
-  if (false) {}
-  var styles = props.styles;
-  var serialized = serializeStyles([styles], undefined, React.useContext(ThemeContext));
-  if (!isBrowser$1) {
-    var _ref;
-    var serializedNames = serialized.name;
-    var serializedStyles = serialized.styles;
-    var next = serialized.next;
-    while (next !== undefined) {
-      serializedNames += ' ' + next.name;
-      serializedStyles += next.styles;
-      next = next.next;
-    }
-    var shouldCache = cache.compat === true;
-    var rules = cache.insert("", {
-      name: serializedNames,
-      styles: serializedStyles
-    }, cache.sheet, shouldCache);
-    if (shouldCache) {
-      return null;
-    }
-    return /*#__PURE__*/React.createElement("style", (_ref = {}, _ref["data-emotion"] = cache.key + "-global " + serializedNames, _ref.dangerouslySetInnerHTML = {
-      __html: rules
-    }, _ref.nonce = cache.sheet.nonce, _ref));
-  } // yes, i know these hooks are used conditionally
-  // but it is based on a constant that will never change at runtime
-  // it's effectively like having two implementations and switching them out
-  // so it's not actually breaking anything
-
-  var sheetRef = React.useRef();
-  useInsertionEffectWithLayoutFallback(function () {
-    var key = cache.key + "-global"; // use case of https://github.com/emotion-js/emotion/issues/2675
-
-    var sheet = new cache.sheet.constructor({
-      key: key,
-      nonce: cache.sheet.nonce,
-      container: cache.sheet.container,
-      speedy: cache.sheet.isSpeedy
-    });
-    var rehydrating = false; // $FlowFixMe
-
-    var node = document.querySelector("style[data-emotion=\"" + key + " " + serialized.name + "\"]");
-    if (cache.sheet.tags.length) {
-      sheet.before = cache.sheet.tags[0];
-    }
-    if (node !== null) {
-      rehydrating = true; // clear the hash so this node won't be recognizable as rehydratable by other <Global/>s
-
-      node.setAttribute('data-emotion', key);
-      sheet.hydrate([node]);
-    }
-    sheetRef.current = [sheet, rehydrating];
-    return function () {
-      sheet.flush();
-    };
-  }, [cache]);
-  useInsertionEffectWithLayoutFallback(function () {
-    var sheetRefCurrent = sheetRef.current;
-    var sheet = sheetRefCurrent[0],
-      rehydrating = sheetRefCurrent[1];
-    if (rehydrating) {
-      sheetRefCurrent[1] = false;
-      return;
-    }
-    if (serialized.next !== undefined) {
-      // insert keyframes
-      insertStyles(cache, serialized.next, true);
-    }
-    if (sheet.tags.length) {
-      // if this doesn't exist then it will be null so the style element will be appended
-      var element = sheet.tags[sheet.tags.length - 1].nextElementSibling;
-      sheet.before = element;
-      sheet.flush();
-    }
-    cache.insert("", serialized, sheet, false);
-  }, [cache, serialized.name]);
-  return null;
-})));
-if (false) {}
-function css() {
-  for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
-    args[_key] = arguments[_key];
-  }
-  return emotion_serialize_browser_esm_serializeStyles(args);
-}
-var keyframes = function keyframes() {
-  var insertable = css.apply(void 0, arguments);
-  var name = "animation-" + insertable.name; // $FlowFixMe
-
-  return {
-    name: name,
-    styles: "@keyframes " + name + "{" + insertable.styles + "}",
-    anim: 1,
-    toString: function toString() {
-      return "_EMO_" + this.name + "_" + this.styles + "_EMO_";
-    }
-  };
-};
-var classnames = function classnames(args) {
-  var len = args.length;
-  var i = 0;
-  var cls = '';
-  for (; i < len; i++) {
-    var arg = args[i];
-    if (arg == null) continue;
-    var toAdd = void 0;
-    switch (typeof arg) {
-      case 'boolean':
-        break;
-      case 'object':
-        {
-          if (Array.isArray(arg)) {
-            toAdd = classnames(arg);
-          } else {
-            if (false) {}
-            toAdd = '';
-            for (var k in arg) {
-              if (arg[k] && k) {
-                toAdd && (toAdd += ' ');
-                toAdd += k;
-              }
-            }
-          }
-          break;
-        }
-      default:
-        {
-          toAdd = arg;
-        }
-    }
-    if (toAdd) {
-      cls && (cls += ' ');
-      cls += toAdd;
-    }
-  }
-  return cls;
-};
-function emotion_react_browser_esm_merge(registered, css, className) {
-  var registeredStyles = [];
-  var rawClassName = getRegisteredStyles(registered, registeredStyles, className);
-  if (registeredStyles.length < 2) {
-    return className;
-  }
-  return rawClassName + css(registeredStyles);
-}
-var emotion_react_browser_esm_Insertion = function Insertion(_ref) {
-  var cache = _ref.cache,
-    serializedArr = _ref.serializedArr;
-  useInsertionEffectAlwaysWithSyncFallback(function () {
-    for (var i = 0; i < serializedArr.length; i++) {
-      insertStyles(cache, serializedArr[i], false);
-    }
-  });
-  return null;
-};
-var ClassNames = /* #__PURE__ */(/* unused pure expression or super */ null && (withEmotionCache(function (props, cache) {
-  var hasRendered = false;
-  var serializedArr = [];
-  var css = function css() {
-    if (hasRendered && "production" !== 'production') {}
-    for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
-      args[_key] = arguments[_key];
-    }
-    var serialized = serializeStyles(args, cache.registered);
-    serializedArr.push(serialized); // registration has to happen here as the result of this might get consumed by `cx`
-
-    registerStyles(cache, serialized, false);
-    return cache.key + "-" + serialized.name;
-  };
-  var cx = function cx() {
-    if (hasRendered && "production" !== 'production') {}
-    for (var _len2 = arguments.length, args = new Array(_len2), _key2 = 0; _key2 < _len2; _key2++) {
-      args[_key2] = arguments[_key2];
-    }
-    return emotion_react_browser_esm_merge(cache.registered, css, classnames(args));
-  };
-  var content = {
-    css: css,
-    cx: cx,
-    theme: React.useContext(ThemeContext)
-  };
-  var ele = props.children(content);
-  hasRendered = true;
-  return /*#__PURE__*/React.createElement(React.Fragment, null, /*#__PURE__*/React.createElement(emotion_react_browser_esm_Insertion, {
-    cache: cache,
-    serializedArr: serializedArr
-  }), ele);
-})));
-if (false) {}
-if (false) { var globalKey, globalContext, isTestEnv, emotion_react_browser_esm_isBrowser; }
-
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/Ripple.js
-
-
-
-
-
-/**
- * @ignore - internal component.
- */
-
-function Ripple(props) {
-  var className = props.className,
-    classes = props.classes,
-    _props$pulsate = props.pulsate,
-    pulsate = _props$pulsate === void 0 ? false : _props$pulsate,
-    rippleX = props.rippleX,
-    rippleY = props.rippleY,
-    rippleSize = props.rippleSize,
-    inProp = props.in,
-    onExited = props.onExited,
-    timeout = props.timeout;
-  var _React$useState = react.useState(false),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    leaving = _React$useState2[0],
-    setLeaving = _React$useState2[1];
-  var rippleClassName = clsx_m(className, classes.ripple, classes.rippleVisible, pulsate && classes.ripplePulsate);
-  var rippleStyles = {
-    width: rippleSize,
-    height: rippleSize,
-    top: -(rippleSize / 2) + rippleY,
-    left: -(rippleSize / 2) + rippleX
-  };
-  var childClassName = clsx_m(classes.child, leaving && classes.childLeaving, pulsate && classes.childPulsate);
-  if (!inProp && !leaving) {
-    setLeaving(true);
-  }
-  react.useEffect(function () {
-    if (!inProp && onExited != null) {
-      // react-transition-group#onExited
-      var timeoutId = setTimeout(onExited, timeout);
-      return function () {
-        clearTimeout(timeoutId);
-      };
-    }
-    return undefined;
-  }, [onExited, inProp, timeout]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)("span", {
-    className: rippleClassName,
-    style: rippleStyles,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)("span", {
-      className: childClassName
-    })
-  });
-}
- false ? 0 : void 0;
-/* harmony default export */ var ButtonBase_Ripple = (Ripple);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/touchRippleClasses.js
-
-
-function getTouchRippleUtilityClass(slot) {
-  return generateUtilityClass('MuiTouchRipple', slot);
-}
-var touchRippleClasses = generateUtilityClasses('MuiTouchRipple', ['root', 'ripple', 'rippleVisible', 'ripplePulsate', 'child', 'childLeaving', 'childPulsate']);
-/* harmony default export */ var ButtonBase_touchRippleClasses = (touchRippleClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/TouchRipple.js
-
-
-
-var _templateObject, _templateObject2, _templateObject3, _templateObject4;
-
-
-var TouchRipple_excluded = ["center", "classes", "className"];
-var _ = function _(t) {
-    return t;
-  },
-  _t,
-  _t2,
-  _t3,
-  _t4;
-
-
-
-
-
-
-
-
-
-
-var DURATION = 550;
-var DELAY_RIPPLE = 80;
-var enterKeyframe = keyframes(_t || (_t = _(_templateObject || (_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: scale(0);\n    opacity: 0.1;\n  }\n\n  100% {\n    transform: scale(1);\n    opacity: 0.3;\n  }\n"])))));
-var exitKeyframe = keyframes(_t2 || (_t2 = _(_templateObject2 || (_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    opacity: 1;\n  }\n\n  100% {\n    opacity: 0;\n  }\n"])))));
-var pulsateKeyframe = keyframes(_t3 || (_t3 = _(_templateObject3 || (_templateObject3 = _taggedTemplateLiteral(["\n  0% {\n    transform: scale(1);\n  }\n\n  50% {\n    transform: scale(0.92);\n  }\n\n  100% {\n    transform: scale(1);\n  }\n"])))));
-var TouchRippleRoot = styles_styled('span', {
-  name: 'MuiTouchRipple',
-  slot: 'Root'
-})({
-  overflow: 'hidden',
-  pointerEvents: 'none',
-  position: 'absolute',
-  zIndex: 0,
-  top: 0,
-  right: 0,
-  bottom: 0,
-  left: 0,
-  borderRadius: 'inherit'
-});
-
-// This `styled()` function invokes keyframes. `styled-components` only supports keyframes
-// in string templates. Do not convert these styles in JS object as it will break.
-var TouchRippleRipple = styles_styled(ButtonBase_Ripple, {
-  name: 'MuiTouchRipple',
-  slot: 'Ripple'
-})(_t4 || (_t4 = _(_templateObject4 || (_templateObject4 = _taggedTemplateLiteral(["\n  opacity: 0;\n  position: absolute;\n\n  &.", " {\n    opacity: 0.3;\n    transform: scale(1);\n    animation-name: ", ";\n    animation-duration: ", "ms;\n    animation-timing-function: ", ";\n  }\n\n  &.", " {\n    animation-duration: ", "ms;\n  }\n\n  & .", " {\n    opacity: 1;\n    display: block;\n    width: 100%;\n    height: 100%;\n    border-radius: 50%;\n    background-color: currentColor;\n  }\n\n  & .", " {\n    opacity: 0;\n    animation-name: ", ";\n    animation-duration: ", "ms;\n    animation-timing-function: ", ";\n  }\n\n  & .", " {\n    position: absolute;\n    /* @noflip */\n    left: 0px;\n    top: 0;\n    animation-name: ", ";\n    animation-duration: 2500ms;\n    animation-timing-function: ", ";\n    animation-iteration-count: infinite;\n    animation-delay: 200ms;\n  }\n"])), 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)), ButtonBase_touchRippleClasses.rippleVisible, enterKeyframe, DURATION, function (_ref) {
-  var theme = _ref.theme;
-  return theme.transitions.easing.easeInOut;
-}, ButtonBase_touchRippleClasses.ripplePulsate, function (_ref2) {
-  var theme = _ref2.theme;
-  return theme.transitions.duration.shorter;
-}, ButtonBase_touchRippleClasses.child, ButtonBase_touchRippleClasses.childLeaving, exitKeyframe, DURATION, function (_ref3) {
-  var theme = _ref3.theme;
-  return theme.transitions.easing.easeInOut;
-}, ButtonBase_touchRippleClasses.childPulsate, pulsateKeyframe, function (_ref4) {
-  var theme = _ref4.theme;
-  return theme.transitions.easing.easeInOut;
-});
-
-/**
- * @ignore - internal component.
- *
- * TODO v5: Make private
- */
-var TouchRipple = /*#__PURE__*/react.forwardRef(function TouchRipple(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTouchRipple'
-  });
-  var _props$center = props.center,
-    centerProp = _props$center === void 0 ? false : _props$center,
-    _props$classes = props.classes,
-    classes = _props$classes === void 0 ? {} : _props$classes,
-    className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TouchRipple_excluded);
-  var _React$useState = react.useState([]),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    ripples = _React$useState2[0],
-    setRipples = _React$useState2[1];
-  var nextKey = react.useRef(0);
-  var rippleCallback = react.useRef(null);
-  react.useEffect(function () {
-    if (rippleCallback.current) {
-      rippleCallback.current();
-      rippleCallback.current = null;
-    }
-  }, [ripples]);
-
-  // Used to filter out mouse emulated events on mobile.
-  var ignoringMouseDown = react.useRef(false);
-  // We use a timer in order to only show the ripples for touch "click" like events.
-  // We don't want to display the ripple for touch scroll events.
-  var startTimer = react.useRef(null);
-
-  // This is the hook called once the previous timeout is ready.
-  var startTimerCommit = react.useRef(null);
-  var container = react.useRef(null);
-  react.useEffect(function () {
-    return function () {
-      clearTimeout(startTimer.current);
-    };
-  }, []);
-  var startCommit = react.useCallback(function (params) {
-    var pulsate = params.pulsate,
-      rippleX = params.rippleX,
-      rippleY = params.rippleY,
-      rippleSize = params.rippleSize,
-      cb = params.cb;
-    setRipples(function (oldRipples) {
-      return [].concat(toConsumableArray_toConsumableArray(oldRipples), [/*#__PURE__*/(0,jsx_runtime.jsx)(TouchRippleRipple, {
-        classes: {
-          ripple: clsx_m(classes.ripple, ButtonBase_touchRippleClasses.ripple),
-          rippleVisible: clsx_m(classes.rippleVisible, ButtonBase_touchRippleClasses.rippleVisible),
-          ripplePulsate: clsx_m(classes.ripplePulsate, ButtonBase_touchRippleClasses.ripplePulsate),
-          child: clsx_m(classes.child, ButtonBase_touchRippleClasses.child),
-          childLeaving: clsx_m(classes.childLeaving, ButtonBase_touchRippleClasses.childLeaving),
-          childPulsate: clsx_m(classes.childPulsate, ButtonBase_touchRippleClasses.childPulsate)
-        },
-        timeout: DURATION,
-        pulsate: pulsate,
-        rippleX: rippleX,
-        rippleY: rippleY,
-        rippleSize: rippleSize
-      }, nextKey.current)]);
-    });
-    nextKey.current += 1;
-    rippleCallback.current = cb;
-  }, [classes]);
-  var start = react.useCallback(function () {
-    var event = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-    var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-    var cb = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : function () {};
-    var _options$pulsate = options.pulsate,
-      pulsate = _options$pulsate === void 0 ? false : _options$pulsate,
-      _options$center = options.center,
-      center = _options$center === void 0 ? centerProp || options.pulsate : _options$center,
-      _options$fakeElement = options.fakeElement,
-      fakeElement = _options$fakeElement === void 0 ? false : _options$fakeElement;
-    if ((event == null ? void 0 : event.type) === 'mousedown' && ignoringMouseDown.current) {
-      ignoringMouseDown.current = false;
-      return;
-    }
-    if ((event == null ? void 0 : event.type) === 'touchstart') {
-      ignoringMouseDown.current = true;
-    }
-    var element = fakeElement ? null : container.current;
-    var rect = element ? element.getBoundingClientRect() : {
-      width: 0,
-      height: 0,
-      left: 0,
-      top: 0
-    };
-
-    // Get the size of the ripple
-    var rippleX;
-    var rippleY;
-    var rippleSize;
-    if (center || event === undefined || event.clientX === 0 && event.clientY === 0 || !event.clientX && !event.touches) {
-      rippleX = Math.round(rect.width / 2);
-      rippleY = Math.round(rect.height / 2);
-    } else {
-      var _ref5 = event.touches && event.touches.length > 0 ? event.touches[0] : event,
-        clientX = _ref5.clientX,
-        clientY = _ref5.clientY;
-      rippleX = Math.round(clientX - rect.left);
-      rippleY = Math.round(clientY - rect.top);
-    }
-    if (center) {
-      rippleSize = Math.sqrt((2 * Math.pow(rect.width, 2) + Math.pow(rect.height, 2)) / 3);
-
-      // For some reason the animation is broken on Mobile Chrome if the size is even.
-      if (rippleSize % 2 === 0) {
-        rippleSize += 1;
-      }
-    } else {
-      var sizeX = Math.max(Math.abs((element ? element.clientWidth : 0) - rippleX), rippleX) * 2 + 2;
-      var sizeY = Math.max(Math.abs((element ? element.clientHeight : 0) - rippleY), rippleY) * 2 + 2;
-      rippleSize = Math.sqrt(Math.pow(sizeX, 2) + Math.pow(sizeY, 2));
-    }
-
-    // Touche devices
-    if (event != null && event.touches) {
-      // check that this isn't another touchstart due to multitouch
-      // otherwise we will only clear a single timer when unmounting while two
-      // are running
-      if (startTimerCommit.current === null) {
-        // Prepare the ripple effect.
-        startTimerCommit.current = function () {
-          startCommit({
-            pulsate: pulsate,
-            rippleX: rippleX,
-            rippleY: rippleY,
-            rippleSize: rippleSize,
-            cb: cb
-          });
-        };
-        // Delay the execution of the ripple effect.
-        startTimer.current = setTimeout(function () {
-          if (startTimerCommit.current) {
-            startTimerCommit.current();
-            startTimerCommit.current = null;
-          }
-        }, DELAY_RIPPLE); // We have to make a tradeoff with this value.
-      }
-    } else {
-      startCommit({
-        pulsate: pulsate,
-        rippleX: rippleX,
-        rippleY: rippleY,
-        rippleSize: rippleSize,
-        cb: cb
-      });
-    }
-  }, [centerProp, startCommit]);
-  var pulsate = react.useCallback(function () {
-    start({}, {
-      pulsate: true
-    });
-  }, [start]);
-  var stop = react.useCallback(function (event, cb) {
-    clearTimeout(startTimer.current);
-
-    // The touch interaction occurs too quickly.
-    // We still want to show ripple effect.
-    if ((event == null ? void 0 : event.type) === 'touchend' && startTimerCommit.current) {
-      startTimerCommit.current();
-      startTimerCommit.current = null;
-      startTimer.current = setTimeout(function () {
-        stop(event, cb);
-      });
-      return;
-    }
-    startTimerCommit.current = null;
-    setRipples(function (oldRipples) {
-      if (oldRipples.length > 0) {
-        return oldRipples.slice(1);
-      }
-      return oldRipples;
-    });
-    rippleCallback.current = cb;
-  }, []);
-  react.useImperativeHandle(ref, function () {
-    return {
-      pulsate: pulsate,
-      start: start,
-      stop: stop
-    };
-  }, [pulsate, start, stop]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TouchRippleRoot, extends_extends({
-    className: clsx_m(ButtonBase_touchRippleClasses.root, classes.root, className),
-    ref: container
-  }, other, {
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(esm_TransitionGroup, {
-      component: null,
-      exit: true,
-      children: ripples
-    })
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var ButtonBase_TouchRipple = (TouchRipple);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/buttonBaseClasses.js
-
-
-function getButtonBaseUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiButtonBase', slot);
-}
-var buttonBaseClasses = generateUtilityClasses('MuiButtonBase', ['root', 'disabled', 'focusVisible']);
-/* harmony default export */ var ButtonBase_buttonBaseClasses = (buttonBaseClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ButtonBase/ButtonBase.js
-
-
-var _styled;
-
-
-var ButtonBase_excluded = ["action", "centerRipple", "children", "className", "component", "disabled", "disableRipple", "disableTouchRipple", "focusRipple", "focusVisibleClassName", "LinkComponent", "onBlur", "onClick", "onContextMenu", "onDragLeave", "onFocus", "onFocusVisible", "onKeyDown", "onKeyUp", "onMouseDown", "onMouseLeave", "onMouseUp", "onTouchEnd", "onTouchMove", "onTouchStart", "tabIndex", "TouchRippleProps", "touchRippleRef", "type"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var ButtonBase_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var disabled = ownerState.disabled,
-    focusVisible = ownerState.focusVisible,
-    focusVisibleClassName = ownerState.focusVisibleClassName,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', disabled && 'disabled', focusVisible && 'focusVisible']
-  };
-  var composedClasses = composeClasses(slots, getButtonBaseUtilityClass, classes);
-  if (focusVisible && focusVisibleClassName) {
-    composedClasses.root += " ".concat(focusVisibleClassName);
-  }
-  return composedClasses;
-};
-var ButtonBaseRoot = styles_styled('button', {
-  name: 'MuiButtonBase',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})((_styled = {
-  display: 'inline-flex',
-  alignItems: 'center',
-  justifyContent: 'center',
-  position: 'relative',
-  boxSizing: 'border-box',
-  WebkitTapHighlightColor: 'transparent',
-  backgroundColor: 'transparent',
-  // Reset default value
-  // We disable the focus ring for mouse, touch and keyboard users.
-  outline: 0,
-  border: 0,
-  margin: 0,
-  // Remove the margin in Safari
-  borderRadius: 0,
-  padding: 0,
-  // Remove the padding in Firefox
-  cursor: 'pointer',
-  userSelect: 'none',
-  verticalAlign: 'middle',
-  MozAppearance: 'none',
-  // Reset
-  WebkitAppearance: 'none',
-  // Reset
-  textDecoration: 'none',
-  // So we take precedent over the style of a native <a /> element.
-  color: 'inherit',
-  '&::-moz-focus-inner': {
-    borderStyle: 'none' // Remove Firefox dotted outline.
-  }
-}, defineProperty_defineProperty(_styled, "&.".concat(ButtonBase_buttonBaseClasses.disabled), {
-  pointerEvents: 'none',
-  // Disable link interactions
-  cursor: 'default'
-}), defineProperty_defineProperty(_styled, '@media print', {
-  colorAdjust: 'exact'
-}), _styled));
-
-/**
- * `ButtonBase` contains as few styles as possible.
- * It aims to be a simple building block for creating a button.
- * It contains a load of style reset and some focus/ripple logic.
- */
-var ButtonBase = /*#__PURE__*/react.forwardRef(function ButtonBase(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiButtonBase'
-  });
-  var action = props.action,
-    _props$centerRipple = props.centerRipple,
-    centerRipple = _props$centerRipple === void 0 ? false : _props$centerRipple,
-    children = props.children,
-    className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'button' : _props$component,
-    _props$disabled = props.disabled,
-    disabled = _props$disabled === void 0 ? false : _props$disabled,
-    _props$disableRipple = props.disableRipple,
-    disableRipple = _props$disableRipple === void 0 ? false : _props$disableRipple,
-    _props$disableTouchRi = props.disableTouchRipple,
-    disableTouchRipple = _props$disableTouchRi === void 0 ? false : _props$disableTouchRi,
-    _props$focusRipple = props.focusRipple,
-    focusRipple = _props$focusRipple === void 0 ? false : _props$focusRipple,
-    _props$LinkComponent = props.LinkComponent,
-    LinkComponent = _props$LinkComponent === void 0 ? 'a' : _props$LinkComponent,
-    onBlur = props.onBlur,
-    onClick = props.onClick,
-    onContextMenu = props.onContextMenu,
-    onDragLeave = props.onDragLeave,
-    onFocus = props.onFocus,
-    onFocusVisible = props.onFocusVisible,
-    onKeyDown = props.onKeyDown,
-    onKeyUp = props.onKeyUp,
-    onMouseDown = props.onMouseDown,
-    onMouseLeave = props.onMouseLeave,
-    onMouseUp = props.onMouseUp,
-    onTouchEnd = props.onTouchEnd,
-    onTouchMove = props.onTouchMove,
-    onTouchStart = props.onTouchStart,
-    _props$tabIndex = props.tabIndex,
-    tabIndex = _props$tabIndex === void 0 ? 0 : _props$tabIndex,
-    TouchRippleProps = props.TouchRippleProps,
-    touchRippleRef = props.touchRippleRef,
-    type = props.type,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ButtonBase_excluded);
-  var buttonRef = react.useRef(null);
-  var rippleRef = react.useRef(null);
-  var handleRippleRef = utils_useForkRef(rippleRef, touchRippleRef);
-  var _useIsFocusVisible = utils_useIsFocusVisible(),
-    isFocusVisibleRef = _useIsFocusVisible.isFocusVisibleRef,
-    handleFocusVisible = _useIsFocusVisible.onFocus,
-    handleBlurVisible = _useIsFocusVisible.onBlur,
-    focusVisibleRef = _useIsFocusVisible.ref;
-  var _React$useState = react.useState(false),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    focusVisible = _React$useState2[0],
-    setFocusVisible = _React$useState2[1];
-  if (disabled && focusVisible) {
-    setFocusVisible(false);
-  }
-  react.useImperativeHandle(action, function () {
-    return {
-      focusVisible: function focusVisible() {
-        setFocusVisible(true);
-        buttonRef.current.focus();
-      }
-    };
-  }, []);
-  var _React$useState3 = react.useState(false),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    mountedState = _React$useState4[0],
-    setMountedState = _React$useState4[1];
-  react.useEffect(function () {
-    setMountedState(true);
-  }, []);
-  var enableTouchRipple = mountedState && !disableRipple && !disabled;
-  react.useEffect(function () {
-    if (focusVisible && focusRipple && !disableRipple && mountedState) {
-      rippleRef.current.pulsate();
-    }
-  }, [disableRipple, focusRipple, focusVisible, mountedState]);
-  function useRippleHandler(rippleAction, eventCallback) {
-    var skipRippleAction = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : disableTouchRipple;
-    return utils_useEventCallback(function (event) {
-      if (eventCallback) {
-        eventCallback(event);
-      }
-      var ignore = skipRippleAction;
-      if (!ignore && rippleRef.current) {
-        rippleRef.current[rippleAction](event);
-      }
-      return true;
-    });
-  }
-  var handleMouseDown = useRippleHandler('start', onMouseDown);
-  var handleContextMenu = useRippleHandler('stop', onContextMenu);
-  var handleDragLeave = useRippleHandler('stop', onDragLeave);
-  var handleMouseUp = useRippleHandler('stop', onMouseUp);
-  var handleMouseLeave = useRippleHandler('stop', function (event) {
-    if (focusVisible) {
-      event.preventDefault();
-    }
-    if (onMouseLeave) {
-      onMouseLeave(event);
-    }
-  });
-  var handleTouchStart = useRippleHandler('start', onTouchStart);
-  var handleTouchEnd = useRippleHandler('stop', onTouchEnd);
-  var handleTouchMove = useRippleHandler('stop', onTouchMove);
-  var handleBlur = useRippleHandler('stop', function (event) {
-    handleBlurVisible(event);
-    if (isFocusVisibleRef.current === false) {
-      setFocusVisible(false);
-    }
-    if (onBlur) {
-      onBlur(event);
-    }
-  }, false);
-  var handleFocus = utils_useEventCallback(function (event) {
-    // Fix for https://github.com/facebook/react/issues/7769
-    if (!buttonRef.current) {
-      buttonRef.current = event.currentTarget;
-    }
-    handleFocusVisible(event);
-    if (isFocusVisibleRef.current === true) {
-      setFocusVisible(true);
-      if (onFocusVisible) {
-        onFocusVisible(event);
-      }
-    }
-    if (onFocus) {
-      onFocus(event);
-    }
-  });
-  var isNonNativeButton = function isNonNativeButton() {
-    var button = buttonRef.current;
-    return component && component !== 'button' && !(button.tagName === 'A' && button.href);
-  };
-
-  /**
-   * IE11 shim for https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/repeat
-   */
-  var keydownRef = react.useRef(false);
-  var handleKeyDown = utils_useEventCallback(function (event) {
-    // Check if key is already down to avoid repeats being counted as multiple activations
-    if (focusRipple && !keydownRef.current && focusVisible && rippleRef.current && event.key === ' ') {
-      keydownRef.current = true;
-      rippleRef.current.stop(event, function () {
-        rippleRef.current.start(event);
-      });
-    }
-    if (event.target === event.currentTarget && isNonNativeButton() && event.key === ' ') {
-      event.preventDefault();
-    }
-    if (onKeyDown) {
-      onKeyDown(event);
-    }
-
-    // Keyboard accessibility for non interactive elements
-    if (event.target === event.currentTarget && isNonNativeButton() && event.key === 'Enter' && !disabled) {
-      event.preventDefault();
-      if (onClick) {
-        onClick(event);
-      }
-    }
-  });
-  var handleKeyUp = utils_useEventCallback(function (event) {
-    // calling preventDefault in keyUp on a <button> will not dispatch a click event if Space is pressed
-    // https://codesandbox.io/s/button-keyup-preventdefault-dn7f0
-    if (focusRipple && event.key === ' ' && rippleRef.current && focusVisible && !event.defaultPrevented) {
-      keydownRef.current = false;
-      rippleRef.current.stop(event, function () {
-        rippleRef.current.pulsate(event);
-      });
-    }
-    if (onKeyUp) {
-      onKeyUp(event);
-    }
-
-    // Keyboard accessibility for non interactive elements
-    if (onClick && event.target === event.currentTarget && isNonNativeButton() && event.key === ' ' && !event.defaultPrevented) {
-      onClick(event);
-    }
-  });
-  var ComponentProp = component;
-  if (ComponentProp === 'button' && (other.href || other.to)) {
-    ComponentProp = LinkComponent;
-  }
-  var buttonProps = {};
-  if (ComponentProp === 'button') {
-    buttonProps.type = type === undefined ? 'button' : type;
-    buttonProps.disabled = disabled;
-  } else {
-    if (!other.href && !other.to) {
-      buttonProps.role = 'button';
-    }
-    if (disabled) {
-      buttonProps['aria-disabled'] = disabled;
-    }
-  }
-  var handleRef = utils_useForkRef(ref, focusVisibleRef, buttonRef);
-  if (false) {}
-  var ownerState = extends_extends({}, props, {
-    centerRipple: centerRipple,
-    component: component,
-    disabled: disabled,
-    disableRipple: disableRipple,
-    disableTouchRipple: disableTouchRipple,
-    focusRipple: focusRipple,
-    tabIndex: tabIndex,
-    focusVisible: focusVisible
-  });
-  var classes = ButtonBase_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(ButtonBaseRoot, extends_extends({
-    as: ComponentProp,
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    onBlur: handleBlur,
-    onClick: onClick,
-    onContextMenu: handleContextMenu,
-    onFocus: handleFocus,
-    onKeyDown: handleKeyDown,
-    onKeyUp: handleKeyUp,
-    onMouseDown: handleMouseDown,
-    onMouseLeave: handleMouseLeave,
-    onMouseUp: handleMouseUp,
-    onDragLeave: handleDragLeave,
-    onTouchEnd: handleTouchEnd,
-    onTouchMove: handleTouchMove,
-    onTouchStart: handleTouchStart,
-    ref: handleRef,
-    tabIndex: disabled ? -1 : tabIndex,
-    type: type
-  }, buttonProps, other, {
-    children: [children, enableTouchRipple ? /*#__PURE__*/
-    /* TouchRipple is only needed client-side, x2 boost on the server. */
-    (0,jsx_runtime.jsx)(ButtonBase_TouchRipple, extends_extends({
-      ref: handleRippleRef,
-      center: centerRipple
-    }, TouchRippleProps)) : null]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var ButtonBase_ButtonBase = (ButtonBase);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/IconButton/iconButtonClasses.js
-
-
-function getIconButtonUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiIconButton', slot);
-}
-var iconButtonClasses = generateUtilityClasses('MuiIconButton', ['root', 'disabled', 'colorInherit', 'colorPrimary', 'colorSecondary', 'colorError', 'colorInfo', 'colorSuccess', 'colorWarning', 'edgeStart', 'edgeEnd', 'sizeSmall', 'sizeMedium', 'sizeLarge']);
-/* harmony default export */ var IconButton_iconButtonClasses = (iconButtonClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/IconButton/IconButton.js
-
-
-
-var IconButton_excluded = ["edge", "children", "className", "color", "disabled", "disableFocusRipple", "size"];
-
-
-
-
-
-
-
-
-
-
-
-
-var IconButton_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    disabled = ownerState.disabled,
-    color = ownerState.color,
-    edge = ownerState.edge,
-    size = ownerState.size;
-  var slots = {
-    root: ['root', disabled && 'disabled', color !== 'default' && "color".concat(utils_capitalize(color)), edge && "edge".concat(utils_capitalize(edge)), "size".concat(utils_capitalize(size))]
-  };
-  return composeClasses(slots, getIconButtonUtilityClass, classes);
-};
-var IconButtonRoot = styles_styled(ButtonBase_ButtonBase, {
-  name: 'MuiIconButton',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.color !== 'default' && styles["color".concat(utils_capitalize(ownerState.color))], ownerState.edge && styles["edge".concat(utils_capitalize(ownerState.edge))], styles["size".concat(utils_capitalize(ownerState.size))]];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    textAlign: 'center',
-    flex: '0 0 auto',
-    fontSize: theme.typography.pxToRem(24),
-    padding: 8,
-    borderRadius: '50%',
-    overflow: 'visible',
-    // Explicitly set the default value to solve a bug on IE11.
-    color: (theme.vars || theme).palette.action.active,
-    transition: theme.transitions.create('background-color', {
-      duration: theme.transitions.duration.shortest
-    })
-  }, !ownerState.disableRipple && {
-    '&:hover': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.action.activeChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(theme.palette.action.active, theme.palette.action.hoverOpacity),
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, ownerState.edge === 'start' && {
-    marginLeft: ownerState.size === 'small' ? -3 : -12
-  }, ownerState.edge === 'end' && {
-    marginRight: ownerState.size === 'small' ? -3 : -12
-  });
-}, function (_ref2) {
-  var theme = _ref2.theme,
-    ownerState = _ref2.ownerState;
-  var _palette;
-  var palette = (_palette = (theme.vars || theme).palette) == null ? void 0 : _palette[ownerState.color];
-  return extends_extends({}, ownerState.color === 'inherit' && {
-    color: 'inherit'
-  }, ownerState.color !== 'inherit' && ownerState.color !== 'default' && extends_extends({
-    color: palette == null ? void 0 : palette.main
-  }, !ownerState.disableRipple && {
-    '&:hover': extends_extends({}, palette && {
-      backgroundColor: theme.vars ? "rgba(".concat(palette.mainChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(palette.main, theme.palette.action.hoverOpacity)
-    }, {
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    })
-  }), ownerState.size === 'small' && {
-    padding: 5,
-    fontSize: theme.typography.pxToRem(18)
-  }, ownerState.size === 'large' && {
-    padding: 12,
-    fontSize: theme.typography.pxToRem(28)
-  }, defineProperty_defineProperty({}, "&.".concat(IconButton_iconButtonClasses.disabled), {
-    backgroundColor: 'transparent',
-    color: (theme.vars || theme).palette.action.disabled
-  }));
-});
-
-/**
- * Refer to the [Icons](/material-ui/icons/) section of the documentation
- * regarding the available icon options.
- */
-var IconButton = /*#__PURE__*/react.forwardRef(function IconButton(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiIconButton'
-  });
-  var _props$edge = props.edge,
-    edge = _props$edge === void 0 ? false : _props$edge,
-    children = props.children,
-    className = props.className,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'default' : _props$color,
-    _props$disabled = props.disabled,
-    disabled = _props$disabled === void 0 ? false : _props$disabled,
-    _props$disableFocusRi = props.disableFocusRipple,
-    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 'medium' : _props$size,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, IconButton_excluded);
-  var ownerState = extends_extends({}, props, {
-    edge: edge,
-    color: color,
-    disabled: disabled,
-    disableFocusRipple: disableFocusRipple,
-    size: size
-  });
-  var classes = IconButton_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(IconButtonRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    centerRipple: true,
-    focusRipple: !disableFocusRipple,
-    disabled: disabled,
-    ref: ref,
-    ownerState: ownerState
-  }, other, {
-    children: children
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var IconButton_IconButton = (IconButton);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/isMuiElement.js
-
-function isMuiElement(element, muiNames) {
-  return /*#__PURE__*/react.isValidElement(element) && muiNames.indexOf(element.type.muiName) !== -1;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/isMuiElement.js
-
-/* harmony default export */ var utils_isMuiElement = (isMuiElement);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useEnhancedEffect.js
-
-/* harmony default export */ var utils_useEnhancedEffect = (esm_useEnhancedEffect);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItem/listItemClasses.js
-
-
-function getListItemUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiListItem', slot);
-}
-var listItemClasses = generateUtilityClasses('MuiListItem', ['root', 'container', 'focusVisible', 'dense', 'alignItemsFlexStart', 'disabled', 'divider', 'gutters', 'padding', 'button', 'secondaryAction', 'selected']);
-/* harmony default export */ var ListItem_listItemClasses = (listItemClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemButton/listItemButtonClasses.js
-
-
-function getListItemButtonUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiListItemButton', slot);
-}
-var listItemButtonClasses = generateUtilityClasses('MuiListItemButton', ['root', 'focusVisible', 'dense', 'alignItemsFlexStart', 'disabled', 'divider', 'gutters', 'selected']);
-/* harmony default export */ var ListItemButton_listItemButtonClasses = (listItemButtonClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemSecondaryAction/listItemSecondaryActionClasses.js
-
-
-function getListItemSecondaryActionClassesUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiListItemSecondaryAction', slot);
-}
-var listItemSecondaryActionClasses = generateUtilityClasses('MuiListItemSecondaryAction', ['root', 'disableGutters']);
-/* harmony default export */ var ListItemSecondaryAction_listItemSecondaryActionClasses = ((/* unused pure expression or super */ null && (listItemSecondaryActionClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemSecondaryAction/ListItemSecondaryAction.js
-
-
-var ListItemSecondaryAction_excluded = ["className"];
-
-
-
-
-
-
-
-
-
-var ListItemSecondaryAction_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var disableGutters = ownerState.disableGutters,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', disableGutters && 'disableGutters']
-  };
-  return composeClasses(slots, getListItemSecondaryActionClassesUtilityClass, classes);
-};
-var ListItemSecondaryActionRoot = styles_styled('div', {
-  name: 'MuiListItemSecondaryAction',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.disableGutters && styles.disableGutters];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState;
-  return extends_extends({
-    position: 'absolute',
-    right: 16,
-    top: '50%',
-    transform: 'translateY(-50%)'
-  }, ownerState.disableGutters && {
-    right: 0
-  });
-});
-
-/**
- * Must be used as the last child of ListItem to function properly.
- */
-var ListItemSecondaryAction = /*#__PURE__*/react.forwardRef(function ListItemSecondaryAction(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiListItemSecondaryAction'
-  });
-  var className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemSecondaryAction_excluded);
-  var context = react.useContext(List_ListContext);
-  var ownerState = extends_extends({}, props, {
-    disableGutters: context.disableGutters
-  });
-  var classes = ListItemSecondaryAction_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemSecondaryActionRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref
-  }, other));
-});
- false ? 0 : void 0;
-ListItemSecondaryAction.muiName = 'ListItemSecondaryAction';
-/* harmony default export */ var ListItemSecondaryAction_ListItemSecondaryAction = (ListItemSecondaryAction);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItem/ListItem.js
-
-
-
-var ListItem_excluded = ["className"],
-  ListItem_excluded2 = ["alignItems", "autoFocus", "button", "children", "className", "component", "components", "componentsProps", "ContainerComponent", "ContainerProps", "dense", "disabled", "disableGutters", "disablePadding", "divider", "focusVisibleClassName", "secondaryAction", "selected", "slotProps", "slots"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var ListItem_overridesResolver = function overridesResolver(props, styles) {
-  var ownerState = props.ownerState;
-  return [styles.root, ownerState.dense && styles.dense, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters, !ownerState.disablePadding && styles.padding, ownerState.button && styles.button, ownerState.hasSecondaryAction && styles.secondaryAction];
-};
-var ListItem_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var alignItems = ownerState.alignItems,
-    button = ownerState.button,
-    classes = ownerState.classes,
-    dense = ownerState.dense,
-    disabled = ownerState.disabled,
-    disableGutters = ownerState.disableGutters,
-    disablePadding = ownerState.disablePadding,
-    divider = ownerState.divider,
-    hasSecondaryAction = ownerState.hasSecondaryAction,
-    selected = ownerState.selected;
-  var slots = {
-    root: ['root', dense && 'dense', !disableGutters && 'gutters', !disablePadding && 'padding', divider && 'divider', disabled && 'disabled', button && 'button', alignItems === 'flex-start' && 'alignItemsFlexStart', hasSecondaryAction && 'secondaryAction', selected && 'selected'],
-    container: ['container']
-  };
-  return composeClasses(slots, getListItemUtilityClass, classes);
-};
-var ListItemRoot = styles_styled('div', {
-  name: 'MuiListItem',
-  slot: 'Root',
-  overridesResolver: ListItem_overridesResolver
-})(function (_ref) {
-  var _extends2;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    display: 'flex',
-    justifyContent: 'flex-start',
-    alignItems: 'center',
-    position: 'relative',
-    textDecoration: 'none',
-    width: '100%',
-    boxSizing: 'border-box',
-    textAlign: 'left'
-  }, !ownerState.disablePadding && extends_extends({
-    paddingTop: 8,
-    paddingBottom: 8
-  }, ownerState.dense && {
-    paddingTop: 4,
-    paddingBottom: 4
-  }, !ownerState.disableGutters && {
-    paddingLeft: 16,
-    paddingRight: 16
-  }, !!ownerState.secondaryAction && {
-    // Add some space to avoid collision as `ListItemSecondaryAction`
-    // is absolutely positioned.
-    paddingRight: 48
-  }), !!ownerState.secondaryAction && defineProperty_defineProperty({}, "& > .".concat(ListItemButton_listItemButtonClasses.root), {
-    paddingRight: 48
-  }), (_extends2 = {}, defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.focusVisible), {
-    backgroundColor: (theme.vars || theme).palette.action.focus
-  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.selected), defineProperty_defineProperty({
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-  }, "&.".concat(ListItem_listItemClasses.focusVisible), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
-  })), defineProperty_defineProperty(_extends2, "&.".concat(ListItem_listItemClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity
-  }), _extends2), ownerState.alignItems === 'flex-start' && {
-    alignItems: 'flex-start'
-  }, ownerState.divider && {
-    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
-    backgroundClip: 'padding-box'
-  }, ownerState.button && defineProperty_defineProperty({
-    transition: theme.transitions.create('background-color', {
-      duration: theme.transitions.duration.shortest
-    }),
-    '&:hover': {
-      textDecoration: 'none',
-      backgroundColor: (theme.vars || theme).palette.action.hover,
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, "&.".concat(ListItem_listItemClasses.selected, ":hover"), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
-    // Reset on touch devices, it doesn't add specificity
-    '@media (hover: none)': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-    }
-  }), ownerState.hasSecondaryAction && {
-    // Add some space to avoid collision as `ListItemSecondaryAction`
-    // is absolutely positioned.
-    paddingRight: 48
-  });
-});
-var ListItemContainer = styles_styled('li', {
-  name: 'MuiListItem',
-  slot: 'Container',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.container;
-  }
-})({
-  position: 'relative'
-});
-
-/**
- * Uses an additional container component if `ListItemSecondaryAction` is the last child.
- */
-var ListItem = /*#__PURE__*/react.forwardRef(function ListItem(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiListItem'
-  });
-  var _props$alignItems = props.alignItems,
-    alignItems = _props$alignItems === void 0 ? 'center' : _props$alignItems,
-    _props$autoFocus = props.autoFocus,
-    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
-    _props$button = props.button,
-    button = _props$button === void 0 ? false : _props$button,
-    childrenProp = props.children,
-    className = props.className,
-    componentProp = props.component,
-    _props$components = props.components,
-    components = _props$components === void 0 ? {} : _props$components,
-    _props$componentsProp = props.componentsProps,
-    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
-    _props$ContainerCompo = props.ContainerComponent,
-    ContainerComponent = _props$ContainerCompo === void 0 ? 'li' : _props$ContainerCompo,
-    _props$ContainerProps = props.ContainerProps,
-    _props$ContainerProps2 = _props$ContainerProps === void 0 ? {} : _props$ContainerProps,
-    ContainerClassName = _props$ContainerProps2.className,
-    _props$dense = props.dense,
-    dense = _props$dense === void 0 ? false : _props$dense,
-    _props$disabled = props.disabled,
-    disabled = _props$disabled === void 0 ? false : _props$disabled,
-    _props$disableGutters = props.disableGutters,
-    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
-    _props$disablePadding = props.disablePadding,
-    disablePadding = _props$disablePadding === void 0 ? false : _props$disablePadding,
-    _props$divider = props.divider,
-    divider = _props$divider === void 0 ? false : _props$divider,
-    focusVisibleClassName = props.focusVisibleClassName,
-    secondaryAction = props.secondaryAction,
-    _props$selected = props.selected,
-    selected = _props$selected === void 0 ? false : _props$selected,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    ContainerProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.ContainerProps, ListItem_excluded),
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItem_excluded2);
-  var context = react.useContext(List_ListContext);
-  var childContext = react.useMemo(function () {
-    return {
-      dense: dense || context.dense || false,
-      alignItems: alignItems,
-      disableGutters: disableGutters
-    };
-  }, [alignItems, context.dense, dense, disableGutters]);
-  var listItemRef = react.useRef(null);
-  utils_useEnhancedEffect(function () {
-    if (autoFocus) {
-      if (listItemRef.current) {
-        listItemRef.current.focus();
-      } else if (false) {}
-    }
-  }, [autoFocus]);
-  var children = react.Children.toArray(childrenProp);
-
-  // v4 implementation, deprecated in v5, will be removed in v6
-  var hasSecondaryAction = children.length && utils_isMuiElement(children[children.length - 1], ['ListItemSecondaryAction']);
-  var ownerState = extends_extends({}, props, {
-    alignItems: alignItems,
-    autoFocus: autoFocus,
-    button: button,
-    dense: childContext.dense,
-    disabled: disabled,
-    disableGutters: disableGutters,
-    disablePadding: disablePadding,
-    divider: divider,
-    hasSecondaryAction: hasSecondaryAction,
-    selected: selected
-  });
-  var classes = ListItem_useUtilityClasses(ownerState);
-  var handleRef = utils_useForkRef(listItemRef, ref);
-  var Root = slots.root || components.Root || ListItemRoot;
-  var rootProps = slotProps.root || componentsProps.root || {};
-  var componentProps = extends_extends({
-    className: clsx_m(classes.root, rootProps.className, className),
-    disabled: disabled
-  }, other);
-  var Component = componentProp || 'li';
-  if (button) {
-    componentProps.component = componentProp || 'div';
-    componentProps.focusVisibleClassName = clsx_m(ListItem_listItemClasses.focusVisible, focusVisibleClassName);
-    Component = ButtonBase_ButtonBase;
-  }
-
-  // v4 implementation, deprecated in v5, will be removed in v6
-  if (hasSecondaryAction) {
-    // Use div by default.
-    Component = !componentProps.component && !componentProp ? 'div' : Component;
-
-    // Avoid nesting of li > li.
-    if (ContainerComponent === 'li') {
-      if (Component === 'li') {
-        Component = 'div';
-      } else if (componentProps.component === 'li') {
-        componentProps.component = 'div';
-      }
-    }
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
-      value: childContext,
-      children: /*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemContainer, extends_extends({
-        as: ContainerComponent,
-        className: clsx_m(classes.container, ContainerClassName),
-        ref: handleRef,
-        ownerState: ownerState
-      }, ContainerProps, {
-        children: [/*#__PURE__*/(0,jsx_runtime.jsx)(Root, extends_extends({}, rootProps, !isHostComponent(Root) && {
-          as: Component,
-          ownerState: extends_extends({}, ownerState, rootProps.ownerState)
-        }, componentProps, {
-          children: children
-        })), children.pop()]
-      }))
-    });
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
-    value: childContext,
-    children: /*#__PURE__*/(0,jsx_runtime.jsxs)(Root, extends_extends({}, rootProps, {
-      as: Component,
-      ref: handleRef
-    }, !isHostComponent(Root) && {
-      ownerState: extends_extends({}, ownerState, rootProps.ownerState)
-    }, componentProps, {
-      children: [children, secondaryAction && /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemSecondaryAction_ListItemSecondaryAction, {
-        children: secondaryAction
-      })]
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var ListItem_ListItem = (ListItem);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemButton/ListItemButton.js
-
-
-
-var ListItemButton_excluded = ["alignItems", "autoFocus", "component", "children", "dense", "disableGutters", "divider", "focusVisibleClassName", "selected", "className"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-var ListItemButton_overridesResolver = function overridesResolver(props, styles) {
-  var ownerState = props.ownerState;
-  return [styles.root, ownerState.dense && styles.dense, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters];
-};
-var ListItemButton_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var alignItems = ownerState.alignItems,
-    classes = ownerState.classes,
-    dense = ownerState.dense,
-    disabled = ownerState.disabled,
-    disableGutters = ownerState.disableGutters,
-    divider = ownerState.divider,
-    selected = ownerState.selected;
-  var slots = {
-    root: ['root', dense && 'dense', !disableGutters && 'gutters', divider && 'divider', disabled && 'disabled', alignItems === 'flex-start' && 'alignItemsFlexStart', selected && 'selected']
-  };
-  var composedClasses = composeClasses(slots, getListItemButtonUtilityClass, classes);
-  return extends_extends({}, classes, composedClasses);
-};
-var ListItemButtonRoot = styles_styled(ButtonBase_ButtonBase, {
-  shouldForwardProp: function shouldForwardProp(prop) {
-    return rootShouldForwardProp(prop) || prop === 'classes';
-  },
-  name: 'MuiListItemButton',
-  slot: 'Root',
-  overridesResolver: ListItemButton_overridesResolver
-})(function (_ref) {
-  var _extends2;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends((_extends2 = {
-    display: 'flex',
-    flexGrow: 1,
-    justifyContent: 'flex-start',
-    alignItems: 'center',
-    position: 'relative',
-    textDecoration: 'none',
-    minWidth: 0,
-    boxSizing: 'border-box',
-    textAlign: 'left',
-    paddingTop: 8,
-    paddingBottom: 8,
-    transition: theme.transitions.create('background-color', {
-      duration: theme.transitions.duration.shortest
-    }),
-    '&:hover': {
-      textDecoration: 'none',
-      backgroundColor: (theme.vars || theme).palette.action.hover,
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.selected), defineProperty_defineProperty({
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-  }, "&.".concat(ListItemButton_listItemButtonClasses.focusVisible), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
-  })), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.selected, ":hover"), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
-    // Reset on touch devices, it doesn't add specificity
-    '@media (hover: none)': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-    }
-  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.focusVisible), {
-    backgroundColor: (theme.vars || theme).palette.action.focus
-  }), defineProperty_defineProperty(_extends2, "&.".concat(ListItemButton_listItemButtonClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity
-  }), _extends2), ownerState.divider && {
-    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
-    backgroundClip: 'padding-box'
-  }, ownerState.alignItems === 'flex-start' && {
-    alignItems: 'flex-start'
-  }, !ownerState.disableGutters && {
-    paddingLeft: 16,
-    paddingRight: 16
-  }, ownerState.dense && {
-    paddingTop: 4,
-    paddingBottom: 4
-  });
-});
-var ListItemButton = /*#__PURE__*/react.forwardRef(function ListItemButton(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiListItemButton'
-  });
-  var _props$alignItems = props.alignItems,
-    alignItems = _props$alignItems === void 0 ? 'center' : _props$alignItems,
-    _props$autoFocus = props.autoFocus,
-    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    children = props.children,
-    _props$dense = props.dense,
-    dense = _props$dense === void 0 ? false : _props$dense,
-    _props$disableGutters = props.disableGutters,
-    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
-    _props$divider = props.divider,
-    divider = _props$divider === void 0 ? false : _props$divider,
-    focusVisibleClassName = props.focusVisibleClassName,
-    _props$selected = props.selected,
-    selected = _props$selected === void 0 ? false : _props$selected,
-    className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemButton_excluded);
-  var context = react.useContext(List_ListContext);
-  var childContext = react.useMemo(function () {
-    return {
-      dense: dense || context.dense || false,
-      alignItems: alignItems,
-      disableGutters: disableGutters
-    };
-  }, [alignItems, context.dense, dense, disableGutters]);
-  var listItemRef = react.useRef(null);
-  utils_useEnhancedEffect(function () {
-    if (autoFocus) {
-      if (listItemRef.current) {
-        listItemRef.current.focus();
-      } else if (false) {}
-    }
-  }, [autoFocus]);
-  var ownerState = extends_extends({}, props, {
-    alignItems: alignItems,
-    dense: childContext.dense,
-    disableGutters: disableGutters,
-    divider: divider,
-    selected: selected
-  });
-  var classes = ListItemButton_useUtilityClasses(ownerState);
-  var handleRef = utils_useForkRef(listItemRef, ref);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
-    value: childContext,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemButtonRoot, extends_extends({
-      ref: handleRef,
-      href: other.href || other.to
-      // `ButtonBase` processes `href` or `to` if `component` is set to 'button'
-      ,
-
-      component: (other.href || other.to) && component === 'div' ? 'button' : component,
-      focusVisibleClassName: clsx_m(classes.focusVisible, focusVisibleClassName),
-      ownerState: ownerState,
-      className: clsx_m(classes.root, className)
-    }, other, {
-      classes: classes,
-      children: children
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var ListItemButton_ListItemButton = (ListItemButton);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemIcon/listItemIconClasses.js
-
-
-function getListItemIconUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiListItemIcon', slot);
-}
-var listItemIconClasses = generateUtilityClasses('MuiListItemIcon', ['root', 'alignItemsFlexStart']);
-/* harmony default export */ var ListItemIcon_listItemIconClasses = (listItemIconClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemIcon/ListItemIcon.js
-
-
-var ListItemIcon_excluded = ["className"];
-
-
-
-
-
-
-
-
-
-var ListItemIcon_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var alignItems = ownerState.alignItems,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', alignItems === 'flex-start' && 'alignItemsFlexStart']
-  };
-  return composeClasses(slots, getListItemIconUtilityClass, classes);
-};
-var ListItemIconRoot = styles_styled('div', {
-  name: 'MuiListItemIcon',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.alignItems === 'flex-start' && styles.alignItemsFlexStart];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    minWidth: 56,
-    color: (theme.vars || theme).palette.action.active,
-    flexShrink: 0,
-    display: 'inline-flex'
-  }, ownerState.alignItems === 'flex-start' && {
-    marginTop: 8
-  });
-});
-
-/**
- * A simple wrapper to apply `List` styles to an `Icon` or `SvgIcon`.
- */
-var ListItemIcon = /*#__PURE__*/react.forwardRef(function ListItemIcon(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiListItemIcon'
-  });
-  var className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemIcon_excluded);
-  var context = react.useContext(List_ListContext);
-  var ownerState = extends_extends({}, props, {
-    alignItems: context.alignItems
-  });
-  var classes = ListItemIcon_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIconRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var ListItemIcon_ListItemIcon = (ListItemIcon);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Typography/typographyClasses.js
-
-
-function getTypographyUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTypography', slot);
-}
-var typographyClasses = generateUtilityClasses('MuiTypography', ['root', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'subtitle1', 'subtitle2', 'body1', 'body2', 'inherit', 'button', 'caption', 'overline', 'alignLeft', 'alignRight', 'alignCenter', 'alignJustify', 'noWrap', 'gutterBottom', 'paragraph']);
-/* harmony default export */ var Typography_typographyClasses = ((/* unused pure expression or super */ null && (typographyClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Typography/Typography.js
-
-
-var Typography_excluded = ["align", "className", "component", "gutterBottom", "noWrap", "paragraph", "variant", "variantMapping"];
-
-
-
-
-
-
-
-
-
-
-var Typography_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var align = ownerState.align,
-    gutterBottom = ownerState.gutterBottom,
-    noWrap = ownerState.noWrap,
-    paragraph = ownerState.paragraph,
-    variant = ownerState.variant,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', variant, ownerState.align !== 'inherit' && "align".concat(utils_capitalize(align)), gutterBottom && 'gutterBottom', noWrap && 'noWrap', paragraph && 'paragraph']
-  };
-  return composeClasses(slots, getTypographyUtilityClass, classes);
-};
-var TypographyRoot = styles_styled('span', {
-  name: 'MuiTypography',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.variant && styles[ownerState.variant], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.noWrap && styles.noWrap, ownerState.gutterBottom && styles.gutterBottom, ownerState.paragraph && styles.paragraph];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    margin: 0
-  }, ownerState.variant && theme.typography[ownerState.variant], ownerState.align !== 'inherit' && {
-    textAlign: ownerState.align
-  }, ownerState.noWrap && {
-    overflow: 'hidden',
-    textOverflow: 'ellipsis',
-    whiteSpace: 'nowrap'
-  }, ownerState.gutterBottom && {
-    marginBottom: '0.35em'
-  }, ownerState.paragraph && {
-    marginBottom: 16
-  });
-});
-var defaultVariantMapping = {
-  h1: 'h1',
-  h2: 'h2',
-  h3: 'h3',
-  h4: 'h4',
-  h5: 'h5',
-  h6: 'h6',
-  subtitle1: 'h6',
-  subtitle2: 'h6',
-  body1: 'p',
-  body2: 'p',
-  inherit: 'p'
-};
-
-// TODO v6: deprecate these color values in v5.x and remove the transformation in v6
-var colorTransformations = {
-  primary: 'primary.main',
-  textPrimary: 'text.primary',
-  secondary: 'secondary.main',
-  textSecondary: 'text.secondary',
-  error: 'error.main'
-};
-var transformDeprecatedColors = function transformDeprecatedColors(color) {
-  return colorTransformations[color] || color;
-};
-var Typography = /*#__PURE__*/react.forwardRef(function Typography(inProps, ref) {
-  var themeProps = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTypography'
-  });
-  var color = transformDeprecatedColors(themeProps.color);
-  var props = extendSxProp(extends_extends({}, themeProps, {
-    color: color
-  }));
-  var _props$align = props.align,
-    align = _props$align === void 0 ? 'inherit' : _props$align,
-    className = props.className,
-    component = props.component,
-    _props$gutterBottom = props.gutterBottom,
-    gutterBottom = _props$gutterBottom === void 0 ? false : _props$gutterBottom,
-    _props$noWrap = props.noWrap,
-    noWrap = _props$noWrap === void 0 ? false : _props$noWrap,
-    _props$paragraph = props.paragraph,
-    paragraph = _props$paragraph === void 0 ? false : _props$paragraph,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'body1' : _props$variant,
-    _props$variantMapping = props.variantMapping,
-    variantMapping = _props$variantMapping === void 0 ? defaultVariantMapping : _props$variantMapping,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Typography_excluded);
-  var ownerState = extends_extends({}, props, {
-    align: align,
-    color: color,
-    className: className,
-    component: component,
-    gutterBottom: gutterBottom,
-    noWrap: noWrap,
-    paragraph: paragraph,
-    variant: variant,
-    variantMapping: variantMapping
-  });
-  var Component = component || (paragraph ? 'p' : variantMapping[variant] || defaultVariantMapping[variant]) || 'span';
-  var classes = Typography_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TypographyRoot, extends_extends({
-    as: Component,
-    ref: ref,
-    ownerState: ownerState,
-    className: clsx_m(classes.root, className)
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Typography_Typography = (Typography);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemText/listItemTextClasses.js
-
-
-function getListItemTextUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiListItemText', slot);
-}
-var listItemTextClasses = generateUtilityClasses('MuiListItemText', ['root', 'multiline', 'dense', 'inset', 'primary', 'secondary']);
-/* harmony default export */ var ListItemText_listItemTextClasses = (listItemTextClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/ListItemText/ListItemText.js
-
-
-
-var ListItemText_excluded = ["children", "className", "disableTypography", "inset", "primary", "primaryTypographyProps", "secondary", "secondaryTypographyProps"];
-
-
-
-
-
-
-
-
-
-
-
-var ListItemText_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    inset = ownerState.inset,
-    primary = ownerState.primary,
-    secondary = ownerState.secondary,
-    dense = ownerState.dense;
-  var slots = {
-    root: ['root', inset && 'inset', dense && 'dense', primary && secondary && 'multiline'],
-    primary: ['primary'],
-    secondary: ['secondary']
-  };
-  return composeClasses(slots, getListItemTextUtilityClass, classes);
-};
-var ListItemTextRoot = styles_styled('div', {
-  name: 'MuiListItemText',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [defineProperty_defineProperty({}, "& .".concat(ListItemText_listItemTextClasses.primary), styles.primary), defineProperty_defineProperty({}, "& .".concat(ListItemText_listItemTextClasses.secondary), styles.secondary), styles.root, ownerState.inset && styles.inset, ownerState.primary && ownerState.secondary && styles.multiline, ownerState.dense && styles.dense];
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState;
-  return extends_extends({
-    flex: '1 1 auto',
-    minWidth: 0,
-    marginTop: 4,
-    marginBottom: 4
-  }, ownerState.primary && ownerState.secondary && {
-    marginTop: 6,
-    marginBottom: 6
-  }, ownerState.inset && {
-    paddingLeft: 56
-  });
-});
-var ListItemText = /*#__PURE__*/react.forwardRef(function ListItemText(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiListItemText'
-  });
-  var children = props.children,
-    className = props.className,
-    _props$disableTypogra = props.disableTypography,
-    disableTypography = _props$disableTypogra === void 0 ? false : _props$disableTypogra,
-    _props$inset = props.inset,
-    inset = _props$inset === void 0 ? false : _props$inset,
-    primaryProp = props.primary,
-    primaryTypographyProps = props.primaryTypographyProps,
-    secondaryProp = props.secondary,
-    secondaryTypographyProps = props.secondaryTypographyProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ListItemText_excluded);
-  var _React$useContext = react.useContext(List_ListContext),
-    dense = _React$useContext.dense;
-  var primary = primaryProp != null ? primaryProp : children;
-  var secondary = secondaryProp;
-  var ownerState = extends_extends({}, props, {
-    disableTypography: disableTypography,
-    inset: inset,
-    primary: !!primary,
-    secondary: !!secondary,
-    dense: dense
-  });
-  var classes = ListItemText_useUtilityClasses(ownerState);
-  if (primary != null && primary.type !== Typography_Typography && !disableTypography) {
-    primary = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
-      variant: dense ? 'body2' : 'body1',
-      className: classes.primary,
-      component: primaryTypographyProps != null && primaryTypographyProps.variant ? undefined : 'span',
-      display: "block"
-    }, primaryTypographyProps, {
-      children: primary
-    }));
-  }
-  if (secondary != null && secondary.type !== Typography_Typography && !disableTypography) {
-    secondary = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
-      variant: "body2",
-      className: classes.secondary,
-      color: "text.secondary",
-      display: "block"
-    }, secondaryTypographyProps, {
-      children: secondary
-    }));
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemTextRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref
-  }, other, {
-    children: [primary, secondary]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var ListItemText_ListItemText = (ListItemText);
-;// CONCATENATED MODULE: ./src/icons/kluctl-text.svg
-var _path, _path2, _path3, _path4, _path5;
-var kluctl_text_excluded = ["title", "titleId"];
-function kluctl_text_extends() { kluctl_text_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return kluctl_text_extends.apply(this, arguments); }
-function _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = kluctl_text_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function kluctl_text_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgKluctlText(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = _objectWithoutProperties(_ref, kluctl_text_excluded);
-  return /*#__PURE__*/react.createElement("svg", kluctl_text_extends({
-    width: 115,
-    height: 34,
-    viewBox: "0 0 115 34",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, _path || (_path = /*#__PURE__*/react.createElement("path", {
-    d: "M21.3567 8.6323H15.5247L5.24968 20.068V0.715027H0.601793L0.580078 32.3833H5.24968V20.9476L15.1598 32.3833H21.3864L10.5556 20.5078L21.3567 8.6323Z",
-    fill: "#DFEBE9"
-  })), _path2 || (_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M30.3117 0.658997H25.7295V32.3832H30.3117V0.658997Z",
-    fill: "#DFEBE9"
-  })), _path3 || (_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M99.0875 0.626038H94.4833V8.63227H89.9453V12.3269H94.4833V23.0369C94.4833 24.3271 94.5017 25.4816 94.5382 26.5004C94.5745 27.5198 94.8487 28.5202 95.3602 29.5025C95.9307 30.602 96.7782 31.4084 97.904 31.9215C99.0292 32.4346 100.308 32.7132 101.741 32.7569C103.173 32.8012 104.634 32.6763 106.126 32.3832V28.4909C104.576 28.711 103.228 28.7587 102.08 28.6338C100.933 28.5097 100.096 27.9929 99.5702 27.0834C99.2922 26.5992 99.1422 26.0058 99.1203 25.3021C99.0986 24.5983 99.0875 23.7699 99.0875 22.817V12.3269H106.126V8.63227H99.0875V0.626038Z",
-    fill: "#DFEBE9"
-  })), _path4 || (_path4 = /*#__PURE__*/react.createElement("path", {
-    d: "M115 0.658997H110.418V32.3832H115V0.658997Z",
-    fill: "#DFEBE9"
-  })), _path5 || (_path5 = /*#__PURE__*/react.createElement("path", {
-    d: "M73.7264 13.3715C74.6907 12.6602 75.9255 12.3045 77.4312 12.3045C78.7611 12.3045 79.9418 12.6753 80.972 13.4156C82.0027 14.1561 82.7443 15.1934 83.1975 16.5274L87.7579 15.2079C87.173 12.9644 85.9631 11.1983 84.1294 9.90803C82.2948 8.61753 80.0842 7.97266 77.497 7.97266C75.0998 7.97266 73.0464 8.50762 71.3364 9.57813C69.9637 10.4373 68.8575 11.5712 67.9935 12.9542L67.9805 12.9381C67.9805 12.9381 67.4187 14.0115 65.7626 14.3945C63.735 14.6699 61.9015 14.6724 60.338 14.5518C56.7422 14.0069 56.1432 10.8942 56.0653 9.41572V8.63239H51.1944V20.9914C51.1944 22.3992 51.0374 23.5947 50.7231 24.5765C50.4089 25.5586 49.9775 26.3503 49.4294 26.9517C48.8814 27.5531 48.242 27.989 47.511 28.2602C46.7801 28.5313 46.0053 28.6668 45.187 28.6668C43.9298 28.6668 42.9105 28.4104 42.1289 27.8969C41.3465 27.3842 40.7398 26.7094 40.3089 25.8741C39.8778 25.0382 39.5852 24.133 39.432 23.1582C39.2786 22.1831 39.2015 21.2339 39.2015 20.31V8.63222H34.5537V21.8272C34.5537 22.5606 34.6197 23.4105 34.7511 24.3781C34.8827 25.3461 35.131 26.3356 35.4966 27.3471C35.8616 28.3585 36.3914 29.2933 37.0861 30.1511C37.7799 31.0089 38.6824 31.7017 39.7937 32.2296C40.9039 32.7572 42.2783 33.0212 43.9154 33.0212C46.0495 33.0212 47.8691 32.5595 49.3747 31.6356C50.3024 31.0662 51.0809 30.3419 51.7427 29.4967V32.3835H56.0652V28.6462C56.1408 28.356 56.5575 27.3818 58.6937 26.9386C60.3092 26.6526 62.3773 26.6059 64.8661 27.1592C66.1567 27.446 67.3572 28.0281 68.3534 28.8992C68.6908 29.1942 69.0568 29.5108 69.4466 29.9256C69.9915 30.4788 70.58 30.9879 71.2486 31.4155C72.9439 32.5005 75.005 33.0431 77.4312 33.0431C79.9746 33.0431 82.1376 32.4238 83.9211 31.185C85.7041 29.9464 86.9827 28.1686 87.7579 25.8522L83.1097 24.7524C82.6277 26.0277 81.929 27.0067 81.0161 27.6881C80.1023 28.3699 78.9077 28.7109 77.4312 28.7109C75.268 28.7109 73.6347 27.9559 72.5312 26.4456C71.4276 24.9359 70.8685 22.9564 70.8537 20.5077C70.8685 18.9248 71.1093 17.5168 71.5775 16.2854C72.0451 15.0537 72.7616 14.0828 73.7264 13.3716V13.3715ZM57.7252 16.4901C58.9563 16.713 60.4897 16.8913 62.2601 16.8913C63.1733 16.8913 64.1502 16.8419 65.1781 16.7292C65.2069 16.7288 65.2361 16.7286 65.2479 16.7323C65.3 16.7477 65.4005 16.8842 64.9001 17.1154C64.0336 17.3999 62.8489 17.5927 61.1866 17.5927C59.5703 17.5927 58.4663 17.2747 57.7076 16.8354C57.599 16.755 57.505 16.6605 57.5157 16.5645C57.523 16.4964 57.6248 16.4847 57.7252 16.4901ZM64.4437 18.773C63.8614 19.1512 63.043 19.4511 61.8643 19.5722C60.7181 19.6901 59.8992 19.4178 59.3115 18.9864C59.2255 18.905 59.1482 18.807 59.1448 18.6999C59.1425 18.6236 59.2133 18.6034 59.2849 18.602C60.1834 18.7596 61.2908 18.8457 62.5462 18.7168C63.1939 18.6504 63.8812 18.5246 64.5971 18.3246C64.6178 18.3221 64.6384 18.3198 64.6469 18.323C64.6857 18.336 64.7724 18.4803 64.4437 18.773ZM64.609 24.4077C62.1265 23.9443 60.0012 24.0187 58.2715 24.3321C57.963 24.3395 57.6685 24.2506 57.6685 24.072C57.6685 23.9635 57.7764 23.8511 57.8904 23.7583C59.2316 22.8996 60.9024 22.8218 61.5537 22.8218C62.9716 22.8218 64.0627 23.1248 64.9057 23.5785L64.9037 23.5814C64.9037 23.5814 65.3778 23.8821 65.3014 24.1038C65.2284 24.3156 65.0761 24.4636 64.609 24.4077Z",
-    fill: "#DFEBE9"
-  })));
-}
-var ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlText);
-/* harmony default export */ var kluctl_text = (__webpack_require__.p + "static/media/kluctl-text.svg?h=5599a99d8e965c1475a0712854d4c20b8f920a28267ed65213cbdcba720a1a33");
-
-;// CONCATENATED MODULE: ./src/icons/git.svg
-var _defs;
-var git_excluded = ["title", "titleId"];
-function git_extends() { git_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return git_extends.apply(this, arguments); }
-function git_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = git_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function git_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgGit(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = git_objectWithoutProperties(_ref, git_excluded);
-  return /*#__PURE__*/react.createElement("svg", git_extends({
-    xmlns: "http://www.w3.org/2000/svg",
-    width: "92pt",
-    height: "92pt",
-    viewBox: "0 0 92 92",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, _defs || (_defs = /*#__PURE__*/react.createElement("defs", null, /*#__PURE__*/react.createElement("clipPath", {
-    id: "a"
-  }, /*#__PURE__*/react.createElement("path", {
-    d: "M0 .113h91.887V92H0Zm0 0"
-  })))), /*#__PURE__*/react.createElement("g", {
-    clipPath: "url(#a)"
-  }, /*#__PURE__*/react.createElement("path", {
-    style: {
-      stroke: "none",
-      fillRule: "nonzero",
-      fill: "#100f0d",
-      fillOpacity: 1
-    },
-    d: "M90.156 41.965 50.036 1.848a5.913 5.913 0 0 0-8.368 0l-8.332 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.043 7.043 0 0 1 1.673 7.277l10.183 10.184a7.026 7.026 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.045 7.045 0 0 1-9.961 0 7.038 7.038 0 0 1-1.532-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.034 7.034 0 0 1 2.308-1.539V33.926a7.001 7.001 0 0 1-2.308-1.535 7.049 7.049 0 0 1-1.516-7.7L29.242 14.273 1.734 41.777a5.918 5.918 0 0 0 0 8.371L41.855 90.27a5.92 5.92 0 0 0 8.368 0l39.933-39.934a5.925 5.925 0 0 0 0-8.371"
-  })));
-}
-var git_ForwardRef = /*#__PURE__*/react.forwardRef(SvgGit);
-/* harmony default export */ var git = (__webpack_require__.p + "static/media/git.svg?h=2989537d0badbe5ef04e33d0c26fed9dd7f949310e0eb0f85dcbf9ff43e1e231");
-
-;// CONCATENATED MODULE: ./src/icons/kluctl-logo.svg
-var kluctl_logo_path;
-var kluctl_logo_excluded = ["title", "titleId"];
-function kluctl_logo_extends() { kluctl_logo_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return kluctl_logo_extends.apply(this, arguments); }
-function kluctl_logo_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = kluctl_logo_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function kluctl_logo_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgKluctlLogo(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = kluctl_logo_objectWithoutProperties(_ref, kluctl_logo_excluded);
-  return /*#__PURE__*/react.createElement("svg", kluctl_logo_extends({
-    width: 50,
-    height: 50,
-    viewBox: "0 0 50 50",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, kluctl_logo_path || (kluctl_logo_path = /*#__PURE__*/react.createElement("path", {
-    d: "M46.7332 26.4052C46.0197 26.1986 45.3021 26.1791 44.6273 26.3143C40.1777 27.2059 35.7653 26.6265 33.5223 26.1996C32.668 26.0371 32.0248 25.3551 31.8357 24.4893C31.8319 24.4715 31.8279 24.4537 31.8239 24.436C31.6286 23.5727 31.9102 22.6711 32.6102 22.1471C34.3592 20.8378 37.8933 18.5208 42.5714 17.1265C43.6436 16.807 44.6717 16.1731 45.348 14.9364C46.1321 13.5024 46.1337 11.7081 45.2978 10.3048C43.8559 7.88432 40.7234 7.37165 38.6256 9.07985C38.1033 9.50523 37.6946 10.0232 37.4152 10.5963C35.4318 14.6654 32.1773 17.8402 30.4251 19.3627C29.7657 19.9355 28.8472 20.0181 28.0689 19.6308C28.051 19.6219 28.0331 19.613 28.0151 19.6044C27.232 19.2231 26.7251 18.433 26.7576 17.5481C26.8442 15.1876 27.2649 10.5853 29.1204 6.46814C29.4038 5.83938 29.5368 5.12857 29.5035 4.38422C29.4022 2.12445 27.7819 0.317189 25.5829 0.0370233C22.8357 -0.312912 20.4973 1.86432 20.4973 4.59895C20.4973 5.19584 20.6062 5.7671 20.8115 6.28929C22.7863 11.31 23.2117 15.4036 23.2796 17.5351C23.3077 18.419 22.8057 19.2125 22.0219 19.5892C21.9999 19.5998 21.978 19.6104 21.9562 19.6212C21.1687 20.01 20.2406 19.9217 19.5806 19.3358C17.8015 17.7562 14.4785 14.4807 12.5671 10.5575C12.2668 9.94121 11.8059 9.3959 11.2193 8.95959C9.4356 7.63262 7.04863 7.78493 5.4589 9.34791C3.45317 11.32 3.65626 14.5622 5.75912 16.2739C6.28156 16.6992 6.86622 16.9947 7.47672 17.1412C11.7779 18.1734 15.5546 20.7301 17.405 22.1456C18.0968 22.6748 18.3791 23.5688 18.1836 24.4284C18.1785 24.4509 18.1735 24.4735 18.1686 24.4961C17.9809 25.3599 17.3395 26.0403 16.4879 26.2057C14.2279 26.6447 9.76967 27.2464 5.37869 26.3178C4.71301 26.177 4.00284 26.2017 3.29742 26.402C1.15778 27.0096 -0.204829 29.0318 0.0252425 31.2867C0.311237 34.0888 2.90587 35.9226 5.51253 35.3152C6.08264 35.1824 6.60713 34.9513 7.05713 34.6263C11.2753 31.5795 15.2102 30.2221 17.273 29.6688C18.1042 29.4458 18.9643 29.7814 19.4947 30.4718C19.5101 30.4918 19.5255 30.5118 19.5412 30.5316C20.0856 31.2249 20.2066 32.1641 19.7981 32.9487C18.7012 35.0562 16.3376 39.0611 12.9684 41.881C12.4465 42.3178 12.0276 42.8982 11.7414 43.5798C10.8712 45.652 11.5505 47.9942 13.3997 49.227C15.729 50.7799 18.7773 49.8557 19.9432 47.3837C20.2332 46.7691 20.3893 46.1216 20.3893 45.4814C20.3893 41.1352 22.0236 36.6994 22.9698 34.4954C23.3137 33.6943 24.0939 33.1964 24.9506 33.2071C25.0003 33.2077 25.0501 33.208 25.1 33.2077C25.9437 33.2034 26.7059 33.7107 27.0441 34.4998C27.9553 36.626 29.4957 40.8734 29.6206 45.527C29.6394 46.2262 29.8189 46.9332 30.1726 47.5951C31.2431 49.5983 33.4983 50.4903 35.6065 49.7314C38.1849 48.8031 39.3372 45.8348 38.1841 43.3913C37.9303 42.8536 37.5925 42.3836 37.1825 42.0077C33.2774 38.4272 31.1325 34.8537 30.1635 32.9437C29.7702 32.1683 29.9006 31.2417 30.4394 30.5635C30.4632 30.5336 30.4867 30.5034 30.5101 30.4731C31.0412 29.782 31.9028 29.446 32.7347 29.6705C34.7912 30.2255 38.7109 31.5834 42.95 34.6232C43.401 34.9467 43.9245 35.1791 44.4946 35.3119C46.9624 35.8865 49.419 34.2732 49.9162 31.7222C50.3669 29.4089 48.9558 27.0493 46.733 26.4054L46.7332 26.4052Z",
-    fill: "#59A588"
-  })));
-}
-var kluctl_logo_ForwardRef = /*#__PURE__*/react.forwardRef(SvgKluctlLogo);
-/* harmony default export */ var kluctl_logo = (__webpack_require__.p + "static/media/kluctl-logo.svg?h=7d059c061a18c3766a797697efc167ad38bfd4871a68abd35614a49684ea83cb");
-
-;// CONCATENATED MODULE: ./src/icons/search.svg
-var search_path, search_path2;
-var search_excluded = ["title", "titleId"];
-function search_extends() { search_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return search_extends.apply(this, arguments); }
-function search_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = search_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function search_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgSearch(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = search_objectWithoutProperties(_ref, search_excluded);
-  return /*#__PURE__*/react.createElement("svg", search_extends({
-    width: 27,
-    height: 27,
-    viewBox: "0 0 27 27",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, search_path || (search_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M12.9375 23.625C18.84 23.625 23.625 18.84 23.625 12.9375C23.625 7.03496 18.84 2.25 12.9375 2.25C7.03496 2.25 2.25 7.03496 2.25 12.9375C2.25 18.84 7.03496 23.625 12.9375 23.625Z",
-    fill: "#39403E"
-  })), search_path2 || (search_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M23.9624 24.75C23.7599 24.75 23.5574 24.6713 23.4111 24.525L21.3186 22.4325C21.0149 22.1288 21.0149 21.6338 21.3186 21.3188C21.6224 21.015 22.1174 21.015 22.4324 21.3188L24.5249 23.4113C24.8286 23.715 24.8286 24.21 24.5249 24.525C24.3674 24.6713 24.1649 24.75 23.9624 24.75Z",
-    fill: "#39403E"
-  })));
-}
-var search_ForwardRef = /*#__PURE__*/react.forwardRef(SvgSearch);
-/* harmony default export */ var search = (__webpack_require__.p + "static/media/search.svg?h=7e9ab6fee66c4ecdfb04a958152201a6c415cea8e98368f513f7e38bbcb59265");
-
-;// CONCATENATED MODULE: ./src/icons/targets.svg
-var _circle, targets_path, targets_path2, targets_path3;
-var targets_excluded = ["title", "titleId"];
-function targets_extends() { targets_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return targets_extends.apply(this, arguments); }
-function targets_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = targets_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function targets_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTargets(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = targets_objectWithoutProperties(_ref, targets_excluded);
-  return /*#__PURE__*/react.createElement("svg", targets_extends({
-    xmlns: "http://www.w3.org/2000/svg",
-    width: 48,
-    height: 48,
-    viewBox: "0 0 48 48",
-    fill: "none",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, _circle || (_circle = /*#__PURE__*/react.createElement("circle", {
-    cx: 24,
-    cy: 24,
-    r: 24,
-    fill: "#222222"
-  })), targets_path || (targets_path = /*#__PURE__*/react.createElement("path", {
-    d: "M14.9336 19.2H34.1336",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round"
-  })), targets_path2 || (targets_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.34,
-    d: "M14.9336 24.5334H34.1336",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round"
-  })), targets_path3 || (targets_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M14.9336 29.8667H34.1336",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round"
-  })));
-}
-var targets_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTargets);
-/* harmony default export */ var targets = (__webpack_require__.p + "static/media/targets.svg?h=a44bb94e204eb47bd105d1a987b6d514bb4b84d4e57c6597d7339a9dbc926224");
-
-;// CONCATENATED MODULE: ./src/icons/target.svg
-var _ellipse, target_path, target_path2;
-var target_excluded = ["title", "titleId"];
-function target_extends() { target_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return target_extends.apply(this, arguments); }
-function target_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = target_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function target_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTarget(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = target_objectWithoutProperties(_ref, target_excluded);
-  return /*#__PURE__*/react.createElement("svg", target_extends({
-    width: 45,
-    height: 45,
-    viewBox: "0 0 45 45",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, _ellipse || (_ellipse = /*#__PURE__*/react.createElement("ellipse", {
-    cx: 22.4911,
-    cy: 22.5,
-    rx: 22.4911,
-    ry: 22.5,
-    fill: "#39403E"
-  })), target_path || (target_path = /*#__PURE__*/react.createElement("path", {
-    d: "M32.9867 23V20C32.9867 15 30.9875 13 25.9895 13H19.9919C14.9938 13 12.9946 15 12.9946 20V26C12.9946 31 14.9938 33 19.9919 33H22.9907",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), target_path2 || (target_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M31.9473 28.84L30.3179 29.39C29.8681 29.54 29.5082 29.89 29.3583 30.35L28.8085 31.98C28.3387 33.39 26.3595 33.36 25.9196 31.95L24.0704 26C23.7105 24.82 24.8001 23.72 25.9696 24.09L31.9273 25.94C33.3267 26.38 33.3467 28.37 31.9473 28.84Z",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var target_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTarget);
-/* harmony default export */ var target = (__webpack_require__.p + "static/media/target.svg?h=49b4146149b8d455ad856589b7c88f795a8a43c6ddba7d0014be1550fb552723");
-
-;// CONCATENATED MODULE: ./src/icons/relation-hline.svg
-var relation_hline_path, relation_hline_circle, _circle2;
-var relation_hline_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
-function relation_hline_extends() { relation_hline_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return relation_hline_extends.apply(this, arguments); }
-function relation_hline_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = relation_hline_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function relation_hline_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgRelationHline(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = relation_hline_objectWithoutProperties(_ref, relation_hline_excluded);
-  return /*#__PURE__*/React.createElement("svg", relation_hline_extends({
-    width: 169,
-    height: 12,
-    viewBox: "0 0 169 12",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/React.createElement("title", {
-    id: titleId
-  }, title) : null, relation_hline_path || (relation_hline_path = /*#__PURE__*/React.createElement("path", {
-    d: "M6 6H163",
-    stroke: "#39403E",
-    strokeWidth: 2
-  })), relation_hline_circle || (relation_hline_circle = /*#__PURE__*/React.createElement("circle", {
-    cx: 6,
-    cy: 6,
-    r: 5,
-    fill: "#DFEBE9",
-    stroke: "#39403E",
-    strokeWidth: 2
-  })), _circle2 || (_circle2 = /*#__PURE__*/React.createElement("circle", {
-    cx: 163,
-    cy: 6,
-    r: 5,
-    fill: "#DFEBE9",
-    stroke: "#39403E",
-    strokeWidth: 2
-  })));
-}
-var relation_hline_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgRelationHline)));
-/* harmony default export */ var relation_hline = (__webpack_require__.p + "static/media/relation-hline.svg?h=d8e3ff7b79ea251ab37f8117527bd452a5ca962eb1ca21c6e7b8e285ee57468c");
-
-;// CONCATENATED MODULE: ./src/icons/project.svg
-var project_ellipse, project_path, project_path2;
-var project_excluded = ["title", "titleId"];
-function project_extends() { project_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return project_extends.apply(this, arguments); }
-function project_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = project_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function project_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgProject(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = project_objectWithoutProperties(_ref, project_excluded);
-  return /*#__PURE__*/react.createElement("svg", project_extends({
-    width: 45,
-    height: 45,
-    viewBox: "0 0 45 45",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, project_ellipse || (project_ellipse = /*#__PURE__*/react.createElement("ellipse", {
-    cx: 22.4911,
-    cy: 22.5,
-    rx: 22.4911,
-    ry: 22.5,
-    fill: "#39403E"
-  })), project_path || (project_path = /*#__PURE__*/react.createElement("path", {
-    d: "M19.9919 33H17.9927C13.9942 33 12.9946 32 12.9946 28V18C12.9946 14 13.9942 13 17.9927 13H19.4921C20.9915 13 21.3214 13.44 21.8911 14.2L23.3905 16.2C23.7704 16.7 23.9903 17 24.9899 17H27.9887C31.9871 17 32.9867 18 32.9867 22V24",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), project_path2 || (project_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M24.7501 29.32C22.401 29.49 22.401 32.89 24.7501 33.06H30.3079C30.9776 33.06 31.6374 32.81 32.1272 32.36C33.7765 30.92 32.8968 28.04 30.7277 27.77C29.948 23.08 23.1707 24.86 24.7701 29.33",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var project_ForwardRef = /*#__PURE__*/react.forwardRef(SvgProject);
-/* harmony default export */ var project = (__webpack_require__.p + "static/media/project.svg?h=44199fa94e808397355a59b736af8b3c2bf87f2f6a5205c31b415a873a4d4d8f");
-
-;// CONCATENATED MODULE: ./src/icons/cpu.svg
-var cpu_path, cpu_path2, cpu_path3, cpu_path4, cpu_path5, _path6, _path7, _path8, _path9, _path10, _path11, _path12, _path13, _path14;
-var cpu_excluded = ["title", "titleId"];
-function cpu_extends() { cpu_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return cpu_extends.apply(this, arguments); }
-function cpu_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = cpu_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function cpu_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgCpu(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = cpu_objectWithoutProperties(_ref, cpu_excluded);
-  return /*#__PURE__*/react.createElement("svg", cpu_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, cpu_path || (cpu_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M15 4H9C6.24 4 4 6.24 4 9V15C4 17.76 6.24 20 9 20H15C17.76 20 20 17.76 20 15V9C20 6.24 17.76 4 15 4ZM17.26 14.26C17.26 15.92 15.92 17.26 14.26 17.26H9.74C8.08 17.26 6.74 15.92 6.74 14.26V9.74C6.74 8.08 8.08 6.74 9.74 6.74H14.25C15.91 6.74 17.25 8.08 17.25 9.74V14.26H17.26Z",
-    fill: "#39403E"
-  })), cpu_path2 || (cpu_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M9.06006 2.75V4H9.00006C8.50006 4 8.02006 4.07 7.56006 4.21V2.75C7.56006 2.34 7.89006 2 8.31006 2C8.72006 2 9.06006 2.34 9.06006 2.75Z",
-    fill: "#39403E"
-  })), cpu_path3 || (cpu_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M12.75 2.75V4H11.25V2.75C11.25 2.34 11.59 2 12 2C12.41 2 12.75 2.34 12.75 2.75Z",
-    fill: "#39403E"
-  })), cpu_path4 || (cpu_path4 = /*#__PURE__*/react.createElement("path", {
-    d: "M16.4502 2.75V4.21C15.9902 4.07 15.5002 4 15.0002 4H14.9502V2.75C14.9502 2.34 15.2902 2 15.7002 2C16.1102 2 16.4502 2.34 16.4502 2.75Z",
-    fill: "#39403E"
-  })), cpu_path5 || (cpu_path5 = /*#__PURE__*/react.createElement("path", {
-    d: "M22 8.3C22 8.72 21.67 9.05 21.25 9.05H20V9C20 8.5 19.93 8.01 19.79 7.55H21.25C21.67 7.55 22 7.89 22 8.3Z",
-    fill: "#39403E"
-  })), _path6 || (_path6 = /*#__PURE__*/react.createElement("path", {
-    d: "M22 12C22 12.41 21.67 12.75 21.25 12.75H20V11.25H21.25C21.67 11.25 22 11.58 22 12Z",
-    fill: "#39403E"
-  })), _path7 || (_path7 = /*#__PURE__*/react.createElement("path", {
-    d: "M22 15.7C22 16.11 21.67 16.45 21.25 16.45H19.79C19.93 15.99 20 15.5 20 15V14.95H21.25C21.67 14.95 22 15.28 22 15.7Z",
-    fill: "#39403E"
-  })), _path8 || (_path8 = /*#__PURE__*/react.createElement("path", {
-    d: "M16.4502 19.79V21.25C16.4502 21.66 16.1102 22 15.7002 22C15.2902 22 14.9502 21.66 14.9502 21.25V20H15.0002C15.5002 20 15.9902 19.93 16.4502 19.79Z",
-    fill: "#39403E"
-  })), _path9 || (_path9 = /*#__PURE__*/react.createElement("path", {
-    d: "M12.7598 20V21.25C12.7598 21.66 12.4198 22 12.0098 22C11.5898 22 11.2598 21.66 11.2598 21.25V20H12.7598Z",
-    fill: "#39403E"
-  })), _path10 || (_path10 = /*#__PURE__*/react.createElement("path", {
-    d: "M9.06006 20V21.25C9.06006 21.66 8.72006 22 8.31006 22C7.89006 22 7.56006 21.66 7.56006 21.25V19.79C8.02006 19.93 8.50006 20 9.00006 20H9.06006Z",
-    fill: "#39403E"
-  })), _path11 || (_path11 = /*#__PURE__*/react.createElement("path", {
-    d: "M4.21 7.55C4.07 8.01 4 8.5 4 9V9.05H2.75C2.34 9.05 2 8.72 2 8.3C2 7.89 2.34 7.55 2.75 7.55H4.21Z",
-    fill: "#39403E"
-  })), _path12 || (_path12 = /*#__PURE__*/react.createElement("path", {
-    d: "M4 11.25V12.75H2.75C2.34 12.75 2 12.41 2 12C2 11.58 2.34 11.25 2.75 11.25H4Z",
-    fill: "#39403E"
-  })), _path13 || (_path13 = /*#__PURE__*/react.createElement("path", {
-    d: "M4.21 16.45H2.75C2.34 16.45 2 16.11 2 15.7C2 15.28 2.34 14.95 2.75 14.95H4V15C4 15.5 4.07 15.99 4.21 16.45Z",
-    fill: "#39403E"
-  })), _path14 || (_path14 = /*#__PURE__*/react.createElement("path", {
-    d: "M17.2602 9.74001V14.25C17.2602 15.91 15.9202 17.25 14.2602 17.25H9.74023C8.08023 17.25 6.74023 15.91 6.74023 14.25V9.74001C6.74023 8.08001 8.08023 6.74001 9.74023 6.74001H14.2502C15.9102 6.74001 17.2602 8.09001 17.2602 9.74001Z",
-    fill: "#39403E"
-  })));
-}
-var cpu_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCpu);
-/* harmony default export */ var cpu = (__webpack_require__.p + "static/media/cpu.svg?h=4f20d8f5d919bccd9f172faa8762929f37ddd85a6e458fe84b53e349a1d1a125");
-
-;// CONCATENATED MODULE: ./src/icons/finger-scan.svg
-var finger_scan_path, finger_scan_path2, finger_scan_path3, finger_scan_path4, finger_scan_path5, finger_scan_path6;
-var finger_scan_excluded = ["title", "titleId"];
-function finger_scan_extends() { finger_scan_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return finger_scan_extends.apply(this, arguments); }
-function finger_scan_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = finger_scan_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function finger_scan_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgFingerScan(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = finger_scan_objectWithoutProperties(_ref, finger_scan_excluded);
-  return /*#__PURE__*/react.createElement("svg", finger_scan_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, finger_scan_path || (finger_scan_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M12.0001 14.88C11.0901 14.88 10.3501 14.14 10.3501 13.23V10.76C10.3501 9.85001 11.0901 9.10999 12.0001 9.10999C12.9101 9.10999 13.6501 9.85001 13.6501 10.76V13.23C13.6501 14.14 12.9101 14.88 12.0001 14.88Z",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeLinecap: "round"
-  })), finger_scan_path2 || (finger_scan_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M16.98 13.47C16.78 16.05 14.62 18.07 12 18.07C9.24 18.07 7 15.83 7 13.07V10.93C7 8.16999 9.24 5.92999 12 5.92999C14.59 5.92999 16.72 7.89998 16.97 10.42",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeLinecap: "round"
-  })), finger_scan_path3 || (finger_scan_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M15 2H17C20 2 22 4 22 7V9",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), finger_scan_path4 || (finger_scan_path4 = /*#__PURE__*/react.createElement("path", {
-    d: "M2 9V7C2 4 4 2 7 2H9",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), finger_scan_path5 || (finger_scan_path5 = /*#__PURE__*/react.createElement("path", {
-    d: "M15 22H17C20 22 22 20 22 17V15",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), finger_scan_path6 || (finger_scan_path6 = /*#__PURE__*/react.createElement("path", {
-    d: "M2 15V17C2 20 4 22 7 22H9",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var finger_scan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFingerScan);
-/* harmony default export */ var finger_scan = (__webpack_require__.p + "static/media/finger-scan.svg?h=415c47592edb926869c3c59c6ef803d1faf7ab06b4d0110031222a21a61abc7f");
-
-;// CONCATENATED MODULE: ./src/icons/tree-view.svg
-var tree_view_path, tree_view_path2, tree_view_path3, tree_view_path4, tree_view_path5;
-var tree_view_excluded = ["title", "titleId"];
-function tree_view_extends() { tree_view_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return tree_view_extends.apply(this, arguments); }
-function tree_view_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = tree_view_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function tree_view_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTreeView(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = tree_view_objectWithoutProperties(_ref, tree_view_excluded);
-  return /*#__PURE__*/react.createElement("svg", tree_view_extends({
-    width: 26,
-    height: 26,
-    viewBox: "0 0 26 26",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, tree_view_path || (tree_view_path = /*#__PURE__*/react.createElement("path", {
-    d: "M7.58317 8.66666H4.33317C3.1415 8.66666 2.1665 7.69166 2.1665 6.5V4.33333C2.1665 3.14166 3.1415 2.16666 4.33317 2.16666H7.58317C8.77484 2.16666 9.74984 3.14166 9.74984 4.33333V6.5C9.74984 7.69166 8.77484 8.66666 7.58317 8.66666Z",
-    fill: "#59A588"
-  })), tree_view_path2 || (tree_view_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M22.5335 7.58333H18.6335C17.9185 7.58333 17.3335 6.99832 17.3335 6.28332V4.55001C17.3335 3.83501 17.9185 3.25 18.6335 3.25H22.5335C23.2485 3.25 23.8335 3.83501 23.8335 4.55001V6.28332C23.8335 6.99832 23.2485 7.58333 22.5335 7.58333Z",
-    fill: "#59A588"
-  })), tree_view_path3 || (tree_view_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M22.5335 15.7083H18.6335C17.9185 15.7083 17.3335 15.1233 17.3335 14.4083V12.675C17.3335 11.96 17.9185 11.375 18.6335 11.375H22.5335C23.2485 11.375 23.8335 11.96 23.8335 12.675V14.4083C23.8335 15.1233 23.2485 15.7083 22.5335 15.7083Z",
-    fill: "#59A588"
-  })), tree_view_path4 || (tree_view_path4 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.37,
-    d: "M17.3333 14.3542C17.7775 14.3542 18.1458 13.9858 18.1458 13.5417C18.1458 13.0975 17.7775 12.7292 17.3333 12.7292H14.3542V6.22916H17.3333C17.7775 6.22916 18.1458 5.86083 18.1458 5.41666C18.1458 4.9725 17.7775 4.60416 17.3333 4.60416H9.75C9.30583 4.60416 8.9375 4.9725 8.9375 5.41666C8.9375 5.86083 9.30583 6.22916 9.75 6.22916H12.7292V19.5C12.7292 21.1467 14.0617 22.4792 15.7083 22.4792H17.3333C17.7775 22.4792 18.1458 22.1108 18.1458 21.6667C18.1458 21.2225 17.7775 20.8542 17.3333 20.8542H15.7083C14.9608 20.8542 14.3542 20.2475 14.3542 19.5V14.3542H17.3333Z",
-    fill: "#59A588"
-  })), tree_view_path5 || (tree_view_path5 = /*#__PURE__*/react.createElement("path", {
-    d: "M22.5335 23.8333H18.6335C17.9185 23.8333 17.3335 23.2483 17.3335 22.5333V20.8C17.3335 20.085 17.9185 19.5 18.6335 19.5H22.5335C23.2485 19.5 23.8335 20.085 23.8335 20.8V22.5333C23.8335 23.2483 23.2485 23.8333 22.5335 23.8333Z",
-    fill: "#59A588"
-  })));
-}
-var tree_view_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTreeView);
-/* harmony default export */ var tree_view = (__webpack_require__.p + "static/media/tree-view.svg?h=9ef6fdcafc96d72a91f43a39e2cd00344b439cd3f3ff289363ad0a8baada77a6");
-
-;// CONCATENATED MODULE: ./src/icons/close.svg
-var close_path;
-var close_excluded = ["title", "titleId"];
-function close_extends() { close_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return close_extends.apply(this, arguments); }
-function close_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = close_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function close_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgClose(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = close_objectWithoutProperties(_ref, close_excluded);
-  return /*#__PURE__*/react.createElement("svg", close_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, close_path || (close_path = /*#__PURE__*/react.createElement("path", {
-    d: "M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z",
-    fill: "#DFEBE9"
-  })));
-}
-var close_ForwardRef = /*#__PURE__*/react.forwardRef(SvgClose);
-/* harmony default export */ var icons_close = (__webpack_require__.p + "static/media/close.svg?h=f8d9dcdf085e62ba04b182f66ef408c71c13691bd83ed431aac09c981b3b3a8d");
-
-;// CONCATENATED MODULE: ./src/icons/close-light.svg
-var close_light_path;
-var close_light_excluded = ["title", "titleId"];
-function close_light_extends() { close_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return close_light_extends.apply(this, arguments); }
-function close_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = close_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function close_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgCloseLight(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = close_light_objectWithoutProperties(_ref, close_light_excluded);
-  return /*#__PURE__*/react.createElement("svg", close_light_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, close_light_path || (close_light_path = /*#__PURE__*/react.createElement("path", {
-    d: "M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z",
-    fill: "#39403E"
-  })));
-}
-var close_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCloseLight);
-/* harmony default export */ var close_light = (__webpack_require__.p + "static/media/close-light.svg?h=19c3aa7cdc6bf35102d6f9437c6a0d4412e6e349c926b591122af8a8df11ee7e");
-
-;// CONCATENATED MODULE: ./src/icons/deploy.svg
-var deploy_circle, deploy_path, _g;
-var deploy_excluded = ["title", "titleId"];
-function deploy_extends() { deploy_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return deploy_extends.apply(this, arguments); }
-function deploy_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = deploy_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function deploy_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgDeploy(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = deploy_objectWithoutProperties(_ref, deploy_excluded);
-  return /*#__PURE__*/react.createElement("svg", deploy_extends({
-    width: 45,
-    height: 45,
-    viewBox: "0 0 45 45",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, deploy_circle || (deploy_circle = /*#__PURE__*/react.createElement("circle", {
-    cx: 22.5,
-    cy: 22.5,
-    r: 22.5,
-    fill: "#39403E"
-  })), deploy_path || (deploy_path = /*#__PURE__*/react.createElement("path", {
-    d: "M18.1237 22.3313C14.9512 22.5563 14.9624 27.1688 18.1237 27.3938H25.6275C26.5387 27.405 27.4162 27.0563 28.0912 26.4488C30.3187 24.5025 29.1262 20.5988 26.2012 20.2275C25.155 13.8825 15.9862 16.29 18.1575 22.3313",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), _g || (_g = /*#__PURE__*/react.createElement("g", {
-    opacity: 0.4
-  }, /*#__PURE__*/react.createElement("path", {
-    d: "M11.25 25.875C11.25 30.2287 14.7713 33.75 19.125 33.75L17.9438 31.7812",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }), /*#__PURE__*/react.createElement("path", {
-    d: "M33.75 19.125C33.75 14.7713 30.2287 11.25 25.875 11.25L27.0562 13.2188",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }))));
-}
-var deploy_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDeploy);
-/* harmony default export */ var deploy = (__webpack_require__.p + "static/media/deploy.svg?h=5ef5e7631c6b158f7ed8e25d00e145bb139937a3def2af691a45ee930a906bcc");
-
-;// CONCATENATED MODULE: ./src/icons/prune.svg
-var prune_circle, prune_path, prune_path2, prune_path3, prune_path4, prune_path5;
-var prune_excluded = ["title", "titleId"];
-function prune_extends() { prune_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return prune_extends.apply(this, arguments); }
-function prune_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = prune_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function prune_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgPrune(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = prune_objectWithoutProperties(_ref, prune_excluded);
-  return /*#__PURE__*/react.createElement("svg", prune_extends({
-    width: 45,
-    height: 45,
-    viewBox: "0 0 45 45",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, prune_circle || (prune_circle = /*#__PURE__*/react.createElement("circle", {
-    cx: 22.5,
-    cy: 22.5,
-    r: 22.5,
-    fill: "#39403E"
-  })), prune_path || (prune_path = /*#__PURE__*/react.createElement("path", {
-    d: "M32 15.98C28.67 15.65 25.32 15.48 21.98 15.48C20 15.48 18.02 15.58 16.04 15.78L14 15.98",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), prune_path2 || (prune_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.34,
-    d: "M19.5 14.97L19.72 13.66C19.88 12.71 20 12 21.69 12H24.31C26 12 26.13 12.75 26.28 13.67L26.5 14.97",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), prune_path3 || (prune_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M29.8499 19.14L29.1999 29.21C29.0899 30.78 28.9999 32 26.2099 32H19.7899C16.9999 32 16.9099 30.78 16.7999 29.21L16.1499 19.14",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), prune_path4 || (prune_path4 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.34,
-    d: "M21.3301 26.5H24.6601",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), prune_path5 || (prune_path5 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.34,
-    d: "M20.5 22.5H25.5",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var prune_ForwardRef = /*#__PURE__*/react.forwardRef(SvgPrune);
-/* harmony default export */ var prune = (__webpack_require__.p + "static/media/prune.svg?h=782022127a83a36b114977736d9e36c4101fce39ad822abee1a474eff352a604");
-
-;// CONCATENATED MODULE: ./src/icons/diff.svg
-var diff_circle, diff_g, diff_path;
-var diff_excluded = ["title", "titleId"];
-function diff_extends() { diff_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return diff_extends.apply(this, arguments); }
-function diff_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = diff_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function diff_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgDiff(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = diff_objectWithoutProperties(_ref, diff_excluded);
-  return /*#__PURE__*/react.createElement("svg", diff_extends({
-    width: 45,
-    height: 45,
-    viewBox: "0 0 45 45",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, diff_circle || (diff_circle = /*#__PURE__*/react.createElement("circle", {
-    cx: 22.5,
-    cy: 22.5,
-    r: 22.5,
-    fill: "#39403E"
-  })), diff_g || (diff_g = /*#__PURE__*/react.createElement("g", {
-    opacity: 0.4
-  }, /*#__PURE__*/react.createElement("path", {
-    d: "M19 22H27",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }), /*#__PURE__*/react.createElement("path", {
-    d: "M23 26V18",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }))), diff_path || (diff_path = /*#__PURE__*/react.createElement("path", {
-    d: "M20 32H26C31 32 33 30 33 25V19C33 14 31 12 26 12H20C15 12 13 14 13 19V25C13 30 15 32 20 32Z",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var diff_ForwardRef = /*#__PURE__*/react.forwardRef(SvgDiff);
-/* harmony default export */ var diff = (__webpack_require__.p + "static/media/diff.svg?h=e5b9cc64086c22cbd40424e67cf80f9696e32fe5640c5cedce8774233059b146");
-
-;// CONCATENATED MODULE: ./src/icons/warning.svg
-var warning_path, warning_path2, warning_path3;
-var warning_excluded = ["title", "titleId"];
-function warning_extends() { warning_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return warning_extends.apply(this, arguments); }
-function warning_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = warning_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function warning_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgWarning(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = warning_objectWithoutProperties(_ref, warning_excluded);
-  return /*#__PURE__*/react.createElement("svg", warning_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, warning_path || (warning_path = /*#__PURE__*/react.createElement("path", {
-    d: "M21.0802 8.58003V15.42C21.0802 16.54 20.4802 17.58 19.5102 18.15L13.5702 21.58C12.6002 22.14 11.4002 22.14 10.4202 21.58L4.48016 18.15C3.51016 17.59 2.91016 16.55 2.91016 15.42V8.58003C2.91016 7.46003 3.51016 6.41999 4.48016 5.84999L10.4202 2.42C11.3902 1.86 12.5902 1.86 13.5702 2.42L19.5102 5.84999C20.4802 6.41999 21.0802 7.45003 21.0802 8.58003Z",
-    fill: "#ed6c02"
-  })), warning_path2 || (warning_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M12 13.75C11.59 13.75 11.25 13.41 11.25 13V7.75C11.25 7.34 11.59 7 12 7C12.41 7 12.75 7.34 12.75 7.75V13C12.75 13.41 12.41 13.75 12 13.75Z",
-    fill: "#DFEBE9"
-  })), warning_path3 || (warning_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M12 17.25C11.87 17.25 11.74 17.22 11.62 17.17C11.49 17.12 11.39 17.05 11.29 16.96C11.2 16.86 11.13 16.75 11.07 16.63C11.02 16.51 11 16.38 11 16.25C11 15.99 11.1 15.73 11.29 15.54C11.39 15.45 11.49 15.38 11.62 15.33C11.99 15.17 12.43 15.26 12.71 15.54C12.8 15.64 12.87 15.74 12.92 15.87C12.97 15.99 13 16.12 13 16.25C13 16.38 12.97 16.51 12.92 16.63C12.87 16.75 12.8 16.86 12.71 16.96C12.52 17.15 12.27 17.25 12 17.25Z",
-    fill: "#DFEBE9"
-  })));
-}
-var warning_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarning);
-/* harmony default export */ var icons_warning = (__webpack_require__.p + "static/media/warning.svg?h=3f478d508e7172505f66b7dadbd81d0e156360ff8bc0de0d12ec851c42ac864f");
-
-;// CONCATENATED MODULE: ./src/icons/error.svg
-var error_path, error_path2;
-var error_excluded = ["title", "titleId"];
-function error_extends() { error_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return error_extends.apply(this, arguments); }
-function error_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = error_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function error_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgError(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = error_objectWithoutProperties(_ref, error_excluded);
-  return /*#__PURE__*/react.createElement("svg", error_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, error_path || (error_path = /*#__PURE__*/react.createElement("path", {
-    d: "M14.9 2H9.10001C8.42001 2 7.46 2.4 6.98 2.88L2.88 6.98001C2.4 7.46001 2 8.42001 2 9.10001V14.9C2 15.58 2.4 16.54 2.88 17.02L6.98 21.12C7.46 21.6 8.42001 22 9.10001 22H14.9C15.58 22 16.54 21.6 17.02 21.12L21.12 17.02C21.6 16.54 22 15.58 22 14.9V9.10001C22 8.42001 21.6 7.46001 21.12 6.98001L17.02 2.88C16.54 2.4 15.58 2 14.9 2Z",
-    fill: "#d32f2f"
-  })), error_path2 || (error_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M13.0599 12L16.0299 9.03C16.3199 8.74 16.3199 8.26 16.0299 7.97C15.7399 7.68 15.2599 7.68 14.9699 7.97L11.9999 10.94L9.02994 7.97C8.73994 7.68 8.25994 7.68 7.96994 7.97C7.67994 8.26 7.67994 8.74 7.96994 9.03L10.9399 12L7.96994 14.97C7.67994 15.26 7.67994 15.74 7.96994 16.03C8.11994 16.18 8.30994 16.25 8.49994 16.25C8.68994 16.25 8.87994 16.18 9.02994 16.03L11.9999 13.06L14.9699 16.03C15.1199 16.18 15.3099 16.25 15.4999 16.25C15.6899 16.25 15.8799 16.18 16.0299 16.03C16.3199 15.74 16.3199 15.26 16.0299 14.97L13.0599 12Z",
-    fill: "#DFEBE9"
-  })));
-}
-var error_ForwardRef = /*#__PURE__*/react.forwardRef(SvgError);
-/* harmony default export */ var error = (__webpack_require__.p + "static/media/error.svg?h=9a026f75493e261450266b437a9e4a5c1cb049ba2ee56efa107230a3d057c468");
-
-;// CONCATENATED MODULE: ./src/icons/trash.svg
-var trash_path, trash_path2, trash_path3, trash_path4;
-var trash_excluded = ["title", "titleId"];
-function trash_extends() { trash_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return trash_extends.apply(this, arguments); }
-function trash_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = trash_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function trash_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTrash(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = trash_objectWithoutProperties(_ref, trash_excluded);
-  return /*#__PURE__*/react.createElement("svg", trash_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, trash_path || (trash_path = /*#__PURE__*/react.createElement("path", {
-    d: "M21.0702 5.23C19.4602 5.07 17.8502 4.95 16.2302 4.86V4.85L16.0102 3.55C15.8602 2.63 15.6402 1.25 13.3002 1.25H10.6802C8.35016 1.25 8.13016 2.57 7.97016 3.54L7.76016 4.82C6.83016 4.88 5.90016 4.94 4.97016 5.03L2.93016 5.23C2.51016 5.27 2.21016 5.64 2.25016 6.05C2.29016 6.46 2.65016 6.76 3.07016 6.72L5.11016 6.52C10.3502 6 15.6302 6.2 20.9302 6.73C20.9602 6.73 20.9802 6.73 21.0102 6.73C21.3902 6.73 21.7202 6.44 21.7602 6.05C21.7902 5.64 21.4902 5.27 21.0702 5.23Z",
-    fill: "#39403E"
-  })), trash_path2 || (trash_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.3991,
-    d: "M19.2302 8.14C18.9902 7.89 18.6602 7.75 18.3202 7.75H5.68024C5.34024 7.75 5.00024 7.89 4.77024 8.14C4.54024 8.39 4.41024 8.73 4.43024 9.08L5.05024 19.34C5.16024 20.86 5.30024 22.76 8.79024 22.76H15.2102C18.7002 22.76 18.8402 20.87 18.9502 19.34L19.5702 9.09C19.5902 8.73 19.4602 8.39 19.2302 8.14Z",
-    fill: "#39403E"
-  })), trash_path3 || (trash_path3 = /*#__PURE__*/react.createElement("path", {
-    fillRule: "evenodd",
-    clipRule: "evenodd",
-    d: "M9.58008 17C9.58008 16.5858 9.91586 16.25 10.3301 16.25H13.6601C14.0743 16.25 14.4101 16.5858 14.4101 17C14.4101 17.4142 14.0743 17.75 13.6601 17.75H10.3301C9.91586 17.75 9.58008 17.4142 9.58008 17Z",
-    fill: "#39403E"
-  })), trash_path4 || (trash_path4 = /*#__PURE__*/react.createElement("path", {
-    fillRule: "evenodd",
-    clipRule: "evenodd",
-    d: "M8.75 13C8.75 12.5858 9.08579 12.25 9.5 12.25H14.5C14.9142 12.25 15.25 12.5858 15.25 13C15.25 13.4142 14.9142 13.75 14.5 13.75H9.5C9.08579 13.75 8.75 13.4142 8.75 13Z",
-    fill: "#39403E"
-  })));
-}
-var trash_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTrash);
-/* harmony default export */ var trash = (__webpack_require__.p + "static/media/trash.svg?h=414c070724e5b79d4382fb146751a613df58166e88df2baa42fffa71aee32f8a");
-
-;// CONCATENATED MODULE: ./src/icons/orphan.svg
-var orphan_path, orphan_path2, orphan_path3, orphan_path4;
-var orphan_excluded = ["title", "titleId"];
-function orphan_extends() { orphan_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return orphan_extends.apply(this, arguments); }
-function orphan_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = orphan_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function orphan_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgOrphan(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = orphan_objectWithoutProperties(_ref, orphan_excluded);
-  return /*#__PURE__*/react.createElement("svg", orphan_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, orphan_path || (orphan_path = /*#__PURE__*/react.createElement("path", {
-    d: "M3.13 16.7114C3.28 16.8614 3.47 16.9314 3.66 16.9314C3.85 16.9314 4.03999 16.8614 4.17999 16.7214C4.46999 16.4314 4.46999 15.9514 4.17999 15.6614C3.08999 14.5714 2.49001 13.1214 2.49001 11.5914C2.49001 8.41143 5.07001 5.82141 8.24001 5.82141L16.19 5.84143C16.5 5.84143 16.78 5.6514 16.89 5.3714C17 5.0914 17 4.5 16.19 4.3114H8.25C4.25 4.3114 1 7.57142 1 11.5814C1 13.5114 1.76 15.3314 3.13 16.7114Z",
-    fill: "#39403E"
-  })), orphan_path2 || (orphan_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M7.30984 19.1613H9.18985L15.2598 19.1814C19.2598 19.1814 22.5098 15.9213 22.5098 11.9113C22.5098 9.98135 21.7498 8.1614 20.3798 6.7814C20.0898 6.4914 19.6099 6.4914 19.3199 6.7814C19.0299 7.0714 19.0299 7.5514 19.3199 7.8414C20.4099 8.9314 21.0098 10.3813 21.0098 11.9113C21.0098 15.0913 18.4298 17.6814 15.2598 17.6814L7.30984 17.6613C6.99984 17.6613 6.71984 17.8514 6.60984 18.1314C6.49984 18.4114 6.49994 18.9999 7.30984 19.1613Z",
-    fill: "#39403E"
-  })), orphan_path3 || (orphan_path3 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M8.5 15H14.5C16.43 15 18 13.6457 18 12C18 10.3543 16.43 9 14.5 9H8.5C6.57 9 5 10.3543 5 12C5 13.6457 6.57 15 8.5 15Z",
-    fill: "#39403E"
-  })), orphan_path4 || (orphan_path4 = /*#__PURE__*/react.createElement("path", {
-    d: "M21 3L3 20",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var orphan_ForwardRef = /*#__PURE__*/react.forwardRef(SvgOrphan);
-/* harmony default export */ var orphan = (__webpack_require__.p + "static/media/orphan.svg?h=75637a27d6cf40bee4022eff91c852ecca4f0bcc7c8c78bf3cd02cd76a5fba66");
-
-;// CONCATENATED MODULE: ./src/icons/added.svg
-var added_path, added_path2;
-var added_excluded = ["title", "titleId"];
-function added_extends() { added_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return added_extends.apply(this, arguments); }
-function added_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = added_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function added_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgAdded(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = added_objectWithoutProperties(_ref, added_excluded);
-  return /*#__PURE__*/react.createElement("svg", added_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, added_path || (added_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M21.74 9.44H2V6.42C2 3.98 3.98 2 6.42 2H8.75C10.38 2 10.89 2.53 11.54 3.4L12.94 5.26C13.25 5.67 13.29 5.73 13.87 5.73H16.66C19.03 5.72 21.05 7.28 21.74 9.44Z",
-    fill: "#39403E"
-  })), added_path2 || (added_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M21.99 10.84C21.97 10.35 21.89 9.89 21.74 9.44H2V16.65C2 19.6 4.4 22 7.35 22H16.65C19.6 22 22 19.6 22 16.65V11.07C22 11 22 10.91 21.99 10.84ZM14.5 16.25H12.81V18C12.81 18.41 12.47 18.75 12.06 18.75C11.65 18.75 11.31 18.41 11.31 18V16.25H9.5C9.09 16.25 8.75 15.91 8.75 15.5C8.75 15.09 9.09 14.75 9.5 14.75H11.31V13C11.31 12.59 11.65 12.25 12.06 12.25C12.47 12.25 12.81 12.59 12.81 13V14.75H14.5C14.91 14.75 15.25 15.09 15.25 15.5C15.25 15.91 14.91 16.25 14.5 16.25Z",
-    fill: "#39403E"
-  })));
-}
-var added_ForwardRef = /*#__PURE__*/react.forwardRef(SvgAdded);
-/* harmony default export */ var added = (__webpack_require__.p + "static/media/added.svg?h=af4dd83591778905da5dcbc1833893ff89a96495158cab04e1b7b415284b0388");
-
-;// CONCATENATED MODULE: ./src/icons/changed.svg
-var changed_path, changed_path2, changed_path3;
-var changed_excluded = ["title", "titleId"];
-function changed_extends() { changed_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return changed_extends.apply(this, arguments); }
-function changed_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = changed_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function changed_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgChanged(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = changed_objectWithoutProperties(_ref, changed_excluded);
-  return /*#__PURE__*/react.createElement("svg", changed_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, changed_path || (changed_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M18.5698 22H13.9998C11.7098 22 10.5698 20.86 10.5698 18.57V11.43C10.5698 9.14 11.7098 8 13.9998 8H18.5698C20.8598 8 21.9998 9.14 21.9998 11.43V18.57C21.9998 20.86 20.8598 22 18.5698 22Z",
-    fill: "#39403E"
-  })), changed_path2 || (changed_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M13.43 5.43V6.77C10.81 6.98 9.32 8.66 9.32 11.43V16H5.43C3.14 16 2 14.86 2 12.57V5.43C2 3.14 3.14 2 5.43 2H10C12.29 2 13.43 3.14 13.43 5.43Z",
-    fill: "#39403E"
-  })), changed_path3 || (changed_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M18.1301 14.25H17.2501V13.37C17.2501 12.96 16.9101 12.62 16.5001 12.62C16.0901 12.62 15.7501 12.96 15.7501 13.37V14.25H14.8701C14.4601 14.25 14.1201 14.59 14.1201 15C14.1201 15.41 14.4601 15.75 14.8701 15.75H15.7501V16.63C15.7501 17.04 16.0901 17.38 16.5001 17.38C16.9101 17.38 17.2501 17.04 17.2501 16.63V15.75H18.1301C18.5401 15.75 18.8801 15.41 18.8801 15C18.8801 14.59 18.5401 14.25 18.1301 14.25Z",
-    fill: "#39403E"
-  })));
-}
-var changed_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanged);
-/* harmony default export */ var changed = (__webpack_require__.p + "static/media/changed.svg?h=a30883ccb8a4cd3e6416232dd4032ffd8e66e0ffee0111be7c7a98268a4a1605");
-
-;// CONCATENATED MODULE: ./src/icons/checkbox.svg
-var _rect;
-var checkbox_excluded = ["title", "titleId"];
-function checkbox_extends() { checkbox_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_extends.apply(this, arguments); }
-function checkbox_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function checkbox_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgCheckbox(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = checkbox_objectWithoutProperties(_ref, checkbox_excluded);
-  return /*#__PURE__*/react.createElement("svg", checkbox_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, _rect || (_rect = /*#__PURE__*/react.createElement("rect", {
-    opacity: 0.8,
-    x: 3,
-    y: 3.5,
-    width: 18,
-    height: 18,
-    rx: 3,
-    stroke: "#222222",
-    strokeWidth: 2
-  })));
-}
-var checkbox_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckbox);
-/* harmony default export */ var icons_checkbox = (__webpack_require__.p + "static/media/checkbox.svg?h=0303869c42d1b682ecbb742cc0854c5638754d1330c39b80b6be07d82fd4fcea");
-
-;// CONCATENATED MODULE: ./src/icons/checkbox-checked.svg
-var checkbox_checked_rect, checkbox_checked_path, _rect2;
-var checkbox_checked_excluded = ["title", "titleId"];
-function checkbox_checked_extends() { checkbox_checked_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_checked_extends.apply(this, arguments); }
-function checkbox_checked_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_checked_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function checkbox_checked_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgCheckboxChecked(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = checkbox_checked_objectWithoutProperties(_ref, checkbox_checked_excluded);
-  return /*#__PURE__*/react.createElement("svg", checkbox_checked_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, checkbox_checked_rect || (checkbox_checked_rect = /*#__PURE__*/react.createElement("rect", {
-    x: 3,
-    y: 3,
-    width: 18,
-    height: 18,
-    rx: 5,
-    fill: "#001628"
-  })), checkbox_checked_path || (checkbox_checked_path = /*#__PURE__*/react.createElement("path", {
-    d: "M9.70711 11.2929C9.31658 10.9024 8.68342 10.9024 8.29289 11.2929C7.90237 11.6834 7.90237 12.3166 8.29289 12.7071L10.2929 14.7071C10.6834 15.0976 11.3166 15.0976 11.7071 14.7071L15.7071 10.7071C16.0976 10.3166 16.0976 9.68342 15.7071 9.29289C15.3166 8.90237 14.6834 8.90237 14.2929 9.29289L11 12.5858L9.70711 11.2929Z",
-    fill: "#DFEBE9"
-  })), _rect2 || (_rect2 = /*#__PURE__*/react.createElement("rect", {
-    x: 3,
-    y: 3,
-    width: 18,
-    height: 18,
-    rx: 5,
-    stroke: "#001628",
-    strokeWidth: 2
-  })));
-}
-var checkbox_checked_ForwardRef = /*#__PURE__*/react.forwardRef(SvgCheckboxChecked);
-/* harmony default export */ var checkbox_checked = (__webpack_require__.p + "static/media/checkbox-checked.svg?h=92ab4f2e6bfa34dbb548604d6ad1ae00f19076060aacd9c2a2c6ca31f469079c");
-
-;// CONCATENATED MODULE: ./src/icons/checkbox-disabled.svg
-var checkbox_disabled_rect, checkbox_disabled_rect2;
-var checkbox_disabled_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
-function checkbox_disabled_extends() { checkbox_disabled_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return checkbox_disabled_extends.apply(this, arguments); }
-function checkbox_disabled_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = checkbox_disabled_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function checkbox_disabled_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgCheckboxDisabled(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = checkbox_disabled_objectWithoutProperties(_ref, checkbox_disabled_excluded);
-  return /*#__PURE__*/React.createElement("svg", checkbox_disabled_extends({
-    width: 24,
-    height: 24,
-    viewBox: "0 0 24 24",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/React.createElement("title", {
-    id: titleId
-  }, title) : null, checkbox_disabled_rect || (checkbox_disabled_rect = /*#__PURE__*/React.createElement("rect", {
-    x: 2,
-    y: 2,
-    width: 20,
-    height: 20,
-    rx: 6,
-    fill: "black",
-    fillOpacity: 0.08
-  })), checkbox_disabled_rect2 || (checkbox_disabled_rect2 = /*#__PURE__*/React.createElement("rect", {
-    x: 3,
-    y: 3,
-    width: 18,
-    height: 18,
-    rx: 5,
-    stroke: "black",
-    strokeOpacity: 0.16,
-    strokeWidth: 2
-  })));
-}
-var checkbox_disabled_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgCheckboxDisabled)));
-/* harmony default export */ var checkbox_disabled = (__webpack_require__.p + "static/media/checkbox-disabled.svg?h=94fbeaf8068db2fddb43810b7f56cf4271d719f30f0ea327108e57af9d275856");
-
-;// CONCATENATED MODULE: ./src/icons/arrow-left.svg
-var arrow_left_path, arrow_left_path2;
-var arrow_left_excluded = ["title", "titleId"];
-function arrow_left_extends() { arrow_left_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return arrow_left_extends.apply(this, arguments); }
-function arrow_left_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = arrow_left_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function arrow_left_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgArrowLeft(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = arrow_left_objectWithoutProperties(_ref, arrow_left_excluded);
-  return /*#__PURE__*/react.createElement("svg", arrow_left_extends({
-    width: 40,
-    height: 40,
-    viewBox: "0 0 40 40",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, arrow_left_path || (arrow_left_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M20.0002 36.6666C29.2049 36.6666 36.6668 29.2047 36.6668 19.9999C36.6668 10.7952 29.2049 3.33325 20.0002 3.33325C10.7954 3.33325 3.3335 10.7952 3.3335 19.9999C3.3335 29.2047 10.7954 36.6666 20.0002 36.6666Z",
-    fill: "#222222"
-  })), arrow_left_path2 || (arrow_left_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M25.8334 18.75L17.1834 18.75L20.0501 15.8833C20.5334 15.4 20.5334 14.6 20.0501 14.1167C19.5667 13.6333 18.7667 13.6333 18.2834 14.1167L13.2834 19.1166C12.8001 19.6 12.8001 20.4 13.2834 20.8833L18.2834 25.8833C18.5334 26.1333 18.8501 26.25 19.1667 26.25C19.4834 26.25 19.8001 26.1333 20.0501 25.8833C20.5334 25.4 20.5334 24.6 20.0501 24.1166L17.1834 21.25L25.8334 21.25C26.5167 21.25 27.0834 20.6833 27.0834 20C27.0834 19.3166 26.5167 18.75 25.8334 18.75Z",
-    fill: "#222222"
-  })));
-}
-var arrow_left_ForwardRef = /*#__PURE__*/react.forwardRef(SvgArrowLeft);
-/* harmony default export */ var arrow_left = (__webpack_require__.p + "static/media/arrow-left.svg?h=183e112934d3d7e04d2e2fe78ee2f47a7f04210313c736747ee3370f4656f22f");
-
-;// CONCATENATED MODULE: ./src/icons/warning-sign.svg
-var warning_sign_path, warning_sign_path2, warning_sign_path3;
-var warning_sign_excluded = ["title", "titleId"];
-function warning_sign_extends() { warning_sign_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return warning_sign_extends.apply(this, arguments); }
-function warning_sign_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = warning_sign_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function warning_sign_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgWarningSign(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = warning_sign_objectWithoutProperties(_ref, warning_sign_excluded);
-  return /*#__PURE__*/react.createElement("svg", warning_sign_extends({
-    width: 21,
-    height: 21,
-    viewBox: "0 0 21 21",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, warning_sign_path || (warning_sign_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M19.0402 13.93L13.4402 3.85C12.6877 2.49375 11.6464 1.75 10.5002 1.75C9.35391 1.75 8.31266 2.49375 7.56016 3.85L1.96016 13.93C1.25141 15.2162 1.17266 16.45 1.74141 17.4212C2.31016 18.3925 3.43016 18.9262 4.90016 18.9262H16.1002C17.5702 18.9262 18.6902 18.3925 19.2589 17.4212C19.8277 16.45 19.7489 15.2075 19.0402 13.93Z",
-    fill: "#222222"
-  })), warning_sign_path2 || (warning_sign_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M10.5 12.9062C10.1413 12.9062 9.84375 12.6087 9.84375 12.25V7.875C9.84375 7.51625 10.1413 7.21875 10.5 7.21875C10.8587 7.21875 11.1562 7.51625 11.1562 7.875V12.25C11.1562 12.6087 10.8587 12.9062 10.5 12.9062Z",
-    fill: "#222222"
-  })), warning_sign_path3 || (warning_sign_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M10.5 15.75C10.4475 15.75 10.3863 15.7412 10.325 15.7325C10.2725 15.7237 10.22 15.7062 10.1675 15.68C10.115 15.6625 10.0625 15.6362 10.01 15.6012C9.96625 15.5662 9.9225 15.5312 9.87875 15.4962C9.72125 15.33 9.625 15.1025 9.625 14.875C9.625 14.6475 9.72125 14.42 9.87875 14.2537C9.9225 14.2187 9.96625 14.1837 10.01 14.1487C10.0625 14.1137 10.115 14.0875 10.1675 14.07C10.22 14.0437 10.2725 14.0262 10.325 14.0175C10.4388 13.9912 10.5612 13.9912 10.6662 14.0175C10.7275 14.0262 10.78 14.0437 10.8325 14.07C10.885 14.0875 10.9375 14.1137 10.99 14.1487C11.0338 14.1837 11.0775 14.2187 11.1213 14.2537C11.2788 14.42 11.375 14.6475 11.375 14.875C11.375 15.1025 11.2788 15.33 11.1213 15.4962C11.0775 15.5312 11.0338 15.5662 10.99 15.6012C10.9375 15.6362 10.885 15.6625 10.8325 15.68C10.78 15.7062 10.7275 15.7237 10.6662 15.7325C10.6137 15.7412 10.5525 15.75 10.5 15.75Z",
-    fill: "#222222"
-  })));
-}
-var warning_sign_ForwardRef = /*#__PURE__*/react.forwardRef(SvgWarningSign);
-/* harmony default export */ var warning_sign = (__webpack_require__.p + "static/media/warning-sign.svg?h=6512b04406700d29462a623eb41ae95760073332a6f28960317702dd61d21144");
-
-;// CONCATENATED MODULE: ./src/icons/changes.svg
-var changes_path, changes_path2, changes_path3;
-var changes_excluded = ["title", "titleId"];
-function changes_extends() { changes_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return changes_extends.apply(this, arguments); }
-function changes_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = changes_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function changes_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgChanges(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = changes_objectWithoutProperties(_ref, changes_excluded);
-  return /*#__PURE__*/react.createElement("svg", changes_extends({
-    width: 21,
-    height: 21,
-    viewBox: "0 0 21 21",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, changes_path || (changes_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M18.375 19.25H2.625C2.26625 19.25 1.96875 18.9525 1.96875 18.5938C1.96875 18.235 2.26625 17.9375 2.625 17.9375H18.375C18.7337 17.9375 19.0312 18.235 19.0312 18.5938C19.0312 18.9525 18.7337 19.25 18.375 19.25Z",
-    fill: "#222222"
-  })), changes_path2 || (changes_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M16.6423 3.04495C14.9448 1.34745 13.2823 1.3037 11.541 3.04495L10.4823 4.1037C10.3948 4.1912 10.3598 4.3312 10.3948 4.4537C11.0598 6.77245 12.9148 8.62745 15.2335 9.29245C15.2685 9.3012 15.3035 9.30995 15.3385 9.30995C15.4348 9.30995 15.5223 9.27495 15.5923 9.20496L16.6423 8.1462C17.5085 7.2887 17.9285 6.45745 17.9285 5.61745C17.9373 4.7512 17.5173 3.9112 16.6423 3.04495Z",
-    fill: "#222222"
-  })), changes_path3 || (changes_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M13.6588 10.0887C13.405 9.9662 13.16 9.8437 12.9238 9.7037C12.7313 9.58995 12.5475 9.46745 12.3638 9.3362C12.215 9.23995 12.04 9.09995 11.8738 8.95995C11.8563 8.9512 11.795 8.8987 11.725 8.8287C11.4363 8.5837 11.1125 8.2687 10.8238 7.9187C10.7975 7.9012 10.7538 7.83995 10.6925 7.7612C10.605 7.6562 10.4563 7.4812 10.325 7.27995C10.22 7.1487 10.0975 6.9562 9.98378 6.7637C9.84378 6.52745 9.72129 6.2912 9.59879 6.0462C9.47629 5.7837 9.38003 5.52995 9.29253 5.2937L3.79753 10.7887C3.68378 10.9025 3.57878 11.1212 3.55253 11.27L3.08003 14.6212C2.99253 15.2162 3.15878 15.7762 3.52628 16.1524C3.84129 16.4587 4.27878 16.625 4.75128 16.625C4.85628 16.625 4.96128 16.6162 5.06628 16.5987L8.42629 16.1262C8.58379 16.1 8.80254 15.995 8.90754 15.8812L14.4025 10.3862C14.1575 10.2987 13.9213 10.2025 13.6588 10.0887Z",
-    fill: "#222222"
-  })));
-}
-var changes_ForwardRef = /*#__PURE__*/react.forwardRef(SvgChanges);
-/* harmony default export */ var changes = (__webpack_require__.p + "static/media/changes.svg?h=8a3b67f711bfd0e1b818331d3204b053b1d8225655238c5e585e5d8fbfbb70d0");
-
-;// CONCATENATED MODULE: ./src/icons/star.svg
-var star_path, star_path2;
-var star_excluded = ["title", "titleId"];
-function star_extends() { star_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return star_extends.apply(this, arguments); }
-function star_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = star_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function star_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgStar(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = star_objectWithoutProperties(_ref, star_excluded);
-  return /*#__PURE__*/react.createElement("svg", star_extends({
-    width: 21,
-    height: 21,
-    viewBox: "0 0 21 21",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, star_path || (star_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M5.02268 14C5.11893 13.5712 4.94393 12.9587 4.63768 12.6525L2.51143 10.5262C1.84643 9.86125 1.58393 9.1525 1.77643 8.54C1.97768 7.9275 2.59893 7.5075 3.52643 7.35L6.25643 6.895C6.65018 6.825 7.13143 6.475 7.31518 6.11625L8.82018 3.0975C9.25768 2.23125 9.85268 1.75 10.5002 1.75C11.1477 1.75 11.7427 2.23125 12.1802 3.0975L13.6852 6.11625C13.7989 6.34375 14.0352 6.5625 14.2889 6.71125L4.86518 16.135C4.74268 16.2575 4.53268 16.1437 4.56768 15.9687L5.02268 14Z",
-    fill: "#222222"
-  })), star_path2 || (star_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M16.3627 12.6524C16.0477 12.9674 15.8727 13.5712 15.9777 13.9999L16.5814 16.6337C16.8352 17.7274 16.6777 18.5499 16.1352 18.9437C15.9164 19.1012 15.6539 19.1799 15.3477 19.1799C14.9014 19.1799 14.3764 19.0137 13.7989 18.6724L11.2352 17.1499C10.8327 16.9137 10.1677 16.9137 9.76519 17.1499L7.20144 18.6724C6.23019 19.2412 5.39895 19.3374 4.8652 18.9437C4.66395 18.7949 4.5152 18.5937 4.41895 18.3312L15.0589 7.69116C15.4614 7.28866 16.0302 7.10491 16.5814 7.20116L17.4652 7.34991C18.3927 7.50741 19.0139 7.92741 19.2152 8.53991C19.4077 9.15241 19.1452 9.86116 18.4802 10.5262L16.3627 12.6524Z",
-    fill: "#222222"
-  })));
-}
-var star_ForwardRef = /*#__PURE__*/react.forwardRef(SvgStar);
-/* harmony default export */ var star = (__webpack_require__.p + "static/media/star.svg?h=2301326ebc4d30ade3aee8dc4d89c3cdeb89fa6fe5a86f088d6437b193a02f7e");
-
-;// CONCATENATED MODULE: ./src/icons/triangle-down.svg
-var triangle_down_path, triangle_down_path2;
-var triangle_down_excluded = ["title", "titleId"];
-function triangle_down_extends() { triangle_down_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_down_extends.apply(this, arguments); }
-function triangle_down_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_down_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function triangle_down_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTriangleDown(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = triangle_down_objectWithoutProperties(_ref, triangle_down_excluded);
-  return /*#__PURE__*/react.createElement("svg", triangle_down_extends({
-    width: 50,
-    height: 50,
-    viewBox: "0 0 50 50",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, triangle_down_path || (triangle_down_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z",
-    fill: "#39403E"
-  })), triangle_down_path2 || (triangle_down_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z",
-    fill: "#39403E"
-  })));
-}
-var triangle_down_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleDown);
-/* harmony default export */ var triangle_down = (__webpack_require__.p + "static/media/triangle-down.svg?h=b3825504f7a87e2008f015a505eae34a4d4b3de056523b32aef0f3ee97dddc48");
-
-;// CONCATENATED MODULE: ./src/icons/triangle-left-light.svg
-var triangle_left_light_path, triangle_left_light_path2;
-var triangle_left_light_excluded = ["title", "titleId"];
-function triangle_left_light_extends() { triangle_left_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_left_light_extends.apply(this, arguments); }
-function triangle_left_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_left_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function triangle_left_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTriangleLeftLight(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = triangle_left_light_objectWithoutProperties(_ref, triangle_left_light_excluded);
-  return /*#__PURE__*/react.createElement("svg", triangle_left_light_extends({
-    width: 50,
-    height: 50,
-    viewBox: "0 0 50 50",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, triangle_left_light_path || (triangle_left_light_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M22.4377 32.25L32.9585 24.3542V12.6667C32.9585 10.6667 30.5418 9.66667 29.1252 11.0833L18.3335 21.875C16.6043 23.6042 16.6043 26.4167 18.3335 28.1458L22.4377 32.25Z",
-    fill: "#DFEBE9"
-  })), triangle_left_light_path2 || (triangle_left_light_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M32.4585 25.3546V37.3333C32.4585 38.8863 30.5801 39.6671 29.4773 38.5826C29.4769 38.5822 29.4765 38.5817 29.4761 38.5813L23.1987 32.304L32.4585 25.3546Z",
-    fill: "#DFEBE9",
-    stroke: "#DFEBE9"
-  })));
-}
-var triangle_left_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleLeftLight);
-/* harmony default export */ var triangle_left_light = (__webpack_require__.p + "static/media/triangle-left-light.svg?h=df35ecb761287084bb4d0cbc4ffbfe1fc2a293d207e6290abd825463f189aba0");
-
-;// CONCATENATED MODULE: ./src/icons/triangle-right-light.svg
-var triangle_right_light_path, triangle_right_light_path2;
-var triangle_right_light_excluded = ["title", "titleId"];
-function triangle_right_light_extends() { triangle_right_light_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_right_light_extends.apply(this, arguments); }
-function triangle_right_light_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_right_light_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function triangle_right_light_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTriangleRightLight(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = triangle_right_light_objectWithoutProperties(_ref, triangle_right_light_excluded);
-  return /*#__PURE__*/react.createElement("svg", triangle_right_light_extends({
-    width: 50,
-    height: 50,
-    viewBox: "0 0 50 50",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, triangle_right_light_path || (triangle_right_light_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M27.5623 17.75L17.0415 25.6458V37.3333C17.0415 39.3333 19.4582 40.3333 20.8748 38.9167L31.6665 28.125C33.3957 26.3958 33.3957 23.5833 31.6665 21.8542L27.5623 17.75Z",
-    fill: "#DFEBE9"
-  })), triangle_right_light_path2 || (triangle_right_light_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M17.0415 12.6667V25.6458L27.5623 17.75L20.8748 11.0625C19.4582 9.66667 17.0415 10.6667 17.0415 12.6667Z",
-    fill: "#DFEBE9"
-  })));
-}
-var triangle_right_light_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRightLight);
-/* harmony default export */ var triangle_right_light = (__webpack_require__.p + "static/media/triangle-right-light.svg?h=669c6e13b5b122615e60e89ab2b01dc4073f13c891c0affdc26c7c92c7e187d9");
-
-;// CONCATENATED MODULE: ./src/icons/triangle-right.svg
-var triangle_right_path, triangle_right_path2;
-var triangle_right_excluded = ["title", "titleId"];
-function triangle_right_extends() { triangle_right_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return triangle_right_extends.apply(this, arguments); }
-function triangle_right_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = triangle_right_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function triangle_right_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgTriangleRight(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = triangle_right_objectWithoutProperties(_ref, triangle_right_excluded);
-  return /*#__PURE__*/react.createElement("svg", triangle_right_extends({
-    width: 50,
-    height: 50,
-    viewBox: "0 0 50 50",
-    fill: "none",
-    transform: "rotate(-90)",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, triangle_right_path || (triangle_right_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z",
-    fill: "#39403E"
-  })), triangle_right_path2 || (triangle_right_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z",
-    fill: "#39403E"
-  })));
-}
-var triangle_right_ForwardRef = /*#__PURE__*/react.forwardRef(SvgTriangleRight);
-/* harmony default export */ var triangle_right = (__webpack_require__.p + "static/media/triangle-right.svg?h=4e2adfe1227483c7faec85cc2dd2c47b720b45484b561af3f1dc9cb71a0c76e3");
-
-;// CONCATENATED MODULE: ./src/icons/brackets-curly.svg
-var brackets_curly_path;
-var brackets_curly_excluded = ["title", "titleId"];
-function brackets_curly_extends() { brackets_curly_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return brackets_curly_extends.apply(this, arguments); }
-function brackets_curly_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = brackets_curly_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function brackets_curly_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgBracketsCurly(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = brackets_curly_objectWithoutProperties(_ref, brackets_curly_excluded);
-  return /*#__PURE__*/react.createElement("svg", brackets_curly_extends({
-    width: 22,
-    height: 18,
-    viewBox: "0 0 22 18",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, brackets_curly_path || (brackets_curly_path = /*#__PURE__*/react.createElement("path", {
-    d: "M5.23739 16.24C4.78139 16.24 4.38539 16.156 4.04939 15.988C3.72539 15.82 3.47939 15.568 3.31139 15.232C3.14339 14.908 3.05939 14.518 3.05939 14.062V10.57C3.05939 10.078 2.96939 9.724 2.78939 9.508C2.62139 9.28 2.30939 9.16 1.85339 9.148C1.62539 9.136 1.44539 9.046 1.31339 8.878C1.18139 8.71 1.11539 8.506 1.11539 8.266C1.11539 8.026 1.18139 7.828 1.31339 7.672C1.44539 7.504 1.62539 7.414 1.85339 7.402C2.30939 7.378 2.62139 7.258 2.78939 7.042C2.96939 6.814 3.05939 6.46 3.05939 5.98V2.488C3.05939 1.792 3.24539 1.258 3.61739 0.885999C4.00139 0.501999 4.54139 0.309999 5.23739 0.309999H6.51539C6.79139 0.309999 7.01339 0.393999 7.18139 0.561999C7.36139 0.717999 7.45139 0.915999 7.45139 1.156C7.45139 1.396 7.37939 1.6 7.23539 1.768C7.09139 1.924 6.89939 2.002 6.65939 2.002H6.02939C5.78939 2.002 5.60939 2.068 5.48939 2.2C5.36939 2.332 5.30939 2.53 5.30939 2.794V6.25C5.30939 6.622 5.23139 6.964 5.07539 7.276C4.91939 7.588 4.70939 7.84 4.44539 8.032C4.19339 8.224 3.90539 8.32 3.58139 8.32V8.248C3.90539 8.248 4.19339 8.344 4.44539 8.536C4.70939 8.716 4.91939 8.962 5.07539 9.274C5.23139 9.586 5.30939 9.928 5.30939 10.3V13.756C5.30939 14.02 5.36939 14.218 5.48939 14.35C5.60939 14.482 5.78939 14.548 6.02939 14.548H6.65939C6.89939 14.548 7.09139 14.626 7.23539 14.782C7.37939 14.95 7.45139 15.154 7.45139 15.394C7.45139 15.634 7.36139 15.832 7.18139 15.988C7.01339 16.156 6.79139 16.24 6.51539 16.24H5.23739ZM14.4914 16.24C14.2274 16.24 14.0054 16.156 13.8254 15.988C13.6454 15.832 13.5554 15.634 13.5554 15.394C13.5554 15.154 13.6274 14.95 13.7714 14.782C13.9154 14.626 14.1074 14.548 14.3474 14.548H14.9774C15.2174 14.548 15.3974 14.482 15.5174 14.35C15.6374 14.218 15.6974 14.02 15.6974 13.756V10.3C15.6974 9.928 15.7754 9.586 15.9314 9.274C16.0874 8.962 16.2974 8.71 16.5614 8.518C16.8254 8.326 17.1134 8.23 17.4254 8.23V8.302C17.1134 8.302 16.8254 8.212 16.5614 8.032C16.2974 7.84 16.0874 7.588 15.9314 7.276C15.7754 6.964 15.6974 6.622 15.6974 6.25V2.794C15.6974 2.53 15.6374 2.332 15.5174 2.2C15.3974 2.068 15.2174 2.002 14.9774 2.002H14.3474C14.1074 2.002 13.9154 1.924 13.7714 1.768C13.6274 1.6 13.5554 1.396 13.5554 1.156C13.5554 0.915999 13.6454 0.717999 13.8254 0.561999C14.0054 0.393999 14.2274 0.309999 14.4914 0.309999H15.7694C16.2374 0.309999 16.6334 0.393999 16.9574 0.561999C17.2814 0.729999 17.5274 0.975999 17.6954 1.3C17.8634 1.624 17.9474 2.02 17.9474 2.488V5.98C17.9474 6.46 18.0374 6.814 18.2174 7.042C18.3974 7.258 18.7094 7.378 19.1534 7.402C19.3934 7.414 19.5734 7.504 19.6934 7.672C19.8254 7.84 19.8914 8.044 19.8914 8.284C19.8914 8.512 19.8254 8.71 19.6934 8.878C19.5734 9.046 19.3934 9.136 19.1534 9.148C18.7094 9.16 18.3974 9.28 18.2174 9.508C18.0374 9.724 17.9474 10.078 17.9474 10.57V14.062C17.9474 14.758 17.7554 15.292 17.3714 15.664C16.9994 16.048 16.4654 16.24 15.7694 16.24H14.4914Z",
-    fill: "#39403E"
-  })));
-}
-var brackets_curly_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsCurly);
-/* harmony default export */ var brackets_curly = (__webpack_require__.p + "static/media/brackets-curly.svg?h=52ca1e6781ac563ec8694c3e48173bed7f18c48f39bdcf5c35418cb4f0db5231");
-
-;// CONCATENATED MODULE: ./src/icons/brackets-square.svg
-var brackets_square_path;
-var brackets_square_excluded = ["title", "titleId"];
-function brackets_square_extends() { brackets_square_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return brackets_square_extends.apply(this, arguments); }
-function brackets_square_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = brackets_square_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function brackets_square_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgBracketsSquare(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = brackets_square_objectWithoutProperties(_ref, brackets_square_excluded);
-  return /*#__PURE__*/react.createElement("svg", brackets_square_extends({
-    width: 22,
-    height: 18,
-    viewBox: "0 0 22 18",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, brackets_square_path || (brackets_square_path = /*#__PURE__*/react.createElement("path", {
-    d: "M3.79484 17.8617C3.50151 17.8617 3.24818 17.7617 3.03484 17.5617C2.83484 17.3617 2.73484 17.1151 2.73484 16.8217V1.20172C2.73484 0.895051 2.83484 0.648384 3.03484 0.461718C3.24818 0.261718 3.50151 0.161718 3.79484 0.161718H6.65484C6.96151 0.161718 7.19484 0.255051 7.35484 0.441718C7.52818 0.615051 7.61484 0.835051 7.61484 1.10172C7.61484 1.36838 7.52818 1.59505 7.35484 1.78172C7.19484 1.95505 6.96151 2.04172 6.65484 2.04172H5.23484V15.9817H6.65484C6.96151 15.9817 7.19484 16.0684 7.35484 16.2417C7.52818 16.4284 7.61484 16.6551 7.61484 16.9217C7.61484 17.1884 7.52818 17.4084 7.35484 17.5817C7.19484 17.7684 6.96151 17.8617 6.65484 17.8617H3.79484ZM15.3548 17.8617C15.0615 17.8617 14.8282 17.7684 14.6548 17.5817C14.4815 17.4084 14.3948 17.1884 14.3948 16.9217C14.3948 16.6551 14.4815 16.4284 14.6548 16.2417C14.8282 16.0684 15.0615 15.9817 15.3548 15.9817H16.7748V2.04172H15.3548C15.0615 2.04172 14.8282 1.95505 14.6548 1.78172C14.4815 1.59505 14.3948 1.36838 14.3948 1.10172C14.3948 0.835051 14.4815 0.615051 14.6548 0.441718C14.8282 0.255051 15.0615 0.161718 15.3548 0.161718H18.2148C18.5215 0.161718 18.7748 0.261718 18.9748 0.461718C19.1748 0.648384 19.2748 0.895051 19.2748 1.20172V16.8217C19.2748 17.1151 19.1748 17.3617 18.9748 17.5617C18.7748 17.7617 18.5215 17.8617 18.2148 17.8617H15.3548Z",
-    fill: "#39403E"
-  })));
-}
-var brackets_square_ForwardRef = /*#__PURE__*/react.forwardRef(SvgBracketsSquare);
-/* harmony default export */ var brackets_square = (__webpack_require__.p + "static/media/brackets-square.svg?h=2cb41787d8487f94387e48d5d2df0c2d1476a426e7db05bfd18c9ca83b1c3203");
-
-;// CONCATENATED MODULE: ./src/icons/file.svg
-var file_path, file_path2, file_path3;
-var file_excluded = ["title", "titleId"];
-function file_extends() { file_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return file_extends.apply(this, arguments); }
-function file_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = file_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function file_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgFile(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = file_objectWithoutProperties(_ref, file_excluded);
-  return /*#__PURE__*/react.createElement("svg", file_extends({
-    width: 40,
-    height: 40,
-    viewBox: "0 0 40 40",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, file_path || (file_path = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M26.9833 3.3335H13.0166C6.94992 3.3335 3.33325 6.95016 3.33325 13.0168V26.9668C3.33325 33.0502 6.94992 36.6668 13.0166 36.6668H26.9666C33.0333 36.6668 36.6499 33.0502 36.6499 26.9835V13.0168C36.6666 6.95016 33.0499 3.3335 26.9833 3.3335Z",
-    fill: "#151B33"
-  })), file_path2 || (file_path2 = /*#__PURE__*/react.createElement("path", {
-    d: "M26.25 16.25H13.75C13.0667 16.25 12.5 15.6833 12.5 15C12.5 14.3167 13.0667 13.75 13.75 13.75H26.25C26.9333 13.75 27.5 14.3167 27.5 15C27.5 15.6833 26.9333 16.25 26.25 16.25Z",
-    fill: "#151B33"
-  })), file_path3 || (file_path3 = /*#__PURE__*/react.createElement("path", {
-    d: "M26.25 26.25H13.75C13.0667 26.25 12.5 25.6833 12.5 25C12.5 24.3167 13.0667 23.75 13.75 23.75H26.25C26.9333 23.75 27.5 24.3167 27.5 25C27.5 25.6833 26.9333 26.25 26.25 26.25Z",
-    fill: "#151B33"
-  })));
-}
-var file_ForwardRef = /*#__PURE__*/react.forwardRef(SvgFile);
-/* harmony default export */ var file = (__webpack_require__.p + "static/media/file.svg?h=a5cdec22db8a9870f965606ebe636175c096705f5230dc3ef5fb8c69e8481e52");
-
-;// CONCATENATED MODULE: ./src/icons/result.svg
-var result_circle, result_path, result_g;
-var result_excluded = (/* unused pure expression or super */ null && (["title", "titleId"]));
-function result_extends() { result_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return result_extends.apply(this, arguments); }
-function result_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = result_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function result_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgResult(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = result_objectWithoutProperties(_ref, result_excluded);
-  return /*#__PURE__*/React.createElement("svg", result_extends({
-    width: 30,
-    height: 30,
-    viewBox: "0 0 30 30",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/React.createElement("title", {
-    id: titleId
-  }, title) : null, result_circle || (result_circle = /*#__PURE__*/React.createElement("circle", {
-    cx: 15,
-    cy: 15,
-    r: 15,
-    fill: "#DFEBE9"
-  })), result_path || (result_path = /*#__PURE__*/React.createElement("path", {
-    d: "M12.0825 14.8876C9.96746 15.0376 9.97496 18.1126 12.0825 18.2626H17.085C17.6925 18.2701 18.2775 18.0376 18.7275 17.6326C20.2125 16.3351 19.4175 13.7326 17.4675 13.4851C16.77 9.25507 10.6575 10.8601 12.105 14.8876",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), result_g || (result_g = /*#__PURE__*/React.createElement("g", {
-    opacity: 0.4
-  }, /*#__PURE__*/React.createElement("path", {
-    d: "M7.5 17.25C7.5 20.1525 9.8475 22.5 12.75 22.5L11.9625 21.1875",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }), /*#__PURE__*/React.createElement("path", {
-    d: "M22.5 12.75C22.5 9.8475 20.1525 7.5 17.25 7.5L18.0375 8.8125",
-    stroke: "#39403E",
-    strokeWidth: 1.5,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  }))));
-}
-var result_ForwardRef = /*#__PURE__*/(/* unused pure expression or super */ null && (React.forwardRef(SvgResult)));
-/* harmony default export */ var result = (__webpack_require__.p + "static/media/result.svg?h=109429f6ac0c3258b03a2931285d539bbe05c832b2ffc74bfc4e0186ed415c4e");
-
-;// CONCATENATED MODULE: ./src/icons/include.svg
-var include_circle, include_path, include_path2, include_path3, include_path4;
-var include_excluded = ["title", "titleId"];
-function include_extends() { include_extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return include_extends.apply(this, arguments); }
-function include_objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = include_objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
-function include_objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
-
-function SvgInclude(_ref, svgRef) {
-  var title = _ref.title,
-    titleId = _ref.titleId,
-    props = include_objectWithoutProperties(_ref, include_excluded);
-  return /*#__PURE__*/react.createElement("svg", include_extends({
-    width: 30,
-    height: 30,
-    viewBox: "0 0 30 30",
-    fill: "none",
-    xmlns: "http://www.w3.org/2000/svg",
-    ref: svgRef,
-    "aria-labelledby": titleId
-  }, props), title ? /*#__PURE__*/react.createElement("title", {
-    id: titleId
-  }, title) : null, include_circle || (include_circle = /*#__PURE__*/react.createElement("circle", {
-    cx: 15,
-    cy: 15,
-    r: 15,
-    fill: "#39403E"
-  })), include_path || (include_path = /*#__PURE__*/react.createElement("path", {
-    d: "M21.75 11.25V18.75C21.75 21 20.625 22.5 18 22.5H12C9.375 22.5 8.25 21 8.25 18.75V11.25C8.25 9 9.375 7.5 12 7.5H18C20.625 7.5 21.75 9 21.75 11.25Z",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), include_path2 || (include_path2 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M16.875 9.375V10.875C16.875 11.7 17.55 12.375 18.375 12.375H19.875",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), include_path3 || (include_path3 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M12 15.75H15",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })), include_path4 || (include_path4 = /*#__PURE__*/react.createElement("path", {
-    opacity: 0.4,
-    d: "M12 18.75H18",
-    stroke: "#DFEBE9",
-    strokeWidth: 1.5,
-    strokeMiterlimit: 10,
-    strokeLinecap: "round",
-    strokeLinejoin: "round"
-  })));
-}
-var include_ForwardRef = /*#__PURE__*/react.forwardRef(SvgInclude);
-/* harmony default export */ var include = (__webpack_require__.p + "static/media/include.svg?h=09e12f819cefe6871ba002f11807c529f4a7c11f4ec84c1a15945fe9a267d26d");
-
-;// CONCATENATED MODULE: ./src/icons/Icons.tsx
-var KluctlText=function KluctlText(){return/*#__PURE__*/(0,jsx_runtime.jsx)(ForwardRef,{width:"115px",height:"33px"});};var GitIcon=function GitIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(git_ForwardRef,{width:"35px",height:"35px"});};var KluctlLogo=function KluctlLogo(){return/*#__PURE__*/(0,jsx_runtime.jsx)(kluctl_logo_ForwardRef,{width:"50px",height:"50px"});};var SearchIcon=function SearchIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(search_ForwardRef,{width:"27px",height:"27px"});};var TargetsIcon=function TargetsIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(targets_ForwardRef,{width:"48px",height:"48px"});};var TargetIcon=function TargetIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(target_ForwardRef,{width:"45px",height:"45px"});};var RelationHLine=function RelationHLine(){return/*#__PURE__*/_jsx(RelationHLineSvg,{width:"169px",height:"12px"});};var ProjectIcon=function ProjectIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(project_ForwardRef,{width:"45px",height:"45px"});};var DeployIcon=function DeployIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(deploy_ForwardRef,{width:"45px",height:"45px"});};var PruneIcon=function PruneIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(prune_ForwardRef,{width:"45px",height:"45px"});};var DiffIcon=function DiffIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(diff_ForwardRef,{width:"45px",height:"45px"});};var CpuIcon=function CpuIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(cpu_ForwardRef,{width:"24px",height:"24px"});};var FingerScanIcon=function FingerScanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(finger_scan_ForwardRef,{width:"24px",height:"24px"});};var MessageQuestionIcon=function MessageQuestionIcon(props){return/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{width:"24",height:"24",viewBox:"0 0 24 24",fill:"none",xmlns:"http://www.w3.org/2000/svg",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"M17 2.42999H7C4 2.42999 2 4.42999 2 7.42999V13.43C2 16.43 4 18.43 7 18.43V20.56C7 21.36 7.89 21.84 8.55 21.39L13 18.43H17C20 18.43 22 16.43 22 13.43V7.42999C22 4.42999 20 2.42999 17 2.42999ZM12 14.6C11.58 14.6 11.25 14.26 11.25 13.85C11.25 13.44 11.58 13.1 12 13.1C12.42 13.1 12.75 13.44 12.75 13.85C12.75 14.26 12.42 14.6 12 14.6ZM13.26 10.45C12.87 10.71 12.75 10.88 12.75 11.16V11.37C12.75 11.78 12.41 12.12 12 12.12C11.59 12.12 11.25 11.78 11.25 11.37V11.16C11.25 9.99999 12.1 9.42999 12.42 9.20999C12.79 8.95999 12.91 8.78999 12.91 8.52999C12.91 8.02999 12.5 7.61999 12 7.61999C11.5 7.61999 11.09 8.02999 11.09 8.52999C11.09 8.93999 10.75 9.27999 10.34 9.27999C9.93 9.27999 9.59 8.93999 9.59 8.52999C9.59 7.19999 10.67 6.11999 12 6.11999C13.33 6.11999 14.41 7.19999 14.41 8.52999C14.41 9.66999 13.57 10.24 13.26 10.45Z",fill:props.color})});};var TreeViewIcon=function TreeViewIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(tree_view_ForwardRef,{width:"26px",height:"26px"});};var CloseIcon=function CloseIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_ForwardRef,{width:"24px",height:"24px"});};var CloseLightIcon=function CloseLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(close_light_ForwardRef,{width:"24px",height:"24px"});};var WarningIcon=function WarningIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_ForwardRef,{width:"24px",height:"24px"});};var ErrorIcon=function ErrorIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(error_ForwardRef,{width:"24px",height:"24px"});};var TrashIcon=function TrashIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(trash_ForwardRef,{width:"24px",height:"24px"});};var OrphanIcon=function OrphanIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(orphan_ForwardRef,{width:"24px",height:"24px"});};var AddedIcon=function AddedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(added_ForwardRef,{width:"24px",height:"24px"});};var ChangedIcon=function ChangedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changed_ForwardRef,{width:"24px",height:"24px"});};var CheckboxIcon=function CheckboxIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_ForwardRef,{width:"24px",height:"24px"});};var CheckboxCheckedIcon=function CheckboxCheckedIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(checkbox_checked_ForwardRef,{width:"24px",height:"24px"});};var CheckboxDisabledIcon=function CheckboxDisabledIcon(){return/*#__PURE__*/_jsx(CheckboxDisabledIconSvg,{width:"24px",height:"24px"});};var ArrowLeftIcon=function ArrowLeftIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(arrow_left_ForwardRef,{width:"40px",height:"40px"});};var WarningSignIcon=function WarningSignIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(warning_sign_ForwardRef,{width:"21px",height:"21px"});};var ChangesIcon=function ChangesIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(changes_ForwardRef,{width:"21px",height:"21px"});};var StarIcon=function StarIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(star_ForwardRef,{width:"21px",height:"21px"});};var TriangleDownIcon=function TriangleDownIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_down_ForwardRef,{width:"50px",height:"50px"});};var TriangleLeftLightIcon=function TriangleLeftLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_left_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightLightIcon=function TriangleRightLightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_light_ForwardRef,{width:"50px",height:"50px"});};var TriangleRightIcon=function TriangleRightIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(triangle_right_ForwardRef,{width:"50px",height:"50px"});};var BracketsCurlyIcon=function BracketsCurlyIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_curly_ForwardRef,{width:"22px",height:"18px"});};var BracketsSquareIcon=function BracketsSquareIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(brackets_square_ForwardRef,{width:"22px",height:"18px"});};var FileIcon=function FileIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(file_ForwardRef,{width:"40px",height:"40px"});};var ResultIcon=function ResultIcon(){return/*#__PURE__*/_jsx(ResultIconSvg,{width:"30px",height:"30px"});};var IncludeIcon=function IncludeIcon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(include_ForwardRef,{width:"30px",height:"30px"});};
-;// CONCATENATED MODULE: ./src/components/theme.ts
-var paletteDark={primary:{main:'#DFEBE9'},background:{default:'#222222',paper:'#222222'},text:{primary:'#DFEBE9'}};var paletteLight={primary:{main:'#222222'},secondary:{main:'#39403E'},background:{default:'#DFEBE9',paper:'#DFEBE9'},text:{primary:'#222222'}};var theme_common=styles_createTheme({consts:{appBarHeight:106,leftDrawerWidthOpen:224,leftDrawerWidthClosed:96},typography:{fontFamily:'Nunito Variable'},components:{MuiBackdrop:{styleOverrides:{root:{backgroundColor:'rgba(0, 0, 0, 0.65)'},invisible:{backgroundColor:'transparent'}}}}});var theme_light=styles_createTheme(theme_common,{palette:paletteLight,typography:{h1:{color:paletteLight.text.primary,fontWeight:700,fontSize:'32px',lineHeight:'44px',letterSpacing:'1px'},h2:{color:paletteLight.text.primary,fontWeight:700,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},h5:{color:paletteLight.secondary.main,fontWeight:700,fontSize:'22px',lineHeight:'30px',letterSpacing:'1px'},h6:{color:paletteLight.secondary.main,fontWeight:800,fontSize:'20px',lineHeight:'27px'},subtitle1:{color:paletteLight.secondary.main},subtitle2:{fontSize:'14px',lineHeight:1.2}},components:{MuiDivider:{styleOverrides:{root:{borderColor:paletteLight.secondary.main}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteLight.text.primary}}}},MuiAppBar:{styleOverrides:{root:{color:paletteLight.primary.main}}},MuiTableCell:{styleOverrides:{root:{border:'none',borderTop:"0.5px solid ".concat(paletteLight.secondary.main),fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',position:'relative',':after':{content:'""',position:'absolute',top:'10px',right:0,bottom:'10px',display:'block',borderRight:"0.5px solid ".concat(paletteLight.secondary.main)},':last-of-type:after':{content:'none'},':last-of-type':{overflowWrap:'anywhere'}},head:{border:'none'}}}}});var theme_dark=styles_createTheme(theme_common,{palette:paletteDark,typography:{allVariants:{color:paletteDark.text.primary},h4:{color:paletteDark.text.primary,fontWeight:700,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}},components:{MuiListItem:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiButtonBase:{styleOverrides:{root:{color:paletteDark.primary.main,background:paletteDark.background.default}}},MuiDrawer:{styleOverrides:{root:{border:'none'},paper:{border:'none'}}},MuiDivider:{styleOverrides:{root:{background:paletteDark.primary.main,opacity:0.2,margin:'0 13px'}}},MuiTabs:{styleOverrides:{root:{height:'36px',minHeight:0,textTransform:'none'},indicator:{backgroundColor:'#59A588'}}},MuiTab:{styleOverrides:{root:{height:'36px',minHeight:0,fontWeight:400,fontSize:'16px',lineHeight:'22px',letterSpacing:'1px',textTransform:'none',padding:'7px 5px',color:'#8A8E91','&.Mui-selected':{color:paletteDark.text.primary}}}}}});
-;// CONCATENATED MODULE: ./src/components/LeftDrawer.tsx
-var openedMixin=function openedMixin(theme){return{width:theme.consts.leftDrawerWidthOpen,transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),overflowX:'hidden'};};var closedMixin=function closedMixin(theme){return{transition:theme.transitions.create('width',{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen}),overflowX:'hidden',width:theme.consts.leftDrawerWidthClosed};};var DrawerHeader=styles_styled('div')(function(_ref){var theme=_ref.theme;return _objectSpread2({height:theme.consts.appBarHeight,padding:'31px 23px 0 23px'},theme.mixins.toolbar);});var LeftDrawer_AppBar=styles_styled(AppBar_AppBar,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref2){var theme=_ref2.theme,open=_ref2.open;return _objectSpread2({height:theme.consts.appBarHeight,border:'none',boxShadow:'none',background:'transparent',padding:'40px 40px 0 40px',marginLeft:theme.consts.leftDrawerWidthClosed,justifyContent:'space-between',width:"calc(100% - ".concat(theme.consts.leftDrawerWidthClosed,"px)"),zIndex:theme.zIndex.drawer+1,transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.leavingScreen})},open&&{marginLeft:theme.consts.leftDrawerWidthOpen,width:"calc(100% - ".concat(theme.consts.leftDrawerWidthOpen,"px)"),transition:theme.transitions.create(['width','margin'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})});});var LeftDrawer_Drawer=styles_styled(Drawer_Drawer,{shouldForwardProp:function shouldForwardProp(prop){return prop!=='open';}})(function(_ref3){var theme=_ref3.theme,open=_ref3.open;return _objectSpread2(_objectSpread2({width:theme.consts.leftDrawerWidthOpen,flexShrink:0,whiteSpace:'nowrap',boxSizing:'border-box',borderRadius:'0px 20px 20px 0px'},open&&_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},openedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})})),!open&&_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{'& .MuiDrawer-paper':_objectSpread2(_objectSpread2({},closedMixin(theme)),{},{borderRadius:'0px 20px 20px 0px'})}));});function Item(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{component:Link,to:props.to,disablePadding:true,sx:{display:'block',margin:'14px 0'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(ListItemButton_ListItemButton,{sx:{height:'60px',justifyContent:'start',alignItems:'center',gap:'15px',padding:'0 24px'},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemIcon_ListItemIcon,{sx:{minWidth:0,flex:'0 0 auto',justifyContent:'center',alignItems:'center'},children:props.icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:props.text,sx:{display:props.open?'block':'none',margin:0},primaryTypographyProps:{fontWeight:500,fontSize:'24px',lineHeight:'33px',letterSpacing:'1px'}})]})},props.text);}function LeftDrawer(props){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),open=_useState2[0],setOpen=_useState2[1];var location=dist_useLocation();var navigate=dist_useNavigate();var theme=styles_useTheme_useTheme();var toggleDrawer=function toggleDrawer(){setOpen(function(o){return!o;});};var path=location.pathname.split('/')[1];var header=null;switch(path){case'targets':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Dashboard"}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"40px",maxWidth:"314px",flexGrow:1,borderRadius:"10px",display:"flex",justifyContent:"space-between",alignItems:"center",padding:"0 9px 0 15px",sx:{background:theme.palette.background.default},children:[/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",style:{background:'none',border:'none',outline:'none',height:'20px',lineHeight:'20px',fontSize:'18px'},placeholder:"Search (not impl. yet)"}),/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0,height:40,width:40},children:/*#__PURE__*/(0,jsx_runtime.jsx)(SearchIcon,{})})]})]});break;case'results':header=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"start",gap:"12px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{sx:{padding:0},onClick:function onClick(){return navigate('/targets');},children:/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowLeftIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h1",children:"Result Tree"})]});break;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer_AppBar,{position:"fixed",open:open,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",justifyContent:"space-between",children:header})}),/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsxs)(LeftDrawer_Drawer,{variant:"permanent",open:open,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(IconButton_IconButton,{onClick:toggleDrawer,sx:{gap:'13px',padding:0},children:[/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlLogo,{}),open&&/*#__PURE__*/(0,jsx_runtime.jsx)(KluctlText,{})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(List_List,{sx:{padding:'10px 0 0 0'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Item,{text:"Targets",open:open,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsIcon,{}),to:"targets"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{component:"main",sx:{flexGrow:1,height:'100%',overflow:'hidden'},minWidth:0,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DrawerHeader,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"calc(100% - ".concat(theme.consts.appBarHeight,"px)"),overflow:"auto",children:props.content})]})]});}
-;// CONCATENATED MODULE: ./src/models.ts
-/* Do not change, this code is generated from Golang structs */var DeploymentError=/*#__PURE__*/function(){function DeploymentError(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentError);this.ref=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.message=source["message"];}createClass_createClass(DeploymentError,[{key:"convertValues",value:function convertValues(a,classs){var _this=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i=0,_Object$keys=Object.keys(a);_i<_Object$keys.length;_i++){var _key=_Object$keys[_i];a[_key]=new classs(a[_key]);}return a;}return new classs(a);}return a;}}]);return DeploymentError;}();var Change=/*#__PURE__*/createClass_createClass(function Change(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Change);this.type=void 0;this.jsonPath=void 0;this.oldValue=void 0;this.newValue=void 0;this.unifiedDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.type=source["type"];this.jsonPath=source["jsonPath"];this.oldValue=source["oldValue"];this.newValue=source["newValue"];this.unifiedDiff=source["unifiedDiff"];});var ResultObject=/*#__PURE__*/function(){function ResultObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ResultObject);this.ref=void 0;this.changes=void 0;this.new=void 0;this.orphan=void 0;this.deleted=void 0;this.hook=void 0;this.rendered=void 0;this.remote=void 0;this.applied=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);this.new=source["new"];this.orphan=source["orphan"];this.deleted=source["deleted"];this.hook=source["hook"];this.rendered=source["rendered"];this.remote=source["remote"];this.applied=source["applied"];}createClass_createClass(ResultObject,[{key:"convertValues",value:function convertValues(a,classs){var _this2=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this2.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i2=0,_Object$keys2=Object.keys(a);_i2<_Object$keys2.length;_i2++){var _key2=_Object$keys2[_i2];a[_key2]=new classs(a[_key2]);}return a;}return new classs(a);}return a;}}]);return ResultObject;}();var IgnoreForDiffItemConfig=/*#__PURE__*/createClass_createClass(function IgnoreForDiffItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,IgnoreForDiffItemConfig);this.fieldPath=void 0;this.fieldPathRegex=void 0;this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.fieldPath=source["fieldPath"];this.fieldPathRegex=source["fieldPathRegex"];this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var HelmChartConfig=/*#__PURE__*/createClass_createClass(function HelmChartConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,HelmChartConfig);this.repo=void 0;this.path=void 0;this.credentialsId=void 0;this.chartName=void 0;this.chartVersion=void 0;this.updateConstraints=void 0;this.releaseName=void 0;this.namespace=void 0;this.output=void 0;this.skipCRDs=void 0;this.skipUpdate=void 0;this.skipPrePull=void 0;if('string'===typeof source)source=JSON.parse(source);this.repo=source["repo"];this.path=source["path"];this.credentialsId=source["credentialsId"];this.chartName=source["chartName"];this.chartVersion=source["chartVersion"];this.updateConstraints=source["updateConstraints"];this.releaseName=source["releaseName"];this.namespace=source["namespace"];this.output=source["output"];this.skipCRDs=source["skipCRDs"];this.skipUpdate=source["skipUpdate"];this.skipPrePull=source["skipPrePull"];});var DeleteObjectItemConfig=/*#__PURE__*/createClass_createClass(function DeleteObjectItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeleteObjectItemConfig);this.group=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var GitProject=/*#__PURE__*/createClass_createClass(function GitProject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitProject);this.url=void 0;this.ref=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];});var DeploymentItemConfig=/*#__PURE__*/function(){function DeploymentItemConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentItemConfig);this.path=void 0;this.include=void 0;this.git=void 0;this.tags=void 0;this.barrier=void 0;this.message=void 0;this.waitReadiness=void 0;this.vars=void 0;this.skipDeleteIfTags=void 0;this.onlyRender=void 0;this.alwaysDeploy=void 0;this.deleteObjects=void 0;this.when=void 0;this.renderedHelmChartConfig=void 0;this.renderedObjects=void 0;this.renderedInclude=void 0;if('string'===typeof source)source=JSON.parse(source);this.path=source["path"];this.include=source["include"];this.git=this.convertValues(source["git"],GitProject);this.tags=source["tags"];this.barrier=source["barrier"];this.message=source["message"];this.waitReadiness=source["waitReadiness"];this.vars=this.convertValues(source["vars"],VarsSource);this.skipDeleteIfTags=source["skipDeleteIfTags"];this.onlyRender=source["onlyRender"];this.alwaysDeploy=source["alwaysDeploy"];this.deleteObjects=this.convertValues(source["deleteObjects"],DeleteObjectItemConfig);this.when=source["when"];this.renderedHelmChartConfig=this.convertValues(source["renderedHelmChartConfig"],HelmChartConfig);this.renderedObjects=this.convertValues(source["renderedObjects"],models_ObjectRef);this.renderedInclude=this.convertValues(source["renderedInclude"],DeploymentProjectConfig);}createClass_createClass(DeploymentItemConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this3=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this3.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i3=0,_Object$keys3=Object.keys(a);_i3<_Object$keys3.length;_i3++){var _key3=_Object$keys3[_i3];a[_key3]=new classs(a[_key3]);}return a;}return new classs(a);}return a;}}]);return DeploymentItemConfig;}();var SealedSecretsConfig=/*#__PURE__*/createClass_createClass(function SealedSecretsConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealedSecretsConfig);this.outputPattern=void 0;if('string'===typeof source)source=JSON.parse(source);this.outputPattern=source["outputPattern"];});var VarsSourceVault=/*#__PURE__*/createClass_createClass(function VarsSourceVault(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceVault);this.address=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.address=source["address"];this.path=source["path"];});var VarsSourceAwsSecretsManager=/*#__PURE__*/createClass_createClass(function VarsSourceAwsSecretsManager(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceAwsSecretsManager);this.secretName=void 0;this.region=void 0;this.profile=void 0;if('string'===typeof source)source=JSON.parse(source);this.secretName=source["secretName"];this.region=source["region"];this.profile=source["profile"];});var VarsSourceHttp=/*#__PURE__*/createClass_createClass(function VarsSourceHttp(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceHttp);this.url=void 0;this.method=void 0;this.body=void 0;this.headers=void 0;this.jsonPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.method=source["method"];this.body=source["body"];this.headers=source["headers"];this.jsonPath=source["jsonPath"];});var VarsSourceClusterConfigMapOrSecret=/*#__PURE__*/createClass_createClass(function VarsSourceClusterConfigMapOrSecret(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceClusterConfigMapOrSecret);this.name=void 0;this.labels=void 0;this.namespace=void 0;this.key=void 0;this.targetPath=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.labels=source["labels"];this.namespace=source["namespace"];this.key=source["key"];this.targetPath=source["targetPath"];});var VarsSourceGit=/*#__PURE__*/createClass_createClass(function VarsSourceGit(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSourceGit);this.url=void 0;this.ref=void 0;this.path=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.path=source["path"];});var VarsSource=/*#__PURE__*/function(){function VarsSource(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,VarsSource);this.ignoreMissing=void 0;this.noOverride=void 0;this.values=void 0;this.file=void 0;this.git=void 0;this.clusterConfigMap=void 0;this.clusterSecret=void 0;this.systemEnvVars=void 0;this.http=void 0;this.awsSecretsManager=void 0;this.vault=void 0;this.when=void 0;this.renderedVars=void 0;if('string'===typeof source)source=JSON.parse(source);this.ignoreMissing=source["ignoreMissing"];this.noOverride=source["noOverride"];this.values=source["values"];this.file=source["file"];this.git=this.convertValues(source["git"],VarsSourceGit);this.clusterConfigMap=this.convertValues(source["clusterConfigMap"],VarsSourceClusterConfigMapOrSecret);this.clusterSecret=this.convertValues(source["clusterSecret"],VarsSourceClusterConfigMapOrSecret);this.systemEnvVars=source["systemEnvVars"];this.http=this.convertValues(source["http"],VarsSourceHttp);this.awsSecretsManager=this.convertValues(source["awsSecretsManager"],VarsSourceAwsSecretsManager);this.vault=this.convertValues(source["vault"],VarsSourceVault);this.when=source["when"];this.renderedVars=source["renderedVars"];}createClass_createClass(VarsSource,[{key:"convertValues",value:function convertValues(a,classs){var _this4=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this4.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i4=0,_Object$keys4=Object.keys(a);_i4<_Object$keys4.length;_i4++){var _key4=_Object$keys4[_i4];a[_key4]=new classs(a[_key4]);}return a;}return new classs(a);}return a;}}]);return VarsSource;}();var DeploymentProjectConfig=/*#__PURE__*/function(){function DeploymentProjectConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,DeploymentProjectConfig);this.vars=void 0;this.sealedSecrets=void 0;this.when=void 0;this.deployments=void 0;this.commonLabels=void 0;this.commonAnnotations=void 0;this.overrideNamespace=void 0;this.tags=void 0;this.ignoreForDiff=void 0;if('string'===typeof source)source=JSON.parse(source);this.vars=this.convertValues(source["vars"],VarsSource);this.sealedSecrets=this.convertValues(source["sealedSecrets"],SealedSecretsConfig);this.when=source["when"];this.deployments=this.convertValues(source["deployments"],DeploymentItemConfig);this.commonLabels=source["commonLabels"];this.commonAnnotations=source["commonAnnotations"];this.overrideNamespace=source["overrideNamespace"];this.tags=source["tags"];this.ignoreForDiff=this.convertValues(source["ignoreForDiff"],IgnoreForDiffItemConfig);}createClass_createClass(DeploymentProjectConfig,[{key:"convertValues",value:function convertValues(a,classs){var _this5=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this5.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i5=0,_Object$keys5=Object.keys(a);_i5<_Object$keys5.length;_i5++){var _key5=_Object$keys5[_i5];a[_key5]=new classs(a[_key5]);}return a;}return new classs(a);}return a;}}]);return DeploymentProjectConfig;}();var ClusterInfo=/*#__PURE__*/createClass_createClass(function ClusterInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ClusterInfo);this.clusterId=void 0;if('string'===typeof source)source=JSON.parse(source);this.clusterId=source["clusterId"];});var GitInfo=/*#__PURE__*/createClass_createClass(function GitInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,GitInfo);this.url=void 0;this.ref=void 0;this.subDir=void 0;this.commit=void 0;this.dirty=void 0;if('string'===typeof source)source=JSON.parse(source);this.url=source["url"];this.ref=source["ref"];this.subDir=source["subDir"];this.commit=source["commit"];this.dirty=source["dirty"];});var KluctlDeploymentInfo=/*#__PURE__*/createClass_createClass(function KluctlDeploymentInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,KluctlDeploymentInfo);this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.namespace=source["namespace"];});var CommandInfo=/*#__PURE__*/function(){function CommandInfo(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandInfo);this.initiator=void 0;this.startTime=void 0;this.endTime=void 0;this.kluctlDeployment=void 0;this.command=void 0;this.target=void 0;this.targetNameOverride=void 0;this.contextOverride=void 0;this.args=void 0;this.images=void 0;this.dryRun=void 0;this.noWait=void 0;this.forceApply=void 0;this.replaceOnError=void 0;this.forceReplaceOnError=void 0;this.abortOnError=void 0;this.includeTags=void 0;this.excludeTags=void 0;this.includeDeploymentDirs=void 0;this.excludeDeploymentDirs=void 0;if('string'===typeof source)source=JSON.parse(source);this.initiator=source["initiator"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.kluctlDeployment=this.convertValues(source["kluctlDeployment"],KluctlDeploymentInfo);this.command=source["command"];this.target=source["target"];this.targetNameOverride=source["targetNameOverride"];this.contextOverride=source["contextOverride"];this.args=source["args"];this.images=this.convertValues(source["images"],FixedImage);this.dryRun=source["dryRun"];this.noWait=source["noWait"];this.forceApply=source["forceApply"];this.replaceOnError=source["replaceOnError"];this.forceReplaceOnError=source["forceReplaceOnError"];this.abortOnError=source["abortOnError"];this.includeTags=source["includeTags"];this.excludeTags=source["excludeTags"];this.includeDeploymentDirs=source["includeDeploymentDirs"];this.excludeDeploymentDirs=source["excludeDeploymentDirs"];}createClass_createClass(CommandInfo,[{key:"convertValues",value:function convertValues(a,classs){var _this6=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this6.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i6=0,_Object$keys6=Object.keys(a);_i6<_Object$keys6.length;_i6++){var _key6=_Object$keys6[_i6];a[_key6]=new classs(a[_key6]);}return a;}return new classs(a);}return a;}}]);return CommandInfo;}();var models_ObjectRef=/*#__PURE__*/createClass_createClass(function ObjectRef(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ObjectRef);this.group=void 0;this.version=void 0;this.kind=void 0;this.name=void 0;this.namespace=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.version=source["version"];this.kind=source["kind"];this.name=source["name"];this.namespace=source["namespace"];});var FixedImage=/*#__PURE__*/function(){function FixedImage(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,FixedImage);this.image=void 0;this.resultImage=void 0;this.deployedImage=void 0;this.namespace=void 0;this.object=void 0;this.deployment=void 0;this.container=void 0;this.deployTags=void 0;this.deploymentDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.image=source["image"];this.resultImage=source["resultImage"];this.deployedImage=source["deployedImage"];this.namespace=source["namespace"];this.object=this.convertValues(source["object"],models_ObjectRef);this.deployment=source["deployment"];this.container=source["container"];this.deployTags=source["deployTags"];this.deploymentDir=source["deploymentDir"];}createClass_createClass(FixedImage,[{key:"convertValues",value:function convertValues(a,classs){var _this7=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this7.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i7=0,_Object$keys7=Object.keys(a);_i7<_Object$keys7.length;_i7++){var _key7=_Object$keys7[_i7];a[_key7]=new classs(a[_key7]);}return a;}return new classs(a);}return a;}}]);return FixedImage;}();var SealingConfig=/*#__PURE__*/createClass_createClass(function SealingConfig(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,SealingConfig);this.args=void 0;this.secretSets=void 0;this.certFile=void 0;if('string'===typeof source)source=JSON.parse(source);this.args=source["args"];this.secretSets=source["secretSets"];this.certFile=source["certFile"];});var Target=/*#__PURE__*/function(){function Target(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,Target);this.name=void 0;this.context=void 0;this.args=void 0;this.sealingConfig=void 0;this.images=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.name=source["name"];this.context=source["context"];this.args=source["args"];this.sealingConfig=this.convertValues(source["sealingConfig"],SealingConfig);this.images=this.convertValues(source["images"],FixedImage);this.discriminator=source["discriminator"];}createClass_createClass(Target,[{key:"convertValues",value:function convertValues(a,classs){var _this8=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this8.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i8=0,_Object$keys8=Object.keys(a);_i8<_Object$keys8.length;_i8++){var _key8=_Object$keys8[_i8];a[_key8]=new classs(a[_key8]);}return a;}return new classs(a);}return a;}}]);return Target;}();var TargetKey=/*#__PURE__*/createClass_createClass(function TargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,TargetKey);this.targetName=void 0;this.clusterId=void 0;this.discriminator=void 0;if('string'===typeof source)source=JSON.parse(source);this.targetName=source["targetName"];this.clusterId=source["clusterId"];this.discriminator=source["discriminator"];});var ProjectKey=/*#__PURE__*/createClass_createClass(function ProjectKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectKey);this.gitRepoKey=void 0;this.subDir=void 0;if('string'===typeof source)source=JSON.parse(source);this.gitRepoKey=source["gitRepoKey"];this.subDir=source["subDir"];});var CommandResult=/*#__PURE__*/function(){function CommandResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResult);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.command=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.deployment=void 0;this.objects=void 0;this.errors=void 0;this.warnings=void 0;this.seenImages=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.command=this.convertValues(source["command"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.deployment=this.convertValues(source["deployment"],DeploymentProjectConfig);this.objects=this.convertValues(source["objects"],ResultObject);this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.seenImages=this.convertValues(source["seenImages"],FixedImage);}createClass_createClass(CommandResult,[{key:"convertValues",value:function convertValues(a,classs){var _this9=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this9.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i9=0,_Object$keys9=Object.keys(a);_i9<_Object$keys9.length;_i9++){var _key9=_Object$keys9[_i9];a[_key9]=new classs(a[_key9]);}return a;}return new classs(a);}return a;}}]);return CommandResult;}();var CommandResultSummary=/*#__PURE__*/function(){function CommandResultSummary(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,CommandResultSummary);this.id=void 0;this.projectKey=void 0;this.targetKey=void 0;this.target=void 0;this.commandInfo=void 0;this.gitInfo=void 0;this.clusterInfo=void 0;this.renderedObjects=void 0;this.remoteObjects=void 0;this.appliedObjects=void 0;this.appliedHookObjects=void 0;this.newObjects=void 0;this.changedObjects=void 0;this.orphanObjects=void 0;this.deletedObjects=void 0;this.errors=void 0;this.warnings=void 0;this.totalChanges=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.projectKey=this.convertValues(source["projectKey"],ProjectKey);this.targetKey=this.convertValues(source["targetKey"],TargetKey);this.target=this.convertValues(source["target"],Target);this.commandInfo=this.convertValues(source["commandInfo"],CommandInfo);this.gitInfo=this.convertValues(source["gitInfo"],GitInfo);this.clusterInfo=this.convertValues(source["clusterInfo"],ClusterInfo);this.renderedObjects=source["renderedObjects"];this.remoteObjects=source["remoteObjects"];this.appliedObjects=source["appliedObjects"];this.appliedHookObjects=source["appliedHookObjects"];this.newObjects=source["newObjects"];this.changedObjects=source["changedObjects"];this.orphanObjects=source["orphanObjects"];this.deletedObjects=source["deletedObjects"];this.errors=this.convertValues(source["errors"],DeploymentError);this.warnings=this.convertValues(source["warnings"],DeploymentError);this.totalChanges=source["totalChanges"];}createClass_createClass(CommandResultSummary,[{key:"convertValues",value:function convertValues(a,classs){var _this10=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this10.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i10=0,_Object$keys10=Object.keys(a);_i10<_Object$keys10.length;_i10++){var _key10=_Object$keys10[_i10];a[_key10]=new classs(a[_key10]);}return a;}return new classs(a);}return a;}}]);return CommandResultSummary;}();var ChangedObject=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ChangedObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ChangedObject);this.ref=void 0;this.changes=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.changes=this.convertValues(source["changes"],Change);}_createClass(ChangedObject,[{key:"convertValues",value:function convertValues(a,classs){var _this11=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this11.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i11=0,_Object$keys11=Object.keys(a);_i11<_Object$keys11.length;_i11++){var _key11=_Object$keys11[_i11];a[_key11]=new classs(a[_key11]);}return a;}return new classs(a);}return a;}}]);return ChangedObject;}()));var ValidateResultEntry=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResultEntry(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResultEntry);this.ref=void 0;this.annotation=void 0;this.message=void 0;if('string'===typeof source)source=JSON.parse(source);this.ref=this.convertValues(source["ref"],models_ObjectRef);this.annotation=source["annotation"];this.message=source["message"];}_createClass(ValidateResultEntry,[{key:"convertValues",value:function convertValues(a,classs){var _this12=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this12.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i12=0,_Object$keys12=Object.keys(a);_i12<_Object$keys12.length;_i12++){var _key12=_Object$keys12[_i12];a[_key12]=new classs(a[_key12]);}return a;}return new classs(a);}return a;}}]);return ValidateResultEntry;}()));var ValidateResult=/*#__PURE__*/(/* unused pure expression or super */ null && (function(){function ValidateResult(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ValidateResult);this.id=void 0;this.startTime=void 0;this.endTime=void 0;this.ready=void 0;this.warnings=void 0;this.errors=void 0;this.results=void 0;this.drift=void 0;if('string'===typeof source)source=JSON.parse(source);this.id=source["id"];this.startTime=source["startTime"];this.endTime=source["endTime"];this.ready=source["ready"];this.warnings=this.convertValues(source["warnings"],DeploymentError);this.errors=this.convertValues(source["errors"],DeploymentError);this.results=this.convertValues(source["results"],ValidateResultEntry);this.drift=this.convertValues(source["drift"],ChangedObject);}_createClass(ValidateResult,[{key:"convertValues",value:function convertValues(a,classs){var _this13=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this13.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i13=0,_Object$keys13=Object.keys(a);_i13<_Object$keys13.length;_i13++){var _key13=_Object$keys13[_i13];a[_key13]=new classs(a[_key13]);}return a;}return new classs(a);}return a;}}]);return ValidateResult;}()));var ShortName=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function ShortName(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,ShortName);this.group=void 0;this.kind=void 0;this.shortName=void 0;if('string'===typeof source)source=JSON.parse(source);this.group=source["group"];this.kind=source["kind"];this.shortName=source["shortName"];})));var UnstructuredObject=/*#__PURE__*/(/* unused pure expression or super */ null && (_createClass(function UnstructuredObject(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};_classCallCheck(this,UnstructuredObject);if('string'===typeof source)source=JSON.parse(source);})));var ProjectTargetKey=/*#__PURE__*/function(){function ProjectTargetKey(){var source=arguments.length>0&&arguments[0]!==undefined?arguments[0]:{};classCallCheck_classCallCheck(this,ProjectTargetKey);this.project=void 0;this.target=void 0;if('string'===typeof source)source=JSON.parse(source);this.project=this.convertValues(source["project"],ProjectKey);this.target=this.convertValues(source["target"],TargetKey);}createClass_createClass(ProjectTargetKey,[{key:"convertValues",value:function convertValues(a,classs){var _this14=this;var asMap=arguments.length>2&&arguments[2]!==undefined?arguments[2]:false;if(!a){return a;}if(a.slice){return a.map(function(elem){return _this14.convertValues(elem,classs);});}else if("object"===typeof a){if(asMap){for(var _i14=0,_Object$keys14=Object.keys(a);_i14<_Object$keys14.length;_i14++){var _key14=_Object$keys14[_i14];a[_key14]=new classs(a[_key14]);}return a;}return new classs(a);}return a;}}]);return ProjectTargetKey;}();
-// EXTERNAL MODULE: ./node_modules/lodash/lodash.js
-var lodash = __webpack_require__(763);
-var lodash_default = /*#__PURE__*/__webpack_require__.n(lodash);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Grow/Grow.js
-
-
-var Grow_excluded = ["addEndListener", "appear", "children", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "style", "timeout", "TransitionComponent"];
-
-
-
-
-
-
-
-
-function getScale(value) {
-  return "scale(".concat(value, ", ").concat(Math.pow(value, 2), ")");
-}
-var Grow_styles = {
-  entering: {
-    opacity: 1,
-    transform: getScale(1)
-  },
-  entered: {
-    opacity: 1,
-    transform: 'none'
-  }
-};
-
-/*
- TODO v6: remove
- Conditionally apply a workaround for the CSS transition bug in Safari 15.4 / WebKit browsers.
- */
-var isWebKit154 = typeof navigator !== 'undefined' && /^((?!chrome|android).)*(safari|mobile)/i.test(navigator.userAgent) && /(os |version\/)15(.|_)4/i.test(navigator.userAgent);
-
-/**
- * The Grow transition is used by the [Tooltip](/material-ui/react-tooltip/) and
- * [Popover](/material-ui/react-popover/) components.
- * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
- */
-var Grow = /*#__PURE__*/react.forwardRef(function Grow(props, ref) {
-  var addEndListener = props.addEndListener,
-    _props$appear = props.appear,
-    appear = _props$appear === void 0 ? true : _props$appear,
-    _children = props.children,
-    easing = props.easing,
-    inProp = props.in,
-    onEnter = props.onEnter,
-    onEntered = props.onEntered,
-    onEntering = props.onEntering,
-    onExit = props.onExit,
-    onExited = props.onExited,
-    onExiting = props.onExiting,
-    style = props.style,
-    _props$timeout = props.timeout,
-    timeout = _props$timeout === void 0 ? 'auto' : _props$timeout,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Grow_excluded);
-  var timer = react.useRef();
-  var autoTimeout = react.useRef();
-  var theme = styles_useTheme_useTheme();
-  var nodeRef = react.useRef(null);
-  var handleRef = utils_useForkRef(nodeRef, _children.ref, ref);
-  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
-    return function (maybeIsAppearing) {
-      if (callback) {
-        var node = nodeRef.current;
-
-        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
-        if (maybeIsAppearing === undefined) {
-          callback(node);
-        } else {
-          callback(node, maybeIsAppearing);
-        }
-      }
-    };
-  };
-  var handleEntering = normalizedTransitionCallback(onEntering);
-  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
-    reflow(node); // So the animation always start from the start.
-
-    var _getTransitionProps = getTransitionProps({
-        style: style,
-        timeout: timeout,
-        easing: easing
-      }, {
-        mode: 'enter'
-      }),
-      transitionDuration = _getTransitionProps.duration,
-      delay = _getTransitionProps.delay,
-      transitionTimingFunction = _getTransitionProps.easing;
-    var duration;
-    if (timeout === 'auto') {
-      duration = theme.transitions.getAutoHeightDuration(node.clientHeight);
-      autoTimeout.current = duration;
-    } else {
-      duration = transitionDuration;
-    }
-    node.style.transition = [theme.transitions.create('opacity', {
-      duration: duration,
-      delay: delay
-    }), theme.transitions.create('transform', {
-      duration: isWebKit154 ? duration : duration * 0.666,
-      delay: delay,
-      easing: transitionTimingFunction
-    })].join(',');
-    if (onEnter) {
-      onEnter(node, isAppearing);
-    }
-  });
-  var handleEntered = normalizedTransitionCallback(onEntered);
-  var handleExiting = normalizedTransitionCallback(onExiting);
-  var handleExit = normalizedTransitionCallback(function (node) {
-    var _getTransitionProps2 = getTransitionProps({
-        style: style,
-        timeout: timeout,
-        easing: easing
-      }, {
-        mode: 'exit'
-      }),
-      transitionDuration = _getTransitionProps2.duration,
-      delay = _getTransitionProps2.delay,
-      transitionTimingFunction = _getTransitionProps2.easing;
-    var duration;
-    if (timeout === 'auto') {
-      duration = theme.transitions.getAutoHeightDuration(node.clientHeight);
-      autoTimeout.current = duration;
-    } else {
-      duration = transitionDuration;
-    }
-    node.style.transition = [theme.transitions.create('opacity', {
-      duration: duration,
-      delay: delay
-    }), theme.transitions.create('transform', {
-      duration: isWebKit154 ? duration : duration * 0.666,
-      delay: isWebKit154 ? delay : delay || duration * 0.333,
-      easing: transitionTimingFunction
-    })].join(',');
-    node.style.opacity = 0;
-    node.style.transform = getScale(0.75);
-    if (onExit) {
-      onExit(node);
-    }
-  });
-  var handleExited = normalizedTransitionCallback(onExited);
-  var handleAddEndListener = function handleAddEndListener(next) {
-    if (timeout === 'auto') {
-      timer.current = setTimeout(next, autoTimeout.current || 0);
-    }
-    if (addEndListener) {
-      // Old call signature before `react-transition-group` implemented `nodeRef`
-      addEndListener(nodeRef.current, next);
-    }
-  };
-  react.useEffect(function () {
-    return function () {
-      clearTimeout(timer.current);
-    };
-  }, []);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    appear: appear,
-    in: inProp,
-    nodeRef: nodeRef,
-    onEnter: handleEnter,
-    onEntered: handleEntered,
-    onEntering: handleEntering,
-    onExit: handleExit,
-    onExited: handleExited,
-    onExiting: handleExiting,
-    addEndListener: handleAddEndListener,
-    timeout: timeout === 'auto' ? null : timeout
-  }, other, {
-    children: function children(state, childProps) {
-      return /*#__PURE__*/react.cloneElement(_children, extends_extends({
-        style: extends_extends({
-          opacity: 0,
-          transform: getScale(0.75),
-          visibility: state === 'exited' && !inProp ? 'hidden' : undefined
-        }, Grow_styles[state], style, _children.props.style),
-        ref: handleRef
-      }, childProps));
-    }
-  }));
-});
- false ? 0 : void 0;
-Grow.muiSupportAuto = true;
-/* harmony default export */ var Grow_Grow = (Grow);
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindow.js
-function getWindow(node) {
-  if (node == null) {
-    return window;
-  }
-  if (node.toString() !== '[object Window]') {
-    var ownerDocument = node.ownerDocument;
-    return ownerDocument ? ownerDocument.defaultView || window : window;
-  }
-  return node;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/instanceOf.js
-
-function isElement(node) {
-  var OwnElement = getWindow(node).Element;
-  return node instanceof OwnElement || node instanceof Element;
-}
-function isHTMLElement(node) {
-  var OwnElement = getWindow(node).HTMLElement;
-  return node instanceof OwnElement || node instanceof HTMLElement;
-}
-function isShadowRoot(node) {
-  // IE 11 has no ShadowRoot
-  if (typeof ShadowRoot === 'undefined') {
-    return false;
-  }
-  var OwnElement = getWindow(node).ShadowRoot;
-  return node instanceof OwnElement || node instanceof ShadowRoot;
-}
-
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/math.js
-var math_max = Math.max;
-var math_min = Math.min;
-var math_round = Math.round;
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/userAgent.js
-function getUAString() {
-  var uaData = navigator.userAgentData;
-  if (uaData != null && uaData.brands && Array.isArray(uaData.brands)) {
-    return uaData.brands.map(function (item) {
-      return item.brand + "/" + item.version;
-    }).join(' ');
-  }
-  return navigator.userAgent;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isLayoutViewport.js
-
-function isLayoutViewport() {
-  return !/^((?!chrome|android).)*safari/i.test(getUAString());
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getBoundingClientRect.js
-
-
-
-
-function getBoundingClientRect(element, includeScale, isFixedStrategy) {
-  if (includeScale === void 0) {
-    includeScale = false;
-  }
-  if (isFixedStrategy === void 0) {
-    isFixedStrategy = false;
-  }
-  var clientRect = element.getBoundingClientRect();
-  var scaleX = 1;
-  var scaleY = 1;
-  if (includeScale && isHTMLElement(element)) {
-    scaleX = element.offsetWidth > 0 ? math_round(clientRect.width) / element.offsetWidth || 1 : 1;
-    scaleY = element.offsetHeight > 0 ? math_round(clientRect.height) / element.offsetHeight || 1 : 1;
-  }
-  var _ref = isElement(element) ? getWindow(element) : window,
-    visualViewport = _ref.visualViewport;
-  var addVisualOffsets = !isLayoutViewport() && isFixedStrategy;
-  var x = (clientRect.left + (addVisualOffsets && visualViewport ? visualViewport.offsetLeft : 0)) / scaleX;
-  var y = (clientRect.top + (addVisualOffsets && visualViewport ? visualViewport.offsetTop : 0)) / scaleY;
-  var width = clientRect.width / scaleX;
-  var height = clientRect.height / scaleY;
-  return {
-    width: width,
-    height: height,
-    top: y,
-    right: x + width,
-    bottom: y + height,
-    left: x,
-    x: x,
-    y: y
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindowScroll.js
-
-function getWindowScroll(node) {
-  var win = getWindow(node);
-  var scrollLeft = win.pageXOffset;
-  var scrollTop = win.pageYOffset;
-  return {
-    scrollLeft: scrollLeft,
-    scrollTop: scrollTop
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getHTMLElementScroll.js
-function getHTMLElementScroll(element) {
-  return {
-    scrollLeft: element.scrollLeft,
-    scrollTop: element.scrollTop
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getNodeScroll.js
-
-
-
-
-function getNodeScroll(node) {
-  if (node === getWindow(node) || !isHTMLElement(node)) {
-    return getWindowScroll(node);
-  } else {
-    return getHTMLElementScroll(node);
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getNodeName.js
-function getNodeName(element) {
-  return element ? (element.nodeName || '').toLowerCase() : null;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getDocumentElement.js
-
-function getDocumentElement(element) {
-  // $FlowFixMe[incompatible-return]: assume body is always available
-  return ((isElement(element) ? element.ownerDocument :
-  // $FlowFixMe[prop-missing]
-  element.document) || window.document).documentElement;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getWindowScrollBarX.js
-
-
-
-function getWindowScrollBarX(element) {
-  // If <html> has a CSS width greater than the viewport, then this will be
-  // incorrect for RTL.
-  // Popper 1 is broken in this case and never had a bug report so let's assume
-  // it's not an issue. I don't think anyone ever specifies width on <html>
-  // anyway.
-  // Browsers where the left scrollbar doesn't cause an issue report `0` for
-  // this (e.g. Edge 2019, IE11, Safari)
-  return getBoundingClientRect(getDocumentElement(element)).left + getWindowScroll(element).scrollLeft;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getComputedStyle.js
-
-function getComputedStyle(element) {
-  return getWindow(element).getComputedStyle(element);
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isScrollParent.js
-
-function isScrollParent(element) {
-  // Firefox wants us to check `-x` and `-y` variations as well
-  var _getComputedStyle = getComputedStyle(element),
-    overflow = _getComputedStyle.overflow,
-    overflowX = _getComputedStyle.overflowX,
-    overflowY = _getComputedStyle.overflowY;
-  return /auto|scroll|overlay|hidden/.test(overflow + overflowY + overflowX);
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getCompositeRect.js
-
-
-
-
-
-
-
-
-function isElementScaled(element) {
-  var rect = element.getBoundingClientRect();
-  var scaleX = math_round(rect.width) / element.offsetWidth || 1;
-  var scaleY = math_round(rect.height) / element.offsetHeight || 1;
-  return scaleX !== 1 || scaleY !== 1;
-} // Returns the composite rect of an element relative to its offsetParent.
-// Composite means it takes into account transforms as well as layout.
-
-function getCompositeRect(elementOrVirtualElement, offsetParent, isFixed) {
-  if (isFixed === void 0) {
-    isFixed = false;
-  }
-  var isOffsetParentAnElement = isHTMLElement(offsetParent);
-  var offsetParentIsScaled = isHTMLElement(offsetParent) && isElementScaled(offsetParent);
-  var documentElement = getDocumentElement(offsetParent);
-  var rect = getBoundingClientRect(elementOrVirtualElement, offsetParentIsScaled, isFixed);
-  var scroll = {
-    scrollLeft: 0,
-    scrollTop: 0
-  };
-  var offsets = {
-    x: 0,
-    y: 0
-  };
-  if (isOffsetParentAnElement || !isOffsetParentAnElement && !isFixed) {
-    if (getNodeName(offsetParent) !== 'body' ||
-    // https://github.com/popperjs/popper-core/issues/1078
-    isScrollParent(documentElement)) {
-      scroll = getNodeScroll(offsetParent);
-    }
-    if (isHTMLElement(offsetParent)) {
-      offsets = getBoundingClientRect(offsetParent, true);
-      offsets.x += offsetParent.clientLeft;
-      offsets.y += offsetParent.clientTop;
-    } else if (documentElement) {
-      offsets.x = getWindowScrollBarX(documentElement);
-    }
-  }
-  return {
-    x: rect.left + scroll.scrollLeft - offsets.x,
-    y: rect.top + scroll.scrollTop - offsets.y,
-    width: rect.width,
-    height: rect.height
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getLayoutRect.js
- // Returns the layout rect of an element relative to its offsetParent. Layout
-// means it doesn't take into account transforms.
-
-function getLayoutRect(element) {
-  var clientRect = getBoundingClientRect(element); // Use the clientRect sizes if it's not been transformed.
-  // Fixes https://github.com/popperjs/popper-core/issues/1223
-
-  var width = element.offsetWidth;
-  var height = element.offsetHeight;
-  if (Math.abs(clientRect.width - width) <= 1) {
-    width = clientRect.width;
-  }
-  if (Math.abs(clientRect.height - height) <= 1) {
-    height = clientRect.height;
-  }
-  return {
-    x: element.offsetLeft,
-    y: element.offsetTop,
-    width: width,
-    height: height
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getParentNode.js
-
-
-
-function getParentNode(element) {
-  if (getNodeName(element) === 'html') {
-    return element;
-  }
-  return (
-    // this is a quicker (but less type safe) way to save quite some bytes from the bundle
-    // $FlowFixMe[incompatible-return]
-    // $FlowFixMe[prop-missing]
-    element.assignedSlot ||
-    // step into the shadow DOM of the parent of a slotted node
-    element.parentNode || (
-    // DOM Element detected
-    isShadowRoot(element) ? element.host : null) ||
-    // ShadowRoot detected
-    // $FlowFixMe[incompatible-call]: HTMLElement is a Node
-    getDocumentElement(element) // fallback
-  );
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getScrollParent.js
-
-
-
-
-function getScrollParent(node) {
-  if (['html', 'body', '#document'].indexOf(getNodeName(node)) >= 0) {
-    // $FlowFixMe[incompatible-return]: assume body is always available
-    return node.ownerDocument.body;
-  }
-  if (isHTMLElement(node) && isScrollParent(node)) {
-    return node;
-  }
-  return getScrollParent(getParentNode(node));
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/listScrollParents.js
-
-
-
-
-/*
-given a DOM element, return the list of all scroll parents, up the list of ancesors
-until we get to the top window object. This list is what we attach scroll listeners
-to, because if any of these parent elements scroll, we'll need to re-calculate the
-reference element's position.
-*/
-
-function listScrollParents(element, list) {
-  var _element$ownerDocumen;
-  if (list === void 0) {
-    list = [];
-  }
-  var scrollParent = getScrollParent(element);
-  var isBody = scrollParent === ((_element$ownerDocumen = element.ownerDocument) == null ? void 0 : _element$ownerDocumen.body);
-  var win = getWindow(scrollParent);
-  var target = isBody ? [win].concat(win.visualViewport || [], isScrollParent(scrollParent) ? scrollParent : []) : scrollParent;
-  var updatedList = list.concat(target);
-  return isBody ? updatedList :
-  // $FlowFixMe[incompatible-call]: isBody tells us target will be an HTMLElement here
-  updatedList.concat(listScrollParents(getParentNode(target)));
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/isTableElement.js
-
-function isTableElement(element) {
-  return ['table', 'td', 'th'].indexOf(getNodeName(element)) >= 0;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getOffsetParent.js
-
-
-
-
-
-
-
-function getTrueOffsetParent(element) {
-  if (!isHTMLElement(element) ||
-  // https://github.com/popperjs/popper-core/issues/837
-  getComputedStyle(element).position === 'fixed') {
-    return null;
-  }
-  return element.offsetParent;
-} // `.offsetParent` reports `null` for fixed elements, while absolute elements
-// return the containing block
-
-function getContainingBlock(element) {
-  var isFirefox = /firefox/i.test(getUAString());
-  var isIE = /Trident/i.test(getUAString());
-  if (isIE && isHTMLElement(element)) {
-    // In IE 9, 10 and 11 fixed elements containing block is always established by the viewport
-    var elementCss = getComputedStyle(element);
-    if (elementCss.position === 'fixed') {
-      return null;
-    }
-  }
-  var currentNode = getParentNode(element);
-  if (isShadowRoot(currentNode)) {
-    currentNode = currentNode.host;
-  }
-  while (isHTMLElement(currentNode) && ['html', 'body'].indexOf(getNodeName(currentNode)) < 0) {
-    var css = getComputedStyle(currentNode); // This is non-exhaustive but covers the most common CSS properties that
-    // create a containing block.
-    // https://developer.mozilla.org/en-US/docs/Web/CSS/Containing_block#identifying_the_containing_block
-
-    if (css.transform !== 'none' || css.perspective !== 'none' || css.contain === 'paint' || ['transform', 'perspective'].indexOf(css.willChange) !== -1 || isFirefox && css.willChange === 'filter' || isFirefox && css.filter && css.filter !== 'none') {
-      return currentNode;
-    } else {
-      currentNode = currentNode.parentNode;
-    }
-  }
-  return null;
-} // Gets the closest ancestor positioned element. Handles some edge cases,
-// such as table ancestors and cross browser bugs.
-
-function getOffsetParent(element) {
-  var window = getWindow(element);
-  var offsetParent = getTrueOffsetParent(element);
-  while (offsetParent && isTableElement(offsetParent) && getComputedStyle(offsetParent).position === 'static') {
-    offsetParent = getTrueOffsetParent(offsetParent);
-  }
-  if (offsetParent && (getNodeName(offsetParent) === 'html' || getNodeName(offsetParent) === 'body' && getComputedStyle(offsetParent).position === 'static')) {
-    return window;
-  }
-  return offsetParent || getContainingBlock(element) || window;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/enums.js
-var enums_top = 'top';
-var bottom = 'bottom';
-var right = 'right';
-var left = 'left';
-var auto = 'auto';
-var basePlacements = [enums_top, bottom, right, left];
-var start = 'start';
-var end = 'end';
-var clippingParents = 'clippingParents';
-var viewport = 'viewport';
-var popper = 'popper';
-var reference = 'reference';
-var variationPlacements = /*#__PURE__*/basePlacements.reduce(function (acc, placement) {
-  return acc.concat([placement + "-" + start, placement + "-" + end]);
-}, []);
-var enums_placements = /*#__PURE__*/[].concat(basePlacements, [auto]).reduce(function (acc, placement) {
-  return acc.concat([placement, placement + "-" + start, placement + "-" + end]);
-}, []); // modifiers that need to read the DOM
-
-var beforeRead = 'beforeRead';
-var read = 'read';
-var afterRead = 'afterRead'; // pure-logic modifiers
-
-var beforeMain = 'beforeMain';
-var main = 'main';
-var afterMain = 'afterMain'; // modifier with the purpose to write to the DOM (or write into a framework state)
-
-var beforeWrite = 'beforeWrite';
-var write = 'write';
-var afterWrite = 'afterWrite';
-var modifierPhases = [beforeRead, read, afterRead, beforeMain, main, afterMain, beforeWrite, write, afterWrite];
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/orderModifiers.js
- // source: https://stackoverflow.com/questions/49875255
-
-function order(modifiers) {
-  var map = new Map();
-  var visited = new Set();
-  var result = [];
-  modifiers.forEach(function (modifier) {
-    map.set(modifier.name, modifier);
-  }); // On visiting object, check for its dependencies and visit them recursively
-
-  function sort(modifier) {
-    visited.add(modifier.name);
-    var requires = [].concat(modifier.requires || [], modifier.requiresIfExists || []);
-    requires.forEach(function (dep) {
-      if (!visited.has(dep)) {
-        var depModifier = map.get(dep);
-        if (depModifier) {
-          sort(depModifier);
-        }
-      }
-    });
-    result.push(modifier);
-  }
-  modifiers.forEach(function (modifier) {
-    if (!visited.has(modifier.name)) {
-      // check for visited object
-      sort(modifier);
-    }
-  });
-  return result;
-}
-function orderModifiers(modifiers) {
-  // order based on dependencies
-  var orderedModifiers = order(modifiers); // order based on phase
-
-  return modifierPhases.reduce(function (acc, phase) {
-    return acc.concat(orderedModifiers.filter(function (modifier) {
-      return modifier.phase === phase;
-    }));
-  }, []);
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/debounce.js
-function debounce_debounce(fn) {
-  var pending;
-  return function () {
-    if (!pending) {
-      pending = new Promise(function (resolve) {
-        Promise.resolve().then(function () {
-          pending = undefined;
-          resolve(fn());
-        });
-      });
-    }
-    return pending;
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/mergeByName.js
-function mergeByName(modifiers) {
-  var merged = modifiers.reduce(function (merged, current) {
-    var existing = merged[current.name];
-    merged[current.name] = existing ? Object.assign({}, existing, current, {
-      options: Object.assign({}, existing.options, current.options),
-      data: Object.assign({}, existing.data, current.data)
-    }) : current;
-    return merged;
-  }, {}); // IE11 does not support Object.values
-
-  return Object.keys(merged).map(function (key) {
-    return merged[key];
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/createPopper.js
-
-
-
-
-
-
-
-
-
-var DEFAULT_OPTIONS = {
-  placement: 'bottom',
-  modifiers: [],
-  strategy: 'absolute'
-};
-function areValidElements() {
-  for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
-    args[_key] = arguments[_key];
-  }
-  return !args.some(function (element) {
-    return !(element && typeof element.getBoundingClientRect === 'function');
-  });
-}
-function popperGenerator(generatorOptions) {
-  if (generatorOptions === void 0) {
-    generatorOptions = {};
-  }
-  var _generatorOptions = generatorOptions,
-    _generatorOptions$def = _generatorOptions.defaultModifiers,
-    defaultModifiers = _generatorOptions$def === void 0 ? [] : _generatorOptions$def,
-    _generatorOptions$def2 = _generatorOptions.defaultOptions,
-    defaultOptions = _generatorOptions$def2 === void 0 ? DEFAULT_OPTIONS : _generatorOptions$def2;
-  return function createPopper(reference, popper, options) {
-    if (options === void 0) {
-      options = defaultOptions;
-    }
-    var state = {
-      placement: 'bottom',
-      orderedModifiers: [],
-      options: Object.assign({}, DEFAULT_OPTIONS, defaultOptions),
-      modifiersData: {},
-      elements: {
-        reference: reference,
-        popper: popper
-      },
-      attributes: {},
-      styles: {}
-    };
-    var effectCleanupFns = [];
-    var isDestroyed = false;
-    var instance = {
-      state: state,
-      setOptions: function setOptions(setOptionsAction) {
-        var options = typeof setOptionsAction === 'function' ? setOptionsAction(state.options) : setOptionsAction;
-        cleanupModifierEffects();
-        state.options = Object.assign({}, defaultOptions, state.options, options);
-        state.scrollParents = {
-          reference: isElement(reference) ? listScrollParents(reference) : reference.contextElement ? listScrollParents(reference.contextElement) : [],
-          popper: listScrollParents(popper)
-        }; // Orders the modifiers based on their dependencies and `phase`
-        // properties
-
-        var orderedModifiers = orderModifiers(mergeByName([].concat(defaultModifiers, state.options.modifiers))); // Strip out disabled modifiers
-
-        state.orderedModifiers = orderedModifiers.filter(function (m) {
-          return m.enabled;
-        });
-        runModifierEffects();
-        return instance.update();
-      },
-      // Sync update – it will always be executed, even if not necessary. This
-      // is useful for low frequency updates where sync behavior simplifies the
-      // logic.
-      // For high frequency updates (e.g. `resize` and `scroll` events), always
-      // prefer the async Popper#update method
-      forceUpdate: function forceUpdate() {
-        if (isDestroyed) {
-          return;
-        }
-        var _state$elements = state.elements,
-          reference = _state$elements.reference,
-          popper = _state$elements.popper; // Don't proceed if `reference` or `popper` are not valid elements
-        // anymore
-
-        if (!areValidElements(reference, popper)) {
-          return;
-        } // Store the reference and popper rects to be read by modifiers
-
-        state.rects = {
-          reference: getCompositeRect(reference, getOffsetParent(popper), state.options.strategy === 'fixed'),
-          popper: getLayoutRect(popper)
-        }; // Modifiers have the ability to reset the current update cycle. The
-        // most common use case for this is the `flip` modifier changing the
-        // placement, which then needs to re-run all the modifiers, because the
-        // logic was previously ran for the previous placement and is therefore
-        // stale/incorrect
-
-        state.reset = false;
-        state.placement = state.options.placement; // On each update cycle, the `modifiersData` property for each modifier
-        // is filled with the initial data specified by the modifier. This means
-        // it doesn't persist and is fresh on each update.
-        // To ensure persistent data, use `${name}#persistent`
-
-        state.orderedModifiers.forEach(function (modifier) {
-          return state.modifiersData[modifier.name] = Object.assign({}, modifier.data);
-        });
-        for (var index = 0; index < state.orderedModifiers.length; index++) {
-          if (state.reset === true) {
-            state.reset = false;
-            index = -1;
-            continue;
-          }
-          var _state$orderedModifie = state.orderedModifiers[index],
-            fn = _state$orderedModifie.fn,
-            _state$orderedModifie2 = _state$orderedModifie.options,
-            _options = _state$orderedModifie2 === void 0 ? {} : _state$orderedModifie2,
-            name = _state$orderedModifie.name;
-          if (typeof fn === 'function') {
-            state = fn({
-              state: state,
-              options: _options,
-              name: name,
-              instance: instance
-            }) || state;
-          }
-        }
-      },
-      // Async and optimistically optimized update – it will not be executed if
-      // not necessary (debounced to run at most once-per-tick)
-      update: debounce_debounce(function () {
-        return new Promise(function (resolve) {
-          instance.forceUpdate();
-          resolve(state);
-        });
-      }),
-      destroy: function destroy() {
-        cleanupModifierEffects();
-        isDestroyed = true;
-      }
-    };
-    if (!areValidElements(reference, popper)) {
-      return instance;
-    }
-    instance.setOptions(options).then(function (state) {
-      if (!isDestroyed && options.onFirstUpdate) {
-        options.onFirstUpdate(state);
-      }
-    }); // Modifiers have the ability to execute arbitrary code before the first
-    // update cycle runs. They will be executed in the same order as the update
-    // cycle. This is useful when a modifier adds some persistent data that
-    // other modifiers need to use, but the modifier is run after the dependent
-    // one.
-
-    function runModifierEffects() {
-      state.orderedModifiers.forEach(function (_ref) {
-        var name = _ref.name,
-          _ref$options = _ref.options,
-          options = _ref$options === void 0 ? {} : _ref$options,
-          effect = _ref.effect;
-        if (typeof effect === 'function') {
-          var cleanupFn = effect({
-            state: state,
-            name: name,
-            instance: instance,
-            options: options
-          });
-          var noopFn = function noopFn() {};
-          effectCleanupFns.push(cleanupFn || noopFn);
-        }
-      });
-    }
-    function cleanupModifierEffects() {
-      effectCleanupFns.forEach(function (fn) {
-        return fn();
-      });
-      effectCleanupFns = [];
-    }
-    return instance;
-  };
-}
-var createPopper = /*#__PURE__*/(/* unused pure expression or super */ null && (popperGenerator())); // eslint-disable-next-line import/no-unused-modules
-
-
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/eventListeners.js
- // eslint-disable-next-line import/no-unused-modules
-
-var passive = {
-  passive: true
-};
-function effect(_ref) {
-  var state = _ref.state,
-    instance = _ref.instance,
-    options = _ref.options;
-  var _options$scroll = options.scroll,
-    scroll = _options$scroll === void 0 ? true : _options$scroll,
-    _options$resize = options.resize,
-    resize = _options$resize === void 0 ? true : _options$resize;
-  var window = getWindow(state.elements.popper);
-  var scrollParents = [].concat(state.scrollParents.reference, state.scrollParents.popper);
-  if (scroll) {
-    scrollParents.forEach(function (scrollParent) {
-      scrollParent.addEventListener('scroll', instance.update, passive);
-    });
-  }
-  if (resize) {
-    window.addEventListener('resize', instance.update, passive);
-  }
-  return function () {
-    if (scroll) {
-      scrollParents.forEach(function (scrollParent) {
-        scrollParent.removeEventListener('scroll', instance.update, passive);
-      });
-    }
-    if (resize) {
-      window.removeEventListener('resize', instance.update, passive);
-    }
-  };
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var eventListeners = ({
-  name: 'eventListeners',
-  enabled: true,
-  phase: 'write',
-  fn: function fn() {},
-  effect: effect,
-  data: {}
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getBasePlacement.js
-
-function getBasePlacement(placement) {
-  return placement.split('-')[0];
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getVariation.js
-function getVariation(placement) {
-  return placement.split('-')[1];
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getMainAxisFromPlacement.js
-function getMainAxisFromPlacement(placement) {
-  return ['top', 'bottom'].indexOf(placement) >= 0 ? 'x' : 'y';
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/computeOffsets.js
-
-
-
-
-function computeOffsets(_ref) {
-  var reference = _ref.reference,
-    element = _ref.element,
-    placement = _ref.placement;
-  var basePlacement = placement ? getBasePlacement(placement) : null;
-  var variation = placement ? getVariation(placement) : null;
-  var commonX = reference.x + reference.width / 2 - element.width / 2;
-  var commonY = reference.y + reference.height / 2 - element.height / 2;
-  var offsets;
-  switch (basePlacement) {
-    case enums_top:
-      offsets = {
-        x: commonX,
-        y: reference.y - element.height
-      };
-      break;
-    case bottom:
-      offsets = {
-        x: commonX,
-        y: reference.y + reference.height
-      };
-      break;
-    case right:
-      offsets = {
-        x: reference.x + reference.width,
-        y: commonY
-      };
-      break;
-    case left:
-      offsets = {
-        x: reference.x - element.width,
-        y: commonY
-      };
-      break;
-    default:
-      offsets = {
-        x: reference.x,
-        y: reference.y
-      };
-  }
-  var mainAxis = basePlacement ? getMainAxisFromPlacement(basePlacement) : null;
-  if (mainAxis != null) {
-    var len = mainAxis === 'y' ? 'height' : 'width';
-    switch (variation) {
-      case start:
-        offsets[mainAxis] = offsets[mainAxis] - (reference[len] / 2 - element[len] / 2);
-        break;
-      case end:
-        offsets[mainAxis] = offsets[mainAxis] + (reference[len] / 2 - element[len] / 2);
-        break;
-      default:
-    }
-  }
-  return offsets;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/popperOffsets.js
-
-function popperOffsets(_ref) {
-  var state = _ref.state,
-    name = _ref.name;
-  // Offsets are the actual position the popper needs to have to be
-  // properly positioned near its reference element
-  // This is the most basic placement, and will be adjusted by
-  // the modifiers in the next step
-  state.modifiersData[name] = computeOffsets({
-    reference: state.rects.reference,
-    element: state.rects.popper,
-    strategy: 'absolute',
-    placement: state.placement
-  });
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_popperOffsets = ({
-  name: 'popperOffsets',
-  enabled: true,
-  phase: 'read',
-  fn: popperOffsets,
-  data: {}
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/computeStyles.js
-
-
-
-
-
-
-
- // eslint-disable-next-line import/no-unused-modules
-
-var unsetSides = {
-  top: 'auto',
-  right: 'auto',
-  bottom: 'auto',
-  left: 'auto'
-}; // Round the offsets to the nearest suitable subpixel based on the DPR.
-// Zooming can change the DPR, but it seems to report a value that will
-// cleanly divide the values into the appropriate subpixels.
-
-function roundOffsetsByDPR(_ref, win) {
-  var x = _ref.x,
-    y = _ref.y;
-  var dpr = win.devicePixelRatio || 1;
-  return {
-    x: math_round(x * dpr) / dpr || 0,
-    y: math_round(y * dpr) / dpr || 0
-  };
-}
-function mapToStyles(_ref2) {
-  var _Object$assign2;
-  var popper = _ref2.popper,
-    popperRect = _ref2.popperRect,
-    placement = _ref2.placement,
-    variation = _ref2.variation,
-    offsets = _ref2.offsets,
-    position = _ref2.position,
-    gpuAcceleration = _ref2.gpuAcceleration,
-    adaptive = _ref2.adaptive,
-    roundOffsets = _ref2.roundOffsets,
-    isFixed = _ref2.isFixed;
-  var _offsets$x = offsets.x,
-    x = _offsets$x === void 0 ? 0 : _offsets$x,
-    _offsets$y = offsets.y,
-    y = _offsets$y === void 0 ? 0 : _offsets$y;
-  var _ref3 = typeof roundOffsets === 'function' ? roundOffsets({
-    x: x,
-    y: y
-  }) : {
-    x: x,
-    y: y
-  };
-  x = _ref3.x;
-  y = _ref3.y;
-  var hasX = offsets.hasOwnProperty('x');
-  var hasY = offsets.hasOwnProperty('y');
-  var sideX = left;
-  var sideY = enums_top;
-  var win = window;
-  if (adaptive) {
-    var offsetParent = getOffsetParent(popper);
-    var heightProp = 'clientHeight';
-    var widthProp = 'clientWidth';
-    if (offsetParent === getWindow(popper)) {
-      offsetParent = getDocumentElement(popper);
-      if (getComputedStyle(offsetParent).position !== 'static' && position === 'absolute') {
-        heightProp = 'scrollHeight';
-        widthProp = 'scrollWidth';
-      }
-    } // $FlowFixMe[incompatible-cast]: force type refinement, we compare offsetParent with window above, but Flow doesn't detect it
-
-    offsetParent = offsetParent;
-    if (placement === enums_top || (placement === left || placement === right) && variation === end) {
-      sideY = bottom;
-      var offsetY = isFixed && offsetParent === win && win.visualViewport ? win.visualViewport.height :
-      // $FlowFixMe[prop-missing]
-      offsetParent[heightProp];
-      y -= offsetY - popperRect.height;
-      y *= gpuAcceleration ? 1 : -1;
-    }
-    if (placement === left || (placement === enums_top || placement === bottom) && variation === end) {
-      sideX = right;
-      var offsetX = isFixed && offsetParent === win && win.visualViewport ? win.visualViewport.width :
-      // $FlowFixMe[prop-missing]
-      offsetParent[widthProp];
-      x -= offsetX - popperRect.width;
-      x *= gpuAcceleration ? 1 : -1;
-    }
-  }
-  var commonStyles = Object.assign({
-    position: position
-  }, adaptive && unsetSides);
-  var _ref4 = roundOffsets === true ? roundOffsetsByDPR({
-    x: x,
-    y: y
-  }, getWindow(popper)) : {
-    x: x,
-    y: y
-  };
-  x = _ref4.x;
-  y = _ref4.y;
-  if (gpuAcceleration) {
-    var _Object$assign;
-    return Object.assign({}, commonStyles, (_Object$assign = {}, _Object$assign[sideY] = hasY ? '0' : '', _Object$assign[sideX] = hasX ? '0' : '', _Object$assign.transform = (win.devicePixelRatio || 1) <= 1 ? "translate(" + x + "px, " + y + "px)" : "translate3d(" + x + "px, " + y + "px, 0)", _Object$assign));
-  }
-  return Object.assign({}, commonStyles, (_Object$assign2 = {}, _Object$assign2[sideY] = hasY ? y + "px" : '', _Object$assign2[sideX] = hasX ? x + "px" : '', _Object$assign2.transform = '', _Object$assign2));
-}
-function computeStyles(_ref5) {
-  var state = _ref5.state,
-    options = _ref5.options;
-  var _options$gpuAccelerat = options.gpuAcceleration,
-    gpuAcceleration = _options$gpuAccelerat === void 0 ? true : _options$gpuAccelerat,
-    _options$adaptive = options.adaptive,
-    adaptive = _options$adaptive === void 0 ? true : _options$adaptive,
-    _options$roundOffsets = options.roundOffsets,
-    roundOffsets = _options$roundOffsets === void 0 ? true : _options$roundOffsets;
-  var commonStyles = {
-    placement: getBasePlacement(state.placement),
-    variation: getVariation(state.placement),
-    popper: state.elements.popper,
-    popperRect: state.rects.popper,
-    gpuAcceleration: gpuAcceleration,
-    isFixed: state.options.strategy === 'fixed'
-  };
-  if (state.modifiersData.popperOffsets != null) {
-    state.styles.popper = Object.assign({}, state.styles.popper, mapToStyles(Object.assign({}, commonStyles, {
-      offsets: state.modifiersData.popperOffsets,
-      position: state.options.strategy,
-      adaptive: adaptive,
-      roundOffsets: roundOffsets
-    })));
-  }
-  if (state.modifiersData.arrow != null) {
-    state.styles.arrow = Object.assign({}, state.styles.arrow, mapToStyles(Object.assign({}, commonStyles, {
-      offsets: state.modifiersData.arrow,
-      position: 'absolute',
-      adaptive: false,
-      roundOffsets: roundOffsets
-    })));
-  }
-  state.attributes.popper = Object.assign({}, state.attributes.popper, {
-    'data-popper-placement': state.placement
-  });
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_computeStyles = ({
-  name: 'computeStyles',
-  enabled: true,
-  phase: 'beforeWrite',
-  fn: computeStyles,
-  data: {}
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/applyStyles.js
-
- // This modifier takes the styles prepared by the `computeStyles` modifier
-// and applies them to the HTMLElements such as popper and arrow
-
-function applyStyles(_ref) {
-  var state = _ref.state;
-  Object.keys(state.elements).forEach(function (name) {
-    var style = state.styles[name] || {};
-    var attributes = state.attributes[name] || {};
-    var element = state.elements[name]; // arrow is optional + virtual elements
-
-    if (!isHTMLElement(element) || !getNodeName(element)) {
-      return;
-    } // Flow doesn't support to extend this property, but it's the most
-    // effective way to apply styles to an HTMLElement
-    // $FlowFixMe[cannot-write]
-
-    Object.assign(element.style, style);
-    Object.keys(attributes).forEach(function (name) {
-      var value = attributes[name];
-      if (value === false) {
-        element.removeAttribute(name);
-      } else {
-        element.setAttribute(name, value === true ? '' : value);
-      }
-    });
-  });
-}
-function applyStyles_effect(_ref2) {
-  var state = _ref2.state;
-  var initialStyles = {
-    popper: {
-      position: state.options.strategy,
-      left: '0',
-      top: '0',
-      margin: '0'
-    },
-    arrow: {
-      position: 'absolute'
-    },
-    reference: {}
-  };
-  Object.assign(state.elements.popper.style, initialStyles.popper);
-  state.styles = initialStyles;
-  if (state.elements.arrow) {
-    Object.assign(state.elements.arrow.style, initialStyles.arrow);
-  }
-  return function () {
-    Object.keys(state.elements).forEach(function (name) {
-      var element = state.elements[name];
-      var attributes = state.attributes[name] || {};
-      var styleProperties = Object.keys(state.styles.hasOwnProperty(name) ? state.styles[name] : initialStyles[name]); // Set all values to an empty string to unset them
-
-      var style = styleProperties.reduce(function (style, property) {
-        style[property] = '';
-        return style;
-      }, {}); // arrow is optional + virtual elements
-
-      if (!isHTMLElement(element) || !getNodeName(element)) {
-        return;
-      }
-      Object.assign(element.style, style);
-      Object.keys(attributes).forEach(function (attribute) {
-        element.removeAttribute(attribute);
-      });
-    });
-  };
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_applyStyles = ({
-  name: 'applyStyles',
-  enabled: true,
-  phase: 'write',
-  fn: applyStyles,
-  effect: applyStyles_effect,
-  requires: ['computeStyles']
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/offset.js
-
- // eslint-disable-next-line import/no-unused-modules
-
-function distanceAndSkiddingToXY(placement, rects, offset) {
-  var basePlacement = getBasePlacement(placement);
-  var invertDistance = [left, enums_top].indexOf(basePlacement) >= 0 ? -1 : 1;
-  var _ref = typeof offset === 'function' ? offset(Object.assign({}, rects, {
-      placement: placement
-    })) : offset,
-    skidding = _ref[0],
-    distance = _ref[1];
-  skidding = skidding || 0;
-  distance = (distance || 0) * invertDistance;
-  return [left, right].indexOf(basePlacement) >= 0 ? {
-    x: distance,
-    y: skidding
-  } : {
-    x: skidding,
-    y: distance
-  };
-}
-function offset(_ref2) {
-  var state = _ref2.state,
-    options = _ref2.options,
-    name = _ref2.name;
-  var _options$offset = options.offset,
-    offset = _options$offset === void 0 ? [0, 0] : _options$offset;
-  var data = enums_placements.reduce(function (acc, placement) {
-    acc[placement] = distanceAndSkiddingToXY(placement, state.rects, offset);
-    return acc;
-  }, {});
-  var _data$state$placement = data[state.placement],
-    x = _data$state$placement.x,
-    y = _data$state$placement.y;
-  if (state.modifiersData.popperOffsets != null) {
-    state.modifiersData.popperOffsets.x += x;
-    state.modifiersData.popperOffsets.y += y;
-  }
-  state.modifiersData[name] = data;
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_offset = ({
-  name: 'offset',
-  enabled: true,
-  phase: 'main',
-  requires: ['popperOffsets'],
-  fn: offset
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getOppositePlacement.js
-var getOppositePlacement_hash = {
-  left: 'right',
-  right: 'left',
-  bottom: 'top',
-  top: 'bottom'
-};
-function getOppositePlacement(placement) {
-  return placement.replace(/left|right|bottom|top/g, function (matched) {
-    return getOppositePlacement_hash[matched];
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getOppositeVariationPlacement.js
-var getOppositeVariationPlacement_hash = {
-  start: 'end',
-  end: 'start'
-};
-function getOppositeVariationPlacement(placement) {
-  return placement.replace(/start|end/g, function (matched) {
-    return getOppositeVariationPlacement_hash[matched];
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getViewportRect.js
-
-
-
-
-function getViewportRect(element, strategy) {
-  var win = getWindow(element);
-  var html = getDocumentElement(element);
-  var visualViewport = win.visualViewport;
-  var width = html.clientWidth;
-  var height = html.clientHeight;
-  var x = 0;
-  var y = 0;
-  if (visualViewport) {
-    width = visualViewport.width;
-    height = visualViewport.height;
-    var layoutViewport = isLayoutViewport();
-    if (layoutViewport || !layoutViewport && strategy === 'fixed') {
-      x = visualViewport.offsetLeft;
-      y = visualViewport.offsetTop;
-    }
-  }
-  return {
-    width: width,
-    height: height,
-    x: x + getWindowScrollBarX(element),
-    y: y
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getDocumentRect.js
-
-
-
-
- // Gets the entire size of the scrollable document area, even extending outside
-// of the `<html>` and `<body>` rect bounds if horizontally scrollable
-
-function getDocumentRect(element) {
-  var _element$ownerDocumen;
-  var html = getDocumentElement(element);
-  var winScroll = getWindowScroll(element);
-  var body = (_element$ownerDocumen = element.ownerDocument) == null ? void 0 : _element$ownerDocumen.body;
-  var width = math_max(html.scrollWidth, html.clientWidth, body ? body.scrollWidth : 0, body ? body.clientWidth : 0);
-  var height = math_max(html.scrollHeight, html.clientHeight, body ? body.scrollHeight : 0, body ? body.clientHeight : 0);
-  var x = -winScroll.scrollLeft + getWindowScrollBarX(element);
-  var y = -winScroll.scrollTop;
-  if (getComputedStyle(body || html).direction === 'rtl') {
-    x += math_max(html.clientWidth, body ? body.clientWidth : 0) - width;
-  }
-  return {
-    width: width,
-    height: height,
-    x: x,
-    y: y
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/contains.js
-
-function contains(parent, child) {
-  var rootNode = child.getRootNode && child.getRootNode(); // First, attempt with faster native method
-
-  if (parent.contains(child)) {
-    return true;
-  } // then fallback to custom implementation with Shadow DOM support
-  else if (rootNode && isShadowRoot(rootNode)) {
-    var next = child;
-    do {
-      if (next && parent.isSameNode(next)) {
-        return true;
-      } // $FlowFixMe[prop-missing]: need a better way to handle this...
-
-      next = next.parentNode || next.host;
-    } while (next);
-  } // Give up, the result is false
-
-  return false;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/rectToClientRect.js
-function rectToClientRect(rect) {
-  return Object.assign({}, rect, {
-    left: rect.x,
-    top: rect.y,
-    right: rect.x + rect.width,
-    bottom: rect.y + rect.height
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/dom-utils/getClippingRect.js
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-function getInnerBoundingClientRect(element, strategy) {
-  var rect = getBoundingClientRect(element, false, strategy === 'fixed');
-  rect.top = rect.top + element.clientTop;
-  rect.left = rect.left + element.clientLeft;
-  rect.bottom = rect.top + element.clientHeight;
-  rect.right = rect.left + element.clientWidth;
-  rect.width = element.clientWidth;
-  rect.height = element.clientHeight;
-  rect.x = rect.left;
-  rect.y = rect.top;
-  return rect;
-}
-function getClientRectFromMixedType(element, clippingParent, strategy) {
-  return clippingParent === viewport ? rectToClientRect(getViewportRect(element, strategy)) : isElement(clippingParent) ? getInnerBoundingClientRect(clippingParent, strategy) : rectToClientRect(getDocumentRect(getDocumentElement(element)));
-} // A "clipping parent" is an overflowable container with the characteristic of
-// clipping (or hiding) overflowing elements with a position different from
-// `initial`
-
-function getClippingParents(element) {
-  var clippingParents = listScrollParents(getParentNode(element));
-  var canEscapeClipping = ['absolute', 'fixed'].indexOf(getComputedStyle(element).position) >= 0;
-  var clipperElement = canEscapeClipping && isHTMLElement(element) ? getOffsetParent(element) : element;
-  if (!isElement(clipperElement)) {
-    return [];
-  } // $FlowFixMe[incompatible-return]: https://github.com/facebook/flow/issues/1414
-
-  return clippingParents.filter(function (clippingParent) {
-    return isElement(clippingParent) && contains(clippingParent, clipperElement) && getNodeName(clippingParent) !== 'body';
-  });
-} // Gets the maximum area that the element is visible in due to any number of
-// clipping parents
-
-function getClippingRect(element, boundary, rootBoundary, strategy) {
-  var mainClippingParents = boundary === 'clippingParents' ? getClippingParents(element) : [].concat(boundary);
-  var clippingParents = [].concat(mainClippingParents, [rootBoundary]);
-  var firstClippingParent = clippingParents[0];
-  var clippingRect = clippingParents.reduce(function (accRect, clippingParent) {
-    var rect = getClientRectFromMixedType(element, clippingParent, strategy);
-    accRect.top = math_max(rect.top, accRect.top);
-    accRect.right = math_min(rect.right, accRect.right);
-    accRect.bottom = math_min(rect.bottom, accRect.bottom);
-    accRect.left = math_max(rect.left, accRect.left);
-    return accRect;
-  }, getClientRectFromMixedType(element, firstClippingParent, strategy));
-  clippingRect.width = clippingRect.right - clippingRect.left;
-  clippingRect.height = clippingRect.bottom - clippingRect.top;
-  clippingRect.x = clippingRect.left;
-  clippingRect.y = clippingRect.top;
-  return clippingRect;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getFreshSideObject.js
-function getFreshSideObject() {
-  return {
-    top: 0,
-    right: 0,
-    bottom: 0,
-    left: 0
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/mergePaddingObject.js
-
-function mergePaddingObject(paddingObject) {
-  return Object.assign({}, getFreshSideObject(), paddingObject);
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/expandToHashMap.js
-function expandToHashMap(value, keys) {
-  return keys.reduce(function (hashMap, key) {
-    hashMap[key] = value;
-    return hashMap;
-  }, {});
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/detectOverflow.js
-
-
-
-
-
-
-
-
- // eslint-disable-next-line import/no-unused-modules
-
-function detectOverflow(state, options) {
-  if (options === void 0) {
-    options = {};
-  }
-  var _options = options,
-    _options$placement = _options.placement,
-    placement = _options$placement === void 0 ? state.placement : _options$placement,
-    _options$strategy = _options.strategy,
-    strategy = _options$strategy === void 0 ? state.strategy : _options$strategy,
-    _options$boundary = _options.boundary,
-    boundary = _options$boundary === void 0 ? clippingParents : _options$boundary,
-    _options$rootBoundary = _options.rootBoundary,
-    rootBoundary = _options$rootBoundary === void 0 ? viewport : _options$rootBoundary,
-    _options$elementConte = _options.elementContext,
-    elementContext = _options$elementConte === void 0 ? popper : _options$elementConte,
-    _options$altBoundary = _options.altBoundary,
-    altBoundary = _options$altBoundary === void 0 ? false : _options$altBoundary,
-    _options$padding = _options.padding,
-    padding = _options$padding === void 0 ? 0 : _options$padding;
-  var paddingObject = mergePaddingObject(typeof padding !== 'number' ? padding : expandToHashMap(padding, basePlacements));
-  var altContext = elementContext === popper ? reference : popper;
-  var popperRect = state.rects.popper;
-  var element = state.elements[altBoundary ? altContext : elementContext];
-  var clippingClientRect = getClippingRect(isElement(element) ? element : element.contextElement || getDocumentElement(state.elements.popper), boundary, rootBoundary, strategy);
-  var referenceClientRect = getBoundingClientRect(state.elements.reference);
-  var popperOffsets = computeOffsets({
-    reference: referenceClientRect,
-    element: popperRect,
-    strategy: 'absolute',
-    placement: placement
-  });
-  var popperClientRect = rectToClientRect(Object.assign({}, popperRect, popperOffsets));
-  var elementClientRect = elementContext === popper ? popperClientRect : referenceClientRect; // positive = overflowing the clipping rect
-  // 0 or negative = within the clipping rect
-
-  var overflowOffsets = {
-    top: clippingClientRect.top - elementClientRect.top + paddingObject.top,
-    bottom: elementClientRect.bottom - clippingClientRect.bottom + paddingObject.bottom,
-    left: clippingClientRect.left - elementClientRect.left + paddingObject.left,
-    right: elementClientRect.right - clippingClientRect.right + paddingObject.right
-  };
-  var offsetData = state.modifiersData.offset; // Offsets can be applied only to the popper element
-
-  if (elementContext === popper && offsetData) {
-    var offset = offsetData[placement];
-    Object.keys(overflowOffsets).forEach(function (key) {
-      var multiply = [right, bottom].indexOf(key) >= 0 ? 1 : -1;
-      var axis = [enums_top, bottom].indexOf(key) >= 0 ? 'y' : 'x';
-      overflowOffsets[key] += offset[axis] * multiply;
-    });
-  }
-  return overflowOffsets;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/computeAutoPlacement.js
-
-
-
-
-function computeAutoPlacement(state, options) {
-  if (options === void 0) {
-    options = {};
-  }
-  var _options = options,
-    placement = _options.placement,
-    boundary = _options.boundary,
-    rootBoundary = _options.rootBoundary,
-    padding = _options.padding,
-    flipVariations = _options.flipVariations,
-    _options$allowedAutoP = _options.allowedAutoPlacements,
-    allowedAutoPlacements = _options$allowedAutoP === void 0 ? enums_placements : _options$allowedAutoP;
-  var variation = getVariation(placement);
-  var placements = variation ? flipVariations ? variationPlacements : variationPlacements.filter(function (placement) {
-    return getVariation(placement) === variation;
-  }) : basePlacements;
-  var allowedPlacements = placements.filter(function (placement) {
-    return allowedAutoPlacements.indexOf(placement) >= 0;
-  });
-  if (allowedPlacements.length === 0) {
-    allowedPlacements = placements;
-  } // $FlowFixMe[incompatible-type]: Flow seems to have problems with two array unions...
-
-  var overflows = allowedPlacements.reduce(function (acc, placement) {
-    acc[placement] = detectOverflow(state, {
-      placement: placement,
-      boundary: boundary,
-      rootBoundary: rootBoundary,
-      padding: padding
-    })[getBasePlacement(placement)];
-    return acc;
-  }, {});
-  return Object.keys(overflows).sort(function (a, b) {
-    return overflows[a] - overflows[b];
-  });
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/flip.js
-
-
-
-
-
-
- // eslint-disable-next-line import/no-unused-modules
-
-function getExpandedFallbackPlacements(placement) {
-  if (getBasePlacement(placement) === auto) {
-    return [];
-  }
-  var oppositePlacement = getOppositePlacement(placement);
-  return [getOppositeVariationPlacement(placement), oppositePlacement, getOppositeVariationPlacement(oppositePlacement)];
-}
-function flip(_ref) {
-  var state = _ref.state,
-    options = _ref.options,
-    name = _ref.name;
-  if (state.modifiersData[name]._skip) {
-    return;
-  }
-  var _options$mainAxis = options.mainAxis,
-    checkMainAxis = _options$mainAxis === void 0 ? true : _options$mainAxis,
-    _options$altAxis = options.altAxis,
-    checkAltAxis = _options$altAxis === void 0 ? true : _options$altAxis,
-    specifiedFallbackPlacements = options.fallbackPlacements,
-    padding = options.padding,
-    boundary = options.boundary,
-    rootBoundary = options.rootBoundary,
-    altBoundary = options.altBoundary,
-    _options$flipVariatio = options.flipVariations,
-    flipVariations = _options$flipVariatio === void 0 ? true : _options$flipVariatio,
-    allowedAutoPlacements = options.allowedAutoPlacements;
-  var preferredPlacement = state.options.placement;
-  var basePlacement = getBasePlacement(preferredPlacement);
-  var isBasePlacement = basePlacement === preferredPlacement;
-  var fallbackPlacements = specifiedFallbackPlacements || (isBasePlacement || !flipVariations ? [getOppositePlacement(preferredPlacement)] : getExpandedFallbackPlacements(preferredPlacement));
-  var placements = [preferredPlacement].concat(fallbackPlacements).reduce(function (acc, placement) {
-    return acc.concat(getBasePlacement(placement) === auto ? computeAutoPlacement(state, {
-      placement: placement,
-      boundary: boundary,
-      rootBoundary: rootBoundary,
-      padding: padding,
-      flipVariations: flipVariations,
-      allowedAutoPlacements: allowedAutoPlacements
-    }) : placement);
-  }, []);
-  var referenceRect = state.rects.reference;
-  var popperRect = state.rects.popper;
-  var checksMap = new Map();
-  var makeFallbackChecks = true;
-  var firstFittingPlacement = placements[0];
-  for (var i = 0; i < placements.length; i++) {
-    var placement = placements[i];
-    var _basePlacement = getBasePlacement(placement);
-    var isStartVariation = getVariation(placement) === start;
-    var isVertical = [enums_top, bottom].indexOf(_basePlacement) >= 0;
-    var len = isVertical ? 'width' : 'height';
-    var overflow = detectOverflow(state, {
-      placement: placement,
-      boundary: boundary,
-      rootBoundary: rootBoundary,
-      altBoundary: altBoundary,
-      padding: padding
-    });
-    var mainVariationSide = isVertical ? isStartVariation ? right : left : isStartVariation ? bottom : enums_top;
-    if (referenceRect[len] > popperRect[len]) {
-      mainVariationSide = getOppositePlacement(mainVariationSide);
-    }
-    var altVariationSide = getOppositePlacement(mainVariationSide);
-    var checks = [];
-    if (checkMainAxis) {
-      checks.push(overflow[_basePlacement] <= 0);
-    }
-    if (checkAltAxis) {
-      checks.push(overflow[mainVariationSide] <= 0, overflow[altVariationSide] <= 0);
-    }
-    if (checks.every(function (check) {
-      return check;
-    })) {
-      firstFittingPlacement = placement;
-      makeFallbackChecks = false;
-      break;
-    }
-    checksMap.set(placement, checks);
-  }
-  if (makeFallbackChecks) {
-    // `2` may be desired in some cases – research later
-    var numberOfChecks = flipVariations ? 3 : 1;
-    var _loop = function _loop(_i) {
-      var fittingPlacement = placements.find(function (placement) {
-        var checks = checksMap.get(placement);
-        if (checks) {
-          return checks.slice(0, _i).every(function (check) {
-            return check;
-          });
-        }
-      });
-      if (fittingPlacement) {
-        firstFittingPlacement = fittingPlacement;
-        return "break";
-      }
-    };
-    for (var _i = numberOfChecks; _i > 0; _i--) {
-      var _ret = _loop(_i);
-      if (_ret === "break") break;
-    }
-  }
-  if (state.placement !== firstFittingPlacement) {
-    state.modifiersData[name]._skip = true;
-    state.placement = firstFittingPlacement;
-    state.reset = true;
-  }
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_flip = ({
-  name: 'flip',
-  enabled: true,
-  phase: 'main',
-  fn: flip,
-  requiresIfExists: ['offset'],
-  data: {
-    _skip: false
-  }
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/getAltAxis.js
-function getAltAxis(axis) {
-  return axis === 'x' ? 'y' : 'x';
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/utils/within.js
-
-function within(min, value, max) {
-  return math_max(min, math_min(value, max));
-}
-function withinMaxClamp(min, value, max) {
-  var v = within(min, value, max);
-  return v > max ? max : v;
-}
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/preventOverflow.js
-
-
-
-
-
-
-
-
-
-
-
-function preventOverflow(_ref) {
-  var state = _ref.state,
-    options = _ref.options,
-    name = _ref.name;
-  var _options$mainAxis = options.mainAxis,
-    checkMainAxis = _options$mainAxis === void 0 ? true : _options$mainAxis,
-    _options$altAxis = options.altAxis,
-    checkAltAxis = _options$altAxis === void 0 ? false : _options$altAxis,
-    boundary = options.boundary,
-    rootBoundary = options.rootBoundary,
-    altBoundary = options.altBoundary,
-    padding = options.padding,
-    _options$tether = options.tether,
-    tether = _options$tether === void 0 ? true : _options$tether,
-    _options$tetherOffset = options.tetherOffset,
-    tetherOffset = _options$tetherOffset === void 0 ? 0 : _options$tetherOffset;
-  var overflow = detectOverflow(state, {
-    boundary: boundary,
-    rootBoundary: rootBoundary,
-    padding: padding,
-    altBoundary: altBoundary
-  });
-  var basePlacement = getBasePlacement(state.placement);
-  var variation = getVariation(state.placement);
-  var isBasePlacement = !variation;
-  var mainAxis = getMainAxisFromPlacement(basePlacement);
-  var altAxis = getAltAxis(mainAxis);
-  var popperOffsets = state.modifiersData.popperOffsets;
-  var referenceRect = state.rects.reference;
-  var popperRect = state.rects.popper;
-  var tetherOffsetValue = typeof tetherOffset === 'function' ? tetherOffset(Object.assign({}, state.rects, {
-    placement: state.placement
-  })) : tetherOffset;
-  var normalizedTetherOffsetValue = typeof tetherOffsetValue === 'number' ? {
-    mainAxis: tetherOffsetValue,
-    altAxis: tetherOffsetValue
-  } : Object.assign({
-    mainAxis: 0,
-    altAxis: 0
-  }, tetherOffsetValue);
-  var offsetModifierState = state.modifiersData.offset ? state.modifiersData.offset[state.placement] : null;
-  var data = {
-    x: 0,
-    y: 0
-  };
-  if (!popperOffsets) {
-    return;
-  }
-  if (checkMainAxis) {
-    var _offsetModifierState$;
-    var mainSide = mainAxis === 'y' ? enums_top : left;
-    var altSide = mainAxis === 'y' ? bottom : right;
-    var len = mainAxis === 'y' ? 'height' : 'width';
-    var offset = popperOffsets[mainAxis];
-    var min = offset + overflow[mainSide];
-    var max = offset - overflow[altSide];
-    var additive = tether ? -popperRect[len] / 2 : 0;
-    var minLen = variation === start ? referenceRect[len] : popperRect[len];
-    var maxLen = variation === start ? -popperRect[len] : -referenceRect[len]; // We need to include the arrow in the calculation so the arrow doesn't go
-    // outside the reference bounds
-
-    var arrowElement = state.elements.arrow;
-    var arrowRect = tether && arrowElement ? getLayoutRect(arrowElement) : {
-      width: 0,
-      height: 0
-    };
-    var arrowPaddingObject = state.modifiersData['arrow#persistent'] ? state.modifiersData['arrow#persistent'].padding : getFreshSideObject();
-    var arrowPaddingMin = arrowPaddingObject[mainSide];
-    var arrowPaddingMax = arrowPaddingObject[altSide]; // If the reference length is smaller than the arrow length, we don't want
-    // to include its full size in the calculation. If the reference is small
-    // and near the edge of a boundary, the popper can overflow even if the
-    // reference is not overflowing as well (e.g. virtual elements with no
-    // width or height)
-
-    var arrowLen = within(0, referenceRect[len], arrowRect[len]);
-    var minOffset = isBasePlacement ? referenceRect[len] / 2 - additive - arrowLen - arrowPaddingMin - normalizedTetherOffsetValue.mainAxis : minLen - arrowLen - arrowPaddingMin - normalizedTetherOffsetValue.mainAxis;
-    var maxOffset = isBasePlacement ? -referenceRect[len] / 2 + additive + arrowLen + arrowPaddingMax + normalizedTetherOffsetValue.mainAxis : maxLen + arrowLen + arrowPaddingMax + normalizedTetherOffsetValue.mainAxis;
-    var arrowOffsetParent = state.elements.arrow && getOffsetParent(state.elements.arrow);
-    var clientOffset = arrowOffsetParent ? mainAxis === 'y' ? arrowOffsetParent.clientTop || 0 : arrowOffsetParent.clientLeft || 0 : 0;
-    var offsetModifierValue = (_offsetModifierState$ = offsetModifierState == null ? void 0 : offsetModifierState[mainAxis]) != null ? _offsetModifierState$ : 0;
-    var tetherMin = offset + minOffset - offsetModifierValue - clientOffset;
-    var tetherMax = offset + maxOffset - offsetModifierValue;
-    var preventedOffset = within(tether ? math_min(min, tetherMin) : min, offset, tether ? math_max(max, tetherMax) : max);
-    popperOffsets[mainAxis] = preventedOffset;
-    data[mainAxis] = preventedOffset - offset;
-  }
-  if (checkAltAxis) {
-    var _offsetModifierState$2;
-    var _mainSide = mainAxis === 'x' ? enums_top : left;
-    var _altSide = mainAxis === 'x' ? bottom : right;
-    var _offset = popperOffsets[altAxis];
-    var _len = altAxis === 'y' ? 'height' : 'width';
-    var _min = _offset + overflow[_mainSide];
-    var _max = _offset - overflow[_altSide];
-    var isOriginSide = [enums_top, left].indexOf(basePlacement) !== -1;
-    var _offsetModifierValue = (_offsetModifierState$2 = offsetModifierState == null ? void 0 : offsetModifierState[altAxis]) != null ? _offsetModifierState$2 : 0;
-    var _tetherMin = isOriginSide ? _min : _offset - referenceRect[_len] - popperRect[_len] - _offsetModifierValue + normalizedTetherOffsetValue.altAxis;
-    var _tetherMax = isOriginSide ? _offset + referenceRect[_len] + popperRect[_len] - _offsetModifierValue - normalizedTetherOffsetValue.altAxis : _max;
-    var _preventedOffset = tether && isOriginSide ? withinMaxClamp(_tetherMin, _offset, _tetherMax) : within(tether ? _tetherMin : _min, _offset, tether ? _tetherMax : _max);
-    popperOffsets[altAxis] = _preventedOffset;
-    data[altAxis] = _preventedOffset - _offset;
-  }
-  state.modifiersData[name] = data;
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_preventOverflow = ({
-  name: 'preventOverflow',
-  enabled: true,
-  phase: 'main',
-  fn: preventOverflow,
-  requiresIfExists: ['offset']
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/arrow.js
-
-
-
-
-
-
-
-
- // eslint-disable-next-line import/no-unused-modules
-
-var toPaddingObject = function toPaddingObject(padding, state) {
-  padding = typeof padding === 'function' ? padding(Object.assign({}, state.rects, {
-    placement: state.placement
-  })) : padding;
-  return mergePaddingObject(typeof padding !== 'number' ? padding : expandToHashMap(padding, basePlacements));
-};
-function arrow(_ref) {
-  var _state$modifiersData$;
-  var state = _ref.state,
-    name = _ref.name,
-    options = _ref.options;
-  var arrowElement = state.elements.arrow;
-  var popperOffsets = state.modifiersData.popperOffsets;
-  var basePlacement = getBasePlacement(state.placement);
-  var axis = getMainAxisFromPlacement(basePlacement);
-  var isVertical = [left, right].indexOf(basePlacement) >= 0;
-  var len = isVertical ? 'height' : 'width';
-  if (!arrowElement || !popperOffsets) {
-    return;
-  }
-  var paddingObject = toPaddingObject(options.padding, state);
-  var arrowRect = getLayoutRect(arrowElement);
-  var minProp = axis === 'y' ? enums_top : left;
-  var maxProp = axis === 'y' ? bottom : right;
-  var endDiff = state.rects.reference[len] + state.rects.reference[axis] - popperOffsets[axis] - state.rects.popper[len];
-  var startDiff = popperOffsets[axis] - state.rects.reference[axis];
-  var arrowOffsetParent = getOffsetParent(arrowElement);
-  var clientSize = arrowOffsetParent ? axis === 'y' ? arrowOffsetParent.clientHeight || 0 : arrowOffsetParent.clientWidth || 0 : 0;
-  var centerToReference = endDiff / 2 - startDiff / 2; // Make sure the arrow doesn't overflow the popper if the center point is
-  // outside of the popper bounds
-
-  var min = paddingObject[minProp];
-  var max = clientSize - arrowRect[len] - paddingObject[maxProp];
-  var center = clientSize / 2 - arrowRect[len] / 2 + centerToReference;
-  var offset = within(min, center, max); // Prevents breaking syntax highlighting...
-
-  var axisProp = axis;
-  state.modifiersData[name] = (_state$modifiersData$ = {}, _state$modifiersData$[axisProp] = offset, _state$modifiersData$.centerOffset = offset - center, _state$modifiersData$);
-}
-function arrow_effect(_ref2) {
-  var state = _ref2.state,
-    options = _ref2.options;
-  var _options$element = options.element,
-    arrowElement = _options$element === void 0 ? '[data-popper-arrow]' : _options$element;
-  if (arrowElement == null) {
-    return;
-  } // CSS selector
-
-  if (typeof arrowElement === 'string') {
-    arrowElement = state.elements.popper.querySelector(arrowElement);
-    if (!arrowElement) {
-      return;
-    }
-  }
-  if (!contains(state.elements.popper, arrowElement)) {
-    return;
-  }
-  state.elements.arrow = arrowElement;
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_arrow = ({
-  name: 'arrow',
-  enabled: true,
-  phase: 'main',
-  fn: arrow,
-  effect: arrow_effect,
-  requires: ['popperOffsets'],
-  requiresIfExists: ['preventOverflow']
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/modifiers/hide.js
-
-
-function getSideOffsets(overflow, rect, preventedOffsets) {
-  if (preventedOffsets === void 0) {
-    preventedOffsets = {
-      x: 0,
-      y: 0
-    };
-  }
-  return {
-    top: overflow.top - rect.height - preventedOffsets.y,
-    right: overflow.right - rect.width + preventedOffsets.x,
-    bottom: overflow.bottom - rect.height + preventedOffsets.y,
-    left: overflow.left - rect.width - preventedOffsets.x
-  };
-}
-function isAnySideFullyClipped(overflow) {
-  return [enums_top, right, bottom, left].some(function (side) {
-    return overflow[side] >= 0;
-  });
-}
-function hide(_ref) {
-  var state = _ref.state,
-    name = _ref.name;
-  var referenceRect = state.rects.reference;
-  var popperRect = state.rects.popper;
-  var preventedOffsets = state.modifiersData.preventOverflow;
-  var referenceOverflow = detectOverflow(state, {
-    elementContext: 'reference'
-  });
-  var popperAltOverflow = detectOverflow(state, {
-    altBoundary: true
-  });
-  var referenceClippingOffsets = getSideOffsets(referenceOverflow, referenceRect);
-  var popperEscapeOffsets = getSideOffsets(popperAltOverflow, popperRect, preventedOffsets);
-  var isReferenceHidden = isAnySideFullyClipped(referenceClippingOffsets);
-  var hasPopperEscaped = isAnySideFullyClipped(popperEscapeOffsets);
-  state.modifiersData[name] = {
-    referenceClippingOffsets: referenceClippingOffsets,
-    popperEscapeOffsets: popperEscapeOffsets,
-    isReferenceHidden: isReferenceHidden,
-    hasPopperEscaped: hasPopperEscaped
-  };
-  state.attributes.popper = Object.assign({}, state.attributes.popper, {
-    'data-popper-reference-hidden': isReferenceHidden,
-    'data-popper-escaped': hasPopperEscaped
-  });
-} // eslint-disable-next-line import/no-unused-modules
-
-/* harmony default export */ var modifiers_hide = ({
-  name: 'hide',
-  enabled: true,
-  phase: 'main',
-  requiresIfExists: ['preventOverflow'],
-  fn: hide
-});
-;// CONCATENATED MODULE: ./node_modules/@popperjs/core/lib/popper.js
-
-
-
-
-
-
-
-
-
-
-var defaultModifiers = [eventListeners, modifiers_popperOffsets, modifiers_computeStyles, modifiers_applyStyles, modifiers_offset, modifiers_flip, modifiers_preventOverflow, modifiers_arrow, modifiers_hide];
-var popper_createPopper = /*#__PURE__*/popperGenerator({
-  defaultModifiers: defaultModifiers
-}); // eslint-disable-next-line import/no-unused-modules
-
- // eslint-disable-next-line import/no-unused-modules
-
- // eslint-disable-next-line import/no-unused-modules
-
-
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Popper/popperClasses.js
-
-
-function getPopperUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiPopper', slot);
-}
-var popperClasses = generateUtilityClasses('MuiPopper', ['root']);
-/* harmony default export */ var Popper_popperClasses = ((/* unused pure expression or super */ null && (popperClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/base/Popper/Popper.js
-
-
-
-var Popper_excluded = ["anchorEl", "children", "direction", "disablePortal", "modifiers", "open", "placement", "popperOptions", "popperRef", "slotProps", "slots", "TransitionProps", "ownerState"],
-  Popper_excluded2 = ["anchorEl", "children", "container", "direction", "disablePortal", "keepMounted", "modifiers", "open", "placement", "popperOptions", "popperRef", "style", "transition", "slotProps", "slots"];
-
-
-
-
-
-
-
-
-
-
-function flipPlacement(placement, direction) {
-  if (direction === 'ltr') {
-    return placement;
-  }
-  switch (placement) {
-    case 'bottom-end':
-      return 'bottom-start';
-    case 'bottom-start':
-      return 'bottom-end';
-    case 'top-end':
-      return 'top-start';
-    case 'top-start':
-      return 'top-end';
-    default:
-      return placement;
-  }
-}
-function resolveAnchorEl(anchorEl) {
-  return typeof anchorEl === 'function' ? anchorEl() : anchorEl;
-}
-function Popper_isHTMLElement(element) {
-  return element.nodeType !== undefined;
-}
-function isVirtualElement(element) {
-  return !Popper_isHTMLElement(element);
-}
-var Popper_useUtilityClasses = function useUtilityClasses() {
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, useClassNamesOverride(getPopperUtilityClass));
-};
-var defaultPopperOptions = {};
-var PopperTooltip = /*#__PURE__*/react.forwardRef(function PopperTooltip(props, forwardedRef) {
-  var _slots$root;
-  var anchorEl = props.anchorEl,
-    children = props.children,
-    direction = props.direction,
-    disablePortal = props.disablePortal,
-    modifiers = props.modifiers,
-    open = props.open,
-    initialPlacement = props.placement,
-    popperOptions = props.popperOptions,
-    popperRefProp = props.popperRef,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    TransitionProps = props.TransitionProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_excluded);
-  var tooltipRef = react.useRef(null);
-  var ownRef = useForkRef(tooltipRef, forwardedRef);
-  var popperRef = react.useRef(null);
-  var handlePopperRef = useForkRef(popperRef, popperRefProp);
-  var handlePopperRefRef = react.useRef(handlePopperRef);
-  esm_useEnhancedEffect(function () {
-    handlePopperRefRef.current = handlePopperRef;
-  }, [handlePopperRef]);
-  react.useImperativeHandle(popperRefProp, function () {
-    return popperRef.current;
-  }, []);
-  var rtlPlacement = flipPlacement(initialPlacement, direction);
-  /**
-   * placement initialized from prop but can change during lifetime if modifiers.flip.
-   * modifiers.flip is essentially a flip for controlled/uncontrolled behavior
-   */
-  var _React$useState = react.useState(rtlPlacement),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    placement = _React$useState2[0],
-    setPlacement = _React$useState2[1];
-  var _React$useState3 = react.useState(resolveAnchorEl(anchorEl)),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    resolvedAnchorElement = _React$useState4[0],
-    setResolvedAnchorElement = _React$useState4[1];
-  react.useEffect(function () {
-    if (popperRef.current) {
-      popperRef.current.forceUpdate();
-    }
-  });
-  react.useEffect(function () {
-    if (anchorEl) {
-      setResolvedAnchorElement(resolveAnchorEl(anchorEl));
-    }
-  }, [anchorEl]);
-  esm_useEnhancedEffect(function () {
-    if (!resolvedAnchorElement || !open) {
-      return undefined;
-    }
-    var handlePopperUpdate = function handlePopperUpdate(data) {
-      setPlacement(data.placement);
-    };
-    if (false) { var box; }
-    var popperModifiers = [{
-      name: 'preventOverflow',
-      options: {
-        altBoundary: disablePortal
-      }
-    }, {
-      name: 'flip',
-      options: {
-        altBoundary: disablePortal
-      }
-    }, {
-      name: 'onUpdate',
-      enabled: true,
-      phase: 'afterWrite',
-      fn: function fn(_ref) {
-        var state = _ref.state;
-        handlePopperUpdate(state);
-      }
-    }];
-    if (modifiers != null) {
-      popperModifiers = popperModifiers.concat(modifiers);
-    }
-    if (popperOptions && popperOptions.modifiers != null) {
-      popperModifiers = popperModifiers.concat(popperOptions.modifiers);
-    }
-    var popper = popper_createPopper(resolvedAnchorElement, tooltipRef.current, extends_extends({
-      placement: rtlPlacement
-    }, popperOptions, {
-      modifiers: popperModifiers
-    }));
-    handlePopperRefRef.current(popper);
-    return function () {
-      popper.destroy();
-      handlePopperRefRef.current(null);
-    };
-  }, [resolvedAnchorElement, disablePortal, modifiers, open, popperOptions, rtlPlacement]);
-  var childProps = {
-    placement: placement
-  };
-  if (TransitionProps !== null) {
-    childProps.TransitionProps = TransitionProps;
-  }
-  var classes = Popper_useUtilityClasses();
-  var Root = (_slots$root = slots.root) != null ? _slots$root : 'div';
-  var rootProps = useSlotProps({
-    elementType: Root,
-    externalSlotProps: slotProps.root,
-    externalForwardedProps: other,
-    additionalProps: {
-      role: 'tooltip',
-      ref: ownRef
-    },
-    ownerState: props,
-    className: classes.root
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Root, extends_extends({}, rootProps, {
-    children: typeof children === 'function' ? children(childProps) : children
-  }));
-});
-
-/**
- * Poppers rely on the 3rd party library [Popper.js](https://popper.js.org/docs/v2/) for positioning.
- *
- * Demos:
- *
- * - [Popper](https://mui.com/base/react-popper/)
- *
- * API:
- *
- * - [Popper API](https://mui.com/base/react-popper/components-api/#popper)
- */
-var Popper = /*#__PURE__*/react.forwardRef(function Popper(props, forwardedRef) {
-  var anchorEl = props.anchorEl,
-    children = props.children,
-    containerProp = props.container,
-    _props$direction = props.direction,
-    direction = _props$direction === void 0 ? 'ltr' : _props$direction,
-    _props$disablePortal = props.disablePortal,
-    disablePortal = _props$disablePortal === void 0 ? false : _props$disablePortal,
-    _props$keepMounted = props.keepMounted,
-    keepMounted = _props$keepMounted === void 0 ? false : _props$keepMounted,
-    modifiers = props.modifiers,
-    open = props.open,
-    _props$placement = props.placement,
-    placement = _props$placement === void 0 ? 'bottom' : _props$placement,
-    _props$popperOptions = props.popperOptions,
-    popperOptions = _props$popperOptions === void 0 ? defaultPopperOptions : _props$popperOptions,
-    popperRef = props.popperRef,
-    style = props.style,
-    _props$transition = props.transition,
-    transition = _props$transition === void 0 ? false : _props$transition,
-    _props$slotProps2 = props.slotProps,
-    slotProps = _props$slotProps2 === void 0 ? {} : _props$slotProps2,
-    _props$slots2 = props.slots,
-    slots = _props$slots2 === void 0 ? {} : _props$slots2,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_excluded2);
-  var _React$useState5 = react.useState(true),
-    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
-    exited = _React$useState6[0],
-    setExited = _React$useState6[1];
-  var handleEnter = function handleEnter() {
-    setExited(false);
-  };
-  var handleExited = function handleExited() {
-    setExited(true);
-  };
-  if (!keepMounted && !open && (!transition || exited)) {
-    return null;
-  }
-
-  // If the container prop is provided, use that
-  // If the anchorEl prop is provided, use its parent body element as the container
-  // If neither are provided let the Modal take care of choosing the container
-  var container;
-  if (containerProp) {
-    container = containerProp;
-  } else if (anchorEl) {
-    var resolvedAnchorEl = resolveAnchorEl(anchorEl);
-    container = resolvedAnchorEl && Popper_isHTMLElement(resolvedAnchorEl) ? ownerDocument(resolvedAnchorEl).body : ownerDocument(null).body;
-  }
-  var display = !open && keepMounted && (!transition || exited) ? 'none' : undefined;
-  var transitionProps = transition ? {
-    in: open,
-    onEnter: handleEnter,
-    onExited: handleExited
-  } : undefined;
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Portal_Portal, {
-    disablePortal: disablePortal,
-    container: container,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(PopperTooltip, extends_extends({
-      anchorEl: anchorEl,
-      direction: direction,
-      disablePortal: disablePortal,
-      modifiers: modifiers,
-      ref: forwardedRef,
-      open: transition ? !exited : open,
-      placement: placement,
-      popperOptions: popperOptions,
-      popperRef: popperRef,
-      slotProps: slotProps,
-      slots: slots
-    }, other, {
-      style: extends_extends({
-        // Prevents scroll issue, waiting for Popper.js to add this style once initiated.
-        position: 'fixed',
-        // Fix Popper.js display issue
-        top: 0,
-        left: 0,
-        display: display
-      }, style),
-      TransitionProps: transitionProps,
-      children: children
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var Popper_Popper = (Popper);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Popper/Popper.js
-
-
-var Popper_Popper_excluded = ["anchorEl", "component", "components", "componentsProps", "container", "disablePortal", "keepMounted", "modifiers", "open", "placement", "popperOptions", "popperRef", "transition", "slots", "slotProps"];
-
-
-
-
-
-
-
-var PopperRoot = styles_styled(Popper_Popper, {
-  name: 'MuiPopper',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({});
-
-/**
- *
- * Demos:
- *
- * - [Autocomplete](https://mui.com/material-ui/react-autocomplete/)
- * - [Menu](https://mui.com/material-ui/react-menu/)
- * - [Popper](https://mui.com/material-ui/react-popper/)
- *
- * API:
- *
- * - [Popper API](https://mui.com/material-ui/api/popper/)
- */
-var Popper_Popper_Popper = /*#__PURE__*/react.forwardRef(function Popper(inProps, ref) {
-  var _slots$root;
-  var theme = useThemeWithoutDefault();
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiPopper'
-  });
-  var anchorEl = props.anchorEl,
-    component = props.component,
-    components = props.components,
-    componentsProps = props.componentsProps,
-    container = props.container,
-    disablePortal = props.disablePortal,
-    keepMounted = props.keepMounted,
-    modifiers = props.modifiers,
-    open = props.open,
-    placement = props.placement,
-    popperOptions = props.popperOptions,
-    popperRef = props.popperRef,
-    transition = props.transition,
-    slots = props.slots,
-    slotProps = props.slotProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popper_Popper_excluded);
-  var RootComponent = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : components == null ? void 0 : components.Root;
-  var otherProps = extends_extends({
-    anchorEl: anchorEl,
-    container: container,
-    disablePortal: disablePortal,
-    keepMounted: keepMounted,
-    modifiers: modifiers,
-    open: open,
-    placement: placement,
-    popperOptions: popperOptions,
-    popperRef: popperRef,
-    transition: transition
-  }, other);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(PopperRoot, extends_extends({
-    as: component,
-    direction: theme == null ? void 0 : theme.direction,
-    slots: {
-      root: RootComponent
-    },
-    slotProps: slotProps != null ? slotProps : componentsProps
-  }, otherProps, {
-    ref: ref
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var material_Popper_Popper = (Popper_Popper_Popper);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useId.js
-
-
-var globalId = 0;
-function useGlobalId(idOverride) {
-  var _React$useState = react.useState(idOverride),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    defaultId = _React$useState2[0],
-    setDefaultId = _React$useState2[1];
-  var id = idOverride || defaultId;
-  react.useEffect(function () {
-    if (defaultId == null) {
-      // Fallback to this default id when possible.
-      // Use the incrementing value for client-side rendering only.
-      // We can't use it server-side.
-      // If you want to use random values please consider the Birthday Problem: https://en.wikipedia.org/wiki/Birthday_problem
-      globalId += 1;
-      setDefaultId("mui-".concat(globalId));
-    }
-  }, [defaultId]);
-  return id;
-}
-
-// downstream bundlers may remove unnecessary concatenation, but won't remove toString call -- Workaround for https://github.com/webpack/webpack/issues/14814
-var maybeReactUseId = react_namespaceObject['useId'.toString()];
-/**
- *
- * @example <div id={useId()} />
- * @param idOverride
- * @returns {string}
- */
-function useId(idOverride) {
-  if (maybeReactUseId !== undefined) {
-    var reactId = maybeReactUseId();
-    return idOverride != null ? idOverride : reactId;
-  }
-  // eslint-disable-next-line react-hooks/rules-of-hooks -- `React.useId` is invariant at runtime.
-  return useGlobalId(idOverride);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useId.js
-
-/* harmony default export */ var utils_useId = (useId);
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/useControlled.js
-
-/* eslint-disable react-hooks/rules-of-hooks, react-hooks/exhaustive-deps */
-
-function useControlled(_ref) {
-  var controlled = _ref.controlled,
-    defaultProp = _ref.default,
-    name = _ref.name,
-    _ref$state = _ref.state,
-    state = _ref$state === void 0 ? 'value' : _ref$state;
-  // isControlled is ignored in the hook dependency lists as it should never change.
-  var _React$useRef = react.useRef(controlled !== undefined),
-    isControlled = _React$useRef.current;
-  var _React$useState = react.useState(defaultProp),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    valueState = _React$useState2[0],
-    setValue = _React$useState2[1];
-  var value = isControlled ? controlled : valueState;
-  if (false) { var _React$useRef2, defaultValue; }
-  var setValueIfUncontrolled = react.useCallback(function (newValue) {
-    if (!isControlled) {
-      setValue(newValue);
-    }
-  }, []);
-  return [value, setValueIfUncontrolled];
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/useControlled.js
-
-/* harmony default export */ var utils_useControlled = (useControlled);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tooltip/tooltipClasses.js
-
-
-function getTooltipUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTooltip', slot);
-}
-var tooltipClasses = generateUtilityClasses('MuiTooltip', ['popper', 'popperInteractive', 'popperArrow', 'popperClose', 'tooltip', 'tooltipArrow', 'touch', 'tooltipPlacementLeft', 'tooltipPlacementRight', 'tooltipPlacementTop', 'tooltipPlacementBottom', 'arrow']);
-/* harmony default export */ var Tooltip_tooltipClasses = (tooltipClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tooltip/Tooltip.js
-
-
-
-
-var Tooltip_excluded = ["arrow", "children", "classes", "components", "componentsProps", "describeChild", "disableFocusListener", "disableHoverListener", "disableInteractive", "disableTouchListener", "enterDelay", "enterNextDelay", "enterTouchDelay", "followCursor", "id", "leaveDelay", "leaveTouchDelay", "onClose", "onOpen", "open", "placement", "PopperComponent", "PopperProps", "slotProps", "slots", "title", "TransitionComponent", "TransitionProps"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-function Tooltip_round(value) {
-  return Math.round(value * 1e5) / 1e5;
-}
-var Tooltip_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    disableInteractive = ownerState.disableInteractive,
-    arrow = ownerState.arrow,
-    touch = ownerState.touch,
-    placement = ownerState.placement;
-  var slots = {
-    popper: ['popper', !disableInteractive && 'popperInteractive', arrow && 'popperArrow'],
-    tooltip: ['tooltip', arrow && 'tooltipArrow', touch && 'touch', "tooltipPlacement".concat(utils_capitalize(placement.split('-')[0]))],
-    arrow: ['arrow']
-  };
-  return composeClasses(slots, getTooltipUtilityClass, classes);
-};
-var TooltipPopper = styles_styled(material_Popper_Popper, {
-  name: 'MuiTooltip',
-  slot: 'Popper',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.popper, !ownerState.disableInteractive && styles.popperInteractive, ownerState.arrow && styles.popperArrow, !ownerState.open && styles.popperClose];
-  }
-})(function (_ref9) {
-  var _ref10;
-  var theme = _ref9.theme,
-    ownerState = _ref9.ownerState,
-    open = _ref9.open;
-  return extends_extends({
-    zIndex: (theme.vars || theme).zIndex.tooltip,
-    pointerEvents: 'none'
-  }, !ownerState.disableInteractive && {
-    pointerEvents: 'auto'
-  }, !open && {
-    pointerEvents: 'none'
-  }, ownerState.arrow && (_ref10 = {}, defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"bottom\"] .".concat(Tooltip_tooltipClasses.arrow), {
-    top: 0,
-    marginTop: '-0.71em',
-    '&::before': {
-      transformOrigin: '0 100%'
-    }
-  }), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"top\"] .".concat(Tooltip_tooltipClasses.arrow), {
-    bottom: 0,
-    marginBottom: '-0.71em',
-    '&::before': {
-      transformOrigin: '100% 0'
-    }
-  }), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"right\"] .".concat(Tooltip_tooltipClasses.arrow), extends_extends({}, !ownerState.isRtl ? {
-    left: 0,
-    marginLeft: '-0.71em'
-  } : {
-    right: 0,
-    marginRight: '-0.71em'
-  }, {
-    height: '1em',
-    width: '0.71em',
-    '&::before': {
-      transformOrigin: '100% 100%'
-    }
-  })), defineProperty_defineProperty(_ref10, "&[data-popper-placement*=\"left\"] .".concat(Tooltip_tooltipClasses.arrow), extends_extends({}, !ownerState.isRtl ? {
-    right: 0,
-    marginRight: '-0.71em'
-  } : {
-    left: 0,
-    marginLeft: '-0.71em'
-  }, {
-    height: '1em',
-    width: '0.71em',
-    '&::before': {
-      transformOrigin: '0 0'
-    }
-  })), _ref10));
-});
-var TooltipTooltip = styles_styled('div', {
-  name: 'MuiTooltip',
-  slot: 'Tooltip',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.tooltip, ownerState.touch && styles.touch, ownerState.arrow && styles.tooltipArrow, styles["tooltipPlacement".concat(utils_capitalize(ownerState.placement.split('-')[0]))]];
-  }
-})(function (_ref11) {
-  var _extends2;
-  var theme = _ref11.theme,
-    ownerState = _ref11.ownerState;
-  return extends_extends({
-    backgroundColor: theme.vars ? theme.vars.palette.Tooltip.bg : alpha(theme.palette.grey[700], 0.92),
-    borderRadius: (theme.vars || theme).shape.borderRadius,
-    color: (theme.vars || theme).palette.common.white,
-    fontFamily: theme.typography.fontFamily,
-    padding: '4px 8px',
-    fontSize: theme.typography.pxToRem(11),
-    maxWidth: 300,
-    margin: 2,
-    wordWrap: 'break-word',
-    fontWeight: theme.typography.fontWeightMedium
-  }, ownerState.arrow && {
-    position: 'relative',
-    margin: 0
-  }, ownerState.touch && {
-    padding: '8px 16px',
-    fontSize: theme.typography.pxToRem(14),
-    lineHeight: "".concat(Tooltip_round(16 / 14), "em"),
-    fontWeight: theme.typography.fontWeightRegular
-  }, (_extends2 = {}, defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"left\"] &"), extends_extends({
-    transformOrigin: 'right center'
-  }, !ownerState.isRtl ? extends_extends({
-    marginRight: '14px'
-  }, ownerState.touch && {
-    marginRight: '24px'
-  }) : extends_extends({
-    marginLeft: '14px'
-  }, ownerState.touch && {
-    marginLeft: '24px'
-  }))), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"right\"] &"), extends_extends({
-    transformOrigin: 'left center'
-  }, !ownerState.isRtl ? extends_extends({
-    marginLeft: '14px'
-  }, ownerState.touch && {
-    marginLeft: '24px'
-  }) : extends_extends({
-    marginRight: '14px'
-  }, ownerState.touch && {
-    marginRight: '24px'
-  }))), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"top\"] &"), extends_extends({
-    transformOrigin: 'center bottom',
-    marginBottom: '14px'
-  }, ownerState.touch && {
-    marginBottom: '24px'
-  })), defineProperty_defineProperty(_extends2, ".".concat(Tooltip_tooltipClasses.popper, "[data-popper-placement*=\"bottom\"] &"), extends_extends({
-    transformOrigin: 'center top',
-    marginTop: '14px'
-  }, ownerState.touch && {
-    marginTop: '24px'
-  })), _extends2));
-});
-var TooltipArrow = styles_styled('span', {
-  name: 'MuiTooltip',
-  slot: 'Arrow',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.arrow;
-  }
-})(function (_ref12) {
-  var theme = _ref12.theme;
-  return {
-    overflow: 'hidden',
-    position: 'absolute',
-    width: '1em',
-    height: '0.71em' /* = width / sqrt(2) = (length of the hypotenuse) */,
-    boxSizing: 'border-box',
-    color: theme.vars ? theme.vars.palette.Tooltip.bg : alpha(theme.palette.grey[700], 0.9),
-    '&::before': {
-      content: '""',
-      margin: 'auto',
-      display: 'block',
-      width: '100%',
-      height: '100%',
-      backgroundColor: 'currentColor',
-      transform: 'rotate(45deg)'
-    }
-  };
-});
-var hystersisOpen = false;
-var hystersisTimer = null;
-var cursorPosition = {
-  x: 0,
-  y: 0
-};
-function testReset() {
-  hystersisOpen = false;
-  clearTimeout(hystersisTimer);
-}
-function composeEventHandler(handler, eventHandler) {
-  return function (event) {
-    if (eventHandler) {
-      eventHandler(event);
-    }
-    handler(event);
-  };
-}
-
-// TODO v6: Remove PopperComponent, PopperProps, TransitionComponent and TransitionProps.
-var Tooltip_Tooltip = /*#__PURE__*/react.forwardRef(function Tooltip(inProps, ref) {
-  var _ref, _slots$popper, _ref2, _ref3, _slots$transition, _ref4, _slots$tooltip, _ref5, _slots$arrow, _slotProps$popper, _ref6, _slotProps$popper2, _slotProps$transition, _slotProps$tooltip, _ref7, _slotProps$tooltip2, _slotProps$arrow, _ref8, _slotProps$arrow2;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTooltip'
-  });
-  var _props$arrow = props.arrow,
-    arrow = _props$arrow === void 0 ? false : _props$arrow,
-    children = props.children,
-    _props$components = props.components,
-    components = _props$components === void 0 ? {} : _props$components,
-    _props$componentsProp = props.componentsProps,
-    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
-    _props$describeChild = props.describeChild,
-    describeChild = _props$describeChild === void 0 ? false : _props$describeChild,
-    _props$disableFocusLi = props.disableFocusListener,
-    disableFocusListener = _props$disableFocusLi === void 0 ? false : _props$disableFocusLi,
-    _props$disableHoverLi = props.disableHoverListener,
-    disableHoverListener = _props$disableHoverLi === void 0 ? false : _props$disableHoverLi,
-    _props$disableInterac = props.disableInteractive,
-    disableInteractiveProp = _props$disableInterac === void 0 ? false : _props$disableInterac,
-    _props$disableTouchLi = props.disableTouchListener,
-    disableTouchListener = _props$disableTouchLi === void 0 ? false : _props$disableTouchLi,
-    _props$enterDelay = props.enterDelay,
-    enterDelay = _props$enterDelay === void 0 ? 100 : _props$enterDelay,
-    _props$enterNextDelay = props.enterNextDelay,
-    enterNextDelay = _props$enterNextDelay === void 0 ? 0 : _props$enterNextDelay,
-    _props$enterTouchDela = props.enterTouchDelay,
-    enterTouchDelay = _props$enterTouchDela === void 0 ? 700 : _props$enterTouchDela,
-    _props$followCursor = props.followCursor,
-    followCursor = _props$followCursor === void 0 ? false : _props$followCursor,
-    idProp = props.id,
-    _props$leaveDelay = props.leaveDelay,
-    leaveDelay = _props$leaveDelay === void 0 ? 0 : _props$leaveDelay,
-    _props$leaveTouchDela = props.leaveTouchDelay,
-    leaveTouchDelay = _props$leaveTouchDela === void 0 ? 1500 : _props$leaveTouchDela,
-    onClose = props.onClose,
-    onOpen = props.onOpen,
-    openProp = props.open,
-    _props$placement = props.placement,
-    placement = _props$placement === void 0 ? 'bottom' : _props$placement,
-    PopperComponentProp = props.PopperComponent,
-    _props$PopperProps = props.PopperProps,
-    PopperProps = _props$PopperProps === void 0 ? {} : _props$PopperProps,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    title = props.title,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponentProp = _props$TransitionComp === void 0 ? Grow_Grow : _props$TransitionComp,
-    TransitionProps = props.TransitionProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tooltip_excluded);
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var _React$useState = react.useState(),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    childNode = _React$useState2[0],
-    setChildNode = _React$useState2[1];
-  var _React$useState3 = react.useState(null),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    arrowRef = _React$useState4[0],
-    setArrowRef = _React$useState4[1];
-  var ignoreNonTouchEvents = react.useRef(false);
-  var disableInteractive = disableInteractiveProp || followCursor;
-  var closeTimer = react.useRef();
-  var enterTimer = react.useRef();
-  var leaveTimer = react.useRef();
-  var touchTimer = react.useRef();
-  var _useControlled = utils_useControlled({
-      controlled: openProp,
-      default: false,
-      name: 'Tooltip',
-      state: 'open'
-    }),
-    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
-    openState = _useControlled2[0],
-    setOpenState = _useControlled2[1];
-  var open = openState;
-  if (false) { var _React$useRef, isControlled; }
-  var id = utils_useId(idProp);
-  var prevUserSelect = react.useRef();
-  var stopTouchInteraction = react.useCallback(function () {
-    if (prevUserSelect.current !== undefined) {
-      document.body.style.WebkitUserSelect = prevUserSelect.current;
-      prevUserSelect.current = undefined;
-    }
-    clearTimeout(touchTimer.current);
-  }, []);
-  react.useEffect(function () {
-    return function () {
-      clearTimeout(closeTimer.current);
-      clearTimeout(enterTimer.current);
-      clearTimeout(leaveTimer.current);
-      stopTouchInteraction();
-    };
-  }, [stopTouchInteraction]);
-  var handleOpen = function handleOpen(event) {
-    clearTimeout(hystersisTimer);
-    hystersisOpen = true;
-
-    // The mouseover event will trigger for every nested element in the tooltip.
-    // We can skip rerendering when the tooltip is already open.
-    // We are using the mouseover event instead of the mouseenter event to fix a hide/show issue.
-    setOpenState(true);
-    if (onOpen && !open) {
-      onOpen(event);
-    }
-  };
-  var handleClose = utils_useEventCallback(
-  /**
-   * @param {React.SyntheticEvent | Event} event
-   */
-  function (event) {
-    clearTimeout(hystersisTimer);
-    hystersisTimer = setTimeout(function () {
-      hystersisOpen = false;
-    }, 800 + leaveDelay);
-    setOpenState(false);
-    if (onClose && open) {
-      onClose(event);
-    }
-    clearTimeout(closeTimer.current);
-    closeTimer.current = setTimeout(function () {
-      ignoreNonTouchEvents.current = false;
-    }, theme.transitions.duration.shortest);
-  });
-  var handleEnter = function handleEnter(event) {
-    if (ignoreNonTouchEvents.current && event.type !== 'touchstart') {
-      return;
-    }
-
-    // Remove the title ahead of time.
-    // We don't want to wait for the next render commit.
-    // We would risk displaying two tooltips at the same time (native + this one).
-    if (childNode) {
-      childNode.removeAttribute('title');
-    }
-    clearTimeout(enterTimer.current);
-    clearTimeout(leaveTimer.current);
-    if (enterDelay || hystersisOpen && enterNextDelay) {
-      enterTimer.current = setTimeout(function () {
-        handleOpen(event);
-      }, hystersisOpen ? enterNextDelay : enterDelay);
-    } else {
-      handleOpen(event);
-    }
-  };
-  var handleLeave = function handleLeave(event) {
-    clearTimeout(enterTimer.current);
-    clearTimeout(leaveTimer.current);
-    leaveTimer.current = setTimeout(function () {
-      handleClose(event);
-    }, leaveDelay);
-  };
-  var _useIsFocusVisible = utils_useIsFocusVisible(),
-    isFocusVisibleRef = _useIsFocusVisible.isFocusVisibleRef,
-    handleBlurVisible = _useIsFocusVisible.onBlur,
-    handleFocusVisible = _useIsFocusVisible.onFocus,
-    focusVisibleRef = _useIsFocusVisible.ref;
-  // We don't necessarily care about the focusVisible state (which is safe to access via ref anyway).
-  // We just need to re-render the Tooltip if the focus-visible state changes.
-  var _React$useState5 = react.useState(false),
-    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
-    setChildIsFocusVisible = _React$useState6[1];
-  var handleBlur = function handleBlur(event) {
-    handleBlurVisible(event);
-    if (isFocusVisibleRef.current === false) {
-      setChildIsFocusVisible(false);
-      handleLeave(event);
-    }
-  };
-  var handleFocus = function handleFocus(event) {
-    // Workaround for https://github.com/facebook/react/issues/7769
-    // The autoFocus of React might trigger the event before the componentDidMount.
-    // We need to account for this eventuality.
-    if (!childNode) {
-      setChildNode(event.currentTarget);
-    }
-    handleFocusVisible(event);
-    if (isFocusVisibleRef.current === true) {
-      setChildIsFocusVisible(true);
-      handleEnter(event);
-    }
-  };
-  var detectTouchStart = function detectTouchStart(event) {
-    ignoreNonTouchEvents.current = true;
-    var childrenProps = children.props;
-    if (childrenProps.onTouchStart) {
-      childrenProps.onTouchStart(event);
-    }
-  };
-  var handleMouseOver = handleEnter;
-  var handleMouseLeave = handleLeave;
-  var handleTouchStart = function handleTouchStart(event) {
-    detectTouchStart(event);
-    clearTimeout(leaveTimer.current);
-    clearTimeout(closeTimer.current);
-    stopTouchInteraction();
-    prevUserSelect.current = document.body.style.WebkitUserSelect;
-    // Prevent iOS text selection on long-tap.
-    document.body.style.WebkitUserSelect = 'none';
-    touchTimer.current = setTimeout(function () {
-      document.body.style.WebkitUserSelect = prevUserSelect.current;
-      handleEnter(event);
-    }, enterTouchDelay);
-  };
-  var handleTouchEnd = function handleTouchEnd(event) {
-    if (children.props.onTouchEnd) {
-      children.props.onTouchEnd(event);
-    }
-    stopTouchInteraction();
-    clearTimeout(leaveTimer.current);
-    leaveTimer.current = setTimeout(function () {
-      handleClose(event);
-    }, leaveTouchDelay);
-  };
-  react.useEffect(function () {
-    if (!open) {
-      return undefined;
-    }
-
-    /**
-     * @param {KeyboardEvent} nativeEvent
-     */
-    function handleKeyDown(nativeEvent) {
-      // IE11, Edge (prior to using Bink?) use 'Esc'
-      if (nativeEvent.key === 'Escape' || nativeEvent.key === 'Esc') {
-        handleClose(nativeEvent);
-      }
-    }
-    document.addEventListener('keydown', handleKeyDown);
-    return function () {
-      document.removeEventListener('keydown', handleKeyDown);
-    };
-  }, [handleClose, open]);
-  var handleRef = utils_useForkRef(children.ref, focusVisibleRef, setChildNode, ref);
-
-  // There is no point in displaying an empty tooltip.
-  if (!title && title !== 0) {
-    open = false;
-  }
-  var popperRef = react.useRef();
-  var handleMouseMove = function handleMouseMove(event) {
-    var childrenProps = children.props;
-    if (childrenProps.onMouseMove) {
-      childrenProps.onMouseMove(event);
-    }
-    cursorPosition = {
-      x: event.clientX,
-      y: event.clientY
-    };
-    if (popperRef.current) {
-      popperRef.current.update();
-    }
-  };
-  var nameOrDescProps = {};
-  var titleIsString = typeof title === 'string';
-  if (describeChild) {
-    nameOrDescProps.title = !open && titleIsString && !disableHoverListener ? title : null;
-    nameOrDescProps['aria-describedby'] = open ? id : null;
-  } else {
-    nameOrDescProps['aria-label'] = titleIsString ? title : null;
-    nameOrDescProps['aria-labelledby'] = open && !titleIsString ? id : null;
-  }
-  var childrenProps = extends_extends({}, nameOrDescProps, other, children.props, {
-    className: clsx_m(other.className, children.props.className),
-    onTouchStart: detectTouchStart,
-    ref: handleRef
-  }, followCursor ? {
-    onMouseMove: handleMouseMove
-  } : {});
-  if (false) {}
-  var interactiveWrapperListeners = {};
-  if (!disableTouchListener) {
-    childrenProps.onTouchStart = handleTouchStart;
-    childrenProps.onTouchEnd = handleTouchEnd;
-  }
-  if (!disableHoverListener) {
-    childrenProps.onMouseOver = composeEventHandler(handleMouseOver, childrenProps.onMouseOver);
-    childrenProps.onMouseLeave = composeEventHandler(handleMouseLeave, childrenProps.onMouseLeave);
-    if (!disableInteractive) {
-      interactiveWrapperListeners.onMouseOver = handleMouseOver;
-      interactiveWrapperListeners.onMouseLeave = handleMouseLeave;
-    }
-  }
-  if (!disableFocusListener) {
-    childrenProps.onFocus = composeEventHandler(handleFocus, childrenProps.onFocus);
-    childrenProps.onBlur = composeEventHandler(handleBlur, childrenProps.onBlur);
-    if (!disableInteractive) {
-      interactiveWrapperListeners.onFocus = handleFocus;
-      interactiveWrapperListeners.onBlur = handleBlur;
-    }
-  }
-  if (false) {}
-  var popperOptions = react.useMemo(function () {
-    var _PopperProps$popperOp;
-    var tooltipModifiers = [{
-      name: 'arrow',
-      enabled: Boolean(arrowRef),
-      options: {
-        element: arrowRef,
-        padding: 4
-      }
-    }];
-    if ((_PopperProps$popperOp = PopperProps.popperOptions) != null && _PopperProps$popperOp.modifiers) {
-      tooltipModifiers = tooltipModifiers.concat(PopperProps.popperOptions.modifiers);
-    }
-    return extends_extends({}, PopperProps.popperOptions, {
-      modifiers: tooltipModifiers
-    });
-  }, [arrowRef, PopperProps]);
-  var ownerState = extends_extends({}, props, {
-    isRtl: isRtl,
-    arrow: arrow,
-    disableInteractive: disableInteractive,
-    placement: placement,
-    PopperComponentProp: PopperComponentProp,
-    touch: ignoreNonTouchEvents.current
-  });
-  var classes = Tooltip_useUtilityClasses(ownerState);
-  var PopperComponent = (_ref = (_slots$popper = slots.popper) != null ? _slots$popper : components.Popper) != null ? _ref : TooltipPopper;
-  var TransitionComponent = (_ref2 = (_ref3 = (_slots$transition = slots.transition) != null ? _slots$transition : components.Transition) != null ? _ref3 : TransitionComponentProp) != null ? _ref2 : Grow_Grow;
-  var TooltipComponent = (_ref4 = (_slots$tooltip = slots.tooltip) != null ? _slots$tooltip : components.Tooltip) != null ? _ref4 : TooltipTooltip;
-  var ArrowComponent = (_ref5 = (_slots$arrow = slots.arrow) != null ? _slots$arrow : components.Arrow) != null ? _ref5 : TooltipArrow;
-  var popperProps = appendOwnerState(PopperComponent, extends_extends({}, PopperProps, (_slotProps$popper = slotProps.popper) != null ? _slotProps$popper : componentsProps.popper, {
-    className: clsx_m(classes.popper, PopperProps == null ? void 0 : PopperProps.className, (_ref6 = (_slotProps$popper2 = slotProps.popper) != null ? _slotProps$popper2 : componentsProps.popper) == null ? void 0 : _ref6.className)
-  }), ownerState);
-  var transitionProps = appendOwnerState(TransitionComponent, extends_extends({}, TransitionProps, (_slotProps$transition = slotProps.transition) != null ? _slotProps$transition : componentsProps.transition), ownerState);
-  var tooltipProps = appendOwnerState(TooltipComponent, extends_extends({}, (_slotProps$tooltip = slotProps.tooltip) != null ? _slotProps$tooltip : componentsProps.tooltip, {
-    className: clsx_m(classes.tooltip, (_ref7 = (_slotProps$tooltip2 = slotProps.tooltip) != null ? _slotProps$tooltip2 : componentsProps.tooltip) == null ? void 0 : _ref7.className)
-  }), ownerState);
-  var tooltipArrowProps = appendOwnerState(ArrowComponent, extends_extends({}, (_slotProps$arrow = slotProps.arrow) != null ? _slotProps$arrow : componentsProps.arrow, {
-    className: clsx_m(classes.arrow, (_ref8 = (_slotProps$arrow2 = slotProps.arrow) != null ? _slotProps$arrow2 : componentsProps.arrow) == null ? void 0 : _ref8.className)
-  }), ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-    children: [/*#__PURE__*/react.cloneElement(children, childrenProps), /*#__PURE__*/(0,jsx_runtime.jsx)(PopperComponent, extends_extends({
-      as: PopperComponentProp != null ? PopperComponentProp : material_Popper_Popper,
-      placement: placement,
-      anchorEl: followCursor ? {
-        getBoundingClientRect: function getBoundingClientRect() {
-          return {
-            top: cursorPosition.y,
-            left: cursorPosition.x,
-            right: cursorPosition.x,
-            bottom: cursorPosition.y,
-            width: 0,
-            height: 0
-          };
-        }
-      } : childNode,
-      popperRef: popperRef,
-      open: childNode ? open : false,
-      id: id,
-      transition: true
-    }, interactiveWrapperListeners, popperProps, {
-      popperOptions: popperOptions,
-      children: function children(_ref13) {
-        var TransitionPropsInner = _ref13.TransitionProps;
-        return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-          timeout: theme.transitions.duration.shorter
-        }, TransitionPropsInner, transitionProps, {
-          children: /*#__PURE__*/(0,jsx_runtime.jsxs)(TooltipComponent, extends_extends({}, tooltipProps, {
-            children: [title, arrow ? /*#__PURE__*/(0,jsx_runtime.jsx)(ArrowComponent, extends_extends({}, tooltipArrowProps, {
-              ref: setArrowRef
-            })) : null]
-          }))
-        }));
-      }
-    }))]
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var material_Tooltip_Tooltip = (Tooltip_Tooltip);
-;// CONCATENATED MODULE: ./src/loadscript.ts
-var loadedScripts=new Map();var loadScript=function loadScript(fileUrl){var async=arguments.length>1&&arguments[1]!==undefined?arguments[1]:true;var type=arguments.length>2&&arguments[2]!==undefined?arguments[2]:"text/javascript";if(loadedScripts.has(fileUrl)){return loadedScripts.get(fileUrl);}var p=new Promise(function(resolve,reject){try{var scriptEle=document.createElement("script");scriptEle.type=type;scriptEle.async=async;scriptEle.src=fileUrl;scriptEle.addEventListener("load",function(ev){resolve({status:true});});scriptEle.addEventListener("error",function(ev){reject({status:false,message:"Failed to load the script \uFF04{FILE_URL}"});});document.body.appendChild(scriptEle);}catch(error){reject(error);}});loadedScripts.set(fileUrl,p);return p;};
-;// CONCATENATED MODULE: ./src/utils/misc.ts
-function getLastPathElement(url){if(url===undefined){return undefined;}if(!url){return"";}var s=url.split("/");return s[s.length-1];}function sleep(ms){return new Promise(function(resolve){return setTimeout(resolve,ms);});}
-;// CONCATENATED MODULE: ./src/api.tsx
-var staticPath="./staticdata";var ObjectType=/*#__PURE__*/function(ObjectType){ObjectType["Rendered"]="rendered";ObjectType["Remote"]="remote";ObjectType["Applied"]="applied";return ObjectType;}({});function checkStaticBuild(){return _checkStaticBuild.apply(this,arguments);}function _checkStaticBuild(){_checkStaticBuild=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee19(){var p;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee19$(_context19){while(1)switch(_context19.prev=_context19.next){case 0:p=loadScript(staticPath+"/summaries.js");_context19.prev=1;_context19.next=4;return p;case 4:return _context19.abrupt("return",true);case 7:_context19.prev=7;_context19.t0=_context19["catch"](1);return _context19.abrupt("return",false);case 10:case"end":return _context19.stop();}},_callee19,null,[[1,7]]);}));return _checkStaticBuild.apply(this,arguments);}var RealApi=/*#__PURE__*/function(){function RealApi(getToken,onUnauthorized,onTokenRefresh){classCallCheck_classCallCheck(this,RealApi);this.getToken=void 0;this.onUnauthorized=void 0;this.onTokenRefresh=void 0;this.getToken=getToken;this.onUnauthorized=onUnauthorized;this.onTokenRefresh=onTokenRefresh;}createClass_createClass(RealApi,[{key:"setAuthorizationHeader",value:function setAuthorizationHeader(headers){if(!this.getToken){return;}headers['Authorization']="Bearer "+this.getToken();}},{key:"refreshToken",value:function(){var _refreshToken=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var headers,resp,j;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:headers={'Accept':'application/json'};this.setAuthorizationHeader(headers);_context.next=4;return fetch("/auth/refresh",{method:"POST",headers:headers});case 4:resp=_context.sent;if(!(resp.status===401)){_context.next=8;break;}if(this.onUnauthorized){this.onUnauthorized();}throw Error(resp.statusText);case 8:_context.next=10;return resp.json();case 10:j=_context.sent;if(this.onTokenRefresh){this.onTokenRefresh(j.token);}case 12:case"end":return _context.stop();}},_callee,this);}));function refreshToken(){return _refreshToken.apply(this,arguments);}return refreshToken;}()},{key:"handleErrors",value:function(){var _handleErrors=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(response,retry){var newResp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:if(response.ok){_context2.next=16;break;}if(!(response.status===401)){_context2.next=15;break;}if(!(this.getToken&&retry)){_context2.next=14;break;}console.log("retrying with token refresh");_context2.next=6;return this.refreshToken();case 6:_context2.next=8;return retry();case 8:newResp=_context2.sent;_context2.next=11;return this.handleErrors(newResp);case 11:return _context2.abrupt("return",_context2.sent);case 14:if(this.onUnauthorized){this.onUnauthorized();}case 15:throw Error(response.statusText);case 16:return _context2.abrupt("return",response);case 17:case"end":return _context2.stop();}},_callee2,this);}));function handleErrors(_x,_x2){return _handleErrors.apply(this,arguments);}return handleErrors;}()},{key:"doGet",value:function(){var _doGet=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee3(path,params){var _this=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee3$(_context3){while(1)switch(_context3.prev=_context3.next){case 0:url=path;if(params){url+="?"+params.toString();}doFetch=function doFetch(){var headers={'Accept':'application/json'};_this.setAuthorizationHeader(headers);return fetch(url,{method:"GET",headers:headers});};_context3.next=5;return doFetch();case 5:resp=_context3.sent;_context3.next=8;return this.handleErrors(resp,doFetch);case 8:resp=_context3.sent;return _context3.abrupt("return",resp.json());case 10:case"end":return _context3.stop();}},_callee3,this);}));function doGet(_x3,_x4){return _doGet.apply(this,arguments);}return doGet;}()},{key:"doPost",value:function(){var _doPost=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee4(path,body){var _this2=this;var url,doFetch,resp;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee4$(_context4){while(1)switch(_context4.prev=_context4.next){case 0:url=path;doFetch=function doFetch(){var headers={'Accept':'application/json','Content-Type':'application/json'};_this2.setAuthorizationHeader(headers);return fetch(url,{method:"POST",body:JSON.stringify(body),headers:headers});};_context4.next=4;return doFetch();case 4:resp=_context4.sent;_context4.next=7;return this.handleErrors(resp,doFetch);case 7:resp=_context4.sent;return _context4.abrupt("return",resp);case 9:case"end":return _context4.stop();}},_callee4,this);}));function doPost(_x5,_x6){return _doPost.apply(this,arguments);}return doPost;}()},{key:"getShortNames",value:function(){var _getShortNames=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee5(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee5$(_context5){while(1)switch(_context5.prev=_context5.next){case 0:return _context5.abrupt("return",this.doGet("/api/getShortNames"));case 1:case"end":return _context5.stop();}},_callee5,this);}));function getShortNames(){return _getShortNames.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee7(filterProject,filterSubDir,handle){var host,proto,url,params,getToken,ws,cancelled,connect;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee7$(_context7){while(1)switch(_context7.prev=_context7.next){case 0:host=window.location.host;proto="wss";if(false){}if(window.location.protocol!=="https:"){proto="ws";}url="".concat(proto,"://").concat(host,"/api/ws");params=new URLSearchParams();if(filterProject){params.set("filterProject",filterProject);}if(filterSubDir){params.set("filterSubDir",filterSubDir);}url+="?"+params.toString();getToken=this.getToken;cancelled=false;connect=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee6(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee6$(_context6){while(1)switch(_context6.prev=_context6.next){case 0:if(!cancelled){_context6.next=2;break;}return _context6.abrupt("return");case 2:console.log("ws connect: "+url);ws=new WebSocket(url);ws.onopen=function(){console.log("ws connected");if(getToken){ws.send(JSON.stringify({"type":"auth","token":getToken()}));}};ws.onclose=function(event){console.log("ws close");if(!cancelled){sleep(5000).then(connect);}};ws.onerror=function(event){console.log("ws error",event);};ws.onmessage=function(event){if(cancelled){return;}var msg=JSON.parse(event.data);handle(msg);};case 8:case"end":return _context6.stop();}},_callee6);}));return function connect(){return _ref.apply(this,arguments);};}();_context7.next=14;return connect();case 14:return _context7.abrupt("return",function(){console.log("ws cancel");cancelled=true;if(ws){ws.close();}});case 15:case"end":return _context7.stop();}},_callee7,this);}));function listenUpdates(_x7,_x8,_x9){return _listenUpdates.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee8(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee8$(_context8){while(1)switch(_context8.prev=_context8.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context8.next=4;return this.doGet("/api/getResult",params);case 4:json=_context8.sent;return _context8.abrupt("return",new CommandResult(json));case 6:case"end":return _context8.stop();}},_callee8,this);}));function getResult(_x10){return _getResult.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee9(resultId){var params,json;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee9$(_context9){while(1)switch(_context9.prev=_context9.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);_context9.next=4;return this.doGet("/api/getResultSummary",params);case 4:json=_context9.sent;return _context9.abrupt("return",new CommandResultSummary(json));case 6:case"end":return _context9.stop();}},_callee9,this);}));function getResultSummary(_x11){return _getResultSummary.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee10(resultId,ref,objectType){var params;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee10$(_context10){while(1)switch(_context10.prev=_context10.next){case 0:params=new URLSearchParams();params.set("resultId",resultId);params.set("objectType",objectType);buildRefParams(ref,params);_context10.next=6;return this.doGet("/api/getResultObject",params);case 6:return _context10.abrupt("return",_context10.sent);case 7:case"end":return _context10.stop();}},_callee10,this);}));function getResultObject(_x12,_x13,_x14){return _getResultObject.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function(){var _validateNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee11(project,target){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee11$(_context11){while(1)switch(_context11.prev=_context11.next){case 0:return _context11.abrupt("return",this.doPost("/api/validateNow",{"project":project,"target":target}));case 1:case"end":return _context11.stop();}},_callee11,this);}));function validateNow(_x15,_x16){return _validateNow.apply(this,arguments);}return validateNow;}()},{key:"deployNow",value:function(){var _deployNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee12(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee12$(_context12){while(1)switch(_context12.prev=_context12.next){case 0:return _context12.abrupt("return",this.doPost("/api/deployNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context12.stop();}},_callee12,this);}));function deployNow(_x17,_x18,_x19){return _deployNow.apply(this,arguments);}return deployNow;}()},{key:"reconcileNow",value:function(){var _reconcileNow=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee13(cluster,name,namespace){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee13$(_context13){while(1)switch(_context13.prev=_context13.next){case 0:return _context13.abrupt("return",this.doPost("/api/reconcileNow",{"cluster":cluster,"name":name,"namespace":namespace}));case 1:case"end":return _context13.stop();}},_callee13,this);}));function reconcileNow(_x20,_x21,_x22){return _reconcileNow.apply(this,arguments);}return reconcileNow;}()}]);return RealApi;}();var StaticApi=/*#__PURE__*/function(){function StaticApi(){classCallCheck_classCallCheck(this,StaticApi);}createClass_createClass(StaticApi,[{key:"getShortNames",value:function(){var _getShortNames2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee14(){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee14$(_context14){while(1)switch(_context14.prev=_context14.next){case 0:_context14.next=2;return loadScript(staticPath+"/shortnames.js");case 2:return _context14.abrupt("return",staticShortNames);case 3:case"end":return _context14.stop();}},_callee14);}));function getShortNames(){return _getShortNames2.apply(this,arguments);}return getShortNames;}()},{key:"listenUpdates",value:function(){var _listenUpdates2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee15(filterProject,filterSubDir,handle){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee15$(_context15){while(1)switch(_context15.prev=_context15.next){case 0:_context15.next=2;return loadScript(staticPath+"/summaries.js");case 2:staticSummaries.forEach(function(rs){if(filterProject&&filterProject!==rs.project.normalizedGitUrl){return;}if(filterSubDir&&filterSubDir!==rs.project.subDir){return;}handle({"type":"update_summary","summary":rs});});return _context15.abrupt("return",function(){});case 4:case"end":return _context15.stop();}},_callee15);}));function listenUpdates(_x23,_x24,_x25){return _listenUpdates2.apply(this,arguments);}return listenUpdates;}()},{key:"getResult",value:function(){var _getResult2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee16(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee16$(_context16){while(1)switch(_context16.prev=_context16.next){case 0:_context16.next=2;return loadScript(staticPath+"/result-".concat(resultId,".js"));case 2:return _context16.abrupt("return",staticResults.get(resultId));case 3:case"end":return _context16.stop();}},_callee16);}));function getResult(_x26){return _getResult2.apply(this,arguments);}return getResult;}()},{key:"getResultSummary",value:function(){var _getResultSummary2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee17(resultId){return regeneratorRuntime_regeneratorRuntime().wrap(function _callee17$(_context17){while(1)switch(_context17.prev=_context17.next){case 0:_context17.next=2;return loadScript(staticPath+"/summaries.js");case 2:return _context17.abrupt("return",staticSummaries.filter(function(s){return s.id===resultId;}).at(0));case 3:case"end":return _context17.stop();}},_callee17);}));function getResultSummary(_x27){return _getResultSummary2.apply(this,arguments);}return getResultSummary;}()},{key:"getResultObject",value:function(){var _getResultObject2=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee18(resultId,ref,objectType){var _result$objects;var result,object;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee18$(_context18){while(1)switch(_context18.prev=_context18.next){case 0:_context18.next=2;return this.getResult(resultId);case 2:result=_context18.sent;object=(_result$objects=result.objects)===null||_result$objects===void 0?void 0:_result$objects.find(function(x){return lodash_default().isEqual(x.ref,ref);});if(object){_context18.next=6;break;}throw new Error("object not found");case 6:_context18.t0=objectType;_context18.next=_context18.t0===ObjectType.Rendered?9:_context18.t0===ObjectType.Remote?10:_context18.t0===ObjectType.Applied?11:12;break;case 9:return _context18.abrupt("return",object.rendered);case 10:return _context18.abrupt("return",object.remote);case 11:return _context18.abrupt("return",object.applied);case 12:throw new Error("unknown object type "+objectType);case 13:case"end":return _context18.stop();}},_callee18,this);}));function getResultObject(_x28,_x29,_x30){return _getResultObject2.apply(this,arguments);}return getResultObject;}()},{key:"validateNow",value:function validateNow(project,target){throw new Error("not implemented");}},{key:"reconcileNow",value:function reconcileNow(cluster,name,namespace){throw new Error("not implemented");}},{key:"deployNow",value:function deployNow(cluster,name,namespace){throw new Error("not implemented");}}]);return StaticApi;}();function buildRefParams(ref,params){params.set("kind",ref.kind);params.set("name",ref.name);if(ref.group){params.set("group",ref.group);}if(ref.version){params.set("version",ref.version);}if(ref.namespace){params.set("namespace",ref.namespace);}}function buildRefString(ref){if(ref.namespace){return"".concat(ref.namespace,"/").concat(ref.kind,"/").concat(ref.name);}else{if(ref.name){return"".concat(ref.kind,"/").concat(ref.name);}else{return ref.kind;}}}function buildRefKindElement(ref,element){var tooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{zIndex:1000,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["ApiVersion: ",[ref.group,ref.version].filter(function(x){return x;}).join("/")]}),/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),/*#__PURE__*/(0,jsx_runtime.jsxs)(Typography_Typography,{children:["Kind: ",ref.kind]})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip,children:element?element:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.kind})});}function buildObjectRefFromObject(obj){var apiVersion=obj.apiVersion;var s=apiVersion.split("/",2);var ref=new ObjectRef();if(s.length===1){ref.version=s[0];}else{ref.group=s[0];ref.version=s[1];}ref.kind=obj.kind;ref.namespace=obj.metadata.namespace;ref.name=obj.metadata.name;return ref;}function findObjectByRef(l,ref,filter){return l===null||l===void 0?void 0:l.find(function(x){if(filter&&!filter(x)){return false;}return lodash_default().isEqual(x.ref,ref);});}
-;// CONCATENATED MODULE: ./src/project-summaries.ts
-function compareSummaries(a,b){return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime)||b.commandInfo.endTime.localeCompare(b.commandInfo.endTime)||(b.commandInfo.command||"").localeCompare(a.commandInfo.command||"");}function buildProjectSummaries(summaries,validateResults){var sorted=Array.from(summaries.values());sorted.sort(compareSummaries);var m=new Map();sorted.forEach(function(rs){var projectKey=JSON.stringify(rs.projectKey);var p=m.get(projectKey);if(!p){p={project:rs.projectKey,targets:[]};m.set(projectKey,p);}var ptKey=new ProjectTargetKey();ptKey.project=rs.projectKey;ptKey.target=rs.targetKey;var vr=validateResults.get(JSON.stringify(ptKey));var target=p.targets.find(function(t){return lodash_default().isEqual(t.target,rs.targetKey);});if(!target){target={target:rs.targetKey,lastValidateResult:vr,commandResults:[]};p.targets.push(target);}target.commandResults.push(rs);});var ret=[];m.forEach(function(p){p.targets.sort(function(a,b){var _ref;return(a.target.targetName||"").localeCompare(b.target.targetName||"")||a.target.clusterId.localeCompare(b.target.clusterId)||((_ref=a.target.discriminator||"")===null||_ref===void 0?void 0:_ref.localeCompare(b.target.discriminator||""));});ret.push(p);});ret.sort(function(a,b){return(a.project.gitRepoKey||"").localeCompare(b.project.gitRepoKey||"")||(a.project.subDir||"").localeCompare(b.project.subDir||"");});return ret;}
-;// CONCATENATED MODULE: ./src/components/Login.tsx
-//import './Login.css';
-function loginUser(_x){return _loginUser.apply(this,arguments);}function _loginUser(){_loginUser=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee2(creds){var url;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee2$(_context2){while(1)switch(_context2.prev=_context2.next){case 0:url="/auth/login";return _context2.abrupt("return",fetch(url,{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify(creds)}).then(function(data){return data.json();}).then(function(token){return token.token;}));case 2:case"end":return _context2.stop();}},_callee2);}));return _loginUser.apply(this,arguments);}function Login(props){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),username=_useState2[0],setUserName=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),password=_useState4[0],setPassword=_useState4[1];var handleSubmit=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(e){var token;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:e.preventDefault();if(!(!username||!password)){_context.next=3;break;}return _context.abrupt("return");case 3:_context.next=5;return loginUser({username:username,password:password});case 5:token=_context.sent;props.setToken(token);case 7:case"end":return _context.stop();}},_callee);}));return function handleSubmit(_x2){return _ref.apply(this,arguments);};}();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{className:"login-wrapper",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Please Log In"}),/*#__PURE__*/(0,jsx_runtime.jsxs)("form",{onSubmit:handleSubmit,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)("label",{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Username"}),/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"text",onChange:function onChange(e){return setUserName(e.target.value);}})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)("label",{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Password"}),/*#__PURE__*/(0,jsx_runtime.jsx)("input",{type:"password",onChange:function onChange(e){return setPassword(e.target.value);}})]}),/*#__PURE__*/(0,jsx_runtime.jsx)("div",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("button",{type:"submit",children:"Submit"})})]})]});}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/circularProgressClasses.js
-
-
-function getCircularProgressUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiCircularProgress', slot);
-}
-var circularProgressClasses = generateUtilityClasses('MuiCircularProgress', ['root', 'determinate', 'indeterminate', 'colorPrimary', 'colorSecondary', 'svg', 'circle', 'circleDeterminate', 'circleIndeterminate', 'circleDisableShrink']);
-/* harmony default export */ var CircularProgress_circularProgressClasses = ((/* unused pure expression or super */ null && (circularProgressClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/CircularProgress/CircularProgress.js
-
-var CircularProgress_templateObject, CircularProgress_templateObject2, CircularProgress_templateObject3, CircularProgress_templateObject4;
-
-
-var CircularProgress_excluded = ["className", "color", "disableShrink", "size", "style", "thickness", "value", "variant"];
-var CircularProgress_ = function _(t) {
-    return t;
-  },
-  CircularProgress_t,
-  CircularProgress_t2,
-  CircularProgress_t3,
-  CircularProgress_t4;
-
-
-
-
-
-
-
-
-
-
-
-var SIZE = 44;
-var circularRotateKeyframe = keyframes(CircularProgress_t || (CircularProgress_t = CircularProgress_(CircularProgress_templateObject || (CircularProgress_templateObject = _taggedTemplateLiteral(["\n  0% {\n    transform: rotate(0deg);\n  }\n\n  100% {\n    transform: rotate(360deg);\n  }\n"])))));
-var circularDashKeyframe = keyframes(CircularProgress_t2 || (CircularProgress_t2 = CircularProgress_(CircularProgress_templateObject2 || (CircularProgress_templateObject2 = _taggedTemplateLiteral(["\n  0% {\n    stroke-dasharray: 1px, 200px;\n    stroke-dashoffset: 0;\n  }\n\n  50% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -15px;\n  }\n\n  100% {\n    stroke-dasharray: 100px, 200px;\n    stroke-dashoffset: -125px;\n  }\n"])))));
-var CircularProgress_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    variant = ownerState.variant,
-    color = ownerState.color,
-    disableShrink = ownerState.disableShrink;
-  var slots = {
-    root: ['root', variant, "color".concat(utils_capitalize(color))],
-    svg: ['svg'],
-    circle: ['circle', "circle".concat(utils_capitalize(variant)), disableShrink && 'circleDisableShrink']
-  };
-  return composeClasses(slots, getCircularProgressUtilityClass, classes);
-};
-var CircularProgressRoot = styles_styled('span', {
-  name: 'MuiCircularProgress',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.variant], styles["color".concat(utils_capitalize(ownerState.color))]];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState,
-    theme = _ref.theme;
-  return extends_extends({
-    display: 'inline-block'
-  }, ownerState.variant === 'determinate' && {
-    transition: theme.transitions.create('transform')
-  }, ownerState.color !== 'inherit' && {
-    color: (theme.vars || theme).palette[ownerState.color].main
-  });
-}, function (_ref2) {
-  var ownerState = _ref2.ownerState;
-  return ownerState.variant === 'indeterminate' && css(CircularProgress_t3 || (CircularProgress_t3 = CircularProgress_(CircularProgress_templateObject3 || (CircularProgress_templateObject3 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s linear infinite;\n    "])), 0)), circularRotateKeyframe);
-});
-var CircularProgressSVG = styles_styled('svg', {
-  name: 'MuiCircularProgress',
-  slot: 'Svg',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.svg;
-  }
-})({
-  display: 'block' // Keeps the progress centered
-});
-
-var CircularProgressCircle = styles_styled('circle', {
-  name: 'MuiCircularProgress',
-  slot: 'Circle',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.circle, styles["circle".concat(utils_capitalize(ownerState.variant))], ownerState.disableShrink && styles.circleDisableShrink];
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState,
-    theme = _ref3.theme;
-  return extends_extends({
-    stroke: 'currentColor'
-  }, ownerState.variant === 'determinate' && {
-    transition: theme.transitions.create('stroke-dashoffset')
-  }, ownerState.variant === 'indeterminate' && {
-    // Some default value that looks fine waiting for the animation to kicks in.
-    strokeDasharray: '80px, 200px',
-    strokeDashoffset: 0 // Add the unit to fix a Edge 16 and below bug.
-  });
-}, function (_ref4) {
-  var ownerState = _ref4.ownerState;
-  return ownerState.variant === 'indeterminate' && !ownerState.disableShrink && css(CircularProgress_t4 || (CircularProgress_t4 = CircularProgress_(CircularProgress_templateObject4 || (CircularProgress_templateObject4 = _taggedTemplateLiteral(["\n      animation: ", " 1.4s ease-in-out infinite;\n    "])), 0)), circularDashKeyframe);
-});
-
-/**
- * ## ARIA
- *
- * If the progress bar is describing the loading progress of a particular region of a page,
- * you should use `aria-describedby` to point to the progress bar, and set the `aria-busy`
- * attribute to `true` on that region until it has finished loading.
- */
-var CircularProgress = /*#__PURE__*/react.forwardRef(function CircularProgress(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiCircularProgress'
-  });
-  var className = props.className,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'primary' : _props$color,
-    _props$disableShrink = props.disableShrink,
-    disableShrink = _props$disableShrink === void 0 ? false : _props$disableShrink,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 40 : _props$size,
-    style = props.style,
-    _props$thickness = props.thickness,
-    thickness = _props$thickness === void 0 ? 3.6 : _props$thickness,
-    _props$value = props.value,
-    value = _props$value === void 0 ? 0 : _props$value,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'indeterminate' : _props$variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, CircularProgress_excluded);
-  var ownerState = extends_extends({}, props, {
-    color: color,
-    disableShrink: disableShrink,
-    size: size,
-    thickness: thickness,
-    value: value,
-    variant: variant
-  });
-  var classes = CircularProgress_useUtilityClasses(ownerState);
-  var circleStyle = {};
-  var rootStyle = {};
-  var rootProps = {};
-  if (variant === 'determinate') {
-    var circumference = 2 * Math.PI * ((SIZE - thickness) / 2);
-    circleStyle.strokeDasharray = circumference.toFixed(3);
-    rootProps['aria-valuenow'] = Math.round(value);
-    circleStyle.strokeDashoffset = "".concat(((100 - value) / 100 * circumference).toFixed(3), "px");
-    rootStyle.transform = 'rotate(-90deg)';
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    style: extends_extends({
-      width: size,
-      height: size
-    }, rootStyle, style),
-    ownerState: ownerState,
-    ref: ref,
-    role: "progressbar"
-  }, rootProps, other, {
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressSVG, {
-      className: classes.svg,
-      ownerState: ownerState,
-      viewBox: "".concat(SIZE / 2, " ").concat(SIZE / 2, " ").concat(SIZE, " ").concat(SIZE),
-      children: /*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgressCircle, {
-        className: classes.circle,
-        style: circleStyle,
-        ownerState: ownerState,
-        cx: SIZE,
-        cy: SIZE,
-        r: (SIZE - thickness) / 2,
-        fill: "none",
-        strokeWidth: thickness
-      })
-    })
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var CircularProgress_CircularProgress = (CircularProgress);
-;// CONCATENATED MODULE: ./src/components/Loading.tsx
-var Loading=function Loading(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",height:"100%",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CircularProgress_CircularProgress,{})})});};function useLoadingHelper(load,deps){var _useState=(0,react.useState)(true),_useState2=slicedToArray_slicedToArray(_useState,2),loading=_useState2[0],setLoading=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),error=_useState4[0],setError=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),content=_useState6[0],setContent=_useState6[1];(0,react.useEffect)(function(){var doStartLoading=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var c;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.prev=0;_context.next=3;return load();case 3:c=_context.sent;setContent(c);setLoading(false);_context.next=12;break;case 8:_context.prev=8;_context.t0=_context["catch"](0);setError(_context.t0);setLoading(false);case 12:case"end":return _context.stop();}},_callee,null,[[0,8]]);}));return function doStartLoading(){return _ref.apply(this,arguments);};}();doStartLoading();// eslint-disable-next-line react-hooks/exhaustive-deps
-},deps);return[loading,error,content];}
-;// CONCATENATED MODULE: ./src/components/App.tsx
-function useAppOutletContext(){return useOutletContext();}var AppContext=/*#__PURE__*/(0,react.createContext)({summaries:new Map(),projects:[],validateResults:new Map()});var ApiContext=/*#__PURE__*/(0,react.createContext)(new StaticApi());var LoggedInApp=function LoggedInApp(props){var api=(0,react.useContext)(ApiContext);var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),filters=_useState2[0],setFilters=_useState2[1];var summariesRef=(0,react.useRef)(new Map());var validateResultsRef=(0,react.useRef)(new Map());var _useState3=(0,react.useState)(summariesRef.current),_useState4=slicedToArray_slicedToArray(_useState3,2),summaries=_useState4[0],setSummaries=_useState4[1];var _useState5=(0,react.useState)(validateResultsRef.current),_useState6=slicedToArray_slicedToArray(_useState5,2),validateResults=_useState6[0],setValidateResults=_useState6[1];var onUnauthorized=props.onUnauthorized;(0,react.useEffect)(function(){var updateSummary=function updateSummary(rs){console.log("update_summary",rs.id,rs.commandInfo.startTime);summariesRef.current.set(rs.id,rs);setSummaries(new Map(summariesRef.current));};var deleteSummary=function deleteSummary(id){console.log("delete_summary",id);summariesRef.current.delete(id);setSummaries(new Map(summariesRef.current));};var updateValidateResult=function updateValidateResult(key,vr){console.log("validate_result",key);validateResultsRef.current.set(JSON.stringify(key),vr);setValidateResults(new Map(validateResultsRef.current));};console.log("starting listenResults");var cancel;cancel=api.listenUpdates(undefined,undefined,function(msg){switch(msg.type){case"update_summary":updateSummary(msg.summary);break;case"delete_summary":deleteSummary(msg.id);break;case"validate_result":updateValidateResult(msg.key,msg.result);break;case"auth_result":if(!msg.success){cancel.then(function(c){return c();});onUnauthorized();}}});return function(){console.log("cancel listenResults");cancel.then(function(c){return c();});};},[api,onUnauthorized]);var projects=(0,react.useMemo)(function(){return buildProjectSummaries(summaries,validateResults);},[summaries,validateResults]);var appContext={summaries:summariesRef.current,projects:projects,validateResults:validateResults};var outletContext={filters:filters,setFilters:setFilters};return/*#__PURE__*/(0,jsx_runtime.jsx)(AppContext.Provider,{value:appContext,children:/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(LeftDrawer,{content:/*#__PURE__*/(0,jsx_runtime.jsx)(Outlet,{context:outletContext}),context:outletContext})})})});};var App=function App(){var _useState7=(0,react.useState)(),_useState8=slicedToArray_slicedToArray(_useState7,2),api=_useState8[0],setApi=_useState8[1];var _useState9=(0,react.useState)(false),_useState10=slicedToArray_slicedToArray(_useState9,2),needToken=_useState10[0],setNeedToken=_useState10[1];var storage=localStorage;var getToken=function getToken(){var token=storage.getItem("token");if(!token){return"";}return JSON.parse(token);};var setToken=function setToken(token){if(!token){storage.removeItem("token");}else{storage.setItem("token",JSON.stringify(token));}};var onUnauthorized=function onUnauthorized(){console.log("handle onUnauthorized");setToken(undefined);setApi(undefined);setNeedToken(true);};var onTokenRefresh=function onTokenRefresh(newToken){console.log("handle onTokenRefresh");setToken(newToken);};var handleLoginSucceeded=function handleLoginSucceeded(token){console.log("handle saveToken");setToken(token);setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));};(0,react.useEffect)(function(){if(api){return;}var doInit=/*#__PURE__*/function(){var _ref=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var isStatic,noAuthApi;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return checkStaticBuild();case 2:isStatic=_context.sent;if(!isStatic){_context.next=7;break;}setApi(new StaticApi());_context.next=19;break;case 7:// check if we don't need auth (running locally?)
-noAuthApi=new RealApi(undefined,undefined,undefined);_context.prev=8;_context.next=11;return noAuthApi.getShortNames();case 11:setToken(undefined);setNeedToken(false);setApi(noAuthApi);_context.next=19;break;case 16:_context.prev=16;_context.t0=_context["catch"](8);if(!getToken()){setNeedToken(true);}else{setApi(new RealApi(getToken,onUnauthorized,onTokenRefresh));}case 19:case"end":return _context.stop();}},_callee,null,[[8,16]]);}));return function doInit(){return _ref.apply(this,arguments);};}();doInit();// eslint-disable-next-line react-hooks/exhaustive-deps
-},[]);if(needToken&&!getToken()){return/*#__PURE__*/(0,jsx_runtime.jsx)(Login,{setToken:handleLoginSucceeded});}if(!api){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(ApiContext.Provider,{value:api,children:/*#__PURE__*/(0,jsx_runtime.jsx)(LoggedInApp,{onUnauthorized:onUnauthorized})});};/* harmony default export */ var components_App = (App);
-;// CONCATENATED MODULE: ./node_modules/@babel/runtime/helpers/esm/objectWithoutProperties.js
-
-function objectWithoutProperties_objectWithoutProperties(source, excluded) {
-  if (source == null) return {};
-  var target = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(source, excluded);
-  var key, i;
-  if (Object.getOwnPropertySymbols) {
-    var sourceSymbolKeys = Object.getOwnPropertySymbols(source);
-    for (i = 0; i < sourceSymbolKeys.length; i++) {
-      key = sourceSymbolKeys[i];
-      if (excluded.indexOf(key) >= 0) continue;
-      if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue;
-      target[key] = source[key];
-    }
-  }
-  return target;
-}
-;// CONCATENATED MODULE: ./src/components/targets-view/Card.tsx
-var Card_excluded=["sx"];var cardWidth=247;var projectCardHeight=80;var cardHeight=126;var cardGap=20;function CardPaper(props){var sx=props.sx,rest=objectWithoutProperties_objectWithoutProperties(props,Card_excluded);return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,_objectSpread2({elevation:5,sx:_objectSpread2({width:"100%",height:"100%",borderRadius:'12px',border:'1px solid #59A588',boxShadow:'4px 4px 10px #1E617A'},sx)},rest));}function Card(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",flexShrink:0,width:cardWidth,height:cardHeight},props));}function CardCol(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",flexDirection:"column",gap:"".concat(cardGap,"px")},props));}function CardRow(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2({display:"flex",gap:"".concat(cardGap,"px")},props));}
-;// CONCATENATED MODULE: ./src/components/targets-view/Projects.tsx
-var ProjectItem=function ProjectItem(props){var name=getLastPathElement(props.ps.project.gitRepoKey);var subDir=props.ps.project.subDir;var projectInfo=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[props.ps.project.gitRepoKey,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),props.ps.project.subDir?/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:["SubDir: ",props.ps.project.subDir,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{})]}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]});return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"center",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",gap:"15px",children:name&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:projectInfo,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:name})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:subDir?/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{textAlign:"center",children:subDir}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{marginLeft:"auto"})})})]})});};
-;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/svgIconClasses.js
-
-
-function getSvgIconUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiSvgIcon', slot);
-}
-var svgIconClasses = generateUtilityClasses('MuiSvgIcon', ['root', 'colorPrimary', 'colorSecondary', 'colorAction', 'colorError', 'colorDisabled', 'fontSizeInherit', 'fontSizeSmall', 'fontSizeMedium', 'fontSizeLarge']);
-/* harmony default export */ var SvgIcon_svgIconClasses = ((/* unused pure expression or super */ null && (svgIconClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/SvgIcon/SvgIcon.js
-
-
-var SvgIcon_excluded = ["children", "className", "color", "component", "fontSize", "htmlColor", "inheritViewBox", "titleAccess", "viewBox"];
-
-
-
-
-
-
-
-
-
-
-var SvgIcon_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var color = ownerState.color,
-    fontSize = ownerState.fontSize,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', color !== 'inherit' && "color".concat(utils_capitalize(color)), "fontSize".concat(utils_capitalize(fontSize))]
-  };
-  return composeClasses(slots, getSvgIconUtilityClass, classes);
-};
-var SvgIconRoot = styles_styled('svg', {
-  name: 'MuiSvgIcon',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.color !== 'inherit' && styles["color".concat(utils_capitalize(ownerState.color))], styles["fontSize".concat(utils_capitalize(ownerState.fontSize))]];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  var _theme$transitions, _theme$transitions$cr, _theme$transitions2, _theme$transitions2$d, _theme$typography, _theme$typography$pxT, _theme$typography2, _theme$typography2$px, _theme$typography3, _theme$typography3$px, _palette$ownerState$c, _palette, _palette$ownerState$c2, _palette2, _palette2$action, _palette3, _palette3$action;
-  return {
-    userSelect: 'none',
-    width: '1em',
-    height: '1em',
-    display: 'inline-block',
-    fill: 'currentColor',
-    flexShrink: 0,
-    transition: (_theme$transitions = theme.transitions) == null ? void 0 : (_theme$transitions$cr = _theme$transitions.create) == null ? void 0 : _theme$transitions$cr.call(_theme$transitions, 'fill', {
-      duration: (_theme$transitions2 = theme.transitions) == null ? void 0 : (_theme$transitions2$d = _theme$transitions2.duration) == null ? void 0 : _theme$transitions2$d.shorter
-    }),
-    fontSize: {
-      inherit: 'inherit',
-      small: ((_theme$typography = theme.typography) == null ? void 0 : (_theme$typography$pxT = _theme$typography.pxToRem) == null ? void 0 : _theme$typography$pxT.call(_theme$typography, 20)) || '1.25rem',
-      medium: ((_theme$typography2 = theme.typography) == null ? void 0 : (_theme$typography2$px = _theme$typography2.pxToRem) == null ? void 0 : _theme$typography2$px.call(_theme$typography2, 24)) || '1.5rem',
-      large: ((_theme$typography3 = theme.typography) == null ? void 0 : (_theme$typography3$px = _theme$typography3.pxToRem) == null ? void 0 : _theme$typography3$px.call(_theme$typography3, 35)) || '2.1875rem'
-    }[ownerState.fontSize],
-    // TODO v5 deprecate, v6 remove for sx
-    color: (_palette$ownerState$c = (_palette = (theme.vars || theme).palette) == null ? void 0 : (_palette$ownerState$c2 = _palette[ownerState.color]) == null ? void 0 : _palette$ownerState$c2.main) != null ? _palette$ownerState$c : {
-      action: (_palette2 = (theme.vars || theme).palette) == null ? void 0 : (_palette2$action = _palette2.action) == null ? void 0 : _palette2$action.active,
-      disabled: (_palette3 = (theme.vars || theme).palette) == null ? void 0 : (_palette3$action = _palette3.action) == null ? void 0 : _palette3$action.disabled,
-      inherit: undefined
-    }[ownerState.color]
-  };
-});
-var SvgIcon = /*#__PURE__*/react.forwardRef(function SvgIcon(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiSvgIcon'
-  });
-  var children = props.children,
-    className = props.className,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'inherit' : _props$color,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'svg' : _props$component,
-    _props$fontSize = props.fontSize,
-    fontSize = _props$fontSize === void 0 ? 'medium' : _props$fontSize,
-    htmlColor = props.htmlColor,
-    _props$inheritViewBox = props.inheritViewBox,
-    inheritViewBox = _props$inheritViewBox === void 0 ? false : _props$inheritViewBox,
-    titleAccess = props.titleAccess,
-    _props$viewBox = props.viewBox,
-    viewBox = _props$viewBox === void 0 ? '0 0 24 24' : _props$viewBox,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, SvgIcon_excluded);
-  var ownerState = extends_extends({}, props, {
-    color: color,
-    component: component,
-    fontSize: fontSize,
-    instanceFontSize: inProps.fontSize,
-    inheritViewBox: inheritViewBox,
-    viewBox: viewBox
-  });
-  var more = {};
-  if (!inheritViewBox) {
-    more.viewBox = viewBox;
-  }
-  var classes = SvgIcon_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(SvgIconRoot, extends_extends({
-    as: component,
-    className: clsx_m(classes.root, className),
-    focusable: "false",
-    color: htmlColor,
-    "aria-hidden": titleAccess ? undefined : true,
-    role: titleAccess ? 'img' : undefined,
-    ref: ref
-  }, more, other, {
-    ownerState: ownerState,
-    children: [children, titleAccess ? /*#__PURE__*/(0,jsx_runtime.jsx)("title", {
-      children: titleAccess
-    }) : null]
-  }));
-});
- false ? 0 : void 0;
-SvgIcon.muiName = 'SvgIcon';
-/* harmony default export */ var SvgIcon_SvgIcon = (SvgIcon);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/createSvgIcon.js
-
-
-
-
-/**
- * Private module reserved for @mui packages.
- */
-
-function createSvgIcon(path, displayName) {
-  function Component(props, ref) {
-    return /*#__PURE__*/(0,jsx_runtime.jsx)(SvgIcon_SvgIcon, extends_extends({
-      "data-testid": "".concat(displayName, "Icon"),
-      ref: ref
-    }, props, {
-      children: path
-    }));
-  }
-  if (false) {}
-  Component.muiName = SvgIcon_SvgIcon.muiName;
-  return /*#__PURE__*/react.memo( /*#__PURE__*/react.forwardRef(Component));
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/MoreVert.js
-
-
-/* harmony default export */ var MoreVert = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M12 8c1.1 0 2-.9 2-2s-.9-2-2-2-2 .9-2 2 .9 2 2 2zm0 2c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2zm0 6c-1.1 0-2 .9-2 2s.9 2 2 2 2-.9 2-2-.9-2-2-2z"
-}), 'MoreVert'));
-// EXTERNAL MODULE: ./node_modules/react-is/index.js
-var react_is = __webpack_require__(441);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/ownerDocument.js
-
-/* harmony default export */ var utils_ownerDocument = (ownerDocument);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/utils/getScrollbarSize.js
-
-/* harmony default export */ var utils_getScrollbarSize = (getScrollbarSize);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuList/MenuList.js
-
-
-var MenuList_excluded = ["actions", "autoFocus", "autoFocusItem", "children", "className", "disabledItemsFocusable", "disableListWrap", "onKeyDown", "variant"];
-
-
-
-
-
-
-
-
-
-function nextItem(list, item, disableListWrap) {
-  if (list === item) {
-    return list.firstChild;
-  }
-  if (item && item.nextElementSibling) {
-    return item.nextElementSibling;
-  }
-  return disableListWrap ? null : list.firstChild;
-}
-function previousItem(list, item, disableListWrap) {
-  if (list === item) {
-    return disableListWrap ? list.firstChild : list.lastChild;
-  }
-  if (item && item.previousElementSibling) {
-    return item.previousElementSibling;
-  }
-  return disableListWrap ? null : list.lastChild;
-}
-function textCriteriaMatches(nextFocus, textCriteria) {
-  if (textCriteria === undefined) {
-    return true;
-  }
-  var text = nextFocus.innerText;
-  if (text === undefined) {
-    // jsdom doesn't support innerText
-    text = nextFocus.textContent;
-  }
-  text = text.trim().toLowerCase();
-  if (text.length === 0) {
-    return false;
-  }
-  if (textCriteria.repeating) {
-    return text[0] === textCriteria.keys[0];
-  }
-  return text.indexOf(textCriteria.keys.join('')) === 0;
-}
-function moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, traversalFunction, textCriteria) {
-  var wrappedOnce = false;
-  var nextFocus = traversalFunction(list, currentFocus, currentFocus ? disableListWrap : false);
-  while (nextFocus) {
-    // Prevent infinite loop.
-    if (nextFocus === list.firstChild) {
-      if (wrappedOnce) {
-        return false;
-      }
-      wrappedOnce = true;
-    }
-
-    // Same logic as useAutocomplete.js
-    var nextFocusDisabled = disabledItemsFocusable ? false : nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
-    if (!nextFocus.hasAttribute('tabindex') || !textCriteriaMatches(nextFocus, textCriteria) || nextFocusDisabled) {
-      // Move to the next element.
-      nextFocus = traversalFunction(list, nextFocus, disableListWrap);
-    } else {
-      nextFocus.focus();
-      return true;
-    }
-  }
-  return false;
-}
-
-/**
- * A permanently displayed menu following https://www.w3.org/WAI/ARIA/apg/patterns/menu-button/.
- * It's exposed to help customization of the [`Menu`](/material-ui/api/menu/) component if you
- * use it separately you need to move focus into the component manually. Once
- * the focus is placed inside the component it is fully keyboard accessible.
- */
-var MenuList = /*#__PURE__*/react.forwardRef(function MenuList(props, ref) {
-  var actions = props.actions,
-    _props$autoFocus = props.autoFocus,
-    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
-    _props$autoFocusItem = props.autoFocusItem,
-    autoFocusItem = _props$autoFocusItem === void 0 ? false : _props$autoFocusItem,
-    children = props.children,
-    className = props.className,
-    _props$disabledItemsF = props.disabledItemsFocusable,
-    disabledItemsFocusable = _props$disabledItemsF === void 0 ? false : _props$disabledItemsF,
-    _props$disableListWra = props.disableListWrap,
-    disableListWrap = _props$disableListWra === void 0 ? false : _props$disableListWra,
-    onKeyDown = props.onKeyDown,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'selectedMenu' : _props$variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, MenuList_excluded);
-  var listRef = react.useRef(null);
-  var textCriteriaRef = react.useRef({
-    keys: [],
-    repeating: true,
-    previousKeyMatched: true,
-    lastTime: null
-  });
-  utils_useEnhancedEffect(function () {
-    if (autoFocus) {
-      listRef.current.focus();
-    }
-  }, [autoFocus]);
-  react.useImperativeHandle(actions, function () {
-    return {
-      adjustStyleForScrollbar: function adjustStyleForScrollbar(containerElement, theme) {
-        // Let's ignore that piece of logic if users are already overriding the width
-        // of the menu.
-        var noExplicitWidth = !listRef.current.style.width;
-        if (containerElement.clientHeight < listRef.current.clientHeight && noExplicitWidth) {
-          var scrollbarSize = "".concat(utils_getScrollbarSize(utils_ownerDocument(containerElement)), "px");
-          listRef.current.style[theme.direction === 'rtl' ? 'paddingLeft' : 'paddingRight'] = scrollbarSize;
-          listRef.current.style.width = "calc(100% + ".concat(scrollbarSize, ")");
-        }
-        return listRef.current;
-      }
-    };
-  }, []);
-  var handleKeyDown = function handleKeyDown(event) {
-    var list = listRef.current;
-    var key = event.key;
-    /**
-     * @type {Element} - will always be defined since we are in a keydown handler
-     * attached to an element. A keydown event is either dispatched to the activeElement
-     * or document.body or document.documentElement. Only the first case will
-     * trigger this specific handler.
-     */
-    var currentFocus = utils_ownerDocument(list).activeElement;
-    if (key === 'ArrowDown') {
-      // Prevent scroll of the page
-      event.preventDefault();
-      moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, nextItem);
-    } else if (key === 'ArrowUp') {
-      event.preventDefault();
-      moveFocus(list, currentFocus, disableListWrap, disabledItemsFocusable, previousItem);
-    } else if (key === 'Home') {
-      event.preventDefault();
-      moveFocus(list, null, disableListWrap, disabledItemsFocusable, nextItem);
-    } else if (key === 'End') {
-      event.preventDefault();
-      moveFocus(list, null, disableListWrap, disabledItemsFocusable, previousItem);
-    } else if (key.length === 1) {
-      var criteria = textCriteriaRef.current;
-      var lowerKey = key.toLowerCase();
-      var currTime = performance.now();
-      if (criteria.keys.length > 0) {
-        // Reset
-        if (currTime - criteria.lastTime > 500) {
-          criteria.keys = [];
-          criteria.repeating = true;
-          criteria.previousKeyMatched = true;
-        } else if (criteria.repeating && lowerKey !== criteria.keys[0]) {
-          criteria.repeating = false;
-        }
-      }
-      criteria.lastTime = currTime;
-      criteria.keys.push(lowerKey);
-      var keepFocusOnCurrent = currentFocus && !criteria.repeating && textCriteriaMatches(currentFocus, criteria);
-      if (criteria.previousKeyMatched && (keepFocusOnCurrent || moveFocus(list, currentFocus, false, disabledItemsFocusable, nextItem, criteria))) {
-        event.preventDefault();
-      } else {
-        criteria.previousKeyMatched = false;
-      }
-    }
-    if (onKeyDown) {
-      onKeyDown(event);
-    }
-  };
-  var handleRef = utils_useForkRef(listRef, ref);
-
-  /**
-   * the index of the item should receive focus
-   * in a `variant="selectedMenu"` it's the first `selected` item
-   * otherwise it's the very first item.
-   */
-  var activeItemIndex = -1;
-  // since we inject focus related props into children we have to do a lookahead
-  // to check if there is a `selected` item. We're looking for the last `selected`
-  // item and use the first valid item as a fallback
-  react.Children.forEach(children, function (child, index) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      if (activeItemIndex === index) {
-        activeItemIndex += 1;
-        if (activeItemIndex >= children.length) {
-          // there are no focusable items within the list.
-          activeItemIndex = -1;
-        }
-      }
-      return;
-    }
-    if (false) {}
-    if (!child.props.disabled) {
-      if (variant === 'selectedMenu' && child.props.selected) {
-        activeItemIndex = index;
-      } else if (activeItemIndex === -1) {
-        activeItemIndex = index;
-      }
-    }
-    if (activeItemIndex === index && (child.props.disabled || child.props.muiSkipListHighlight || child.type.muiSkipListHighlight)) {
-      activeItemIndex += 1;
-      if (activeItemIndex >= children.length) {
-        // there are no focusable items within the list.
-        activeItemIndex = -1;
-      }
-    }
-  });
-  var items = react.Children.map(children, function (child, index) {
-    if (index === activeItemIndex) {
-      var newChildProps = {};
-      if (autoFocusItem) {
-        newChildProps.autoFocus = true;
-      }
-      if (child.props.tabIndex === undefined && variant === 'selectedMenu') {
-        newChildProps.tabIndex = 0;
-      }
-      return /*#__PURE__*/react.cloneElement(child, newChildProps);
-    }
-    return child;
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_List, extends_extends({
-    role: "menu",
-    ref: handleRef,
-    className: className,
-    onKeyDown: handleKeyDown,
-    tabIndex: autoFocus ? 0 : -1
-  }, other, {
-    children: items
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var MenuList_MenuList = (MenuList);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Popover/popoverClasses.js
-
-
-function getPopoverUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiPopover', slot);
-}
-var popoverClasses = generateUtilityClasses('MuiPopover', ['root', 'paper']);
-/* harmony default export */ var Popover_popoverClasses = ((/* unused pure expression or super */ null && (popoverClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Popover/Popover.js
-
-
-
-var Popover_excluded = ["onEntering"],
-  Popover_excluded2 = ["action", "anchorEl", "anchorOrigin", "anchorPosition", "anchorReference", "children", "className", "container", "elevation", "marginThreshold", "open", "PaperProps", "slots", "slotProps", "transformOrigin", "TransitionComponent", "transitionDuration", "TransitionProps"],
-  Popover_excluded3 = ["slotProps"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-function getOffsetTop(rect, vertical) {
-  var offset = 0;
-  if (typeof vertical === 'number') {
-    offset = vertical;
-  } else if (vertical === 'center') {
-    offset = rect.height / 2;
-  } else if (vertical === 'bottom') {
-    offset = rect.height;
-  }
-  return offset;
-}
-function getOffsetLeft(rect, horizontal) {
-  var offset = 0;
-  if (typeof horizontal === 'number') {
-    offset = horizontal;
-  } else if (horizontal === 'center') {
-    offset = rect.width / 2;
-  } else if (horizontal === 'right') {
-    offset = rect.width;
-  }
-  return offset;
-}
-function getTransformOriginValue(transformOrigin) {
-  return [transformOrigin.horizontal, transformOrigin.vertical].map(function (n) {
-    return typeof n === 'number' ? "".concat(n, "px") : n;
-  }).join(' ');
-}
-function Popover_resolveAnchorEl(anchorEl) {
-  return typeof anchorEl === 'function' ? anchorEl() : anchorEl;
-}
-var Popover_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root'],
-    paper: ['paper']
-  };
-  return composeClasses(slots, getPopoverUtilityClass, classes);
-};
-var PopoverRoot = styles_styled(material_Modal_Modal, {
-  name: 'MuiPopover',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({});
-var PopoverPaper = styles_styled(Paper_Paper, {
-  name: 'MuiPopover',
-  slot: 'Paper',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.paper;
-  }
-})({
-  position: 'absolute',
-  overflowY: 'auto',
-  overflowX: 'hidden',
-  // So we see the popover when it's empty.
-  // It's most likely on issue on userland.
-  minWidth: 16,
-  minHeight: 16,
-  maxWidth: 'calc(100% - 32px)',
-  maxHeight: 'calc(100% - 32px)',
-  // We disable the focus ring for mouse, touch and keyboard users.
-  outline: 0
-});
-var Popover = /*#__PURE__*/react.forwardRef(function Popover(inProps, ref) {
-  var _slotProps$paper, _slots$root, _slots$paper;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiPopover'
-  });
-  var action = props.action,
-    anchorEl = props.anchorEl,
-    _props$anchorOrigin = props.anchorOrigin,
-    anchorOrigin = _props$anchorOrigin === void 0 ? {
-      vertical: 'top',
-      horizontal: 'left'
-    } : _props$anchorOrigin,
-    anchorPosition = props.anchorPosition,
-    _props$anchorReferenc = props.anchorReference,
-    anchorReference = _props$anchorReferenc === void 0 ? 'anchorEl' : _props$anchorReferenc,
-    children = props.children,
-    className = props.className,
-    containerProp = props.container,
-    _props$elevation = props.elevation,
-    elevation = _props$elevation === void 0 ? 8 : _props$elevation,
-    _props$marginThreshol = props.marginThreshold,
-    marginThreshold = _props$marginThreshol === void 0 ? 16 : _props$marginThreshol,
-    open = props.open,
-    _props$PaperProps = props.PaperProps,
-    PaperPropsProp = _props$PaperProps === void 0 ? {} : _props$PaperProps,
-    slots = props.slots,
-    slotProps = props.slotProps,
-    _props$transformOrigi = props.transformOrigin,
-    transformOrigin = _props$transformOrigi === void 0 ? {
-      vertical: 'top',
-      horizontal: 'left'
-    } : _props$transformOrigi,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? Grow_Grow : _props$TransitionComp,
-    _props$transitionDura = props.transitionDuration,
-    transitionDurationProp = _props$transitionDura === void 0 ? 'auto' : _props$transitionDura,
-    _props$TransitionProp = props.TransitionProps,
-    _props$TransitionProp2 = _props$TransitionProp === void 0 ? {} : _props$TransitionProp,
-    onEntering = _props$TransitionProp2.onEntering,
-    TransitionProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.TransitionProps, Popover_excluded),
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Popover_excluded2);
-  var externalPaperSlotProps = (_slotProps$paper = slotProps == null ? void 0 : slotProps.paper) != null ? _slotProps$paper : PaperPropsProp;
-  var paperRef = react.useRef();
-  var handlePaperRef = utils_useForkRef(paperRef, externalPaperSlotProps.ref);
-  var ownerState = extends_extends({}, props, {
-    anchorOrigin: anchorOrigin,
-    anchorReference: anchorReference,
-    elevation: elevation,
-    marginThreshold: marginThreshold,
-    externalPaperSlotProps: externalPaperSlotProps,
-    transformOrigin: transformOrigin,
-    TransitionComponent: TransitionComponent,
-    transitionDuration: transitionDurationProp,
-    TransitionProps: TransitionProps
-  });
-  var classes = Popover_useUtilityClasses(ownerState);
-
-  // Returns the top/left offset of the position
-  // to attach to on the anchor element (or body if none is provided)
-  var getAnchorOffset = react.useCallback(function () {
-    if (anchorReference === 'anchorPosition') {
-      if (false) {}
-      return anchorPosition;
-    }
-    var resolvedAnchorEl = Popover_resolveAnchorEl(anchorEl);
-
-    // If an anchor element wasn't provided, just use the parent body element of this Popover
-    var anchorElement = resolvedAnchorEl && resolvedAnchorEl.nodeType === 1 ? resolvedAnchorEl : utils_ownerDocument(paperRef.current).body;
-    var anchorRect = anchorElement.getBoundingClientRect();
-    if (false) { var box; }
-    return {
-      top: anchorRect.top + getOffsetTop(anchorRect, anchorOrigin.vertical),
-      left: anchorRect.left + getOffsetLeft(anchorRect, anchorOrigin.horizontal)
-    };
-  }, [anchorEl, anchorOrigin.horizontal, anchorOrigin.vertical, anchorPosition, anchorReference]);
-
-  // Returns the base transform origin using the element
-  var getTransformOrigin = react.useCallback(function (elemRect) {
-    return {
-      vertical: getOffsetTop(elemRect, transformOrigin.vertical),
-      horizontal: getOffsetLeft(elemRect, transformOrigin.horizontal)
-    };
-  }, [transformOrigin.horizontal, transformOrigin.vertical]);
-  var getPositioningStyle = react.useCallback(function (element) {
-    var elemRect = {
-      width: element.offsetWidth,
-      height: element.offsetHeight
-    };
-
-    // Get the transform origin point on the element itself
-    var elemTransformOrigin = getTransformOrigin(elemRect);
-    if (anchorReference === 'none') {
-      return {
-        top: null,
-        left: null,
-        transformOrigin: getTransformOriginValue(elemTransformOrigin)
-      };
-    }
-
-    // Get the offset of the anchoring element
-    var anchorOffset = getAnchorOffset();
-
-    // Calculate element positioning
-    var top = anchorOffset.top - elemTransformOrigin.vertical;
-    var left = anchorOffset.left - elemTransformOrigin.horizontal;
-    var bottom = top + elemRect.height;
-    var right = left + elemRect.width;
-
-    // Use the parent window of the anchorEl if provided
-    var containerWindow = utils_ownerWindow(Popover_resolveAnchorEl(anchorEl));
-
-    // Window thresholds taking required margin into account
-    var heightThreshold = containerWindow.innerHeight - marginThreshold;
-    var widthThreshold = containerWindow.innerWidth - marginThreshold;
-
-    // Check if the vertical axis needs shifting
-    if (top < marginThreshold) {
-      var diff = top - marginThreshold;
-      top -= diff;
-      elemTransformOrigin.vertical += diff;
-    } else if (bottom > heightThreshold) {
-      var _diff = bottom - heightThreshold;
-      top -= _diff;
-      elemTransformOrigin.vertical += _diff;
-    }
-    if (false) {}
-
-    // Check if the horizontal axis needs shifting
-    if (left < marginThreshold) {
-      var _diff2 = left - marginThreshold;
-      left -= _diff2;
-      elemTransformOrigin.horizontal += _diff2;
-    } else if (right > widthThreshold) {
-      var _diff3 = right - widthThreshold;
-      left -= _diff3;
-      elemTransformOrigin.horizontal += _diff3;
-    }
-    return {
-      top: "".concat(Math.round(top), "px"),
-      left: "".concat(Math.round(left), "px"),
-      transformOrigin: getTransformOriginValue(elemTransformOrigin)
-    };
-  }, [anchorEl, anchorReference, getAnchorOffset, getTransformOrigin, marginThreshold]);
-  var _React$useState = react.useState(open),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    isPositioned = _React$useState2[0],
-    setIsPositioned = _React$useState2[1];
-  var setPositioningStyles = react.useCallback(function () {
-    var element = paperRef.current;
-    if (!element) {
-      return;
-    }
-    var positioning = getPositioningStyle(element);
-    if (positioning.top !== null) {
-      element.style.top = positioning.top;
-    }
-    if (positioning.left !== null) {
-      element.style.left = positioning.left;
-    }
-    element.style.transformOrigin = positioning.transformOrigin;
-    setIsPositioned(true);
-  }, [getPositioningStyle]);
-  var handleEntering = function handleEntering(element, isAppearing) {
-    if (onEntering) {
-      onEntering(element, isAppearing);
-    }
-    setPositioningStyles();
-  };
-  var handleExited = function handleExited() {
-    setIsPositioned(false);
-  };
-  react.useEffect(function () {
-    if (open) {
-      setPositioningStyles();
-    }
-  });
-  react.useImperativeHandle(action, function () {
-    return open ? {
-      updatePosition: function updatePosition() {
-        setPositioningStyles();
-      }
-    } : null;
-  }, [open, setPositioningStyles]);
-  react.useEffect(function () {
-    if (!open) {
-      return undefined;
-    }
-    var handleResize = utils_debounce(function () {
-      setPositioningStyles();
-    });
-    var containerWindow = utils_ownerWindow(anchorEl);
-    containerWindow.addEventListener('resize', handleResize);
-    return function () {
-      handleResize.clear();
-      containerWindow.removeEventListener('resize', handleResize);
-    };
-  }, [anchorEl, open, setPositioningStyles]);
-  var transitionDuration = transitionDurationProp;
-  if (transitionDurationProp === 'auto' && !TransitionComponent.muiSupportAuto) {
-    transitionDuration = undefined;
-  }
-
-  // If the container prop is provided, use that
-  // If the anchorEl prop is provided, use its parent body element as the container
-  // If neither are provided let the Modal take care of choosing the container
-  var container = containerProp || (anchorEl ? utils_ownerDocument(Popover_resolveAnchorEl(anchorEl)).body : undefined);
-  var RootSlot = (_slots$root = slots == null ? void 0 : slots.root) != null ? _slots$root : PopoverRoot;
-  var PaperSlot = (_slots$paper = slots == null ? void 0 : slots.paper) != null ? _slots$paper : PopoverPaper;
-  var paperProps = useSlotProps({
-    elementType: PaperSlot,
-    externalSlotProps: extends_extends({}, externalPaperSlotProps, {
-      style: isPositioned ? externalPaperSlotProps.style : extends_extends({}, externalPaperSlotProps.style, {
-        opacity: 0
-      })
-    }),
-    additionalProps: {
-      elevation: elevation,
-      ref: handlePaperRef
-    },
-    ownerState: ownerState,
-    className: clsx_m(classes.paper, externalPaperSlotProps == null ? void 0 : externalPaperSlotProps.className)
-  });
-  var _useSlotProps = useSlotProps({
-      elementType: RootSlot,
-      externalSlotProps: (slotProps == null ? void 0 : slotProps.root) || {},
-      externalForwardedProps: other,
-      additionalProps: {
-        ref: ref,
-        slotProps: {
-          backdrop: {
-            invisible: true
-          }
-        },
-        container: container,
-        open: open
-      },
-      ownerState: ownerState,
-      className: clsx_m(classes.root, className)
-    }),
-    rootSlotPropsProp = _useSlotProps.slotProps,
-    rootProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_useSlotProps, Popover_excluded3);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(RootSlot, extends_extends({}, rootProps, !isHostComponent(RootSlot) && {
-    slotProps: rootSlotPropsProp
-  }, {
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-      appear: true,
-      in: open,
-      onEntering: handleEntering,
-      onExited: handleExited,
-      timeout: transitionDuration
-    }, TransitionProps, {
-      children: /*#__PURE__*/(0,jsx_runtime.jsx)(PaperSlot, extends_extends({}, paperProps, {
-        children: children
-      }))
-    }))
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Popover_Popover = (Popover);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Menu/menuClasses.js
-
-
-function getMenuUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiMenu', slot);
-}
-var menuClasses = generateUtilityClasses('MuiMenu', ['root', 'paper', 'list']);
-/* harmony default export */ var Menu_menuClasses = ((/* unused pure expression or super */ null && (menuClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Menu/Menu.js
-
-
-var Menu_excluded = ["onEntering"],
-  Menu_excluded2 = ["autoFocus", "children", "disableAutoFocusItem", "MenuListProps", "onClose", "open", "PaperProps", "PopoverClasses", "transitionDuration", "TransitionProps", "variant"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-var RTL_ORIGIN = {
-  vertical: 'top',
-  horizontal: 'right'
-};
-var LTR_ORIGIN = {
-  vertical: 'top',
-  horizontal: 'left'
-};
-var Menu_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root'],
-    paper: ['paper'],
-    list: ['list']
-  };
-  return composeClasses(slots, getMenuUtilityClass, classes);
-};
-var MenuRoot = styles_styled(Popover_Popover, {
-  shouldForwardProp: function shouldForwardProp(prop) {
-    return rootShouldForwardProp(prop) || prop === 'classes';
-  },
-  name: 'MuiMenu',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({});
-var MenuPaper = styles_styled(PopoverPaper, {
-  name: 'MuiMenu',
-  slot: 'Paper',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.paper;
-  }
-})({
-  // specZ: The maximum height of a simple menu should be one or more rows less than the view
-  // height. This ensures a tappable area outside of the simple menu with which to dismiss
-  // the menu.
-  maxHeight: 'calc(100% - 96px)',
-  // Add iOS momentum scrolling for iOS < 13.0
-  WebkitOverflowScrolling: 'touch'
-});
-var MenuMenuList = styles_styled(MenuList_MenuList, {
-  name: 'MuiMenu',
-  slot: 'List',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.list;
-  }
-})({
-  // We disable the focus ring for mouse, touch and keyboard users.
-  outline: 0
-});
-var Menu = /*#__PURE__*/react.forwardRef(function Menu(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiMenu'
-  });
-  var _props$autoFocus = props.autoFocus,
-    autoFocus = _props$autoFocus === void 0 ? true : _props$autoFocus,
-    children = props.children,
-    _props$disableAutoFoc = props.disableAutoFocusItem,
-    disableAutoFocusItem = _props$disableAutoFoc === void 0 ? false : _props$disableAutoFoc,
-    _props$MenuListProps = props.MenuListProps,
-    MenuListProps = _props$MenuListProps === void 0 ? {} : _props$MenuListProps,
-    onClose = props.onClose,
-    open = props.open,
-    _props$PaperProps = props.PaperProps,
-    PaperProps = _props$PaperProps === void 0 ? {} : _props$PaperProps,
-    PopoverClasses = props.PopoverClasses,
-    _props$transitionDura = props.transitionDuration,
-    transitionDuration = _props$transitionDura === void 0 ? 'auto' : _props$transitionDura,
-    _props$TransitionProp = props.TransitionProps,
-    _props$TransitionProp2 = _props$TransitionProp === void 0 ? {} : _props$TransitionProp,
-    onEntering = _props$TransitionProp2.onEntering,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'selectedMenu' : _props$variant,
-    TransitionProps = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props.TransitionProps, Menu_excluded),
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Menu_excluded2);
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ownerState = extends_extends({}, props, {
-    autoFocus: autoFocus,
-    disableAutoFocusItem: disableAutoFocusItem,
-    MenuListProps: MenuListProps,
-    onEntering: onEntering,
-    PaperProps: PaperProps,
-    transitionDuration: transitionDuration,
-    TransitionProps: TransitionProps,
-    variant: variant
-  });
-  var classes = Menu_useUtilityClasses(ownerState);
-  var autoFocusItem = autoFocus && !disableAutoFocusItem && open;
-  var menuListActionsRef = react.useRef(null);
-  var handleEntering = function handleEntering(element, isAppearing) {
-    if (menuListActionsRef.current) {
-      menuListActionsRef.current.adjustStyleForScrollbar(element, theme);
-    }
-    if (onEntering) {
-      onEntering(element, isAppearing);
-    }
-  };
-  var handleListKeyDown = function handleListKeyDown(event) {
-    if (event.key === 'Tab') {
-      event.preventDefault();
-      if (onClose) {
-        onClose(event, 'tabKeyDown');
-      }
-    }
-  };
-
-  /**
-   * the index of the item should receive focus
-   * in a `variant="selectedMenu"` it's the first `selected` item
-   * otherwise it's the very first item.
-   */
-  var activeItemIndex = -1;
-  // since we inject focus related props into children we have to do a lookahead
-  // to check if there is a `selected` item. We're looking for the last `selected`
-  // item and use the first valid item as a fallback
-  react.Children.map(children, function (child, index) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      return;
-    }
-    if (false) {}
-    if (!child.props.disabled) {
-      if (variant === 'selectedMenu' && child.props.selected) {
-        activeItemIndex = index;
-      } else if (activeItemIndex === -1) {
-        activeItemIndex = index;
-      }
-    }
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(MenuRoot, extends_extends({
-    onClose: onClose,
-    anchorOrigin: {
-      vertical: 'bottom',
-      horizontal: isRtl ? 'right' : 'left'
-    },
-    transformOrigin: isRtl ? RTL_ORIGIN : LTR_ORIGIN,
-    slots: {
-      paper: MenuPaper
-    },
-    slotProps: {
-      paper: extends_extends({}, PaperProps, {
-        classes: extends_extends({}, PaperProps.classes, {
-          root: classes.paper
-        })
-      })
-    },
-    className: classes.root,
-    open: open,
-    ref: ref,
-    transitionDuration: transitionDuration,
-    TransitionProps: extends_extends({
-      onEntering: handleEntering
-    }, TransitionProps),
-    ownerState: ownerState
-  }, other, {
-    classes: PopoverClasses,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(MenuMenuList, extends_extends({
-      onKeyDown: handleListKeyDown,
-      actions: menuListActionsRef,
-      autoFocus: autoFocus && (activeItemIndex === -1 || disableAutoFocusItem),
-      autoFocusItem: autoFocusItem,
-      variant: variant
-    }, MenuListProps, {
-      className: clsx_m(classes.list, MenuListProps.className),
-      children: children
-    }))
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Menu_Menu = (Menu);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuItem/menuItemClasses.js
-
-
-function getMenuItemUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiMenuItem', slot);
-}
-var menuItemClasses = generateUtilityClasses('MuiMenuItem', ['root', 'focusVisible', 'dense', 'disabled', 'divider', 'gutters', 'selected']);
-/* harmony default export */ var MenuItem_menuItemClasses = (menuItemClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/MenuItem/MenuItem.js
-
-
-
-var MenuItem_excluded = ["autoFocus", "component", "dense", "divider", "disableGutters", "focusVisibleClassName", "role", "tabIndex", "className"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var MenuItem_overridesResolver = function overridesResolver(props, styles) {
-  var ownerState = props.ownerState;
-  return [styles.root, ownerState.dense && styles.dense, ownerState.divider && styles.divider, !ownerState.disableGutters && styles.gutters];
-};
-var MenuItem_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var disabled = ownerState.disabled,
-    dense = ownerState.dense,
-    divider = ownerState.divider,
-    disableGutters = ownerState.disableGutters,
-    selected = ownerState.selected,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', dense && 'dense', disabled && 'disabled', !disableGutters && 'gutters', divider && 'divider', selected && 'selected']
-  };
-  var composedClasses = composeClasses(slots, getMenuItemUtilityClass, classes);
-  return extends_extends({}, classes, composedClasses);
-};
-var MenuItemRoot = styles_styled(ButtonBase_ButtonBase, {
-  shouldForwardProp: function shouldForwardProp(prop) {
-    return rootShouldForwardProp(prop) || prop === 'classes';
-  },
-  name: 'MuiMenuItem',
-  slot: 'Root',
-  overridesResolver: MenuItem_overridesResolver
-})(function (_ref) {
-  var _extends2;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({}, theme.typography.body1, {
-    display: 'flex',
-    justifyContent: 'flex-start',
-    alignItems: 'center',
-    position: 'relative',
-    textDecoration: 'none',
-    minHeight: 48,
-    paddingTop: 6,
-    paddingBottom: 6,
-    boxSizing: 'border-box',
-    whiteSpace: 'nowrap'
-  }, !ownerState.disableGutters && {
-    paddingLeft: 16,
-    paddingRight: 16
-  }, ownerState.divider && {
-    borderBottom: "1px solid ".concat((theme.vars || theme).palette.divider),
-    backgroundClip: 'padding-box'
-  }, (_extends2 = {
-    '&:hover': {
-      textDecoration: 'none',
-      backgroundColor: (theme.vars || theme).palette.action.hover,
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.selected), defineProperty_defineProperty({
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-  }, "&.".concat(MenuItem_menuItemClasses.focusVisible), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
-  })), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.selected, ":hover"), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
-    // Reset on touch devices, it doesn't add specificity
-    '@media (hover: none)': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-    }
-  }), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.focusVisible), {
-    backgroundColor: (theme.vars || theme).palette.action.focus
-  }), defineProperty_defineProperty(_extends2, "&.".concat(MenuItem_menuItemClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity
-  }), defineProperty_defineProperty(_extends2, "& + .".concat(Divider_dividerClasses.root), {
-    marginTop: theme.spacing(1),
-    marginBottom: theme.spacing(1)
-  }), defineProperty_defineProperty(_extends2, "& + .".concat(Divider_dividerClasses.inset), {
-    marginLeft: 52
-  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemText_listItemTextClasses.root), {
-    marginTop: 0,
-    marginBottom: 0
-  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemText_listItemTextClasses.inset), {
-    paddingLeft: 36
-  }), defineProperty_defineProperty(_extends2, "& .".concat(ListItemIcon_listItemIconClasses.root), {
-    minWidth: 36
-  }), _extends2), !ownerState.dense && defineProperty_defineProperty({}, theme.breakpoints.up('sm'), {
-    minHeight: 'auto'
-  }), ownerState.dense && extends_extends({
-    minHeight: 32,
-    // https://m2.material.io/components/menus#specs > Dense
-    paddingTop: 4,
-    paddingBottom: 4
-  }, theme.typography.body2, defineProperty_defineProperty({}, "& .".concat(ListItemIcon_listItemIconClasses.root, " svg"), {
-    fontSize: '1.25rem'
-  })));
-});
-var MenuItem = /*#__PURE__*/react.forwardRef(function MenuItem(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiMenuItem'
-  });
-  var _props$autoFocus = props.autoFocus,
-    autoFocus = _props$autoFocus === void 0 ? false : _props$autoFocus,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'li' : _props$component,
-    _props$dense = props.dense,
-    dense = _props$dense === void 0 ? false : _props$dense,
-    _props$divider = props.divider,
-    divider = _props$divider === void 0 ? false : _props$divider,
-    _props$disableGutters = props.disableGutters,
-    disableGutters = _props$disableGutters === void 0 ? false : _props$disableGutters,
-    focusVisibleClassName = props.focusVisibleClassName,
-    _props$role = props.role,
-    role = _props$role === void 0 ? 'menuitem' : _props$role,
-    tabIndexProp = props.tabIndex,
-    className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, MenuItem_excluded);
-  var context = react.useContext(List_ListContext);
-  var childContext = react.useMemo(function () {
-    return {
-      dense: dense || context.dense || false,
-      disableGutters: disableGutters
-    };
-  }, [context.dense, dense, disableGutters]);
-  var menuItemRef = react.useRef(null);
-  utils_useEnhancedEffect(function () {
-    if (autoFocus) {
-      if (menuItemRef.current) {
-        menuItemRef.current.focus();
-      } else if (false) {}
-    }
-  }, [autoFocus]);
-  var ownerState = extends_extends({}, props, {
-    dense: childContext.dense,
-    divider: divider,
-    disableGutters: disableGutters
-  });
-  var classes = MenuItem_useUtilityClasses(props);
-  var handleRef = utils_useForkRef(menuItemRef, ref);
-  var tabIndex;
-  if (!props.disabled) {
-    tabIndex = tabIndexProp !== undefined ? tabIndexProp : -1;
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(List_ListContext.Provider, {
-    value: childContext,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(MenuItemRoot, extends_extends({
-      ref: handleRef,
-      role: role,
-      tabIndex: tabIndex,
-      component: component,
-      focusVisibleClassName: clsx_m(classes.focusVisible, focusVisibleClassName),
-      className: clsx_m(classes.root, className)
-    }, other, {
-      ownerState: ownerState,
-      classes: classes
-    }))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var MenuItem_MenuItem = (MenuItem);
-;// CONCATENATED MODULE: ./src/components/ActionsMenu.tsx
-var ActionsMenu=function ActionsMenu(props){var _React$useState=react.useState(null),_React$useState2=slicedToArray_slicedToArray(_React$useState,2),anchorEl=_React$useState2[0],setAnchorEl=_React$useState2[1];var menuOpen=Boolean(anchorEl);var handleMenuClick=function handleMenuClick(e){e.stopPropagation();setAnchorEl(e.currentTarget);};var handleMenuClose=function handleMenuClose(){setAnchorEl(null);};var icon=props.icon||/*#__PURE__*/(0,jsx_runtime.jsx)(MoreVert,{});return/*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:handleMenuClick,size:"small","aria-controls":menuOpen?'account-menu':undefined,"aria-haspopup":"true","aria-expanded":menuOpen?'true':undefined,sx:{padding:0},children:icon}),/*#__PURE__*/(0,jsx_runtime.jsx)(Menu_Menu,{anchorEl:anchorEl,id:"account-menu",open:menuOpen,onClose:handleMenuClose,onClick:function onClick(e){e.stopPropagation();handleMenuClose();},PaperProps:{elevation:0,sx:{overflow:'visible',filter:'drop-shadow(0px 2px 8px rgba(0,0,0,0.32))',mt:1.5,'& .MuiAvatar-root':{width:32,height:32,ml:-0.5,mr:1},'&:before':{content:'""',display:'block',position:'absolute',top:0,right:14,width:10,height:10,bgcolor:'background.paper',transform:'translateY(-50%) rotate(45deg)',zIndex:0}}},transformOrigin:{horizontal:'right',vertical:'top'},anchorOrigin:{horizontal:'right',vertical:'bottom'},children:props.menuItems.map(function(item,i){var handler=function handler(e){e.stopPropagation();if(item.handler){item.handler();}handleMenuClose();};if(item.to){return/*#__PURE__*/(0,jsx_runtime.jsxs)(MenuItem_MenuItem,{component:Link,to:item.to,onClick:handler,children:[item.icon," ",item.text]},i);}else{return/*#__PURE__*/(0,jsx_runtime.jsxs)(MenuItem_MenuItem,{onClick:handler,children:[item.icon," ",item.text]},i);}})})]});};
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Favorite.js
-
-
-/* harmony default export */ var Favorite = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "m12 21.35-1.45-1.32C5.4 15.36 2 12.28 2 8.5 2 5.42 4.42 3 7.5 3c1.74 0 3.41.81 4.5 2.09C13.09 3.81 14.76 3 16.5 3 19.58 3 22 5.42 22 8.5c0 3.78-3.4 6.86-8.55 11.54L12 21.35z"
-}), 'Favorite'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/HeartBroken.js
-
-
-/* harmony default export */ var HeartBroken = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M16.5 3c-.96 0-1.9.25-2.73.69L12 9h3l-3 10 1-9h-3l1.54-5.39C10.47 3.61 9.01 3 7.5 3 4.42 3 2 5.42 2 8.5c0 4.13 4.16 7.18 10 12.5 5.47-4.94 10-8.26 10-12.5C22 5.42 19.58 3 16.5 3z"
-}), 'HeartBroken'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/PublishedWithChanges.js
-
-
-/* harmony default export */ var PublishedWithChanges = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "m17.66 9.53-7.07 7.07-4.24-4.24 1.41-1.41 2.83 2.83 5.66-5.66 1.41 1.41zM4 12c0-2.33 1.02-4.42 2.62-5.88L9 8.5v-6H3l2.2 2.2C3.24 6.52 2 9.11 2 12c0 5.19 3.95 9.45 9 9.95v-2.02c-3.94-.49-7-3.86-7-7.93zm18 0c0-5.19-3.95-9.45-9-9.95v2.02c3.94.49 7 3.86 7 7.93 0 2.33-1.02 4.42-2.62 5.88L15 15.5v6h6l-2.2-2.2c1.96-1.82 3.2-4.41 3.2-7.3z"
-}), 'PublishedWithChanges'));
-;// CONCATENATED MODULE: ./src/utils/duration.ts
-function formatDuration(ms,withMs){if(ms<0)ms=-ms;var time={day:Math.floor(ms/86400000),hour:Math.floor(ms/3600000)%24,minute:Math.floor(ms/60000)%60,second:Math.floor(ms/1000)%60,millisecond:withMs?Math.floor(ms)%1000:0};return Object.entries(time).filter(function(val){return val[1]!==0;}).map(function(val){return val[1]+' '+(val[1]!==1?val[0]+'s':val[0]);}).join(', ');}function formatDurationShort(ms){if(ms<0)ms=-ms;var time={d:Math.floor(ms/86400000),h:Math.floor(ms/3600000)%24,m:Math.floor(ms/60000)%60,s:Math.floor(ms/1000)%60,ms:Math.floor(ms)%1000};var f=Object.entries(time).find(function(val){return val[1]>0;});if(f===undefined){return"0s";}return f[1]+f[0];}var calcAgo=function calcAgo(startTime){var t1=new Date(startTime);var t2=new Date();var d=t2.getTime()-t1.getTime();return formatDurationShort(d);};
-;// CONCATENATED MODULE: ./src/components/targets-view/Targets.tsx
-var StatusIcon=function StatusIcon(props){var icon;var theme=styles_useTheme_useTheme();if(props.ts.lastValidateResult===undefined){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(MessageQuestionIcon,{color:theme.palette.error.main});}else if(props.ts.lastValidateResult.ready&&!props.ts.lastValidateResult.errors){var _props$ts$lastValidat,_props$ts$lastValidat2;if((_props$ts$lastValidat=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat!==void 0&&_props$ts$lastValidat.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"warning"});}else if((_props$ts$lastValidat2=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat2!==void 0&&_props$ts$lastValidat2.length){icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"primary"});}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(Favorite,{color:"success"});}}else{icon=/*#__PURE__*/(0,jsx_runtime.jsx)(HeartBroken,{color:"error"});}var tooltip=[];if(props.ts.lastValidateResult===undefined){tooltip.push("No validation result available.");}else{var _props$ts$lastValidat3,_props$ts$lastValidat4,_props$ts$lastValidat5,_props$ts$lastValidat6;if(props.ts.lastValidateResult.ready&&!((_props$ts$lastValidat3=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat3!==void 0&&_props$ts$lastValidat3.length)){tooltip.push("Target is ready.");}else{tooltip.push("Target is not ready.");}if((_props$ts$lastValidat4=props.ts.lastValidateResult.errors)!==null&&_props$ts$lastValidat4!==void 0&&_props$ts$lastValidat4.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.errors.length," validation errors."));}if((_props$ts$lastValidat5=props.ts.lastValidateResult.warnings)!==null&&_props$ts$lastValidat5!==void 0&&_props$ts$lastValidat5.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.warnings.length," validation warnings."));}if((_props$ts$lastValidat6=props.ts.lastValidateResult.drift)!==null&&_props$ts$lastValidat6!==void 0&&_props$ts$lastValidat6.length){tooltip.push("Target has ".concat(props.ts.lastValidateResult.drift.length," drifted objects."));}tooltip.push("Validation performed "+calcAgo(props.ts.lastValidateResult.startTime)+" ago");}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:tooltip.map(function(t){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:t},t);}),children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:icon})});};var TargetItem=function TargetItem(props){var _props$ts$commandResu,_props$ts$commandResu2;var api=(0,react.useContext)(ApiContext);var actionMenuItems=[];actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Validate now",handler:function handler(){api.validateNow(props.ps.project,props.ts.target);}});var kd;var allKdEqual=true;(_props$ts$commandResu=props.ts.commandResults)===null||_props$ts$commandResu===void 0?void 0:_props$ts$commandResu.forEach(function(rs){if(rs.commandInfo.kluctlDeployment){if(!kd){kd=rs.commandInfo.kluctlDeployment;}else{if(kd.name!==rs.commandInfo.kluctlDeployment.name||kd.namespace!==rs.commandInfo.kluctlDeployment.namespace){allKdEqual=false;}}}});if(kd&&allKdEqual){actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Reconcile",handler:function handler(){api.reconcileNow(props.ts.target.clusterId,kd.name,kd.namespace);}});actionMenuItems.push({icon:/*#__PURE__*/(0,jsx_runtime.jsx)(PublishedWithChanges,{}),text:"Deploy",handler:function handler(){api.deployNow(props.ts.target.clusterId,kd.name,kd.namespace);}});}var allContexts=[];var handleContext=function handleContext(c){if(!c){return;}if(allContexts.find(function(x){return x===c;})){return;}allContexts.push(c);};(_props$ts$commandResu2=props.ts.commandResults)===null||_props$ts$commandResu2===void 0?void 0:_props$ts$commandResu2.forEach(function(rs){handleContext(rs.commandInfo.contextOverride);handleContext(rs.target.context);});var contextTooltip=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{textAlign:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:"All known contexts:"}),allContexts.map(function(context){return/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle2",children:context},context);})]});var targetName=props.ts.target.targetName;if(!targetName){targetName="<no-name>";}return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'20px 16px 12px 16px'},onClick:function onClick(e){return props.onSelectTarget(props.ts);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexShrink:0,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetIcon,{})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flexGrow:1,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",flexGrow:1,children:targetName}),allContexts.length?/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:contextTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:allContexts[0]})}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{})]})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Cluster ID: "+props.ts.target.clusterId,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CpuIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Discriminator: "+props.ts.target.discriminator,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(FingerScanIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(StatusIcon,_objectSpread2({},props)),/*#__PURE__*/(0,jsx_runtime.jsx)(ActionsMenu,{menuItems:actionMenuItems})]})]})]})});};
-;// CONCATENATED MODULE: ./node_modules/js-yaml/dist/js-yaml.mjs
-/*! js-yaml 4.1.0 https://github.com/nodeca/js-yaml @license MIT */
-function isNothing(subject) {
-  return typeof subject === 'undefined' || subject === null;
-}
-function isObject(subject) {
-  return typeof subject === 'object' && subject !== null;
-}
-function toArray(sequence) {
-  if (Array.isArray(sequence)) return sequence;else if (isNothing(sequence)) return [];
-  return [sequence];
-}
-function extend(target, source) {
-  var index, length, key, sourceKeys;
-  if (source) {
-    sourceKeys = Object.keys(source);
-    for (index = 0, length = sourceKeys.length; index < length; index += 1) {
-      key = sourceKeys[index];
-      target[key] = source[key];
-    }
-  }
-  return target;
-}
-function repeat(string, count) {
-  var result = '',
-    cycle;
-  for (cycle = 0; cycle < count; cycle += 1) {
-    result += string;
-  }
-  return result;
-}
-function isNegativeZero(number) {
-  return number === 0 && Number.NEGATIVE_INFINITY === 1 / number;
-}
-var isNothing_1 = isNothing;
-var isObject_1 = isObject;
-var toArray_1 = toArray;
-var repeat_1 = repeat;
-var isNegativeZero_1 = isNegativeZero;
-var extend_1 = extend;
-var js_yaml_common = {
-  isNothing: isNothing_1,
-  isObject: isObject_1,
-  toArray: toArray_1,
-  repeat: repeat_1,
-  isNegativeZero: isNegativeZero_1,
-  extend: extend_1
-};
-
-// YAML error class. http://stackoverflow.com/questions/8458984
-
-function formatError(exception, compact) {
-  var where = '',
-    message = exception.reason || '(unknown reason)';
-  if (!exception.mark) return message;
-  if (exception.mark.name) {
-    where += 'in "' + exception.mark.name + '" ';
-  }
-  where += '(' + (exception.mark.line + 1) + ':' + (exception.mark.column + 1) + ')';
-  if (!compact && exception.mark.snippet) {
-    where += '\n\n' + exception.mark.snippet;
-  }
-  return message + ' ' + where;
-}
-function YAMLException$1(reason, mark) {
-  // Super constructor
-  Error.call(this);
-  this.name = 'YAMLException';
-  this.reason = reason;
-  this.mark = mark;
-  this.message = formatError(this, false);
-
-  // Include stack trace in error object
-  if (Error.captureStackTrace) {
-    // Chrome and NodeJS
-    Error.captureStackTrace(this, this.constructor);
-  } else {
-    // FF, IE 10+ and Safari 6+. Fallback for others
-    this.stack = new Error().stack || '';
-  }
-}
-
-// Inherit from Error
-YAMLException$1.prototype = Object.create(Error.prototype);
-YAMLException$1.prototype.constructor = YAMLException$1;
-YAMLException$1.prototype.toString = function toString(compact) {
-  return this.name + ': ' + formatError(this, compact);
-};
-var exception = YAMLException$1;
-
-// get snippet for a single line, respecting maxLength
-function getLine(buffer, lineStart, lineEnd, position, maxLineLength) {
-  var head = '';
-  var tail = '';
-  var maxHalfLength = Math.floor(maxLineLength / 2) - 1;
-  if (position - lineStart > maxHalfLength) {
-    head = ' ... ';
-    lineStart = position - maxHalfLength + head.length;
-  }
-  if (lineEnd - position > maxHalfLength) {
-    tail = ' ...';
-    lineEnd = position + maxHalfLength - tail.length;
-  }
-  return {
-    str: head + buffer.slice(lineStart, lineEnd).replace(/\t/g, '→') + tail,
-    pos: position - lineStart + head.length // relative position
-  };
-}
-
-function padStart(string, max) {
-  return js_yaml_common.repeat(' ', max - string.length) + string;
-}
-function makeSnippet(mark, options) {
-  options = Object.create(options || null);
-  if (!mark.buffer) return null;
-  if (!options.maxLength) options.maxLength = 79;
-  if (typeof options.indent !== 'number') options.indent = 1;
-  if (typeof options.linesBefore !== 'number') options.linesBefore = 3;
-  if (typeof options.linesAfter !== 'number') options.linesAfter = 2;
-  var re = /\r?\n|\r|\0/g;
-  var lineStarts = [0];
-  var lineEnds = [];
-  var match;
-  var foundLineNo = -1;
-  while (match = re.exec(mark.buffer)) {
-    lineEnds.push(match.index);
-    lineStarts.push(match.index + match[0].length);
-    if (mark.position <= match.index && foundLineNo < 0) {
-      foundLineNo = lineStarts.length - 2;
-    }
-  }
-  if (foundLineNo < 0) foundLineNo = lineStarts.length - 1;
-  var result = '',
-    i,
-    line;
-  var lineNoLength = Math.min(mark.line + options.linesAfter, lineEnds.length).toString().length;
-  var maxLineLength = options.maxLength - (options.indent + lineNoLength + 3);
-  for (i = 1; i <= options.linesBefore; i++) {
-    if (foundLineNo - i < 0) break;
-    line = getLine(mark.buffer, lineStarts[foundLineNo - i], lineEnds[foundLineNo - i], mark.position - (lineStarts[foundLineNo] - lineStarts[foundLineNo - i]), maxLineLength);
-    result = js_yaml_common.repeat(' ', options.indent) + padStart((mark.line - i + 1).toString(), lineNoLength) + ' | ' + line.str + '\n' + result;
-  }
-  line = getLine(mark.buffer, lineStarts[foundLineNo], lineEnds[foundLineNo], mark.position, maxLineLength);
-  result += js_yaml_common.repeat(' ', options.indent) + padStart((mark.line + 1).toString(), lineNoLength) + ' | ' + line.str + '\n';
-  result += js_yaml_common.repeat('-', options.indent + lineNoLength + 3 + line.pos) + '^' + '\n';
-  for (i = 1; i <= options.linesAfter; i++) {
-    if (foundLineNo + i >= lineEnds.length) break;
-    line = getLine(mark.buffer, lineStarts[foundLineNo + i], lineEnds[foundLineNo + i], mark.position - (lineStarts[foundLineNo] - lineStarts[foundLineNo + i]), maxLineLength);
-    result += js_yaml_common.repeat(' ', options.indent) + padStart((mark.line + i + 1).toString(), lineNoLength) + ' | ' + line.str + '\n';
-  }
-  return result.replace(/\n$/, '');
-}
-var snippet = makeSnippet;
-var TYPE_CONSTRUCTOR_OPTIONS = ['kind', 'multi', 'resolve', 'construct', 'instanceOf', 'predicate', 'represent', 'representName', 'defaultStyle', 'styleAliases'];
-var YAML_NODE_KINDS = ['scalar', 'sequence', 'mapping'];
-function compileStyleAliases(map) {
-  var result = {};
-  if (map !== null) {
-    Object.keys(map).forEach(function (style) {
-      map[style].forEach(function (alias) {
-        result[String(alias)] = style;
-      });
-    });
-  }
-  return result;
-}
-function Type$1(tag, options) {
-  options = options || {};
-  Object.keys(options).forEach(function (name) {
-    if (TYPE_CONSTRUCTOR_OPTIONS.indexOf(name) === -1) {
-      throw new exception('Unknown option "' + name + '" is met in definition of "' + tag + '" YAML type.');
-    }
-  });
-
-  // TODO: Add tag format check.
-  this.options = options; // keep original options in case user wants to extend this type later
-  this.tag = tag;
-  this.kind = options['kind'] || null;
-  this.resolve = options['resolve'] || function () {
-    return true;
-  };
-  this.construct = options['construct'] || function (data) {
-    return data;
-  };
-  this.instanceOf = options['instanceOf'] || null;
-  this.predicate = options['predicate'] || null;
-  this.represent = options['represent'] || null;
-  this.representName = options['representName'] || null;
-  this.defaultStyle = options['defaultStyle'] || null;
-  this.multi = options['multi'] || false;
-  this.styleAliases = compileStyleAliases(options['styleAliases'] || null);
-  if (YAML_NODE_KINDS.indexOf(this.kind) === -1) {
-    throw new exception('Unknown kind "' + this.kind + '" is specified for "' + tag + '" YAML type.');
-  }
-}
-var type = Type$1;
-
-/*eslint-disable max-len*/
-
-function compileList(schema, name) {
-  var result = [];
-  schema[name].forEach(function (currentType) {
-    var newIndex = result.length;
-    result.forEach(function (previousType, previousIndex) {
-      if (previousType.tag === currentType.tag && previousType.kind === currentType.kind && previousType.multi === currentType.multi) {
-        newIndex = previousIndex;
-      }
-    });
-    result[newIndex] = currentType;
-  });
-  return result;
-}
-function compileMap( /* lists... */
-) {
-  var result = {
-      scalar: {},
-      sequence: {},
-      mapping: {},
-      fallback: {},
-      multi: {
-        scalar: [],
-        sequence: [],
-        mapping: [],
-        fallback: []
-      }
-    },
-    index,
-    length;
-  function collectType(type) {
-    if (type.multi) {
-      result.multi[type.kind].push(type);
-      result.multi['fallback'].push(type);
-    } else {
-      result[type.kind][type.tag] = result['fallback'][type.tag] = type;
-    }
-  }
-  for (index = 0, length = arguments.length; index < length; index += 1) {
-    arguments[index].forEach(collectType);
-  }
-  return result;
-}
-function Schema$1(definition) {
-  return this.extend(definition);
-}
-Schema$1.prototype.extend = function extend(definition) {
-  var implicit = [];
-  var explicit = [];
-  if (definition instanceof type) {
-    // Schema.extend(type)
-    explicit.push(definition);
-  } else if (Array.isArray(definition)) {
-    // Schema.extend([ type1, type2, ... ])
-    explicit = explicit.concat(definition);
-  } else if (definition && (Array.isArray(definition.implicit) || Array.isArray(definition.explicit))) {
-    // Schema.extend({ explicit: [ type1, type2, ... ], implicit: [ type1, type2, ... ] })
-    if (definition.implicit) implicit = implicit.concat(definition.implicit);
-    if (definition.explicit) explicit = explicit.concat(definition.explicit);
-  } else {
-    throw new exception('Schema.extend argument should be a Type, [ Type ], ' + 'or a schema definition ({ implicit: [...], explicit: [...] })');
-  }
-  implicit.forEach(function (type$1) {
-    if (!(type$1 instanceof type)) {
-      throw new exception('Specified list of YAML types (or a single Type object) contains a non-Type object.');
-    }
-    if (type$1.loadKind && type$1.loadKind !== 'scalar') {
-      throw new exception('There is a non-scalar type in the implicit list of a schema. Implicit resolving of such types is not supported.');
-    }
-    if (type$1.multi) {
-      throw new exception('There is a multi type in the implicit list of a schema. Multi tags can only be listed as explicit.');
-    }
-  });
-  explicit.forEach(function (type$1) {
-    if (!(type$1 instanceof type)) {
-      throw new exception('Specified list of YAML types (or a single Type object) contains a non-Type object.');
-    }
-  });
-  var result = Object.create(Schema$1.prototype);
-  result.implicit = (this.implicit || []).concat(implicit);
-  result.explicit = (this.explicit || []).concat(explicit);
-  result.compiledImplicit = compileList(result, 'implicit');
-  result.compiledExplicit = compileList(result, 'explicit');
-  result.compiledTypeMap = compileMap(result.compiledImplicit, result.compiledExplicit);
-  return result;
-};
-var schema = Schema$1;
-var str = new type('tag:yaml.org,2002:str', {
-  kind: 'scalar',
-  construct: function construct(data) {
-    return data !== null ? data : '';
-  }
-});
-var seq = new type('tag:yaml.org,2002:seq', {
-  kind: 'sequence',
-  construct: function construct(data) {
-    return data !== null ? data : [];
-  }
-});
-var map = new type('tag:yaml.org,2002:map', {
-  kind: 'mapping',
-  construct: function construct(data) {
-    return data !== null ? data : {};
-  }
-});
-var failsafe = new schema({
-  explicit: [str, seq, map]
-});
-function resolveYamlNull(data) {
-  if (data === null) return true;
-  var max = data.length;
-  return max === 1 && data === '~' || max === 4 && (data === 'null' || data === 'Null' || data === 'NULL');
-}
-function constructYamlNull() {
-  return null;
-}
-function isNull(object) {
-  return object === null;
-}
-var _null = new type('tag:yaml.org,2002:null', {
-  kind: 'scalar',
-  resolve: resolveYamlNull,
-  construct: constructYamlNull,
-  predicate: isNull,
-  represent: {
-    canonical: function canonical() {
-      return '~';
-    },
-    lowercase: function lowercase() {
-      return 'null';
-    },
-    uppercase: function uppercase() {
-      return 'NULL';
-    },
-    camelcase: function camelcase() {
-      return 'Null';
-    },
-    empty: function empty() {
-      return '';
-    }
-  },
-  defaultStyle: 'lowercase'
-});
-function resolveYamlBoolean(data) {
-  if (data === null) return false;
-  var max = data.length;
-  return max === 4 && (data === 'true' || data === 'True' || data === 'TRUE') || max === 5 && (data === 'false' || data === 'False' || data === 'FALSE');
-}
-function constructYamlBoolean(data) {
-  return data === 'true' || data === 'True' || data === 'TRUE';
-}
-function isBoolean(object) {
-  return Object.prototype.toString.call(object) === '[object Boolean]';
-}
-var bool = new type('tag:yaml.org,2002:bool', {
-  kind: 'scalar',
-  resolve: resolveYamlBoolean,
-  construct: constructYamlBoolean,
-  predicate: isBoolean,
-  represent: {
-    lowercase: function lowercase(object) {
-      return object ? 'true' : 'false';
-    },
-    uppercase: function uppercase(object) {
-      return object ? 'TRUE' : 'FALSE';
-    },
-    camelcase: function camelcase(object) {
-      return object ? 'True' : 'False';
-    }
-  },
-  defaultStyle: 'lowercase'
-});
-function isHexCode(c) {
-  return 0x30 /* 0 */ <= c && c <= 0x39 /* 9 */ || 0x41 /* A */ <= c && c <= 0x46 /* F */ || 0x61 /* a */ <= c && c <= 0x66 /* f */;
-}
-
-function isOctCode(c) {
-  return 0x30 /* 0 */ <= c && c <= 0x37 /* 7 */;
-}
-
-function isDecCode(c) {
-  return 0x30 /* 0 */ <= c && c <= 0x39 /* 9 */;
-}
-
-function resolveYamlInteger(data) {
-  if (data === null) return false;
-  var max = data.length,
-    index = 0,
-    hasDigits = false,
-    ch;
-  if (!max) return false;
-  ch = data[index];
-
-  // sign
-  if (ch === '-' || ch === '+') {
-    ch = data[++index];
-  }
-  if (ch === '0') {
-    // 0
-    if (index + 1 === max) return true;
-    ch = data[++index];
-
-    // base 2, base 8, base 16
-
-    if (ch === 'b') {
-      // base 2
-      index++;
-      for (; index < max; index++) {
-        ch = data[index];
-        if (ch === '_') continue;
-        if (ch !== '0' && ch !== '1') return false;
-        hasDigits = true;
-      }
-      return hasDigits && ch !== '_';
-    }
-    if (ch === 'x') {
-      // base 16
-      index++;
-      for (; index < max; index++) {
-        ch = data[index];
-        if (ch === '_') continue;
-        if (!isHexCode(data.charCodeAt(index))) return false;
-        hasDigits = true;
-      }
-      return hasDigits && ch !== '_';
-    }
-    if (ch === 'o') {
-      // base 8
-      index++;
-      for (; index < max; index++) {
-        ch = data[index];
-        if (ch === '_') continue;
-        if (!isOctCode(data.charCodeAt(index))) return false;
-        hasDigits = true;
-      }
-      return hasDigits && ch !== '_';
-    }
-  }
-
-  // base 10 (except 0)
-
-  // value should not start with `_`;
-  if (ch === '_') return false;
-  for (; index < max; index++) {
-    ch = data[index];
-    if (ch === '_') continue;
-    if (!isDecCode(data.charCodeAt(index))) {
-      return false;
-    }
-    hasDigits = true;
-  }
-
-  // Should have digits and should not end with `_`
-  if (!hasDigits || ch === '_') return false;
-  return true;
-}
-function constructYamlInteger(data) {
-  var value = data,
-    sign = 1,
-    ch;
-  if (value.indexOf('_') !== -1) {
-    value = value.replace(/_/g, '');
-  }
-  ch = value[0];
-  if (ch === '-' || ch === '+') {
-    if (ch === '-') sign = -1;
-    value = value.slice(1);
-    ch = value[0];
-  }
-  if (value === '0') return 0;
-  if (ch === '0') {
-    if (value[1] === 'b') return sign * parseInt(value.slice(2), 2);
-    if (value[1] === 'x') return sign * parseInt(value.slice(2), 16);
-    if (value[1] === 'o') return sign * parseInt(value.slice(2), 8);
-  }
-  return sign * parseInt(value, 10);
-}
-function isInteger(object) {
-  return Object.prototype.toString.call(object) === '[object Number]' && object % 1 === 0 && !js_yaml_common.isNegativeZero(object);
-}
-var js_yaml_int = new type('tag:yaml.org,2002:int', {
-  kind: 'scalar',
-  resolve: resolveYamlInteger,
-  construct: constructYamlInteger,
-  predicate: isInteger,
-  represent: {
-    binary: function binary(obj) {
-      return obj >= 0 ? '0b' + obj.toString(2) : '-0b' + obj.toString(2).slice(1);
-    },
-    octal: function octal(obj) {
-      return obj >= 0 ? '0o' + obj.toString(8) : '-0o' + obj.toString(8).slice(1);
-    },
-    decimal: function decimal(obj) {
-      return obj.toString(10);
-    },
-    /* eslint-disable max-len */
-    hexadecimal: function hexadecimal(obj) {
-      return obj >= 0 ? '0x' + obj.toString(16).toUpperCase() : '-0x' + obj.toString(16).toUpperCase().slice(1);
-    }
-  },
-  defaultStyle: 'decimal',
-  styleAliases: {
-    binary: [2, 'bin'],
-    octal: [8, 'oct'],
-    decimal: [10, 'dec'],
-    hexadecimal: [16, 'hex']
-  }
-});
-var YAML_FLOAT_PATTERN = new RegExp(
-// 2.5e4, 2.5 and integers
-'^(?:[-+]?(?:[0-9][0-9_]*)(?:\\.[0-9_]*)?(?:[eE][-+]?[0-9]+)?' +
-// .2e4, .2
-// special case, seems not from spec
-'|\\.[0-9_]+(?:[eE][-+]?[0-9]+)?' +
-// .inf
-'|[-+]?\\.(?:inf|Inf|INF)' +
-// .nan
-'|\\.(?:nan|NaN|NAN))$');
-function resolveYamlFloat(data) {
-  if (data === null) return false;
-  if (!YAML_FLOAT_PATTERN.test(data) ||
-  // Quick hack to not allow integers end with `_`
-  // Probably should update regexp & check speed
-  data[data.length - 1] === '_') {
-    return false;
-  }
-  return true;
-}
-function constructYamlFloat(data) {
-  var value, sign;
-  value = data.replace(/_/g, '').toLowerCase();
-  sign = value[0] === '-' ? -1 : 1;
-  if ('+-'.indexOf(value[0]) >= 0) {
-    value = value.slice(1);
-  }
-  if (value === '.inf') {
-    return sign === 1 ? Number.POSITIVE_INFINITY : Number.NEGATIVE_INFINITY;
-  } else if (value === '.nan') {
-    return NaN;
-  }
-  return sign * parseFloat(value, 10);
-}
-var SCIENTIFIC_WITHOUT_DOT = /^[-+]?[0-9]+e/;
-function representYamlFloat(object, style) {
-  var res;
-  if (isNaN(object)) {
-    switch (style) {
-      case 'lowercase':
-        return '.nan';
-      case 'uppercase':
-        return '.NAN';
-      case 'camelcase':
-        return '.NaN';
-    }
-  } else if (Number.POSITIVE_INFINITY === object) {
-    switch (style) {
-      case 'lowercase':
-        return '.inf';
-      case 'uppercase':
-        return '.INF';
-      case 'camelcase':
-        return '.Inf';
-    }
-  } else if (Number.NEGATIVE_INFINITY === object) {
-    switch (style) {
-      case 'lowercase':
-        return '-.inf';
-      case 'uppercase':
-        return '-.INF';
-      case 'camelcase':
-        return '-.Inf';
-    }
-  } else if (js_yaml_common.isNegativeZero(object)) {
-    return '-0.0';
-  }
-  res = object.toString(10);
-
-  // JS stringifier can build scientific format without dots: 5e-100,
-  // while YAML requres dot: 5.e-100. Fix it with simple hack
-
-  return SCIENTIFIC_WITHOUT_DOT.test(res) ? res.replace('e', '.e') : res;
-}
-function isFloat(object) {
-  return Object.prototype.toString.call(object) === '[object Number]' && (object % 1 !== 0 || js_yaml_common.isNegativeZero(object));
-}
-var js_yaml_float = new type('tag:yaml.org,2002:float', {
-  kind: 'scalar',
-  resolve: resolveYamlFloat,
-  construct: constructYamlFloat,
-  predicate: isFloat,
-  represent: representYamlFloat,
-  defaultStyle: 'lowercase'
-});
-var js_yaml_json = failsafe.extend({
-  implicit: [_null, bool, js_yaml_int, js_yaml_float]
-});
-var core = js_yaml_json;
-var YAML_DATE_REGEXP = new RegExp('^([0-9][0-9][0-9][0-9])' +
-// [1] year
-'-([0-9][0-9])' +
-// [2] month
-'-([0-9][0-9])$'); // [3] day
-
-var YAML_TIMESTAMP_REGEXP = new RegExp('^([0-9][0-9][0-9][0-9])' +
-// [1] year
-'-([0-9][0-9]?)' +
-// [2] month
-'-([0-9][0-9]?)' +
-// [3] day
-'(?:[Tt]|[ \\t]+)' +
-// ...
-'([0-9][0-9]?)' +
-// [4] hour
-':([0-9][0-9])' +
-// [5] minute
-':([0-9][0-9])' +
-// [6] second
-'(?:\\.([0-9]*))?' +
-// [7] fraction
-'(?:[ \\t]*(Z|([-+])([0-9][0-9]?)' +
-// [8] tz [9] tz_sign [10] tz_hour
-'(?::([0-9][0-9]))?))?$'); // [11] tz_minute
-
-function resolveYamlTimestamp(data) {
-  if (data === null) return false;
-  if (YAML_DATE_REGEXP.exec(data) !== null) return true;
-  if (YAML_TIMESTAMP_REGEXP.exec(data) !== null) return true;
-  return false;
-}
-function constructYamlTimestamp(data) {
-  var match,
-    year,
-    month,
-    day,
-    hour,
-    minute,
-    second,
-    fraction = 0,
-    delta = null,
-    tz_hour,
-    tz_minute,
-    date;
-  match = YAML_DATE_REGEXP.exec(data);
-  if (match === null) match = YAML_TIMESTAMP_REGEXP.exec(data);
-  if (match === null) throw new Error('Date resolve error');
-
-  // match: [1] year [2] month [3] day
-
-  year = +match[1];
-  month = +match[2] - 1; // JS month starts with 0
-  day = +match[3];
-  if (!match[4]) {
-    // no hour
-    return new Date(Date.UTC(year, month, day));
-  }
-
-  // match: [4] hour [5] minute [6] second [7] fraction
-
-  hour = +match[4];
-  minute = +match[5];
-  second = +match[6];
-  if (match[7]) {
-    fraction = match[7].slice(0, 3);
-    while (fraction.length < 3) {
-      // milli-seconds
-      fraction += '0';
-    }
-    fraction = +fraction;
-  }
-
-  // match: [8] tz [9] tz_sign [10] tz_hour [11] tz_minute
-
-  if (match[9]) {
-    tz_hour = +match[10];
-    tz_minute = +(match[11] || 0);
-    delta = (tz_hour * 60 + tz_minute) * 60000; // delta in mili-seconds
-    if (match[9] === '-') delta = -delta;
-  }
-  date = new Date(Date.UTC(year, month, day, hour, minute, second, fraction));
-  if (delta) date.setTime(date.getTime() - delta);
-  return date;
-}
-function representYamlTimestamp(object /*, style*/) {
-  return object.toISOString();
-}
-var timestamp = new type('tag:yaml.org,2002:timestamp', {
-  kind: 'scalar',
-  resolve: resolveYamlTimestamp,
-  construct: constructYamlTimestamp,
-  instanceOf: Date,
-  represent: representYamlTimestamp
-});
-function resolveYamlMerge(data) {
-  return data === '<<' || data === null;
-}
-var js_yaml_merge = new type('tag:yaml.org,2002:merge', {
-  kind: 'scalar',
-  resolve: resolveYamlMerge
-});
-
-/*eslint-disable no-bitwise*/
-
-// [ 64, 65, 66 ] -> [ padding, CR, LF ]
-var BASE64_MAP = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\n\r';
-function resolveYamlBinary(data) {
-  if (data === null) return false;
-  var code,
-    idx,
-    bitlen = 0,
-    max = data.length,
-    map = BASE64_MAP;
-
-  // Convert one by one.
-  for (idx = 0; idx < max; idx++) {
-    code = map.indexOf(data.charAt(idx));
-
-    // Skip CR/LF
-    if (code > 64) continue;
-
-    // Fail on illegal characters
-    if (code < 0) return false;
-    bitlen += 6;
-  }
-
-  // If there are any bits left, source was corrupted
-  return bitlen % 8 === 0;
-}
-function constructYamlBinary(data) {
-  var idx,
-    tailbits,
-    input = data.replace(/[\r\n=]/g, ''),
-    // remove CR/LF & padding to simplify scan
-    max = input.length,
-    map = BASE64_MAP,
-    bits = 0,
-    result = [];
-
-  // Collect by 6*4 bits (3 bytes)
-
-  for (idx = 0; idx < max; idx++) {
-    if (idx % 4 === 0 && idx) {
-      result.push(bits >> 16 & 0xFF);
-      result.push(bits >> 8 & 0xFF);
-      result.push(bits & 0xFF);
-    }
-    bits = bits << 6 | map.indexOf(input.charAt(idx));
-  }
-
-  // Dump tail
-
-  tailbits = max % 4 * 6;
-  if (tailbits === 0) {
-    result.push(bits >> 16 & 0xFF);
-    result.push(bits >> 8 & 0xFF);
-    result.push(bits & 0xFF);
-  } else if (tailbits === 18) {
-    result.push(bits >> 10 & 0xFF);
-    result.push(bits >> 2 & 0xFF);
-  } else if (tailbits === 12) {
-    result.push(bits >> 4 & 0xFF);
-  }
-  return new Uint8Array(result);
-}
-function representYamlBinary(object /*, style*/) {
-  var result = '',
-    bits = 0,
-    idx,
-    tail,
-    max = object.length,
-    map = BASE64_MAP;
-
-  // Convert every three bytes to 4 ASCII characters.
-
-  for (idx = 0; idx < max; idx++) {
-    if (idx % 3 === 0 && idx) {
-      result += map[bits >> 18 & 0x3F];
-      result += map[bits >> 12 & 0x3F];
-      result += map[bits >> 6 & 0x3F];
-      result += map[bits & 0x3F];
-    }
-    bits = (bits << 8) + object[idx];
-  }
-
-  // Dump tail
-
-  tail = max % 3;
-  if (tail === 0) {
-    result += map[bits >> 18 & 0x3F];
-    result += map[bits >> 12 & 0x3F];
-    result += map[bits >> 6 & 0x3F];
-    result += map[bits & 0x3F];
-  } else if (tail === 2) {
-    result += map[bits >> 10 & 0x3F];
-    result += map[bits >> 4 & 0x3F];
-    result += map[bits << 2 & 0x3F];
-    result += map[64];
-  } else if (tail === 1) {
-    result += map[bits >> 2 & 0x3F];
-    result += map[bits << 4 & 0x3F];
-    result += map[64];
-    result += map[64];
-  }
-  return result;
-}
-function isBinary(obj) {
-  return Object.prototype.toString.call(obj) === '[object Uint8Array]';
-}
-var binary = new type('tag:yaml.org,2002:binary', {
-  kind: 'scalar',
-  resolve: resolveYamlBinary,
-  construct: constructYamlBinary,
-  predicate: isBinary,
-  represent: representYamlBinary
-});
-var _hasOwnProperty$3 = Object.prototype.hasOwnProperty;
-var _toString$2 = Object.prototype.toString;
-function resolveYamlOmap(data) {
-  if (data === null) return true;
-  var objectKeys = [],
-    index,
-    length,
-    pair,
-    pairKey,
-    pairHasKey,
-    object = data;
-  for (index = 0, length = object.length; index < length; index += 1) {
-    pair = object[index];
-    pairHasKey = false;
-    if (_toString$2.call(pair) !== '[object Object]') return false;
-    for (pairKey in pair) {
-      if (_hasOwnProperty$3.call(pair, pairKey)) {
-        if (!pairHasKey) pairHasKey = true;else return false;
-      }
-    }
-    if (!pairHasKey) return false;
-    if (objectKeys.indexOf(pairKey) === -1) objectKeys.push(pairKey);else return false;
-  }
-  return true;
-}
-function constructYamlOmap(data) {
-  return data !== null ? data : [];
-}
-var omap = new type('tag:yaml.org,2002:omap', {
-  kind: 'sequence',
-  resolve: resolveYamlOmap,
-  construct: constructYamlOmap
-});
-var _toString$1 = Object.prototype.toString;
-function resolveYamlPairs(data) {
-  if (data === null) return true;
-  var index,
-    length,
-    pair,
-    keys,
-    result,
-    object = data;
-  result = new Array(object.length);
-  for (index = 0, length = object.length; index < length; index += 1) {
-    pair = object[index];
-    if (_toString$1.call(pair) !== '[object Object]') return false;
-    keys = Object.keys(pair);
-    if (keys.length !== 1) return false;
-    result[index] = [keys[0], pair[keys[0]]];
-  }
-  return true;
-}
-function constructYamlPairs(data) {
-  if (data === null) return [];
-  var index,
-    length,
-    pair,
-    keys,
-    result,
-    object = data;
-  result = new Array(object.length);
-  for (index = 0, length = object.length; index < length; index += 1) {
-    pair = object[index];
-    keys = Object.keys(pair);
-    result[index] = [keys[0], pair[keys[0]]];
-  }
-  return result;
-}
-var pairs = new type('tag:yaml.org,2002:pairs', {
-  kind: 'sequence',
-  resolve: resolveYamlPairs,
-  construct: constructYamlPairs
-});
-var _hasOwnProperty$2 = Object.prototype.hasOwnProperty;
-function resolveYamlSet(data) {
-  if (data === null) return true;
-  var key,
-    object = data;
-  for (key in object) {
-    if (_hasOwnProperty$2.call(object, key)) {
-      if (object[key] !== null) return false;
-    }
-  }
-  return true;
-}
-function constructYamlSet(data) {
-  return data !== null ? data : {};
-}
-var set = new type('tag:yaml.org,2002:set', {
-  kind: 'mapping',
-  resolve: resolveYamlSet,
-  construct: constructYamlSet
-});
-var _default = core.extend({
-  implicit: [timestamp, js_yaml_merge],
-  explicit: [binary, omap, pairs, set]
-});
-
-/*eslint-disable max-len,no-use-before-define*/
-
-var _hasOwnProperty$1 = Object.prototype.hasOwnProperty;
-var CONTEXT_FLOW_IN = 1;
-var CONTEXT_FLOW_OUT = 2;
-var CONTEXT_BLOCK_IN = 3;
-var CONTEXT_BLOCK_OUT = 4;
-var CHOMPING_CLIP = 1;
-var CHOMPING_STRIP = 2;
-var CHOMPING_KEEP = 3;
-var PATTERN_NON_PRINTABLE = /[\x00-\x08\x0B\x0C\x0E-\x1F\x7F-\x84\x86-\x9F\uFFFE\uFFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/;
-var PATTERN_NON_ASCII_LINE_BREAKS = /[\x85\u2028\u2029]/;
-var PATTERN_FLOW_INDICATORS = /[,\[\]\{\}]/;
-var PATTERN_TAG_HANDLE = /^(?:!|!!|![a-z\-]+!)$/i;
-var PATTERN_TAG_URI = /^(?:!|[^,\[\]\{\}])(?:%[0-9a-f]{2}|[0-9a-z\-#;\/\?:@&=\+\$,_\.!~\*'\(\)\[\]])*$/i;
-function _class(obj) {
-  return Object.prototype.toString.call(obj);
-}
-function is_EOL(c) {
-  return c === 0x0A /* LF */ || c === 0x0D /* CR */;
-}
-
-function is_WHITE_SPACE(c) {
-  return c === 0x09 /* Tab */ || c === 0x20 /* Space */;
-}
-
-function is_WS_OR_EOL(c) {
-  return c === 0x09 /* Tab */ || c === 0x20 /* Space */ || c === 0x0A /* LF */ || c === 0x0D /* CR */;
-}
-
-function is_FLOW_INDICATOR(c) {
-  return c === 0x2C /* , */ || c === 0x5B /* [ */ || c === 0x5D /* ] */ || c === 0x7B /* { */ || c === 0x7D /* } */;
-}
-
-function fromHexCode(c) {
-  var lc;
-  if (0x30 /* 0 */ <= c && c <= 0x39 /* 9 */) {
-    return c - 0x30;
-  }
-
-  /*eslint-disable no-bitwise*/
-  lc = c | 0x20;
-  if (0x61 /* a */ <= lc && lc <= 0x66 /* f */) {
-    return lc - 0x61 + 10;
-  }
-  return -1;
-}
-function escapedHexLen(c) {
-  if (c === 0x78 /* x */) {
-    return 2;
-  }
-  if (c === 0x75 /* u */) {
-    return 4;
-  }
-  if (c === 0x55 /* U */) {
-    return 8;
-  }
-  return 0;
-}
-function fromDecimalCode(c) {
-  if (0x30 /* 0 */ <= c && c <= 0x39 /* 9 */) {
-    return c - 0x30;
-  }
-  return -1;
-}
-function simpleEscapeSequence(c) {
-  /* eslint-disable indent */
-  return c === 0x30 /* 0 */ ? '\x00' : c === 0x61 /* a */ ? '\x07' : c === 0x62 /* b */ ? '\x08' : c === 0x74 /* t */ ? '\x09' : c === 0x09 /* Tab */ ? '\x09' : c === 0x6E /* n */ ? '\x0A' : c === 0x76 /* v */ ? '\x0B' : c === 0x66 /* f */ ? '\x0C' : c === 0x72 /* r */ ? '\x0D' : c === 0x65 /* e */ ? '\x1B' : c === 0x20 /* Space */ ? ' ' : c === 0x22 /* " */ ? '\x22' : c === 0x2F /* / */ ? '/' : c === 0x5C /* \ */ ? '\x5C' : c === 0x4E /* N */ ? '\x85' : c === 0x5F /* _ */ ? '\xA0' : c === 0x4C /* L */ ? "\u2028" : c === 0x50 /* P */ ? "\u2029" : '';
-}
-function charFromCodepoint(c) {
-  if (c <= 0xFFFF) {
-    return String.fromCharCode(c);
-  }
-  // Encode UTF-16 surrogate pair
-  // https://en.wikipedia.org/wiki/UTF-16#Code_points_U.2B010000_to_U.2B10FFFF
-  return String.fromCharCode((c - 0x010000 >> 10) + 0xD800, (c - 0x010000 & 0x03FF) + 0xDC00);
-}
-var simpleEscapeCheck = new Array(256); // integer, for fast access
-var simpleEscapeMap = new Array(256);
-for (var i = 0; i < 256; i++) {
-  simpleEscapeCheck[i] = simpleEscapeSequence(i) ? 1 : 0;
-  simpleEscapeMap[i] = simpleEscapeSequence(i);
-}
-function State$1(input, options) {
-  this.input = input;
-  this.filename = options['filename'] || null;
-  this.schema = options['schema'] || _default;
-  this.onWarning = options['onWarning'] || null;
-  // (Hidden) Remove? makes the loader to expect YAML 1.1 documents
-  // if such documents have no explicit %YAML directive
-  this.legacy = options['legacy'] || false;
-  this.json = options['json'] || false;
-  this.listener = options['listener'] || null;
-  this.implicitTypes = this.schema.compiledImplicit;
-  this.typeMap = this.schema.compiledTypeMap;
-  this.length = input.length;
-  this.position = 0;
-  this.line = 0;
-  this.lineStart = 0;
-  this.lineIndent = 0;
-
-  // position of first leading tab in the current line,
-  // used to make sure there are no tabs in the indentation
-  this.firstTabInLine = -1;
-  this.documents = [];
-
-  /*
-  this.version;
-  this.checkLineBreaks;
-  this.tagMap;
-  this.anchorMap;
-  this.tag;
-  this.anchor;
-  this.kind;
-  this.result;*/
-}
-
-function generateError(state, message) {
-  var mark = {
-    name: state.filename,
-    buffer: state.input.slice(0, -1),
-    // omit trailing \0
-    position: state.position,
-    line: state.line,
-    column: state.position - state.lineStart
-  };
-  mark.snippet = snippet(mark);
-  return new exception(message, mark);
-}
-function throwError(state, message) {
-  throw generateError(state, message);
-}
-function throwWarning(state, message) {
-  if (state.onWarning) {
-    state.onWarning.call(null, generateError(state, message));
-  }
-}
-var directiveHandlers = {
-  YAML: function handleYamlDirective(state, name, args) {
-    var match, major, minor;
-    if (state.version !== null) {
-      throwError(state, 'duplication of %YAML directive');
-    }
-    if (args.length !== 1) {
-      throwError(state, 'YAML directive accepts exactly one argument');
-    }
-    match = /^([0-9]+)\.([0-9]+)$/.exec(args[0]);
-    if (match === null) {
-      throwError(state, 'ill-formed argument of the YAML directive');
-    }
-    major = parseInt(match[1], 10);
-    minor = parseInt(match[2], 10);
-    if (major !== 1) {
-      throwError(state, 'unacceptable YAML version of the document');
-    }
-    state.version = args[0];
-    state.checkLineBreaks = minor < 2;
-    if (minor !== 1 && minor !== 2) {
-      throwWarning(state, 'unsupported YAML version of the document');
-    }
-  },
-  TAG: function handleTagDirective(state, name, args) {
-    var handle, prefix;
-    if (args.length !== 2) {
-      throwError(state, 'TAG directive accepts exactly two arguments');
-    }
-    handle = args[0];
-    prefix = args[1];
-    if (!PATTERN_TAG_HANDLE.test(handle)) {
-      throwError(state, 'ill-formed tag handle (first argument) of the TAG directive');
-    }
-    if (_hasOwnProperty$1.call(state.tagMap, handle)) {
-      throwError(state, 'there is a previously declared suffix for "' + handle + '" tag handle');
-    }
-    if (!PATTERN_TAG_URI.test(prefix)) {
-      throwError(state, 'ill-formed tag prefix (second argument) of the TAG directive');
-    }
-    try {
-      prefix = decodeURIComponent(prefix);
-    } catch (err) {
-      throwError(state, 'tag prefix is malformed: ' + prefix);
-    }
-    state.tagMap[handle] = prefix;
-  }
-};
-function captureSegment(state, start, end, checkJson) {
-  var _position, _length, _character, _result;
-  if (start < end) {
-    _result = state.input.slice(start, end);
-    if (checkJson) {
-      for (_position = 0, _length = _result.length; _position < _length; _position += 1) {
-        _character = _result.charCodeAt(_position);
-        if (!(_character === 0x09 || 0x20 <= _character && _character <= 0x10FFFF)) {
-          throwError(state, 'expected valid JSON character');
-        }
-      }
-    } else if (PATTERN_NON_PRINTABLE.test(_result)) {
-      throwError(state, 'the stream contains non-printable characters');
-    }
-    state.result += _result;
-  }
-}
-function mergeMappings(state, destination, source, overridableKeys) {
-  var sourceKeys, key, index, quantity;
-  if (!js_yaml_common.isObject(source)) {
-    throwError(state, 'cannot merge mappings; the provided source object is unacceptable');
-  }
-  sourceKeys = Object.keys(source);
-  for (index = 0, quantity = sourceKeys.length; index < quantity; index += 1) {
-    key = sourceKeys[index];
-    if (!_hasOwnProperty$1.call(destination, key)) {
-      destination[key] = source[key];
-      overridableKeys[key] = true;
-    }
-  }
-}
-function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, startLine, startLineStart, startPos) {
-  var index, quantity;
-
-  // The output is a plain object here, so keys can only be strings.
-  // We need to convert keyNode to a string, but doing so can hang the process
-  // (deeply nested arrays that explode exponentially using aliases).
-  if (Array.isArray(keyNode)) {
-    keyNode = Array.prototype.slice.call(keyNode);
-    for (index = 0, quantity = keyNode.length; index < quantity; index += 1) {
-      if (Array.isArray(keyNode[index])) {
-        throwError(state, 'nested arrays are not supported inside keys');
-      }
-      if (typeof keyNode === 'object' && _class(keyNode[index]) === '[object Object]') {
-        keyNode[index] = '[object Object]';
-      }
-    }
-  }
-
-  // Avoid code execution in load() via toString property
-  // (still use its own toString for arrays, timestamps,
-  // and whatever user schema extensions happen to have @@toStringTag)
-  if (typeof keyNode === 'object' && _class(keyNode) === '[object Object]') {
-    keyNode = '[object Object]';
-  }
-  keyNode = String(keyNode);
-  if (_result === null) {
-    _result = {};
-  }
-  if (keyTag === 'tag:yaml.org,2002:merge') {
-    if (Array.isArray(valueNode)) {
-      for (index = 0, quantity = valueNode.length; index < quantity; index += 1) {
-        mergeMappings(state, _result, valueNode[index], overridableKeys);
-      }
-    } else {
-      mergeMappings(state, _result, valueNode, overridableKeys);
-    }
-  } else {
-    if (!state.json && !_hasOwnProperty$1.call(overridableKeys, keyNode) && _hasOwnProperty$1.call(_result, keyNode)) {
-      state.line = startLine || state.line;
-      state.lineStart = startLineStart || state.lineStart;
-      state.position = startPos || state.position;
-      throwError(state, 'duplicated mapping key');
-    }
-
-    // used for this specific key only because Object.defineProperty is slow
-    if (keyNode === '__proto__') {
-      Object.defineProperty(_result, keyNode, {
-        configurable: true,
-        enumerable: true,
-        writable: true,
-        value: valueNode
-      });
-    } else {
-      _result[keyNode] = valueNode;
-    }
-    delete overridableKeys[keyNode];
-  }
-  return _result;
-}
-function readLineBreak(state) {
-  var ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch === 0x0A /* LF */) {
-    state.position++;
-  } else if (ch === 0x0D /* CR */) {
-    state.position++;
-    if (state.input.charCodeAt(state.position) === 0x0A /* LF */) {
-      state.position++;
-    }
-  } else {
-    throwError(state, 'a line break is expected');
-  }
-  state.line += 1;
-  state.lineStart = state.position;
-  state.firstTabInLine = -1;
-}
-function skipSeparationSpace(state, allowComments, checkIndent) {
-  var lineBreaks = 0,
-    ch = state.input.charCodeAt(state.position);
-  while (ch !== 0) {
-    while (is_WHITE_SPACE(ch)) {
-      if (ch === 0x09 /* Tab */ && state.firstTabInLine === -1) {
-        state.firstTabInLine = state.position;
-      }
-      ch = state.input.charCodeAt(++state.position);
-    }
-    if (allowComments && ch === 0x23 /* # */) {
-      do {
-        ch = state.input.charCodeAt(++state.position);
-      } while (ch !== 0x0A /* LF */ && ch !== 0x0D /* CR */ && ch !== 0);
-    }
-    if (is_EOL(ch)) {
-      readLineBreak(state);
-      ch = state.input.charCodeAt(state.position);
-      lineBreaks++;
-      state.lineIndent = 0;
-      while (ch === 0x20 /* Space */) {
-        state.lineIndent++;
-        ch = state.input.charCodeAt(++state.position);
-      }
-    } else {
-      break;
-    }
-  }
-  if (checkIndent !== -1 && lineBreaks !== 0 && state.lineIndent < checkIndent) {
-    throwWarning(state, 'deficient indentation');
-  }
-  return lineBreaks;
-}
-function testDocumentSeparator(state) {
-  var _position = state.position,
-    ch;
-  ch = state.input.charCodeAt(_position);
-
-  // Condition state.position === state.lineStart is tested
-  // in parent on each call, for efficiency. No needs to test here again.
-  if ((ch === 0x2D /* - */ || ch === 0x2E /* . */) && ch === state.input.charCodeAt(_position + 1) && ch === state.input.charCodeAt(_position + 2)) {
-    _position += 3;
-    ch = state.input.charCodeAt(_position);
-    if (ch === 0 || is_WS_OR_EOL(ch)) {
-      return true;
-    }
-  }
-  return false;
-}
-function writeFoldedLines(state, count) {
-  if (count === 1) {
-    state.result += ' ';
-  } else if (count > 1) {
-    state.result += js_yaml_common.repeat('\n', count - 1);
-  }
-}
-function readPlainScalar(state, nodeIndent, withinFlowCollection) {
-  var preceding,
-    following,
-    captureStart,
-    captureEnd,
-    hasPendingContent,
-    _line,
-    _lineStart,
-    _lineIndent,
-    _kind = state.kind,
-    _result = state.result,
-    ch;
-  ch = state.input.charCodeAt(state.position);
-  if (is_WS_OR_EOL(ch) || is_FLOW_INDICATOR(ch) || ch === 0x23 /* # */ || ch === 0x26 /* & */ || ch === 0x2A /* * */ || ch === 0x21 /* ! */ || ch === 0x7C /* | */ || ch === 0x3E /* > */ || ch === 0x27 /* ' */ || ch === 0x22 /* " */ || ch === 0x25 /* % */ || ch === 0x40 /* @ */ || ch === 0x60 /* ` */) {
-    return false;
-  }
-  if (ch === 0x3F /* ? */ || ch === 0x2D /* - */) {
-    following = state.input.charCodeAt(state.position + 1);
-    if (is_WS_OR_EOL(following) || withinFlowCollection && is_FLOW_INDICATOR(following)) {
-      return false;
-    }
-  }
-  state.kind = 'scalar';
-  state.result = '';
-  captureStart = captureEnd = state.position;
-  hasPendingContent = false;
-  while (ch !== 0) {
-    if (ch === 0x3A /* : */) {
-      following = state.input.charCodeAt(state.position + 1);
-      if (is_WS_OR_EOL(following) || withinFlowCollection && is_FLOW_INDICATOR(following)) {
-        break;
-      }
-    } else if (ch === 0x23 /* # */) {
-      preceding = state.input.charCodeAt(state.position - 1);
-      if (is_WS_OR_EOL(preceding)) {
-        break;
-      }
-    } else if (state.position === state.lineStart && testDocumentSeparator(state) || withinFlowCollection && is_FLOW_INDICATOR(ch)) {
-      break;
-    } else if (is_EOL(ch)) {
-      _line = state.line;
-      _lineStart = state.lineStart;
-      _lineIndent = state.lineIndent;
-      skipSeparationSpace(state, false, -1);
-      if (state.lineIndent >= nodeIndent) {
-        hasPendingContent = true;
-        ch = state.input.charCodeAt(state.position);
-        continue;
-      } else {
-        state.position = captureEnd;
-        state.line = _line;
-        state.lineStart = _lineStart;
-        state.lineIndent = _lineIndent;
-        break;
-      }
-    }
-    if (hasPendingContent) {
-      captureSegment(state, captureStart, captureEnd, false);
-      writeFoldedLines(state, state.line - _line);
-      captureStart = captureEnd = state.position;
-      hasPendingContent = false;
-    }
-    if (!is_WHITE_SPACE(ch)) {
-      captureEnd = state.position + 1;
-    }
-    ch = state.input.charCodeAt(++state.position);
-  }
-  captureSegment(state, captureStart, captureEnd, false);
-  if (state.result) {
-    return true;
-  }
-  state.kind = _kind;
-  state.result = _result;
-  return false;
-}
-function readSingleQuotedScalar(state, nodeIndent) {
-  var ch, captureStart, captureEnd;
-  ch = state.input.charCodeAt(state.position);
-  if (ch !== 0x27 /* ' */) {
-    return false;
-  }
-  state.kind = 'scalar';
-  state.result = '';
-  state.position++;
-  captureStart = captureEnd = state.position;
-  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
-    if (ch === 0x27 /* ' */) {
-      captureSegment(state, captureStart, state.position, true);
-      ch = state.input.charCodeAt(++state.position);
-      if (ch === 0x27 /* ' */) {
-        captureStart = state.position;
-        state.position++;
-        captureEnd = state.position;
-      } else {
-        return true;
-      }
-    } else if (is_EOL(ch)) {
-      captureSegment(state, captureStart, captureEnd, true);
-      writeFoldedLines(state, skipSeparationSpace(state, false, nodeIndent));
-      captureStart = captureEnd = state.position;
-    } else if (state.position === state.lineStart && testDocumentSeparator(state)) {
-      throwError(state, 'unexpected end of the document within a single quoted scalar');
-    } else {
-      state.position++;
-      captureEnd = state.position;
-    }
-  }
-  throwError(state, 'unexpected end of the stream within a single quoted scalar');
-}
-function readDoubleQuotedScalar(state, nodeIndent) {
-  var captureStart, captureEnd, hexLength, hexResult, tmp, ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch !== 0x22 /* " */) {
-    return false;
-  }
-  state.kind = 'scalar';
-  state.result = '';
-  state.position++;
-  captureStart = captureEnd = state.position;
-  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
-    if (ch === 0x22 /* " */) {
-      captureSegment(state, captureStart, state.position, true);
-      state.position++;
-      return true;
-    } else if (ch === 0x5C /* \ */) {
-      captureSegment(state, captureStart, state.position, true);
-      ch = state.input.charCodeAt(++state.position);
-      if (is_EOL(ch)) {
-        skipSeparationSpace(state, false, nodeIndent);
-
-        // TODO: rework to inline fn with no type cast?
-      } else if (ch < 256 && simpleEscapeCheck[ch]) {
-        state.result += simpleEscapeMap[ch];
-        state.position++;
-      } else if ((tmp = escapedHexLen(ch)) > 0) {
-        hexLength = tmp;
-        hexResult = 0;
-        for (; hexLength > 0; hexLength--) {
-          ch = state.input.charCodeAt(++state.position);
-          if ((tmp = fromHexCode(ch)) >= 0) {
-            hexResult = (hexResult << 4) + tmp;
-          } else {
-            throwError(state, 'expected hexadecimal character');
-          }
-        }
-        state.result += charFromCodepoint(hexResult);
-        state.position++;
-      } else {
-        throwError(state, 'unknown escape sequence');
-      }
-      captureStart = captureEnd = state.position;
-    } else if (is_EOL(ch)) {
-      captureSegment(state, captureStart, captureEnd, true);
-      writeFoldedLines(state, skipSeparationSpace(state, false, nodeIndent));
-      captureStart = captureEnd = state.position;
-    } else if (state.position === state.lineStart && testDocumentSeparator(state)) {
-      throwError(state, 'unexpected end of the document within a double quoted scalar');
-    } else {
-      state.position++;
-      captureEnd = state.position;
-    }
-  }
-  throwError(state, 'unexpected end of the stream within a double quoted scalar');
-}
-function readFlowCollection(state, nodeIndent) {
-  var readNext = true,
-    _line,
-    _lineStart,
-    _pos,
-    _tag = state.tag,
-    _result,
-    _anchor = state.anchor,
-    following,
-    terminator,
-    isPair,
-    isExplicitPair,
-    isMapping,
-    overridableKeys = Object.create(null),
-    keyNode,
-    keyTag,
-    valueNode,
-    ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch === 0x5B /* [ */) {
-    terminator = 0x5D; /* ] */
-    isMapping = false;
-    _result = [];
-  } else if (ch === 0x7B /* { */) {
-    terminator = 0x7D; /* } */
-    isMapping = true;
-    _result = {};
-  } else {
-    return false;
-  }
-  if (state.anchor !== null) {
-    state.anchorMap[state.anchor] = _result;
-  }
-  ch = state.input.charCodeAt(++state.position);
-  while (ch !== 0) {
-    skipSeparationSpace(state, true, nodeIndent);
-    ch = state.input.charCodeAt(state.position);
-    if (ch === terminator) {
-      state.position++;
-      state.tag = _tag;
-      state.anchor = _anchor;
-      state.kind = isMapping ? 'mapping' : 'sequence';
-      state.result = _result;
-      return true;
-    } else if (!readNext) {
-      throwError(state, 'missed comma between flow collection entries');
-    } else if (ch === 0x2C /* , */) {
-      // "flow collection entries can never be completely empty", as per YAML 1.2, section 7.4
-      throwError(state, "expected the node content, but found ','");
-    }
-    keyTag = keyNode = valueNode = null;
-    isPair = isExplicitPair = false;
-    if (ch === 0x3F /* ? */) {
-      following = state.input.charCodeAt(state.position + 1);
-      if (is_WS_OR_EOL(following)) {
-        isPair = isExplicitPair = true;
-        state.position++;
-        skipSeparationSpace(state, true, nodeIndent);
-      }
-    }
-    _line = state.line; // Save the current line.
-    _lineStart = state.lineStart;
-    _pos = state.position;
-    composeNode(state, nodeIndent, CONTEXT_FLOW_IN, false, true);
-    keyTag = state.tag;
-    keyNode = state.result;
-    skipSeparationSpace(state, true, nodeIndent);
-    ch = state.input.charCodeAt(state.position);
-    if ((isExplicitPair || state.line === _line) && ch === 0x3A /* : */) {
-      isPair = true;
-      ch = state.input.charCodeAt(++state.position);
-      skipSeparationSpace(state, true, nodeIndent);
-      composeNode(state, nodeIndent, CONTEXT_FLOW_IN, false, true);
-      valueNode = state.result;
-    }
-    if (isMapping) {
-      storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, _line, _lineStart, _pos);
-    } else if (isPair) {
-      _result.push(storeMappingPair(state, null, overridableKeys, keyTag, keyNode, valueNode, _line, _lineStart, _pos));
-    } else {
-      _result.push(keyNode);
-    }
-    skipSeparationSpace(state, true, nodeIndent);
-    ch = state.input.charCodeAt(state.position);
-    if (ch === 0x2C /* , */) {
-      readNext = true;
-      ch = state.input.charCodeAt(++state.position);
-    } else {
-      readNext = false;
-    }
-  }
-  throwError(state, 'unexpected end of the stream within a flow collection');
-}
-function readBlockScalar(state, nodeIndent) {
-  var captureStart,
-    folding,
-    chomping = CHOMPING_CLIP,
-    didReadContent = false,
-    detectedIndent = false,
-    textIndent = nodeIndent,
-    emptyLines = 0,
-    atMoreIndented = false,
-    tmp,
-    ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch === 0x7C /* | */) {
-    folding = false;
-  } else if (ch === 0x3E /* > */) {
-    folding = true;
-  } else {
-    return false;
-  }
-  state.kind = 'scalar';
-  state.result = '';
-  while (ch !== 0) {
-    ch = state.input.charCodeAt(++state.position);
-    if (ch === 0x2B /* + */ || ch === 0x2D /* - */) {
-      if (CHOMPING_CLIP === chomping) {
-        chomping = ch === 0x2B /* + */ ? CHOMPING_KEEP : CHOMPING_STRIP;
-      } else {
-        throwError(state, 'repeat of a chomping mode identifier');
-      }
-    } else if ((tmp = fromDecimalCode(ch)) >= 0) {
-      if (tmp === 0) {
-        throwError(state, 'bad explicit indentation width of a block scalar; it cannot be less than one');
-      } else if (!detectedIndent) {
-        textIndent = nodeIndent + tmp - 1;
-        detectedIndent = true;
-      } else {
-        throwError(state, 'repeat of an indentation width identifier');
-      }
-    } else {
-      break;
-    }
-  }
-  if (is_WHITE_SPACE(ch)) {
-    do {
-      ch = state.input.charCodeAt(++state.position);
-    } while (is_WHITE_SPACE(ch));
-    if (ch === 0x23 /* # */) {
-      do {
-        ch = state.input.charCodeAt(++state.position);
-      } while (!is_EOL(ch) && ch !== 0);
-    }
-  }
-  while (ch !== 0) {
-    readLineBreak(state);
-    state.lineIndent = 0;
-    ch = state.input.charCodeAt(state.position);
-    while ((!detectedIndent || state.lineIndent < textIndent) && ch === 0x20 /* Space */) {
-      state.lineIndent++;
-      ch = state.input.charCodeAt(++state.position);
-    }
-    if (!detectedIndent && state.lineIndent > textIndent) {
-      textIndent = state.lineIndent;
-    }
-    if (is_EOL(ch)) {
-      emptyLines++;
-      continue;
-    }
-
-    // End of the scalar.
-    if (state.lineIndent < textIndent) {
-      // Perform the chomping.
-      if (chomping === CHOMPING_KEEP) {
-        state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
-      } else if (chomping === CHOMPING_CLIP) {
-        if (didReadContent) {
-          // i.e. only if the scalar is not empty.
-          state.result += '\n';
-        }
-      }
-
-      // Break this `while` cycle and go to the funciton's epilogue.
-      break;
-    }
-
-    // Folded style: use fancy rules to handle line breaks.
-    if (folding) {
-      // Lines starting with white space characters (more-indented lines) are not folded.
-      if (is_WHITE_SPACE(ch)) {
-        atMoreIndented = true;
-        // except for the first content line (cf. Example 8.1)
-        state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
-
-        // End of more-indented block.
-      } else if (atMoreIndented) {
-        atMoreIndented = false;
-        state.result += js_yaml_common.repeat('\n', emptyLines + 1);
-
-        // Just one line break - perceive as the same line.
-      } else if (emptyLines === 0) {
-        if (didReadContent) {
-          // i.e. only if we have already read some scalar content.
-          state.result += ' ';
-        }
-
-        // Several line breaks - perceive as different lines.
-      } else {
-        state.result += js_yaml_common.repeat('\n', emptyLines);
-      }
-
-      // Literal style: just add exact number of line breaks between content lines.
-    } else {
-      // Keep all line breaks except the header line break.
-      state.result += js_yaml_common.repeat('\n', didReadContent ? 1 + emptyLines : emptyLines);
-    }
-    didReadContent = true;
-    detectedIndent = true;
-    emptyLines = 0;
-    captureStart = state.position;
-    while (!is_EOL(ch) && ch !== 0) {
-      ch = state.input.charCodeAt(++state.position);
-    }
-    captureSegment(state, captureStart, state.position, false);
-  }
-  return true;
-}
-function readBlockSequence(state, nodeIndent) {
-  var _line,
-    _tag = state.tag,
-    _anchor = state.anchor,
-    _result = [],
-    following,
-    detected = false,
-    ch;
-
-  // there is a leading tab before this token, so it can't be a block sequence/mapping;
-  // it can still be flow sequence/mapping or a scalar
-  if (state.firstTabInLine !== -1) return false;
-  if (state.anchor !== null) {
-    state.anchorMap[state.anchor] = _result;
-  }
-  ch = state.input.charCodeAt(state.position);
-  while (ch !== 0) {
-    if (state.firstTabInLine !== -1) {
-      state.position = state.firstTabInLine;
-      throwError(state, 'tab characters must not be used in indentation');
-    }
-    if (ch !== 0x2D /* - */) {
-      break;
-    }
-    following = state.input.charCodeAt(state.position + 1);
-    if (!is_WS_OR_EOL(following)) {
-      break;
-    }
-    detected = true;
-    state.position++;
-    if (skipSeparationSpace(state, true, -1)) {
-      if (state.lineIndent <= nodeIndent) {
-        _result.push(null);
-        ch = state.input.charCodeAt(state.position);
-        continue;
-      }
-    }
-    _line = state.line;
-    composeNode(state, nodeIndent, CONTEXT_BLOCK_IN, false, true);
-    _result.push(state.result);
-    skipSeparationSpace(state, true, -1);
-    ch = state.input.charCodeAt(state.position);
-    if ((state.line === _line || state.lineIndent > nodeIndent) && ch !== 0) {
-      throwError(state, 'bad indentation of a sequence entry');
-    } else if (state.lineIndent < nodeIndent) {
-      break;
-    }
-  }
-  if (detected) {
-    state.tag = _tag;
-    state.anchor = _anchor;
-    state.kind = 'sequence';
-    state.result = _result;
-    return true;
-  }
-  return false;
-}
-function readBlockMapping(state, nodeIndent, flowIndent) {
-  var following,
-    allowCompact,
-    _line,
-    _keyLine,
-    _keyLineStart,
-    _keyPos,
-    _tag = state.tag,
-    _anchor = state.anchor,
-    _result = {},
-    overridableKeys = Object.create(null),
-    keyTag = null,
-    keyNode = null,
-    valueNode = null,
-    atExplicitKey = false,
-    detected = false,
-    ch;
-
-  // there is a leading tab before this token, so it can't be a block sequence/mapping;
-  // it can still be flow sequence/mapping or a scalar
-  if (state.firstTabInLine !== -1) return false;
-  if (state.anchor !== null) {
-    state.anchorMap[state.anchor] = _result;
-  }
-  ch = state.input.charCodeAt(state.position);
-  while (ch !== 0) {
-    if (!atExplicitKey && state.firstTabInLine !== -1) {
-      state.position = state.firstTabInLine;
-      throwError(state, 'tab characters must not be used in indentation');
-    }
-    following = state.input.charCodeAt(state.position + 1);
-    _line = state.line; // Save the current line.
-
-    //
-    // Explicit notation case. There are two separate blocks:
-    // first for the key (denoted by "?") and second for the value (denoted by ":")
-    //
-    if ((ch === 0x3F /* ? */ || ch === 0x3A /* : */) && is_WS_OR_EOL(following)) {
-      if (ch === 0x3F /* ? */) {
-        if (atExplicitKey) {
-          storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
-          keyTag = keyNode = valueNode = null;
-        }
-        detected = true;
-        atExplicitKey = true;
-        allowCompact = true;
-      } else if (atExplicitKey) {
-        // i.e. 0x3A/* : */ === character after the explicit key.
-        atExplicitKey = false;
-        allowCompact = true;
-      } else {
-        throwError(state, 'incomplete explicit mapping pair; a key node is missed; or followed by a non-tabulated empty line');
-      }
-      state.position += 1;
-      ch = following;
-
-      //
-      // Implicit notation case. Flow-style node as the key first, then ":", and the value.
-      //
-    } else {
-      _keyLine = state.line;
-      _keyLineStart = state.lineStart;
-      _keyPos = state.position;
-      if (!composeNode(state, flowIndent, CONTEXT_FLOW_OUT, false, true)) {
-        // Neither implicit nor explicit notation.
-        // Reading is done. Go to the epilogue.
-        break;
-      }
-      if (state.line === _line) {
-        ch = state.input.charCodeAt(state.position);
-        while (is_WHITE_SPACE(ch)) {
-          ch = state.input.charCodeAt(++state.position);
-        }
-        if (ch === 0x3A /* : */) {
-          ch = state.input.charCodeAt(++state.position);
-          if (!is_WS_OR_EOL(ch)) {
-            throwError(state, 'a whitespace character is expected after the key-value separator within a block mapping');
-          }
-          if (atExplicitKey) {
-            storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
-            keyTag = keyNode = valueNode = null;
-          }
-          detected = true;
-          atExplicitKey = false;
-          allowCompact = false;
-          keyTag = state.tag;
-          keyNode = state.result;
-        } else if (detected) {
-          throwError(state, 'can not read an implicit mapping pair; a colon is missed');
-        } else {
-          state.tag = _tag;
-          state.anchor = _anchor;
-          return true; // Keep the result of `composeNode`.
-        }
-      } else if (detected) {
-        throwError(state, 'can not read a block mapping entry; a multiline key may not be an implicit key');
-      } else {
-        state.tag = _tag;
-        state.anchor = _anchor;
-        return true; // Keep the result of `composeNode`.
-      }
-    }
-
-    //
-    // Common reading code for both explicit and implicit notations.
-    //
-    if (state.line === _line || state.lineIndent > nodeIndent) {
-      if (atExplicitKey) {
-        _keyLine = state.line;
-        _keyLineStart = state.lineStart;
-        _keyPos = state.position;
-      }
-      if (composeNode(state, nodeIndent, CONTEXT_BLOCK_OUT, true, allowCompact)) {
-        if (atExplicitKey) {
-          keyNode = state.result;
-        } else {
-          valueNode = state.result;
-        }
-      }
-      if (!atExplicitKey) {
-        storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, _keyLine, _keyLineStart, _keyPos);
-        keyTag = keyNode = valueNode = null;
-      }
-      skipSeparationSpace(state, true, -1);
-      ch = state.input.charCodeAt(state.position);
-    }
-    if ((state.line === _line || state.lineIndent > nodeIndent) && ch !== 0) {
-      throwError(state, 'bad indentation of a mapping entry');
-    } else if (state.lineIndent < nodeIndent) {
-      break;
-    }
-  }
-
-  //
-  // Epilogue.
-  //
-
-  // Special case: last mapping's node contains only the key in explicit notation.
-  if (atExplicitKey) {
-    storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, null, _keyLine, _keyLineStart, _keyPos);
-  }
-
-  // Expose the resulting mapping.
-  if (detected) {
-    state.tag = _tag;
-    state.anchor = _anchor;
-    state.kind = 'mapping';
-    state.result = _result;
-  }
-  return detected;
-}
-function readTagProperty(state) {
-  var _position,
-    isVerbatim = false,
-    isNamed = false,
-    tagHandle,
-    tagName,
-    ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch !== 0x21 /* ! */) return false;
-  if (state.tag !== null) {
-    throwError(state, 'duplication of a tag property');
-  }
-  ch = state.input.charCodeAt(++state.position);
-  if (ch === 0x3C /* < */) {
-    isVerbatim = true;
-    ch = state.input.charCodeAt(++state.position);
-  } else if (ch === 0x21 /* ! */) {
-    isNamed = true;
-    tagHandle = '!!';
-    ch = state.input.charCodeAt(++state.position);
-  } else {
-    tagHandle = '!';
-  }
-  _position = state.position;
-  if (isVerbatim) {
-    do {
-      ch = state.input.charCodeAt(++state.position);
-    } while (ch !== 0 && ch !== 0x3E /* > */);
-
-    if (state.position < state.length) {
-      tagName = state.input.slice(_position, state.position);
-      ch = state.input.charCodeAt(++state.position);
-    } else {
-      throwError(state, 'unexpected end of the stream within a verbatim tag');
-    }
-  } else {
-    while (ch !== 0 && !is_WS_OR_EOL(ch)) {
-      if (ch === 0x21 /* ! */) {
-        if (!isNamed) {
-          tagHandle = state.input.slice(_position - 1, state.position + 1);
-          if (!PATTERN_TAG_HANDLE.test(tagHandle)) {
-            throwError(state, 'named tag handle cannot contain such characters');
-          }
-          isNamed = true;
-          _position = state.position + 1;
-        } else {
-          throwError(state, 'tag suffix cannot contain exclamation marks');
-        }
-      }
-      ch = state.input.charCodeAt(++state.position);
-    }
-    tagName = state.input.slice(_position, state.position);
-    if (PATTERN_FLOW_INDICATORS.test(tagName)) {
-      throwError(state, 'tag suffix cannot contain flow indicator characters');
-    }
-  }
-  if (tagName && !PATTERN_TAG_URI.test(tagName)) {
-    throwError(state, 'tag name cannot contain such characters: ' + tagName);
-  }
-  try {
-    tagName = decodeURIComponent(tagName);
-  } catch (err) {
-    throwError(state, 'tag name is malformed: ' + tagName);
-  }
-  if (isVerbatim) {
-    state.tag = tagName;
-  } else if (_hasOwnProperty$1.call(state.tagMap, tagHandle)) {
-    state.tag = state.tagMap[tagHandle] + tagName;
-  } else if (tagHandle === '!') {
-    state.tag = '!' + tagName;
-  } else if (tagHandle === '!!') {
-    state.tag = 'tag:yaml.org,2002:' + tagName;
-  } else {
-    throwError(state, 'undeclared tag handle "' + tagHandle + '"');
-  }
-  return true;
-}
-function readAnchorProperty(state) {
-  var _position, ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch !== 0x26 /* & */) return false;
-  if (state.anchor !== null) {
-    throwError(state, 'duplication of an anchor property');
-  }
-  ch = state.input.charCodeAt(++state.position);
-  _position = state.position;
-  while (ch !== 0 && !is_WS_OR_EOL(ch) && !is_FLOW_INDICATOR(ch)) {
-    ch = state.input.charCodeAt(++state.position);
-  }
-  if (state.position === _position) {
-    throwError(state, 'name of an anchor node must contain at least one character');
-  }
-  state.anchor = state.input.slice(_position, state.position);
-  return true;
-}
-function readAlias(state) {
-  var _position, alias, ch;
-  ch = state.input.charCodeAt(state.position);
-  if (ch !== 0x2A /* * */) return false;
-  ch = state.input.charCodeAt(++state.position);
-  _position = state.position;
-  while (ch !== 0 && !is_WS_OR_EOL(ch) && !is_FLOW_INDICATOR(ch)) {
-    ch = state.input.charCodeAt(++state.position);
-  }
-  if (state.position === _position) {
-    throwError(state, 'name of an alias node must contain at least one character');
-  }
-  alias = state.input.slice(_position, state.position);
-  if (!_hasOwnProperty$1.call(state.anchorMap, alias)) {
-    throwError(state, 'unidentified alias "' + alias + '"');
-  }
-  state.result = state.anchorMap[alias];
-  skipSeparationSpace(state, true, -1);
-  return true;
-}
-function composeNode(state, parentIndent, nodeContext, allowToSeek, allowCompact) {
-  var allowBlockStyles,
-    allowBlockScalars,
-    allowBlockCollections,
-    indentStatus = 1,
-    // 1: this>parent, 0: this=parent, -1: this<parent
-    atNewLine = false,
-    hasContent = false,
-    typeIndex,
-    typeQuantity,
-    typeList,
-    type,
-    flowIndent,
-    blockIndent;
-  if (state.listener !== null) {
-    state.listener('open', state);
-  }
-  state.tag = null;
-  state.anchor = null;
-  state.kind = null;
-  state.result = null;
-  allowBlockStyles = allowBlockScalars = allowBlockCollections = CONTEXT_BLOCK_OUT === nodeContext || CONTEXT_BLOCK_IN === nodeContext;
-  if (allowToSeek) {
-    if (skipSeparationSpace(state, true, -1)) {
-      atNewLine = true;
-      if (state.lineIndent > parentIndent) {
-        indentStatus = 1;
-      } else if (state.lineIndent === parentIndent) {
-        indentStatus = 0;
-      } else if (state.lineIndent < parentIndent) {
-        indentStatus = -1;
-      }
-    }
-  }
-  if (indentStatus === 1) {
-    while (readTagProperty(state) || readAnchorProperty(state)) {
-      if (skipSeparationSpace(state, true, -1)) {
-        atNewLine = true;
-        allowBlockCollections = allowBlockStyles;
-        if (state.lineIndent > parentIndent) {
-          indentStatus = 1;
-        } else if (state.lineIndent === parentIndent) {
-          indentStatus = 0;
-        } else if (state.lineIndent < parentIndent) {
-          indentStatus = -1;
-        }
-      } else {
-        allowBlockCollections = false;
-      }
-    }
-  }
-  if (allowBlockCollections) {
-    allowBlockCollections = atNewLine || allowCompact;
-  }
-  if (indentStatus === 1 || CONTEXT_BLOCK_OUT === nodeContext) {
-    if (CONTEXT_FLOW_IN === nodeContext || CONTEXT_FLOW_OUT === nodeContext) {
-      flowIndent = parentIndent;
-    } else {
-      flowIndent = parentIndent + 1;
-    }
-    blockIndent = state.position - state.lineStart;
-    if (indentStatus === 1) {
-      if (allowBlockCollections && (readBlockSequence(state, blockIndent) || readBlockMapping(state, blockIndent, flowIndent)) || readFlowCollection(state, flowIndent)) {
-        hasContent = true;
-      } else {
-        if (allowBlockScalars && readBlockScalar(state, flowIndent) || readSingleQuotedScalar(state, flowIndent) || readDoubleQuotedScalar(state, flowIndent)) {
-          hasContent = true;
-        } else if (readAlias(state)) {
-          hasContent = true;
-          if (state.tag !== null || state.anchor !== null) {
-            throwError(state, 'alias node should not have any properties');
-          }
-        } else if (readPlainScalar(state, flowIndent, CONTEXT_FLOW_IN === nodeContext)) {
-          hasContent = true;
-          if (state.tag === null) {
-            state.tag = '?';
-          }
-        }
-        if (state.anchor !== null) {
-          state.anchorMap[state.anchor] = state.result;
-        }
-      }
-    } else if (indentStatus === 0) {
-      // Special case: block sequences are allowed to have same indentation level as the parent.
-      // http://www.yaml.org/spec/1.2/spec.html#id2799784
-      hasContent = allowBlockCollections && readBlockSequence(state, blockIndent);
-    }
-  }
-  if (state.tag === null) {
-    if (state.anchor !== null) {
-      state.anchorMap[state.anchor] = state.result;
-    }
-  } else if (state.tag === '?') {
-    // Implicit resolving is not allowed for non-scalar types, and '?'
-    // non-specific tag is only automatically assigned to plain scalars.
-    //
-    // We only need to check kind conformity in case user explicitly assigns '?'
-    // tag, for example like this: "!<?> [0]"
-    //
-    if (state.result !== null && state.kind !== 'scalar') {
-      throwError(state, 'unacceptable node kind for !<?> tag; it should be "scalar", not "' + state.kind + '"');
-    }
-    for (typeIndex = 0, typeQuantity = state.implicitTypes.length; typeIndex < typeQuantity; typeIndex += 1) {
-      type = state.implicitTypes[typeIndex];
-      if (type.resolve(state.result)) {
-        // `state.result` updated in resolver if matched
-        state.result = type.construct(state.result);
-        state.tag = type.tag;
-        if (state.anchor !== null) {
-          state.anchorMap[state.anchor] = state.result;
-        }
-        break;
-      }
-    }
-  } else if (state.tag !== '!') {
-    if (_hasOwnProperty$1.call(state.typeMap[state.kind || 'fallback'], state.tag)) {
-      type = state.typeMap[state.kind || 'fallback'][state.tag];
-    } else {
-      // looking for multi type
-      type = null;
-      typeList = state.typeMap.multi[state.kind || 'fallback'];
-      for (typeIndex = 0, typeQuantity = typeList.length; typeIndex < typeQuantity; typeIndex += 1) {
-        if (state.tag.slice(0, typeList[typeIndex].tag.length) === typeList[typeIndex].tag) {
-          type = typeList[typeIndex];
-          break;
-        }
-      }
-    }
-    if (!type) {
-      throwError(state, 'unknown tag !<' + state.tag + '>');
-    }
-    if (state.result !== null && type.kind !== state.kind) {
-      throwError(state, 'unacceptable node kind for !<' + state.tag + '> tag; it should be "' + type.kind + '", not "' + state.kind + '"');
-    }
-    if (!type.resolve(state.result, state.tag)) {
-      // `state.result` updated in resolver if matched
-      throwError(state, 'cannot resolve a node with !<' + state.tag + '> explicit tag');
-    } else {
-      state.result = type.construct(state.result, state.tag);
-      if (state.anchor !== null) {
-        state.anchorMap[state.anchor] = state.result;
-      }
-    }
-  }
-  if (state.listener !== null) {
-    state.listener('close', state);
-  }
-  return state.tag !== null || state.anchor !== null || hasContent;
-}
-function readDocument(state) {
-  var documentStart = state.position,
-    _position,
-    directiveName,
-    directiveArgs,
-    hasDirectives = false,
-    ch;
-  state.version = null;
-  state.checkLineBreaks = state.legacy;
-  state.tagMap = Object.create(null);
-  state.anchorMap = Object.create(null);
-  while ((ch = state.input.charCodeAt(state.position)) !== 0) {
-    skipSeparationSpace(state, true, -1);
-    ch = state.input.charCodeAt(state.position);
-    if (state.lineIndent > 0 || ch !== 0x25 /* % */) {
-      break;
-    }
-    hasDirectives = true;
-    ch = state.input.charCodeAt(++state.position);
-    _position = state.position;
-    while (ch !== 0 && !is_WS_OR_EOL(ch)) {
-      ch = state.input.charCodeAt(++state.position);
-    }
-    directiveName = state.input.slice(_position, state.position);
-    directiveArgs = [];
-    if (directiveName.length < 1) {
-      throwError(state, 'directive name must not be less than one character in length');
-    }
-    while (ch !== 0) {
-      while (is_WHITE_SPACE(ch)) {
-        ch = state.input.charCodeAt(++state.position);
-      }
-      if (ch === 0x23 /* # */) {
-        do {
-          ch = state.input.charCodeAt(++state.position);
-        } while (ch !== 0 && !is_EOL(ch));
-        break;
-      }
-      if (is_EOL(ch)) break;
-      _position = state.position;
-      while (ch !== 0 && !is_WS_OR_EOL(ch)) {
-        ch = state.input.charCodeAt(++state.position);
-      }
-      directiveArgs.push(state.input.slice(_position, state.position));
-    }
-    if (ch !== 0) readLineBreak(state);
-    if (_hasOwnProperty$1.call(directiveHandlers, directiveName)) {
-      directiveHandlers[directiveName](state, directiveName, directiveArgs);
-    } else {
-      throwWarning(state, 'unknown document directive "' + directiveName + '"');
-    }
-  }
-  skipSeparationSpace(state, true, -1);
-  if (state.lineIndent === 0 && state.input.charCodeAt(state.position) === 0x2D /* - */ && state.input.charCodeAt(state.position + 1) === 0x2D /* - */ && state.input.charCodeAt(state.position + 2) === 0x2D /* - */) {
-    state.position += 3;
-    skipSeparationSpace(state, true, -1);
-  } else if (hasDirectives) {
-    throwError(state, 'directives end mark is expected');
-  }
-  composeNode(state, state.lineIndent - 1, CONTEXT_BLOCK_OUT, false, true);
-  skipSeparationSpace(state, true, -1);
-  if (state.checkLineBreaks && PATTERN_NON_ASCII_LINE_BREAKS.test(state.input.slice(documentStart, state.position))) {
-    throwWarning(state, 'non-ASCII line breaks are interpreted as content');
-  }
-  state.documents.push(state.result);
-  if (state.position === state.lineStart && testDocumentSeparator(state)) {
-    if (state.input.charCodeAt(state.position) === 0x2E /* . */) {
-      state.position += 3;
-      skipSeparationSpace(state, true, -1);
-    }
-    return;
-  }
-  if (state.position < state.length - 1) {
-    throwError(state, 'end of the stream or a document separator is expected');
-  } else {
-    return;
-  }
-}
-function loadDocuments(input, options) {
-  input = String(input);
-  options = options || {};
-  if (input.length !== 0) {
-    // Add tailing `\n` if not exists
-    if (input.charCodeAt(input.length - 1) !== 0x0A /* LF */ && input.charCodeAt(input.length - 1) !== 0x0D /* CR */) {
-      input += '\n';
-    }
-
-    // Strip BOM
-    if (input.charCodeAt(0) === 0xFEFF) {
-      input = input.slice(1);
-    }
-  }
-  var state = new State$1(input, options);
-  var nullpos = input.indexOf('\0');
-  if (nullpos !== -1) {
-    state.position = nullpos;
-    throwError(state, 'null byte is not allowed in input');
-  }
-
-  // Use 0 as string terminator. That significantly simplifies bounds check.
-  state.input += '\0';
-  while (state.input.charCodeAt(state.position) === 0x20 /* Space */) {
-    state.lineIndent += 1;
-    state.position += 1;
-  }
-  while (state.position < state.length - 1) {
-    readDocument(state);
-  }
-  return state.documents;
-}
-function loadAll$1(input, iterator, options) {
-  if (iterator !== null && typeof iterator === 'object' && typeof options === 'undefined') {
-    options = iterator;
-    iterator = null;
-  }
-  var documents = loadDocuments(input, options);
-  if (typeof iterator !== 'function') {
-    return documents;
-  }
-  for (var index = 0, length = documents.length; index < length; index += 1) {
-    iterator(documents[index]);
-  }
-}
-function load$1(input, options) {
-  var documents = loadDocuments(input, options);
-  if (documents.length === 0) {
-    /*eslint-disable no-undefined*/
-    return undefined;
-  } else if (documents.length === 1) {
-    return documents[0];
-  }
-  throw new exception('expected a single document in the stream, but found more');
-}
-var loadAll_1 = loadAll$1;
-var load_1 = load$1;
-var loader = {
-  loadAll: loadAll_1,
-  load: load_1
-};
-
-/*eslint-disable no-use-before-define*/
-
-var _toString = Object.prototype.toString;
-var _hasOwnProperty = Object.prototype.hasOwnProperty;
-var CHAR_BOM = 0xFEFF;
-var CHAR_TAB = 0x09; /* Tab */
-var CHAR_LINE_FEED = 0x0A; /* LF */
-var CHAR_CARRIAGE_RETURN = 0x0D; /* CR */
-var CHAR_SPACE = 0x20; /* Space */
-var CHAR_EXCLAMATION = 0x21; /* ! */
-var CHAR_DOUBLE_QUOTE = 0x22; /* " */
-var CHAR_SHARP = 0x23; /* # */
-var CHAR_PERCENT = 0x25; /* % */
-var CHAR_AMPERSAND = 0x26; /* & */
-var CHAR_SINGLE_QUOTE = 0x27; /* ' */
-var CHAR_ASTERISK = 0x2A; /* * */
-var CHAR_COMMA = 0x2C; /* , */
-var CHAR_MINUS = 0x2D; /* - */
-var CHAR_COLON = 0x3A; /* : */
-var CHAR_EQUALS = 0x3D; /* = */
-var CHAR_GREATER_THAN = 0x3E; /* > */
-var CHAR_QUESTION = 0x3F; /* ? */
-var CHAR_COMMERCIAL_AT = 0x40; /* @ */
-var CHAR_LEFT_SQUARE_BRACKET = 0x5B; /* [ */
-var CHAR_RIGHT_SQUARE_BRACKET = 0x5D; /* ] */
-var CHAR_GRAVE_ACCENT = 0x60; /* ` */
-var CHAR_LEFT_CURLY_BRACKET = 0x7B; /* { */
-var CHAR_VERTICAL_LINE = 0x7C; /* | */
-var CHAR_RIGHT_CURLY_BRACKET = 0x7D; /* } */
-
-var ESCAPE_SEQUENCES = {};
-ESCAPE_SEQUENCES[0x00] = '\\0';
-ESCAPE_SEQUENCES[0x07] = '\\a';
-ESCAPE_SEQUENCES[0x08] = '\\b';
-ESCAPE_SEQUENCES[0x09] = '\\t';
-ESCAPE_SEQUENCES[0x0A] = '\\n';
-ESCAPE_SEQUENCES[0x0B] = '\\v';
-ESCAPE_SEQUENCES[0x0C] = '\\f';
-ESCAPE_SEQUENCES[0x0D] = '\\r';
-ESCAPE_SEQUENCES[0x1B] = '\\e';
-ESCAPE_SEQUENCES[0x22] = '\\"';
-ESCAPE_SEQUENCES[0x5C] = '\\\\';
-ESCAPE_SEQUENCES[0x85] = '\\N';
-ESCAPE_SEQUENCES[0xA0] = '\\_';
-ESCAPE_SEQUENCES[0x2028] = '\\L';
-ESCAPE_SEQUENCES[0x2029] = '\\P';
-var DEPRECATED_BOOLEANS_SYNTAX = ['y', 'Y', 'yes', 'Yes', 'YES', 'on', 'On', 'ON', 'n', 'N', 'no', 'No', 'NO', 'off', 'Off', 'OFF'];
-var DEPRECATED_BASE60_SYNTAX = /^[-+]?[0-9_]+(?::[0-9_]+)+(?:\.[0-9_]*)?$/;
-function compileStyleMap(schema, map) {
-  var result, keys, index, length, tag, style, type;
-  if (map === null) return {};
-  result = {};
-  keys = Object.keys(map);
-  for (index = 0, length = keys.length; index < length; index += 1) {
-    tag = keys[index];
-    style = String(map[tag]);
-    if (tag.slice(0, 2) === '!!') {
-      tag = 'tag:yaml.org,2002:' + tag.slice(2);
-    }
-    type = schema.compiledTypeMap['fallback'][tag];
-    if (type && _hasOwnProperty.call(type.styleAliases, style)) {
-      style = type.styleAliases[style];
-    }
-    result[tag] = style;
-  }
-  return result;
-}
-function encodeHex(character) {
-  var string, handle, length;
-  string = character.toString(16).toUpperCase();
-  if (character <= 0xFF) {
-    handle = 'x';
-    length = 2;
-  } else if (character <= 0xFFFF) {
-    handle = 'u';
-    length = 4;
-  } else if (character <= 0xFFFFFFFF) {
-    handle = 'U';
-    length = 8;
-  } else {
-    throw new exception('code point within a string may not be greater than 0xFFFFFFFF');
-  }
-  return '\\' + handle + js_yaml_common.repeat('0', length - string.length) + string;
-}
-var QUOTING_TYPE_SINGLE = 1,
-  QUOTING_TYPE_DOUBLE = 2;
-function State(options) {
-  this.schema = options['schema'] || _default;
-  this.indent = Math.max(1, options['indent'] || 2);
-  this.noArrayIndent = options['noArrayIndent'] || false;
-  this.skipInvalid = options['skipInvalid'] || false;
-  this.flowLevel = js_yaml_common.isNothing(options['flowLevel']) ? -1 : options['flowLevel'];
-  this.styleMap = compileStyleMap(this.schema, options['styles'] || null);
-  this.sortKeys = options['sortKeys'] || false;
-  this.lineWidth = options['lineWidth'] || 80;
-  this.noRefs = options['noRefs'] || false;
-  this.noCompatMode = options['noCompatMode'] || false;
-  this.condenseFlow = options['condenseFlow'] || false;
-  this.quotingType = options['quotingType'] === '"' ? QUOTING_TYPE_DOUBLE : QUOTING_TYPE_SINGLE;
-  this.forceQuotes = options['forceQuotes'] || false;
-  this.replacer = typeof options['replacer'] === 'function' ? options['replacer'] : null;
-  this.implicitTypes = this.schema.compiledImplicit;
-  this.explicitTypes = this.schema.compiledExplicit;
-  this.tag = null;
-  this.result = '';
-  this.duplicates = [];
-  this.usedDuplicates = null;
-}
-
-// Indents every line in a string. Empty lines (\n only) are not indented.
-function indentString(string, spaces) {
-  var ind = js_yaml_common.repeat(' ', spaces),
-    position = 0,
-    next = -1,
-    result = '',
-    line,
-    length = string.length;
-  while (position < length) {
-    next = string.indexOf('\n', position);
-    if (next === -1) {
-      line = string.slice(position);
-      position = length;
-    } else {
-      line = string.slice(position, next + 1);
-      position = next + 1;
-    }
-    if (line.length && line !== '\n') result += ind;
-    result += line;
-  }
-  return result;
-}
-function generateNextLine(state, level) {
-  return '\n' + js_yaml_common.repeat(' ', state.indent * level);
-}
-function testImplicitResolving(state, str) {
-  var index, length, type;
-  for (index = 0, length = state.implicitTypes.length; index < length; index += 1) {
-    type = state.implicitTypes[index];
-    if (type.resolve(str)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// [33] s-white ::= s-space | s-tab
-function isWhitespace(c) {
-  return c === CHAR_SPACE || c === CHAR_TAB;
-}
-
-// Returns true if the character can be printed without escaping.
-// From YAML 1.2: "any allowed characters known to be non-printable
-// should also be escaped. [However,] This isn’t mandatory"
-// Derived from nb-char - \t - #x85 - #xA0 - #x2028 - #x2029.
-function isPrintable(c) {
-  return 0x00020 <= c && c <= 0x00007E || 0x000A1 <= c && c <= 0x00D7FF && c !== 0x2028 && c !== 0x2029 || 0x0E000 <= c && c <= 0x00FFFD && c !== CHAR_BOM || 0x10000 <= c && c <= 0x10FFFF;
-}
-
-// [34] ns-char ::= nb-char - s-white
-// [27] nb-char ::= c-printable - b-char - c-byte-order-mark
-// [26] b-char  ::= b-line-feed | b-carriage-return
-// Including s-white (for some reason, examples doesn't match specs in this aspect)
-// ns-char ::= c-printable - b-line-feed - b-carriage-return - c-byte-order-mark
-function isNsCharOrWhitespace(c) {
-  return isPrintable(c) && c !== CHAR_BOM
-  // - b-char
-  && c !== CHAR_CARRIAGE_RETURN && c !== CHAR_LINE_FEED;
-}
-
-// [127]  ns-plain-safe(c) ::= c = flow-out  ⇒ ns-plain-safe-out
-//                             c = flow-in   ⇒ ns-plain-safe-in
-//                             c = block-key ⇒ ns-plain-safe-out
-//                             c = flow-key  ⇒ ns-plain-safe-in
-// [128] ns-plain-safe-out ::= ns-char
-// [129]  ns-plain-safe-in ::= ns-char - c-flow-indicator
-// [130]  ns-plain-char(c) ::=  ( ns-plain-safe(c) - “:” - “#” )
-//                            | ( /* An ns-char preceding */ “#” )
-//                            | ( “:” /* Followed by an ns-plain-safe(c) */ )
-function isPlainSafe(c, prev, inblock) {
-  var cIsNsCharOrWhitespace = isNsCharOrWhitespace(c);
-  var cIsNsChar = cIsNsCharOrWhitespace && !isWhitespace(c);
-  return (
-  // ns-plain-safe
-  inblock ?
-  // c = flow-in
-  cIsNsCharOrWhitespace : cIsNsCharOrWhitespace
-  // - c-flow-indicator
-  && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET
-
-  // ns-plain-char
-  ) && c !== CHAR_SHARP // false on '#'
-  && !(prev === CHAR_COLON && !cIsNsChar) // false on ': '
-  || isNsCharOrWhitespace(prev) && !isWhitespace(prev) && c === CHAR_SHARP // change to true on '[^ ]#'
-  || prev === CHAR_COLON && cIsNsChar; // change to true on ':[^ ]'
-}
-
-// Simplified test for values allowed as the first character in plain style.
-function isPlainSafeFirst(c) {
-  // Uses a subset of ns-char - c-indicator
-  // where ns-char = nb-char - s-white.
-  // No support of ( ( “?” | “:” | “-” ) /* Followed by an ns-plain-safe(c)) */ ) part
-  return isPrintable(c) && c !== CHAR_BOM && !isWhitespace(c) // - s-white
-  // - (c-indicator ::=
-  // “-” | “?” | “:” | “,” | “[” | “]” | “{” | “}”
-  && c !== CHAR_MINUS && c !== CHAR_QUESTION && c !== CHAR_COLON && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET
-  // | “#” | “&” | “*” | “!” | “|” | “=” | “>” | “'” | “"”
-  && c !== CHAR_SHARP && c !== CHAR_AMPERSAND && c !== CHAR_ASTERISK && c !== CHAR_EXCLAMATION && c !== CHAR_VERTICAL_LINE && c !== CHAR_EQUALS && c !== CHAR_GREATER_THAN && c !== CHAR_SINGLE_QUOTE && c !== CHAR_DOUBLE_QUOTE
-  // | “%” | “@” | “`”)
-  && c !== CHAR_PERCENT && c !== CHAR_COMMERCIAL_AT && c !== CHAR_GRAVE_ACCENT;
-}
-
-// Simplified test for values allowed as the last character in plain style.
-function isPlainSafeLast(c) {
-  // just not whitespace or colon, it will be checked to be plain character later
-  return !isWhitespace(c) && c !== CHAR_COLON;
-}
-
-// Same as 'string'.codePointAt(pos), but works in older browsers.
-function codePointAt(string, pos) {
-  var first = string.charCodeAt(pos),
-    second;
-  if (first >= 0xD800 && first <= 0xDBFF && pos + 1 < string.length) {
-    second = string.charCodeAt(pos + 1);
-    if (second >= 0xDC00 && second <= 0xDFFF) {
-      // https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
-      return (first - 0xD800) * 0x400 + second - 0xDC00 + 0x10000;
-    }
-  }
-  return first;
-}
-
-// Determines whether block indentation indicator is required.
-function needIndentIndicator(string) {
-  var leadingSpaceRe = /^\n* /;
-  return leadingSpaceRe.test(string);
-}
-var STYLE_PLAIN = 1,
-  STYLE_SINGLE = 2,
-  STYLE_LITERAL = 3,
-  STYLE_FOLDED = 4,
-  STYLE_DOUBLE = 5;
-
-// Determines which scalar styles are possible and returns the preferred style.
-// lineWidth = -1 => no limit.
-// Pre-conditions: str.length > 0.
-// Post-conditions:
-//    STYLE_PLAIN or STYLE_SINGLE => no \n are in the string.
-//    STYLE_LITERAL => no lines are suitable for folding (or lineWidth is -1).
-//    STYLE_FOLDED => a line > lineWidth and can be folded (and lineWidth != -1).
-function chooseScalarStyle(string, singleLineOnly, indentPerLevel, lineWidth, testAmbiguousType, quotingType, forceQuotes, inblock) {
-  var i;
-  var char = 0;
-  var prevChar = null;
-  var hasLineBreak = false;
-  var hasFoldableLine = false; // only checked if shouldTrackWidth
-  var shouldTrackWidth = lineWidth !== -1;
-  var previousLineBreak = -1; // count the first line correctly
-  var plain = isPlainSafeFirst(codePointAt(string, 0)) && isPlainSafeLast(codePointAt(string, string.length - 1));
-  if (singleLineOnly || forceQuotes) {
-    // Case: no block styles.
-    // Check for disallowed characters to rule out plain and single.
-    for (i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
-      char = codePointAt(string, i);
-      if (!isPrintable(char)) {
-        return STYLE_DOUBLE;
-      }
-      plain = plain && isPlainSafe(char, prevChar, inblock);
-      prevChar = char;
-    }
-  } else {
-    // Case: block styles permitted.
-    for (i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
-      char = codePointAt(string, i);
-      if (char === CHAR_LINE_FEED) {
-        hasLineBreak = true;
-        // Check if any line can be folded.
-        if (shouldTrackWidth) {
-          hasFoldableLine = hasFoldableLine ||
-          // Foldable line = too long, and not more-indented.
-          i - previousLineBreak - 1 > lineWidth && string[previousLineBreak + 1] !== ' ';
-          previousLineBreak = i;
-        }
-      } else if (!isPrintable(char)) {
-        return STYLE_DOUBLE;
-      }
-      plain = plain && isPlainSafe(char, prevChar, inblock);
-      prevChar = char;
-    }
-    // in case the end is missing a \n
-    hasFoldableLine = hasFoldableLine || shouldTrackWidth && i - previousLineBreak - 1 > lineWidth && string[previousLineBreak + 1] !== ' ';
-  }
-  // Although every style can represent \n without escaping, prefer block styles
-  // for multiline, since they're more readable and they don't add empty lines.
-  // Also prefer folding a super-long line.
-  if (!hasLineBreak && !hasFoldableLine) {
-    // Strings interpretable as another type have to be quoted;
-    // e.g. the string 'true' vs. the boolean true.
-    if (plain && !forceQuotes && !testAmbiguousType(string)) {
-      return STYLE_PLAIN;
-    }
-    return quotingType === QUOTING_TYPE_DOUBLE ? STYLE_DOUBLE : STYLE_SINGLE;
-  }
-  // Edge case: block indentation indicator can only have one digit.
-  if (indentPerLevel > 9 && needIndentIndicator(string)) {
-    return STYLE_DOUBLE;
-  }
-  // At this point we know block styles are valid.
-  // Prefer literal style unless we want to fold.
-  if (!forceQuotes) {
-    return hasFoldableLine ? STYLE_FOLDED : STYLE_LITERAL;
-  }
-  return quotingType === QUOTING_TYPE_DOUBLE ? STYLE_DOUBLE : STYLE_SINGLE;
-}
-
-// Note: line breaking/folding is implemented for only the folded style.
-// NB. We drop the last trailing newline (if any) of a returned block scalar
-//  since the dumper adds its own newline. This always works:
-//    • No ending newline => unaffected; already using strip "-" chomping.
-//    • Ending newline    => removed then restored.
-//  Importantly, this keeps the "+" chomp indicator from gaining an extra line.
-function writeScalar(state, string, level, iskey, inblock) {
-  state.dump = function () {
-    if (string.length === 0) {
-      return state.quotingType === QUOTING_TYPE_DOUBLE ? '""' : "''";
-    }
-    if (!state.noCompatMode) {
-      if (DEPRECATED_BOOLEANS_SYNTAX.indexOf(string) !== -1 || DEPRECATED_BASE60_SYNTAX.test(string)) {
-        return state.quotingType === QUOTING_TYPE_DOUBLE ? '"' + string + '"' : "'" + string + "'";
-      }
-    }
-    var indent = state.indent * Math.max(1, level); // no 0-indent scalars
-    // As indentation gets deeper, let the width decrease monotonically
-    // to the lower bound min(state.lineWidth, 40).
-    // Note that this implies
-    //  state.lineWidth ≤ 40 + state.indent: width is fixed at the lower bound.
-    //  state.lineWidth > 40 + state.indent: width decreases until the lower bound.
-    // This behaves better than a constant minimum width which disallows narrower options,
-    // or an indent threshold which causes the width to suddenly increase.
-    var lineWidth = state.lineWidth === -1 ? -1 : Math.max(Math.min(state.lineWidth, 40), state.lineWidth - indent);
-
-    // Without knowing if keys are implicit/explicit, assume implicit for safety.
-    var singleLineOnly = iskey
-    // No block styles in flow mode.
-    || state.flowLevel > -1 && level >= state.flowLevel;
-    function testAmbiguity(string) {
-      return testImplicitResolving(state, string);
-    }
-    switch (chooseScalarStyle(string, singleLineOnly, state.indent, lineWidth, testAmbiguity, state.quotingType, state.forceQuotes && !iskey, inblock)) {
-      case STYLE_PLAIN:
-        return string;
-      case STYLE_SINGLE:
-        return "'" + string.replace(/'/g, "''") + "'";
-      case STYLE_LITERAL:
-        return '|' + blockHeader(string, state.indent) + dropEndingNewline(indentString(string, indent));
-      case STYLE_FOLDED:
-        return '>' + blockHeader(string, state.indent) + dropEndingNewline(indentString(foldString(string, lineWidth), indent));
-      case STYLE_DOUBLE:
-        return '"' + escapeString(string) + '"';
-      default:
-        throw new exception('impossible error: invalid scalar style');
-    }
-  }();
-}
-
-// Pre-conditions: string is valid for a block scalar, 1 <= indentPerLevel <= 9.
-function blockHeader(string, indentPerLevel) {
-  var indentIndicator = needIndentIndicator(string) ? String(indentPerLevel) : '';
-
-  // note the special case: the string '\n' counts as a "trailing" empty line.
-  var clip = string[string.length - 1] === '\n';
-  var keep = clip && (string[string.length - 2] === '\n' || string === '\n');
-  var chomp = keep ? '+' : clip ? '' : '-';
-  return indentIndicator + chomp + '\n';
-}
-
-// (See the note for writeScalar.)
-function dropEndingNewline(string) {
-  return string[string.length - 1] === '\n' ? string.slice(0, -1) : string;
-}
-
-// Note: a long line without a suitable break point will exceed the width limit.
-// Pre-conditions: every char in str isPrintable, str.length > 0, width > 0.
-function foldString(string, width) {
-  // In folded style, $k$ consecutive newlines output as $k+1$ newlines—
-  // unless they're before or after a more-indented line, or at the very
-  // beginning or end, in which case $k$ maps to $k$.
-  // Therefore, parse each chunk as newline(s) followed by a content line.
-  var lineRe = /(\n+)([^\n]*)/g;
-
-  // first line (possibly an empty line)
-  var result = function () {
-    var nextLF = string.indexOf('\n');
-    nextLF = nextLF !== -1 ? nextLF : string.length;
-    lineRe.lastIndex = nextLF;
-    return foldLine(string.slice(0, nextLF), width);
-  }();
-  // If we haven't reached the first content line yet, don't add an extra \n.
-  var prevMoreIndented = string[0] === '\n' || string[0] === ' ';
-  var moreIndented;
-
-  // rest of the lines
-  var match;
-  while (match = lineRe.exec(string)) {
-    var prefix = match[1],
-      line = match[2];
-    moreIndented = line[0] === ' ';
-    result += prefix + (!prevMoreIndented && !moreIndented && line !== '' ? '\n' : '') + foldLine(line, width);
-    prevMoreIndented = moreIndented;
-  }
-  return result;
-}
-
-// Greedy line breaking.
-// Picks the longest line under the limit each time,
-// otherwise settles for the shortest line over the limit.
-// NB. More-indented lines *cannot* be folded, as that would add an extra \n.
-function foldLine(line, width) {
-  if (line === '' || line[0] === ' ') return line;
-
-  // Since a more-indented line adds a \n, breaks can't be followed by a space.
-  var breakRe = / [^ ]/g; // note: the match index will always be <= length-2.
-  var match;
-  // start is an inclusive index. end, curr, and next are exclusive.
-  var start = 0,
-    end,
-    curr = 0,
-    next = 0;
-  var result = '';
-
-  // Invariants: 0 <= start <= length-1.
-  //   0 <= curr <= next <= max(0, length-2). curr - start <= width.
-  // Inside the loop:
-  //   A match implies length >= 2, so curr and next are <= length-2.
-  while (match = breakRe.exec(line)) {
-    next = match.index;
-    // maintain invariant: curr - start <= width
-    if (next - start > width) {
-      end = curr > start ? curr : next; // derive end <= length-2
-      result += '\n' + line.slice(start, end);
-      // skip the space that was output as \n
-      start = end + 1; // derive start <= length-1
-    }
-
-    curr = next;
-  }
-
-  // By the invariants, start <= length-1, so there is something left over.
-  // It is either the whole string or a part starting from non-whitespace.
-  result += '\n';
-  // Insert a break if the remainder is too long and there is a break available.
-  if (line.length - start > width && curr > start) {
-    result += line.slice(start, curr) + '\n' + line.slice(curr + 1);
-  } else {
-    result += line.slice(start);
-  }
-  return result.slice(1); // drop extra \n joiner
-}
-
-// Escapes a double-quoted string.
-function escapeString(string) {
-  var result = '';
-  var char = 0;
-  var escapeSeq;
-  for (var i = 0; i < string.length; char >= 0x10000 ? i += 2 : i++) {
-    char = codePointAt(string, i);
-    escapeSeq = ESCAPE_SEQUENCES[char];
-    if (!escapeSeq && isPrintable(char)) {
-      result += string[i];
-      if (char >= 0x10000) result += string[i + 1];
-    } else {
-      result += escapeSeq || encodeHex(char);
-    }
-  }
-  return result;
-}
-function writeFlowSequence(state, level, object) {
-  var _result = '',
-    _tag = state.tag,
-    index,
-    length,
-    value;
-  for (index = 0, length = object.length; index < length; index += 1) {
-    value = object[index];
-    if (state.replacer) {
-      value = state.replacer.call(object, String(index), value);
-    }
-
-    // Write only valid elements, put null instead of invalid elements.
-    if (writeNode(state, level, value, false, false) || typeof value === 'undefined' && writeNode(state, level, null, false, false)) {
-      if (_result !== '') _result += ',' + (!state.condenseFlow ? ' ' : '');
-      _result += state.dump;
-    }
-  }
-  state.tag = _tag;
-  state.dump = '[' + _result + ']';
-}
-function writeBlockSequence(state, level, object, compact) {
-  var _result = '',
-    _tag = state.tag,
-    index,
-    length,
-    value;
-  for (index = 0, length = object.length; index < length; index += 1) {
-    value = object[index];
-    if (state.replacer) {
-      value = state.replacer.call(object, String(index), value);
-    }
-
-    // Write only valid elements, put null instead of invalid elements.
-    if (writeNode(state, level + 1, value, true, true, false, true) || typeof value === 'undefined' && writeNode(state, level + 1, null, true, true, false, true)) {
-      if (!compact || _result !== '') {
-        _result += generateNextLine(state, level);
-      }
-      if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
-        _result += '-';
-      } else {
-        _result += '- ';
-      }
-      _result += state.dump;
-    }
-  }
-  state.tag = _tag;
-  state.dump = _result || '[]'; // Empty sequence if no valid values.
-}
-
-function writeFlowMapping(state, level, object) {
-  var _result = '',
-    _tag = state.tag,
-    objectKeyList = Object.keys(object),
-    index,
-    length,
-    objectKey,
-    objectValue,
-    pairBuffer;
-  for (index = 0, length = objectKeyList.length; index < length; index += 1) {
-    pairBuffer = '';
-    if (_result !== '') pairBuffer += ', ';
-    if (state.condenseFlow) pairBuffer += '"';
-    objectKey = objectKeyList[index];
-    objectValue = object[objectKey];
-    if (state.replacer) {
-      objectValue = state.replacer.call(object, objectKey, objectValue);
-    }
-    if (!writeNode(state, level, objectKey, false, false)) {
-      continue; // Skip this pair because of invalid key;
-    }
-
-    if (state.dump.length > 1024) pairBuffer += '? ';
-    pairBuffer += state.dump + (state.condenseFlow ? '"' : '') + ':' + (state.condenseFlow ? '' : ' ');
-    if (!writeNode(state, level, objectValue, false, false)) {
-      continue; // Skip this pair because of invalid value.
-    }
-
-    pairBuffer += state.dump;
-
-    // Both key and value are valid.
-    _result += pairBuffer;
-  }
-  state.tag = _tag;
-  state.dump = '{' + _result + '}';
-}
-function writeBlockMapping(state, level, object, compact) {
-  var _result = '',
-    _tag = state.tag,
-    objectKeyList = Object.keys(object),
-    index,
-    length,
-    objectKey,
-    objectValue,
-    explicitPair,
-    pairBuffer;
-
-  // Allow sorting keys so that the output file is deterministic
-  if (state.sortKeys === true) {
-    // Default sorting
-    objectKeyList.sort();
-  } else if (typeof state.sortKeys === 'function') {
-    // Custom sort function
-    objectKeyList.sort(state.sortKeys);
-  } else if (state.sortKeys) {
-    // Something is wrong
-    throw new exception('sortKeys must be a boolean or a function');
-  }
-  for (index = 0, length = objectKeyList.length; index < length; index += 1) {
-    pairBuffer = '';
-    if (!compact || _result !== '') {
-      pairBuffer += generateNextLine(state, level);
-    }
-    objectKey = objectKeyList[index];
-    objectValue = object[objectKey];
-    if (state.replacer) {
-      objectValue = state.replacer.call(object, objectKey, objectValue);
-    }
-    if (!writeNode(state, level + 1, objectKey, true, true, true)) {
-      continue; // Skip this pair because of invalid key.
-    }
-
-    explicitPair = state.tag !== null && state.tag !== '?' || state.dump && state.dump.length > 1024;
-    if (explicitPair) {
-      if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
-        pairBuffer += '?';
-      } else {
-        pairBuffer += '? ';
-      }
-    }
-    pairBuffer += state.dump;
-    if (explicitPair) {
-      pairBuffer += generateNextLine(state, level);
-    }
-    if (!writeNode(state, level + 1, objectValue, true, explicitPair)) {
-      continue; // Skip this pair because of invalid value.
-    }
-
-    if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
-      pairBuffer += ':';
-    } else {
-      pairBuffer += ': ';
-    }
-    pairBuffer += state.dump;
-
-    // Both key and value are valid.
-    _result += pairBuffer;
-  }
-  state.tag = _tag;
-  state.dump = _result || '{}'; // Empty mapping if no valid pairs.
-}
-
-function detectType(state, object, explicit) {
-  var _result, typeList, index, length, type, style;
-  typeList = explicit ? state.explicitTypes : state.implicitTypes;
-  for (index = 0, length = typeList.length; index < length; index += 1) {
-    type = typeList[index];
-    if ((type.instanceOf || type.predicate) && (!type.instanceOf || typeof object === 'object' && object instanceof type.instanceOf) && (!type.predicate || type.predicate(object))) {
-      if (explicit) {
-        if (type.multi && type.representName) {
-          state.tag = type.representName(object);
-        } else {
-          state.tag = type.tag;
-        }
-      } else {
-        state.tag = '?';
-      }
-      if (type.represent) {
-        style = state.styleMap[type.tag] || type.defaultStyle;
-        if (_toString.call(type.represent) === '[object Function]') {
-          _result = type.represent(object, style);
-        } else if (_hasOwnProperty.call(type.represent, style)) {
-          _result = type.represent[style](object, style);
-        } else {
-          throw new exception('!<' + type.tag + '> tag resolver accepts not "' + style + '" style');
-        }
-        state.dump = _result;
-      }
-      return true;
-    }
-  }
-  return false;
-}
-
-// Serializes `object` and writes it to global `result`.
-// Returns true on success, or false on invalid object.
-//
-function writeNode(state, level, object, block, compact, iskey, isblockseq) {
-  state.tag = null;
-  state.dump = object;
-  if (!detectType(state, object, false)) {
-    detectType(state, object, true);
-  }
-  var type = _toString.call(state.dump);
-  var inblock = block;
-  var tagStr;
-  if (block) {
-    block = state.flowLevel < 0 || state.flowLevel > level;
-  }
-  var objectOrArray = type === '[object Object]' || type === '[object Array]',
-    duplicateIndex,
-    duplicate;
-  if (objectOrArray) {
-    duplicateIndex = state.duplicates.indexOf(object);
-    duplicate = duplicateIndex !== -1;
-  }
-  if (state.tag !== null && state.tag !== '?' || duplicate || state.indent !== 2 && level > 0) {
-    compact = false;
-  }
-  if (duplicate && state.usedDuplicates[duplicateIndex]) {
-    state.dump = '*ref_' + duplicateIndex;
-  } else {
-    if (objectOrArray && duplicate && !state.usedDuplicates[duplicateIndex]) {
-      state.usedDuplicates[duplicateIndex] = true;
-    }
-    if (type === '[object Object]') {
-      if (block && Object.keys(state.dump).length !== 0) {
-        writeBlockMapping(state, level, state.dump, compact);
-        if (duplicate) {
-          state.dump = '&ref_' + duplicateIndex + state.dump;
-        }
-      } else {
-        writeFlowMapping(state, level, state.dump);
-        if (duplicate) {
-          state.dump = '&ref_' + duplicateIndex + ' ' + state.dump;
-        }
-      }
-    } else if (type === '[object Array]') {
-      if (block && state.dump.length !== 0) {
-        if (state.noArrayIndent && !isblockseq && level > 0) {
-          writeBlockSequence(state, level - 1, state.dump, compact);
-        } else {
-          writeBlockSequence(state, level, state.dump, compact);
-        }
-        if (duplicate) {
-          state.dump = '&ref_' + duplicateIndex + state.dump;
-        }
-      } else {
-        writeFlowSequence(state, level, state.dump);
-        if (duplicate) {
-          state.dump = '&ref_' + duplicateIndex + ' ' + state.dump;
-        }
-      }
-    } else if (type === '[object String]') {
-      if (state.tag !== '?') {
-        writeScalar(state, state.dump, level, iskey, inblock);
-      }
-    } else if (type === '[object Undefined]') {
-      return false;
-    } else {
-      if (state.skipInvalid) return false;
-      throw new exception('unacceptable kind of an object to dump ' + type);
-    }
-    if (state.tag !== null && state.tag !== '?') {
-      // Need to encode all characters except those allowed by the spec:
-      //
-      // [35] ns-dec-digit    ::=  [#x30-#x39] /* 0-9 */
-      // [36] ns-hex-digit    ::=  ns-dec-digit
-      //                         | [#x41-#x46] /* A-F */ | [#x61-#x66] /* a-f */
-      // [37] ns-ascii-letter ::=  [#x41-#x5A] /* A-Z */ | [#x61-#x7A] /* a-z */
-      // [38] ns-word-char    ::=  ns-dec-digit | ns-ascii-letter | “-”
-      // [39] ns-uri-char     ::=  “%” ns-hex-digit ns-hex-digit | ns-word-char | “#”
-      //                         | “;” | “/” | “?” | “:” | “@” | “&” | “=” | “+” | “$” | “,”
-      //                         | “_” | “.” | “!” | “~” | “*” | “'” | “(” | “)” | “[” | “]”
-      //
-      // Also need to encode '!' because it has special meaning (end of tag prefix).
-      //
-      tagStr = encodeURI(state.tag[0] === '!' ? state.tag.slice(1) : state.tag).replace(/!/g, '%21');
-      if (state.tag[0] === '!') {
-        tagStr = '!' + tagStr;
-      } else if (tagStr.slice(0, 18) === 'tag:yaml.org,2002:') {
-        tagStr = '!!' + tagStr.slice(18);
-      } else {
-        tagStr = '!<' + tagStr + '>';
-      }
-      state.dump = tagStr + ' ' + state.dump;
-    }
-  }
-  return true;
-}
-function getDuplicateReferences(object, state) {
-  var objects = [],
-    duplicatesIndexes = [],
-    index,
-    length;
-  inspectNode(object, objects, duplicatesIndexes);
-  for (index = 0, length = duplicatesIndexes.length; index < length; index += 1) {
-    state.duplicates.push(objects[duplicatesIndexes[index]]);
-  }
-  state.usedDuplicates = new Array(length);
-}
-function inspectNode(object, objects, duplicatesIndexes) {
-  var objectKeyList, index, length;
-  if (object !== null && typeof object === 'object') {
-    index = objects.indexOf(object);
-    if (index !== -1) {
-      if (duplicatesIndexes.indexOf(index) === -1) {
-        duplicatesIndexes.push(index);
-      }
-    } else {
-      objects.push(object);
-      if (Array.isArray(object)) {
-        for (index = 0, length = object.length; index < length; index += 1) {
-          inspectNode(object[index], objects, duplicatesIndexes);
-        }
-      } else {
-        objectKeyList = Object.keys(object);
-        for (index = 0, length = objectKeyList.length; index < length; index += 1) {
-          inspectNode(object[objectKeyList[index]], objects, duplicatesIndexes);
-        }
-      }
-    }
-  }
-}
-function dump$1(input, options) {
-  options = options || {};
-  var state = new State(options);
-  if (!state.noRefs) getDuplicateReferences(input, state);
-  var value = input;
-  if (state.replacer) {
-    value = state.replacer.call({
-      '': value
-    }, '', value);
-  }
-  if (writeNode(state, 0, value, true, true)) return state.dump + '\n';
-  return '';
-}
-var dump_1 = dump$1;
-var dumper = {
-  dump: dump_1
-};
-function renamed(from, to) {
-  return function () {
-    throw new Error('Function yaml.' + from + ' is removed in js-yaml 4. ' + 'Use yaml.' + to + ' instead, which is now safe by default.');
-  };
-}
-var Type = type;
-var Schema = schema;
-var FAILSAFE_SCHEMA = failsafe;
-var JSON_SCHEMA = js_yaml_json;
-var CORE_SCHEMA = core;
-var DEFAULT_SCHEMA = _default;
-var load = loader.load;
-var loadAll = loader.loadAll;
-var dump = dumper.dump;
-var YAMLException = exception;
-
-// Re-export all types in case user wants to create custom schema
-var types = {
-  binary: binary,
-  float: js_yaml_float,
-  map: map,
-  null: _null,
-  pairs: pairs,
-  set: set,
-  timestamp: timestamp,
-  bool: bool,
-  int: js_yaml_int,
-  merge: js_yaml_merge,
-  omap: omap,
-  seq: seq,
-  str: str
-};
-
-// Removed functions from JS-YAML 3.0.x
-var safeLoad = renamed('safeLoad', 'load');
-var safeLoadAll = renamed('safeLoadAll', 'loadAll');
-var safeDump = renamed('safeDump', 'dump');
-var jsYaml = {
-  Type: Type,
-  Schema: Schema,
-  FAILSAFE_SCHEMA: FAILSAFE_SCHEMA,
-  JSON_SCHEMA: JSON_SCHEMA,
-  CORE_SCHEMA: CORE_SCHEMA,
-  DEFAULT_SCHEMA: DEFAULT_SCHEMA,
-  load: load,
-  loadAll: loadAll,
-  dump: dump,
-  YAMLException: YAMLException,
-  types: types,
-  safeLoad: safeLoad,
-  safeLoadAll: safeLoadAll,
-  safeDump: safeDump
-};
-/* harmony default export */ var js_yaml = ((/* unused pure expression or super */ null && (jsYaml)));
-
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/create-element.js
-
-
-function create_element_ownKeys(object, enumerableOnly) {
-  var keys = Object.keys(object);
-  if (Object.getOwnPropertySymbols) {
-    var symbols = Object.getOwnPropertySymbols(object);
-    enumerableOnly && (symbols = symbols.filter(function (sym) {
-      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
-    })), keys.push.apply(keys, symbols);
-  }
-  return keys;
-}
-function create_element_objectSpread(target) {
-  for (var i = 1; i < arguments.length; i++) {
-    var source = null != arguments[i] ? arguments[i] : {};
-    i % 2 ? create_element_ownKeys(Object(source), !0).forEach(function (key) {
-      defineProperty_defineProperty(target, key, source[key]);
-    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : create_element_ownKeys(Object(source)).forEach(function (key) {
-      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
-    });
-  }
-  return target;
-}
- // Get all possible permutations of all power sets
-//
-// Super simple, non-algorithmic solution since the
-// number of class names will not be greater than 4
-
-function powerSetPermutations(arr) {
-  var arrLength = arr.length;
-  if (arrLength === 0 || arrLength === 1) return arr;
-  if (arrLength === 2) {
-    // prettier-ignore
-    return [arr[0], arr[1], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0])];
-  }
-  if (arrLength === 3) {
-    return [arr[0], arr[1], arr[2], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2]), "".concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0])];
-  }
-  if (arrLength >= 4) {
-    // Currently does not support more than 4 extra
-    // class names (after `.token` has been removed)
-    return [arr[0], arr[1], arr[2], arr[3], "".concat(arr[0], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[3]), "".concat(arr[3], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[1], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[0], ".").concat(arr[2], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[0], ".").concat(arr[3], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[2], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[0], ".").concat(arr[3], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[1], ".").concat(arr[2], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[1], ".").concat(arr[3], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[1], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[0], ".").concat(arr[3], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[0], ".").concat(arr[3]), "".concat(arr[2], ".").concat(arr[1], ".").concat(arr[3], ".").concat(arr[0]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[2], ".").concat(arr[3], ".").concat(arr[1], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[1], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[0], ".").concat(arr[2], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[0], ".").concat(arr[2]), "".concat(arr[3], ".").concat(arr[1], ".").concat(arr[2], ".").concat(arr[0]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[0], ".").concat(arr[1]), "".concat(arr[3], ".").concat(arr[2], ".").concat(arr[1], ".").concat(arr[0])];
-  }
-}
-var classNameCombinations = {};
-function getClassNameCombinations(classNames) {
-  if (classNames.length === 0 || classNames.length === 1) return classNames;
-  var key = classNames.join('.');
-  if (!classNameCombinations[key]) {
-    classNameCombinations[key] = powerSetPermutations(classNames);
-  }
-  return classNameCombinations[key];
-}
-function createStyleObject(classNames) {
-  var elementStyle = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  var stylesheet = arguments.length > 2 ? arguments[2] : undefined;
-  var nonTokenClassNames = classNames.filter(function (className) {
-    return className !== 'token';
-  });
-  var classNamesCombinations = getClassNameCombinations(nonTokenClassNames);
-  return classNamesCombinations.reduce(function (styleObject, className) {
-    return create_element_objectSpread(create_element_objectSpread({}, styleObject), stylesheet[className]);
-  }, elementStyle);
-}
-function createClassNameString(classNames) {
-  return classNames.join(' ');
-}
-function createChildren(stylesheet, useInlineStyles) {
-  var childrenCount = 0;
-  return function (children) {
-    childrenCount += 1;
-    return children.map(function (child, i) {
-      return createElement({
-        node: child,
-        stylesheet: stylesheet,
-        useInlineStyles: useInlineStyles,
-        key: "code-segment-".concat(childrenCount, "-").concat(i)
-      });
-    });
-  };
-}
-function createElement(_ref) {
-  var node = _ref.node,
-    stylesheet = _ref.stylesheet,
-    _ref$style = _ref.style,
-    style = _ref$style === void 0 ? {} : _ref$style,
-    useInlineStyles = _ref.useInlineStyles,
-    key = _ref.key;
-  var properties = node.properties,
-    type = node.type,
-    TagName = node.tagName,
-    value = node.value;
-  if (type === 'text') {
-    return value;
-  } else if (TagName) {
-    var childrenCreator = createChildren(stylesheet, useInlineStyles);
-    var props;
-    if (!useInlineStyles) {
-      props = create_element_objectSpread(create_element_objectSpread({}, properties), {}, {
-        className: createClassNameString(properties.className)
-      });
-    } else {
-      var allStylesheetSelectors = Object.keys(stylesheet).reduce(function (classes, selector) {
-        selector.split('.').forEach(function (className) {
-          if (!classes.includes(className)) classes.push(className);
-        });
-        return classes;
-      }, []); // For compatibility with older versions of react-syntax-highlighter
-
-      var startingClassName = properties.className && properties.className.includes('token') ? ['token'] : [];
-      var className = properties.className && startingClassName.concat(properties.className.filter(function (className) {
-        return !allStylesheetSelectors.includes(className);
-      }));
-      props = create_element_objectSpread(create_element_objectSpread({}, properties), {}, {
-        className: createClassNameString(className) || undefined,
-        style: createStyleObject(properties.className, Object.assign({}, properties.style, style), stylesheet)
-      });
-    }
-    var children = childrenCreator(node.children);
-    return /*#__PURE__*/react.createElement(TagName, extends_extends({
-      key: key
-    }, props), children);
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/checkForListedLanguage.js
-/* harmony default export */ var checkForListedLanguage = (function (astGenerator, language) {
-  var langs = astGenerator.listLanguages();
-  return langs.indexOf(language) !== -1;
-});
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/highlight.js
-
-
-
-var highlight_excluded = ["language", "children", "style", "customStyle", "codeTagProps", "useInlineStyles", "showLineNumbers", "showInlineLineNumbers", "startingLineNumber", "lineNumberContainerStyle", "lineNumberStyle", "wrapLines", "wrapLongLines", "lineProps", "renderer", "PreTag", "CodeTag", "code", "astGenerator"];
-function highlight_ownKeys(object, enumerableOnly) {
-  var keys = Object.keys(object);
-  if (Object.getOwnPropertySymbols) {
-    var symbols = Object.getOwnPropertySymbols(object);
-    enumerableOnly && (symbols = symbols.filter(function (sym) {
-      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
-    })), keys.push.apply(keys, symbols);
-  }
-  return keys;
-}
-function highlight_objectSpread(target) {
-  for (var i = 1; i < arguments.length; i++) {
-    var source = null != arguments[i] ? arguments[i] : {};
-    i % 2 ? highlight_ownKeys(Object(source), !0).forEach(function (key) {
-      defineProperty_defineProperty(target, key, source[key]);
-    }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : highlight_ownKeys(Object(source)).forEach(function (key) {
-      Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
-    });
-  }
-  return target;
-}
-
-
-
-var newLineRegex = /\n/g;
-function getNewLines(str) {
-  return str.match(newLineRegex);
-}
-function getAllLineNumbers(_ref) {
-  var lines = _ref.lines,
-    startingLineNumber = _ref.startingLineNumber,
-    style = _ref.style;
-  return lines.map(function (_, i) {
-    var number = i + startingLineNumber;
-    return /*#__PURE__*/react.createElement("span", {
-      key: "line-".concat(i),
-      className: "react-syntax-highlighter-line-number",
-      style: typeof style === 'function' ? style(number) : style
-    }, "".concat(number, "\n"));
-  });
-}
-function AllLineNumbers(_ref2) {
-  var codeString = _ref2.codeString,
-    codeStyle = _ref2.codeStyle,
-    _ref2$containerStyle = _ref2.containerStyle,
-    containerStyle = _ref2$containerStyle === void 0 ? {
-      "float": 'left',
-      paddingRight: '10px'
-    } : _ref2$containerStyle,
-    _ref2$numberStyle = _ref2.numberStyle,
-    numberStyle = _ref2$numberStyle === void 0 ? {} : _ref2$numberStyle,
-    startingLineNumber = _ref2.startingLineNumber;
-  return /*#__PURE__*/react.createElement("code", {
-    style: Object.assign({}, codeStyle, containerStyle)
-  }, getAllLineNumbers({
-    lines: codeString.replace(/\n$/, '').split('\n'),
-    style: numberStyle,
-    startingLineNumber: startingLineNumber
-  }));
-}
-function getEmWidthOfNumber(num) {
-  return "".concat(num.toString().length, ".25em");
-}
-function getInlineLineNumber(lineNumber, inlineLineNumberStyle) {
-  return {
-    type: 'element',
-    tagName: 'span',
-    properties: {
-      key: "line-number--".concat(lineNumber),
-      className: ['comment', 'linenumber', 'react-syntax-highlighter-line-number'],
-      style: inlineLineNumberStyle
-    },
-    children: [{
-      type: 'text',
-      value: lineNumber
-    }]
-  };
-}
-function assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber) {
-  // minimally necessary styling for line numbers
-  var defaultLineNumberStyle = {
-    display: 'inline-block',
-    minWidth: getEmWidthOfNumber(largestLineNumber),
-    paddingRight: '1em',
-    textAlign: 'right',
-    userSelect: 'none'
-  }; // prep custom styling
-
-  var customLineNumberStyle = typeof lineNumberStyle === 'function' ? lineNumberStyle(lineNumber) : lineNumberStyle; // combine
-
-  var assembledStyle = highlight_objectSpread(highlight_objectSpread({}, defaultLineNumberStyle), customLineNumberStyle);
-  return assembledStyle;
-}
-function createLineElement(_ref3) {
-  var children = _ref3.children,
-    lineNumber = _ref3.lineNumber,
-    lineNumberStyle = _ref3.lineNumberStyle,
-    largestLineNumber = _ref3.largestLineNumber,
-    showInlineLineNumbers = _ref3.showInlineLineNumbers,
-    _ref3$lineProps = _ref3.lineProps,
-    lineProps = _ref3$lineProps === void 0 ? {} : _ref3$lineProps,
-    _ref3$className = _ref3.className,
-    className = _ref3$className === void 0 ? [] : _ref3$className,
-    showLineNumbers = _ref3.showLineNumbers,
-    wrapLongLines = _ref3.wrapLongLines;
-  var properties = typeof lineProps === 'function' ? lineProps(lineNumber) : lineProps;
-  properties['className'] = className;
-  if (lineNumber && showInlineLineNumbers) {
-    var inlineLineNumberStyle = assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber);
-    children.unshift(getInlineLineNumber(lineNumber, inlineLineNumberStyle));
-  }
-  if (wrapLongLines & showLineNumbers) {
-    properties.style = highlight_objectSpread(highlight_objectSpread({}, properties.style), {}, {
-      display: 'flex'
-    });
-  }
-  return {
-    type: 'element',
-    tagName: 'span',
-    properties: properties,
-    children: children
-  };
-}
-function flattenCodeTree(tree) {
-  var className = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
-  var newTree = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
-  for (var i = 0; i < tree.length; i++) {
-    var node = tree[i];
-    if (node.type === 'text') {
-      newTree.push(createLineElement({
-        children: [node],
-        className: toConsumableArray_toConsumableArray(new Set(className))
-      }));
-    } else if (node.children) {
-      var classNames = className.concat(node.properties.className);
-      flattenCodeTree(node.children, classNames).forEach(function (i) {
-        return newTree.push(i);
-      });
-    }
-  }
-  return newTree;
-}
-function processLines(codeTree, wrapLines, lineProps, showLineNumbers, showInlineLineNumbers, startingLineNumber, largestLineNumber, lineNumberStyle, wrapLongLines) {
-  var _ref4;
-  var tree = flattenCodeTree(codeTree.value);
-  var newTree = [];
-  var lastLineBreakIndex = -1;
-  var index = 0;
-  function createWrappedLine(children, lineNumber) {
-    var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
-    return createLineElement({
-      children: children,
-      lineNumber: lineNumber,
-      lineNumberStyle: lineNumberStyle,
-      largestLineNumber: largestLineNumber,
-      showInlineLineNumbers: showInlineLineNumbers,
-      lineProps: lineProps,
-      className: className,
-      showLineNumbers: showLineNumbers,
-      wrapLongLines: wrapLongLines
-    });
-  }
-  function createUnwrappedLine(children, lineNumber) {
-    if (showLineNumbers && lineNumber && showInlineLineNumbers) {
-      var inlineLineNumberStyle = assembleLineNumberStyles(lineNumberStyle, lineNumber, largestLineNumber);
-      children.unshift(getInlineLineNumber(lineNumber, inlineLineNumberStyle));
-    }
-    return children;
-  }
-  function createLine(children, lineNumber) {
-    var className = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
-    return wrapLines || className.length > 0 ? createWrappedLine(children, lineNumber, className) : createUnwrappedLine(children, lineNumber);
-  }
-  var _loop = function _loop() {
-    var node = tree[index];
-    var value = node.children[0].value;
-    var newLines = getNewLines(value);
-    if (newLines) {
-      var splitValue = value.split('\n');
-      splitValue.forEach(function (text, i) {
-        var lineNumber = showLineNumbers && newTree.length + startingLineNumber;
-        var newChild = {
-          type: 'text',
-          value: "".concat(text, "\n")
-        }; // if it's the first line
-
-        if (i === 0) {
-          var _children = tree.slice(lastLineBreakIndex + 1, index).concat(createLineElement({
-            children: [newChild],
-            className: node.properties.className
-          }));
-          var _line = createLine(_children, lineNumber);
-          newTree.push(_line); // if it's the last line
-        } else if (i === splitValue.length - 1) {
-          var stringChild = tree[index + 1] && tree[index + 1].children && tree[index + 1].children[0];
-          var lastLineInPreviousSpan = {
-            type: 'text',
-            value: "".concat(text)
-          };
-          if (stringChild) {
-            var newElem = createLineElement({
-              children: [lastLineInPreviousSpan],
-              className: node.properties.className
-            });
-            tree.splice(index + 1, 0, newElem);
-          } else {
-            var _children2 = [lastLineInPreviousSpan];
-            var _line2 = createLine(_children2, lineNumber, node.properties.className);
-            newTree.push(_line2);
-          } // if it's neither the first nor the last line
-        } else {
-          var _children3 = [newChild];
-          var _line3 = createLine(_children3, lineNumber, node.properties.className);
-          newTree.push(_line3);
-        }
-      });
-      lastLineBreakIndex = index;
-    }
-    index++;
-  };
-  while (index < tree.length) {
-    _loop();
-  }
-  if (lastLineBreakIndex !== tree.length - 1) {
-    var children = tree.slice(lastLineBreakIndex + 1, tree.length);
-    if (children && children.length) {
-      var lineNumber = showLineNumbers && newTree.length + startingLineNumber;
-      var line = createLine(children, lineNumber);
-      newTree.push(line);
-    }
-  }
-  return wrapLines ? newTree : (_ref4 = []).concat.apply(_ref4, newTree);
-}
-function defaultRenderer(_ref5) {
-  var rows = _ref5.rows,
-    stylesheet = _ref5.stylesheet,
-    useInlineStyles = _ref5.useInlineStyles;
-  return rows.map(function (node, i) {
-    return createElement({
-      node: node,
-      stylesheet: stylesheet,
-      useInlineStyles: useInlineStyles,
-      key: "code-segement".concat(i)
-    });
-  });
-} // only highlight.js has the highlightAuto method
-
-function isHighlightJs(astGenerator) {
-  return astGenerator && typeof astGenerator.highlightAuto !== 'undefined';
-}
-function getCodeTree(_ref6) {
-  var astGenerator = _ref6.astGenerator,
-    language = _ref6.language,
-    code = _ref6.code,
-    defaultCodeValue = _ref6.defaultCodeValue;
-
-  // figure out whether we're using lowlight/highlight or refractor/prism
-  // then attempt highlighting accordingly
-  // lowlight/highlight?
-  if (isHighlightJs(astGenerator)) {
-    var hasLanguage = checkForListedLanguage(astGenerator, language);
-    if (language === 'text') {
-      return {
-        value: defaultCodeValue,
-        language: 'text'
-      };
-    } else if (hasLanguage) {
-      return astGenerator.highlight(language, code);
-    } else {
-      return astGenerator.highlightAuto(code);
-    }
-  } // must be refractor/prism, then
-
-  try {
-    return language && language !== 'text' ? {
-      value: astGenerator.highlight(code, language)
-    } : {
-      value: defaultCodeValue
-    };
-  } catch (e) {
-    return {
-      value: defaultCodeValue
-    };
-  }
-}
-/* harmony default export */ function highlight(defaultAstGenerator, defaultStyle) {
-  return function SyntaxHighlighter(_ref7) {
-    var language = _ref7.language,
-      children = _ref7.children,
-      _ref7$style = _ref7.style,
-      style = _ref7$style === void 0 ? defaultStyle : _ref7$style,
-      _ref7$customStyle = _ref7.customStyle,
-      customStyle = _ref7$customStyle === void 0 ? {} : _ref7$customStyle,
-      _ref7$codeTagProps = _ref7.codeTagProps,
-      codeTagProps = _ref7$codeTagProps === void 0 ? {
-        className: language ? "language-".concat(language) : undefined,
-        style: highlight_objectSpread(highlight_objectSpread({}, style['code[class*="language-"]']), style["code[class*=\"language-".concat(language, "\"]")])
-      } : _ref7$codeTagProps,
-      _ref7$useInlineStyles = _ref7.useInlineStyles,
-      useInlineStyles = _ref7$useInlineStyles === void 0 ? true : _ref7$useInlineStyles,
-      _ref7$showLineNumbers = _ref7.showLineNumbers,
-      showLineNumbers = _ref7$showLineNumbers === void 0 ? false : _ref7$showLineNumbers,
-      _ref7$showInlineLineN = _ref7.showInlineLineNumbers,
-      showInlineLineNumbers = _ref7$showInlineLineN === void 0 ? true : _ref7$showInlineLineN,
-      _ref7$startingLineNum = _ref7.startingLineNumber,
-      startingLineNumber = _ref7$startingLineNum === void 0 ? 1 : _ref7$startingLineNum,
-      lineNumberContainerStyle = _ref7.lineNumberContainerStyle,
-      _ref7$lineNumberStyle = _ref7.lineNumberStyle,
-      lineNumberStyle = _ref7$lineNumberStyle === void 0 ? {} : _ref7$lineNumberStyle,
-      wrapLines = _ref7.wrapLines,
-      _ref7$wrapLongLines = _ref7.wrapLongLines,
-      wrapLongLines = _ref7$wrapLongLines === void 0 ? false : _ref7$wrapLongLines,
-      _ref7$lineProps = _ref7.lineProps,
-      lineProps = _ref7$lineProps === void 0 ? {} : _ref7$lineProps,
-      renderer = _ref7.renderer,
-      _ref7$PreTag = _ref7.PreTag,
-      PreTag = _ref7$PreTag === void 0 ? 'pre' : _ref7$PreTag,
-      _ref7$CodeTag = _ref7.CodeTag,
-      CodeTag = _ref7$CodeTag === void 0 ? 'code' : _ref7$CodeTag,
-      _ref7$code = _ref7.code,
-      code = _ref7$code === void 0 ? (Array.isArray(children) ? children[0] : children) || '' : _ref7$code,
-      astGenerator = _ref7.astGenerator,
-      rest = objectWithoutProperties_objectWithoutProperties(_ref7, highlight_excluded);
-    astGenerator = astGenerator || defaultAstGenerator;
-    var allLineNumbers = showLineNumbers ? /*#__PURE__*/react.createElement(AllLineNumbers, {
-      containerStyle: lineNumberContainerStyle,
-      codeStyle: codeTagProps.style || {},
-      numberStyle: lineNumberStyle,
-      startingLineNumber: startingLineNumber,
-      codeString: code
-    }) : null;
-    var defaultPreStyle = style.hljs || style['pre[class*="language-"]'] || {
-      backgroundColor: '#fff'
-    };
-    var generatorClassName = isHighlightJs(astGenerator) ? 'hljs' : 'prismjs';
-    var preProps = useInlineStyles ? Object.assign({}, rest, {
-      style: Object.assign({}, defaultPreStyle, customStyle)
-    }) : Object.assign({}, rest, {
-      className: rest.className ? "".concat(generatorClassName, " ").concat(rest.className) : generatorClassName,
-      style: Object.assign({}, customStyle)
-    });
-    if (wrapLongLines) {
-      codeTagProps.style = highlight_objectSpread(highlight_objectSpread({}, codeTagProps.style), {}, {
-        whiteSpace: 'pre-wrap'
-      });
-    } else {
-      codeTagProps.style = highlight_objectSpread(highlight_objectSpread({}, codeTagProps.style), {}, {
-        whiteSpace: 'pre'
-      });
-    }
-    if (!astGenerator) {
-      return /*#__PURE__*/react.createElement(PreTag, preProps, allLineNumbers, /*#__PURE__*/react.createElement(CodeTag, codeTagProps, code));
-    }
-    /*
-     * Some custom renderers rely on individual row elements so we need to turn wrapLines on
-     * if renderer is provided and wrapLines is undefined.
-     */
-
-    if (wrapLines === undefined && renderer || wrapLongLines) wrapLines = true;
-    renderer = renderer || defaultRenderer;
-    var defaultCodeValue = [{
-      type: 'text',
-      value: code
-    }];
-    var codeTree = getCodeTree({
-      astGenerator: astGenerator,
-      language: language,
-      code: code,
-      defaultCodeValue: defaultCodeValue
-    });
-    if (codeTree.language === null) {
-      codeTree.value = defaultCodeValue;
-    } // determine largest line number so that we can force minWidth on all linenumber elements
-
-    var largestLineNumber = codeTree.value.length + startingLineNumber;
-    var rows = processLines(codeTree, wrapLines, lineProps, showLineNumbers, showInlineLineNumbers, startingLineNumber, largestLineNumber, lineNumberStyle, wrapLongLines);
-    return /*#__PURE__*/react.createElement(PreTag, preProps, /*#__PURE__*/react.createElement(CodeTag, codeTagProps, !showInlineLineNumbers && allLineNumbers, renderer({
-      rows: rows,
-      stylesheet: style,
-      useInlineStyles: useInlineStyles
-    })));
-  };
-}
-// EXTERNAL MODULE: ./node_modules/lowlight/lib/core.js
-var lib_core = __webpack_require__(905);
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/light.js
-
-
-var SyntaxHighlighter = highlight(lib_core, {});
-SyntaxHighlighter.registerLanguage = lib_core.registerLanguage;
-/* harmony default export */ var esm_light = (SyntaxHighlighter);
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/styles/hljs/docco.js
-/* harmony default export */ var docco = ({
-  "hljs": {
-    "display": "block",
-    "overflowX": "auto",
-    "padding": "0.5em",
-    "color": "#000",
-    "background": "#f8f8ff"
-  },
-  "hljs-comment": {
-    "color": "#408080",
-    "fontStyle": "italic"
-  },
-  "hljs-quote": {
-    "color": "#408080",
-    "fontStyle": "italic"
-  },
-  "hljs-keyword": {
-    "color": "#954121"
-  },
-  "hljs-selector-tag": {
-    "color": "#954121"
-  },
-  "hljs-literal": {
-    "color": "#954121"
-  },
-  "hljs-subst": {
-    "color": "#954121"
-  },
-  "hljs-number": {
-    "color": "#40a070"
-  },
-  "hljs-string": {
-    "color": "#219161"
-  },
-  "hljs-doctag": {
-    "color": "#219161"
-  },
-  "hljs-selector-id": {
-    "color": "#19469d"
-  },
-  "hljs-selector-class": {
-    "color": "#19469d"
-  },
-  "hljs-section": {
-    "color": "#19469d"
-  },
-  "hljs-type": {
-    "color": "#19469d"
-  },
-  "hljs-params": {
-    "color": "#00f"
-  },
-  "hljs-title": {
-    "color": "#458",
-    "fontWeight": "bold"
-  },
-  "hljs-tag": {
-    "color": "#000080",
-    "fontWeight": "normal"
-  },
-  "hljs-name": {
-    "color": "#000080",
-    "fontWeight": "normal"
-  },
-  "hljs-attribute": {
-    "color": "#000080",
-    "fontWeight": "normal"
-  },
-  "hljs-variable": {
-    "color": "#008080"
-  },
-  "hljs-template-variable": {
-    "color": "#008080"
-  },
-  "hljs-regexp": {
-    "color": "#b68"
-  },
-  "hljs-link": {
-    "color": "#b68"
-  },
-  "hljs-symbol": {
-    "color": "#990073"
-  },
-  "hljs-bullet": {
-    "color": "#990073"
-  },
-  "hljs-built_in": {
-    "color": "#0086b3"
-  },
-  "hljs-builtin-name": {
-    "color": "#0086b3"
-  },
-  "hljs-meta": {
-    "color": "#999",
-    "fontWeight": "bold"
-  },
-  "hljs-deletion": {
-    "background": "#fdd"
-  },
-  "hljs-addition": {
-    "background": "#dfd"
-  },
-  "hljs-emphasis": {
-    "fontStyle": "italic"
-  },
-  "hljs-strong": {
-    "fontWeight": "bold"
-  }
-});
-// EXTERNAL MODULE: ./node_modules/highlight.js/lib/languages/yaml.js
-var yaml = __webpack_require__(712);
-var yaml_default = /*#__PURE__*/__webpack_require__.n(yaml);
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/languages/hljs/yaml.js
-
-/* harmony default export */ var hljs_yaml = ((yaml_default()));
-// EXTERNAL MODULE: ./node_modules/highlight.js/lib/languages/diff.js
-var languages_diff = __webpack_require__(682);
-var diff_default = /*#__PURE__*/__webpack_require__.n(languages_diff);
-;// CONCATENATED MODULE: ./node_modules/react-syntax-highlighter/dist/esm/languages/hljs/diff.js
-
-/* harmony default export */ var hljs_diff = ((diff_default()));
-;// CONCATENATED MODULE: ./src/components/CodeViewer.tsx
-esm_light.registerLanguage('yaml',hljs_yaml);esm_light.registerLanguage('diff',hljs_diff);function CodeViewer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(esm_light,{language:props.language,style:docco,children:props.code});/*return <Box height={"100%"}><Box sx={{
-        overflowY: 'scroll', // Enable vertical scrolling
-        height: "100%",
-        //maxHeight: '100%', // Set a fixed height
-        border: '1px solid #ccc', // Optional border
-        padding: '10px', // Optional padding
-    }}>
-        <SyntaxHighlighter language={props.language} style={docco}>
-            {props.code!}
-        </SyntaxHighlighter>
-    </Box></Box>*/}
-;// CONCATENATED MODULE: ./src/components/result-view/CommandResultStatusLine.tsx
-var StatusLine=function StatusLine(props){var children=[];var doPush=function doPush(n,t,icon){if(n){children.push(/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:n+" "+t,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"center",width:"24px",height:"24px",children:icon})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{fontSize:"10px",align:"center",children:n})]},t));}};doPush(props.errors,"total errors.",/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorIcon,{}));doPush(props.warnings,"total warnings.",/*#__PURE__*/(0,jsx_runtime.jsx)(WarningIcon,{}));doPush(props.newObjects,"new objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(AddedIcon,{}));doPush(props.deletedObjects,"deleted objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(TrashIcon,{}));doPush(props.orphanObjects,"orphan objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(OrphanIcon,{}));doPush(props.changedObjects,"changed objects.",/*#__PURE__*/(0,jsx_runtime.jsx)(ChangedIcon,{}));return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",width:"100%",children:children});};var CommandResultStatusLine=function CommandResultStatusLine(props){var _props$rs$errors,_props$rs$warnings;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_props$rs$errors=props.rs.errors)===null||_props$rs$errors===void 0?void 0:_props$rs$errors.length,warnings:(_props$rs$warnings=props.rs.warnings)===null||_props$rs$warnings===void 0?void 0:_props$rs$warnings.length,changedObjects:props.rs.changedObjects,newObjects:props.rs.newObjects,deletedObjects:props.rs.deletedObjects,orphanObjects:props.rs.orphanObjects});};var ValidateResultStatusLine=function ValidateResultStatusLine(props){var _props$vr,_props$vr$errors,_props$vr2,_props$vr2$warnings,_props$vr3,_props$vr3$drift;return/*#__PURE__*/_jsx(StatusLine,{errors:(_props$vr=props.vr)===null||_props$vr===void 0?void 0:(_props$vr$errors=_props$vr.errors)===null||_props$vr$errors===void 0?void 0:_props$vr$errors.length,warnings:(_props$vr2=props.vr)===null||_props$vr2===void 0?void 0:(_props$vr2$warnings=_props$vr2.warnings)===null||_props$vr2$warnings===void 0?void 0:_props$vr2$warnings.length,changedObjects:(_props$vr3=props.vr)===null||_props$vr3===void 0?void 0:(_props$vr3$drift=_props$vr3.drift)===null||_props$vr3$drift===void 0?void 0:_props$vr3$drift.length});};
-;// CONCATENATED MODULE: ./src/components/targets-view/CommandResultItem.tsx
-var CommandResultItemHeader=/*#__PURE__*/react.memo(function(props){var _rs$commandInfo,_rs$commandInfo2;var rs=props.rs;var _useState=(0,react.useState)(calcAgo(rs.commandInfo.startTime)),_useState2=slicedToArray_slicedToArray(_useState,2),ago=_useState2[0],setAgo=_useState2[1];var Icon=DiffIcon;switch((_rs$commandInfo=rs.commandInfo)===null||_rs$commandInfo===void 0?void 0:_rs$commandInfo.command){case"delete":Icon=PruneIcon;break;case"deploy":Icon=DeployIcon;break;case"diff":Icon=DiffIcon;break;case"poke-images":Icon=DeployIcon;break;case"prune":Icon=PruneIcon;break;}var iconTooltip=(0,react.useMemo)(function(){var cmdInfoYaml=dump(rs.commandInfo);return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:cmdInfoYaml,language:"yaml"});},[rs.commandInfo]);(0,react.useEffect)(function(){var interval=setInterval(function(){return setAgo(calcAgo(rs.commandInfo.startTime));},5000);return function(){return clearInterval(interval);};},[rs.commandInfo.startTime]);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",gap:"15px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:iconTooltip,children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"45px",height:"45px",flex:"0 0 auto",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h6",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",children:(_rs$commandInfo2=rs.commandInfo)===null||_rs$commandInfo2===void 0?void 0:_rs$commandInfo2.command}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:rs.commandInfo.startTime,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",textAlign:"left",textOverflow:"ellipsis",overflow:"hidden",whiteSpace:"nowrap",fontSize:"14px",fontWeight:500,lineHeight:"19px",children:ago})})]})]});});var CommandResultItem=/*#__PURE__*/react.memo(function(props){var rs=props.rs,onSelectCommandResult=props.onSelectCommandResult;var navigate=dist_useNavigate();return/*#__PURE__*/(0,jsx_runtime.jsx)(CardPaper,{sx:{padding:'20px 16px 5px 16px'},onClick:function onClick(){return onSelectCommandResult(rs);},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",justifyContent:"space-between",height:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:rs}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultStatusLine,{rs:rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",gap:"6px",alignItems:"center",height:"39px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(rs.id));},sx:{padding:0,width:26,height:26},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]})});});
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/tabClasses.js
-
-
-function getTabUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTab', slot);
-}
-var tabClasses = generateUtilityClasses('MuiTab', ['root', 'labelIcon', 'textColorInherit', 'textColorPrimary', 'textColorSecondary', 'selected', 'disabled', 'fullWidth', 'wrapped', 'iconWrapper']);
-/* harmony default export */ var Tab_tabClasses = (tabClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tab/Tab.js
-
-
-
-var Tab_excluded = ["className", "disabled", "disableFocusRipple", "fullWidth", "icon", "iconPosition", "indicator", "label", "onChange", "onClick", "onFocus", "selected", "selectionFollowsFocus", "textColor", "value", "wrapped"];
-
-
-
-
-
-
-
-
-
-
-
-var Tab_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    textColor = ownerState.textColor,
-    fullWidth = ownerState.fullWidth,
-    wrapped = ownerState.wrapped,
-    icon = ownerState.icon,
-    label = ownerState.label,
-    selected = ownerState.selected,
-    disabled = ownerState.disabled;
-  var slots = {
-    root: ['root', icon && label && 'labelIcon', "textColor".concat(utils_capitalize(textColor)), fullWidth && 'fullWidth', wrapped && 'wrapped', selected && 'selected', disabled && 'disabled'],
-    iconWrapper: ['iconWrapper']
-  };
-  return composeClasses(slots, getTabUtilityClass, classes);
-};
-var TabRoot = styles_styled(ButtonBase_ButtonBase, {
-  name: 'MuiTab',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.label && ownerState.icon && styles.labelIcon, styles["textColor".concat(utils_capitalize(ownerState.textColor))], ownerState.fullWidth && styles.fullWidth, ownerState.wrapped && styles.wrapped];
-  }
-})(function (_ref) {
-  var _ref3, _ref4, _ref5;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({}, theme.typography.button, {
-    maxWidth: 360,
-    minWidth: 90,
-    position: 'relative',
-    minHeight: 48,
-    flexShrink: 0,
-    padding: '12px 16px',
-    overflow: 'hidden',
-    whiteSpace: 'normal',
-    textAlign: 'center'
-  }, ownerState.label && {
-    flexDirection: ownerState.iconPosition === 'top' || ownerState.iconPosition === 'bottom' ? 'column' : 'row'
-  }, {
-    lineHeight: 1.25
-  }, ownerState.icon && ownerState.label && defineProperty_defineProperty({
-    minHeight: 72,
-    paddingTop: 9,
-    paddingBottom: 9
-  }, "& > .".concat(Tab_tabClasses.iconWrapper), extends_extends({}, ownerState.iconPosition === 'top' && {
-    marginBottom: 6
-  }, ownerState.iconPosition === 'bottom' && {
-    marginTop: 6
-  }, ownerState.iconPosition === 'start' && {
-    marginRight: theme.spacing(1)
-  }, ownerState.iconPosition === 'end' && {
-    marginLeft: theme.spacing(1)
-  })), ownerState.textColor === 'inherit' && (_ref3 = {
-    color: 'inherit',
-    opacity: 0.6
-  }, defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.selected), {
-    opacity: 1
-  }), defineProperty_defineProperty(_ref3, "&.".concat(Tab_tabClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity
-  }), _ref3), ownerState.textColor === 'primary' && (_ref4 = {
-    color: (theme.vars || theme).palette.text.secondary
-  }, defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.selected), {
-    color: (theme.vars || theme).palette.primary.main
-  }), defineProperty_defineProperty(_ref4, "&.".concat(Tab_tabClasses.disabled), {
-    color: (theme.vars || theme).palette.text.disabled
-  }), _ref4), ownerState.textColor === 'secondary' && (_ref5 = {
-    color: (theme.vars || theme).palette.text.secondary
-  }, defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.selected), {
-    color: (theme.vars || theme).palette.secondary.main
-  }), defineProperty_defineProperty(_ref5, "&.".concat(Tab_tabClasses.disabled), {
-    color: (theme.vars || theme).palette.text.disabled
-  }), _ref5), ownerState.fullWidth && {
-    flexShrink: 1,
-    flexGrow: 1,
-    flexBasis: 0,
-    maxWidth: 'none'
-  }, ownerState.wrapped && {
-    fontSize: theme.typography.pxToRem(12)
-  });
-});
-var Tab = /*#__PURE__*/react.forwardRef(function Tab(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTab'
-  });
-  var className = props.className,
-    _props$disabled = props.disabled,
-    disabled = _props$disabled === void 0 ? false : _props$disabled,
-    _props$disableFocusRi = props.disableFocusRipple,
-    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
-    fullWidth = props.fullWidth,
-    iconProp = props.icon,
-    _props$iconPosition = props.iconPosition,
-    iconPosition = _props$iconPosition === void 0 ? 'top' : _props$iconPosition,
-    indicator = props.indicator,
-    label = props.label,
-    onChange = props.onChange,
-    onClick = props.onClick,
-    onFocus = props.onFocus,
-    selected = props.selected,
-    selectionFollowsFocus = props.selectionFollowsFocus,
-    _props$textColor = props.textColor,
-    textColor = _props$textColor === void 0 ? 'inherit' : _props$textColor,
-    value = props.value,
-    _props$wrapped = props.wrapped,
-    wrapped = _props$wrapped === void 0 ? false : _props$wrapped,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tab_excluded);
-  var ownerState = extends_extends({}, props, {
-    disabled: disabled,
-    disableFocusRipple: disableFocusRipple,
-    selected: selected,
-    icon: !!iconProp,
-    iconPosition: iconPosition,
-    label: !!label,
-    fullWidth: fullWidth,
-    textColor: textColor,
-    wrapped: wrapped
-  });
-  var classes = Tab_useUtilityClasses(ownerState);
-  var icon = iconProp && label && /*#__PURE__*/react.isValidElement(iconProp) ? /*#__PURE__*/react.cloneElement(iconProp, {
-    className: clsx_m(classes.iconWrapper, iconProp.props.className)
-  }) : iconProp;
-  var handleClick = function handleClick(event) {
-    if (!selected && onChange) {
-      onChange(event, value);
-    }
-    if (onClick) {
-      onClick(event);
-    }
-  };
-  var handleFocus = function handleFocus(event) {
-    if (selectionFollowsFocus && !selected && onChange) {
-      onChange(event, value);
-    }
-    if (onFocus) {
-      onFocus(event);
-    }
-  };
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabRoot, extends_extends({
-    focusRipple: !disableFocusRipple,
-    className: clsx_m(classes.root, className),
-    ref: ref,
-    role: "tab",
-    "aria-selected": selected,
-    disabled: disabled,
-    onClick: handleClick,
-    onFocus: handleFocus,
-    ownerState: ownerState,
-    tabIndex: selected ? 0 : -1
-  }, other, {
-    children: [iconPosition === 'top' || iconPosition === 'start' ? /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-      children: [icon, label]
-    }) : /*#__PURE__*/(0,jsx_runtime.jsxs)(react.Fragment, {
-      children: [label, icon]
-    }), indicator]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Tab_Tab = (Tab);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabContext/TabContext.js
-
-
-
-
-/**
- * @type {React.Context<{ idPrefix: string; value: string } | null>}
- */
-
-var Context = /*#__PURE__*/react.createContext(null);
-if (false) {}
-function useUniquePrefix() {
-  var _React$useState = react.useState(null),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    id = _React$useState2[0],
-    setId = _React$useState2[1];
-  react.useEffect(function () {
-    setId("mui-p-".concat(Math.round(Math.random() * 1e5)));
-  }, []);
-  return id;
-}
-function TabContext(props) {
-  var children = props.children,
-    value = props.value;
-  var idPrefix = useUniquePrefix();
-  var context = react.useMemo(function () {
-    return {
-      idPrefix: idPrefix,
-      value: value
-    };
-  }, [idPrefix, value]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Context.Provider, {
-    value: context,
-    children: children
-  });
-}
- false ? 0 : void 0;
-
-/**
- * @returns {unknown}
- */
-function useTabContext() {
-  return react.useContext(Context);
-}
-function getPanelId(context, value) {
-  var idPrefix = context.idPrefix;
-  if (idPrefix === null) {
-    return null;
-  }
-  return "".concat(context.idPrefix, "-P-").concat(value);
-}
-function getTabId(context, value) {
-  var idPrefix = context.idPrefix;
-  if (idPrefix === null) {
-    return null;
-  }
-  return "".concat(context.idPrefix, "-T-").concat(value);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/utils/esm/scrollLeft.js
-// Source from https://github.com/alitaheri/normalize-scroll-left
-var cachedType;
-
-/**
- * Based on the jquery plugin https://github.com/othree/jquery.rtl-scroll-type
- *
- * Types of scrollLeft, assuming scrollWidth=100 and direction is rtl.
- *
- * Type             | <- Most Left | Most Right -> | Initial
- * ---------------- | ------------ | ------------- | -------
- * default          | 0            | 100           | 100
- * negative (spec*) | -100         | 0             | 0
- * reverse          | 100          | 0             | 0
- *
- * Edge 85: default
- * Safari 14: negative
- * Chrome 85: negative
- * Firefox 81: negative
- * IE11: reverse
- *
- * spec* https://drafts.csswg.org/cssom-view/#dom-window-scroll
- */
-function detectScrollType() {
-  if (cachedType) {
-    return cachedType;
-  }
-  var dummy = document.createElement('div');
-  var container = document.createElement('div');
-  container.style.width = '10px';
-  container.style.height = '1px';
-  dummy.appendChild(container);
-  dummy.dir = 'rtl';
-  dummy.style.fontSize = '14px';
-  dummy.style.width = '4px';
-  dummy.style.height = '1px';
-  dummy.style.position = 'absolute';
-  dummy.style.top = '-1000px';
-  dummy.style.overflow = 'scroll';
-  document.body.appendChild(dummy);
-  cachedType = 'reverse';
-  if (dummy.scrollLeft > 0) {
-    cachedType = 'default';
-  } else {
-    dummy.scrollLeft = 1;
-    if (dummy.scrollLeft === 0) {
-      cachedType = 'negative';
-    }
-  }
-  document.body.removeChild(dummy);
-  return cachedType;
-}
-
-// Based on https://stackoverflow.com/a/24394376
-function getNormalizedScrollLeft(element, direction) {
-  var scrollLeft = element.scrollLeft;
-
-  // Perform the calculations only when direction is rtl to avoid messing up the ltr behavior
-  if (direction !== 'rtl') {
-    return scrollLeft;
-  }
-  var type = detectScrollType();
-  switch (type) {
-    case 'negative':
-      return element.scrollWidth - element.clientWidth + scrollLeft;
-    case 'reverse':
-      return element.scrollWidth - element.clientWidth - scrollLeft;
-    default:
-      return scrollLeft;
-  }
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/animate.js
-function easeInOutSin(time) {
-  return (1 + Math.sin(Math.PI * time - Math.PI / 2)) / 2;
-}
-function animate(property, element, to) {
-  var options = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  var cb = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : function () {};
-  var _options$ease = options.ease,
-    ease = _options$ease === void 0 ? easeInOutSin : _options$ease,
-    _options$duration = options.duration,
-    duration = _options$duration === void 0 ? 300 : _options$duration;
-  var start = null;
-  var from = element[property];
-  var cancelled = false;
-  var cancel = function cancel() {
-    cancelled = true;
-  };
-  var step = function step(timestamp) {
-    if (cancelled) {
-      cb(new Error('Animation cancelled'));
-      return;
-    }
-    if (start === null) {
-      start = timestamp;
-    }
-    var time = Math.min(1, (timestamp - start) / duration);
-    element[property] = ease(time) * (to - from) + from;
-    if (time >= 1) {
-      requestAnimationFrame(function () {
-        cb(null);
-      });
-      return;
-    }
-    requestAnimationFrame(step);
-  };
-  if (from === to) {
-    cb(new Error('Element already at target position'));
-    return cancel;
-  }
-  requestAnimationFrame(step);
-  return cancel;
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/ScrollbarSize.js
-
-
-var ScrollbarSize_excluded = ["onChange"];
-
-
-
-
-
-var ScrollbarSize_styles = {
-  width: 99,
-  height: 99,
-  position: 'absolute',
-  top: -9999,
-  overflow: 'scroll'
-};
-
-/**
- * @ignore - internal component.
- * The component originates from https://github.com/STORIS/react-scrollbar-size.
- * It has been moved into the core in order to minimize the bundle size.
- */
-function ScrollbarSize(props) {
-  var onChange = props.onChange,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, ScrollbarSize_excluded);
-  var scrollbarHeight = react.useRef();
-  var nodeRef = react.useRef(null);
-  var setMeasurements = function setMeasurements() {
-    scrollbarHeight.current = nodeRef.current.offsetHeight - nodeRef.current.clientHeight;
-  };
-  utils_useEnhancedEffect(function () {
-    var handleResize = utils_debounce(function () {
-      var prevHeight = scrollbarHeight.current;
-      setMeasurements();
-      if (prevHeight !== scrollbarHeight.current) {
-        onChange(scrollbarHeight.current);
-      }
-    });
-    var containerWindow = utils_ownerWindow(nodeRef.current);
-    containerWindow.addEventListener('resize', handleResize);
-    return function () {
-      handleResize.clear();
-      containerWindow.removeEventListener('resize', handleResize);
-    };
-  }, [onChange]);
-  react.useEffect(function () {
-    setMeasurements();
-    onChange(scrollbarHeight.current);
-  }, [onChange]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)("div", extends_extends({
-    style: ScrollbarSize_styles,
-    ref: nodeRef
-  }, other));
-}
- false ? 0 : void 0;
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowLeft.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var KeyboardArrowLeft = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M15.41 16.09l-4.58-4.59 4.58-4.59L14 5.5l-6 6 6 6z"
-}), 'KeyboardArrowLeft'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/KeyboardArrowRight.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var KeyboardArrowRight = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M8.59 16.34l4.58-4.59-4.58-4.59L10 5.75l6 6-6 6z"
-}), 'KeyboardArrowRight'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/tabScrollButtonClasses.js
-
-
-function getTabScrollButtonUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabScrollButton', slot);
-}
-var tabScrollButtonClasses = generateUtilityClasses('MuiTabScrollButton', ['root', 'vertical', 'horizontal', 'disabled']);
-/* harmony default export */ var TabScrollButton_tabScrollButtonClasses = (tabScrollButtonClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TabScrollButton/TabScrollButton.js
-
-
-
-var TabScrollButton_excluded = ["className", "slots", "slotProps", "direction", "orientation", "disabled"];
-/* eslint-disable jsx-a11y/aria-role */
-
-
-
-
-
-
-
-
-
-
-
-
-var TabScrollButton_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    orientation = ownerState.orientation,
-    disabled = ownerState.disabled;
-  var slots = {
-    root: ['root', orientation, disabled && 'disabled']
-  };
-  return composeClasses(slots, getTabScrollButtonUtilityClass, classes);
-};
-var TabScrollButtonRoot = styles_styled(ButtonBase_ButtonBase, {
-  name: 'MuiTabScrollButton',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.orientation && styles[ownerState.orientation]];
-  }
-})(function (_ref) {
-  var ownerState = _ref.ownerState;
-  return extends_extends(defineProperty_defineProperty({
-    width: 40,
-    flexShrink: 0,
-    opacity: 0.8
-  }, "&.".concat(TabScrollButton_tabScrollButtonClasses.disabled), {
-    opacity: 0
-  }), ownerState.orientation === 'vertical' && {
-    width: '100%',
-    height: 40,
-    '& svg': {
-      transform: "rotate(".concat(ownerState.isRtl ? -90 : 90, "deg)")
-    }
-  });
-});
-var TabScrollButton = /*#__PURE__*/react.forwardRef(function TabScrollButton(inProps, ref) {
-  var _slots$StartScrollBut, _slots$EndScrollButto;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTabScrollButton'
-  });
-  var className = props.className,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    direction = props.direction,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabScrollButton_excluded);
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ownerState = extends_extends({
-    isRtl: isRtl
-  }, props);
-  var classes = TabScrollButton_useUtilityClasses(ownerState);
-  var StartButtonIcon = (_slots$StartScrollBut = slots.StartScrollButtonIcon) != null ? _slots$StartScrollBut : KeyboardArrowLeft;
-  var EndButtonIcon = (_slots$EndScrollButto = slots.EndScrollButtonIcon) != null ? _slots$EndScrollButto : KeyboardArrowRight;
-  var startButtonIconProps = useSlotProps({
-    elementType: StartButtonIcon,
-    externalSlotProps: slotProps.startScrollButtonIcon,
-    additionalProps: {
-      fontSize: 'small'
-    },
-    ownerState: ownerState
-  });
-  var endButtonIconProps = useSlotProps({
-    elementType: EndButtonIcon,
-    externalSlotProps: slotProps.endScrollButtonIcon,
-    additionalProps: {
-      fontSize: 'small'
-    },
-    ownerState: ownerState
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabScrollButtonRoot, extends_extends({
-    component: "div",
-    className: clsx_m(classes.root, className),
-    ref: ref,
-    role: null,
-    ownerState: ownerState,
-    tabIndex: null
-  }, other, {
-    children: direction === 'left' ? /*#__PURE__*/(0,jsx_runtime.jsx)(StartButtonIcon, extends_extends({}, startButtonIconProps)) : /*#__PURE__*/(0,jsx_runtime.jsx)(EndButtonIcon, extends_extends({}, endButtonIconProps))
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TabScrollButton_TabScrollButton = (TabScrollButton);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/tabsClasses.js
-
-
-function getTabsUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabs', slot);
-}
-var tabsClasses = generateUtilityClasses('MuiTabs', ['root', 'vertical', 'flexContainer', 'flexContainerVertical', 'centered', 'scroller', 'fixed', 'scrollableX', 'scrollableY', 'hideScrollbar', 'scrollButtons', 'scrollButtonsHideMobile', 'indicator']);
-/* harmony default export */ var Tabs_tabsClasses = (tabsClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Tabs/Tabs.js
-
-
-
-
-var Tabs_excluded = ["aria-label", "aria-labelledby", "action", "centered", "children", "className", "component", "allowScrollButtonsMobile", "indicatorColor", "onChange", "orientation", "ScrollButtonComponent", "scrollButtons", "selectionFollowsFocus", "slots", "slotProps", "TabIndicatorProps", "TabScrollButtonProps", "textColor", "value", "variant", "visibleScrollbar"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var Tabs_nextItem = function nextItem(list, item) {
-  if (list === item) {
-    return list.firstChild;
-  }
-  if (item && item.nextElementSibling) {
-    return item.nextElementSibling;
-  }
-  return list.firstChild;
-};
-var Tabs_previousItem = function previousItem(list, item) {
-  if (list === item) {
-    return list.lastChild;
-  }
-  if (item && item.previousElementSibling) {
-    return item.previousElementSibling;
-  }
-  return list.lastChild;
-};
-var Tabs_moveFocus = function moveFocus(list, currentFocus, traversalFunction) {
-  var wrappedOnce = false;
-  var nextFocus = traversalFunction(list, currentFocus);
-  while (nextFocus) {
-    // Prevent infinite loop.
-    if (nextFocus === list.firstChild) {
-      if (wrappedOnce) {
-        return;
-      }
-      wrappedOnce = true;
-    }
-
-    // Same logic as useAutocomplete.js
-    var nextFocusDisabled = nextFocus.disabled || nextFocus.getAttribute('aria-disabled') === 'true';
-    if (!nextFocus.hasAttribute('tabindex') || nextFocusDisabled) {
-      // Move to the next element.
-      nextFocus = traversalFunction(list, nextFocus);
-    } else {
-      nextFocus.focus();
-      return;
-    }
-  }
-};
-var Tabs_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var vertical = ownerState.vertical,
-    fixed = ownerState.fixed,
-    hideScrollbar = ownerState.hideScrollbar,
-    scrollableX = ownerState.scrollableX,
-    scrollableY = ownerState.scrollableY,
-    centered = ownerState.centered,
-    scrollButtonsHideMobile = ownerState.scrollButtonsHideMobile,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', vertical && 'vertical'],
-    scroller: ['scroller', fixed && 'fixed', hideScrollbar && 'hideScrollbar', scrollableX && 'scrollableX', scrollableY && 'scrollableY'],
-    flexContainer: ['flexContainer', vertical && 'flexContainerVertical', centered && 'centered'],
-    indicator: ['indicator'],
-    scrollButtons: ['scrollButtons', scrollButtonsHideMobile && 'scrollButtonsHideMobile'],
-    scrollableX: [scrollableX && 'scrollableX'],
-    hideScrollbar: [hideScrollbar && 'hideScrollbar']
-  };
-  return composeClasses(slots, getTabsUtilityClass, classes);
-};
-var TabsRoot = styles_styled('div', {
-  name: 'MuiTabs',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), styles.scrollButtons), defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), ownerState.scrollButtonsHideMobile && styles.scrollButtonsHideMobile), styles.root, ownerState.vertical && styles.vertical];
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState,
-    theme = _ref3.theme;
-  return extends_extends({
-    overflow: 'hidden',
-    minHeight: 48,
-    // Add iOS momentum scrolling for iOS < 13.0
-    WebkitOverflowScrolling: 'touch',
-    display: 'flex'
-  }, ownerState.vertical && {
-    flexDirection: 'column'
-  }, ownerState.scrollButtonsHideMobile && defineProperty_defineProperty({}, "& .".concat(Tabs_tabsClasses.scrollButtons), defineProperty_defineProperty({}, theme.breakpoints.down('sm'), {
-    display: 'none'
-  })));
-});
-var TabsScroller = styles_styled('div', {
-  name: 'MuiTabs',
-  slot: 'Scroller',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.scroller, ownerState.fixed && styles.fixed, ownerState.hideScrollbar && styles.hideScrollbar, ownerState.scrollableX && styles.scrollableX, ownerState.scrollableY && styles.scrollableY];
-  }
-})(function (_ref5) {
-  var ownerState = _ref5.ownerState;
-  return extends_extends({
-    position: 'relative',
-    display: 'inline-block',
-    flex: '1 1 auto',
-    whiteSpace: 'nowrap'
-  }, ownerState.fixed && {
-    overflowX: 'hidden',
-    width: '100%'
-  }, ownerState.hideScrollbar && {
-    // Hide dimensionless scrollbar on macOS
-    scrollbarWidth: 'none',
-    // Firefox
-    '&::-webkit-scrollbar': {
-      display: 'none' // Safari + Chrome
-    }
-  }, ownerState.scrollableX && {
-    overflowX: 'auto',
-    overflowY: 'hidden'
-  }, ownerState.scrollableY && {
-    overflowY: 'auto',
-    overflowX: 'hidden'
-  });
-});
-var FlexContainer = styles_styled('div', {
-  name: 'MuiTabs',
-  slot: 'FlexContainer',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.flexContainer, ownerState.vertical && styles.flexContainerVertical, ownerState.centered && styles.centered];
-  }
-})(function (_ref6) {
-  var ownerState = _ref6.ownerState;
-  return extends_extends({
-    display: 'flex'
-  }, ownerState.vertical && {
-    flexDirection: 'column'
-  }, ownerState.centered && {
-    justifyContent: 'center'
-  });
-});
-var TabsIndicator = styles_styled('span', {
-  name: 'MuiTabs',
-  slot: 'Indicator',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.indicator;
-  }
-})(function (_ref7) {
-  var ownerState = _ref7.ownerState,
-    theme = _ref7.theme;
-  return extends_extends({
-    position: 'absolute',
-    height: 2,
-    bottom: 0,
-    width: '100%',
-    transition: theme.transitions.create()
-  }, ownerState.indicatorColor === 'primary' && {
-    backgroundColor: (theme.vars || theme).palette.primary.main
-  }, ownerState.indicatorColor === 'secondary' && {
-    backgroundColor: (theme.vars || theme).palette.secondary.main
-  }, ownerState.vertical && {
-    height: '100%',
-    width: 2,
-    right: 0
-  });
-});
-var TabsScrollbarSize = styles_styled(ScrollbarSize, {
-  name: 'MuiTabs',
-  slot: 'ScrollbarSize'
-})({
-  overflowX: 'auto',
-  overflowY: 'hidden',
-  // Hide dimensionless scrollbar on macOS
-  scrollbarWidth: 'none',
-  // Firefox
-  '&::-webkit-scrollbar': {
-    display: 'none' // Safari + Chrome
-  }
-});
-
-var defaultIndicatorStyle = {};
-var warnedOnceTabPresent = false;
-var Tabs = /*#__PURE__*/react.forwardRef(function Tabs(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTabs'
-  });
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ariaLabel = props['aria-label'],
-    ariaLabelledBy = props['aria-labelledby'],
-    action = props.action,
-    _props$centered = props.centered,
-    centered = _props$centered === void 0 ? false : _props$centered,
-    childrenProp = props.children,
-    className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    _props$allowScrollBut = props.allowScrollButtonsMobile,
-    allowScrollButtonsMobile = _props$allowScrollBut === void 0 ? false : _props$allowScrollBut,
-    _props$indicatorColor = props.indicatorColor,
-    indicatorColor = _props$indicatorColor === void 0 ? 'primary' : _props$indicatorColor,
-    onChange = props.onChange,
-    _props$orientation = props.orientation,
-    orientation = _props$orientation === void 0 ? 'horizontal' : _props$orientation,
-    _props$ScrollButtonCo = props.ScrollButtonComponent,
-    ScrollButtonComponent = _props$ScrollButtonCo === void 0 ? TabScrollButton_TabScrollButton : _props$ScrollButtonCo,
-    _props$scrollButtons = props.scrollButtons,
-    scrollButtons = _props$scrollButtons === void 0 ? 'auto' : _props$scrollButtons,
-    selectionFollowsFocus = props.selectionFollowsFocus,
-    _props$slots = props.slots,
-    slots = _props$slots === void 0 ? {} : _props$slots,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    _props$TabIndicatorPr = props.TabIndicatorProps,
-    TabIndicatorProps = _props$TabIndicatorPr === void 0 ? {} : _props$TabIndicatorPr,
-    _props$TabScrollButto = props.TabScrollButtonProps,
-    TabScrollButtonProps = _props$TabScrollButto === void 0 ? {} : _props$TabScrollButto,
-    _props$textColor = props.textColor,
-    textColor = _props$textColor === void 0 ? 'primary' : _props$textColor,
-    value = props.value,
-    _props$variant = props.variant,
-    variant = _props$variant === void 0 ? 'standard' : _props$variant,
-    _props$visibleScrollb = props.visibleScrollbar,
-    visibleScrollbar = _props$visibleScrollb === void 0 ? false : _props$visibleScrollb,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Tabs_excluded);
-  var scrollable = variant === 'scrollable';
-  var vertical = orientation === 'vertical';
-  var scrollStart = vertical ? 'scrollTop' : 'scrollLeft';
-  var start = vertical ? 'top' : 'left';
-  var end = vertical ? 'bottom' : 'right';
-  var clientSize = vertical ? 'clientHeight' : 'clientWidth';
-  var size = vertical ? 'height' : 'width';
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    allowScrollButtonsMobile: allowScrollButtonsMobile,
-    indicatorColor: indicatorColor,
-    orientation: orientation,
-    vertical: vertical,
-    scrollButtons: scrollButtons,
-    textColor: textColor,
-    variant: variant,
-    visibleScrollbar: visibleScrollbar,
-    fixed: !scrollable,
-    hideScrollbar: scrollable && !visibleScrollbar,
-    scrollableX: scrollable && !vertical,
-    scrollableY: scrollable && vertical,
-    centered: centered && !scrollable,
-    scrollButtonsHideMobile: !allowScrollButtonsMobile
-  });
-  var classes = Tabs_useUtilityClasses(ownerState);
-  var startScrollButtonIconProps = useSlotProps({
-    elementType: slots.StartScrollButtonIcon,
-    externalSlotProps: slotProps.startScrollButtonIcon,
-    ownerState: ownerState
-  });
-  var endScrollButtonIconProps = useSlotProps({
-    elementType: slots.EndScrollButtonIcon,
-    externalSlotProps: slotProps.endScrollButtonIcon,
-    ownerState: ownerState
-  });
-  if (false) {}
-  var _React$useState = react.useState(false),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    mounted = _React$useState2[0],
-    setMounted = _React$useState2[1];
-  var _React$useState3 = react.useState(defaultIndicatorStyle),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    indicatorStyle = _React$useState4[0],
-    setIndicatorStyle = _React$useState4[1];
-  var _React$useState5 = react.useState({
-      start: false,
-      end: false
-    }),
-    _React$useState6 = slicedToArray_slicedToArray(_React$useState5, 2),
-    displayScroll = _React$useState6[0],
-    setDisplayScroll = _React$useState6[1];
-  var _React$useState7 = react.useState({
-      overflow: 'hidden',
-      scrollbarWidth: 0
-    }),
-    _React$useState8 = slicedToArray_slicedToArray(_React$useState7, 2),
-    scrollerStyle = _React$useState8[0],
-    setScrollerStyle = _React$useState8[1];
-  var valueToIndex = new Map();
-  var tabsRef = react.useRef(null);
-  var tabListRef = react.useRef(null);
-  var getTabsMeta = function getTabsMeta() {
-    var tabsNode = tabsRef.current;
-    var tabsMeta;
-    if (tabsNode) {
-      var rect = tabsNode.getBoundingClientRect();
-      // create a new object with ClientRect class props + scrollLeft
-      tabsMeta = {
-        clientWidth: tabsNode.clientWidth,
-        scrollLeft: tabsNode.scrollLeft,
-        scrollTop: tabsNode.scrollTop,
-        scrollLeftNormalized: getNormalizedScrollLeft(tabsNode, theme.direction),
-        scrollWidth: tabsNode.scrollWidth,
-        top: rect.top,
-        bottom: rect.bottom,
-        left: rect.left,
-        right: rect.right
-      };
-    }
-    var tabMeta;
-    if (tabsNode && value !== false) {
-      var _children = tabListRef.current.children;
-      if (_children.length > 0) {
-        var tab = _children[valueToIndex.get(value)];
-        if (false) {}
-        tabMeta = tab ? tab.getBoundingClientRect() : null;
-        if (false) {}
-      }
-    }
-    return {
-      tabsMeta: tabsMeta,
-      tabMeta: tabMeta
-    };
-  };
-  var updateIndicatorState = utils_useEventCallback(function () {
-    var _newIndicatorStyle;
-    var _getTabsMeta = getTabsMeta(),
-      tabsMeta = _getTabsMeta.tabsMeta,
-      tabMeta = _getTabsMeta.tabMeta;
-    var startValue = 0;
-    var startIndicator;
-    if (vertical) {
-      startIndicator = 'top';
-      if (tabMeta && tabsMeta) {
-        startValue = tabMeta.top - tabsMeta.top + tabsMeta.scrollTop;
-      }
-    } else {
-      startIndicator = isRtl ? 'right' : 'left';
-      if (tabMeta && tabsMeta) {
-        var correction = isRtl ? tabsMeta.scrollLeftNormalized + tabsMeta.clientWidth - tabsMeta.scrollWidth : tabsMeta.scrollLeft;
-        startValue = (isRtl ? -1 : 1) * (tabMeta[startIndicator] - tabsMeta[startIndicator] + correction);
-      }
-    }
-    var newIndicatorStyle = (_newIndicatorStyle = {}, defineProperty_defineProperty(_newIndicatorStyle, startIndicator, startValue), defineProperty_defineProperty(_newIndicatorStyle, size, tabMeta ? tabMeta[size] : 0), _newIndicatorStyle);
-
-    // IE11 support, replace with Number.isNaN
-    // eslint-disable-next-line no-restricted-globals
-    if (isNaN(indicatorStyle[startIndicator]) || isNaN(indicatorStyle[size])) {
-      setIndicatorStyle(newIndicatorStyle);
-    } else {
-      var dStart = Math.abs(indicatorStyle[startIndicator] - newIndicatorStyle[startIndicator]);
-      var dSize = Math.abs(indicatorStyle[size] - newIndicatorStyle[size]);
-      if (dStart >= 1 || dSize >= 1) {
-        setIndicatorStyle(newIndicatorStyle);
-      }
-    }
-  });
-  var scroll = function scroll(scrollValue) {
-    var _ref8 = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
-      _ref8$animation = _ref8.animation,
-      animation = _ref8$animation === void 0 ? true : _ref8$animation;
-    if (animation) {
-      animate(scrollStart, tabsRef.current, scrollValue, {
-        duration: theme.transitions.duration.standard
-      });
-    } else {
-      tabsRef.current[scrollStart] = scrollValue;
-    }
-  };
-  var moveTabsScroll = function moveTabsScroll(delta) {
-    var scrollValue = tabsRef.current[scrollStart];
-    if (vertical) {
-      scrollValue += delta;
-    } else {
-      scrollValue += delta * (isRtl ? -1 : 1);
-      // Fix for Edge
-      scrollValue *= isRtl && detectScrollType() === 'reverse' ? -1 : 1;
-    }
-    scroll(scrollValue);
-  };
-  var getScrollSize = function getScrollSize() {
-    var containerSize = tabsRef.current[clientSize];
-    var totalSize = 0;
-    var children = Array.from(tabListRef.current.children);
-    for (var i = 0; i < children.length; i += 1) {
-      var tab = children[i];
-      if (totalSize + tab[clientSize] > containerSize) {
-        // If the first item is longer than the container size, then only scroll
-        // by the container size.
-        if (i === 0) {
-          totalSize = containerSize;
-        }
-        break;
-      }
-      totalSize += tab[clientSize];
-    }
-    return totalSize;
-  };
-  var handleStartScrollClick = function handleStartScrollClick() {
-    moveTabsScroll(-1 * getScrollSize());
-  };
-  var handleEndScrollClick = function handleEndScrollClick() {
-    moveTabsScroll(getScrollSize());
-  };
-
-  // TODO Remove <ScrollbarSize /> as browser support for hiding the scrollbar
-  // with CSS improves.
-  var handleScrollbarSizeChange = react.useCallback(function (scrollbarWidth) {
-    setScrollerStyle({
-      overflow: null,
-      scrollbarWidth: scrollbarWidth
-    });
-  }, []);
-  var getConditionalElements = function getConditionalElements() {
-    var conditionalElements = {};
-    conditionalElements.scrollbarSizeListener = scrollable ? /*#__PURE__*/(0,jsx_runtime.jsx)(TabsScrollbarSize, {
-      onChange: handleScrollbarSizeChange,
-      className: clsx_m(classes.scrollableX, classes.hideScrollbar)
-    }) : null;
-    var scrollButtonsActive = displayScroll.start || displayScroll.end;
-    var showScrollButtons = scrollable && (scrollButtons === 'auto' && scrollButtonsActive || scrollButtons === true);
-    conditionalElements.scrollButtonStart = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
-      slots: {
-        StartScrollButtonIcon: slots.StartScrollButtonIcon
-      },
-      slotProps: {
-        startScrollButtonIcon: startScrollButtonIconProps
-      },
-      orientation: orientation,
-      direction: isRtl ? 'right' : 'left',
-      onClick: handleStartScrollClick,
-      disabled: !displayScroll.start
-    }, TabScrollButtonProps, {
-      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
-    })) : null;
-    conditionalElements.scrollButtonEnd = showScrollButtons ? /*#__PURE__*/(0,jsx_runtime.jsx)(ScrollButtonComponent, extends_extends({
-      slots: {
-        EndScrollButtonIcon: slots.EndScrollButtonIcon
-      },
-      slotProps: {
-        endScrollButtonIcon: endScrollButtonIconProps
-      },
-      orientation: orientation,
-      direction: isRtl ? 'left' : 'right',
-      onClick: handleEndScrollClick,
-      disabled: !displayScroll.end
-    }, TabScrollButtonProps, {
-      className: clsx_m(classes.scrollButtons, TabScrollButtonProps.className)
-    })) : null;
-    return conditionalElements;
-  };
-  var scrollSelectedIntoView = utils_useEventCallback(function (animation) {
-    var _getTabsMeta2 = getTabsMeta(),
-      tabsMeta = _getTabsMeta2.tabsMeta,
-      tabMeta = _getTabsMeta2.tabMeta;
-    if (!tabMeta || !tabsMeta) {
-      return;
-    }
-    if (tabMeta[start] < tabsMeta[start]) {
-      // left side of button is out of view
-      var nextScrollStart = tabsMeta[scrollStart] + (tabMeta[start] - tabsMeta[start]);
-      scroll(nextScrollStart, {
-        animation: animation
-      });
-    } else if (tabMeta[end] > tabsMeta[end]) {
-      // right side of button is out of view
-      var _nextScrollStart = tabsMeta[scrollStart] + (tabMeta[end] - tabsMeta[end]);
-      scroll(_nextScrollStart, {
-        animation: animation
-      });
-    }
-  });
-  var updateScrollButtonState = utils_useEventCallback(function () {
-    if (scrollable && scrollButtons !== false) {
-      var _tabsRef$current = tabsRef.current,
-        scrollTop = _tabsRef$current.scrollTop,
-        scrollHeight = _tabsRef$current.scrollHeight,
-        clientHeight = _tabsRef$current.clientHeight,
-        scrollWidth = _tabsRef$current.scrollWidth,
-        clientWidth = _tabsRef$current.clientWidth;
-      var showStartScroll;
-      var showEndScroll;
-      if (vertical) {
-        showStartScroll = scrollTop > 1;
-        showEndScroll = scrollTop < scrollHeight - clientHeight - 1;
-      } else {
-        var scrollLeft = getNormalizedScrollLeft(tabsRef.current, theme.direction);
-        // use 1 for the potential rounding error with browser zooms.
-        showStartScroll = isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
-        showEndScroll = !isRtl ? scrollLeft < scrollWidth - clientWidth - 1 : scrollLeft > 1;
-      }
-      if (showStartScroll !== displayScroll.start || showEndScroll !== displayScroll.end) {
-        setDisplayScroll({
-          start: showStartScroll,
-          end: showEndScroll
-        });
-      }
-    }
-  });
-  react.useEffect(function () {
-    var handleResize = utils_debounce(function () {
-      // If the Tabs component is replaced by Suspense with a fallback, the last
-      // ResizeObserver's handler that runs because of the change in the layout is trying to
-      // access a dom node that is no longer there (as the fallback component is being shown instead).
-      // See https://github.com/mui/material-ui/issues/33276
-      // TODO: Add tests that will ensure the component is not failing when
-      // replaced by Suspense with a fallback, once React is updated to version 18
-      if (tabsRef.current) {
-        updateIndicatorState();
-        updateScrollButtonState();
-      }
-    });
-    var win = utils_ownerWindow(tabsRef.current);
-    win.addEventListener('resize', handleResize);
-    var resizeObserver;
-    if (typeof ResizeObserver !== 'undefined') {
-      resizeObserver = new ResizeObserver(handleResize);
-      Array.from(tabListRef.current.children).forEach(function (child) {
-        resizeObserver.observe(child);
-      });
-    }
-    return function () {
-      handleResize.clear();
-      win.removeEventListener('resize', handleResize);
-      if (resizeObserver) {
-        resizeObserver.disconnect();
-      }
-    };
-  }, [updateIndicatorState, updateScrollButtonState]);
-  var handleTabsScroll = react.useMemo(function () {
-    return utils_debounce(function () {
-      updateScrollButtonState();
-    });
-  }, [updateScrollButtonState]);
-  react.useEffect(function () {
-    return function () {
-      handleTabsScroll.clear();
-    };
-  }, [handleTabsScroll]);
-  react.useEffect(function () {
-    setMounted(true);
-  }, []);
-  react.useEffect(function () {
-    updateIndicatorState();
-    updateScrollButtonState();
-  });
-  react.useEffect(function () {
-    // Don't animate on the first render.
-    scrollSelectedIntoView(defaultIndicatorStyle !== indicatorStyle);
-  }, [scrollSelectedIntoView, indicatorStyle]);
-  react.useImperativeHandle(action, function () {
-    return {
-      updateIndicator: updateIndicatorState,
-      updateScrollButtons: updateScrollButtonState
-    };
-  }, [updateIndicatorState, updateScrollButtonState]);
-  var indicator = /*#__PURE__*/(0,jsx_runtime.jsx)(TabsIndicator, extends_extends({}, TabIndicatorProps, {
-    className: clsx_m(classes.indicator, TabIndicatorProps.className),
-    ownerState: ownerState,
-    style: extends_extends({}, indicatorStyle, TabIndicatorProps.style)
-  }));
-  var childIndex = 0;
-  var children = react.Children.map(childrenProp, function (child) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      return null;
-    }
-    if (false) {}
-    var childValue = child.props.value === undefined ? childIndex : child.props.value;
-    valueToIndex.set(childValue, childIndex);
-    var selected = childValue === value;
-    childIndex += 1;
-    return /*#__PURE__*/react.cloneElement(child, extends_extends({
-      fullWidth: variant === 'fullWidth',
-      indicator: selected && !mounted && indicator,
-      selected: selected,
-      selectionFollowsFocus: selectionFollowsFocus,
-      onChange: onChange,
-      textColor: textColor,
-      value: childValue
-    }, childIndex === 1 && value === false && !child.props.tabIndex ? {
-      tabIndex: 0
-    } : {}));
-  });
-  var handleKeyDown = function handleKeyDown(event) {
-    var list = tabListRef.current;
-    var currentFocus = utils_ownerDocument(list).activeElement;
-    // Keyboard navigation assumes that [role="tab"] are siblings
-    // though we might warn in the future about nested, interactive elements
-    // as a a11y violation
-    var role = currentFocus.getAttribute('role');
-    if (role !== 'tab') {
-      return;
-    }
-    var previousItemKey = orientation === 'horizontal' ? 'ArrowLeft' : 'ArrowUp';
-    var nextItemKey = orientation === 'horizontal' ? 'ArrowRight' : 'ArrowDown';
-    if (orientation === 'horizontal' && isRtl) {
-      // swap previousItemKey with nextItemKey
-      previousItemKey = 'ArrowRight';
-      nextItemKey = 'ArrowLeft';
-    }
-    switch (event.key) {
-      case previousItemKey:
-        event.preventDefault();
-        Tabs_moveFocus(list, currentFocus, Tabs_previousItem);
-        break;
-      case nextItemKey:
-        event.preventDefault();
-        Tabs_moveFocus(list, currentFocus, Tabs_nextItem);
-        break;
-      case 'Home':
-        event.preventDefault();
-        Tabs_moveFocus(list, null, Tabs_nextItem);
-        break;
-      case 'End':
-        event.preventDefault();
-        Tabs_moveFocus(list, null, Tabs_previousItem);
-        break;
-      default:
-        break;
-    }
-  };
-  var conditionalElements = getConditionalElements();
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref,
-    as: component
-  }, other, {
-    children: [conditionalElements.scrollButtonStart, conditionalElements.scrollbarSizeListener, /*#__PURE__*/(0,jsx_runtime.jsxs)(TabsScroller, {
-      className: classes.scroller,
-      ownerState: ownerState,
-      style: defineProperty_defineProperty({
-        overflow: scrollerStyle.overflow
-      }, vertical ? "margin".concat(isRtl ? 'Left' : 'Right') : 'marginBottom', visibleScrollbar ? undefined : -scrollerStyle.scrollbarWidth),
-      ref: tabsRef,
-      onScroll: handleTabsScroll,
-      children: [/*#__PURE__*/(0,jsx_runtime.jsx)(FlexContainer, {
-        "aria-label": ariaLabel,
-        "aria-labelledby": ariaLabelledBy,
-        "aria-orientation": orientation === 'vertical' ? 'vertical' : null,
-        className: classes.flexContainer,
-        ownerState: ownerState,
-        onKeyDown: handleKeyDown,
-        ref: tabListRef,
-        role: "tablist",
-        children: children
-      }), mounted && indicator]
-    }), conditionalElements.scrollButtonEnd]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Tabs_Tabs = (Tabs);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabList/TabList.js
-
-
-var TabList_excluded = ["children"];
-
-
-
-
-
-var TabList = /*#__PURE__*/react.forwardRef(function TabList(props, ref) {
-  var childrenProp = props.children,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabList_excluded);
-  var context = useTabContext();
-  if (context === null) {
-    throw new TypeError('No TabContext provided');
-  }
-  var children = react.Children.map(childrenProp, function (child) {
-    if (! /*#__PURE__*/react.isValidElement(child)) {
-      return null;
-    }
-    return /*#__PURE__*/react.cloneElement(child, {
-      // SOMEDAY: `Tabs` will set those themselves
-      'aria-controls': getPanelId(context, child.props.value),
-      id: getTabId(context, child.props.value)
-    });
-  });
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Tabs_Tabs, extends_extends({}, other, {
-    ref: ref,
-    value: context.value,
-    children: children
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TabList_TabList = (TabList);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/tabPanelClasses.js
-
-
-function getTabPanelUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTabPanel', slot);
-}
-var tabPanelClasses = generateUtilityClasses('MuiTabPanel', ['root']);
-/* harmony default export */ var TabPanel_tabPanelClasses = ((/* unused pure expression or super */ null && (tabPanelClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TabPanel/TabPanel.js
-
-
-var TabPanel_excluded = ["children", "className", "value"];
-
-
-
-
-
-
-
-
-var TabPanel_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTabPanelUtilityClass, classes);
-};
-var TabPanelRoot = styles_styled('div', {
-  name: 'MuiTabPanel',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})(function (_ref) {
-  var theme = _ref.theme;
-  return {
-    padding: theme.spacing(3)
-  };
-});
-var TabPanel = /*#__PURE__*/react.forwardRef(function TabPanel(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTabPanel'
-  });
-  var children = props.children,
-    className = props.className,
-    value = props.value,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TabPanel_excluded);
-  var ownerState = extends_extends({}, props);
-  var classes = TabPanel_useUtilityClasses(ownerState);
-  var context = useTabContext();
-  if (context === null) {
-    throw new TypeError('No TabContext provided');
-  }
-  var id = getPanelId(context, value);
-  var tabId = getTabId(context, value);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TabPanelRoot, extends_extends({
-    "aria-labelledby": tabId,
-    className: clsx_m(classes.root, className),
-    hidden: value !== context.value,
-    id: id,
-    ref: ref,
-    role: "tabpanel",
-    ownerState: ownerState
-  }, other, {
-    children: value === context.value && children
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TabPanel_TabPanel = (TabPanel);
-;// CONCATENATED MODULE: ./src/components/result-view/SidePanel.tsx
-function useSidePanelTabs(provider){var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedTab=_useState2[0],setSelectedTab=_useState2[1];var handleTabChange=(0,react.useCallback)(function(_e,value){setSelectedTab(value);},[]);var tabs=(0,react.useMemo)(function(){return(provider===null||provider===void 0?void 0:provider.buildSidePanelTabs())||[];},[provider]);(0,react.useEffect)(function(){if(!(tabs!==null&&tabs!==void 0&&tabs.length)){setSelectedTab("");return;}if(!selectedTab){setSelectedTab(tabs[0].label);return;}if(!tabs.find(function(x){return x.label===selectedTab;})){// reset it after the type of selected item has changed
-setSelectedTab(tabs[0].label);}},[selectedTab,tabs]);return{tabs:tabs,selectedTab:selectedTab,handleTabChange:handleTabChange};}var SidePanel=function SidePanel(props){var theme=styles_useTheme_useTheme();var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}if(!props.provider){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minHeight:theme.consts.appBarHeight,display:"flex",flexDirection:"column",flex:"0 0 auto",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"1 1 auto",display:"flex",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",pt:"25px",pl:"35px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h4",children:props.provider.buildSidePanelTitle()})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",pt:"10px",pr:"10px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseIcon,{})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_light,children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'10px 0'},children:tab.content})})},tab.label);})})]})});};
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/TableContext.js
-
-
-/**
- * @ignore - internal component.
- */
-var TableContext = /*#__PURE__*/react.createContext();
-if (false) {}
-/* harmony default export */ var Table_TableContext = (TableContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/tableClasses.js
-
-
-function getTableUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTable', slot);
-}
-var tableClasses = generateUtilityClasses('MuiTable', ['root', 'stickyHeader']);
-/* harmony default export */ var Table_tableClasses = ((/* unused pure expression or super */ null && (tableClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Table.js
-
-
-var Table_excluded = ["className", "component", "padding", "size", "stickyHeader"];
-
-
-
-
-
-
-
-
-
-var Table_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    stickyHeader = ownerState.stickyHeader;
-  var slots = {
-    root: ['root', stickyHeader && 'stickyHeader']
-  };
-  return composeClasses(slots, getTableUtilityClass, classes);
-};
-var TableRoot = styles_styled('table', {
-  name: 'MuiTable',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.stickyHeader && styles.stickyHeader];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    display: 'table',
-    width: '100%',
-    borderCollapse: 'collapse',
-    borderSpacing: 0,
-    '& caption': extends_extends({}, theme.typography.body2, {
-      padding: theme.spacing(2),
-      color: (theme.vars || theme).palette.text.secondary,
-      textAlign: 'left',
-      captionSide: 'bottom'
-    })
-  }, ownerState.stickyHeader && {
-    borderCollapse: 'separate'
-  });
-});
-var defaultComponent = 'table';
-var Table = /*#__PURE__*/react.forwardRef(function Table(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTable'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? defaultComponent : _props$component,
-    _props$padding = props.padding,
-    padding = _props$padding === void 0 ? 'normal' : _props$padding,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 'medium' : _props$size,
-    _props$stickyHeader = props.stickyHeader,
-    stickyHeader = _props$stickyHeader === void 0 ? false : _props$stickyHeader,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Table_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    padding: padding,
-    size: size,
-    stickyHeader: stickyHeader
-  });
-  var classes = Table_useUtilityClasses(ownerState);
-  var table = react.useMemo(function () {
-    return {
-      padding: padding,
-      size: size,
-      stickyHeader: stickyHeader
-    };
-  }, [padding, size, stickyHeader]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_TableContext.Provider, {
-    value: table,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableRoot, extends_extends({
-      as: component,
-      role: component === defaultComponent ? null : 'table',
-      ref: ref,
-      className: clsx_m(classes.root, className),
-      ownerState: ownerState
-    }, other))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var Table_Table = (Table);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Table/Tablelvl2Context.js
-
-
-/**
- * @ignore - internal component.
- */
-var Tablelvl2Context = /*#__PURE__*/react.createContext();
-if (false) {}
-/* harmony default export */ var Table_Tablelvl2Context = (Tablelvl2Context);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/tableBodyClasses.js
-
-
-function getTableBodyUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableBody', slot);
-}
-var tableBodyClasses = generateUtilityClasses('MuiTableBody', ['root']);
-/* harmony default export */ var TableBody_tableBodyClasses = ((/* unused pure expression or super */ null && (tableBodyClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableBody/TableBody.js
-
-
-var TableBody_excluded = ["className", "component"];
-
-
-
-
-
-
-
-
-
-var TableBody_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTableBodyUtilityClass, classes);
-};
-var TableBodyRoot = styles_styled('tbody', {
-  name: 'MuiTableBody',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  display: 'table-row-group'
-});
-var tablelvl2 = {
-  variant: 'body'
-};
-var TableBody_defaultComponent = 'tbody';
-var TableBody = /*#__PURE__*/react.forwardRef(function TableBody(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableBody'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableBody_defaultComponent : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableBody_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
-  });
-  var classes = TableBody_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
-    value: tablelvl2,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableBodyRoot, extends_extends({
-      className: clsx_m(classes.root, className),
-      as: component,
-      ref: ref,
-      role: component === TableBody_defaultComponent ? null : 'rowgroup',
-      ownerState: ownerState
-    }, other))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableBody_TableBody = (TableBody);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/tableCellClasses.js
-
-
-function getTableCellUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableCell', slot);
-}
-var tableCellClasses = generateUtilityClasses('MuiTableCell', ['root', 'head', 'body', 'footer', 'sizeSmall', 'sizeMedium', 'paddingCheckbox', 'paddingNone', 'alignLeft', 'alignCenter', 'alignRight', 'alignJustify', 'stickyHeader']);
-/* harmony default export */ var TableCell_tableCellClasses = (tableCellClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableCell/TableCell.js
-
-
-
-var TableCell_excluded = ["align", "className", "component", "padding", "scope", "size", "sortDirection", "variant"];
-
-
-
-
-
-
-
-
-
-
-
-
-var TableCell_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    variant = ownerState.variant,
-    align = ownerState.align,
-    padding = ownerState.padding,
-    size = ownerState.size,
-    stickyHeader = ownerState.stickyHeader;
-  var slots = {
-    root: ['root', variant, stickyHeader && 'stickyHeader', align !== 'inherit' && "align".concat(utils_capitalize(align)), padding !== 'normal' && "padding".concat(utils_capitalize(padding)), "size".concat(utils_capitalize(size))]
-  };
-  return composeClasses(slots, getTableCellUtilityClass, classes);
-};
-var TableCellRoot = styles_styled('td', {
-  name: 'MuiTableCell',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.variant], styles["size".concat(utils_capitalize(ownerState.size))], ownerState.padding !== 'normal' && styles["padding".concat(utils_capitalize(ownerState.padding))], ownerState.align !== 'inherit' && styles["align".concat(utils_capitalize(ownerState.align))], ownerState.stickyHeader && styles.stickyHeader];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({}, theme.typography.body2, {
-    display: 'table-cell',
-    verticalAlign: 'inherit',
-    // Workaround for a rendering bug with spanned columns in Chrome 62.0.
-    // Removes the alpha (sets it to 1), and lightens or darkens the theme color.
-    borderBottom: theme.vars ? "1px solid ".concat(theme.vars.palette.TableCell.border) : "1px solid\n    ".concat(theme.palette.mode === 'light' ? lighten(alpha(theme.palette.divider, 1), 0.88) : darken(alpha(theme.palette.divider, 1), 0.68)),
-    textAlign: 'left',
-    padding: 16
-  }, ownerState.variant === 'head' && {
-    color: (theme.vars || theme).palette.text.primary,
-    lineHeight: theme.typography.pxToRem(24),
-    fontWeight: theme.typography.fontWeightMedium
-  }, ownerState.variant === 'body' && {
-    color: (theme.vars || theme).palette.text.primary
-  }, ownerState.variant === 'footer' && {
-    color: (theme.vars || theme).palette.text.secondary,
-    lineHeight: theme.typography.pxToRem(21),
-    fontSize: theme.typography.pxToRem(12)
-  }, ownerState.size === 'small' && defineProperty_defineProperty({
-    padding: '6px 16px'
-  }, "&.".concat(TableCell_tableCellClasses.paddingCheckbox), {
-    width: 24,
-    // prevent the checkbox column from growing
-    padding: '0 12px 0 16px',
-    '& > *': {
-      padding: 0
-    }
-  }), ownerState.padding === 'checkbox' && {
-    width: 48,
-    // prevent the checkbox column from growing
-    padding: '0 0 0 4px'
-  }, ownerState.padding === 'none' && {
-    padding: 0
-  }, ownerState.align === 'left' && {
-    textAlign: 'left'
-  }, ownerState.align === 'center' && {
-    textAlign: 'center'
-  }, ownerState.align === 'right' && {
-    textAlign: 'right',
-    flexDirection: 'row-reverse'
-  }, ownerState.align === 'justify' && {
-    textAlign: 'justify'
-  }, ownerState.stickyHeader && {
-    position: 'sticky',
-    top: 0,
-    zIndex: 2,
-    backgroundColor: (theme.vars || theme).palette.background.default
-  });
-});
-
-/**
- * The component renders a `<th>` element when the parent context is a header
- * or otherwise a `<td>` element.
- */
-var TableCell = /*#__PURE__*/react.forwardRef(function TableCell(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableCell'
-  });
-  var _props$align = props.align,
-    align = _props$align === void 0 ? 'inherit' : _props$align,
-    className = props.className,
-    componentProp = props.component,
-    paddingProp = props.padding,
-    scopeProp = props.scope,
-    sizeProp = props.size,
-    sortDirection = props.sortDirection,
-    variantProp = props.variant,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableCell_excluded);
-  var table = react.useContext(Table_TableContext);
-  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
-  var isHeadCell = tablelvl2 && tablelvl2.variant === 'head';
-  var component;
-  if (componentProp) {
-    component = componentProp;
-  } else {
-    component = isHeadCell ? 'th' : 'td';
-  }
-  var scope = scopeProp;
-  // scope is not a valid attribute for <td/> elements.
-  // source: https://html.spec.whatwg.org/multipage/tables.html#the-td-element
-  if (component === 'td') {
-    scope = undefined;
-  } else if (!scope && isHeadCell) {
-    scope = 'col';
-  }
-  var variant = variantProp || tablelvl2 && tablelvl2.variant;
-  var ownerState = extends_extends({}, props, {
-    align: align,
-    component: component,
-    padding: paddingProp || (table && table.padding ? table.padding : 'normal'),
-    size: sizeProp || (table && table.size ? table.size : 'medium'),
-    sortDirection: sortDirection,
-    stickyHeader: variant === 'head' && table && table.stickyHeader,
-    variant: variant
-  });
-  var classes = TableCell_useUtilityClasses(ownerState);
-  var ariaSort = null;
-  if (sortDirection) {
-    ariaSort = sortDirection === 'asc' ? 'ascending' : 'descending';
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableCellRoot, extends_extends({
-    as: component,
-    ref: ref,
-    className: clsx_m(classes.root, className),
-    "aria-sort": ariaSort,
-    scope: scope,
-    ownerState: ownerState
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableCell_TableCell = (TableCell);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/tableContainerClasses.js
-
-
-function getTableContainerUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableContainer', slot);
-}
-var tableContainerClasses = generateUtilityClasses('MuiTableContainer', ['root']);
-/* harmony default export */ var TableContainer_tableContainerClasses = ((/* unused pure expression or super */ null && (tableContainerClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableContainer/TableContainer.js
-
-
-var TableContainer_excluded = ["className", "component"];
-
-
-
-
-
-
-
-
-var TableContainer_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTableContainerUtilityClass, classes);
-};
-var TableContainerRoot = styles_styled('div', {
-  name: 'MuiTableContainer',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  width: '100%',
-  overflowX: 'auto'
-});
-var TableContainer = /*#__PURE__*/react.forwardRef(function TableContainer(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableContainer'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? 'div' : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableContainer_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
-  });
-  var classes = TableContainer_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableContainerRoot, extends_extends({
-    ref: ref,
-    as: component,
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableContainer_TableContainer = (TableContainer);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/tableHeadClasses.js
-
-
-function getTableHeadUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableHead', slot);
-}
-var tableHeadClasses = generateUtilityClasses('MuiTableHead', ['root']);
-/* harmony default export */ var TableHead_tableHeadClasses = ((/* unused pure expression or super */ null && (tableHeadClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableHead/TableHead.js
-
-
-var TableHead_excluded = ["className", "component"];
-
-
-
-
-
-
-
-
-
-var TableHead_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTableHeadUtilityClass, classes);
-};
-var TableHeadRoot = styles_styled('thead', {
-  name: 'MuiTableHead',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  display: 'table-header-group'
-});
-var TableHead_tablelvl2 = {
-  variant: 'head'
-};
-var TableHead_defaultComponent = 'thead';
-var TableHead = /*#__PURE__*/react.forwardRef(function TableHead(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableHead'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableHead_defaultComponent : _props$component,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableHead_excluded);
-  var ownerState = extends_extends({}, props, {
-    component: component
-  });
-  var classes = TableHead_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(Table_Tablelvl2Context.Provider, {
-    value: TableHead_tablelvl2,
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(TableHeadRoot, extends_extends({
-      as: component,
-      className: clsx_m(classes.root, className),
-      ref: ref,
-      role: component === TableHead_defaultComponent ? null : 'rowgroup',
-      ownerState: ownerState
-    }, other))
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableHead_TableHead = (TableHead);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/tableRowClasses.js
-
-
-function getTableRowUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTableRow', slot);
-}
-var tableRowClasses = generateUtilityClasses('MuiTableRow', ['root', 'selected', 'hover', 'head', 'footer']);
-/* harmony default export */ var TableRow_tableRowClasses = (tableRowClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/TableRow/TableRow.js
-
-
-
-var TableRow_excluded = ["className", "component", "hover", "selected"];
-
-
-
-
-
-
-
-
-
-
-var TableRow_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    selected = ownerState.selected,
-    hover = ownerState.hover,
-    head = ownerState.head,
-    footer = ownerState.footer;
-  var slots = {
-    root: ['root', selected && 'selected', hover && 'hover', head && 'head', footer && 'footer']
-  };
-  return composeClasses(slots, getTableRowUtilityClass, classes);
-};
-var TableRowRoot = styles_styled('tr', {
-  name: 'MuiTableRow',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.head && styles.head, ownerState.footer && styles.footer];
-  }
-})(function (_ref) {
-  var _ref2;
-  var theme = _ref.theme;
-  return _ref2 = {
-    color: 'inherit',
-    display: 'table-row',
-    verticalAlign: 'middle',
-    // We disable the focus ring for mouse, touch and keyboard users.
-    outline: 0
-  }, defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.hover, ":hover"), {
-    backgroundColor: (theme.vars || theme).palette.action.hover
-  }), defineProperty_defineProperty(_ref2, "&.".concat(TableRow_tableRowClasses.selected), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
-    '&:hover': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity)
-    }
-  }), _ref2;
-});
-var TableRow_defaultComponent = 'tr';
-/**
- * Will automatically set dynamic row height
- * based on the material table element parent (head, body, etc).
- */
-var TableRow = /*#__PURE__*/react.forwardRef(function TableRow(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTableRow'
-  });
-  var className = props.className,
-    _props$component = props.component,
-    component = _props$component === void 0 ? TableRow_defaultComponent : _props$component,
-    _props$hover = props.hover,
-    hover = _props$hover === void 0 ? false : _props$hover,
-    _props$selected = props.selected,
-    selected = _props$selected === void 0 ? false : _props$selected,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TableRow_excluded);
-  var tablelvl2 = react.useContext(Table_Tablelvl2Context);
-  var ownerState = extends_extends({}, props, {
-    component: component,
-    hover: hover,
-    selected: selected,
-    head: tablelvl2 && tablelvl2.variant === 'head',
-    footer: tablelvl2 && tablelvl2.variant === 'footer'
-  });
-  var classes = TableRow_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TableRowRoot, extends_extends({
-    as: component,
-    ref: ref,
-    className: clsx_m(classes.root, className),
-    role: component === TableRow_defaultComponent ? null : 'row',
-    ownerState: ownerState
-  }, other));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TableRow_TableRow = (TableRow);
-;// CONCATENATED MODULE: ./src/components/PropertiesTable.tsx
-function PropertiesTable(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Name"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Value"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.properties.map(function(row){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.name}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:row.value})]},row.name);})})]})});}
-// EXTERNAL MODULE: ./node_modules/js-sha256/src/sha256.js
-var sha256 = __webpack_require__(981);
-;// CONCATENATED MODULE: ./src/utils/listKey.ts
-function buildListKey(o){var j=JSON.stringify(o);return (0,sha256.sha256)(j);}
-;// CONCATENATED MODULE: ./src/components/result-view/ChangesTable.tsx
-var RefList=function RefList(props){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:props.title}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Kind"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Namespace"})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:"Name"})})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:props.refs.map(function(ref){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:buildRefKindElement(ref)}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.namespace})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:ref.name})})]},buildRefString(ref));})})]})})]});};function ChangesTable(props){var changedObjects;if(props.diffStatus.changedObjects.length){changedObjects=/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{py:"10px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{align:"center",variant:"h5",children:"Changed Objects"}),props.diffStatus.changedObjects.map(function(co){var _co$changes;return/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(TableHead_TableHead,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableRow_TableRow,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{align:"left",colSpan:2,sx:{padding:'24px 16px 5px 16px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{sx:{fontWeight:500,fontSize:'20px',lineHeight:'27px',letterSpacing:'1px'},children:buildRefString(co.ref)})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Path"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Changes"})]})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.map(function(c){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:"100px",sx:{overflowWrap:"anywhere"},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{children:c.jsonPath})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:c.unifiedDiff||"",language:"diff"})})]},buildListKey(c));})})]})},buildRefString(co.ref));})]});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",display:"flex",flexDirection:"column",children:[props.diffStatus.newObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"New Objects",refs:props.diffStatus.newObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.deletedObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Deleted Objects",refs:props.diffStatus.deletedObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),props.diffStatus.orphanObjects.length?/*#__PURE__*/(0,jsx_runtime.jsx)(RefList,{title:"Orphan Objects",refs:props.diffStatus.orphanObjects}):/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{}),changedObjects]});}
-;// CONCATENATED MODULE: ./src/components/ErrorsTable.tsx
-function ErrorsTable(props){var _props$errors;return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TableContainer_TableContainer,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(Table_Table,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableHead_TableHead,{children:/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Ref"}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:"Message"})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableBody_TableBody,{children:(_props$errors=props.errors)===null||_props$errors===void 0?void 0:_props$errors.map(function(e){return/*#__PURE__*/(0,jsx_runtime.jsxs)(TableRow_TableRow,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{sx:{minWidth:"150px"},children:/*#__PURE__*/(0,jsx_runtime.jsxs)(List_List,{disablePadding:true,children:[buildRefKindElement(e.ref,/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.kind})})})),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.name})}),e.ref.namespace&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),/*#__PURE__*/(0,jsx_runtime.jsx)(ListItem_ListItem,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(ListItemText_ListItemText,{primary:e.ref.namespace})})]})]})}),/*#__PURE__*/(0,jsx_runtime.jsx)(TableCell_TableCell,{children:e.message})]},buildListKey(e));})})]})})})});}
-;// CONCATENATED MODULE: ./src/components/ObjectYaml.tsx
-var ObjectYaml=function ObjectYaml(props){var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(/*#__PURE__*/asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(){var o;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getResultObject(props.treeProps.summary.id,props.objectRef,props.objectType);case 2:o=_context.sent;return _context.abrupt("return",dump(o));case 4:case"end":return _context.stop();}},_callee);})),[props.treeProps.summary.id,props.objectRef,props.objectType]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],error=_useLoadingHelper2[1],content=_useLoadingHelper2[2];if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(error){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}else{return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:content,language:"yaml"});}};
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeData.tsx
-var DiffStatus=/*#__PURE__*/function(){function DiffStatus(){classCallCheck_classCallCheck(this,DiffStatus);this.newObjects=[];this.deletedObjects=[];this.orphanObjects=[];this.changedObjects=[];this.totalInsertions=0;this.totalDeletions=0;this.totalUpdates=0;}createClass_createClass(DiffStatus,[{key:"addChangedObject",value:function addChangedObject(co){var _co$changes,_this=this;this.changedObjects.push(co);(_co$changes=co.changes)===null||_co$changes===void 0?void 0:_co$changes.forEach(function(x){switch(x.type){case"insert":_this.totalInsertions++;break;case"delete":_this.totalDeletions++;break;case"update":_this.totalUpdates++;break;}});}},{key:"merge",value:function merge(other){this.newObjects=this.newObjects.concat(other.newObjects);this.deletedObjects=this.deletedObjects.concat(other.deletedObjects);this.orphanObjects=this.orphanObjects.concat(other.orphanObjects);this.changedObjects=this.changedObjects.concat(other.changedObjects);this.totalInsertions+=other.totalInsertions;this.totalDeletions+=other.totalDeletions;this.totalUpdates+=other.totalUpdates;}},{key:"hasDiffs",value:function hasDiffs(){if(this.newObjects.length||this.deletedObjects.length||this.orphanObjects.length){return true;}if(this.changedObjects.find(function(co){var _co$changes2;return((_co$changes2=co.changes)===null||_co$changes2===void 0?void 0:_co$changes2.length)!==0;})){return true;}return false;}}]);return DiffStatus;}();var HealthStatus=/*#__PURE__*/function(){function HealthStatus(){classCallCheck_classCallCheck(this,HealthStatus);this.errors=[];this.warnings=[];}createClass_createClass(HealthStatus,[{key:"merge",value:function merge(other){this.errors=this.errors.concat(other.errors);this.warnings=this.warnings.concat(other.warnings);}}]);return HealthStatus;}();var NodeData=/*#__PURE__*/function(){function NodeData(props,id,hasHealthStatus,hasDiffStatus){classCallCheck_classCallCheck(this,NodeData);this.props=void 0;this.id=void 0;this.children=[];this.healthStatus=void 0;this.diffStatus=void 0;this.props=props;this.id=id;if(hasHealthStatus){this.healthStatus=new HealthStatus();}if(hasDiffStatus){this.diffStatus=new DiffStatus();}}createClass_createClass(NodeData,[{key:"pushChild",value:function pushChild(child,front){if(front){this.children.unshift(child);}else{this.children.push(child);}this.merge(child);}},{key:"merge",value:function merge(other){if(this.diffStatus&&other.diffStatus){this.diffStatus.merge(other.diffStatus);}if(this.healthStatus&&other.healthStatus){this.healthStatus.merge(other.healthStatus);}}},{key:"buildStatusLine",value:function buildStatusLine(){var _this$healthStatus,_this$healthStatus2,_this$diffStatus,_this$diffStatus2,_this$diffStatus3,_this$diffStatus4;return/*#__PURE__*/(0,jsx_runtime.jsx)(StatusLine,{errors:(_this$healthStatus=this.healthStatus)===null||_this$healthStatus===void 0?void 0:_this$healthStatus.errors.length,warnings:(_this$healthStatus2=this.healthStatus)===null||_this$healthStatus2===void 0?void 0:_this$healthStatus2.warnings.length,changedObjects:(_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.changedObjects.length,newObjects:(_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.newObjects.length,deletedObjects:(_this$diffStatus3=this.diffStatus)===null||_this$diffStatus3===void 0?void 0:_this$diffStatus3.deletedObjects.length,orphanObjects:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.orphanObjects.length});}},{key:"buildTreeItem",value:function buildTreeItem(hasChildren){var _this$healthStatus3,_this$healthStatus4,_this$diffStatus5,_this$diffStatus6,_this$diffStatus7,_this$diffStatus8;var _this$buildIcon=this.buildIcon(),_this$buildIcon2=slicedToArray_slicedToArray(_this$buildIcon,2),icon=_this$buildIcon2[0],iconText=_this$buildIcon2[1];var hasStatusLine=[(_this$healthStatus3=this.healthStatus)===null||_this$healthStatus3===void 0?void 0:_this$healthStatus3.errors.length,(_this$healthStatus4=this.healthStatus)===null||_this$healthStatus4===void 0?void 0:_this$healthStatus4.warnings.length,(_this$diffStatus5=this.diffStatus)===null||_this$diffStatus5===void 0?void 0:_this$diffStatus5.changedObjects.length,(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.newObjects.length,(_this$diffStatus7=this.diffStatus)===null||_this$diffStatus7===void 0?void 0:_this$diffStatus7.deletedObjects.length,(_this$diffStatus8=this.diffStatus)===null||_this$diffStatus8===void 0?void 0:_this$diffStatus8.orphanObjects.length].some(function(x){return(x||0)>0;});return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",alignItems:"center",justifyContent:"center",width:"30px",height:"100%",flex:"0 0 auto",mr:"13px",sx:{'& svg':{width:'30px',height:'30px'}},children:[icon,/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"subtitle1",component:"div",fontSize:"12px",fontWeight:400,lineHeight:"16px",height:"16px",children:iconText})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",height:"100%",flex:"1 1 auto",py:"15px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,_objectSpread2(_objectSpread2({variant:"h6",component:"div",sx:{wordBreak:'break-all'}},hasChildren?{}:{fontSize:'16px',lineHeight:'22px'}),{},{children:this.buildSidePanelTitle()}))}),hasStatusLine&&/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{height:"100%",width:"172px",flex:"0 0 auto",display:"flex",alignItems:"center",px:"14px",ml:"14px",position:"relative",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),this.buildStatusLine()]})]});}},{key:"buildDiffAndHealthPages",value:function buildDiffAndHealthPages(tabs){this.buildChangesPage(tabs);this.buildErrorsPage(tabs);this.buildWarningsPage(tabs);}},{key:"buildObjectPage",value:function buildObjectPage(ref,objectType){return/*#__PURE__*/(0,jsx_runtime.jsx)(ObjectYaml,{treeProps:this.props,objectRef:ref,objectType:objectType});}},{key:"buildChangesPage",value:function buildChangesPage(tabs){var _this$diffStatus9;if(!((_this$diffStatus9=this.diffStatus)!==null&&_this$diffStatus9!==void 0&&_this$diffStatus9.hasDiffs())){return undefined;}tabs.push({label:"Changes",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}},{key:"buildErrorsPage",value:function buildErrorsPage(tabs){var _this$healthStatus5;if(!((_this$healthStatus5=this.healthStatus)!==null&&_this$healthStatus5!==void 0&&_this$healthStatus5.errors.length)){return undefined;}tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.errors})});}},{key:"buildWarningsPage",value:function buildWarningsPage(tabs){var _this$healthStatus6;if(!((_this$healthStatus6=this.healthStatus)!==null&&_this$healthStatus6!==void 0&&_this$healthStatus6.warnings.length)){return undefined;}tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.healthStatus.warnings})});}}]);return NodeData;}();
-;// CONCATENATED MODULE: ./src/components/targets-view/TargetDetailsDrawer.tsx
-var MyProvider=/*#__PURE__*/function(){function MyProvider(ts){var _this$ts,_this$ts$lastValidate,_this$ts$lastValidate2,_this=this;classCallCheck_classCallCheck(this,MyProvider);this.ts=void 0;this.diffStatus=void 0;this.ts=ts;this.diffStatus=new DiffStatus();(_this$ts=this.ts)===null||_this$ts===void 0?void 0:(_this$ts$lastValidate=_this$ts.lastValidateResult)===null||_this$ts$lastValidate===void 0?void 0:(_this$ts$lastValidate2=_this$ts$lastValidate.drift)===null||_this$ts$lastValidate2===void 0?void 0:_this$ts$lastValidate2.forEach(function(co){_this.diffStatus.addChangedObject(co);});}createClass_createClass(MyProvider,[{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _this$ts$lastValidate3,_this$ts$lastValidate4,_this$ts$lastValidate5,_this$ts$lastValidate6;if(!this.ts){return[];}var tabs=[{label:"Summary",content:this.buildSummaryTab()}];if(this.ts.target)if(this.diffStatus.changedObjects.length){tabs.push({label:"Drift",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ChangesTable,{diffStatus:this.diffStatus})});}if((_this$ts$lastValidate3=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate3!==void 0&&(_this$ts$lastValidate4=_this$ts$lastValidate3.errors)!==null&&_this$ts$lastValidate4!==void 0&&_this$ts$lastValidate4.length){tabs.push({label:"Errors",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.errors})});}if((_this$ts$lastValidate5=this.ts.lastValidateResult)!==null&&_this$ts$lastValidate5!==void 0&&(_this$ts$lastValidate6=_this$ts$lastValidate5.warnings)!==null&&_this$ts$lastValidate6!==void 0&&_this$ts$lastValidate6.length){tabs.push({label:"Warnings",content:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorsTable,{errors:this.ts.lastValidateResult.warnings})});}return tabs;}},{key:"buildSummaryTab",value:function buildSummaryTab(){var _this$ts2,_this$ts3,_this$ts4,_this$ts4$lastValidat,_this$ts4$lastValidat2,_this$ts5,_this$ts5$lastValidat,_this$ts5$lastValidat2,_this$ts6,_this$ts6$lastValidat,_this$ts6$lastValidat2;var props=[{name:"Target Name",value:this.getTargetName()},{name:"Discriminator",value:(_this$ts2=this.ts)===null||_this$ts2===void 0?void 0:_this$ts2.target.discriminator}];if((_this$ts3=this.ts)!==null&&_this$ts3!==void 0&&_this$ts3.lastValidateResult){props.push({name:"Ready",value:this.ts.lastValidateResult.ready+""});}if((_this$ts4=this.ts)!==null&&_this$ts4!==void 0&&(_this$ts4$lastValidat=_this$ts4.lastValidateResult)!==null&&_this$ts4$lastValidat!==void 0&&(_this$ts4$lastValidat2=_this$ts4$lastValidat.errors)!==null&&_this$ts4$lastValidat2!==void 0&&_this$ts4$lastValidat2.length){props.push({name:"Errors",value:this.ts.lastValidateResult.errors.length+""});}if((_this$ts5=this.ts)!==null&&_this$ts5!==void 0&&(_this$ts5$lastValidat=_this$ts5.lastValidateResult)!==null&&_this$ts5$lastValidat!==void 0&&(_this$ts5$lastValidat2=_this$ts5$lastValidat.warnings)!==null&&_this$ts5$lastValidat2!==void 0&&_this$ts5$lastValidat2.length){props.push({name:"Warnings",value:this.ts.lastValidateResult.warnings.length+""});}if((_this$ts6=this.ts)!==null&&_this$ts6!==void 0&&(_this$ts6$lastValidat=_this$ts6.lastValidateResult)!==null&&_this$ts6$lastValidat!==void 0&&(_this$ts6$lastValidat2=_this$ts6$lastValidat.drift)!==null&&_this$ts6$lastValidat2!==void 0&&_this$ts6$lastValidat2.length){props.push({name:"Drifted Objects",value:this.ts.lastValidateResult.drift.length+""});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"getTargetName",value:function getTargetName(){if(!this.ts){return"";}var name="<no-name>";if(this.ts.target.targetName){name=this.ts.target.targetName;}return name;}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getTargetName();}}]);return MyProvider;}();var TargetDetailsDrawer=/*#__PURE__*/react.memo(function(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.ts!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"600px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:new MyProvider(props.ts),onClose:props.onClose})})})});});
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Category.js
-
-
-/* harmony default export */ var Category = (createSvgIcon([/*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "m12 2-5.5 9h11z"
-}, "0"), /*#__PURE__*/(0,jsx_runtime.jsx)("circle", {
-  cx: "17.5",
-  cy: "17.5",
-  r: "4.5"
-}, "1"), /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M3 13.5h8v8H3z"
-}, "2")], 'Category'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Settings.js
-
-
-/* harmony default export */ var Settings = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19.14 12.94c.04-.3.06-.61.06-.94 0-.32-.02-.64-.07-.94l2.03-1.58c.18-.14.23-.41.12-.61l-1.92-3.32c-.12-.22-.37-.29-.59-.22l-2.39.96c-.5-.38-1.03-.7-1.62-.94l-.36-2.54c-.04-.24-.24-.41-.48-.41h-3.84c-.24 0-.43.17-.47.41l-.36 2.54c-.59.24-1.13.57-1.62.94l-2.39-.96c-.22-.08-.47 0-.59.22L2.74 8.87c-.12.21-.08.47.12.61l2.03 1.58c-.05.3-.09.63-.09.94s.02.64.07.94l-2.03 1.58c-.18.14-.23.41-.12.61l1.92 3.32c.12.22.37.29.59.22l2.39-.96c.5.38 1.03.7 1.62.94l.36 2.54c.05.24.24.41.48.41h3.84c.24 0 .44-.17.47-.41l.36-2.54c.59-.24 1.13-.56 1.62-.94l2.39.96c.22.08.47 0 .59-.22l1.92-3.32c.12-.22.07-.47-.12-.61l-2.01-1.58zM12 15.6c-1.98 0-3.6-1.62-3.6-3.6s1.62-3.6 3.6-3.6 3.6 1.62 3.6 3.6-1.62 3.6-3.6 3.6z"
-}), 'Settings'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Lock.js
-
-
-/* harmony default export */ var Lock = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"
-}), 'Lock'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Dvr.js
-
-
-/* harmony default export */ var Dvr = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M21 3H3c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h5v2h8v-2h5c1.1 0 1.99-.9 1.99-2L23 5c0-1.1-.9-2-2-2zm0 14H3V5h18v12zm-2-9H8v2h11V8zm0 4H8v2h11v-2zM7 8H5v2h2V8zm0 4H5v2h2v-2z"
-}), 'Dvr'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Http.js
-
-
-/* harmony default export */ var Http = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M4.5 11h-2V9H1v6h1.5v-2.5h2V15H6V9H4.5v2zm2.5-.5h1.5V15H10v-4.5h1.5V9H7v1.5zm5.5 0H14V15h1.5v-4.5H17V9h-4.5v1.5zm9-1.5H18v6h1.5v-2h2c.8 0 1.5-.7 1.5-1.5v-1c0-.8-.7-1.5-1.5-1.5zm0 2.5h-2v-1h2v1z"
-}), 'Http'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Cloud.js
-
-
-/* harmony default export */ var Cloud = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19.35 10.04C18.67 6.59 15.64 4 12 4 9.11 4 6.6 5.64 5.35 8.04 2.34 8.36 0 10.91 0 14c0 3.31 2.69 6 6 6h13c2.76 0 5-2.24 5-5 0-2.64-2.05-4.78-4.65-4.96z"
-}), 'Cloud'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceNode.tsx
-var VarsSourceNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceNodeData,_NodeData);var _super=_createSuper(VarsSourceNodeData);function VarsSourceNodeData(props,id,varsSource){var _this$varsSource$clus;var _this;classCallCheck_classCallCheck(this,VarsSourceNodeData);_this=_super.call(this,props,id,false,false);_this.varsSource=void 0;_this.labelsYaml=void 0;_this.renderedVarsYaml=void 0;_this.varsSource=varsSource;var labels=(_this$varsSource$clus=_this.varsSource.clusterConfigMap)===null||_this$varsSource$clus===void 0?void 0:_this$varsSource$clus.labels;if(!labels){var _this$varsSource$clus2;labels=(_this$varsSource$clus2=_this.varsSource.clusterSecret)===null||_this$varsSource$clus2===void 0?void 0:_this$varsSource$clus2.labels;}if(labels){_this.labelsYaml=dump(labels);}_this.renderedVarsYaml=dump(_this.varsSource.renderedVars);return _this;}createClass_createClass(VarsSourceNodeData,[{key:"getVarsSourceHandler",value:function getVarsSourceHandler(){var _this2=this;if(this.varsSource.values){return{type:"values",label:function label(){if(_this2.varsSource.renderedVars){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;}else{return"empty values";}},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}else if(this.varsSource.file){return{type:"file",label:function label(){return _this2.varsSource.file;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(FileIcon,{});},sourceProps:function sourceProps(){return[{name:"File",value:_this2.varsSource.file}];}};}else if(this.varsSource.git){return{type:"git",label:function label(){var s=_this2.varsSource.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.git.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.git.url});sourceProps.push({name:"Path",value:_this2.varsSource.git.path});var ref="HEAD";if(_this2.varsSource.git.ref){ref=_this2.varsSource.git.ref;}sourceProps.push({name:"Ref",value:ref});return sourceProps;}};}else if(this.varsSource.clusterConfigMap||this.varsSource.clusterSecret){var vs=this.varsSource.clusterConfigMap?this.varsSource.clusterConfigMap:this.varsSource.clusterSecret;var type=this.varsSource.clusterConfigMap?"cm":"secret";var _icon=this.varsSource.clusterConfigMap?/*#__PURE__*/(0,jsx_runtime.jsx)(Settings,{fontSize:"large"}):/*#__PURE__*/(0,jsx_runtime.jsx)(Lock,{fontSize:"large"});return{type:type,label:function label(){var _this2$varsSource$clu;return(_this2$varsSource$clu=_this2.varsSource.clusterConfigMap)===null||_this2$varsSource$clu===void 0?void 0:_this2$varsSource$clu.name;},icon:function icon(){return _icon;},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Name",value:vs.name});sourceProps.push({name:"Namespace",value:vs.namespace});sourceProps.push({name:"Key",value:vs.key});if(vs.labels){sourceProps.push({name:"Labels",value:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:_this2.labelsYaml,language:"yaml"})});}return sourceProps;}};}else if(this.varsSource.systemEnvVars){return{type:"systemEnvVar",label:function label(){return"systemEnvVars";},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Dvr,{fontSize:"large"});},sourceProps:function sourceProps(){// TODO
-return[];}};}else if(this.varsSource.http){return{type:"http",label:function label(){return _this2.varsSource.http.url;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Http,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Url",value:_this2.varsSource.http.url});sourceProps.push({name:"Method",value:_this2.varsSource.http.method||"GET"});if(_this2.varsSource.http.jsonPath){sourceProps.push({name:"JsonPath",value:_this2.varsSource.http.jsonPath});}return sourceProps;}};}else if(this.varsSource.awsSecretsManager){return{type:"awsSecretsManager",label:function label(){return _this2.varsSource.awsSecretsManager.secretName;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"SecretName",value:_this2.varsSource.awsSecretsManager.secretName});if(_this2.varsSource.awsSecretsManager.region){sourceProps.push({name:"Region",value:_this2.varsSource.awsSecretsManager.region});}if(_this2.varsSource.awsSecretsManager.profile){sourceProps.push({name:"Profile",value:_this2.varsSource.awsSecretsManager.profile});}return sourceProps;}};}else if(this.varsSource.vault){return{type:"vault",label:function label(){return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[_this2.varsSource.vault.address,/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),_this2.varsSource.vault.path]});},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Cloud,{fontSize:"large"});},sourceProps:function sourceProps(){var sourceProps=[];sourceProps.push({name:"Address",value:_this2.varsSource.vault.address});sourceProps.push({name:"Path",value:_this2.varsSource.vault.path});return sourceProps;}};}else{return{type:"unknown",label:function label(){return"values: "+Object.keys(_this2.varsSource.renderedVars).length;},icon:function icon(){return/*#__PURE__*/(0,jsx_runtime.jsx)(Category,{fontSize:"large"});},sourceProps:function sourceProps(){return[];}};}}},{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.getVarsSourceHandler().label();}},{key:"buildIcon",value:function buildIcon(){var h=this.getVarsSourceHandler();return[h.icon(),h.type];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()},{label:"Vars",content:this.buildVarsPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var h=this.getVarsSourceHandler();var props=[{name:"Type",value:h.type}].concat(toConsumableArray_toConsumableArray(h.sourceProps()),[{name:"IgnoreMissing",value:!!this.varsSource.ignoreMissing+""},{name:"NoOverride",value:!!this.varsSource.noOverride+""}]);if(this.varsSource.when){props.push({name:"When",value:this.varsSource.when});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildVarsPage",value:function buildVarsPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{sx:{overflowY:'scroll',// Enable vertical scrolling
-//maxHeight: '400px', // Set a fixed height
-border:'1px solid #ccc',// Optional border
-padding:'10px'// Optional padding
-},children:/*#__PURE__*/(0,jsx_runtime.jsx)("pre",{children:/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.renderedVarsYaml,language:"yaml"})})});}}]);return VarsSourceNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Source.js
-
-
-/* harmony default export */ var Source = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M20 6h-8l-2-2H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2zm-6 10H6v-2h8v2zm4-4H6v-2h12v2z"
-}), 'Source'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemNode.tsx
-var DeploymentItemNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemNodeData,_NodeData);var _super=_createSuper(DeploymentItemNodeData);function DeploymentItemNodeData(props,id,deploymentItem){var _this;classCallCheck_classCallCheck(this,DeploymentItemNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.deploymentItem=deploymentItem;return _this;}createClass_createClass(DeploymentItemNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.deploymentItem.path;}},{key:"buildIcon",value:function buildIcon(){var iconText="di";return[/*#__PURE__*/(0,jsx_runtime.jsx)(Source,{fontSize:"large"}),iconText];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];props.push({name:"Path",value:this.deploymentItem.path});buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemNodeData;}(NodeData);function buildDeploymentItemSummaryProps(di,props){if(di.barrier!==undefined){props.push({name:"Barrier",value:di.barrier+""});}if(di.waitReadiness!==undefined){props.push({name:"WaitReadiness",value:di.waitReadiness+""});}if(di.skipDeleteIfTags!==undefined){props.push({name:"SkipDeleteIfTags",value:di.skipDeleteIfTags+""});}if(di.onlyRender!==undefined){props.push({name:"OnlyRender",value:di.onlyRender+""});}if(di.alwaysDeploy!==undefined){props.push({name:"AlwaysDeploy",value:di.alwaysDeploy+""});}if(di.deleteObjects){// TODO this is ugly
-props.push({name:"DeleteObjects",value:JSON.stringify(di.deleteObjects)});}if(di.when){props.push({name:"When",value:di.when});}}
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SettingsEthernet.js
-
-
-/* harmony default export */ var SettingsEthernet = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M7.77 6.76 6.23 5.48.82 12l5.41 6.52 1.54-1.28L3.42 12l4.35-5.24zM7 13h2v-2H7v2zm10-2h-2v2h2v-2zm-6 2h2v-2h-2v2zm6.77-7.52-1.54 1.28L20.58 12l-4.35 5.24 1.54 1.28L23.18 12l-5.41-6.52z"
-}), 'SettingsEthernet'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/SmartToy.js
-
-
-/* harmony default export */ var SmartToy = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M20 9V7c0-1.1-.9-2-2-2h-3c0-1.66-1.34-3-3-3S9 3.34 9 5H6c-1.1 0-2 .9-2 2v2c-1.66 0-3 1.34-3 3s1.34 3 3 3v4c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2v-4c1.66 0 3-1.34 3-3s-1.34-3-3-3zM7.5 11.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5S9.83 13 9 13s-1.5-.67-1.5-1.5zM16 17H8v-2h8v2zm-1-4c-.83 0-1.5-.67-1.5-1.5S14.17 10 15 10s1.5.67 1.5 1.5S15.83 13 15 13z"
-}), 'SmartToy'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/ObjectNode.tsx
-var kindMapping={"/ConfigMap":{icon:Settings},"apps/Deployment":{icon:PublishedWithChanges},"Service":{icon:SettingsEthernet},"ServiceAccount":{icon:SmartToy}};var ObjectNodeData=/*#__PURE__*/function(_NodeData){_inherits(ObjectNodeData,_NodeData);var _super=_createSuper(ObjectNodeData);function ObjectNodeData(props,id,objectRef){var _this;classCallCheck_classCallCheck(this,ObjectNodeData);_this=_super.call(this,props,id,true,true);_this.objectRef=void 0;_this.objectRef=objectRef;return _this;}createClass_createClass(ObjectNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return this.objectRef.name;}},{key:"buildIcon",value:function buildIcon(){var _this2=this;var sn=this.props.shortNames.find(function(sn){return sn.group===_this2.objectRef.group&&sn.kind===_this2.objectRef.kind;});var snStr=(sn===null||sn===void 0?void 0:sn.shortName)||"";var m=kindMapping[this.objectRef.group+"/"+this.objectRef.kind];if(m!==undefined){return[/*#__PURE__*/react.createElement(m.icon,{fontSize:"large"}),snStr];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsCurlyIcon,{}),snStr];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var _findObjectByRef,_findObjectByRef2,_findObjectByRef3;var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);if((_findObjectByRef=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef!==void 0&&_findObjectByRef.rendered){tabs.push({label:"Rendered",content:this.buildObjectPage(this.objectRef,ObjectType.Rendered)});}if((_findObjectByRef2=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef2!==void 0&&_findObjectByRef2.remote){tabs.push({label:"Remote",content:this.buildObjectPage(this.objectRef,ObjectType.Remote)});}if((_findObjectByRef3=findObjectByRef(this.props.commandResult.objects,this.objectRef))!==null&&_findObjectByRef3!==void 0&&_findObjectByRef3.applied){tabs.push({label:"Applied",content:this.buildObjectPage(this.objectRef,ObjectType.Applied)});}return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _o$rendered;var props=[];var apiVersion=this.objectRef.version;if(this.objectRef.group){apiVersion=this.objectRef.group+"/"+this.objectRef.version;}props.push({name:"ApiVersion",value:apiVersion});props.push({name:"Kind",value:this.objectRef.kind});props.push({name:"Name",value:this.objectRef.name});if(this.objectRef.namespace){props.push({name:"Namespace",value:this.objectRef.namespace});}var o=findObjectByRef(this.props.commandResult.objects,this.objectRef);var annotations=o===null||o===void 0?void 0:(_o$rendered=o.rendered)===null||_o$rendered===void 0?void 0:_o$rendered.metadata.annotations;if(annotations){Object.keys(annotations).forEach(function(k){if(k.indexOf("kluctl.io/")!==-1){props.push({name:k,value:annotations[k]});}});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return ObjectNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/CommandResultNode.tsx
-var CommandResultNodeData=/*#__PURE__*/function(_NodeData){_inherits(CommandResultNodeData,_NodeData);var _super=_createSuper(CommandResultNodeData);function CommandResultNodeData(props,id){var _this$props$commandRe;var _this;classCallCheck_classCallCheck(this,CommandResultNodeData);_this=_super.call(this,props,id,true,true);_this.dumpedTargetYaml=void 0;if((_this$props$commandRe=_this.props.commandResult.command)!==null&&_this$props$commandRe!==void 0&&_this$props$commandRe.target){_this.dumpedTargetYaml=dump(_this.props.commandResult.command.target);}return _this;}createClass_createClass(CommandResultNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"CommandResult";}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(DeployIcon,{}),"result"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];if(this.dumpedTargetYaml){var page=this.buildTargetPage();tabs.push({label:"Target",content:page});}this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$props$commandRe2,_this$props$commandRe3;var props=[{name:"Initiator",value:(_this$props$commandRe2=this.props.commandResult.command)===null||_this$props$commandRe2===void 0?void 0:_this$props$commandRe2.initiator},{name:"Command",value:(_this$props$commandRe3=this.props.commandResult.command)===null||_this$props$commandRe3===void 0?void 0:_this$props$commandRe3.command}];return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}},{key:"buildTargetPage",value:function buildTargetPage(){return/*#__PURE__*/(0,jsx_runtime.jsx)(CodeViewer,{code:this.dumpedTargetYaml,language:"yaml"});}}]);return CommandResultNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/VarsSourceCollectionNode.tsx
-var VarsSourceCollectionNodeData=/*#__PURE__*/function(_NodeData){_inherits(VarsSourceCollectionNodeData,_NodeData);var _super=_createSuper(VarsSourceCollectionNodeData);function VarsSourceCollectionNodeData(props,id){var _this;classCallCheck_classCallCheck(this,VarsSourceCollectionNodeData);_this=_super.call(this,props,id,false,false);_this.varsSources=[];return _this;}createClass_createClass(VarsSourceCollectionNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){return"vars: "+this.varsSources.length;}},{key:"buildIcon",value:function buildIcon(){return[/*#__PURE__*/(0,jsx_runtime.jsx)(BracketsSquareIcon,{}),"vars"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){return[];}}]);return VarsSourceCollectionNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
-var DeploymentItemIncludeNodeData=/*#__PURE__*/function(_NodeData){_inherits(DeploymentItemIncludeNodeData,_NodeData);var _super=_createSuper(DeploymentItemIncludeNodeData);function DeploymentItemIncludeNodeData(props,id,deploymentItem,includedDeployment){var _this;classCallCheck_classCallCheck(this,DeploymentItemIncludeNodeData);_this=_super.call(this,props,id,true,true);_this.deploymentItem=void 0;_this.includedDeployment=void 0;_this.deploymentItem=deploymentItem;_this.includedDeployment=includedDeployment;return _this;}createClass_createClass(DeploymentItemIncludeNodeData,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deploymentItem.include){return this.deploymentItem.include;}else if(this.deploymentItem.git){var s=this.deploymentItem.git.url.split("/");var name=s[s.length-1];return/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[name,this.deploymentItem.git.subDir&&/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)("br",{}),this.deploymentItem.git.subDir]})]});}else{return"unknown include";}}},{key:"buildIcon",value:function buildIcon(){if(this.deploymentItem.git){return[/*#__PURE__*/(0,jsx_runtime.jsx)(GitIcon,{}),"git"];}return[/*#__PURE__*/(0,jsx_runtime.jsx)(IncludeIcon,{}),"include"];}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];this.buildDiffAndHealthPages(tabs);return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var props=[];if(this.deploymentItem.include){props.push({name:"Type",value:"LocalInclude"});props.push({name:"Path",value:this.deploymentItem.include});}else if(this.deploymentItem.git){props.push({name:"Type",value:"GitInclude"});props.push({name:"Url",value:this.deploymentItem.git.url});props.push({name:"SubDir",value:this.deploymentItem.git.subDir});var ref="HEAD";if(this.deploymentItem.git.ref){ref=this.deploymentItem.git.ref;}props.push({name:"Ref",value:ref});}else{props.push({name:"Type",value:"Unknown"});}buildDeploymentItemSummaryProps(this.deploymentItem,props);return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeploymentItemIncludeNodeData;}(NodeData);
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/Delete.js
-
-
-/* harmony default export */ var Delete = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M6 19c0 1.1.9 2 2 2h8c1.1 0 2-.9 2-2V7H6v12zM19 4h-3.5l-1-1h-5l-1 1H5v2h14V4z"
-}), 'Delete'));
-;// CONCATENATED MODULE: ./node_modules/@mui/icons-material/esm/LinkOff.js
-
-
-/* harmony default export */ var LinkOff = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M17 7h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1 0 1.43-.98 2.63-2.31 2.98l1.46 1.46C20.88 15.61 22 13.95 22 12c0-2.76-2.24-5-5-5zm-1 4h-2.19l2 2H16zM2 4.27l3.11 3.11C3.29 8.12 2 9.91 2 12c0 2.76 2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1 0-1.59 1.21-2.9 2.76-3.07L8.73 11H8v2h2.73L13 15.27V17h1.73l4.01 4L20 19.74 3.27 3 2 4.27z"
-}), 'LinkOff'));
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
-var DeletedOrOrphanObjectsCollectionNode=/*#__PURE__*/function(_NodeData){_inherits(DeletedOrOrphanObjectsCollectionNode,_NodeData);var _super=_createSuper(DeletedOrOrphanObjectsCollectionNode);function DeletedOrOrphanObjectsCollectionNode(props,id,deleted){var _this;classCallCheck_classCallCheck(this,DeletedOrOrphanObjectsCollectionNode);_this=_super.call(this,props,id,false,true);_this.deleted=void 0;_this.deleted=deleted;return _this;}createClass_createClass(DeletedOrOrphanObjectsCollectionNode,[{key:"buildSidePanelTitle",value:function buildSidePanelTitle(){if(this.deleted){var _this$diffStatus;return"".concat((_this$diffStatus=this.diffStatus)===null||_this$diffStatus===void 0?void 0:_this$diffStatus.deletedObjects.length," objects deleted");}else{var _this$diffStatus2;return"".concat((_this$diffStatus2=this.diffStatus)===null||_this$diffStatus2===void 0?void 0:_this$diffStatus2.orphanObjects.length," objects orphaned");}}},{key:"buildIcon",value:function buildIcon(){if(this.deleted){return[/*#__PURE__*/(0,jsx_runtime.jsx)(Delete,{fontSize:"large"}),"deleted"];}else{return[/*#__PURE__*/(0,jsx_runtime.jsx)(LinkOff,{fontSize:"large"}),"orphans"];}}},{key:"buildSidePanelTabs",value:function buildSidePanelTabs(){var tabs=[{label:"Summary",content:this.buildSummaryPage()}];return tabs;}},{key:"buildSummaryPage",value:function buildSummaryPage(){var _this$diffStatus3,_this$diffStatus5;var props=[];if((_this$diffStatus3=this.diffStatus)!==null&&_this$diffStatus3!==void 0&&_this$diffStatus3.deletedObjects.length){var _this$diffStatus4;props.push({name:"Deleted",value:(_this$diffStatus4=this.diffStatus)===null||_this$diffStatus4===void 0?void 0:_this$diffStatus4.deletedObjects.length});}if((_this$diffStatus5=this.diffStatus)!==null&&_this$diffStatus5!==void 0&&_this$diffStatus5.orphanObjects.length){var _this$diffStatus6;props.push({name:"Orphaned",value:(_this$diffStatus6=this.diffStatus)===null||_this$diffStatus6===void 0?void 0:_this$diffStatus6.orphanObjects.length});}return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(PropertiesTable,{properties:props})});}}]);return DeletedOrOrphanObjectsCollectionNode;}(NodeData);
-;// CONCATENATED MODULE: ./src/components/result-view/nodes/NodeBuilder.ts
-var NodeBuilder=/*#__PURE__*/function(){function NodeBuilder(props){var _props$commandResult$,_this=this,_props$commandResult$2,_props$commandResult$3;classCallCheck_classCallCheck(this,NodeBuilder);this.props=void 0;this.changedObjectsMap=new Map();this.newObjectsMap=new Map();this.orphanObjectsMap=new Map();this.deletedObjectsMap=new Map();this.errorsMap=new Map();this.warningsMap=new Map();this.props=props;(_props$commandResult$=props.commandResult.objects)===null||_props$commandResult$===void 0?void 0:_props$commandResult$.forEach(function(o){var _o$changes;var key=buildObjectRefKey(o.ref);if((_o$changes=o.changes)!==null&&_o$changes!==void 0&&_o$changes.length){_this.changedObjectsMap.set(key,o);}if(o.new){_this.newObjectsMap.set(key,o.ref);}if(o.orphan){_this.orphanObjectsMap.set(key,o.ref);}if(o.deleted){_this.deletedObjectsMap.set(key,o.ref);}});(_props$commandResult$2=props.commandResult.errors)===null||_props$commandResult$2===void 0?void 0:_props$commandResult$2.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.errorsMap.get(key);if(!l){l=[e];_this.errorsMap.set(key,l);}else{l.push(e);}});(_props$commandResult$3=props.commandResult.warnings)===null||_props$commandResult$3===void 0?void 0:_props$commandResult$3.forEach(function(e){var key=buildObjectRefKey(e.ref);var l=_this.warningsMap.get(key);if(!l){l=[e];_this.warningsMap.set(key,l);}else{l.push(e);}});}createClass_createClass(NodeBuilder,[{key:"buildRoot",value:function buildRoot(){var rootNode=new CommandResultNodeData(this.props,"root");if(this.props.commandResult.deployment){this.buildDeploymentProjectChildren(rootNode,this.props.commandResult.deployment);}if(this.deletedObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,true,Array.from(this.deletedObjectsMap.values()));}if(this.orphanObjectsMap.size){this.buildDeletedOrOrphanNode(rootNode,false,Array.from(this.orphanObjectsMap.values()));}var nodeMap=new Map();function collect(n){nodeMap.set(n.id,n);n.children.forEach(function(c){collect(c);});}collect(rootNode);return[rootNode,nodeMap];}},{key:"buildDeploymentProjectChildren",value:function buildDeploymentProjectChildren(node,deploymentProject){var _deploymentProject$de,_this2=this;if(deploymentProject.vars){this.buildVarsSourceCollectionNode(node,deploymentProject.vars);}(_deploymentProject$de=deploymentProject.deployments)===null||_deploymentProject$de===void 0?void 0:_deploymentProject$de.forEach(function(deploymentItem,i){_this2.buildDeploymentItemNode(node,deploymentItem,i);});}},{key:"buildVarsSourceCollectionNode",value:function buildVarsSourceCollectionNode(parentNode,varsSources){var _node$varsSources,_this3=this;if(varsSources===undefined){return;}var newId="".concat(parentNode.id,"/(vars)");var node=new VarsSourceCollectionNodeData(this.props,newId);(_node$varsSources=node.varsSources).push.apply(_node$varsSources,toConsumableArray_toConsumableArray(varsSources));varsSources.forEach(function(vs,i){_this3.buildVarsSourceNode(node,vs,i);});parentNode.pushChild(node);return node;}},{key:"buildVarsSourceNode",value:function buildVarsSourceNode(parentNode,varsSource,index){var newId="".concat(parentNode.id,"/").concat(index,"}");var node=new VarsSourceNodeData(this.props,newId,varsSource);parentNode.pushChild(node);return node;}},{key:"buildDeploymentItemNode",value:function buildDeploymentItemNode(parentNode,deploymentItem,index){var _this4=this;var node;var newId="".concat(parentNode.id,"/(dis)/").concat(index);if(deploymentItem.path){var _deploymentItem$rende;node=new DeploymentItemNodeData(this.props,newId,deploymentItem);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);(_deploymentItem$rende=deploymentItem.renderedObjects)===null||_deploymentItem$rende===void 0?void 0:_deploymentItem$rende.forEach(function(renderedObject){_this4.buildObjectNode(node,renderedObject);});}else if(deploymentItem.include||deploymentItem.git){node=new DeploymentItemIncludeNodeData(this.props,newId,deploymentItem,deploymentItem.renderedInclude);this.buildVarsSourceCollectionNode(node,deploymentItem.vars);if(deploymentItem.renderedInclude){this.buildDeploymentProjectChildren(node,deploymentItem.renderedInclude);}}else{return node;}parentNode.pushChild(node);return node;}},{key:"buildObjectNode",value:function buildObjectNode(parentNode,objectRef){var _this$errorsMap$get,_this$warningsMap$get;var newId="".concat(parentNode.id,"/(obj)/").concat(buildObjectRefKey(objectRef));var node=new ObjectNodeData(this.props,newId,objectRef);var key=buildObjectRefKey(objectRef);if(this.changedObjectsMap.has(key)){var _node$diffStatus;(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.addChangedObject(this.changedObjectsMap.get(key));}if(this.newObjectsMap.has(key)){var _node$diffStatus2;(_node$diffStatus2=node.diffStatus)===null||_node$diffStatus2===void 0?void 0:_node$diffStatus2.newObjects.push(objectRef);}if(this.deletedObjectsMap.has(key)){var _node$diffStatus3;(_node$diffStatus3=node.diffStatus)===null||_node$diffStatus3===void 0?void 0:_node$diffStatus3.deletedObjects.push(objectRef);}if(this.orphanObjectsMap.has(key)){var _node$diffStatus4;(_node$diffStatus4=node.diffStatus)===null||_node$diffStatus4===void 0?void 0:_node$diffStatus4.orphanObjects.push(objectRef);}(_this$errorsMap$get=this.errorsMap.get(key))===null||_this$errorsMap$get===void 0?void 0:_this$errorsMap$get.forEach(function(e){var _node$healthStatus;(_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.push(e);});(_this$warningsMap$get=this.warningsMap.get(key))===null||_this$warningsMap$get===void 0?void 0:_this$warningsMap$get.forEach(function(e){var _node$healthStatus2;(_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.push(e);});parentNode.pushChild(node);return node;}},{key:"buildDeletedOrOrphanNode",value:function buildDeletedOrOrphanNode(parentNode,deleted,refs){var _this5=this;var idType=deleted?"deleted":"orphaned";var newId="".concat(parentNode.id,"/(").concat(idType,")");var node=new DeletedOrOrphanObjectsCollectionNode(this.props,newId,deleted);refs.forEach(function(ref){_this5.buildObjectNode(node,ref);});parentNode.pushChild(node,true);return node;}}]);return NodeBuilder;}();function buildObjectRefKey(ref){return[ref.group,ref.version,ref.kind,ref.namespace,ref.name].join("+");}
-;// CONCATENATED MODULE: ./src/components/targets-view/HistoryCards.tsx
-function doGetRootNode(_x,_x2){return _doGetRootNode.apply(this,arguments);}function _doGetRootNode(){_doGetRootNode=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,rs){var shortNames,r,builder,_builder$buildRoot,_builder$buildRoot2,node;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResult(rs.id);case 5:r=_context.sent;builder=new NodeBuilder({shortNames:shortNames,summary:rs,commandResult:r});_builder$buildRoot=builder.buildRoot(),_builder$buildRoot2=slicedToArray_slicedToArray(_builder$buildRoot,1),node=_builder$buildRoot2[0];return _context.abrupt("return",node);case 9:case"end":return _context.stop();}},_callee);}));return _doGetRootNode.apply(this,arguments);}var CardContent=/*#__PURE__*/react.memo(function(props){var _useSidePanelTabs=useSidePanelTabs(props.provider),tabs=_useSidePanelTabs.tabs,selectedTab=_useSidePanelTabs.selectedTab,handleTabChange=_useSidePanelTabs.handleTabChange;if(!props.provider||!selectedTab||!tabs.find(function(x){return x.label===selectedTab;})){return null;}return/*#__PURE__*/(0,jsx_runtime.jsxs)(TabContext,{value:selectedTab,children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{height:"36px",flex:"0 0 auto",p:"0 30px",mt:"12px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TabList_TabList,{onChange:handleTabChange,children:tabs.map(function(tab,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Tab_Tab,{label:tab.label,value:tab.label},tab.label);})})}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:0}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{overflow:"auto",p:"30px",children:tabs.map(function(tab){return/*#__PURE__*/(0,jsx_runtime.jsx)(TabPanel_TabPanel,{value:tab.label,sx:{padding:0},children:tab.content},tab.label);})})]});});var arrowButtonWidth=80;var ArrowButton=/*#__PURE__*/react.memo(function(props){var Icon={left:TriangleLeftLightIcon,right:TriangleRightLightIcon}[props.direction];return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,_objectSpread2(_objectSpread2({flex:"0 0 auto",height:"100%",width:"".concat(arrowButtonWidth,"px"),display:"flex",justifyContent:"center",alignItems:"center",position:"relative"},defineProperty_defineProperty({},props.direction,0)),{},{children:!props.hidden&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClick,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})}));});var HistoryCard=/*#__PURE__*/react.memo(function(props){var navigate=dist_useNavigate();var api=(0,react.useContext)(ApiContext);var _useLoadingHelper=useLoadingHelper(function(){return doGetRootNode(api,props.rs);},[api,props.rs]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],node=_useLoadingHelper2[2];if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(CardPaper,{sx:_objectSpread2({position:'relative'},props.sx),children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{position:"absolute",right:"10px",top:"10px",children:props.transitionFinished&&/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:props.onClose,children:/*#__PURE__*/(0,jsx_runtime.jsx)(CloseLightIcon,{})})}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",flexDirection:"column",height:"100%",justifyContent:"space-between",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"0 16px",flex:"0 0 auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItemHeader,{rs:props.rs})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"100%",flex:"1 1 auto",overflow:"hidden",display:"flex",flexDirection:"column",children:props.transitionFinished&&(loading?/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{}):/*#__PURE__*/(0,jsx_runtime.jsx)(CardContent,{provider:node}))}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",height:"39px",display:"flex",alignItems:"center",justifyContent:"end",p:"0 30px",children:/*#__PURE__*/(0,jsx_runtime.jsx)(IconButton_IconButton,{onClick:function onClick(e){e.stopPropagation();navigate("/results/".concat(props.rs.id));},sx:{padding:0,width:32,height:32},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Tooltip_Tooltip,{title:"Open Result Tree",children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{display:"flex",children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewIcon,{})})})})})]})]});});var HistoryCards=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();var containerElem=(0,react.useRef)();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),cardRect=_useState2[0],setCardRect=_useState2[1];var _useState3=(0,react.useState)('not-started'),_useState4=slicedToArray_slicedToArray(_useState3,2),transitionStatus=_useState4[0],setTransitionStatus=_useState4[1];var _useState5=(0,react.useState)(props.rs),_useState6=slicedToArray_slicedToArray(_useState5,2),currentRS=_useState6[0],setCurrentRS=_useState6[1];(0,react.useEffect)(function(){var _containerElem$curren;var rect=(_containerElem$curren=containerElem.current)===null||_containerElem$curren===void 0?void 0:_containerElem$curren.getBoundingClientRect();if(!rect){setCardRect(undefined);return;}var initialRect={left:props.initialCardRect.left-rect.left,top:props.initialCardRect.top-rect.top,width:cardWidth,height:cardHeight};setCardRect(initialRect);},[props.initialCardRect]);(0,react.useEffect)(function(){if(!cardRect){return;}var targetRect={left:0,top:0,width:'100%',height:'100%'};if(cardRect.left===targetRect.left&&cardRect.top===targetRect.top&&cardRect.width===targetRect.width&&cardRect.height===targetRect.height){return;}setTimeout(function(){setCardRect(targetRect);setTransitionStatus('running');setTimeout(function(){setTransitionStatus('finished');},theme.transitions.duration.enteringScreen);},10);},[cardRect,theme.transitions.duration.enteringScreen]);var currentRSIndex=(0,react.useMemo)(function(){return props.ts.commandResults.indexOf(currentRS);},[currentRS,props.ts.commandResults]);var onLeftArrowClick=(0,react.useCallback)(function(){if(currentRSIndex>0){setCurrentRS(props.ts.commandResults[currentRSIndex-1]);}},[currentRSIndex,props.ts.commandResults]);var onRightArrowClick=(0,react.useCallback)(function(){if(currentRSIndex<props.ts.commandResults.length-1){setCurrentRS(props.ts.commandResults[currentRSIndex+1]);}},[currentRSIndex,props.ts.commandResults]);var paddingX=40;var gap=2*(paddingX+arrowButtonWidth);return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",p:"25px ".concat(paddingX,"px"),display:"flex",position:"relative",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"left",onClick:onLeftArrowClick,hidden:currentRSIndex===0||transitionStatus!=='finished'}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{flex:"0 0 auto",width:"calc(100% - ".concat(arrowButtonWidth,"px * 2)"),display:"flex",ref:containerElem,children:[transitionStatus!=='finished'&&cardRect&&/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:cardRect.width,height:cardRect.height,flex:'0 0 auto',translate:"".concat(cardRect.left,"px ").concat(cardRect.top,"px"),transition:theme.transitions.create(['translate','width','height'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen}),padding:'20px 0'},rs:currentRS,onClose:props.onClose}),transitionStatus==='finished'&&/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"1 1 auto",width:"100%",height:"100%",display:"flex",gap:"".concat(gap,"px"),sx:{translate:"calc((-100% - ".concat(gap,"px) * ").concat(currentRSIndex,")"),transition:theme.transitions.create(['translate'],{easing:theme.transitions.easing.sharp,duration:theme.transitions.duration.enteringScreen})},children:props.ts.commandResults.map(function(rs){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCard,{sx:{width:'100%',height:'100%',flex:'0 0 auto',padding:'20px 0'},rs:rs,transitionFinished:transitionStatus==='finished',onClose:props.onClose},rs.id);})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(ArrowButton,{direction:"right",onClick:onRightArrowClick,hidden:currentRSIndex===props.ts.commandResults.length-1||transitionStatus!=='finished'})]});});
-;// CONCATENATED MODULE: ./src/components/targets-view/TargetsView.tsx
-var colWidth=416;var curveRadius=12;var circleRadius=5;var strokeWidth=2;function ColHeader(_ref){var children=_ref.children;return/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{minWidth:colWidth,width:colWidth,height:"42px",display:"flex",alignItems:"center",sx:{borderLeft:'0.8px solid rgba(0,0,0,0.5)',paddingLeft:'15px','&:first-of-type':{borderLeft:'none',paddingLeft:0}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",textAlign:"left",children:children})});}var Circle=/*#__PURE__*/react.memo(function(props){var theme=styles_useTheme_useTheme();return/*#__PURE__*/(0,jsx_runtime.jsx)("circle",_objectSpread2({r:circleRadius,fill:theme.palette.background.default,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth},props));});var RelationTree=/*#__PURE__*/react.memo(function(_ref2){var targetCount=_ref2.targetCount;var theme=styles_useTheme_useTheme();var height=targetCount*cardHeight+(targetCount-1)*cardGap;var width=152;if(targetCount<=0){return null;}var targetsCenterYs=Array(targetCount).fill(0).map(function(_,i){return cardHeight/2+i*(cardHeight+cardGap);});var rootCenterY=height/2;return/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{width:width,height:height,viewBox:"0 0 ".concat(width," ").concat(height),fill:"none",children:[targetsCenterYs.map(function(cy,i){var d;if(targetCount%2===1&&i===Math.floor(targetCount/2)){// target is in the middle.
-d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width-circleRadius,"\n                    ");}else if(i<targetCount/2){// target is higher than root.
-d="\n                        M ".concat(circleRadius,",").concat(rootCenterY,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," -").concat(curveRadius,"\n                        v ").concat(cy-rootCenterY+curveRadius*2,"\n                        a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," -").concat(curveRadius,"\n                        h ").concat(width/2-curveRadius-circleRadius,"\n                    ");}else{// target is lower than root.
-d="\n                    M ".concat(circleRadius,",").concat(rootCenterY,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 1 ").concat(curveRadius," ").concat(curveRadius,"\n                    v ").concat(cy-rootCenterY-curveRadius*2,"\n                    a ").concat(curveRadius," ").concat(curveRadius," 90 0 0 ").concat(curveRadius," ").concat(curveRadius,"\n                    h ").concat(width/2-curveRadius-circleRadius,"\n                ");}return[/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:d,stroke:theme.palette.secondary.main,strokeWidth:strokeWidth,strokeLinecap:"round",strokeLinejoin:"round"},"path-".concat(i)),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:width-circleRadius-strokeWidth/2,cy:cy},"circle-".concat(i))];}),/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:rootCenterY},'circle-root')]});});var TargetsView=function TargetsView(){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),selectedCommandResult=_useState2[0],setSelectedCommandResult=_useState2[1];var _useState3=(0,react.useState)(),_useState4=slicedToArray_slicedToArray(_useState3,2),selectedTargetSummary=_useState4[0],setSelectedTargetSummary=_useState4[1];var _useState5=(0,react.useState)(),_useState6=slicedToArray_slicedToArray(_useState5,2),selectedCardRect=_useState6[0],setSelectedCardRect=_useState6[1];var appContext=(0,react.useContext)(AppContext);var projects=appContext.projects;var onTargetDetailsDrawerClose=(0,react.useCallback)(function(){setSelectedTargetSummary(undefined);},[]);var _onSelectCommandResult=(0,react.useCallback)(function(o){onTargetDetailsDrawerClose();setSelectedCommandResult(o);},[onTargetDetailsDrawerClose]);var onHistoryCardsClose=(0,react.useCallback)(function(){setSelectedCommandResult(undefined);setSelectedCardRect(undefined);},[]);if(selectedCommandResult&&selectedCardRect){return/*#__PURE__*/(0,jsx_runtime.jsx)(HistoryCards,{rs:selectedCommandResult.rs,ts:selectedCommandResult.ts,initialCardRect:selectedCardRect,onClose:onHistoryCardsClose});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{minWidth:colWidth*3,p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(TargetDetailsDrawer,{ts:selectedTargetSummary,onClose:onTargetDetailsDrawerClose}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",height:"70px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Projects"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"Targets"}),/*#__PURE__*/(0,jsx_runtime.jsx)(ColHeader,{children:"History"})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{}),projects.map(function(ps,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",margin:"40px 0",children:[/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",width:colWidth,flex:"0 0 auto",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{height:projectCardHeight,children:/*#__PURE__*/(0,jsx_runtime.jsx)(ProjectItem,{ps:ps})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,height:ps.targets.length*cardHeight+(ps.targets.length-1)*cardGap,display:"flex",justifyContent:"center",alignItems:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(RelationTree,{targetCount:ps.targets.length})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,flex:"0 0 auto",children:ps.targets.map(function(ts,i){return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetItem,{ps:ps,ts:ts,onSelectTarget:setSelectedTargetSummary})}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flexGrow:1,display:"flex",justifyContent:"center",alignItems:"center",px:"9px",children:/*#__PURE__*/(0,jsx_runtime.jsxs)("svg",{xmlns:"http://www.w3.org/2000/svg",fill:"none",height:"".concat(2*circleRadius+strokeWidth,"px"),width:"100%",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{height:"100%",width:"100%",viewBox:"0 0 100 ".concat(2*circleRadius+strokeWidth),fill:"none",preserveAspectRatio:"none",children:/*#__PURE__*/(0,jsx_runtime.jsx)("path",{d:"\n                                                  M ".concat(circleRadius+strokeWidth/2," ").concat(circleRadius+strokeWidth/2,"\n                                                  H ").concat(100-circleRadius-strokeWidth/2,"\n                                                "),stroke:theme.palette.secondary.main,strokeWidth:strokeWidth})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{fill:"none",height:"100%",width:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:circleRadius+strokeWidth/2,cy:"50%"})}),/*#__PURE__*/(0,jsx_runtime.jsx)("svg",{fill:"none",height:"100%",width:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Circle,{cx:"calc(100% - ".concat(circleRadius+strokeWidth/2,"px)"),cy:"50%"})})]})})]},buildListKey(ts.target));})}),/*#__PURE__*/(0,jsx_runtime.jsx)(CardCol,{width:colWidth,children:ps.targets.map(function(ts,i){var _ts$commandResults;return/*#__PURE__*/(0,jsx_runtime.jsx)(CardRow,{height:cardHeight,children:(_ts$commandResults=ts.commandResults)===null||_ts$commandResults===void 0?void 0:_ts$commandResults.map(function(rs,i){return/*#__PURE__*/(0,jsx_runtime.jsx)(Card,{sx:{translate:i===0?'none':"-".concat(i*(cardWidth+cardGap/2),"px"),zIndex:-i,display:i<4?'flex':'none'},onClick:function onClick(e){var rect=e.currentTarget.getBoundingClientRect();setSelectedCardRect(rect);},children:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultItem,{ps:ps,ts:ts,rs:rs,onSelectCommandResult:function onSelectCommandResult(rs){return _onSelectCommandResult({rs:rs,ts:ts});}})},rs.id);})},buildListKey(ts.target));})})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{})]},buildListKey(ps.project));})]});};
-;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/FormControlContext.js
-
-/**
- * @ignore - internal component.
- */
-var FormControlContext = /*#__PURE__*/react.createContext(undefined);
-if (false) {}
-/* harmony default export */ var FormControl_FormControlContext = (FormControlContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/useFormControl.js
-
-
-function useFormControl() {
-  return react.useContext(FormControl_FormControlContext);
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControlLabel/formControlLabelClasses.js
-
-
-function getFormControlLabelUtilityClasses(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiFormControlLabel', slot);
-}
-var formControlLabelClasses = generateUtilityClasses('MuiFormControlLabel', ['root', 'labelPlacementStart', 'labelPlacementTop', 'labelPlacementBottom', 'disabled', 'label', 'error', 'required', 'asterisk']);
-/* harmony default export */ var FormControlLabel_formControlLabelClasses = (formControlLabelClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControl/formControlState.js
-function formControlState(_ref) {
-  var props = _ref.props,
-    states = _ref.states,
-    muiFormControl = _ref.muiFormControl;
-  return states.reduce(function (acc, state) {
-    acc[state] = props[state];
-    if (muiFormControl) {
-      if (typeof props[state] === 'undefined') {
-        acc[state] = muiFormControl[state];
-      }
-    }
-    return acc;
-  }, {});
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/material/FormControlLabel/FormControlLabel.js
-
-
-
-var FormControlLabel_excluded = ["checked", "className", "componentsProps", "control", "disabled", "disableTypography", "inputRef", "label", "labelPlacement", "name", "onChange", "required", "slotProps", "value"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var FormControlLabel_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    disabled = ownerState.disabled,
-    labelPlacement = ownerState.labelPlacement,
-    error = ownerState.error,
-    required = ownerState.required;
-  var slots = {
-    root: ['root', disabled && 'disabled', "labelPlacement".concat(utils_capitalize(labelPlacement)), error && 'error', required && 'required'],
-    label: ['label', disabled && 'disabled'],
-    asterisk: ['asterisk', error && 'error']
-  };
-  return composeClasses(slots, getFormControlLabelUtilityClasses, classes);
-};
-var FormControlLabelRoot = styles_styled('label', {
-  name: 'MuiFormControlLabel',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [defineProperty_defineProperty({}, "& .".concat(FormControlLabel_formControlLabelClasses.label), styles.label), styles.root, styles["labelPlacement".concat(utils_capitalize(ownerState.labelPlacement))]];
-  }
-})(function (_ref3) {
-  var theme = _ref3.theme,
-    ownerState = _ref3.ownerState;
-  return extends_extends(defineProperty_defineProperty({
-    display: 'inline-flex',
-    alignItems: 'center',
-    cursor: 'pointer',
-    // For correct alignment with the text.
-    verticalAlign: 'middle',
-    WebkitTapHighlightColor: 'transparent',
-    marginLeft: -11,
-    marginRight: 16
-  }, "&.".concat(FormControlLabel_formControlLabelClasses.disabled), {
-    cursor: 'default'
-  }), ownerState.labelPlacement === 'start' && {
-    flexDirection: 'row-reverse',
-    marginLeft: 16,
-    // used for row presentation of radio/checkbox
-    marginRight: -11
-  }, ownerState.labelPlacement === 'top' && {
-    flexDirection: 'column-reverse',
-    marginLeft: 16
-  }, ownerState.labelPlacement === 'bottom' && {
-    flexDirection: 'column',
-    marginLeft: 16
-  }, defineProperty_defineProperty({}, "& .".concat(FormControlLabel_formControlLabelClasses.label), defineProperty_defineProperty({}, "&.".concat(FormControlLabel_formControlLabelClasses.disabled), {
-    color: (theme.vars || theme).palette.text.disabled
-  })));
-});
-var AsteriskComponent = styles_styled('span', {
-  name: 'MuiFormControlLabel',
-  slot: 'Asterisk',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.asterisk;
-  }
-})(function (_ref4) {
-  var theme = _ref4.theme;
-  return defineProperty_defineProperty({}, "&.".concat(FormControlLabel_formControlLabelClasses.error), {
-    color: (theme.vars || theme).palette.error.main
-  });
-});
-
-/**
- * Drop-in replacement of the `Radio`, `Switch` and `Checkbox` component.
- * Use this component if you want to display an extra label.
- */
-var FormControlLabel = /*#__PURE__*/react.forwardRef(function FormControlLabel(inProps, ref) {
-  var _ref, _slotProps$typography;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiFormControlLabel'
-  });
-  var className = props.className,
-    _props$componentsProp = props.componentsProps,
-    componentsProps = _props$componentsProp === void 0 ? {} : _props$componentsProp,
-    control = props.control,
-    disabledProp = props.disabled,
-    disableTypography = props.disableTypography,
-    labelProp = props.label,
-    _props$labelPlacement = props.labelPlacement,
-    labelPlacement = _props$labelPlacement === void 0 ? 'end' : _props$labelPlacement,
-    requiredProp = props.required,
-    _props$slotProps = props.slotProps,
-    slotProps = _props$slotProps === void 0 ? {} : _props$slotProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, FormControlLabel_excluded);
-  var muiFormControl = useFormControl();
-  var disabled = (_ref = disabledProp != null ? disabledProp : control.props.disabled) != null ? _ref : muiFormControl == null ? void 0 : muiFormControl.disabled;
-  var required = requiredProp != null ? requiredProp : control.props.required;
-  var controlProps = {
-    disabled: disabled,
-    required: required
-  };
-  ['checked', 'name', 'onChange', 'value', 'inputRef'].forEach(function (key) {
-    if (typeof control.props[key] === 'undefined' && typeof props[key] !== 'undefined') {
-      controlProps[key] = props[key];
-    }
-  });
-  var fcs = formControlState({
-    props: props,
-    muiFormControl: muiFormControl,
-    states: ['error']
-  });
-  var ownerState = extends_extends({}, props, {
-    disabled: disabled,
-    labelPlacement: labelPlacement,
-    required: required,
-    error: fcs.error
-  });
-  var classes = FormControlLabel_useUtilityClasses(ownerState);
-  var typographySlotProps = (_slotProps$typography = slotProps.typography) != null ? _slotProps$typography : componentsProps.typography;
-  var label = labelProp;
-  if (label != null && label.type !== Typography_Typography && !disableTypography) {
-    label = /*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography, extends_extends({
-      component: "span"
-    }, typographySlotProps, {
-      className: clsx_m(classes.label, typographySlotProps == null ? void 0 : typographySlotProps.className),
-      children: label
-    }));
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(FormControlLabelRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    ownerState: ownerState,
-    ref: ref
-  }, other, {
-    children: [/*#__PURE__*/react.cloneElement(control, controlProps), label, required && /*#__PURE__*/(0,jsx_runtime.jsxs)(AsteriskComponent, {
-      ownerState: ownerState,
-      "aria-hidden": true,
-      className: classes.asterisk,
-      children: ["\u2009", '*']
-    })]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var FormControlLabel_FormControlLabel = (FormControlLabel);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/switchBaseClasses.js
-
-
-function getSwitchBaseUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('PrivateSwitchBase', slot);
-}
-var switchBaseClasses = generateUtilityClasses('PrivateSwitchBase', ['root', 'checked', 'disabled', 'input', 'edgeStart', 'edgeEnd']);
-/* harmony default export */ var internal_switchBaseClasses = ((/* unused pure expression or super */ null && (switchBaseClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/SwitchBase.js
-
-
-
-var SwitchBase_excluded = ["autoFocus", "checked", "checkedIcon", "className", "defaultChecked", "disabled", "disableFocusRipple", "edge", "icon", "id", "inputProps", "inputRef", "name", "onBlur", "onChange", "onFocus", "readOnly", "required", "tabIndex", "type", "value"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-var SwitchBase_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    checked = ownerState.checked,
-    disabled = ownerState.disabled,
-    edge = ownerState.edge;
-  var slots = {
-    root: ['root', checked && 'checked', disabled && 'disabled', edge && "edge".concat(utils_capitalize(edge))],
-    input: ['input']
-  };
-  return composeClasses(slots, getSwitchBaseUtilityClass, classes);
-};
-var SwitchBaseRoot = styles_styled(ButtonBase_ButtonBase)(function (_ref) {
-  var ownerState = _ref.ownerState;
-  return extends_extends({
-    padding: 9,
-    borderRadius: '50%'
-  }, ownerState.edge === 'start' && {
-    marginLeft: ownerState.size === 'small' ? -3 : -12
-  }, ownerState.edge === 'end' && {
-    marginRight: ownerState.size === 'small' ? -3 : -12
-  });
-});
-var SwitchBaseInput = styles_styled('input')({
-  cursor: 'inherit',
-  position: 'absolute',
-  opacity: 0,
-  width: '100%',
-  height: '100%',
-  top: 0,
-  left: 0,
-  margin: 0,
-  padding: 0,
-  zIndex: 1
-});
-
-/**
- * @ignore - internal component.
- */
-var SwitchBase = /*#__PURE__*/react.forwardRef(function SwitchBase(props, ref) {
-  var autoFocus = props.autoFocus,
-    checkedProp = props.checked,
-    checkedIcon = props.checkedIcon,
-    className = props.className,
-    defaultChecked = props.defaultChecked,
-    disabledProp = props.disabled,
-    _props$disableFocusRi = props.disableFocusRipple,
-    disableFocusRipple = _props$disableFocusRi === void 0 ? false : _props$disableFocusRi,
-    _props$edge = props.edge,
-    edge = _props$edge === void 0 ? false : _props$edge,
-    icon = props.icon,
-    id = props.id,
-    inputProps = props.inputProps,
-    inputRef = props.inputRef,
-    name = props.name,
-    onBlur = props.onBlur,
-    onChange = props.onChange,
-    onFocus = props.onFocus,
-    readOnly = props.readOnly,
-    _props$required = props.required,
-    required = _props$required === void 0 ? false : _props$required,
-    tabIndex = props.tabIndex,
-    type = props.type,
-    value = props.value,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, SwitchBase_excluded);
-  var _useControlled = utils_useControlled({
-      controlled: checkedProp,
-      default: Boolean(defaultChecked),
-      name: 'SwitchBase',
-      state: 'checked'
-    }),
-    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
-    checked = _useControlled2[0],
-    setCheckedState = _useControlled2[1];
-  var muiFormControl = useFormControl();
-  var handleFocus = function handleFocus(event) {
-    if (onFocus) {
-      onFocus(event);
-    }
-    if (muiFormControl && muiFormControl.onFocus) {
-      muiFormControl.onFocus(event);
-    }
-  };
-  var handleBlur = function handleBlur(event) {
-    if (onBlur) {
-      onBlur(event);
-    }
-    if (muiFormControl && muiFormControl.onBlur) {
-      muiFormControl.onBlur(event);
-    }
-  };
-  var handleInputChange = function handleInputChange(event) {
-    // Workaround for https://github.com/facebook/react/issues/9023
-    if (event.nativeEvent.defaultPrevented) {
-      return;
-    }
-    var newChecked = event.target.checked;
-    setCheckedState(newChecked);
-    if (onChange) {
-      // TODO v6: remove the second argument.
-      onChange(event, newChecked);
-    }
-  };
-  var disabled = disabledProp;
-  if (muiFormControl) {
-    if (typeof disabled === 'undefined') {
-      disabled = muiFormControl.disabled;
-    }
-  }
-  var hasLabelFor = type === 'checkbox' || type === 'radio';
-  var ownerState = extends_extends({}, props, {
-    checked: checked,
-    disabled: disabled,
-    disableFocusRipple: disableFocusRipple,
-    edge: edge
-  });
-  var classes = SwitchBase_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(SwitchBaseRoot, extends_extends({
-    component: "span",
-    className: clsx_m(classes.root, className),
-    centerRipple: true,
-    focusRipple: !disableFocusRipple,
-    disabled: disabled,
-    tabIndex: null,
-    role: undefined,
-    onFocus: handleFocus,
-    onBlur: handleBlur,
-    ownerState: ownerState,
-    ref: ref
-  }, other, {
-    children: [/*#__PURE__*/(0,jsx_runtime.jsx)(SwitchBaseInput, extends_extends({
-      autoFocus: autoFocus,
-      checked: checkedProp,
-      defaultChecked: defaultChecked,
-      className: classes.input,
-      disabled: disabled,
-      id: hasLabelFor ? id : undefined,
-      name: name,
-      onChange: handleInputChange,
-      readOnly: readOnly,
-      ref: inputRef,
-      required: required,
-      ownerState: ownerState,
-      tabIndex: tabIndex,
-      type: type
-    }, type === 'checkbox' && value === undefined ? {} : {
-      value: value
-    }, inputProps)), checked ? checkedIcon : icon]
-  }));
-});
-
-// NB: If changed, please update Checkbox, Switch and Radio
-// so that the API documentation is updated.
- false ? 0 : void 0;
-/* harmony default export */ var internal_SwitchBase = (SwitchBase);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/CheckBoxOutlineBlank.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var CheckBoxOutlineBlank = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19 5v14H5V5h14m0-2H5c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2z"
-}), 'CheckBoxOutlineBlank'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/CheckBox.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var CheckBox = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19 3H5c-1.11 0-2 .9-2 2v14c0 1.1.89 2 2 2h14c1.11 0 2-.9 2-2V5c0-1.1-.89-2-2-2zm-9 14l-5-5 1.41-1.41L10 14.17l7.59-7.59L19 8l-9 9z"
-}), 'CheckBox'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/internal/svg-icons/IndeterminateCheckBox.js
-
-
-
-/**
- * @ignore - internal component.
- */
-
-/* harmony default export */ var IndeterminateCheckBox = (createSvgIcon( /*#__PURE__*/(0,jsx_runtime.jsx)("path", {
-  d: "M19 3H5c-1.1 0-2 .9-2 2v14c0 1.1.9 2 2 2h14c1.1 0 2-.9 2-2V5c0-1.1-.9-2-2-2zm-2 10H7v-2h10v2z"
-}), 'IndeterminateCheckBox'));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Checkbox/checkboxClasses.js
-
-
-function getCheckboxUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiCheckbox', slot);
-}
-var checkboxClasses = generateUtilityClasses('MuiCheckbox', ['root', 'checked', 'disabled', 'indeterminate', 'colorPrimary', 'colorSecondary']);
-/* harmony default export */ var Checkbox_checkboxClasses = (checkboxClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Checkbox/Checkbox.js
-
-
-
-var Checkbox_excluded = ["checkedIcon", "color", "icon", "indeterminate", "indeterminateIcon", "inputProps", "size", "className"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var Checkbox_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes,
-    indeterminate = ownerState.indeterminate,
-    color = ownerState.color;
-  var slots = {
-    root: ['root', indeterminate && 'indeterminate', "color".concat(utils_capitalize(color))]
-  };
-  var composedClasses = composeClasses(slots, getCheckboxUtilityClass, classes);
-  return extends_extends({}, classes, composedClasses);
-};
-var CheckboxRoot = styles_styled(internal_SwitchBase, {
-  shouldForwardProp: function shouldForwardProp(prop) {
-    return rootShouldForwardProp(prop) || prop === 'classes';
-  },
-  name: 'MuiCheckbox',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, ownerState.indeterminate && styles.indeterminate, ownerState.color !== 'default' && styles["color".concat(utils_capitalize(ownerState.color))]];
-  }
-})(function (_ref) {
-  var _ref2;
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    color: (theme.vars || theme).palette.text.secondary
-  }, !ownerState.disableRipple && {
-    '&:hover': {
-      backgroundColor: theme.vars ? "rgba(".concat(ownerState.color === 'default' ? theme.vars.palette.action.activeChannel : theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.hoverOpacity, ")") : alpha(ownerState.color === 'default' ? theme.palette.action.active : theme.palette[ownerState.color].main, theme.palette.action.hoverOpacity),
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, ownerState.color !== 'default' && (_ref2 = {}, defineProperty_defineProperty(_ref2, "&.".concat(Checkbox_checkboxClasses.checked, ", &.").concat(Checkbox_checkboxClasses.indeterminate), {
-    color: (theme.vars || theme).palette[ownerState.color].main
-  }), defineProperty_defineProperty(_ref2, "&.".concat(Checkbox_checkboxClasses.disabled), {
-    color: (theme.vars || theme).palette.action.disabled
-  }), _ref2));
-});
-var defaultCheckedIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(CheckBox, {});
-var defaultIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(CheckBoxOutlineBlank, {});
-var defaultIndeterminateIcon = /*#__PURE__*/(0,jsx_runtime.jsx)(IndeterminateCheckBox, {});
-var Checkbox = /*#__PURE__*/react.forwardRef(function Checkbox(inProps, ref) {
-  var _icon$props$fontSize, _indeterminateIcon$pr;
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiCheckbox'
-  });
-  var _props$checkedIcon = props.checkedIcon,
-    checkedIcon = _props$checkedIcon === void 0 ? defaultCheckedIcon : _props$checkedIcon,
-    _props$color = props.color,
-    color = _props$color === void 0 ? 'primary' : _props$color,
-    _props$icon = props.icon,
-    iconProp = _props$icon === void 0 ? defaultIcon : _props$icon,
-    _props$indeterminate = props.indeterminate,
-    indeterminate = _props$indeterminate === void 0 ? false : _props$indeterminate,
-    _props$indeterminateI = props.indeterminateIcon,
-    indeterminateIconProp = _props$indeterminateI === void 0 ? defaultIndeterminateIcon : _props$indeterminateI,
-    inputProps = props.inputProps,
-    _props$size = props.size,
-    size = _props$size === void 0 ? 'medium' : _props$size,
-    className = props.className,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Checkbox_excluded);
-  var icon = indeterminate ? indeterminateIconProp : iconProp;
-  var indeterminateIcon = indeterminate ? indeterminateIconProp : checkedIcon;
-  var ownerState = extends_extends({}, props, {
-    color: color,
-    indeterminate: indeterminate,
-    size: size
-  });
-  var classes = Checkbox_useUtilityClasses(ownerState);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxRoot, extends_extends({
-    type: "checkbox",
-    inputProps: extends_extends({
-      'data-indeterminate': indeterminate
-    }, inputProps),
-    icon: /*#__PURE__*/react.cloneElement(icon, {
-      fontSize: (_icon$props$fontSize = icon.props.fontSize) != null ? _icon$props$fontSize : size
-    }),
-    checkedIcon: /*#__PURE__*/react.cloneElement(indeterminateIcon, {
-      fontSize: (_indeterminateIcon$pr = indeterminateIcon.props.fontSize) != null ? _indeterminateIcon$pr : size
-    }),
-    ownerState: ownerState,
-    ref: ref,
-    className: clsx_m(classes.root, className)
-  }, other, {
-    classes: classes
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var Checkbox_Checkbox = (Checkbox);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/TreeViewContext.js
-
-
-/**
- * @ignore - internal component.
- */
-var TreeViewContext = /*#__PURE__*/react.createContext({});
-if (false) {}
-/* harmony default export */ var TreeView_TreeViewContext = (TreeViewContext);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/descendants.js
-
-
-
-var descendants_excluded = ["element"];
-
-
-
-
-/** Credit: https://github.com/reach/reach-ui/blob/86a046f54d53b6420e392b3fa56dd991d9d4e458/packages/descendants/README.md
- *  Modified slightly to suit our purposes.
- */
-
-// To replace with .findIndex() once we stop IE11 support.
-
-function findIndex(array, comp) {
-  for (var i = 0; i < array.length; i += 1) {
-    if (comp(array[i])) {
-      return i;
-    }
-  }
-  return -1;
-}
-function binaryFindElement(array, element) {
-  var start = 0;
-  var end = array.length - 1;
-  while (start <= end) {
-    var middle = Math.floor((start + end) / 2);
-    if (array[middle].element === element) {
-      return middle;
-    }
-
-    // eslint-disable-next-line no-bitwise
-    if (array[middle].element.compareDocumentPosition(element) & Node.DOCUMENT_POSITION_PRECEDING) {
-      end = middle - 1;
-    } else {
-      start = middle + 1;
-    }
-  }
-  return start;
-}
-var DescendantContext = /*#__PURE__*/react.createContext({});
-if (false) {}
-function usePrevious(value) {
-  var ref = react.useRef(null);
-  react.useEffect(function () {
-    ref.current = value;
-  }, [value]);
-  return ref.current;
-}
-var descendants_noop = function noop() {};
-
-/**
- * This hook registers our descendant by passing it into an array. We can then
- * search that array by to find its index when registering it in the component.
- * We use this for focus management, keyboard navigation, and typeahead
- * functionality for some components.
- *
- * The hook accepts the element node
- *
- * Our main goals with this are:
- *   1) maximum composability,
- *   2) minimal API friction
- *   3) SSR compatibility*
- *   4) concurrent safe
- *   5) index always up-to-date with the tree despite changes
- *   6) works with memoization of any component in the tree (hopefully)
- *
- * * As for SSR, the good news is that we don't actually need the index on the
- * server for most use-cases, as we are only using it to determine the order of
- * composed descendants for keyboard navigation.
- */
-function useDescendant(descendant) {
-  var _React$useState = react.useState(),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    forceUpdate = _React$useState2[1];
-  var _React$useContext = react.useContext(DescendantContext),
-    _React$useContext$reg = _React$useContext.registerDescendant,
-    registerDescendant = _React$useContext$reg === void 0 ? descendants_noop : _React$useContext$reg,
-    _React$useContext$unr = _React$useContext.unregisterDescendant,
-    unregisterDescendant = _React$useContext$unr === void 0 ? descendants_noop : _React$useContext$unr,
-    _React$useContext$des = _React$useContext.descendants,
-    descendants = _React$useContext$des === void 0 ? [] : _React$useContext$des,
-    _React$useContext$par = _React$useContext.parentId,
-    parentId = _React$useContext$par === void 0 ? null : _React$useContext$par;
-
-  // This will initially return -1 because we haven't registered the descendant
-  // on the first render. After we register, this will then return the correct
-  // index on the following render and we will re-register descendants
-  // so that everything is up-to-date before the user interacts with a
-  // collection.
-  var index = findIndex(descendants, function (item) {
-    return item.element === descendant.element;
-  });
-  var previousDescendants = usePrevious(descendants);
-
-  // We also need to re-register descendants any time ANY of the other
-  // descendants have changed. My brain was melting when I wrote this and it
-  // feels a little off, but checking in render and using the result in the
-  // effect's dependency array works well enough.
-  var someDescendantsHaveChanged = descendants.some(function (newDescendant, position) {
-    return previousDescendants && previousDescendants[position] && previousDescendants[position].element !== newDescendant.element;
-  });
-
-  // Prevent any flashing
-  utils_useEnhancedEffect(function () {
-    if (descendant.element) {
-      registerDescendant(extends_extends({}, descendant, {
-        index: index
-      }));
-      return function () {
-        unregisterDescendant(descendant.element);
-      };
-    }
-    forceUpdate({});
-    return undefined;
-  }, [registerDescendant, unregisterDescendant, index, someDescendantsHaveChanged, descendant]);
-  return {
-    parentId: parentId,
-    index: index
-  };
-}
-function DescendantProvider(props) {
-  var children = props.children,
-    id = props.id;
-  var _React$useState3 = react.useState([]),
-    _React$useState4 = slicedToArray_slicedToArray(_React$useState3, 2),
-    items = _React$useState4[0],
-    set = _React$useState4[1];
-  var registerDescendant = react.useCallback(function (_ref) {
-    var element = _ref.element,
-      other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(_ref, descendants_excluded);
-    set(function (oldItems) {
-      var newItems;
-      if (oldItems.length === 0) {
-        // If there are no items, register at index 0 and bail.
-        return [extends_extends({}, other, {
-          element: element,
-          index: 0
-        })];
-      }
-      var index = binaryFindElement(oldItems, element);
-      if (oldItems[index] && oldItems[index].element === element) {
-        // If the element is already registered, just use the same array
-        newItems = oldItems;
-      } else {
-        // When registering a descendant, we need to make sure we insert in
-        // into the array in the same order that it appears in the DOM. So as
-        // new descendants are added or maybe some are removed, we always know
-        // that the array is up-to-date and correct.
-        //
-        // So here we look at our registered descendants and see if the new
-        // element we are adding appears earlier than an existing descendant's
-        // DOM node via `node.compareDocumentPosition`. If it does, we insert
-        // the new element at this index. Because `registerDescendant` will be
-        // called in an effect every time the descendants state value changes,
-        // we should be sure that this index is accurate when descendent
-        // elements come or go from our component.
-
-        var newItem = extends_extends({}, other, {
-          element: element,
-          index: index
-        });
-
-        // If an index is not found we will push the element to the end.
-        newItems = oldItems.slice();
-        newItems.splice(index, 0, newItem);
-      }
-      newItems.forEach(function (item, position) {
-        item.index = position;
-      });
-      return newItems;
-    });
-  }, []);
-  var unregisterDescendant = react.useCallback(function (element) {
-    set(function (oldItems) {
-      return oldItems.filter(function (item) {
-        return element !== item.element;
-      });
-    });
-  }, []);
-  var value = react.useMemo(function () {
-    return {
-      descendants: items,
-      registerDescendant: registerDescendant,
-      unregisterDescendant: unregisterDescendant,
-      parentId: id
-    };
-  }, [items, registerDescendant, unregisterDescendant, id]);
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantContext.Provider, {
-    value: value,
-    children: children
-  });
-}
- false ? 0 : void 0;
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/treeViewClasses.js
-
-
-function getTreeViewUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTreeView', slot);
-}
-var treeViewClasses = generateUtilityClasses('MuiTreeView', ['root']);
-/* harmony default export */ var TreeView_treeViewClasses = ((/* unused pure expression or super */ null && (treeViewClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeView/TreeView.js
-
-
-
-var TreeView_excluded = ["children", "className", "defaultCollapseIcon", "defaultEndIcon", "defaultExpanded", "defaultExpandIcon", "defaultParentIcon", "defaultSelected", "disabledItemsFocusable", "disableSelection", "expanded", "id", "multiSelect", "onBlur", "onFocus", "onKeyDown", "onNodeFocus", "onNodeSelect", "onNodeToggle", "selected"];
-
-
-
-
-
-
-
-
-
-
-var TreeView_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root']
-  };
-  return composeClasses(slots, getTreeViewUtilityClass, classes);
-};
-var TreeViewRoot = styles_styled('ul', {
-  name: 'MuiTreeView',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  padding: 0,
-  margin: 0,
-  listStyle: 'none',
-  outline: 0
-});
-function isPrintableCharacter(string) {
-  return string && string.length === 1 && string.match(/\S/);
-}
-function findNextFirstChar(firstChars, startIndex, char) {
-  for (var i = startIndex; i < firstChars.length; i += 1) {
-    if (char === firstChars[i]) {
-      return i;
-    }
-  }
-  return -1;
-}
-function noopSelection() {
-  return false;
-}
-var defaultDefaultExpanded = [];
-var defaultDefaultSelected = [];
-var TreeView = /*#__PURE__*/react.forwardRef(function TreeView(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTreeView'
-  });
-  var children = props.children,
-    className = props.className,
-    defaultCollapseIcon = props.defaultCollapseIcon,
-    defaultEndIcon = props.defaultEndIcon,
-    _props$defaultExpande = props.defaultExpanded,
-    defaultExpanded = _props$defaultExpande === void 0 ? defaultDefaultExpanded : _props$defaultExpande,
-    defaultExpandIcon = props.defaultExpandIcon,
-    defaultParentIcon = props.defaultParentIcon,
-    _props$defaultSelecte = props.defaultSelected,
-    defaultSelected = _props$defaultSelecte === void 0 ? defaultDefaultSelected : _props$defaultSelecte,
-    _props$disabledItemsF = props.disabledItemsFocusable,
-    disabledItemsFocusable = _props$disabledItemsF === void 0 ? false : _props$disabledItemsF,
-    _props$disableSelecti = props.disableSelection,
-    disableSelection = _props$disableSelecti === void 0 ? false : _props$disableSelecti,
-    expandedProp = props.expanded,
-    idProp = props.id,
-    _props$multiSelect = props.multiSelect,
-    multiSelect = _props$multiSelect === void 0 ? false : _props$multiSelect,
-    onBlur = props.onBlur,
-    onFocus = props.onFocus,
-    onKeyDown = props.onKeyDown,
-    onNodeFocus = props.onNodeFocus,
-    onNodeSelect = props.onNodeSelect,
-    onNodeToggle = props.onNodeToggle,
-    selectedProp = props.selected,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeView_excluded);
-  var theme = styles_useTheme_useTheme();
-  var isRtl = theme.direction === 'rtl';
-  var ownerState = extends_extends({}, props, {
-    defaultExpanded: defaultExpanded,
-    defaultSelected: defaultSelected,
-    disabledItemsFocusable: disabledItemsFocusable,
-    disableSelection: disableSelection,
-    multiSelect: multiSelect
-  });
-  var classes = TreeView_useUtilityClasses(ownerState);
-  var treeId = utils_useId(idProp);
-  var treeRef = react.useRef(null);
-  var handleRef = utils_useForkRef(treeRef, ref);
-  var _React$useState = react.useState(null),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    focusedNodeId = _React$useState2[0],
-    setFocusedNodeId = _React$useState2[1];
-  var nodeMap = react.useRef({});
-  var firstCharMap = react.useRef({});
-  var _useControlled = utils_useControlled({
-      controlled: expandedProp,
-      default: defaultExpanded,
-      name: 'TreeView',
-      state: 'expanded'
-    }),
-    _useControlled2 = slicedToArray_slicedToArray(_useControlled, 2),
-    expanded = _useControlled2[0],
-    setExpandedState = _useControlled2[1];
-  var _useControlled3 = utils_useControlled({
-      controlled: selectedProp,
-      default: defaultSelected,
-      name: 'TreeView',
-      state: 'selected'
-    }),
-    _useControlled4 = slicedToArray_slicedToArray(_useControlled3, 2),
-    selected = _useControlled4[0],
-    setSelectedState = _useControlled4[1];
-
-  /*
-   * Status Helpers
-   */
-  var isExpanded = react.useCallback(function (id) {
-    return Array.isArray(expanded) ? expanded.indexOf(id) !== -1 : false;
-  }, [expanded]);
-  var isExpandable = react.useCallback(function (id) {
-    return nodeMap.current[id] && nodeMap.current[id].expandable;
-  }, []);
-  var isSelected = react.useCallback(function (id) {
-    return Array.isArray(selected) ? selected.indexOf(id) !== -1 : selected === id;
-  }, [selected]);
-  var isDisabled = react.useCallback(function (id) {
-    var node = nodeMap.current[id];
-
-    // This can be called before the node has been added to the node map.
-    if (!node) {
-      return false;
-    }
-    if (node.disabled) {
-      return true;
-    }
-    while (node.parentId != null) {
-      node = nodeMap.current[node.parentId];
-      if (node.disabled) {
-        return true;
-      }
-    }
-    return false;
-  }, []);
-  var isFocused = function isFocused(id) {
-    return focusedNodeId === id;
-  };
-
-  /*
-   * Child Helpers
-   */
-
-  // Using Object.keys -> .map to mimic Object.values we should replace with Object.values() once we stop IE11 support.
-  var getChildrenIds = function getChildrenIds(id) {
-    return Object.keys(nodeMap.current).map(function (key) {
-      return nodeMap.current[key];
-    }).filter(function (node) {
-      return node.parentId === id;
-    }).sort(function (a, b) {
-      return a.index - b.index;
-    }).map(function (child) {
-      return child.id;
-    });
-  };
-  var getNavigableChildrenIds = function getNavigableChildrenIds(id) {
-    var childrenIds = getChildrenIds(id);
-    if (!disabledItemsFocusable) {
-      childrenIds = childrenIds.filter(function (node) {
-        return !isDisabled(node);
-      });
-    }
-    return childrenIds;
-  };
-
-  /*
-   * Node Helpers
-   */
-
-  var getNextNode = function getNextNode(id) {
-    // If expanded get first child
-    if (isExpanded(id) && getNavigableChildrenIds(id).length > 0) {
-      return getNavigableChildrenIds(id)[0];
-    }
-    var node = nodeMap.current[id];
-    while (node != null) {
-      // Try to get next sibling
-      var siblings = getNavigableChildrenIds(node.parentId);
-      var nextSibling = siblings[siblings.indexOf(node.id) + 1];
-      if (nextSibling) {
-        return nextSibling;
-      }
-
-      // If the sibling does not exist, go up a level to the parent and try again.
-      node = nodeMap.current[node.parentId];
-    }
-    return null;
-  };
-  var getPreviousNode = function getPreviousNode(id) {
-    var node = nodeMap.current[id];
-    var siblings = getNavigableChildrenIds(node.parentId);
-    var nodeIndex = siblings.indexOf(id);
-    if (nodeIndex === 0) {
-      return node.parentId;
-    }
-    var currentNode = siblings[nodeIndex - 1];
-    while (isExpanded(currentNode) && getNavigableChildrenIds(currentNode).length > 0) {
-      currentNode = getNavigableChildrenIds(currentNode).pop();
-    }
-    return currentNode;
-  };
-  var getLastNode = function getLastNode() {
-    var lastNode = getNavigableChildrenIds(null).pop();
-    while (isExpanded(lastNode)) {
-      lastNode = getNavigableChildrenIds(lastNode).pop();
-    }
-    return lastNode;
-  };
-  var getFirstNode = function getFirstNode() {
-    return getNavigableChildrenIds(null)[0];
-  };
-  var getParent = function getParent(id) {
-    return nodeMap.current[id].parentId;
-  };
-
-  /**
-   * This is used to determine the start and end of a selection range so
-   * we can get the nodes between the two border nodes.
-   *
-   * It finds the nodes' common ancestor using
-   * a naive implementation of a lowest common ancestor algorithm
-   * (https://en.wikipedia.org/wiki/Lowest_common_ancestor).
-   * Then compares the ancestor's 2 children that are ancestors of nodeA and NodeB
-   * so we can compare their indexes to work out which node comes first in a depth first search.
-   * (https://en.wikipedia.org/wiki/Depth-first_search)
-   *
-   * Another way to put it is which node is shallower in a trémaux tree
-   * https://en.wikipedia.org/wiki/Tr%C3%A9maux_tree
-   */
-  var findOrderInTremauxTree = function findOrderInTremauxTree(nodeAId, nodeBId) {
-    if (nodeAId === nodeBId) {
-      return [nodeAId, nodeBId];
-    }
-    var nodeA = nodeMap.current[nodeAId];
-    var nodeB = nodeMap.current[nodeBId];
-    if (nodeA.parentId === nodeB.id || nodeB.parentId === nodeA.id) {
-      return nodeB.parentId === nodeA.id ? [nodeA.id, nodeB.id] : [nodeB.id, nodeA.id];
-    }
-    var aFamily = [nodeA.id];
-    var bFamily = [nodeB.id];
-    var aAncestor = nodeA.parentId;
-    var bAncestor = nodeB.parentId;
-    var aAncestorIsCommon = bFamily.indexOf(aAncestor) !== -1;
-    var bAncestorIsCommon = aFamily.indexOf(bAncestor) !== -1;
-    var continueA = true;
-    var continueB = true;
-    while (!bAncestorIsCommon && !aAncestorIsCommon) {
-      if (continueA) {
-        aFamily.push(aAncestor);
-        aAncestorIsCommon = bFamily.indexOf(aAncestor) !== -1;
-        continueA = aAncestor !== null;
-        if (!aAncestorIsCommon && continueA) {
-          aAncestor = nodeMap.current[aAncestor].parentId;
-        }
-      }
-      if (continueB && !aAncestorIsCommon) {
-        bFamily.push(bAncestor);
-        bAncestorIsCommon = aFamily.indexOf(bAncestor) !== -1;
-        continueB = bAncestor !== null;
-        if (!bAncestorIsCommon && continueB) {
-          bAncestor = nodeMap.current[bAncestor].parentId;
-        }
-      }
-    }
-    var commonAncestor = aAncestorIsCommon ? aAncestor : bAncestor;
-    var ancestorFamily = getChildrenIds(commonAncestor);
-    var aSide = aFamily[aFamily.indexOf(commonAncestor) - 1];
-    var bSide = bFamily[bFamily.indexOf(commonAncestor) - 1];
-    return ancestorFamily.indexOf(aSide) < ancestorFamily.indexOf(bSide) ? [nodeAId, nodeBId] : [nodeBId, nodeAId];
-  };
-  var getNodesInRange = function getNodesInRange(nodeA, nodeB) {
-    var _findOrderInTremauxTr = findOrderInTremauxTree(nodeA, nodeB),
-      _findOrderInTremauxTr2 = slicedToArray_slicedToArray(_findOrderInTremauxTr, 2),
-      first = _findOrderInTremauxTr2[0],
-      last = _findOrderInTremauxTr2[1];
-    var nodes = [first];
-    var current = first;
-    while (current !== last) {
-      current = getNextNode(current);
-      nodes.push(current);
-    }
-    return nodes;
-  };
-
-  /*
-   * Focus Helpers
-   */
-
-  var focus = function focus(event, id) {
-    if (id) {
-      setFocusedNodeId(id);
-      if (onNodeFocus) {
-        onNodeFocus(event, id);
-      }
-    }
-  };
-  var focusNextNode = function focusNextNode(event, id) {
-    return focus(event, getNextNode(id));
-  };
-  var focusPreviousNode = function focusPreviousNode(event, id) {
-    return focus(event, getPreviousNode(id));
-  };
-  var focusFirstNode = function focusFirstNode(event) {
-    return focus(event, getFirstNode());
-  };
-  var focusLastNode = function focusLastNode(event) {
-    return focus(event, getLastNode());
-  };
-  var focusByFirstCharacter = function focusByFirstCharacter(event, id, char) {
-    var start;
-    var index;
-    var lowercaseChar = char.toLowerCase();
-    var firstCharIds = [];
-    var firstChars = [];
-    // This really only works since the ids are strings
-    Object.keys(firstCharMap.current).forEach(function (nodeId) {
-      var firstChar = firstCharMap.current[nodeId];
-      var map = nodeMap.current[nodeId];
-      var visible = map.parentId ? isExpanded(map.parentId) : true;
-      var shouldBeSkipped = disabledItemsFocusable ? false : isDisabled(nodeId);
-      if (visible && !shouldBeSkipped) {
-        firstCharIds.push(nodeId);
-        firstChars.push(firstChar);
-      }
-    });
-
-    // Get start index for search based on position of currentItem
-    start = firstCharIds.indexOf(id) + 1;
-    if (start >= firstCharIds.length) {
-      start = 0;
-    }
-
-    // Check remaining slots in the menu
-    index = findNextFirstChar(firstChars, start, lowercaseChar);
-
-    // If not found in remaining slots, check from beginning
-    if (index === -1) {
-      index = findNextFirstChar(firstChars, 0, lowercaseChar);
-    }
-
-    // If match was found...
-    if (index > -1) {
-      focus(event, firstCharIds[index]);
-    }
-  };
-
-  /*
-   * Expansion Helpers
-   */
-
-  var toggleExpansion = function toggleExpansion(event) {
-    var value = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : focusedNodeId;
-    var newExpanded;
-    if (expanded.indexOf(value) !== -1) {
-      newExpanded = expanded.filter(function (id) {
-        return id !== value;
-      });
-    } else {
-      newExpanded = [value].concat(expanded);
-    }
-    if (onNodeToggle) {
-      onNodeToggle(event, newExpanded);
-    }
-    setExpandedState(newExpanded);
-  };
-  var expandAllSiblings = function expandAllSiblings(event, id) {
-    var map = nodeMap.current[id];
-    var siblings = getChildrenIds(map.parentId);
-    var diff = siblings.filter(function (child) {
-      return isExpandable(child) && !isExpanded(child);
-    });
-    var newExpanded = expanded.concat(diff);
-    if (diff.length > 0) {
-      setExpandedState(newExpanded);
-      if (onNodeToggle) {
-        onNodeToggle(event, newExpanded);
-      }
-    }
-  };
-
-  /*
-   * Selection Helpers
-   */
-
-  var lastSelectedNode = react.useRef(null);
-  var lastSelectionWasRange = react.useRef(false);
-  var currentRangeSelection = react.useRef([]);
-  var handleRangeArrowSelect = function handleRangeArrowSelect(event, nodes) {
-    var base = selected.slice();
-    var start = nodes.start,
-      next = nodes.next,
-      current = nodes.current;
-    if (!next || !current) {
-      return;
-    }
-    if (currentRangeSelection.current.indexOf(current) === -1) {
-      currentRangeSelection.current = [];
-    }
-    if (lastSelectionWasRange.current) {
-      if (currentRangeSelection.current.indexOf(next) !== -1) {
-        base = base.filter(function (id) {
-          return id === start || id !== current;
-        });
-        currentRangeSelection.current = currentRangeSelection.current.filter(function (id) {
-          return id === start || id !== current;
-        });
-      } else {
-        base.push(next);
-        currentRangeSelection.current.push(next);
-      }
-    } else {
-      base.push(next);
-      currentRangeSelection.current.push(current, next);
-    }
-    if (onNodeSelect) {
-      onNodeSelect(event, base);
-    }
-    setSelectedState(base);
-  };
-  var handleRangeSelect = function handleRangeSelect(event, nodes) {
-    var base = selected.slice();
-    var start = nodes.start,
-      end = nodes.end;
-    // If last selection was a range selection ignore nodes that were selected.
-    if (lastSelectionWasRange.current) {
-      base = base.filter(function (id) {
-        return currentRangeSelection.current.indexOf(id) === -1;
-      });
-    }
-    var range = getNodesInRange(start, end);
-    range = range.filter(function (node) {
-      return !isDisabled(node);
-    });
-    currentRangeSelection.current = range;
-    var newSelected = base.concat(range);
-    newSelected = newSelected.filter(function (id, i) {
-      return newSelected.indexOf(id) === i;
-    });
-    if (onNodeSelect) {
-      onNodeSelect(event, newSelected);
-    }
-    setSelectedState(newSelected);
-  };
-  var handleMultipleSelect = function handleMultipleSelect(event, value) {
-    var newSelected;
-    if (selected.indexOf(value) !== -1) {
-      newSelected = selected.filter(function (id) {
-        return id !== value;
-      });
-    } else {
-      newSelected = [value].concat(selected);
-    }
-    if (onNodeSelect) {
-      onNodeSelect(event, newSelected);
-    }
-    setSelectedState(newSelected);
-  };
-  var handleSingleSelect = function handleSingleSelect(event, value) {
-    var newSelected = multiSelect ? [value] : value;
-    if (onNodeSelect) {
-      onNodeSelect(event, newSelected);
-    }
-    setSelectedState(newSelected);
-  };
-  var selectNode = function selectNode(event, id) {
-    var multiple = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-    if (id) {
-      if (multiple) {
-        handleMultipleSelect(event, id);
-      } else {
-        handleSingleSelect(event, id);
-      }
-      lastSelectedNode.current = id;
-      lastSelectionWasRange.current = false;
-      currentRangeSelection.current = [];
-      return true;
-    }
-    return false;
-  };
-  var selectRange = function selectRange(event, nodes) {
-    var stacked = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-    var _nodes$start = nodes.start,
-      start = _nodes$start === void 0 ? lastSelectedNode.current : _nodes$start,
-      end = nodes.end,
-      current = nodes.current;
-    if (stacked) {
-      handleRangeArrowSelect(event, {
-        start: start,
-        next: end,
-        current: current
-      });
-    } else if (start != null && end != null) {
-      handleRangeSelect(event, {
-        start: start,
-        end: end
-      });
-    }
-    lastSelectionWasRange.current = true;
-  };
-  var rangeSelectToFirst = function rangeSelectToFirst(event, id) {
-    if (!lastSelectedNode.current) {
-      lastSelectedNode.current = id;
-    }
-    var start = lastSelectionWasRange.current ? lastSelectedNode.current : id;
-    selectRange(event, {
-      start: start,
-      end: getFirstNode()
-    });
-  };
-  var rangeSelectToLast = function rangeSelectToLast(event, id) {
-    if (!lastSelectedNode.current) {
-      lastSelectedNode.current = id;
-    }
-    var start = lastSelectionWasRange.current ? lastSelectedNode.current : id;
-    selectRange(event, {
-      start: start,
-      end: getLastNode()
-    });
-  };
-  var selectNextNode = function selectNextNode(event, id) {
-    if (!isDisabled(getNextNode(id))) {
-      selectRange(event, {
-        end: getNextNode(id),
-        current: id
-      }, true);
-    }
-  };
-  var selectPreviousNode = function selectPreviousNode(event, id) {
-    if (!isDisabled(getPreviousNode(id))) {
-      selectRange(event, {
-        end: getPreviousNode(id),
-        current: id
-      }, true);
-    }
-  };
-  var selectAllNodes = function selectAllNodes(event) {
-    selectRange(event, {
-      start: getFirstNode(),
-      end: getLastNode()
-    });
-  };
-
-  /*
-   * Mapping Helpers
-   */
-  var registerNode = react.useCallback(function (node) {
-    var id = node.id,
-      index = node.index,
-      parentId = node.parentId,
-      expandable = node.expandable,
-      idAttribute = node.idAttribute,
-      disabled = node.disabled;
-    nodeMap.current[id] = {
-      id: id,
-      index: index,
-      parentId: parentId,
-      expandable: expandable,
-      idAttribute: idAttribute,
-      disabled: disabled
-    };
-  }, []);
-  var unregisterNode = react.useCallback(function (id) {
-    var newMap = extends_extends({}, nodeMap.current);
-    delete newMap[id];
-    nodeMap.current = newMap;
-    setFocusedNodeId(function (oldFocusedNodeId) {
-      if (oldFocusedNodeId === id && treeRef.current === utils_ownerDocument(treeRef.current).activeElement) {
-        return getChildrenIds(null)[0];
-      }
-      return oldFocusedNodeId;
-    });
-  }, []);
-  var mapFirstChar = react.useCallback(function (id, firstChar) {
-    firstCharMap.current[id] = firstChar;
-  }, []);
-  var unMapFirstChar = react.useCallback(function (id) {
-    var newMap = extends_extends({}, firstCharMap.current);
-    delete newMap[id];
-    firstCharMap.current = newMap;
-  }, []);
-
-  /**
-   * Event handlers and Navigation
-   */
-
-  var handleNextArrow = function handleNextArrow(event) {
-    if (isExpandable(focusedNodeId)) {
-      if (isExpanded(focusedNodeId)) {
-        focusNextNode(event, focusedNodeId);
-      } else if (!isDisabled(focusedNodeId)) {
-        toggleExpansion(event);
-      }
-    }
-    return true;
-  };
-  var handlePreviousArrow = function handlePreviousArrow(event) {
-    if (isExpanded(focusedNodeId) && !isDisabled(focusedNodeId)) {
-      toggleExpansion(event, focusedNodeId);
-      return true;
-    }
-    var parent = getParent(focusedNodeId);
-    if (parent) {
-      focus(event, parent);
-      return true;
-    }
-    return false;
-  };
-  var handleKeyDown = function handleKeyDown(event) {
-    var flag = false;
-    var key = event.key;
-
-    // If the tree is empty there will be no focused node
-    if (event.altKey || event.currentTarget !== event.target || !focusedNodeId) {
-      return;
-    }
-    var ctrlPressed = event.ctrlKey || event.metaKey;
-    switch (key) {
-      case ' ':
-        if (!disableSelection && !isDisabled(focusedNodeId)) {
-          if (multiSelect && event.shiftKey) {
-            selectRange(event, {
-              end: focusedNodeId
-            });
-            flag = true;
-          } else if (multiSelect) {
-            flag = selectNode(event, focusedNodeId, true);
-          } else {
-            flag = selectNode(event, focusedNodeId);
-          }
-        }
-        event.stopPropagation();
-        break;
-      case 'Enter':
-        if (!isDisabled(focusedNodeId)) {
-          if (isExpandable(focusedNodeId)) {
-            toggleExpansion(event);
-            flag = true;
-          } else if (multiSelect) {
-            flag = selectNode(event, focusedNodeId, true);
-          } else {
-            flag = selectNode(event, focusedNodeId);
-          }
-        }
-        event.stopPropagation();
-        break;
-      case 'ArrowDown':
-        if (multiSelect && event.shiftKey && !disableSelection) {
-          selectNextNode(event, focusedNodeId);
-        }
-        focusNextNode(event, focusedNodeId);
-        flag = true;
-        break;
-      case 'ArrowUp':
-        if (multiSelect && event.shiftKey && !disableSelection) {
-          selectPreviousNode(event, focusedNodeId);
-        }
-        focusPreviousNode(event, focusedNodeId);
-        flag = true;
-        break;
-      case 'ArrowRight':
-        if (isRtl) {
-          flag = handlePreviousArrow(event);
-        } else {
-          flag = handleNextArrow(event);
-        }
-        break;
-      case 'ArrowLeft':
-        if (isRtl) {
-          flag = handleNextArrow(event);
-        } else {
-          flag = handlePreviousArrow(event);
-        }
-        break;
-      case 'Home':
-        if (multiSelect && ctrlPressed && event.shiftKey && !disableSelection && !isDisabled(focusedNodeId)) {
-          rangeSelectToFirst(event, focusedNodeId);
-        }
-        focusFirstNode(event);
-        flag = true;
-        break;
-      case 'End':
-        if (multiSelect && ctrlPressed && event.shiftKey && !disableSelection && !isDisabled(focusedNodeId)) {
-          rangeSelectToLast(event, focusedNodeId);
-        }
-        focusLastNode(event);
-        flag = true;
-        break;
-      default:
-        if (key === '*') {
-          expandAllSiblings(event, focusedNodeId);
-          flag = true;
-        } else if (multiSelect && ctrlPressed && key.toLowerCase() === 'a' && !disableSelection) {
-          selectAllNodes(event);
-          flag = true;
-        } else if (!ctrlPressed && !event.shiftKey && isPrintableCharacter(key)) {
-          focusByFirstCharacter(event, focusedNodeId, key);
-          flag = true;
-        }
-    }
-    if (flag) {
-      event.preventDefault();
-      event.stopPropagation();
-    }
-    if (onKeyDown) {
-      onKeyDown(event);
-    }
-  };
-  var handleFocus = function handleFocus(event) {
-    // if the event bubbled (which is React specific) we don't want to steal focus
-    if (event.target === event.currentTarget) {
-      var firstSelected = Array.isArray(selected) ? selected[0] : selected;
-      focus(event, firstSelected || getNavigableChildrenIds(null)[0]);
-    }
-    if (onFocus) {
-      onFocus(event);
-    }
-  };
-  var handleBlur = function handleBlur(event) {
-    setFocusedNodeId(null);
-    if (onBlur) {
-      onBlur(event);
-    }
-  };
-  var activeDescendant = nodeMap.current[focusedNodeId] ? nodeMap.current[focusedNodeId].idAttribute : null;
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TreeView_TreeViewContext.Provider, {
-    // TODO: fix this lint error
-    // eslint-disable-next-line react/jsx-no-constructed-context-values
-    value: {
-      icons: {
-        defaultCollapseIcon: defaultCollapseIcon,
-        defaultExpandIcon: defaultExpandIcon,
-        defaultParentIcon: defaultParentIcon,
-        defaultEndIcon: defaultEndIcon
-      },
-      focus: focus,
-      toggleExpansion: toggleExpansion,
-      isExpanded: isExpanded,
-      isExpandable: isExpandable,
-      isFocused: isFocused,
-      isSelected: isSelected,
-      isDisabled: isDisabled,
-      selectNode: disableSelection ? noopSelection : selectNode,
-      selectRange: disableSelection ? noopSelection : selectRange,
-      multiSelect: multiSelect,
-      disabledItemsFocusable: disabledItemsFocusable,
-      mapFirstChar: mapFirstChar,
-      unMapFirstChar: unMapFirstChar,
-      registerNode: registerNode,
-      unregisterNode: unregisterNode,
-      treeId: treeId
-    },
-    children: /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantProvider, {
-      children: /*#__PURE__*/(0,jsx_runtime.jsx)(TreeViewRoot, extends_extends({
-        role: "tree",
-        id: treeId,
-        "aria-activedescendant": activeDescendant,
-        "aria-multiselectable": multiSelect,
-        className: clsx_m(classes.root, className),
-        ref: handleRef,
-        tabIndex: 0,
-        onKeyDown: handleKeyDown,
-        onFocus: handleFocus,
-        onBlur: handleBlur,
-        ownerState: ownerState
-      }, other, {
-        children: children
-      }))
-    })
-  });
-});
- false ? 0 : void 0;
-/* harmony default export */ var TreeView_TreeView = (TreeView);
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Collapse/collapseClasses.js
-
-
-function getCollapseUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiCollapse', slot);
-}
-var collapseClasses = generateUtilityClasses('MuiCollapse', ['root', 'horizontal', 'vertical', 'entered', 'hidden', 'wrapper', 'wrapperInner']);
-/* harmony default export */ var Collapse_collapseClasses = ((/* unused pure expression or super */ null && (collapseClasses)));
-;// CONCATENATED MODULE: ./node_modules/@mui/material/Collapse/Collapse.js
-
-
-
-var Collapse_excluded = ["addEndListener", "children", "className", "collapsedSize", "component", "easing", "in", "onEnter", "onEntered", "onEntering", "onExit", "onExited", "onExiting", "orientation", "style", "timeout", "TransitionComponent"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var Collapse_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var orientation = ownerState.orientation,
-    classes = ownerState.classes;
-  var slots = {
-    root: ['root', "".concat(orientation)],
-    entered: ['entered'],
-    hidden: ['hidden'],
-    wrapper: ['wrapper', "".concat(orientation)],
-    wrapperInner: ['wrapperInner', "".concat(orientation)]
-  };
-  return composeClasses(slots, getCollapseUtilityClass, classes);
-};
-var CollapseRoot = styles_styled('div', {
-  name: 'MuiCollapse',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    var ownerState = props.ownerState;
-    return [styles.root, styles[ownerState.orientation], ownerState.state === 'entered' && styles.entered, ownerState.state === 'exited' && !ownerState.in && ownerState.collapsedSize === '0px' && styles.hidden];
-  }
-})(function (_ref) {
-  var theme = _ref.theme,
-    ownerState = _ref.ownerState;
-  return extends_extends({
-    height: 0,
-    overflow: 'hidden',
-    transition: theme.transitions.create('height')
-  }, ownerState.orientation === 'horizontal' && {
-    height: 'auto',
-    width: 0,
-    transition: theme.transitions.create('width')
-  }, ownerState.state === 'entered' && extends_extends({
-    height: 'auto',
-    overflow: 'visible'
-  }, ownerState.orientation === 'horizontal' && {
-    width: 'auto'
-  }), ownerState.state === 'exited' && !ownerState.in && ownerState.collapsedSize === '0px' && {
-    visibility: 'hidden'
-  });
-});
-var CollapseWrapper = styles_styled('div', {
-  name: 'MuiCollapse',
-  slot: 'Wrapper',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.wrapper;
-  }
-})(function (_ref2) {
-  var ownerState = _ref2.ownerState;
-  return extends_extends({
-    // Hack to get children with a negative margin to not falsify the height computation.
-    display: 'flex',
-    width: '100%'
-  }, ownerState.orientation === 'horizontal' && {
-    width: 'auto',
-    height: '100%'
-  });
-});
-var CollapseWrapperInner = styles_styled('div', {
-  name: 'MuiCollapse',
-  slot: 'WrapperInner',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.wrapperInner;
-  }
-})(function (_ref3) {
-  var ownerState = _ref3.ownerState;
-  return extends_extends({
-    width: '100%'
-  }, ownerState.orientation === 'horizontal' && {
-    width: 'auto',
-    height: '100%'
-  });
-});
-
-/**
- * The Collapse transition is used by the
- * [Vertical Stepper](/material-ui/react-stepper/#vertical-stepper) StepContent component.
- * It uses [react-transition-group](https://github.com/reactjs/react-transition-group) internally.
- */
-var Collapse = /*#__PURE__*/react.forwardRef(function Collapse(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiCollapse'
-  });
-  var addEndListener = props.addEndListener,
-    _children = props.children,
-    className = props.className,
-    _props$collapsedSize = props.collapsedSize,
-    collapsedSizeProp = _props$collapsedSize === void 0 ? '0px' : _props$collapsedSize,
-    component = props.component,
-    easing = props.easing,
-    inProp = props.in,
-    onEnter = props.onEnter,
-    onEntered = props.onEntered,
-    onEntering = props.onEntering,
-    onExit = props.onExit,
-    onExited = props.onExited,
-    onExiting = props.onExiting,
-    _props$orientation = props.orientation,
-    orientation = _props$orientation === void 0 ? 'vertical' : _props$orientation,
-    style = props.style,
-    _props$timeout = props.timeout,
-    timeout = _props$timeout === void 0 ? duration.standard : _props$timeout,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? esm_Transition : _props$TransitionComp,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, Collapse_excluded);
-  var ownerState = extends_extends({}, props, {
-    orientation: orientation,
-    collapsedSize: collapsedSizeProp
-  });
-  var classes = Collapse_useUtilityClasses(ownerState);
-  var theme = styles_useTheme_useTheme();
-  var timer = react.useRef();
-  var wrapperRef = react.useRef(null);
-  var autoTransitionDuration = react.useRef();
-  var collapsedSize = typeof collapsedSizeProp === 'number' ? "".concat(collapsedSizeProp, "px") : collapsedSizeProp;
-  var isHorizontal = orientation === 'horizontal';
-  var size = isHorizontal ? 'width' : 'height';
-  react.useEffect(function () {
-    return function () {
-      clearTimeout(timer.current);
-    };
-  }, []);
-  var nodeRef = react.useRef(null);
-  var handleRef = utils_useForkRef(ref, nodeRef);
-  var normalizedTransitionCallback = function normalizedTransitionCallback(callback) {
-    return function (maybeIsAppearing) {
-      if (callback) {
-        var node = nodeRef.current;
-
-        // onEnterXxx and onExitXxx callbacks have a different arguments.length value.
-        if (maybeIsAppearing === undefined) {
-          callback(node);
-        } else {
-          callback(node, maybeIsAppearing);
-        }
-      }
-    };
-  };
-  var getWrapperSize = function getWrapperSize() {
-    return wrapperRef.current ? wrapperRef.current[isHorizontal ? 'clientWidth' : 'clientHeight'] : 0;
-  };
-  var handleEnter = normalizedTransitionCallback(function (node, isAppearing) {
-    if (wrapperRef.current && isHorizontal) {
-      // Set absolute position to get the size of collapsed content
-      wrapperRef.current.style.position = 'absolute';
-    }
-    node.style[size] = collapsedSize;
-    if (onEnter) {
-      onEnter(node, isAppearing);
-    }
-  });
-  var handleEntering = normalizedTransitionCallback(function (node, isAppearing) {
-    var wrapperSize = getWrapperSize();
-    if (wrapperRef.current && isHorizontal) {
-      // After the size is read reset the position back to default
-      wrapperRef.current.style.position = '';
-    }
-    var _getTransitionProps = getTransitionProps({
-        style: style,
-        timeout: timeout,
-        easing: easing
-      }, {
-        mode: 'enter'
-      }),
-      transitionDuration = _getTransitionProps.duration,
-      transitionTimingFunction = _getTransitionProps.easing;
-    if (timeout === 'auto') {
-      var duration2 = theme.transitions.getAutoHeightDuration(wrapperSize);
-      node.style.transitionDuration = "".concat(duration2, "ms");
-      autoTransitionDuration.current = duration2;
-    } else {
-      node.style.transitionDuration = typeof transitionDuration === 'string' ? transitionDuration : "".concat(transitionDuration, "ms");
-    }
-    node.style[size] = "".concat(wrapperSize, "px");
-    node.style.transitionTimingFunction = transitionTimingFunction;
-    if (onEntering) {
-      onEntering(node, isAppearing);
-    }
-  });
-  var handleEntered = normalizedTransitionCallback(function (node, isAppearing) {
-    node.style[size] = 'auto';
-    if (onEntered) {
-      onEntered(node, isAppearing);
-    }
-  });
-  var handleExit = normalizedTransitionCallback(function (node) {
-    node.style[size] = "".concat(getWrapperSize(), "px");
-    if (onExit) {
-      onExit(node);
-    }
-  });
-  var handleExited = normalizedTransitionCallback(onExited);
-  var handleExiting = normalizedTransitionCallback(function (node) {
-    var wrapperSize = getWrapperSize();
-    var _getTransitionProps2 = getTransitionProps({
-        style: style,
-        timeout: timeout,
-        easing: easing
-      }, {
-        mode: 'exit'
-      }),
-      transitionDuration = _getTransitionProps2.duration,
-      transitionTimingFunction = _getTransitionProps2.easing;
-    if (timeout === 'auto') {
-      // TODO: rename getAutoHeightDuration to something more generic (width support)
-      // Actually it just calculates animation duration based on size
-      var duration2 = theme.transitions.getAutoHeightDuration(wrapperSize);
-      node.style.transitionDuration = "".concat(duration2, "ms");
-      autoTransitionDuration.current = duration2;
-    } else {
-      node.style.transitionDuration = typeof transitionDuration === 'string' ? transitionDuration : "".concat(transitionDuration, "ms");
-    }
-    node.style[size] = collapsedSize;
-    node.style.transitionTimingFunction = transitionTimingFunction;
-    if (onExiting) {
-      onExiting(node);
-    }
-  });
-  var handleAddEndListener = function handleAddEndListener(next) {
-    if (timeout === 'auto') {
-      timer.current = setTimeout(next, autoTransitionDuration.current || 0);
-    }
-    if (addEndListener) {
-      // Old call signature before `react-transition-group` implemented `nodeRef`
-      addEndListener(nodeRef.current, next);
-    }
-  };
-  return /*#__PURE__*/(0,jsx_runtime.jsx)(TransitionComponent, extends_extends({
-    in: inProp,
-    onEnter: handleEnter,
-    onEntered: handleEntered,
-    onEntering: handleEntering,
-    onExit: handleExit,
-    onExited: handleExited,
-    onExiting: handleExiting,
-    addEndListener: handleAddEndListener,
-    nodeRef: nodeRef,
-    timeout: timeout === 'auto' ? null : timeout
-  }, other, {
-    children: function children(state, childProps) {
-      return /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseRoot, extends_extends({
-        as: component,
-        className: clsx_m(classes.root, className, {
-          'entered': classes.entered,
-          'exited': !inProp && collapsedSize === '0px' && classes.hidden
-        }[state]),
-        style: extends_extends(defineProperty_defineProperty({}, isHorizontal ? 'minWidth' : 'minHeight', collapsedSize), style),
-        ownerState: extends_extends({}, ownerState, {
-          state: state
-        }),
-        ref: handleRef
-      }, childProps, {
-        children: /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseWrapper, {
-          ownerState: extends_extends({}, ownerState, {
-            state: state
-          }),
-          className: classes.wrapper,
-          ref: wrapperRef,
-          children: /*#__PURE__*/(0,jsx_runtime.jsx)(CollapseWrapperInner, {
-            ownerState: extends_extends({}, ownerState, {
-              state: state
-            }),
-            className: classes.wrapperInner,
-            children: _children
-          })
-        })
-      }));
-    }
-  }));
-});
- false ? 0 : void 0;
-Collapse.muiSupportAuto = true;
-/* harmony default export */ var Collapse_Collapse = (Collapse);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/useTreeItem.js
-
-
-function useTreeItem(nodeId) {
-  var _React$useContext = react.useContext(TreeView_TreeViewContext),
-    focus = _React$useContext.focus,
-    isExpanded = _React$useContext.isExpanded,
-    isExpandable = _React$useContext.isExpandable,
-    isFocused = _React$useContext.isFocused,
-    isDisabled = _React$useContext.isDisabled,
-    isSelected = _React$useContext.isSelected,
-    multiSelect = _React$useContext.multiSelect,
-    selectNode = _React$useContext.selectNode,
-    selectRange = _React$useContext.selectRange,
-    toggleExpansion = _React$useContext.toggleExpansion;
-  var expandable = isExpandable ? isExpandable(nodeId) : false;
-  var expanded = isExpanded ? isExpanded(nodeId) : false;
-  var focused = isFocused ? isFocused(nodeId) : false;
-  var disabled = isDisabled ? isDisabled(nodeId) : false;
-  var selected = isSelected ? isSelected(nodeId) : false;
-  var handleExpansion = function handleExpansion(event) {
-    if (!disabled) {
-      if (!focused) {
-        focus(event, nodeId);
-      }
-      var multiple = multiSelect && (event.shiftKey || event.ctrlKey || event.metaKey);
-
-      // If already expanded and trying to toggle selection don't close
-      if (expandable && !(multiple && isExpanded(nodeId))) {
-        toggleExpansion(event, nodeId);
-      }
-    }
-  };
-  var handleSelection = function handleSelection(event) {
-    if (!disabled) {
-      if (!focused) {
-        focus(event, nodeId);
-      }
-      var multiple = multiSelect && (event.shiftKey || event.ctrlKey || event.metaKey);
-      if (multiple) {
-        if (event.shiftKey) {
-          selectRange(event, {
-            end: nodeId
-          });
-        } else {
-          selectNode(event, nodeId, true);
-        }
-      } else {
-        selectNode(event, nodeId);
-      }
-    }
-  };
-  var preventSelection = function preventSelection(event) {
-    if (event.shiftKey || event.ctrlKey || event.metaKey || disabled) {
-      // Prevent text selection
-      event.preventDefault();
-    }
-  };
-  return {
-    disabled: disabled,
-    expanded: expanded,
-    selected: selected,
-    focused: focused,
-    handleExpansion: handleExpansion,
-    handleSelection: handleSelection,
-    preventSelection: preventSelection
-  };
-}
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/TreeItemContent.js
-
-
-var TreeItemContent_excluded = ["classes", "className", "displayIcon", "expansionIcon", "icon", "label", "nodeId", "onClick", "onMouseDown"];
-
-
-
-
-
-/**
- * @ignore - internal component.
- */
-
-
-var TreeItemContent = /*#__PURE__*/react.forwardRef(function TreeItemContent(props, ref) {
-  var classes = props.classes,
-    className = props.className,
-    displayIcon = props.displayIcon,
-    expansionIcon = props.expansionIcon,
-    iconProp = props.icon,
-    label = props.label,
-    nodeId = props.nodeId,
-    onClick = props.onClick,
-    onMouseDown = props.onMouseDown,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeItemContent_excluded);
-  var _useTreeItem = useTreeItem(nodeId),
-    disabled = _useTreeItem.disabled,
-    expanded = _useTreeItem.expanded,
-    selected = _useTreeItem.selected,
-    focused = _useTreeItem.focused,
-    handleExpansion = _useTreeItem.handleExpansion,
-    handleSelection = _useTreeItem.handleSelection,
-    preventSelection = _useTreeItem.preventSelection;
-  var icon = iconProp || expansionIcon || displayIcon;
-  var handleMouseDown = function handleMouseDown(event) {
-    preventSelection(event);
-    if (onMouseDown) {
-      onMouseDown(event);
-    }
-  };
-  var handleClick = function handleClick(event) {
-    handleExpansion(event);
-    handleSelection(event);
-    if (onClick) {
-      onClick(event);
-    }
-  };
-  return /*#__PURE__*/(
-    /* eslint-disable-next-line jsx-a11y/click-events-have-key-events,jsx-a11y/no-static-element-interactions -- Key event is handled by the TreeView */
-    (0,jsx_runtime.jsxs)("div", extends_extends({
-      className: clsx_m(className, classes.root, expanded && classes.expanded, selected && classes.selected, focused && classes.focused, disabled && classes.disabled),
-      onClick: handleClick,
-      onMouseDown: handleMouseDown,
-      ref: ref
-    }, other, {
-      children: [/*#__PURE__*/(0,jsx_runtime.jsx)("div", {
-        className: classes.iconContainer,
-        children: icon
-      }), /*#__PURE__*/(0,jsx_runtime.jsx)("div", {
-        className: classes.label,
-        children: label
-      })]
-    }))
-  );
-});
- false ? 0 : void 0;
-/* harmony default export */ var TreeItem_TreeItemContent = (TreeItemContent);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/treeItemClasses.js
-
-
-function getTreeItemUtilityClass(slot) {
-  return generateUtilityClass_generateUtilityClass('MuiTreeItem', slot);
-}
-var treeItemClasses = generateUtilityClasses('MuiTreeItem', ['root', 'group', 'content', 'expanded', 'selected', 'focused', 'disabled', 'iconContainer', 'label']);
-/* harmony default export */ var TreeItem_treeItemClasses = (treeItemClasses);
-;// CONCATENATED MODULE: ./node_modules/@mui/lab/TreeItem/TreeItem.js
-
-
-
-
-var TreeItem_excluded = ["children", "className", "collapseIcon", "ContentComponent", "ContentProps", "endIcon", "expandIcon", "disabled", "icon", "id", "label", "nodeId", "onClick", "onMouseDown", "TransitionComponent", "TransitionProps"];
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-var TreeItem_useUtilityClasses = function useUtilityClasses(ownerState) {
-  var classes = ownerState.classes;
-  var slots = {
-    root: ['root'],
-    content: ['content'],
-    expanded: ['expanded'],
-    selected: ['selected'],
-    focused: ['focused'],
-    disabled: ['disabled'],
-    iconContainer: ['iconContainer'],
-    label: ['label'],
-    group: ['group']
-  };
-  return composeClasses(slots, getTreeItemUtilityClass, classes);
-};
-var TreeItemRoot = styles_styled('li', {
-  name: 'MuiTreeItem',
-  slot: 'Root',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.root;
-  }
-})({
-  listStyle: 'none',
-  margin: 0,
-  padding: 0,
-  outline: 0
-});
-var StyledTreeItemContent = styles_styled(TreeItem_TreeItemContent, {
-  name: 'MuiTreeItem',
-  slot: 'Content',
-  overridesResolver: function overridesResolver(props, styles) {
-    return [styles.content, styles.iconContainer && defineProperty_defineProperty({}, "& .".concat(TreeItem_treeItemClasses.iconContainer), styles.iconContainer), styles.label && defineProperty_defineProperty({}, "& .".concat(TreeItem_treeItemClasses.label), styles.label)];
-  }
-})(function (_ref3) {
-  var _ref4;
-  var theme = _ref3.theme;
-  return _ref4 = {
-    padding: '0 8px',
-    width: '100%',
-    display: 'flex',
-    alignItems: 'center',
-    cursor: 'pointer',
-    WebkitTapHighlightColor: 'transparent',
-    '&:hover': {
-      backgroundColor: (theme.vars || theme).palette.action.hover,
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: 'transparent'
-      }
-    }
-  }, defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.disabled), {
-    opacity: (theme.vars || theme).palette.action.disabledOpacity,
-    backgroundColor: 'transparent'
-  }), defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.focused), {
-    backgroundColor: (theme.vars || theme).palette.action.focus
-  }), defineProperty_defineProperty(_ref4, "&.".concat(TreeItem_treeItemClasses.selected), defineProperty_defineProperty({
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity),
-    '&:hover': {
-      backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.hoverOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.hoverOpacity),
-      // Reset on touch devices, it doesn't add specificity
-      '@media (hover: none)': {
-        backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / ").concat(theme.vars.palette.action.selectedOpacity, ")") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity)
-      }
-    }
-  }, "&.".concat(TreeItem_treeItemClasses.focused), {
-    backgroundColor: theme.vars ? "rgba(".concat(theme.vars.palette.primary.mainChannel, " / calc(").concat(theme.vars.palette.action.selectedOpacity, " + ").concat(theme.vars.palette.action.focusOpacity, "))") : alpha(theme.palette.primary.main, theme.palette.action.selectedOpacity + theme.palette.action.focusOpacity)
-  })), defineProperty_defineProperty(_ref4, "& .".concat(TreeItem_treeItemClasses.iconContainer), {
-    marginRight: 4,
-    width: 15,
-    display: 'flex',
-    flexShrink: 0,
-    justifyContent: 'center',
-    '& svg': {
-      fontSize: 18
-    }
-  }), defineProperty_defineProperty(_ref4, "& .".concat(TreeItem_treeItemClasses.label), extends_extends({
-    width: '100%',
-    // fixes overflow - see https://github.com/mui/material-ui/issues/27372
-    minWidth: 0,
-    paddingLeft: 4,
-    position: 'relative'
-  }, theme.typography.body1)), _ref4;
-});
-var TreeItemGroup = styles_styled(Collapse_Collapse, {
-  name: 'MuiTreeItem',
-  slot: 'Group',
-  overridesResolver: function overridesResolver(props, styles) {
-    return styles.group;
-  }
-})({
-  margin: 0,
-  padding: 0,
-  marginLeft: 17
-});
-var TreeItem = /*#__PURE__*/react.forwardRef(function TreeItem(inProps, ref) {
-  var props = useThemeProps_useThemeProps({
-    props: inProps,
-    name: 'MuiTreeItem'
-  });
-  var children = props.children,
-    className = props.className,
-    collapseIcon = props.collapseIcon,
-    _props$ContentCompone = props.ContentComponent,
-    ContentComponent = _props$ContentCompone === void 0 ? TreeItem_TreeItemContent : _props$ContentCompone,
-    ContentProps = props.ContentProps,
-    endIcon = props.endIcon,
-    expandIcon = props.expandIcon,
-    disabledProp = props.disabled,
-    icon = props.icon,
-    idProp = props.id,
-    label = props.label,
-    nodeId = props.nodeId,
-    onClick = props.onClick,
-    onMouseDown = props.onMouseDown,
-    _props$TransitionComp = props.TransitionComponent,
-    TransitionComponent = _props$TransitionComp === void 0 ? Collapse_Collapse : _props$TransitionComp,
-    TransitionProps = props.TransitionProps,
-    other = objectWithoutPropertiesLoose_objectWithoutPropertiesLoose(props, TreeItem_excluded);
-  var _React$useContext = react.useContext(TreeView_TreeViewContext),
-    _React$useContext$ico = _React$useContext.icons,
-    contextIcons = _React$useContext$ico === void 0 ? {} : _React$useContext$ico,
-    focus = _React$useContext.focus,
-    isExpanded = _React$useContext.isExpanded,
-    isFocused = _React$useContext.isFocused,
-    isSelected = _React$useContext.isSelected,
-    isDisabled = _React$useContext.isDisabled,
-    multiSelect = _React$useContext.multiSelect,
-    disabledItemsFocusable = _React$useContext.disabledItemsFocusable,
-    mapFirstChar = _React$useContext.mapFirstChar,
-    unMapFirstChar = _React$useContext.unMapFirstChar,
-    registerNode = _React$useContext.registerNode,
-    unregisterNode = _React$useContext.unregisterNode,
-    treeId = _React$useContext.treeId;
-  var id = null;
-  if (idProp != null) {
-    id = idProp;
-  } else if (treeId && nodeId) {
-    id = "".concat(treeId, "-").concat(nodeId);
-  }
-  var _React$useState = react.useState(null),
-    _React$useState2 = slicedToArray_slicedToArray(_React$useState, 2),
-    treeitemElement = _React$useState2[0],
-    setTreeitemElement = _React$useState2[1];
-  var contentRef = react.useRef(null);
-  var handleRef = utils_useForkRef(setTreeitemElement, ref);
-  var descendant = react.useMemo(function () {
-    return {
-      element: treeitemElement,
-      id: nodeId
-    };
-  }, [nodeId, treeitemElement]);
-  var _useDescendant = useDescendant(descendant),
-    index = _useDescendant.index,
-    parentId = _useDescendant.parentId;
-  var expandable = Boolean(Array.isArray(children) ? children.length : children);
-  var expanded = isExpanded ? isExpanded(nodeId) : false;
-  var focused = isFocused ? isFocused(nodeId) : false;
-  var selected = isSelected ? isSelected(nodeId) : false;
-  var disabled = isDisabled ? isDisabled(nodeId) : false;
-  var ownerState = extends_extends({}, props, {
-    expanded: expanded,
-    focused: focused,
-    selected: selected,
-    disabled: disabled
-  });
-  var classes = TreeItem_useUtilityClasses(ownerState);
-  var displayIcon;
-  var expansionIcon;
-  if (expandable) {
-    if (!expanded) {
-      expansionIcon = expandIcon || contextIcons.defaultExpandIcon;
-    } else {
-      expansionIcon = collapseIcon || contextIcons.defaultCollapseIcon;
-    }
-  }
-  if (expandable) {
-    displayIcon = contextIcons.defaultParentIcon;
-  } else {
-    displayIcon = endIcon || contextIcons.defaultEndIcon;
-  }
-  react.useEffect(function () {
-    // On the first render a node's index will be -1. We want to wait for the real index.
-    if (registerNode && unregisterNode && index !== -1) {
-      registerNode({
-        id: nodeId,
-        idAttribute: id,
-        index: index,
-        parentId: parentId,
-        expandable: expandable,
-        disabled: disabledProp
-      });
-      return function () {
-        unregisterNode(nodeId);
-      };
-    }
-    return undefined;
-  }, [registerNode, unregisterNode, parentId, index, nodeId, expandable, disabledProp, id]);
-  react.useEffect(function () {
-    if (mapFirstChar && unMapFirstChar && label) {
-      mapFirstChar(nodeId, contentRef.current.textContent.substring(0, 1).toLowerCase());
-      return function () {
-        unMapFirstChar(nodeId);
-      };
-    }
-    return undefined;
-  }, [mapFirstChar, unMapFirstChar, nodeId, label]);
-  var ariaSelected;
-  if (multiSelect) {
-    ariaSelected = selected;
-  } else if (selected) {
-    /* single-selection trees unset aria-selected on un-selected items.
-     *
-     * If the tree does not support multiple selection, aria-selected
-     * is set to true for the selected node and it is not present on any other node in the tree.
-     * Source: https://www.w3.org/WAI/ARIA/apg/patterns/treeview/
-     */
-    ariaSelected = true;
-  }
-  function handleFocus(event) {
-    // DOM focus stays on the tree which manages focus with aria-activedescendant
-    if (event.target === event.currentTarget) {
-      var rootElement;
-      if (typeof event.target.getRootNode === 'function') {
-        rootElement = event.target.getRootNode();
-      } else {
-        rootElement = utils_ownerDocument(event.target);
-      }
-      rootElement.getElementById(treeId).focus({
-        preventScroll: true
-      });
-    }
-    var unfocusable = !disabledItemsFocusable && disabled;
-    if (!focused && event.currentTarget === event.target && !unfocusable) {
-      focus(event, nodeId);
-    }
-  }
-  return /*#__PURE__*/(0,jsx_runtime.jsxs)(TreeItemRoot, extends_extends({
-    className: clsx_m(classes.root, className),
-    role: "treeitem",
-    "aria-expanded": expandable ? expanded : null,
-    "aria-selected": ariaSelected,
-    "aria-disabled": disabled || null,
-    ref: handleRef,
-    id: id,
-    tabIndex: -1
-  }, other, {
-    ownerState: ownerState,
-    onFocus: handleFocus,
-    children: [/*#__PURE__*/(0,jsx_runtime.jsx)(StyledTreeItemContent, extends_extends({
-      as: ContentComponent,
-      ref: contentRef,
-      classes: {
-        root: classes.content,
-        expanded: classes.expanded,
-        selected: classes.selected,
-        focused: classes.focused,
-        disabled: classes.disabled,
-        iconContainer: classes.iconContainer,
-        label: classes.label
-      },
-      label: label,
-      nodeId: nodeId,
-      onClick: onClick,
-      onMouseDown: onMouseDown,
-      icon: icon,
-      expansionIcon: expansionIcon,
-      displayIcon: displayIcon,
-      ownerState: ownerState
-    }, ContentProps)), children && /*#__PURE__*/(0,jsx_runtime.jsx)(DescendantProvider, {
-      id: nodeId,
-      children: /*#__PURE__*/(0,jsx_runtime.jsx)(TreeItemGroup, extends_extends({
-        as: TransitionComponent,
-        unmountOnExit: true,
-        className: classes.group,
-        in: expanded,
-        component: "ul",
-        role: "group"
-      }, TransitionProps, {
-        children: children
-      }))
-    })]
-  }));
-});
- false ? 0 : void 0;
-/* harmony default export */ var TreeItem_TreeItem = (TreeItem);
-;// CONCATENATED MODULE: ./src/components/result-view/NodeStatusFilter.tsx
-function FilterNode(node,activeFilters){var _node$diffStatus,_node$healthStatus,_node$healthStatus2;var hasChanges=(_node$diffStatus=node.diffStatus)===null||_node$diffStatus===void 0?void 0:_node$diffStatus.hasDiffs();var hasErrorsOrWarnings=((_node$healthStatus=node.healthStatus)===null||_node$healthStatus===void 0?void 0:_node$healthStatus.errors.length)||((_node$healthStatus2=node.healthStatus)===null||_node$healthStatus2===void 0?void 0:_node$healthStatus2.warnings.length);if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyImportant&&!hasChanges&&!hasErrorsOrWarnings){return false;}if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyChanged&&!hasChanges){return false;}if(activeFilters!==null&&activeFilters!==void 0&&activeFilters.onlyWithErrorsOrWarnings&&!hasErrorsOrWarnings){return false;}return true;}var FilterButton=function FilterButton(props){var handleClick=function handleClick(){props.handler(!props.active);};var Icon=props.Icon;var chipColor=props.active?props.color:"default";return/*#__PURE__*/_jsx(Tooltip,{title:props.tooltip,children:/*#__PURE__*/_jsx(Chip,{variant:"filled",color:chipColor,label:/*#__PURE__*/_jsx(Icon,{color:props.active?undefined:props.color,htmlColor:props.active?"white":undefined}),onClick:handleClick,sx:{"& .MuiChip-label":{display:"flex",justifyContent:"center",alignItems:"center"}}})});};var NodeStatusFilter=function NodeStatusFilter(props){var _useState=useState({onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false}),_useState2=_slicedToArray(_useState,2),activeFilters=_useState2[0],setActiveFilters=_useState2[1];var doSetActiveFilters=function doSetActiveFilters(newActiveFilters){setActiveFilters(newActiveFilters);props.onFilterChange(newActiveFilters);};return/*#__PURE__*/_jsxs(Box,{display:"flex",flexDirection:"column",alignItems:"center",children:["Filters",/*#__PURE__*/_jsxs(Box,{display:"flex",alignItems:"center",gap:"5px",children:[/*#__PURE__*/_jsx(FilterButton,{Icon:Grade,tooltip:"Only important (changed or with errors/warnings)",color:"secondary",active:activeFilters.onlyImportant,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyImportant:active}));}}),/*#__PURE__*/_jsx(FilterButton,{Icon:AutoFixHigh,tooltip:"Only with changed",color:"secondary",active:activeFilters.onlyChanged,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyChanged:active}));}}),/*#__PURE__*/_jsx(FilterButton,{Icon:ErrorOutline,tooltip:"Only with errors or warnings",color:"error",active:activeFilters.onlyWithErrorsOrWarnings,handler:function handler(active){doSetActiveFilters(_objectSpread(_objectSpread({},activeFilters),{},{onlyWithErrorsOrWarnings:active}));}})]})]});};
-;// CONCATENATED MODULE: ./src/components/result-view/CommandResultTree.tsx
-var CommandResultTree=function CommandResultTree(props){var theme=styles_useTheme_useTheme();var _useState=(0,react.useState)(["root"]),_useState2=slicedToArray_slicedToArray(_useState,2),expanded=_useState2[0],setExpanded=_useState2[1];var _useMemo=(0,react.useMemo)(function(){if(!props.commandResultProps){return[undefined,undefined];}var builder=new NodeBuilder(props.commandResultProps);return builder.buildRoot();},[props.commandResultProps]),_useMemo2=slicedToArray_slicedToArray(_useMemo,1),rootNode=_useMemo2[0];var handleToggle=function handleToggle(event,nodeIds){setExpanded(nodeIds);};var handleDoubleClick=function handleDoubleClick(e,node){if(expanded.includes(node.id)){setExpanded(expanded.filter(function(item){return item!==node.id;}));}else{setExpanded([].concat(toConsumableArray_toConsumableArray(expanded),[node.id]));}e.stopPropagation();};var handleItemClick=function handleItemClick(e,node){props.onSelectNode(node);e.stopPropagation();};var renderTree=function renderTree(nodes){if(!FilterNode(nodes,props.activeFilters)){return null;}return/*#__PURE__*/(0,jsx_runtime.jsx)(TreeItem_TreeItem,{nodeId:nodes.id,label:/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",onClick:function onClick(e){return handleItemClick(e,nodes);},pl:"22px",height:"100%",flex:"1 1 auto",position:"relative",children:[nodes.children.length!==0&&/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',position:'absolute',left:0}}),nodes.buildTreeItem(nodes.children.length!==0)]}),sx:{'& .MuiTreeItem-content':{height:'78px',borderBottom:"0.5px solid ".concat(theme.palette.secondary.main),padding:0,overflow:'hidden','& .MuiTreeItem-iconContainer':{width:'50px',height:'50px',flex:'0 0 auto',margin:0,padding:0,display:nodes.children.length!==0?'flex':'none',justifyContent:'center',alignItems:'center'},'& .MuiTreeItem-label':{height:'100%',margin:0,padding:0,flex:'1 1 auto',display:'flex',alignItems:'center'}},'& .MuiTreeItem-group':{margin:'0 0 0 38px'}},onDoubleClick:function onDoubleClick(e){return handleDoubleClick(e,nodes);},children:Array.isArray(nodes.children)?nodes.children.map(function(node){return renderTree(node);}):null},nodes.id);};if(!rootNode){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}return/*#__PURE__*/(0,jsx_runtime.jsx)(Paper_Paper,{sx:{padding:'20px 40px'},children:/*#__PURE__*/(0,jsx_runtime.jsx)(TreeView_TreeView,{expanded:expanded,onNodeToggle:handleToggle,"aria-label":"rich object",defaultCollapseIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleDownIcon,{}),defaultExpandIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(TriangleRightIcon,{}),sx:{width:"100%"},children:renderTree(rootNode)})});};/* harmony default export */ var result_view_CommandResultTree = (CommandResultTree);
-;// CONCATENATED MODULE: ./src/components/result-view/CommandResultView.tsx
-function doLoadCommandResult(_x,_x2){return _doLoadCommandResult.apply(this,arguments);}function _doLoadCommandResult(){_doLoadCommandResult=asyncToGenerator_asyncToGenerator(/*#__PURE__*/regeneratorRuntime_regeneratorRuntime().mark(function _callee(api,resultId){var shortNames,rs,result;return regeneratorRuntime_regeneratorRuntime().wrap(function _callee$(_context){while(1)switch(_context.prev=_context.next){case 0:_context.next=2;return api.getShortNames();case 2:shortNames=_context.sent;_context.next=5;return api.getResultSummary(resultId);case 5:rs=_context.sent;_context.next=8;return api.getResult(resultId);case 8:result=_context.sent;return _context.abrupt("return",{shortNames:shortNames,summary:rs,commandResult:result});case 10:case"end":return _context.stop();}},_callee);}));return _doLoadCommandResult.apply(this,arguments);}var FilterCheckbox=function FilterCheckbox(props){var text=props.text,checked=props.checked,Icon=props.Icon,onChange=props.onChange;return/*#__PURE__*/(0,jsx_runtime.jsx)(FormControlLabel_FormControlLabel,{sx:{display:'flex',justifyContent:'center',alignItems:'center',margin:0,padding:0},control:/*#__PURE__*/(0,jsx_runtime.jsx)(Checkbox_Checkbox,{checked:checked,sx:{display:'flex',justifyContent:'center',alignItems:'center'},onChange:onChange,icon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxIcon,{}),checkedIcon:/*#__PURE__*/(0,jsx_runtime.jsx)(CheckboxCheckedIcon,{})}),slotProps:{typography:{sx:{display:'flex',justifyContent:'center',alignItems:'center',gap:'10px'}}},label:/*#__PURE__*/(0,jsx_runtime.jsxs)(jsx_runtime.Fragment,{children:[/*#__PURE__*/(0,jsx_runtime.jsx)(Typography_Typography,{variant:"h2",children:text}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{flex:"0 0 auto",display:"flex",alignItems:"center",justifyContent:"center",children:/*#__PURE__*/(0,jsx_runtime.jsx)(Icon,{})})]})});};function DetailsDrawer(props){return/*#__PURE__*/(0,jsx_runtime.jsx)(styles_ThemeProvider_ThemeProvider,{theme:theme_dark,children:/*#__PURE__*/(0,jsx_runtime.jsx)(Drawer_Drawer,{sx:{zIndex:1300},anchor:"right",open:props.nodeData!==undefined,onClose:props.onClose,ModalProps:{BackdropProps:{invisible:true}},children:/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{width:"720px",height:"100%",children:/*#__PURE__*/(0,jsx_runtime.jsx)(SidePanel,{provider:props.nodeData,onClose:props.onClose})})})});}var defaultFilters={onlyImportant:false,onlyChanged:false,onlyWithErrorsOrWarnings:false};var CommandResultView=function CommandResultView(){var _context$filters,_context$filters2,_context$filters3;var context=useAppOutletContext();var api=(0,react.useContext)(ApiContext);var _useState=(0,react.useState)(),_useState2=slicedToArray_slicedToArray(_useState,2),sidePanelNode=_useState2[0],setSidePanelNode=_useState2[1];var _useParams=useParams(),id=_useParams.id;var _useLoadingHelper=useLoadingHelper(function(){if(!id){return Promise.resolve(undefined);}return doLoadCommandResult(api,id);},[id]),_useLoadingHelper2=slicedToArray_slicedToArray(_useLoadingHelper,3),loading=_useLoadingHelper2[0],loadingError=_useLoadingHelper2[1],commandResultProps=_useLoadingHelper2[2];var divider=/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{orientation:"vertical",sx:{height:'40px',margin:'0 20px 0 30px'}});var handleFilterChange=function handleFilterChange(filter){return function(_,checked){context.setFilters(function(fs){return _objectSpread2(_objectSpread2({},fs||defaultFilters),{},defineProperty_defineProperty({},filter,checked));});};};if(loading){return/*#__PURE__*/(0,jsx_runtime.jsx)(Loading,{});}else if(loadingError){return/*#__PURE__*/(0,jsx_runtime.jsx)(jsx_runtime.Fragment,{children:"Error"});}return/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{width:"100%",height:"100%",display:"flex",flexDirection:"column",overflow:"hidden",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(DetailsDrawer,{nodeData:sidePanelNode,onClose:function onClose(){return setSidePanelNode(undefined);}}),/*#__PURE__*/(0,jsx_runtime.jsxs)(material_Box_Box,{display:"flex",alignItems:"center",minHeight:"70px",p:"0 40px",children:[/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only important",checked:!!((_context$filters=context.filters)!==null&&_context$filters!==void 0&&_context$filters.onlyImportant),Icon:StarIcon,onChange:handleFilterChange('onlyImportant')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with changes",checked:!!((_context$filters2=context.filters)!==null&&_context$filters2!==void 0&&_context$filters2.onlyChanged),Icon:ChangesIcon,onChange:handleFilterChange('onlyChanged')}),divider,/*#__PURE__*/(0,jsx_runtime.jsx)(FilterCheckbox,{text:"Only with errors and warnings",checked:!!((_context$filters3=context.filters)!==null&&_context$filters3!==void 0&&_context$filters3.onlyWithErrorsOrWarnings),Icon:WarningSignIcon,onChange:handleFilterChange('onlyWithErrorsOrWarnings')})]}),/*#__PURE__*/(0,jsx_runtime.jsx)(Divider_Divider,{sx:{margin:'0 40px'}}),/*#__PURE__*/(0,jsx_runtime.jsx)(material_Box_Box,{p:"25px 40px",overflow:"auto",children:/*#__PURE__*/(0,jsx_runtime.jsx)(result_view_CommandResultTree,{commandResultProps:commandResultProps,onSelectNode:setSidePanelNode,activeFilters:context.filters})})]});};
-;// CONCATENATED MODULE: ./src/components/Router.tsx
-function ErrorPage(){var error=useRouteError();return/*#__PURE__*/(0,jsx_runtime.jsxs)("div",{id:"error-page",children:[/*#__PURE__*/(0,jsx_runtime.jsx)("h1",{children:"Oops!"}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:"Sorry, an unexpected error has occurred."}),/*#__PURE__*/(0,jsx_runtime.jsx)("p",{children:/*#__PURE__*/(0,jsx_runtime.jsx)("i",{children:error.statusText||error.message})})]});}var Router_Router=createHashRouter([{path:"/",element:/*#__PURE__*/(0,jsx_runtime.jsx)(components_App,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{}),children:[{path:"targets",element:/*#__PURE__*/(0,jsx_runtime.jsx)(TargetsView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})},{path:"results/:id",element:/*#__PURE__*/(0,jsx_runtime.jsx)(CommandResultView,{}),errorElement:/*#__PURE__*/(0,jsx_runtime.jsx)(ErrorPage,{})}]}]);
-;// CONCATENATED MODULE: ./src/index.tsx
-var root=client.createRoot(document.getElementById('root'));root.render(/*#__PURE__*/(0,jsx_runtime.jsx)(react.StrictMode,{children:/*#__PURE__*/(0,jsx_runtime.jsx)(RouterProvider,{router:Router_Router})}));// If you want to start measuring performance in your app, pass a function
-// to log results (for example: reportWebVitals(console.log))
-// or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals
-src_reportWebVitals();
-}();
-/******/ })()
-;
-//# sourceMappingURL=main.js.map?h=78c4c4c483e67ca4e22633b40ed284568a0c099b2867977f835076fe1c0315b5
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/added.svg b/pkg/webui/ui/build/static/media/added.svg
deleted file mode 100644
index 1086507eb..000000000
--- a/pkg/webui/ui/build/static/media/added.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M21.74 9.44H2V6.42C2 3.98 3.98 2 6.42 2H8.75C10.38 2 10.89 2.53 11.54 3.4L12.94 5.26C13.25 5.67 13.29 5.73 13.87 5.73H16.66C19.03 5.72 21.05 7.28 21.74 9.44Z" fill="#39403E"/>
-<path d="M21.99 10.84C21.97 10.35 21.89 9.89 21.74 9.44H2V16.65C2 19.6 4.4 22 7.35 22H16.65C19.6 22 22 19.6 22 16.65V11.07C22 11 22 10.91 21.99 10.84ZM14.5 16.25H12.81V18C12.81 18.41 12.47 18.75 12.06 18.75C11.65 18.75 11.31 18.41 11.31 18V16.25H9.5C9.09 16.25 8.75 15.91 8.75 15.5C8.75 15.09 9.09 14.75 9.5 14.75H11.31V13C11.31 12.59 11.65 12.25 12.06 12.25C12.47 12.25 12.81 12.59 12.81 13V14.75H14.5C14.91 14.75 15.25 15.09 15.25 15.5C15.25 15.91 14.91 16.25 14.5 16.25Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/arrow-left.svg b/pkg/webui/ui/build/static/media/arrow-left.svg
deleted file mode 100644
index 5f8ccdd11..000000000
--- a/pkg/webui/ui/build/static/media/arrow-left.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M20.0002 36.6666C29.2049 36.6666 36.6668 29.2047 36.6668 19.9999C36.6668 10.7952 29.2049 3.33325 20.0002 3.33325C10.7954 3.33325 3.3335 10.7952 3.3335 19.9999C3.3335 29.2047 10.7954 36.6666 20.0002 36.6666Z" fill="#222222"/>
-<path d="M25.8334 18.75L17.1834 18.75L20.0501 15.8833C20.5334 15.4 20.5334 14.6 20.0501 14.1167C19.5667 13.6333 18.7667 13.6333 18.2834 14.1167L13.2834 19.1166C12.8001 19.6 12.8001 20.4 13.2834 20.8833L18.2834 25.8833C18.5334 26.1333 18.8501 26.25 19.1667 26.25C19.4834 26.25 19.8001 26.1333 20.0501 25.8833C20.5334 25.4 20.5334 24.6 20.0501 24.1166L17.1834 21.25L25.8334 21.25C26.5167 21.25 27.0834 20.6833 27.0834 20C27.0834 19.3166 26.5167 18.75 25.8334 18.75Z" fill="#222222"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/brackets-curly.svg b/pkg/webui/ui/build/static/media/brackets-curly.svg
deleted file mode 100644
index c0ead2b85..000000000
--- a/pkg/webui/ui/build/static/media/brackets-curly.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M5.23739 16.24C4.78139 16.24 4.38539 16.156 4.04939 15.988C3.72539 15.82 3.47939 15.568 3.31139 15.232C3.14339 14.908 3.05939 14.518 3.05939 14.062V10.57C3.05939 10.078 2.96939 9.724 2.78939 9.508C2.62139 9.28 2.30939 9.16 1.85339 9.148C1.62539 9.136 1.44539 9.046 1.31339 8.878C1.18139 8.71 1.11539 8.506 1.11539 8.266C1.11539 8.026 1.18139 7.828 1.31339 7.672C1.44539 7.504 1.62539 7.414 1.85339 7.402C2.30939 7.378 2.62139 7.258 2.78939 7.042C2.96939 6.814 3.05939 6.46 3.05939 5.98V2.488C3.05939 1.792 3.24539 1.258 3.61739 0.885999C4.00139 0.501999 4.54139 0.309999 5.23739 0.309999H6.51539C6.79139 0.309999 7.01339 0.393999 7.18139 0.561999C7.36139 0.717999 7.45139 0.915999 7.45139 1.156C7.45139 1.396 7.37939 1.6 7.23539 1.768C7.09139 1.924 6.89939 2.002 6.65939 2.002H6.02939C5.78939 2.002 5.60939 2.068 5.48939 2.2C5.36939 2.332 5.30939 2.53 5.30939 2.794V6.25C5.30939 6.622 5.23139 6.964 5.07539 7.276C4.91939 7.588 4.70939 7.84 4.44539 8.032C4.19339 8.224 3.90539 8.32 3.58139 8.32V8.248C3.90539 8.248 4.19339 8.344 4.44539 8.536C4.70939 8.716 4.91939 8.962 5.07539 9.274C5.23139 9.586 5.30939 9.928 5.30939 10.3V13.756C5.30939 14.02 5.36939 14.218 5.48939 14.35C5.60939 14.482 5.78939 14.548 6.02939 14.548H6.65939C6.89939 14.548 7.09139 14.626 7.23539 14.782C7.37939 14.95 7.45139 15.154 7.45139 15.394C7.45139 15.634 7.36139 15.832 7.18139 15.988C7.01339 16.156 6.79139 16.24 6.51539 16.24H5.23739ZM14.4914 16.24C14.2274 16.24 14.0054 16.156 13.8254 15.988C13.6454 15.832 13.5554 15.634 13.5554 15.394C13.5554 15.154 13.6274 14.95 13.7714 14.782C13.9154 14.626 14.1074 14.548 14.3474 14.548H14.9774C15.2174 14.548 15.3974 14.482 15.5174 14.35C15.6374 14.218 15.6974 14.02 15.6974 13.756V10.3C15.6974 9.928 15.7754 9.586 15.9314 9.274C16.0874 8.962 16.2974 8.71 16.5614 8.518C16.8254 8.326 17.1134 8.23 17.4254 8.23V8.302C17.1134 8.302 16.8254 8.212 16.5614 8.032C16.2974 7.84 16.0874 7.588 15.9314 7.276C15.7754 6.964 15.6974 6.622 15.6974 6.25V2.794C15.6974 2.53 15.6374 2.332 15.5174 2.2C15.3974 2.068 15.2174 2.002 14.9774 2.002H14.3474C14.1074 2.002 13.9154 1.924 13.7714 1.768C13.6274 1.6 13.5554 1.396 13.5554 1.156C13.5554 0.915999 13.6454 0.717999 13.8254 0.561999C14.0054 0.393999 14.2274 0.309999 14.4914 0.309999H15.7694C16.2374 0.309999 16.6334 0.393999 16.9574 0.561999C17.2814 0.729999 17.5274 0.975999 17.6954 1.3C17.8634 1.624 17.9474 2.02 17.9474 2.488V5.98C17.9474 6.46 18.0374 6.814 18.2174 7.042C18.3974 7.258 18.7094 7.378 19.1534 7.402C19.3934 7.414 19.5734 7.504 19.6934 7.672C19.8254 7.84 19.8914 8.044 19.8914 8.284C19.8914 8.512 19.8254 8.71 19.6934 8.878C19.5734 9.046 19.3934 9.136 19.1534 9.148C18.7094 9.16 18.3974 9.28 18.2174 9.508C18.0374 9.724 17.9474 10.078 17.9474 10.57V14.062C17.9474 14.758 17.7554 15.292 17.3714 15.664C16.9994 16.048 16.4654 16.24 15.7694 16.24H14.4914Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/brackets-square.svg b/pkg/webui/ui/build/static/media/brackets-square.svg
deleted file mode 100644
index ab82bf02c..000000000
--- a/pkg/webui/ui/build/static/media/brackets-square.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="22" height="18" viewBox="0 0 22 18" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M3.79484 17.8617C3.50151 17.8617 3.24818 17.7617 3.03484 17.5617C2.83484 17.3617 2.73484 17.1151 2.73484 16.8217V1.20172C2.73484 0.895051 2.83484 0.648384 3.03484 0.461718C3.24818 0.261718 3.50151 0.161718 3.79484 0.161718H6.65484C6.96151 0.161718 7.19484 0.255051 7.35484 0.441718C7.52818 0.615051 7.61484 0.835051 7.61484 1.10172C7.61484 1.36838 7.52818 1.59505 7.35484 1.78172C7.19484 1.95505 6.96151 2.04172 6.65484 2.04172H5.23484V15.9817H6.65484C6.96151 15.9817 7.19484 16.0684 7.35484 16.2417C7.52818 16.4284 7.61484 16.6551 7.61484 16.9217C7.61484 17.1884 7.52818 17.4084 7.35484 17.5817C7.19484 17.7684 6.96151 17.8617 6.65484 17.8617H3.79484ZM15.3548 17.8617C15.0615 17.8617 14.8282 17.7684 14.6548 17.5817C14.4815 17.4084 14.3948 17.1884 14.3948 16.9217C14.3948 16.6551 14.4815 16.4284 14.6548 16.2417C14.8282 16.0684 15.0615 15.9817 15.3548 15.9817H16.7748V2.04172H15.3548C15.0615 2.04172 14.8282 1.95505 14.6548 1.78172C14.4815 1.59505 14.3948 1.36838 14.3948 1.10172C14.3948 0.835051 14.4815 0.615051 14.6548 0.441718C14.8282 0.255051 15.0615 0.161718 15.3548 0.161718H18.2148C18.5215 0.161718 18.7748 0.261718 18.9748 0.461718C19.1748 0.648384 19.2748 0.895051 19.2748 1.20172V16.8217C19.2748 17.1151 19.1748 17.3617 18.9748 17.5617C18.7748 17.7617 18.5215 17.8617 18.2148 17.8617H15.3548Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/changed.svg b/pkg/webui/ui/build/static/media/changed.svg
deleted file mode 100644
index 5ee26bbe6..000000000
--- a/pkg/webui/ui/build/static/media/changed.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M18.5698 22H13.9998C11.7098 22 10.5698 20.86 10.5698 18.57V11.43C10.5698 9.14 11.7098 8 13.9998 8H18.5698C20.8598 8 21.9998 9.14 21.9998 11.43V18.57C21.9998 20.86 20.8598 22 18.5698 22Z" fill="#39403E"/>
-<path d="M13.43 5.43V6.77C10.81 6.98 9.32 8.66 9.32 11.43V16H5.43C3.14 16 2 14.86 2 12.57V5.43C2 3.14 3.14 2 5.43 2H10C12.29 2 13.43 3.14 13.43 5.43Z" fill="#39403E"/>
-<path d="M18.1301 14.25H17.2501V13.37C17.2501 12.96 16.9101 12.62 16.5001 12.62C16.0901 12.62 15.7501 12.96 15.7501 13.37V14.25H14.8701C14.4601 14.25 14.1201 14.59 14.1201 15C14.1201 15.41 14.4601 15.75 14.8701 15.75H15.7501V16.63C15.7501 17.04 16.0901 17.38 16.5001 17.38C16.9101 17.38 17.2501 17.04 17.2501 16.63V15.75H18.1301C18.5401 15.75 18.8801 15.41 18.8801 15C18.8801 14.59 18.5401 14.25 18.1301 14.25Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/changes.svg b/pkg/webui/ui/build/static/media/changes.svg
deleted file mode 100644
index fe25e1e1f..000000000
--- a/pkg/webui/ui/build/static/media/changes.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M18.375 19.25H2.625C2.26625 19.25 1.96875 18.9525 1.96875 18.5938C1.96875 18.235 2.26625 17.9375 2.625 17.9375H18.375C18.7337 17.9375 19.0312 18.235 19.0312 18.5938C19.0312 18.9525 18.7337 19.25 18.375 19.25Z" fill="#222222"/>
-<path opacity="0.4" d="M16.6423 3.04495C14.9448 1.34745 13.2823 1.3037 11.541 3.04495L10.4823 4.1037C10.3948 4.1912 10.3598 4.3312 10.3948 4.4537C11.0598 6.77245 12.9148 8.62745 15.2335 9.29245C15.2685 9.3012 15.3035 9.30995 15.3385 9.30995C15.4348 9.30995 15.5223 9.27495 15.5923 9.20496L16.6423 8.1462C17.5085 7.2887 17.9285 6.45745 17.9285 5.61745C17.9373 4.7512 17.5173 3.9112 16.6423 3.04495Z" fill="#222222"/>
-<path d="M13.6588 10.0887C13.405 9.9662 13.16 9.8437 12.9238 9.7037C12.7313 9.58995 12.5475 9.46745 12.3638 9.3362C12.215 9.23995 12.04 9.09995 11.8738 8.95995C11.8563 8.9512 11.795 8.8987 11.725 8.8287C11.4363 8.5837 11.1125 8.2687 10.8238 7.9187C10.7975 7.9012 10.7538 7.83995 10.6925 7.7612C10.605 7.6562 10.4563 7.4812 10.325 7.27995C10.22 7.1487 10.0975 6.9562 9.98378 6.7637C9.84378 6.52745 9.72129 6.2912 9.59879 6.0462C9.47629 5.7837 9.38003 5.52995 9.29253 5.2937L3.79753 10.7887C3.68378 10.9025 3.57878 11.1212 3.55253 11.27L3.08003 14.6212C2.99253 15.2162 3.15878 15.7762 3.52628 16.1524C3.84129 16.4587 4.27878 16.625 4.75128 16.625C4.85628 16.625 4.96128 16.6162 5.06628 16.5987L8.42629 16.1262C8.58379 16.1 8.80254 15.995 8.90754 15.8812L14.4025 10.3862C14.1575 10.2987 13.9213 10.2025 13.6588 10.0887Z" fill="#222222"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox-checked.svg b/pkg/webui/ui/build/static/media/checkbox-checked.svg
deleted file mode 100644
index f9e6a1557..000000000
--- a/pkg/webui/ui/build/static/media/checkbox-checked.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<rect x="3" y="3" width="18" height="18" rx="5" fill="#001628"/>
-<path d="M9.70711 11.2929C9.31658 10.9024 8.68342 10.9024 8.29289 11.2929C7.90237 11.6834 7.90237 12.3166 8.29289 12.7071L10.2929 14.7071C10.6834 15.0976 11.3166 15.0976 11.7071 14.7071L15.7071 10.7071C16.0976 10.3166 16.0976 9.68342 15.7071 9.29289C15.3166 8.90237 14.6834 8.90237 14.2929 9.29289L11 12.5858L9.70711 11.2929Z" fill="#DFEBE9"/>
-<rect x="3" y="3" width="18" height="18" rx="5" stroke="#001628" stroke-width="2"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox-disabled.svg b/pkg/webui/ui/build/static/media/checkbox-disabled.svg
deleted file mode 100644
index 9922728ac..000000000
--- a/pkg/webui/ui/build/static/media/checkbox-disabled.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<rect x="2" y="2" width="20" height="20" rx="6" fill="black" fill-opacity="0.08"/>
-<rect x="3" y="3" width="18" height="18" rx="5" stroke="black" stroke-opacity="0.16" stroke-width="2"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/checkbox.svg b/pkg/webui/ui/build/static/media/checkbox.svg
deleted file mode 100644
index f9f5f7b78..000000000
--- a/pkg/webui/ui/build/static/media/checkbox.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<rect opacity="0.8" x="3" y="3.5" width="18" height="18" rx="3" stroke="#222222" stroke-width="2"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/close-light.svg b/pkg/webui/ui/build/static/media/close-light.svg
deleted file mode 100644
index a00259719..000000000
--- a/pkg/webui/ui/build/static/media/close-light.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/close.svg b/pkg/webui/ui/build/static/media/close.svg
deleted file mode 100644
index f3ce4ed70..000000000
--- a/pkg/webui/ui/build/static/media/close.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M6.4 19L5 17.6L10.6 12L5 6.4L6.4 5L12 10.6L17.6 5L19 6.4L13.4 12L19 17.6L17.6 19L12 13.4L6.4 19Z" fill="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/cpu.svg b/pkg/webui/ui/build/static/media/cpu.svg
deleted file mode 100644
index b30baa518..000000000
--- a/pkg/webui/ui/build/static/media/cpu.svg
+++ /dev/null
@@ -1,16 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M15 4H9C6.24 4 4 6.24 4 9V15C4 17.76 6.24 20 9 20H15C17.76 20 20 17.76 20 15V9C20 6.24 17.76 4 15 4ZM17.26 14.26C17.26 15.92 15.92 17.26 14.26 17.26H9.74C8.08 17.26 6.74 15.92 6.74 14.26V9.74C6.74 8.08 8.08 6.74 9.74 6.74H14.25C15.91 6.74 17.25 8.08 17.25 9.74V14.26H17.26Z" fill="#39403E"/>
-<path d="M9.06006 2.75V4H9.00006C8.50006 4 8.02006 4.07 7.56006 4.21V2.75C7.56006 2.34 7.89006 2 8.31006 2C8.72006 2 9.06006 2.34 9.06006 2.75Z" fill="#39403E"/>
-<path d="M12.75 2.75V4H11.25V2.75C11.25 2.34 11.59 2 12 2C12.41 2 12.75 2.34 12.75 2.75Z" fill="#39403E"/>
-<path d="M16.4502 2.75V4.21C15.9902 4.07 15.5002 4 15.0002 4H14.9502V2.75C14.9502 2.34 15.2902 2 15.7002 2C16.1102 2 16.4502 2.34 16.4502 2.75Z" fill="#39403E"/>
-<path d="M22 8.3C22 8.72 21.67 9.05 21.25 9.05H20V9C20 8.5 19.93 8.01 19.79 7.55H21.25C21.67 7.55 22 7.89 22 8.3Z" fill="#39403E"/>
-<path d="M22 12C22 12.41 21.67 12.75 21.25 12.75H20V11.25H21.25C21.67 11.25 22 11.58 22 12Z" fill="#39403E"/>
-<path d="M22 15.7C22 16.11 21.67 16.45 21.25 16.45H19.79C19.93 15.99 20 15.5 20 15V14.95H21.25C21.67 14.95 22 15.28 22 15.7Z" fill="#39403E"/>
-<path d="M16.4502 19.79V21.25C16.4502 21.66 16.1102 22 15.7002 22C15.2902 22 14.9502 21.66 14.9502 21.25V20H15.0002C15.5002 20 15.9902 19.93 16.4502 19.79Z" fill="#39403E"/>
-<path d="M12.7598 20V21.25C12.7598 21.66 12.4198 22 12.0098 22C11.5898 22 11.2598 21.66 11.2598 21.25V20H12.7598Z" fill="#39403E"/>
-<path d="M9.06006 20V21.25C9.06006 21.66 8.72006 22 8.31006 22C7.89006 22 7.56006 21.66 7.56006 21.25V19.79C8.02006 19.93 8.50006 20 9.00006 20H9.06006Z" fill="#39403E"/>
-<path d="M4.21 7.55C4.07 8.01 4 8.5 4 9V9.05H2.75C2.34 9.05 2 8.72 2 8.3C2 7.89 2.34 7.55 2.75 7.55H4.21Z" fill="#39403E"/>
-<path d="M4 11.25V12.75H2.75C2.34 12.75 2 12.41 2 12C2 11.58 2.34 11.25 2.75 11.25H4Z" fill="#39403E"/>
-<path d="M4.21 16.45H2.75C2.34 16.45 2 16.11 2 15.7C2 15.28 2.34 14.95 2.75 14.95H4V15C4 15.5 4.07 15.99 4.21 16.45Z" fill="#39403E"/>
-<path d="M17.2602 9.74001V14.25C17.2602 15.91 15.9202 17.25 14.2602 17.25H9.74023C8.08023 17.25 6.74023 15.91 6.74023 14.25V9.74001C6.74023 8.08001 8.08023 6.74001 9.74023 6.74001H14.2502C15.9102 6.74001 17.2602 8.09001 17.2602 9.74001Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/deploy.svg b/pkg/webui/ui/build/static/media/deploy.svg
deleted file mode 100644
index a3be467e3..000000000
--- a/pkg/webui/ui/build/static/media/deploy.svg
+++ /dev/null
@@ -1,8 +0,0 @@
-<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
-<path d="M18.1237 22.3313C14.9512 22.5563 14.9624 27.1688 18.1237 27.3938H25.6275C26.5387 27.405 27.4162 27.0563 28.0912 26.4488C30.3187 24.5025 29.1262 20.5988 26.2012 20.2275C25.155 13.8825 15.9862 16.29 18.1575 22.3313" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<g opacity="0.4">
-<path d="M11.25 25.875C11.25 30.2287 14.7713 33.75 19.125 33.75L17.9438 31.7812" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M33.75 19.125C33.75 14.7713 30.2287 11.25 25.875 11.25L27.0562 13.2188" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</g>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/diff.svg b/pkg/webui/ui/build/static/media/diff.svg
deleted file mode 100644
index ad1b92774..000000000
--- a/pkg/webui/ui/build/static/media/diff.svg
+++ /dev/null
@@ -1,8 +0,0 @@
-<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
-<g opacity="0.4">
-<path d="M19 22H27" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M23 26V18" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</g>
-<path d="M20 32H26C31 32 33 30 33 25V19C33 14 31 12 26 12H20C15 12 13 14 13 19V25C13 30 15 32 20 32Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/error.svg b/pkg/webui/ui/build/static/media/error.svg
deleted file mode 100644
index 2f9a8cd4b..000000000
--- a/pkg/webui/ui/build/static/media/error.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M14.9 2H9.10001C8.42001 2 7.46 2.4 6.98 2.88L2.88 6.98001C2.4 7.46001 2 8.42001 2 9.10001V14.9C2 15.58 2.4 16.54 2.88 17.02L6.98 21.12C7.46 21.6 8.42001 22 9.10001 22H14.9C15.58 22 16.54 21.6 17.02 21.12L21.12 17.02C21.6 16.54 22 15.58 22 14.9V9.10001C22 8.42001 21.6 7.46001 21.12 6.98001L17.02 2.88C16.54 2.4 15.58 2 14.9 2Z" fill="#d32f2f"/>
-<path d="M13.0599 12L16.0299 9.03C16.3199 8.74 16.3199 8.26 16.0299 7.97C15.7399 7.68 15.2599 7.68 14.9699 7.97L11.9999 10.94L9.02994 7.97C8.73994 7.68 8.25994 7.68 7.96994 7.97C7.67994 8.26 7.67994 8.74 7.96994 9.03L10.9399 12L7.96994 14.97C7.67994 15.26 7.67994 15.74 7.96994 16.03C8.11994 16.18 8.30994 16.25 8.49994 16.25C8.68994 16.25 8.87994 16.18 9.02994 16.03L11.9999 13.06L14.9699 16.03C15.1199 16.18 15.3099 16.25 15.4999 16.25C15.6899 16.25 15.8799 16.18 16.0299 16.03C16.3199 15.74 16.3199 15.26 16.0299 14.97L13.0599 12Z" fill="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/file.svg b/pkg/webui/ui/build/static/media/file.svg
deleted file mode 100644
index 698087505..000000000
--- a/pkg/webui/ui/build/static/media/file.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M26.9833 3.3335H13.0166C6.94992 3.3335 3.33325 6.95016 3.33325 13.0168V26.9668C3.33325 33.0502 6.94992 36.6668 13.0166 36.6668H26.9666C33.0333 36.6668 36.6499 33.0502 36.6499 26.9835V13.0168C36.6666 6.95016 33.0499 3.3335 26.9833 3.3335Z" fill="#151B33"/>
-<path d="M26.25 16.25H13.75C13.0667 16.25 12.5 15.6833 12.5 15C12.5 14.3167 13.0667 13.75 13.75 13.75H26.25C26.9333 13.75 27.5 14.3167 27.5 15C27.5 15.6833 26.9333 16.25 26.25 16.25Z" fill="#151B33"/>
-<path d="M26.25 26.25H13.75C13.0667 26.25 12.5 25.6833 12.5 25C12.5 24.3167 13.0667 23.75 13.75 23.75H26.25C26.9333 23.75 27.5 24.3167 27.5 25C27.5 25.6833 26.9333 26.25 26.25 26.25Z" fill="#151B33"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/finger-scan.svg b/pkg/webui/ui/build/static/media/finger-scan.svg
deleted file mode 100644
index 8f7fd351f..000000000
--- a/pkg/webui/ui/build/static/media/finger-scan.svg
+++ /dev/null
@@ -1,8 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M12.0001 14.88C11.0901 14.88 10.3501 14.14 10.3501 13.23V10.76C10.3501 9.85001 11.0901 9.10999 12.0001 9.10999C12.9101 9.10999 13.6501 9.85001 13.6501 10.76V13.23C13.6501 14.14 12.9101 14.88 12.0001 14.88Z" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
-<path opacity="0.4" d="M16.98 13.47C16.78 16.05 14.62 18.07 12 18.07C9.24 18.07 7 15.83 7 13.07V10.93C7 8.16999 9.24 5.92999 12 5.92999C14.59 5.92999 16.72 7.89998 16.97 10.42" stroke="#39403E" stroke-width="1.5" stroke-linecap="round"/>
-<path d="M15 2H17C20 2 22 4 22 7V9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M2 9V7C2 4 4 2 7 2H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M15 22H17C20 22 22 20 22 17V15" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M2 15V17C2 20 4 22 7 22H9" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/git.svg b/pkg/webui/ui/build/static/media/git.svg
deleted file mode 100644
index 6b6a26a2b..000000000
--- a/pkg/webui/ui/build/static/media/git.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="92pt" height="92pt" viewBox="0 0 92 92"><defs><clipPath id="a"><path d="M0 .113h91.887V92H0Zm0 0"/></clipPath></defs><g clip-path="url(#a)"><path style="stroke:none;fill-rule:nonzero;fill:#100f0d;fill-opacity:1" d="M90.156 41.965 50.036 1.848a5.913 5.913 0 0 0-8.368 0l-8.332 8.332 10.566 10.566a7.03 7.03 0 0 1 7.23 1.684 7.043 7.043 0 0 1 1.673 7.277l10.183 10.184a7.026 7.026 0 0 1 7.278 1.672 7.04 7.04 0 0 1 0 9.957 7.045 7.045 0 0 1-9.961 0 7.038 7.038 0 0 1-1.532-7.66l-9.5-9.497V59.36a7.04 7.04 0 0 1 1.86 11.29 7.04 7.04 0 0 1-9.957 0 7.04 7.04 0 0 1 0-9.958 7.034 7.034 0 0 1 2.308-1.539V33.926a7.001 7.001 0 0 1-2.308-1.535 7.049 7.049 0 0 1-1.516-7.7L29.242 14.273 1.734 41.777a5.918 5.918 0 0 0 0 8.371L41.855 90.27a5.92 5.92 0 0 0 8.368 0l39.933-39.934a5.925 5.925 0 0 0 0-8.371"/></g></svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/include.svg b/pkg/webui/ui/build/static/media/include.svg
deleted file mode 100644
index f17e9d604..000000000
--- a/pkg/webui/ui/build/static/media/include.svg
+++ /dev/null
@@ -1,7 +0,0 @@
-<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
-<circle cx="15" cy="15" r="15" fill="#39403E"/>
-<path d="M21.75 11.25V18.75C21.75 21 20.625 22.5 18 22.5H12C9.375 22.5 8.25 21 8.25 18.75V11.25C8.25 9 9.375 7.5 12 7.5H18C20.625 7.5 21.75 9 21.75 11.25Z" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.4" d="M16.875 9.375V10.875C16.875 11.7 17.55 12.375 18.375 12.375H19.875" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.4" d="M12 15.75H15" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.4" d="M12 18.75H18" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/kluctl-logo.svg b/pkg/webui/ui/build/static/media/kluctl-logo.svg
deleted file mode 100644
index 2248dffe2..000000000
--- a/pkg/webui/ui/build/static/media/kluctl-logo.svg
+++ /dev/null
@@ -1,3 +0,0 @@
-<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M46.7332 26.4052C46.0197 26.1986 45.3021 26.1791 44.6273 26.3143C40.1777 27.2059 35.7653 26.6265 33.5223 26.1996C32.668 26.0371 32.0248 25.3551 31.8357 24.4893C31.8319 24.4715 31.8279 24.4537 31.8239 24.436C31.6286 23.5727 31.9102 22.6711 32.6102 22.1471C34.3592 20.8378 37.8933 18.5208 42.5714 17.1265C43.6436 16.807 44.6717 16.1731 45.348 14.9364C46.1321 13.5024 46.1337 11.7081 45.2978 10.3048C43.8559 7.88432 40.7234 7.37165 38.6256 9.07985C38.1033 9.50523 37.6946 10.0232 37.4152 10.5963C35.4318 14.6654 32.1773 17.8402 30.4251 19.3627C29.7657 19.9355 28.8472 20.0181 28.0689 19.6308C28.051 19.6219 28.0331 19.613 28.0151 19.6044C27.232 19.2231 26.7251 18.433 26.7576 17.5481C26.8442 15.1876 27.2649 10.5853 29.1204 6.46814C29.4038 5.83938 29.5368 5.12857 29.5035 4.38422C29.4022 2.12445 27.7819 0.317189 25.5829 0.0370233C22.8357 -0.312912 20.4973 1.86432 20.4973 4.59895C20.4973 5.19584 20.6062 5.7671 20.8115 6.28929C22.7863 11.31 23.2117 15.4036 23.2796 17.5351C23.3077 18.419 22.8057 19.2125 22.0219 19.5892C21.9999 19.5998 21.978 19.6104 21.9562 19.6212C21.1687 20.01 20.2406 19.9217 19.5806 19.3358C17.8015 17.7562 14.4785 14.4807 12.5671 10.5575C12.2668 9.94121 11.8059 9.3959 11.2193 8.95959C9.4356 7.63262 7.04863 7.78493 5.4589 9.34791C3.45317 11.32 3.65626 14.5622 5.75912 16.2739C6.28156 16.6992 6.86622 16.9947 7.47672 17.1412C11.7779 18.1734 15.5546 20.7301 17.405 22.1456C18.0968 22.6748 18.3791 23.5688 18.1836 24.4284C18.1785 24.4509 18.1735 24.4735 18.1686 24.4961C17.9809 25.3599 17.3395 26.0403 16.4879 26.2057C14.2279 26.6447 9.76967 27.2464 5.37869 26.3178C4.71301 26.177 4.00284 26.2017 3.29742 26.402C1.15778 27.0096 -0.204829 29.0318 0.0252425 31.2867C0.311237 34.0888 2.90587 35.9226 5.51253 35.3152C6.08264 35.1824 6.60713 34.9513 7.05713 34.6263C11.2753 31.5795 15.2102 30.2221 17.273 29.6688C18.1042 29.4458 18.9643 29.7814 19.4947 30.4718C19.5101 30.4918 19.5255 30.5118 19.5412 30.5316C20.0856 31.2249 20.2066 32.1641 19.7981 32.9487C18.7012 35.0562 16.3376 39.0611 12.9684 41.881C12.4465 42.3178 12.0276 42.8982 11.7414 43.5798C10.8712 45.652 11.5505 47.9942 13.3997 49.227C15.729 50.7799 18.7773 49.8557 19.9432 47.3837C20.2332 46.7691 20.3893 46.1216 20.3893 45.4814C20.3893 41.1352 22.0236 36.6994 22.9698 34.4954C23.3137 33.6943 24.0939 33.1964 24.9506 33.2071C25.0003 33.2077 25.0501 33.208 25.1 33.2077C25.9437 33.2034 26.7059 33.7107 27.0441 34.4998C27.9553 36.626 29.4957 40.8734 29.6206 45.527C29.6394 46.2262 29.8189 46.9332 30.1726 47.5951C31.2431 49.5983 33.4983 50.4903 35.6065 49.7314C38.1849 48.8031 39.3372 45.8348 38.1841 43.3913C37.9303 42.8536 37.5925 42.3836 37.1825 42.0077C33.2774 38.4272 31.1325 34.8537 30.1635 32.9437C29.7702 32.1683 29.9006 31.2417 30.4394 30.5635C30.4632 30.5336 30.4867 30.5034 30.5101 30.4731C31.0412 29.782 31.9028 29.446 32.7347 29.6705C34.7912 30.2255 38.7109 31.5834 42.95 34.6232C43.401 34.9467 43.9245 35.1791 44.4946 35.3119C46.9624 35.8865 49.419 34.2732 49.9162 31.7222C50.3669 29.4089 48.9558 27.0493 46.733 26.4054L46.7332 26.4052Z" fill="#59A588"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/kluctl-text.svg b/pkg/webui/ui/build/static/media/kluctl-text.svg
deleted file mode 100644
index ec60048e9..000000000
--- a/pkg/webui/ui/build/static/media/kluctl-text.svg
+++ /dev/null
@@ -1,7 +0,0 @@
-<svg width="115" height="34" viewBox="0 0 115 34" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M21.3567 8.6323H15.5247L5.24968 20.068V0.715027H0.601793L0.580078 32.3833H5.24968V20.9476L15.1598 32.3833H21.3864L10.5556 20.5078L21.3567 8.6323Z" fill="#DFEBE9"/>
-<path d="M30.3117 0.658997H25.7295V32.3832H30.3117V0.658997Z" fill="#DFEBE9"/>
-<path d="M99.0875 0.626038H94.4833V8.63227H89.9453V12.3269H94.4833V23.0369C94.4833 24.3271 94.5017 25.4816 94.5382 26.5004C94.5745 27.5198 94.8487 28.5202 95.3602 29.5025C95.9307 30.602 96.7782 31.4084 97.904 31.9215C99.0292 32.4346 100.308 32.7132 101.741 32.7569C103.173 32.8012 104.634 32.6763 106.126 32.3832V28.4909C104.576 28.711 103.228 28.7587 102.08 28.6338C100.933 28.5097 100.096 27.9929 99.5702 27.0834C99.2922 26.5992 99.1422 26.0058 99.1203 25.3021C99.0986 24.5983 99.0875 23.7699 99.0875 22.817V12.3269H106.126V8.63227H99.0875V0.626038Z" fill="#DFEBE9"/>
-<path d="M115 0.658997H110.418V32.3832H115V0.658997Z" fill="#DFEBE9"/>
-<path d="M73.7264 13.3715C74.6907 12.6602 75.9255 12.3045 77.4312 12.3045C78.7611 12.3045 79.9418 12.6753 80.972 13.4156C82.0027 14.1561 82.7443 15.1934 83.1975 16.5274L87.7579 15.2079C87.173 12.9644 85.9631 11.1983 84.1294 9.90803C82.2948 8.61753 80.0842 7.97266 77.497 7.97266C75.0998 7.97266 73.0464 8.50762 71.3364 9.57813C69.9637 10.4373 68.8575 11.5712 67.9935 12.9542L67.9805 12.9381C67.9805 12.9381 67.4187 14.0115 65.7626 14.3945C63.735 14.6699 61.9015 14.6724 60.338 14.5518C56.7422 14.0069 56.1432 10.8942 56.0653 9.41572V8.63239H51.1944V20.9914C51.1944 22.3992 51.0374 23.5947 50.7231 24.5765C50.4089 25.5586 49.9775 26.3503 49.4294 26.9517C48.8814 27.5531 48.242 27.989 47.511 28.2602C46.7801 28.5313 46.0053 28.6668 45.187 28.6668C43.9298 28.6668 42.9105 28.4104 42.1289 27.8969C41.3465 27.3842 40.7398 26.7094 40.3089 25.8741C39.8778 25.0382 39.5852 24.133 39.432 23.1582C39.2786 22.1831 39.2015 21.2339 39.2015 20.31V8.63222H34.5537V21.8272C34.5537 22.5606 34.6197 23.4105 34.7511 24.3781C34.8827 25.3461 35.131 26.3356 35.4966 27.3471C35.8616 28.3585 36.3914 29.2933 37.0861 30.1511C37.7799 31.0089 38.6824 31.7017 39.7937 32.2296C40.9039 32.7572 42.2783 33.0212 43.9154 33.0212C46.0495 33.0212 47.8691 32.5595 49.3747 31.6356C50.3024 31.0662 51.0809 30.3419 51.7427 29.4967V32.3835H56.0652V28.6462C56.1408 28.356 56.5575 27.3818 58.6937 26.9386C60.3092 26.6526 62.3773 26.6059 64.8661 27.1592C66.1567 27.446 67.3572 28.0281 68.3534 28.8992C68.6908 29.1942 69.0568 29.5108 69.4466 29.9256C69.9915 30.4788 70.58 30.9879 71.2486 31.4155C72.9439 32.5005 75.005 33.0431 77.4312 33.0431C79.9746 33.0431 82.1376 32.4238 83.9211 31.185C85.7041 29.9464 86.9827 28.1686 87.7579 25.8522L83.1097 24.7524C82.6277 26.0277 81.929 27.0067 81.0161 27.6881C80.1023 28.3699 78.9077 28.7109 77.4312 28.7109C75.268 28.7109 73.6347 27.9559 72.5312 26.4456C71.4276 24.9359 70.8685 22.9564 70.8537 20.5077C70.8685 18.9248 71.1093 17.5168 71.5775 16.2854C72.0451 15.0537 72.7616 14.0828 73.7264 13.3716V13.3715ZM57.7252 16.4901C58.9563 16.713 60.4897 16.8913 62.2601 16.8913C63.1733 16.8913 64.1502 16.8419 65.1781 16.7292C65.2069 16.7288 65.2361 16.7286 65.2479 16.7323C65.3 16.7477 65.4005 16.8842 64.9001 17.1154C64.0336 17.3999 62.8489 17.5927 61.1866 17.5927C59.5703 17.5927 58.4663 17.2747 57.7076 16.8354C57.599 16.755 57.505 16.6605 57.5157 16.5645C57.523 16.4964 57.6248 16.4847 57.7252 16.4901ZM64.4437 18.773C63.8614 19.1512 63.043 19.4511 61.8643 19.5722C60.7181 19.6901 59.8992 19.4178 59.3115 18.9864C59.2255 18.905 59.1482 18.807 59.1448 18.6999C59.1425 18.6236 59.2133 18.6034 59.2849 18.602C60.1834 18.7596 61.2908 18.8457 62.5462 18.7168C63.1939 18.6504 63.8812 18.5246 64.5971 18.3246C64.6178 18.3221 64.6384 18.3198 64.6469 18.323C64.6857 18.336 64.7724 18.4803 64.4437 18.773ZM64.609 24.4077C62.1265 23.9443 60.0012 24.0187 58.2715 24.3321C57.963 24.3395 57.6685 24.2506 57.6685 24.072C57.6685 23.9635 57.7764 23.8511 57.8904 23.7583C59.2316 22.8996 60.9024 22.8218 61.5537 22.8218C62.9716 22.8218 64.0627 23.1248 64.9057 23.5785L64.9037 23.5814C64.9037 23.5814 65.3778 23.8821 65.3014 24.1038C65.2284 24.3156 65.0761 24.4636 64.609 24.4077Z" fill="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-cyrillic-ext-wght-normal.woff2
deleted file mode 100644
index 64f87b1149a979344c25e6a93b009e5d45c05f89..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 28960
zcmV)KK)SzoPew8T0RR910C6Ay6aWAK0QU?40C2AW0RR9100000000000000000000
z0000Qf)pE|6dZv#KS)+VQiTu(U_Vn-K~#Y%Co%wo94~Yc2nvChDE4m)gAxERf`WVj
zHUcCAh6n^81&9C#k24Gh8|vc+RJUdq(Cxsa{p~%sKyJDzw*%2#?73_tB9DV8TKh-;
z|0g6JLm0z<0|m8LMifNORf3dD0u%WBDq>g2!elDBEH7rlH16I*xj<wIk5!bar$xig
ziN~4k+?)$nMmooS=zP=i_kw!l;zrta`IfJYi3AZP6l{VBL>5rc^+;6UGU*{sjiw!8
zH2w{=_utyi_hxC3mapUaymEsB>q0$o-9>;qJw(cS4v$l-e`d+D*aAzkz+%ftF$J2W
znGz0k0U_z(XX^c(C4_dE({j*}hiJ|kppaxYNRc2G0)&W@I1v&EBqYI-5Fp?|t<)(N
zq);k&sna4gqoP!gw%k?p&Rak0-QTx9d~W`KhX575?e+Q-mG+zNL~Z3a|If^Fc287m
zPD=&xkPspw5E3Fbckkjn2pR~{WX(Yh#q<AM=6!#PZ8SQ-0gYHh0y+bh<H2BXDWy?w
znl7^N-#7MqJM&#Jvq(rZs)l+GAtv*MlGduyLkkDQ!aND})@6MlH~Svr^0jI}F$)nA
zf(8#}m0((Enf~29`+4^)DkpQxP+j(4<rW4G`~aT*_X+Uvos<3&&X8B}CfS!v#tl{<
zu9Y*J$C=E3AyC5I0y@$sT!B!QH#TPj1=0YdDqP|J`~6<mKKDNSKmjJ50!dcLl4V)N
zRk0#hhomYr;P_5ep#K3H!A8KaZF{q4w9#l|_T-!au>&+_6B>Zz-+ZSZC~NOtju6x2
zYK=9MlwNi{>J6PCBoZ0V4FdD<UXqRlA_Xb*?^Ct9f)pPt*Nl5WcKVnIZNy}14=1P1
z@iu$f;~qtj5I~TWKuT-_4C*ghZi7$<h?3lD+1e2aDs!gg5KFF_&Ys>Rds6z8WH01N
zkYw*tp0qiq%VCdm?8|Yld(Ef)ajq|$b{Qq>6&C%jliQc3FO$L$_ji$xpm}NUw=-QP
zcZBYYIw9S`)Bk<b>EEVx#|R57<Nw;{JSy8rqIE+JFoDPe!0ui9w3*Axfg+GJN8n{9
zo0pxxKL@;YfZVG8DqNidcBIazDqpE8ge^S(t^MlCyB{6ITHpOOt?5rTXvQmtv@?h`
z5{DXTgw_b5W3q2=Oaf0dTSEhzrR|x2-){e6B<UJ<%BzS?B`3KMJh8U>@4h<r_s(87
zPW<n@t5B#R2@s@01>|b!IY$f6V*dHS&zR{4B3*X*=OvwXo(wregy#bhM>-S)*l`u2
zpG5yR+49QjHVBK~2H9_e?YF^YY=}ZvznIJ)L+4MB=FgDf&z9paP!e4Pzl|k+8!dht
zZH$es5d5pH@edgDZ#F6KMhO0W_REJ50&~<%2>rGINbEB<fV7EArL0PZiY(&=-|Ij?
zPxrn3%NCWAD*B;$%{libX^@3QT4X4KDP}~X3RAf$nX(<PAT_j!_mYm>(-&X^0Kmuz
z#6bY4vU$TnuLZp9<~V;0A=i^$10gr1K?@<W1rP{=q-X+FLS&JDgQ(mB<j)uFkFW(`
zn|M><KUPP8%^^@;3iti`HqWLU0l-&j%HdUhZEFYQxADKZY-J!3kL&=H@)L)M&ZB-M
zFg=i!n%dC)bpfPw$E_)rzd1i3XKau^TdJu2xxVV!0r?l@d8vN9=X(L*KhyP6|8vvb
zH46|a_F6jmxv4a;*v`R72JStB5^phcQC`;;ZuNJqO+rdFN{>SA)reBkA*jzt$cqlx
z%iTlJ54wR%`KIJjj#>fppnM2n{y7qn{U3T+esRv!J#P?p{Zh-8KahO=v--s5<@)L`
zGI#tBqU=_2<^lU?&R3QZEg<kwLC<!6jkLQke#h&f(yQlfkzo}8vmPJcIY;tmzdG6(
z`u_*?bU!h$D8DL#?C=#7EtUzunakySu{1kRat;AT1ZLOdo9bP;zNXfrc?4fh3?$~|
z+1Vrr+v;t|{x0hJKj!>GhnO9ZpQjqrw;##z>`g1gpD&l3DeCLF2)vdbJkmJh7tez^
z`>Scw@*qd{oNDENN*}ID&`ysd^38daC0G83Un6yBw@O8S^uco({d@r^I9;ua@SIui
zt(pmxSoS^XzZo5VDXF#B*0GY)EdYANYf%PXHCgT-*dr+j53xziF{WNm(md(>wnop)
z7UR8v0}(tDV>HbI_cby3yB75aN8?fgL=(<Dpt&*edaZtb>1cf4w)uk`S;cwx5RPED
zQr4(19eS|d-?0O)1HBQtZ!B-C&+ny0`A;DXXnbsSZ>RqVD7*|l0TVYDd;0|OG?J8^
zb*cK%(i;LCjWiIEC!|6QcnpyxM?!%TWojvsp^9qiq-O9gj@1q{N=I&AMn~rfj|hSM
zau^j08XK1@J^>FR5}st_d_}pJ2T+O^D2WMCx=ak&@~~Ny;j4DFGWDY)Ez(GC$<IYu
zsZBJi9vW+nN|xT&5FFZRbOE8h3TSk2I!{PIqbWfYLh48vyD{}7w%OmQ5+Y^~$8*Zn
z1SCXiLo$F0WEnthN=*tuyA-3YdaoHmOq{U7`v}F@h`2OciW9t=7HBwOzw{IpVRDXB
z)T!1b&BnEm1u2ses5YT?2S>DAYKwy4lPm=?9RH;1p9n3U8a@UUk)6{KwMa3&ufseA
zHwwiI%lCAKh^Vd#Vyn4?43M^SB591jibQ3&2*FuL2qeWkAkSmRqw|DRU=&2)DpHZ-
z<OS6CLWoEt*te;#9<#tz>JWg)4WgGwn&7T}S3nCw9HUQ3@c3IQ4QThh`LhAJFU?;6
zIfY*zqal)PiXP!l*!)p`Nn@3dFX;<1Bg_#s@ADO`0LF+Y2OT-~Zl8SqJRzV+1M=}f
zHShNlNJvxS-?&dGs;X7vHAS`1#n18P#ZOTxqSt+4{O?QHBQ!<GghKR4gLaY*<FX!`
z=ZbtORS{}pLt0$4<*qWL^p&wnr~`GVQko;s879N(tihX(;IX`x-wN76#}Nf5?E2l1
z8*!sqhho{d7nJbCLbg~ap|xJrl(pY>E842=K!0SAOf7TQ(zA^m6JqF`ku$imVao;p
z|I~DMJ;T~f|1>ad*=;%OUiK|}PWvvix9g9&*PYMZKdkiQ4%W$FH0ncaxd`BlD}V;W
zD5(6L{Jw*L<Rg?fG$I(CHx{`L0EBt+h1bm%PLDtldI9i{`mEN>*8(1*+44mdiA@9#
zPoz~Vt`2fRAi<=_N@6ansk38(`U3<C6iE2C%Cb;KDF!Qz;ueor!ns@D6M`7{INC9V
z;GyY4g4K>KTqmX$YbiAm@+Y*0BPn~Uv=VDWpb#aBKsy-;0wEeXGBP_Z7FsB+6NOL{
zJ3!(VZl&{a5oH*b3*!z8k3f=Mxg(~h4-<Hs@oOSr*JT1=Q#`+Rg1KabPCN4;eB+C+
zVSFs+s&oHG7~rRq8w73upr3UfpiKxNVhpGP16_irUvoTA0QgThilY3EmC3R?7DVLL
zj3@wPd<Ja&PD38YnY<SE*z?k@f&RhGq3xI+ac+)XTQ+eQr98^F1CY>$O<()*+Xyky
zW&)nnp*{!f;S^O#wr{De&t!N{dJc>!`op^Vwby_UBK7;irQ!PUnm8W!#joA8OLuNp
z9Om&W{N8X$xF*~c*Tso=Fu8O>XLN;<ZTNrq*9=4hiOf)NOxb@;vC2sV003C(g=s*r
z2vMUT)p8w>=O902{FNhFjBE*trKpynS&nW6hLxC_glopuf}<5z8=iK2RstP_I*D`<
zTTP;el*}5D`pB)NuuhcqqHUnmuUCu#u?DFOQ5zO#gvKbXjdaGu+a$qeiMB|xRkCgL
zwlmnlXk3b&Om;~%!B?p?lhREwo0eg>OnYS6E89Lf_G4KkLbrT}Sj2f3glB8B3Pd_`
z!Y~O}Y4`VWKW-_jQbN%o(#r`Wx&X712#gg{RieTkQgvd&9#TypVGpS`u&}pPb(~ff
zh7s9_&?-CvwL5~QHNd{QRFl9Ow(@AAFguR&ku$U73^^{9Do*UItb~%b7J6?b<R_mB
z`CKg1{*G1K^*wRVRPje3qk!ywx+WI#e}>+RBt}b7SIdhSh2a$DI#TnryXP4creK~U
zp|aVW@2?hl$w<Oj)r6Z-^)TG8clrg-)K_3vt7eN0qu54T1uIvq*TNLms?NA3tR$_x
zVpJAdD+NB2gwd)6x1-7txYg+OiaFC*f?Z9hI)z%Pg;WZ5uFxz|Sh!tj+qslo5bxlh
zv3Rz$i0;mt#pjo^%-fQk<J)7$WK|C$8N9JlJhWJSCK5%`aaL}1tOU;U+U*sBl`Uim
zQP|z4=kwd|H+lY=J@JBz<hG6AXhioE0gL74kQQf4n^;^CK@r}8({~TOSX!z5D>Hcr
zM-oSa@L8L0p*ISJkfCoHc6{%`eMLZnsSyc<QhiAZz6*y^TU=O2e=FqW2x)#&-*`f-
zILAzRCg%LQ;XE5c+usJ%UG3GJc<7Q8CEiy|()ulHL`kbj34<C8DP9QsbeHS-By0<P
zJmlvmM!-Dk=mnu#s3~TaQY~JIFd2E~RR((>JjHbqnN5bD$jX<C$)GPci2Sg8r=Mz|
zwk*D6zx^6imqRh??!E(_xX5-^H-sWGGP@9=OZ#>}wDl@)w{|W#==I3mJ*BIgg9~;v
zE0}>>eW$=yr%%<bR`}AEeNps&;lAQ<DucZb4RU=q`RV6`Q(OolgbQKq4-C=iEXZ6X
zhbbG$epur4?e^Zrg<ad&#NEb1_C^k~*iIR2CR|9}K}Rn9dKePSTO(_3I#+nHm4gRZ
zIl@wIQG@*pO?)A%46Gw@N3}WwQmo%7*$HqLltd>`za#y$z^YEY$1!szT&sTCZYm25
zd4*5`HC&pP7<{W-B{)*|KN@>Ak}M3Z$CV>!!iAw@9}4<<v~;29BA~G4WMbwGJ~JmT
z9=Xcvb8D(lFVNX%jUggdp*+PZFda$1*Q{6Jk-%=tPL<U5ur7Ag7pMq`2=LYwV2X@M
zv4{q=D{+@wx@u5V$vE2rn}{p7?q85q=zjU=gmB?pYw;$}nSwvh#Dfh25b|ilsn<au
zF`Dwvayp#6YgBFvZK_-LZE9f(iH#ZD^l$?S-{bpkc2-_A@%FiWR@d-YTOE+^9uQ7E
z2wO*+$jQCi1(o^DdCeJ>zR;jGthBRD8$)eYJb&HK5gTzHso@lp(@Y|~E~^ld+cZC_
zvvtwNhbg_RNC0SDP*LchOCxqFX>rGm>XCwo(c`6ZIEV!Dyd$0IT!hE4|F_W!`{aSf
zH`?nE+@%ArX5joKg3D1P9fi}Y@aE?l8>44cin2k=;o`P9C33kuL`IcZ`PJ1?LlIpB
zIRH3#-GdhKb`1tsWk(kW?-Z$f8A#5B%QS83Y?{bfbT472&Vl$z0(=6qiG%PUf&C>@
zo>sTYG(l@IO!}r+k=>cXw-<thmHrQM4BM$$BG&-cGV+N2y8LejXi8+pj`+&Qcp_dE
zs9Qu}Fh-3JoPn3F9ji|rSRp+{0|ph4QLF_GDo|-ph2Z}s8QcX`DH#~_)HrSVJEV9n
z%zg&W>5uaLGp(5-AjvL2XtDpw_T2hDH~46A+Y>=sVkG_t);W!@Z(a!>V7BZAzN>w*
z@;t$<Z^Zh)ew>Z1Jzg~qFLXvOf0R)<JKynyJMd$I4U(Kl2>I}cfm0Al8P%@e_6&0{
zE{9uzkOQ&=dw2!bTEM|7gp3s{hH?DIy1S3QE`9HAIAyUB>#oJSuLmZ>Y8{!MgJ;E0
z%z*8*Nmk}cElgk4><{G7V`q7g?Zaz33O^y|i7+{L==3{g(%1Mz0!Q5hYbp>AnOm{J
z@{zkr*gQ~98IVaTQ1-M`33#L{b`nRN)vq<aFIv_%*8E^8VTP}CLZ1>9TFoHOWRr`v
zZ*DRKup(GNBK14xUzWUr{Ao8AH11p`u=ur^_ic4KzmAvem{j(H=DP<3f~Z9%CfCJ)
zL4}+t-Jz0;ZJr1NOzYi3U0$Sz<z|_y+6bXGJb8TsGliES>V<_evhL&h&GZ%u1>k^~
zkkGy7DSKMe2z|~ullx<MWz}HJ?9{T}{*K+U2Zx={zvIT~onV)y_$v{}OcA03Jq~b#
zT9G!g2m-E*y0%DnQ%v{}QL4pRWv2mDpW7`8$*5+m?2&$s$R@;$Fnt0rZ{w6eHxVrM
zQuknjS%}D&tU?JNSU5NBlp;(&y%;UI?Qp-MX7n5BPT`G<9!?eg7k=>^=00C7Dv2w`
z+pN%~2F==$Dv~nW0bbQw>k{N2?K!PN*t?g3<?m0@QqHg=66Q%(Mr`7o+ft!mD|oq1
zYR(#Q8>)ZsK81~|H)65=0vA?#lByimqGATe4`FC}yQTzeQ*>E2K4`LZ{Cni;$ajsK
z3DX8VE9Dq*c=a*pLGA3tvd4VK@aqdqYi~oOSZcm)_gl&zF)96dhV$tp(vM{@G*T7r
ziF2b3>CdcBahev_L`Ltu72NL^WJRv@B%!wEz<LpWfVgA%K|5VKWUa^2$GLO4Y^Y*?
zR5Qqm-mCP5?|Z=A^iv&{Kk(ctU{39qFA0T9IN2GKZUCaBqj75vgO?&8Xy`m*R(rPh
z9}3`oeVp0^ELsiHFTgW7D4*^d0Q-&6fyKR%R8}sre<jNi8NvOA6AR1`yykfbr*vK0
z_pQZW*@5fLG1Iq6y!mDSWsau0yXBg4>s3EQARh`Nk?*_+g1+G=oSHa%{17aBi0wJJ
z-LQ^x#o#Gwmm{}lB<2cg9-cu#Gw|s`g#xPl`7DLkqGIHduS~wX0)Il(O|F~e9qa7*
zu&dKzGVKJ*5P983_0}pqu{FV5$5cnv5v>K1xPfmQ>T-i6#zkszuchGB#%nT0<b||0
z%n!u*TV|?>U@>|Qy#}}mnnd|Ns4^)1+YRaD%4-21K*ZNEwHf&4MCXlYP8j)Yp|H0>
zm6li+HzY~kvqGJ&Dh+vIL1Vd1P%W>TNZNvR#`rB&dSY9=xsnMQ?a_1SevUVs<t#yo
z)KH?-8`RlD)6iCU3WBEKt<WfFKxB2MsJB*brdmf-Gh?&6jH)daBDKY5EFDA8*Q>?7
z1w$P>S0-<M-D?@_oB&DvCg;T$E}KNz^uNiq4B43pk%ViSJ#;ee*@$p2jG7QW+Z^z0
zG;SJ#rbY1{e$O`(XCQcNh(#x1*fjE|)$Tv97EOaT<NxVs<>!?6n@E%61Oho8^D77a
z6DMXIi5zk?y@`ZAr!1f+P!5-s|7w|kwF{R)pglAVXYRDiG&v6<kVj(P#^P^d_l+YF
zR;MDn%z;c#@C-qZ3nj}4TuqZ#H8C_SugqmCj3JK@(4r_|8fHx_FH%B?^=N24-$;qe
z>qzk=^I}4AS}_?Kg`jDu7#@5dC4(0TMqDUGM&On;c~(+G$$4eYQ(+86gpi@6;uFG)
z)Izz0s1o__)#ORh=%P^ycQ1K?G6qnU0c39j*B&(m7lsym5C!X_X>5*;MM{$(@-r(<
z!Lc6RmY;U2#q}=?0rZqAgIl62tjS9Q3lY(|Qg*dQ;Gec8F^G-V`TP+DtNZ5*u3hja
zNBYiUG_3seYJ>lUYX$TDYB=f-oe%Iw#1@M96<Q6yDqkX}#|Dyp3|z<EaD8Y!EDkm*
zX&hk!myi)*pPyTnN{Dv%Y5bS{WvV~;$YtqVda)Wl2{nW^P^2NoSSpvJWsuB~4tcp1
zse~9$V!fkP6rul+mZrrPiFoB&Ew?&H42u8d>MPKa9EnV*A%rH1L)xL^Zz@(Rj)~Tq
zGZP#z03DNOi`kVLfqyzbG9JfFme%1g94(WWDbF`oBy1YUP~>M+fEzQ=G=zgc<t!@Y
z*%9GY8ZEmr4vkdi#C(P;TFQ-vqh5bd>+Y331Z##4i6pxas6pb!>pojAYG7H5Z^YO|
zpDovg?GUusnJ{uF0)}i2ZM_z_<5~m^zUi>bY4OQ7KKmXocG~5DJgVG&!}*#~9!2Kg
zbI${}nHR=o<KD+E_@k-33=YkphF!v<Ho0H9EeM!|P#wI}*S*eM=UXAD(}|C&6bw3K
z*@^)VN1>%&dm=R9*bkq8mcg3{lW<WxE)zY6-q1^d_4ofl%5~5T3N-`i!Z|8#BJrTq
z3HhaAU_I$e;N~uYO&6QF^`0^6%<SA1rHgBLMod^VGzz=WlYRo~oS>j})_dO0@?gtz
zgJnu=v9d6ZRFKRDxBk$VhN4iM9D!BjT;&}(Hz4AcJow$9tUdQgru1#RFsuA6Ublj$
zT;nxWR2Jpzg+^cH&^VVgPZC%yT+zU}BfQx!zM$wNp{P&+O#=x+Z>0_y{2~S%EgzJb
zWEZB&jH5(_Yt1p{G3dnK<f=C<L#?Ef6~<thxIFloWqv?Ip>KIj1Vwx?jbn&V#HT16
zozxDdG>w#Ns-l5v`vtk2Fo!Mh6bdy0TRnd6jTuKc<O`5npivZR8nR-3?p3yfsqU}=
zxLp{=Sa&`X8iiJ6Ye7BK?M7Ut^PINwb$AwYQmxCanH315scg=pMpDgInnXRRHv;~m
zh+Y1%1(&?3KgK!@ArL#cfmhM5uk!j4Zj_%YZ8LWO_&T^E&Arf_ozftUSf0^b3{`y|
z%T`u5R<g6)hogx&oEG9kzkeHWuc#~pc9JZsKC9v~{<7Ju)@aSK=F8O7;C<!(2t_U7
zae+iL{%ynY9Guu#uab0vEL?Nia&BRPTw!;u+9<Y!9US~=fD)gNR8N%UbsCk=Zweej
z&!OQ>&<T_qW>@oK(U)7?{1To-xnq8sd|FX&&YH$ezu|w&{su1L;?u|wB?*I~UGOp!
zgT=AscGNEL%8}vp2y~?vRvs%!2+rgI!ISX~4Yk-JdA{zxKx+>_RtJm{NaG095HE1d
z^VX*jSE~#Tf(C@b_UxS1r;_j53LgUzV<R*Q4dbK^FL)W}0988#(GRub;0Ha}k=_#J
zR*KB+wDpAb&+lIFdW?3}jZXfVBo6nvnHQ+GuoEV>PHl%xs5V*o`!*M0S<=2JFKNu(
z6*&xzu_~Ur+pZs9!k;(p?&|73mZYEz<go%8K4loP8ai&RIhz&J8-yuKg?Rtz?w%u_
z&+KPt3TDo_yq~wN^M`<Tdc<S-s&o9u{BQEuKR3Iz>iown#21FB?$2G;R^%ea2gzLP
zy)KdF5PA;%?l~e#DsHZROQnI>rZZPDV$pqT&y9K67j3KBDua^hax_=<>SS>qDOMX+
zCO1WAOG(p#iK65ywsna*F-VoV{z4JDw089)d~_{SpGsS*iXr9eI6R(?L&}d)(U$5{
z>zH5>bWXy8^+jQ9<#M9hYxk;u5SH*+wMhFp3@C@tAiBf9%4@0|XBLN?=#w|cJmvR%
zGCqQ!d7NwszB%88`_9$g>$1T^!2pLD!jig%sQqai)n&sQHzM?vY#d5hP$3p95izK|
zHh00~ft#lvC}z=Lx!rTLkb?1Z%QBna`<69TFRI##Qvsp-Zf>aG94qGcFF6NMF``c#
zvnlKK;lu_7M}-r;JfPh$<O)d!#lCCwq_%{NI)*ADJ1|yEPw}dVM5P@;QTE#8Ms>Bv
z=85vKzcrj26p0Pb>cT9$jE!-UUdz6)eMQ2a8da)&H5qz(MG+@uvzL!|vqPAvbz;G?
zOir|&HW{Cy*&D8{wcto4W*eniuD;s;4_}bcAHIob@z_*9gPudTFD)FQepG=MXW<i0
zqwwEv21Ty*YFri);#48vwD_t$Q5aY`ikIjHe|DKT5*jR{juTK~yWbC(eXB?DWL&1j
z%MZ)5qEJIzY>;<XJQgIrr4b}*kVoYCh4EsnDCEe4kQ+RnGTeu#!mIBuA5Mx)4UE+x
z2Sj2cn(aOTgZE9tml175Z6S*3EQ~9~3lbtp_T@J{2`|M5r)@`m6|XqB<r)I9`>*|n
zsgY4S^c-4HT*V~dx?(3`fad>iISy@o?uqC=e}c#H2~D7neCL`I*{yu_j{ls5O~fjc
zaUdFzQbpsMq~T#I71`ZM?wF9Gh~OAXXgaFVH9q8{C8rrUSAVY}Se%_3AEV4rr}a+b
z&n8pwnAseo)mU`p>MA_K;y4iDXBf6pz@4+Gog$w>)ZcFg`!N(hjSOWn2WV>AuCu9g
zcbcfWNcs2;^s=(PI9Daj*dbu3O|)bGn3~CVqguW0dPAeA&FVXDZ+|(>P?_jg-}388
z=L)ck6V1sPz!$ZhSI{RBK@6t&c;R*0^^d9-Q%?H$m=!fOGXSTCrlBLPj4M20HP&Vi
zF6tL^B{T(=+e5q2H}%jA3ONJmFLmjjY5%s#_M6^7dU(~vRCMP$s=`gfQR&6%n0Rw$
zLK=D_JU#t*uXVjcL;12uk(PirDAY3F3`GQ}SI^u3P#ttSoRQkco!!;}a}!&p%3BVS
zH_sX!i??4;PR?h}E?J$;%q_|b+lw8IBZGXQrhM9H;ldr;4l5_WHA=(J1gRfF)8H9`
zo#*$#G9w!Nso`BBM@ficGwAaI12ls~&Oln$JehJQlA`gz9JA?Rwh7X`*(pgeGJ2#m
z3N4D0bEKIXP-1W2qDEdUbk}j%OMNot2-2Zeg}MlhqM%WzW+Td@;GZX~L3EoajI!dq
z6q<(i*4BW$HgFy%cRHoD^P;DOFBW9v)?5<$Jf@OQlGK;-Qmr7(!~#3ju)^hwN_SGe
zIU}cNy-OCx$Eb7^x!ZqtoyYPIfkr_!dJcWEv4M&0sb*aaouEj-MQjTmk5ux6A|*F+
z{JbM~KpJ~{FyK6bVD!Ci5Jy<&tyiNlSb>&F$N;j=&l>q!_}pO^Y|?P00nzRc8-5;-
z5L;dv{Rz=IqVRH!(BI6LCkBI4=sEPRb<i*pISj44A-Lnl-&!_IW1M9_Xt2z&&mEtL
z96wv+cnqq7cR3cNiy#y6?tN3Hyq*z$`U)Vd?dTzAp)>F){K@?7g94{L;g`oXuc4~K
zb1ZlQu^_gkDsM#GXN+?M>usoMXvr|nzLjI>Lc_fUVarW&dsY~F4!sPT1}}S{QK*m5
z_k42EZEwokiQe2`2mn*!{6uzMw#^wgzs$Z{SA-=$ICcx#DRPikgQ0rLBOVG^0T&O=
zAYC!0j{KpD`5kBA$;QHugqFQ1rmOeZkKKLipkWkp7}}1WL!aq2%_Gp{zGFWiE>ZF6
zD{Nxxyg)is+4$ShGw{9Xe!Ndr$^#Mefa{<)OfmOIPoAR5kDW7veFw)PVv5B4Y8~G{
zl`o6OF}(?b7OjBr^ZKv`H-gOXu&0Jmlv|l5Fwp1*KKm1qfM)aQ1_Moi*%j7uAr)Pc
zn~L;d8G_#6l9)8Cd_0WMkCoGyxTGigAmD<G6Kvmh$TZD&0Y8b!NsJqE23m%3MNPt!
z0XX^PN1Pv<y>TGYeCpcu*LWQzvp2^u;2D~hU!?R!UN%nNaoP7+dHHyy##6^G`%b@+
z;Ndhd&59a^>Q+~8dS@RrgL1{F;R%!*rf-zGU-|Ki^EkyF{5{iJ&jqP6D@q~lhwAoM
zXAZ^{ISS>V`W0hUs$+{g<_Ns_N+`b+vZgtWHqGbEs|Jt5v1zzyr63N|e$y&6dPhRs
zcqjr|0FOY>2y71_NO<zXyaiFh{A{k|EN`(A1<1`UHJ#r5Y4M#&E`TC}Q<O9gPs1Q3
zv2#iR{c!cgVz_G+CCN?8b<?Z0@g4s9)AEL<!bp5oEcZx1vqA)ZixKOddL=iaSNNy;
z>GRHakTkV__j@IxY7;eCMHsS+NS#h;fuJa<>5HqxU&j3DZ^c*dSrNfXx>{crE75c4
zDBP?OpZ*Lq4XJVMvj}AnHhEmg;MO}hSd=m4v7<;Ok3yFa{5l8w8bj!5^Rh&!p~fE7
z317r1Mts|UJSoWaA>~uZRwoM~(IecLqEC#`YqeQWk<R$k!I6i$U#}Wb?T{$y70N>@
zPbV{yMKV@;HUl`HaQ-e{doH9s1e6}Ex`ISa^)37@EY3!Q%SF$jua+;d`C{nmVWFQo
zB^e|i?z>9uK7jb05SVo=e}&8B9f$g`9ew(bO-b8Jl7`4t$ie@3Zl*@c(a449s7NWD
z9H+(#IceU4d@b4PJb=-7P-MSR$nz{MJc&e3!Un-Soe{-Opd@;}+hw!b#riVOACS#|
z=)G6+TF-udx-VP~*hNcp?JQ;SpCF)=(L=n^h+m`?@Cuh-4hGA!BG{E$C8an5vBBs!
z_^q)e$Gj>;nH`IUanSV92mW6^td4bF<$TJq+^azbu@dKj;PGdB1*4AH;2Zxub^`G+
zQD~Qi_6j*+_r<*d<n7x#>kT{*VgrsMqlN}bkYdyc1abydIXJ!w@!{c@GW%ZT^m`w&
zk}Bt?2Ua!wG@eeeJgW$mC#EYR!tha7kSf#+5^(~xylv}Bg#F#SCOfz(EHadqz|`<^
zg0{E+vO(n=l@d!x^8~?EV=(r?zaiKBE|r-}C~|op1^ej-9{v)70l{Pax)cm+FX`G(
zM>YHd`yL+*8X7&^P?OLf|Nd(d2>)PV^u1cG=19wqSvTKM4`-}9^6zcy`s6GKiB80$
z)e8^iLD+8tgQtPZX<{S^Pm3DYJw?@f1ya1>;O2EZspi}}+krjJyq@2B^K~lyWMyuz
z>9^aRPAMSlGiP0kcc^;3>fU!90VbDj+BkT3S4xay0&)bgAWvxz$)njMl9G**+beGb
z`xg=4;n8P*aW9asFkbz74gK#NeC{7uSSk$p0R$~z0{}pPpXD`Jn(&KR6dWbP3W&=;
zsiDC+0%qU0c~YBJi~Q8_39Ez1hJYj{z$194?-bOZ`oM%C*v?<(&H7V?cyD{MhGKY}
z2wlakf&SbF0~HP7zvH<2tMq_#kO9P^C2oN5PHQI0KhDV8C-z>3eawkQ(m{~bv!CRP
zIRq+--?N4SUe1nM(fpw30Eh)%u4G;aja%UdydMb44;)1+)BH|V=a0-c_<?|ohnq`D
zw{;;}*W?xeCf+Xc%2#Orf&9>c)&P7hSSpB@bGQMfk3oZV08*UuF5Z87-bC<Y0n>#J
zlKcuo0DvahZTf#wn|KU>FfST=n`;0707$WgJ{H;=-;D!B{3rT+@ESnZl%pHLKLGDI
zhdCm<3cM%uz&iftP%Ga-Tnktqc_DZnWDD40PR5`fn>tO*tf9}@lz;G|8OLgQ4uA%y
z7z6Pd3#ztuFOc}M4F3TT5+A*A1rggeB-WKgH03yqensNPq(?_lqH8rL>5$LI;B&E;
zfQcvJ{d0`bi=wm&Y@K$EK6(K9lD>KP)mS#YhI4^IJwKvDcy@p6CDh}fuJ&^vB>XfP
z`TP;+0u(>j_BntrT-e6OPs8tR7S!i>gR_6b@5@Z0({z#=eRwhU0^(1@XZ$^8Y+*WZ
z78L;4TERa!@kgyQpT$01t2sFrc$u5GMR3;UliP0Lv;Xx0NKvtt>Rs#=iUUDx@bwpl
zgKy(+zW5|Dy3`wSr2pz_M!yt8@RwaZ1Yx1~LvMTg@awOiiU-8MjwIiFHL!H+@4?~i
zjhLhHKHS#)9KM@~T7MpS|AUb8FZB4~x07b_?~{+6{*NqHd(~6#dg|KQb5H;6+|g&g
zlCo0wo`2!|&KTPIA0pg-!}AYJ+%|V<;@OGqNw_Pfz4T1_(EQ8ipPJm5f_j4dfrWo7
zUy#2d|7_~g)U#7N)BmW3=UMgB8oH3y^4i@QDf8i#^^5l|L6_2cQ6H`T7yag?Z(q-t
zcbj{cU$8c>c;)7US03HEc2!{G#Ez2vy4Ulbxc1$9SFXEVnfoakhIWG<P2Wg=%E)G1
zWeS-mnBTA>S--LVAC3(74d2K{vCG+yI4aH^&NI$CE{f~RrEn$OL~b7UF84Y2JrCyP
z^BQ;^yb<1R-WlFJ?^k{){~7<IV1?iZ!Jk4PbP*mC`HH$l_e9S`|Mlf@FZ6)Wd+9!J
z=CzJb&OCoV(SH;1#r{hVFoRRh|2g>a1JBO@nVJNWiai1VGJ%961s2Eza4jfM?L9U$
z<$B*OWm!0)QMrdLjm%l>&hk1p1SC{H)H0>VO%z14=8YLdghE$$aJ)5-i8mvGO5_LU
zJw5UTR9L<dbZ6dhCgdW!)aAYTN5i>uBv#ec(Ye=^zMYu>0)$CW8|ObkCBo!r<Ga-3
zNszaOe_2~IADNpxC}%MA;7pv0US}0TA*PyiJ$--3fB%;81%gRx0~OFfX1BvrBi*B2
zvenHBj>Xr`n&r(dW>_@3wp&SkvhjgyqRxr@&};+#R$%mRfFb%N)XmDe=kZsYx%HTI
zkBSKJcav$|IB2}65a&_f9UOORh<G&~s6@VV-X#wm)ArAQr*vN(${}LouaRiKyv4TO
z?;3^-zCNsIKhyZR$4kVJa{9azMAd`h`+oy6(N95Zsr+pf_Ihmnxt5p#XDL#^FDH!o
z{MiO_gnB;4xv{n;Udv1#lw;UUfe-@|6dR-tnwz;v5Wyp0I#^FehB%){=f**e(0l3F
zfHoyIg%e2y=&Iv~0D@@*5rQT2!G5h+PtPB`>mu;n*ym_4vKAK{FsAU>lCZ_tpiY$%
zGi_C}E^`Cp&$Umu(85O6P|Lt*As^34r@TDt_oaY0^dtZX_z@y4*{NnDm)_g7y-P0l
z$onN5E&<97joxMJ8ZqzR+$|llfhQCwK+%iqga*XL`Mm*&pD6C{@AeBSlAXj)tOVMu
z+F`s)0_@&%(zD33;@@YAkxRlQi`(a#e17|HXMaCkQ<;sE_=%OkU98$sPQ2kF?A{mB
zv&b{i)F2y*Ewly(V-s1h7sXqby@Y|6$7L=E8?tU*j%961CX;yGDsjqYcz`44hbXG)
zRT=ML6iOBcyaEZ{TrU%D;s~xYK8+&|5KMthg@=R*!7;-*(C#VyoWce+oIc>5-`jhG
zi&+8kmP88{`)(oc$%T~yrx>FK(Xf*M#a-5H;r;N3AmnN`D!l?8Y|7;+BN^+zGIi?b
z{(MacHw=|xGw@mQI}>j6YiZNrUVOZK{PF(}rWsUxVnz56`4U##O9Jd7b$L95<Z^w;
zRX&VS!V=f~$zDd<pGEr(&L79xnZoWI+R4fe*hD@B>qp*j5q6Qf%pGDktMiGZ4gn4b
z+no7ieilR}V1RxJtJ!-*$mo9QYQ~2lM)Wri=_;LJ&|Z_3hAhxe!N##S-ILfI|9@S-
zJ+UBAg7Jo+8j?YsRIgdR3`b3=@;KWu2P@~Q01jo~2>lca*2ft=2Y%Xj@C^}QPhTSH
zjJ*_aN-y_|HO?sYz0?~keR0XsjK&bVh|GwFoCE+5lEGjvf=~pCx+4_rfwTQJ1`po@
zq(^A)FyzCEpR<fJKc^RinGs3kiZAHrfLt*7kgvsrf<<V1!8mbNAHzyNoh45f4rz5H
zGfST{{cL5J)1Q~sWlgM4=#oKAg2jwp6dTM?`h`qtMaE)mXUOT?7FlFoP$5Dt*2Bd?
zj<V!5=b2<+f>!#mN30gWpl4{(pJ@nxO8mO<GYhFcb=vx4!#v82C&ZVvk$nClii)pR
z7$V0HO3;n*LwyQEY}@p+f5YNR_gwAj`-kto%%1FcCw!~H!})y}X^5s!=LePer=Zci
z@SCX*Z_VQV^!_&-J?_brfA(|Q{Nqzxe$q}G{l7CAO*C>aLgrT*aZZY1Bd{eu#@f|=
zk(I~=!okUGK2xuYmW~zLZmw576|e##wjWx#4*g83s3H7-z07>pM!}O(iaFWI5&kzC
zRrqse3=wd`WJX!%d46~&mOF4vVJ+kHxf^?bCMNA8X_q7!Z)2a|!9L#ZI;60V5!E3H
zdlJl@=&%3&|EGUW;GZ6T-upQr5q$7k-`r*INGwhcs8%mr2xsgGBoKrBo8VRMT6$FO
zmS>J+=kR|bN?_``SQ;vTh-kg$q_m%x`y|WWT)BGUsI*rKuJd7p1a7+)vw_&{mrW^b
z=V-&1|Nqy&cf0ev`7Rnw%yf{9IJk@deC<E)e0&^mcKD;p=fz~$-m7b;-|1Bhbx>#U
zf9#<sSP>~%CVRYQONNTf_|@%Fv1mBa{Zh41TJsu$GK4QUvVtCi1sZ+`ql%)LsB=y)
zwRVB0!dY;VAylv$u0e{yIUWq<D`}tXI#*OH6JBdWsFws+3#n>#d+0>7g;|RqXIJM#
zD`Q|Ioa$7iWc>Q$bwRGhoxI~=zNrE^jY$9zmrk;%$2cae*U$2t<SqBFPZ4$>J9r+8
zI=YDA;ePci8<PW85B>$?9KFB{oXAK$5nhu7b`et4$k332OG7ARGM*X%&`6XNy;NLP
zlIT-W7OOz{P34QlV#5FiYn0_`1(f72W#u#lk&>&pBwGNvI#7>nMXk4!Pbn5h*Xp-D
zPlz#w!LFB0*IG^x3BgvzKle<V#~KYnUUyAC8tT3<deCgjp*M(3WT;h&heb${UWxAP
z;#Mj!NqrhhM-99dnY1k}hgEFmWu@1BX7co}QCrwolB?DWXe7teu7MXV33KD3$BzMm
zfs$n|>T!{LY6Lp&{H^|7$KwV}*JWI^g2CF*25tA?Eqt%vJ34yv8wrI#*r`m2h7{Ph
zv$0V%LNGz5L8`*3o~y7_?S!H?G?jx(R!!T@5$AH6G!rT1nw+L#t^pFT$;Ca!l<}#S
z@FmNP!tnfIyaHiEvE^7cEQRnD!4@88(6>mc3{LAw1!<?&@`%Ymu6L-#poN~gkwKn4
zm&i|et(p`;O%Q@J3DN?FW!)HIp<brf_dh;8F@iU7frsjE{fwnRgq+{37I~9`Ovp5-
z4LH%`M=+{Z(^`Exc7OL#9OpZlROyL(i;q))DYhk&s0L^}KLj{TD958P_x&Mngv82|
z3Xh8vsntjn^gkjHUOt<=LB?0(SR>b)t8dM}_vE8LSueDkomWl8eNZc-xLF%?ZH6)c
z0dEoj21%-cC&S1%qY7h!xYtXTTOAj_?M?NT0wKrgOqdw>7%&@@97@cQfPP=)wno!q
zqS;>;g0m8+6pzG;;*l5!h@dNxNZ?M^>^0fq;@z}DNzL<gtO$q42iHgxmqL>vL?wV=
zK)^X3o>JA<@*jSwxLz0c;Ni|&;`}6Z^g?Qf7o!SKLaq8dvMB=yWG4ZF)V76pRT~Zu
z&hn_oJHh2A346|-n&bP-Y#MW?f*}IJfDUxMq0PWKP>gX0&oDFS)EjkHO~eFi>-r!C
zu#+Y0I`_+kLG^sfPV=O2+?aL~KhT=#toyK;4PHP{_Q>oRCQtgcdX05*SGHK;{JvQM
zk?3QQ_V)V|6)wHQEMH|_N<;^x{bKE*o$*HNSzwHg>!@1?cGJ1~_$6DQLj!_qyLx*r
zvjgxnCTv2Wm||GIZ@sJG5TVg=2V*wo8|OtkX$zL9VRuj0<Cg@34PDtTb=UUwX>>AE
zM(CK%Oc;?ggJOju@xJxV&CpV0`-#qb;#IQnrk7v<+LFnIO~P^dY&Lni>2z{R60EB#
zwb|rrR<P9K*v~MASo?4;+LDhM@qVY+6;$`J!(QIR-`dWS3`5HFYdycW16FGcr8x<1
zGBR=!#-B-(!LkL6Saor+xx4seeBi5#@f(7H8H&D`DfRF~G>1B2^?HvNH++mWbt@zt
zupO4PT)p5VBO!qXwQfBFJk8&trtT$uj-RqWIrw|TRpFer{<^g{p~~lBRx$P2&-x_z
z3)_PB3p_@4d-JvFe*HzAi={c=6_=kJ`Kq%lFj-*}?r(kkj{Gi(0UhM9)XHD{g>EqX
z!&zLv(fgM=#p80xzjV>I%y!>kag!PK%1DkbgV?-b*#oRE#7Qnf4d2p&xN6q+39Hd7
zltUQHlB!kFG^oIgsC8=x-9|t-mIxv@*P^dyQHP@zYu&jSjtuG<t=h^bgRE-xVf1tY
zt*&Y-LL1L<=c8<6*)`D3=zRXx(O-()?tZ`d)rZytf$dm7^|530!5^kWg-9grb>@#q
zYfn9U;`LBw!F@IKOR+}w7q<O$_3I)_dtI2JfA_n=cyUih8`)f-#k=(eQD&-z5q}@~
zKWad<r>AQk2QZ{m)e2Vh0;vTvW4>Sf#f6bl<%xJ-*r@APalc$BxaW3vaQ2);?;wcz
z!uNlTr8={w*N7@W1^X1#XLG*Wdw*pbj37OWGdH>BhN<o}Kk3;33)oI4XA>S*t|yW3
zD2oiMSNbsKK7^6tqv}aW4gsW)gaZfBgg6VtDSt?*6(&Bx%&FyBcl!WK=ub69uZ4Va
z7kSv}&&KhRX73?Em8JtD*sU+#A|gawnN0M{N|V_)r{puG8RL3$AS3hx7Pr?zj8m`u
zD{TAy@<ydRX`Tp_YQoX%+WeY`=%9lfj332fOcN;>HMPYV2Hec@Q}8o`TlG1{;2bb5
zfD9J?$`6JFmr{Kfd3a%mLxmoRgpPn{F}E;x1#=U-&D6?QxQWFFm17w#HHy8ISVEmf
zM~$sCM1Lrdf~sNEo3?TEJ<xY@k0Em5lSfrWhX%P}I(b`vPy_9&@&|3xN};NwI66o8
zs&JjU+neoB%3p&U*;F2GAW<-~^}##}W*dmcWI`HevY2Z&Ix}%L3Z6YRGu5jZU)++5
zJnVV}<5TycQL-o$kOlmBRi?G*4eCTz?;m7$(mQqR^KU#fP8QrUOzSs|EFWE$h9oPb
zrCB~I%@}mnW~lU{VI&_NP6NAfrqdpV2KZSpx53<UAbEQtm9Q%4C9JV6VF&Uw3^JXl
z*}*zEf~9kOsI{+^$G*Hs7`Wo@v>|+S7Bd%Ghf{m*2sd(rV{Jz1`Q1um(L?rw(Nr$a
z20eNqkPdQo^p>mX1V#oj5JH>={05vy=JhiPn@&Z3S5P97$zzgquLM!g%cpA**4tz{
zENmxJEQx6kdU%=3{5D%j+*dIQ98FP2_C@i`GJ`e-IKiI5GWP;)-0&dv>uY#<*rBk6
z{lye9mE3ajoW?}`WtURp{~MfnqYrE7r<tcl*~tNpbBb;@vbGfIg28$3wnF<+wh}V!
z?xb>)-=>jy{T6B~>>Zmtty|^zyFdLTQo`yj&E^;GO;9hqadKb1-%+O9FLy%Btf6r4
zi!Jz`Q@VEa_JSXk3=NuLz=iZF;K4wUeM4lRfGw?kh`TNJ?}}VoeLnlXi}O{kWlLD5
zjaoF4IR%N~G@HaFH#h;|zi0e#a!roW8B5J|$68F8<Tk<TkWjhE7~fw#_+}Gn>V%W9
zG{-eVloARN<4C~xFMf;L#T!<q>EWk`udR~HjoPB@xaZ79Y1pa#_1TXp$J9-4?W^;~
za!b02VXlP*k}sj-8k&|S3egGZPgF}Er1NfX7~-=-8qIXT<c+S)>zl+9F?Cpa^T*W<
za`_1v-T0s1+;{eu9<LIOyCm@Au*?-iRGk_k=s|CWRH00_KOAG+8LhgP8X8apoy9XY
zZ{A&0fQz&3$5_vKFpNtfv$mlRUb}@Q;jqgopW#>|`Q)Y^!oUJH%;XkX1&X<cr>(lL
z{r-=@V|@Y5-#UDuWY3~9i9iQ!a;bOl-Lq`t$_J5(g;zTEKe@0>GK+C*6UOp>>i_C`
zAdl)ijKY?SO8fZe7%SB>h3M>Rs}ko+Se%}=R4BBQu%Kv75(uaa{6q?>j=+fmz!I}h
z71@@#oeKfy<rf~)Mr^vT-ZkW~L9Qktq*Pd*j8`+Rl8M_qn~WprZG%=B*;|}GyzAKe
zd6BD<%a^dyzxn`qZ=KgpTT04nH#EW*SWAl5%tonI1rlPgU#|)yh1gag<iHEhu#Nm^
zC_#^AI9c4vY7&LE?Uhv8o%KW9rqz;XlL7s0-k(-qV;>ru*%8&{L%iGFAG>Y)mn`8h
zLFM+*Y7lf+s#}djafIY|%n9*n?nmy$@N4_i$$fDpc>Gny{=@FTBw0K%q_BaVwNL01
z|1vA}*9L_VdT3E5BBzp(&6UP8+mC<qS%Pu6Ig8adspi6<f7B;G*dTEb2d&pCyR@g1
zBAMnct7n?GaT+c*rrEY-b~7djBStlQ2_?!?yqe0@)IPiU8kg9`gmNp@)0IO9j^!a^
zb1eoVtT=jw3ft@U+H*@o%6Oo|9mdA7H+*Nd{B90Q`)WU&JkXIzWfB<Dp?U@-$&BX}
z(;ZJu&))g3`gD#lOYSnPH;mWE#9?C98RK<Ro{29|xU$I(kWFkgE5@g{(IY<ED1!b{
zxL{{{i1zIF!n?++i4oe<lW`l$iEtx7#l89>Q!c~4Zk03T1Q)Utzh=txD*Ha<U%a+s
zpXP=#SniVj7AZQ4J;dr#c#Q6@o-a(GMQ(NJFKbJ)b&aa745zkGqF@u40yjxS0DZOM
zhqJ3(;97aBwGYw~djv8Np`qkfW`5KhQbNSY6<n;4P!@6+4PY;0q81%UP;Su>+h6F3
zl&9snyrU&-YoOWs<f=?QYy7LPKZ<Ue-2$)vfOk3J!nrEbN$!AVT6OI4e$H7~%*2No
zBV&;F)Ki;7CEFe5A3XbHR%sdM-+yZJzI%{c=EqV2Ws4pMa-bg5r<1-^6Zyx(;)>lp
z6f#$bL0NZFwy~xq=N^1Mcrp?s9z-asSk`+MW21Cpqd%igo+N^*JmW3~S2iJ?8}Py-
zTa!|^asPO7C2I#pG&VOGt31?bY$H($K7n&mvPMrv$W-Hm{!%ht$4Cb%R<XGgpNrw*
zoy1Fh8hw)|<&Y{r;4W9DS0TNNnuZmy1xr@av3+5$dV}R`+@3)td#5AQ)J?y~v3j*U
z3<kJ*J1nG+YtgJoZ{bqQZ1?YQF<x8QX}zHa3#ovGrgef9utfYaVR`aRqSp682}{gm
zaS@<&(UppHhP`-rSb!Z0?6_|+&kz|jv4P`EkKfPEk(pcVs%yQVKUB&u9an<0qS+=J
z^>_&PyseI!SM;(Od$sv!%L$8AV}F0f;1mm98!QKZvmeFXl2L~1llKiTzik~?p^3hj
zt6_=c*M7#r0ncu}=l;PhIR%PDQ)^}YqhZ&0pZ-4^CsYRZU~jA<n7?~XMOR2m(5YVx
z?buZ6@{@u)b11Qb9g@72%4tKR!fIVsMm7h8-<fLaS7jsT@O`WK&Gc_oM*y@z94?(W
ze)RY$Z$!W_4Lhz3PnFvapHSG$?$P}G&$ly#++Uq@W@61^w?9N{XcS-p`4m(u|L#jq
z6Jc_7V-|-vR6Rh&mO$&NC!*y^*)3aTt!$NJ#NtdICgC2IZWyFdtqd2;2RR#zRtIT!
zHQ&=*e8AKg^<Fe1rW*x>(biCVZ2(ob*`A+*@OF>X#c0^ElwWbKHm`~#f#`9Rm2h{r
z2Orv-!o^9fl<SE@O=+*oFgGngeb&7T19bh`(UlOiPC@9~1B53yaf=lOU;;}&nLKLp
z-iU|5(;)T}#Ndh=XG<kEGzx}07{mPa+*>I2zZEJhmfb(|?^7&uS79Zv3y+}^dN6kw
z&y7vAK%aIYDd1Jfo3G_*<~d!~D%I>A=8>Bx#7uR8a$1mZD?d+QD+kx@%=J{7NIcVI
z^P9$&&EUlYIa;Vr>K*lLRhs5ktElc@nj@o%lyG5&N?NI#zOdXwR~d9PLo5$6Z85;-
ziEkO$b#}MenJk@q76S~H!>$>A;>$ajg?M?Bmihas@=`h*C1Ksa?6BGGrz?4nn#C8q
z?woH$lrsv_dr?qITN2rEadRb2+q-^!y-j?HMA^_j{;O;aQ-_|Cp?4LQ<9)QM)CnFi
zyPlo(mwAn>3a!5?fPRi~nkjPvKX=O`KYQvhmz-d2GVjXc*oZ|3{okfE{T%T}zEVqr
zOm`=NnlQH!*q|l@?`oJwr1E=Xj{mtUtLsb#0oyPn&q>e*lbA5i2gh{r5}Dl?LXG@5
ziK34EY1QYr*c@vY^xn}*HAA9xeniX_%brNUEJwtM=+%rSja+7wC%*vsjMfrSHAcH~
z2RfPvf-oTw>j9k(p8DDn(vMV_JhLCd+%8U0yNcn#x14dImHq4)$IaBGv3jpnC+Sap
zS$2j-{rt#}aW1>=m?6R4>}7^?X02xj!==g=FD|McKVp7LX{*aHJBigNe-%=?<W?e~
z$S6A3<>*lV;ku)#-0#Rf@>1u2=sr@#0D&x6gdLQ)FL;q$Gs%onTVDHubj7orcBlMG
z=VDMW4mu_>6+?;FMy4Lb0IN&>{?2z3Q{liDik4@m92^zX&upnruC9fG=Nzx0v7Wu-
zm9X)MGIgLcs<?33GW9UTSW`CZc^*AkYH5XGJ8XrJeKytEah{>&llxZ#jeh@oIPh<;
z476%Qg>)#vl;o^|2~YDC-A<^5`OtO823g(Bvmhu|N$KfFFlQqI%k;&Wi*bodjDoJM
zV}gIbP@Rj3PP+KJVD-q@75v5{c_oO9V^ZR|AN-zvdonvnN4YMJQAsB>>5Ph^;Aj+D
zlD>*gn&bNd7cf4;2~961awrIDH!3Kzj^l8rGbg!+V#Wri=T#a4!AOM!UP9$8EMTPj
zpn?<}l9*zc&Xc(^&1ie0PHceIoIC>pH9{q%D_-=H07I{ede9I@E137Uo)rl!jbw5A
zl7q3z#B~SrJ3u0PDxgrE1nGj_a1pk>^QzQifWao%ml0QD`A1g?##{_c2ij7a3>Kh-
zYR&!lgd?R;u)%3sX*SS+&9xOtvKoVaJ?9#R#z0#M`-)bWnbpeT@<7VKXLA9N8%*$w
zuBNv(*Vk50T;YJrOb0K=gZ~j*#T;j&OigGtIu#8Q?LrikMnSA@v=KRTVn0ZP$1CWJ
zu}%%LD&x0}e6f@c7ZH>0cn6JsHlke`GF4I&wozxt1qN2eh}+T_2{<~PgKZK`tB=&h
zFwfJ<6cVph8;7JxkQ7vd<**Yyi}U{w3(S>to}J&+*VAQflgYE&|HmZ|a4C%^Y)yoZ
zn~K9%1t6*khZQMh<tJ{M#}{Qh9w_>qLs<)p0yijur8qnn(@{6P(4@7Kon@#sNhOq6
zv7%Q|KYw9!t0_Ar@H90=l@LuQYpw7^I6|Y1$CEfk4A_}gWZ?cTlgf4_2bGUuJa-&-
z9Lz%aqiHqz8smzI6U@xUK66|023M&E7w1~71fLjhSB{M%4rmx;tpzA2hO02fhKH|D
zSpWiAo6lOvr#Bu!WL_ej45iSB*}ZV6e_D(WiYueaS5SShrC70ub@D^X?EwMg>)*SO
zjn>vkm9M4xU{k77bpRM<lP|g>NOu=^7D^qdUsqW5$=0)LQOsWBo;stPh??;3hZx(+
zP{j)u!r4iA)dxG-pKFXDAPp)pxs-F5ixMHTL<KlUmkR@~Ag}npiwrJRSj3#K1OpoG
zWd*oKrked8djnM>eTW_whJyJL(+QnqCuW1S8g&`=<Zd1@4=~R&pIQs;S)R{283PQA
zzZ&|nw|W<QU+CQx3^UMkw!b({Uw_<}7UhxeJ&Dk_y*L{6iEzYA+xk0y`M*5Fcb~V1
zJWBnnaF7QTF90KTm`U=kndTiXV#p63uyEsuk{b`3^=BdAlRKY?DDHUdjcN}K1%;IH
zBOwX-pg}(A)S~25o2qs{P$AO>jWOOJ#PWb#!LU$zsuU@BPVSPeRL%VC5n{8nsjqHO
zq<Hd{a|!(-(G=V=;yCtXtRo_MBDE=nE9bgLV)ppR8BIA+0A3$kj+DA#@HI!kj#8^l
zb<20J>=Z|y-?^cEX=_6gmdg)^f;YoU$%yN;Nw$IxOgn@QusO1xD-$b3#>igBQd^<L
zM-4;Qt}*2DX^!;L8o60*ep86B-k2<&9yonZ$i9#$fz`+N-{1dcX4sjHv?q$iPHINC
zUA~>q_-bwCrFWZmF5h*?gPLiK4%!Nli5qjGU>VI=YS*>rf`N{^T04$x=*&omk65RQ
zM{hDtxhEvHr#3Rw{>PsSMmkOaJ0Yv4&<CgLNe>#fC^|Hh+2UX5F0bYb5r!kC^?ai{
zC&ZJ|kl-l1bvUd=X`^S?m*a7dt<#-3bUf&Ho{re-cpwghC`H=XP@LI8*Z83*N@};x
z#R!BbD0lpfZm<Lb?klrSMz`Q_;LVRIe!Y=bW8dZ?1TNoiz)nk>K~rOX9gk(H+}wx_
z>EAd*jIgy@>gJ5?ed)%~9d_g=+1IRh%o;N+UVG`4+s0`PWhw75GiGm|9auw2y*F`T
zjGLZ&>3NrrD@(^9Q-4RENOSf_4waep0sdLBR7Qu#++8GsBq$a+&$yaR^|V)B0c(GG
zy)9V?>`ZGpHt^2xcoIHF<H=Ub{+H{Zb4)7Yew5hSK=ddM(%*SPFN4kk1ci$H6eKb*
zW}9q`ncJ>5K%fD-Ruv4|jw9llt2h}JFH||BC9AhFd0o2fnpUe_dS%ql{ePcjS&QRo
zzE6~}l!x8m8MX=$lP6r9>6bZzpfmitNG^~Y8N72;n;%uD4|K;>H?A6I@TidI-)R$D
zq5mwY5Hop#f;m@|S5+&^4_Q#Y41G9_1SHZZWs!n>FREK_rc6iENRxy$l&(YyGu&Mc
zw>%Ss<{+893vAot4L|h_3SoH+Yqw`v&Mr-g0*rW7ykp_f;e2syW1ips;LL%8|J`^F
z)ws%dI2h(uky%*7QWg=eyS#Jhp$juXcbxJfHjgL-OINB~Gg}&iWsp>VD-A2%^v1>J
z%~{3xETZ@plED004$CDxtEVRj^=F-H@c@Gv1h~;?wJjW-{^&kO#JLB%Ts}Hzntz*_
zLO&!w+xT5T#*DJ%m1ei^TbPyZBda(Q0WzTM#|U*qPJ~n)FXxc<qO_f}0A5FwT6Hau
zAJu4-gL`rJqjT>aes`<hGF;pezw3-2YF$xcb#+-ERRMYQY)s49c~T;CsuIOa5%6$)
zg_bT1tNmH<(|fJ37TgtK46&Y~2O;;rkfPhqLts1$r%fHGATmXy=dwH;`*9%z+Hcxl
z3&K`d1TAFlxP~WegRB+%ZZ#0lD>DoNXUaVtS(^sEN#yL#_%3{@X%Rlx;u)w{bODis
z7yaeh3(U|s(}fd{x;jQ_12!H~pz$N_YvM0mlpfYCkZde7^VbfSFVEjP@$7PhnFMy5
z37jB*9mx7OfM0bg92k&j9m(uhf5P_^Pj#VAqIWKWgq*%yc#ONaXfT6vqyOi_gNv(^
zxTVGSJ(MucGqc#6Ugo7@{`SYcUfteDpELMRxQ)Gc@M3^$_cH=WAbuQO0M{G1oALkz
z6vhq6C&vrf|D?dbAiU{0cnxLHyfWu0kfN!gWu}ze%Z#WOYqwmpm@PLnr!O)~Xgp^#
z<jI{^BvehwhmbWtoF0q7ZPdwBM|(P>Mh4Cao)j4Dub0E~S<64z?uuhTuY|=N6bl$z
z@R+A>R+`lQjoT3$FK?MX6)7LRzzu0qb?Kn<XQ7{oO}_LD%O$fM7ll3rhv~f29SZzG
zZlk1MMy&)dusf@M+xhnx*gG=vw~xDJ@~Q0I_0sfYBNfYGt@#KDoQgI9Cy=?x4@83w
zGUd=6-<G$D>}3~>{^Vr($(>`LBg!KG2X&L!=PdKfyF0(!8D=je=v68r;0VwKdIRq^
z0XGoz7!L)JcL8q@wm=rp*;If6Or8{aAJoFypJPZW8oLpYA-Gu(;_Fa*H*+%w#DU)B
z0U7vnhto<f@5NGU30Hk(>dw4{>GIbpYB@!Qi;kDk6Jte+Yyy0Z?x0Fly_6}PIB{Ks
zn_p$DAx#gAz#n|W?w`(N(z>-o@O%mD7CFHhUtg`9VaqFsXqUXujUy+RUC%Gs40B}3
zjuXvN+h><-cW46@K%^2V2GYgB$XOKWO(9KG?Up-dlE5{Cd05=`rgp8PJ+-tw_jqcv
z18;|^)*JP=!3vUy*k$KCcbrmaq3Ls{!CKF6va5D8-mr`;r6fdfaPT<@h+-vZy8#0P
zGDj5tZJ^1wrT`>~Vhff<pec$|xUfow6T=4zTyS+d(2WspEpg^6Tq5-8gC!j-X(C*}
zVwtLpxKz&p#TbT&5=v1C6iIf4WMGI@8%L|y2O3pbA~0zpzv7M^_f=D)rXp<!Pli(l
z!7Co_@8_^}k$Rb&)e%caqoemO`|TwfEzGi8diIi4jk{Sqz3=>T;f0&2_vc*=85go9
z=x+q9Pf?X&s&HAx0vs-4ELA-CaP6(5!%NCV>r0RJ4~1O{9B$@~wZmie4^wU71#*5P
zpC<NYLe^+fCKG8+kB?>t0>hndk!ok1chS)q;DH>1N;BJNbuIj--+$UNNQ4(LtlgR!
zQ1(9u&R~k<WwBXd@0is8f(cR~4*rzF4y@HY(Spts!2^_iIEb#s$9r)QT@{P~YE=bP
zJ4+<%qvyx4;h;b$Dc<t%-Hl=bB~a7BMi-iD<}F{Y7c|$P!Mjl71jOt(%iOjZGN{VQ
zfyt5ZPQxr6m_(M3oCzD+?3~rv4vnB(1Hl?`S2O;`q($V3TflvL2}0DwtF?^{*au}O
z!v*Fy6&J$#K}&;5qiNKKEbd5=_OH`a!ZQ7r%`&P<Q~>^1$&2$qMFjP_di~#E!i$aS
z-sX;Ve6Y5eSvYp`OhV35?)KBxZWbnenY=5tX9|zL-_n8->5K~>Ap;<u49u#^vVFHX
z%K%HMPDMN=E%<3?FnME8laWojT?T3RXmvP)eRiVrYGfgvnQuoR=k}=<(s^P<6eTVA
zg=u*Or5&`4U-dX%%KZVBV(ng4%mQK>biC>~KFnKeMulE)x2Np_=~7_zZ|yUK_V(%Z
z0k++jz5ngzYp-LC-Vi_V9)t^i3;M9e>v$6$c!L6T7(2;DvAhu;aa|JJa9Z*3V>G+f
zT3p=>NQA$HrsiK@ne2T^Qc%E@QvwnsxG4=6aB}}H6l;~?U2d>N77rEG<QT2tS=&w5
zVz6cnDusdYr(k~eS~HtH`nHGqfX)uyT+>|N-xtx&F1dBkff<JmB4M#cpcLgZL)Y<M
zaeNtnif5xTVzky$7nnOERqJA?DYtm!dYi&fsi$(YXT98qxjy?M=0<jxsg+*j#^x7#
zcNlhggta%%V44FOtFT%8^oIh;ILJ*xYbz_Sh0fP3qwMNKr9P{z_l~6buY-c+^}-J;
z3WZmM*pwGGs<`8vG8K{fR;b?0L4A%{M~}Fg=>s}t2=S`jo|(zB@UXPbM2sHc^Vr@K
zo(k@PP`))L{#YVt)Ei-pmcCvi%h||YR&ca-m|3L0WtiGaTg6(pUi<>JBv+P>-@B%;
ziggaMC>sRQ8`Vyy871}L>#LZ@e!Ewhs35{S9+j5254jNGc<A(6V_2(Kbq5>ZD3(sr
ze%Dab3hkjNm=%<pi8j<m;%HoL7UlxW9BFp<a4uB=WuY<0I$l}G6$=UHK1$6_J@Y%|
z*iC4du>oCTT63MpHAHJ^4H6Jx*9Ba&h?`l|KoAV3<VQ`JI%}NPd@Bay8J4pw0x?>3
zn+S>?c1J%+ZXR(Z?ZZ&Q*4_#?&gBPvy_r319@dc0W1SmhgT#-=5vP0yg)T<2!lbPq
zI=NQ1H(z!!;|gZB?L#m9wDGNTPIJK-_Rz{Y+Nx|7_-8sl&h^`OS!21FBHcG9e?mih
z4fA?Djmfu3`ZTL3&pmhgWiJyxySMklXGW;cten>TLV|%$m$$!|R@ijyb%BLII_%xR
z)5*=Zd}YJ5paB{j1x;2+!bJ-bl9Zx?Gg+QuvQ(I1qT`%OtkqL!;Q=kl@p=>2?ezxj
zOa_n>#RR{vv^7DKopP**Bn)dKyn~>aFAPE%N{x}H0T38voN~-4oMYQ9v`hTNhFZ5<
zHKz2qk+O^XoatuKeWy0%t9@nLP~3c}xX{84$Kxlx3<E<_m~e(*cBM3?qQzJfe>1}h
zajA~5!SPGMN3ZTQyR58;Sv6TRWP`u$fE3hVC<eEnNF@X%t#+&ClYGaPi%n!u;P(>k
zal!-mbc00_vyYoRbJqNR@pl*bLa3*s>V5K)UZfAp9&s5XlyFvht(u?CcniHdTZmr+
zk485hgf%RSK~wH)u^LA|!3-5WfqeF{K6u0y`Lys+oJpf(-|~o&acHm(Hd>|I4TG3^
z-<Thr33jm>A-;tBe14`$1PW+MG&h~mcmg4in!GL>nxO#(v4zphhm>lrb(rk)Dg;&M
ztV|6fM7|*mk-?f~SDV7BVv0*(g?LzXjbHLrcbA{s6_xs`Mj~IblJ)Gg`Rud}(q7(f
zFVM;qjzu4DHx`^@JIE#$gaih%Mi-g`p-Zyx7?q_)-_^!G2WBqDooKyKX*yzM*$<Oe
zbefd{7j<KLrxUdLRH#L2u|18Ysr)RbPA3A+KWcX~HXxDSs`nsa?69|RheuppWgjdE
zW8@mfhw+d}K}*F_w;MzHDrXq9G0QN+!aaAK|KgP)(T`-bNw9JJ-9O7q3&Cz}#d*rp
zo!&Q!TlYUO<RT#z$};3eu!nInl^<i4oWfpPQ^z(pz*omamI0gXA2~h<DXcoXnUCmD
z#m3|F1j;s<0#fio7Dhtxvn5yhFhmIVQeSWRG(FPeB0ZRagOqc4iL=MGbV;*%>MhG+
z+ZcN6%!M7?Vq-@c_H?V9@ynvf-0_R5kl1AIKty`CDvV#^XA|+p3}sN}l3h|HUbrd7
zD`X5uA}@lFW`x_S0bc*}CXSd+0%bmsV_dDdHJO6WB6p%6CSxBMf~vZukQ(tRq?dXN
zg~9VrqiYl?xP)X-=Yuf>er~-Q!<b4u&_Q>_r2?m!bf$2p9OAaux|m7rkuhvFpYn}B
zRWcOqtdzM)kn2E0WfJu34X;s~B_kz>y#73k_*klp($K$O9ew<Is_IsAMb+gzDuZR7
z<&^0~S`QSAnWKV?qufG@Tv=pvLxE4~7Ws`rji0xz#rso<6xoXiVKs<0{{ms6M`IWE
zzD3KK9*daT-oINQ1729gPcgTpL&<KP`%d*<=?kJLvMr1?nHEYvflFrU5H6(i<R#7|
zaIYjFoklu{Wi`lJep6@`F%@ySEtKgqWJ{Hu@U0juHz#yR2_LOhDzcqzs|TlwUwVn4
zStSycZ8u|B%y`pDuFOU9c~MGGo@h$6%@RcpydP#%pS_fAOH!o*fR4Vw%9l7)DP=Sw
z;&ir&>87J)lN4H%O9j$(>Jyl8ca{njN$N6HUH|-7(!LuFDiwLkZYr#CFPlbhqn9}Q
zhMwr@>xcRg*{&T3%a3!0Q|#lmy|gSEzxDm>VX-=CsxsAq>2z-7pARaHp%Br3dD%;Q
zCGs0M9Jq{JieyRSNOMk93@w*;ik8Cp#U16+`m!LsDY6#H`i%#7-dX?Ji{F^Ya_#N?
zk8psOMw=lD6226%W$@B>l$MTOp7%e-_et58WJOJr5r<2+Dl#A=`=KV>N1YDvM!#41
zqlY3q=FsEqjrFbEK9w&Xe{laI@{8q#G6gFGGdKOCU(^h%Gt;lJyQlN*x0G!l#b?c{
zR}Kk~Prq2I{!xv`&C&7F`09DjT_e(dH}j+@n1=7LbWNj;q2%P$H(5=;lNQ=_(yS;@
zhK0CfI2h4Iv!$j62t12alMnK++~PV24yO`6j1@7fUaVBo_Y638vg*dLZ&#kN+brjR
zg_WsB>Dl}jMmUF#AFd6!!VP>sbentth~Yc(@6aPC$EXOppbJYI(J1Qndm|G9Dna%W
z#2`%EjG|=da4;x?8$76To2a+m8$wv9Twp&z3}SqB&M`B$5epDI0E24i!n{!;=ptN0
z114ld+Cg8^Wb8bD)wir#qi|9Pgn}$#8vlG3ST~5hJwF|IE1ziWXvg-q;GR~hdUJv3
zr8PK^3tc`A6s2=$T8`EDt9+tfx9~}Gex=?kv)IcRBWz}ruCUU%?Idn(l2(HF+S}@5
zdc2mmzjZ2B&<+P?_;N3sFo&|z7eztaJ$yJAwOI7iM=$GHhjshblU~ui?+)FOymV;7
z*$`t&kl=m6O1i301MMA#L6xK+b@t^82t!)yOs-1n1q!RE3{}+|%wmY$oMm4pr>$Tl
zU^}<`;eX&b<-mNP8(0kV0y=ogTX5{0US&tmz35>Zr@8H$Z_Vvy=;w()`c+ygWC5)H
z$xMyk=GfA4+!gY8-`Lw<cf**0mG9q#4OrY8n~X6-A!CLoh>OKJq%q5V**tAx@kZb}
zjb`z9Scrt&`>l!^8}k53DOpoa4P+{mFJszL2JK=Bgoapqkzt@=nKG}78-giD?wd$$
zEO_ehv9L6aoXO?K9V17X*{f)C+GPi_lQGdgrDD09<nLf?a~Az=@u39TUi_be*~YI_
zC$Vyz3i;5883XZP%t|uARZP9UxQW$`sOGghl~b`uJnGZ;8V2Iai9}5=bWJT#P>_xM
z>#=3VrhBHiGH7$hAVwpS&&PajD|Gw%5-ZUm)0ahw{(X4;$<eIIVulIEnPMmXZP~QR
zKlL2a&1B~@Ek{{CWa{W>{L3%J?)gUOI{`;)0z(EAV(I`^goL@vRCG9@7H*q*du&fB
z4tk1!6=|dN^b>@e5oavvY2{*E(hbM?{4J>HZKSIkU!s#Pc6tllv3=Xwvz{dK5^$8>
z^~udqL<;ZQ5-+59oG2J1K-z40UW|?loK*}C+MT+%FA8uNGnK=pm57|kp&+Q8BT#3*
z!?jkXlYJ&V{X?7+Q@TY@S73BIl9Ixw={I_aB89mVyAN7Onmbf858Nds7BxbN+kUkh
z5#iW}6-~hMfd^aMtn?{y+bjM<r0Yl8emeyUBXHJ`jwh!!S2?2vV(QZ*%f-O-gk;tG
zvp7?=meWzGyD#R(OSxRUH(qVj^3h<x&+1JPUoXe+pNnPtBa{l1tnw@Z6lNR*y~;x6
zWVc?<;#DXYaV0Jd{t+siV2Vzub+J(P(rB5Br%!?~7X&hi2tt3K30_*C2z`DWS<N#~
z9J4(Mb3$n{AKF-&mI)fYgCmh^aB&nxj|q0q^_q3C>dRJ}c1>B<ylplag3(ovy++G$
zl@W(dyBsH@cW6!qGOpBjQfdPVKw_FfF6x?zCAFoad$w)aIC)8q=TGBoXjGr)p14Z;
zG(n7~{Tg!1igQ10fJ6|}OvyAgiU=<EozPWEC5#HekQr3iT%{PV5|}NShKORNsd?Rb
zFDHYRg0bGpXdJ3qz-tnenxvB;v8slTP~XnjJwcA^wYco5u(s44RJf2^ofU@+y4X;E
z0R|<Ejt<o;gRY*C=K+H<V4BpkAt45mFm6VGA*CIgHZKH_qp^)vCOgmayWRagHozMW
z6fgg}h)b@N3&8AQ4K`G3;z!MM7tzvq?+r!o-WXlsSy!8Wz@Yy&Rik1!P`v!oMVxKe
zhAY_u2tl6m&8|vw<IN&f%FfK)LH?(vbYxK#Dhj}b)bV{C{CR3m`Cj1{ZOX>+z|DiX
zjr@FRzC@v&{sA%ljh_oW>ex^AbR*)Jvzcm~ly7cWhp9>Do<S+pV|F(hlgVo$+vqos
z`E5A~mYk2Q-H!35+ggrn#`n0El*(q+X0yf$UWalXP==TN<XRSX52$Nfu<JGH>zTUE
z4=96m=T>x(U1u6vrjUqW`>UWqZx*&rtx(uXU%xWEpU~#7s57X3^Wipyb!?ljJp92Q
z4Wo1<>U>jE+H0SEBDa?yQ#X+8f3%j3b<VA`Ip5A3dgeQuVPp(2FhBt&Zdgg-c*xd8
z8ZSz@Zb(|>WmIu`N7&uwzT~oqBlIP-v^AABC-lff5c28!`_qGZrY|_3)_j<Gy=Off
z0ogjYiXVGeK2qx8=+(@G%nmU_(}f=PHj1wTr|bqTj9;u;%hPvcQV99<lIc{TQr_=O
zDa-iW5xQI(BBq@M82_aed;3~>gdPoG4++YwHpV#4J}}dhwk-tO(|F?!gCS$*T@0G)
z+hj(ewNPfY>Bow`8!BKK=Bz3(WG?21%%*_NZ$o@0b()e~tB!Q7LEC!gs*71EAdc!`
z^45nLS$3_>Wc<2El00FpNyfFcNN)r(vS3+h`XQZDCg;p!{?!gDB+sS#jNfb?v5twX
zk6%sc$(5o(uX@(aLuX#?!Wxb@&Mw117d{Er4u9ZxwVHf#oeZ7}XS|Bsmq4T=0s3*Y
z_a4mH=d)Vhdc56p@KK`p-~bMnunhx;zq3VvgDDxXKusqT9E61RZF_d!vk@tshhm6!
zrwtTnF=b09u-cx|I?fQLW1wMwTAx3#NH-1&`CPAxCfY{t@AkStf?iD7(kZRBC%IN~
zq|gi7my>RmOo0)h!j0cQi8FeIm{pPtFPm<mHFUXVWA<F}K(OT<y*&1Mh+4TA!rFXs
zlqg=xDqaA6IDymYKq<&g{qaDuF+Y@5D<<Tr37H=uJYO9;H@M&n1030lc_?Un<+A6s
zH|JT6n`L}$@*Wx4g=&4N+0PRLx6oaVWIKNlVu9LvR&*Jh;Jm9wQbRfH&Ye)wT6bNV
z3KbO~xqtSQ!A?$dhSRbG?}7|C9`TeQS)m%$GM|+DZ*jiVYIQ10VdoI1g^Ld#M)EGv
z!0o;CTf;X4M1SSX^CmS9d9Hk`cxOKlgWG4R81?+U;WbrieEHsx00HPc3G@~yftGsV
z=O#VH2pSq|a%ABoGwNS!J9e#}KdP$rMht!>avb=SV~|yy)=a<1!E*4Hg%IKkhXt)I
zp-MK5cq8m#T`!MP<~z(~oQ|`-L@9Et(vQX*nrW|xt!0~o>YVaxRXRP*sVMUK6oz(7
zHGB6c48B;exM@0{c+hp3a1jgmqdt$iYvp<=>xz-cD&%0S2lE=f(rfYA`O4T1IE!RT
zhQ8%Y(@0A!5|q;&6BY4BKCF*W2e0_<c3?f^2Uqb^*R!ZUtX!{VGfsL_Ln&xVL3=H|
zG;YO)^W1q4#l&!lFylpGZChgVdCJbwRy?y(tbV}cgJs=QF9iCL#jeO(&_m{HlQ6=B
zi%2qa%qYD7*;WDstPoV2*=DQj;CPXAo<=1v&J`zm^sP1Dm@7g*BtPqFVZ>uaS-W+r
z)#>;a=7|rAWz$jY`?}a|SyUhm#pGr4@Hx5Nc>UC>Qt|bVYP3pnFYYPMPHpHVvSqmV
zq2<h^fjliyYIQ{Hp_#z+=t4aiP;wR)c{cZmEy}bq89>7F4cgwIT&+rw(0?_v7Wz`@
z=wOc)Aol&0Y&Q=9c~=%grV=D$O$ge5#(UM;4-d{s-dPJFE2xEDGXH|nq!Uz@^Gon_
zgyPncnMy!-M-yw(!I6_IvqpX7diJtW7-Dg3anE{Z*#%J_Ql9aNPdGcGRKq+e!3)wY
zwtgQQ3@lXs^S{zWkZjFygl<}IFSqiry%ldVHxbfT=G_`OTE6ZrSkFdi_bn?Ux!LMD
ziSEq04|iIPyZmLg&GZK&?z1{*=wE5sS@yiZEPxB?a^*+Zj9#9^TbO^_A3dWEc<TN^
ztnYtY_aRxOO(9i~Ou#Pe0OEVwA(lYGMBCVVfF=TDyPpzJf%tK)18$SFTaEVs3s!+2
zY)sVGR9Tpe94|nhtRGiEPyoe_%q(Ltlw_CU3QA?v5`wM<Bey&gPNO1n6>E9bynb*~
zx4c45It2(6{V?$pS#*n^lN+&eEWr26A-ivWU`gnst!_NoxO1gq0h?q}OifALtXB-&
zug*ujL!1r|<<5ojRf!SDtHj#L!z@o?pwV%@M3xI~4J1;W1mi=#w{Tk~TJ2!%Xn&P^
z)KR|n-~ET@`*@T6r`I_7zw{(2%|>&$l+K3-%_O#w^c$!H8gmmcSMz58I@&P@T-Qo%
z{F*0ou?fRPb$e#fs;bo{0k~-sI$0mDj|uB_6~wrLg(-z`v4?-0uot<TB-dA1IG$Le
zhll_4z>8*cxW4rzd2S(k@cLeRm*lSOo!`8<a^H@Quu$8YY^xvvcR;Ker<{NV0v?+^
zAZjDgfCnHgm;{n{Nzp0v9#{mej>2>z@Vtel!MQlXMnkdILHe}_g^ImK%B+*yf|LMd
z;-3SaR0@TBmJ4iUN$q}!F-om$wPmQ(%jro^xp<cBRzXZII-X8%B9)TT8y;cE)j70}
zxrW|7itDXuye{!LP!y($ZK?WT3vNq<404Ho@J(lMCYwnr16$e5=!4L0KE{_7IfhCd
zynN`XUW+bd2d$;Ctd%;W8wL%Mfh>-u1UEtAs|PrP#e|6-dsdV;+}2WfBfiJ^sgMlO
zmN_S-oXR3jJ94^Mt?EoXrl$=>vfZz4m8oO>nGnr72DoV>&_hM))Pn4-d?~Rz8uCLN
zrK?};+llekou{S$Ab1O{J1w75UgzlSx7^NMhZS~*xw5}-!Vd~tKy!cjxc^}Ry_?}e
zHUJPntJ#GcfWb$B%VP*}3&_e6*p|=;jab-(Cb%<2QB4!4G=W=i9pMNhoynCuaXQ0j
zB~D{Vy}4nBCo!XwFBvRB0}?Gigb{{0&A^60FsoEF5@`l4U^$mdERF&OwRO4dV5c=E
zFceMUb#l~`xDtlptaG$jvYp&qz8v1?^!}mL5XbN4=1UyAXUugrm(XNHp>unISr;u}
zpfw2~tZ_p&G+8x-(8-$kq`aH@a2NKLJXB|;&{+mqjpn(#M=53t{P2-*1U;l2N*L#3
zAc#2A06tyysy$P`65gLy1!SN*><_yc#w~#Rt&Z$o6{gtfX~8e%Y-Jm=r;l^h{LpE&
z*tjFY00VFD_8<Pk<~g+$tnVK#4*jzVhqx0+BftUM7EMZxGezFs5IPpt!Opm}EW424
zyy1JkquZ#I$`!eG<75{-2_d?jG%MX9MR&P9Vk%GsN6;ogIG&|P4NHyQH7c_S!ti<8
zvBS>(u*2cX6222A7=&pkQnX~GSVDGs!u)xY<#VR3x}7=3+8^7~6G|+>+A}r7dWt7q
zSk;VdT7F>EsFuoAmn(=VUrZp}jNw)fR7Y*%ErFWz{PYrZR5{9}k1!*f1=}mz_ZN29
z*x9qF;-RAo#fu+#c{v%Jb(xlN5K9xbj&dxe1hQAt>8D5eNf#5zSYbe7)o|rtHkLF`
zmQn-2RxkOij55jQ=Tr!|Z1oV@LP?4XSDgMEm`a5crI(8$4|3`1C1H7$l5-DSyh_t$
z*~?1)AsdZc%Lb6|%0b4F1ufu2DYMfQNu0jC>kY6mp&y%2B?is<i!)K2kYX5#e-E9L
z3Cd*=%c7@#-N<ePt7)YM&)anyZE@^enec#XEhWmq?F84EioE>MENmNsJxVg?KyBTi
zp%-dSOnBJJ%Ji1(QR#O)mgc`ZvXbc~@20`)1q?g55%2=!1=4{5wge22x~T(La1L%N
z(vv!bBV@4x{$&huSSVaSxU^c}<RiUsxXWEftx5_9n{LS&FXhoX>uTYr2pvXLOPaMm
z#B0_0gbfoeH?eY+;fNS!rZ@1z65&K26>6vw7lVy><YKJL$8gBw`AtF&M@bXYEQ0id
zok+Gm8;w@#dIz0}L4_U`5Au4Y&$*Pb6fEUP&K6!e!$mW^!=t*|NDm@>_R@vH%Ox7>
z!G{A1xnCaD&fWj=-4~bE)NtT1j>W~OG+yH{^|aj`YjdnJL|fhXLFs`*2AxdP2Kr0G
z%3GvUu^cuC5b6A25|o%tn^<9pZz(DxJ%S^fu{pjJ>E~9*+X-7|j$USZ%xo%*SNf%+
z<`5eVaMYX-R1{D70#C!mh3e@gN^YN-xpK6dmkb!#!2aE=X>mnRB|QNOZZNQGO@fje
z6<o8=bLH1<KjQY`Vy!?LkXEHQ*r0JKGP-%o)sKmkMFR_1zXLs^EbBwNpjd^1z@{we
zDUREyVR}!k@VgX(<+ptl^Kccf3N2Z5EfW0kUZxzzSgNC+f3kxZU=R-B7*hh*Az+AE
zBweRVh&F&3^fvA}&ZU%gA1V@Y4-FV2f?q?xck>uBJ+=2bx<&#2pugk(bgcB6<NK_`
zgJU8J4Se8#8G26{91L;bl4Qm)z$dj?MUFD4+y*(ELWqE{8bFZ*l&Cd@q+)GfYT&R(
zMFP7Q<Su(Q$X@u+*m&pg=%!;2tTH@)=xnTr3m$MCQLqU{#7=-8_$e^x#b!=9tug8$
zf2y&#s|Jz_48#A=hiF&Mw-#X!`2mAyOASt{w9gNcobbP`VA`iyEsSSFnHitsctO@i
zBt?;W;jEqK6s93hIFC$|6r(Ol(V+xGMSW2Mg$QMv@K;F|R}_i1XKkA2ba_9Ga3YP=
z4)BkUv&9;Qk`SaaLT%VlB$IH^6E-eK%mSLS4ATy!P@2`x1t3vL)i&WTCn(v6(8B3B
zaDj`xeibU7tbsD2Imi+L({77O5R}9GGa`(sh6<*TVsk<xc`ijmqMc@+(>9UavXusK
zJ46asFd#?uWEgDDVZ*^#U1Y%5WHnQ$Z&amJ(h`XsbYK!qaqr_zO*}#MX+k@ASS_{u
zbOUeKYwpAC;u}<?5C8#xn?lQ6EOpXjp`|2Q+)LQy9f?f`WR*l50i%T;G8N1}7YtK3
zx$_B!q;2IoL7RyUvfIYpKnBfNoGMlr8=%Q`b_!DrD%Z_o(LFX61AdYc00QB;$|d}e
zC#8V&sI3Nw@bSUg?yLL1;X1(ox_@6vreQn3FP-uozl)${t{PR~#Go;H+`Zc|-B!@7
zCL%PW)i1oJ)h$J2wFo9`iiE(nqNtXT37(-5ZxypAxhy7=qFuF-nB5M6Ig6yu+kR;6
z>-Fkk!=NcMSHQuwY@yD!46S6Fv?Fa*ls?o7`}*2#{aD|;W)T8aMiuXE_Er2#Lr4W`
zFukZqi$CEB#vwI4TUC0}E)&HeLK*c`g=)Zq3S$TjLO9VjZGL5P=*;{LCsbP9fHOb*
zmU3jMN7?h&Y6}21006uHmHyJ*X9;)Rjkwhl!cPJKz~kjlTmk@qA67n5_b>Qw5;qe#
z0KfqR0RRBl0KorC10?O0;dzT@%DfsLpR#|!ZT43{I{c3R1;D}20)+`dw*47}*Nk3m
z34b7=0MVX6h&>8)5P_kmx_;pb;Fx-{WE;R>J_zr@cl;qh3n{oR#GtD?`p-Fob4CNc
zwh6L*3-GYF1Ey_j{0ukifUyq)iQkxiY!uM!H_=J_-vH0HOSga%A6^ONBOB%4K~F>l
zCMSLKqeMru+C#2R`bg(Bf7>)gUjvf2rYj9TWJ?<1jWc?sgY;C{Qyw9F4+C#M2f3b*
zAL1=tIW1N{A?b8LM0N<Bt-v~IBGPmeV~>G{r@KFzrs%aYr=q_?d!Xt&$s0R1z9Vb~
zrm%lnBHO*k-T>FI148VsoYjw^`?$&u^t}&!?K$%QK4bHMZw?4@m&+~+f741dLp=+x
z%<+8!Ra-px;m_~?%Cvw!STGK9_903gppX`HgLNsu%;=GZNkg$s0(|WruhGGM5J<YJ
z^sH7}2>3GG>Rt`oa^ticY{F`h{>}Jc0B4JA$1p)WjE~nVORT<DGY2$wPail{_=~z0
z@`;e_m?-}6Q*{b>U}dy=omS_twfn#AKZo*I$Wj2GdAX~ca(PZ7pKdp18C;|XJ^}85
zEs72wLnF_7bj<l{spnuoL*f|H5u-EDOcpK(vbq2ubrp@O{1<ejx?kekPAagg#~4z~
z4>2Ov7mO+A9!yB}w@}h!0n7MY#|o+9SVbrctI0LQ8f@K(wbXhi*5T{F80+`#;<gIg
z6e?9&tVXdyMe1O&Ffg&RO0T$<bDeq>hN{lIjg_D)l?<A^Qyr-ux=7{jq81iGCZejU
z(n9p5DXguEZ0EUX^7eIkHi}i{?!1ge!L_QeENant*z7%GYaOlea$6&ZMzKy}$#lIk
z^=CE0(Qq-ai0H)AiH4!bc&cMe^f$#yUSVaPSZlX?R4dQXrpi!56V+vC?ADyq#Zyk7
zrLYLNDxIUO{xGk>aC5F@kzbwHE0>(R<yx+Cc9I_pfngzb=es<mW(rwb-t^Q`G8LF7
zc0FeCG1)@vqpAw!P14v@Iirc~7kT>F@4)@_zn0-zOdmW#91#Tzn~+F^C|fASCW@0p
zFHO3yD|=Z;Mb&h}v}}i@=p@5(d`b|dw5+IFMmJ2$cHFF&%NL5Ja-~|UH=3<>r`wz9
z4~7)YxLD53d%Qk>ASi^wk!UQQ5R<8NCY#F_iluU;dT@AjEY<3bW~<%l_WFb2XnZo6
zo}SH~oWB4OCX{h>K~gL>hs)y&gd(womdfM`rAn<~v^u@PXfj)@HoL>=a(lc!e}MA4
z|K_lz;QMjfig$qhqM`cu2+7@JT7t?!NS%U;ty?HSl$2Hi5=ucxxnKk(qv8O3T4qR(
zvwDIcrU?ikSQm16J|l8k2XTThij&f+4*)_if|BV57=~dOhH+L30E7{gKl^+h0Fm)}
zgN#1~gXuhuQ@wpdo|AlePM0j}*Tdz5dVb9@#r36A$0)2&(0oiKr=&pU;|Y==jN&BC
z;sjwBCutT4qd1AutQ-Ic!3e4w-~?e5CutTZ2%|Vjvp7K*CutTZNYXiU3vgB#hIv?q
zc_1(0NV<KrHGhZWuWx@(+xX`>PT&L&i=>bOUA4Q&mOSY4;b`USQzY4wyEl0!AU^pw
L%gFcs{<Xd21$2+o

diff --git a/pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-cyrillic-wght-normal.woff2
deleted file mode 100644
index 35aa2029a48a241e90c1e0a8d34950f67462f125..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20824
zcmV(}K+wN;Pew8T0RR9108v-~6aWAK0IXC108r%s0RR9100000000000000000000
z0000Qf-)PhejI`>KS)+VQiFd6U_Vn-K~#Y%Co%wn7%y}Y2nyU>$pZ_5AOJ9dpa=mr
z0we>3C<Gt{hyVwQ9SjE>{htSvZM#+w)J_O-^`*5fYXLj<g4=nbb{qyqB7}_t1du*#
z_W%DqxgkTOh3HnTeh3-uq?P5Kp}X4?6)LQ9FpSH%nI2{IycQI+3tg!2if)HX@Lq{k
zxgAT?iEN=!zSdLa^p}g)k~20;z91q@lRWTIHKsPN*yGHL{`h+&PdhiHsKHOXa%;?c
zlZ87ERuD06Wi%?OWsQ2B>~~_}VgF)X2l^l05vGd(cY27F_2ePjkAKh1?xXvOP!gAr
zErLhXY*bxUIlijN43Bg6FR4Wuvo>iXO`4?UR4FzX6Jt9Q0lvGO%68{-Mkxn0Xa5s4
z2~t`hg$9Wr2?-uTL^mdcK!U}PfF}?VtUxJvd!>e!3ROL;zm`%x<HWuHeg#6d${}GB
zU=O(Oukv-ZE^B3pzQ66=YjR02tqC-?OcMVs0Z?HPnQVaO@LV_8W+r8vBrrv0a^mv4
z7f_psyyoRO`bExECQeHK-e&qfEs}@~$YrQ#oi@{_l-Es_%9ARSDpe{2KoE3ipLC}a
ztzdC@Hno31tf~6M&wX-VO*vCvJJaf-MvMRn<`1y&2BhOSj^lV7zf4||m*i#gd@`9#
zPF58G1i-QU%2)@FY$6AUD@p|Blu+IiLbrZmeQ>C-*|befP@Y`Jbx8W-%G5Gl0&MVJ
zcFA|WvJ2Ufhg{D4yGSNT6h*)SAQpz;03i7TcRv6~{c_(eaNre=?*I}!i-1nf_yNe%
zFDbXYcX&^E6DjgOQkE!=O&-arwaO0cK7)HD599+nahuaUHNyu?>T!CyXP2KzI0{cf
zo4Yse?|+%If71F-y4!u1pMX%<W(_-A=O(TFTUuL=mh^SEOS>X*7#HCvtqTJVWq1hb
zu+0Jg|1GEeZ!WbcR#TkCNoLi~`9OM+tt%UejI%jD(6gV6?mMyk8mvt=cY@>1w5B0h
zO*Tu@H{WJ@lIdZf7}AV$SaF0S((ZA7?)<Oi`22MiuY-R{nkT7*60*T{gM=dDeg61v
zwg$3OD|jVFWA-ZJ>%ajuG=b`r`PKZjW6dnMPOf;jNq(kOv#AW&M#N=oh+eH10$4Ws
z6fS#<A13f$2%^zIk_?cP21v^U$bbmSG!>NX3{dtchO%EHlq<DBxj{RWTXaIX&3Y&+
z2BEycIDc>P41W+9Fc~l%1PHJ<cm@hE9Sm3wSPKFJ%MFkbi4C)FApf&Pz-m_fPkyhw
zSG(G(F${xfnuJM&Lxd5I3QXc;UKe!1KnJm5Yy=<0$MA7tlAI=Is2OUOT0<x3BxAA`
zXLAm3@~+?tp5RM)xu6u4l2T3pJNm#tEV*mQn6o7S1(?Z!2`FkB@IP`)TMWqA?P&(&
zs`R=5;eY4N9v9?1CpfU~D^8n&01N@yD?q2$6-IlrAo(J3<%S*;2F=*bEDj%H?&<3}
zfNSq%iU6FV^%vs*H!Hj72xiTl^)HjozG}(-@>K+?|J&n3*3?_Vc$g1z=Mhh5RP>N~
zX|HRQQjZ$Goo(AozmDkVZ8y+dRl6_}>|onP-9NF0-fDRrg;u^36x%(6nJa5-j6cO}
zz3{0I9nRy`znG~l?yi=3fio<Nr)r{YBtc%98LBk^-C;*=Y%KfQw--zS8e!y`DxxGd
zmTFTPN7P%>%>4!J(9H7ELLT!kYO)BtoLU>);dh(eLVHTuSL)X~V>lT*-zv^nCraJP
zUsz0(=KfXHLx*vmqxv?kzPvWB?s1bJCCo$Jf`m;z3nKQJ037n(52&^1hV&B>eco%}
zEGBn;$UJ-N&a+4zrN`4M_e_PCrcnx}jJl+MqosC^;fwtl4Yj~LYP0NEB}*nF>K|HO
z-Z(PP$wAcP3Uh3q$%1^?yE|0ot4%&$ZwL9Tz&y@wz$v4=Ws)RH*iEbVzf$9?f2NvU
z=&vd1Qb!MSoXl{TYJUQhrWdTjiZi9m7CEZ4HJ!2d1ldWPm=R0gdf-%}4BxcTnzMC_
zqeiKckaVnP>LH@i&nNYqU|4(E^Xc^sl3A&3Wj&D>m)FAxwl*5)=1yg3%N4k}swUUW
zNMmh1H()IM9cU%Ce^IlMMt@Qs=Rj!Ei0J9#j=B+gj|SjGdch}-mHj%N&?e@~dKV#g
zeog9!V%gDTOQE9O+@)XUR0WM#c_Wc@8-TQ2w$)!_Kw7WIif<nXtyOv*m(q5)&HlEk
zI4@$%zJ|vs{cVpkI9D*ayI&uHBxg#B*rV3lGSy_(1@=0JYVC?=>HSA`W(Js`{HnD3
z1O)9jet3`oU<pk?k|8K1C!(N)QPIF_nV=XD!JDQMXFCIuJ&GmU&mq-?YGk`uog9~G
z#Bik+OgCu9a*IxEw^@&4#UQ?bUikO^z5c!aqhuS|MGlcO<l@m>!v2E&FZ-Ct`(R@q
zLi53G!9ND%1h2&64+oe79083w-XAbdkI)@-cOO4TFVkh;e|(RydC+&*4_{wlUT9tD
z^w5Q&t3w|pk-r%OErGRxt${rNfmhk2T?qw#4geIXki-OnAViQT2qZKSFi^rUh{CTD
zS97`FvvMe<Y8x8`j+C^etSc4$&ySfThc{1yXdAsGJC#Xs2AeGBQPfS~4n$ggHhAPl
zLpMj!Tq2qdhoLKgp>SneYphLPZv?OaB8HXKz+6DPSv?i8wFVIa!lig~^Vw9uEU+jP
zT|q<!m<-yDS`6QhC~*<a0rTqXQZ<c4Mw8+6E?|}h#sG32vdZ6FVp}|e>KAT5Q9WsN
z<Vqu=vI#H~!SHwr%ol=NGYu^2SrWTf1)p_kf||{M0qi7|gDa{Izh|St<W!21??qv-
zu(3oGhi{yM_?<@i3;*7i$;tOwyFRnFqt4t<I${k;P7;y<th2~gR4qKsD3xf5MiicC
zrR0fjzDh1GeHJ~uBOWOQPnsE*j)0GfPN~D*2Kn`?U8srYVk#vwFN@3Q7B7*sa`0#t
zm$K+h{lKB5V5z%_8ht0|>p@tmBiU4jd=#Omuk5>R2a$;a4)Szi*c8*=OF#?LgLa~$
z4iP(El#@`voKV8!XZWUv7P;>)MBxWT@J)&bUnnYkQn%?JK(O@=ctd63)w(qv=<nPa
zU)9r=B6M+O9ug-3PXG>s6b0%C#3<vDMWKp??WHR+xM=9)@Tno;kUs_%$~%~d11ri|
zv{HTq0uc_Aez@_*mR67g&x4n{x*0MIbe#<~I^kqfFWd>lGU<Ru$1{K?annN=DhW^r
zIbFcj82TH>jY0;~sAq*n<r#bi)shWV(7xyb0s>GUVGrD)rZ*sh&FSg)I;y}kehU!{
zZ<)Z3{Xopw+72KDMvP>3!Rwq5JUa(Pz<1?;{pix@A;m8n|Fu&X3=fN)vTk~k?l39N
z<z3$Y=+Hz)ye`U$Ik_mGH^%E~E74ALlW6Gc{R3TWJOg4%O_`;zlqr>?b@XYyOZO;n
z3q7r8@QhxOul1jw!IUY^n6jmLOTk*S7agUl3Lalut*tdSTrE#;eXp<I4={`4vw-Ig
z*m}bBX^ZDLbb(WsIDM(Jm$`8Hv#IBL?Z9))%TWS&q`DrK&Z010`o<F?5ULVhrot8%
z<e>=|l=!a8!Dn6zjKID355*$sP?i9LM&=4S=VmbzP>k1$d0Mq10IrvQnS@D+I&$hV
zsys!EHVfoe<wyYrlw)1rRpm<Kbcwj$YcLfw^eyB5lGh<2U~qZ97N`w=gEk7QSE~g;
zPo_Tz1oDL}1x~xo;~H@xu^o9p>p1+=a=tR$Xei>`z@P4upzjI#asa&xh~M)juv`EH
zf`9?Dp@7xkM{lk7q5$}gds$TM^H>SK3A2oB8g)PcM8Y4yCL4+l&BzEqZJW>U!}~{2
zf1z*Gue5k9-Z$<~2q*l9c>vl=1TY%=qu9@Gtne?4TsR%5i5Tp!NBrD$MgGoGeFh+M
z%DX2DL#`_r0Yq2N8*He6b)DQfUDEA+dq2P8n;wiCLvT?~>fA2v+xk_M-OZAKM;!3T
zVP`*W`2gzg001cfmqYpi07&N8hG>SAf|3eCLM>fJLysmQNoPq(b9sDOO)YH`I=Uu_
z2+h*aGALwJ#H>WQ3Kmv&O`5s1aBJn&&ZAqu4N8?6AnDSn$9lbdI`na{Y1D>fAH9tr
zD8O_u2oHg^8k>k0v+eKK^hVMjh#BF(^=2SuMgYCWCuc<<fOhuB><Gde{V^wk@kW2l
z4K&{9k9mQ?8;vnP4^^3fSEX3`9xsBa$H9yPKzst?DS!l5ayrw$3veBjd}Y)R;tOf3
zt4g>>>jk|KniSVa6MQuRJK(3_J>SFl1s3qB;NYSOEyB$k$tnJoOA-IL^Z@+miy)z>
zXXvElu_T8!C0A{D**X~|g(yoV$%?DWC?};NGd;^QWz{Filwo8H9_3L|K|Rz#E0vr{
z+GyJ%B@|^PJ2KleeKVuWLXo0O!|?SZC4#0=2Q63PPARmP)k&I^<qjOfuq<=g&uLbU
zWFu~~kxZ>-s^SyN!a;+7WCV1i?F1#3iI;T!i6@SY@!_U;V31Z@{=?y+5C|f{zZ5C@
z$S_nLgkX!eG{@1yDd4gzH4I%hg>?sMgn-x{*pMx^EaMQjN`!s5Y|sFqBgWN^%e{e6
z5SBvmEEk6q<3ey3xwntk{l!&c{y`X$6$z;s5i}`|w2N@4(D<RQW$H1mA}WWC^QWv5
z4F5P|YEQ`82eqciwf!W&xz|iGP0I@MYoR+CMd3AJ+hCNIk!9hzzvPxUO^$#J9*H98
zwN;%d`hm|3Mc#}2ZJoh+px2Ps&$@>-+BZj?yKkyvF1vfd6_9n&?LaZ`a<VGECv6wP
ztUxzY!4g-@Oo%N^h+8*_5o0nZ5(9V6@OQsy7K^$2M>2{AM*$uG7XsTD$i}FSer%$s
zm@JlcoWhuciVgyVKi>?5K%0@lr<5xwFt8wE*MD6b-ldIvWeCJzrz0s?>9K=)`#K@-
z$4Y|QdIJ=KB%GiP-{)juS3q}<>~@NRoLjoEUZ?EGD|Va(^cN6oxpF85g81^Z8z`q`
z<UTDy`Iv$wO?Fj}#OKb#m-I|&JBg)dBkC<XR2mKom?hjp5d4@}V8q=yY0yf6I}d|!
zvor%DH8pC0NYW7+OwNSsPpalxp*Ie@dH~1xE2QS)>A7G3QZ;h*u;io>a%ELe<}7Cj
zA+{usc&0dP<&<nkJmxm2x*%=J%pB*%D`IA%M2@%Zg);Zvvz^BXMDiO#xorW#UP*x9
zpWwgz{fc{j(Ql1H9z~cC-xO`PBP4>*6`Fs?KyVPp3YGva96V92A!?EEV61ilB|s0u
zkHf=&7qBh)t`_bl1XH}X%*~D}@nJgEMB@NZ8c03}iI{@bd-AUsr*d2Y6`G18A(LPU
zv3%Yj0-8M<d$C;gN^zz1l=#rXWhZoCfc<pX9m{-ugH3Q=_x!0%fIf7=Zyr{gtu&o+
z90kE4IZ<(L3ZCWZ=<e!fylvtS#++86xt%+F_&y`-+>cZIyv6s;C8w;3Bs52W15)*Y
zf8lmp25;z`^mSzofI4isQuYRBv!=Us=&OOCrP<nlAGX?WyQUMoQT>l`F+h<x0AA%2
zxS1HtVG3!meAXq)8!PcKO4wpqXa{x+44I4TTUu*|hS%rQ+>wt)l4bxwW%>vMtmSmL
z-)z~FffjJloYaFJe9Xxy3g2y<nx0i+xHkN|bU!h&V|o-21ANZly?z`L6GfhN1C6tW
zzJP`5=Ml(&hJ=dSEyNgmAoB%R>NDI)&~~8j5;C}=XE8M{pHhOh@wfXQdmjGB5Yzz&
zLs}IaNrtL|<}<FGnBPeVq=HXx3rrxYNWc->OQ%62esqbJj?}34G`SZD4~i%0*r;~9
z#{DgfC_`}(-653*mp<7cCPL|!&&uABivk7!U#xz#`V;d3DB?eMaotTWq1g!FEC+H_
zbDB4Bx5wn8K4O5}jwZ(x47I<5|8D88qvC=6UIUGzRVQC#j6leblW)2i1D0^{?F3rZ
z&{G7-PI%+PfRR(Q-%i#4gxD|hF8f&&T$uq2`^8BR|7gw0GA+?E__1HjpYTt*W$}i=
zO_DCnv61G)8(Z2F(P{F!vLTDfe$#JsnxjIipibTspCXd+fT|JTXw9)h)g<V9$*o<K
zI6{0sVFUmiXU?=)eA|51Z2D?CyuDe96+f$fKN$T!Ckt7tI<eT7Sca>|p1b(s%Xy!$
z<-$SJj=U=9W?l~68on35S5~Jn3VD)(5=mINI;gZ<Yx6l=U!{Cyu_(1Vi^B3%>f7a3
zwOnCUmA?(Wk=2{c>iw<7)M10go2{05sbjSQ&CKf^-YT-d+^ObII%~<#pTo?nP8#l5
znbE{MFSSu8;se-m^frUJi52a66*Tv!1uu;~iS5TvVAvBl>qFK{bblS-H$^@~unU9H
z{d()?u3be3ZF+~Fm#+~#xz`Kw$XXdK34AnW+)ld?%xr_2AD5c17{j1<G3e;41)GrL
z2>A;VGgl`NV>dYj9g+5l67_y}F?G1W(w41sY%;4B6{d|8SbHld#XdEEvUYC#$cCcB
zjB|G4m?VM){4(~v+t*N4)iL+mvAO{@y=Ao&6&B(L()t$U1?QBl))K#S>a?@r&adi;
z%9@%2gsI{cMN~yv*Hn~f(n-p{O4K~0CFPz|pdAgbJ!~g&xFsoBiY$%<(S%n;I-@EL
ziZr71^YV3&^tc|IHn5jb%q1)-#Aa#yvFv*~A|8v%AD3W1iA%$dMbL-mzRU~#EKhM5
zjh-V)e-dLKm&}G9Lxb+f|I!J!((D~bJlWy4BmTD1RkIQF^K*YFDFnPcc#N!H`9{y!
z*1|V3HOVv)g{d8gX`?2mRyRkSNX<fc><lSARh#Wm=8FXsWpu~z%`Up8dc0&UEnksL
z((!571#kUtXb72IlO|wwu&heRXw$Oe%eNL187ca8zeq#W(<`<2m*Qz+{4!3PQ&Z7q
zieI{4yE3f~k^Z7z2l2tmIxfql)3RD?1W2Ybk+#mn3_FGUl6@h3vRR&y$1yM|R$gFD
zRdX3d7PZd#*%3A0_kCGBG|<?S7)gb_gsj0C$7|wYu4epV$nnLeIlCMxs1%4eT1s*u
zKPja|1RY-?(^+hWAl!okuEce6!F6l_Ym6X8tR~z7;goB7wg%+?VUD!d&0>E4N%lj>
zhx(pF(WsIFzogLo#-R`gpW)WB<11L=0#f!xZ#@Z@r^}|=kQ$52aM;o+sj<4CVF`N@
z>*Dt>=?V#RDCCHp$8hVkxvdT!B6lc5LrB<@-+Pbk2lq!Arr1ddjW!-uQ=y4Y5lgda
zq&s+H<S(bQsi*Zs2Hk+aVxn`WZ#Z8R<H&pogHBqv4?gf&<Y3kRo!3222`|`Dt^3Lg
z#jij3W%yAJ{r#o)|Ehob#ibXJu7{t#&;H>-<KdUjJZRj$I+yN%XaBqA4Y#dS>E5Wj
zZ?Y4PV=?26YY$?sKVXevu@fW<<7Us6{NUy-dJ?~O`7Cz3&kimFYDw8tNVGR(gMm4Y
z*Kg8IcN%I&aZ%V^_-shyRd-p+0`|JyloBf#<;YmSzPJ$ja_H!DZpyU%Nr_PnI(oOi
zmwM@y_S!Ayv%ZDbgnTI^b^Ib8K~i}y|M?p;TxR2YKbz$3H$D)_@m)*H@~;Z?{rN6u
z`2#LxkuNWG;pGkEhH)j0?XxhsGdG^k-}eO|%8VRtodkOl2!e~p(&tQZyqPfPe{!=Z
zB3or4(WSZdGO?#TW0R0+mr0YD$s&FW`5WiTjF#^E5CaL4f`*JdQ@z~-A+xkK1KQ|-
zs=U;oMf?Pc*@ce@pHC_d2M5)#(TmtZg(tBwaY{Z4fnhcG+xwi_i{w8`Bl!j31dW@0
z@$+un0eTyvzBm0RtI#@~yO-*W-s`($yX2g`qjN>#;Z+P{iTw{=`uHsrd{k4`-i}TG
zR2e=O2|iL!ychc8z5MB5>u6O~zK=NrQw8Tu(tI4_7+0%CD`XUxPUoSjVm_A3smo29
zs&S=a)FP$2^!m0mC4E6P*o9<M>c=Fmg(Q{`?ScZnuT`WYUHh2Cu_TG5Bs<T@^Sb#3
zq>llw)Rq}hby19x4k544I>_-S=-trP<!0EU=4DGl`u%%9woUoaod81Z_@3lg3Ee$#
zX#{DemqEC)TR?}`j?#F!tlGR3eB6N!YMkhIqm35yVKTo~IVlXIC<j`HN8P>PPRgAZ
zb0@uQ2GqPXx$!Tl7X5hcC|&G;`QnYc{r_sJ&-s#Zryj<o7v@$IqW^G=Jx8w~=`@S4
z6?`P^ln*;Hw1?$;cG4Hhr{Yhb?DWBqODOgdKGcM&(#;)ev%pS1JofnvPvCsePJ#H~
zkN2t-C>JY9{6`5Uz<yaO%SD^p8~D!D3$vfi(DU`ud{j~Ogjqgi8}nviZA@(<6?$!h
zaX!;K(AL@5U>87LWW{iiYL{Q*c|@Iv>)!i(K)q^u$WU$@F)J7O??PvFWy>hWHZ^y$
zc5e8{`a;iG<D4Bi1~F6KY0A#jmMN0=z5I91&4sDj-|nqTiCk#zs<DU|W@ozkn>-V|
zT=P2jb(^g~r|)hb<X^#4m{mO?rMCu|zO@Rq%~93g)a}VP<5FdkETzd0mu-(`AXQ|M
zoX{Yz)1=iFF<=#mgP+?~qI1yut$KO%-mC*(Q>f1zJeD({kt8{|c<jr~nnaq|&d+sg
zwG6kNFG*qQvZz++tP&Wzl?htP-O$Fo9D1SKi>ozRTs|#RER=?F)kq${M6SO;ev$op
zM&=6p#iX-&i!}P-sI$;aV^2jddVhj7A;(b6aU69@xh+4c#diUlmT1w3tJ|lKVHU8y
z*jVb^GPxq6RkA)rgD%<2rnJxY;UX_PdCqxotdrE;U$>e`d%)+;JO93#cr7=pY#Vd=
zz<3C=aOgzK&;{DQWph}=!6o_e729%{=(26L$d?W_gqdxFw&ZC!>9R0G#y|C(eAl;H
zn0uY5ejj@he1lOP_usuPclNW6hlLW|AZ27_uCPtmO9=WBrpsBO(cco&wb8g2QCmtQ
z?21@MiBTbPfTY<<XwyO?9XParz6IG^J}0ZMD4s_LwW~0<wwl^aS^fevqw$+k9elH^
zG<Nm#uFpM(m_z&H%i@ZwZ;q#F+kc-vS%_&b)P{kOfh)F+G-d(29nA6u1$s=$*DP0-
zZ1U8(3H<h)AzZ)?2}@R{FDS?<&oufFhol%>F5YF_RVEbwhu&knH)vjoz8qR4KGZpU
zu5`||vfbG);v&(PuwL96%yInq*I&-*UUGuRd?-iq85$n7RjZ@8wLC_?p85z=my0sY
zM+1gir=_&!Xdc*y82nCWpLmzLEx{&rN?m-)_C%XRnqXTjT1tt!q@&xZM=8OqlQhGT
zX}7p@OCFV0W3g7&^W3zqK%vspk;s2SxM&>~E&xpEJmwvhJ2YH4mp<3VZza?#Z-|1n
z9(XQ-G_5o68HbLoBoRUJShCSGCzighp1pCZf7-`BU1rfMGAR-RiFbf}SS-)yaOF(#
z;o%iG!-7^?#=%wh(MR5eok!90*ulA@eS8xKB4^&Q48xj<rhO}6^f{e48fULu9@n~t
zZs|xl)v@NCzQ%YDXQeXy=tc$0ssxNS9Xq~!pOMI*l_m7lX7Hxp=(w+1n<&&W$)*0|
z8zILL^l|+01ay?SO#~V4-q^}4oo~8q#=}h%GyZ{z&l_7AyC=gD*t%?r6+~Yi7vz`v
z@i;{;)iQ+%vZ(hvK0nOkJHI!_Q)HFg+!ie--oio($#93*#>s0!DO=vFmtz`y3|#?I
zX0;_xun|9J7rV0;4`hona)d6$?WOrRCci0jA}%OMSEfeN3e+U_vF!NEef^K^_IBw%
zIa&XLiRapGHH2(hrW+%5%tucbvFJA@?t)RJ?(6$Kzu<9Y+$QD0lYGigyunR8+Zb{0
zo$d9$tM|{npFdu?_ijWZb&Y#`0tf9+yz(NxP&YF7`6O-(iu?<8GZK7cmPU`oYrZK8
zJCC5}v7i3h__n0JMV6#zkde1iDa(Ooq^ri|{=^3(DI7~CJ04EuGy^%^oZHQ|R(Wo7
z*1bfdT}e~lp2a$Ld1($jtlY>xuGW{<Wj05a&dBRnnrb;Rf%>>L1BQnY-=pw+;`!6|
zP)@A_o|s$u!GA4%to%%){he<ujM}%pb45e_0?q#se>h<d0__r;ky&7A2D@YcQ-A^g
z|LZsIpE~ib^VO=!*-h{Lr5GRj<^8l-?9GAS6E}yKz{898E5Z!uU3|c0c_8+jjN$vU
z40LCpyxl+e+q~&-6yW5a9kOLnY(K>Xz|-H_|FqqBOVqjGts2dd2Rm0fiAOdbz9szg
z%^|udzY%Z#wc#qid6g9d&#^y5z=;xa@=Lky+*_v*gpjcI&Zsv&{2A0~;^(&ox#%H#
zlR<+S_ME-Jcbx@S8)$H|@%o5y5ngB6IMe)V0$+ap@*FYEh%`C&D6mq)+MIdMQv%||
zTo`ikRD0ds!%>p+e@y&W5g0jV&&Pv$>-qiQ!|;{^z{X|efp!LQrPmz3M&9KBd12lp
zO8||&nCg&+Y5#V!x3>*b^%>AY75(rTNVJugOO}zR@;*o^=!?e2azIBoKpiAekr#4m
zXp=U9{ImIOYcG}VYYJszvM4%awt2a>hzs$P(nT?!{{ohXPaN_vl_z5sM$a1fcdr?r
z5`UMw_rn>KLuU~X^pW^DesGphx|iM(;s6fC)yuIhPnVtJpXSLrS=;U8xLIMmpLdm7
z`v>FO?@O^4#O}X)84~RO&&Z`3toLEaV=8{gb!pF6T1xY@|9UL<wS!O5pZ!+`z7c4L
z=eWl~Kk{Gx%}@_{UtEX&7}J5d)AheFjcvewgnc#qNcfd*SpH5?gdR~YDi3<=#K*!G
z)pP2N-hcFQ<VNxWa##2c?T~I-<y>`hAVyys@#tWcS!Iq6ZCmr};RZJs`G=9YsQpow
zMco$l%;;s&_m7>AyAk&~@%<7b-LUpc(odv~iOXVck9mvyF=cz~->1A-JGO1zk7IwG
zw&L%JKR3NT(^GfEog4R2^=s-cX7APBsU2F=O}s0yxprsb$MxvCiwOT+KSNw1{%yky
zX^C_x={C}vtjNaeldw&<CB4b+*morVz&^eu;moDH*7=I_-!0><{q&^-Fvx%aAJ}pL
zAPN``MF4{UsfMV$`ghCK6SbaK^hH!}me`P3oMidrMWq+1KA_Uau3{D+mobdT)pJeU
zbyHP8MG#h<bl(UiCPQ!d;~D0;60`r6xYE6%x4>$ou`eyof1qd26~V^ZRup$x<p<Fj
z&=MO#Z)jU;_=2=^<lExt5sZt2KMx&}&%}+kKdlI0Pj<2GPb*fDW)LC}oE{Ka^w<8C
z@t}2#vSA;XN@<M%n+Qx!8g^REl}bgA(6t_^<w#BI^`c6qFGcAA(K3e1{FlM8PrXox
zQHC(bwap38p^S#K2E$V6gcnaMgmQ$x&>gDvYFSm4t&kA5?u>ix9g->E*&B24jlQV-
zoj|vY(U(sA$HzW#2`cgurn1^LZvr(5ubh;w#Asvh=5P_ffr$p}jDT{SEHEwOV6#hn
zh$Cp9mL2MGiqN$P+mr=Sp?rc2M0?BF1qi;-AgsVh$Z$KKDlX4MEcL+JvpL(ml<!C|
zOUkJ)7Goz#ZluVPMPbt#@jc;4nVx7ZNnwcH(AUr~vzf=^osmpV9ETO4;6@N&7<&@5
zXSw2sa_{ba_LiOH5l<PM`Vr`_2uyBTJta16>Uw&$1$~WR3M5HVg|LktwPe(}y0_jP
zqqu#9?@fbvMHo@9RO5#$twS2TT9vN3vXG=-YZgCSn`lVNYya&1XS7O%<45@3G^iK5
z5%t*NXNM|XgGunj5$Rt=t3W3U%!0u~q`4`jHx=5oJ><r8LfR!v2cqQIb^ZUfQD%GT
z4Q84<T^K)<dZdgpj%0;ps|gfOM_}}V&cjpU@uuCFGKxPReoQRoK$9H7t$R=Xk2?F)
zYtkcWu6V=fq12ThBTNi1fnr_03MWuqTSTN_&?NL}*V++@_vSr>Du{T@h}oD|mUu*0
zRI{<onKUN_TEwwynuSTRNMLdQ@1O`*Gh<OCc6>@oT*vF?(o|>O<W!3k=AoYntyO_X
z@R8k|vLZ0RMg~ToJmstZr_TTRb-EI;Z4_`W)aBF4K+CRDdSbXL<hQCq<t(ETk}HDJ
zHdDZnF?YoT!ZeV@#;%omh(jS~)K^Nr)3MnvZeqs|vB{^6pLsZxM9GlojVNqZa5M$f
zrS0<Dy&@R?Nr>P2<w~e<Krjny?ib8|_9#_=$ikn!2(^$6djwlsE<QvtR--%M%xSi-
zbPDs2IpwO+!%X}n86J?r>L`<{ClW=?lX0?n%#$VDybZ!qoZ`rgDY2W4jH+68e=(N<
z%qY^VZD13Wxw|9`2|TtxS6}S`!t+qv5{%hG6sxpomo!Pzt&N4(YpK?J9|Ci52C;w)
zGlCFk!V6%-OHc~WQeuJD)4|Vwt0%fvVE!i%KESAe4#<=7lw-P`n{4Y-YWh^zU!___
zoq{AG0yg}Y!B-y_x)lQ#eO3$$`6JVKI2qYMQ*J>ck`hwF7`51gdt_8$aBUwzCG-ex
z-E;ik{_5u|i38#nHjJ)7yz<^q7!%wKBlhgn0Lw68#}Q(VrDAGUmG_@A=S~uiiwhhR
zGjt9dHk4SpyA?IxE@U%~9F+k{jj_8Jt;u{mTh2Bn5vPzgS!<H4Fo^(0Am><!CyLeR
zLHb@<Qf14rte8kgkQDcMJ!P7xqRN%+2#bI2P1K@zR9v?+WxH-A<?JMqfiTc}uH1vb
zbYfXsRJKx6&QilRK_C7I2Fp1D%kQqP@E|ZKY;KGAW2?uOR`L}}%d$OlIVV)!clzB2
zc2>Xm48+`%?)Z#WF3-*CBuXkM0hb3^8?E@RXI9A7Mqnr<vw^G3G_atRqyNOCPW{E>
z=wHi`Noy;3IO)`Ce0LI8Na8Rsc}`9a{oT}qLZBpa$kXoRy70pFlJEENzTLMcimV4L
zf$eKX-KY^v3shl@i0R6lkrc|*G{XBivsQ~c7U>9o#k=$aIu7up$F7l`;GS7X33z1C
z+H60oV&7qUfgGO5(&O(LIrfj}6z<~DQWg;?AENtDA=&NqV%W~%%QW`Py`De4yIk7P
zz}zOopDNEC92$t>EW5-DM(Gi(Ewv~A<*t)e3c0fSarG;V&-dR~x2<fv!JIfc!mWJ#
z;}-~8Ko1l=z6zexnWcusN~ycs5=TV~9Mml<UK~&cs(4{qM(L#li&~kq&M!+YTu(2i
z;kGf3r-6Tad*nPm*gCIA3<r6ku@ayBPH9$|QL@fKU;xYjMdGdU+{0Jj{X*fjs=NAw
z>Q~#tyuV-B{;ILJg5gH+8mw=%-<~hmZm?`UlxcWPHYC&At68Ht)D$P#N)vuBQzta(
zF=N|e#5ox1V;6-bNzsv3RWaMe^MsDta5*Z-mh*&wSb+*cpeehJ8;foCWnPI=zj>S~
zrt!@s7jn7deM>D~NfOqKZBM&~nId_j;kYV~ow2WpP?~ruVY`~B@&HjEL4?~JFCsmr
zl5Vbc1|ejQ>Cc}OytezD!+&|I6(=D`FZY?0(Yv>4$Dd_Ni`kLK#*3&W>S&s+Of;<K
z4P8RLfS{!tlX7;-)`XDPB_=cu4JyD0Ym%h^<9MkNd)gv5%0yySB3V;WyxCYvIZ1lV
zF=`Dd#T~0lS#X?<0{hF=W`-X1WIH=u5*T7j($A>oWutH))2yl?v;b1v5eyR)6jd#P
zMy<rXxHNa|rAHuMI<kV+uDx!h&M1mMkxS8fT-4c0dIdGDGZdCx&9FNcxuX3jLC}t(
zmOCVLWXum_E$ze^;=9br%t3%s7Ay?K=A<8DkRd%XOHdw$6zjHm%d_RMCI+dW^Z6rn
zNFF2e+0Jx#PVUyO|NZh#(k@I~)I;|AoCJXts{M9aU{k=A$sB|QL1v4HW>U8iVk#Ej
zSb39(BsO*aRoAW58TiRjt=!fIt_Kg#uR<N=u91)uH%E>LUSG@_xt4BN)9p{x>NTP0
zQKP1)s?{$8U9G0+FDcuCiR)z!#eUgtrUb-DPb!2wpC%eRO02|}bheD~h7V`t!8IZ^
zxG{3n-`yvch|4^>*qZMC_Qs}0p$Mgyk15RLTwfW)YV}P2P+8Td@bA43QT$`?-%}|n
zW$;-IwJc7SGIV5bzBc5cdGceeVFEaAd{Ef{qbI-|qJrBIx*$UtLC1ek6cG&zr}Lv`
zQ>9#rDlVutar}25mO8*_ObZkd^LKVJ0~CMAx@K<P`@$2Zq9;BmUbnWiM2DO?UR?@8
zFEK<9X%Q3@WL)Hv*TAVyqfq?fBA*a`SJ(pjYm$~K?&EYXz{}E^!8zuO0Uj~Y>pJj2
zmL5Rlg5PLPxKvr<d6%Q|Bu9j_?Gi3a!$G*{!g<vBbNeJP0G8S9pohw$KfAlffe}jS
z;XtW*z}4ESN%--T8t>8ndvnrUxBy@lG}FYgjo_S?t%WS6V_bl(skUvkrinD*NRES+
zK@*%2l-;%-s=IW6k9hU6O62-#Jk47Kizlbsr!`4d7UZRo!tq*t^ISUu6JUxN^g0t0
zg#<;5xWsUJ+xkU|fe<P_?z`N>u>4g+92Xqp8P$~K-7XXDMj@9k1m1JaZm;Ax;k1fT
zRaL9>uAKt9?AW!^MVfWXOipl8znkf3ncT`^Pvk2(hqyb9-O|}&Ew8YSEHAgZdwTm+
zW9+Hb-6~yZU9{d*f=HI;;X=;-f5XfcRb(iEeY5{BFMlRQp*R4z5}IupiEcy}Jg+m-
zzyd)fDhqxUy7mf*DuSUHNeT6!pDY$o4cahL+wy>D?;E?*H5oIinRLxw2@(r<t}RR=
z(snn>B5Jjptx7r$X_Mn)@ub2dE?%YjHEXR_VMF)05M}nO=HZh{(!S-F6k77Ty^;Xg
zy=wJrR54*FR@kS4nDPj&6{@h@oR^#I2zhFVDizWdN@XO1TF#?ii61#WcamSQ*htM(
z>z%So^PN4MOCi5DQ52ZCc6F|R94<68Dmac>sl@FR3(2*7(Ac410v8dC+Sw*|I9Ael
z$yC|m9(8%&pcob0W{!ugvioppG>Y0)MG5)y2dT+$VCw?)v6+R-Oy~;_dqHojmUVG0
zXS<FXX)nx$$sp$$mpUjEZ8-Ja4M|TubGfZaCe&vQ-#MCZZ_fc@+hs<=#=ECkKl;%|
z$`Kx!k%UaMeSWrZ7U_C^Qn?yWmn1|~Ev=f7fG8SeBkzPWb&IbVk>7QEn;KywGlONX
zi8UuvOPOR+UsWspGd74|au9{D{-lnSiK+ZcN-{tW`3UBwteUVhkH%VzV0i~zKTWq+
zZd@@w`8tbdI}n0EV<T~1^IKwvFneYeomya#F=teaxQ3>W`Ah>@428@IRJbh!o~BP$
zH-Voq;>@j5I^i1Z{us|RWQm~=i<jV*k?x{4@zoO>!2!Dq=b?iS42a^&xG$+py1NP)
zK<`t{`wxwyf2}y{k%1I1k7jx;sH2@?Mk+uwbb1#@|K<CAyq~4FH`z842>JzB7(fO1
z$rw!fzc*}%+8SXI7yp0QcRkK7C^{jXht<F6u*6TS7p+RjuLQp~?rS(4iNAmnPKW9e
zeL&int)^b(Cy?lntAhJIR}M;L=|gCEJ$9vN8d4Fz@(8E(=~lK0m}2m-A5t4)Ij?aq
zKT4O8fBrjNetB3hE30~6J)XSBt51~jYM{8bafcF(ow-8}{^~$}moYH*<pW>;MH>-}
z2hbxvDWgv7Zo1WJ@F!mRk018dD^e*}u$@O9<;zIQBfeEbtChyZRCeKkxm2}`pdl_t
zfci1YhIhg9T)2?~+x_O!P-80*q^Pic%0_5soa}Ejca_mSo9DCrz227e%s7~=Z&8Wb
z^+jb?n@q1_#2~9zN{7!qn?kUpU)Gw7d2`J?3cZ=>Mh7`1bUev<!F6^@RmX$;#~q2i
zXwywDdEBpv4B2xsLwT@EUTbB2_hoyVtRyqEJ^83g0wc_DnbV_Jk-(*n7>NDD8FFIK
zDuzYQd8sjwnmzkBAaD%6d`p?>ac}oZ4QyqaLB0kH9N|0{xyojCv)$`+VRbUI&3@>D
zv;jmpwOvCq{akN$bhw8-=~nl4ueF>KcJnvI3_G5?pwXCu@*mDC_iNH-@ui7ywx3E$
zw-qOh4XgO-skZ_?rq#({3@b3>K==lEIAB;)iwlU_N+0@QYNFS@-d1h-Q0zSihkvCk
zQzdO--D06gOK1dDF&Qf4ge<`E|8>Xi@I8xgrlV)uL%jJWzgAO3MC)ouAeIgaPW@Y`
zid0fblnEH6K5HJQIQ4~Dl-7xgQf_1@diB+fJF7XdV26J4j;F&l?_bZ{kJU#`5-Z<|
zjy5#aqvf)0kZQ*ih^TqP(CBhl1kaC0oZ;W)gkBvOlosDf)$vMc>fxhMYKT6V4f*uo
z)I@|x{^0lCJXjMl<yg=YV3Iq@%op}Tv6)mvY|(IYh~POn)&H#sfEBHzP<AV^!{vn}
zphcg!gsi#`4ySW#g&oW)JATxQ%7Q9y8O@U%z3WFe7>Bxe%H~hja|sb|SI?8R9sNlK
zqEBZr{@CjCJH7sw8$^&O`UvuBXUFrsYvcF##j!eBGQ}2_VRWx%^{B>%t>Pzq7@A@K
z^ES<FkcQ;)v*7?Vos>3pd*jy%2SrgYSNyYBlL}>Kvyuq58#-cQ<GLdQ?ouYTlA~iS
zUTWg`u9tN0pVdLuyP&}=g-hH9Y_@H%-{<57ztf+wMb<Mahb&0tAj-hDt&uEc2rC^c
zZjK=`fzf+-Ef}PcjJF#530t6$lYgoBq${O%w{D3GTiy;yl|E&BN_$@CvOpkDQtjAW
zXe=Ix5wg^plF50h6_)}uO}TX{`s}2?Zqw=W`mAJJc0JN+704Sbo!YcBp9H+ot9$Jg
zpCxu*E*b)9qiXG11jg9RWbS6!Y$;%4#T)pBD+aRLI-Yk(%W{!CGN=MS8B2q(+QFO&
zmiq)hl^PFIR=W}ESO>Y3zwj?AkdV9<d8TPrVT2-7Iq@GKtyDz&PGJpQNe8KNg&kz9
zi|kQAFR5mex3fbSa@1)A#;EMIw-$%_J&V;eE~ZO!NG32&YE`EmbxsxhkLIxUVfp7|
zHzxU|wS2x%(R}$8Qhju?XXG#J_K9JNBXwQifosQByQ}^DBy3?wY#??i8w-ogF>8-~
zkEEmj9aVqkbGj|n=C|_0`%_oDCOr}fj0=*%B)kVMa^Z|QHC4grLMEmO!;}zBr@c!R
zPAZM1Ws_bmW{Hj5bz6uO%0rd6hntLqK9NXs6coigHnP(a18DTuOx?C%)+mA?$B4LI
z6nPvLd5mNXMpm4XmQ9)G{bPZQ)l`UXZfXC8HmPACG|nv$Q5?6GcvQ{v5s4&NOXB6D
zhc&kP3SmDybze3z$wAImA7g>dY&3!yz0LQJW{~GyAb}xvME2UrCkKYG$OvOzlg$Q3
zYX|NQjENUxyXozk!%}UYJdzBi5RpWNf9?KU!+&>w!bnMilj<xcTl0yBzqj}f^4ViO
z5cAR&t?a5T91et*-d^kMDQ4`VdW^6gig|Kjz1cVJcxWh|lPYCP5kX3}VYm4*8>CqV
zLrXP_4Vw3dF+QAjr6GC8IGsGU;A3Q53pLofscDx4cEQ~Kf(){9r=-^AeSDb;^sL52
ze|XH|$#~g!#y+vPyS6CZlLm8Oij#P0OM9=s(KyxA6OiM2MvxZxspA?eikOja>RM?^
zXQy{qjzPbGhdH5ZoD;I{^zf;~BW*we<*JrJFW`7uR}lKrfxm>!J%2{*wvPLaN%qi<
zeV1B;q&$KTp`H;KnUtNJ^bJD8o{%0@R54NE8Ul1rGb3pvojpT*EfP)T_j3q({qs<-
z&wHh73T?G7zBY#jeaj*GQUM0#JjrfA$(uL7Hi0vsh0_b;_Ld=SDLQCYVH%(!!236}
zV#yuJZN@?TDN7usx2OsSc$H$z={gh<s4e!kl>r|sg@K%e0cJe~ENzlonl{{JH_oxB
z0$v~BS}P#40xQ9y53h9TdNX$P(7%-zVgWa5BmdJYu$;jd`k+23LBf1|(jIcdlxu3D
zU%J5C8Zj15iAGj&c5gn>2RGw(7KpJpo9M?DkTt3{v=YSA);_YVh$bW@GcYy1L=%+a
z9P$>MXJ0;QY0__YF;mmEmgF$N3EqLXcp|nttIm+Pgui|XPjU%@s%U6zGAjyWCaViW
zvXdzgj<payB0dRp7a-Ac5SQ`%t@lH!46;EyR(f4aUI~z=`IjKD^TKes#%vqY%0)Na
zs3#7Z(!KaW1Mn>)^d--r=4>og9&rG;1X_7+Tq-Vpr4xwlib0M7EHYCTqkWD{P(AxL
znhOh>&OQ)nx5wqb!Dgs2SP-Rtvee*&ZK%U@iTdtpF5<iF@cEn~JTUUo3xjLbbb-*M
z3;$cV>#~LLa|l<;B~IXs@x`KXH?*T@FoyG??etlJB|PAl^<B)7@DlDFEgtkeEl#$A
z@&95AO~SfWd>xlrY!Xp%3En?(2|D3{SXbLC;r=KVdUA!98^8Nt0QV6FU-<ADJo;ZO
z5GAZ!WtE~Y1*1fCY>Pv>5<Nn=5(Z9SgfxBWq8QQhLPTuvA+0!9pyR#@=mHI1y?n7i
zk)<J0$B;#dK&d_%99aS((92?gFK5e(^TSA>8AwA?4Ry6N_hIC_`Lr-*8evY(<*{L9
zbJB~k=1}V#1h%l3UB&mgr~5Yt9{&RZbL?Tuu(P@6Gjgd^Q3JusqNk@X)$>?o?(nO(
z8swgCc_0#?`q4w&)cMPwp3GNPWk}n|L>AHB)938VYXqJfShUojP&#?=<_|N36Q`>B
z&qMo`{}7n&B~VLEr7)ZTRFMLYyFxJjpMtiNbDDEv4!u!B3DXAhC!_O%mEY5aw#UUt
z6fKu1%F+k<JrXy<YzNJ5$%_zsw(O{$%?;?GBeAvgQD}Z{d3*KBZ~9I?%TH0jb2Ny}
zo0MCtkahV}ZxVLxrKPym*ivEgsb-97+*3z`Y1JMS*F5_~PHe)y{qs-0nZ{m89s_vo
z0F2ThhAXQ>`()Qh3@DzP3C>yi^)9x@181GGF7RP=s;Xwnnv+QizsaO3e3w!VhuGg3
zOkh(SVNu~=z!d{+&+2F{NMdxVs!5tPv0xH~GETl!A)M-kp%Vv>aJg#7EJ`>So-ufE
zmn)uld-4-5hD|lu`@E}(twihSfmL(!h5EF%q(WFN#35O=3PWp?p#`DBm&|O%PPE#R
zDG3cGx@edev|0){SsSrtEw?F~F6k3HEY>C|j4^l7Fj@QRZTS$n`5Vuc!7!JPYMaaj
z=x2=JTFh#+T9!-(8-Voe0vOJPCZ3trh&h_gcIOQhMvhK~j3=v9+rsNAk1@{#uh&VP
ze~cK(%@ops8J?j(p_r7jYZ#(juKjGiiT~bgM+)MBHJgh4D!w@mi>*eYpFhyY<@>uN
zu$_Ipz~Rr0qBzF*-H~`krpFl`Lrkd9zk&+gSDD++KwwicBNZSG;n0^WUTL~J2m`YZ
z_+B}_#MO=-&D3e#Cx+teg378hZx>j_Jm5AM+Lln$bc09zO5RXuRHsokOsh`RF;b6~
ztD9~jRcQ6OTuy@8z-M7NkHmPkQJ;AJAp$&GbDJr?-<n-Z444d-;(E5z8>Uj>TzQI}
zU|x!*GP{1diNs@sA1znA4ZJyPTOaRSEdZC(MsPX`%=+oAZr}5BvEVN~J*_UcOaI|0
z!#PssP+&H~l!x$O&>yoOLKwLo<biE_P*1GJ((hq_9|iC8bJ1Yf32-TN&gFENO*Pq&
zm=~Qcma7(5Z1gAb;WSE>PP5S>N|ubtq>4&*drRLLAg?%fA*=|p$+3`sPUVgsPGo79
zf1$&Oa|%(0FPW1zaY%lO)I8_7hCXI+W`B8CRORgIdIjZNS6}a<@p3~;rL(iu<&mhA
zWpPih)MELqod|4$vRJ?}O6MH#JT+>jtzg%B<n7HjzVKEoRPW0st9%M-0&~ta_+tl$
zwPANfaN&9H48Jq%hmulS1?I(z@@BTCHe0QJgD99SE+CMEYqeO2>yEH3;94Hy?8hWV
zF*;k0j3<<}O;1#!E-y_WVzWgrp5_M2gwLHSt#44>9#6lEuu441VS)ziyDSMR*d0k-
z4~3S8oP`^WFxl`-lr>S~1d(f-yTBZIqb!|+^s)SWm>l4bXW}1;Y=(@0icY$b6?A70
zNW+X>+qsWJ%BN&z!N=S(#>s57toAmU!cH@j8Nx8+0+@m$%NrNZJ%oUFSKip#m+q7Q
z<I}q?|AJMp530aU#-P!kh@w!znWRjahD7#{fSnl->fg9Loc?Q-R>)ginQ&OTA(7qs
zhx*F@9Q^(!LO2_0O6enZ6OS<{Y(j0UN;<y2sW4iuC#$$6ok!Kr>_xdgD6Ig<>bkam
zc`g$t`tmH>&yFu>UVB;tzKjsYce?y>Q51@+#uRCs9^;Jdv9?O8qXXQqRUx%bTQBDe
zhsS2jj2-@d?&pd&KoxxiYm<zdxxA<#H>MVI_K&wHi*hkz^3fA?Bl7Q~_9x$tcU6tk
zhYZ*qZ_j5o;!ovsvEbaX$%gkNUl6f*fKfl5k#7x33Rp=Zs4s-Ru-+cRx(oSf9dSIg
z)9qajGoWyzJ}u*4Xtz4-X5pMTQ`|KA-=#-R1C2Q@*si~gx{t4~rVx6Fi_+;@jOsDy
zqp^~N5frRRJSvOOapl<cF$5*!a$GTJysubG)36&7Pl?O^2OG9=V;nJ1HnJBxr)^#Y
zHgcMM(<8!@Ge_!`IuV)1he~IOVH3Md@(N70?CgpiOul^C8ibp2YhaRTMtB|E0M}Ro
z*E!8FI~XaB3~*#^ZfI>kv?g_dD2rY*wrR)G`dX~W+bIi4Y-?a>VlsK~*=w{Y1eq&4
zKYPZ6K6BvM^>aP}rS~7CYDrP6UZzWctp3aqV%h)Ti~CH<C}h{uVOJGnJnC48R#k<C
z<*K|QAeJf!LRhfNG@4Tg$AG9K$yNik-RbmOITK`rVAA7kC1xbtl1dymNkzp}84-g{
z9#$e7Ji>%9COA8l;+WXBynL%Dk5pu|+m+O2v+7{UqZC#5e1fpEnOx~5*Cffy6$`U2
zR9|OjzsFtzCXEs77Rstq9Eyt^DEacysKQ`s4M{fgqVER_532#kkCRqKR5VfJ|0a?4
zumGkRat+a2Uh1^^WQ`|j$4nF&m}0?;w!(Qq1~`ndE5!ZBWgc@}{jTHZbUI;{wQupc
z&rL96JdvSavbA*4(<f`W9W@%Avt6i60uL;#Y=<%JEe7rUp2eu|St9#1mXGX!|D9&X
z2d&~znB2X9oj%p%rGv9f%Qq4UoC{LG;<B^hbZAb{tRwd;x#9YWf5kMMYCXTdKxfd)
zGU~-dh-<lw*4!axI_U8lPkRky5E_d^HniAPI<4jWayaKnxxU!ssgl7N_OOe6EU;;<
zbXW25QWQ$biJb@4NE!6;>in|mbtG;>_Ynf<T_A!!SO6U-m&Wv@%eJl+eJ>u;l|+Q+
zVuz8THivwcL5898E&2V)XjKX`9s5|fJrtDVM-sMK)0JDPQEbxhwr;AiR0z2f0#*>I
z(T!xa`Az{T5!UXQS}>tC>bdP5Paf{5F+Pczi|ZYZn7viGPd(oXYsv&;I1^ek^fEu#
zP8Y>gZBiQhl9Xui!Z2Z0g0KY1-lDBU5p<wIPaBl@W7o9qYe9-u@$|>P7t)dSvm4bO
zG(P*;{xCeM=|`X{<9JFy&YQ#yW~XX4h+wnj+(&4|`Z*F9zA(<`@RXwygqLlK>_pi6
z>DA;^P&J!tY0RAa+g!5?JQd##JICuqvoQa7OSWS4I1@ir{ovsQDbS3a*hOKp6MXAW
z3la5irr5gGLW{D=ApLZ=nutHr1dHXh$ut~<y8aV2($V?S6s<bjmX#+QFPbR!!Ud8G
z?EHq)aENK@)={*1^mFGuXF?sg$ynyGc65UVE~&Zhglbn{XyP6lkfx+{NzFASL?%tj
zwqmyn+n3CAE1ohGA&=uah_rnT2rWab%eFXUW`PDCv;GH%NtFd%I}Jal8&o6vcKTy$
zNWWrQP4AnTc5va*>RU3r+zqFmy*{;#+@0vK%`rv{khq`<+VDxZFGOt>R!CIlqTrNT
zVFYjnt{f4(?jFcOW3j<lW+h9F22*iik;=Cf6j3d^G*A+vth~u#gk|O@7K}L&7@Y`<
z<3B@+sRY1;a{MKZu8$2yc|FHbf}y1kUz0waA9N&`AW*Im#=R3GZfCSIXv;#mvO8^a
zWM~X2IKq$$1QP&fhpl$^6vJVtKENT4ve@U(b6I51aZt149C<pF{V8jYDw}~2v|+wd
z3IlB0SqGZKB2DI3pPII`OJOIkkQoTqA<NdiFRxUglbHs~Ub3a%A9IYldQK4-$y)lq
zuMvEaI{Ia^ffTMhF=JncGk4yJh25U)?1K#!uQU^P(Q^(gfPs_Co6Ni&i`x(srsSs7
zOf9NX!$awIE)9GeTyirH)?8C+8gk1*l3Ucp2ZMZ2I76sJ=}Em=MP94ah0CW)U<54F
z%9ajB9Nw_#%W0u#RK(c2@A+T9bBcjRA6qpT$qF;yEnfUT@0)yy9xZF*=2kdxTcv*`
zTAJBVXf@lVpjdq38paf7NB6zD7aQa9EMbhp^7vP_#+IP1qK7|-a%sw?5Sj<N)8LrC
zn%5W(D$WANsh%fNO256uGWO7PU<M2cl6)K!+;*fjRFmZy$zRENogME9&j&rrGa{1C
zZ026e{NMq9hp*Bf#bWP*rPg!_vToPzP6_ORk3c(%V7=uT86#<4z4o<da2hmm+OfrK
z8M2lr)oBx^K$)+dnwXR0#mmJDC5c^@{DVj?71WKWC5~Nae}N}l=%dZ{@;?p$ra{Gt
zm7uhB9k^R#4qtZ)xVjvGD{tmjpjyHxk$M&tC+s^lrb)drQ&4~uxYi<1uRsJ@+Gp4z
z86&v)Rnmq&Wb$*SJcI;^pwg$yWts>i;NVHhVdKxDn79jfRD|or!odx<=vS9b$!-kJ
zR892Dr87$w^jP$Nf)xeYdM<PZr$O_<)3O3zfa3Rd*RKmDat^u8yy5w?ZH&3(y~R|i
z-`gvNL%asB@xLOc6&Z4yImLKEk;6O`b8-t&CvW5-)v>MG7CAXzsbn2{i#NT8M{fbL
z<q^(aA`$9f*BcRq&%<&ldh*98f!ZzevIYdU0(W(Jt-MUD7Tu(c;6qQj_1G9dX?et1
z*wV!7$KMTg4pjqO2z5VU_A(webrgjoZVi)?cCSjv5(#-UZ^1&z&n@5<5GVoH$NSxB
zzBgjaVf+=}<ZMp8A_7Imvt8%O039=V+A}%5JAW0gkc*#S*xcj)>AYK1$@M@J@>}>E
z=}V8d8Xm@Bl`6RDEI8b2X^C!dE;OD#lYKHVnOa_xM7jl5IUC}Oc~1q@0=yU(9aBxx
zE`6f5ZTxi!UOIGP^v;&$x%n*R!Wl+u^ZR5j?<s+=gETRgI;NeZU3%;2XC8fR^C;{V
zJT6=gZANZ~1;_T?h<Q=hRoyG*Y=sk3PHl(?{P3u4+d}yC-jL;(vKV*rrHo-Dfv+@n
z)0KUVvVhne*(#+(+D8?U@Wh6!D8(H-U5`;{Ak0%=Y?vK>U%Hy@*LA<QuT+y2H@aIJ
z#W2Kh>+Ool&3o6<`CEHMFg)BEjuk5`mX{#uP8}>NjbM~+^%FG9MP<FTyt?;<7#Fk>
zDi9r$Ta)MgA{a%IT<K(`*oOYr7-zY#z$bc0D2It)vo_rZN!5@}-4uA9p=A=%ttc9q
zfbzWTc~#83B?3<f7J~_pMP2ubq8?HjC}ur|L2xLwFyE*%I%NdH5lj&j0^&>%>?Ed&
zpdEQEL`RpS$x9P~I;}SU6J1!WBjl!>GL`~4X|kNVScPd8C4)sF=oKqQzB(l`R*E9b
zw=tv<rGy$1e`Vp^(&L=&W(zu3qZ~Tv)E=<7D;=KCrAG>&BJTy~xAzY2DqP&=fWxx`
zE{1+<_LH!lwfj@Da*#)#obCJAnObkCt*9aGW)+gFGO9l`*0<-%q0EPtnRa`4!3H-V
z4U9IXklV!?2ZnEVH<ze4OfhF7<!ms&RBWy`HT0@rm^ohHULv~ADRwZtI9X;=d*$|J
zhgbpMM4LSu+g;es8Ns!9f3UR?ZmbYnW7Y`(Z93oo#lABvRAnouPwg{w+guF#dkiJP
zyfe|$7GDuOuhnXKz}qp?dR(CpIU$Jgxpu%YshdoKFw^e9vXL40kw05%%0LQ537xE+
z^{(%AW`{YEe=xPWDvkaw@E9$N`rEx!OMj7_x!YsT2*w?2%q%IaswG$t`TH6o#v*ke
zC|XJRuEFvl;%H6ctIjShfrK5bz<f91O<swHv|NyHL9s1wTE<62*$f%785EI^7p5`W
ztxoEcqXv<Qxa|q?x$6z!=^~imxy^33sG!?PkHIF?-3XYf_-E~AV>f20suwIp_!6hN
zbLt{~Xm!~XOlS2}(E1u?liNB?$e(v~Pd1kBcCXim@&*xX-x7X<-4u<lnQU0U-kQO#
zJ8gfp>Ukr4@YVF2jha`$(-co`!}Gtar`Ct^XUQ1PWYzCZhoj%+IY*2om1<SXc96AH
zxeRETm4=!_z--A+QeE@)pzqkfwWI6TQZekV?!Lyrx#WqJA=QcRzH6Pw3*J%KnyD1S
zDAS#)efKxrkUrFkIywp)XOp=Vnmv|*N6?8rt}5H^{0Xd;VUKr>Yp1^|QSo{zQ`iu9
zSk3Zn416ArmV{M^O(e=0g^B+sl$NbqBn@66QkQknGh{-|8*#fp*ztr+b`e@WVdctX
z&Ps?xn5bsLDK$+W6kwYXqWAx&!nt_X9`EZGVjI8TTNI=DSk-Q;fV+v|;Mh$qjFS`~
zEQAQgPFz++6dbP8h0%d1ul7ACM<i+wsya`9R#^=yvm^mLy6@=kp1?vRQ&9`Uye&3D
znb$68ETI+Jv*k5pxtyCJhQn&Jy;$997J(JE!hxN?pPE@qt$r9MHbSIiYvR4FO!Vwn
zl}@)o^eQm{JkMgTHRfTQr67bTgVy{=GsA2)j?<e<aGuiq{xQI~odegG8NMSf0Mj)N
z)|Fw9Iq6V6=BgC*iSN`m;sQBovq&LF<BAl;B<lN}KAg%Y>k{I06$8hcM8_kwoa0#}
zj0COlc)r|l<K+dMAt&xO%6Ta~94QQC$oayo{byORuO^IiSOlD4J7P#Mljzg^_6UMX
zjwmzO=xKa3HYkfcj)_-KyUY<e#uDS6!+@9anTEy*j_z9Sg#==zGew>A#_L*~Ud*H!
zsJE}60=XQQ1BVj=S@Kam+)QIr0?OxV?jWTz)_4^*q*I%L<Ko~+Ai$sR#r&rhU&F-?
zi1&Go^!EtYWe;B^8D%2~D+UeXzkQ+0Y>UwaS&a^0u!D!7S0qGOgs&<h-gV4N<!G88
zC^Tf9JDI^lR=uf$n6ZLfnW0=AkVqzQ?Xo0<bYZeY8<G^`SEFdyEMg+~%8(&lit{{#
zC8))iVERRq{)DcAaet<ROj<H{Jcd`M@_1E9zY)}nxWd0%yJY#*5yH+@)2m49#1RS;
zs1U~o+V53H5vZCkh0EWN3Z|;Q6gnaCf$$ecum%$Dd=snq%PX`m*?DV{L23oRC;ngR
zu{tlQk#0U@NbLU~rBhr)6%lbDiSN*blBi|t#2Bfj=oc&KL5vLw419T(UN_mgSEY!h
zg-eVj@ghaS*bzhx>XPY<s!?}N2A3H5X;RWHTcR^AY$H1X4+;@Bc6<kQVD8<({TSD7
z2{RNmSq1@X9LFoENXr6;<L$AHj?P6yn%HidMZ&s6QJ$N1oU1!_|6(z>T9KGyXY&+z
zHI^*4EX^pUZH`1Ivs{=kf{M6#8-9UOUsWhggx9l1_pp8~1*~yH8Jc8K^<I{gQU!EG
zPJU)92aYoyi0)ph{{)hWMb~e}I+}=yPHg(7H~<s?@c*i!PX$};t9Zvk0rCL=z=z|X
z{VxE(C+B~*Hva$k1>aF01ptBo1^@sk06$E3GO*SVD|nE!6C>$-wj5dkX%FL%fMW|F
z87CXR0!Mz>Q0k_NEkc#HEU16}QpgE?{OM!#7Dx*1fKZHK(7PZn)Gb?|wyA;t0L5Zc
z-t~Ti#_+I9!M=V7@`D!eg9gw_z|B~uc$LXL1YAiE*LaH%9l9Q}L&e!gZS~#{L9`r{
z*eIDTt7`!yxf=mz4u?+%Qxv}&1Ytj%`@<n9cB+_|eCY_#SmC=Eq9b?c!hB1z8M-a7
zzxHVI>0|6ZHYR};J`Xkj0C)}*4GmKxfM#d_9Oyo?&DbCw8U)Ra9k3=?0!g8ZZ4WK|
zeR63&`e!B<BagVKae^DY0$4$_Jy1?O0R&9;FI*qMmPVPX(1G!Tz}cx30yrO-ao<(}
zKMhLrIZocif`Rt{^>xekah=S}GV@(%G<4@kjwgWFnke1+>z@lM)u-x?`cEnJvz6=5
zrPbxy4h48sm0;Hh>>=*{;}%8DAJj1byazS~F?~wGNWW15P5&wm##KlxSQTa_X^>Qp
zd=(17<md&UYR8oy@R?HnfW@(*fRdA_KyU2@6$Esyt6)IlRfPsN?<fpl@!jZZDG0TO
zoIg|~wOAD;))W;jQIWzCYg23K^{N<hr@jv&EKiYeYt_x8L7jSD1Z71fRl2?EIT38<
z<I=#(jbJAaw?<CYJDO~e*F|oN+BLfz+N)J*j>0v(L__puK2<VYz^x@fZeCocnN#hF
zTy1K%imxtIj#^gF=;E^;m9%2Dk#p2O&BpV2<jSinDr?)WfSwEqhFzzF8KrZBh#~^V
zMdqbz4R26gO>R}g8H~DFhJYu^w1a%-{u0h?Q0Yp|x?(kZ;huCms76ITEsADn(Fpgx
z@fzo67Y4C1SF6^f#OF*4CF_|IP8LtzOP7+2Tu8u|c|jSzXg2l?Rodfzztztb<5+qX
z4`1z%;RiN{D<dn{#@DT=YiR43CZ~))EP9vj2Z{g7Rrp$#08x?^RnraAvK@xyctMn8
zB^Fn;L{c|QD`h)r*Yh*kT)t2&l`GX+z0qt<v^(8ie;`IAQkh(#RH-#uoxZ?OXe=r=
znM+E`$}22Zo86I8r7G2GIMu3CuR)_G&04s)wQA$h&dZm?*W>JP2Grk5Pq6Q6$f^q5
zS0QK&Y@LFK12C6pA~mGh`3DxGFM5!>D;$C<wTJ2iNrF<6+$=_krszXUbfaNNicwlG
zqOZxKa_`@-^YBE9l-LapL1S?17!DUYl4uguPGRRCT#UZxLGJEw2&&YaOIiq$1f?Xo
zS&R}*(TA4kM#GR4qqJVwnq;5zol}x{Pp991(9eH$cf>aR-+t!%pB2<o_g6mgjj4P-
n@4lfA=c5w3=3|fW#OwX(cyT-K5G(fH$@tZMu}0*-3;+NC-&hz(

diff --git a/pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-latin-ext-wght-normal.woff2
deleted file mode 100644
index de24d9493d2349d27ce84c844698c654a02ee960..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 32720
zcmV)IK)k<qPew8T0RR910DsT`6aWAK0X%E~0DoNo0RR9100000000000000000000
z0000Qgb^FBG#qk2NLE2ogn0&FKT}jeRDmidG60AwFLV(I3W2^%ftxrBhDrc1g0)xy
zHUcCAjSvJN1&9C#pLz@jTP!AV1l4QjasfJT8-~^^J(#VSZj<8fR&gQ%=!`@N8wUUp
z`DEGu|NnVOB@Rn_leE19nECBNIYLC3RD$8Cx<<zwwPa!~6g4xqg!Zbah_HL#v&<rp
zP!Bg~_9_}?8X2ORBIrnrK#EAk+SRM0qa-?_AyHDWs7>J=T_%JgVyu}sG0bMJ^X=WA
z$vzW4%x>>GPM)0c*IYg)5H01AoXD3yN`^1^(WB*J??Alf8Kk*D_gG|;osA-bF6qz+
z<^1cZhBugB;<gm+lCo)L$XUm@az<58T7mXy{Y>-PyqdYSyr(#@dS6$hADbDknB7Hy
zJ3U0odh!qdwo32&)zb@HVwe>n#xfCPfD{o#juaW`<Z`-oK-+2-Oq6O_U|FK1C2DC2
z3nS0$S1%g%zQWJ;yTd~mo}XKf82kS($QrS+0Hii*8>^%@Vxvls5)tu46cDg5=@dl8
zpse%6x;rE4JfqIj_W#>2y)S^Es6Z?n&@NBH3-sngV1j?bs7k7`M%3uIqV3t?-_80z
zgv3uolmxtJDJ_+mS=A@*!*a#mm#VGn?TELXmID90f8sr_AO&e%oBX7<*?<NrAA)c0
zb2j+^xJO_~bAcV9WL=ec=PHz_Cxw}sTW6u|I<b*=q&DiZs3PVs19(>dsYbgyTJj*w
zy-(>bAMl>=X5m>3JE)vAO&UOLP^#j>6?wgyw}3<lLmccMb@tQ~+m<O#c;FK(;Q?cN
zTr}6s`ft@8R$DYc_<<(_nK+4KAX#D@Fc`1HHRY_pYO<1GK&mhx$S3ze*HB5Ty-mE1
zKb2V!3bprLd+9Fy#76$tP(daIJE7+%hp1d;RvIV{A3s!f!WzBUW%Fry#Mh~&O<wqN
zO_ADNdjuf>f+hrx?5e6o(tZ1EoEbiyd2nWsJZI9`ba0|xE&)JL@!DiYN4Xf5hi@kb
z_TNPThB^MIZW|1D103%EO0~Q;2z&~hSiq#;+O^$uEN5)GPjJphKi_<e0LUITliUDB
zsT!oDA}GFXKw%3IIRlc?dH^(-hMGuuLgXwr%ifp@RBCcG-j*~0n?lltkgiVYo~hk@
zIQn$+Jss|T{%h(dm0YfNc$dNh;FV5j2$A0Ec~@FVmb+y6a=vb-SM7Rb75k_322eUp
zSfwnG9SaPAp#d<%Lr{45|I6ezcXw0h4`8@dkSI<|eJ9j9md>%TF0E-qJpTVrOR1io
z?rwLR-IQARf8(?ww+dkJSkj-SdE4byx^{g|Mw4_jE)AMFEGMWmKtcmhh2bGE0H7cY
zkAuh>h-AUx1_uv7@B2$dz62Q)Cv~vHuoVfX<J41MA)2qBZ&qo=m!=#>n2j)IQH0oY
zbi#33`^*3PY5m%gZS`r2u~7{umm-j8=Dd%uX`livm7HF?v4@Xz>~-}HhHG5?vu@)W
zs{{su1mgrT#@*b#@)t6e>Fz;{Po&F1N5w-y*{fEKj*ZKTh%E^+okgtt)L{x>BXETA
zL@6{1)ht$zY|{!YS?Q1}$7--)hjX>MSf|VN*)+Ou8bZe{3AdSA_aNauGamAXXDxW%
zU*2%VyKec|9iO`I3y*!{m0!K_yU%entd&azil{<W60Iq9RO@_Jmvg$2&)tZ4NSOFY
zz|Q*>0sZ0hf&JyYa{2k`HSh5_92_Rsp0@}@{+wr%ji;P=D@*5$H`ckk_O|}6PTQgz
zBFet)JB$%2rxvrB!=(r;=MvIt-$&g?J4QdjjKo-RuDMp%8hXQAv-)u!Px2_P<qsOs
z*5|$khHK~0YPTo>;Jn-P@Sxr7&#VCC-PqDRs32d&Gi`vs-Mcgk`1_%idB7n-g5WUu
zK8K(LNgE$YexwN?3V^)v8`Spd(JOZ@{z0gpr$0nz(EpdA5&lpls`IM1FkjleMwc4r
zEa>)ru=#i4KHyXUF+8TXPCk}TdbJn5WXn8W-f4g0l0Bq%XJFo0qW+DhRI9dM9@AfP
zo&&bxZHd(~_gzYJ+NTazw4-e&J-E~I(p_K)5bafqSRwatd-Ky@!I+QTqSynZuHiH7
zwp}asuqJRlf%P~q8?Nz5?cgUY?H1}K=RRdG*t;bsNmX-yJ{i(3-@X++r&`MCC7Z9`
zv+nZFPsqV|5pS6b8p=NP&^`Ch#en(rv4p+R_iMLFuxB#k<TFNdwG{S3adw9DZ$ocL
zUf<tsWO@}g=6@X(D!sGfZ(Gv$?ra;Xz4XDeS)erzdeysL%IaGiq8nr<m%qb4nokV_
zTfcg6js`UM_ilv&zRN~KK3ee78VAhtmm0g068i|=tBl$~wn$3=#FKh)O7E1XvSZ5+
zkC<N)tPQnPqjmE6R=!~&<h{Esmrt(MzvGuxGwhG(IeQ5+lYPUZQj2b!KX@Fu#(vI!
z^vmD*t=^yHxTEJ_dwx8XjasD_Mu=!S$q~`po!^`Z1UF{^%Q+ku;z-W+6m0*Do1XUa
zQg8%jN@0KBVVfW4yY(|WdQYELd;|``{M>T|d@>T|__JOBADz#xgT7chq?p^D>-CoI
zu_PYw2`%*imnNLza~pcnIuCGN;b7$bUwHjKNk@vdoxUg06UAIf`{xl@-=p>IJjBm0
zRIK;gLZjLiIyTNjdh?Teiaw&Z#`2b<3#4&$eR8BP7#=t}mOi%E*393$OeSnao1y25
zKefc8Ce;zS<iEVeb=b1{xZgS!$ohNQ+l#>VSQmAq3@DFyGHcYze)|mwytm&Lx++H7
zuj}E&nG4s7coN3)r>6>>?WL_or8U;7dfdu;d!5^`-HyMaL(ZE>qbAK-v})6?L#J!5
zyWyr=?zr!nR}r%3s4i#jJbClwFHkTdeEo~tzL~P^Cw?3@K0ybAzd%8PF|n|PRGcXp
zI<)-Xw&7M^R9a)Ls^yK#JKH8|(yT?RHtjleZnty+*fzym07RHj##K!h(l9OCaXr7U
zV}4l=fCv-HxT@(w8m47CuIG1@^Jnz{h%ljytC}vPVOqB1dVWU{z6U^r31wW>bRiAX
zvK`m+2iOe&07modg6jbgVL};KHC;%<v~0)q`~d&}0001>Y=rj!h%ljytC}vPVOqB1
zdj3+aA>n2~#)PRzApji7P*PUMW7H4?A(@TkfM}>(ETE8ZB07tjt#8I&0Vo}2mm#1*
z6Ps#O73kRbA9C3;Btd3@Y7uAN{E+!$bH~BqhlhtwK#D<5fhkldws0yTV#E@PmrZQ3
zLTbf+lb}MCY&9C>+iHgu8g*KwTc35tj9G8OgbgN5+30{7Tg_R}=(NA}y5Nct*W5AT
zp8NKD=&^&IdS%8NZyfi|7r*-!hL=K90p1Nu6>epg#KRm@dYM~RAL`}wOUE5Sj~)`j
zfTWHNNKgi&b0)9`H3pliKS4ec^hHa_{Wf)wj?{b7Qj#4*Mnb|4(oGstKte)Bx}xyi
zlq9d<L5yG+Ghsp}bdFDcYdU$yl%Rn&Tq}Hbh|=@hfbtF!cMlr)VLFx@(ER>wYGtaE
z>Y?(gauF&QfNlqY*h%n$({<W+9wHEIpecpmA|n%o^e~!VV<e&XA9|3#HY1>gcJy6{
z3`vH!s>s9Qc^xnx9iFW@fd=k;W&_I>#2_pi+DzbHrqSom6aOQDE1Z8uBF-o0`IziF
z6&h~CwaB*{Bff)u5c#p?tBY_ccm4<YT!O_RKT(dLp?()25G>S7c6gXhpav9_prtqP
zDZWPWX)LKakqlsDB8fs_jvG)i+V|_9_I_bx7I4N`rMjOgXz*mQjA<=$w<%M_==buE
zFX7u+4I<>sz0~*fe-V^#B^Lz9X+XZCS@-((a8V%>;goB9?~gYeZ6N<pKq_JN4^pkE
zM;N}CNRgDtxsq!&t)aJ!jy-VJy-j}_Y|BFOusniAv6v!(CzWYcqq;%esA<u*>e~!m
zhHmqKb<{rTUUDz{b_4xK7=PR932UdEaL$ProOYd!o1Al-3+`~)eQtip?T@(s8Lv;l
zn^W-B0w4eYC=LIWo0;x(oL?tRScFBh-z8FWUDNUj&YaSFE2DT~mYs_W(t;P<DG;!G
z=x>zF?S4sm3ds<=RKvtw$=BLSCtaaM$pI*Jqc@~vuYJs88G#eh9$|amkEJlob>*t`
z&hj0{hIYV?LB=l&o(o;swy1LL|K)K*t|oW+HRqrt`7k^O7=ZMZ)CB<Pcyr_h)PyrY
z`EpQALcuD6{}$(Wb~GSAi2Ub)^8i*CWjG#mJ`|vT&9Q*v=|LbWkbr~1z{zx9@jUaT
z0q{@ss^xwgivy}4B9Rg;R!RrZz;nPnaiY^S-8agj#U<lM`kD>;$F1v(m-Sonw{FdB
zTd^%u*$}d-9YDK2AIm8}>*(WWtMUg<V7RT0$-j;V7C-#}0x#6Hi{A@wdHTK1={DMq
z#E|}~=6{Em;y|%y&RUBKYpmB`n;w&<{N=J|{?)DRfuA?JLrPco4WoO|!%zt-N0q1^
zHK9(_izZ`K)Wn=v5Ld>UYq;&#be;F*6hU@H{S7tJSQG7Se>2U$ro|CK&d*+3!SCE{
zw|!2KC;n;h^;=X!H_Xo%2;GSujMkts6i0PvEn0_q&~Q}5_?Q^;Vp*)b&A091e}6(>
zgSS84o~Am~oVDmfyu$<U)eXAE+|ac|D;s|YfCJyZhX=l_msBkLAMYjZ0{?#6{jZ(<
zZ{NcA;k^L#-!1_<R;+z8EY*8dJgvk)FC-^=Ir@KS#!dMQ?H5is<GhP5yXv}|ZoBKH
zuPuf&1OpwKp#vEEU;ECFM|Sow=Ye4#t`CU+3vdHHn_xFGbQ=@<n3`f_4+{raI>^;=
z_U1S{%FQ1f%yV}Z)oGso<l!7&mwCH@?GC0}{9VIxTM&->cpiC7=qa)1M4plOhr%ln
z-ih*2qz~SU^+ig$=<!Wb0G=Hdv*9rl4ojI?p0(1flw_eYC#xf<$kFD!t<OVEZZ_qm
zE}D%kvMsvC0yXK5S8sxP;+N<bct=!iv6!<pLqO(V;ne=8?;3xjIpd-9P@uR8)-5tZ
zqtvy~uIJ<k7smv+F4#>P-zBGmxeT$8v2{_@=dLUpYjS4bI*zn{$PU2{KXnws*j`o+
zu`!M01ft&&9Ja_`{9NJVqChuDy&(5es5hehN9B_kpJfJNA{Zm-V>ms`XQVI_E3#Fd
zou!#umZg>1Tbrw@h#K;-Ax}H<w>3Z8V`wf&U&2~rYAINIY@Kn0iWEU3MwoDN@!~{@
z7Ml*Rmo5YcgmU-=or=E<PXB8f*N%~@?Tg%cCRuYOX#F6pgDM666wtwyH66~qhg5z5
zVuw}{KiaUvs*K-j=<qDE7<*{w^C8o%k^cY=I~l-Huid!&*@3O!+Mhj;mZ{r#c-aY}
z6kiwVMKqT!PFIkm<f`JAC8zS5ZslA`x3YcJ=$x|I87ot^r4~<}*VB@1SzlCR86(|Z
zZ)IHFyMQV0_-RE?XRL)|(XT=z$j?QF_(`#(CqILXtm8+TnM6ic%Uq4WMa`?M#)XG>
z@iv}PR3S1x6E?cR0Oc}0k&7UgILY&9s{4gg@rDn?6^>k&tJmt>IW8IKCR8~hPOSB$
zCUH-9=yn@PW3%R@ZX5QU98RC~#dDoI5=Noifr5;kz&3TSjvw8Fg)D>|ydPp&)`Uu2
z1X=<#U>ZOeuw2mM^qCyX_KZd6`&b$ewTfxB0u6j>vWXsTV1o@T$ArW*|4U@;F*J*R
zAxprsRtttVWs@h+FvlAl+9vhS6<S(EhGMf#`RSq5!WQd?=01nJT}6U^FP7QiBpB1`
zY#=?Z=(w+m{4^963J(K=B@r<N>Bn8NAbVhuV@*Ve71A$mg+XF{fXP*iYK$hP#yi5l
z5GeTH4-t(BV>A&VSna7`&_9MFqg~-Ghub!G#WvbH27lnmG<5EGa&<NV@6Z(J61cd3
z_U`}v?CUCG<;-c7`6`eF3PU}27C1RRp#pJ&n>OupJ-LIeLRE0c$2VgA#LiLR2Xo*v
zShfn((aA+O<ga+ZaAWjG_&|mjF9}7LVej)mgpS4tGCqMwiq{u~FoLTS-~onz{SD?0
zT3&<=F0|d|wrID=D<>G`cmeqHP{6IUPB1&e>X@1hFy2;COY(Fqge^g`hc}R><h;%W
zX+2A~rI7|iBq~~BNUN~jtv8%7V${WAf-FFf#&9)VA^Zi^T}-dZ^Uplhks{FMEe?TA
zutO(%)bnA!1zS3r#=QAkyZc!kRlT0`Ljw0YNqwzJbdG}bfTo(JoTG<$B(GB;AR@bG
zmB`8b!3xnJZJ&|Qnne+dQWuOjmXI=`>ayb5wMr>~^?83>tqWXSK#KZ}@W$!{pV3W<
zFqy9e*IPo&KSr0#d<!RBK57DJC4K{zGpI*{13ab=D45TK%?y9BCOy1r^GS810l@8$
zc5ePuSmy<NBhsxudW41CiRU9hpprGFzv7>N!RJR9VxHam0}Iv)HqNLp1C9E3<##P>
z?fA{zE&BHyTttHWNs@?HzZlY9rxXz#9G3XHN39?wF-!yV!$}2Lh}J@Y8KOif6~>>i
zNb1IQ4@ULK>`_qaesW<b)h$m>Z~~vu)Ake=1CdRXWn32&`Ys|pku126@As)@Z|TUP
zGyKv(K|QI@s%|K>l(ReI#EQ{OnwugpLM1vCz#muirdN!qb$w?!R=l8+fKVRvAH)Dr
zb10y*Ey%&VKHg?2aoR7HL<VNB422q8`Tlh9a&d=b5eUi$K20@r`{y?6y0Xc7%a~X=
zPsVzP(WG(r?CP<0eAg3}s*WBEmzUJPU+4++rrdCrhWn8y>j%ozTEzftEy|}e3x=mF
z^BFW5;(P+pu6iy-7|xDrIbxX;mGMR4-=9WtEy#P}+{s5YRhv$Zx`G?%fJqT}y@SZQ
zV`aS&@=dSt;Uc%#V0}JFonDRkjN6@QtrcP3&qv+ni@d^D?~Bj->qP;=)^82?Z?+za
zBF=6t^E<&GqW6HgFvlEoxQoQd6?>WJezVySo#lv=ySXs)!*P!1KVLC=Df9$+fYC&d
zLch*?{~WOSBxroh=rH`7wFYIQO(#`)-wm?VqqZqKI$NTjCox3~9n;QUwi88dWx+^}
zT#*BtvwZlLeKzk~f~T0q>YTCl$sxQ8{i|N;^e`u)l6q85&&!wAwlfQWX7n%ywk>4i
z+34%1>c>eabz|K#SzGB<EaZcm@*dDvq-5=k)kIW2Oy~f=xJA_*9|;4j=@wS2n0T1U
zj^*YWKB?>`R8<xpB0vPLi2ppD;enfJ44@0^E2ZP}5mY8T2Ei0$mbXS6S!)u~ZJ_^H
z#@{wSyro;4W)<0GYvUYvk8mvBfJ<T^cxq0?gU6;Wfz`3Ivp0hTUqWd3)#=Y`qa&Ft
zF`FM8t9~n72ylxlba*QJ{OQ&4_PVd}02Q$Q&$4y&>oV40oESkL2p&EGu-3&ARIrj_
zV*?PVVSOxR6jDtSBlSsbN2{mBwDo!-*fo`uiTGTylopFr<jj+kTNduXE1vH#r8Q48
zuXJ3Cp%TW*gV^m-ZFSdnxZ;ZLmA%rEMBs&*d=*bP<7F03=H0QW1?Oo)mReX4O#CU5
z`#R;!W>K5M==CpIy(BtWY{sk?d=YPTn`btkLvWqrz2#|kc+FP3*Db(Ub_YY={Utre
zV9MC=HA*dBb{G>Q;dE>4N4H4e8g{0uS~%Mtr(315He2c%T0QF>Tk~s@n6=!o7oM$i
z5JsMs(Sc7#BdA%Xn>1ubr<Fr4p<20SEd@>AvUWkDO7JU+i3v1)V!7<Z#5b|@#<yV>
zMzhx`<5G7B%l(`^asYoHJ^v=HamiB{rmPdEkBuH_=5wtoh_81q5*Qv&^lYs1ka1NW
z)*<J3%dON-)f$OCD2929@f^+g1RG^Xh<*cAx?Uh+_n~aEUM$O=Z2H?^ITX}F-t|4V
zed504$Oe*pG_Y>`1E%@U55+Po{q=}f9(nox=)*2Q<eC>&nw3L_tsr+HQNDuejBEVW
zZ7K?hp6aT+H-pr@8WL$@70>DA%ZXmz?z^<prt3$7?(;r6bNB%@lSHn=Gz=cS^0ZoB
z#T|Khq1-<Yj9y83a%5u%H0|F+)=FIUl@=!7XrZ%kcAtB|ExZ`NHbwuarjc6#6xZ42
z+Jg9et8A-#0=Nju4*57KbYTCS<jl^svwgjhc=q16Y|F9)Z+ByN@HX9K7+~KdyMcyo
z1SM&J;c^5y8_+yAJay<08FYhi>fS!pHu}Cn^E`!1CD{F8$0VBcO<_QJbEWu_l3~7;
zqq{Z6W$m^>4{hq@K8}ls{Kh_^hH#8ct>OjvJZ2h3rZMwbd_Gce`W{)Q1!5liwLZX%
zPnrqdKr1=ne{cP!uS4}2v9W{TE<A@_Lt+iHETNzp1A`hFWTT8w#M(>JsD2Slepn12
zhnE?|#w!w+CFegTeWle(6iTgF``GR6_yn0qoFI+A0)9iMZBWa43Zp62;o1^!nV^JH
zo5_|pUMMX|bz!TQ%UGK;GM@*yT&8BGxmK5+Z%o@~OcznWUhFw+gZunGI(Wz4akWQP
zOzdips0q@TqR36IBrXeWZ)$HI6K~F8itwKVEo^xuG6Fx=BLz;H>O>8#;PC+~(P1Ut
z$^_Ed2*Y+P-Hmo6D`<16G(Mt4E~$*SsY0fa=DI%5z`7^PBjZJ-PMNt)9oAhKO{odf
z7I=dV^pc&?@}A=P?p3scGN!VVHyu?CXMcF6wm0-`4M;QV-ETdPjKc5;augXw%prMX
z%5qDvf<nfS9?U3$jA8<A1*EM#%h)lWcZ-L#fvUmXL3ME!rtmZpS65S9s;2JMG2R^<
z!Ayi`Hp3OS8b4&Mb4;~?GCSMGxqz<JG0^F5yPxQIo;H`@RQrLc?m5U{{TAI4mYn?)
z=l%ioSRtgjN_+6Sne3)d5Yl8<S{d!QC9cVF1c9!Wu9E6X%}SBku^B0~J{tpd76X={
zV9Lc>A-Kt(;&12XFRq25R=EuLC?NG#b_D;1hMO4#C+qb|uoRVaW7;G&;s={~wU|*D
z_EFL{K<GhHf?KOEdgX5_2ZL>z;CEc6aFOI$W6Qb1BsH9jjf(`O=%o4>Sx-SUr8-Po
z<Sj{Fua<UKNUaG=m|skeUM6F0&TOt5Tpe{-pV3r5Jlp?z+b}c8KLyJ&l2~+grn_Ve
zB4zznd_`<nkA{aCORw#VI0bi*kv2H}LQ+Cls4^ie=>nh=K5@nhr{@_;MH4>baki5r
zJw1%akTRo;QcV*~G%<1yXUWGHJ34O(=~M<=u@0X(kmMW`97FOFdj;`%a(t?3hFMCu
znCc{W5N`u6M*An*yGJt>wfGELxTR;5DncTTRcfk`85o{MvXvTzRGK7@%PY*x`rQp4
z-;?3&++~aiQKox9L?B<3bPi9Kds5_nY#()^JHThPa{Uj|4p;rO{eXOTS!iCm3s2;n
zCFs@OZrWECmlYNjm91>AKOVjD%-@!WfLaWhl|OCuOkm*Qpr>8v)3)@OMsONd^Q=od
zjbJ(y?w!S8Iwbcuavp5-jsZtZ^NdLx)Ju#tY(hi(#qTAC?<L{^2wjWMUP(13T7Ele
z7goy+iZbX_fIntZ(ebCHK!1Et{!7t%TzzYj;sWVhtu=^2gYuBr!_}5km>I0XoTzsk
z4|dO2@RV32C(<}%hN9A{h(dHr%QG5v^WrfBJq7M=3h!cxKbK9Gn3q-`D|45p)x}uS
z{KZ6PC5wi%DQ`p$rs<2o0bH_ZY*!jDqd#=%Wi`(a8qfO!TFldG9DU8@IpHNIx^u{k
zyh_UgkJBwo%QGBx^WrmuyhI+PaNlfM5RXlfGJ5TewRBg63SqvP6)#gH1|H`eXx1tQ
z3LeE|5i`FAyF?2;{pg`S)Oa>JJ+UCxMPhE9aepwyTJ~J!uqdWbWg20EQKZEKV?vl3
z;#Z^yw2yCyaPlLC+PoHEWINAio<44`=h~jI$oQmdid6Q;PiLOrnZgKOf0TkMG&h;)
zSEx|>7Nq;l6QziMVB{fd@qEnp6p4UDS9((tdFk5x@WZ`L;HM|#)9vouKFTx%O(RF<
zvN^o7WzWT7Mj&Veqjcu=%(o{bS-}DMN<~0nI-9ph;z+YmF>t#u%ZSS`EEl!NlO7b#
zASW<U>8W{fWTBZ20B=nH#My(R1V_VIlq18;BBjJq_YhaL#DhUsdQr7pgS6EAII`H1
zvJ6)n%#8jTZ|^C|4)$N7R5FTESU~<4^mO|MJ}s!OJL+(_mA70O9ae+fOOpusDNMgS
zF~dG)bC|QQFimm~Q#7C4!`Uf0C9fD)X*^4tkQYu5^`gYF=c$%3dTLpNGsIqZU#x&z
zAgBdiDzo*#>_C3?^CjGrKt`6(*CDz+jNmP4*8Ifea@}a;X-DPber98(hCD4lMTepE
zAghDpG#L@}P!CEpGd>{$<V5V<^Res{HYZ3yCPuJa;oTiU$r1~d+Qe`J3$)!hOOa{F
z#3HgT9Y2#^cL+1m?8xpDgg)KQ!*ZpOHn7BJ?#zYCQ&sC&>UZ5ww1)TTw2ku@ATA^$
zXCq_6Bj(qd07X3SeJOlF@TmSLNF$fJq8^b^il_RdjO)I=T6ztEnsLj)qlEXWNxB|_
z7ltbz=-%0NoIvuQ|Ft2w8NVB(4O}Ne1mRN0{bRRcefLBzprINVGkr1nD9B}TOItCS
z7<*L+i>qMoHvFO$aOpy_OE_CijSMkI7*Sl;AupnD23T=BBlZN-oF|CdreRLoAyvnF
zT#e=>v-}Daf%cjJZkV%o?TSL3Ej(+Cu}5W#FAfGIWWE22=Q1n>p(clL;FI~4b8=E@
z5UCQIAZ_4Z!c%3vnNOqD;nFp7a}rnJO>;hJn>BqsZlR2aI{CSW+s>-ogLfXyILNhd
zVe$Rkom*~3nsN-kc(YO@;3wh3Cpk&{TqEMg%81&0Wo<+L#5CA)eFZG@Vc4J^M#)mP
zi@*;eP);F6uw0OK<EUUs`O^60FjPHt!h#d-=Z5u6;-dM0mOAa|YIWaRaa^W+c#<I5
zTlU{}utz8t{3p`xEdOYO7Z`$3H17*$524{EO8Xg`D}GmCFc@2A$L}_mp9wk+K~@-&
zTlX<B2!c`coOZnWG_wlqn}%DA+ytFw3zq`X5d^ODpFd;u$eDoS5u_d;02c%{_2ZR5
z$?$<U`_G-Wx_s?l=;IFJIxI8_8C-yzO4v`V`*x#*YJym5&p{kHu2f~g1A*=$?-9J8
zsY&^A4etGgJJp7o?oO-4XOJVzebq715#ng2G6~5JRX;Jn`6JV?iG><ohXe~=z~&)5
z4b3YmnB${K_5$D$R7S?pM#g@|MsyJT3wQ<%&A?VZ4{_Yg$J-8lkWRx@Z6<MeNtjY*
z8B7S$<(9tpaC~FchDvxELU%qc8$M>g=+g4|&fehsMyMXD%r-HCnxO1F6XVL47eqI|
z{8pL(58>(NcW_&<LVbS77^6(bxTq!^Tz=BY77DM}vK@btHyz9z{FWPy7%wj~kE#@H
zWONWyJvkJ+zeq4x2F=2S_o6|$iq}~XMO-V^q<g)+R|wBaQ%ljLy}(F7JR-ow@7$9`
zj&bl&<j5Es)6y85(hF1JqjnUl_V(vs)klOxf#K03i|`mIDZ_4~1{|a8_oz=S;<c}c
z3fDPBSTJuwV<wq)shabzwN-Al=Yz-_HZAP`o$rrf6?<#C+SzPg%O##{ymw)X(^AwB
zMWKCWO#eNdMxR|I0CR#J&y@G0P<j<;m~4KG=qKjPCdKA7)@8x7@S``YP6Fl15T^@P
zfca@!`Mz}5k=reu>F^PIkrD*ys(jh3c<1snqw>IZl(o0HR)l7Ws$Z8K<!0*5u#BjB
zBU&#1V0UWI|C9tOD34unofYsp(gmWy=fl#S>(Z&VkMF-!rl;EFQxeQFPMV&M#Ae{$
z*AoMq=m&BiBv=U~E8sC;POwzY?i>%IBO79gGN_<wU=8}~>6zenwP5Uv4Nc_13(z<g
zmfj!eb<cR3Pvk{t_)IsFU;&cKH)vH&&uTO(x$&I6oo-yBXSlb*KgFqU-NPM8TS1J3
z9B(=06Qy;zy}5M~$o3ba8zuKG)`v!Lnd|_Rd*SAR<^*TrTOj=^ew0F&V@UxnBtD0-
zv)?@0pe*)YR{eOUN3dzpu{5r4nyXI+PBVB^<rHq`Bb7^KQG$aIy8&o#@!l$RM-0L1
z5dvrNnpgva^b~sarQFc!qL94m^yEw~=Y>3T*m;lOS=eBw#NfnW@4$zZ>>aaN#Y5VG
z$9bVUrZaUm%Q(RTlIm|HMWqf+00}7QEIh5Y+~}JT71%pp+|7#Td#mUoDkRj?Ck5Vm
zI>)tLu0C2;Ib>IsO)AuE<S2b(U>%Bkf7B&GbE%}7HOF0igKt65pvGg33C+ea_*+eq
zk}j20w<gW`0goZ*0~W<NH3n+$AgSMDkO;J2BxVXTgRGOLdonaS{Ku-6CsOrHhwGn^
z;Vmxyg0#W(LNBq!OUtMSiyRhB;uaFum#rwS+H$xIj?3qp@}bn-V9ldMUfx3d*#kA@
zTF5b?Xl|#!(Wlz)DM_X$J&w!tk4;^~Ib6KE{fXSY5ov=p2jdf>!osu>+5_MTW>BSe
z-FS^N80J>_#A~bLnJFs0=yeTuvB3=^s}e#Y&z*JP?qpltknZylCeGx3IjHQR5Wj@Q
z-l32IVcDJaZ;1`-0Zpcr|9>C|7~Rhg|I=+Iy_d~6H}LP5?NQa2w4v48qE=SP4pTjO
z4D9@~vuJqUw@4e9L|L#LU&SN5HX>?#k@(;(;%`Ec;=u3>65ff=@3wA1LoIOP_=rv$
zZ7|$sL-_f31ePK052z*aj;~leOJ;73)ng+QG-n(AYz3Hj`{^SH^mTrdJ8i|06>(24
zmg8cMJ?xpdkz`@dF=SeP-+Kj~(W#Y4lO{Kjr6^9bd|_Z$vPQ)YEf=3i<0t%sr}j2B
zeeYDTfAt5XPcF8gVt_tIP4UhP8J{41?_*^1?b~83d?u);?;pqn?Ad+p9Z+=)O3|Ix
z*4TMllMXwu&)+||e=j|$V_1m3w?EilI}-mKhM&g+yJNH{)8hgN)Tf-32D(j6k8p7n
z+rpk28+tt}=M(y}1b?{{m4ie@3^a;1s6!hF1B9NQK|*~Yy3PPS3W<q|1>oX)TyT({
z_mC3o&pV<Q?2C%j$!V91^PH2@T=qURv$?61EY}$|Dvb~XyP`Z<jbZ3|IPg>XD^r0K
ze37i4rdh5tK(|<PJ7cXIPnbaysB}u+KrN|quv?`xH|42pMhXjasp;G8?KbV^V%<vK
zXs`;&E?k#kB_)lzBVW2`87M8A`r#4e^~dPe(@JJ`D#_(e%YL8MiBl?KaOD@D#6?z!
zZFf!%T|~B6#J?UK$!6G&-y||LY_P>lP4(@wuvGM4HD^&DI105VHI{H4AmxJH0g40n
zPgAWE7BSnl=cDRtz$$_n2f3*iNEv@Khfu=6P@oWXZ~)YaVk_gUPvhASn`k+c{YGSy
z=oQ##>ikP<{LR>fwj0`el1LR`w`W{{^cL4pExP=SI6R%70R4Gm;nk%|#r~@P6Q*LK
zxgo&}de^&c3(p6Eun{Dz%y@4aLb%|l7z0KRfe#1CQ!o(v1YY)k*fqeljg)8;QlHF8
z6B`s%dwNzE*wiK$*4u1ay9_AZZU~9SD(z?)Rk8H+vh+x*6Uj>e%G5hrTpfsBdU17>
zZ|^FINib226ws+l;^@nQoYj1N48H!-<Ji>ABHGSljU79-Q!lFC%Gk%3>S-}R=h1H5
z&%X5c=|^`OV$vFN{yV;&o(<ei>D#KTiL&j|s~79gSfdSJssQ{GbQ$^(b`JaSVt5b_
z7XMHm+bI^MZ_4=u!=G|efyj2}G4<lLfX<mm_bnJZ4mx7g^4}mvj0=Za(fVm36v7kw
zQK=$7n1>QA)!Q3ZVpN$i_?-R_e6}#Y=3#e5wPf2bN9#GZ;>ev@Sk{E$$(H!%Z~U3O
z(&ngC`f(bYA2U+u*bR2%{UbJ|HM>J!y0CkoG=_z?WB<(^ptqBvMzLTe;>3mXc=_A`
zdb?fR`0L?+ss*u-^>T68O}0q!)bAH9`FY!~m@}yNZMm_NDl>F5a666P5bIEP@v2m|
zooHRPtpHWe0~`KBw?d{A8H`vlHr$G&dP~Ln7@ok7N)`B}8ui6#0N?u38nj&^wgo|&
zaoz+T#|2yvg|xs>WB3LWhF|l8^|oo}YsH!pw~?hs`NMk${?O|B_AbXVh@3z8v_D9p
z<i-G;p+PBni?uao-qyGQr3QHqK3lSGnz6=D9KiX<<Bs+4yeU3JY#V~K;z9?n6Cyub
zp!tr2=&jQ|l@73_DOrW>pq!UlZc8P1<Qf(gQ;MG|9<##KOE)_(jFrzi;wlH3?cCHg
zPFi#x?`vkf(PIBz<9?P)cFE|@LUSc2j-zVl4s&3a64T(#F;>g%tU~U{HMuD_a;6td
z@y}Z=wRHT_x~$T54fgU|%KVPyRmS1cZx{3;;+l2y-`U(Y$4q7Jm}|UL3n|>$6mxTu
zr^oLcPUiDesNU8r{ZjBt-j6<0nNyW@xYj4ba8=gca{qokbfM%y4Xc7b3X=jpFCVF;
zl*;9jo%{qg$2HGej@*{xa>9S?Xm&==?jYCXrrfyIG_iBD%apaB&SzIdE@PE*{8K`u
zmQrp@mOHSy$UntPPD?H4{02tW(WR8i<am=*;8o3gh)69BDJ8?^YX7`!x$WN_MRq1+
zcaUpx-EZp2E|6UUE4;-&HBQozqnPBKeg{F0N+nrN$}PEuCGPT1ahF=E9P{9Qe=k@H
z8J8}ZkRkN*c+RUEyG>(LOxWzeSov%axOl%mFy?;d;My!aFA=~lI@>s#W7dkT<fF{<
z*|<oTOvsRo%E%;>dZc&-o!!?{h3g3-g$&B1bRop&)gr>LSx85D6<xh%UGJLBxcS~p
zm?0kEdmX_y^B~xelf9@tIU#k0V3(WPBlu<e{m=SXWgTYsNv5t{vhEo9=<6oAU*C3L
z)qMNXuKF+CbxCzaDUnjTTxQ|v$P~O~bN<@g3x|x$57O;VVP^e$Hh~PusE90LSCUlb
zK|MBPhgM|=6K}Y)D!;dLrnqLET&j$lEE8-i+m=5?B7IWG9>3AcY*3d{x=fBYN#z;c
zb5s*snh$#rnvKq4%025we=`*v0h?8i_A;g;g^WwTOvsQ7%RV`PA+_~`(^WzS<vV!T
z<q!5<y8LWu)}v=*$PflN<oEWk6w>ALw_Nj;|3ULc@Ycn4{Ez)w`Kk5)NUGK95NfDJ
zf5gh0-|p&vYX767$puV@K0~h;B0kD@0l$F{ydSvjW<b@TT|GDQHH)cts^jcklH`H=
z$N_C^>)2?3HBJC02)RnERd~GtoQXCL$yl?XMEmfxi}lel+_J)+W3{X*aX>IZ<Bk$e
zr?nCSi+wB_*oHIhF7^=yx)1Gx?lW~@)yL(47ovCns~ZQc<tDbdWqs??{YGl{+#hK3
zoS1FZBUo*MuvUdyiXpA0SV|RgMOQT>b90ocFRXN+=IU>hqN9=)mx%XUmw7=NwywK8
z;$49>+Ki39K8FvyANc%@<2dv-K5Nrqu_eo}CQYgpNzF+dOHHVcQ}IEWrrFrwU1&c;
z#|fu}#_I)@0GE^YZ%}e9v^$|j1#t7SXf(?l;ECp!emw!`gO*M?PFO%M<2C=pp@G(%
ztrHiF_b=5PY#R&<mQsmB!UCAkT|m2cb7+I7HX2Sz8-9Xg;ppy$zQBTuMUZ@c(h*;N
zj1>M4eSCM3Rqs??+{N1wv5=#Wkha#f?&>Y*5Yy^{MUdY4H~O&S6Dr5j?zF{(-6s}U
za6w@4`RAjudX;Twy1hV)RkZI|SCp@hhv5Ek-1Vx5KFq|2!|wakwT*A7373}jW?uG$
z7V*4QSt+!h(8Wb8ssjzU*ak4M+IJsC%1t&{TaM8-@~$sy+km$(s+d+RI4b4B+HJ@c
z)11IFec~}c38WDp@k?+)dgrb8ctTGKsJvPpZ!x-MSW`tw6=nKvIUgdVvimx$`pIlQ
zMGRubT2JF&;9!5<9=wqF0;c6SsjQJ(FK7`k6@XPT)<jxROP!=$4=^!}p{P~oU<7tP
z4;0?@<U{~%hEpHO*+wJ&7kug;ll$yly=n0lyDFA)F!elpH^P{X!2-)!Y(rA|$2lFP
zLrP4Xx{Xr1#{X|S`ODeLZAw@6<o8_Z4>Z63Hlhwol%AzjnTFctMb~V|Y;b+GezyKf
z{nPrl^k3=!Dy=}dq8KO%Djt=Gsz7Z){VKBzwixspOc|UsxNh(Q%|ZW(zK4DX=|R4b
z2#SRkL%%_rp>Aj|Yy!K&Iq*vO0sIm1KsZPwl8%%jbx12RjvPTQU_vkvm{H6;=5Ndc
z%m*wAYl)>`gR%YCA2>st6V4YW#Kqupa4T_}a9y}PxZiPCanEsI@mTySd;`7*zYqTh
z{u;g_{eJrB%$$A>{aX6{^cQD7p80hanPm&9FcSWMjxDC*P`r!T%ba5#X1+Q1_1wSn
zmGfe$Ax))+SR<^RtmCB%<np~jxh8MQ53nzmZ;>C{`^Mg{_WrZ4hcnAL#5qIxV&7l;
z%k~S@s`_i{gX+usKi&WP0rCN^_Rk02J9x2vv%xk}V`$th=o8EfK0NgE;Ung`=5^+S
z7H$o!J4L;sIniO!hIN&7xAp9i_m2|dtoZ$-KOWsaMn5KZy3Sci>G6KahsS?DUOd6{
zV(&q87+pb+^Un8f@TGpo|ET};$#+jVf;(lsvIj$u_rfF`gm=k%<@54fcxJ?nD$)7q
z%;@Uqp6IzVADsE=Oz|u;{&vNSXFop6@qTqhTuohxuKuo4SB>iu*VV3DUB42sL<gc5
zkw@G~945{Z{~~@){ELJp*^su9`bhgp3#9i+Ka#fH4BedEeBDHDGj4ynedhKj*???K
zb|;6Bo5^G3!{iGTA0>>EN?As!qnc7l)Ih3&I!!%G{h0bI4WTJ%Nwgwb6>TT&gFDLI
z(w*X7<X+{z(|yQ&+Joj1>v6$T<hgYbanV0s=X;~QcllKK8u(86@%;|d^XbnRC;H?4
z4+h`^wg$2SR|Z}VG6kuFT7r%R{Sd4V&JW%me1?fI!<gHcH&|v?9UILqWZw!Qg(QUZ
zhCJg0aaM7Ta=vlN+%WEX?lT^lm&M!6o96w`59g2ZFAB^BY(bV_Sn#jVL?{ui7XBqN
z6sbkyqF;A~_?aY9vO;oMYAsEa?vZ|!`O7k8TV->yuW~23OkN?M%|HM+DhJ?@Tno4s
zxcAx!I6zs%Mx>)TFS$7I99u=Zs!<+;Dib{Oj!VZqXSu{rgJV#L-N^i=g%O+)Phw0Q
zYcJTs@!@q^d;yb6u?y=5_2ND%-g`Mb@_*HVrX5*5>vC@CgBimh0jt$xT5G0;KByi8
zw^lx!g!`YM(<StD{f9!_e5e-0pR23ZFW2PXENTey3x4{|q9)c9%Aq`&OZLV1@P8r(
z_ZKj7*aJE4>7m1JuF4`IowHdZ9o6=m&?*Akjj~VQvozJs^2jnI@9k}1kGcR60)b(Q
z(~A9B7!njyXP{fNt)ZJTse`ujD#xECGB<A}70o(RsTR9h=+C%XgT3rCurX-WHy;Qi
z%=P%o-quQ&aK4~@CUJ7H{|f^wMQju``}3Hv)^3Neaf&hsARl(g?K-+Q+n0<-kH$44
ziTcsK0Pk>29fDVnZmgM))V}+gWC)?L9Z&%Qqtf<mU@^nv*h|+g`LVGh>T8n1M1TT#
zN08yWrnR?xVa^^s#&LJTXdm!Cr=?Qt^YvLH$uQ2R|3e-BZMu$>)4!X5<JK3vKkw2q
zgi*d{=ZN)7?T0>Zlhe}f!;6iu_!+tLHqgZL;UYQwfd&dbTl-*L^6xW2^uZTT5bJLa
z9>R`*Y)&}-TwRqO<u2YVMiWzHeqhmI5@;uvKn)gPgVS%?QA5??uH0)3RRYBM*@M}R
zF0}sP;h`R?rEwvsrs;dZuUqgdN!cC$*FnP7IbQ8Qp&(X~aL5~>=odyz7Y)W3We9VA
z!t{U{@6*Z&#7%UI1_?Hb6W)!F%thb`Ka|3*p0JJzBF1zRTt+{;n4E=XIdQ_@!XFg&
z(8k@eLm7^ldk=-+lY;F_F=Th|Bb4L_PV?<K!{g^kT`a<_)r;QNpnin_DTSC&ws0_&
z-U)Ljm_~owR$fI&-#J-F4Z2{;)=k*Z(o2H{0RyZ&or9^kkd_#B8>uC1kPr%ES(=bf
zTM}3`g%}VkgAgPkY9La#)hjGP<t0ErzQfglS2G<^SWCy6**ao5M1%Qebv0CUg?a-M
z4!IwX!aD7|rm9wloB3v4-luP9%PA9t%J~p5OM_A8J+xIZ`0Aw}{PkOTG2AxY@itI@
zABNN3VX8}={TcPqc8Lq)PzY0iJ&6s%%H>c|Uy)3!xN+PHd2As3>H&5HUP$&yCS@gR
zDS;^MO4>zW?eQuMvWrK55&@;N6i@%G2$pOEC_yKb2$V-FfX^Oo1ZPbctYu90yT|1H
zEkXM>99PlPh>fcxbbWDf86bBxW$3u!EwE$@z$rQjbG*3i!p>G1JQgmlm?Fkt8AVlE
zLBvX?$LeXG@F~m$<u6bU=?<>^2doV+P9=l(>FthXfzPkq(=l4fP)|#GCE><ohMjnj
zSb@&Nw;YC!BQ|4dPr<pn_Jwcle;cKeMxMj>mlh*RZq0{7+XtBEIf9!H&Pouk9D(w|
zxm;-k?r%)@!ZJi4vH}Y#w!Paa4WrisC%Y_@3D)|(Rlq^h>fp5hEpM9Ntom>iT<rft
z&eF#1KREEue!Hn2to3`VfDbpW4o-{S@}~KXGe3tbzz#8>Zv5pAk!q_DF|;v+4izZ*
z0!9vlFeTIuxI}GLuK5M&*;Fck^P?r>fpn0jZFocwFp;D12UTs{s*wRO>xCHOt~W-Z
zUPY4})0Aq8;HOvaNy<2a8{ClaNn8-DK(6PET7>8<1)=*~`)5LM_9CwCPe`_Ni+ae4
zNqw@@P4frC+D6T5-aCL>Tf_u0dHE32LtZ+9`s=?2T%R2r(SyNz7l-q5konth|NJho
z%V@VyhhU>;rR^>OX5oNsZ;f@9URthW3NtUsV!iAP$BNcY28or6SsF>6W+602a(us1
zYQk|3B-aWtDt&J1@+1R^f$2Dm74AeUi1D=u2He?Os-a!Wg$|C>qd})*O$;5DgS2EL
zV&FKvyOZ{6Jz0(Kh`<`nTs9riQdo3jV?jZ-@m8pcn#{BC*&~1-2fvw=yFf=?b2Mq}
z*5=~hx0SNnB28}wzYvDw?7{w}^fOV3aB6#`DYsrikIh`Ak}wNc1PA;GEr&QXuaGA;
z)3`Uvo2n2GwJ0xzhVmt;5qSEAc&vL)N-}WOK7%b%4|A6fC0@gj0ZDTi%xlKXJ-C|f
zP1SmMH*2Z#^+JD4p7elTKOa75yXl>D27dhI=*1${wwHe>@!*5d@rQkI68Ek$cF90+
ziqat2C<DhmB>ZI;4Q^YA$3BQAJM%uv#tn{r3Odr+uLs=qeKimCA+DwAWa=<^*UHM_
z=woMNR>Lz*^N`@kj-{abLCG2OF^<hBzs3IGS47|(&Z}n6ToZ|1jv?X|K495|?%Q%y
z5o?`a@g11MIbp<`oRa}k-L*7-#7hp@9_-}SelmAuH4C;sb{dE@Tzjqgr1{8MV1}ze
zBV5o|BKPygMg?G?nMe<ocxe1gvuue#@JE_`{xb)pp2NdXzM^vXYGQ_|L}H+t=IdI9
z1z`RU+XMr0$U+xaZ)&jD#&uL$n7hoao{M(c^}Ny=jeGTK0?ej;^s|!2N5n#F`RfuB
zX_1xNF(23Q<~r#(dD$U$f4;qC+(n1_yR%J$OG_iIO>r1dnSY<v(Seb@R!7~7gQ_GO
z^tsQY*gUWU!3FE$X&a@^AwAWLocDQ)T5;f3E5rk=wG$!&3i)|CiFDmLP@Paw%tz%%
zX&f6XygcM^WG)I9@LKBA@gyu+k`Hc1c7!3v8Y)`{<EopVPy4|8$)Z764gyWXa&TX6
z7?!*NW0N_dej|@2L`i!(>F&T8G_*{fajxN>90lRD3SH;)EaTc>Vb-?4aCbvob}mx?
z%Z`oVg{^ez|Dre?dw#4Xfq<NVd2+==U3SiO{5uk%hlZZx*?jn*wPv<d`le1A`S^p=
z9o<rwJpV`;8$aN`U7H8vDvUzf=c_*lwC8FwmTm9xBV{Atma}QT;s3b^a$f(c>$WT8
z54ZWe^8b;5N$YmjFH9IauX=fC_FEr>IhpTNG7-a%jrXtu`h1BW@cjYB4=~YTlmCFn
z1Er^;Kv|&dLk%e)jPkR{B$U2=HDaowyixT{=j&zKC<`T_90c@W5GHzbec-jKeD!#j
zj(I}Z)G$OeF{>{@AH-B9k*TkEkXC>|s}M){D{2zD;=jA|I}c|!y>qPPLu{wG_$%jF
z(xr>QjaDr7gOmz-F$>i;t`Kl!1=W84?}Q0c7o(ZN+><PQ%cYiEVv*lkL7D-JbUwUQ
zf8R%G>~(bkZdt76YjTl&cB_6P|1b*`n&D&oGN&ff$7sYzUUXKH2vfm0SqK(rgvOM7
zSTbEqvgNJu^Np%p5X7_qetXq=$v<BK7}A9}QoX3unM(_B;@4#J!;MseoUM1z){L^4
zn3OaaYD<QSNhLA7`{vE6CFdwk%iz<8uKm?7sTPnLr`}HA{=S{G77*jF7WMjvP@i6p
zZ3QE}p?M{fX}qHgGa%`c{s1?^6(C&mbnxY0^$ZnZ2Kau-q_7+Mp<kk{MKUXx&3U8k
ztOFf5`1(D-kRc<v&<#f$8Gi(v=<`ZC8>%iR=u@$_O0R7dadqe8wig`gz~R?#1F1|I
zKX5%czqpu2ZNRC%JtdtFm9u>k9HiUFLC4A-Q!-4kk+3Hy)*@Y6(Ok`ml+$}twSdiA
z&K1V{ezDNM7qRn;ETc;j5S*`z6>5PnO-x0nuP3%gjEd8p#ct%!CJ%=DNP9^7ASN>(
z0y!@@0!|Go>F`%t>P_jS0UqrG3Z&&7V0v;o&8xCh0Q1L|wmd-HZlQ`JCIon(FJFRL
z&SU}%<#G^PVj9CB%&jm{1tv=y^;S&-Z#do#@;#S!=~A|V>TD0q7@>Vc^KE|*WMUMl
z+Os04_}AQUB*{SIo>sE4=DI~CVkhH>SXSZnRUqpWgAwT-Z*p6T@Xaj~kZT;O^^KK_
zJO6e3M@#*wC_xhAIj&Um{cXF1V@2B($5N^!yZ%j3@iT>#Ha7C1a;2Y0iSydby@a!|
zlktoyhFo5EHh5GQgld2oFL{9ebxNWFcEPdk?%FI%6!9psELH5#4m6sU*&5VddM=Aq
zS+v4H27lD9rQW;;&8ckFYo0Pk1X72ExY;L`unlYV;SO>YEnrE8RrI_Aj6_aZB@OQp
z)fK!J8ArydIJPu_NNBLi36dzH>@#AwG3?^(UsUT&{$*_41~RRSeWSh;uB{Nm$+eaH
z!aZ!EK9}t8YLA$9V<0Hw{KXlJr)sk!y-Q(O6E5S7`0r9SU+ngI*U-#6HD(xg_vWkr
z{#ITAA8=mt^Wwo+CLXsL0xqe*@_Rt)4=!zafco`FsG@xOYNLu6+Jr&}I2JB&4em77
zC!K1oznhNfL@T=5Ft|Hl)HcrY5k`%N+PwjdKXSkhW7{LRwxwwGrPen#)(1T=of-hS
zTZOo|GO&yl+1e&*!VYj%8}V)u*HTM2td@HCMXSfjM><3pq8BG?BS?d#hJg^QvMF8Z
z>lzQkDmz$P&f2zfMp(xLoLxB36S0ec6U#=Vur9pQlB=zp^|V@oG;crGKOJg$=g!5M
zNe{#A5HXMsFB<UhMzphaavy5F@Q+m$i;g_VU{}_AE+gN5?#FI@j~x*A4ks02kY!uk
z7KloM1-!hhx6K)On)wvRl$YmmB9&juR)9jPe#T!qtc+=3#jjZ99q);99N#J>@-6uq
zCl8kr6GU11d)Y=vNPb>@faT6{+e0Ww`uOg}+cS>R7D?+AL;;C$mB(QT0z{$d9%Qvt
zqkqao)D*cIRW=CHUHdX%=@nw2jp*G|%VcLyV0LS%TZeI;lF%T{E;I1FKhteszxQrb
zi_UR!kA5Y<<nkd{6FkH37G-nmHI1z3?v=&a$k1&-@?+y85B$E}pQ|{Mz}Fy07wChT
zr>ky+=~7~AI``a{m2&sBBm-^r(WqFbZQJG7Qn6&9&@S39dsKjT=16s&*O>3LCx2n~
zYun7}b;B2C_OyDmI+n3earLiOTs&VuQcoe;$v=-aFNffKdS`*^(^yLC{ru_jFaP-q
zTijkx?eVmNL@wQWpk^C#=}HESnW{Q-{>;DGr`ZK~H&)s6Ji0D+<{|1+O!lki>jaA*
zVLOFr3>;@67On;@Bmm>ml0yIzTrvbd)Z5U*?IX+P!+kaMDx!u#tgzeLq(Q5l`m&35
zzM)vPk$c+uz9ZeXbM5e90c3RWW*#4FRyF7Tf_)*liUTzl`g4DXdPlK(*FYF@JevVg
ziqBxD|NG(xKF;uRR;3>wc}1EYs4qX?_`+`^3jwXa_1~{Nz&j81DxeMeS7?wFon!0P
zy<J0#2xE*x6-`G+mM+_-6Qx!q)vAsgX;~-Z3)$DZLR?baO1@Cc=Ux=b?eGD<9`=Ue
zTqZa?aJj$t=QYQzH~P?`b>_xkZFn|?HAzr)-2E)8;MK)?i}b^W_2#up|8@SK*1!Mn
z7k)Mm0^Gq5Ez+7T1#BVsjlv0PsND1Zn{*Y9_;41O>&V3!aBwz7y&b&omAlAFm<Ce*
zMAxp`qPW^H>BCA=Q!vc*;-7p)bck%>y*lT;(}V56C5x4%<%WZhuL72{gd`J#BXs6F
z60kUKc@PDWFR#V&-%KiuapG*Q$#_&j%<4QM0{>EwpGpWTuwrw|ah*6DsgbHgD+)DH
z8#YD~mI(_x#t~$yF>)gXmQ88{hmo)pT{+RH;l^yBV}v`78=$N;!?<>n3aBnTt4biO
zi|a^Ic>#q=<w1EVALdsyyVLQg6nkwL+}sJ@oPK=H#t2R?YYPi;7$w{mr=zi>(C>IG
z*I`t8+;A;52o2bkp+dwAWko}ILu2D<|Ffu|c+30ddC9JWdyiowC$>2#as_|0YVkn4
z`@n}6yc?L|X}Cd-0p1Z>4ufzF5AvwWK(_IAt{OWJ+qq>5ein6XU6!mk^>vkp8?)(9
z*OnY3A{Utt$ISKjQbi5s2F0xDA^2*5Ck4#8V;2&3N>ddkop0D{<>}x~iMvRx(H1gr
zwq;;*cQ(Aw>tohf9zg9Xvbbo7t#S{*bo~R#a)UUNMXt?|3B~e;hDTF7qC&T30j|i>
zeo~^P(~M4AH7r1?r#jEHT746IE$O(MYOz##O!Hicq((5r(5C=2o7&z8RW6+gzZOxC
z&Z{5PY8JscfzI#tHeptPnu9_gdM^;fY#?dGMQY%sk!waK1fj(7l%-B!P^)A!WWpH!
zd>iZNFo5bZ+0G~Y1WSW3tYd+S`UNT1jf~7c8rjwzDeflQEw)lpZjtc)(Bg))o>(S8
zIGeh|&{f{l;nxeWyXafhKm3@=!Fird`eBjSVrF(yyg0PgH(if?&sR$Z8d`$>g6zv7
z1JBpj;jSO_j;{E8Q3nuUod<6u2Ew9Iq{o5&r>97@Mw*sJiqP?9VW3lnt8QhuBZ|i@
zu8J93^IVw{E(~U3Z%~<WF=l987BU*c8zreG=^%Sl*hw;9SgN8kwtic_MQJL)`e00i
z9ri{wVX?bDc`!c$RbZ2-h5K<|9je*dsOMmK4qRus3fmr`w&zE3qu-G)<!{Xow?Yjc
z7n1$2e+M0E$P$u6xFv++5CQ|gYvuCtV@G4>IJE5-MKInwf@B!8Yp<F6wBMX%=>?&>
zj@MItrXn+xu(zBfI~d06XH4k;Vcgc44(J~S!HYe-PWTujBUhIG@E{k;+e&4aLyW;Z
zf6FoyG|N)8&FqG%9@zQ{l@MIrqH>J~$fui|ynA;n4R_zW_%7h+uEHK+e(1S7oenT`
zKfc_h$P6!W;eRY?mSNBSuRAsKBGddD;u(Gf5KjJ1;J|t~%?@6-vb~LYzP}_%@<2cr
z!#C(jzmN1JYLZCnV*qQ4CMj_rx}mgil#I_dsh>QxhjBR=SZahvl$OLT<=;e=>{Q)G
zKNfyrfaO$^;Kn*jU8u*9F1Db>Iki1)R!8)>{Y0|cN{H39-8~u{Hk&V_6BK*+>n4`Q
z7n|CbP|FvHj%5h*H)A)6PYQpfJ#;I02lzT2zyq^zs$zNh;9h<z2Y&cwGh{m$`m&7*
z)flBKgv+rTR+ovN+jt$vg~)Z*CeC|i&<uRPlG!5b!f;m8F%Xn80mYCS<Qr;E<jfgF
z@gtgC3_6?1wxG~)<DqhclGak(tUftY-P8E?vPX}tHG}#1OUj-1Mytn?d2hN=QKbZs
zXEhZ9CoSni*{CvCboz*8pSFp@-_ekN|JT?z)X?ld%@C84LwFp9WEPMslskmh@v}Y}
z)laTW$rlXr!0}VP0$S*^4K!}7R0r<`=()kLrs5q7MRzrnlEKuf>Qh31v|{oc5tz-Y
z-8r*EUFxP?T0w(~xjx=hMt3O`m*YSc0!jk7q`~@(+S69o)hB)@XJ)3;Ky9`zI``Xg
z6gSOdK^iHBNG|$kkvk(mo>f(dNqLY#UDY=;)6b$p+~e@c{|_HOGIvgxN~`W=Cmn(?
zgiLrJAfNmIh=6i9%)DhBSuRQr=L4_Sm-NyUpVrO&e&H*MqN5JIaG+TVwxxUHQPiRn
z=h^zm{8Af<UK&>W8X5Tm-a(YW^gmjh_l4vOGfDT@QK(;9ugPdq8IL`i+UxVaVBX|5
z26Gw1U{az;e}1P<Co+RsY`VF<laJ~go>`(f3g%VrTH%8`irXt9FmU8m3mIPDj%w^D
zo*Cu;RKz4TQenG3b#K?`FW#P(zP&@AEq;Azr;2#|e>~6*Js<CXQ`OK;;HF=2B$mS@
zJm@W0#uVqG>~fxaHP?ZwVSXOUR%@1JdMJkTcGLUS=ggZp@Q&gXt)e<gyHk~vaw6No
zC>ftIWdzR0FSqPc8%cf|Him<~gK}|bC+&#9ljK8>!G6!PMN{ba59~Lp41UzKOg)p>
zvW)Wxq`yL7;dDtTDJ%}$u`AK_V7cBxi>sTE=K%bBZ!^2aARk(hv8~)l8uJx~r44#X
zFqK0K6BZZe{PnG^LYMfLCkJ#|x-U-*nvAbg3A(k38(HpbPPF&-bi2e}u;@+iim>Pm
z`P0I<l(uzMl>~0>9fA@*R^XnL-WRkNm|5`IZ~;#Fm8~tf*sqcauI)_``{#Z&#zs-L
z$`KP>?ex2BPRIR0Uk#v7s*V>2(?Di?jMr&V@~|)ySVMca<7YSVVsDd;?iavRhjcKh
z%O3nLdk-y7&rGX9{*|mM9!?xgLrBFjT0a3wS}bkF8mo~yZuaf!e{^kW_(y32mSCyf
zsV$q#>sf8D_M6wk#=6rF^{?wUoyf#|=mb+w*kD1-J2c2YY?~WuT0OU2H{KcQUh4Ei
zCe}HcPF7+*^!J@tPIz|b@0jPuCDgEM@@2<p_U4z@?OtNR!Qg$J>?&dqA}Zr2FTWeW
z0GmV)oAk5*`Z2-wNcXZ~m#4_X94GOizz=4j?WXwu;9lE3U(C(UzICH*=l?Qaou25R
z?Fb}?X_)4=HJQq_;Yb%2;oZE~(XH7i(xl!Wc8W@<A}W~VY9`qn=<Sq2&c;-L$V02$
z3lTPQ_~M4JWE?8v6Dgw(1KJ3jac#r~)|Tay&7Fg~^>(#pl0CDtI~tONj@$!Ny5>C_
znxRe0NZ>oE0k}ujzZXZ8gg*n}>v>^9m6*GgszS(n2I`@4Yi!S9(ma@uM=&P!+YFt&
zvW6+1cJqb`U@#yj<Xkr#jdT7;Jo_-4oiMWsEvBmi@R<hb(x8m7Jpwr{wD%4gN-;5G
z$nLv`EOaTmqDxPScgd=jaZ|tyb?460^DcuyMK_1~D5(iuFO=888IEBd7)~}o7c@iX
zWKN8Yx-klT%WlM--bXg=zF{PTpT2zb+8`>{M&o|&#la|1p!L{qDlRx#=FiIMG~(lR
z@YkfeekKlQu!E`~Kn}qHPO2ShbI|G5Q}-1JPV`KwMxE{jXQZFpy*jMv4fC#2o}1-G
z_?xRR1EK*W;}ggJ0S^;VWIt9n2ECzmPqZpUa23{J=K>$a=5482v0>EXEO*aZpPmb-
zio*j>v$!4TUIA=SuQu53?6C-31sF67vFp2yoiJ`mZ*Fbdq~hux_1qR+(@`9YM`DTA
ze)Cc;R|L9m3hSQwJ;S`+`=T6pAdd#*=-V)iQfK%D>Y%&BA^!nS1*(8o-mhUHEch(v
z<5x<;2I%s2|DbPoJo*~PhSKQP``yS-*aLeyJ%MI%)SGeM>E^iC9gZd&gZ0Tw&7`HE
z20`psa|QgMh6CmF+Cc57>0vOZj`#Q@4z;LP{##QGwt5TTI2`*Dnx?(6`hmSG<Ky!S
zdv?tpvun3gGkCtHI>+&SYLmLyRQ(&tgV%;eU4e;zTf|(?fhMO`^>xD!YZp~Cw;X3_
z0kyx;A$`<Qat<vPX$RoPBdXYR=g?Bm_9FaPq8>jI6^36{HQ@Fta4J->WaY~$Q!>az
zhcC3<7btO7YIvw4YG4+IAGptfi+Mi>vg`vHS-Pe_oMgNg%X*s6+3a{8s!6#e>Qws4
znGPJzM^X^VIl9sopO*FeIXhU0Lwc3GUy$drq~7o4wJX*+V4~9Z>p0v?Mv&1(U)5GC
zw?t)Rs5d@i#w#3Za-6LsjY{(r!YtQ^KMsds9hP=4#RgTJEp>T7y4{3|BRG^U(^eEL
z^Wi=h`<jq*Z98y&P&Mh1rnrprrve^0Oqn3!8sSo}T1p-Kf+e?1(CK1fhM!vQYE407
z$}}eNAN%8I8S&+O;B6{ny8hp3TuHM9Sz(tQ_O;7F7YJy%G&)Aw5^+>C*3TxA|1H11
z6Yo(EAt|lLVsFzC!-#@uudl8=)?sMdr3GWTy~v*%>|GASvEOblT}b*nBe42VLpu<x
zIrV|Bjw5bA&~`hYtS#gfW)-WvIrq&f>Kf)l$Y=Dgjn@wZcwhGnYG4*-U5Up|N<<q?
z^B5P>yy%an09W*tyG@{Lg=XmMlu?XZw9rB!43m@sa1#a$FB1!kPUPpJ)Z<8@sgj;|
zgoq?GG^&*tuHQx?47g(1zNwIr^n$>TZj*gw;)ttobuZdY;I)3!oy+K^pjS7yI%=ug
z<McikEhO9JCfwD)X11on1R=u1(OshU0i-?$yFih4pLZCC<XWQ;uGZH#Z;kN|e8Kc;
zy}@KH7X~%zJTeW7B`*(5d_9^~QGP&2necn@PdY#{EZMb@3_h2PiG~RE2>obq4^ee@
zi7mT_4%u4GR)3P$t5zbw8LH)kU;KyI<vpg0*lbmNS73*Vt%=x}Yz|Tl(Nrw`8nLt^
z5BYr}s8Zg+p6+MDaIRn>J#O1NtPkVq$o)drG{*XR`=|FbHQClgq1sk2+;ZmHemHow
zs!Zu3Hd{&cs=%Je?w{zrXWcuK)R)I$FhSYGihRR3+C8$~0Kk0$tKs7~3|oQljrv#1
z|3E<e!(JD_zA7U-E1fI!{nFP`Q~_moORcI)O7-2Kj<7=}%P~6K1PxKa3ri3gHYs=8
z?Gjtf#L{9EmoNPT+3gwkb?6J*Q8gFgIa2d?AzLjHz!|m%izsKD*mB5we#VwXC7+!4
z!4T&r%Bw95z=;3;W;de9uOFxn`hyXnf=_s&h~2VBVk&7{s#?cmCBnT?1K|R0tfP5<
zo>*HMu|qc}+U#FQ+pWj^Um&sFp$zx_(>JDQZqGtP|8W;EjY1gC{|D;14Y?C1@L4G!
z@hUc1g=6CGXI?Q35IM2vEc9^;My!>QDtQH5d%k61<q#gH)w->I^ZKAut&HwYdG!^~
zD<OY_NRypH0XU=2;;M}s#-hop<h5;m220aZ(09z_$@APmO_R}7vNi_Q;{L?24+eyr
z$648W%|%?viny68SV^McWTPJe%UM;&(tMs82tu^nPmcX#rl58kei*KA=+5CXAO8BU
z+qh5X`d#u>Q^2V4+S$eX%>4_7u-j+kWk!Ej9?1Oeut;B%n!3u~`b_(loCqv>!C7X~
z`R#u)ZdLNq0-OQ<ee7aX9IfQg^fQi-Z7=#v7qzErJHMiqoy2~|0vz)mnEDqjB{{HH
z#Kza#loA=~<6y(83xej3gvtCEH4%FpyS<tYEFfQo%?$qug=4m3e`N66h27GfW3(?!
zcK)c9?=+j<+Buqj)@lMabEnnc`pZWNbG+yOWihqDW5$KybT1)Io%k2a=lr6u0EfY0
zx?~}?Ljj|gA@~oDmpt&mdG}2!N|)W+R2V68C@9<Dwpe_MvIE=Cdg!5H>WXRDy}AyF
zvqZ;k+|KYH5d&*!KRob@r8kIDLJDx9Dumimexg(aH|gRZ{pmStFud1&6Q)ixUu*Th
zOkE4)_B(0UKbiDAn3tc@;RgSzb$us%b$8%cUJfkqOT`jVSvCByIg4bGV&P=M^h{wq
z2KMZcI{{|1nU#0FzxB!~TMSf9SGFG*ySe<wy<2cYtD|52RRTRjnhp+T+mnv}O-qY`
z^f@cw{>IIV?Zx}=C124{yWIb8Qm#Z_bV^PAqu6<=$srS_TrCvmsFW3t@eXbkwDXCE
zL@Lj$#QpfGuasNVx{de&w>Yacb&DlHp0#w`<c)0?t@Fk})guaAQ)2$YPN>6XsD>$L
z$9cp5@Fa-_(}7}}D+;%!YYCsjOG+=3`_YXO{iO2{+~WF>-FqUlubzNL`kUhEjy^oZ
zaS-7m74F^$lg;}yt)q*mKK5!wyBRru@FStA^HWrsf42dDe3Rq28Xjuk04h%HMZ9>k
zcP>sAha52oqK){NNZxD_(BS9dvMtXoj>2Xz#pRpNbKuh3m>Yk5Cq6#w0J=nPBu>bO
zd2WX$Q5IRCpz$gS+#rxya1Pblx>A;cjK+58M@6`pvRRl`M}u}V5b3z5<G`&=9CoAU
z3yAPGQ{jc0R8zXWiA4;+k~trtcKeKu>v!Ipo^~S}gy5g8m9FVu%sMh=^k0{H2JiV*
zm?Klrfj`-c2>loJSy(!He){<uLMG39D!ev+tjytL^p-|Ea9)^F;gheW)i>K;UXM+4
z0Kv=ZjmA5U35;x}0PH}(1`-7?4IV6sXCIJJ)Cs}|#D?!n1Gky|pz(}E8L;3oNpdDb
z5~4{TU4rgCdL4XzLFR*t<bl1EApfC+U7ymR)Rq~)8gj#Mf?rQ3&hwObyw-Lyv?-nY
za~mvs&BX-@uD6gmBc;Tw57I6w(rU$51S@Y8fhQdBBsNq{JDP)-cXd3jytIWQ7-v;)
zAllo{LP1jWv{1o^-J>klN~@8u8ZPya$xgM**nJU~KpX$!O><Xk*$bOrzCCAJV_13`
zWU!^tLu*4o@AV(*O1o_S{SC>uLx(xoyX0lvmJc5`-g(OHtG6qRvT^Y_HLc{V)`T!Z
z{Q2bt+=rXn0>UGsRd?m4d?kN(lkU})p|A=Yp}=pY4=(Y7Ai@#^zTnExGIZyC3sjn-
z6@xGd_Gqxjf^{y7PBDH!ai~W&7jzsN5f617I0Uvm3tFdWbbD$vIF}F%VkW{$>UEIp
z%}}RBKp)-Z$y2GPYH1_5A1h}Lc@0+b?k(_qt<mgj)N9p(-?W3aH|W`9LO2ZBly03(
zSmUp{nRH?K--4{tH*fx_CdwHuPuQOA;J7$e;k6OVB8!JY;LR@kD%lVh-|>v5_F92G
zzSc9ej#te8cH4C8(?H|vc(CnH<bSt&s6l<)DzhOjIUn@{0`|gVcJR7HFq)iLgS_*Z
zlikQxTDT$^yEV@sjb@+G`;M$sQyN+-8H50!+ehm~46iz*W6<K@%>f}SMy8G>(q^CU
zveNXFlRc>Fm@AGXLr6KrTiG2(aIFqc3gOa?w>q|%$dr+7A3`>9T*MXUp|p}Y=aIl%
zHVsguB$TNR`vG3qIqhWgYq?UhPg3^t_PTZT?ITBSwn@BG&0QZDo;!^V3U=zQ?E8&p
z0DavT9ScrB6{QRpIP6`ceyFS%9%tpK5w>~^HdN>q!z9zd!xE%4IET8;7O@RtXXM75
zgFsDiKbHJ0QTS6Md(NorWsnBAP=0$8`T+XtuQuLMVPy<OL-kgp;U^fV_-752q98+q
zh(aO}cU4}?Ev*iXEo3d^+&rgE&gUiG)YObx8z%kvEg@Yf8+puUzJE1nq?U9pUT>#0
z%$CL&iQN*HQ*{uZa9X@%EaR9ik2cwI`rYF9(a5F{>sypj6|%5!>a4O;e=JO1Ju*1>
z_|hDB>G8Qiyz<3ffnL^BE}>d0REKZZN3{M)@a6^W4Ir<F(}8$0_T`c5v|9*Oy(Gn|
z3b_uI!w`ZOJz1=W_yuF{hhO*K)W@6qxBSo^^W`BCIep(M6!Bm3)3?#^hfOr{GrpIa
z)6ZO#@uLm@q}u_9bQtAkamfyPeYUi$KF_w#t^)&U@cz}wwNYrUj5Wgtz9`}kCXvZp
z(DAf-03mDkZloqO&~{5S)|6vND-~6CV{e{8k-<ZK3AS&Y7Esk+=2CtAV$LVu8AZ}7
z`gitx9$qsS#I*5yraadlE=y$nx{(Us{picvc!6@<NVSfFw$Ii+u2L8%9rl(KEEZJl
z_S*lVJ;MgJ*I&_gLPfYBic&056f#!=%hXk%bVw=Q$utK*r?-R5?m$g;bGflYfkuyC
z4qO^HW7lHWOp&qH;`z(#YP+uX6r41~i0?(X)~J};KR4(fRNhieBdvKTwU_Gr)&NO-
zJS~tV@j|`XGMdIRzvYCT+>meHWCu2$wKggvWAtScfk@qd3NRMgYnwJ<t*(uh`-(fG
z%6lf9by9pBCO|*7DP`3luN3E@d(9kwcD=K^rs}SK#cSNz=6~ikyjoRC=)Jc>I(k64
zZ50|}i4cy~zrsaGwCVI*1scc}E-#mB#g%Bo8B(}C71uMUJu-QyJR@*nY!2$M2+`np
zC{JbR>@fwu*FCFtkwBp@Y$a7)AP5iQQ8c*R7+Xp-dP^tVRzQz%M>I!D0dH(b>NrYS
zMAjJ0253jN@I>5QmT}1TbFw$y4&@^wUfXhSN14yHJjFXYc5mu<2lb}h)B1%i$N|6j
zPSa|hzE-@^$S*E6S;GD32mk!}xn6)4F4r|)&pV+84{`aG4Wn{2#NP%r)bDKN-=7(Q
zdN4L$jQ#x<<1NY^Wx0lcbRt(Y1m6=_vnULmfH<$==y0u0JJ?lyWni78XZpZNb|S5s
zD3r-f6x30}3ml1KR)BOXG%205&ZY0)%TOZiQm>S^8?t|(4A!^?wxp;Z$z^NkUd??&
z*Xu+6r+-^R`H&p{QANQvSd`KWU=3IU{nROs*6!|mI_1rWhjjZzXU3Z>SDqJ>rB|IJ
z)~8*h6<BrJYG>S?Ri6%NeJ~{7=VF`d(;L}A{Bakzj+$@eK5M%1m2e@76}<L$7qD?#
z*a6=bK1R;lswVj>$h_QN&~FM?*Kvv~>30@-=R*~~`;qHyRb?dR<hPzq(?3}B{lNcA
zNo~D)-u6C<E2XXVem2Hg+-W}i@A9`tK6KSz#|*kM(lM@Jn6?+Ml3ZRj%wi2p@PM%{
zT{R6AIGWNjAO=0LzS`xOj4`_IWI4MAL=y?#fwPcd*xp@TcP&7VXHt8?Nj_E*9BAbo
zju6!>>ssPua5lYbo8-n@6JZYJ4^Q7KUy9t@e)Z1modalc5ovAZVfKtPekzjT)FR((
zcSg~6w%A1@49$Quy6$8-`+StlHY);LqkC>A@tps<&3}Iwc1(M-8_OUn?4wd!r%DdG
z4S2eKdAh5Pb)%Q(L$2kWu3$a#Lm~WyfUp*hw}V(i!yTsXCkw?!@6XHk5xE>yGntgM
zgxhJ=R>&1~lu{jywr*qFP*E+RKOxMc8B<=bKUd>$Zr~|cf+NOCM~clBjm}d=cV4gp
zi_GLiQ_w{4FYW)jno-4PRf%36Fdv`VyPYc(JUA^JN?P!(%{SjV#g}4K?eS!EXOd9x
zl2+AUQQL0Pu7}nipZtEP({~b$Cq(_w%yY8!#IC7pCCK!YV|e9+h>IyVVOEXqrfjwr
zlk~lU&y|_`1fjm9deOB00{wkD_})jez81TwAOnT4*yo_KJ~W(S1rl`#y+*_Kf>32E
zqJ&sD^iTkANmWV5-Rtw_eI1V*Snt+`9#enDW>?gZuIjR94R!f=Ze6}McgWr=@;&!Y
z|8nY2@6jySw^!M(xLvGekp=9@@>YL+qN)ebWjq_-&D$ly(brA%AHemg=Y194-bKDB
zrV%%@$BkWOZL!)X17{asJYMkhgUXFn0Si3&i_!d3m3>bi)ng3?>NlB96hX@q%9jZ}
zaut>4cI~Y6m1R6n`x0x)(3eTy`Va$M(TzI?yni*)JP&jnRW37V7}q3hE}_RHALXZ|
zq`k!#pl9idA7AU9fcLIi5>^=!wr91VNw>ADnAwA1=U3vdLhL3j!Rb5sRdIHd@t3(f
z5>~Mw4DQe0dFj^RflK-Xk9WGpWuEK|nS_~WSE^UGu1{GoGPO=n;mxgm2$k4R2nMG(
zaI7|pf8S4!TIUuJfWWN{>*e~~s%6oQApu}ki_^+BF1{WuI&3uD`2`H%LdO;s!*a+L
zFyxw4PDK7Jb9{<(%QmmoXhv;_5lL`iPb6-eFVXy(vZ_12rwSj(<NEU;ZD^VMV-Y0i
zLB^IgP6bQhNWw?e<pZ?Gclztx9j(gc7u0?7go7szTO>QUV*#B|TGr^HyE?5!A?Ns$
zGoXPNrc*<mKFPknRX+ae^!7n=j-QapI28PoaGi+%e;Op@96M!|L`mQ`I>im~+qH|c
zw6bKe`nAr<Rn)Eiq9S8U)mzjtIV81sw%L+<7~7Wa#vMJfLJ0i+IIpubo*5+6z*3$d
zXCsdOu?W&Q@e$=*S7VeAlh~<5^WyNXT>}0-U%93)bbRtwA-h~BPceqp4{MUB=^JxZ
zGN)s<s<Si>6wmeKr1E)$c;Bc0|7nnBG91=Cw65h~pCY*K6>nVJk>mC&F>yux>Wo4t
z`fwS9Of%>Y8hG&<iM9K*x_dtSbh-PwjhAsn3~en|ZXxCmix_h3I<Kj#MNG0ZO6k_4
z>hhk#HXRFH+WA*3L#MbAajb>wR|r((SD<O(_{;aD$r?OowoOdTWjih})rK8<^=6t;
zG5!t4gJh^2qT{yrV#u*8jXEzDG095ArEYz@c5&zQ=j;E_=0JkB`YU#|k8I!GzfeK7
z_%L}6bFMd*P81I@nMvb6?d~bS_FdX-O7X>3YG{mjTy|+P<NE`#(%YPHGj#=KIu@F{
zG?zG3-S{3k?eAcV)WXoJR~!bjRvct3%zYRxS(3FSTe?9Hp(y5ndGWcN*C5iozL{Gr
zF*)AmpPIfKyjL?-owVQnm{TnJ$j5%fB`k-A@sE70_Rx*BenZ!gUmj~T)iv=r9H^&`
z6GiuHS9S~Q#S+X^=-0*zI=>oK*svpV;nFD1pQqf=?t9mUEp!!-kaV}XZ|-P|m8`eb
zd%Cc&v%R^QpUti2&o)Vt5hx(TbMaM6GKW?g6|V#~>9j|tQ12x{+YmDTIcft}hE{?%
zirz=nrEUDE4OY7R__Gi*lxPX%Vmu^E`Mamk-AjVD&A}LsI{O!4Td&J^iry&g!U(^<
zt|=7NAFk8Hz*;Dr;;qvYrz&54WKIiDIbryQmMEbu{%HMnMzIunmaeOF>ou8f_<z?M
z<&F@Tw^y!IVJSlIPEi-IS`^`As<twFZQ@;#sN9>rGG$%zJflA1TlkRZQu;aryEsgG
z#+9wAUEeu!FHz;?N=)a!wx4+d!cI_0ck1TQz)vV$wPOPZE=bxEr&!E)|JuwI&HB_d
zckfw*ezm;ZTUR}!lg%%6R#zUF_72+N+JYe21?E^RcVOThM2nikMbtWay4G{iwc>#-
zDGRz#=n5Vy)0bV&as7EWMZvsNFC{QmD^kE!IcGD;J3&KBL)k}<iXPr1O`KD3zqjwt
zj)I-VzO{*%QT8#4XeBC#;@yuu^$wj{T1bEX=k;T7>Xmo1ciXrF2hGdgqGtWNUwHZE
z6LALZP0|9__4k_}4;_beNqU!cY-rxHJ}Lb_10JUSKf^j%uj9xfnL8?so)!7P50y93
z7FHvLeVgr)Z?nAsAAoFZ-|MQx4SwP|ITO6BWEyA@IiZ|JuH#$5`2~-5e({%XWHLMe
zzF^}#4)#It?J7FgnKm*e1Y11PFL;lYr!Iq4{MrUB4#1-zU=JTf=R3JC<7pajBR-^m
zr=m`#yR(#3Qh{lJV@}>fTo;ha$iLsBEd%v4Pl7!<pm}nvt4`jeLWO6Ak}Au{+|M#4
zhOFJ<<lO<X!pILtPSBy*eKo#lGfV=y9?CrV`DS(WU?MZDhHyt_uyJx#(`6DBTkG0F
zI5cx*sZy$WXl2PWBaO&SF?L682IeYoC!|J;$k16NY7L0>n44}iHMyM2W+pE8I5(wq
zny=pr=Fat<@P;&z;5$nw?Mcuz20N&+a<pLy84zsdV@41h$w~pdY?2#A67V(+PoY**
zCzBlqa4M-Of&g$$AvB*sMyJbyvmG;xO_O7Cv6&25ZWkHASvQ<GG)>n4>_PHEtbR}7
zM9(rD7}81xF%y?2Vk4FwYovJu3s|+S&9;U{ARl!=%*^))z=%!q=WD$FQ&r$lkGk6`
zR_Xat@EzS!=5PXHX&!oKC>8eQ&lO~X^SPQnsJ0{aIs<y9HX-M+0Ulrk45)J#+!WL}
zaD2m7(NbffToGa|ysI2Ej!}02Ar*EY9Jq$FV>!!BdEWK1+;PVBPTH#w8?ta|n>cxv
zOB?5U`3NvFxe6)oS?REPQ4Xb5I46ryvX^9eqEm<z9#x{P4Zdpx{3NfUN?>&MEU8X%
z699_>*=QRIq!3YS_!DWZ2=w-qvC3X(jP$j?etD{`^Wb&cl)UW|qEA^hU=sOUih&Mb
z1EMU#TQT-J#v?*+&iFo}%8vz&ZXJQ8<J?8+Om~kH@}+ehOL^Qt+Ml_q1l+;!)MCqq
zgp~#abf@wPgqh&S#aup82?N##6Tk@7JxmET%hd%>cUvh;NWhbCBDL<t*~fr;HUih5
zDL9=F{%5wNr;GIq$-tQ)S3B~SllB;-@M_@jkh)AV<Ra#Hk*m<vulk(x*d5ICd96>O
z0?(VA-r0S#hS)<7JXCh4t?VJ8WG**@Y4Z(T+6MKzl~y*h!yngg&wyVaRXn%0kr<uL
zK{nw0kbg*VTzyn$_V#FB3n-3ml{oD*aUTWE=A(Pw;q>14;~rtUCU|E1e&RgBmmFdr
zUEhobm8UVA(fBt=2+Og?1LCR?m9HM3oKfqEESepc6cs`)%4)#)i6Zk>)XJF2w9ERe
z-CM6zKF)BSt1ZLO_!aNFJ`6Y5f$!Jb26$d+5~i@4l`IgD3t{(cG&OA^yYC5elsCq0
zQ(tu31UkU1_i;-(`%r}f%J`b3&|266XJtIL%?Oijs2K>F04;1*T!g}C3pg<5ud!O9
zr6eCL)zMTEG8QdxEdyH6N0^^@)s{ll(>UC(c%VV$oLntv(MKNjgG%1?pdTs7YD`HU
z*j`v*jfTbTu+yk)iJlyfTEdk3rbEl14S0@vJCYvZL44l1vo^R`9Vov#Rg$7YA4y!8
zWg7B0v&s)f_=9*-Eh6yD6=hWT)XffTh-;qf@-aNn6dJksrp#QeT~J(Yz!>PGw#9H{
z8HUDU6r(B1nFf>M-4+Oy(GbH=Wi}hCip*deSCDi?b1kg%dum^GOVx4(mP2iHuk*F+
zbEVR0uQd!5BTTUOLIP@J<<KjO%Tuhqb$4Y3$tm)RgoVfkLN<4Hf(1?maN5GpKj%$_
z<3+bufPormM7WV{Y7C)Z5QYhEJ6)esXwQd)$WV|Hv?8=bQAWr)4Juor7)pc)CT_|s
zSL4O{Phs)!0xncr@~{EAs<NE0)2!dFshEI1L3yq=J7#gn*f{W$1bb)D9tIUOpevd@
zQs^+u^A2m{yPf5!IqZ5G@ylGc!(ezXY7bDRM^T%$5z>P7`kKf3TUXwqPG+gydwCa7
z(L|-^*Xqbiy*nsVsAw*au}RHNt8f1KR(1FQm6`@Pa&`(MU8u;kivSxGq9PINEv6L}
zc`=$2RHGu_IiXanY9SUa#dMQnW;8894`G&?4F@q^Lu5R=VcOJWFf1u&Fp+e|hgSL=
z#m>nr#n>q^mZ_a!Qv<`#o#h)M1!F`jbC!&6TMc3sRY#bY!uIq5X9e4#1iHo$1fJ6o
z9oTAY1+G(TvLS8K*s6U*M-DNGMv)(1^|_!5)VnISqFpJWo4h_-qKA_wv}mL)adWm>
zQci}EB{H&m*YN6Fx*JwQ@pHpn)utAQf5M|u&%WQHZNSH~98Iw+4eEHgc&$Tm4p9<{
zGY1_&0`)u>lyV7A<7r0L29t9Z@UmGN3MUd(Rb1#eB*b#LQFWQ`xUH<niw;rJ#iA4w
z?g$c}C#)ezb!XKz2Vq8WiL|N^El0wrL8?VQzcLRQ^G1|%cURnV<@3DgB3Xq|yd@~L
zLm0T_J9O_9n4EOFX~h@O$0&@+q0MNZ7E#`IxgA)7NWp}|I=xZT+|*Mg_x@d}W0|Hv
zh=1ZQ_RilJ4z*KYTfgbsK6%aX{YU~dtK5%+BYIlHiMf(hqXvtQ6pd${DoZxFnj+zB
zpls;L|GS)65;02L>5?grr;tou!!}`rxIp0=SDF^FCz@3rFgkUgQxx{?ajcso)8cVL
z2{vz><QNFvWnutcVCFexM=GINL3RyZ0*K(i_b$xU%EK^Jbj$Tj5eAVG1Uh4?OU(2)
zlx!7ikQ9*xfC=8*G6FwQBuY~E^JaH_qZ=7+oNsfC+DZYZYB@V?y@VP~ym?^jIVbJH
z80w6h17!9F#Q!RylVZ(A$>H(m?q+Bm-#$P)xS+1@|3lz<*<L?}$-}>}f4QxUfpG7y
zZaQJ3a}jRA_mC;%>I#hv2FBo)Xuc?9I%eDwQBd8kF0*q^S3-!5cV4!&;N7``sMM-A
z_+kzFKrk`ayShDXH4xcNuh?=K_x;dKu+rE*KqO?{REuG;zhXGOth0^6O7pxRD*9HY
zs`4b&1xhgrhGT0xs%=`r4n?U`Fma#i+5j$7#!sk`MLC0gbr0gKverx|UqE<?LApih
zN~PB7VyFy3pgHNlsVZB9Be7NP3bKNkS&~*nlVx3XrGes>bWf;wR&sM<Snp<iY@yOp
ziVlWCsclg(LXaTE%EQ<Nh>*SngQv^oMulvr2kHZZvr>t72n^y_L7|%X%K{$osjY%v
zOr5?K{Oawa_1@ZuW`}69?xB!mEo9tSVo5wRFZI^0W)VG~acP;M_js$9j~+kZmPPBV
zPnD$IwZPL-m2@qu5nH&EZ3s7#6`uBI@5{Sc#p#$LO9zDdr(I&E-%lwOnC1OOXFvei
z-+xk(l4{i;3V?pSQ}yR84)^$>l%gWD$Wo8lfLZBpA3cIPx}zEG2(9C8|JJ^<+Pr_K
zs>vx|p+Hdb>VHk>`cIHwM(eNFPFec%>v%98WtM(|uQNw1-YuO;-KN<wFLP1QlPW3$
z2li5|IXiMXOJTWQj}7zk{v>Fgi!QeebmR;QI%yT7%qlFVW8=zl`bhAzkeI=X2y59<
zgmD&8&KkyumgKZU&ui@xGkI**{1oE<(GVBnA#j)g4Wcd3&$2ci$CJW23&#4yU~CzK
zP%H{*f8yQTM=y#cFNY>q01i!?4p^d+zinPAp3ogaidMu-y}93}jE#=Q?8C^n1Ozqw
z`hcBqMT>W=u`kt>aaBZqwl16ulvVe1qIKJ)ICK<^cTyEunp?6Zt$32^FV~p8XnnnD
z263vpcc>-^>tke~5=m_{^%b4zlAksy<*PF}a5Y0Ry*E4D!n#wqGp!Ox!!NsmXl2%-
zx%{;Tn@i?nDwT{k+X`<f3yVQNutX%IrcUFiJ~Hx#hhCt5s)58Ahtn;HbpS6OtC*bQ
zGkco0S_OwDKxZTipc$bwKD~^E;*_k7sDDcd(PeRU`}4`Od<6OTD9n!HQiH}F@!jcl
zYtJZ|bOByvYqT<c5(UKw3C6HOtD#pbqQMxSo+qtlvoVJ}Z<&>g5nKxK1*r3=ewjYH
zc2{C=U#D2Da`6x4bl0wGp(3DxzE+klf)A?o6U+iXs<J~4?ZiJdWyV;lb0c>ATbZ^F
zRni#t4rubO06giji}Oza`%IK5u}iNSe`@OVkzWko3x~42U|%S>K63uG?6v<4>sT8L
zi8^?pgD0^MXNz0XzF{l^ZU8iC_N#ev=4E+r{ArH?f(E#RC+x&}L?GrS<+dCCFE()K
z{*BWqy1}ZaVLm$pfvn##H%2R1$cOxx5%<yYyMXdb(KTpsVv$&tD`p1m3d<FXk4ouU
z-oLk`2;YA7cJfqe<xh}hqjD0+PraN`s1m1F2o5BXgho|0Tib%6%1k`7=w*)+HtmCP
zr84y-qLkp396fsBz>^+a>YL0=>rEcgTC>Lu{jgn0Whbj4b&3tq+_-n2@9NdpY$~wM
z7V;kzy?7UBx|op?L4p?5!RnoewMZ9qg!D%9g3|3Qej4WyVx1SA8*cKf@UCY3JfHt2
z_Z1=?R?r0s2xdEqZoq6CRp;%V02PE=M7z0qG$Em&bQ@swK+%)o(vg5{Si5DQagRNo
zbrJ&s<BtKvQ189sK%qIw162ALH)`sZ&_ml)X)tC^(4?>~Vz^d3O({t*aU?u&C>?0b
z4TL9<T6r(M0%56}FE@3-2s+_hNf~f8>#sF<qj5Vyca3Gd1;d|qrJ;}@UVS97O3qAE
z%Q@SFRM&6p)MbV0fQ7DQtUp@j{J@EzW6ns=;MheKx;_eoOt9KYJTMv~&cFzmWr#Fh
z$Jt5wYTLg*Y0$3zz<r?$q^4R4R>!>1b?<7D!*tu+V3DXm=_FN-!uB?^%%N0XV=5K8
zdb(K1dIy$)#tt^3^9xxt2+=DtyGzrJh{PyWjg5!|DV33PVCm{p(jX40gmj)xlr#uN
zI+1=}tc<Q>W)w}N-IQb*98aq`nP`@AWjPzw14|-CLbVgps5`V`XIV0&Fh*oD=P9C&
zgqWDHQX@=|)2x5iS&mF6!BKhX@O(P61YD=ugn_N~{f~Nh<`*r@gbaO{7=l!wi&|XT
zDzT^09G>^Tz$W!TC;mKM8ziN;F(`C(PK&{DP)<rbbI)87qUDbgGB}f23052l&RATF
zP64XgRi22vsArn9?ifv}qGN<YHz>2TZ-i>3dDAoe>u^ReGJt_5GlA`>!Tdd5W#ML}
ziL;?JXJ%e82AK*mVaoK1A-Wp9pIP2$Z3vGnhhfkF1&Rzl4oB%FAg#RSh8C-vP`%z0
zeYG#sbJ$rIT6owJ780fbx*=NVP$hJn$6>b{5TpN~+P&>(FFyUFp~2}(n)g<wtJmBo
zuJ53}r*iOtgi#~$zo_S`JpO3G_kjjA9O~zi>VT9~L!h+1RrLleQ4%3Sz%+7Mt1|CM
zLNQ{}&q-|CXBaY__A1bgo02GN#cabOjryJ-G-`=~Mj-t5$P_9wM=4Igb^QGeHi;)4
zhyYvx7r`}yrYNX}uG5ls=R7+GOr7v%58GcTYX*YC+X=c(syAEz9An(V;%=bzClzYw
zPQ9(ba5YzFM<Svo`j(oSDrx*5Ad>KGVyrfH(P3KidbG>hOzkdH&zqCY65*^5rZ0${
zBZV#t{YAahz%oMI>NR6r;ChR+IlNWPOrp?m8Ibq-T89s#kMAW+bVv9Ax$;Y+C%9eu
znTU*)TVa#T{?m{fSY#!#iY@;eAvoXBZG|nL$>wUSue2zzlDi)ST+l>x&-HE)c&z?X
zSGd$Db-9zj^hd|b#;Dn=m~Vc6dL8YMEo^Yqy^{mA)QwvhuNDz+OSd@16-ZW<O7$Ue
z1vjJcW3V=dK|o>EBg-8S{7i4_aIijyu4@_mO6|wW436ED`bEihLsNt1SXM7Y8=UB^
zOvW{r#mn5G9aC?Z!!QFc>|-_CBp0B7wve@)KpJb=LqsL^12@kN=Lidwo`QjXuJ^dE
zDM?~k(4?D1QYL?MKX@}Z+-AXD>0Nb2+v=6Mp_^ZBR%^wa8bT!>IKS|)bBzj-Kr9p(
ztk}Xy^E9V7hZTI@^nCNZAVub6;;*NoN#$7FIF+T?e#<oZ$;}sfIxHrFj6ZSCC;O2<
z=V{WRyWRfNl!6O8O7Y$Q+KBAM3tz>og#X_HAYl6F^?q%!mc%pvKT*y+3Gm0m27UnW
zm-7d{Ki|<W(;rtnz#0i4@IU4zHjY!2wU?zs-iiCXk9@{UQ6Da!UJUbF9%(Q>7GJwk
z@&+m%myauZw0sHz%vBqHDo4<7^iBNnSN@xlCmbp{lY|$jGfgZIl<FL|)6=Mwx)od6
zekID{$ep{tWXEu5N@gtjp3eKF%iminj~Ta1UZH|8DvPIm!Pftw$@Fh7dFI6CQ@J0P
zCfgA+?SIqEb;XY|?-2^y=tFwpduYrM2}IWvH_sNLzs+zBP6d2=RqSo<qb!F9=gtHz
z)zIR`6df+NFI_^^pB=27(e900Te4Kzm*$n2#xH_H*>4&ATrmV?Z27#w=O>U}RU7m$
zP=YL^Bq6a#>@Ytt8|$t7r<({Y)Nz8SxlU}JbL~I&Up9El3qBKrVBfzJSZ*ygT2}Z}
zSx1nNoIHp{(uPnv8e~X#(tj8N%VsLlJAqcyM>^`vx1(#Iaw^0YiZctS#4OTDsE}^a
zFTFF<ly23jq)|;RxJ#w@#7Cl~mSUz6tG@7MqYP*dX*A7(B1xqdDXo6&tGX+q^Dp)J
zQlTwComKIQV~;A89%PlDdp`?+Auzp2Xr4mma&edBl@di!1`98my5bK3c4iQi(=x#6
zY?+|+ab=afl---(<bcs5a#7I_d0_R9d{8<$<+U^_SoMcWc7vjd%}}Z4FbFj)M!#Bw
zv7(OEIQzdHGQP%FpwNYxOV4q2x!37#&-1hhc<bqniB(&7ZY|$M=!={^jrs<Wi#uD@
zykZgQaTOi52kvaM-JYq{VtXDb5#l%v!Jh3{x0RHS3zb#NM#nR{MbfKkqX(EH6AC{~
zZnbthy`!7kn`4Luhi>XGP&@ak$dxTpZj-kfE9NF2H^W<oQP^T#PTRL9U!H!2&H8yn
z!+IezPhL;2fmc%#J!U<M2Kb%NV{$W9i8C+8f<~yNOcVW-=wfkEmDeI>R1{jL(gs>J
zf9M&T${kXuYr3{&lASGmzW;`kolciBDT}fxhjJ;8@^MB86+-2QUpm!POeIi9r?Qx_
zV#kS#94~%?gozSYlO!~0vgD{f7o`YKnF=j+nzZS-r_YeFT3>5r&XSc!HlEon%K1_{
z_^y5EA$8>E{gOKTPFy^E0z#sEN|2C}kyB6#eIC?tgvj0hL{!o15F=KccpBOm?U2~x
zlKR%?OOYx~x{UlAmnB<{#c~U1))M&&6e?0|sS?YS7SwKKRw$3z{$~5lDiv0%w8q+4
zt@pHQH3?d$R-Jn5ZLra%y4#${&j9iPTWn3-HafIohn-1k)TCL9R&CmK=+vcKPcmQn
zd42i~7&Mf;VIxM3+10hiP1tSH9((Oe*_8c-cECZ03hTixnVDNyT3MHcTP?zxbsMra
zZP~UXSERgxqLQ+Ts+zinW<8*`4k#5^7orD+>8FMxdV=h`w`dF&R}7v&B#|l9Vrg`#
zy-co9s?-{7@d8Rur!{I9NhnP>@`LDbmSsEnIAfse`SAo%k`-0c4b!q6*Ykrgijy>}
z<VCesZ!}x&&RVzE9}Gw9<BiGY)^wZ8;|qi$u|z79E0m#O;SrHh(JFOJY+SrXn~<24
zoRXUM*~CfTk}!b{6MG$Oz1%@DZlGlBPlbN;9<mz<(Ak}ZAk}|~Y>ak`(cm1XNWQM%
z7j{Q1`{4^e-*|%!C#fMvy@S{HW<A=gtQHu(bB2}pRqzSb1lkzDbYQMfI2Li39A{Rt
zTKVGP9*VL%9>ZR)OyO8)i>9e8ixf@5j<#aLDc8@XPX&(JuP54_avbQ6uyi@II_+7L
z?a%OS^Ct3jenHMbEp%HsyJ@Vla4uBsT!?Q<&b1eENMDSea8khX3|C4nfUoSpE?=%V
z3RObWQnwIx3#~MALvG$Aq8KV=k%M~utIGFr?2y~3Xj6a9l5gX<-nuB`?5)eEIaHb`
zqz3*eMz~Fs%E-bB=e3r;Rn}qUN@d5>R_eIM$_5WYn-8kCnPB9mRtGf?c>IwhDVx&%
zQNb2nOSi@hWV^n;j^)Xsl01!F&~4&bl3Lk3;2EY3DC;vUlX;#4Q+OW8R!6olwEn!f
zhRL%<*q#*yUZ?W8^sDGMCSSP+Z+=RFZgV7^G<<i&kuu5+a~t0KBheG*HVa_FR9~?V
zA7gx3>ci!)s{}MsU;vSOIZ#l8c2S5HcXQpd2+_(C!j&9iXfJh+x-tQTf_ljMFmPQ^
zcMt-m%mI-78ek=9&79#m`JJiq&QYXj(!~u4>c+kB+`FOSJO%F~DrT<-4<38gL>J6^
zUm_hs7v$kX@EZNtcOZTxBjJKE!)v%LVX#0(g|B3Y?X2($UhAL2mrKVkw5foB1Vu)h
zSieCaIy{FfP7bG>0l~njdm7O(dpbxVk%4gV6cZG5>UpnFf#BtJ(Sbr}u;<-1YfpR=
z%qr}Hx<Xe2&ty#Cz^SAyyA2#{gz2d;HK(mpZ<>FOImHglA=m@=9Ka&)BAWb08Tfj|
ziIlz3h{5Xzv3%HnN+<LXgYvrQdVC*^E785I{nGgwpVVnrDm^*W`da8o`VEG5c!Dt~
z(0icv6xA!;HloF}iDTI(i=Op(QW-*~JS<yq((j5<oK!$?uo<CdeE6>R{{7R<ZVJWj
zvvD;gFtQ=sYBt54cuBc;H2l4KJxdHBsV^rpo{UEqF`yRC#!}U0*^LO=;RlZTr9wIj
zF`<+oqj;m6G06v|2Jb3TeF5xIFIY75Ej7@Z`*Q|}&Pz&2p@ybNF%ljcB{jf=Od4%e
zCYh87BV+8(=_oZs%%#Dm4#&nyt3gO;&`~e)M#gMO!zp$=HKXg)ndxt06`4yW3+B-O
bwiXa1|0kCje*b)qLdfyn{-tZmn*#s<cFxB4

diff --git a/pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-latin-wght-normal.woff2
deleted file mode 100644
index a74a303839997c63097b6d524d5e79e5a1324f03..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 35904
zcmV)DK*7IvPew8T0RR910E|EY6aWAK0W7!x0E^840RR9100000000000000000000
z0000Qf>9gkS{#K+KS)+VQid=FU_Vn-K~#Y%Co%wq0xxtC2nvCwT!DiN3xp&9FoKV2
z0X7081BgTfAO(m32Z>4y2U}tnQ6n3}Nj<J^L!c8&W?h|f7RXJf1-j$h$%0C9Ho}ID
z17Z*~QU3q$339~PK)V62Z&kuX2Rl}GcbIBsEGSJ=s^DT>qq(L<<I7sL+O$>)WSoNP
z=BBYbOh8<RTry%*rTtLEx1Q`yxAi&LfrLQ9Hzi)l?{z;;H)niaWIuo`4*yB(?_enB
zLu7)<zG_zFJVzX^>D%Y5A3M0WRbAn4lbEm(>L!3zx)4Jcs(PkZ0d|WvH4ho{3I9=D
z)cX-xRZY#z0!H?Vx(OKQzCsSqZ?pG5AP9oRJZ;RFo6(4sGghVU)MZ#87{zp9H7*3V
zDP~||$D&x2i`%hzK-+4t3XABaV#!=8Rg45Zqp<?>qax1B;&6apoBwo!7f07czRTt^
zfeVhjBzsW?VI(4$f%+XLV$}4z@4oh`bjG@P{-1k$_c?FYfc=CzhXT|(mD+&jgM}J!
zEGt$`!U4=3dZ*UQwq)@L04#%y7$<4@2)SM#{4vsd+XZY2ls4cD|6Nr@qS&gYceXLJ
zM$eq+uk$;9-PhVpRu|Ki83_h50KbU*>7CmDkVZhZ9Am;QFZCkA_v6G5@#hB^7O>k*
zlN21XE!(nyX3p^NaOD23>+sFC4w1l5(5C?g9>rSl@0$2q78uVI#y2%FHD{J9r>m!D
zq|2c$mEz#(zbIP;#xb1(f`>4Sg~?v!mSsCkC8B--aDiC>{|j>qJv^hC{EUgL{D&bn
zWXQ^pkeHmys~#y<YC_Kw>go5boh}eQAm)>+wbEW+S3kIgN9s=^Biwbu?qrl)to&@>
z1bBWzc7ouDgaLGh$flxneDeRBYHvFu=|bd>57dS?-|6AU$Cc07(K@w1gk1T!sRkg1
z8~~&=02SU0$khWR$^&c~QsN$vTK;2#)GBP2<xNpea+XuN07;z(Xu~M^<7YaiP{vrM
z*tITwdY2)!mFw2_G|ew6+17>>*e+ba?0*qQgf-Rux@TJI(RhNx*s~!<y>7{0(u~((
zqwRk=!jJ*F3|Ptlkh_IPGlB4U_`GTVo~%pS1vCyocFh`C1r`OsVTKhTg+LXkZuj0Y
z#eq4hq$m_e(0$vl%nRVvi`D6dh!=vo$Jbw{@HEr>yisb`dW8{YP>drMvpCHu&8g+M
z*Zkc6Ev5VZ?)g)JymLN02p$ZAAQ%KeFc=I57Y0G_2iaCfUVb$EEF3kkM-Ge7V_*Ts
zfB(dsJ`X(G|80KjpO|gwSZXdO;(^C>Ar1&48e#|`i}=U-s}KmJ09yc@0dN@@Q6OyK
zuw|8lod5_=dqEs<3d9*VKtziM5hD()mMX!40Y(A>2TY7u5J(UL<UlxW0E6?P^Jy4B
zjT8cC%Y%7(i)yR$z$C9~mBXMOL8*~t(6`@)Vfp^EO|~L;)S-@B_nZ^w)IIga{xq0}
ziy|tch^w^DL?KF9$r|7U&Jv9xoEe(MZQVCmh6dgwd~1bllO3u@_30J557w9!W`lJ(
zp9}avBw`|`nyodpmfo=wdmJRe7@r_QsjF7M_`1}~4;Pslr`77v2tWV^D!>9kf;;@c
znF-L6yTL}0CeU~=G&2qwFN1RvpdkkgFp7Er1Rwz5tc))418@eI^T5>x?9>=WGNz37
zGURtjoLgy7n5m2};u^FW%#i7;vwTwK{|*7X%sk)$mU+*$1Pi6<gWg(e;W@0;Q=X>q
zK6_${an1Ox!O>~txZdTBPkZr1o6XIF++O)85-huWPod6~gMBLe{!`Oy6?pu;a|h30
ziL!Hqff=sOYkqtYG{5QEdiGl8jMP{vNU-(KE8p{hyI~*Tc@#vjQ}29B6U!b5iD$CK
zz7=frM0s437xdi?@vGYL_`gHHD^0%bsmarO4zU-%?0?`gW^gJ$(=|Ls>=cnc=FS#8
zMD!Zh->U(piF9n8CeVWj-t`&f_r%sOXdjeTPRKuxzp#vN%v9=)IbxH0`_{O}q5Y^^
z^COe7)as)Sa$Bm~X@$NXo|`P6OPK4yM0t%r@U3BPamsLV+nZa}D<2I+!nd;LLwgf}
z)?2=KQDRn9jx2HfoV+dFWKUIf2std`M%wOsL}`m$(f|GA)PTx@Nred!u=vafNvj;X
zE1ctTz00*JYYU5jjNQ{yB5axlp`cQH<rLd!{SSP`{<<1jf7KMWGcg;iRxN5w;nN~b
z7ucb9uYkYhcZ9kTpyyVH*m@aWP#sa*5=Y2dn#kvAliV$}Rj`&r<;H`#f5a5p0sS8h
zUQ<5!F}{$KWumQ@P7XU?ul!{!bg{03?^m3KaxT3}9m1&^EwMg1s4o@BBi^Hg!Q2^G
zQA<ekY&Mmxts2T!TkXD;-j{{Cy4PBgY;nGI;`YVER0-}G#Tq`H-elt+K4NYzuOThz
zc1H6L5xN$L)jYW%)?7};xK@viz;T-xHC7v&uEE0XBU*KrhKkCze059dJXjy;$5RWv
z<g@fOW^56(ndA1h)*Lm$HjyeB5+cm078pVD1#NIL@d8GRsOcsWe1d8G*@K++w>g4z
zUC`mk3YxCauoNmcM?VBSr_?Y5l0OE~>`Y1US#&gB;}Eok6$o`oUVJuBkZe;PoYH7e
zR%lBi2)lV94D#i$-qX;yc=l>{hLc8r@yMMT%k*m^6-If#S(8!C&9DK+3Z^yM3hpl?
zf<HBQD5sYUx&$XHEHM#BT1!~UK`Sk(P#Z}=n2s;0Z3Mxpl)!I@JxOw>1XHqOme^>t
z9EfYK2F47hzC4nNp@1HR`c$}i36F-{Z%dweK|#aZP!bXSdQ-d7obXa{Ovt}3KN12-
z$bD|hnwd)2NynN^Vn*yO=uChJLW6c0!4NN##@(=ek%+(K9x*&k5lMH6pjL!nS%k(P
zD4JPlW&f8&q!9goVZQLZ`sP6R+fCRuhm?MOj9P3TTgt(nT$KnVNGDoLdDON#d=p{O
z2*pR+VC~1MXw0Pf4x5QpXxb<Y2n_O7k}*vDd(*o_Xhx_yV&q{U@S9NJ9}q&_yfjUY
zm3B+Y#D`yfr3KBuKxnZ8kPxIt<<Ucd6$0qTBn%XdF{#ToAd?EP@^3X446zQyYmTQ#
z6e22}q8}PM1h>PHTHy{lWyOi2rYa>_P15+4piRkrd~EyX$8u_Xpz|&N0g7|-t=zD7
zIzuTNl7t9}Af>XPMF6+3MAQo2+wzChw$PUa<2rrumOnGN%pCVNOXNrv(*N99zd?JH
zRlnSfo(T~(j>MP>pQ>EaYzkO>zJCFsbm3lX>(!9+mu01WDZ10?bj?Q=H5gw5BFQ4w
zEW%CzU3jq;+e^-^#}IA+c^r2weDQr^cyY!7*@?xC#L7Q7L1+(+8XBLvwxXUh-7wiU
z;q34e=2@>ys7==?(xg1AEBnQw_;G4t)3^%CKm1fLf6W!pi1F~94_4C&l2!?U0!u7Y
z*lz8qS)7%K$a&}MYmKB;l6a3x9B58F2@L=ni@m-XAd9C6-hP<6c9QYiBcbSfK|iTs
zi_;Gd6|0Yzu`nx)2@lXM1A^!IYOzO^S0`se8>RVxc7J)D8gPmmh%=E1n1uIIapmmy
z=Of-Iry<@}bDyK>4l`<t=;HxVE~M$|_jai*2_>{$;15A+_f3BAfFN_yxa(%~M401N
zz}76%nH%<W`V_~z`^2Nh2;`H82nVO(S0Xk!wg{Cp0_b81b~->Id^G!kWgN7b`v@~t
zjw0dYzoE!UH(CT9#)!Jx1i!K7xvgkg_z=ydH7*|fRgB<+cl#qgQo-N93Bw%C*glmV
z(1@YaLr^5eEZlR3!kKyG6uat9ETqCBw8>*Z&)9~*(rRtO0+Uf`s-GOi0p`!;ILar-
z>C~S`HQ*(pWg!!!#tM3p#bx9X5Il8TW7726S2O#XciFItMN_{vICcKfd(`QK828`c
z86KO&7H7py!q|blfNh{5ws0OlVz=Y^Kzf_DVPGh;Y@uw$U!J)ZFH?>bNB@Tf!fV@c
zi<Uk?sZa#C^M`Jj5NAB`?F7;(pEqBKtMdP_Q02_(3Xn`lDJvw)N%dHv0@1uD{n$N0
z6C1GTep+ej1G|!5gXn^%kxk`BI8N4XW>tPHns~4D22e|rf0s{rk=@H2|BOEf?vc#&
z7hj7o!=b6MIg8_c8l5+N+|SK&4ORpZvH#=-jHTBW{*#USDWL{*kUcj#c{|McL4{)D
zb3Dc`qQn|mS>Mj}AD6hQ!zb+*9*13l7d|W+bMY^~q@o!Wy_^2a`+%u8FzzC{FpE0E
zKE;niA$Aw<b3!K#s!7S3QvMusfKT7|y4Kt4<45-|dEx#W*Mtg$g5ozk4Qd1F@!U#6
zQ22EeGMpKUk4pQz_sp^f@H0y3jCtjqISYOv?+OK&mhcSxtbZtx2?!7**lv65wa-D9
zTz1tp*Tsrcq*RSZYBlK5i)X-)VR&4CVh?r=3J@gN?$~qg#9pT#z(EmCi|gNliv>Vz
zykmI=v7hVX+ByAw26vfq$xdhp5G2@cd+c?<K@m=itA6XOAJ@zj@CJ$Xv-&Z(9--We
z@r@d5-AVejAwZB|yX~>p0S84mEv}lC*ZPdr-?L7k;hlJYDS&U(Sb^BN0Sr09u;)OI
z2sio=B*}9@q0N>hQ+l?sX3mNXq8;!6vbPr^Sb73L9nPexILt#zG`NnkWv~<m9;JqX
zKnW&%9dS5EUj2a2T%_?fuunewIz<T-i{_GSC9bJ-PrMq<618e`ONU-}PRUGu{ZnmT
zkwqKWzVQt%2#5{nnFI<oL>;#p^`7;R<O+G**v|ftR8Z)X!J5m;kX0hOLL5~dS44gB
zB0wSsM(#;@z=(J|L0(7h8(14Kml{P+3Fkx>K4EjUDlkJRld19=Yo!SZe30nML+6<R
zPorF4nKhl6lXYGr1~m->BRpk{dGe~1fF>0sY*1@>E`=>38v;V<uy8{hMsfjYtV`wT
zopAUjC`sU~1{hbWE|<YYhaSQr4u(+jT(;6gI@58x`rJKvKyvLiIFJ{MfSf1;4;%|Z
z01F*4R0$1=T9;ytYaUC;G5uSdhssuhdv65O0noI1hj<BTBd@CtSQ5|HB}kzn3(6K@
zOA=4V7&1hxpNkqXnOtv#@0lFj_w?mCBsetB4K1UB(ovfQgi#lfR|6`LDgUbp!!i8i
zDH04<#7ew{Vocd^{i-luqd~`?V)oy6d=6?J9yOT)?&ITj^ufZ*Lx*-i%gdwt#-R)B
z|7HH`6H_xV<uSlx5bLkogg~`h**uI1b|?#5<1=Bt3eu(vL~NID??AUGlbG}AkYH?X
zK2_-rchOk!vB8hm>V7e{3{Zy@2%z5Ypur#tNLw;JMu2v;P|&6WGaiPGtLCNaK&)1K
z#=n2cxvCsWLD(w3NgeWdjQhsLZD68xDd_TmXUg^GFG7M&Z5Rb2#W8*r14Mv5S_)hv
zvabSZ0BP$2Hm-Xb3{!CwU~i67@zQ`qam^@;%zJ|H2H(^EU}EbIr&l1$1+*zvSK&Qz
z`Yynk(GaT#73aq`@`@}Au#xT)T^#%VALRQ-3xx`U9tZf@%5Vn)=Z;Z8ql*5Wr#J1M
zwSDwhpHnK43t$2LsRIL>Pa^8q`VNGD6#_>A#^OA!(K=(Z4j1x19}0<>$Yr@Ar%F|+
zsST~6w~emZHwV_x9@`UV=B~MON{v-xHCQc9htuN?cq73~v=FT%2iZcllN}T%#Z7fn
z%c$ivFIs_m=ze-7BfzX?)v)WhA#Q{h6SYgarG3gsTr?oHbwASq<3q$BCixgC$H+Rx
zt<&5+OWt|zUxa;yrkn5{F!+$M$4owBy5IJkwKo!mL8=6)H<Kub08-apO*nt867X29
zYj-XU)e4_dtx|#}iFkCh<c4C&SzNa=O2nxyeM*%?4vLDNq)4XJcfh{w%|_SuK8qPC
z##4&c<f8Z<&wzq~N_Fi@RZ#e;Vvt-QO~&s>kOV>i4$MV^JK$!!b15?h0Twd3D<BjU
z`*6&x#pE(rJDj-?kg!I}g}Ro0v2I(uoY65`jAxnWt*Ky^y?l#Y8P#6%QFieny7vXG
ziOlr4ECCQ~CElki0=uMp0c>tRa_xm;I82u#u&_3S)Z5y+&?PtDR_>wyB^L-QN;VJR
zZk(a%?FN|V-lK>CJ{DIN@1Aq=!NYSn0QeufEKW{E3X_DHPk_TBT>%w~8-r;l?pi{3
zW(vA$i@l(1&Gakh=C;eeg?etu=P8!`yht4)^8&Na{{s7pcRF~JN}#uI0epEx^<NSo
z{?P#lCCS=|_RXauJvij&nH*%}d3Mwv#;ZW&Aq%Ku%w*jb#8IQQwZBVU*(-`vksd-t
zm<R_EAR5GscuFpnuvOJK)f~e1Hh?-LN@llbyW-Yb;Bj4qjL=`28Zmw8Jgfj<I{=az
z0RL~0-M*^dSTVVLG6w*YKTb}cTs=8=^1;cx4a@cBpXQ0S$*cgfjfGq4y7ZP6bXo1^
z=1cbxb*8m=Zj(7Pdi81c#v>hSw0i7`kKX&B-Yf_#IPi!=L_mD(IUW-Wf<r<ECBK{$
zb@cbc{}wWPPn$ts=?MlqUas7E^5bup0Q($p&>@E%6)w_Ar<`%tC6`@s)eSuB`hBJv
z*HbS&^U8*WpjkvU?hBokf@j4iEL9QZ8}k}Npc2i5a%Czs5CH}W1{7#S5kp#~D%EJn
zD5xq>CBVfa!nZ}6mWrB&iByUsdk$`76wciE^5V_M-X4=L4-ZF#I_9_&Lc9~^qI1r>
z;F<{6=^BcJ@QfNWWCY*v^Ys%Uh>E}-V~fEcz&n7?HaTdnp|*1QB>;7lm)fyZUFD~a
zBdVSXQj4ZY)mLFkq#CFwB~lGloD#b=x(G^2Q_$KJY(9=(0HfPKnREUFAWQ{(0RS-I
z^gcNw2p}Q4&mziI98{bGDStunYbtc5pp^ocP-;*+acmqvhO;?S^!dRMR>??@`6@tk
zO-t|hBaktvhH>N5I9W8E*d5cRijo>n$+0LoKF}gCg(?al(bMK}^REjigm;^fujdsU
zFLI=3v|ONsLeb@cPYSq#Gdzg!zT#-b#I$=4aX`@lT~H}jKnN%xQBt4}LLTsd8Up7-
z5~bBzPeZMonAWUHHCQU4aLZE%=@eMirRW0dg`M={DNUbJbc*tGj(pc;s}@D7P*>RQ
zy<wn}p4YT)S5;+&ATTFEA27yYSrmi1#={eZr2q|V(r1r9&^!e$urHI&m1RYJUM?q%
zM(sw^B1=V7fpK(~@sl0M4?yYsV`-H7H8)?=9&3&m;!}2GfE$SOjw~I68?rgEF1{wU
zwx<&}8C30vEl#fc?i`lfv_;=(Gbc_{MBpsXO5z{yp$IDQR~M1-<<UG3B7h~dQp5WW
z^2r00BA|>3ohJ~{;4TnPliOZt#LVsIo9H8e3_iVUGkyD>AbO^a8IsvV&sp7xfWJky
z#DYg!HY9Dsgx&+FqGcGjBuOCfW^BbWKrrg;+s4X6Z2wy{&)@*Kt21{VsgE9QXwBl<
zfHHZmQwNI)cS$Z=0;{Jn+?GWejE!@eNG4a&)5^h^|1z`#um3<17$xd{GtCa}xQ%2P
zK&X4>$sj&-(+iz<xC<;mC#i93fCvAZEvMGVVSmMt_}nALZkdttrU=Lw-sc9K1l)Z-
zEu^E!w;vx{2VOZ)c4zJv>48U#J-&H2I2^433WSB=b?+}{VrwNQH$eNNou-gkq<aI}
zV8|Xp8TfNbp`1yEw8V$yGJ+ugfsmz9%G`xXNKX<t>FY*{Busxz*jic_68-P4S)SpZ
zRPigfux1qNMCv1xMh*BW5fANyeH1~U!RdHMl%+5h8`?(ta2`@iuP+TIJ>9$dJr69~
zzI*%DD<L<>aGdT+k}0!fX7?t*Y7D(3a%0FPI{DXP1UKWr$+t>+1ygF)o;o#8&kHLH
zbP!SjzYi9+>Iq;nfDXQO^r*l0z3aL0>t2P%>g(3gW9-{As-s4jaP~PlXK>g80mQ#O
zYmmsAUOM!+?^~}ByX7^nE=CSXJ5i#H6i4jLeN)1NDni6fSitMhzgZ}(d|4BVX=y+s
zE8clnnf9?4gdf90(S0&JtzzEu_D;fApV#yE<Yg{W7gpfPo2vl1UlF_+1-Hj36M{EW
zLrx^ci=(hG>`r0dX2O3D1uk`zf<4-0$S`Ehi&~=wBM<17PXB_d79nU3SrTM4E4783
zcgzH3<kE+Dy)m2&Cy`dALo+zsC@v%aVP5-~eABLKgH0L2X9KadSNukSxE<>>-SxHQ
zkG)5Ey7^%e@`VK2_q_nbu6)AnKyhVuj>?bD8p5BkRX}jpNuHoskfvn;FxS#^np0$Z
z#@twH2Tp^fI0qdP2)e#dA$g$ywaW3HG$1^gJ6@il>w`hk^)c$h8t{#kgpVLX1j%^-
zRV-}i@au2Ia?R<mCyXnUHU!nbExnf3`$*>d_S6QgQyW)<_9?|REqluN<o4M?AaxBU
zrbV+(uHc4Q&EVnJrT$@_w|7t20&y4Au}73nJYEaJcv}|XCK^^%G&IK&Heu<Xx&yhH
zM)ox2SLFOy3o5J1o!%9(B6c=!^6^U;JRQe|tR72bIITP=EmDJriUMglpo>7V>T(sX
zPPE|j#{`DaA*TdnVl6zt@r1ZhRtF;Vjrrpaa=R+Z32rBFl#r08y5;~Lz=oIpw}Ov5
z|6irwxcWG(&fE(=v~sM7V4m4fR|_e0`jm3&G#bB7e35V~io}{dIkVv=w}6cs1kl1Q
z1blmUPyV}j3-GqmAB_peV<ZREpeieYRqsS=4Z0VmKf8b~eaB=)UXv9@2S^S(A7`=q
zx^kVTo{BAnfXF!u62e^j@OetPPt%|04}sU!o?b@pzVgL~>3qV&(b`deZAbGRqE`nu
zHc)PKQxVg&55=w~c5f(r2J2R^-MUBYQQTfii!t{rP2&`enq5u<jyho>9qigrW(Xob
ze(BZ0jtu;|(r5CS?%|QKYGBaX<>ld#x#zVP)x3F>Z0sz^$IAmv)hYe>s*q>O=4<Nl
zg33@}QK`P!u>;%=9hCy>l8N!Eu?u!=du!oWrs3{2X+Xw#{6v>XI_nylM!VN1fP^R6
zI#Uqz6sdx(STF7JW0d}}C<`THyEN!*OovacCkyhW@rAkdqmWbtAn{cs_E!d@;K+GS
z|8DKXO9N_$=+&>dO|QN0e)(=E%sN@|J++I>4etT=YnN5m>(LcBJHgrQ$wPwBGJn%b
zBirJZbu%0_p<2<yG-ab!b8go`J_E#NQtsq!9U>aMGXObS=`S}h>N<(NH*So*E4Qps
zJ9f*8L_i$G5A@SonT~C`+JQ{gOpWmiuYINDy15WkH&6>C?9s>zrcBi}CvYv%X?@>J
zKC$rfj%+ji!QxeT*e@Fs(5=(rxM~lScF`Br59V1(?`ctR%Z5+e!(XOu`~Lvxxq^N@
z9Fe!L>nQe#Kt!{b1Cl+Sy5=UIercWuE%HNq2KOM8hO%{@*q(JBh&{7-kLKrFDJ+n}
z@O^6Cok!eX<*u6^_3QA;2kX4G6KS~g?OX_g5GnNU`GV)Xq$yGJ<t^Un)tGhLZ`n1!
zw$LUle@a*V4u)`SzZgROam*Vns{C%WNaFGwPv%bRu$9D*2IuJYMKh>n<}NH&>UAS{
zN^D7f?ftw|`;dme6Kub6cSW?Idfm>V^DCTtG?^a~ta!@8GFmjcFS6{y>A<GNWvpLt
zIVychVF}y#cZzNm56}vXsgg6&$;s#{VB!7)UjC0k7LP8)x5s&1tK@$Vx&3YhLmOq)
zYuA-;>O%Qa-$@5FDfx$32fonZ8h`(;N0urU>b}?$_^p^$PPnKHwd7-?R7m`GqAX;H
z-RnN)XIpL4f5|W?MR;Bw8oI2+4h()8K(UdtZjc7E@EzEpJf&is`y*D3sxJS_m80|P
z(e|n_%)_wiDjoY$E-dBo(am$|gR&b`7f@*L>IOH@B=>7>&{&*nCo{{Aidd=NkNd3o
zDyx5)%s~1HiY}~$uUg_v8i;yj!&0re6yR#Tu$f!V+6AfB1+fai;;c^D{|<uK2j|OE
zHGEpWLY8-lSh+b%&u4g8_*j?Tm%gL<ohI>7O%z*Y`gpnS^f>Wrk0))Cuh)9Qd%3mx
zld10JaET$eMfj<aJ-zIl5?Dc_wTquJj5BIx=o7x~I(g(4ip%HS8F1lg5~D6Hdrn_9
z(~M<?-~pDiH<gu238_=SynWM86^0L@b{{(Kz}Axa+2{1;0a6K^UcE83xOs6n4}&jg
zSa9?Xmha35V25?&oi}smbEP}C%-w>HL>C8^Mi2iNa{o&Oy`Oy?;G?+Uk=tn?x2Z8p
z-z`}-QxUvcaN6J@yeCn(Y|8B_d=oPZBeR$@4O%VI0lc$@YdWJw`G$xyw4_tAC1~$u
z(TUNF-+NNR{Qlj*P{Q?u72Q|FC#Eos@0M$wK5b%>CEg#f)%Ml5KOjA*t~S~1)yC=v
z<a>b{i@{i94%`D?0K-eXmTjFC)P=6<UXDfAOC63Wt?O>}_lEFF?|?<IJQ^d*JcL&s
zCM@i~xz1V`o$aCy`?j6mJyXls%~;^`zsx8<M4GmBk*#)OpJU@hVQ#gud<EGD_uG*U
zY?b7!Dzw7`uEp(T#)rZFmXRpd%^lNSnhUHd+Quua+qx%tOv4a$+EZYiIPclpc(*JY
zS5#zKhBLMwlRJp)hv9w5d1OD530cd61KB`t95Rh;!?4wE$B5q-bD3>OwjW&cz6RN#
znAsLDe)O(3O#IkNxL09S{=*&(V1~EpQG(f%pC40B`~o2p1^us76tAqDDBg!a_xoQo
z&o?jnk-5+GlRwso@v4deF2}(r?WQ1jLPQl6kVVE}7@8W}f!h!=np03Bn(**?VF@;O
ztN`@rk*$~wp+&||muC&L3&Wjd*b)fbZ75_8j}{568}(VXbyQFnI;*=lrus3jd8?+h
zMb4V$MoLAWMX@}#exxd{T((GbV)Q=P_&_a}y==FOUd~yZ`=yiC_N=vak*p44uVdpx
z5dp{s%qiqaM_*GYG>DFSxp58bxm#0R?snsbHFv|bW$<2qebtk{^>fj(aewmA#VdYU
zJ?ne4hpjrh*T$LI)9Nr<rx18!bkj6MYIvdho-uh8g!c-2-aewm$~IBbHE`rsU5(RW
zAHL?--2wz4w=&g+eH^vhCX%8L8nLEG#HkUQ<>e`%^qRCPpOt|#{p2eUXxd2sjVf)6
zlVZE-a8j9%#5S^}T8%X+lpf6px{Nfe?$baXK!`)8k+Hv#Q!qS>5avAl_aZLV0BRz5
zjRDu7+a8)lHa_1y*xA)J`20q&^X&oo3j?KqJr47}rDy|%whM&Ui;6d87i|*lg`vfH
z<mpLD-v^j+$ei_yDd`~$yjS|gmZC2<SQFTh$&`XeTd1=LW>ZSa<}jG_SF%r*W_-F-
zHVrH)?@ciL?L)p&`xEzq&@SWWf`m^5#$6D!KGFY`8u{C2NZ1R<Uore-&-}@5xB?W%
zA=8-J-OtqelP5svnDGZw@(-pf2@WSUPTQ@k%?9+)ZfmLk?81MJVjSL#xeN|oEJ|Ob
zz$=htC88>d(Dq7B7nMj3x2EhTvo&%FQ%5J;INc_ZT1hcw_Ak6JNVkSZeA%eTNW|F{
zD6%0VKYyDr6Tj<<fX5))N~EhO!q!)^I~YVX+?u?f%+|`KYy*Sj;x$^N8YR_?_BGC*
zO}9Dpur?z{6EheALqido>k-Dm`!Nl~*dH={g`UY5IJmTc5{%S#`0=L9+~_B}EsDO!
zo+6g7)06H_!`Q+BKp!;Jn-VbX`N3YxZ=4mASZ_3F>gBu+yN%yjC)bb!b`G^x6RB=@
z$-ZLLXd^Z4fF!67mGZl6lET0WH<nLw<b9*VSjKP0u3aod)%lmRY}`mym#6UJwb;#Z
z3r6>iBM-oU>Uuf9(`M&&$VaU)1dV@VtmWyW-H!PyXwr>~iGk{%nBQP92pjk_OT)7h
zc;=JoKzrG~a{j9u9oO8gu3hsYAF2L)Vtb73-gerl!yC`@=5L^VXCq4OGdB_!xJ~&j
zLZh1y6WSS6udK2<<`SqcDUZA=5CN1xQ-e(0Znud$BT5a+RE*|%goy_*eZ)SD0`E02
z1yYxgQX`Lxgjy>p`i#7&R-aTB0xxC+ci4%{LeST+$|;(^tiCLMRp&Y?ZNT-z&nBCR
z@!|+(9|Y~gymD9uz|ILGg)6kEbYyGbSyv9nYOioELOu?g^xB}D-)a;V`j$I!Jbl>o
zF{Ud*5zjUTn|i+%+BwvKqPnKlC2+8*l}dB-HXx$>EUryZ29+wQjY4!Q2w}xa><Xja
zUR~>o&pOfPuR4pIMK&PKDY%r>l0In<nAU4?0DlhNEz6sLzyC`AwEYu)BBfZ(gt*Ts
z`t$2Q8{g;1!TI0a?|&PC)+Y`C&k0#yPZW<q@YTKWr}IC|0^R{jbuM!;-#$n27ZbS!
zLW^L`?CtvVKnvQ6%dhVgCWa~Wlq%FV<$scYuhyvrdJ5j9^fn<hs`T#JVA}iHw$h=}
z$WKf815N-n^$LE6O;T7TRy%PV`E5CHS&4ZiYwp%)yuDj#qCE4pzLn2QM{^*}nV#<I
zsC3G`B1X)dcmUH)?D|cH_vo2?v0X^1k;R8<+XF;h8vbzq<}0H6x;$y_v@}PP-<CnU
zM9d=7$RN>!?XP&ePR=L1&icMwpy3Yf_=1g9o@b_Y#b_3n*?oCMblU6>Sdvq3{#EVT
z;8nh9WA^e*2_m%mQWbn9`j&b4u}6HF$C!p}0KNp7p4{bH6dg&7R9Q1gY8?l~UCA#?
z|K=cvdeDL8(_Q&<9=dG&eDs7m3$M`f>A1=F%F<QIzjG8p6L1+sy?MV!=;*q{UeK6{
zm1%h>-u}5e_b+DV&yvUT8wKPlw#^+Ve-JaDW1mMGJ8PJ#0s(<i^~Qp;4<(AxADuZG
zm4Lk8h6VmXxmps|#3#6m!AAG6qZ@};P{5nBB45qZDKhuM@uP5@CAh`_{6QsFD$%XL
zt1MD%Q<$~pK)o{#^e<;+>=WMv6PR^s;C}@3SM}_SRna~K9ub|nmUH%+Xaqq<lf);F
zcqagYI0R!`f5b+)2ZSf68{f>^cFBgpVDjagF6C`~Q@R*IhLR~$M{F?&g0XG8R=o3?
z90N4udy<CczRLU0`$I{4;-TY)9d9M?c*}4c>VDk8chYAc2Uom@-cRWt#Bc>T@~r4&
z3R$-~<LaFWX>YE1Q#`DKJ0uf;9a<z+c$vEsDJLx<XcAVyyCif2XI~OOJ#GAE0ELC9
zzK~uaw+$ynQCBvz+~YPG{r0K_jfB&v7PFbnb=Jz(&RD~x@c+`j;!?Ks3EhSmUF?=<
z4RzO(1Xd>1%2#r|wR8&Re6G5(xC>?)IuM`wqu8M@W03urrZidjC=PyeIBR}e8T&#X
zxy|r(61|M9(iUn&V+A=S<ieB7RVAc8QqDE$!lRywaEm3Ml)Zv*C@mElg(&lr5TN`v
zoy&MFgNfH%rYNCdGIZycUt(2DrPVBEt5n(w=!1QOCk|f~Y-w^k`Uj59ToG&qVyA>^
zH}0rBG!+)HVMj%@5twrS%vL{_zakn*8kWg>M?;a<K<E@^Y@~jU8k6`T9B1YI2)@8+
z6dBwmm#~u1-GBb#3>h9xJ42zVqOsgkT7H?Z;=q@GFoW7}jt;2oCGDzUpu>rMcY-BC
zi33m3aV@pBD#ys5^)|kRL^W{KWqLcm8s~}K8n-E9-gcTy6`-;mB6^AG;uK;|aMhaR
zd|!wK>?Zp()@hJAB;G8vJ~SMMpi`I!b)$aC)U87{6yLs*QF<!@pn!@V@;f@Zb@*oV
zXb3A1IZ>K}?+!G&1Z9*jMSEc6G}3`Nh16L1ifFbZ9SZW4npzPrtW^m@Au*r<UF}ZE
zL`w~RnZ7>EDP_lKWPPD^-Njf&8J1>@nE7kk+v6SLKs86Asuu}EYLze&6l*Aa2ZQbs
z2nI{`<pYZWJF@uQ3US${f{_R;-#BI;4CacAW1<NF1#PW#u}8rnTaB!rVNIf~RwWaa
zMNyqTf-)|n;f&v1gN?AS&aBv1wa{(kP}pj>hb^IC#DX^^Vy*W}TzFK&G}PI=o_d?X
zQ11W$$c~}dyDl`mJ&tAypT{n)s^UmL(XdJ_3fGHET|OjIsVk~8u64Gw3Nu_40i4d!
ztlFi!qJfP3=*9#Mqmt(r-0AACL6yLbjC5!cG1q03i^o5Ep0&uquQ&?E_nE-<(u_2C
z5&`^>Js?!28y^35LYXu{&g}^;{%(nQ|2lm(o>X-ak1N(>jI6=lP>bGbWL@^6Sn-li
zheO>(L@$aiWQmYT7|MK<4Au}8f5lE~u~x>W-FYwG_bi>nKLy0iZyVc>B4Z#}C7ew*
z>;ca!X<TGIyj~`*9huBu^c8&Ik7R&1pQO$1ixrQ3KTHl6(%mf1x3q$lSkDPCdogl7
zBjdI%a(*xT`52D0B@gw>{tfWo`4(4m&_s?{_=1xA+Gx^}TZ>EPWh>OdN*q{4GnU9q
zW*M1&y9d=VS!x_F#A1bj3-h6oB+<E-@;)Z3!|yPQp}0EI$qwNJaK?0QnTX!B4jz3(
z6xgMur9-WN_-GVf*F+a3cGKc{Q)KcK?+wDe!n6_y7ADg|J6i#km0T^u(OvpOSIGZp
zt8_t%#nlutlA{(r`Hji6M^P<{sR2&L36HM2njl<r>KlR)0ZsE$JSnLaeQSPdiU4S-
zX#8v<sp;@e2};^h;~&A8liKi5`Td%*N%sbcpFCkro8m_h<d4L+5)*n$?uiV>ZS9wt
zO@xuV$Vhzr;J$YE2AB%=x5A~(;1EJe)ll@*i<zJ0bM;aM--mS#|FGM(uHW56l?faK
zRLdyIZOeY}5|sr%4{o#K-kAGnhCheWh&I#r6@ro&If)^J@YhSekBc>UmR_t7RF$~R
ze$=%Cszw^cJH`DzlP_bOkK<-?oLnZ;<>vC)Wekps$6-6&EZ~)sd*?Nq2Mx>TCq9AU
z$BE+T5v@5b-1~b#I~1=OYJnoXY0aiV&x%d*7)C61y(ZM8_Vz*n&0u`?%mcpxGjYgr
z2KHcP5W4J-N8U|r6!2hZv9$d%LCOAt_YkDLuyD(1<(&mj#c4&mGV9@^K2WV{;vrd!
z***rx%@n+eL6$R$_so$FnEMs(t-GI@oO}i)E_^M0jScCN^G!hiYGG2>@;3TfZRQpL
znEkG_{~O=N^n<&<qTpUz{1&?KuQA^*ev|h38xTGoY<wGhyuCyCUyjL`>ifS66Rs#<
z=K76)ZT-55zA3y&xai16H5bE*kYMU<2J!i^_^O*Aj7>qWiw|#Hdr|yZXiB`pykGrP
z#rJ<5CR|mz40=_kppMMUb^RX~KZ7p%UCih2l|Yj3#9P!n!4tuVgQWcRL>o14(ALE)
z=nfLGxl`B*X#NISv|<ZV3#nkEYnYPPA5Jjxb&5$o6WL315$KTQQpJ83Q}}xrxuKM~
zu5%ir0t>FaImkW?E*R>TZD<>Ee_Jv&v_NBiS#-VV$?j~$yFSMG<?87mcDR4f;3cAG
zjVMV}v08XE)a^8xmYbHDO953)cd1!fIwW?6LPv!uVN5dS|9gXY35dQPKL{d^k#8~3
z?iLVw3=adJZ>yV>w{}Ul#p)GXx_UP%YrCea>vy*Kn6H!@BvO%KvU^QH!nT&xlv~6-
zA+=I$5Uv0d?7~cBNj?hXWx#}V99^X#bXtSH)l-4d?gQcanf@26X7(KEalOhJ9g#Sd
zI{NKO;mT*Y4jH3Cty(7II7N(Lsa9?Pq(Ds#m2Kf+vo)(*9vY=2D+ML0^aPgFWl-X#
z)XH}Xu02JbWa$&ji;(>YvH{6Vt0{1nq&5u33im+ZLT_b5QbV7@K+;6Tq>Oidqkl=;
zH>#<q&~?AYeagyyr!4zN?fq?e^eBLsMW&G-#pNtUxj?`uFK0<EC0tLiWo07MNa<*4
z7Vu<FTvhm<HeWWJ7`^Yxp)>SFEhvMonyzI$|JfLUNH8t5n~xTYcs4&($nzIGtzbwe
z&PR_sbEq`UqkH3ky};O=Q6dp<T6>~GzCA#_mO&}fV_l?&FFq`Bhl;3)hVWtcmqr3|
z3flr<FeqGLvkPAf*1smS+XuJ4KH}^);ez@gX2a|H*gikIPp^mT^C7R($KccazkzLU
zt!)|%g_^o*Nyhxex;)AF;mbQa^DO06<z?kTOWv!ylAbO}^6W9@4f+L6Z^_JhA>n$$
zs9LX(N(^!}rEvJPQMYX+23k+zJwH98;@^8n=96A7h|+%J^#V_Z@P1?=XzY!H7K!#M
z()&QP2!bXTCzhFxOd(Y%Q+VNceEhg@6F#jfGmFZd!^mXMLE%?-xO0U7#~#!9*-4=|
zfByc7eBh)~2&xAIbU%aPr=yJwMq_LjG2dYLeTQy^t|x1(x2<B_gOQa%=HC!NHVDnZ
zt(z`ZtN85(UV&Grwvz5F8iMDb^*7|9MHF}bYz5si{^{bi-*8k-;V(HhR<ORK9RK5v
z?5E=>T7IppfO4o6o(8A`nFAlaobN>GdCuh@H)J$4xCYNWbrhngt>DRqL07{-#>iZz
zqLaZWaBew$En^^-HL&rCwE#u!g}=Ww!2V7m^a{Dv5(&53D{=`Uou~1>D1?Au5SoM9
zuN$AIEbu6-6X*MC>PR+K1)iot@t>-(f!g%SG_TJr5&0urHQ?P2`Cx|HTS}Tyqb}h~
z@_bC=Cn!BJk5Qsl8<T3&gXuLcgIMei(N*)`>VT$!R|-RmO8Y$G8)*XfgU~)OHb?_(
zx&1LN)H;j!wa+C#XAH7>vdmCWx${m#hP{9xt>j4>5IZ;rO+w%lbn>diuKeH0r_hnb
zSevA=Yb#~i3Njk*><kp>Ep-$?jWIX{H8x87REg|(7HW)aRH7ArRLu($xY5L_-RC`6
zR{_^-HCs08PMB0qB{LLb%C`cb|BI-9;57EyI*Od`mW=HL9}0gXMSgK4|7<rNhoBL9
z@6QF`b`6_7(t&?~%cKKtR}_m(A$M>6N0GmEBTTm1jrcwo(e91_2Bg>En_Urr2u19>
zed4hT7cXD-6a;o%@JQ{Y%LAXDN*=g$>BFk@%7b3GpkH|U_VrG~>Z#XHSt+#+p0fRh
z*RFhz0-lVXi-QS)@U^$IdSy6}FnF=&++A}TylE#$V5q>73LjkCq@WMC^mO-FE)SsX
z$P_Z|;HqhuPJsvbX7o1=sQ5YWr@i+(CG$uBGX3;MjhONVDR1?jgqNB5V}Cve<l_Kl
z-Sr4^<#oZid{-jxWCFHDiJjGNUlr{FliR4ax;_b<Al<u=)sG1W0LBkI_U{O~@oCjA
zuaf5=@KT@o2{Q$xL8domh7v_9=G>2694a)Pne_H{H0sH9CJxu?>uAuEl$uK*`3sy<
zpDG|GHWoOfetXb)`u<Km&%ta5{2No=XMlR&*MS=Vjo0s%>Ewp}#-hpF56yu?BH7WI
zNg$XxY9rE0^TXSdMMmI;NF>`iV^+86W^HIYzYbLI3p|G5#{odSm~pG9_$H&cr0`~O
z(XGONxgi#N0FOJ3#hwP%Z4HjXl3$+tIz7h>{Kw~f5zby54^HN)H~Vwj7K)z$`Uf-9
z;eE(AUw*X(AkU=g@Auek#}-ufrRNhflS?w7@3-H|q;L@^!A(lAq|Stql3T_2X&^40
z<7LZ?e<xCWNuzfj_(RJL==g<6;O!nq4I1%3xHFpM10w(S#z?*)vaIPB82+V6Ttj|(
zS-j1!0l#&9#zYr11wI=##333zpGGtAVNIN&=NWK+PNFMy$iOe>Jq$0?E!H(m$^ZTQ
zXhy!VOmsU3C*>z_7#{zUcL(w=+}?US&Q<>hcstDRs=Zn>Ul4mkyEsqFQT_@b_w32&
z!0(kRrzdclsegc+g}?zQ1avT*G@<SJE4H?mQ)rh?@<-8H4oNdOif6ik))CsCzqAFU
zcXDwV=+L(O#Vw0W4UbX|+YNNG(DwWlTRSS(DK<b*`7F>OjL`P{r7deTE~Z*xj}{7C
z1r|oP1))0%u4pe9waL4GNmMR*DN~utifZdyFyw4#s7EDMmNKOr8s8~^if;p*WoO!%
zVXjF;s%_6y9;G>1%2ei5<K&tGbAXejOex33H3bp~wbLG8j|6f2Dj<xGm>Ejv?OMn9
z&n8Ue7;ioWZRLbt2H<p|U!h;6U!z~A-=N>5-=g1c|IRcB;}U<nR>zBe)hKuCPJdko
zHhS4T<Eq)_Q9p`rgSxL(a0HN3=|8%PA7ln<dJ;dONAXj748O>%ni{{fPYHf)p9$=w
zu7B^j9drPV8m##~M@w|Cq3cjuV<Hu3;R!<|`lHWP$JhD&U)a31`+*Jo?hQT*@qGk5
z{UoG-)dv^=(Ek97%}Fa?YAmpTbD)bF%$!Irr=eJ+4b2R8O}ib1(>S+*$M-qjm-Cw~
zA3pEm2O*r-XMOHqD#I2XFMb(2wgt|<7kzE*k$oP|bwImp1Dp*PxkM~gW?p7cM?$LW
z0J39x)Sti)sD_^_w;Da^G_!Guo%i&F<67=d_yN`YPr>ttcil5dyzP%EGAp@^8xk4i
z%-dX?E`Dq7|NHW_m$rc)Pz^t=(E~^M{RRBo!1kHa__Sm*zFP2*)nhc|ICHS~xWy+H
zY8?6@s=;`UM_yKYixE3vlZcb#)D1G->x>PGaqC8p>!z7dtn27ax?VOGx6^#|P@6Wo
zKN#&%nO4s8$IJ<G^+WrmXh=!qt#nnvN)oz!qqkY>O0XK4k-qEvUa1Yv-fkV*2)SFe
zkgBlXemYLtzLY6xhyBPU)a9|Qioa?*4R&48R`NPSkutS#znxFA+GMLdn?YaWL||tT
zqGTxXM6cNdJR_A%Vb}j}&g@D*E&w4GKKEko_j2DC*YhsqF_70H??=9f+}56uUo29_
zzgBRyU}FBJ`O6D=y;pd>@U?}%hd#D=ucDEqaq+(|Bi5%%PL{-!+{E62-MQ;QrEOxx
z&T85B%IIR(;tAzf%3oFfp7KNGXUk~>Z^dJABK|7=cO+EoyV-}?SJ}^3{@fp}`uYIM
zKezfe{t5oA1K%9@@4$(Jbv2g=yACPEuSjKWrt}=bS<*GqebNguM{djiI_e=krqb1C
zk^en@u@2N1>Ns_SdZm7kzWZc5?Nzg6jc!)W7cwfX*!q_B@#){r#F;nQzn)b&?{#JF
zYdqZcruW7L7w3(OmBE9#Pld|xb>XpBcJObGD=sfp&wo$+eEiXyf7SP{$zH06Vk*2?
z_-aB<D#?pQZ(s3=-?_4v|NXc+CgqjyBVCt1RQ~?e|6i-AOe;^4Jy9vcAB@+S&oWKS
z5$09qd(5v{087nU$eLj7XMM)bWz*SJoD$AwT$KAOZ<24}e<5HAss$Z_DZ$6WW)UQM
zUEDAJQ!*wwCVf`Qk`77l%JOAi*(%u|a=ZKm`3XgV;*8=?B~EEk_9*u&zb`eHc9sS|
zO0JSuAlG15slHH8a%^*6ul`CsTm2WMgffXjrzj{6SGVhC&DSLWLoFZ*90I^Pz&3|)
zBrsqz&go*Q;T;K?Z|kPTdP&A}4%ZfC<=iL%FH>!ad!aRMHgkOCX@_J<Oud~$LI$pT
zaypH-D&PjfVj+J>|3}K*h0D)J;kxZ<t96OEwEAr2@zTCZ4+gaIbR&Ia$B(U3V4`PW
z$CZ4OEy8TH{u@q028sc8=$~IYZ=`2FzTN5A*V%|SZg-xG8w#PYuxaPzyyi2Zf$48C
zk}v@axV8r`?dpgN*tG?@X0&+CZDelGOOx{XYnG;VwDa8;6ia8(HKPzRUNiH512Xd2
z%#GAr;ZWUAwbvxIMVGSBfx9Gr$kBPtVV5-R<aFwHO5r;Mi-r6yT>{09Iqx5Tqc5D_
zTLA@&U&J7BzDdiTT}395;V;eisZZ(r*dKj*uhYIU6@zo1xYd6H`tlh#2=@MH0NLNy
zzDk#5i#w<T{n<mDPpzFo!j3Fa-JzE+mDdP+AKz|rY4)KBnxVNQ>E}Xl1(oGR1(r4%
z^&;n5Q;>~#-<#U0WYCf8Oo3>DAWHux1MIfSBO22%;e1!p42_wB)y~lT65mb$Jq2=$
zo2%K@LowFg+na3Q9Hy7kx9;$QQ>&}w|8I2k=GZD2SRiCA56%E=Hlw(yTZGx}uH-y4
z%-mnnK1`|6(==NNXj?rZ=tCqNqm+bINu*pwL}pW|XjRr7M0Lq5G~^sZ));2k$Xz6m
zAq+jZI4jby)$C;4!)lM=h80BV9#QJTQmkY{-hrWfL%+szik9ZorGxlTsVH3{q+^2z
z>VOUvqK@d`<0kHOTRl`x<<+tVQ5J%L1`dcopbWO@nx=%@x?5b4N=Y+t!Ek35F?e+W
z^LtErrZpK6p6WLQICR{eQskaP1PWLnxSqkFphm4h>P1)IAQnaRm`lTs8#H^Z7I_-M
zS-gvN%bCS2^n3eex`dI0_V|E!vcaKUgT#`w;_k*>@}H&Qg%No5P!r@ygyirpg{0~Q
z!+awGuT!>{=jT#-2*5u_3}JACdp$=EaeB8|o{}H6@9xrFvfkK7HY2MY86*y|fpWUM
z`8B>g;>0mSdG-1~t{!b`UFqt^KC&5kd3y$l{brz?F3-<(^c100QVIIMW|CkA_a=H*
zV`6)sU7k^ISwHJqgoZa31$js|TM_?F1`_IWPD)9kVY^((0wBv%mB^m98d$4qkhsYF
z)CrTmzWcg3rStJSAsKiz?gk~)<(QYs+oQ)r0Zt0zuo`HqympLIafKt20V58STpG8z
zwRr?YO+aFUrq5SrNd)YCn~!Rg?xH|5o8io>zEOxY87i`vj)>aRun{@ibW^)2zR9q_
z(G^5}8ZV<7hBA#xc}~)?Q@5<vY#$G5%NF^PFX4uGauGJ6Ph4_>Z){xS=9;+REY%B6
zP?6{X@P_7NX|7Jdys4`ahmTksW_E$U#B-*T*L6qGTbT*JI|c>2ni=Ai4={J^L^wJ4
zpng5ufn9VX+E<2@wZv3dNgeGC6a^wDo3$l>SMrQa`WHAN|0-d1JpX?L$^cUq7-)39
z-a*7|-cw@=UXFW$Ogpqs;?@EBoD96y^zd9UW6yohc>|Fjv}oqI`%<g@gn<L1C&#BS
zzPJ)yhs;WMy5Sc;0&ll6w-fh}K}i(Q{ntzqw17$SlG|^>R%)@_aDBr)qIuLj$VAR&
zO-^m@#Oz$*A8H<SIyh2>MLJ|W>{BG#Xn~ndI_^$+AP;qt;)6lB0GUa4+zA&@p+Rk|
z`2>&rqv+(D*9|DSI-v;SFtC3u1E+ZkbBy|I+?qosHyaA`Fp=}QYM7odb(>gurSd`~
za?#RjX-c_O564yxyNpc@CySBoaXv`+c*si$5^e(~f|{+jX=^V|PtU7^C*K{bXW+HQ
zHUuiH(<ZI?)>m(Sm&~-WGn3lr9pcZ5M?HwIQlpSK?K(keiCnNCkYs-rQpjoh2ku?V
z6<%ZBvUK8vU8!G3-tn^#25r4-G`9NaS1F{SF&pyoj0rt3RFt%!h8rrv;W{4o0_8GQ
zW~he5B!XY&NF<K+51By=5SgCM0^Wc1JbW(xV(b3_sm`!BRj-bV`S$2d=3=zYFr~y9
zOKbzU09<6NYHSVz#@tN#%RiD9YXBuc+P`gvDoc)^BhCIBiV2yM$v@12MqoQ411|)g
zUn$aH+PVfc)YLy$P4)I8_xUq#5zg#0@8rBvkdCV<<2)TFf5)a3Vi4<LcQWC;z^)Dd
z(WxOMe!#QP{yV)7*qRlgN<=mb1pm@HCY5WDax2t-68qugV&}R{*;$HfS}6lhoRKM<
zkFegwM_4sRy>%atz;A8$&Y$KtfQlT(#qbl0LD;*7le~H5f3XZ>|GvwDU4hh@dpq+d
zc!RyC2sO^ZqfPKZ%Luzk24n#pP~v*|vaj$5?0|Uze|GYN%7Mf2#TG(}Tt>lL+*(p_
zviqolke<#`;7Z|Fh-%!%$?oBs-6(gzeEs4#7lUiAv408c0vD1Qh^XJSGm=UffV12*
zAC|#u>!oxx<au+5!~L82$=6c_9Kr_g-_VkffH5gA<G6e#bt)+cd@gy9?qZ&Ev&)Tr
zq-N!Bc7@g1jO2R?3e^_KT%`V2K36J)bY6+yKQMdB(<WtYSc@IyzxgP9{`5~q|1S7$
zZnUwF%sl&E>8$OkZb;GF_mmFMut4S`DZnQyEH*>Tw0}7>q}6O7j(14f1M2~O;jciV
zv?Ovj80s$H#9h}lt8r1(-IfHBN6j%AdX=y`P4kQKx^?THqy!f3$Y>bzOqAjMk(g8d
zf8y|)<9@L30X1&cJTMI;cafbJp@EBLK4g$b_vm#-!2z0sgZP{-7aU<N!v&w9!2ci(
ze18M9XIm~EC|svF8yyJ6h_L7*)Z8Of%}%@h{Mk#bE}47klHQ=sbIyXX`-Q{rPs7eW
zR0{Y@5@W1*;*LfrLvxz`x~AX@RFV7qH`DG2`eFS?t@1hI)6%lFof}*v9E%KNyvkQ|
ziCHkd7_w%rnKGzT%Ln`}DMg<qFXN2;oQ+AwcTO33!~Mr(Qb<)ep)Dh<-h(@wpf>oS
z2U7bhoX9CH$G3aKH3!MIh>UG)c5qW;FIQn%nzx!XMg5pP6KI<AOn4`s2Ig4X8cnYf
zRww-2Y~*N9DfN@p6vC{jSq!MPb-8sYo+*DiiPgNm%&MU8e3Id}r(grw1Z&jyFq6i{
zMm1ce@p~a!hV@LV(I)*_apqkV*}qLsGYkuGj@ndgRC8QjriLyEOd=i1jJchth$6W_
zlLSupTmd>*IJ$6h0%qXXD&=r&au7>TtXzhUZpfOI-dtQzQS&s%Yi3d-0%CWoGxI4%
zwN~kv&v|wr2m)PZQ4F9|>xRCMC!XDkxs0`U-Gr?yUAE?`$d2@ZqgLiFdC?elo-3za
zaJLewrh>_~=A2~M#DN^h3`|c((?T`g*E!>Ycu))@v?GnpYJE(Kz6v(&qA_y#j8m6Q
zN$c<c_1q!(s5j#CX=E-Si!P|ZA`AG_Ld@r@ZU9y6T)-oI?se4y#Dz2Ld{^@rVF1iN
zqWLW4bICmKWJB}o>@xw|m9Ob1{QMuO#=s4NB|8d!T`Oo?1@JG=3J-1w43@zIbsrQd
z($WkHOTv<A%Nu;+M+-XwRL#z2h*80Jv%NRiQ%r9Xm)Cw59w@;8h?;_E8U|L{(VFkS
z<PE;J5nR&7hd4k6B17c`e4FIsW6EePPCa(}G-|TRhn^A?#A|@_*Gm$N;9e$b4_&JB
zt2tdfxpxZ}f1B|QSyE5dEh0!x&1Sat-oPfUE~#JX_*3**7!OOwO99~WisRwF1FPAv
z<b)E~WiR9TpDFvw@kA5@hA-5?LAwjJ)vy1;%VL82>(`)e@hWez;Uy=xn5G0RK^KgD
zmP)$FLdosyP0aU*vj}$?d6rr0z_Q+EUDG0!BQ6u+!(HHwW&uR>?+wTNoa?ou|7`pp
z*G<?>AKB`tb+QbkgmZi2UB<#M5`ald?)LMSPS(#lA(!%r_R?R7f@68~XyJdK`bfWU
z&|H3Cn45F&@go`f8c=;M0*2w8(KCGDSHWoW8qCKN`IU&_v$7D!|CFo#_ZQ8{d(vW_
zmE(}u3PKAczp%t-6Qy428LONuY#oVn@^8{U6(y<P=@@YUq<Pq0a@(S25G!P}hHNO@
zR_>W?uT*%2f4es=>X-S0<_a6TF#Yq^iPA4{s?Au=*LF(#c5;>2uoJRi^*tpuy~<o6
z-r*S;(MP?slf<J6Da;9v$hSENpq+u6EwlWO|G)ZavHW@CM?#;-Mf2V7X7XQ|ZDD0D
z*VcUC13L(V4(#BUj1IJAwAjs?>#E6pyXg2QCOY&3u2Em347!ZLU)}3hJDP5a!aLRN
zK<E8RA70M_QUYJiG^bbEG(9Hm+_}76#mM~7S672|Z@}2?0&1liK_G>ta{2i0y`}1c
zdfd42yM3Q3LFni^S=GOq9_F_}wn`jp1RFG<^o<Ce#MJ-Q&XkMdu6=yT;+ouj;~=?2
zatlcLZ5UgA(Q%JYpNWkU2EZP|*Y57{pww{q*N8z;){5;`_qIYC`D0-6qy5|{AXRe$
zMT@sVs&1bIn+EK*X^_$udSED?g1HLqE$_!FUC+O7n4;5h!lZCxJ+T3oC=^3IQe4R{
z(*Q(l4^tuIy;V@QAv3wHGul^|<0g#w&=Km}doTwl1glKScfFZXv#zk3#w?b537<z|
zskNspR=`UuQ8r6!opP6`&#q*pAX^36UUVVDdCPKqv?;TcV^ld8ui;4x84}~EiFt|9
z;c%v17FKvGIcK;v4Evdk^)ZjS<<V$s?*mf_H;*_*TT5BP55auOrfpLs9(X_tQ4edU
zqil3216gM-ASPRaD5KrT_^jJ`80X-w1pog<gxy%%P0UQL0pRFl^pk?UkJ-!j`jHTQ
zk%C#VP1YdS-_Vlq0=(!uawWS$m4!(|#p7}_77=Z*IFYFA6geEt<PuNVRyq47BclZ-
z-qHALuSeR*lfwp`sZKKyXtHhb7*je)6}th#EM~@c8fshp@Y>K~cG`HgT-H&}DXPPI
zc@kP-DG-L?kKLB&Xs?T;K`~PEnUw(3LyFR};Y^EcL=1Zk(@=47@&_esWuXs^1*|#{
zG94sJ8eRo03esbO_dj^h{(NRoj|AzAwK|<^1*;e`GB!YqfW=h~YAj|}<S1&VZFsNj
z^dfz<@yj3J(E-;rsf^R`Bv}-@^_#=X{=e_ik31dejy5=)J(^S@V+ZT&Bkuz}&{L7u
zdZP)9M9NHQPAbm$>7-w)rZujb(o(>f=UT1l5+Q^vDv-tF!l23hD;Nnz=Uf2|&NYe^
zytkXMxp|XDgh$oxzObw&Qj2La8pODpG+&CZ@vG^{L`O%0>+GPMY&>LdkDH#bvP1yL
z3^MSvGdDo`)+j=^ZaX+)5ZpC2EaCT3^+^8h&vT>}!CW<!0*WPN1FtM2Wva@RS#FQ*
zD!AejqtKiCXs2RGh%#lSCE&V)nh=&sIgRVO4eCiKW{GL1A=jlnY#3`BVeGIgUG^qW
zc)}G%S3@=@qh+-<ZNJR!?XFnwJ>dpA8I?{NeO4JIR;2y5iI6_<BpFyq44bYOWLwt|
zwyKZX@8`qa?~(GIsZYrr(KyEN6WgPn<O+Ih)I6sR@t_9=0{I1d8Tr^aj?O5<x9qmz
zkU3ppq=UIof}|A;HXW3(+28Temg`pR-n~_9><B?}pXZqJJkOw8n;V9HWcm~XBcI>q
zDxFK%{?;YIl_Nc_nPTwcIxR|!P%wIVHmleS-)i!-AoP{sGPrt;1Mp=8yceYLM6sJ>
zmn^J;->#UYT8av^rKqfHQGZQZJ!*EEd*vIEBEU21qBQXOi0nkP$b@!hDouo65SnON
z@XhUwjpuzGPNDE&yVd1FmLVc4CEe4o0m;xppyM3F`+6nrfZd`=Tb=2K<!l2arm&1D
zyDqW9urDo;9c(EY*;75jhEbPVitD<p&5+p>ADJERo?2L#os{p3Dn!J=#twMdGp!}R
z75w^rNRgFUo-YWqU>?GM%_=X+EvX%7u07>GU~$GBGfN;zkO74YXa^s3)xB&f5q~+^
z%syTEUv{ZPe4oB_QhShuq=B~aQsg*4F2hS>0ey|-|EE(abxie`)Uirv$a93T!O;$C
zDZdUO3NuZY)3At=8MnU*sFNWl&IoLvAF6u9niPhqM7+ev8wJpljW?T`(HAeh*1gtE
z`sODL`sgt=lcs&`Y*di=5E3b8AmW%|dvYeu?J-+EK{fWruF!be!oN6WX-Bl))*T|D
zjE0^<)FPE2`fDZ$Z7?h)E2f;>z;Dm%H6zrs_>I}7Q;*ILM?yVp`6OTUPylOBBU+;0
zgpS2PYdsfy0Sf=PTPjs*d_q@VE{=1~<&mP7ad2`k3DEPJXml!pwsXHlCnP|#iR6?A
zsN`0I<lL25o=pkY=14Vy%XCJVb8TqdgtpxJup!0>!%^${-8<R2L%z21!q(l~dOx}$
z4I2eZDgZ`g#p8_c7UpqBSVnX+?sB=vF~hJiV%O6%T}0;WNVdY6TnNViNzRQK$BevE
z*IvGGhv?xvVSk(yDzULcThJwOvJ5_8DhqJfoQRmq4AZhxsJWdJ#7LM^$z(*;*;XyL
zS?}X;OTczZ<!TIX&68p}F?pwQH+aoIGxiW?R?{cFNxX$M#*(31h5uPo&U1q4rsHu}
zT$L}~ycfOy)Qr6Mx3jH+!dsu`L(%kRp);G5-;X~#PMFMwoo<IWT&kcA&kY>OZr@;9
zj31{kqfGjfs<=F@&nLjASF<3JWEa8-%j>hFW20a=Nar>U`M7`W?%+s$4vcSCS))d&
zcu(=)%TH#@Xlz6<gLxks_9WAyl%3JMBpRa$B&B8GisV0*2^LMR*6wkf#{?c9i2$b@
zP{5f4jZ1QG(?Y3!39W}9awnoIP0v2t4|daopoLFVtI}fZ=iUTG=hZZ0j8g}b3rVem
z;~;=(*oC0GbsC#*Ho*!hkwDYmK#~xE*ksPZBpLV9_P!!rdqWMx+?*C<@#KMukc^v)
z?Y^YfA12Ijx##g3+F+{z!7C|6To+|u;9cg@W;ak#sJYxD%RiLPRpRLfio;%{0={Z|
z@Wj+qm}&j@WhxZ%41yB$S4|{*-ykEBoF_5OUD*5cxyjfBpdMQHueBcR(yZyI*4-v2
zq`%v}uC?}j0owh%|Gl_}8a+%n6YZv_csui|T+i%jd$jH;IMv#|d?7IAgG}x~7kL(f
z)kv+ZH|g-B-U$4l<VYE-y`XxMe|pos@L8ph-svJH89dd$M%_GwXRp<wTPd}x-Ut<4
zON3;OWi!V)Z*c~lhM!E=G%W7G$@1*f3*iBu+v{&kx@5>`^r3b#8Q8U96E^K>wbjY}
zb~d~VgaRzV5|}+vI6>3dWY})?`r}b|Fy@SyUrEKp4<Z0hgtkzGO}=(}g!;CTy`*0*
zMQ^3nv&F>9D+h{dN3vi@dnuRHE&Il+%X5Q+6O&5|<I@X^WJGuw)bKWZX`@cK-7SXO
zK^^$MEX%f~c;8htDXxkVHyA6rx7H5Ew`*-W=62%)ut#9GJ%_;aqGFbUdjxi8a$E4+
z^<uv1#}&vq9B_gU!kgKx7)J_>N~gD0FX$KfM8E;C>|34HMMXm>Ml_+BDjYpzY;JQ$
zoz9;pzEm{f8;%D@v@`-Re4md@JvAVR3nBK`OR|1gyhrpk<2e9ApjcmAr}7ypqt^`0
z*MQe0Gbqm-wE7};Ybuom$75!yiZ~1wBIcN`>R4k4d}ogC4SzoAV;0=~UVaY5)8<Rb
z1EZ-{6v%PW$fZDjxE^kKjH9NP3xdIz+~*c6^Wbs{dAIg&+Xze5ODY40IHe-pVDpsd
z?(-wfB8#RCOXl_B#R~`P>F~fBEq2842olc0v7WtoGIrkWiYnZ&V1>pE0ZWCN1c(SW
z%h!tIc}L#Hq4N0thdG=szTijuDYA*4%eA~E4nYN7mg%tpFDLlzErtsAYR6P7q{acm
zEXPIZt<%$<`zBs2IUb?z6$AW@HInnhF(gCb3qJL&`{VF?sRnkz?FFaqp0CfHEa~?s
zD?}4Vy;@qW)qeK-lj%jyoWiC+IKFJn)~b>umPcNm@RzEEem4`YPp8xA#nfn>sr3?n
zGQH|2&G~v@vf28-fs-V$Jo5co?I#7oyyeT~XRa#;?CI><IR&}G;&$bLJ?CAk77!co
ziy8GME3S>C;+Il%&d_WGwxd0OJqGm4cemSk8#YHqoAgyL&cVxscy^;=a|<1v*Ep|J
z*@kcSFt|$lm}+<MZXeYc$dB$AcA1=m?<)ZY4L4`@vNKz_UrYyw{K3zjQ<?h@Dg`I(
zoc0s^Z{j$mp()p2f4SN<;4as!0E^}pvWcml&RG{ERNs|P25qfwpnZaB26DuYv9=~@
zXq;1gQT}GUV_HvZ8I?2ird}>+Y+RMMF)Ixt&_JVvr(~FheEK|AyOeT_2E}s}TnP;f
z6flqVywDe+a+sQh4&ms&lO#|Z(A3ZsGpQ*Wq(PSPO5p^u4<bceq#BMUVnNz?-wRIA
zq_+4(O4Rsy*b=g~-c<{83WZfllW9ZB)O$?rBVkU&<@BqCK-J8^a6-W~<1t@zH>j14
zoZ*u`DS8?J*+h%%`S$wOqiT*ZX}g7?e4(66Nm;mIDNHL%l}fpYNhGsNjYfltmSVhs
zNMVGM!gNeAkHC(D(gQAl$U>VptTx)z)<L7SesA>|w*hc>v&aFJX=Un3TC8?dJ1m@9
zb2rb+S`;Ba-eD6ihbH2mdfw%h-pq-!tU?T|+Mcel83rK7i9QTev{l?;Ev>_DNRT5}
z+Wxo-7I9<9$wE%E7O|)c)W=@wQM%iTPiq{qRaf6-t6`HCt*$+!%@gd2WzsifvOF&G
z_2pzyZxerGa-?d<3M+z*X<XEF!zt$D`rSe{HBI|I*~jwZekxTG#__7=s*<T2&9y2g
zqi;&bX5><Ujt^-UmPD71Q_t6*AOg)g(FjiPPK}~k>x?I~O9daoU@K(?Yb^HOz-1M2
zOgyb=G@f)LISbs7ck^)zavi@Uerf-NRri<+ve9`I9&`bHy9UGV6SdH416`fT(WOiq
zZmM$vIcURqt7d5~wb&kOV2wo>$5(3o>SJzsEGR7m7@(H^%&Ec#LflV{lC)xs&~f#I
zuDGhenP>+p821kySB;4!&oukmwYkeS@d=Zm55s7S9<L%wEz)es8}`7JBJ?A*YO78m
z&H?Hu;h0Dey|dYDtMo#BtR0;A<0jmrN*+xrf%7jVjKc(PdvIIz!MGmF2Y7QzQl!(O
z_FefrP*r-9ura;Cwc1r3B60FNCf3W>{BL&um*~Zc9Y7P}iPmN`^Vb~@8#?W8HaNu3
zfA4utvuqlNJGCJHA=FiW{uhonZd%i6zj>8U+%Sks*S8b1KZIcTb6nPfBgL6nOy+jR
zs&O@<pwEqS#$6%hqM#U56A{U19Cj=nA0jD{)T3UN@cRQtl?(o+dn?{vvV-GGTJOP6
z%bU;QiU7OQl?Y~`>>W)jb$463q1+4?NW8HV*-5C*-Bl+no@_q)C7mB}gRv5cj_UJ2
zv$~Q-uVFAOawZ)Xs(6I(SFc^ZDQQn;G2d={=i5%QjC1D#EaOf=G%s<TEN%1KN9wo*
z`>f9-L2R~KMilaym>w^9b$&gFXplo%vc7N;#eMVw_p0b}R-0livu#YpY{Pc@7yNJ;
zNyDHhU+euZ9xve6LexPT1$}Q>L%*_63`dNEgXUONTsSE|!h7NKNVXx^g`G~f;v>Aj
zztZw<uT?4jRQ><T)lQz2Z(JRTBd0w&FL?3W>Ub%{yg@<8obqBb%+2SK&*9~=0ulL3
zZBHKOU%&lt_52riohoTWS0C?H2i<Nk_1dW$7%&@b!sotg8<;l?L#=W^0lJ$z5ib9Z
zbkMQNIW)`KOn{y;)H$03=$=c04Qwc_iRMm$o|#$6iHj2U)S|}J*x?Xjuq4<8L<`yS
zE#36L<7X0F!8S{m%qold8D%atWA)i5@00RQK#T6t73H|$Ja2Z}M9DlrE<bV!b!~Lz
zIWL%GZc+I{hR+Gs-`J$!9JoR0*rkJUqg3v!hrJT&0UH+k$L%N^9U|e5jjSc!7({Qv
z3;Cwbt##xEqtT$-j?ySYz&6ch>BJ%erx-UU7$IFw4P(YwG(R7$ZyM>3QphuoBu>Nt
zF@o7$X`N9FAQSC&0*wrx>uMWx0gXGv7jez$iY8|RgF9ih!?b`wN`d13Z!5gia6{F`
zi5<7^g_Hx@!^zQbv-9&)W5W@8o56{F2A*|B@wTV6aX5_;pd5T@5b3&^l81Nb?8)-a
ziZk4`#_#!v{zyV~j!A5o1~+vqKsLo=3DP<2>5??*)EFDmaNU6|>4+vKqcYjR^z!}&
z=f!##nfAuayksou?K0`~-o5ij>V*(iS16`>5@%^8kLs(O2-R?SwRUd<H?>VMJ0W>M
z`7MiM`W4C1@$^Dp<Ir08YQ-c9=mj6EPVZj$Y@kE#da^XEv|3v6Lg{zzZRO~CsbqLG
zt8~V~Qc7Vx>E6lD&CBO=)%}}63!k`boVuzpdwp|0IVU}47}V!sY_9q}QfSqiVr&?O
z;nIm(y^1o=@$JCigM<cn<+c>a05+{cWKx#iFnx;CByUtm)Lqo;L}8e;lnP3;IGU94
zVq_L%*^(N{2~%~@*d+$H>QxV$wKd^(pVjvThZ1UojD?l~@+>(YTPRRPu+`rnLV;(v
zW)<k+MLqQ-K@GHX8fZey>A9tIST^r;I&^3Qi!qhz=dK)8!`n?n>Mdh-2~3FOzyvMJ
zXO;kPOfeWFLWgKh6i@=fS(uIyq+-nkD7r@+<eE!smEE`HWW$Juo6H;=*%O*KTK5iX
zApOE9!iRL%?9Q+faq-H&o^BoEW||Qj7{Mqv)j}(?Yh(xvaCEPaQiwBN*I8<i(JUqy
zA~_5nojTdkI%Y2KOqZu*7h}eHs1Y-hME{mddyvVCr`wjAfEr9F9)vP1{^><q?!SR!
zLxssJ0Gv=SS=l9J1e@GAEkFs?X$~32^tHGP5rd975SI&uz;7|xK%eGzKkaHVfec*&
z$%Hpj8ClZFyT5J(ruc(SRDQVq-3snV9h<kj;}D^Lq?uoM)&l0Z`~8rFy3<ws?5!(l
zy;8{2;i6)W9IaALyU6<8+;i|kD~t?F@(;*K^z6vmsEsJPA`BF|)+9^PgCY-BFiDcQ
zsXLe#l-VU%X!$$Ubr+M{7Q3rVpTvi_GULg-Wlk>LB(KUF3P`Vixf`a=KK*u@`u>Ew
zRTj?<x^fYKNsR*Ka=9?y0+9JpF}47YI#f6so#H2#z^{$An%~OOt!cgMiw~O@k>KjU
z{Y1b%6BIN0V*7Fsf=#$kZM%{JERLnX)ujWAMN45!=IlsZ>|Ey2E%iiC`zl@Oilf+m
zM3^?5tm(R{D1jPIAdAl}O^r)YYfeJvvez&}OI@eTT@!n1xWW{pZ6+IR-z=9B;VtrL
zQ~{WbeNWjQkF7zwxT4En$r#q3^tZcQ(7&Vhl~i^8a<o-ow?-pliINtzN^ohT-L9n%
zWE}uPz~g#9zH}_mIGWEqj{mmOIsX*KO0qg0bI-TF-CYax-|^*|Zf;k(X%5{bHM>MO
zZ<v+_5J3d$CHE>_8*(IbW^(y&drD+`<kFl%kodfVpKR-1PL@e;=f;?HgovlNI)u!I
z7b%~Krub!Hb@6R)!(Uhilg&><4Cr$vF8s9*PgtEXxqUt%=;?<YK1iv<8<viMm+yU5
zld`{X&!*3mBDr<To;ul+QuwEYdmo+uYg$He{V8@BhXu9vTp;C~6Ffr#xi+n@rNL0k
zYle(~K@qd*xf$2sz<77tb4A?p!ZKb0d+n)4%gIqG>deD5IuSJ}<-}7Y;{T@u$vM${
z4%NP5(2*V6<_JLhP>aRgYMoi~r7NS=+;|#1UdmUyDUI&%h>1)8%eJSl@Zaro*&|+@
z$P4_X-g~#FZ7g58S6xdg#D0w@oc?qyU1I1#Ec>?a!1jsiG%r<UiByci3@rNkoY)v4
zM!*yzN3HN^B8oFoO$RZxy7j<NC6Qxsv=~;np@|yBo?m2_xs4UX<dgsj90SjIf<{*{
zO((t4sAlmYmUavR+fb@t71I}GVnazs%P!BRU7`@ig2EJ0BQA*N`#2)kAKHa!aID9t
zuN4!{;SR_fSzOKf%&Bi{SkGDt0%9T{Iir~y-8yr!aicERR%<suex?4x{-h~X;pi$u
z#ozaJqU@!u@3ITeX`~P9o0UNg7L0`DEG=(sEnO32p}D<aHy6RHTl$iO%nh5r&18*?
z>i|8&cOJ53EdWYmtGwO+-xSG3LuNL&_Kub==+BF2mxzG<qv7ie@Sr6ByK4a6e_Y_G
zCR8gi4!U6>wjg_zJxxN>6h-Ik3UQ{D%D_wYKnZB**m@jdRDl8Qn=5yiL++EFxa>oQ
zSbnZ`MA8o~pA1$2t6CbE&KZIa4kM5!9i<ly?W=?iV%vjYwr(#^S)|MmZZzumu}Lq+
zL5>yqNwwMwfkmSKxh)++y3b&G=$Go7bOdQXr@eOB7Z78%+u+!3Kd<Es8VSoJPtvl%
zQnrD`-}MG*TN`59$z#2iQGCEWO6Rbep6?l1qVjUY4iZ(5997MvLZ_suQEOqGq^O(`
zN{y9y4i~u#qbfJDFjwjqN*o~Jl=V%`wW@PXX#Q+#3uSc9jFSS03e`a+0UjvZSgCZk
z33Zjou*)jXEdyPQN9sx`fVRfJc~et<c4_l)dobjtW@Wh*-si68PT#uCJ${<=?%Pp_
zvj^h4y<2IT{qenRL$%3gFcbfmT0VfuQM_nMrc#;iRYH8sW1$zFZ=|tH)wJo39w2}R
zJpQJgV-He+Og<*YW+;=U6HZ46#f{D{EFCpNSRkdIR$Lj!%WaHOBg{t2Q_3?e+*A%x
zGc-9ej>4(c25uP<s&fm^UpkN>yn>{@suq6KipjXlz59MlboVXno>&me3C7uh5g46e
zqIz-Ap9qSB@uum~MeLX)Vz`j&2DRzGuJ)P(F-BG7<4Jq62r1OhSa)tG!tiu^+e!}~
zKd2w;@j2e_t<zOG%g5{^;^D(JVprd}SHu~2AgL){$@R@9xw`m5J=9AfP2;ed{QnSD
z5~9gSlA1ZrC|RIea3Vh%tqv=301IN%j++CTrYhOy{wEx*#1_!^NJz>`sT=27DD+pE
zfk(gph4LudCZ-E25{gNa!PSBhQ%T|%_8$`^or48&Yjh$sNkz{GFDm`Pad~UQsAsV^
zkiw6WT73aO%)qS5u%CilPE2KEr4`~bmoYSBlp#xOf@lObhbR+dk+MV?t!Z9c#pZ_z
zWO<ZolBxL>3<p$#;eaL6%zWBDQCwuz!~*(|kXa=usu6+!^hVghlw=bRUC`qvve%1J
ze!;i|-+!nY$E5`^7mAU`5P7fw(+O*>pmNAzBGWm;Ax^tBcVZZnO9MlOzE5-aDmQ+z
zJ4UNy*0;DDNL9hO;<QN_mLME}NMX~T)ANhFs4?^B`Xcn~Ay9!p@@T^WC&D;oCQvg^
zzcZ$gk$wNXMM*>*qZD3BH79`TebqUrDr#!W{NWwc5aP|Y^`KRk<lJpS(;E|{-`1;F
zieD*K*#FjKT1vV1Uww|8)-F*2+Oss{ym)Zw-j5qzv3eMQ!RE?qQIUtD8h}g|>BI(%
z;@3#!{&L1Ne>t<KgL^5`O_sD$r$zIpjh+fo-q777R6#TDVVY~s<rGLJ5{?=tbP3NI
z`J777m^li>5n-!ZB5OBo!0WM|EN3b+AzIi%Bn;YPH)(e)P1a1BbNj%M>4ao+Ubovj
z5~U|qX`kgqvmQMUB&Vb8J5>9MP3~|#&tL_*p<ANa(o$J6j3H&x21J#~tVZx*<Qt;E
zF<{`7r7os7e0qrFWa1gM7g|jktTT}s$Opcv@+ig_rwYzG42l?}jalcGV@ng2!NOB<
z##KnWY+9XT;R8XBE{S|*GWfhq#hgA4v?U_b;90d7t^_V}T&q6g$bURtuZIl53`bM)
zqf-m|tDg(moD;r*5|jv$M^iI<5}i9Mi?yAi+?1nUTy>U&Qid9Ni>Q(}M3+3?EUlnw
zC|{t?3FXUW*xNGKy0loXI?Cg!Y#$36%47ej(7IXSNA)N9sU$DmI1Is%+^iSouu#|S
z$S9G{6arqA9)@B&?4akM*sIahfh-6t$_ycRlv*WwKI9P@*J=#TI()v;oE~%DVSJKn
zTUO&k!VFKDL?eHKVb>2!Hu7yl!!Y&=3<_@t`G6n`#jTP@jM3ocl9VaO8KOB=L-zdI
zQHKQ(!@2y}ET+@zsWtJ;wzIR*i+l_$>Unz!Sxw_>P~mN-pr}?@$Jb#TBX~_W!t4@s
zmSJKR)5DG`ij#_fYva&Ho~l?$`23vb)c`_uDb*hP*}6DzU(#SqCz7dLbD1t+OU=w}
z3iyJlJ%n#+Xd4+~1Y<4XISdrDlT9kj6r)02YBD_=<3YF4T64iyY&04pJyEAo0eh?r
zYLKt!X?w&fhqa#edpUv1K`Z3*#5mPb->_APjlyG4Wc|uTNcId|{<|n=hyA=Vt@-IV
zUe}H5kdp^smMX(@xBlsqYvi*B92CWhJTG~`Ij>!5Z8HSVul||~z<nk9z!mai`4TzH
zx7zl<0#d*Pt}GXDv(lWv?_&|fM`p8t+dPa}&E;2s=HvEhE(%UI4}vG;>GYy^zy;~(
z2tMHDoesQX26SQ280kz<E#_vSc~LMpg<cBrNm~ph1;7Q;Dr<gYprDC(5!9(8=a6gh
z!UD1%S}264UyoEfc*1|Pz0uL39ijW_&ROgd5_%DT5rH0@`%x6Dr{q&8+g5)t&7`?L
z7}Hs$%PG8P%4e^|B|(YR&+n-`+5S3tn<fMyXucX;O6uXe8Xi5fNnQ<gs%Bx{6WZoQ
z9EzY+jf+BOfU^>T#~tpB$*et^orxF={1CMARd`G%E$Ie^${fWkd!gz0=ts;4zhC<y
zE9zW7g)n~ELP5*^rDhD`+soY@_Re5%d;1~=nfbN6VhjKAiGA<OV!Ijc50P6P{I1=l
zxv=5_E3MAfrCd0ht?Rz?%l_O;`KcMh5q=8c_(w~qVmXohA>GRu&>PJ>hRDFzjAGmK
zfyqvW861{HS~A*&DOfM)M+;v_718+=o7OgEE=z3^fgzDqsw1cotEOqaNh1wSsIEz;
z?aL5T8%@VYFs;B~4|FbZwl06%o5-mz<G)K}u#7XQflWoPMYrtgY&aYk6uR2j`uV)$
zX*3gI<C4p(Bv(!($mzV*>=^9t4yh~7q<fn!tDmtJu$ArTSabptYB3bnvGymGHMItF
zUh|o9F11>mD>Xg(?yWVJS0c+8KfG<A!$5Nv?vgxKnu9H)Xs)VSNSQU59aTpgO4OiY
zJ@E~bhn0rJ6x7j_a#4Yp&;+v`OSluP-ZUWce5gw*FtE~jj-&QthY=E|XaDqrDLOAj
z(CyVJTx4fhjAf>i!4Nlfw?AW(lT{1ZC~EyvLg|c{ZPaU82KJDrYf@oX?E$_5vgWX(
zlvNb*y4bo`R8iv+1&Oz-I_H8*!-vF%-%a?pn%dl~?LJDILOr+pbTLCmq)qvF?w!vq
zNeJWq;d?LUqLbbm9~nK5uVDr;>^n1e95m6&Gt{|l#hW{zYZeNUni{;q>5Omt717r@
zg~y~OWxA=NNLzGfE~8SKBqR^Hq#onESL0pFCZibdddHZnlP*eSf}}kMPIOTZ?@Xh)
z1T0F9kh|J>Ix)KIo$V_mpZK*7EqdeF4=YaFx&yZPTC^vgZabBbsqsE^TNN6ai_UFv
zQN43>wQWj56cHRh9+7>rO&^wS^6?d^{OI*wL56ltKkMw1j$x;h*4S9>{PJIv0(cZ2
z#T+E~`Fz3EI7+1JGMSO?7y_V!zK^7442IyC{w*Y}`k1zSdWSb$knuDz+1w$k+2E}^
zh{R?ADRq`3f1z;2@K*fPat4_#p3`Jjg~>MI&nV0+ktI;}d_>$#-Pxtg%Cy9Al<!(5
zOBD{q#lbhEv4TQfOWY-`dsw=M0*CgltPy+GG`>1Wx>k4wkKQVZO*&|7!tbYS;z#4&
zp=-~(2TEQOz5G8n2oc$N=?4e-_rDsmc6RU&&wdE5i7Y4E)u-lfDNT<2?}_<vCSW`H
z-v~x~L@JT+pM6H!DiBitMvJ-A;m$5)E=)@{rKY?2;VY$z$B_BKHza-zh`KAuE@|DX
zrF-)VuavWKMJK3UrJhskHX#!VOQoJ_(61miffg*vpImCw$*3R4gUQ2N`rraTg4zeN
zl5O|zLL@PBRBGTjI}15`P#({k-I_y7Zu-bX7KzeRY*UuUiT9zM&VvUx`o_9!`VP1B
zFNmBdL0gvIN|9$AFhL;8+dfme(>`2@`5*#re`3s-05hZJ6Cm<!AF}h|W)CnSF2b3o
z$Y`2|`^&GdW*dh*EanP-KwL;@Cex+WE>n_#1dbcAKIMD}E|(pwh-=I=Y+rHrNMFjk
z$VJEfS4l29a|jkZKFlX{3(kO~7O(!OX`}&=7$SHa%1r)TNE#Fdz=v8y$Sw(zl!pM|
zFYtS^Ao!nAbm#bS+zVriN-2bti{_s!_<UeKJxmPwT%T6lA)F}muKp_wshS_*@CFh<
z?i_4cFFgl-k6Oi-7;w;*&W^bQ4J~!!p>;QhRDz;pOV`mR!W8H(+upRoHC0kI5s_PB
ziEw<{*M=;(-&zQ=NF<Xos!>w1nFl-fwKyNJ$Q#R&Xo{d%oG04l(pNbXF0$)Q31iu1
z|0S`Qr}ozOXl7|5s3X=e^DY=?#~R!i^9jo$=1qA?MNoCtZ?g$qdFp?Jb9_jK-kS5#
zi&{m6t{Yk7uKA8T0i7Jms@sdnif5)m>fQZBld=>gPh77Ua34>W9Dyhv&;=>Dq+(de
zxyn<FgJXc1shIC^n;Qv(^k^vR20e#@Cs;0p0#d_98#NaSqDdAHc(<}NoiuK2GHg@-
zuL>0QF@uutRj%x%xat)xqgNOQ>lQ8cHHuSOm{820;*BK0C1aaTZ|}2Tme53V1Ki{`
z`IX`=lImoVlzk$Z8p~Ak#Crql^#b|z8#1Oz*0hg(SX$rM;%AC+IO?{(@eiQz+xGPg
z-|J?UBAJ9<%MtaL)3ci!%{!{X7@Q>yTQzSYU}gZiNIMiXRF;74YRB`QAZZ_}Gc<@r
zTKotWtQ1Tlt(0+<jH1j<`@IWxIV1}l?|;e~>1e<hK=PP?ouE6GNvilhO|jgYYG30;
zm1Rv_v}GZ5F>xqZxLg7{;cd*k5p5W5fK-aBYiB_v2X-dMtk0@5VlxezC@Ubt`^j0I
zp8SKgm9E+<{Y`J6;!HXHB#_)wf4D<G9`=<3ersc`RQ+Lz04i|$lo4$WhHD7Bu3mVx
zMJaiAMN}g<8USZ(+qgciBbTn%(=qDzdY!Co(2)Vgc17@<udM)_fo2;7RA7ozmZH1D
zx!R&abwc~I+vK*EcSh`+o~wQhN3DA!dbLGc6KOYHk4Pt0;cR;TxkmiF>bSr;P?S1%
z_D7Eay7UQX`m0kP)L_O*S!cj6xT+`$;h^c2alx#VRvk$pKc~ly3PtTa=j11-<<$qg
zXlYk_JnB#+Npy5t8sg{d=Sc^rgxiYhDY|hl|5nfX=Uh@cwI@yGXnx02ayX*^%QbXR
zue$dG#jLuPo@V<=3!l*Qy=XFMZQX<CnN^WoQY6{7KeYWLX&}v7d|{<yQs#5Fz|8yZ
zN+BOp&s;A_A*&GvdR_$e>tBY!E2BQhK=DU;ZJ;4Azn}8`q83!U^$m8X25A<2YNqPc
z@r<0?r1Xf*ncNNlZ&zXE?w!QhF4hlKPxN7s0Dm>r1t&<2NjZB|IMqS=zDnOM=X>52
z&}vNPu$SW&E)@3XIHS=^JDs#!)8Vr#Zkm~qrBh9su7X6ET``B^7Eu*W&+ROE-N$xx
zjE;AtlDd~agL&J%?0-{xR9{10X5QY&#$+DuS#N^KwcZ5r&@>Hr)|!T|EtMjcx>GqP
zd7bH`)$kzk0vvNb`>UAGl8ovWw>cnjl^OH+pio?IT%I54cfu}&|EVYopZr4+W|Q@A
zp~DIhcwzm^VSbRs!jH?RHO0M_i1LhQqhuFlYp6z9=6Mn&V_wREH7)Qxn8xKZjSD&M
z_1y@XL6HO}MXyXIYTO|*2^Q*n+~fkNaKXynQ0D^Stb?X8?BztZO72a$W$Iui=d-*i
z5ia?r?nIn{i|`!dI6K$WK*_=eifB?#uO>#mRtQjeMrz4&#&E9kY?EEa-K393wjm#g
zhZPxDsmkR{lW4J1@8zv-<FL*JQ~Ts}%$YWCHr67j4Fx{i+#Kopq|#7d74AY|#-8A0
zq?Hc{i&+)dbsGAL!o*Y_3B`)!<?=z+=`KqaP|kkQbh`5sZbNH)oYQmLM*9&zL~F|p
z?XXhB$<S}zFP7pDx^!gPd&<Q#S*LMt2ZSf#mB68MncUt*5znlV%6vntjFz|8n@%js
z(hbX9D-DmEyiV(I)SRv{El`_|Axj>Um|?i-%gqflR4@7+zEutsN>#oIz5Zc@b_}dY
zs>%~a%1eqZEl8nBQ%X%=(yG~Lxgcc;I7t}k4q63fd9_SFym}am*ofo~U0x8a^6-x>
zTDL3Ct5j{MbPH&_#LI;CHgq1NO9Q5^Bwjo@@<r1(va)O<36$k_boZTc!yPh6hB{oD
zTSzRXn>B><<74`AX`Q)~9GS2447eeYEEKfIMDAhvffgT1KJfe&tlpu}PB(-}Db`5+
zyw>h9k!>qR?X4OWeSI)tE{pb*l0|PisZv@`sAE3Xs|kPQP~Z=zA|m{Ml{$y^?TvKz
znY!;DZ^AluAY>w9u=P#)4(wtn6GKR5^zteBQg0h^XbRd$LLOM#S@K6U6ywc$Nbbdt
zWDki?8b_40M^-Zgo)TBo=H+1zr11#J()wUjZ9W9#NFHOST^oJ-+sm5xQ-4VQ{Maya
zX!PChHUxMb-c&m#e0q+?aJ^wCNvJcGF&uQZoHS<AC!`ypG9+2G;%XWxv>m8^dksz#
ztjmXEuHi;jbA)$`gF)Ts`5Yk9r<qzgzT5WF)&NqN36g|1X05<0){PdinF#9;qcMgH
zx_4LfiW*UNwgZ3{43;wf0>&)Vh^j%M5Qe%yZ5bMAatv0*xqQPf$C1XO!mJlZ{Ru7t
zBxaMfUy~QL>iUKk(=x6QR=n<yg3|f%Mr|rKg5#H@rP_K^b3jHG{o2OxM$E%L4Co6k
z%q+5AN3d@JA8VMI>DEnn*)+IRXqH~xcg(upJ}?7^ECrd<QZd5nBdy&=3nDr99<bW#
zxXmr&n6!q<hNm)+HpfOr<%cab<$SI-J)1e9E^jm%@T>Xi8cij|GEWgfyRJ`eY<j{$
zl|!ebfA<Bup=rW<!nJUHbrV$z;IV2ij|q==I}k4CCc6Mcaj(e%lbW<R9>r0SFv>NA
zCmbOP5}Hz#2Nul*q)YhAwy0f{RhpRQGp<3A4DWl392XK%%=LFOayHc56)qR^Q+n7g
zm1lyyO>CHacB%V6eF_7q;Lan}Zk{ln>~?B{BTSr;AdNG8&ft(HvQTPV=058?0$s{s
zFFe+bBFIy>rL?VKk<FLzJi7#yqOw$M*cz8dl_AhZ7mOHjPO}%;3aUM=69wd?`J($a
z3p$-%e%OqdbsFbJq!wwzy;t`>O+Kx0UY|09PDXd6sSnHr&lw4awRSiuAa)@2uS?@Q
zON@3@TISYnvLv&0*I8mBJWcQMPG{Q+ON~=dC4~!>ylSA?r!~%dH^IVg*6Bsz=$8zJ
z1JF9#dR|dBgzAOyVW{T-diTy6x8ADa3ipbi&;?}E!mfB-N4Gwp-oSS&XX&w&cprpN
zbUu8Mb|Y|B>^83vh-hJ!TXScNB1N1*(mp~&V$$pSukJO|V&LABRA*-7yoj(B4{o}I
zgI}QtAuuc&GIjJ@^pwI^#!uDniz!Xm6Z^cQzyJMchFzv_Qinvt|7Fa5))`_k+b^$k
zf!zmKfe{n!^klw94M1lLhw{2gBv;^S(gI8*Yvtlx7c1=T2nXDHl@=&mc@##3WUWw>
zkub6v!j%#n)P@^@Gp}OQW)=6^zrZ5Sa7^qb;ZcW9SUxSid*>};{%_|y$>jvP!!1q7
z+NX%E&6SzL9%KP#RQ}%Rb~$hD<V#D8iZGm@n7g7fkv3FHmBH$Qh4A)1msC5eR3laT
z%c-=8sZ1rR`pS^LmK$;bXZlH<B^o1Tn)+^AxDeBtr`iKXae&%L+7o8jUSao@Ar5P(
zq>W_Q5+as)Qz<7UYyO}{YpyOi=NIjYCQi>eVpzS`b91AErPcVM$4Yx1jLx0BDpknY
z&>MNVv^E_K7L-hz@xMa29kbD!_x}P(saU!H%k0A5v-f%b?>r0K%>MkkO=YzQd2JZJ
zv=S$@LXL(v1V*cM&*BMkb#m#R1>YKzm|2?ZmKW{-tixH-iWGv6F=v`V%;=Pcnh>aI
z$M(98En!IGbiX;>q=ifeSQ(OO354ai*@*md44H3o8N<?us$;<0lCP`Eq)bEH7EmEE
z7^5|~4jpLz_$1oZW=Y3#yF$t~833oWuG5#NlQ98=q&6v!7~_-CRL}^!-3ZTfUTZVF
z;(}z<iu(lL*!Ar~r)i=_PcKB&mtz4p`+m+}A*l3ILAFq3PgD~$vG88(A@|mA)mGev
zWA*Aw>q`$Xn&^p0(J^BqIMR255V$IKRd|)uke5QV%Au-&;I5(Lr)ZWg5+Hd_4Nd7W
zl#bM>@QP9ZMs(N0YCfpQ4~&HaFKVkJdMH4SaCJ@)#8sUAiH1xtwLMicN++rkE6oLB
zxary$l3G>io+v^U{nf)V2kq}~mr8vTHOs^0toG7+X6J*(vm{AsBI=Awo}yD}$|sC+
zxNm?_In69v16?$uyvBq(5Hpgvo(0cYTi8E&qOlU9ECulhN;?b*Cq7m(Mi42$_f)fy
zw_QyNl&nQaXZZ`3lR*wixhLl4?t!y>x;Wd+2ETv3EQ8730IHXIEDLUgdu5!4Y__D^
zM%8DzZA}d<g*JrVJ)y1`Ocl|htXUZ;x~pO_#=NeGCA>Z(-Kh&DQs7zGx@GF>ZA96b
zli?^Jxu_v>p;qk8(_Uu-ybxGH)U7xd2-rnU6|ot~dVL<+yMa;7Rokt2PLzZJ-j@W5
zA>HcaOmQ13hZwXjV3<8<+jx%M&VhS4p$$4s+8I+Dl$+@mmCIh%i>5`~-|EjK%X8tv
zlGzA<745fbqchQ#jDVX1Ad$s@$d&IEY@fP<H_`vL+{hkPi+a~moEoCKL>Kb__eu%N
zZS-o?Xzf-*e%kXv8{fR^=wX}Bt1d+<hTT_LB|HZ2C<|d++VgOg*~9(StE%=c6GYmi
zgI&WeF`QdVK@L)O%*UqLJ*0P68l}!K*v@ROc62Mw?Atba6R+qA?<2DB=7ox7U1ax%
zTGCJ$=9KX{4JcTrgrO0{8;F^Z9Fw&dc$2QfK1~ZruX4CUUqWS$lJuO~dKFqPa{25+
za$$(-<l7d6c}2PbZx_xCM#GUFY0_z3B^aBavjNH{Vp_R1=mfo|7Z(T;v4^JjpRhfB
z%8O2*Eu;94j~yC(<(~(M_+0~kxqNF#h4l$KG>1h2^To6~REjN^vC2jF4)wTPp(2a3
zrmOuXe|PzA{cVa`6-uigzT@bYC+E{bNq4*cxldHm7gdiwQUi?YG4St&qekgmv&_0p
zn1>B%Qi;4~OFc&r`u==QId_(5$NLO6G`}z5sie=iMNd{T?wUM}U)sKa1ZL;}SeUiE
z`a02X3)I8(Dnm|{kRWD@szhu=qMOj3yl7Awr-JsnN$Cl%8Qc)I%m?fLd)m5k1P*CY
z{_j)uu(Gf()3B>!_ez7Ak2ONuDo8!o1v~M_EOf>J1!(ZadF><Nh2nQJa;1*&#gvIh
z`zBqrt&|$A-)=5RmOh->S1j<*>GpfKWIw;z37c@f+#FAOL-xbj7RHI9|GB*jvDRy&
z6XgZ}UH|$(hmGpwq4XTI+#!rt%V5bbCy=#EH&FwcvUZ2>5vJ?>#|Ora+mDq#G`cG&
zjCQo?F(lnh7Cc-S<?z)NIHmC1w>wP4g(L<<oqyyblDhx$hjuyP4pg3TqHF&qRci3&
zPxGB}`pfORXJU37sK3wxmi$?E0$#iSZOVnVt^FUhm{MZe`@gVO92d6#e*P;RrF(Y@
z<(8fTN4v>_M;2W9kbW++?WG7@cBKmnKD7w1Nz~iYRN>$5aQ5(>{*!L17&J@H@oMgT
zZ#Usfj*viX`8MiedO+^-3CZLW4s8ILquwEPk)sXY>8UiS3KY^}%`pnVDdn@qkk_QW
ze7nL@%xNvjUzK8h(nVIkA4YU*e+(57wL$(Q7xQD3Jr&wHKeV?giVKO5!z}6UfV#Qj
zi{}%E{Pr!%rZ$kz7JvgBf5t(t7eti%hx;(yTP-)C&*s&rUhZ57tL4d{^&d(N)aaI4
znI{H<Q<uw&7vpL=Msux-#TaJeMxgj5rx@7l-*p3KqxZlF6n%cyu<w4~UsiHlzh1&n
z+5*k=e$m{L&+$1oy8nZJxyzfkOA%jdHQG$zet(%sKE&6B&456zs--?M#r=o_2N_0G
zgv>?7=w1-OD)U@&B<GN*bk5J~P$ZBu3!y3^B>Ra6tf@m?h$J1us1IUdF^QsF?D|{?
zDlW4DtYAF=4S${5g8&7>eUOBsswLLFI#}y5`cxFgHJidrQF@^qh==*)-u`J9!4wb)
z8J!0%EK*G{&&(lOp@MBXGdp3kBc7@4U`i;fOJ*jXPQbQTMtB+M`j&PA%_B4F|8tqJ
zq9NF3u}0}=ctrTmPZT!Jnj(9rD0962xbf_*GC0QP7CK~zbS)xDHCX5zZJ)_8ThUHh
zOt77rdZ^P3Wt<`Y`|{Pc_L5&t0v#{-gTig0iRKfW+28ysXRVoz!o{->3$qt4JtZ8F
zurLQnNES9Lqj%-er>WF4NJwQx^sASLB1er1cZU>Z6y>QDo(B*6;sU>u4YfWYROz2N
zWiYT;zGZc~@-Hho^;iq3TunBr{wqb)`f>8Du|($mAE8P$bGq)Yx<w1TS3erOwSZD9
z1POt5>?=OfNZ0TCfyFSALv^wSM};4qk_2l5D*brqMb=DW!wff{zmlHJv8B9h*kP6k
zSU6U`v`(#$9nWw{vuo=Xla?b5NfB65Eo2IPUf<6{IhO@Pcd0R2-mZC|k{n#G1P%?#
z?a_C4B6<dVzl&1<Y$eF@+eUT!y=IN`b6lt;`fVCESc;jD3tIsH=>2?KRqk)O)6xrL
z&pj@&a3wW|#b4j^Z-<I#(}dq5EVNeGnZ@*|QPK_#+6A^j*0lcOf`59NyD$$)+d(@I
ziTG+YYyJ86pCN;jzhtM|ck?qBFFm^<LRi3^;qRnk>7yU?_a-~Vv-%ZE0CYe{Ndhk>
zFifUa4IP<v3=uYBvM=|VH@ZfiOPfhKRhOk0(%xxBEc=68-^L2B#GCe(Whl8vUy)Wn
z@{Bw8VQehcyI*DS;SY8h6Ti7u^2eQhSl<1WXK;atv&_pf6=Mz*VR^}}t}eosy_b|r
z|G#vpoF)^jfvE_kLJpP}7RLISmbsd#T(`z$s#6k-(;%7*>WquH5mWk-B{S8Ds%@@O
zij-WzH6!%JN6I3ZAjYEI#Hbzw>4g{x^Qd3gN{TTRMHFH5#m$(_&AUvee5y288CfO2
zaHwGyz*|z61i5Ks%z_|Y&b||LvT@=)F-caN{q!Q;fsI9*avUM;n>TXVknMI)QtH|U
zjAB-w9&I1udKv?0-fa2--3uc0*#Lw*K|19qnoWVV8Jk7ii{7?BUG@9Xi)z$Xa!R$J
zFi)D=XS>|=g5w*YLpG1QGJ@^LmEg2eNiyPR8!a{a*w<O8d%C1_y)ixjGOhuQBm%UQ
zBF`vM^CH)$oQ-_bPb+6)pz+>4cqA7O1VCmL`b&x!z57$cEtT)lAr`SruT~y!>Pyl3
zJ@|Oo1e-;m1HG_GM03(YzB89HL-JhuHjzo-#J#r>N+b5fu?;<m>Pz9=3we0BKmh|7
zzl$ilO%vq6P)({q2o>Ora~snE%{F9A{WSG|M5}MC)OxBbTpIwK|0IQ|frh=d%)o!-
z2X$6vNJwrb$5Lo1y11kaqzu`H-GIiC^ca6x5euhc1vQ(cx=&Ld!M^es>jx_I2i7^a
zN|&ofP<bS?kWbXQs0|4lc|mb0tV^gu#vO~0(j{xVz}C&>Uq-rIi>Q!BY~k_*9p7wy
zfmny!C|^|skYoR_l7YR&!QFY+L&;7S>|j$D-cl|Vh>;$%8LAvwAx=Bo8Z{%B(~wm|
zGD{gmt&*d3WuQ|{b@?BnP*^!7M22KC2}3bY9pvZ^WsOV;)3Hl6LnT`VM6SLoQ<KlA
z?ABgF1Y*lfyR34eC}}<@q!f~ARS{}MS5=uNcnDL*H2`7igPvt}FgZ1?iO>y66i8x{
zToR30X}}_RzVq?8(b{Q_R0s-ENTzDY#X_UrOjVd*LW%qHJOv1=(9P+ca7cZ69Fy^8
zF)8p!BRhl8-SXk^$iC#DqI6G|Izm%ipjnw4IidwOQ|=_d<sB&(n5k>vQ#mB^LJT(>
zjm<+G;wr&joGvGvU}i-;)A;bBD9M^R$8=p?!s|o`4M&in{;0MpD@wOGUXW6p$i|=$
z$uW)Z;>y4&l13mI#<?@)2G!a`RJh5w4&Q8|y)l7flgV&Df7Q!#lS5{QdUmLZQ%#G*
zs36s7t!^v;vAkhByEv@y^l_5Zq(6kb#J0PX3BQy27GT~L=F5lvb$yz2+r5XfJ6-3m
z4j72|&GtkKbj3t%y^_J{JuzUUiPvRJLh%2TCb;EQx^xGmJ-%o0|3I|`iOasa!tO?&
z-Pl&p%CC;)*b-%iP>~w4l`(CWi!_a2T_%^Z^S@o&4<dz@ER#lMm~BdEh;DHp1?fpw
zD;#u4cWx36^86Cr0(c?+hqR^=on4o*WwgLqlQ5;UTY%I<F7(d|f4%)BVr-UELnCvi
z^B>ZdOub_7HrVRSJ^p<~AXDp?ErK5O%eSefx+0i4rkXs5p;Ffk7fe=_1ai2Lk!rwE
zlgXrA5R-OOhU+|6)1UtNiHF#zLE4%YRjLe%&@Lv#o>wnK0%65aU#1&yVqLk1-`5K-
zxQwN(`7r!x&m!vt*pdx0BCH3&AXz=ypq#oUut%PyCi829=>|zdfx_suzdG7DX)@ZU
ztrhS?AbQbNjTMvt;mjUTWmr+7WoQzCR8+e#(G3lNH`M}QIK=Om2!l9fTd1^W5RsZR
z7lUX5L?`3wPS-@KF9paHE#gw#X{L+<RlBg=7V;JFo*yf*&O_`<AJH>bPnL2Ck3m}N
z4?Yw#8Z!Wqt+*ynWO8Uokt<=Q{(N`dHCWJK9jp=a?)|VCV_*50D`gz_@0%3tbs&^I
z>M)<e<lj07u8!q0uetW`CzKFciXqb3yW*u(nPVgM_3-$o31?*vUJBR)5+6!$Xt7(J
z##lJZ@Sd;r>{u)Ec0oJ+tKqZIN9Z0At!s{AkW_y5d#Nq;(ff@@<g_f$QVt5BsIR!Y
z$AFsHxxdztj1>?Sgog*C5Gt<(PcI`bf#mi|q2;UewU>_$#<&LRmrn(~aT(B;4~34n
z4%~Be-~%<NYq=xU(?C}ZO>GxeQBy1SqIH^(dLh+eUQ>)yl(^CqZB!zzAqkW(27KCT
zr%|Jey+oVM`?kxm0SNu6Dm65Zv!sU3-o!yN@<S7II4a`^xhXDa5tf%!Uy&7p>1sL-
zYs5StR6|sB%hou`4@B2hNR=ZLxgoM$M~6yE_YgwY&eU=J8W?JM#Yw8I!Kme{R*<Zz
zQ29Uuk$8Xr_$|BkFIQhu*R=f&L-=d}zTe531pt0J$TItT!~avZxe^DE0|Nj7{$HDX
zHg`(fyCn$Wd$8I%%(NfV`)<MIBRIRo(H3yx$gHDsW|eZU_0eTBV_EIfW&-k~m=%a|
z(oILqm(AiFUA#Hol|Fg7K5@#g2<(I>C4FR==DT_?rVXV(HsOFAuK*#ek8T&ys1vci
zwbw@48hTzX7;=8uhl!RnXMh>qHR_C~Q93Sa@@%zeyqIP)+^{ORdz8V@n=lgdvq?r7
zH`10DSN7!g@p8$d>sl^MRb(S{@z1y{v#3{&mJG0YX_Th<MQO1k&q;dD0P1&{_XS5&
zEw}&#+mIw0yTukHKIGemJ#>cdqf>Ni{h;nS<nC7NvWh<R<6xv44B4QY>N?kop3b>t
z&imcMa$5SBojc+v(?h?Tp?BO{e9oEc^#-MIAdw^a?ZnuXF6wPVA+YrYjmIsklq=hu
z%HOP`O$1F~n2BOXnNL}xO<8MS^gc(-Kshg!H4<iav*yjxf|ub1mPeeLi&BGTxyWQu
zpdfWb`$wRw_T~7Sgc+lI3DNa+E1jSl>e6}<m~L=#(%O(ESsQG3>bd0(3XqtCzN*LR
zn>tO;)c5I^hPbMJW$1?;3PHEi1E$L8VW9~i#CXTk$BFwwOVl>H6OS7(olUbKfZ91K
zXwE`iYI4DC(f1}L1Oh0O0o(&P458*uh9S_$2rPa1DAF(r`IN8-YT+#rFpuvl0ctt}
z5M9IuF;}yL)kBYj@_UtC(KDPQkyp6@qmQ_RRKDdhSj}$QRn>3@at?AAdP}$mwF2(L
zEXD(fP4W<=b3B6FtABr9O6)OC&N}D13nKh0+$AJxN-A1qnr09dVlF$AG?$JdlKNas
zWI{vooYQ5vaAzxXF>XY0xiROov!=M|P=pE3hvSU&)y?U2F6L|%P6=~DnKRiV7a7m3
zojyso0_Sy2oxk81@2<N5VQ`n7nt%R+9pv<s)GT8B2IIoF72CKW>@L<rBf9hmDegWa
z?zrB$Xh?1K+^VTj@s(3k*6QQ`GFHcxw>`oNfrmThRQ%MCj&4l^A7Mguxa_pR2u?eS
zvu_+E3$?mXJ_B_+EX2vx((x{zZ&`=JyTZraRq?DMX<o5EtX3fjXr9ioOc#Cw@S`Z2
zK1Xf-I1Bh7FawU`2vH-GCV_t1cG59m(6AA@B&1|MHfqfH+e7{QDuYaYZqmP|WqIVW
z9roDyVo|@HugwZK$BLPS)h>3)Rlr$<lTL|r#%ZNoxH`*?fV*=C+7EM{2TxwS&Aa4^
zt3lC*Peht_-QO<!Gy$%Q677aEF`fwY@hzWzktz1rD;5<^oPG8?;Gp+f912<`x^zdB
zBE_U%l8Rn1>i=al^pvQon(At(sg|l#ts2#eAfiYjiz2FMqKm=HHu=sEDT^gUY;nXT
zR||+Q0afrQVR{IX3Tp1uD+wMEq&Om^G9sQ-hXRKfhaF`P(}#zvUV}ytJk+5R3M}f1
zNtP&0s&w?|N<z0c7}}w=IOoWY0Tq1mnI<G`ELS<El4A@h(o#}LDV5aHNGqN6GRP>C
z%(BQTo9uFMDJK~gtXi~WEo7Bi9j^{`NBg5G=3uz5H(F<5wswSD9X1`t><r+h!5_7v
z%nJ6kH?g@qQF24HyDiur3AOex-&k*$(zKkDn@y7;@GYA0PJ6dQ9qrMUVeddHK|b>`
zh7A1mS12)R>enymX&MwCyIG8hZ`UlwE@*FRm!<Gdd_cAUK%h-P2>^g-A<#wu2@+x>
zOxPNUjkt5XXK~pg{(NoOv%dyX`e&%wBesO0ChN1c*zm`S5u0hERaY!E)Wv`Dmo)yX
zx0q+YtDYz@;c^5WN_!!XE#51Fe<DoFjN3x+UJwaVEZ2S&HQd|O8W~^UPq?ClqWCK=
sS<<j<r&xlPsBy=a2<O!{sU#2Y;R$43ESqVh(b{KePR{#xQHop!0Be|-?f?J)

diff --git a/pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2 b/pkg/webui/ui/build/static/media/nunito-vietnamese-wght-normal.woff2
deleted file mode 100644
index 738b78923922a063ef71341687a4c667e763de60..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10632
zcmV;3DR<U)Pew8T0RR9104az76aWAK0BUpq04W#%0RR9100000000000000000000
z0000QfkPXJ92_t|NLE2ofm;S(KT}jeRDmidG5~@&FLV(I3cysfCkui$05Ic70X708
z1B4_5AO(m32aHP$2OGFy73|m$uyFvuyS>~@gs^dd*TyU={{ME|kRkX$Wvi3m#%Ozz
zgPiyx@SMs{;a0ujK~&8tk1#4%@JVihywe)Jefns>jVLUZu6T|2@Y!ASH1uEYm6iu1
zb1wW$HY94768GXZTNtQnmETxKbJL-;8iFIpWU<6<e~nSo3ZH+w3yX~L{B)5@5B!_n
zC%$roB(r|RPuH8-ubVhINIeazDPo=$H81LEaX&G~y|CBs*WRAFV<z9^#PAfMMTY6j
z_nY=VAp(J*GY~v@0>o;uN>W?VUNbKz_o;mRn0}ecideH<o_{&tbDPFLU#ixd;&5cc
zO{8EpSbX*<@b)*GDr#Dkf{jY6mZY7|zmL8Hp|Bof7w2*Mob6C;+C+gR#37;v2?Sp}
zVu(hG1969n5)msElUMzI?kVSoYgHBMG~ht*>=EF<BrxiYxSezQjRVF3YM`Vt<mSJZ
z<eSS@v9-hI%i2y<m*Jbp6OWKQBq4$y9Hs~Pb3g4Uzrac?z;h3hyQ!*?BrdRaGig&a
z!s)rfJ!@PODr}|b)Z8$sQ?w=#35^7yzo7oRTST;)Os>?__MYT&An7@}f29K}&=Jm*
ziq0X#DwlSR2LTKGWKa=Md@4f9|B}Wp<rncv@ts0mPzj`Sf^(cch0deSDKt%1t_%0M
zEDZmAYro3u{qJu=Jd-KqKPD8U6`REel4wXABF#05W=bOyGJgD_YSy5D=ZR+!Mr4i4
zT9<5_qx$c6O|H>cRDqfnm`nV#6Xe}!pS@7BvIxV8Z#bx7YO`P~rI8|Go0RAMZW+@u
zp>oUKR!XCd7%0x#<<BuVh~W49TJH&ABncPdL43?WE*>CJ00_weB{YBvrhuw8fF_QB
zsB@q_9Oz2~hU)`_0ZwQ@5b;`kp=e=J`;d8TJ&!mD?HS<i^+<oaD|M?oD!j$4=lQ*B
zuIbKH#y122AU6YvguwfEc$6T0-tA))dyP9RihUk>Jc<!Eh6P3dC4j1Oj^|3KGpfdA
z7*=}?o)x=*d7u5dC7LM*T#$G^p?bj!jmPXeo?Q{%{-#iI5SyLL?;Ck+JWz1??5C+6
z%rwDrv=glL7Em|KIpqa4&Lhy4M<P9@@oji&RApza)M<uLcM+GT;vIP29dRZmS4bT}
z=S`|PBPFC)(8|t9LnBe?G6<r!L9>yr$w(H)GFD^hKPoc%2>MiD;siL*AOwuvWK4}*
zfCn!@5-7A*8jbFA5g?6f)TG&BIxjj5!w5`l2ttD}f`tbYLPrGptt2dzLIe(^*_`D9
ziPmWJXY@CObIS(ehK0m6hxuX02>>$#0fNthusXR~?*Re;x_UnGpfzy4sk!Q3{xGaa
zHLaz0t$|(3spHi38wbt8)^VF=7ycgv#&nwMv277tZj~q;ZnWrBI9--z!3L*$p>Y~M
zrW?=ml@V>6JAdkoL<$5(Lo;@32FQPLH-d}d(EjvO+<azQgrX^}K_Afnx>Ryd0Rq9g
zqXF1+L_YAC-@YRWz&9d>iBz*6$tZ$KsHc_A`Wr0<fI5B*hJc`AJ|Qq^w6rasC3M#5
z88k6CV?vYI#1f(QwwTH2qmHQn#3)}ZFXG~Tg9Wqo1&<ws|9=bQzED93rBKAcquh{|
zR&_)K*j|8g0gduKc7Avvz$D1ZTj(J_OeeN>j1e`wR6OY0nRDKf`P}lazqq8@IJkI5
zgxXX7JXB@2Dd1d#DCt27&7c9JhSX})s!OLHz4|ojkf}zY2Bn%*YLTnX<$&8Ek0Vyw
z>~=ZqaoT6I!|#mGskl1{_d+g3T#LF9b1Uph%A<^DS(qGL+LHoO5v7b##i`-d2`X3<
zx>`CW^-SrHpi~l|A_s-s-SQhwd<O#vHAY6gv^)S(XpjMP3XQTr$EVOF2WUn!T-J;h
zgsd5@^0KZ&TOTT8fp1*^bbW?4gNz^65i-t@c!U5ju4kFDh1AC$<cuX}9Or@{d)O)*
z*}yLwPR%Jc$hV^P*DML1vKfIX>Fo)o$`l6FtLY{aM|+7WTO#dbAd990s_(FcE;J^z
zDH>{x&{EZV$Ke>qf!850Mt2(Ftou%_vy}<6FMxE(*Z|vn#P~y2`P$R0h=T3ij5b57
zPb*1tLdNrb2r^0?Qv1_1MM{F^`bN2?&C<#5V{I{%X+9^V4F4Z#nn`I?-es%kf?I9=
zz{K-IDKtk#B~7X3sEm<GHEBPHYDLoh<7rnq1WBbQAeHqyM|?GC|0&r4XqL|68!{@X
zQGqBrV0Q03B43Bll4HZ=ds*_TU8<kjD2LlBkgB@_r0Go?sa2fZmWHdlY5C0$d%z%9
zzKW76QiiQ;7(zfTq<vB#h>W=5H)*74%W0xL_A2+*`kRrq_Ew72Tn<V^<HTOHGT&zW
zzD^l=Ae>nMT&l%aE1t%6oXXpDWAu%&M2+b8EUcKtknVmR3;rpFX$Yy#<>Tl|BE$w#
zAGAr;qKiIU;WNHvmr-u@bV9V#X14hgDho4PYx82St>%es-Y!Vyn%AOxf-Xgy$@b4%
zwe3@!*sOzX{%)s!3l4y|Oxb@`#t|5QVdHJkG8%4&DL1W4o?N_Kc5*Xno+u$Rnz)~^
zpfQ!S@tv<fv#cO2_ZMYjb<{xmyz_iz+kMg?{kXig6211?I>N>_e|K8h<_j(Wj9orS
z(F?LBM{Q5cNAs+V;P|dJ>G!`0(f{>$(Wy$g6V)Qxd^KL8oDqj{9#wl?XM3QLXj!I4
zR!I*7iR|I_M$2SM4Cjp}jF0h?QZ*<${`U#8g|j~RO!RjCbm3tm6Ou50`gi1CLV=mT
zZ$D$iI=fMOoeC3P?(GSIon(ggM%LQJr7_p{;02U$zWI2wJR#aC8oY5QJb0f8?nemZ
zN9i4kcW8y6=lGQyn-{L^OQ(P2|DJOzg(p*zK)e6K?%4G3?yR3Xw^tN1C=~U^<nM>>
z@O5E4K}d7f?8NNk4mHsyx9np#sR@w2Zzzq@cmx6g?Z_p^wuH7FOL7J+QmGemmox<t
zL)kK20$XJ$;w)w?ayVOFJuAGRnM*oaF*&y0o1eeI@(KMWP)k}_5DgAgGnU!rGCQH6
zO{>$jb<P_9SeDxpyIRS>Plt9Kighc6$YH`nUabG?y2G#QtTiNJ)Lm(%7+1J~FJ&Ar
zB#IKA%I|a6MTCTv);ey7#nXs{SVnXhKcRu0M$HUoV_Syqw&i%GV?wv6G*(EUfD{GI
zNN7h^p(kFmFF>1A6){=M7bIy^L>gSo`d9nnJapAUUX{1cRyGW)ydg$!S;#GiAaEx$
z)LxJN=Yh=#O%WtSC}?G}`keghMNTi1*8?Aut<J#L3;1|#Stc!x?HA=)n2OnTG>0^!
zNkK($Y)X1gYPg(eQ&v(d4rjW0mVdm?B{hE|_Jb-4?Z{g-Be&#?tac1^bn<@)O_Oxq
z=7Yn|q^U^B8a}~Cil=4=CYX*gD-b7d#D5zCFCrwD6tt_k`0+^`I!B_)wlTJQfJ3o4
zd3Lc%Y6%|@O0N0^yPyBGi%R5en##T+&Ywa}dBYg<u8&_4%q<8tR{rKQ_wPKzzYT))
zZahjum;hKaQ$kG8@&)l4DKV2Sg#Xh%JA%4qBCp!xbJeKp_QTxNV{Ft_3vtaR2NW9`
z^ncr1{W{Rm8UlK4V<Ia)RL&?XtmpP5!DD(wek};9#A9|thOSyYq&O85b4uYkrP6kJ
zva4=+l_r~vUaY(x@fR;U^uoHRBA?L(brnt#Ju#rtTk)mEJwi;!%P+)-lgsiln)E&O
zDQ~<hoNO}Pc5&+QhVt&6xQ8oNoqF(@WB9^X%Hw@5D$S1jkj^}k8~Ep%c&PF@{!?0Q
z4fn%Z+_`yGr)SfkuXncq>r#^9xuw-gJ<Cq{cppi>Tjnu6rh)Q!(b-`ySTs;|pt3!=
zD^)ZAdkvp0Qnu>clNXI%Y1|(1n|lTfYkQ>AUEIUM7%smNA5JDK%DAX6h8EoF7Y=LQ
zIG3ga)v?xJrpY38+m~;@yH+!c)J0JF-NJi$A2F-ZrJ#D7<vaEA3(n<!TE>NQV=Lv{
zg^aW;o%6-ZDPI=oxV~tuo=Z{A-K7gz^+>iQ`5J}#T7rTKUJl_4k=v&2m}$$zGh<`Z
znbu6in1R@~So1@C4752yZxaqWesGaF;LoY+%TnivEn+H;Ixq4tKh}x~_*s*-H+=$j
za5$ELzHoHqJkE{3`W7ohe&VOd9!Z_3F<{Q!^YDJ!nfB`2XJB*q;LPN!(N)#!h4%XI
zJ{LV6g`<pj#}@OhF$&HQ(dV!9_CiptPgBGTE;~|nphg`~oeq0dFEvH<08pClnHHwa
zb5UW7Y%IcIpfr8po|wZK3zLJKHmyrx8;HhCj*NtpQ8XL4(MnoyU8>9g%;SWsAM_8_
zAGt`nKcV`XuQr)S#;H=m9`rTqwK&8C;;#4lHP^Q$0=C;M`_s1Od@ewj#Uk{!ZZzEM
z&pUe8v(mS8ZQD4AGOZ0Az4_3Yk~r=%6=QcK0cyB#|D{{8_S73J7x}T5C^8kgA|_$K
z4huw-4Y8}cL6fcoe;OqSOtprlY@}&Pvu>kalwo`%4Yncr@C^rvRcmO4s6BgZQ8+H4
zaehunUxmPR;=4<@gowltyBP^hyW#`rzZH;W0bl_S;222_OcnXwc(#=>avJga0e<^+
z`@-py&%XJ39U$V^so2ZT&Y{Rz6ew~&2EO^~aOw$O-*Uhx-AJD7Cy-Y8skO2tIBxRI
zSBJCrOLr)zA#hu(8VS^PyQ^?JL2r&>y;^B<_I{X8If=WiQpFK>aq3N=C#Si%>Th!A
z)B|yFN2q#Sb?a@m#On!q>e=l%r?*~sX;osG!YqW$a|c#DVZn-b488Qq;i7)NV5$`T
zDZDBfeHIG@Be5`GBtE9R^vdDVI}nlbxO%H0J6jy_Ixe!ThO160NU)$fG$n9&?Q+eS
zo6%<-7mYRDQ}_p6ivG{OQvUdVidEpNuby7OU(e!scM<i5w^?>hJA=C3(wIQ6Yj2jE
z$qQLnK|Lptmh=%iCZ|{`#LIOFT|4U2EJN1bEwYff6)X}t(KqPlOGP4PWTMq7f=vDh
z1=JgSjh=_Cf+{Mxc9}WmERx&CvWyB8Sx)o~$*)g}EC!A9vokT1Y-XZ^nWOYkN6hss
z*65x!j$}iIQ2~g>GAo;zaF)$9e%z5(k_xaZiPY#u2lPMGu_6=a8Wn(i`S}m}RjvQU
z`o5M)e%|Bt1R~`(R32Gv|C?SI^M70Q75#4cqWP7d_gd)*GJS{o2o`Y`;?+A`Lu9U~
zcjPaF*mZWe4%gv2T!-s$UFu+P<RxYrGs)(6Xl>@_yweeLT|MQwj$Zn5<Aaq7@FezK
zr4heJlB&mFc?XL05}w4q`?Mh8*3{^eM!shMi2~{RnP3sN;4rTG(JgPuMJbd(bhhO-
z9u;$d!<fK4b<z+`(+XYD54x$>td;e&F*eWETb5n0Z|pyN!EG&3i_>Vn+V}Wr|J?ub
zCqmbQdX!Gm4P`^gE*HzU(K33(sF)k;A{OW4>-aC8OVf-qqfC<dx>dEZTlY4y&2E`(
zUpw2r?73`8Z`FJD(fyPDTYoSh{W4glO7>_!292p>#n?4YO}``9k>*&QN9Tw0=Xq!5
z_#S76HE2y)%hvYYYG)mmd)6sD(R1IG#C@1M%U$Qa`8)U%f^;q~+%C)!4hlD527E8l
zUB{r4<0kgRN3jQ1-HZE5(b?)0?{WKz?2KkDFaUiF24K?w05AYxWsnMi0RWCf6sG^H
zoJZ!=T-c1Hd?mKf9H}{vkC>}tN0mijPhw&2JI(*Q6r)-9h(lqHfpw|VNe(c0H(M%Y
z-x{ty%^zyPH^0VvXCLX>dE3>oaBSqoKNeT-q=0_=sn+^K#s4U80Nq4YI9*WuK$wx?
ze|`L^rZ~cC*WkDJ@7)K9qp#EzlXqvy2kL4p8F0X*CAm@BTVALJy1yYJ5QRhw!KB(-
zJEm)(n>F9!tMqB8XD|($D-Ah451}Nh{shttEp-t`ta}W%FiICeNRpJK_|K5YTm~s7
zPsl|?y^sU{ds9LzIiLMrnAw=zQjXt#Rey2-My#0m{nH~VtnBEvO$EFpDOIoE{u7b8
z1TaCKEEs)gR(r0s1-|!<8rvJ1K@s?kL$DPVVKMH6U|e3Hhq$1>m|L5#>Qwitn%e-)
z6AP`n)ela#Fb<sTk}vx=O59tVC*$Ipw#4$qKPH}AIjM{1UR84&(DKDXzkRqgbn+!D
zfn6WTpGWVuIjakT1nfSV9B2)$V#0>qjN?EnYraJ^5ge$**)FW8Ejn5Q&4gahhtXfO
zVmM42`^0sEK&h1R5rfSt)qWAPQ=HqQ%e`|{;p5MLG@ZR4|JxMK8Aib%O3{+&@*5&T
zJ&0PVe(Imh#IM=qj|-aO*eMEE{{Knv{qg>``%?npX{GlFf>OlHP(TW6Q@K1-3Y)kK
zLbZplyyAs_B(_Cd-mz_Wh}+gKp7-*5S*c21&TF-hnYwXD)V=Q<1%da9H4TGzis-$n
z8KYrD-ydA4r8@9xv$Y>ouK{L5(1-BROhw&6TI}<IFbk)Gx>@u69*EO5oE5mHI4%Z$
zm)jqgxX7YH9cX^~khFTenq-v)IsVC6Ie00Je76z=LSkYL8E5aWs7U2}dSPg-L)!Ef
zE+YvNB+RWl)3BHCIhVhkcYfU8x7lsh2TsC_Fc3lS3xAzK-*4}zFVjkNbY305;p}*Q
zOc5$bLN5q`GoFYAC*l89$FKP0JkVqRUk;o_*E;)Hz#ME$7$P_nw=4;A&fc-vt7SU-
z8EfFkb+zVzE+8V&=GiWz#%QgplXCgk_<sKtT{cD<_|!T<Mc|KqU)&Lubnohz2P?QF
zJLX5e)C%`5vpaXtKwm1&?eY`tFx<<0>qA%BL(*j8_a48|UN5#^Z+_rbblllN34}W_
z2G>MI;tCcf@GLxQb=Lfa7NreMK!~3cw@Vx$o2fPX#*JaVv2)|av`FI?%;DCds|@WL
z?4*S`$+@l{L1uz&{M~htmGAIBWrX6Gjzt8Km54}*_P}+#Upa1i9gaICY&IxOlfyJU
zu;}_hC5s;Ucco@Ej~$O$c7$xGBl7fhHL#`9rJCzRt!sjXq@^&S`VdKw{|QpQHFb-q
z&z}uHI)~hT_V5GO*IkW4#HRF*1x6R|v7NthN}w+M^A1uSEM$rHXUe>TM1_U%?Q$_o
zdI3ER)ePPV@3s1;+-wsidA|9-M~mlFGoXb*BJ@gAVr1&nD;!A)t5EYw>hW+zW^uOg
z!0Ro`1uF`yq>s5FOjr`ux2$6<wMB<r;LRdi^3fqC5}lzAaV+<ri`QBeF1?%*%K1zN
zt>Mg{lE{Ne5?}fB@zbZ$;VMik$v<Sqs=0?4iWg;cF@A^*<P(G9&qKA{#E%21;qi@)
z3qYSb@%5l2eTBQW+eyay_4+@VABBtT_y9M9{W4&F%R;tb)xnRUzY_7AgLZ0bWB+T2
zYixQNJT?{JcDUWDp?qUYT#=kNG;C*x-=6+&r=w=RK0d=O4`fn6m{JZjp7x=i#F#@`
z<3b`5M8)|+w3KJeKa@!6llHEbYuycfIak^Rj%%mTX&$jzVn)@OCFfr4#kTK${{xwB
z_wMW9mhTuhX|_GtpDv4n2P#RdFyt)T3lTY_awdXkovK|PzbBf?`s}60uFku*ugsQ4
zJx-h4K^*!=lLM70P>yd^mmW~bhHnu~gdX%NH8C{{z95Eu7K+${6~)R7S^;sQC_IS%
zX**zRb{`svqR*j6(=bzrgmw!1mM=zEceAUb^iQl5t+b&lpdeA2`1rM#b}a?l_4L}~
z;^?S4C)h~$fcSs3!@vP&60DpP0dYc0m<7SQ)j>gREUxS>pz~rHfop$5MA!gZEgR-r
zJH(~&`bKq1+$^gwJ?{x=-|a4mA`m1cRA&`QXCfFec+ik0UOSG?4vhM8dHSXrJIcFu
zP8||xR#Hk)By0O2;I5#E)tiG>tn5!`I9o5_%=%-OAVCO%qge(!CPy)ZAmGboup?W(
zMIy1FG{u7$_)Ew?D7460!w%Td%RghywBP}%%<+-9&hwFPwJ6<+Zn9{Blen0ZeDsSe
z5i)MB-ED2)rpTTn+T~O80LT8M$Be(q>*Mty=bc>(byPn)=2jl>f~CY&nDXW~cP~Qt
z^A&owvGpvcB0G;rx#IpYU&pzn>IN>&Om-!XSWFR04lY?JggfERDXB-mSVJ)ALZdN>
z=DsMX`kcZ|`p-7WNyzj}r_bl^Qjf`o*DZ6&8MdLohS|HuvUfJDn*O!_&0~BmQHjo_
z|7f8_MG35`i5r(+LAfORPJ_Al@<PqZD=2Ea+ls3$vg-3}p8BTc5PF|$OvXhZL9L!$
z4|3n~iNs|m{nB;+d#e?uH<0q07B19Br%5uL`Fs1f^bWvLw=I6*TYN$3Ev7vntb<y@
zjPTZ?d@G&(Q#TB&82cKx<`(kTMQ1M?y3-jf(}HCn?Zh33i57?}STTW*!^idho*)t?
z@&Z+@*J{z6gQ4i38q=~UU^3pbsem8jS=8%7m6|ou1#B_f6|usER@os1W2P9lhbs;H
zn3IgSh)ax0r4wStOFcGXQIXAAe1u7qS<%D%x?|$5$!7ky=o)vM6w+kkqP-`tdf0-a
zMXUer(D0bB;enz1AHQ++s!)3ks|n**Sv}snjWv~Mo<_<x-dv+@2$%1JpD4iumF|kT
z%bY08-hH|qJ1<%kVza}(!jy1qHxxTJJG+a;o-xTTJ^9BB^M@yw64RiXRpW=$k&SS0
z!@*<=e?`V6HDI+yF8b4PF+WpBoe=>ktQ4+17x@}fm7rabtiwQu9ZF`P77=4@aad_(
zUp55SKtuSPLk$YfAdsVdFTMUG=KHkmGrnJzj7pvAi7YP+Vs%H=tB+BlD<qSFjEAYO
zl_%?gOq{c@3D>*)na=_?E5etuGxD@3v-0Ft-quPk92KQZm2vz|J?g9|cssHStDbbO
zHkxQoO>K5qD=dirX9MEe6V>RLL@U`L(iQ_yXO72w&JG3YT*Z)Nd}R|_@&bWgsjY~A
zu_VR!%-kR|9cjIj?2xh`fEB5^%kuX_@VDo5qB_9Sg->sI1Vgll8PWOGjEfot!!Fx$
zy+o$h7-o4Ky>Q&}21^kt>ZU?VifY;bmT)%_;MIggxhM@+PX?EE(&sNKYW0;|huN;~
zO*<{7quNRo2An+A8@Bw#t~8^t(XMMW>m=63lwjx)Un?)Ro|p_Do+*4*u+Jl1K^w^G
zJ7Jds?jAHxU_M8Z0t2l8gUXQLeot2<ig7SRFh*LUt)>~yV0)5`48%aPB(NMynP7gx
zLr!y<CJ2bpQVLG{32kNh>1jMwOU=nT??_ppAeZGRGNOsdrv9Tx%MCqgAfqZLXY^Lk
zYDQvKf-dAkADwY~Zd!-T^kUbVL?$gS_RKsG)7X|{2V83dGUd8a7^+O@z_qYX;?r^r
zun9JKY_m>lKy$k7Kt9e3c?lA=1GAmjF&$C%#=5=9p=|-qg4)HItQ<YktcN)Sx!beB
zF)ht{p-T(1=)qoQ#gN?H?+8F>Zp?G40e6ZAFFk(U;>==1V_E+A6Zeqr11>7JPRudv
z&LVK)RGC3g_;yiB&oQfHszYqTbrWoy@@-N-31-=LqV^)(o#{5+p_RP-$9+nMo=91a
zf2pfaR&Rx|eEs9|U<d~7$<a^VzWg-T|G*;DCGw0(=t4~4L3nV(#|DlnhE$|zxY`L)
z3<U`slyxTvYn*gc8IFlZW~Qwmp_z^gt+lL*7Aa|YuJ4EstM+H$yKY@-)TFezMhDB|
zy|KWxf<}9RclCAXH{NDd`-Uu`oLGms)}EMHH;|_|B&eSVCB$|KJPMC4+$M0dQjIF>
z0GSXr1QC+ZfHAXhn;@#hOK190O4fNPB#bT`9WM*F3BTdU=A|$40Jg4{dr?Kkaxhkg
zouKV(r+NT~r`T&uIpFgtRs8!niGUOgFrLT44J5<Rmi0nRDxIK+{~bd2XueM(%+vKt
zuG}z}G}^KSFH92@`*|10u0q_2S^SF?%tG^4CWzU}%Kug)x2U3FfdFHtX69g!wK~M7
zLSo)gMk-bkH67;70xphch;3H}|F6h|DpcR75XwTfw1JhKp&*KLfXN#U;a(9pVBeYp
zj2s&0OB~0gD*_&C_=R~7nD7i+VeWlX0LF6e5Z(+KEO5VFlEOt{_i)j&ENto$I?(ZO
zHCS779Xg#QAh7^B)QwcIDT1s$RyY?X%Y8Z&?ec023op%N0v}y-;PY<Hs!h{1DGp23
zrVI{DkzGfs^>ScwLq$qQOWBs9;n~g`l;oeDttrJk?sN@ogB>1gXLM0fR1}~AW1zFP
zrG<ei%Mwk=IFsg<K*B2mlo<DVM&*)^X>=?iNKuDY(Dg(}n7Gb2KQa?$qC7c8>lh7Y
zn9uacLglgMcumewLKzK)sDKQt;~*_lPqaC=1*-~rSSbtH7+XMl<nTq7z-5&Hvu$EE
zRO+IN(CH%TX8h6pG(~qx!~IlL6p=<c#+dC}Mnz@5QZreR7ahraE;i?sS*~Q`)h#m$
zS{{DyIzn-F@jqKHQ-YpJIfh1IMMJ7ah+vRc!D=eknyM%;AW+1shqWc=PFxTl^Eo(E
zF+~~^UYU(JWDd{I3ewqEUYNHan5T%=99eU^ws-qn?iw<GSw*_E;IExp%T0dJK~Jp8
zlRaZLuqmb4G4&r#Poz{DZ*`7Xoww@~>j87Nv^k`{{cXmNYiEZ$OTQUTB>X>Tib7e`
zaZk1oJpG3fa>^llB|>BHpQvoh4y!FXWr{lQtlZlbG+X4cTUBl?=5<ak;%(6W4HFkh
zEU3zC$w)aKuaq9ny_niS_XE<2T))UXn>4QWutdb?m4O6eh~Jz-kq4&@_gl^dCLGay
zhOFRUP#DvO`sv&yU3B+|gfZnWLO5%Iy-n%Pw?&{W<*S~S`mOdCbafVn?R~fp;Yd0i
zGCFgAHpIsDN%997n{+W@(ldaRuBE(`Ax%p56c1Ti<Sj@@)1>3{M-f)}!mRD@BZR0*
zK4@l(ko|n-pS!UOX>wS+l1F23(P2yOyLv4)ZUS<)(AETON&R1R!81cQ74*rbTR+XE
zsSthsctQigV7ZiGZKVENPk1pWh*O=2dcsQ-EQ^a%-f5ylhMne88ymOX|GFnkH`Ly)
z6SdoXR!AkfW*OHUAPvLtTo(~GgUf~Po`n;f-Va>5OupGs!+`Yy;oBI^VuP+XtD@23
z`P{dJ<WJ9Cs%}YSHU=^msqO!|Cgw#!b32!KeSJ6ZtjjZKLCd?<U}0#oRgpp>@B}o5
zVS4CrvIwbhvP$crg*#lQ!?G}OE#rA<ReJXH(_24p(i3e*D1Noh!n#5><s`J5Wgmjo
zlrfKvGr4_yyXH|o>2Z#BmsE7}hn<tzxis|I5N(mjpviU}piMXq8#s2WQQC2ATX~Iv
z-G^+Te2hHhDFQk=<Xm->5<M;%M1?Eb6Nz1v12oy*SUTc(+#Fo;PoDz_AIDa*nZndR
z)tRcRl5aE|bIU{F$|4+)0(L;s4k=FsFzBj9g5pJZm{72W_xarnn9LMN3gmJaAmC8I
zz9N~nN}W`8$2JSeL&xm@EWpzfJhh|)ofyz=OoS#UO$#V@4{?eUt_p_)#)GyGgq$#p
z;be=+Y?LsPbIP?&mzH7V9z>s-FYV0n$U&18rKPqEPgiP7(rZeO8AYr~cJx?NOX3=R
zq^|3(<3L<exQy@WirmxSH}I(`i43x=7V)_xC;A=M<2Wd*VxD0VW~bWE%pi<(x|l~u
zxQbW1v<xI2qOuHUmYgWmxRq&Vc*E90*QqqiD0he)xU4I*n7u(v&03sQt+qgfO&$_2
zkRWRzq-ck^(nKvI`<fz>U`+lwCT)R)JwqY#ywNDt5f&_`=R)Hwph}nZTnX1xB7c|}
zog^*5m^@+5X(+bDU~0U^8qD!Yh8n_LOW5BrS|SCgS?wTd${k5!I+vQz^2euVheZ4|
zaS5nbNHG;0y(*tW1zH(eG=2%mAN@;$E-th62g4ZlI&ZYdsi6g<!~g}lKBpC}K=n<<
zkZ5v>>`2&C61`GZNSMMDH>EulyNsG?b~=jPI)#y4K><Mq3cv$zV9-elr=Thx`+CD^
zV#w~B1x$?;=VWaDL$3w_w8e@&Rp-M|_crZ*rT=OHK<kGoK2g6vr)awD0xYl+^ef0p
zfRQcw4k9t8clB%xGz=Q;#3Jb9<P!;`xj5de$84JPqt9JDnvzi*b=}rQg$L(MS=GF%
zEV9*7Q$)$CjU`wY)r~^Kr6ZC4MF6<#S|Cs)LaD`7N*%K1g*|IcR!AA?Q0#EEp`lvG
z0>&W=)7n%DT~Q>oOV>_)W|w9$r$wDmre5tNxp?k2+h>p{D^A^%`DQbhB-L&JH$*qo
zQ@ajuldHbkBtTZjh$f_QxoC5n?0=_6CMrGCno7MM`FWt$b*R*V6<M>(lB;gEu5ac6
zWqoe_D=S*J{!#!!2-Ai2IauTV-DHEIJha?Q!yaP$Kx%qn&HC5UxXyS@lO#gumSAgf
z^x2nTOuA=a^cOhW^L}NWZcfUHUIzsE>sq-oK287xK&<;3^TKbL(o^NREyOJV_-$SL
zGXVT~u1&q)!I}1qdjJ?<0003$+O9%RsgRu`0Rmok#^xE6;TI@!N8h09{*;O<p=&*N
ze62`<1AHCUL)6~+U!%hg*MxJIXVln_6%b)GkMGrwwat-uqpon9_7U9K0cgF4c?C(s
zu?USp4bwqw4u-s>H-A^t65=#vSbwO|dEhERQmjW6Ny#L02vDucXa0_rKY#$NLw6>I
z&<7G}#-9?13jxw>0NVfq2w`jk!;PyDsDN*;YDDOWCkO_@6zp{)jo<?UoHP-PWSt8}
zfKEd|(w-}t^D^llSr5a2mu|s?MPI^#pWecTq+8?@6$khcq+gK>i3}ltcn-w}NM;Ih
zBR4CM2O(}k5J5iuJE@QyLv0s;Ks44tA&`1PDoV;~LXLAI_QI|{9;N5(3E5`>y-rVx
z7xcv>p=G)$rP#PfJoBXDy+fdA@AW+@cp~6z8NoIQEDU~TUhlJTyUM$~DJ_6kjLxf$
z2ivmw5Y}@ayY_lVRY5~Z#ncbRdv>ju<O-fQoW_D6O3sxK+c_EZL5DkfiYtj>QGq+n
zdMr-g6N>h%+I9xxF>de!Hof)9jhcUb2j&^2k8|W1E;+eKz<SQ5P_f5i^vn|`B$ZuS
zb&-_>DMMy@QIc{NTT1X5NUD4~96UP@coNScm5I)=&c8pOUtk)Yg~7_k&cVsW%>xC)
zqEI+I0fdMo#d47;)GE>F45ku`&EfL+0_9q%2t{I5HFXWmrZZ;Tgvpju*V5L})iZ6z
ztT}xH3jhtWXvwk_tJbXBXxl$DvSqu&?AWzu-+@C%j-5Dl=G;Z+xpd{)jazr_J$URo
zPo80L1QLbDU~zZ?QCmk>Pv5}M$k>ZlZ{B_Q^rhc`K|_X(7&S)EFsZMD4X|4@+rLj;
zpya{|1I5H$fCLFp4<q<_HGkafEM-#wiis;sAXEfr64#s0pO+9eE07p&)QZk>G5eUW
z{wRS}s-l!#l;U3D;)dfcX;mti1n(kl8vL(LJp7k`qi_cNB=OiPsz|duk3|{MW1YGw
z=4dv)FvD;WezN%N3|eM+5x4bX4q2?yd>b#eG7WK8#kTX}C^Bv4^OyPGd#{a@RpIHX
zHux&vY_&$?t9_MkuG&rm<bNGF>pVVhH(9<R<r{YDNRHZPgOB<A`*#{B<Q<Lum-*&b
z8bmi0hr5mbKZE%pccL)guOXIQ9gEZ!2h;(rIa~S^&^p%c)*2-G+Y}UsKF8Kqr(w%L
io@y*|TYsg;P@j+Q6aM!uXTz9<`&jYzKQ)+q5dZ)rtzj|%

diff --git a/pkg/webui/ui/build/static/media/orphan.svg b/pkg/webui/ui/build/static/media/orphan.svg
deleted file mode 100644
index 43e777661..000000000
--- a/pkg/webui/ui/build/static/media/orphan.svg
+++ /dev/null
@@ -1,6 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M3.13 16.7114C3.28 16.8614 3.47 16.9314 3.66 16.9314C3.85 16.9314 4.03999 16.8614 4.17999 16.7214C4.46999 16.4314 4.46999 15.9514 4.17999 15.6614C3.08999 14.5714 2.49001 13.1214 2.49001 11.5914C2.49001 8.41143 5.07001 5.82141 8.24001 5.82141L16.19 5.84143C16.5 5.84143 16.78 5.6514 16.89 5.3714C17 5.0914 17 4.5 16.19 4.3114H8.25C4.25 4.3114 1 7.57142 1 11.5814C1 13.5114 1.76 15.3314 3.13 16.7114Z" fill="#39403E"/>
-<path d="M7.30984 19.1613H9.18985L15.2598 19.1814C19.2598 19.1814 22.5098 15.9213 22.5098 11.9113C22.5098 9.98135 21.7498 8.1614 20.3798 6.7814C20.0898 6.4914 19.6099 6.4914 19.3199 6.7814C19.0299 7.0714 19.0299 7.5514 19.3199 7.8414C20.4099 8.9314 21.0098 10.3813 21.0098 11.9113C21.0098 15.0913 18.4298 17.6814 15.2598 17.6814L7.30984 17.6613C6.99984 17.6613 6.71984 17.8514 6.60984 18.1314C6.49984 18.4114 6.49994 18.9999 7.30984 19.1613Z" fill="#39403E"/>
-<path opacity="0.4" d="M8.5 15H14.5C16.43 15 18 13.6457 18 12C18 10.3543 16.43 9 14.5 9H8.5C6.57 9 5 10.3543 5 12C5 13.6457 6.57 15 8.5 15Z" fill="#39403E"/>
-<path d="M21 3L3 20" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/project.svg b/pkg/webui/ui/build/static/media/project.svg
deleted file mode 100644
index 4a0c505c9..000000000
--- a/pkg/webui/ui/build/static/media/project.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
-<path d="M19.9919 33H17.9927C13.9942 33 12.9946 32 12.9946 28V18C12.9946 14 13.9942 13 17.9927 13H19.4921C20.9915 13 21.3214 13.44 21.8911 14.2L23.3905 16.2C23.7704 16.7 23.9903 17 24.9899 17H27.9887C31.9871 17 32.9867 18 32.9867 22V24" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.4" d="M24.7501 29.32C22.401 29.49 22.401 32.89 24.7501 33.06H30.3079C30.9776 33.06 31.6374 32.81 32.1272 32.36C33.7765 30.92 32.8968 28.04 30.7277 27.77C29.948 23.08 23.1707 24.86 24.7701 29.33" stroke="#DFEBE9" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/prune.svg b/pkg/webui/ui/build/static/media/prune.svg
deleted file mode 100644
index 7c4784206..000000000
--- a/pkg/webui/ui/build/static/media/prune.svg
+++ /dev/null
@@ -1,8 +0,0 @@
-<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<circle cx="22.5" cy="22.5" r="22.5" fill="#39403E"/>
-<path d="M32 15.98C28.67 15.65 25.32 15.48 21.98 15.48C20 15.48 18.02 15.58 16.04 15.78L14 15.98" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.34" d="M19.5 14.97L19.72 13.66C19.88 12.71 20 12 21.69 12H24.31C26 12 26.13 12.75 26.28 13.67L26.5 14.97" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M29.8499 19.14L29.1999 29.21C29.0899 30.78 28.9999 32 26.2099 32H19.7899C16.9999 32 16.9099 30.78 16.7999 29.21L16.1499 19.14" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.34" d="M21.3301 26.5H24.6601" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.34" d="M20.5 22.5H25.5" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/relation-hline.svg b/pkg/webui/ui/build/static/media/relation-hline.svg
deleted file mode 100644
index 0835a6c9f..000000000
--- a/pkg/webui/ui/build/static/media/relation-hline.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="169" height="12" viewBox="0 0 169 12" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M6 6H163" stroke="#39403E" stroke-width="2"/>
-<circle cx="6" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
-<circle cx="163" cy="6" r="5" fill="#DFEBE9" stroke="#39403E" stroke-width="2"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/result.svg b/pkg/webui/ui/build/static/media/result.svg
deleted file mode 100644
index 013fab63e..000000000
--- a/pkg/webui/ui/build/static/media/result.svg
+++ /dev/null
@@ -1,8 +0,0 @@
-<svg width="30" height="30" viewBox="0 0 30 30" fill="none" xmlns="http://www.w3.org/2000/svg">
-<circle cx="15" cy="15" r="15" fill="#DFEBE9"/>
-<path d="M12.0825 14.8876C9.96746 15.0376 9.97496 18.1126 12.0825 18.2626H17.085C17.6925 18.2701 18.2775 18.0376 18.7275 17.6326C20.2125 16.3351 19.4175 13.7326 17.4675 13.4851C16.77 9.25507 10.6575 10.8601 12.105 14.8876" stroke="#39403E" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/>
-<g opacity="0.4">
-<path d="M7.5 17.25C7.5 20.1525 9.8475 22.5 12.75 22.5L11.9625 21.1875" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path d="M22.5 12.75C22.5 9.8475 20.1525 7.5 17.25 7.5L18.0375 8.8125" stroke="#39403E" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</g>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/search.svg b/pkg/webui/ui/build/static/media/search.svg
deleted file mode 100644
index 1a9508cbd..000000000
--- a/pkg/webui/ui/build/static/media/search.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="27" height="27" viewBox="0 0 27 27" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M12.9375 23.625C18.84 23.625 23.625 18.84 23.625 12.9375C23.625 7.03496 18.84 2.25 12.9375 2.25C7.03496 2.25 2.25 7.03496 2.25 12.9375C2.25 18.84 7.03496 23.625 12.9375 23.625Z" fill="#39403E"/>
-<path d="M23.9624 24.75C23.7599 24.75 23.5574 24.6713 23.4111 24.525L21.3186 22.4325C21.0149 22.1288 21.0149 21.6338 21.3186 21.3188C21.6224 21.015 22.1174 21.015 22.4324 21.3188L24.5249 23.4113C24.8286 23.715 24.8286 24.21 24.5249 24.525C24.3674 24.6713 24.1649 24.75 23.9624 24.75Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/star.svg b/pkg/webui/ui/build/static/media/star.svg
deleted file mode 100644
index 0fda929ba..000000000
--- a/pkg/webui/ui/build/static/media/star.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M5.02268 14C5.11893 13.5712 4.94393 12.9587 4.63768 12.6525L2.51143 10.5262C1.84643 9.86125 1.58393 9.1525 1.77643 8.54C1.97768 7.9275 2.59893 7.5075 3.52643 7.35L6.25643 6.895C6.65018 6.825 7.13143 6.475 7.31518 6.11625L8.82018 3.0975C9.25768 2.23125 9.85268 1.75 10.5002 1.75C11.1477 1.75 11.7427 2.23125 12.1802 3.0975L13.6852 6.11625C13.7989 6.34375 14.0352 6.5625 14.2889 6.71125L4.86518 16.135C4.74268 16.2575 4.53268 16.1437 4.56768 15.9687L5.02268 14Z" fill="#222222"/>
-<path d="M16.3627 12.6524C16.0477 12.9674 15.8727 13.5712 15.9777 13.9999L16.5814 16.6337C16.8352 17.7274 16.6777 18.5499 16.1352 18.9437C15.9164 19.1012 15.6539 19.1799 15.3477 19.1799C14.9014 19.1799 14.3764 19.0137 13.7989 18.6724L11.2352 17.1499C10.8327 16.9137 10.1677 16.9137 9.76519 17.1499L7.20144 18.6724C6.23019 19.2412 5.39895 19.3374 4.8652 18.9437C4.66395 18.7949 4.5152 18.5937 4.41895 18.3312L15.0589 7.69116C15.4614 7.28866 16.0302 7.10491 16.5814 7.20116L17.4652 7.34991C18.3927 7.50741 19.0139 7.92741 19.2152 8.53991C19.4077 9.15241 19.1452 9.86116 18.4802 10.5262L16.3627 12.6524Z" fill="#222222"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/target.svg b/pkg/webui/ui/build/static/media/target.svg
deleted file mode 100644
index eb93030dc..000000000
--- a/pkg/webui/ui/build/static/media/target.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="45" height="45" viewBox="0 0 45 45" fill="none" xmlns="http://www.w3.org/2000/svg">
-<ellipse cx="22.4911" cy="22.5" rx="22.4911" ry="22.5" fill="#39403E"/>
-<path d="M32.9867 23V20C32.9867 15 30.9875 13 25.9895 13H19.9919C14.9938 13 12.9946 15 12.9946 20V26C12.9946 31 14.9938 33 19.9919 33H22.9907" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-<path opacity="0.4" d="M31.9473 28.84L30.3179 29.39C29.8681 29.54 29.5082 29.89 29.3583 30.35L28.8085 31.98C28.3387 33.39 26.3595 33.36 25.9196 31.95L24.0704 26C23.7105 24.82 24.8001 23.72 25.9696 24.09L31.9273 25.94C33.3267 26.38 33.3467 28.37 31.9473 28.84Z" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/targets.svg b/pkg/webui/ui/build/static/media/targets.svg
deleted file mode 100644
index e6a6ad8c9..000000000
--- a/pkg/webui/ui/build/static/media/targets.svg
+++ /dev/null
@@ -1,6 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48" fill="none">
-<circle cx="24" cy="24" r="24" fill="#222222"/>
-<path d="M14.9336 19.2H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
-<path opacity="0.34" d="M14.9336 24.5334H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
-<path d="M14.9336 29.8667H34.1336" stroke="#DFEBE9" stroke-width="1.5" stroke-linecap="round"/>
-</svg>
\ No newline at end of file
diff --git a/pkg/webui/ui/build/static/media/trash.svg b/pkg/webui/ui/build/static/media/trash.svg
deleted file mode 100644
index 426eec953..000000000
--- a/pkg/webui/ui/build/static/media/trash.svg
+++ /dev/null
@@ -1,6 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M21.0702 5.23C19.4602 5.07 17.8502 4.95 16.2302 4.86V4.85L16.0102 3.55C15.8602 2.63 15.6402 1.25 13.3002 1.25H10.6802C8.35016 1.25 8.13016 2.57 7.97016 3.54L7.76016 4.82C6.83016 4.88 5.90016 4.94 4.97016 5.03L2.93016 5.23C2.51016 5.27 2.21016 5.64 2.25016 6.05C2.29016 6.46 2.65016 6.76 3.07016 6.72L5.11016 6.52C10.3502 6 15.6302 6.2 20.9302 6.73C20.9602 6.73 20.9802 6.73 21.0102 6.73C21.3902 6.73 21.7202 6.44 21.7602 6.05C21.7902 5.64 21.4902 5.27 21.0702 5.23Z" fill="#39403E"/>
-<path opacity="0.3991" d="M19.2302 8.14C18.9902 7.89 18.6602 7.75 18.3202 7.75H5.68024C5.34024 7.75 5.00024 7.89 4.77024 8.14C4.54024 8.39 4.41024 8.73 4.43024 9.08L5.05024 19.34C5.16024 20.86 5.30024 22.76 8.79024 22.76H15.2102C18.7002 22.76 18.8402 20.87 18.9502 19.34L19.5702 9.09C19.5902 8.73 19.4602 8.39 19.2302 8.14Z" fill="#39403E"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M9.58008 17C9.58008 16.5858 9.91586 16.25 10.3301 16.25H13.6601C14.0743 16.25 14.4101 16.5858 14.4101 17C14.4101 17.4142 14.0743 17.75 13.6601 17.75H10.3301C9.91586 17.75 9.58008 17.4142 9.58008 17Z" fill="#39403E"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M8.75 13C8.75 12.5858 9.08579 12.25 9.5 12.25H14.5C14.9142 12.25 15.25 12.5858 15.25 13C15.25 13.4142 14.9142 13.75 14.5 13.75H9.5C9.08579 13.75 8.75 13.4142 8.75 13Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/tree-view.svg b/pkg/webui/ui/build/static/media/tree-view.svg
deleted file mode 100644
index 225712f63..000000000
--- a/pkg/webui/ui/build/static/media/tree-view.svg
+++ /dev/null
@@ -1,7 +0,0 @@
-<svg width="26" height="26" viewBox="0 0 26 26" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M7.58317 8.66666H4.33317C3.1415 8.66666 2.1665 7.69166 2.1665 6.5V4.33333C2.1665 3.14166 3.1415 2.16666 4.33317 2.16666H7.58317C8.77484 2.16666 9.74984 3.14166 9.74984 4.33333V6.5C9.74984 7.69166 8.77484 8.66666 7.58317 8.66666Z" fill="#59A588"/>
-<path d="M22.5335 7.58333H18.6335C17.9185 7.58333 17.3335 6.99832 17.3335 6.28332V4.55001C17.3335 3.83501 17.9185 3.25 18.6335 3.25H22.5335C23.2485 3.25 23.8335 3.83501 23.8335 4.55001V6.28332C23.8335 6.99832 23.2485 7.58333 22.5335 7.58333Z" fill="#59A588"/>
-<path d="M22.5335 15.7083H18.6335C17.9185 15.7083 17.3335 15.1233 17.3335 14.4083V12.675C17.3335 11.96 17.9185 11.375 18.6335 11.375H22.5335C23.2485 11.375 23.8335 11.96 23.8335 12.675V14.4083C23.8335 15.1233 23.2485 15.7083 22.5335 15.7083Z" fill="#59A588"/>
-<path opacity="0.37" d="M17.3333 14.3542C17.7775 14.3542 18.1458 13.9858 18.1458 13.5417C18.1458 13.0975 17.7775 12.7292 17.3333 12.7292H14.3542V6.22916H17.3333C17.7775 6.22916 18.1458 5.86083 18.1458 5.41666C18.1458 4.9725 17.7775 4.60416 17.3333 4.60416H9.75C9.30583 4.60416 8.9375 4.9725 8.9375 5.41666C8.9375 5.86083 9.30583 6.22916 9.75 6.22916H12.7292V19.5C12.7292 21.1467 14.0617 22.4792 15.7083 22.4792H17.3333C17.7775 22.4792 18.1458 22.1108 18.1458 21.6667C18.1458 21.2225 17.7775 20.8542 17.3333 20.8542H15.7083C14.9608 20.8542 14.3542 20.2475 14.3542 19.5V14.3542H17.3333Z" fill="#59A588"/>
-<path d="M22.5335 23.8333H18.6335C17.9185 23.8333 17.3335 23.2483 17.3335 22.5333V20.8C17.3335 20.085 17.9185 19.5 18.6335 19.5H22.5335C23.2485 19.5 23.8335 20.085 23.8335 20.8V22.5333C23.8335 23.2483 23.2485 23.8333 22.5335 23.8333Z" fill="#59A588"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-down.svg b/pkg/webui/ui/build/static/media/triangle-down.svg
deleted file mode 100644
index d9c2677ca..000000000
--- a/pkg/webui/ui/build/static/media/triangle-down.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
-<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-left-light.svg b/pkg/webui/ui/build/static/media/triangle-left-light.svg
deleted file mode 100644
index 6731d308d..000000000
--- a/pkg/webui/ui/build/static/media/triangle-left-light.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M22.4377 32.25L32.9585 24.3542V12.6667C32.9585 10.6667 30.5418 9.66667 29.1252 11.0833L18.3335 21.875C16.6043 23.6042 16.6043 26.4167 18.3335 28.1458L22.4377 32.25Z" fill="#DFEBE9"/>
-<path d="M32.4585 25.3546V37.3333C32.4585 38.8863 30.5801 39.6671 29.4773 38.5826C29.4769 38.5822 29.4765 38.5817 29.4761 38.5813L23.1987 32.304L32.4585 25.3546Z" fill="#DFEBE9" stroke="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-right-light.svg b/pkg/webui/ui/build/static/media/triangle-right-light.svg
deleted file mode 100644
index 500b3f1e8..000000000
--- a/pkg/webui/ui/build/static/media/triangle-right-light.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="50" height="50" viewBox="0 0 50 50" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M27.5623 17.75L17.0415 25.6458V37.3333C17.0415 39.3333 19.4582 40.3333 20.8748 38.9167L31.6665 28.125C33.3957 26.3958 33.3957 23.5833 31.6665 21.8542L27.5623 17.75Z" fill="#DFEBE9"/>
-<path d="M17.0415 12.6667V25.6458L27.5623 17.75L20.8748 11.0625C19.4582 9.66667 17.0415 10.6667 17.0415 12.6667Z" fill="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/triangle-right.svg b/pkg/webui/ui/build/static/media/triangle-right.svg
deleted file mode 100644
index ad10f4ccc..000000000
--- a/pkg/webui/ui/build/static/media/triangle-right.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="50" height="50" viewBox="0 0 50 50" fill="none"  transform="rotate(-90)"  xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M32.25 27.5626L24.3542 17.0417H12.6667C10.6667 17.0417 9.66667 19.4584 11.0833 20.8751L21.875 31.6667C23.6042 33.3959 26.4167 33.3959 28.1458 31.6667L32.25 27.5626Z" fill="#39403E"/>
-<path d="M37.3335 17.0417H24.3543L32.2502 27.5626L38.9377 20.8751C40.3335 19.4584 39.3335 17.0417 37.3335 17.0417Z" fill="#39403E"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/warning-sign.svg b/pkg/webui/ui/build/static/media/warning-sign.svg
deleted file mode 100644
index e38fa71b2..000000000
--- a/pkg/webui/ui/build/static/media/warning-sign.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M19.0402 13.93L13.4402 3.85C12.6877 2.49375 11.6464 1.75 10.5002 1.75C9.35391 1.75 8.31266 2.49375 7.56016 3.85L1.96016 13.93C1.25141 15.2162 1.17266 16.45 1.74141 17.4212C2.31016 18.3925 3.43016 18.9262 4.90016 18.9262H16.1002C17.5702 18.9262 18.6902 18.3925 19.2589 17.4212C19.8277 16.45 19.7489 15.2075 19.0402 13.93Z" fill="#222222"/>
-<path d="M10.5 12.9062C10.1413 12.9062 9.84375 12.6087 9.84375 12.25V7.875C9.84375 7.51625 10.1413 7.21875 10.5 7.21875C10.8587 7.21875 11.1562 7.51625 11.1562 7.875V12.25C11.1562 12.6087 10.8587 12.9062 10.5 12.9062Z" fill="#222222"/>
-<path d="M10.5 15.75C10.4475 15.75 10.3863 15.7412 10.325 15.7325C10.2725 15.7237 10.22 15.7062 10.1675 15.68C10.115 15.6625 10.0625 15.6362 10.01 15.6012C9.96625 15.5662 9.9225 15.5312 9.87875 15.4962C9.72125 15.33 9.625 15.1025 9.625 14.875C9.625 14.6475 9.72125 14.42 9.87875 14.2537C9.9225 14.2187 9.96625 14.1837 10.01 14.1487C10.0625 14.1137 10.115 14.0875 10.1675 14.07C10.22 14.0437 10.2725 14.0262 10.325 14.0175C10.4388 13.9912 10.5612 13.9912 10.6662 14.0175C10.7275 14.0262 10.78 14.0437 10.8325 14.07C10.885 14.0875 10.9375 14.1137 10.99 14.1487C11.0338 14.1837 11.0775 14.2187 11.1213 14.2537C11.2788 14.42 11.375 14.6475 11.375 14.875C11.375 15.1025 11.2788 15.33 11.1213 15.4962C11.0775 15.5312 11.0338 15.5662 10.99 15.6012C10.9375 15.6362 10.885 15.6625 10.8325 15.68C10.78 15.7062 10.7275 15.7237 10.6662 15.7325C10.6137 15.7412 10.5525 15.75 10.5 15.75Z" fill="#222222"/>
-</svg>
diff --git a/pkg/webui/ui/build/static/media/warning.svg b/pkg/webui/ui/build/static/media/warning.svg
deleted file mode 100644
index 788515486..000000000
--- a/pkg/webui/ui/build/static/media/warning.svg
+++ /dev/null
@@ -1,5 +0,0 @@
-<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M21.0802 8.58003V15.42C21.0802 16.54 20.4802 17.58 19.5102 18.15L13.5702 21.58C12.6002 22.14 11.4002 22.14 10.4202 21.58L4.48016 18.15C3.51016 17.59 2.91016 16.55 2.91016 15.42V8.58003C2.91016 7.46003 3.51016 6.41999 4.48016 5.84999L10.4202 2.42C11.3902 1.86 12.5902 1.86 13.5702 2.42L19.5102 5.84999C20.4802 6.41999 21.0802 7.45003 21.0802 8.58003Z" fill="#ed6c02"/>
-<path d="M12 13.75C11.59 13.75 11.25 13.41 11.25 13V7.75C11.25 7.34 11.59 7 12 7C12.41 7 12.75 7.34 12.75 7.75V13C12.75 13.41 12.41 13.75 12 13.75Z" fill="#DFEBE9"/>
-<path d="M12 17.25C11.87 17.25 11.74 17.22 11.62 17.17C11.49 17.12 11.39 17.05 11.29 16.96C11.2 16.86 11.13 16.75 11.07 16.63C11.02 16.51 11 16.38 11 16.25C11 15.99 11.1 15.73 11.29 15.54C11.39 15.45 11.49 15.38 11.62 15.33C11.99 15.17 12.43 15.26 12.71 15.54C12.8 15.64 12.87 15.74 12.92 15.87C12.97 15.99 13 16.12 13 16.25C13 16.38 12.97 16.51 12.92 16.63C12.87 16.75 12.8 16.86 12.71 16.96C12.52 17.15 12.27 17.25 12 17.25Z" fill="#DFEBE9"/>
-</svg>
diff --git a/pkg/webui/ui/build/staticbuild.js b/pkg/webui/ui/build/staticbuild.js
deleted file mode 100644
index af1b72ec3..000000000
--- a/pkg/webui/ui/build/staticbuild.js
+++ /dev/null
@@ -1 +0,0 @@
-const staticResults = new Map()
diff --git a/pkg/webui/ui/fix-assets/main.go b/pkg/webui/ui/fix-assets/main.go
deleted file mode 100644
index 6941a3a26..000000000
--- a/pkg/webui/ui/fix-assets/main.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io/fs"
-	"k8s.io/apimachinery/pkg/util/rand"
-	"mime"
-	"os"
-	"path"
-	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
-)
-
-type assetManifest struct {
-	Files       map[string]string `json:"files"`
-	Entrypoints []string          `json:"entrypoints"`
-}
-
-func main() {
-	doError := func(err error) {
-		if err == nil {
-			return
-		}
-		os.Stderr.WriteString(err.Error() + "\n")
-		os.Exit(1)
-	}
-
-	err := os.Chdir("build")
-	doError(err)
-
-	s, err := os.ReadFile("asset-manifest.json")
-	doError(err)
-
-	var manifest assetManifest
-	err = json.Unmarshal(s, &manifest)
-	doError(err)
-
-	hashRegex := regexp.MustCompile(`([a-z-0-9-_]*)(\.[a-f0-9]*)(\.chunk)?\.(js|css)(\.map)?`)
-
-	var sortedByLen []string
-	for p1 := range manifest.Files {
-		sortedByLen = append(sortedByLen, p1)
-	}
-	sort.Slice(sortedByLen, func(i, j int) bool {
-		l1 := len(sortedByLen[i])
-		l2 := len(sortedByLen[j])
-		if l1 != l2 {
-			return l2 < l1
-		}
-		return sortedByLen[i] < sortedByLen[j]
-	})
-
-	newEntries := map[string]string{}
-	for _, p1 := range sortedByLen {
-		p2 := manifest.Files[p1]
-		oldName := path.Base(p2)
-		newName := path.Base(p1)
-		oldPath := path.Join(path.Dir(p2), oldName)
-		newPath := path.Join(path.Dir(p2), newName)
-
-		m := hashRegex.FindSubmatch([]byte(newName))
-		if m != nil {
-			s := strings.Split(newName, ".")
-			// get rid of hash
-			s = append(s[0:1], s[2:]...)
-			newName = strings.Join(s, ".")
-			newPath = path.Join(path.Dir(p2), newName)
-
-			delete(manifest.Files, p1)
-			newEntries[newName] = newPath
-		} else {
-			manifest.Files[p1] = newPath
-		}
-
-		contentHash := calcContentHash(oldPath)
-		err = replaceInFiles(".", oldName, newName+"?h="+contentHash)
-		doError(err)
-
-		err = os.Rename(oldPath, newPath)
-		doError(err)
-
-		for i, e := range manifest.Entrypoints {
-			if path.Base(e) == oldName {
-				manifest.Entrypoints[i] = path.Join(path.Dir(e), newName)
-			}
-		}
-	}
-	for k, v := range newEntries {
-		manifest.Files[k] = v
-	}
-
-	s, err = json.MarshalIndent(&manifest, "", "  ")
-	doError(err)
-	err = os.WriteFile("asset-manifest.json", s, 0o600)
-	doError(err)
-}
-
-func calcContentHash(p string) string {
-	b, err := os.ReadFile(p)
-	if err != nil {
-		panic(err)
-	}
-
-	if isText(p) {
-		// replace CR LF \r\n (windows) with LF \n (unix)
-		b = bytes.ReplaceAll(b, []byte{13, 10}, []byte{10})
-		// replace CF \r (mac) with LF \n (unix)
-		b = bytes.ReplaceAll(b, []byte{13}, []byte{10})
-	}
-
-	s := sha256.Sum256(b)
-	ret := hex.EncodeToString(s[:])
-
-	os.Stderr.WriteString(fmt.Sprintf("%s: %s\n", p, ret))
-
-	return ret
-}
-
-func isText(p string) bool {
-	mt := mime.TypeByExtension(path.Ext(p))
-	if strings.HasPrefix(mt, "text/") {
-		return true
-	}
-	if strings.Index(mt, "+xml") != -1 {
-		return true
-	}
-	return false
-}
-
-func replaceInFiles(dir string, s string, r string) error {
-	return filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
-		if d.IsDir() {
-			return nil
-		}
-		f, err := os.ReadFile(path)
-		if err != nil {
-			return err
-		}
-
-		dummy1 := rand.String(32)
-		dummy2 := rand.String(32)
-
-		f2 := string(f)
-
-		f2 = strings.ReplaceAll(f2, "f="+s, dummy1)
-		f2 = strings.ReplaceAll(f2, s+".map", dummy2)
-
-		f2 = strings.ReplaceAll(f2, s, r)
-
-		f2 = strings.ReplaceAll(f2, dummy1, "f="+s)
-		f2 = strings.ReplaceAll(f2, dummy2, s+".map")
-
-		if strings.Compare(string(f), f2) == 0 {
-			return nil
-		}
-
-		err = os.WriteFile(path, []byte(f2), 0o600)
-		if err != nil {
-			return err
-		}
-		return nil
-	})
-}
diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index fa6d08424..a5dcb8f8b 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -41,8 +41,7 @@
       "devDependencies": {
         "@types/js-yaml": "^4.0.5",
         "@types/lodash": "^4.14.195",
-        "@types/react-syntax-highlighter": "^15.5.7",
-        "rewire": "^6.0.0"
+        "@types/react-syntax-highlighter": "^15.5.7"
       }
     },
     "node_modules/@adobe/css-tools": {
@@ -4833,15 +4832,6 @@
         "ajv": "^6.9.1"
       }
     },
-    "node_modules/ansi-colors": {
-      "version": "4.1.3",
-      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz",
-      "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==",
-      "dev": true,
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "node_modules/ansi-escapes": {
       "version": "4.3.2",
       "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
@@ -5041,15 +5031,6 @@
       "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.7.tgz",
       "integrity": "sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag=="
     },
-    "node_modules/astral-regex": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
-      "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "node_modules/async": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz",
@@ -6958,18 +6939,6 @@
         "node": ">=10.13.0"
       }
     },
-    "node_modules/enquirer": {
-      "version": "2.3.6",
-      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
-      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
-      "dev": true,
-      "dependencies": {
-        "ansi-colors": "^4.1.1"
-      },
-      "engines": {
-        "node": ">=8.6"
-      }
-    },
     "node_modules/entities": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz",
@@ -7568,30 +7537,6 @@
         "url": "https://opencollective.com/eslint"
       }
     },
-    "node_modules/eslint-utils": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz",
-      "integrity": "sha512-w94dQYoauyvlDc43XnGB8lU3Zt713vNChgt4EWwhXAP2XkBvndfxF0AgIqKOOasjPIPzj9JqgwkwbCYD0/V3Zg==",
-      "dev": true,
-      "dependencies": {
-        "eslint-visitor-keys": "^1.1.0"
-      },
-      "engines": {
-        "node": ">=6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/mysticatea"
-      }
-    },
-    "node_modules/eslint-utils/node_modules/eslint-visitor-keys": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
-      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/eslint-visitor-keys": {
       "version": "3.4.1",
       "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.1.tgz",
@@ -8387,12 +8332,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/functional-red-black-tree": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
-      "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==",
-      "dev": true
-    },
     "node_modules/functions-have-names": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz",
@@ -10826,12 +10765,6 @@
       "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
       "integrity": "sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA=="
     },
-    "node_modules/lodash.truncate": {
-      "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz",
-      "integrity": "sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw==",
-      "dev": true
-    },
     "node_modules/lodash.uniq": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
@@ -13093,15 +13026,6 @@
       "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
     },
-    "node_modules/progress": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
-      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/promise": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/promise/-/promise-8.3.0.tgz",
@@ -13644,18 +13568,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/regexpp": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz",
-      "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==",
-      "dev": true,
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/mysticatea"
-      }
-    },
     "node_modules/regexpu-core": {
       "version": "5.3.2",
       "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz",
@@ -13861,251 +13773,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/rewire": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/rewire/-/rewire-6.0.0.tgz",
-      "integrity": "sha512-7sZdz5dptqBCapJYocw9EcppLU62KMEqDLIILJnNET2iqzXHaQfaVP5SOJ06XvjX+dNIDJbzjw0ZWzrgDhtjYg==",
-      "dev": true,
-      "dependencies": {
-        "eslint": "^7.32.0"
-      }
-    },
-    "node_modules/rewire/node_modules/@babel/code-frame": {
-      "version": "7.12.11",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz",
-      "integrity": "sha512-Zt1yodBx1UcyiePMSkWnU4hPqhwq7hGi2nFL1LeA3EUl+q2LQx16MISgJ0+z7dnmgvP9QtIleuETGOiOH1RcIw==",
-      "dev": true,
-      "dependencies": {
-        "@babel/highlight": "^7.10.4"
-      }
-    },
-    "node_modules/rewire/node_modules/@eslint/eslintrc": {
-      "version": "0.4.3",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
-      "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
-      "dev": true,
-      "dependencies": {
-        "ajv": "^6.12.4",
-        "debug": "^4.1.1",
-        "espree": "^7.3.0",
-        "globals": "^13.9.0",
-        "ignore": "^4.0.6",
-        "import-fresh": "^3.2.1",
-        "js-yaml": "^3.13.1",
-        "minimatch": "^3.0.4",
-        "strip-json-comments": "^3.1.1"
-      },
-      "engines": {
-        "node": "^10.12.0 || >=12.0.0"
-      }
-    },
-    "node_modules/rewire/node_modules/@humanwhocodes/config-array": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz",
-      "integrity": "sha512-FagtKFz74XrTl7y6HCzQpwDfXP0yhxe9lHLD1UZxjvZIcbyRz8zTFF/yYNfSfzU414eDwZ1SrO0Qvtyf+wFMQg==",
-      "dev": true,
-      "dependencies": {
-        "@humanwhocodes/object-schema": "^1.2.0",
-        "debug": "^4.1.1",
-        "minimatch": "^3.0.4"
-      },
-      "engines": {
-        "node": ">=10.10.0"
-      }
-    },
-    "node_modules/rewire/node_modules/acorn": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
-      "dev": true,
-      "bin": {
-        "acorn": "bin/acorn"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
-    "node_modules/rewire/node_modules/argparse": {
-      "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
-      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
-      "dev": true,
-      "dependencies": {
-        "sprintf-js": "~1.0.2"
-      }
-    },
-    "node_modules/rewire/node_modules/eslint": {
-      "version": "7.32.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz",
-      "integrity": "sha512-VHZ8gX+EDfz+97jGcgyGCyRia/dPOd6Xh9yPv8Bl1+SoaIwD+a/vlrOmGRUyOYu7MwUhc7CxqeaDZU13S4+EpA==",
-      "dev": true,
-      "dependencies": {
-        "@babel/code-frame": "7.12.11",
-        "@eslint/eslintrc": "^0.4.3",
-        "@humanwhocodes/config-array": "^0.5.0",
-        "ajv": "^6.10.0",
-        "chalk": "^4.0.0",
-        "cross-spawn": "^7.0.2",
-        "debug": "^4.0.1",
-        "doctrine": "^3.0.0",
-        "enquirer": "^2.3.5",
-        "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^5.1.1",
-        "eslint-utils": "^2.1.0",
-        "eslint-visitor-keys": "^2.0.0",
-        "espree": "^7.3.1",
-        "esquery": "^1.4.0",
-        "esutils": "^2.0.2",
-        "fast-deep-equal": "^3.1.3",
-        "file-entry-cache": "^6.0.1",
-        "functional-red-black-tree": "^1.0.1",
-        "glob-parent": "^5.1.2",
-        "globals": "^13.6.0",
-        "ignore": "^4.0.6",
-        "import-fresh": "^3.0.0",
-        "imurmurhash": "^0.1.4",
-        "is-glob": "^4.0.0",
-        "js-yaml": "^3.13.1",
-        "json-stable-stringify-without-jsonify": "^1.0.1",
-        "levn": "^0.4.1",
-        "lodash.merge": "^4.6.2",
-        "minimatch": "^3.0.4",
-        "natural-compare": "^1.4.0",
-        "optionator": "^0.9.1",
-        "progress": "^2.0.0",
-        "regexpp": "^3.1.0",
-        "semver": "^7.2.1",
-        "strip-ansi": "^6.0.0",
-        "strip-json-comments": "^3.1.0",
-        "table": "^6.0.9",
-        "text-table": "^0.2.0",
-        "v8-compile-cache": "^2.0.3"
-      },
-      "bin": {
-        "eslint": "bin/eslint.js"
-      },
-      "engines": {
-        "node": "^10.12.0 || >=12.0.0"
-      },
-      "funding": {
-        "url": "https://opencollective.com/eslint"
-      }
-    },
-    "node_modules/rewire/node_modules/eslint-scope": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
-      "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
-      "dev": true,
-      "dependencies": {
-        "esrecurse": "^4.3.0",
-        "estraverse": "^4.1.1"
-      },
-      "engines": {
-        "node": ">=8.0.0"
-      }
-    },
-    "node_modules/rewire/node_modules/eslint-visitor-keys": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz",
-      "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/rewire/node_modules/espree": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz",
-      "integrity": "sha512-v3JCNCE64umkFpmkFGqzVKsOT0tN1Zr+ueqLZfpV1Ob8e+CEgPWa+OxCoGH3tnhimMKIaBm4m/vaRpJ/krRz2g==",
-      "dev": true,
-      "dependencies": {
-        "acorn": "^7.4.0",
-        "acorn-jsx": "^5.3.1",
-        "eslint-visitor-keys": "^1.3.0"
-      },
-      "engines": {
-        "node": "^10.12.0 || >=12.0.0"
-      }
-    },
-    "node_modules/rewire/node_modules/espree/node_modules/eslint-visitor-keys": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
-      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/rewire/node_modules/estraverse": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
-      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
-      "dev": true,
-      "engines": {
-        "node": ">=4.0"
-      }
-    },
-    "node_modules/rewire/node_modules/glob-parent": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
-      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
-      "dev": true,
-      "dependencies": {
-        "is-glob": "^4.0.1"
-      },
-      "engines": {
-        "node": ">= 6"
-      }
-    },
-    "node_modules/rewire/node_modules/globals": {
-      "version": "13.20.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
-      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
-      "dev": true,
-      "dependencies": {
-        "type-fest": "^0.20.2"
-      },
-      "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/rewire/node_modules/ignore": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
-      "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
-      "dev": true,
-      "engines": {
-        "node": ">= 4"
-      }
-    },
-    "node_modules/rewire/node_modules/js-yaml": {
-      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
-      "dev": true,
-      "dependencies": {
-        "argparse": "^1.0.7",
-        "esprima": "^4.0.0"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
-      }
-    },
-    "node_modules/rewire/node_modules/type-fest": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
-      "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/rimraf": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
@@ -14571,23 +14238,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/slice-ansi": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz",
-      "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "astral-regex": "^2.0.0",
-        "is-fullwidth-code-point": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
-      }
-    },
     "node_modules/sockjs": {
       "version": "0.3.24",
       "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz",
@@ -15225,44 +14875,6 @@
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
       "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw=="
     },
-    "node_modules/table": {
-      "version": "6.8.1",
-      "resolved": "https://registry.npmjs.org/table/-/table-6.8.1.tgz",
-      "integrity": "sha512-Y4X9zqrCftUhMeH2EptSSERdVKt/nEdijTOacGD/97EKjhQ/Qs8RTlEGABSJNNN8lac9kheH+af7yAkEWlgneA==",
-      "dev": true,
-      "dependencies": {
-        "ajv": "^8.0.1",
-        "lodash.truncate": "^4.4.2",
-        "slice-ansi": "^4.0.0",
-        "string-width": "^4.2.3",
-        "strip-ansi": "^6.0.1"
-      },
-      "engines": {
-        "node": ">=10.0.0"
-      }
-    },
-    "node_modules/table/node_modules/ajv": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
-      "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
-      "dev": true,
-      "dependencies": {
-        "fast-deep-equal": "^3.1.1",
-        "json-schema-traverse": "^1.0.0",
-        "require-from-string": "^2.0.2",
-        "uri-js": "^4.2.2"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/epoberezkin"
-      }
-    },
-    "node_modules/table/node_modules/json-schema-traverse": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
-      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==",
-      "dev": true
-    },
     "node_modules/tailwindcss": {
       "version": "3.3.2",
       "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.2.tgz",
@@ -15842,12 +15454,6 @@
         "uuid": "dist/bin/uuid"
       }
     },
-    "node_modules/v8-compile-cache": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz",
-      "integrity": "sha512-l8lCEmLcLYZh4nbunNZvQCJc5pv7+RCwa8q/LdUx8u7lsWvPDKmpodJAJNwkAhJC//dFY48KuIEmjtd4RViDrA==",
-      "dev": true
-    },
     "node_modules/v8-to-istanbul": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-8.1.1.tgz",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 13688b0f8..c18278195 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -37,10 +37,9 @@
   },
   "scripts": {
     "start": "react-scripts start",
-    "build": "node build && npm run fix-assets",
+    "build": "react-scripts build && touch ./build/.gitkeep",
     "test": "react-scripts test",
-    "eject": "react-scripts eject",
-    "fix-assets": "go run ./fix-assets"
+    "eject": "react-scripts eject"
   },
   "eslintConfig": {
     "extends": [
@@ -63,7 +62,6 @@
   "devDependencies": {
     "@types/js-yaml": "^4.0.5",
     "@types/lodash": "^4.14.195",
-    "@types/react-syntax-highlighter": "^15.5.7",
-    "rewire": "^6.0.0"
+    "@types/react-syntax-highlighter": "^15.5.7"
   }
 }

From c0df44935f2caf1f7bd35e302974c18d2e8ad689 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 09:13:39 +0200
Subject: [PATCH 1216/2268] ci: Check that the npm build is working

---
 .github/workflows/tests.yml | 14 ++++++++++++++
 Makefile                    |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c2674e099..846e92a26 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -73,6 +73,20 @@ jobs:
             exit 1
           fi
 
+  check-npm-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: pkg/webui/ui/package-lock.json
+      - name: Verify webui build works
+        run: |
+          make build-webui
+
   tests:
     strategy:
       matrix:
diff --git a/Makefile b/Makefile
index 4023149a4..b1c5225e7 100644
--- a/Makefile
+++ b/Makefile
@@ -116,6 +116,9 @@ build: manifests generate fmt vet ## Build manager binary.
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./cmd/main.go
 
+.PHONY: build-webui
+build-webui:
+	cd pkg/webui/ui && npm ci && npm run build
 
 ##@ Deployment
 

From 5ebc57d2487344fee266cc845775d12514c58544 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 11:55:11 +0200
Subject: [PATCH 1217/2268] ci: Fix goreleaser.yaml

---
 .goreleaser.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3f829010a..eea1aca04 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,6 +1,6 @@
 before:
   hooks:
-    - go mod tidy
+    - make build-webui
 builds:
   - <<: &build_defaults
       binary: bin/kluctl
@@ -87,6 +87,7 @@ dockers:
     build_flag_templates:
       - "--pull"
       - "--build-arg=ARCH=linux-amd64"
+      - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -101,6 +102,7 @@ dockers:
     build_flag_templates:
       - "--pull"
       - "--build-arg=ARCH=linux-arm64"
+      - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"

From 9d8299b4a88822b39cb41a4b4ad6b1d89b89ba3c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 11:55:28 +0200
Subject: [PATCH 1218/2268] fix: Fail webui command if webui was not embedded

---
 cmd/kluctl/commands/cmd_webui.go | 4 ++++
 pkg/webui/embed.go               | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 1c7ee15f4..823585120 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -27,6 +27,10 @@ func (cmd *webuiCmd) Help() string {
 }
 
 func (cmd *webuiCmd) Run(ctx context.Context) error {
+	if !webui.IsWebUiBuildIncluded() {
+		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
+	}
+
 	var inClusterClient client.Client
 	if cmd.InCluster {
 		configOverrides := &clientcmd.ConfigOverrides{
diff --git a/pkg/webui/embed.go b/pkg/webui/embed.go
index be8818c85..699371c39 100644
--- a/pkg/webui/embed.go
+++ b/pkg/webui/embed.go
@@ -6,7 +6,7 @@ import (
 	"io/fs"
 )
 
-//go:embed ui/build
+//go:embed all:ui/build
 var uiBuildFS embed.FS
 var uiFS fs.FS
 
@@ -17,3 +17,8 @@ func init() {
 		log.Fatal("failed to get ui fs", err)
 	}
 }
+
+func IsWebUiBuildIncluded() bool {
+	_, err := fs.Stat(uiFS, "index.html")
+	return err == nil
+}

From a5c82e8a471402c5d4ebff8da927b5f75ee98030 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 13:50:46 +0200
Subject: [PATCH 1219/2268] ci: Fix nightly and preview workflows

---
 .github/workflows/nightly.yml     |  5 +++++
 .github/workflows/preview-run.yml | 10 +++++++---
 Makefile                          |  7 +++++--
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 24933597b..12db3ec58 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -25,6 +25,11 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: 1.19
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: pkg/webui/ui/package-lock.json
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 627328776..3cbb122b7 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -19,10 +19,13 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: 1.19
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: pkg/webui/ui/package-lock.json
       - name: Checkout
         uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
       - uses: actions/cache@v3
         with:
           path: |
@@ -103,7 +106,8 @@ jobs:
         uses: docker/setup-buildx-action@v2
       - name: Build binary
         run: |
-          go build -o bin/kluctl cmd/main.go
+          make build-webui
+          make build-bin
       - name: Build and push Docker image
         uses: docker/build-push-action@v4
         with:
diff --git a/Makefile b/Makefile
index b1c5225e7..699f4dc83 100644
--- a/Makefile
+++ b/Makefile
@@ -109,13 +109,16 @@ markdown-link-check: ## Check markdown files for dead links
 ##@ Build
 
 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
-	go build -o bin/kluctl$(EXE) cmd/main.go
+build: manifests generate fmt vet build-webui build-bin ## Build manager binary.
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./cmd/main.go
 
+.PHONY: build-bin
+build-bin:
+	go build -o bin/kluctl$(EXE) cmd/main.go
+
 .PHONY: build-webui
 build-webui:
 	cd pkg/webui/ui && npm ci && npm run build

From b5c4d763b159cc55aa7a72e2ea47991445b66659 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 21:42:04 +0200
Subject: [PATCH 1220/2268] fix: Add some tracing when the worktree or index is
 unclean (#601)

---
 cmd/kluctl/commands/cmd_helm_update.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 34b75ccf8..efc55896e 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -61,9 +61,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 		for pth, s := range gitStatus {
 			if strings.HasPrefix(pth, ".helm-charts/") {
+				status.Trace(ctx, "gitStatus=%s", gitStatus.String())
 				return fmt.Errorf("--commit can only be used when .helm-chart directory is clean")
 			}
 			if (s.Staging != git.Untracked && s.Staging != git.Unmodified) || (s.Worktree != git.Untracked && s.Worktree != git.Unmodified) {
+				status.Trace(ctx, "gitStatus=%s", gitStatus.String())
 				return fmt.Errorf("--commit can only be used when the git worktree is unmodified")
 			}
 		}

From 77067c91980a09b3a687c7e808699cffc255929c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 14:10:11 +0200
Subject: [PATCH 1221/2268] ci: Checkout before setting up node

---
 .github/workflows/preview-run.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 3cbb122b7..99f65fd2a 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -15,6 +15,8 @@ jobs:
     if: ${{ github.event.label.name == 'preview' || contains(github.event.pull_request.labels.*.name, 'preview') }}
     runs-on: ubuntu-latest
     steps:
+      - name: Checkout
+        uses: actions/checkout@v3
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
@@ -24,8 +26,6 @@ jobs:
           node-version: 20
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
-      - name: Checkout
-        uses: actions/checkout@v3
       - uses: actions/cache@v3
         with:
           path: |

From fe87a73db3d33c0a7988a6b8da159deb0d25efa0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 21 Jun 2023 14:31:30 +0200
Subject: [PATCH 1222/2268] fix: Use custom poor-mans pubsub implementation and
 fix circuit relaying

---
 .github/workflows/preview-comment.yml |  12 +-
 .github/workflows/preview-run.yml     |  21 +-
 hack/ipfs-exchange-info/go.mod        |  81 ++++-
 hack/ipfs-exchange-info/go.sum        | 414 ++++++++++++++++++++++---
 hack/ipfs-exchange-info/main.go       | 422 +++++++++++++-------------
 5 files changed, 670 insertions(+), 280 deletions(-)

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
index 3128a5f24..638eeb522 100644
--- a/.github/workflows/preview-comment.yml
+++ b/.github/workflows/preview-comment.yml
@@ -11,7 +11,9 @@ permissions:
   issues: write
   pull-requests: write
 
-concurrency: preview-comment
+concurrency:
+  group: preview-comment
+  cancel-in-progress: true
 
 jobs:
   preview-comment:
@@ -66,17 +68,11 @@ jobs:
       - name: Build ipfs-exchange-info
         run: |
           (cd ./hack/ipfs-exchange-info && go build ./)
-      - name: Publish own ID
-        run: |
-          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode publish-ipns --ipns-key kluctl-preview-comment -pr-number ${{ github.event.pull_request.number }}
       - name: Receive info
         id: info
         run: |
           echo "${{ secrets.KLUCTL_PREVIEW_AGE_KEY }}" > age.key
-          while ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode receive-info \
-            --age-key-file age.key --repo-name "${{ github.repository }}" -pr-number ${{ github.event.pull_request.number }} > info.json; do
-            sleep 1
-          done
+          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode subscribe -topic kluctl-preview-${{ github.event.pull_request.number }} -pr-number ${{ github.event.pull_request.number }} -repo-name "${{ github.repository }}" -age-key-file age.key -out-file info.json
 
           cat info.json | jq ".ipfsId" -r > ipfs_id
           cat info.json | jq ".staticIpnsName" -r > static_ipns_name
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 99f65fd2a..18f6534b6 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -60,6 +60,7 @@ jobs:
           done
           # kick of ipns resolving in the background to warm it up
           ipfs name resolve k51qzi5uqu5diql7mejg4dfn35igqqf22202vgv3sepjrsobtya2xihqqtshbe &
+      # SETUP SSH
       - name: Setup ssh
         run: |
           mkdir -p ~/.ssh
@@ -143,20 +144,12 @@ jobs:
       - name: send info
         run: |
           static_ipns_name=$(ipfs key gen static-webui)
-          while true; do
-            if ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode resolve-ipns -pr-number ${{ github.event.pull_request.number }} -ipns-name k51qzi5uqu5diql7mejg4dfn35igqqf22202vgv3sepjrsobtya2xihqqtshbe > ipfs_id; then
-              echo "Resolving IPNS failed...retrying..."
-              sleep 1
-              continue
-            fi
-            echo "ipfs_id=$(cat ipfs_id)"
-            if ! ./hack/ipfs-exchange-info/ipfs-exchange-info -mode send-info -pr-number ${{ github.event.pull_request.number }} -age-pub-key age1dhueesr5qj8e8uy298k7z8x3ntv620rde89phumg0kvjx2t32elsm759z7 --ipfs-id $(cat ipfs_id) --static-ipns-name $static_ipns_name; then
-              echo "Resolving info failed...retrying..."
-              sleep 1
-              continue
-            fi
-            break
-          done
+          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode publish \
+            -topic kluctl-preview-${{ github.event.pull_request.number }} \
+            -ipfs-id $(ipfs id -f "<id>") \
+            -static-ipns-name $static_ipns_name \
+            -pr-number ${{ github.event.pull_request.number }} \
+            -age-pub-key age1dhueesr5qj8e8uy298k7z8x3ntv620rde89phumg0kvjx2t32elsm759z7
         env:
           # we send the GITHUB_TOKEN to the preview-comment workflow. This token is then verified to be from a workflow
           # that runs inside this repo, which can only be a workflow that got manually approved. The token is encrypted
diff --git a/hack/ipfs-exchange-info/go.mod b/hack/ipfs-exchange-info/go.mod
index 1a78cc690..19b9a3b4b 100644
--- a/hack/ipfs-exchange-info/go.mod
+++ b/hack/ipfs-exchange-info/go.mod
@@ -4,61 +4,116 @@ go 1.20
 
 require (
 	filippo.io/age v1.1.1
-	github.com/ipfs/boxo v0.10.1
-	github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46
+	github.com/libp2p/go-libp2p v0.27.6
+	github.com/libp2p/go-libp2p-kad-dht v0.24.1
 	github.com/sirupsen/logrus v1.9.3
 )
 
 require (
-	github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 // indirect
+	github.com/benbjohnson/clock v1.3.5 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/elastic/gosigar v0.14.2 // indirect
+	github.com/flynn/noise v1.0.0 // indirect
+	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gopacket v1.1.19 // indirect
+	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
 	github.com/google/uuid v1.3.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/ipfs/bbloom v0.0.4 // indirect
-	github.com/ipfs/go-block-format v0.1.2 // indirect
+	github.com/huin/goupnp v1.2.0 // indirect
+	github.com/ipfs/boxo v0.10.1 // indirect
 	github.com/ipfs/go-cid v0.4.1 // indirect
 	github.com/ipfs/go-datastore v0.6.0 // indirect
-	github.com/ipfs/go-ipfs-cmds v0.9.0 // indirect
 	github.com/ipfs/go-ipfs-util v0.0.3 // indirect
-	github.com/ipfs/go-ipld-format v0.5.0 // indirect
-	github.com/ipfs/go-ipld-legacy v0.2.1 // indirect
 	github.com/ipfs/go-log v1.0.5 // indirect
 	github.com/ipfs/go-log/v2 v2.5.1 // indirect
-	github.com/ipfs/go-metrics-interface v0.0.1 // indirect
-	github.com/ipld/go-codec-dagpb v1.6.0 // indirect
 	github.com/ipld/go-ipld-prime v0.20.0 // indirect
+	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
+	github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
 	github.com/jbenet/goprocess v0.1.4 // indirect
+	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/koron/go-ssdp v0.0.4 // indirect
 	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
-	github.com/libp2p/go-libp2p v0.27.6 // indirect
+	github.com/libp2p/go-cidranger v1.1.0 // indirect
+	github.com/libp2p/go-flow-metrics v0.1.0 // indirect
+	github.com/libp2p/go-libp2p-asn-util v0.3.0 // indirect
+	github.com/libp2p/go-libp2p-kbucket v0.6.3 // indirect
+	github.com/libp2p/go-libp2p-record v0.2.0 // indirect
+	github.com/libp2p/go-msgio v0.3.0 // indirect
+	github.com/libp2p/go-nat v0.1.0 // indirect
+	github.com/libp2p/go-netroute v0.2.1 // indirect
+	github.com/libp2p/go-reuseport v0.3.0 // indirect
+	github.com/libp2p/go-yamux/v4 v4.0.0 // indirect
+	github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/miekg/dns v1.1.54 // indirect
+	github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
+	github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
 	github.com/minio/sha256-simd v1.0.1 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/multiformats/go-base32 v0.1.0 // indirect
 	github.com/multiformats/go-base36 v0.2.0 // indirect
 	github.com/multiformats/go-multiaddr v0.9.0 // indirect
+	github.com/multiformats/go-multiaddr-dns v0.3.1 // indirect
+	github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
 	github.com/multiformats/go-multibase v0.2.0 // indirect
 	github.com/multiformats/go-multicodec v0.9.0 // indirect
 	github.com/multiformats/go-multihash v0.2.3 // indirect
 	github.com/multiformats/go-multistream v0.4.1 // indirect
 	github.com/multiformats/go-varint v0.0.7 // indirect
+	github.com/onsi/ginkgo/v2 v2.9.7 // indirect
+	github.com/opencontainers/runtime-spec v1.0.2 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/polydawn/refmt v0.89.0 // indirect
-	github.com/rs/cors v1.7.0 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/quic-go/qpack v0.4.0 // indirect
+	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
+	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
+	github.com/quic-go/quic-go v0.33.0 // indirect
+	github.com/quic-go/webtransport-go v0.5.3 // indirect
+	github.com/raulk/go-watchdog v1.3.0 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
+	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.16.0 // indirect
 	go.opentelemetry.io/otel/metric v1.16.0 // indirect
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/dig v1.17.0 // indirect
+	go.uber.org/fx v1.19.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.10.0 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
+	gonum.org/v1/gonum v0.13.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	lukechampine.com/blake3 v1.2.1 // indirect
+	nhooyr.io/websocket v1.8.7 // indirect
 )
diff --git a/hack/ipfs-exchange-info/go.sum b/hack/ipfs-exchange-info/go.sum
index 0dfefaac6..d17de4f1a 100644
--- a/hack/ipfs-exchange-info/go.sum
+++ b/hack/ipfs-exchange-info/go.sum
@@ -1,150 +1,318 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
+dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
+dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
+dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
+dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
+github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
+github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
+github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
+github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3 h1:HVTnpeuvF6Owjd5mniCL8DEXo7uYXdQEmOP4FJbV5tg=
-github.com/crackcomm/go-gitignore v0.0.0-20170627025303-887ab5e44cc3/go.mod h1:p1d6YEZWvFzEh4KLyvBcVSnrfNDDvK2zfK/4x2v/4pE=
-github.com/cskr/pubsub v1.0.2 h1:vlOzMhl6PFn60gRlTQQsIfVwaPB/B/8MziK8FhEPt/0=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U=
 github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
-github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 h1:BBso6MBKW8ncyZLv37o+KNyy0HrrHgfnOaGQC2qvN+A=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/elastic/gosigar v0.12.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
+github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4=
+github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
+github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
 github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
+github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
+github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
+github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
+github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/huin/goupnp v1.0.0/go.mod h1:n9v9KO1tAxYH82qOn+UTIFQDmx5n1Zxd/ClZDMX7Bnc=
 github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY=
-github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs=
-github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0=
+github.com/huin/goupnp v1.2.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
+github.com/huin/goutil v0.0.0-20170803182201-1ca381bf3150/go.mod h1:PpLOETDnJ0o3iZrZfqZzyLl6l7F3c6L1oWn7OICBi6o=
 github.com/ipfs/boxo v0.10.1 h1:q0ZhbyN6iNZLipd6txt1xotCiP/icfvdAQ4YpUi+cL4=
 github.com/ipfs/boxo v0.10.1/go.mod h1:1qgKq45mPRCxf4ZPoJV2lnXxyxucigILMJOrQrVivv8=
-github.com/ipfs/go-block-format v0.1.2 h1:GAjkfhVx1f4YTODS6Esrj1wt2HhrtwTnhEr+DyPUaJo=
-github.com/ipfs/go-block-format v0.1.2/go.mod h1:mACVcrxarQKstUU3Yf/RdwbC4DzPV6++rO2a3d+a/KE=
 github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=
 github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=
 github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=
 github.com/ipfs/go-datastore v0.6.0/go.mod h1:rt5M3nNbSO/8q1t4LNkLyUwRs8HupMeN/8O4Vn9YAT8=
 github.com/ipfs/go-detect-race v0.0.1 h1:qX/xay2W3E4Q1U7d9lNs1sU9nvguX0a7319XbyQ6cOk=
-github.com/ipfs/go-ipfs-blocksutil v0.0.1 h1:Eh/H4pc1hsvhzsQoMEP3Bke/aW5P5rVM1IWFJMcGIPQ=
-github.com/ipfs/go-ipfs-cmds v0.9.0 h1:K0VcXg1l1k6aY6sHnoxYcyimyJQbcV1ueXuWgThmK9Q=
-github.com/ipfs/go-ipfs-cmds v0.9.0/go.mod h1:SBFHK8WNwC416QWH9Vz1Ql42SSMAOqKpaHUMBu3jpLo=
-github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
-github.com/ipfs/go-ipfs-pq v0.0.3 h1:YpoHVJB+jzK15mr/xsWC574tyDLkezVrDNeaalQBsTE=
+github.com/ipfs/go-detect-race v0.0.1/go.mod h1:8BNT7shDZPo99Q74BpGMK+4D8Mn4j46UU0LZ723meps=
 github.com/ipfs/go-ipfs-util v0.0.3 h1:2RFdGez6bu2ZlZdI+rWfIdbQb1KudQp3VGwPtdNCmE0=
 github.com/ipfs/go-ipfs-util v0.0.3/go.mod h1:LHzG1a0Ig4G+iZ26UUOMjHd+lfM84LZCrn17xAKWBvs=
-github.com/ipfs/go-ipld-cbor v0.0.6 h1:pYuWHyvSpIsOOLw4Jy7NbBkCyzLDcl64Bf/LZW7eBQ0=
-github.com/ipfs/go-ipld-format v0.5.0 h1:WyEle9K96MSrvr47zZHKKcDxJ/vlpET6PSiQsAFO+Ds=
-github.com/ipfs/go-ipld-format v0.5.0/go.mod h1:ImdZqJQaEouMjCvqCe0ORUS+uoBmf7Hf+EO/jh+nk3M=
-github.com/ipfs/go-ipld-legacy v0.2.1 h1:mDFtrBpmU7b//LzLSypVrXsD8QxkEWxu5qVxN99/+tk=
-github.com/ipfs/go-ipld-legacy v0.2.1/go.mod h1:782MOUghNzMO2DER0FlBR94mllfdCJCkTtDtPM51otM=
 github.com/ipfs/go-log v1.0.5 h1:2dOuUCB1Z7uoczMWgAyDck5JLb72zHzrMnGnCNNbvY8=
 github.com/ipfs/go-log v1.0.5/go.mod h1:j0b8ZoR+7+R99LD9jZ6+AJsrzkPbSXbZfGakb5JPtIo=
 github.com/ipfs/go-log/v2 v2.1.3/go.mod h1:/8d0SH3Su5Ooc31QlL1WysJhvyOTDCjcCZ9Axpmri6g=
 github.com/ipfs/go-log/v2 v2.5.1 h1:1XdUzF7048prq4aBjDQQ4SL5RxftpRGdXhNRwKSAlcY=
 github.com/ipfs/go-log/v2 v2.5.1/go.mod h1:prSpmC1Gpllc9UYWxDiZDreBYw7zp4Iqp1kOLU9U5UI=
-github.com/ipfs/go-metrics-interface v0.0.1 h1:j+cpbjYvu4R8zbleSs36gvB7jR+wsL2fGD6n0jO4kdg=
-github.com/ipfs/go-metrics-interface v0.0.1/go.mod h1:6s6euYU4zowdslK0GKHmqaIZ3j/b/tL7HTWtJ4VPgWY=
-github.com/ipfs/go-peertaskqueue v0.8.1 h1:YhxAs1+wxb5jk7RvS0LHdyiILpNmRIRnZVztekOF0pg=
-github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46 h1:slTRRjlz5fOCtMXRt6HXhEgxksV0XzWjgpgp4Z8iChU=
-github.com/ipfs/kubo v0.20.1-0.20230619130733-8bba03d8bf46/go.mod h1:dxRoDwePol9YV+P7Q96LcN21jiOF3nF8xRC4ij72BIQ=
-github.com/ipld/go-codec-dagpb v1.6.0 h1:9nYazfyu9B1p3NAgfVdpRco3Fs2nFC72DqVsMj6rOcc=
-github.com/ipld/go-codec-dagpb v1.6.0/go.mod h1:ANzFhfP2uMJxRBr8CE+WQWs5UsNa0pYtmKZ+agnUw9s=
 github.com/ipld/go-ipld-prime v0.20.0 h1:Ud3VwE9ClxpO2LkCYP7vWPc0Fo+dYdYzgxUJZ3uRG4g=
 github.com/ipld/go-ipld-prime v0.20.0/go.mod h1:PzqZ/ZR981eKbgdr3y2DJYeD/8bgMawdGVlJDE8kK+M=
 github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
 github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=
 github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk=
+github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk=
 github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0o=
 github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4=
+github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
+github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/koron/go-ssdp v0.0.0-20191105050749-2e1c40ed0b5d/go.mod h1:5Ky9EC2xfoUKUor0Hjgi2BJhCSXJfMOFlmyYrVKGQMk=
 github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0=
+github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
 github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
 github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c=
+github.com/libp2p/go-cidranger v1.1.0/go.mod h1:KWZTfSr+r9qEo9OkI9/SIEeAtw+NNoU0dXIXt15Okic=
+github.com/libp2p/go-flow-metrics v0.1.0 h1:0iPhMI8PskQwzh57jB9WxIuIOQ0r+15PChFGkx3Q3WM=
+github.com/libp2p/go-flow-metrics v0.1.0/go.mod h1:4Xi8MX8wj5aWNDAZttg6UPmc0ZrnFNsMtpsYUClFtro=
 github.com/libp2p/go-libp2p v0.27.6 h1:KmGU5kskCaaerm53heqzfGOlrW2z8icZ+fnyqgrZs38=
 github.com/libp2p/go-libp2p v0.27.6/go.mod h1:oMfQGTb9CHnrOuSM6yMmyK2lXz3qIhnkn2+oK3B1Y2g=
 github.com/libp2p/go-libp2p-asn-util v0.3.0 h1:gMDcMyYiZKkocGXDQ5nsUQyquC9+H+iLEQHwOCZ7s8s=
+github.com/libp2p/go-libp2p-asn-util v0.3.0/go.mod h1:B1mcOrKUE35Xq/ASTmQ4tN3LNzVVaMNmq2NACuqyB9w=
+github.com/libp2p/go-libp2p-kad-dht v0.24.1 h1:XH9vIWqc6e+w6z2Nvt9R5EhkBNnOQl7tyxxM6soejwo=
+github.com/libp2p/go-libp2p-kad-dht v0.24.1/go.mod h1:1meiUvgOxfSPBx1pracS4VyYwmusorvv+TVRI3mXaJI=
+github.com/libp2p/go-libp2p-kbucket v0.6.3 h1:p507271wWzpy2f1XxPzCQG9NiN6R6lHL9GiSErbQQo0=
+github.com/libp2p/go-libp2p-kbucket v0.6.3/go.mod h1:RCseT7AH6eJWxxk2ol03xtP9pEHetYSPXOaJnOiD8i0=
 github.com/libp2p/go-libp2p-record v0.2.0 h1:oiNUOCWno2BFuxt3my4i1frNrt7PerzB3queqa1NkQ0=
+github.com/libp2p/go-libp2p-record v0.2.0/go.mod h1:I+3zMkvvg5m2OcSdoL0KPljyJyvNDFGKX7QdlpYUcwk=
 github.com/libp2p/go-libp2p-testing v0.12.0 h1:EPvBb4kKMWO29qP4mZGyhVzUyR25dvfUIK5WDu6iPUA=
 github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
+github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM=
 github.com/libp2p/go-nat v0.1.0 h1:MfVsH6DLcpa04Xr+p8hmVRG4juse0s3J8HyNWYHffXg=
+github.com/libp2p/go-nat v0.1.0/go.mod h1:X7teVkwRHNInVNWQiO/tAiAVRwSr5zoRz4YSTC3uRBM=
+github.com/libp2p/go-netroute v0.1.2/go.mod h1:jZLDV+1PE8y5XxBySEBgbuVAXbhtuHSdmLPL2n9MKbk=
 github.com/libp2p/go-netroute v0.2.1 h1:V8kVrpD8GK0Riv15/7VN6RbUQ3URNZVosw7H2v9tksU=
+github.com/libp2p/go-netroute v0.2.1/go.mod h1:hraioZr0fhBjG0ZRXJJ6Zj2IVEVNx6tDTFQfSmcq7mQ=
+github.com/libp2p/go-reuseport v0.3.0 h1:iiZslO5byUYZEg9iCwJGf5h+sf1Agmqx2V2FDjPyvUw=
+github.com/libp2p/go-reuseport v0.3.0/go.mod h1:laea40AimhtfEqysZ71UpYj4S+R9VpH8PgqLo7L+SwI=
+github.com/libp2p/go-sockaddr v0.0.2/go.mod h1:syPvOmNs24S3dFVGJA1/mrqdeijPxLV2Le3BRLKd68k=
+github.com/libp2p/go-yamux/v4 v4.0.0 h1:+Y80dV2Yx/kv7Y7JKu0LECyVdMXm1VUoko+VQ9rBfZQ=
+github.com/libp2p/go-yamux/v4 v4.0.0/go.mod h1:NWjl8ZTLOGlozrXSOZ/HlfG++39iKNnM5wwmtQP1YB4=
+github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
+github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
+github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c h1:bzE/A84HN25pxAuk9Eej1Kz9OUelF97nAc82bDquQI8=
+github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b/go.mod h1:lxPUiZwKoFL8DUUmalo2yJJUCxbPKtm8OKfqr2/FTNU=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc h1:PTfri+PuQmWDqERdnNMiD9ZejrlswWrCpBEZgWOiTrc=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc/go.mod h1:cGKTAVKx4SxOuR/czcZ/E2RSJ3sfHs8FpHhQ5CWMf9s=
+github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
+github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
 github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
 github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
 github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
 github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
 github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
 github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
 github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
 github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
+github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo=
+github.com/multiformats/go-multiaddr v0.2.0/go.mod h1:0nO36NvPpyV4QzvTLi/lafl2y95ncPj0vFwVF6k6wJ4=
 github.com/multiformats/go-multiaddr v0.9.0 h1:3h4V1LHIk5w4hJHekMKWALPXErDfz/sggzwC/NcqbDQ=
 github.com/multiformats/go-multiaddr v0.9.0/go.mod h1:mI67Lb1EeTOYb8GQfL/7wpIZwc46ElrvzhYnoJOmTT0=
 github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A=
+github.com/multiformats/go-multiaddr-dns v0.3.1/go.mod h1:G/245BRQ6FJGmryJCrOuTdB37AMA5AMOVuO6NY3JwTk=
 github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
+github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo=
 github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
 github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk=
 github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3IbPKOXWJkmg=
 github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k=
+github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew=
 github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
 github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
 github.com/multiformats/go-multistream v0.4.1 h1:rFy0Iiyn3YT0asivDUIR05leAdwZq3de4741sbiSdfo=
 github.com/multiformats/go-multistream v0.4.1/go.mod h1:Mz5eykRVAjJWckE2U78c6xqdtyNUEhKSM0Lwar2p77Q=
+github.com/multiformats/go-varint v0.0.1/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE=
 github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
 github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
+github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
+github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
+github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
+github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
+github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
+github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -152,43 +320,101 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
 github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
+github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
+github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
+github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
+github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
+github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
 github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
+github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
 github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
+github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
 github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
+github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA=
 github.com/quic-go/webtransport-go v0.5.3 h1:5XMlzemqB4qmOlgIus5zB45AcZ2kCgCy2EptUrfOPWU=
+github.com/quic-go/webtransport-go v0.5.3/go.mod h1:OhmmgJIzTTqXK5xvtuX0oBpLV2GkLWNDA+UeTGJXErU=
+github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk=
+github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
-github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
+github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
+github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
+github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
+github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
+github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
+github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
+github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
+github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
+github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
+github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
+github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
+github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
+github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
+github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
+github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
 github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
+github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
+github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
 github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
 github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
+github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/warpfork/go-testmark v0.11.0 h1:J6LnV8KpceDvo7spaNU4+DauH2n1x+6RaO2rJrmpQ9U=
+github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
+github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSDJfjId/PEGEShv6ugrt4kYsC5UIDaQ=
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
-github.com/whyrusleeping/cbor-gen v0.0.0-20230126041949-52956bd4c9aa h1:EyA027ZAkuaCLoxVX4r1TZMPy1d31fM6hbfQ4OU4I5o=
-github.com/whyrusleeping/chunker v0.0.0-20181014151217-fe64bd25879f h1:jQa4QT2UP9WYv2nzyawpKMOCl+Z/jW7djv2/J50lj9E=
+github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
+github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
 go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
 go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
@@ -199,6 +425,10 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/dig v1.17.0 h1:5Chju+tUvcC+N7N6EV08BJz41UZuO3BmHcN4A287ZLI=
+go.uber.org/dig v1.17.0/go.mod h1:rTxpf7l5I0eBTlE6/9RL+lDybC7WFwY2QH55ZSjy1mU=
+go.uber.org/fx v1.19.3 h1:YqMRE4+2IepTYCMOvXqQpRa+QAVdiSTnsHU4XNWBceA=
+go.uber.org/fx v1.19.3/go.mod h1:w2HrQg26ql9fLK7hlBiZ6JsRUKV+Lj/atT1KCjT8YhM=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
@@ -210,35 +440,86 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
+golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
+golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -249,37 +530,98 @@ golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+gonum.org/v1/gonum v0.13.0 h1:a0T3bh+7fhRyqeNbiC3qVHYmkiQgit3wnNan/2c0HMM=
+gonum.org/v1/gonum v0.13.0/go.mod h1:/WPYRckkfWrhWefxyYTfrTtQR0KH4iyHNuzxqXAKyAU=
+google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
+google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
 lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
+nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
+nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
+sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
diff --git a/hack/ipfs-exchange-info/main.go b/hack/ipfs-exchange-info/main.go
index f188087bc..8b871c0b0 100644
--- a/hack/ipfs-exchange-info/main.go
+++ b/hack/ipfs-exchange-info/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"bytes"
 	"context"
 	"encoding/gob"
@@ -8,66 +9,94 @@ import (
 	"filippo.io/age"
 	"flag"
 	"fmt"
-	"github.com/ipfs/boxo/coreiface/options"
-	"github.com/ipfs/boxo/files"
+	"github.com/libp2p/go-libp2p"
+	"github.com/libp2p/go-libp2p/core/host"
+	"github.com/libp2p/go-libp2p/core/network"
+	"github.com/libp2p/go-libp2p/core/peer"
+	drouting "github.com/libp2p/go-libp2p/p2p/discovery/routing"
 	log "github.com/sirupsen/logrus"
 	"io"
-	"net"
 	"net/http"
 	"os"
 	"strings"
+	"sync"
 	"time"
 
-	"github.com/ipfs/kubo/client/rpc"
+	dht "github.com/libp2p/go-libp2p-kad-dht"
+	dutil "github.com/libp2p/go-libp2p/p2p/discovery/util"
 )
 
 var modeFlag string
-var ipnsKey string
-var ipnsName string
+var topicFlag string
 var ipfsId string
 var staticIpnsName string
 var prNumber int
 var ageKeyFile string
 var agePubKey string
 var repoName string
+var outFile string
 
 func ParseFlags() error {
 	flag.StringVar(&modeFlag, "mode", "", "Mode")
-	flag.StringVar(&ipnsKey, "ipns-key", "", "IPNS key name")
-	flag.StringVar(&ipnsName, "ipns-name", "", "IPNS name")
+	flag.StringVar(&topicFlag, "topic", "", "pubsub topic")
+	flag.StringVar(&ipfsId, "ipfs-id", "", "IPFS ID")
 	flag.StringVar(&staticIpnsName, "static-ipns-name", "", "Static Webui IPNS name")
 	flag.IntVar(&prNumber, "pr-number", 0, "PR number")
-	flag.StringVar(&ipfsId, "ipfs-id", "", "IPFS id")
 	flag.StringVar(&ageKeyFile, "age-key-file", "", "AGE key file")
 	flag.StringVar(&agePubKey, "age-pub-key", "", "AGE pubkey")
 	flag.StringVar(&repoName, "repo-name", "", "Repo name")
+	flag.StringVar(&outFile, "out-file", "", "Output file")
 	flag.Parse()
 
 	return nil
 }
 
 func main() {
+	//logging.SetLogLevel("*", "INFO")
+
 	err := ParseFlags()
 	if err != nil {
 		panic(err)
 	}
 
-	// "Connect" to local node
-	node, err := rpc.NewLocalApi()
+	if topicFlag == "test" {
+		reader := bufio.NewReader(os.Stdin)
+		fmt.Print("Enter num: ")
+		text, _ := reader.ReadString('\n')
+		topicFlag = "my-test-topic-" + strings.TrimSpace(text)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Minute)
+	defer cancel()
+
+	var h host.Host
+	h, err = libp2p.New(
+		libp2p.ListenAddrStrings("/ip4/0.0.0.0/tcp/0"),
+		libp2p.EnableRelay(),
+		libp2p.EnableNATService(),
+		libp2p.NATPortMap(),
+		libp2p.ForceReachabilityPrivate(),
+		libp2p.EnableAutoRelayWithPeerSource(findRelayPeers(func() host.Host {
+			return h
+		})))
+	if err != nil {
+		panic(err)
+	}
+
+	log.Infof("own ID: %s", h.ID().String())
+
+	kademliaDHT, err := initDHT(ctx, h)
 	if err != nil {
 		log.Error(err)
-		os.Exit(1)
+		log.Exit(1)
 	}
+	discovery := drouting.NewRoutingDiscovery(kademliaDHT)
 
 	switch modeFlag {
-	case "publish-ipns":
-		err = doPublishIpns(node)
-	case "resolve-ipns":
-		err = doResolve(node)
-	case "send-info":
-		err = doSend(node)
-	case "receive-info":
-		err = doReceive(node)
+	case "publish":
+		err = doPublish(ctx, h, discovery)
+	case "subscribe":
+		err = doSubscribe(ctx, h, discovery)
 	default:
 		err = fmt.Errorf("unknown mode %s", modeFlag)
 	}
@@ -80,117 +109,87 @@ func main() {
 	}
 }
 
-type ipnsInfo struct {
-	PrNumber int    `json:"prNumber"`
-	IpfsId   string `json:"ipfsId"`
-}
-
-type workflowInfo struct {
-	PrNumber       int    `json:"prNumber"`
-	IpfsId         string `json:"ipfsId"`
-	StaticIpnsName string `json:"staticIpnsName"`
-	GithubToken    string `json:"githubToken"`
-}
-
-func doPublishIpns(node *rpc.HttpApi) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
-	defer cancel()
-
-	selfKey, err := node.Key().Self(ctx)
-	if err != nil {
-		return err
-	}
-
-	info := ipnsInfo{
-		PrNumber: prNumber,
-		IpfsId:   selfKey.ID().String(),
-	}
-	b, err := json.Marshal(&info)
-	if err != nil {
-		return err
-	}
-	log.Info("publishing: ", string(b))
-
-	f := files.NewBytesFile(b)
-
-	pth, err := node.Unixfs().Add(ctx, f)
+func initDHT(ctx context.Context, h host.Host) (*dht.IpfsDHT, error) {
+	// Start a DHT, for use in peer discovery. We can't just make a new DHT
+	// client because we want each peer to maintain its own local copy of the
+	// DHT, so that the bootstrapping node of the DHT can go down without
+	// inhibiting future peer discovery.
+	kademliaDHT, err := dht.New(ctx, h)
 	if err != nil {
-		return err
+		return nil, err
 	}
-
-	log.Info("path: ", pth.String())
-
-	ipnsEntry, err := node.Name().Publish(ctx, pth, options.Name.Key(ipnsKey), options.Name.TTL(10*time.Second))
-	if err != nil {
-		return err
+	if err = kademliaDHT.Bootstrap(ctx); err != nil {
+		return nil, err
 	}
-
-	log.Info("published as ", ipnsEntry.Name())
-
-	return nil
+	var wg sync.WaitGroup
+	for _, peerAddr := range dht.DefaultBootstrapPeers {
+		peerinfo, _ := peer.AddrInfoFromP2pAddr(peerAddr)
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := h.Connect(ctx, *peerinfo); err != nil {
+				log.Info("Bootstrap warning:", err)
+			} else {
+				log.Infof("Connected to bootstrap peer: %s", peerinfo.String())
+			}
+		}()
+	}
+	wg.Wait()
+
+	return kademliaDHT, nil
 }
 
-func doResolve(node *rpc.HttpApi) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-
-	log.Info("Resolving: ", ipnsName)
-
-	resolved, err := node.Name().Resolve(ctx, ipnsName, options.Name.Cache(false))
-	if err != nil {
-		return err
+func findRelayPeers(h func() host.Host) func(ctx context.Context, num int) <-chan peer.AddrInfo {
+	return func(ctx context.Context, num int) <-chan peer.AddrInfo {
+		ch := make(chan peer.AddrInfo)
+		go func() {
+			sent := 0
+		outer:
+			for {
+				for _, id := range h().Peerstore().PeersWithAddrs() {
+					if sent >= num {
+						break
+					}
+					protos, err := h().Peerstore().GetProtocols(id)
+					if err != nil {
+						continue
+					}
+					for _, proto := range protos {
+						if strings.HasPrefix(string(proto), "/libp2p/circuit/relay/") {
+							ch <- peer.AddrInfo{
+								ID:    id,
+								Addrs: h().Peerstore().Addrs(id),
+							}
+							sent++
+							break
+						}
+					}
+				}
+				select {
+				case <-time.After(time.Second):
+					continue
+				case <-ctx.Done():
+					break outer
+				}
+			}
+			close(ch)
+		}()
+		return ch
 	}
-
-	log.Info("Resolved to: ", resolved.String())
-
-	nd, err := node.Unixfs().Get(ctx, resolved)
-	if err != nil {
-		return err
-	}
-	defer nd.Close()
-
-	f, ok := nd.(files.File)
-	if !ok {
-		return fmt.Errorf("%s is not a file", resolved.String())
-	}
-
-	b, err := io.ReadAll(f)
-	if err != nil {
-		return err
-	}
-
-	var info ipnsInfo
-	err = json.Unmarshal(b, &info)
-	if err != nil {
-		return err
-	}
-
-	log.Info("IPNS Info: ", string(b))
-
-	if info.PrNumber != prNumber {
-		return fmt.Errorf("IPNS entry not up-to-date")
-	}
-
-	_, err = os.Stdout.WriteString(info.IpfsId + "\n")
-	if err != nil {
-		return err
-	}
-	return nil
 }
 
-func doSend(node *rpc.HttpApi) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-
-	selfKey, err := node.Key().Self(ctx)
-	if err != nil {
-		return err
-	}
+type workflowInfo struct {
+	PrNumber       int    `json:"prNumber"`
+	IpfsId         string `json:"ipfsId"`
+	StaticIpnsName string `json:"staticIpnsName"`
+	GithubToken    string `json:"githubToken"`
+}
 
+func doPublish(ctx context.Context, h host.Host, discovery *drouting.RoutingDiscovery) error {
 	info := workflowInfo{
 		PrNumber:       prNumber,
 		GithubToken:    os.Getenv("GITHUB_TOKEN"),
-		IpfsId:         selfKey.ID().String(),
+		IpfsId:         ipfsId,
 		StaticIpnsName: staticIpnsName,
 	}
 
@@ -221,30 +220,89 @@ func doSend(node *rpc.HttpApi) error {
 
 	log.Info("Sending info...")
 
-	err = p2pSendFile(ctx, node, ipfsId, b)
-	if err != nil {
-		return err
+	for {
+		peersCh, err := discovery.FindPeers(ctx, topicFlag)
+		if err != nil {
+			return err
+		}
+		didSend := false
+		for peer := range peersCh {
+			if peer.ID == h.ID() {
+				continue // No self connection
+			}
+
+			log.Infof("Trying %s with addrs %v", peer.ID, peer.Addrs)
+
+			err = h.Connect(ctx, peer)
+			if err != nil {
+				log.Info(err)
+				continue
+			}
+
+			err = sendFile(ctx, h, peer.ID, b)
+			if err != nil {
+				log.Warn(err)
+				continue
+			}
+			didSend = true
+		}
+		if didSend {
+			break
+		}
 	}
 
 	log.Info("Done sending info.")
 
 	return nil
-
 }
 
-func doReceive(node *rpc.HttpApi) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
-	defer cancel()
-
-	log.Info("Receiving info...")
-
-	b, err := p2pReceiveFile(ctx, node)
-	if err != nil {
-		return err
-	}
+func doSubscribe(ctx context.Context, h host.Host, discovery *drouting.RoutingDiscovery) error {
+	doneCh := make(chan bool)
+	h.SetStreamHandler("/x/kluctl-preview-info", func(s network.Stream) {
+		defer s.Close()
+
+		enc := gob.NewEncoder(s)
+		dec := gob.NewDecoder(s)
+
+		var b []byte
+		err := dec.Decode(&b)
+		if err != nil {
+			log.Infof("Receive failed: %v", err)
+			return
+		}
+
+		err = handleInfo(ctx, b)
+		isDone := err == nil
+		if err != nil {
+			log.Infof("handle failed: %v", err)
+			_ = enc.Encode("not ok")
+		} else {
+			err = enc.Encode("ok")
+			if err != nil {
+				log.Infof("Sending ok failed: %v", err)
+				return
+			}
+		}
+
+		var closeMsg string
+		err = dec.Decode(&closeMsg)
+		if err != nil {
+			log.Infof("Receiving close msg failed: %v", err)
+		}
+
+		if isDone {
+			doneCh <- true
+		}
+	})
+
+	dutil.Advertise(ctx, discovery, topicFlag)
+	<-doneCh
+	h.RemoveStreamHandler("/x/kluctl-preview-info")
 
-	log.Info("Done receiving info.")
+	return nil
+}
 
+func handleInfo(ctx context.Context, data []byte) error {
 	idsBytes, err := os.ReadFile(ageKeyFile)
 	if err != nil {
 		return err
@@ -253,7 +311,7 @@ func doReceive(node *rpc.HttpApi) error {
 	if err != nil {
 		return err
 	}
-	d, err := age.Decrypt(bytes.NewReader(b), ageIds...)
+	d, err := age.Decrypt(bytes.NewReader(data), ageIds...)
 	if err != nil {
 		return err
 	}
@@ -263,10 +321,10 @@ func doReceive(node *rpc.HttpApi) error {
 	if err != nil {
 		return err
 	}
-	b = w.Bytes()
+	data = w.Bytes()
 
 	var info workflowInfo
-	err = json.Unmarshal(b, &info)
+	err = json.Unmarshal(data, &info)
 	if err != nil {
 		return err
 	}
@@ -286,17 +344,19 @@ func doReceive(node *rpc.HttpApi) error {
 
 	info.GithubToken = ""
 
-	b, err = json.Marshal(&info)
+	data, err = json.Marshal(&info)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(outFile, data, 0o600)
 	if err != nil {
 		return err
 	}
-	_, _ = os.Stdout.WriteString(string(b) + "\n")
-
 	return nil
 }
 
 func doGithubRequest(ctx context.Context, method string, url string, body string, token string) ([]byte, error) {
-	log.Info("request: ", method, url)
+	log.Infof("request: %s %s", method, url)
 
 	req, err := http.NewRequest(method, url, strings.NewReader(body))
 	if err != nil {
@@ -380,86 +440,30 @@ func checkGithubToken(ctx context.Context, token string) error {
 	return nil
 }
 
-func p2pSendFile(ctx context.Context, node *rpc.HttpApi, ipfsId string, data []byte) error {
-	// close the old one
-	_, _ = node.Request("p2p/close").
-		Option("protocol", "/x/kluctl-preview-info").
-		Option("listen-address", "/ip4/127.0.0.1/tcp/10001").
-		Send(ctx)
-
-	_, err := node.Request("p2p/forward", "/x/kluctl-preview-info", "/ip4/127.0.0.1/tcp/10001", fmt.Sprintf("/p2p/%s", ipfsId)).
-		Send(ctx)
-	if err != nil {
-		return err
-	}
-
-	c, err := net.Dial("tcp", "127.0.0.1:10001")
+func sendFile(ctx context.Context, h host.Host, ipfsId peer.ID, data []byte) error {
+	s, err := h.NewStream(ctx, ipfsId, "/x/kluctl-preview-info")
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to connect to %s: %w", ipfsId.String(), err)
 	}
-	defer c.Close()
+	defer s.Close()
 
-	e := gob.NewEncoder(c)
-	d := gob.NewDecoder(c)
+	enc := gob.NewEncoder(s)
+	dec := gob.NewDecoder(s)
 
-	err = e.Encode(data)
+	err = enc.Encode(data)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to send msg: %w", err)
 	}
 
 	var ok string
-	err = d.Decode(&ok)
+	err = dec.Decode(&ok)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to read ok: %w", err)
 	}
+	_ = enc.Encode("close")
 	if ok != "ok" {
-		return fmt.Errorf("did not receive ok")
+		return fmt.Errorf("received '%s' instead of ok", ok)
 	}
 
 	return nil
 }
-
-func p2pReceiveFile(ctx context.Context, node *rpc.HttpApi) ([]byte, error) {
-	l, err := net.Listen("tcp", "127.0.0.1:10002")
-	if err != nil {
-		return nil, err
-	}
-	defer l.Close()
-	addr := l.Addr().(*net.TCPAddr)
-
-	targetAddr := fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", addr.Port)
-
-	// close the old one
-	_, _ = node.Request("p2p/close").
-		Option("protocol", "/x/kluctl-preview-info").
-		Option("target-address", targetAddr).
-		Send(ctx)
-	_, err = node.Request("p2p/listen", "/x/kluctl-preview-info", targetAddr).
-		Send(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	c, err := l.Accept()
-	if err != nil {
-		return nil, err
-	}
-	defer c.Close()
-
-	d := gob.NewDecoder(c)
-	e := gob.NewEncoder(c)
-
-	var data []byte
-	err = d.Decode(&data)
-	if err != nil {
-		return nil, err
-	}
-
-	ok := "ok"
-	err = e.Encode(&ok)
-	if err != nil {
-		return nil, err
-	}
-
-	return data, nil
-}

From 8ed8b97bedc8478ce94462f0ce8e809fc49d9567 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 11:15:14 +0200
Subject: [PATCH 1223/2268] ci: Add PR nuber to concurrency group (#604)

---
 .github/workflows/preview-comment.yml | 2 +-
 .github/workflows/preview-run.yml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
index 638eeb522..efb778175 100644
--- a/.github/workflows/preview-comment.yml
+++ b/.github/workflows/preview-comment.yml
@@ -12,7 +12,7 @@ permissions:
   pull-requests: write
 
 concurrency:
-  group: preview-comment
+  group: preview-comment-${{ github.pull_request.number }}
   cancel-in-progress: true
 
 jobs:
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 18f6534b6..5e8867031 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -7,7 +7,7 @@ on:
       - main
 
 concurrency:
-  group: preview-run
+  group: preview-run-${{ github.pull_request.number }}
   cancel-in-progress: true
 
 jobs:

From 3c3fe5f6fc8c676afb5ab2e8e5de053d30398080 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 11:23:03 +0200
Subject: [PATCH 1224/2268] chore(deps): Bump golang.org/x/sync from 0.2.0 to
 0.3.0 (#574)

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.2.0 to 0.3.0.
- [Commits](https://github.com/golang/sync/compare/v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e0219a7be..5a5e51046 100644
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.9.0
 	golang.org/x/net v0.10.0
-	golang.org/x/sync v0.2.0
+	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.9.0
 	golang.org/x/text v0.10.0
diff --git a/go.sum b/go.sum
index e55b9ac74..e9eaf8632 100644
--- a/go.sum
+++ b/go.sum
@@ -1064,8 +1064,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From 42dde5c29c40b86b8ac9de2a32c7beba1d12e589 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 11:23:17 +0200
Subject: [PATCH 1225/2268] chore(deps): Bump golang.org/x/crypto from 0.9.0 to
 0.10.0 (#576)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5a5e51046..3d609a468 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.9.0
+	golang.org/x/crypto v0.10.0
 	golang.org/x/net v0.10.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.9.0
diff --git a/go.sum b/go.sum
index e9eaf8632..f4fd3642f 100644
--- a/go.sum
+++ b/go.sum
@@ -946,8 +946,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=

From b66b84fff9e1ebf49f18ec1494813b8ddd0db32b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 11:23:40 +0200
Subject: [PATCH 1226/2268] chore(deps): Bump helm.sh/helm/v3 from 3.12.0 to
 3.12.1 (#577)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.12.0 to 3.12.1.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.12.0...v3.12.1)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 19 ++++++++++---------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 3d609a468..868947f40 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.9.0
 	golang.org/x/text v0.10.0
-	helm.sh/helm/v3 v3.12.0
+	helm.sh/helm/v3 v3.12.1
 	k8s.io/api v0.27.2
 	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.27.2
@@ -96,7 +96,7 @@ require (
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
-	github.com/Masterminds/squirrel v1.5.3 // indirect
+	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
@@ -184,7 +184,7 @@ require (
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
-	github.com/lib/pq v1.10.7 // indirect
+	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
@@ -258,10 +258,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.27.2 // indirect
-	k8s.io/cli-runtime v0.27.1 // indirect
+	k8s.io/cli-runtime v0.27.2 // indirect
 	k8s.io/component-base v0.27.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/kubectl v0.27.1 // indirect
+	k8s.io/kubectl v0.27.2 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index f4fd3642f..1ed1aae36 100644
--- a/go.sum
+++ b/go.sum
@@ -86,8 +86,8 @@ github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYr
 github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
-github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
-github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
+github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
+github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
@@ -598,8 +598,9 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -1386,8 +1387,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-helm.sh/helm/v3 v3.12.0 h1:rOq2TPVzg5jt4q5ermAZGZFxNW2uQhKjRhBneAutMEM=
-helm.sh/helm/v3 v3.12.0/go.mod h1:8K/469yxjUMu6BaD2EagCitkPjELUL/l2AgCO142G94=
+helm.sh/helm/v3 v3.12.1 h1:lzU7etZX24A6BTMXYQF3bFq0ECfD8s+fKlNBBL8AbEc=
+helm.sh/helm/v3 v3.12.1/go.mod h1:qhmSY9kcX7yH1xebe+FDMZa7E5NAeZ+LvK5j1gSln48=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1403,8 +1404,8 @@ k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg=
 k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
 k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
 k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
-k8s.io/cli-runtime v0.27.1 h1:MMzp5Q/Xmr5L1Lrowuc+Y/r95XINC6c6/fE3aN7JDRM=
-k8s.io/cli-runtime v0.27.1/go.mod h1:tEbTB1XP/nTH3wujsi52bw91gWpErtWiS15R6CwYsAI=
+k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=
+k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw=
 k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE=
 k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ=
 k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
@@ -1413,8 +1414,8 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
-k8s.io/kubectl v0.27.1 h1:9T5c5KdpburYiW8XKQSH0Uly1kMNE90aGSnbYUZNdcA=
-k8s.io/kubectl v0.27.1/go.mod h1:QsAkSmrRsKTPlAFzF8kODGDl4p35BIwQnc9XFhkcsy8=
+k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
+k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=

From 8d499be3f27888f84160611cbca5e9b207f50352 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 11:23:55 +0200
Subject: [PATCH 1227/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#590)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.19.8 to 1.19.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.19.8...service/efs/v1.19.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 868947f40..2312295ec 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.18.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.26
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.25
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.1
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
diff --git a/go.sum b/go.sum
index 1ed1aae36..90ae73330 100644
--- a/go.sum
+++ b/go.sum
@@ -115,7 +115,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
 github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.26 h1:ivCHcSmKd1+9rBlqVsxZHB35eCW88KWbMdG2VL3BuBw=
@@ -125,11 +124,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.25/go.mod h1:W9I2660WXSwZQ23mM1Ks
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
@@ -138,8 +135,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a92
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8 h1:eB91eEYUlh8+O2dXr189W8GJJd+/T8N/c5HocH2KzVo=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.8/go.mod h1:3ARttS6G6U3auEdKfaN4GlnfS9UxYE9nqub1+0YGycA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10 h1:eW8zPSh7ZLzb7029xCsIEFbnxLvNHPTt7aWwdKjNJc8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 h1:cNrMc266RsZJ8V1u1OQQONKcf9HmfxQFqgcpY7ZJBhY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.11/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 h1:h2VhtCE5PBiJefmlVCjJRSzBfFcQeAE10SXIGkXw1jQ=

From 9458c36b1b5e7b8735c8d1d72c09d3188e83b749 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Jun 2023 11:25:25 +0200
Subject: [PATCH 1228/2268] chore(deps): Bump golang.org/x/net from 0.10.0 to
 0.11.0 (#575)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2312295ec..3d26fc3d4 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.10.0
-	golang.org/x/net v0.10.0
+	golang.org/x/net v0.11.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.9.0
diff --git a/go.sum b/go.sum
index 90ae73330..07a4a21bd 100644
--- a/go.sum
+++ b/go.sum
@@ -1033,8 +1033,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 02fe0b31547d79959369e3af19df245e529bafe6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 11:32:58 +0200
Subject: [PATCH 1229/2268] ci: Cancel obsolete nightly workflows (#606)

---
 .github/workflows/nightly.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 12db3ec58..5786074f5 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -9,7 +9,9 @@ permissions:
   contents: write
   packages: write
 
-concurrency: goreleaser-nightly
+concurrency:
+  group: goreleaser-nightly
+  cancel-in-progress: true
 
 jobs:
   goreleaser:

From 0eb876ce8b0471f9584e31523b432f0ab4c35987 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 21:04:31 +0200
Subject: [PATCH 1230/2268] fix: Determine root path at runtime

---
 pkg/webui/ui/src/api.tsx | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 9c325ec86..5dca193f7 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -15,7 +15,19 @@ import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
 import { sleep } from "./utils/misc";
 
-const staticPath = "./staticdata"
+console.log(window.location)
+
+let rootPath = window.location.pathname
+if (rootPath.endsWith("/")) {
+    rootPath = rootPath.substring(0, rootPath.length-1)
+}
+if (rootPath.endsWith("index.html")) {
+    rootPath = rootPath.substring(0, rootPath.length-"index.html".length-1)
+}
+const staticPath = rootPath + "/staticdata"
+
+console.log("rootPath=" + rootPath)
+console.log("staticPath=" + staticPath)
 
 export enum ObjectType {
     Rendered = "rendered",
@@ -108,7 +120,7 @@ export class RealApi implements Api {
     }
 
     async doGet(path: string, params?: URLSearchParams) {
-        let url = path
+        let url = rootPath + path
         if (params) {
             url += "?" + params.toString()
         }
@@ -128,7 +140,7 @@ export class RealApi implements Api {
     }
 
     async doPost(path: string, body: any) {
-        let url = path
+        let url = rootPath + path
         const doFetch = () => {
             const headers = {
                 'Accept': 'application/json',
@@ -159,7 +171,7 @@ export class RealApi implements Api {
         if (window.location.protocol !== "https:") {
             proto = "ws"
         }
-        let url = `${proto}://${host}/api/ws`
+        let url = `${proto}://${host}${rootPath}/api/ws`
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)

From 96eab7eea690742c933292234aa76d5d51204d7d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 21:06:50 +0200
Subject: [PATCH 1231/2268] feat: Also listen as IPFS /http protocol

---
 .github/workflows/preview-run.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 5e8867031..efb965256 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -137,6 +137,7 @@ jobs:
         run: |
           ipfs p2p listen /x/k /ip4/127.0.0.1/tcp/6443
           ipfs p2p listen /x/kluctl-webui /ip4/127.0.0.1/tcp/9090
+          ipfs p2p listen --allow-custom-protocol /http /ip4/127.0.0.1/tcp/9090
       # SEND INFO
       - name: Build ipfs-exchange-info
         run: |

From 0fe1a482af3dbab0bf635c5687fc330733ddb7be Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 23:37:45 +0200
Subject: [PATCH 1232/2268] feat: Implement --only-api flag for webui command

---
 cmd/kluctl/commands/cmd_webui.go |  9 +++++++--
 pkg/webui/server.go              | 13 +++++++++----
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 823585120..ad0015a38 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -20,6 +20,8 @@ type webuiCmd struct {
 
 	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality."`
 	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
+
+	OnlyApi bool `group:"misc" help:"Only serve API without the actual UI."`
 }
 
 func (cmd *webuiCmd) Help() string {
@@ -27,9 +29,12 @@ func (cmd *webuiCmd) Help() string {
 }
 
 func (cmd *webuiCmd) Run(ctx context.Context) error {
-	if !webui.IsWebUiBuildIncluded() {
+	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
 		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
 	}
+	if cmd.OnlyApi && cmd.StaticPath != "" {
+		return fmt.Errorf("--static-path can not be combined with --only-api")
+	}
 
 	var inClusterClient client.Client
 	if cmd.InCluster {
@@ -67,7 +72,7 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		sbw := webui.NewStaticWebuiBuilder(collector)
 		return sbw.Build(cmd.StaticPath)
 	} else {
-		server := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, inClusterClient != nil)
+		server := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, inClusterClient != nil, cmd.OnlyApi)
 		return server.Run(cmd.Port)
 	}
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6f0fa5bde..e98d0ed1d 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -32,9 +32,11 @@ type CommandResultsServer struct {
 	serverClient client.Client
 
 	auth *authHandler
+
+	onlyApi bool
 }
 
-func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config, serverClient client.Client, authEnabled bool) *CommandResultsServer {
+func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config, serverClient client.Client, authEnabled bool, onlyApi bool) *CommandResultsServer {
 	ret := &CommandResultsServer{
 		ctx:   ctx,
 		store: store,
@@ -42,6 +44,7 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 			ctx: ctx,
 		},
 		serverClient: serverClient,
+		onlyApi:      onlyApi,
 	}
 
 	adminUser := "kluctl-webui-admin"
@@ -106,9 +109,11 @@ func (s *CommandResultsServer) Run(port int) error {
 		}
 	}
 
-	err = s.setupStaticRoutes(router)
-	if err != nil {
-		return err
+	if !s.onlyApi {
+		err = s.setupStaticRoutes(router)
+		if err != nil {
+			return err
+		}
 	}
 
 	api := router.Group("/api")

From 6df0e4c4936e6ebd9ca7083a1d416ae568d80715 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 23:38:14 +0200
Subject: [PATCH 1233/2268] refactor: Unify FilterSummary/FilterProject

---
 pkg/results/result-store-secrets.go | 19 +++----------------
 pkg/results/result-store.go         | 21 ++++++++++++---------
 2 files changed, 15 insertions(+), 25 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 28a61cccb..b4257c615 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -206,7 +206,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 		if err != nil {
 			continue
 		}
-		if !s.filterSummary(summary, options.ProjectFilter) {
+		if !FilterSummary(summary, options.ProjectFilter) {
 			continue
 		}
 
@@ -238,19 +238,6 @@ func (s *ResultStoreSecrets) parseSummary(a map[string]string) (*result.CommandR
 	return &summary, nil
 }
 
-func (s *ResultStoreSecrets) filterSummary(summary *result.CommandResultSummary, project *result.ProjectKey) bool {
-	if project != nil {
-		if project.GitRepoKey.String() != "" && summary.ProjectKey.GitRepoKey != project.GitRepoKey {
-			return false
-		}
-		if project.SubDir != "" && summary.ProjectKey.SubDir != project.SubDir {
-			return false
-		}
-	}
-
-	return true
-}
-
 func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchCommandResultSummaryEvent {
 	if event.Object == nil {
 		return nil
@@ -263,7 +250,7 @@ func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result
 	if err != nil {
 		return nil
 	}
-	if !s.filterSummary(summary, filter) {
+	if !FilterSummary(summary, filter) {
 		return nil
 	}
 	switch event.Type {
@@ -294,7 +281,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 		if err != nil {
 			continue
 		}
-		if !s.filterSummary(summary, options.ProjectFilter) {
+		if !FilterSummary(summary, options.ProjectFilter) {
 			continue
 		}
 		initialListRet = append(initialListRet, summary)
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index cd5a6aec4..aab33e2fa 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -37,19 +37,22 @@ type ResultStore interface {
 	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
 }
 
-func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bool {
-	if filter == nil {
-		return true
-	}
-	if x.ProjectKey.GitRepoKey != filter.GitRepoKey {
-		return false
-	}
-	if x.ProjectKey.SubDir != filter.SubDir {
-		return false
+func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
+	if filter != nil {
+		if filter.GitRepoKey.String() != "" && x.GitRepoKey != filter.GitRepoKey {
+			return false
+		}
+		if filter.SubDir != "" && x.SubDir != filter.SubDir {
+			return false
+		}
 	}
 	return true
 }
 
+func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bool {
+	return FilterProject(x.ProjectKey, filter)
+}
+
 func lessSummary(a *result.CommandResultSummary, b *result.CommandResultSummary) bool {
 	if a.Command.StartTime != b.Command.StartTime {
 		return a.Command.StartTime.After(b.Command.StartTime.Time)

From 6532f3450c0b2119651d74228e19ff760c934e90 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 23:42:01 +0200
Subject: [PATCH 1234/2268] fix: Use admin user when auth is disabled

---
 pkg/webui/auth.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 8428482cb..d573fc238 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -174,7 +174,8 @@ func (s *authHandler) getBearerToken(c *gin.Context) string {
 
 func (s *authHandler) getUser(c *gin.Context) *User {
 	if s == nil {
-		return nil
+		// auth is disabled, so all requests are done as admin
+		return s.getAdminUser("admin")
 	}
 	token := s.getBearerToken(c)
 	if token == "" {
@@ -184,14 +185,14 @@ func (s *authHandler) getUser(c *gin.Context) *User {
 }
 
 func (s *authHandler) getUserFromToken(token string) *User {
-	user := s.getAdminUser(token)
+	user := s.getAdminUserFromToken(token)
 	if user != nil {
 		return user
 	}
 	return nil
 }
 
-func (s *authHandler) getAdminUser(token string) *User {
+func (s *authHandler) getAdminUserFromToken(token string) *User {
 	as, err := s.getAdminSecrets()
 	if err != nil {
 		return nil
@@ -222,6 +223,10 @@ func (s *authHandler) getAdminUserFromClaims(claims jwt.MapClaims) *User {
 		return nil
 	}
 
+	return s.getAdminUser(id)
+}
+
+func (s *authHandler) getAdminUser(id string) *User {
 	return &User{
 		Username: id,
 		IsAdmin:  true,

From ffb80e9a7a82a81eb0014664634015ca6c10aa11 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 23:44:33 +0200
Subject: [PATCH 1235/2268] feat: Switch to long-polling instead of websockets

This is required because IPFS currently does not support websockets.
---
 pkg/webui/events.go      | 258 +++++++++++++++++++++++++++++++++++++++
 pkg/webui/server.go      |  12 +-
 pkg/webui/ui/src/api.tsx |  74 +++++------
 pkg/webui/websocket.go   | 209 -------------------------------
 4 files changed, 295 insertions(+), 258 deletions(-)
 create mode 100644 pkg/webui/events.go
 delete mode 100644 pkg/webui/websocket.go

diff --git a/pkg/webui/events.go b/pkg/webui/events.go
new file mode 100644
index 000000000..dc111d3f4
--- /dev/null
+++ b/pkg/webui/events.go
@@ -0,0 +1,258 @@
+package webui
+
+import (
+	"container/list"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+)
+
+var expireValidations = time.Minute * 10
+var expireDeletions = time.Minute * 10
+
+type eventsHandler struct {
+	server *CommandResultsServer
+
+	nextSeq   int64
+	events    *list.List
+	eventsMap map[string]*list.Element
+	mutex     sync.Mutex
+}
+
+type eventEntry struct {
+	id            string
+	expire        *time.Time
+	seq           int64
+	projectTarget ProjectTargetKey
+	payload       string
+}
+
+func newEventsHandler(server *CommandResultsServer) *eventsHandler {
+	h := &eventsHandler{
+		server:    server,
+		events:    list.New(),
+		eventsMap: map[string]*list.Element{},
+	}
+
+	return h
+}
+
+func (h *eventsHandler) updateEvent(id string, ptKey ProjectTargetKey, payload string, expireIn *time.Duration) {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
+	seq := h.nextSeq
+	h.nextSeq++
+
+	var expire *time.Time
+	if expireIn != nil {
+		t := time.Now().Add(*expireIn)
+		expire = &t
+	}
+
+	e, ok := h.eventsMap[id]
+	if !ok {
+		e = h.events.PushBack(&eventEntry{
+			expire:        expire,
+			seq:           seq,
+			id:            id,
+			projectTarget: ptKey,
+			payload:       payload,
+		})
+		h.eventsMap[id] = e
+	} else {
+		e2 := e.Value.(*eventEntry)
+		e2.expire = expire
+		e2.seq = seq
+		e2.payload = payload
+
+		h.events.MoveToBack(e)
+	}
+}
+
+func (h *eventsHandler) removeEvent(id string) {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
+	e, ok := h.eventsMap[id]
+	if !ok {
+		return
+	}
+
+	h.events.Remove(e)
+	delete(h.eventsMap, id)
+}
+
+func (h *eventsHandler) cleanupEvents() {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
+	now := time.Now()
+
+	var toDelete []*list.Element
+	for e := h.events.Front(); e != nil; e = e.Next() {
+		e2 := e.Value.(*eventEntry)
+		if e2.expire != nil && now.After(*e2.expire) {
+			toDelete = append(toDelete, e)
+		}
+	}
+
+	for _, e := range toDelete {
+		e2 := e.Value.(*eventEntry)
+		delete(h.eventsMap, e2.id)
+		h.events.Remove(e)
+	}
+}
+
+func (h *eventsHandler) startEventsWatcher() error {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+
+	initial, ch, _, err := h.server.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+
+	initialValidations, validationsCh, _ := h.server.vam.watch()
+
+	ctx := h.server.ctx
+
+	buildMsg := func(event results.WatchCommandResultSummaryEvent) string {
+		if event.Delete {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type": "delete_summary",
+				"id":   event.Summary.Id,
+			})
+			return x
+		} else {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type":    "update_summary",
+				"summary": event.Summary,
+			})
+			return x
+		}
+	}
+	buildValidationMsg := func(event validationEvent) string {
+		x := yaml.WriteJsonStringMust(map[string]any{
+			"type":   "validate_result",
+			"key":    event.key,
+			"result": event.r,
+		})
+		return x
+	}
+
+	for _, x := range initial {
+		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildMsg(results.WatchCommandResultSummaryEvent{Summary: x}), nil)
+	}
+	for _, x := range initialValidations {
+		h.updateEvent(uuid.NewString(), x.key, buildValidationMsg(x), &expireValidations)
+	}
+
+	go func() {
+		cleanupTimer := time.After(5 * time.Second)
+		for {
+			select {
+			case event, ok := <-ch:
+				if !ok {
+					status.Error(h.server.ctx, "results channel closed unexpectedly")
+					return
+				}
+				var expireIn *time.Duration
+				if event.Delete {
+					expireIn = &expireDeletions
+				}
+				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildMsg(event), expireIn)
+			case event, ok := <-validationsCh:
+				if !ok {
+					status.Error(h.server.ctx, "validations channel closed unexpectedly")
+					return
+				}
+				h.updateEvent(uuid.NewString(), event.key, buildValidationMsg(event), &expireValidations)
+			case <-cleanupTimer:
+				h.cleanupEvents()
+				cleanupTimer = time.After(5 * time.Second)
+			case <-ctx.Done():
+				return
+			}
+		}
+	}()
+
+	return nil
+}
+
+func (h *eventsHandler) handler(c *gin.Context) {
+	args := struct {
+		FilterProject string `form:"filterProject"`
+		FilterSubDir  string `form:"filterSubDir"`
+		Seq           int64  `form:"seq"`
+	}{}
+	err := c.BindQuery(&args)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	var filter *result.ProjectKey
+	if args.FilterProject != "" {
+		filter = &result.ProjectKey{
+			GitRepoKey: repoKey,
+			SubDir:     args.FilterSubDir,
+		}
+	}
+
+	getNewEvents := func() ([]string, int64) {
+		h.mutex.Lock()
+		defer h.mutex.Unlock()
+		var events []string
+		var nextSeq int64
+		for e := h.events.Front(); e != nil; e = e.Next() {
+			e2 := e.Value.(*eventEntry)
+			if e2.seq < args.Seq {
+				continue
+			}
+			nextSeq = e2.seq + 1
+			if !results.FilterProject(e2.projectTarget.Project, filter) {
+				continue
+			}
+			events = append(events, e2.payload)
+		}
+
+		return events, nextSeq
+	}
+
+	events, nextSeq := getNewEvents()
+	timeout := time.After(30 * time.Second)
+outer:
+	for len(events) == 0 {
+		select {
+		case <-h.server.ctx.Done():
+			_ = c.AbortWithError(http.StatusServiceUnavailable, fmt.Errorf("context cancelled"))
+			return
+		case <-timeout:
+			break outer
+		case <-time.After(100 * time.Millisecond):
+		}
+
+		events, nextSeq = getNewEvents()
+	}
+
+	j := fmt.Sprintf(`{"nextSeq": %d, "events": [%s]}`, nextSeq, strings.Join(events, ","))
+	c.Writer.Header().Set("Content-Type", "application/json")
+	c.Status(http.StatusOK)
+	_, _ = c.Writer.WriteString(j)
+}
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index e98d0ed1d..626a71260 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -31,7 +31,8 @@ type CommandResultsServer struct {
 	// this is the client for the k8s cluster where the server runs on
 	serverClient client.Client
 
-	auth *authHandler
+	auth   *authHandler
+	events *eventsHandler
 
 	onlyApi bool
 }
@@ -47,6 +48,8 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 		onlyApi:      onlyApi,
 	}
 
+	ret.events = newEventsHandler(ret)
+
 	adminUser := "kluctl-webui-admin"
 
 	adminEnabled := false
@@ -125,8 +128,11 @@ func (s *CommandResultsServer) Run(port int) error {
 	api.POST("/reconcileNow", s.auth.authHandler, s.reconcileNow)
 	api.POST("/deployNow", s.auth.authHandler, s.deployNow)
 
-	// handles authentication via the first message
-	api.Any("/ws", s.ws)
+	err = s.events.startEventsWatcher()
+	if err != nil {
+		return err
+	}
+	api.GET("/events", s.auth.authHandler, s.events.handler)
 
 	address := fmt.Sprintf(":%d", port)
 	listener, err := net.Listen("tcp", address)
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 5dca193f7..5101e0665 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -13,7 +13,6 @@ import { Box, Typography } from "@mui/material";
 import Tooltip from "@mui/material/Tooltip";
 import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
-import { sleep } from "./utils/misc";
 
 console.log(window.location)
 
@@ -119,7 +118,7 @@ export class RealApi implements Api {
         return response
     }
 
-    async doGet(path: string, params?: URLSearchParams) {
+    async doGet(path: string, params?: URLSearchParams, abort?: AbortSignal) {
         let url = rootPath + path
         if (params) {
             url += "?" + params.toString()
@@ -132,6 +131,7 @@ export class RealApi implements Api {
             return fetch(url, {
                 method: "GET",
                 headers: headers,
+                signal: abort ? abort : null,
             })
         }
         let resp = await doFetch()
@@ -163,15 +163,6 @@ export class RealApi implements Api {
     }
 
     async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
-        let host = window.location.host
-        let proto = "wss"
-        if (process.env.NODE_ENV === 'development') {
-            host = "localhost:9090"
-        }
-        if (window.location.protocol !== "https:") {
-            proto = "ws"
-        }
-        let url = `${proto}://${host}${rootPath}/api/ws`
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)
@@ -179,51 +170,42 @@ export class RealApi implements Api {
         if (filterSubDir) {
             params.set("filterSubDir", filterSubDir)
         }
-        url += "?" + params.toString()
 
-        const getToken = this.getToken
-        let ws: WebSocket | undefined;
-        let cancelled = false
+        let seq = 0
+        const abort = new AbortController()
 
-        const connect = async () => {
-            if (cancelled) {
+        const doGetEvents = async () => {
+            if (abort.signal.aborted) {
                 return
             }
 
-            console.log("ws connect: " + url)
-            ws = new WebSocket(url);
-            ws.onopen = function () {
-                console.log("ws connected")
-                if (getToken) {
-                    ws!.send(JSON.stringify({ "type": "auth", "token": getToken() }))
-                }
-            }
-            ws.onclose = function (event) {
-                console.log("ws close")
-                if (!cancelled) {
-                    sleep(5000).then(connect)
-                }
-            }
-            ws.onerror = function (event) {
-                console.log("ws error", event)
-            }
-            ws.onmessage = function (event: MessageEvent) {
-                if (cancelled) {
-                    return
-                }
-                const msg = JSON.parse(event.data)
-                handle(msg)
+            params.set("seq", seq + "")
+            let resp: any
+            try {
+                resp = await this.doGet("/api/events", params, abort.signal)
+            } catch (error) {
+                console.log("events error", error)
+                seq = 0
+                await new Promise(r => setTimeout(r, 5000));
+                doGetEvents()
+                return
             }
+
+            seq = resp.nextSeq
+            const events = resp.events
+
+            events.forEach((e: any) => {
+                handle(e)
+            })
+
+            doGetEvents()
         }
 
-        await connect()
+        doGetEvents()
 
         return () => {
-            console.log("ws cancel")
-            cancelled = true
-            if (ws) {
-                ws.close()
-            }
+            console.log("events cancel")
+            abort.abort()
         }
     }
 
diff --git a/pkg/webui/websocket.go b/pkg/webui/websocket.go
deleted file mode 100644
index c01bd3ff0..000000000
--- a/pkg/webui/websocket.go
+++ /dev/null
@@ -1,209 +0,0 @@
-package webui
-
-import (
-	"context"
-	"fmt"
-	"github.com/gin-gonic/gin"
-	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"net/http"
-	"nhooyr.io/websocket"
-	"strings"
-	"time"
-)
-
-func (s *CommandResultsServer) ws(c *gin.Context) {
-	args := struct {
-		FilterProject string `form:"filterProject"`
-		FilterSubDir  string `form:"filterSubDir"`
-	}{}
-	err := c.BindQuery(&args)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	acceptOptions := &websocket.AcceptOptions{
-		InsecureSkipVerify: true,
-	}
-
-	userAgentLower := strings.ToLower(c.GetHeader("User-Agent"))
-	isSafari := strings.Contains(userAgentLower, "safari") && !strings.Contains(userAgentLower, "chrome") && !strings.Contains(userAgentLower, "android")
-
-	if isSafari {
-		acceptOptions.CompressionMode = websocket.CompressionDisabled
-	}
-
-	conn, err := websocket.Accept(c.Writer, c.Request, acceptOptions)
-	if err != nil {
-		//s.logf("%v", err)
-		return
-	}
-	defer conn.Close(websocket.StatusInternalError, "the sky is falling")
-
-	// don't try anything else before we get the auth message
-	user, err := s.wsHandleAuth(conn)
-	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	var filter *result.ProjectKey
-	if args.FilterProject != "" {
-		filter = &result.ProjectKey{
-			GitRepoKey: repoKey,
-			SubDir:     args.FilterSubDir,
-		}
-	}
-
-	err = s.wsHandle(conn, user, filter)
-	if err != nil {
-		cs := websocket.CloseStatus(err)
-		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
-			return
-		}
-		_ = c.AbortWithError(http.StatusInternalServerError, err)
-	}
-}
-
-func (s *CommandResultsServer) wsHandleAuth(c *websocket.Conn) (*User, error) {
-	if s.auth == nil {
-		return nil, nil
-	}
-
-	t, msg, err := c.Read(s.ctx)
-	if err != nil {
-		return nil, err
-	}
-	if t != websocket.MessageText {
-		return nil, fmt.Errorf("unexpected message type")
-	}
-
-	type authMsg struct {
-		Type  string `json:"type"`
-		Token string `json:"token"`
-	}
-	type authResult struct {
-		Type    string `json:"type"`
-		Success bool   `json:"success"`
-	}
-	var am authMsg
-	err = yaml.ReadYamlString(string(msg), &am)
-	if err != nil {
-		return nil, err
-	}
-	if am.Type != "auth" {
-		return nil, fmt.Errorf("unexpected message type")
-	}
-
-	user := s.auth.getUserFromToken(am.Token)
-	if user == nil {
-		msg, _ := yaml.WriteJsonString(authResult{
-			Type:    "auth_result",
-			Success: false,
-		})
-		_ = c.Write(s.ctx, websocket.MessageText, []byte(msg))
-		return nil, fmt.Errorf("invalid token")
-	} else {
-		msg, _ := yaml.WriteJsonString(authResult{
-			Type:    "auth_result",
-			Success: true,
-		})
-		err = c.Write(s.ctx, websocket.MessageText, []byte(msg))
-		if err != nil {
-			return nil, err
-		}
-		return user, nil
-	}
-}
-
-func (s *CommandResultsServer) wsHandle(c *websocket.Conn, user *User, filter *result.ProjectKey) error {
-	initial, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{ProjectFilter: filter})
-	if err != nil {
-		return err
-	}
-	defer cancel()
-
-	initialValidations, validationsCh, validationsCancel := s.vam.watch()
-	defer validationsCancel()
-
-	ctx := c.CloseRead(s.ctx)
-
-	buildMsg := func(event results.WatchCommandResultSummaryEvent) string {
-		if event.Delete {
-			x := yaml.WriteJsonStringMust(map[string]any{
-				"type": "delete_summary",
-				"id":   event.Summary.Id,
-			})
-			return x
-		} else {
-			x := yaml.WriteJsonStringMust(map[string]any{
-				"type":    "update_summary",
-				"summary": event.Summary,
-			})
-			return x
-		}
-	}
-	buildValidationMsg := func(event validationEvent) string {
-		x := yaml.WriteJsonStringMust(map[string]any{
-			"type":   "validate_result",
-			"key":    event.key,
-			"result": event.r,
-		})
-		return x
-	}
-
-	for _, x := range initial {
-		err := s.wsSendMessage(ctx, c, time.Second*5, buildMsg(results.WatchCommandResultSummaryEvent{Summary: x}))
-		if err != nil {
-			return err
-		}
-	}
-	for _, x := range initialValidations {
-		err := s.wsSendMessage(ctx, c, time.Second*5, buildValidationMsg(x))
-		if err != nil {
-			return err
-		}
-	}
-
-	for {
-		var msg string
-		select {
-		case event, ok := <-ch:
-			if !ok {
-				return fmt.Errorf("results channel closed unexpectadly")
-			}
-			msg = buildMsg(event)
-		case event, ok := <-validationsCh:
-			if !ok {
-				return fmt.Errorf("validations channel closed unexpectadly")
-			}
-			msg = buildValidationMsg(event)
-		case <-ctx.Done():
-			return ctx.Err()
-		}
-		err := s.wsSendMessage(ctx, c, time.Second*5, msg)
-		if err != nil {
-			return err
-		}
-	}
-}
-
-func (s *CommandResultsServer) wsSendMessage(ctx context.Context, c *websocket.Conn, timeout time.Duration, msg string) error {
-	ctx, cancel := context.WithTimeout(ctx, timeout)
-	defer cancel()
-
-	err := c.Write(ctx, websocket.MessageText, []byte(msg))
-	if err != nil {
-		return err
-	}
-	return err
-}

From 791de208f9656f0600699ac09c624ecc2aa407cb Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Fri, 16 Jun 2023 01:33:11 +0600
Subject: [PATCH 1236/2268] Added a route for history cards view.

---
 pkg/webui/ui/src/components/Router.tsx        |  2 +-
 .../ui/src/components/targets-view/Card.tsx   |  7 +-
 .../components/targets-view/HistoryCards.tsx  | 99 ++++++++++---------
 .../components/targets-view/TargetsView.tsx   | 81 ++++++++++-----
 4 files changed, 113 insertions(+), 76 deletions(-)

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 54af5c317..fba2562c1 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -25,7 +25,7 @@ export const Router = createHashRouter([
         errorElement: <ErrorPage />,
         children: [
             {
-                path: "targets",
+                path: "targets/:targetKeyHash?",
                 element: <TargetsView/>,
                 errorElement: <ErrorPage/>,
             },
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 6e2cf2226..b1aeab50a 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,3 +1,4 @@
+import React from "react";
 import { Box, BoxProps, Paper, PaperProps } from "@mui/material"
 
 export const cardWidth = 247;
@@ -21,9 +22,9 @@ export function CardPaper(props: PaperProps) {
     />
 }
 
-export function Card(props: BoxProps) {
-    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...props} />
-}
+export const Card = React.forwardRef((props: BoxProps, ref) => {
+    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...props} ref={ref} />
+});
 
 export function CardCol(props: BoxProps) {
     return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...props} />
diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
index f9fc60a4a..e014029fc 100644
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -1,4 +1,4 @@
-import React, { useCallback, useContext, useEffect, useMemo, useRef, useState } from "react";
+import React, { useCallback, useContext, useEffect, useRef, useState } from "react";
 import { Box, Divider, IconButton, SxProps, Tab, Tooltip, useTheme } from "@mui/material";
 import { CommandResultSummary } from "../../models";
 import { TargetSummary } from "../../project-summaries";
@@ -26,9 +26,8 @@ async function doGetRootNode(api: Api, rs: CommandResultSummary) {
 }
 
 export interface HistoryCardsProps {
-    rs: CommandResultSummary,
-    ts: TargetSummary,
-    initialCardRect: DOMRect,
+    targetSummary: TargetSummary,
+    initialCardRect?: DOMRect,
     onClose: () => void
 }
 
@@ -39,8 +38,6 @@ interface Rect {
     height: number | string
 }
 
-type TransitionStatus = 'not-started' | 'running' | 'finished'
-
 const CardContent = React.memo((props: { provider: SidePanelProvider }) => {
     const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
 
@@ -177,17 +174,34 @@ const HistoryCard = React.memo((props: {
     </CardPaper>
 });
 
+type TransitionState =
+    {
+        type: 'initial'
+    } | {
+        type: 'started',
+        cardRect: Rect
+    } | {
+        type: 'running',
+        cardRect: Rect
+    } | {
+        type: 'finished'
+    }
+
 export const HistoryCards = React.memo((props: HistoryCardsProps) => {
     const theme = useTheme();
     const containerElem = useRef<HTMLElement>();
-    const [cardRect, setCardRect] = useState<Rect | undefined>();
-    const [transitionStatus, setTransitionStatus] = useState<TransitionStatus>('not-started');
-    const [currentRS, setCurrentRS] = useState(props.rs);
+    const [transitionState, setTransitionState] = useState<TransitionState>({ type: 'initial' });
+    const [currentRSIndex, setCurrentRSIndex] = useState(0);
 
     useEffect(() => {
         const rect = containerElem.current?.getBoundingClientRect();
         if (!rect) {
-            setCardRect(undefined);
+            setTransitionState({ type: 'initial' });
+            return;
+        }
+
+        if (!props.initialCardRect) {
+            setTransitionState({ type: 'finished' });
             return;
         }
 
@@ -198,11 +212,14 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             height: cardHeight
         };
 
-        setCardRect(initialRect);
-    }, [props.initialCardRect]);
+        setTransitionState({
+            type: 'started',
+            cardRect: initialRect
+        });
+    }, [props.initialCardRect, theme.transitions.duration.enteringScreen]);
 
     useEffect(() => {
-        if (!cardRect) {
+        if (transitionState.type !== 'started') {
             return;
         }
 
@@ -213,39 +230,28 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             height: '100%'
         };
 
-        if (cardRect.left === targetRect.left
-            && cardRect.top === targetRect.top
-            && cardRect.width === targetRect.width
-            && cardRect.height === targetRect.height
-        ) {
-            return;
-        }
-
         setTimeout(() => {
-            setCardRect(targetRect);
-            setTransitionStatus('running');
+            setTransitionState({
+                type: 'running',
+                cardRect: targetRect
+            });
             setTimeout(() => {
-                setTransitionStatus('finished');
+                setTransitionState({ type: 'finished' });
             }, theme.transitions.duration.enteringScreen);
         }, 10);
-    }, [cardRect, theme.transitions.duration.enteringScreen]);
-
-    const currentRSIndex = useMemo(
-        () => props.ts.commandResults.indexOf(currentRS),
-        [currentRS, props.ts.commandResults]
-    )
+    }, [transitionState, theme.transitions.duration.enteringScreen]);
 
     const onLeftArrowClick = useCallback(() => {
         if (currentRSIndex > 0) {
-            setCurrentRS(props.ts.commandResults[currentRSIndex - 1]);
+            setCurrentRSIndex(i => i - 1);
         }
-    }, [currentRSIndex, props.ts.commandResults]);
+    }, [currentRSIndex]);
 
     const onRightArrowClick = useCallback(() => {
-        if (currentRSIndex < props.ts.commandResults.length - 1) {
-            setCurrentRS(props.ts.commandResults[currentRSIndex + 1]);
+        if (currentRSIndex < props.targetSummary.commandResults.length - 1) {
+            setCurrentRSIndex(i => i + 1);
         }
-    }, [currentRSIndex, props.ts.commandResults]);
+    }, [currentRSIndex, props.targetSummary.commandResults.length]);
 
     const paddingX = 40;
     const gap = 2 * (paddingX + arrowButtonWidth);
@@ -261,7 +267,7 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
         <ArrowButton
             direction='left'
             onClick={onLeftArrowClick}
-            hidden={currentRSIndex === 0 || transitionStatus !== 'finished'}
+            hidden={currentRSIndex === 0 || transitionState.type !== 'finished'}
         />
         <Box
             flex='0 0 auto'
@@ -269,22 +275,22 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             display='flex'
             ref={containerElem}
         >
-            {transitionStatus !== 'finished' && cardRect && <HistoryCard
+            {(transitionState.type === 'started' || transitionState.type === 'running') && <HistoryCard
                 sx={{
-                    width: cardRect.width,
-                    height: cardRect.height,
+                    width: transitionState.cardRect.width,
+                    height: transitionState.cardRect.height,
                     flex: '0 0 auto',
-                    translate: `${cardRect.left}px ${cardRect.top}px`,
+                    translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
                     transition: theme.transitions.create(['translate', 'width', 'height'], {
                         easing: theme.transitions.easing.sharp,
                         duration: theme.transitions.duration.enteringScreen,
                     }),
                     padding: '20px 0'
                 }}
-                rs={currentRS}
+                rs={props.targetSummary.commandResults[currentRSIndex]}
                 onClose={props.onClose}
             />}
-            {transitionStatus === 'finished' &&
+            {transitionState.type === 'finished' &&
                 <Box
                     flex='1 1 auto'
                     width='100%'
@@ -299,7 +305,7 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
                         })
                     }}
                 >
-                    {props.ts.commandResults.map((rs) =>
+                    {props.targetSummary.commandResults.map((rs) =>
                         <HistoryCard
                             sx={{
                                 width: '100%',
@@ -309,7 +315,7 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
                             }}
                             rs={rs}
                             key={rs.id}
-                            transitionFinished={transitionStatus === 'finished'}
+                            transitionFinished={transitionState.type === 'finished'}
                             onClose={props.onClose}
                         />
                     )}
@@ -319,7 +325,10 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
         <ArrowButton
             direction='right'
             onClick={onRightArrowClick}
-            hidden={currentRSIndex === props.ts.commandResults.length - 1 || transitionStatus !== 'finished'}
+            hidden={
+                currentRSIndex === props.targetSummary.commandResults.length - 1
+                || transitionState.type !== 'finished'
+            }
         />
     </Box>;
 });
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 815aa98ee..9a32025da 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,16 +1,18 @@
-import { CommandResultSummary } from "../../models";
+import { TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useContext, useState } from "react";
+import React, { useCallback, useContext, useMemo, useRef, useState } from "react";
 import { AppContext } from "../App";
 import { ProjectItem } from "./Projects";
 import { TargetItem } from "./Targets";
 import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
-import { Card, CardCol, cardGap, cardHeight, CardRow, cardWidth, projectCardHeight } from "./Card";
+import { Card, CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth, projectCardHeight } from "./Card";
 import { TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { HistoryCards } from "./HistoryCards";
+import { useNavigate, useParams } from "react-router-dom";
+import { sha256 } from "js-sha256";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -122,34 +124,55 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
     </svg>
 });
 
+function mkTargetHash(tk: TargetKey): string {
+    return sha256(JSON.stringify(tk));
+}
+
 export const TargetsView = () => {
     const theme = useTheme();
-    const [selectedCommandResult, setSelectedCommandResult] = useState<{ rs: CommandResultSummary, ts: TargetSummary } | undefined>();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
-    const [selectedCardRect, setSelectedCardRect] = useState<DOMRect | undefined>();
 
-    const appContext = useContext(AppContext)
-    const projects = appContext.projects
+    const navigate = useNavigate();
+    const { targetKeyHash } = useParams();
+    const appContext = useContext(AppContext);
+    const projects = appContext.projects;
+
+    const targetsHashes = useMemo(() => {
+        const dict = new Map<string, TargetSummary>();
+        projects.forEach(ps =>
+            ps.targets.forEach(ts =>
+                dict.set(mkTargetHash(ts.target), ts)
+            )
+        );
+        return dict;
+    }, [projects]);
+
+    const historyCardsTarget = useMemo(() => {
+        return targetKeyHash ? targetsHashes.get(targetKeyHash) : undefined;
+    }, [targetKeyHash, targetsHashes]);
 
     const onTargetDetailsDrawerClose = useCallback(() => {
         setSelectedTargetSummary(undefined);
     }, []);
 
-    const onSelectCommandResult = useCallback((o?: { rs: CommandResultSummary, ts: TargetSummary }) => {
+    const onSelectHistoryCardsTarget = useCallback((ts: TargetSummary) => {
         onTargetDetailsDrawerClose();
-        setSelectedCommandResult(o);
-    }, [onTargetDetailsDrawerClose]);
+        navigate(`/targets/${mkTargetHash(ts.target)}`);
+    }, [navigate, onTargetDetailsDrawerClose]);
 
     const onHistoryCardsClose = useCallback(() => {
-        setSelectedCommandResult(undefined);
-        setSelectedCardRect(undefined);
-    }, []);
+        navigate(`/targets/`);
+    }, [navigate]);
+
+    const cardRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
+ 
+    if (historyCardsTarget) {
+        const cardElem = cardRefs.current.get(historyCardsTarget);
+        const cardRect = cardElem?.getBoundingClientRect();
 
-    if (selectedCommandResult && selectedCardRect) {
         return <HistoryCards
-            rs={selectedCommandResult.rs}
-            ts={selectedCommandResult.ts}
-            initialCardRect={selectedCardRect}
+            targetSummary={historyCardsTarget}
+            initialCardRect={cardRect}
             onClose={onHistoryCardsClose}
         />;
     }
@@ -240,21 +263,25 @@ export const TargetsView = () => {
                                     return <Card
                                         key={rs.id}
                                         sx={{
-                                            translate: i === 0 ? 'none' : `-${i * (cardWidth + cardGap / 2)}px`,
+                                            translate: `${-i * (cardWidth + cardGap / 2)}px`,
                                             zIndex: -i,
                                             display: i < 4 ? 'flex' : 'none'
                                         }}
-                                        onClick={(e) => {
-                                            const rect = e.currentTarget.getBoundingClientRect();
-                                            setSelectedCardRect(rect);
+                                        ref={(r: HTMLElement) => {
+                                            if (i === 0) {
+                                                cardRefs.current.set(ts, r);
+                                            }
                                         }}
                                     >
-                                        <CommandResultItem
-                                            ps={ps}
-                                            ts={ts}
-                                            rs={rs}
-                                            onSelectCommandResult={(rs) => onSelectCommandResult({ rs, ts })}
-                                        />
+                                        {i === 0
+                                            ? <CommandResultItem
+                                                ps={ps}
+                                                ts={ts}
+                                                rs={rs}
+                                                onSelectCommandResult={() => onSelectHistoryCardsTarget(ts)}
+                                            />
+                                            : <CardPaper />
+                                        }
                                     </Card>
                                 })}
                             </CardRow>

From 019cee997ab55ac9b46632fcc3b10d097c93ac6a Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 17 Jun 2023 02:53:27 +0600
Subject: [PATCH 1237/2268] Styled Login page.

---
 pkg/webui/ui/build/static/media/logout.svg |  4 ++
 pkg/webui/ui/src/components/App.tsx        | 18 ++++--
 pkg/webui/ui/src/components/LeftDrawer.tsx | 31 ++++++++---
 pkg/webui/ui/src/components/Login.tsx      | 65 ++++++++++++++++------
 pkg/webui/ui/src/icons/Icons.tsx           |  5 ++
 pkg/webui/ui/src/icons/logout.svg          |  4 ++
 6 files changed, 96 insertions(+), 31 deletions(-)
 create mode 100644 pkg/webui/ui/build/static/media/logout.svg
 create mode 100644 pkg/webui/ui/src/icons/logout.svg

diff --git a/pkg/webui/ui/build/static/media/logout.svg b/pkg/webui/ui/build/static/media/logout.svg
new file mode 100644
index 000000000..427680845
--- /dev/null
+++ b/pkg/webui/ui/build/static/media/logout.svg
@@ -0,0 +1,4 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M15 12V27.9834C15 33.3334 18.3333 36.6667 23.6667 36.6667H27.9833C33.3167 36.6667 36.65 33.3334 36.65 28V12C36.6667 6.66671 33.3333 3.33337 28 3.33337H23.6667C18.3333 3.33337 15 6.66671 15 12Z" fill="#DFEBE9"/>
+<path d="M9.28324 13.5333L3.6999 19.1167C3.21657 19.6 3.21657 20.4 3.6999 20.8833L9.28324 26.4667C9.76657 26.95 10.5666 26.95 11.0499 26.4667C11.5332 25.9833 11.5332 25.1833 11.0499 24.7L7.5999 21.25H25.4166C26.0999 21.25 26.6666 20.6833 26.6666 20C26.6666 19.3167 26.0999 18.75 25.4166 18.75H7.5999L11.0499 15.3C11.2999 15.05 11.4166 14.7333 11.4166 14.4167C11.4166 14.1 11.2999 13.7667 11.0499 13.5333C10.5666 13.0333 9.78324 13.0333 9.28324 13.5333Z" fill="#DFEBE9"/>
+</svg>
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index c330fd775..ef3801318 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -42,7 +42,7 @@ export const AppContext = createContext<AppContextProps>({
 
 export const ApiContext = createContext<Api>(new StaticApi())
 
-const LoggedInApp = (props: {onUnauthorized: () => void}) => {
+const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     const api = useContext(ApiContext)
     const [filters, setFilters] = useState<ActiveFilters>()
 
@@ -75,7 +75,7 @@ const LoggedInApp = (props: {onUnauthorized: () => void}) => {
         console.log("starting listenResults")
         let cancel: Promise<() => void>
         cancel = api.listenUpdates(undefined, undefined, msg => {
-            switch(msg.type) {
+            switch (msg.type) {
                 case "update_summary":
                     updateSummary(msg.summary)
                     break
@@ -117,7 +117,11 @@ const LoggedInApp = (props: {onUnauthorized: () => void}) => {
         <AppContext.Provider value={appContext}>
             <ThemeProvider theme={light}>
                 <Box width={"100%"} height={"100%"}>
-                    <LeftDrawer content={<Outlet context={outletContext}/>} context={outletContext}/>
+                    <LeftDrawer
+                        content={<Outlet context={outletContext} />}
+                        context={outletContext}
+                        logout={onUnauthorized}
+                    />
                 </Box>
             </ThemeProvider>
         </AppContext.Provider>
@@ -193,15 +197,17 @@ const App = () => {
     }, [])
 
     if (needToken && !getToken()) {
-        return <Login setToken={handleLoginSucceeded} />
+        return <ThemeProvider theme={light}>
+            <Login setToken={handleLoginSucceeded} />
+        </ThemeProvider>
     }
 
     if (!api) {
-        return <Loading/>
+        return <Loading />
     }
 
     return <ApiContext.Provider value={api}>
-        <LoggedInApp onUnauthorized={onUnauthorized}/>
+        <LoggedInApp onUnauthorized={onUnauthorized} />
     </ApiContext.Provider>
 }
 
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index b3dab16ae..86f86e660 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -13,7 +13,7 @@ import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
 import { Link, useLocation, useNavigate } from "react-router-dom";
 import { AppOutletContext } from "./App";
-import { ArrowLeftIcon, KluctlLogo, KluctlText, SearchIcon, TargetsIcon } from '../icons/Icons';
+import { ArrowLeftIcon, KluctlLogo, KluctlText, LogoutIcon, SearchIcon, TargetsIcon } from '../icons/Icons';
 import { dark } from './theme';
 import { Typography } from '@mui/material';
 
@@ -96,8 +96,9 @@ const Drawer = styled(MuiDrawer, { shouldForwardProp: (prop) => prop !== 'open'
     }),
 );
 
-function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: string }) {
-    return <ListItem component={Link} to={props.to} key={props.text} disablePadding sx={{ display: 'block', margin: '14px 0' }}>
+function Item(props: { text: string, open: boolean, icon: React.ReactNode, to?: string, selected?: boolean, onClick?: () => void }) {
+    const linkProps = props.to ? { component: Link, to: props.to } : undefined;
+    return <ListItem disablePadding sx={{ display: 'block', margin: '14px 0' }} onClick={props.onClick} {...linkProps}>
         <ListItemButton
             sx={{
                 height: '60px',
@@ -110,6 +111,8 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
             <ListItemIcon
                 sx={{
                     minWidth: 0,
+                    width: '48px',
+                    height: '48px',
                     flex: '0 0 auto',
                     justifyContent: 'center',
                     alignItems: 'center',
@@ -125,13 +128,18 @@ function Item(props: { text: string, open: boolean, icon: React.ReactNode, to: s
                     fontSize: '24px',
                     lineHeight: '33px',
                     letterSpacing: '1px',
+                    color: props.selected ? undefined : '#8A8E91'
                 }}
             />
         </ListItemButton>
     </ListItem>
 }
 
-export default function LeftDrawer(props: { content: React.ReactNode, context: AppOutletContext }) {
+export default function LeftDrawer(props: {
+    content: React.ReactNode,
+    context: AppOutletContext,
+    logout: () => void
+}) {
     const [open, setOpen] = useState(true);
     const location = useLocation()
     const navigate = useNavigate();
@@ -213,9 +221,18 @@ export default function LeftDrawer(props: { content: React.ReactNode, context: A
                         </IconButton>
                     </DrawerHeader>
                     <Divider />
-                    <List sx={{ padding: '10px 0 0 0' }}>
-                        <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} />
-                    </List>
+                    <Box display='flex' flexDirection='column' flex='1 1 auto' pt='10px'>
+                        <Box flex='1 1 auto'>
+                            <List sx={{ padding: 0 }}>
+                                <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} selected />
+                            </List>
+                        </Box>
+                        <Box flex='0 0 auto'>
+                            <List sx={{ padding: 0 }}>
+                                <Item text={"Log Out"} open={open} icon={<LogoutIcon />} onClick={props.logout} />
+                            </List>
+                        </Box>
+                    </Box>
                 </Drawer>
             </ThemeProvider>
             <Box component="main" sx={{ flexGrow: 1, height: '100%', overflow: 'hidden' }} minWidth={0}>
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index b1fd66064..182ee1dc7 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -1,3 +1,4 @@
+import { Box, Button, FormControl, Paper, TextField, Typography } from '@mui/material';
 import React, { SyntheticEvent, useState } from 'react';
 
 //import './Login.css';
@@ -19,7 +20,7 @@ async function loginUser(creds: loginCredentials) {
         .then(token => token.token)
 }
 
-export default function Login(props: { setToken: (token: string) => void}) {
+export default function Login(props: { setToken: (token: string) => void }) {
     const [username, setUserName] = useState<string>();
     const [password, setPassword] = useState<string>();
 
@@ -35,22 +36,50 @@ export default function Login(props: { setToken: (token: string) => void}) {
         props.setToken(token);
     }
 
-    return(
-        <div className="login-wrapper">
-            <h1>Please Log In</h1>
-            <form onSubmit={handleSubmit}>
-                <label>
-                    <p>Username</p>
-                    <input type="text" onChange={e => setUserName(e.target.value)} />
-                </label>
-                <label>
-                    <p>Password</p>
-                    <input type="password" onChange={e => setPassword(e.target.value)} />
-                </label>
-                <div>
-                    <button type="submit">Submit</button>
-                </div>
-            </form>
-        </div>
+    return (
+        <Box
+            width='100%'
+            height='100%'
+            display='flex'
+            flexDirection='column'
+            alignItems='center'
+            gap='30px'
+            pt='90px'
+        >
+            <Typography variant='h1'>Please Log In</Typography>
+            <Paper elevation={5} sx={{ width: '400px', borderRadius: '12px', padding: '30px' }}>
+                <form onSubmit={handleSubmit}>
+                    <Box
+                        display='flex'
+                        flexDirection='column'
+                        justifyContent='center'
+                        alignItems='center'
+                        gap='30px'
+                    >
+                        <FormControl fullWidth >
+                            <TextField variant='standard' label='Username' onChange={e => setUserName(e.target.value)} />
+                        </FormControl>
+                        <FormControl fullWidth >
+                            <TextField variant='standard' label='Password' type="password" onChange={e => setPassword(e.target.value)} />
+                        </FormControl>
+                        <FormControl >
+                            <Button
+                                variant='contained'
+                                type='submit'
+                                sx={{
+                                    padding: '6px 20px',
+                                    backgroundColor: '#59A588',
+                                    '&:hover': {
+                                        backgroundColor: '#59A588'
+                                    }
+                                }}
+                            >
+                                Login
+                            </Button>
+                        </FormControl>
+                    </Box>
+                </form>
+            </Paper>
+        </Box>
     )
 }
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 967aa08ca..a58e85303 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -36,6 +36,7 @@ import { ReactComponent as BracketsSquareIconSvg } from './brackets-square.svg';
 import { ReactComponent as FileIconSvg } from './file.svg';
 import { ReactComponent as ResultIconSvg } from './result.svg';
 import { ReactComponent as IncludeIconSvg } from './include.svg';
+import { ReactComponent as LogoutIconSvg } from './logout.svg';
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -196,3 +197,7 @@ export const ResultIcon = () => {
 export const IncludeIcon = () => {
     return <IncludeIconSvg width="30px" height="30px" />
 }
+
+export const LogoutIcon = () => {
+    return <LogoutIconSvg width="40px" height="40px" />
+}
diff --git a/pkg/webui/ui/src/icons/logout.svg b/pkg/webui/ui/src/icons/logout.svg
new file mode 100644
index 000000000..427680845
--- /dev/null
+++ b/pkg/webui/ui/src/icons/logout.svg
@@ -0,0 +1,4 @@
+<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path opacity="0.4" d="M15 12V27.9834C15 33.3334 18.3333 36.6667 23.6667 36.6667H27.9833C33.3167 36.6667 36.65 33.3334 36.65 28V12C36.6667 6.66671 33.3333 3.33337 28 3.33337H23.6667C18.3333 3.33337 15 6.66671 15 12Z" fill="#DFEBE9"/>
+<path d="M9.28324 13.5333L3.6999 19.1167C3.21657 19.6 3.21657 20.4 3.6999 20.8833L9.28324 26.4667C9.76657 26.95 10.5666 26.95 11.0499 26.4667C11.5332 25.9833 11.5332 25.1833 11.0499 24.7L7.5999 21.25H25.4166C26.0999 21.25 26.6666 20.6833 26.6666 20C26.6666 19.3167 26.0999 18.75 25.4166 18.75H7.5999L11.0499 15.3C11.2999 15.05 11.4166 14.7333 11.4166 14.4167C11.4166 14.1 11.2999 13.7667 11.0499 13.5333C10.5666 13.0333 9.78324 13.0333 9.28324 13.5333Z" fill="#DFEBE9"/>
+</svg>

From 912e05f97d3e6ddeee02f83b5ed283b4fa527228 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 22 Jun 2023 23:59:51 +0200
Subject: [PATCH 1238/2268] fix: Also use rootPath for login request

---
 pkg/webui/ui/src/api.tsx              | 2 +-
 pkg/webui/ui/src/components/Login.tsx | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 5101e0665..0958c4793 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -16,7 +16,7 @@ import { loadScript } from "./loadscript";
 
 console.log(window.location)
 
-let rootPath = window.location.pathname
+export let rootPath = window.location.pathname
 if (rootPath.endsWith("/")) {
     rootPath = rootPath.substring(0, rootPath.length-1)
 }
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index 182ee1dc7..21e206adc 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -1,5 +1,6 @@
 import { Box, Button, FormControl, Paper, TextField, Typography } from '@mui/material';
 import React, { SyntheticEvent, useState } from 'react';
+import { rootPath } from "../api";
 
 //import './Login.css';
 
@@ -9,7 +10,7 @@ interface loginCredentials {
 }
 
 async function loginUser(creds: loginCredentials) {
-    const url = `/auth/login`
+    const url = rootPath + `/auth/login`
     return fetch(url, {
         method: 'POST',
         headers: {

From 5643e3521aed6f8df13a084c0de4672dc86f3c1a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Jun 2023 08:56:47 +0200
Subject: [PATCH 1239/2268] chore(deps): Bump github.com/otiai10/copy from
 1.11.0 to 1.12.0 (#608)

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](https://github.com/otiai10/copy/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3d26fc3d4..13c8077c9 100644
--- a/go.mod
+++ b/go.mod
@@ -69,7 +69,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.4
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.8
-	github.com/otiai10/copy v1.11.0
+	github.com/otiai10/copy v1.12.0
 	github.com/prometheus/client_golang v1.15.1
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
diff --git a/go.sum b/go.sum
index 07a4a21bd..615aa8a04 100644
--- a/go.sum
+++ b/go.sum
@@ -702,8 +702,8 @@ github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVn
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
-github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
-github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
+github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=

From cf1fb30056cc21d81466501d8b8ee8aef1207aa3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Jun 2023 08:56:59 +0200
Subject: [PATCH 1240/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#609)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.26 to 1.18.27.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.26...config/v1.18.27)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 13c8077c9..62f0a2de4 100644
--- a/go.mod
+++ b/go.mod
@@ -55,10 +55,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.18.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.26
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.25
+	github.com/aws/aws-sdk-go-v2/config v1.18.27
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.26
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2
 	github.com/aws/smithy-go v1.13.5
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-gonic/gin v1.9.1
@@ -107,8 +107,8 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index 615aa8a04..353a59224 100644
--- a/go.sum
+++ b/go.sum
@@ -117,10 +117,10 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
 github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.26 h1:ivCHcSmKd1+9rBlqVsxZHB35eCW88KWbMdG2VL3BuBw=
-github.com/aws/aws-sdk-go-v2/config v1.18.26/go.mod h1:NVmd//z/PNl7U+ZU2EnuffxOA060JWzgbH3BnqQrUoY=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.25 h1:5wROoMcUC7nAE66e0b3IIht6Tos76M4HC+GQw8MeqxU=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.25/go.mod h1:W9I2660WXSwZQ23mM1Ks72+UGeyirIxuU7/KzN7daeA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -137,12 +137,12 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3f
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10 h1:eW8zPSh7ZLzb7029xCsIEFbnxLvNHPTt7aWwdKjNJc8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.11 h1:cNrMc266RsZJ8V1u1OQQONKcf9HmfxQFqgcpY7ZJBhY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.11/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11 h1:h2VhtCE5PBiJefmlVCjJRSzBfFcQeAE10SXIGkXw1jQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.11/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.1 h1:ehPTnLR/es8TL1fpBfq8qw9cAwOpQr47fLmZD9yhHjk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.1/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 3eee45ef7b29367fa9aa0818802eed14d22e6743 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Jun 2023 08:59:00 +0200
Subject: [PATCH 1241/2268] chore(deps): Bump k8s.io/client-go from 0.27.2 to
 0.27.3 (#612)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.2 to 0.27.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.27.2...v0.27.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 62f0a2de4..fc7f91394 100644
--- a/go.mod
+++ b/go.mod
@@ -41,10 +41,10 @@ require (
 	golang.org/x/term v0.9.0
 	golang.org/x/text v0.10.0
 	helm.sh/helm/v3 v3.12.1
-	k8s.io/api v0.27.2
+	k8s.io/api v0.27.3
 	k8s.io/apiextensions-apiserver v0.27.2
-	k8s.io/apimachinery v0.27.2
-	k8s.io/client-go v0.27.2
+	k8s.io/apimachinery v0.27.3
+	k8s.io/client-go v0.27.3
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
diff --git a/go.sum b/go.sum
index 353a59224..28a61e712 100644
--- a/go.sum
+++ b/go.sum
@@ -1393,18 +1393,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo=
-k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4=
+k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
+k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
 k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
 k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
-k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg=
-k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
+k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
 k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
 k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
 k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=
 k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw=
-k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE=
-k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ=
+k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
+k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
 k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
 k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=

From 150a4193234e68a9be6759430584bd0accd4aaa3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 09:21:25 +0200
Subject: [PATCH 1242/2268] ci: Add check for cleanliness of go.mod/go.sum

---
 .github/workflows/tests.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 846e92a26..4507b42e6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -72,6 +72,15 @@ jobs:
             git diff
             exit 1
           fi
+      - name: Verify go.mod and go.sum are clean
+        run: |
+          go mod tidy
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "go mod tidy must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
 
   check-npm-build:
     runs-on: ubuntu-latest

From 8b3a5f09bf9bb5cb9ebcaa8bb68922ad9af2d387 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 09:21:32 +0200
Subject: [PATCH 1243/2268] chore: Run go mod tidy

---
 go.mod |  1 -
 go.sum | 20 --------------------
 2 files changed, 21 deletions(-)

diff --git a/go.mod b/go.mod
index fc7f91394..e85459118 100644
--- a/go.mod
+++ b/go.mod
@@ -74,7 +74,6 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
diff --git a/go.sum b/go.sum
index 28a61e712..e60b8dbf3 100644
--- a/go.sum
+++ b/go.sum
@@ -280,7 +280,6 @@ github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
@@ -319,15 +318,11 @@ github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTr
 github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
 github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@@ -343,12 +338,6 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
-github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
-github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -458,8 +447,6 @@ github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -545,7 +532,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -561,7 +547,6 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -591,7 +576,6 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -850,8 +834,6 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
@@ -1415,8 +1397,6 @@ k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
 k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
-nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 8f481b83585a7eeab943fca05621260aa9f8adfd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 10:06:26 +0200
Subject: [PATCH 1244/2268] refactor: Move ipfs-exchange-info into internal
 directory

---
 .github/workflows/preview-comment.yml         | 4 ++--
 .github/workflows/preview-run.yml             | 4 ++--
 {hack => internal}/ipfs-exchange-info/go.mod  | 0
 {hack => internal}/ipfs-exchange-info/go.sum  | 0
 {hack => internal}/ipfs-exchange-info/main.go | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename {hack => internal}/ipfs-exchange-info/go.mod (100%)
 rename {hack => internal}/ipfs-exchange-info/go.sum (100%)
 rename {hack => internal}/ipfs-exchange-info/main.go (100%)

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
index efb778175..e061b2746 100644
--- a/.github/workflows/preview-comment.yml
+++ b/.github/workflows/preview-comment.yml
@@ -67,12 +67,12 @@ jobs:
           ipfs key import kluctl-preview-comment kluctl-preview-comment.pem -f pem-pkcs8-cleartext
       - name: Build ipfs-exchange-info
         run: |
-          (cd ./hack/ipfs-exchange-info && go build ./)
+          (cd ./internal/ipfs-exchange-info && go install .)
       - name: Receive info
         id: info
         run: |
           echo "${{ secrets.KLUCTL_PREVIEW_AGE_KEY }}" > age.key
-          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode subscribe -topic kluctl-preview-${{ github.event.pull_request.number }} -pr-number ${{ github.event.pull_request.number }} -repo-name "${{ github.repository }}" -age-key-file age.key -out-file info.json
+          ipfs-exchange-info -mode subscribe -topic kluctl-preview-${{ github.event.pull_request.number }} -pr-number ${{ github.event.pull_request.number }} -repo-name "${{ github.repository }}" -age-key-file age.key -out-file info.json
 
           cat info.json | jq ".ipfsId" -r > ipfs_id
           cat info.json | jq ".staticIpnsName" -r > static_ipns_name
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index efb965256..20f83e80c 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -141,11 +141,11 @@ jobs:
       # SEND INFO
       - name: Build ipfs-exchange-info
         run: |
-          (cd ./hack/ipfs-exchange-info && go build ./)
+          (cd ./internal/ipfs-exchange-info && go install .)
       - name: send info
         run: |
           static_ipns_name=$(ipfs key gen static-webui)
-          ./hack/ipfs-exchange-info/ipfs-exchange-info -mode publish \
+          ipfs-exchange-info -mode publish \
             -topic kluctl-preview-${{ github.event.pull_request.number }} \
             -ipfs-id $(ipfs id -f "<id>") \
             -static-ipns-name $static_ipns_name \
diff --git a/hack/ipfs-exchange-info/go.mod b/internal/ipfs-exchange-info/go.mod
similarity index 100%
rename from hack/ipfs-exchange-info/go.mod
rename to internal/ipfs-exchange-info/go.mod
diff --git a/hack/ipfs-exchange-info/go.sum b/internal/ipfs-exchange-info/go.sum
similarity index 100%
rename from hack/ipfs-exchange-info/go.sum
rename to internal/ipfs-exchange-info/go.sum
diff --git a/hack/ipfs-exchange-info/main.go b/internal/ipfs-exchange-info/main.go
similarity index 100%
rename from hack/ipfs-exchange-info/main.go
rename to internal/ipfs-exchange-info/main.go

From 67f6eb253456280f43962e92d1372a25c3d581ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 14:35:04 +0200
Subject: [PATCH 1245/2268] ci: Use cloudflare tunnels to proxy the preview UI

---
 .github/workflows/preview-comment.yml | 125 ---------------------
 .github/workflows/preview-proxy.yml   | 153 ++++++++++++++++++++++++++
 .github/workflows/preview-run.yml     |  25 +----
 internal/ipfs-exchange-info/main.go   |  16 +--
 4 files changed, 161 insertions(+), 158 deletions(-)
 delete mode 100644 .github/workflows/preview-comment.yml
 create mode 100644 .github/workflows/preview-proxy.yml

diff --git a/.github/workflows/preview-comment.yml b/.github/workflows/preview-comment.yml
deleted file mode 100644
index e061b2746..000000000
--- a/.github/workflows/preview-comment.yml
+++ /dev/null
@@ -1,125 +0,0 @@
-name: preview-comment
-
-on:
-  pull_request_target:
-    types: [labeled, synchronize]
-    branches:
-      - main
-
-permissions:
-  contents: read
-  issues: write
-  pull-requests: write
-
-concurrency:
-  group: preview-comment-${{ github.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  preview-comment:
-    if: ${{ github.event.label.name == 'preview' || contains(github.event.pull_request.labels.*.name, 'preview') }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Reset PR comment
-        uses: mshick/add-pr-comment@v2
-        with:
-          issue: ${{ github.pull_request.number }}
-          message-id: preview-run-info
-          message: |
-            # 🤖 Preview Environment
-            The preview environment is starting up and will be available soon.
-      - uses: actions/checkout@v2
-        with:
-          # Warning, do not try to checkout the base branch here as it would introduce enormous security risks!
-          # Also don't introduce a cache in this workflow!
-          ref: main
-          fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.19
-      - name: Install some tools
-        run: |
-          sudo apt update
-          sudo apt install -y ncat
-          wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz
-          tar xzf age-v1.1.1-linux-amd64.tar.gz
-          sudo mv age/age* /usr/bin/
-      - name: Install ipfs
-        run: |
-          wget -q https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz
-          tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz
-          ./kubo/install.sh
-      - name: ipfs init
-        run: |
-          ipfs init
-          ipfs config --json Experimental.Libp2pStreamMounting true
-          ipfs config --json Ipns.UsePubsub true
-          ipfs daemon &
-          sleep 1
-          while ! ipfs id &> /dev/null; do
-            echo "waiting for the daemon"
-            sleep 1
-          done
-      - name: Import ipfs key
-        run: |
-          echo "${{ secrets.KLUCTL_PREVIEW_IPNS_KEY }}" | base64 -d > kluctl-preview-comment.pem
-          ipfs key import kluctl-preview-comment kluctl-preview-comment.pem -f pem-pkcs8-cleartext
-      - name: Build ipfs-exchange-info
-        run: |
-          (cd ./internal/ipfs-exchange-info && go install .)
-      - name: Receive info
-        id: info
-        run: |
-          echo "${{ secrets.KLUCTL_PREVIEW_AGE_KEY }}" > age.key
-          ipfs-exchange-info -mode subscribe -topic kluctl-preview-${{ github.event.pull_request.number }} -pr-number ${{ github.event.pull_request.number }} -repo-name "${{ github.repository }}" -age-key-file age.key -out-file info.json
-
-          cat info.json | jq ".ipfsId" -r > ipfs_id
-          cat info.json | jq ".staticIpnsName" -r > static_ipns_name
-
-          echo "ipfs_id=$(cat ipfs_id)"
-          echo "static_ipns_name=$(cat static_ipns_name)"
-      - name: Build comment text
-        run: |
-          cat <<EOF > comment.md
-          # 🤖 Preview Environment
-          The preview environment is running.
-          
-          # Accessing the static preview UI
-          This version of the UI is static but updated regularly. The updates will lag quite a lot, as IPFS needs
-          some time to propagate changes. You'd also need to refresh the page to get an update. This version of the UI
-          is not able to interact with the cluster, due to missing WebSockets support in IPFS. Use IPFS p2p forwarding
-          if you need this.
-          
-          The public gateway url is: https://ipfs.io/ipns/$(cat static_ipns_name)/index.html
-          
-          For much better perforamance and update-speed, install and start [IPFS Kubo](https://github.com/ipfs/kubo/)
-          locally and use this URL: http://$(cat static_ipns_name).ipns.localhost:8080/index.html
-          
-          If you configured a different gateway port then the default (8080), fix the url accordingly.
-          
-          # Accessing the dynamic preview UI
-          First, install and start [IPFS Kubo](https://github.com/ipfs/kubo/) locally.
-          Then run the \`http\` forward command from below.
-          After that, the UI will be accessible through http://localhost:9090.
-          
-          IPFS forward commands:
-          http: \`ipfs p2p forward /x/kluctl-webui /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)\`
-          ssh: \`ipfs p2p forward /x/ssh /ip4/127.0.0.1/tcp/2222 /p2p/$(cat ipfs_id)\`
-          k8s: \`ipfs p2p forward /x/k /ip4/127.0.0.1/tcp/6443 /p2p/$(cat ipfs_id)\`
-          
-          When asked for credentials, use admin:admin.
-          
-          # Shutting it down
-          Either cancel the pipeline in the PR or simply wait for 30 minutes until it auto-terminates.
-          EOF
-      - uses: mshick/add-pr-comment@v2
-        with:
-          issue: ${{ github.pull_request.number }}
-          message-id: preview-run-info
-          message-path: |
-            comment.md
-      - name: Sleep a bit
-        run: |
-          # Sleep a few seconds to give IPFS p2p streams enough time to flush
-          sleep 10
\ No newline at end of file
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
new file mode 100644
index 000000000..9d50c2d71
--- /dev/null
+++ b/.github/workflows/preview-proxy.yml
@@ -0,0 +1,153 @@
+name: preview-proxy
+
+on:
+  pull_request_target:
+    types: [labeled, synchronize]
+    branches:
+      - main
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: preview-proxy-${{ github.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  preview-proxy:
+    if: ${{ github.event.label.name == 'preview' || contains(github.event.pull_request.labels.*.name, 'preview') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Reset PR comment
+        uses: mshick/add-pr-comment@v2
+        with:
+          issue: ${{ github.pull_request.number }}
+          message-id: preview-run-info
+          message: |
+            # 🤖 Preview Environment
+            The preview environment is starting up and will be available soon.
+      - uses: actions/checkout@v2
+        with:
+          # Warning, do not try to checkout the base branch here as it would introduce enormous security risks!
+          # Also don't introduce a cache in this workflow!
+          ref: main
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.19
+      - name: Install some tools
+        run: |
+          sudo apt update
+          sudo apt install -y ncat
+          wget https://github.com/FiloSottile/age/releases/download/v1.1.1/age-v1.1.1-linux-amd64.tar.gz
+          tar xzf age-v1.1.1-linux-amd64.tar.gz
+          sudo mv age/age* /usr/bin/
+      - name: Install ipfs
+        run: |
+          wget -q https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz
+          tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz
+          ./kubo/install.sh
+      - name: ipfs init
+        run: |
+          ipfs init
+          ipfs config --json Experimental.Libp2pStreamMounting true
+          ipfs config --json Ipns.UsePubsub true
+          ipfs daemon &
+          sleep 1
+          while ! ipfs id &> /dev/null; do
+            echo "waiting for the daemon"
+            sleep 1
+          done
+      - name: Install cloudflared
+        run: |
+          wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
+          sudo dpkg -i cloudflared-linux-amd64.deb
+      - name: Start cloudflared tunnel
+        run: |
+          mkdir -p ~/.cloudflared
+          echo ${{ secrets.CLOUDFLARE_TUNNEL_CERT }} | base64 -d > ~/.cloudflared/cert.pem
+          cloudflared tunnel create kluctl-preview-${{ github.event.pull_request.number }}
+          
+          TUNNEL_ID=$(cd ~/.cloudflared && ls *.json | sed 's/\.json//g')
+          echo "TUNNEL_ID=$TUNNEL_ID" >> $GITHUB_ENV
+          
+          cat <<EOF > ~/.cloudflared/config.yml
+          url: http://localhost:9090
+          tunnel: $TUNNEL_ID
+          credentials-file: $HOME/.cloudflared/$TUNNEL_ID.json
+          EOF
+          
+          cloudflared tunnel route dns $TUNNEL_ID kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com
+          cloudflared tunnel run $TUNNEL_ID &
+      - name: Build ipfs-exchange-info
+        run: |
+          (cd ./internal/ipfs-exchange-info && go install .)
+      - name: Receive info
+        id: info
+        run: |
+          echo "${{ secrets.KLUCTL_PREVIEW_AGE_KEY }}" > age.key
+          ipfs-exchange-info -mode subscribe \
+            -topic kluctl-preview-${{ github.event.pull_request.number }} \
+            -pr-number ${{ github.event.pull_request.number }} \
+            -repo-name "${{ github.repository }}" \
+            -age-key-file age.key \
+            -out-file info.json
+
+          cat info.json | jq ".ipfsId" -r > ipfs_id
+          echo "ipfs_id=$(cat ipfs_id)"
+      - name: IPFS forward
+        run: |
+          ipfs p2p forward /x/kluctl-webui /ip4/127.0.0.1/tcp/9090 /p2p/$(cat ipfs_id)
+      - name: Build comment text
+        run: |
+          cat <<EOF > comment.md
+          # 🤖 Preview Environment
+          The preview environment is running.
+          
+          # Accessing the UI
+          The UI is now available at: https://kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com
+          
+          When asked for credentials, use admin:admin.
+          
+          # Shutting it down
+          Either cancel the pipeline in the PR or simply wait for 30 minutes until it auto-terminates.
+          EOF
+      - uses: mshick/add-pr-comment@v2
+        with:
+          issue: ${{ github.pull_request.number }}
+          message-id: preview-run-info
+          message-path: |
+            comment.md
+      - name: Wait for preview-run to exit
+        uses: lewagon/wait-on-check-action@v1.3.1
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          check-name: 'preview-run'
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 10
+      - name: Cleanup cloudflare tunnel
+        if: ${{ always() }}
+        run: |
+          killall cloudflared || true
+          sleep 5
+
+          cloudflared tunnel cleanup $TUNNEL_ID || true
+          cloudflared tunnel delete $TUNNEL_ID || true
+          
+          token="${{ secrets.CLOUDFLARE_DNS_API_TOKEN }}"
+          zone_id=$(curl -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones" | jq '.result[] | select(.name == "kluctl.com").id' -r)
+          echo zone_id=$zone_id
+          record_id=$(curl -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records" | jq '.result[] | select(.zone_name == "kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com").id' -r)
+          echo record_id=$record_id
+          curl -X DELETE -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records/$record_id"
+      - uses: mshick/add-pr-comment@v2
+        if: ${{ always() }}
+        with:
+          issue: ${{ github.pull_request.number }}
+          message-id: preview-run-info
+          message: |
+            # 🤖 Preview Environment
+            The preview environment has been shut down.
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 20f83e80c..c2a6e30a4 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -58,8 +58,6 @@ jobs:
             echo "waiting for the daemon"
             sleep 1
           done
-          # kick of ipns resolving in the background to warm it up
-          ipfs name resolve k51qzi5uqu5diql7mejg4dfn35igqqf22202vgv3sepjrsobtya2xihqqtshbe &
       # SETUP SSH
       - name: Setup ssh
         run: |
@@ -144,11 +142,9 @@ jobs:
           (cd ./internal/ipfs-exchange-info && go install .)
       - name: send info
         run: |
-          static_ipns_name=$(ipfs key gen static-webui)
           ipfs-exchange-info -mode publish \
             -topic kluctl-preview-${{ github.event.pull_request.number }} \
             -ipfs-id $(ipfs id -f "<id>") \
-            -static-ipns-name $static_ipns_name \
             -pr-number ${{ github.event.pull_request.number }} \
             -age-pub-key age1dhueesr5qj8e8uy298k7z8x3ntv620rde89phumg0kvjx2t32elsm759z7
         env:
@@ -156,25 +152,8 @@ jobs:
           # that runs inside this repo, which can only be a workflow that got manually approved. The token is encrypted
           # via age
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      # GENERATE STATIC WEBUI
-      - name: Publish static webui and sleep
+      # SLEEP
+      - name: Sleep
         run: |
-          (
-            old_cid=""
-            while true; do
-              rm -rf kluctl-webui-static
-              if ./bin/kluctl webui --static-path=kluctl-webui-static; then
-                cid=$(ipfs add -r -Q kluctl-webui-static)
-                if [ "$cid" != "$old_cid" ]; then
-                  echo "Publishing $cid..."
-                  ipfs name publish --key static-webui /ipfs/$cid || true
-                  old_cid="$cid"
-                fi
-              else
-                echo "Building static webui failed"
-              fi
-              sleep 1
-            done
-          ) &
           echo "Sleeping..."
           sleep 1800
diff --git a/internal/ipfs-exchange-info/main.go b/internal/ipfs-exchange-info/main.go
index 8b871c0b0..9a8f6397e 100644
--- a/internal/ipfs-exchange-info/main.go
+++ b/internal/ipfs-exchange-info/main.go
@@ -29,7 +29,6 @@ import (
 var modeFlag string
 var topicFlag string
 var ipfsId string
-var staticIpnsName string
 var prNumber int
 var ageKeyFile string
 var agePubKey string
@@ -40,7 +39,6 @@ func ParseFlags() error {
 	flag.StringVar(&modeFlag, "mode", "", "Mode")
 	flag.StringVar(&topicFlag, "topic", "", "pubsub topic")
 	flag.StringVar(&ipfsId, "ipfs-id", "", "IPFS ID")
-	flag.StringVar(&staticIpnsName, "static-ipns-name", "", "Static Webui IPNS name")
 	flag.IntVar(&prNumber, "pr-number", 0, "PR number")
 	flag.StringVar(&ageKeyFile, "age-key-file", "", "AGE key file")
 	flag.StringVar(&agePubKey, "age-pub-key", "", "AGE pubkey")
@@ -179,18 +177,16 @@ func findRelayPeers(h func() host.Host) func(ctx context.Context, num int) <-cha
 }
 
 type workflowInfo struct {
-	PrNumber       int    `json:"prNumber"`
-	IpfsId         string `json:"ipfsId"`
-	StaticIpnsName string `json:"staticIpnsName"`
-	GithubToken    string `json:"githubToken"`
+	PrNumber    int    `json:"prNumber"`
+	IpfsId      string `json:"ipfsId"`
+	GithubToken string `json:"githubToken"`
 }
 
 func doPublish(ctx context.Context, h host.Host, discovery *drouting.RoutingDiscovery) error {
 	info := workflowInfo{
-		PrNumber:       prNumber,
-		GithubToken:    os.Getenv("GITHUB_TOKEN"),
-		IpfsId:         ipfsId,
-		StaticIpnsName: staticIpnsName,
+		PrNumber:    prNumber,
+		GithubToken: os.Getenv("GITHUB_TOKEN"),
+		IpfsId:      ipfsId,
 	}
 
 	b, err := json.Marshal(&info)

From 87400399a0884e6e11feadadb84bdefba09110b9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 17:11:51 +0200
Subject: [PATCH 1246/2268] refactor: Use otiai10/copy to copy from embedded
 FSs (#614)

---
 pkg/utils/fs_copy.go       | 84 --------------------------------------
 pkg/webui/staticbuilder.go |  5 ++-
 2 files changed, 4 insertions(+), 85 deletions(-)
 delete mode 100644 pkg/utils/fs_copy.go

diff --git a/pkg/utils/fs_copy.go b/pkg/utils/fs_copy.go
deleted file mode 100644
index ef5fef165..000000000
--- a/pkg/utils/fs_copy.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"io"
-	"io/fs"
-	"os"
-	"path"
-	"path/filepath"
-)
-
-// TODO get rid of all this when https://github.com/otiai10/copy/issues/71 gets implemented
-
-func CopyFile(src string, dst string) error {
-	if !IsFile(src) {
-		return fmt.Errorf("%s is not a regular file", src)
-	}
-	f, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	return CopyFileStream(f, dst)
-}
-
-func FsCopyFile(srcFs fs.FS, src, dst string) error {
-	src = filepath.ToSlash(src)
-	source, err := srcFs.Open(src)
-	if err != nil {
-		return err
-	}
-	defer source.Close()
-
-	sourceFileStat, err := source.Stat()
-	if err != nil {
-		return err
-	}
-
-	if !sourceFileStat.Mode().IsRegular() {
-		return fmt.Errorf("%s is not a regular file", src)
-	}
-
-	return CopyFileStream(source, dst)
-}
-
-func CopyFileStream(src io.Reader, dst string) error {
-	destination, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer destination.Close()
-
-	_, err = io.Copy(destination, src)
-	return err
-}
-
-func FsCopyDir(srcFs fs.FS, src string, dst string) error {
-	var err error
-	var fds []fs.DirEntry
-
-	src = filepath.ToSlash(src)
-
-	if fds, err = fs.ReadDir(srcFs, src); err != nil {
-		return err
-	}
-	if err = os.MkdirAll(dst, 0o700); err != nil {
-		return err
-	}
-	for _, fd := range fds {
-		srcfp := path.Join(src, fd.Name())
-		dstfp := filepath.Join(dst, fd.Name())
-
-		if fd.IsDir() {
-			if err = FsCopyDir(srcFs, srcfp, dstfp); err != nil {
-				return err
-			}
-		} else {
-			if err = FsCopyFile(srcFs, srcfp, dstfp); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index 70b209c3f..088e01514 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -96,7 +96,10 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
-	err = utils.FsCopyDir(uiFS, ".", tmpDir)
+	err = cp.Copy(".", tmpDir, cp.Options{
+		FS:            uiFS,
+		AddPermission: 0o666,
+	})
 	if err != nil {
 		return err
 	}

From 017a19953bebcbbff18f58e661fd63d54ff63a6e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 09:23:45 +0200
Subject: [PATCH 1247/2268] fix: Return old nextSeq in case no new events were
 found

---
 pkg/webui/events.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index dc111d3f4..8fe68cea3 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -219,7 +219,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		h.mutex.Lock()
 		defer h.mutex.Unlock()
 		var events []string
-		var nextSeq int64
+		nextSeq := args.Seq
 		for e := h.events.Front(); e != nil; e = e.Next() {
 			e2 := e.Value.(*eventEntry)
 			if e2.seq < args.Seq {

From 56c10f40bed92cef4e752a7b0359e02ac0b02f9e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 09:26:31 +0200
Subject: [PATCH 1248/2268] feat: Implement --host argument for webui command

Also warn about accidentally exposing the webui to the local network
when auth is disabled.
---
 cmd/kluctl/commands/cmd_webui.go | 24 ++++++++++++++++++++++--
 pkg/webui/server.go              |  4 ++--
 2 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index ad0015a38..643150d14 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -8,12 +8,14 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	"net/netip"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
 type webuiCmd struct {
-	Port        int      `group:"misc" help:"Port to serve the api and webui." default:"8080"`
+	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to localhost."`
+	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
 	StaticPath  string   `group:"misc" help:"Build static webui."`
@@ -36,6 +38,24 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		return fmt.Errorf("--static-path can not be combined with --only-api")
 	}
 
+	if !cmd.InCluster { // no authentication?
+		if cmd.Host == "" {
+			// we only use "localhost" as default if not running inside a cluster
+			cmd.Host = "localhost"
+		}
+		if cmd.Host != "localhost" {
+			isNonLocal := cmd.Host == ""
+			if a, err := netip.ParseAddr(cmd.Host); err == nil { // on error, we assume it's a hostname
+				if !a.IsLoopback() {
+					isNonLocal = true
+				}
+			}
+			if isNonLocal {
+				status.Warning(ctx, "When running the webui without authentication enabled, it is extremely dangerous to expose it to non-localhost addresses, as the webui is running with admin privileges.")
+			}
+		}
+	}
+
 	var inClusterClient client.Client
 	if cmd.InCluster {
 		configOverrides := &clientcmd.ConfigOverrides{
@@ -73,7 +93,7 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		return sbw.Build(cmd.StaticPath)
 	} else {
 		server := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, inClusterClient != nil, cmd.OnlyApi)
-		return server.Run(cmd.Port)
+		return server.Run(cmd.Host, cmd.Port)
 	}
 }
 
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 626a71260..1b99e23ee 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -76,7 +76,7 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 	return ret
 }
 
-func (s *CommandResultsServer) Run(port int) error {
+func (s *CommandResultsServer) Run(host string, port int) error {
 	l, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
 	if err != nil {
 		return err
@@ -134,7 +134,7 @@ func (s *CommandResultsServer) Run(port int) error {
 	}
 	api.GET("/events", s.auth.authHandler, s.events.handler)
 
-	address := fmt.Sprintf(":%d", port)
+	address := fmt.Sprintf("%s:%d", host, port)
 	listener, err := net.Listen("tcp", address)
 	if err != nil {
 		return err

From efcb506f2f27a2b16f1e94b1e2853d3d113e78b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 23 Jun 2023 18:42:36 +0200
Subject: [PATCH 1249/2268] ci: Fix cleanup of cloudflare DNS records (#616)

---
 .github/workflows/preview-proxy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 9d50c2d71..8452a1b9f 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -140,7 +140,7 @@ jobs:
           token="${{ secrets.CLOUDFLARE_DNS_API_TOKEN }}"
           zone_id=$(curl -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones" | jq '.result[] | select(.name == "kluctl.com").id' -r)
           echo zone_id=$zone_id
-          record_id=$(curl -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records" | jq '.result[] | select(.zone_name == "kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com").id' -r)
+          record_id=$(curl -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records" | jq '.result[] | select(.name == "kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com").id' -r)
           echo record_id=$record_id
           curl -X DELETE -H "Authorization: Bearer $token" "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records/$record_id"
       - uses: mshick/add-pr-comment@v2

From 583ee631df024b5f0b43b088fd416878a1062ee6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 24 Jun 2023 21:09:02 +0200
Subject: [PATCH 1250/2268] refactor: Move GitRef into types package

---
 api/v1beta1/kluctldeployment_types.go |  2 +-
 api/v1beta1/util_types.go             | 29 --------------------------
 pkg/types/git_project.go              | 30 ++++++++++++++++++++++++++-
 3 files changed, 30 insertions(+), 31 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 4d961bb07..10141c642 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -225,7 +225,7 @@ type ProjectSource struct {
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// +optional
-	Ref *GitRef `json:"ref,omitempty"`
+	Ref *types.GitRef `json:"ref,omitempty"`
 
 	// Path specifies the sub-directory to be used as project directory
 	// +optional
diff --git a/api/v1beta1/util_types.go b/api/v1beta1/util_types.go
index efe1e987a..1889c6aef 100644
--- a/api/v1beta1/util_types.go
+++ b/api/v1beta1/util_types.go
@@ -1,7 +1,6 @@
 package v1beta1
 
 import (
-	"fmt"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -30,31 +29,3 @@ type SecretKeyReference struct {
 type SafeDuration struct {
 	metav1.Duration
 }
-
-type GitRef struct {
-	// Branch to filter for. Can also be a regex.
-	// +optional
-	Branch string `json:"branch,omitempty"`
-
-	// Branch to filter for. Can also be a regex.
-	// +optional
-	Tag string `json:"tag,omitempty"`
-
-	// TODO
-	// Commit SHA to check out, takes precedence over all reference fields.
-	// +optional
-	// Commit string `json:"commit,omitempty"`
-}
-
-func (r *GitRef) String() string {
-	if r == nil {
-		return ""
-	}
-	if r.Tag != "" {
-		return fmt.Sprintf("refs/tags/%s", r.Tag)
-	} else if r.Branch != "" {
-		return fmt.Sprintf("refs/heads/%s", r.Branch)
-	} else {
-		return ""
-	}
-}
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index e73cff058..742ffca27 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -9,7 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
-// gitDirPatternNeg defines forbiden characters on git directory path/subDir
+// gitDirPatternNeg defines forbidden characters on git directory path/subDir
 var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
 
 type GitProject struct {
@@ -27,6 +27,34 @@ func (gp *GitProject) UnmarshalJSON(b []byte) error {
 	return yaml.ReadYamlBytes(b, (*raw)(gp))
 }
 
+type GitRef struct {
+	// Branch to filter for. Can also be a regex.
+	// +optional
+	Branch string `json:"branch,omitempty"`
+
+	// Branch to filter for. Can also be a regex.
+	// +optional
+	Tag string `json:"tag,omitempty"`
+
+	// TODO
+	// Commit SHA to check out, takes precedence over all reference fields.
+	// +optional
+	// Commit string `json:"commit,omitempty"`
+}
+
+func (r *GitRef) String() string {
+	if r == nil {
+		return ""
+	}
+	if r.Tag != "" {
+		return fmt.Sprintf("refs/tags/%s", r.Tag)
+	} else if r.Branch != "" {
+		return fmt.Sprintf("refs/heads/%s", r.Branch)
+	} else {
+		return ""
+	}
+}
+
 // invalidDirName evaluate directory name against forbidden characters
 func invalidDirName(dirName string) bool {
 	return gitDirPatternNeg.MatchString(dirName)

From b3af8aeb0f27dcb28605fcd2bbd97478aa6cc168 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 24 Jun 2023 21:35:36 +0200
Subject: [PATCH 1251/2268] feat: Use GitRef everywhere and add compatibility
 code for the string based version

---
 Makefile                                      |  2 +-
 api/v1beta1/zz_generated.deepcopy.go          | 17 +---
 .../gitops.kluctl.io_kluctldeployments.yaml   |  4 +-
 docs/installation.md                          |  3 +-
 docs/reference/deployments/deployment-yml.md  | 14 ++-
 docs/reference/templating/variable-sources.md |  3 +-
 e2e/gitops_errors_test.go                     |  4 +-
 install/controller/controller/crd.yaml        |  4 +-
 pkg/controllers/kluctl_project.go             |  4 +-
 pkg/deployment/commands/result_utils.go       | 10 ++-
 pkg/deployment/deployment_project.go          |  7 +-
 pkg/kluctl_project/target_context.go          |  2 +-
 pkg/repocache/cache.go                        | 33 ++++---
 pkg/types/git_project.go                      | 76 +++++++++++++---
 pkg/types/git_project_test.go                 | 42 +++++++++
 pkg/types/result/command_result.go            |  2 +-
 pkg/types/result/zz_generated.deepcopy.go     |  5 ++
 pkg/types/vars_source.go                      |  6 +-
 pkg/types/zz_generated.deepcopy.go            | 25 ++++++
 pkg/vars/vars_loader.go                       | 17 ++--
 pkg/vars/vars_loader_test.go                  | 90 +++++++++----------
 pkg/webui/ui/src/api.tsx                      | 15 +++-
 .../nodes/DeploymentItemIncludeNode.tsx       |  7 +-
 .../result-view/nodes/VarsSourceNode.tsx      |  7 +-
 pkg/webui/ui/src/models.ts                    | 76 ++++++++++++++--
 25 files changed, 346 insertions(+), 129 deletions(-)
 create mode 100644 pkg/types/git_project_test.go

diff --git a/Makefile b/Makefile
index 699f4dc83..a9607438e 100644
--- a/Makefile
+++ b/Makefile
@@ -73,8 +73,8 @@ api-docs: gen-crd-api-reference-docs
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	go generate ./...
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+	go generate ./...
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 338ac5635..ad09bad7f 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -48,21 +48,6 @@ func (in *Decryption) DeepCopy() *Decryption {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitRef) DeepCopyInto(out *GitRef) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRef.
-func (in *GitRef) DeepCopy() *GitRef {
-	if in == nil {
-		return nil
-	}
-	out := new(GitRef)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmCredentials) DeepCopyInto(out *HelmCredentials) {
 	*out = *in
@@ -312,7 +297,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	in.URL.DeepCopyInto(&out.URL)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(GitRef)
+		*out = new(types.GitRef)
 		**out = **in
 	}
 	if in.SecretRef != nil {
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 7b18591d0..274690ef9 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -302,10 +302,10 @@ spec:
                       be used. If omitted, the default branch of the repo is used.
                     properties:
                       branch:
-                        description: Branch to filter for. Can also be a regex.
+                        description: Branch to use.
                         type: string
                       tag:
-                        description: Branch to filter for. Can also be a regex.
+                        description: Tag to use.
                         type: string
                     type: object
                   secretRef:
diff --git a/docs/installation.md b/docs/installation.md
index d1f2bbc17..31dc150b6 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -113,5 +113,6 @@ deployments:
   - git:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
-      ref: v2.20.4
+      ref:
+        tag: v2.20.4
 ```
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 8689ada5a..2dcef07b5 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -103,13 +103,19 @@ Advanced Example:
 deployments:
 - git:
     url: git@github.com/example/example.git
-    ref: my-branch
+    ref:
+      branch: my-branch
     subDir: some/sub/dir
 ```
 
-The url specifies the Git url to be cloned and checked out. `ref` is optional and specifies the branch or tag to be used.
-If `ref` is omitted, the default branch will be checked out. `subDir` is optional and specifies the sub directory inside
-the git repository to include.
+The url specifies the Git url to be cloned and checked out.
+
+`ref` is optional and specifies the branch or tag to be used. To specify a branch, set the sub-field `branch` as seen
+in the above example. To pass a tag, set the `tag` field instead.
+
+If `ref` is omitted, the default branch will be checked out.
+
+`subDir` is optional and specifies the sub directory inside the git repository to include.
 
 ### Barriers
 Causes kluctl to wait until all previous kustomize deployments have been applied. This is useful when
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 4ed5dac62..25a52dbdf 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -91,7 +91,8 @@ This loads variables from a git repository. Example:
 vars:
   - git:
       url: ssh://git@github.com/example/repo.git
-      ref: my-branch
+      ref:
+        branch: my-branch
       path: path/to/vars.yaml
 ```
 
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 2d015ffaa..33169a4c8 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -200,10 +200,10 @@ data:
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 	suite.Run("non existing git branch", func() {
-		var backup *kluctlv1.GitRef
+		var backup *types.GitRef
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			backup = kd.Spec.Source.Ref
-			kd.Spec.Source.Ref = &kluctlv1.GitRef{
+			kd.Spec.Source.Ref = &types.GitRef{
 				Branch: "invalid",
 			}
 		})
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 0159cc23b..32ea5b83d 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -302,10 +302,10 @@ spec:
                       be used. If omitted, the default branch of the repo is used.
                     properties:
                       branch:
-                        description: Branch to filter for. Can also be a regex.
+                        description: Branch to use.
                         type: string
                       tag:
-                        description: Branch to filter for. Can also be a regex.
+                        description: Tag to use.
                         type: string
                     type: object
                   secretRef:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 45a214962..cf1cf1140 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -96,7 +96,7 @@ func prepareProject(ctx context.Context,
 			return nil, fmt.Errorf("failed clone source: %w", err)
 		}
 
-		clonedDir, gi, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref.String())
+		clonedDir, gi, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref)
 		if err != nil {
 			return nil, err
 		}
@@ -652,7 +652,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	}
 
 	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
-	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref.String()
+	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref
 	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.RepoKey()
 
 	var err error
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 52e210d98..b07fd94f6 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -133,11 +133,19 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 
 	r.GitInfo = result.GitInfo{
 		Url:    originUrl,
-		Ref:    head.Name().String(),
 		SubDir: subDir,
 		Commit: head.Hash().String(),
 		Dirty:  !s.IsClean(),
 	}
+	if head.Name().IsBranch() {
+		r.GitInfo.Ref = &types.GitRef{
+			Branch: head.Name().Short(),
+		}
+	} else if head.Name().IsTag() {
+		r.GitInfo.Ref = &types.GitRef{
+			Tag: head.Name().Short(),
+		}
+	}
 	r.ProjectKey.GitRepoKey = repoKey
 	r.ProjectKey.SubDir = subDir
 	return nil
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 34c7d713e..f8beb135c 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -73,7 +73,7 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 }
 
 func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*types.VarsSource) error {
-	return p.ctx.VarsLoader.LoadVarsList(varsCtx, varsList, p.getRenderSearchDirs(), "")
+	return p.ctx.VarsLoader.LoadVarsList(p.ctx.Ctx, varsCtx, varsList, p.getRenderSearchDirs(), "")
 }
 
 func (p *DeploymentProject) loadConfig() error {
@@ -201,6 +201,11 @@ func (p *DeploymentProject) loadIncludes() error {
 			if err != nil {
 				return err
 			}
+			if inc.Git.Ref != nil && inc.Git.Ref.Ref != "" {
+				status.Deprecation(p.ctx.Ctx, "git-include-string-ref", "Passing 'ref' as string into git includes is "+
+					"deprecated and support for this will be removed in a future version of Kluctl. Please refer to the "+
+					"documentation for details: https://kluctl.io/docs/kluctl/reference/deployments/deployment-yml/#git-includes")
+			}
 			cloneDir, _, err := ge.GetClonedDir(inc.Git.Ref)
 			if err != nil {
 				return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 57c0b0a27..08d1caf51 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -231,7 +231,7 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 		if err != nil {
 			return err
 		}
-		err = varsLoader.LoadVarsList(varsCtx, secretEntry.Vars, searchDirs, "secrets")
+		err = varsLoader.LoadVarsList(p.ctx, varsCtx, secretEntry.Vars, searchDirs, "secrets")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index 782c8a4b0..f16c2b7d7 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -38,10 +38,10 @@ type CacheEntry struct {
 	rp         *GitRepoCache
 	url        types.GitUrl
 	mr         *git.MirroredGitRepo
-	defaultRef string
+	defaultRef types.GitRef
 	refs       map[string]string
 
-	clonedDirs   map[string]clonedDir
+	clonedDirs   map[types.GitRef]clonedDir
 	updateMutex  sync.Mutex
 	overridePath string
 }
@@ -49,7 +49,7 @@ type CacheEntry struct {
 type RepoInfo struct {
 	Url        types.GitUrl      `json:"url"`
 	RemoteRefs map[string]string `json:"remoteRefs"`
-	DefaultRef string            `json:"defaultRef"`
+	DefaultRef types.GitRef      `json:"defaultRef"`
 }
 
 type RepoOverride struct {
@@ -128,7 +128,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 			rp:           rp,
 			url:          url,
 			mr:           nil, // mark as overridden
-			clonedDirs:   map[string]clonedDir{},
+			clonedDirs:   map[types.GitRef]clonedDir{},
 			overridePath: overridePath,
 		}
 		rp.repos[repoKey] = e
@@ -145,7 +145,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 			rp:         rp,
 			url:        url,
 			mr:         mr,
-			clonedDirs: map[string]clonedDir{},
+			clonedDirs: map[types.GitRef]clonedDir{},
 		}
 		rp.repos[repoKey] = e
 	}
@@ -191,11 +191,17 @@ func (e *CacheEntry) Update() error {
 		return err
 	}
 
-	e.defaultRef, err = e.mr.DefaultRef()
+	defaultRefStr, err := e.mr.DefaultRef()
 	if err != nil {
 		return err
 	}
 
+	defaultRef, err := types.ParseGitRef(defaultRefStr)
+	if err != nil {
+		return err
+	}
+	e.defaultRef = defaultRef
+
 	return nil
 }
 
@@ -221,6 +227,7 @@ func (e *CacheEntry) findCommit(ref string) (string, string, error) {
 		}
 		return ref, c, nil
 	default:
+		// TODO remove this compatibility code
 		ref2 := "refs/heads/" + ref
 		c, ok := e.refs[ref2]
 		if ok {
@@ -235,7 +242,7 @@ func (e *CacheEntry) findCommit(ref string) (string, string, error) {
 	}
 }
 
-func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error) {
+func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo, error) {
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 
@@ -247,10 +254,10 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 
 	url := e.url
 	repoName := path.Base(url.Normalize().Path) + "-"
-	if ref == "" {
+	if ref == nil {
 		repoName += "HEAD-"
 	} else {
-		repoName += ref + "-"
+		repoName += ref.String() + "-"
 	}
 	repoName = strings.ReplaceAll(repoName, "/", "-")
 
@@ -277,11 +284,11 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 	}
 	defer e.mr.Unlock()
 
-	if ref == "" {
-		ref = e.defaultRef
+	if ref == nil {
+		ref = &e.defaultRef
 	}
 
-	ref2, commit, err := e.findCommit(ref)
+	ref2, commit, err := e.findCommit(ref.String())
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
@@ -298,7 +305,7 @@ func (e *CacheEntry) GetClonedDir(ref string) (string, git.CheckoutInfo, error)
 
 	repoInfo.CheckedOutRef = ref2
 
-	e.clonedDirs[ref] = clonedDir{
+	e.clonedDirs[*ref] = clonedDir{
 		dir:  p,
 		info: repoInfo,
 	}
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 742ffca27..7e2a6c124 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -1,6 +1,7 @@
 package types
 
 import (
+	"encoding/json"
 	"fmt"
 	"regexp"
 	"strings"
@@ -13,9 +14,9 @@ import (
 var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
 
 type GitProject struct {
-	Url    GitUrl `json:"url" validate:"required"`
-	Ref    string `json:"ref,omitempty"`
-	SubDir string `json:"subDir,omitempty"`
+	Url    GitUrl  `json:"url" validate:"required"`
+	Ref    *GitRef `json:"ref,omitempty"`
+	SubDir string  `json:"subDir,omitempty"`
 }
 
 func (gp *GitProject) UnmarshalJSON(b []byte) error {
@@ -28,33 +29,86 @@ func (gp *GitProject) UnmarshalJSON(b []byte) error {
 }
 
 type GitRef struct {
-	// Branch to filter for. Can also be a regex.
+	// Branch to use.
 	// +optional
 	Branch string `json:"branch,omitempty"`
 
-	// Branch to filter for. Can also be a regex.
+	// Tag to use.
 	// +optional
 	Tag string `json:"tag,omitempty"`
 
+	// Ref is only used to keep compatibility to the old string based ref field in GitProject
+	// You are not allowed to use it directly
+	Ref string `json:"-"`
+
 	// TODO
 	// Commit SHA to check out, takes precedence over all reference fields.
 	// +optional
 	// Commit string `json:"commit,omitempty"`
 }
 
-func (r *GitRef) String() string {
-	if r == nil {
+func (ref *GitRef) UnmarshalJSON(b []byte) error {
+	if err := yaml.ReadYamlBytes(b, &ref.Ref); err == nil {
+		// it's a simple string
+		return nil
+	}
+	ref.Ref = ""
+	type raw GitRef
+	err := yaml.ReadYamlBytes(b, (*raw)(ref))
+	if err != nil {
+		return err
+	}
+
+	cnt := 0
+	if ref.Tag != "" {
+		cnt++
+	}
+	if ref.Branch != "" {
+		cnt++
+	}
+	if cnt == 0 {
+		return fmt.Errorf("either branch or tag must be set")
+	}
+	if cnt != 1 {
+		return fmt.Errorf("only one of the ref fields can be set")
+	}
+	return nil
+}
+
+func (ref GitRef) MarshalJSON() ([]byte, error) {
+	if ref.Ref != "" {
+		return json.Marshal(ref.Ref)
+	}
+
+	type raw GitRef
+	return json.Marshal((*raw)(&ref))
+}
+
+func (ref *GitRef) String() string {
+	if ref == nil {
 		return ""
 	}
-	if r.Tag != "" {
-		return fmt.Sprintf("refs/tags/%s", r.Tag)
-	} else if r.Branch != "" {
-		return fmt.Sprintf("refs/heads/%s", r.Branch)
+	if ref.Tag != "" {
+		return fmt.Sprintf("refs/tags/%s", ref.Tag)
+	} else if ref.Branch != "" {
+		return fmt.Sprintf("refs/heads/%s", ref.Branch)
+	} else if ref.Ref != "" {
+		return ref.Ref
 	} else {
 		return ""
 	}
 }
 
+func ParseGitRef(s string) (GitRef, error) {
+	if strings.HasPrefix(s, "refs/heads/") {
+		return GitRef{Branch: strings.SplitN(s, "/", 3)[2]}, nil
+	} else if strings.HasPrefix(s, "refs/tags/") {
+		return GitRef{Tag: strings.SplitN(s, "/", 3)[2]}, nil
+	} else {
+		return GitRef{}, fmt.Errorf("can't parse %s as GitRef", s)
+	}
+}
+
 // invalidDirName evaluate directory name against forbidden characters
 func invalidDirName(dirName string) bool {
 	return gitDirPatternNeg.MatchString(dirName)
diff --git a/pkg/types/git_project_test.go b/pkg/types/git_project_test.go
new file mode 100644
index 000000000..eb0a88bd6
--- /dev/null
+++ b/pkg/types/git_project_test.go
@@ -0,0 +1,42 @@
+package types
+
+import (
+	"encoding/json"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestMarshaGitRefString(t *testing.T) {
+	var ref GitRef
+	err := json.Unmarshal([]byte(`"as_string"`), &ref)
+	assert.NoError(t, err)
+	assert.Equal(t, "as_string", ref.Ref)
+
+	b, err := json.Marshal(&ref)
+	assert.NoError(t, err)
+	assert.Equal(t, `"as_string"`, string(b))
+}
+
+func TestMarshalGitRef(t *testing.T) {
+	s := `{"branch": "branch1"}`
+	var ref GitRef
+	err := json.Unmarshal([]byte(s), &ref)
+	assert.NoError(t, err)
+	assert.Equal(t, "branch1", ref.Branch)
+	assert.Empty(t, ref.Tag)
+
+	s = `{"tag": "tag1"}`
+	ref = GitRef{}
+	err = json.Unmarshal([]byte(s), &ref)
+	assert.NoError(t, err)
+	assert.Equal(t, "tag1", ref.Tag)
+	assert.Empty(t, ref.Branch)
+}
+
+func TestMarshalGitRefErrors(t *testing.T) {
+	err := json.Unmarshal([]byte(`{"branch": "branch1", "tag": "tag1"}`), &GitRef{})
+	assert.EqualError(t, err, "only one of the ref fields can be set")
+
+	err = json.Unmarshal([]byte(`{}`), &GitRef{})
+	assert.EqualError(t, err, "either branch or tag must be set")
+}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 683086d98..9a4826f30 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -97,7 +97,7 @@ type CommandInfo struct {
 
 type GitInfo struct {
 	Url    *types.GitUrl `json:"url"`
-	Ref    string        `json:"ref"`
+	Ref    *types.GitRef `json:"ref"`
 	SubDir string        `json:"subDir"`
 	Commit string        `json:"commit"`
 	Dirty  bool          `json:"dirty"`
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 3c35c8174..e978cb4cf 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -329,6 +329,11 @@ func (in *GitInfo) DeepCopyInto(out *GitInfo) {
 		in, out := &in.Url, &out.Url
 		*out = (*in).DeepCopy()
 	}
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(types.GitRef)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitInfo.
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 7eacffe4e..1723111c5 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -8,9 +8,9 @@ import (
 )
 
 type VarsSourceGit struct {
-	Url  GitUrl `json:"url" validate:"required"`
-	Ref  string `json:"ref,omitempty"`
-	Path string `json:"path" validate:"required"`
+	Url  GitUrl  `json:"url" validate:"required"`
+	Ref  *GitRef `json:"ref,omitempty"`
+	Path string  `json:"path" validate:"required"`
 }
 
 type VarsSourceClusterConfigMapOrSecret struct {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 4f8c638e0..47523ab20 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -322,6 +322,11 @@ func (in *FixedImagesConfig) DeepCopy() *FixedImagesConfig {
 func (in *GitProject) DeepCopyInto(out *GitProject) {
 	*out = *in
 	in.Url.DeepCopyInto(&out.Url)
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(GitRef)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitProject.
@@ -334,6 +339,21 @@ func (in *GitProject) DeepCopy() *GitProject {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitRef) DeepCopyInto(out *GitRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRef.
+func (in *GitRef) DeepCopy() *GitRef {
+	if in == nil {
+		return nil
+	}
+	out := new(GitRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GitRepoKey) DeepCopyInto(out *GitRepoKey) {
 	*out = *in
@@ -807,6 +827,11 @@ func (in *VarsSourceClusterConfigMapOrSecret) DeepCopy() *VarsSourceClusterConfi
 func (in *VarsSourceGit) DeepCopyInto(out *VarsSourceGit) {
 	*out = *in
 	in.Url.DeepCopyInto(&out.Url)
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(GitRef)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceGit.
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 8ef2b6ed5..c8109b111 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -51,9 +52,9 @@ func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops *decryptor.Decry
 	}
 }
 
-func (v *VarsLoader) LoadVarsList(varsCtx *VarsCtx, varsList []*types.VarsSource, searchDirs []string, rootKey string) error {
+func (v *VarsLoader) LoadVarsList(ctx context.Context, varsCtx *VarsCtx, varsList []*types.VarsSource, searchDirs []string, rootKey string) error {
 	for _, source := range varsList {
-		err := v.LoadVars(varsCtx, source, searchDirs, rootKey)
+		err := v.LoadVars(ctx, varsCtx, source, searchDirs, rootKey)
 		if err != nil {
 			return err
 		}
@@ -61,7 +62,7 @@ func (v *VarsLoader) LoadVarsList(varsCtx *VarsCtx, varsList []*types.VarsSource
 	return nil
 }
 
-func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, searchDirs []string, rootKey string) error {
+func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *types.VarsSource, searchDirs []string, rootKey string) error {
 	if sourceIn.RenderedVars != nil && len(sourceIn.RenderedVars.Object) != 0 {
 		return fmt.Errorf("renderedVars is not allowed here")
 	}
@@ -106,7 +107,7 @@ func (v *VarsLoader) LoadVars(varsCtx *VarsCtx, sourceIn *types.VarsSource, sear
 	} else if source.File != nil {
 		newVars, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
 	} else if source.Git != nil {
-		newVars, err = v.loadGit(varsCtx, source.Git, ignoreMissing)
+		newVars, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
 		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
@@ -260,12 +261,18 @@ func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignor
 	return v.loadFromString(varsCtx, *secret)
 }
 
-func (v *VarsLoader) loadGit(varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	ge, err := v.rp.GetEntry(gitFile.Url)
 	if err != nil {
 		return nil, err
 	}
 
+	if gitFile.Ref != nil && gitFile.Ref.Ref != "" {
+		status.Deprecation(ctx, "git-vars-string-ref", "Passing 'ref' as string into git vars source is "+
+			"deprecated and support for this will be removed in a future version of Kluctl. Please refer to the "+
+			"documentation for details: https://kluctl.io/docs/kluctl/reference/templating/variable-sources/#git")
+	}
+
 	clonedDir, _, err := ge.GetClonedDir(gitFile.Ref)
 	if err != nil {
 		return nil, fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 205a68c2c..5aef1da6d 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -58,7 +58,7 @@ func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aw
 
 func TestVarsLoader_Values(t *testing.T) {
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
 		assert.NoError(t, err)
@@ -70,13 +70,13 @@ func TestVarsLoader_Values(t *testing.T) {
 
 func TestVarsLoader_ValuesNoOverrides(t *testing.T) {
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
 		assert.NoError(t, err)
 
 		b := true
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values:     uo.FromStringMust(`{"test1": {"test2": 43}}`),
 			NoOverride: &b,
 		}, nil, "")
@@ -89,11 +89,11 @@ func TestVarsLoader_ValuesNoOverrides(t *testing.T) {
 
 func TestVarsLoader_When(t *testing.T) {
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "a"}`),
 		}, nil, "")
 		assert.NoError(t, err)
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "b"}`),
 			When:   `test1 == "b"`,
 		}, nil, "")
@@ -101,7 +101,7 @@ func TestVarsLoader_When(t *testing.T) {
 		v, _, _ := vc.Vars.GetNestedString("test1")
 		assert.Equal(t, "a", v)
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "b"}`),
 			When:   `test1 == "a"`,
 		}, nil, "")
@@ -116,7 +116,7 @@ func TestVarsLoader_File(t *testing.T) {
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
 		assert.NoError(t, err)
@@ -127,7 +127,7 @@ func TestVarsLoader_File(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			File:          utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
@@ -139,7 +139,7 @@ func TestVarsLoader_File(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			File:          utils.StrPtr("test-missing.yaml"),
 		}, []string{d}, "")
@@ -156,7 +156,7 @@ func TestVarsLoader_SopsFile(t *testing.T) {
 	t.Setenv(age.SopsAgeKeyEnv, string(key))
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
 		assert.NoError(t, err)
@@ -172,7 +172,7 @@ func TestVarsLoader_FileWithLoad(t *testing.T) {
 	_ = os.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
 		assert.NoError(t, err)
@@ -189,7 +189,7 @@ func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
 	_ = os.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d, filepath.Join(d, "subdir")}, "")
 		assert.NoError(t, err)
@@ -204,7 +204,7 @@ func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
 		assert.EqualError(t, err, "failed to render vars file test.yaml: template test3.txt not found")
@@ -223,7 +223,7 @@ func TestVarsLoader_Git(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
 				Path: "test.yaml",
@@ -238,7 +238,7 @@ func TestVarsLoader_Git(t *testing.T) {
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			Git: &types.VarsSourceGit{
 				Url:  *url,
@@ -274,11 +274,11 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
 				Path: "test.yaml",
-				Ref:  "testbranch",
+				Ref:  &types.GitRef{Branch: "testbranch"},
 			},
 		}, nil, "")
 		assert.NoError(t, err)
@@ -298,7 +298,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 	}
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
 				Namespace: "ns",
@@ -312,7 +312,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 	}, &cm)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm1",
 				Namespace: "ns",
@@ -321,7 +321,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 		}, nil, "")
 		assert.EqualError(t, err, "configmaps \"cm1\" not found")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
 				Namespace: "ns",
@@ -333,7 +333,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm-missing",
@@ -345,7 +345,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 	}, &cm)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
 				Namespace: "ns",
@@ -356,7 +356,7 @@ func TestVarsLoader_ClusterConfigMap(t *testing.T) {
 	}, &cm)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:       "cm",
 				Namespace:  "ns",
@@ -380,7 +380,7 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 	}
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s",
 				Namespace: "ns",
@@ -394,7 +394,7 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 	}, &secret)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s1",
 				Namespace: "ns",
@@ -403,7 +403,7 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 		}, nil, "")
 		assert.EqualError(t, err, "secrets \"s1\" not found")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s",
 				Namespace: "ns",
@@ -415,7 +415,7 @@ func TestVarsLoader_ClusterSecret(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s-missing",
@@ -442,7 +442,7 @@ func TestVarsLoader_K8sObjectLabels(t *testing.T) {
 	}
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label1": "value1"},
 				Namespace: "ns",
@@ -456,7 +456,7 @@ func TestVarsLoader_K8sObjectLabels(t *testing.T) {
 	}, &cm1, &cm2)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label2": "value2"},
 				Namespace: "ns",
@@ -471,7 +471,7 @@ func TestVarsLoader_K8sObjectLabels(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label2": "value-missing"},
@@ -489,7 +489,7 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 	t.Setenv("TEST4", "44")
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test1": "TEST1",
 				"test2": "TEST2",
@@ -527,7 +527,7 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 	})
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test5": "TEST5",
 			}),
@@ -537,7 +537,7 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test1": "TEST-MISSING",
@@ -566,7 +566,7 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/ok"
 
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
 			},
@@ -581,7 +581,7 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/missing"
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
@@ -594,7 +594,7 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/error"
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
@@ -627,14 +627,14 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 	u, _ := url.Parse(ts.URL)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
 			},
 		}, nil, "")
 		assert.ErrorContains(t, err, "failed with status code 542")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:    types.YamlUrl{URL: *u},
 				Method: utils.StrPtr("POST"),
@@ -642,7 +642,7 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 		}, nil, "")
 		assert.ErrorContains(t, err, "failed with status code 543")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:    types.YamlUrl{URL: *u},
 				Method: utils.StrPtr("POST"),
@@ -651,7 +651,7 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 		}, nil, "")
 		assert.ErrorContains(t, err, "failed with status code 544")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:     types.YamlUrl{URL: *u},
 				Method:  utils.StrPtr("POST"),
@@ -674,7 +674,7 @@ func TestVarsLoader_Http_JsonPath(t *testing.T) {
 	u, _ := url.Parse(ts.URL)
 
 	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:      types.YamlUrl{URL: *u},
 				JsonPath: utils.StrPtr("test1"),
@@ -693,14 +693,14 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 			"secret": `{"test1": {"test2": 42}}`,
 		}
 
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "secret",
 			},
 		}, nil, "")
 		assert.EqualError(t, err, "when omitting the AWS region, the secret name must be a valid ARN")
 
-		err = vl.LoadVars(vc, &types.VarsSource{
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "secret",
 				Region:     utils.StrPtr("eu-central1"),
@@ -717,7 +717,7 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 			"secret": `{"test1": {"test2": 42}}`,
 		}
 
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "arn:aws:secretsmanager:eu-central-1:12345:secret:secret",
 			},
@@ -734,7 +734,7 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 		}
 
 		b := true
-		err := vl.LoadVars(vc, &types.VarsSource{
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "missing",
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 0958c4793..09b2b771d 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,6 +1,6 @@
 import {
     CommandResult,
-    CommandResultSummary,
+    CommandResultSummary, GitRef,
     ObjectRef,
     ProjectKey,
     ResultObject,
@@ -375,6 +375,19 @@ export function buildObjectRefFromObject(obj: any): ObjectRef {
     return ref
 }
 
+export function buildGitRefString(ref?: GitRef) {
+    if (!ref) {
+        return "HEAD"
+    }
+    if (ref.branch) {
+        return ref.branch
+    } else if (ref.tag) {
+        return ref.tag
+    } else {
+        return "<unknown>"
+    }
+}
+
 export function findObjectByRef(l: ResultObject[] | undefined, ref: ObjectRef, filter?: (o: ResultObject) => boolean): ResultObject | undefined {
     return l?.find(x => {
         if (filter && !filter(x)) {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
index 096917f17..2a50d9274 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
@@ -7,6 +7,7 @@ import { CommandResultProps } from "../CommandResultView";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
 import { SidePanelTab } from "../SidePanel";
+import { buildGitRefString } from "../../../api";
 
 
 export class DeploymentItemIncludeNodeData extends NodeData {
@@ -59,11 +60,7 @@ export class DeploymentItemIncludeNodeData extends NodeData {
             props.push({name: "Type", value: "GitInclude"})
             props.push({name: "Url", value: this.deploymentItem.git.url})
             props.push({name: "SubDir", value: this.deploymentItem.git.subDir})
-            let ref = "HEAD"
-            if (this.deploymentItem.git.ref) {
-                ref = this.deploymentItem.git.ref!
-            }
-            props.push({name: "Ref", value: ref})
+            props.push({name: "Ref", value: buildGitRefString(this.deploymentItem.git.ref)})
         } else {
             props.push({name: "Type", value: "Unknown"})
         }
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
index e337cd4fd..b03fe24bf 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
@@ -10,6 +10,7 @@ import { CommandResultProps } from "../CommandResultView";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
+import { buildGitRefString } from "../../../api";
 
 interface VarsSourceHandler {
     type: string
@@ -80,11 +81,7 @@ export class VarsSourceNodeData extends NodeData {
                     const sourceProps = []
                     sourceProps.push({name: "Url", value: this.varsSource.git!.url})
                     sourceProps.push({name: "Path", value: this.varsSource.git!.path})
-                    let ref = "HEAD"
-                    if (this.varsSource.git!.ref) {
-                        ref = this.varsSource.git!.ref!
-                    }
-                    sourceProps.push({name: "Ref", value: ref})
+                    sourceProps.push({name: "Ref", value: buildGitRefString(this.varsSource.git?.ref)})
                     return sourceProps
                 }
             }
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 333a71ee5..e6dadf600 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -151,15 +151,33 @@ export class DeleteObjectItemConfig {
 }
 export class GitProject {
     url: string;
-    ref?: string;
+    ref?: GitRef;
     subDir?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = source["ref"];
+        this.ref = this.convertValues(source["ref"], GitRef);
         this.subDir = source["subDir"];
     }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
 }
 export class DeploymentItemConfig {
     path?: string;
@@ -281,15 +299,33 @@ export class VarsSourceClusterConfigMapOrSecret {
 }
 export class VarsSourceGit {
     url: string;
-    ref?: string;
+    ref?: GitRef;
     path: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = source["ref"];
+        this.ref = this.convertValues(source["ref"], GitRef);
         this.path = source["path"];
     }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
 }
 export class VarsSource {
     ignoreMissing?: boolean;
@@ -391,9 +427,19 @@ export class ClusterInfo {
         this.clusterId = source["clusterId"];
     }
 }
+export class GitRef {
+    branch?: string;
+    tag?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.branch = source["branch"];
+        this.tag = source["tag"];
+    }
+}
 export class GitInfo {
     url?: string;
-    ref: string;
+    ref?: GitRef;
     subDir: string;
     commit: string;
     dirty: boolean;
@@ -401,11 +447,29 @@ export class GitInfo {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = source["ref"];
+        this.ref = this.convertValues(source["ref"], GitRef);
         this.subDir = source["subDir"];
         this.commit = source["commit"];
         this.dirty = source["dirty"];
     }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
 }
 export class KluctlDeploymentInfo {
     name: string;

From 01bae4b6c28075254710f9e6b8f16ff8f1411f3d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 24 Jun 2023 23:54:21 +0200
Subject: [PATCH 1252/2268] tests: Add tests for git includes with refs

---
 e2e/git_include_test.go   | 121 ++++++++++++++++++++++++++++++++++++++
 e2e/test-utils/project.go |   8 +++
 2 files changed, 129 insertions(+)

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 61ab9c593..7d427992b 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -2,6 +2,8 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -64,6 +66,125 @@ func TestGitInclude(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
 
+func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, update func()) {
+	err := p.GetGitWorktree().Checkout(&git.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("master"),
+	})
+	assert.NoError(t, err)
+	err = p.GetGitWorktree().Checkout(&git.CheckoutOptions{
+		Create: true,
+		Branch: plumbing.NewBranchReferenceName(branchName),
+	})
+	assert.NoError(t, err)
+
+	update()
+
+	if tagName != "" {
+		h, err := p.GetGitRepo().ResolveRevision(plumbing.Revision(branchName))
+		assert.NoError(t, err)
+		_, err = p.GetGitRepo().CreateTag(tagName, *h, nil)
+		assert.NoError(t, err)
+	}
+
+	err = p.GetGitWorktree().Checkout(&git.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("master"),
+	})
+	assert.NoError(t, err)
+}
+
+func TestGitIncludeRef(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+	ip1 := test_utils.NewTestProject(t)
+
+	addConfigMapDeployment(p, "cm", map[string]string{"a": "a"}, resourceOpts{
+		name:      "parent",
+		namespace: p.TestSlug(),
+	})
+
+	createBranchAndTag(t, ip1, "branch1", "tag1", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "branch1"}, resourceOpts{
+			name:      "branch1",
+			namespace: p.TestSlug(),
+		})
+	})
+
+	createBranchAndTag(t, ip1, "branch2", "tag2", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag2"}, resourceOpts{
+			name:      "tag2",
+			namespace: p.TestSlug(),
+		})
+	})
+
+	createBranchAndTag(t, ip1, "branch3", "tag3", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "branch3"}, resourceOpts{
+			name:      "branch3",
+			namespace: p.TestSlug(),
+		})
+	})
+
+	createBranchAndTag(t, ip1, "branch4", "tag4", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag4"}, resourceOpts{
+			name:      "tag4",
+			namespace: p.TestSlug(),
+		})
+	})
+
+	addConfigMapDeployment(ip1, "cm", map[string]string{"a": "HEAD"}, resourceOpts{
+		name:      "head",
+		namespace: p.TestSlug(),
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": map[string]any{
+				"branch": "branch1",
+			},
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": map[string]any{
+				"tag": "tag2",
+			},
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": "branch3",
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": "tag4",
+		},
+	}))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "parent")
+	assertConfigMapExists(t, k, p.TestSlug(), "head")
+	assertConfigMapExists(t, k, p.TestSlug(), "branch1")
+	assertConfigMapExists(t, k, p.TestSlug(), "tag2")
+	assertConfigMapExists(t, k, p.TestSlug(), "branch3")
+	assertConfigMapExists(t, k, p.TestSlug(), "tag4")
+}
+
 func TestLocalGitOverride(t *testing.T) {
 	t.Parallel()
 
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 358fe1dfe..818cb76cd 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -414,6 +414,14 @@ func (p *TestProject) GetGitRepo() *git.Repository {
 	return p.gitServer.GetGitRepo(p.gitRepoName)
 }
 
+func (p *TestProject) GetGitWorktree() *git.Worktree {
+	wt, err := p.GetGitRepo().Worktree()
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	return wt
+}
+
 func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)

From c5cb05bd42cd83ee867c424ea3d9cecd6843f2f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 00:41:34 +0200
Subject: [PATCH 1253/2268] fix: Properly support annotated git tags

---
 e2e/git_include_test.go  | 35 +++++++++++++++++++++++++++++------
 pkg/git/mirrored_repo.go | 14 ++++++++++++++
 pkg/repocache/cache.go   | 23 +++++++++++++++++++++++
 3 files changed, 66 insertions(+), 6 deletions(-)

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 7d427992b..48a4a1f16 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -66,7 +66,7 @@ func TestGitInclude(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
 
-func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, update func()) {
+func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, tagMessage string, update func()) {
 	err := p.GetGitWorktree().Checkout(&git.CheckoutOptions{
 		Branch: plumbing.NewBranchReferenceName("master"),
 	})
@@ -82,7 +82,14 @@ func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName stri
 	if tagName != "" {
 		h, err := p.GetGitRepo().ResolveRevision(plumbing.Revision(branchName))
 		assert.NoError(t, err)
-		_, err = p.GetGitRepo().CreateTag(tagName, *h, nil)
+
+		var to *git.CreateTagOptions
+		if tagMessage != "" {
+			to = &git.CreateTagOptions{
+				Message: tagMessage,
+			}
+		}
+		_, err = p.GetGitRepo().CreateTag(tagName, *h, to)
 		assert.NoError(t, err)
 	}
 
@@ -105,34 +112,41 @@ func TestGitIncludeRef(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	createBranchAndTag(t, ip1, "branch1", "tag1", func() {
+	createBranchAndTag(t, ip1, "branch1", "tag1", "", func() {
 		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "branch1"}, resourceOpts{
 			name:      "branch1",
 			namespace: p.TestSlug(),
 		})
 	})
 
-	createBranchAndTag(t, ip1, "branch2", "tag2", func() {
+	createBranchAndTag(t, ip1, "branch2", "tag2", "", func() {
 		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag2"}, resourceOpts{
 			name:      "tag2",
 			namespace: p.TestSlug(),
 		})
 	})
 
-	createBranchAndTag(t, ip1, "branch3", "tag3", func() {
+	createBranchAndTag(t, ip1, "branch3", "tag3", "", func() {
 		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "branch3"}, resourceOpts{
 			name:      "branch3",
 			namespace: p.TestSlug(),
 		})
 	})
 
-	createBranchAndTag(t, ip1, "branch4", "tag4", func() {
+	createBranchAndTag(t, ip1, "branch4", "tag4", "", func() {
 		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag4"}, resourceOpts{
 			name:      "tag4",
 			namespace: p.TestSlug(),
 		})
 	})
 
+	createBranchAndTag(t, ip1, "branch5", "tag5", "tag5", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag5"}, resourceOpts{
+			name:      "tag5",
+			namespace: p.TestSlug(),
+		})
+	})
+
 	addConfigMapDeployment(ip1, "cm", map[string]string{"a": "HEAD"}, resourceOpts{
 		name:      "head",
 		namespace: p.TestSlug(),
@@ -175,6 +189,14 @@ func TestGitIncludeRef(t *testing.T) {
 			"ref": "tag4",
 		},
 	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": map[string]any{
+				"tag": "tag5",
+			},
+		},
+	}))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "parent")
@@ -183,6 +205,7 @@ func TestGitIncludeRef(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "tag2")
 	assertConfigMapExists(t, k, p.TestSlug(), "branch3")
 	assertConfigMapExists(t, k, p.TestSlug(), "tag4")
+	assertConfigMapExists(t, k, p.TestSlug(), "tag5")
 }
 
 func TestLocalGitOverride(t *testing.T) {
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index b00becabb..5711354ce 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -389,6 +389,20 @@ func (g *MirroredGitRepo) GetGitTreeByCommit(commitHash string) (*object.Tree, e
 	return tree, nil
 }
 
+func (g *MirroredGitRepo) GetObjectByHash(hash string) (object.Object, error) {
+	if !g.IsLocked() || !g.hasUpdated {
+		panic("tried to read a file from a project that is not locked/updated")
+	}
+
+	r, err := git.PlainOpen(g.mirrorDir)
+	if err != nil {
+		return nil, err
+	}
+
+	h := plumbing.NewHash(hash)
+	return object.GetObject(r.Storer, h)
+}
+
 func buildMirrorRepoName(u types.GitUrl) string {
 	h := sha256.New()
 	h.Write([]byte(u.String()))
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index f16c2b7d7..c7e227010 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -3,6 +3,8 @@ package repocache
 import (
 	"context"
 	"fmt"
+	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"path"
@@ -219,6 +221,27 @@ func (e *CacheEntry) GetRepoInfo() RepoInfo {
 }
 
 func (e *CacheEntry) findCommit(ref string) (string, string, error) {
+	ref, objectHash, err := e.findRef(ref)
+	if err != nil {
+		return "", "", err
+	}
+
+	o, err := e.mr.GetObjectByHash(objectHash)
+	if err != nil {
+		return "", "", err
+	}
+
+	if o.Type() == plumbing.CommitObject {
+		return ref, objectHash, nil
+	} else if o.Type() == plumbing.TagObject {
+		o2 := o.(*object.Tag)
+		return ref, o2.Target.String(), nil
+	} else {
+		return "", "", fmt.Errorf("unsupported object type %s", o.Type().String())
+	}
+}
+
+func (e *CacheEntry) findRef(ref string) (string, string, error) {
 	switch {
 	case strings.HasPrefix(ref, "refs/heads"), strings.HasPrefix(ref, "refs/tags"):
 		c, ok := e.refs[ref]

From 5ebc7517c59af94a1f287f9754a362654871afb4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 00:42:01 +0200
Subject: [PATCH 1254/2268] fix: Don't strip .git if the basename actually
 equals .git

---
 pkg/git/mirrored_repo.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 5711354ce..5afaeae2c 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -411,7 +411,7 @@ func buildMirrorRepoName(u types.GitUrl) string {
 	r := filepath.Base(u.Path)
 	r = strings.ReplaceAll(r, "/", "-")
 	r = strings.ReplaceAll(r, "\\", "-")
-	if strings.HasSuffix(r, ".git") {
+	if r != ".git" && strings.HasSuffix(r, ".git") {
 		r = r[:len(r)-len(".git")]
 	}
 	r += "-" + h2[:6]

From 4a3e871f075742e0cdd587dc14eb53b771c4b7fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 00:47:13 +0200
Subject: [PATCH 1255/2268] chore: Remove bogus logout.svg from build folder

---
 pkg/webui/ui/build/static/media/logout.svg | 4 ----
 1 file changed, 4 deletions(-)
 delete mode 100644 pkg/webui/ui/build/static/media/logout.svg

diff --git a/pkg/webui/ui/build/static/media/logout.svg b/pkg/webui/ui/build/static/media/logout.svg
deleted file mode 100644
index 427680845..000000000
--- a/pkg/webui/ui/build/static/media/logout.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path opacity="0.4" d="M15 12V27.9834C15 33.3334 18.3333 36.6667 23.6667 36.6667H27.9833C33.3167 36.6667 36.65 33.3334 36.65 28V12C36.6667 6.66671 33.3333 3.33337 28 3.33337H23.6667C18.3333 3.33337 15 6.66671 15 12Z" fill="#DFEBE9"/>
-<path d="M9.28324 13.5333L3.6999 19.1167C3.21657 19.6 3.21657 20.4 3.6999 20.8833L9.28324 26.4667C9.76657 26.95 10.5666 26.95 11.0499 26.4667C11.5332 25.9833 11.5332 25.1833 11.0499 24.7L7.5999 21.25H25.4166C26.0999 21.25 26.6666 20.6833 26.6666 20C26.6666 19.3167 26.0999 18.75 25.4166 18.75H7.5999L11.0499 15.3C11.2999 15.05 11.4166 14.7333 11.4166 14.4167C11.4166 14.1 11.2999 13.7667 11.0499 13.5333C10.5666 13.0333 9.78324 13.0333 9.28324 13.5333Z" fill="#DFEBE9"/>
-</svg>

From ebff3494db01118d4ce014396b6a72d23dead77f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 00:57:00 +0200
Subject: [PATCH 1256/2268] feat: Support commit refs in git includes and git
 var sources

---
 .../gitops.kluctl.io_kluctldeployments.yaml   |  3 +++
 docs/reference/deployments/deployment-yml.md  |  2 +-
 docs/reference/templating/variable-sources.md |  2 ++
 e2e/git_include_test.go                       | 26 ++++++++++++++++---
 install/controller/controller/crd.yaml        |  3 +++
 pkg/repocache/cache.go                        | 12 ++++++---
 pkg/types/git_project.go                      | 10 ++++---
 pkg/types/git_project_test.go                 |  2 +-
 pkg/webui/ui/src/models.ts                    |  2 ++
 9 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 274690ef9..d6113fd16 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -304,6 +304,9 @@ spec:
                       branch:
                         description: Branch to use.
                         type: string
+                      commit:
+                        description: Commit SHA to use.
+                        type: string
                       tag:
                         description: Tag to use.
                         type: string
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/reference/deployments/deployment-yml.md
index 2dcef07b5..a13d3670d 100644
--- a/docs/reference/deployments/deployment-yml.md
+++ b/docs/reference/deployments/deployment-yml.md
@@ -111,7 +111,7 @@ deployments:
 The url specifies the Git url to be cloned and checked out.
 
 `ref` is optional and specifies the branch or tag to be used. To specify a branch, set the sub-field `branch` as seen
-in the above example. To pass a tag, set the `tag` field instead.
+in the above example. To pass a tag, set the `tag` field instead. To pass a commit, set the `commit` field instead.
 
 If `ref` is omitted, the default branch will be checked out.
 
diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 25a52dbdf..ade3bcb1d 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -96,6 +96,8 @@ vars:
       path: path/to/vars.yaml
 ```
 
+The ref field has the same format at found in [Git includes](../deployments/deployment-yml.md#git-includes)
+
 Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
 [sops integration](../deployments/sops.md) integration for more details.
 
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 48a4a1f16..aeefc4bf6 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -66,7 +66,7 @@ func TestGitInclude(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
 
-func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, tagMessage string, update func()) {
+func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, tagMessage string, update func()) string {
 	err := p.GetGitWorktree().Checkout(&git.CheckoutOptions{
 		Branch: plumbing.NewBranchReferenceName("master"),
 	})
@@ -79,10 +79,10 @@ func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName stri
 
 	update()
 
-	if tagName != "" {
-		h, err := p.GetGitRepo().ResolveRevision(plumbing.Revision(branchName))
-		assert.NoError(t, err)
+	h, err := p.GetGitRepo().ResolveRevision(plumbing.Revision(branchName))
+	assert.NoError(t, err)
 
+	if tagName != "" {
 		var to *git.CreateTagOptions
 		if tagMessage != "" {
 			to = &git.CreateTagOptions{
@@ -97,6 +97,8 @@ func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName stri
 		Branch: plumbing.NewBranchReferenceName("master"),
 	})
 	assert.NoError(t, err)
+
+	return h.String()
 }
 
 func TestGitIncludeRef(t *testing.T) {
@@ -147,6 +149,13 @@ func TestGitIncludeRef(t *testing.T) {
 		})
 	})
 
+	commit6 := createBranchAndTag(t, ip1, "branch6", "tag6", "", func() {
+		addConfigMapDeployment(ip1, "cm", map[string]string{"a": "tag5"}, resourceOpts{
+			name:      "commit6",
+			namespace: p.TestSlug(),
+		})
+	})
+
 	addConfigMapDeployment(ip1, "cm", map[string]string{"a": "HEAD"}, resourceOpts{
 		name:      "head",
 		namespace: p.TestSlug(),
@@ -197,6 +206,14 @@ func TestGitIncludeRef(t *testing.T) {
 			},
 		},
 	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+			"ref": map[string]any{
+				"commit": commit6,
+			},
+		},
+	}))
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "parent")
@@ -206,6 +223,7 @@ func TestGitIncludeRef(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "branch3")
 	assertConfigMapExists(t, k, p.TestSlug(), "tag4")
 	assertConfigMapExists(t, k, p.TestSlug(), "tag5")
+	assertConfigMapExists(t, k, p.TestSlug(), "commit6")
 }
 
 func TestLocalGitOverride(t *testing.T) {
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 32ea5b83d..c3f2648a8 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -304,6 +304,9 @@ spec:
                       branch:
                         description: Branch to use.
                         type: string
+                      commit:
+                        description: Commit SHA to use.
+                        type: string
                       tag:
                         description: Tag to use.
                         type: string
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index c7e227010..c1b61be3f 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -311,9 +311,15 @@ func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo,
 		ref = &e.defaultRef
 	}
 
-	ref2, commit, err := e.findCommit(ref.String())
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
+	var ref2, commit string
+	if ref != nil && ref.Commit != "" {
+		ref2 = ref.Commit
+		commit = ref.Commit
+	} else {
+		ref2, commit, err = e.findCommit(ref.String())
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
 	}
 
 	err = e.mr.CloneProjectByCommit(commit, p)
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 7e2a6c124..2a0c95b8f 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -41,10 +41,9 @@ type GitRef struct {
 	// You are not allowed to use it directly
 	Ref string `json:"-"`
 
-	// TODO
-	// Commit SHA to check out, takes precedence over all reference fields.
+	// Commit SHA to use.
 	// +optional
-	// Commit string `json:"commit,omitempty"`
+	Commit string `json:"commit,omitempty"`
 }
 
 func (ref *GitRef) UnmarshalJSON(b []byte) error {
@@ -66,8 +65,11 @@ func (ref *GitRef) UnmarshalJSON(b []byte) error {
 	if ref.Branch != "" {
 		cnt++
 	}
+	if ref.Commit != "" {
+		cnt++
+	}
 	if cnt == 0 {
-		return fmt.Errorf("either branch or tag must be set")
+		return fmt.Errorf("either branch, tag or commit must be set")
 	}
 	if cnt != 1 {
 		return fmt.Errorf("only one of the ref fields can be set")
diff --git a/pkg/types/git_project_test.go b/pkg/types/git_project_test.go
index eb0a88bd6..04dc83e67 100644
--- a/pkg/types/git_project_test.go
+++ b/pkg/types/git_project_test.go
@@ -38,5 +38,5 @@ func TestMarshalGitRefErrors(t *testing.T) {
 	assert.EqualError(t, err, "only one of the ref fields can be set")
 
 	err = json.Unmarshal([]byte(`{}`), &GitRef{})
-	assert.EqualError(t, err, "either branch or tag must be set")
+	assert.EqualError(t, err, "either branch, tag or commit must be set")
 }
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index e6dadf600..727c21aae 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -430,11 +430,13 @@ export class ClusterInfo {
 export class GitRef {
     branch?: string;
     tag?: string;
+    commit?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.branch = source["branch"];
         this.tag = source["tag"];
+        this.commit = source["commit"];
     }
 }
 export class GitInfo {

From 2fd8eff9e647e153272479b3c11b04b6ae182928 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 01:28:29 +0200
Subject: [PATCH 1257/2268] chore: Run make api-docs

---
 .../reference/gitops/api/kluctl-controller.md | 48 +------------------
 1 file changed, 1 insertion(+), 47 deletions(-)

diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index 9a87889ce..398b7c4bb 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -69,50 +69,6 @@ by signing a token in an IRSA compliant way.</p>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.GitRef">GitRef
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
-</p>
-<div class="md-typeset__scrollwrap">
-<div class="md-typeset__table">
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>branch</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Branch to filter for. Can also be a regex.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>tag</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Branch to filter for. Can also be a regex.</p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
 <h3 id="gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials
 </h3>
 <p>
@@ -1313,9 +1269,7 @@ github.com/kluctl/kluctl/v2/pkg/types.GitUrl
 <td>
 <code>ref</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.GitRef">
-GitRef
-</a>
+github.com/kluctl/kluctl/v2/pkg/types.GitRef
 </em>
 </td>
 <td>

From 816fb30e5b45fb2c355f3895d01190a519bba5c8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 25 Jun 2023 08:46:26 +0200
Subject: [PATCH 1258/2268] chore(deps): Bump
 github.com/prometheus/client_golang (#618)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index e85459118..abb513d68 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.8
 	github.com/otiai10/copy v1.12.0
-	github.com/prometheus/client_golang v1.15.1
+	github.com/prometheus/client_golang v1.16.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
@@ -211,7 +211,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
diff --git a/go.sum b/go.sum
index e60b8dbf3..4d8eee76a 100644
--- a/go.sum
+++ b/go.sum
@@ -719,8 +719,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
-github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
+github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
+github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -736,8 +736,8 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
+github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=

From 866ec4ea672d055c5c2ca2a876af4e53260e4d1a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 25 Jun 2023 08:46:42 +0200
Subject: [PATCH 1259/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#619)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index abb513d68..7490443c6 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.21.0
+	github.com/bitnami-labs/sealed-secrets v0.22.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
 	github.com/go-playground/validator/v10 v10.14.1
@@ -244,7 +244,7 @@ require (
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.1 // indirect
+	golang.org/x/tools v0.9.3 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
 	google.golang.org/api v0.122.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 4d8eee76a..4f7e4cb4a 100644
--- a/go.sum
+++ b/go.sum
@@ -153,8 +153,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.21.0 h1:oFghyEDmsPjXgEOgBnplBjA0NqpMUFMj3BNFs4E1lZ4=
-github.com/bitnami-labs/sealed-secrets v0.21.0/go.mod h1:+nLA44ZWp/05ILUN7Fu3UiqNZJBwdTi/FHfEJ5btN7I=
+github.com/bitnami-labs/sealed-secrets v0.22.0 h1:2LN228dTeibCmgWxmdPfked8WiUzRmmuRdtnxgFbBZo=
+github.com/bitnami-labs/sealed-secrets v0.22.0/go.mod h1:hrOzPsBSknCcJgeb5Sb6i2bpADbfOesrnlnd8XDjpLg=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -676,7 +676,7 @@ github.com/ohler55/ojg v1.18.7 h1:sC7zy0usEiWa6bvx3NU1yZH4kCA2F3Qzs6iiDX4+xdk=
 github.com/ohler55/ojg v1.18.7/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
+github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs=
 github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
 github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -1209,8 +1209,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
-golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
+golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 95022041170b208865cc9e1f4e2a5cd12ae585b0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 21:55:44 +0200
Subject: [PATCH 1260/2268] fix: Introduce workaround for incorrect CRLF
 handling in git status (#622)

---
 cmd/kluctl/commands/cmd_helm_update.go  | 10 +---
 pkg/deployment/commands/result_utils.go |  8 +--
 pkg/git/utils.go                        | 80 +++++++++++++++++++++++++
 3 files changed, 83 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index efc55896e..b7fb4469c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -47,15 +47,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	if cmd.Commit {
-		g, err := git.PlainOpen(gitRootPath)
-		if err != nil {
-			return err
-		}
-		wt, err := g.Worktree()
-		if err != nil {
-			return err
-		}
-		gitStatus, err := wt.Status()
+		gitStatus, err := git2.GetWorktreeStatus(ctx, gitRootPath)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index b07fd94f6..b863a17e9 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"fmt"
 	git2 "github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -96,12 +97,7 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		return err
 	}
 
-	w, err := g.Worktree()
-	if err != nil {
-		return err
-	}
-
-	s, err := w.Status()
+	s, err := git.GetWorktreeStatus(targetCtx.SharedContext.Ctx, targetCtx.KluctlProject.LoadArgs.RepoRoot)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index 2fae8fd60..ab54973b1 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -1,10 +1,16 @@
 package git
 
 import (
+	"bufio"
+	"bytes"
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"os"
+	"os/exec"
 	"path/filepath"
+	"strings"
 )
 
 type CheckoutInfo struct {
@@ -44,3 +50,77 @@ func DetectGitRepositoryRoot(path string) (string, error) {
 	}
 	return path, nil
 }
+
+// GetWorktreeStatus returns the worktree status of the given repo
+// When modified files are found, it will invoke the git binary for "git status --porcelain" to check that things have
+// really changed. This is required because go-git in not properly handling CRLF: https://github.com/go-git/go-git/issues/594
+func GetWorktreeStatus(ctx context.Context, path string) (git.Status, error) {
+	g, err := git.PlainOpen(path)
+	if err != nil {
+		return nil, err
+	}
+	wt, err := g.Worktree()
+	if err != nil {
+		return nil, err
+	}
+	gitStatus, err := wt.Status()
+	if err != nil {
+		return nil, err
+	}
+
+	isModified := false
+	for _, s := range gitStatus {
+		if s.Worktree == git.Modified {
+			isModified = true
+			break
+		}
+	}
+	if !isModified {
+		return gitStatus, nil
+	}
+
+	status.Trace(ctx, "Running git status --porcelain to verify CRLF issues are not what cause the dirty status")
+
+	commandPath, err := exec.LookPath("git")
+	if err != nil {
+		status.Trace(ctx, "Failed to lookup git binary: %v", err)
+		return nil, err
+	}
+
+	out := bytes.NewBuffer(nil)
+
+	cmd := &exec.Cmd{Path: commandPath, Dir: path, Env: os.Environ(), Args: []string{"git", "status", "--porcelain"}, Stdout: out, Stderr: out}
+	err = cmd.Run()
+	if err != nil {
+		status.Trace(ctx, "Failed to run git status --porcelain: err=%v, out=%s", err, out.String())
+		return gitStatus, nil
+	}
+
+	parsedStatus, err := parsePorcelainStatus(out.String())
+	if err != nil {
+		status.Trace(ctx, "Failed to parse output of git status --porcelain: %v", err)
+		return gitStatus, err
+	}
+
+	return parsedStatus, nil
+}
+
+func parsePorcelainStatus(out string) (git.Status, error) {
+	s := bufio.NewScanner(strings.NewReader(out))
+
+	ret := git.Status{}
+	for s.Scan() {
+		if len(s.Text()) < 1 {
+			continue
+		}
+		line := s.Text()
+		var fs git.FileStatus
+		var path string
+		_, err := fmt.Sscanf(line, "%c%c %s", &fs.Staging, &fs.Worktree, &path)
+		if err != nil {
+			return nil, err
+		}
+		ret[path] = &fs
+	}
+	return ret, nil
+}

From 3c51f347200ba08388d99e2fad926bea9d320fd0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 21:56:24 +0200
Subject: [PATCH 1261/2268] fix: Allow to run render without a KUBECONFIG being
 present (#623)

---
 e2e/render_test.go                   | 61 ++++++++++++++++++++++++++++
 e2e/test-utils/project.go            | 10 ++++-
 pkg/kluctl_project/target_context.go |  5 +++
 3 files changed, 74 insertions(+), 2 deletions(-)
 create mode 100644 e2e/render_test.go

diff --git a/e2e/render_test.go b/e2e/render_test.go
new file mode 100644
index 000000000..6d3e92467
--- /dev/null
+++ b/e2e/render_test.go
@@ -0,0 +1,61 @@
+package e2e
+
+import (
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestRenderPrintAll(t *testing.T) {
+	t.Parallel()
+
+	p := test_utils.NewTestProject(t)
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	stdout, _ := p.KluctlMust("render", "-t", "test", "--print-all")
+	y, err := yaml.ReadYamlAllString(stdout)
+	assert.NoError(t, err)
+	assert.Equal(t, []any{map[string]any{
+		"apiVersion": "v1",
+		"kind":       "ConfigMap",
+		"metadata": map[string]interface{}{
+			"annotations": map[string]interface{}{"kluctl.io/deployment-item-dir": "cm"},
+			"labels": map[string]interface{}{
+				"kluctl.io/discriminator": p.Discriminator("test"),
+				"kluctl.io/tag-0":         "cm",
+				"project_name":            p.TestSlug(),
+			},
+			"name":      "cm",
+			"namespace": "test-render-print-all",
+		}}}, y)
+}
+
+func TestRenderNoKubeconfig(t *testing.T) {
+	t.Setenv("KUBECONFIG", "invalid")
+
+	p := test_utils.NewTestProject(t)
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	_, stderr := p.KluctlMust("render", "--print-all")
+	assert.Contains(t, stderr, "No valid KUBECONFIG provided, which means the Kubernetes client is not available")
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField("context1", "context")
+	})
+	_, stderr, _ = p.Kluctl("render", "-t", "test", "--print-all")
+	assert.Contains(t, stderr, "context \"context1\" does not exist")
+
+}
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 818cb76cd..9cd1cf156 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -10,7 +10,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
-	"k8s.io/apimachinery/pkg/util/rand"
 	"net/url"
 	"os"
 	"os/exec"
@@ -82,7 +81,7 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 
 	if !p.bare {
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
-			_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name or 'no-name' }}", rand.String(16)), "discriminator")
+			_ = o.SetNestedField(fmt.Sprintf("%s-{{ target.name or 'no-name' }}", p.TestSlug()), "discriminator")
 			return nil
 		})
 		p.UpdateDeploymentYaml(".", func(c *uo.UnstructuredObject) error {
@@ -103,6 +102,13 @@ func (p *TestProject) TestSlug() string {
 	return n
 }
 
+func (p TestProject) Discriminator(targetName string) string {
+	if targetName == "" {
+		targetName = "no-name"
+	}
+	return fmt.Sprintf("%s-%s", p.TestSlug(), targetName)
+}
+
 func (p *TestProject) AddExtraEnv(e string) {
 	p.extraEnv = append(p.extraEnv, e)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 08d1caf51..71f916d55 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -13,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
 )
@@ -168,6 +169,10 @@ func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s boo
 	var restConfig *api.Config
 	clientConfig, restConfig, err = p.LoadArgs.ClientConfigGetter(contextName)
 	if err != nil {
+		if contextName == nil && clientcmd.IsEmptyConfig(err) {
+			status.Warning(p.ctx, "No valid KUBECONFIG provided, which means the Kubernetes client is not available. Depending on your deployment project, this might cause follow-up errors.")
+			return nil, "", nil
+		}
 		return nil, "", err
 	}
 	if contextName == nil {

From a46e798ea34ea8a76c52fdfb4390866ee1aec919 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 21:56:39 +0200
Subject: [PATCH 1262/2268] docs: Document how values vars sources can use vars
 previously defined (#624)

---
 docs/reference/templating/variable-sources.md | 37 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index ade3bcb1d..8f533d2e6 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -35,7 +35,10 @@ vars:
   when: some.var == "value"
 ```
 
-`vars2.yaml` can now use variables that are defined in `vars1.yaml`. At all times, variables defined by
+`vars2.yaml` can now use variables that are defined in `vars1.yaml`. A special case is the use of previously defined
+variables inside [values](#values) vars sources. Please see the documentation of [values](#values) for details.
+
+At all times, variables defined by
 parents of the current sub-deployment project can be used in the current vars file.
 
 Each variable source can have the optional field `ignoreMissing` set to `true`, causing Kluctl to ignore if the source
@@ -84,6 +87,38 @@ vars:
 
 These variables can then be used in all deployments and sub-deployments.
 
+In case you need to use variables defined in previous vars sources, the `values` var source needs some special handling
+in regard to templating. It's important to understand that the deployment project is rendered BEFORE any vars source
+processing is performed, which means that it will fail to render when you use previously defined variables in a `values`
+vars source. To still use previously defined variables, surround the `values` vars source with `{% raw %}` and `{% endraw %}`.
+In addition, the template expressions must be wrapped with `"`, as otherwise the loading of the deployment project
+will fail shortly after rendering due to YAML parsing errors.
+
+```yaml
+vars:
+  - values:
+      a: 1
+      b: c
+{% raw %}
+  - values:
+      c: "{{ a }}"
+{% endraw %}
+```
+
+An alternative syntax is to use a template expression that itself outputs a template expression:
+
+```yaml
+vars:
+  - values:
+      a: 1
+      b: c
+  - values:
+      c: {{ '{{ a }}' }}
+```
+
+The advantage of the second method is that the type (number) of `a` is preserved, while the first method would convert
+it into a string.
+
 ### git
 This loads variables from a git repository. Example:
 

From 32af8ba70f92d7d49cdfa2aebb3e4f4c5f2c5976 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 25 Jun 2023 23:35:14 +0200
Subject: [PATCH 1263/2268] fix: Upgrade go-jinja2 to fix symlinks handling in
 RenderDirectory (#625)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7490443c6..969d9b82f 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c
+	github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.14
diff --git a/go.sum b/go.sum
index 4f7e4cb4a..0717f8a9d 100644
--- a/go.sum
+++ b/go.sum
@@ -554,8 +554,8 @@ github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZX
 github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c h1:qAIvhYamCEU/tY6NaENEIQCynGV5sdON7zgZKnbrhhw=
-github.com/kluctl/go-jinja2 v0.0.0-20230428103343-a832225dc94c/go.mod h1:16hIQ1ibrf02WYqeCPggfIBQx23lTUQ+jlk5kJGF0xI=
+github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587 h1:sp9BhXobMzmd1qwbbQSIUMpj6ivDE+tYf3FeYVNvTLw=
+github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=

From 543852727c51a4b96d455bc1368df0db965e3b95 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Jun 2023 14:58:34 +0200
Subject: [PATCH 1264/2268] chore: Update controller/webui versions to v2.20.6
 (#626)

---
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/deployment.yaml              | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 778f36af8..fb4dbb763 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.4
+    default: v2.20.6
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index b18e9fed5..fd4f34515 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.4") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.6") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index b52dcb538..da86fe0f1 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.4
+    default: v2.20.6
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 9cff9cff5..f266293e3 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.20.4") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.20.6") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 apiVersion: apps/v1

From 039575afa28bb9d1e77cacc905299e43530d6d77 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Jun 2023 15:41:13 +0200
Subject: [PATCH 1265/2268] docs: Also update installation instructions with
 new version (#627)

---
 docs/installation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/installation.md b/docs/installation.md
index 31dc150b6..08875fed7 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -114,5 +114,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.20.4
+        tag: v2.20.6
 ```

From e2151d5649dd054eeea3c8cfe083f03743dd50d9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 26 Jun 2023 22:47:49 +0200
Subject: [PATCH 1266/2268] fix: Add non-generated version of GitRef to react
 code that supports loading a string (#629)

---
 pkg/webui/generate-ts/main.go     |  3 ++
 pkg/webui/ui/src/api.tsx          |  3 +-
 pkg/webui/ui/src/models-static.ts | 19 ++++++++
 pkg/webui/ui/src/models.ts        | 73 ++-----------------------------
 4 files changed, 28 insertions(+), 70 deletions(-)
 create mode 100644 pkg/webui/ui/src/models-static.ts

diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index 591a4b819..a3e3b4c56 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -20,12 +20,15 @@ func main() {
 		Add(uo.UnstructuredObject{}).
 		Add(webui.ProjectTargetKey{}).
 		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(types.GitRef{}, typescriptify.TypeOptions{TSType: "GitRef", TSTransform: "new GitRef(__VALUE__)"}).
 		ManageType(types.GitRepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.YamlUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(uo.UnstructuredObject{}, typescriptify.TypeOptions{TSType: "any"}).
 		ManageType(metav1.Time{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(apiextensionsv1.JSON{}, typescriptify.TypeOptions{TSType: "any"})
 
+	converter.AddImport("import { GitRef } from './models-static'")
+
 	err := converter.ConvertToFile("ui/src/models.ts")
 	if err != nil {
 		panic(err.Error())
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 09b2b771d..180445f98 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,6 +1,6 @@
 import {
     CommandResult,
-    CommandResultSummary, GitRef,
+    CommandResultSummary,
     ObjectRef,
     ProjectKey,
     ResultObject,
@@ -13,6 +13,7 @@ import { Box, Typography } from "@mui/material";
 import Tooltip from "@mui/material/Tooltip";
 import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
+import { GitRef } from "./models-static";
 
 console.log(window.location)
 
diff --git a/pkg/webui/ui/src/models-static.ts b/pkg/webui/ui/src/models-static.ts
new file mode 100644
index 000000000..2d067c58f
--- /dev/null
+++ b/pkg/webui/ui/src/models-static.ts
@@ -0,0 +1,19 @@
+export class GitRef {
+    branch?: string;
+    tag?: string;
+    commit?: string;
+
+    ref?: string
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) {
+            // this is needed to parse legacy string refs
+            this.ref = source
+            return
+        }
+
+        this.branch = source["branch"];
+        this.tag = source["tag"];
+        this.commit = source["commit"];
+    }
+}
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 727c21aae..c5bf3626c 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -1,5 +1,6 @@
 /* Do not change, this code is generated from Golang structs */
 
+import { GitRef } from './models-static'
 
 export class DeploymentError {
     ref: ObjectRef;
@@ -157,27 +158,9 @@ export class GitProject {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = this.convertValues(source["ref"], GitRef);
+        this.ref = new GitRef(source["ref"]);
         this.subDir = source["subDir"];
     }
-
-	convertValues(a: any, classs: any, asMap: boolean = false): any {
-	    if (!a) {
-	        return a;
-	    }
-	    if (a.slice) {
-	        return (a as any[]).map(elem => this.convertValues(elem, classs));
-	    } else if ("object" === typeof a) {
-	        if (asMap) {
-	            for (const key of Object.keys(a)) {
-	                a[key] = new classs(a[key]);
-	            }
-	            return a;
-	        }
-	        return new classs(a);
-	    }
-	    return a;
-	}
 }
 export class DeploymentItemConfig {
     path?: string;
@@ -305,27 +288,9 @@ export class VarsSourceGit {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = this.convertValues(source["ref"], GitRef);
+        this.ref = new GitRef(source["ref"]);
         this.path = source["path"];
     }
-
-	convertValues(a: any, classs: any, asMap: boolean = false): any {
-	    if (!a) {
-	        return a;
-	    }
-	    if (a.slice) {
-	        return (a as any[]).map(elem => this.convertValues(elem, classs));
-	    } else if ("object" === typeof a) {
-	        if (asMap) {
-	            for (const key of Object.keys(a)) {
-	                a[key] = new classs(a[key]);
-	            }
-	            return a;
-	        }
-	        return new classs(a);
-	    }
-	    return a;
-	}
 }
 export class VarsSource {
     ignoreMissing?: boolean;
@@ -427,18 +392,6 @@ export class ClusterInfo {
         this.clusterId = source["clusterId"];
     }
 }
-export class GitRef {
-    branch?: string;
-    tag?: string;
-    commit?: string;
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-        this.branch = source["branch"];
-        this.tag = source["tag"];
-        this.commit = source["commit"];
-    }
-}
 export class GitInfo {
     url?: string;
     ref?: GitRef;
@@ -449,29 +402,11 @@ export class GitInfo {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.url = source["url"];
-        this.ref = this.convertValues(source["ref"], GitRef);
+        this.ref = new GitRef(source["ref"]);
         this.subDir = source["subDir"];
         this.commit = source["commit"];
         this.dirty = source["dirty"];
     }
-
-	convertValues(a: any, classs: any, asMap: boolean = false): any {
-	    if (!a) {
-	        return a;
-	    }
-	    if (a.slice) {
-	        return (a as any[]).map(elem => this.convertValues(elem, classs));
-	    } else if ("object" === typeof a) {
-	        if (asMap) {
-	            for (const key of Object.keys(a)) {
-	                a[key] = new classs(a[key]);
-	            }
-	            return a;
-	        }
-	        return new classs(a);
-	    }
-	    return a;
-	}
 }
 export class KluctlDeploymentInfo {
     name: string;

From fea0b36d75fff1270867aa67b76c494864088778 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Jun 2023 08:29:39 +0200
Subject: [PATCH 1267/2268] fix: Strip bin parent folder from release tarballs
 (#630)

The bin/ parent folder caused the install.sh script to fail.
---
 .goreleaser.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index eea1aca04..06062b7e2 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -35,12 +35,14 @@ archives:
     format: tar.gz
     files:
       - none*
+    strip_parent_binary_folder: true
   - name_template: "{{ .Binary }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     id: windows
     builds: [windows]
     format: zip
     files:
       - none*
+    strip_parent_binary_folder: true
 source:
   enabled: true
   name_template: '{{ .ProjectName }}_v{{ .Version }}_source_code'

From 67b5bec3059fb905949dea012a3abfd13e1d9c15 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jun 2023 08:32:19 +0200
Subject: [PATCH 1268/2268] chore(deps): Bump actions/checkout from 2 to 3
 (#631)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/preview-proxy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 8452a1b9f..20ba32cad 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -28,7 +28,7 @@ jobs:
           message: |
             # 🤖 Preview Environment
             The preview environment is starting up and will be available soon.
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           # Warning, do not try to checkout the base branch here as it would introduce enormous security risks!
           # Also don't introduce a cache in this workflow!

From a2258439fee065549c90873693277e38c2e95e8b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Jun 2023 08:46:26 +0200
Subject: [PATCH 1269/2268] ci: Use github.head_ref when waiting for
 preview-run to finish (#633)

---
 .github/workflows/preview-proxy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 20ba32cad..91b2b63f3 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -124,7 +124,7 @@ jobs:
       - name: Wait for preview-run to exit
         uses: lewagon/wait-on-check-action@v1.3.1
         with:
-          ref: ${{ github.event.pull_request.head.ref }}
+          ref: ${{ github.head_ref }}
           check-name: 'preview-run'
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           wait-interval: 10

From d59a33b61c2ad07f3d12bd72a423352bc67cc0eb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Jun 2023 09:23:34 +0200
Subject: [PATCH 1270/2268] ci: Stop using lewagon/wait-on-check-action and
 instead ping the ipfs node in a loop (#634)

---
 .github/workflows/preview-proxy.yml | 20 ++++++++++++++------
 .github/workflows/preview-run.yml   |  2 +-
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 91b2b63f3..578e32f43 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -122,12 +122,20 @@ jobs:
           message-path: |
             comment.md
       - name: Wait for preview-run to exit
-        uses: lewagon/wait-on-check-action@v1.3.1
-        with:
-          ref: ${{ github.head_ref }}
-          check-name: 'preview-run'
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          wait-interval: 10
+        run: |
+          failures=0
+          while true; do
+            if ! ipfs ping $(cat ipfs_id) -n1; then
+              failures=$(($failures+1))
+              if [ "$failures" -ge "5" ]; then
+                break
+              fi
+              sleep 5
+            else
+              sleep 10
+              failures=0
+            fi
+          done
       - name: Cleanup cloudflare tunnel
         if: ${{ always() }}
         run: |
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index c2a6e30a4..51808c25e 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -148,7 +148,7 @@ jobs:
             -pr-number ${{ github.event.pull_request.number }} \
             -age-pub-key age1dhueesr5qj8e8uy298k7z8x3ntv620rde89phumg0kvjx2t32elsm759z7
         env:
-          # we send the GITHUB_TOKEN to the preview-comment workflow. This token is then verified to be from a workflow
+          # we send the GITHUB_TOKEN to the preview-proxy workflow. This token is then verified to be from a workflow
           # that runs inside this repo, which can only be a workflow that got manually approved. The token is encrypted
           # via age
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From f80bde3bf4474e2982d698b4851bc3274144b973 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 27 Jun 2023 10:04:20 +0200
Subject: [PATCH 1271/2268] feat: Improve displaying of error messages. (#635)

* feat: Improve displaying of API error messages.

* feat: Added error handling for login form.

---------

Co-authored-by: Alexey Vagarenko <vagarenko@gmail.com>
---
 pkg/webui/ui/src/components/App.tsx           |  25 +--
 pkg/webui/ui/src/components/ErrorMessage.tsx  |  44 +++++
 pkg/webui/ui/src/components/Login.tsx         |  61 +++++-
 pkg/webui/ui/src/components/ObjectYaml.tsx    |  14 +-
 pkg/webui/ui/src/components/Router.tsx        |  24 +--
 .../result-view/CommandResultView.tsx         |  24 ++-
 .../CommandResultDetailsDrawer.tsx            | 179 ------------------
 .../components/targets-view/HistoryCards.tsx  |  34 ++--
 pkg/webui/ui/src/index.tsx                    |   6 +-
 pkg/webui/ui/src/models-static.ts             |   6 +-
 10 files changed, 177 insertions(+), 240 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/ErrorMessage.tsx
 delete mode 100644 pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index ef3801318..898e492de 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,4 @@
-import React, {
+import {
     createContext,
     Dispatch,
     SetStateAction,
@@ -10,10 +10,9 @@ import React, {
 } from 'react';
 
 import '../index.css';
-import { Box, ThemeProvider } from "@mui/material";
+import { Box } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
-import { light } from './theme';
 import { ActiveFilters } from './result-view/NodeStatusFilter';
 import { CommandResultSummary, ProjectTargetKey, ValidateResult } from "../models";
 import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
@@ -115,15 +114,13 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
 
     return (
         <AppContext.Provider value={appContext}>
-            <ThemeProvider theme={light}>
-                <Box width={"100%"} height={"100%"}>
-                    <LeftDrawer
-                        content={<Outlet context={outletContext} />}
-                        context={outletContext}
-                        logout={onUnauthorized}
-                    />
-                </Box>
-            </ThemeProvider>
+            <Box width={"100%"} height={"100%"}>
+                <LeftDrawer
+                    content={<Outlet context={outletContext} />}
+                    context={outletContext}
+                    logout={onUnauthorized}
+                />
+            </Box>
         </AppContext.Provider>
     );
 };
@@ -197,9 +194,7 @@ const App = () => {
     }, [])
 
     if (needToken && !getToken()) {
-        return <ThemeProvider theme={light}>
-            <Login setToken={handleLoginSucceeded} />
-        </ThemeProvider>
+        return <Login setToken={handleLoginSucceeded} />
     }
 
     if (!api) {
diff --git a/pkg/webui/ui/src/components/ErrorMessage.tsx b/pkg/webui/ui/src/components/ErrorMessage.tsx
new file mode 100644
index 000000000..4ae89b485
--- /dev/null
+++ b/pkg/webui/ui/src/components/ErrorMessage.tsx
@@ -0,0 +1,44 @@
+import { Box, Typography, useTheme } from "@mui/material";
+import { CardPaper } from "./targets-view/Card";
+
+export interface ErrorMessageProps {
+    children?: React.ReactNode;
+}
+
+export const ErrorMessage = (props: ErrorMessageProps) => {
+    const theme = useTheme();
+    return <Box
+        height='100%'
+        width='100%'
+        overflow='auto'
+        p='30px'
+        color={theme.palette.error.main}
+        display='flex'
+        flexDirection='column'
+        gap='10px'
+    >
+        <Typography
+            variant='h6'
+            textAlign='left'
+            color={theme.palette.error.main}
+        >
+            Error
+        </Typography>
+        {props.children}
+    </Box>;
+}
+
+export const ErrorMessageCard = (props: ErrorMessageProps) => {
+    return <Box
+        width='100%'
+        height='100%'
+        overflow='hidden'
+        p='40px'
+    >
+        <CardPaper>
+            <ErrorMessage>
+                {props.children}
+            </ErrorMessage>
+        </CardPaper>
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index 21e206adc..b2de65dbe 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -1,6 +1,7 @@
-import { Box, Button, FormControl, Paper, TextField, Typography } from '@mui/material';
+import { Box, Button, FormControl, Paper, TextField, Typography, useTheme } from '@mui/material';
 import React, { SyntheticEvent, useState } from 'react';
 import { rootPath } from "../api";
+import { ErrorMessageCard } from './ErrorMessage';
 
 //import './Login.css';
 
@@ -9,7 +10,17 @@ interface loginCredentials {
     password: string
 }
 
-async function loginUser(creds: loginCredentials) {
+type LoginResult = {
+    type: 'success',
+    token: string
+} | {
+    type: 'unauthorized'
+} | {
+    type: 'other-error',
+    statusText: string
+}
+
+async function loginUser(creds: loginCredentials): Promise<LoginResult> {
     const url = rootPath + `/auth/login`
     return fetch(url, {
         method: 'POST',
@@ -17,24 +28,57 @@ async function loginUser(creds: loginCredentials) {
             'Content-Type': 'application/json'
         },
         body: JSON.stringify(creds)
-    }).then(data => data.json())
-        .then(token => token.token)
+    }).then(response => {
+        if (response.status === 200) {
+            return response.json().then(json => ({
+                type: 'success',
+                token: json.token
+            }));
+        } else if (response.status === 401) {
+            return { type: 'unauthorized' }
+        } else {
+            return {
+                type: 'other-error',
+                statusText: response.statusText
+            }
+        }
+    });
 }
 
 export default function Login(props: { setToken: (token: string) => void }) {
+    const theme = useTheme();
     const [username, setUserName] = useState<string>();
     const [password, setPassword] = useState<string>();
+    const [error, setError] = useState<Exclude<LoginResult, { type: 'success' }>>();
 
     const handleSubmit = async (e: SyntheticEvent) => {
         e.preventDefault();
         if (!username || !password) {
             return
         }
-        const token = await loginUser({
+
+        const result = await loginUser({
             username: username,
             password: password,
         });
-        props.setToken(token);
+
+        switch (result.type) {
+            case 'success':
+                props.setToken(result.token);
+                break;
+            case 'unauthorized':
+                setError(result);
+                break;
+            case 'other-error':
+                setError(result)
+                break;
+        }
+    }
+
+    if (error?.type === 'other-error') {
+        return <ErrorMessageCard>
+            {error.statusText}
+        </ErrorMessageCard>
     }
 
     return (
@@ -63,6 +107,11 @@ export default function Login(props: { setToken: (token: string) => void }) {
                         <FormControl fullWidth >
                             <TextField variant='standard' label='Password' type="password" onChange={e => setPassword(e.target.value)} />
                         </FormControl>
+                        {error?.type === 'unauthorized' && (
+                            <Box color={theme.palette.error.main}>
+                                Invalid username or password
+                            </Box>
+                        )}
                         <FormControl >
                             <Button
                                 variant='contained'
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 388931dcd..05042a1e7 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -7,8 +7,10 @@ import { CodeViewer } from "./CodeViewer";
 import { Loading, useLoadingHelper } from "./Loading";
 import { ApiContext } from "./App";
 import * as yaml from 'js-yaml';
+import { ErrorMessage } from "./ErrorMessage";
+import { Box } from "@mui/material";
 
-export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType}) => {
+export const ObjectYaml = (props: { treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType }) => {
     const api = useContext(ApiContext)
     const [loading, error, content] = useLoadingHelper<string>(async () => {
         const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
@@ -16,10 +18,14 @@ export const ObjectYaml = (props: {treeProps: CommandResultProps, objectRef: Obj
     }, [props.treeProps.summary.id, props.objectRef, props.objectType])
 
     if (loading) {
-        return <Loading/>
+        return <Box my='30px'>
+            <Loading />
+        </Box>
     } else if (error) {
-        return <>Error</>
+        return <ErrorMessage>
+            {error.message}
+        </ErrorMessage>
     } else {
-        return <CodeViewer code={content!} language={"yaml"}/>
+        return <CodeViewer code={content!} language={"yaml"} />
     }
 }
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index fba2562c1..b0398a9e7 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,21 +1,17 @@
 import { createHashRouter, useRouteError } from "react-router-dom";
-import React from "react";
 import App from "./App";
 import { TargetsView } from "./targets-view/TargetsView";
 import { CommandResultView } from "./result-view/CommandResultView";
+import { ErrorMessageCard } from "./ErrorMessage";
+import { Box } from "@mui/material";
 
 function ErrorPage() {
     const error = useRouteError() as any;
 
-    return (
-        <div id="error-page">
-            <h1>Oops!</h1>
-            <p>Sorry, an unexpected error has occurred.</p>
-            <p>
-                <i>{error.statusText || error.message}</i>
-            </p>
-        </div>
-    );
+    return <ErrorMessageCard>
+        <Box>{error.statusText}</Box>
+        <Box>{error.data}</Box>
+    </ErrorMessageCard>
 }
 
 export const Router = createHashRouter([
@@ -26,13 +22,13 @@ export const Router = createHashRouter([
         children: [
             {
                 path: "targets/:targetKeyHash?",
-                element: <TargetsView/>,
-                errorElement: <ErrorPage/>,
+                element: <TargetsView />,
+                errorElement: <ErrorPage />,
             },
             {
                 path: "results/:id",
-                element: <CommandResultView/>,
-                errorElement: <ErrorPage/>,
+                element: <CommandResultView />,
+                errorElement: <ErrorPage />,
             },
         ],
     },
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 3bb0b0edc..c7593325b 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -21,6 +21,8 @@ import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIc
 import { dark } from '../theme';
 import { Api } from "../../api";
 import { Loading, useLoadingHelper } from "../Loading";
+import { CardPaper } from '../targets-view/Card';
+import { ErrorMessage } from '../ErrorMessage';
 
 export interface CommandResultProps {
     shortNames: ShortName[]
@@ -29,9 +31,11 @@ export interface CommandResultProps {
 }
 
 async function doLoadCommandResult(api: Api, resultId: string): Promise<CommandResultProps> {
-    const shortNames = await api.getShortNames()
-    const rs = await api.getResultSummary(resultId)
-    const result = await api.getResult(resultId)
+    const [shortNames, rs, result] = await Promise.all([
+        api.getShortNames(),
+        api.getResultSummary(resultId),
+        api.getResult(resultId)
+    ]);
 
     return {
         shortNames: shortNames,
@@ -121,7 +125,7 @@ export const CommandResultView = () => {
     const api = useContext(ApiContext)
     const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>();
 
-    const {id} = useParams()
+    const { id } = useParams()
     const [loading, loadingError, commandResultProps] = useLoadingHelper<CommandResultProps | undefined>(() => {
         if (!id) {
             return Promise.resolve(undefined)
@@ -145,9 +149,15 @@ export const CommandResultView = () => {
     }
 
     if (loading) {
-        return <Loading/>
+        return <Loading />
     } else if (loadingError) {
-        return <>Error</>
+        return <Box p='25px 40px' height='100%' overflow='hidden'>
+            <CardPaper>
+                <ErrorMessage>
+                    {loadingError.message}
+                </ErrorMessage>
+            </CardPaper>
+        </Box>
     }
 
     return <Box
@@ -157,7 +167,7 @@ export const CommandResultView = () => {
         flexDirection='column'
         overflow='hidden'
     >
-        <DetailsDrawer 
+        <DetailsDrawer
             nodeData={sidePanelNode}
             onClose={() => setSidePanelNode(undefined)}
         />
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
deleted file mode 100644
index a6b6bb6a2..000000000
--- a/pkg/webui/ui/src/components/targets-view/CommandResultDetailsDrawer.tsx
+++ /dev/null
@@ -1,179 +0,0 @@
-import { CommandResultSummary } from "../../models";
-import { Api } from "../../api";
-import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import React, { useContext, useEffect, useMemo, useRef, useState } from "react";
-import { SidePanel } from "../result-view/SidePanel";
-import { Box, Drawer, ThemeProvider, useTheme } from "@mui/material";
-import { Loading, useLoadingHelper } from "../Loading";
-import { dark } from "../theme";
-import { Card, cardGap, cardHeight, cardWidth } from "./Card";
-import { CommandResultItem } from "./CommandResultItem";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { ApiContext } from "../App";
-import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
-
-const sidePanelWidth = 720;
-
-async function doGetRootNode(api: Api, rs: CommandResultSummary) {
-    const shortNames = await api.getShortNames()
-    const r = await api.getResult(rs.id)
-
-    const builder = new NodeBuilder({
-        shortNames: shortNames,
-        summary: rs,
-        commandResult: r,
-    })
-    const [node] = builder.buildRoot()
-    return node
-}
-
-export const CommandResultDetailsDrawer = React.memo((props: {
-    rs?: CommandResultSummary,
-    ts?: TargetSummary,
-    ps?: ProjectSummary,
-    onClose: () => void,
-    selectedCardRect?: DOMRect
-}) => {
-    const { ps, ts, selectedCardRect } = props;
-    const api = useContext(ApiContext)
-    const theme = useTheme();
-    const [selectedCommandResult, setSelectedCommandResult] = useState<CommandResultSummary | undefined>();
-    const [prevTargetSummary, setPrevTargetSummary] = useState<TargetSummary | undefined>(ts);
-    const [cardsCoords, setCardsCoords] = useState<{ left: number, top: number }[]>([]);
-    const [transitionRunning, setTransitionRunning] = useState(false);
-
-    if (prevTargetSummary !== ts) {
-        setPrevTargetSummary(ts);
-        setSelectedCommandResult(ts?.commandResults?.[0]);
-    }
-
-    const [loading, loadingError, nodeData] = useLoadingHelper<CommandResultNodeData | undefined>(() => {
-        if (selectedCommandResult === undefined) {
-            return Promise.resolve(undefined)
-        }
-        return doGetRootNode(api, selectedCommandResult)
-    }, [selectedCommandResult])
-
-    const cardsContainerElem = useRef<HTMLElement>();
-
-    useEffect(() => {
-        const rect = cardsContainerElem.current?.getBoundingClientRect();
-        if (!rect || !selectedCardRect || !ts?.commandResults) {
-            setCardsCoords([]);
-            return;
-        }
-
-        const initialCoords = ts.commandResults.map(() => ({
-            left: selectedCardRect.left - rect.left,
-            top: selectedCardRect.top - rect.top
-        }));
-
-        setCardsCoords(initialCoords);
-        setTransitionRunning(true);
-    }, [selectedCardRect, ts?.commandResults]);
-
-    useEffect(() => {
-        if (cardsCoords.length > 0) {
-            const targetCoords = cardsCoords.map((_, i) => ({
-                left: 0,
-                top: i * (cardHeight + cardGap)
-            }));
-
-            if (cardsCoords.length === targetCoords.length
-                && cardsCoords.every(({ left, top }, i) =>
-                    targetCoords[i].left === left && targetCoords[i].top === top
-                )
-            ) {
-                return;
-            }
-
-            setTimeout(() => {
-                setCardsCoords(targetCoords);
-                setTimeout(() => {
-                    setTransitionRunning(false);
-                }, theme.transitions.duration.enteringScreen)
-            }, 10);
-        }
-    }, [cardsCoords, theme.transitions.duration.enteringScreen])
-
-    const zIndex = theme.zIndex.modal + 1;
-
-    const cards = useMemo(() => {
-        if (!(ps && ts && ts.commandResults && ts.commandResults.length > 0 && cardsCoords.length > 0)) {
-            return null;
-        }
-
-        return ts.commandResults.map((rs, i) => {
-            return <Card
-                key={rs.id}
-                sx={{
-                    position: 'absolute',
-                    translate: `${cardsCoords[i].left}px ${cardsCoords[i].top}px`,
-                    zIndex: zIndex,
-                    transition: theme.transitions.create(['translate'], {
-                        easing: theme.transitions.easing.sharp,
-                        duration: theme.transitions.duration.enteringScreen,
-                    })
-                }}
-            >
-                <CommandResultItem
-                    ps={ps}
-                    ts={ts}
-                    rs={rs}
-                    onSelectCommandResult={setSelectedCommandResult}
-                />
-            </Card>
-        })
-    }, [ps, ts, cardsCoords, zIndex, theme.transitions])
-
-    if (loadingError) {
-        return <>Error</>
-    }
-
-    return <>
-        {ps && ts && ts.commandResults && ts.commandResults.length > 0 &&
-            <Box
-                sx={{
-                    position: 'fixed',
-                    top: 0,
-                    bottom: 0,
-                    right: sidePanelWidth,
-                    width: `calc(100% - ${sidePanelWidth}px)`,
-                    overflowX: 'visible',
-                    overflowY: transitionRunning ? 'visible' : 'auto',
-                    display: 'flex',
-                    flexDirection: 'column',
-                    alignItems: 'center',
-                    justifyContent: 'center',
-                    padding: '25px 0',
-                    zIndex: zIndex
-                }}
-                onClick={props.onClose}
-            >
-                <Box
-                    onClick={(e) => e.stopPropagation()}
-                    position='relative'
-                    width={cardWidth}
-                    height={cardHeight * ts.commandResults.length + cardGap * (ts.commandResults.length - 1)}
-                    ref={cardsContainerElem}
-                >
-                    {cards}
-                </Box>
-            </Box>
-        }
-        <ThemeProvider theme={dark}>
-            <Drawer
-                sx={{ zIndex: 1300 }}
-                anchor={"right"}
-                open={props.rs !== undefined}
-                onClose={props.onClose}
-            >
-                <Box width={sidePanelWidth} height={"100%"}>
-                    {loading ? <Loading/> :
-                        <SidePanel provider={nodeData} onClose={props.onClose} />
-                    }
-                </Box>
-            </Drawer>
-        </ThemeProvider>
-    </>
-});
diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
index e014029fc..8024cab4d 100644
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
@@ -12,17 +12,20 @@ import { Api } from "../../api";
 import { ApiContext } from "../App";
 import { useNavigate } from "react-router";
 import { CloseLightIcon, TreeViewIcon, TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
+import { ErrorMessage } from "../ErrorMessage";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary) {
-    const shortNames = await api.getShortNames()
-    const r = await api.getResult(rs.id)
+    const [shortNames, r] = await Promise.all([
+        api.getShortNames(),
+        api.getResult(rs.id)
+    ]);
     const builder = new NodeBuilder({
         shortNames: shortNames,
         summary: rs,
         commandResult: r,
-    })
-    const [node] = builder.buildRoot()
-    return node
+    });
+    const [node] = builder.buildRoot();
+    return node;
 }
 
 export interface HistoryCardsProps {
@@ -109,8 +112,17 @@ const HistoryCard = React.memo((props: {
         return doGetRootNode(api, props.rs)
     }, [api, props.rs]);
 
-    if (loadingError) {
-        return <>Error</>
+    let content: JSX.Element | null = null;
+    if (loading) {
+        content = <Loading />;
+    } else if (props.transitionFinished) {
+        if (loadingError) {
+            content = <ErrorMessage>
+                {loadingError.message}
+            </ErrorMessage>;
+        } else {
+            content = <CardContent provider={node!} />;
+        }
     }
 
     return <CardPaper
@@ -140,11 +152,7 @@ const HistoryCard = React.memo((props: {
                 <CommandResultItemHeader rs={props.rs} />
             </Box>
             <Box width='100%' flex='1 1 auto' overflow='hidden' display='flex' flexDirection='column'>
-                {props.transitionFinished && (
-                    loading
-                        ? <Loading />
-                        : <CardContent provider={node!} />
-                )}
+                {content}
             </Box>
             <Box
                 flex='0 0 auto'
@@ -216,7 +224,7 @@ export const HistoryCards = React.memo((props: HistoryCardsProps) => {
             type: 'started',
             cardRect: initialRect
         });
-    }, [props.initialCardRect, theme.transitions.duration.enteringScreen]);
+    }, [props.initialCardRect]);
 
     useEffect(() => {
         if (transitionState.type !== 'started') {
diff --git a/pkg/webui/ui/src/index.tsx b/pkg/webui/ui/src/index.tsx
index 391fce39b..56bd96bd1 100644
--- a/pkg/webui/ui/src/index.tsx
+++ b/pkg/webui/ui/src/index.tsx
@@ -8,13 +8,17 @@ import reportWebVitals from './reportWebVitals';
 import '@fontsource-variable/nunito';
 
 import { Router } from "./components/Router";
+import { ThemeProvider } from '@mui/material';
+import { light } from './components/theme';
 
 const root = ReactDOM.createRoot(
     document.getElementById('root') as HTMLElement
 );
 root.render(
     <React.StrictMode>
-        <RouterProvider router={Router}/>
+        <ThemeProvider theme={light}>
+            <RouterProvider router={Router} />
+        </ThemeProvider>
     </React.StrictMode>
 );
 
diff --git a/pkg/webui/ui/src/models-static.ts b/pkg/webui/ui/src/models-static.ts
index 2d067c58f..253e6e100 100644
--- a/pkg/webui/ui/src/models-static.ts
+++ b/pkg/webui/ui/src/models-static.ts
@@ -5,13 +5,17 @@ export class GitRef {
 
     ref?: string
 
-    constructor(source: any = {}) {
+    constructor(source?: any) {
         if ('string' === typeof source) {
             // this is needed to parse legacy string refs
             this.ref = source
             return
         }
 
+        if (source === null || source === undefined) {
+            return;
+        }
+
         this.branch = source["branch"];
         this.tag = source["tag"];
         this.commit = source["commit"];

From e659e9c875ee15b2bb28903d5731be1732b1667a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Jun 2023 08:18:27 +0200
Subject: [PATCH 1272/2268] fix: Properly collect git checkout info (#636)

Extracting it from the checked out repo resulted in the loss of the
ref as we're checking out by commit.
---
 pkg/controllers/kluctl_project.go             | 12 ++++-----
 .../kluctldeployment_controller.go            |  2 +-
 pkg/git/utils.go                              | 19 +++-----------
 pkg/repocache/cache.go                        | 25 ++++++++++---------
 4 files changed, 23 insertions(+), 35 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index cf1cf1140..7b7e88079 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -6,6 +6,7 @@ import (
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -44,7 +45,7 @@ type preparedProject struct {
 
 	rp *repocache.GitRepoCache
 
-	commit     string
+	co         git.CheckoutInfo
 	tmpDir     string
 	repoDir    string
 	projectDir string
@@ -96,12 +97,12 @@ func prepareProject(ctx context.Context,
 			return nil, fmt.Errorf("failed clone source: %w", err)
 		}
 
-		clonedDir, gi, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref)
+		clonedDir, co, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref)
 		if err != nil {
 			return nil, err
 		}
 
-		pp.commit = gi.CheckedOutCommit
+		pp.co = co
 		pp.repoDir = clonedDir
 
 		// check kluctl project path exists
@@ -651,9 +652,8 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		Namespace: pt.pp.obj.Namespace,
 	}
 
-	cmdResult.GitInfo.Url = &pt.pp.obj.Spec.Source.URL
-	cmdResult.GitInfo.Ref = pt.pp.obj.Spec.Source.Ref
-	cmdResult.ProjectKey.GitRepoKey = pt.pp.obj.Spec.Source.URL.RepoKey()
+	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
+	cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
 
 	var err error
 	if pt.pp.r.ResultStore != nil {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 6612a18fd..bf2229687 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -219,7 +219,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 	defer pp.cleanup()
 
-	obj.Status.ObservedCommit = pp.commit
+	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index ab54973b1..f6fed9979 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -14,22 +15,8 @@ import (
 )
 
 type CheckoutInfo struct {
-	CheckedOutRef    string `json:"checkedOutRef"`
-	CheckedOutCommit string `json:"checkedOutCommit"`
-}
-
-func GetCheckoutInfo(path string) (ri CheckoutInfo, err error) {
-	r, err := git.PlainOpen(path)
-	if err != nil {
-		return
-	}
-	head, err := r.Head()
-	if err != nil {
-		return
-	}
-	ri.CheckedOutRef = head.Name().String()
-	ri.CheckedOutCommit = head.Hash().String()
-	return
+	CheckedOutRef    types.GitRef `json:"checkedOutRef"`
+	CheckedOutCommit string       `json:"checkedOutCommit"`
 }
 
 func DetectGitRepositoryRoot(path string) (string, error) {
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index c1b61be3f..bc7864bbb 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -311,15 +311,23 @@ func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo,
 		ref = &e.defaultRef
 	}
 
-	var ref2, commit string
-	if ref != nil && ref.Commit != "" {
-		ref2 = ref.Commit
+	var commit string
+	var checkoutInfo git.CheckoutInfo
+	if ref.Commit != "" {
 		commit = ref.Commit
+		checkoutInfo.CheckedOutRef = *ref
+		checkoutInfo.CheckedOutCommit = ref.Commit
 	} else {
+		var ref2 string
 		ref2, commit, err = e.findCommit(ref.String())
 		if err != nil {
 			return "", git.CheckoutInfo{}, err
 		}
+		checkoutInfo.CheckedOutRef, err = types.ParseGitRef(ref2)
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
+		checkoutInfo.CheckedOutCommit = commit
 	}
 
 	err = e.mr.CloneProjectByCommit(commit, p)
@@ -327,16 +335,9 @@ func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo,
 		return "", git.CheckoutInfo{}, err
 	}
 
-	repoInfo, err := git.GetCheckoutInfo(p)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	repoInfo.CheckedOutRef = ref2
-
 	e.clonedDirs[*ref] = clonedDir{
 		dir:  p,
-		info: repoInfo,
+		info: checkoutInfo,
 	}
-	return p, repoInfo, nil
+	return p, checkoutInfo, nil
 }

From d8030f8286d6dfbd9b1bf639dfb5c44dcfdf1cda Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Jun 2023 08:18:36 +0200
Subject: [PATCH 1273/2268] fix: Add workaround to support Azure DevOps and
 other protocol-v2 git repos (#637)

---
 pkg/git/mirrored_repo.go | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 5afaeae2c..860b10a0a 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -9,9 +9,12 @@ import (
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/go-git/go-git/v5/plumbing/protocol/packp/capability"
+	"github.com/go-git/go-git/v5/plumbing/transport"
 	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
 	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
@@ -21,6 +24,18 @@ import (
 	"time"
 )
 
+func init() {
+	// see https://github.com/go-git/go-git/pull/613
+	old := transport.UnsupportedCapabilities
+	transport.UnsupportedCapabilities = nil
+	for _, c := range old {
+		if c == capability.MultiACK || c == capability.MultiACKDetailed {
+			continue
+		}
+		transport.UnsupportedCapabilities = append(transport.UnsupportedCapabilities, c)
+	}
+}
+
 var defaultFetch = []config.RefSpec{
 	"+refs/heads/*:refs/heads/*",
 	"+refs/tags/*:refs/tags/*",
@@ -291,7 +306,18 @@ func (g *MirroredGitRepo) cloneOrUpdate() error {
 	initMarker := filepath.Join(g.mirrorDir, ".cache2.init")
 	st, err := os.Stat(initMarker)
 	if err == nil && st.Mode().IsRegular() {
-		return g.update(g.mirrorDir)
+		err = g.update(g.mirrorDir)
+		if err == nil {
+			return nil
+		} else if strings.Contains(err.Error(), "multi_ack") {
+			// looks like the server tried to do multi_ack/multi_ack_detailed, which is not supported.
+			// in that case, retry a full clone which does hopefully not rely on multi_ack.
+			// See https://github.com/go-git/go-git/pull/613
+			// TODO remove this when https://github.com/go-git/go-git/issues/64 gets fully fixed
+			status.Trace(g.ctx, "Got multi_ack related error from remote. Retrying full clone: %v", err)
+		} else {
+			return err
+		}
 	}
 	err = g.cleanupMirrorDir()
 	if err != nil {

From 14829622e4302997fa232025112631454987e98c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Jun 2023 09:06:14 +0200
Subject: [PATCH 1274/2268] build: Preparing release v2.20.7

---
 docs/installation.md                             | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/deployment.yaml              | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index 08875fed7..6f3592807 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -114,5 +114,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.20.6
+        tag: v2.20.7
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index fb4dbb763..ddc1d5ab6 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.6
+    default: v2.20.7
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index fd4f34515..0e60209b9 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.6") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.7") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index da86fe0f1..48ad973f7 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.6
+    default: v2.20.7
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index f266293e3..36dc5b783 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.20.6") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.20.7") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 apiVersion: apps/v1

From 73b01b21eca1fbb633dc68f33a775b2a4a663d37 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Wed, 28 Jun 2023 05:29:48 +0600
Subject: [PATCH 1275/2268] refactor: Unify card components.

---
 .../ui/src/components/targets-view/Card.tsx   | 108 +++++++++++--
 .../targets-view/CommandResultItem.tsx        |  68 ++++++--
 .../components/targets-view/ProjectItem.tsx   |  37 +++++
 .../src/components/targets-view/Projects.tsx  |  56 -------
 .../{Targets.tsx => TargetItem.tsx}           |  61 +++----
 .../components/targets-view/TargetsView.tsx   | 150 +++++++++---------
 6 files changed, 283 insertions(+), 197 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
 delete mode 100644 pkg/webui/ui/src/components/targets-view/Projects.tsx
 rename pkg/webui/ui/src/components/targets-view/{Targets.tsx => TargetItem.tsx} (74%)

diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index b1aeab50a..a7bc77d1f 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,31 +1,31 @@
 import React from "react";
-import { Box, BoxProps, Paper, PaperProps } from "@mui/material"
+import { Box, BoxProps, Paper, PaperProps, Tooltip, Typography } from "@mui/material"
 
 export const cardWidth = 247;
-export const projectCardHeight = 80;
+export const projectCardMinHeight = 80;
 export const cardHeight = 126;
 export const cardGap = 20;
 
-export function CardPaper(props: PaperProps) {
+export const CardPaper = React.forwardRef((props: PaperProps, ref: React.ForwardedRef<HTMLDivElement>) => {
     const { sx, ...rest } = props;
     return <Paper
         elevation={5}
         sx={{
-            width: "100%",
-            height: "100%",
+            width: cardWidth,
+            height: cardHeight,
             borderRadius: '12px',
             border: '1px solid #59A588',
             boxShadow: '4px 4px 10px #1E617A',
+            flexShrink: 0,
             ...sx
         }}
         {...rest}
+        ref={ref}
     />
-}
-
-export const Card = React.forwardRef((props: BoxProps, ref) => {
-    return <Box display='flex' flexShrink={0} width={cardWidth} height={cardHeight} {...props} ref={ref} />
 });
 
+CardPaper.displayName = 'CardPaper';
+
 export function CardCol(props: BoxProps) {
     return <Box display='flex' flexDirection='column' gap={`${cardGap}px`} {...props} />
 }
@@ -33,3 +33,93 @@ export function CardCol(props: BoxProps) {
 export function CardRow(props: BoxProps) {
     return <Box display='flex' gap={`${cardGap}px`} {...props} />
 }
+
+export const CardTemplate = React.forwardRef((props: {
+    paperProps?: PaperProps,
+    boxProps?: BoxProps,
+    icon?: React.ReactNode,
+    iconTooltip?: React.ReactNode,
+    header?: string,
+    headerTooltip?: React.ReactNode,
+    subheader?: string,
+    subheaderTooltip?: React.ReactNode,
+    body?: React.ReactNode,
+    footer?: React.ReactNode
+}, ref: React.ForwardedRef<HTMLDivElement>) => {
+    const icon = props.icon && (
+        <Tooltip title={props.iconTooltip}>
+            <Box
+                width='45px'
+                height='45px'
+                flex='0 0 auto'
+                justifyContent='center'
+                alignItems='center'
+            >
+                {props.icon}
+            </Box>
+        </Tooltip>
+    );
+
+    const header = props.header && (
+        <Tooltip title={props.headerTooltip}>
+            <Typography
+                variant='h6'
+                textAlign='left'
+                textOverflow='ellipsis'
+                overflow='hidden'
+                flexGrow={1}
+            >
+                {props.header}
+            </Typography>
+        </Tooltip>
+    );
+
+    const subheader = props.subheader && (
+        <Tooltip title={props.subheaderTooltip}>
+            <Typography
+                variant='subtitle1'
+                textAlign='left'
+                textOverflow='ellipsis'
+                overflow='hidden'
+                whiteSpace='nowrap'
+                fontSize='14px'
+                fontWeight={500}
+                lineHeight='19px'
+            >
+                {props.subheader}
+            </Typography>
+        </Tooltip>
+    );
+
+    const body = props.body && (
+        <Box flex='1 1 auto'>{props.body}</Box>
+    );
+
+    const footer = props.footer && (
+        <Box display='flex' alignItems='center' justifyContent='space-between'>
+            {props.footer}
+        </Box>
+    );
+
+    return <CardPaper {...props.paperProps} ref={ref}>
+        <Box
+            display='flex'
+            flexDirection='column'
+            justifyContent='space-between'
+            height='100%'
+            {...props.boxProps}
+        >
+            <Box flex='0 0 auto' display='flex' gap='15px'>
+                {icon}
+                <Box flex='1 1 auto'>
+                    {header}
+                    {subheader}
+                </Box>
+            </Box>
+            {body}
+            {footer}
+        </Box>
+    </CardPaper>
+});
+
+CardTemplate.displayName = 'CardTemplate';
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index f2f7bf2eb..2ef8dce1a 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -8,7 +8,7 @@ import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
-import { CardPaper } from "./Card";
+import { CardTemplate } from "./Card";
 
 export const CommandResultItemHeader = React.memo((props: { rs: CommandResultSummary }) => {
     const { rs } = props;
@@ -75,22 +75,58 @@ export const CommandResultItemHeader = React.memo((props: { rs: CommandResultSum
     </Box>
 });
 
-export const CommandResultItem = React.memo((props: {
+export const CommandResultItem = React.memo(React.forwardRef((props: {
     ps: ProjectSummary,
     ts: TargetSummary,
     rs: CommandResultSummary,
     onSelectCommandResult: (rs: CommandResultSummary) => void,
-}) => {
+}, ref: React.ForwardedRef<HTMLDivElement>) => {
     const { rs, onSelectCommandResult } = props;
-    const navigate = useNavigate()
+    const navigate = useNavigate();
+    const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
+
+    let Icon: () => JSX.Element = DiffIcon
+    switch (rs.commandInfo?.command) {
+        case "delete":
+            Icon = PruneIcon
+            break
+        case "deploy":
+            Icon = DeployIcon
+            break
+        case "diff":
+            Icon = DiffIcon
+            break
+        case "poke-images":
+            Icon = DeployIcon
+            break
+        case "prune":
+            Icon = PruneIcon
+            break
+    }
 
-    return <CardPaper
-        sx={{ padding: '20px 16px 5px 16px' }}
-        onClick={() => onSelectCommandResult(rs)}
-    >
-        <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
-            <CommandResultItemHeader rs={rs} />
-            <Box display='flex' alignItems='center' justifyContent='space-between'>
+    const iconTooltip = useMemo(() => {
+        const cmdInfoYaml = yaml.dump(rs.commandInfo);
+        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
+    }, [rs.commandInfo]);
+
+    useEffect(() => {
+        const interval = setInterval(() => setAgo(calcAgo(rs.commandInfo.startTime)), 5000);
+        return () => clearInterval(interval);
+    }, [rs.commandInfo.startTime]);
+
+    return <CardTemplate
+        ref={ref}
+        paperProps={{
+            sx: { padding: '20px 16px 5px 16px' },
+            onClick: () => onSelectCommandResult(rs)
+        }}
+        icon={<Icon />}
+        iconTooltip={iconTooltip}
+        header={rs.commandInfo?.command}
+        subheader={ago}
+        subheaderTooltip={rs.commandInfo.startTime}
+        footer={
+            <>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <CommandResultStatusLine rs={rs} />
                 </Box>
@@ -111,7 +147,9 @@ export const CommandResultItem = React.memo((props: {
                         </Tooltip>
                     </IconButton>
                 </Box>
-            </Box>
-        </Box>
-    </CardPaper>
-});
+            </>
+        }
+    />;
+}));
+
+CommandResultItem.displayName = 'CommandResultItem';
diff --git a/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx b/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
new file mode 100644
index 000000000..12245a491
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
@@ -0,0 +1,37 @@
+import { getLastPathElement } from "../../utils/misc";
+import { Box } from "@mui/material";
+import React from "react";
+import { ProjectIcon } from "../../icons/Icons";
+import { ProjectSummary } from "../../project-summaries";
+import { CardTemplate, projectCardMinHeight } from "./Card";
+
+export const ProjectItem = React.memo((props: { ps: ProjectSummary }) => {
+    const name = getLastPathElement(props.ps.project.gitRepoKey)
+    const subDir = props.ps.project.subDir
+
+    const projectInfo = <Box>
+        {props.ps.project.gitRepoKey}<br />
+        {props.ps.project.subDir ? <>
+            SubDir: {props.ps.project.subDir}<br />
+        </> : <></>}
+    </Box>
+
+    return <CardTemplate
+        paperProps={{
+            sx: {
+                padding: '20px 16px',
+                height: 'auto',
+                minHeight: projectCardMinHeight
+            }
+        }}
+        boxProps={{
+            justifyContent: 'center'
+        }}
+        icon={name && <ProjectIcon />}
+        header={name}
+        headerTooltip={projectInfo}
+        subheader={subDir}
+    />;
+});
+
+ProjectItem.displayName = 'ProjectItem';
diff --git a/pkg/webui/ui/src/components/targets-view/Projects.tsx b/pkg/webui/ui/src/components/targets-view/Projects.tsx
deleted file mode 100644
index cbf643318..000000000
--- a/pkg/webui/ui/src/components/targets-view/Projects.tsx
+++ /dev/null
@@ -1,56 +0,0 @@
-import { getLastPathElement } from "../../utils/misc";
-import { Box, Typography } from "@mui/material";
-import React from "react";
-import Tooltip from "@mui/material/Tooltip";
-import { ProjectIcon } from "../../icons/Icons";
-import { ProjectSummary } from "../../project-summaries";
-import { CardPaper } from "./Card";
-
-export const ProjectItem = (props: { ps: ProjectSummary }) => {
-    const name = getLastPathElement(props.ps.project.gitRepoKey)
-    const subDir = props.ps.project.subDir
-
-    const projectInfo = <Box>
-        {props.ps.project.gitRepoKey}<br />
-        {props.ps.project.subDir ? <>
-            SubDir: {props.ps.project.subDir}<br />
-        </> : <></>}
-    </Box>
-
-    return <CardPaper
-        sx={{ padding: '5px 16px' }}
-    >
-        <Box display="flex" flexDirection={"column"} justifyContent='center' height={"100%"}>
-            <Box display='flex' alignItems='center' gap='15px'>
-                {name && (
-                    <>
-                        <Box flexShrink={0}><ProjectIcon /></Box>
-                        <Tooltip title={projectInfo}>
-                            <Typography
-                                variant='h6'
-                                textAlign='left'
-                                textOverflow='ellipsis'
-                                overflow='hidden'
-                                flexGrow={1}
-                            >
-                                {name}
-                            </Typography>
-                        </Tooltip>
-                    </>
-                )}
-            </Box>
-            <Box>
-                {subDir ?
-                    <Typography textAlign={"center"}>{subDir}</Typography>
-                    : <></>}
-            </Box>
-            <Box>
-                <Box display={"flex"}>
-                    <Box marginLeft={"auto"}>
-                        {/*<ActionsMenu menuItems={actionMenuItems}/>*/}
-                    </Box>
-                </Box>
-            </Box>
-        </Box>
-    </CardPaper>
-}
diff --git a/pkg/webui/ui/src/components/targets-view/Targets.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
similarity index 74%
rename from pkg/webui/ui/src/components/targets-view/Targets.tsx
rename to pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 5127a4b09..620aef8b7 100644
--- a/pkg/webui/ui/src/components/targets-view/Targets.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -8,7 +8,7 @@ import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
 import { ApiContext } from "../App";
-import { CardPaper } from "./Card";
+import { CardTemplate } from "./Card";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -54,7 +54,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     </Tooltip>
 }
 
-export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSelectTarget: (ts?: TargetSummary) => void }) => {
+export const TargetItem = React.memo((props: { ps: ProjectSummary, ts: TargetSummary, onSelectTarget: (ts?: TargetSummary) => void }) => {
     const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
 
@@ -126,42 +126,17 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
         targetName = "<no-name>"
     }
 
-    return <CardPaper
-        sx={{ padding: '20px 16px 12px 16px' }}
-        onClick={e => props.onSelectTarget(props.ts)}
-    >
-        <Box display='flex' flexDirection='column' justifyContent='space-between' height='100%'>
-            <Box display='flex' gap='15px'>
-                <Box flexShrink={0}><TargetIcon /></Box>
-                <Box flexGrow={1}>
-                    <Typography
-                        variant='h6'
-                        textAlign='left'
-                        textOverflow='ellipsis'
-                        overflow='hidden'
-                        flexGrow={1}
-                    >
-                        {targetName}
-                    </Typography>
-                    {allContexts.length ?
-                        <Tooltip title={contextTooltip}>
-                            <Typography
-                                variant='subtitle1'
-                                textAlign='left'
-                                textOverflow='ellipsis'
-                                overflow='hidden'
-                                whiteSpace='nowrap'
-                                fontSize='14px'
-                                fontWeight={500}
-                                lineHeight='19px'
-                            >
-                                {allContexts[0]}
-                            </Typography>
-                        </Tooltip>
-                        : <></>}
-                </Box>
-            </Box>
-            <Box display='flex' alignItems='center' justifyContent='space-between'>
+    return <CardTemplate
+        paperProps={{
+            sx: { padding: '20px 16px 12px 16px' },
+            onClick: e => props.onSelectTarget(props.ts)
+        }}
+        icon={<TargetIcon />}
+        header={targetName}
+        subheader={allContexts.length ? allContexts[0] : ''}
+        subheaderTooltip={allContexts.length ? contextTooltip : undefined}
+        footer={
+            <>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
                         <Box display='flex'><CpuIcon /></Box>
@@ -174,7 +149,9 @@ export const TargetItem = (props: { ps: ProjectSummary, ts: TargetSummary, onSel
                     <StatusIcon {...props} />
                     <ActionsMenu menuItems={actionMenuItems} />
                 </Box>
-            </Box>
-        </Box>
-    </CardPaper>
-}
+            </>
+        }
+    />;
+});
+
+TargetItem.displayName = 'TargetItem';
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 9a32025da..333e001d4 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -2,12 +2,12 @@ import { TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
 import React, { useCallback, useContext, useMemo, useRef, useState } from "react";
 import { AppContext } from "../App";
-import { ProjectItem } from "./Projects";
-import { TargetItem } from "./Targets";
+import { ProjectItem } from "./ProjectItem";
+import { TargetItem } from "./TargetItem";
 import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
 import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
-import { Card, CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth, projectCardHeight } from "./Card";
+import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
 import { TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { HistoryCards } from "./HistoryCards";
@@ -50,6 +50,49 @@ const Circle = React.memo((props: React.SVGProps<SVGCircleElement>) => {
     />
 })
 
+const RelationHorizontalLine = React.memo(() => {
+    const theme = useTheme();
+    return <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
+        <svg
+            xmlns='http://www.w3.org/2000/svg'
+            fill='none'
+            height={`${2 * circleRadius + strokeWidth}px`}
+            width='100%'
+        >
+            <svg
+                height='100%'
+                width='100%'
+                viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
+                fill='none'
+                preserveAspectRatio='none'
+            >
+                <path
+                    d={`
+                  M ${circleRadius + strokeWidth / 2} ${circleRadius + strokeWidth / 2}
+                  H ${100 - circleRadius - strokeWidth / 2}
+                `}
+                    stroke={theme.palette.secondary.main}
+                    strokeWidth={strokeWidth}
+                />
+            </svg>
+            <svg
+                fill='none'
+                height='100%'
+                width='100%'
+            >
+                <Circle cx={circleRadius + strokeWidth / 2} cy='50%' />
+            </svg>
+            <svg
+                fill='none'
+                height='100%'
+                width='100%'
+            >
+                <Circle cx={`calc(100% - ${circleRadius + strokeWidth / 2}px)`} cy='50%' />
+            </svg>
+        </svg>
+    </Box>;
+});
+
 const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
     const theme = useTheme();
     const height = targetCount * cardHeight + (targetCount - 1) * cardGap
@@ -129,7 +172,6 @@ function mkTargetHash(tk: TargetKey): string {
 }
 
 export const TargetsView = () => {
-    const theme = useTheme();
     const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
 
     const navigate = useNavigate();
@@ -165,7 +207,7 @@ export const TargetsView = () => {
     }, [navigate]);
 
     const cardRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
- 
+
     if (historyCardsTarget) {
         const cardElem = cardRefs.current.get(historyCardsTarget);
         const cardRect = cardElem?.getBoundingClientRect();
@@ -192,9 +234,7 @@ export const TargetsView = () => {
             return <Box key={buildListKey(ps.project)}>
                 <Box display={"flex"} alignItems={"center"} margin='40px 0'>
                     <Box display='flex' alignItems='center' width={colWidth} flex='0 0 auto'>
-                        <Card height={projectCardHeight}>
-                            <ProjectItem ps={ps} />
-                        </Card>
+                        <ProjectItem ps={ps} />
                         <Box
                             flexGrow={1}
                             height={ps.targets.length * cardHeight + (ps.targets.length - 1) * cardGap}
@@ -209,49 +249,12 @@ export const TargetsView = () => {
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
                             return <Box key={buildListKey(ts.target)} display='flex'>
-                                <Card>
-                                    <TargetItem ps={ps} ts={ts}
-                                        onSelectTarget={setSelectedTargetSummary} />
-                                </Card>
-                                <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
-                                    <svg
-                                        xmlns='http://www.w3.org/2000/svg'
-                                        fill='none'
-                                        height={`${2 * circleRadius + strokeWidth}px`}
-                                        width='100%'
-                                    >
-                                        <svg
-                                            height='100%'
-                                            width='100%'
-                                            viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
-                                            fill='none'
-                                            preserveAspectRatio='none'
-                                        >
-                                            <path
-                                                d={`
-                                                  M ${circleRadius + strokeWidth / 2} ${circleRadius + strokeWidth / 2}
-                                                  H ${100 - circleRadius - strokeWidth / 2}
-                                                `}
-                                                stroke={theme.palette.secondary.main}
-                                                strokeWidth={strokeWidth}
-                                            />
-                                        </svg>
-                                        <svg
-                                            fill='none'
-                                            height='100%'
-                                            width='100%'
-                                        >
-                                            <Circle cx={circleRadius + strokeWidth / 2} cy='50%' />
-                                        </svg>
-                                        <svg
-                                            fill='none'
-                                            height='100%'
-                                            width='100%'
-                                        >
-                                            <Circle cx={`calc(100% - ${circleRadius + strokeWidth / 2}px)`} cy='50%' />
-                                        </svg>
-                                    </svg>
-                                </Box>
+                                <TargetItem
+                                    ps={ps}
+                                    ts={ts}
+                                    onSelectTarget={setSelectedTargetSummary}
+                                />
+                                <RelationHorizontalLine />
                             </Box>
                         })}
                     </CardCol>
@@ -259,30 +262,27 @@ export const TargetsView = () => {
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
                             return <CardRow key={buildListKey(ts.target)} height={cardHeight}>
-                                {ts.commandResults?.map((rs, i) => {
-                                    return <Card
-                                        key={rs.id}
-                                        sx={{
-                                            translate: `${-i * (cardWidth + cardGap / 2)}px`,
-                                            zIndex: -i,
-                                            display: i < 4 ? 'flex' : 'none'
-                                        }}
-                                        ref={(r: HTMLElement) => {
-                                            if (i === 0) {
-                                                cardRefs.current.set(ts, r);
-                                            }
-                                        }}
-                                    >
-                                        {i === 0
-                                            ? <CommandResultItem
-                                                ps={ps}
-                                                ts={ts}
-                                                rs={rs}
-                                                onSelectCommandResult={() => onSelectHistoryCardsTarget(ts)}
-                                            />
-                                            : <CardPaper />
-                                        }
-                                    </Card>
+                                {ts.commandResults?.slice(0, 4).map((rs, i) => {
+                                    return i === 0
+                                        ? <CommandResultItem
+                                            key={rs.id}
+                                            ps={ps}
+                                            ts={ts}
+                                            rs={rs}
+                                            onSelectCommandResult={() => onSelectHistoryCardsTarget(ts)}
+                                            ref={(elem) => {
+                                                if (i === 0 && elem) {
+                                                    cardRefs.current.set(ts, elem);
+                                                }
+                                            }}
+                                        />
+                                        : <CardPaper
+                                            key={rs.id}
+                                            sx={{
+                                                translate: `${-i * (cardWidth + cardGap / 2)}px`,
+                                                zIndex: -i,
+                                            }}
+                                        />
                                 })}
                             </CardRow>
                         })}

From 5195bbfad8177b6e5b323178a53ccbebf0c6df79 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Thu, 29 Jun 2023 07:46:13 +0600
Subject: [PATCH 1276/2268] feat: Make target cards expandable like history
 cards.

---
 pkg/webui/ui/src/components/Router.tsx        |   2 +-
 .../ui/src/components/targets-view/Card.tsx   |  62 +++-
 .../targets-view/CommandResultItem.tsx        | 138 ++++---
 .../targets-view/ExpandedCardsView.tsx        | 202 +++++++++++
 .../components/targets-view/HistoryCards.tsx  | 342 ------------------
 .../components/targets-view/ProjectItem.tsx   |   3 +-
 .../targets-view/TargetDetailsDrawer.tsx      | 112 ------
 .../components/targets-view/TargetItem.tsx    | 123 ++++++-
 .../components/targets-view/TargetsView.tsx   | 112 +++---
 9 files changed, 517 insertions(+), 579 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
 delete mode 100644 pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
 delete mode 100644 pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index b0398a9e7..014fb2ec8 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -21,7 +21,7 @@ export const Router = createHashRouter([
         errorElement: <ErrorPage />,
         children: [
             {
-                path: "targets/:targetKeyHash?",
+                path: "targets/:targetKeyHash?/history?",
                 element: <TargetsView />,
                 errorElement: <ErrorPage />,
             },
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index a7bc77d1f..14213fa1b 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,5 +1,8 @@
 import React from "react";
-import { Box, BoxProps, Paper, PaperProps, Tooltip, Typography } from "@mui/material"
+import { Box, BoxProps, Divider, IconButton, Paper, PaperProps, Tab, Tooltip, Typography } from "@mui/material"
+import { CloseLightIcon } from "../../icons/Icons";
+import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
+import { TabContext, TabList, TabPanel } from "@mui/lab";
 
 export const cardWidth = 247;
 export const projectCardMinHeight = 80;
@@ -11,12 +14,13 @@ export const CardPaper = React.forwardRef((props: PaperProps, ref: React.Forward
     return <Paper
         elevation={5}
         sx={{
-            width: cardWidth,
-            height: cardHeight,
+            width: '100%',
+            height: '100%',
             borderRadius: '12px',
             border: '1px solid #59A588',
             boxShadow: '4px 4px 10px #1E617A',
             flexShrink: 0,
+            position: 'relative',
             ...sx
         }}
         {...rest}
@@ -44,7 +48,9 @@ export const CardTemplate = React.forwardRef((props: {
     subheader?: string,
     subheaderTooltip?: React.ReactNode,
     body?: React.ReactNode,
-    footer?: React.ReactNode
+    footer?: React.ReactNode,
+    showCloseButton?: boolean,
+    onClose?: () => void
 }, ref: React.ForwardedRef<HTMLDivElement>) => {
     const icon = props.icon && (
         <Tooltip title={props.iconTooltip}>
@@ -85,6 +91,7 @@ export const CardTemplate = React.forwardRef((props: {
                 fontSize='14px'
                 fontWeight={500}
                 lineHeight='19px'
+                width='max-content'
             >
                 {props.subheader}
             </Typography>
@@ -92,7 +99,7 @@ export const CardTemplate = React.forwardRef((props: {
     );
 
     const body = props.body && (
-        <Box flex='1 1 auto'>{props.body}</Box>
+        <Box flex='1 1 auto' overflow='hidden' padding='0 16px'>{props.body}</Box>
     );
 
     const footer = props.footer && (
@@ -102,11 +109,23 @@ export const CardTemplate = React.forwardRef((props: {
     );
 
     return <CardPaper {...props.paperProps} ref={ref}>
+        {props.showCloseButton && (
+            <Box
+                position='absolute'
+                right='10px'
+                top='10px'
+            >
+                <IconButton onClick={props.onClose}>
+                    <CloseLightIcon />
+                </IconButton>
+            </Box>
+        )}
         <Box
             display='flex'
             flexDirection='column'
             justifyContent='space-between'
             height='100%'
+            gap='10px'
             {...props.boxProps}
         >
             <Box flex='0 0 auto' display='flex' gap='15px'>
@@ -123,3 +142,36 @@ export const CardTemplate = React.forwardRef((props: {
 });
 
 CardTemplate.displayName = 'CardTemplate';
+
+export const CardBody = React.memo((props: { provider: SidePanelProvider }) => {
+    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
+
+    if (!props.provider
+        || !selectedTab
+        || !tabs.find(x => x.label === selectedTab)
+    ) {
+        return null;
+    }
+
+    return <TabContext value={selectedTab}>
+        <Box display='flex' flexDirection='column' height='100%' overflow='hidden'>
+            <Box height='36px' flex='0 0 auto' p='0'>
+                <TabList onChange={handleTabChange}>
+                    {tabs.map((tab, i) => {
+                        return <Tab label={tab.label} value={tab.label} key={tab.label} />
+                    })}
+                </TabList>
+            </Box>
+            <Divider sx={{ margin: 0 }} />
+            <Box overflow='auto' p='10px 0'>
+                {tabs.map(tab => {
+                    return <TabPanel key={tab.label} value={tab.label} sx={{ padding: 0 }}>
+                        {tab.content}
+                    </TabPanel>
+                })}
+            </Box>
+        </Box>
+    </TabContext>
+});
+
+CardBody.displayName = 'CardBody';
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 2ef8dce1a..23e97e394 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,87 +1,75 @@
-import React, { useEffect, useMemo, useState } from "react";
+import React, { useContext, useEffect, useMemo, useState } from "react";
 import { CommandResultSummary } from "../../models";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
-import { Box, IconButton, Tooltip, Typography } from "@mui/material";
+import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
-import { CardTemplate } from "./Card";
+import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
+import { ApiContext } from "../App";
+import { Loading, useLoadingHelper } from "../Loading";
+import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
+import { ErrorMessage } from "../ErrorMessage";
+import { Api } from "../../api";
 
-export const CommandResultItemHeader = React.memo((props: { rs: CommandResultSummary }) => {
-    const { rs } = props;
-    const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
+async function doGetRootNode(api: Api, rs: CommandResultSummary) {
+    const [shortNames, r] = await Promise.all([
+        api.getShortNames(),
+        api.getResult(rs.id)
+    ]);
+    const builder = new NodeBuilder({
+        shortNames: shortNames,
+        summary: rs,
+        commandResult: r,
+    });
+    const [node] = builder.buildRoot();
+    return node;
+}
 
-    let Icon: () => JSX.Element = DiffIcon
-    switch (rs.commandInfo?.command) {
-        case "delete":
-            Icon = PruneIcon
-            break
-        case "deploy":
-            Icon = DeployIcon
-            break
-        case "diff":
-            Icon = DiffIcon
-            break
-        case "poke-images":
-            Icon = DeployIcon
-            break
-        case "prune":
-            Icon = PruneIcon
-            break
-    }
+export const CommandResultItemBody = React.memo((props: {
+    rs: CommandResultSummary
+}) => {
+    const api = useContext(ApiContext);
+    const [loading, loadingError, node] = useLoadingHelper(() => {
+        return doGetRootNode(api, props.rs)
+    }, [api, props.rs]);
 
-    const iconTooltip = useMemo(() => {
-        const cmdInfoYaml = yaml.dump(rs.commandInfo);
-        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
-    }, [rs.commandInfo]);
+    if (loading) {
+        return <Loading />;
+    }
 
-    useEffect(() => {
-        const interval = setInterval(() => setAgo(calcAgo(rs.commandInfo.startTime)), 5000);
-        return () => clearInterval(interval);
-    }, [rs.commandInfo.startTime]);
+    if (loadingError) {
+        return <ErrorMessage>
+            {loadingError.message}
+        </ErrorMessage>;
+    }
 
+    if (!node) {
+        return null;
+    }
 
-    return <Box display='flex' gap='15px'>
-        <Tooltip title={iconTooltip}>
-            <Box width='45px' height='45px' flex='0 0 auto' justifyContent='center' alignItems='center'>
-                <Icon />
-            </Box>
-        </Tooltip>
-        <Box>
-            <Typography
-                variant='h6'
-                textAlign='left'
-                textOverflow='ellipsis'
-                overflow='hidden'
-            >
-                {rs.commandInfo?.command}
-            </Typography>
-            <Tooltip title={rs.commandInfo.startTime}>
-                <Typography
-                    variant='subtitle1'
-                    textAlign='left'
-                    textOverflow='ellipsis'
-                    overflow='hidden'
-                    whiteSpace='nowrap'
-                    fontSize='14px'
-                    fontWeight={500}
-                    lineHeight='19px'
-                >{ago}</Typography>
-            </Tooltip>
-        </Box>
-    </Box>
+    return <CardBody provider={node} />
 });
 
-export const CommandResultItem = React.memo(React.forwardRef((props: {
-    ps: ProjectSummary,
-    ts: TargetSummary,
-    rs: CommandResultSummary,
-    onSelectCommandResult: (rs: CommandResultSummary) => void,
-}, ref: React.ForwardedRef<HTMLDivElement>) => {
-    const { rs, onSelectCommandResult } = props;
+export const CommandResultItem = React.memo(React.forwardRef((
+    props: {
+        rs: CommandResultSummary,
+        onSelectCommandResult?: (rs: CommandResultSummary) => void,
+        sx?: SxProps<Theme>,
+        expanded?: boolean,
+        onClose?: () => void
+    },
+    ref: React.ForwardedRef<HTMLDivElement>
+) => {
+    const {
+        rs,
+        onSelectCommandResult,
+        sx,
+        expanded,
+        onClose
+    } = props;
     const navigate = useNavigate();
     const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
 
@@ -116,15 +104,23 @@ export const CommandResultItem = React.memo(React.forwardRef((props: {
 
     return <CardTemplate
         ref={ref}
+        showCloseButton={expanded}
+        onClose={onClose}
         paperProps={{
-            sx: { padding: '20px 16px 5px 16px' },
-            onClick: () => onSelectCommandResult(rs)
+            sx: { 
+                padding: '20px 16px 5px 16px', 
+                width: cardWidth,
+                height: cardHeight,
+                ...sx,
+            },
+            onClick: () => onSelectCommandResult?.(rs)
         }}
         icon={<Icon />}
         iconTooltip={iconTooltip}
         header={rs.commandInfo?.command}
         subheader={ago}
         subheaderTooltip={rs.commandInfo.startTime}
+        body={expanded && <CommandResultItemBody rs={rs} />}
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
new file mode 100644
index 000000000..781b7885f
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
@@ -0,0 +1,202 @@
+import React, { useCallback, useEffect, useRef, useState } from "react";
+import { Box, IconButton, SxProps, Theme, useTheme } from "@mui/material";
+import { cardHeight, cardWidth } from "./Card";
+import { TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
+
+interface Rect {
+    left: number,
+    top: number,
+    width: number | string,
+    height: number | string
+}
+
+const arrowButtonWidth = 80;
+
+const ArrowButton = React.memo((props: {
+    direction: 'left' | 'right',
+    onClick: () => void,
+    hidden: boolean
+}) => {
+    const Icon = {
+        left: TriangleLeftLightIcon,
+        right: TriangleRightLightIcon
+    }[props.direction];
+
+    return <Box
+        flex='0 0 auto'
+        height='100%'
+        width={`${arrowButtonWidth}px`}
+        display='flex'
+        justifyContent='center'
+        alignItems='center'
+        position='relative'
+        {...{ [props.direction]: 0 }}
+    >
+        {!props.hidden &&
+            <IconButton onClick={props.onClick}>
+                <Icon />
+            </IconButton>
+        }
+    </Box>
+});
+
+type TransitionState =
+    {
+        type: 'initial'
+    } | {
+        type: 'started',
+        cardRect: Rect
+    } | {
+        type: 'running',
+        cardRect: Rect
+    } | {
+        type: 'finished'
+    }
+
+export interface ExpandedCardsViewProps<CardData> {
+    initialCardRect?: DOMRect,
+    cardsData: CardData[],
+    renderCard: (cardData: CardData, sx: SxProps<Theme>, expanded: boolean) => React.ReactNode
+}
+
+export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewProps<CardData>) {
+    const theme = useTheme();
+    const containerElem = useRef<HTMLElement>();
+    const [transitionState, setTransitionState] = useState<TransitionState>({ type: 'initial' });
+    const [currentIndex, setCurrentIndex] = useState(0);
+
+    useEffect(() => {
+        const rect = containerElem.current?.getBoundingClientRect();
+        if (!rect) {
+            setTransitionState({ type: 'initial' });
+            return;
+        }
+
+        if (!props.initialCardRect) {
+            setTransitionState({ type: 'finished' });
+            return;
+        }
+
+        const initialRect = {
+            left: props.initialCardRect.left - rect.left,
+            top: props.initialCardRect.top - rect.top,
+            width: cardWidth,
+            height: cardHeight
+        };
+
+        setTransitionState({
+            type: 'started',
+            cardRect: initialRect
+        });
+    }, [props.initialCardRect]);
+
+    useEffect(() => {
+        if (transitionState.type !== 'started') {
+            return;
+        }
+
+        const targetRect = {
+            left: 0,
+            top: 0,
+            width: '100%',
+            height: '100%'
+        };
+
+        setTimeout(() => {
+            setTransitionState({
+                type: 'running',
+                cardRect: targetRect
+            });
+            setTimeout(() => {
+                setTransitionState({ type: 'finished' });
+            }, theme.transitions.duration.enteringScreen);
+        }, 10);
+    }, [transitionState, theme.transitions.duration.enteringScreen]);
+
+    const onLeftArrowClick = useCallback(() => {
+        if (currentIndex > 0) {
+            setCurrentIndex(i => i - 1);
+        }
+    }, [currentIndex]);
+
+    const onRightArrowClick = useCallback(() => {
+        if (currentIndex < props.cardsData.length - 1) {
+            setCurrentIndex(i => i + 1);
+        }
+    }, [currentIndex, props.cardsData.length]);
+
+    const paddingX = 40;
+    const gap = 2 * (paddingX + arrowButtonWidth);
+
+    return <Box
+        width='100%'
+        height='100%'
+        p={`25px ${paddingX}px`}
+        display='flex'
+        position='relative'
+        overflow='hidden'
+    >
+        <ArrowButton
+            direction='left'
+            onClick={onLeftArrowClick}
+            hidden={currentIndex === 0 || transitionState.type !== 'finished'}
+        />
+        <Box
+            flex='0 0 auto'
+            width={`calc(100% - ${arrowButtonWidth}px * 2)`}
+            display='flex'
+            ref={containerElem}
+        >
+            {(transitionState.type === 'started' || transitionState.type === 'running') &&
+                props.renderCard(
+                    props.cardsData[0],
+                    {
+                        width: transitionState.cardRect.width,
+                        height: transitionState.cardRect.height,
+                        translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
+                        transition: theme.transitions.create(['translate', 'width', 'height'], {
+                            easing: theme.transitions.easing.sharp,
+                            duration: theme.transitions.duration.enteringScreen,
+                        }),
+                    },
+                    false
+                )
+            }
+            {transitionState.type === 'finished' &&
+                <Box
+                    flex='1 1 auto'
+                    width='100%'
+                    height='100%'
+                    display='flex'
+                    gap={`${gap}px`}
+                    sx={{
+                        translate: `calc((-100% - ${gap}px) * ${currentIndex})`,
+                        transition: theme.transitions.create(['translate'], {
+                            easing: theme.transitions.easing.sharp,
+                            duration: theme.transitions.duration.enteringScreen,
+                        })
+                    }}
+                >
+                    {props.cardsData.map((cd) =>
+                        props.renderCard(
+                            cd,
+                            {
+                                width: '100%',
+                                height: '100%',
+                            },
+                            true
+                        )
+                    )}
+                </Box>
+            }
+        </Box>
+        <ArrowButton
+            direction='right'
+            onClick={onRightArrowClick}
+            hidden={
+                currentIndex === props.cardsData.length - 1
+                || transitionState.type !== 'finished'
+            }
+        />
+    </Box>;
+};
diff --git a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx b/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
deleted file mode 100644
index 8024cab4d..000000000
--- a/pkg/webui/ui/src/components/targets-view/HistoryCards.tsx
+++ /dev/null
@@ -1,342 +0,0 @@
-import React, { useCallback, useContext, useEffect, useRef, useState } from "react";
-import { Box, Divider, IconButton, SxProps, Tab, Tooltip, useTheme } from "@mui/material";
-import { CommandResultSummary } from "../../models";
-import { TargetSummary } from "../../project-summaries";
-import { CardPaper, cardHeight, cardWidth } from "./Card";
-import { CommandResultItemHeader } from "./CommandResultItem";
-import { Loading, useLoadingHelper } from "../Loading";
-import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
-import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
-import { TabContext, TabList, TabPanel } from "@mui/lab";
-import { Api } from "../../api";
-import { ApiContext } from "../App";
-import { useNavigate } from "react-router";
-import { CloseLightIcon, TreeViewIcon, TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
-import { ErrorMessage } from "../ErrorMessage";
-
-async function doGetRootNode(api: Api, rs: CommandResultSummary) {
-    const [shortNames, r] = await Promise.all([
-        api.getShortNames(),
-        api.getResult(rs.id)
-    ]);
-    const builder = new NodeBuilder({
-        shortNames: shortNames,
-        summary: rs,
-        commandResult: r,
-    });
-    const [node] = builder.buildRoot();
-    return node;
-}
-
-export interface HistoryCardsProps {
-    targetSummary: TargetSummary,
-    initialCardRect?: DOMRect,
-    onClose: () => void
-}
-
-interface Rect {
-    left: number,
-    top: number,
-    width: number | string,
-    height: number | string
-}
-
-const CardContent = React.memo((props: { provider: SidePanelProvider }) => {
-    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
-
-    if (!props.provider
-        || !selectedTab
-        || !tabs.find(x => x.label === selectedTab)
-    ) {
-        return null;
-    }
-
-    return <TabContext value={selectedTab}>
-        <Box height='36px' flex='0 0 auto' p='0 30px' mt='12px'>
-            <TabList onChange={handleTabChange}>
-                {tabs.map((tab, i) => {
-                    return <Tab label={tab.label} value={tab.label} key={tab.label} />
-                })}
-            </TabList>
-        </Box>
-        <Divider sx={{ margin: 0 }} />
-        <Box overflow='auto' p='30px'>
-            {tabs.map(tab => {
-                return <TabPanel key={tab.label} value={tab.label} sx={{ padding: 0 }}>
-                    {tab.content}
-                </TabPanel>
-            })}
-        </Box>
-    </TabContext>
-});
-
-const arrowButtonWidth = 80;
-
-const ArrowButton = React.memo((props: {
-    direction: 'left' | 'right',
-    onClick: () => void,
-    hidden: boolean
-}) => {
-    const Icon = {
-        left: TriangleLeftLightIcon,
-        right: TriangleRightLightIcon
-    }[props.direction];
-
-    return <Box
-        flex='0 0 auto'
-        height='100%'
-        width={`${arrowButtonWidth}px`}
-        display='flex'
-        justifyContent='center'
-        alignItems='center'
-        position='relative'
-        {...{ [props.direction]: 0 }}
-    >
-        {!props.hidden &&
-            <IconButton onClick={props.onClick}>
-                <Icon />
-            </IconButton>
-        }
-    </Box>
-});
-
-const HistoryCard = React.memo((props: {
-    rs: CommandResultSummary,
-    sx?: SxProps
-    transitionFinished?: boolean,
-    onClose?: () => void;
-}) => {
-    const navigate = useNavigate();
-    const api = useContext(ApiContext);
-    const [loading, loadingError, node] = useLoadingHelper(() => {
-        return doGetRootNode(api, props.rs)
-    }, [api, props.rs]);
-
-    let content: JSX.Element | null = null;
-    if (loading) {
-        content = <Loading />;
-    } else if (props.transitionFinished) {
-        if (loadingError) {
-            content = <ErrorMessage>
-                {loadingError.message}
-            </ErrorMessage>;
-        } else {
-            content = <CardContent provider={node!} />;
-        }
-    }
-
-    return <CardPaper
-        sx={{
-            position: 'relative',
-            ...props.sx
-        }}
-    >
-        <Box
-            position='absolute'
-            right='10px'
-            top='10px'
-        >
-            {props.transitionFinished && (
-                <IconButton onClick={props.onClose}>
-                    <CloseLightIcon />
-                </IconButton>
-            )}
-        </Box>
-        <Box
-            display='flex'
-            flexDirection='column'
-            height='100%'
-            justifyContent='space-between'
-        >
-            <Box p='0 16px' flex='0 0 auto'>
-                <CommandResultItemHeader rs={props.rs} />
-            </Box>
-            <Box width='100%' flex='1 1 auto' overflow='hidden' display='flex' flexDirection='column'>
-                {content}
-            </Box>
-            <Box
-                flex='0 0 auto'
-                height='39px'
-                display='flex'
-                alignItems='center'
-                justifyContent='end'
-                p='0 30px'
-            >
-                <IconButton
-                    onClick={e => {
-                        e.stopPropagation();
-                        navigate(`/results/${props.rs.id}`);
-                    }}
-                    sx={{
-                        padding: 0,
-                        width: 32,
-                        height: 32
-                    }}
-                >
-                    <Tooltip title='Open Result Tree'>
-                        <Box display='flex'><TreeViewIcon /></Box>
-                    </Tooltip>
-                </IconButton>
-            </Box>
-        </Box>
-    </CardPaper>
-});
-
-type TransitionState =
-    {
-        type: 'initial'
-    } | {
-        type: 'started',
-        cardRect: Rect
-    } | {
-        type: 'running',
-        cardRect: Rect
-    } | {
-        type: 'finished'
-    }
-
-export const HistoryCards = React.memo((props: HistoryCardsProps) => {
-    const theme = useTheme();
-    const containerElem = useRef<HTMLElement>();
-    const [transitionState, setTransitionState] = useState<TransitionState>({ type: 'initial' });
-    const [currentRSIndex, setCurrentRSIndex] = useState(0);
-
-    useEffect(() => {
-        const rect = containerElem.current?.getBoundingClientRect();
-        if (!rect) {
-            setTransitionState({ type: 'initial' });
-            return;
-        }
-
-        if (!props.initialCardRect) {
-            setTransitionState({ type: 'finished' });
-            return;
-        }
-
-        const initialRect = {
-            left: props.initialCardRect.left - rect.left,
-            top: props.initialCardRect.top - rect.top,
-            width: cardWidth,
-            height: cardHeight
-        };
-
-        setTransitionState({
-            type: 'started',
-            cardRect: initialRect
-        });
-    }, [props.initialCardRect]);
-
-    useEffect(() => {
-        if (transitionState.type !== 'started') {
-            return;
-        }
-
-        const targetRect = {
-            left: 0,
-            top: 0,
-            width: '100%',
-            height: '100%'
-        };
-
-        setTimeout(() => {
-            setTransitionState({
-                type: 'running',
-                cardRect: targetRect
-            });
-            setTimeout(() => {
-                setTransitionState({ type: 'finished' });
-            }, theme.transitions.duration.enteringScreen);
-        }, 10);
-    }, [transitionState, theme.transitions.duration.enteringScreen]);
-
-    const onLeftArrowClick = useCallback(() => {
-        if (currentRSIndex > 0) {
-            setCurrentRSIndex(i => i - 1);
-        }
-    }, [currentRSIndex]);
-
-    const onRightArrowClick = useCallback(() => {
-        if (currentRSIndex < props.targetSummary.commandResults.length - 1) {
-            setCurrentRSIndex(i => i + 1);
-        }
-    }, [currentRSIndex, props.targetSummary.commandResults.length]);
-
-    const paddingX = 40;
-    const gap = 2 * (paddingX + arrowButtonWidth);
-
-    return <Box
-        width='100%'
-        height='100%'
-        p={`25px ${paddingX}px`}
-        display='flex'
-        position='relative'
-        overflow='hidden'
-    >
-        <ArrowButton
-            direction='left'
-            onClick={onLeftArrowClick}
-            hidden={currentRSIndex === 0 || transitionState.type !== 'finished'}
-        />
-        <Box
-            flex='0 0 auto'
-            width={`calc(100% - ${arrowButtonWidth}px * 2)`}
-            display='flex'
-            ref={containerElem}
-        >
-            {(transitionState.type === 'started' || transitionState.type === 'running') && <HistoryCard
-                sx={{
-                    width: transitionState.cardRect.width,
-                    height: transitionState.cardRect.height,
-                    flex: '0 0 auto',
-                    translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
-                    transition: theme.transitions.create(['translate', 'width', 'height'], {
-                        easing: theme.transitions.easing.sharp,
-                        duration: theme.transitions.duration.enteringScreen,
-                    }),
-                    padding: '20px 0'
-                }}
-                rs={props.targetSummary.commandResults[currentRSIndex]}
-                onClose={props.onClose}
-            />}
-            {transitionState.type === 'finished' &&
-                <Box
-                    flex='1 1 auto'
-                    width='100%'
-                    height='100%'
-                    display='flex'
-                    gap={`${gap}px`}
-                    sx={{
-                        translate: `calc((-100% - ${gap}px) * ${currentRSIndex})`,
-                        transition: theme.transitions.create(['translate'], {
-                            easing: theme.transitions.easing.sharp,
-                            duration: theme.transitions.duration.enteringScreen,
-                        })
-                    }}
-                >
-                    {props.targetSummary.commandResults.map((rs) =>
-                        <HistoryCard
-                            sx={{
-                                width: '100%',
-                                height: '100%',
-                                flex: '0 0 auto',
-                                padding: '20px 0'
-                            }}
-                            rs={rs}
-                            key={rs.id}
-                            transitionFinished={transitionState.type === 'finished'}
-                            onClose={props.onClose}
-                        />
-                    )}
-                </Box>
-            }
-        </Box>
-        <ArrowButton
-            direction='right'
-            onClick={onRightArrowClick}
-            hidden={
-                currentRSIndex === props.targetSummary.commandResults.length - 1
-                || transitionState.type !== 'finished'
-            }
-        />
-    </Box>;
-});
diff --git a/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx b/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
index 12245a491..c4595825e 100644
--- a/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
@@ -3,7 +3,7 @@ import { Box } from "@mui/material";
 import React from "react";
 import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
-import { CardTemplate, projectCardMinHeight } from "./Card";
+import { CardTemplate, cardWidth, projectCardMinHeight } from "./Card";
 
 export const ProjectItem = React.memo((props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
@@ -20,6 +20,7 @@ export const ProjectItem = React.memo((props: { ps: ProjectSummary }) => {
         paperProps={{
             sx: {
                 padding: '20px 16px',
+                width: cardWidth,
                 height: 'auto',
                 minHeight: projectCardMinHeight
             }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx b/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
deleted file mode 100644
index 7b60afdea..000000000
--- a/pkg/webui/ui/src/components/targets-view/TargetDetailsDrawer.tsx
+++ /dev/null
@@ -1,112 +0,0 @@
-import { Box, Drawer, ThemeProvider } from "@mui/material";
-import { SidePanel, SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
-import React from "react";
-import { PropertiesTable } from "../PropertiesTable";
-import { DiffStatus } from "../result-view/nodes/NodeData";
-import { ChangesTable } from "../result-view/ChangesTable";
-import { ErrorsTable } from "../ErrorsTable";
-import { dark } from "../theme";
-import { TargetSummary } from "../../project-summaries";
-
-class MyProvider implements SidePanelProvider {
-    private ts?: TargetSummary;
-    private diffStatus: DiffStatus;
-
-    constructor(ts?: TargetSummary) {
-        this.ts = ts
-        this.diffStatus = new DiffStatus()
-
-        this.ts?.lastValidateResult?.drift?.forEach(co => {
-            this.diffStatus.addChangedObject(co)
-        })
-    }
-
-    buildSidePanelTabs(): SidePanelTab[] {
-        if (!this.ts) {
-            return []
-        }
-
-        const tabs = [
-            { label: "Summary", content: this.buildSummaryTab() }
-        ]
-
-        if (this.ts.target)
-
-            if (this.diffStatus.changedObjects.length) {
-                tabs.push({
-                    label: "Drift",
-                    content: <ChangesTable diffStatus={this.diffStatus} />
-                })
-            }
-        if (this.ts.lastValidateResult?.errors?.length) {
-            tabs.push({
-                label: "Errors",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.errors} />
-            })
-        }
-        if (this.ts.lastValidateResult?.warnings?.length) {
-            tabs.push({
-                label: "Warnings",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings} />
-            })
-        }
-
-        return tabs
-    }
-
-    buildSummaryTab(): React.ReactNode {
-        const props = [
-            { name: "Target Name", value: this.getTargetName() },
-            { name: "Discriminator", value: this.ts?.target.discriminator },
-        ]
-
-        if (this.ts?.lastValidateResult) {
-            props.push({ name: "Ready", value: this.ts.lastValidateResult.ready + "" })
-        }
-        if (this.ts?.lastValidateResult?.errors?.length) {
-            props.push({ name: "Errors", value: this.ts.lastValidateResult.errors.length + "" })
-        }
-        if (this.ts?.lastValidateResult?.warnings?.length) {
-            props.push({ name: "Warnings", value: this.ts.lastValidateResult.warnings.length + "" })
-        }
-        if (this.ts?.lastValidateResult?.drift?.length) {
-            props.push({ name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + "" })
-        }
-
-        return <>
-            <PropertiesTable properties={props} />
-        </>
-    }
-
-    getTargetName() {
-        if (!this.ts) {
-            return ""
-        }
-
-        let name = "<no-name>"
-        if (this.ts.target.targetName) {
-            name = this.ts.target.targetName
-        }
-        return name
-    }
-
-    buildSidePanelTitle(): React.ReactNode {
-        return this.getTargetName()
-    }
-}
-
-export const TargetDetailsDrawer = React.memo((props: { ts?: TargetSummary, onClose: () => void }) => {
-    return <ThemeProvider theme={dark}>
-        <Drawer
-            sx={{ zIndex: 1300 }}
-            anchor={"right"}
-            open={props.ts !== undefined}
-            onClose={props.onClose}
-            ModalProps={{ BackdropProps: { invisible: true } }}
-        >
-            <Box width={"600px"} height={"100%"}>
-                <SidePanel provider={new MyProvider(props.ts)} onClose={props.onClose} />
-            </Box>
-        </Drawer>
-    </ThemeProvider>;
-});
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 620aef8b7..c8f2ac2d6 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,6 +1,6 @@
 import { KluctlDeploymentInfo } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
-import { Box, Typography, useTheme } from "@mui/material";
+import { Box, SxProps, Theme, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
@@ -8,7 +8,12 @@ import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
 import { ApiContext } from "../App";
-import { CardTemplate } from "./Card";
+import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
+import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
+import { DiffStatus } from "../result-view/nodes/NodeData";
+import { ChangesTable } from "../result-view/ChangesTable";
+import { ErrorsTable } from "../ErrorsTable";
+import { PropertiesTable } from "../PropertiesTable";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -54,7 +59,17 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     </Tooltip>
 }
 
-export const TargetItem = React.memo((props: { ps: ProjectSummary, ts: TargetSummary, onSelectTarget: (ts?: TargetSummary) => void }) => {
+export const TargetItem = React.memo(React.forwardRef((
+    props: {
+        ps: ProjectSummary,
+        ts: TargetSummary,
+        onSelectTarget?: (ts: TargetSummary) => void,
+        sx?: SxProps<Theme>,
+        expanded?: boolean,
+        onClose?: () => void
+    },
+    ref: React.ForwardedRef<HTMLDivElement>
+) => {
     const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
 
@@ -127,14 +142,23 @@ export const TargetItem = React.memo((props: { ps: ProjectSummary, ts: TargetSum
     }
 
     return <CardTemplate
+        ref={ref}
+        showCloseButton={props.expanded}
+        onClose={props.onClose}
         paperProps={{
-            sx: { padding: '20px 16px 12px 16px' },
-            onClick: e => props.onSelectTarget(props.ts)
+            sx: {
+                padding: '20px 16px 12px 16px',
+                width: cardWidth,
+                height: cardHeight,
+                ...props.sx
+            },
+            onClick: e => props.onSelectTarget?.(props.ts)
         }}
         icon={<TargetIcon />}
         header={targetName}
         subheader={allContexts.length ? allContexts[0] : ''}
         subheaderTooltip={allContexts.length ? contextTooltip : undefined}
+        body={props.expanded && <CardBody provider={new MyProvider(props.ts)} />}
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
@@ -152,6 +176,93 @@ export const TargetItem = React.memo((props: { ps: ProjectSummary, ts: TargetSum
             </>
         }
     />;
-});
+}));
 
 TargetItem.displayName = 'TargetItem';
+
+class MyProvider implements SidePanelProvider {
+    private ts?: TargetSummary;
+    private diffStatus: DiffStatus;
+
+    constructor(ts?: TargetSummary) {
+        this.ts = ts
+        this.diffStatus = new DiffStatus()
+
+        this.ts?.lastValidateResult?.drift?.forEach(co => {
+            this.diffStatus.addChangedObject(co)
+        })
+    }
+
+    buildSidePanelTabs(): SidePanelTab[] {
+        if (!this.ts) {
+            return []
+        }
+
+        const tabs = [
+            { label: "Summary", content: this.buildSummaryTab() }
+        ]
+
+        if (this.ts.target)
+
+            if (this.diffStatus.changedObjects.length) {
+                tabs.push({
+                    label: "Drift",
+                    content: <ChangesTable diffStatus={this.diffStatus} />
+                })
+            }
+        if (this.ts.lastValidateResult?.errors?.length) {
+            tabs.push({
+                label: "Errors",
+                content: <ErrorsTable errors={this.ts.lastValidateResult.errors} />
+            })
+        }
+        if (this.ts.lastValidateResult?.warnings?.length) {
+            tabs.push({
+                label: "Warnings",
+                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings} />
+            })
+        }
+
+        return tabs
+    }
+
+    buildSummaryTab(): React.ReactNode {
+        const props = [
+            { name: "Target Name", value: this.getTargetName() },
+            { name: "Discriminator", value: this.ts?.target.discriminator },
+        ]
+
+        if (this.ts?.lastValidateResult) {
+            props.push({ name: "Ready", value: this.ts.lastValidateResult.ready + "" })
+        }
+        if (this.ts?.lastValidateResult?.errors?.length) {
+            props.push({ name: "Errors", value: this.ts.lastValidateResult.errors.length + "" })
+        }
+        if (this.ts?.lastValidateResult?.warnings?.length) {
+            props.push({ name: "Warnings", value: this.ts.lastValidateResult.warnings.length + "" })
+        }
+        if (this.ts?.lastValidateResult?.drift?.length) {
+            props.push({ name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + "" })
+        }
+
+        return <>
+            <PropertiesTable properties={props} />
+        </>
+    }
+
+    getTargetName() {
+        if (!this.ts) {
+            return ""
+        }
+
+        let name = "<no-name>"
+        if (this.ts.target.targetName) {
+            name = this.ts.target.targetName
+        }
+        return name
+    }
+
+    buildSidePanelTitle(): React.ReactNode {
+        return this.getTargetName()
+    }
+}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 333e001d4..72001c44a 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,17 +1,16 @@
-import { TargetKey } from "../../models";
+import { CommandResultSummary, TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useContext, useMemo, useRef, useState } from "react";
+import React, { useCallback, useContext, useMemo, useRef } from "react";
 import { AppContext } from "../App";
 import { ProjectItem } from "./ProjectItem";
 import { TargetItem } from "./TargetItem";
 import Divider from "@mui/material/Divider";
 import { CommandResultItem } from "./CommandResultItem";
-import { TargetDetailsDrawer } from "./TargetDetailsDrawer";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
-import { TargetSummary } from "../../project-summaries";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
-import { HistoryCards } from "./HistoryCards";
-import { useNavigate, useParams } from "react-router-dom";
+import { ExpandedCardsView } from "./ExpandedCardsView";
+import { useLocation, useNavigate, useParams } from "react-router-dom";
 import { sha256 } from "js-sha256";
 
 const colWidth = 416;
@@ -172,58 +171,84 @@ function mkTargetHash(tk: TargetKey): string {
 }
 
 export const TargetsView = () => {
-    const [selectedTargetSummary, setSelectedTargetSummary] = useState<TargetSummary | undefined>();
-
     const navigate = useNavigate();
     const { targetKeyHash } = useParams();
+    const { pathname } = useLocation();
     const appContext = useContext(AppContext);
     const projects = appContext.projects;
 
-    const targetsHashes = useMemo(() => {
-        const dict = new Map<string, TargetSummary>();
+    const { targetsHashes, targetsProjects } = useMemo(() => {
+        const targetsHashes = new Map<string, TargetSummary>();
+        const targetsProjects = new Map<TargetSummary, ProjectSummary>();
         projects.forEach(ps =>
-            ps.targets.forEach(ts =>
-                dict.set(mkTargetHash(ts.target), ts)
-            )
+            ps.targets.forEach(ts => {
+                targetsHashes.set(mkTargetHash(ts.target), ts);
+                targetsProjects.set(ts, ps);
+            })
         );
-        return dict;
-    }, [projects]);
-
-    const historyCardsTarget = useMemo(() => {
-        return targetKeyHash ? targetsHashes.get(targetKeyHash) : undefined;
-    }, [targetKeyHash, targetsHashes]);
 
-    const onTargetDetailsDrawerClose = useCallback(() => {
-        setSelectedTargetSummary(undefined);
-    }, []);
+        return { targetsHashes, targetsProjects };
+    }, [projects]);
 
-    const onSelectHistoryCardsTarget = useCallback((ts: TargetSummary) => {
-        onTargetDetailsDrawerClose();
+    const onSelectTargetItem = useCallback((ts: TargetSummary) => {
         navigate(`/targets/${mkTargetHash(ts.target)}`);
-    }, [navigate, onTargetDetailsDrawerClose]);
+    }, [navigate]);
 
-    const onHistoryCardsClose = useCallback(() => {
+    const onSelectCommandResultItem = useCallback((ts: TargetSummary) => {
+        navigate(`/targets/${mkTargetHash(ts.target)}/history`);
+    }, [navigate]);
+
+    const onCardClose = useCallback(() => {
         navigate(`/targets/`);
     }, [navigate]);
 
-    const cardRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
+    const commandResultItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
+    const targetItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
+
+    const selectedTarget = targetKeyHash ? targetsHashes.get(targetKeyHash) : undefined;
+    const parentProject = selectedTarget ? targetsProjects.get(selectedTarget) : undefined;
+    const showHistory = pathname.endsWith('history');
 
-    if (historyCardsTarget) {
-        const cardElem = cardRefs.current.get(historyCardsTarget);
+    if (selectedTarget && parentProject && !showHistory) {
+        const cardElem = targetItemRefs.current.get(selectedTarget);
         const cardRect = cardElem?.getBoundingClientRect();
 
-        return <HistoryCards
-            targetSummary={historyCardsTarget}
+        return <ExpandedCardsView<TargetSummary>
+            cardsData={[selectedTarget]}
+            renderCard={(cardData, sx, expanded) =>
+                <TargetItem
+                    ps={parentProject}
+                    ts={cardData}
+                    sx={sx}
+                    key={mkTargetHash(cardData.target)}
+                    expanded={expanded}
+                    onClose={onCardClose}
+                />
+            }
+            initialCardRect={cardRect}
+        />;
+    }
+
+    if (selectedTarget && showHistory) {
+        const cardElem = commandResultItemRefs.current.get(selectedTarget);
+        const cardRect = cardElem?.getBoundingClientRect();
+
+        return <ExpandedCardsView<CommandResultSummary>
+            cardsData={selectedTarget.commandResults}
+            renderCard={(cardData, sx, expanded) =>
+                <CommandResultItem
+                    rs={cardData}
+                    sx={sx}
+                    key={cardData.id}
+                    expanded={expanded}
+                    onClose={onCardClose}
+                />
+            }
             initialCardRect={cardRect}
-            onClose={onHistoryCardsClose}
         />;
     }
 
     return <Box minWidth={colWidth * 3} p='0 40px'>
-        <TargetDetailsDrawer
-            ts={selectedTargetSummary}
-            onClose={onTargetDetailsDrawerClose}
-        />
         <Box display={"flex"} alignItems={"center"} height='70px'>
             <ColHeader>Projects</ColHeader>
             <ColHeader>Targets</ColHeader>
@@ -252,7 +277,12 @@ export const TargetsView = () => {
                                 <TargetItem
                                     ps={ps}
                                     ts={ts}
-                                    onSelectTarget={setSelectedTargetSummary}
+                                    onSelectTarget={onSelectTargetItem}
+                                    ref={(elem) => {
+                                        if (i === 0 && elem) {
+                                            targetItemRefs.current.set(ts, elem);
+                                        }
+                                    }}
                                 />
                                 <RelationHorizontalLine />
                             </Box>
@@ -266,19 +296,19 @@ export const TargetsView = () => {
                                     return i === 0
                                         ? <CommandResultItem
                                             key={rs.id}
-                                            ps={ps}
-                                            ts={ts}
                                             rs={rs}
-                                            onSelectCommandResult={() => onSelectHistoryCardsTarget(ts)}
+                                            onSelectCommandResult={() => onSelectCommandResultItem(ts)}
                                             ref={(elem) => {
                                                 if (i === 0 && elem) {
-                                                    cardRefs.current.set(ts, elem);
+                                                    commandResultItemRefs.current.set(ts, elem);
                                                 }
                                             }}
                                         />
                                         : <CardPaper
                                             key={rs.id}
                                             sx={{
+                                                width: cardWidth,
+                                                height: cardHeight,
                                                 translate: `${-i * (cardWidth + cardGap / 2)}px`,
                                                 zIndex: -i,
                                             }}

From a671d1cbe6e5ca6186b43930df1f261ba481d3a1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Jun 2023 14:24:51 +0200
Subject: [PATCH 1277/2268] feat: Add --concurrency flag to controller run
 (#639)

* chore: Remove unused httpClient

* feat: Implement --concurrent flag for the controller
---
 cmd/kluctl/commands/cmd_controller_run.go         |  3 ++-
 docs/reference/commands/controller-run.md         |  2 ++
 go.mod                                            |  2 +-
 pkg/controllers/kluctldeployment_controller.go    |  5 +----
 .../kluctldeployment_controller_setup.go          | 15 ++++-----------
 5 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index dc9bfb130..dcd08170e 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -42,6 +42,7 @@ type controllerRunCmd struct {
 	MetricsBindAddress     string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
 	HealthProbeBindAddress string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
 	LeaderElect            bool   `group:"misc" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
+	Concurrency            int    `group:"misc" help:"Configures how many KluctlDeployments can be be reconciled concurrently." default:"4"`
 
 	DefaultServiceAccount string `group:"misc" help:"Default service account used for impersonation."`
 	DryRun                bool   `group:"misc" help:"Run all deployments in dryRun=true mode."`
@@ -143,7 +144,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
-		HTTPRetry: 9,
+		Concurrency: cmd.Concurrency,
 	}); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", kluctlv1.KluctlDeploymentKind)
 		os.Exit(1)
diff --git a/docs/reference/commands/controller-run.md b/docs/reference/commands/controller-run.md
index 53589381f..0cb69a263 100644
--- a/docs/reference/commands/controller-run.md
+++ b/docs/reference/commands/controller-run.md
@@ -26,6 +26,8 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --concurrency int                    Configures how many KluctlDeployments can be be reconciled
+                                           concurrently. (default 4)
       --context string                     Override the context to use.
       --default-service-account string     Default service account used for impersonation.
       --dry-run                            Run all deployments in dryRun=true mode.
diff --git a/go.mod b/go.mod
index 969d9b82f..461266e36 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,6 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/go-retryablehttp v0.7.4
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.8
 	github.com/otiai10/copy v1.12.0
@@ -166,6 +165,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v1.4.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index bf2229687..6e3faba73 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
-	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
@@ -36,8 +35,6 @@ import (
 type KluctlDeploymentReconciler struct {
 	client.Client
 	RestConfig            *rest.Config
-	httpClient            *retryablehttp.Client
-	requeueDependency     time.Duration
 	Scheme                *runtime.Scheme
 	EventRecorder         kuberecorder.EventRecorder
 	MetricsRecorder       *metrics.Recorder
@@ -52,7 +49,7 @@ type KluctlDeploymentReconciler struct {
 
 // KluctlDeploymentReconcilerOpts contains options for the BaseReconciler.
 type KluctlDeploymentReconcilerOpts struct {
-	HTTPRetry int
+	Concurrency int
 }
 
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments,verbs=get;list;watch;create;update;patch;delete
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index fd549f1f2..eadbadcfb 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -2,26 +2,19 @@ package controllers
 
 import (
 	"context"
-	"github.com/hashicorp/go-retryablehttp"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
-	"time"
 )
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, opts KluctlDeploymentReconcilerOpts) error {
-	// Configure the retryable http client used for fetching artifacts.
-	// By default it retries 10 times within a 3.5 minutes window.
-	httpClient := retryablehttp.NewClient()
-	httpClient.RetryWaitMin = 5 * time.Second
-	httpClient.RetryWaitMax = 30 * time.Second
-	httpClient.RetryMax = opts.HTTPRetry
-	httpClient.Logger = nil
-	r.httpClient = httpClient
-
 	return ctrl.NewControllerManagedBy(mgr).
+		WithOptions(controller.Options{
+			MaxConcurrentReconciles: opts.Concurrency,
+		}).
 		For(&kluctlv1.KluctlDeployment{}, builder.WithPredicates(
 			predicate.Or(predicate.GenerationChangedPredicate{}, ReconcileRequestedPredicate{}),
 		)).

From 683832c8c8fceb1c15250b7e7d603268e6f9d963 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Jun 2023 14:41:12 +0200
Subject: [PATCH 1278/2268] fix: Remove 'never' from allowed values for
 SafeDuration (#640)

---
 api/v1beta1/util_types.go                                | 2 +-
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 4 ++--
 install/controller/controller/crd.yaml                   | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/api/v1beta1/util_types.go b/api/v1beta1/util_types.go
index 1889c6aef..1236e80e6 100644
--- a/api/v1beta1/util_types.go
+++ b/api/v1beta1/util_types.go
@@ -25,7 +25,7 @@ type SecretKeyReference struct {
 }
 
 // +kubebuilder:validation:Type=string
-// +kubebuilder:validation:Pattern="^(([0-9]+(\\.[0-9]+)?(ms|s|m|h))+)|never$"
+// +kubebuilder:validation:Pattern="^(([0-9]+(\\.[0-9]+)?(ms|s|m|h))+)"
 type SafeDuration struct {
 	metav1.Duration
 }
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index d6113fd16..6c119b815 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -102,7 +102,7 @@ spec:
                 description: DeployInterval specifies the interval at which to deploy
                   the KluctlDeployment, even in cases the rendered result does not
                   change.
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
               deployMode:
                 default: full-deploy
@@ -364,7 +364,7 @@ spec:
                   'kluctl validate -t <target>'. Defaults to the same value as specified
                   in Interval. Validate is also performed whenever a deployment is
                   performed, independent of the value of ValidateInterval
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
             required:
             - interval
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index c3f2648a8..39edc5eea 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -102,7 +102,7 @@ spec:
                 description: DeployInterval specifies the interval at which to deploy
                   the KluctlDeployment, even in cases the rendered result does not
                   change.
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
               deployMode:
                 default: full-deploy
@@ -364,7 +364,7 @@ spec:
                   'kluctl validate -t <target>'. Defaults to the same value as specified
                   in Interval. Validate is also performed whenever a deployment is
                   performed, independent of the value of ValidateInterval
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
+                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
             required:
             - interval

From c0ceee312b9a0c3c08b92a56d5e9d489343c0e5f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 29 Jun 2023 15:09:18 +0200
Subject: [PATCH 1279/2268] fix: Use digests for wolfi-base images (#641)

---
 .goreleaser.yaml | 6 ++++--
 Dockerfile       | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 06062b7e2..9f0408dea 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -88,7 +88,8 @@ dockers:
     goarch: amd64
     build_flag_templates:
       - "--pull"
-      - "--build-arg=ARCH=linux-amd64"
+      # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
+      - "--build-arg=WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e329ef964"
       - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
@@ -103,7 +104,8 @@ dockers:
     goarch: arm64
     build_flag_templates:
       - "--pull"
-      - "--build-arg=ARCH=linux-arm64"
+      # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
+      - "--build-arg=WOLFI_DIGEST=sha256:05a4280b4c5b5cafc7eb2a012983bc79e3ddca938f01ddc3deb797ca3fddd399"
       - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
diff --git a/Dockerfile b/Dockerfile
index 3515958cd..83dfc0c88 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
-FROM cgr.dev/chainguard/wolfi-base
+ARG WOLFI_DIGEST
+FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # We need git for kustomize to support overlays from git
 RUN apk add git

From 5e94a8e07a2789629a4e4446a1f41099ae21cb30 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 1 Jul 2023 00:03:12 +0200
Subject: [PATCH 1280/2268] ci: Use default wolfi digest in Dockerfile

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 83dfc0c88..875106725 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
-ARG WOLFI_DIGEST
+ARG WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e329ef964
 FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # We need git for kustomize to support overlays from git

From f56b60319f2b03de10052fa9fcfbd079bac48766 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 1 Jul 2023 00:03:24 +0200
Subject: [PATCH 1281/2268] fix: Add tzdata to docker image

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 875106725..043508693 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e
 FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # We need git for kustomize to support overlays from git
-RUN apk add git
+RUN apk add git tzdata
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache

From 80a044db12a3cb1ade67334001781dc901fd824a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 1 Jul 2023 00:03:47 +0200
Subject: [PATCH 1282/2268] feat: Allow to override controller/webui resources

---
 install/controller/.kluctl.yaml                  | 2 ++
 install/controller/controller/kustomization.yaml | 5 +++++
 install/webui/.kluctl.yaml                       | 2 ++
 install/webui/webui/deployment.yaml              | 4 ++++
 4 files changed, 13 insertions(+)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index ddc1d5ab6..6d0dcc801 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -9,3 +9,5 @@ args:
     default: []
   - name: controller_envs
     default: []
+  - name: controller_resources
+    default: {}
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 0e60209b9..8f1b4d731 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -33,3 +33,8 @@ patches:
         path: /spec/template/spec/containers/0/env/-
         value: {{ a | to_json }}
 {% endfor %}
+{% if get_var("args.controller_resources", none) %}
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value: {{ get_var("args.controller_resources", none) | to_json }}
+{% endif %}
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 48ad973f7..01a3d595c 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -9,3 +9,5 @@ args:
     default: []
   - name: webui_envs
     default: []
+  - name: webui_resources
+    default: {}
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 36dc5b783..7298fcabe 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -52,6 +52,9 @@ spec:
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10
+        {% if get_var(["args.webui_resources", "webui_resources"], {}) %}
+        resources: {{ get_var(["args.webui_resources", "webui_resources"], {}) | to_json }}
+        {% else %}
         resources:
           limits:
             cpu: 2000m
@@ -59,6 +62,7 @@ spec:
           requests:
             cpu: 500m
             memory: 512Mi
+        {% endif %}
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:

From 2d6a994f86e2d048e9d38d876c9550491b956e67 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 1 Jul 2023 02:20:36 +0600
Subject: [PATCH 1283/2268] feat: Added scrolling text animation for long
 headings.

---
 .../ui/src/components/ScrollingTextLine.tsx   | 82 +++++++++++++++++++
 .../ui/src/components/targets-view/Card.tsx   | 35 ++++----
 2 files changed, 100 insertions(+), 17 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/ScrollingTextLine.tsx

diff --git a/pkg/webui/ui/src/components/ScrollingTextLine.tsx b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
new file mode 100644
index 000000000..8ee8dc878
--- /dev/null
+++ b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
@@ -0,0 +1,82 @@
+import React, { useCallback, useRef, useState } from "react";
+import { Box, Typography, TypographyProps, keyframes } from "@mui/material"
+
+export type ScrollingTextLineProps = Omit<TypographyProps, 'children'> & {
+    children: string;
+    scrollPadding?: number;
+    scrollSpeed?: number; 
+}
+
+export const ScrollingTextLine = React.forwardRef((
+    props: ScrollingTextLineProps,
+    forwardedRef: React.ForwardedRef<HTMLElement>
+) => {
+    const {
+        children,
+        scrollPadding = 10,
+        scrollSpeed = 10,
+        ...rest 
+    } = props;
+    const containerElem = useRef<HTMLElement | null>();
+    const scrollingElem = useRef<HTMLElement | null>();
+
+    const [containerElemWidth, setContainerElemWidth] = useState<number | undefined>();
+    const [scrollingElemWidth, setScrollingElemWidth] = useState<number | undefined>();
+
+    const onMouseEnter = useCallback(() => {
+        setContainerElemWidth(containerElem.current?.getBoundingClientRect().width);
+        setScrollingElemWidth(scrollingElem.current?.getBoundingClientRect().width);
+    }, []);
+
+    const maxScrollDistance = (containerElemWidth
+        && scrollingElemWidth
+        && containerElemWidth < scrollingElemWidth)
+        ? Math.round(containerElemWidth - scrollingElemWidth)
+        : undefined;
+
+    const animation = maxScrollDistance !== undefined
+        ? keyframes`
+                from {
+                    translate: ${scrollPadding}px;
+                }
+                to {
+                    translate: ${maxScrollDistance - scrollPadding}px;
+                }
+            `
+        : undefined;
+
+    const duration = children.length / scrollSpeed;
+
+    return <Typography
+        textAlign='left'
+        textOverflow='ellipsis'
+        overflow='hidden'
+        whiteSpace='nowrap'
+        {...rest}
+        ref={(r) => {
+            if (typeof forwardedRef === 'function') {
+                forwardedRef(r);
+            } else if (forwardedRef !== null) {
+                forwardedRef.current = r;
+            }
+            containerElem.current = r;
+        }}
+    >
+        <Box
+            component='span'
+            sx={{
+                display: 'inline',
+                '&:hover': {
+                    display: 'inline-block',
+                    ...(animation && {
+                        animation: `${animation} ${duration}s infinite alternate linear`
+                    })
+                },
+            }}
+            ref={scrollingElem}
+            onMouseEnter={onMouseEnter}
+        >
+            {children}
+        </Box>
+    </Typography>;
+});
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 14213fa1b..37e763509 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,8 +1,9 @@
 import React from "react";
-import { Box, BoxProps, Divider, IconButton, Paper, PaperProps, Tab, Tooltip, Typography } from "@mui/material"
+import { Box, BoxProps, Divider, IconButton, Paper, PaperProps, Tab, Tooltip } from "@mui/material"
 import { CloseLightIcon } from "../../icons/Icons";
 import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
+import { ScrollingTextLine } from "../ScrollingTextLine";
 
 export const cardWidth = 247;
 export const projectCardMinHeight = 80;
@@ -67,34 +68,28 @@ export const CardTemplate = React.forwardRef((props: {
     );
 
     const header = props.header && (
-        <Tooltip title={props.headerTooltip}>
-            <Typography
+        <Tooltip title={props.headerTooltip} placement='bottom-start'>
+            <ScrollingTextLine
                 variant='h6'
-                textAlign='left'
-                textOverflow='ellipsis'
-                overflow='hidden'
-                flexGrow={1}
+                lineHeight='27px'
+                height='27px'
             >
                 {props.header}
-            </Typography>
+            </ScrollingTextLine>
         </Tooltip>
     );
 
     const subheader = props.subheader && (
-        <Tooltip title={props.subheaderTooltip}>
-            <Typography
+        <Tooltip title={props.subheaderTooltip} placement='bottom-start'>
+            <ScrollingTextLine
                 variant='subtitle1'
-                textAlign='left'
-                textOverflow='ellipsis'
-                overflow='hidden'
-                whiteSpace='nowrap'
                 fontSize='14px'
                 fontWeight={500}
                 lineHeight='19px'
-                width='max-content'
+                height='19px'
             >
                 {props.subheader}
-            </Typography>
+            </ScrollingTextLine>
         </Tooltip>
     );
 
@@ -130,7 +125,13 @@ export const CardTemplate = React.forwardRef((props: {
         >
             <Box flex='0 0 auto' display='flex' gap='15px'>
                 {icon}
-                <Box flex='1 1 auto'>
+                <Box
+                    flex='1 1 auto'
+                    display='flex'
+                    flexDirection='column'
+                    overflow='hidden'
+                    justifyContent='center'
+                >
                     {header}
                     {subheader}
                 </Box>

From 6842d575228fc9259f7294201a06a67b97ef8c91 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 1 Jul 2023 03:17:15 +0600
Subject: [PATCH 1284/2268] feat: Close expanded card when clicking outside the
 card.

---
 .../targets-view/ExpandedCardsView.tsx        | 139 ++++++++++--------
 .../components/targets-view/TargetsView.tsx   |   2 +
 2 files changed, 80 insertions(+), 61 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
index 781b7885f..384eed34a 100644
--- a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
@@ -1,5 +1,5 @@
 import React, { useCallback, useEffect, useRef, useState } from "react";
-import { Box, IconButton, SxProps, Theme, useTheme } from "@mui/material";
+import { Box, ClickAwayListener, IconButton, SxProps, Theme, useTheme } from "@mui/material";
 import { cardHeight, cardWidth } from "./Card";
 import { TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
 
@@ -14,7 +14,8 @@ const arrowButtonWidth = 80;
 
 const ArrowButton = React.memo((props: {
     direction: 'left' | 'right',
-    onClick: () => void,
+    onButtonClick: () => void,
+    onContainerClick: () => void,
     hidden: boolean
 }) => {
     const Icon = {
@@ -31,9 +32,15 @@ const ArrowButton = React.memo((props: {
         alignItems='center'
         position='relative'
         {...{ [props.direction]: 0 }}
+        onClick={props.onContainerClick}
     >
         {!props.hidden &&
-            <IconButton onClick={props.onClick}>
+            <IconButton
+                onClick={(e) => {
+                    e.stopPropagation();
+                    props.onButtonClick()
+                }}
+            >
                 <Icon />
             </IconButton>
         }
@@ -56,7 +63,8 @@ type TransitionState =
 export interface ExpandedCardsViewProps<CardData> {
     initialCardRect?: DOMRect,
     cardsData: CardData[],
-    renderCard: (cardData: CardData, sx: SxProps<Theme>, expanded: boolean) => React.ReactNode
+    renderCard: (cardData: CardData, sx: SxProps<Theme>, expanded: boolean) => React.ReactNode,
+    onClose: () => void
 }
 
 export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewProps<CardData>) {
@@ -132,71 +140,80 @@ export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewPro
         width='100%'
         height='100%'
         p={`25px ${paddingX}px`}
-        display='flex'
-        position='relative'
-        overflow='hidden'
     >
-        <ArrowButton
-            direction='left'
-            onClick={onLeftArrowClick}
-            hidden={currentIndex === 0 || transitionState.type !== 'finished'}
-        />
-        <Box
-            flex='0 0 auto'
-            width={`calc(100% - ${arrowButtonWidth}px * 2)`}
-            display='flex'
-            ref={containerElem}
-        >
-            {(transitionState.type === 'started' || transitionState.type === 'running') &&
-                props.renderCard(
-                    props.cardsData[0],
-                    {
-                        width: transitionState.cardRect.width,
-                        height: transitionState.cardRect.height,
-                        translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
-                        transition: theme.transitions.create(['translate', 'width', 'height'], {
-                            easing: theme.transitions.easing.sharp,
-                            duration: theme.transitions.duration.enteringScreen,
-                        }),
-                    },
-                    false
-                )
-            }
-            {transitionState.type === 'finished' &&
+        <ClickAwayListener onClickAway={props.onClose}>
+            <Box
+                width='100%'
+                height='100%'
+                display='flex'
+                position='relative'
+                overflow='hidden'
+            >
+                <ArrowButton
+                    direction='left'
+                    onButtonClick={onLeftArrowClick}
+                    onContainerClick={props.onClose}
+                    hidden={currentIndex === 0 || transitionState.type !== 'finished'}
+                />
                 <Box
-                    flex='1 1 auto'
-                    width='100%'
-                    height='100%'
+                    flex='0 0 auto'
+                    width={`calc(100% - ${arrowButtonWidth}px * 2)`}
                     display='flex'
-                    gap={`${gap}px`}
-                    sx={{
-                        translate: `calc((-100% - ${gap}px) * ${currentIndex})`,
-                        transition: theme.transitions.create(['translate'], {
-                            easing: theme.transitions.easing.sharp,
-                            duration: theme.transitions.duration.enteringScreen,
-                        })
-                    }}
+                    ref={containerElem}
                 >
-                    {props.cardsData.map((cd) =>
+                    {(transitionState.type === 'started' || transitionState.type === 'running') &&
                         props.renderCard(
-                            cd,
+                            props.cardsData[0],
                             {
-                                width: '100%',
-                                height: '100%',
+                                width: transitionState.cardRect.width,
+                                height: transitionState.cardRect.height,
+                                translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
+                                transition: theme.transitions.create(['translate', 'width', 'height'], {
+                                    easing: theme.transitions.easing.sharp,
+                                    duration: theme.transitions.duration.enteringScreen,
+                                }),
                             },
-                            true
+                            false
                         )
-                    )}
+                    }
+                    {transitionState.type === 'finished' &&
+                        <Box
+                            flex='1 1 auto'
+                            width='100%'
+                            height='100%'
+                            display='flex'
+                            gap={`${gap}px`}
+                            sx={{
+                                translate: `calc((-100% - ${gap}px) * ${currentIndex})`,
+                                transition: theme.transitions.create(['translate'], {
+                                    easing: theme.transitions.easing.sharp,
+                                    duration: theme.transitions.duration.enteringScreen,
+                                })
+                            }}
+                        >
+                            {props.cardsData.map((cd) =>
+                                props.renderCard(
+                                    cd,
+                                    {
+                                        width: '100%',
+                                        height: '100%',
+                                    },
+                                    true
+                                )
+                            )}
+                        </Box>
+                    }
                 </Box>
-            }
-        </Box>
-        <ArrowButton
-            direction='right'
-            onClick={onRightArrowClick}
-            hidden={
-                currentIndex === props.cardsData.length - 1
-                || transitionState.type !== 'finished'
-            }
-        />
+                <ArrowButton
+                    direction='right'
+                    onButtonClick={onRightArrowClick}
+                    onContainerClick={props.onClose}
+                    hidden={
+                        currentIndex === props.cardsData.length - 1
+                        || transitionState.type !== 'finished'
+                    }
+                />
+            </Box>
+        </ClickAwayListener>
     </Box>;
 };
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 72001c44a..7a211dafc 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -226,6 +226,7 @@ export const TargetsView = () => {
                 />
             }
             initialCardRect={cardRect}
+            onClose={onCardClose}
         />;
     }
 
@@ -245,6 +246,7 @@ export const TargetsView = () => {
                 />
             }
             initialCardRect={cardRect}
+            onClose={onCardClose}
         />;
     }
 

From e18613330cfa9871056ff4010d55e7ca870a7585 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 1 Jul 2023 04:07:23 +0600
Subject: [PATCH 1285/2268] refactor: Request shortNames only once on
 initialization.

---
 pkg/webui/ui/src/components/App.tsx           | 29 +++++++++++++++----
 .../result-view/CommandResultView.tsx         | 14 ++++-----
 .../targets-view/CommandResultItem.tsx        | 20 ++++++-------
 3 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 898e492de..d11580845 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -14,11 +14,12 @@ import { Box } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
 import { ActiveFilters } from './result-view/NodeStatusFilter';
-import { CommandResultSummary, ProjectTargetKey, ValidateResult } from "../models";
+import { CommandResultSummary, ProjectTargetKey, ShortName, ValidateResult } from "../models";
 import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
 import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
 import Login from "./Login";
-import { Loading } from "./Loading";
+import { Loading, useLoadingHelper } from "./Loading";
+import { ErrorMessageCard } from './ErrorMessage';
 
 export interface AppOutletContext {
     filters?: ActiveFilters
@@ -32,11 +33,13 @@ export interface AppContextProps {
     summaries: Map<string, CommandResultSummary>
     projects: ProjectSummary[]
     validateResults: Map<string, ValidateResult>
+    shortNames: ShortName[]
 }
 export const AppContext = createContext<AppContextProps>({
     summaries: new Map(),
     projects: [],
     validateResults: new Map(),
+    shortNames: []
 });
 
 export const ApiContext = createContext<Api>(new StaticApi())
@@ -101,10 +104,26 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
         return buildProjectSummaries(summaries, validateResults)
     }, [summaries, validateResults])
 
-    const appContext = {
+    const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(
+        () => api.getShortNames(),
+        [api]
+    );
+    
+    if (loading) {
+        return <Loading />;
+    }
+
+    if (loadingError) {
+        return <ErrorMessageCard>
+            {loadingError.message}
+        </ErrorMessageCard>;
+    }
+
+    const appContext: AppContextProps = {
         summaries: summariesRef.current,
-        projects: projects,
-        validateResults: validateResults,
+        projects,
+        validateResults,
+        shortNames: shortNames || []
     }
 
     const outletContext: AppOutletContext = {
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index c7593325b..7d1af9be2 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -16,7 +16,7 @@ import { SidePanel } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useParams } from "react-router-dom";
-import { ApiContext, useAppOutletContext } from "../App";
+import { ApiContext, AppContext, useAppOutletContext } from "../App";
 import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 import { dark } from '../theme';
 import { Api } from "../../api";
@@ -30,15 +30,14 @@ export interface CommandResultProps {
     commandResult: CommandResult
 }
 
-async function doLoadCommandResult(api: Api, resultId: string): Promise<CommandResultProps> {
-    const [shortNames, rs, result] = await Promise.all([
-        api.getShortNames(),
+async function doLoadCommandResult(api: Api, resultId: string, shortNames: ShortName[]): Promise<CommandResultProps> {
+    const [rs, result] = await Promise.all([
         api.getResultSummary(resultId),
         api.getResult(resultId)
     ]);
 
     return {
-        shortNames: shortNames,
+        shortNames,
         summary: rs,
         commandResult: result,
     }
@@ -122,7 +121,8 @@ const defaultFilters = {
 
 export const CommandResultView = () => {
     const context = useAppOutletContext();
-    const api = useContext(ApiContext)
+    const api = useContext(ApiContext);
+    const appContext = useContext(AppContext);
     const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>();
 
     const { id } = useParams()
@@ -130,7 +130,7 @@ export const CommandResultView = () => {
         if (!id) {
             return Promise.resolve(undefined)
         }
-        return doLoadCommandResult(api, id)
+        return doLoadCommandResult(api, id, appContext.shortNames)
     }, [id])
 
     const divider = <Divider
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 23e97e394..86186bbcb 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -1,5 +1,5 @@
 import React, { useContext, useEffect, useMemo, useState } from "react";
-import { CommandResultSummary } from "../../models";
+import { CommandResultSummary, ShortName } from "../../models";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
@@ -8,19 +8,16 @@ import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { calcAgo } from "../../utils/duration";
 import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
-import { ApiContext } from "../App";
+import { ApiContext, AppContext } from "../App";
 import { Loading, useLoadingHelper } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { ErrorMessage } from "../ErrorMessage";
 import { Api } from "../../api";
 
-async function doGetRootNode(api: Api, rs: CommandResultSummary) {
-    const [shortNames, r] = await Promise.all([
-        api.getShortNames(),
-        api.getResult(rs.id)
-    ]);
+async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
+    const r = await api.getResult(rs.id);
     const builder = new NodeBuilder({
-        shortNames: shortNames,
+        shortNames,
         summary: rs,
         commandResult: r,
     });
@@ -32,8 +29,9 @@ export const CommandResultItemBody = React.memo((props: {
     rs: CommandResultSummary
 }) => {
     const api = useContext(ApiContext);
+    const appContext = useContext(AppContext);
     const [loading, loadingError, node] = useLoadingHelper(() => {
-        return doGetRootNode(api, props.rs)
+        return doGetRootNode(api, props.rs, appContext.shortNames);
     }, [api, props.rs]);
 
     if (loading) {
@@ -107,8 +105,8 @@ export const CommandResultItem = React.memo(React.forwardRef((
         showCloseButton={expanded}
         onClose={onClose}
         paperProps={{
-            sx: { 
-                padding: '20px 16px 5px 16px', 
+            sx: {
+                padding: '20px 16px 5px 16px',
                 width: cardWidth,
                 height: cardHeight,
                 ...sx,

From 54db4c5d2225ea4e55b64d08c97f29567690c3b1 Mon Sep 17 00:00:00 2001
From: Alexey Vagarenko <vagarenko@gmail.com>
Date: Sat, 1 Jul 2023 05:53:24 +0600
Subject: [PATCH 1286/2268] refactor: Load cards one by one.

---
 .../targets-view/CommandResultItem.tsx        | 56 ++++++++++++++++---
 .../targets-view/ExpandedCardsView.tsx        | 13 ++++-
 .../components/targets-view/TargetsView.tsx   |  3 +-
 3 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 86186bbcb..66f19a546 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -9,10 +9,11 @@ import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons
 import { calcAgo } from "../../utils/duration";
 import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
 import { ApiContext, AppContext } from "../App";
-import { Loading, useLoadingHelper } from "../Loading";
+import { Loading } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { ErrorMessage } from "../ErrorMessage";
 import { Api } from "../../api";
+import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
     const r = await api.getResult(rs.id);
@@ -26,21 +27,56 @@ async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: Sho
 }
 
 export const CommandResultItemBody = React.memo((props: {
-    rs: CommandResultSummary
+    rs: CommandResultSummary,
+    loadData?: boolean
 }) => {
     const api = useContext(ApiContext);
     const appContext = useContext(AppContext);
-    const [loading, loadingError, node] = useLoadingHelper(() => {
-        return doGetRootNode(api, props.rs, appContext.shortNames);
-    }, [api, props.rs]);
+
+    const [loading, setLoading] = useState(false);
+    const [error, setError] = useState<any>();
+    const [node, setNode] = useState<CommandResultNodeData>();
+    const [prevRsId, setPrevRsId] = useState<string>();
+
+    useEffect(() => {
+        let cancelled = false;
+        if (!props.loadData) {
+            return;
+        }
+
+        if (prevRsId === props.rs.id) {
+            return;
+        }
+
+        const doStartLoading = async () => {
+            try {
+                setLoading(true);
+                const n = await doGetRootNode(api, props.rs, appContext.shortNames);
+                if (cancelled) {
+                    return;
+                }
+                setNode(n);
+                setPrevRsId(props.rs.id);
+            } catch (error) {
+                setError(error);
+            }
+            setLoading(false);
+        };
+
+        doStartLoading();
+
+        return () => {
+            cancelled = true;
+        }
+    }, [api, appContext.shortNames, prevRsId, props.loadData, props.rs])
 
     if (loading) {
         return <Loading />;
     }
 
-    if (loadingError) {
+    if (error) {
         return <ErrorMessage>
-            {loadingError.message}
+            {error.message}
         </ErrorMessage>;
     }
 
@@ -57,6 +93,7 @@ export const CommandResultItem = React.memo(React.forwardRef((
         onSelectCommandResult?: (rs: CommandResultSummary) => void,
         sx?: SxProps<Theme>,
         expanded?: boolean,
+        loadData?: boolean,
         onClose?: () => void
     },
     ref: React.ForwardedRef<HTMLDivElement>
@@ -66,6 +103,7 @@ export const CommandResultItem = React.memo(React.forwardRef((
         onSelectCommandResult,
         sx,
         expanded,
+        loadData,
         onClose
     } = props;
     const navigate = useNavigate();
@@ -100,6 +138,8 @@ export const CommandResultItem = React.memo(React.forwardRef((
         return () => clearInterval(interval);
     }, [rs.commandInfo.startTime]);
 
+    const body = expanded ? <CommandResultItemBody rs={rs} loadData={loadData} /> : undefined;
+
     return <CardTemplate
         ref={ref}
         showCloseButton={expanded}
@@ -118,7 +158,7 @@ export const CommandResultItem = React.memo(React.forwardRef((
         header={rs.commandInfo?.command}
         subheader={ago}
         subheaderTooltip={rs.commandInfo.startTime}
-        body={expanded && <CommandResultItemBody rs={rs} />}
+        body={body}
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
index 384eed34a..6a7725101 100644
--- a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
@@ -63,7 +63,12 @@ type TransitionState =
 export interface ExpandedCardsViewProps<CardData> {
     initialCardRect?: DOMRect,
     cardsData: CardData[],
-    renderCard: (cardData: CardData, sx: SxProps<Theme>, expanded: boolean) => React.ReactNode,
+    renderCard: (
+        cardData: CardData,
+        sx: SxProps<Theme>,
+        expanded: boolean,
+        current: boolean
+    ) => React.ReactNode,
     onClose: () => void
 }
 
@@ -173,6 +178,7 @@ export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewPro
                                     duration: theme.transitions.duration.enteringScreen,
                                 }),
                             },
+                            false,
                             false
                         )
                     }
@@ -191,14 +197,15 @@ export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewPro
                                 })
                             }}
                         >
-                            {props.cardsData.map((cd) =>
+                            {props.cardsData.map((cd, i) =>
                                 props.renderCard(
                                     cd,
                                     {
                                         width: '100%',
                                         height: '100%',
                                     },
-                                    true
+                                    true,
+                                    i === currentIndex
                                 )
                             )}
                         </Box>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 7a211dafc..63b542095 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -236,12 +236,13 @@ export const TargetsView = () => {
 
         return <ExpandedCardsView<CommandResultSummary>
             cardsData={selectedTarget.commandResults}
-            renderCard={(cardData, sx, expanded) =>
+            renderCard={(cardData, sx, expanded, current) =>
                 <CommandResultItem
                     rs={cardData}
                     sx={sx}
                     key={cardData.id}
                     expanded={expanded}
+                    loadData={current}
                     onClose={onCardClose}
                 />
             }

From 42a8fed38641d679d29c35dfc9d1f1a24ed2a383 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 1 Jul 2023 23:38:48 +0200
Subject: [PATCH 1287/2268] chore(deps): Bump github.com/rogpeppe/go-internal
 from 1.10.0 to 1.11.0 (#646)

Bumps [github.com/rogpeppe/go-internal](https://github.com/rogpeppe/go-internal) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/rogpeppe/go-internal/releases)
- [Commits](https://github.com/rogpeppe/go-internal/compare/v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/rogpeppe/go-internal
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 461266e36..1f299d769 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/ohler55/ojg v1.18.7
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.10.0
+	github.com/rogpeppe/go-internal v1.11.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 0717f8a9d..1e31f98d7 100644
--- a/go.sum
+++ b/go.sum
@@ -750,8 +750,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
 github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=

From e6f975f7cb56da772b9c1287992a1b970b3706da Mon Sep 17 00:00:00 2001
From: Aleksei Vagarenko <vagarenko@gmail.com>
Date: Tue, 4 Jul 2023 12:37:35 +0600
Subject: [PATCH 1288/2268] Change mouse cursor when hovering over expandable
 cards. (#648)

---
 pkg/webui/ui/src/components/targets-view/TargetsView.tsx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 63b542095..42c1f47f2 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -286,6 +286,7 @@ export const TargetsView = () => {
                                             targetItemRefs.current.set(ts, elem);
                                         }
                                     }}
+                                    sx={{ cursor: 'pointer' }}
                                 />
                                 <RelationHorizontalLine />
                             </Box>
@@ -306,6 +307,7 @@ export const TargetsView = () => {
                                                     commandResultItemRefs.current.set(ts, elem);
                                                 }
                                             }}
+                                            sx={{ cursor: 'pointer' }}
                                         />
                                         : <CardPaper
                                             key={rs.id}

From b3c22bcedfaaf987ede8df19a7ba72c5b163c5bf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Jul 2023 22:27:16 +0200
Subject: [PATCH 1289/2268] fix: Introduce CRD cache for GetSchemaForGVK

---
 pkg/k8s/k8s_cluster.go | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 8e1ff12da..b745da4b2 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -41,6 +41,9 @@ type K8sCluster struct {
 	clients *k8sClients
 
 	ServerVersion *version.Info
+
+	crdCache      map[k8s.ObjectRef]any
+	crdCacheMutex *sync.Mutex
 }
 
 func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool) (*K8sCluster, error) {
@@ -51,6 +54,8 @@ func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool
 		DryRun:         dryRun,
 		clientFactory:  clientFactory,
 		discoveryMutex: &sync.Mutex{},
+		crdCache:       map[k8s.ObjectRef]any{},
+		crdCacheMutex:  &sync.Mutex{},
 	}
 
 	k.discovery, err = clientFactory.DiscoveryClient()
@@ -144,6 +149,10 @@ type DeleteOptions struct {
 func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions) ([]ApiWarning, error) {
 	dryRun := k.DryRun || options.ForceDryRun
 
+	k.crdCacheMutex.Lock()
+	delete(k.crdCache, ref)
+	k.crdCacheMutex.Unlock()
+
 	var o unstructured.Unstructured
 	o.SetGroupVersionKind(ref.GroupVersionKind())
 	o.SetName(ref.Name)
@@ -287,6 +296,10 @@ type PatchOptions struct {
 func (k *K8sCluster) doPatch(ref k8s.ObjectRef, obj client.Object, patch client.Patch, options PatchOptions) ([]ApiWarning, error) {
 	status.Trace(k.ctx, "patching %s", ref.String())
 
+	k.crdCacheMutex.Lock()
+	delete(k.crdCache, ref)
+	k.crdCacheMutex.Unlock()
+
 	var opts []client.PatchOption
 	if options.ForceApply {
 		opts = append(opts, client.ForceOwnership)
@@ -325,6 +338,10 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 
 	status.Trace(k.ctx, "updating %s", ref.String())
 
+	k.crdCacheMutex.Lock()
+	delete(k.crdCache, ref)
+	k.crdCacheMutex.Unlock()
+
 	var opts []client.UpdateOption
 	if options.ForceDryRun {
 		opts = append(opts, client.DryRunAll)
@@ -454,8 +471,23 @@ func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.Unstructu
 
 	ref := k8s.NewObjectRef(apiextensionsv1.GroupName, "v1", "CustomResourceDefinition", fmt.Sprintf("%s.%s", rm.Resource.Resource, gvk.Group), "")
 
-	crd, _, err := k.GetSingleObject(ref)
-	if err != nil {
+	k.crdCacheMutex.Lock()
+	cacheValue, ok := k.crdCache[ref]
+	if !ok {
+		x, _, err := k.GetSingleObject(ref)
+		if err != nil {
+			k.crdCache[ref] = err
+			k.crdCacheMutex.Unlock()
+			return nil, err
+		}
+		k.crdCache[ref] = x
+		cacheValue = x
+	}
+	k.crdCacheMutex.Unlock()
+
+	crd, ok := cacheValue.(*uo.UnstructuredObject)
+	if !ok {
+		err = cacheValue.(error)
 		return nil, err
 	}
 

From a18a5065f3a2c82079d95a45e7b11e6c6c81e9a7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Jul 2023 22:27:32 +0200
Subject: [PATCH 1290/2268] fix: Fix react app title

---
 pkg/webui/ui/public/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/public/index.html b/pkg/webui/ui/public/index.html
index 42dfc725c..1e5fe0c15 100644
--- a/pkg/webui/ui/public/index.html
+++ b/pkg/webui/ui/public/index.html
@@ -24,7 +24,7 @@
       work correctly both with client-side routing and a non-root public URL.
       Learn how to configure a non-root public URL by running `npm run build`.
     -->
-    <title>React App</title>
+    <title>Kluctl Webui</title>
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>

From e10b37b422f39c2ffcfac2ffba5e49e54dffbed5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Jul 2023 22:40:20 +0200
Subject: [PATCH 1291/2268] refactor: Add authHandler to api group instead of
 individual pathes

---
 pkg/webui/server.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 1b99e23ee..6a97f15c3 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -119,20 +119,20 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 		}
 	}
 
-	api := router.Group("/api")
-	api.GET("/getShortNames", s.auth.authHandler, s.getShortNames)
-	api.GET("/getResult", s.auth.authHandler, s.getResult)
-	api.GET("/getResultSummary", s.auth.authHandler, s.getResultSummary)
-	api.GET("/getResultObject", s.auth.authHandler, s.getResultObject)
-	api.POST("/validateNow", s.auth.authHandler, s.validateNow)
-	api.POST("/reconcileNow", s.auth.authHandler, s.reconcileNow)
-	api.POST("/deployNow", s.auth.authHandler, s.deployNow)
+	api := router.Group("/api", s.auth.authHandler)
+	api.GET("/getShortNames", s.getShortNames)
+	api.GET("/getResult", s.getResult)
+	api.GET("/getResultSummary", s.getResultSummary)
+	api.GET("/getResultObject", s.getResultObject)
+	api.POST("/validateNow", s.validateNow)
+	api.POST("/reconcileNow", s.reconcileNow)
+	api.POST("/deployNow", s.deployNow)
 
 	err = s.events.startEventsWatcher()
 	if err != nil {
 		return err
 	}
-	api.GET("/events", s.auth.authHandler, s.events.handler)
+	api.GET("/events", s.events.handler)
 
 	address := fmt.Sprintf("%s:%d", host, port)
 	listener, err := net.Listen("tcp", address)

From 0cc8eb862c28df1479566952f538858e063b8139 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 4 Jul 2023 23:16:08 +0200
Subject: [PATCH 1292/2268] chore: Remove unused option types

---
 pkg/results/result-store.go | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index aab33e2fa..36c5884a4 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -5,14 +5,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
-type ListProjectsOptions struct {
-	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
-}
-
-type ListTargetsOptions struct {
-	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
-}
-
 type ListCommandResultSummariesOptions struct {
 	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
 }

From 892dda1627a32dfc91d73eafff4a3d7fadd8a3eb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 11:04:56 +0200
Subject: [PATCH 1293/2268] refactor: Remove FilterSummary

---
 pkg/results/result-store-secrets.go | 6 +++---
 pkg/results/result-store.go         | 4 ----
 pkg/results/results-collector.go    | 6 +++---
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index b4257c615..89c90e33f 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -206,7 +206,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 		if err != nil {
 			continue
 		}
-		if !FilterSummary(summary, options.ProjectFilter) {
+		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
 			continue
 		}
 
@@ -250,7 +250,7 @@ func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result
 	if err != nil {
 		return nil
 	}
-	if !FilterSummary(summary, filter) {
+	if !FilterProject(summary.ProjectKey, filter) {
 		return nil
 	}
 	switch event.Type {
@@ -281,7 +281,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 		if err != nil {
 			continue
 		}
-		if !FilterSummary(summary, options.ProjectFilter) {
+		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
 			continue
 		}
 		initialListRet = append(initialListRet, summary)
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 36c5884a4..b96bf637c 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -41,10 +41,6 @@ func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
 	return true
 }
 
-func FilterSummary(x *result.CommandResultSummary, filter *result.ProjectKey) bool {
-	return FilterProject(x.ProjectKey, filter)
-}
-
 func lessSummary(a *result.CommandResultSummary, b *result.CommandResultSummary) bool {
 	if a.Command.StartTime != b.Command.StartTime {
 		return a.Command.StartTime.After(b.Command.StartTime.Time)
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index f053406d5..c64bcfbe5 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -118,7 +118,7 @@ func (rc *ResultsCollector) handleUpdate(store ResultStore, event WatchCommandRe
 	}
 
 	for _, w := range rc.watches {
-		if FilterSummary(event.Summary, w.options.ProjectFilter) {
+		if FilterProject(event.Summary.ProjectKey, w.options.ProjectFilter) {
 			w.ch <- event
 		}
 	}
@@ -133,7 +133,7 @@ func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResult
 	defer rc.mutex.Unlock()
 	summaries := make([]result.CommandResultSummary, 0, len(rc.resultSummaries))
 	for _, x := range rc.resultSummaries {
-		if !FilterSummary(x.summary, options.ProjectFilter) {
+		if !FilterProject(x.summary.ProjectKey, options.ProjectFilter) {
 			continue
 		}
 		summaries = append(summaries, *x.summary)
@@ -158,7 +158,7 @@ func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResul
 	var initial []*result.CommandResultSummary
 
 	for _, se := range rc.resultSummaries {
-		if FilterSummary(se.summary, options.ProjectFilter) {
+		if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
 			initial = append(initial, se.summary)
 		}
 	}

From 711717e20f18bc166baa8a384e49e91326af0312 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 11:41:52 +0200
Subject: [PATCH 1294/2268] feat: Remove validator.go

---
 pkg/webui/events.go    |  19 ---
 pkg/webui/server.go    |  15 +-
 pkg/webui/validator.go | 301 -----------------------------------------
 3 files changed, 7 insertions(+), 328 deletions(-)
 delete mode 100644 pkg/webui/validator.go

diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 8fe68cea3..f8424ef48 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -122,8 +122,6 @@ func (h *eventsHandler) startEventsWatcher() error {
 		return err
 	}
 
-	initialValidations, validationsCh, _ := h.server.vam.watch()
-
 	ctx := h.server.ctx
 
 	buildMsg := func(event results.WatchCommandResultSummaryEvent) string {
@@ -141,21 +139,10 @@ func (h *eventsHandler) startEventsWatcher() error {
 			return x
 		}
 	}
-	buildValidationMsg := func(event validationEvent) string {
-		x := yaml.WriteJsonStringMust(map[string]any{
-			"type":   "validate_result",
-			"key":    event.key,
-			"result": event.r,
-		})
-		return x
-	}
 
 	for _, x := range initial {
 		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildMsg(results.WatchCommandResultSummaryEvent{Summary: x}), nil)
 	}
-	for _, x := range initialValidations {
-		h.updateEvent(uuid.NewString(), x.key, buildValidationMsg(x), &expireValidations)
-	}
 
 	go func() {
 		cleanupTimer := time.After(5 * time.Second)
@@ -171,12 +158,6 @@ func (h *eventsHandler) startEventsWatcher() error {
 					expireIn = &expireDeletions
 				}
 				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildMsg(event), expireIn)
-			case event, ok := <-validationsCh:
-				if !ok {
-					status.Error(h.server.ctx, "validations channel closed unexpectedly")
-					return
-				}
-				h.updateEvent(uuid.NewString(), event.key, buildValidationMsg(event), &expireValidations)
 			case <-cleanupTimer:
 				h.cleanupEvents()
 				cleanupTimer = time.After(5 * time.Second)
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6a97f15c3..83a129814 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -22,11 +22,15 @@ import (
 
 const webuiManager = "kluctl-webui"
 
+type ProjectTargetKey struct {
+	Project result.ProjectKey `json:"project"`
+	Target  result.TargetKey  `json:"target"`
+}
+
 type CommandResultsServer struct {
 	ctx   context.Context
 	store results.ResultStore
 	cam   *clusterAccessorManager
-	vam   *validatorManager
 
 	// this is the client for the k8s cluster where the server runs on
 	serverClient client.Client
@@ -71,8 +75,6 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 		ret.cam.add(config)
 	}
 
-	ret.vam = newValidatorManager(ctx, store, ret.cam, adminUser)
-
 	return ret
 }
 
@@ -101,7 +103,6 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	}()
 
 	s.cam.start()
-	s.vam.start()
 
 	router := gin.Default()
 
@@ -332,10 +333,8 @@ func (s *CommandResultsServer) validateNow(c *gin.Context) {
 		Target:  params.Target,
 	}
 
-	if !s.vam.validateNow(key) {
-		_ = c.AbortWithError(http.StatusNotFound, err)
-		return
-	}
+	_ = key
+	// TODO
 
 	c.Status(http.StatusOK)
 }
diff --git a/pkg/webui/validator.go b/pkg/webui/validator.go
deleted file mode 100644
index 76e7e7ff1..000000000
--- a/pkg/webui/validator.go
+++ /dev/null
@@ -1,301 +0,0 @@
-package webui
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"sync"
-	"time"
-)
-
-const shortValidationInterval = time.Second * 15
-const longValidationInterval = time.Minute * 1
-
-type validationEvent struct {
-	key ProjectTargetKey
-	r   *result.ValidateResult
-}
-
-type validationWatch struct {
-	ch     chan validationEvent
-	closed bool
-	mutex  sync.Mutex
-}
-
-type validatorManager struct {
-	ctx context.Context
-
-	store     results.ResultStore
-	cam       *clusterAccessorManager
-	adminUser string
-
-	validators map[ProjectTargetKey]*validatorEntry
-	watches    []*validationWatch
-	mutex      sync.Mutex
-}
-
-type ProjectTargetKey struct {
-	Project result.ProjectKey `json:"project"`
-	Target  result.TargetKey  `json:"target"`
-}
-
-type validatorEntry struct {
-	vm             *validatorManager
-	key            ProjectTargetKey
-	ch             chan bool
-	validateResult *result.ValidateResult
-	err            error
-	mutex          sync.Mutex
-}
-
-func newValidatorManager(ctx context.Context, store results.ResultStore, cam *clusterAccessorManager, adminUser string) *validatorManager {
-	return &validatorManager{
-		ctx:        ctx,
-		store:      store,
-		cam:        cam,
-		adminUser:  adminUser,
-		validators: map[ProjectTargetKey]*validatorEntry{},
-	}
-}
-
-func (vm *validatorManager) start() {
-	runOnce := func() {
-		summaries, err := vm.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
-		if err != nil {
-			return
-		}
-
-		found := map[ProjectTargetKey]bool{}
-		for _, rs := range summaries {
-			k := ProjectTargetKey{
-				Project: rs.ProjectKey,
-				Target:  rs.TargetKey,
-			}
-			if _, ok := found[k]; ok {
-				continue
-			}
-			vm.mutex.Lock()
-			_, ok := vm.validators[k]
-			if !ok {
-				v := &validatorEntry{
-					vm:  vm,
-					key: k,
-					ch:  make(chan bool),
-				}
-				vm.validators[k] = v
-				go v.run()
-			}
-			vm.mutex.Unlock()
-
-			found[k] = true
-		}
-
-		var chs []chan bool
-		vm.mutex.Lock()
-		for k, v := range vm.validators {
-			if _, ok := found[k]; !ok {
-				delete(vm.validators, k)
-				chs = append(chs, v.ch)
-			}
-		}
-		vm.mutex.Unlock()
-		for _, ch := range chs {
-			close(ch)
-		}
-	}
-
-	go func() {
-		for {
-			runOnce()
-			time.Sleep(5 * time.Second)
-		}
-	}()
-}
-
-func (vm *validatorManager) watch() ([]validationEvent, chan validationEvent, func()) {
-	vm.mutex.Lock()
-	defer vm.mutex.Unlock()
-
-	w := &validationWatch{
-		ch: make(chan validationEvent),
-	}
-	vm.watches = append(vm.watches, w)
-
-	var initial []validationEvent
-	for _, v := range vm.validators {
-		if v.validateResult != nil {
-			initial = append(initial, validationEvent{
-				key: v.key,
-				r:   v.validateResult,
-			})
-		}
-	}
-
-	cancel := func() {
-		vm.mutex.Lock()
-		for i, w2 := range vm.watches {
-			if w == w2 {
-				vm.watches = append(vm.watches[0:i], vm.watches[i+1:]...)
-			}
-		}
-		vm.mutex.Unlock()
-
-		go func() {
-			for x := range w.ch {
-				a := x
-				_ = a
-			}
-		}()
-
-		w.mutex.Lock()
-		close(w.ch)
-		w.closed = true
-		w.mutex.Unlock()
-	}
-
-	return initial, w.ch, cancel
-}
-
-func (vm *validatorManager) getValidateResult(key ProjectTargetKey) (*result.ValidateResult, error) {
-	vm.mutex.Lock()
-	defer vm.mutex.Unlock()
-	v := vm.validators[key]
-	if v == nil {
-		return nil, nil
-	}
-	return v.validateResult, v.err
-}
-
-func (vm *validatorManager) validateNow(key ProjectTargetKey) bool {
-	vm.mutex.Lock()
-	defer vm.mutex.Unlock()
-	v := vm.validators[key]
-	if v == nil {
-		return false
-	}
-	v.ch <- true
-	return true
-}
-
-func (v *validatorEntry) run() {
-	status.Info(v.vm.ctx, "Started validator for: %v", v.key)
-	defer status.Info(v.vm.ctx, "Stopped validator for: %v", v.key)
-
-	for {
-		summaries, err := v.vm.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{
-			ProjectFilter: &v.key.Project,
-		})
-		if err != nil {
-			return
-		}
-
-		var targetSummaries []result.CommandResultSummary
-		for _, rs := range summaries {
-			if rs.TargetKey == v.key.Target {
-				targetSummaries = append(targetSummaries, rs)
-			}
-		}
-
-		longWait := false
-		if len(targetSummaries) != 0 {
-			longWait = v.runOnce(targetSummaries)
-		}
-
-		waitTime := shortValidationInterval
-		if longWait {
-			waitTime = longValidationInterval
-		}
-
-		select {
-		case _, ok := <-v.ch:
-			if !ok {
-				break
-			}
-			continue
-		case <-time.After(waitTime):
-		}
-	}
-}
-
-func (v *validatorEntry) findFullProjectResult(summaries []result.CommandResultSummary) *result.CommandResultSummary {
-	for _, summary := range summaries {
-		if len(summary.Command.IncludeTags) != 0 || len(summary.Command.ExcludeTags) != 0 {
-			continue
-		}
-		if summary.Command.Command == "deploy" || summary.Command.Command == "diff" {
-			return &summary
-		}
-	}
-	return nil
-}
-
-func (v *validatorEntry) runOnce(summaries []result.CommandResultSummary) bool {
-	s := status.Start(v.vm.ctx, "Validating: %v", v.key)
-	defer s.Failed()
-
-	summary := v.findFullProjectResult(summaries)
-	if summary == nil {
-		s.FailedWithMessage("No result summaries for %v", v.key)
-		return false
-	}
-
-	ca := v.vm.cam.getForClusterId(summary.ClusterInfo.ClusterId)
-	if ca == nil {
-		s.FailedWithMessage("No cluster accessor for %v", v.key)
-		return false
-	}
-	k, err := ca.getK(context.Background(), v.vm.adminUser, nil)
-	if err != nil {
-		s.FailedWithMessage("Failed to create K8sCluster: %v", err)
-		return false
-	}
-	if k == nil {
-		return false
-	}
-
-	cr, err := v.vm.store.GetCommandResult(results.GetCommandResultOptions{
-		Id:      summary.Id,
-		Reduced: false,
-	})
-	if err != nil {
-		s.FailedWithMessage("Failed to get command result for %v: %v", v.key, err)
-		return false
-	}
-
-	discriminator := summary.Target.Discriminator
-
-	cmd := commands.NewValidateCommand(v.vm.ctx, discriminator, nil, cr)
-	vr, err := cmd.Run(v.vm.ctx, k)
-
-	if err != nil {
-		s.UpdateAndInfoFallback("Finished validation with error: %v", v.key)
-	} else {
-		s.UpdateAndInfoFallback("Finished validation: %v", v.key)
-	}
-	s.Success()
-
-	v.mutex.Lock()
-	v.validateResult = vr
-	v.err = err
-	event := validationEvent{
-		key: v.key,
-		r:   v.validateResult,
-	}
-	v.mutex.Unlock()
-
-	v.vm.mutex.Lock()
-	watches := append([]*validationWatch{}, v.vm.watches...)
-	v.vm.mutex.Unlock()
-
-	for _, w := range watches {
-		w.mutex.Lock()
-		if !w.closed {
-			w.ch <- event
-		}
-		w.mutex.Unlock()
-	}
-
-	return true
-}

From dda372b93c2beb647b7357e604313ff3bde0483e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 15:56:38 +0200
Subject: [PATCH 1295/2268] feat: Store validation results in the cluster, like
 command results

---
 cmd/kluctl/args/project.go                    |   9 +-
 cmd/kluctl/commands/cmd_controller_run.go     |   2 +-
 cmd/kluctl/commands/cmd_validate.go           |  45 +--
 cmd/kluctl/commands/cmd_webui.go              |   2 +-
 cmd/kluctl/commands/utils.go                  |   2 +-
 e2e/results_test.go                           |   2 +-
 pkg/controllers/kluctl_project.go             |  46 ++-
 .../kluctldeployment_controller_utils.go      |  11 +
 pkg/deployment/commands/result_utils.go       |  83 +++--
 pkg/deployment/commands/validate.go           |  62 ++--
 pkg/k8s/k8s_cluster.go                        |  14 +
 pkg/results/result-store-secrets.go           | 323 +++++++++++++++---
 pkg/results/result-store.go                   |  32 +-
 pkg/results/results-collector.go              | 208 +++++++++--
 pkg/types/result/command_result.go            |  19 +-
 .../{summary.go => command_result_summary.go} |   0
 pkg/types/result/validate_result.go           |  54 +++
 pkg/types/result/zz_generated.deepcopy.go     |  26 ++
 pkg/webui/events.go                           |  49 ++-
 pkg/webui/generate-ts/main.go                 |   1 +
 pkg/webui/server.go                           | 102 ++++--
 pkg/webui/staticbuilder.go                    |   2 +-
 pkg/webui/ui/src/api.tsx                      |  40 ++-
 pkg/webui/ui/src/components/App.tsx           |  82 ++---
 pkg/webui/ui/src/components/ObjectYaml.tsx    |   2 +-
 .../result-view/CommandResultView.tsx         |   4 +-
 .../targets-view/CommandResultItem.tsx        |   2 +-
 .../components/targets-view/TargetItem.tsx    |  93 +++--
 pkg/webui/ui/src/models.ts                    |  50 +++
 pkg/webui/ui/src/project-summaries.ts         |  45 ++-
 30 files changed, 1064 insertions(+), 348 deletions(-)
 rename pkg/types/result/{summary.go => command_result_summary.go} (100%)
 create mode 100644 pkg/types/result/validate_result.go

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index b09afefbb..c5b01c92f 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -44,8 +44,9 @@ type TargetFlags struct {
 }
 
 type CommandResultFlags struct {
-	WriteCommandResult      bool   `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
-	ForceWriteCommandResult bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
-	CommandResultNamespace  string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
-	KeepCommandResultsCount int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
+	WriteCommandResult       bool   `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
+	ForceWriteCommandResult  bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
+	CommandResultNamespace   string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
+	KeepCommandResultsCount  int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
+	KeepValidateResultsCount int    `group:"results" help:"Configure how many old validate results to keep." default:"2"`
 }
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index dcd08170e..c92ba57c2 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -136,7 +136,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		resultStore, err := results.NewResultStoreSecrets(ctx, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount)
+		resultStore, err := results.NewResultStoreSecrets(ctx, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount, cmd.KeepValidateResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 80387c674..3bec5fb9e 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -5,9 +5,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"time"
 )
 
@@ -20,8 +17,6 @@ type validateCmd struct {
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
-	CommandResult args.ExistingFileType `group:"misc" help:"Specify a command result to use instead of loading a project. This will also perform drift detection."`
-
 	Wait             time.Duration `group:"misc" help:"Wait for the given amount of time until the deployment validates"`
 	Sleep            time.Duration `group:"misc" help:"Sleep duration between validation attempts" default:"5s"`
 	WarningsAsErrors bool          `group:"misc" help:"Consider warnings as failures"`
@@ -43,44 +38,16 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 
-	if cmd.CommandResult.String() != "" {
-		var ccr result.CompactedCommandResult
-		err := yaml.ReadYamlFile(cmd.CommandResult.String(), &ccr)
-		if err != nil {
-			return err
-		}
-		commandResult := ccr.ToNonCompacted()
-
-		var k8sContext *string
-		if cmd.Context != "" {
-			k8sContext = &cmd.Context
-		} else if commandResult.Target.Context != nil {
-			k8sContext = commandResult.Target.Context
-		}
-		clientFactory, err := k8s2.NewClientFactoryFromDefaultConfig(ctx, k8sContext)
-		if err != nil {
-			return err
-		}
-		k, err := k8s2.NewK8sCluster(ctx, clientFactory, true)
-		if err != nil {
-			return err
-		}
-
-		cmd2 := commands.NewValidateCommand(ctx, "", nil, commandResult)
-		return cmd.doValidate(ctx, k, cmd2)
-
-	} else {
-		return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-			cmd2 := commands.NewValidateCommand(cmdCtx.ctx, cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx.DeploymentCollection, nil)
-			return cmd.doValidate(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, cmd2)
-		})
-	}
+	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
+		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, "", cmdCtx.targetCtx, nil)
+		return cmd.doValidate(cmdCtx.ctx, cmd2)
+	})
 }
 
-func (cmd *validateCmd) doValidate(ctx context.Context, k *k8s2.K8sCluster, cmd2 *commands.ValidateCommand) error {
+func (cmd *validateCmd) doValidate(ctx context.Context, cmd2 *commands.ValidateCommand) error {
 	startTime := time.Now()
 	for true {
-		result, err := cmd2.Run(ctx, k)
+		result, err := cmd2.Run(ctx)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 643150d14..424102ad4 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -152,7 +152,7 @@ func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultSt
 			return nil, nil, err
 		}
 
-		store, err := results.NewResultStoreSecrets(ctx, client, "", 0)
+		store, err := results.NewResultStoreSecrets(ctx, client, "", 0, 0)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 71e0445f7..12966e2a4 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -212,7 +212,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 			return err
 		}
 
-		resultStore, err = results.NewResultStoreSecrets(ctx, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount)
+		resultStore, err = results.NewResultStoreSecrets(ctx, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 2bcd243fb..4489ab858 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -45,7 +45,7 @@ func TestWriteResult(t *testing.T) {
 	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0)
 	assert.NoError(t, err)
 
-	opts := results.ListCommandResultSummariesOptions{
+	opts := results.ListResultSummariesOptions{
 		ProjectFilter: &result.ProjectKey{
 			GitRepoKey: types.ParseGitUrlMust(p.GitUrl()).RepoKey(),
 		},
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 7b7e88079..b52aab613 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -652,10 +652,15 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		Namespace: pt.pp.obj.Namespace,
 	}
 
+	var err error
+	cmdResult.Command.KluctlDeployment.ClusterId, err = pt.pp.r.getClusterId(ctx)
+	if err != nil {
+		return err
+	}
+
 	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
 	cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
 
-	var err error
 	if pt.pp.r.ResultStore != nil {
 		log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
 		err = pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
@@ -702,6 +707,36 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
+func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult) error {
+	log := ctrl.LoggerFrom(ctx)
+
+	if cmdErr != nil {
+		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("validation failed. %s", cmdErr.Error()), nil)
+		return cmdErr
+	}
+
+	validateResult.KluctlDeployment = &result.KluctlDeploymentInfo{
+		Name:      pt.pp.obj.Name,
+		Namespace: pt.pp.obj.Namespace,
+	}
+
+	var err error
+	validateResult.KluctlDeployment.ClusterId, err = pt.pp.r.getClusterId(ctx)
+	if err != nil {
+		return err
+	}
+
+	if pt.pp.r.ResultStore != nil {
+		log.Info(fmt.Sprintf("Writing validate result %s", validateResult.Id))
+		err = pt.pp.r.ResultStore.WriteValidateResult(validateResult)
+		if err != nil {
+			log.Error(err, "Writing validate result failed")
+		}
+	}
+
+	return nil
+}
+
 func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
@@ -734,13 +769,10 @@ func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *klu
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
-	c := targetContext.DeploymentCollection
-	if cmdResult != nil {
-		c = nil
-	}
-	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, c, cmdResult)
+	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
 
-	validateResult, err := cmd.Run(ctx, targetContext.SharedContext.K)
+	validateResult, err := cmd.Run(ctx)
+	err = pt.handleValidateResult(ctx, err, validateResult)
 	return validateResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index 7489c3b2d..3c2b80b37 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -4,10 +4,12 @@ import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	corev1 "k8s.io/api/core/v1"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/reference"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func (r *KluctlDeploymentReconciler) event(ctx context.Context, obj *kluctlv1.KluctlDeployment, warning bool, msg string, metadata map[string]string) {
@@ -70,3 +72,12 @@ func (r *KluctlDeploymentReconciler) recordSuspension(ctx context.Context, obj *
 		r.MetricsRecorder.RecordSuspend(*objRef, obj.Spec.Suspend)
 	}
 }
+
+func (r *KluctlDeploymentReconciler) getClusterId(ctx context.Context) (string, error) {
+	var kubeSystemNs corev1.Namespace
+	err := r.Get(ctx, client.ObjectKey{Name: "kube-system"}, &kubeSystemNs)
+	if err != nil {
+		return "", err
+	}
+	return string(kubeSystemNs.UID), nil
+}
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index b863a17e9..dbdb33f4c 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -1,13 +1,11 @@
 package commands
 
 import (
-	"fmt"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -34,12 +32,13 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *resu
 
 	r.Deployment = &targetCtx.DeploymentProject.Config
 
-	err := addGitInfo(targetCtx, r)
+	var err error
+	r.GitInfo, r.ProjectKey, err = buildGitInfo(targetCtx)
 	if err != nil {
 		return err
 	}
 
-	err = addClusterInfo(targetCtx.SharedContext.K, r)
+	r.ClusterInfo, err = buildClusterInfo(targetCtx.SharedContext.K)
 	if err != nil {
 		return err
 	}
@@ -51,6 +50,27 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *resu
 	return nil
 }
 
+func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *result.ValidateResult) error {
+	r.StartTime = metav1.NewTime(targetCtx.KluctlProject.LoadTime)
+	r.EndTime = metav1.Now()
+	var err error
+	_, r.ProjectKey, err = buildGitInfo(targetCtx)
+	if err != nil {
+		return err
+	}
+
+	clusterInfo, err := buildClusterInfo(targetCtx.SharedContext.K)
+	if err != nil {
+		return err
+	}
+
+	r.TargetKey.TargetName = targetCtx.Target.Name
+	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
+	r.TargetKey.ClusterId = clusterInfo.ClusterId
+
+	return nil
+}
+
 func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) error {
 	r.Command = result.CommandInfo{
 		StartTime: metav1.NewTime(startTime),
@@ -63,7 +83,8 @@ func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, s
 	r.Command.IncludeDeploymentDirs = inclusion.GetIncludes("deploymentItemDir")
 	r.Command.ExcludeDeploymentDirs = inclusion.GetExcludes("deploymentItemDir")
 
-	err := addClusterInfo(k, r)
+	var err error
+	r.ClusterInfo, err = buildClusterInfo(k)
 	if err != nil {
 		return err
 	}
@@ -71,19 +92,21 @@ func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, s
 	return nil
 }
 
-func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult) error {
+func buildGitInfo(targetCtx *kluctl_project.TargetContext) (result.GitInfo, result.ProjectKey, error) {
+	var gitInfo result.GitInfo
+	var projectKey result.ProjectKey
 	if targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
-		return nil
+		return gitInfo, projectKey, nil
 	}
 
 	projectDirAbs, err := filepath.Abs(targetCtx.KluctlProject.LoadArgs.ProjectDir)
 	if err != nil {
-		return err
+		return gitInfo, projectKey, err
 	}
 
 	subDir, err := filepath.Rel(targetCtx.KluctlProject.LoadArgs.RepoRoot, projectDirAbs)
 	if err != nil {
-		return err
+		return gitInfo, projectKey, err
 	}
 	if subDir == "." {
 		subDir = ""
@@ -91,25 +114,22 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 
 	g, err := git2.PlainOpen(targetCtx.KluctlProject.LoadArgs.RepoRoot)
 	if err != nil {
-		if err == git2.ErrRepositoryNotExists {
-			return nil
-		}
-		return err
+		return gitInfo, projectKey, err
 	}
 
 	s, err := git.GetWorktreeStatus(targetCtx.SharedContext.Ctx, targetCtx.KluctlProject.LoadArgs.RepoRoot)
 	if err != nil {
-		return err
+		return gitInfo, projectKey, err
 	}
 
 	head, err := g.Head()
 	if err != nil {
-		return err
+		return gitInfo, projectKey, err
 	}
 
 	remotes, err := g.Remotes()
 	if err != nil {
-		return err
+		return gitInfo, projectKey, err
 	}
 
 	var originUrl *types.GitUrl
@@ -117,7 +137,7 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		if r.Config().Name == "origin" {
 			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
 			if err != nil {
-				return err
+				return gitInfo, projectKey, err
 			}
 		}
 	}
@@ -127,39 +147,34 @@ func addGitInfo(targetCtx *kluctl_project.TargetContext, r *result.CommandResult
 		repoKey = originUrl.RepoKey()
 	}
 
-	r.GitInfo = result.GitInfo{
+	gitInfo = result.GitInfo{
 		Url:    originUrl,
 		SubDir: subDir,
 		Commit: head.Hash().String(),
 		Dirty:  !s.IsClean(),
 	}
 	if head.Name().IsBranch() {
-		r.GitInfo.Ref = &types.GitRef{
+		gitInfo.Ref = &types.GitRef{
 			Branch: head.Name().Short(),
 		}
 	} else if head.Name().IsTag() {
-		r.GitInfo.Ref = &types.GitRef{
+		gitInfo.Ref = &types.GitRef{
 			Tag: head.Name().Short(),
 		}
 	}
-	r.ProjectKey.GitRepoKey = repoKey
-	r.ProjectKey.SubDir = subDir
-	return nil
+	projectKey.GitRepoKey = repoKey
+	projectKey.SubDir = subDir
+	return gitInfo, projectKey, nil
 }
 
-func addClusterInfo(k *k8s2.K8sCluster, r *result.CommandResult) error {
-	kubeSystemNs, _, err := k.GetSingleObject(
-		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
+func buildClusterInfo(k *k8s2.K8sCluster) (result.ClusterInfo, error) {
+	var clusterInfo result.ClusterInfo
+	clusterId, err := k.GetClusterId()
 	if err != nil {
-		return err
-	}
-	// we reuse the kube-system namespace uid as global cluster id
-	clusterId := kubeSystemNs.GetK8sUid()
-	if clusterId == "" {
-		return fmt.Errorf("kube-system namespace has no uid")
+		return clusterInfo, err
 	}
-	r.ClusterInfo = result.ClusterInfo{
+	clusterInfo = result.ClusterInfo{
 		ClusterId: clusterId,
 	}
-	return nil
+	return clusterInfo, nil
 }
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index deb477af1..be3b8951f 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -2,20 +2,17 @@ package commands
 
 import (
 	"context"
-	"fmt"
 	"github.com/google/uuid"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type ValidateCommand struct {
-	c             *deployment.DeploymentCollection
+	targetCtx     *kluctl_project.TargetContext
 	r             *result.CommandResult
 	discriminator string
 
@@ -23,9 +20,9 @@ type ValidateCommand struct {
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(ctx context.Context, discriminator string, c *deployment.DeploymentCollection, r *result.CommandResult) *ValidateCommand {
+func NewValidateCommand(ctx context.Context, discriminator string, targetCtx *kluctl_project.TargetContext, r *result.CommandResult) *ValidateCommand {
 	cmd := &ValidateCommand{
-		c:             c,
+		targetCtx:     targetCtx,
 		r:             r,
 		discriminator: discriminator,
 		dew:           utils2.NewDeploymentErrorsAndWarnings(),
@@ -34,11 +31,10 @@ func NewValidateCommand(ctx context.Context, discriminator string, c *deployment
 	return cmd
 }
 
-func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result.ValidateResult, error) {
+func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, error) {
 	ret := result.ValidateResult{
-		Id:        uuid.New().String(),
-		StartTime: metav1.Now(),
-		Ready:     true,
+		Id:    uuid.New().String(),
+		Ready: true,
 	}
 
 	cmd.dew.Init()
@@ -46,19 +42,9 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 	var refs []k8s2.ObjectRef
 	var renderedObjects []*uo.UnstructuredObject
 	appliedObjects := map[k8s2.ObjectRef]*uo.UnstructuredObject{}
-	var discriminator string
+	discriminator := cmd.discriminator
 
-	if cmd.c != nil && cmd.r != nil {
-		return nil, fmt.Errorf("passing both deployment collection and command result is not allowed")
-	} else if cmd.c != nil {
-		for _, d := range cmd.c.Deployments {
-			for _, o := range d.Objects {
-				ref := o.GetK8sRef()
-				refs = append(refs, ref)
-				renderedObjects = append(renderedObjects, o)
-			}
-		}
-	} else if cmd.r != nil {
+	if cmd.r != nil {
 		for _, o := range cmd.r.Objects {
 			refs = append(refs, o.Ref)
 			if o.Hook {
@@ -71,21 +57,28 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 				appliedObjects[o.Ref] = o.Applied
 			}
 		}
-		discriminator = cmd.r.TargetKey.Discriminator
+		if discriminator == "" {
+			discriminator = cmd.r.TargetKey.Discriminator
+		}
 	} else {
-		return nil, fmt.Errorf("either deployment collection or command result must be passed")
-	}
-
-	if discriminator == "" {
-		discriminator = cmd.discriminator
+		for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
+			for _, o := range d.Objects {
+				ref := o.GetK8sRef()
+				refs = append(refs, ref)
+				renderedObjects = append(renderedObjects, o)
+			}
+		}
+		if discriminator == "" {
+			discriminator = cmd.targetCtx.Target.Discriminator
+		}
 	}
 
-	err := cmd.ru.UpdateRemoteObjects(k, &cmd.discriminator, refs, true)
+	err := cmd.ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, refs, true)
 	if err != nil {
 		return nil, err
 	}
 
-	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, k, &utils2.ApplyUtilOptions{})
+	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
 	for _, o := range renderedObjects {
 		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
@@ -101,7 +94,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 			continue
 		}
-		r := validation.ValidateObject(k, remoteObject, true, false)
+		r := validation.ValidateObject(cmd.targetCtx.SharedContext.K, remoteObject, true, false)
 		if !r.Ready {
 			ret.Ready = false
 		}
@@ -121,7 +114,10 @@ func (cmd *ValidateCommand) Run(ctx context.Context, k *k8s.K8sCluster) (*result
 		ret.Drift = du.ChangedObjects
 	}
 
-	ret.EndTime = metav1.Now()
+	err = addValidateCommandInfoToResult(cmd.targetCtx, &ret)
+	if err != nil {
+		return nil, err
+	}
 
 	return &ret, nil
 }
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b745da4b2..a9da08df2 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -83,6 +83,20 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 	return &k2
 }
 
+func (k *K8sCluster) GetClusterId() (string, error) {
+	kubeSystemNs, _, err := k.GetSingleObject(
+		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
+	if err != nil {
+		return "", err
+	}
+	// we reuse the kube-system namespace uid as global cluster id
+	clusterId := kubeSystemNs.GetK8sUid()
+	if clusterId == "" {
+		return "", fmt.Errorf("kube-system namespace has no uid")
+	}
+	return clusterId, nil
+}
+
 func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
 		return c.List(k.ctx, l, client.InNamespace(namespace), client.MatchingLabels(labels))
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 89c90e33f..d3079ecb0 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -25,18 +25,20 @@ type ResultStoreSecrets struct {
 	ctx    context.Context
 	client client.WithWatch
 
-	writeNamespace   string
-	keepResultsCount int
+	writeNamespace           string
+	keepCommandResultsCount  int
+	keepValidateResultsCount int
 
 	mutex sync.Mutex
 }
 
-func NewResultStoreSecrets(ctx context.Context, client client.WithWatch, writeNamespace string, keepResultsCount int) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, client client.WithWatch, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
 	s := &ResultStoreSecrets{
-		ctx:              ctx,
-		client:           client,
-		writeNamespace:   writeNamespace,
-		keepResultsCount: keepResultsCount,
+		ctx:                      ctx,
+		client:                   client,
+		writeNamespace:           writeNamespace,
+		keepCommandResultsCount:  keepCommandResultsCount,
+		keepValidateResultsCount: keepValidateResultsCount,
 	}
 
 	return s, nil
@@ -44,27 +46,24 @@ func NewResultStoreSecrets(ctx context.Context, client client.WithWatch, writeNa
 
 var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 
-func (s *ResultStoreSecrets) buildName(cr *result.CommandResult) string {
-	var name string
+func (s *ResultStoreSecrets) buildName(prefix string, id string, projectKey result.ProjectKey) string {
+	name := ""
 
-	if cr.ProjectKey.GitRepoKey.Path != "" {
-		s := path.Base(cr.ProjectKey.GitRepoKey.Path)
-		if s != "" {
-			name = s + "-"
-		}
+	if projectKey.GitRepoKey.Path != "" {
+		name = path.Base(projectKey.GitRepoKey.Path)
 	}
 
 	name = strings.ReplaceAll(name, "_", "-")
 	name = invalidChars.ReplaceAllString(name, "")
 
-	nameWithId := name + cr.Id
-	if len(nameWithId) > 63 {
-		trimmedName := []byte(name[:63-len(cr.Id)])
-		trimmedName[len(trimmedName)-1] = '-'
-		nameWithId = string(trimmedName) + cr.Id
+	maxNameLen := 63
+	maxNameLen -= len(id) + 1     // +1 for '-'
+	maxNameLen -= len(prefix) + 1 // +1 for '-'
+	if len(name) > maxNameLen {
+		name = name[:maxNameLen]
 	}
 
-	return nameWithId
+	return prefix + "-" + name + "-" + id
 }
 
 func (s *ResultStoreSecrets) ensureWriteNamespace() error {
@@ -126,13 +125,13 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			Kind:       "Secret",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      s.buildName(cr),
+			Name:      s.buildName("cr", cr.Id, cr.ProjectKey),
 			Namespace: s.writeNamespace,
 			Labels: map[string]string{
-				"kluctl.io/result-id": cr.Id,
+				"kluctl.io/command-result-id": cr.Id,
 			},
 			Annotations: map[string]string{
-				"kluctl.io/result-summary": summaryJson,
+				"kluctl.io/command-result-summary": summaryJson,
 			},
 		},
 		Data: map[string][]byte{
@@ -152,7 +151,7 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 		return err
 	}
 
-	err = s.cleanupResults(cr.ProjectKey, cr.TargetKey)
+	err = s.cleanupCommandResults(cr.ProjectKey, cr.TargetKey)
 	if err != nil {
 		return err
 	}
@@ -160,8 +159,68 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 	return nil
 }
 
-func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target result.TargetKey) error {
-	results, err := s.ListCommandResultSummaries(ListCommandResultSummariesOptions{
+func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) error {
+	err := s.ensureWriteNamespace()
+	if err != nil {
+		return err
+	}
+
+	vrJson, err := yaml.WriteJsonString(vr)
+	if err != nil {
+		return err
+	}
+	compressedVr, err := utils.CompressGzip([]byte(vrJson), gzip.BestCompression)
+	if err != nil {
+		return err
+	}
+
+	summary := vr.BuildSummary()
+	summaryJson, err := yaml.WriteJsonString(summary)
+	if err != nil {
+		return err
+	}
+
+	secret := corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      s.buildName("vr", vr.Id, vr.ProjectKey),
+			Namespace: s.writeNamespace,
+			Labels: map[string]string{
+				"kluctl.io/validate-result-id": vr.Id,
+			},
+			Annotations: map[string]string{
+				"kluctl.io/validate-result-summary": summaryJson,
+			},
+		},
+		Data: map[string][]byte{
+			"result": compressedVr,
+		},
+	}
+	if vr.ProjectKey.GitRepoKey.String() != "" {
+		secret.Annotations["kluctl.io/result-project-repo-key"] = vr.ProjectKey.GitRepoKey.String()
+	}
+	if vr.ProjectKey.SubDir != "" {
+		secret.Annotations["kluctl.io/result-project-subdir"] = vr.ProjectKey.SubDir
+	}
+
+	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
+	if err != nil {
+		return err
+	}
+
+	err = s.cleanupValidateResults(vr.ProjectKey, vr.TargetKey)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (s *ResultStoreSecrets) cleanupCommandResults(project result.ProjectKey, target result.TargetKey) error {
+	results, err := s.ListCommandResultSummaries(ListResultSummariesOptions{
 		ProjectFilter: &project,
 	})
 	if err != nil {
@@ -177,9 +236,9 @@ func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target re
 		}
 		cnt++
 
-		if cnt > s.keepResultsCount {
+		if cnt > s.keepCommandResultsCount {
 			err := s.client.DeleteAllOf(s.ctx, &corev1.Secret{}, client.InNamespace(s.writeNamespace), client.MatchingLabels{
-				"kluctl.io/result-id": rs.Id,
+				"kluctl.io/command-result-id": rs.Id,
 			})
 			if err != nil {
 				status.Warning(s.ctx, "Failed to delete old command result %s: %s", rs.Id, err)
@@ -191,10 +250,41 @@ func (s *ResultStoreSecrets) cleanupResults(project result.ProjectKey, target re
 	return nil
 }
 
-func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
+func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, target result.TargetKey) error {
+	results, err := s.ListValidateResultSummaries(ListResultSummariesOptions{
+		ProjectFilter: &project,
+	})
+	if err != nil {
+		return err
+	}
+
+	cnt := 0
+	for _, rs := range results {
+		rs := rs
+
+		if rs.TargetKey != target {
+			continue
+		}
+		cnt++
+
+		if cnt > s.keepValidateResultsCount {
+			err := s.client.DeleteAllOf(s.ctx, &corev1.Secret{}, client.InNamespace(s.writeNamespace), client.MatchingLabels{
+				"kluctl.io/validate-result-id": rs.Id,
+			})
+			if err != nil {
+				status.Warning(s.ctx, "Failed to delete old validate result %s: %s", rs.Id, err)
+			} else {
+				status.Info(s.ctx, "Deleted old validate result %s", rs.Id)
+			}
+		}
+	}
+	return nil
+}
+
+func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
+	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -202,7 +292,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	ret := make([]result.CommandResultSummary, 0, len(l.Items))
 
 	for _, x := range l.Items {
-		summary, err := s.parseSummary(x.GetAnnotations())
+		summary, err := s.parseCommandSummary(x.GetAnnotations())
 		if err != nil {
 			continue
 		}
@@ -214,17 +304,17 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListCommandResul
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
-		return lessSummary(&ret[i], &ret[j])
+		return lessCommandSummary(&ret[i], &ret[j])
 	})
 
 	return ret, nil
 }
 
-func (s *ResultStoreSecrets) parseSummary(a map[string]string) (*result.CommandResultSummary, error) {
+func (s *ResultStoreSecrets) parseCommandSummary(a map[string]string) (*result.CommandResultSummary, error) {
 	if len(a) == 0 {
 		return nil, nil
 	}
-	summaryJson := a["kluctl.io/result-summary"]
+	summaryJson := a["kluctl.io/command-result-summary"]
 	if summaryJson == "" {
 		return nil, nil
 	}
@@ -238,7 +328,25 @@ func (s *ResultStoreSecrets) parseSummary(a map[string]string) (*result.CommandR
 	return &summary, nil
 }
 
-func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchCommandResultSummaryEvent {
+func (s *ResultStoreSecrets) parseValidateSummary(a map[string]string) (*result.ValidateResultSummary, error) {
+	if len(a) == 0 {
+		return nil, nil
+	}
+	summaryJson := a["kluctl.io/validate-result-summary"]
+	if summaryJson == "" {
+		return nil, nil
+	}
+
+	var summary result.ValidateResultSummary
+	err := yaml.ReadYamlString(summaryJson, &summary)
+	if err != nil {
+		return nil, err
+	}
+
+	return &summary, nil
+}
+
+func (s *ResultStoreSecrets) convertCommandResultWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchCommandResultSummaryEvent {
 	if event.Object == nil {
 		return nil
 	}
@@ -246,7 +354,7 @@ func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result
 	if !ok {
 		return nil
 	}
-	summary, err := s.parseSummary(x2.GetAnnotations())
+	summary, err := s.parseCommandSummary(x2.GetAnnotations())
 	if err != nil {
 		return nil
 	}
@@ -267,17 +375,46 @@ func (s *ResultStoreSecrets) convertWatchEvent(event watch.Event, filter *result
 	return nil
 }
 
-func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+func (s *ResultStoreSecrets) convertValidateResultWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchValidateResultSummaryEvent {
+	if event.Object == nil {
+		return nil
+	}
+	x2, ok := event.Object.(client.Object)
+	if !ok {
+		return nil
+	}
+	summary, err := s.parseValidateSummary(x2.GetAnnotations())
+	if err != nil {
+		return nil
+	}
+	if !FilterProject(summary.ProjectKey, filter) {
+		return nil
+	}
+	switch event.Type {
+	case watch.Deleted:
+		return &WatchValidateResultSummaryEvent{
+			Delete:  true,
+			Summary: summary,
+		}
+	case watch.Added, watch.Modified:
+		return &WatchValidateResultSummaryEvent{
+			Summary: summary,
+		}
+	}
+	return nil
+}
+
+func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/result-id"})
+	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
 	var initialListRet []*result.CommandResultSummary
 	for _, x := range l.Items {
-		summary, err := s.parseSummary(x.GetAnnotations())
+		summary, err := s.parseCommandSummary(x.GetAnnotations())
 		if err != nil {
 			continue
 		}
@@ -291,7 +428,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 
 	go func() {
 		for x := range w.ResultChan() {
-			we := s.convertWatchEvent(x, options.ProjectFilter)
+			we := s.convertCommandResultWatchEvent(x, options.ProjectFilter)
 			if we == nil {
 				continue
 			}
@@ -309,7 +446,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListCommandResu
 func (s *ResultStoreSecrets) getCommandResultSecret(id string) (*metav1.PartialObjectMetadata, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.client.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/result-id": id})
+	err := s.client.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/command-result-id": id})
 	if err != nil {
 		return nil, err
 	}
@@ -332,7 +469,7 @@ func (s *ResultStoreSecrets) GetCommandResultSummary(id string) (*result.Command
 	if err != nil {
 		return nil, err
 	}
-	return s.parseSummary(secret.GetAnnotations())
+	return s.parseCommandSummary(secret.GetAnnotations())
 }
 
 func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
@@ -346,7 +483,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 
 	var l corev1.SecretList
 	err = s.client.List(s.ctx, &l, client.MatchingLabels{
-		"kluctl.io/result-id": options.Id,
+		"kluctl.io/command-result-id": options.Id,
 	})
 	if err != nil {
 		return nil, err
@@ -404,3 +541,103 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 
 	return &cr, nil
 }
+
+func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
+	var l metav1.PartialObjectMetadataList
+	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
+	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
+	if err != nil {
+		return nil, err
+	}
+
+	ret := make([]result.ValidateResultSummary, 0, len(l.Items))
+
+	for _, x := range l.Items {
+		summary, err := s.parseValidateSummary(x.GetAnnotations())
+		if err != nil {
+			continue
+		}
+		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
+			continue
+		}
+
+		ret = append(ret, *summary)
+	}
+
+	sort.Slice(ret, func(i, j int) bool {
+		return lessValidateSummary(&ret[i], &ret[j])
+	})
+
+	return ret, nil
+}
+
+func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
+	var l metav1.PartialObjectMetadataList
+	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
+	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	var initialListRet []*result.ValidateResultSummary
+	for _, x := range l.Items {
+		summary, err := s.parseValidateSummary(x.GetAnnotations())
+		if err != nil {
+			continue
+		}
+		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
+			continue
+		}
+		initialListRet = append(initialListRet, summary)
+	}
+
+	ch := make(chan WatchValidateResultSummaryEvent)
+
+	go func() {
+		for x := range w.ResultChan() {
+			we := s.convertValidateResultWatchEvent(x, options.ProjectFilter)
+			if we == nil {
+				continue
+			}
+			ch <- *we
+		}
+		close(ch)
+	}()
+
+	cancel := func() {
+		w.Stop()
+	}
+	return nil, ch, cancel, nil
+}
+
+func (s *ResultStoreSecrets) GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error) {
+	var l corev1.SecretList
+	err := s.client.List(s.ctx, &l, client.MatchingLabels{
+		"kluctl.io/validate-result-id": options.Id,
+	})
+	if err != nil {
+		return nil, err
+	}
+	if len(l.Items) == 0 {
+		return nil, nil
+	}
+
+	secret := l.Items[0]
+
+	j, ok := secret.Data["result"]
+	if !ok {
+		return nil, fmt.Errorf("result field not present for %s", options.Id)
+	}
+	j, err = utils.UncompressGzip(j)
+	if err != nil {
+		return nil, err
+	}
+
+	var vr result.ValidateResult
+	err = yaml.ReadYamlBytes(j, &vr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &vr, nil
+}
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index b96bf637c..f87fa4bf3 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -5,7 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
-type ListCommandResultSummariesOptions struct {
+type ListResultSummariesOptions struct {
 	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
 }
 
@@ -14,19 +14,33 @@ type GetCommandResultOptions struct {
 	Reduced bool   `json:"reduced,omitempty"`
 }
 
+type GetValidateResultOptions struct {
+	Id string `json:"id"`
+}
+
 type WatchCommandResultSummaryEvent struct {
 	Summary *result.CommandResultSummary `json:"summary"`
 	Delete  bool                         `json:"delete"`
 }
 
+type WatchValidateResultSummaryEvent struct {
+	Summary *result.ValidateResultSummary `json:"summary"`
+	Delete  bool                          `json:"delete"`
+}
+
 type ResultStore interface {
 	WriteCommandResult(cr *result.CommandResult) error
+	WriteValidateResult(vr *result.ValidateResult) error
 
-	ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error)
-	WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
+	ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error)
+	WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
 	HasCommandResult(id string) (bool, error)
 	GetCommandResultSummary(id string) (*result.CommandResultSummary, error)
 	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
+
+	ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error)
+	WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error)
+	GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error)
 }
 
 func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
@@ -41,7 +55,7 @@ func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
 	return true
 }
 
-func lessSummary(a *result.CommandResultSummary, b *result.CommandResultSummary) bool {
+func lessCommandSummary(a *result.CommandResultSummary, b *result.CommandResultSummary) bool {
 	if a.Command.StartTime != b.Command.StartTime {
 		return a.Command.StartTime.After(b.Command.StartTime.Time)
 	}
@@ -50,3 +64,13 @@ func lessSummary(a *result.CommandResultSummary, b *result.CommandResultSummary)
 	}
 	return a.Command.Command < b.Command.Command
 }
+
+func lessValidateSummary(a *result.ValidateResultSummary, b *result.ValidateResultSummary) bool {
+	if a.StartTime != b.StartTime {
+		return a.StartTime.After(b.StartTime.Time)
+	}
+	if a.EndTime != b.EndTime {
+		return a.EndTime.After(b.EndTime.Time)
+	}
+	return false
+}
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index c64bcfbe5..9dfa193d5 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -14,29 +14,45 @@ type ResultsCollector struct {
 
 	stores []ResultStore
 
-	resultSummaries map[string]summaryEntry
-	watches         []*watchEntry
+	commandResultSummaries map[string]commandSummaryEntry
+	commandResultWatches   []*commandResultWatchEntry
+
+	validateResultSummaries map[string]validateSummaryEntry
+	validateResultWatches   []*validateResultWatchEntry
 
 	mutex sync.Mutex
 }
 
-type summaryEntry struct {
+type commandSummaryEntry struct {
 	store   ResultStore
 	summary *result.CommandResultSummary
 }
 
-type watchEntry struct {
-	options ListCommandResultSummariesOptions
+type validateSummaryEntry struct {
+	store   ResultStore
+	summary *result.ValidateResultSummary
+}
+
+type commandResultWatchEntry struct {
+	options ListResultSummariesOptions
 	ch      chan WatchCommandResultSummaryEvent
 
 	initialQueue []*result.CommandResultSummary
 }
 
+type validateResultWatchEntry struct {
+	options ListResultSummariesOptions
+	ch      chan WatchValidateResultSummaryEvent
+
+	initialQueue []*result.ValidateResultSummary
+}
+
 func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsCollector {
 	ret := &ResultsCollector{
-		ctx:             ctx,
-		stores:          stores,
-		resultSummaries: map[string]summaryEntry{},
+		ctx:                     ctx,
+		stores:                  stores,
+		commandResultSummaries:  map[string]commandSummaryEntry{},
+		validateResultSummaries: map[string]validateSummaryEntry{},
 	}
 
 	return ret
@@ -47,17 +63,25 @@ func (rc *ResultsCollector) Start() {
 }
 
 func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeout time.Duration) error {
-	_, ch, cancel, err := rc.WatchCommandResultSummaries(ListCommandResultSummariesOptions{})
+	_, ch1, cancel1, err := rc.WatchCommandResultSummaries(ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
-	defer cancel()
+	defer cancel1()
+
+	_, ch2, cancel2, err := rc.WatchValidateResultSummaries(ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	defer cancel2()
 
 	totalCh := time.After(totalTimeout)
 	for {
 		idleCh := time.After(idleTimeout)
 		select {
-		case <-ch:
+		case <-ch1:
+			continue
+		case <-ch2:
 			continue
 		case <-idleCh:
 			return nil
@@ -69,20 +93,21 @@ func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeo
 
 func (rc *ResultsCollector) startWatchResults() {
 	for _, store := range rc.stores {
-		go rc.runWatchResults(store)
+		go rc.runWatchCommandResults(store)
+		go rc.runWatchValidateResults(store)
 	}
 }
 
-func (rc *ResultsCollector) runWatchResults(store ResultStore) {
+func (rc *ResultsCollector) runWatchCommandResults(store ResultStore) {
 	for {
-		l, ch, _, err := store.WatchCommandResultSummaries(ListCommandResultSummariesOptions{})
+		l, ch, _, err := store.WatchCommandResultSummaries(ListResultSummariesOptions{})
 		if err != nil {
 			time.Sleep(5 * time.Second)
 			continue
 		}
 
 		for _, rs := range l {
-			rc.handleUpdate(store, WatchCommandResultSummaryEvent{
+			rc.handleCommandResultUpdate(store, WatchCommandResultSummaryEvent{
 				Summary: rs,
 			})
 		}
@@ -93,7 +118,7 @@ func (rc *ResultsCollector) runWatchResults(store ResultStore) {
 				if !ok {
 					break
 				}
-				rc.handleUpdate(store, event)
+				rc.handleCommandResultUpdate(store, event)
 			}
 		}()
 
@@ -101,23 +126,74 @@ func (rc *ResultsCollector) runWatchResults(store ResultStore) {
 	}
 }
 
-func (rc *ResultsCollector) handleUpdate(store ResultStore, event WatchCommandResultSummaryEvent) {
+func (rc *ResultsCollector) runWatchValidateResults(store ResultStore) {
+	for {
+		l, ch, _, err := store.WatchValidateResultSummaries(ListResultSummariesOptions{})
+		if err != nil {
+			time.Sleep(5 * time.Second)
+			continue
+		}
+
+		for _, rs := range l {
+			rc.handleValidateResultUpdate(store, WatchValidateResultSummaryEvent{
+				Summary: rs,
+			})
+		}
+
+		go func() {
+			for {
+				event, ok := <-ch
+				if !ok {
+					break
+				}
+				rc.handleValidateResultUpdate(store, event)
+			}
+		}()
+
+		break
+	}
+}
+
+func (rc *ResultsCollector) handleCommandResultUpdate(store ResultStore, event WatchCommandResultSummaryEvent) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
 	if event.Delete {
-		_, ok := rc.resultSummaries[event.Summary.Id]
+		_, ok := rc.commandResultSummaries[event.Summary.Id]
 		if ok {
-			delete(rc.resultSummaries, event.Summary.Id)
+			delete(rc.commandResultSummaries, event.Summary.Id)
 		}
 	} else {
-		rc.resultSummaries[event.Summary.Id] = summaryEntry{
+		rc.commandResultSummaries[event.Summary.Id] = commandSummaryEntry{
 			store:   store,
 			summary: event.Summary,
 		}
 	}
 
-	for _, w := range rc.watches {
+	for _, w := range rc.commandResultWatches {
+		if FilterProject(event.Summary.ProjectKey, w.options.ProjectFilter) {
+			w.ch <- event
+		}
+	}
+}
+
+func (rc *ResultsCollector) handleValidateResultUpdate(store ResultStore, event WatchValidateResultSummaryEvent) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	if event.Delete {
+		_, ok := rc.validateResultSummaries[event.Summary.Id]
+		if ok {
+			delete(rc.validateResultSummaries, event.Summary.Id)
+		}
+	} else {
+		rc.validateResultSummaries[event.Summary.Id] = validateSummaryEntry{
+			store:   store,
+			summary: event.Summary,
+		}
+	}
+
+	for _, w := range rc.validateResultWatches {
 		if FilterProject(event.Summary.ProjectKey, w.options.ProjectFilter) {
 			w.ch <- event
 		}
@@ -128,36 +204,40 @@ func (rc *ResultsCollector) WriteCommandResult(cr *result.CommandResult) error {
 	return fmt.Errorf("WriteCommandResult is not supported in ResultsCollector")
 }
 
-func (rc *ResultsCollector) ListCommandResultSummaries(options ListCommandResultSummariesOptions) ([]result.CommandResultSummary, error) {
+func (rc *ResultsCollector) WriteValidateResult(vr *result.ValidateResult) error {
+	return fmt.Errorf("WriteValidateResult is not supported in ResultsCollector")
+}
+
+func (rc *ResultsCollector) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
-	summaries := make([]result.CommandResultSummary, 0, len(rc.resultSummaries))
-	for _, x := range rc.resultSummaries {
+	summaries := make([]result.CommandResultSummary, 0, len(rc.commandResultSummaries))
+	for _, x := range rc.commandResultSummaries {
 		if !FilterProject(x.summary.ProjectKey, options.ProjectFilter) {
 			continue
 		}
 		summaries = append(summaries, *x.summary)
 	}
 	sort.Slice(summaries, func(i, j int) bool {
-		return lessSummary(&summaries[i], &summaries[j])
+		return lessCommandSummary(&summaries[i], &summaries[j])
 	})
 	return summaries, nil
 }
 
-func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+func (rc *ResultsCollector) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
-	w := &watchEntry{
+	w := &commandResultWatchEntry{
 		options: options,
 		ch:      make(chan WatchCommandResultSummaryEvent),
 	}
 
-	rc.watches = append(rc.watches, w)
+	rc.commandResultWatches = append(rc.commandResultWatches, w)
 
 	var initial []*result.CommandResultSummary
 
-	for _, se := range rc.resultSummaries {
+	for _, se := range rc.commandResultSummaries {
 		if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
 			initial = append(initial, se.summary)
 		}
@@ -165,9 +245,9 @@ func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResul
 
 	cancel := func() {
 		rc.mutex.Lock()
-		for i, w2 := range rc.watches {
+		for i, w2 := range rc.commandResultWatches {
 			if w2 == w {
-				rc.watches = append(rc.watches[:i], rc.watches[i+1:]...)
+				rc.commandResultWatches = append(rc.commandResultWatches[:i], rc.commandResultWatches[i+1:]...)
 				break
 			}
 		}
@@ -181,14 +261,14 @@ func (rc *ResultsCollector) WatchCommandResultSummaries(options ListCommandResul
 func (rc *ResultsCollector) HasCommandResult(id string) (bool, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
-	_, ok := rc.resultSummaries[id]
+	_, ok := rc.commandResultSummaries[id]
 	return ok, nil
 }
 
 func (rc *ResultsCollector) GetCommandResultSummary(id string) (*result.CommandResultSummary, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
-	rs, ok := rc.resultSummaries[id]
+	rs, ok := rc.commandResultSummaries[id]
 	if !ok {
 		return nil, nil
 	}
@@ -197,10 +277,70 @@ func (rc *ResultsCollector) GetCommandResultSummary(id string) (*result.CommandR
 
 func (rc *ResultsCollector) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
 	rc.mutex.Lock()
-	se, ok := rc.resultSummaries[options.Id]
+	se, ok := rc.commandResultSummaries[options.Id]
 	rc.mutex.Unlock()
 	if !ok {
 		return nil, nil
 	}
 	return se.store.GetCommandResult(options)
 }
+
+func (rc *ResultsCollector) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	summaries := make([]result.ValidateResultSummary, 0, len(rc.validateResultSummaries))
+	for _, x := range rc.validateResultSummaries {
+		if !FilterProject(x.summary.ProjectKey, options.ProjectFilter) {
+			continue
+		}
+		summaries = append(summaries, *x.summary)
+	}
+	sort.Slice(summaries, func(i, j int) bool {
+		return lessValidateSummary(&summaries[i], &summaries[j])
+	})
+	return summaries, nil
+}
+
+func (rc *ResultsCollector) WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	w := &validateResultWatchEntry{
+		options: options,
+		ch:      make(chan WatchValidateResultSummaryEvent),
+	}
+
+	rc.validateResultWatches = append(rc.validateResultWatches, w)
+
+	var initial []*result.ValidateResultSummary
+
+	for _, se := range rc.validateResultSummaries {
+		if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
+			initial = append(initial, se.summary)
+		}
+	}
+
+	cancel := func() {
+		rc.mutex.Lock()
+		for i, w2 := range rc.validateResultWatches {
+			if w2 == w {
+				rc.validateResultWatches = append(rc.validateResultWatches[:i], rc.validateResultWatches[i+1:]...)
+				break
+			}
+		}
+		rc.mutex.Unlock()
+		close(w.ch)
+	}
+
+	return initial, w.ch, cancel, nil
+}
+
+func (rc *ResultsCollector) GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error) {
+	rc.mutex.Lock()
+	se, ok := rc.validateResultSummaries[options.Id]
+	rc.mutex.Unlock()
+	if !ok {
+		return nil, nil
+	}
+	return se.store.GetValidateResult(options)
+}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 9a4826f30..9a291524d 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -29,6 +29,7 @@ type DeploymentError struct {
 type KluctlDeploymentInfo struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
+	ClusterId string `json:"clusterId"`
 }
 
 type CommandInitiator string
@@ -176,21 +177,3 @@ func (ccr *CompactedCommandResult) ToNonCompacted() *CommandResult {
 	}
 	return &ret
 }
-
-type ValidateResultEntry struct {
-	Ref        k8s.ObjectRef `json:"ref"`
-	Annotation string        `json:"annotation"`
-	Message    string        `json:"message"`
-}
-
-type ValidateResult struct {
-	Id        string                `json:"id"`
-	StartTime metav1.Time           `json:"startTime"`
-	EndTime   metav1.Time           `json:"endTime"`
-	Ready     bool                  `json:"ready"`
-	Warnings  []DeploymentError     `json:"warnings,omitempty"`
-	Errors    []DeploymentError     `json:"errors,omitempty"`
-	Results   []ValidateResultEntry `json:"results,omitempty"`
-
-	Drift []ChangedObject `json:"drift,omitempty"`
-}
diff --git a/pkg/types/result/summary.go b/pkg/types/result/command_result_summary.go
similarity index 100%
rename from pkg/types/result/summary.go
rename to pkg/types/result/command_result_summary.go
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
new file mode 100644
index 000000000..aaadd8aa9
--- /dev/null
+++ b/pkg/types/result/validate_result.go
@@ -0,0 +1,54 @@
+package result
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type ValidateResultEntry struct {
+	Ref        k8s.ObjectRef `json:"ref"`
+	Annotation string        `json:"annotation"`
+	Message    string        `json:"message"`
+}
+
+type ValidateResult struct {
+	Id               string                `json:"id"`
+	ProjectKey       ProjectKey            `json:"projectKey"`
+	TargetKey        TargetKey             `json:"targetKey"`
+	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	StartTime        metav1.Time           `json:"startTime"`
+	EndTime          metav1.Time           `json:"endTime"`
+	Ready            bool                  `json:"ready"`
+	Warnings         []DeploymentError     `json:"warnings,omitempty"`
+	Errors           []DeploymentError     `json:"errors,omitempty"`
+	Results          []ValidateResultEntry `json:"results,omitempty"`
+
+	Drift []ChangedObject `json:"drift,omitempty"`
+}
+
+type ValidateResultSummary struct {
+	Id         string      `json:"id"`
+	ProjectKey ProjectKey  `json:"projectKey"`
+	TargetKey  TargetKey   `json:"targetKey"`
+	StartTime  metav1.Time `json:"startTime"`
+	EndTime    metav1.Time `json:"endTime"`
+	Ready      bool        `json:"ready"`
+
+	Warnings int `json:"warnings"`
+	Errors   int `json:"errors"`
+	Results  int `json:"results"`
+}
+
+func (vr *ValidateResult) BuildSummary() ValidateResultSummary {
+	return ValidateResultSummary{
+		Id:         vr.Id,
+		ProjectKey: vr.ProjectKey,
+		TargetKey:  vr.TargetKey,
+		StartTime:  vr.StartTime,
+		EndTime:    vr.EndTime,
+		Ready:      vr.Ready,
+		Warnings:   len(vr.Warnings),
+		Errors:     len(vr.Errors),
+		Results:    len(vr.Results),
+	}
+}
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index e978cb4cf..722ac49f3 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -423,6 +423,13 @@ func (in *TargetKey) DeepCopy() *TargetKey {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
 	*out = *in
+	out.ProjectKey = in.ProjectKey
+	out.TargetKey = in.TargetKey
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
 	in.StartTime.DeepCopyInto(&out.StartTime)
 	in.EndTime.DeepCopyInto(&out.EndTime)
 	if in.Warnings != nil {
@@ -474,3 +481,22 @@ func (in *ValidateResultEntry) DeepCopy() *ValidateResultEntry {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidateResultSummary) DeepCopyInto(out *ValidateResultSummary) {
+	*out = *in
+	out.ProjectKey = in.ProjectKey
+	out.TargetKey = in.TargetKey
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	in.EndTime.DeepCopyInto(&out.EndTime)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidateResultSummary.
+func (in *ValidateResultSummary) DeepCopy() *ValidateResultSummary {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidateResultSummary)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index f8424ef48..2c4a327c2 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -4,7 +4,6 @@ import (
 	"container/list"
 	"fmt"
 	"github.com/gin-gonic/gin"
-	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -117,38 +116,70 @@ func (h *eventsHandler) startEventsWatcher() error {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
-	initial, ch, _, err := h.server.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	initialCommandResults, commandResultsCh, _, err := h.server.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	initialValidateResults, validateResultsCh, _, err := h.server.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
 
 	ctx := h.server.ctx
 
-	buildMsg := func(event results.WatchCommandResultSummaryEvent) string {
+	buildCommandResultMsg := func(event results.WatchCommandResultSummaryEvent) string {
+		if event.Delete {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type": "delete_command_result_summary",
+				"id":   event.Summary.Id,
+			})
+			return x
+		} else {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type":    "update_command_result_summary",
+				"summary": event.Summary,
+			})
+			return x
+		}
+	}
+	buildValidateResultMsg := func(event results.WatchValidateResultSummaryEvent) string {
 		if event.Delete {
 			x := yaml.WriteJsonStringMust(map[string]any{
-				"type": "delete_summary",
+				"type": "delete_validate_result_summary",
 				"id":   event.Summary.Id,
 			})
 			return x
 		} else {
 			x := yaml.WriteJsonStringMust(map[string]any{
-				"type":    "update_summary",
+				"type":    "update_validate_result_summary",
 				"summary": event.Summary,
 			})
 			return x
 		}
 	}
 
-	for _, x := range initial {
-		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildMsg(results.WatchCommandResultSummaryEvent{Summary: x}), nil)
+	for _, x := range initialCommandResults {
+		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildCommandResultMsg(results.WatchCommandResultSummaryEvent{Summary: x}), nil)
+	}
+	for _, x := range initialValidateResults {
+		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildValidateResultMsg(results.WatchValidateResultSummaryEvent{Summary: x}), nil)
 	}
 
 	go func() {
 		cleanupTimer := time.After(5 * time.Second)
 		for {
 			select {
-			case event, ok := <-ch:
+			case event, ok := <-commandResultsCh:
+				if !ok {
+					status.Error(h.server.ctx, "results channel closed unexpectedly")
+					return
+				}
+				var expireIn *time.Duration
+				if event.Delete {
+					expireIn = &expireDeletions
+				}
+				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildCommandResultMsg(event), expireIn)
+			case event, ok := <-validateResultsCh:
 				if !ok {
 					status.Error(h.server.ctx, "results channel closed unexpectedly")
 					return
@@ -157,7 +188,7 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildMsg(event), expireIn)
+				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildValidateResultMsg(event), expireIn)
 			case <-cleanupTimer:
 				h.cleanupEvents()
 				cleanupTimer = time.After(5 * time.Second)
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index a3e3b4c56..a39803cb6 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -16,6 +16,7 @@ func main() {
 		Add(result.CommandResult{}).
 		Add(result.CommandResultSummary{}).
 		Add(result.ValidateResult{}).
+		Add(result.ValidateResultSummary{}).
 		Add(webui.ShortName{}).
 		Add(uo.UnstructuredObject{}).
 		Add(webui.ProjectTargetKey{}).
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 83a129814..c3c00f994 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -79,28 +79,10 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 }
 
 func (s *CommandResultsServer) Run(host string, port int) error {
-	l, ch, cancel, err := s.store.WatchCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	err := s.startUpdateLogs()
 	if err != nil {
 		return err
 	}
-	defer cancel()
-
-	printEvent := func(id string, deleted bool) {
-		if deleted {
-			status.Info(s.ctx, "Deleted result summary for %s", id)
-		} else {
-			status.Info(s.ctx, "Updated result summary for %s", id)
-		}
-	}
-	for _, x := range l {
-		printEvent(x.Id, false)
-	}
-
-	go func() {
-		for event := range ch {
-			printEvent(event.Summary.Id, event.Delete)
-		}
-	}()
 
 	s.cam.start()
 
@@ -122,9 +104,10 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 
 	api := router.Group("/api", s.auth.authHandler)
 	api.GET("/getShortNames", s.getShortNames)
-	api.GET("/getResult", s.getResult)
-	api.GET("/getResultSummary", s.getResultSummary)
-	api.GET("/getResultObject", s.getResultObject)
+	api.GET("/getCommandResult", s.getCommandResult)
+	api.GET("/getCommandResultSummary", s.getCommandResultSummary)
+	api.GET("/getCommandResultObject", s.getCommandResultObject)
+	api.GET("/getValidateResult", s.getValidateResult)
 	api.POST("/validateNow", s.validateNow)
 	api.POST("/reconcileNow", s.reconcileNow)
 	api.POST("/deployNow", s.deployNow)
@@ -152,6 +135,51 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	return httpServer.Serve(listener)
 }
 
+func (s *CommandResultsServer) startUpdateLogs() error {
+	l1, ch1, cancel1, err := s.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+
+	l2, ch2, cancel2, err := s.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
+	if err != nil {
+		cancel1()
+		return err
+	}
+
+	go func() {
+		defer cancel1()
+		defer cancel2()
+
+		printEvent := func(id string, type_ string, deleted bool) {
+			if deleted {
+				status.Info(s.ctx, "Deleted %s result summary for %s", type_, id)
+			} else {
+				status.Info(s.ctx, "Updated %s result summary for %s", type_, id)
+			}
+		}
+		for _, x := range l1 {
+			printEvent(x.Id, "command", false)
+		}
+		for _, x := range l2 {
+			printEvent(x.Id, "validate", false)
+		}
+
+		for {
+			select {
+			case event := <-ch1:
+				printEvent(event.Summary.Id, "command", event.Delete)
+			case event := <-ch2:
+				printEvent(event.Summary.Id, "validate", event.Delete)
+			case <-s.ctx.Done():
+				return
+			}
+		}
+	}()
+
+	return nil
+}
+
 func (s *CommandResultsServer) setupStaticRoutes(router gin.IRouter) error {
 	dis, err := fs.ReadDir(uiFS, ".")
 	if err != nil {
@@ -208,7 +236,7 @@ func (ref refParam) toK8sRef() k8s.ObjectRef {
 	}
 }
 
-func (s *CommandResultsServer) getResult(c *gin.Context) {
+func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 	var params resultIdParam
 
 	err := c.Bind(&params)
@@ -233,7 +261,7 @@ func (s *CommandResultsServer) getResult(c *gin.Context) {
 	c.JSON(http.StatusOK, sr)
 }
 
-func (s *CommandResultsServer) getResultSummary(c *gin.Context) {
+func (s *CommandResultsServer) getCommandResultSummary(c *gin.Context) {
 	var params resultIdParam
 
 	err := c.Bind(&params)
@@ -255,7 +283,7 @@ func (s *CommandResultsServer) getResultSummary(c *gin.Context) {
 	c.JSON(http.StatusOK, sr)
 }
 
-func (s *CommandResultsServer) getResultObject(c *gin.Context) {
+func (s *CommandResultsServer) getCommandResultObject(c *gin.Context) {
 	var params resultIdParam
 	var ref refParam
 	var objectType objectTypeParams
@@ -320,6 +348,30 @@ func (s *CommandResultsServer) getResultObject(c *gin.Context) {
 	c.JSON(http.StatusOK, o2)
 }
 
+func (s *CommandResultsServer) getValidateResult(c *gin.Context) {
+	var params resultIdParam
+
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	vr, err := s.store.GetValidateResult(results.GetValidateResultOptions{
+		Id: params.ResultId,
+	})
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	if vr == nil {
+		c.AbortWithStatus(http.StatusNotFound)
+		return
+	}
+
+	c.JSON(http.StatusOK, vr)
+}
+
 func (s *CommandResultsServer) validateNow(c *gin.Context) {
 	var params ProjectTargetKey
 	err := c.Bind(&params)
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index 088e01514..b1a72794b 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -29,7 +29,7 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 	}
 	defer os.RemoveAll(tmpDir)
 
-	summaries, err := swb.store.ListCommandResultSummaries(results.ListCommandResultSummariesOptions{})
+	summaries, err := swb.store.ListCommandResultSummaries(results.ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 180445f98..af918c8a6 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -5,7 +5,7 @@ import {
     ProjectKey,
     ResultObject,
     ShortName,
-    TargetKey
+    TargetKey, ValidateResult
 } from "./models";
 import _ from "lodash";
 import React from "react";
@@ -43,9 +43,10 @@ export interface User {
 export interface Api {
     getShortNames(): Promise<ShortName[]>
     listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
-    getResult(resultId: string): Promise<CommandResult>
-    getResultSummary(resultId: string): Promise<CommandResultSummary>
-    getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
+    getCommandResult(resultId: string): Promise<CommandResult>
+    getCommandResultSummary(resultId: string): Promise<CommandResultSummary>
+    getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
+    getValidateResult(resultId: string): Promise<ValidateResult>
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response>
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
@@ -210,26 +211,33 @@ export class RealApi implements Api {
         }
     }
 
-    async getResult(resultId: string) {
+    async getCommandResult(resultId: string) {
         const params = new URLSearchParams()
         params.set("resultId", resultId)
-        const json = await this.doGet("/api/getResult", params)
+        const json = await this.doGet("/api/getCommandResult", params)
         return new CommandResult(json)
     }
 
-    async getResultSummary(resultId: string) {
+    async getCommandResultSummary(resultId: string) {
         const params = new URLSearchParams()
         params.set("resultId", resultId)
-        const json = await this.doGet("/api/getResultSummary", params)
+        const json = await this.doGet("/api/getCommandResultSummary", params)
         return new CommandResultSummary(json)
     }
 
-    async getResultObject(resultId: string, ref: ObjectRef, objectType: string) {
+    async getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string) {
         const params = new URLSearchParams()
         params.set("resultId", resultId)
         params.set("objectType", objectType)
         buildRefParams(ref, params)
-        return await this.doGet("/api/getResultObject", params)
+        return await this.doGet("/api/getCommandResultObject", params)
+    }
+
+    async getValidateResult(resultId: string) {
+        const params = new URLSearchParams()
+        params.set("resultId", resultId)
+        const json = await this.doGet("/api/getValidateResult", params)
+        return new ValidateResult(json)
     }
 
     async validateNow(project: ProjectKey, target: TargetKey) {
@@ -281,20 +289,20 @@ export class StaticApi implements Api {
         }
     }
 
-    async getResult(resultId: string): Promise<CommandResult> {
+    async getCommandResult(resultId: string): Promise<CommandResult> {
         await loadScript(staticPath + `/result-${resultId}.js`)
         return staticResults.get(resultId)
     }
 
-    async getResultSummary(resultId: string): Promise<CommandResultSummary> {
+    async getCommandResultSummary(resultId: string): Promise<CommandResultSummary> {
         await loadScript(staticPath + "/summaries.js")
         return staticSummaries.filter(s => {
             return s.id === resultId
         }).at(0)
     }
 
-    async getResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
-        const result = await this.getResult(resultId)
+    async getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
+        const result = await this.getCommandResult(resultId)
         const object = result.objects?.find(x => _.isEqual(x.ref, ref))
         if (!object) {
             throw new Error("object not found")
@@ -311,6 +319,10 @@ export class StaticApi implements Api {
         }
     }
 
+    async getValidateResult(resultId: string): Promise<ValidateResult> {
+        throw new Error("not implemented")
+    }
+
     validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
         throw new Error("not implemented")
     }
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index d11580845..6d068eb03 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -14,7 +14,7 @@ import { Box } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
 import { ActiveFilters } from './result-view/NodeStatusFilter';
-import { CommandResultSummary, ProjectTargetKey, ShortName, ValidateResult } from "../models";
+import { CommandResultSummary, ShortName, ValidateResultSummary } from "../models";
 import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
 import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
 import Login from "./Login";
@@ -30,15 +30,15 @@ export function useAppOutletContext(): AppOutletContext {
 }
 
 export interface AppContextProps {
-    summaries: Map<string, CommandResultSummary>
+    commandResultSummaries: Map<string, CommandResultSummary>
     projects: ProjectSummary[]
-    validateResults: Map<string, ValidateResult>
+    validateResultSummaries: Map<string, ValidateResultSummary>
     shortNames: ShortName[]
 }
 export const AppContext = createContext<AppContextProps>({
-    summaries: new Map(),
+    commandResultSummaries: new Map(),
     projects: [],
-    validateResults: new Map(),
+    validateResultSummaries: new Map(),
     shortNames: []
 });
 
@@ -48,61 +48,63 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     const api = useContext(ApiContext)
     const [filters, setFilters] = useState<ActiveFilters>()
 
-    const summariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
-    const validateResultsRef = useRef<Map<string, ValidateResult>>(new Map())
-    const [summaries, setSummaries] = useState(summariesRef.current)
-    const [validateResults, setValidateResults] = useState(validateResultsRef.current)
-
-    const onUnauthorized = props.onUnauthorized
+    const commandResultSummariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
+    const validateResultSummariesRef = useRef<Map<string, ValidateResultSummary>>(new Map())
+    const [commandResultSummaries, setCommandResultSummaries] = useState(commandResultSummariesRef.current)
+    const [validateResultSummaries, setValidateResultSummaries] = useState(validateResultSummariesRef.current)
 
     useEffect(() => {
-        const updateSummary = (rs: CommandResultSummary) => {
-            console.log("update_summary", rs.id, rs.commandInfo.startTime)
-            summariesRef.current.set(rs.id, rs)
-            setSummaries(new Map(summariesRef.current))
+        const updateCommandResultSummary = (rs: CommandResultSummary) => {
+            console.log("update_command_result_summary", rs.id, rs.commandInfo.startTime)
+            commandResultSummariesRef.current.set(rs.id, rs)
+            setCommandResultSummaries(new Map(commandResultSummariesRef.current))
+        }
+
+        const deleteCommandResultSummary = (id: string) => {
+            console.log("delete_command_result_summary", id)
+            commandResultSummariesRef.current.delete(id)
+            setCommandResultSummaries(new Map(commandResultSummariesRef.current))
         }
 
-        const deleteSummary = (id: string) => {
-            console.log("delete_summary", id)
-            summariesRef.current.delete(id)
-            setSummaries(new Map(summariesRef.current))
+        const updateValidateResultSummary = (vr: ValidateResultSummary) => {
+            console.log("update_validate_result_summary", vr.id)
+            validateResultSummariesRef.current.set(vr.id, vr)
+            setValidateResultSummaries(new Map(validateResultSummariesRef.current))
         }
 
-        const updateValidateResult = (key: ProjectTargetKey, vr: ValidateResult) => {
-            console.log("validate_result", key)
-            validateResultsRef.current.set(JSON.stringify(key), vr)
-            setValidateResults(new Map(validateResultsRef.current))
+        const deleteValidateResultSummary = (id: string) => {
+            console.log("delete_validate_result_summary", id)
+            validateResultSummariesRef.current.delete(id)
+            setValidateResultSummaries(new Map(validateResultSummariesRef.current))
         }
 
         console.log("starting listenResults")
         let cancel: Promise<() => void>
         cancel = api.listenUpdates(undefined, undefined, msg => {
             switch (msg.type) {
-                case "update_summary":
-                    updateSummary(msg.summary)
+                case "update_command_result_summary":
+                    updateCommandResultSummary(msg.summary)
                     break
-                case "delete_summary":
-                    deleteSummary(msg.id)
+                case "delete_command_result_summary":
+                    deleteCommandResultSummary(msg.id)
                     break
-                case "validate_result":
-                    updateValidateResult(msg.key, msg.result)
+                case "update_validate_result_summary":
+                    updateValidateResultSummary(msg.summary)
+                    break
+                case "delete_validate_result_summary":
+                    deleteValidateResultSummary(msg.id)
                     break
-                case "auth_result":
-                    if (!msg.success) {
-                        cancel.then(c => c())
-                        onUnauthorized()
-                    }
             }
         })
         return () => {
             console.log("cancel listenResults")
             cancel.then(c => c())
         }
-    }, [api, onUnauthorized])
+    }, [api])
 
     const projects = useMemo(() => {
-        return buildProjectSummaries(summaries, validateResults)
-    }, [summaries, validateResults])
+        return buildProjectSummaries(commandResultSummaries, validateResultSummaries)
+    }, [commandResultSummaries, validateResultSummaries])
 
     const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(
         () => api.getShortNames(),
@@ -120,9 +122,9 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     }
 
     const appContext: AppContextProps = {
-        summaries: summariesRef.current,
+        commandResultSummaries: commandResultSummariesRef.current,
         projects,
-        validateResults,
+        validateResultSummaries: validateResultSummaries,
         shortNames: shortNames || []
     }
 
@@ -137,7 +139,7 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
                 <LeftDrawer
                     content={<Outlet context={outletContext} />}
                     context={outletContext}
-                    logout={onUnauthorized}
+                    logout={props.onUnauthorized}
                 />
             </Box>
         </AppContext.Provider>
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 05042a1e7..016f9c35b 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -13,7 +13,7 @@ import { Box } from "@mui/material";
 export const ObjectYaml = (props: { treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType }) => {
     const api = useContext(ApiContext)
     const [loading, error, content] = useLoadingHelper<string>(async () => {
-        const o = await api.getResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+        const o = await api.getCommandResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
         return yaml.dump(o)
     }, [props.treeProps.summary.id, props.objectRef, props.objectType])
 
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 7d1af9be2..0ec72a481 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -32,8 +32,8 @@ export interface CommandResultProps {
 
 async function doLoadCommandResult(api: Api, resultId: string, shortNames: ShortName[]): Promise<CommandResultProps> {
     const [rs, result] = await Promise.all([
-        api.getResultSummary(resultId),
-        api.getResult(resultId)
+        api.getCommandResultSummary(resultId),
+        api.getCommandResult(resultId)
     ]);
 
     return {
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 66f19a546..23a67229c 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -16,7 +16,7 @@ import { Api } from "../../api";
 import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
-    const r = await api.getResult(rs.id);
+    const r = await api.getCommandResult(rs.id);
     const builder = new NodeBuilder({
         shortNames,
         summary: rs,
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index c8f2ac2d6..f2f11b4bc 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,19 +1,24 @@
-import { KluctlDeploymentInfo } from "../../models";
+import {
+    KluctlDeploymentInfo,
+    ValidateResult
+} from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Box, SxProps, Theme, Typography, useTheme } from "@mui/material";
-import React, { useContext } from "react";
+import React, { useContext, useEffect, useState } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
-import { ApiContext } from "../App";
+import { ApiContext, AppContext } from "../App";
 import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import { DiffStatus } from "../result-view/nodes/NodeData";
 import { ChangesTable } from "../result-view/ChangesTable";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesTable } from "../PropertiesTable";
+import { Loading, useLoadingHelper } from "../Loading";
+import { ErrorMessage } from "../ErrorMessage";
 
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
@@ -22,10 +27,10 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     if (props.ts.lastValidateResult === undefined) {
         icon = <MessageQuestionIcon color={theme.palette.error.main} />
     } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
-        if (props.ts.lastValidateResult.warnings?.length) {
+        if (props.ts.lastValidateResult.warnings) {
             icon = <Favorite color={"warning"} />
-        } else if (props.ts.lastValidateResult.drift?.length) {
-            icon = <Favorite color={"primary"} />
+        /*} else if (props.ts.lastValidateResult.drift?.length) {
+            icon = <Favorite color={"primary"} />*/
         } else {
             icon = <Favorite color={"success"} />
         }
@@ -37,20 +42,20 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     if (props.ts.lastValidateResult === undefined) {
         tooltip.push("No validation result available.")
     } else {
-        if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors?.length) {
+        if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
             tooltip.push("Target is ready.")
         } else {
             tooltip.push("Target is not ready.")
         }
-        if (props.ts.lastValidateResult.errors?.length) {
-            tooltip.push(`Target has ${props.ts.lastValidateResult.errors.length} validation errors.`)
+        if (props.ts.lastValidateResult.errors) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.errors} validation errors.`)
         }
-        if (props.ts.lastValidateResult.warnings?.length) {
-            tooltip.push(`Target has ${props.ts.lastValidateResult.warnings.length} validation warnings.`)
+        if (props.ts.lastValidateResult.warnings) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.warnings} validation warnings.`)
         }
-        if (props.ts.lastValidateResult.drift?.length) {
+        /*if (props.ts.lastValidateResult.drift?.length) {
             tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
-        }
+        }*/
         tooltip.push("Validation performed " + calcAgo(props.ts.lastValidateResult.startTime) + " ago")
     }
 
@@ -59,6 +64,36 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     </Tooltip>
 }
 
+export const TargetItemBody = React.memo((props: {
+    ts: TargetSummary
+}) => {
+    const api = useContext(ApiContext);
+
+    const [loading, error, vr] = useLoadingHelper<ValidateResult | undefined>(async () => {
+        if (!props.ts.lastValidateResult) {
+            return undefined
+        }
+        const o = await api.getValidateResult(props.ts.lastValidateResult?.id)
+        return o
+    }, [props.ts.lastValidateResult?.id])
+
+    if (loading) {
+        return <Loading />;
+    }
+
+    if (error) {
+        return <ErrorMessage>
+            {error.message}
+        </ErrorMessage>;
+    }
+
+    if (!vr) {
+        return null;
+    }
+
+    return <CardBody provider={new MyProvider(props.ts, vr)}/>
+});
+
 export const TargetItem = React.memo(React.forwardRef((
     props: {
         ps: ProjectSummary,
@@ -141,6 +176,8 @@ export const TargetItem = React.memo(React.forwardRef((
         targetName = "<no-name>"
     }
 
+    const body = props.expanded ? <TargetItemBody ts={props.ts} /> : undefined;
+
     return <CardTemplate
         ref={ref}
         showCloseButton={props.expanded}
@@ -158,7 +195,7 @@ export const TargetItem = React.memo(React.forwardRef((
         header={targetName}
         subheader={allContexts.length ? allContexts[0] : ''}
         subheaderTooltip={allContexts.length ? contextTooltip : undefined}
-        body={props.expanded && <CardBody provider={new MyProvider(props.ts)} />}
+        body={body}
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
@@ -182,13 +219,15 @@ TargetItem.displayName = 'TargetItem';
 
 class MyProvider implements SidePanelProvider {
     private ts?: TargetSummary;
+    private lastValidateResult?: ValidateResult
     private diffStatus: DiffStatus;
 
-    constructor(ts?: TargetSummary) {
+    constructor(ts?: TargetSummary, vr?: ValidateResult) {
         this.ts = ts
+        this.lastValidateResult = vr
         this.diffStatus = new DiffStatus()
 
-        this.ts?.lastValidateResult?.drift?.forEach(co => {
+        this.lastValidateResult?.drift?.forEach(co => {
             this.diffStatus.addChangedObject(co)
         })
     }
@@ -210,16 +249,16 @@ class MyProvider implements SidePanelProvider {
                     content: <ChangesTable diffStatus={this.diffStatus} />
                 })
             }
-        if (this.ts.lastValidateResult?.errors?.length) {
+        if (this.lastValidateResult?.errors) {
             tabs.push({
                 label: "Errors",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.errors} />
+                content: <ErrorsTable errors={this.lastValidateResult.errors} />
             })
         }
-        if (this.ts.lastValidateResult?.warnings?.length) {
+        if (this.lastValidateResult?.warnings) {
             tabs.push({
                 label: "Warnings",
-                content: <ErrorsTable errors={this.ts.lastValidateResult.warnings} />
+                content: <ErrorsTable errors={this.lastValidateResult.warnings} />
             })
         }
 
@@ -233,17 +272,17 @@ class MyProvider implements SidePanelProvider {
         ]
 
         if (this.ts?.lastValidateResult) {
-            props.push({ name: "Ready", value: this.ts.lastValidateResult.ready + "" })
+            props.push({ name: "Ready", value: this.ts?.lastValidateResult.ready + "" })
         }
-        if (this.ts?.lastValidateResult?.errors?.length) {
-            props.push({ name: "Errors", value: this.ts.lastValidateResult.errors.length + "" })
+        if (this.ts?.lastValidateResult?.errors) {
+            props.push({ name: "Errors", value: this.ts?.lastValidateResult.errors + "" })
         }
-        if (this.ts?.lastValidateResult?.warnings?.length) {
-            props.push({ name: "Warnings", value: this.ts.lastValidateResult.warnings.length + "" })
+        if (this.ts?.lastValidateResult?.warnings) {
+            props.push({ name: "Warnings", value: this.ts?.lastValidateResult.warnings + "" })
         }
-        if (this.ts?.lastValidateResult?.drift?.length) {
+        /*if (this.ts.lastValidateResult?.drift?.length) {
             props.push({ name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + "" })
-        }
+        }*/
 
         return <>
             <PropertiesTable properties={props} />
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index c5bf3626c..6888d15d5 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -411,11 +411,13 @@ export class GitInfo {
 export class KluctlDeploymentInfo {
     name: string;
     namespace: string;
+    clusterId: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.name = source["name"];
         this.namespace = source["namespace"];
+        this.clusterId = source["clusterId"];
     }
 }
 export class CommandInfo {
@@ -778,6 +780,9 @@ export class ValidateResultEntry {
 }
 export class ValidateResult {
     id: string;
+    projectKey: ProjectKey;
+    targetKey: TargetKey;
+    kluctlDeployment?: KluctlDeploymentInfo;
     startTime: string;
     endTime: string;
     ready: boolean;
@@ -789,6 +794,9 @@ export class ValidateResult {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
+        this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];
         this.ready = source["ready"];
@@ -816,6 +824,48 @@ export class ValidateResult {
 	    return a;
 	}
 }
+export class ValidateResultSummary {
+    id: string;
+    projectKey: ProjectKey;
+    targetKey: TargetKey;
+    startTime: string;
+    endTime: string;
+    ready: boolean;
+    warnings: number;
+    errors: number;
+    results: number;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.id = source["id"];
+        this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
+        this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.startTime = source["startTime"];
+        this.endTime = source["endTime"];
+        this.ready = source["ready"];
+        this.warnings = source["warnings"];
+        this.errors = source["errors"];
+        this.results = source["results"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class ShortName {
     group?: string;
     kind: string;
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 62a6a5011..474c10a57 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,9 +1,15 @@
-import { CommandResultSummary, ProjectKey, ProjectTargetKey, TargetKey, ValidateResult, } from "./models";
+import {
+    CommandResultSummary,
+    ProjectKey,
+    ProjectTargetKey,
+    TargetKey,
+    ValidateResultSummary,
+} from "./models";
 import _ from "lodash";
 
 export interface TargetSummary {
     target: TargetKey;
-    lastValidateResult?: ValidateResult;
+    lastValidateResult?: ValidateResultSummary;
     commandResults: CommandResultSummary[];
 }
 
@@ -12,18 +18,40 @@ export interface ProjectSummary {
     targets: TargetSummary[];
 }
 
-export function compareSummaries(a: CommandResultSummary, b: CommandResultSummary) {
+export function compareCommandResultSummaries(a: CommandResultSummary, b: CommandResultSummary) {
     return b.commandInfo.startTime.localeCompare(a.commandInfo.startTime) ||
         b.commandInfo.endTime.localeCompare(b.commandInfo.endTime) ||
         (b.commandInfo.command || "").localeCompare(a.commandInfo.command || "")
 }
 
-export function buildProjectSummaries(summaries: Map<string, CommandResultSummary>, validateResults: Map<string, ValidateResult>) {
-    const sorted = Array.from(summaries.values())
-    sorted.sort(compareSummaries)
+export function compareValidateResultSummaries(a: ValidateResultSummary, b: ValidateResultSummary) {
+    return b.startTime.localeCompare(a.startTime) ||
+        b.endTime.localeCompare(b.endTime)
+}
+
+export function buildProjectSummaries(commandResultSummaries: Map<string, CommandResultSummary>, validateResultSummaries: Map<string, ValidateResultSummary>) {
+    const sortedCommandResults = Array.from(commandResultSummaries.values())
+    sortedCommandResults.sort(compareCommandResultSummaries)
+
+    const vrByProjectTargetKey = new Map<string, ValidateResultSummary[]>()
+    validateResultSummaries.forEach(vr=> {
+        const key = new ProjectTargetKey()
+        key.project = vr.projectKey
+        key.target = vr.targetKey
+        const keyStr = JSON.stringify(key)
+        let l = vrByProjectTargetKey.get(keyStr)
+        if (!l) {
+            l = []
+            vrByProjectTargetKey.set(keyStr, l)
+        }
+        l.push(vr)
+    })
+    vrByProjectTargetKey.forEach(l => {
+        l.sort(compareValidateResultSummaries)
+    })
 
     const m = new Map<string, ProjectSummary>()
-    sorted.forEach(rs => {
+    sortedCommandResults.forEach(rs => {
         const projectKey = JSON.stringify(rs.projectKey)
 
         let p = m.get(projectKey)
@@ -39,7 +67,8 @@ export function buildProjectSummaries(summaries: Map<string, CommandResultSummar
         ptKey.project = rs.projectKey
         ptKey.target = rs.targetKey
 
-        const vr = validateResults.get(JSON.stringify(ptKey))
+        const vrs = vrByProjectTargetKey.get(JSON.stringify(ptKey))
+        const vr = vrs ? vrs[0] : undefined
 
         let target = p.targets.find(t => _.isEqual(t.target, rs.targetKey))
         if (!target) {

From 939c067740e6abd48c9ce90d288a98400f2500c5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 15:57:04 +0200
Subject: [PATCH 1296/2268] chore: Optimise imports

---
 pkg/webui/ui/src/api.tsx                              |  3 ++-
 pkg/webui/ui/src/components/App.tsx                   | 11 +----------
 pkg/webui/ui/src/components/ScrollingTextLine.tsx     |  2 +-
 .../src/components/targets-view/CommandResultItem.tsx |  2 +-
 .../ui/src/components/targets-view/TargetItem.tsx     |  9 +++------
 pkg/webui/ui/src/project-summaries.ts                 |  8 +-------
 6 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index af918c8a6..79ac58127 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -5,7 +5,8 @@ import {
     ProjectKey,
     ResultObject,
     ShortName,
-    TargetKey, ValidateResult
+    TargetKey,
+    ValidateResult
 } from "./models";
 import _ from "lodash";
 import React from "react";
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 6d068eb03..5d8b7f20b 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,13 +1,4 @@
-import {
-    createContext,
-    Dispatch,
-    SetStateAction,
-    useContext,
-    useEffect,
-    useMemo,
-    useRef,
-    useState
-} from 'react';
+import { createContext, Dispatch, SetStateAction, useContext, useEffect, useMemo, useRef, useState } from 'react';
 
 import '../index.css';
 import { Box } from "@mui/material";
diff --git a/pkg/webui/ui/src/components/ScrollingTextLine.tsx b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
index 8ee8dc878..13f1f6010 100644
--- a/pkg/webui/ui/src/components/ScrollingTextLine.tsx
+++ b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
@@ -1,5 +1,5 @@
 import React, { useCallback, useRef, useState } from "react";
-import { Box, Typography, TypographyProps, keyframes } from "@mui/material"
+import { Box, keyframes, Typography, TypographyProps } from "@mui/material"
 
 export type ScrollingTextLineProps = Omit<TypographyProps, 'children'> & {
     children: string;
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 23a67229c..bf258589b 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -7,7 +7,7 @@ import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine"
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { calcAgo } from "../../utils/duration";
-import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
+import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { ApiContext, AppContext } from "../App";
 import { Loading } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index f2f11b4bc..8cf6bf63a 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,17 +1,14 @@
-import {
-    KluctlDeploymentInfo,
-    ValidateResult
-} from "../../models";
+import { KluctlDeploymentInfo, ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Box, SxProps, Theme, Typography, useTheme } from "@mui/material";
-import React, { useContext, useEffect, useState } from "react";
+import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
 import { ApiContext, AppContext } from "../App";
-import { CardBody, CardTemplate, cardHeight, cardWidth } from "./Card";
+import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import { DiffStatus } from "../result-view/nodes/NodeData";
 import { ChangesTable } from "../result-view/ChangesTable";
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 474c10a57..6c4b94736 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,10 +1,4 @@
-import {
-    CommandResultSummary,
-    ProjectKey,
-    ProjectTargetKey,
-    TargetKey,
-    ValidateResultSummary,
-} from "./models";
+import { CommandResultSummary, ProjectKey, ProjectTargetKey, TargetKey, ValidateResultSummary, } from "./models";
 import _ from "lodash";
 
 export interface TargetSummary {

From a265e9bc1be7ff7025c721cc940fbefd56cfa977 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 16:03:28 +0200
Subject: [PATCH 1297/2268] chore: Run npm update

---
 pkg/webui/ui/package-lock.json | 3290 ++++++++++++++++++++++++--------
 1 file changed, 2478 insertions(+), 812 deletions(-)

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index a5dcb8f8b..0edf99125 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -44,6 +44,14 @@
         "@types/react-syntax-highlighter": "^15.5.7"
       }
     },
+    "node_modules/@aashutoshrathi/word-wrap": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz",
+      "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/@adobe/css-tools": {
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.2.0.tgz",
@@ -84,33 +92,33 @@
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.22.5.tgz",
-      "integrity": "sha512-4Jc/YuIaYqKnDDz892kPIledykKg12Aw1PYX5i/TY28anJtacvM1Rrr8wbieB9GfEJwlzqT0hUEao0CxEebiDA==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.22.6.tgz",
+      "integrity": "sha512-29tfsWTq2Ftu7MXmimyC0C5FDZv5DYxOZkh3XD3+QW4V/BYuv/LyEsjj3c0hqedEaDt6DBfDvexMKU8YevdqFg==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.22.5.tgz",
-      "integrity": "sha512-SBuTAjg91A3eKOvD+bPEz3LlhHZRNu1nFOVts9lzDJTXshHTjII0BAtDS3Y2DAkdZdDKWVZGVwkDfc4Clxn1dg==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.22.6.tgz",
+      "integrity": "sha512-HPIyDa6n+HKw5dEuway3vVAhBboYCtREBMp+IWeseZy6TFtzn6MHkCH2KKYUOC/vKKwgSMHQW4htBOrmuRPXfw==",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
         "@babel/code-frame": "^7.22.5",
         "@babel/generator": "^7.22.5",
-        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.6",
         "@babel/helper-module-transforms": "^7.22.5",
-        "@babel/helpers": "^7.22.5",
-        "@babel/parser": "^7.22.5",
+        "@babel/helpers": "^7.22.6",
+        "@babel/parser": "^7.22.6",
         "@babel/template": "^7.22.5",
-        "@babel/traverse": "^7.22.5",
+        "@babel/traverse": "^7.22.6",
         "@babel/types": "^7.22.5",
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
         "convert-source-map": "^1.7.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
-        "json5": "^2.2.2",
-        "semver": "^6.3.0"
+        "json5": "^2.2.2"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -120,22 +128,14 @@
         "url": "https://opencollective.com/babel"
       }
     },
-    "node_modules/@babel/core/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/eslint-parser": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.22.5.tgz",
-      "integrity": "sha512-C69RWYNYtrgIRE5CmTd77ZiLDXqgBipahJc/jHP3sLcAGj6AJzxNIuKNpVnICqbyK7X3pFUfEvL++rvtbQpZkQ==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.22.6.tgz",
+      "integrity": "sha512-KAom7E7d6bAh5/PflF3luynWlDLOIqfX+ZJcL0LRs6/6rtXJmJxPiWuIGfxNPtcWdtQ5lSSJbKbQlz/c/R60Ng==",
       "dependencies": {
         "@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
-        "eslint-visitor-keys": "^2.1.0",
-        "semver": "^6.3.0"
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
+        "eslint-visitor-keys": "^2.1.0"
       },
       "engines": {
         "node": "^10.13.0 || ^12.13.0 || >=14.0.0"
@@ -153,14 +153,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/@babel/eslint-parser/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/generator": {
       "version": "7.22.5",
       "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.22.5.tgz",
@@ -198,15 +190,15 @@
       }
     },
     "node_modules/@babel/helper-compilation-targets": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.5.tgz",
-      "integrity": "sha512-Ji+ywpHeuqxB8WDxraCiqR0xfhYjiDE/e6k7FuIaANnoOFxAHskHChz4vA1mJC9Lbm01s1PVAGhQY4FUKSkGZw==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.22.6.tgz",
+      "integrity": "sha512-534sYEqWD9VfUm3IPn2SLcH4Q3P86XL+QvqdC7ZsFrzyyPF3T4XGiVghF6PTYNdWg6pXuoqXxNQAhbYeEInTzA==",
       "dependencies": {
-        "@babel/compat-data": "^7.22.5",
+        "@babel/compat-data": "^7.22.6",
         "@babel/helper-validator-option": "^7.22.5",
-        "browserslist": "^4.21.3",
-        "lru-cache": "^5.1.1",
-        "semver": "^6.3.0"
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
+        "browserslist": "^4.21.9",
+        "lru-cache": "^5.1.1"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -215,18 +207,10 @@
         "@babel/core": "^7.0.0"
       }
     },
-    "node_modules/@babel/helper-compilation-targets/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/helper-create-class-features-plugin": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.5.tgz",
-      "integrity": "sha512-xkb58MyOYIslxu3gKmVXmjTtUPvBU4odYzbiIQbWwLKIHCsx6UGZGX6F1IznMFVnDdirseUZopzN+ZRt8Xb33Q==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.22.6.tgz",
+      "integrity": "sha512-iwdzgtSiBxF6ni6mzVnZCF3xt5qE6cEA0J7nFt8QOAWZ0zjCFceEgpn3vtb2V7WFR6QzP2jmIFOHMTRo7eNJjQ==",
       "dependencies": {
         "@babel/helper-annotate-as-pure": "^7.22.5",
         "@babel/helper-environment-visitor": "^7.22.5",
@@ -235,8 +219,8 @@
         "@babel/helper-optimise-call-expression": "^7.22.5",
         "@babel/helper-replace-supers": "^7.22.5",
         "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5",
-        "@babel/helper-split-export-declaration": "^7.22.5",
-        "semver": "^6.3.0"
+        "@babel/helper-split-export-declaration": "^7.22.6",
+        "@nicolo-ribaudo/semver-v6": "^6.3.3"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -245,22 +229,14 @@
         "@babel/core": "^7.0.0"
       }
     },
-    "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/helper-create-regexp-features-plugin": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.5.tgz",
-      "integrity": "sha512-1VpEFOIbMRaXyDeUwUfmTIxExLwQ+zkW+Bh5zXpApA3oQedBx9v/updixWxnx/bZpKw7u8VxWjb/qWpIcmPq8A==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.6.tgz",
+      "integrity": "sha512-nBookhLKxAWo/TUCmhnaEJyLz2dekjQvv5SRpE9epWQBcpedWLKt8aZdsuT9XV5ovzR3fENLjRXVT0GsSlGGhA==",
       "dependencies": {
         "@babel/helper-annotate-as-pure": "^7.22.5",
-        "regexpu-core": "^5.3.1",
-        "semver": "^6.3.0"
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
+        "regexpu-core": "^5.3.1"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -269,38 +245,21 @@
         "@babel/core": "^7.0.0"
       }
     },
-    "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/helper-define-polyfill-provider": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.0.tgz",
-      "integrity": "sha512-RnanLx5ETe6aybRi1cO/edaRH+bNYWaryCEmjDDYyNr4wnSzyOp8T0dWipmqVHKEY3AbVKUom50AKSlj1zmKbg==",
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.1.tgz",
+      "integrity": "sha512-kX4oXixDxG197yhX+J3Wp+NpL2wuCFjWQAr6yX2jtCnflK9ulMI51ULFGIrWiX1jGfvAxdHp+XQCcP2bZGPs9A==",
       "dependencies": {
-        "@babel/helper-compilation-targets": "^7.17.7",
-        "@babel/helper-plugin-utils": "^7.16.7",
+        "@babel/helper-compilation-targets": "^7.22.6",
+        "@babel/helper-plugin-utils": "^7.22.5",
         "debug": "^4.1.1",
         "lodash.debounce": "^4.0.8",
-        "resolve": "^1.14.2",
-        "semver": "^6.1.2"
+        "resolve": "^1.14.2"
       },
       "peerDependencies": {
         "@babel/core": "^7.4.0-0"
       }
     },
-    "node_modules/@babel/helper-define-polyfill-provider/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/helper-environment-visitor": {
       "version": "7.22.5",
       "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.5.tgz",
@@ -447,9 +406,9 @@
       }
     },
     "node_modules/@babel/helper-split-export-declaration": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.5.tgz",
-      "integrity": "sha512-thqK5QFghPKWLhAV321lxF95yCg2K3Ob5yw+M3VHWfdia0IkPXUtoLH8x/6Fh486QUvzhb8YOWHChTVen2/PoQ==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz",
+      "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==",
       "dependencies": {
         "@babel/types": "^7.22.5"
       },
@@ -496,12 +455,12 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.22.5.tgz",
-      "integrity": "sha512-pSXRmfE1vzcUIDFQcSGA5Mr+GxBV9oiRKDuDxXvWQQBCh8HoIjs/2DlDB7H8smac1IVrB9/xdXj2N3Wol9Cr+Q==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.22.6.tgz",
+      "integrity": "sha512-YjDs6y/fVOYFV8hAf1rxd1QvR9wJe1pDBZ2AREKq/SDayfPzgk0PBnVuTCE5X1acEpMMNOVUqoe+OwiZGJ+OaA==",
       "dependencies": {
         "@babel/template": "^7.22.5",
-        "@babel/traverse": "^7.22.5",
+        "@babel/traverse": "^7.22.6",
         "@babel/types": "^7.22.5"
       },
       "engines": {
@@ -521,74 +480,10 @@
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/highlight/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
-    },
-    "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/@babel/parser": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.22.5.tgz",
-      "integrity": "sha512-DFZMC9LJUG9PLOclRC32G63UXwzqS2koQC8dkx+PLdmt1xSePYpbT/NbsrJy8Q/muXz7o/h/d4A7Fuyixm559Q==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.22.6.tgz",
+      "integrity": "sha512-EIQu22vNkceq3LbjAq7knDf/UmtI2qbcNI8GRBlijez6TpQLvSodJPYfydQmNA5buwkxxxa/PVI44jjYZ+/cLw==",
       "bin": {
         "parser": "bin/babel-parser.js"
       },
@@ -642,14 +537,14 @@
       }
     },
     "node_modules/@babel/plugin-proposal-decorators": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.22.5.tgz",
-      "integrity": "sha512-h8hlezQ4dl6ixodgXkH8lUfcD7x+WAuIqPUjwGoItynrXOAv4a4Tci1zA/qjzQjjcl0v3QpLdc2LM6ZACQuY7A==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.22.6.tgz",
+      "integrity": "sha512-cgskJ9W7kxTk/wBM16JNHhlTkeyDK6slMJg1peaI4LM3y2HtTv+6I85sW9UXSUZilndIBvDBETA1BRoOYdxWKw==",
       "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.22.5",
+        "@babel/helper-create-class-features-plugin": "^7.22.6",
         "@babel/helper-plugin-utils": "^7.22.5",
         "@babel/helper-replace-supers": "^7.22.5",
-        "@babel/helper-split-export-declaration": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.6",
         "@babel/plugin-syntax-decorators": "^7.22.5"
       },
       "engines": {
@@ -1143,18 +1038,18 @@
       }
     },
     "node_modules/@babel/plugin-transform-classes": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.5.tgz",
-      "integrity": "sha512-2edQhLfibpWpsVBx2n/GKOz6JdGQvLruZQfGr9l1qes2KQaWswjBzhQF7UDUZMNaMMQeYnQzxwOMPsbYF7wqPQ==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.22.6.tgz",
+      "integrity": "sha512-58EgM6nuPNG6Py4Z3zSuu0xWu2VfodiMi72Jt5Kj2FECmaYk1RrTXA45z6KBFsu9tRgwQDwIiY4FXTt+YsSFAQ==",
       "dependencies": {
         "@babel/helper-annotate-as-pure": "^7.22.5",
-        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/helper-compilation-targets": "^7.22.6",
         "@babel/helper-environment-visitor": "^7.22.5",
         "@babel/helper-function-name": "^7.22.5",
         "@babel/helper-optimise-call-expression": "^7.22.5",
         "@babel/helper-plugin-utils": "^7.22.5",
         "@babel/helper-replace-supers": "^7.22.5",
-        "@babel/helper-split-export-declaration": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.6",
         "globals": "^11.1.0"
       },
       "engines": {
@@ -1541,9 +1436,9 @@
       }
     },
     "node_modules/@babel/plugin-transform-optional-chaining": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.22.5.tgz",
-      "integrity": "sha512-AconbMKOMkyG+xCng2JogMCDcqW8wedQAqpVIL4cOSescZ7+iW8utC6YDZLMCSUIReEA733gzRSaOSXMAt/4WQ==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.22.6.tgz",
+      "integrity": "sha512-Vd5HiWml0mDVtcLHIoEU5sw6HOUW/Zk0acLs/SAeuLzkGNOPc9DB4nkUajemhCmTIz3eiaKREZn2hQQqF79YTg==",
       "dependencies": {
         "@babel/helper-plugin-utils": "^7.22.5",
         "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5",
@@ -1721,16 +1616,16 @@
       }
     },
     "node_modules/@babel/plugin-transform-runtime": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.22.5.tgz",
-      "integrity": "sha512-bg4Wxd1FWeFx3daHFTWk1pkSWK/AyQuiyAoeZAOkAOUBjnZPH6KT7eMxouV47tQ6hl6ax2zyAWBdWZXbrvXlaw==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.22.6.tgz",
+      "integrity": "sha512-+AGkst7Kqq3QUflKGkhWWMRb9vaKamoreNmYc+sjsIpOp+TsyU0exhp3RlwjQa/HdlKkPt3AMDwfg8Hpt9Vwqg==",
       "dependencies": {
         "@babel/helper-module-imports": "^7.22.5",
         "@babel/helper-plugin-utils": "^7.22.5",
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
         "babel-plugin-polyfill-corejs2": "^0.4.3",
         "babel-plugin-polyfill-corejs3": "^0.8.1",
-        "babel-plugin-polyfill-regenerator": "^0.5.0",
-        "semver": "^6.3.0"
+        "babel-plugin-polyfill-regenerator": "^0.5.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1739,14 +1634,6 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/plugin-transform-runtime/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/plugin-transform-shorthand-properties": {
       "version": "7.22.5",
       "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.22.5.tgz",
@@ -1895,12 +1782,12 @@
       }
     },
     "node_modules/@babel/preset-env": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.22.5.tgz",
-      "integrity": "sha512-fj06hw89dpiZzGZtxn+QybifF07nNiZjZ7sazs2aVDcysAZVGjW7+7iFYxg6GLNM47R/thYfLdrXc+2f11Vi9A==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.22.6.tgz",
+      "integrity": "sha512-IHr0AXHGk8oh8HYSs45Mxuv6iySUBwDTIzJSnXN7PURqHdxJVQlCoXmKJgyvSS9bcNf9NVRVE35z+LkCvGmi6w==",
       "dependencies": {
-        "@babel/compat-data": "^7.22.5",
-        "@babel/helper-compilation-targets": "^7.22.5",
+        "@babel/compat-data": "^7.22.6",
+        "@babel/helper-compilation-targets": "^7.22.6",
         "@babel/helper-plugin-utils": "^7.22.5",
         "@babel/helper-validator-option": "^7.22.5",
         "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.22.5",
@@ -1931,7 +1818,7 @@
         "@babel/plugin-transform-block-scoping": "^7.22.5",
         "@babel/plugin-transform-class-properties": "^7.22.5",
         "@babel/plugin-transform-class-static-block": "^7.22.5",
-        "@babel/plugin-transform-classes": "^7.22.5",
+        "@babel/plugin-transform-classes": "^7.22.6",
         "@babel/plugin-transform-computed-properties": "^7.22.5",
         "@babel/plugin-transform-destructuring": "^7.22.5",
         "@babel/plugin-transform-dotall-regex": "^7.22.5",
@@ -1956,7 +1843,7 @@
         "@babel/plugin-transform-object-rest-spread": "^7.22.5",
         "@babel/plugin-transform-object-super": "^7.22.5",
         "@babel/plugin-transform-optional-catch-binding": "^7.22.5",
-        "@babel/plugin-transform-optional-chaining": "^7.22.5",
+        "@babel/plugin-transform-optional-chaining": "^7.22.6",
         "@babel/plugin-transform-parameters": "^7.22.5",
         "@babel/plugin-transform-private-methods": "^7.22.5",
         "@babel/plugin-transform-private-property-in-object": "^7.22.5",
@@ -1974,11 +1861,11 @@
         "@babel/plugin-transform-unicode-sets-regex": "^7.22.5",
         "@babel/preset-modules": "^0.1.5",
         "@babel/types": "^7.22.5",
+        "@nicolo-ribaudo/semver-v6": "^6.3.3",
         "babel-plugin-polyfill-corejs2": "^0.4.3",
         "babel-plugin-polyfill-corejs3": "^0.8.1",
         "babel-plugin-polyfill-regenerator": "^0.5.0",
-        "core-js-compat": "^3.30.2",
-        "semver": "^6.3.0"
+        "core-js-compat": "^3.31.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1998,14 +1885,6 @@
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/@babel/preset-env/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/@babel/preset-modules": {
       "version": "0.1.5",
       "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.5.tgz",
@@ -2064,9 +1943,9 @@
       "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA=="
     },
     "node_modules/@babel/runtime": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.5.tgz",
-      "integrity": "sha512-ecjvYlnAaZ/KVneE/OdKYBYfgXV3Ptu6zQWmgEF7vwKhQnvVS6bjMD2XYgj+SNvQ1GfK/pjgokfPkC/2CO8CuA==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.6.tgz",
+      "integrity": "sha512-wDb5pWm4WDdF6LFUde3Jl8WzPA+3ZbxYqkC6xAXuD3irdEHN1k0NfTRrJD8ZD378SJ61miMLCqIOXYhd8x+AJQ==",
       "dependencies": {
         "regenerator-runtime": "^0.13.11"
       },
@@ -2088,17 +1967,17 @@
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.22.5",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.22.5.tgz",
-      "integrity": "sha512-7DuIjPgERaNo6r+PZwItpjCZEa5vyw4eJGufeLxrPdBXBoLcCJCIasvK6pK/9DVNrLZTLFhUGqaC6X/PA007TQ==",
+      "version": "7.22.6",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.22.6.tgz",
+      "integrity": "sha512-53CijMvKlLIDlOTrdWiHileRddlIiwUIyCKqYa7lYnnPldXCG5dUSN38uT0cA6i7rHWNKJLH0VU/Kxdr1GzB3w==",
       "dependencies": {
         "@babel/code-frame": "^7.22.5",
         "@babel/generator": "^7.22.5",
         "@babel/helper-environment-visitor": "^7.22.5",
         "@babel/helper-function-name": "^7.22.5",
         "@babel/helper-hoist-variables": "^7.22.5",
-        "@babel/helper-split-export-declaration": "^7.22.5",
-        "@babel/parser": "^7.22.5",
+        "@babel/helper-split-export-declaration": "^7.22.6",
+        "@babel/parser": "^7.22.6",
         "@babel/types": "^7.22.5",
         "debug": "^4.1.0",
         "globals": "^11.1.0"
@@ -2551,13 +2430,13 @@
       }
     },
     "node_modules/@eslint/eslintrc": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.3.tgz",
-      "integrity": "sha512-+5gy6OQfk+xx3q0d6jGZZC3f3KzAkXc/IanVxd1is/VIIziRqqt3ongQz0FiTUXqTk0c7aDB3OaFuKnuSoJicQ==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.0.tgz",
+      "integrity": "sha512-Lj7DECXqIVCqnqjjHMPna4vn6GJcMgul/wuS0je9OZ9gsL0zzDpKPVtcG1HaDVc+9y+qgXneTeUMbCqXJNpH1A==",
       "dependencies": {
         "ajv": "^6.12.4",
         "debug": "^4.3.2",
-        "espree": "^9.5.2",
+        "espree": "^9.6.0",
         "globals": "^13.19.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
@@ -2598,17 +2477,17 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "8.42.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.42.0.tgz",
-      "integrity": "sha512-6SWlXpWU5AvId8Ac7zjzmIOqMOba/JWY8XZ4A7q7Gn1Vlfg/SFFIlrtHXt9nPn4op9ZPAkl91Jao+QQv3r/ukw==",
+      "version": "8.44.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.44.0.tgz",
+      "integrity": "sha512-Ag+9YM4ocKQx9AarydN0KY2j0ErMHNIocPDrVo8zAE44xLTjEtz81OdR68/cydGtk6m6jDb5Za3r2useMzYmSw==",
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       }
     },
     "node_modules/@fontsource-variable/nunito": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.0.3.tgz",
-      "integrity": "sha512-yxQ+IPeqA43DXNigCdU4rAziyeeKqm7VkAaJ9/o/h/qBA6w/dKsAH/YWmNB04PFJ6n84+3IAS7AKiOFs+4yZsw=="
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/@fontsource-variable/nunito/-/nunito-5.0.5.tgz",
+      "integrity": "sha512-1VZqBsSzu8VTgIr2YhT5UqRMeQ3ghJhyM4niR/SUa01DpSA2YanPwcAw/alIAZHj2qHqbUGZqMc5FnMY1PMUSQ=="
     },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.10",
@@ -2763,6 +2642,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/@jest/console/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/console/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/console/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/console/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/console/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/console/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jest/core": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/core/-/core-27.5.1.tgz",
@@ -2809,37 +2752,101 @@
         }
       }
     },
-    "node_modules/@jest/environment": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-27.5.1.tgz",
-      "integrity": "sha512-/WQjhPJe3/ghaol/4Bq480JKXV/Rfw8nQdN7f41fM8VDHLcxKXou6QyXAh3EFr9/bVG3x74z1NWDkP87EiY8gA==",
+    "node_modules/@jest/core/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dependencies": {
-        "@jest/fake-timers": "^27.5.1",
-        "@jest/types": "^27.5.1",
-        "@types/node": "*",
-        "jest-mock": "^27.5.1"
+        "color-convert": "^2.0.1"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/@jest/fake-timers": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-27.5.1.tgz",
-      "integrity": "sha512-/aPowoolwa07k7/oM3aASneNeBGCmGQsc3ugN4u6s4C/+s5M64MFo/+djTdiwcbQlRfFElGuDXWzaWj6QgKObQ==",
+    "node_modules/@jest/core/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dependencies": {
-        "@jest/types": "^27.5.1",
-        "@sinonjs/fake-timers": "^8.0.1",
-        "@types/node": "*",
-        "jest-message-util": "^27.5.1",
-        "jest-mock": "^27.5.1",
-        "jest-util": "^27.5.1"
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
       }
     },
-    "node_modules/@jest/globals": {
+    "node_modules/@jest/core/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/core/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/core/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/core/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/environment": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-27.5.1.tgz",
+      "integrity": "sha512-/WQjhPJe3/ghaol/4Bq480JKXV/Rfw8nQdN7f41fM8VDHLcxKXou6QyXAh3EFr9/bVG3x74z1NWDkP87EiY8gA==",
+      "dependencies": {
+        "@jest/fake-timers": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "jest-mock": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/fake-timers": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-27.5.1.tgz",
+      "integrity": "sha512-/aPowoolwa07k7/oM3aASneNeBGCmGQsc3ugN4u6s4C/+s5M64MFo/+djTdiwcbQlRfFElGuDXWzaWj6QgKObQ==",
+      "dependencies": {
+        "@jest/types": "^27.5.1",
+        "@sinonjs/fake-timers": "^8.0.1",
+        "@types/node": "*",
+        "jest-message-util": "^27.5.1",
+        "jest-mock": "^27.5.1",
+        "jest-util": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/@jest/globals": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-27.5.1.tgz",
       "integrity": "sha512-ZEJNB41OBQQgGzgyInAv0UUfDDj3upmHydjieSxFvTRuZElrx7tXg/uVQ5hYVEwiXs3+aMsAeEc9X7xiSKCm4Q==",
@@ -2895,6 +2902,59 @@
         }
       }
     },
+    "node_modules/@jest/reporters/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/reporters/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/reporters/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jest/reporters/node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -2903,6 +2963,17 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/@jest/reporters/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jest/schemas": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz",
@@ -2988,6 +3059,59 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/@jest/transform/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/transform/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/transform/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jest/transform/node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -2996,6 +3120,17 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/@jest/transform/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jest/types": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz",
@@ -3011,6 +3146,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/@jest/types/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@jest/types/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@jest/types/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@jest/types/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@jest/types/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jest/types/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jridgewell/gen-mapping": {
       "version": "0.3.3",
       "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.3.tgz",
@@ -3041,9 +3240,9 @@
       }
     },
     "node_modules/@jridgewell/source-map": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.3.tgz",
-      "integrity": "sha512-b+fsZXeLYi9fEULmfBrhxn4IrPlINf8fiNarzTof004v3lFdntdwa9PF7vFJqm3mg7s+ScJMxXaE3Acp1irZcg==",
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.5.tgz",
+      "integrity": "sha512-UTYAUj/wviwdsMfzoSJspJxbkH5o1snzwX0//0ENX1u/55kkZZkcTZP6u9bwKGkv+dkk9at4m1Cpt0uY80kcpQ==",
       "dependencies": {
         "@jridgewell/gen-mapping": "^0.3.0",
         "@jridgewell/trace-mapping": "^0.3.9"
@@ -3074,14 +3273,14 @@
       "integrity": "sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A=="
     },
     "node_modules/@mui/base": {
-      "version": "5.0.0-beta.4",
-      "resolved": "https://registry.npmjs.org/@mui/base/-/base-5.0.0-beta.4.tgz",
-      "integrity": "sha512-ejhtqYJpjDgHGEljjMBQWZ22yEK0OzIXNa7toJmmXsP4TT3W7xVy8bTJ0TniPDf+JNjrsgfgiFTDGdlEhV1E+g==",
+      "version": "5.0.0-beta.6",
+      "resolved": "https://registry.npmjs.org/@mui/base/-/base-5.0.0-beta.6.tgz",
+      "integrity": "sha512-jcHy6HwOX7KzRhRtL8nvIvUlxvLx2Fl6NMRCyUSQSvMTyfou9kndekz0H4HJaXvG1Y4WEifk23RYedOlrD1kEQ==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0",
+        "@babel/runtime": "^7.22.5",
         "@emotion/is-prop-valid": "^1.2.1",
         "@mui/types": "^7.2.4",
-        "@mui/utils": "^5.13.1",
+        "@mui/utils": "^5.13.7",
         "@popperjs/core": "^2.11.8",
         "clsx": "^1.2.1",
         "prop-types": "^15.8.1",
@@ -3106,20 +3305,20 @@
       }
     },
     "node_modules/@mui/core-downloads-tracker": {
-      "version": "5.13.4",
-      "resolved": "https://registry.npmjs.org/@mui/core-downloads-tracker/-/core-downloads-tracker-5.13.4.tgz",
-      "integrity": "sha512-yFrMWcrlI0TqRN5jpb6Ma9iI7sGTHpytdzzL33oskFHNQ8UgrtPas33Y1K7sWAMwCrr1qbWDrOHLAQG4tAzuSw==",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/core-downloads-tracker/-/core-downloads-tracker-5.13.7.tgz",
+      "integrity": "sha512-/suIo4WoeL/OyO3KUsFVpdOmKiSAr6NpWXmQ4WLSxwKrTiha1FJxM6vwAki5W/5kR9WnVLw5E8JC4oHHsutT8w==",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/mui"
       }
     },
     "node_modules/@mui/icons-material": {
-      "version": "5.11.16",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.11.16.tgz",
-      "integrity": "sha512-oKkx9z9Kwg40NtcIajF9uOXhxiyTZrrm9nmIJ4UjkU2IdHpd4QVLbCc/5hZN/y0C6qzi2Zlxyr9TGddQx2vx2A==",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.13.7.tgz",
+      "integrity": "sha512-zoVtkb9jYVUGfI7CobOdDBEAlpg3XESiO6cWqSDGwEma69+CBDIAwGpnO5truvQDJHBGSAfzFj3nObwxjkyA7Q==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0"
+        "@babel/runtime": "^7.22.5"
       },
       "engines": {
         "node": ">=12.0.0"
@@ -3140,15 +3339,15 @@
       }
     },
     "node_modules/@mui/lab": {
-      "version": "5.0.0-alpha.133",
-      "resolved": "https://registry.npmjs.org/@mui/lab/-/lab-5.0.0-alpha.133.tgz",
-      "integrity": "sha512-pPL5/f6si8eCXlsnOZrO+/zg5Yv6qKa9OpI6nGP77Mpn7iYHm9qrcsWFIBs6YjgxqJf6dA2IqtHaSNOSndrXDw==",
+      "version": "5.0.0-alpha.135",
+      "resolved": "https://registry.npmjs.org/@mui/lab/-/lab-5.0.0-alpha.135.tgz",
+      "integrity": "sha512-l/Yus4dGZbwm51GXpepgSmvlVxrK3CNUxPamEocqdhFkh0U/8QlfyOqeRGPXGLvxpj+efABXT0yZTapwbZBjcg==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0",
-        "@mui/base": "5.0.0-beta.4",
-        "@mui/system": "^5.13.2",
+        "@babel/runtime": "^7.22.5",
+        "@mui/base": "5.0.0-beta.6",
+        "@mui/system": "^5.13.7",
         "@mui/types": "^7.2.4",
-        "@mui/utils": "^5.13.1",
+        "@mui/utils": "^5.13.7",
         "clsx": "^1.2.1",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0"
@@ -3181,16 +3380,16 @@
       }
     },
     "node_modules/@mui/material": {
-      "version": "5.13.4",
-      "resolved": "https://registry.npmjs.org/@mui/material/-/material-5.13.4.tgz",
-      "integrity": "sha512-Yq+4f1KLPa/Szd3xqra2hbOAf2Usl8GbubncArM6LIp40mBLtXIdPE29MNtHsbtuzz4g+eidrETgoi3wdbEYfQ==",
-      "dependencies": {
-        "@babel/runtime": "^7.21.0",
-        "@mui/base": "5.0.0-beta.4",
-        "@mui/core-downloads-tracker": "^5.13.4",
-        "@mui/system": "^5.13.2",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/material/-/material-5.13.7.tgz",
+      "integrity": "sha512-+n453jDDm88zZM3b5YK29nZ7gXY+s+rryH9ovDbhmfSkOlFtp+KSqbXy5cTaC/UlDqDM7sYYJGq8BmJov3v9Tg==",
+      "dependencies": {
+        "@babel/runtime": "^7.22.5",
+        "@mui/base": "5.0.0-beta.6",
+        "@mui/core-downloads-tracker": "^5.13.7",
+        "@mui/system": "^5.13.7",
         "@mui/types": "^7.2.4",
-        "@mui/utils": "^5.13.1",
+        "@mui/utils": "^5.13.7",
         "@types/react-transition-group": "^4.4.6",
         "clsx": "^1.2.1",
         "csstype": "^3.1.2",
@@ -3225,12 +3424,12 @@
       }
     },
     "node_modules/@mui/private-theming": {
-      "version": "5.13.1",
-      "resolved": "https://registry.npmjs.org/@mui/private-theming/-/private-theming-5.13.1.tgz",
-      "integrity": "sha512-HW4npLUD9BAkVppOUZHeO1FOKUJWAwbpy0VQoGe3McUYTlck1HezGHQCfBQ5S/Nszi7EViqiimECVl9xi+/WjQ==",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/private-theming/-/private-theming-5.13.7.tgz",
+      "integrity": "sha512-qbSr+udcij5F9dKhGX7fEdx2drXchq7htLNr2Qg2Ma+WJ6q0ERlEqGSBiPiVDJkptcjeVL4DGmcf1wl5+vD4EA==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0",
-        "@mui/utils": "^5.13.1",
+        "@babel/runtime": "^7.22.5",
+        "@mui/utils": "^5.13.7",
         "prop-types": "^15.8.1"
       },
       "engines": {
@@ -3282,15 +3481,15 @@
       }
     },
     "node_modules/@mui/system": {
-      "version": "5.13.2",
-      "resolved": "https://registry.npmjs.org/@mui/system/-/system-5.13.2.tgz",
-      "integrity": "sha512-TPyWmRJPt0JPVxacZISI4o070xEJ7ftxpVtu6LWuYVOUOINlhoGOclam4iV8PDT3EMQEHuUrwU49po34UdWLlw==",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/system/-/system-5.13.7.tgz",
+      "integrity": "sha512-7R2KdI6vr8KtnauEfg9e9xQmPk6Gg/1vGNiALYyhSI+cYztxN6WmlSqGX4bjWn/Sygp1TUE1jhFEgs7MWruhkQ==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0",
-        "@mui/private-theming": "^5.13.1",
+        "@babel/runtime": "^7.22.5",
+        "@mui/private-theming": "^5.13.7",
         "@mui/styled-engine": "^5.13.2",
         "@mui/types": "^7.2.4",
-        "@mui/utils": "^5.13.1",
+        "@mui/utils": "^5.13.7",
         "clsx": "^1.2.1",
         "csstype": "^3.1.2",
         "prop-types": "^15.8.1"
@@ -3334,13 +3533,13 @@
       }
     },
     "node_modules/@mui/utils": {
-      "version": "5.13.1",
-      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.13.1.tgz",
-      "integrity": "sha512-6lXdWwmlUbEU2jUI8blw38Kt+3ly7xkmV9ljzY4Q20WhsJMWiNry9CX8M+TaP/HbtuyR8XKsdMgQW7h7MM3n3A==",
+      "version": "5.13.7",
+      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.13.7.tgz",
+      "integrity": "sha512-/3BLptG/q0u36eYED7Nhf4fKXmcKb6LjjT7ZMwhZIZSdSxVqDqSTmATW3a56n3KEPQUXCU9TpxAfCBQhs6brVA==",
       "dependencies": {
-        "@babel/runtime": "^7.21.0",
+        "@babel/runtime": "^7.22.5",
         "@types/prop-types": "^15.7.5",
-        "@types/react-is": "^18.2.0",
+        "@types/react-is": "^18.2.1",
         "prop-types": "^15.8.1",
         "react-is": "^18.2.0"
       },
@@ -3383,6 +3582,14 @@
         "node": ">=4.0"
       }
     },
+    "node_modules/@nicolo-ribaudo/semver-v6": {
+      "version": "6.3.3",
+      "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/semver-v6/-/semver-v6-6.3.3.tgz",
+      "integrity": "sha512-3Yc1fUTs69MG/uZbJlLSI3JISMn2UV2rg+1D/vROUqZyh3l6iYHCs7GMp+M40ZD7yOdDbYjJcU1oTJhrc+dGKg==",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
     "node_modules/@nodelib/fs.scandir": {
       "version": "2.1.5",
       "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
@@ -3482,9 +3689,9 @@
       }
     },
     "node_modules/@remix-run/router": {
-      "version": "1.6.3",
-      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.6.3.tgz",
-      "integrity": "sha512-EXJysQ7J3veRECd0kZFQwYYd5sJMcq2O/m60zu1W2l3oVQ9xtub8jTOtYRE0+M2iomyG/W3Ps7+vp2kna0C27Q==",
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.7.1.tgz",
+      "integrity": "sha512-bgVQM4ZJ2u2CM8k1ey70o1ePFXsEzYVZoWghh6WjM8p59jQ7HxzbHW4SbnWFG7V9ig9chLawQxDTZ3xzOF8MkQ==",
       "engines": {
         "node": ">=14"
       }
@@ -3564,9 +3771,9 @@
       "integrity": "sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw=="
     },
     "node_modules/@rushstack/eslint-patch": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.3.1.tgz",
-      "integrity": "sha512-RkmuBcqiNioeeBKbgzMlOdreUkJfYaSjwgx9XDgGGpjvWgyaxWvDmZVSN9CS6LjEASadhgPv2BcFp+SeouWXXA=="
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.3.2.tgz",
+      "integrity": "sha512-V+MvGwaHH03hYhY+k6Ef/xKd6RYlc4q8WBx+2ANmipHJcKuktNcI/NgEsJgdSUF6Lw32njT6OnrRsKYCdgHjYw=="
     },
     "node_modules/@sinclair/typebox": {
       "version": "0.24.51",
@@ -3808,15 +4015,15 @@
       }
     },
     "node_modules/@testing-library/dom": {
-      "version": "9.3.0",
-      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.3.0.tgz",
-      "integrity": "sha512-Dffe68pGwI6WlLRYR2I0piIkyole9cSBH5jGQKCGMRpHW5RHCqAUaqc2Kv0tUyd4dU4DLPKhJIjyKOnjv4tuUw==",
+      "version": "9.3.1",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.3.1.tgz",
+      "integrity": "sha512-0DGPd9AR3+iDTjGoMpxIkAsUihHZ3Ai6CneU6bRRrffXMgzCdlNk43jTrD2/5LT6CBb3MWTP8v510JzYtahD2w==",
       "peer": true,
       "dependencies": {
         "@babel/code-frame": "^7.10.4",
         "@babel/runtime": "^7.12.5",
         "@types/aria-query": "^5.0.1",
-        "aria-query": "^5.0.0",
+        "aria-query": "5.1.3",
         "chalk": "^4.1.0",
         "dom-accessibility-api": "^0.5.9",
         "lz-string": "^1.5.0",
@@ -3826,9 +4033,79 @@
         "node": ">=14"
       }
     },
-    "node_modules/@testing-library/jest-dom": {
-      "version": "5.16.5",
-      "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-5.16.5.tgz",
+    "node_modules/@testing-library/dom/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "peer": true,
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "peer": true,
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "peer": true,
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "peer": true
+    },
+    "node_modules/@testing-library/dom/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "peer": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "peer": true,
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/jest-dom": {
+      "version": "5.16.5",
+      "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-5.16.5.tgz",
       "integrity": "sha512-N5ixQ2qKpi5OLYfwQmUb/5mSV9LneAcaUfp32pn4yCnpb8r/Yz0pXFPck21dIicKmi+ta5WRAknkZCfA8refMA==",
       "dependencies": {
         "@adobe/css-tools": "^4.0.1",
@@ -3847,6 +4124,20 @@
         "yarn": ">=1"
       }
     },
+    "node_modules/@testing-library/jest-dom/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
     "node_modules/@testing-library/jest-dom/node_modules/chalk": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz",
@@ -3859,6 +4150,41 @@
         "node": ">=8"
       }
     },
+    "node_modules/@testing-library/jest-dom/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/jest-dom/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@testing-library/react": {
       "version": "13.4.0",
       "resolved": "https://registry.npmjs.org/@testing-library/react/-/react-13.4.0.tgz",
@@ -3877,23 +4203,87 @@
       }
     },
     "node_modules/@testing-library/react/node_modules/@testing-library/dom": {
-      "version": "8.20.0",
-      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-8.20.0.tgz",
-      "integrity": "sha512-d9ULIT+a4EXLX3UU8FBjauG9NnsZHkHztXoIcTsOKoOw030fyjheN9svkTULjJxtYag9DZz5Jz5qkWZDPxTFwA==",
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-8.20.1.tgz",
+      "integrity": "sha512-/DiOQ5xBxgdYRC8LNk7U+RWat0S3qRLeIw3ZIkMQ9kkVlRmwD/Eg8k8CqIpD6GW7u20JIUOfMKbxtiLutpjQ4g==",
       "dependencies": {
         "@babel/code-frame": "^7.10.4",
         "@babel/runtime": "^7.12.5",
         "@types/aria-query": "^5.0.1",
-        "aria-query": "^5.0.0",
+        "aria-query": "5.1.3",
         "chalk": "^4.1.0",
         "dom-accessibility-api": "^0.5.9",
-        "lz-string": "^1.4.4",
+        "lz-string": "^1.5.0",
         "pretty-format": "^27.0.2"
       },
       "engines": {
         "node": ">=12"
       }
     },
+    "node_modules/@testing-library/react/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/@testing-library/react/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@testing-library/react/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@testing-library/user-event": {
       "version": "13.5.0",
       "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-13.5.0.tgz",
@@ -4002,9 +4392,9 @@
       }
     },
     "node_modules/@types/eslint": {
-      "version": "8.40.1",
-      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.40.1.tgz",
-      "integrity": "sha512-vRb792M4mF1FBT+eoLecmkpLXwxsBHvWWRGJjzbYANBM6DtiJc6yETyv4rqDA6QNjF1pkj1U7LMA6dGb3VYlHw==",
+      "version": "8.40.2",
+      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.40.2.tgz",
+      "integrity": "sha512-PRVjQ4Eh9z9pmmtaq8nTjZjQwKFk7YIHIud3lRoKRBgUQjgjRmoGxxGEPXQkF+lH7QkHJRNr5F4aBgYCW0lqpQ==",
       "dependencies": {
         "@types/estree": "*",
         "@types/json-schema": "*"
@@ -4067,6 +4457,11 @@
       "resolved": "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz",
       "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg=="
     },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-/K3ds8TRAfBvi5vfjuz8y6+GiAYBZ0x4tXv1Av6CWBWn0IlADc+ZX9pMq7oU0fNQPnBwIZl3rmeLp6SBApbxSQ=="
+    },
     "node_modules/@types/http-proxy": {
       "version": "1.17.11",
       "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.11.tgz",
@@ -4133,9 +4528,9 @@
       "integrity": "sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw=="
     },
     "node_modules/@types/node": {
-      "version": "16.18.34",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.34.tgz",
-      "integrity": "sha512-VmVm7gXwhkUimRfBwVI1CHhwp86jDWR04B5FGebMMyxV90SlCmFujwUHrxTD4oO+SOYU86SoxvhgeRQJY7iXFg=="
+      "version": "16.18.38",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.38.tgz",
+      "integrity": "sha512-6sfo1qTulpVbkxECP+AVrHV9OoJqhzCsfTNp5NIG+enM4HyM3HvZCO798WShIXBN0+QtDIcutJCjsVYnQP5rIQ=="
     },
     "node_modules/@types/parse-json": {
       "version": "4.0.0",
@@ -4168,9 +4563,9 @@
       "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw=="
     },
     "node_modules/@types/react": {
-      "version": "18.2.9",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.9.tgz",
-      "integrity": "sha512-pL3JAesUkF7PEQGxh5XOwdXGV907te6m1/Qe1ERJLgomojS6Ne790QiA7GUl434JEkFA2aAaB6qJ5z4e1zJn/w==",
+      "version": "18.2.14",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.14.tgz",
+      "integrity": "sha512-A0zjq+QN/O0Kpe30hA1GidzyFjatVvrpIvWLxD+xv67Vt91TWWgco9IvrJBkeyHm1trGaFS/FSGqPlhyeZRm0g==",
       "dependencies": {
         "@types/prop-types": "*",
         "@types/scheduler": "*",
@@ -4178,17 +4573,17 @@
       }
     },
     "node_modules/@types/react-dom": {
-      "version": "18.2.4",
-      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.2.4.tgz",
-      "integrity": "sha512-G2mHoTMTL4yoydITgOGwWdWMVd8sNgyEP85xVmMKAPUBwQWm9wBPQUmvbeF4V3WBY1P7mmL4BkjQ0SqUpf1snw==",
+      "version": "18.2.6",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.2.6.tgz",
+      "integrity": "sha512-2et4PDvg6PVCyS7fuTc4gPoksV58bW0RwSxWKcPRcHZf0PRUGq03TKcD/rUHe3azfV6/5/biUBJw+HhCQjaP0A==",
       "dependencies": {
         "@types/react": "*"
       }
     },
     "node_modules/@types/react-is": {
-      "version": "18.2.0",
-      "resolved": "https://registry.npmjs.org/@types/react-is/-/react-is-18.2.0.tgz",
-      "integrity": "sha512-1vz2yObaQkLL7YFe/pme2cpvDsCwI1WXIfL+5eLz0MI9gFG24Re16RzUsI8t9XZn9ZWvgLNDrJBmrqXJO7GNQQ==",
+      "version": "18.2.1",
+      "resolved": "https://registry.npmjs.org/@types/react-is/-/react-is-18.2.1.tgz",
+      "integrity": "sha512-wyUkmaaSZEzFZivD8F2ftSyAfk6L+DfFliVj/mYdOXbVjRcS87fQJLTnhk6dRZPuJjI+9g6RZJO4PNCngUrmyw==",
       "dependencies": {
         "@types/react": "*"
       }
@@ -4251,10 +4646,11 @@
       }
     },
     "node_modules/@types/serve-static": {
-      "version": "1.15.1",
-      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz",
-      "integrity": "sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==",
+      "version": "1.15.2",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.2.tgz",
+      "integrity": "sha512-J2LqtvFYCzaj8pVYKw8klQXrLLk7TBZmQ4ShlcdkELFKGwGMfevMLneMMRkMgZxotOD9wg497LpC7O8PcvAmfw==",
       "dependencies": {
+        "@types/http-errors": "*",
         "@types/mime": "*",
         "@types/node": "*"
       }
@@ -4312,16 +4708,16 @@
       "integrity": "sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.59.9.tgz",
-      "integrity": "sha512-4uQIBq1ffXd2YvF7MAvehWKW3zVv/w+mSfRAu+8cKbfj3nwzyqJLNcZJpQ/WZ1HLbJDiowwmQ6NO+63nCA+fqA==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.61.0.tgz",
+      "integrity": "sha512-A5l/eUAug103qtkwccSCxn8ZRwT+7RXWkFECdA4Cvl1dOlDUgTpAOfSEElZn2uSUxhdDpnCdetrf0jvU4qrL+g==",
       "dependencies": {
         "@eslint-community/regexpp": "^4.4.0",
-        "@typescript-eslint/scope-manager": "5.59.9",
-        "@typescript-eslint/type-utils": "5.59.9",
-        "@typescript-eslint/utils": "5.59.9",
+        "@typescript-eslint/scope-manager": "5.61.0",
+        "@typescript-eslint/type-utils": "5.61.0",
+        "@typescript-eslint/utils": "5.61.0",
         "debug": "^4.3.4",
-        "grapheme-splitter": "^1.0.4",
+        "graphemer": "^1.4.0",
         "ignore": "^5.2.0",
         "natural-compare-lite": "^1.4.0",
         "semver": "^7.3.7",
@@ -4345,11 +4741,11 @@
       }
     },
     "node_modules/@typescript-eslint/experimental-utils": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.59.9.tgz",
-      "integrity": "sha512-eZTK/Ci0QAqNc/q2MqMwI2+QI5ZI9HM12FcfGwbEvKif5ev/CIIYLmrlckvgPrC8XSbl39HtErR5NJiQkRkvWg==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-5.61.0.tgz",
+      "integrity": "sha512-r4RTnwTcaRRVUyKb7JO4DiOGmcMCat+uNs6HqJBfX7K2nlq5TagYZShhbhAw7hFT3bHaYgxMw6pKP0fhu05VMA==",
       "dependencies": {
-        "@typescript-eslint/utils": "5.59.9"
+        "@typescript-eslint/utils": "5.61.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4363,13 +4759,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.59.9.tgz",
-      "integrity": "sha512-FsPkRvBtcLQ/eVK1ivDiNYBjn3TGJdXy2fhXX+rc7czWl4ARwnpArwbihSOHI2Peg9WbtGHrbThfBUkZZGTtvQ==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.61.0.tgz",
+      "integrity": "sha512-yGr4Sgyh8uO6fSi9hw3jAFXNBHbCtKKFMdX2IkT3ZqpKmtAq3lHS4ixB/COFuAIJpwl9/AqF7j72ZDWYKmIfvg==",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.59.9",
-        "@typescript-eslint/types": "5.59.9",
-        "@typescript-eslint/typescript-estree": "5.59.9",
+        "@typescript-eslint/scope-manager": "5.61.0",
+        "@typescript-eslint/types": "5.61.0",
+        "@typescript-eslint/typescript-estree": "5.61.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -4389,12 +4785,12 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.59.9.tgz",
-      "integrity": "sha512-8RA+E+w78z1+2dzvK/tGZ2cpGigBZ58VMEHDZtpE1v+LLjzrYGc8mMaTONSxKyEkz3IuXFM0IqYiGHlCsmlZxQ==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.61.0.tgz",
+      "integrity": "sha512-W8VoMjoSg7f7nqAROEmTt6LoBpn81AegP7uKhhW5KzYlehs8VV0ZW0fIDVbcZRcaP3aPSW+JZFua+ysQN+m/Nw==",
       "dependencies": {
-        "@typescript-eslint/types": "5.59.9",
-        "@typescript-eslint/visitor-keys": "5.59.9"
+        "@typescript-eslint/types": "5.61.0",
+        "@typescript-eslint/visitor-keys": "5.61.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4405,12 +4801,12 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.59.9.tgz",
-      "integrity": "sha512-ksEsT0/mEHg9e3qZu98AlSrONAQtrSTljL3ow9CGej8eRo7pe+yaC/mvTjptp23Xo/xIf2mLZKC6KPv4Sji26Q==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.61.0.tgz",
+      "integrity": "sha512-kk8u//r+oVK2Aj3ph/26XdH0pbAkC2RiSjUYhKD+PExemG4XSjpGFeyZ/QM8lBOa7O8aGOU+/yEbMJgQv/DnCg==",
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "5.59.9",
-        "@typescript-eslint/utils": "5.59.9",
+        "@typescript-eslint/typescript-estree": "5.61.0",
+        "@typescript-eslint/utils": "5.61.0",
         "debug": "^4.3.4",
         "tsutils": "^3.21.0"
       },
@@ -4431,9 +4827,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.59.9.tgz",
-      "integrity": "sha512-uW8H5NRgTVneSVTfiCVffBb8AbwWSKg7qcA4Ot3JI3MPCJGsB4Db4BhvAODIIYE5mNj7Q+VJkK7JxmRhk2Lyjw==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.61.0.tgz",
+      "integrity": "sha512-ldyueo58KjngXpzloHUog/h9REmHl59G1b3a5Sng1GfBo14BkS3ZbMEb3693gnP1k//97lh7bKsp6/V/0v1veQ==",
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       },
@@ -4443,12 +4839,12 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.59.9.tgz",
-      "integrity": "sha512-pmM0/VQ7kUhd1QyIxgS+aRvMgw+ZljB3eDb+jYyp6d2bC0mQWLzUDF+DLwCTkQ3tlNyVsvZRXjFyV0LkU/aXjA==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.61.0.tgz",
+      "integrity": "sha512-Fud90PxONnnLZ36oR5ClJBLTLfU4pIWBmnvGwTbEa2cXIqj70AEDEmOmpkFComjBZ/037ueKrOdHuYmSFVD7Rw==",
       "dependencies": {
-        "@typescript-eslint/types": "5.59.9",
-        "@typescript-eslint/visitor-keys": "5.59.9",
+        "@typescript-eslint/types": "5.61.0",
+        "@typescript-eslint/visitor-keys": "5.61.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -4469,16 +4865,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.59.9.tgz",
-      "integrity": "sha512-1PuMYsju/38I5Ggblaeb98TOoUvjhRvLpLa1DoTOFaLWqaXl/1iQ1eGurTXgBY58NUdtfTXKP5xBq7q9NDaLKg==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.61.0.tgz",
+      "integrity": "sha512-mV6O+6VgQmVE6+xzlA91xifndPW9ElFW8vbSF0xCT/czPXVhwDewKila1jOyRwa9AE19zKnrr7Cg5S3pJVrTWQ==",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@types/json-schema": "^7.0.9",
         "@types/semver": "^7.3.12",
-        "@typescript-eslint/scope-manager": "5.59.9",
-        "@typescript-eslint/types": "5.59.9",
-        "@typescript-eslint/typescript-estree": "5.59.9",
+        "@typescript-eslint/scope-manager": "5.61.0",
+        "@typescript-eslint/types": "5.61.0",
+        "@typescript-eslint/typescript-estree": "5.61.0",
         "eslint-scope": "^5.1.1",
         "semver": "^7.3.7"
       },
@@ -4514,11 +4910,11 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "5.59.9",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.59.9.tgz",
-      "integrity": "sha512-bT7s0td97KMaLwpEBckbzj/YohnvXtqbe2XgqNvTl6RJVakY5mvENOTPvw5u66nljfZxthESpDozs86U+oLY8Q==",
+      "version": "5.61.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.61.0.tgz",
+      "integrity": "sha512-50XQ5VdbWrX06mQXhy93WywSFZZGsv3EOjq+lqp6WC2t+j3mb6A9xYVdrRxafvK88vg9k9u+CT4l6D8PEatjKg==",
       "dependencies": {
-        "@typescript-eslint/types": "5.59.9",
+        "@typescript-eslint/types": "5.61.0",
         "eslint-visitor-keys": "^3.3.0"
       },
       "engines": {
@@ -4688,9 +5084,9 @@
       }
     },
     "node_modules/acorn": {
-      "version": "8.8.2",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.2.tgz",
-      "integrity": "sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==",
+      "version": "8.10.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.10.0.tgz",
+      "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==",
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -4866,17 +5262,14 @@
       }
     },
     "node_modules/ansi-styles": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
       "dependencies": {
-        "color-convert": "^2.0.1"
+        "color-convert": "^1.9.0"
       },
       "engines": {
-        "node": ">=8"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+        "node": ">=4"
       }
     },
     "node_modules/any-promise": {
@@ -5101,11 +5494,11 @@
       }
     },
     "node_modules/axobject-query": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.1.1.tgz",
-      "integrity": "sha512-goKlv8DZrK9hUh975fnHzhNIO4jUnFCfv/dszV5VwUGDFjI6vQ2VwoyjYjYNEbBE8AH87TduWP5uyDR1D+Iteg==",
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-3.2.1.tgz",
+      "integrity": "sha512-jsyHu61e6N4Vbz/v18DHwWYKK0bSWLqn47eeDSKPB7m8tqMHF9YJ+mhIk2lVteyZrY8tnSj/jHOv4YiTCuCJgg==",
       "dependencies": {
-        "deep-equal": "^2.0.5"
+        "dequal": "^2.0.3"
       }
     },
     "node_modules/babel-jest": {
@@ -5129,6 +5522,70 @@
         "@babel/core": "^7.8.0"
       }
     },
+    "node_modules/babel-jest/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/babel-jest/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/babel-jest/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/babel-jest/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/babel-jest/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/babel-jest/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/babel-loader": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-8.3.0.tgz",
@@ -5216,44 +5673,36 @@
       }
     },
     "node_modules/babel-plugin-polyfill-corejs2": {
-      "version": "0.4.3",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.3.tgz",
-      "integrity": "sha512-bM3gHc337Dta490gg+/AseNB9L4YLHxq1nGKZZSHbhXv4aTYU2MD2cjza1Ru4S6975YLTaL1K8uJf6ukJhhmtw==",
+      "version": "0.4.4",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.4.tgz",
+      "integrity": "sha512-9WeK9snM1BfxB38goUEv2FLnA6ja07UMfazFHzCXUb3NyDZAwfXvQiURQ6guTTMeHcOsdknULm1PDhs4uWtKyA==",
       "dependencies": {
-        "@babel/compat-data": "^7.17.7",
-        "@babel/helper-define-polyfill-provider": "^0.4.0",
-        "semver": "^6.1.1"
+        "@babel/compat-data": "^7.22.6",
+        "@babel/helper-define-polyfill-provider": "^0.4.1",
+        "@nicolo-ribaudo/semver-v6": "^6.3.3"
       },
       "peerDependencies": {
         "@babel/core": "^7.0.0-0"
       }
     },
-    "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
-      "bin": {
-        "semver": "bin/semver.js"
-      }
-    },
     "node_modules/babel-plugin-polyfill-corejs3": {
-      "version": "0.8.1",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.1.tgz",
-      "integrity": "sha512-ikFrZITKg1xH6pLND8zT14UPgjKHiGLqex7rGEZCH2EvhsneJaJPemmpQaIZV5AL03II+lXylw3UmddDK8RU5Q==",
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.2.tgz",
+      "integrity": "sha512-Cid+Jv1BrY9ReW9lIfNlNpsI53N+FN7gE+f73zLAUbr9C52W4gKLWSByx47pfDJsEysojKArqOtOKZSVIIUTuQ==",
       "dependencies": {
-        "@babel/helper-define-polyfill-provider": "^0.4.0",
-        "core-js-compat": "^3.30.1"
+        "@babel/helper-define-polyfill-provider": "^0.4.1",
+        "core-js-compat": "^3.31.0"
       },
       "peerDependencies": {
         "@babel/core": "^7.0.0-0"
       }
     },
     "node_modules/babel-plugin-polyfill-regenerator": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.0.tgz",
-      "integrity": "sha512-hDJtKjMLVa7Z+LwnTCxoDLQj6wdc+B8dun7ayF2fYieI6OzfuvcLMB32ihJZ4UhCBwNYGl5bg/x/P9cMdnkc2g==",
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.1.tgz",
+      "integrity": "sha512-L8OyySuI6OSQ5hFy9O+7zFjyr4WhAfRjLIOkhQGYl+emwJkd/S4XXT1JpfrgR1jrQ1NcGiOh+yAdGlF8pnC3Jw==",
       "dependencies": {
-        "@babel/helper-define-polyfill-provider": "^0.4.0"
+        "@babel/helper-define-polyfill-provider": "^0.4.1"
       },
       "peerDependencies": {
         "@babel/core": "^7.0.0-0"
@@ -5466,9 +5915,9 @@
       "integrity": "sha512-9o5UecI3GhkpM6DrXr69PblIuWxPKk9Y0jHBRhdocZ2y7YECBFCsHm79Pr3OyR2AvjhDkabFJaDJMYRazHgsow=="
     },
     "node_modules/browserslist": {
-      "version": "4.21.7",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.7.tgz",
-      "integrity": "sha512-BauCXrQ7I2ftSqd2mvKHGo85XR0u7Ru3C/Hxsy/0TkfCtjrmAbPdzLGasmoiBxplpDXlPvdjX9u7srIMfgasNA==",
+      "version": "4.21.9",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.9.tgz",
+      "integrity": "sha512-M0MFoZzbUrRU4KNfCrDLnvyE7gub+peetoTid3TBIqtunaDJyXlwhakT+/VkvSXcfIzFfK/nkCs4nmyTmxdNSg==",
       "funding": [
         {
           "type": "opencollective",
@@ -5484,8 +5933,8 @@
         }
       ],
       "dependencies": {
-        "caniuse-lite": "^1.0.30001489",
-        "electron-to-chromium": "^1.4.411",
+        "caniuse-lite": "^1.0.30001503",
+        "electron-to-chromium": "^1.4.431",
         "node-releases": "^2.0.12",
         "update-browserslist-db": "^1.0.11"
       },
@@ -5588,9 +6037,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001497",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001497.tgz",
-      "integrity": "sha512-I4/duVK4wL6rAK/aKZl3HXB4g+lIZvaT4VLAn2rCgJ38jVLb0lv2Xug6QuqmxXFVRJMF74SPPWPJ/1Sdm3vCzw==",
+      "version": "1.0.30001512",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001512.tgz",
+      "integrity": "sha512-2S9nK0G/mE+jasCUsMPlARhRCts1ebcp2Ji8Y8PWi4NDE1iRdLCnEPHkEfeBrGC45L4isBx5ur3IQ6yTE2mRZw==",
       "funding": [
         {
           "type": "opencollective",
@@ -5623,18 +6072,24 @@
       }
     },
     "node_modules/chalk": {
-      "version": "4.1.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
-      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
       "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
       },
       "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/chalk?sponsor=1"
+        "node": ">=4"
+      }
+    },
+    "node_modules/chalk/node_modules/escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "engines": {
+        "node": ">=0.8.0"
       }
     },
     "node_modules/char-regex": {
@@ -5737,9 +6192,9 @@
       }
     },
     "node_modules/cjs-module-lexer": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.2.tgz",
-      "integrity": "sha512-cOU9usZw8/dXIXKtwa8pM0OTJQuJkxMN6w30csNRUerHfeQ5R6U3kkU/FtJeIf3M202OHfY2U8ccInBG7/xogA=="
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz",
+      "integrity": "sha512-0TNiGstbQmCFwt4akjjBg5pLRTSyj/PkWQ1ZoO2zntmg9yLqSRxwEa4iCfQLGjqhiqBfOJa7W/E8wfGrTDmlZQ=="
     },
     "node_modules/clean-css": {
       "version": "5.3.2",
@@ -5800,31 +6255,12 @@
         "node": ">= 4.0"
       }
     },
-    "node_modules/coa/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/coa/node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
+    "node_modules/collect-v8-coverage": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz",
+      "integrity": "sha512-lHl4d5/ONEbLlJvaJNtsF/Lz+WvB07u2ycqTYbdrq7UypDXailES4valYb2eWiJFxZlVmpGekfqoxQhzyFdT4Q=="
     },
-    "node_modules/coa/node_modules/color-convert": {
+    "node_modules/color-convert": {
       "version": "1.9.3",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
       "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
@@ -5832,59 +6268,11 @@
         "color-name": "1.1.3"
       }
     },
-    "node_modules/coa/node_modules/color-name": {
+    "node_modules/color-name": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
       "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
     },
-    "node_modules/coa/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/coa/node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/coa/node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/collect-v8-coverage": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz",
-      "integrity": "sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg=="
-    },
-    "node_modules/color-convert": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-      "dependencies": {
-        "color-name": "~1.1.4"
-      },
-      "engines": {
-        "node": ">=7.0.0"
-      }
-    },
-    "node_modules/color-name": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
-    },
     "node_modules/colord": {
       "version": "2.9.3",
       "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz",
@@ -6043,9 +6431,9 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
     },
     "node_modules/core-js": {
-      "version": "3.30.2",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.30.2.tgz",
-      "integrity": "sha512-uBJiDmwqsbJCWHAwjrx3cvjbMXP7xD72Dmsn5LOJpiRmE3WbBbN5rCqQ2Qh6Ek6/eOrjlWngEynBWo4VxerQhg==",
+      "version": "3.31.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.31.0.tgz",
+      "integrity": "sha512-NIp2TQSGfR6ba5aalZD+ZQ1fSxGhDo/s1w0nx3RYzf2pnJxt7YynxFlFScP6eV7+GZsKO95NSjGxyJsU3DZgeQ==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -6053,9 +6441,9 @@
       }
     },
     "node_modules/core-js-compat": {
-      "version": "3.30.2",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.30.2.tgz",
-      "integrity": "sha512-nriW1nuJjUgvkEjIot1Spwakz52V9YkYHZAQG6A1eCgC8AA1p0zngrQEP9R0+V6hji5XilWKG1Bd0YRppmGimA==",
+      "version": "3.31.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.31.0.tgz",
+      "integrity": "sha512-hM7YCu1cU6Opx7MXNu0NuumM0ezNeAeRKadixyiQELWY3vT3De9S4J5ZBMraWV2vZnrE1Cirl0GtFtDtMUXzPw==",
       "dependencies": {
         "browserslist": "^4.21.5"
       },
@@ -6065,9 +6453,9 @@
       }
     },
     "node_modules/core-js-pure": {
-      "version": "3.30.2",
-      "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.30.2.tgz",
-      "integrity": "sha512-p/npFUJXXBkCCTIlEGBdghofn00jWG6ZOtdoIXSJmAu2QBvN0IqpZXWweOytcwE6cfx8ZvVUy1vw8zxhe4Y2vg==",
+      "version": "3.31.0",
+      "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.31.0.tgz",
+      "integrity": "sha512-/AnE9Y4OsJZicCzIe97JP5XoPKQJfTuEG43aEVLFJGOJpyqELod+pE6LEl63DfG1Mp8wX97LDaDpy1GmLEUxlg==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -6254,9 +6642,9 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/css-minimizer-webpack-plugin/node_modules/schema-utils": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
-      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -6645,6 +7033,14 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/dequal": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
+      "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/destroy": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
@@ -6891,9 +7287,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.4.425",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.425.tgz",
-      "integrity": "sha512-wv1NufHxu11zfDbY4fglYQApMswleE9FL/DSeyOyauVXDZ+Kco96JK/tPfBUaDqfRarYp2WH2hJ/5UnVywp9Jg=="
+      "version": "1.4.450",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.450.tgz",
+      "integrity": "sha512-BLG5HxSELlrMx7dJ2s+8SFlsCtJp37Zpk2VAxyC6CZtbc+9AJeZHfYHbrlSgdXp6saQ8StMqOTEDaBKgA7u1sw=="
     },
     "node_modules/emittery": {
       "version": "0.8.1",
@@ -6928,9 +7324,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.14.1",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.14.1.tgz",
-      "integrity": "sha512-Vklwq2vDKtl0y/vtwjSesgJ5MYS7Etuk5txS8VdKL4AOS1aUlD96zqIfsOSLQsdv3xgMRbtkWM8eG9XDfKUPow==",
+      "version": "5.15.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz",
+      "integrity": "sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg==",
       "dependencies": {
         "graceful-fs": "^4.2.4",
         "tapable": "^2.2.0"
@@ -7035,9 +7431,9 @@
       }
     },
     "node_modules/es-module-lexer": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.2.1.tgz",
-      "integrity": "sha512-9978wrXM50Y4rTMmW5kXIC09ZdXQZqkE4mxhwkd8VbzsGkXGPgV4zWuqQJgCEzYngdo2dYDa0l8xhX4fkSwJSg=="
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.3.0.tgz",
+      "integrity": "sha512-vZK7T0N2CBmBOixhmjdqx2gWVbFZ4DXZ/NyRMZVlJXPa7CyFS+/a4QQsDGDQy9ZfEzxFuNEsMLeQJnKP2p5/JA=="
     },
     "node_modules/es-set-tostringtag": {
       "version": "2.0.1",
@@ -7101,14 +7497,13 @@
       }
     },
     "node_modules/escodegen": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.0.0.tgz",
-      "integrity": "sha512-mmHKys/C8BFUGI+MAWNcSYoORYLMdPzjrknd2Vc+bUsjN5bXcr8EhrNB+UTqfL1y3I9c4fw2ihgtMPQLBRiQxw==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz",
+      "integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==",
       "dependencies": {
         "esprima": "^4.0.1",
         "estraverse": "^5.2.0",
-        "esutils": "^2.0.2",
-        "optionator": "^0.8.1"
+        "esutils": "^2.0.2"
       },
       "bin": {
         "escodegen": "bin/escodegen.js",
@@ -7121,42 +7516,6 @@
         "source-map": "~0.6.1"
       }
     },
-    "node_modules/escodegen/node_modules/levn": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
-      "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==",
-      "dependencies": {
-        "prelude-ls": "~1.1.2",
-        "type-check": "~0.3.2"
-      },
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
-    "node_modules/escodegen/node_modules/optionator": {
-      "version": "0.8.3",
-      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz",
-      "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==",
-      "dependencies": {
-        "deep-is": "~0.1.3",
-        "fast-levenshtein": "~2.0.6",
-        "levn": "~0.3.0",
-        "prelude-ls": "~1.1.2",
-        "type-check": "~0.3.2",
-        "word-wrap": "~1.2.3"
-      },
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
-    "node_modules/escodegen/node_modules/prelude-ls": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
-      "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==",
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
     "node_modules/escodegen/node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -7166,26 +7525,15 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/escodegen/node_modules/type-check": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
-      "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==",
-      "dependencies": {
-        "prelude-ls": "~1.1.2"
-      },
-      "engines": {
-        "node": ">= 0.8.0"
-      }
-    },
     "node_modules/eslint": {
-      "version": "8.42.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.42.0.tgz",
-      "integrity": "sha512-ulg9Ms6E1WPf67PHaEY4/6E2tEn5/f7FXGzr3t9cBMugOmf1INYvuUwwh1aXQN4MfJ6a5K2iNwP3w4AColvI9A==",
+      "version": "8.44.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.44.0.tgz",
+      "integrity": "sha512-0wpHoUbDUHgNCyvFB5aXLiQVfK9B0at6gUvzy83k4kAsQ/u769TQDX6iKC+aO4upIHO9WSaA3QoXYQDHbNwf1A==",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.4.0",
-        "@eslint/eslintrc": "^2.0.3",
-        "@eslint/js": "8.42.0",
+        "@eslint/eslintrc": "^2.1.0",
+        "@eslint/js": "8.44.0",
         "@humanwhocodes/config-array": "^0.11.10",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -7197,7 +7545,7 @@
         "escape-string-regexp": "^4.0.0",
         "eslint-scope": "^7.2.0",
         "eslint-visitor-keys": "^3.4.1",
-        "espree": "^9.5.2",
+        "espree": "^9.6.0",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
         "fast-deep-equal": "^3.1.3",
@@ -7217,7 +7565,7 @@
         "lodash.merge": "^4.6.2",
         "minimatch": "^3.1.2",
         "natural-compare": "^1.4.0",
-        "optionator": "^0.9.1",
+        "optionator": "^0.9.3",
         "strip-ansi": "^6.0.1",
         "strip-json-comments": "^3.1.0",
         "text-table": "^0.2.0"
@@ -7597,6 +7945,14 @@
         "ajv": "^8.8.2"
       }
     },
+    "node_modules/eslint-webpack-plugin/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/eslint-webpack-plugin/node_modules/jest-worker": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz",
@@ -7616,9 +7972,9 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/eslint-webpack-plugin/node_modules/schema-utils": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
-      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -7647,6 +8003,51 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
+    "node_modules/eslint/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/eslint/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/eslint/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/eslint/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
     "node_modules/eslint/node_modules/globals": {
       "version": "13.20.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
@@ -7661,6 +8062,25 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/eslint/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/eslint/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/eslint/node_modules/type-fest": {
       "version": "0.20.2",
       "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz",
@@ -7673,11 +8093,11 @@
       }
     },
     "node_modules/espree": {
-      "version": "9.5.2",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.2.tgz",
-      "integrity": "sha512-7OASN1Wma5fum5SrNhFMAMJxOUAbhyfQ8dQ//PJaJbNw0URTPWqIghHWt1MmAANKhHZIYOHruW4Kw4ruUWOdGw==",
+      "version": "9.6.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.0.tgz",
+      "integrity": "sha512-1FH/IiruXZ84tpUlm0aCUEwMl2Ho5ilqVh0VvQXw+byAz/4SAciyHLlfmL5WYqsvD38oymdUwBss0LtK8m4s/A==",
       "dependencies": {
-        "acorn": "^8.8.0",
+        "acorn": "^8.9.0",
         "acorn-jsx": "^5.3.2",
         "eslint-visitor-keys": "^3.4.1"
       },
@@ -7873,9 +8293,9 @@
       "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
     },
     "node_modules/fast-glob": {
-      "version": "3.2.12",
-      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.12.tgz",
-      "integrity": "sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.0.tgz",
+      "integrity": "sha512-ChDuvbOypPuNjO8yIDf36x7BlZX1smcUMTTcyoIjycexOxd6DFsKsg21qVBzEmr3G7fUKIRy2/psii+CIUt7FA==",
       "dependencies": {
         "@nodelib/fs.stat": "^2.0.2",
         "@nodelib/fs.walk": "^1.2.3",
@@ -8171,6 +8591,51 @@
         }
       }
     },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
     "node_modules/fork-ts-checker-webpack-plugin/node_modules/cosmiconfig": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz",
@@ -8200,6 +8665,14 @@
         "node": ">=10"
       }
     },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz",
@@ -8217,14 +8690,25 @@
         "url": "https://opencollective.com/webpack"
       }
     },
-    "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
-      "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==",
-      "engines": {
-        "node": ">=6"
-      }
-    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz",
+      "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/form-data": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.1.tgz",
@@ -8536,11 +9020,6 @@
       "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
       "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
     },
-    "node_modules/grapheme-splitter": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz",
-      "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ=="
-    },
     "node_modules/graphemer": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz",
@@ -8590,11 +9069,11 @@
       }
     },
     "node_modules/has-flag": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
-      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
       "engines": {
-        "node": ">=8"
+        "node": ">=4"
       }
     },
     "node_modules/has-property-descriptors": {
@@ -8761,9 +9240,19 @@
       }
     },
     "node_modules/html-entities": {
-      "version": "2.3.5",
-      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.3.5.tgz",
-      "integrity": "sha512-72TJlcMkYsEJASa/3HnX7VT59htM7iSHbH59NSZbtc+22Ap0Txnlx91sfeB+/A7wNZg7UxtZdhAW4y+/jimrdg=="
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.4.0.tgz",
+      "integrity": "sha512-igBTJcNNNhvZFRtm8uA6xMY6xYleeDwn3PeBCkDz7tHttv4F2hsDI2aPgNERWzvRcNYHNT3ymRaQzllmXj4YsQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/mdevils"
+        },
+        {
+          "type": "patreon",
+          "url": "https://patreon.com/mdevils"
+        }
+      ]
     },
     "node_modules/html-escaper": {
       "version": "2.0.2",
@@ -8791,9 +9280,9 @@
       }
     },
     "node_modules/html-webpack-plugin": {
-      "version": "5.5.1",
-      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.1.tgz",
-      "integrity": "sha512-cTUzZ1+NqjGEKjmVgZKLMdiFg3m9MdRXkZW2OEe69WYVi5ONLMmlnSZdXzGGMOq0C8jGDrL6EWyEDDUioHO/pA==",
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.3.tgz",
+      "integrity": "sha512-6YrDKTuqaP/TquFH7h4srYWsZx+x6k6+FbsTm0ziCwGHDP78Unr1r9F/H4+sGmMbX08GQcJ+K64x55b+7VM/jg==",
       "dependencies": {
         "@types/html-minifier-terser": "^6.0.0",
         "html-minifier-terser": "^6.0.2",
@@ -9554,6 +10043,25 @@
         "node": ">=8"
       }
     },
+    "node_modules/istanbul-lib-report/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/istanbul-lib-source-maps": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz",
@@ -9604,6 +10112,70 @@
         "node": ">=10"
       }
     },
+    "node_modules/jake/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jake/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jake/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jake/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jake/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jake/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jdenticon": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/jdenticon/-/jdenticon-3.2.0.tgz",
@@ -9684,6 +10256,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-circus/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-circus/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-circus/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-circus/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-circus/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-circus/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-cli": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-27.5.1.tgz",
@@ -9717,6 +10353,70 @@
         }
       }
     },
+    "node_modules/jest-cli/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-cli/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-cli/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-cli/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-cli/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-cli/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-config": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-27.5.1.tgz",
@@ -9759,29 +10459,157 @@
         }
       }
     },
-    "node_modules/jest-diff": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz",
-      "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==",
+    "node_modules/jest-config/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dependencies": {
-        "chalk": "^4.0.0",
-        "diff-sequences": "^27.5.1",
-        "jest-get-type": "^27.5.1",
-        "pretty-format": "^27.5.1"
+        "color-convert": "^2.0.1"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/jest-docblock": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz",
-      "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==",
+    "node_modules/jest-config/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
       "dependencies": {
-        "detect-newline": "^3.0.0"
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-config/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-config/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-config/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-config/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-diff": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-27.5.1.tgz",
+      "integrity": "sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==",
+      "dependencies": {
+        "chalk": "^4.0.0",
+        "diff-sequences": "^27.5.1",
+        "jest-get-type": "^27.5.1",
+        "pretty-format": "^27.5.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-diff/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-diff/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-diff/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-diff/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-diff/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-diff/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-docblock": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-27.5.1.tgz",
+      "integrity": "sha512-rl7hlABeTsRYxKiUfpHrQrG4e2obOiTQWfMEH3PxPjOtdsfLQO4ReWSZaQ7DETm4xu07rl4q/h4zcKXyU0/OzQ==",
+      "dependencies": {
+        "detect-newline": "^3.0.0"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
     "node_modules/jest-each": {
@@ -9799,6 +10627,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-each/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-each/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-each/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-each/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-each/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-each/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-environment-jsdom": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-27.5.1.tgz",
@@ -9892,6 +10784,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-jasmine2/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-jasmine2/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-jasmine2/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-leak-detector": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-27.5.1.tgz",
@@ -9915,26 +10871,154 @@
         "pretty-format": "^27.5.1"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-matcher-utils/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-matcher-utils/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-message-util": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz",
+      "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==",
+      "dependencies": {
+        "@babel/code-frame": "^7.12.13",
+        "@jest/types": "^27.5.1",
+        "@types/stack-utils": "^2.0.0",
+        "chalk": "^4.0.0",
+        "graceful-fs": "^4.2.9",
+        "micromatch": "^4.0.4",
+        "pretty-format": "^27.5.1",
+        "slash": "^3.0.0",
+        "stack-utils": "^2.0.3"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-message-util/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-message-util/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
       }
     },
-    "node_modules/jest-message-util": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-27.5.1.tgz",
-      "integrity": "sha512-rMyFe1+jnyAAf+NHwTclDz0eAaLkVDdKVHHBFWsBWHnnh5YeJMNWWsv7AbFYXfK3oTqvL7VTWkhNLu1jX24D+g==",
+    "node_modules/jest-message-util/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
       "dependencies": {
-        "@babel/code-frame": "^7.12.13",
-        "@jest/types": "^27.5.1",
-        "@types/stack-utils": "^2.0.0",
-        "chalk": "^4.0.0",
-        "graceful-fs": "^4.2.9",
-        "micromatch": "^4.0.4",
-        "pretty-format": "^27.5.1",
-        "slash": "^3.0.0",
-        "stack-utils": "^2.0.3"
+        "has-flag": "^4.0.0"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=8"
       }
     },
     "node_modules/jest-mock": {
@@ -10006,6 +11090,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-resolve/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-resolve/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-resolve/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-runner": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-27.5.1.tgz",
@@ -10037,6 +11185,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-runner/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-runner/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-runner/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-runner/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-runner/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runner/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-runtime": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-27.5.1.tgz",
@@ -10069,6 +11281,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-runtime/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-runtime/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-runtime/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-serializer": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-serializer/-/jest-serializer-27.5.1.tgz",
@@ -10110,7 +11386,71 @@
         "semver": "^7.3.2"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-snapshot/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-snapshot/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
       }
     },
     "node_modules/jest-util": {
@@ -10129,6 +11469,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-util/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-util/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-util/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-util/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-util/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-util/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-validate": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-27.5.1.tgz",
@@ -10145,6 +11549,70 @@
         "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
       }
     },
+    "node_modules/jest-validate/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-validate/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-validate/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-validate/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-validate/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-validate/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-watch-typeahead": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/jest-watch-typeahead/-/jest-watch-typeahead-1.1.0.tgz",
@@ -10228,16 +11696,50 @@
       }
     },
     "node_modules/jest-watch-typeahead/node_modules/ansi-styles": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
-      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
       "engines": {
-        "node": ">=10"
+        "node": ">=8"
       },
       "funding": {
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
+    "node_modules/jest-watch-typeahead/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
     "node_modules/jest-watch-typeahead/node_modules/emittery": {
       "version": "0.10.2",
       "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz",
@@ -10249,6 +11751,14 @@
         "url": "https://github.com/sindresorhus/emittery?sponsor=1"
       }
     },
+    "node_modules/jest-watch-typeahead/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-watch-typeahead/node_modules/jest-message-util": {
       "version": "28.1.3",
       "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz",
@@ -10355,6 +11865,17 @@
         "node": "^12.13.0 || ^14.15.0 || ^16.10.0 || >=17.0.0"
       }
     },
+    "node_modules/jest-watch-typeahead/node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
     "node_modules/jest-watch-typeahead/node_modules/slash": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
@@ -10394,41 +11915,116 @@
       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
       "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
       "dependencies": {
-        "ansi-regex": "^6.0.1"
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/jest-watch-typeahead/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jest-watcher": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz",
+      "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==",
+      "dependencies": {
+        "@jest/test-result": "^27.5.1",
+        "@jest/types": "^27.5.1",
+        "@types/node": "*",
+        "ansi-escapes": "^4.2.1",
+        "chalk": "^4.0.0",
+        "jest-util": "^27.5.1",
+        "string-length": "^4.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/jest-watcher/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
       },
       "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+        "node": ">=7.0.0"
       }
     },
-    "node_modules/jest-watch-typeahead/node_modules/strip-ansi/node_modules/ansi-regex": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+    "node_modules/jest-watcher/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/jest-watcher/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
       "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+        "node": ">=8"
       }
     },
-    "node_modules/jest-watcher": {
-      "version": "27.5.1",
-      "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-27.5.1.tgz",
-      "integrity": "sha512-z676SuD6Z8o8qbmEGhoEUFOM1+jfEiL3DXHK/xgEiG2EyNYfFG60jluWcupY6dATjfEsKQuibReS1djInQnoVw==",
+    "node_modules/jest-watcher/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
       "dependencies": {
-        "@jest/test-result": "^27.5.1",
-        "@jest/types": "^27.5.1",
-        "@types/node": "*",
-        "ansi-escapes": "^4.2.1",
-        "chalk": "^4.0.0",
-        "jest-util": "^27.5.1",
-        "string-length": "^4.0.1"
+        "has-flag": "^4.0.0"
       },
       "engines": {
-        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+        "node": ">=8"
       }
     },
     "node_modules/jest-worker": {
@@ -10444,6 +12040,14 @@
         "node": ">= 10.13.0"
       }
     },
+    "node_modules/jest-worker/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/jest-worker/node_modules/supports-color": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
@@ -10459,9 +12063,9 @@
       }
     },
     "node_modules/jiti": {
-      "version": "1.18.2",
-      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.18.2.tgz",
-      "integrity": "sha512-QAdOptna2NYiSSpv0O/BwoHBSmz4YhpzJHyi+fnMRTXFjp7B8i/YG5Z8IfusxB1ufjcD2Sre1F3R+nX3fvy7gg==",
+      "version": "1.19.1",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.19.1.tgz",
+      "integrity": "sha512-oVhqoRDaBXf7sjkll95LHVS6Myyyb1zaunVwk4Z0+WPSW4gjS0pl01zYKHScTuyEhQsFxV5L4DR5r+YqSyqyyg==",
       "bin": {
         "jiti": "bin/jiti.js"
       }
@@ -10594,12 +12198,14 @@
       }
     },
     "node_modules/jsx-ast-utils": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.3.tgz",
-      "integrity": "sha512-fYQHZTZ8jSfmWZ0iyzfwiU4WDX4HpHbMCZ3gPlWYiCl3BoeOTsqKBqnTVfH2rYT7eP5c3sVbeSPHnnJOaTrWiw==",
+      "version": "3.3.4",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.4.tgz",
+      "integrity": "sha512-fX2TVdCViod6HwKEtSWGHs57oFhVfCMwieb9PuRDgjDPh5XeqJiHFFFJCHxU5cnTc3Bu/GRL+kPiFmw8XWOfKw==",
       "dependencies": {
-        "array-includes": "^3.1.5",
-        "object.assign": "^4.1.3"
+        "array-includes": "^3.1.6",
+        "array.prototype.flat": "^1.3.1",
+        "object.assign": "^4.1.4",
+        "object.values": "^1.1.6"
       },
       "engines": {
         "node": ">=4.0"
@@ -11023,9 +12629,9 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/mini-css-extract-plugin/node_modules/schema-utils": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
-      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -11219,9 +12825,9 @@
       }
     },
     "node_modules/nwsapi": {
-      "version": "2.2.5",
-      "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.5.tgz",
-      "integrity": "sha512-6xpotnECFy/og7tKSBVmUNft7J3jyXAka4XvG6AUhFWRz+Q/Ljus7znJAA3bxColfQLdS+XsjoodtJfCgeTEFQ=="
+      "version": "2.2.6",
+      "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.6.tgz",
+      "integrity": "sha512-vSZ4miHQ4FojLjmz2+ux4B0/XA16jfwt/LBzIUftDpRd8tujHFkXjMyLwjS08fIZCzesj2z7gJukOKJwqebJAQ=="
     },
     "node_modules/object-assign": {
       "version": "4.1.1",
@@ -11433,16 +13039,16 @@
       }
     },
     "node_modules/optionator": {
-      "version": "0.9.1",
-      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
-      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "version": "0.9.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
+      "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==",
       "dependencies": {
+        "@aashutoshrathi/word-wrap": "^1.2.3",
         "deep-is": "^0.1.3",
         "fast-levenshtein": "^2.0.6",
         "levn": "^0.4.1",
         "prelude-ls": "^1.2.1",
-        "type-check": "^0.4.0",
-        "word-wrap": "^1.2.3"
+        "type-check": "^0.4.0"
       },
       "engines": {
         "node": ">= 0.8.0"
@@ -11644,9 +13250,9 @@
       }
     },
     "node_modules/pirates": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.5.tgz",
-      "integrity": "sha512-8V9+HQPupnaXMA23c5hvl69zXvTwTzyAYasnkb0Tts4XvO4CliqONMOnvlq26rkhLC3nWDFBJf73LU1e1VZLaQ==",
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz",
+      "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==",
       "engines": {
         "node": ">= 6"
       }
@@ -13271,6 +14877,59 @@
         "node": ">=14"
       }
     },
+    "node_modules/react-dev-utils/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/react-dev-utils/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/react-dev-utils/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/react-dev-utils/node_modules/loader-utils": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz",
@@ -13279,6 +14938,17 @@
         "node": ">= 12.13.0"
       }
     },
+    "node_modules/react-dev-utils/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/react-dom": {
       "version": "18.2.0",
       "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.2.0.tgz",
@@ -13310,11 +14980,11 @@
       }
     },
     "node_modules/react-router": {
-      "version": "6.12.1",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.12.1.tgz",
-      "integrity": "sha512-evd/GrKJOeOypD0JB9e1r7pQh2gWCsTbUfq059Wm1AFT/K2MNZuDo19lFtAgIhlBrp0MmpgpqtvZC7LPAs7vSw==",
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.14.1.tgz",
+      "integrity": "sha512-U4PfgvG55LdvbQjg5Y9QRWyVxIdO1LlpYT7x+tMAxd9/vmiPuJhIwdxZuIQLN/9e3O4KFDHYfR9gzGeYMasW8g==",
       "dependencies": {
-        "@remix-run/router": "1.6.3"
+        "@remix-run/router": "1.7.1"
       },
       "engines": {
         "node": ">=14"
@@ -13324,12 +14994,12 @@
       }
     },
     "node_modules/react-router-dom": {
-      "version": "6.12.1",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.12.1.tgz",
-      "integrity": "sha512-POIZN9UDKWwEDga054LvYr2KnK8V+0HR4Ny4Bwv8V7/FZCPxJgsCjYxXGxqxzHs7VBxMKZfgvtKhafuJkJSPGA==",
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.14.1.tgz",
+      "integrity": "sha512-ssF6M5UkQjHK70fgukCJyjlda0Dgono2QGwqGvuk7D+EDGHdacEN3Yke2LTMjkrpHuFwBfDFsEjGVXBDmL+bWw==",
       "dependencies": {
-        "@remix-run/router": "1.6.3",
-        "react-router": "6.12.1"
+        "@remix-run/router": "1.7.1",
+        "react-router": "6.14.1"
       },
       "engines": {
         "node": ">=14"
@@ -13816,6 +15486,14 @@
         "rollup": "^2.0.0"
       }
     },
+    "node_modules/rollup-plugin-terser/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/rollup-plugin-terser/node_modules/jest-worker": {
       "version": "26.6.2",
       "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-26.6.2.tgz",
@@ -13837,6 +15515,17 @@
         "randombytes": "^2.1.0"
       }
     },
+    "node_modules/rollup-plugin-terser/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/run-parallel": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
@@ -13980,9 +15669,9 @@
       }
     },
     "node_modules/schema-utils": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.2.0.tgz",
-      "integrity": "sha512-0zTyLGyDJYd/MBxG1AhJkKa6fpEBds4OQO2ut0w7OYG+ZGhGea09lijvzsqegYSik88zc7cUtIlnnO+/BvD6gQ==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
+      "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
       "dependencies": {
         "@types/json-schema": "^7.0.8",
         "ajv": "^6.12.5",
@@ -14013,9 +15702,9 @@
       }
     },
     "node_modules/semver": {
-      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
-      "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
+      "version": "7.5.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.3.tgz",
+      "integrity": "sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==",
       "dependencies": {
         "lru-cache": "^6.0.0"
       },
@@ -14668,14 +16357,14 @@
       }
     },
     "node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
       "dependencies": {
-        "has-flag": "^4.0.0"
+        "has-flag": "^3.0.0"
       },
       "engines": {
-        "node": ">=8"
+        "node": ">=4"
       }
     },
     "node_modules/supports-hyperlinks": {
@@ -14690,6 +16379,25 @@
         "node": ">=8"
       }
     },
+    "node_modules/supports-hyperlinks/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-hyperlinks/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/supports-preserve-symlinks-flag": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
@@ -14733,17 +16441,6 @@
         "node": ">=4.0.0"
       }
     },
-    "node_modules/svgo/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/svgo/node_modules/argparse": {
       "version": "1.0.10",
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
@@ -14752,32 +16449,6 @@
         "sprintf-js": "~1.0.2"
       }
     },
-    "node_modules/svgo/node_modules/chalk": {
-      "version": "2.4.2",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/svgo/node_modules/color-convert": {
-      "version": "1.9.3",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
-      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/svgo/node_modules/color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="
-    },
     "node_modules/svgo/node_modules/css-select": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/css-select/-/css-select-2.1.0.tgz",
@@ -14823,22 +16494,6 @@
       "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.3.1.tgz",
       "integrity": "sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w=="
     },
-    "node_modules/svgo/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/svgo/node_modules/has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/svgo/node_modules/js-yaml": {
       "version": "3.14.1",
       "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
@@ -14859,17 +16514,6 @@
         "boolbase": "~1.0.0"
       }
     },
-    "node_modules/svgo/node_modules/supports-color": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
@@ -14972,9 +16616,9 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.17.7",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.17.7.tgz",
-      "integrity": "sha512-/bi0Zm2C6VAexlGgLlVxA0P2lru/sdLyfCVaRMfKVo9nWxbmz7f/sD8VPybPeSUJaJcwmCJis9pBIhcVcG1QcQ==",
+      "version": "5.18.2",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.18.2.tgz",
+      "integrity": "sha512-Ah19JS86ypbJzTzvUCX7KOsEIhDaRONungA4aYBjEP3JZRf4ocuDzTg4QWZnPn9DEMiMYGJPiSOy7aykoCc70w==",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
         "acorn": "^8.8.2",
@@ -15179,9 +16823,9 @@
       }
     },
     "node_modules/tslib": {
-      "version": "2.5.3",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.3.tgz",
-      "integrity": "sha512-mSxlJJwl3BMEQCUNnxXBU9jP4JBktcEGhURcPR6VQVlnP0FdDEsIaz0C35dXNGLyRfrATNofF0F5p2KPxQgB+w=="
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.0.tgz",
+      "integrity": "sha512-7At1WUettjcSRHXCyYtTselblcHl9PJFFVKiCAy/bY97+BPZXSQ2wbq0P9s8tK2G7dFQfNnlJnPAiArVBVBsfA=="
     },
     "node_modules/tsutils": {
       "version": "3.21.0",
@@ -15545,9 +17189,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.86.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.86.0.tgz",
-      "integrity": "sha512-3BOvworZ8SO/D4GVP+GoRC3fVeg5MO4vzmq8TJJEkdmopxyazGDxN8ClqN12uzrZW9Tv8EED8v5VSb6Sqyi0pg==",
+      "version": "5.88.1",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.88.1.tgz",
+      "integrity": "sha512-FROX3TxQnC/ox4N+3xQoWZzvGXSuscxR32rbzjpXgEzWudJFEJBpdlkkob2ylrv5yzzufD1zph1OoFsLtm6stQ==",
       "dependencies": {
         "@types/eslint-scope": "^3.7.3",
         "@types/estree": "^1.0.0",
@@ -15558,7 +17202,7 @@
         "acorn-import-assertions": "^1.9.0",
         "browserslist": "^4.14.5",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.14.1",
+        "enhanced-resolve": "^5.15.0",
         "es-module-lexer": "^1.2.1",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
@@ -15568,7 +17212,7 @@
         "loader-runner": "^4.2.0",
         "mime-types": "^2.1.27",
         "neo-async": "^2.6.2",
-        "schema-utils": "^3.1.2",
+        "schema-utils": "^3.2.0",
         "tapable": "^2.1.1",
         "terser-webpack-plugin": "^5.3.7",
         "watchpack": "^2.4.0",
@@ -15644,9 +17288,9 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/webpack-dev-middleware/node_modules/schema-utils": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
-      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -15662,9 +17306,9 @@
       }
     },
     "node_modules/webpack-dev-server": {
-      "version": "4.15.0",
-      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.0.tgz",
-      "integrity": "sha512-HmNB5QeSl1KpulTBQ8UT4FPrByYyaLxpJoQ0+s7EvUrMc16m0ZS1sgb1XGqzmgCPk0c9y+aaXxn11tbLzuM7NQ==",
+      "version": "4.15.1",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz",
+      "integrity": "sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA==",
       "dependencies": {
         "@types/bonjour": "^3.5.9",
         "@types/connect-history-api-fallback": "^1.3.5",
@@ -15672,7 +17316,7 @@
         "@types/serve-index": "^1.9.1",
         "@types/serve-static": "^1.13.10",
         "@types/sockjs": "^0.3.33",
-        "@types/ws": "^8.5.1",
+        "@types/ws": "^8.5.5",
         "ansi-html-community": "^0.0.8",
         "bonjour-service": "^1.0.11",
         "chokidar": "^3.5.3",
@@ -15751,9 +17395,9 @@
       "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
     },
     "node_modules/webpack-dev-server/node_modules/schema-utils": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.1.0.tgz",
-      "integrity": "sha512-Jw+GZVbP5IggB2WAn6UHI02LBwGmsIeYN/lNbSMZyDziQ7jmtAUrqKqDja+W89YHVs+KL/3IkIMltAklqB1vAw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz",
+      "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==",
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -15976,14 +17620,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/word-wrap": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
-      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
-      "engines": {
-        "node": ">=0.10.0"
-      }
-    },
     "node_modules/workbox-background-sync": {
       "version": "6.6.0",
       "resolved": "https://registry.npmjs.org/workbox-background-sync/-/workbox-background-sync-6.6.0.tgz",
@@ -16295,6 +17931,36 @@
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
       }
     },
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",

From 7b721fdc45965b5e79966258e0bd661669d48709 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 16:33:56 +0200
Subject: [PATCH 1298/2268] feat: Implement kluctl.io/request-validate
 annotation

---
 api/v1beta1/kluctldeployment_types.go         |  6 ++++-
 .../gitops.kluctl.io_kluctldeployments.yaml   |  6 +++--
 install/controller/controller/crd.yaml        |  6 +++--
 .../kluctldeployment_controller.go            |  6 +++++
 pkg/controllers/predicates.go                 |  2 +-
 pkg/webui/server.go                           | 23 ++++---------------
 pkg/webui/ui/src/api.tsx                      | 11 +++++----
 .../components/targets-view/TargetItem.tsx    | 15 ++++++------
 8 files changed, 37 insertions(+), 38 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 10141c642..18e601a37 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -35,6 +35,7 @@ const (
 
 	KluctlRequestReconcileAnnotation = "kluctl.io/request-reconcile"
 	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
+	KluctlRequestValidateAnnotation  = "kluctl.io/request-validate"
 )
 
 type KluctlDeploymentSpec struct {
@@ -298,7 +299,10 @@ type KluctlDeploymentStatus struct {
 	LastHandledReconcileAt string `json:"lastHandledReconcileAt,omitempty"`
 
 	// +optional
-	LastHandledDeployAt string `json:"LastHandledDeployAt,omitempty"`
+	LastHandledDeployAt string `json:"lastHandledDeployAt,omitempty"`
+
+	// +optional
+	LastHandledValidateAt string `json:"lastHandledValidateAt,omitempty"`
 
 	// ObservedGeneration is the last reconciled generation.
 	// +optional
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 6c119b815..89465b50f 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -373,8 +373,6 @@ spec:
           status:
             description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
             properties:
-              LastHandledDeployAt:
-                type: string
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -449,11 +447,15 @@ spec:
                 description: LastDeployResult is the result of the last deploy command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastHandledDeployAt:
+                type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
                   be detected.
                 type: string
+              lastHandledValidateAt:
+                type: string
               lastObjectsHash:
                 type: string
               lastValidateError:
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 39edc5eea..b990e6dc4 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -373,8 +373,6 @@ spec:
           status:
             description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
             properties:
-              LastHandledDeployAt:
-                type: string
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
@@ -449,11 +447,15 @@ spec:
                 description: LastDeployResult is the result of the last deploy command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastHandledDeployAt:
+                type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
                   be detected.
                 type: string
+              lastHandledValidateAt:
+                type: string
               lastObjectsHash:
                 type: string
               lastValidateError:
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 6e3faba73..0b2cee9b0 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -206,9 +206,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	oldGeneration := obj.Status.ObservedGeneration
 	oldDeployRequest := obj.Status.LastHandledDeployAt
+	oldValidateRequest := obj.Status.LastHandledValidateAt
 	curDeployRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]
+	curValidateRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestValidateAnnotation]
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 	obj.Status.LastHandledDeployAt = curDeployRequest
+	obj.Status.LastHandledValidateAt = curValidateRequest
 
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
@@ -278,6 +281,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if obj.Status.LastValidateResult == nil || needDeploy {
 			// either never validated before or a deployment requested (which required re-validation)
 			needValidate = true
+		} else if curValidateRequest != "" && oldValidateRequest != curValidateRequest {
+			// explicitly requested a validate
+			needValidate = true
 		} else {
 			nextValidateTime := r.nextValidateTime(obj)
 			if nextValidateTime != nil {
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index ec5964016..117c117d2 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -22,5 +22,5 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 		return ok1 != ok2 || v1 != v2
 	}
 
-	return check(kluctlv1.KluctlRequestReconcileAnnotation) || check(kluctlv1.KluctlRequestDeployAnnotation)
+	return check(kluctlv1.KluctlRequestReconcileAnnotation) || check(kluctlv1.KluctlRequestDeployAnnotation) || check(kluctlv1.KluctlRequestValidateAnnotation)
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index c3c00f994..7eeff59f8 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -372,25 +372,6 @@ func (s *CommandResultsServer) getValidateResult(c *gin.Context) {
 	c.JSON(http.StatusOK, vr)
 }
 
-func (s *CommandResultsServer) validateNow(c *gin.Context) {
-	var params ProjectTargetKey
-	err := c.Bind(&params)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	key := ProjectTargetKey{
-		Project: params.Project,
-		Target:  params.Target,
-	}
-
-	_ = key
-	// TODO
-
-	c.Status(http.StatusOK)
-}
-
 type kluctlDeploymentParam struct {
 	Cluster   string `json:"cluster"`
 	Name      string `json:"name"`
@@ -444,6 +425,10 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 	c.Status(http.StatusOK)
 }
 
+func (s *CommandResultsServer) validateNow(c *gin.Context) {
+	s.doSetAnnotation(c, kluctlv1.KluctlRequestValidateAnnotation, time.Now().Format(time.RFC3339Nano))
+}
+
 func (s *CommandResultsServer) reconcileNow(c *gin.Context) {
 	s.doSetAnnotation(c, kluctlv1.KluctlRequestReconcileAnnotation, time.Now().Format(time.RFC3339Nano))
 }
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 79ac58127..0ba63654c 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -48,7 +48,7 @@ export interface Api {
     getCommandResultSummary(resultId: string): Promise<CommandResultSummary>
     getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
     getValidateResult(resultId: string): Promise<ValidateResult>
-    validateNow(project: ProjectKey, target: TargetKey): Promise<Response>
+    validateNow(cluster: string, name: string, namespace: string): Promise<Response>
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
 }
@@ -241,10 +241,11 @@ export class RealApi implements Api {
         return new ValidateResult(json)
     }
 
-    async validateNow(project: ProjectKey, target: TargetKey) {
+    async validateNow(cluster: string, name: string, namespace: string) {
         return this.doPost("/api/validateNow", {
-            "project": project,
-            "target": target,
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
         })
     }
 
@@ -324,7 +325,7 @@ export class StaticApi implements Api {
         throw new Error("not implemented")
     }
 
-    validateNow(project: ProjectKey, target: TargetKey): Promise<Response> {
+    validateNow(cluster: string, name: string, namespace: string): Promise<Response> {
         throw new Error("not implemented")
     }
 
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 8cf6bf63a..9e3ea2ac3 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -105,14 +105,6 @@ export const TargetItem = React.memo(React.forwardRef((
     const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
 
-    actionMenuItems.push({
-        icon: <PublishedWithChanges />,
-        text: "Validate now",
-        handler: () => {
-            api.validateNow(props.ps.project, props.ts.target)
-        }
-    })
-
     let kd: KluctlDeploymentInfo | undefined
     let allKdEqual = true
     props.ts.commandResults?.forEach(rs => {
@@ -128,6 +120,13 @@ export const TargetItem = React.memo(React.forwardRef((
     })
 
     if (kd && allKdEqual) {
+        actionMenuItems.push({
+            icon: <PublishedWithChanges />,
+            text: "Validate",
+            handler: () => {
+                api.validateNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+            }
+        })
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
             text: "Reconcile",

From c311bbf75883a3651cf9e8cb914a2f550805177c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 16:34:13 +0200
Subject: [PATCH 1299/2268] fix: Fix crash in getAdminUser when auth is
 disabled

---
 pkg/webui/auth.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index d573fc238..5f2cf3597 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -227,11 +227,14 @@ func (s *authHandler) getAdminUserFromClaims(claims jwt.MapClaims) *User {
 }
 
 func (s *authHandler) getAdminUser(id string) *User {
-	return &User{
+	u := &User{
 		Username: id,
 		IsAdmin:  true,
-		RbacUser: s.adminRbacUser,
 	}
+	if s != nil {
+		u.RbacUser = s.adminRbacUser
+	}
+	return u
 }
 
 func (s *authHandler) authHandler(c *gin.Context) {

From 5d1797162bbe1ad818eb3081b09e6e4e5977b2c9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 17:13:22 +0200
Subject: [PATCH 1300/2268] chore: Remove unused code

---
 pkg/webui/ui/src/api.tsx                                | 2 --
 pkg/webui/ui/src/components/targets-view/TargetItem.tsx | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 0ba63654c..183f5afaa 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -2,10 +2,8 @@ import {
     CommandResult,
     CommandResultSummary,
     ObjectRef,
-    ProjectKey,
     ResultObject,
     ShortName,
-    TargetKey,
     ValidateResult
 } from "./models";
 import _ from "lodash";
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 9e3ea2ac3..ea0fda3ca 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -7,7 +7,7 @@ import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
-import { ApiContext, AppContext } from "../App";
+import { ApiContext } from "../App";
 import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import { DiffStatus } from "../result-view/nodes/NodeData";

From f548f91e43bf13901ba8f1c953b02c777072aedc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 17:16:28 +0200
Subject: [PATCH 1301/2268] fix: Fix tests

---
 e2e/gitops_errors_test.go | 2 +-
 e2e/results_test.go       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 33169a4c8..c16c0f93c 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -41,7 +41,7 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
-	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, "", 0)
+	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, "", 0, 0)
 	g.Expect(err).To(Succeed())
 
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 4489ab858..43e23da09 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -42,7 +42,7 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
-	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0)
+	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0, 0)
 	assert.NoError(t, err)
 
 	opts := results.ListResultSummariesOptions{

From b91e9e25355087a4f803f87f9d5ac31a1a4042b9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 17:30:40 +0200
Subject: [PATCH 1302/2268] feat: Remove drift detection

---
 cmd/kluctl/commands/command_result.go         | 16 ----
 e2e/validate_test.go                          | 73 ++-----------------
 pkg/deployment/commands/validate.go           |  8 --
 pkg/types/result/validate_result.go           |  2 -
 pkg/types/result/zz_generated.deepcopy.go     |  7 --
 pkg/webui/generate-ts/main.go                 |  1 +
 .../result-view/CommandResultStatusLine.tsx   |  1 -
 .../components/targets-view/TargetItem.tsx    | 19 -----
 pkg/webui/ui/src/models.ts                    | 58 +++++++--------
 9 files changed, 34 insertions(+), 151 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index a08e79722..1eb9a1546 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -175,22 +175,6 @@ func formatValidateResultText(vr *result.ValidateResult) string {
 		prettyValidationResults(buf, vr.Results)
 	}
 
-	if len(vr.Drift) != 0 {
-		if buf.Len() != 0 {
-			buf.WriteString("\n")
-		}
-		buf.WriteString("Drift:\n")
-		for i, o := range vr.Drift {
-			if len(o.Changes) == 0 {
-				continue
-			}
-			if i != 0 {
-				buf.WriteString("\n")
-			}
-			prettyChanges(buf, o.Ref, o.Changes)
-		}
-	}
-
 	return buf.String()
 }
 
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 1eec3fd3e..5270f45e7 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -10,7 +10,6 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"path/filepath"
 	"testing"
 )
 
@@ -78,13 +77,10 @@ func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_utils
 	return p
 }
 
-func assertValidate(t *testing.T, p *test_utils.TestProject, commandResult *string, succeed bool) (string, string) {
+func assertValidate(t *testing.T, p *test_utils.TestProject, succeed bool) (string, string) {
 	args := []string{"validate"}
-	if commandResult != nil {
-		args = append(args, "--command-result", *commandResult)
-	} else {
-		args = append(args, "-t", "test")
-	}
+	args = append(args, "-t", "test")
+
 	stdout, stderr, err := p.Kluctl(args...)
 
 	if succeed {
@@ -110,32 +106,7 @@ func TestValidate(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
 
-	assertValidate(t, p, nil, false)
-
-	readyDeployment := buildDeployment("d1", p.TestSlug(), true)
-
-	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
-		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(readyDeployment)), metav1.PatchOptions{
-			FieldManager: "test",
-		}, "status")
-	assert.NoError(t, err)
-
-	assertValidate(t, p, nil, true)
-}
-
-func TestValidateCommandResult(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareValidateTest(t, k)
-
-	resultPath := filepath.Join(t.TempDir(), "result.yaml")
-
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-oyaml="+resultPath)
-	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
-
-	assertValidate(t, p, &resultPath, false)
+	assertValidate(t, p, false)
 
 	readyDeployment := buildDeployment("d1", p.TestSlug(), true)
 
@@ -145,39 +116,5 @@ func TestValidateCommandResult(t *testing.T) {
 		}, "status")
 	assert.NoError(t, err)
 
-	assertValidate(t, p, &resultPath, true)
-}
-
-func TestValidateDrift(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareValidateTest(t, k)
-
-	resultPath := filepath.Join(t.TempDir(), "result.yaml")
-
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-oyaml="+resultPath)
-	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
-
-	stdout, _ := assertValidate(t, p, &resultPath, false)
-	assert.NotContains(t, stdout, "Drift:")
-
-	changedDeployment := buildDeployment("d1", p.TestSlug(), false)
-	changedDeployment.Merge(uo.FromStringMust(`
-spec:
-  replicas: 2
-`))
-
-	b := true
-	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
-		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(changedDeployment)), metav1.PatchOptions{
-			FieldManager: "test",
-			Force:        &b,
-		})
-	assert.NoError(t, err)
-
-	stdout, _ = assertValidate(t, p, &resultPath, false)
-	assert.Contains(t, stdout, "Drift:")
-	assert.Contains(t, stdout, "spec.replicas")
+	assertValidate(t, p, true)
 }
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index be3b8951f..c1ff787ee 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -103,17 +103,9 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 		ret.Results = append(ret.Results, r.Results...)
 	}
 
-	du := utils2.NewDiffUtil(cmd.dew, cmd.ru, appliedObjects)
-	du.Swapped = true
-	du.DiffObjects(renderedObjects)
-
 	ret.Warnings = append(ret.Warnings, cmd.dew.GetWarningsList()...)
 	ret.Errors = append(ret.Errors, cmd.dew.GetErrorsList()...)
 
-	if len(du.ChangedObjects) != 0 {
-		ret.Drift = du.ChangedObjects
-	}
-
 	err = addValidateCommandInfoToResult(cmd.targetCtx, &ret)
 	if err != nil {
 		return nil, err
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index aaadd8aa9..49434916c 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -22,8 +22,6 @@ type ValidateResult struct {
 	Warnings         []DeploymentError     `json:"warnings,omitempty"`
 	Errors           []DeploymentError     `json:"errors,omitempty"`
 	Results          []ValidateResultEntry `json:"results,omitempty"`
-
-	Drift []ChangedObject `json:"drift,omitempty"`
 }
 
 type ValidateResultSummary struct {
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 722ac49f3..2a8c8cd73 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -447,13 +447,6 @@ func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
 		*out = make([]ValidateResultEntry, len(*in))
 		copy(*out, *in)
 	}
-	if in.Drift != nil {
-		in, out := &in.Drift, &out.Drift
-		*out = make([]ChangedObject, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidateResult.
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index a39803cb6..889e42542 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -17,6 +17,7 @@ func main() {
 		Add(result.CommandResultSummary{}).
 		Add(result.ValidateResult{}).
 		Add(result.ValidateResultSummary{}).
+		Add(result.ChangedObject{}).
 		Add(webui.ShortName{}).
 		Add(uo.UnstructuredObject{}).
 		Add(webui.ProjectTargetKey{}).
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index a759e3877..145266f67 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -62,6 +62,5 @@ export const CommandResultStatusLine = (props: { rs: CommandResultSummary }) =>
 export const ValidateResultStatusLine = (props: { vr?: ValidateResult }) => {
     return <StatusLine errors={props.vr?.errors?.length}
         warnings={props.vr?.warnings?.length}
-        changedObjects={props.vr?.drift?.length}
     />
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index ea0fda3ca..84a7905f7 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -10,8 +10,6 @@ import { calcAgo } from "../../utils/duration";
 import { ApiContext } from "../App";
 import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
-import { DiffStatus } from "../result-view/nodes/NodeData";
-import { ChangesTable } from "../result-view/ChangesTable";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
@@ -216,16 +214,10 @@ TargetItem.displayName = 'TargetItem';
 class MyProvider implements SidePanelProvider {
     private ts?: TargetSummary;
     private lastValidateResult?: ValidateResult
-    private diffStatus: DiffStatus;
 
     constructor(ts?: TargetSummary, vr?: ValidateResult) {
         this.ts = ts
         this.lastValidateResult = vr
-        this.diffStatus = new DiffStatus()
-
-        this.lastValidateResult?.drift?.forEach(co => {
-            this.diffStatus.addChangedObject(co)
-        })
     }
 
     buildSidePanelTabs(): SidePanelTab[] {
@@ -237,14 +229,6 @@ class MyProvider implements SidePanelProvider {
             { label: "Summary", content: this.buildSummaryTab() }
         ]
 
-        if (this.ts.target)
-
-            if (this.diffStatus.changedObjects.length) {
-                tabs.push({
-                    label: "Drift",
-                    content: <ChangesTable diffStatus={this.diffStatus} />
-                })
-            }
         if (this.lastValidateResult?.errors) {
             tabs.push({
                 label: "Errors",
@@ -276,9 +260,6 @@ class MyProvider implements SidePanelProvider {
         if (this.ts?.lastValidateResult?.warnings) {
             props.push({ name: "Warnings", value: this.ts?.lastValidateResult.warnings + "" })
         }
-        /*if (this.ts.lastValidateResult?.drift?.length) {
-            props.push({ name: "Drifted Objects", value: this.ts.lastValidateResult.drift.length + "" })
-        }*/
 
         return <>
             <PropertiesTable properties={props} />
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 6888d15d5..0b87f60c1 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -720,34 +720,6 @@ export class CommandResultSummary {
 	    return a;
 	}
 }
-export class ChangedObject {
-    ref: ObjectRef;
-    changes?: Change[];
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-        this.ref = this.convertValues(source["ref"], ObjectRef);
-        this.changes = this.convertValues(source["changes"], Change);
-    }
-
-	convertValues(a: any, classs: any, asMap: boolean = false): any {
-	    if (!a) {
-	        return a;
-	    }
-	    if (a.slice) {
-	        return (a as any[]).map(elem => this.convertValues(elem, classs));
-	    } else if ("object" === typeof a) {
-	        if (asMap) {
-	            for (const key of Object.keys(a)) {
-	                a[key] = new classs(a[key]);
-	            }
-	            return a;
-	        }
-	        return new classs(a);
-	    }
-	    return a;
-	}
-}
 export class ValidateResultEntry {
     ref: ObjectRef;
     annotation: string;
@@ -789,7 +761,6 @@ export class ValidateResult {
     warnings?: DeploymentError[];
     errors?: DeploymentError[];
     results?: ValidateResultEntry[];
-    drift?: ChangedObject[];
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
@@ -803,7 +774,6 @@ export class ValidateResult {
         this.warnings = this.convertValues(source["warnings"], DeploymentError);
         this.errors = this.convertValues(source["errors"], DeploymentError);
         this.results = this.convertValues(source["results"], ValidateResultEntry);
-        this.drift = this.convertValues(source["drift"], ChangedObject);
     }
 
 	convertValues(a: any, classs: any, asMap: boolean = false): any {
@@ -866,6 +836,34 @@ export class ValidateResultSummary {
 	    return a;
 	}
 }
+export class ChangedObject {
+    ref: ObjectRef;
+    changes?: Change[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.changes = this.convertValues(source["changes"], Change);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class ShortName {
     group?: string;
     kind: string;

From e9a3e7efab7551bf5365761f55e112c674886f2d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 5 Jul 2023 17:30:49 +0200
Subject: [PATCH 1303/2268] chore: Run replace-commands-help and api-docs

---
 docs/reference/commands/common-arguments.md    |  1 +
 docs/reference/commands/validate.md            |  2 --
 docs/reference/gitops/api/kluctl-controller.md | 13 ++++++++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 8a25add90..2d8c7ee9a 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -138,6 +138,7 @@ Command Results:
                                           "kluctl-results")
       --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
       --keep-command-results-count int    Configure how many old command results to keep. (default 10)
+      --keep-validate-results-count int   Configure how many old validate results to keep. (default 2)
       --write-command-result              Enable writing of command results into the cluster. This is enabled by
                                           default. (default true)
 
diff --git a/docs/reference/commands/validate.md b/docs/reference/commands/validate.md
index ef79bc0ba..77a0abb98 100644
--- a/docs/reference/commands/validate.md
+++ b/docs/reference/commands/validate.md
@@ -31,8 +31,6 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --command-result existingfile                 Specify a command result to use instead of loading a project.
-                                                    This will also perform drift detection.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index 398b7c4bb..dd3287ad2 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -1035,7 +1035,18 @@ can be detected.</p>
 </tr>
 <tr>
 <td>
-<code>LastHandledDeployAt</code><br>
+<code>lastHandledDeployAt</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastHandledValidateAt</code><br>
 <em>
 string
 </em>

From a737319568a31c77e8faa592df55195eb2eb008a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Jul 2023 09:24:08 +0200
Subject: [PATCH 1304/2268] chore(deps): Bump golang.org/x/text from 0.10.0 to
 0.11.0 (#650)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1f299d769..48feebefc 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,7 @@ require (
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.9.0
 	golang.org/x/term v0.9.0
-	golang.org/x/text v0.10.0
+	golang.org/x/text v0.11.0
 	helm.sh/helm/v3 v3.12.1
 	k8s.io/api v0.27.3
 	k8s.io/apiextensions-apiserver v0.27.2
diff --git a/go.sum b/go.sum
index 1e31f98d7..0b693dd15 100644
--- a/go.sum
+++ b/go.sum
@@ -1144,8 +1144,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 7c63626b9d43ee3524c17d65c202398d8bd76429 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Jul 2023 09:24:32 +0200
Subject: [PATCH 1305/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.18.7 to 1.19.1 (#652)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.18.7 to 1.19.1.
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.18.7...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 48feebefc..dfd102249 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.14
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.18.7
+	github.com/ohler55/ojg v1.19.1
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 0b693dd15..3b868e603 100644
--- a/go.sum
+++ b/go.sum
@@ -672,8 +672,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.18.7 h1:sC7zy0usEiWa6bvx3NU1yZH4kCA2F3Qzs6iiDX4+xdk=
-github.com/ohler55/ojg v1.18.7/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.19.1 h1:ruSyx+OGrE2HvJgUvtDWiqHJFfMs6e7IM0yZhcrs3NU=
+github.com/ohler55/ojg v1.19.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs=

From 9a9e5175cdcfcb0b44f1e9636d55da54831feb98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Jul 2023 09:26:12 +0200
Subject: [PATCH 1306/2268] chore(deps): Bump golang.org/x/net from 0.11.0 to
 0.12.0 (#654)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index dfd102249..a1d914dff 100644
--- a/go.mod
+++ b/go.mod
@@ -34,11 +34,11 @@ require (
 	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.10.0
-	golang.org/x/net v0.11.0
+	golang.org/x/crypto v0.11.0
+	golang.org/x/net v0.12.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.9.0
-	golang.org/x/term v0.9.0
+	golang.org/x/sys v0.10.0
+	golang.org/x/term v0.10.0
 	golang.org/x/text v0.11.0
 	helm.sh/helm/v3 v3.12.1
 	k8s.io/api v0.27.3
diff --git a/go.sum b/go.sum
index 3b868e603..49ba99f8b 100644
--- a/go.sum
+++ b/go.sum
@@ -926,8 +926,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1015,8 +1015,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1119,8 +1119,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1128,8 +1128,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From bac3605287837c8e8240ca44623b671acd166f48 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 09:48:55 +0200
Subject: [PATCH 1307/2268] feat: Add healthz/readyz endpoints for webui

Also ignore these when logging.
---
 install/webui/webui/deployment.yaml |  4 ++--
 pkg/webui/server.go                 | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 7298fcabe..d69b88e11 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -42,13 +42,13 @@ spec:
             name: http
         livenessProbe:
           httpGet:
-            path: /
+            path: /healthz
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 20
         readinessProbe:
           httpGet:
-            path: /
+            path: /readyz
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 7eeff59f8..eae605626 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -86,7 +86,11 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 
 	s.cam.start()
 
-	router := gin.Default()
+	router := gin.New()
+	router.Use(gin.LoggerWithConfig(gin.LoggerConfig{
+		SkipPaths: []string{"/healthz", "/readyz"},
+	}))
+	router.Use(gin.Recovery())
 
 	if s.auth != nil {
 		err = s.auth.setupAuth(router)
@@ -102,6 +106,13 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 		}
 	}
 
+	router.GET("/healthz", func(c *gin.Context) {
+		c.Status(http.StatusOK)
+	})
+	router.GET("/readyz", func(c *gin.Context) {
+		c.Status(http.StatusOK)
+	})
+
 	api := router.Group("/api", s.auth.authHandler)
 	api.GET("/getShortNames", s.getShortNames)
 	api.GET("/getCommandResult", s.getCommandResult)

From 2d61e712b90bdc650b9deca42d9a1fc737ed37e6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 09:56:11 +0200
Subject: [PATCH 1308/2268] fix: Ignore objects marked for deletion when
 validating

But still complain about objects that are marked for deletion but still
exist.
---
 pkg/deployment/commands/validate.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index c1ff787ee..d2cdd30ab 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -2,11 +2,13 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/google/uuid"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 )
@@ -80,6 +82,13 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
 	for _, o := range renderedObjects {
+		if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/delete")) {
+			if cmd.ru.GetRemoteObject(o.GetK8sRef()) != nil {
+				cmd.dew.AddError(o.GetK8sRef(), fmt.Errorf("object is marked for deletion but still exists on the target cluster"))
+			}
+			continue
+		}
+
 		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
 		hook := h.GetHook(o)

From c065d595c2ecb3e00610bda3ac383559c41ce4ba Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 09:56:25 +0200
Subject: [PATCH 1309/2268] fix: Treat StatefulSets with replicas=0 as ready

---
 pkg/validation/validation.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 673a346ba..1a84ebca1 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -366,14 +366,16 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			if !ok {
 				replicas = 1
 			}
-			updatedReplicas := getStatusFieldInt("updatedReplicas", reactNotReady, true, 0)
-			expectedReplicas := replicas - partition
-			if updatedReplicas != expectedReplicas {
-				addNotReady(fmt.Sprintf("StatefulSet is not ready. %d out of %d expected pods have been scheduled", updatedReplicas, expectedReplicas))
-			} else {
-				readyReplicas := getStatusFieldInt("readyReplicas", reactNotReady, true, 0)
-				if readyReplicas != replicas {
-					addNotReady(fmt.Sprintf("StatefulSet is not ready. %d out of %d expected pods are ready", readyReplicas, replicas))
+			if replicas != 0 {
+				updatedReplicas := getStatusFieldInt("updatedReplicas", reactNotReady, true, 0)
+				expectedReplicas := replicas - partition
+				if updatedReplicas != expectedReplicas {
+					addNotReady(fmt.Sprintf("StatefulSet is not ready. %d out of %d expected pods have been scheduled", updatedReplicas, expectedReplicas))
+				} else {
+					readyReplicas := getStatusFieldInt("readyReplicas", reactNotReady, true, 0)
+					if readyReplicas != replicas {
+						addNotReady(fmt.Sprintf("StatefulSet is not ready. %d out of %d expected pods are ready", readyReplicas, replicas))
+					}
 				}
 			}
 		}

From 5759f641fb7686b443d294a20ba19bac71350b09 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 23:15:23 +0200
Subject: [PATCH 1310/2268] fix: Use container-runtime cache instead of plain
 watches

This fixes issues when connections to clusters are lost.
---
 cmd/kluctl/commands/cmd_controller_run.go |   2 +-
 cmd/kluctl/commands/cmd_webui.go          |   2 +-
 cmd/kluctl/commands/utils.go              |   7 +-
 pkg/results/result-store-secrets.go       | 253 +++++++++++++---------
 4 files changed, 154 insertions(+), 110 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index c92ba57c2..18e25543d 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -136,7 +136,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		resultStore, err := results.NewResultStoreSecrets(ctx, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount, cmd.KeepValidateResultsCount)
+		resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount, cmd.KeepValidateResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 424102ad4..efb7701e6 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -152,7 +152,7 @@ func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultSt
 			return nil, nil, err
 		}
 
-		store, err := results.NewResultStoreSecrets(ctx, client, "", 0, 0)
+		store, err := results.NewResultStoreSecrets(ctx, config, client, "", 0, 0)
 		if err != nil {
 			return nil, nil, err
 		}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 12966e2a4..b958de71f 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -207,12 +207,17 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	var resultStore results.ResultStore
 	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
+		config, err := targetCtx.SharedContext.K.ToRESTConfig()
+		if err != nil {
+			return err
+		}
+
 		client, err := targetCtx.SharedContext.K.ToClient()
 		if err != nil {
 			return err
 		}
 
-		resultStore, err = results.NewResultStoreSecrets(ctx, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
+		resultStore, err = results.NewResultStoreSecrets(ctx, config, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index d3079ecb0..6ef4583e6 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -11,10 +11,14 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/watch"
+	"k8s.io/apimachinery/pkg/selection"
+	"k8s.io/client-go/rest"
+	toolscache "k8s.io/client-go/tools/cache"
 	"path"
 	"regexp"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sort"
 	"strings"
@@ -22,8 +26,11 @@ import (
 )
 
 type ResultStoreSecrets struct {
-	ctx    context.Context
-	client client.WithWatch
+	ctx context.Context
+
+	client               client.Client
+	commandResultsCache  cache.Cache
+	validateResultsCache cache.Cache
 
 	writeNamespace           string
 	keepCommandResultsCount  int
@@ -32,15 +39,37 @@ type ResultStoreSecrets struct {
 	mutex sync.Mutex
 }
 
-func NewResultStoreSecrets(ctx context.Context, client client.WithWatch, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client client.Client, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
+	req1, _ := labels.NewRequirement("kluctl.io/command-result-id", selection.Exists, nil)
+	req2, _ := labels.NewRequirement("kluctl.io/validate-result-id", selection.Exists, nil)
+
+	c1, err := cache.New(config, cache.Options{
+		Mapper:               client.RESTMapper(),
+		DefaultLabelSelector: labels.NewSelector().Add(*req1),
+	})
+	if err != nil {
+		return nil, err
+	}
+	c2, err := cache.New(config, cache.Options{
+		Mapper:               client.RESTMapper(),
+		DefaultLabelSelector: labels.NewSelector().Add(*req2),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	go c1.Start(ctx)
+	go c2.Start(ctx)
+
 	s := &ResultStoreSecrets{
 		ctx:                      ctx,
 		client:                   client,
 		writeNamespace:           writeNamespace,
+		commandResultsCache:      c1,
+		validateResultsCache:     c2,
 		keepCommandResultsCount:  keepCommandResultsCount,
 		keepValidateResultsCount: keepValidateResultsCount,
 	}
-
 	return s, nil
 }
 
@@ -284,7 +313,7 @@ func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, t
 func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
+	err := s.commandResultsCache.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -346,99 +375,75 @@ func (s *ResultStoreSecrets) parseValidateSummary(a map[string]string) (*result.
 	return &summary, nil
 }
 
-func (s *ResultStoreSecrets) convertCommandResultWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchCommandResultSummaryEvent {
-	if event.Object == nil {
-		return nil
-	}
-	x2, ok := event.Object.(client.Object)
-	if !ok {
-		return nil
-	}
-	summary, err := s.parseCommandSummary(x2.GetAnnotations())
-	if err != nil {
-		return nil
-	}
-	if !FilterProject(summary.ProjectKey, filter) {
-		return nil
-	}
-	switch event.Type {
-	case watch.Deleted:
-		return &WatchCommandResultSummaryEvent{
-			Delete:  true,
-			Summary: summary,
+func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+	ch := make(chan WatchCommandResultSummaryEvent)
+
+	buildEvent := func(obj any) *WatchCommandResultSummaryEvent {
+		var o metav1.Object
+		switch o2 := obj.(type) {
+		case metav1.Object:
+			o = o2
+		case toolscache.DeletedFinalStateUnknown:
+			o = o2.Obj.(metav1.Object)
+		}
+		if o == nil {
+			return nil
+		}
+		summary, err := s.parseCommandSummary(o.GetAnnotations())
+		if err != nil {
+			return nil
+		}
+		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
+			return nil
 		}
-	case watch.Added, watch.Modified:
 		return &WatchCommandResultSummaryEvent{
 			Summary: summary,
 		}
 	}
-	return nil
-}
 
-func (s *ResultStoreSecrets) convertValidateResultWatchEvent(event watch.Event, filter *result.ProjectKey) *WatchValidateResultSummaryEvent {
-	if event.Object == nil {
-		return nil
-	}
-	x2, ok := event.Object.(client.Object)
-	if !ok {
-		return nil
-	}
-	summary, err := s.parseValidateSummary(x2.GetAnnotations())
-	if err != nil {
-		return nil
-	}
-	if !FilterProject(summary.ProjectKey, filter) {
-		return nil
-	}
-	switch event.Type {
-	case watch.Deleted:
-		return &WatchValidateResultSummaryEvent{
-			Delete:  true,
-			Summary: summary,
+	doUpdate := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
 		}
-	case watch.Added, watch.Modified:
-		return &WatchValidateResultSummaryEvent{
-			Summary: summary,
+		ch <- *e
+	}
+	doDelete := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
 		}
+		e.Delete = true
+		ch <- *e
 	}
-	return nil
-}
 
-func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
-	var l metav1.PartialObjectMetadataList
-	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
+	inf, err := s.commandResultsCache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: "v1",
+		},
+	})
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
-	var initialListRet []*result.CommandResultSummary
-	for _, x := range l.Items {
-		summary, err := s.parseCommandSummary(x.GetAnnotations())
-		if err != nil {
-			continue
-		}
-		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
-			continue
-		}
-		initialListRet = append(initialListRet, summary)
+	handle, err := inf.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			doUpdate(obj)
+		},
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			doUpdate(newObj)
+		},
+		DeleteFunc: func(obj interface{}) {
+			doDelete(obj)
+		},
+	})
+	if err != nil {
+		return nil, nil, nil, err
 	}
 
-	ch := make(chan WatchCommandResultSummaryEvent)
-
-	go func() {
-		for x := range w.ResultChan() {
-			we := s.convertCommandResultWatchEvent(x, options.ProjectFilter)
-			if we == nil {
-				continue
-			}
-			ch <- *we
-		}
-		close(ch)
-	}()
-
 	cancel := func() {
-		w.Stop()
+		_ = inf.RemoveEventHandler(handle)
 	}
 	return nil, ch, cancel, nil
 }
@@ -545,7 +550,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.client.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
+	err := s.validateResultsCache.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -572,40 +577,74 @@ func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSumma
 }
 
 func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
-	var l metav1.PartialObjectMetadataList
-	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	w, err := s.client.Watch(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
-	if err != nil {
-		return nil, nil, nil, err
-	}
+	ch := make(chan WatchValidateResultSummaryEvent)
 
-	var initialListRet []*result.ValidateResultSummary
-	for _, x := range l.Items {
-		summary, err := s.parseValidateSummary(x.GetAnnotations())
+	buildEvent := func(obj any) *WatchValidateResultSummaryEvent {
+		var o metav1.Object
+		switch o2 := obj.(type) {
+		case metav1.Object:
+			o = o2
+		case toolscache.DeletedFinalStateUnknown:
+			o = o2.Obj.(metav1.Object)
+		}
+		if o == nil {
+			return nil
+		}
+		summary, err := s.parseValidateSummary(o.GetAnnotations())
 		if err != nil {
-			continue
+			return nil
 		}
 		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
-			continue
+			return nil
+		}
+		return &WatchValidateResultSummaryEvent{
+			Summary: summary,
 		}
-		initialListRet = append(initialListRet, summary)
 	}
 
-	ch := make(chan WatchValidateResultSummaryEvent)
-
-	go func() {
-		for x := range w.ResultChan() {
-			we := s.convertValidateResultWatchEvent(x, options.ProjectFilter)
-			if we == nil {
-				continue
-			}
-			ch <- *we
+	doUpdate := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
+		}
+		ch <- *e
+	}
+	doDelete := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
 		}
-		close(ch)
-	}()
+		e.Delete = true
+		ch <- *e
+	}
+
+	inf, err := s.validateResultsCache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Secret",
+			APIVersion: "v1",
+		},
+	})
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	handle, err := inf.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			doUpdate(obj)
+		},
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			doUpdate(newObj)
+		},
+		DeleteFunc: func(obj interface{}) {
+			doDelete(obj)
+		},
+	})
+	if err != nil {
+		return nil, nil, nil, err
+	}
 
 	cancel := func() {
-		w.Stop()
+		_ = inf.RemoveEventHandler(handle)
 	}
 	return nil, ch, cancel, nil
 }

From 526ca77c5110bd070b31c65b25035bcd66f5a1d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 23:15:56 +0200
Subject: [PATCH 1311/2268] feat: Add gops agent support

---
 cmd/kluctl/commands/root.go | 24 ++++++++++++++++++++++--
 go.mod                      |  9 +++++++++
 go.sum                      | 21 +++++++++++++++++++++
 3 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 54c1750c9..151b4ebc6 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,6 +18,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/gops/agent"
 	flag "github.com/spf13/pflag"
 	"io"
 	"log"
@@ -49,7 +50,9 @@ type GlobalFlags struct {
 	NoUpdateCheck bool `group:"global" help:"Disable update check on startup"`
 	NoColor       bool `group:"global" help:"Disable colored output"`
 
-	CpuProfile string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
+	CpuProfile    string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
+	GopsAgent     bool   `group:"global" help:"Start gops agent in the background"`
+	GopsAgentAddr string `group:"global" help:"Specify the address:port to use for the gops agent" default:"127.0.0.1:0"`
 }
 
 type cli struct {
@@ -126,6 +129,19 @@ func redirectLogsAndStderr(ctxGetter func() context.Context) {
 	os.Stderr = pw
 }
 
+func setupGops(flags *GlobalFlags) error {
+	if !flags.GopsAgent {
+		return nil
+	}
+
+	if err := agent.Listen(agent.Options{
+		Addr: flags.GopsAgentAddr,
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
 var cpuProfileFile *os.File
 
 func setupProfiling(cpuProfile string) error {
@@ -234,7 +250,11 @@ func Main() {
 	initViper(ctx)
 
 	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
-		err := copyViperValuesToCobraCmd(cmd)
+		err := setupGops(flags)
+		if err != nil {
+			return ctx, err
+		}
+		err = copyViperValuesToCobraCmd(cmd)
 		if err != nil {
 			return ctx, err
 		}
diff --git a/go.mod b/go.mod
index 1f299d769..8b9e81141 100644
--- a/go.mod
+++ b/go.mod
@@ -141,6 +141,7 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -154,6 +155,7 @@ require (
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/gops v0.3.27 // indirect
 	github.com/google/s2a-go v0.1.3 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
@@ -185,6 +187,7 @@ require (
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
@@ -209,6 +212,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
@@ -216,12 +220,15 @@ require (
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/shirou/gopsutil/v3 v3.23.1 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.1.1 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/tklauser/go-sysconf v0.3.11 // indirect
+	github.com/tklauser/numcpus v0.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.5 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
@@ -232,6 +239,7 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
@@ -263,5 +271,6 @@ require (
 	k8s.io/kubectl v0.27.2 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
+	rsc.io/goversion v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 1e31f98d7..d6270975a 100644
--- a/go.sum
+++ b/go.sum
@@ -312,6 +312,8 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
@@ -401,6 +403,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
@@ -410,6 +413,8 @@ github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdY
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gops v0.3.27 h1:BDdWfedShsBbeatZ820oA4DbVOC8yJ4NI8xAlDFWfgI=
+github.com/google/gops v0.3.27/go.mod h1:lYqabmfnq4Q6UumWNx96Hjup5BDAVc8zmfIy0SkNCSk=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -584,6 +589,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
@@ -712,6 +719,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
@@ -764,6 +773,8 @@ github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIH
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
+github.com/shirou/gopsutil/v3 v3.23.1 h1:a9KKO+kGLKEvcPIs4W62v0nu3sciVDOOOPUD0Hz7z/4=
+github.com/shirou/gopsutil/v3 v3.23.1/go.mod h1:NN6mnm5/0k8jw4cBfCnJtr5L7ErOTg18tMNpgFkn0hA=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -826,6 +837,10 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
+github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
+github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
+github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
 github.com/tkrajina/go-reflector v0.5.5 h1:gwoQFNye30Kk7NrExj8zm3zFtrGPqOkzFMLuQZg1DtQ=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/typescriptify-golang-structs v0.1.10 h1:W/Ta9Kqo2lV+7bVXuQoUhZ0bDlnjwtPpKsy3A9M1nYg=
@@ -862,6 +877,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
+github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
@@ -1062,6 +1079,7 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1085,6 +1103,7 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1400,6 +1419,8 @@ k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/goversion v1.2.0 h1:SPn+NLTiAG7w30IRK/DKp1BjvpWabYgxlLp/+kx5J8w=
+rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From 96d3a1fa9ac2d2b4c8e4ef8461c983d1c768d226 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 6 Jul 2023 23:43:58 +0200
Subject: [PATCH 1312/2268] chore: Remove GetCommandResultSummary and
 HasCommandResult

---
 pkg/results/result-store-secrets.go           | 39 +------------------
 pkg/results/result-store.go                   |  2 -
 pkg/results/results-collector.go              | 17 --------
 pkg/webui/server.go                           | 23 -----------
 pkg/webui/ui/src/api.tsx                      | 16 --------
 pkg/webui/ui/src/components/ObjectYaml.tsx    |  4 +-
 .../result-view/CommandResultView.tsx         | 11 +-----
 .../targets-view/CommandResultItem.tsx        |  1 -
 8 files changed, 5 insertions(+), 108 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 6ef4583e6..426e674da 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -448,46 +448,9 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSumma
 	return nil, ch, cancel, nil
 }
 
-func (s *ResultStoreSecrets) getCommandResultSecret(id string) (*metav1.PartialObjectMetadata, error) {
-	var l metav1.PartialObjectMetadataList
-	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.client.List(s.ctx, &l, client.MatchingLabels{"kluctl.io/command-result-id": id})
-	if err != nil {
-		return nil, err
-	}
-	if len(l.Items) == 0 {
-		return nil, nil
-	}
-	return &l.Items[0], nil
-}
-
-func (s *ResultStoreSecrets) HasCommandResult(id string) (bool, error) {
-	secret, err := s.getCommandResultSecret(id)
-	if err != nil {
-		return false, err
-	}
-	return secret != nil, nil
-}
-
-func (s *ResultStoreSecrets) GetCommandResultSummary(id string) (*result.CommandResultSummary, error) {
-	secret, err := s.getCommandResultSecret(id)
-	if err != nil {
-		return nil, err
-	}
-	return s.parseCommandSummary(secret.GetAnnotations())
-}
-
 func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
-	has, err := s.HasCommandResult(options.Id)
-	if err != nil {
-		return nil, err
-	}
-	if !has {
-		return nil, nil
-	}
-
 	var l corev1.SecretList
-	err = s.client.List(s.ctx, &l, client.MatchingLabels{
+	err := s.client.List(s.ctx, &l, client.MatchingLabels{
 		"kluctl.io/command-result-id": options.Id,
 	})
 	if err != nil {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index f87fa4bf3..2e5453b91 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -34,8 +34,6 @@ type ResultStore interface {
 
 	ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error)
 	WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
-	HasCommandResult(id string) (bool, error)
-	GetCommandResultSummary(id string) (*result.CommandResultSummary, error)
 	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
 
 	ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error)
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 9dfa193d5..3bf23b4fb 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -258,23 +258,6 @@ func (rc *ResultsCollector) WatchCommandResultSummaries(options ListResultSummar
 	return initial, w.ch, cancel, nil
 }
 
-func (rc *ResultsCollector) HasCommandResult(id string) (bool, error) {
-	rc.mutex.Lock()
-	defer rc.mutex.Unlock()
-	_, ok := rc.commandResultSummaries[id]
-	return ok, nil
-}
-
-func (rc *ResultsCollector) GetCommandResultSummary(id string) (*result.CommandResultSummary, error) {
-	rc.mutex.Lock()
-	defer rc.mutex.Unlock()
-	rs, ok := rc.commandResultSummaries[id]
-	if !ok {
-		return nil, nil
-	}
-	return rs.summary, nil
-}
-
 func (rc *ResultsCollector) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
 	rc.mutex.Lock()
 	se, ok := rc.commandResultSummaries[options.Id]
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index eae605626..f5a503a7e 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -116,7 +116,6 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	api := router.Group("/api", s.auth.authHandler)
 	api.GET("/getShortNames", s.getShortNames)
 	api.GET("/getCommandResult", s.getCommandResult)
-	api.GET("/getCommandResultSummary", s.getCommandResultSummary)
 	api.GET("/getCommandResultObject", s.getCommandResultObject)
 	api.GET("/getValidateResult", s.getValidateResult)
 	api.POST("/validateNow", s.validateNow)
@@ -272,28 +271,6 @@ func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 	c.JSON(http.StatusOK, sr)
 }
 
-func (s *CommandResultsServer) getCommandResultSummary(c *gin.Context) {
-	var params resultIdParam
-
-	err := c.Bind(&params)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
-	sr, err := s.store.GetCommandResultSummary(params.ResultId)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-	if sr == nil {
-		c.AbortWithStatus(http.StatusNotFound)
-		return
-	}
-
-	c.JSON(http.StatusOK, sr)
-}
-
 func (s *CommandResultsServer) getCommandResultObject(c *gin.Context) {
 	var params resultIdParam
 	var ref refParam
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 183f5afaa..02e8934f1 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,6 +1,5 @@
 import {
     CommandResult,
-    CommandResultSummary,
     ObjectRef,
     ResultObject,
     ShortName,
@@ -43,7 +42,6 @@ export interface Api {
     getShortNames(): Promise<ShortName[]>
     listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
     getCommandResult(resultId: string): Promise<CommandResult>
-    getCommandResultSummary(resultId: string): Promise<CommandResultSummary>
     getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
     getValidateResult(resultId: string): Promise<ValidateResult>
     validateNow(cluster: string, name: string, namespace: string): Promise<Response>
@@ -217,13 +215,6 @@ export class RealApi implements Api {
         return new CommandResult(json)
     }
 
-    async getCommandResultSummary(resultId: string) {
-        const params = new URLSearchParams()
-        params.set("resultId", resultId)
-        const json = await this.doGet("/api/getCommandResultSummary", params)
-        return new CommandResultSummary(json)
-    }
-
     async getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string) {
         const params = new URLSearchParams()
         params.set("resultId", resultId)
@@ -294,13 +285,6 @@ export class StaticApi implements Api {
         return staticResults.get(resultId)
     }
 
-    async getCommandResultSummary(resultId: string): Promise<CommandResultSummary> {
-        await loadScript(staticPath + "/summaries.js")
-        return staticSummaries.filter(s => {
-            return s.id === resultId
-        }).at(0)
-    }
-
     async getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any> {
         const result = await this.getCommandResult(resultId)
         const object = result.objects?.find(x => _.isEqual(x.ref, ref))
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 016f9c35b..7e9ee9e5f 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -13,9 +13,9 @@ import { Box } from "@mui/material";
 export const ObjectYaml = (props: { treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType }) => {
     const api = useContext(ApiContext)
     const [loading, error, content] = useLoadingHelper<string>(async () => {
-        const o = await api.getCommandResultObject(props.treeProps.summary.id, props.objectRef, props.objectType)
+        const o = await api.getCommandResultObject(props.treeProps.commandResult.id, props.objectRef, props.objectType)
         return yaml.dump(o)
-    }, [props.treeProps.summary.id, props.objectRef, props.objectType])
+    }, [props.treeProps.commandResult.id, props.objectRef, props.objectType])
 
     if (loading) {
         return <Box my='30px'>
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 0ec72a481..247bdf242 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -10,7 +10,7 @@ import {
     ThemeProvider,
     Typography
 } from "@mui/material";
-import { CommandResult, CommandResultSummary, ShortName } from "../../models";
+import { CommandResult, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
 import { ActiveFilters } from "./NodeStatusFilter";
@@ -26,20 +26,13 @@ import { ErrorMessage } from '../ErrorMessage';
 
 export interface CommandResultProps {
     shortNames: ShortName[]
-    summary: CommandResultSummary
     commandResult: CommandResult
 }
 
 async function doLoadCommandResult(api: Api, resultId: string, shortNames: ShortName[]): Promise<CommandResultProps> {
-    const [rs, result] = await Promise.all([
-        api.getCommandResultSummary(resultId),
-        api.getCommandResult(resultId)
-    ]);
-
     return {
         shortNames,
-        summary: rs,
-        commandResult: result,
+        commandResult: await api.getCommandResult(resultId),
     }
 }
 
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index bf258589b..e4c79b008 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -19,7 +19,6 @@ async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: Sho
     const r = await api.getCommandResult(rs.id);
     const builder = new NodeBuilder({
         shortNames,
-        summary: rs,
         commandResult: r,
     });
     const [node] = builder.buildRoot();

From f434a26faa96bbc34b69b35ea13aa425704a1181 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 08:53:24 +0200
Subject: [PATCH 1313/2268] chore: Run replace-commands-help

---
 docs/reference/commands/common-arguments.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 2d8c7ee9a..1f2c8fa84 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -21,10 +21,12 @@ These arguments are available for all commands.
 <!-- BEGIN SECTION "deploy" "Global arguments" true -->
 ```
 Global arguments:
-      --cpu-profile string   Enable CPU profiling and write the result to the given path
-      --debug                Enable debug logging
-      --no-color             Disable colored output
-      --no-update-check      Disable update check on startup
+      --cpu-profile string       Enable CPU profiling and write the result to the given path
+      --debug                    Enable debug logging
+      --gops-agent               Start gops agent in the background
+      --gops-agent-addr string   Specify the address:port to use for the gops agent (default "127.0.0.1:0")
+      --no-color                 Disable colored output
+      --no-update-check          Disable update check on startup
 
 ```
 <!-- END SECTION -->

From cf3496b076e4cb3c5593f23444b1581fa88797ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 09:12:04 +0200
Subject: [PATCH 1314/2268] tests: Fix tests

---
 e2e/gitops_errors_test.go           | 5 ++++-
 e2e/results_test.go                 | 5 ++++-
 pkg/results/result-store-secrets.go | 3 +++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index c16c0f93c..7d5cb9fd9 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -41,7 +41,10 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
-	rs, err := results.NewResultStoreSecrets(context.TODO(), suite.k.Client, "", 0, 0)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, "", 0, 0)
 	g.Expect(err).To(Succeed())
 
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 43e23da09..db85dc2d3 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -42,7 +42,10 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
-	rs, err := results.NewResultStoreSecrets(context.Background(), k.Client, "kluctl-results", 0, 0)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	rs, err := results.NewResultStoreSecrets(ctx, k.RESTConfig(), k.Client, "kluctl-results", 0, 0)
 	assert.NoError(t, err)
 
 	opts := results.ListResultSummariesOptions{
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 426e674da..a4303cf6c 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -61,6 +61,9 @@ func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client clie
 	go c1.Start(ctx)
 	go c2.Start(ctx)
 
+	c1.WaitForCacheSync(ctx)
+	c2.WaitForCacheSync(ctx)
+
 	s := &ResultStoreSecrets{
 		ctx:                      ctx,
 		client:                   client,

From 58a557b35ae951ec14414a21630222f66d739117 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 09:17:08 +0200
Subject: [PATCH 1315/2268] chore: Run go mod tidy

---
 go.mod | 10 +---------
 go.sum | 19 -------------------
 2 files changed, 1 insertion(+), 28 deletions(-)

diff --git a/go.mod b/go.mod
index 8b9e81141..aeb29d090 100644
--- a/go.mod
+++ b/go.mod
@@ -64,6 +64,7 @@ require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.7.0
 	github.com/go-logr/logr v1.2.4
+	github.com/google/gops v0.3.27
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -141,7 +142,6 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -155,7 +155,6 @@ require (
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/gops v0.3.27 // indirect
 	github.com/google/s2a-go v0.1.3 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
@@ -187,7 +186,6 @@ require (
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
@@ -212,7 +210,6 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
@@ -220,15 +217,12 @@ require (
 	github.com/rubenv/sql-migrate v1.3.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/shirou/gopsutil/v3 v3.23.1 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.1.1 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/tklauser/go-sysconf v0.3.11 // indirect
-	github.com/tklauser/numcpus v0.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.5 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
@@ -239,7 +233,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
@@ -271,6 +264,5 @@ require (
 	k8s.io/kubectl v0.27.2 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
-	rsc.io/goversion v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index d6270975a..a0ef2addf 100644
--- a/go.sum
+++ b/go.sum
@@ -312,8 +312,6 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
-github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
-github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
@@ -403,7 +401,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
@@ -589,8 +586,6 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
-github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
@@ -719,8 +714,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
-github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
@@ -773,8 +766,6 @@ github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIH
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
-github.com/shirou/gopsutil/v3 v3.23.1 h1:a9KKO+kGLKEvcPIs4W62v0nu3sciVDOOOPUD0Hz7z/4=
-github.com/shirou/gopsutil/v3 v3.23.1/go.mod h1:NN6mnm5/0k8jw4cBfCnJtr5L7ErOTg18tMNpgFkn0hA=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -837,10 +828,6 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
-github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
-github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
-github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
 github.com/tkrajina/go-reflector v0.5.5 h1:gwoQFNye30Kk7NrExj8zm3zFtrGPqOkzFMLuQZg1DtQ=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/typescriptify-golang-structs v0.1.10 h1:W/Ta9Kqo2lV+7bVXuQoUhZ0bDlnjwtPpKsy3A9M1nYg=
@@ -877,8 +864,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
-github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
@@ -1079,7 +1064,6 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1103,7 +1087,6 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1419,8 +1402,6 @@ k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/goversion v1.2.0 h1:SPn+NLTiAG7w30IRK/DKp1BjvpWabYgxlLp/+kx5J8w=
-rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From 88de7a7e2e029c3bea60d8a75e9c676ef3b2d5f4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Jul 2023 10:34:45 +0200
Subject: [PATCH 1316/2268] fix: Fix parsing of SCP urls with escaped
 characters (e.g. spaces)

This is fixed by relying on go-git's parsing capabilities from now on.
---
 pkg/git/giturls/LICENSE      |  21 ----
 pkg/git/giturls/urls.go      | 158 -------------------------
 pkg/git/giturls/urls_test.go | 220 -----------------------------------
 pkg/types/git_url.go         |  29 +++--
 4 files changed, 20 insertions(+), 408 deletions(-)
 delete mode 100644 pkg/git/giturls/LICENSE
 delete mode 100644 pkg/git/giturls/urls.go
 delete mode 100644 pkg/git/giturls/urls_test.go

diff --git a/pkg/git/giturls/LICENSE b/pkg/git/giturls/LICENSE
deleted file mode 100644
index 2aa848db5..000000000
--- a/pkg/git/giturls/LICENSE
+++ /dev/null
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2020 Will Maier
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
diff --git a/pkg/git/giturls/urls.go b/pkg/git/giturls/urls.go
deleted file mode 100644
index 3fa2ebe80..000000000
--- a/pkg/git/giturls/urls.go
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright (c) 2014 Will Maier <wcmaier@m.aier.us>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
-Package giturls parses Git URLs.
-
-These URLs include standard RFC 3986 URLs as well as special formats that
-are specific to Git. Examples are provided in the Git documentation at
-https://www.kernel.org/pub/software/scm/git/docs/git-clone.html.
-*/
-package giturls
-
-import (
-	"fmt"
-	"net/url"
-	"regexp"
-	"strings"
-)
-
-var (
-	// scpSyntax was modified from https://golang.org/src/cmd/go/vcs.go.
-	scpSyntax = regexp.MustCompile(`^([a-zA-Z0-9_]+@)?([a-zA-Z0-9._-]+):([0-9]+/)?([a-zA-Z0-9./._-]+)(?:\?||$)(.*)$`)
-
-	// Transports is a set of known Git URL schemes.
-	Transports = NewTransportSet(
-		"ssh",
-		"git",
-		"git+ssh",
-		"http",
-		"https",
-		"ftp",
-		"ftps",
-		"rsync",
-		"file",
-	)
-)
-
-// Parser converts a string into a URL.
-type Parser func(string) (*url.URL, error)
-
-// Parse parses rawurl into a URL structure. Parse first attempts to
-// find a standard URL with a valid Git transport as its scheme. If
-// that cannot be found, it then attempts to find a SCP-like URL. And
-// if that cannot be found, it assumes rawurl is a local path. If none
-// of these rules apply, Parse returns an error.
-func Parse(rawurl string) (u *url.URL, err error) {
-	parsers := []Parser{
-		ParseTransport,
-		ParseScp,
-		ParseLocal,
-	}
-
-	// Apply each parser in turn; if the parser succeeds, accept its
-	// result and return.
-	for _, p := range parsers {
-		u, err = p(rawurl)
-		if err == nil {
-			return u, err
-		}
-	}
-
-	// It's unlikely that none of the parsers will succeed, since
-	// ParseLocal is very forgiving.
-	return new(url.URL), fmt.Errorf("failed to parse %q", rawurl)
-}
-
-// ParseTransport parses rawurl into a URL object. Unless the URL's
-// scheme is a known Git transport, ParseTransport returns an error.
-func ParseTransport(rawurl string) (*url.URL, error) {
-	u, err := url.Parse(rawurl)
-	if err == nil && !Transports.Valid(u.Scheme) {
-		err = fmt.Errorf("scheme %q is not a valid transport", u.Scheme)
-	}
-	return u, err
-}
-
-// ParseScp parses rawurl into a URL object. The rawurl must be
-// an SCP-like URL, otherwise ParseScp returns an error.
-func ParseScp(rawurl string) (*url.URL, error) {
-	match := scpSyntax.FindAllStringSubmatch(rawurl, -1)
-	if len(match) == 0 {
-		return nil, fmt.Errorf("no scp URL found in %q", rawurl)
-	}
-	m := match[0]
-	user := strings.TrimRight(m[1], "@")
-	var userinfo *url.Userinfo
-	if user != "" {
-		userinfo = url.User(user)
-	}
-	rawquery := ""
-	if len(m) > 4 {
-		rawquery = m[5]
-	}
-	host := m[2]
-	path := m[4]
-	if m[3] != "" {
-		port := strings.TrimRight(m[3], "/")
-		host = fmt.Sprintf("%s:%s", host, port)
-		// host.xyz:1234/path/ only supports absolute paths
-		path = "/" + path
-	}
-	return &url.URL{
-		Scheme:   "ssh",
-		User:     userinfo,
-		Host:     host,
-		Path:     path,
-		RawQuery: rawquery,
-	}, nil
-}
-
-// ParseLocal parses rawurl into a URL object with a "file"
-// scheme. This will effectively never return an error.
-func ParseLocal(rawurl string) (*url.URL, error) {
-	return &url.URL{
-		Scheme: "file",
-		Host:   "",
-		Path:   rawurl,
-	}, nil
-}
-
-// TransportSet represents a set of valid Git transport schemes. It
-// maps these schemes to empty structs, providing a set-like
-// interface.
-type TransportSet struct {
-	Transports map[string]struct{}
-}
-
-// NewTransportSet returns a TransportSet with the items keys mapped
-// to empty struct values.
-func NewTransportSet(items ...string) *TransportSet {
-	t := &TransportSet{
-		Transports: map[string]struct{}{},
-	}
-	for _, i := range items {
-		t.Transports[i] = struct{}{}
-	}
-	return t
-}
-
-// Valid returns true if transport is a known Git URL scheme and false
-// if not.
-func (t *TransportSet) Valid(transport string) bool {
-	_, ok := t.Transports[transport]
-	return ok
-}
diff --git a/pkg/git/giturls/urls_test.go b/pkg/git/giturls/urls_test.go
deleted file mode 100644
index 0a8f2cfc7..000000000
--- a/pkg/git/giturls/urls_test.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package giturls
-
-import (
-	"net/url"
-	"reflect"
-	"strings"
-	"testing"
-)
-
-var tests []*Test
-
-type Test struct {
-	in      string
-	wantURL *url.URL
-	wantStr string // expected result of reserializing the URL; empty means same as "in".
-}
-
-func NewTest(in, transport, user, host, path, str, rawquery string) *Test {
-	var userinfo *url.Userinfo
-
-	if user != "" {
-		if strings.Contains(user, ":") {
-			username := strings.Split(user, ":")[0]
-			password := strings.Split(user, ":")[1]
-			userinfo = url.UserPassword(username, password)
-		} else {
-			userinfo = url.User(user)
-		}
-	}
-	if str == "" {
-		str = in
-	}
-
-	return &Test{
-		in: in,
-		wantURL: &url.URL{
-			Scheme:   transport,
-			Host:     host,
-			Path:     path,
-			User:     userinfo,
-			RawQuery: rawquery,
-		},
-		wantStr: str,
-	}
-}
-
-func init() {
-	// https://www.kernel.org/pub/software/scm/git/docs/git-clone.html
-	tests = []*Test{
-		NewTest(
-			"user@host.xz:path/to/repo.git/",
-			"ssh", "user", "host.xz", "path/to/repo.git/",
-			"ssh://user@host.xz/path/to/repo.git/", "",
-		),
-		NewTest(
-			"host.xz:path/to/repo.git/",
-			"ssh", "", "host.xz", "path/to/repo.git/",
-			"ssh://host.xz/path/to/repo.git/", "",
-		),
-		NewTest(
-			"host.xz:/path/to/repo.git/",
-			"ssh", "", "host.xz", "/path/to/repo.git/",
-			"ssh://host.xz/path/to/repo.git/", "",
-		),
-		NewTest(
-			"host.xz:path/to/repo-with_specials.git/",
-			"ssh", "", "host.xz", "path/to/repo-with_specials.git/",
-			"ssh://host.xz/path/to/repo-with_specials.git/", "",
-		),
-		NewTest(
-			"host.xz:1234/path/to/repo-with_specials.git/",
-			"ssh", "", "host.xz:1234", "/path/to/repo-with_specials.git/",
-			"ssh://host.xz:1234/path/to/repo-with_specials.git/", "",
-		),
-		NewTest(
-			"git://host.xz/path/to/repo.git/",
-			"git", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"git://host.xz:1234/path/to/repo.git/",
-			"git", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"http://host.xz/path/to/repo.git/",
-			"http", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"http://host.xz:1234/path/to/repo.git/",
-			"http", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"https://host.xz/path/to/repo.git/",
-			"https", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"https://host.xz:1234/path/to/repo.git/",
-			"https", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ftp://host.xz/path/to/repo.git/",
-			"ftp", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ftp://host.xz:1234/path/to/repo.git/",
-			"ftp", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ftps://host.xz/path/to/repo.git/",
-			"ftps", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ftps://host.xz:1234/path/to/repo.git/",
-			"ftps", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"rsync://host.xz/path/to/repo.git/",
-			"rsync", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ssh://user@host.xz:1234/path/to/repo.git/",
-			"ssh", "user", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ssh://host.xz:1234/path/to/repo.git/",
-			"ssh", "", "host.xz:1234", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"ssh://host.xz/path/to/repo.git/",
-			"ssh", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"git+ssh://host.xz/path/to/repo.git/",
-			"git+ssh", "", "host.xz", "/path/to/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"/path/to/repo.git/",
-			"file", "", "", "/path/to/repo.git/",
-			"file:///path/to/repo.git/", "",
-		),
-		NewTest(
-			"file:///path/to/repo.git/",
-			"file", "", "", "/path/to/repo.git/",
-			"", "",
-		),
-		// Tests with query strings
-		NewTest(
-			"https://host.xz/organization/repo.git?ref=",
-			"https", "", "host.xz", "/organization/repo.git",
-			"", "ref=",
-		),
-		NewTest(
-			"https://host.xz/organization/repo.git?ref=test",
-			"https", "", "host.xz", "/organization/repo.git",
-			"", "ref=test",
-		),
-		NewTest(
-			"https://host.xz/organization/repo.git?ref=feature/test",
-			"https", "", "host.xz", "/organization/repo.git",
-			"", "ref=feature/test",
-		),
-		NewTest(
-			"git@host.xz:organization/repo.git?ref=test",
-			"ssh", "git", "host.xz", "organization/repo.git",
-			"ssh://git@host.xz/organization/repo.git?ref=test", "ref=test",
-		),
-		NewTest(
-			"git@host.xz:organization/repo.git?ref=feature/test",
-			"ssh", "git", "host.xz", "organization/repo.git",
-			"ssh://git@host.xz/organization/repo.git?ref=feature/test", "ref=feature/test",
-		),
-		// Tests with user+password and some with query strings
-		NewTest(
-			"https://user:password@host.xz/organization/repo.git/",
-			"https", "user:password", "host.xz", "/organization/repo.git/",
-			"", "",
-		),
-		NewTest(
-			"https://user:password@host.xz/organization/repo.git?ref=test",
-			"https", "user:password", "host.xz", "/organization/repo.git",
-			"", "ref=test",
-		),
-		NewTest(
-			"https://user:password@host.xz/organization/repo.git?ref=feature/test",
-			"https", "user:password", "host.xz", "/organization/repo.git",
-			"", "ref=feature/test",
-		),
-	}
-}
-
-func TestParse(t *testing.T) {
-	for _, tt := range tests {
-		got, err := Parse(tt.in)
-		if err != nil {
-			t.Errorf("Parse(%q) = unexpected err %q, want %q", tt.in, err, tt.wantURL)
-			continue
-		}
-		if !reflect.DeepEqual(got, tt.wantURL) {
-			t.Errorf("Parse(%q) = %q, want %q", tt.in, got, tt.wantURL)
-		}
-		str := got.String()
-		if str != tt.wantStr {
-			t.Errorf("Parse(%q).String() = %q, want %q", tt.in, str, tt.wantStr)
-		}
-	}
-}
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 5ab73fdd0..542a7fb2d 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -3,7 +3,7 @@ package types
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/giturls"
+	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/url"
 	"strings"
@@ -15,16 +15,27 @@ type GitUrl struct {
 }
 
 func ParseGitUrl(u string) (*GitUrl, error) {
-	// we explicitly only test ParseTransport and ParseScp to avoid parsing local Git urls (as done by giturls.Parse)
-	u2, err := giturls.ParseTransport(u)
-	if err == nil {
-		return &GitUrl{*u2}, nil
+	// we re-use go-git's parsing capabilities (especially in regard to SCP urls)
+	ep, err := transport.NewEndpoint(u)
+	if err != nil {
+		return nil, err
 	}
-	u2, err = giturls.ParseScp(u)
-	if err == nil {
-		return &GitUrl{*u2}, nil
+
+	if ep.Protocol == "file" {
+		return nil, fmt.Errorf("file:// protocol is not supported: %s", u)
+	}
+
+	u2 := ep.String()
+
+	// and we also rely on the standard lib to treat escaping properly
+	u3, err := url.Parse(u2)
+	if err != nil {
+		return nil, err
 	}
-	return nil, fmt.Errorf("failed to parse git url: %s", u)
+
+	return &GitUrl{
+		URL: *u3,
+	}, nil
 }
 
 func ParseGitUrlMust(u string) *GitUrl {

From 5e74b957a62c6920bc649107e72413c34565765d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Jul 2023 11:04:05 +0200
Subject: [PATCH 1317/2268] fix: Use ParseGitRepoKey in parseRepoOverride

---
 cmd/kluctl/commands/utils.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index b958de71f..6d841ab54 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -268,17 +268,12 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	u, err := types.ParseGitUrl(sp[0])
+	repoKey, err := types.ParseGitRepoKey(sp[0])
 	if err != nil {
-		// we need to prepend a dummy scheme to the repo key so that it is properly parsed
-		dummyUrl := fmt.Sprintf("git://%s", sp[0])
-		u, err = types.ParseGitUrl(dummyUrl)
-		if err != nil {
-			return repocache.RepoOverride{}, fmt.Errorf("%s: %w", s, err)
-		}
+		return repocache.RepoOverride{}, err
 	}
 
-	ret.RepoKey = u.RepoKey()
+	ret.RepoKey = repoKey
 	ret.Override = sp[1]
 	return
 }

From 0ea3fa4d80a401e79e0619428c26afe0eba5fa97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Jul 2023 16:34:18 +0200
Subject: [PATCH 1318/2268] fix: Explicitely decide if status message is
 formatted or not (#657)

---
 cmd/kluctl/commands/cmd_helm_pull.go         |   6 +-
 cmd/kluctl/commands/cmd_helm_update.go       |  24 ++--
 cmd/kluctl/commands/cmd_render.go            |   2 +-
 cmd/kluctl/commands/cmd_seal.go              |   6 +-
 cmd/kluctl/commands/command_result.go        |   2 +-
 cmd/kluctl/commands/root.go                  |   8 +-
 pkg/deployment/utils/apply_utils.go          |  28 ++---
 pkg/deployment/utils/hooks_util.go           |  10 +-
 pkg/deployment/utils/remote_objects_utils.go |   4 +-
 pkg/git/mirrored_repo.go                     |   2 +-
 pkg/git/utils.go                             |   6 +-
 pkg/helm/helm_release.go                     |   4 +-
 pkg/k8s/k8s_cluster.go                       |   6 +-
 pkg/kluctl_project/targets.go                |   8 +-
 pkg/registries/registries.go                 |  14 +--
 pkg/repocache/cache.go                       |   4 +-
 pkg/results/result-store-secrets.go          |   8 +-
 pkg/seal/sealer.go                           |  10 +-
 pkg/status/promts.go                         |   2 +-
 pkg/status/status.go                         | 116 ++++++++++++++-----
 pkg/webui/server.go                          |   4 +-
 21 files changed, 164 insertions(+), 110 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index f13160c75..d73dcdaae 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -78,7 +78,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.He
 			if _, ok := versionsToPull[de.Name()]; !ok {
 				actions++
 				if !dryRun {
-					status.Info(ctx, "Removing unused Chart with version %s", de.Name())
+					status.Infof(ctx, "Removing unused Chart with version %s", de.Name())
 					err = os.RemoveAll(filepath.Join(chartsDir, de.Name()))
 					if err != nil {
 						return actions, err
@@ -100,12 +100,12 @@ func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.He
 				continue
 			}
 			g.RunE(func() error {
-				s := status.Start(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
+				s := status.Startf(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
 				defer s.Failed()
 
 				_, err := chart.PullInProject(ctx, baseChartsDir, version)
 				if err != nil {
-					s.FailedWithMessage("%s: %s", statusPrefix, err.Error())
+					s.FailedWithMessagef("%s: %s", statusPrefix, err.Error())
 					return err
 				}
 
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index b7fb4469c..4e3221127 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -53,11 +53,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 		for pth, s := range gitStatus {
 			if strings.HasPrefix(pth, ".helm-charts/") {
-				status.Trace(ctx, "gitStatus=%s", gitStatus.String())
+				status.Tracef(ctx, "gitStatus=%s", gitStatus.String())
 				return fmt.Errorf("--commit can only be used when .helm-chart directory is clean")
 			}
 			if (s.Staging != git.Untracked && s.Staging != git.Unmodified) || (s.Worktree != git.Untracked && s.Worktree != git.Unmodified) {
-				status.Trace(ctx, "gitStatus=%s", gitStatus.String())
+				status.Tracef(ctx, "gitStatus=%s", gitStatus.String())
 				return fmt.Errorf("--commit can only be used when the git worktree is unmodified")
 			}
 		}
@@ -85,11 +85,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	for _, chart := range charts {
 		chart := chart
 		g.RunE(func() error {
-			s := status.Start(ctx, "%s: Querying versions", chart.GetChartName())
+			s := status.Startf(ctx, "%s: Querying versions", chart.GetChartName())
 			defer s.Failed()
 			err := chart.QueryVersions(ctx)
 			if err != nil {
-				s.FailedWithMessage("%s: %s", chart.GetChartName(), err.Error())
+				s.FailedWithMessagef("%s: %s", chart.GetChartName(), err.Error())
 				return err
 			}
 			s.Success()
@@ -115,11 +115,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		for version, _ := range versionsToPull {
 			version := version
 			g.RunE(func() error {
-				s := status.Start(ctx, "%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
+				s := status.Startf(ctx, "%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
 				defer s.Failed()
 				_, err := chart.PullCached(ctx, version)
 				if err != nil {
-					s.FailedWithMessage("%s: %s", chart.GetChartName(), err.Error())
+					s.FailedWithMessagef("%s: %s", chart.GetChartName(), err.Error())
 					return err
 				}
 				s.Success()
@@ -154,11 +154,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 
 		if hr.Config.SkipUpdate {
-			status.Info(ctx, "%s: Skipped update to version %s", relDir, latestVersion)
+			status.Infof(ctx, "%s: Skipped update to version %s", relDir, latestVersion)
 			continue
 		}
 
-		status.Info(ctx, "%s: Chart %s has new version %s available", relDir, hr.Chart.GetChartName(), latestVersion)
+		status.Infof(ctx, "%s: Chart %s has new version %s available", relDir, hr.Chart.GetChartName(), latestVersion)
 
 		if !cmd.Upgrade {
 			continue
@@ -177,7 +177,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		status.Info(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
+		status.Infof(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
 
 		k := helmUpgradeKey{
 			chartDir:   cd,
@@ -222,11 +222,11 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 	chart := hrs[0].Chart
 	newVersion := hrs[0].Config.ChartVersion
 
-	s := status.Start(ctx, "Upgrading Chart %s from version %s to %s", chart.GetChartName(), oldVersion, newVersion)
+	s := status.Startf(ctx, "Upgrading Chart %s from version %s to %s", chart.GetChartName(), oldVersion, newVersion)
 	defer s.Failed()
 
 	doError := func(err error) error {
-		s.FailedWithMessage("%s", err.Error())
+		s.FailedWithMessage(err.Error())
 		return err
 	}
 
@@ -311,7 +311,7 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 			return doError(fmt.Errorf("failed to commit: %w", err))
 		}
 
-		s.UpdateAndInfoFallback("Committed helm chart %s with version %s", chart.GetChartName(), newVersion)
+		s.UpdateAndInfoFallbackf("Committed helm chart %s with version %s", chart.GetChartName(), newVersion)
 	}
 	s.Success()
 
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index f8e252804..09146afdf 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -64,7 +64,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 			status.Flush(cmdCtx.ctx)
 			return yaml.WriteYamlAllStream(getStdout(ctx), all)
 		} else {
-			status.Info(cmdCtx.ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
+			status.Infof(cmdCtx.ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
 		}
 		return nil
 	})
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index b272c5966..8ad9956a6 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -34,8 +34,8 @@ If no '--target' is specified, sealing is performed for all targets.`
 }
 
 func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string) error {
-	s := status.Start(ctx, "%s: Sealing for target", targetName)
-	defer s.FailedWithMessage("%s: Sealing failed", targetName)
+	s := status.Startf(ctx, "%s: Sealing for target", targetName)
+	defer s.FailedWithMessagef("%s: Sealing failed", targetName)
 
 	doFail := func(err error) error {
 		s.FailedWithMessage(fmt.Sprintf("Sealing failed: %v", err))
@@ -164,7 +164,7 @@ func (cmd *sealCmd) Run(ctx context.Context) error {
 				continue
 			}
 			if target.SealingConfig == nil {
-				status.Info(ctx, "Target %s has no sealingConfig", target.Name)
+				status.Infof(ctx, "Target %s has no sealingConfig", target.Name)
 				continue
 			}
 			noTargetMatch = false
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 1eb9a1546..fd35491e8 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -240,7 +240,7 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 		defer s.Failed()
 		resultStoreErr = ctx.resultStore.WriteCommandResult(cr)
 		if resultStoreErr != nil {
-			s.FailedWithMessage("Failed to write result to result store: %s", resultStoreErr.Error())
+			s.FailedWithMessagef("Failed to write result to result store: %s", resultStoreErr.Error())
 		} else {
 			s.Success()
 		}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 151b4ebc6..f7cbf9eaa 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -204,16 +204,16 @@ func checkNewVersion(ctx context.Context) {
 	}
 	latestVersion, err := semver.NewVersion(latestVersionStr)
 	if err != nil {
-		s.FailedWithMessage("Failed to parse latest version: %v", err)
+		s.FailedWithMessagef("Failed to parse latest version: %v", err)
 		return
 	}
 	localVersion, err := semver.NewVersion(version.GetVersion())
 	if err != nil {
-		s.FailedWithMessage("Failed to parse local version: %v", err)
+		s.FailedWithMessagef("Failed to parse local version: %v", err)
 		return
 	}
 	if localVersion.LessThan(latestVersion) {
-		s.Update(fmt.Sprintf("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion.String(), latestVersion.String()))
+		s.Updatef("You are using an outdated version (%v) of kluctl. You should update soon to version %v", localVersion.String(), latestVersion.String())
 	} else {
 		s.Update("Your kluctl version is up-to-date")
 	}
@@ -324,7 +324,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	err = rootCmd.Execute()
 	if err != nil {
-		status.Error(ctx, "%s", err.Error())
+		status.Error(ctx, err.Error())
 		return err
 	}
 	return nil
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index f0e323d00..4547abcd1 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -233,7 +233,7 @@ func (a *ApplyUtil) retryApplyForceReplace(x *uo.UnstructuredObject, hook bool,
 		skipDelete = skipDelete || isSkipDelete(remoteObject)
 	}
 	if skipDelete {
-		status.Warning(a.ctx, "skipped forced replace of %s", ref.String())
+		status.Warningf(a.ctx, "skipped forced replace of %s", ref.String())
 		a.HandleError(ref, applyError)
 		return
 	}
@@ -432,7 +432,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 	}
 	timeoutTimer := time.NewTimer(timeout)
 
-	status.Trace(a.ctx, "Waiting for %s to get ready", ref.String())
+	status.Tracef(a.ctx, "Waiting for %s to get ready", ref.String())
 
 	lastLogTime := time.Now()
 	didLog := false
@@ -445,7 +445,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		if err != nil {
 			if errors.IsNotFound(err) {
 				if didLog {
-					status.Warning(a.ctx, "Cancelled waiting for %s as it disappeared while waiting for it (%ds elapsed)", ref.String(), elapsed)
+					status.Warningf(a.ctx, "Cancelled waiting for %s as it disappeared while waiting for it (%ds elapsed)", ref.String(), elapsed)
 				}
 				a.HandleError(ref, fmt.Errorf("%s disappeared while waiting for it to become ready", ref.String()))
 				return false
@@ -456,13 +456,13 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		v := validation.ValidateObject(a.k, o, false, false)
 		if v.Ready {
 			if didLog {
-				a.sctx.InfoFallback("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
+				a.sctx.InfoFallbackf("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
 			}
 			return true
 		}
 		if len(v.Errors) != 0 {
 			if didLog {
-				status.Warning(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
+				status.Warningf(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
 			}
 			for _, e := range v.Errors {
 				a.HandleError(ref, fmt.Errorf(e.Message))
@@ -473,11 +473,11 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		a.sctx.Update(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
 
 		if !didLog {
-			a.sctx.InfoFallback("Waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
+			a.sctx.InfoFallbackf("Waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			didLog = true
 			lastLogTime = time.Now()
 		} else if didLog && time.Now().Sub(lastLogTime) >= 10*time.Second {
-			a.sctx.InfoFallback("Still waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
+			a.sctx.InfoFallbackf("Still waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			lastLogTime = time.Now()
 		}
 
@@ -486,7 +486,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			continue
 		case <-timeoutTimer.C:
 			err := fmt.Errorf("timed out while waiting for readiness of %s", ref.String())
-			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
+			status.Warningf(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
 			if status.IsTraceEnabled(a.ctx) {
 				y, err := yaml.WriteYamlString(o)
 				if err == nil {
@@ -497,7 +497,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 			return false
 		case <-a.ctx.Done():
 			err := fmt.Errorf("context cancelled while waiting for readiness of %s", ref.String())
-			status.Warning(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
+			status.Warningf(a.ctx, "%s (%ds elapsed)", err.Error(), elapsed)
 			a.HandleError(ref, err)
 			return false
 		}
@@ -564,7 +564,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	a.sctx.SetTotal(total)
 
 	if len(toDelete) != 0 {
-		a.sctx.InfoFallback("Deleting %d objects", len(toDelete))
+		a.sctx.InfoFallbackf("Deleting %d objects", len(toDelete))
 		i := 0
 		for ref := range toDelete {
 			a.sctx.Update(fmt.Sprintf("Deleting object %s (%d of %d)", ref.String(), i+1, len(toDelete)))
@@ -577,7 +577,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	h.RunHooks(preHooks)
 
 	if len(applyObjects) != 0 {
-		a.sctx.InfoFallback("Applying %d objects", len(applyObjects))
+		a.sctx.InfoFallbackf("Applying %d objects", len(applyObjects))
 	}
 	startTime := time.Now()
 	didLog := false
@@ -587,11 +587,11 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		}
 
 		ref := o.GetK8sRef()
-		a.sctx.Update(fmt.Sprintf("Applying object %s (%d of %d)", ref.String(), i+1, len(applyObjects)))
+		a.sctx.Updatef("Applying object %s (%d of %d)", ref.String(), i+1, len(applyObjects))
 		a.ApplyObject(o, false, false)
 		a.sctx.Increment()
 		if time.Now().Sub(startTime) >= 10*time.Second || (didLog && i == len(applyObjects)-1) {
-			a.sctx.InfoFallback("...applied %d of %d objects", i+1, len(applyObjects))
+			a.sctx.InfoFallbackf("...applied %d of %d objects", i+1, len(applyObjects))
 			startTime = time.Now()
 			didLog = true
 		}
@@ -754,7 +754,7 @@ func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.Unstructu
 		a.dew.AddApiWarnings(ref, apiWarnings)
 		if err != nil {
 			if errors.IsConflict(err) {
-				status.Trace(a.ctx, "Conflict while patching %s. Retrying...", ref.String())
+				status.Tracef(a.ctx, "Conflict while patching %s. Retrying...", ref.String())
 				continue
 			} else {
 				a.HandleError(ref, err)
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 6dba39f65..7657c3793 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -82,12 +82,12 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 		for p := range h.deletePolicies {
 			dpStr = append(dpStr, p)
 		}
-		u.a.sctx.UpdateAndInfoFallback("Deleting hook %s due to hook-delete-policy %s (%d of %d)", ref.String(), strings.Join(dpStr, ","), i+1, cnt)
+		u.a.sctx.UpdateAndInfoFallbackf("Deleting hook %s due to hook-delete-policy %s (%d of %d)", ref.String(), strings.Join(dpStr, ","), i+1, cnt)
 		return u.a.DeleteObject(ref, true)
 	}
 
 	if len(deleteBeforeObjects) != 0 {
-		u.a.sctx.InfoFallback("Deleting %d hooks before hook execution", len(deleteBeforeObjects))
+		u.a.sctx.InfoFallbackf("Deleting %d hooks before hook execution", len(deleteBeforeObjects))
 	}
 	for i, h := range deleteBeforeObjects {
 		doDeleteForPolicy(h, i, len(deleteBeforeObjects))
@@ -95,12 +95,12 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 
 	waitResults := make(map[k8s.ObjectRef]bool)
 	if len(applyObjects) != 0 {
-		u.a.sctx.InfoFallback("Applying %d hooks", len(applyObjects))
+		u.a.sctx.InfoFallbackf("Applying %d hooks", len(applyObjects))
 	}
 	for i, h := range applyObjects {
 		ref := h.object.GetK8sRef()
 		_, replaced := h.deletePolicies["before-hook-creation"]
-		u.a.sctx.UpdateAndInfoFallback("Applying hook %s (%d of %d)", ref.String(), i+1, len(applyObjects))
+		u.a.sctx.UpdateAndInfoFallbackf("Applying hook %s (%d of %d)", ref.String(), i+1, len(applyObjects))
 		u.a.ApplyObject(h.object, replaced, true)
 		u.a.sctx.Increment()
 
@@ -133,7 +133,7 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 	}
 
 	if len(deleteAfterObjects) != 0 {
-		u.a.sctx.InfoFallback("Deleting %d hooks after hook execution", len(deleteAfterObjects))
+		u.a.sctx.InfoFallbackf("Deleting %d hooks after hook execution", len(deleteAfterObjects))
 	}
 	for i, h := range deleteAfterObjects {
 		doDeleteForPolicy(h, i, len(deleteAfterObjects))
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 6cee1e0b7..beb8abb3e 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -104,7 +104,7 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 	g.Wait()
 	if g.ErrorOrNil() == nil {
 		if errCount != 0 {
-			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
+			s.UpdateAndInfoFallbackf("%s: Failed with %d errors", baseStatus, errCount)
 			s.Warning()
 			if permissionErrCount != 0 {
 				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"))
@@ -165,7 +165,7 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 	g.Wait()
 	if g.ErrorOrNil() == nil {
 		if errCount != 0 {
-			s.UpdateAndInfoFallback("%s: Failed with %d errors", baseStatus, errCount)
+			s.UpdateAndInfoFallbackf("%s: Failed with %d errors", baseStatus, errCount)
 			s.Warning()
 			if permissionErrCount != 0 {
 				u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("at least one permission error was encountered while gathering known objects. This might result in orphan object detection and diffs to not work properly"))
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 860b10a0a..99a934928 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -314,7 +314,7 @@ func (g *MirroredGitRepo) cloneOrUpdate() error {
 			// in that case, retry a full clone which does hopefully not rely on multi_ack.
 			// See https://github.com/go-git/go-git/pull/613
 			// TODO remove this when https://github.com/go-git/go-git/issues/64 gets fully fixed
-			status.Trace(g.ctx, "Got multi_ack related error from remote. Retrying full clone: %v", err)
+			status.Tracef(g.ctx, "Got multi_ack related error from remote. Retrying full clone: %v", err)
 		} else {
 			return err
 		}
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index f6fed9979..f0b3d7f76 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -70,7 +70,7 @@ func GetWorktreeStatus(ctx context.Context, path string) (git.Status, error) {
 
 	commandPath, err := exec.LookPath("git")
 	if err != nil {
-		status.Trace(ctx, "Failed to lookup git binary: %v", err)
+		status.Tracef(ctx, "Failed to lookup git binary: %v", err)
 		return nil, err
 	}
 
@@ -79,13 +79,13 @@ func GetWorktreeStatus(ctx context.Context, path string) (git.Status, error) {
 	cmd := &exec.Cmd{Path: commandPath, Dir: path, Env: os.Environ(), Args: []string{"git", "status", "--porcelain"}, Stdout: out, Stderr: out}
 	err = cmd.Run()
 	if err != nil {
-		status.Trace(ctx, "Failed to run git status --porcelain: err=%v, out=%s", err, out.String())
+		status.Tracef(ctx, "Failed to run git status --porcelain: err=%v, out=%s", err, out.String())
 		return gitStatus, nil
 	}
 
 	parsedStatus, err := parsePorcelainStatus(out.String())
 	if err != nil {
-		status.Trace(ctx, "Failed to parse output of git status --porcelain: %v", err)
+		status.Tracef(ctx, "Failed to parse output of git status --porcelain: %v", err)
 		return gitStatus, err
 	}
 
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index a5f741722..ed9a3f25c 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -135,7 +135,7 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 				"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
 		}
 
-		s := status.Start(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
+		s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
 		defer s.Failed()
 
 		pc, err = hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
@@ -231,7 +231,7 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	}
 
 	if chartRequested.Metadata.Deprecated {
-		status.Warning(ctx, "Chart %s is deprecated", hr.Config.ChartName)
+		status.Warningf(ctx, "Chart %s is deprecated", hr.Config.ChartName)
 	}
 
 	rel, err := client.Run(chartRequested, vals)
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index a9da08df2..3df393e36 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -308,7 +308,7 @@ type PatchOptions struct {
 }
 
 func (k *K8sCluster) doPatch(ref k8s.ObjectRef, obj client.Object, patch client.Patch, options PatchOptions) ([]ApiWarning, error) {
-	status.Trace(k.ctx, "patching %s", ref.String())
+	status.Tracef(k.ctx, "patching %s", ref.String())
 
 	k.crdCacheMutex.Lock()
 	delete(k.crdCache, ref)
@@ -350,7 +350,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	ref := o.GetK8sRef()
 	obj := o.Clone().ToUnstructured()
 
-	status.Trace(k.ctx, "updating %s", ref.String())
+	status.Tracef(k.ctx, "updating %s", ref.String())
 
 	k.crdCacheMutex.Lock()
 	delete(k.crdCache, ref)
@@ -386,7 +386,7 @@ func (k *K8sCluster) envtestProxyGet(scheme, namespace, name, port, path string,
 			continue
 		}
 
-		status.Trace(k.ctx, "envtestProxyGet apiHost=%s, ns=%s, name=%s, port=%s, path=%s, envUrl=%s", apiHost, namespace, name, port, path, envUrl)
+		status.Tracef(k.ctx, "envtestProxyGet apiHost=%s, ns=%s, name=%s, port=%s, path=%s, envUrl=%s", apiHost, namespace, name, port, path, envUrl)
 
 		envUrl = fmt.Sprintf("%s%s", envUrl, path)
 		resp, err := http.Get(envUrl)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 9ef106813..abd2c9ad3 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -16,24 +16,24 @@ func (c *LoadedKluctlProject) loadTargets() error {
 
 	for i, configTarget := range c.Config.Targets {
 		if configTarget.Name == "" {
-			status.Error(c.ctx, "Target at index %d has no name", i)
+			status.Errorf(c.ctx, "Target at index %d has no name", i)
 			continue
 		}
 
 		target, err := c.buildTarget(configTarget)
 		if err != nil {
-			status.Warning(c.ctx, "Failed to load target config for project: %v", err)
+			status.Warningf(c.ctx, "Failed to load target config for project: %v", err)
 			continue
 		}
 
 		err = c.renderTarget(target)
 		if err != nil {
-			status.Warning(c.ctx, "Failed to load target %s: %v", target.Name, err)
+			status.Warningf(c.ctx, "Failed to load target %s: %v", target.Name, err)
 			continue
 		}
 
 		if _, ok := targetNames[target.Name]; ok {
-			status.Warning(c.ctx, "Duplicate target %s", target.Name)
+			status.Warningf(c.ctx, "Duplicate target %s", target.Name)
 		} else {
 			targetNames[target.Name] = true
 			c.Targets = append(c.Targets, target)
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index b372b06b6..e8a9e41b8 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -114,7 +114,7 @@ func (rh *RegistryHelper) AddAuthEntry(e AuthEntry) {
 func (rh *RegistryHelper) isDefaultInsecure() bool {
 	defaultInsecure, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_INSECURE", false)
 	if err != nil {
-		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %s", err)
+		status.Warningf(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %s", err)
 		return false
 	}
 	return defaultInsecure
@@ -123,7 +123,7 @@ func (rh *RegistryHelper) isDefaultInsecure() bool {
 func (rh *RegistryHelper) isDefaultSkipTlsVerify() bool {
 	defaultTlsVerify, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY", true)
 	if err != nil {
-		status.Warning(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %s", err)
+		status.Warningf(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %s", err)
 		return false
 	}
 	return !defaultTlsVerify
@@ -327,7 +327,7 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 
 	f, err := lockedfile.OpenFile(cachePath, os.O_RDONLY, 0)
 	if err != nil {
-		status.Warning(rh.ctx, "readCachedResponse failed: %v", err)
+		status.Warningf(rh.ctx, "readCachedResponse failed: %v", err)
 		return nil
 	}
 	b, err := io.ReadAll(f)
@@ -338,7 +338,7 @@ func (rh *RegistryHelper) readCachedResponse(key string) []byte {
 
 	res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(b)), nil)
 	if err != nil {
-		status.Warning(rh.ctx, "readCachedResponse failed: %v", err)
+		status.Warningf(rh.ctx, "readCachedResponse failed: %v", err)
 		return nil
 	}
 
@@ -361,21 +361,21 @@ func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
 	if !utils.Exists(cacheDir) {
 		err := os.MkdirAll(cacheDir, 0o700)
 		if err != nil {
-			status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
+			status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
 			return
 		}
 	}
 
 	f, err := lockedfile.OpenFile(cachePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
 	if err != nil {
-		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
+		status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
 	}
 	defer f.Close()
 
 	_, err = f.Write(data)
 	if err != nil {
-		status.Warning(rh.ctx, "writeCachedResponse failed: %v", err)
+		status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
 		return
 	}
 }
diff --git a/pkg/repocache/cache.go b/pkg/repocache/cache.go
index bc7864bbb..c7e26690c 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/cache.go
@@ -124,7 +124,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 			return nil, fmt.Errorf("can not override repo %s. %s is not a directory", url.String(), overridePath)
 		}
 
-		status.WarningOnce(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
+		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
 
 		e := &CacheEntry{
 			rp:           rp,
@@ -177,7 +177,7 @@ func (e *CacheEntry) Update() error {
 			e.mr.SetUpdated(true)
 		} else {
 			url := e.mr.Url()
-			s := status.Start(e.rp.ctx, "Updating git cache for %s", url.String())
+			s := status.Startf(e.rp.ctx, "Updating git cache for %s", url.String())
 			defer s.Failed()
 			err := e.mr.Update()
 			if err != nil {
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index a4303cf6c..aa0abda06 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -273,9 +273,9 @@ func (s *ResultStoreSecrets) cleanupCommandResults(project result.ProjectKey, ta
 				"kluctl.io/command-result-id": rs.Id,
 			})
 			if err != nil {
-				status.Warning(s.ctx, "Failed to delete old command result %s: %s", rs.Id, err)
+				status.Warningf(s.ctx, "Failed to delete old command result %s: %s", rs.Id, err)
 			} else {
-				status.Info(s.ctx, "Deleted old command result %s", rs.Id)
+				status.Infof(s.ctx, "Deleted old command result %s", rs.Id)
 			}
 		}
 	}
@@ -304,9 +304,9 @@ func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, t
 				"kluctl.io/validate-result-id": rs.Id,
 			})
 			if err != nil {
-				status.Warning(s.ctx, "Failed to delete old validate result %s: %s", rs.Id, err)
+				status.Warningf(s.ctx, "Failed to delete old validate result %s: %s", rs.Id, err)
 			} else {
-				status.Info(s.ctx, "Deleted old validate result %s", rs.Id)
+				status.Infof(s.ctx, "Deleted old validate result %s", rs.Id)
 			}
 		}
 	}
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
index 3055768cf..cea58dc6c 100644
--- a/pkg/seal/sealer.go
+++ b/pkg/seal/sealer.go
@@ -262,10 +262,10 @@ func (s *Sealer) sealSecret(o *uo.UnstructuredObject, existing *sealedSecret) (*
 	resealAll := false
 	if s.forceReseal {
 		resealAll = true
-		status.Info(s.ctx, "Forcing reseal of secrets in %s", secretName)
+		status.Infof(s.ctx, "Forcing reseal of secrets in %s", secretName)
 	} else if existing == nil || existing.certHash != s.certHash {
 		resealAll = true
-		status.Info(s.ctx, "Cert for secret %s has changed, forcing reseal", secretName)
+		status.Infof(s.ctx, "Cert for secret %s has changed, forcing reseal", secretName)
 	}
 
 	for k, v := range secrets {
@@ -278,19 +278,19 @@ func (s *Sealer) sealSecret(o *uo.UnstructuredObject, existing *sealedSecret) (*
 
 		doEncrypt := existing == nil || resealAll
 		if !doEncrypt && hash != existingHash {
-			status.Info(s.ctx, "Secret %s and key %s has changed, resealing", secretName, k)
+			status.Infof(s.ctx, "Secret %s and key %s has changed, resealing", secretName, k)
 			doEncrypt = true
 		}
 
 		if !doEncrypt {
 			e, ok, _ := existing.content.GetNestedString("spec", "encryptedData", k)
 			if ok {
-				status.Trace(s.ctx, "Secret %s and key %s is unchanged", secretName, k)
+				status.Tracef(s.ctx, "Secret %s and key %s is unchanged", secretName, k)
 				result.content.SetNestedField(e, "spec", "encryptedData", k)
 				resultSecretHashes[k] = hash
 				continue
 			} else {
-				status.Info(s.ctx, "Old encrypted secret %s and key %s not found", secretName, k)
+				status.Infof(s.ctx, "Old encrypted secret %s and key %s not found", secretName, k)
 				doEncrypt = true
 			}
 		}
diff --git a/pkg/status/promts.go b/pkg/status/promts.go
index 3f8276a10..fc0a48bab 100644
--- a/pkg/status/promts.go
+++ b/pkg/status/promts.go
@@ -25,7 +25,7 @@ func isTerminal(ctx context.Context) bool {
 // before calling askForConfirmation. E.g. fmt.Println("WARNING: Are you sure? (yes/no)")
 func AskForConfirmation(ctx context.Context, prompt string) bool {
 	if !isTerminal(ctx) {
-		Warning(ctx, "Not a terminal, suppressed prompt: %s", prompt)
+		Warningf(ctx, "Not a terminal, suppressed prompt: %s", prompt)
 		return false
 	}
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 2bf1ec85a..78b28f3ef 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -95,12 +95,16 @@ func WithPrefix(prefix string) Option {
 	}
 }
 
-func WithStatus(message string, args ...any) Option {
+func WithStatus(message string) Option {
 	return func(s *StatusContext) {
-		s.startMessage = fmt.Sprintf(message, args...)
+		s.startMessage = message
 	}
 }
 
+func WithStatusf(message string, args ...any) Option {
+	return WithStatusf(fmt.Sprintf(message, args...))
+}
+
 func WithTotal(t int) Option {
 	return func(s *StatusContext) {
 		s.startTotal = t
@@ -129,22 +133,25 @@ func StartWithOptions(ctx context.Context, opts ...Option) *StatusContext {
 	return s
 }
 
-func Start(ctx context.Context, status string, args ...any) *StatusContext {
+func Startf(ctx context.Context, status string, args ...any) *StatusContext {
+	return Start(ctx, fmt.Sprintf(status, args...))
+}
+
+func Start(ctx context.Context, status string) *StatusContext {
 	return StartWithOptions(ctx,
 		WithTotal(1),
-		WithStatus(status, args...),
+		WithStatus(status),
 	)
 }
 
-func (s *StatusContext) buildMessage(message string, args ...any) string {
+func (s *StatusContext) buildMessage(message string) string {
 	if message == "" {
 		return ""
 	}
-	m := fmt.Sprintf(message, args...)
 	if s.prefix == "" {
-		return m
+		return message
 	}
-	return fmt.Sprintf("%s: %s", s.prefix, m)
+	return fmt.Sprintf("%s: %s", s.prefix, message)
 }
 
 func (s *StatusContext) SetTotal(total int) {
@@ -161,26 +168,38 @@ func (s *StatusContext) Increment() {
 	s.sl.Increment()
 }
 
-func (s *StatusContext) Update(message string, args ...any) {
+func (s *StatusContext) Update(message string) {
 	if s == nil {
 		return
 	}
-	s.sl.Update(s.buildMessage(message, args...))
+	s.sl.Update(s.buildMessage(message))
 }
 
-func (s *StatusContext) InfoFallback(message string, args ...any) {
+func (s *StatusContext) Updatef(message string, args ...any) {
+	s.Update(fmt.Sprintf(message, args...))
+}
+
+func (s *StatusContext) InfoFallback(message string) {
 	if s == nil {
 		return
 	}
-	InfoFallback(s.ctx, s.buildMessage(message, args...))
+	InfoFallback(s.ctx, s.buildMessage(message))
+}
+
+func (s *StatusContext) InfoFallbackf(message string, args ...any) {
+	s.InfoFallback(fmt.Sprintf(message, args...))
 }
 
-func (s *StatusContext) UpdateAndInfoFallback(message string, args ...any) {
+func (s *StatusContext) UpdateAndInfoFallback(message string) {
 	if s == nil {
 		return
 	}
-	s.Update(message, args...)
-	s.InfoFallback(message, args...)
+	s.Update(message)
+	s.InfoFallback(message)
+}
+
+func (s *StatusContext) UpdateAndInfoFallbackf(message string, args ...any) {
+	s.UpdateAndInfoFallback(fmt.Sprintf(message, args...))
 }
 
 func (s *StatusContext) Failed() {
@@ -194,17 +213,21 @@ func (s *StatusContext) Failed() {
 	s.failed = true
 }
 
-func (s *StatusContext) FailedWithMessage(msg string, args ...any) {
+func (s *StatusContext) FailedWithMessage(msg string) {
 	if s == nil {
 		return
 	}
 	if s.finished {
 		return
 	}
-	s.UpdateAndInfoFallback(msg, args...)
+	s.UpdateAndInfoFallback(msg)
 	s.Failed()
 }
 
+func (s *StatusContext) FailedWithMessagef(msg string, args ...any) {
+	s.FailedWithMessage(fmt.Sprintf(msg, args...))
+}
+
 func (s *StatusContext) Success() {
 	if s == nil {
 		return
@@ -226,31 +249,54 @@ func PlainText(ctx context.Context, text string) {
 	slh.PlainText(text)
 }
 
-func Info(ctx context.Context, status string, args ...any) {
+func Info(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Info(fmt.Sprintf(status, args...))
+	slh.Info(status)
 }
 
-func InfoFallback(ctx context.Context, status string, args ...any) {
+func Infof(ctx context.Context, status string, args ...any) {
+	Info(ctx, fmt.Sprintf(status, args...))
+}
+
+func InfoFallback(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.InfoFallback(fmt.Sprintf(status, args...))
+	slh.InfoFallback(status)
 }
 
-func Warning(ctx context.Context, status string, args ...any) {
+func InfoFallbackf(ctx context.Context, status string, args ...any) {
+	InfoFallback(ctx, fmt.Sprintf(status, args...))
+}
+
+func Warning(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Warning(fmt.Sprintf(status, args...))
+	slh.Warning(status)
+}
+
+func Warningf(ctx context.Context, status string, args ...any) {
+	Warning(ctx, fmt.Sprintf(status, args...))
+}
+
+func WarningOnce(ctx context.Context, key string, status string) {
+	cv := getContextValue(ctx)
+	cv.deprecationOnce.Do(key, func() {
+		Warning(ctx, status)
+	})
 }
 
-func WarningOnce(ctx context.Context, key string, status string, args ...any) {
+func WarningOncef(ctx context.Context, key string, status string, args ...any) {
 	cv := getContextValue(ctx)
 	cv.deprecationOnce.Do(key, func() {
-		Warning(ctx, status, args...)
+		Warningf(ctx, status, args...)
 	})
 }
 
-func Trace(ctx context.Context, status string, args ...any) {
+func Trace(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Trace(fmt.Sprintf(status, args...))
+	slh.Trace(status)
+}
+
+func Tracef(ctx context.Context, status string, args ...any) {
+	Trace(ctx, fmt.Sprintf(status, args...))
 }
 
 func IsTraceEnabled(ctx context.Context) bool {
@@ -258,14 +304,22 @@ func IsTraceEnabled(ctx context.Context) bool {
 	return slh.IsTraceEnabled()
 }
 
-func Error(ctx context.Context, status string, args ...any) {
+func Error(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Error(fmt.Sprintf(status, args...))
+	slh.Error(status)
 }
 
-func Prompt(ctx context.Context, password bool, message string, args ...any) (string, error) {
+func Errorf(ctx context.Context, status string, args ...any) {
+	Error(ctx, fmt.Sprintf(status, args...))
+}
+
+func Prompt(ctx context.Context, password bool, message string) (string, error) {
 	slh := FromContext(ctx)
-	return slh.Prompt(password, fmt.Sprintf(message, args...))
+	return slh.Prompt(password, message)
+}
+
+func Promptf(ctx context.Context, password bool, message string, args ...any) (string, error) {
+	return Prompt(ctx, password, fmt.Sprintf(message, args...))
 }
 
 func Deprecation(ctx context.Context, key string, message string) {
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index f5a503a7e..0a46caa68 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -163,9 +163,9 @@ func (s *CommandResultsServer) startUpdateLogs() error {
 
 		printEvent := func(id string, type_ string, deleted bool) {
 			if deleted {
-				status.Info(s.ctx, "Deleted %s result summary for %s", type_, id)
+				status.Infof(s.ctx, "Deleted %s result summary for %s", type_, id)
 			} else {
-				status.Info(s.ctx, "Updated %s result summary for %s", type_, id)
+				status.Infof(s.ctx, "Updated %s result summary for %s", type_, id)
 			}
 		}
 		for _, x := range l1 {

From ebde3fefe9d0b45f1803b90281ff98ef80420e75 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 10 Jul 2023 22:34:34 +0200
Subject: [PATCH 1319/2268] build: Preparing release v2.20.8

---
 docs/installation.md                             | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/deployment.yaml              | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/installation.md b/docs/installation.md
index 6f3592807..3bfdbf0ec 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -114,5 +114,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.20.7
+        tag: v2.20.8
 ```
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 6d0dcc801..d145f9587 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.7
+    default: v2.20.8
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 8f1b4d731..76e1a2797 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.7") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.8") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 01a3d595c..9e73fc232 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.7
+    default: v2.20.8
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index d69b88e11..317f037c5 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.20.7") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.20.8") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 apiVersion: apps/v1

From b3595b078d4297bd4d0a7431fedbb33ba22af1f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Jul 2023 22:35:01 +0200
Subject: [PATCH 1320/2268] fix: Take deployed CRDs into account when fixing
 namespaces (#660)

When a deployment also contains CRDs, the k8s client will not know if
an object is namespaced before the CRD is actually applied. This leads
to flaky behaviour between the initial and all other deployments.

This commit delays fixing of namespaces until all objects are rendered.
Then it takes CRDs into account when determining if an object is namespaced
or not.
---
 pkg/deployment/deployment_collection.go | 98 ++++++++++++++++++++++++-
 pkg/deployment/deployment_item.go       | 20 ++---
 pkg/deployment/utils/apply_utils.go     |  2 +
 pkg/deployment/utils/delete_utils.go    |  6 +-
 pkg/helm/helm_release.go                | 22 +++---
 pkg/k8s/k8s_cluster.go                  | 13 ----
 pkg/k8s/utils.go                        | 19 +++++
 pkg/utils/uo/k8s_fields.go              |  7 ++
 8 files changed, 148 insertions(+), 39 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 7e099c31e..9215f3a84 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -5,12 +5,15 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/helm"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"path/filepath"
 	"sync"
 )
@@ -199,9 +202,13 @@ func (c *DeploymentCollection) buildKustomizeObjects() error {
 	}
 	s.Success()
 
-	s = status.Start(c.ctx.Ctx, "Postprocessing objects")
+	return nil
+}
 
-	g = utils.NewGoHelper(c.ctx.Ctx, 16)
+func (c *DeploymentCollection) postprocessObjects() error {
+	s := status.Start(c.ctx.Ctx, "Postprocessing objects")
+
+	g := utils.NewGoHelper(c.ctx.Ctx, 16)
 	for _, d_ := range c.Deployments {
 		d := d_
 
@@ -224,6 +231,81 @@ func (c *DeploymentCollection) buildKustomizeObjects() error {
 	return g.ErrorOrNil()
 }
 
+func (c *DeploymentCollection) writeRenderedYamls() error {
+	s := status.Start(c.ctx.Ctx, "Writing rendered objects")
+
+	g := utils.NewGoHelper(c.ctx.Ctx, 16)
+	for _, d_ := range c.Deployments {
+		d := d_
+
+		g.RunE(func() error {
+			err := d.writeRenderedYaml()
+			if err != nil {
+				return fmt.Errorf("writing objects for %s failed: %w", *d.dir, err)
+			}
+			return nil
+		})
+	}
+	g.Wait()
+
+	if g.ErrorOrNil() == nil {
+		s.Success()
+	} else {
+		s.Failed()
+	}
+
+	return g.ErrorOrNil()
+}
+
+func (c *DeploymentCollection) fixNamespaces() error {
+	if c.ctx.K == nil {
+		return nil
+	}
+	namespacedFromCRDs := c.buildNamespacedFromCRDs()
+	for _, d := range c.Deployments {
+		for _, o := range d.Objects {
+			def := "default"
+			helmNs := o.GetK8sAnnotation(helm.InstallNamespaceAnnotation)
+			if helmNs != nil {
+				def = *helmNs
+				o.RemoveK8sAnnotation(helm.InstallNamespaceAnnotation)
+			}
+
+			namespaced := namespacedFromCRDs[o.GetK8sRef().GroupKind()]
+			if namespaced == nil {
+				namespaced = c.ctx.K.IsNamespaced(o.GetK8sRef().GroupVersionKind())
+			}
+
+			if namespaced != nil {
+				k8s.FixNamespace(o, *namespaced, def)
+			}
+		}
+	}
+	return nil
+}
+
+func (c *DeploymentCollection) buildNamespacedFromCRDs() map[schema.GroupKind]*bool {
+	namespacedFromCRDs := map[schema.GroupKind]*bool{}
+	for _, d := range c.Deployments {
+		for _, o := range d.Objects {
+			if o.GetK8sRef().GroupKind().String() == "CustomResourceDefinition.apiextensions.k8s.io" {
+				scope, _, _ := o.GetNestedString("spec", "scope")
+				group, _, _ := o.GetNestedString("spec", "group")
+				kind, _, _ := o.GetNestedString("spec", "names", "kind")
+				if scope != "" && group != "" && kind != "" {
+					b := scope == "Namespaced"
+					gk := schema.GroupKind{
+						Group: group,
+						Kind:  kind,
+					}
+					namespacedFromCRDs[gk] = &b
+				}
+			}
+		}
+	}
+	return namespacedFromCRDs
+}
+
 func (c *DeploymentCollection) LocalObjects() []*uo.UnstructuredObject {
 	var ret []*uo.UnstructuredObject
 	for _, d := range c.Deployments {
@@ -267,6 +349,18 @@ func (c *DeploymentCollection) Prepare() error {
 	if err != nil {
 		return err
 	}
+	err = c.postprocessObjects()
+	if err != nil {
+		return err
+	}
+	err = c.writeRenderedYamls()
+	if err != nil {
+		return err
+	}
+	err = c.fixNamespaces()
+	if err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 9ad65c80c..6e82ee6ba 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -554,18 +554,12 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 		return nil
 	}
 
-	var objects []interface{}
-
 	var errs *multierror.Error
 	for _, o := range di.Objects {
 		commonLabels := di.getCommonLabels()
 		commonAnnotations := di.getCommonAnnotations()
 
 		_ = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-			if di.ctx.K != nil {
-				di.ctx.K.FixNamespace(o, "default")
-			}
-
 			// Set common labels/annotations
 			for n, v := range commonLabels {
 				o.SetK8sLabel(n, v)
@@ -581,12 +575,19 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 			}
 			return nil
 		})
+	}
 
-		objects = append(objects, o.Object)
+	return errs.ErrorOrNil()
+}
+
+func (di *DeploymentItem) writeRenderedYaml() error {
+	if di.dir == nil {
+		return nil
 	}
 
-	if errs.ErrorOrNil() != nil {
-		return errs.ErrorOrNil()
+	var objects []interface{}
+	for _, o := range di.Objects {
+		objects = append(objects, o.Object)
 	}
 
 	// Need to write it back to disk in case it is needed externally
@@ -594,6 +595,5 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 	if err != nil {
 		return err
 	}
-
 	return nil
 }
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 4547abcd1..6923ab0f0 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -405,6 +405,8 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 }
 
 func (a *ApplyUtil) handleObservedCRD(r *uo.UnstructuredObject) {
+	status.Tracef(a.ctx, "observed CRD %s", r.GetK8sName())
+
 	y, err := yaml.WriteYamlBytes(r)
 	if err == nil {
 		var crd *apiextensionsv1.CustomResourceDefinition
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 8e02c38a1..cf6f4fb0d 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -40,7 +40,11 @@ var deleteOrder = [][]string{
 }
 
 func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef {
-	ref = k.FixNamespaceInRef(ref)
+	namespaced := k.IsNamespaced(ref.GroupVersionKind())
+	if namespaced == nil {
+		return ref
+	}
+	ref = k8s.FixNamespaceInRef(ref, *namespaced, "default")
 	ref.Version = ""
 	return ref
 }
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index ed9a3f25c..2cc6d3d08 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -28,6 +28,8 @@ import (
 	"helm.sh/helm/v3/pkg/release"
 )
 
+const InstallNamespaceAnnotation = "kluctl.io/helm-install-namespace"
+
 type Release struct {
 	ConfigFile string
 	Config     *types.HelmChartConfig
@@ -257,22 +259,16 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 		}
 	}
 
-	var fixed []interface{}
+	parsedI := make([]any, 0, len(parsed))
 	for _, o := range parsed {
-		// "helm install" will deploy resources to the given namespace automatically, but "helm template" does not
-		// add the necessary namespace in the rendered resources
-		if k != nil {
-			err = k8s.UnwrapListItems(o, true, func(o *uo.UnstructuredObject) error {
-				k.FixNamespace(o, namespace)
-				return nil
-			})
-			if err != nil {
-				return err
-			}
+		if hr.Config.Namespace != nil {
+			// mark it for later namespace fixing
+			o.SetK8sAnnotation(InstallNamespaceAnnotation, *hr.Config.Namespace)
 		}
-		fixed = append(fixed, o)
+		parsedI = append(parsedI, o)
 	}
-	rendered, err := yaml.WriteYamlAllBytes(fixed)
+
+	rendered, err := yaml.WriteYamlAllBytes(parsedI)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 3df393e36..a0a4c214c 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -440,19 +440,6 @@ func (k *K8sCluster) IsNamespaced(gvk schema.GroupVersionKind) *bool {
 	return &ret
 }
 
-func (k *K8sCluster) FixNamespace(o *uo.UnstructuredObject, def string) {
-	ref := o.GetK8sRef()
-	namespaced := k.IsNamespaced(ref.GroupVersionKind())
-	if namespaced == nil {
-		return
-	}
-	if !*namespaced && ref.Namespace != "" {
-		o.SetK8sNamespace("")
-	} else if *namespaced && ref.Namespace == "" {
-		o.SetK8sNamespace(def)
-	}
-}
-
 func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 	namespaced := k.IsNamespaced(ref.GroupVersionKind())
 	if namespaced == nil {
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index bd0c74dcd..0dc1d5408 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -1,6 +1,7 @@
 package k8s
 
 import (
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
@@ -29,3 +30,21 @@ func UnwrapListItems(o *uo.UnstructuredObject, withListCallback bool, cb func(o
 		return cb(o)
 	}
 }
+
+func FixNamespace(o *uo.UnstructuredObject, namespaced bool, def string) {
+	ref := o.GetK8sRef()
+	if !namespaced && ref.Namespace != "" {
+		o.SetK8sNamespace("")
+	} else if namespaced && ref.Namespace == "" {
+		o.SetK8sNamespace(def)
+	}
+}
+
+func FixNamespaceInRef(ref k8s.ObjectRef, namespaced bool, def string) k8s.ObjectRef {
+	if !namespaced && ref.Namespace != "" {
+		ref.Namespace = ""
+	} else if namespaced && ref.Namespace == "" {
+		ref.Namespace = def
+	}
+	return ref
+}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index e3b507121..ea7c24475 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -184,6 +184,13 @@ func (uo *UnstructuredObject) SetK8sAnnotation(name string, value string) {
 	}
 }
 
+func (uo *UnstructuredObject) RemoveK8sAnnotation(name string) {
+	err := uo.RemoveNestedField("metadata", "annotations", name)
+	if err != nil {
+		panic(err)
+	}
+}
+
 func (uo *UnstructuredObject) GetK8sAnnotationsWithRegex(r interface{}) map[string]string {
 	p := uo.getRegexp(r)
 

From 9e621961a2ff028b5413aae2cff348fd7bf01ec1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 14:52:52 +0200
Subject: [PATCH 1321/2268] refactor: Share single informer for all result
 types

---
 pkg/results/result-store-secrets.go | 49 ++++++++++++++---------------
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index aa0abda06..01a7a6d6e 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/selection"
 	"k8s.io/client-go/rest"
@@ -29,7 +30,7 @@ type ResultStoreSecrets struct {
 	ctx context.Context
 
 	client               client.Client
-	commandResultsCache  cache.Cache
+	cache                cache.Cache
 	validateResultsCache cache.Cache
 
 	writeNamespace           string
@@ -39,37 +40,33 @@ type ResultStoreSecrets struct {
 	mutex sync.Mutex
 }
 
-func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client client.Client, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
-	req1, _ := labels.NewRequirement("kluctl.io/command-result-id", selection.Exists, nil)
-	req2, _ := labels.NewRequirement("kluctl.io/validate-result-id", selection.Exists, nil)
+func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ client.Client, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
+	scheme := runtime.NewScheme()
+	_ = corev1.AddToScheme(scheme)
+	_ = kluctlv1.AddToScheme(scheme)
 
+	req1, _ := labels.NewRequirement("kluctl.io/result", selection.Exists, nil)
 	c1, err := cache.New(config, cache.Options{
-		Mapper:               client.RESTMapper(),
-		DefaultLabelSelector: labels.NewSelector().Add(*req1),
-	})
-	if err != nil {
-		return nil, err
-	}
-	c2, err := cache.New(config, cache.Options{
-		Mapper:               client.RESTMapper(),
-		DefaultLabelSelector: labels.NewSelector().Add(*req2),
+		Mapper: client_.RESTMapper(),
+		Scheme: scheme,
+		ByObject: map[client.Object]cache.ByObject{
+			&corev1.Secret{}: {
+				Label: labels.NewSelector().Add(*req1),
+			},
+		},
 	})
 	if err != nil {
 		return nil, err
 	}
 
 	go c1.Start(ctx)
-	go c2.Start(ctx)
-
 	c1.WaitForCacheSync(ctx)
-	c2.WaitForCacheSync(ctx)
 
 	s := &ResultStoreSecrets{
 		ctx:                      ctx,
-		client:                   client,
+		client:                   client_,
 		writeNamespace:           writeNamespace,
-		commandResultsCache:      c1,
-		validateResultsCache:     c2,
+		cache:                    c1,
 		keepCommandResultsCount:  keepCommandResultsCount,
 		keepValidateResultsCount: keepValidateResultsCount,
 	}
@@ -160,6 +157,7 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			Name:      s.buildName("cr", cr.Id, cr.ProjectKey),
 			Namespace: s.writeNamespace,
 			Labels: map[string]string{
+				"kluctl.io/result":            "true",
 				"kluctl.io/command-result-id": cr.Id,
 			},
 			Annotations: map[string]string{
@@ -221,6 +219,7 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 			Name:      s.buildName("vr", vr.Id, vr.ProjectKey),
 			Namespace: s.writeNamespace,
 			Labels: map[string]string{
+				"kluctl.io/result":             "true",
 				"kluctl.io/validate-result-id": vr.Id,
 			},
 			Annotations: map[string]string{
@@ -316,7 +315,7 @@ func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, t
 func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.commandResultsCache.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
+	err := s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -393,7 +392,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSumma
 			return nil
 		}
 		summary, err := s.parseCommandSummary(o.GetAnnotations())
-		if err != nil {
+		if err != nil || summary == nil {
 			return nil
 		}
 		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
@@ -420,7 +419,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSumma
 		ch <- *e
 	}
 
-	inf, err := s.commandResultsCache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
+	inf, err := s.cache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Secret",
 			APIVersion: "v1",
@@ -516,7 +515,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
-	err := s.validateResultsCache.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
+	err := s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
 	if err != nil {
 		return nil, err
 	}
@@ -557,7 +556,7 @@ func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSumm
 			return nil
 		}
 		summary, err := s.parseValidateSummary(o.GetAnnotations())
-		if err != nil {
+		if err != nil || summary == nil {
 			return nil
 		}
 		if !FilterProject(summary.ProjectKey, options.ProjectFilter) {
@@ -584,7 +583,7 @@ func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSumm
 		ch <- *e
 	}
 
-	inf, err := s.validateResultsCache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
+	inf, err := s.cache.GetInformer(s.ctx, &metav1.PartialObjectMetadata{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Secret",
 			APIVersion: "v1",

From 3e06e6480e59de289b3afe5e4c88f45818985960 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 14:53:13 +0200
Subject: [PATCH 1322/2268] fix: Omit name if it is empty

---
 pkg/results/result-store-secrets.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 01a7a6d6e..d9fe1b07b 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -92,7 +92,13 @@ func (s *ResultStoreSecrets) buildName(prefix string, id string, projectKey resu
 		name = name[:maxNameLen]
 	}
 
-	return prefix + "-" + name + "-" + id
+	ret := prefix + "-"
+	if name != "" {
+		ret += name + "-"
+	}
+	ret += id
+
+	return ret
 }
 
 func (s *ResultStoreSecrets) ensureWriteNamespace() error {

From a9e87e4a94c5ddd95903a71e34432da3c9617226 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 7 Jul 2023 14:57:04 +0200
Subject: [PATCH 1323/2268] fix: No need to return initial list when watching

---
 pkg/results/result-store-secrets.go | 16 ++---
 pkg/results/result-store.go         |  4 +-
 pkg/results/results-collector.go    | 92 ++++++++++++++---------------
 pkg/webui/server.go                 | 10 +---
 4 files changed, 58 insertions(+), 64 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index d9fe1b07b..b43d164e6 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -383,7 +383,7 @@ func (s *ResultStoreSecrets) parseValidateSummary(a map[string]string) (*result.
 	return &summary, nil
 }
 
-func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSummariesOptions) (<-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	ch := make(chan WatchCommandResultSummaryEvent)
 
 	buildEvent := func(obj any) *WatchCommandResultSummaryEvent {
@@ -432,7 +432,7 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSumma
 		},
 	})
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
 	handle, err := inf.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
@@ -447,13 +447,13 @@ func (s *ResultStoreSecrets) WatchCommandResultSummaries(options ListResultSumma
 		},
 	})
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
 	cancel := func() {
 		_ = inf.RemoveEventHandler(handle)
 	}
-	return nil, ch, cancel, nil
+	return ch, cancel, nil
 }
 
 func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
@@ -547,7 +547,7 @@ func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSumma
 	return ret, nil
 }
 
-func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
+func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
 	ch := make(chan WatchValidateResultSummaryEvent)
 
 	buildEvent := func(obj any) *WatchValidateResultSummaryEvent {
@@ -596,7 +596,7 @@ func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSumm
 		},
 	})
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
 	handle, err := inf.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
@@ -611,13 +611,13 @@ func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSumm
 		},
 	})
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
 	cancel := func() {
 		_ = inf.RemoveEventHandler(handle)
 	}
-	return nil, ch, cancel, nil
+	return ch, cancel, nil
 }
 
 func (s *ResultStoreSecrets) GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error) {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 2e5453b91..2c20023be 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -33,11 +33,11 @@ type ResultStore interface {
 	WriteValidateResult(vr *result.ValidateResult) error
 
 	ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error)
-	WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
+	WatchCommandResultSummaries(options ListResultSummariesOptions) (<-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
 	GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error)
 
 	ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error)
-	WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error)
+	WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error)
 	GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error)
 }
 
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 3bf23b4fb..e7205f88b 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -36,15 +36,11 @@ type validateSummaryEntry struct {
 type commandResultWatchEntry struct {
 	options ListResultSummariesOptions
 	ch      chan WatchCommandResultSummaryEvent
-
-	initialQueue []*result.CommandResultSummary
 }
 
 type validateResultWatchEntry struct {
 	options ListResultSummariesOptions
 	ch      chan WatchValidateResultSummaryEvent
-
-	initialQueue []*result.ValidateResultSummary
 }
 
 func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsCollector {
@@ -63,13 +59,13 @@ func (rc *ResultsCollector) Start() {
 }
 
 func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeout time.Duration) error {
-	_, ch1, cancel1, err := rc.WatchCommandResultSummaries(ListResultSummariesOptions{})
+	ch1, cancel1, err := rc.WatchCommandResultSummaries(ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
 	defer cancel1()
 
-	_, ch2, cancel2, err := rc.WatchValidateResultSummaries(ListResultSummariesOptions{})
+	ch2, cancel2, err := rc.WatchValidateResultSummaries(ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
@@ -100,24 +96,14 @@ func (rc *ResultsCollector) startWatchResults() {
 
 func (rc *ResultsCollector) runWatchCommandResults(store ResultStore) {
 	for {
-		l, ch, _, err := store.WatchCommandResultSummaries(ListResultSummariesOptions{})
+		ch, _, err := store.WatchCommandResultSummaries(ListResultSummariesOptions{})
 		if err != nil {
 			time.Sleep(5 * time.Second)
 			continue
 		}
 
-		for _, rs := range l {
-			rc.handleCommandResultUpdate(store, WatchCommandResultSummaryEvent{
-				Summary: rs,
-			})
-		}
-
 		go func() {
-			for {
-				event, ok := <-ch
-				if !ok {
-					break
-				}
+			for event := range ch {
 				rc.handleCommandResultUpdate(store, event)
 			}
 		}()
@@ -128,24 +114,14 @@ func (rc *ResultsCollector) runWatchCommandResults(store ResultStore) {
 
 func (rc *ResultsCollector) runWatchValidateResults(store ResultStore) {
 	for {
-		l, ch, _, err := store.WatchValidateResultSummaries(ListResultSummariesOptions{})
+		ch, _, err := store.WatchValidateResultSummaries(ListResultSummariesOptions{})
 		if err != nil {
 			time.Sleep(5 * time.Second)
 			continue
 		}
 
-		for _, rs := range l {
-			rc.handleValidateResultUpdate(store, WatchValidateResultSummaryEvent{
-				Summary: rs,
-			})
-		}
-
 		go func() {
-			for {
-				event, ok := <-ch
-				if !ok {
-					break
-				}
+			for event := range ch {
 				rc.handleValidateResultUpdate(store, event)
 			}
 		}()
@@ -224,27 +200,39 @@ func (rc *ResultsCollector) ListCommandResultSummaries(options ListResultSummari
 	return summaries, nil
 }
 
-func (rc *ResultsCollector) WatchCommandResultSummaries(options ListResultSummariesOptions) ([]*result.CommandResultSummary, <-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
+func (rc *ResultsCollector) WatchCommandResultSummaries(options ListResultSummariesOptions) (<-chan WatchCommandResultSummaryEvent, context.CancelFunc, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
+	isCancelled := false
+
 	w := &commandResultWatchEntry{
 		options: options,
 		ch:      make(chan WatchCommandResultSummaryEvent),
 	}
 
-	rc.commandResultWatches = append(rc.commandResultWatches, w)
+	go func() {
+		rc.mutex.Lock()
+		defer rc.mutex.Unlock()
 
-	var initial []*result.CommandResultSummary
+		if isCancelled {
+			return
+		}
 
-	for _, se := range rc.commandResultSummaries {
-		if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
-			initial = append(initial, se.summary)
+		for _, se := range rc.commandResultSummaries {
+			if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
+				w.ch <- WatchCommandResultSummaryEvent{
+					Summary: se.summary,
+				}
+			}
 		}
-	}
+
+		rc.commandResultWatches = append(rc.commandResultWatches, w)
+	}()
 
 	cancel := func() {
 		rc.mutex.Lock()
+		isCancelled = true
 		for i, w2 := range rc.commandResultWatches {
 			if w2 == w {
 				rc.commandResultWatches = append(rc.commandResultWatches[:i], rc.commandResultWatches[i+1:]...)
@@ -255,7 +243,7 @@ func (rc *ResultsCollector) WatchCommandResultSummaries(options ListResultSummar
 		close(w.ch)
 	}
 
-	return initial, w.ch, cancel, nil
+	return w.ch, cancel, nil
 }
 
 func (rc *ResultsCollector) GetCommandResult(options GetCommandResultOptions) (*result.CommandResult, error) {
@@ -284,27 +272,39 @@ func (rc *ResultsCollector) ListValidateResultSummaries(options ListResultSummar
 	return summaries, nil
 }
 
-func (rc *ResultsCollector) WatchValidateResultSummaries(options ListResultSummariesOptions) ([]*result.ValidateResultSummary, <-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
+func (rc *ResultsCollector) WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
+	isCancelled := false
+
 	w := &validateResultWatchEntry{
 		options: options,
 		ch:      make(chan WatchValidateResultSummaryEvent),
 	}
 
-	rc.validateResultWatches = append(rc.validateResultWatches, w)
+	go func() {
+		rc.mutex.Lock()
+		defer rc.mutex.Unlock()
 
-	var initial []*result.ValidateResultSummary
+		if isCancelled {
+			return
+		}
 
-	for _, se := range rc.validateResultSummaries {
-		if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
-			initial = append(initial, se.summary)
+		for _, se := range rc.validateResultSummaries {
+			if FilterProject(se.summary.ProjectKey, options.ProjectFilter) {
+				w.ch <- WatchValidateResultSummaryEvent{
+					Summary: se.summary,
+				}
+			}
 		}
-	}
+
+		rc.validateResultWatches = append(rc.validateResultWatches, w)
+	}()
 
 	cancel := func() {
 		rc.mutex.Lock()
+		isCancelled = true
 		for i, w2 := range rc.validateResultWatches {
 			if w2 == w {
 				rc.validateResultWatches = append(rc.validateResultWatches[:i], rc.validateResultWatches[i+1:]...)
@@ -315,7 +315,7 @@ func (rc *ResultsCollector) WatchValidateResultSummaries(options ListResultSumma
 		close(w.ch)
 	}
 
-	return initial, w.ch, cancel, nil
+	return w.ch, cancel, nil
 }
 
 func (rc *ResultsCollector) GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error) {
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 0a46caa68..048c1c481 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -146,12 +146,12 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 }
 
 func (s *CommandResultsServer) startUpdateLogs() error {
-	l1, ch1, cancel1, err := s.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
+	ch1, cancel1, err := s.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
 
-	l2, ch2, cancel2, err := s.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
+	ch2, cancel2, err := s.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
 	if err != nil {
 		cancel1()
 		return err
@@ -168,12 +168,6 @@ func (s *CommandResultsServer) startUpdateLogs() error {
 				status.Infof(s.ctx, "Updated %s result summary for %s", type_, id)
 			}
 		}
-		for _, x := range l1 {
-			printEvent(x.Id, "command", false)
-		}
-		for _, x := range l2 {
-			printEvent(x.Id, "validate", false)
-		}
 
 		for {
 			select {

From 4edb897e3bb7f41fa27ffbf963610bc9ffb661f5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Jul 2023 22:33:11 +0200
Subject: [PATCH 1324/2268] fix: Properly track clusterIds in KluctlDeployment
 status

---
 pkg/controllers/kluctl_project.go              |  4 ++--
 pkg/controllers/kluctldeployment_controller.go |  5 +++++
 .../kluctldeployment_controller_utils.go       | 11 -----------
 pkg/k8s/k8s_cluster.go                         | 13 ++++++-------
 pkg/k8s/utils.go                               | 18 ++++++++++++++++++
 5 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index b52aab613..ec6c86db4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -653,7 +653,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	}
 
 	var err error
-	cmdResult.Command.KluctlDeployment.ClusterId, err = pt.pp.r.getClusterId(ctx)
+	cmdResult.Command.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
 	if err != nil {
 		return err
 	}
@@ -721,7 +721,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 	}
 
 	var err error
-	validateResult.KluctlDeployment.ClusterId, err = pt.pp.r.getClusterId(ctx)
+	validateResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 0b2cee9b0..afad9dc8d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -243,9 +243,14 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
 		SubDir:     path.Clean(obj.Spec.Source.Path),
 	}
+	clusterId, err := targetContext.SharedContext.K.GetClusterId()
+	if err != nil {
+		return doFailPrepare(err)
+	}
 	obj.Status.TargetKey = &result.TargetKey{
 		TargetName:    targetContext.Target.Name,
 		Discriminator: targetContext.Target.Discriminator,
+		ClusterId:     clusterId,
 	}
 
 	if obj.Status.ProjectKey.SubDir == "." {
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index 3c2b80b37..7489c3b2d 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -4,12 +4,10 @@ import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
-	corev1 "k8s.io/api/core/v1"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/reference"
 	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func (r *KluctlDeploymentReconciler) event(ctx context.Context, obj *kluctlv1.KluctlDeployment, warning bool, msg string, metadata map[string]string) {
@@ -72,12 +70,3 @@ func (r *KluctlDeploymentReconciler) recordSuspension(ctx context.Context, obj *
 		r.MetricsRecorder.RecordSuspend(*objRef, obj.Spec.Suspend)
 	}
 }
-
-func (r *KluctlDeploymentReconciler) getClusterId(ctx context.Context) (string, error) {
-	var kubeSystemNs corev1.Namespace
-	err := r.Get(ctx, client.ObjectKey{Name: "kube-system"}, &kubeSystemNs)
-	if err != nil {
-		return "", err
-	}
-	return string(kubeSystemNs.UID), nil
-}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index a0a4c214c..d43dea6ac 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -84,16 +84,15 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 }
 
 func (k *K8sCluster) GetClusterId() (string, error) {
-	kubeSystemNs, _, err := k.GetSingleObject(
-		k8s.NewObjectRef("", "v1", "Namespace", "kube-system", ""))
+	var clusterId string
+	_, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+		var err error
+		clusterId, err = GetClusterId(k.ctx, c)
+		return err
+	})
 	if err != nil {
 		return "", err
 	}
-	// we reuse the kube-system namespace uid as global cluster id
-	clusterId := kubeSystemNs.GetK8sUid()
-	if clusterId == "" {
-		return "", fmt.Errorf("kube-system namespace has no uid")
-	}
 	return clusterId, nil
 }
 
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index 0dc1d5408..8f3577e61 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -1,9 +1,13 @@
 package k8s
 
 import (
+	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func UnwrapListItems(o *uo.UnstructuredObject, withListCallback bool, cb func(o *uo.UnstructuredObject) error) error {
@@ -48,3 +52,17 @@ func FixNamespaceInRef(ref k8s.ObjectRef, namespaced bool, def string) k8s.Objec
 	}
 	return ref
 }
+
+func GetClusterId(ctx context.Context, c client.Client) (string, error) {
+	// we reuse the kube-system namespace uid as global cluster id
+	var ns corev1.Namespace
+	err := c.Get(ctx, client.ObjectKey{Name: "kube-system"}, &ns)
+	if err != nil {
+		return "", err
+	}
+	clusterId := ns.UID
+	if clusterId == "" {
+		return "", fmt.Errorf("kube-system namespace has no uid")
+	}
+	return string(clusterId), nil
+}

From 206ac6a3a861d21338bd4d64f58edca6de8b519e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Jul 2023 22:34:26 +0200
Subject: [PATCH 1325/2268] feat: Send KluctlDeployment objects to webui and
 take them into account

---
 pkg/results/result-store-secrets.go           |  90 ++++++++++++
 pkg/results/result-store.go                   |  11 ++
 pkg/results/results-collector.go              | 128 ++++++++++++++++++
 pkg/webui/events.go                           |  50 +++++--
 pkg/webui/server.go                           |  18 ++-
 pkg/webui/ui/src/components/ActionsMenu.tsx   |   2 +-
 pkg/webui/ui/src/components/App.tsx           |  32 ++++-
 .../components/targets-view/TargetItem.tsx    |  49 +++----
 pkg/webui/ui/src/project-summaries.ts         | 103 +++++++++++---
 9 files changed, 417 insertions(+), 66 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index b43d164e6..c36de8005 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -4,6 +4,8 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -32,6 +34,7 @@ type ResultStoreSecrets struct {
 	client               client.Client
 	cache                cache.Cache
 	validateResultsCache cache.Cache
+	clusterId            string
 
 	writeNamespace           string
 	keepCommandResultsCount  int
@@ -41,6 +44,11 @@ type ResultStoreSecrets struct {
 }
 
 func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ client.Client, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
+	clusterId, err := k8s.GetClusterId(ctx, client_)
+	if err != nil {
+		return nil, err
+	}
+
 	scheme := runtime.NewScheme()
 	_ = corev1.AddToScheme(scheme)
 	_ = kluctlv1.AddToScheme(scheme)
@@ -67,9 +75,11 @@ func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ cli
 		client:                   client_,
 		writeNamespace:           writeNamespace,
 		cache:                    c1,
+		clusterId:                clusterId,
 		keepCommandResultsCount:  keepCommandResultsCount,
 		keepValidateResultsCount: keepValidateResultsCount,
 	}
+
 	return s, nil
 }
 
@@ -651,3 +661,83 @@ func (s *ResultStoreSecrets) GetValidateResult(options GetValidateResultOptions)
 
 	return &vr, nil
 }
+
+func (s *ResultStoreSecrets) ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error) {
+	var l kluctlv1.KluctlDeploymentList
+	err := s.cache.List(s.ctx, &l)
+	if err != nil {
+		return nil, err
+	}
+	return l.Items, nil
+}
+
+func (s *ResultStoreSecrets) WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error) {
+	ch := make(chan WatchKluctlDeploymentEvent)
+
+	buildEvent := func(obj any) *WatchKluctlDeploymentEvent {
+		var o *kluctlv1.KluctlDeployment
+		switch o2 := obj.(type) {
+		case *kluctlv1.KluctlDeployment:
+			o = o2
+		case toolscache.DeletedFinalStateUnknown:
+			o = o2.Obj.(*kluctlv1.KluctlDeployment)
+		}
+		if o == nil {
+			return nil
+		}
+		return &WatchKluctlDeploymentEvent{
+			Deployment: o,
+			ClusterId:  s.clusterId,
+		}
+	}
+
+	doUpdate := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
+		}
+		ch <- *e
+	}
+	doDelete := func(obj any) {
+		e := buildEvent(obj)
+		if e == nil {
+			return
+		}
+		e.Delete = true
+		ch <- *e
+	}
+
+	inf, err := s.cache.GetInformer(s.ctx, &kluctlv1.KluctlDeployment{})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	handle, err := inf.AddEventHandler(toolscache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			doUpdate(obj)
+		},
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			doUpdate(newObj)
+		},
+		DeleteFunc: func(obj interface{}) {
+			doDelete(obj)
+		},
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	cancel := func() {
+		_ = inf.RemoveEventHandler(handle)
+	}
+	return ch, cancel, nil
+}
+
+func (s *ResultStoreSecrets) GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
+	var k kluctlv1.KluctlDeployment
+	err := s.cache.Get(s.ctx, client.ObjectKey{Name: name, Namespace: namespace}, &k)
+	if err != nil {
+		return nil, err
+	}
+	return &k, nil
+}
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 2c20023be..1f369d736 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -2,6 +2,7 @@ package results
 
 import (
 	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
@@ -28,6 +29,12 @@ type WatchValidateResultSummaryEvent struct {
 	Delete  bool                          `json:"delete"`
 }
 
+type WatchKluctlDeploymentEvent struct {
+	ClusterId  string                     `json:"clusterId"`
+	Deployment *kluctlv1.KluctlDeployment `json:"deployment"`
+	Delete     bool                       `json:"delete"`
+}
+
 type ResultStore interface {
 	WriteCommandResult(cr *result.CommandResult) error
 	WriteValidateResult(vr *result.ValidateResult) error
@@ -39,6 +46,10 @@ type ResultStore interface {
 	ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error)
 	WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error)
 	GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error)
+
+	ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error)
+	WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error)
+	GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error)
 }
 
 func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index e7205f88b..0f3196f6d 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -3,7 +3,9 @@ package results
 import (
 	"context"
 	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"k8s.io/apimachinery/pkg/types"
 	"sort"
 	"sync"
 	"time"
@@ -20,6 +22,9 @@ type ResultsCollector struct {
 	validateResultSummaries map[string]validateSummaryEntry
 	validateResultWatches   []*validateResultWatchEntry
 
+	kluctlDeployments       map[types.UID]kluctlDeploymentEntry
+	kluctlDeploymentWatches []*kluctlDeploymentWatchEntry
+
 	mutex sync.Mutex
 }
 
@@ -33,6 +38,11 @@ type validateSummaryEntry struct {
 	summary *result.ValidateResultSummary
 }
 
+type kluctlDeploymentEntry struct {
+	store      ResultStore
+	deployment *kluctlv1.KluctlDeployment
+}
+
 type commandResultWatchEntry struct {
 	options ListResultSummariesOptions
 	ch      chan WatchCommandResultSummaryEvent
@@ -43,12 +53,17 @@ type validateResultWatchEntry struct {
 	ch      chan WatchValidateResultSummaryEvent
 }
 
+type kluctlDeploymentWatchEntry struct {
+	ch chan WatchKluctlDeploymentEvent
+}
+
 func NewResultsCollector(ctx context.Context, stores []ResultStore) *ResultsCollector {
 	ret := &ResultsCollector{
 		ctx:                     ctx,
 		stores:                  stores,
 		commandResultSummaries:  map[string]commandSummaryEntry{},
 		validateResultSummaries: map[string]validateSummaryEntry{},
+		kluctlDeployments:       map[types.UID]kluctlDeploymentEntry{},
 	}
 
 	return ret
@@ -71,6 +86,12 @@ func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeo
 	}
 	defer cancel2()
 
+	ch3, cancel3, err := rc.WatchValidateResultSummaries(ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	defer cancel3()
+
 	totalCh := time.After(totalTimeout)
 	for {
 		idleCh := time.After(idleTimeout)
@@ -79,6 +100,8 @@ func (rc *ResultsCollector) WaitForResults(idleTimeout time.Duration, totalTimeo
 			continue
 		case <-ch2:
 			continue
+		case <-ch3:
+			continue
 		case <-idleCh:
 			return nil
 		case <-totalCh:
@@ -91,6 +114,7 @@ func (rc *ResultsCollector) startWatchResults() {
 	for _, store := range rc.stores {
 		go rc.runWatchCommandResults(store)
 		go rc.runWatchValidateResults(store)
+		go rc.runWatchKluctlDeployments(store)
 	}
 }
 
@@ -130,6 +154,24 @@ func (rc *ResultsCollector) runWatchValidateResults(store ResultStore) {
 	}
 }
 
+func (rc *ResultsCollector) runWatchKluctlDeployments(store ResultStore) {
+	for {
+		ch, _, err := store.WatchKluctlDeployments()
+		if err != nil {
+			time.Sleep(5 * time.Second)
+			continue
+		}
+
+		go func() {
+			for event := range ch {
+				rc.handleKluctlDeploymentUpdate(store, event)
+			}
+		}()
+
+		break
+	}
+}
+
 func (rc *ResultsCollector) handleCommandResultUpdate(store ResultStore, event WatchCommandResultSummaryEvent) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
@@ -176,6 +218,27 @@ func (rc *ResultsCollector) handleValidateResultUpdate(store ResultStore, event
 	}
 }
 
+func (rc *ResultsCollector) handleKluctlDeploymentUpdate(store ResultStore, event WatchKluctlDeploymentEvent) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	if event.Delete {
+		_, ok := rc.kluctlDeployments[event.Deployment.UID]
+		if ok {
+			delete(rc.kluctlDeployments, event.Deployment.UID)
+		}
+	} else {
+		rc.kluctlDeployments[event.Deployment.UID] = kluctlDeploymentEntry{
+			store:      store,
+			deployment: event.Deployment,
+		}
+	}
+
+	for _, w := range rc.kluctlDeploymentWatches {
+		w.ch <- event
+	}
+}
+
 func (rc *ResultsCollector) WriteCommandResult(cr *result.CommandResult) error {
 	return fmt.Errorf("WriteCommandResult is not supported in ResultsCollector")
 }
@@ -327,3 +390,68 @@ func (rc *ResultsCollector) GetValidateResult(options GetValidateResultOptions)
 	}
 	return se.store.GetValidateResult(options)
 }
+
+func (rc *ResultsCollector) ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+	ret := make([]kluctlv1.KluctlDeployment, 0, len(rc.commandResultSummaries))
+	for _, x := range rc.kluctlDeployments {
+		ret = append(ret, *x.deployment)
+	}
+	return ret, nil
+}
+
+func (rc *ResultsCollector) WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	isCancelled := false
+
+	w := &kluctlDeploymentWatchEntry{
+		ch: make(chan WatchKluctlDeploymentEvent),
+	}
+
+	go func() {
+		rc.mutex.Lock()
+		defer rc.mutex.Unlock()
+
+		if isCancelled {
+			return
+		}
+
+		for _, e := range rc.kluctlDeployments {
+			w.ch <- WatchKluctlDeploymentEvent{
+				Deployment: e.deployment,
+			}
+		}
+
+		rc.kluctlDeploymentWatches = append(rc.kluctlDeploymentWatches, w)
+	}()
+
+	cancel := func() {
+		rc.mutex.Lock()
+		isCancelled = true
+		for i, w2 := range rc.kluctlDeploymentWatches {
+			if w2 == w {
+				rc.kluctlDeploymentWatches = append(rc.kluctlDeploymentWatches[:i], rc.kluctlDeploymentWatches[i+1:]...)
+				break
+			}
+		}
+		rc.mutex.Unlock()
+		close(w.ch)
+	}
+
+	return w.ch, cancel, nil
+}
+
+func (rc *ResultsCollector) GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
+	rc.mutex.Lock()
+	defer rc.mutex.Unlock()
+
+	for _, kd := range rc.kluctlDeployments {
+		if kd.deployment.Name == name && kd.deployment.Namespace == namespace {
+			return kd.deployment, nil
+		}
+	}
+	return nil, nil
+}
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 2c4a327c2..29d2e54bb 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -31,7 +31,7 @@ type eventEntry struct {
 	id            string
 	expire        *time.Time
 	seq           int64
-	projectTarget ProjectTargetKey
+	projectTarget *ProjectTargetKey
 	payload       string
 }
 
@@ -45,7 +45,7 @@ func newEventsHandler(server *CommandResultsServer) *eventsHandler {
 	return h
 }
 
-func (h *eventsHandler) updateEvent(id string, ptKey ProjectTargetKey, payload string, expireIn *time.Duration) {
+func (h *eventsHandler) updateEvent(id string, ptKey *ProjectTargetKey, payload string, expireIn *time.Duration) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
@@ -116,11 +116,15 @@ func (h *eventsHandler) startEventsWatcher() error {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
 
-	initialCommandResults, commandResultsCh, _, err := h.server.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
+	commandResultsCh, _, err := h.server.store.WatchCommandResultSummaries(results.ListResultSummariesOptions{})
 	if err != nil {
 		return err
 	}
-	initialValidateResults, validateResultsCh, _, err := h.server.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
+	validateResultsCh, _, err := h.server.store.WatchValidateResultSummaries(results.ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	kluctlDeploymentsCh, _, err := h.server.store.WatchKluctlDeployments()
 	if err != nil {
 		return err
 	}
@@ -157,12 +161,22 @@ func (h *eventsHandler) startEventsWatcher() error {
 			return x
 		}
 	}
-
-	for _, x := range initialCommandResults {
-		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildCommandResultMsg(results.WatchCommandResultSummaryEvent{Summary: x}), nil)
-	}
-	for _, x := range initialValidateResults {
-		h.updateEvent(x.Id, ProjectTargetKey{Project: x.ProjectKey, Target: x.TargetKey}, buildValidateResultMsg(results.WatchValidateResultSummaryEvent{Summary: x}), nil)
+	buildKluctlDeploymentMsg := func(event results.WatchKluctlDeploymentEvent) string {
+		if event.Delete {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type":      "delete_kluctl_deployment",
+				"id":        string(event.Deployment.UID),
+				"clusterId": event.ClusterId,
+			})
+			return x
+		} else {
+			x := yaml.WriteJsonStringMust(map[string]any{
+				"type":       "update_kluctl_deployment",
+				"deployment": event.Deployment,
+				"clusterId":  event.ClusterId,
+			})
+			return x
+		}
 	}
 
 	go func() {
@@ -178,7 +192,7 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildCommandResultMsg(event), expireIn)
+				h.updateEvent(event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildCommandResultMsg(event), expireIn)
 			case event, ok := <-validateResultsCh:
 				if !ok {
 					status.Error(h.server.ctx, "results channel closed unexpectedly")
@@ -188,7 +202,17 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(event.Summary.Id, ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildValidateResultMsg(event), expireIn)
+				h.updateEvent(event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildValidateResultMsg(event), expireIn)
+			case event, ok := <-kluctlDeploymentsCh:
+				if !ok {
+					status.Error(h.server.ctx, "results channel closed unexpectedly")
+					return
+				}
+				var expireIn *time.Duration
+				if event.Delete {
+					expireIn = &expireDeletions
+				}
+				h.updateEvent(string(event.Deployment.UID), nil, buildKluctlDeploymentMsg(event), expireIn)
 			case <-cleanupTimer:
 				h.cleanupEvents()
 				cleanupTimer = time.After(5 * time.Second)
@@ -238,7 +262,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 				continue
 			}
 			nextSeq = e2.seq + 1
-			if !results.FilterProject(e2.projectTarget.Project, filter) {
+			if e2.projectTarget != nil && !results.FilterProject(e2.projectTarget.Project, filter) {
 				continue
 			}
 			events = append(events, e2.payload)
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 048c1c481..90772cbb5 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -157,24 +157,34 @@ func (s *CommandResultsServer) startUpdateLogs() error {
 		return err
 	}
 
+	ch3, cancel3, err := s.store.WatchKluctlDeployments()
+	if err != nil {
+		cancel1()
+		cancel2()
+		return err
+	}
+
 	go func() {
 		defer cancel1()
 		defer cancel2()
+		defer cancel3()
 
 		printEvent := func(id string, type_ string, deleted bool) {
 			if deleted {
-				status.Infof(s.ctx, "Deleted %s result summary for %s", type_, id)
+				status.Infof(s.ctx, "Deleted %s for %s", type_, id)
 			} else {
-				status.Infof(s.ctx, "Updated %s result summary for %s", type_, id)
+				status.Infof(s.ctx, "Updated %s for %s", type_, id)
 			}
 		}
 
 		for {
 			select {
 			case event := <-ch1:
-				printEvent(event.Summary.Id, "command", event.Delete)
+				printEvent(event.Summary.Id, "command result summary", event.Delete)
 			case event := <-ch2:
-				printEvent(event.Summary.Id, "validate", event.Delete)
+				printEvent(event.Summary.Id, "validate result summary", event.Delete)
+			case event := <-ch3:
+				printEvent(event.Deployment.Name, "KluctlDeployment", event.Delete)
 			case <-s.ctx.Done():
 				return
 			}
diff --git a/pkg/webui/ui/src/components/ActionsMenu.tsx b/pkg/webui/ui/src/components/ActionsMenu.tsx
index 4b297e5ca..db9bf6637 100644
--- a/pkg/webui/ui/src/components/ActionsMenu.tsx
+++ b/pkg/webui/ui/src/components/ActionsMenu.tsx
@@ -5,7 +5,7 @@ import { Link } from "react-router-dom";
 
 export interface ActionMenuItem {
     icon: React.ReactNode
-    text: string
+    text: React.ReactNode
     handler?: () => void
     to?: string
 }
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 5d8b7f20b..f0905b65d 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -35,14 +35,21 @@ export const AppContext = createContext<AppContextProps>({
 
 export const ApiContext = createContext<Api>(new StaticApi())
 
+export interface KluctlDeploymentWithClusterId {
+    deployment: any
+    clusterId: string
+}
+
 const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     const api = useContext(ApiContext)
     const [filters, setFilters] = useState<ActiveFilters>()
 
     const commandResultSummariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
     const validateResultSummariesRef = useRef<Map<string, ValidateResultSummary>>(new Map())
+    const kluctlDeploymentsRef = useRef<Map<string, KluctlDeploymentWithClusterId>>(new Map())
     const [commandResultSummaries, setCommandResultSummaries] = useState(commandResultSummariesRef.current)
     const [validateResultSummaries, setValidateResultSummaries] = useState(validateResultSummariesRef.current)
+    const [kluctlDeployments, setKluctlDeployments] = useState(kluctlDeploymentsRef.current)
 
     useEffect(() => {
         const updateCommandResultSummary = (rs: CommandResultSummary) => {
@@ -69,6 +76,21 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
             setValidateResultSummaries(new Map(validateResultSummariesRef.current))
         }
 
+        const updateKluctlDeployment = (kd: any, clusterId: string) => {
+            console.log("update_kluctl_deployment", kd.metadata.uid, kd.metadata.name)
+            kluctlDeploymentsRef.current.set(kd.metadata.uid, {
+                deployment: kd,
+                clusterId: clusterId,
+            })
+            setKluctlDeployments(new Map(kluctlDeploymentsRef.current))
+        }
+
+        const deleteKluctlDeployment = (id: string) => {
+            console.log("delete_kluctl_deployment", id)
+            kluctlDeploymentsRef.current.delete(id)
+            setKluctlDeployments(new Map(kluctlDeploymentsRef.current))
+        }
+
         console.log("starting listenResults")
         let cancel: Promise<() => void>
         cancel = api.listenUpdates(undefined, undefined, msg => {
@@ -85,6 +107,12 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
                 case "delete_validate_result_summary":
                     deleteValidateResultSummary(msg.id)
                     break
+                case "update_kluctl_deployment":
+                    updateKluctlDeployment(msg.deployment, msg.clusterId)
+                    break
+                case "delete_kluctl_deployment":
+                    deleteKluctlDeployment(msg.id)
+                    break
             }
         })
         return () => {
@@ -94,8 +122,8 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     }, [api])
 
     const projects = useMemo(() => {
-        return buildProjectSummaries(commandResultSummaries, validateResultSummaries)
-    }, [commandResultSummaries, validateResultSummaries])
+        return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, false)
+    }, [commandResultSummaries, validateResultSummaries, kluctlDeployments])
 
     const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(
         () => api.getShortNames(),
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 84a7905f7..2545b2966 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -19,7 +19,16 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
     const theme = useTheme();
 
-    if (props.ts.lastValidateResult === undefined) {
+    let validateEnabled = false
+    props.ts.kluctlDeployments.forEach(kd => {
+        if (kd.deployment.spec.validate) {
+            validateEnabled = true
+        }
+    })
+
+    if (!validateEnabled) {
+        icon = <Favorite color={"disabled"}/>
+    } else if (props.ts.lastValidateResult === undefined) {
         icon = <MessageQuestionIcon color={theme.palette.error.main} />
     } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
         if (props.ts.lastValidateResult.warnings) {
@@ -34,7 +43,9 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     }
 
     const tooltip: string[] = []
-    if (props.ts.lastValidateResult === undefined) {
+    if (!validateEnabled) {
+        tooltip.push("Validation is disabled.")
+    } else if (props.ts.lastValidateResult === undefined) {
         tooltip.push("No validation result available.")
     } else {
         if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
@@ -82,10 +93,6 @@ export const TargetItemBody = React.memo((props: {
         </ErrorMessage>;
     }
 
-    if (!vr) {
-        return null;
-    }
-
     return <CardBody provider={new MyProvider(props.ts, vr)}/>
 });
 
@@ -103,43 +110,29 @@ export const TargetItem = React.memo(React.forwardRef((
     const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
 
-    let kd: KluctlDeploymentInfo | undefined
-    let allKdEqual = true
-    props.ts.commandResults?.forEach(rs => {
-        if (rs.commandInfo.kluctlDeployment) {
-            if (!kd) {
-                kd = rs.commandInfo.kluctlDeployment
-            } else {
-                if (kd.name !== rs.commandInfo.kluctlDeployment.name || kd.namespace !== rs.commandInfo.kluctlDeployment.namespace) {
-                    allKdEqual = false
-                }
-            }
-        }
-    })
-
-    if (kd && allKdEqual) {
+    props.ts.kluctlDeployments.forEach(kd => {
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
-            text: "Validate",
+            text: <Typography>Validate <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
-                api.validateNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+                api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
-            text: "Reconcile",
+            text: <Typography>Reconcile <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
-                api.reconcileNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+                api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges />,
-            text: "Deploy",
+            text: <Typography>Deploy <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
-                api.deployNow(props.ts.target.clusterId, kd!.name, kd!.namespace)
+                api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
-    }
+    })
 
     const allContexts: string[] = []
 
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 6c4b94736..1c3972ea6 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,8 +1,17 @@
-import { CommandResultSummary, ProjectKey, ProjectTargetKey, TargetKey, ValidateResultSummary, } from "./models";
+import {
+    CommandResultSummary,
+    KluctlDeploymentInfo,
+    ProjectKey,
+    ProjectTargetKey,
+    TargetKey,
+    ValidateResultSummary,
+} from "./models";
 import _ from "lodash";
+import { KluctlDeploymentWithClusterId } from "./components/App";
 
 export interface TargetSummary {
     target: TargetKey;
+    kluctlDeployments: Map<string, KluctlDeploymentWithClusterId>;
     lastValidateResult?: ValidateResultSummary;
     commandResults: CommandResultSummary[];
 }
@@ -23,15 +32,28 @@ export function compareValidateResultSummaries(a: ValidateResultSummary, b: Vali
         b.endTime.localeCompare(b.endTime)
 }
 
-export function buildProjectSummaries(commandResultSummaries: Map<string, CommandResultSummary>, validateResultSummaries: Map<string, ValidateResultSummary>) {
+export function buildProjectSummaries(commandResultSummaries: Map<string, CommandResultSummary>,
+                                      validateResultSummaries: Map<string, ValidateResultSummary>,
+                                      kluctlDeployments: Map<string, KluctlDeploymentWithClusterId>,
+                                      includeWithoutKluctlDeployments: boolean) {
+    const filter = (projectKey: ProjectKey, targetKey: TargetKey) => {
+        return true
+    }
+
+
     const sortedCommandResults = Array.from(commandResultSummaries.values())
     sortedCommandResults.sort(compareCommandResultSummaries)
 
     const vrByProjectTargetKey = new Map<string, ValidateResultSummary[]>()
     validateResultSummaries.forEach(vr=> {
+        if (!filter(vr.projectKey, vr.targetKey)) return
+
+        console.log(vr)
+
         const key = new ProjectTargetKey()
         key.project = vr.projectKey
         key.target = vr.targetKey
+
         const keyStr = JSON.stringify(key)
         let l = vrByProjectTargetKey.get(keyStr)
         if (!l) {
@@ -44,39 +66,84 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         l.sort(compareValidateResultSummaries)
     })
 
+    const buildKdKey = (clusterId: string, name: string, namespace: string) => {
+        return clusterId + "-" + name + "-" + namespace
+    }
+
+    const kdByNameAndClusterId = new Map<string, KluctlDeploymentWithClusterId>()
+    kluctlDeployments.forEach(kd => {
+        kdByNameAndClusterId.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
+    })
+
     const m = new Map<string, ProjectSummary>()
-    sortedCommandResults.forEach(rs => {
-        const projectKey = JSON.stringify(rs.projectKey)
 
+    const getOrCreateProject = (project: ProjectKey, allowCreate: boolean) => {
+        const projectKey = JSON.stringify(project)
         let p = m.get(projectKey)
-        if (!p) {
+        if (!p && allowCreate) {
             p = {
-                project: rs.projectKey,
+                project: project,
                 targets: []
             }
             m.set(projectKey, p)
         }
+        return p
+    }
+    const getOrCreateTarget = (project: ProjectKey, targetKey: TargetKey, allowCreateProject: boolean, allowCreateTarget: boolean) => {
+        const p = getOrCreateProject(project, allowCreateProject)
+        if (!p) {
+            return undefined
+        }
+        let t = p.targets.find(t => _.isEqual(t.target, targetKey))
+        if (!t && allowCreateTarget) {
+            t = {
+                target: targetKey,
+                kluctlDeployments: new Map<string, KluctlDeploymentWithClusterId>(),
+                commandResults: []
+            }
+            p.targets.push(t)
+        }
+        return t
+    }
 
-        const ptKey = new ProjectTargetKey()
-        ptKey.project = rs.projectKey
-        ptKey.target = rs.targetKey
+    kluctlDeployments.forEach(kd => {
+        if (!kd.deployment.status || !kd.deployment.status.projectKey) {
+            return
+        }
+        if (!filter(kd.deployment.status.projectKey, kd.deployment.status.targetKey)) return
+
+        console.log("kd", kd)
+
+        const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, true, true)
+        target!.kluctlDeployments.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
+    })
 
-        const vrs = vrByProjectTargetKey.get(JSON.stringify(ptKey))
-        const vr = vrs ? vrs[0] : undefined
+    sortedCommandResults.forEach(rs => {
+        if (!filter(rs.projectKey, rs.targetKey)) return
+
+        console.log(rs)
 
-        let target = p.targets.find(t => _.isEqual(t.target, rs.targetKey))
+        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, includeWithoutKluctlDeployments, includeWithoutKluctlDeployments)
         if (!target) {
-            target = {
-                target: rs.targetKey,
-                lastValidateResult: vr,
-                commandResults: []
-            }
-            p.targets.push(target)
+            return
         }
 
         target.commandResults.push(rs)
     })
 
+    validateResultSummaries.forEach(vr => {
+        if (!filter(vr.projectKey, vr.targetKey)) return
+
+        const target = getOrCreateTarget(vr.projectKey, vr.targetKey, false, false)
+        if (!target) {
+            return
+        }
+
+        if (!target.lastValidateResult) {
+            target.lastValidateResult = vr
+        }
+    })
+
     const ret: ProjectSummary[] = []
     m.forEach(p => {
         p.targets.sort((a, b) => {

From e629087e3b008659295cf215d189c01b96e88c90 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 08:42:11 +0200
Subject: [PATCH 1326/2268] feat: Implement filtering of targets

---
 pkg/webui/ui/src/api.tsx                      |   8 +-
 pkg/webui/ui/src/components/App.tsx           |   6 +-
 .../NodeStatusFilter.tsx => FilterBar.tsx}    |  52 ++++++++-
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  45 ++------
 .../result-view/CommandResultTree.tsx         |   4 +-
 .../result-view/CommandResultView.tsx         | 103 +----------------
 .../components/targets-view/TargetItem.tsx    |   2 +-
 pkg/webui/ui/src/project-summaries.ts         | 107 +++++++++++-------
 8 files changed, 128 insertions(+), 199 deletions(-)
 rename pkg/webui/ui/src/components/{result-view/NodeStatusFilter.tsx => FilterBar.tsx} (64%)

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 02e8934f1..40af55f47 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,10 +1,4 @@
-import {
-    CommandResult,
-    ObjectRef,
-    ResultObject,
-    ShortName,
-    ValidateResult
-} from "./models";
+import { CommandResult, ObjectRef, ResultObject, ShortName, ValidateResult } from "./models";
 import _ from "lodash";
 import React from "react";
 import { Box, Typography } from "@mui/material";
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index f0905b65d..232c28e35 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -4,7 +4,7 @@ import '../index.css';
 import { Box } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
-import { ActiveFilters } from './result-view/NodeStatusFilter';
+import { ActiveFilters } from './FilterBar';
 import { CommandResultSummary, ShortName, ValidateResultSummary } from "../models";
 import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
 import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
@@ -122,8 +122,8 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
     }, [api])
 
     const projects = useMemo(() => {
-        return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, false)
-    }, [commandResultSummaries, validateResultSummaries, kluctlDeployments])
+        return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, filters)
+    }, [commandResultSummaries, validateResultSummaries, kluctlDeployments, filters])
 
     const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(
         () => api.getShortNames(),
diff --git a/pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx b/pkg/webui/ui/src/components/FilterBar.tsx
similarity index 64%
rename from pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx
rename to pkg/webui/ui/src/components/FilterBar.tsx
index 3c78613aa..93a8f7933 100644
--- a/pkg/webui/ui/src/components/result-view/NodeStatusFilter.tsx
+++ b/pkg/webui/ui/src/components/FilterBar.tsx
@@ -3,17 +3,17 @@ import { Box, Chip } from "@mui/material";
 import { AutoFixHigh, ErrorOutline, Grade } from "@mui/icons-material";
 import { OverridableComponent } from "@mui/material/OverridableComponent";
 import Tooltip from "@mui/material/Tooltip";
-import { NodeData } from "./nodes/NodeData";
+import { useTheme } from "@mui/material/styles";
 
 export interface ActiveFilters {
     onlyImportant: boolean
     onlyChanged: boolean
     onlyWithErrorsOrWarnings: boolean
+    filterStr: string
 }
 
-export function FilterNode(node: NodeData, activeFilters?: ActiveFilters) {
-    const hasChanges = node.diffStatus?.hasDiffs()
-    const hasErrorsOrWarnings = node.healthStatus?.errors.length || node.healthStatus?.warnings.length
+export function DoFilterSwitches(hasChanges: boolean, hasErrors: boolean, hasWarnings: boolean, activeFilters?: ActiveFilters) {
+    const hasErrorsOrWarnings = hasErrors || hasWarnings
     if (activeFilters?.onlyImportant && !hasChanges && !hasErrorsOrWarnings) {
         return false
     }
@@ -26,6 +26,17 @@ export function FilterNode(node: NodeData, activeFilters?: ActiveFilters) {
     return true
 }
 
+export function DoFilterText(text: (string|undefined)[] | null, activeFilters?: ActiveFilters) {
+    if (activeFilters?.filterStr && text && text.length) {
+        const l = activeFilters.filterStr.toLowerCase()
+        const f = text.find(t => t && t.toLowerCase().includes(l))
+        if (!f) {
+            return false
+        }
+    }
+    return true
+}
+
 const FilterButton = (props: { Icon: OverridableComponent<any>, tooltip: string, color: any, active: boolean, handler: (active: boolean) => void }) => {
     const handleClick = () => {
         props.handler(!props.active)
@@ -55,11 +66,14 @@ const FilterButton = (props: { Icon: OverridableComponent<any>, tooltip: string,
     </Tooltip>
 }
 
-export const NodeStatusFilter = (props: { onFilterChange: (f: ActiveFilters) => void }) => {
+export const FilterBar = (props: { onFilterChange: (f: ActiveFilters) => void }) => {
+    const theme = useTheme();
+
     const [activeFilters, setActiveFilters] = useState<ActiveFilters>({
         onlyImportant: false,
         onlyChanged: false,
         onlyWithErrorsOrWarnings: false,
+        filterStr: "",
     })
 
     const doSetActiveFilters = (newActiveFilters: ActiveFilters) => {
@@ -69,7 +83,6 @@ export const NodeStatusFilter = (props: { onFilterChange: (f: ActiveFilters) =>
 
     return (
         <Box display={"flex"} flexDirection={"column"} alignItems={"center"}>
-            Filters
             <Box
                 display="flex"
                 alignItems="center"
@@ -91,6 +104,33 @@ export const NodeStatusFilter = (props: { onFilterChange: (f: ActiveFilters) =>
                               handler={(active: boolean) => {
                                   doSetActiveFilters({ ...activeFilters, onlyWithErrorsOrWarnings: active });
                               }}/>
+                <Box
+                    height='40px'
+                    maxWidth='314px'
+                    flexGrow={1}
+                    borderRadius='10px'
+                    display='flex'
+                    justifyContent='space-between'
+                    alignItems='center'
+                    padding='0 9px 0 15px'
+                    sx={{ background: theme.palette.background.default }}
+                >
+                    <input
+                        type='text'
+                        style={{
+                            background: 'none',
+                            border: 'none',
+                            outline: 'none',
+                            height: '20px',
+                            lineHeight: '20px',
+                            fontSize: '18px'
+                        }}
+                        placeholder='Filter'
+                        onChange={e => {
+                            doSetActiveFilters({ ...activeFilters, filterStr: e.target.value })
+                        }}
+                    />
+                </Box>
             </Box>
         </Box>
     )
diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 86f86e660..94760b775 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -13,9 +13,10 @@ import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
 import { Link, useLocation, useNavigate } from "react-router-dom";
 import { AppOutletContext } from "./App";
-import { ArrowLeftIcon, KluctlLogo, KluctlText, LogoutIcon, SearchIcon, TargetsIcon } from '../icons/Icons';
+import { KluctlLogo, KluctlText, LogoutIcon, TargetsIcon } from '../icons/Icons';
 import { dark } from './theme';
 import { Typography } from '@mui/material';
+import { FilterBar } from "./FilterBar";
 
 const openedMixin = (theme: Theme): CSSObject => ({
     width: theme.consts.leftDrawerWidthOpen,
@@ -155,51 +156,19 @@ export default function LeftDrawer(props: {
         case 'targets':
             header = <>
                 <Typography variant='h1'>
-                    Dashboard
+                    Targets
                 </Typography>
-                <Box
-                    height='40px'
-                    maxWidth='314px'
-                    flexGrow={1}
-                    borderRadius='10px'
-                    display='flex'
-                    justifyContent='space-between'
-                    alignItems='center'
-                    padding='0 9px 0 15px'
-                    sx={{ background: theme.palette.background.default }}
-                >
-                    <input
-                        type='text'
-                        style={{
-                            background: 'none',
-                            border: 'none',
-                            outline: 'none',
-                            height: '20px',
-                            lineHeight: '20px',
-                            fontSize: '18px'
-                        }}
-                        placeholder='Search (not impl. yet)'
-                    />
-                    <IconButton sx={{ padding: 0, height: 40, width: 40 }}>
-                        <SearchIcon />
-                    </IconButton>
-                </Box>
+                <FilterBar onFilterChange={props.context.setFilters}/>
             </>
             break;
         case 'results':
-            header = <Box
-                display='flex'
-                alignItems='center'
-                justifyContent='start'
-                gap='12px'
+            header = <
             >
-                <IconButton sx={{ padding: 0 }} onClick={() => navigate('/targets')}>
-                    <ArrowLeftIcon />
-                </IconButton>
                 <Typography variant='h1'>
                     Result Tree
                 </Typography>
-            </Box>
+                <FilterBar onFilterChange={props.context.setFilters}/>
+            </>
             break;
     }
 
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
index 396cd16fa..1b1e78494 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
@@ -4,7 +4,7 @@ import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
 import { NodeBuilder } from "./nodes/NodeBuilder";
 import { NodeData } from "./nodes/NodeData";
-import { ActiveFilters, FilterNode } from "./NodeStatusFilter";
+import { ActiveFilters, DoFilterSwitches } from "../FilterBar";
 import { CommandResultProps } from "./CommandResultView";
 import { Loading } from "../Loading";
 import { Box, Divider, Paper, useTheme } from '@mui/material';
@@ -49,7 +49,7 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
     }
 
     const renderTree = (nodes: NodeData) => {
-        if (!FilterNode(nodes, props.activeFilters)) {
+        if (!DoFilterSwitches(!!nodes.diffStatus?.hasDiffs(), !!nodes.healthStatus?.errors.length, !!nodes.healthStatus?.warnings.length, props.activeFilters)) {
             return null
         }
         return <TreeItem
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 247bdf242..6908ae4e2 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,23 +1,12 @@
 import * as React from 'react';
 import { useContext, useState } from 'react';
-import {
-    Box,
-    Checkbox,
-    CheckboxProps,
-    Divider,
-    Drawer,
-    FormControlLabel,
-    ThemeProvider,
-    Typography
-} from "@mui/material";
+import { Box, Divider, Drawer, ThemeProvider } from "@mui/material";
 import { CommandResult, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
-import { ActiveFilters } from "./NodeStatusFilter";
 import CommandResultTree from "./CommandResultTree";
 import { useParams } from "react-router-dom";
 import { ApiContext, AppContext, useAppOutletContext } from "../App";
-import { ChangesIcon, CheckboxCheckedIcon, CheckboxIcon, StarIcon, WarningSignIcon } from '../../icons/Icons';
 import { dark } from '../theme';
 import { Api } from "../../api";
 import { Loading, useLoadingHelper } from "../Loading";
@@ -36,60 +25,6 @@ async function doLoadCommandResult(api: Api, resultId: string, shortNames: Short
     }
 }
 
-const FilterCheckbox = (props: {
-    text: string,
-    checked: boolean,
-    Icon: () => JSX.Element,
-    onChange: CheckboxProps['onChange']
-}) => {
-    const { text, checked, Icon, onChange } = props;
-    return <FormControlLabel
-        sx={{
-            display: 'flex',
-            justifyContent: 'center',
-            alignItems: 'center',
-            margin: 0,
-            padding: 0
-        }}
-        control={
-            <Checkbox
-                checked={checked}
-                sx={{
-                    display: 'flex',
-                    justifyContent: 'center',
-                    alignItems: 'center'
-                }}
-                onChange={onChange}
-                icon={<CheckboxIcon />}
-                checkedIcon={<CheckboxCheckedIcon />}
-            />
-        }
-        slotProps={{
-            typography: {
-                sx: {
-                    display: 'flex',
-                    justifyContent: 'center',
-                    alignItems: 'center',
-                    gap: '10px',
-                }
-            }
-        }}
-        label={
-            <>
-                <Typography variant='h2'>{text}</Typography>
-                <Box
-                    flex='0 0 auto'
-                    display='flex'
-                    alignItems='center'
-                    justifyContent='center'
-                >
-                    <Icon />
-                </Box>
-            </>
-        }
-    />
-}
-
 function DetailsDrawer(props: { nodeData?: NodeData, onClose?: () => void }) {
     return <ThemeProvider theme={dark}>
         <Drawer
@@ -106,12 +41,6 @@ function DetailsDrawer(props: { nodeData?: NodeData, onClose?: () => void }) {
     </ThemeProvider>;
 }
 
-const defaultFilters = {
-    onlyImportant: false,
-    onlyChanged: false,
-    onlyWithErrorsOrWarnings: false
-}
-
 export const CommandResultView = () => {
     const context = useAppOutletContext();
     const api = useContext(ApiContext);
@@ -134,13 +63,6 @@ export const CommandResultView = () => {
         }}
     />;
 
-    const handleFilterChange = (filter: keyof ActiveFilters) => (_: React.ChangeEvent, checked: boolean) => {
-        context.setFilters(fs => ({
-            ...(fs || defaultFilters),
-            [filter]: checked
-        }));
-    }
-
     if (loading) {
         return <Loading />
     } else if (loadingError) {
@@ -164,29 +86,6 @@ export const CommandResultView = () => {
             nodeData={sidePanelNode}
             onClose={() => setSidePanelNode(undefined)}
         />
-        <Box display='flex' alignItems='center' minHeight='70px' p='0 40px'>
-            <FilterCheckbox
-                text='Only important'
-                checked={!!context.filters?.onlyImportant}
-                Icon={StarIcon}
-                onChange={handleFilterChange('onlyImportant')}
-            />
-            {divider}
-            <FilterCheckbox
-                text='Only with changes'
-                checked={!!context.filters?.onlyChanged}
-                Icon={ChangesIcon}
-                onChange={handleFilterChange('onlyChanged')}
-            />
-            {divider}
-            <FilterCheckbox
-                text='Only with errors and warnings'
-                checked={!!context.filters?.onlyWithErrorsOrWarnings}
-                Icon={WarningSignIcon}
-                onChange={handleFilterChange('onlyWithErrorsOrWarnings')}
-            />
-        </Box>
-        <Divider sx={{ margin: '0 40px' }} />
         <Box p='25px 40px' overflow='auto'>
             <CommandResultTree
                 commandResultProps={commandResultProps}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 2545b2966..dcb69a26e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,4 +1,4 @@
-import { KluctlDeploymentInfo, ValidateResult } from "../../models";
+import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Box, SxProps, Theme, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 1c3972ea6..94008604c 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,13 +1,7 @@
-import {
-    CommandResultSummary,
-    KluctlDeploymentInfo,
-    ProjectKey,
-    ProjectTargetKey,
-    TargetKey,
-    ValidateResultSummary,
-} from "./models";
+import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey, ValidateResultSummary, } from "./models";
 import _ from "lodash";
 import { KluctlDeploymentWithClusterId } from "./components/App";
+import { ActiveFilters, DoFilterSwitches, DoFilterText } from "./components/FilterBar";
 
 export interface TargetSummary {
     target: TargetKey;
@@ -35,37 +29,49 @@ export function compareValidateResultSummaries(a: ValidateResultSummary, b: Vali
 export function buildProjectSummaries(commandResultSummaries: Map<string, CommandResultSummary>,
                                       validateResultSummaries: Map<string, ValidateResultSummary>,
                                       kluctlDeployments: Map<string, KluctlDeploymentWithClusterId>,
-                                      includeWithoutKluctlDeployments: boolean) {
-    const filter = (projectKey: ProjectKey, targetKey: TargetKey) => {
-        return true
+                                      filters?: ActiveFilters) {
+    const filterTarget = (kd1: KluctlDeploymentWithClusterId | undefined, kd2: KluctlDeploymentInfo | undefined, projectKey: ProjectKey, targetKey: TargetKey) => {
+        if (kd1 && DoFilterText([
+            kd1.clusterId,
+            kd1.deployment.metadata.name,
+            kd1.deployment.metadata.namespace,
+        ], filters)) {
+            return true
+        }
+       if (kd2 && DoFilterText([
+           kd2.clusterId,
+           kd2.name,
+           kd2.namespace,
+       ], filters)) {
+           return true
+       }
+        if (DoFilterText([
+            projectKey.gitRepoKey,
+            projectKey.subDir,
+            targetKey.targetName,
+            targetKey.clusterId,
+            targetKey.discriminator
+        ], filters)) {
+            return true
+        }
+        return false
     }
 
+    const filterTargetByStatus = (ts: TargetSummary) => {
+        let hasErrors = !!ts.lastValidateResult?.errors
+        let hasWarnings = !!ts.lastValidateResult?.warnings
+        let hasChanges = false
+        if (ts.commandResults.length) {
+            hasErrors = hasErrors || !!ts.commandResults[0].errors?.length
+            hasWarnings = hasWarnings || !!ts.commandResults[0].warnings?.length
+            hasChanges = hasChanges || !!ts.commandResults[0].changedObjects
+        }
+        return DoFilterSwitches(hasChanges, hasErrors, hasWarnings, filters)
+    }
 
     const sortedCommandResults = Array.from(commandResultSummaries.values())
     sortedCommandResults.sort(compareCommandResultSummaries)
 
-    const vrByProjectTargetKey = new Map<string, ValidateResultSummary[]>()
-    validateResultSummaries.forEach(vr=> {
-        if (!filter(vr.projectKey, vr.targetKey)) return
-
-        console.log(vr)
-
-        const key = new ProjectTargetKey()
-        key.project = vr.projectKey
-        key.target = vr.targetKey
-
-        const keyStr = JSON.stringify(key)
-        let l = vrByProjectTargetKey.get(keyStr)
-        if (!l) {
-            l = []
-            vrByProjectTargetKey.set(keyStr, l)
-        }
-        l.push(vr)
-    })
-    vrByProjectTargetKey.forEach(l => {
-        l.sort(compareValidateResultSummaries)
-    })
-
     const buildKdKey = (clusterId: string, name: string, namespace: string) => {
         return clusterId + "-" + name + "-" + namespace
     }
@@ -106,24 +112,35 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         return t
     }
 
+    const kluctlDeploymentsByKdKey = new Map<string, KluctlDeploymentWithClusterId>()
     kluctlDeployments.forEach(kd => {
         if (!kd.deployment.status || !kd.deployment.status.projectKey) {
             return
         }
-        if (!filter(kd.deployment.status.projectKey, kd.deployment.status.targetKey)) return
+        if (!filterTarget(kd, undefined, kd.deployment.status.projectKey, kd.deployment.status.targetKey)) {
+            return
+        }
 
-        console.log("kd", kd)
+        kluctlDeploymentsByKdKey.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
 
         const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, true, true)
         target!.kluctlDeployments.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
     })
 
     sortedCommandResults.forEach(rs => {
-        if (!filter(rs.projectKey, rs.targetKey)) return
+        if (rs.commandInfo.kluctlDeployment) {
+            // filter out command results from KluctlDeployments for which the KluctlDeployment itself vanished
+            const key = buildKdKey(rs.commandInfo.kluctlDeployment.clusterId, rs.commandInfo.kluctlDeployment.name, rs.commandInfo.kluctlDeployment.namespace)
+            if (!kluctlDeploymentsByKdKey.has(key)) {
+                return
+            }
+        }
 
-        console.log(rs)
+        if (!filterTarget(undefined, rs.commandInfo.kluctlDeployment, rs.projectKey, rs.targetKey)) {
+            return
+        }
 
-        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, includeWithoutKluctlDeployments, includeWithoutKluctlDeployments)
+        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, true, true)
         if (!target) {
             return
         }
@@ -132,8 +149,6 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     })
 
     validateResultSummaries.forEach(vr => {
-        if (!filter(vr.projectKey, vr.targetKey)) return
-
         const target = getOrCreateTarget(vr.projectKey, vr.targetKey, false, false)
         if (!target) {
             return
@@ -144,6 +159,18 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         }
     })
 
+    m.forEach((ps, key) => {
+        ps.targets = ps.targets.filter(ts => {
+            if (!filterTargetByStatus(ts)) {
+                return false
+            }
+            return true
+        })
+        if (!ps.targets.length) {
+            m.delete(key)
+        }
+    })
+
     const ret: ProjectSummary[] = []
     m.forEach(p => {
         p.targets.sort((a, b) => {

From f7a4c685d3d7023a93c159325415a140b2e7b2b1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 08:42:38 +0200
Subject: [PATCH 1327/2268] fix: Add missing webui permissions for
 KluctlDeployments

---
 install/webui/webui/webui-rbac.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/install/webui/webui/webui-rbac.yaml b/install/webui/webui/webui-rbac.yaml
index 1e7622111..fa89bd829 100644
--- a/install/webui/webui/webui-rbac.yaml
+++ b/install/webui/webui/webui-rbac.yaml
@@ -22,6 +22,9 @@ rules:
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["gitops.kluctl.io"]
+    resources: ["kluctldeployments"]
+    verbs: ["get", "list", "watch"]
     # allow to impersonate other users, groups and serviceaccounts
   - apiGroups: [""]
     resources: ["users", "groups", "serviceaccounts"]

From 7aefe18896e7b501f8e7f8443da0ed2efb012310 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 10:22:33 +0200
Subject: [PATCH 1328/2268] fix: Fix npm build

---
 pkg/webui/ui/src/components/LeftDrawer.tsx             |  3 +--
 .../src/components/result-view/CommandResultView.tsx   | 10 +---------
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index 94760b775..c02722cb3 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -11,7 +11,7 @@ import ListItem from '@mui/material/ListItem';
 import ListItemButton from '@mui/material/ListItemButton';
 import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
-import { Link, useLocation, useNavigate } from "react-router-dom";
+import { Link, useLocation } from "react-router-dom";
 import { AppOutletContext } from "./App";
 import { KluctlLogo, KluctlText, LogoutIcon, TargetsIcon } from '../icons/Icons';
 import { dark } from './theme';
@@ -143,7 +143,6 @@ export default function LeftDrawer(props: {
 }) {
     const [open, setOpen] = useState(true);
     const location = useLocation()
-    const navigate = useNavigate();
     const theme = useTheme();
 
     const toggleDrawer = () => {
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
index 6908ae4e2..c240af18d 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
@@ -1,6 +1,6 @@
 import * as React from 'react';
 import { useContext, useState } from 'react';
-import { Box, Divider, Drawer, ThemeProvider } from "@mui/material";
+import { Box, Drawer, ThemeProvider } from "@mui/material";
 import { CommandResult, ShortName } from "../../models";
 import { NodeData } from "./nodes/NodeData";
 import { SidePanel } from "./SidePanel";
@@ -55,14 +55,6 @@ export const CommandResultView = () => {
         return doLoadCommandResult(api, id, appContext.shortNames)
     }, [id])
 
-    const divider = <Divider
-        orientation='vertical'
-        sx={{
-            height: '40px',
-            margin: '0 20px 0 30px'
-        }}
-    />;
-
     if (loading) {
         return <Loading />
     } else if (loadingError) {

From bd90c337d38fbb4d2101872361aa19d3767e39ea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 15:57:40 +0200
Subject: [PATCH 1329/2268] fix: Try to parse legacy form of
 --local-git-override (#662)

* fix: Validate the hostname when parsing git repo keys

* fix: Try to parse legacy form of --local-git-override

* docs: Update docs about --local-git-override format
---
 cmd/kluctl/args/project.go                  |  4 +--
 cmd/kluctl/commands/utils.go                | 36 +++++++++++++++------
 docs/reference/commands/common-arguments.md |  6 ++--
 pkg/types/git_url.go                        | 24 ++++++++++++++
 4 files changed, 56 insertions(+), 14 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index c5b01c92f..c8928e18c 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -28,8 +28,8 @@ type ProjectFlags struct {
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
-	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com:my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
-	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com:some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com:some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
+	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com/my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
+	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com/some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 6d841ab54..3f3fee111 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -61,14 +61,14 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	var repoOverrides []repocache.RepoOverride
 	for _, x := range projectFlags.LocalGitOverride {
-		ro, err := parseRepoOverride(x, false)
+		ro, err := parseRepoOverride(ctx, x, false)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-override: %w", err)
 		}
 		repoOverrides = append(repoOverrides, ro)
 	}
 	for _, x := range projectFlags.LocalGitGroupOverride {
-		ro, err := parseRepoOverride(x, true)
+		ro, err := parseRepoOverride(ctx, x, true)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-group-override: %w", err)
 		}
@@ -260,9 +260,7 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 	}
 }
 
-func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err error) {
-	ret.IsGroup = isGroup
-
+func parseRepoOverride(ctx context.Context, s string, isGroup bool) (repocache.RepoOverride, error) {
 	sp := strings.SplitN(s, "=", 2)
 	if len(sp) != 2 {
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
@@ -270,10 +268,30 @@ func parseRepoOverride(s string, isGroup bool) (ret repocache.RepoOverride, err
 
 	repoKey, err := types.ParseGitRepoKey(sp[0])
 	if err != nil {
-		return repocache.RepoOverride{}, err
+		// try as legacy repo key
+		u, err2 := types.ParseGitUrl(sp[0])
+		if err2 != nil {
+			// return original error
+			return repocache.RepoOverride{}, err
+		}
+
+		x := u.Host
+		if !strings.HasPrefix(u.Path, "/") {
+			x += "/"
+		}
+		x += u.Path
+		repoKey, err2 = types.ParseGitRepoKey(x)
+		if err2 != nil {
+			// return original error
+			return repocache.RepoOverride{}, err
+		}
+
+		status.Deprecation(ctx, "old-repo-override", "Passing --local-git-override/--local-git-override-group in the example.com:path form is deprecated and will not be supported in future versions of Kluctl. Please use the example.com/path form.")
 	}
 
-	ret.RepoKey = repoKey
-	ret.Override = sp[1]
-	return
+	return repocache.RepoOverride{
+		RepoKey:  repoKey,
+		IsGroup:  isGroup,
+		Override: sp[1],
+	}, nil
 }
diff --git a/docs/reference/commands/common-arguments.md b/docs/reference/commands/common-arguments.md
index 1f2c8fa84..85e0853e0 100644
--- a/docs/reference/commands/common-arguments.md
+++ b/docs/reference/commands/common-arguments.md
@@ -59,13 +59,13 @@ Project arguments:
                                                of a single repository. All repositories that have the given prefix
                                                will be overridden with the given local path and the repository
                                                suffix appended. For example,
-                                               'gitlab.com:some-org/sub-org=/local/path/to/my-forks' will override
-                                               all repositories below 'gitlab.com:some-org/sub-org/' with the
+                                               'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override
+                                               all repositories below 'gitlab.com/some-org/sub-org/' with the
                                                repositories found in '/local/path/to/my-forks'. It will however
                                                only perform an override if the given repository actually exists
                                                locally and otherwise revert to the actual (non-overridden) repository.
       --local-git-override stringArray         Specify a single repository local git override in the form of
-                                               'github.com:my-org/my-repo=/local/path/to/override'. This will
+                                               'github.com/my-org/my-repo=/local/path/to/override'. This will
                                                cause kluctl to not use git to clone for the specified repository
                                                but instead use the local directory. This is useful in case you
                                                need to test out changes in external git repositories without
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 542a7fb2d..0a8f1b59a 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -6,6 +6,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/url"
+	"regexp"
+	"strconv"
 	"strings"
 )
 
@@ -145,6 +147,8 @@ type GitRepoKey struct {
 	Path string `json:"-"`
 }
 
+var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
+
 func ParseGitRepoKey(s string) (GitRepoKey, error) {
 	if s == "" {
 		return GitRepoKey{}, nil
@@ -154,6 +158,26 @@ func ParseGitRepoKey(s string) (GitRepoKey, error) {
 	if len(s2) != 2 {
 		return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
 	}
+
+	var host, port string
+	if strings.Contains(s2[0], ":") {
+		s3 := strings.SplitN(s2[0], ":", 2)
+		host = s3[0]
+		port = s3[1]
+	} else {
+		host = s2[0]
+	}
+
+	if !hostNameRegex.MatchString(host) {
+		return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+	}
+
+	if port != "" {
+		if _, err := strconv.ParseInt(port, 10, 32); err != nil {
+			return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+		}
+	}
+
 	return GitRepoKey{
 		Host: s2[0],
 		Path: s2[1],

From 99272697e66d1de290bf4cb375a923e2b5523a02 Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Wed, 12 Jul 2023 17:58:07 +0400
Subject: [PATCH 1330/2268] fix: Expose metrics port to use with PodMonitoring
 (#659)

* Expose metrics port to use with PodMonitoring

* Generating configs for install via make manifests
---
 config/manager/manager.yaml                | 3 +++
 install/controller/controller/manager.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 5115bc02c..759ca8250 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -71,6 +71,9 @@ spec:
         args:
         - --leader-elect
         env: []
+        ports:
+        - containerPort: 8080
+          name: metrics
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index acec1201a..75cd27bb6 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -54,6 +54,9 @@ spec:
           initialDelaySeconds: 15
           periodSeconds: 20
         name: controller
+        ports:
+        - containerPort: 8080
+          name: metrics
         readinessProbe:
           httpGet:
             path: /readyz

From 3b87898ca17c7e4229542f55ffd06e9f3444a32c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 16:10:33 +0200
Subject: [PATCH 1331/2268] fix: Actually use latest validation result

---
 pkg/webui/ui/src/project-summaries.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 94008604c..a1fc6eb06 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -154,7 +154,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
             return
         }
 
-        if (!target.lastValidateResult) {
+        if (!target.lastValidateResult || vr.startTime > target.lastValidateResult.startTime) {
             target.lastValidateResult = vr
         }
     })

From b836b2acab4c5beb5780b2d370197228ee5aa6ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 12 Jul 2023 22:38:44 +0200
Subject: [PATCH 1332/2268] feat: Show KluctlDeployment name on target card

---
 .../components/targets-view/TargetItem.tsx    | 40 +++++++++++++------
 pkg/webui/ui/src/project-summaries.ts         |  6 +--
 2 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index dcb69a26e..649138e8c 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -151,18 +151,32 @@ export const TargetItem = React.memo(React.forwardRef((
         handleContext(rs.target.context)
     })
 
-    const contextTooltip = <Box textAlign={"center"}>
-        <Typography variant="subtitle2">All known contexts:</Typography>
-        {allContexts.map(context => (
-            <Typography key={context} variant="subtitle2">{context}</Typography>
-        ))}
-    </Box>
-
-    let targetName = props.ts.target.targetName
-    if (!targetName) {
-        targetName = "<no-name>"
+    let header = "<command-line>"
+    if (props.ts.kluctlDeployments.length) {
+        header = props.ts.kluctlDeployments[0].deployment.metadata.name
     }
 
+    let subheader = "<no-name>"
+    if (props.ts.target.targetName) {
+        subheader = props.ts.target.targetName
+    }
+
+    const iconTooltipChildren: React.ReactNode[] = []
+    if (props.ts.kluctlDeployments.length) {
+        iconTooltipChildren.push(<Typography variant={"subtitle2"}><b>KluctlDeployments</b></Typography>)
+        props.ts.kluctlDeployments.forEach(kd => {
+            iconTooltipChildren.push(<Typography variant={"subtitle2"}>{kd.deployment.metadata.name}</Typography>)
+        })
+        iconTooltipChildren.push(<br/>)
+    }
+    if (allContexts.length) {
+        iconTooltipChildren.push(<Typography variant="subtitle2"><b>Contexts</b></Typography>)
+        allContexts.forEach(context => {
+            iconTooltipChildren.push(<Typography key={context} variant="subtitle2">{context}</Typography>)
+        })
+    }
+    const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
+
     const body = props.expanded ? <TargetItemBody ts={props.ts} /> : undefined;
 
     return <CardTemplate
@@ -179,9 +193,9 @@ export const TargetItem = React.memo(React.forwardRef((
             onClick: e => props.onSelectTarget?.(props.ts)
         }}
         icon={<TargetIcon />}
-        header={targetName}
-        subheader={allContexts.length ? allContexts[0] : ''}
-        subheaderTooltip={allContexts.length ? contextTooltip : undefined}
+        iconTooltip={iconTooltip}
+        header={header}
+        subheader={subheader}
         body={body}
         footer={
             <>
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index a1fc6eb06..cd87bc393 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -5,7 +5,7 @@ import { ActiveFilters, DoFilterSwitches, DoFilterText } from "./components/Filt
 
 export interface TargetSummary {
     target: TargetKey;
-    kluctlDeployments: Map<string, KluctlDeploymentWithClusterId>;
+    kluctlDeployments: KluctlDeploymentWithClusterId[];
     lastValidateResult?: ValidateResultSummary;
     commandResults: CommandResultSummary[];
 }
@@ -104,7 +104,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         if (!t && allowCreateTarget) {
             t = {
                 target: targetKey,
-                kluctlDeployments: new Map<string, KluctlDeploymentWithClusterId>(),
+                kluctlDeployments: [],
                 commandResults: []
             }
             p.targets.push(t)
@@ -124,7 +124,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         kluctlDeploymentsByKdKey.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
 
         const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, true, true)
-        target!.kluctlDeployments.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
+        target!.kluctlDeployments.push(kd)
     })
 
     sortedCommandResults.forEach(rs => {

From b1f574d41175a72606f5c019ae1bdc31606d90e2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Jul 2023 07:46:03 +0200
Subject: [PATCH 1333/2268] fix: Reschedule reconciliation after adding
 finalizer

---
 pkg/controllers/kluctldeployment_controller.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index afad9dc8d..53e4e2c18 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -90,6 +90,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 			log.Error(err, "unable to register finalizer")
 			return ctrl.Result{}, err
 		}
+		return ctrl.Result{Requeue: true}, nil
 	}
 
 	// Examine if the object is under deletion

From 90f48bac495231b9d81bb707cc78edc5ae618571 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Jul 2023 07:54:50 +0200
Subject: [PATCH 1334/2268] refactor: Move metrics recording into single defer
 func

---
 .../kluctldeployment_controller.go            | 19 +++++--------------
 .../kluctldeployment_controller_utils.go      | 16 ++++++++++++++++
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 53e4e2c18..38ff74deb 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -24,7 +24,6 @@ import (
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/rest"
 	kuberecorder "k8s.io/client-go/tools/record"
-	"k8s.io/client-go/tools/reference"
 	"path"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -79,8 +78,11 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	retryInterval := obj.Spec.GetRetryInterval()
 	interval := obj.Spec.Interval.Duration
 
-	// Record suspended status metric
-	defer r.recordSuspension(ctx, obj)
+	defer func() {
+		r.recordSuspension(ctx, obj)
+		r.recordReadiness(ctx, obj)
+		r.recordDuration(ctx, obj, reconcileStart)
+	}()
 
 	// Add our finalizer if it does not exist
 	if !controllerutil.ContainsFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer) {
@@ -104,15 +106,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{}, nil
 	}
 
-	// record reconciliation duration
-	if r.MetricsRecorder != nil {
-		objRef, err := reference.GetReference(r.Scheme, obj)
-		if err != nil {
-			return ctrl.Result{}, err
-		}
-		defer r.MetricsRecorder.RecordDuration(*objRef, reconcileStart)
-	}
-
 	patch := client.MergeFrom(obj.DeepCopy())
 	// reconcile kluctlDeployment by applying the latest revision
 	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
@@ -120,8 +113,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{Requeue: true}, err
 	}
 
-	r.recordReadiness(ctx, obj)
-
 	if ctrlResult == nil {
 		if reconcileErr != nil {
 			ctrlResult = &ctrl.Result{RequeueAfter: retryInterval}
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index 7489c3b2d..1ed21a626 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -8,6 +8,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/reference"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"time"
 )
 
 func (r *KluctlDeploymentReconciler) event(ctx context.Context, obj *kluctlv1.KluctlDeployment, warning bool, msg string, metadata map[string]string) {
@@ -70,3 +71,18 @@ func (r *KluctlDeploymentReconciler) recordSuspension(ctx context.Context, obj *
 		r.MetricsRecorder.RecordSuspend(*objRef, obj.Spec.Suspend)
 	}
 }
+
+func (r *KluctlDeploymentReconciler) recordDuration(ctx context.Context, obj *kluctlv1.KluctlDeployment, startTime time.Time) {
+	if r.MetricsRecorder == nil {
+		return
+	}
+	log := ctrl.LoggerFrom(ctx)
+
+	objRef, err := reference.GetReference(r.Scheme, obj)
+	if err != nil {
+		log.Error(err, "unable to record duration metric")
+		return
+	}
+
+	r.MetricsRecorder.RecordDuration(*objRef, startTime)
+}

From 9fc64d42d9b380c2936510186f42e3d93104b4cc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Jul 2023 13:32:04 +0200
Subject: [PATCH 1335/2268] feat: Properly track reconciliation progress via
 conditions

---
 .../kluctldeployment_controller.go            | 110 ++++++++++++++----
 .../kluctldeployment_controller_utils.go      |  47 ++++++++
 pkg/controllers/utils.go                      |  22 +++-
 3 files changed, 151 insertions(+), 28 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 38ff74deb..abef01924 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
+	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
@@ -16,7 +17,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
-	meta2 "k8s.io/apimachinery/pkg/api/meta"
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -25,6 +26,7 @@ import (
 	"k8s.io/client-go/rest"
 	kuberecorder "k8s.io/client-go/tools/record"
 	"path"
+	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -106,9 +108,19 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{}, nil
 	}
 
-	patch := client.MergeFrom(obj.DeepCopy())
+	patchObj := obj.DeepCopy()
+	patch := client.MergeFrom(patchObj)
+
 	// reconcile kluctlDeployment by applying the latest revision
 	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
+
+	// make sure conditions were not touched in the obj. changing conditions is only allowed via patchCondition,
+	// which directly patches the object in-cluster and does not touch the local obj
+	if !reflect.DeepEqual(patchObj.GetConditions(), obj.GetConditions()) {
+		panic("conditions were modified in doReconcile")
+	}
+
+	// now patch all the other changes to the status
 	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 		return ctrl.Result{Requeue: true}, err
 	}
@@ -147,12 +159,20 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj *kluctlv1.KluctlDeployment) (*ctrl.Result, error) {
 
 	log := ctrl.LoggerFrom(ctx)
+	key := client.ObjectKeyFromObject(obj)
 
 	r.exportDeploymentObjectToProm(obj)
 
 	doFail := func(reason string, err error) (*ctrl.Result, error) {
-		setReadiness(obj, metav1.ConditionFalse, reason, err.Error())
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
+		patchErr := r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+			setReadinessCondition(c, metav1.ConditionFalse, reason, err.Error(), obj.Generation)
+			apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
+			return nil
+		})
+		if patchErr != nil {
+			err = multierror.Append(err, patchErr)
+		}
 		return nil, err
 	}
 
@@ -160,6 +180,27 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFail(kluctlv1.PrepareFailedReason, err)
 	}
 
+	doProgressingCondition := func(message string) error {
+		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+			setReadinessCondition(c, metav1.ConditionUnknown, meta.ProgressingReason, "Reconciliation in progress", obj.Generation)
+			setReconcilingCondition(c, metav1.ConditionTrue, meta.ProgressingReason, message, obj.Generation)
+			return nil
+		})
+	}
+
+	doReadyCondition := func(status metav1.ConditionStatus, reason, message string) error {
+		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+			setReadinessCondition(c, status, reason, message, obj.Generation)
+			apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
+			return nil
+		})
+	}
+
+	patchErr := doProgressingCondition("Initializing")
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
 	// record the value of the reconciliation request, if any
 	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
 		obj.Status.LastHandledReconcileAt = v
@@ -170,32 +211,30 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, err
 	}
 	if legacyKd {
-		c := meta2.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
+		c := apimeta.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
 		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
 			log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. ")
 			return &ctrl.Result{RequeueAfter: 5 * time.Second}, err
 		}
 		log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
 			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
-		setReadiness(obj, metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
-		r.recordReadiness(ctx, obj)
+		patchErr = doReadyCondition(metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
+		if patchErr != nil {
+			return nil, patchErr
+		}
 		return &ctrl.Result{Requeue: true}, nil
 	} else {
-		c := meta2.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
+		c := apimeta.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
 		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
 			log.Info("legacy KluctlDeployment has the readyForMigration status set now")
-			setReadiness(obj, metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
-			r.recordReadiness(ctx, obj)
+			patchErr = doReadyCondition(metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
+			if patchErr != nil {
+				return nil, patchErr
+			}
 			return &ctrl.Result{Requeue: true}, nil
 		}
 	}
 
-	// set the reconciliation status to progressing
-	if obj.Status.ObservedGeneration == 0 {
-		setReadiness(obj, metav1.ConditionUnknown, meta.ProgressingReason, "reconciliation in progress")
-		r.recordReadiness(ctx, obj)
-	}
-
 	oldGeneration := obj.Status.ObservedGeneration
 	oldDeployRequest := obj.Status.LastHandledDeployAt
 	oldValidateRequest := obj.Status.LastHandledValidateAt
@@ -205,12 +244,22 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastHandledDeployAt = curDeployRequest
 	obj.Status.LastHandledValidateAt = curValidateRequest
 
+	patchErr = doProgressingCondition("Preparing project")
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
 		return doFailPrepare(err)
 	}
 	defer pp.cleanup()
 
+	patchErr = doProgressingCondition("Loading project and target")
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
 	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
@@ -298,8 +347,16 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if needDeploy {
 		// deploy the kluctl project
 		if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
+			patchErr = doProgressingCondition("Performing kluctl deploy")
+			if patchErr != nil {
+				return nil, patchErr
+			}
 			deployResult, err = pt.kluctlDeploy(ctx, targetContext)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
+			patchErr = doProgressingCondition("Performing kluctl poke-images")
+			if patchErr != nil {
+				return nil, patchErr
+			}
 			deployResult, err = pt.kluctlPokeImages(ctx, targetContext)
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
@@ -311,6 +368,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	if needValidate {
+		patchErr = doProgressingCondition("Performing kluctl validate")
+		if patchErr != nil {
+			return nil, patchErr
+		}
 		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
 		err = obj.Status.SetLastValidateResult(validateResult, err)
 		if err != nil {
@@ -327,12 +388,20 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	finalStatus, reason := r.buildFinalStatus(ctx, obj)
 	if reason != kluctlv1.ReconciliationSucceededReason {
-		setReadiness(obj, metav1.ConditionFalse, reason, finalStatus)
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
-		return &ctrlResult, fmt.Errorf(finalStatus)
+		err = fmt.Errorf(finalStatus)
+		patchErr = doReadyCondition(metav1.ConditionFalse, reason, finalStatus)
+		if patchErr != nil {
+			err = multierror.Append(err, patchErr)
+			return nil, err
+		}
+		return &ctrlResult, err
 	}
-	setReadiness(obj, metav1.ConditionTrue, reason, finalStatus)
 	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(1.0)
+	patchErr = doReadyCondition(metav1.ConditionTrue, reason, finalStatus)
+	if patchErr != nil {
+		return nil, patchErr
+	}
 	return &ctrlResult, nil
 }
 
@@ -476,9 +545,6 @@ func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeploy
 func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) (ctrl.Result, error) {
 	r.doFinalize(ctx, obj)
 
-	// Record deleted status
-	r.recordReadiness(ctx, obj)
-
 	// Remove our finalizer from the list and update it
 	patch := client.MergeFrom(obj.DeepCopy())
 	controllerutil.RemoveFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
@@ -532,7 +598,7 @@ func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Con
 		if errors2.Unwrap(err) != nil {
 			err = errors2.Unwrap(err)
 		}
-		if meta2.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
+		if apimeta.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
 			// legacy object not present, we're safe to continue
 			return false, nil
 		}
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index 1ed21a626..7693450b3 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -4,10 +4,13 @@ import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/tools/reference"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
@@ -38,6 +41,14 @@ func (r *KluctlDeploymentReconciler) recordReadiness(ctx context.Context, obj *k
 	}
 	log := ctrl.LoggerFrom(ctx)
 
+	// make sure we use the latest conditions
+	var latest kluctlv1.KluctlDeployment
+	err := r.Client.Get(ctx, client.ObjectKeyFromObject(obj), &latest)
+	if err != nil {
+		return
+	}
+	obj = &latest
+
 	objRef, err := reference.GetReference(r.Scheme, obj)
 	if err != nil {
 		log.Error(err, "unable to record readiness metric")
@@ -86,3 +97,39 @@ func (r *KluctlDeploymentReconciler) recordDuration(ctx context.Context, obj *kl
 
 	r.MetricsRecorder.RecordDuration(*objRef, startTime)
 }
+
+func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
+	backoff := wait.Backoff{
+		Steps:    5,
+		Duration: 100 * time.Millisecond,
+		Jitter:   1.0,
+	}
+
+	return wait.ExponentialBackoff(backoff, func() (bool, error) {
+		var latest kluctlv1.KluctlDeployment
+		err := r.Client.Get(ctx, key, &latest)
+		if err != nil {
+			return false, err
+		}
+
+		conditionsPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
+
+		c := latest.GetConditions()
+		err = updateConditions(&c)
+		if err != nil {
+			return false, err
+		}
+		latest.SetConditions(c)
+
+		err = r.Status().Patch(ctx, &latest, conditionsPatch, client.FieldOwner(r.ControllerName))
+		if err != nil {
+			if errors.IsConflict(err) {
+				// retry
+				return false, nil
+			}
+			return false, err
+		}
+
+		return true, nil
+	})
+}
diff --git a/pkg/controllers/utils.go b/pkg/controllers/utils.go
index 050f21805..64e35e218 100644
--- a/pkg/controllers/utils.go
+++ b/pkg/controllers/utils.go
@@ -2,23 +2,33 @@ package controllers
 
 import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	meta "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func setReadiness(obj *kluctlv1.KluctlDeployment, status metav1.ConditionStatus, reason, message string) {
+func setReadinessCondition(c *[]metav1.Condition, status metav1.ConditionStatus, reason, message string, generation int64) {
 	newCondition := metav1.Condition{
 		Type:               meta.ReadyCondition,
 		Status:             status,
 		Reason:             reason,
 		Message:            trimString(message, kluctlv1.MaxConditionMessageLength),
-		ObservedGeneration: obj.Generation,
+		ObservedGeneration: generation,
 	}
 
-	c := obj.GetConditions()
-	apimeta.SetStatusCondition(&c, newCondition)
-	obj.SetConditions(c)
+	apimeta.SetStatusCondition(c, newCondition)
+}
+
+func setReconcilingCondition(c *[]metav1.Condition, status metav1.ConditionStatus, reason, message string, generation int64) {
+	newCondition := metav1.Condition{
+		Type:               meta.ReconcilingCondition,
+		Status:             status,
+		Reason:             reason,
+		Message:            trimString(message, kluctlv1.MaxConditionMessageLength),
+		ObservedGeneration: generation,
+	}
+
+	apimeta.SetStatusCondition(c, newCondition)
 }
 
 func trimString(str string, limit int) string {

From 93845ef703ef1ed01a51df68c74756f06dee7047 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Jul 2023 16:13:19 +0200
Subject: [PATCH 1336/2268] feat: Add reconcile state icon

---
 .../components/targets-view/TargetItem.tsx    | 80 ++++++++++++++++++-
 1 file changed, 77 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 649138e8c..daf7e79ac 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,9 +1,9 @@
 import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
-import { Box, SxProps, Theme, Typography, useTheme } from "@mui/material";
+import { Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
-import { Favorite, HeartBroken, PublishedWithChanges } from "@mui/icons-material";
+import { Done, Error, Favorite, HeartBroken, PublishedWithChanges, SyncProblem } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { calcAgo } from "../../utils/duration";
@@ -15,6 +15,74 @@ import { PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 
+const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
+    const theme = useTheme();
+
+    if (!props.ts.kluctlDeployments.length) {
+        return <></>
+    }
+
+    const buildStateTime = (c: any) => {
+        return "In this state since " + calcAgo(c.lastTransitionTime)
+    }
+
+    const kd = props.ts.kluctlDeployments[0]
+
+    let icon: React.ReactElement | undefined = undefined
+    const tooltip: string[] = []
+
+    if (!kd.deployment.status) {
+        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
+        tooltip.push("Status not available")
+    } else {
+        const conditions: any[] | undefined = kd.deployment.status.conditions
+        const readyCondition = conditions?.find(c => c.type === "Ready")
+        const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
+
+        if (reconcilingCondition) {
+            icon = <CircularProgress color={"info"} size={24}/>
+            tooltip.push(reconcilingCondition.message)
+            tooltip.push(buildStateTime(reconcilingCondition))
+        } else {
+            if (readyCondition) {
+                if (readyCondition.status === "True") {
+                    icon = <Done color={"success"}/>
+                    tooltip.push(readyCondition.message)
+                } else {
+                    if (readyCondition.reason === "PrepareFailed") {
+                        icon = <SyncProblem color={"error"}/>
+                        tooltip.push(readyCondition.message)
+                    } else if (readyCondition.reason === "ValidateFailed") {
+                        icon = <Done color={"success"}/>
+                        tooltip.push(readyCondition.message)
+                    } else {
+                        icon = <Error color={"warning"}/>
+                        tooltip.push(readyCondition.message)
+                    }
+                }
+                tooltip.push(buildStateTime(readyCondition))
+            } else {
+                icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
+                tooltip.push("Ready condition is missing")
+            }
+        }
+    }
+
+    if (!icon) {
+        icon = <MessageQuestionIcon color={theme.palette.warning.main} />
+        tooltip.push("Unexpected state")
+    }
+
+    return <Tooltip title={
+        <>
+            <Typography><b>Reconciliation State</b></Typography>
+            {tooltip.map(t => <Typography key={t}>{t}</Typography>)}
+        </>
+    }>
+        <Box display='flex'>{icon}</Box>
+    </Tooltip>
+}
+
 const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
     const theme = useTheme();
@@ -65,7 +133,12 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         tooltip.push("Validation performed " + calcAgo(props.ts.lastValidateResult.startTime) + " ago")
     }
 
-    return <Tooltip title={tooltip.map(t => <Typography key={t}>{t}</Typography>)}>
+    return <Tooltip title={
+        <>
+            <Typography><b>Validation State</b></Typography>
+            {tooltip.map(t => <Typography key={t}>{t}</Typography>)}
+        </>
+    }>
         <Box display='flex'>{icon}</Box>
     </Tooltip>
 }
@@ -208,6 +281,7 @@ export const TargetItem = React.memo(React.forwardRef((
                     </Tooltip>
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
+                    <ReconcilingIcon {...props} />
                     <StatusIcon {...props} />
                     <ActionsMenu menuItems={actionMenuItems} />
                 </Box>

From bb051aa83027c06c7318dda629ca3fc17b6c9acc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 13 Jul 2023 16:13:38 +0200
Subject: [PATCH 1337/2268] feat: Also take reconcile state into account when
 filtering for errors

---
 pkg/webui/ui/src/project-summaries.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index cd87bc393..e5de4ebe2 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -61,6 +61,13 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         let hasErrors = !!ts.lastValidateResult?.errors
         let hasWarnings = !!ts.lastValidateResult?.warnings
         let hasChanges = false
+        ts.kluctlDeployments.forEach(kd => {
+            const conditions: any[] | undefined = kd.deployment.status?.conditions
+            const readyCondition = conditions?.find(c => c.type === "Ready")
+            if (readyCondition && readyCondition.status === "False") {
+                hasErrors = true
+            }
+        })
         if (ts.commandResults.length) {
             hasErrors = hasErrors || !!ts.commandResults[0].errors?.length
             hasWarnings = hasWarnings || !!ts.commandResults[0].warnings?.length

From 1950b5443312f51b5c075dc1fe55fd83fb940075 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 09:11:45 +0200
Subject: [PATCH 1338/2268] feat: Track last prepare error in status

---
 api/v1beta1/kluctldeployment_types.go                    | 2 ++
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 2 ++
 install/controller/controller/crd.yaml                   | 2 ++
 pkg/controllers/kluctldeployment_controller.go           | 3 +++
 4 files changed, 9 insertions(+)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 18e601a37..3a2d62bde 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -323,6 +323,8 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastObjectsHash string `json:"lastObjectsHash,omitempty"`
 
+	// +optional
+	LastPrepareError string `json:"lastPrepareError,omitempty"`
 	// +optional
 	LastDeployError string `json:"lastDeployError,omitempty"`
 	// +optional
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 89465b50f..cf2ea96cb 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -458,6 +458,8 @@ spec:
                 type: string
               lastObjectsHash:
                 type: string
+              lastPrepareError:
+                type: string
               lastValidateError:
                 type: string
               lastValidateResult:
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index b990e6dc4..6617b1226 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -458,6 +458,8 @@ spec:
                 type: string
               lastObjectsHash:
                 type: string
+              lastPrepareError:
+                type: string
               lastValidateError:
                 type: string
               lastValidateResult:
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index abef01924..6f7ce803a 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -177,6 +177,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	doFailPrepare := func(err error) (*ctrl.Result, error) {
+		obj.Status.LastPrepareError = err.Error()
 		return doFail(kluctlv1.PrepareFailedReason, err)
 	}
 
@@ -249,6 +250,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
+	obj.Status.LastPrepareError = ""
+
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
 		return doFailPrepare(err)

From 27370d09eb40858936838ea7c863654ef88df366 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 09:14:38 +0200
Subject: [PATCH 1339/2268] fix: Use proper startTime for validate commands

Instead of using the project load time, which is misleading if
deploy+validate is happening in one go.
---
 pkg/deployment/commands/delete.go       | 2 +-
 pkg/deployment/commands/deploy.go       | 2 +-
 pkg/deployment/commands/diff.go         | 2 +-
 pkg/deployment/commands/poke_images.go  | 2 +-
 pkg/deployment/commands/prune.go        | 2 +-
 pkg/deployment/commands/result_utils.go | 8 ++++----
 pkg/deployment/commands/validate.go     | 8 +++++++-
 7 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 6edf12e0c..4e24954b5 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -80,7 +80,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		Warnings: dew.GetWarningsList(),
 	}
 	if cmd.targetCtx != nil {
-		err = addBaseCommandInfoToResult(cmd.targetCtx, r, "delete")
+		err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "delete")
 		if err != nil {
 			return r, err
 		}
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 2d0979c7a..af0649e4c 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -127,7 +127,7 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
 	r.Command.AbortOnError = cmd.AbortOnError
 	r.Command.NoWait = cmd.NoWait
-	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "deploy")
+	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
 	if err != nil {
 		return r, err
 	}
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 188937786..ece0bc25a 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -72,7 +72,7 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 	r.Command.ForceApply = cmd.ForceApply
 	r.Command.ReplaceOnError = cmd.ReplaceOnError
 	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
-	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "diff")
+	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "diff")
 	if err != nil {
 		return r, err
 	}
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 5197687b3..b0a22cccc 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -106,7 +106,7 @@ func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
 		Warnings:   dew.GetWarningsList(),
 		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 	}
-	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "deploy")
+	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
 	if err != nil {
 		return r, err
 	}
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index fa851d0d9..07e41b96b 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -61,7 +61,7 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
 		Warnings: dew.GetWarningsList(),
 	}
-	err = addBaseCommandInfoToResult(cmd.targetCtx, r, "prune")
+	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "prune")
 	if err != nil {
 		return r, err
 	}
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index dbdb33f4c..fe8954171 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -13,10 +13,10 @@ import (
 	"time"
 )
 
-func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *result.CommandResult, command string) error {
+func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.CommandResult, command string) error {
 	r.Target = targetCtx.Target
 	r.Command = result.CommandInfo{
-		StartTime: metav1.NewTime(targetCtx.KluctlProject.LoadTime),
+		StartTime: metav1.NewTime(startTime),
 		EndTime:   metav1.Now(),
 		Command:   command,
 		Args:      targetCtx.KluctlProject.LoadArgs.ExternalArgs,
@@ -50,8 +50,8 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *resu
 	return nil
 }
 
-func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, r *result.ValidateResult) error {
-	r.StartTime = metav1.NewTime(targetCtx.KluctlProject.LoadTime)
+func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.ValidateResult) error {
+	r.StartTime = metav1.NewTime(startTime)
 	r.EndTime = metav1.Now()
 	var err error
 	_, r.ProjectKey, err = buildGitInfo(targetCtx)
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index d2cdd30ab..4220a591f 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
+	"time"
 )
 
 type ValidateCommand struct {
@@ -39,6 +40,11 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 		Ready: true,
 	}
 
+	startTime := time.Now()
+	if cmd.r == nil {
+		startTime = cmd.targetCtx.KluctlProject.LoadTime
+	}
+
 	cmd.dew.Init()
 
 	var refs []k8s2.ObjectRef
@@ -115,7 +121,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 	ret.Warnings = append(ret.Warnings, cmd.dew.GetWarningsList()...)
 	ret.Errors = append(ret.Errors, cmd.dew.GetErrorsList()...)
 
-	err = addValidateCommandInfoToResult(cmd.targetCtx, &ret)
+	err = addValidateCommandInfoToResult(cmd.targetCtx, startTime, &ret)
 	if err != nil {
 		return nil, err
 	}

From aad33a40018436a0ecc632ad84147ac37aa67e8f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 09:14:58 +0200
Subject: [PATCH 1340/2268] fix: Fix filtering of GVKs

---
 pkg/k8s/resources.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index d9dce9c21..1809a9a9a 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -49,6 +49,8 @@ func (k *K8sCluster) doGetApiGroupResources() ([]*restmapper.APIGroupResources,
 
 func (k *K8sCluster) doGetFilteredGVKs(ret *[]schema.GroupVersionKind, g v1.APIGroup, v string, vrs []v1.APIResource, filter func(ar *v1.APIResource) bool) {
 	for _, vr := range vrs {
+		vr.Group = g.Name
+		vr.Version = v
 		if strings.Index(vr.Name, "/") != -1 {
 			// skip sub-resources
 			continue

From 5bebf9a390891d0ef5d229b82fd4d504bbd358d0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 09:15:28 +0200
Subject: [PATCH 1341/2268] feat: Introduce Since component to auto-update
 durartion strings

---
 .../ui/src/components/ScrollingTextLine.tsx   |  6 ++--
 pkg/webui/ui/src/components/Since.tsx         | 32 +++++++++++++++++++
 .../ui/src/components/targets-view/Card.tsx   |  4 +--
 .../targets-view/CommandResultItem.tsx        | 10 ++----
 .../components/targets-view/TargetItem.tsx    | 14 ++++----
 pkg/webui/ui/src/utils/duration.ts            | 11 ++-----
 6 files changed, 48 insertions(+), 29 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/Since.tsx

diff --git a/pkg/webui/ui/src/components/ScrollingTextLine.tsx b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
index 13f1f6010..7c2aebd33 100644
--- a/pkg/webui/ui/src/components/ScrollingTextLine.tsx
+++ b/pkg/webui/ui/src/components/ScrollingTextLine.tsx
@@ -2,7 +2,7 @@ import React, { useCallback, useRef, useState } from "react";
 import { Box, keyframes, Typography, TypographyProps } from "@mui/material"
 
 export type ScrollingTextLineProps = Omit<TypographyProps, 'children'> & {
-    children: string;
+    children: React.ReactNode;
     scrollPadding?: number;
     scrollSpeed?: number; 
 }
@@ -14,7 +14,7 @@ export const ScrollingTextLine = React.forwardRef((
     const {
         children,
         scrollPadding = 10,
-        scrollSpeed = 10,
+        scrollSpeed = 200,
         ...rest 
     } = props;
     const containerElem = useRef<HTMLElement | null>();
@@ -45,7 +45,7 @@ export const ScrollingTextLine = React.forwardRef((
             `
         : undefined;
 
-    const duration = children.length / scrollSpeed;
+    const duration = (scrollingElemWidth || 0) / scrollSpeed;
 
     return <Typography
         textAlign='left'
diff --git a/pkg/webui/ui/src/components/Since.tsx b/pkg/webui/ui/src/components/Since.tsx
new file mode 100644
index 000000000..10dd374fd
--- /dev/null
+++ b/pkg/webui/ui/src/components/Since.tsx
@@ -0,0 +1,32 @@
+import React, { useEffect, useState } from "react";
+import { formatDurationShort } from "../utils/duration";
+
+export const Since = (props: { startTime: Date | string }) => {
+    const [str, setStr] = useState("")
+    const [counter, setCounter] = useState(0)
+
+    useEffect(() => {
+        const update = () => {
+            let st = props.startTime
+            if (typeof st === "string") {
+                st = new Date(st)
+            }
+            const d = new Date().getTime() - st.getTime()
+            setStr(formatDurationShort(d))
+
+            if (d > 60000) {
+                return 10000
+            } else {
+                return 1000
+            }
+        }
+
+        const t = update()
+        const x = setTimeout(() => {
+            setCounter(counter + 1)
+        }, t)
+        return () => clearTimeout(x)
+    }, [props.startTime, counter])
+
+    return <>{str}</>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 37e763509..917e92176 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -44,9 +44,9 @@ export const CardTemplate = React.forwardRef((props: {
     boxProps?: BoxProps,
     icon?: React.ReactNode,
     iconTooltip?: React.ReactNode,
-    header?: string,
+    header?: React.ReactNode,
     headerTooltip?: React.ReactNode,
-    subheader?: string,
+    subheader?: React.ReactNode,
     subheaderTooltip?: React.ReactNode,
     body?: React.ReactNode,
     footer?: React.ReactNode,
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index e4c79b008..01f98ec14 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -6,7 +6,6 @@ import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { calcAgo } from "../../utils/duration";
 import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { ApiContext, AppContext } from "../App";
 import { Loading } from "../Loading";
@@ -14,6 +13,7 @@ import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { ErrorMessage } from "../ErrorMessage";
 import { Api } from "../../api";
 import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
+import { Since } from "../Since";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
     const r = await api.getCommandResult(rs.id);
@@ -106,7 +106,6 @@ export const CommandResultItem = React.memo(React.forwardRef((
         onClose
     } = props;
     const navigate = useNavigate();
-    const [ago, setAgo] = useState(calcAgo(rs.commandInfo.startTime))
 
     let Icon: () => JSX.Element = DiffIcon
     switch (rs.commandInfo?.command) {
@@ -132,11 +131,6 @@ export const CommandResultItem = React.memo(React.forwardRef((
         return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
     }, [rs.commandInfo]);
 
-    useEffect(() => {
-        const interval = setInterval(() => setAgo(calcAgo(rs.commandInfo.startTime)), 5000);
-        return () => clearInterval(interval);
-    }, [rs.commandInfo.startTime]);
-
     const body = expanded ? <CommandResultItemBody rs={rs} loadData={loadData} /> : undefined;
 
     return <CardTemplate
@@ -155,7 +149,7 @@ export const CommandResultItem = React.memo(React.forwardRef((
         icon={<Icon />}
         iconTooltip={iconTooltip}
         header={rs.commandInfo?.command}
-        subheader={ago}
+        subheader={<Since startTime={new Date(rs.commandInfo.startTime)}/>}
         subheaderTooltip={rs.commandInfo.startTime}
         body={body}
         footer={
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index daf7e79ac..4446bc8f9 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -6,7 +6,6 @@ import Tooltip from "@mui/material/Tooltip";
 import { Done, Error, Favorite, HeartBroken, PublishedWithChanges, SyncProblem } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { calcAgo } from "../../utils/duration";
 import { ApiContext } from "../App";
 import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
@@ -14,6 +13,7 @@ import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
+import { Since } from "../Since";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -23,13 +23,13 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     }
 
     const buildStateTime = (c: any) => {
-        return "In this state since " + calcAgo(c.lastTransitionTime)
+        return <>In this state since <Since startTime={c.lastTransitionTime}/></>
     }
 
     const kd = props.ts.kluctlDeployments[0]
 
     let icon: React.ReactElement | undefined = undefined
-    const tooltip: string[] = []
+    const tooltip: React.ReactNode[] = []
 
     if (!kd.deployment.status) {
         icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
@@ -76,7 +76,7 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     return <Tooltip title={
         <>
             <Typography><b>Reconciliation State</b></Typography>
-            {tooltip.map(t => <Typography key={t}>{t}</Typography>)}
+            {tooltip.map(t => <Typography>{t}</Typography>)}
         </>
     }>
         <Box display='flex'>{icon}</Box>
@@ -110,7 +110,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         icon = <HeartBroken color={"error"} />
     }
 
-    const tooltip: string[] = []
+    const tooltip: React.ReactNode[] = []
     if (!validateEnabled) {
         tooltip.push("Validation is disabled.")
     } else if (props.ts.lastValidateResult === undefined) {
@@ -130,13 +130,13 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         /*if (props.ts.lastValidateResult.drift?.length) {
             tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
         }*/
-        tooltip.push("Validation performed " + calcAgo(props.ts.lastValidateResult.startTime) + " ago")
+        tooltip.push(<>Validation performed <Since startTime={new Date(props.ts.lastValidateResult.startTime)}/> ago</>)
     }
 
     return <Tooltip title={
         <>
             <Typography><b>Validation State</b></Typography>
-            {tooltip.map(t => <Typography key={t}>{t}</Typography>)}
+            {tooltip.map(t => <Typography>{t}</Typography>)}
         </>
     }>
         <Box display='flex'>{icon}</Box>
diff --git a/pkg/webui/ui/src/utils/duration.ts b/pkg/webui/ui/src/utils/duration.ts
index 78f9c2bde..63770bce3 100644
--- a/pkg/webui/ui/src/utils/duration.ts
+++ b/pkg/webui/ui/src/utils/duration.ts
@@ -13,14 +13,14 @@ export function formatDuration(ms: number, withMs?: boolean) {
         .join(', ');
 }
 
-export function formatDurationShort(ms: number) {
+export function formatDurationShort(ms: number, withMs?: boolean) {
     if (ms < 0) ms = -ms;
     const time = {
         d: Math.floor(ms / 86400000),
         h: Math.floor(ms / 3600000) % 24,
         m: Math.floor(ms / 60000) % 60,
         s: Math.floor(ms / 1000) % 60,
-        ms: Math.floor(ms) % 1000
+        ms: withMs ? Math.floor(ms) % 1000 : 0
     };
     const f = Object.entries(time).find(val => val[1] > 0)
     if (f === undefined) {
@@ -28,10 +28,3 @@ export function formatDurationShort(ms: number) {
     }
     return f[1] + f[0]
 }
-
-export const calcAgo = (startTime: string) => {
-    const t1 = new Date(startTime)
-    const t2 = new Date()
-    const d = t2.getTime() - t1.getTime()
-    return formatDurationShort(d)
-}
\ No newline at end of file

From 0e60ad8e9a011fdbd33edd399852b16ac0ebeca0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 10:06:35 +0200
Subject: [PATCH 1342/2268] feat: Display validation results

---
 pkg/webui/ui/package-lock.json                | 1253 ++++++++++++++++-
 pkg/webui/ui/package.json                     |    2 +
 .../src/components/ValidateResultsTable.tsx   |   77 +
 .../components/targets-view/TargetItem.tsx    |   86 +-
 4 files changed, 1352 insertions(+), 66 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/ValidateResultsTable.tsx

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index 0edf99125..0027d71ca 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -30,10 +30,12 @@
         "match-sorter": "^6.3.1",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
+        "react-markdown": "^8.0.7",
         "react-router": "^6.10.0",
         "react-router-dom": "^6.12.1",
         "react-scripts": "5.0.1",
         "react-syntax-highlighter": "^15.5.0",
+        "remark-gfm": "^3.0.1",
         "sort-by": "^1.2.0",
         "typescript": "^4.9.5",
         "web-vitals": "^2.1.4"
@@ -4391,6 +4393,14 @@
         "@types/node": "*"
       }
     },
+    "node_modules/@types/debug": {
+      "version": "4.1.8",
+      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.8.tgz",
+      "integrity": "sha512-/vPO1EPOs306Cvhwv7KfVfYvOJqA/S/AXjaHQiJboCZzcNDb+TIJFN9/2C9DZ//ijSKWioNyUxD792QmDJ+HKQ==",
+      "dependencies": {
+        "@types/ms": "*"
+      }
+    },
     "node_modules/@types/eslint": {
       "version": "8.40.2",
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.40.2.tgz",
@@ -4522,11 +4532,24 @@
       "integrity": "sha512-Hwx9EUgdwf2GLarOjQp5ZH8ZmblzcbTBC2wtQWNKARBSxM9ezRIAUpeDTgoQRAFB0+8CNWXVA9+MaSOzOF3nPg==",
       "dev": true
     },
+    "node_modules/@types/mdast": {
+      "version": "3.0.12",
+      "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-3.0.12.tgz",
+      "integrity": "sha512-DT+iNIRNX884cx0/Q1ja7NyUPpZuv0KPyL5rGNxm1WC1OtHstl7n4Jb7nk+xacNShQMbczJjt8uFzznpp6kYBg==",
+      "dependencies": {
+        "@types/unist": "^2"
+      }
+    },
     "node_modules/@types/mime": {
       "version": "1.3.2",
       "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz",
       "integrity": "sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw=="
     },
+    "node_modules/@types/ms": {
+      "version": "0.7.31",
+      "resolved": "https://registry.npmjs.org/@types/ms/-/ms-0.7.31.tgz",
+      "integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA=="
+    },
     "node_modules/@types/node": {
       "version": "16.18.38",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.38.tgz",
@@ -5773,6 +5796,15 @@
         "babel-plugin-transform-react-remove-prop-types": "^0.4.24"
       }
     },
+    "node_modules/bail": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/bail/-/bail-2.0.2.tgz",
+      "integrity": "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/balanced-match": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -6071,6 +6103,15 @@
         "node": ">=4"
       }
     },
+    "node_modules/ccount": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz",
+      "integrity": "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/chalk": {
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
@@ -6937,6 +6978,27 @@
       "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.3.tgz",
       "integrity": "sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA=="
     },
+    "node_modules/decode-named-character-reference": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.0.2.tgz",
+      "integrity": "sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==",
+      "dependencies": {
+        "character-entities": "^2.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/decode-named-character-reference/node_modules/character-entities": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz",
+      "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/dedent": {
       "version": "0.7.0",
       "resolved": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz",
@@ -7097,6 +7159,14 @@
       "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz",
       "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw=="
     },
+    "node_modules/diff": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-5.1.0.tgz",
+      "integrity": "sha512-D+mk+qE8VC/PAUrlAU34N+VfXev0ghe5ywmpqrawphmVZc1bEfn56uo9qpyGp1p4xpzOHkSW4ztBd6L7Xx4ACw==",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
     "node_modules/diff-sequences": {
       "version": "27.5.1",
       "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.5.1.tgz",
@@ -8287,6 +8357,11 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
     },
+    "node_modules/extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
+    },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -9132,6 +9207,15 @@
         "url": "https://opencollective.com/unified"
       }
     },
+    "node_modules/hast-util-whitespace": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-2.0.1.tgz",
+      "integrity": "sha512-nAxA0v8+vXSBDt3AnRUNjyRIQ0rD+ntpbAp4LnPkumc5M9yUbSMa4XDU9Q6etY4f1Wp4bNgvc1yjiZtsTTrSng==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
     "node_modules/hastscript": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-6.0.0.tgz",
@@ -9541,6 +9625,11 @@
       "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
       "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew=="
     },
+    "node_modules/inline-style-parser": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz",
+      "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q=="
+    },
     "node_modules/internal-slot": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.5.tgz",
@@ -9654,6 +9743,28 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/is-buffer": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.5.tgz",
+      "integrity": "sha512-i2R6zNFDwgEHJyQUtJEk0XFi1i0dPFn/oqjK3/vPCcDeJvW5NQ83V8QbicfF1SupOaB0h8ntgBC2YiE7dfyctQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/is-callable": {
       "version": "1.2.7",
       "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz",
@@ -12376,6 +12487,15 @@
       "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
       "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ=="
     },
+    "node_modules/longest-streak": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz",
+      "integrity": "sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/loose-envify": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
@@ -12462,6 +12582,15 @@
         "tmpl": "1.0.5"
       }
     },
+    "node_modules/markdown-table": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.3.tgz",
+      "integrity": "sha512-Z1NL3Tb1M9wH4XESsCDEksWoKTdlUafKc4pt0GRwjUyXaCFZ+dc3g2erqB6zm3szA2IUSi7VnPI+o/9jnxh9hw==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/match-sorter": {
       "version": "6.3.1",
       "resolved": "https://registry.npmjs.org/match-sorter/-/match-sorter-6.3.1.tgz",
@@ -12471,6 +12600,220 @@
         "remove-accents": "0.4.2"
       }
     },
+    "node_modules/mdast-util-definitions": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-5.1.2.tgz",
+      "integrity": "sha512-8SVPMuHqlPME/z3gqVwWY4zVXn8lqKv/pAhC57FuJ40ImXyBpmO5ukh98zB2v7Blql2FiHjHv9LVztSIqjY+MA==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "@types/unist": "^2.0.0",
+        "unist-util-visit": "^4.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-find-and-replace": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/mdast-util-find-and-replace/-/mdast-util-find-and-replace-2.2.2.tgz",
+      "integrity": "sha512-MTtdFRz/eMDHXzeK6W3dO7mXUlF82Gom4y0oOgvHhh/HXZAGvIQDUvQ0SuUx+j2tv44b8xTHOm8K/9OoRFnXKw==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "escape-string-regexp": "^5.0.0",
+        "unist-util-is": "^5.0.0",
+        "unist-util-visit-parents": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-find-and-replace/node_modules/escape-string-regexp": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz",
+      "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/mdast-util-from-markdown": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-1.3.1.tgz",
+      "integrity": "sha512-4xTO/M8c82qBcnQc1tgpNtubGUW/Y1tBQ1B0i5CtSoelOLKFYlElIr3bvgREYYO5iRqbMY1YuqZng0GVOI8Qww==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "@types/unist": "^2.0.0",
+        "decode-named-character-reference": "^1.0.0",
+        "mdast-util-to-string": "^3.1.0",
+        "micromark": "^3.0.0",
+        "micromark-util-decode-numeric-character-reference": "^1.0.0",
+        "micromark-util-decode-string": "^1.0.0",
+        "micromark-util-normalize-identifier": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "unist-util-stringify-position": "^3.0.0",
+        "uvu": "^0.5.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-2.0.2.tgz",
+      "integrity": "sha512-qvZ608nBppZ4icQlhQQIAdc6S3Ffj9RGmzwUKUWuEICFnd1LVkN3EktF7ZHAgfcEdvZB5owU9tQgt99e2TlLjg==",
+      "dependencies": {
+        "mdast-util-from-markdown": "^1.0.0",
+        "mdast-util-gfm-autolink-literal": "^1.0.0",
+        "mdast-util-gfm-footnote": "^1.0.0",
+        "mdast-util-gfm-strikethrough": "^1.0.0",
+        "mdast-util-gfm-table": "^1.0.0",
+        "mdast-util-gfm-task-list-item": "^1.0.0",
+        "mdast-util-to-markdown": "^1.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm-autolink-literal": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-1.0.3.tgz",
+      "integrity": "sha512-My8KJ57FYEy2W2LyNom4n3E7hKTuQk/0SES0u16tjA9Z3oFkF4RrC/hPAPgjlSpezsOvI8ObcXcElo92wn5IGA==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "ccount": "^2.0.0",
+        "mdast-util-find-and-replace": "^2.0.0",
+        "micromark-util-character": "^1.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm-footnote": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-1.0.2.tgz",
+      "integrity": "sha512-56D19KOGbE00uKVj3sgIykpwKL179QsVFwx/DCW0u/0+URsryacI4MAdNJl0dh+u2PSsD9FtxPFbHCzJ78qJFQ==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "mdast-util-to-markdown": "^1.3.0",
+        "micromark-util-normalize-identifier": "^1.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm-strikethrough": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-1.0.3.tgz",
+      "integrity": "sha512-DAPhYzTYrRcXdMjUtUjKvW9z/FNAMTdU0ORyMcbmkwYNbKocDpdk+PX1L1dQgOID/+vVs1uBQ7ElrBQfZ0cuiQ==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "mdast-util-to-markdown": "^1.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm-table": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm-table/-/mdast-util-gfm-table-1.0.7.tgz",
+      "integrity": "sha512-jjcpmNnQvrmN5Vx7y7lEc2iIOEytYv7rTvu+MeyAsSHTASGCCRA79Igg2uKssgOs1i1po8s3plW0sTu1wkkLGg==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "markdown-table": "^3.0.0",
+        "mdast-util-from-markdown": "^1.0.0",
+        "mdast-util-to-markdown": "^1.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-gfm-task-list-item": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-1.0.2.tgz",
+      "integrity": "sha512-PFTA1gzfp1B1UaiJVyhJZA1rm0+Tzn690frc/L8vNX1Jop4STZgOE6bxUhnzdVSB+vm2GU1tIsuQcA9bxTQpMQ==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "mdast-util-to-markdown": "^1.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-phrasing": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/mdast-util-phrasing/-/mdast-util-phrasing-3.0.1.tgz",
+      "integrity": "sha512-WmI1gTXUBJo4/ZmSk79Wcb2HcjPJBzM1nlI/OUWA8yk2X9ik3ffNbBGsU+09BFmXaL1IBb9fiuvq6/KMiNycSg==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "unist-util-is": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-to-hast": {
+      "version": "12.3.0",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-12.3.0.tgz",
+      "integrity": "sha512-pits93r8PhnIoU4Vy9bjW39M2jJ6/tdHyja9rrot9uujkN7UTU9SDnE6WNJz/IGyQk3XHX6yNNtrBH6cQzm8Hw==",
+      "dependencies": {
+        "@types/hast": "^2.0.0",
+        "@types/mdast": "^3.0.0",
+        "mdast-util-definitions": "^5.0.0",
+        "micromark-util-sanitize-uri": "^1.1.0",
+        "trim-lines": "^3.0.0",
+        "unist-util-generated": "^2.0.0",
+        "unist-util-position": "^4.0.0",
+        "unist-util-visit": "^4.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-to-markdown": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-1.5.0.tgz",
+      "integrity": "sha512-bbv7TPv/WC49thZPg3jXuqzuvI45IL2EVAr/KxF0BSdHsU0ceFHOmwQn6evxAh1GaoK/6GQ1wp4R4oW2+LFL/A==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "@types/unist": "^2.0.0",
+        "longest-streak": "^3.0.0",
+        "mdast-util-phrasing": "^3.0.0",
+        "mdast-util-to-string": "^3.0.0",
+        "micromark-util-decode-string": "^1.0.0",
+        "unist-util-visit": "^4.0.0",
+        "zwitch": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/mdast-util-to-string": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-3.2.0.tgz",
+      "integrity": "sha512-V4Zn/ncyN1QNSqSBxTrMOLpjr+IKdHl2v3KVLoWmDPscP4r9GcCi71gjgvUV1SFSKh92AjAG4peFuBl2/YgCJg==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
     "node_modules/mdn-data": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz",
@@ -12521,52 +12864,587 @@
         "node": ">= 0.6"
       }
     },
-    "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+    "node_modules/micromark": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/micromark/-/micromark-3.2.0.tgz",
+      "integrity": "sha512-uD66tJj54JLYq0De10AhWycZWGQNUvDI55xPgk2sQM5kn1JYlhbCMTtEeT27+vAhW2FBQxLlOmS3pmA7/2z4aA==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
       "dependencies": {
-        "braces": "^3.0.2",
-        "picomatch": "^2.3.1"
+        "@types/debug": "^4.0.0",
+        "debug": "^4.0.0",
+        "decode-named-character-reference": "^1.0.0",
+        "micromark-core-commonmark": "^1.0.1",
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-chunked": "^1.0.0",
+        "micromark-util-combine-extensions": "^1.0.0",
+        "micromark-util-decode-numeric-character-reference": "^1.0.0",
+        "micromark-util-encode": "^1.0.0",
+        "micromark-util-normalize-identifier": "^1.0.0",
+        "micromark-util-resolve-all": "^1.0.0",
+        "micromark-util-sanitize-uri": "^1.0.0",
+        "micromark-util-subtokenize": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.1",
+        "uvu": "^0.5.0"
+      }
+    },
+    "node_modules/micromark-core-commonmark": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-1.1.0.tgz",
+      "integrity": "sha512-BgHO1aRbolh2hcrzL2d1La37V0Aoz73ymF8rAcKnohLy93titmv62E0gP8Hrx9PKcKrqCZ1BbLGbP3bEhoXYlw==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "decode-named-character-reference": "^1.0.0",
+        "micromark-factory-destination": "^1.0.0",
+        "micromark-factory-label": "^1.0.0",
+        "micromark-factory-space": "^1.0.0",
+        "micromark-factory-title": "^1.0.0",
+        "micromark-factory-whitespace": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-chunked": "^1.0.0",
+        "micromark-util-classify-character": "^1.0.0",
+        "micromark-util-html-tag-name": "^1.0.0",
+        "micromark-util-normalize-identifier": "^1.0.0",
+        "micromark-util-resolve-all": "^1.0.0",
+        "micromark-util-subtokenize": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.1",
+        "uvu": "^0.5.0"
+      }
+    },
+    "node_modules/micromark-extension-gfm": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-2.0.3.tgz",
+      "integrity": "sha512-vb9OoHqrhCmbRidQv/2+Bc6pkP0FrtlhurxZofvOEy5o8RtuuvTq+RQ1Vw5ZDNrVraQZu3HixESqbG+0iKk/MQ==",
+      "dependencies": {
+        "micromark-extension-gfm-autolink-literal": "^1.0.0",
+        "micromark-extension-gfm-footnote": "^1.0.0",
+        "micromark-extension-gfm-strikethrough": "^1.0.0",
+        "micromark-extension-gfm-table": "^1.0.0",
+        "micromark-extension-gfm-tagfilter": "^1.0.0",
+        "micromark-extension-gfm-task-list-item": "^1.0.0",
+        "micromark-util-combine-extensions": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
       },
-      "engines": {
-        "node": ">=8.6"
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
       }
     },
-    "node_modules/mime": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
-      "bin": {
-        "mime": "cli.js"
+    "node_modules/micromark-extension-gfm-autolink-literal": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-1.0.5.tgz",
+      "integrity": "sha512-z3wJSLrDf8kRDOh2qBtoTRD53vJ+CWIyo7uyZuxf/JAbNJjiHsOpG1y5wxk8drtv3ETAHutCu6N3thkOOgueWg==",
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-sanitize-uri": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
       },
-      "engines": {
-        "node": ">=4"
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
       }
     },
-    "node_modules/mime-db": {
-      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "engines": {
-        "node": ">= 0.6"
+    "node_modules/micromark-extension-gfm-footnote": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-1.1.2.tgz",
+      "integrity": "sha512-Yxn7z7SxgyGWRNa4wzf8AhYYWNrwl5q1Z8ii+CSTTIqVkmGZF1CElX2JI8g5yGoM3GAman9/PVCUFUSJ0kB/8Q==",
+      "dependencies": {
+        "micromark-core-commonmark": "^1.0.0",
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-normalize-identifier": "^1.0.0",
+        "micromark-util-sanitize-uri": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
       }
     },
-    "node_modules/mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+    "node_modules/micromark-extension-gfm-strikethrough": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-1.0.7.tgz",
+      "integrity": "sha512-sX0FawVE1o3abGk3vRjOH50L5TTLr3b5XMqnP9YDRb34M0v5OoZhG+OHFz1OffZ9dlwgpTBKaT4XW/AsUVnSDw==",
       "dependencies": {
-        "mime-db": "1.52.0"
+        "micromark-util-chunked": "^1.0.0",
+        "micromark-util-classify-character": "^1.0.0",
+        "micromark-util-resolve-all": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
       },
-      "engines": {
-        "node": ">= 0.6"
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
       }
     },
-    "node_modules/mimic-fn": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
-      "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
+    "node_modules/micromark-extension-gfm-table": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-1.0.7.tgz",
+      "integrity": "sha512-3ZORTHtcSnMQEKtAOsBQ9/oHp9096pI/UvdPtN7ehKvrmZZ2+bbWhi0ln+I9drmwXMt5boocn6OlwQzNXeVeqw==",
+      "dependencies": {
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/micromark-extension-gfm-tagfilter": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-1.0.2.tgz",
+      "integrity": "sha512-5XWB9GbAUSHTn8VPU8/1DBXMuKYT5uOgEjJb8gN3mW0PNW5OPHpSdojoqf+iq1xo7vWzw/P8bAHY0n6ijpXF7g==",
+      "dependencies": {
+        "micromark-util-types": "^1.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/micromark-extension-gfm-task-list-item": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-1.0.5.tgz",
+      "integrity": "sha512-RMFXl2uQ0pNQy6Lun2YBYT9g9INXtWJULgbt01D/x8/6yJ2qpKyzdZD3pi6UIkzF++Da49xAelVKUeUMqd5eIQ==",
+      "dependencies": {
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/micromark-factory-destination": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-1.1.0.tgz",
+      "integrity": "sha512-XaNDROBgx9SgSChd69pjiGKbV+nfHGDPVYFs5dOoDd7ZnMAE+Cuu91BCpsY8RT2NP9vo/B8pds2VQNCLiu0zhg==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-factory-label": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-1.1.0.tgz",
+      "integrity": "sha512-OLtyez4vZo/1NjxGhcpDSbHQ+m0IIGnT8BoPamh+7jVlzLJBH98zzuCoUeMxvM6WsNeh8wx8cKvqLiPHEACn0w==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
+      }
+    },
+    "node_modules/micromark-factory-space": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz",
+      "integrity": "sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-factory-title": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-1.1.0.tgz",
+      "integrity": "sha512-J7n9R3vMmgjDOCY8NPw55jiyaQnH5kBdV2/UXCtZIpnHH3P6nHUKaH7XXEYuWwx/xUJcawa8plLBEjMPU24HzQ==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-factory-whitespace": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-1.1.0.tgz",
+      "integrity": "sha512-v2WlmiymVSp5oMg+1Q0N1Lxmt6pMhIHD457whWM7/GUlEks1hI9xj5w3zbc4uuMKXGisksZk8DzP2UyGbGqNsQ==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-factory-space": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-character": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-1.2.0.tgz",
+      "integrity": "sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-chunked": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-1.1.0.tgz",
+      "integrity": "sha512-Ye01HXpkZPNcV6FiyoW2fGZDUw4Yc7vT0E9Sad83+bEDiCJ1uXu0S3mr8WLpsz3HaG3x2q0HM6CTuPdcZcluFQ==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-symbol": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-classify-character": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-1.1.0.tgz",
+      "integrity": "sha512-SL0wLxtKSnklKSUplok1WQFoGhUdWYKggKUiqhX+Swala+BtptGCu5iPRc+xvzJ4PXE/hwM3FNXsfEVgoZsWbw==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-combine-extensions": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-1.1.0.tgz",
+      "integrity": "sha512-Q20sp4mfNf9yEqDL50WwuWZHUrCO4fEyeDCnMGmG5Pr0Cz15Uo7KBs6jq+dq0EgX4DPwwrh9m0X+zPV1ypFvUA==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-chunked": "^1.0.0",
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-decode-numeric-character-reference": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-1.1.0.tgz",
+      "integrity": "sha512-m9V0ExGv0jB1OT21mrWcuf4QhP46pH1KkfWy9ZEezqHKAxkj4mPCy3nIH1rkbdMlChLHX531eOrymlwyZIf2iw==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-symbol": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-decode-string": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-1.1.0.tgz",
+      "integrity": "sha512-YphLGCK8gM1tG1bd54azwyrQRjCFcmgj2S2GoJDNnh4vYtnL38JS8M4gpxzOPNyHdNEpheyWXCTnnTDY3N+NVQ==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "decode-named-character-reference": "^1.0.0",
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-decode-numeric-character-reference": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-encode": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-1.1.0.tgz",
+      "integrity": "sha512-EuEzTWSTAj9PA5GOAs992GzNh2dGQO52UvAbtSOMvXTxv3Criqb6IOzJUBCmEqrrXSblJIJBbFFv6zPxpreiJw==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ]
+    },
+    "node_modules/micromark-util-html-tag-name": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-1.2.0.tgz",
+      "integrity": "sha512-VTQzcuQgFUD7yYztuQFKXT49KghjtETQ+Wv/zUjGSGBioZnkA4P1XXZPT1FHeJA6RwRXSF47yvJ1tsJdoxwO+Q==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ]
+    },
+    "node_modules/micromark-util-normalize-identifier": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-1.1.0.tgz",
+      "integrity": "sha512-N+w5vhqrBihhjdpM8+5Xsxy71QWqGn7HYNUvch71iV2PM7+E3uWGox1Qp90loa1ephtCxG2ftRV/Conitc6P2Q==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-symbol": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-resolve-all": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-1.1.0.tgz",
+      "integrity": "sha512-b/G6BTMSg+bX+xVCshPTPyAu2tmA0E4X98NSR7eIbeC6ycCqCeE7wjfDIgzEbkzdEVJXRtOG4FbEm/uGbCRouA==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-types": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-sanitize-uri": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-1.2.0.tgz",
+      "integrity": "sha512-QO4GXv0XZfWey4pYFndLUKEAktKkG5kZTdUNaTAkzbuJxn2tNBOr+QtxR2XpWaMhbImT2dPzyLrPXLlPhph34A==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-character": "^1.0.0",
+        "micromark-util-encode": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0"
+      }
+    },
+    "node_modules/micromark-util-subtokenize": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-1.1.0.tgz",
+      "integrity": "sha512-kUQHyzRoxvZO2PuLzMt2P/dwVsTiivCK8icYTeR+3WgbuPqfHgPPy7nFKbeqRivBvn/3N3GBiNC+JRTMSxEC7A==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ],
+      "dependencies": {
+        "micromark-util-chunked": "^1.0.0",
+        "micromark-util-symbol": "^1.0.0",
+        "micromark-util-types": "^1.0.0",
+        "uvu": "^0.5.0"
+      }
+    },
+    "node_modules/micromark-util-symbol": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz",
+      "integrity": "sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ]
+    },
+    "node_modules/micromark-util-types": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz",
+      "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==",
+      "funding": [
+        {
+          "type": "GitHub Sponsors",
+          "url": "https://github.com/sponsors/unifiedjs"
+        },
+        {
+          "type": "OpenCollective",
+          "url": "https://opencollective.com/unified"
+        }
+      ]
+    },
+    "node_modules/micromatch": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
+      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "dependencies": {
+        "braces": "^3.0.2",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mimic-fn": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
+      "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
       "engines": {
         "node": ">=6"
       }
@@ -12681,6 +13559,14 @@
         "mkdirp": "bin/cmd.js"
       }
     },
+    "node_modules/mri": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz",
+      "integrity": "sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/ms": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -14971,6 +15857,63 @@
       "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
       "integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
     },
+    "node_modules/react-markdown": {
+      "version": "8.0.7",
+      "resolved": "https://registry.npmjs.org/react-markdown/-/react-markdown-8.0.7.tgz",
+      "integrity": "sha512-bvWbzG4MtOU62XqBx3Xx+zB2raaFFsq4mYiAzfjXJMEz2sixgeAfraA3tvzULF02ZdOMUOKTBFFaZJDDrq+BJQ==",
+      "dependencies": {
+        "@types/hast": "^2.0.0",
+        "@types/prop-types": "^15.0.0",
+        "@types/unist": "^2.0.0",
+        "comma-separated-tokens": "^2.0.0",
+        "hast-util-whitespace": "^2.0.0",
+        "prop-types": "^15.0.0",
+        "property-information": "^6.0.0",
+        "react-is": "^18.0.0",
+        "remark-parse": "^10.0.0",
+        "remark-rehype": "^10.0.0",
+        "space-separated-tokens": "^2.0.0",
+        "style-to-object": "^0.4.0",
+        "unified": "^10.0.0",
+        "unist-util-visit": "^4.0.0",
+        "vfile": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      },
+      "peerDependencies": {
+        "@types/react": ">=16",
+        "react": ">=16"
+      }
+    },
+    "node_modules/react-markdown/node_modules/comma-separated-tokens": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz",
+      "integrity": "sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/react-markdown/node_modules/property-information": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/property-information/-/property-information-6.2.0.tgz",
+      "integrity": "sha512-kma4U7AFCTwpqq5twzC1YVIDXSqg6qQK6JN0smOw8fgRy1OkMi0CYSzFmsy6dnqSenamAtj0CyXMUJ1Mf6oROg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/react-markdown/node_modules/space-separated-tokens": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz",
+      "integrity": "sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/react-refresh": {
       "version": "0.11.0",
       "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.11.0.tgz",
@@ -15281,6 +16224,50 @@
         "node": ">= 0.10"
       }
     },
+    "node_modules/remark-gfm": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/remark-gfm/-/remark-gfm-3.0.1.tgz",
+      "integrity": "sha512-lEFDoi2PICJyNrACFOfDD3JlLkuSbOa5Wd8EPt06HUdptv8Gn0bxYTdbU/XXQ3swAPkEaGxxPN9cbnMHvVu1Ig==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "mdast-util-gfm": "^2.0.0",
+        "micromark-extension-gfm": "^2.0.0",
+        "unified": "^10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/remark-parse": {
+      "version": "10.0.2",
+      "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-10.0.2.tgz",
+      "integrity": "sha512-3ydxgHa/ZQzG8LvC7jTXccARYDcRld3VfcgIIFs7bI6vbRSxJJmzgLEIIoYKyrfhaY+ujuWaf/PJiMZXoiCXgw==",
+      "dependencies": {
+        "@types/mdast": "^3.0.0",
+        "mdast-util-from-markdown": "^1.0.0",
+        "unified": "^10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/remark-rehype": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-10.1.0.tgz",
+      "integrity": "sha512-EFmR5zppdBp0WQeDVZ/b66CWJipB2q2VLNFMabzDSGR66Z2fQii83G5gTBbgGEnEEA0QRussvrFHxk1HWGJskw==",
+      "dependencies": {
+        "@types/hast": "^2.0.0",
+        "@types/mdast": "^3.0.0",
+        "mdast-util-to-hast": "^12.1.0",
+        "unified": "^10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
     "node_modules/remove-accents": {
       "version": "0.4.2",
       "resolved": "https://registry.npmjs.org/remove-accents/-/remove-accents-0.4.2.tgz",
@@ -15548,6 +16535,17 @@
         "queue-microtask": "^1.2.2"
       }
     },
+    "node_modules/sade": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/sade/-/sade-1.8.1.tgz",
+      "integrity": "sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==",
+      "dependencies": {
+        "mri": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/safe-array-concat": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.0.0.tgz",
@@ -16288,6 +17286,14 @@
         "webpack": "^5.0.0"
       }
     },
+    "node_modules/style-to-object": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-0.4.1.tgz",
+      "integrity": "sha512-HFpbb5gr2ypci7Qw+IOhnP2zOU7e77b+rzM+wTzXzfi1PrtBCX0E7Pk4wL4iTLnhzZ+JgEGAhX81ebTg/aYjQw==",
+      "dependencies": {
+        "inline-style-parser": "0.1.1"
+      }
+    },
     "node_modules/stylehacks": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/stylehacks/-/stylehacks-5.1.1.tgz",
@@ -16782,6 +17788,24 @@
         "node": ">=8"
       }
     },
+    "node_modules/trim-lines": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz",
+      "integrity": "sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/trough": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/trough/-/trough-2.1.0.tgz",
+      "integrity": "sha512-AqTiAOLcj85xS7vQ8QkAV41hPDIJ71XJB4RCUrzo/1GM2CQwhkJGaf9Hgr7BOugMRpgGUrqRg/DrBDl4H40+8g==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
     "node_modules/tryer": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz",
@@ -16971,6 +17995,35 @@
         "node": ">=4"
       }
     },
+    "node_modules/unified": {
+      "version": "10.1.2",
+      "resolved": "https://registry.npmjs.org/unified/-/unified-10.1.2.tgz",
+      "integrity": "sha512-pUSWAi/RAnVy1Pif2kAoeWNBa3JVrx0MId2LASj8G+7AiHWoKZNTomq6LG326T68U7/e263X6fTdcXIy7XnF7Q==",
+      "dependencies": {
+        "@types/unist": "^2.0.0",
+        "bail": "^2.0.0",
+        "extend": "^3.0.0",
+        "is-buffer": "^2.0.0",
+        "is-plain-obj": "^4.0.0",
+        "trough": "^2.0.0",
+        "vfile": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unified/node_modules/is-plain-obj": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz",
+      "integrity": "sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/unique-string": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-2.0.0.tgz",
@@ -16982,6 +18035,78 @@
         "node": ">=8"
       }
     },
+    "node_modules/unist-util-generated": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/unist-util-generated/-/unist-util-generated-2.0.1.tgz",
+      "integrity": "sha512-qF72kLmPxAw0oN2fwpWIqbXAVyEqUzDHMsbtPvOudIlUzXYFIeQIuxXQCRCFh22B7cixvU0MG7m3MW8FTq/S+A==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unist-util-is": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-5.2.1.tgz",
+      "integrity": "sha512-u9njyyfEh43npf1M+yGKDGVPbY/JWEemg5nH05ncKPfi+kBbKBJoTdsogMu33uhytuLlv9y0O7GH7fEdwLdLQw==",
+      "dependencies": {
+        "@types/unist": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unist-util-position": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-4.0.4.tgz",
+      "integrity": "sha512-kUBE91efOWfIVBo8xzh/uZQ7p9ffYRtUbMRZBNFYwf0RK8koUMx6dGUfwylLOKmaT2cs4wSW96QoYUSXAyEtpg==",
+      "dependencies": {
+        "@types/unist": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unist-util-stringify-position": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-3.0.3.tgz",
+      "integrity": "sha512-k5GzIBZ/QatR8N5X2y+drfpWG8IDBzdnVj6OInRNWm1oXrzydiaAT2OQiA8DPRRZyAKb9b6I2a6PxYklZD0gKg==",
+      "dependencies": {
+        "@types/unist": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unist-util-visit": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-4.1.2.tgz",
+      "integrity": "sha512-MSd8OUGISqHdVvfY9TPhyK2VdUrPgxkUtWSuMHF6XAAFuL4LokseigBnZtPnJMu+FbynTkFNnFlyjxpVKujMRg==",
+      "dependencies": {
+        "@types/unist": "^2.0.0",
+        "unist-util-is": "^5.0.0",
+        "unist-util-visit-parents": "^5.1.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/unist-util-visit-parents": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-5.1.3.tgz",
+      "integrity": "sha512-x6+y8g7wWMyQhL1iZfhIPhDAs7Xwbn9nRosDXl7qoPTSCy0yNxnKc+hWokFifWQIDGi154rdUqKvbCa4+1kLhg==",
+      "dependencies": {
+        "@types/unist": "^2.0.0",
+        "unist-util-is": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
     "node_modules/universalify": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
@@ -17098,6 +18223,31 @@
         "uuid": "dist/bin/uuid"
       }
     },
+    "node_modules/uvu": {
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/uvu/-/uvu-0.5.6.tgz",
+      "integrity": "sha512-+g8ENReyr8YsOc6fv/NVJs2vFdHBnBNdfE49rshrTzDWOlUx4Gq7KOS2GD8eqhy2j+Ejq29+SbKH8yjkAqXqoA==",
+      "dependencies": {
+        "dequal": "^2.0.0",
+        "diff": "^5.0.0",
+        "kleur": "^4.0.3",
+        "sade": "^1.7.3"
+      },
+      "bin": {
+        "uvu": "bin.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/uvu/node_modules/kleur": {
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
+      "integrity": "sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/v8-to-istanbul": {
       "version": "8.1.1",
       "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-8.1.1.tgz",
@@ -17127,6 +18277,34 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/vfile": {
+      "version": "5.3.7",
+      "resolved": "https://registry.npmjs.org/vfile/-/vfile-5.3.7.tgz",
+      "integrity": "sha512-r7qlzkgErKjobAmyNIkkSpizsFPYiUPuJb5pNW1RB4JcYVZhs4lIbVqk8XPk033CV/1z8ss5pkax8SuhGpcG8g==",
+      "dependencies": {
+        "@types/unist": "^2.0.0",
+        "is-buffer": "^2.0.0",
+        "unist-util-stringify-position": "^3.0.0",
+        "vfile-message": "^3.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
+    "node_modules/vfile-message": {
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-3.1.4.tgz",
+      "integrity": "sha512-fa0Z6P8HUrQN4BZaX05SIVXic+7kE3b05PWAtPuYP9QLHsLKYR7/AlLW3NtOrpXRLeawpDLMsVkmk5DG0NXgWw==",
+      "dependencies": {
+        "@types/unist": "^2.0.0",
+        "unist-util-stringify-position": "^3.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/unified"
+      }
+    },
     "node_modules/w3c-hr-time": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/w3c-hr-time/-/w3c-hr-time-1.0.2.tgz",
@@ -18071,6 +19249,15 @@
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
+    },
+    "node_modules/zwitch": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz",
+      "integrity": "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A==",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
     }
   }
 }
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index c18278195..2a186f8d5 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -27,10 +27,12 @@
     "match-sorter": "^6.3.1",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
+    "react-markdown": "^8.0.7",
     "react-router": "^6.10.0",
     "react-router-dom": "^6.12.1",
     "react-scripts": "5.0.1",
     "react-syntax-highlighter": "^15.5.0",
+    "remark-gfm": "^3.0.1",
     "sort-by": "^1.2.0",
     "typescript": "^4.9.5",
     "web-vitals": "^2.1.4"
diff --git a/pkg/webui/ui/src/components/ValidateResultsTable.tsx b/pkg/webui/ui/src/components/ValidateResultsTable.tsx
new file mode 100644
index 000000000..31afbbe6f
--- /dev/null
+++ b/pkg/webui/ui/src/components/ValidateResultsTable.tsx
@@ -0,0 +1,77 @@
+import React from 'react';
+import Table from '@mui/material/Table';
+import TableBody from '@mui/material/TableBody';
+import TableCell from '@mui/material/TableCell';
+import TableContainer from '@mui/material/TableContainer';
+import TableHead from '@mui/material/TableHead';
+import TableRow from '@mui/material/TableRow';
+import { ValidateResultEntry } from "../models";
+import { Box, Divider, List, ListItem, ListItemText, Tooltip, Typography } from "@mui/material";
+import { buildRefKindElement } from "../api";
+import { buildListKey } from "../utils/listKey";
+import ReactMarkdown from "react-markdown";
+import remarkGfm from 'remark-gfm';
+
+export function ValidateResultsTable(props: { results: ValidateResultEntry[] }) {
+    return <>
+        <Box height={"100%"}>
+            <TableContainer>
+                <Table>
+                    <TableHead>
+                        <TableRow>
+                            <TableCell>Ref</TableCell>
+                            <TableCell>Annotation</TableCell>
+                            <TableCell>Message</TableCell>
+                        </TableRow>
+                    </TableHead>
+                    <TableBody>
+                        {props.results?.map(e=> (
+                            <TableRow key={buildListKey(e)}>
+                                <TableCell sx={{ minWidth: "150px" }}>
+                                    <List disablePadding>
+                                        {buildRefKindElement(e.ref, <>
+                                            <ListItem>
+                                                <ListItemText primary={e.ref.kind}/>
+                                            </ListItem>
+                                        </>)}
+                                        <Divider/>
+                                        <ListItem>
+                                            <ListItemText primary={e.ref.name}/>
+                                        </ListItem>
+                                        {e.ref.namespace && <>
+                                            <Divider/>
+                                            <ListItem>
+                                                <ListItemText primary={e.ref.namespace}/>
+                                            </ListItem>
+                                        </>}
+                                    </List>
+                                </TableCell>
+                                <TableCell>
+                                    <Tooltip title={e.annotation}>
+                                        <Typography>{e.annotation.replace("validate-result.kluctl.io/", "")}</Typography>
+                                    </Tooltip>
+                                </TableCell>
+                                <TableCell>
+                                    <ReactMarkdown remarkPlugins={[remarkGfm]} components={{
+                                        // make sure links are opened in a new tab
+                                        a({ node, children, ...props }) {
+                                            let url = new URL(props.href ?? "", window.location.href);
+                                            if (url.origin !== window.location.origin) {
+                                                props.target = "_blank";
+                                                props.rel = "noopener noreferrer";
+                                            }
+
+                                            return <a {...props}>{children}</a>;
+                                        },
+                                    }}>
+                                        {e.message}
+                                    </ReactMarkdown>
+                                </TableCell>
+                            </TableRow>
+                        ))}
+                    </TableBody>
+                </Table>
+            </TableContainer>
+        </Box>
+    </>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 4446bc8f9..e9f4af19e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,6 +1,6 @@
 import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
-import { Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
+import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import { Done, Error, Favorite, HeartBroken, PublishedWithChanges, SyncProblem } from "@mui/icons-material";
@@ -14,6 +14,7 @@ import { PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { Since } from "../Since";
+import { ValidateResultsTable } from "../ValidateResultsTable";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -69,14 +70,14 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     }
 
     if (!icon) {
-        icon = <MessageQuestionIcon color={theme.palette.warning.main} />
+        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
         tooltip.push("Unexpected state")
     }
 
     return <Tooltip title={
         <>
-            <Typography><b>Reconciliation State</b></Typography>
-            {tooltip.map(t => <Typography>{t}</Typography>)}
+            <Typography key={"title"}><b>Reconciliation State</b></Typography>
+            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
         </>
     }>
         <Box display='flex'>{icon}</Box>
@@ -97,17 +98,17 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     if (!validateEnabled) {
         icon = <Favorite color={"disabled"}/>
     } else if (props.ts.lastValidateResult === undefined) {
-        icon = <MessageQuestionIcon color={theme.palette.error.main} />
+        icon = <MessageQuestionIcon color={theme.palette.error.main}/>
     } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
         if (props.ts.lastValidateResult.warnings) {
-            icon = <Favorite color={"warning"} />
-        /*} else if (props.ts.lastValidateResult.drift?.length) {
-            icon = <Favorite color={"primary"} />*/
+            icon = <Favorite color={"warning"}/>
+            /*} else if (props.ts.lastValidateResult.drift?.length) {
+                icon = <Favorite color={"primary"} />*/
         } else {
-            icon = <Favorite color={"success"} />
+            icon = <Favorite color={"success"}/>
         }
     } else {
-        icon = <HeartBroken color={"error"} />
+        icon = <HeartBroken color={"error"}/>
     }
 
     const tooltip: React.ReactNode[] = []
@@ -135,8 +136,8 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
 
     return <Tooltip title={
         <>
-            <Typography><b>Validation State</b></Typography>
-            {tooltip.map(t => <Typography>{t}</Typography>)}
+            <Typography key={"title"}><b>Validation State</b></Typography>
+            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
         </>
     }>
         <Box display='flex'>{icon}</Box>
@@ -157,7 +158,7 @@ export const TargetItemBody = React.memo((props: {
     }, [props.ts.lastValidateResult?.id])
 
     if (loading) {
-        return <Loading />;
+        return <Loading/>;
     }
 
     if (error) {
@@ -166,7 +167,7 @@ export const TargetItemBody = React.memo((props: {
         </ErrorMessage>;
     }
 
-    return <CardBody provider={new MyProvider(props.ts, vr)}/>
+    return <CardBody provider={new TargetItemCardProvider(props.ts, vr)}/>
 });
 
 export const TargetItem = React.memo(React.forwardRef((
@@ -185,21 +186,21 @@ export const TargetItem = React.memo(React.forwardRef((
 
     props.ts.kluctlDeployments.forEach(kd => {
         actionMenuItems.push({
-            icon: <PublishedWithChanges />,
+            icon: <PublishedWithChanges/>,
             text: <Typography>Validate <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
                 api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
-            icon: <PublishedWithChanges />,
+            icon: <PublishedWithChanges/>,
             text: <Typography>Reconcile <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
                 api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
-            icon: <PublishedWithChanges />,
+            icon: <PublishedWithChanges/>,
             text: <Typography>Deploy <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
                 api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
@@ -236,21 +237,21 @@ export const TargetItem = React.memo(React.forwardRef((
 
     const iconTooltipChildren: React.ReactNode[] = []
     if (props.ts.kluctlDeployments.length) {
-        iconTooltipChildren.push(<Typography variant={"subtitle2"}><b>KluctlDeployments</b></Typography>)
+        iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant={"subtitle2"}><b>KluctlDeployments</b></Typography>)
         props.ts.kluctlDeployments.forEach(kd => {
-            iconTooltipChildren.push(<Typography variant={"subtitle2"}>{kd.deployment.metadata.name}</Typography>)
+            iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant={"subtitle2"}>{kd.deployment.metadata.name}</Typography>)
         })
-        iconTooltipChildren.push(<br/>)
+        iconTooltipChildren.push(<br key={iconTooltipChildren.length}/>)
     }
     if (allContexts.length) {
-        iconTooltipChildren.push(<Typography variant="subtitle2"><b>Contexts</b></Typography>)
+        iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant="subtitle2"><b>Contexts</b></Typography>)
         allContexts.forEach(context => {
-            iconTooltipChildren.push(<Typography key={context} variant="subtitle2">{context}</Typography>)
+            iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant="subtitle2">{context}</Typography>)
         })
     }
     const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
 
-    const body = props.expanded ? <TargetItemBody ts={props.ts} /> : undefined;
+    const body = props.expanded ? <TargetItemBody ts={props.ts}/> : undefined;
 
     return <CardTemplate
         ref={ref}
@@ -265,7 +266,7 @@ export const TargetItem = React.memo(React.forwardRef((
             },
             onClick: e => props.onSelectTarget?.(props.ts)
         }}
-        icon={<TargetIcon />}
+        icon={<TargetIcon/>}
         iconTooltip={iconTooltip}
         header={header}
         subheader={subheader}
@@ -274,16 +275,16 @@ export const TargetItem = React.memo(React.forwardRef((
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
-                        <Box display='flex'><CpuIcon /></Box>
+                        <Box display='flex'><CpuIcon/></Box>
                     </Tooltip>
                     <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
-                        <Box display='flex'><FingerScanIcon /></Box>
+                        <Box display='flex'><FingerScanIcon/></Box>
                     </Tooltip>
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <ReconcilingIcon {...props} />
                     <StatusIcon {...props} />
-                    <ActionsMenu menuItems={actionMenuItems} />
+                    <ActionsMenu menuItems={actionMenuItems}/>
                 </Box>
             </>
         }
@@ -292,7 +293,7 @@ export const TargetItem = React.memo(React.forwardRef((
 
 TargetItem.displayName = 'TargetItem';
 
-class MyProvider implements SidePanelProvider {
+class TargetItemCardProvider implements SidePanelProvider {
     private ts?: TargetSummary;
     private lastValidateResult?: ValidateResult
 
@@ -310,16 +311,22 @@ class MyProvider implements SidePanelProvider {
             { label: "Summary", content: this.buildSummaryTab() }
         ]
 
+        if (this.lastValidateResult?.results) {
+            tabs.push({
+                label: "Validation Results",
+                content: <ValidateResultsTable results={this.lastValidateResult.results}/>
+            })
+        }
         if (this.lastValidateResult?.errors) {
             tabs.push({
-                label: "Errors",
-                content: <ErrorsTable errors={this.lastValidateResult.errors} />
+                label: "Validation Errors",
+                content: <ErrorsTable errors={this.lastValidateResult.errors}/>
             })
         }
         if (this.lastValidateResult?.warnings) {
             tabs.push({
-                label: "Warnings",
-                content: <ErrorsTable errors={this.lastValidateResult.warnings} />
+                label: "Validation Warnings",
+                content: <ErrorsTable errors={this.lastValidateResult.warnings}/>
             })
         }
 
@@ -342,8 +349,21 @@ class MyProvider implements SidePanelProvider {
             props.push({ name: "Warnings", value: this.ts?.lastValidateResult.warnings + "" })
         }
 
+        let errorHeader
+        if (this.ts?.kluctlDeployments.length) {
+            const kd = this.ts.kluctlDeployments[0]
+            if (kd.deployment.status && kd.deployment.status.lastPrepareError) {
+                errorHeader = <Alert severity="error">
+                    The prepare step failed for this deployment. This usually means that your deployment is severely
+                    broken and can't even be loaded.<br/>
+                    The error message is: <b>{kd.deployment.status.lastPrepareError}</b>
+                </Alert>
+            }
+        }
+
         return <>
-            <PropertiesTable properties={props} />
+            {errorHeader}
+            <PropertiesTable properties={props}/>
         </>
     }
 

From d1814a936358078388755ca60a2cff873133e531 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 10:33:24 +0200
Subject: [PATCH 1343/2268] feat: Allow to overwrite all kluctl-.* related
 managers

---
 pkg/diff/managed_fields.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 9c7f11cc8..c6730e3ae 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -21,6 +21,7 @@ var forceApplyFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/force-apply-
 var ignoreConflictsFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-conflicts-field(-\d*)?$`)
 var overwriteAllowedManagers = []*regexp.Regexp{
 	regexp.MustCompile("^kluctl$"),
+	regexp.MustCompile("^kluctl-.*$"),
 	regexp.MustCompile("^kubectl$"),
 	regexp.MustCompile("^kubectl-.*$"),
 	regexp.MustCompile("^rancher$"),

From c38c876d9ed981c32cf5c76f8119e3cc396e6d7e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 10:33:47 +0200
Subject: [PATCH 1344/2268] feat: Implement suspend via webui

---
 pkg/webui/server.go                           | 66 ++++++++++++++-----
 pkg/webui/ui/src/api.tsx                      | 14 ++++
 .../components/targets-view/TargetItem.tsx    | 37 +++++++++--
 3 files changed, 95 insertions(+), 22 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 90772cbb5..422fe15ec 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -121,6 +121,7 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	api.POST("/validateNow", s.validateNow)
 	api.POST("/reconcileNow", s.reconcileNow)
 	api.POST("/deployNow", s.deployNow)
+	api.POST("/setSuspended", s.setSuspended)
 
 	err = s.events.startEventsWatcher()
 	if err != nil {
@@ -364,25 +365,12 @@ func (s *CommandResultsServer) getValidateResult(c *gin.Context) {
 	c.JSON(http.StatusOK, vr)
 }
 
-type kluctlDeploymentParam struct {
-	Cluster   string `json:"cluster"`
-	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
-}
-
-func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, avalue string) {
-	var params kluctlDeploymentParam
-	err := c.Bind(&params)
-	if err != nil {
-		_ = c.AbortWithError(http.StatusBadRequest, err)
-		return
-	}
-
+func (s *CommandResultsServer) doModifyKluctlDeployment(c *gin.Context, clusterId string, name string, namespace string, update func(obj *kluctlv1.KluctlDeployment) error) {
 	user := s.auth.getUser(c)
 
-	ca := s.cam.getForClusterId(params.Cluster)
+	ca := s.cam.getForClusterId(clusterId)
 	if ca == nil {
-		_ = c.AbortWithError(http.StatusNotFound, err)
+		_ = c.AbortWithError(http.StatusNotFound, fmt.Errorf("cluster %s not found", clusterId))
 		return
 	}
 
@@ -396,7 +384,7 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 	defer cancel()
 
 	var kd kluctlv1.KluctlDeployment
-	err = kc.Get(ctx, client.ObjectKey{Name: params.Name, Namespace: params.Namespace}, &kd)
+	err = kc.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, &kd)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			_ = c.AbortWithError(http.StatusNotFound, err)
@@ -407,7 +395,13 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 	}
 
 	patch := client.MergeFrom(kd.DeepCopy())
-	metav1.SetMetaDataAnnotation(&kd.ObjectMeta, aname, avalue)
+
+	err = update(&kd)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+		return
+	}
+
 	err = kc.Patch(ctx, &kd, patch, client.FieldOwner(webuiManager))
 	if err != nil {
 		_ = c.AbortWithError(http.StatusInternalServerError, err)
@@ -417,6 +411,25 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 	c.Status(http.StatusOK)
 }
 
+type KluctlDeploymentParam struct {
+	Cluster   string `json:"cluster"`
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
+}
+
+func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, avalue string) {
+	var params KluctlDeploymentParam
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+	s.doModifyKluctlDeployment(c, params.Cluster, params.Name, params.Namespace, func(obj *kluctlv1.KluctlDeployment) error {
+		metav1.SetMetaDataAnnotation(&obj.ObjectMeta, aname, avalue)
+		return nil
+	})
+}
+
 func (s *CommandResultsServer) validateNow(c *gin.Context) {
 	s.doSetAnnotation(c, kluctlv1.KluctlRequestValidateAnnotation, time.Now().Format(time.RFC3339Nano))
 }
@@ -428,3 +441,20 @@ func (s *CommandResultsServer) reconcileNow(c *gin.Context) {
 func (s *CommandResultsServer) deployNow(c *gin.Context) {
 	s.doSetAnnotation(c, kluctlv1.KluctlRequestDeployAnnotation, time.Now().Format(time.RFC3339Nano))
 }
+
+func (s *CommandResultsServer) setSuspended(c *gin.Context) {
+	var params struct {
+		KluctlDeploymentParam
+		Suspend bool `json:"suspend"`
+	}
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	s.doModifyKluctlDeployment(c, params.Cluster, params.Name, params.Namespace, func(obj *kluctlv1.KluctlDeployment) error {
+		obj.Spec.Suspend = params.Suspend
+		return nil
+	})
+}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 40af55f47..eaae45584 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -41,6 +41,7 @@ export interface Api {
     validateNow(cluster: string, name: string, namespace: string): Promise<Response>
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
+    setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response>
 }
 
 export async function checkStaticBuild() {
@@ -247,6 +248,15 @@ export class RealApi implements Api {
             "namespace": namespace,
         })
     }
+
+    async setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response> {
+        return this.doPost("/api/setSuspended", {
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
+            "suspend": suspend,
+        })
+    }
 }
 
 export class StaticApi implements Api {
@@ -312,6 +322,10 @@ export class StaticApi implements Api {
     deployNow(cluster: string, name: string, namespace: string): Promise<Response> {
         throw new Error("not implemented")
     }
+
+    setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response> {
+        throw new Error("not implemented")
+    }
 }
 
 function buildRefParams(ref: ObjectRef, params: URLSearchParams) {
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index e9f4af19e..7c56a30e2 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -3,7 +3,16 @@ import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
-import { Done, Error, Favorite, HeartBroken, PublishedWithChanges, SyncProblem } from "@mui/icons-material";
+import {
+    Done,
+    Error,
+    Favorite,
+    HeartBroken,
+    Hotel,
+    Pause, PlayArrow,
+    PublishedWithChanges, RocketLaunch,
+    SyncProblem, Troubleshoot
+} from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { ApiContext } from "../App";
@@ -32,7 +41,10 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement | undefined = undefined
     const tooltip: React.ReactNode[] = []
 
-    if (!kd.deployment.status) {
+    if (kd.deployment.spec.suspend) {
+        icon = <Hotel color={"primary"}/>
+        tooltip.push("Deployment is suspended")
+    } else if (!kd.deployment.status) {
         icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
         tooltip.push("Status not available")
     } else {
@@ -186,7 +198,7 @@ export const TargetItem = React.memo(React.forwardRef((
 
     props.ts.kluctlDeployments.forEach(kd => {
         actionMenuItems.push({
-            icon: <PublishedWithChanges/>,
+            icon: <Troubleshoot/>,
             text: <Typography>Validate <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
                 api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
@@ -200,12 +212,29 @@ export const TargetItem = React.memo(React.forwardRef((
             }
         })
         actionMenuItems.push({
-            icon: <PublishedWithChanges/>,
+            icon: <RocketLaunch/>,
             text: <Typography>Deploy <b>{kd.deployment.metadata.name}</b></Typography>,
             handler: () => {
                 api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
+        if (!kd.deployment.spec.suspend) {
+            actionMenuItems.push({
+                icon: <Pause/>,
+                text: <Typography>Suspend <b>{kd.deployment.metadata.name}</b></Typography>,
+                handler: () => {
+                    api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
+                }
+            })
+        } else {
+            actionMenuItems.push({
+                icon: <PlayArrow/>,
+                text: <Typography>Resume <b>{kd.deployment.metadata.name}</b></Typography>,
+                handler: () => {
+                    api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
+                }
+            })
+        }
     })
 
     const allContexts: string[] = []

From ea0db6cdbcf9722ae5a1081a184c7b4d4074492a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 10:58:25 +0200
Subject: [PATCH 1345/2268] feat: Show requested reconciliation

---
 .../src/components/targets-view/TargetItem.tsx | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 7c56a30e2..1c8d3e3d8 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -8,7 +8,7 @@ import {
     Error,
     Favorite,
     HeartBroken,
-    Hotel,
+    Hotel, HourglassTop,
     Pause, PlayArrow,
     PublishedWithChanges, RocketLaunch,
     SyncProblem, Troubleshoot
@@ -41,6 +41,11 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement | undefined = undefined
     const tooltip: React.ReactNode[] = []
 
+    const annotations: any = kd.deployment.metadata?.annotations || {}
+    const requestReconcile = annotations["kluctl.io/request-reconcile"]
+    const requestValidate = annotations["kluctl.io/request-validate"]
+    const requestDeploy = annotations["kluctl.io/request-deploy"]
+
     if (kd.deployment.spec.suspend) {
         icon = <Hotel color={"primary"}/>
         tooltip.push("Deployment is suspended")
@@ -57,7 +62,16 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
             tooltip.push(reconcilingCondition.message)
             tooltip.push(buildStateTime(reconcilingCondition))
         } else {
-            if (readyCondition) {
+            if (requestReconcile && requestReconcile !== kd.deployment.status.lastHandledReconcileAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Reconcile requested: " + requestReconcile)
+            } else if (requestValidate && requestValidate !== kd.deployment.status.lastHandledValidateAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Validate requested: " + requestValidate)
+            } else if (requestDeploy && requestDeploy !== kd.deployment.status.lastHandledDeployAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Deploy requested: " + requestReconcile)
+            } else if (readyCondition) {
                 if (readyCondition.status === "True") {
                     icon = <Done color={"success"}/>
                     tooltip.push(readyCondition.message)

From ae10ae42dc4f348714cd82813326f8541fb5b3bd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 11:54:28 +0200
Subject: [PATCH 1346/2268] fix: Add missing KluctlDeployment info to
 validation result summary

---
 pkg/types/result/validate_result.go       | 32 ++++++++++++-----------
 pkg/types/result/zz_generated.deepcopy.go |  5 ++++
 pkg/webui/ui/src/models.ts                |  2 ++
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index 49434916c..26a0d149b 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -25,12 +25,13 @@ type ValidateResult struct {
 }
 
 type ValidateResultSummary struct {
-	Id         string      `json:"id"`
-	ProjectKey ProjectKey  `json:"projectKey"`
-	TargetKey  TargetKey   `json:"targetKey"`
-	StartTime  metav1.Time `json:"startTime"`
-	EndTime    metav1.Time `json:"endTime"`
-	Ready      bool        `json:"ready"`
+	Id               string                `json:"id"`
+	ProjectKey       ProjectKey            `json:"projectKey"`
+	TargetKey        TargetKey             `json:"targetKey"`
+	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	StartTime        metav1.Time           `json:"startTime"`
+	EndTime          metav1.Time           `json:"endTime"`
+	Ready            bool                  `json:"ready"`
 
 	Warnings int `json:"warnings"`
 	Errors   int `json:"errors"`
@@ -39,14 +40,15 @@ type ValidateResultSummary struct {
 
 func (vr *ValidateResult) BuildSummary() ValidateResultSummary {
 	return ValidateResultSummary{
-		Id:         vr.Id,
-		ProjectKey: vr.ProjectKey,
-		TargetKey:  vr.TargetKey,
-		StartTime:  vr.StartTime,
-		EndTime:    vr.EndTime,
-		Ready:      vr.Ready,
-		Warnings:   len(vr.Warnings),
-		Errors:     len(vr.Errors),
-		Results:    len(vr.Results),
+		Id:               vr.Id,
+		ProjectKey:       vr.ProjectKey,
+		TargetKey:        vr.TargetKey,
+		KluctlDeployment: vr.KluctlDeployment,
+		StartTime:        vr.StartTime,
+		EndTime:          vr.EndTime,
+		Ready:            vr.Ready,
+		Warnings:         len(vr.Warnings),
+		Errors:           len(vr.Errors),
+		Results:          len(vr.Results),
 	}
 }
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 2a8c8cd73..6d512e63f 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -480,6 +480,11 @@ func (in *ValidateResultSummary) DeepCopyInto(out *ValidateResultSummary) {
 	*out = *in
 	out.ProjectKey = in.ProjectKey
 	out.TargetKey = in.TargetKey
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
 	in.StartTime.DeepCopyInto(&out.StartTime)
 	in.EndTime.DeepCopyInto(&out.EndTime)
 }
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 0b87f60c1..7a1e720c9 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -798,6 +798,7 @@ export class ValidateResultSummary {
     id: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
+    kluctlDeployment?: KluctlDeploymentInfo;
     startTime: string;
     endTime: string;
     ready: boolean;
@@ -810,6 +811,7 @@ export class ValidateResultSummary {
         this.id = source["id"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];
         this.ready = source["ready"];

From 65e061fa1945593c49f1d9fdcd299b4682a4cd2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 11:55:38 +0200
Subject: [PATCH 1347/2268] feat: Have one target card per KluctlDeployment

---
 .../components/targets-view/TargetItem.tsx    | 61 ++++++++-----------
 .../components/targets-view/TargetsView.tsx   |  4 +-
 pkg/webui/ui/src/project-summaries.ts         | 36 ++++++-----
 3 files changed, 48 insertions(+), 53 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 1c8d3e3d8..70daff84d 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -28,7 +28,7 @@ import { ValidateResultsTable } from "../ValidateResultsTable";
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
 
-    if (!props.ts.kluctlDeployments.length) {
+    if (!props.ts.kd) {
         return <></>
     }
 
@@ -36,24 +36,22 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
         return <>In this state since <Since startTime={c.lastTransitionTime}/></>
     }
 
-    const kd = props.ts.kluctlDeployments[0]
-
     let icon: React.ReactElement | undefined = undefined
     const tooltip: React.ReactNode[] = []
 
-    const annotations: any = kd.deployment.metadata?.annotations || {}
+    const annotations: any = props.ts.kd.deployment.metadata?.annotations || {}
     const requestReconcile = annotations["kluctl.io/request-reconcile"]
     const requestValidate = annotations["kluctl.io/request-validate"]
     const requestDeploy = annotations["kluctl.io/request-deploy"]
 
-    if (kd.deployment.spec.suspend) {
+    if (props.ts.kd.deployment.spec.suspend) {
         icon = <Hotel color={"primary"}/>
         tooltip.push("Deployment is suspended")
-    } else if (!kd.deployment.status) {
+    } else if (!props.ts.kd.deployment.status) {
         icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
         tooltip.push("Status not available")
     } else {
-        const conditions: any[] | undefined = kd.deployment.status.conditions
+        const conditions: any[] | undefined = props.ts.kd.deployment.status.conditions
         const readyCondition = conditions?.find(c => c.type === "Ready")
         const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
 
@@ -62,13 +60,13 @@ const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
             tooltip.push(reconcilingCondition.message)
             tooltip.push(buildStateTime(reconcilingCondition))
         } else {
-            if (requestReconcile && requestReconcile !== kd.deployment.status.lastHandledReconcileAt) {
+            if (requestReconcile && requestReconcile !== props.ts.kd.deployment.status.lastHandledReconcileAt) {
                 icon = <HourglassTop color={"primary"}/>
                 tooltip.push("Reconcile requested: " + requestReconcile)
-            } else if (requestValidate && requestValidate !== kd.deployment.status.lastHandledValidateAt) {
+            } else if (requestValidate && requestValidate !== props.ts.kd.deployment.status.lastHandledValidateAt) {
                 icon = <HourglassTop color={"primary"}/>
                 tooltip.push("Validate requested: " + requestValidate)
-            } else if (requestDeploy && requestDeploy !== kd.deployment.status.lastHandledDeployAt) {
+            } else if (requestDeploy && requestDeploy !== props.ts.kd.deployment.status.lastHandledDeployAt) {
                 icon = <HourglassTop color={"primary"}/>
                 tooltip.push("Deploy requested: " + requestReconcile)
             } else if (readyCondition) {
@@ -114,14 +112,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     let icon: React.ReactElement
     const theme = useTheme();
 
-    let validateEnabled = false
-    props.ts.kluctlDeployments.forEach(kd => {
-        if (kd.deployment.spec.validate) {
-            validateEnabled = true
-        }
-    })
-
-    if (!validateEnabled) {
+    if (!props.ts.kd?.deployment.spec.validate) {
         icon = <Favorite color={"disabled"}/>
     } else if (props.ts.lastValidateResult === undefined) {
         icon = <MessageQuestionIcon color={theme.palette.error.main}/>
@@ -138,7 +129,7 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     }
 
     const tooltip: React.ReactNode[] = []
-    if (!validateEnabled) {
+    if (!props.ts.kd?.deployment.spec.validate) {
         tooltip.push("Validation is disabled.")
     } else if (props.ts.lastValidateResult === undefined) {
         tooltip.push("No validation result available.")
@@ -209,25 +200,26 @@ export const TargetItem = React.memo(React.forwardRef((
 ) => {
     const api = useContext(ApiContext)
     const actionMenuItems: ActionMenuItem[] = []
+    const kd = props.ts.kd
 
-    props.ts.kluctlDeployments.forEach(kd => {
+    if (kd) {
         actionMenuItems.push({
             icon: <Troubleshoot/>,
-            text: <Typography>Validate <b>{kd.deployment.metadata.name}</b></Typography>,
+            text: <Typography>Validate</Typography>,
             handler: () => {
                 api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges/>,
-            text: <Typography>Reconcile <b>{kd.deployment.metadata.name}</b></Typography>,
+            text: <Typography>Reconcile</Typography>,
             handler: () => {
                 api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <RocketLaunch/>,
-            text: <Typography>Deploy <b>{kd.deployment.metadata.name}</b></Typography>,
+            text: <Typography>Deploy</Typography>,
             handler: () => {
                 api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
@@ -235,7 +227,7 @@ export const TargetItem = React.memo(React.forwardRef((
         if (!kd.deployment.spec.suspend) {
             actionMenuItems.push({
                 icon: <Pause/>,
-                text: <Typography>Suspend <b>{kd.deployment.metadata.name}</b></Typography>,
+                text: <Typography>Suspend</Typography>,
                 handler: () => {
                     api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
                 }
@@ -243,13 +235,13 @@ export const TargetItem = React.memo(React.forwardRef((
         } else {
             actionMenuItems.push({
                 icon: <PlayArrow/>,
-                text: <Typography>Resume <b>{kd.deployment.metadata.name}</b></Typography>,
+                text: <Typography>Resume</Typography>,
                 handler: () => {
                     api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
                 }
             })
         }
-    })
+    }
 
     const allContexts: string[] = []
 
@@ -269,8 +261,8 @@ export const TargetItem = React.memo(React.forwardRef((
     })
 
     let header = "<command-line>"
-    if (props.ts.kluctlDeployments.length) {
-        header = props.ts.kluctlDeployments[0].deployment.metadata.name
+    if (kd) {
+        header = kd.deployment.metadata.name
     }
 
     let subheader = "<no-name>"
@@ -279,11 +271,9 @@ export const TargetItem = React.memo(React.forwardRef((
     }
 
     const iconTooltipChildren: React.ReactNode[] = []
-    if (props.ts.kluctlDeployments.length) {
+    if (kd) {
         iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant={"subtitle2"}><b>KluctlDeployments</b></Typography>)
-        props.ts.kluctlDeployments.forEach(kd => {
-            iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant={"subtitle2"}>{kd.deployment.metadata.name}</Typography>)
-        })
+        iconTooltipChildren.push(<Typography key={iconTooltipChildren.length} variant={"subtitle2"}>{kd.deployment.metadata.name}</Typography>)
         iconTooltipChildren.push(<br key={iconTooltipChildren.length}/>)
     }
     if (allContexts.length) {
@@ -393,13 +383,12 @@ class TargetItemCardProvider implements SidePanelProvider {
         }
 
         let errorHeader
-        if (this.ts?.kluctlDeployments.length) {
-            const kd = this.ts.kluctlDeployments[0]
-            if (kd.deployment.status && kd.deployment.status.lastPrepareError) {
+        if (this.ts?.kd?.deployment.status) {
+            if (this.ts.kd.deployment.status.lastPrepareError) {
                 errorHeader = <Alert severity="error">
                     The prepare step failed for this deployment. This usually means that your deployment is severely
                     broken and can't even be loaded.<br/>
-                    The error message is: <b>{kd.deployment.status.lastPrepareError}</b>
+                    The error message is: <b>{this.ts.kd.deployment.status.lastPrepareError}</b>
                 </Alert>
             }
         }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 42c1f47f2..81c25c1e0 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -276,7 +276,7 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={buildListKey(ts.target)} display='flex'>
+                            return <Box key={buildListKey([ts.target, ts.kdInfo])} display='flex'>
                                 <TargetItem
                                     ps={ps}
                                     ts={ts}
@@ -295,7 +295,7 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <CardRow key={buildListKey(ts.target)} height={cardHeight}>
+                            return <CardRow key={buildListKey([ts.target, ts.kdInfo])} height={cardHeight}>
                                 {ts.commandResults?.slice(0, 4).map((rs, i) => {
                                     return i === 0
                                         ? <CommandResultItem
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index e5de4ebe2..26beee9fe 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -5,7 +5,8 @@ import { ActiveFilters, DoFilterSwitches, DoFilterText } from "./components/Filt
 
 export interface TargetSummary {
     target: TargetKey;
-    kluctlDeployments: KluctlDeploymentWithClusterId[];
+    kdInfo?: KluctlDeploymentInfo
+    kd?: KluctlDeploymentWithClusterId;
     lastValidateResult?: ValidateResultSummary;
     commandResults: CommandResultSummary[];
 }
@@ -61,13 +62,13 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         let hasErrors = !!ts.lastValidateResult?.errors
         let hasWarnings = !!ts.lastValidateResult?.warnings
         let hasChanges = false
-        ts.kluctlDeployments.forEach(kd => {
-            const conditions: any[] | undefined = kd.deployment.status?.conditions
-            const readyCondition = conditions?.find(c => c.type === "Ready")
-            if (readyCondition && readyCondition.status === "False") {
-                hasErrors = true
-            }
-        })
+
+        const conditions: any[] | undefined = ts.kd?.deployment.status?.conditions
+        const readyCondition = conditions?.find(c => c.type === "Ready")
+        if (readyCondition && readyCondition.status === "False") {
+            hasErrors = true
+        }
+
         if (ts.commandResults.length) {
             hasErrors = hasErrors || !!ts.commandResults[0].errors?.length
             hasWarnings = hasWarnings || !!ts.commandResults[0].warnings?.length
@@ -102,16 +103,16 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         }
         return p
     }
-    const getOrCreateTarget = (project: ProjectKey, targetKey: TargetKey, allowCreateProject: boolean, allowCreateTarget: boolean) => {
+    const getOrCreateTarget = (project: ProjectKey, targetKey: TargetKey, kdInfo: KluctlDeploymentInfo | undefined, allowCreateProject: boolean, allowCreateTarget: boolean) => {
         const p = getOrCreateProject(project, allowCreateProject)
         if (!p) {
             return undefined
         }
-        let t = p.targets.find(t => _.isEqual(t.target, targetKey))
+        let t = p.targets.find(t => _.isEqual(t.target, targetKey) && _.isEqual(t.kdInfo, kdInfo))
         if (!t && allowCreateTarget) {
             t = {
                 target: targetKey,
-                kluctlDeployments: [],
+                kdInfo: kdInfo,
                 commandResults: []
             }
             p.targets.push(t)
@@ -128,10 +129,15 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
             return
         }
 
+        const kdInfo = {
+            "clusterId": kd.clusterId,
+            "name": kd.deployment.metadata.name,
+            "namespace": kd.deployment.metadata.namespace,
+        }
         kluctlDeploymentsByKdKey.set(buildKdKey(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace), kd)
 
-        const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, true, true)
-        target!.kluctlDeployments.push(kd)
+        const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, kdInfo,true, true)
+        target!.kd = kd
     })
 
     sortedCommandResults.forEach(rs => {
@@ -147,7 +153,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
             return
         }
 
-        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, true, true)
+        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, rs.commandInfo.kluctlDeployment, true, true)
         if (!target) {
             return
         }
@@ -156,7 +162,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     })
 
     validateResultSummaries.forEach(vr => {
-        const target = getOrCreateTarget(vr.projectKey, vr.targetKey, false, false)
+        const target = getOrCreateTarget(vr.projectKey, vr.targetKey, vr.kluctlDeployment, false, false)
         if (!target) {
             return
         }

From 52c220864916bb199f9a93376a8734dff48dbf5b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 13:06:55 +0200
Subject: [PATCH 1348/2268] feat: Use base64 encoded json for target path

---
 pkg/webui/ui/src/components/Router.tsx        |  2 +-
 .../components/targets-view/TargetItem.tsx    |  4 +-
 .../components/targets-view/TargetsView.tsx   | 69 +++++++++++--------
 3 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 014fb2ec8..ef1840753 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -21,7 +21,7 @@ export const Router = createHashRouter([
         errorElement: <ErrorPage />,
         children: [
             {
-                path: "targets/:targetKeyHash?/history?",
+                path: "targets/:targetPath?/history?",
                 element: <TargetsView />,
                 errorElement: <ErrorPage />,
             },
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 70daff84d..31e913240 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -191,7 +191,7 @@ export const TargetItem = React.memo(React.forwardRef((
     props: {
         ps: ProjectSummary,
         ts: TargetSummary,
-        onSelectTarget?: (ts: TargetSummary) => void,
+        onSelectTarget?: () => void,
         sx?: SxProps<Theme>,
         expanded?: boolean,
         onClose?: () => void
@@ -297,7 +297,7 @@ export const TargetItem = React.memo(React.forwardRef((
                 height: cardHeight,
                 ...props.sx
             },
-            onClick: e => props.onSelectTarget?.(props.ts)
+            onClick: e => props.onSelectTarget?.()
         }}
         icon={<TargetIcon/>}
         iconTooltip={iconTooltip}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 81c25c1e0..511872add 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,4 +1,4 @@
-import { CommandResultSummary, TargetKey } from "../../models";
+import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
 import React, { useCallback, useContext, useMemo, useRef } from "react";
 import { AppContext } from "../App";
@@ -11,7 +11,7 @@ import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandedCardsView } from "./ExpandedCardsView";
 import { useLocation, useNavigate, useParams } from "react-router-dom";
-import { sha256 } from "js-sha256";
+import _ from "lodash";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -166,36 +166,40 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
     </svg>
 });
 
-function mkTargetHash(tk: TargetKey): string {
-    return sha256(JSON.stringify(tk));
+interface TargetPath {
+    project: ProjectKey
+    target: TargetKey
+    kluctlDeployment?: KluctlDeploymentInfo
+}
+
+function buildTargetPath(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo): string {
+    return btoa(JSON.stringify({
+        "project": project,
+        "target": target,
+        "kluctlDeployment": kluctlDeployment,
+    }))
+}
+
+function parseTargetPath(s?: string): TargetPath | undefined {
+    if (!s) {
+        return
+    }
+    return JSON.parse(atob(s))
 }
 
 export const TargetsView = () => {
     const navigate = useNavigate();
-    const { targetKeyHash } = useParams();
+    const { targetPath} = useParams();
     const { pathname } = useLocation();
     const appContext = useContext(AppContext);
     const projects = appContext.projects;
 
-    const { targetsHashes, targetsProjects } = useMemo(() => {
-        const targetsHashes = new Map<string, TargetSummary>();
-        const targetsProjects = new Map<TargetSummary, ProjectSummary>();
-        projects.forEach(ps =>
-            ps.targets.forEach(ts => {
-                targetsHashes.set(mkTargetHash(ts.target), ts);
-                targetsProjects.set(ts, ps);
-            })
-        );
-
-        return { targetsHashes, targetsProjects };
-    }, [projects]);
-
-    const onSelectTargetItem = useCallback((ts: TargetSummary) => {
-        navigate(`/targets/${mkTargetHash(ts.target)}`);
+    const onSelectTargetItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
+        navigate(`/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}`);
     }, [navigate]);
 
-    const onSelectCommandResultItem = useCallback((ts: TargetSummary) => {
-        navigate(`/targets/${mkTargetHash(ts.target)}/history`);
+    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
+        navigate(`/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}/history`);
     }, [navigate]);
 
     const onCardClose = useCallback(() => {
@@ -205,8 +209,19 @@ export const TargetsView = () => {
     const commandResultItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
     const targetItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
 
-    const selectedTarget = targetKeyHash ? targetsHashes.get(targetKeyHash) : undefined;
-    const parentProject = selectedTarget ? targetsProjects.get(selectedTarget) : undefined;
+    const [parentProject, selectedTarget] = useMemo(() => {
+        const tp = parseTargetPath(targetPath)
+        if (!tp) {
+            return [undefined, undefined]
+        }
+
+        const project = projects.find(ps => _.isEqual(_.toPlainObject(ps.project), tp.project))
+        const target = project?.targets.find(ts => _.isEqual(_.toPlainObject(ts.target), tp.target) && (ts.kdInfo === tp.kluctlDeployment || _.isEqual(_.toPlainObject(ts.kdInfo), tp.kluctlDeployment)))
+        return [project, target]
+    }, [projects, targetPath])
+
+    console.log("project", parentProject, "target", selectedTarget)
+
     const showHistory = pathname.endsWith('history');
 
     if (selectedTarget && parentProject && !showHistory) {
@@ -220,7 +235,7 @@ export const TargetsView = () => {
                     ps={parentProject}
                     ts={cardData}
                     sx={sx}
-                    key={mkTargetHash(cardData.target)}
+                    key={targetPath}
                     expanded={expanded}
                     onClose={onCardClose}
                 />
@@ -280,7 +295,7 @@ export const TargetsView = () => {
                                 <TargetItem
                                     ps={ps}
                                     ts={ts}
-                                    onSelectTarget={onSelectTargetItem}
+                                    onSelectTarget={() => onSelectTargetItem(ps, ts)}
                                     ref={(elem) => {
                                         if (i === 0 && elem) {
                                             targetItemRefs.current.set(ts, elem);
@@ -301,7 +316,7 @@ export const TargetsView = () => {
                                         ? <CommandResultItem
                                             key={rs.id}
                                             rs={rs}
-                                            onSelectCommandResult={() => onSelectCommandResultItem(ts)}
+                                            onSelectCommandResult={() => onSelectCommandResultItem(ps, ts)}
                                             ref={(elem) => {
                                                 if (i === 0 && elem) {
                                                     commandResultItemRefs.current.set(ts, elem);

From 7486d86fad3c1eb4e640e023a89e1dc1ebb27066 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 14:47:34 +0200
Subject: [PATCH 1349/2268] chore: Run make api-docs

---
 docs/reference/gitops/api/kluctl-controller.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index dd3287ad2..efc23a4f6 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -1126,6 +1126,17 @@ string
 </tr>
 <tr>
 <td>
+<code>lastPrepareError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastDeployError</code><br>
 <em>
 string

From 89e64ae978cf57733334e8c5c999444d8eed94d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 15:15:34 +0200
Subject: [PATCH 1350/2268] fix: Enter progressing state after legacy migration

---
 pkg/controllers/kluctldeployment_controller.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 6f7ce803a..8a35fc30d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -197,11 +197,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		})
 	}
 
-	patchErr := doProgressingCondition("Initializing")
-	if patchErr != nil {
-		return nil, patchErr
-	}
-
 	// record the value of the reconciliation request, if any
 	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
 		obj.Status.LastHandledReconcileAt = v
@@ -219,7 +214,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 		log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
 			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
-		patchErr = doReadyCondition(metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
+		patchErr := doReadyCondition(metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -228,7 +223,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		c := apimeta.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
 		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
 			log.Info("legacy KluctlDeployment has the readyForMigration status set now")
-			patchErr = doReadyCondition(metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
+			patchErr := doReadyCondition(metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
 			if patchErr != nil {
 				return nil, patchErr
 			}
@@ -236,6 +231,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
+	patchErr := doProgressingCondition("Initializing")
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
 	oldGeneration := obj.Status.ObservedGeneration
 	oldDeployRequest := obj.Status.LastHandledDeployAt
 	oldValidateRequest := obj.Status.LastHandledValidateAt

From 9888cfbc225851ce27a487e44db415e7134b64c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 14 Jul 2023 15:40:33 +0200
Subject: [PATCH 1351/2268] fix: Keep old ready status until some real work is
 done

---
 .../kluctldeployment_controller.go            | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 8a35fc30d..a3f3783a9 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -163,6 +163,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	r.exportDeploymentObjectToProm(obj)
 
+	// keep old status until we're doing real work (deploying, validating, ...)
+	oldReadyCondition := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition)
+
 	doFail := func(reason string, err error) (*ctrl.Result, error) {
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 		patchErr := r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
@@ -181,9 +184,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFail(kluctlv1.PrepareFailedReason, err)
 	}
 
-	doProgressingCondition := func(message string) error {
+	doProgressingCondition := func(message string, keepOldReadyStatus bool) error {
 		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
-			setReadinessCondition(c, metav1.ConditionUnknown, meta.ProgressingReason, "Reconciliation in progress", obj.Generation)
+			if keepOldReadyStatus && oldReadyCondition != nil {
+				setReadinessCondition(c, oldReadyCondition.Status, oldReadyCondition.Reason, oldReadyCondition.Message, obj.Generation)
+			} else {
+				setReadinessCondition(c, metav1.ConditionUnknown, meta.ProgressingReason, "Reconciliation in progress", obj.Generation)
+			}
 			setReconcilingCondition(c, metav1.ConditionTrue, meta.ProgressingReason, message, obj.Generation)
 			return nil
 		})
@@ -231,7 +238,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
-	patchErr := doProgressingCondition("Initializing")
+	patchErr := doProgressingCondition("Initializing", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
@@ -245,7 +252,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastHandledDeployAt = curDeployRequest
 	obj.Status.LastHandledValidateAt = curValidateRequest
 
-	patchErr = doProgressingCondition("Preparing project")
+	patchErr = doProgressingCondition("Preparing project", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
@@ -258,7 +265,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 	defer pp.cleanup()
 
-	patchErr = doProgressingCondition("Loading project and target")
+	patchErr = doProgressingCondition("Loading project and target", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
@@ -350,13 +357,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if needDeploy {
 		// deploy the kluctl project
 		if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
-			patchErr = doProgressingCondition("Performing kluctl deploy")
+			patchErr = doProgressingCondition("Performing kluctl deploy", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
 			deployResult, err = pt.kluctlDeploy(ctx, targetContext)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
-			patchErr = doProgressingCondition("Performing kluctl poke-images")
+			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
@@ -371,7 +378,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	if needValidate {
-		patchErr = doProgressingCondition("Performing kluctl validate")
+		patchErr = doProgressingCondition("Performing kluctl validate", false)
 		if patchErr != nil {
 			return nil, patchErr
 		}

From 5a29e8eee02ef1107bd7ffc85f3aef7b1ee92f35 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Jul 2023 15:50:21 +0200
Subject: [PATCH 1352/2268] feat: Add OIDC support for the webui

---
 .github/workflows/preview-run.yml             |   7 +-
 cmd/kluctl/commands/cmd_webui.go              |  69 ++++-
 cmd/kluctl/commands/root.go                   |   1 +
 go.mod                                        |  22 +-
 go.sum                                        |  46 ++-
 pkg/k8s/utils.go                              |  15 +
 pkg/webui/auth.go                             | 293 ++++++------------
 pkg/webui/auth_admin.go                       | 116 +++++++
 pkg/webui/auth_oidc.go                        | 188 +++++++++++
 pkg/webui/generate-ts/main.go                 |   1 +
 pkg/webui/server.go                           |  37 +--
 pkg/webui/ui/package-lock.json                |   1 +
 pkg/webui/ui/package.json                     |   2 +-
 pkg/webui/ui/src/api.tsx                      | 114 +++----
 pkg/webui/ui/src/components/ActionsMenu.tsx   |   4 +
 pkg/webui/ui/src/components/App.tsx           |  95 +++---
 pkg/webui/ui/src/components/Login.tsx         | 119 ++++---
 .../components/targets-view/TargetItem.tsx    |   5 +-
 .../components/targets-view/TargetsView.tsx   |   2 -
 pkg/webui/ui/src/models.ts                    |  14 +
 pkg/webui/ui/src/setupProxy.js                |  18 ++
 21 files changed, 747 insertions(+), 422 deletions(-)
 create mode 100644 pkg/webui/auth_admin.go
 create mode 100644 pkg/webui/auth_oidc.go
 create mode 100644 pkg/webui/ui/src/setupProxy.js

diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 51808c25e..108e16dec 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -126,8 +126,11 @@ jobs:
       - name: Install Kluctl Webui
         run: |
           cd install/webui
-          ../../bin/kluctl deploy --yes -a kluctl_image=kluctl -a kluctl_version=preview
-          kubectl -n kluctl-system create secret generic admin-secret --from-literal adminPassword=admin --from-literal secret=dummy
+          ../../bin/kluctl deploy --yes -a kluctl_image=kluctl -a kluctl_version=preview \
+            -a webui_args='[]'
+          kubectl -n kluctl-system create secret generic webui-secret \
+            --from-literal auth-secret=secret \
+            --from-literal admin-password=admin
       - name: Run kubectl port-forward
         run: |
           kubectl -n kluctl-system port-forward svc/kluctl-webui 9090:8080 &
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index efb7701e6..113dc4f1b 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -20,16 +20,71 @@ type webuiCmd struct {
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
 	StaticPath  string   `group:"misc" help:"Build static webui."`
 
-	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality."`
+	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
 	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
 
 	OnlyApi bool `group:"misc" help:"Only serve API without the actual UI."`
+
+	AuthSecretName string `group:"auth" help:"Specify the secret name for the secret used for internal encryption of tokens and cookies." default:"webui-secret"`
+	AuthSecretKey  string `group:"auth" help:"Specify the secret key for the secret used for internal encryption of tokens and cookies." default:"auth-secret"`
+
+	AuthAdminEnabled    bool   `group:"auth" help:"Enable the admin user." default:"true"`
+	AuthAdminSecretName string `group:"auth" help:"Specify the secret name for the admin password." default:"webui-secret"`
+	AuthAdminSecretKey  string `group:"auth" help:"Specify the secret key for the admin password." default:"admin-password"`
+
+	AuthAdminRbacUser  string `group:"auth" help:"Specify the RBAC user to use for admin access." default:"kluctl-webui-admin"`
+	AuthViewerRbacUser string `group:"auth" help:"Specify the RBAC user to use for viewer access." default:"kluctl-webui-viewer"`
+
+	AuthOidcIssuerUrl        string   `group:"auth" help:"Specify the OIDC provider's issuer URL."`
+	AuthOidcDisplayName      string   `group:"auth" help:"Specify the name of the OIDC provider to be displayed on the login page." default:"OpenID Connect"`
+	AuthOidcClientID         string   `group:"auth" help:"Specify the ClientID."`
+	AuthOidcClientSecretName string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"webui-secret"`
+	AuthOidcClientSecretKey  string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"oidc-client-secret"`
+	AuthOidcRedirectURL      string   `group:"auth" help:"Specify the redirect URL."`
+	AuthOidcScope            []string `group:"auth" help:"Specify the scopes."`
+	AuthOidcParam            []string `group:"auth" help:"Specify additional parameters to be passed to the authorize endpoint."`
+	AuthOidcUserClaim        string   `group:"auth" help:"Specify claim for the username.'" default:"email"`
+	AuthOidcGroupClaim       string   `group:"auth" help:"Specify claim for the groups.'" default:"groups"`
+	AuthOidcAdminsGroup      []string `group:"auth" help:"Specify admins group names.'"`
+	AuthOidcViewersGroup     []string `group:"auth" help:"Specify viewers group names.'"`
 }
 
 func (cmd *webuiCmd) Help() string {
 	return `TODO`
 }
 
+func (cmd *webuiCmd) buildAuthConfig(ctx context.Context, c client.Client) (webui.AuthConfig, error) {
+	var authConfig webui.AuthConfig
+	authConfig.AuthEnabled = cmd.InCluster
+
+	authConfig.AuthSecretName = cmd.AuthSecretName
+	authConfig.AuthSecretKey = cmd.AuthSecretKey
+
+	authConfig.AdminEnabled = cmd.AuthAdminEnabled
+	authConfig.AdminSecretName = cmd.AuthAdminSecretName
+	authConfig.AdminSecretKey = cmd.AuthAdminSecretKey
+
+	authConfig.AdminRbacUser = cmd.AuthAdminRbacUser
+	authConfig.ViewerRbacUser = cmd.AuthViewerRbacUser
+
+	authConfig.OidcIssuerUrl = cmd.AuthOidcIssuerUrl
+	authConfig.OidcDisplayName = cmd.AuthOidcDisplayName
+	if cmd.AuthOidcIssuerUrl != "" {
+		authConfig.OidcClientId = cmd.AuthOidcClientID
+		authConfig.OidcClientSecretName = cmd.AuthOidcClientSecretName
+		authConfig.OidcClientSecretKey = cmd.AuthOidcClientSecretKey
+		authConfig.OidcRedirectUrl = cmd.AuthOidcRedirectURL
+		authConfig.OidcScopes = cmd.AuthOidcScope
+		authConfig.OidcParams = cmd.AuthOidcParam
+		authConfig.OidcUserClaim = cmd.AuthOidcUserClaim
+		authConfig.OidcGroupClaim = cmd.AuthOidcGroupClaim
+		authConfig.OidcAdminsGroups = cmd.AuthOidcAdminsGroup
+		authConfig.OidcViewersGroups = cmd.AuthOidcViewersGroup
+	}
+
+	return authConfig, nil
+}
+
 func (cmd *webuiCmd) Run(ctx context.Context) error {
 	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
 		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
@@ -56,6 +111,8 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		}
 	}
 
+	var authConfig webui.AuthConfig
+
 	var inClusterClient client.Client
 	if cmd.InCluster {
 		configOverrides := &clientcmd.ConfigOverrides{
@@ -71,6 +128,11 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		authConfig, err = cmd.buildAuthConfig(ctx, inClusterClient)
+		if err != nil {
+			return err
+		}
 	}
 
 	stores, configs, err := cmd.createResultStores(ctx)
@@ -92,7 +154,10 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		sbw := webui.NewStaticWebuiBuilder(collector)
 		return sbw.Build(cmd.StaticPath)
 	} else {
-		server := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, inClusterClient != nil, cmd.OnlyApi)
+		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, authConfig, cmd.OnlyApi)
+		if err != nil {
+			return err
+		}
 		return server.Run(cmd.Host, cmd.Port)
 	}
 }
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f7cbf9eaa..bc67d32ef 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -83,6 +83,7 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
+	{group: "auth", title: "Auth arguments:", description: "Configure authentication."},
 }
 
 var origStderr = os.Stderr
diff --git a/go.mod b/go.mod
index bce4abfba..fec23d853 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2
 	github.com/aws/smithy-go v1.13.5
+	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
+	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.7.0
 	github.com/go-logr/logr v1.2.4
@@ -74,6 +76,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
+	golang.org/x/oauth2 v0.10.0
 	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
@@ -81,7 +84,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.19.1 // indirect
+	cloud.google.com/go/compute v1.20.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/kms v1.10.1 // indirect
@@ -155,11 +158,14 @@ require (
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.3 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
+	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/gorilla/sessions v1.2.1 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -188,7 +194,6 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -243,15 +248,16 @@ require (
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.3 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
-	google.golang.org/api v0.122.0 // indirect
+	google.golang.org/api v0.126.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
 	google.golang.org/grpc v1.55.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index c56185f09..8fc29ca78 100644
--- a/go.sum
+++ b/go.sum
@@ -20,15 +20,15 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT
 cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
-cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
+cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
+cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
@@ -38,7 +38,6 @@ cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
 cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
 cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
 cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -203,6 +202,8 @@ github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSk
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
+github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -278,6 +279,8 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
+github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
@@ -429,8 +432,8 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
-github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -441,13 +444,19 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9
 github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
-github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
@@ -622,7 +631,6 @@ github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
@@ -1031,8 +1039,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
-golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
+golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
+golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1241,8 +1249,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.122.0 h1:zDobeejm3E7pEG1mNHvdxvjs5XJoCMzyNH+CmwL94Es=
-google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
+google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
+google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1295,8 +1303,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1335,8 +1347,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index 8f3577e61..dc139e015 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -66,3 +66,18 @@ func GetClusterId(ctx context.Context, c client.Client) (string, error) {
 	}
 	return string(clusterId), nil
 }
+
+func GetSingleSecret(ctx context.Context, c client.Client, name string, namespace string, key string) (string, error) {
+	var secret corev1.Secret
+	err := c.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, &secret)
+	if err != nil {
+		return "", err
+	}
+
+	x, ok := secret.Data[key]
+	if !ok {
+		return "", fmt.Errorf("secret %s has no '%s' key", name, key)
+	}
+
+	return string(x), nil
+}
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 5f2cf3597..74f966df9 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -2,20 +2,43 @@ package webui
 
 import (
 	"context"
+	"encoding/gob"
 	"fmt"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt/v4"
-	corev1 "k8s.io/api/core/v1"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"golang.org/x/oauth2"
 	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
 	"time"
 )
 
-const (
-	tokenValidTime      = 1 * time.Hour
-	tokenMaxRefreshTime = 2 * time.Hour
-)
+type AuthConfig struct {
+	AuthEnabled    bool
+	AuthSecretName string
+	AuthSecretKey  string
+
+	AdminEnabled    bool
+	AdminSecretName string
+	AdminSecretKey  string
+	AdminRbacUser   string
+	ViewerRbacUser  string
+
+	OidcIssuerUrl        string
+	OidcDisplayName      string
+	OidcClientId         string
+	OidcClientSecretName string
+	OidcClientSecretKey  string
+	OidcRedirectUrl      string
+	OidcScopes           []string
+	OidcParams           []string
+	OidcUserClaim        string
+	OidcGroupClaim       string
+	OidcAdminsGroups     []string
+	OidcViewersGroups    []string
+}
 
 type login struct {
 	Username string `form:"username" json:"username" binding:"required"`
@@ -25,11 +48,15 @@ type login struct {
 type authHandler struct {
 	ctx context.Context
 
-	adminEnabled bool
+	serverClient client.Client
+
+	authConfig AuthConfig
 
-	serverClient    client.Client
-	webuiSecretName string
-	adminRbacUser   string
+	authSecret    []byte
+	adminPassword string
+
+	oidcProvider *oidc.Provider
+	oauth2Config *oauth2.Config
 }
 
 type User struct {
@@ -38,207 +65,111 @@ type User struct {
 	RbacUser string `json:"RbacUser"`
 }
 
-func (s *authHandler) setupAuth(r gin.IRouter) error {
-	r.POST("/auth/login", s.loginHandler)
-	r.POST("/auth/refresh", s.refreshTokenHandler)
-	r.GET("/auth/user", s.authHandler, s.userHandler)
-
-	return nil
-}
-
-func (s *authHandler) loginHandler(c *gin.Context) {
-	if !s.adminEnabled {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	var loginVals login
-	if err := c.ShouldBind(&loginVals); err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig AuthConfig) (*authHandler, error) {
+	ret := &authHandler{
+		ctx:          ctx,
+		authConfig:   authConfig,
+		serverClient: serverClient,
 	}
-	userID := loginVals.Username
-	password := loginVals.Password
 
-	as, err := s.getAdminSecrets()
+	x, err := ret.getSecret(authConfig.AuthSecretName, authConfig.AuthSecretKey)
 	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+		return nil, err
 	}
+	ret.authSecret = []byte(x)
 
-	if userID != "admin" || password != as.adminPassword {
-		// we only support the admin account at the moment
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+	if authConfig.AdminEnabled {
+		x, err = ret.getSecret(authConfig.AdminSecretName, authConfig.AdminSecretKey)
+		if err != nil {
+			return nil, err
+		}
+		ret.adminPassword = x
 	}
 
-	token, err := s.createAdminToken(userID, as)
+	err = ret.setupOidcProvider(ctx, authConfig)
 	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+		return nil, err
 	}
 
-	c.JSON(http.StatusOK, map[string]any{
-		"token": token,
-	})
+	return ret, nil
 }
 
-func (s *authHandler) refreshTokenHandler(c *gin.Context) {
-	if !s.adminEnabled {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
+func (s *authHandler) setupRoutes(router gin.IRouter) error {
+	gob.Register(map[string]interface{}{})
+	gob.Register(time.Time{})
 
-	oldToken := s.getBearerToken(c)
-	if oldToken == "" {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
+	store := cookie.NewStore(s.authSecret)
+	router.Use(sessions.Sessions("auth-session", store))
 
-	as, err := s.getAdminSecrets()
-	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
+	router.GET("/auth/info", s.authInfoHandler)
 
-	claims, err := s.checkIfAdminTokenExpired(oldToken, as)
-	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+	if s.authConfig.AdminEnabled {
+		router.POST("/auth/adminLogin", s.adminLoginHandler)
 	}
-	user := s.getAdminUserFromClaims(claims)
 
-	newToken, err := s.createAdminToken(user.Username, as)
-	if err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
+	if s.oidcProvider != nil {
+		router.GET("/auth/login", s.oidcLoginHandler)
+		router.GET("/auth/callback", s.oidcCallbackHandler)
 	}
 
-	c.JSON(http.StatusOK, map[string]any{
-		"token": newToken,
-	})
-}
-
-func (s *authHandler) createAdminToken(username string, as adminSecrets) (string, error) {
-	// Create the token
-	token := jwt.New(jwt.SigningMethodHS256)
-	claims := token.Claims.(jwt.MapClaims)
-	claims["id"] = username
+	router.GET("/auth/user", s.authHandler, s.userHandler)
+	router.GET("/auth/logout", s.logoutHandler)
 
-	expire := time.Now().Add(tokenValidTime)
-	claims["exp"] = expire.Unix()
-	claims["orig_iat"] = time.Now().Unix()
-	tokenString, err := token.SignedString(as.secret)
-	if err != nil {
-		return "", err
-	}
-	return tokenString, nil
+	return nil
 }
 
-func (s *authHandler) checkIfAdminTokenExpired(token string, as adminSecrets) (jwt.MapClaims, error) {
-	jt, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
-		return as.secret, nil
-	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
-	if err != nil {
-		validationErr, ok := err.(*jwt.ValidationError)
-		if !ok || validationErr.Errors != jwt.ValidationErrorExpired {
-			return nil, err
-		}
-	}
-
-	claims := jt.Claims.(jwt.MapClaims)
-
-	origIat := int64(claims["orig_iat"].(float64))
+type AuthInfo struct {
+	AuthEnabled  bool `json:"authEnabled"`
+	AdminEnabled bool `json:"adminEnabled"`
 
-	if origIat < time.Now().Add(-tokenMaxRefreshTime).Unix() {
-		return nil, fmt.Errorf("token expired")
-	}
-
-	return claims, nil
+	OidcEnabled     bool   `json:"oidcEnabled"`
+	OidcDisplayName string `json:"oidcName,omitempty"`
 }
 
-func (s *authHandler) getBearerToken(c *gin.Context) string {
-	authHeader := c.GetHeader("Authorization")
-	if authHeader == "" {
-		return ""
+func (s *authHandler) authInfoHandler(c *gin.Context) {
+	info := AuthInfo{
+		AuthEnabled:     s.authConfig.AuthEnabled,
+		AdminEnabled:    s.authConfig.AdminEnabled,
+		OidcEnabled:     s.authConfig.OidcIssuerUrl != "",
+		OidcDisplayName: s.authConfig.OidcDisplayName,
 	}
+	c.JSON(http.StatusOK, info)
+}
 
-	parts := strings.SplitN(authHeader, " ", 2)
-	if len(parts) != 2 || parts[0] != "Bearer" {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return ""
+func (s *authHandler) logoutHandler(c *gin.Context) {
+	session := sessions.Default(c)
+	session.Clear()
+	if err := session.Save(); err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
 	}
-
-	return parts[1]
+	c.Redirect(http.StatusTemporaryRedirect, "/")
 }
 
 func (s *authHandler) getUser(c *gin.Context) *User {
-	if s == nil {
+	if !s.authConfig.AuthEnabled {
 		// auth is disabled, so all requests are done as admin
 		return s.getAdminUser("admin")
 	}
-	token := s.getBearerToken(c)
-	if token == "" {
-		return nil
-	}
-	return s.getUserFromToken(token)
-}
 
-func (s *authHandler) getUserFromToken(token string) *User {
-	user := s.getAdminUserFromToken(token)
+	user := s.getAdminUserFromSession(c)
 	if user != nil {
 		return user
 	}
-	return nil
-}
-
-func (s *authHandler) getAdminUserFromToken(token string) *User {
-	as, err := s.getAdminSecrets()
-	if err != nil {
-		return nil
-	}
 
-	jt, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
-		return as.secret, nil
-	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
+	user, err := s.getUserFromOidcProfile(c)
 	if err != nil {
 		return nil
 	}
-
-	claims, ok := jt.Claims.(jwt.MapClaims)
-	if !ok {
-		return nil
-	}
-
-	return s.getAdminUserFromClaims(claims)
-}
-
-func (s *authHandler) getAdminUserFromClaims(claims jwt.MapClaims) *User {
-	x, ok := claims["id"]
-	if !ok {
-		return nil
-	}
-	id, ok := x.(string)
-	if !ok {
-		return nil
+	if user != nil {
+		return user
 	}
 
-	return s.getAdminUser(id)
-}
-
-func (s *authHandler) getAdminUser(id string) *User {
-	u := &User{
-		Username: id,
-		IsAdmin:  true,
-	}
-	if s != nil {
-		u.RbacUser = s.adminRbacUser
-	}
-	return u
+	return nil
 }
 
 func (s *authHandler) authHandler(c *gin.Context) {
-	if s == nil {
+	if !s.authConfig.AuthEnabled {
 		return
 	}
 	if s.getUser(c) == nil {
@@ -251,35 +182,9 @@ func (s *authHandler) userHandler(c *gin.Context) {
 	c.JSON(http.StatusOK, user)
 }
 
-type adminSecrets struct {
-	secret        []byte
-	adminPassword string
-}
-
-func (s *authHandler) getAdminSecrets() (adminSecrets, error) {
+func (s *authHandler) getSecret(secretName string, secretKey string) (string, error) {
 	if s.serverClient == nil {
-		return adminSecrets{}, fmt.Errorf("no serverClient set")
-	}
-
-	var secret corev1.Secret
-	err := s.serverClient.Get(s.ctx, client.ObjectKey{Name: s.webuiSecretName, Namespace: "kluctl-system"}, &secret)
-	if err != nil {
-		return adminSecrets{}, err
+		return "", fmt.Errorf("no serverClient set")
 	}
-
-	var ret adminSecrets
-
-	x, ok := secret.Data["secret"]
-	if !ok {
-		return adminSecrets{}, fmt.Errorf("admin secret %s has no 'secret' key", s.webuiSecretName)
-	}
-	ret.secret = x
-
-	x, ok = secret.Data["adminPassword"]
-	if !ok {
-		return adminSecrets{}, fmt.Errorf("admin secret %s has no adminPassword", s.webuiSecretName)
-	}
-	ret.adminPassword = string(x)
-
-	return ret, nil
+	return k8s.GetSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey)
 }
diff --git a/pkg/webui/auth_admin.go b/pkg/webui/auth_admin.go
new file mode 100644
index 000000000..98e4adcde
--- /dev/null
+++ b/pkg/webui/auth_admin.go
@@ -0,0 +1,116 @@
+package webui
+
+import (
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"time"
+)
+
+const (
+	adminExpireTime  = 1 * time.Hour
+	adminRefreshTime = 10 * time.Second
+)
+
+func (s *authHandler) adminLoginHandler(c *gin.Context) {
+	if !s.authConfig.AdminEnabled {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	var loginVals login
+	if err := c.ShouldBind(&loginVals); err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+	userID := loginVals.Username
+	password := loginVals.Password
+
+	if userID != "admin" || password != s.adminPassword {
+		// we only support the admin account at the moment
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	session := sessions.Default(c)
+	session.Set("adminUser", userID)
+	session.Set("adminTime", time.Now())
+
+	if !s.checkIfAdminExpired(session) {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	if err := session.Save(); err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	c.JSON(http.StatusOK, "ok")
+}
+
+func (s *authHandler) checkIfAdminExpired(session sessions.Session) bool {
+	adminTimeI := session.Get("adminTime")
+	if adminTimeI == nil {
+		return false
+	}
+	adminTime, ok := adminTimeI.(time.Time)
+	if !ok {
+		return false
+	}
+
+	if time.Now().After(adminTime.Add(adminExpireTime)) {
+		return false
+	}
+
+	if time.Now().After(adminTime.Add(adminRefreshTime)) {
+		session.Set("adminTime", time.Now())
+	}
+
+	return true
+}
+
+func (s *authHandler) getAdminUserFromSession(c *gin.Context) *User {
+	if !s.authConfig.AdminEnabled {
+		return nil
+	}
+
+	session := sessions.Default(c)
+	usernameI := session.Get("adminUser")
+	if usernameI == nil {
+		return nil
+	}
+
+	username, ok := usernameI.(string)
+	if !ok {
+		return nil
+	}
+
+	if !s.checkIfAdminExpired(session) {
+		return nil
+	}
+
+	if err := session.Save(); err != nil {
+		return nil
+	}
+
+	return s.getAdminUser(username)
+}
+
+func (s *authHandler) getAdminUser(id string) *User {
+	u := &User{
+		Username: id,
+		IsAdmin:  true,
+	}
+	u.RbacUser = s.authConfig.AdminRbacUser
+	return u
+}
+
+func (s *authHandler) getViewerUser(id string) *User {
+	u := &User{
+		Username: id,
+		IsAdmin:  false,
+	}
+	u.RbacUser = s.authConfig.ViewerRbacUser
+	return u
+}
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
new file mode 100644
index 000000000..900bd8057
--- /dev/null
+++ b/pkg/webui/auth_oidc.go
@@ -0,0 +1,188 @@
+package webui
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"golang.org/x/oauth2"
+	"net/http"
+	"strings"
+)
+
+func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConfig) error {
+	if authConfig.OidcIssuerUrl == "" {
+		return nil
+	}
+
+	clientSecret, err := s.getSecret(authConfig.OidcClientSecretName, authConfig.OidcClientSecretKey)
+	if err != nil {
+		return err
+	}
+
+	provider, err := oidc.NewProvider(ctx, authConfig.OidcIssuerUrl)
+	if err != nil {
+		return err
+	}
+	s.oidcProvider = provider
+
+	s.oauth2Config = &oauth2.Config{
+		ClientID:     authConfig.OidcClientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  authConfig.OidcRedirectUrl,
+		Scopes:       authConfig.OidcScopes,
+		Endpoint:     provider.Endpoint(),
+	}
+
+	return nil
+}
+
+// verifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.
+func (s *authHandler) verifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) {
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return nil, errors.New("no id_token field in oauth2 token")
+	}
+
+	oidcConfig := &oidc.Config{
+		ClientID: s.oauth2Config.ClientID,
+	}
+
+	return s.oidcProvider.Verifier(oidcConfig).Verify(ctx, rawIDToken)
+}
+
+func (s *authHandler) oidcLoginHandler(c *gin.Context) {
+	state, err := s.generateRandomState()
+	if err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	// Save the state inside the session.
+	session := sessions.Default(c)
+	session.Set("state", state)
+	if err := session.Save(); err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	var opts []oauth2.AuthCodeOption
+	for _, x := range s.authConfig.OidcParams {
+		s := strings.SplitN(x, "=", 2)
+		if len(s) != 2 {
+			c.String(http.StatusInternalServerError, err.Error())
+			return
+		}
+		opts = append(opts, oauth2.SetAuthURLParam(s[0], s[1]))
+	}
+
+	c.Redirect(http.StatusTemporaryRedirect, s.oauth2Config.AuthCodeURL(state, opts...))
+}
+
+func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
+	session := sessions.Default(c)
+	if c.Query("state") != session.Get("state") {
+		c.String(http.StatusBadRequest, "Invalid state parameter.")
+		return
+	}
+
+	// Exchange an authorization code for a token.
+	token, err := s.oauth2Config.Exchange(c.Request.Context(), c.Query("code"))
+	if err != nil {
+		c.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.")
+		return
+	}
+
+	idToken, err := s.verifyIDToken(c.Request.Context(), token)
+	if err != nil {
+		c.String(http.StatusInternalServerError, "Failed to verify ID Token.")
+		return
+	}
+
+	var profile map[string]interface{}
+	if err := idToken.Claims(&profile); err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	session.Set("access_token", token.AccessToken)
+	session.Set("profile", profile)
+	if err := session.Save(); err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	// Redirect to logged in page.
+	c.Redirect(http.StatusTemporaryRedirect, "/")
+}
+
+func (s *authHandler) generateRandomState() (string, error) {
+	b := make([]byte, 32)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+
+	state := base64.StdEncoding.EncodeToString(b)
+
+	return state, nil
+}
+
+func (s *authHandler) getUserFromOidcProfile(c *gin.Context) (*User, error) {
+	session := sessions.Default(c)
+	profileI := session.Get("profile")
+	if profileI == nil {
+		return nil, nil
+	}
+	profile := profileI.(map[string]interface{})
+	if profile == nil {
+		return nil, nil
+	}
+
+	usernameClaim, ok := profile[s.authConfig.OidcUserClaim]
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid user claim")
+	}
+	username, ok := usernameClaim.(string)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid user claim")
+	}
+
+	groupsClaim, ok := profile[s.authConfig.OidcGroupClaim]
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid groups claim")
+	}
+	groups, ok := groupsClaim.([]any)
+	if !ok {
+		return nil, fmt.Errorf("missing or invalid groups claim")
+	}
+
+	isAdmin := false
+	isViewer := false
+
+	for _, group := range groups {
+		g, ok := group.(string)
+		if !ok {
+			return nil, fmt.Errorf("missing or invalid groups claim")
+		}
+		if utils.FindStrInSlice(s.authConfig.OidcAdminsGroups, g) != -1 {
+			isAdmin = true
+		}
+		if utils.FindStrInSlice(s.authConfig.OidcViewersGroups, g) != -1 {
+			isViewer = true
+		}
+	}
+
+	if isAdmin {
+		return s.getAdminUser(username), nil
+	} else if isViewer {
+		return s.getViewerUser(username), nil
+	} else {
+		return nil, fmt.Errorf("permission denied")
+	}
+}
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index 889e42542..4e59859fa 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -21,6 +21,7 @@ func main() {
 		Add(webui.ShortName{}).
 		Add(uo.UnstructuredObject{}).
 		Add(webui.ProjectTargetKey{}).
+		Add(webui.AuthInfo{}).
 		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.GitRef{}, typescriptify.TypeOptions{TSType: "GitRef", TSTransform: "new GitRef(__VALUE__)"}).
 		ManageType(types.GitRepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 422fe15ec..6d2a64ceb 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -41,7 +41,13 @@ type CommandResultsServer struct {
 	onlyApi bool
 }
 
-func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollector, configs []*rest.Config, serverClient client.Client, authEnabled bool, onlyApi bool) *CommandResultsServer {
+func NewCommandResultsServer(
+	ctx context.Context,
+	store *results.ResultsCollector,
+	configs []*rest.Config,
+	serverClient client.Client,
+	authConfig AuthConfig,
+	onlyApi bool) (*CommandResultsServer, error) {
 	ret := &CommandResultsServer{
 		ctx:   ctx,
 		store: store,
@@ -54,28 +60,17 @@ func NewCommandResultsServer(ctx context.Context, store *results.ResultsCollecto
 
 	ret.events = newEventsHandler(ret)
 
-	adminUser := "kluctl-webui-admin"
-
-	adminEnabled := false
-	if serverClient != nil {
-		adminEnabled = true
-	}
-
-	if authEnabled {
-		ret.auth = &authHandler{
-			ctx:             ctx,
-			adminEnabled:    adminEnabled,
-			serverClient:    serverClient,
-			webuiSecretName: "admin-secret",
-			adminRbacUser:   adminUser,
-		}
+	var err error
+	ret.auth, err = newAuthHandler(ctx, serverClient, authConfig)
+	if err != nil {
+		return nil, err
 	}
 
 	for _, config := range configs {
 		ret.cam.add(config)
 	}
 
-	return ret
+	return ret, nil
 }
 
 func (s *CommandResultsServer) Run(host string, port int) error {
@@ -92,11 +87,9 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	}))
 	router.Use(gin.Recovery())
 
-	if s.auth != nil {
-		err = s.auth.setupAuth(router)
-		if err != nil {
-			return err
-		}
+	err = s.auth.setupRoutes(router)
+	if err != nil {
+		return err
 	}
 
 	if !s.onlyApi {
diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index 0027d71ca..3cb9a42e0 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -22,6 +22,7 @@
         "@types/node": "^16.18.34",
         "@types/react": "^18.2.9",
         "@types/react-dom": "^18.2.4",
+        "http-proxy-middleware": "^2.0.6",
         "jdenticon": "^3.2.0",
         "js-sha256": "^0.9.0",
         "js-yaml": "^4.1.0",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 2a186f8d5..324d49806 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -3,7 +3,6 @@
   "version": "0.1.0",
   "homepage": "./",
   "private": true,
-  "proxy": "http://localhost:9090",
   "dependencies": {
     "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
     "@emotion/react": "^11.11.1",
@@ -19,6 +18,7 @@
     "@types/node": "^16.18.34",
     "@types/react": "^18.2.9",
     "@types/react-dom": "^18.2.4",
+    "http-proxy-middleware": "^2.0.6",
     "jdenticon": "^3.2.0",
     "js-sha256": "^0.9.0",
     "js-yaml": "^4.1.0",
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index eaae45584..628da23a2 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,4 +1,4 @@
-import { CommandResult, ObjectRef, ResultObject, ShortName, ValidateResult } from "./models";
+import { AuthInfo, CommandResult, ObjectRef, ResultObject, ShortName, ValidateResult } from "./models";
 import _ from "lodash";
 import React from "react";
 import { Box, Typography } from "@mui/material";
@@ -33,6 +33,8 @@ export interface User {
 }
 
 export interface Api {
+    getAuthInfo(): Promise<AuthInfo>
+    getUser(): Promise<User>
     getShortNames(): Promise<ShortName[]>
     listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
     getCommandResult(resultId: string): Promise<CommandResult>
@@ -55,61 +57,21 @@ export async function checkStaticBuild() {
 }
 
 export class RealApi implements Api {
-    getToken?: (() => string);
     onUnauthorized?: () => void;
-    onTokenRefresh?: (newToken: string) => void;
 
-    constructor(getToken?: (() => string), onUnauthorized?: () => void, onTokenRefresh?: (newToken: string) => void) {
-        this.getToken = getToken
+    constructor(onUnauthorized?: () => void) {
         this.onUnauthorized = onUnauthorized
-        this.onTokenRefresh = onTokenRefresh
     }
 
-    setAuthorizationHeader(headers: any) {
-        if (!this.getToken) {
-            return
-        }
-        headers['Authorization'] = "Bearer " + this.getToken()
-    }
-
-    async refreshToken() {
-        const headers = {
-            'Accept': 'application/json',
-        }
-        this.setAuthorizationHeader(headers)
-        const resp = await fetch("/auth/refresh", {
-            method: "POST",
-            headers: headers,
-        })
-        if (resp.status === 401) {
-            if (this.onUnauthorized) {
-                this.onUnauthorized()
-            }
-            throw Error(resp.statusText)
-        }
-        const j = await resp.json()
-        if (this.onTokenRefresh) {
-            this.onTokenRefresh(j.token)
-        }
-    }
-
-    async handleErrors(response: Response, retry?: () => Promise<Response>): Promise<Response> {
+    handleErrors(response: Response) {
         if (!response.ok) {
             if (response.status === 401) {
-                if (this.getToken && retry) {
-                    console.log("retrying with token refresh")
-                    await this.refreshToken()
-                    const newResp = await retry()
-                    return await this.handleErrors(newResp)
-                } else {
-                    if (this.onUnauthorized) {
-                        this.onUnauthorized()
-                    }
+                if (this.onUnauthorized) {
+                    this.onUnauthorized()
                 }
             }
             throw Error(response.statusText)
         }
-        return response
     }
 
     async doGet(path: string, params?: URLSearchParams, abort?: AbortSignal) {
@@ -117,41 +79,37 @@ export class RealApi implements Api {
         if (params) {
             url += "?" + params.toString()
         }
-        const doFetch = () => {
-            const headers = {
-                'Accept': 'application/json',
-            }
-            this.setAuthorizationHeader(headers)
-            return fetch(url, {
-                method: "GET",
-                headers: headers,
-                signal: abort ? abort : null,
-            })
-        }
-        let resp = await doFetch()
-        resp = await this.handleErrors(resp, doFetch)
+        const resp = await fetch(url, {
+            method: "GET",
+            signal: abort ? abort : null,
+        })
+        this.handleErrors(resp)
         return resp.json()
     }
 
     async doPost(path: string, body: any) {
         let url = rootPath + path
-        const doFetch = () => {
-            const headers = {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json'
-            }
-            this.setAuthorizationHeader(headers)
-            return fetch(url, {
-                method: "POST",
-                body: JSON.stringify(body),
-                headers: headers,
-            })
+        const headers = {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json'
         }
-        let resp = await doFetch()
-        resp = await this.handleErrors(resp, doFetch)
+        const resp = await fetch(url, {
+            method: "POST",
+            body: JSON.stringify(body),
+            headers: headers,
+        })
+        this.handleErrors(resp)
         return resp
     }
 
+    async getAuthInfo(): Promise<AuthInfo> {
+        return this.doGet("/auth/info")
+    }
+
+    async getUser(): Promise<User> {
+        return this.doGet("/auth/user")
+    }
+
     async getShortNames(): Promise<ShortName[]> {
         return this.doGet("/api/getShortNames")
     }
@@ -260,6 +218,20 @@ export class RealApi implements Api {
 }
 
 export class StaticApi implements Api {
+    async getAuthInfo(): Promise<AuthInfo> {
+        const info = new AuthInfo()
+        info.authEnabled = false
+        info.adminEnabled = false
+        return info
+    }
+
+    async getUser(): Promise<User> {
+        return {
+            "username": "no-user",
+            "isAdmin": true,
+        }
+    }
+
     async getShortNames(): Promise<ShortName[]> {
         await loadScript(staticPath + "/shortnames.js")
         return staticShortNames
diff --git a/pkg/webui/ui/src/components/ActionsMenu.tsx b/pkg/webui/ui/src/components/ActionsMenu.tsx
index db9bf6637..8e982a64d 100644
--- a/pkg/webui/ui/src/components/ActionsMenu.tsx
+++ b/pkg/webui/ui/src/components/ActionsMenu.tsx
@@ -24,6 +24,10 @@ export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMe
 
     const icon = props.icon || <MoreVert />
 
+    if (!props.menuItems.length) {
+        return <></>
+    }
+
     return <React.Fragment>
         <IconButton
             onClick={handleMenuClick}
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 232c28e35..e2b0ec64d 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -5,8 +5,8 @@ import { Box } from "@mui/material";
 import { Outlet, useOutletContext } from "react-router-dom";
 import LeftDrawer from "./LeftDrawer";
 import { ActiveFilters } from './FilterBar';
-import { CommandResultSummary, ShortName, ValidateResultSummary } from "../models";
-import { Api, checkStaticBuild, RealApi, StaticApi } from "../api";
+import { AuthInfo, CommandResultSummary, ShortName, ValidateResultSummary } from "../models";
+import { Api, checkStaticBuild, RealApi, StaticApi, User } from "../api";
 import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
 import Login from "./Login";
 import { Loading, useLoadingHelper } from "./Loading";
@@ -34,13 +34,14 @@ export const AppContext = createContext<AppContextProps>({
 });
 
 export const ApiContext = createContext<Api>(new StaticApi())
+export const UserContext = createContext<User | undefined>(undefined)
 
 export interface KluctlDeploymentWithClusterId {
     deployment: any
     clusterId: string
 }
 
-const LoggedInApp = (props: { onUnauthorized: () => void }) => {
+const LoggedInApp = (props: { onLogout: () => void }) => {
     const api = useContext(ApiContext)
     const [filters, setFilters] = useState<ActiveFilters>()
 
@@ -158,7 +159,7 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
                 <LeftDrawer
                     content={<Outlet context={outletContext} />}
                     context={outletContext}
-                    logout={props.onUnauthorized}
+                    logout={props.onLogout}
                 />
             </Box>
         </AppContext.Provider>
@@ -167,42 +168,19 @@ const LoggedInApp = (props: { onUnauthorized: () => void }) => {
 
 const App = () => {
     const [api, setApi] = useState<Api>()
-    const [needToken, setNeedToken] = useState(false)
+    const [authInfo, setAuthInfo] = useState<AuthInfo>()
+    const [user, setUser] = useState<User>()
 
-    const storage = localStorage
-
-    const getToken = () => {
-        const token = storage.getItem("token")
-        if (!token) {
-            return ""
-        }
-        return JSON.parse(token)
-    }
-    const setToken = (token?: string) => {
-        if (!token) {
-            storage.removeItem("token")
-        } else {
-            storage.setItem("token", JSON.stringify(token))
-        }
+    const onLogout = () => {
+        console.log("handle onLogout")
+        setUser(undefined)
+        window.location.href='/auth/logout'
     }
-
     const onUnauthorized = () => {
         console.log("handle onUnauthorized")
-        setToken(undefined)
-        setApi(undefined)
-        setNeedToken(true)
-    }
-    const onTokenRefresh = (newToken: string) => {
-        console.log("handle onTokenRefresh")
-        setToken(newToken)
+        setUser(undefined)
     }
 
-    const handleLoginSucceeded = (token: string) => {
-        console.log("handle saveToken")
-        setToken(token);
-        setApi(new RealApi(getToken, onUnauthorized, onTokenRefresh))
-    };
-
     useEffect(() => {
         if (api) {
             return
@@ -213,36 +191,47 @@ const App = () => {
             if (isStatic) {
                 setApi(new StaticApi())
             } else {
-                // check if we don't need auth (running locally?)
-                const noAuthApi = new RealApi(undefined, undefined, undefined)
-                try {
-                    await noAuthApi.getShortNames()
-                    setToken(undefined)
-                    setNeedToken(false)
-                    setApi(noAuthApi)
-                } catch (error) {
-                    if (!getToken()) {
-                        setNeedToken(true)
-                    } else {
-                        setApi(new RealApi(getToken, onUnauthorized, onTokenRefresh))
-                    }
-                }
+                const api = new RealApi(onUnauthorized)
+                const authInfo = await api.getAuthInfo()
+                setApi(api)
+                setAuthInfo(authInfo)
             }
         }
         doInit()
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [])
 
-    if (needToken && !getToken()) {
-        return <Login setToken={handleLoginSucceeded} />
-    }
+    useEffect(() => {
+        if (user || !api) {
+            return
+        }
+        const doGetUser = async () => {
+            if (!api) {
+                return
+            }
+            try {
+                const user = await api.getUser()
+                console.log("user", user)
+                setUser(user)
+            } catch (error) {
+                console.log("error", error)
+            }
+        }
+        doGetUser()
+    }, [user, api])
 
-    if (!api) {
+    if (!api || !authInfo) {
         return <Loading />
     }
 
+    if (!user) {
+        return <Login authInfo={authInfo} />
+    }
+
     return <ApiContext.Provider value={api}>
-        <LoggedInApp onUnauthorized={onUnauthorized} />
+        <UserContext.Provider value={user}>
+            <LoggedInApp onLogout={onLogout}/>
+        </UserContext.Provider>
     </ApiContext.Provider>
 }
 
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index b2de65dbe..55e7d4683 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -2,8 +2,7 @@ import { Box, Button, FormControl, Paper, TextField, Typography, useTheme } from
 import React, { SyntheticEvent, useState } from 'react';
 import { rootPath } from "../api";
 import { ErrorMessageCard } from './ErrorMessage';
-
-//import './Login.css';
+import { AuthInfo } from "../models";
 
 interface loginCredentials {
     username: string
@@ -12,7 +11,6 @@ interface loginCredentials {
 
 type LoginResult = {
     type: 'success',
-    token: string
 } | {
     type: 'unauthorized'
 } | {
@@ -20,8 +18,8 @@ type LoginResult = {
     statusText: string
 }
 
-async function loginUser(creds: loginCredentials): Promise<LoginResult> {
-    const url = rootPath + `/auth/login`
+async function loginAdminUser(creds: loginCredentials): Promise<LoginResult> {
+    const url = rootPath + `/auth/adminLogin`
     return fetch(url, {
         method: 'POST',
         headers: {
@@ -30,10 +28,7 @@ async function loginUser(creds: loginCredentials): Promise<LoginResult> {
         body: JSON.stringify(creds)
     }).then(response => {
         if (response.status === 200) {
-            return response.json().then(json => ({
-                type: 'success',
-                token: json.token
-            }));
+            return { type: "success" }
         } else if (response.status === 401) {
             return { type: 'unauthorized' }
         } else {
@@ -45,7 +40,7 @@ async function loginUser(creds: loginCredentials): Promise<LoginResult> {
     });
 }
 
-export default function Login(props: { setToken: (token: string) => void }) {
+export default function Login(props: { authInfo: AuthInfo }) {
     const theme = useTheme();
     const [username, setUserName] = useState<string>();
     const [password, setPassword] = useState<string>();
@@ -57,14 +52,14 @@ export default function Login(props: { setToken: (token: string) => void }) {
             return
         }
 
-        const result = await loginUser({
+        const result = await loginAdminUser({
             username: username,
             password: password,
         });
 
         switch (result.type) {
             case 'success':
-                props.setToken(result.token);
+                window.location.href='/'
                 break;
             case 'unauthorized':
                 setError(result);
@@ -81,6 +76,68 @@ export default function Login(props: { setToken: (token: string) => void }) {
         </ErrorMessageCard>
     }
 
+    const adminLogin = <form onSubmit={handleSubmit}>
+        <Box
+            display='flex'
+            flexDirection='column'
+            justifyContent='center'
+            alignItems='center'
+            gap='30px'
+        >
+            <FormControl fullWidth >
+                <TextField variant='standard' label='Username' onChange={e => setUserName(e.target.value)} />
+            </FormControl>
+            <FormControl fullWidth >
+                <TextField variant='standard' label='Password' type="password" onChange={e => setPassword(e.target.value)} />
+            </FormControl>
+            {error?.type === 'unauthorized' && (
+                <Box color={theme.palette.error.main}>
+                    Invalid username or password
+                </Box>
+            )}
+            <FormControl >
+                <Button
+                    variant='contained'
+                    type='submit'
+                    sx={{
+                        padding: '6px 20px',
+                        backgroundColor: '#59A588',
+                        '&:hover': {
+                            backgroundColor: '#59A588'
+                        }
+                    }}
+                >
+                    Login
+                </Button>
+            </FormControl>
+        </Box>
+    </form>
+
+    const oidcLogin = <Box
+        display='flex'
+        flexDirection='column'
+        justifyContent='center'
+        alignItems='center'
+        gap='30px'
+    >
+        <Button
+            variant='contained'
+            type='submit'
+            sx={{
+                padding: '6px 20px',
+                backgroundColor: '#59A588',
+                '&:hover': {
+                    backgroundColor: '#59A588'
+                }
+            }}
+            onClick={() => {
+                window.location.href='/auth/login'
+            }}
+        >
+            Login with {props.authInfo.oidcName}
+        </Button>
+    </Box>
+
     return (
         <Box
             width='100%'
@@ -93,42 +150,8 @@ export default function Login(props: { setToken: (token: string) => void }) {
         >
             <Typography variant='h1'>Please Log In</Typography>
             <Paper elevation={5} sx={{ width: '400px', borderRadius: '12px', padding: '30px' }}>
-                <form onSubmit={handleSubmit}>
-                    <Box
-                        display='flex'
-                        flexDirection='column'
-                        justifyContent='center'
-                        alignItems='center'
-                        gap='30px'
-                    >
-                        <FormControl fullWidth >
-                            <TextField variant='standard' label='Username' onChange={e => setUserName(e.target.value)} />
-                        </FormControl>
-                        <FormControl fullWidth >
-                            <TextField variant='standard' label='Password' type="password" onChange={e => setPassword(e.target.value)} />
-                        </FormControl>
-                        {error?.type === 'unauthorized' && (
-                            <Box color={theme.palette.error.main}>
-                                Invalid username or password
-                            </Box>
-                        )}
-                        <FormControl >
-                            <Button
-                                variant='contained'
-                                type='submit'
-                                sx={{
-                                    padding: '6px 20px',
-                                    backgroundColor: '#59A588',
-                                    '&:hover': {
-                                        backgroundColor: '#59A588'
-                                    }
-                                }}
-                            >
-                                Login
-                            </Button>
-                        </FormControl>
-                    </Box>
-                </form>
+                {props.authInfo.adminEnabled && adminLogin}
+                {props.authInfo.oidcEnabled && oidcLogin}
             </Paper>
         </Box>
     )
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 31e913240..912da8551 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -15,7 +15,7 @@ import {
 } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { ApiContext } from "../App";
+import { ApiContext, UserContext } from "../App";
 import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
@@ -199,10 +199,11 @@ export const TargetItem = React.memo(React.forwardRef((
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
     const api = useContext(ApiContext)
+    const user = useContext(UserContext)
     const actionMenuItems: ActionMenuItem[] = []
     const kd = props.ts.kd
 
-    if (kd) {
+    if (kd && user && user.isAdmin) {
         actionMenuItems.push({
             icon: <Troubleshoot/>,
             text: <Typography>Validate</Typography>,
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 511872add..8ab798c71 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -220,8 +220,6 @@ export const TargetsView = () => {
         return [project, target]
     }, [projects, targetPath])
 
-    console.log("project", parentProject, "target", selectedTarget)
-
     const showHistory = pathname.endsWith('history');
 
     if (selectedTarget && parentProject && !showHistory) {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 7a1e720c9..4fdd499c0 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -913,4 +913,18 @@ export class ProjectTargetKey {
 	    }
 	    return a;
 	}
+}
+export class AuthInfo {
+    authEnabled: boolean;
+    adminEnabled: boolean;
+    oidcEnabled: boolean;
+    oidcName?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.authEnabled = source["authEnabled"];
+        this.adminEnabled = source["adminEnabled"];
+        this.oidcEnabled = source["oidcEnabled"];
+        this.oidcName = source["oidcName"];
+    }
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/setupProxy.js b/pkg/webui/ui/src/setupProxy.js
new file mode 100644
index 000000000..5682a303f
--- /dev/null
+++ b/pkg/webui/ui/src/setupProxy.js
@@ -0,0 +1,18 @@
+const { createProxyMiddleware } = require('http-proxy-middleware');
+
+module.exports = function(app) {
+    app.use(
+        '/api',
+        createProxyMiddleware({
+            target: 'http://localhost:9090',
+            changeOrigin: true,
+        })
+    );
+    app.use(
+        '/auth',
+        createProxyMiddleware({
+            target: 'http://localhost:9090',
+            changeOrigin: true,
+        })
+    );
+};
\ No newline at end of file

From 78c0b10cc1ca9bcf4e2602eacf400d986a3a882a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Jul 2023 15:50:30 +0200
Subject: [PATCH 1353/2268] feat: Add viewer RBAC role for webui

---
 install/webui/webui/viewer-rbac.yaml | 37 ++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 install/webui/webui/viewer-rbac.yaml

diff --git a/install/webui/webui/viewer-rbac.yaml b/install/webui/webui/viewer-rbac.yaml
new file mode 100644
index 000000000..d08ffe20b
--- /dev/null
+++ b/install/webui/webui/viewer-rbac.yaml
@@ -0,0 +1,37 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kluctl-webui-viewer-role
+rules:
+  - apiGroups:
+      - gitops.kluctl.io
+    resources:
+      - kluctldeployments
+    verbs:
+      - get
+      - list
+      - watch
+  # Read access for all other Kubernetes objects
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-webui-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-webui-viewer-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kluctl-webui-viewer-role
+subjects:
+  - kind: User
+    apiGroup: rbac.authorization.k8s.io
+    name: kluctl-webui-viewer

From 50e3081865584ad6803d4d6daedf308688735d64 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Jul 2023 16:40:07 +0200
Subject: [PATCH 1354/2268] chore(deps): Bump github.com/aws/aws-sdk-go-v2 from
 1.18.1 to 1.19.0 (#666)

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.18.1...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index fec23d853..4b8aa450d 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
-	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2 v1.19.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.27
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.26
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
diff --git a/go.sum b/go.sum
index 8fc29ca78..81a12e017 100644
--- a/go.sum
+++ b/go.sum
@@ -114,8 +114,9 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
 github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
+github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
 github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=

From 4b6e2c820a71c8538d3babe4b4ccd6762661d138 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Jul 2023 16:40:22 +0200
Subject: [PATCH 1355/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore (#664)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.1...sdk/azcore/v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4b8aa450d..778d09e2a 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.19.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.27
diff --git a/go.sum b/go.sum
index 81a12e017..645bcb834 100644
--- a/go.sum
+++ b/go.sum
@@ -53,8 +53,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 h1:SEy2xmstIphdPwNBUi7uhvjyjhVKISfwjfOJmuy7kg4=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 h1:8q4SaHjFsClSvuVne0ID/5Ka8u3fcIHyqkLjcFpNRHQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=

From 6506024cdc6fb136e9b810e2986316ea34fd73c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Jul 2023 16:40:33 +0200
Subject: [PATCH 1356/2268] chore(deps): Bump helm.sh/helm/v3 from 3.12.1 to
 3.12.2 (#665)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.12.1...v3.12.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 778d09e2a..2bab77781 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/sys v0.10.0
 	golang.org/x/term v0.10.0
 	golang.org/x/text v0.11.0
-	helm.sh/helm/v3 v3.12.1
+	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.27.3
 	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.27.3
diff --git a/go.sum b/go.sum
index 645bcb834..ab85ff456 100644
--- a/go.sum
+++ b/go.sum
@@ -1381,8 +1381,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-helm.sh/helm/v3 v3.12.1 h1:lzU7etZX24A6BTMXYQF3bFq0ECfD8s+fKlNBBL8AbEc=
-helm.sh/helm/v3 v3.12.1/go.mod h1:qhmSY9kcX7yH1xebe+FDMZa7E5NAeZ+LvK5j1gSln48=
+helm.sh/helm/v3 v3.12.2 h1:kFyDBr/mgJUlyGzVTCieG4wW0zmo7fcNRWK0+FKkxqU=
+helm.sh/helm/v3 v3.12.2/go.mod h1:v1PMayudIfZAvec3Wp4wAErensvK/rv5fu/xCiE6t3I=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From 29cdbfe96ab0b5f5d337b8d2b01e7609d3177564 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Jul 2023 16:40:56 +0200
Subject: [PATCH 1357/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/credentials (#667)

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.26 to 1.13.27.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.13.26...credentials/v1.13.27)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 16 ++++++++--------
 go.sum | 24 ++++++++++++++++--------
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index 2bab77781..46ed596c6 100644
--- a/go.mod
+++ b/go.mod
@@ -56,9 +56,9 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.19.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.27
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.26
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
 	github.com/aws/smithy-go v1.13.5
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -103,14 +103,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index ab85ff456..1763d874f 100644
--- a/go.sum
+++ b/go.sum
@@ -119,30 +119,38 @@ github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyD
 github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
 github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 h1:hMUCiE3Zi5AHrRNGf5j985u0WyqI6r2NULhUfo0N/No=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eLmuB18DRZibj77n1hHQT7z12jnGO7Ze3pLc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10 h1:eW8zPSh7ZLzb7029xCsIEFbnxLvNHPTt7aWwdKjNJc8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 944e68c52fdaed9be5bf47977dcb29df0d353a6a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 17 Jul 2023 23:48:34 +0200
Subject: [PATCH 1358/2268] fix: Store full token in session and re-validate it
 (#671)

* fix: Store full token in session and re-validate it

* fix: Proxy /staticdata in devserver
---
 pkg/webui/auth.go              |  1 +
 pkg/webui/auth_oidc.go         | 64 +++++++++++++++++++++++-----------
 pkg/webui/ui/src/setupProxy.js |  7 ++++
 3 files changed, 51 insertions(+), 21 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 74f966df9..122884877 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -96,6 +96,7 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig
 
 func (s *authHandler) setupRoutes(router gin.IRouter) error {
 	gob.Register(map[string]interface{}{})
+	gob.Register(oauth2.Token{})
 	gob.Register(time.Time{})
 
 	store := cookie.NewStore(s.authSecret)
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index 900bd8057..50a281089 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
-	"errors"
 	"fmt"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gin-contrib/sessions"
@@ -43,12 +42,7 @@ func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConf
 }
 
 // verifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.
-func (s *authHandler) verifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) {
-	rawIDToken, ok := token.Extra("id_token").(string)
-	if !ok {
-		return nil, errors.New("no id_token field in oauth2 token")
-	}
-
+func (s *authHandler) verifyIDToken(ctx context.Context, rawIDToken string) (*oidc.IDToken, error) {
 	oidcConfig := &oidc.Config{
 		ClientID: s.oauth2Config.ClientID,
 	}
@@ -84,6 +78,18 @@ func (s *authHandler) oidcLoginHandler(c *gin.Context) {
 	c.Redirect(http.StatusTemporaryRedirect, s.oauth2Config.AuthCodeURL(state, opts...))
 }
 
+func (s *authHandler) storeToken(session sessions.Session, token *oauth2.Token) error {
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return fmt.Errorf("no id_token field in oauth2 token.")
+	}
+
+	session.Set("token", token)
+	session.Set("id_token", rawIDToken)
+
+	return nil
+}
+
 func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
 	session := sessions.Default(c)
 	if c.Query("state") != session.Get("state") {
@@ -98,20 +104,12 @@ func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
 		return
 	}
 
-	idToken, err := s.verifyIDToken(c.Request.Context(), token)
+	err = s.storeToken(session, token)
 	if err != nil {
-		c.String(http.StatusInternalServerError, "Failed to verify ID Token.")
-		return
-	}
-
-	var profile map[string]interface{}
-	if err := idToken.Claims(&profile); err != nil {
-		c.String(http.StatusInternalServerError, err.Error())
+		c.String(http.StatusBadRequest, err.Error())
 		return
 	}
 
-	session.Set("access_token", token.AccessToken)
-	session.Set("profile", profile)
 	if err := session.Save(); err != nil {
 		c.String(http.StatusInternalServerError, err.Error())
 		return
@@ -135,15 +133,39 @@ func (s *authHandler) generateRandomState() (string, error) {
 
 func (s *authHandler) getUserFromOidcProfile(c *gin.Context) (*User, error) {
 	session := sessions.Default(c)
-	profileI := session.Get("profile")
-	if profileI == nil {
+
+	tokenI := session.Get("token")
+	if tokenI == nil {
+		return nil, nil
+	}
+	token, ok := tokenI.(oauth2.Token)
+	if !ok {
+		return nil, nil
+	}
+
+	rawIdTokenI := session.Get("id_token")
+	if rawIdTokenI == nil {
+		return nil, nil
+	}
+	rawIdToken, ok := rawIdTokenI.(string)
+	if !ok {
 		return nil, nil
 	}
-	profile := profileI.(map[string]interface{})
-	if profile == nil {
+
+	if !token.Valid() {
 		return nil, nil
 	}
 
+	idToken, err := s.verifyIDToken(c.Request.Context(), rawIdToken)
+	if err != nil {
+		return nil, err
+	}
+
+	var profile map[string]interface{}
+	if err := idToken.Claims(&profile); err != nil {
+		return nil, err
+	}
+
 	usernameClaim, ok := profile[s.authConfig.OidcUserClaim]
 	if !ok {
 		return nil, fmt.Errorf("missing or invalid user claim")
diff --git a/pkg/webui/ui/src/setupProxy.js b/pkg/webui/ui/src/setupProxy.js
index 5682a303f..3ae1e861e 100644
--- a/pkg/webui/ui/src/setupProxy.js
+++ b/pkg/webui/ui/src/setupProxy.js
@@ -1,6 +1,13 @@
 const { createProxyMiddleware } = require('http-proxy-middleware');
 
 module.exports = function(app) {
+    app.use(
+        '/staticdata',
+        createProxyMiddleware({
+            target: 'http://localhost:9090',
+            changeOrigin: true,
+        })
+    );
     app.use(
         '/api',
         createProxyMiddleware({

From 4f1782bdcef636c183f50d51b1702c54a9de88df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Jul 2023 23:48:53 +0200
Subject: [PATCH 1359/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#663)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.27 to 1.18.28.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.27...config/v1.18.28)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 14 ++++----------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 46ed596c6..7268dd0a0 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.19.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.27
+	github.com/aws/aws-sdk-go-v2/config v1.18.28
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
@@ -106,7 +106,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
diff --git a/go.sum b/go.sum
index 1763d874f..e2a26d6c8 100644
--- a/go.sum
+++ b/go.sum
@@ -117,12 +117,10 @@ github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4
 github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
 github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
-github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
+github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw=
+github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -133,22 +131,18 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLB
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eLmuB18DRZibj77n1hHQT7z12jnGO7Ze3pLc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10 h1:eW8zPSh7ZLzb7029xCsIEFbnxLvNHPTt7aWwdKjNJc8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From a25c46e0565b7f133874828b184bd1dbbe4e1a26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 09:23:24 +0200
Subject: [PATCH 1360/2268] chore(deps): Bump
 sigs.k8s.io/structured-merge-diff/v4 (#672)

Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.2.3 to 4.3.0.
- [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases)
- [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.2.3...v4.3.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/structured-merge-diff/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7268dd0a0..7da78c760 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	k8s.io/client-go v0.27.3
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3
+	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index e2a26d6c8..cf6a07c8e 100644
--- a/go.sum
+++ b/go.sum
@@ -1430,7 +1430,7 @@ sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI
 sigs.k8s.io/kustomize/api v0.13.4/go.mod h1:Bkaavz5RKK6ZzP0zgPrB7QbpbBJKiHuD3BB0KujY7Ls=
 sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=
 sigs.k8s.io/kustomize/kyaml v0.14.2/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

From 8327b8152b0fe5c59b471c96097cec28e3de5def Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 09:23:48 +0200
Subject: [PATCH 1361/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#674)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 7da78c760..4ea1643da 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.22.0
+	github.com/bitnami-labs/sealed-secrets v0.23.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
 	github.com/go-playground/validator/v10 v10.14.1
diff --git a/go.sum b/go.sum
index cf6a07c8e..eb07acb85 100644
--- a/go.sum
+++ b/go.sum
@@ -155,8 +155,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.22.0 h1:2LN228dTeibCmgWxmdPfked8WiUzRmmuRdtnxgFbBZo=
-github.com/bitnami-labs/sealed-secrets v0.22.0/go.mod h1:hrOzPsBSknCcJgeb5Sb6i2bpADbfOesrnlnd8XDjpLg=
+github.com/bitnami-labs/sealed-secrets v0.23.0 h1:mXanM+5q14nt+7GgaoigBhiq5EIzcp8sZshsukBw2nY=
+github.com/bitnami-labs/sealed-secrets v0.23.0/go.mod h1:Pl86hTKdoyXF+l8VG4MRu4/H9Y6AqRwiNSkZo/cjm3o=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
@@ -689,7 +689,7 @@ github.com/ohler55/ojg v1.19.1 h1:ruSyx+OGrE2HvJgUvtDWiqHJFfMs6e7IM0yZhcrs3NU=
 github.com/ohler55/ojg v1.19.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs=
+github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
 github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 85c5d392010fb3204a4a8d52bf003a28bc219bfb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 09:24:01 +0200
Subject: [PATCH 1362/2268] chore(deps): Bump k8s.io/api from 0.27.3 to 0.27.4
 (#679)

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.27.3 to 0.27.4.
- [Commits](https://github.com/kubernetes/api/compare/v0.27.3...v0.27.4)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 4ea1643da..9c48ecf54 100644
--- a/go.mod
+++ b/go.mod
@@ -41,9 +41,9 @@ require (
 	golang.org/x/term v0.10.0
 	golang.org/x/text v0.11.0
 	helm.sh/helm/v3 v3.12.2
-	k8s.io/api v0.27.3
+	k8s.io/api v0.27.4
 	k8s.io/apiextensions-apiserver v0.27.2
-	k8s.io/apimachinery v0.27.3
+	k8s.io/apimachinery v0.27.4
 	k8s.io/client-go v0.27.3
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
diff --git a/go.sum b/go.sum
index eb07acb85..888d923d8 100644
--- a/go.sum
+++ b/go.sum
@@ -1392,12 +1392,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
-k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
+k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs=
+k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y=
 k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
 k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
-k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
-k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs=
+k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
 k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
 k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
 k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=

From 44688173d80e11a2a21221486068544baf106542 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Aug 2023 09:24:56 +0200
Subject: [PATCH 1363/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#683)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.19.10 to 1.20.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.19.10...v1.20.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 19 ++++++++++---------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 9c48ecf54..02daddb13 100644
--- a/go.mod
+++ b/go.mod
@@ -54,12 +54,12 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
-	github.com/aws/aws-sdk-go-v2 v1.19.0
+	github.com/aws/aws-sdk-go-v2 v1.20.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.28
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
-	github.com/aws/smithy-go v1.13.5
+	github.com/aws/smithy-go v1.14.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-contrib/sessions v0.0.5
@@ -104,8 +104,8 @@ require (
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
diff --git a/go.sum b/go.sum
index 888d923d8..eb1742edb 100644
--- a/go.sum
+++ b/go.sum
@@ -114,9 +114,9 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
 github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2 v1.20.0 h1:INUDpYLt4oiPOJl0XwZDK2OVAVf0Rzo+MGVTv9f+gy8=
+github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4=
 github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw=
 github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
@@ -124,21 +124,21 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 h1:hMUCiE3Zi5AHrRNGf5j985u0WyqI6r2NULhUfo0N/No=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 h1:zr/gxAZkMcvP71ZhQOcvdm8ReLjFgIXnIn0fw5AM7mo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37/go.mod h1:Pdn4j43v49Kk6+82spO3Tu5gSeQXRsxo56ePPQAvFiA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 h1:0HCMIkAkVY9KMgueD8tf4bRTUanzEYvhw7KkPXIMpO0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eLmuB18DRZibj77n1hHQT7z12jnGO7Ze3pLc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10 h1:eW8zPSh7ZLzb7029xCsIEFbnxLvNHPTt7aWwdKjNJc8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0 h1:1jOe5hNSVuOvFEmlhG2yzLTkVKu6/V8pCL/m5YxoHko=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
@@ -146,8 +146,9 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrV
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.14.0 h1:+X90sB94fizKjDmwb4vyl2cTTPXTE5E2G/1mjByb0io=
+github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 6f351907b15ea12100472245779bd40d4b3e2a23 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 1 Aug 2023 17:32:40 +0200
Subject: [PATCH 1364/2268] fix: Also consider deleted namespaces when
 filtering orphans (#685)

* refactor: Put filtering of deleted objects from orphan list into own function

* fix: Also consider deleted namespaces when filtering orphans
---
 pkg/deployment/commands/deploy.go | 12 +-----------
 pkg/deployment/commands/prune.go  |  9 +++++----
 pkg/deployment/commands/utils.go  | 20 ++++++++++++++++++++
 3 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index af0649e4c..937bcca32 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -102,17 +102,7 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 		deleted = utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, orphanObjects, dew, cmd.WaitPrune)
 
 		// now clean up the list of orphan objects (remove the ones that got deleted)
-		ds := map[k8s2.ObjectRef]bool{}
-		for _, x := range deleted {
-			ds[x] = true
-		}
-		var tmp []k8s2.ObjectRef
-		for _, x := range orphanObjects {
-			if _, ok := ds[x]; !ok {
-				tmp = append(tmp, x)
-			}
-		}
-		orphanObjects = tmp
+		orphanObjects = filterDeletedOrphans(orphanObjects, deleted)
 	}
 
 	r := &result.CommandResult{
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 07e41b96b..d150ff7ff 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -42,23 +42,24 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 		return nil, err
 	}
 
-	deleteRefs, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
+	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
 		return nil, err
 	}
 
 	if confirmCb != nil {
-		err = confirmCb(deleteRefs)
+		err = confirmCb(orphanObjects)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	deleted := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, deleteRefs, dew, cmd.wait)
+	deleted := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, orphanObjects, dew, cmd.wait)
+	orphanObjects = filterDeletedOrphans(orphanObjects, deleted)
 
 	r := &result.CommandResult{
 		Id:       uuid.New().String(),
-		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, nil, deleted),
+		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, orphanObjects, deleted),
 		Warnings: dew.GetWarningsList(),
 	}
 	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "prune")
diff --git a/pkg/deployment/commands/utils.go b/pkg/deployment/commands/utils.go
index 44ca0359c..cedef6c0d 100644
--- a/pkg/deployment/commands/utils.go
+++ b/pkg/deployment/commands/utils.go
@@ -121,3 +121,23 @@ func collectObjects(c *deployment.DeploymentCollection, ru *utils.RemoteObjectUt
 	})
 	return ret
 }
+
+func filterDeletedOrphans(orphans []k8s.ObjectRef, deleted []k8s.ObjectRef) []k8s.ObjectRef {
+	deletedMap := map[k8s.ObjectRef]bool{}
+	deletedNamespacesMap := map[string]bool{}
+	for _, x := range deleted {
+		deletedMap[x] = true
+		if x.Group == "" && x.Kind == "Namespace" {
+			deletedNamespacesMap[x.Name] = true
+		}
+	}
+	var tmp []k8s.ObjectRef
+	for _, x := range orphans {
+		_, isDeleted := deletedMap[x]
+		_, isDeletedNs := deletedNamespacesMap[x.Namespace]
+		if !isDeleted && !isDeletedNs {
+			tmp = append(tmp, x)
+		}
+	}
+	return tmp
+}

From 05d83a643c3e5b535aad58cd9a6101c8973a8a29 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 13:47:22 +0200
Subject: [PATCH 1365/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#687)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.20.0 to 1.20.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.0...service/ecs/v1.20.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 02daddb13..24b6c5d40 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.20.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.28
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
 	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
 	github.com/aws/smithy-go v1.14.0
 	github.com/coreos/go-oidc/v3 v3.6.0
diff --git a/go.sum b/go.sum
index eb1742edb..ddfce6915 100644
--- a/go.sum
+++ b/go.sum
@@ -137,8 +137,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eL
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0 h1:1jOe5hNSVuOvFEmlhG2yzLTkVKu6/V8pCL/m5YxoHko=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.0/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=

From c6ed6ea81b4fb6b21f135c033d56c2542709bd67 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 13:47:41 +0200
Subject: [PATCH 1366/2268] chore(deps): Bump k8s.io/client-go from 0.27.3 to
 0.27.4 (#688)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.3 to 0.27.4.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.27.3...v0.27.4)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 24b6c5d40..c9702858e 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	k8s.io/api v0.27.4
 	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.27.4
-	k8s.io/client-go v0.27.3
+	k8s.io/client-go v0.27.4
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.2
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
diff --git a/go.sum b/go.sum
index ddfce6915..5588aa977 100644
--- a/go.sum
+++ b/go.sum
@@ -1403,8 +1403,8 @@ k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
 k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
 k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=
 k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw=
-k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
-k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
+k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk=
+k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc=
 k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
 k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=

From e35b615f473d1f80d90520d804842c1946449633 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Aug 2023 12:48:40 +0200
Subject: [PATCH 1367/2268] feat: Introduce credentials field for
 KluctlDeployment

And deprecate spec.source.secretRef.
---
 api/v1beta1/kluctldeployment_types.go         |  30 +++-
 api/v1beta1/zz_generated.deepcopy.go          |  21 +++
 .../gitops.kluctl.io_kluctldeployments.yaml   |  44 +++++-
 .../reference/gitops/api/kluctl-controller.md |  91 ++++++++++-
 .../gitops/spec/v1beta1/kluctldeployment.md   |  29 +++-
 install/controller/controller/crd.yaml        |  44 +++++-
 pkg/controllers/kluctl_project.go             |   4 +-
 .../kluctldeployment_controller_source.go     | 142 ++++++++++++------
 pkg/git/auth/list_auth_provider.go            |  14 +-
 9 files changed, 351 insertions(+), 68 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 3a2d62bde..d92d5f04f 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -232,14 +232,40 @@ type ProjectSource struct {
 	// +optional
 	Path string `json:"path,omitempty"`
 
+	// SecretRef specifies the Secret containing authentication credentials for
+	// See GitCredentials.SecretRef for details
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
+	// instead.
+	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+	// Use Credentials with a proper Host field instead.
+	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
+
+	// Credentials specifies a list of secrets with credentials
+	// +optional
+	Credentials []GitCredentials `json:"credentials,omitempty"`
+}
+
+type GitCredentials struct {
+	// Host specifies the hostname that this git secret applies to. If set to '*', this set of credentials
+	// applies to all hosts.
+	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+	// You must always set a proper hostname in that case.
+	// +required
+	Host string `json:"host,omitempty"`
+
+	// PathPrefix specified the path prefix to be used to filter git urls. Only urls that have this prefix will use
+	// this set of credentials.
+	// +optional
+	PathPrefix string `json:"pathPrefix,omitempty"`
+
 	// SecretRef specifies the Secret containing authentication credentials for
 	// the git repository.
 	// For HTTPS repositories the Secret must contain 'username' and 'password'
 	// fields.
 	// For SSH repositories the Secret must contain 'identity'
 	// and 'known_hosts' fields.
-	// +optional
-	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
+	// +required
+	SecretRef LocalObjectReference `json:"secretRef"`
 }
 
 // Decryption defines how decryption is handled for Kubernetes manifests.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index ad09bad7f..af4396967 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -48,6 +48,22 @@ func (in *Decryption) DeepCopy() *Decryption {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitCredentials) DeepCopyInto(out *GitCredentials) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredentials.
+func (in *GitCredentials) DeepCopy() *GitCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(GitCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmCredentials) DeepCopyInto(out *HelmCredentials) {
 	*out = *in
@@ -305,6 +321,11 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 		*out = new(LocalObjectReference)
 		**out = **in
 	}
+	if in.Credentials != nil {
+		in, out := &in.Credentials, &out.Credentials
+		*out = make([]GitCredentials, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSource.
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index cf2ea96cb..7f983a33a 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -293,6 +293,40 @@ spec:
               source:
                 description: Specifies the project source location
                 properties:
+                  credentials:
+                    description: Credentials specifies a list of secrets with credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this git secret
+                            applies to. If set to '*', this set of credentials applies
+                            to all hosts. Using '*' for http(s) based repositories
+                            is not supported, meaning that such credentials sets will
+                            be ignored. You must always set a proper hostname in that
+                            case.
+                          type: string
+                        pathPrefix:
+                          description: PathPrefix specified the path prefix to be
+                            used to filter git urls. Only urls that have this prefix
+                            will use this set of credentials.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the git repository. For HTTPS repositories
+                            the Secret must contain 'username' and 'password' fields.
+                            For SSH repositories the Secret must contain 'identity'
+                            and 'known_hosts' fields.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory
@@ -313,10 +347,12 @@ spec:
                     type: object
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
-                      credentials for the git repository. For HTTPS repositories the
-                      Secret must contain 'username' and 'password' fields. For SSH
-                      repositories the Secret must contain 'identity' and 'known_hosts'
-                      fields.
+                      credentials for See GitCredentials.SecretRef for details DEPRECATED
+                      this field is deprecated and will be removed in a future version
+                      of the controller. Use Credentials instead. WARNING using this
+                      field causes the controller to pass http basic auth credentials
+                      to ALL repositories involved. Use Credentials with a proper
+                      Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index efc23a4f6..06f86660b 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -69,6 +69,71 @@ by signing a token in an IRSA compliant way.</p>
 </table>
 </div>
 </div>
+<h3 id="gitops.kluctl.io/v1beta1.GitCredentials">GitCredentials
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>host</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Host specifies the hostname that this git secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
+applies to all hosts.
+Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+You must always set a proper hostname in that case.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>pathPrefix</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PathPrefix specified the path prefix to be used to filter git urls. Only urls that have this prefix will use
+this set of credentials.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the git repository.
+For HTTPS repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
+fields.
+For SSH repositories the Secret must contain &lsquo;identity&rsquo;
+and &lsquo;known_hosts&rsquo; fields.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials
 </h3>
 <p>
@@ -1232,6 +1297,7 @@ the KluctlDeployment.</p>
 <p>
 (<em>Appears on:</em>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
+<a href="#gitops.kluctl.io/v1beta1.GitCredentials">GitCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
 </p>
@@ -1321,13 +1387,26 @@ LocalObjectReference
 </em>
 </td>
 <td>
-<em>(Optional)</em>
 <p>SecretRef specifies the Secret containing authentication credentials for
-the git repository.
-For HTTPS repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
-fields.
-For SSH repositories the Secret must contain &lsquo;identity&rsquo;
-and &lsquo;known_hosts&rsquo; fields.</p>
+See GitCredentials.SecretRef for details
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
+instead.
+WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+Use Credentials with a proper Host field instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.GitCredentials">
+[]GitCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies a list of secrets with credentials</p>
 </td>
 </tr>
 </tbody>
diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
index 391bbd7cb..18e3a4b79 100644
--- a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
@@ -58,8 +58,11 @@ spec:
   source:
     url: https://github.com/kluctl/kluctl-examples.git
     path: path/to/project
-    secretRef:
-      name: git-credentials
+    credentials:
+      - host: github.com
+        pathPrefix: kluctl/
+        secretRef:
+          name: git-credentials
     ref:
       branch: my-branch
   ...
@@ -72,7 +75,7 @@ The `path` specifies the sub-directory where the Kluctl project is located.
 
 The `ref` provides the Git reference to be used. It can either be a branch or a tag.
 
-See [Git authentication](#git-authentication) for details on authentication.
+See [Git authentication](#git-authentication) for details on authentication and the `credentials` field.
 
 ### interval
 See [Reconciliation](#reconciliation).
@@ -299,8 +302,24 @@ spec:
 
 ## Git authentication
 
-The `spec.source` can optionally specify a `spec.source.secretRef` (see [here](#source)) which must point to an existing
-secret (in the same namespace) containing Git credentials.
+The `spec.source` can optionally specify `spec.source.credentials` (see [here](#source)), which lists multiple
+sets of credentials for different git hosts.
+
+Each time the controller needs to access a git repository, it will iterate through this list and pick the first one
+matching.
+
+Each `credentials` entry has the following fields:
+
+`host` is required and specifies the hostname to apply this set of credentials. It can also be set to `*`, meaning that
+it will match all git hosts. `*` will however be ignored for https based urls to avoid leaking credentials.
+
+`pathPrefix` is optional and allows to filter for different path prefixed on the same host. This is for example useful
+when public Git providers are used, for example github.com. For these, you can for example use `my-org/` as prefix to
+tell the controller that it should use this set of credentials only for projects below the `my-org` GitHub organisation.
+
+`secretRef` is required and specifies the name of the secret that contains the actual credentials.
+
+The following authentication types are supported through the referenced secret.
 
 ### Basic access authentication
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 6617b1226..1a9adf3de 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -293,6 +293,40 @@ spec:
               source:
                 description: Specifies the project source location
                 properties:
+                  credentials:
+                    description: Credentials specifies a list of secrets with credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this git secret
+                            applies to. If set to '*', this set of credentials applies
+                            to all hosts. Using '*' for http(s) based repositories
+                            is not supported, meaning that such credentials sets will
+                            be ignored. You must always set a proper hostname in that
+                            case.
+                          type: string
+                        pathPrefix:
+                          description: PathPrefix specified the path prefix to be
+                            used to filter git urls. Only urls that have this prefix
+                            will use this set of credentials.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the git repository. For HTTPS repositories
+                            the Secret must contain 'username' and 'password' fields.
+                            For SSH repositories the Secret must contain 'identity'
+                            and 'known_hosts' fields.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory
@@ -313,10 +347,12 @@ spec:
                     type: object
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
-                      credentials for the git repository. For HTTPS repositories the
-                      Secret must contain 'username' and 'password' fields. For SSH
-                      repositories the Secret must contain 'identity' and 'known_hosts'
-                      fields.
+                      credentials for See GitCredentials.SecretRef for details DEPRECATED
+                      this field is deprecated and will be removed in a future version
+                      of the controller. Use Credentials instead. WARNING using this
+                      field causes the controller to pass http basic auth credentials
+                      to ALL repositories involved. Use Credentials with a proper
+                      Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index ec6c86db4..106c4663c 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -81,12 +81,12 @@ func prepareProject(ctx context.Context,
 
 	pp.tmpDir = tmpDir
 
-	gitSecret, err := r.getGitSecret(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
+	gitSecrets, err := r.getGitSecrets(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
 	if err != nil {
 		return nil, err
 	}
 
-	pp.rp, err = r.buildRepoCache(ctx, gitSecret)
+	pp.rp, err = r.buildRepoCache(ctx, gitSecrets)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index d206217b4..b563986ce 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -10,32 +10,68 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/types"
 	"os"
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func (r *KluctlDeploymentReconciler) getGitSecret(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) (*corev1.Secret, error) {
-	if source == nil || source.SecretRef == nil {
+type gitSecrets struct {
+	deprecatedSecret bool
+
+	host       string
+	pathPrefix string
+	secret     corev1.Secret
+}
+
+func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]gitSecrets, error) {
+	if source == nil {
 		return nil, nil
 	}
 
-	// Attempt to retrieve secret
-	name := types.NamespacedName{
-		Namespace: objNs,
-		Name:      source.SecretRef.Name,
+	var ret []gitSecrets
+
+	loadCredentials := func(deprecatedSecret bool, host string, pathPrefix string, secretName string) error {
+		if host == "" {
+			host = "*"
+		}
+		var secret corev1.Secret
+		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
+		if err != nil {
+			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
+		}
+		ret = append(ret, gitSecrets{
+			deprecatedSecret: deprecatedSecret,
+			host:             host,
+			pathPrefix:       pathPrefix,
+			secret:           secret,
+		})
+		return nil
+	}
+
+	if source.SecretRef != nil {
+		// Attempt to retrieve deprecated secret
+		err := loadCredentials(true, "", "", source.SecretRef.Name)
+		if err != nil {
+			return nil, err
+		}
+		status.Deprecation(ctx, "spec.source.secretRef", "the 'spec.source.secretRef' is deprecated and will be removed in the next API version bump.")
 	}
-	var secret corev1.Secret
-	if err := r.Get(ctx, name, &secret); err != nil {
-		return nil, fmt.Errorf("failed to get secret '%s': %w", name.String(), err)
+
+	for _, c := range source.Credentials {
+		err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+		if err != nil {
+			return nil, err
+		}
 	}
-	return &secret, nil
+
+	return ret, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret *corev1.Secret) (*auth.GitAuthProviders, error) {
+func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []gitSecrets) (*auth.GitAuthProviders, error) {
 	log := ctrl.LoggerFrom(ctx)
 	ga := auth.NewDefaultAuthProviders("KLUCTL_GIT", &messages.MessageCallbacks{
 		WarningFn: func(s string) {
@@ -46,60 +82,80 @@ func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret
 		},
 	})
 
-	if gitSecret == nil {
+	if len(gitSecrets) == 0 {
 		return ga, nil
 	}
 
-	e := auth.AuthEntry{
-		Host:     "*",
-		Username: "*",
-	}
-
-	if x, ok := gitSecret.Data["username"]; ok {
-		e.Username = string(x)
-	}
-	if x, ok := gitSecret.Data["password"]; ok {
-		e.Password = string(x)
-	}
-	if x, ok := gitSecret.Data["caFile"]; ok {
-		e.CABundle = x
-	}
-	if x, ok := gitSecret.Data["known_hosts"]; ok {
-		e.KnownHosts = x
-	}
-	if x, ok := gitSecret.Data["identity"]; ok {
-		e.SshKey = x
-	}
-
 	var la auth.ListAuthProvider
-	la.AddEntry(e)
 	ga.RegisterAuthProvider(&la, false)
+
+	for _, secret := range gitSecrets {
+		e := auth.AuthEntry{
+			AllowWildcardHostForHttp: secret.deprecatedSecret,
+
+			Host:       secret.host,
+			PathPrefix: secret.pathPrefix,
+			Username:   "*",
+		}
+
+		if x, ok := secret.secret.Data["username"]; ok {
+			e.Username = string(x)
+		}
+		if x, ok := secret.secret.Data["password"]; ok {
+			e.Password = string(x)
+		}
+		if x, ok := secret.secret.Data["caFile"]; ok {
+			e.CABundle = x
+		}
+		if x, ok := secret.secret.Data["known_hosts"]; ok {
+			e.KnownHosts = x
+		}
+		if x, ok := secret.secret.Data["identity"]; ok {
+			e.SshKey = x
+		}
+
+		la.AddEntry(e)
+	}
 	return ga, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildRepoCache(ctx context.Context, secret *corev1.Secret) (*repocache.GitRepoCache, error) {
+func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []gitSecrets) (string, error) {
 	// make sure we use a unique repo cache per set of credentials
 	h := sha256.New()
-	if secret == nil {
+	if len(secrets) == 0 {
 		h.Write([]byte("no-secret"))
 	} else {
 		m := json.NewEncoder(h)
-		err := m.Encode(secret.Data)
-		if err != nil {
-			return nil, err
+		for _, secret := range secrets {
+			err := m.Encode(map[string]any{
+				"host":       secret.host,
+				"pathPrefix": secret.pathPrefix,
+				"data":       secret.secret.Data,
+			})
+			if err != nil {
+				return "", err
+			}
 		}
 	}
 	h2 := hex.EncodeToString(h.Sum(nil))
+	return h2, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildRepoCache(ctx context.Context, secrets []gitSecrets) (*repocache.GitRepoCache, error) {
+	key, err := r.buildRepoCacheKey(secrets)
+	if err != nil {
+		return nil, err
+	}
 
-	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-repo-cache", h2)
-	err := os.MkdirAll(tmpBaseDir, 0o700)
+	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-repo-cache", key)
+	err = os.MkdirAll(tmpBaseDir, 0o700)
 	if err != nil {
 		return nil, err
 	}
 
 	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
 
-	ga, err := r.buildGitAuth(ctx, secret)
+	ga, err := r.buildGitAuth(ctx, secrets)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 444e38d4d..b8da25b00 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -16,6 +16,8 @@ type ListAuthProvider struct {
 }
 
 type AuthEntry struct {
+	AllowWildcardHostForHttp bool
+
 	Host       string
 	PathPrefix string
 	Username   string
@@ -31,13 +33,21 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
+func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl) AuthMethodAndCA {
+	gitUrl := gitUrlIn.Normalize()
+
 	a.MessageCallbacks.Trace("ListAuthProvider: BuildAuth for %s", gitUrl.String())
 	a.MessageCallbacks.Trace("ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
+
 	for _, e := range a.entries {
 		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, pathPrefix=%s, username=%s", e.Host, e.PathPrefix, e.Username)
 
-		if e.Host != "*" && e.Host != gitUrl.Hostname() {
+		if !e.AllowWildcardHostForHttp && e.Host == "*" && !gitUrl.IsSsh() {
+			a.MessageCallbacks.Trace("ListAuthProvider: wildcard hosts are not allowed for http urls")
+			continue
+		}
+
+		if e.Host != "*" && e.Host != gitUrl.Host {
 			continue
 		}
 		urlPath := gitUrl.Path

From c20f6b749173275da436bbb7da31ec94b75e8780 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Aug 2023 13:57:04 +0200
Subject: [PATCH 1368/2268] tests: Add tests for git authentication in the
 controller

# Conflicts:
#	pkg/git/test_git_server.go
---
 e2e/git_include_test.go        |  17 ++--
 e2e/gitops_git_include_test.go | 154 +++++++++++++++++++++++++++++++++
 e2e/test-utils/project.go      |   4 +
 pkg/git/test_git_server.go     |  53 +++++++++++-
 4 files changed, 217 insertions(+), 11 deletions(-)
 create mode 100644 e2e/gitops_git_include_test.go

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index aeefc4bf6..777315fc0 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -28,12 +28,10 @@ func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer
 	return p
 }
 
-func prepareGitIncludeTest(t *testing.T, gitServer *git2.TestGitServer) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
-	k := defaultCluster1
-
-	p := test_utils.NewTestProject(t, test_utils.WithGitServer(gitServer))
-	ip1 := prepareIncludeProject(t, "include1", "", gitServer)
-	ip2 := prepareIncludeProject(t, "include2", "subDir", gitServer)
+func prepareGitIncludeTest(t *testing.T, k *test_utils.EnvTestCluster, mainGs *git2.TestGitServer, gs1 *git2.TestGitServer, gs2 *git2.TestGitServer) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
+	p := test_utils.NewTestProject(t, test_utils.WithGitServer(mainGs))
+	ip1 := prepareIncludeProject(t, "include1", "", gs1)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", gs2)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -59,7 +57,7 @@ func TestGitInclude(t *testing.T) {
 
 	k := defaultCluster1
 
-	p, _, _ := prepareGitIncludeTest(t, nil)
+	p, _, _ := prepareGitIncludeTest(t, k, nil, nil, nil)
 
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
@@ -230,7 +228,7 @@ func TestLocalGitOverride(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	p, ip1, ip2 := prepareGitIncludeTest(t, nil)
+	p, ip1, ip2 := prepareGitIncludeTest(t, k, nil, nil, nil)
 
 	override1 := t.TempDir()
 	err := cp.Copy(ip1.LocalRepoDir(), override1)
@@ -269,7 +267,8 @@ func TestLocalGitGroupOverride(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	p, ip1, ip2 := prepareGitIncludeTest(t, git2.NewTestGitServer(t))
+	gs := git2.NewTestGitServer(t)
+	p, ip1, ip2 := prepareGitIncludeTest(t, k, gs, gs, gs)
 
 	overrideGroupDir := t.TempDir()
 
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
new file mode 100644
index 000000000..b24337128
--- /dev/null
+++ b/e2e/gitops_git_include_test.go
@@ -0,0 +1,154 @@
+package e2e
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
+	g := NewWithT(suite.T())
+	_ = g
+
+	mainGs := git2.NewTestGitServer(suite.T(), git2.WithTestGitServerAuth("user1", "password1"))
+	gs1 := git2.NewTestGitServer(suite.T(), git2.WithTestGitServerAuth("user1", "password1"))
+	gs2 := git2.NewTestGitServer(suite.T())
+
+	p, _, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
+
+	key := suite.createKluctlDeployment(p, "test", nil)
+
+	suite.Run("fail without authentication", func() {
+		suite.waitForCommit(key, "")
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
+		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
+		g.Expect(readinessCondition.Message).To(Equal("failed clone source: authentication required"))
+	})
+
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "git-secrets",
+			Namespace: key.Namespace,
+		},
+		Data: map[string][]byte{
+			"username": []byte("user1"),
+			"password": []byte("password1"),
+		},
+	}
+	err := suite.k.Client.Create(context.Background(), &secret)
+	g.Expect(err).To(Succeed())
+
+	var kd v1beta1.KluctlDeployment
+	err = suite.k.Client.Get(context.Background(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	patch := client.MergeFrom(kd.DeepCopy())
+	kd.Spec.Source.SecretRef = &v1beta1.LocalObjectReference{Name: "git-secrets"}
+
+	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
+	g.Expect(err).To(Succeed())
+
+	suite.Run("retry with authentication", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
+	})
+}
+
+func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
+	g := NewWithT(suite.T())
+	_ = g
+
+	mainGs := git2.NewTestGitServer(suite.T(), git2.WithTestGitServerAuth("user1", "password1"))
+	gs1 := git2.NewTestGitServer(suite.T(), git2.WithTestGitServerAuth("user2", "password2"))
+	gs2 := git2.NewTestGitServer(suite.T(), git2.WithTestGitServerFailWhenAuth(true))
+
+	p, ip1, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
+
+	key := suite.createKluctlDeployment(p, "test", nil)
+
+	suite.Run("fail without authentication", func() {
+		suite.waitForCommit(key, "")
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
+		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
+		g.Expect(readinessCondition.Message).To(Equal("failed clone source: authentication required"))
+	})
+
+	createSecret := func(secretName string, username string, password string) {
+		secret := corev1.Secret{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      secretName,
+				Namespace: key.Namespace,
+			},
+			Data: map[string][]byte{
+				"username": []byte(username),
+				"password": []byte(password),
+			},
+		}
+		err := suite.k.Client.Create(context.Background(), &secret)
+		g.Expect(err).To(Succeed())
+	}
+
+	createSecret("secret1", "user1", "password1")
+	createSecret("secret2", "user2", "password2")
+
+	var kd v1beta1.KluctlDeployment
+	err := suite.k.Client.Get(context.Background(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	patch := client.MergeFrom(kd.DeepCopy())
+
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+		Host:       gs1.GitHost(),
+		PathPrefix: ip1.GitRepoName(),
+		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
+	})
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+		Host:      mainGs.GitHost(),
+		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
+	})
+	// make sure this one is ignored for http based urls
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+		Host:      "*",
+		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
+	})
+
+	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
+	g.Expect(err).To(Succeed())
+
+	suite.Run("retry with authentication", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
+	})
+}
diff --git a/e2e/test-utils/project.go b/e2e/test-utils/project.go
index 9cd1cf156..aa913a9fe 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test-utils/project.go
@@ -404,6 +404,10 @@ func (p *TestProject) DeleteKustomizeDeployment(dir string) {
 	})
 }
 
+func (p *TestProject) GitRepoName() string {
+	return p.gitRepoName
+}
+
 func (p *TestProject) GitUrl() string {
 	return p.gitServer.GitRepoUrl(p.gitRepoName)
 }
diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index eee519037..d034524ed 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -26,14 +26,43 @@ type TestGitServer struct {
 	gitServer     *http_server.Server
 	gitHttpServer *http.Server
 	gitServerPort int
+
+	authUsername string
+	authPassword string
+	failWhenAuth bool
+}
+
+type repoInfo struct {
+	repoName string
+	username string
+	password string
 }
 
-func NewTestGitServer(t *testing.T) *TestGitServer {
+type TestGitServerOpt func(*TestGitServer)
+
+func WithTestGitServerAuth(username string, password string) TestGitServerOpt {
+	return func(server *TestGitServer) {
+		server.authUsername = username
+		server.authPassword = password
+	}
+}
+
+func WithTestGitServerFailWhenAuth(fail bool) TestGitServerOpt {
+	return func(server *TestGitServer) {
+		server.failWhenAuth = fail
+	}
+}
+
+func NewTestGitServer(t *testing.T, opts ...TestGitServerOpt) *TestGitServer {
 	p := &TestGitServer{
 		t:       t,
 		baseDir: t.TempDir(),
 	}
 
+	for _, o := range opts {
+		o(p)
+	}
+
 	p.initGitServer()
 
 	t.Cleanup(func() {
@@ -46,9 +75,25 @@ func NewTestGitServer(t *testing.T) *TestGitServer {
 func (p *TestGitServer) initGitServer() {
 	p.gitServer = http_server.New(p.baseDir)
 
+	handler := http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		username, password, ok := request.BasicAuth()
+		if p.failWhenAuth {
+			if ok {
+				writer.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+		} else if p.authUsername != "" {
+			if p.authUsername != username || p.authPassword != password {
+				writer.WriteHeader(http.StatusUnauthorized)
+				return
+			}
+		}
+		p.gitServer.ServeHTTP(writer, request)
+	})
+
 	p.gitHttpServer = &http.Server{
 		Addr:    "127.0.0.1:0",
-		Handler: p.gitServer,
+		Handler: handler,
 	}
 
 	ln, err := net.Listen("tcp", "127.0.0.1:0")
@@ -237,6 +282,10 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	p.CommitYaml(repo, pth, message, o)
 }
 
+func (p *TestGitServer) GitHost() string {
+	return fmt.Sprintf("localhost:%d", p.gitServerPort)
+}
+
 func (p *TestGitServer) GitUrl() string {
 	return fmt.Sprintf("http://localhost:%d", p.gitServerPort)
 }

From ca98ceb4e8b77ecf7d239b2c4a7e786929e5fdf3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Aug 2023 13:57:58 +0200
Subject: [PATCH 1369/2268] fix: Fix CheckSubInDir inside ListSealedSecrets
 (#692)

This fixes a bug that caused kustomize bases to not work anymore due to
errors reported by CheckSubInDir.
---
 e2e/deployment_items_test.go      | 28 ++++++++++++++++++++++++++++
 pkg/deployment/deployment_item.go |  4 ++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 9f8dfdd96..0211d126f 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -137,6 +137,34 @@ namespace: %s
 	})
 }
 
+func TestKustomizeBase(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "base", map[string]string{}, resourceOpts{
+		name:      "base-cm",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		_ = items[0].SetNestedField(true, "onlyRender")
+		return items
+	})
+
+	p.AddKustomizeDeployment("k1", []test_utils.KustomizeResource{{
+		Name: "../base",
+	}}, nil)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "base-cm")
+}
+
 func TestTemplateIgnore(t *testing.T) {
 	t.Parallel()
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 6e82ee6ba..2ced45b8f 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -253,7 +253,7 @@ func (di *DeploymentItem) ListSealedSecrets(subdir string) ([]string, error) {
 	renderedDir := filepath.Join(di.RenderedDir, subdir)
 
 	// ensure we're not leaving the project
-	err := utils.CheckSubInDir(di.Project.source.dir, subdir)
+	err := utils.CheckSubInDir(di.Project.source.dir, filepath.Join(di.RelRenderedDir, subdir))
 	if err != nil {
 		return nil, err
 	}
@@ -291,7 +291,7 @@ func (di *DeploymentItem) ListSealedSecrets(subdir string) ([]string, error) {
 		relPath = filepath.Clean(relPath)
 
 		// ensure we're not leaving the project
-		err = utils.CheckSubInDir(di.Project.source.dir, relPath)
+		err = utils.CheckSubInDir(di.Project.source.dir, filepath.Join(di.RelRenderedDir, relPath))
 		if err != nil {
 			return nil, err
 		}

From 8f9dab151d70ff16c0d7198fd4c205b7f4527de0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 14:01:14 +0200
Subject: [PATCH 1370/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/sts (#686)

Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.19.3 to 1.21.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.19.3...service/efs/v1.21.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index c9702858e..8e058ca77 100644
--- a/go.mod
+++ b/go.mod
@@ -58,7 +58,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.18.28
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.1
 	github.com/aws/smithy-go v1.14.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -107,7 +107,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
diff --git a/go.sum b/go.sum
index 5588aa977..eaca2b7c5 100644
--- a/go.sum
+++ b/go.sum
@@ -133,8 +133,9 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 h1:0HCMIkAkVY9KMgueD8
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 h1:IiDolu/eLmuB18DRZibj77n1hHQT7z12jnGO7Ze3pLc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 h1:auGDJ0aLZahF5SPvkJ6WcUuX7iQ7kyl2MamV7Tm8QBk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31/go.mod h1:3+lloe3sZuBQw1aBc5MyndvodzQlyqCZ7x1QPDHaWP4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
@@ -143,8 +144,9 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 h1:pAOJj+80tC8sPVgSDHzMYD6KLWsaLQ1kZw31PTeORbs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.0 h1:+X90sB94fizKjDmwb4vyl2cTTPXTE5E2G/1mjByb0io=

From a22fc1ba58139a0d9004bfdfc7ab469511b51077 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 14:19:05 +0200
Subject: [PATCH 1371/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#690)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.28 to 1.18.32.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.28...config/v1.18.32)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 30 ++++++++++++------------------
 2 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/go.mod b/go.mod
index 8e058ca77..d9c7043b2 100644
--- a/go.mod
+++ b/go.mod
@@ -55,8 +55,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.20.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.28
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.27
+	github.com/aws/aws-sdk-go-v2/config v1.18.32
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.31
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.1
 	github.com/aws/smithy-go v1.14.0
@@ -103,14 +103,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index eaca2b7c5..19e39e74d 100644
--- a/go.sum
+++ b/go.sum
@@ -114,41 +114,35 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.20.0 h1:INUDpYLt4oiPOJl0XwZDK2OVAVf0Rzo+MGVTv9f+gy8=
 github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4=
-github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw=
-github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
+github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI=
+github.com/aws/aws-sdk-go-v2/config v1.18.32/go.mod h1:U3ZF0fQRRA4gnbn9GGvOWLoT2EzzZfAWeKwnVrm1rDc=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.31 h1:vJyON3lG7R8VOErpJJBclBADiWTwzcwdkQpTKx8D2sk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.31/go.mod h1:T4sESjBtY2lNxLgkIASmeP57b5j7hTQqCbqG0tWnxC4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 h1:X3H6+SU21x+76LRglk21dFRgMTJMa5QcpW+SqUf5BBg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7/go.mod h1:3we0V09SwcJBzNlnyovrR2wWJhWmVdqAsmVs4uronv8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 h1:zr/gxAZkMcvP71ZhQOcvdm8ReLjFgIXnIn0fw5AM7mo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37/go.mod h1:Pdn4j43v49Kk6+82spO3Tu5gSeQXRsxo56ePPQAvFiA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 h1:0HCMIkAkVY9KMgueD8tf4bRTUanzEYvhw7KkPXIMpO0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 h1:+i1DOFrW3YZ3apE45tCal9+aDKK6kNEbW6Ib7e1nFxE=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38/go.mod h1:1/jLp0OgOaWIetycOmycW+vYTYgTZFPttJQRgsI1PoU=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 h1:auGDJ0aLZahF5SPvkJ6WcUuX7iQ7kyl2MamV7Tm8QBk=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31/go.mod h1:3+lloe3sZuBQw1aBc5MyndvodzQlyqCZ7x1QPDHaWP4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 h1:DSNpSbfEgFXRV+IfEcKE5kTbqxm+MeF5WgyeRlsLnHY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.1/go.mod h1:TC9BubuFMVScIU+TLKamO6VZiYTkYoEHqlSQwAe2omw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 h1:hd0SKLMdOL/Sl6Z0np1PX9LeH2gqNtBe0MhTedA8MGI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1/go.mod h1:XO/VcyoQ8nKyKfFW/3DMsRQXsfh/052tHTWmg3xBXRg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 h1:pAOJj+80tC8sPVgSDHzMYD6KLWsaLQ1kZw31PTeORbs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.0 h1:+X90sB94fizKjDmwb4vyl2cTTPXTE5E2G/1mjByb0io=
 github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=

From bb0fa1731dc9e7cc05886c759e07fcad335bb4d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Aug 2023 14:19:34 +0200
Subject: [PATCH 1372/2268] chore(deps): Bump github.com/mattn/go-runewidth
 from 0.0.14 to 0.0.15 (#689)

Bumps [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) from 0.0.14 to 0.0.15.
- [Commits](https://github.com/mattn/go-runewidth/compare/v0.0.14...v0.0.15)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-runewidth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d9c7043b2..a79525db0 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.19
-	github.com/mattn/go-runewidth v0.0.14
+	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.19.1
 	github.com/pkg/errors v0.9.1
diff --git a/go.sum b/go.sum
index 19e39e74d..31d90c60b 100644
--- a/go.sum
+++ b/go.sum
@@ -626,8 +626,8 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
-github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=

From 388cd090eab84b617a6a2ab2b7c36a70eb44f2e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Aug 2023 14:49:00 +0200
Subject: [PATCH 1373/2268] docs: Remove bogus Kustomize example and refer to
 deployment-yml.md (#693)

---
 docs/reference/deployments/kustomize.md | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/docs/reference/deployments/kustomize.md b/docs/reference/deployments/kustomize.md
index d772b5208..8ac96432b 100644
--- a/docs/reference/deployments/kustomize.md
+++ b/docs/reference/deployments/kustomize.md
@@ -21,23 +21,6 @@ We advise to read the kustomize
 [reference](https://kubectl.docs.kubernetes.io/references/kustomize/). You can also look into the official kustomize
 [example](https://github.com/kubernetes-sigs/kustomize/tree/master/examples).
 
-One way you might use this is to Kustomize a set of manifests from an external project.
+# Using the Kustomize Integration
 
-For example:
-```yaml
-# deployment.yml
-deployments:
-- git: git@github.com/example/example.git
-  onlyRender: true
-- path: kustomize_example
-```
-```yaml
-# kustomize_example/kustomization.yml
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-  - ../example
-patches:
-  - # your patches here
-```
+Please refer to the [Kustomize Deployment Item](./deployment-yml.md#kustomize-deployments) documentation for details.

From 0b2444447ccc1d6a5fb0faee13dc6b43e2714c73 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 09:05:41 +0200
Subject: [PATCH 1374/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.8 to 1.27.10 (#695)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.8 to 1.27.10.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.8...v1.27.10)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a79525db0..fdbc1e4a1 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.8
+	github.com/onsi/gomega v1.27.10
 	github.com/otiai10/copy v1.12.0
 	github.com/prometheus/client_golang v1.16.0
 	github.com/sergi/go-diff v1.3.1
diff --git a/go.sum b/go.sum
index 31d90c60b..1d70317c3 100644
--- a/go.sum
+++ b/go.sum
@@ -687,8 +687,8 @@ github.com/ohler55/ojg v1.19.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
-github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
-github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
+github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=

From 9540a257436fc9866065b329763c00c3b6be90c1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 09:06:55 +0200
Subject: [PATCH 1375/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.7.0 to 5.8.1 (#696)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.7.0...v5.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  7 ++++---
 go.sum | 19 ++++++++++---------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index fdbc1e4a1..de00bed4c 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
-	github.com/go-git/go-git/v5 v5.7.0
+	github.com/go-git/go-git/v5 v5.8.1
 	github.com/go-logr/logr v1.2.4
 	github.com/google/gops v0.3.27
 	github.com/google/uuid v1.3.0
@@ -88,6 +88,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v0.13.0 // indirect
 	cloud.google.com/go/kms v1.10.1 // indirect
+	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
@@ -100,7 +101,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 // indirect
@@ -223,7 +224,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/skeema/knownhosts v1.1.1 // indirect
+	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 1d70317c3..bd5d29355 100644
--- a/go.sum
+++ b/go.sum
@@ -48,6 +48,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
@@ -93,8 +95,8 @@ github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek=
-github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -162,7 +164,7 @@ github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx2
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
-github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
 github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
@@ -183,7 +185,6 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -293,8 +294,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmS
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
-github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE=
-github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8=
+github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A=
+github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -784,8 +785,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE=
-github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
+github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
+github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -934,6 +935,7 @@ golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
@@ -1114,7 +1116,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From d69e8ca9caeca437052e4a095542b333fde24bf3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 09:07:21 +0200
Subject: [PATCH 1376/2268] chore(deps): Bump sigs.k8s.io/cli-utils from 0.34.0
 to 0.35.0 (#698)

Bumps [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) from 0.34.0 to 0.35.0.
- [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases)
- [Commits](https://github.com/kubernetes-sigs/cli-utils/compare/v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/cli-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index de00bed4c..5d4fb3866 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	golang.org/x/oauth2 v0.10.0
-	sigs.k8s.io/cli-utils v0.34.0
+	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
diff --git a/go.sum b/go.sum
index bd5d29355..eb6d02a7f 100644
--- a/go.sum
+++ b/go.sum
@@ -1418,8 +1418,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/cli-utils v0.34.0 h1:zCUitt54f0/MYj/ajVFnG6XSXMhpZ72O/3RewIchW8w=
-sigs.k8s.io/cli-utils v0.34.0/go.mod h1:EXyMwPMu9OL+LRnj0JEMsGG/fRvbgFadcVlSnE8RhFs=
+sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
+sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
 sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
 sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

From e9490417b72c62847926be48022ff1d4c6f132db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 09:07:46 +0200
Subject: [PATCH 1377/2268] chore(deps): Bump golang.org/x/net from 0.12.0 to
 0.13.0 (#697)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/net/compare/v0.12.0...v0.13.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5d4fb3866..f48871900 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.11.0
-	golang.org/x/net v0.12.0
+	golang.org/x/net v0.13.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.10.0
 	golang.org/x/term v0.10.0
diff --git a/go.sum b/go.sum
index eb6d02a7f..d8d79969c 100644
--- a/go.sum
+++ b/go.sum
@@ -1027,8 +1027,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 04b9ea140035e4419b1a0ef4b8e038f763dc22d0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 3 Aug 2023 10:14:13 +0200
Subject: [PATCH 1378/2268] feat: Add KluctlDeployment name/namespace to result
 labels

---
 pkg/results/result-store-secrets.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index c36de8005..da707b516 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -191,6 +191,10 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 	if cr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
 	}
+	if cr.Command.KluctlDeployment != nil {
+		secret.Labels["kluctl.io/result-deployment-name"] = cr.Command.KluctlDeployment.Name
+		secret.Labels["kluctl.io/result-deployment-namespace"] = cr.Command.KluctlDeployment.Namespace
+	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
 	if err != nil {
@@ -252,6 +256,10 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 	if vr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = vr.ProjectKey.SubDir
 	}
+	if vr.KluctlDeployment != nil {
+		secret.Labels["kluctl.io/result-deployment-name"] = vr.KluctlDeployment.Name
+		secret.Labels["kluctl.io/result-deployment-namespace"] = vr.KluctlDeployment.Namespace
+	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
 	if err != nil {

From 97b0923aaab6a44ef67c064ef38d75f4c5524a1b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 3 Aug 2023 13:39:04 +0200
Subject: [PATCH 1379/2268] fix: Also take clusterId into account in
 GetKluctlDeployment

---
 pkg/results/result-store-secrets.go |  6 +++++-
 pkg/results/result-store.go         |  2 +-
 pkg/results/results-collector.go    | 20 +++++++++-----------
 3 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index c36de8005..93e6e2ea3 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -733,7 +733,11 @@ func (s *ResultStoreSecrets) WatchKluctlDeployments() (<-chan WatchKluctlDeploym
 	return ch, cancel, nil
 }
 
-func (s *ResultStoreSecrets) GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
+func (s *ResultStoreSecrets) GetKluctlDeployment(clusterId string, name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
+	if s.clusterId != clusterId {
+		return nil, fmt.Errorf("clusterId does not match")
+	}
+
 	var k kluctlv1.KluctlDeployment
 	err := s.cache.Get(s.ctx, client.ObjectKey{Name: name, Namespace: namespace}, &k)
 	if err != nil {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 1f369d736..fefd5e5e3 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -49,7 +49,7 @@ type ResultStore interface {
 
 	ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error)
 	WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error)
-	GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error)
+	GetKluctlDeployment(clusterId string, name string, namespace string) (*kluctlv1.KluctlDeployment, error)
 }
 
 func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 0f3196f6d..f141ed13c 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -39,8 +39,8 @@ type validateSummaryEntry struct {
 }
 
 type kluctlDeploymentEntry struct {
-	store      ResultStore
-	deployment *kluctlv1.KluctlDeployment
+	store ResultStore
+	event WatchKluctlDeploymentEvent
 }
 
 type commandResultWatchEntry struct {
@@ -229,8 +229,8 @@ func (rc *ResultsCollector) handleKluctlDeploymentUpdate(store ResultStore, even
 		}
 	} else {
 		rc.kluctlDeployments[event.Deployment.UID] = kluctlDeploymentEntry{
-			store:      store,
-			deployment: event.Deployment,
+			store: store,
+			event: event,
 		}
 	}
 
@@ -396,7 +396,7 @@ func (rc *ResultsCollector) ListKluctlDeployments() ([]kluctlv1.KluctlDeployment
 	defer rc.mutex.Unlock()
 	ret := make([]kluctlv1.KluctlDeployment, 0, len(rc.commandResultSummaries))
 	for _, x := range rc.kluctlDeployments {
-		ret = append(ret, *x.deployment)
+		ret = append(ret, *x.event.Deployment)
 	}
 	return ret, nil
 }
@@ -420,9 +420,7 @@ func (rc *ResultsCollector) WatchKluctlDeployments() (<-chan WatchKluctlDeployme
 		}
 
 		for _, e := range rc.kluctlDeployments {
-			w.ch <- WatchKluctlDeploymentEvent{
-				Deployment: e.deployment,
-			}
+			w.ch <- e.event
 		}
 
 		rc.kluctlDeploymentWatches = append(rc.kluctlDeploymentWatches, w)
@@ -444,13 +442,13 @@ func (rc *ResultsCollector) WatchKluctlDeployments() (<-chan WatchKluctlDeployme
 	return w.ch, cancel, nil
 }
 
-func (rc *ResultsCollector) GetKluctlDeployment(name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
+func (rc *ResultsCollector) GetKluctlDeployment(clusterId string, name string, namespace string) (*kluctlv1.KluctlDeployment, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
 
 	for _, kd := range rc.kluctlDeployments {
-		if kd.deployment.Name == name && kd.deployment.Namespace == namespace {
-			return kd.deployment, nil
+		if kd.event.ClusterId == clusterId && kd.event.Deployment.Name == name && kd.event.Deployment.Namespace == namespace {
+			return kd.event.Deployment, nil
 		}
 	}
 	return nil, nil

From 4fcb658cbcf41322c041ecc6af92ff7de692e603 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 3 Aug 2023 10:14:56 +0200
Subject: [PATCH 1380/2268] feat: Implement cleanup of orphan command and
 validate results

---
 cmd/kluctl/commands/cmd_controller_run.go |   5 +
 pkg/results/result-store-secrets.go       | 139 ++++++++++++++++++++--
 2 files changed, 132 insertions(+), 12 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 18e25543d..181a297cb 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -141,6 +141,11 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 			return err
 		}
 		r.ResultStore = resultStore
+
+		err = resultStore.StartCleanupOrphans()
+		if err != nil {
+			return err
+		}
 	}
 
 	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index da707b516..8faab0bce 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -201,7 +201,7 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 		return err
 	}
 
-	err = s.cleanupCommandResults(cr.ProjectKey, cr.TargetKey)
+	err = s.cleanupOldCommandResults(cr.ProjectKey, cr.TargetKey)
 	if err != nil {
 		return err
 	}
@@ -274,7 +274,7 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 	return nil
 }
 
-func (s *ResultStoreSecrets) cleanupCommandResults(project result.ProjectKey, target result.TargetKey) error {
+func (s *ResultStoreSecrets) cleanupOldCommandResults(project result.ProjectKey, target result.TargetKey) error {
 	results, err := s.ListCommandResultSummaries(ListResultSummariesOptions{
 		ProjectFilter: &project,
 	})
@@ -284,8 +284,6 @@ func (s *ResultStoreSecrets) cleanupCommandResults(project result.ProjectKey, ta
 
 	cnt := 0
 	for _, rs := range results {
-		rs := rs
-
 		if rs.TargetKey != target {
 			continue
 		}
@@ -305,6 +303,79 @@ func (s *ResultStoreSecrets) cleanupCommandResults(project result.ProjectKey, ta
 	return nil
 }
 
+func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
+	commandResults, err := s.doListCommandResultSummaries(ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+	validateResults, err := s.doListValidateResultSummaries(ListResultSummariesOptions{})
+	if err != nil {
+		return err
+	}
+
+	deployments, err := s.ListKluctlDeployments()
+	if err != nil {
+		return err
+	}
+
+	deploymentsMap := map[result.KluctlDeploymentInfo]bool{}
+	for _, d := range deployments {
+		deploymentsMap[result.KluctlDeploymentInfo{Name: d.Name, Namespace: d.Namespace, ClusterId: s.clusterId}] = true
+	}
+
+	tryDeleteResult := func(secretKey client.ObjectKey, deployment *result.KluctlDeploymentInfo, id string, t string) {
+		if _, ok := deploymentsMap[*deployment]; ok {
+			return
+		}
+		secret := corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      secretKey.Name,
+				Namespace: secretKey.Namespace,
+			},
+		}
+		err := s.client.Delete(s.ctx, &secret)
+		if err != nil {
+			status.Warningf(s.ctx, "Failed to delete orphaned %s %s for KluctlDeployment %s: %s", t, id, deployment.Name, err)
+		} else {
+			status.Infof(s.ctx, "Deleted orphaned %s %s for KluctlDeployment %s", t, id, deployment.Name)
+		}
+	}
+
+	for _, e := range commandResults {
+		if e.summary.Command.KluctlDeployment == nil {
+			continue
+		}
+		tryDeleteResult(e.name, e.summary.Command.KluctlDeployment, e.summary.Id, "command result")
+	}
+	for _, e := range validateResults {
+		if e.summary.KluctlDeployment == nil {
+			continue
+		}
+		tryDeleteResult(e.name, e.summary.KluctlDeployment, e.summary.Id, "validate result")
+	}
+	return nil
+}
+
+func (s *ResultStoreSecrets) StartCleanupOrphans() error {
+	ch, _, err := s.WatchKluctlDeployments()
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		// perform initial cleanup so that we catch all deployments that got deleted since last run
+		_ = s.cleanupOrphanedResults()
+
+		for d := range ch {
+			if d.Delete {
+				_ = s.cleanupOrphanedResults()
+			}
+		}
+	}()
+
+	return nil
+}
+
 func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, target result.TargetKey) error {
 	results, err := s.ListValidateResultSummaries(ListResultSummariesOptions{
 		ProjectFilter: &project,
@@ -336,7 +407,12 @@ func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, t
 	return nil
 }
 
-func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
+type commandResultSummaryAndName struct {
+	name    client.ObjectKey
+	summary result.CommandResultSummary
+}
+
+func (s *ResultStoreSecrets) doListCommandResultSummaries(options ListResultSummariesOptions) ([]commandResultSummaryAndName, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
 	err := s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/command-result-id"})
@@ -344,7 +420,7 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummar
 		return nil, err
 	}
 
-	ret := make([]result.CommandResultSummary, 0, len(l.Items))
+	ret := make([]commandResultSummaryAndName, 0, len(l.Items))
 
 	for _, x := range l.Items {
 		summary, err := s.parseCommandSummary(x.GetAnnotations())
@@ -355,16 +431,33 @@ func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummar
 			continue
 		}
 
-		ret = append(ret, *summary)
+		ret = append(ret, commandResultSummaryAndName{
+			name:    client.ObjectKeyFromObject(&x),
+			summary: *summary,
+		})
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
-		return lessCommandSummary(&ret[i], &ret[j])
+		return lessCommandSummary(&ret[i].summary, &ret[j].summary)
 	})
 
 	return ret, nil
 }
 
+func (s *ResultStoreSecrets) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
+	summaries, err := s.doListCommandResultSummaries(options)
+	if err != nil {
+		return nil, err
+	}
+
+	ret := make([]result.CommandResultSummary, 0, len(summaries))
+	for _, sn := range summaries {
+		ret = append(ret, sn.summary)
+	}
+
+	return ret, nil
+}
+
 func (s *ResultStoreSecrets) parseCommandSummary(a map[string]string) (*result.CommandResultSummary, error) {
 	if len(a) == 0 {
 		return nil, nil
@@ -536,7 +629,12 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 	return &cr, nil
 }
 
-func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
+type validateResultSummaryAndName struct {
+	name    client.ObjectKey
+	summary result.ValidateResultSummary
+}
+
+func (s *ResultStoreSecrets) doListValidateResultSummaries(options ListResultSummariesOptions) ([]validateResultSummaryAndName, error) {
 	var l metav1.PartialObjectMetadataList
 	l.SetGroupVersionKind(schema.GroupVersionKind{Version: "v1", Kind: "SecretList"})
 	err := s.cache.List(s.ctx, &l, client.HasLabels{"kluctl.io/validate-result-id"})
@@ -544,7 +642,7 @@ func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSumma
 		return nil, err
 	}
 
-	ret := make([]result.ValidateResultSummary, 0, len(l.Items))
+	ret := make([]validateResultSummaryAndName, 0, len(l.Items))
 
 	for _, x := range l.Items {
 		summary, err := s.parseValidateSummary(x.GetAnnotations())
@@ -555,16 +653,33 @@ func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSumma
 			continue
 		}
 
-		ret = append(ret, *summary)
+		ret = append(ret, validateResultSummaryAndName{
+			name:    client.ObjectKeyFromObject(&x),
+			summary: *summary,
+		})
 	}
 
 	sort.Slice(ret, func(i, j int) bool {
-		return lessValidateSummary(&ret[i], &ret[j])
+		return lessValidateSummary(&ret[i].summary, &ret[j].summary)
 	})
 
 	return ret, nil
 }
 
+func (s *ResultStoreSecrets) ListValidateResultSummaries(options ListResultSummariesOptions) ([]result.ValidateResultSummary, error) {
+	summaries, err := s.doListValidateResultSummaries(options)
+	if err != nil {
+		return nil, err
+	}
+
+	ret := make([]result.ValidateResultSummary, 0, len(summaries))
+	for _, sn := range summaries {
+		ret = append(ret, sn.summary)
+	}
+
+	return ret, nil
+}
+
 func (s *ResultStoreSecrets) WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error) {
 	ch := make(chan WatchValidateResultSummaryEvent)
 

From f81e4f4e915e40879ebe4ed0ba9340de781f4e91 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 3 Aug 2023 11:50:54 +0200
Subject: [PATCH 1381/2268] fix: Lock mutex before returning strings from
 buffers

---
 e2e/test-utils/kluctl_execute.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/e2e/test-utils/kluctl_execute.go b/e2e/test-utils/kluctl_execute.go
index bab9a76e2..a88cc89de 100644
--- a/e2e/test-utils/kluctl_execute.go
+++ b/e2e/test-utils/kluctl_execute.go
@@ -42,5 +42,8 @@ func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, s
 	sh.Stop()
 	sh = nil
 	_ = stdout.Close()
+
+	m.Lock()
+	defer m.Unlock()
 	return stdoutBuf.String(), stderrBuf.String(), err
 }

From 539aed934a4029a56b84c54251e9a867da8d63b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 3 Aug 2023 13:39:48 +0200
Subject: [PATCH 1382/2268] feat: Switch back to websockets for events

---
 go.mod                              |  1 +
 go.sum                              | 20 +++++++
 pkg/webui/events.go                 | 92 ++++++++++++++++++++++-------
 pkg/webui/server.go                 |  2 +-
 pkg/webui/ui/src/api.tsx            | 74 ++++++++++++++---------
 pkg/webui/ui/src/components/App.tsx |  2 +-
 6 files changed, 139 insertions(+), 52 deletions(-)

diff --git a/go.mod b/go.mod
index f48871900..3e2247e69 100644
--- a/go.mod
+++ b/go.mod
@@ -77,6 +77,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	golang.org/x/oauth2 v0.10.0
+	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/kustomize/api v0.13.4
diff --git a/go.sum b/go.sum
index d8d79969c..9de617249 100644
--- a/go.sum
+++ b/go.sum
@@ -284,6 +284,7 @@ github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfm
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
@@ -322,11 +323,15 @@ github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTr
 github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
 github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@@ -342,6 +347,12 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
+github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
+github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
+github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
+github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
+github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -459,6 +470,8 @@ github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -544,6 +557,7 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
@@ -559,6 +573,7 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
 github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -588,6 +603,7 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -845,6 +861,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
@@ -1412,6 +1430,8 @@ k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
 k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
+nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 29d2e54bb..73438b27f 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -1,8 +1,9 @@
 package webui
 
 import (
+	"bytes"
 	"container/list"
-	"fmt"
+	"context"
 	"github.com/gin-gonic/gin"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -10,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/http"
+	"nhooyr.io/websocket"
 	"strings"
 	"sync"
 	"time"
@@ -229,7 +231,6 @@ func (h *eventsHandler) handler(c *gin.Context) {
 	args := struct {
 		FilterProject string `form:"filterProject"`
 		FilterSubDir  string `form:"filterSubDir"`
-		Seq           int64  `form:"seq"`
 	}{}
 	err := c.BindQuery(&args)
 	if err != nil {
@@ -251,14 +252,44 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		}
 	}
 
-	getNewEvents := func() ([]string, int64) {
+	acceptOptions := &websocket.AcceptOptions{
+		InsecureSkipVerify: true,
+	}
+
+	userAgentLower := strings.ToLower(c.GetHeader("User-Agent"))
+	isSafari := strings.Contains(userAgentLower, "safari") && !strings.Contains(userAgentLower, "chrome") && !strings.Contains(userAgentLower, "android")
+
+	if isSafari {
+		acceptOptions.CompressionMode = websocket.CompressionDisabled
+	}
+
+	conn, err := websocket.Accept(c.Writer, c.Request, acceptOptions)
+	if err != nil {
+		return
+	}
+	defer conn.Close(websocket.StatusInternalError, "the sky is falling")
+
+	err = h.wsHandle(conn, filter)
+	if err != nil {
+		cs := websocket.CloseStatus(err)
+		if cs == websocket.StatusNormalClosure || cs == websocket.StatusGoingAway {
+			return
+		}
+		_ = c.AbortWithError(http.StatusInternalServerError, err)
+	}
+}
+
+func (h *eventsHandler) wsHandle(c *websocket.Conn, filter *result.ProjectKey) error {
+	ctx := c.CloseRead(h.server.ctx)
+
+	getNewEvents := func(seq int64) ([]string, int64) {
 		h.mutex.Lock()
 		defer h.mutex.Unlock()
 		var events []string
-		nextSeq := args.Seq
+		nextSeq := seq
 		for e := h.events.Front(); e != nil; e = e.Next() {
 			e2 := e.Value.(*eventEntry)
-			if e2.seq < args.Seq {
+			if e2.seq < seq {
 				continue
 			}
 			nextSeq = e2.seq + 1
@@ -271,24 +302,43 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		return events, nextSeq
 	}
 
-	events, nextSeq := getNewEvents()
-	timeout := time.After(30 * time.Second)
-outer:
-	for len(events) == 0 {
-		select {
-		case <-h.server.ctx.Done():
-			_ = c.AbortWithError(http.StatusServiceUnavailable, fmt.Errorf("context cancelled"))
-			return
-		case <-timeout:
-			break outer
-		case <-time.After(100 * time.Millisecond):
+	var seq int64
+	for {
+		events, nextSeq := getNewEvents(seq)
+		if len(events) != 0 {
+			buf := bytes.NewBuffer(nil)
+			buf.Write([]byte("["))
+			for i, e := range events {
+				if i != 0 {
+					buf.Write([]byte(","))
+				}
+				buf.Write([]byte(e))
+			}
+			buf.Write([]byte("]"))
+
+			err := h.wsSendMessage(ctx, c, time.Second*5, buf.String())
+			if err != nil {
+				return err
+			}
 		}
 
-		events, nextSeq = getNewEvents()
+		seq = nextSeq
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-time.After(1000 * time.Millisecond):
+		}
 	}
+}
+
+func (s *eventsHandler) wsSendMessage(ctx context.Context, c *websocket.Conn, timeout time.Duration, msg string) error {
+	ctx, cancel := context.WithTimeout(ctx, timeout)
+	defer cancel()
 
-	j := fmt.Sprintf(`{"nextSeq": %d, "events": [%s]}`, nextSeq, strings.Join(events, ","))
-	c.Writer.Header().Set("Content-Type", "application/json")
-	c.Status(http.StatusOK)
-	_, _ = c.Writer.WriteString(j)
+	err := c.Write(ctx, websocket.MessageText, []byte(msg))
+	if err != nil {
+		return err
+	}
+	return err
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6d2a64ceb..569d06a1f 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -120,7 +120,7 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	if err != nil {
 		return err
 	}
-	api.GET("/events", s.events.handler)
+	api.Any("/events", s.events.handler)
 
 	address := fmt.Sprintf("%s:%d", host, port)
 	listener, err := net.Listen("tcp", address)
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 628da23a2..25e0a4a6b 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -6,6 +6,7 @@ import Tooltip from "@mui/material/Tooltip";
 import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
 import { GitRef } from "./models-static";
+import { sleep } from "./utils/misc";
 
 console.log(window.location)
 
@@ -36,7 +37,7 @@ export interface Api {
     getAuthInfo(): Promise<AuthInfo>
     getUser(): Promise<User>
     getShortNames(): Promise<ShortName[]>
-    listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
+    listenEvents(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void>
     getCommandResult(resultId: string): Promise<CommandResult>
     getCommandResultObject(resultId: string, ref: ObjectRef, objectType: string): Promise<any>
     getValidateResult(resultId: string): Promise<ValidateResult>
@@ -114,7 +115,17 @@ export class RealApi implements Api {
         return this.doGet("/api/getShortNames")
     }
 
-    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
+    async listenEvents(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
+        let host = window.location.host
+        let proto = "wss"
+        if (process.env.NODE_ENV === 'development') {
+            host = "localhost:9090"
+        }
+        if (window.location.protocol !== "https:") {
+            proto = "ws"
+        }
+        let url = `${proto}://${host}${rootPath}/api/events`
+
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)
@@ -122,42 +133,47 @@ export class RealApi implements Api {
         if (filterSubDir) {
             params.set("filterSubDir", filterSubDir)
         }
+        url += "?" + params.toString()
 
-        let seq = 0
-        const abort = new AbortController()
+        let ws: WebSocket | undefined;
+        let cancelled = false
 
-        const doGetEvents = async () => {
-            if (abort.signal.aborted) {
+        const connect = async () => {
+            if (cancelled) {
                 return
             }
 
-            params.set("seq", seq + "")
-            let resp: any
-            try {
-                resp = await this.doGet("/api/events", params, abort.signal)
-            } catch (error) {
-                console.log("events error", error)
-                seq = 0
-                await new Promise(r => setTimeout(r, 5000));
-                doGetEvents()
-                return
+            console.log("ws connect: " + url)
+            ws = new WebSocket(url);
+            ws.onopen = function () {
+                console.log("ws connected")
+            }
+            ws.onclose = function (event) {
+                console.log("ws close")
+                if (!cancelled) {
+                    sleep(5000).then(connect)
+                }
+            }
+            ws.onerror = function (event) {
+                console.log("ws error", event)
+            }
+            ws.onmessage = function (event: MessageEvent) {
+                if (cancelled) {
+                    return
+                }
+                const msg: any[] = JSON.parse(event.data)
+                msg.forEach(handle)
             }
-
-            seq = resp.nextSeq
-            const events = resp.events
-
-            events.forEach((e: any) => {
-                handle(e)
-            })
-
-            doGetEvents()
         }
 
-        doGetEvents()
+        await connect()
 
         return () => {
-            console.log("events cancel")
-            abort.abort()
+            console.log("ws cancel")
+            cancelled = true
+            if (ws) {
+                ws.close()
+            }
         }
     }
 
@@ -237,7 +253,7 @@ export class StaticApi implements Api {
         return staticShortNames
     }
 
-    async listenUpdates(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
+    async listenEvents(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
         await loadScript(staticPath + "/summaries.js")
 
         staticSummaries.forEach(rs => {
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index e2b0ec64d..20632e37f 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -94,7 +94,7 @@ const LoggedInApp = (props: { onLogout: () => void }) => {
 
         console.log("starting listenResults")
         let cancel: Promise<() => void>
-        cancel = api.listenUpdates(undefined, undefined, msg => {
+        cancel = api.listenEvents(undefined, undefined, msg => {
             switch (msg.type) {
                 case "update_command_result_summary":
                     updateCommandResultSummary(msg.summary)

From b714c0bd381141030161b199a3344ea83d0c9536 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Aug 2023 09:05:04 +0200
Subject: [PATCH 1383/2268] chore(deps): Bump golang.org/x/term from 0.10.0 to
 0.11.0 (#701)

Bumps [golang.org/x/term](https://github.com/golang/term) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/term/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 3e2247e69..1d9547b3f 100644
--- a/go.mod
+++ b/go.mod
@@ -37,8 +37,8 @@ require (
 	golang.org/x/crypto v0.11.0
 	golang.org/x/net v0.13.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.10.0
-	golang.org/x/term v0.10.0
+	golang.org/x/sys v0.11.0
+	golang.org/x/term v0.11.0
 	golang.org/x/text v0.11.0
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.27.4
diff --git a/go.sum b/go.sum
index 9de617249..2969d6190 100644
--- a/go.sum
+++ b/go.sum
@@ -1148,8 +1148,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1157,8 +1157,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
-golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 8938e5f707132e7b758af058e385597b645ebee5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Aug 2023 09:09:20 +0200
Subject: [PATCH 1384/2268] chore(deps): Bump golang.org/x/crypto from 0.11.0
 to 0.12.0 (#702)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 1d9547b3f..9298193e2 100644
--- a/go.mod
+++ b/go.mod
@@ -34,12 +34,12 @@ require (
 	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.11.0
+	golang.org/x/crypto v0.12.0
 	golang.org/x/net v0.13.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.11.0
 	golang.org/x/term v0.11.0
-	golang.org/x/text v0.11.0
+	golang.org/x/text v0.12.0
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.27.4
 	k8s.io/apiextensions-apiserver v0.27.2
diff --git a/go.sum b/go.sum
index 2969d6190..78d7e2ecb 100644
--- a/go.sum
+++ b/go.sum
@@ -956,8 +956,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1173,8 +1173,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 9c01ed0fbfbd20d59d1a90831d968b2373fa8c74 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Aug 2023 09:09:34 +0200
Subject: [PATCH 1385/2268] chore(deps): Bump golang.org/x/text from 0.11.0 to
 0.12.0 (#703)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

From 4cf8efb834b8dbc8fcac66a48dc1859b4f10c995 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 13:30:13 +0200
Subject: [PATCH 1386/2268] feat: Implement regex based image matching

---
 cmd/kluctl/args/images.go         |  2 +-
 cmd/kluctl/commands/completion.go |  2 +-
 pkg/deployment/images.go          | 40 ++++++++++++++++++++++++-------
 pkg/types/target_config.go        | 18 +++++++++++++-
 4 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 6c19f0f8d..18377a117 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -43,7 +43,7 @@ func buildFixedImageEntryFromArg(arg string) (*types.FixedImage, error) {
 
 	s = strings.Split(image, ":")
 	e := types.FixedImage{
-		Image:       s[0],
+		Image:       &s[0],
 		ResultImage: result,
 	}
 
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 653b032f7..a020dbde8 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -183,7 +183,7 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 						mutex.Lock()
 						defer mutex.Unlock()
 						for _, si := range cmdCtx.images.SeenImages(false) {
-							str := si.Image
+							str := *si.Image
 							if si.Namespace != nil {
 								str += ":" + *si.Namespace
 							}
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 5eb899b59..a38c282e1 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"regexp"
 	"sort"
 	"strings"
 	"sync"
@@ -61,7 +62,15 @@ func (images *Images) SeenImages(simple bool) []types.FixedImage {
 		}
 	}
 	sort.Slice(ret, func(i, j int) bool {
-		return ret[i].Image < ret[j].Image
+		ii := ret[i].Image
+		ij := ret[j].Image
+		if ii == nil {
+			ii = ret[i].ImageRegex
+		}
+		if ij == nil {
+			ij = ret[j].ImageRegex
+		}
+		return *ii < *ij
 	})
 	return ret
 }
@@ -84,12 +93,21 @@ func (images *Images) parseFixedImagesFromVars(vars *uo.UnstructuredObject) ([]t
 }
 
 func (images *Images) getFixedImage(image string, namespace string, deployment string, container string, vars *uo.UnstructuredObject) (*string, error) {
-	cmpList := func(fis []types.FixedImage) *string {
+	cmpList := func(fis []types.FixedImage) (*string, error) {
 		for i := len(fis) - 1; i >= 0; i-- {
 			fi := fis[i]
-			if fi.Image != image {
+			if fi.Image != nil && image != *fi.Image {
 				continue
 			}
+			if fi.ImageRegex != nil {
+				r, err := regexp.Compile(*fi.ImageRegex)
+				if err != nil {
+					return nil, err
+				}
+				if !r.MatchString(image) {
+					continue
+				}
+			}
 			if fi.Namespace != nil && namespace != *fi.Namespace {
 				continue
 			}
@@ -100,9 +118,9 @@ func (images *Images) getFixedImage(image string, namespace string, deployment s
 				continue
 			}
 
-			return &fi.ResultImage
+			return &fi.ResultImage, nil
 		}
-		return nil
+		return nil, nil
 	}
 
 	fisFromVars, err := images.parseFixedImagesFromVars(vars)
@@ -110,11 +128,17 @@ func (images *Images) getFixedImage(image string, namespace string, deployment s
 		return nil, err
 	}
 
-	fi := cmpList(images.fixedImages)
+	fi, err := cmpList(images.fixedImages)
+	if err != nil {
+		return nil, err
+	}
 	if fi != nil {
 		return fi, nil
 	}
-	fi = cmpList(fisFromVars)
+	fi, err = cmpList(fisFromVars)
+	if err != nil {
+		return nil, err
+	}
 	if fi != nil {
 		return fi, nil
 	}
@@ -272,7 +296,7 @@ func (images *Images) resolveImage(ctx context.Context, ph placeHolder, ref k8s2
 	}
 
 	si := types.FixedImage{
-		Image:         ph.Image,
+		Image:         &ph.Image,
 		DeployedImage: deployed,
 		Namespace:     &ref.Namespace,
 		Object:        &ref,
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index 262bf793a..43ca4a809 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -1,11 +1,14 @@
 package types
 
 import (
+	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type FixedImage struct {
-	Image         string         `json:"image" validate:"required"`
+	Image         *string        `json:"image,omitempty"`
+	ImageRegex    *string        `json:"imageRegex,omitempty"`
 	ResultImage   string         `json:"resultImage" validate:"required"`
 	DeployedImage *string        `json:"deployedImage,omitempty"`
 	Namespace     *string        `json:"namespace,omitempty"`
@@ -19,3 +22,16 @@ type FixedImage struct {
 type FixedImagesConfig struct {
 	Images []FixedImage `json:"images,omitempty"`
 }
+
+func ValidateFixedImage(sl validator.StructLevel) {
+	s := sl.Current().Interface().(FixedImage)
+	if s.Image == nil && s.ImageRegex == nil {
+		sl.ReportError(s, "image", "image", "one of image or imageRegex must be set", "")
+	} else if s.Image != nil && s.ImageRegex != nil {
+		sl.ReportError(s, "image", "image", "only one of image or imageRegex can be set", "")
+	}
+}
+
+func init() {
+	yaml.Validator.RegisterStructValidation(ValidateFixedImage, FixedImage{})
+}

From 94ec73b5ed46e9d1f020d87a7d234f97cfe4f836 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 13:30:21 +0200
Subject: [PATCH 1387/2268] tests: Add images_test.go

---
 e2e/images_test.go | 239 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 239 insertions(+)
 create mode 100644 e2e/images_test.go

diff --git a/e2e/images_test.go b/e2e/images_test.go
new file mode 100644
index 000000000..163de07a7
--- /dev/null
+++ b/e2e/images_test.go
@@ -0,0 +1,239 @@
+package e2e
+
+import (
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"testing"
+)
+
+func addGetImageDeployment(p *test_utils.TestProject, name string, containerName string, gi string) {
+	y := fmt.Sprintf(`
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: %s
+  namespace: %s
+  labels:
+    app: %s
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: %s
+  template:
+    metadata:
+      labels:
+        app: %s
+    spec:
+      containers:
+      - name: %s
+        image: '%s'
+`, name, p.TestSlug(), name, name, name, containerName, gi)
+
+	p.AddKustomizeDeployment(name, []test_utils.KustomizeResource{
+		{Name: name, Content: uo.FromStringMust(y)},
+	}, nil)
+}
+
+func assertImage(t *testing.T, k *test_utils.EnvTestCluster, p *test_utils.TestProject, deploymentName string, containerName string, expectedImage string) {
+	d := assertObjectExists(t, k, schema.GroupVersionResource{
+		Group:    "apps",
+		Version:  "v1",
+		Resource: "deployments",
+	}, p.TestSlug(), deploymentName)
+
+	l, _, _ := d.GetNestedObjectList("spec", "template", "spec", "containers")
+	for _, x := range l {
+		n, _, _ := x.GetNestedString("name")
+		if n != containerName {
+			continue
+		}
+		image, _, _ := x.GetNestedString("image")
+		assert.Equal(t, expectedImage, image)
+		return
+	}
+
+	assert.Fail(t, fmt.Sprintf("container %s not found", containerName))
+}
+
+func TestGetImageNotFound(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+
+	_, stderr, err := p.Kluctl("deploy", "-y", "-t", "test")
+	assert.Error(t, err)
+	assert.Contains(t, stderr, "failed to find fixed image for i1")
+}
+
+func TestGetImageArg(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
+	assertImage(t, k, p, "d1", "c1", "i1:arg")
+}
+
+func setImagesVars(p *test_utils.TestProject, fis []types.FixedImage) {
+	vars := []types.VarsSource{
+		{
+			Values: uo.FromMap(map[string]interface{}{
+				"images": fis,
+			}),
+		},
+	}
+
+	p.UpdateDeploymentYaml(".", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(vars, "vars")
+		return nil
+	})
+}
+
+func TestGetImageVars(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	setImagesVars(p, []types.FixedImage{
+		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars"},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test")
+	assertImage(t, k, p, "d1", "c1", "i1:vars")
+}
+
+func TestGetImageMixed(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	setImagesVars(p, []types.FixedImage{
+		{Image: utils.StrPtr("i2"), ResultImage: "i2:vars"},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i2") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
+	assertImage(t, k, p, "d1", "c1", "i1:arg")
+	assertImage(t, k, p, "d2", "c2", "i2:vars")
+}
+
+func TestGetImageByDeployment(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	setImagesVars(p, []types.FixedImage{
+		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Deployment: utils.StrPtr("Deployment/d1")},
+		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars2", Deployment: utils.StrPtr("Deployment/d2")},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i1") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test")
+	assertImage(t, k, p, "d1", "c1", "i1:vars1")
+	assertImage(t, k, p, "d2", "c2", "i1:vars2")
+}
+
+func TestGetImageByContainer(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	setImagesVars(p, []types.FixedImage{
+		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Container: utils.StrPtr("c1")},
+		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars2", Container: utils.StrPtr("c2")},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i1") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test")
+	assertImage(t, k, p, "d1", "c1", "i1:vars1")
+	assertImage(t, k, p, "d2", "c2", "i1:vars2")
+}
+
+func TestGetImageRegex(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	setImagesVars(p, []types.FixedImage{
+		{ImageRegex: utils.StrPtr("i.*"), ResultImage: "i1:x"},
+		{ImageRegex: utils.StrPtr("j.*"), ResultImage: "i1:y"},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
+	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i2") }}`)
+	addGetImageDeployment(p, "d3", "c1", `{{ images.get_image("j1") }}`)
+	addGetImageDeployment(p, "d4", "c2", `{{ images.get_image("j2") }}`)
+
+	p.KluctlMust("deploy", "-y", "-t", "test")
+	assertImage(t, k, p, "d1", "c1", "i1:x")
+	assertImage(t, k, p, "d2", "c2", "i1:x")
+	assertImage(t, k, p, "d3", "c1", "i1:y")
+	assertImage(t, k, p, "d4", "c2", "i1:y")
+}

From 5811103190278ae692b82e88098da7a1d05a99d9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 13:33:10 +0200
Subject: [PATCH 1388/2268] docs: Update docs with imagesRegex

---
 docs/reference/deployments/images.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/reference/deployments/images.md b/docs/reference/deployments/images.md
index 0328b5403..bb8d58fa0 100644
--- a/docs/reference/deployments/images.md
+++ b/docs/reference/deployments/images.md
@@ -89,9 +89,21 @@ images:
     container: <name>
 ```
 
-`image` and `resultImage` are required. All the other fields are optional and allow to specify in detail for which
+`image` (or `imageRegex`) and `resultImage` are required. All the other fields are optional and allow to specify in detail for which
 object the fixed is specified.
 
+You can also specify a regex for the image name:
+
+```yaml
+images:
+  - imageRegex: registry\.gitlab\.com/my-group/.*
+    resultImage: <result_image>
+    # optional fields
+    namespace: <namespace>
+    deployment: <kind>/<name>
+    container: <name>
+```
+
 ## Target definition
 
 The [target](../kluctl-project/targets/README.md#targets) definition can optionally specify an `images` field that can

From 0490621e0214ac71ea623bcfa0e85a41a4fbbd4d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 13:33:51 +0200
Subject: [PATCH 1389/2268] chore: Run all generate commands

---
 .../crd/bases/gitops.kluctl.io_kluctldeployments.yaml  |  3 ++-
 install/controller/controller/crd.yaml                 |  3 ++-
 pkg/types/zz_generated.deepcopy.go                     | 10 ++++++++++
 pkg/webui/ui/src/models.ts                             |  4 +++-
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 7f983a33a..c7de9380f 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -191,6 +191,8 @@ spec:
                       type: string
                     image:
                       type: string
+                    imageRegex:
+                      type: string
                     namespace:
                       type: string
                     object:
@@ -212,7 +214,6 @@ spec:
                     resultImage:
                       type: string
                   required:
-                  - image
                   - resultImage
                   type: object
                 type: array
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 1a9adf3de..a3504e657 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -191,6 +191,8 @@ spec:
                       type: string
                     image:
                       type: string
+                    imageRegex:
+                      type: string
                     namespace:
                       type: string
                     object:
@@ -212,7 +214,6 @@ spec:
                     resultImage:
                       type: string
                   required:
-                  - image
                   - resultImage
                   type: object
                 type: array
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 47523ab20..333da6c3d 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -249,6 +249,16 @@ func (in *ExternalProject) DeepCopy() *ExternalProject {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FixedImage) DeepCopyInto(out *FixedImage) {
 	*out = *in
+	if in.Image != nil {
+		in, out := &in.Image, &out.Image
+		*out = new(string)
+		**out = **in
+	}
+	if in.ImageRegex != nil {
+		in, out := &in.ImageRegex, &out.ImageRegex
+		*out = new(string)
+		**out = **in
+	}
 	if in.DeployedImage != nil {
 		in, out := &in.DeployedImage, &out.DeployedImage
 		*out = new(string)
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 4fdd499c0..c27e251b6 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -501,7 +501,8 @@ export class ObjectRef {
     }
 }
 export class FixedImage {
-    image: string;
+    image?: string;
+    imageRegex?: string;
     resultImage: string;
     deployedImage?: string;
     namespace?: string;
@@ -514,6 +515,7 @@ export class FixedImage {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.image = source["image"];
+        this.imageRegex = source["imageRegex"];
         this.resultImage = source["resultImage"];
         this.deployedImage = source["deployedImage"];
         this.namespace = source["namespace"];

From e09d9992d75639b880705c11e751439759f30757 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 07:57:36 +0200
Subject: [PATCH 1390/2268] chore(deps): Bump github.com/aws/aws-sdk-go-v2 from
 1.20.0 to 1.20.1 (#712)

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.20.0 to 1.20.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.0...v1.20.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 9298193e2..b3990d7d9 100644
--- a/go.mod
+++ b/go.mod
@@ -54,12 +54,12 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
-	github.com/aws/aws-sdk-go-v2 v1.20.0
+	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.32
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.31
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.1
-	github.com/aws/smithy-go v1.14.0
+	github.com/aws/smithy-go v1.14.1
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-contrib/sessions v0.0.5
diff --git a/go.sum b/go.sum
index 78d7e2ecb..a7efd153e 100644
--- a/go.sum
+++ b/go.sum
@@ -116,8 +116,9 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.20.0 h1:INUDpYLt4oiPOJl0XwZDK2OVAVf0Rzo+MGVTv9f+gy8=
 github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4=
+github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
+github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
 github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI=
 github.com/aws/aws-sdk-go-v2/config v1.18.32/go.mod h1:U3ZF0fQRRA4gnbn9GGvOWLoT2EzzZfAWeKwnVrm1rDc=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.31 h1:vJyON3lG7R8VOErpJJBclBADiWTwzcwdkQpTKx8D2sk=
@@ -145,8 +146,9 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1/go.mod h1:XO/VcyoQ8nKyKfFW/
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 h1:pAOJj+80tC8sPVgSDHzMYD6KLWsaLQ1kZw31PTeORbs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.14.0 h1:+X90sB94fizKjDmwb4vyl2cTTPXTE5E2G/1mjByb0io=
 github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
+github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 3b14719dac5fdeb576684acdd5151fa0548a46ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 07:58:05 +0200
Subject: [PATCH 1391/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.15.0 to 0.15.1 (#713)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.0...v0.15.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b3990d7d9..479775654 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	golang.org/x/oauth2 v0.10.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.15.0
+	sigs.k8s.io/controller-runtime v0.15.1
 	sigs.k8s.io/kustomize/api v0.13.4
 	sigs.k8s.io/yaml v1.3.0
 )
diff --git a/go.sum b/go.sum
index a7efd153e..7d6b06dfa 100644
--- a/go.sum
+++ b/go.sum
@@ -1442,8 +1442,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
-sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
+sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUTb/+4c=
+sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI=

From 1c7223a2c69f9665b2319c5b0427a0ed33665697 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 08:10:08 +0200
Subject: [PATCH 1392/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/credentials (#711)

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.31 to 1.13.32.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.13.31...credentials/v1.13.32)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 16 ++++++++--------
 go.sum | 24 ++++++++++++++++--------
 2 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index 479775654..e95910752 100644
--- a/go.mod
+++ b/go.mod
@@ -56,9 +56,9 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.32
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.31
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
 	github.com/aws/smithy-go v1.14.1
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -105,14 +105,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index 7d6b06dfa..037027127 100644
--- a/go.sum
+++ b/go.sum
@@ -121,30 +121,38 @@ github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOF
 github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
 github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI=
 github.com/aws/aws-sdk-go-v2/config v1.18.32/go.mod h1:U3ZF0fQRRA4gnbn9GGvOWLoT2EzzZfAWeKwnVrm1rDc=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.31 h1:vJyON3lG7R8VOErpJJBclBADiWTwzcwdkQpTKx8D2sk=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.31/go.mod h1:T4sESjBtY2lNxLgkIASmeP57b5j7hTQqCbqG0tWnxC4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7 h1:X3H6+SU21x+76LRglk21dFRgMTJMa5QcpW+SqUf5BBg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7/go.mod h1:3we0V09SwcJBzNlnyovrR2wWJhWmVdqAsmVs4uronv8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 h1:zr/gxAZkMcvP71ZhQOcvdm8ReLjFgIXnIn0fw5AM7mo=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37/go.mod h1:Pdn4j43v49Kk6+82spO3Tu5gSeQXRsxo56ePPQAvFiA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 h1:0HCMIkAkVY9KMgueD8tf4bRTUanzEYvhw7KkPXIMpO0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 h1:+i1DOFrW3YZ3apE45tCal9+aDKK6kNEbW6Ib7e1nFxE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38/go.mod h1:1/jLp0OgOaWIetycOmycW+vYTYgTZFPttJQRgsI1PoU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 h1:auGDJ0aLZahF5SPvkJ6WcUuX7iQ7kyl2MamV7Tm8QBk=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31/go.mod h1:3+lloe3sZuBQw1aBc5MyndvodzQlyqCZ7x1QPDHaWP4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 h1:DSNpSbfEgFXRV+IfEcKE5kTbqxm+MeF5WgyeRlsLnHY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.1/go.mod h1:TC9BubuFMVScIU+TLKamO6VZiYTkYoEHqlSQwAe2omw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 h1:hd0SKLMdOL/Sl6Z0np1PX9LeH2gqNtBe0MhTedA8MGI=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1/go.mod h1:XO/VcyoQ8nKyKfFW/3DMsRQXsfh/052tHTWmg3xBXRg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.1 h1:pAOJj+80tC8sPVgSDHzMYD6KLWsaLQ1kZw31PTeORbs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=

From 8dfc3ac271ce615c508dc37a2b767167918f19c2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Aug 2023 08:12:57 +0200
Subject: [PATCH 1393/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#710)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.32 to 1.18.33.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.32...config/v1.18.33)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 ++--
 go.sum | 14 ++++----------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index e95910752..4f71c0aee 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.20.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.32
+	github.com/aws/aws-sdk-go-v2/config v1.18.33
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
@@ -108,7 +108,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
diff --git a/go.sum b/go.sum
index 037027127..4254c09f6 100644
--- a/go.sum
+++ b/go.sum
@@ -119,12 +119,10 @@ github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4
 github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4=
 github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
 github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
-github.com/aws/aws-sdk-go-v2/config v1.18.32 h1:tqEOvkbTxwEV7hToRcJ1xZRjcATqwDVsWbAscgRKyNI=
-github.com/aws/aws-sdk-go-v2/config v1.18.32/go.mod h1:U3ZF0fQRRA4gnbn9GGvOWLoT2EzzZfAWeKwnVrm1rDc=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.31/go.mod h1:T4sESjBtY2lNxLgkIASmeP57b5j7hTQqCbqG0tWnxC4=
+github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
+github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.7/go.mod h1:3we0V09SwcJBzNlnyovrR2wWJhWmVdqAsmVs4uronv8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
@@ -135,22 +133,18 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLB
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38 h1:+i1DOFrW3YZ3apE45tCal9+aDKK6kNEbW6Ib7e1nFxE=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.38/go.mod h1:1/jLp0OgOaWIetycOmycW+vYTYgTZFPttJQRgsI1PoU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31/go.mod h1:3+lloe3sZuBQw1aBc5MyndvodzQlyqCZ7x1QPDHaWP4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.1/go.mod h1:TC9BubuFMVScIU+TLKamO6VZiYTkYoEHqlSQwAe2omw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1/go.mod h1:XO/VcyoQ8nKyKfFW/3DMsRQXsfh/052tHTWmg3xBXRg=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.1/go.mod h1:G8SbvL0rFk4WOJroU8tKBczhsbhj2p/YY7qeJezJ3CI=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From df75d2c3515b1912a1dcd9cef5078ad153030f3a Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Wed, 9 Aug 2023 11:29:14 +0200
Subject: [PATCH 1394/2268] chore(webui): use kustomize patches for install

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 install/webui/webui/deployment.yaml    | 14 ++-------
 install/webui/webui/kustomization.yaml | 41 ++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 12 deletions(-)
 create mode 100644 install/webui/webui/kustomization.yaml

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 317f037c5..877f43825 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -1,7 +1,3 @@
-{% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.20.8") %}
-{% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -29,14 +25,12 @@ spec:
     spec:
       containers:
       - name: webui
-        image: {{ kluctl_image }}:{{ kluctl_version }}
-        imagePullPolicy: {{ pull_policy }}
+        image: ghcr.io/kluctl/kluctl:latest
+        imagePullPolicy: IfNotPresent
         command:
           - kluctl
           - webui
           - --in-cluster
-        args: {{ get_var(["args.webui_args", "webui_args"], []) | to_json }}
-        env: {{ get_var(["args.webui_envs", "webui_envs"], []) | to_json }}
         ports:
           - containerPort: 8080
             name: http
@@ -52,9 +46,6 @@ spec:
             port: 8080
           initialDelaySeconds: 5
           periodSeconds: 10
-        {% if get_var(["args.webui_resources", "webui_resources"], {}) %}
-        resources: {{ get_var(["args.webui_resources", "webui_resources"], {}) | to_json }}
-        {% else %}
         resources:
           limits:
             cpu: 2000m
@@ -62,7 +53,6 @@ spec:
           requests:
             cpu: 500m
             memory: 512Mi
-        {% endif %}
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
new file mode 100644
index 000000000..8d4d6b3f0
--- /dev/null
+++ b/install/webui/webui/kustomization.yaml
@@ -0,0 +1,41 @@
+{% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.20.8") %}
+{% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
+
+resources:
+- admin-rbac.yaml
+- webui-rbac.yaml
+- viewer-rbac.yaml
+- deployment.yaml
+- service.yaml
+
+patches:
+  - target:
+      kind: Deployment
+      name: kluctl-webui
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/image
+        value: {{ kluctl_image }}:{{ kluctl_version }}
+  - target:
+      kind: Deployment
+      name: kluctl-webui
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/imagePullPolicy
+        value: {{ pull_policy }}
+{% for a in get_var("args.webui_args", []) %}
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: "{{ a }}"
+{% endfor %}
+{% for a in get_var("args.webui_envs", []) %}
+      - op: add
+        path: /spec/template/spec/containers/0/env/-
+        value: {{ a | to_json }}
+{% endfor %}
+{% if get_var("args.webui_resources", none) %}
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value: {{ get_var("args.webui_resources", none) | to_json }}
+{% endif %}

From a2db8534530fd0cebf368e4fa62cbe7c915c9dc2 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Wed, 9 Aug 2023 11:30:40 +0200
Subject: [PATCH 1395/2268] chore(webui): support nodeSelector, tolerations and
 priorityClassName for install

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 install/webui/.kluctl.yaml             |  6 ++++++
 install/webui/webui/kustomization.yaml | 15 +++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 9e73fc232..fc24ef9e4 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -11,3 +11,9 @@ args:
     default: []
   - name: webui_resources
     default: {}
+  - name: webui_node_selectors
+    default: {}
+  - name: webui_tolerations
+    default: []
+  - name: webui_priority_class
+    default: {}
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 8d4d6b3f0..6b40df304 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -39,3 +39,18 @@ patches:
         path: /spec/template/spec/containers/0/resources
         value: {{ get_var("args.webui_resources", none) | to_json }}
 {% endif %}
+{% if get_var("args.webui_node_selectors", none) %}
+      - op: add
+        path: /spec/template/spec/nodeSelector
+        value: {{ get_var("args.webui_node_selectors", none) | to_json }}
+{% endif %}
+{% if get_var("args.webui_tolerations", none) %}
+      - op: add
+        path: /spec/template/spec/tolerations
+        value: {{ get_var("args.webui_tolerations", none) | to_json }}
+{% endif %}
+{% if get_var("args.webui_priority_class_name", none) %}
+      - op: add
+        path: /spec/template/spec/priorityClassName
+        value: {{ get_var("args.webui_priority_class_name", none) | to_json }}
+{% endif %}

From bbcbd96ef4231d70459e0558060121a748544740 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Wed, 9 Aug 2023 11:31:11 +0200
Subject: [PATCH 1396/2268] chore(controller): support nodeSelector,
 tolerations and priorityClassName for install

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 install/controller/.kluctl.yaml                  |  6 ++++++
 install/controller/controller/kustomization.yaml | 15 +++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index d145f9587..503bcf788 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -11,3 +11,9 @@ args:
     default: []
   - name: controller_resources
     default: {}
+  - name: controller_node_selectors
+    default: {}
+  - name: controller_tolerations
+    default: []
+  - name: controller_priority_class
+    default: {}
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 76e1a2797..a57b051e9 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -38,3 +38,18 @@ patches:
         path: /spec/template/spec/containers/0/resources
         value: {{ get_var("args.controller_resources", none) | to_json }}
 {% endif %}
+{% if get_var("args.controller_node_selectors", none) %}
+      - op: add
+        path: /spec/template/spec/nodeSelector
+        value: {{ get_var("args.controller_node_selectors", none) | to_json }}
+{% endif %}
+{% if get_var("args.controller_tolerations", none) %}
+      - op: add
+        path: /spec/template/spec/tolerations
+        value: {{ get_var("args.controller_tolerations", none) | to_json }}
+{% endif %}
+{% if get_var("args.controller_priority_class_name", none) %}
+      - op: add
+        path: /spec/template/spec/priorityClassName
+        value: {{ get_var("args.controller_priority_class_name", none) | to_json }}
+{% endif %}

From e01f1961c4b5e5be5de9f103ea05446b78dc672a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 11:42:31 +0200
Subject: [PATCH 1397/2268] chore(deps): Bump golang.org/x/net from 0.13.0 to
 0.14.0 (#717)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4f71c0aee..4d7da8871 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.12.0
-	golang.org/x/net v0.13.0
+	golang.org/x/net v0.14.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.11.0
 	golang.org/x/term v0.11.0
diff --git a/go.sum b/go.sum
index 4254c09f6..3c225ffd4 100644
--- a/go.sum
+++ b/go.sum
@@ -1049,8 +1049,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
-golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 5e789ceb2013df747a33279899cba367bc34cf98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 11:42:40 +0200
Subject: [PATCH 1398/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#716)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/efs/v1.20.2/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.1...service/efs/v1.20.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 4d7da8871..7c506fd0c 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
 	github.com/aws/smithy-go v1.14.1
 	github.com/coreos/go-oidc/v3 v3.6.0
diff --git a/go.sum b/go.sum
index 3c225ffd4..984db3125 100644
--- a/go.sum
+++ b/go.sum
@@ -116,7 +116,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.20.0/go.mod h1:uWOr0m0jDsiWw8nnXiqZ+YG6LdvAlGYDLLf2NmHZoy4=
 github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
 github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
 github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
@@ -126,11 +125,9 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37/go.mod h1:Pdn4j43v49Kk6+82spO3Tu5gSeQXRsxo56ePPQAvFiA=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31/go.mod h1:fTJDMe8LOFYtqiFFFeHA+SVMAwqLhoq0kcInYoLa9Js=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
@@ -139,8 +136,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEY
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1 h1:AD8gRAXAXDU9+XTm0Q3D+NBsMCX4TlpN/qnNYbbQLO4=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.1/go.mod h1:aFRHxQ3V4bs/uVQYpg8Wm6szKWuB2KnraKcIGp5JS/I=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2 h1:vlkGQk8JiUo1KmZF4wsZP3qclbyQHSUvLMf8aPOS79g=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2/go.mod h1:Z6Oq1mXqvgwmUxvMrV/jMkQhwm06A9XO015dzGnS8TM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
@@ -148,7 +145,6 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOT
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.14.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
 github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=

From d72d6e6e8eaa26f820c319dfea89e676fe91fe14 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Aug 2023 11:42:55 +0200
Subject: [PATCH 1399/2268] chore(deps): Bump golang.org/x/oauth2 from 0.10.0
 to 0.11.0 (#714)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7c506fd0c..d5078f599 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
-	golang.org/x/oauth2 v0.10.0
+	golang.org/x/oauth2 v0.11.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.15.1
diff --git a/go.sum b/go.sum
index 984db3125..1f23a0ba2 100644
--- a/go.sum
+++ b/go.sum
@@ -1059,8 +1059,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
-golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
+golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
+golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From cab4cee5b3b04cd7bfceb6c018d8a0e89b518587 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aljoscha=20P=C3=B6rtner?= <aljoscha.poertner@posteo.de>
Date: Wed, 9 Aug 2023 14:08:56 +0200
Subject: [PATCH 1400/2268] chore(webui): add empty env to install deployment
 (#719)

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 install/webui/webui/deployment.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 877f43825..300434384 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -31,6 +31,7 @@ spec:
           - kluctl
           - webui
           - --in-cluster
+        env: []
         ports:
           - containerPort: 8080
             name: http

From d8783bd5c8241534baa5b313c09002081c580c1f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 23:27:56 +0200
Subject: [PATCH 1401/2268] fix: Set args to [] for webui deployment (#720)

---
 install/webui/webui/deployment.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 300434384..8e7648890 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -31,6 +31,7 @@ spec:
           - kluctl
           - webui
           - --in-cluster
+        args: []
         env: []
         ports:
           - containerPort: 8080

From 4fb38950841d2e6acc5e593da2a27f07dcb59cee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Aug 2023 08:11:22 +0200
Subject: [PATCH 1402/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.19.1 to 1.19.2 (#721)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.19.1 to 1.19.2.
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.19.1...v1.19.2)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d5078f599..59900e4d8 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.19.1
+	github.com/ohler55/ojg v1.19.2
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 1f23a0ba2..f2e679e07 100644
--- a/go.sum
+++ b/go.sum
@@ -699,8 +699,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.19.1 h1:ruSyx+OGrE2HvJgUvtDWiqHJFfMs6e7IM0yZhcrs3NU=
-github.com/ohler55/ojg v1.19.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.19.2 h1:XvMP9oF6jo3T4eUyCsDwi3YFv0bGyQ4PvYBSMF9LiBM=
+github.com/ohler55/ojg v1.19.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=

From 442c8b0deec4ca8ff6dbde4a5cc46e639b781c25 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 15:05:34 +0200
Subject: [PATCH 1403/2268] refactor: Use single Message function in
 StatusHandler interface

---
 cmd/kluctl/commands/root.go                   |  2 +-
 e2e/test-utils/kluctl_execute.go              |  2 +-
 .../kluctldeployment_controller.go            |  2 +-
 pkg/helm/chart.go                             |  2 +-
 pkg/status/noop.go                            | 16 +------
 pkg/status/simple_status_handler.go           | 34 ++++-----------
 pkg/status/status.go                          | 35 ++++++++-------
 pkg/status/status_handler.go                  | 43 +++++++++----------
 8 files changed, 51 insertions(+), 85 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index bc67d32ef..0436c1b46 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -95,7 +95,7 @@ func initStatusHandler(ctx context.Context, debug bool, noColor bool) context.Co
 	if !debug && isatty.IsTerminal(origStderr.Fd()) {
 		sh = status.NewMultiLineStatusHandler(ctx, origStderr, isTerminal, !noColor, false)
 	} else {
-		sh = status.NewSimpleStatusHandler(func(message string) {
+		sh = status.NewSimpleStatusHandler(func(level status.Level, message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
 		}, isTerminal, false)
 	}
diff --git a/e2e/test-utils/kluctl_execute.go b/e2e/test-utils/kluctl_execute.go
index a88cc89de..a6daca605 100644
--- a/e2e/test-utils/kluctl_execute.go
+++ b/e2e/test-utils/kluctl_execute.go
@@ -26,7 +26,7 @@ func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, s
 
 	ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
 	ctx = commands.WithStdStreams(ctx, stdout, stderrBuf)
-	sh := status.NewSimpleStatusHandler(func(message string) {
+	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		m.Lock()
 		defer m.Unlock()
 		t.Log(message)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index a3f3783a9..8ea0b8aa9 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -64,7 +64,7 @@ type KluctlDeploymentReconcilerOpts struct {
 func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	reconcileStart := time.Now()
 
-	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(message string) {
+	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		log.Info(message)
 	}, false, false))
 
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 6ef7a4a64..6710da2dd 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -216,7 +216,7 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		out, err = a.Run(c.chartName)
 	}
 	if out != "" {
-		status.PlainText(ctx, out)
+		status.Infof(ctx, "Message from Helm:\n%s", out)
 	}
 	if err != nil {
 		return nil, err
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index b33511b8b..3061a384f 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -29,22 +29,10 @@ func (n NoopStatusHandler) StartStatus(total int, message string) StatusLine {
 	return &NoopStatusLine{}
 }
 
-func (n NoopStatusHandler) Info(message string) {
+func (n NoopStatusHandler) Message(level Level, message string) {
 }
 
-func (n NoopStatusHandler) Warning(message string) {
-}
-
-func (n NoopStatusHandler) Error(message string) {
-}
-
-func (n NoopStatusHandler) Trace(message string) {
-}
-
-func (n NoopStatusHandler) PlainText(text string) {
-}
-
-func (n NoopStatusHandler) InfoFallback(message string) {
+func (n NoopStatusHandler) MessageFallback(level Level, message string) {
 }
 
 func (n NoopStatusHandler) Prompt(password bool, message string) (string, error) {
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 1a330c36b..4460a5ab3 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -8,7 +8,7 @@ import (
 )
 
 type simpleStatusHandler struct {
-	cb         func(message string)
+	cb         func(level Level, message string)
 	isTerminal bool
 	trace      bool
 }
@@ -16,7 +16,7 @@ type simpleStatusHandler struct {
 type simpleStatusLine struct {
 }
 
-func NewSimpleStatusHandler(cb func(message string), isTerminal bool, trace bool) StatusHandler {
+func NewSimpleStatusHandler(cb func(level Level, message string), isTerminal bool, trace bool) StatusHandler {
 	return &simpleStatusHandler{
 		cb:         cb,
 		isTerminal: isTerminal,
@@ -44,39 +44,21 @@ func (s *simpleStatusHandler) Flush() {
 
 func (s *simpleStatusHandler) StartStatus(total int, message string) StatusLine {
 	if message != "" {
-		s.Info(message)
+		s.Message(LevelInfo, message)
 	}
 	return &simpleStatusLine{}
 }
 
-func (s *simpleStatusHandler) Info(message string) {
-	s.cb(message)
+func (s *simpleStatusHandler) Message(level Level, message string) {
+	s.cb(level, message)
 }
 
-func (s *simpleStatusHandler) Warning(message string) {
-	s.InfoFallback(message)
-}
-
-func (s *simpleStatusHandler) Error(message string) {
-	s.InfoFallback(message)
-}
-
-func (s *simpleStatusHandler) Trace(message string) {
-	if s.trace {
-		s.Info(message)
-	}
-}
-
-func (s *simpleStatusHandler) PlainText(text string) {
-	s.Info(text)
-}
-
-func (s *simpleStatusHandler) InfoFallback(message string) {
-	s.Info(message)
+func (s *simpleStatusHandler) MessageFallback(level Level, message string) {
+	s.Message(level, message)
 }
 
 func (s *simpleStatusHandler) Prompt(password bool, message string) (string, error) {
-	s.cb(message)
+	s.cb(LevelPrompt, message)
 
 	if password {
 		bytePassword, err := term.ReadPassword(int(syscall.Stdin))
diff --git a/pkg/status/status.go b/pkg/status/status.go
index 78b28f3ef..b12449f3d 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -21,6 +21,7 @@ type StatusContext struct {
 }
 
 type EndResult int
+type Level int
 
 const (
 	EndSuccess EndResult = iota
@@ -28,6 +29,14 @@ const (
 	EndError
 )
 
+const (
+	LevelTrace = iota
+	LevelInfo
+	LevelWarning
+	LevelError
+	LevelPrompt
+)
+
 type StatusLine interface {
 	SetTotal(total int)
 	Increment()
@@ -45,13 +54,8 @@ type StatusHandler interface {
 	Flush()
 	StartStatus(total int, message string) StatusLine
 
-	Info(message string)
-	Warning(message string)
-	Error(message string)
-	Trace(message string)
-
-	PlainText(text string)
-	InfoFallback(message string)
+	Message(level Level, message string)
+	MessageFallback(level Level, message string)
 
 	Prompt(password bool, message string) (string, error)
 }
@@ -244,14 +248,9 @@ func (s *StatusContext) Warning() {
 	s.finished = true
 }
 
-func PlainText(ctx context.Context, text string) {
-	slh := FromContext(ctx)
-	slh.PlainText(text)
-}
-
 func Info(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Info(status)
+	slh.Message(LevelInfo, status)
 }
 
 func Infof(ctx context.Context, status string, args ...any) {
@@ -260,7 +259,7 @@ func Infof(ctx context.Context, status string, args ...any) {
 
 func InfoFallback(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.InfoFallback(status)
+	slh.MessageFallback(LevelInfo, status)
 }
 
 func InfoFallbackf(ctx context.Context, status string, args ...any) {
@@ -269,7 +268,7 @@ func InfoFallbackf(ctx context.Context, status string, args ...any) {
 
 func Warning(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Warning(status)
+	slh.MessageFallback(LevelWarning, status)
 }
 
 func Warningf(ctx context.Context, status string, args ...any) {
@@ -292,7 +291,7 @@ func WarningOncef(ctx context.Context, key string, status string, args ...any) {
 
 func Trace(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Trace(status)
+	slh.Message(LevelTrace, status)
 }
 
 func Tracef(ctx context.Context, status string, args ...any) {
@@ -306,7 +305,7 @@ func IsTraceEnabled(ctx context.Context) bool {
 
 func Error(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.Error(status)
+	slh.Message(LevelError, status)
 }
 
 func Errorf(ctx context.Context, status string, args ...any) {
@@ -325,7 +324,7 @@ func Promptf(ctx context.Context, password bool, message string, args ...any) (s
 func Deprecation(ctx context.Context, key string, message string) {
 	cv := getContextValue(ctx)
 	cv.deprecationOnce.Do(key, func() {
-		cv.slh.Warning(message)
+		cv.slh.Message(LevelWarning, message)
 	})
 }
 
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index a55075de4..58869531c 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -114,35 +114,32 @@ func (s *MultiLineStatusHandler) printLine(message string, barOverride string, d
 	}
 }
 
-func (s *MultiLineStatusHandler) Info(message string) {
-	o := s.withColor("green", "ⓘ")
+func (s *MultiLineStatusHandler) Message(level Level, message string) {
+	var o string
+	switch level {
+	case LevelTrace:
+		if !s.trace {
+			return
+		}
+		fallthrough
+	case LevelInfo:
+		o = s.withColor("green", "ⓘ")
+	case LevelWarning:
+		o = s.withColor("yellow", "⚠")
+	case LevelError:
+		o = s.withColor("red", "✗")
+	case LevelPrompt:
+		o = s.withColor("red", "?")
+	default:
+		o = s.withColor("yellow", "¿")
+	}
 	s.printLine(message, o, true)
 }
 
-func (s *MultiLineStatusHandler) InfoFallback(message string) {
+func (s *MultiLineStatusHandler) MessageFallback(level Level, message string) {
 	// no fallback needed
 }
 
-func (s *MultiLineStatusHandler) Warning(message string) {
-	o := s.withColor("yellow", "⚠")
-	s.printLine(message, o, true)
-}
-
-func (s *MultiLineStatusHandler) Error(message string) {
-	o := s.withColor("red", "✗")
-	s.printLine(message, o, true)
-}
-
-func (s *MultiLineStatusHandler) Trace(message string) {
-	if s.trace {
-		s.Info(message)
-	}
-}
-
-func (s *MultiLineStatusHandler) PlainText(text string) {
-	s.Info(text)
-}
-
 func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string, error) {
 	o := s.withColor("yellow", "?")
 	sl := s.startStatus(1, message, o)

From 00417f6513ad79358ef3bb2ac5c767771d746a2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 7 Aug 2023 16:47:09 +0200
Subject: [PATCH 1404/2268] refactor: Move out prompts logic into own provider

---
 cmd/kluctl/commands/cmd_delete.go            |  4 +-
 cmd/kluctl/commands/cmd_deploy.go            |  5 +-
 cmd/kluctl/commands/cmd_helm_update.go       |  3 +-
 cmd/kluctl/commands/cmd_poke_images.go       |  4 +-
 cmd/kluctl/commands/root.go                  | 19 +++--
 cmd/kluctl/commands/utils.go                 |  5 +-
 pkg/{status/promts.go => prompts/prompts.go} | 46 ++++-------
 pkg/prompts/provider.go                      | 80 ++++++++++++++++++++
 pkg/status/noop.go                           |  8 +-
 pkg/status/simple_status_handler.go          | 34 ++-------
 pkg/status/status.go                         | 39 ++++------
 pkg/status/status_handler.go                 | 56 +++++---------
 pkg/utils/term/read_line.go                  |  8 +-
 pkg/vars/vars_loader_http.go                 |  4 +-
 14 files changed, 165 insertions(+), 150 deletions(-)
 rename pkg/{status/promts.go => prompts/prompts.go} (69%)
 create mode 100644 pkg/prompts/provider.go

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index d60bcc85e..eac7d6ee3 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
@@ -72,7 +72,7 @@ func confirmDeletion(ctx context.Context, refs []k8s2.ObjectRef, dryRun bool, fo
 			_, _ = getStderr(ctx).WriteString(fmt.Sprintf("  %s\n", ref.String()))
 		}
 		if !forceYes && !dryRun {
-			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
+			if !prompts.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to delete %d objects?", len(refs))) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index fbd88f62c..2949c2368 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
@@ -104,11 +105,11 @@ func (cmd *deployCmd) diffResultCb(ctx *commandCtx, diffResult *result.CommandRe
 		return nil
 	}
 	if len(diffResult.Errors) != 0 {
-		if !status.AskForConfirmation(ctx.ctx, "The diff resulted in errors, do you still want to proceed?") {
+		if !prompts.AskForConfirmation(ctx.ctx, "The diff resulted in errors, do you still want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	} else {
-		if !status.AskForConfirmation(ctx.ctx, "The diff succeeded, do you want to proceed?") {
+		if !prompts.AskForConfirmation(ctx.ctx, "The diff succeeded, do you want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 4e3221127..9122a45ce 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -165,7 +166,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		}
 
 		if cmd.Interactive {
-			if !status.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
+			if !prompts.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
 				relDir, hr.Chart.GetChartName(), latestVersion)) {
 				continue
 			}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 35df34c91..ca4e5c906 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 )
 
 type pokeImagesCmd struct {
@@ -42,7 +42,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		if !cmd.Yes && !cmd.DryRun {
-			if !status.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", cmdCtx.targetCtx.ClusterContext)) {
+			if !prompts.AskForConfirmation(ctx, fmt.Sprintf("Do you really want to poke images to the context/cluster %s?", cmdCtx.targetCtx.ClusterContext)) {
 				return fmt.Errorf("aborted")
 			}
 		}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 0436c1b46..0f467b533 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/google/gops/agent"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	flag "github.com/spf13/pflag"
 	"io"
 	"log"
@@ -88,19 +89,23 @@ var flagGroups = []groupInfo{
 
 var origStderr = os.Stderr
 
-func initStatusHandler(ctx context.Context, debug bool, noColor bool) context.Context {
+func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool) context.Context {
 	// we must determine isTerminal before we override os.Stderr
 	isTerminal := isatty.IsTerminal(origStderr.Fd())
 	var sh status.StatusHandler
-	if !debug && isatty.IsTerminal(origStderr.Fd()) {
-		sh = status.NewMultiLineStatusHandler(ctx, origStderr, isTerminal, !noColor, false)
+	var pp prompts.PromptProvider
+	if !debug && isTerminal {
+		sh = status.NewMultiLineStatusHandler(ctx, origStderr, isTerminal && !noColor, false)
+		pp = &prompts.StatusAndStdinPromptProvider{}
 	} else {
 		sh = status.NewSimpleStatusHandler(func(level status.Level, message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
-		}, isTerminal, false)
+		}, isTerminal, debug)
+		pp = &prompts.SimplePromptProvider{Out: origStderr}
 	}
-	sh.SetTrace(debug)
 	ctx = status.NewContext(ctx, sh)
+	ctx = prompts.NewContext(ctx, pp)
+
 	return ctx
 }
 
@@ -242,7 +247,7 @@ func Main() {
 	colorable.EnableColorsStdout(nil)
 	ctx := context.Background()
 
-	ctx = initStatusHandler(ctx, false, true)
+	ctx = initStatusHandlerAndPrompts(ctx, false, true)
 	redirectLogsAndStderr(func() context.Context {
 		// ctx might be replaced later in preRun() of Execute()
 		return ctx
@@ -267,7 +272,7 @@ func Main() {
 		if oldSh != nil {
 			oldSh.Stop()
 		}
-		ctx = initStatusHandler(ctxIn, flags.Debug, flags.NoColor)
+		ctx = initStatusHandlerAndPrompts(ctxIn, flags.Debug, flags.NoColor)
 		if !flags.NoUpdateCheck {
 			if len(os.Args) < 2 || (os.Args[1] != "completion" && os.Args[1] != "__complete") {
 				checkNewVersion(ctx)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3f3fee111..01126d86f 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -11,6 +11,7 @@ import (
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -78,8 +79,8 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	messageCallbacks := &messages.MessageCallbacks{
 		WarningFn:            func(s string) { status.Warning(ctx, s) },
 		TraceFn:              func(s string) { status.Trace(ctx, s) },
-		AskForPasswordFn:     func(s string) (string, error) { return status.AskForPassword(ctx, s) },
-		AskForConfirmationFn: func(s string) bool { return status.AskForConfirmation(ctx, s) },
+		AskForPasswordFn:     func(s string) (string, error) { return prompts.AskForPassword(ctx, s) },
+		AskForConfirmationFn: func(s string) bool { return prompts.AskForConfirmation(ctx, s) },
 	}
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 
diff --git a/pkg/status/promts.go b/pkg/prompts/prompts.go
similarity index 69%
rename from pkg/status/promts.go
rename to pkg/prompts/prompts.go
index fc0a48bab..c26b19dd7 100644
--- a/pkg/status/promts.go
+++ b/pkg/prompts/prompts.go
@@ -1,36 +1,22 @@
-package status
+package prompts
 
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/mattn/go-isatty"
-	"os"
 	"strings"
 )
 
-func isTerminal(ctx context.Context) bool {
-	sh := FromContext(ctx)
-	if sh != nil {
-		return sh.IsTerminal()
-	} else {
-		return isatty.IsTerminal(os.Stderr.Fd())
-	}
-}
-
 // AskForConfirmation uses Scanln to parse user input. A user must type in "yes" or "no" and
 // then press enter. It has fuzzy matching, so "y", "Y", "yes", "YES", and "Yes" all count as
 // confirmations. If the input is not recognized, it will ask again. The function does not return
 // until it gets a valid response from the user. Typically, you should use fmt to print out a question
 // before calling askForConfirmation. E.g. fmt.Println("WARNING: Are you sure? (yes/no)")
 func AskForConfirmation(ctx context.Context, prompt string) bool {
-	if !isTerminal(ctx) {
-		Warningf(ctx, "Not a terminal, suppressed prompt: %s", prompt)
-		return false
-	}
-
 	response, err := Prompt(ctx, false, prompt+" (y/N) ")
 	if err != nil {
+		status.Warningf(ctx, "Failed prompting for \"%s\". Error: %v", prompt, err)
 		return false
 	}
 	okayResponses := []string{"y", "Y", "yes", "Yes", "YES"}
@@ -40,34 +26,22 @@ func AskForConfirmation(ctx context.Context, prompt string) bool {
 	} else if utils.FindStrInSlice(nokayResponses, response) != -1 || response == "" {
 		return false
 	} else {
-		Warning(ctx, "Please type yes or no and then press enter!")
+		status.Warning(ctx, "Please type yes or no and then press enter!")
 		return AskForConfirmation(ctx, prompt)
 	}
 }
 
 func AskForPassword(ctx context.Context, prompt string) (string, error) {
-	if !isTerminal(ctx) {
-		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		Warning(ctx, err.Error())
-		return "", err
-	}
-
 	password, err := Prompt(ctx, true, fmt.Sprintf("%s: ", prompt))
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("failed prompting for \"%s\". Error: %w", prompt, err)
 	}
 
 	return strings.TrimSpace(password), nil
 }
 
 func AskForCredentials(ctx context.Context, prompt string) (string, string, error) {
-	if !isTerminal(ctx) {
-		err := fmt.Errorf("not a terminal, suppressed credentials prompt: %s", prompt)
-		Warning(ctx, err.Error())
-		return "", "", err
-	}
-
-	Info(ctx, prompt)
+	status.Info(ctx, prompt)
 
 	username, err := Prompt(ctx, false, "Enter Username: ")
 	if err != nil {
@@ -80,3 +54,11 @@ func AskForCredentials(ctx context.Context, prompt string) (string, string, erro
 	}
 	return strings.TrimSpace(username), strings.TrimSpace(password), nil
 }
+
+func Prompt(ctx context.Context, password bool, message string) (string, error) {
+	provider := FromContext(ctx)
+	if provider == nil {
+		return "", fmt.Errorf("no prompt provider specified")
+	}
+	return provider.Prompt(ctx, password, message)
+}
diff --git a/pkg/prompts/provider.go b/pkg/prompts/provider.go
new file mode 100644
index 000000000..87934a34b
--- /dev/null
+++ b/pkg/prompts/provider.go
@@ -0,0 +1,80 @@
+package prompts
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils/term"
+	"os"
+	"strings"
+	"syscall"
+)
+
+type PromptProvider interface {
+	Prompt(ctx context.Context, password bool, message string) (string, error)
+}
+
+type StatusAndStdinPromptProvider struct {
+}
+
+type SimplePromptProvider struct {
+	Out *os.File
+}
+
+func (pp *StatusAndStdinPromptProvider) Prompt(ctx context.Context, password bool, message string) (string, error) {
+	s := status.StartWithOptions(ctx,
+		status.WithLevel(status.LevelPrompt),
+		status.WithTotal(1),
+		status.WithStatus(message),
+	)
+	defer s.Failed()
+
+	doUpdate := func(ret []byte) {
+		if password {
+			s.Update(message + strings.Repeat("*", len(ret)))
+		} else {
+			s.Update(message + string(ret))
+		}
+	}
+
+	ret, err := term.ReadLineNoEcho(int(syscall.Stdin), doUpdate)
+	if err == nil {
+		s.Success()
+	}
+
+	return string(ret), err
+}
+
+func (pp *SimplePromptProvider) Prompt(ctx context.Context, password bool, message string) (string, error) {
+	_, err := fmt.Fprintf(pp.Out, "%s", message)
+	if err != nil {
+		return "", err
+	}
+
+	if password {
+		ret, err := term.ReadLineNoEcho(int(syscall.Stdin), nil)
+		return string(ret), err
+	} else {
+		var ret string
+		_, err := fmt.Scanln(&ret)
+		if err != nil {
+			return "", err
+		}
+		return ret, nil
+	}
+}
+
+type contextKey struct{}
+
+func NewContext(ctx context.Context, provider PromptProvider) context.Context {
+	return context.WithValue(ctx, contextKey{}, provider)
+}
+
+func FromContext(ctx context.Context) PromptProvider {
+	v := ctx.Value(contextKey{})
+	if v == nil {
+		return nil
+	}
+	provider := v.(PromptProvider)
+	return provider
+}
diff --git a/pkg/status/noop.go b/pkg/status/noop.go
index 3061a384f..d23c6be29 100644
--- a/pkg/status/noop.go
+++ b/pkg/status/noop.go
@@ -1,7 +1,5 @@
 package status
 
-import "fmt"
-
 type NoopStatusHandler struct {
 }
 
@@ -25,7 +23,7 @@ func (n NoopStatusHandler) Stop() {
 func (n NoopStatusHandler) Flush() {
 }
 
-func (n NoopStatusHandler) StartStatus(total int, message string) StatusLine {
+func (n NoopStatusHandler) StartStatus(level Level, total int, message string) StatusLine {
 	return &NoopStatusLine{}
 }
 
@@ -35,10 +33,6 @@ func (n NoopStatusHandler) Message(level Level, message string) {
 func (n NoopStatusHandler) MessageFallback(level Level, message string) {
 }
 
-func (n NoopStatusHandler) Prompt(password bool, message string) (string, error) {
-	return "", fmt.Errorf("Prompt not implemented in NoopStatusHandler")
-}
-
 var _ StatusHandler = &NoopStatusHandler{}
 
 func (n NoopStatusLine) SetTotal(total int) {
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 4460a5ab3..7d35f96fb 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -1,12 +1,5 @@
 package status
 
-import (
-	"fmt"
-	"golang.org/x/term"
-	"os"
-	"syscall"
-)
-
 type simpleStatusHandler struct {
 	cb         func(level Level, message string)
 	isTerminal bool
@@ -42,14 +35,17 @@ func (s *simpleStatusHandler) Stop() {
 func (s *simpleStatusHandler) Flush() {
 }
 
-func (s *simpleStatusHandler) StartStatus(total int, message string) StatusLine {
+func (s *simpleStatusHandler) StartStatus(level Level, total int, message string) StatusLine {
 	if message != "" {
-		s.Message(LevelInfo, message)
+		s.Message(level, message)
 	}
 	return &simpleStatusLine{}
 }
 
 func (s *simpleStatusHandler) Message(level Level, message string) {
+	if level == LevelTrace && !s.trace {
+		return
+	}
 	s.cb(level, message)
 }
 
@@ -57,26 +53,6 @@ func (s *simpleStatusHandler) MessageFallback(level Level, message string) {
 	s.Message(level, message)
 }
 
-func (s *simpleStatusHandler) Prompt(password bool, message string) (string, error) {
-	s.cb(LevelPrompt, message)
-
-	if password {
-		bytePassword, err := term.ReadPassword(int(syscall.Stdin))
-		_, _ = fmt.Fprintf(os.Stderr, "\n")
-		if err != nil {
-			return "", err
-		}
-		return string(bytePassword), nil
-	} else {
-		var response string
-		_, err := fmt.Scanln(&response)
-		if err != nil {
-			return "", err
-		}
-		return response, nil
-	}
-}
-
 func (sl *simpleStatusLine) SetTotal(total int) {
 }
 
diff --git a/pkg/status/status.go b/pkg/status/status.go
index b12449f3d..aaa45a32e 100644
--- a/pkg/status/status.go
+++ b/pkg/status/status.go
@@ -14,10 +14,10 @@ type StatusContext struct {
 	finished bool
 	failed   bool
 
+	level        Level
 	prefix       string
 	startMessage string
 	startTotal   int
-	disableLogs  bool
 }
 
 type EndResult int
@@ -34,6 +34,7 @@ const (
 	LevelInfo
 	LevelWarning
 	LevelError
+	LevelProgress
 	LevelPrompt
 )
 
@@ -46,18 +47,14 @@ type StatusLine interface {
 }
 
 type StatusHandler interface {
-	IsTerminal() bool
 	IsTraceEnabled() bool
 
-	SetTrace(trace bool)
 	Stop()
 	Flush()
-	StartStatus(total int, message string) StatusLine
+	StartStatus(level Level, total int, message string) StatusLine
 
 	Message(level Level, message string)
 	MessageFallback(level Level, message string)
-
-	Prompt(password bool, message string) (string, error)
 }
 
 type contextKey struct{}
@@ -93,6 +90,12 @@ func FromContext(ctx context.Context) StatusHandler {
 
 type Option func(s *StatusContext)
 
+func WithLevel(level Level) Option {
+	return func(s *StatusContext) {
+		s.level = level
+	}
+}
+
 func WithPrefix(prefix string) Option {
 	return func(s *StatusContext) {
 		s.prefix = prefix
@@ -115,24 +118,19 @@ func WithTotal(t int) Option {
 	}
 }
 
-func WithDisableLogs() Option {
-	return func(s *StatusContext) {
-		s.disableLogs = true
-	}
-}
-
 func StartWithOptions(ctx context.Context, opts ...Option) *StatusContext {
 	sh := FromContext(ctx)
 	s := &StatusContext{
-		ctx: ctx,
-		sh:  sh,
+		ctx:   ctx,
+		sh:    sh,
+		level: LevelProgress,
 	}
 
 	for _, o := range opts {
 		o(s)
 	}
 
-	s.sl = sh.StartStatus(s.startTotal, s.buildMessage(s.startMessage))
+	s.sl = sh.StartStatus(s.level, s.startTotal, s.buildMessage(s.startMessage))
 
 	return s
 }
@@ -268,7 +266,7 @@ func InfoFallbackf(ctx context.Context, status string, args ...any) {
 
 func Warning(ctx context.Context, status string) {
 	slh := FromContext(ctx)
-	slh.MessageFallback(LevelWarning, status)
+	slh.Message(LevelWarning, status)
 }
 
 func Warningf(ctx context.Context, status string, args ...any) {
@@ -312,15 +310,6 @@ func Errorf(ctx context.Context, status string, args ...any) {
 	Error(ctx, fmt.Sprintf(status, args...))
 }
 
-func Prompt(ctx context.Context, password bool, message string) (string, error) {
-	slh := FromContext(ctx)
-	return slh.Prompt(password, message)
-}
-
-func Promptf(ctx context.Context, password bool, message string, args ...any) (string, error) {
-	return Prompt(ctx, password, fmt.Sprintf(message, args...))
-}
-
 func Deprecation(ctx context.Context, key string, message string) {
 	cv := getContextValue(ctx)
 	cv.deprecationOnce.Do(key, func() {
diff --git a/pkg/status/status_handler.go b/pkg/status/status_handler.go
index 58869531c..405bb1788 100644
--- a/pkg/status/status_handler.go
+++ b/pkg/status/status_handler.go
@@ -4,17 +4,13 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/status/multiline"
-	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"io"
-	"strings"
 	"sync"
-	"syscall"
 )
 
 type MultiLineStatusHandler struct {
 	ctx         context.Context
 	out         io.Writer
-	isTerminal  bool
 	enableColor bool
 	trace       bool
 
@@ -34,11 +30,10 @@ type statusLine struct {
 	mutex sync.Mutex
 }
 
-func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bool, enableColor bool, trace bool) *MultiLineStatusHandler {
+func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, enableColor bool, trace bool) *MultiLineStatusHandler {
 	sh := &MultiLineStatusHandler{
 		ctx:         ctx,
 		out:         out,
-		isTerminal:  isTerminal,
 		enableColor: enableColor,
 		trace:       trace,
 	}
@@ -48,10 +43,6 @@ func NewMultiLineStatusHandler(ctx context.Context, out io.Writer, isTerminal bo
 	return sh
 }
 
-func (s *MultiLineStatusHandler) IsTerminal() bool {
-	return s.isTerminal
-}
-
 func (s *MultiLineStatusHandler) IsTraceEnabled() bool {
 	return s.trace
 }
@@ -73,11 +64,11 @@ func (s *MultiLineStatusHandler) Stop() {
 	s.ml.Stop()
 }
 
-func (s *MultiLineStatusHandler) StartStatus(total int, message string) StatusLine {
-	return s.startStatus(total, message, "")
+func (s *MultiLineStatusHandler) StartStatus(level Level, total int, message string) StatusLine {
+	return s.startStatus(level, total, message, "")
 }
 
-func (s *MultiLineStatusHandler) startStatus(total int, message string, barOverride string) *statusLine {
+func (s *MultiLineStatusHandler) startStatus(level Level, total int, message string, barOverride string) *statusLine {
 	sl := &statusLine{
 		slh:         s,
 		total:       total,
@@ -85,13 +76,17 @@ func (s *MultiLineStatusHandler) startStatus(total int, message string, barOverr
 		barOverride: barOverride,
 	}
 
+	if level != LevelProgress {
+		sl.barOverride = s.levelPrefix(level)
+	}
+
 	sl.l = sl.slh.ml.NewLine(sl.lineFunc)
 
 	return sl
 }
 
 func (s *MultiLineStatusHandler) withColor(c string, txt string) string {
-	if !s.isTerminal || !s.enableColor {
+	if !s.enableColor {
 		return txt
 	}
 	switch c {
@@ -114,13 +109,10 @@ func (s *MultiLineStatusHandler) printLine(message string, barOverride string, d
 	}
 }
 
-func (s *MultiLineStatusHandler) Message(level Level, message string) {
+func (s *MultiLineStatusHandler) levelPrefix(level Level) string {
 	var o string
 	switch level {
 	case LevelTrace:
-		if !s.trace {
-			return
-		}
 		fallthrough
 	case LevelInfo:
 		o = s.withColor("green", "ⓘ")
@@ -129,10 +121,18 @@ func (s *MultiLineStatusHandler) Message(level Level, message string) {
 	case LevelError:
 		o = s.withColor("red", "✗")
 	case LevelPrompt:
-		o = s.withColor("red", "?")
+		o = s.withColor("yellow", "?")
 	default:
 		o = s.withColor("yellow", "¿")
 	}
+	return o
+}
+
+func (s *MultiLineStatusHandler) Message(level Level, message string) {
+	if level == LevelTrace && !s.trace {
+		return
+	}
+	o := s.levelPrefix(level)
 	s.printLine(message, o, true)
 }
 
@@ -140,24 +140,6 @@ func (s *MultiLineStatusHandler) MessageFallback(level Level, message string) {
 	// no fallback needed
 }
 
-func (s *MultiLineStatusHandler) Prompt(password bool, message string) (string, error) {
-	o := s.withColor("yellow", "?")
-	sl := s.startStatus(1, message, o)
-	defer sl.end(o)
-
-	doUpdate := func(ret []byte) {
-		if password {
-			sl.Update(message + strings.Repeat("*", len(ret)))
-		} else {
-			sl.Update(message + string(ret))
-		}
-	}
-
-	ret, err := term.ReadLineNoEcho(int(syscall.Stdin), doUpdate)
-
-	return string(ret), err
-}
-
 func (sl *statusLine) lineFunc() string {
 	sl.mutex.Lock()
 	defer sl.mutex.Unlock()
diff --git a/pkg/utils/term/read_line.go b/pkg/utils/term/read_line.go
index 8f5c9f6fd..454751adf 100644
--- a/pkg/utils/term/read_line.go
+++ b/pkg/utils/term/read_line.go
@@ -24,7 +24,9 @@ func readLine(reader io.Reader, cb func(ret []byte)) ([]byte, error) {
 				if len(ret) > 0 {
 					ret = ret[:len(ret)-1]
 				}
-				cb(ret)
+				if cb != nil {
+					cb(ret)
+				}
 			case '\n':
 				if runtime.GOOS != "windows" {
 					return ret, nil
@@ -37,7 +39,9 @@ func readLine(reader io.Reader, cb func(ret []byte)) ([]byte, error) {
 				// otherwise ignore \r
 			default:
 				ret = append(ret, buf[0])
-				cb(ret)
+				if cb != nil {
+					cb(ret)
+				}
 			}
 			continue
 		}
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 6e0a68f30..5174b830e 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/Azure/go-ntlmssp"
 	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -84,7 +84,7 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 		credsKey := fmt.Sprintf("%s|%s", source.Http.Url.Host, strings.Join(realms, "+"))
 		creds, ok := v.credentialsCache[credsKey]
 		if !ok {
-			username, password, err := status.AskForCredentials(v.ctx, fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
+			username, password, err := prompts.AskForCredentials(v.ctx, fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
 				return nil, err
 			}

From e21af96fa201f0d04c4af334d2ff4793eb5e50ea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 08:27:54 +0200
Subject: [PATCH 1405/2268] refactor: Move TestProject into own package

---
 e2e/args_test.go                              |  8 +++---
 e2e/contexts_test.go                          |  6 ++---
 e2e/deployment_items_test.go                  | 16 ++++++------
 e2e/diff_name_test.go                         |  2 +-
 e2e/git_include_test.go                       | 21 ++++++++--------
 e2e/gitops_errors_test.go                     |  2 +-
 e2e/gitops_migration_test.go                  |  2 +-
 e2e/gitops_test.go                            | 21 ++++++++--------
 e2e/helm_test.go                              | 25 ++++++++++---------
 e2e/hooks_test.go                             |  7 +++---
 e2e/images_test.go                            | 23 +++++++++--------
 e2e/inclusion_test.go                         |  7 +++---
 e2e/no_target_test.go                         | 10 ++++----
 e2e/obfuscate_test.go                         |  2 +-
 e2e/prune_test.go                             |  2 +-
 e2e/render_test.go                            |  2 +-
 e2e/results_test.go                           |  2 +-
 e2e/seal_test.go                              | 11 ++++----
 e2e/skip_delete_test.go                       |  2 +-
 e2e/sops_test.go                              | 11 ++++----
 .../kluctl_execute.go                         |  2 +-
 e2e/{test-utils => test_project}/project.go   |  2 +-
 .../run_helper.go                             |  2 +-
 e2e/utils.go                                  |  3 ++-
 e2e/utils_resources.go                        | 10 ++++----
 e2e/validate_test.go                          |  9 ++++---
 e2e/when_test.go                              |  2 +-
 27 files changed, 111 insertions(+), 101 deletions(-)
 rename e2e/{test-utils => test_project}/kluctl_execute.go (98%)
 rename e2e/{test-utils => test_project}/project.go (99%)
 rename e2e/{test-utils => test_project}/run_helper.go (97%)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index b52698b47..1641da10f 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"testing"
@@ -13,7 +13,7 @@ func TestArgs(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -121,7 +121,7 @@ d:
 func TestArgsFromEnv(t *testing.T) {
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 	p.AddExtraEnv("KLUCTL_ARG=a=a")
 	p.AddExtraEnv("KLUCTL_ARG_1=b=b")
 	p.AddExtraEnv(`KLUCTL_ARG_2=c={"nested":{"nested2":"c"}}`)
@@ -156,7 +156,7 @@ func TestArgsFromEnv(t *testing.T) {
 func TestArgsFromEnvAndCli(t *testing.T) {
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 	p.AddExtraEnv("KLUCTL_ARG_1=a=a")
 	p.AddExtraEnv("KLUCTL_ARG_2=c=c")
 
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index e5c6a73a9..4f41e6f4e 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -1,13 +1,13 @@
 package e2e
 
 import (
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 )
 
-func prepareContextTest(t *testing.T) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t)
+func prepareContextTest(t *testing.T) *test_project.TestProject {
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
 	createNamespace(t, defaultCluster2, p.TestSlug())
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index 0211d126f..ada1a8cc4 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"path/filepath"
@@ -14,7 +14,7 @@ func TestKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -42,7 +42,7 @@ func TestGeneratedKustomize(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -89,7 +89,7 @@ func TestOnlyRender(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -142,7 +142,7 @@ func TestKustomizeBase(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -157,7 +157,7 @@ func TestKustomizeBase(t *testing.T) {
 		return items
 	})
 
-	p.AddKustomizeDeployment("k1", []test_utils.KustomizeResource{{
+	p.AddKustomizeDeployment("k1", []test_project.KustomizeResource{{
 		Name: "../base",
 	}}, nil)
 
@@ -170,7 +170,7 @@ func TestTemplateIgnore(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -225,7 +225,7 @@ func testLocalIncludes(t *testing.T, projectDir string) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithBareProject())
+	p := test_project.NewTestProject(t, test_project.WithBareProject())
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/diff_name_test.go b/e2e/diff_name_test.go
index aee6ad745..5cdf3e073 100644
--- a/e2e/diff_name_test.go
+++ b/e2e/diff_name_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 777315fc0..96d307543 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -15,11 +16,11 @@ import (
 	"testing"
 )
 
-func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer *git2.TestGitServer) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t,
-		test_utils.WithGitSubDir(subDir),
-		test_utils.WithGitServer(gitServer),
-		test_utils.WithRepoName(fmt.Sprintf("repos/%s", prefix)),
+func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer *git2.TestGitServer) *test_project.TestProject {
+	p := test_project.NewTestProject(t,
+		test_project.WithGitSubDir(subDir),
+		test_project.WithGitServer(gitServer),
+		test_project.WithRepoName(fmt.Sprintf("repos/%s", prefix)),
 	)
 	addConfigMapDeployment(p, "cm", map[string]string{"a": "v"}, resourceOpts{
 		name:      fmt.Sprintf("%s-cm", prefix),
@@ -28,8 +29,8 @@ func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer
 	return p
 }
 
-func prepareGitIncludeTest(t *testing.T, k *test_utils.EnvTestCluster, mainGs *git2.TestGitServer, gs1 *git2.TestGitServer, gs2 *git2.TestGitServer) (*test_utils.TestProject, *test_utils.TestProject, *test_utils.TestProject) {
-	p := test_utils.NewTestProject(t, test_utils.WithGitServer(mainGs))
+func prepareGitIncludeTest(t *testing.T, k *test_utils.EnvTestCluster, mainGs *git2.TestGitServer, gs1 *git2.TestGitServer, gs2 *git2.TestGitServer) (*test_project.TestProject, *test_project.TestProject, *test_project.TestProject) {
+	p := test_project.NewTestProject(t, test_project.WithGitServer(mainGs))
 	ip1 := prepareIncludeProject(t, "include1", "", gs1)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", gs2)
 
@@ -64,7 +65,7 @@ func TestGitInclude(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
 
-func createBranchAndTag(t *testing.T, p *test_utils.TestProject, branchName string, tagName string, tagMessage string, update func()) string {
+func createBranchAndTag(t *testing.T, p *test_project.TestProject, branchName string, tagName string, tagMessage string, update func()) string {
 	err := p.GetGitWorktree().Checkout(&git.CheckoutOptions{
 		Branch: plumbing.NewBranchReferenceName("master"),
 	})
@@ -104,8 +105,8 @@ func TestGitIncludeRef(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
-	ip1 := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
+	ip1 := test_project.NewTestProject(t)
 
 	addConfigMapDeployment(p, "cm", map[string]string{"a": "a"}, resourceOpts{
 		name:      "parent",
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 7d5cb9fd9..aaa397b5a 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -3,7 +3,7 @@ package e2e
 import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/e2e/gitops_migration_test.go b/e2e/gitops_migration_test.go
index 283f459aa..27d389ca4 100644
--- a/e2e/gitops_migration_test.go
+++ b/e2e/gitops_migration_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	meta2 "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index a9c5d1c10..82ed7b902 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/onsi/gomega"
@@ -104,7 +105,7 @@ func (suite *GitopsTestSuite) startController() {
 	}
 	done := make(chan struct{})
 	go func() {
-		_, _, err := test_utils.KluctlExecute(suite.T(), ctx, args...)
+		_, _, err := test_project.KluctlExecute(suite.T(), ctx, args...)
 		if err != nil {
 			suite.T().Error(err)
 		}
@@ -157,7 +158,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 	}, timeout, time.Second).Should(BeTrue())
 }
 
-func (suite *GitopsTestSuite) createKluctlDeployment(p *test_utils.TestProject, target string, args map[string]any) client.ObjectKey {
+func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
 	gitopsNs := p.TestSlug() + "-gitops"
 	createNamespace(suite.T(), suite.k, gitopsNs)
 
@@ -226,11 +227,11 @@ func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
 func (suite *GitopsTestSuite) TestGitOpsFieldManager() {
 	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(suite.T())
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
-	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
 		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -344,7 +345,7 @@ data:
 func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Helm() {
 	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(suite.T())
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
@@ -508,12 +509,12 @@ func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Helm() {
 func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Prune() {
 	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(suite.T())
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 
-	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
 		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -523,7 +524,7 @@ data:
   k1: v1
 `)},
 	}, nil)
-	p.AddKustomizeDeployment("d2", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("d2", []test_project.KustomizeResource{
 		{Name: "cm2.yaml", Content: uo.FromStringMust(`apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -607,12 +608,12 @@ data:
 func (suite *GitopsTestSuite) doTestDelete(delete bool) {
 	g := NewWithT(suite.T())
 
-	p := test_utils.NewTestProject(suite.T())
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
 
-	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
 		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index a3c8ae976..a6de63655 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"net/url"
@@ -36,7 +37,7 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -132,7 +133,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -178,7 +179,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -293,7 +294,7 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -356,7 +357,7 @@ func TestHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -421,7 +422,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 	createNamespace(t, k, p.TestSlug()+"-a")
@@ -452,7 +453,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -493,7 +494,7 @@ func TestHelmLocalChart(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -518,7 +519,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -597,7 +598,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.2.0", u.Port())))
 }
 
-func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
+func getChartDir(t *testing.T, p *test_project.TestProject, url2 string, chartName string, chartVersion string) string {
 	u, err := url.Parse(url2)
 	if err != nil {
 		t.Fatal(err)
@@ -614,11 +615,11 @@ func getChartDir(t *testing.T, p *test_utils.TestProject, url2 string, chartName
 	return dir
 }
 
-func getChartFile(t *testing.T, p *test_utils.TestProject, url2 string, chartName string, chartVersion string) string {
+func getChartFile(t *testing.T, p *test_project.TestProject, url2 string, chartName string, chartVersion string) string {
 	return filepath.Join(getChartDir(t, p, url2, chartName, chartVersion), "Chart.yaml")
 }
 
-func listChartVersions(t *testing.T, p *test_utils.TestProject, url2 string, chartName string) []string {
+func listChartVersions(t *testing.T, p *test_project.TestProject, url2 string, chartName string) []string {
 	des, err := os.ReadDir(getChartDir(t, p, url2, chartName, ""))
 	assert.NoError(t, err)
 
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 994174ff3..e3e5114c2 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -16,7 +17,7 @@ type hooksTestContext struct {
 	t *testing.T
 	k *test_utils.EnvTestCluster
 
-	p *test_utils.TestProject
+	p *test_project.TestProject
 
 	m              sync.Mutex
 	seenConfigMaps []string
@@ -95,7 +96,7 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	o.SetK8sGVKs("", "v1", "ConfigMap")
 	mergeMetadata(o, opts)
 	o.SetNestedField(map[string]interface{}{}, "data")
-	s.p.AddKustomizeResources(dir, []test_utils.KustomizeResource{
+	s.p.AddKustomizeResources(dir, []test_project.KustomizeResource{
 		{Name: fmt.Sprintf("%s.yml", opts.name), Content: o},
 	})
 }
@@ -104,7 +105,7 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 	s := &hooksTestContext{
 		t: t,
 		k: defaultCluster2, // use cluster2 as it has webhooks setup
-		p: test_utils.NewTestProject(t),
+		p: test_project.NewTestProject(t),
 	}
 	s.setupWebhook()
 	t.Cleanup(func() {
diff --git a/e2e/images_test.go b/e2e/images_test.go
index 163de07a7..1afd8eb0a 100644
--- a/e2e/images_test.go
+++ b/e2e/images_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -11,7 +12,7 @@ import (
 	"testing"
 )
 
-func addGetImageDeployment(p *test_utils.TestProject, name string, containerName string, gi string) {
+func addGetImageDeployment(p *test_project.TestProject, name string, containerName string, gi string) {
 	y := fmt.Sprintf(`
 apiVersion: apps/v1
 kind: Deployment
@@ -35,12 +36,12 @@ spec:
         image: '%s'
 `, name, p.TestSlug(), name, name, name, containerName, gi)
 
-	p.AddKustomizeDeployment(name, []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment(name, []test_project.KustomizeResource{
 		{Name: name, Content: uo.FromStringMust(y)},
 	}, nil)
 }
 
-func assertImage(t *testing.T, k *test_utils.EnvTestCluster, p *test_utils.TestProject, deploymentName string, containerName string, expectedImage string) {
+func assertImage(t *testing.T, k *test_utils.EnvTestCluster, p *test_project.TestProject, deploymentName string, containerName string, expectedImage string) {
 	d := assertObjectExists(t, k, schema.GroupVersionResource{
 		Group:    "apps",
 		Version:  "v1",
@@ -66,7 +67,7 @@ func TestGetImageNotFound(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -85,7 +86,7 @@ func TestGetImageArg(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -98,7 +99,7 @@ func TestGetImageArg(t *testing.T) {
 	assertImage(t, k, p, "d1", "c1", "i1:arg")
 }
 
-func setImagesVars(p *test_utils.TestProject, fis []types.FixedImage) {
+func setImagesVars(p *test_project.TestProject, fis []types.FixedImage) {
 	vars := []types.VarsSource{
 		{
 			Values: uo.FromMap(map[string]interface{}{
@@ -118,7 +119,7 @@ func TestGetImageVars(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
 		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars"},
@@ -140,7 +141,7 @@ func TestGetImageMixed(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
 		{Image: utils.StrPtr("i2"), ResultImage: "i2:vars"},
@@ -164,7 +165,7 @@ func TestGetImageByDeployment(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
 		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Deployment: utils.StrPtr("Deployment/d1")},
@@ -189,7 +190,7 @@ func TestGetImageByContainer(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
 		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Container: utils.StrPtr("c1")},
@@ -214,7 +215,7 @@ func TestGetImageRegex(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
 		{ImageRegex: utils.StrPtr("i.*"), ResultImage: "i1:x"},
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index fee93caec..206ff4df6 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
@@ -9,9 +10,9 @@ import (
 	"testing"
 )
 
-func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_utils.TestProject, *test_utils.EnvTestCluster) {
+func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_project.TestProject, *test_utils.EnvTestCluster) {
 	k := defaultCluster1
-	p := test_utils.NewTestProject(t)
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -41,7 +42,7 @@ func prepareInclusionTestProject(t *testing.T, withIncludes bool) (*test_utils.T
 	return p, k
 }
 
-func assertExistsHelper(t *testing.T, p *test_utils.TestProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
+func assertExistsHelper(t *testing.T, p *test_project.TestProject, k *test_utils.EnvTestCluster, shouldExists map[string]bool, add []string, remove []string) {
 	for _, x := range add {
 		shouldExists[x] = true
 	}
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 90c8086c6..4840d8ae1 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -1,15 +1,15 @@
 package e2e
 
 import (
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
 	"testing"
 )
 
-func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t)
+func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_project.TestProject {
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, defaultCluster1, p.TestSlug())
 	createNamespace(t, defaultCluster2, p.TestSlug())
@@ -23,9 +23,9 @@ func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_utils.Test
 	})
 
 	if withDeploymentYaml {
-		p.AddKustomizeDeployment("cm", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
+		p.AddKustomizeDeployment("cm", []test_project.KustomizeResource{{Name: "cm.yaml", Content: cm}}, nil)
 	} else {
-		p.AddKustomizeResources("", []test_utils.KustomizeResource{{Name: "cm.yaml", Content: cm}})
+		p.AddKustomizeResources("", []test_project.KustomizeResource{{Name: "cm.yaml", Content: cm}})
 		err := os.Remove(filepath.Join(p.LocalProjectDir(), "deployment.yml"))
 		assert.NoError(t, err)
 	}
diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
index 7cff67ab1..fa1563fd2 100644
--- a/e2e/obfuscate_test.go
+++ b/e2e/obfuscate_test.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"encoding/base64"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
diff --git a/e2e/prune_test.go b/e2e/prune_test.go
index d70c55fb6..bea7fa554 100644
--- a/e2e/prune_test.go
+++ b/e2e/prune_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"testing"
 )
 
diff --git a/e2e/render_test.go b/e2e/render_test.go
index 6d3e92467..8190dd1a1 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
diff --git a/e2e/results_test.go b/e2e/results_test.go
index db85dc2d3..b7b14300f 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"context"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index aa21459fb..820d9f1e0 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -85,7 +86,7 @@ func startCertServer() (*certServer, error) {
 	return &cs, nil
 }
 
-func addProxyVars(p *test_utils.TestProject) {
+func addProxyVars(p *test_project.TestProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
 		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
 		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
@@ -97,8 +98,8 @@ func addProxyVars(p *test_utils.TestProject) {
 	f(1, defaultCluster2, certServer2)
 }
 
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_project.TestProject {
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 
 	if proxy {
 		addProxyVars(p)
@@ -114,13 +115,13 @@ func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[str
 	return p
 }
 
-func addSecretsSet(p *test_utils.TestProject, name string, varsSources []*uo.UnstructuredObject) {
+func addSecretsSet(p *test_project.TestProject, name string, varsSources []*uo.UnstructuredObject) {
 	p.UpdateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
 		_ = secretSet.SetNestedField(varsSources, "vars")
 	})
 }
 
-func addSecretsSetToTarget(p *test_utils.TestProject, targetName string, secretSetName string) {
+func addSecretsSetToTarget(p *test_project.TestProject, targetName string, secretSetName string) {
 	p.UpdateTarget(targetName, func(target *uo.UnstructuredObject) {
 		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
 		l = append(l, secretSetName)
diff --git a/e2e/skip_delete_test.go b/e2e/skip_delete_test.go
index ba7802e2e..6c2a32bb4 100644
--- a/e2e/skip_delete_test.go
+++ b/e2e/skip_delete_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"strings"
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index a7c7c3369..6d0eed629 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
@@ -10,7 +11,7 @@ import (
 	"testing"
 )
 
-func setSopsKey(p *test_utils.TestProject) {
+func setSopsKey(p *test_project.TestProject) {
 	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
 	p.AddExtraEnv(fmt.Sprintf("%s=%s", age.SopsAgeKeyEnv, string(key)))
 }
@@ -20,7 +21,7 @@ func TestSopsVars(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
@@ -60,7 +61,7 @@ func TestSopsResources(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
@@ -71,7 +72,7 @@ func TestSopsResources(t *testing.T) {
 		return nil
 	})
 
-	p.AddKustomizeDeployment("cm", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("cm", []test_project.KustomizeResource{
 		{Name: "encrypted-cm.yaml"},
 	}, nil)
 
@@ -93,7 +94,7 @@ func TestSopsHelmValues(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := test_utils.NewTestProject(t, test_utils.WithUseProcess(true))
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
 	setSopsKey(p)
 
 	createNamespace(t, k, p.TestSlug())
diff --git a/e2e/test-utils/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
similarity index 98%
rename from e2e/test-utils/kluctl_execute.go
rename to e2e/test_project/kluctl_execute.go
index a6daca605..25897f65b 100644
--- a/e2e/test-utils/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -1,4 +1,4 @@
-package test_utils
+package test_project
 
 import (
 	"bytes"
diff --git a/e2e/test-utils/project.go b/e2e/test_project/project.go
similarity index 99%
rename from e2e/test-utils/project.go
rename to e2e/test_project/project.go
index aa913a9fe..7f724ef29 100644
--- a/e2e/test-utils/project.go
+++ b/e2e/test_project/project.go
@@ -1,4 +1,4 @@
-package test_utils
+package test_project
 
 import (
 	"context"
diff --git a/e2e/test-utils/run_helper.go b/e2e/test_project/run_helper.go
similarity index 97%
rename from e2e/test-utils/run_helper.go
rename to e2e/test_project/run_helper.go
index face1f426..3be85e0a4 100644
--- a/e2e/test-utils/run_helper.go
+++ b/e2e/test_project/run_helper.go
@@ -1,4 +1,4 @@
-package test_utils
+package test_project
 
 import (
 	"bufio"
diff --git a/e2e/utils.go b/e2e/utils.go
index 061402c77..4b61a5ed0 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/core/v1"
@@ -29,7 +30,7 @@ func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace strin
 	}
 }
 
-func getHeadRevision(t *testing.T, p *test_utils.TestProject) string {
+func getHeadRevision(t *testing.T, p *test_project.TestProject) string {
 	r := p.GetGitRepo()
 	h, err := r.Head()
 	if err != nil {
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 5595851bb..63134462c 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -2,7 +2,7 @@ package e2e
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"path/filepath"
 )
@@ -55,13 +55,13 @@ func createSecretObject(data map[string]string, opts resourceOpts) *uo.Unstructu
 	return o
 }
 
-func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts) {
+func addConfigMapDeployment(p *test_project.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createConfigMapObject(data, opts)
 	fname := opts.fname
 	if fname == "" {
 		fname = fmt.Sprintf("configmap-%s.yml", opts.name)
 	}
-	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment(dir, []test_project.KustomizeResource{
 		{Name: fname, Content: o},
 	}, opts.tags)
 	if opts.when != "" {
@@ -72,14 +72,14 @@ func addConfigMapDeployment(p *test_utils.TestProject, dir string, data map[stri
 	}
 }
 
-func addSecretDeployment(p *test_utils.TestProject, dir string, data map[string]string, opts resourceOpts, sealme bool) {
+func addSecretDeployment(p *test_project.TestProject, dir string, data map[string]string, opts resourceOpts, sealme bool) {
 	sealmeExt := ""
 	if sealme {
 		sealmeExt = ".sealme"
 	}
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
-	p.AddKustomizeDeployment(dir, []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment(dir, []test_project.KustomizeResource{
 		{Name: fname, FileName: fname + sealmeExt, Content: o},
 	}, opts.tags)
 	if opts.when != "" {
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 5270f45e7..59d44a584 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
@@ -63,21 +64,21 @@ status:
 	return deployment
 }
 
-func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_utils.TestProject {
-	p := test_utils.NewTestProject(t)
+func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_project.TestProject {
+	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
 
 	p.UpdateTarget("test", nil)
 
-	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
 		{Name: fmt.Sprintf("configmap-%s.yml", "d1"), Content: buildDeployment("d1", p.TestSlug(), false)},
 	}, nil)
 
 	return p
 }
 
-func assertValidate(t *testing.T, p *test_utils.TestProject, succeed bool) (string, string) {
+func assertValidate(t *testing.T, p *test_project.TestProject, succeed bool) (string, string) {
 	args := []string{"validate"}
 	args = append(args, "-t", "test")
 
diff --git a/e2e/when_test.go b/e2e/when_test.go
index 1eca921b4..65b5fcee1 100644
--- a/e2e/when_test.go
+++ b/e2e/when_test.go
@@ -1,7 +1,7 @@
 package e2e
 
 import (
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"path/filepath"
 	"strings"

From 318869f560aa1d512b804e1f24b4e6e4cbc45ecc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 08:29:28 +0200
Subject: [PATCH 1406/2268] tests: Switch to EnvTestCluster instead of fakes
 k8s clients in vars loader test

---
 Makefile                     |   4 +-
 pkg/vars/vars_loader_test.go | 412 ++++++++++++++++++++---------------
 2 files changed, 236 insertions(+), 180 deletions(-)

diff --git a/Makefile b/Makefile
index a9607438e..6e187757a 100644
--- a/Makefile
+++ b/Makefile
@@ -88,8 +88,8 @@ vet: ## Run go vet against code.
 test: manifests generate test-unit test-e2e fmt vet ## Run all tests.
 
 .PHONY: test-unit
-test-unit: ## Run unit tests.
-	go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out -test.v
+test-unit: envtest ## Run unit tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out -test.v
 
 .PHONY: test-e2e
 test-e2e: envtest ## Run e2e tests.
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 5aef1da6d..1ae6183d1 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -2,7 +2,11 @@ package vars
 
 import (
 	"context"
+	"fmt"
+	"github.com/huandu/xstrings"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	"github.com/stretchr/testify/suite"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -28,191 +32,226 @@ import (
 	"go.mozilla.org/sops/v3/age"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
 )
 
-func newRP(t *testing.T) *repocache.GitRepoCache {
+type VarsLoaderTestSuite struct {
+	suite.Suite
+
+	k  *test_utils.EnvTestCluster
+	k2 *k8s.K8sCluster
+}
+
+func (s *VarsLoaderTestSuite) SetupSuite() {
+	s.k = test_utils.CreateEnvTestCluster("cluster")
+	err := s.k.Start()
+	assert.NoError(s.T(), err)
+
+	discovery, mapper, err := k8s.CreateDiscoveryAndMapper(context.TODO(), s.k.RESTConfig())
+	assert.NoError(s.T(), err)
+	s.k2, err = k8s.NewK8sCluster(context.TODO(), s.k.RESTConfig(), discovery, mapper, false)
+	assert.NoError(s.T(), err)
+}
+
+func (s *VarsLoaderTestSuite) TearDownSuite() {
+	if s.k != nil {
+		s.k.Stop()
+	}
+}
+
+func (s *VarsLoaderTestSuite) namespace() string {
+	n := s.T().Name()
+	n = xstrings.ToKebabCase(n)
+	n = strings.ReplaceAll(n, "/", "-")
+	return n
+}
+
+func (s *VarsLoaderTestSuite) createNamespace() {
+	err := s.k.Client.Create(context.TODO(), &corev1.Namespace{ObjectMeta: v1.ObjectMeta{Name: s.namespace()}})
+	assert.NoError(s.T(), err)
+}
+
+func TestVarsLoader(t *testing.T) {
+	suite.Run(t, new(VarsLoaderTestSuite))
+}
+
+func (s *VarsLoaderTestSuite) newRP() *repocache.GitRepoCache {
 	grc := repocache.NewGitRepoCache(context.TODO(), &ssh_pool.SshPool{}, auth.NewDefaultAuthProviders("KLUCTL_GIT", nil), nil, 0)
-	t.Cleanup(func() {
+	s.T().Cleanup(func() {
 		grc.Clear()
 	})
 	return grc
 }
 
-func testVarsLoader(t *testing.T, test func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory), objects ...runtime.Object) {
-	k, err := k8s.NewK8sCluster(context.TODO(), k8s.NewFakeClientFactory(objects...), false)
-	if err != nil {
-		t.Fatal(err)
-	}
-	grc := newRP(t)
+func (s *VarsLoaderTestSuite) testVarsLoader(test func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory)) {
+	grc := s.newRP()
 	fakeAws := aws.NewFakeClientFactory()
 
 	d := decryptor.NewDecryptor("", decryptor.MaxEncryptedFileSize)
 	d.AddLocalKeyService()
 
-	vl := NewVarsLoader(context.TODO(), k, d, grc, fakeAws)
-	vc := NewVarsCtx(newJinja2Must(t))
+	vl := NewVarsLoader(context.TODO(), s.k2, d, grc, fakeAws)
+	vc := NewVarsCtx(newJinja2Must(s.T()))
 
 	test(vl, vc, fakeAws)
 }
 
-func TestVarsLoader_Values(t *testing.T) {
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+func (s *VarsLoaderTestSuite) TestValues() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_ValuesNoOverrides(t *testing.T) {
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+func (s *VarsLoaderTestSuite) TestValuesNoOverrides() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		b := true
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values:     uo.FromStringMust(`{"test1": {"test2": 43}}`),
 			NoOverride: &b,
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_When(t *testing.T) {
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+func (s *VarsLoaderTestSuite) TestWhen() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "a"}`),
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "b"}`),
 			When:   `test1 == "b"`,
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 		v, _, _ := vc.Vars.GetNestedString("test1")
-		assert.Equal(t, "a", v)
+		assert.Equal(s.T(), "a", v)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "b"}`),
 			When:   `test1 == "a"`,
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 		v, _, _ = vc.Vars.GetNestedString("test1")
-		assert.Equal(t, "b", v)
+		assert.Equal(s.T(), "b", v)
 	})
 }
 
-func TestVarsLoader_File(t *testing.T) {
-	d := t.TempDir()
+func (s *VarsLoaderTestSuite) TestFile() {
+	d := s.T().TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			File:          utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			File:          utils.StrPtr("test-missing.yaml"),
 		}, []string{d}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 	})
 }
 
-func TestVarsLoader_SopsFile(t *testing.T) {
-	d := t.TempDir()
+func (s *VarsLoaderTestSuite) TestSopsFile() {
+	d := s.T().TempDir()
 	f, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
 	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), f, 0o600)
 
-	t.Setenv(age.SopsAgeKeyEnv, string(key))
+	s.T().Setenv(age.SopsAgeKeyEnv, string(key))
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_FileWithLoad(t *testing.T) {
-	d := t.TempDir()
+func (s *VarsLoaderTestSuite) TestFileWithLoad() {
+	d := s.T().TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_FileWithLoadSubDir(t *testing.T) {
-	d := t.TempDir()
+func (s *VarsLoaderTestSuite) TestFileWithLoadSubDir() {
+	d := s.T().TempDir()
 	_ = os.Mkdir(filepath.Join(d, "subdir"), 0o700)
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d, filepath.Join(d, "subdir")}, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_FileWithLoadNotExists(t *testing.T) {
-	d := t.TempDir()
+func (s *VarsLoaderTestSuite) TestFileWithLoadNotExists() {
+	d := s.T().TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
-		assert.EqualError(t, err, "failed to render vars file test.yaml: template test3.txt not found")
+		assert.EqualError(s.T(), err, "failed to render vars file test.yaml: template test3.txt not found")
 	})
 }
 
-func TestVarsLoader_Git(t *testing.T) {
-	gs := git.NewTestGitServer(t)
+func (s *VarsLoaderTestSuite) TestGit() {
+	gs := git.NewTestGitServer(s.T())
 	gs.GitInit("repo")
 	gs.UpdateYaml("repo", "test.yaml", func(o map[string]any) error {
 		o["test1"] = map[string]any{
@@ -221,7 +260,7 @@ func TestVarsLoader_Git(t *testing.T) {
 		return nil
 	}, "")
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
@@ -229,13 +268,13 @@ func TestVarsLoader_Git(t *testing.T) {
 				Path: "test.yaml",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
@@ -245,12 +284,12 @@ func TestVarsLoader_Git(t *testing.T) {
 				Path: "test-missing.yaml",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 	})
 }
 
-func TestVarsLoader_GitBranch(t *testing.T) {
-	gs := git.NewTestGitServer(t)
+func (s *VarsLoaderTestSuite) TestGitBranch() {
+	gs := git.NewTestGitServer(s.T())
 	gs.GitInit("repo")
 
 	wt := gs.GetWorktree("repo")
@@ -258,7 +297,7 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 		Branch: plumbing.NewBranchReferenceName("testbranch"),
 		Create: true,
 	})
-	assert.NoError(t, err)
+	assert.NoError(s.T(), err)
 
 	gs.UpdateYaml("repo", "test.yaml", func(o map[string]any) error {
 		o["test1"] = map[string]any{
@@ -270,9 +309,9 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 	err = wt.Checkout(&git2.CheckoutOptions{
 		Branch: plumbing.Master,
 	})
-	assert.NoError(t, err)
+	assert.NoError(s.T(), err)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
@@ -281,214 +320,231 @@ func TestVarsLoader_GitBranch(t *testing.T) {
 				Ref:  &types.GitRef{Branch: "testbranch"},
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_ClusterConfigMap(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
+	s.createNamespace()
+
 	cm := corev1.ConfigMap{
-		ObjectMeta: v1.ObjectMeta{Name: "cm", Namespace: "ns"},
+		ObjectMeta: v1.ObjectMeta{Name: "cm", Namespace: s.namespace()},
 		Data: map[string]string{
 			"vars":  `{"test1": {"test2": 42}}`,
 			"value": "42",
 		},
 	}
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	err := s.k.Client.Create(context.TODO(), &cm)
+	assert.NoError(s.T(), err)
+
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
-	}, &cm)
+		assert.Equal(s.T(), int64(42), v)
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm1",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars1",
 			},
 		}, nil, "")
-		assert.EqualError(t, err, "configmaps \"cm1\" not found")
+		assert.EqualError(s.T(), err, "configmaps \"cm1\" not found")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars1",
 			},
 		}, nil, "")
-		assert.EqualError(t, err, "key vars1 not found in ns/ConfigMap/cm on cluster")
-	}, &cm)
+		assert.EqualError(s.T(), err, fmt.Sprintf("key vars1 not found in %s/ConfigMap/cm on cluster", s.namespace()))
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm-missing",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
-	}, &cm)
+		assert.NoError(s.T(), err)
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "value",
 			},
 		}, nil, "")
-		assert.Errorf(t, err, "failed to load vars from kubernetes object ns/ConfigMap/cm and key value: value is not a YAML dictionary")
-	}, &cm)
+		assert.Errorf(s.T(), err, "failed to load vars from kubernetes object default/ConfigMap/cm and key value: value is not a YAML dictionary")
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:       "cm",
-				Namespace:  "ns",
+				Namespace:  s.namespace(),
 				Key:        "value",
 				TargetPath: "deep.nested.path",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("deep", "nested", "path")
-		assert.Equal(t, int64(42), v)
-	}, &cm)
+		assert.Equal(s.T(), int64(42), v)
+	})
 }
 
-func TestVarsLoader_ClusterSecret(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestClusterSecret() {
+	s.createNamespace()
+
 	secret := corev1.Secret{
-		ObjectMeta: v1.ObjectMeta{Name: "s", Namespace: "ns"},
+		ObjectMeta: v1.ObjectMeta{Name: "s", Namespace: s.namespace()},
 		Data: map[string][]byte{
 			"vars": []byte(`{"test1": {"test2": 42}}`),
 		},
 	}
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	err := s.k.Client.Create(context.TODO(), &secret)
+	assert.NoError(s.T(), err)
+
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
-	}, &secret)
+		assert.Equal(s.T(), int64(42), v)
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s1",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars1",
 			},
 		}, nil, "")
-		assert.EqualError(t, err, "secrets \"s1\" not found")
+		assert.EqualError(s.T(), err, "secrets \"s1\" not found")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars1",
 			},
 		}, nil, "")
-		assert.EqualError(t, err, "key vars1 not found in ns/Secret/s on cluster")
-	}, &secret)
+		assert.EqualError(s.T(), err, fmt.Sprintf("key vars1 not found in %s/Secret/s on cluster", s.namespace()))
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s-missing",
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
-	}, &secret)
+		assert.NoError(s.T(), err)
+	})
 }
 
-func TestVarsLoader_K8sObjectLabels(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestK8sObjectLabels() {
+	s.createNamespace()
+
 	cm1 := corev1.ConfigMap{
-		ObjectMeta: v1.ObjectMeta{Name: "cm1", Namespace: "ns", Labels: map[string]string{"label1": "value1"}},
+		ObjectMeta: v1.ObjectMeta{Name: "cm1", Namespace: s.namespace(), Labels: map[string]string{"label1": "value1"}},
 		Data: map[string]string{
 			"vars": `{"test1": {"test2": 42}}`,
 		},
 	}
 	cm2 := corev1.ConfigMap{
-		ObjectMeta: v1.ObjectMeta{Name: "cm2", Namespace: "ns", Labels: map[string]string{"label2": "value2"}},
+		ObjectMeta: v1.ObjectMeta{Name: "cm2", Namespace: s.namespace(), Labels: map[string]string{"label2": "value2"}},
 		Data: map[string]string{
 			"vars": `{"test3": {"test4": 43}}`,
 		},
 	}
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	err := s.k.Client.Create(context.TODO(), &cm1)
+	assert.NoError(s.T(), err)
+	err = s.k.Client.Create(context.TODO(), &cm2)
+	assert.NoError(s.T(), err)
+
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label1": "value1"},
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
-	}, &cm1, &cm2)
+		assert.Equal(s.T(), int64(42), v)
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label2": "value2"},
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test3", "test4")
-		assert.Equal(t, int64(43), v)
-	}, &cm1, &cm2)
+		assert.Equal(s.T(), int64(43), v)
+	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label2": "value-missing"},
-				Namespace: "ns",
+				Namespace: s.namespace(),
 				Key:       "vars",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
-	}, &cm1, &cm2)
+		assert.NoError(s.T(), err)
+	})
 }
 
-func TestVarsLoader_SystemEnv(t *testing.T) {
-	t.Setenv("TEST1", "42")
-	t.Setenv("TEST2", "'43'")
-	t.Setenv("TEST4", "44")
+func (s *VarsLoaderTestSuite) TestSystemEnv() {
+	s.T().Setenv("TEST1", "42")
+	s.T().Setenv("TEST2", "'43'")
+	s.T().Setenv("TEST4", "44")
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test1": "TEST1",
@@ -502,40 +558,40 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 				"test8": "TEST5:",
 			}),
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedField("test1")
-		assert.Equal(t, 42., v)
+		assert.Equal(s.T(), 42., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test2")
-		assert.Equal(t, "43", v)
+		assert.Equal(s.T(), "43", v)
 
 		v, _, _ = vc.Vars.GetNestedField("test3", "test4")
-		assert.Equal(t, 44., v)
+		assert.Equal(s.T(), 44., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test5")
-		assert.Equal(t, "def", v)
+		assert.Equal(s.T(), "def", v)
 
 		v, _, _ = vc.Vars.GetNestedField("test6")
-		assert.Equal(t, 42., v)
+		assert.Equal(s.T(), 42., v)
 
 		v, _, _ = vc.Vars.GetNestedField("test7")
-		assert.Equal(t, "", v)
+		assert.Equal(s.T(), "", v)
 
 		v, _, _ = vc.Vars.GetNestedField("test8")
-		assert.Equal(t, "", v)
+		assert.Equal(s.T(), "", v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test5": "TEST5",
 			}),
 		}, nil, "")
-		assert.EqualError(t, err, "environment variable TEST5 not found for test5")
+		assert.EqualError(s.T(), err, "environment variable TEST5 not found for test5")
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -543,14 +599,14 @@ func TestVarsLoader_SystemEnv(t *testing.T) {
 				"test1": "TEST-MISSING",
 			}),
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		_, ok, _ := vc.Vars.GetNestedField("test1")
-		assert.False(t, ok)
+		assert.False(s.T(), ok)
 	})
 }
 
-func TestVarsLoader_Http_GET(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestHttp_GET() {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if strings.HasSuffix(r.URL.Path, "/ok") {
 			_, _ = w.Write([]byte(`{"test1": {"test2": 42}}`))
@@ -562,7 +618,7 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/ok"
 
@@ -571,13 +627,13 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 				Url: types.YamlUrl{URL: *u},
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/missing"
@@ -587,10 +643,10 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 				Url: types.YamlUrl{URL: *u},
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/error"
@@ -600,12 +656,12 @@ func TestVarsLoader_Http_GET(t *testing.T) {
 				Url: types.YamlUrl{URL: *u},
 			},
 		}, nil, "")
-		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "failed with status code 500")
+		assert.Error(s.T(), err)
+		assert.Contains(s.T(), err.Error(), "failed with status code 500")
 	})
 }
 
-func TestVarsLoader_Http_POST(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestHttp_POST() {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != "POST" {
 			w.WriteHeader(542)
@@ -626,13 +682,13 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 
 	u, _ := url.Parse(ts.URL)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
 			},
 		}, nil, "")
-		assert.ErrorContains(t, err, "failed with status code 542")
+		assert.ErrorContains(s.T(), err, "failed with status code 542")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
@@ -640,7 +696,7 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 				Method: utils.StrPtr("POST"),
 			},
 		}, nil, "")
-		assert.ErrorContains(t, err, "failed with status code 543")
+		assert.ErrorContains(s.T(), err, "failed with status code 543")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
@@ -649,7 +705,7 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 				Body:   utils.StrPtr("body"),
 			},
 		}, nil, "")
-		assert.ErrorContains(t, err, "failed with status code 544")
+		assert.ErrorContains(s.T(), err, "failed with status code 544")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
@@ -661,11 +717,11 @@ func TestVarsLoader_Http_POST(t *testing.T) {
 		}, nil, "")
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_Http_JsonPath(t *testing.T) {
+func (s *VarsLoaderTestSuite) TestHttp_JsonPath() {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write([]byte(`{"test1": "{\"test2\": 42}"}`))
 	}))
@@ -673,22 +729,22 @@ func TestVarsLoader_Http_JsonPath(t *testing.T) {
 
 	u, _ := url.Parse(ts.URL)
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:      types.YamlUrl{URL: *u},
 				JsonPath: utils.StrPtr("test1"),
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 }
 
-func TestVarsLoader_AwsSecretsManager(t *testing.T) {
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -698,7 +754,7 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 				SecretName: "secret",
 			},
 		}, nil, "")
-		assert.EqualError(t, err, "when omitting the AWS region, the secret name must be a valid ARN")
+		assert.EqualError(s.T(), err, "when omitting the AWS region, the secret name must be a valid ARN")
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
@@ -706,13 +762,13 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 				Region:     utils.StrPtr("eu-central1"),
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -722,13 +778,13 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 				SecretName: "arn:aws:secretsmanager:eu-central-1:12345:secret:secret",
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
-		assert.Equal(t, int64(42), v)
+		assert.Equal(s.T(), int64(42), v)
 	})
 
-	testVarsLoader(t, func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -741,6 +797,6 @@ func TestVarsLoader_AwsSecretsManager(t *testing.T) {
 				Region:     utils.StrPtr("eu-central1"),
 			},
 		}, nil, "")
-		assert.NoError(t, err)
+		assert.NoError(s.T(), err)
 	})
 }

From df27da95b836b7ad54355be680a86103e1937936 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 08:58:22 +0200
Subject: [PATCH 1407/2268] refactor: Remove ClientFactory and instead pass
 necessary config/discovery/mapper

---
 cmd/kluctl/commands/utils.go         |  32 +++-
 pkg/controllers/kluctl_project.go    |  24 ++-
 pkg/k8s/client.go                    |  57 ++++---
 pkg/k8s/client_factory.go            | 158 -----------------
 pkg/k8s/discovery.go                 |  32 ++++
 pkg/k8s/fake_client_factory.go       | 246 ---------------------------
 pkg/k8s/k8s_cluster.go               |  58 ++++---
 pkg/kluctl_project/load.go           |   5 +-
 pkg/kluctl_project/project.go        |   3 -
 pkg/kluctl_project/project_load.go   |   7 +-
 pkg/kluctl_project/target_context.go |  67 +++-----
 pkg/kluctl_project/targets.go        |  15 +-
 pkg/webui/clusteraccessor.go         |  27 +--
 13 files changed, 179 insertions(+), 552 deletions(-)
 delete mode 100644 pkg/k8s/client_factory.go
 create mode 100644 pkg/k8s/discovery.go
 delete mode 100644 pkg/k8s/fake_client_factory.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 01126d86f..b5d6c606a 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
@@ -22,6 +23,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
+	client2 "sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 )
 
@@ -194,36 +196,52 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		RenderOutputDir:    renderOutputDir,
 	}
 
-	targetCtx, err := p.NewTargetContext(ctx, targetParams)
+	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams)
 	if err != nil {
 		return err
 	}
 
-	if !args.forSeal && !args.forCompletion {
-		err = targetCtx.DeploymentCollection.Prepare()
+	var k *k8s.K8sCluster
+	if clientConfig != nil {
+		discovery, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, clientConfig)
 		if err != nil {
 			return err
 		}
+
+		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
+		k, err = k8s.NewK8sCluster(ctx, clientConfig, discovery, mapper, targetParams.DryRun)
+		if err != nil {
+			s.Failed()
+			return err
+		}
+		s.Success()
 	}
 
 	var resultStore results.ResultStore
 	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
-		config, err := targetCtx.SharedContext.K.ToRESTConfig()
+		client, err := client2.New(clientConfig, client2.Options{
+			Mapper: mapper,
+		})
 		if err != nil {
 			return err
 		}
 
-		client, err := targetCtx.SharedContext.K.ToClient()
+		resultStore, err = results.NewResultStoreSecrets(ctx, clientConfig, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
 		if err != nil {
 			return err
 		}
+	}
+	targetCtx, err := p.NewTargetContext(ctx, contextName, k, targetParams)
+	if err != nil {
+		return err
+	}
 
-		resultStore, err = results.NewResultStoreSecrets(ctx, config, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
+	if !args.forSeal && !args.forCompletion {
+		err = targetCtx.DeploymentCollection.Prepare()
 		if err != nil {
 			return err
 		}
 	}
-
 	cmdCtx := &commandCtx{
 		ctx:         ctx,
 		targetCtx:   targetCtx,
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 106c4663c..6df72e32d 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -627,7 +627,23 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	if pt.pp.obj.Spec.Context != nil {
 		props.ContextOverride = *pt.pp.obj.Spec.Context
 	}
-	targetContext, err := p.NewTargetContext(ctx, props)
+
+	restConfig, contextName, err := p.LoadK8sConfig(ctx, props)
+	if err != nil {
+		return nil, err
+	}
+
+	discovery, mapper, err := k8s2.CreateDiscoveryAndMapper(ctx, restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	k, err := k8s2.NewK8sCluster(ctx, restConfig, discovery, mapper, props.DryRun)
+	if err != nil {
+		return nil, err
+	}
+
+	targetContext, err := p.NewTargetContext(ctx, contextName, k, props)
 	if err != nil {
 		return nil, err
 	}
@@ -792,11 +808,13 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	if err != nil {
 		return nil, err
 	}
-	clientFactory, err := k8s2.NewClientFactoryFromConfig(ctx, restConfig)
+
+	discovery, mapper, err := k8s2.CreateDiscoveryAndMapper(ctx, restConfig)
 	if err != nil {
 		return nil, err
 	}
-	k, err := k8s2.NewK8sCluster(ctx, clientFactory, pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun)
+
+	k, err := k8s2.NewK8sCluster(ctx, restConfig, discovery, mapper, pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index b65df6d28..e2a5936cf 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -3,20 +3,20 @@ package k8s
 import (
 	"context"
 	"fmt"
-	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/rest"
+	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type k8sClients struct {
-	ctx           context.Context
-	clientFactory ClientFactory
-	clientPool    chan *parallelClientEntry
-	count         int
+	clientPool chan *parallelClientEntry
+	count      int
 }
 
 type parallelClientEntry struct {
-	client client.Client
-	corev1 corev1.CoreV1Interface
+	config     *rest.Config
+	httpClient *http.Client
+	client     client.Client
 
 	warnings []ApiWarning
 }
@@ -35,59 +35,62 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 	})
 }
 
-func newK8sClients(ctx context.Context, clientFactory ClientFactory, count int) (*k8sClients, error) {
+func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
 	var err error
 
-	k := &k8sClients{
-		ctx:           ctx,
-		clientFactory: clientFactory,
-		clientPool:    make(chan *parallelClientEntry, count),
-		count:         count,
+	kc := &k8sClients{
+		clientPool: make(chan *parallelClientEntry, count),
+		count:      count,
 	}
 
 	for i := 0; i < count; i++ {
 		p := &parallelClientEntry{}
 
-		p.client, err = clientFactory.Client(p)
-		if err != nil {
-			return nil, err
-		}
+		p.config = rest.CopyConfig(k.config)
+		p.config.QPS = 10
+		p.config.Burst = 20
+		p.config.WarningHandler = p
+
+		p.httpClient, err = rest.HTTPClientFor(k.config)
 
-		p.corev1, err = clientFactory.CoreV1Client(p)
+		p.client, err = client.New(k.config, client.Options{
+			HTTPClient: p.httpClient,
+			Mapper:     k.mapper,
+		})
 		if err != nil {
 			return nil, err
 		}
 
-		k.clientPool <- p
+		kc.clientPool <- p
 	}
-	return k, nil
+	return kc, nil
 }
 
 func (k *k8sClients) close() {
-	k.clientFactory.CloseIdleConnections()
 	if k.clientPool != nil {
 		for i := 0; i < k.count; i++ {
-			_ = <-k.clientPool
+			p := <-k.clientPool
+			p.httpClient.CloseIdleConnections()
 		}
 	}
 	k.clientPool = nil
 	k.count = 0
 }
 
-func (k *k8sClients) withClientFromPool(cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
+func (k *k8sClients) withClientFromPool(ctx context.Context, cb func(p *parallelClientEntry) error) ([]ApiWarning, error) {
 	select {
 	case p := <-k.clientPool:
 		defer func() { k.clientPool <- p }()
 		p.warnings = nil
 		err := cb(p)
 		return append([]ApiWarning(nil), p.warnings...), err
-	case <-k.ctx.Done():
-		return nil, fmt.Errorf("failed waiting for free client: %w", k.ctx.Err())
+	case <-ctx.Done():
+		return nil, fmt.Errorf("failed waiting for free client: %w", ctx.Err())
 	}
 }
 
-func (k *k8sClients) withCClientFromPool(dryRun bool, cb func(c client.Client) error) ([]ApiWarning, error) {
-	return k.withClientFromPool(func(p *parallelClientEntry) error {
+func (k *k8sClients) withCClientFromPool(ctx context.Context, dryRun bool, cb func(c client.Client) error) ([]ApiWarning, error) {
+	return k.withClientFromPool(ctx, func(p *parallelClientEntry) error {
 		c := p.client
 		if dryRun {
 			c = client.NewDryRunClient(c)
diff --git a/pkg/k8s/client_factory.go b/pkg/k8s/client_factory.go
deleted file mode 100644
index c530186d9..000000000
--- a/pkg/k8s/client_factory.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package k8s
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"k8s.io/apimachinery/pkg/api/meta"
-	"k8s.io/client-go/discovery"
-	"k8s.io/client-go/discovery/cached/disk"
-	"k8s.io/client-go/dynamic"
-	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/metadata"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/restmapper"
-	"k8s.io/client-go/tools/clientcmd"
-	"net/http"
-	"net/url"
-	"path/filepath"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
-	"time"
-)
-
-type ClientFactory interface {
-	RESTConfig() *rest.Config
-	GetCA() []byte
-
-	CloseIdleConnections()
-
-	Mapper() meta.RESTMapper
-	Client(wh rest.WarningHandler) (client.WithWatch, error)
-
-	DiscoveryClient() (discovery.DiscoveryInterface, error)
-	CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error)
-}
-
-type realClientFactory struct {
-	ctx        context.Context
-	config     *rest.Config
-	httpClient *http.Client
-
-	discoveryClient discovery.DiscoveryInterface
-	mapper          meta.RESTMapper
-}
-
-func (r *realClientFactory) RESTConfig() *rest.Config {
-	return r.config
-}
-
-func (r *realClientFactory) GetCA() []byte {
-	return r.config.CAData
-}
-
-func (r *realClientFactory) Mapper() meta.RESTMapper {
-	return r.mapper
-}
-
-func (r *realClientFactory) Client(wh rest.WarningHandler) (client.WithWatch, error) {
-	config := rest.CopyConfig(r.config)
-	config.WarningHandler = wh
-
-	return client.NewWithWatch(config, client.Options{
-		Mapper: r.mapper,
-		WarningHandler: client.WarningHandlerOptions{
-			SuppressWarnings: true,
-		},
-	})
-}
-
-func (r *realClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
-	return r.discoveryClient, nil
-}
-
-func (r *realClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
-	config := rest.CopyConfig(r.config)
-	config.WarningHandler = wh
-	return corev1.NewForConfigAndClient(config, r.httpClient)
-}
-
-func (r *realClientFactory) DynamicClient(wh rest.WarningHandler) (dynamic.Interface, error) {
-	config := rest.CopyConfig(r.config)
-	config.WarningHandler = wh
-	return dynamic.NewForConfigAndClient(config, r.httpClient)
-}
-
-func (r *realClientFactory) MetadataClient(wh rest.WarningHandler) (metadata.Interface, error) {
-	config := rest.CopyConfig(r.config)
-	config.WarningHandler = wh
-	return metadata.NewForConfigAndClient(config, r.httpClient)
-}
-
-func (r *realClientFactory) CloseIdleConnections() {
-	r.httpClient.CloseIdleConnections()
-}
-
-func CreateDiscoveryClient(ctx context.Context, config *rest.Config) (discovery.CachedDiscoveryInterface, error) {
-	apiHost, err := url.Parse(config.Host)
-	if err != nil {
-		return nil, err
-	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", strings.ReplaceAll(apiHost.Host, ":", "-"))
-	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
-	if err != nil {
-		return nil, err
-	}
-	return discovery2, nil
-}
-
-func NewClientFactoryFromConfig(ctx context.Context, configIn *rest.Config) (ClientFactory, error) {
-	restConfig := rest.CopyConfig(configIn)
-	restConfig.QPS = 10
-	restConfig.Burst = 20
-
-	httpClient, err := rest.HTTPClientFor(restConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	dc, err := CreateDiscoveryClient(ctx, restConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	mapper := restmapper.NewDeferredDiscoveryRESTMapper(dc)
-
-	return &realClientFactory{
-		ctx:             ctx,
-		config:          restConfig,
-		httpClient:      httpClient,
-		discoveryClient: dc,
-		mapper:          mapper,
-	}, nil
-}
-
-func NewClientFactoryFromDefaultConfig(ctx context.Context, context *string) (ClientFactory, error) {
-	configOverrides := &clientcmd.ConfigOverrides{}
-	if context != nil {
-		configOverrides.CurrentContext = *context
-	}
-
-	config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		clientcmd.NewDefaultClientConfigLoadingRules(),
-		configOverrides).ClientConfig()
-	if err != nil {
-		return nil, err
-	}
-
-	return NewClientFactoryFromConfig(ctx, config)
-}
-
-func NewClientFactory(ctx context.Context, config *rest.Config, httpClient *http.Client, dc discovery.DiscoveryInterface, mapper meta.RESTMapper) (ClientFactory, error) {
-	return &realClientFactory{
-		ctx:             ctx,
-		config:          config,
-		httpClient:      httpClient,
-		discoveryClient: dc,
-		mapper:          mapper,
-	}, nil
-}
diff --git a/pkg/k8s/discovery.go b/pkg/k8s/discovery.go
new file mode 100644
index 000000000..d5bcc4fc8
--- /dev/null
+++ b/pkg/k8s/discovery.go
@@ -0,0 +1,32 @@
+package k8s
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/client-go/discovery"
+	"k8s.io/client-go/discovery/cached/disk"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/restmapper"
+	"net/url"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func CreateDiscoveryAndMapper(ctx context.Context, config *rest.Config) (discovery.CachedDiscoveryInterface, meta.RESTMapper, error) {
+	apiHost, err := url.Parse(config.Host)
+	if err != nil {
+		return nil, nil, err
+	}
+	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", strings.ReplaceAll(apiHost.Host, ":", "-"))
+	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	mapper := restmapper.NewDeferredDiscoveryRESTMapper(discovery2)
+
+	return discovery2, mapper, nil
+}
diff --git a/pkg/k8s/fake_client_factory.go b/pkg/k8s/fake_client_factory.go
deleted file mode 100644
index 2135d24ef..000000000
--- a/pkg/k8s/fake_client_factory.go
+++ /dev/null
@@ -1,246 +0,0 @@
-package k8s
-
-import (
-	"context"
-	v1 "k8s.io/api/core/v1"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/discovery"
-	fake4 "k8s.io/client-go/discovery/fake"
-	fake3 "k8s.io/client-go/dynamic/fake"
-	"k8s.io/client-go/kubernetes/fake"
-	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/restmapper"
-	"k8s.io/client-go/testing"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	fake2 "sigs.k8s.io/controller-runtime/pkg/client/fake"
-	"sigs.k8s.io/controller-runtime/pkg/client/interceptor"
-	"sigs.k8s.io/kustomize/kyaml/openapi"
-	"sigs.k8s.io/kustomize/kyaml/yaml"
-	"strings"
-)
-
-type fakeClientFactory struct {
-	scheme           *runtime.Scheme
-	mapper           meta.RESTMapper
-	objects          []runtime.Object
-	simpleClientSet  *fake.Clientset
-	dynamicClientSet *fake3.FakeDynamicClient
-	discovery        discovery.DiscoveryInterface
-
-	errors []errorEntry
-}
-
-type errorEntry struct {
-	gvr       schema.GroupVersionResource
-	name      string
-	namespace string
-	retErr    error
-}
-
-func (f *fakeClientFactory) RESTConfig() *rest.Config {
-	return nil
-}
-
-func (f *fakeClientFactory) GetCA() []byte {
-	return []byte{}
-}
-
-func (f *fakeClientFactory) CloseIdleConnections() {
-}
-
-func (f *fakeClientFactory) Mapper() meta.RESTMapper {
-	return f.mapper
-}
-
-func (f *fakeClientFactory) Client(wh rest.WarningHandler) (client.WithWatch, error) {
-	return fake2.NewClientBuilder().
-		WithScheme(f.scheme).
-		WithRESTMapper(f.mapper).
-		WithObjectTracker(f.dynamicClientSet.Tracker()).
-		WithInterceptorFuncs(f.buildErrorInterceptor()).
-		Build(), nil
-}
-
-func (f *fakeClientFactory) DiscoveryClient() (discovery.DiscoveryInterface, error) {
-	return f.discovery, nil
-}
-
-func (f *fakeClientFactory) CoreV1Client(wh rest.WarningHandler) (corev1.CoreV1Interface, error) {
-	return f.simpleClientSet.CoreV1(), nil
-}
-
-func NewFakeClientFactory(objects ...runtime.Object) *fakeClientFactory {
-	scheme := runtime.NewScheme()
-	_ = v1.AddToScheme(scheme)
-	_ = apiextensionsv1.AddToScheme(scheme)
-
-	simpleClientSet := fake.NewSimpleClientset(objects...)
-	dynamicClientSet := fake3.NewSimpleDynamicClient(scheme, objects...)
-	dynamicClientSet.Fake.Resources = ConvertSchemeToAPIResources(scheme)
-	dc := &fake4.FakeDiscovery{Fake: &dynamicClientSet.Fake}
-
-	agrs, _ := restmapper.GetAPIGroupResources(dc)
-	mapper := restmapper.NewDiscoveryRESTMapper(agrs)
-
-	f := &fakeClientFactory{
-		scheme:           scheme,
-		mapper:           mapper,
-		objects:          objects,
-		simpleClientSet:  simpleClientSet,
-		dynamicClientSet: dynamicClientSet,
-		discovery:        dc,
-	}
-	simpleClientSet.PrependReactor("*", "*", f.errorReactor)
-	dynamicClientSet.PrependReactor("*", "*", f.errorReactor)
-	return f
-}
-
-type HasName interface {
-	GetName() string
-}
-
-func (f *fakeClientFactory) findError(gvr schema.GroupVersionResource, name string, namespace string) error {
-	for _, ee := range f.errors {
-		if ee.gvr != gvr {
-			continue
-		}
-		if ee.namespace != "" && ee.namespace != namespace {
-			continue
-		}
-
-		if ee.name != "" && ee.namespace != name {
-			continue
-		}
-
-		return ee.retErr
-	}
-	return nil
-}
-
-func (f *fakeClientFactory) buildErrorInterceptor() interceptor.Funcs {
-	h := func(key *client.ObjectKey, obj runtime.Object) error {
-		name := ""
-		namespace := ""
-		if key != nil {
-			name = key.Name
-			namespace = key.Namespace
-		} else if o, ok := obj.(client.Object); ok {
-			name = o.GetName()
-			namespace = o.GetNamespace()
-		}
-
-		gk := obj.GetObjectKind().GroupVersionKind().GroupKind()
-		rm, err := f.mapper.RESTMapping(gk, obj.GetObjectKind().GroupVersionKind().Version)
-		if err != nil {
-			return nil
-		}
-		return f.findError(rm.Resource, name, namespace)
-	}
-
-	return interceptor.Funcs{
-		Get: func(ctx context.Context, client client.WithWatch, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error {
-			err := h(&key, obj)
-			if err != nil {
-				return err
-			}
-			return client.Get(ctx, key, obj)
-		},
-		List: func(ctx context.Context, client client.WithWatch, list client.ObjectList, opts ...client.ListOption) error {
-			err := h(nil, list)
-			if err != nil {
-				return err
-			}
-			return client.List(ctx, list, opts...)
-		},
-	}
-}
-
-func (f *fakeClientFactory) errorReactor(action testing.Action) (handled bool, ret runtime.Object, err error) {
-	a, ok := action.(HasName)
-	if !ok {
-		return false, nil, nil
-	}
-	if err != nil {
-		return false, nil, nil
-	}
-
-	err = f.findError(action.GetResource(), a.GetName(), action.GetNamespace())
-	if err != nil {
-		return true, nil, err
-	}
-	return false, nil, err
-}
-
-func (f *fakeClientFactory) AddError(gvr schema.GroupVersionResource, name string, namespace string, retErr error) {
-	f.errors = append(f.errors, errorEntry{
-		gvr:       gvr,
-		name:      name,
-		namespace: namespace,
-		retErr:    retErr,
-	})
-}
-
-func ConvertSchemeToAPIResources(s *runtime.Scheme) []*metav1.APIResourceList {
-	m := map[schema.GroupVersion][]metav1.APIResource{}
-	var allTypes []schema.GroupVersionKind
-	listTypes := map[schema.GroupVersionKind]bool{}
-	for gvk, _ := range s.AllKnownTypes() {
-		if gvk.Version == "__internal" {
-			continue
-		}
-		if strings.HasSuffix(gvk.Kind, "List") {
-			listTypes[gvk] = true
-		}
-		allTypes = append(allTypes, gvk)
-	}
-
-	for _, gvk := range allTypes {
-		if strings.HasSuffix(gvk.Kind, "List") {
-			continue
-		}
-		// we misuse kyaml here
-		n, _ := openapi.IsNamespaceScoped(yaml.TypeMeta{
-			APIVersion: gvk.GroupVersion().String(),
-			Kind:       gvk.Kind,
-		})
-
-		verbs := []string{"delete", "deletecollection", "get", "patch", "create", "update", "watch"}
-		if listTypes[schema.GroupVersionKind{
-			Group:   gvk.Group,
-			Version: gvk.Version,
-			Kind:    gvk.Kind + "List",
-		}] {
-			verbs = append(verbs, "list")
-		}
-
-		singularGvr, _ := meta.UnsafeGuessKindToResource(gvk)
-
-		ar := metav1.APIResource{
-			Name:       singularGvr.Resource,
-			Namespaced: n,
-			Group:      gvk.Group,
-			Version:    gvk.Version,
-			Kind:       gvk.Kind,
-			Verbs:      verbs,
-		}
-
-		l, _ := m[gvk.GroupVersion()]
-		l = append(l, ar)
-		m[gvk.GroupVersion()] = l
-	}
-
-	var ret []*metav1.APIResourceList
-	for gv, arl := range m {
-		ret = append(ret, &metav1.APIResourceList{
-			GroupVersion: gv.String(),
-			APIResources: arl,
-		})
-	}
-
-	return ret
-}
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index d43dea6ac..19b2f4119 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"net/http"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
@@ -33,9 +34,9 @@ type K8sCluster struct {
 
 	DryRun bool
 
-	clientFactory ClientFactory
-
+	config         *rest.Config
 	discovery      discovery.DiscoveryInterface
+	mapper         meta.RESTMapper
 	discoveryMutex *sync.Mutex
 
 	clients *k8sClients
@@ -46,24 +47,25 @@ type K8sCluster struct {
 	crdCacheMutex *sync.Mutex
 }
 
-func NewK8sCluster(ctx context.Context, clientFactory ClientFactory, dryRun bool) (*K8sCluster, error) {
+func NewK8sCluster(ctx context.Context,
+	config *rest.Config,
+	discovery discovery.DiscoveryInterface,
+	mapper meta.RESTMapper,
+	dryRun bool) (*K8sCluster, error) {
 	var err error
 
 	k := &K8sCluster{
 		ctx:            ctx,
 		DryRun:         dryRun,
-		clientFactory:  clientFactory,
+		config:         config,
+		discovery:      discovery,
+		mapper:         mapper,
 		discoveryMutex: &sync.Mutex{},
 		crdCache:       map[k8s.ObjectRef]any{},
 		crdCacheMutex:  &sync.Mutex{},
 	}
 
-	k.discovery, err = clientFactory.DiscoveryClient()
-	if err != nil {
-		return nil, err
-	}
-
-	k.clients, err = newK8sClients(ctx, clientFactory, 16)
+	k.clients, err = newK8sClients(k, 16)
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +87,7 @@ func (k *K8sCluster) ReadWrite() *K8sCluster {
 
 func (k *K8sCluster) GetClusterId() (string, error) {
 	var clusterId string
-	_, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+	_, err := k.clients.withCClientFromPool(k.ctx, true, func(c client.Client) error {
 		var err error
 		clusterId, err = GetClusterId(k.ctx, c)
 		return err
@@ -97,7 +99,7 @@ func (k *K8sCluster) GetClusterId() (string, error) {
 }
 
 func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
-	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, true, func(c client.Client) error {
 		return c.List(k.ctx, l, client.InNamespace(namespace), client.MatchingLabels(labels))
 	})
 	if err != nil {
@@ -140,7 +142,7 @@ func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject,
 	var o unstructured.Unstructured
 	o.SetGroupVersionKind(ref.GroupVersionKind())
 
-	apiWarnings, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, true, func(c client.Client) error {
 		return c.Get(k.ctx, client.ObjectKey{
 			Name:      ref.Name,
 			Namespace: ref.Namespace,
@@ -171,7 +173,7 @@ func (k *K8sCluster) DeleteSingleObject(ref k8s.ObjectRef, options DeleteOptions
 	o.SetName(ref.Name)
 	o.SetNamespace(ref.Namespace)
 
-	apiWarnings, err := k.clients.withCClientFromPool(dryRun, func(c client.Client) error {
+	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, dryRun, func(c client.Client) error {
 		return c.Delete(k.ctx, &o, client.PropagationPolicy(v1.DeletePropagationBackground))
 	})
 
@@ -322,7 +324,7 @@ func (k *K8sCluster) doPatch(ref k8s.ObjectRef, obj client.Object, patch client.
 	}
 	opts = append(opts, client.FieldOwner("kluctl"))
 
-	apiWarnings, err := k.clients.withCClientFromPool(k.DryRun, func(c client.Client) error {
+	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, k.DryRun, func(c client.Client) error {
 		err := c.Patch(k.ctx, obj, patch, opts...)
 		if err != nil {
 			return fmt.Errorf("failed to patch %s: %w", ref.String(), err)
@@ -361,7 +363,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 	}
 	opts = append(opts, client.FieldOwner("kluctl"))
 
-	apiWarnings, err := k.clients.withCClientFromPool(k.DryRun, func(c client.Client) error {
+	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, k.DryRun, func(c client.Client) error {
 		return c.Update(k.ctx, obj, opts...)
 	})
 	if err != nil {
@@ -379,7 +381,7 @@ func (k *K8sCluster) envtestProxyGet(scheme, namespace, name, port, path string,
 		envPort := m["SERVICE_PORT"]
 		envUrl := m["LOCAL_URL"]
 
-		apiHost := strings.TrimSuffix(k.clientFactory.RESTConfig().Host, "/")
+		apiHost := strings.TrimSuffix(k.config.Host, "/")
 
 		if envApiHost != apiHost || envNamespace != namespace || envName != name || port != envPort {
 			continue
@@ -410,8 +412,12 @@ func (k *K8sCluster) ProxyGet(scheme, namespace, name, port, path string, params
 	}
 
 	var ret rest.ResponseWrapper
-	_, err = k.clients.withClientFromPool(func(p *parallelClientEntry) error {
-		ret = p.corev1.Services(namespace).ProxyGet(scheme, name, port, path, params)
+	_, err = k.clients.withClientFromPool(k.ctx, func(p *parallelClientEntry) error {
+		c, err := corev1.NewForConfigAndClient(p.config, p.httpClient)
+		if err != nil {
+			return err
+		}
+		ret = c.Services(namespace).ProxyGet(scheme, name, port, path, params)
 		return nil
 	})
 	if err != nil {
@@ -425,7 +431,7 @@ func (k *K8sCluster) IsNamespaced(gvk schema.GroupVersionKind) *bool {
 	obj.SetGroupVersionKind(gvk)
 
 	ret := false
-	_, err := k.clients.withCClientFromPool(true, func(c client.Client) error {
+	_, err := k.clients.withCClientFromPool(k.ctx, true, func(c client.Client) error {
 		x, err := c.IsObjectNamespaced(&obj)
 		if err != nil {
 			return err
@@ -453,7 +459,7 @@ func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
 }
 
 func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
-	rms, err := k.clientFactory.Mapper().RESTMappings(gvk.GroupKind(), gvk.Version)
+	rms, err := k.mapper.RESTMappings(gvk.GroupKind(), gvk.Version)
 	if err != nil {
 		return nil, err
 	}
@@ -517,17 +523,13 @@ func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.Unstructu
 }
 
 func (k *K8sCluster) ResetMapper() {
-	if m, ok := k.clientFactory.Mapper().(meta.ResettableRESTMapper); ok {
+	if m, ok := k.mapper.(meta.ResettableRESTMapper); ok {
 		m.Reset()
 	}
 }
 
-func (k *K8sCluster) ToClient() (client.WithWatch, error) {
-	return k.clientFactory.Client(nil)
-}
-
 func (k *K8sCluster) ToRESTConfig() (*rest.Config, error) {
-	return k.clientFactory.RESTConfig(), nil
+	return k.config, nil
 }
 
 func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) {
@@ -539,5 +541,5 @@ func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, er
 }
 
 func (k *K8sCluster) ToRESTMapper() (meta.RESTMapper, error) {
-	return k.clientFactory.Mapper(), nil
+	return k.mapper, nil
 }
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 5c98eff20..8eb2db654 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -13,7 +13,6 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 	defer status.Trace(ctx, "leave LoadKluctlProject")
 
 	p := &LoadedKluctlProject{
-		ctx:           ctx,
 		LoadArgs:      args,
 		LoadTime:      time.Now(),
 		TmpDir:        tmpDir,
@@ -27,11 +26,11 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		p.SopsDecrypter.AddLocalKeyService()
 	}
 
-	err := p.loadKluctlProject()
+	err := p.loadKluctlProject(ctx)
 	if err != nil {
 		return nil, err
 	}
-	err = p.loadTargets()
+	err = p.loadTargets(ctx)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 50aea59fc..3b108a62b 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -1,7 +1,6 @@
 package kluctl_project
 
 import (
-	"context"
 	"fmt"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -11,8 +10,6 @@ import (
 )
 
 type LoadedKluctlProject struct {
-	ctx context.Context
-
 	LoadArgs LoadKluctlProjectArgs
 	LoadTime time.Time
 
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 04493fb1d..5c1d8bc70 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -1,6 +1,7 @@
 package kluctl_project
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -35,7 +36,7 @@ func (c *LoadedKluctlProject) getConfigPath() string {
 	return configPath
 }
 
-func (c *LoadedKluctlProject) loadKluctlProject() error {
+func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 	var err error
 
 	if c.LoadArgs.RepoRoot != "" {
@@ -54,7 +55,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		}
 	}
 
-	s := status.Start(c.ctx, "Loading kluctl project")
+	s := status.Start(ctx, "Loading kluctl project")
 	defer s.Failed()
 
 	c.sealedSecretsDir = filepath.Join(c.LoadArgs.ProjectDir, ".sealed-secrets")
@@ -69,7 +70,7 @@ func (c *LoadedKluctlProject) loadKluctlProject() error {
 		}
 	}
 	if sealedSecretsUsed {
-		status.Deprecation(c.ctx, "sealed-secrets", "The SealedSecrets integration is deprecated and will be completely removed in an upcoming version. Please switch to using the SOPS integration instead.")
+		status.Deprecation(ctx, "sealed-secrets", "The SealedSecrets integration is deprecated and will be completely removed in an upcoming version. Please switch to using the SOPS integration instead.")
 	}
 
 	s.Success()
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 71f916d55..4e5739d22 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -44,7 +44,7 @@ type TargetContextParams struct {
 	RenderOutputDir    string
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params TargetContextParams) (*TargetContext, error) {
+func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName string, k *k8s.K8sCluster, params TargetContextParams) (*TargetContext, error) {
 	repoRoot, err := filepath.Abs(p.LoadArgs.RepoRoot)
 	if err != nil {
 		return nil, err
@@ -71,9 +71,10 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	if params.TargetNameOverride != "" {
 		target.Name = params.TargetNameOverride
 	}
-	if params.ContextOverride != "" {
-		target.Context = &params.ContextOverride
-	}
+
+	params.Images.PrependFixedImages(target.Images)
+
+	target.Context = &contextName
 
 	if needRender {
 		// we must render the target after handling overrides
@@ -83,38 +84,15 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		}
 	}
 
-	params.Images.PrependFixedImages(target.Images)
-
-	clientConfig, clusterContext, err := p.loadK8sConfig(target, params.OfflineK8s)
-	if err != nil {
-		return nil, err
-	}
-	target.Context = &clusterContext
-
 	varsCtx, err := p.buildVars(target, params.ForSeal)
 	if err != nil {
 		return nil, err
 	}
 
-	var k *k8s.K8sCluster
-	if clientConfig != nil {
-		s := status.Start(ctx, fmt.Sprintf("Initializing k8s client"))
-		clientFactory, err := k8s.NewClientFactoryFromConfig(ctx, clientConfig)
-		if err != nil {
-			return nil, err
-		}
-		k, err = k8s.NewK8sCluster(ctx, clientFactory, params.DryRun)
-		if err != nil {
-			s.Failed()
-			return nil, err
-		}
-		s.Success()
-	}
-
 	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory())
 
 	if params.ForSeal {
-		err = p.loadSecrets(target, varsCtx, varsLoader)
+		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
 		if err != nil {
 			return nil, err
 		}
@@ -149,7 +127,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 		SharedContext:        dctx,
 		KluctlProject:        p,
 		Target:               *target,
-		ClusterContext:       clusterContext,
+		ClusterContext:       contextName,
 		DeploymentProject:    d,
 		DeploymentCollection: c,
 	}
@@ -157,12 +135,22 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, params Targe
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s bool) (*rest.Config, string, error) {
-	if offlineK8s {
+func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, params TargetContextParams) (*rest.Config, string, error) {
+	if params.OfflineK8s {
 		return nil, "", nil
 	}
 
-	contextName := target.Context
+	var contextName *string
+	if params.TargetName != "" {
+		t, err := p.FindTarget(params.TargetName)
+		if err != nil {
+			return nil, "", err
+		}
+		contextName = t.Context
+	}
+	if params.ContextOverride != "" {
+		contextName = &params.ContextOverride
+	}
 
 	var err error
 	var clientConfig *rest.Config
@@ -170,18 +158,13 @@ func (p *LoadedKluctlProject) loadK8sConfig(target *types.Target, offlineK8s boo
 	clientConfig, restConfig, err = p.LoadArgs.ClientConfigGetter(contextName)
 	if err != nil {
 		if contextName == nil && clientcmd.IsEmptyConfig(err) {
-			status.Warning(p.ctx, "No valid KUBECONFIG provided, which means the Kubernetes client is not available. Depending on your deployment project, this might cause follow-up errors.")
+			status.Warning(ctx, "No valid KUBECONFIG provided, which means the Kubernetes client is not available. Depending on your deployment project, this might cause follow-up errors.")
 			return nil, "", nil
 		}
 		return nil, "", err
 	}
-	if contextName == nil {
-		contextName = &restConfig.CurrentContext
-	}
-	if contextName != nil {
-		return clientConfig, *contextName, nil
-	}
-	return clientConfig, "", nil
+	contextName = &restConfig.CurrentContext
+	return clientConfig, *contextName, nil
 }
 
 func (p *LoadedKluctlProject) buildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
@@ -228,7 +211,7 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 	return nil, fmt.Errorf("secret Set with name %s was not found", name)
 }
 
-func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
+func (p *LoadedKluctlProject) loadSecrets(ctx context.Context, target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
 	searchDirs := []string{p.LoadArgs.ProjectDir}
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
@@ -236,7 +219,7 @@ func (p *LoadedKluctlProject) loadSecrets(target *types.Target, varsCtx *vars.Va
 		if err != nil {
 			return err
 		}
-		err = varsLoader.LoadVarsList(p.ctx, varsCtx, secretEntry.Vars, searchDirs, "secrets")
+		err = varsLoader.LoadVarsList(ctx, varsCtx, secretEntry.Vars, searchDirs, "secrets")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index abd2c9ad3..f10f72398 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -1,39 +1,40 @@
 package kluctl_project
 
 import (
+	"context"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"sort"
 )
 
-func (c *LoadedKluctlProject) loadTargets() error {
-	status.Trace(c.ctx, "Loading targets")
-	defer status.Trace(c.ctx, "Done loading targets")
+func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
+	status.Trace(ctx, "Loading targets")
+	defer status.Trace(ctx, "Done loading targets")
 
 	targetNames := make(map[string]bool)
 	c.Targets = nil
 
 	for i, configTarget := range c.Config.Targets {
 		if configTarget.Name == "" {
-			status.Errorf(c.ctx, "Target at index %d has no name", i)
+			status.Errorf(ctx, "Target at index %d has no name", i)
 			continue
 		}
 
 		target, err := c.buildTarget(configTarget)
 		if err != nil {
-			status.Warningf(c.ctx, "Failed to load target config for project: %v", err)
+			status.Warningf(ctx, "Failed to load target config for project: %v", err)
 			continue
 		}
 
 		err = c.renderTarget(target)
 		if err != nil {
-			status.Warningf(c.ctx, "Failed to load target %s: %v", target.Name, err)
+			status.Warningf(ctx, "Failed to load target %s: %v", target.Name, err)
 			continue
 		}
 
 		if _, ok := targetNames[target.Name]; ok {
-			status.Warningf(c.ctx, "Duplicate target %s", target.Name)
+			status.Warningf(ctx, "Duplicate target %s", target.Name)
 		} else {
 			targetNames[target.Name] = true
 			c.Targets = append(c.Targets, target)
diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
index 65bd1853d..55f8d0f6a 100644
--- a/pkg/webui/clusteraccessor.go
+++ b/pkg/webui/clusteraccessor.go
@@ -11,7 +11,6 @@ import (
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sync"
 	"time"
 )
@@ -82,23 +81,11 @@ func (ca *clusterAccessor) tryInitClient() error {
 	}
 	ca.scheme = scheme
 
-	httpClient, err := rest.HTTPClientFor(ca.config)
+	ca.discovery, ca.mapper, err = k8s2.CreateDiscoveryAndMapper(context.Background(), ca.config)
 	if err != nil {
 		return err
 	}
 
-	dc, err := k8s2.CreateDiscoveryClient(context.Background(), ca.config)
-	if err != nil {
-		return err
-	}
-	ca.discovery = dc
-
-	mapper, err := apiutil.NewDynamicRESTMapper(ca.config, httpClient)
-	if err != nil {
-		return err
-	}
-	ca.mapper = mapper
-
 	c, err := ca.getClientLocked("", nil)
 	if err != nil {
 		return err
@@ -150,15 +137,5 @@ func (ca *clusterAccessor) getK(ctx context.Context, asUser string, asGroups []s
 	config.Impersonate.UserName = asUser
 	config.Impersonate.Groups = asGroups
 
-	httpClient, err := rest.HTTPClientFor(config)
-	if err != nil {
-		return nil, err
-	}
-
-	cf, err := k8s2.NewClientFactory(ctx, config, httpClient, ca.discovery, ca.mapper)
-	if err != nil {
-		return nil, err
-	}
-
-	return k8s2.NewK8sCluster(ctx, cf, false)
+	return k8s2.NewK8sCluster(ctx, config, ca.discovery, ca.mapper, false)
 }

From 2092449018a2f26ce6b0ca60374aeacff0dead06 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 09:02:32 +0200
Subject: [PATCH 1408/2268] refactor: Create command result id before
 generating the result

---
 cmd/kluctl/commands/cmd_validate.go           |  8 +++----
 cmd/kluctl/commands/command_result.go         |  9 +++++---
 cmd/kluctl/commands/utils.go                  | 12 +++++++---
 pkg/controllers/kluctl_project.go             | 22 ++++++++++---------
 .../kluctldeployment_controller.go            | 13 +++++++----
 pkg/deployment/commands/delete.go             |  2 --
 pkg/deployment/commands/deploy.go             |  3 ---
 pkg/deployment/commands/diff.go               |  2 --
 pkg/deployment/commands/poke_images.go        |  2 --
 pkg/deployment/commands/prune.go              |  2 --
 pkg/deployment/commands/validate.go           |  2 --
 11 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 3bec5fb9e..f8185e033 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -40,14 +40,14 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, "", cmdCtx.targetCtx, nil)
-		return cmd.doValidate(cmdCtx.ctx, cmd2)
+		return cmd.doValidate(cmdCtx, cmd2)
 	})
 }
 
-func (cmd *validateCmd) doValidate(ctx context.Context, cmd2 *commands.ValidateCommand) error {
+func (cmd *validateCmd) doValidate(ctx *commandCtx, cmd2 *commands.ValidateCommand) error {
 	startTime := time.Now()
 	for true {
-		result, err := cmd2.Run(ctx)
+		result, err := cmd2.Run(ctx.ctx)
 		if err != nil {
 			return err
 		}
@@ -59,7 +59,7 @@ func (cmd *validateCmd) doValidate(ctx context.Context, cmd2 *commands.ValidateC
 		}
 
 		if !failed {
-			_, _ = getStderr(ctx).WriteString("Validation succeeded\n")
+			_, _ = getStderr(ctx.ctx).WriteString("Validation succeeded\n")
 			return nil
 		}
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index fd35491e8..60c9f821c 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -224,6 +224,7 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
 	status.Flush(ctx.ctx)
 
+	cr.Id = ctx.resultId
 	cr.Command.Initiator = result.CommandInititiator_CommandLine
 
 	if !flags.NoObfuscate {
@@ -255,10 +256,12 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 	return err
 }
 
-func outputValidateResult(ctx context.Context, output []string, vr *result.ValidateResult) error {
-	status.Flush(ctx)
+func outputValidateResult(ctx *commandCtx, output []string, vr *result.ValidateResult) error {
+	status.Flush(ctx.ctx)
+
+	vr.Id = ctx.resultId
 
-	return outputHelper(ctx, output, func(format string) (string, error) {
+	return outputHelper(ctx.ctx, output, func(format string) (string, error) {
 		return formatValidateResult(vr, format)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index b5d6c606a..ffaa1a750 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/git"
@@ -144,9 +145,11 @@ type projectTargetCommandArgs struct {
 }
 
 type commandCtx struct {
-	ctx         context.Context
-	targetCtx   *kluctl_project.TargetContext
-	images      *deployment.Images
+	ctx       context.Context
+	targetCtx *kluctl_project.TargetContext
+	images    *deployment.Images
+
+	resultId    string
 	resultStore results.ResultStore
 }
 
@@ -196,6 +199,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		RenderOutputDir:    renderOutputDir,
 	}
 
+	commandResultId := uuid.NewString()
+
 	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams)
 	if err != nil {
 		return err
@@ -246,6 +251,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		ctx:         ctx,
 		targetCtx:   targetCtx,
 		images:      images,
+		resultId:    commandResultId,
 		resultStore: resultStore,
 	}
 
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 6df72e32d..a3886ff3f 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -654,7 +654,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string) error {
+func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -662,6 +662,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		return cmdErr
 	}
 
+	cmdResult.Id = crId
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.Command.KluctlDeployment = &result.KluctlDeploymentInfo{
 		Name:      pt.pp.obj.Name,
@@ -723,7 +724,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
-func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult) error {
+func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -731,6 +732,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 		return cmdErr
 	}
 
+	validateResult.Id = crId
 	validateResult.KluctlDeployment = &result.KluctlDeploymentInfo{
 		Name:      pt.pp.obj.Name,
 		Namespace: pt.pp.obj.Namespace,
@@ -753,7 +755,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -767,32 +769,32 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.WaitPrune = false
 
 	cmdResult, err := cmd.Run(nil)
-	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy")
+	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId)
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
 	cmdResult, err := cmd.Run()
-	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images")
+	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId)
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) (*result.ValidateResult, error) {
+func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string) (*result.ValidateResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
 	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
 
 	validateResult, err := cmd.Run(ctx)
-	err = pt.handleValidateResult(ctx, err, validateResult)
+	err = pt.handleValidateResult(ctx, err, validateResult, crId)
 	return validateResult, err
 }
 
-func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string, crId string) (*result.CommandResult, error) {
 	if !pt.pp.obj.Spec.Delete {
 		return nil, nil
 	}
@@ -837,7 +839,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	cmdResult.TargetKey.Discriminator = discriminator
 	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
 
-	err = pt.handleCommandResult(ctx, err, cmdResult, "delete")
+	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId)
 	return cmdResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 8ea0b8aa9..e7f5ac41e 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
@@ -353,6 +354,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	obj.Status.LastObjectsHash = objectsHash
 
+	commandResultId := uuid.NewString()
+
 	var deployResult *result.CommandResult
 	if needDeploy {
 		// deploy the kluctl project
@@ -361,13 +364,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlDeploy(ctx, targetContext)
+			deployResult, err = pt.kluctlDeploy(ctx, targetContext, commandResultId)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
 			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlPokeImages(ctx, targetContext)
+			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, commandResultId)
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}
@@ -382,7 +385,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult)
+		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, commandResultId)
 		err = obj.Status.SetLastValidateResult(validateResult, err)
 		if err != nil {
 			log.Error(err, "Failed to write validate result")
@@ -588,7 +591,9 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 
 	pt := pp.newTarget()
 
-	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator)
+	commandResultId := uuid.NewString()
+
+	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator, commandResultId)
 }
 
 // checkLegacyKluctlDeployment checks if a legacy KluctlDeployment from the old flux.kluctl.io group is present. If yes
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 4e24954b5..19c68145a 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -74,7 +73,6 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 	}
 
 	r := &result.CommandResult{
-		Id:       uuid.New().String(),
 		Objects:  collectObjects(c, ru, nil, nil, nil, deleted),
 		Errors:   dew.GetErrorsList(),
 		Warnings: dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 937bcca32..7400fc5be 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -2,7 +2,6 @@ package commands
 
 import (
 	"fmt"
-	"github.com/google/uuid"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -64,7 +63,6 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 
 		orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 		diffResult := &result.CommandResult{
-			Id:         uuid.New().String(),
 			Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 			Errors:     dew.GetErrorsList(),
 			Warnings:   dew.GetWarningsList(),
@@ -106,7 +104,6 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	}
 
 	r := &result.CommandResult{
-		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, deleted),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index ece0bc25a..9285c5a23 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -2,7 +2,6 @@ package commands
 
 import (
 	"fmt"
-	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -63,7 +62,6 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 		return nil, err
 	}
 	r := &result.CommandResult{
-		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index b0a22cccc..836403ea4 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -2,7 +2,6 @@ package commands
 
 import (
 	"fmt"
-	"github.com/google/uuid"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -100,7 +99,6 @@ func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
 	}
 
 	r := &result.CommandResult{
-		Id:         uuid.New().String(),
 		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
 		Errors:     dew.GetErrorsList(),
 		Warnings:   dew.GetWarningsList(),
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index d150ff7ff..912d3ca45 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -2,7 +2,6 @@ package commands
 
 import (
 	"fmt"
-	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -58,7 +57,6 @@ func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*resu
 	orphanObjects = filterDeletedOrphans(orphanObjects, deleted)
 
 	r := &result.CommandResult{
-		Id:       uuid.New().String(),
 		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, orphanObjects, deleted),
 		Warnings: dew.GetWarningsList(),
 	}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 4220a591f..25d4a2735 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -3,7 +3,6 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/google/uuid"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -36,7 +35,6 @@ func NewValidateCommand(ctx context.Context, discriminator string, targetCtx *kl
 
 func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, error) {
 	ret := result.ValidateResult{
-		Id:    uuid.New().String(),
 		Ready: true,
 	}
 

From d642504acdec8587b00a90439d40705ae9e442ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 10:07:01 +0200
Subject: [PATCH 1409/2268] refactor: Remove unused isTerminal

---
 cmd/kluctl/commands/root.go                    |  2 +-
 e2e/test_project/kluctl_execute.go             |  2 +-
 pkg/controllers/kluctldeployment_controller.go |  2 +-
 pkg/status/simple_status_handler.go            | 16 +++++-----------
 4 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 0f467b533..673355350 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -100,7 +100,7 @@ func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool)
 	} else {
 		sh = status.NewSimpleStatusHandler(func(level status.Level, message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
-		}, isTerminal, debug)
+		}, debug)
 		pp = &prompts.SimplePromptProvider{Out: origStderr}
 	}
 	ctx = status.NewContext(ctx, sh)
diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 25897f65b..2f8487da5 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -31,7 +31,7 @@ func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, s
 		defer m.Unlock()
 		t.Log(message)
 		stderrBuf.WriteString(message + "\n")
-	}, false, true)
+	}, true)
 	defer func() {
 		if sh != nil {
 			sh.Stop()
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index e7f5ac41e..e617284a8 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -67,7 +67,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		log.Info(message)
-	}, false, false))
+	}, false))
 
 	obj := &kluctlv1.KluctlDeployment{}
 	if err := r.Get(ctx, req.NamespacedName, obj); err != nil {
diff --git a/pkg/status/simple_status_handler.go b/pkg/status/simple_status_handler.go
index 7d35f96fb..21f0939d1 100644
--- a/pkg/status/simple_status_handler.go
+++ b/pkg/status/simple_status_handler.go
@@ -1,26 +1,20 @@
 package status
 
 type simpleStatusHandler struct {
-	cb         func(level Level, message string)
-	isTerminal bool
-	trace      bool
+	cb    func(level Level, message string)
+	trace bool
 }
 
 type simpleStatusLine struct {
 }
 
-func NewSimpleStatusHandler(cb func(level Level, message string), isTerminal bool, trace bool) StatusHandler {
+func NewSimpleStatusHandler(cb func(level Level, message string), trace bool) StatusHandler {
 	return &simpleStatusHandler{
-		cb:         cb,
-		isTerminal: isTerminal,
-		trace:      trace,
+		cb:    cb,
+		trace: trace,
 	}
 }
 
-func (s *simpleStatusHandler) IsTerminal() bool {
-	return s.isTerminal
-}
-
 func (s *simpleStatusHandler) IsTraceEnabled() bool {
 	return s.trace
 }

From f1f45d0a4107064faec184c1991cc042459b5e9c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 10:07:16 +0200
Subject: [PATCH 1410/2268] refactor: Move ResultStore initialization into own
 function

---
 cmd/kluctl/commands/utils.go | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ffaa1a750..3ba199e3d 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -20,6 +20,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -207,6 +208,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	}
 
 	var k *k8s.K8sCluster
+	var resultStore results.ResultStore
 	if clientConfig != nil {
 		discovery, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, clientConfig)
 		if err != nil {
@@ -220,22 +222,13 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 			return err
 		}
 		s.Success()
-	}
-
-	var resultStore results.ResultStore
-	if args.commandResultFlags != nil && args.commandResultFlags.WriteCommandResult {
-		client, err := client2.New(clientConfig, client2.Options{
-			Mapper: mapper,
-		})
-		if err != nil {
-			return err
-		}
 
-		resultStore, err = results.NewResultStoreSecrets(ctx, clientConfig, client, args.commandResultFlags.CommandResultNamespace, args.commandResultFlags.KeepCommandResultsCount, args.commandResultFlags.KeepValidateResultsCount)
+		resultStore, err = initStores(ctx, clientConfig, mapper, args.commandResultFlags)
 		if err != nil {
 			return err
 		}
 	}
+
 	targetCtx, err := p.NewTargetContext(ctx, contextName, k, targetParams)
 	if err != nil {
 		return err
@@ -258,6 +251,26 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
+func initStores(ctx context.Context, clientConfig *rest.Config, mapper meta.RESTMapper, flags *args.CommandResultFlags) (results.ResultStore, error) {
+	if flags == nil || !flags.WriteCommandResult {
+		return nil, nil
+	}
+
+	client, err := client2.New(clientConfig, client2.Options{
+		Mapper: mapper,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	resultStore, err := results.NewResultStoreSecrets(ctx, clientConfig, client, flags.CommandResultNamespace, flags.KeepCommandResultsCount, flags.KeepValidateResultsCount)
+	if err != nil {
+		return nil, err
+	}
+
+	return resultStore, nil
+}
+
 func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {

From 6c74078f18321a596794202d9aeedc536a18fa97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 10:27:22 +0200
Subject: [PATCH 1411/2268] chore: Add .gitignore entry for cover.out

---
 .gitignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index d7ad8b4f4..d5bba3c90 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,5 @@
 /reports
 /vendor
 dist/
-.vscode
\ No newline at end of file
+.vscode
+cover.out

From a88cfdd7275e068112bd7527bf9d848799ffc78f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 11:27:30 +0200
Subject: [PATCH 1412/2268] fix: Don't clear errors/warnings from prepare stage

---
 e2e/gitops_errors_test.go             |  4 +++-
 pkg/deployment/commands/deploy.go     | 12 +++++-------
 pkg/deployment/utils/errors_holder.go | 15 +++++++++++++++
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index aaa397b5a..0c56bd76c 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -231,7 +231,9 @@ data:
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
 			{Message: "pruning without a discriminator is not supported"},
-		}, nil)
+		}, []result.DeploymentError{
+			{Message: "no discriminator configured. Orphan object detection will not work"},
+		})
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
 			_ = o.SetNestedField(backup, "discriminator")
 			return nil
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 7400fc5be..7ae6bc7b8 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -55,17 +55,18 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	}
 
 	if diffResultCb != nil {
-		au := utils2.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, o)
+		diffDew := dew.Clone()
+		au := utils2.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, diffDew, ru, cmd.targetCtx.SharedContext.K, o)
 		au.ApplyDeployments(cmd.targetCtx.DeploymentCollection.Deployments)
 
-		du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
+		du := utils2.NewDiffUtil(diffDew, ru, au.GetAppliedObjectsMap())
 		du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
 		orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 		diffResult := &result.CommandResult{
 			Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
-			Errors:     dew.GetErrorsList(),
-			Warnings:   dew.GetWarningsList(),
+			Errors:     diffDew.GetErrorsList(),
+			Warnings:   diffDew.GetWarningsList(),
 			SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
 		}
 
@@ -75,9 +76,6 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 		}
 	}
 
-	// clear errors and warnings
-	dew.Init()
-
 	// modify options to become a deploy
 	o.DryRun = cmd.targetCtx.SharedContext.K.DryRun
 	o.AbortOnError = cmd.AbortOnError
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index 363c5eeac..df09fb0e5 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -29,6 +29,21 @@ func (dew *DeploymentErrorsAndWarnings) Init() {
 	dew.errors = map[k8s.ObjectRef]map[result.DeploymentError]bool{}
 }
 
+func (dew *DeploymentErrorsAndWarnings) Clone() *DeploymentErrorsAndWarnings {
+	dew.mutex.Lock()
+	defer dew.mutex.Unlock()
+
+	c := NewDeploymentErrorsAndWarnings()
+	for k, v := range dew.errors {
+		c.errors[k] = v
+	}
+	for k, v := range dew.warnings {
+		c.warnings[k] = v
+	}
+
+	return c
+}
+
 func (dew *DeploymentErrorsAndWarnings) AddWarning(ref k8s.ObjectRef, warning error) {
 	de := result.DeploymentError{
 		Ref:     ref,

From 646173f2b9048d043da34be2442e1508dc38a737 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 11:27:53 +0200
Subject: [PATCH 1413/2268] tests: Rewrite
 TestRemoteObjectUtils_PermissionErrors as e2e test

---
 e2e/default_clusters.go                       | 27 ++++++--
 e2e/remote_objects_permission_test.go         | 62 +++++++++++++++++++
 e2e/test-utils/envtest_cluster.go             |  4 ++
 e2e/test_project/project.go                   |  7 +++
 .../utils/remote_objects_utils_test.go        | 49 ---------------
 5 files changed, 94 insertions(+), 55 deletions(-)
 create mode 100644 e2e/remote_objects_permission_test.go
 delete mode 100644 pkg/deployment/utils/remote_objects_utils_test.go

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 964029bcd..387be2edb 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	"runtime"
 	"sync"
@@ -85,21 +86,35 @@ func mergeKubeconfig(path string, kubeconfig []byte) {
 	}
 }
 
-func setMergedKubeconfigContext(t *testing.T, newContext string) {
+func setKubeconfigString(t *testing.T, content []byte) {
 	tmpKubeconfig, err := os.CreateTemp(t.TempDir(), "kubeconfig-")
 	if err != nil {
 		t.Fatal(err)
 	}
-	_ = tmpKubeconfig.Close()
+	defer tmpKubeconfig.Close()
 
-	kcfg, err := clientcmd.LoadFromFile(mergedKubeconfig)
+	_, err = tmpKubeconfig.Write(content)
 	if err != nil {
 		t.Fatal(err)
 	}
-	kcfg.CurrentContext = newContext
-	err = clientcmd.WriteToFile(*kcfg, tmpKubeconfig.Name())
+
+	t.Logf("set KUBECONFIG=%s\n", tmpKubeconfig.Name())
+	t.Setenv("KUBECONFIG", tmpKubeconfig.Name())
+}
+
+func setKubeconfig(t *testing.T, config api.Config) {
+	content, err := clientcmd.Write(config)
 	if err != nil {
 		t.Fatal(err)
 	}
-	t.Setenv("KUBECONFIG", tmpKubeconfig.Name())
+	setKubeconfigString(t, content)
+}
+
+func setMergedKubeconfigContext(t *testing.T, newContext string) {
+	kcfg, err := clientcmd.LoadFromFile(mergedKubeconfig)
+	if err != nil {
+		t.Fatal(err)
+	}
+	kcfg.CurrentContext = newContext
+	setKubeconfig(t, *kcfg)
 }
diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
new file mode 100644
index 000000000..ab41ad78c
--- /dev/null
+++ b/e2e/remote_objects_permission_test.go
@@ -0,0 +1,62 @@
+package e2e
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/stretchr/testify/assert"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"testing"
+)
+
+func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	username := p.TestSlug()
+	au, err := k.AddUser(envtest.User{Name: username}, nil)
+	assert.NoError(t, err)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addSecretDeployment(p, "secret", nil, resourceOpts{
+		name:      "secret",
+		namespace: p.TestSlug(),
+	}, false)
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	rbac := fmt.Sprintf(`
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: %s
+subjects:
+  - kind: User
+    name: %s
+roleRef:
+  kind: ClusterRole
+  name: "system:aggregate-to-view"
+  apiGroup: rbac.authorization.k8s.io
+`, username, username)
+	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
+		{Name: "rbac.yaml", Content: rbac},
+	}, nil)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm")
+	assertSecretExists(t, k, p.TestSlug(), "secret")
+
+	kc, err := au.KubeConfig()
+	assert.NoError(t, err)
+
+	setKubeconfigString(t, kc)
+
+	stdout, _, err := p.Kluctl("deploy", "--yes", "-t", "test", "--write-command-result=false")
+	assert.Error(t, err)
+	assert.Contains(t, stdout, "at least one permission error was encountered while gathering objects by discriminator labels")
+}
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index 4afba9da3..9fe0dfa92 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -132,6 +132,10 @@ func (c *EnvTestCluster) Stop() {
 	}
 }
 
+func (c *EnvTestCluster) AddUser(user envtest.User, baseConfig *rest.Config) (*envtest.AuthenticatedUser, error) {
+	return c.env.AddUser(user, baseConfig)
+}
+
 // RESTConfig returns K8s client config to pass to clientset objects
 func (c *EnvTestCluster) RESTConfig() *rest.Config {
 	return c.config
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 7f724ef29..2322be079 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -342,6 +342,13 @@ func (p *TestProject) convertInterfaceToList(x interface{}) []interface{} {
 	if l, ok := x.([]interface{}); ok {
 		return l
 	}
+	if s, ok := x.(string); ok {
+		l, err := yaml.ReadYamlAllString(s)
+		if err != nil {
+			p.t.Fatal(err)
+		}
+		return l
+	}
 	if l, ok := x.([]*uo.UnstructuredObject); ok {
 		for _, y := range l {
 			ret = append(ret, y)
diff --git a/pkg/deployment/utils/remote_objects_utils_test.go b/pkg/deployment/utils/remote_objects_utils_test.go
deleted file mode 100644
index 449cfedf7..000000000
--- a/pkg/deployment/utils/remote_objects_utils_test.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package utils
-
-import (
-	"context"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"testing"
-)
-
-func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
-	gvr := schema.GroupVersionResource{
-		Group:    "",
-		Version:  "v1",
-		Resource: "secrets",
-	}
-	expectedErr := errors.NewForbidden(gvr.GroupResource(), "secret", nil)
-
-	secret := &corev1.Secret{
-		ObjectMeta: v1.ObjectMeta{Name: "cm1", Namespace: "ns", Labels: map[string]string{"label1": "value1"}},
-		Data: map[string][]byte{
-			"test": []byte(`test`),
-		},
-	}
-
-	f := k8s.NewFakeClientFactory(secret)
-	f.AddError(gvr, "", "", expectedErr)
-	k, err := k8s.NewK8sCluster(context.TODO(), f, false)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	dew := NewDeploymentErrorsAndWarnings()
-	u := NewRemoteObjectsUtil(context.Background(), dew)
-	discriminator := "d"
-	err = u.UpdateRemoteObjects(k, &discriminator, []k8s2.ObjectRef{
-		k8s2.NewObjectRef("", "v1", "Secret", "secret", "default"),
-	}, false)
-	assert.NoError(t, err)
-	assert.Equal(t, []result.DeploymentError{{
-		Message: "at least one permission error was encountered while gathering objects by discriminator labels. This might result in orphan object detection to not work properly"},
-	}, dew.GetWarningsList())
-	assert.Empty(t, dew.GetErrorsList())
-}

From cbfc7861711c838a3e9c905ed08e777ab8a5ca3a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 17:02:15 +0200
Subject: [PATCH 1414/2268] fix: Don't redirect stderr for "controller run"

---
 cmd/kluctl/commands/root.go | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 673355350..b14b0c253 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -109,9 +109,9 @@ func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool)
 	return ctx
 }
 
-func redirectLogsAndStderr(ctxGetter func() context.Context) {
+func redirectLogsAndStderr(ctx context.Context) {
 	f := func(line string) {
-		status.Info(ctxGetter(), line)
+		status.Info(ctx, line)
 	}
 
 	lr1 := status.NewLineRedirector(f)
@@ -237,7 +237,7 @@ func initViper(ctx context.Context) {
 	viper.AddConfigPath("$HOME/.kluctl")
 	if err := viper.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); !ok {
-			status.Error(ctx, err.Error())
+			_, _ = fmt.Fprintf(os.Stderr, "%s\n", err.Error())
 			os.Exit(1)
 		}
 	}
@@ -247,12 +247,6 @@ func Main() {
 	colorable.EnableColorsStdout(nil)
 	ctx := context.Background()
 
-	ctx = initStatusHandlerAndPrompts(ctx, false, true)
-	redirectLogsAndStderr(func() context.Context {
-		// ctx might be replaced later in preRun() of Execute()
-		return ctx
-	})
-
 	initViper(ctx)
 
 	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
@@ -268,11 +262,13 @@ func Main() {
 		if err != nil {
 			return ctx, err
 		}
-		oldSh := status.FromContext(ctxIn)
-		if oldSh != nil {
-			oldSh.Stop()
+
+		ctx = initStatusHandlerAndPrompts(ctx, flags.Debug, flags.NoColor)
+
+		if cmd.Name() != "run" && cmd.Parent().Name() != "controller" {
+			redirectLogsAndStderr(ctx)
 		}
-		ctx = initStatusHandlerAndPrompts(ctxIn, flags.Debug, flags.NoColor)
+
 		if !flags.NoUpdateCheck {
 			if len(os.Args) < 2 || (os.Args[1] != "completion" && os.Args[1] != "__complete") {
 				checkNewVersion(ctx)
@@ -288,7 +284,9 @@ func Main() {
 	}
 
 	sh := status.FromContext(ctx)
-	sh.Stop()
+	if sh != nil {
+		sh.Stop()
+	}
 
 	if err != nil {
 		os.Exit(1)
@@ -330,7 +328,11 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	err = rootCmd.Execute()
 	if err != nil {
-		status.Error(ctx, err.Error())
+		if status.FromContext(ctx) != nil {
+			status.Error(ctx, err.Error())
+		} else {
+			_, _ = fmt.Fprintf(os.Stderr, "%s\n", err.Error())
+		}
 		return err
 	}
 	return nil

From ce2e1b9f922ffcd8625d9b0d849f38f512a95f5a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 17:02:28 +0200
Subject: [PATCH 1415/2268] fix: Don't use development mode for zap config

---
 cmd/kluctl/commands/cmd_controller_run.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 181a297cb..a6c948b59 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -72,9 +72,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	metricsRecorder := metrics.NewRecorder()
 	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
 
-	opts := zap.Options{
-		Development: true,
-	}
+	opts := zap.Options{}
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
 	restConfig, err := cmd.loadConfig(cmd.Kubeconfig, cmd.Context)

From d6978752c3bf8dd1bed106eb7304d60b00a4b883 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 17:03:09 +0200
Subject: [PATCH 1416/2268] fix: Use reconcileID for commandResultId

---
 .../kluctldeployment_controller.go            | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index e617284a8..fbc4d2984 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -16,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -30,6 +29,7 @@ import (
 	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"time"
 )
@@ -65,6 +65,11 @@ type KluctlDeploymentReconcilerOpts struct {
 func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	reconcileStart := time.Now()
 
+	// we reuse the reconcileID as command result id
+	reconcileID := string(controller.ReconcileIDFromContext(ctx))
+
+	log := ctrl.LoggerFrom(ctx)
+
 	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		log.Info(message)
 	}, false))
@@ -113,7 +118,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	patch := client.MergeFrom(patchObj)
 
 	// reconcile kluctlDeployment by applying the latest revision
-	ctrlResult, reconcileErr := r.doReconcile(ctx, obj)
+	ctrlResult, reconcileErr := r.doReconcile(ctx, obj, reconcileID)
 
 	// make sure conditions were not touched in the obj. changing conditions is only allowed via patchCondition,
 	// which directly patches the object in-cluster and does not touch the local obj
@@ -157,7 +162,8 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 func (r *KluctlDeploymentReconciler) doReconcile(
 	ctx context.Context,
-	obj *kluctlv1.KluctlDeployment) (*ctrl.Result, error) {
+	obj *kluctlv1.KluctlDeployment,
+	reconcileId string) (*ctrl.Result, error) {
 
 	log := ctrl.LoggerFrom(ctx)
 	key := client.ObjectKeyFromObject(obj)
@@ -354,8 +360,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	obj.Status.LastObjectsHash = objectsHash
 
-	commandResultId := uuid.NewString()
-
 	var deployResult *result.CommandResult
 	if needDeploy {
 		// deploy the kluctl project
@@ -364,13 +368,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlDeploy(ctx, targetContext, commandResultId)
+			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
 			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, commandResultId)
+			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId)
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}
@@ -385,7 +389,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, commandResultId)
+		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId)
 		err = obj.Status.SetLastValidateResult(validateResult, err)
 		if err != nil {
 			log.Error(err, "Failed to write validate result")

From caf322531fe2b738fb3d17267c837bf3b6db8f26 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 9 Aug 2023 17:12:18 +0200
Subject: [PATCH 1417/2268] refactor: Move websocket accepting into helper
 function

---
 pkg/webui/events.go | 14 +-------------
 pkg/webui/utils.go  | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 13 deletions(-)
 create mode 100644 pkg/webui/utils.go

diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 73438b27f..3d99a3008 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -12,7 +12,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/http"
 	"nhooyr.io/websocket"
-	"strings"
 	"sync"
 	"time"
 )
@@ -252,18 +251,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		}
 	}
 
-	acceptOptions := &websocket.AcceptOptions{
-		InsecureSkipVerify: true,
-	}
-
-	userAgentLower := strings.ToLower(c.GetHeader("User-Agent"))
-	isSafari := strings.Contains(userAgentLower, "safari") && !strings.Contains(userAgentLower, "chrome") && !strings.Contains(userAgentLower, "android")
-
-	if isSafari {
-		acceptOptions.CompressionMode = websocket.CompressionDisabled
-	}
-
-	conn, err := websocket.Accept(c.Writer, c.Request, acceptOptions)
+	conn, err := acceptWebsocket(c)
 	if err != nil {
 		return
 	}
diff --git a/pkg/webui/utils.go b/pkg/webui/utils.go
new file mode 100644
index 000000000..12e1c8741
--- /dev/null
+++ b/pkg/webui/utils.go
@@ -0,0 +1,27 @@
+package webui
+
+import (
+	"github.com/gin-gonic/gin"
+	"nhooyr.io/websocket"
+	"strings"
+)
+
+func acceptWebsocket(ctx *gin.Context) (*websocket.Conn, error) {
+	acceptOptions := &websocket.AcceptOptions{
+		InsecureSkipVerify: true,
+	}
+
+	userAgentLower := strings.ToLower(ctx.GetHeader("User-Agent"))
+	isSafari := strings.Contains(userAgentLower, "safari") && !strings.Contains(userAgentLower, "chrome") && !strings.Contains(userAgentLower, "android")
+
+	if isSafari {
+		acceptOptions.CompressionMode = websocket.CompressionDisabled
+	}
+
+	conn, err := websocket.Accept(ctx.Writer, ctx.Request, acceptOptions)
+	if err != nil {
+		return nil, nil
+	}
+
+	return conn, err
+}

From 694df3b71d006e5ed1b1e88fcc17209bac60ba73 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Aug 2023 10:53:44 +0200
Subject: [PATCH 1418/2268] feat: Improve url/path handling and expand
 animations

---
 pkg/webui/ui/package-lock.json                |   1 +
 pkg/webui/ui/package.json                     |   1 +
 pkg/webui/ui/src/components/ActionsMenu.tsx   |   1 +
 pkg/webui/ui/src/components/Router.tsx        |   2 +-
 .../targets-view/CommandResultItem.tsx        |   4 +-
 .../targets-view/ExpandableCard.tsx           | 252 ++++++++++++++++++
 .../targets-view/ExpandedCardsView.tsx        | 226 ----------------
 .../components/targets-view/TargetItem.tsx    |  23 +-
 .../components/targets-view/TargetsView.tsx   | 154 +++++------
 9 files changed, 352 insertions(+), 312 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
 delete mode 100644 pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index 3cb9a42e0..c2b1e21dc 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -36,6 +36,7 @@
         "react-router-dom": "^6.12.1",
         "react-scripts": "5.0.1",
         "react-syntax-highlighter": "^15.5.0",
+        "react-transition-group": "^4.4.5",
         "remark-gfm": "^3.0.1",
         "sort-by": "^1.2.0",
         "typescript": "^4.9.5",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 324d49806..bb88e0709 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -32,6 +32,7 @@
     "react-router-dom": "^6.12.1",
     "react-scripts": "5.0.1",
     "react-syntax-highlighter": "^15.5.0",
+    "react-transition-group": "^4.4.5",
     "remark-gfm": "^3.0.1",
     "sort-by": "^1.2.0",
     "typescript": "^4.9.5",
diff --git a/pkg/webui/ui/src/components/ActionsMenu.tsx b/pkg/webui/ui/src/components/ActionsMenu.tsx
index 8e982a64d..529d967e3 100644
--- a/pkg/webui/ui/src/components/ActionsMenu.tsx
+++ b/pkg/webui/ui/src/components/ActionsMenu.tsx
@@ -45,6 +45,7 @@ export const ActionsMenu = (props: { icon?: React.ReactNode, menuItems: ActionMe
             open={menuOpen}
             onClose={handleMenuClose}
             onClick={e => { e.stopPropagation(); handleMenuClose() }}
+            sx={{zIndex: 20000}}
             PaperProps={{
                 elevation: 0,
                 sx: {
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index ef1840753..24b25fe17 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -21,7 +21,7 @@ export const Router = createHashRouter([
         errorElement: <ErrorPage />,
         children: [
             {
-                path: "targets/:targetPath?/history?",
+                path: "targets/*",
                 element: <TargetsView />,
                 errorElement: <ErrorPage />,
             },
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 01f98ec14..3aa3b51a4 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -6,7 +6,7 @@ import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
+import { CardBody, CardTemplate } from "./Card";
 import { ApiContext, AppContext } from "../App";
 import { Loading } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
@@ -140,8 +140,6 @@ export const CommandResultItem = React.memo(React.forwardRef((
         paperProps={{
             sx: {
                 padding: '20px 16px 5px 16px',
-                width: cardWidth,
-                height: cardHeight,
                 ...sx,
             },
             onClick: () => onSelectCommandResult?.(rs)
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
new file mode 100644
index 000000000..3110e47f6
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
@@ -0,0 +1,252 @@
+import React, { useEffect, useRef, useState } from "react";
+import { Box, ClickAwayListener, IconButton, useTheme } from "@mui/material";
+import { TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
+import { Transition, TransitionStatus } from "react-transition-group";
+
+const transitionTime = 200
+const arrowButtonWidth = 80;
+const arrowButtonHeight = 50;
+
+const ArrowButton = React.memo((props: {
+    direction: 'left' | 'right',
+    onButtonClick: () => void,
+    onContainerClick: () => void,
+    containerRect: DOMRect,
+    hidden: boolean
+}) => {
+    const Icon = {
+        left: TriangleLeftLightIcon,
+        right: TriangleRightLightIcon
+    }[props.direction];
+
+    if (props.hidden) {
+        return <></>
+    }
+
+    const top = props.containerRect.top + props.containerRect.height / 2 - arrowButtonHeight / 2
+
+    let left = 10
+    if (props.direction === "right") {
+        left = props.containerRect.right + 10
+    }
+
+
+    return <IconButton
+        sx={{
+            position: "fixed",
+            top: `${top}px`,
+            left: `${left}px`,
+            zIndex: 100000,
+        }}
+        onClick={(e) => {
+            e.stopPropagation();
+            props.onButtonClick()
+        }}
+    >
+        <Icon/>
+    </IconButton>
+});
+
+export interface ExpandedCardsViewProps<CardData> {
+    cardWidth: number,
+    cardHeight: number,
+    expand: boolean,
+    selected: string
+
+    cardsData: CardData[],
+    getKey: (cd: CardData) => string
+    renderCard: (
+        cardData: CardData,
+        expanded: boolean,
+        current: boolean
+    ) => React.ReactElement,
+
+    onExpand: () => void
+    onClose: () => void
+    onSelect: (cd: CardData) => void
+}
+
+export const ExpandableCard = function <CardData>(props: ExpandedCardsViewProps<CardData>) {
+    const theme = useTheme();
+
+    const dummyBoxRef = useRef<HTMLElement>(null)
+    const nodeRef = useRef(null)
+
+    const [initialRender, setInitialRender] = useState(true)
+    const [expanding, setExpanding] = useState(false)
+    const [expandingIndex, setExpandingIndex] = useState(0)
+    const [fullyExpanded, setFullyExpanded] = useState(false)
+
+    let selectedIndex = props.cardsData.findIndex((cd) => props.getKey(cd) === props.selected)
+    if (selectedIndex === -1) {
+        selectedIndex = 0
+    }
+
+    useEffect(() => {
+        setInitialRender(false)
+    }, [])
+    useEffect(() => {
+        if (!props.expand) {
+            setFullyExpanded(false)
+        }
+    }, [props.expand])
+
+    const handleClick = () => {
+        if (props.expand) {
+            return
+        }
+        props.onExpand()
+    }
+    const handleClickaway = () => {
+        if (!props.expand) {
+            return
+        }
+        setFullyExpanded(false)
+        props.onClose()
+    }
+    const handleSelect = (newIndex: number) => {
+        newIndex = Math.max(0, newIndex)
+        newIndex = Math.min(props.cardsData.length - 1, newIndex)
+        setExpandingIndex(newIndex)
+        props.onSelect(props.cardsData[newIndex])
+    }
+
+    const sx: any = {}
+
+    if (!props.expand) {
+        sx.cursor = "pointer"
+    }
+
+    let expandedTransformX = 0
+    let expandedTransformY = 0
+    let expandedWidth = 0
+    let expandedHeight = 0
+
+    const containerRect = new DOMRect(arrowButtonWidth, 40, window.innerWidth - arrowButtonWidth * 2, window.innerHeight - 80)
+
+    if (dummyBoxRef.current) {
+        const r = dummyBoxRef.current.getBoundingClientRect()
+        expandedTransformX += -r.left + containerRect.left
+        expandedTransformY += -r.top + containerRect.top
+        expandedWidth = containerRect.width
+        expandedHeight = containerRect.height
+    }
+
+    const buildStyle = (state: TransitionStatus, i: number): any => {
+        let r = dummyBoxRef.current?.getBoundingClientRect()!
+        const selectOffsetX = -(selectedIndex - i) * (window.innerWidth)
+        const transitionProps = ["transform", "width", "height", "min-width", "min-height"]
+        if (state === "exited") {
+            return {
+                position: "relative",
+                width: `${props.cardWidth}px`,
+                height: `${props.cardHeight}px`,
+                minWidth: `${props.cardWidth}px`,
+                minHeight: `${props.cardHeight}px`,
+                visibility: i === selectedIndex ? "visible" : "hidden",
+            }
+        } else if (state === "entering") {
+            return {
+                position: "fixed",
+                width: `${expandedWidth}px`,
+                height: `${expandedHeight}px`,
+                minWidth: `${expandedWidth}px`,
+                minHeight: `${expandedHeight}px`,
+                top: r.top,
+                left: r.left,
+                transform: `translateX(${selectOffsetX + expandedTransformX}px) translateY(${expandedTransformY}px)`,
+                transition: theme.transitions.create(transitionProps, {
+                    duration: transitionTime,
+                    easing: theme.transitions.easing.sharp
+                }),
+                "z-index": 10000,
+                visibility: i === selectedIndex ? "visible" : "hidden",
+            }
+        } else if (state === "entered") {
+            return {
+                position: "fixed",
+                width: `${expandedWidth}px`,
+                height: `${expandedHeight}px`,
+                minWidth: `${expandedWidth}px`,
+                minHeight: `${expandedHeight}px`,
+                top: r.top,
+                left: r.left,
+                transform: `translateX(${selectOffsetX + expandedTransformX}px) translateY(${expandedTransformY}px)`,
+                transition: theme.transitions.create(transitionProps, {
+                    duration: transitionTime,
+                    easing: theme.transitions.easing.sharp
+                }),
+                "z-index": 10000,
+            }
+        } else if (state === "exiting") {
+            return {
+                position: "fixed",
+                width: `${props.cardWidth}px`,
+                height: `${props.cardHeight}px`,
+                minWidth: `${props.cardWidth}px`,
+                minHeight: `${props.cardHeight}px`,
+                top: r.top,
+                left: r.left,
+                transition: theme.transitions.create(transitionProps, {
+                    duration: transitionTime,
+                    easing: theme.transitions.easing.sharp
+                }),
+                "z-index": 10000,
+                visibility: i === expandingIndex ? "visible" : "hidden",
+            }
+        }
+        return {}
+    }
+
+    return <ClickAwayListener onClickAway={handleClickaway}>
+        <Box ref={dummyBoxRef} width={props.cardWidth} height={props.cardHeight} minWidth={props.cardWidth}
+             minHeight={props.cardHeight}>
+            <ArrowButton
+                direction='left'
+                onButtonClick={() => {
+                    handleSelect(selectedIndex - 1)
+                }}
+                onContainerClick={handleClickaway}
+                containerRect={containerRect}
+                hidden={selectedIndex === 0 || !fullyExpanded}
+            />
+            {props.cardsData.map((cd, i) => {
+                return <Transition
+                    key={props.getKey(cd)}
+                    in={!initialRender && props.expand}
+                    nodeRef={nodeRef}
+                    timeout={transitionTime}
+                    onEnter={() => {
+                        setExpanding(true)
+                        setExpandingIndex(selectedIndex)
+                    }}
+                    onEntered={() => {
+                        setFullyExpanded(true)
+                    }}
+                    onExited={() => {
+                        setExpanding(false)
+                    }}
+                >
+                    {state => {
+                        const style = {
+                            ...sx,
+                            ...buildStyle(state, i)
+                        }
+                        return <Box ref={nodeRef} display={"flex"} sx={style} onClick={handleClick}>
+                            {props.renderCard(cd, expanding, i === selectedIndex)}
+                        </Box>
+                    }}
+                </Transition>
+            })}
+            <ArrowButton
+                direction='right'
+                onButtonClick={() => {
+                    handleSelect(selectedIndex + 1)
+                }}
+                onContainerClick={handleClickaway}
+                containerRect={containerRect}
+                hidden={selectedIndex === props.cardsData.length - 1 || !fullyExpanded}
+            />
+        </Box>
+    </ClickAwayListener>
+};
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx b/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
deleted file mode 100644
index 6a7725101..000000000
--- a/pkg/webui/ui/src/components/targets-view/ExpandedCardsView.tsx
+++ /dev/null
@@ -1,226 +0,0 @@
-import React, { useCallback, useEffect, useRef, useState } from "react";
-import { Box, ClickAwayListener, IconButton, SxProps, Theme, useTheme } from "@mui/material";
-import { cardHeight, cardWidth } from "./Card";
-import { TriangleLeftLightIcon, TriangleRightLightIcon } from "../../icons/Icons";
-
-interface Rect {
-    left: number,
-    top: number,
-    width: number | string,
-    height: number | string
-}
-
-const arrowButtonWidth = 80;
-
-const ArrowButton = React.memo((props: {
-    direction: 'left' | 'right',
-    onButtonClick: () => void,
-    onContainerClick: () => void,
-    hidden: boolean
-}) => {
-    const Icon = {
-        left: TriangleLeftLightIcon,
-        right: TriangleRightLightIcon
-    }[props.direction];
-
-    return <Box
-        flex='0 0 auto'
-        height='100%'
-        width={`${arrowButtonWidth}px`}
-        display='flex'
-        justifyContent='center'
-        alignItems='center'
-        position='relative'
-        {...{ [props.direction]: 0 }}
-        onClick={props.onContainerClick}
-    >
-        {!props.hidden &&
-            <IconButton
-                onClick={(e) => {
-                    e.stopPropagation();
-                    props.onButtonClick()
-                }}
-            >
-                <Icon />
-            </IconButton>
-        }
-    </Box>
-});
-
-type TransitionState =
-    {
-        type: 'initial'
-    } | {
-        type: 'started',
-        cardRect: Rect
-    } | {
-        type: 'running',
-        cardRect: Rect
-    } | {
-        type: 'finished'
-    }
-
-export interface ExpandedCardsViewProps<CardData> {
-    initialCardRect?: DOMRect,
-    cardsData: CardData[],
-    renderCard: (
-        cardData: CardData,
-        sx: SxProps<Theme>,
-        expanded: boolean,
-        current: boolean
-    ) => React.ReactNode,
-    onClose: () => void
-}
-
-export const ExpandedCardsView = function <CardData>(props: ExpandedCardsViewProps<CardData>) {
-    const theme = useTheme();
-    const containerElem = useRef<HTMLElement>();
-    const [transitionState, setTransitionState] = useState<TransitionState>({ type: 'initial' });
-    const [currentIndex, setCurrentIndex] = useState(0);
-
-    useEffect(() => {
-        const rect = containerElem.current?.getBoundingClientRect();
-        if (!rect) {
-            setTransitionState({ type: 'initial' });
-            return;
-        }
-
-        if (!props.initialCardRect) {
-            setTransitionState({ type: 'finished' });
-            return;
-        }
-
-        const initialRect = {
-            left: props.initialCardRect.left - rect.left,
-            top: props.initialCardRect.top - rect.top,
-            width: cardWidth,
-            height: cardHeight
-        };
-
-        setTransitionState({
-            type: 'started',
-            cardRect: initialRect
-        });
-    }, [props.initialCardRect]);
-
-    useEffect(() => {
-        if (transitionState.type !== 'started') {
-            return;
-        }
-
-        const targetRect = {
-            left: 0,
-            top: 0,
-            width: '100%',
-            height: '100%'
-        };
-
-        setTimeout(() => {
-            setTransitionState({
-                type: 'running',
-                cardRect: targetRect
-            });
-            setTimeout(() => {
-                setTransitionState({ type: 'finished' });
-            }, theme.transitions.duration.enteringScreen);
-        }, 10);
-    }, [transitionState, theme.transitions.duration.enteringScreen]);
-
-    const onLeftArrowClick = useCallback(() => {
-        if (currentIndex > 0) {
-            setCurrentIndex(i => i - 1);
-        }
-    }, [currentIndex]);
-
-    const onRightArrowClick = useCallback(() => {
-        if (currentIndex < props.cardsData.length - 1) {
-            setCurrentIndex(i => i + 1);
-        }
-    }, [currentIndex, props.cardsData.length]);
-
-    const paddingX = 40;
-    const gap = 2 * (paddingX + arrowButtonWidth);
-
-    return <Box
-        width='100%'
-        height='100%'
-        p={`25px ${paddingX}px`}
-    >
-        <ClickAwayListener onClickAway={props.onClose}>
-            <Box
-                width='100%'
-                height='100%'
-                display='flex'
-                position='relative'
-                overflow='hidden'
-            >
-                <ArrowButton
-                    direction='left'
-                    onButtonClick={onLeftArrowClick}
-                    onContainerClick={props.onClose}
-                    hidden={currentIndex === 0 || transitionState.type !== 'finished'}
-                />
-                <Box
-                    flex='0 0 auto'
-                    width={`calc(100% - ${arrowButtonWidth}px * 2)`}
-                    display='flex'
-                    ref={containerElem}
-                >
-                    {(transitionState.type === 'started' || transitionState.type === 'running') &&
-                        props.renderCard(
-                            props.cardsData[0],
-                            {
-                                width: transitionState.cardRect.width,
-                                height: transitionState.cardRect.height,
-                                translate: `${transitionState.cardRect.left}px ${transitionState.cardRect.top}px`,
-                                transition: theme.transitions.create(['translate', 'width', 'height'], {
-                                    easing: theme.transitions.easing.sharp,
-                                    duration: theme.transitions.duration.enteringScreen,
-                                }),
-                            },
-                            false,
-                            false
-                        )
-                    }
-                    {transitionState.type === 'finished' &&
-                        <Box
-                            flex='1 1 auto'
-                            width='100%'
-                            height='100%'
-                            display='flex'
-                            gap={`${gap}px`}
-                            sx={{
-                                translate: `calc((-100% - ${gap}px) * ${currentIndex})`,
-                                transition: theme.transitions.create(['translate'], {
-                                    easing: theme.transitions.easing.sharp,
-                                    duration: theme.transitions.duration.enteringScreen,
-                                })
-                            }}
-                        >
-                            {props.cardsData.map((cd, i) =>
-                                props.renderCard(
-                                    cd,
-                                    {
-                                        width: '100%',
-                                        height: '100%',
-                                    },
-                                    true,
-                                    i === currentIndex
-                                )
-                            )}
-                        </Box>
-                    }
-                </Box>
-                <ArrowButton
-                    direction='right'
-                    onButtonClick={onRightArrowClick}
-                    onContainerClick={props.onClose}
-                    hidden={
-                        currentIndex === props.cardsData.length - 1
-                        || transitionState.type !== 'finished'
-                    }
-                />
-            </Box>
-        </ClickAwayListener>
-    </Box>;
-};
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 912da8551..b68beff0e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -8,15 +8,19 @@ import {
     Error,
     Favorite,
     HeartBroken,
-    Hotel, HourglassTop,
-    Pause, PlayArrow,
-    PublishedWithChanges, RocketLaunch,
-    SyncProblem, Troubleshoot
+    Hotel,
+    HourglassTop,
+    Pause,
+    PlayArrow,
+    PublishedWithChanges,
+    RocketLaunch,
+    SyncProblem,
+    Troubleshoot
 } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { ApiContext, UserContext } from "../App";
-import { CardBody, cardHeight, CardTemplate, cardWidth } from "./Card";
+import { CardBody, CardTemplate } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesTable } from "../PropertiesTable";
@@ -24,6 +28,7 @@ import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { Since } from "../Since";
 import { ValidateResultsTable } from "../ValidateResultsTable";
+import { LogsViewer } from "../LogsViewer";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -294,8 +299,6 @@ export const TargetItem = React.memo(React.forwardRef((
         paperProps={{
             sx: {
                 padding: '20px 16px 12px 16px',
-                width: cardWidth,
-                height: cardHeight,
                 ...props.sx
             },
             onClick: e => props.onSelectTarget?.()
@@ -364,6 +367,12 @@ class TargetItemCardProvider implements SidePanelProvider {
             })
         }
 
+        tabs.push({label: "Logs", content: <LogsViewer
+                cluster={this.ts.kdInfo?.clusterId}
+                name={this.ts.kdInfo?.name}
+                namespace={this.ts.kdInfo?.namespace}
+            />})
+
         return tabs
     }
 
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 8ab798c71..6e9d93848 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,6 +1,6 @@
 import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useContext, useMemo, useRef } from "react";
+import React, { useCallback, useContext, useMemo } from "react";
 import { AppContext } from "../App";
 import { ProjectItem } from "./ProjectItem";
 import { TargetItem } from "./TargetItem";
@@ -9,8 +9,8 @@ import { CommandResultItem } from "./CommandResultItem";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
-import { ExpandedCardsView } from "./ExpandedCardsView";
-import { useLocation, useNavigate, useParams } from "react-router-dom";
+import { ExpandableCard } from "./ExpandableCard";
+import { useLocation, useNavigate } from "react-router-dom";
 import _ from "lodash";
 
 const colWidth = 416;
@@ -189,8 +189,7 @@ function parseTargetPath(s?: string): TargetPath | undefined {
 
 export const TargetsView = () => {
     const navigate = useNavigate();
-    const { targetPath} = useParams();
-    const { pathname } = useLocation();
+    const loc = useLocation();
     const appContext = useContext(AppContext);
     const projects = appContext.projects;
 
@@ -198,16 +197,20 @@ export const TargetsView = () => {
         navigate(`/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}`);
     }, [navigate]);
 
-    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
-        navigate(`/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}/history`);
+    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary, rs?: CommandResultSummary) => {
+        let p = `/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}/results`
+        if (rs) {
+            p += "/" + rs.id
+        }
+        navigate(p);
     }, [navigate]);
 
     const onCardClose = useCallback(() => {
         navigate(`/targets/`);
     }, [navigate]);
 
-    const commandResultItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
-    const targetItemRefs = useRef<Map<TargetSummary, HTMLElement>>(new Map());
+    const pathnameS = loc.pathname.split("/")
+    const targetPath = pathnameS[2]
 
     const [parentProject, selectedTarget] = useMemo(() => {
         const tp = parseTargetPath(targetPath)
@@ -220,55 +223,29 @@ export const TargetsView = () => {
         return [project, target]
     }, [projects, targetPath])
 
-    const showHistory = pathname.endsWith('history');
-
-    if (selectedTarget && parentProject && !showHistory) {
-        const cardElem = targetItemRefs.current.get(selectedTarget);
-        const cardRect = cardElem?.getBoundingClientRect();
-
-        return <ExpandedCardsView<TargetSummary>
-            cardsData={[selectedTarget]}
-            renderCard={(cardData, sx, expanded) =>
-                <TargetItem
-                    ps={parentProject}
-                    ts={cardData}
-                    sx={sx}
-                    key={targetPath}
-                    expanded={expanded}
-                    onClose={onCardClose}
-                />
+    let expandedTargetKey = ""
+    let expandedResults = false
+    let expandedResultId = ""
+    if (selectedTarget) {
+        expandedTargetKey = buildListKey([selectedTarget.target, selectedTarget.kdInfo])
+        if (pathnameS[3] === "results") {
+            expandedResults = true
+            const resultId = pathnameS[4]
+            if (resultId) {
+                if (appContext.commandResultSummaries.has(resultId)) {
+                    expandedResultId = resultId
+                }
             }
-            initialCardRect={cardRect}
-            onClose={onCardClose}
-        />;
-    }
-
-    if (selectedTarget && showHistory) {
-        const cardElem = commandResultItemRefs.current.get(selectedTarget);
-        const cardRect = cardElem?.getBoundingClientRect();
-
-        return <ExpandedCardsView<CommandResultSummary>
-            cardsData={selectedTarget.commandResults}
-            renderCard={(cardData, sx, expanded, current) =>
-                <CommandResultItem
-                    rs={cardData}
-                    sx={sx}
-                    key={cardData.id}
-                    expanded={expanded}
-                    loadData={current}
-                    onClose={onCardClose}
-                />
-            }
-            initialCardRect={cardRect}
-            onClose={onCardClose}
-        />;
+        } else {
+            expandedTargetKey = buildListKey([selectedTarget.target, selectedTarget.kdInfo])
+        }
     }
 
-    return <Box minWidth={colWidth * 3} p='0 40px'>
+    return <Box minWidth={colWidth * 3} height={"100%"} p='0 40px'>
         <Box display={"flex"} alignItems={"center"} height='70px'>
             <ColHeader>Projects</ColHeader>
             <ColHeader>Targets</ColHeader>
-            <ColHeader>History</ColHeader>
+            <ColHeader>Command Results</ColHeader>
         </Box>
         <Divider />
         {projects.map((ps, i) => {
@@ -289,39 +266,66 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
-                            return <Box key={buildListKey([ts.target, ts.kdInfo])} display='flex'>
-                                <TargetItem
-                                    ps={ps}
-                                    ts={ts}
-                                    onSelectTarget={() => onSelectTargetItem(ps, ts)}
-                                    ref={(elem) => {
-                                        if (i === 0 && elem) {
-                                            targetItemRefs.current.set(ts, elem);
-                                        }
+                            const key = buildListKey([ts.target, ts.kdInfo])
+                            return <Box key={key} display='flex'>
+                                <ExpandableCard
+                                    cardWidth={cardWidth}
+                                    cardHeight={cardHeight}
+                                    expand={!expandedResults && expandedTargetKey === key}
+                                    onExpand={() => onSelectTargetItem(ps, ts)}
+                                    onClose={() => {
+                                        onCardClose()
                                     }}
-                                    sx={{ cursor: 'pointer' }}
-                                />
-                                <RelationHorizontalLine />
+                                    onSelect={cd => {
+                                    }}
+                                    cardsData={[ts]}
+                                    getKey={cd => buildListKey([cd.target, cd.kdInfo])}
+                                    selected={expandedTargetKey}
+                                    renderCard={(cardData, expanded, current) => {
+                                        return <TargetItem
+                                            ps={ps}
+                                            ts={ts}
+                                            expanded={expanded}
+                                            onClose={() => {
+                                                onCardClose()
+                                            }}
+                                        />
+                                    }}/>
+                                <RelationHorizontalLine/>
                             </Box>
                         })}
                     </CardCol>
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            return <CardRow key={buildListKey([ts.target, ts.kdInfo])} height={cardHeight}>
+                            const tsKey = buildListKey([ts.target, ts.kdInfo])
+                            return <CardRow key={tsKey} height={cardHeight}>
                                 {ts.commandResults?.slice(0, 4).map((rs, i) => {
-                                    return i === 0
-                                        ? <CommandResultItem
+                                    return i === 0 ? <ExpandableCard
                                             key={rs.id}
-                                            rs={rs}
-                                            onSelectCommandResult={() => onSelectCommandResultItem(ps, ts)}
-                                            ref={(elem) => {
-                                                if (i === 0 && elem) {
-                                                    commandResultItemRefs.current.set(ts, elem);
-                                                }
+                                            cardWidth={cardWidth}
+                                            cardHeight={cardHeight}
+                                            expand={expandedResults && expandedTargetKey === tsKey}
+                                            onExpand={() => onSelectCommandResultItem(ps, ts)}
+                                            onClose={() => {
+                                                onCardClose()
                                             }}
-                                            sx={{ cursor: 'pointer' }}
-                                        />
+                                            onSelect={cd => {
+                                                onSelectCommandResultItem(ps, ts, cd)
+                                            }}
+                                            selected={expandedResultId}
+                                            cardsData={ts.commandResults}
+                                            getKey={cd => cd.id}
+                                            renderCard={(cardData, expanded, current) => {
+                                                return <CommandResultItem
+                                                    rs={cardData}
+                                                    expanded={expanded}
+                                                    loadData={current}
+                                                    onClose={() => {
+                                                        onCardClose()
+                                                    }}
+                                                />
+                                            }}/>
                                         : <CardPaper
                                             key={rs.id}
                                             sx={{

From 0e4f50ecf5fa08f1a1da3c1d7a66bc0e72929141 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 10 Aug 2023 00:35:43 +0200
Subject: [PATCH 1419/2268] feat: Add simple logs viewer for targets/results

---
 cmd/kluctl/commands/cmd_webui.go              |   8 +-
 install/webui/webui/webui-rbac.yaml           |   3 +
 pkg/webui/clusteraccessor.go                  |  22 +++-
 pkg/webui/server.go                           |  25 +++--
 pkg/webui/server_logs.go                      | 106 ++++++++++++++++++
 pkg/webui/ui/src/api.tsx                      |  64 ++++++++---
 pkg/webui/ui/src/components/LogsViewer.tsx    |  23 ++++
 .../result-view/nodes/CommandResultNode.tsx   |   6 +
 8 files changed, 233 insertions(+), 24 deletions(-)
 create mode 100644 pkg/webui/server_logs.go
 create mode 100644 pkg/webui/ui/src/components/LogsViewer.tsx

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 113dc4f1b..b4a56fb9c 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -113,18 +113,20 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 
 	var authConfig webui.AuthConfig
 
+	var inClusterConfig *rest.Config
 	var inClusterClient client.Client
 	if cmd.InCluster {
 		configOverrides := &clientcmd.ConfigOverrides{
 			CurrentContext: cmd.InClusterContext,
 		}
-		config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		var err error
+		inClusterConfig, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 			clientcmd.NewDefaultClientConfigLoadingRules(),
 			configOverrides).ClientConfig()
 		if err != nil {
 			return err
 		}
-		inClusterClient, err = client.NewWithWatch(config, client.Options{})
+		inClusterClient, err = client.NewWithWatch(inClusterConfig, client.Options{})
 		if err != nil {
 			return err
 		}
@@ -154,7 +156,7 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 		sbw := webui.NewStaticWebuiBuilder(collector)
 		return sbw.Build(cmd.StaticPath)
 	} else {
-		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterClient, authConfig, cmd.OnlyApi)
+		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
 		if err != nil {
 			return err
 		}
diff --git a/install/webui/webui/webui-rbac.yaml b/install/webui/webui/webui-rbac.yaml
index fa89bd829..b4831e862 100644
--- a/install/webui/webui/webui-rbac.yaml
+++ b/install/webui/webui/webui-rbac.yaml
@@ -25,6 +25,9 @@ rules:
   - apiGroups: ["gitops.kluctl.io"]
     resources: ["kluctldeployments"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods", "pods/log"]
+    verbs: ["get", "list", "watch"]
     # allow to impersonate other users, groups and serviceaccounts
   - apiGroups: [""]
     resources: ["users", "groups", "serviceaccounts"]
diff --git a/pkg/webui/clusteraccessor.go b/pkg/webui/clusteraccessor.go
index 55f8d0f6a..00eca20f9 100644
--- a/pkg/webui/clusteraccessor.go
+++ b/pkg/webui/clusteraccessor.go
@@ -9,6 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/discovery"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sync"
@@ -114,11 +115,21 @@ func (ca *clusterAccessor) getClient(asUser string, asGroups []string) (client.C
 	return ca.getClientLocked(asUser, asGroups)
 }
 
-func (ca *clusterAccessor) getClientLocked(asUser string, asGroups []string) (client.Client, error) {
+func (ca *clusterAccessor) getCoreV1Client(asUser string, asGroups []string) (*v1.CoreV1Client, error) {
+	ca.mutex.Lock()
+	defer ca.mutex.Unlock()
+	return ca.getCoreV1ClientLocked(asUser, asGroups)
+}
+
+func (ca *clusterAccessor) getImpersonatedConfig(asUser string, asGroups []string) *rest.Config {
 	config := rest.CopyConfig(ca.config)
 	config.Impersonate.UserName = asUser
 	config.Impersonate.Groups = asGroups
+	return config
+}
 
+func (ca *clusterAccessor) getClientLocked(asUser string, asGroups []string) (client.Client, error) {
+	config := ca.getImpersonatedConfig(asUser, asGroups)
 	c, err := client.NewWithWatch(config, client.Options{
 		Scheme: ca.scheme,
 		Mapper: ca.mapper,
@@ -129,6 +140,15 @@ func (ca *clusterAccessor) getClientLocked(asUser string, asGroups []string) (cl
 	return c, nil
 }
 
+func (ca *clusterAccessor) getCoreV1ClientLocked(asUser string, asGroups []string) (*v1.CoreV1Client, error) {
+	config := ca.getImpersonatedConfig(asUser, asGroups)
+	c, err := v1.NewForConfig(config)
+	if err != nil {
+		return nil, err
+	}
+	return c, nil
+}
+
 func (ca *clusterAccessor) getK(ctx context.Context, asUser string, asGroups []string) (*k8s2.K8sCluster, error) {
 	ca.mutex.Lock()
 	defer ca.mutex.Unlock()
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 569d06a1f..49727cfb5 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -13,6 +13,7 @@ import (
 	"io/fs"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"net"
 	"net/http"
@@ -33,7 +34,8 @@ type CommandResultsServer struct {
 	cam   *clusterAccessorManager
 
 	// this is the client for the k8s cluster where the server runs on
-	serverClient client.Client
+	serverClient       client.Client
+	serverCoreV1Client *corev1.CoreV1Client
 
 	auth   *authHandler
 	events *eventsHandler
@@ -45,22 +47,29 @@ func NewCommandResultsServer(
 	ctx context.Context,
 	store *results.ResultsCollector,
 	configs []*rest.Config,
+	serverConfig *rest.Config,
 	serverClient client.Client,
 	authConfig AuthConfig,
 	onlyApi bool) (*CommandResultsServer, error) {
+
+	coreV1Client, err := corev1.NewForConfig(serverConfig)
+	if err != nil {
+		return nil, err
+	}
+
 	ret := &CommandResultsServer{
 		ctx:   ctx,
 		store: store,
 		cam: &clusterAccessorManager{
 			ctx: ctx,
 		},
-		serverClient: serverClient,
-		onlyApi:      onlyApi,
+		serverClient:       serverClient,
+		serverCoreV1Client: coreV1Client,
+		onlyApi:            onlyApi,
 	}
 
 	ret.events = newEventsHandler(ret)
 
-	var err error
 	ret.auth, err = newAuthHandler(ctx, serverClient, authConfig)
 	if err != nil {
 		return nil, err
@@ -122,6 +131,8 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	}
 	api.Any("/events", s.events.handler)
 
+	api.Any("/logs", s.logsHandler)
+
 	address := fmt.Sprintf("%s:%d", host, port)
 	listener, err := net.Listen("tcp", address)
 	if err != nil {
@@ -405,9 +416,9 @@ func (s *CommandResultsServer) doModifyKluctlDeployment(c *gin.Context, clusterI
 }
 
 type KluctlDeploymentParam struct {
-	Cluster   string `json:"cluster"`
-	Name      string `json:"name"`
-	Namespace string `json:"namespace"`
+	Cluster   string `json:"cluster" form:"cluster"`
+	Name      string `json:"name" form:"name"`
+	Namespace string `json:"namespace" form:"namespace"`
 }
 
 func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, avalue string) {
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
new file mode 100644
index 000000000..b14419bbd
--- /dev/null
+++ b/pkg/webui/server_logs.go
@@ -0,0 +1,106 @@
+package webui
+
+import (
+	"bufio"
+	"encoding/json"
+	"github.com/gin-gonic/gin"
+	"io"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"net/http"
+	"nhooyr.io/websocket"
+)
+
+func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
+	args := struct {
+		KluctlDeploymentParam
+		ReconcileId string `form:"reconcileId"`
+	}{}
+	err := gctx.BindQuery(&args)
+	if err != nil {
+		_ = gctx.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	conn, err := acceptWebsocket(gctx)
+	if err != nil {
+		return
+	}
+	defer conn.Close(websocket.StatusInternalError, "the sky is falling")
+
+	ctx := conn.CloseRead(gctx)
+
+	controllerNamespace := "kluctl-system"
+	pods, err := s.serverCoreV1Client.Pods(controllerNamespace).List(s.ctx, metav1.ListOptions{
+		LabelSelector: "control-plane=kluctl-controller",
+	})
+	if err != nil {
+		_ = gctx.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	var streams []io.ReadCloser
+	defer func() {
+		for _, s := range streams {
+			_ = s.Close()
+		}
+	}()
+
+	lineCh := make(chan string)
+
+	for _, pod := range pods.Items {
+		since := int64(60 * 5)
+		rc, err := s.serverCoreV1Client.Pods("kluctl-system").GetLogs(pod.Name, &corev1.PodLogOptions{
+			Follow:       true,
+			SinceSeconds: &since,
+		}).Stream(s.ctx)
+		if err != nil {
+			if errors.IsNotFound(err) {
+				continue
+			}
+			_ = gctx.AbortWithError(http.StatusBadRequest, err)
+			return
+		}
+		streams = append(streams, rc)
+	}
+
+	for _, s := range streams {
+		s := s
+		go func() {
+			sc := bufio.NewScanner(s)
+			for sc.Scan() {
+				l := sc.Text()
+				lineCh <- l
+			}
+		}()
+	}
+
+	for l := range lineCh {
+		var j map[string]any
+		err = json.Unmarshal([]byte(l), &j)
+		if err != nil {
+			continue
+		}
+
+		name := j["name"]
+		namespace := j["namespace"]
+
+		if args.Name != "" && name != args.Name {
+			continue
+		}
+		if args.Namespace != "" && namespace != args.Namespace {
+			continue
+		}
+
+		rid := j["reconcileID"]
+		if args.ReconcileId != "" && rid != args.ReconcileId {
+			continue
+		}
+
+		err = conn.Write(ctx, websocket.MessageText, []byte(l))
+		if err != nil {
+			return
+		}
+	}
+}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 25e0a4a6b..cac3844ce 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -45,6 +45,7 @@ export interface Api {
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
     setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response>
+    watchLogs(cluster: string | undefined, name: string | undefined, namespace: string | undefined, reconcileId: string | undefined, handle: (lines: any[]) => void): () => void
 }
 
 export async function checkStaticBuild() {
@@ -103,6 +104,23 @@ export class RealApi implements Api {
         return resp
     }
 
+    doWebsocket(path: string, params: URLSearchParams) {
+        let host = window.location.host
+        let proto = "wss"
+        if (process.env.NODE_ENV === 'development') {
+            host = "localhost:9090"
+        }
+        if (window.location.protocol !== "https:") {
+            proto = "ws"
+        }
+        let url = `${proto}://${host}${rootPath}${path}`
+        url += "?" + params.toString()
+
+        console.log("ws connect: " + url)
+        const ws = new WebSocket(url)
+        return ws
+    }
+
     async getAuthInfo(): Promise<AuthInfo> {
         return this.doGet("/auth/info")
     }
@@ -116,16 +134,6 @@ export class RealApi implements Api {
     }
 
     async listenEvents(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
-        let host = window.location.host
-        let proto = "wss"
-        if (process.env.NODE_ENV === 'development') {
-            host = "localhost:9090"
-        }
-        if (window.location.protocol !== "https:") {
-            proto = "ws"
-        }
-        let url = `${proto}://${host}${rootPath}/api/events`
-
         const params = new URLSearchParams()
         if (filterProject) {
             params.set("filterProject", filterProject)
@@ -133,7 +141,6 @@ export class RealApi implements Api {
         if (filterSubDir) {
             params.set("filterSubDir", filterSubDir)
         }
-        url += "?" + params.toString()
 
         let ws: WebSocket | undefined;
         let cancelled = false
@@ -143,8 +150,7 @@ export class RealApi implements Api {
                 return
             }
 
-            console.log("ws connect: " + url)
-            ws = new WebSocket(url);
+            ws = this.doWebsocket("/api/events", params)
             ws.onopen = function () {
                 console.log("ws connected")
             }
@@ -231,6 +237,34 @@ export class RealApi implements Api {
             "suspend": suspend,
         })
     }
+
+    watchLogs(cluster: string | undefined, name: string | undefined, namespace: string | undefined, reconcileId: string | undefined, handle: (lines: any[]) => void): () => void {
+        const params = new URLSearchParams()
+        if (cluster) params.set("cluster", cluster)
+        if (name) params.set("name", name)
+        if (namespace) params.set("namespace", namespace)
+        if (reconcileId) params.set("reconcileId", reconcileId)
+
+        const ws = this.doWebsocket("/api/logs", params)
+        let cancelled = false
+
+        ws.onmessage = function (event: MessageEvent) {
+            if (cancelled) {
+                return
+            }
+            try {
+                const line: any = JSON.parse(event.data)
+                handle([line])
+            } catch (e) {
+            }
+        }
+
+        return () => {
+            console.log("cancel logs", params.toString())
+            cancelled = true
+            ws.close()
+        }
+    }
 }
 
 export class StaticApi implements Api {
@@ -314,6 +348,10 @@ export class StaticApi implements Api {
     setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response> {
         throw new Error("not implemented")
     }
+
+    watchLogs(cluster: string, name: string, namespace: string, reconcileId: string, handle: (lines: any[]) => void): () => void {
+        return () => {}
+    }
 }
 
 function buildRefParams(ref: ObjectRef, params: URLSearchParams) {
diff --git a/pkg/webui/ui/src/components/LogsViewer.tsx b/pkg/webui/ui/src/components/LogsViewer.tsx
new file mode 100644
index 000000000..255854ebe
--- /dev/null
+++ b/pkg/webui/ui/src/components/LogsViewer.tsx
@@ -0,0 +1,23 @@
+import React, { useContext, useEffect, useState } from "react";
+import { ApiContext } from "./App";
+import { Box } from "@mui/material";
+
+export function LogsViewer(props: {cluster?: string, name?: string, namespace?: string, reconcileId?: string}) {
+    const api = useContext(ApiContext);
+    let [lines, setLines] = useState<React.ReactElement[]>([])
+
+    useEffect(() => {
+        console.log(props)
+        const cancel = api.watchLogs(props.cluster, props.name, props.namespace, props.reconcileId, (jsonLines: any[]) => {
+            jsonLines.forEach(l => {
+                lines = [...lines, <div key={lines.length}>{l.msg}<br/></div>]
+                setLines(lines)
+            })
+        })
+        return cancel
+    }, [props.reconcileId])
+
+    return <Box height={"100%"}>
+        {lines}
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
index 9e5e37266..196415ba7 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
@@ -8,6 +8,7 @@ import { CommandResultProps } from "../CommandResultView";
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
 import { DeployIcon } from '../../../icons/Icons';
+import { LogsViewer } from "../../LogsViewer";
 
 export class CommandResultNodeData extends NodeData {
     dumpedTargetYaml?: string
@@ -40,6 +41,11 @@ export class CommandResultNodeData extends NodeData {
 
         this.buildDiffAndHealthPages(tabs)
 
+        tabs.push({label: "Logs", content: <LogsViewer
+                cluster={this.props.commandResult.clusterInfo.clusterId}
+                reconcileId={this.props.commandResult.id}/>
+        })
+
         return tabs
     }
 

From f14d512b25fa6309b0d438fff223b9fcd2d67576 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 13 Aug 2023 22:01:12 +0200
Subject: [PATCH 1420/2268] feat: Use shorter "targetKey" hash instead of
 serialized json

---
 .../components/targets-view/TargetsView.tsx   | 64 ++++++++-----------
 pkg/webui/ui/src/utils/listKey.ts             | 14 +++-
 2 files changed, 38 insertions(+), 40 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 6e9d93848..5a149e14c 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -11,7 +11,6 @@ import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "./ExpandableCard";
 import { useLocation, useNavigate } from "react-router-dom";
-import _ from "lodash";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -166,25 +165,13 @@ const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.
     </svg>
 });
 
-interface TargetPath {
-    project: ProjectKey
-    target: TargetKey
-    kluctlDeployment?: KluctlDeploymentInfo
-}
-
-function buildTargetPath(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo): string {
-    return btoa(JSON.stringify({
+function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo) {
+    const j = {
         "project": project,
         "target": target,
         "kluctlDeployment": kluctlDeployment,
-    }))
-}
-
-function parseTargetPath(s?: string): TargetPath | undefined {
-    if (!s) {
-        return
     }
-    return JSON.parse(atob(s))
+    return buildListKey(j)
 }
 
 export const TargetsView = () => {
@@ -194,11 +181,11 @@ export const TargetsView = () => {
     const projects = appContext.projects;
 
     const onSelectTargetItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
-        navigate(`/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}`);
+        navigate(`/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`);
     }, [navigate]);
 
     const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary, rs?: CommandResultSummary) => {
-        let p = `/targets/${buildTargetPath(ps.project, ts.target, ts.kdInfo)}/results`
+        let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}/results`
         if (rs) {
             p += "/" + rs.id
         }
@@ -209,25 +196,28 @@ export const TargetsView = () => {
         navigate(`/targets/`);
     }, [navigate]);
 
-    const pathnameS = loc.pathname.split("/")
-    const targetPath = pathnameS[2]
+    const targetsByKey = useMemo(() => {
+        const m = new Map<string, TargetSummary>()
+        projects.forEach(ps => {
+            ps.targets.forEach(ts => {
+                const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
+                m.set(key, ts)
+            })
+        })
+        return m
+    }, [projects])
 
-    const [parentProject, selectedTarget] = useMemo(() => {
-        const tp = parseTargetPath(targetPath)
-        if (!tp) {
-            return [undefined, undefined]
-        }
+    const pathnameS = loc.pathname.split("/")
+    let selectedTargetKey = pathnameS[2]
+    const selectedTarget = targetsByKey.get(selectedTargetKey)
 
-        const project = projects.find(ps => _.isEqual(_.toPlainObject(ps.project), tp.project))
-        const target = project?.targets.find(ts => _.isEqual(_.toPlainObject(ts.target), tp.target) && (ts.kdInfo === tp.kluctlDeployment || _.isEqual(_.toPlainObject(ts.kdInfo), tp.kluctlDeployment)))
-        return [project, target]
-    }, [projects, targetPath])
+    if (!selectedTarget) {
+        selectedTargetKey = ""
+    }
 
-    let expandedTargetKey = ""
     let expandedResults = false
     let expandedResultId = ""
     if (selectedTarget) {
-        expandedTargetKey = buildListKey([selectedTarget.target, selectedTarget.kdInfo])
         if (pathnameS[3] === "results") {
             expandedResults = true
             const resultId = pathnameS[4]
@@ -236,8 +226,6 @@ export const TargetsView = () => {
                     expandedResultId = resultId
                 }
             }
-        } else {
-            expandedTargetKey = buildListKey([selectedTarget.target, selectedTarget.kdInfo])
         }
     }
 
@@ -266,12 +254,12 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth} flex='0 0 auto'>
                         {ps.targets.map((ts, i) => {
-                            const key = buildListKey([ts.target, ts.kdInfo])
+                            const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
                             return <Box key={key} display='flex'>
                                 <ExpandableCard
                                     cardWidth={cardWidth}
                                     cardHeight={cardHeight}
-                                    expand={!expandedResults && expandedTargetKey === key}
+                                    expand={!expandedResults && selectedTargetKey === key}
                                     onExpand={() => onSelectTargetItem(ps, ts)}
                                     onClose={() => {
                                         onCardClose()
@@ -280,7 +268,7 @@ export const TargetsView = () => {
                                     }}
                                     cardsData={[ts]}
                                     getKey={cd => buildListKey([cd.target, cd.kdInfo])}
-                                    selected={expandedTargetKey}
+                                    selected={selectedTargetKey}
                                     renderCard={(cardData, expanded, current) => {
                                         return <TargetItem
                                             ps={ps}
@@ -298,14 +286,14 @@ export const TargetsView = () => {
 
                     <CardCol width={colWidth}>
                         {ps.targets.map((ts, i) => {
-                            const tsKey = buildListKey([ts.target, ts.kdInfo])
+                            const tsKey = buildTargetKey(ps.project, ts.target, ts.kdInfo)
                             return <CardRow key={tsKey} height={cardHeight}>
                                 {ts.commandResults?.slice(0, 4).map((rs, i) => {
                                     return i === 0 ? <ExpandableCard
                                             key={rs.id}
                                             cardWidth={cardWidth}
                                             cardHeight={cardHeight}
-                                            expand={expandedResults && expandedTargetKey === tsKey}
+                                            expand={expandedResults && selectedTargetKey === tsKey}
                                             onExpand={() => onSelectCommandResultItem(ps, ts)}
                                             onClose={() => {
                                                 onCardClose()
diff --git a/pkg/webui/ui/src/utils/listKey.ts b/pkg/webui/ui/src/utils/listKey.ts
index d17c73679..6d675f29d 100644
--- a/pkg/webui/ui/src/utils/listKey.ts
+++ b/pkg/webui/ui/src/utils/listKey.ts
@@ -1,6 +1,16 @@
 import { sha256 } from "js-sha256";
+import _ from "lodash";
 
-export function buildListKey(o: any) {
-    const j = JSON.stringify(o)
+export function buildListKey(o: any, noHash?: boolean) {
+    const x = _.toPlainObject(o)
+    const j = JSON.stringify(x, deterministicReplacer)
+    if (noHash) {
+        return j
+    }
     return sha256(j)
 }
+
+const deterministicReplacer = (asd: any, v: any) =>
+    typeof v !== 'object' || v === null || Array.isArray(v) ? v :
+        Object.fromEntries(Object.entries(v).sort(([ka], [kb]) =>
+            ka < kb ? -1 : ka > kb ? 1 : 0));

From dab01746140dc212216733421a72deaa87f24d87 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 13 Aug 2023 22:01:41 +0200
Subject: [PATCH 1421/2268] fix: Grow all tab panels in height

---
 pkg/webui/ui/src/components/result-view/SidePanel.tsx | 4 ++--
 pkg/webui/ui/src/components/targets-view/Card.tsx     | 9 +++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index a2ea88709..39716175d 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -87,10 +87,10 @@ export const SidePanel = (props: SidePanelProps) => {
                 </Box>
             </Box>
             <Divider sx={{ margin: 0 }} />
-            <Box overflow='auto' p='30px'>
+            <Box overflow='auto' p='30px' flex={"1 1 auto"}>
                 {tabs.map(tab => {
                     return <ThemeProvider theme={light} key={tab.label}>
-                        <TabPanel value={tab.label} sx={{ padding: 0 }}>
+                        <TabPanel value={tab.label} sx={{ padding: 0}}>
                             <Paper sx={{ padding: '10px 0' }}>
                                 {tab.content}
                             </Paper>
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 917e92176..9a9c6fc77 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -164,9 +164,14 @@ export const CardBody = React.memo((props: { provider: SidePanelProvider }) => {
                 </TabList>
             </Box>
             <Divider sx={{ margin: 0 }} />
-            <Box overflow='auto' p='10px 0'>
+            <Box overflow='auto' p='10px 0' display={"flex"} flex={"1 1 auto"}>
                 {tabs.map(tab => {
-                    return <TabPanel key={tab.label} value={tab.label} sx={{ padding: 0 }}>
+                    const sx: any = { padding: 0, flex: "1 1 auto" }
+                    if (selectedTab === tab.label) {
+                        // only the active tab should be a flex box, as otherwise the hidden ones go crazy
+                        sx.display = "flex"
+                    }
+                    return <TabPanel key={tab.label} value={tab.label} sx={sx} >
                         {tab.content}
                     </TabPanel>
                 })}

From 1414fc60fe4d18c512366c0c3db9982f3f0d1a7f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 13 Aug 2023 22:02:00 +0200
Subject: [PATCH 1422/2268] feat: Use react-window for LogsViewer

---
 pkg/webui/ui/package-lock.json             | 44 ++++++++++++++++++-
 pkg/webui/ui/package.json                  |  5 ++-
 pkg/webui/ui/src/components/LogsViewer.tsx | 51 +++++++++++++++++-----
 3 files changed, 88 insertions(+), 12 deletions(-)

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index c2b1e21dc..93c5c8596 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -37,6 +37,8 @@
         "react-scripts": "5.0.1",
         "react-syntax-highlighter": "^15.5.0",
         "react-transition-group": "^4.4.5",
+        "react-virtualized-auto-sizer": "^1.0.20",
+        "react-window": "^1.8.9",
         "remark-gfm": "^3.0.1",
         "sort-by": "^1.2.0",
         "typescript": "^4.9.5",
@@ -45,7 +47,8 @@
       "devDependencies": {
         "@types/js-yaml": "^4.0.5",
         "@types/lodash": "^4.14.195",
-        "@types/react-syntax-highlighter": "^15.5.7"
+        "@types/react-syntax-highlighter": "^15.5.7",
+        "@types/react-window": "^1.8.5"
       }
     },
     "node_modules/@aashutoshrathi/word-wrap": {
@@ -4630,6 +4633,15 @@
         "@types/react": "*"
       }
     },
+    "node_modules/@types/react-window": {
+      "version": "1.8.5",
+      "resolved": "https://registry.npmjs.org/@types/react-window/-/react-window-1.8.5.tgz",
+      "integrity": "sha512-V9q3CvhC9Jk9bWBOysPGaWy/Z0lxYcTXLtLipkt2cnRj1JOSFNF7wqGpkScSXMgBwC+fnVRg/7shwgddBG5ICw==",
+      "dev": true,
+      "dependencies": {
+        "@types/react": "*"
+      }
+    },
     "node_modules/@types/resolve": {
       "version": "1.17.1",
       "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.17.1.tgz",
@@ -12840,6 +12852,11 @@
         "node": ">= 4.0.0"
       }
     },
+    "node_modules/memoize-one": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-5.2.1.tgz",
+      "integrity": "sha512-zYiwtZUcYyXKo/np96AGZAckk+FWWsUdJ3cHGGmld7+AhvcWmQyGCYUh1hc4Q/pkOhb65dQR/pqCyK0cOaHz4Q=="
+    },
     "node_modules/merge-descriptors": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
@@ -16056,6 +16073,31 @@
         "react-dom": ">=16.6.0"
       }
     },
+    "node_modules/react-virtualized-auto-sizer": {
+      "version": "1.0.20",
+      "resolved": "https://registry.npmjs.org/react-virtualized-auto-sizer/-/react-virtualized-auto-sizer-1.0.20.tgz",
+      "integrity": "sha512-OdIyHwj4S4wyhbKHOKM1wLSj/UDXm839Z3Cvfg2a9j+He6yDa6i5p0qQvEiCnyQlGO/HyfSnigQwuxvYalaAXA==",
+      "peerDependencies": {
+        "react": "^15.3.0 || ^16.0.0-alpha || ^17.0.0 || ^18.0.0-rc",
+        "react-dom": "^15.3.0 || ^16.0.0-alpha || ^17.0.0 || ^18.0.0-rc"
+      }
+    },
+    "node_modules/react-window": {
+      "version": "1.8.9",
+      "resolved": "https://registry.npmjs.org/react-window/-/react-window-1.8.9.tgz",
+      "integrity": "sha512-+Eqx/fj1Aa5WnhRfj9dJg4VYATGwIUP2ItwItiJ6zboKWA6EX3lYDAXfGF2hyNqplEprhbtjbipiADEcwQ823Q==",
+      "dependencies": {
+        "@babel/runtime": "^7.0.0",
+        "memoize-one": ">=3.1.1 <6"
+      },
+      "engines": {
+        "node": ">8.0.0"
+      },
+      "peerDependencies": {
+        "react": "^15.0.0 || ^16.0.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^15.0.0 || ^16.0.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
     "node_modules/read-cache": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index bb88e0709..ff87f8fe5 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -33,6 +33,8 @@
     "react-scripts": "5.0.1",
     "react-syntax-highlighter": "^15.5.0",
     "react-transition-group": "^4.4.5",
+    "react-virtualized-auto-sizer": "^1.0.20",
+    "react-window": "^1.8.9",
     "remark-gfm": "^3.0.1",
     "sort-by": "^1.2.0",
     "typescript": "^4.9.5",
@@ -65,6 +67,7 @@
   "devDependencies": {
     "@types/js-yaml": "^4.0.5",
     "@types/lodash": "^4.14.195",
-    "@types/react-syntax-highlighter": "^15.5.7"
+    "@types/react-syntax-highlighter": "^15.5.7",
+    "@types/react-window": "^1.8.5"
   }
 }
diff --git a/pkg/webui/ui/src/components/LogsViewer.tsx b/pkg/webui/ui/src/components/LogsViewer.tsx
index 255854ebe..970080f75 100644
--- a/pkg/webui/ui/src/components/LogsViewer.tsx
+++ b/pkg/webui/ui/src/components/LogsViewer.tsx
@@ -1,23 +1,54 @@
 import React, { useContext, useEffect, useState } from "react";
 import { ApiContext } from "./App";
 import { Box } from "@mui/material";
+import { VariableSizeList as List } from 'react-window';
+import AutoSizer from "react-virtualized-auto-sizer";
 
-export function LogsViewer(props: {cluster?: string, name?: string, namespace?: string, reconcileId?: string}) {
+export function LogsViewer(props: { cluster?: string, name?: string, namespace?: string, reconcileId?: string }) {
     const api = useContext(ApiContext);
-    let [lines, setLines] = useState<React.ReactElement[]>([])
+    const [lines, setLines] = useState<any[]>([])
 
     useEffect(() => {
-        console.log(props)
+        let lines: any[] = []
+
+        const appendLines = (l: any[]) => {
+            lines = [...lines, ...l]
+            setLines(lines)
+        }
+
         const cancel = api.watchLogs(props.cluster, props.name, props.namespace, props.reconcileId, (jsonLines: any[]) => {
-            jsonLines.forEach(l => {
-                lines = [...lines, <div key={lines.length}>{l.msg}<br/></div>]
-                setLines(lines)
-            })
+            appendLines(jsonLines)
         })
         return cancel
-    }, [props.reconcileId])
+    }, [props.cluster, props.name, props.namespace, props.reconcileId, api])
+
+    const lineHeight = 25
+
+    const Row = (props: { index: number, style: any }) => {
+        const s = {
+            ...props.style,
+            whiteSpace: "nowrap"
+        }
+        return <div style={s}>{lines[props.index].msg}</div>
+    }
+
+    return <Box width={"100%"} flex={"1 1 auto"}>
+        <AutoSizer>
+            {(props: { height: number, width: number }) => {
+                const getItemSize = (index: number) => {
+                    const l: string = lines[index].msg.split("\n")
+                    return l.length * lineHeight
+                }
 
-    return <Box height={"100%"}>
-        {lines}
+                return <List
+                    itemCount={lines.length}
+                    itemSize={getItemSize}
+                    width={props.width}
+                    height={props.height}
+                >
+                    {Row}
+                </List>
+            }}
+        </AutoSizer>
     </Box>
 }

From fb6572623aefd127c9cc53e7c5d1842c0a2386cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 13 Aug 2023 22:24:08 +0200
Subject: [PATCH 1423/2268] fix: Use prefix for event ids

---
 pkg/webui/events.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 3d99a3008..ec654ff1a 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -193,7 +193,7 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildCommandResultMsg(event), expireIn)
+				h.updateEvent("cr-"+event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildCommandResultMsg(event), expireIn)
 			case event, ok := <-validateResultsCh:
 				if !ok {
 					status.Error(h.server.ctx, "results channel closed unexpectedly")
@@ -203,7 +203,7 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildValidateResultMsg(event), expireIn)
+				h.updateEvent("vr-"+event.Summary.Id, &ProjectTargetKey{Project: event.Summary.ProjectKey, Target: event.Summary.TargetKey}, buildValidateResultMsg(event), expireIn)
 			case event, ok := <-kluctlDeploymentsCh:
 				if !ok {
 					status.Error(h.server.ctx, "results channel closed unexpectedly")
@@ -213,7 +213,7 @@ func (h *eventsHandler) startEventsWatcher() error {
 				if event.Delete {
 					expireIn = &expireDeletions
 				}
-				h.updateEvent(string(event.Deployment.UID), nil, buildKluctlDeploymentMsg(event), expireIn)
+				h.updateEvent("kd-"+string(event.Deployment.UID), nil, buildKluctlDeploymentMsg(event), expireIn)
 			case <-cleanupTimer:
 				h.cleanupEvents()
 				cleanupTimer = time.After(5 * time.Second)

From 0cb90aebfaff20608428234e6fc6f52779a1c3a0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 13 Aug 2023 22:40:58 +0200
Subject: [PATCH 1424/2268] chore: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index d5078f599..257a2feba 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	golang.org/x/net v0.14.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.11.0
-	golang.org/x/term v0.11.0
+	golang.org/x/term v0.11.0 // indirect
 	golang.org/x/text v0.12.0
 	helm.sh/helm/v3 v3.12.2
 	k8s.io/api v0.27.4

From 79ab416edec86e7c3c8525b44731ce2c5c2db39f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 13 Aug 2023 22:41:59 +0200
Subject: [PATCH 1425/2268] chore(deps): Bump helm.sh/helm/v3 from 3.12.2 to
 3.12.3 (#723)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.12.2 to 3.12.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.12.2...v3.12.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index 59900e4d8..92955a8fa 100644
--- a/go.mod
+++ b/go.mod
@@ -40,9 +40,9 @@ require (
 	golang.org/x/sys v0.11.0
 	golang.org/x/term v0.11.0
 	golang.org/x/text v0.12.0
-	helm.sh/helm/v3 v3.12.2
+	helm.sh/helm/v3 v3.12.3
 	k8s.io/api v0.27.4
-	k8s.io/apiextensions-apiserver v0.27.2
+	k8s.io/apiextensions-apiserver v0.27.3
 	k8s.io/apimachinery v0.27.4
 	k8s.io/client-go v0.27.4
 	k8s.io/klog/v2 v2.100.1
@@ -265,11 +265,11 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.27.2 // indirect
-	k8s.io/cli-runtime v0.27.2 // indirect
-	k8s.io/component-base v0.27.2 // indirect
+	k8s.io/apiserver v0.27.3 // indirect
+	k8s.io/cli-runtime v0.27.3 // indirect
+	k8s.io/component-base v0.27.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/kubectl v0.27.2 // indirect
+	k8s.io/kubectl v0.27.3 // indirect
 	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index f2e679e07..1f652cb45 100644
--- a/go.sum
+++ b/go.sum
@@ -1399,8 +1399,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-helm.sh/helm/v3 v3.12.2 h1:kFyDBr/mgJUlyGzVTCieG4wW0zmo7fcNRWK0+FKkxqU=
-helm.sh/helm/v3 v3.12.2/go.mod h1:v1PMayudIfZAvec3Wp4wAErensvK/rv5fu/xCiE6t3I=
+helm.sh/helm/v3 v3.12.3 h1:5y1+Sbty12t48T/t/CGNYUIME5BJ0WKfmW/sobYqkFg=
+helm.sh/helm/v3 v3.12.3/go.mod h1:KPKQiX9IP5HX7o5YnnhViMnNuKiL/lJBVQ47GHe1R0k=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1410,24 +1410,24 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs=
 k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y=
-k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo=
-k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ=
+k8s.io/apiextensions-apiserver v0.27.3 h1:xAwC1iYabi+TDfpRhxh4Eapl14Hs2OftM2DN5MpgKX4=
+k8s.io/apiextensions-apiserver v0.27.3/go.mod h1:BH3wJ5NsB9XE1w+R6SSVpKmYNyIiyIz9xAmBl8Mb+84=
 k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs=
 k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/apiserver v0.27.2 h1:p+tjwrcQEZDrEorCZV2/qE8osGTINPuS5ZNqWAvKm5E=
-k8s.io/apiserver v0.27.2/go.mod h1:EsOf39d75rMivgvvwjJ3OW/u9n1/BmUMK5otEOJrb1Y=
-k8s.io/cli-runtime v0.27.2 h1:9HI8gfReNujKXt16tGOAnb8b4NZ5E+e0mQQHKhFGwYw=
-k8s.io/cli-runtime v0.27.2/go.mod h1:9UecpyPDTkhiYY4d9htzRqN+rKomJgyb4wi0OfrmCjw=
+k8s.io/apiserver v0.27.3 h1:AxLvq9JYtveYWK+D/Dz/uoPCfz8JC9asR5z7+I/bbQ4=
+k8s.io/apiserver v0.27.3/go.mod h1:Y61+EaBMVWUBJtxD5//cZ48cHZbQD+yIyV/4iEBhhNA=
+k8s.io/cli-runtime v0.27.3 h1:h592I+2eJfXj/4jVYM+tu9Rv8FEc/dyCoD80UJlMW2Y=
+k8s.io/cli-runtime v0.27.3/go.mod h1:LzXud3vFFuDFXn2LIrWnscPgUiEj7gQQcYZE2UPn9Kw=
 k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk=
 k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc=
-k8s.io/component-base v0.27.2 h1:neju+7s/r5O4x4/txeUONNTS9r1HsPbyoPBAtHsDCpo=
-k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo=
+k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k=
+k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
-k8s.io/kubectl v0.27.2 h1:sSBM2j94MHBFRWfHIWtEXWCicViQzZsb177rNsKBhZg=
-k8s.io/kubectl v0.27.2/go.mod h1:GCOODtxPcrjh+EC611MqREkU8RjYBh10ldQCQ6zpFKw=
+k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw=
+k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=

From 6c827062adb3485efe5ed52cdcf797febc859d08 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 13 Aug 2023 22:42:12 +0200
Subject: [PATCH 1426/2268] chore(deps): Bump github.com/google/gops from
 0.3.27 to 0.3.28 (#724)

Bumps [github.com/google/gops](https://github.com/google/gops) from 0.3.27 to 0.3.28.
- [Release notes](https://github.com/google/gops/releases)
- [Commits](https://github.com/google/gops/compare/v0.3.27...v0.3.28)

---
updated-dependencies:
- dependency-name: github.com/google/gops
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 92955a8fa..fe66f526e 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.8.1
 	github.com/go-logr/logr v1.2.4
-	github.com/google/gops v0.3.27
+	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -239,7 +239,7 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
diff --git a/go.sum b/go.sum
index 1f652cb45..8b7de7d35 100644
--- a/go.sum
+++ b/go.sum
@@ -425,8 +425,8 @@ github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdY
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gops v0.3.27 h1:BDdWfedShsBbeatZ820oA4DbVOC8yJ4NI8xAlDFWfgI=
-github.com/google/gops v0.3.27/go.mod h1:lYqabmfnq4Q6UumWNx96Hjup5BDAVc8zmfIy0SkNCSk=
+github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
+github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -881,8 +881,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
-github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
+github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
+github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

From c95b76accde25133ab677eeafb838ce217e4b113 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 13 Aug 2023 22:42:22 +0200
Subject: [PATCH 1427/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/secretsmanager (#725)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.20.2 to 1.21.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.21.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.20.2...service/s3/v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fe66f526e..f7ea220ee 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
 	github.com/aws/smithy-go v1.14.1
 	github.com/coreos/go-oidc/v3 v3.6.0
diff --git a/go.sum b/go.sum
index 8b7de7d35..80a229b88 100644
--- a/go.sum
+++ b/go.sum
@@ -136,8 +136,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEY
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2 h1:vlkGQk8JiUo1KmZF4wsZP3qclbyQHSUvLMf8aPOS79g=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.20.2/go.mod h1:Z6Oq1mXqvgwmUxvMrV/jMkQhwm06A9XO015dzGnS8TM=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0 h1:z9faFYBvadv9HdY+oFBgxqCnew9TK+jp9ccxktB5fl4=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0/go.mod h1:Z6Oq1mXqvgwmUxvMrV/jMkQhwm06A9XO015dzGnS8TM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=

From 5306a811e3cb996579063ace214b45db1cacb6e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 00:02:00 +0200
Subject: [PATCH 1428/2268] fix: Don't override kluctl binary path in
 goreleaser

https://github.com/goreleaser/goreleaser/pull/4218 made this unnecessary
and actually broke our nightlies.
---
 .goreleaser.yaml | 2 --
 Dockerfile       | 3 +--
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 9f0408dea..143fefee9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -90,7 +90,6 @@ dockers:
       - "--pull"
       # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
       - "--build-arg=WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e329ef964"
-      - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -106,7 +105,6 @@ dockers:
       - "--pull"
       # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
       - "--build-arg=WOLFI_DIGEST=sha256:05a4280b4c5b5cafc7eb2a012983bc79e3ddca938f01ddc3deb797ca3fddd399"
-      - "--build-arg=BIN_PATH=kluctl"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
diff --git a/Dockerfile b/Dockerfile
index 043508693..33b61cc71 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,8 +9,7 @@ RUN apk add git tzdata
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache
 
-ARG BIN_PATH=bin/kluctl
-COPY $BIN_PATH /usr/bin/
+COPY bin/kluctl /usr/bin/
 
 USER 65532:65532
 

From a70ccca0638cb4cf55377caffc7c2a3edcf4a271 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 00:02:32 +0200
Subject: [PATCH 1429/2268] fix: Use repository instead of tap in goreleaser
 config

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 143fefee9..55e5e3fa4 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -122,7 +122,7 @@ docker_manifests:
 
 brews:
   - name: kluctl
-    tap:
+    repository:
       owner: kluctl
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"

From f624a43b17b6230fab7bbfc9c4cfe7b54c16fd56 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 00:02:46 +0200
Subject: [PATCH 1430/2268] fix: Fix race condition in getMissingObjects

---
 pkg/deployment/utils/remote_objects_utils.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index beb8abb3e..239c751fe 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -149,7 +149,9 @@ func (u *RemoteObjectUtils) getMissingObjects(k *k8s.K8sCluster, refs []k8s2.Obj
 					return
 				}
 				if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
+					mutex.Lock()
 					permissionErrCount += 1
+					mutex.Unlock()
 					return
 				}
 				u.dew.AddError(ref, err)

From fb2a57b7172a0ab72ce378bf891d99f71b76762c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Aug 2023 09:04:38 +0200
Subject: [PATCH 1431/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 from 10.14.1 to 10.15.0 (#715)

* chore(deps): Bump github.com/go-playground/validator/v10

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.14.1 to 10.15.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.14.1...v10.15.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* tests: Fix TestValidateGitProjectSubDir

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 go.mod                       | 2 +-
 go.sum                       | 4 ++--
 pkg/types/validators_test.go | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 104fa6b04..dbbf62e2a 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.23.0
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.14.1
+	github.com/go-playground/validator/v10 v10.15.0
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.15.2
diff --git a/go.sum b/go.sum
index 80a229b88..791315495 100644
--- a/go.sum
+++ b/go.sum
@@ -332,8 +332,8 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+jU0zvx4AqHGnv4k=
-github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.0 h1:nDU5XeOKtB3GEa+uB7GNYwhVKsgjAR7VgKoNB6ryXfw=
+github.com/go-playground/validator/v10 v10.15.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
index e7c2067f3..f29fb24e9 100644
--- a/pkg/types/validators_test.go
+++ b/pkg/types/validators_test.go
@@ -3,7 +3,7 @@ package types
 import (
 	"testing"
 
-	validator "github.com/go-playground/validator/v10"
+	"github.com/go-playground/validator/v10"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -24,7 +24,8 @@ func TestValidateGitProjectSubDir(t *testing.T) {
 	validate.RegisterStructValidation(ValidateGitProject, GitProject{})
 
 	for _, item := range subDirItems {
-		gp := GitProject{SubDir: item.have}
+		u := ParseGitUrlMust("http://example.com/test")
+		gp := GitProject{Url: *u, SubDir: item.have}
 		err := validate.Struct(gp)
 		if item.want {
 			assert.Nil(t, err)

From e6f1dfbca212bb69a6c961d60a9d3276b8f16273 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 13 Jun 2023 07:57:04 +0200
Subject: [PATCH 1432/2268] feat: Allow to mark vars as sensitive

Also automatically mark some vars source types as sensitive by default.
---
 pkg/types/vars_source.go           |  6 +++--
 pkg/types/zz_generated.deepcopy.go |  5 ++++
 pkg/vars/vars_loader.go            | 39 +++++++++++++++++++-----------
 pkg/vars/vars_loader_http.go       | 30 ++++++++++++-----------
 pkg/vars/vars_loader_test.go       | 18 +++++++++-----
 pkg/webui/ui/src/models.ts         |  4 +++
 6 files changed, 66 insertions(+), 36 deletions(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 1723111c5..ca33e3be5 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -56,6 +56,7 @@ type VarsSourceVault struct {
 type VarsSource struct {
 	IgnoreMissing *bool `json:"ignoreMissing,omitempty"`
 	NoOverride    *bool `json:"noOverride,omitempty"`
+	Sensitive     *bool `json:"sensitive,omitempty"`
 
 	Values            *uo.UnstructuredObject              `json:"values,omitempty"`
 	File              *string                             `json:"file,omitempty"`
@@ -70,7 +71,8 @@ type VarsSource struct {
 	When string `json:"when,omitempty"`
 
 	// these are only allowed when writing the command result
-	RenderedVars *uo.UnstructuredObject `json:"renderedVars,omitempty"`
+	RenderedSensitive bool                   `json:"renderedSensitive,omitempty"`
+	RenderedVars      *uo.UnstructuredObject `json:"renderedVars,omitempty"`
 }
 
 func ValidateVarsSource(sl validator.StructLevel) {
@@ -80,7 +82,7 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
 		switch v.Type().Field(i).Name {
-		case "IgnoreMissing", "NoOverride", "When", "RenderedVars":
+		case "IgnoreMissing", "NoOverride", "When", "RenderedSensitive", "RenderedVars":
 			continue
 		}
 		if !v.Field(i).IsNil() {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 333da6c3d..ebe3ab596 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -727,6 +727,11 @@ func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.Sensitive != nil {
+		in, out := &in.Sensitive, &out.Sensitive
+		*out = new(bool)
+		**out = **in
+	}
 	if in.Values != nil {
 		in, out := &in.Values, &out.Values
 		*out = (*in).DeepCopy()
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index c8109b111..f810c41e4 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -97,6 +97,7 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 	}
 
 	var newVars *uo.UnstructuredObject
+	var sensitive bool
 	if source.Values != nil {
 		newVars = source.Values
 		if rootKey != "" {
@@ -105,21 +106,25 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 			})
 		}
 	} else if source.File != nil {
-		newVars, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
+		newVars, sensitive, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
 	} else if source.Git != nil {
-		newVars, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
+		newVars, sensitive, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
 		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
 		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
+		sensitive = true
 	} else if source.SystemEnvVars != nil {
 		newVars, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
+		sensitive = true
 	} else if source.Http != nil {
-		newVars, err = v.loadHttp(varsCtx, &source, ignoreMissing)
+		newVars, sensitive, err = v.loadHttp(varsCtx, &source, ignoreMissing)
 	} else if source.AwsSecretsManager != nil {
 		newVars, err = v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing)
+		sensitive = true
 	} else if source.Vault != nil {
 		newVars, err = v.loadVault(varsCtx, &source, ignoreMissing)
+		sensitive = true
 	} else {
 		return fmt.Errorf("invalid vars source")
 	}
@@ -127,6 +132,12 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 		return err
 	}
 
+	if sourceIn.Sensitive != nil {
+		// override the default
+		sensitive = *sourceIn.Sensitive
+	}
+
+	sourceIn.RenderedSensitive = sensitive
 	sourceIn.RenderedVars = newVars.Clone()
 
 	if source.NoOverride == nil || !*source.NoOverride {
@@ -147,32 +158,32 @@ func (v *VarsLoader) mergeVars(varsCtx *VarsCtx, newVars *uo.UnstructuredObject,
 	}
 }
 
-func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool, searchDirs []string) (*uo.UnstructuredObject, bool, error) {
 	rendered, err := varsCtx.RenderFile(path, searchDirs)
 	if err != nil {
 		// TODO the Jinja2 renderer should be able to better report this error
 		if ignoreMissing && err.Error() == fmt.Sprintf("template %s not found", path) {
-			return uo.New(), nil
+			return uo.New(), false, nil
 		}
-		return nil, fmt.Errorf("failed to render vars file %s: %w", path, err)
+		return nil, false, fmt.Errorf("failed to render vars file %s: %w", path, err)
 	}
 
 	format := formats.FormatForPath(path)
-	decrypted, _, err := sops.MaybeDecrypt(v.sops, []byte(rendered), format, format)
+	decrypted, sensitive, err := sops.MaybeDecrypt(v.sops, []byte(rendered), format, format)
 	if err != nil {
-		return nil, fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
+		return nil, false, fmt.Errorf("failed to decrypt vars file %s: %w", path, err)
 	}
 	rendered = string(decrypted)
 
 	newVars := uo.New()
 	err = yaml.ReadYamlString(rendered, newVars)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	if err != nil {
-		return nil, fmt.Errorf("failed to load vars from %s: %w", path, err)
+		return nil, false, fmt.Errorf("failed to load vars from %s: %w", path, err)
 	}
-	return newVars, nil
+	return newVars, sensitive, nil
 }
 
 func (v *VarsLoader) loadSystemEnvs(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool, rootKey string) (*uo.UnstructuredObject, error) {
@@ -261,10 +272,10 @@ func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignor
 	return v.loadFromString(varsCtx, *secret)
 }
 
-func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, bool, error) {
 	ge, err := v.rp.GetEntry(gitFile.Url)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 
 	if gitFile.Ref != nil && gitFile.Ref.Ref != "" {
@@ -275,7 +286,7 @@ func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *typ
 
 	clonedDir, _, err := ge.GetClonedDir(gitFile.Ref)
 	if err != nil {
-		return nil, fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
+		return nil, false, fmt.Errorf("failed to load vars from git repository %s: %w", gitFile.Url.String(), err)
 	}
 
 	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir})
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 5174b830e..30fae03f8 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -64,12 +64,13 @@ func (v *VarsLoader) doHttp(httpSource *types.VarsSourceHttp, ignoreMissing bool
 	return resp, string(respBody), nil
 }
 
-func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, bool, error) {
+	sensitive := false
 	resp, respBody, err := v.doHttp(source.Http, ignoreMissing, "", "")
 	if err != nil && resp != nil && resp.StatusCode == http.StatusUnauthorized {
 		chgs := challenge.ResponseChallenges(resp)
 		if len(chgs) == 0 {
-			return nil, err
+			return nil, false, err
 		}
 
 		var realms []string
@@ -86,7 +87,7 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 		if !ok {
 			username, password, err := prompts.AskForCredentials(v.ctx, fmt.Sprintf("Please enter credentials for host '%s'", source.Http.Url.Host))
 			if err != nil {
-				return nil, err
+				return nil, false, err
 			}
 			creds = usernamePassword{
 				username: username,
@@ -97,13 +98,14 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 
 		resp, respBody, err = v.doHttp(source.Http, ignoreMissing, creds.username, creds.password)
 		if err != nil {
-			return nil, err
+			return nil, false, err
 		}
+		sensitive = true
 	} else if err != nil {
 		if ignoreMissing && resp != nil && resp.StatusCode == http.StatusNotFound {
-			return uo.New(), nil
+			return uo.New(), false, nil
 		}
-		return nil, err
+		return nil, false, err
 	}
 
 	var respObj interface{}
@@ -111,34 +113,34 @@ func (v *VarsLoader) loadHttp(varsCtx *VarsCtx, source *types.VarsSource, ignore
 
 	err = yaml.ReadYamlString(respBody, &respObj)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 	if source.Http.JsonPath != nil {
 		p, err := uo.NewMyJsonPath(*source.Http.JsonPath)
 		if err != nil {
-			return nil, err
+			return nil, false, err
 		}
 		x, ok := p.GetFirstFromAny(respObj)
 		if !ok {
-			return nil, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
+			return nil, false, fmt.Errorf("%s not found in result from http request %s", *source.Http.JsonPath, source.Http.Url.String())
 		}
 		s, ok := x.(string)
 		if !ok {
-			return nil, fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
+			return nil, false, fmt.Errorf("%s in result of http request %s is not a string", *source.Http.JsonPath, source.Http.Url.String())
 		}
 		newVars, err = uo.FromString(s)
 		if err != nil {
-			return nil, err
+			return nil, false, err
 		}
 	} else {
 		x, ok := respObj.(map[string]interface{})
 		if !ok {
-			return nil, fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
+			return nil, false, fmt.Errorf("result of http request %s is not an object", source.Http.Url.String())
 		}
 		newVars = uo.FromMap(x)
 	}
-	return newVars, nil
+	return newVars, sensitive, nil
 }
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 1ae6183d1..2ede55e81 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -155,13 +155,15 @@ func (s *VarsLoaderTestSuite) TestFile() {
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+		vs := &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
-		}, []string{d}, "")
+		}
+		err := vl.LoadVars(context.TODO(), vc, vs, []string{d}, "")
 		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(s.T(), int64(42), v)
+		assert.False(s.T(), vs.RenderedSensitive)
 	})
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
@@ -195,13 +197,15 @@ func (s *VarsLoaderTestSuite) TestSopsFile() {
 	s.T().Setenv(age.SopsAgeKeyEnv, string(key))
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
-		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+		vs := &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
-		}, []string{d}, "")
+		}
+		err := vl.LoadVars(context.TODO(), vc, vs, []string{d}, "")
 		assert.NoError(s.T(), err)
 
 		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
 		assert.Equal(s.T(), int64(42), v)
+		assert.True(s.T(), vs.RenderedSensitive)
 	})
 }
 
@@ -464,15 +468,17 @@ func (s *VarsLoaderTestSuite) TestClusterSecret() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
 		b := true
-		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+		vs := &types.VarsSource{
 			IgnoreMissing: &b,
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s-missing",
 				Namespace: s.namespace(),
 				Key:       "vars",
 			},
-		}, nil, "")
+		}
+		err := vl.LoadVars(context.TODO(), vc, vs, nil, "")
 		assert.NoError(s.T(), err)
+		assert.True(s.T(), vs.RenderedSensitive)
 	})
 }
 
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index c27e251b6..9e3b928a4 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -295,6 +295,7 @@ export class VarsSourceGit {
 export class VarsSource {
     ignoreMissing?: boolean;
     noOverride?: boolean;
+    sensitive?: boolean;
     values?: any;
     file?: string;
     git?: VarsSourceGit;
@@ -305,12 +306,14 @@ export class VarsSource {
     awsSecretsManager?: VarsSourceAwsSecretsManager;
     vault?: VarsSourceVault;
     when?: string;
+    renderedSensitive?: boolean;
     renderedVars?: any;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.ignoreMissing = source["ignoreMissing"];
         this.noOverride = source["noOverride"];
+        this.sensitive = source["sensitive"];
         this.values = source["values"];
         this.file = source["file"];
         this.git = this.convertValues(source["git"], VarsSourceGit);
@@ -321,6 +324,7 @@ export class VarsSource {
         this.awsSecretsManager = this.convertValues(source["awsSecretsManager"], VarsSourceAwsSecretsManager);
         this.vault = this.convertValues(source["vault"], VarsSourceVault);
         this.when = source["when"];
+        this.renderedSensitive = source["renderedSensitive"];
         this.renderedVars = source["renderedVars"];
     }
 

From 3f0f0a33324b9a46180971479bd58eac0e454a7a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 16:54:46 +0200
Subject: [PATCH 1433/2268] feat: Redact sensitive vars in webui api

---
 pkg/types/result/command_result.go |  6 +++---
 pkg/types/result/compact.go        |  2 +-
 pkg/webui/auth.go                  |  9 ++++++++-
 pkg/webui/auth_admin.go            |  2 --
 pkg/webui/server.go                | 31 ++++++++++++++++++++++++++++++
 5 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 9a291524d..ab224a38e 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -157,9 +157,9 @@ func (cr *CommandResult) ToReducedObjects() *CommandResult {
 	ret.Objects = make([]ResultObject, len(ret.Objects))
 	for i, o := range cr.Objects {
 		ret.Objects[i] = o
-		ret.Objects[i].Rendered = buildReducedObject(o.Rendered)
-		ret.Objects[i].Remote = buildReducedObject(o.Remote)
-		ret.Objects[i].Applied = buildReducedObject(o.Applied)
+		ret.Objects[i].Rendered = BuildReducedObject(o.Rendered)
+		ret.Objects[i].Remote = BuildReducedObject(o.Remote)
+		ret.Objects[i].Applied = BuildReducedObject(o.Applied)
 	}
 	return &ret
 }
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
index 6caa48aaf..730e91bb7 100644
--- a/pkg/types/result/compact.go
+++ b/pkg/types/result/compact.go
@@ -154,7 +154,7 @@ func (l *CompactedObjects) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-func buildReducedObject(o *uo.UnstructuredObject) *uo.UnstructuredObject {
+func BuildReducedObject(o *uo.UnstructuredObject) *uo.UnstructuredObject {
 	if o == nil {
 		return nil
 	}
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 122884877..e8d1eea20 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -62,7 +62,6 @@ type authHandler struct {
 type User struct {
 	Username string `json:"username"`
 	IsAdmin  bool   `json:"isAdmin"`
-	RbacUser string `json:"RbacUser"`
 }
 
 func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig AuthConfig) (*authHandler, error) {
@@ -169,6 +168,14 @@ func (s *authHandler) getUser(c *gin.Context) *User {
 	return nil
 }
 
+func (s *authHandler) getRbacUser(user *User) string {
+	if user.IsAdmin {
+		return s.authConfig.AdminRbacUser
+	} else {
+		return s.authConfig.ViewerRbacUser
+	}
+}
+
 func (s *authHandler) authHandler(c *gin.Context) {
 	if !s.authConfig.AuthEnabled {
 		return
diff --git a/pkg/webui/auth_admin.go b/pkg/webui/auth_admin.go
index 98e4adcde..2166f26c7 100644
--- a/pkg/webui/auth_admin.go
+++ b/pkg/webui/auth_admin.go
@@ -102,7 +102,6 @@ func (s *authHandler) getAdminUser(id string) *User {
 		Username: id,
 		IsAdmin:  true,
 	}
-	u.RbacUser = s.authConfig.AdminRbacUser
 	return u
 }
 
@@ -111,6 +110,5 @@ func (s *authHandler) getViewerUser(id string) *User {
 		Username: id,
 		IsAdmin:  false,
 	}
-	u.RbacUser = s.authConfig.ViewerRbacUser
 	return u
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 49727cfb5..6cfe9d0c8 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -255,6 +255,33 @@ func (ref refParam) toK8sRef() k8s.ObjectRef {
 	}
 }
 
+func (s *CommandResultsServer) redactSensitiveVars(user *User, d *types.DeploymentProjectConfig) {
+	if d == nil {
+		return
+	}
+	if user.IsAdmin {
+		// don't redact vars
+		return
+	}
+
+	doRedact := func(vars *types.VarsSource) {
+		if vars.RenderedSensitive {
+			vars.RenderedVars = nil
+		}
+	}
+
+	for _, v := range d.Vars {
+		doRedact(v)
+	}
+
+	for _, di := range d.Deployments {
+		for _, v := range di.Vars {
+			doRedact(v)
+		}
+		s.redactSensitiveVars(user, di.RenderedInclude)
+	}
+}
+
 func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 	var params resultIdParam
 
@@ -277,6 +304,10 @@ func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 		return
 	}
 
+	user := s.auth.getUser(c)
+
+	s.redactSensitiveVars(user, sr.Deployment)
+
 	c.JSON(http.StatusOK, sr)
 }
 

From 96d101347dd9c445e7572605d363e2578f59c1c8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 16:55:25 +0200
Subject: [PATCH 1434/2268] feat: Forbid access to remote/applied objects and
 all secrets when not an admin

---
 pkg/webui/server.go                           | 52 +++++++++++++++++--
 .../src/components/result-view/SidePanel.tsx  | 11 ++--
 .../components/result-view/nodes/NodeData.tsx |  4 +-
 .../result-view/nodes/ObjectNode.tsx          | 16 +++---
 4 files changed, 65 insertions(+), 18 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6cfe9d0c8..7f9f48a25 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -7,12 +7,14 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"net"
@@ -282,6 +284,28 @@ func (s *CommandResultsServer) redactSensitiveVars(user *User, d *types.Deployme
 	}
 }
 
+func (s *CommandResultsServer) checkObjectAccess(c *gin.Context, user *User, o *uo.UnstructuredObject, objectType string) (bool, *uo.UnstructuredObject) {
+	if user.IsAdmin {
+		// everything allowed
+		return true, o
+	}
+	if o == nil {
+		return true, o
+	}
+
+	// non-admins can only see the rendered version
+	if objectType != "rendered" {
+		return false, o
+	}
+
+	// but no secrets
+	if o.GetK8sRef().GroupKind() == (schema.GroupKind{Kind: "Secret"}) {
+		return false, nil
+	}
+
+	return true, o
+}
+
 func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 	var params resultIdParam
 
@@ -308,6 +332,13 @@ func (s *CommandResultsServer) getCommandResult(c *gin.Context) {
 
 	s.redactSensitiveVars(user, sr.Deployment)
 
+	for i, _ := range sr.Objects {
+		o := &sr.Objects[i]
+		_, o.Rendered = s.checkObjectAccess(c, user, o.Rendered, "rendered")
+		_, o.Remote = s.checkObjectAccess(c, user, o.Remote, "remote")
+		_, o.Applied = s.checkObjectAccess(c, user, o.Applied, "applied")
+	}
+
 	c.JSON(http.StatusOK, sr)
 }
 
@@ -359,16 +390,26 @@ func (s *CommandResultsServer) getCommandResultObject(c *gin.Context) {
 		return
 	}
 
+	user := s.auth.getUser(c)
+
+	var ok bool
 	var o2 *uo.UnstructuredObject
 	switch objectType.ObjectType {
 	case "rendered":
-		o2 = found.Rendered
+		ok, o2 = s.checkObjectAccess(c, user, found.Rendered, objectType.ObjectType)
 	case "remote":
-		o2 = found.Remote
+		ok, o2 = s.checkObjectAccess(c, user, found.Remote, objectType.ObjectType)
 	case "applied":
-		o2 = found.Applied
+		ok, o2 = s.checkObjectAccess(c, user, found.Applied, objectType.ObjectType)
+	default:
+		c.AbortWithStatus(http.StatusNotFound)
+		return
 	}
-	if o2 == nil {
+
+	if !ok {
+		c.AbortWithStatus(http.StatusForbidden)
+		return
+	} else if o2 == nil {
 		c.AbortWithStatus(http.StatusNotFound)
 		return
 	}
@@ -409,7 +450,8 @@ func (s *CommandResultsServer) doModifyKluctlDeployment(c *gin.Context, clusterI
 		return
 	}
 
-	kc, err := ca.getClient(user.RbacUser, nil)
+	rbacUser := s.auth.getRbacUser(user)
+	kc, err := ca.getClient(rbacUser, nil)
 	if err != nil {
 		_ = c.AbortWithError(http.StatusInternalServerError, err)
 		return
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
index 39716175d..972f631fd 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/result-view/SidePanel.tsx
@@ -1,8 +1,10 @@
 import { Box, Divider, IconButton, Paper, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useEffect, useMemo, useState } from "react";
+import React, { useCallback, useContext, useEffect, useMemo, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { CloseIcon } from "../../icons/Icons";
 import { light } from "../theme";
+import { User } from "../../api";
+import { UserContext } from "../App";
 
 export interface SidePanelTab {
     label: string
@@ -11,7 +13,7 @@ export interface SidePanelTab {
 
 export interface SidePanelProvider {
     buildSidePanelTitle(): React.ReactNode
-    buildSidePanelTabs(): SidePanelTab[]
+    buildSidePanelTabs(user?: User): SidePanelTab[]
 }
 
 export interface SidePanelProps {
@@ -21,14 +23,15 @@ export interface SidePanelProps {
 
 export function useSidePanelTabs(provider?: SidePanelProvider) {
     const [selectedTab, setSelectedTab] = useState<string>();
+    const user = useContext(UserContext)
 
     const handleTabChange = useCallback((_e: React.SyntheticEvent, value: string) => {
         setSelectedTab(value);
     }, []);
 
     const tabs = useMemo(
-        () => provider?.buildSidePanelTabs() || [],
-        [provider]
+        () => provider?.buildSidePanelTabs(user) || [],
+        [provider, user]
     );
 
     useEffect(() => {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
index 771c5fdce..1b1715c1d 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
@@ -4,7 +4,7 @@ import { Box, Divider, Typography } from "@mui/material";
 import { CommandResultProps } from "../CommandResultView";
 import { ChangesTable } from "../ChangesTable";
 import { ErrorsTable } from "../../ErrorsTable";
-import { ObjectType } from "../../../api";
+import { ObjectType, User } from "../../../api";
 import { ObjectYaml } from "../../ObjectYaml";
 import { StatusLine } from "../CommandResultStatusLine";
 import { SidePanelProvider, SidePanelTab } from "../SidePanel";
@@ -110,7 +110,7 @@ export abstract class NodeData implements SidePanelProvider {
 
     abstract buildIcon(): [React.ReactNode, string]
 
-    abstract buildSidePanelTabs(): SidePanelTab[]
+    abstract buildSidePanelTabs(user: User): SidePanelTab[]
 
     buildStatusLine(): React.ReactNode {
         return <StatusLine
diff --git a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
index 24b14c524..ed1b38103 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
@@ -4,7 +4,7 @@ import { ObjectRef } from "../../../models";
 import { NodeData } from "./NodeData";
 import { PublishedWithChanges, Settings, SettingsEthernet, SmartToy, SvgIconComponent } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
-import { findObjectByRef, ObjectType } from "../../../api";
+import { findObjectByRef, ObjectType, User } from "../../../api";
 import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
 import { BracketsCurlyIcon } from '../../../icons/Icons';
@@ -40,7 +40,7 @@ export class ObjectNodeData extends NodeData {
         return [<BracketsCurlyIcon />, snStr]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(user?: User): SidePanelTab[] {
         const tabs = [
             { label: "Summary", content: this.buildSummaryPage() }
         ]
@@ -51,11 +51,13 @@ export class ObjectNodeData extends NodeData {
             tabs.push({ label: "Rendered", content: this.buildObjectPage(this.objectRef, ObjectType.Rendered) })
         }
 
-        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.remote) {
-            tabs.push({ label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote) })
-        }
-        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.applied) {
-            tabs.push({ label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied) })
+        if (user?.isAdmin) {
+            if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.remote) {
+                tabs.push({ label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote) })
+            }
+            if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.applied) {
+                tabs.push({ label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied) })
+            }
         }
 
         return tabs

From 41c3f5c3a51239d7c3bec4b3353d7da3ca2ccbef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 17:03:12 +0200
Subject: [PATCH 1435/2268] refactor: Move KluctlDeploymentInfo ouf of
 CommandInfo into CommandResult

---
 pkg/controllers/kluctl_project.go          |  4 ++--
 pkg/results/result-store-secrets.go        | 10 +++++-----
 pkg/types/result/command_result.go         | 18 +++++++++---------
 pkg/types/result/command_result_summary.go | 16 +++++++++-------
 pkg/types/result/zz_generated.deepcopy.go  | 15 ++++++++++-----
 pkg/webui/ui/src/models.ts                 |  6 ++++--
 pkg/webui/ui/src/project-summaries.ts      |  8 ++++----
 7 files changed, 43 insertions(+), 34 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index a3886ff3f..282750831 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -664,13 +664,13 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 
 	cmdResult.Id = crId
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
-	cmdResult.Command.KluctlDeployment = &result.KluctlDeploymentInfo{
+	cmdResult.KluctlDeployment = &result.KluctlDeploymentInfo{
 		Name:      pt.pp.obj.Name,
 		Namespace: pt.pp.obj.Namespace,
 	}
 
 	var err error
-	cmdResult.Command.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
+	cmdResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index e82052b24..a2097048a 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -191,9 +191,9 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 	if cr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
 	}
-	if cr.Command.KluctlDeployment != nil {
-		secret.Labels["kluctl.io/result-deployment-name"] = cr.Command.KluctlDeployment.Name
-		secret.Labels["kluctl.io/result-deployment-namespace"] = cr.Command.KluctlDeployment.Namespace
+	if cr.KluctlDeployment != nil {
+		secret.Labels["kluctl.io/result-deployment-name"] = cr.KluctlDeployment.Name
+		secret.Labels["kluctl.io/result-deployment-namespace"] = cr.KluctlDeployment.Namespace
 	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
@@ -342,10 +342,10 @@ func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
 	}
 
 	for _, e := range commandResults {
-		if e.summary.Command.KluctlDeployment == nil {
+		if e.summary.KluctlDeployment == nil {
 			continue
 		}
-		tryDeleteResult(e.name, e.summary.Command.KluctlDeployment, e.summary.Id, "command result")
+		tryDeleteResult(e.name, e.summary.KluctlDeployment, e.summary.Id, "command result")
 	}
 	for _, e := range validateResults {
 		if e.summary.KluctlDeployment == nil {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index ab224a38e..df358b324 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -77,7 +77,6 @@ type CommandInfo struct {
 	Initiator             CommandInitiator       `json:"initiator" validate:"oneof=CommandLine KluctlDeployment"`
 	StartTime             metav1.Time            `json:"startTime"`
 	EndTime               metav1.Time            `json:"endTime"`
-	KluctlDeployment      *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
 	Command               string                 `json:"command,omitempty"`
 	Target                string                 `json:"target,omitempty"`
 	TargetNameOverride    string                 `json:"targetNameOverride,omitempty"`
@@ -127,14 +126,15 @@ type ResultObject struct {
 }
 
 type CommandResult struct {
-	Id          string                         `json:"id"`
-	ProjectKey  ProjectKey                     `json:"projectKey"`
-	TargetKey   TargetKey                      `json:"targetKey"`
-	Target      types.Target                   `json:"target"`
-	Command     CommandInfo                    `json:"command,omitempty"`
-	GitInfo     GitInfo                        `json:"gitInfo,omitempty"`
-	ClusterInfo ClusterInfo                    `json:"clusterInfo"`
-	Deployment  *types.DeploymentProjectConfig `json:"deployment,omitempty"`
+	Id               string                         `json:"id"`
+	ProjectKey       ProjectKey                     `json:"projectKey"`
+	TargetKey        TargetKey                      `json:"targetKey"`
+	Target           types.Target                   `json:"target"`
+	Command          CommandInfo                    `json:"command,omitempty"`
+	KluctlDeployment *KluctlDeploymentInfo          `json:"kluctlDeployment,omitempty"`
+	GitInfo          GitInfo                        `json:"gitInfo,omitempty"`
+	ClusterInfo      ClusterInfo                    `json:"clusterInfo"`
+	Deployment       *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
 	Objects []ResultObject `json:"objects,omitempty"`
 
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index 3ad691bcd..535ed2353 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -5,13 +5,14 @@ import (
 )
 
 type CommandResultSummary struct {
-	Id          string       `json:"id"`
-	ProjectKey  ProjectKey   `json:"projectKey"`
-	TargetKey   TargetKey    `json:"targetKey"`
-	Target      types.Target `json:"target"`
-	Command     CommandInfo  `json:"commandInfo"`
-	GitInfo     GitInfo      `json:"gitInfo,omitempty"`
-	ClusterInfo ClusterInfo  `json:"clusterInfo,omitempty"`
+	Id               string                `json:"id"`
+	ProjectKey       ProjectKey            `json:"projectKey"`
+	TargetKey        TargetKey             `json:"targetKey"`
+	Target           types.Target          `json:"target"`
+	Command          CommandInfo           `json:"commandInfo"`
+	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	GitInfo          GitInfo               `json:"gitInfo,omitempty"`
+	ClusterInfo      ClusterInfo           `json:"clusterInfo,omitempty"`
 
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`
@@ -50,6 +51,7 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 		TargetKey:          cr.TargetKey,
 		Target:             cr.Target,
 		Command:            cr.Command,
+		KluctlDeployment:   cr.KluctlDeployment,
 		GitInfo:            cr.GitInfo,
 		ClusterInfo:        cr.ClusterInfo,
 		RenderedObjects:    count(func(o ResultObject) bool { return o.Rendered != nil }),
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 6d512e63f..d560f5b32 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -117,11 +117,6 @@ func (in *CommandInfo) DeepCopyInto(out *CommandInfo) {
 	*out = *in
 	in.StartTime.DeepCopyInto(&out.StartTime)
 	in.EndTime.DeepCopyInto(&out.EndTime)
-	if in.KluctlDeployment != nil {
-		in, out := &in.KluctlDeployment, &out.KluctlDeployment
-		*out = new(KluctlDeploymentInfo)
-		**out = **in
-	}
 	if in.Args != nil {
 		in, out := &in.Args, &out.Args
 		*out = (*in).DeepCopy()
@@ -172,6 +167,11 @@ func (in *CommandResult) DeepCopyInto(out *CommandResult) {
 	out.TargetKey = in.TargetKey
 	in.Target.DeepCopyInto(&out.Target)
 	in.Command.DeepCopyInto(&out.Command)
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
 	in.GitInfo.DeepCopyInto(&out.GitInfo)
 	out.ClusterInfo = in.ClusterInfo
 	if in.Deployment != nil {
@@ -222,6 +222,11 @@ func (in *CommandResultSummary) DeepCopyInto(out *CommandResultSummary) {
 	out.TargetKey = in.TargetKey
 	in.Target.DeepCopyInto(&out.Target)
 	in.Command.DeepCopyInto(&out.Command)
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
 	in.GitInfo.DeepCopyInto(&out.GitInfo)
 	out.ClusterInfo = in.ClusterInfo
 	if in.Errors != nil {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 9e3b928a4..32da41fe7 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -428,7 +428,6 @@ export class CommandInfo {
     initiator: string;
     startTime: string;
     endTime: string;
-    kluctlDeployment?: KluctlDeploymentInfo;
     command?: string;
     target?: string;
     targetNameOverride?: string;
@@ -451,7 +450,6 @@ export class CommandInfo {
         this.initiator = source["initiator"];
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];
-        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.command = source["command"];
         this.target = source["target"];
         this.targetNameOverride = source["targetNameOverride"];
@@ -624,6 +622,7 @@ export class CommandResult {
     targetKey: TargetKey;
     target: Target;
     command?: CommandInfo;
+    kluctlDeployment?: KluctlDeploymentInfo;
     gitInfo?: GitInfo;
     clusterInfo: ClusterInfo;
     deployment?: DeploymentProjectConfig;
@@ -639,6 +638,7 @@ export class CommandResult {
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.target = this.convertValues(source["target"], Target);
         this.command = this.convertValues(source["command"], CommandInfo);
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
         this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
         this.deployment = this.convertValues(source["deployment"], DeploymentProjectConfig);
@@ -672,6 +672,7 @@ export class CommandResultSummary {
     targetKey: TargetKey;
     target: Target;
     commandInfo: CommandInfo;
+    kluctlDeployment?: KluctlDeploymentInfo;
     gitInfo?: GitInfo;
     clusterInfo?: ClusterInfo;
     renderedObjects: number;
@@ -693,6 +694,7 @@ export class CommandResultSummary {
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.target = this.convertValues(source["target"], Target);
         this.commandInfo = this.convertValues(source["commandInfo"], CommandInfo);
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
         this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
         this.renderedObjects = source["renderedObjects"];
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 26beee9fe..0d9b1a43a 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -141,19 +141,19 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     })
 
     sortedCommandResults.forEach(rs => {
-        if (rs.commandInfo.kluctlDeployment) {
+        if (rs.kluctlDeployment) {
             // filter out command results from KluctlDeployments for which the KluctlDeployment itself vanished
-            const key = buildKdKey(rs.commandInfo.kluctlDeployment.clusterId, rs.commandInfo.kluctlDeployment.name, rs.commandInfo.kluctlDeployment.namespace)
+            const key = buildKdKey(rs.kluctlDeployment.clusterId, rs.kluctlDeployment.name, rs.kluctlDeployment.namespace)
             if (!kluctlDeploymentsByKdKey.has(key)) {
                 return
             }
         }
 
-        if (!filterTarget(undefined, rs.commandInfo.kluctlDeployment, rs.projectKey, rs.targetKey)) {
+        if (!filterTarget(undefined, rs.kluctlDeployment, rs.projectKey, rs.targetKey)) {
             return
         }
 
-        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, rs.commandInfo.kluctlDeployment, true, true)
+        const target = getOrCreateTarget(rs.projectKey, rs.targetKey, rs.kluctlDeployment, true, true)
         if (!target) {
             return
         }

From ae88db51df3516ef2577083de578bccf32325625 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 22:34:42 +0200
Subject: [PATCH 1436/2268] feat: Implement support for static viewer user

---
 .github/workflows/preview-proxy.yml           |   2 +-
 .github/workflows/preview-run.yml             |   3 +-
 cmd/kluctl/commands/cmd_webui.go              |  14 +-
 pkg/webui/auth.go                             |  45 +++---
 pkg/webui/auth_admin.go                       | 114 ---------------
 pkg/webui/auth_static.go                      | 130 ++++++++++++++++++
 pkg/webui/ui/src/api.tsx                      |   2 +-
 pkg/webui/ui/src/components/Login.tsx         |  10 +-
 .../result-view/nodes/VarsSourceNode.tsx      |  85 +++++++-----
 pkg/webui/ui/src/models.ts                    |   4 +-
 10 files changed, 225 insertions(+), 184 deletions(-)
 delete mode 100644 pkg/webui/auth_admin.go
 create mode 100644 pkg/webui/auth_static.go

diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 578e32f43..905e28acc 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -110,7 +110,7 @@ jobs:
           # Accessing the UI
           The UI is now available at: https://kluctl-preview-${{ github.event.pull_request.number }}.kluctl.com
           
-          When asked for credentials, use admin:admin.
+          When asked for credentials, use admin:admin or viewer:viewer.
           
           # Shutting it down
           Either cancel the pipeline in the PR or simply wait for 30 minutes until it auto-terminates.
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 108e16dec..6ac3099cc 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -130,7 +130,8 @@ jobs:
             -a webui_args='[]'
           kubectl -n kluctl-system create secret generic webui-secret \
             --from-literal auth-secret=secret \
-            --from-literal admin-password=admin
+            --from-literal admin-password=admin \
+            --from-literal viewer-password=viewer
       - name: Run kubectl port-forward
         run: |
           kubectl -n kluctl-system port-forward svc/kluctl-webui 9090:8080 &
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index b4a56fb9c..d1e912ca4 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -28,9 +28,10 @@ type webuiCmd struct {
 	AuthSecretName string `group:"auth" help:"Specify the secret name for the secret used for internal encryption of tokens and cookies." default:"webui-secret"`
 	AuthSecretKey  string `group:"auth" help:"Specify the secret key for the secret used for internal encryption of tokens and cookies." default:"auth-secret"`
 
-	AuthAdminEnabled    bool   `group:"auth" help:"Enable the admin user." default:"true"`
-	AuthAdminSecretName string `group:"auth" help:"Specify the secret name for the admin password." default:"webui-secret"`
-	AuthAdminSecretKey  string `group:"auth" help:"Specify the secret key for the admin password." default:"admin-password"`
+	AuthStaticLoginEnabled    bool   `group:"auth" help:"Enable the admin user." default:"true"`
+	AuthStaticLoginSecretName string `group:"auth" help:"Specify the secret name for the admin and viewer passwords." default:"webui-secret"`
+	AuthStaticAdminSecretKey  string `group:"auth" help:"Specify the secret key for the admin password." default:"admin-password"`
+	AuthStaticViewerSecretKey string `group:"auth" help:"Specify the secret key for the viewer password." default:"viewer-password"`
 
 	AuthAdminRbacUser  string `group:"auth" help:"Specify the RBAC user to use for admin access." default:"kluctl-webui-admin"`
 	AuthViewerRbacUser string `group:"auth" help:"Specify the RBAC user to use for viewer access." default:"kluctl-webui-viewer"`
@@ -60,9 +61,10 @@ func (cmd *webuiCmd) buildAuthConfig(ctx context.Context, c client.Client) (webu
 	authConfig.AuthSecretName = cmd.AuthSecretName
 	authConfig.AuthSecretKey = cmd.AuthSecretKey
 
-	authConfig.AdminEnabled = cmd.AuthAdminEnabled
-	authConfig.AdminSecretName = cmd.AuthAdminSecretName
-	authConfig.AdminSecretKey = cmd.AuthAdminSecretKey
+	authConfig.StaticLoginEnabled = cmd.AuthStaticLoginEnabled
+	authConfig.StaticLoginSecretName = cmd.AuthStaticLoginSecretName
+	authConfig.StaticAdminSecretKey = cmd.AuthStaticAdminSecretKey
+	authConfig.StaticViewerSecretKey = cmd.AuthStaticViewerSecretKey
 
 	authConfig.AdminRbacUser = cmd.AuthAdminRbacUser
 	authConfig.ViewerRbacUser = cmd.AuthViewerRbacUser
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index e8d1eea20..342ddbcae 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -20,11 +20,13 @@ type AuthConfig struct {
 	AuthSecretName string
 	AuthSecretKey  string
 
-	AdminEnabled    bool
-	AdminSecretName string
-	AdminSecretKey  string
-	AdminRbacUser   string
-	ViewerRbacUser  string
+	StaticLoginEnabled    bool
+	StaticLoginSecretName string
+	StaticAdminSecretKey  string
+	StaticViewerSecretKey string
+
+	AdminRbacUser  string
+	ViewerRbacUser string
 
 	OidcIssuerUrl        string
 	OidcDisplayName      string
@@ -52,8 +54,9 @@ type authHandler struct {
 
 	authConfig AuthConfig
 
-	authSecret    []byte
-	adminPassword string
+	authSecret     []byte
+	adminPassword  string
+	viewerPassword string
 
 	oidcProvider *oidc.Provider
 	oauth2Config *oauth2.Config
@@ -77,12 +80,18 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig
 	}
 	ret.authSecret = []byte(x)
 
-	if authConfig.AdminEnabled {
-		x, err = ret.getSecret(authConfig.AdminSecretName, authConfig.AdminSecretKey)
+	if authConfig.StaticLoginEnabled {
+		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticAdminSecretKey)
 		if err != nil {
 			return nil, err
 		}
 		ret.adminPassword = x
+
+		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticViewerSecretKey)
+		if err != nil {
+			return nil, err
+		}
+		ret.viewerPassword = x
 	}
 
 	err = ret.setupOidcProvider(ctx, authConfig)
@@ -103,8 +112,8 @@ func (s *authHandler) setupRoutes(router gin.IRouter) error {
 
 	router.GET("/auth/info", s.authInfoHandler)
 
-	if s.authConfig.AdminEnabled {
-		router.POST("/auth/adminLogin", s.adminLoginHandler)
+	if s.authConfig.StaticLoginEnabled {
+		router.POST("/auth/staticLogin", s.staticLoginHandler)
 	}
 
 	if s.oidcProvider != nil {
@@ -119,8 +128,8 @@ func (s *authHandler) setupRoutes(router gin.IRouter) error {
 }
 
 type AuthInfo struct {
-	AuthEnabled  bool `json:"authEnabled"`
-	AdminEnabled bool `json:"adminEnabled"`
+	AuthEnabled        bool `json:"authEnabled"`
+	StaticLoginEnabled bool `json:"staticLoginEnabled"`
 
 	OidcEnabled     bool   `json:"oidcEnabled"`
 	OidcDisplayName string `json:"oidcName,omitempty"`
@@ -128,10 +137,10 @@ type AuthInfo struct {
 
 func (s *authHandler) authInfoHandler(c *gin.Context) {
 	info := AuthInfo{
-		AuthEnabled:     s.authConfig.AuthEnabled,
-		AdminEnabled:    s.authConfig.AdminEnabled,
-		OidcEnabled:     s.authConfig.OidcIssuerUrl != "",
-		OidcDisplayName: s.authConfig.OidcDisplayName,
+		AuthEnabled:        s.authConfig.AuthEnabled,
+		StaticLoginEnabled: s.authConfig.StaticLoginEnabled,
+		OidcEnabled:        s.authConfig.OidcIssuerUrl != "",
+		OidcDisplayName:    s.authConfig.OidcDisplayName,
 	}
 	c.JSON(http.StatusOK, info)
 }
@@ -152,7 +161,7 @@ func (s *authHandler) getUser(c *gin.Context) *User {
 		return s.getAdminUser("admin")
 	}
 
-	user := s.getAdminUserFromSession(c)
+	user := s.getStaticUserFromSession(c)
 	if user != nil {
 		return user
 	}
diff --git a/pkg/webui/auth_admin.go b/pkg/webui/auth_admin.go
deleted file mode 100644
index 2166f26c7..000000000
--- a/pkg/webui/auth_admin.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package webui
-
-import (
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
-	"net/http"
-	"time"
-)
-
-const (
-	adminExpireTime  = 1 * time.Hour
-	adminRefreshTime = 10 * time.Second
-)
-
-func (s *authHandler) adminLoginHandler(c *gin.Context) {
-	if !s.authConfig.AdminEnabled {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	var loginVals login
-	if err := c.ShouldBind(&loginVals); err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-	userID := loginVals.Username
-	password := loginVals.Password
-
-	if userID != "admin" || password != s.adminPassword {
-		// we only support the admin account at the moment
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	session := sessions.Default(c)
-	session.Set("adminUser", userID)
-	session.Set("adminTime", time.Now())
-
-	if !s.checkIfAdminExpired(session) {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	if err := session.Save(); err != nil {
-		c.AbortWithStatus(http.StatusUnauthorized)
-		return
-	}
-
-	c.JSON(http.StatusOK, "ok")
-}
-
-func (s *authHandler) checkIfAdminExpired(session sessions.Session) bool {
-	adminTimeI := session.Get("adminTime")
-	if adminTimeI == nil {
-		return false
-	}
-	adminTime, ok := adminTimeI.(time.Time)
-	if !ok {
-		return false
-	}
-
-	if time.Now().After(adminTime.Add(adminExpireTime)) {
-		return false
-	}
-
-	if time.Now().After(adminTime.Add(adminRefreshTime)) {
-		session.Set("adminTime", time.Now())
-	}
-
-	return true
-}
-
-func (s *authHandler) getAdminUserFromSession(c *gin.Context) *User {
-	if !s.authConfig.AdminEnabled {
-		return nil
-	}
-
-	session := sessions.Default(c)
-	usernameI := session.Get("adminUser")
-	if usernameI == nil {
-		return nil
-	}
-
-	username, ok := usernameI.(string)
-	if !ok {
-		return nil
-	}
-
-	if !s.checkIfAdminExpired(session) {
-		return nil
-	}
-
-	if err := session.Save(); err != nil {
-		return nil
-	}
-
-	return s.getAdminUser(username)
-}
-
-func (s *authHandler) getAdminUser(id string) *User {
-	u := &User{
-		Username: id,
-		IsAdmin:  true,
-	}
-	return u
-}
-
-func (s *authHandler) getViewerUser(id string) *User {
-	u := &User{
-		Username: id,
-		IsAdmin:  false,
-	}
-	return u
-}
diff --git a/pkg/webui/auth_static.go b/pkg/webui/auth_static.go
new file mode 100644
index 000000000..cf4e4f073
--- /dev/null
+++ b/pkg/webui/auth_static.go
@@ -0,0 +1,130 @@
+package webui
+
+import (
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"time"
+)
+
+const (
+	staticLoginExpireTime  = 1 * time.Hour
+	staticLoginRefreshTime = 10 * time.Second
+)
+
+func (s *authHandler) staticLoginHandler(c *gin.Context) {
+	if !s.authConfig.StaticLoginEnabled {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	var loginVals login
+	if err := c.ShouldBind(&loginVals); err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+	userID := loginVals.Username
+	password := loginVals.Password
+
+	// we only support the admin and viewer accounts at the moment
+	if userID == "admin" {
+		if password != s.adminPassword {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+	} else if userID == "viewer" {
+		if password != s.viewerPassword {
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+	} else {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	session := sessions.Default(c)
+	session.Set("staticUser", userID)
+	session.Set("staticLoginTime", time.Now())
+
+	if !s.checkIfStaticLoginExpired(session) {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	if err := session.Save(); err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	c.JSON(http.StatusOK, "ok")
+}
+
+func (s *authHandler) checkIfStaticLoginExpired(session sessions.Session) bool {
+	staticLoginTimeI := session.Get("staticLoginTime")
+	if staticLoginTimeI == nil {
+		return false
+	}
+	staticLoginTime, ok := staticLoginTimeI.(time.Time)
+	if !ok {
+		return false
+	}
+
+	if time.Now().After(staticLoginTime.Add(staticLoginExpireTime)) {
+		return false
+	}
+
+	if time.Now().After(staticLoginTime.Add(staticLoginRefreshTime)) {
+		session.Set("staticLoginTime", time.Now())
+	}
+
+	return true
+}
+
+func (s *authHandler) getStaticUserFromSession(c *gin.Context) *User {
+	if !s.authConfig.StaticLoginEnabled {
+		return nil
+	}
+
+	session := sessions.Default(c)
+	usernameI := session.Get("staticUser")
+	if usernameI == nil {
+		return nil
+	}
+
+	username, ok := usernameI.(string)
+	if !ok {
+		return nil
+	}
+
+	if !s.checkIfStaticLoginExpired(session) {
+		return nil
+	}
+
+	if err := session.Save(); err != nil {
+		return nil
+	}
+
+	if username == "admin" {
+		return s.getAdminUser(username)
+	} else if username == "viewer" {
+		return s.getViewerUser(username)
+	} else {
+		return nil
+	}
+}
+
+func (s *authHandler) getAdminUser(id string) *User {
+	u := &User{
+		Username: id,
+		IsAdmin:  true,
+	}
+	return u
+}
+
+func (s *authHandler) getViewerUser(id string) *User {
+	u := &User{
+		Username: id,
+		IsAdmin:  false,
+	}
+	return u
+}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index cac3844ce..c97a5c6f3 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -271,7 +271,7 @@ export class StaticApi implements Api {
     async getAuthInfo(): Promise<AuthInfo> {
         const info = new AuthInfo()
         info.authEnabled = false
-        info.adminEnabled = false
+        info.staticLoginEnabled = false
         return info
     }
 
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index 55e7d4683..ca34617d4 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -18,8 +18,8 @@ type LoginResult = {
     statusText: string
 }
 
-async function loginAdminUser(creds: loginCredentials): Promise<LoginResult> {
-    const url = rootPath + `/auth/adminLogin`
+async function loginStaticUser(creds: loginCredentials): Promise<LoginResult> {
+    const url = rootPath + `/auth/staticLogin`
     return fetch(url, {
         method: 'POST',
         headers: {
@@ -52,7 +52,7 @@ export default function Login(props: { authInfo: AuthInfo }) {
             return
         }
 
-        const result = await loginAdminUser({
+        const result = await loginStaticUser({
             username: username,
             password: password,
         });
@@ -76,7 +76,7 @@ export default function Login(props: { authInfo: AuthInfo }) {
         </ErrorMessageCard>
     }
 
-    const adminLogin = <form onSubmit={handleSubmit}>
+    const staticLogin = <form onSubmit={handleSubmit}>
         <Box
             display='flex'
             flexDirection='column'
@@ -150,7 +150,7 @@ export default function Login(props: { authInfo: AuthInfo }) {
         >
             <Typography variant='h1'>Please Log In</Typography>
             <Paper elevation={5} sx={{ width: '400px', borderRadius: '12px', padding: '30px' }}>
-                {props.authInfo.adminEnabled && adminLogin}
+                {props.authInfo.staticLoginEnabled && staticLogin}
                 {props.authInfo.oidcEnabled && oidcLogin}
             </Paper>
         </Box>
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
index b03fe24bf..83b1085ea 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
@@ -5,18 +5,18 @@ import { Category, Cloud, Dvr, Http, Lock, Settings } from "@mui/icons-material"
 import { FileIcon, GitIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
-import { Box } from "@mui/material";
+import { Alert, Box } from "@mui/material";
 import { CommandResultProps } from "../CommandResultView";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
-import { buildGitRefString } from "../../../api";
+import { buildGitRefString, User } from "../../../api";
 
 interface VarsSourceHandler {
     type: string
     label: () => React.ReactNode
     icon: () => React.ReactNode
-    sourceProps: () => {name: string, value: React.ReactNode}[]
+    sourceProps: () => { name: string, value: React.ReactNode }[]
 }
 
 export class VarsSourceNodeData extends NodeData {
@@ -60,9 +60,9 @@ export class VarsSourceNodeData extends NodeData {
                 label: () => {
                     return this.varsSource.file
                 },
-                icon: () => <FileIcon />,
+                icon: () => <FileIcon/>,
                 sourceProps: () => [
-                    {name: "File", value: this.varsSource.file}
+                    { name: "File", value: this.varsSource.file }
                 ]
             }
         } else if (this.varsSource.git) {
@@ -70,7 +70,7 @@ export class VarsSourceNodeData extends NodeData {
                 type: "git",
                 label: () => {
                     const s = this.varsSource.git!.url.split("/")
-                    const name = s[s.length-1]
+                    const name = s[s.length - 1]
                     return <>
                         {name}<br/>
                         {this.varsSource.git!.path}
@@ -79,9 +79,9 @@ export class VarsSourceNodeData extends NodeData {
                 icon: () => <GitIcon/>,
                 sourceProps: () => {
                     const sourceProps = []
-                    sourceProps.push({name: "Url", value: this.varsSource.git!.url})
-                    sourceProps.push({name: "Path", value: this.varsSource.git!.path})
-                    sourceProps.push({name: "Ref", value: buildGitRefString(this.varsSource.git?.ref)})
+                    sourceProps.push({ name: "Url", value: this.varsSource.git!.url })
+                    sourceProps.push({ name: "Path", value: this.varsSource.git!.path })
+                    sourceProps.push({ name: "Ref", value: buildGitRefString(this.varsSource.git?.ref) })
                     return sourceProps
                 }
             }
@@ -97,11 +97,14 @@ export class VarsSourceNodeData extends NodeData {
                 icon: () => icon,
                 sourceProps: () => {
                     const sourceProps = []
-                    sourceProps.push({name: "Name", value: vs.name})
-                    sourceProps.push({name: "Namespace", value: vs.namespace})
-                    sourceProps.push({name: "Key", value: vs.key})
+                    sourceProps.push({ name: "Name", value: vs.name })
+                    sourceProps.push({ name: "Namespace", value: vs.namespace })
+                    sourceProps.push({ name: "Key", value: vs.key })
                     if (vs.labels) {
-                        sourceProps.push({name: "Labels", value: <CodeViewer code={this.labelsYaml!} language={"yaml"}/>})
+                        sourceProps.push({
+                            name: "Labels",
+                            value: <CodeViewer code={this.labelsYaml!} language={"yaml"}/>
+                        })
                     }
                     return sourceProps
                 }
@@ -127,10 +130,10 @@ export class VarsSourceNodeData extends NodeData {
                 icon: () => <Http fontSize={"large"}/>,
                 sourceProps: () => {
                     const sourceProps = []
-                    sourceProps.push({name: "Url", value: this.varsSource.http!.url})
-                    sourceProps.push({name: "Method", value: this.varsSource.http!.method || "GET"})
+                    sourceProps.push({ name: "Url", value: this.varsSource.http!.url })
+                    sourceProps.push({ name: "Method", value: this.varsSource.http!.method || "GET" })
                     if (this.varsSource.http!.jsonPath) {
-                        sourceProps.push({name: "JsonPath", value: this.varsSource.http!.jsonPath})
+                        sourceProps.push({ name: "JsonPath", value: this.varsSource.http!.jsonPath })
                     }
                     return sourceProps
                 }
@@ -144,7 +147,7 @@ export class VarsSourceNodeData extends NodeData {
                 icon: () => <Cloud fontSize={"large"}/>,
                 sourceProps: () => {
                     const sourceProps = []
-                    sourceProps.push({name: "SecretName", value: this.varsSource.awsSecretsManager!.secretName})
+                    sourceProps.push({ name: "SecretName", value: this.varsSource.awsSecretsManager!.secretName })
                     if (this.varsSource.awsSecretsManager!.region) {
                         sourceProps.push({ name: "Region", value: this.varsSource.awsSecretsManager!.region })
                     }
@@ -166,8 +169,8 @@ export class VarsSourceNodeData extends NodeData {
                 icon: () => <Cloud fontSize={"large"}/>,
                 sourceProps: () => {
                     const sourceProps = []
-                    sourceProps.push({name: "Address", value: this.varsSource.vault!.address})
-                    sourceProps.push({name: "Path", value: this.varsSource.vault!.path})
+                    sourceProps.push({ name: "Address", value: this.varsSource.vault!.address })
+                    sourceProps.push({ name: "Path", value: this.varsSource.vault!.path })
                     return sourceProps
                 }
             }
@@ -192,10 +195,10 @@ export class VarsSourceNodeData extends NodeData {
         return [h.icon(), h.type]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(user?: User): SidePanelTab[] {
         const tabs = [
-            {label: "Summary", content: this.buildSummaryPage()},
-            {label: "Vars", content: this.buildVarsPage()}
+            { label: "Summary", content: this.buildSummaryPage() },
+            { label: "Vars", content: this.buildVarsPage(user) }
         ]
         this.buildDiffAndHealthPages(tabs)
         return tabs
@@ -205,14 +208,15 @@ export class VarsSourceNodeData extends NodeData {
         const h = this.getVarsSourceHandler()
 
         const props = [
-            {name: "Type", value: h.type},
+            { name: "Type", value: h.type },
             ...h.sourceProps(),
-            {name: "IgnoreMissing", value: (!!this.varsSource.ignoreMissing) + ""},
-            {name: "NoOverride", value: (!!this.varsSource.noOverride) + ""},
+            { name: "Sensitive", value: (!!this.varsSource.renderedSensitive) + "" },
+            { name: "IgnoreMissing", value: (!!this.varsSource.ignoreMissing) + "" },
+            { name: "NoOverride", value: (!!this.varsSource.noOverride) + "" },
         ]
 
         if (this.varsSource.when) {
-            props.push({name: "When", value: this.varsSource.when})
+            props.push({ name: "When", value: this.varsSource.when })
         }
 
         return <>
@@ -220,16 +224,25 @@ export class VarsSourceNodeData extends NodeData {
         </>
     }
 
-    buildVarsPage(): React.ReactNode {
-        return <Box sx={{
-            overflowY: 'scroll', // Enable vertical scrolling
-            //maxHeight: '400px', // Set a fixed height
-            border: '1px solid #ccc', // Optional border
-            padding: '10px', // Optional padding
-        }}>
-            <pre>
-                <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
-            </pre>
+    buildVarsPage(user?: User): React.ReactNode {
+        const sensitiveWarning = user?.isAdmin && this.varsSource.renderedSensitive
+        const redactedWarning = !user?.isAdmin && this.varsSource.renderedSensitive
+
+        return <Box>
+            {redactedWarning && <Alert severity="error">Only admins can view sensitive vars!</Alert>}
+            {sensitiveWarning && <Alert severity="warning">Warning, the following vars are marked as sensitive!</Alert>}
+
+            {!redactedWarning && <Box sx={{
+                overflowY: 'scroll', // Enable vertical scrolling
+                //maxHeight: '400px', // Set a fixed height
+                border: '1px solid #ccc', // Optional border
+                padding: '10px', // Optional padding
+            }}>
+                <pre>
+                    <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
+                </pre>
+            </Box>
+            }
         </Box>
     }
 }
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 32da41fe7..cb26d5b59 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -924,14 +924,14 @@ export class ProjectTargetKey {
 }
 export class AuthInfo {
     authEnabled: boolean;
-    adminEnabled: boolean;
+    staticLoginEnabled: boolean;
     oidcEnabled: boolean;
     oidcName?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.authEnabled = source["authEnabled"];
-        this.adminEnabled = source["adminEnabled"];
+        this.staticLoginEnabled = source["staticLoginEnabled"];
         this.oidcEnabled = source["oidcEnabled"];
         this.oidcName = source["oidcName"];
     }

From 571cc29a4b2e4773e54b4f44c05dc0b8b097ba0a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 14 Aug 2023 22:49:29 +0200
Subject: [PATCH 1437/2268] docs: Add mention of "sensitive" field for vars
 sources (#728)

---
 docs/reference/templating/variable-sources.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/reference/templating/variable-sources.md b/docs/reference/templating/variable-sources.md
index 8f533d2e6..2d2ac9b92 100644
--- a/docs/reference/templating/variable-sources.md
+++ b/docs/reference/templating/variable-sources.md
@@ -33,6 +33,8 @@ vars:
   noOverride: true
 - file: vars3.yaml
   when: some.var == "value"
+- file: vars3.yaml
+  sensitive: true
 ```
 
 `vars2.yaml` can now use variables that are defined in `vars1.yaml`. A special case is the use of previously defined
@@ -50,6 +52,10 @@ useful if you want to load default values for variables.
 Variables can also be loaded conditionally by specifying a condition via `when: <condition>`. The condition must be in
 the same format as described in [conditional deployment items](../deployments/deployment-yml.md#when)
 
+Specifying `sensitive: true` causes the Webui to redact the underlying variables for non-admin users. This will be set
+to `true` by default for all variable sources that usually load sensitive data, including sops encrypted files and
+Kubernetes secrets.
+
 Different types of vars entries are possible:
 
 ### file

From 36e954fff9c64635b565f636a5eb4604d885580b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Aug 2023 09:04:16 +0200
Subject: [PATCH 1438/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore (#729)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.7.0...sdk/azcore/v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index dbbf62e2a..563f1675b 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
 	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
diff --git a/go.sum b/go.sum
index 791315495..5979e45d0 100644
--- a/go.sum
+++ b/go.sum
@@ -55,8 +55,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 h1:8q4SaHjFsClSvuVne0ID/5Ka8u3fcIHyqkLjcFpNRHQ=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=

From c2628eacbbbff36d4b2f22a85a44930a5c4ccdf2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Aug 2023 16:07:17 +0200
Subject: [PATCH 1439/2268] fix: Actually print final error

---
 cmd/kluctl/commands/root.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index b14b0c253..fbf53303f 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -249,6 +249,8 @@ func Main() {
 
 	initViper(ctx)
 
+	didSetupStatusHandler := false
+
 	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
 		err := setupGops(flags)
 		if err != nil {
@@ -264,6 +266,7 @@ func Main() {
 		}
 
 		ctx = initStatusHandlerAndPrompts(ctx, flags.Debug, flags.NoColor)
+		didSetupStatusHandler = true
 
 		if cmd.Name() != "run" && cmd.Parent().Name() != "controller" {
 			redirectLogsAndStderr(ctx)
@@ -283,6 +286,14 @@ func Main() {
 		cpuProfileFile = nil
 	}
 
+	if err != nil {
+		if didSetupStatusHandler {
+			status.Error(ctx, err.Error())
+		} else {
+			_, _ = fmt.Fprintf(os.Stderr, "%s\n", err.Error())
+		}
+	}
+
 	sh := status.FromContext(ctx)
 	if sh != nil {
 		sh.Stop()

From 70ca447aec2033f909a49ae666fcc0bb2628fca5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Aug 2023 16:08:29 +0200
Subject: [PATCH 1440/2268] fix: Store oidcToken info in session storage
 instead of full ID token

ID tokens can get quite large, leading du issues with cookies.
---
 pkg/webui/auth.go      |  4 +-
 pkg/webui/auth_oidc.go | 84 +++++++++++++++++++++++++-----------------
 2 files changed, 52 insertions(+), 36 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 342ddbcae..b86a8225c 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -104,7 +104,7 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig
 
 func (s *authHandler) setupRoutes(router gin.IRouter) error {
 	gob.Register(map[string]interface{}{})
-	gob.Register(oauth2.Token{})
+	gob.Register(oidcTokenInfo{})
 	gob.Register(time.Time{})
 
 	store := cookie.NewStore(s.authSecret)
@@ -166,7 +166,7 @@ func (s *authHandler) getUser(c *gin.Context) *User {
 		return user
 	}
 
-	user, err := s.getUserFromOidcProfile(c)
+	user, err := s.getUserFromOidcTokenInfo(c, true)
 	if err != nil {
 		return nil
 	}
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index 50a281089..046b16ef6 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -12,8 +12,15 @@ import (
 	"golang.org/x/oauth2"
 	"net/http"
 	"strings"
+	"time"
 )
 
+type oidcTokenInfo struct {
+	RefreshToken string
+	Expiry       time.Time
+	User         *User
+}
+
 func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConfig) error {
 	if authConfig.OidcIssuerUrl == "" {
 		return nil
@@ -78,40 +85,63 @@ func (s *authHandler) oidcLoginHandler(c *gin.Context) {
 	c.Redirect(http.StatusTemporaryRedirect, s.oauth2Config.AuthCodeURL(state, opts...))
 }
 
-func (s *authHandler) storeToken(session sessions.Session, token *oauth2.Token) error {
+func (s *authHandler) storeToken(c *gin.Context, session sessions.Session, token *oauth2.Token) error {
 	rawIDToken, ok := token.Extra("id_token").(string)
 	if !ok {
-		return fmt.Errorf("no id_token field in oauth2 token.")
+		return fmt.Errorf("no id_token field in oauth2 token")
+	}
+
+	idToken, err := s.verifyIDToken(c.Request.Context(), rawIDToken)
+	if err != nil {
+		return err
+	}
+
+	user, err := s.getUserFromIDToken(idToken)
+	if err != nil {
+		return err
+	}
+
+	tokenInfo := oidcTokenInfo{
+		RefreshToken: token.RefreshToken,
+		Expiry:       idToken.Expiry,
+		User:         user,
 	}
 
-	session.Set("token", token)
-	session.Set("id_token", rawIDToken)
+	session.Set("oidcToken", tokenInfo)
 
 	return nil
 }
 
-func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
+func (s *authHandler) handleOidcCallback(c *gin.Context) (int, string) {
 	session := sessions.Default(c)
 	if c.Query("state") != session.Get("state") {
-		c.String(http.StatusBadRequest, "Invalid state parameter.")
-		return
+		return http.StatusBadRequest, "invalid state parameter"
 	}
 
+	session.Delete("state")
+
 	// Exchange an authorization code for a token.
 	token, err := s.oauth2Config.Exchange(c.Request.Context(), c.Query("code"))
 	if err != nil {
-		c.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.")
-		return
+		return http.StatusUnauthorized, err.Error()
 	}
 
-	err = s.storeToken(session, token)
+	err = s.storeToken(c, session, token)
 	if err != nil {
-		c.String(http.StatusBadRequest, err.Error())
-		return
+		return http.StatusUnauthorized, err.Error()
 	}
 
 	if err := session.Save(); err != nil {
-		c.String(http.StatusInternalServerError, err.Error())
+		return http.StatusInternalServerError, err.Error()
+	}
+
+	return http.StatusOK, ""
+}
+
+func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
+	status, errMsg := s.handleOidcCallback(c)
+	if status != http.StatusOK {
+		c.String(status, errMsg)
 		return
 	}
 
@@ -131,36 +161,22 @@ func (s *authHandler) generateRandomState() (string, error) {
 	return state, nil
 }
 
-func (s *authHandler) getUserFromOidcProfile(c *gin.Context) (*User, error) {
+func (s *authHandler) getUserFromOidcTokenInfo(c *gin.Context, allowRefresh bool) (*User, error) {
 	session := sessions.Default(c)
 
-	tokenI := session.Get("token")
-	if tokenI == nil {
-		return nil, nil
-	}
-	token, ok := tokenI.(oauth2.Token)
-	if !ok {
-		return nil, nil
-	}
-
-	rawIdTokenI := session.Get("id_token")
-	if rawIdTokenI == nil {
+	tokenInfoI := session.Get("oidcToken")
+	if tokenInfoI == nil {
 		return nil, nil
 	}
-	rawIdToken, ok := rawIdTokenI.(string)
+	tokenInfo, ok := tokenInfoI.(oidcTokenInfo)
 	if !ok {
 		return nil, nil
 	}
 
-	if !token.Valid() {
-		return nil, nil
-	}
-
-	idToken, err := s.verifyIDToken(c.Request.Context(), rawIdToken)
-	if err != nil {
-		return nil, err
-	}
+	return tokenInfo.User, nil
+}
 
+func (s *authHandler) getUserFromIDToken(idToken *oidc.IDToken) (*User, error) {
 	var profile map[string]interface{}
 	if err := idToken.Claims(&profile); err != nil {
 		return nil, err

From 3e43e0c3d8764b3d1fa93e1d65cb32002c751183 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Aug 2023 16:08:56 +0200
Subject: [PATCH 1441/2268] fix: Properly display configuration alert

---
 pkg/webui/ui/src/components/targets-view/TargetItem.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index b68beff0e..6286808c3 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -403,10 +403,10 @@ class TargetItemCardProvider implements SidePanelProvider {
             }
         }
 
-        return <>
+        return <Box>
             {errorHeader}
             <PropertiesTable properties={props}/>
-        </>
+        </Box>
     }
 
     getTargetName() {

From ac5358e79406ebdb21e97a8df910392dacf79891 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 15 Aug 2023 16:09:17 +0200
Subject: [PATCH 1442/2268] feat: Implement Oauth2/OIDC token refresh

---
 pkg/webui/auth_oidc.go | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index 046b16ef6..a7cd0cd08 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -149,6 +149,18 @@ func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
 	c.Redirect(http.StatusTemporaryRedirect, "/")
 }
 
+func (s *authHandler) oidcRefresh(c *gin.Context, session sessions.Session, tokenInfo *oidcTokenInfo) error {
+	ts := s.oauth2Config.TokenSource(c, &oauth2.Token{
+		RefreshToken: tokenInfo.RefreshToken,
+	})
+	newToken, err := ts.Token()
+	if err != nil {
+		return err
+	}
+
+	return s.storeToken(c, session, newToken)
+}
+
 func (s *authHandler) generateRandomState() (string, error) {
 	b := make([]byte, 32)
 	_, err := rand.Read(b)
@@ -173,6 +185,23 @@ func (s *authHandler) getUserFromOidcTokenInfo(c *gin.Context, allowRefresh bool
 		return nil, nil
 	}
 
+	if tokenInfo.Expiry.Before(time.Now().Add(10 * time.Minute)) {
+		if !allowRefresh {
+			return nil, fmt.Errorf("token expired")
+		}
+
+		err := s.oidcRefresh(c, session, &tokenInfo)
+		if err != nil {
+			return nil, err
+		}
+
+		err = session.Save()
+		if err != nil {
+			return nil, err
+		}
+		return s.getUserFromOidcTokenInfo(c, false)
+	}
+
 	return tokenInfo.User, nil
 }
 

From 9fab2e13704e48d48d4e53fd87c2ba071da5d349 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Aug 2023 22:07:26 +0200
Subject: [PATCH 1443/2268] feat: Implement manually approved deployments

---
 api/v1beta1/kluctldeployment_types.go         |  17 +++
 api/v1beta1/zz_generated.deepcopy.go          |  10 ++
 .../gitops.kluctl.io_kluctldeployments.yaml   |  16 +++
 .../reference/gitops/api/kluctl-controller.md |  71 +++++++++++++
 install/controller/controller/crd.yaml        |  16 +++
 pkg/controllers/kluctl_project.go             |  20 ++--
 .../kluctldeployment_controller.go            |  22 +++-
 pkg/types/result/command_result.go            |   3 +-
 pkg/types/result/command_result_summary.go    |  39 +++----
 pkg/types/result/validate_result.go           |  57 +++++-----
 pkg/utils/utils.go                            |  10 ++
 pkg/webui/server.go                           |  22 ++++
 pkg/webui/ui/src/api.tsx                      |  14 +++
 .../ui/src/components/targets-view/Card.tsx   |  20 +++-
 .../targets-view/CommandResultItem.tsx        | 100 ++++++++++++++++--
 .../components/targets-view/TargetItem.tsx    |  14 +++
 .../components/targets-view/TargetsView.tsx   |   3 +
 pkg/webui/ui/src/models.ts                    |   8 ++
 18 files changed, 389 insertions(+), 73 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index d92d5f04f..00040b116 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -209,6 +209,20 @@ type KluctlDeploymentSpec struct {
 	// +kubebuilder:default:=false
 	// +optional
 	Delete bool `json:"delete,omitempty"`
+
+	// Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment
+	// and only after manual approval cause a real deployment
+	// +optional
+	Manual bool `json:"manual,omitempty"`
+
+	// ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment.
+	// If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated
+	// objects hash does not match this value.
+	// There are two ways to use this value properly.
+	// 1. Set it manually to the value found in status.lastObjectsHash.
+	// 2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.
+	// +optional
+	ManualObjectsHash *string `json:"manualObjectsHash,omitempty"`
 }
 
 // GetRetryInterval returns the retry interval
@@ -349,6 +363,9 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastObjectsHash string `json:"lastObjectsHash,omitempty"`
 
+	// +optional
+	LastManualObjectsHash *string `json:"lastManualObjectsHash,omitempty"`
+
 	// +optional
 	LastPrepareError string `json:"lastPrepareError,omitempty"`
 	// +optional
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index af4396967..f1f1237ec 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -222,6 +222,11 @@ func (in *KluctlDeploymentSpec) DeepCopyInto(out *KluctlDeploymentSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ManualObjectsHash != nil {
+		in, out := &in.ManualObjectsHash, &out.ManualObjectsHash
+		*out = new(string)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentSpec.
@@ -254,6 +259,11 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 		*out = new(result.TargetKey)
 		**out = **in
 	}
+	if in.LastManualObjectsHash != nil {
+		in, out := &in.LastManualObjectsHash, &out.LastManualObjectsHash
+		*out = new(string)
+		**out = **in
+	}
 	if in.LastDeployResult != nil {
 		in, out := &in.LastDeployResult, &out.LastDeployResult
 		*out = new(runtime.RawExtension)
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index c7de9380f..7cfac3613 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -265,6 +265,20 @@ spec:
                     - name
                     type: object
                 type: object
+              manual:
+                description: Manual enables manual deployments, meaning that the deployment
+                  will initially start as a dry run deployment and only after manual
+                  approval cause a real deployment
+                type: boolean
+              manualObjectsHash:
+                description: ManualObjectsHash specifies the rendered objects hash
+                  that is approved for manual deployment. If Manual is set to true,
+                  the controller will skip deployments when the current reconciliation
+                  loops calculated objects hash does not match this value. There are
+                  two ways to use this value properly. 1. Set it manually to the value
+                  found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually
+                  approve a deployment, which will set this field appropriately.
+                type: string
               noWait:
                 default: false
                 description: NoWait instructs kluctl to not wait for any resources
@@ -493,6 +507,8 @@ spec:
                 type: string
               lastHandledValidateAt:
                 type: string
+              lastManualObjectsHash:
+                type: string
               lastObjectsHash:
                 type: string
               lastPrepareError:
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index 06f86660b..9b25be399 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -622,6 +622,36 @@ bool
 <p>Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>manual</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment
+and only after manual approval cause a real deployment</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>manualObjectsHash</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment.
+If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated
+objects hash does not match this value.
+There are two ways to use this value properly.
+1. Set it manually to the value found in status.lastObjectsHash.
+2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -1063,6 +1093,36 @@ bool
 <p>Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>manual</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment
+and only after manual approval cause a real deployment</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>manualObjectsHash</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment.
+If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated
+objects hash does not match this value.
+There are two ways to use this value properly.
+1. Set it manually to the value found in status.lastObjectsHash.
+2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
@@ -1191,6 +1251,17 @@ string
 </tr>
 <tr>
 <td>
+<code>lastManualObjectsHash</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastPrepareError</code><br>
 <em>
 string
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index a3504e657..376001a3f 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -265,6 +265,20 @@ spec:
                     - name
                     type: object
                 type: object
+              manual:
+                description: Manual enables manual deployments, meaning that the deployment
+                  will initially start as a dry run deployment and only after manual
+                  approval cause a real deployment
+                type: boolean
+              manualObjectsHash:
+                description: ManualObjectsHash specifies the rendered objects hash
+                  that is approved for manual deployment. If Manual is set to true,
+                  the controller will skip deployments when the current reconciliation
+                  loops calculated objects hash does not match this value. There are
+                  two ways to use this value properly. 1. Set it manually to the value
+                  found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually
+                  approve a deployment, which will set this field appropriately.
+                type: string
               noWait:
                 default: false
                 description: NoWait instructs kluctl to not wait for any resources
@@ -493,6 +507,8 @@ spec:
                 type: string
               lastHandledValidateAt:
                 type: string
+              lastManualObjectsHash:
+                type: string
               lastObjectsHash:
                 type: string
               lastPrepareError:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 282750831..f5ea84980 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -654,7 +654,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string) error {
+func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -668,6 +668,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		Name:      pt.pp.obj.Name,
 		Namespace: pt.pp.obj.Namespace,
 	}
+	cmdResult.RenderedObjectsHash = objectsHash
 
 	var err error
 	cmdResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
@@ -724,7 +725,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
-func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string) error {
+func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -737,6 +738,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 		Name:      pt.pp.obj.Name,
 		Namespace: pt.pp.obj.Namespace,
 	}
+	validateResult.RenderedObjectsHash = objectsHash
 
 	var err error
 	validateResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
@@ -755,7 +757,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -769,28 +771,28 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.WaitPrune = false
 
 	cmdResult, err := cmd.Run(nil)
-	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId, objectsHash)
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
 	cmdResult, err := cmd.Run()
-	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId, objectsHash)
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string) (*result.ValidateResult, error) {
+func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string, objectsHash string) (*result.ValidateResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
 	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
 
 	validateResult, err := cmd.Run(ctx)
-	err = pt.handleValidateResult(ctx, err, validateResult, crId)
+	err = pt.handleValidateResult(ctx, err, validateResult, crId, objectsHash)
 	return validateResult, err
 }
 
@@ -839,7 +841,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	cmdResult.TargetKey.Discriminator = discriminator
 	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
 
-	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId, "")
 	return cmdResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index fbc4d2984..95641d8c1 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -13,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -326,6 +327,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
 		// either never deployed or source code changed
 		needDeploy = true
+	} else if obj.Spec.Manual && !utils.StrPtrEquals(obj.Status.LastManualObjectsHash, obj.Spec.ManualObjectsHash) {
+		// approval hash was changed
+		needDeploy = true
 	} else if curDeployRequest != "" && oldDeployRequest != curDeployRequest {
 		// explicitly requested a deploy
 		needDeploy = true
@@ -340,6 +344,17 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
+	if needDeploy && obj.Spec.Manual {
+		log.Info("checking manual object hash")
+		if obj.Spec.ManualObjectsHash == nil || *obj.Spec.ManualObjectsHash != objectsHash {
+			log.Info("deployment is not approved", "manualObjectsHash", obj.Spec.ManualObjectsHash, "objectsHash", objectsHash)
+			targetContext.Params.DryRun = true
+			targetContext.SharedContext.K.DryRun = true
+		} else {
+			log.Info("deployment is approved", "objectsHash", objectsHash)
+		}
+	}
+
 	if obj.Spec.Validate {
 		if obj.Status.LastValidateResult == nil || needDeploy {
 			// either never validated before or a deployment requested (which required re-validation)
@@ -359,6 +374,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	obj.Status.LastObjectsHash = objectsHash
+	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 
 	var deployResult *result.CommandResult
 	if needDeploy {
@@ -368,13 +384,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId)
+			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
 			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId)
+			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash)
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}
@@ -389,7 +405,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId)
+		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId, objectsHash)
 		err = obj.Status.SetLastValidateResult(validateResult, err)
 		if err != nil {
 			log.Error(err, "Failed to write validate result")
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index df358b324..c450ca6c2 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -136,7 +136,8 @@ type CommandResult struct {
 	ClusterInfo      ClusterInfo                    `json:"clusterInfo"`
 	Deployment       *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
-	Objects []ResultObject `json:"objects,omitempty"`
+	RenderedObjectsHash string         `json:"renderedObjectsHash,omitempty"`
+	Objects             []ResultObject `json:"objects,omitempty"`
 
 	Errors     []DeploymentError  `json:"errors,omitempty"`
 	Warnings   []DeploymentError  `json:"warnings,omitempty"`
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index 535ed2353..4c2b4aaae 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -14,6 +14,8 @@ type CommandResultSummary struct {
 	GitInfo          GitInfo               `json:"gitInfo,omitempty"`
 	ClusterInfo      ClusterInfo           `json:"clusterInfo,omitempty"`
 
+	RenderedObjectsHash string `json:"renderedObjectsHash,omitempty"`
+
 	RenderedObjects    int `json:"renderedObjects"`
 	RemoteObjects      int `json:"remoteObjects"`
 	AppliedObjects     int `json:"appliedObjects"`
@@ -46,24 +48,25 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 	}
 
 	ret := &CommandResultSummary{
-		Id:                 cr.Id,
-		ProjectKey:         cr.ProjectKey,
-		TargetKey:          cr.TargetKey,
-		Target:             cr.Target,
-		Command:            cr.Command,
-		KluctlDeployment:   cr.KluctlDeployment,
-		GitInfo:            cr.GitInfo,
-		ClusterInfo:        cr.ClusterInfo,
-		RenderedObjects:    count(func(o ResultObject) bool { return o.Rendered != nil }),
-		RemoteObjects:      count(func(o ResultObject) bool { return o.Remote != nil }),
-		AppliedObjects:     count(func(o ResultObject) bool { return o.Applied != nil }),
-		AppliedHookObjects: count(func(o ResultObject) bool { return o.Hook }),
-		NewObjects:         count(func(o ResultObject) bool { return o.New }),
-		ChangedObjects:     count(func(o ResultObject) bool { return len(o.Changes) != 0 }),
-		OrphanObjects:      count(func(o ResultObject) bool { return o.Orphan }),
-		DeletedObjects:     count(func(o ResultObject) bool { return o.Deleted }),
-		Errors:             cr.Errors,
-		Warnings:           cr.Warnings,
+		Id:                  cr.Id,
+		ProjectKey:          cr.ProjectKey,
+		TargetKey:           cr.TargetKey,
+		Target:              cr.Target,
+		Command:             cr.Command,
+		KluctlDeployment:    cr.KluctlDeployment,
+		GitInfo:             cr.GitInfo,
+		ClusterInfo:         cr.ClusterInfo,
+		RenderedObjectsHash: cr.RenderedObjectsHash,
+		RenderedObjects:     count(func(o ResultObject) bool { return o.Rendered != nil }),
+		RemoteObjects:       count(func(o ResultObject) bool { return o.Remote != nil }),
+		AppliedObjects:      count(func(o ResultObject) bool { return o.Applied != nil }),
+		AppliedHookObjects:  count(func(o ResultObject) bool { return o.Hook }),
+		NewObjects:          count(func(o ResultObject) bool { return o.New }),
+		ChangedObjects:      count(func(o ResultObject) bool { return len(o.Changes) != 0 }),
+		OrphanObjects:       count(func(o ResultObject) bool { return o.Orphan }),
+		DeletedObjects:      count(func(o ResultObject) bool { return o.Deleted }),
+		Errors:              cr.Errors,
+		Warnings:            cr.Warnings,
 	}
 	for _, o := range cr.Objects {
 		ret.TotalChanges += len(o.Changes)
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index 26a0d149b..a1118f623 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -12,26 +12,28 @@ type ValidateResultEntry struct {
 }
 
 type ValidateResult struct {
-	Id               string                `json:"id"`
-	ProjectKey       ProjectKey            `json:"projectKey"`
-	TargetKey        TargetKey             `json:"targetKey"`
-	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
-	StartTime        metav1.Time           `json:"startTime"`
-	EndTime          metav1.Time           `json:"endTime"`
-	Ready            bool                  `json:"ready"`
-	Warnings         []DeploymentError     `json:"warnings,omitempty"`
-	Errors           []DeploymentError     `json:"errors,omitempty"`
-	Results          []ValidateResultEntry `json:"results,omitempty"`
+	Id                  string                `json:"id"`
+	ProjectKey          ProjectKey            `json:"projectKey"`
+	TargetKey           TargetKey             `json:"targetKey"`
+	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
+	StartTime           metav1.Time           `json:"startTime"`
+	EndTime             metav1.Time           `json:"endTime"`
+	Ready               bool                  `json:"ready"`
+	Warnings            []DeploymentError     `json:"warnings,omitempty"`
+	Errors              []DeploymentError     `json:"errors,omitempty"`
+	Results             []ValidateResultEntry `json:"results,omitempty"`
 }
 
 type ValidateResultSummary struct {
-	Id               string                `json:"id"`
-	ProjectKey       ProjectKey            `json:"projectKey"`
-	TargetKey        TargetKey             `json:"targetKey"`
-	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
-	StartTime        metav1.Time           `json:"startTime"`
-	EndTime          metav1.Time           `json:"endTime"`
-	Ready            bool                  `json:"ready"`
+	Id                  string                `json:"id"`
+	ProjectKey          ProjectKey            `json:"projectKey"`
+	TargetKey           TargetKey             `json:"targetKey"`
+	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
+	StartTime           metav1.Time           `json:"startTime"`
+	EndTime             metav1.Time           `json:"endTime"`
+	Ready               bool                  `json:"ready"`
 
 	Warnings int `json:"warnings"`
 	Errors   int `json:"errors"`
@@ -40,15 +42,16 @@ type ValidateResultSummary struct {
 
 func (vr *ValidateResult) BuildSummary() ValidateResultSummary {
 	return ValidateResultSummary{
-		Id:               vr.Id,
-		ProjectKey:       vr.ProjectKey,
-		TargetKey:        vr.TargetKey,
-		KluctlDeployment: vr.KluctlDeployment,
-		StartTime:        vr.StartTime,
-		EndTime:          vr.EndTime,
-		Ready:            vr.Ready,
-		Warnings:         len(vr.Warnings),
-		Errors:           len(vr.Errors),
-		Results:          len(vr.Results),
+		Id:                  vr.Id,
+		ProjectKey:          vr.ProjectKey,
+		TargetKey:           vr.TargetKey,
+		KluctlDeployment:    vr.KluctlDeployment,
+		RenderedObjectsHash: vr.RenderedObjectsHash,
+		StartTime:           vr.StartTime,
+		EndTime:             vr.EndTime,
+		Ready:               vr.Ready,
+		Warnings:            len(vr.Warnings),
+		Errors:              len(vr.Errors),
+		Results:             len(vr.Results),
 	}
 }
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 97b9d781d..345291931 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -45,3 +45,13 @@ func ParseBoolOrFalse(s *string) bool {
 func StrPtr(s string) *string {
 	return &s
 }
+
+func StrPtrEquals(s1 *string, s2 *string) bool {
+	if s1 == nil && s2 == nil {
+		return true
+	}
+	if (s1 == nil) != (s2 == nil) {
+		return false
+	}
+	return *s1 == *s2
+}
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 7f9f48a25..85b0655ee 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -126,6 +126,7 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 	api.POST("/reconcileNow", s.reconcileNow)
 	api.POST("/deployNow", s.deployNow)
 	api.POST("/setSuspended", s.setSuspended)
+	api.POST("/setManualObjectsHash", s.setManualObjectsHash)
 
 	err = s.events.startEventsWatcher()
 	if err != nil {
@@ -535,3 +536,24 @@ func (s *CommandResultsServer) setSuspended(c *gin.Context) {
 		return nil
 	})
 }
+
+func (s *CommandResultsServer) setManualObjectsHash(c *gin.Context) {
+	var params struct {
+		KluctlDeploymentParam
+		ObjectsHash string `json:"objectsHash"`
+	}
+	err := c.Bind(&params)
+	if err != nil {
+		_ = c.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
+	s.doModifyKluctlDeployment(c, params.Cluster, params.Name, params.Namespace, func(obj *kluctlv1.KluctlDeployment) error {
+		if params.ObjectsHash == "" {
+			obj.Spec.ManualObjectsHash = nil
+		} else {
+			obj.Spec.ManualObjectsHash = &params.ObjectsHash
+		}
+		return nil
+	})
+}
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index c97a5c6f3..9bafe1ab0 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -45,6 +45,7 @@ export interface Api {
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
     setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response>
+    setManualObjectsHash(cluster: string, name: string, namespace: string, objectsHash: string): Promise<Response>
     watchLogs(cluster: string | undefined, name: string | undefined, namespace: string | undefined, reconcileId: string | undefined, handle: (lines: any[]) => void): () => void
 }
 
@@ -238,6 +239,15 @@ export class RealApi implements Api {
         })
     }
 
+    async setManualObjectsHash(cluster: string, name: string, namespace: string, objectsHash: string): Promise<Response> {
+        return this.doPost("/api/setManualObjectsHash", {
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
+            "objectsHash": objectsHash,
+        })
+    }
+
     watchLogs(cluster: string | undefined, name: string | undefined, namespace: string | undefined, reconcileId: string | undefined, handle: (lines: any[]) => void): () => void {
         const params = new URLSearchParams()
         if (cluster) params.set("cluster", cluster)
@@ -349,6 +359,10 @@ export class StaticApi implements Api {
         throw new Error("not implemented")
     }
 
+    setManualObjectsHash(cluster: string, name: string, namespace: string, objectsHash: string): Promise<Response> {
+        throw new Error("not implemented")
+    }
+
     watchLogs(cluster: string, name: string, namespace: string, reconcileId: string, handle: (lines: any[]) => void): () => void {
         return () => {}
     }
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index 9a9c6fc77..e9ba4302d 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -10,16 +10,26 @@ export const projectCardMinHeight = 80;
 export const cardHeight = 126;
 export const cardGap = 20;
 
-export const CardPaper = React.forwardRef((props: PaperProps, ref: React.ForwardedRef<HTMLDivElement>) => {
-    const { sx, ...rest } = props;
+interface CardPaperProps extends PaperProps {
+    glow?: boolean
+}
+
+export const CardPaper = React.forwardRef((props: CardPaperProps, ref: React.ForwardedRef<HTMLDivElement>) => {
+    const { glow, sx, ...rest } = props;
+    let border = `1px solid #59A588`
+    let boxShadow = `4px 4px 10px #1E617A`
+    if (glow) {
+        border = `1px solid lightyellow`
+        boxShadow = `0px 0px 40px lightyellow`
+    }
     return <Paper
         elevation={5}
         sx={{
             width: '100%',
             height: '100%',
             borderRadius: '12px',
-            border: '1px solid #59A588',
-            boxShadow: '4px 4px 10px #1E617A',
+            border: border,
+            boxShadow: boxShadow,
             flexShrink: 0,
             position: 'relative',
             ...sx
@@ -40,7 +50,7 @@ export function CardRow(props: BoxProps) {
 }
 
 export const CardTemplate = React.forwardRef((props: {
-    paperProps?: PaperProps,
+    paperProps?: CardPaperProps,
     boxProps?: BoxProps,
     icon?: React.ReactNode,
     iconTooltip?: React.ReactNode,
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index 3aa3b51a4..dc0a8f258 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -7,13 +7,15 @@ import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine"
 import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { CardBody, CardTemplate } from "./Card";
-import { ApiContext, AppContext } from "../App";
+import { ApiContext, AppContext, UserContext } from "../App";
 import { Loading } from "../Loading";
 import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { ErrorMessage } from "../ErrorMessage";
 import { Api } from "../../api";
 import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
 import { Since } from "../Since";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { LiveHelp, RocketLaunch } from "@mui/icons-material";
 
 async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
     const r = await api.getCommandResult(rs.id);
@@ -86,8 +88,70 @@ export const CommandResultItemBody = React.memo((props: {
     return <CardBody provider={node} />
 });
 
+const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
+    const api = useContext(ApiContext)
+    const user = useContext(UserContext)
+    const handleApprove = (approve: boolean) => {
+        if (!props.ts.kdInfo || !props.ts.kd) {
+            return
+        }
+        if (approve) {
+            if (!props.rs.renderedObjectsHash) {
+                return
+            }
+            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
+        } else {
+            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
+        }
+    }
+
+    if (!user?.isAdmin || !props.ts.kd?.deployment.spec.manual) {
+        return <></>
+    }
+    if (props.rs.id !== props.ts.commandResults[0].id) {
+        return <></>
+    }
+
+    if (!props.rs.commandInfo.dryRun || !props.rs.renderedObjectsHash) {
+        return <></>
+    }
+
+    console.log(props.ts.kd.deployment.spec.manualObjectsHash, props.rs.renderedObjectsHash)
+    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.rs.renderedObjectsHash
+
+    let icon: React.ReactElement
+    let tooltip: string
+    if (!isApproved) {
+        tooltip = "Click here to trigger this manual deployment."
+        icon = <RocketLaunch color={"info"}/>
+    } else {
+        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
+        icon = <RocketLaunch color={"success"}/>
+    }
+    return <Box display='flex' gap='6px' alignItems='center' height='39px'>
+        <IconButton
+            onClick={e => {
+                e.stopPropagation();
+                handleApprove(!isApproved)
+            }}
+            sx={{
+                padding: 0,
+                width: 26,
+                height: 26
+            }}
+        >
+            <Tooltip title={tooltip}>
+                <Box display='flex'>{icon}</Box>
+            </Tooltip>
+        </IconButton>
+    </Box>
+}
+
 export const CommandResultItem = React.memo(React.forwardRef((
     props: {
+        current: boolean,
+        ps: ProjectSummary,
+        ts: TargetSummary,
         rs: CommandResultSummary,
         onSelectCommandResult?: (rs: CommandResultSummary) => void,
         sx?: SxProps<Theme>,
@@ -107,22 +171,36 @@ export const CommandResultItem = React.memo(React.forwardRef((
     } = props;
     const navigate = useNavigate();
 
-    let Icon: () => JSX.Element = DiffIcon
+    let icon: React.ReactElement
+    let cardGlow = false
+    let header = rs.commandInfo?.command
     switch (rs.commandInfo?.command) {
+        default:
+            icon = <DiffIcon/>
+            break
         case "delete":
-            Icon = PruneIcon
+            icon = <PruneIcon/>
             break
         case "deploy":
-            Icon = DeployIcon
+            if (props.ts.kd?.deployment.spec.manual && rs.commandInfo.dryRun && props.current) {
+                icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
+                cardGlow = true
+                header = "manual deploy"
+            } else if (rs.commandInfo.dryRun) {
+                icon = <DeployIcon/>
+                header = "dry-run deploy"
+            } else {
+                icon = <DeployIcon/>
+            }
             break
         case "diff":
-            Icon = DiffIcon
+            icon = <DiffIcon/>
             break
         case "poke-images":
-            Icon = DeployIcon
+            icon = <DeployIcon/>
             break
         case "prune":
-            Icon = PruneIcon
+            icon = <PruneIcon/>
             break
     }
 
@@ -142,19 +220,21 @@ export const CommandResultItem = React.memo(React.forwardRef((
                 padding: '20px 16px 5px 16px',
                 ...sx,
             },
+            glow: cardGlow,
             onClick: () => onSelectCommandResult?.(rs)
         }}
-        icon={<Icon />}
+        icon={icon}
         iconTooltip={iconTooltip}
-        header={rs.commandInfo?.command}
+        header={header}
         subheader={<Since startTime={new Date(rs.commandInfo.startTime)}/>}
         subheaderTooltip={rs.commandInfo.startTime}
         body={body}
         footer={
             <>
-                <Box display='flex' gap='6px' alignItems='center'>
+                <Box display='flex' gap='6px' alignItems='center' flex={"1 1 auto"}>
                     <CommandResultStatusLine rs={rs} />
                 </Box>
+                <ApprovalIcon ts={props.ts} rs={props.rs}/>
                 <Box display='flex' gap='6px' alignItems='center' height='39px'>
                     <IconButton
                         onClick={e => {
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 6286808c3..9f462435e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -4,6 +4,7 @@ import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } fr
 import React, { useContext } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import {
+    Approval,
     Done,
     Error,
     Favorite,
@@ -15,6 +16,7 @@ import {
     PublishedWithChanges,
     RocketLaunch,
     SyncProblem,
+    Toys,
     Troubleshoot
 } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
@@ -290,6 +292,17 @@ export const TargetItem = React.memo(React.forwardRef((
     }
     const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
 
+    let dryRunApprovalIcon: React.ReactElement | undefined
+    if (kd?.deployment.spec.manual) {
+        dryRunApprovalIcon = <Tooltip title={"Deployment needs manual triggering"}>
+            <Box display='flex'><Approval/></Box>
+        </Tooltip>
+    } else if (kd?.deployment.spec.dryRun) {
+        dryRunApprovalIcon = <Tooltip title={"Deployment is in dry-run mode"}>
+            <Box display='flex'><Toys/></Box>
+        </Tooltip>
+    }
+
     const body = props.expanded ? <TargetItemBody ts={props.ts}/> : undefined;
 
     return <CardTemplate
@@ -317,6 +330,7 @@ export const TargetItem = React.memo(React.forwardRef((
                     <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
                         <Box display='flex'><FingerScanIcon/></Box>
                     </Tooltip>
+                    {dryRunApprovalIcon}
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <ReconcilingIcon {...props} />
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 5a149e14c..76b8098c8 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -306,6 +306,9 @@ export const TargetsView = () => {
                                             getKey={cd => cd.id}
                                             renderCard={(cardData, expanded, current) => {
                                                 return <CommandResultItem
+                                                    current={current}
+                                                    ps={ps}
+                                                    ts={ts}
                                                     rs={cardData}
                                                     expanded={expanded}
                                                     loadData={current}
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index cb26d5b59..7a474f5e8 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -626,6 +626,7 @@ export class CommandResult {
     gitInfo?: GitInfo;
     clusterInfo: ClusterInfo;
     deployment?: DeploymentProjectConfig;
+    renderedObjectsHash?: string;
     objects?: ResultObject[];
     errors?: DeploymentError[];
     warnings?: DeploymentError[];
@@ -642,6 +643,7 @@ export class CommandResult {
         this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
         this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
         this.deployment = this.convertValues(source["deployment"], DeploymentProjectConfig);
+        this.renderedObjectsHash = source["renderedObjectsHash"];
         this.objects = this.convertValues(source["objects"], ResultObject);
         this.errors = this.convertValues(source["errors"], DeploymentError);
         this.warnings = this.convertValues(source["warnings"], DeploymentError);
@@ -675,6 +677,7 @@ export class CommandResultSummary {
     kluctlDeployment?: KluctlDeploymentInfo;
     gitInfo?: GitInfo;
     clusterInfo?: ClusterInfo;
+    renderedObjectsHash?: string;
     renderedObjects: number;
     remoteObjects: number;
     appliedObjects: number;
@@ -697,6 +700,7 @@ export class CommandResultSummary {
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
         this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
         this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
+        this.renderedObjectsHash = source["renderedObjectsHash"];
         this.renderedObjects = source["renderedObjects"];
         this.remoteObjects = source["remoteObjects"];
         this.appliedObjects = source["appliedObjects"];
@@ -763,6 +767,7 @@ export class ValidateResult {
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
+    renderedObjectsHash?: string;
     startTime: string;
     endTime: string;
     ready: boolean;
@@ -776,6 +781,7 @@ export class ValidateResult {
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.renderedObjectsHash = source["renderedObjectsHash"];
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];
         this.ready = source["ready"];
@@ -807,6 +813,7 @@ export class ValidateResultSummary {
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
+    renderedObjectsHash?: string;
     startTime: string;
     endTime: string;
     ready: boolean;
@@ -820,6 +827,7 @@ export class ValidateResultSummary {
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.renderedObjectsHash = source["renderedObjectsHash"];
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];
         this.ready = source["ready"];

From bfbe09cd184c7624bd1b5417fdd59f1be1c70f3e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Aug 2023 22:08:38 +0200
Subject: [PATCH 1444/2268] fix: Collect result objects after fixing namespaces

---
 e2e/gitops_approval_test.go             | 48 +++++++++++++++++++++++++
 pkg/deployment/deployment_collection.go | 14 ++++++++
 pkg/deployment/deployment_item.go       |  8 ++++-
 pkg/k8s/k8s_cluster.go                  | 13 -------
 4 files changed, 69 insertions(+), 14 deletions(-)
 create mode 100644 e2e/gitops_approval_test.go

diff --git a/e2e/gitops_approval_test.go b/e2e/gitops_approval_test.go
new file mode 100644
index 000000000..b019a9ae4
--- /dev/null
+++ b/e2e/gitops_approval_test.go
@@ -0,0 +1,48 @@
+package e2e
+
+import (
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+)
+
+func (suite *GitopsTestSuite) TestGitOpsManualDeployment() {
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	addConfigMapDeployment(p, "d1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+
+	key := suite.createKluctlDeployment(p, "target1", nil)
+
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Manual = true
+	})
+	suite.waitForReconcile(key)
+
+	addConfigMapDeployment(p, "d2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	suite.Run("manual deployment not triggered", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.ManualObjectsHash = &kd.Status.LastObjectsHash
+	})
+
+	suite.Run("manual deployment triggered", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+}
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 9215f3a84..ae0379a62 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -284,6 +284,16 @@ func (c *DeploymentCollection) fixNamespaces() error {
 	return nil
 }
 
+func (c *DeploymentCollection) collectResultObjects() error {
+	for _, d := range c.Deployments {
+		err := d.collectResultObjects()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func (c *DeploymentCollection) buildNamespacedFromCRDs() map[schema.GroupKind]*bool {
 	namespacedFromCRDs := map[schema.GroupKind]*bool{}
 	for _, d := range c.Deployments {
@@ -361,6 +371,10 @@ func (c *DeploymentCollection) Prepare() error {
 	if err != nil {
 		return err
 	}
+	err = c.collectResultObjects()
+	if err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 2ced45b8f..928156e4e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -543,7 +543,6 @@ func (di *DeploymentItem) buildKustomize() error {
 		}
 		o := uo.FromMap(y)
 		di.Objects = append(di.Objects, o)
-		di.Config.RenderedObjects = append(di.Config.RenderedObjects, o.GetK8sRef())
 	}
 
 	return nil
@@ -580,6 +579,13 @@ func (di *DeploymentItem) postprocessObjects(images *Images) error {
 	return errs.ErrorOrNil()
 }
 
+func (di *DeploymentItem) collectResultObjects() error {
+	for _, o := range di.Objects {
+		di.Config.RenderedObjects = append(di.Config.RenderedObjects, o.GetK8sRef())
+	}
+	return nil
+}
+
 func (di *DeploymentItem) writeRenderedYaml() error {
 	if di.dir == nil {
 		return nil
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 19b2f4119..837aee5f0 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -445,19 +445,6 @@ func (k *K8sCluster) IsNamespaced(gvk schema.GroupVersionKind) *bool {
 	return &ret
 }
 
-func (k *K8sCluster) FixNamespaceInRef(ref k8s.ObjectRef) k8s.ObjectRef {
-	namespaced := k.IsNamespaced(ref.GroupVersionKind())
-	if namespaced == nil {
-		return ref
-	}
-	if !*namespaced && ref.Namespace != "" {
-		ref.Namespace = ""
-	} else if *namespaced && ref.Namespace == "" {
-		ref.Namespace = "default"
-	}
-	return ref
-}
-
 func (k *K8sCluster) GetSchemaForGVK(gvk schema.GroupVersionKind) (*uo.UnstructuredObject, error) {
 	rms, err := k.mapper.RESTMappings(gvk.GroupKind(), gvk.Version)
 	if err != nil {

From 492b361b83ea0adf3aa6e7301c819d1535ab064b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Aug 2023 22:40:47 +0200
Subject: [PATCH 1445/2268] feat: Don't store empty command results

---
 pkg/controllers/kluctl_project.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index f5ea84980..3fbd787f7 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -679,7 +679,17 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
 	cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
 
-	if pt.pp.r.ResultStore != nil {
+	summary := cmdResult.BuildSummary()
+	needStore := summary.NewObjects != 0 ||
+		summary.ChangedObjects != 0 ||
+		summary.OrphanObjects != 0 ||
+		summary.DeletedObjects != 0 ||
+		len(summary.Errors) != 0 ||
+		len(summary.Warnings) != 0
+
+	if !needStore {
+		log.Info("skipping storing of empty command result")
+	} else if pt.pp.r.ResultStore != nil {
 		log.Info(fmt.Sprintf("Writing command result %s", cmdResult.Id))
 		err = pt.pp.r.ResultStore.WriteCommandResult(cmdResult)
 		if err != nil {
@@ -687,8 +697,6 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		}
 	}
 
-	summary := cmdResult.BuildSummary()
-
 	log.Info(fmt.Sprintf("command finished with err=%v", cmdErr))
 	defer pt.exportCommandResultMetricsToProm(summary)
 

From b2413a5d2a2f6c270c8a9ceb8126d3fa6cdf0e49 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Aug 2023 23:06:14 +0200
Subject: [PATCH 1446/2268] docs: Add docs for spec.manual

---
 .../reference/gitops/spec/v1beta1/kluctldeployment.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
index 18e3a4b79..af10a0189 100644
--- a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
@@ -30,6 +30,7 @@ spec:
   context: default
   prune: true
   delete: true
+  manual: true
 ```
 
 In the above example a KluctlDeployment is being created that defines the deployment based on the Kluctl project.
@@ -130,6 +131,16 @@ successful deployment.
 To enable deletion, set `spec.delete` to `true`. This will cause the controller to run `kluctl delete` when the
 KluctlDeployment gets deleted.
 
+### manual
+
+`spec.manual` enables manually approved/triggered deployments. This means, that deployments are performed in dry-run
+mode until the most recent deployment is approved. 
+
+This feature is most useful in combination with the Kluctl Webui, which offers a visualisation and proper actions
+for this feature.
+
+Internally, approval happens by setting `spec.manualObjectsHash` to the objects hash of the approved command result.
+
 ### args
 `spec.args` is an object representing [arguments](../../../kluctl-project/#args)
 passed to the deployment. Example:

From a86ddcf30a89fde2f79b70ebba71e88234a227f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 16 Aug 2023 23:19:28 +0200
Subject: [PATCH 1447/2268] tests: Allow non-existent command results when no
 errors are expected

---
 e2e/gitops_errors_test.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 0c56bd76c..dce75bf79 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -52,10 +52,11 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
 		Id: lastDeployResult.Id,
 	})
-	g.Expect(err).To(Succeed())
-
-	g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
-	g.Expect(cr.Warnings).To(ConsistOf(expectedWarnings))
+	if len(expectedErrors) != 0 || len(expectedWarnings) != 0 {
+		g.Expect(err).To(Succeed())
+		g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
+		g.Expect(cr.Warnings).To(ConsistOf(expectedWarnings))
+	}
 
 	g.Expect(lastDeployResult.Errors).To(ConsistOf(expectedErrors))
 	g.Expect(lastDeployResult.Warnings).To(ConsistOf(expectedWarnings))

From bc36064108fdcf0fcd8b9b3338c1eadcaa8f30b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Aug 2023 07:34:38 +0200
Subject: [PATCH 1448/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azidentity (#735)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.0...sdk/azcore/v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  5 +++--
 go.sum | 10 ++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 563f1675b..87714b52d 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.20.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
@@ -95,7 +95,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@@ -154,6 +154,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
diff --git a/go.sum b/go.sum
index 5979e45d0..1b745d17e 100644
--- a/go.sum
+++ b/go.sum
@@ -57,8 +57,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
@@ -69,8 +69,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -363,6 +363,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=

From af13ba23d5607a5e2fae0ba22377ab9ce51a0a7c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 10:39:08 +0200
Subject: [PATCH 1449/2268] fix: Properly handle all combinations dryRun and
 manual

---
 .../targets-view/CommandResultItem.tsx        | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
index dc0a8f258..a025ee8e9 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
@@ -105,7 +105,7 @@ const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
         }
     }
 
-    if (!user?.isAdmin || !props.ts.kd?.deployment.spec.manual) {
+    if (!user?.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
         return <></>
     }
     if (props.rs.id !== props.ts.commandResults[0].id) {
@@ -116,7 +116,6 @@ const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
         return <></>
     }
 
-    console.log(props.ts.kd.deployment.spec.manualObjectsHash, props.rs.renderedObjectsHash)
     const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.rs.renderedObjectsHash
 
     let icon: React.ReactElement
@@ -182,13 +181,15 @@ export const CommandResultItem = React.memo(React.forwardRef((
             icon = <PruneIcon/>
             break
         case "deploy":
-            if (props.ts.kd?.deployment.spec.manual && rs.commandInfo.dryRun && props.current) {
-                icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
-                cardGlow = true
-                header = "manual deploy"
-            } else if (rs.commandInfo.dryRun) {
-                icon = <DeployIcon/>
-                header = "dry-run deploy"
+            if (rs.commandInfo.dryRun) {
+                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
+                    icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
+                    cardGlow = true
+                    header = "manual deploy"
+                } else {
+                    icon = <DeployIcon/>
+                    header = "dry-run deploy"
+                }
             } else {
                 icon = <DeployIcon/>
             }

From c0b44e6132d2160925b82faa249d46f1d7a22119 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 11:22:26 +0200
Subject: [PATCH 1450/2268] docs: Small fix in CRD documentation

---
 api/v1beta1/kluctldeployment_types.go                    | 4 ++--
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 7 ++++---
 docs/reference/gitops/api/kluctl-controller.md           | 4 ++--
 install/controller/controller/crd.yaml                   | 7 ++++---
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 00040b116..28a407399 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -373,12 +373,12 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastValidateError string `json:"lastValidateError,omitempty"`
 
-	// LastDeployResult is the result of the last deploy command
+	// LastDeployResult is the result summary of the last deploy command
 	// +optional
 	// +kubebuilder:pruning:PreserveUnknownFields
 	LastDeployResult *runtime.RawExtension `json:"lastDeployResult,omitempty"`
 
-	// LastValidateResult is the result of the last validate command
+	// LastValidateResult is the result summary of the last validate command
 	// +optional
 	LastValidateResult *runtime.RawExtension `json:"lastValidateResult,omitempty"`
 }
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 7cfac3613..cc66f9a42 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -495,7 +495,8 @@ spec:
               lastDeployError:
                 type: string
               lastDeployResult:
-                description: LastDeployResult is the result of the last deploy command
+                description: LastDeployResult is the result summary of the last deploy
+                  command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastHandledDeployAt:
@@ -516,8 +517,8 @@ spec:
               lastValidateError:
                 type: string
               lastValidateResult:
-                description: LastValidateResult is the result of the last validate
-                  command
+                description: LastValidateResult is the result summary of the last
+                  validate command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               observedCommit:
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/reference/gitops/api/kluctl-controller.md
index 9b25be399..ef67bb47a 100644
--- a/docs/reference/gitops/api/kluctl-controller.md
+++ b/docs/reference/gitops/api/kluctl-controller.md
@@ -1302,7 +1302,7 @@ k8s.io/apimachinery/pkg/runtime.RawExtension
 </td>
 <td>
 <em>(Optional)</em>
-<p>LastDeployResult is the result of the last deploy command</p>
+<p>LastDeployResult is the result summary of the last deploy command</p>
 </td>
 </tr>
 <tr>
@@ -1314,7 +1314,7 @@ k8s.io/apimachinery/pkg/runtime.RawExtension
 </td>
 <td>
 <em>(Optional)</em>
-<p>LastValidateResult is the result of the last validate command</p>
+<p>LastValidateResult is the result summary of the last validate command</p>
 </td>
 </tr>
 </tbody>
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 376001a3f..633574abe 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -495,7 +495,8 @@ spec:
               lastDeployError:
                 type: string
               lastDeployResult:
-                description: LastDeployResult is the result of the last deploy command
+                description: LastDeployResult is the result summary of the last deploy
+                  command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastHandledDeployAt:
@@ -516,8 +517,8 @@ spec:
               lastValidateError:
                 type: string
               lastValidateResult:
-                description: LastValidateResult is the result of the last validate
-                  command
+                description: LastValidateResult is the result summary of the last
+                  validate command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               observedCommit:

From a47ef653763276bcb009556303739ae9d87093aa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 11:23:17 +0200
Subject: [PATCH 1451/2268] feat: Force storing of empty command results when a
 deployment was requested

---
 pkg/controllers/kluctl_project.go              | 16 ++++++++++------
 pkg/controllers/kluctldeployment_controller.go |  6 ++++--
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 3fbd787f7..bbf299b74 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -654,7 +654,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string, objectsHash string) error {
+func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string, objectsHash string, triggeredByRequest bool) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -686,6 +686,10 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 		summary.DeletedObjects != 0 ||
 		len(summary.Errors) != 0 ||
 		len(summary.Warnings) != 0
+	if !needStore && triggeredByRequest {
+		needStore = true
+		log.Info("forcing storing of empty command result because the deploy was requested")
+	}
 
 	if !needStore {
 		log.Info("skipping storing of empty command result")
@@ -765,7 +769,7 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -779,17 +783,17 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.WaitPrune = false
 
 	cmdResult, err := cmd.Run(nil)
-	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId, objectsHash)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId, objectsHash, triggeredByRequest)
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
 	cmdResult, err := cmd.Run()
-	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId, objectsHash)
+	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId, objectsHash, triggeredByRequest)
 	return cmdResult, err
 }
 
@@ -849,7 +853,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	cmdResult.TargetKey.Discriminator = discriminator
 	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
 
-	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId, "")
+	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId, "", false)
 	return cmdResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 95641d8c1..b559f53c5 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -322,6 +322,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	needDeploy := false
+	needDeployByRequest := false
 	needValidate := false
 
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
@@ -333,6 +334,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	} else if curDeployRequest != "" && oldDeployRequest != curDeployRequest {
 		// explicitly requested a deploy
 		needDeploy = true
+		needDeployByRequest = true
 	} else if oldGeneration != obj.GetGeneration() {
 		// spec has changed
 		needDeploy = true
@@ -384,13 +386,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash)
+			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
 		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
 			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
 			if patchErr != nil {
 				return nil, patchErr
 			}
-			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash)
+			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
 		} else {
 			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
 		}

From 8d5b7bf7ba121665fbede7b8b70080024969f4c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 11:49:21 +0200
Subject: [PATCH 1452/2268] feat: Show "sleeping" icon on emtpy results

---
 .../result-view/CommandResultStatusLine.tsx          | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
index 145266f67..6e121df68 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
@@ -2,6 +2,7 @@ import { CommandResultSummary, ValidateResult } from "../../models";
 import { Box, Tooltip, Typography } from "@mui/material";
 import React from "react";
 import { AddedIcon, ChangedIcon, ErrorIcon, OrphanIcon, TrashIcon, WarningIcon } from "../../icons/Icons";
+import { Hotel } from "@mui/icons-material";
 
 export interface StatusLineProps {
     errors?: number
@@ -49,6 +50,17 @@ export const StatusLine = (props: StatusLineProps) => {
 }
 
 export const CommandResultStatusLine = (props: { rs: CommandResultSummary }) => {
+    if (!props.rs.errors?.length &&
+        !props.rs.warnings?.length &&
+        !props.rs.changedObjects &&
+        !props.rs.newObjects &&
+        !props.rs.deletedObjects &&
+        !props.rs.orphanObjects
+    ) {
+        return <Tooltip title={"Result is empty"}>
+            <Hotel/>
+        </Tooltip>
+    }
     return <StatusLine errors={props.rs.errors?.length}
         warnings={props.rs.warnings?.length}
         changedObjects={props.rs.changedObjects}

From 5ce0068c87122ec8493d11efca1b105883057026 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 11:49:33 +0200
Subject: [PATCH 1453/2268] fix: Omit lines when no command results are
 available

---
 pkg/webui/ui/src/components/targets-view/TargetsView.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 76b8098c8..be1662c46 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -279,7 +279,7 @@ export const TargetsView = () => {
                                             }}
                                         />
                                     }}/>
-                                <RelationHorizontalLine/>
+                                {ts.commandResults.length ? <RelationHorizontalLine/> : <></>}
                             </Box>
                         })}
                     </CardCol>

From be1066e791bb4bc74345478cfdd5fdd5887b4a90 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 11:56:50 +0200
Subject: [PATCH 1454/2268] refactor: CommandResultItem to 
 CommandResultSummaryView

---
 .../{CommandResultItem.tsx => CommandResultSummaryView.tsx}   | 4 ++--
 pkg/webui/ui/src/components/targets-view/TargetsView.tsx      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename pkg/webui/ui/src/components/targets-view/{CommandResultItem.tsx => CommandResultSummaryView.tsx} (98%)

diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
similarity index 98%
rename from pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
rename to pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
index a025ee8e9..ab7267d23 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
@@ -146,7 +146,7 @@ const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
     </Box>
 }
 
-export const CommandResultItem = React.memo(React.forwardRef((
+export const CommandResultSummaryView = React.memo(React.forwardRef((
     props: {
         current: boolean,
         ps: ProjectSummary,
@@ -258,4 +258,4 @@ export const CommandResultItem = React.memo(React.forwardRef((
     />;
 }));
 
-CommandResultItem.displayName = 'CommandResultItem';
+CommandResultSummaryView.displayName = 'CommandResultItem';
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index be1662c46..d0ab2f1b8 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -5,7 +5,7 @@ import { AppContext } from "../App";
 import { ProjectItem } from "./ProjectItem";
 import { TargetItem } from "./TargetItem";
 import Divider from "@mui/material/Divider";
-import { CommandResultItem } from "./CommandResultItem";
+import { CommandResultSummaryView } from "./CommandResultSummaryView";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
@@ -305,7 +305,7 @@ export const TargetsView = () => {
                                             cardsData={ts.commandResults}
                                             getKey={cd => cd.id}
                                             renderCard={(cardData, expanded, current) => {
-                                                return <CommandResultItem
+                                                return <CommandResultSummaryView
                                                     current={current}
                                                     ps={ps}
                                                     ts={ts}

From f3bc9dbf50862a788b337a3787ce9d5194c5cfd4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 12:07:54 +0200
Subject: [PATCH 1455/2268] refactor: Split out CommandResultSummaryView

---
 .../targets-view/CommandResultCard.tsx        | 194 +++++++++++++++++
 .../targets-view/CommandResultSummaryView.tsx | 203 +-----------------
 .../components/targets-view/TargetsView.tsx   |   5 +-
 3 files changed, 203 insertions(+), 199 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx

diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx
new file mode 100644
index 000000000..5d35cd91a
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx
@@ -0,0 +1,194 @@
+import React, { useContext, useMemo } from "react";
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { CommandResultSummary, ShortName } from "../../models";
+import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
+import { useNavigate } from "react-router";
+import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
+import { LiveHelp, RocketLaunch } from "@mui/icons-material";
+import * as yaml from "js-yaml";
+import { CodeViewer } from "../CodeViewer";
+import { CardTemplate } from "./Card";
+import { Since } from "../Since";
+import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
+import { CommandResultSummaryBody } from "./CommandResultSummaryView";
+import { ApiContext, UserContext } from "../App";
+import { Api } from "../../api";
+import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
+
+export async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
+    const r = await api.getCommandResult(rs.id);
+    const builder = new NodeBuilder({
+        shortNames,
+        commandResult: r,
+    });
+    const [node] = builder.buildRoot();
+    return node;
+}
+
+const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
+    const api = useContext(ApiContext)
+    const user = useContext(UserContext)
+    const handleApprove = (approve: boolean) => {
+        if (!props.ts.kdInfo || !props.ts.kd) {
+            return
+        }
+        if (approve) {
+            if (!props.rs.renderedObjectsHash) {
+                return
+            }
+            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
+        } else {
+            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
+        }
+    }
+
+    if (!user?.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
+        return <></>
+    }
+    if (props.rs.id !== props.ts.commandResults[0].id) {
+        return <></>
+    }
+
+    if (!props.rs.commandInfo.dryRun || !props.rs.renderedObjectsHash) {
+        return <></>
+    }
+
+    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.rs.renderedObjectsHash
+
+    let icon: React.ReactElement
+    let tooltip: string
+    if (!isApproved) {
+        tooltip = "Click here to trigger this manual deployment."
+        icon = <RocketLaunch color={"info"}/>
+    } else {
+        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
+        icon = <RocketLaunch color={"success"}/>
+    }
+    return <Box display='flex' gap='6px' alignItems='center' height='39px'>
+        <IconButton
+            onClick={e => {
+                e.stopPropagation();
+                handleApprove(!isApproved)
+            }}
+            sx={{
+                padding: 0,
+                width: 26,
+                height: 26
+            }}
+        >
+            <Tooltip title={tooltip}>
+                <Box display='flex'>{icon}</Box>
+            </Tooltip>
+        </IconButton>
+    </Box>
+}
+
+export const CommandResultCard = React.memo(React.forwardRef((
+    props: {
+        current: boolean,
+        ps: ProjectSummary,
+        ts: TargetSummary,
+        rs: CommandResultSummary,
+        onSelectCommandResult?: (rs: CommandResultSummary) => void,
+        sx?: SxProps<Theme>,
+        showSummary: boolean,
+        expanded?: boolean,
+        loadData?: boolean,
+        onClose?: () => void
+    },
+    ref: React.ForwardedRef<HTMLDivElement>
+) => {
+    const navigate = useNavigate();
+
+    let icon: React.ReactElement
+    let cardGlow = false
+    let header = props.rs.commandInfo?.command
+    switch (props.rs.commandInfo?.command) {
+        default:
+            icon = <DiffIcon/>
+            break
+        case "delete":
+            icon = <PruneIcon/>
+            break
+        case "deploy":
+            if (props.rs.commandInfo.dryRun) {
+                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
+                    icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
+                    cardGlow = true
+                    header = "manual deploy"
+                } else {
+                    icon = <DeployIcon/>
+                    header = "dry-run deploy"
+                }
+            } else {
+                icon = <DeployIcon/>
+            }
+            break
+        case "diff":
+            icon = <DiffIcon/>
+            break
+        case "poke-images":
+            icon = <DeployIcon/>
+            break
+        case "prune":
+            icon = <PruneIcon/>
+            break
+    }
+
+    const iconTooltip = useMemo(() => {
+        const cmdInfoYaml = yaml.dump(props.rs.commandInfo);
+        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
+    }, [props.rs.commandInfo]);
+
+    let body: React.ReactElement | undefined
+    if (props.expanded) {
+        if (props.showSummary) {
+            body = <CommandResultSummaryBody rs={props.rs} loadData={props.loadData} />
+        }
+    }
+
+    const footer = <>
+        <Box display='flex' gap='6px' alignItems='center' flex={"1 1 auto"}>
+            <CommandResultStatusLine rs={props.rs} />
+        </Box>
+        <ApprovalIcon ts={props.ts} rs={props.rs}/>
+        <Box display='flex' gap='6px' alignItems='center' height='39px'>
+            <IconButton
+                onClick={e => {
+                    e.stopPropagation();
+                    navigate(`/results/${props.rs.id}`);
+                }}
+                sx={{
+                    padding: 0,
+                    width: 26,
+                    height: 26
+                }}
+            >
+                <Tooltip title={"Open Result Tree"}>
+                    <Box display='flex'><TreeViewIcon /></Box>
+                </Tooltip>
+            </IconButton>
+        </Box>
+    </>
+
+    return <CardTemplate
+        ref={ref}
+        showCloseButton={props.expanded}
+        onClose={props.onClose}
+        paperProps={{
+            sx: {
+                padding: '20px 16px 5px 16px',
+                ...props.sx,
+            },
+            glow: cardGlow,
+            onClick: () => props.onSelectCommandResult?.(props.rs)
+        }}
+        icon={icon}
+        iconTooltip={iconTooltip}
+        header={header}
+        subheader={<Since startTime={new Date(props.rs.commandInfo.startTime)}/>}
+        subheaderTooltip={props.rs.commandInfo.startTime}
+        body={body}
+        footer={footer}
+    />;
+}));
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx b/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
index ab7267d23..1ee1b83e4 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
@@ -1,33 +1,14 @@
-import React, { useContext, useEffect, useMemo, useState } from "react";
-import { CommandResultSummary, ShortName } from "../../models";
-import * as yaml from "js-yaml";
-import { CodeViewer } from "../CodeViewer";
-import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
-import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
-import { useNavigate } from "react-router";
-import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { CardBody, CardTemplate } from "./Card";
-import { ApiContext, AppContext, UserContext } from "../App";
+import React, { useContext, useEffect, useState } from "react";
+import { CommandResultSummary } from "../../models";
+import { CardBody } from "./Card";
+import { ApiContext, AppContext } from "../App";
 import { Loading } from "../Loading";
-import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
 import { ErrorMessage } from "../ErrorMessage";
-import { Api } from "../../api";
 import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
-import { Since } from "../Since";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { LiveHelp, RocketLaunch } from "@mui/icons-material";
+import { doGetRootNode } from "./CommandResultCard";
 
-async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
-    const r = await api.getCommandResult(rs.id);
-    const builder = new NodeBuilder({
-        shortNames,
-        commandResult: r,
-    });
-    const [node] = builder.buildRoot();
-    return node;
-}
 
-export const CommandResultItemBody = React.memo((props: {
+export const CommandResultSummaryBody = React.memo((props: {
     rs: CommandResultSummary,
     loadData?: boolean
 }) => {
@@ -87,175 +68,3 @@ export const CommandResultItemBody = React.memo((props: {
 
     return <CardBody provider={node} />
 });
-
-const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
-    const api = useContext(ApiContext)
-    const user = useContext(UserContext)
-    const handleApprove = (approve: boolean) => {
-        if (!props.ts.kdInfo || !props.ts.kd) {
-            return
-        }
-        if (approve) {
-            if (!props.rs.renderedObjectsHash) {
-                return
-            }
-            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
-        } else {
-            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
-        }
-    }
-
-    if (!user?.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
-        return <></>
-    }
-    if (props.rs.id !== props.ts.commandResults[0].id) {
-        return <></>
-    }
-
-    if (!props.rs.commandInfo.dryRun || !props.rs.renderedObjectsHash) {
-        return <></>
-    }
-
-    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.rs.renderedObjectsHash
-
-    let icon: React.ReactElement
-    let tooltip: string
-    if (!isApproved) {
-        tooltip = "Click here to trigger this manual deployment."
-        icon = <RocketLaunch color={"info"}/>
-    } else {
-        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
-        icon = <RocketLaunch color={"success"}/>
-    }
-    return <Box display='flex' gap='6px' alignItems='center' height='39px'>
-        <IconButton
-            onClick={e => {
-                e.stopPropagation();
-                handleApprove(!isApproved)
-            }}
-            sx={{
-                padding: 0,
-                width: 26,
-                height: 26
-            }}
-        >
-            <Tooltip title={tooltip}>
-                <Box display='flex'>{icon}</Box>
-            </Tooltip>
-        </IconButton>
-    </Box>
-}
-
-export const CommandResultSummaryView = React.memo(React.forwardRef((
-    props: {
-        current: boolean,
-        ps: ProjectSummary,
-        ts: TargetSummary,
-        rs: CommandResultSummary,
-        onSelectCommandResult?: (rs: CommandResultSummary) => void,
-        sx?: SxProps<Theme>,
-        expanded?: boolean,
-        loadData?: boolean,
-        onClose?: () => void
-    },
-    ref: React.ForwardedRef<HTMLDivElement>
-) => {
-    const {
-        rs,
-        onSelectCommandResult,
-        sx,
-        expanded,
-        loadData,
-        onClose
-    } = props;
-    const navigate = useNavigate();
-
-    let icon: React.ReactElement
-    let cardGlow = false
-    let header = rs.commandInfo?.command
-    switch (rs.commandInfo?.command) {
-        default:
-            icon = <DiffIcon/>
-            break
-        case "delete":
-            icon = <PruneIcon/>
-            break
-        case "deploy":
-            if (rs.commandInfo.dryRun) {
-                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
-                    icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
-                    cardGlow = true
-                    header = "manual deploy"
-                } else {
-                    icon = <DeployIcon/>
-                    header = "dry-run deploy"
-                }
-            } else {
-                icon = <DeployIcon/>
-            }
-            break
-        case "diff":
-            icon = <DiffIcon/>
-            break
-        case "poke-images":
-            icon = <DeployIcon/>
-            break
-        case "prune":
-            icon = <PruneIcon/>
-            break
-    }
-
-    const iconTooltip = useMemo(() => {
-        const cmdInfoYaml = yaml.dump(rs.commandInfo);
-        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
-    }, [rs.commandInfo]);
-
-    const body = expanded ? <CommandResultItemBody rs={rs} loadData={loadData} /> : undefined;
-
-    return <CardTemplate
-        ref={ref}
-        showCloseButton={expanded}
-        onClose={onClose}
-        paperProps={{
-            sx: {
-                padding: '20px 16px 5px 16px',
-                ...sx,
-            },
-            glow: cardGlow,
-            onClick: () => onSelectCommandResult?.(rs)
-        }}
-        icon={icon}
-        iconTooltip={iconTooltip}
-        header={header}
-        subheader={<Since startTime={new Date(rs.commandInfo.startTime)}/>}
-        subheaderTooltip={rs.commandInfo.startTime}
-        body={body}
-        footer={
-            <>
-                <Box display='flex' gap='6px' alignItems='center' flex={"1 1 auto"}>
-                    <CommandResultStatusLine rs={rs} />
-                </Box>
-                <ApprovalIcon ts={props.ts} rs={props.rs}/>
-                <Box display='flex' gap='6px' alignItems='center' height='39px'>
-                    <IconButton
-                        onClick={e => {
-                            e.stopPropagation();
-                            navigate(`/results/${rs.id}`);
-                        }}
-                        sx={{
-                            padding: 0,
-                            width: 26,
-                            height: 26
-                        }}
-                    >
-                        <Tooltip title={"Open Result Tree"}>
-                            <Box display='flex'><TreeViewIcon /></Box>
-                        </Tooltip>
-                    </IconButton>
-                </Box>
-            </>
-        }
-    />;
-}));
-
-CommandResultSummaryView.displayName = 'CommandResultItem';
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index d0ab2f1b8..5237c25ec 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -5,12 +5,12 @@ import { AppContext } from "../App";
 import { ProjectItem } from "./ProjectItem";
 import { TargetItem } from "./TargetItem";
 import Divider from "@mui/material/Divider";
-import { CommandResultSummaryView } from "./CommandResultSummaryView";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "./ExpandableCard";
 import { useLocation, useNavigate } from "react-router-dom";
+import { CommandResultCard } from "./CommandResultCard";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -305,11 +305,12 @@ export const TargetsView = () => {
                                             cardsData={ts.commandResults}
                                             getKey={cd => cd.id}
                                             renderCard={(cardData, expanded, current) => {
-                                                return <CommandResultSummaryView
+                                                return <CommandResultCard
                                                     current={current}
                                                     ps={ps}
                                                     ts={ts}
                                                     rs={cardData}
+                                                    showSummary={true}
                                                     expanded={expanded}
                                                     loadData={current}
                                                     onClose={() => {

From 5d2817def119622ec2ce46ba1f58f3a5e38bf98a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Aug 2023 12:32:25 +0200
Subject: [PATCH 1456/2268] fix: Set z-index of expanded cards to be below
 tooltips

---
 .../ui/src/components/targets-view/ExpandableCard.tsx    | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
index 3110e47f6..c088be77e 100644
--- a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
+++ b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
@@ -6,6 +6,7 @@ import { Transition, TransitionStatus } from "react-transition-group";
 const transitionTime = 200
 const arrowButtonWidth = 80;
 const arrowButtonHeight = 50;
+const expandedZIndex = 1300; // same as MUI modals
 
 const ArrowButton = React.memo((props: {
     direction: 'left' | 'right',
@@ -36,7 +37,7 @@ const ArrowButton = React.memo((props: {
             position: "fixed",
             top: `${top}px`,
             left: `${left}px`,
-            zIndex: 100000,
+            zIndex: expandedZIndex,
         }}
         onClick={(e) => {
             e.stopPropagation();
@@ -159,7 +160,7 @@ export const ExpandableCard = function <CardData>(props: ExpandedCardsViewProps<
                     duration: transitionTime,
                     easing: theme.transitions.easing.sharp
                 }),
-                "z-index": 10000,
+                "z-index": expandedZIndex,
                 visibility: i === selectedIndex ? "visible" : "hidden",
             }
         } else if (state === "entered") {
@@ -176,7 +177,7 @@ export const ExpandableCard = function <CardData>(props: ExpandedCardsViewProps<
                     duration: transitionTime,
                     easing: theme.transitions.easing.sharp
                 }),
-                "z-index": 10000,
+                "z-index": expandedZIndex,
             }
         } else if (state === "exiting") {
             return {
@@ -191,7 +192,7 @@ export const ExpandableCard = function <CardData>(props: ExpandedCardsViewProps<
                     duration: transitionTime,
                     easing: theme.transitions.easing.sharp
                 }),
-                "z-index": 10000,
+                "z-index": expandedZIndex,
                 visibility: i === expandingIndex ? "visible" : "hidden",
             }
         }

From ad8a41cb07b3d593c67f9610a6aedf15e693e23f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Aug 2023 08:51:06 +0200
Subject: [PATCH 1457/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/credentials (#736)

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.32 to 1.13.33.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.13.32...credentials/v1.13.33)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 18 +++++++++---------
 go.sum | 27 ++++++++++++++++++---------
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index 87714b52d..cf567cf13 100644
--- a/go.mod
+++ b/go.mod
@@ -54,11 +54,11 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
-	github.com/aws/aws-sdk-go-v2 v1.20.1
+	github.com/aws/aws-sdk-go-v2 v1.20.2
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.32
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.33
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.3
 	github.com/aws/smithy-go v1.14.1
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -105,14 +105,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
diff --git a/go.sum b/go.sum
index 1b745d17e..47a650883 100644
--- a/go.sum
+++ b/go.sum
@@ -116,34 +116,43 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
 github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
+github.com/aws/aws-sdk-go-v2 v1.20.2 h1:0Aok9u/HVTk7RtY6M1KDcthbaMKGhhS0eLPxIdSIzRI=
+github.com/aws/aws-sdk-go-v2 v1.20.2/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
 github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
 github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.33 h1:esA1X5Eti1xSGCF0W0LYpHH/r6p+MqT0DiKXsfDEPxs=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.33/go.mod h1:jNC10ZEYuLlt9IOowix60yNiO6vGA14RVK3oUfX5KgI=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9 h1:DnNHcClgyFV5suHJ4axqhmG3YeRGgIu6yv29IEWR9aE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9/go.mod h1:kz0hzQXlc/5Y5mkbwTKX8A+aTRA45t8Aavly60bQzAQ=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39 h1:OBokd2jreL7ItwqRRcN5QiSt24/i2r742aRsd2qMyeg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39/go.mod h1:OLmjwglQh90dCcFJDGD+T44G0ToLH+696kRwRhS1KOU=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33 h1:gcRN6PXAo8w3HYFp2wFyr+WYEP4n/a25/IOhzJl36Yw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33/go.mod h1:S/zgOphghZAIvrbtvsVycoOncfqh1Hc4uGDIHqDLwTU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33 h1:cr70Hw6Lq9cqRst1y4YOHLiaVWaWtBPiqdloinNkfis=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33/go.mod h1:kcNtzCcEoflp+6e2CDTmm2h3xQGZOBZqYA/8DhYx/S8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
 github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0 h1:z9faFYBvadv9HdY+oFBgxqCnew9TK+jp9ccxktB5fl4=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0/go.mod h1:Z6Oq1mXqvgwmUxvMrV/jMkQhwm06A9XO015dzGnS8TM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.3 h1:nceOkYE0jmaG9CoyXHJJm00FAQ8JE+/LCKJJ06hH/Nc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.3/go.mod h1:DApEBnZzexe+LDLaNrGOJA8xtRMCpikLW1gX7jZhHxc=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3 h1:90qW9puxI7LgmiYKSPhx6wz4XqgVauTxCyS3185+JpA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3/go.mod h1:kKpyLjToIS7E3z0672lBhxIPD+uoQ9V0MYRYCVGIkO0=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.3 h1:s3wBkMxfA/u2EJJl6KRsPcWv858lDHkhinqXyN6fkZI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.3/go.mod h1:b+y9zL57mwCRy6ftp9Nc7CONGHX3sZ50ZCLTrI5xpCc=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
 github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=

From 5258a8f41255e1f49477146382f776def066748c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 09:08:52 +0200
Subject: [PATCH 1458/2268] feat: Put full command result view into expandable
 command result card

---
 pkg/webui/ui/src/components/CodeViewer.tsx    | 23 ++---
 pkg/webui/ui/src/components/Loading.tsx       |  3 +
 pkg/webui/ui/src/components/ObjectYaml.tsx    | 11 ++-
 .../ui/src/components/ResultObjectViewer.tsx  | 30 +++++++
 pkg/webui/ui/src/components/Router.tsx        |  6 --
 .../ChangesTable.tsx                          |  0
 .../CommandResultCard.tsx                     | 28 +++---
 .../CommandResultStatusLine.tsx               |  0
 .../CommandResultSummaryView.tsx              |  4 +-
 .../CommandResultTree.tsx                     | 47 ++++------
 .../command-result/CommandResultView.tsx      | 86 ++++++++++++++++++
 .../SidePanel.tsx                             | 28 ++----
 .../nodes/CommandResultNode.tsx               | 18 ++--
 .../DeletedOrOrphanObjectsCollectionNode.tsx  |  6 +-
 .../nodes/DeploymentItemIncludeNode.tsx       |  7 +-
 .../nodes/DeploymentItemNode.tsx              |  7 +-
 .../nodes/NodeBuilder.ts                      | 32 +++----
 .../nodes/NodeData.tsx                        | 18 ++--
 .../nodes/ObjectNode.tsx                      | 20 ++---
 .../nodes/VarsSourceCollectionNode.tsx        |  7 +-
 .../nodes/VarsSourceNode.tsx                  | 20 ++---
 .../result-view/CommandResultView.tsx         | 89 -------------------
 .../ui/src/components/targets-view/Card.tsx   |  2 +-
 .../targets-view/ExpandableCard.tsx           |  2 +-
 .../components/targets-view/TargetItem.tsx    |  2 +-
 .../components/targets-view/TargetsView.tsx   | 33 +++++--
 26 files changed, 258 insertions(+), 271 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/ResultObjectViewer.tsx
 rename pkg/webui/ui/src/components/{result-view => command-result}/ChangesTable.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => command-result}/CommandResultCard.tsx (88%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/CommandResultStatusLine.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => command-result}/CommandResultSummaryView.tsx (93%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/CommandResultTree.tsx (77%)
 create mode 100644 pkg/webui/ui/src/components/command-result/CommandResultView.tsx
 rename pkg/webui/ui/src/components/{result-view => command-result}/SidePanel.tsx (67%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/CommandResultNode.tsx (69%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/DeletedOrOrphanObjectsCollectionNode.tsx (89%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/DeploymentItemIncludeNode.tsx (88%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/DeploymentItemNode.tsx (89%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/NodeBuilder.ts (86%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/NodeData.tsx (91%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/ObjectNode.tsx (80%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/VarsSourceCollectionNode.tsx (73%)
 rename pkg/webui/ui/src/components/{result-view => command-result}/nodes/VarsSourceNode.tsx (93%)
 delete mode 100644 pkg/webui/ui/src/components/result-view/CommandResultView.tsx

diff --git a/pkg/webui/ui/src/components/CodeViewer.tsx b/pkg/webui/ui/src/components/CodeViewer.tsx
index 2e55a82c0..adaed7e0d 100644
--- a/pkg/webui/ui/src/components/CodeViewer.tsx
+++ b/pkg/webui/ui/src/components/CodeViewer.tsx
@@ -10,20 +10,11 @@ SyntaxHighlighter.registerLanguage('yaml', yamlLanguage);
 SyntaxHighlighter.registerLanguage('diff', diffLanguage);
 
 export function CodeViewer(props: { code: string, language: string }) {
-    return <SyntaxHighlighter language={props.language} style={docco}>
-            {props.code!}
-        </SyntaxHighlighter>
-
-
-    /*return <Box height={"100%"}><Box sx={{
-        overflowY: 'scroll', // Enable vertical scrolling
-        height: "100%",
-        //maxHeight: '100%', // Set a fixed height
-        border: '1px solid #ccc', // Optional border
-        padding: '10px', // Optional padding
+    return <SyntaxHighlighter language={props.language} style={docco} customStyle={{
+        overflowX: undefined, // the parent container is handling scrolling
+        flex: "1 1 auto",
+        height: "max-content",
     }}>
-        <SyntaxHighlighter language={props.language} style={docco}>
-            {props.code!}
-        </SyntaxHighlighter>
-    </Box></Box>*/
-}
\ No newline at end of file
+        {props.code!}
+    </SyntaxHighlighter>
+}
diff --git a/pkg/webui/ui/src/components/Loading.tsx b/pkg/webui/ui/src/components/Loading.tsx
index 4cf7b8189..39827c478 100644
--- a/pkg/webui/ui/src/components/Loading.tsx
+++ b/pkg/webui/ui/src/components/Loading.tsx
@@ -21,6 +21,9 @@ export function useLoadingHelper<T>(load: () => Promise<T>, deps: DependencyList
     const [content, setContent] = useState<T>()
 
     useEffect(() => {
+        setLoading(true)
+        setContent(undefined)
+        setError(undefined)
         const doStartLoading = async () => {
             try {
                 const c = await load()
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
index 7e9ee9e5f..cf7e7949e 100644
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ b/pkg/webui/ui/src/components/ObjectYaml.tsx
@@ -1,5 +1,4 @@
-import { CommandResultProps } from "./result-view/CommandResultView";
-import { ObjectRef } from "../models";
+import { CommandResult, ObjectRef } from "../models";
 import { ObjectType } from "../api";
 import React, { useContext } from "react";
 import { CodeViewer } from "./CodeViewer";
@@ -10,15 +9,15 @@ import * as yaml from 'js-yaml';
 import { ErrorMessage } from "./ErrorMessage";
 import { Box } from "@mui/material";
 
-export const ObjectYaml = (props: { treeProps: CommandResultProps, objectRef: ObjectRef, objectType: ObjectType }) => {
+export const ObjectYaml = (props: { cr: CommandResult, objectRef: ObjectRef, objectType: ObjectType }) => {
     const api = useContext(ApiContext)
     const [loading, error, content] = useLoadingHelper<string>(async () => {
-        const o = await api.getCommandResultObject(props.treeProps.commandResult.id, props.objectRef, props.objectType)
+        const o = await api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
         return yaml.dump(o)
-    }, [props.treeProps.commandResult.id, props.objectRef, props.objectType])
+    }, [props.cr.id, props.objectRef, props.objectType])
 
     if (loading) {
-        return <Box my='30px'>
+        return <Box width={"100%"}>
             <Loading />
         </Box>
     } else if (error) {
diff --git a/pkg/webui/ui/src/components/ResultObjectViewer.tsx b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
new file mode 100644
index 000000000..42b6d83a6
--- /dev/null
+++ b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
@@ -0,0 +1,30 @@
+import { CommandResult, ObjectRef } from "../models";
+import { ObjectType } from "../api";
+import React, { useContext } from "react";
+
+import { Loading, useLoadingHelper } from "./Loading";
+import { ApiContext } from "./App";
+import * as yaml from 'js-yaml';
+import { ErrorMessage } from "./ErrorMessage";
+import { Box } from "@mui/material";
+import { K8sManifestViewer } from "./K8sManifestViewer";
+
+export const ResultObjectViewer = (props: { cr: CommandResult, objectRef: ObjectRef, objectType: ObjectType }) => {
+    const api = useContext(ApiContext)
+    const [loading, error, content] = useLoadingHelper<string>(async () => {
+        const o = await api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
+        return yaml.dump(o)
+    }, [props.cr.id, props.objectRef, props.objectType])
+
+    if (loading) {
+        return <Box width={"100%"}>
+            <Loading />
+        </Box>
+    } else if (error) {
+        return <ErrorMessage>
+            {error.message}
+        </ErrorMessage>
+    } else {
+        return <K8sManifestViewer obj={content}/>
+    }
+}
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 24b25fe17..c5226504a 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,7 +1,6 @@
 import { createHashRouter, useRouteError } from "react-router-dom";
 import App from "./App";
 import { TargetsView } from "./targets-view/TargetsView";
-import { CommandResultView } from "./result-view/CommandResultView";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
 
@@ -25,11 +24,6 @@ export const Router = createHashRouter([
                 element: <TargetsView />,
                 errorElement: <ErrorPage />,
             },
-            {
-                path: "results/:id",
-                element: <CommandResultView />,
-                errorElement: <ErrorPage />,
-            },
         ],
     },
 ]);
diff --git a/pkg/webui/ui/src/components/result-view/ChangesTable.tsx b/pkg/webui/ui/src/components/command-result/ChangesTable.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/result-view/ChangesTable.tsx
rename to pkg/webui/ui/src/components/command-result/ChangesTable.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
similarity index 88%
rename from pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx
rename to pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 5d35cd91a..10614509b 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -2,25 +2,22 @@ import React, { useContext, useMemo } from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CommandResultSummary, ShortName } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
-import { useNavigate } from "react-router";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { LiveHelp, RocketLaunch } from "@mui/icons-material";
+import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
 import * as yaml from "js-yaml";
 import { CodeViewer } from "../CodeViewer";
-import { CardTemplate } from "./Card";
+import { CardTemplate } from "../targets-view/Card";
 import { Since } from "../Since";
-import { CommandResultStatusLine } from "../result-view/CommandResultStatusLine";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
 import { ApiContext, UserContext } from "../App";
 import { Api } from "../../api";
-import { NodeBuilder } from "../result-view/nodes/NodeBuilder";
+import { CommandResultBody } from "./CommandResultView";
+import { NodeBuilder } from "./nodes/NodeBuilder";
+import { CommandResultStatusLine } from "./CommandResultStatusLine";
 
 export async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
     const r = await api.getCommandResult(rs.id);
-    const builder = new NodeBuilder({
-        shortNames,
-        commandResult: r,
-    });
+    const builder = new NodeBuilder(r)
     const [node] = builder.buildRoot();
     return node;
 }
@@ -89,7 +86,7 @@ export const CommandResultCard = React.memo(React.forwardRef((
         ps: ProjectSummary,
         ts: TargetSummary,
         rs: CommandResultSummary,
-        onSelectCommandResult?: (rs: CommandResultSummary) => void,
+        onSwitchFullCommandResult: () => void,
         sx?: SxProps<Theme>,
         showSummary: boolean,
         expanded?: boolean,
@@ -98,8 +95,6 @@ export const CommandResultCard = React.memo(React.forwardRef((
     },
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
-    const navigate = useNavigate();
-
     let icon: React.ReactElement
     let cardGlow = false
     let header = props.rs.commandInfo?.command
@@ -144,6 +139,8 @@ export const CommandResultCard = React.memo(React.forwardRef((
     if (props.expanded) {
         if (props.showSummary) {
             body = <CommandResultSummaryBody rs={props.rs} loadData={props.loadData} />
+        } else {
+            body = <CommandResultBody rs={props.rs} loadData={props.loadData}/>
         }
     }
 
@@ -156,7 +153,7 @@ export const CommandResultCard = React.memo(React.forwardRef((
             <IconButton
                 onClick={e => {
                     e.stopPropagation();
-                    navigate(`/results/${props.rs.id}`);
+                    props.onSwitchFullCommandResult()
                 }}
                 sx={{
                     padding: 0,
@@ -164,8 +161,8 @@ export const CommandResultCard = React.memo(React.forwardRef((
                     height: 26
                 }}
             >
-                <Tooltip title={"Open Result Tree"}>
-                    <Box display='flex'><TreeViewIcon /></Box>
+                <Tooltip title={props.showSummary ? "Show full result tree" : "Show summary"}>
+                    <Box display='flex'>{props.showSummary ? <TreeViewIcon /> : <Summarize/>}</Box>
                 </Tooltip>
             </IconButton>
         </Box>
@@ -181,7 +178,6 @@ export const CommandResultCard = React.memo(React.forwardRef((
                 ...props.sx,
             },
             glow: cardGlow,
-            onClick: () => props.onSelectCommandResult?.(props.rs)
         }}
         icon={icon}
         iconTooltip={iconTooltip}
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/result-view/CommandResultStatusLine.tsx
rename to pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
similarity index 93%
rename from pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
rename to pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
index 1ee1b83e4..1a35ec37b 100644
--- a/pkg/webui/ui/src/components/targets-view/CommandResultSummaryView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
@@ -1,11 +1,11 @@
 import React, { useContext, useEffect, useState } from "react";
 import { CommandResultSummary } from "../../models";
-import { CardBody } from "./Card";
+import { CardBody } from "../targets-view/Card";
 import { ApiContext, AppContext } from "../App";
 import { Loading } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
-import { CommandResultNodeData } from "../result-view/nodes/CommandResultNode";
 import { doGetRootNode } from "./CommandResultCard";
+import { CommandResultNodeData } from "./nodes/CommandResultNode";
 
 
 export const CommandResultSummaryBody = React.memo((props: {
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
similarity index 77%
rename from pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
rename to pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
index 1b1e78494..188e4bac7 100644
--- a/pkg/webui/ui/src/components/result-view/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
@@ -1,17 +1,16 @@
 import * as React from 'react';
-import { useMemo, useState } from 'react';
+import { useContext, useState } from 'react';
 import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
-import { NodeBuilder } from "./nodes/NodeBuilder";
 import { NodeData } from "./nodes/NodeData";
 import { ActiveFilters, DoFilterSwitches } from "../FilterBar";
-import { CommandResultProps } from "./CommandResultView";
-import { Loading } from "../Loading";
-import { Box, Divider, Paper, useTheme } from '@mui/material';
+import { Box, Divider, useTheme } from '@mui/material';
 import { TriangleDownIcon, TriangleRightIcon } from '../../icons/Icons';
+import { CommandResultNodeData } from "./nodes/CommandResultNode";
+import { AppContext } from "../App";
 
 export interface CommandResultTreeProps {
-    commandResultProps?: CommandResultProps
+    rootNode: CommandResultNodeData
 
     onSelectNode: (node?: NodeData) => void
     activeFilters?: ActiveFilters
@@ -19,17 +18,9 @@ export interface CommandResultTreeProps {
 
 const CommandResultTree = (props: CommandResultTreeProps) => {
     const theme = useTheme();
+    const appContext = useContext(AppContext)
     const [expanded, setExpanded] = useState<string[]>(["root"]);
 
-    const [rootNode] = useMemo(() => {
-        if (!props.commandResultProps) {
-            return [undefined, undefined]
-        }
-
-        const builder = new NodeBuilder(props.commandResultProps)
-        return builder.buildRoot()
-    }, [props.commandResultProps])
-
     const handleToggle = (event: React.SyntheticEvent, nodeIds: string[]) => {
         setExpanded(nodeIds);
     };
@@ -75,7 +66,7 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
                             }}
                         />
                     }
-                    {nodes.buildTreeItem(nodes.children.length !== 0)}
+                    {nodes.buildTreeItem(appContext, nodes.children.length !== 0)}
                 </Box>
             }
             sx={{
@@ -115,21 +106,15 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
         </TreeItem>
     };
 
-    if (!rootNode) {
-        return <Loading />
-    }
-
-    return <Paper sx={{ padding: '20px 40px' }}>
-        <TreeView expanded={expanded}
-            onNodeToggle={handleToggle}
-            aria-label="rich object"
-            defaultCollapseIcon={<TriangleDownIcon />}
-            defaultExpandIcon={<TriangleRightIcon />}
-            sx={{ width: "100%" }}
-        >
-            {renderTree(rootNode)}
-        </TreeView>
-    </Paper>
+    return <TreeView expanded={expanded}
+                     onNodeToggle={handleToggle}
+                     aria-label="rich object"
+                     defaultCollapseIcon={<TriangleDownIcon/>}
+                     defaultExpandIcon={<TriangleRightIcon/>}
+                     sx={{ width: "100%" }}
+    >
+        {renderTree(props.rootNode)}
+    </TreeView>
 }
 
 export default CommandResultTree;
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
new file mode 100644
index 000000000..2934cd252
--- /dev/null
+++ b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
@@ -0,0 +1,86 @@
+import React, { useContext, useEffect, useState } from "react";
+import { CommandResultSummary } from "../../models";
+import { ApiContext, AppContext } from "../App";
+import { Loading } from "../Loading";
+import { ErrorMessage } from "../ErrorMessage";
+import { doGetRootNode } from "./CommandResultCard";
+import { Box, Divider } from "@mui/material";
+import { CommandResultNodeData } from "./nodes/CommandResultNode";
+import { NodeData } from "./nodes/NodeData";
+import CommandResultTree from "./CommandResultTree";
+import { SidePanel } from "./SidePanel";
+
+export const CommandResultBody = React.memo((props: {
+    rs: CommandResultSummary,
+    loadData?: boolean
+}) => {
+    const api = useContext(ApiContext);
+    const appContext = useContext(AppContext);
+
+    const [loading, setLoading] = useState(false);
+    const [error, setError] = useState<any>();
+    const [node, setNode] = useState<CommandResultNodeData>();
+    const [prevRsId, setPrevRsId] = useState<string>();
+
+    const [selectedNode, setSelectedNode] = useState<NodeData | undefined>();
+
+    useEffect(() => {
+        let cancelled = false;
+        if (!props.loadData) {
+            return;
+        }
+
+        if (prevRsId === props.rs.id) {
+            return;
+        }
+
+        const doStartLoading = async () => {
+            try {
+                setLoading(true);
+                const n = await doGetRootNode(api, props.rs, appContext.shortNames);
+                if (cancelled) {
+                    return;
+                }
+                setNode(n);
+                setPrevRsId(props.rs.id);
+            } catch (error) {
+                setError(error);
+            }
+            setLoading(false);
+        };
+
+        doStartLoading();
+
+        return () => {
+            cancelled = true;
+        }
+    }, [api, appContext.shortNames, prevRsId, props.loadData, props.rs])
+
+    if (loading) {
+        return <Loading />;
+    }
+
+    if (error) {
+        return <ErrorMessage>
+            {error.message}
+        </ErrorMessage>;
+    }
+
+    if (!node) {
+        return null;
+    }
+
+    return <Box display={"flex"} width={"100%"} height={"100%"}>
+        <Box overflow={"auto"} width={"100%"} height={"100%"}>
+            <CommandResultTree
+                rootNode={node}
+                onSelectNode={setSelectedNode}
+                //activeFilters={context.filters}
+            />
+        </Box>
+        <Divider orientation={"vertical"} sx={{marginX: "10px"}}/>
+        <Box minWidth={"50%"} maxWidth={"50%"} height={"100%"}>
+            <SidePanel provider={selectedNode} onClose={() => setSelectedNode(undefined)} />
+        </Box>
+    </Box>
+});
diff --git a/pkg/webui/ui/src/components/result-view/SidePanel.tsx b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
similarity index 67%
rename from pkg/webui/ui/src/components/result-view/SidePanel.tsx
rename to pkg/webui/ui/src/components/command-result/SidePanel.tsx
index 972f631fd..8229dbb73 100644
--- a/pkg/webui/ui/src/components/result-view/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
@@ -1,7 +1,6 @@
-import { Box, Divider, IconButton, Paper, Tab, ThemeProvider, Typography, useTheme } from "@mui/material";
+import { Box, Divider, Tab, ThemeProvider } from "@mui/material";
 import React, { useCallback, useContext, useEffect, useMemo, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
-import { CloseIcon } from "../../icons/Icons";
 import { light } from "../theme";
 import { User } from "../../api";
 import { UserContext } from "../App";
@@ -55,7 +54,6 @@ export function useSidePanelTabs(provider?: SidePanelProvider) {
 }
 
 export const SidePanel = (props: SidePanelProps) => {
-    const theme = useTheme();
     const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
 
     if (!selectedTab || !tabs.find(x => x.label === selectedTab)) {
@@ -68,19 +66,7 @@ export const SidePanel = (props: SidePanelProps) => {
 
     return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" overflow='hidden'>
         <TabContext value={selectedTab}>
-            <Box minHeight={theme.consts.appBarHeight} display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
-                <Box flex='1 1 auto' display='flex' justifyContent='space-between'>
-                    <Box flex='1 1 auto' pt='25px' pl='35px'>
-                        <Typography variant="h4">
-                            {props.provider.buildSidePanelTitle()}
-                        </Typography>
-                    </Box>
-                    <Box flex='0 0 auto' pt='10px' pr='10px'>
-                        <IconButton onClick={props.onClose}>
-                            <CloseIcon />
-                        </IconButton>
-                    </Box>
-                </Box>
+            <Box display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
                 <Box height='36px' flex='0 0 auto' p='0 30px'>
                     <TabList onChange={handleTabChange}>
                         {tabs.map((tab, i) => {
@@ -89,14 +75,12 @@ export const SidePanel = (props: SidePanelProps) => {
                     </TabList>
                 </Box>
             </Box>
-            <Divider sx={{ margin: 0 }} />
-            <Box overflow='auto' p='30px' flex={"1 1 auto"}>
+            <Divider />
+            <Box overflow='auto' p='4px' flex={"1 1 auto"}>
                 {tabs.map(tab => {
                     return <ThemeProvider theme={light} key={tab.label}>
-                        <TabPanel value={tab.label} sx={{ padding: 0}}>
-                            <Paper sx={{ padding: '10px 0' }}>
-                                {tab.content}
-                            </Paper>
+                        <TabPanel value={tab.label} sx={{padding: 0, display: "flex"}}>
+                            {tab.content}
                         </TabPanel>
                     </ThemeProvider>
                 })}
diff --git a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
similarity index 69%
rename from pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index 196415ba7..5c88a5cf7 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -3,21 +3,21 @@ import React from 'react';
 import { NodeData } from "./NodeData";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
-import { CommandResultProps } from "../CommandResultView";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
 import { DeployIcon } from '../../../icons/Icons';
 import { LogsViewer } from "../../LogsViewer";
+import { CommandResult } from "../../../models";
 
 export class CommandResultNodeData extends NodeData {
     dumpedTargetYaml?: string
 
-    constructor(props: CommandResultProps, id: string) {
-        super(props, id, true, true);
+    constructor(commandResult: CommandResult, id: string) {
+        super(commandResult, id, true, true);
 
-        if (this.props.commandResult.command?.target) {
-            this.dumpedTargetYaml = yaml.dump(this.props.commandResult.command.target)
+        if (this.commandResult.command?.target) {
+            this.dumpedTargetYaml = yaml.dump(this.commandResult.command.target)
         }
     }
 
@@ -42,8 +42,8 @@ export class CommandResultNodeData extends NodeData {
         this.buildDiffAndHealthPages(tabs)
 
         tabs.push({label: "Logs", content: <LogsViewer
-                cluster={this.props.commandResult.clusterInfo.clusterId}
-                reconcileId={this.props.commandResult.id}/>
+                cluster={this.commandResult.clusterInfo.clusterId}
+                reconcileId={this.commandResult.id}/>
         })
 
         return tabs
@@ -51,8 +51,8 @@ export class CommandResultNodeData extends NodeData {
 
     buildSummaryPage(): React.ReactNode {
         const props = [
-            {name: "Initiator", value: this.props.commandResult.command?.initiator},
-            {name: "Command", value: this.props.commandResult.command?.command},
+            {name: "Initiator", value: this.commandResult.command?.initiator},
+            {name: "Command", value: this.commandResult.command?.command},
         ]
 
         return <>
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
similarity index 89%
rename from pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
index 5b3cba216..be4e5d7fd 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
@@ -1,15 +1,15 @@
 import { NodeData } from "./NodeData";
 import React from "react";
 import { Delete, LinkOff } from "@mui/icons-material";
-import { CommandResultProps } from "../CommandResultView";
 import { PropertiesTable } from "../../PropertiesTable";
 import { SidePanelTab } from "../SidePanel";
+import { CommandResult } from "../../../models";
 
 export class DeletedOrOrphanObjectsCollectionNode extends NodeData {
     deleted: boolean
 
-    constructor(props: CommandResultProps, id: string, deleted: boolean) {
-        super(props, id, false, true);
+    constructor(commandResult: CommandResult, id: string, deleted: boolean) {
+        super(commandResult, id, false, true);
         this.deleted = deleted
     }
 
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
similarity index 88%
rename from pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
index 2a50d9274..560ab4a59 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
@@ -1,9 +1,8 @@
 import React from 'react';
 
-import { DeploymentItemConfig, DeploymentProjectConfig } from "../../../models";
+import { CommandResult, DeploymentItemConfig, DeploymentProjectConfig } from "../../../models";
 import { NodeData } from "./NodeData";
 import { GitIcon, IncludeIcon } from "../../../icons/Icons";
-import { CommandResultProps } from "../CommandResultView";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
 import { SidePanelTab } from "../SidePanel";
@@ -14,8 +13,8 @@ export class DeploymentItemIncludeNodeData extends NodeData {
     deploymentItem: DeploymentItemConfig
     includedDeployment: DeploymentProjectConfig
 
-    constructor(props: CommandResultProps, id: string, deploymentItem: DeploymentItemConfig, includedDeployment: DeploymentProjectConfig) {
-        super(props, id, true, true);
+    constructor(commandResult: CommandResult, id: string, deploymentItem: DeploymentItemConfig, includedDeployment: DeploymentProjectConfig) {
+        super(commandResult, id, true, true);
         this.deploymentItem = deploymentItem
         this.includedDeployment = includedDeployment
     }
diff --git a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
similarity index 89%
rename from pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
index bebab6f96..b9ac982b5 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/DeploymentItemNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
@@ -1,18 +1,17 @@
 import React from 'react';
 
-import { DeploymentItemConfig } from "../../../models";
+import { CommandResult, DeploymentItemConfig } from "../../../models";
 import { NodeData } from "./NodeData";
 import { Source } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
-import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
 
 
 export class DeploymentItemNodeData extends NodeData {
     deploymentItem: DeploymentItemConfig
 
-    constructor(props: CommandResultProps, id: string, deploymentItem: DeploymentItemConfig) {
-        super(props, id, true, true);
+    constructor(commandResult: CommandResult, id: string, deploymentItem: DeploymentItemConfig) {
+        super(commandResult, id, true, true);
         this.deploymentItem = deploymentItem
     }
 
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts b/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
similarity index 86%
rename from pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
rename to pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
index b5bbe43e3..d62df424d 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/NodeBuilder.ts
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
@@ -1,4 +1,5 @@
 import {
+    CommandResult,
     DeploymentError,
     DeploymentItemConfig,
     DeploymentProjectConfig,
@@ -13,11 +14,10 @@ import { NodeData } from "./NodeData";
 import { CommandResultNodeData } from "./CommandResultNode";
 import { VarsSourceCollectionNodeData } from "./VarsSourceCollectionNode";
 import { DeploymentItemIncludeNodeData } from "./DeploymentItemIncludeNode";
-import { CommandResultProps } from "../CommandResultView";
 import { DeletedOrOrphanObjectsCollectionNode } from "./DeletedOrOrphanObjectsCollectionNode";
 
 export class NodeBuilder {
-    private props: CommandResultProps
+    private commandResult: CommandResult
     private changedObjectsMap: Map<string, ResultObject> = new Map()
     private newObjectsMap: Map<string, ObjectRef> = new Map()
     private orphanObjectsMap: Map<string, ObjectRef> = new Map()
@@ -25,10 +25,10 @@ export class NodeBuilder {
     private errorsMap: Map<string, DeploymentError[]> = new Map()
     private warningsMap: Map<string, DeploymentError[]> = new Map()
 
-    constructor(props: CommandResultProps) {
-        this.props = props
+    constructor(commandResult: CommandResult) {
+        this.commandResult = commandResult
 
-        props.commandResult.objects?.forEach(o => {
+        commandResult.objects?.forEach(o => {
             const key = buildObjectRefKey(o.ref)
             if (o.changes?.length) {
                 this.changedObjectsMap.set(key, o)
@@ -43,7 +43,7 @@ export class NodeBuilder {
                 this.deletedObjectsMap.set(key, o.ref)
             }
         })
-        props.commandResult.errors?.forEach(e => {
+        commandResult.errors?.forEach(e => {
             const key = buildObjectRefKey(e.ref)
             let l = this.errorsMap.get(key)
             if (!l) {
@@ -53,7 +53,7 @@ export class NodeBuilder {
                 l.push(e)
             }
         })
-        props.commandResult.warnings?.forEach(e => {
+        commandResult.warnings?.forEach(e => {
             const key = buildObjectRefKey(e.ref)
             let l = this.warningsMap.get(key)
             if (!l) {
@@ -66,10 +66,10 @@ export class NodeBuilder {
     }
 
     buildRoot(): [CommandResultNodeData, Map<string, NodeData>] {
-        const rootNode = new CommandResultNodeData(this.props, "root")
+        const rootNode = new CommandResultNodeData(this.commandResult, "root")
 
-        if (this.props.commandResult.deployment) {
-            this.buildDeploymentProjectChildren(rootNode, this.props.commandResult.deployment)
+        if (this.commandResult.deployment) {
+            this.buildDeploymentProjectChildren(rootNode, this.commandResult.deployment)
         }
 
         if (this.deletedObjectsMap.size) {
@@ -106,7 +106,7 @@ export class NodeBuilder {
         }
 
         const newId = `${parentNode.id}/(vars)`
-        const node = new VarsSourceCollectionNodeData(this.props, newId)
+        const node = new VarsSourceCollectionNodeData(this.commandResult, newId)
         node.varsSources.push(...varsSources)
 
         varsSources.forEach((vs, i) => {
@@ -120,7 +120,7 @@ export class NodeBuilder {
 
     buildVarsSourceNode(parentNode: NodeData, varsSource: VarsSource, index: number): VarsSourceNodeData {
         const newId = `${parentNode.id}/${index}}`
-        const node = new VarsSourceNodeData(this.props, newId, varsSource)
+        const node = new VarsSourceNodeData(this.commandResult, newId, varsSource)
         parentNode.pushChild(node)
         return node
     }
@@ -129,13 +129,13 @@ export class NodeBuilder {
         let node: NodeData | undefined
         const newId = `${parentNode.id}/(dis)/${index}`
         if (deploymentItem.path) {
-            node = new DeploymentItemNodeData(this.props, newId, deploymentItem)
+            node = new DeploymentItemNodeData(this.commandResult, newId, deploymentItem)
             this.buildVarsSourceCollectionNode(node, deploymentItem.vars)
             deploymentItem.renderedObjects?.forEach(renderedObject => {
                 this.buildObjectNode(node!, renderedObject)
             })
         } else if (deploymentItem.include || deploymentItem.git) {
-            node = new DeploymentItemIncludeNodeData(this.props, newId, deploymentItem, deploymentItem.renderedInclude!)
+            node = new DeploymentItemIncludeNodeData(this.commandResult, newId, deploymentItem, deploymentItem.renderedInclude!)
             this.buildVarsSourceCollectionNode(node, deploymentItem.vars)
             if (deploymentItem.renderedInclude) {
                 this.buildDeploymentProjectChildren(node, deploymentItem.renderedInclude)
@@ -151,7 +151,7 @@ export class NodeBuilder {
 
     buildObjectNode(parentNode: NodeData, objectRef: ObjectRef): ObjectNodeData {
         const newId = `${parentNode.id}/(obj)/${buildObjectRefKey(objectRef)}`
-        const node = new ObjectNodeData(this.props, newId, objectRef)
+        const node = new ObjectNodeData(this.commandResult, newId, objectRef)
 
         const key = buildObjectRefKey(objectRef)
         if (this.changedObjectsMap.has(key)) {
@@ -182,7 +182,7 @@ export class NodeBuilder {
     buildDeletedOrOrphanNode(parentNode: NodeData, deleted: boolean, refs: ObjectRef[]): DeletedOrOrphanObjectsCollectionNode {
         const idType = deleted ? "deleted" : "orphaned"
         const newId = `${parentNode.id}/(${idType})`
-        const node = new DeletedOrOrphanObjectsCollectionNode(this.props, newId, deleted)
+        const node = new DeletedOrOrphanObjectsCollectionNode(this.commandResult, newId, deleted)
         refs.forEach(ref => {
             this.buildObjectNode(node, ref)
         })
diff --git a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
similarity index 91%
rename from pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index 1b1715c1d..d8efbb4c3 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -1,13 +1,13 @@
-import { ChangedObject, DeploymentError, ObjectRef, ResultObject } from "../../../models";
+import { ChangedObject, CommandResult, DeploymentError, ObjectRef, ResultObject } from "../../../models";
 import React from "react";
 import { Box, Divider, Typography } from "@mui/material";
-import { CommandResultProps } from "../CommandResultView";
 import { ChangesTable } from "../ChangesTable";
 import { ErrorsTable } from "../../ErrorsTable";
 import { ObjectType, User } from "../../../api";
 import { ObjectYaml } from "../../ObjectYaml";
 import { StatusLine } from "../CommandResultStatusLine";
 import { SidePanelProvider, SidePanelTab } from "../SidePanel";
+import { AppContextProps } from "../../App";
 
 export class DiffStatus {
     newObjects: ObjectRef[] = [];
@@ -69,7 +69,7 @@ export class HealthStatus {
 }
 
 export abstract class NodeData implements SidePanelProvider {
-    props: CommandResultProps
+    commandResult: CommandResult
 
     id: string
     children: NodeData[] = []
@@ -77,8 +77,8 @@ export abstract class NodeData implements SidePanelProvider {
     healthStatus?: HealthStatus;
     diffStatus?: DiffStatus;
 
-    protected constructor(props: CommandResultProps, id: string, hasHealthStatus: boolean, hasDiffStatus: boolean) {
-        this.props = props
+    protected constructor(commandResult: CommandResult, id: string, hasHealthStatus: boolean, hasDiffStatus: boolean) {
+        this.commandResult = commandResult
         this.id = id
         if (hasHealthStatus) {
             this.healthStatus = new HealthStatus()
@@ -108,7 +108,7 @@ export abstract class NodeData implements SidePanelProvider {
 
     abstract buildSidePanelTitle(): React.ReactNode
 
-    abstract buildIcon(): [React.ReactNode, string]
+    abstract buildIcon(appContext: AppContextProps): [React.ReactNode, string]
 
     abstract buildSidePanelTabs(user: User): SidePanelTab[]
 
@@ -123,8 +123,8 @@ export abstract class NodeData implements SidePanelProvider {
         />
     }
 
-    buildTreeItem(hasChildren?: boolean): React.ReactNode {
-        const [icon, iconText] = this.buildIcon();
+    buildTreeItem(appContext: AppContextProps, hasChildren: boolean): React.ReactNode {
+        const [icon, iconText] = this.buildIcon(appContext);
 
         const hasStatusLine = [
             this.healthStatus?.errors.length,
@@ -213,7 +213,7 @@ export abstract class NodeData implements SidePanelProvider {
     }
 
     buildObjectPage(ref: ObjectRef, objectType: ObjectType): React.ReactNode {
-        return <ObjectYaml treeProps={this.props} objectRef={ref} objectType={objectType} />
+        return <ObjectYaml cr={this.commandResult} objectRef={ref} objectType={objectType} />
     }
 
     buildChangesPage(tabs: { label: string, content: React.ReactNode }[]) {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
similarity index 80%
rename from pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
index ed1b38103..734ac3f37 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
@@ -1,13 +1,13 @@
 import React from 'react';
 
-import { ObjectRef } from "../../../models";
+import { CommandResult, ObjectRef } from "../../../models";
 import { NodeData } from "./NodeData";
 import { PublishedWithChanges, Settings, SettingsEthernet, SmartToy, SvgIconComponent } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
 import { findObjectByRef, ObjectType, User } from "../../../api";
-import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
 import { BracketsCurlyIcon } from '../../../icons/Icons';
+import { AppContextProps } from "../../App";
 
 const kindMapping: { [key: string]: { icon: SvgIconComponent } } = {
     "/ConfigMap": { icon: Settings },
@@ -19,8 +19,8 @@ const kindMapping: { [key: string]: { icon: SvgIconComponent } } = {
 export class ObjectNodeData extends NodeData {
     objectRef: ObjectRef
 
-    constructor(props: CommandResultProps, id: string, objectRef: ObjectRef) {
-        super(props, id, true, true);
+    constructor(commandResult: CommandResult, id: string, objectRef: ObjectRef) {
+        super(commandResult, id, true, true);
         this.objectRef = objectRef
     }
 
@@ -28,8 +28,8 @@ export class ObjectNodeData extends NodeData {
         return this.objectRef.name
     }
 
-    buildIcon(): [React.ReactNode, string] {
-        const sn = this.props.shortNames.find(sn => sn.group === this.objectRef.group && sn.kind === this.objectRef.kind)
+    buildIcon(appContext: AppContextProps): [React.ReactNode, string] {
+        const sn = appContext.shortNames.find(sn => sn.group === this.objectRef.group && sn.kind === this.objectRef.kind)
         const snStr = sn?.shortName || ""
 
         const m = kindMapping[this.objectRef.group + "/" + this.objectRef.kind]
@@ -47,15 +47,15 @@ export class ObjectNodeData extends NodeData {
 
         this.buildDiffAndHealthPages(tabs)
 
-        if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.rendered) {
+        if (findObjectByRef(this.commandResult.objects, this.objectRef)?.rendered) {
             tabs.push({ label: "Rendered", content: this.buildObjectPage(this.objectRef, ObjectType.Rendered) })
         }
 
         if (user?.isAdmin) {
-            if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.remote) {
+            if (findObjectByRef(this.commandResult.objects, this.objectRef)?.remote) {
                 tabs.push({ label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote) })
             }
-            if (findObjectByRef(this.props.commandResult.objects, this.objectRef)?.applied) {
+            if (findObjectByRef(this.commandResult.objects, this.objectRef)?.applied) {
                 tabs.push({ label: "Applied", content: this.buildObjectPage(this.objectRef, ObjectType.Applied) })
             }
         }
@@ -78,7 +78,7 @@ export class ObjectNodeData extends NodeData {
             props.push({ name: "Namespace", value: this.objectRef.namespace })
         }
 
-        const o = findObjectByRef(this.props.commandResult.objects, this.objectRef)
+        const o = findObjectByRef(this.commandResult.objects, this.objectRef)
         const annotations: { [key: string]: string } = o?.rendered?.metadata.annotations
         if (annotations) {
             Object.keys(annotations).forEach(k => {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
similarity index 73%
rename from pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
index dfa9b5e4d..65d79464f 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceCollectionNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
@@ -1,15 +1,14 @@
-import { VarsSource } from "../../../models";
+import { CommandResult, VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
-import { CommandResultProps } from "../CommandResultView";
 import { SidePanelTab } from "../SidePanel";
 import { BracketsSquareIcon } from "../../../icons/Icons";
 
 export class VarsSourceCollectionNodeData extends NodeData {
     varsSources: VarsSource[] = []
 
-    constructor(props: CommandResultProps, id: string) {
-        super(props, id, false, false);
+    constructor(commandResult: CommandResult, id: string) {
+        super(commandResult, id, false, false);
     }
 
     buildSidePanelTitle(): React.ReactNode {
diff --git a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
similarity index 93%
rename from pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
rename to pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index 83b1085ea..28428256d 100644
--- a/pkg/webui/ui/src/components/result-view/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -1,4 +1,4 @@
-import { VarsSource } from "../../../models";
+import { CommandResult, VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
 import { Category, Cloud, Dvr, Http, Lock, Settings } from "@mui/icons-material";
@@ -6,7 +6,6 @@ import { FileIcon, GitIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
 import { Alert, Box } from "@mui/material";
-import { CommandResultProps } from "../CommandResultView";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
@@ -25,8 +24,8 @@ export class VarsSourceNodeData extends NodeData {
     labelsYaml?: string
     renderedVarsYaml: string
 
-    constructor(props: CommandResultProps, id: string, varsSource: VarsSource) {
-        super(props, id, false, false);
+    constructor(commandResult: CommandResult, id: string, varsSource: VarsSource) {
+        super(commandResult, id, false, false);
         this.varsSource = varsSource
 
         let labels = this.varsSource.clusterConfigMap?.labels
@@ -232,16 +231,9 @@ export class VarsSourceNodeData extends NodeData {
             {redactedWarning && <Alert severity="error">Only admins can view sensitive vars!</Alert>}
             {sensitiveWarning && <Alert severity="warning">Warning, the following vars are marked as sensitive!</Alert>}
 
-            {!redactedWarning && <Box sx={{
-                overflowY: 'scroll', // Enable vertical scrolling
-                //maxHeight: '400px', // Set a fixed height
-                border: '1px solid #ccc', // Optional border
-                padding: '10px', // Optional padding
-            }}>
-                <pre>
-                    <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
-                </pre>
-            </Box>
+            {!redactedWarning &&
+                <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
+
             }
         </Box>
     }
diff --git a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx b/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
deleted file mode 100644
index c240af18d..000000000
--- a/pkg/webui/ui/src/components/result-view/CommandResultView.tsx
+++ /dev/null
@@ -1,89 +0,0 @@
-import * as React from 'react';
-import { useContext, useState } from 'react';
-import { Box, Drawer, ThemeProvider } from "@mui/material";
-import { CommandResult, ShortName } from "../../models";
-import { NodeData } from "./nodes/NodeData";
-import { SidePanel } from "./SidePanel";
-import CommandResultTree from "./CommandResultTree";
-import { useParams } from "react-router-dom";
-import { ApiContext, AppContext, useAppOutletContext } from "../App";
-import { dark } from '../theme';
-import { Api } from "../../api";
-import { Loading, useLoadingHelper } from "../Loading";
-import { CardPaper } from '../targets-view/Card';
-import { ErrorMessage } from '../ErrorMessage';
-
-export interface CommandResultProps {
-    shortNames: ShortName[]
-    commandResult: CommandResult
-}
-
-async function doLoadCommandResult(api: Api, resultId: string, shortNames: ShortName[]): Promise<CommandResultProps> {
-    return {
-        shortNames,
-        commandResult: await api.getCommandResult(resultId),
-    }
-}
-
-function DetailsDrawer(props: { nodeData?: NodeData, onClose?: () => void }) {
-    return <ThemeProvider theme={dark}>
-        <Drawer
-            sx={{ zIndex: 1300 }}
-            anchor={"right"}
-            open={props.nodeData !== undefined}
-            onClose={props.onClose}
-            ModalProps={{ BackdropProps: { invisible: true } }}
-        >
-            <Box width={"720px"} height={"100%"}>
-                <SidePanel provider={props.nodeData} onClose={props.onClose} />
-            </Box>
-        </Drawer>
-    </ThemeProvider>;
-}
-
-export const CommandResultView = () => {
-    const context = useAppOutletContext();
-    const api = useContext(ApiContext);
-    const appContext = useContext(AppContext);
-    const [sidePanelNode, setSidePanelNode] = useState<NodeData | undefined>();
-
-    const { id } = useParams()
-    const [loading, loadingError, commandResultProps] = useLoadingHelper<CommandResultProps | undefined>(() => {
-        if (!id) {
-            return Promise.resolve(undefined)
-        }
-        return doLoadCommandResult(api, id, appContext.shortNames)
-    }, [id])
-
-    if (loading) {
-        return <Loading />
-    } else if (loadingError) {
-        return <Box p='25px 40px' height='100%' overflow='hidden'>
-            <CardPaper>
-                <ErrorMessage>
-                    {loadingError.message}
-                </ErrorMessage>
-            </CardPaper>
-        </Box>
-    }
-
-    return <Box
-        width='100%'
-        height='100%'
-        display='flex'
-        flexDirection='column'
-        overflow='hidden'
-    >
-        <DetailsDrawer
-            nodeData={sidePanelNode}
-            onClose={() => setSidePanelNode(undefined)}
-        />
-        <Box p='25px 40px' overflow='auto'>
-            <CommandResultTree
-                commandResultProps={commandResultProps}
-                onSelectNode={setSidePanelNode}
-                activeFilters={context.filters}
-            />
-        </Box>
-    </Box>
-}
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/targets-view/Card.tsx
index e9ba4302d..9e44aa586 100644
--- a/pkg/webui/ui/src/components/targets-view/Card.tsx
+++ b/pkg/webui/ui/src/components/targets-view/Card.tsx
@@ -1,7 +1,7 @@
 import React from "react";
 import { Box, BoxProps, Divider, IconButton, Paper, PaperProps, Tab, Tooltip } from "@mui/material"
 import { CloseLightIcon } from "../../icons/Icons";
-import { SidePanelProvider, useSidePanelTabs } from "../result-view/SidePanel";
+import { SidePanelProvider, useSidePanelTabs } from "../command-result/SidePanel";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { ScrollingTextLine } from "../ScrollingTextLine";
 
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
index c088be77e..cf2008c9f 100644
--- a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
+++ b/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
@@ -6,7 +6,7 @@ import { Transition, TransitionStatus } from "react-transition-group";
 const transitionTime = 200
 const arrowButtonWidth = 80;
 const arrowButtonHeight = 50;
-const expandedZIndex = 1300; // same as MUI modals
+export const expandedZIndex = 1300; // same as MUI modals
 
 const ArrowButton = React.memo((props: {
     direction: 'left' | 'right',
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 9f462435e..519a19384 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -23,7 +23,7 @@ import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { ApiContext, UserContext } from "../App";
 import { CardBody, CardTemplate } from "./Card";
-import { SidePanelProvider, SidePanelTab } from "../result-view/SidePanel";
+import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 5237c25ec..448c5fe1f 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -9,8 +9,8 @@ import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./C
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "./ExpandableCard";
-import { useLocation, useNavigate } from "react-router-dom";
-import { CommandResultCard } from "./CommandResultCard";
+import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
+import { CommandResultCard } from "../command-result/CommandResultCard";
 
 const colWidth = 416;
 const curveRadius = 12;
@@ -177,20 +177,33 @@ function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment
 export const TargetsView = () => {
     const navigate = useNavigate();
     const loc = useLocation();
+    const [searchParams] = useSearchParams()
     const appContext = useContext(AppContext);
     const projects = appContext.projects;
 
+    const fullResultStr = searchParams.get("full")
+    const fullResult = fullResultStr === "" || fullResultStr === "1"
+
     const onSelectTargetItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
         navigate(`/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`);
     }, [navigate]);
 
-    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary, rs?: CommandResultSummary) => {
+    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary | undefined, forceFull: boolean | undefined) => {
         let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}/results`
         if (rs) {
             p += "/" + rs.id
+            let full = false
+            if (forceFull !== undefined) {
+                full = forceFull
+            } else {
+                full = fullResult
+            }
+            if (full) {
+                p += "?full=1"
+            }
         }
         navigate(p);
-    }, [navigate]);
+    }, [navigate, fullResult]);
 
     const onCardClose = useCallback(() => {
         navigate(`/targets/`);
@@ -229,6 +242,7 @@ export const TargetsView = () => {
         }
     }
 
+
     return <Box minWidth={colWidth * 3} height={"100%"} p='0 40px'>
         <Box display={"flex"} alignItems={"center"} height='70px'>
             <ColHeader>Projects</ColHeader>
@@ -294,12 +308,14 @@ export const TargetsView = () => {
                                             cardWidth={cardWidth}
                                             cardHeight={cardHeight}
                                             expand={expandedResults && selectedTargetKey === tsKey}
-                                            onExpand={() => onSelectCommandResultItem(ps, ts)}
+                                            onExpand={() => {
+                                                onSelectCommandResultItem(ps, ts, rs, false)
+                                            }}
                                             onClose={() => {
                                                 onCardClose()
                                             }}
                                             onSelect={cd => {
-                                                onSelectCommandResultItem(ps, ts, cd)
+                                                onSelectCommandResultItem(ps, ts, cd, false)
                                             }}
                                             selected={expandedResultId}
                                             cardsData={ts.commandResults}
@@ -310,12 +326,15 @@ export const TargetsView = () => {
                                                     ps={ps}
                                                     ts={ts}
                                                     rs={cardData}
-                                                    showSummary={true}
+                                                    showSummary={!fullResult}
                                                     expanded={expanded}
                                                     loadData={current}
                                                     onClose={() => {
                                                         onCardClose()
                                                     }}
+                                                    onSwitchFullCommandResult={() => {
+                                                        onSelectCommandResultItem(ps, ts, cardData, !fullResult)
+                                                    }}
                                                 />
                                             }}/>
                                         : <CardPaper

From d02f45b901700d335261315f8eb609fbcf40ad9f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 15:18:05 +0200
Subject: [PATCH 1459/2268] fix: Omit kubeConfig and args when empty

---
 api/v1beta1/kluctldeployment_types.go | 4 ++--
 api/v1beta1/zz_generated.deepcopy.go  | 6 +++++-
 e2e/gitops_test.go                    | 2 +-
 pkg/controllers/kluctl_project.go     | 9 ++++++---
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 28a407399..bbccbf1fe 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -101,7 +101,7 @@ type KluctlDeploymentSpec struct {
 	// Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
 	// the context found in the kluctl target. As an alternative, specify the context to be used via 'context'
 	// +optional
-	KubeConfig *KubeConfig `json:"kubeConfig"`
+	KubeConfig *KubeConfig `json:"kubeConfig,omitempty"`
 
 	// Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
 	// context. Use 'TargetName' and 'Context' to specify the name and context in that case.
@@ -124,7 +124,7 @@ type KluctlDeploymentSpec struct {
 	// Args specifies dynamic target args.
 	// +optional
 	// +kubebuilder:pruning:PreserveUnknownFields
-	Args runtime.RawExtension `json:"args,omitempty"`
+	Args *runtime.RawExtension `json:"args,omitempty"`
 
 	// Images contains a list of fixed image overrides.
 	// Equivalent to using '--fixed-images-file' when calling kluctl.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index f1f1237ec..ef63432b6 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -194,7 +194,11 @@ func (in *KluctlDeploymentSpec) DeepCopyInto(out *KluctlDeploymentSpec) {
 		*out = new(string)
 		**out = **in
 	}
-	in.Args.DeepCopyInto(&out.Args)
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Images != nil {
 		in, out := &in.Images, &out.Images
 		*out = make([]types.FixedImage, len(*in))
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 82ed7b902..ddc9fa2f1 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -176,7 +176,7 @@ func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject
 			Interval: metav1.Duration{Duration: interval},
 			Timeout:  &metav1.Duration{Duration: timeout},
 			Target:   &target,
-			Args: runtime.RawExtension{
+			Args: &runtime.RawExtension{
 				Raw: jargs,
 			},
 			Source: kluctlv1.ProjectSource{
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index bbf299b74..b917c5cf2 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -572,9 +572,12 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 		}
 	}
 
-	externalArgs, err := uo.FromString(string(pt.pp.obj.Spec.Args.Raw))
-	if err != nil {
-		return nil, err
+	var externalArgs *uo.UnstructuredObject
+	if pt.pp.obj.Spec.Args != nil {
+		externalArgs, err = uo.FromString(string(pt.pp.obj.Spec.Args.Raw))
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{

From 90ff6b8cdf0bdfdafbaed5b58a5b868ce2ff0dbf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 15:18:28 +0200
Subject: [PATCH 1460/2268] fix: Set kind/apiVersion on watched
 KluctlDeployments

---
 pkg/results/result-store-secrets.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index a2097048a..8ea65aa9d 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -808,6 +808,8 @@ func (s *ResultStoreSecrets) WatchKluctlDeployments() (<-chan WatchKluctlDeploym
 		if o == nil {
 			return nil
 		}
+		o.Kind = kluctlv1.KluctlDeploymentKind
+		o.APIVersion = kluctlv1.GroupVersion.String()
 		return &WatchKluctlDeploymentEvent{
 			Deployment: o,
 			ClusterId:  s.clusterId,

From db1a1fd7dac1f5203f8adad72c84ff5d0bb0b656 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 15:19:04 +0200
Subject: [PATCH 1461/2268] feat: Show KluctlDeployment tab in expanded target
 card

---
 .../ui/src/components/K8sManifestViewer.tsx   | 39 +++++++++++++++++++
 pkg/webui/ui/src/components/ObjectYaml.tsx    | 30 --------------
 pkg/webui/ui/src/components/YamlViewer.tsx    | 19 +++++++++
 .../command-result/CommandResultCard.tsx      | 10 ++---
 .../nodes/CommandResultNode.tsx               | 19 ++-------
 .../command-result/nodes/NodeData.tsx         |  4 +-
 .../components/targets-view/TargetItem.tsx    | 15 ++++++-
 .../components/targets-view/TargetsView.tsx   |  2 +-
 8 files changed, 81 insertions(+), 57 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/K8sManifestViewer.tsx
 delete mode 100644 pkg/webui/ui/src/components/ObjectYaml.tsx
 create mode 100644 pkg/webui/ui/src/components/YamlViewer.tsx

diff --git a/pkg/webui/ui/src/components/K8sManifestViewer.tsx b/pkg/webui/ui/src/components/K8sManifestViewer.tsx
new file mode 100644
index 000000000..abc76cb9b
--- /dev/null
+++ b/pkg/webui/ui/src/components/K8sManifestViewer.tsx
@@ -0,0 +1,39 @@
+import { useYaml, YamlViewer } from "./YamlViewer";
+import React, { useMemo, useState } from "react";
+import * as yaml from 'js-yaml';
+import { Box, Checkbox, FormControlLabel } from "@mui/material";
+
+export const K8sManifestViewer = (props: {obj: any, initialShowManagedFields?: boolean, initialShowStatus?: boolean}) => {
+    const y = useYaml(props.obj)
+
+    const initialShowManagedFields = props.initialShowManagedFields !== undefined ? props.initialShowManagedFields : false
+    const initialShowStatus = props.initialShowStatus !== undefined ? props.initialShowStatus : true
+
+    const [showManagedFields, setShowManagedFields] = useState(initialShowManagedFields)
+    const [showStatus, setShowStatus] = useState(initialShowStatus)
+
+    const [filtered, hasManagedFields, hasStatus] = useMemo(() => {
+        const o = yaml.load(y) as any
+        let hasManagedFields = false
+        let hasStatus = false
+        if (o.metadata.managedFields) {
+            hasManagedFields = true
+            if (!showManagedFields) {
+                delete (o.metadata["managedFields"])
+            }
+        }
+        if (o.status) {
+            hasStatus = true
+            if (!showStatus) {
+                delete (o["status"])
+            }
+        }
+        return [yaml.dump(o), hasManagedFields, hasStatus]
+    }, [y, showManagedFields, showStatus])
+
+    return <Box width={"100%"}>
+        {hasManagedFields && <FormControlLabel control={<Checkbox defaultChecked={initialShowManagedFields} onChange={e => setShowManagedFields(e.target.checked)} />} label="Show Managed Fields" />}
+        {hasStatus && <FormControlLabel control={<Checkbox defaultChecked={initialShowStatus} onChange={e => setShowStatus(e.target.checked)} />} label="Show Status" />}
+        <YamlViewer obj={filtered}/>
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/ObjectYaml.tsx b/pkg/webui/ui/src/components/ObjectYaml.tsx
deleted file mode 100644
index cf7e7949e..000000000
--- a/pkg/webui/ui/src/components/ObjectYaml.tsx
+++ /dev/null
@@ -1,30 +0,0 @@
-import { CommandResult, ObjectRef } from "../models";
-import { ObjectType } from "../api";
-import React, { useContext } from "react";
-import { CodeViewer } from "./CodeViewer";
-
-import { Loading, useLoadingHelper } from "./Loading";
-import { ApiContext } from "./App";
-import * as yaml from 'js-yaml';
-import { ErrorMessage } from "./ErrorMessage";
-import { Box } from "@mui/material";
-
-export const ObjectYaml = (props: { cr: CommandResult, objectRef: ObjectRef, objectType: ObjectType }) => {
-    const api = useContext(ApiContext)
-    const [loading, error, content] = useLoadingHelper<string>(async () => {
-        const o = await api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
-        return yaml.dump(o)
-    }, [props.cr.id, props.objectRef, props.objectType])
-
-    if (loading) {
-        return <Box width={"100%"}>
-            <Loading />
-        </Box>
-    } else if (error) {
-        return <ErrorMessage>
-            {error.message}
-        </ErrorMessage>
-    } else {
-        return <CodeViewer code={content!} language={"yaml"} />
-    }
-}
diff --git a/pkg/webui/ui/src/components/YamlViewer.tsx b/pkg/webui/ui/src/components/YamlViewer.tsx
new file mode 100644
index 000000000..490cdc8de
--- /dev/null
+++ b/pkg/webui/ui/src/components/YamlViewer.tsx
@@ -0,0 +1,19 @@
+import React, { useMemo } from "react";
+import * as yaml from 'js-yaml';
+import { CodeViewer } from "./CodeViewer";
+
+export const useYaml = (obj: any) => {
+    const y = useMemo(() => {
+        if (typeof obj === "string") {
+            return obj
+        }
+        return yaml.dump(obj)
+    }, [obj])
+    return y
+}
+
+export const YamlViewer = (props: {obj: any}) => {
+    const y = useYaml(props.obj)
+
+    return <CodeViewer code={y} language={"yaml"}/>
+}
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 10614509b..a8fb27117 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -1,11 +1,9 @@
-import React, { useContext, useMemo } from "react";
+import React, { useContext } from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CommandResultSummary, ShortName } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
-import * as yaml from "js-yaml";
-import { CodeViewer } from "../CodeViewer";
 import { CardTemplate } from "../targets-view/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
@@ -14,6 +12,7 @@ import { Api } from "../../api";
 import { CommandResultBody } from "./CommandResultView";
 import { NodeBuilder } from "./nodes/NodeBuilder";
 import { CommandResultStatusLine } from "./CommandResultStatusLine";
+import { YamlViewer } from "../YamlViewer";
 
 export async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
     const r = await api.getCommandResult(rs.id);
@@ -130,10 +129,7 @@ export const CommandResultCard = React.memo(React.forwardRef((
             break
     }
 
-    const iconTooltip = useMemo(() => {
-        const cmdInfoYaml = yaml.dump(props.rs.commandInfo);
-        return <CodeViewer code={cmdInfoYaml} language={"yaml"} />
-    }, [props.rs.commandInfo]);
+    const iconTooltip = <YamlViewer obj={props.rs.commandInfo}/>
 
     let body: React.ReactElement | undefined
     if (props.expanded) {
diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index 5c88a5cf7..f0c8ca9db 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -2,23 +2,16 @@ import React from 'react';
 
 import { NodeData } from "./NodeData";
 import { PropertiesTable } from "../../PropertiesTable";
-import { CodeViewer } from "../../CodeViewer";
 
-import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
 import { DeployIcon } from '../../../icons/Icons';
 import { LogsViewer } from "../../LogsViewer";
 import { CommandResult } from "../../../models";
+import { YamlViewer } from "../../YamlViewer";
 
 export class CommandResultNodeData extends NodeData {
-    dumpedTargetYaml?: string
-
     constructor(commandResult: CommandResult, id: string) {
         super(commandResult, id, true, true);
-
-        if (this.commandResult.command?.target) {
-            this.dumpedTargetYaml = yaml.dump(this.commandResult.command.target)
-        }
     }
 
     buildSidePanelTitle(): React.ReactNode {
@@ -31,14 +24,10 @@ export class CommandResultNodeData extends NodeData {
 
     buildSidePanelTabs(): SidePanelTab[] {
         const tabs = [
-            {label: "Summary", content: this.buildSummaryPage()}
+            {label: "Summary", content: this.buildSummaryPage()},
+            {label: "Target", content: this.buildTargetPage()},
         ]
 
-        if (this.dumpedTargetYaml) {
-            const page = this.buildTargetPage()
-            tabs.push({label: "Target", content: page})
-        }
-
         this.buildDiffAndHealthPages(tabs)
 
         tabs.push({label: "Logs", content: <LogsViewer
@@ -61,6 +50,6 @@ export class CommandResultNodeData extends NodeData {
     }
 
     buildTargetPage(): React.ReactNode {
-        return <CodeViewer code={this.dumpedTargetYaml!} language={"yaml"}/>
+        return <YamlViewer obj={this.commandResult.target} />
     }
 }
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index d8efbb4c3..687bf22e2 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -4,7 +4,7 @@ import { Box, Divider, Typography } from "@mui/material";
 import { ChangesTable } from "../ChangesTable";
 import { ErrorsTable } from "../../ErrorsTable";
 import { ObjectType, User } from "../../../api";
-import { ObjectYaml } from "../../ObjectYaml";
+import { ResultObjectViewer } from "../../ResultObjectViewer";
 import { StatusLine } from "../CommandResultStatusLine";
 import { SidePanelProvider, SidePanelTab } from "../SidePanel";
 import { AppContextProps } from "../../App";
@@ -213,7 +213,7 @@ export abstract class NodeData implements SidePanelProvider {
     }
 
     buildObjectPage(ref: ObjectRef, objectType: ObjectType): React.ReactNode {
-        return <ObjectYaml cr={this.commandResult} objectRef={ref} objectType={objectType} />
+        return <ResultObjectViewer cr={this.commandResult} objectRef={ref} objectType={objectType} />
     }
 
     buildChangesPage(tabs: { label: string, content: React.ReactNode }[]) {
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 519a19384..db6ba7878 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,7 +1,7 @@
 import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
-import React, { useContext } from "react";
+import React, { useContext, useState } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import {
     Approval,
@@ -31,6 +31,7 @@ import { ErrorMessage } from "../ErrorMessage";
 import { Since } from "../Since";
 import { ValidateResultsTable } from "../ValidateResultsTable";
 import { LogsViewer } from "../LogsViewer";
+import { K8sManifestViewer } from "../K8sManifestViewer";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -172,6 +173,7 @@ export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
 }) => {
     const api = useContext(ApiContext);
+    const [initialLoading, setInitialLoading] = useState(true)
 
     const [loading, error, vr] = useLoadingHelper<ValidateResult | undefined>(async () => {
         if (!props.ts.lastValidateResult) {
@@ -181,8 +183,10 @@ export const TargetItemBody = React.memo((props: {
         return o
     }, [props.ts.lastValidateResult?.id])
 
-    if (loading) {
+    if (initialLoading && loading) {
         return <Loading/>;
+    } else if (initialLoading) {
+        setInitialLoading(false)
     }
 
     if (error) {
@@ -362,6 +366,13 @@ class TargetItemCardProvider implements SidePanelProvider {
             { label: "Summary", content: this.buildSummaryTab() }
         ]
 
+        if (this.ts.kd?.deployment) {
+            tabs.push({
+                label: "KluctlDeployment",
+                content: <K8sManifestViewer obj={this.ts.kd.deployment} initialShowStatus={false}/>
+            })
+        }
+
         if (this.lastValidateResult?.results) {
             tabs.push({
                 label: "Validation Results",
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 448c5fe1f..66951554b 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -315,7 +315,7 @@ export const TargetsView = () => {
                                                 onCardClose()
                                             }}
                                             onSelect={cd => {
-                                                onSelectCommandResultItem(ps, ts, cd, false)
+                                                onSelectCommandResultItem(ps, ts, cd, fullResult)
                                             }}
                                             selected={expandedResultId}
                                             cardsData={ts.commandResults}

From 04e0ae6b5f137a172b7af79303056caedc5660ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 16:07:01 +0200
Subject: [PATCH 1462/2268] refactor: Unify loading of CommandResults

---
 pkg/webui/ui/src/components/App.tsx           |  2 +-
 pkg/webui/ui/src/components/Loading.tsx       | 15 +++--
 .../ui/src/components/ResultObjectViewer.tsx  |  2 +-
 .../command-result/CommandResultCard.tsx      | 46 ++++++++-----
 .../CommandResultSummaryView.tsx              | 67 +++----------------
 .../command-result/CommandResultView.tsx      | 67 +++----------------
 .../components/targets-view/TargetItem.tsx    |  2 +-
 .../components/targets-view/TargetsView.tsx   |  2 +-
 8 files changed, 62 insertions(+), 141 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 20632e37f..b38958b2e 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -126,7 +126,7 @@ const LoggedInApp = (props: { onLogout: () => void }) => {
         return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, filters)
     }, [commandResultSummaries, validateResultSummaries, kluctlDeployments, filters])
 
-    const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(
+    const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(true,
         () => api.getShortNames(),
         [api]
     );
diff --git a/pkg/webui/ui/src/components/Loading.tsx b/pkg/webui/ui/src/components/Loading.tsx
index 39827c478..df984f56d 100644
--- a/pkg/webui/ui/src/components/Loading.tsx
+++ b/pkg/webui/ui/src/components/Loading.tsx
@@ -15,15 +15,22 @@ export const Loading = () => {
     </Box>
 }
 
-export function useLoadingHelper<T>(load: () => Promise<T>, deps: DependencyList): [boolean, any, T | undefined] {
-    const [loading, setLoading] = useState(true)
+export function useLoadingHelper<T>(needLoad: boolean, load: () => Promise<T>, deps: DependencyList): [boolean, any, T | undefined] {
+    const [loading, setLoading] = useState(needLoad)
     const [error, setError] = useState<any>()
     const [content, setContent] = useState<T>()
 
+    const deps2 = [...deps, needLoad]
+
     useEffect(() => {
-        setLoading(true)
+        setLoading(needLoad)
         setContent(undefined)
         setError(undefined)
+
+        if (!needLoad) {
+            return
+        }
+
         const doStartLoading = async () => {
             try {
                 const c = await load()
@@ -36,7 +43,7 @@ export function useLoadingHelper<T>(load: () => Promise<T>, deps: DependencyList
         }
         doStartLoading()
         // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, deps)
+    }, deps2)
 
     return [loading, error, content]
 }
diff --git a/pkg/webui/ui/src/components/ResultObjectViewer.tsx b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
index 42b6d83a6..104db9abc 100644
--- a/pkg/webui/ui/src/components/ResultObjectViewer.tsx
+++ b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
@@ -11,7 +11,7 @@ import { K8sManifestViewer } from "./K8sManifestViewer";
 
 export const ResultObjectViewer = (props: { cr: CommandResult, objectRef: ObjectRef, objectType: ObjectType }) => {
     const api = useContext(ApiContext)
-    const [loading, error, content] = useLoadingHelper<string>(async () => {
+    const [loading, error, content] = useLoadingHelper<string>(true, async () => {
         const o = await api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
         return yaml.dump(o)
     }, [props.cr.id, props.objectRef, props.objectType])
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index a8fb27117..3a0941a09 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -1,6 +1,6 @@
 import React, { useContext } from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { CommandResultSummary, ShortName } from "../../models";
+import { CommandResult, CommandResultSummary } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
@@ -8,18 +8,11 @@ import { CardTemplate } from "../targets-view/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
 import { ApiContext, UserContext } from "../App";
-import { Api } from "../../api";
 import { CommandResultBody } from "./CommandResultView";
-import { NodeBuilder } from "./nodes/NodeBuilder";
 import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { YamlViewer } from "../YamlViewer";
-
-export async function doGetRootNode(api: Api, rs: CommandResultSummary, shortNames: ShortName[]) {
-    const r = await api.getCommandResult(rs.id);
-    const builder = new NodeBuilder(r)
-    const [node] = builder.buildRoot();
-    return node;
-}
+import { Loading, useLoadingHelper } from "../Loading";
+import { ErrorMessage } from "../ErrorMessage";
 
 const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
     const api = useContext(ApiContext)
@@ -88,12 +81,21 @@ export const CommandResultCard = React.memo(React.forwardRef((
         onSwitchFullCommandResult: () => void,
         sx?: SxProps<Theme>,
         showSummary: boolean,
-        expanded?: boolean,
-        loadData?: boolean,
+        expanded: boolean,
+        loadData: boolean,
         onClose?: () => void
     },
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
+    const api = useContext(ApiContext)
+
+    const [loading, error, cr] = useLoadingHelper<CommandResult | undefined>(props.loadData, async () => {
+        if (!props.loadData) {
+            return undefined
+        }
+        return await api.getCommandResult(props.rs.id)
+    }, [props.rs.id, props.loadData])
+
     let icon: React.ReactElement
     let cardGlow = false
     let header = props.rs.commandInfo?.command
@@ -132,11 +134,21 @@ export const CommandResultCard = React.memo(React.forwardRef((
     const iconTooltip = <YamlViewer obj={props.rs.commandInfo}/>
 
     let body: React.ReactElement | undefined
-    if (props.expanded) {
-        if (props.showSummary) {
-            body = <CommandResultSummaryBody rs={props.rs} loadData={props.loadData} />
-        } else {
-            body = <CommandResultBody rs={props.rs} loadData={props.loadData}/>
+    if (props.expanded && props.loadData) {
+        if (loading) {
+            body = <Box width={"100%"} height={"100%"}>
+                <Loading />
+            </Box>
+        } else if (error) {
+            body = <ErrorMessage>
+                {error.message}
+            </ErrorMessage>
+        } else if (cr) {
+            if (props.showSummary) {
+                body = <CommandResultSummaryBody cr={cr}/>
+            } else {
+                body = <CommandResultBody cr={cr}/>
+            }
         }
     }
 
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
index 1a35ec37b..2fca9e195 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
@@ -1,66 +1,17 @@
-import React, { useContext, useEffect, useState } from "react";
-import { CommandResultSummary } from "../../models";
+import React, { useMemo } from "react";
+import { CommandResult } from "../../models";
 import { CardBody } from "../targets-view/Card";
-import { ApiContext, AppContext } from "../App";
-import { Loading } from "../Loading";
-import { ErrorMessage } from "../ErrorMessage";
-import { doGetRootNode } from "./CommandResultCard";
-import { CommandResultNodeData } from "./nodes/CommandResultNode";
+import { NodeBuilder } from "./nodes/NodeBuilder";
 
 
 export const CommandResultSummaryBody = React.memo((props: {
-    rs: CommandResultSummary,
-    loadData?: boolean
+    cr: CommandResult,
 }) => {
-    const api = useContext(ApiContext);
-    const appContext = useContext(AppContext);
-
-    const [loading, setLoading] = useState(false);
-    const [error, setError] = useState<any>();
-    const [node, setNode] = useState<CommandResultNodeData>();
-    const [prevRsId, setPrevRsId] = useState<string>();
-
-    useEffect(() => {
-        let cancelled = false;
-        if (!props.loadData) {
-            return;
-        }
-
-        if (prevRsId === props.rs.id) {
-            return;
-        }
-
-        const doStartLoading = async () => {
-            try {
-                setLoading(true);
-                const n = await doGetRootNode(api, props.rs, appContext.shortNames);
-                if (cancelled) {
-                    return;
-                }
-                setNode(n);
-                setPrevRsId(props.rs.id);
-            } catch (error) {
-                setError(error);
-            }
-            setLoading(false);
-        };
-
-        doStartLoading();
-
-        return () => {
-            cancelled = true;
-        }
-    }, [api, appContext.shortNames, prevRsId, props.loadData, props.rs])
-
-    if (loading) {
-        return <Loading />;
-    }
-
-    if (error) {
-        return <ErrorMessage>
-            {error.message}
-        </ErrorMessage>;
-    }
+    const node = useMemo(() => {
+        const builder = new NodeBuilder(props.cr)
+        const [node] =  builder.buildRoot()
+        return node
+    }, [props.cr])
 
     if (!node) {
         return null;
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
index 2934cd252..8b076cfb9 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
@@ -1,70 +1,21 @@
-import React, { useContext, useEffect, useState } from "react";
-import { CommandResultSummary } from "../../models";
-import { ApiContext, AppContext } from "../App";
-import { Loading } from "../Loading";
-import { ErrorMessage } from "../ErrorMessage";
-import { doGetRootNode } from "./CommandResultCard";
+import React, { useMemo, useState } from "react";
+import { CommandResult } from "../../models";
 import { Box, Divider } from "@mui/material";
-import { CommandResultNodeData } from "./nodes/CommandResultNode";
 import { NodeData } from "./nodes/NodeData";
 import CommandResultTree from "./CommandResultTree";
 import { SidePanel } from "./SidePanel";
+import { NodeBuilder } from "./nodes/NodeBuilder";
 
 export const CommandResultBody = React.memo((props: {
-    rs: CommandResultSummary,
-    loadData?: boolean
+    cr: CommandResult,
 }) => {
-    const api = useContext(ApiContext);
-    const appContext = useContext(AppContext);
-
-    const [loading, setLoading] = useState(false);
-    const [error, setError] = useState<any>();
-    const [node, setNode] = useState<CommandResultNodeData>();
-    const [prevRsId, setPrevRsId] = useState<string>();
-
     const [selectedNode, setSelectedNode] = useState<NodeData | undefined>();
 
-    useEffect(() => {
-        let cancelled = false;
-        if (!props.loadData) {
-            return;
-        }
-
-        if (prevRsId === props.rs.id) {
-            return;
-        }
-
-        const doStartLoading = async () => {
-            try {
-                setLoading(true);
-                const n = await doGetRootNode(api, props.rs, appContext.shortNames);
-                if (cancelled) {
-                    return;
-                }
-                setNode(n);
-                setPrevRsId(props.rs.id);
-            } catch (error) {
-                setError(error);
-            }
-            setLoading(false);
-        };
-
-        doStartLoading();
-
-        return () => {
-            cancelled = true;
-        }
-    }, [api, appContext.shortNames, prevRsId, props.loadData, props.rs])
-
-    if (loading) {
-        return <Loading />;
-    }
-
-    if (error) {
-        return <ErrorMessage>
-            {error.message}
-        </ErrorMessage>;
-    }
+    const node = useMemo(() => {
+        const builder = new NodeBuilder(props.cr)
+        const [node] =  builder.buildRoot()
+        return node
+    }, [props.cr])
 
     if (!node) {
         return null;
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index db6ba7878..f838d2c85 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -175,7 +175,7 @@ export const TargetItemBody = React.memo((props: {
     const api = useContext(ApiContext);
     const [initialLoading, setInitialLoading] = useState(true)
 
-    const [loading, error, vr] = useLoadingHelper<ValidateResult | undefined>(async () => {
+    const [loading, error, vr] = useLoadingHelper<ValidateResult | undefined>(true, async () => {
         if (!props.ts.lastValidateResult) {
             return undefined
         }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 66951554b..0e567b35e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -328,7 +328,7 @@ export const TargetsView = () => {
                                                     rs={cardData}
                                                     showSummary={!fullResult}
                                                     expanded={expanded}
-                                                    loadData={current}
+                                                    loadData={expanded && current}
                                                     onClose={() => {
                                                         onCardClose()
                                                     }}

From 4c10574ae078bf228ff7070a74e5fbed6a6eb281 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 16:07:20 +0200
Subject: [PATCH 1463/2268] feat: Show source info for target

---
 .../ui/src/components/PropertiesTable.tsx     |  7 +++-
 .../components/targets-view/TargetItem.tsx    | 37 ++++++++++++++++---
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/pkg/webui/ui/src/components/PropertiesTable.tsx b/pkg/webui/ui/src/components/PropertiesTable.tsx
index 0f189fab6..54f78d7fb 100644
--- a/pkg/webui/ui/src/components/PropertiesTable.tsx
+++ b/pkg/webui/ui/src/components/PropertiesTable.tsx
@@ -6,7 +6,12 @@ import TableContainer from '@mui/material/TableContainer';
 import TableHead from '@mui/material/TableHead';
 import TableRow from '@mui/material/TableRow';
 
-export function PropertiesTable(props: {properties: {name: string, value: React.ReactNode}[]}) {
+export interface PropertiesEntry {
+    name: string
+    value: React.ReactNode
+}
+
+export function PropertiesTable(props: {properties: PropertiesEntry[]}) {
     return (
         <TableContainer>
             <Table>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index f838d2c85..36855ad60 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -25,13 +25,14 @@ import { ApiContext, UserContext } from "../App";
 import { CardBody, CardTemplate } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
-import { PropertiesTable } from "../PropertiesTable";
+import { PropertiesEntry, PropertiesTable } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { Since } from "../Since";
 import { ValidateResultsTable } from "../ValidateResultsTable";
 import { LogsViewer } from "../LogsViewer";
 import { K8sManifestViewer } from "../K8sManifestViewer";
+import { YamlViewer } from "../YamlViewer";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -402,11 +403,35 @@ class TargetItemCardProvider implements SidePanelProvider {
     }
 
     buildSummaryTab(): React.ReactNode {
-        const props = [
+        const d = this.ts?.kd?.deployment
+
+        const props: PropertiesEntry[] = [
             { name: "Target Name", value: this.getTargetName() },
             { name: "Discriminator", value: this.ts?.target.discriminator },
         ]
 
+        props.push({ name: "Source Url", value: d.spec.source.url })
+        if (d.spec.source.ref) {
+            let ref = ""
+            if (d.spec.source.ref.tag) {
+                ref = "tag " + d.spec.source.ref.tag
+            } else if (d.spec.source.ref.branch) {
+                ref = "branch " + d.spec.source.ref.branch
+            } else if (d.spec.source.ref.commit) {
+                ref = "commit " + d.spec.source.ref.commit
+            } else {
+                ref = JSON.stringify(d.spec.source.ref)
+            }
+            props.push({ name: "Source Ref", value: ref })
+        }
+        if (d.spec.source.path) {
+            props.push({ name: "Source Path", value: d.spec.source.path })
+        }
+
+        if (d.spec.args) {
+            props.push({ name: "Args", value: <YamlViewer obj={d.spec.args}/>})
+        }
+
         if (this.ts?.lastValidateResult) {
             props.push({ name: "Ready", value: this.ts?.lastValidateResult.ready + "" })
         }
@@ -418,17 +443,17 @@ class TargetItemCardProvider implements SidePanelProvider {
         }
 
         let errorHeader
-        if (this.ts?.kd?.deployment.status) {
-            if (this.ts.kd.deployment.status.lastPrepareError) {
+        if (d.status) {
+            if (d.status.lastPrepareError) {
                 errorHeader = <Alert severity="error">
                     The prepare step failed for this deployment. This usually means that your deployment is severely
                     broken and can't even be loaded.<br/>
-                    The error message is: <b>{this.ts.kd.deployment.status.lastPrepareError}</b>
+                    The error message is: <b>{d.status.lastPrepareError}</b>
                 </Alert>
             }
         }
 
-        return <Box>
+        return <Box flex={"1 1 auto"}>
             {errorHeader}
             <PropertiesTable properties={props}/>
         </Box>

From cda7823b4c33865ad027e2dfea8f6687b73c96b3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 16:35:18 +0200
Subject: [PATCH 1464/2268] feat: Add more info to command result summary and
 target card

---
 .../ui/src/components/PropertiesTable.tsx     | 11 +++
 .../nodes/CommandResultNode.tsx               | 45 ++++++++++-
 .../components/targets-view/TargetItem.tsx    | 74 +++++++++++--------
 pkg/webui/ui/src/utils/git.ts                 | 16 ++++
 4 files changed, 113 insertions(+), 33 deletions(-)
 create mode 100644 pkg/webui/ui/src/utils/git.ts

diff --git a/pkg/webui/ui/src/components/PropertiesTable.tsx b/pkg/webui/ui/src/components/PropertiesTable.tsx
index 54f78d7fb..6de2cb83a 100644
--- a/pkg/webui/ui/src/components/PropertiesTable.tsx
+++ b/pkg/webui/ui/src/components/PropertiesTable.tsx
@@ -11,6 +11,17 @@ export interface PropertiesEntry {
     value: React.ReactNode
 }
 
+export const pushProp = (props: PropertiesEntry[], name: string, v?: any, render?: () => React.ReactElement ) => {
+    if (!v) {
+        return
+    }
+    if (render) {
+        props.push({ name: name, value: render() })
+    } else {
+        props.push({ name: name, value: v + "" })
+    }
+}
+
 export function PropertiesTable(props: {properties: PropertiesEntry[]}) {
     return (
         <TableContainer>
diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index f0c8ca9db..f5501a597 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -1,13 +1,14 @@
 import React from 'react';
 
 import { NodeData } from "./NodeData";
-import { PropertiesTable } from "../../PropertiesTable";
+import { PropertiesEntry, PropertiesTable, pushProp } from "../../PropertiesTable";
 
 import { SidePanelTab } from "../SidePanel";
 import { DeployIcon } from '../../../icons/Icons';
 import { LogsViewer } from "../../LogsViewer";
 import { CommandResult } from "../../../models";
 import { YamlViewer } from "../../YamlViewer";
+import { gitRefToString } from "../../../utils/git";
 
 export class CommandResultNodeData extends NodeData {
     constructor(commandResult: CommandResult, id: string) {
@@ -39,11 +40,49 @@ export class CommandResultNodeData extends NodeData {
     }
 
     buildSummaryPage(): React.ReactNode {
-        const props = [
+        const props: PropertiesEntry[] = [
             {name: "Initiator", value: this.commandResult.command?.initiator},
-            {name: "Command", value: this.commandResult.command?.command},
         ]
 
+        let args = this.commandResult.command?.args
+        if (args && Object.keys(args).length === 0) {
+            args = undefined
+        }
+
+        pushProp(props, "Command", this.commandResult.command?.command)
+        pushProp(props, "Start Time", this.commandResult.command?.startTime)
+        pushProp(props, "End Time", this.commandResult.command?.endTime)
+        pushProp(props, "Target", this.commandResult.command?.target)
+        pushProp(props, "Target Name Override", this.commandResult.command?.targetNameOverride)
+        pushProp(props, "Context Override", this.commandResult.command?.contextOverride)
+        pushProp(props, "Args", args, () => <YamlViewer obj={args}/>)
+        pushProp(props, "Dry Run", this.commandResult.command?.dryRun)
+        pushProp(props, "No Wait", this.commandResult.command?.noWait)
+        pushProp(props, "Force Apply", this.commandResult.command?.forceApply)
+        pushProp(props, "Replace On Error", this.commandResult.command?.replaceOnError)
+        pushProp(props, "Force Replace On Error", this.commandResult.command?.forceReplaceOnError)
+        pushProp(props, "Abort On Error", this.commandResult.command?.abortOnError)
+        pushProp(props, "Include Tags", this.commandResult.command?.includeTags)
+        pushProp(props, "Exclude Tags", this.commandResult.command?.excludeTags)
+        pushProp(props, "Include Deployment Dirs", this.commandResult.command?.includeDeploymentDirs)
+        pushProp(props, "Exclude Deployment Dirs", this.commandResult.command?.excludeDeploymentDirs)
+
+        if (this.commandResult.gitInfo) {
+            pushProp(props, "Source Url", this.commandResult.gitInfo.url)
+            pushProp(props, "Source Ref", gitRefToString(this.commandResult.gitInfo.ref))
+            pushProp(props, "Source Path", this.commandResult.gitInfo.subDir)
+            pushProp(props, "Source Commit", this.commandResult.gitInfo.commit)
+            pushProp(props, "Source Dirty", this.commandResult.gitInfo.dirty)
+        }
+
+        pushProp(props, "Rendered Objects Hash", this.commandResult.renderedObjectsHash)
+        pushProp(props, "New Objects", this.diffStatus?.newObjects.length)
+        pushProp(props, "Deleted Objects", this.diffStatus?.deletedObjects.length)
+        pushProp(props, "Orphan Objects", this.diffStatus?.orphanObjects.length)
+        pushProp(props, "Changed Objects", this.diffStatus?.changedObjects.length)
+        pushProp(props, "Errors", this.healthStatus?.errors?.length)
+        pushProp(props, "Warnings", this.healthStatus?.warnings?.length)
+
         return <>
             <PropertiesTable properties={props}/>
         </>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index 36855ad60..fcb470b08 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -25,7 +25,7 @@ import { ApiContext, UserContext } from "../App";
 import { CardBody, CardTemplate } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
-import { PropertiesEntry, PropertiesTable } from "../PropertiesTable";
+import { PropertiesEntry, PropertiesTable, pushProp } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { Since } from "../Since";
@@ -33,6 +33,7 @@ import { ValidateResultsTable } from "../ValidateResultsTable";
 import { LogsViewer } from "../LogsViewer";
 import { K8sManifestViewer } from "../K8sManifestViewer";
 import { YamlViewer } from "../YamlViewer";
+import { gitRefToString } from "../../utils/git";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -407,43 +408,56 @@ class TargetItemCardProvider implements SidePanelProvider {
 
         const props: PropertiesEntry[] = [
             { name: "Target Name", value: this.getTargetName() },
-            { name: "Discriminator", value: this.ts?.target.discriminator },
         ]
 
-        props.push({ name: "Source Url", value: d.spec.source.url })
-        if (d.spec.source.ref) {
-            let ref = ""
-            if (d.spec.source.ref.tag) {
-                ref = "tag " + d.spec.source.ref.tag
-            } else if (d.spec.source.ref.branch) {
-                ref = "branch " + d.spec.source.ref.branch
-            } else if (d.spec.source.ref.commit) {
-                ref = "commit " + d.spec.source.ref.commit
-            } else {
-                ref = JSON.stringify(d.spec.source.ref)
+        pushProp(props, "Discriminator", this.ts?.target.discriminator)
+
+        if (d) {
+            let args = d.spec.args
+            if (args && Object.keys(args).length === 0) {
+                args = undefined
             }
-            props.push({ name: "Source Ref", value: ref })
-        }
-        if (d.spec.source.path) {
-            props.push({ name: "Source Path", value: d.spec.source.path })
-        }
 
-        if (d.spec.args) {
-            props.push({ name: "Args", value: <YamlViewer obj={d.spec.args}/>})
+            pushProp(props, "Interval", d.spec.interval)
+            pushProp(props, "Retry Interval", d.spec.retryInterval)
+            pushProp(props, "Deploy Interval", d.spec.deployInterval)
+            pushProp(props, "Validate Interval", d.spec.validateInterval)
+            pushProp(props, "Timeout", d.spec.timeout)
+            pushProp(props, "Suspend", d.spec.suspend)
+            pushProp(props, "Target", d.spec.target)
+            pushProp(props, "Target Name Override", d.spec.targetNameOverride)
+            pushProp(props, "Context", d.spec.context)
+            pushProp(props, "Args", args, () => <YamlViewer obj={args}/>)
+            pushProp(props, "Dry Run", d.spec.dryRun)
+            pushProp(props, "No Wait", d.spec.noWait)
+            pushProp(props, "Force Apply", d.spec.forceApply)
+            pushProp(props, "Replace On Error", d.spec.replaceOnError)
+            pushProp(props, "Force Replace On Error", d.spec.forceReplaceOnError)
+            pushProp(props, "Abort On Error", d.spec.abortOnError)
+            pushProp(props, "Include Tags", d.spec.includeTags)
+            pushProp(props, "Exclude Tags", d.spec.excludeTags)
+            pushProp(props, "Include Deployment Dirs", d.spec.includeDeploymentDirs)
+            pushProp(props, "Exclude Deployment Dirs", d.spec.excludeDeploymentDirs)
+            pushProp(props, "Deploy Mode", d.spec.deployMode)
+            pushProp(props, "Validate", d.spec.validate)
+            pushProp(props, "Prune", d.spec.prune)
+            pushProp(props, "Delete", d.spec.delete)
+            pushProp(props, "Manual", d.spec.manual)
+            pushProp(props, "Manual Objects Hash", d.spec.manualObjectsHash)
+
+            pushProp(props, "Source Url", d.spec.source.url)
+            pushProp(props, "Source Ref", gitRefToString(d.spec.source.ref))
+            pushProp(props, "Source Path", d.spec.source.path)
+
+            pushProp(props, "Last Objects Hash", d.status.lastObjectsHash)
         }
 
-        if (this.ts?.lastValidateResult) {
-            props.push({ name: "Ready", value: this.ts?.lastValidateResult.ready + "" })
-        }
-        if (this.ts?.lastValidateResult?.errors) {
-            props.push({ name: "Errors", value: this.ts?.lastValidateResult.errors + "" })
-        }
-        if (this.ts?.lastValidateResult?.warnings) {
-            props.push({ name: "Warnings", value: this.ts?.lastValidateResult.warnings + "" })
-        }
+        pushProp(props, "Ready", this.ts?.lastValidateResult?.ready)
+        pushProp(props, "Errors", this.ts?.lastValidateResult?.errors)
+        pushProp(props, "Warnings", this.ts?.lastValidateResult?.warnings)
 
         let errorHeader
-        if (d.status) {
+        if (d?.status) {
             if (d.status.lastPrepareError) {
                 errorHeader = <Alert severity="error">
                     The prepare step failed for this deployment. This usually means that your deployment is severely
diff --git a/pkg/webui/ui/src/utils/git.ts b/pkg/webui/ui/src/utils/git.ts
new file mode 100644
index 000000000..13c9a6e64
--- /dev/null
+++ b/pkg/webui/ui/src/utils/git.ts
@@ -0,0 +1,16 @@
+import { GitRef } from "../models-static";
+
+export const gitRefToString = (ref?: GitRef) => {
+    if (!ref) {
+        return ""
+    }
+    if (ref.tag) {
+        return "tag " + ref.tag
+    } else if (ref.branch) {
+        return "branch " + ref.branch
+    } else if (ref.commit) {
+        return "commit " + ref.commit
+    } else {
+        return JSON.stringify(ref)
+    }
+}
\ No newline at end of file

From 16ae6cb2a12377ffade806ea90362bd5e8591a30 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Aug 2023 23:37:54 +0200
Subject: [PATCH 1465/2268] fix: Fix crash when starting webui from command
 line without args (#738)

---
 pkg/webui/auth.go        |  7 +++++++
 pkg/webui/server.go      | 18 ++++++++++--------
 pkg/webui/server_logs.go |  5 +++++
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index b86a8225c..2ac5fb220 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -74,6 +74,13 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig
 		serverClient: serverClient,
 	}
 
+	if serverClient == nil {
+		if authConfig.AuthEnabled {
+			return nil, fmt.Errorf("serverClient can't be nil when auth is enabled")
+		}
+		return ret, nil
+	}
+
 	x, err := ret.getSecret(authConfig.AuthSecretName, authConfig.AuthSecretKey)
 	if err != nil {
 		return nil, err
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 85b0655ee..5f08a0022 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -54,20 +54,22 @@ func NewCommandResultsServer(
 	authConfig AuthConfig,
 	onlyApi bool) (*CommandResultsServer, error) {
 
-	coreV1Client, err := corev1.NewForConfig(serverConfig)
-	if err != nil {
-		return nil, err
-	}
-
 	ret := &CommandResultsServer{
 		ctx:   ctx,
 		store: store,
 		cam: &clusterAccessorManager{
 			ctx: ctx,
 		},
-		serverClient:       serverClient,
-		serverCoreV1Client: coreV1Client,
-		onlyApi:            onlyApi,
+		serverClient: serverClient,
+		onlyApi:      onlyApi,
+	}
+
+	var err error
+	if serverConfig != nil {
+		ret.serverCoreV1Client, err = corev1.NewForConfig(serverConfig)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	ret.events = newEventsHandler(ret)
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index b14419bbd..fe84649c5 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -23,6 +23,11 @@ func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
 		return
 	}
 
+	if s.serverCoreV1Client == nil {
+		_ = gctx.AbortWithError(http.StatusBadRequest, err)
+		return
+	}
+
 	conn, err := acceptWebsocket(gctx)
 	if err != nil {
 		return

From ebba122d208ca88129cc34698c93420401172145 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Aug 2023 14:55:28 +0200
Subject: [PATCH 1466/2268] fix: Remove references to create-react-app

---
 pkg/webui/ui/public/index.html    | 2 +-
 pkg/webui/ui/public/manifest.json | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/ui/public/index.html b/pkg/webui/ui/public/index.html
index 1e5fe0c15..7464992e6 100644
--- a/pkg/webui/ui/public/index.html
+++ b/pkg/webui/ui/public/index.html
@@ -7,7 +7,7 @@
     <meta name="theme-color" content="#000000" />
     <meta
       name="description"
-      content="Web site created using create-react-app"
+      content="The Kluctl Webui"
     />
     <link rel="apple-touch-icon" href="%PUBLIC_URL%/logo192.png" />
     <!--
diff --git a/pkg/webui/ui/public/manifest.json b/pkg/webui/ui/public/manifest.json
index 080d6c77a..12bae671d 100644
--- a/pkg/webui/ui/public/manifest.json
+++ b/pkg/webui/ui/public/manifest.json
@@ -1,6 +1,6 @@
 {
-  "short_name": "React App",
-  "name": "Create React App Sample",
+  "short_name": "Kluctl Webui",
+  "name": "Kluctl Webui",
   "icons": [
     {
       "src": "favicon.ico",

From ce6a0ded151c9e91ea86e1db6a4ff907b6e3b521 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Aug 2023 14:55:39 +0200
Subject: [PATCH 1467/2268] fix: Remove non-reachable code

---
 pkg/webui/ui/src/components/LeftDrawer.tsx | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index c02722cb3..b096b187b 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -160,15 +160,6 @@ export default function LeftDrawer(props: {
                 <FilterBar onFilterChange={props.context.setFilters}/>
             </>
             break;
-        case 'results':
-            header = <
-            >
-                <Typography variant='h1'>
-                    Result Tree
-                </Typography>
-                <FilterBar onFilterChange={props.context.setFilters}/>
-            </>
-            break;
     }
 
     return (

From 05bd144ec9d50211e433a785342d4c99d2a32a29 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Aug 2023 16:44:28 +0200
Subject: [PATCH 1468/2268] feat: Implement proper OIDC logout handling

---
 cmd/kluctl/commands/cmd_webui.go      |  5 +++
 pkg/webui/auth.go                     | 51 +++++++++++++++++++--
 pkg/webui/auth_oidc.go                | 31 ++++++++-----
 pkg/webui/ui/src/components/App.tsx   |  4 +-
 pkg/webui/ui/src/components/Login.tsx | 65 ++++++++++++++++-----------
 5 files changed, 113 insertions(+), 43 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index d1e912ca4..937d7b0b9 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -48,6 +48,9 @@ type webuiCmd struct {
 	AuthOidcGroupClaim       string   `group:"auth" help:"Specify claim for the groups.'" default:"groups"`
 	AuthOidcAdminsGroup      []string `group:"auth" help:"Specify admins group names.'"`
 	AuthOidcViewersGroup     []string `group:"auth" help:"Specify viewers group names.'"`
+
+	AuthLogoutURL         string `group:"auth" help:"Specify the logout URL, to which the user should be redirected after clearing the Kluctl Webui session."`
+	AuthLogoutReturnParam string `group:"auth" help:"Specify the parameter name to pass to the logout redirect url, containing the return URL to redirect back."`
 }
 
 func (cmd *webuiCmd) Help() string {
@@ -82,6 +85,8 @@ func (cmd *webuiCmd) buildAuthConfig(ctx context.Context, c client.Client) (webu
 		authConfig.OidcGroupClaim = cmd.AuthOidcGroupClaim
 		authConfig.OidcAdminsGroups = cmd.AuthOidcAdminsGroup
 		authConfig.OidcViewersGroups = cmd.AuthOidcViewersGroup
+		authConfig.LogoutUrl = cmd.AuthLogoutURL
+		authConfig.LogoutReturnParam = cmd.AuthLogoutReturnParam
 	}
 
 	return authConfig, nil
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 2ac5fb220..f70fd5f4f 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"golang.org/x/oauth2"
 	"net/http"
+	"net/url"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
@@ -40,6 +41,9 @@ type AuthConfig struct {
 	OidcGroupClaim       string
 	OidcAdminsGroups     []string
 	OidcViewersGroups    []string
+
+	LogoutUrl         string
+	LogoutReturnParam string
 }
 
 type login struct {
@@ -58,8 +62,9 @@ type authHandler struct {
 	adminPassword  string
 	viewerPassword string
 
-	oidcProvider *oidc.Provider
-	oauth2Config *oauth2.Config
+	oidcProvider       *oidc.Provider
+	oidcProviderClaims map[string]any
+	oauth2Config       *oauth2.Config
 }
 
 type User struct {
@@ -159,7 +164,47 @@ func (s *authHandler) logoutHandler(c *gin.Context) {
 		c.String(http.StatusInternalServerError, err.Error())
 		return
 	}
-	c.Redirect(http.StatusTemporaryRedirect, "/")
+
+	redirectUrl, err := s.buildLogoutRedirect(c)
+	if err != nil {
+		c.String(http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	c.Redirect(http.StatusTemporaryRedirect, redirectUrl)
+}
+
+func (s *authHandler) buildLogoutRedirect(c *gin.Context) (string, error) {
+	redirectUrl := s.authConfig.LogoutUrl
+
+	params := url.Values{}
+	if redirectUrl == "" {
+		redirectUrl = "/"
+	} else {
+		if s.authConfig.LogoutReturnParam != "" {
+			// the react app is passing this value
+			returnUrl := c.Request.URL.Query().Get("returnUrl")
+			if returnUrl != "" {
+				params.Set(s.authConfig.LogoutReturnParam, returnUrl)
+			}
+		}
+	}
+
+	if len(params) != 0 {
+		x, err := url.Parse(redirectUrl)
+		if err != nil {
+			return "", err
+		}
+		for k, v := range x.Query() {
+			for _, v2 := range v {
+				params.Add(k, v2)
+			}
+		}
+		x.RawQuery = params.Encode()
+		redirectUrl = x.String()
+	}
+
+	return redirectUrl, nil
 }
 
 func (s *authHandler) getUser(c *gin.Context) *User {
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index a7cd0cd08..3d17663c9 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/oauth2"
 	"net/http"
+	"net/url"
 	"strings"
 	"time"
 )
@@ -37,6 +38,11 @@ func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConf
 	}
 	s.oidcProvider = provider
 
+	err = provider.Claims(&s.oidcProviderClaims)
+	if err != nil {
+		return err
+	}
+
 	s.oauth2Config = &oauth2.Config{
 		ClientID:     authConfig.OidcClientId,
 		ClientSecret: clientSecret,
@@ -112,10 +118,10 @@ func (s *authHandler) storeToken(c *gin.Context, session sessions.Session, token
 	return nil
 }
 
-func (s *authHandler) handleOidcCallback(c *gin.Context) (int, string) {
+func (s *authHandler) handleOidcCallback(c *gin.Context) error {
 	session := sessions.Default(c)
 	if c.Query("state") != session.Get("state") {
-		return http.StatusBadRequest, "invalid state parameter"
+		return fmt.Errorf("invalid state parameter")
 	}
 
 	session.Delete("state")
@@ -123,30 +129,31 @@ func (s *authHandler) handleOidcCallback(c *gin.Context) (int, string) {
 	// Exchange an authorization code for a token.
 	token, err := s.oauth2Config.Exchange(c.Request.Context(), c.Query("code"))
 	if err != nil {
-		return http.StatusUnauthorized, err.Error()
+		return err
 	}
 
 	err = s.storeToken(c, session, token)
 	if err != nil {
-		return http.StatusUnauthorized, err.Error()
+		return err
 	}
 
 	if err := session.Save(); err != nil {
-		return http.StatusInternalServerError, err.Error()
+		return err
 	}
 
-	return http.StatusOK, ""
+	return nil
 }
 
 func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
-	status, errMsg := s.handleOidcCallback(c)
-	if status != http.StatusOK {
-		c.String(status, errMsg)
-		return
+	err := s.handleOidcCallback(c)
+
+	redirectTo := "/"
+	if err != nil {
+		redirectTo += fmt.Sprintf("?login_error=%s", url.QueryEscape(err.Error()))
 	}
 
-	// Redirect to logged in page.
-	c.Redirect(http.StatusTemporaryRedirect, "/")
+	// Redirect to root in page.
+	c.Redirect(http.StatusTemporaryRedirect, redirectTo)
 }
 
 func (s *authHandler) oidcRefresh(c *gin.Context, session sessions.Session, tokenInfo *oidcTokenInfo) error {
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index b38958b2e..64444b131 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -174,7 +174,9 @@ const App = () => {
     const onLogout = () => {
         console.log("handle onLogout")
         setUser(undefined)
-        window.location.href='/auth/logout'
+        const params = new URLSearchParams()
+        params.set("returnUrl", `${window.location.protocol}//${window.location.host}`)
+        window.location.href='/auth/logout?' + params.toString()
     }
     const onUnauthorized = () => {
         console.log("handle onUnauthorized")
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index ca34617d4..77cad329f 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -1,7 +1,6 @@
 import { Box, Button, FormControl, Paper, TextField, Typography, useTheme } from '@mui/material';
 import React, { SyntheticEvent, useState } from 'react';
 import { rootPath } from "../api";
-import { ErrorMessageCard } from './ErrorMessage';
 import { AuthInfo } from "../models";
 
 interface loginCredentials {
@@ -12,39 +11,59 @@ interface loginCredentials {
 type LoginResult = {
     type: 'success',
 } | {
-    type: 'unauthorized'
-} | {
-    type: 'other-error',
+    type: 'error',
     statusText: string
 }
 
 async function loginStaticUser(creds: loginCredentials): Promise<LoginResult> {
     const url = rootPath + `/auth/staticLogin`
-    return fetch(url, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json'
-        },
-        body: JSON.stringify(creds)
-    }).then(response => {
+    try {
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(creds)
+        })
         if (response.status === 200) {
             return { type: "success" }
         } else if (response.status === 401) {
-            return { type: 'unauthorized' }
+            let statusText = await response.text()
+            if (!statusText) {
+                statusText = "Invalid username/password"
+            }
+            return { type: 'error', statusText: statusText }
         } else {
             return {
-                type: 'other-error',
+                type: 'error',
                 statusText: response.statusText
             }
         }
-    });
+    } catch (e) {
+        return {
+            type: 'error',
+            statusText: "unknown error",
+        }
+    }
 }
 
 export default function Login(props: { authInfo: AuthInfo }) {
     const theme = useTheme();
     const [username, setUserName] = useState<string>();
     const [password, setPassword] = useState<string>();
-    const [error, setError] = useState<Exclude<LoginResult, { type: 'success' }>>();
+
+    const searchParams = new URLSearchParams(window.location.search)
+    const loginErrorFromSearchParams = searchParams.get("login_error")
+    let initialError: LoginResult | undefined
+    if (loginErrorFromSearchParams) {
+        initialError = {
+            type: "error",
+            statusText: loginErrorFromSearchParams,
+        }
+    }
+
+    const [error, setError] = useState<LoginResult | undefined>(initialError);
+    console.log(searchParams, loginErrorFromSearchParams, initialError, error)
 
     const handleSubmit = async (e: SyntheticEvent) => {
         e.preventDefault();
@@ -60,22 +79,14 @@ export default function Login(props: { authInfo: AuthInfo }) {
         switch (result.type) {
             case 'success':
                 window.location.href='/'
+                setError(undefined)
                 break;
-            case 'unauthorized':
-                setError(result);
-                break;
-            case 'other-error':
+            case 'error':
                 setError(result)
                 break;
         }
     }
 
-    if (error?.type === 'other-error') {
-        return <ErrorMessageCard>
-            {error.statusText}
-        </ErrorMessageCard>
-    }
-
     const staticLogin = <form onSubmit={handleSubmit}>
         <Box
             display='flex'
@@ -90,9 +101,9 @@ export default function Login(props: { authInfo: AuthInfo }) {
             <FormControl fullWidth >
                 <TextField variant='standard' label='Password' type="password" onChange={e => setPassword(e.target.value)} />
             </FormControl>
-            {error?.type === 'unauthorized' && (
+            {error?.type !== 'success' && (
                 <Box color={theme.palette.error.main}>
-                    Invalid username or password
+                    {error?.statusText}
                 </Box>
             )}
             <FormControl >

From 075eaf6d5e7d800ad168d6d918fe68017de6f77b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 08:54:06 +0200
Subject: [PATCH 1469/2268] tests: Add tests for args in discriminators

---
 e2e/args_test.go | 65 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 1641da10f..906dc8336 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -187,3 +187,68 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c2", "data", "c")
 }
+
+func testArgsInDiscriminator(t *testing.T, inDefaultDiscriminator bool) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+		if !inDefaultDiscriminator {
+			_ = target.SetNestedField("discriminator-{{ args.a }}", "discriminator")
+		}
+	})
+
+	args := []any{
+		map[string]any{
+			"name":    "a",
+			"default": "default",
+		},
+	}
+
+	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField(args, "args")
+		if inDefaultDiscriminator {
+			_ = o.SetNestedField("discriminator-{{ args.a }}", "discriminator")
+		} else {
+			_ = o.RemoveNestedField("discriminator")
+		}
+		return nil
+	})
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm")
+	assertNestedFieldEquals(t, cm, "discriminator-default", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
+	assertNestedFieldEquals(t, cm, "discriminator-a", "metadata", "labels", "kluctl.io/discriminator")
+
+	if inDefaultDiscriminator {
+		// now without targets
+		p.KluctlMust("deploy", "--yes")
+		cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
+		assertNestedFieldEquals(t, cm, "discriminator-default", "metadata", "labels", "kluctl.io/discriminator")
+
+		p.KluctlMust("deploy", "--yes", "-aa=a")
+		cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
+		assertNestedFieldEquals(t, cm, "discriminator-a", "metadata", "labels", "kluctl.io/discriminator")
+	}
+}
+
+func TestArgsInDefaultDiscriminator(t *testing.T) {
+	testArgsInDiscriminator(t, true)
+}
+
+func TestArgsInTargetDiscriminator(t *testing.T) {
+	testArgsInDiscriminator(t, false)
+}

From 466d87e44835cd2e6056138ce5b5a9264198c9e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 09:32:45 +0200
Subject: [PATCH 1470/2268] fix: Set projectKey/targetKey in status even if
 loading of the target fails

---
 pkg/controllers/kluctl_project.go             |  4 +--
 .../kluctldeployment_controller.go            | 34 +++++++++----------
 pkg/kluctl_project/target_context.go          | 24 ++++++-------
 pkg/webui/ui/src/project-summaries.ts         |  2 +-
 4 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index b917c5cf2..a6b722c7d 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -648,11 +648,11 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 
 	targetContext, err := p.NewTargetContext(ctx, contextName, k, props)
 	if err != nil {
-		return nil, err
+		return targetContext, err
 	}
 	err = targetContext.DeploymentCollection.Prepare()
 	if err != nil {
-		return nil, err
+		return targetContext, err
 	}
 	return targetContext, nil
 }
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index b559f53c5..f7f36fbeb 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -279,6 +279,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
+	obj.Status.ProjectKey = &result.ProjectKey{
+		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
+		SubDir:     path.Clean(obj.Spec.Source.Path),
+	}
+	if obj.Status.ProjectKey.SubDir == "." {
+		obj.Status.ProjectKey.SubDir = ""
+	}
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
@@ -294,27 +301,20 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	targetContext, err := pt.loadTarget(ctx, lp)
-	if err != nil {
-		return doFailPrepare(err)
-	}
-
-	obj.Status.ProjectKey = &result.ProjectKey{
-		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
-		SubDir:     path.Clean(obj.Spec.Source.Path),
+	if targetContext != nil {
+		clusterId, err := targetContext.SharedContext.K.GetClusterId()
+		if err != nil {
+			return doFailPrepare(err)
+		}
+		obj.Status.TargetKey = &result.TargetKey{
+			TargetName:    targetContext.Target.Name,
+			Discriminator: targetContext.Target.Discriminator,
+			ClusterId:     clusterId,
+		}
 	}
-	clusterId, err := targetContext.SharedContext.K.GetClusterId()
 	if err != nil {
 		return doFailPrepare(err)
 	}
-	obj.Status.TargetKey = &result.TargetKey{
-		TargetName:    targetContext.Target.Name,
-		Discriminator: targetContext.Target.Discriminator,
-		ClusterId:     clusterId,
-	}
-
-	if obj.Status.ProjectKey.SubDir == "." {
-		obj.Status.ProjectKey.SubDir = ""
-	}
 
 	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
 	if err != nil {
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 4e5739d22..81e605c6f 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -112,25 +112,25 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		DefaultSealedSecretsOutputPattern: target.Name,
 	}
 
+	targetCtx := &TargetContext{
+		Params:         params,
+		SharedContext:  dctx,
+		KluctlProject:  p,
+		Target:         *target,
+		ClusterContext: contextName,
+	}
+
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(repoRoot), relProjectDir, nil)
 	if err != nil {
-		return nil, err
+		return targetCtx, err
 	}
+	targetCtx.DeploymentProject = d
 
 	c, err := deployment.NewDeploymentCollection(dctx, d, params.Images, params.Inclusion, params.ForSeal)
 	if err != nil {
-		return nil, err
-	}
-
-	targetCtx := &TargetContext{
-		Params:               params,
-		SharedContext:        dctx,
-		KluctlProject:        p,
-		Target:               *target,
-		ClusterContext:       contextName,
-		DeploymentProject:    d,
-		DeploymentCollection: c,
+		return targetCtx, err
 	}
+	targetCtx.DeploymentCollection = c
 
 	return targetCtx, nil
 }
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 0d9b1a43a..344e42b14 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -122,7 +122,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
 
     const kluctlDeploymentsByKdKey = new Map<string, KluctlDeploymentWithClusterId>()
     kluctlDeployments.forEach(kd => {
-        if (!kd.deployment.status || !kd.deployment.status.projectKey) {
+        if (!kd.deployment.status || !kd.deployment.status.projectKey || !kd.deployment.status.targetKey) {
             return
         }
         if (!filterTarget(kd, undefined, kd.deployment.status.projectKey, kd.deployment.status.targetKey)) {

From 25035f61eb156c8a03fd392355de964be3dc936f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Aug 2023 17:31:45 +0200
Subject: [PATCH 1471/2268] feat: Introduce "webui run" sub-command

---
 cmd/kluctl/commands/cmd_webui.go    | 12 ++++++++----
 cmd/kluctl/commands/root.go         |  2 +-
 install/webui/webui/deployment.yaml |  1 +
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 937d7b0b9..3aaaddbc0 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -14,6 +14,10 @@ import (
 )
 
 type webuiCmd struct {
+	Run_ webuiRunCmd `cmd:"run" help:"Run the Kluctl Webui"`
+}
+
+type webuiRunCmd struct {
 	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to localhost."`
 	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
@@ -53,11 +57,11 @@ type webuiCmd struct {
 	AuthLogoutReturnParam string `group:"auth" help:"Specify the parameter name to pass to the logout redirect url, containing the return URL to redirect back."`
 }
 
-func (cmd *webuiCmd) Help() string {
+func (cmd *webuiRunCmd) Help() string {
 	return `TODO`
 }
 
-func (cmd *webuiCmd) buildAuthConfig(ctx context.Context, c client.Client) (webui.AuthConfig, error) {
+func (cmd *webuiRunCmd) buildAuthConfig(ctx context.Context, c client.Client) (webui.AuthConfig, error) {
 	var authConfig webui.AuthConfig
 	authConfig.AuthEnabled = cmd.InCluster
 
@@ -92,7 +96,7 @@ func (cmd *webuiCmd) buildAuthConfig(ctx context.Context, c client.Client) (webu
 	return authConfig, nil
 }
 
-func (cmd *webuiCmd) Run(ctx context.Context) error {
+func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
 		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
 	}
@@ -171,7 +175,7 @@ func (cmd *webuiCmd) Run(ctx context.Context) error {
 	}
 }
 
-func (cmd *webuiCmd) createResultStores(ctx context.Context) ([]results.ResultStore, []*rest.Config, error) {
+func (cmd *webuiRunCmd) createResultStores(ctx context.Context) ([]results.ResultStore, []*rest.Config, error) {
 	r := clientcmd.NewDefaultClientConfigLoadingRules()
 
 	kcfg, err := r.Load()
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index fbf53303f..7dbfc57f4 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -72,7 +72,7 @@ type cli struct {
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
 	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
-	Webui       webuiCmd       `cmd:"" help:"TODO"`
+	Webui       webuiCmd       `cmd:"" help:"Kluctl Webui sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 8e7648890..abdd5685b 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -30,6 +30,7 @@ spec:
         command:
           - kluctl
           - webui
+          - run
           - --in-cluster
         args: []
         env: []

From a84c011cef355b312a6649a9e4cc7c91e14a6c4c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Aug 2023 17:33:26 +0200
Subject: [PATCH 1472/2268] docs: Add "webui run" docs

---
 docs/reference/commands/README.md    |  3 ++
 docs/reference/commands/webui-run.md | 80 ++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 docs/reference/commands/webui-run.md

diff --git a/docs/reference/commands/README.md b/docs/reference/commands/README.md
index 8a3683520..14e14df26 100644
--- a/docs/reference/commands/README.md
+++ b/docs/reference/commands/README.md
@@ -33,3 +33,6 @@ Individual commands are documented in sub-sections.
 11. [prune](./prune.md)
 12. [render](./render.md)
 13. [validate](./validate.md)
+14. [controller run](./controller-run.md)
+15. [controller install](./controller-install.md)
+16. [webui run](./webui-run.md)
diff --git a/docs/reference/commands/webui-run.md b/docs/reference/commands/webui-run.md
new file mode 100644
index 000000000..afe4b7d17
--- /dev/null
+++ b/docs/reference/commands/webui-run.md
@@ -0,0 +1,80 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "webui run"
+linkTitle: "webui run"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "webui run" "Usage" false -->
+Usage: kluctl webui run [flags]
+
+Run the Kluctl Webui
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "webui run" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --all-contexts                Use all Kubernetes contexts found in the kubeconfig.
+      --context stringArray         List of kubernetes contexts to use.
+      --host string                 Host to bind to. Pass an empty string to bind to all addresses. Defaults to
+                                    localhost.
+      --in-cluster                  This enables in-cluster functionality. This also enforces authentication.
+      --in-cluster-context string   The context to use fo in-cluster functionality.
+      --only-api                    Only serve API without the actual UI.
+      --port int                    Port to bind to. (default 8080)
+      --static-path string          Build static webui.
+
+```
+<!-- END SECTION -->
+
+<!-- BEGIN SECTION "webui run" "Auth arguments" true -->
+```
+Auth arguments:
+  Configure authentication.
+
+      --auth-admin-rbac-user string            Specify the RBAC user to use for admin access. (default
+                                               "kluctl-webui-admin")
+      --auth-logout-return-param string        Specify the parameter name to pass to the logout redirect url,
+                                               containing the return URL to redirect back.
+      --auth-logout-url string                 Specify the logout URL, to which the user should be redirected
+                                               after clearing the Kluctl Webui session.
+      --auth-oidc-admins-group stringArray     Specify admins group names.'
+      --auth-oidc-client-id string             Specify the ClientID.
+      --auth-oidc-client-secret-key string     Specify the secret name for the ClientSecret. (default
+                                               "oidc-client-secret")
+      --auth-oidc-client-secret-name string    Specify the secret name for the ClientSecret. (default "webui-secret")
+      --auth-oidc-display-name string          Specify the name of the OIDC provider to be displayed on the login
+                                               page. (default "OpenID Connect")
+      --auth-oidc-group-claim string           Specify claim for the groups.' (default "groups")
+      --auth-oidc-issuer-url string            Specify the OIDC provider's issuer URL.
+      --auth-oidc-param stringArray            Specify additional parameters to be passed to the authorize endpoint.
+      --auth-oidc-redirect-url string          Specify the redirect URL.
+      --auth-oidc-scope stringArray            Specify the scopes.
+      --auth-oidc-user-claim string            Specify claim for the username.' (default "email")
+      --auth-oidc-viewers-group stringArray    Specify viewers group names.'
+      --auth-secret-key string                 Specify the secret key for the secret used for internal encryption
+                                               of tokens and cookies. (default "auth-secret")
+      --auth-secret-name string                Specify the secret name for the secret used for internal encryption
+                                               of tokens and cookies. (default "webui-secret")
+      --auth-static-admin-secret-key string    Specify the secret key for the admin password. (default
+                                               "admin-password")
+      --auth-static-login-enabled              Enable the admin user. (default true)
+      --auth-static-login-secret-name string   Specify the secret name for the admin and viewer passwords.
+                                               (default "webui-secret")
+      --auth-static-viewer-secret-key string   Specify the secret key for the viewer password. (default
+                                               "viewer-password")
+      --auth-viewer-rbac-user string           Specify the RBAC user to use for viewer access. (default
+                                               "kluctl-webui-viewer")
+
+```
+<!-- END SECTION -->

From a1fdd322e403842ebabc53f223a941be9ed0a3f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 10:51:03 +0200
Subject: [PATCH 1473/2268] fix: Run gin in release mode and print local webui
 url

---
 pkg/webui/server.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 5f08a0022..4140ba065 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -19,6 +19,7 @@ import (
 	"k8s.io/client-go/rest"
 	"net"
 	"net/http"
+	"os"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
@@ -94,6 +95,10 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 
 	s.cam.start()
 
+	if os.Getenv(gin.EnvGinMode) == "" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+
 	router := gin.New()
 	router.Use(gin.LoggerWithConfig(gin.LoggerConfig{
 		SkipPaths: []string{"/healthz", "/readyz"},
@@ -152,6 +157,8 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 		Handler: router.Handler(),
 	}
 
+	status.Infof(s.ctx, "Webui is available at: http://%s\n", address)
+
 	return httpServer.Serve(listener)
 }
 

From 9f45892ef391c1638c7687329b3658eeb030cfa6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 11:26:08 +0200
Subject: [PATCH 1474/2268] feat: Open browser when running "kluctl webui run"
 from a terminal

---
 cmd/kluctl/commands/cmd_webui.go |  2 +-
 cmd/kluctl/commands/root.go      |  5 +++--
 pkg/utils/openbrowser.go         | 22 ++++++++++++++++++++++
 pkg/webui/server.go              | 11 +++++++++--
 4 files changed, 35 insertions(+), 5 deletions(-)
 create mode 100644 pkg/utils/openbrowser.go

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 3aaaddbc0..9a00458f8 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -171,7 +171,7 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		return server.Run(cmd.Host, cmd.Port)
+		return server.Run(cmd.Host, cmd.Port, isTerminal)
 	}
 }
 
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 7dbfc57f4..766cc779b 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -89,9 +89,10 @@ var flagGroups = []groupInfo{
 
 var origStderr = os.Stderr
 
+// we must determine isTerminal before we override os.Stderr
+var isTerminal = isatty.IsTerminal(os.Stderr.Fd())
+
 func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool) context.Context {
-	// we must determine isTerminal before we override os.Stderr
-	isTerminal := isatty.IsTerminal(origStderr.Fd())
 	var sh status.StatusHandler
 	var pp prompts.PromptProvider
 	if !debug && isTerminal {
diff --git a/pkg/utils/openbrowser.go b/pkg/utils/openbrowser.go
new file mode 100644
index 000000000..448783305
--- /dev/null
+++ b/pkg/utils/openbrowser.go
@@ -0,0 +1,22 @@
+package utils
+
+import (
+	"fmt"
+	"os/exec"
+	"runtime"
+)
+
+func OpenBrowser(url string) error {
+	var err error
+	switch runtime.GOOS {
+	case "linux":
+		err = exec.Command("xdg-open", url).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+	case "darwin":
+		err = exec.Command("open", url).Start()
+	default:
+		err = fmt.Errorf("unsupported platform")
+	}
+	return err
+}
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 4140ba065..4bf2c718a 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -87,7 +88,7 @@ func NewCommandResultsServer(
 	return ret, nil
 }
 
-func (s *CommandResultsServer) Run(host string, port int) error {
+func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) error {
 	err := s.startUpdateLogs()
 	if err != nil {
 		return err
@@ -157,7 +158,13 @@ func (s *CommandResultsServer) Run(host string, port int) error {
 		Handler: router.Handler(),
 	}
 
-	status.Infof(s.ctx, "Webui is available at: http://%s\n", address)
+	url := fmt.Sprintf("http://%s", address)
+	status.Infof(s.ctx, "Webui is available at: %s\n", url)
+
+	if openBrowser {
+		status.Infof(s.ctx, "Opening browser")
+		_ = utils.OpenBrowser(url)
+	}
 
 	return httpServer.Serve(listener)
 }

From 383a90c39fe0b3690bedfa3e99b0b8d85b0ef899 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 11:26:32 +0200
Subject: [PATCH 1475/2268] fix: redirect to /targets when going to /

---
 pkg/webui/ui/src/components/Router.tsx | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index c5226504a..0890a6536 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,8 +1,9 @@
-import { createHashRouter, useRouteError } from "react-router-dom";
+import { createHashRouter, useNavigate, useRouteError } from "react-router-dom";
 import App from "./App";
 import { TargetsView } from "./targets-view/TargetsView";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
+import React, { useEffect } from "react";
 
 function ErrorPage() {
     const error = useRouteError() as any;
@@ -13,12 +14,25 @@ function ErrorPage() {
     </ErrorMessageCard>
 }
 
+function Redirect(props: { to: string }) {
+    let navigate = useNavigate();
+    useEffect(() => {
+        navigate(props.to, {replace: true});
+    });
+    return null;
+}
+
 export const Router = createHashRouter([
     {
         path: "/",
         element: <App />,
         errorElement: <ErrorPage />,
         children: [
+            {
+                path: "/",
+                element: <Redirect to={"/targets"}/>,
+                errorElement: <ErrorPage />,
+            },
             {
                 path: "targets/*",
                 element: <TargetsView />,

From e7543fe4d8cdadd723ced30a4929bc9c0a2648f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 11:31:38 +0200
Subject: [PATCH 1476/2268] fix: Don't show logs tab for command-line triggered
 deployments

---
 .../command-result/nodes/CommandResultNode.tsx     | 11 +++++++----
 .../ui/src/components/targets-view/TargetItem.tsx  | 14 +++++++++-----
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index f5501a597..a3c00c1c8 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -31,10 +31,13 @@ export class CommandResultNodeData extends NodeData {
 
         this.buildDiffAndHealthPages(tabs)
 
-        tabs.push({label: "Logs", content: <LogsViewer
-                cluster={this.commandResult.clusterInfo.clusterId}
-                reconcileId={this.commandResult.id}/>
-        })
+        if (this.commandResult.kluctlDeployment) {
+            tabs.push({
+                label: "Logs", content: <LogsViewer
+                    cluster={this.commandResult.clusterInfo.clusterId}
+                    reconcileId={this.commandResult.id}/>
+            })
+        }
 
         return tabs
     }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index fcb470b08..c1391783e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -394,11 +394,15 @@ class TargetItemCardProvider implements SidePanelProvider {
             })
         }
 
-        tabs.push({label: "Logs", content: <LogsViewer
-                cluster={this.ts.kdInfo?.clusterId}
-                name={this.ts.kdInfo?.name}
-                namespace={this.ts.kdInfo?.namespace}
-            />})
+        if (this.ts.kd) {
+            tabs.push({
+                label: "Logs", content: <LogsViewer
+                    cluster={this.ts.kdInfo?.clusterId}
+                    name={this.ts.kdInfo?.name}
+                    namespace={this.ts.kdInfo?.namespace}
+                />
+            })
+        }
 
         return tabs
     }

From 3914a00556ebfc513fda55ff02fabedc18851f0e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 11:56:00 +0200
Subject: [PATCH 1477/2268] refactor: Move out webuiRunCmd into own source file

---
 cmd/kluctl/commands/cmd_webui.go     | 162 -------------------------
 cmd/kluctl/commands/cmd_webui_run.go | 175 +++++++++++++++++++++++++++
 2 files changed, 175 insertions(+), 162 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_webui_run.go

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 9a00458f8..383993b7c 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -4,177 +4,15 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	"net/netip"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"time"
 )
 
 type webuiCmd struct {
 	Run_ webuiRunCmd `cmd:"run" help:"Run the Kluctl Webui"`
 }
 
-type webuiRunCmd struct {
-	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to localhost."`
-	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
-	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
-	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
-	StaticPath  string   `group:"misc" help:"Build static webui."`
-
-	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
-	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
-
-	OnlyApi bool `group:"misc" help:"Only serve API without the actual UI."`
-
-	AuthSecretName string `group:"auth" help:"Specify the secret name for the secret used for internal encryption of tokens and cookies." default:"webui-secret"`
-	AuthSecretKey  string `group:"auth" help:"Specify the secret key for the secret used for internal encryption of tokens and cookies." default:"auth-secret"`
-
-	AuthStaticLoginEnabled    bool   `group:"auth" help:"Enable the admin user." default:"true"`
-	AuthStaticLoginSecretName string `group:"auth" help:"Specify the secret name for the admin and viewer passwords." default:"webui-secret"`
-	AuthStaticAdminSecretKey  string `group:"auth" help:"Specify the secret key for the admin password." default:"admin-password"`
-	AuthStaticViewerSecretKey string `group:"auth" help:"Specify the secret key for the viewer password." default:"viewer-password"`
-
-	AuthAdminRbacUser  string `group:"auth" help:"Specify the RBAC user to use for admin access." default:"kluctl-webui-admin"`
-	AuthViewerRbacUser string `group:"auth" help:"Specify the RBAC user to use for viewer access." default:"kluctl-webui-viewer"`
-
-	AuthOidcIssuerUrl        string   `group:"auth" help:"Specify the OIDC provider's issuer URL."`
-	AuthOidcDisplayName      string   `group:"auth" help:"Specify the name of the OIDC provider to be displayed on the login page." default:"OpenID Connect"`
-	AuthOidcClientID         string   `group:"auth" help:"Specify the ClientID."`
-	AuthOidcClientSecretName string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"webui-secret"`
-	AuthOidcClientSecretKey  string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"oidc-client-secret"`
-	AuthOidcRedirectURL      string   `group:"auth" help:"Specify the redirect URL."`
-	AuthOidcScope            []string `group:"auth" help:"Specify the scopes."`
-	AuthOidcParam            []string `group:"auth" help:"Specify additional parameters to be passed to the authorize endpoint."`
-	AuthOidcUserClaim        string   `group:"auth" help:"Specify claim for the username.'" default:"email"`
-	AuthOidcGroupClaim       string   `group:"auth" help:"Specify claim for the groups.'" default:"groups"`
-	AuthOidcAdminsGroup      []string `group:"auth" help:"Specify admins group names.'"`
-	AuthOidcViewersGroup     []string `group:"auth" help:"Specify viewers group names.'"`
-
-	AuthLogoutURL         string `group:"auth" help:"Specify the logout URL, to which the user should be redirected after clearing the Kluctl Webui session."`
-	AuthLogoutReturnParam string `group:"auth" help:"Specify the parameter name to pass to the logout redirect url, containing the return URL to redirect back."`
-}
-
-func (cmd *webuiRunCmd) Help() string {
-	return `TODO`
-}
-
-func (cmd *webuiRunCmd) buildAuthConfig(ctx context.Context, c client.Client) (webui.AuthConfig, error) {
-	var authConfig webui.AuthConfig
-	authConfig.AuthEnabled = cmd.InCluster
-
-	authConfig.AuthSecretName = cmd.AuthSecretName
-	authConfig.AuthSecretKey = cmd.AuthSecretKey
-
-	authConfig.StaticLoginEnabled = cmd.AuthStaticLoginEnabled
-	authConfig.StaticLoginSecretName = cmd.AuthStaticLoginSecretName
-	authConfig.StaticAdminSecretKey = cmd.AuthStaticAdminSecretKey
-	authConfig.StaticViewerSecretKey = cmd.AuthStaticViewerSecretKey
-
-	authConfig.AdminRbacUser = cmd.AuthAdminRbacUser
-	authConfig.ViewerRbacUser = cmd.AuthViewerRbacUser
-
-	authConfig.OidcIssuerUrl = cmd.AuthOidcIssuerUrl
-	authConfig.OidcDisplayName = cmd.AuthOidcDisplayName
-	if cmd.AuthOidcIssuerUrl != "" {
-		authConfig.OidcClientId = cmd.AuthOidcClientID
-		authConfig.OidcClientSecretName = cmd.AuthOidcClientSecretName
-		authConfig.OidcClientSecretKey = cmd.AuthOidcClientSecretKey
-		authConfig.OidcRedirectUrl = cmd.AuthOidcRedirectURL
-		authConfig.OidcScopes = cmd.AuthOidcScope
-		authConfig.OidcParams = cmd.AuthOidcParam
-		authConfig.OidcUserClaim = cmd.AuthOidcUserClaim
-		authConfig.OidcGroupClaim = cmd.AuthOidcGroupClaim
-		authConfig.OidcAdminsGroups = cmd.AuthOidcAdminsGroup
-		authConfig.OidcViewersGroups = cmd.AuthOidcViewersGroup
-		authConfig.LogoutUrl = cmd.AuthLogoutURL
-		authConfig.LogoutReturnParam = cmd.AuthLogoutReturnParam
-	}
-
-	return authConfig, nil
-}
-
-func (cmd *webuiRunCmd) Run(ctx context.Context) error {
-	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
-		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
-	}
-	if cmd.OnlyApi && cmd.StaticPath != "" {
-		return fmt.Errorf("--static-path can not be combined with --only-api")
-	}
-
-	if !cmd.InCluster { // no authentication?
-		if cmd.Host == "" {
-			// we only use "localhost" as default if not running inside a cluster
-			cmd.Host = "localhost"
-		}
-		if cmd.Host != "localhost" {
-			isNonLocal := cmd.Host == ""
-			if a, err := netip.ParseAddr(cmd.Host); err == nil { // on error, we assume it's a hostname
-				if !a.IsLoopback() {
-					isNonLocal = true
-				}
-			}
-			if isNonLocal {
-				status.Warning(ctx, "When running the webui without authentication enabled, it is extremely dangerous to expose it to non-localhost addresses, as the webui is running with admin privileges.")
-			}
-		}
-	}
-
-	var authConfig webui.AuthConfig
-
-	var inClusterConfig *rest.Config
-	var inClusterClient client.Client
-	if cmd.InCluster {
-		configOverrides := &clientcmd.ConfigOverrides{
-			CurrentContext: cmd.InClusterContext,
-		}
-		var err error
-		inClusterConfig, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-			clientcmd.NewDefaultClientConfigLoadingRules(),
-			configOverrides).ClientConfig()
-		if err != nil {
-			return err
-		}
-		inClusterClient, err = client.NewWithWatch(inClusterConfig, client.Options{})
-		if err != nil {
-			return err
-		}
-
-		authConfig, err = cmd.buildAuthConfig(ctx, inClusterClient)
-		if err != nil {
-			return err
-		}
-	}
-
-	stores, configs, err := cmd.createResultStores(ctx)
-	if err != nil {
-		return err
-	}
-
-	collector := results.NewResultsCollector(ctx, stores)
-	collector.Start()
-
-	if cmd.StaticPath != "" {
-		st := status.Start(ctx, "Collecting results")
-		defer st.Failed()
-		err = collector.WaitForResults(time.Second, time.Second*30)
-		if err != nil {
-			return err
-		}
-		st.Success()
-		sbw := webui.NewStaticWebuiBuilder(collector)
-		return sbw.Build(cmd.StaticPath)
-	} else {
-		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
-		if err != nil {
-			return err
-		}
-		return server.Run(cmd.Host, cmd.Port, isTerminal)
-	}
-}
-
 func (cmd *webuiRunCmd) createResultStores(ctx context.Context) ([]results.ResultStore, []*rest.Config, error) {
 	r := clientcmd.NewDefaultClientConfigLoadingRules()
 
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
new file mode 100644
index 000000000..65ef1935b
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -0,0 +1,175 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/webui"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"net/netip"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
+)
+
+type webuiRunCmd struct {
+	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to localhost."`
+	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
+	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
+	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
+	StaticPath  string   `group:"misc" help:"Build static webui."`
+
+	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
+	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
+
+	OnlyApi bool `group:"misc" help:"Only serve API without the actual UI."`
+
+	AuthSecretName string `group:"auth" help:"Specify the secret name for the secret used for internal encryption of tokens and cookies." default:"webui-secret"`
+	AuthSecretKey  string `group:"auth" help:"Specify the secret key for the secret used for internal encryption of tokens and cookies." default:"auth-secret"`
+
+	AuthStaticLoginEnabled    bool   `group:"auth" help:"Enable the admin user." default:"true"`
+	AuthStaticLoginSecretName string `group:"auth" help:"Specify the secret name for the admin and viewer passwords." default:"webui-secret"`
+	AuthStaticAdminSecretKey  string `group:"auth" help:"Specify the secret key for the admin password." default:"admin-password"`
+	AuthStaticViewerSecretKey string `group:"auth" help:"Specify the secret key for the viewer password." default:"viewer-password"`
+
+	AuthAdminRbacUser  string `group:"auth" help:"Specify the RBAC user to use for admin access." default:"kluctl-webui-admin"`
+	AuthViewerRbacUser string `group:"auth" help:"Specify the RBAC user to use for viewer access." default:"kluctl-webui-viewer"`
+
+	AuthOidcIssuerUrl        string   `group:"auth" help:"Specify the OIDC provider's issuer URL."`
+	AuthOidcDisplayName      string   `group:"auth" help:"Specify the name of the OIDC provider to be displayed on the login page." default:"OpenID Connect"`
+	AuthOidcClientID         string   `group:"auth" help:"Specify the ClientID."`
+	AuthOidcClientSecretName string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"webui-secret"`
+	AuthOidcClientSecretKey  string   `group:"auth" help:"Specify the secret name for the ClientSecret." default:"oidc-client-secret"`
+	AuthOidcRedirectURL      string   `group:"auth" help:"Specify the redirect URL."`
+	AuthOidcScope            []string `group:"auth" help:"Specify the scopes."`
+	AuthOidcParam            []string `group:"auth" help:"Specify additional parameters to be passed to the authorize endpoint."`
+	AuthOidcUserClaim        string   `group:"auth" help:"Specify claim for the username.'" default:"email"`
+	AuthOidcGroupClaim       string   `group:"auth" help:"Specify claim for the groups.'" default:"groups"`
+	AuthOidcAdminsGroup      []string `group:"auth" help:"Specify admins group names.'"`
+	AuthOidcViewersGroup     []string `group:"auth" help:"Specify viewers group names.'"`
+
+	AuthLogoutURL         string `group:"auth" help:"Specify the logout URL, to which the user should be redirected after clearing the Kluctl Webui session."`
+	AuthLogoutReturnParam string `group:"auth" help:"Specify the parameter name to pass to the logout redirect url, containing the return URL to redirect back."`
+}
+
+func (cmd *webuiRunCmd) Help() string {
+	return `This command will run the Kluctl Webui. It can be run in two modes:
+1. Locally, simply by invoking 'kluctl webui', which will run the Webui against the current Kubernetes context.
+2. On a Kubernetes Cluster. See https://kluctl.io/docs/kluctl/installation/#installing-the-webui for details and documentation.
+`
+}
+
+func (cmd *webuiRunCmd) buildAuthConfig(ctx context.Context, c client.Client) (webui.AuthConfig, error) {
+	var authConfig webui.AuthConfig
+	authConfig.AuthEnabled = cmd.InCluster
+
+	authConfig.AuthSecretName = cmd.AuthSecretName
+	authConfig.AuthSecretKey = cmd.AuthSecretKey
+
+	authConfig.StaticLoginEnabled = cmd.AuthStaticLoginEnabled
+	authConfig.StaticLoginSecretName = cmd.AuthStaticLoginSecretName
+	authConfig.StaticAdminSecretKey = cmd.AuthStaticAdminSecretKey
+	authConfig.StaticViewerSecretKey = cmd.AuthStaticViewerSecretKey
+
+	authConfig.AdminRbacUser = cmd.AuthAdminRbacUser
+	authConfig.ViewerRbacUser = cmd.AuthViewerRbacUser
+
+	authConfig.OidcIssuerUrl = cmd.AuthOidcIssuerUrl
+	authConfig.OidcDisplayName = cmd.AuthOidcDisplayName
+	if cmd.AuthOidcIssuerUrl != "" {
+		authConfig.OidcClientId = cmd.AuthOidcClientID
+		authConfig.OidcClientSecretName = cmd.AuthOidcClientSecretName
+		authConfig.OidcClientSecretKey = cmd.AuthOidcClientSecretKey
+		authConfig.OidcRedirectUrl = cmd.AuthOidcRedirectURL
+		authConfig.OidcScopes = cmd.AuthOidcScope
+		authConfig.OidcParams = cmd.AuthOidcParam
+		authConfig.OidcUserClaim = cmd.AuthOidcUserClaim
+		authConfig.OidcGroupClaim = cmd.AuthOidcGroupClaim
+		authConfig.OidcAdminsGroups = cmd.AuthOidcAdminsGroup
+		authConfig.OidcViewersGroups = cmd.AuthOidcViewersGroup
+		authConfig.LogoutUrl = cmd.AuthLogoutURL
+		authConfig.LogoutReturnParam = cmd.AuthLogoutReturnParam
+	}
+
+	return authConfig, nil
+}
+
+func (cmd *webuiRunCmd) Run(ctx context.Context) error {
+	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
+		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
+	}
+	if cmd.OnlyApi && cmd.StaticPath != "" {
+		return fmt.Errorf("--static-path can not be combined with --only-api")
+	}
+
+	if !cmd.InCluster { // no authentication?
+		if cmd.Host == "" {
+			// we only use "localhost" as default if not running inside a cluster
+			cmd.Host = "localhost"
+		}
+		if cmd.Host != "localhost" {
+			isNonLocal := cmd.Host == ""
+			if a, err := netip.ParseAddr(cmd.Host); err == nil { // on error, we assume it's a hostname
+				if !a.IsLoopback() {
+					isNonLocal = true
+				}
+			}
+			if isNonLocal {
+				status.Warning(ctx, "When running the webui without authentication enabled, it is extremely dangerous to expose it to non-localhost addresses, as the webui is running with admin privileges.")
+			}
+		}
+	}
+
+	var authConfig webui.AuthConfig
+
+	var inClusterConfig *rest.Config
+	var inClusterClient client.Client
+	if cmd.InCluster {
+		configOverrides := &clientcmd.ConfigOverrides{
+			CurrentContext: cmd.InClusterContext,
+		}
+		var err error
+		inClusterConfig, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+			clientcmd.NewDefaultClientConfigLoadingRules(),
+			configOverrides).ClientConfig()
+		if err != nil {
+			return err
+		}
+		inClusterClient, err = client.NewWithWatch(inClusterConfig, client.Options{})
+		if err != nil {
+			return err
+		}
+
+		authConfig, err = cmd.buildAuthConfig(ctx, inClusterClient)
+		if err != nil {
+			return err
+		}
+	}
+
+	stores, configs, err := cmd.createResultStores(ctx)
+	if err != nil {
+		return err
+	}
+
+	collector := results.NewResultsCollector(ctx, stores)
+	collector.Start()
+
+	if cmd.StaticPath != "" {
+		st := status.Start(ctx, "Collecting results")
+		defer st.Failed()
+		err = collector.WaitForResults(time.Second, time.Second*30)
+		if err != nil {
+			return err
+		}
+		st.Success()
+		sbw := webui.NewStaticWebuiBuilder(collector)
+		return sbw.Build(cmd.StaticPath)
+	} else {
+		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
+		if err != nil {
+			return err
+		}
+		return server.Run(cmd.Host, cmd.Port, isTerminal)
+	}
+}

From db85f66c2941356189c5e563c0023cc73047a27d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 14:13:44 +0200
Subject: [PATCH 1478/2268] feat: Introduce webui build command

---
 cmd/kluctl/commands/cmd_webui.go       | 13 ++++----
 cmd/kluctl/commands/cmd_webui_build.go | 46 ++++++++++++++++++++++++++
 cmd/kluctl/commands/cmd_webui_run.go   | 27 +++------------
 pkg/webui/ui/src/setupProxy.js         |  7 ----
 4 files changed, 58 insertions(+), 35 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_webui_build.go

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 383993b7c..841a9733f 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -10,10 +10,11 @@ import (
 )
 
 type webuiCmd struct {
-	Run_ webuiRunCmd `cmd:"run" help:"Run the Kluctl Webui"`
+	Run_  webuiRunCmd   `cmd:"run" help:"Run the Kluctl Webui"`
+	Build webuiBuildCmd `cmd:"build" help:"Build the static Kluctl Webui"`
 }
 
-func (cmd *webuiRunCmd) createResultStores(ctx context.Context) ([]results.ResultStore, []*rest.Config, error) {
+func createResultStores(ctx context.Context, k8sContexts []string, allContexts bool, inCluster bool) ([]results.ResultStore, []*rest.Config, error) {
 	r := clientcmd.NewDefaultClientConfigLoadingRules()
 
 	kcfg, err := r.Load()
@@ -25,19 +26,19 @@ func (cmd *webuiRunCmd) createResultStores(ctx context.Context) ([]results.Resul
 	var configs []*rest.Config
 
 	var contexts []string
-	if cmd.AllContexts {
+	if allContexts {
 		for name, _ := range kcfg.Contexts {
 			contexts = append(contexts, name)
 		}
-	} else if cmd.InCluster {
+	} else if inCluster {
 		// placeholder for current context
 		contexts = append(contexts, "")
 	} else {
-		if len(cmd.Context) == 0 {
+		if len(k8sContexts) == 0 {
 			// placeholder for current context
 			contexts = append(contexts, "")
 		}
-		for _, c := range cmd.Context {
+		for _, c := range k8sContexts {
 			found := false
 			for name, _ := range kcfg.Contexts {
 				if c == name {
diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
new file mode 100644
index 000000000..034c10186
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -0,0 +1,46 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/webui"
+	"time"
+)
+
+type webuiBuildCmd struct {
+	Context     []string `group:"misc" help:"List of kubernetes contexts to use. Defaults to the current context."`
+	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
+	Path        string   `group:"misc" help:"Output path." required:"true"`
+}
+
+func (cmd *webuiBuildCmd) Help() string {
+	return `This command will build the static Kluctl Webui.
+`
+}
+
+func (cmd *webuiBuildCmd) Run(ctx context.Context) error {
+	if !webui.IsWebUiBuildIncluded() {
+		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
+	}
+
+	stores, _, err := createResultStores(ctx, cmd.Context, cmd.AllContexts, false)
+	if err != nil {
+		return err
+	}
+
+	collector := results.NewResultsCollector(ctx, stores)
+	collector.Start()
+
+	st := status.Start(ctx, "Collecting results")
+	defer st.Failed()
+	err = collector.WaitForResults(time.Second, time.Second*30)
+	if err != nil {
+		return err
+	}
+	st.Success()
+
+	sbw := webui.NewStaticWebuiBuilder(collector)
+	return sbw.Build(cmd.Path)
+}
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index 65ef1935b..6091e0301 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -10,7 +10,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"net/netip"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"time"
 )
 
 type webuiRunCmd struct {
@@ -18,7 +17,6 @@ type webuiRunCmd struct {
 	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
-	StaticPath  string   `group:"misc" help:"Build static webui."`
 
 	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
 	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
@@ -99,9 +97,6 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 	if !cmd.OnlyApi && !webui.IsWebUiBuildIncluded() {
 		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
 	}
-	if cmd.OnlyApi && cmd.StaticPath != "" {
-		return fmt.Errorf("--static-path can not be combined with --only-api")
-	}
 
 	if !cmd.InCluster { // no authentication?
 		if cmd.Host == "" {
@@ -147,7 +142,7 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 		}
 	}
 
-	stores, configs, err := cmd.createResultStores(ctx)
+	stores, configs, err := createResultStores(ctx, cmd.Context, cmd.AllContexts, cmd.InCluster)
 	if err != nil {
 		return err
 	}
@@ -155,21 +150,9 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 	collector := results.NewResultsCollector(ctx, stores)
 	collector.Start()
 
-	if cmd.StaticPath != "" {
-		st := status.Start(ctx, "Collecting results")
-		defer st.Failed()
-		err = collector.WaitForResults(time.Second, time.Second*30)
-		if err != nil {
-			return err
-		}
-		st.Success()
-		sbw := webui.NewStaticWebuiBuilder(collector)
-		return sbw.Build(cmd.StaticPath)
-	} else {
-		server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
-		if err != nil {
-			return err
-		}
-		return server.Run(cmd.Host, cmd.Port, isTerminal)
+	server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
+	if err != nil {
+		return err
 	}
+	return server.Run(cmd.Host, cmd.Port, isTerminal)
 }
diff --git a/pkg/webui/ui/src/setupProxy.js b/pkg/webui/ui/src/setupProxy.js
index 3ae1e861e..5682a303f 100644
--- a/pkg/webui/ui/src/setupProxy.js
+++ b/pkg/webui/ui/src/setupProxy.js
@@ -1,13 +1,6 @@
 const { createProxyMiddleware } = require('http-proxy-middleware');
 
 module.exports = function(app) {
-    app.use(
-        '/staticdata',
-        createProxyMiddleware({
-            target: 'http://localhost:9090',
-            changeOrigin: true,
-        })
-    );
     app.use(
         '/api',
         createProxyMiddleware({

From dafcc4e8882e76ed5f231fcc59d17b8a6812c2c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 14:16:13 +0200
Subject: [PATCH 1479/2268] refactor: Let AppContext hold user, authInfo and
 app as well

---
 pkg/webui/ui/src/components/App.tsx           | 51 ++++++++++---------
 pkg/webui/ui/src/components/LogsViewer.tsx    | 10 ++--
 .../ui/src/components/ResultObjectViewer.tsx  |  8 +--
 .../command-result/CommandResultCard.tsx      | 17 +++----
 .../command-result/CommandResultTree.tsx      |  6 +--
 .../components/command-result/SidePanel.tsx   | 10 ++--
 .../components/targets-view/TargetItem.tsx    | 23 ++++-----
 .../components/targets-view/TargetsView.tsx   |  6 +--
 8 files changed, 65 insertions(+), 66 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 64444b131..bd4de0ce5 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -21,28 +21,25 @@ export function useAppOutletContext(): AppOutletContext {
 }
 
 export interface AppContextProps {
+    api: Api
+    user: User
+    authInfo: AuthInfo
     commandResultSummaries: Map<string, CommandResultSummary>
     projects: ProjectSummary[]
     validateResultSummaries: Map<string, ValidateResultSummary>
     shortNames: ShortName[]
 }
-export const AppContext = createContext<AppContextProps>({
-    commandResultSummaries: new Map(),
-    projects: [],
-    validateResultSummaries: new Map(),
-    shortNames: []
-});
-
-export const ApiContext = createContext<Api>(new StaticApi())
-export const UserContext = createContext<User | undefined>(undefined)
+export const AppContext = createContext<AppContextProps | undefined>(undefined);
+export function useAppContext() {
+    return useContext(AppContext)!
+}
 
 export interface KluctlDeploymentWithClusterId {
     deployment: any
     clusterId: string
 }
 
-const LoggedInApp = (props: { onLogout: () => void }) => {
-    const api = useContext(ApiContext)
+const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout: () => void }) => {
     const [filters, setFilters] = useState<ActiveFilters>()
 
     const commandResultSummariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
@@ -94,7 +91,7 @@ const LoggedInApp = (props: { onLogout: () => void }) => {
 
         console.log("starting listenResults")
         let cancel: Promise<() => void>
-        cancel = api.listenEvents(undefined, undefined, msg => {
+        cancel = props.api.listenEvents(undefined, undefined, msg => {
             switch (msg.type) {
                 case "update_command_result_summary":
                     updateCommandResultSummary(msg.summary)
@@ -120,15 +117,15 @@ const LoggedInApp = (props: { onLogout: () => void }) => {
             console.log("cancel listenResults")
             cancel.then(c => c())
         }
-    }, [api])
+    }, [props.api])
 
     const projects = useMemo(() => {
         return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, filters)
     }, [commandResultSummaries, validateResultSummaries, kluctlDeployments, filters])
 
     const [loading, loadingError, shortNames] = useLoadingHelper<ShortName[]>(true,
-        () => api.getShortNames(),
-        [api]
+        () => props.api.getShortNames(),
+        [props.api]
     );
     
     if (loading) {
@@ -142,6 +139,9 @@ const LoggedInApp = (props: { onLogout: () => void }) => {
     }
 
     const appContext: AppContextProps = {
+        api: props.api,
+        user: props.user,
+        authInfo: props.authInfo,
         commandResultSummaries: commandResultSummariesRef.current,
         projects,
         validateResultSummaries: validateResultSummaries,
@@ -189,15 +189,18 @@ const App = () => {
         }
 
         const doInit = async () => {
+            console.log("checking if this is a static webui build")
             const isStatic = await checkStaticBuild()
+            console.log("isStatic=" + isStatic)
+            let api: Api
             if (isStatic) {
-                setApi(new StaticApi())
+                api = new StaticApi()
             } else {
-                const api = new RealApi(onUnauthorized)
-                const authInfo = await api.getAuthInfo()
-                setApi(api)
-                setAuthInfo(authInfo)
+                api = new RealApi(onUnauthorized)
             }
+            const authInfo = await api.getAuthInfo()
+            setApi(api)
+            setAuthInfo(authInfo)
         }
         doInit()
         // eslint-disable-next-line react-hooks/exhaustive-deps
@@ -222,6 +225,8 @@ const App = () => {
         doGetUser()
     }, [user, api])
 
+    console.log(api, authInfo)
+
     if (!api || !authInfo) {
         return <Loading />
     }
@@ -230,11 +235,7 @@ const App = () => {
         return <Login authInfo={authInfo} />
     }
 
-    return <ApiContext.Provider value={api}>
-        <UserContext.Provider value={user}>
-            <LoggedInApp onLogout={onLogout}/>
-        </UserContext.Provider>
-    </ApiContext.Provider>
+    return <LoggedInApp onLogout={onLogout} api={api} user={user} authInfo={authInfo}/>
 }
 
 export default App;
diff --git a/pkg/webui/ui/src/components/LogsViewer.tsx b/pkg/webui/ui/src/components/LogsViewer.tsx
index 970080f75..624191f87 100644
--- a/pkg/webui/ui/src/components/LogsViewer.tsx
+++ b/pkg/webui/ui/src/components/LogsViewer.tsx
@@ -1,11 +1,11 @@
-import React, { useContext, useEffect, useState } from "react";
-import { ApiContext } from "./App";
+import React, { useEffect, useState } from "react";
+import { useAppContext } from "./App";
 import { Box } from "@mui/material";
 import { VariableSizeList as List } from 'react-window';
 import AutoSizer from "react-virtualized-auto-sizer";
 
 export function LogsViewer(props: { cluster?: string, name?: string, namespace?: string, reconcileId?: string }) {
-    const api = useContext(ApiContext);
+    const appCtx = useAppContext();
     const [lines, setLines] = useState<any[]>([])
 
     useEffect(() => {
@@ -16,11 +16,11 @@ export function LogsViewer(props: { cluster?: string, name?: string, namespace?:
             setLines(lines)
         }
 
-        const cancel = api.watchLogs(props.cluster, props.name, props.namespace, props.reconcileId, (jsonLines: any[]) => {
+        const cancel = appCtx.api.watchLogs(props.cluster, props.name, props.namespace, props.reconcileId, (jsonLines: any[]) => {
             appendLines(jsonLines)
         })
         return cancel
-    }, [props.cluster, props.name, props.namespace, props.reconcileId, api])
+    }, [props.cluster, props.name, props.namespace, props.reconcileId, appCtx.api])
 
     const lineHeight = 25
 
diff --git a/pkg/webui/ui/src/components/ResultObjectViewer.tsx b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
index 104db9abc..990f6db5c 100644
--- a/pkg/webui/ui/src/components/ResultObjectViewer.tsx
+++ b/pkg/webui/ui/src/components/ResultObjectViewer.tsx
@@ -1,18 +1,18 @@
 import { CommandResult, ObjectRef } from "../models";
 import { ObjectType } from "../api";
-import React, { useContext } from "react";
+import React from "react";
 
 import { Loading, useLoadingHelper } from "./Loading";
-import { ApiContext } from "./App";
+import { useAppContext } from "./App";
 import * as yaml from 'js-yaml';
 import { ErrorMessage } from "./ErrorMessage";
 import { Box } from "@mui/material";
 import { K8sManifestViewer } from "./K8sManifestViewer";
 
 export const ResultObjectViewer = (props: { cr: CommandResult, objectRef: ObjectRef, objectType: ObjectType }) => {
-    const api = useContext(ApiContext)
+    const appCtx = useAppContext()
     const [loading, error, content] = useLoadingHelper<string>(true, async () => {
-        const o = await api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
+        const o = await appCtx.api.getCommandResultObject(props.cr.id, props.objectRef, props.objectType)
         return yaml.dump(o)
     }, [props.cr.id, props.objectRef, props.objectType])
 
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 3a0941a09..02703d979 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -1,4 +1,4 @@
-import React, { useContext } from "react";
+import React from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CommandResult, CommandResultSummary } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
@@ -7,7 +7,7 @@ import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
 import { CardTemplate } from "../targets-view/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
-import { ApiContext, UserContext } from "../App";
+import { useAppContext } from "../App";
 import { CommandResultBody } from "./CommandResultView";
 import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { YamlViewer } from "../YamlViewer";
@@ -15,8 +15,7 @@ import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 
 const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
-    const api = useContext(ApiContext)
-    const user = useContext(UserContext)
+    const appCtx = useAppContext()
     const handleApprove = (approve: boolean) => {
         if (!props.ts.kdInfo || !props.ts.kd) {
             return
@@ -25,13 +24,13 @@ const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
             if (!props.rs.renderedObjectsHash) {
                 return
             }
-            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
+            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
         } else {
-            api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
+            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
         }
     }
 
-    if (!user?.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
+    if (!appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
         return <></>
     }
     if (props.rs.id !== props.ts.commandResults[0].id) {
@@ -87,13 +86,13 @@ export const CommandResultCard = React.memo(React.forwardRef((
     },
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
-    const api = useContext(ApiContext)
+    const appCtx = useAppContext()
 
     const [loading, error, cr] = useLoadingHelper<CommandResult | undefined>(props.loadData, async () => {
         if (!props.loadData) {
             return undefined
         }
-        return await api.getCommandResult(props.rs.id)
+        return await appCtx.api.getCommandResult(props.rs.id)
     }, [props.rs.id, props.loadData])
 
     let icon: React.ReactElement
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
index 188e4bac7..5fb0e0f7d 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
@@ -1,5 +1,5 @@
 import * as React from 'react';
-import { useContext, useState } from 'react';
+import { useState } from 'react';
 import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
 import { NodeData } from "./nodes/NodeData";
@@ -7,7 +7,7 @@ import { ActiveFilters, DoFilterSwitches } from "../FilterBar";
 import { Box, Divider, useTheme } from '@mui/material';
 import { TriangleDownIcon, TriangleRightIcon } from '../../icons/Icons';
 import { CommandResultNodeData } from "./nodes/CommandResultNode";
-import { AppContext } from "../App";
+import { useAppContext } from "../App";
 
 export interface CommandResultTreeProps {
     rootNode: CommandResultNodeData
@@ -18,7 +18,7 @@ export interface CommandResultTreeProps {
 
 const CommandResultTree = (props: CommandResultTreeProps) => {
     const theme = useTheme();
-    const appContext = useContext(AppContext)
+    const appContext = useAppContext()
     const [expanded, setExpanded] = useState<string[]>(["root"]);
 
     const handleToggle = (event: React.SyntheticEvent, nodeIds: string[]) => {
diff --git a/pkg/webui/ui/src/components/command-result/SidePanel.tsx b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
index 8229dbb73..550aded60 100644
--- a/pkg/webui/ui/src/components/command-result/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
@@ -1,9 +1,9 @@
 import { Box, Divider, Tab, ThemeProvider } from "@mui/material";
-import React, { useCallback, useContext, useEffect, useMemo, useState } from "react";
+import React, { useCallback, useEffect, useMemo, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { light } from "../theme";
 import { User } from "../../api";
-import { UserContext } from "../App";
+import { useAppContext } from "../App";
 
 export interface SidePanelTab {
     label: string
@@ -22,15 +22,15 @@ export interface SidePanelProps {
 
 export function useSidePanelTabs(provider?: SidePanelProvider) {
     const [selectedTab, setSelectedTab] = useState<string>();
-    const user = useContext(UserContext)
+    const appCtx = useAppContext()
 
     const handleTabChange = useCallback((_e: React.SyntheticEvent, value: string) => {
         setSelectedTab(value);
     }, []);
 
     const tabs = useMemo(
-        () => provider?.buildSidePanelTabs(user) || [],
-        [provider, user]
+        () => provider?.buildSidePanelTabs(appCtx.user) || [],
+        [provider, appCtx.user]
     );
 
     useEffect(() => {
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index c1391783e..e084307ec 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -1,7 +1,7 @@
 import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
-import React, { useContext, useState } from "react";
+import React, { useState } from "react";
 import Tooltip from "@mui/material/Tooltip";
 import {
     Approval,
@@ -21,7 +21,6 @@ import {
 } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { ApiContext, UserContext } from "../App";
 import { CardBody, CardTemplate } from "./Card";
 import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
@@ -34,6 +33,7 @@ import { LogsViewer } from "../LogsViewer";
 import { K8sManifestViewer } from "../K8sManifestViewer";
 import { YamlViewer } from "../YamlViewer";
 import { gitRefToString } from "../../utils/git";
+import { useAppContext } from "../App";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -174,14 +174,14 @@ const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
 }) => {
-    const api = useContext(ApiContext);
+    const appCtx = useAppContext()
     const [initialLoading, setInitialLoading] = useState(true)
 
     const [loading, error, vr] = useLoadingHelper<ValidateResult | undefined>(true, async () => {
         if (!props.ts.lastValidateResult) {
             return undefined
         }
-        const o = await api.getValidateResult(props.ts.lastValidateResult?.id)
+        const o = await appCtx.api.getValidateResult(props.ts.lastValidateResult?.id)
         return o
     }, [props.ts.lastValidateResult?.id])
 
@@ -211,31 +211,30 @@ export const TargetItem = React.memo(React.forwardRef((
     },
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
-    const api = useContext(ApiContext)
-    const user = useContext(UserContext)
+    const appCtx = useAppContext()
     const actionMenuItems: ActionMenuItem[] = []
     const kd = props.ts.kd
 
-    if (kd && user && user.isAdmin) {
+    if (kd && appCtx.user.isAdmin) {
         actionMenuItems.push({
             icon: <Troubleshoot/>,
             text: <Typography>Validate</Typography>,
             handler: () => {
-                api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+                appCtx.api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <PublishedWithChanges/>,
             text: <Typography>Reconcile</Typography>,
             handler: () => {
-                api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+                appCtx.api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
             icon: <RocketLaunch/>,
             text: <Typography>Deploy</Typography>,
             handler: () => {
-                api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+                appCtx.api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         if (!kd.deployment.spec.suspend) {
@@ -243,7 +242,7 @@ export const TargetItem = React.memo(React.forwardRef((
                 icon: <Pause/>,
                 text: <Typography>Suspend</Typography>,
                 handler: () => {
-                    api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
+                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
                 }
             })
         } else {
@@ -251,7 +250,7 @@ export const TargetItem = React.memo(React.forwardRef((
                 icon: <PlayArrow/>,
                 text: <Typography>Resume</Typography>,
                 handler: () => {
-                    api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
+                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
                 }
             })
         }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 0e567b35e..455d1c5c2 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -1,7 +1,7 @@
 import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } from "../../models";
 import { Box, Typography, useTheme } from "@mui/material";
-import React, { useCallback, useContext, useMemo } from "react";
-import { AppContext } from "../App";
+import React, { useCallback, useMemo } from "react";
+import { useAppContext } from "../App";
 import { ProjectItem } from "./ProjectItem";
 import { TargetItem } from "./TargetItem";
 import Divider from "@mui/material/Divider";
@@ -178,7 +178,7 @@ export const TargetsView = () => {
     const navigate = useNavigate();
     const loc = useLocation();
     const [searchParams] = useSearchParams()
-    const appContext = useContext(AppContext);
+    const appContext = useAppContext();
     const projects = appContext.projects;
 
     const fullResultStr = searchParams.get("full")

From b0e8cdba1258e2ac0b34c3df650df48b6f06ec59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 14:53:58 +0200
Subject: [PATCH 1480/2268] fix: Add missing KluctlDeployments to staticdata

---
 cmd/kluctl/commands/cmd_webui_build.go |  4 +--
 pkg/results/result-store-secrets.go    | 14 +++++++--
 pkg/results/result-store.go            |  2 +-
 pkg/results/results-collector.go       |  6 ++--
 pkg/webui/staticbuilder.go             | 43 ++++++++++++++++++++++++--
 pkg/webui/ui/src/api.tsx               | 35 ++++++++++++++++++---
 pkg/webui/ui/src/staticbuild.d.ts      |  2 +-
 7 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
index 034c10186..ffa936bb0 100644
--- a/cmd/kluctl/commands/cmd_webui_build.go
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -33,7 +33,7 @@ func (cmd *webuiBuildCmd) Run(ctx context.Context) error {
 	collector := results.NewResultsCollector(ctx, stores)
 	collector.Start()
 
-	st := status.Start(ctx, "Collecting results")
+	st := status.Start(ctx, "Collecting summaries")
 	defer st.Failed()
 	err = collector.WaitForResults(time.Second, time.Second*30)
 	if err != nil {
@@ -42,5 +42,5 @@ func (cmd *webuiBuildCmd) Run(ctx context.Context) error {
 	st.Success()
 
 	sbw := webui.NewStaticWebuiBuilder(collector)
-	return sbw.Build(cmd.Path)
+	return sbw.Build(ctx, cmd.Path)
 }
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 8ea65aa9d..2a9162e2a 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -320,7 +320,7 @@ func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
 
 	deploymentsMap := map[result.KluctlDeploymentInfo]bool{}
 	for _, d := range deployments {
-		deploymentsMap[result.KluctlDeploymentInfo{Name: d.Name, Namespace: d.Namespace, ClusterId: s.clusterId}] = true
+		deploymentsMap[result.KluctlDeploymentInfo{Name: d.Deployment.Name, Namespace: d.Deployment.Namespace, ClusterId: s.clusterId}] = true
 	}
 
 	tryDeleteResult := func(secretKey client.ObjectKey, deployment *result.KluctlDeploymentInfo, id string, t string) {
@@ -785,13 +785,21 @@ func (s *ResultStoreSecrets) GetValidateResult(options GetValidateResultOptions)
 	return &vr, nil
 }
 
-func (s *ResultStoreSecrets) ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error) {
+func (s *ResultStoreSecrets) ListKluctlDeployments() ([]WatchKluctlDeploymentEvent, error) {
 	var l kluctlv1.KluctlDeploymentList
 	err := s.cache.List(s.ctx, &l)
 	if err != nil {
 		return nil, err
 	}
-	return l.Items, nil
+	ret := make([]WatchKluctlDeploymentEvent, 0, len(l.Items))
+	for _, x := range l.Items {
+		x := x
+		ret = append(ret, WatchKluctlDeploymentEvent{
+			ClusterId:  s.clusterId,
+			Deployment: &x,
+		})
+	}
+	return ret, nil
 }
 
 func (s *ResultStoreSecrets) WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error) {
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index fefd5e5e3..8b3517f16 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -47,7 +47,7 @@ type ResultStore interface {
 	WatchValidateResultSummaries(options ListResultSummariesOptions) (<-chan WatchValidateResultSummaryEvent, context.CancelFunc, error)
 	GetValidateResult(options GetValidateResultOptions) (*result.ValidateResult, error)
 
-	ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error)
+	ListKluctlDeployments() ([]WatchKluctlDeploymentEvent, error)
 	WatchKluctlDeployments() (<-chan WatchKluctlDeploymentEvent, context.CancelFunc, error)
 	GetKluctlDeployment(clusterId string, name string, namespace string) (*kluctlv1.KluctlDeployment, error)
 }
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index f141ed13c..5463e3ef6 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -391,12 +391,12 @@ func (rc *ResultsCollector) GetValidateResult(options GetValidateResultOptions)
 	return se.store.GetValidateResult(options)
 }
 
-func (rc *ResultsCollector) ListKluctlDeployments() ([]kluctlv1.KluctlDeployment, error) {
+func (rc *ResultsCollector) ListKluctlDeployments() ([]WatchKluctlDeploymentEvent, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()
-	ret := make([]kluctlv1.KluctlDeployment, 0, len(rc.commandResultSummaries))
+	ret := make([]WatchKluctlDeploymentEvent, 0, len(rc.kluctlDeployments))
 	for _, x := range rc.kluctlDeployments {
-		ret = append(ret, *x.event.Deployment)
+		ret = append(ret, x.event)
 	}
 	return ret, nil
 }
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index b1a72794b..d85bbb317 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -4,11 +4,13 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
 	"os"
 	"path/filepath"
+	"sync/atomic"
 )
 
 type StaticWebuiBuilder struct {
@@ -22,7 +24,7 @@ func NewStaticWebuiBuilder(store results.ResultStore) *StaticWebuiBuilder {
 	return ret
 }
 
-func (swb *StaticWebuiBuilder) Build(path string) error {
+func (swb *StaticWebuiBuilder) Build(ctx context.Context, path string) error {
 	tmpDir, err := os.MkdirTemp("", "")
 	if err != nil {
 		return err
@@ -34,12 +36,24 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
+	kds, err := swb.store.ListKluctlDeployments()
+	if err != nil {
+		return err
+	}
+
 	err = os.MkdirAll(filepath.Join(tmpDir, "staticdata"), 0o700)
 	if err != nil {
 		return err
 	}
 
-	gh := utils.NewGoHelper(context.Background(), 8)
+	doneCnt := atomic.Int32{}
+	buildStatusStr := func() string {
+		return fmt.Sprintf("Retrieved %d of %d results", doneCnt.Load(), len(summaries))
+	}
+	st := status.Start(ctx, buildStatusStr())
+	defer st.Failed()
+
+	gh := utils.NewGoHelper(ctx, 4)
 	for _, rs := range summaries {
 		rs := rs
 		gh.RunE(func() error {
@@ -71,11 +85,19 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 			if err != nil {
 				return err
 			}
+			doneCnt.Add(1)
+			st.Update(buildStatusStr())
 			return nil
 		})
 	}
 	gh.Wait()
 
+	err = gh.ErrorOrNil()
+	if err != nil {
+		return err
+	}
+	st.Success()
+
 	j, err := yaml.WriteJsonString(summaries)
 	if err != nil {
 		return err
@@ -86,6 +108,23 @@ func (swb *StaticWebuiBuilder) Build(path string) error {
 		return err
 	}
 
+	var kds2 []map[string]any
+	for _, kd := range kds {
+		kds2 = append(kds2, map[string]any{
+			"clusterId":  kd.ClusterId,
+			"deployment": kd.Deployment,
+		})
+	}
+	j, err = yaml.WriteJsonString(kds2)
+	if err != nil {
+		return err
+	}
+	j = `const staticKluctlDeployments=` + j
+	err = os.WriteFile(filepath.Join(tmpDir, "staticdata/kluctldeployments.js"), []byte(j), 0o600)
+	if err != nil {
+		return err
+	}
+
 	j, err = yaml.WriteJsonString(GetShortNames())
 	if err != nil {
 		return err
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 9bafe1ab0..826f8ab97 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,4 +1,11 @@
-import { AuthInfo, CommandResult, ObjectRef, ResultObject, ShortName, ValidateResult } from "./models";
+import {
+    AuthInfo,
+    CommandResult, CommandResultSummary,
+    ObjectRef,
+    ResultObject,
+    ShortName,
+    ValidateResult
+} from "./models";
 import _ from "lodash";
 import React from "react";
 import { Box, Typography } from "@mui/material";
@@ -7,6 +14,7 @@ import "./staticbuild.d.ts"
 import { loadScript } from "./loadscript";
 import { GitRef } from "./models-static";
 import { sleep } from "./utils/misc";
+import { KluctlDeploymentWithClusterId } from "./components/App";
 
 console.log(window.location)
 
@@ -299,16 +307,33 @@ export class StaticApi implements Api {
 
     async listenEvents(filterProject: string | undefined, filterSubDir: string | undefined, handle: (msg: any) => void): Promise<() => void> {
         await loadScript(staticPath + "/summaries.js")
+        await loadScript(staticPath + "/kluctldeployments.js")
 
-        staticSummaries.forEach(rs => {
-            if (filterProject && filterProject !== rs.project.normalizedGitUrl) {
+        staticKluctlDeployments.forEach(kd_ => {
+            const kd = kd_ as KluctlDeploymentWithClusterId
+            if (filterProject && filterProject !== kd.deployment.status?.projectKey?.gitRepoKey) {
                 return
             }
-            if (filterSubDir && filterSubDir !== rs.project.subDir) {
+            if (filterSubDir && filterSubDir !== kd.deployment.status?.projectKey?.subDir) {
                 return
             }
             handle({
-                "type": "update_summary",
+                "type": "update_kluctl_deployment",
+                "deployment": kd.deployment,
+                "clusterId": kd.clusterId,
+            })
+        })
+
+        staticSummaries.forEach(rs_ => {
+            const rs = rs_ as CommandResultSummary
+            if (filterProject && filterProject !== rs.projectKey.gitRepoKey) {
+                return
+            }
+            if (filterSubDir && filterSubDir !== rs.projectKey.subDir) {
+                return
+            }
+            handle({
+                "type": "update_command_result_summary",
                 "summary": rs,
             })
         })
diff --git a/pkg/webui/ui/src/staticbuild.d.ts b/pkg/webui/ui/src/staticbuild.d.ts
index f8d60218d..97d4e21cf 100644
--- a/pkg/webui/ui/src/staticbuild.d.ts
+++ b/pkg/webui/ui/src/staticbuild.d.ts
@@ -1,5 +1,5 @@
 declare const staticResults: Map<string, any>;
 
 declare const staticShortNames: any[];
-declare const staticProjects: any[];
+declare const staticKluctlDeployments: any[];
 declare const staticSummaries: any[];

From f8481fb871fa31434c78d02f4cacf861d031b71f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 15:56:03 +0200
Subject: [PATCH 1481/2268] refactor: Use immer to track events

---
 pkg/webui/ui/package-lock.json      | 26 ++++++++++++++--
 pkg/webui/ui/package.json           |  2 ++
 pkg/webui/ui/src/components/App.tsx | 48 ++++++++++++++++-------------
 pkg/webui/ui/src/index.tsx          |  3 ++
 4 files changed, 54 insertions(+), 25 deletions(-)

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index 93c5c8596..be777269d 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -23,6 +23,7 @@
         "@types/react": "^18.2.9",
         "@types/react-dom": "^18.2.4",
         "http-proxy-middleware": "^2.0.6",
+        "immer": "^10.0.2",
         "jdenticon": "^3.2.0",
         "js-sha256": "^0.9.0",
         "js-yaml": "^4.1.0",
@@ -42,6 +43,7 @@
         "remark-gfm": "^3.0.1",
         "sort-by": "^1.2.0",
         "typescript": "^4.9.5",
+        "use-immer": "^0.9.0",
         "web-vitals": "^2.1.4"
       },
       "devDependencies": {
@@ -9563,9 +9565,9 @@
       "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ=="
     },
     "node_modules/immer": {
-      "version": "9.0.21",
-      "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz",
-      "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==",
+      "version": "10.0.2",
+      "resolved": "https://registry.npmjs.org/immer/-/immer-10.0.2.tgz",
+      "integrity": "sha512-Rx3CqeqQ19sxUtYV9CU911Vhy8/721wRFnJv3REVGWUmoAcIwzifTsdmJte/MV+0/XpM35LZdQMBGkRIoLPwQA==",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/immer"
@@ -15835,6 +15837,15 @@
         "node": ">=8"
       }
     },
+    "node_modules/react-dev-utils/node_modules/immer": {
+      "version": "9.0.21",
+      "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz",
+      "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/immer"
+      }
+    },
     "node_modules/react-dev-utils/node_modules/loader-utils": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.2.1.tgz",
@@ -18227,6 +18238,15 @@
         "requires-port": "^1.0.0"
       }
     },
+    "node_modules/use-immer": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/use-immer/-/use-immer-0.9.0.tgz",
+      "integrity": "sha512-/L+enLi0nvuZ6j4WlyK0US9/ECUtV5v9RUbtxnn5+WbtaXYUaOBoKHDNL9I5AETdurQ4rIFIj/s+Z5X80ATyKw==",
+      "peerDependencies": {
+        "immer": ">=2.0.0",
+        "react": "^16.8.0 || ^17.0.1 || ^18.0.0"
+      }
+    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index ff87f8fe5..66b6d4176 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -19,6 +19,7 @@
     "@types/react": "^18.2.9",
     "@types/react-dom": "^18.2.4",
     "http-proxy-middleware": "^2.0.6",
+    "immer": "^10.0.2",
     "jdenticon": "^3.2.0",
     "js-sha256": "^0.9.0",
     "js-yaml": "^4.1.0",
@@ -38,6 +39,7 @@
     "remark-gfm": "^3.0.1",
     "sort-by": "^1.2.0",
     "typescript": "^4.9.5",
+    "use-immer": "^0.9.0",
     "web-vitals": "^2.1.4"
   },
   "scripts": {
diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index bd4de0ce5..542dc5f06 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -1,4 +1,4 @@
-import { createContext, Dispatch, SetStateAction, useContext, useEffect, useMemo, useRef, useState } from 'react';
+import { createContext, Dispatch, SetStateAction, useContext, useEffect, useMemo, useState } from 'react';
 
 import '../index.css';
 import { Box } from "@mui/material";
@@ -11,6 +11,7 @@ import { buildProjectSummaries, ProjectSummary } from "../project-summaries";
 import Login from "./Login";
 import { Loading, useLoadingHelper } from "./Loading";
 import { ErrorMessageCard } from './ErrorMessage';
+import { useImmer } from "use-immer";
 
 export interface AppOutletContext {
     filters?: ActiveFilters
@@ -42,51 +43,54 @@ export interface KluctlDeploymentWithClusterId {
 const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout: () => void }) => {
     const [filters, setFilters] = useState<ActiveFilters>()
 
-    const commandResultSummariesRef = useRef<Map<string, CommandResultSummary>>(new Map())
-    const validateResultSummariesRef = useRef<Map<string, ValidateResultSummary>>(new Map())
-    const kluctlDeploymentsRef = useRef<Map<string, KluctlDeploymentWithClusterId>>(new Map())
-    const [commandResultSummaries, setCommandResultSummaries] = useState(commandResultSummariesRef.current)
-    const [validateResultSummaries, setValidateResultSummaries] = useState(validateResultSummariesRef.current)
-    const [kluctlDeployments, setKluctlDeployments] = useState(kluctlDeploymentsRef.current)
+    const [commandResultSummaries, setCommandResultSummaries] = useImmer(new Map<string, CommandResultSummary>())
+    const [validateResultSummaries, setValidateResultSummaries] = useImmer(new Map<string, ValidateResultSummary>())
+    const [kluctlDeployments, setKluctlDeployments] = useImmer(new Map<string, KluctlDeploymentWithClusterId>())
 
     useEffect(() => {
         const updateCommandResultSummary = (rs: CommandResultSummary) => {
             console.log("update_command_result_summary", rs.id, rs.commandInfo.startTime)
-            commandResultSummariesRef.current.set(rs.id, rs)
-            setCommandResultSummaries(new Map(commandResultSummariesRef.current))
+            setCommandResultSummaries(draft => {
+                draft.set(rs.id, rs)
+            })
         }
 
         const deleteCommandResultSummary = (id: string) => {
             console.log("delete_command_result_summary", id)
-            commandResultSummariesRef.current.delete(id)
-            setCommandResultSummaries(new Map(commandResultSummariesRef.current))
+            setCommandResultSummaries(draft => {
+                draft.delete(id)
+            })
         }
 
         const updateValidateResultSummary = (vr: ValidateResultSummary) => {
             console.log("update_validate_result_summary", vr.id)
-            validateResultSummariesRef.current.set(vr.id, vr)
-            setValidateResultSummaries(new Map(validateResultSummariesRef.current))
+            setValidateResultSummaries(draft => {
+                draft.set(vr.id, vr)
+            })
         }
 
         const deleteValidateResultSummary = (id: string) => {
             console.log("delete_validate_result_summary", id)
-            validateResultSummariesRef.current.delete(id)
-            setValidateResultSummaries(new Map(validateResultSummariesRef.current))
+            setValidateResultSummaries(draft => {
+                draft.delete(id)
+            })
         }
 
         const updateKluctlDeployment = (kd: any, clusterId: string) => {
             console.log("update_kluctl_deployment", kd.metadata.uid, kd.metadata.name)
-            kluctlDeploymentsRef.current.set(kd.metadata.uid, {
-                deployment: kd,
-                clusterId: clusterId,
+            setKluctlDeployments(draft => {
+                draft.set(kd.metadata.uid, {
+                    deployment: kd,
+                    clusterId: clusterId,
+                })
             })
-            setKluctlDeployments(new Map(kluctlDeploymentsRef.current))
         }
 
         const deleteKluctlDeployment = (id: string) => {
             console.log("delete_kluctl_deployment", id)
-            kluctlDeploymentsRef.current.delete(id)
-            setKluctlDeployments(new Map(kluctlDeploymentsRef.current))
+            setKluctlDeployments(draft => {
+                draft.delete(id)
+            })
         }
 
         console.log("starting listenResults")
@@ -117,7 +121,7 @@ const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout
             console.log("cancel listenResults")
             cancel.then(c => c())
         }
-    }, [props.api])
+    }, [props.api, setCommandResultSummaries, setValidateResultSummaries, setKluctlDeployments])
 
     const projects = useMemo(() => {
         return buildProjectSummaries(commandResultSummaries, validateResultSummaries, kluctlDeployments, filters)
diff --git a/pkg/webui/ui/src/index.tsx b/pkg/webui/ui/src/index.tsx
index 56bd96bd1..2c2a6d144 100644
--- a/pkg/webui/ui/src/index.tsx
+++ b/pkg/webui/ui/src/index.tsx
@@ -10,6 +10,9 @@ import '@fontsource-variable/nunito';
 import { Router } from "./components/Router";
 import { ThemeProvider } from '@mui/material';
 import { light } from './components/theme';
+import { enableMapSet } from "immer";
+
+enableMapSet()
 
 const root = ReactDOM.createRoot(
     document.getElementById('root') as HTMLElement

From eb74a377b8bbbfcab0d2b09c00b6490b8d48397e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 15:56:38 +0200
Subject: [PATCH 1482/2268] feat: Limit number of command results in static
 build

---
 cmd/kluctl/commands/cmd_webui_build.go |  5 +++--
 pkg/webui/staticbuilder.go             | 24 ++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
index ffa936bb0..4a7b9951c 100644
--- a/cmd/kluctl/commands/cmd_webui_build.go
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -10,9 +10,10 @@ import (
 )
 
 type webuiBuildCmd struct {
+	Path        string   `group:"misc" help:"Output path." required:"true"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use. Defaults to the current context."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
-	Path        string   `group:"misc" help:"Output path." required:"true"`
+	MaxResults  int      `group:"misc" help:"Specify the maximum number of results per target." default:"1"`
 }
 
 func (cmd *webuiBuildCmd) Help() string {
@@ -41,6 +42,6 @@ func (cmd *webuiBuildCmd) Run(ctx context.Context) error {
 	}
 	st.Success()
 
-	sbw := webui.NewStaticWebuiBuilder(collector)
+	sbw := webui.NewStaticWebuiBuilder(collector, cmd.MaxResults)
 	return sbw.Build(ctx, cmd.Path)
 }
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index d85bbb317..d2da3f45a 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
@@ -15,11 +16,14 @@ import (
 
 type StaticWebuiBuilder struct {
 	store results.ResultStore
+
+	maxResults int
 }
 
-func NewStaticWebuiBuilder(store results.ResultStore) *StaticWebuiBuilder {
+func NewStaticWebuiBuilder(store results.ResultStore, maxResults int) *StaticWebuiBuilder {
 	ret := &StaticWebuiBuilder{
-		store: store,
+		store:      store,
+		maxResults: maxResults,
 	}
 	return ret
 }
@@ -41,6 +45,22 @@ func (swb *StaticWebuiBuilder) Build(ctx context.Context, path string) error {
 		return err
 	}
 
+	filtered := make([]result.CommandResultSummary, 0, len(summaries))
+	counts := map[ProjectTargetKey]int{}
+	for _, rs := range summaries {
+		key := ProjectTargetKey{
+			Project: rs.ProjectKey,
+			Target:  rs.TargetKey,
+		}
+		cnt := counts[key]
+		if cnt >= swb.maxResults {
+			continue
+		}
+		counts[key]++
+		filtered = append(filtered, rs)
+	}
+	summaries = filtered
+
 	err = os.MkdirAll(filepath.Join(tmpDir, "staticdata"), 0o700)
 	if err != nil {
 		return err

From f2e29ba7d07fdb9113e6a322d96684befa162034 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 15:58:09 +0200
Subject: [PATCH 1483/2268] fix: Don't show approve button in static build

---
 pkg/webui/ui/src/components/App.tsx           | 37 ++++++++++++-------
 .../command-result/CommandResultCard.tsx      |  2 +-
 .../components/command-result/SidePanel.tsx   |  9 ++---
 .../command-result/nodes/NodeData.tsx         |  4 +-
 .../command-result/nodes/ObjectNode.tsx       |  4 +-
 .../command-result/nodes/VarsSourceNode.tsx   | 13 ++++---
 6 files changed, 39 insertions(+), 30 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 542dc5f06..1afa251e3 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -25,6 +25,7 @@ export interface AppContextProps {
     api: Api
     user: User
     authInfo: AuthInfo
+    isStatic: boolean
     commandResultSummaries: Map<string, CommandResultSummary>
     projects: ProjectSummary[]
     validateResultSummaries: Map<string, ValidateResultSummary>
@@ -40,7 +41,7 @@ export interface KluctlDeploymentWithClusterId {
     clusterId: string
 }
 
-const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout: () => void }) => {
+const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, isStatic: boolean, onLogout: () => void }) => {
     const [filters, setFilters] = useState<ActiveFilters>()
 
     const [commandResultSummaries, setCommandResultSummaries] = useImmer(new Map<string, CommandResultSummary>())
@@ -131,7 +132,23 @@ const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout
         () => props.api.getShortNames(),
         [props.api]
     );
-    
+
+    const appCtx: AppContextProps = useMemo(() => {
+        return {
+            api: props.api,
+            user: props.user,
+            authInfo: props.authInfo,
+            isStatic: props.isStatic,
+            commandResultSummaries: commandResultSummaries,
+            projects,
+            validateResultSummaries: validateResultSummaries,
+            shortNames: shortNames || []
+        }
+    }, [
+        props.api, props.user, props.authInfo, props.isStatic,
+        commandResultSummaries, projects, validateResultSummaries, shortNames,
+    ])
+
     if (loading) {
         return <Loading />;
     }
@@ -142,23 +159,13 @@ const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, onLogout
         </ErrorMessageCard>;
     }
 
-    const appContext: AppContextProps = {
-        api: props.api,
-        user: props.user,
-        authInfo: props.authInfo,
-        commandResultSummaries: commandResultSummariesRef.current,
-        projects,
-        validateResultSummaries: validateResultSummaries,
-        shortNames: shortNames || []
-    }
-
     const outletContext: AppOutletContext = {
         filters: filters,
         setFilters: setFilters,
     }
 
     return (
-        <AppContext.Provider value={appContext}>
+        <AppContext.Provider value={appCtx}>
             <Box width={"100%"} height={"100%"}>
                 <LeftDrawer
                     content={<Outlet context={outletContext} />}
@@ -174,6 +181,7 @@ const App = () => {
     const [api, setApi] = useState<Api>()
     const [authInfo, setAuthInfo] = useState<AuthInfo>()
     const [user, setUser] = useState<User>()
+    const [isStatic, setIsStatic] = useState(false)
 
     const onLogout = () => {
         console.log("handle onLogout")
@@ -205,6 +213,7 @@ const App = () => {
             const authInfo = await api.getAuthInfo()
             setApi(api)
             setAuthInfo(authInfo)
+            setIsStatic(isStatic)
         }
         doInit()
         // eslint-disable-next-line react-hooks/exhaustive-deps
@@ -239,7 +248,7 @@ const App = () => {
         return <Login authInfo={authInfo} />
     }
 
-    return <LoggedInApp onLogout={onLogout} api={api} user={user} authInfo={authInfo}/>
+    return <LoggedInApp onLogout={onLogout} api={api} user={user} authInfo={authInfo} isStatic={isStatic}/>
 }
 
 export default App;
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 02703d979..b0c679e54 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -30,7 +30,7 @@ const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
         }
     }
 
-    if (!appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
+    if (appCtx.isStatic || !appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
         return <></>
     }
     if (props.rs.id !== props.ts.commandResults[0].id) {
diff --git a/pkg/webui/ui/src/components/command-result/SidePanel.tsx b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
index 550aded60..7eef7252b 100644
--- a/pkg/webui/ui/src/components/command-result/SidePanel.tsx
+++ b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
@@ -2,8 +2,7 @@ import { Box, Divider, Tab, ThemeProvider } from "@mui/material";
 import React, { useCallback, useEffect, useMemo, useState } from "react";
 import { TabContext, TabList, TabPanel } from "@mui/lab";
 import { light } from "../theme";
-import { User } from "../../api";
-import { useAppContext } from "../App";
+import { AppContextProps, useAppContext } from "../App";
 
 export interface SidePanelTab {
     label: string
@@ -12,7 +11,7 @@ export interface SidePanelTab {
 
 export interface SidePanelProvider {
     buildSidePanelTitle(): React.ReactNode
-    buildSidePanelTabs(user?: User): SidePanelTab[]
+    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[]
 }
 
 export interface SidePanelProps {
@@ -29,8 +28,8 @@ export function useSidePanelTabs(provider?: SidePanelProvider) {
     }, []);
 
     const tabs = useMemo(
-        () => provider?.buildSidePanelTabs(appCtx.user) || [],
-        [provider, appCtx.user]
+        () => provider?.buildSidePanelTabs(appCtx) || [],
+        [provider, appCtx]
     );
 
     useEffect(() => {
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index 687bf22e2..ca753a744 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -3,7 +3,7 @@ import React from "react";
 import { Box, Divider, Typography } from "@mui/material";
 import { ChangesTable } from "../ChangesTable";
 import { ErrorsTable } from "../../ErrorsTable";
-import { ObjectType, User } from "../../../api";
+import { ObjectType } from "../../../api";
 import { ResultObjectViewer } from "../../ResultObjectViewer";
 import { StatusLine } from "../CommandResultStatusLine";
 import { SidePanelProvider, SidePanelTab } from "../SidePanel";
@@ -110,7 +110,7 @@ export abstract class NodeData implements SidePanelProvider {
 
     abstract buildIcon(appContext: AppContextProps): [React.ReactNode, string]
 
-    abstract buildSidePanelTabs(user: User): SidePanelTab[]
+    abstract buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[]
 
     buildStatusLine(): React.ReactNode {
         return <StatusLine
diff --git a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
index 734ac3f37..1282653e3 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
@@ -40,7 +40,7 @@ export class ObjectNodeData extends NodeData {
         return [<BracketsCurlyIcon />, snStr]
     }
 
-    buildSidePanelTabs(user?: User): SidePanelTab[] {
+    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[] {
         const tabs = [
             { label: "Summary", content: this.buildSummaryPage() }
         ]
@@ -51,7 +51,7 @@ export class ObjectNodeData extends NodeData {
             tabs.push({ label: "Rendered", content: this.buildObjectPage(this.objectRef, ObjectType.Rendered) })
         }
 
-        if (user?.isAdmin) {
+        if (appContext.user.isAdmin) {
             if (findObjectByRef(this.commandResult.objects, this.objectRef)?.remote) {
                 tabs.push({ label: "Remote", content: this.buildObjectPage(this.objectRef, ObjectType.Remote) })
             }
diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index 28428256d..a9378b0d2 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -9,7 +9,8 @@ import { Alert, Box } from "@mui/material";
 
 import * as yaml from 'js-yaml';
 import { SidePanelTab } from "../SidePanel";
-import { buildGitRefString, User } from "../../../api";
+import { buildGitRefString } from "../../../api";
+import { AppContextProps } from "../../App";
 
 interface VarsSourceHandler {
     type: string
@@ -194,10 +195,10 @@ export class VarsSourceNodeData extends NodeData {
         return [h.icon(), h.type]
     }
 
-    buildSidePanelTabs(user?: User): SidePanelTab[] {
+    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[] {
         const tabs = [
             { label: "Summary", content: this.buildSummaryPage() },
-            { label: "Vars", content: this.buildVarsPage(user) }
+            { label: "Vars", content: this.buildVarsPage(appContext) }
         ]
         this.buildDiffAndHealthPages(tabs)
         return tabs
@@ -223,9 +224,9 @@ export class VarsSourceNodeData extends NodeData {
         </>
     }
 
-    buildVarsPage(user?: User): React.ReactNode {
-        const sensitiveWarning = user?.isAdmin && this.varsSource.renderedSensitive
-        const redactedWarning = !user?.isAdmin && this.varsSource.renderedSensitive
+    buildVarsPage(appCtx: AppContextProps): React.ReactNode {
+        const sensitiveWarning = appCtx.user.isAdmin && this.varsSource.renderedSensitive
+        const redactedWarning = !appCtx.user.isAdmin && this.varsSource.renderedSensitive
 
         return <Box>
             {redactedWarning && <Alert severity="error">Only admins can view sensitive vars!</Alert>}

From d20c86e0af399444bf5f89fd0e4efc7c45a3ca6f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 15:58:23 +0200
Subject: [PATCH 1484/2268] perf: Paralellise context initialization

---
 cmd/kluctl/commands/cmd_webui.go | 54 ++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 841a9733f..8e888b4cb 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -22,9 +23,6 @@ func createResultStores(ctx context.Context, k8sContexts []string, allContexts b
 		return nil, nil, err
 	}
 
-	var stores []results.ResultStore
-	var configs []*rest.Config
-
 	var contexts []string
 	if allContexts {
 		for name, _ := range kcfg.Contexts {
@@ -53,28 +51,38 @@ func createResultStores(ctx context.Context, k8sContexts []string, allContexts b
 		}
 	}
 
-	for _, c := range contexts {
-		configOverrides := &clientcmd.ConfigOverrides{
-			CurrentContext: c,
-		}
-		config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-			r,
-			configOverrides).ClientConfig()
-		if err != nil {
-			return nil, nil, err
-		}
+	gh := utils.NewGoHelper(ctx, 4)
+	stores := make([]results.ResultStore, len(contexts))
+	configs := make([]*rest.Config, len(contexts))
+	for i, c := range contexts {
+		i := i
+		c := c
+		gh.RunE(func() error {
+			configOverrides := &clientcmd.ConfigOverrides{
+				CurrentContext: c,
+			}
+			config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(r, configOverrides).ClientConfig()
+			if err != nil {
+				return err
+			}
 
-		client, err := client.NewWithWatch(config, client.Options{})
-		if err != nil {
-			return nil, nil, err
-		}
+			client, err := client.NewWithWatch(config, client.Options{})
+			if err != nil {
+				return err
+			}
 
-		store, err := results.NewResultStoreSecrets(ctx, config, client, "", 0, 0)
-		if err != nil {
-			return nil, nil, err
-		}
-		stores = append(stores, store)
-		configs = append(configs, config)
+			store, err := results.NewResultStoreSecrets(ctx, config, client, "", 0, 0)
+			if err != nil {
+				return err
+			}
+			stores[i] = store
+			configs[i] = config
+			return nil
+		})
+	}
+	gh.Wait()
+	if gh.ErrorOrNil() != nil {
+		return nil, nil, gh.ErrorOrNil()
 	}
 
 	return stores, configs, nil

From 5a0b008128f3f6c4246400661dbcd3e2ef0d98e2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 15:59:53 +0200
Subject: [PATCH 1485/2268] fix: Don't show logs tab in static builds

---
 .../components/command-result/nodes/CommandResultNode.tsx   | 5 +++--
 .../ui/src/components/command-result/nodes/ObjectNode.tsx   | 2 +-
 pkg/webui/ui/src/components/targets-view/TargetItem.tsx     | 6 +++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index a3c00c1c8..bba187610 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -9,6 +9,7 @@ import { LogsViewer } from "../../LogsViewer";
 import { CommandResult } from "../../../models";
 import { YamlViewer } from "../../YamlViewer";
 import { gitRefToString } from "../../../utils/git";
+import { AppContextProps } from "../../App";
 
 export class CommandResultNodeData extends NodeData {
     constructor(commandResult: CommandResult, id: string) {
@@ -23,7 +24,7 @@ export class CommandResultNodeData extends NodeData {
         return [<DeployIcon />, "result"]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(appCtx: AppContextProps): SidePanelTab[] {
         const tabs = [
             {label: "Summary", content: this.buildSummaryPage()},
             {label: "Target", content: this.buildTargetPage()},
@@ -31,7 +32,7 @@ export class CommandResultNodeData extends NodeData {
 
         this.buildDiffAndHealthPages(tabs)
 
-        if (this.commandResult.kluctlDeployment) {
+        if (!appCtx.isStatic && this.commandResult.kluctlDeployment) {
             tabs.push({
                 label: "Logs", content: <LogsViewer
                     cluster={this.commandResult.clusterInfo.clusterId}
diff --git a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
index 1282653e3..3fe3cdb05 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
@@ -4,7 +4,7 @@ import { CommandResult, ObjectRef } from "../../../models";
 import { NodeData } from "./NodeData";
 import { PublishedWithChanges, Settings, SettingsEthernet, SmartToy, SvgIconComponent } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
-import { findObjectByRef, ObjectType, User } from "../../../api";
+import { findObjectByRef, ObjectType } from "../../../api";
 import { SidePanelTab } from "../SidePanel";
 import { BracketsCurlyIcon } from '../../../icons/Icons';
 import { AppContextProps } from "../../App";
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
index e084307ec..7f8cd8fe0 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
@@ -33,7 +33,7 @@ import { LogsViewer } from "../LogsViewer";
 import { K8sManifestViewer } from "../K8sManifestViewer";
 import { YamlViewer } from "../YamlViewer";
 import { gitRefToString } from "../../utils/git";
-import { useAppContext } from "../App";
+import { AppContextProps, useAppContext } from "../App";
 
 const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
@@ -358,7 +358,7 @@ class TargetItemCardProvider implements SidePanelProvider {
         this.lastValidateResult = vr
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(appCtx: AppContextProps): SidePanelTab[] {
         if (!this.ts) {
             return []
         }
@@ -393,7 +393,7 @@ class TargetItemCardProvider implements SidePanelProvider {
             })
         }
 
-        if (this.ts.kd) {
+        if (!appCtx.isStatic && this.ts.kd) {
             tabs.push({
                 label: "Logs", content: <LogsViewer
                     cluster={this.ts.kdInfo?.clusterId}

From 8f1be95eaeb87be2c7ee54a2674bece9531fd39f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 16:03:46 +0200
Subject: [PATCH 1486/2268] fix: Don't show logout button when auth is disabled

---
 pkg/webui/ui/src/components/LeftDrawer.tsx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index b096b187b..c778d7c68 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -12,7 +12,7 @@ import ListItemButton from '@mui/material/ListItemButton';
 import ListItemIcon from '@mui/material/ListItemIcon';
 import ListItemText from '@mui/material/ListItemText';
 import { Link, useLocation } from "react-router-dom";
-import { AppOutletContext } from "./App";
+import { AppOutletContext, useAppContext } from "./App";
 import { KluctlLogo, KluctlText, LogoutIcon, TargetsIcon } from '../icons/Icons';
 import { dark } from './theme';
 import { Typography } from '@mui/material';
@@ -141,6 +141,7 @@ export default function LeftDrawer(props: {
     context: AppOutletContext,
     logout: () => void
 }) {
+    const appCtx = useAppContext()
     const [open, setOpen] = useState(true);
     const location = useLocation()
     const theme = useTheme();
@@ -186,11 +187,11 @@ export default function LeftDrawer(props: {
                                 <Item text={"Targets"} open={open} icon={<TargetsIcon />} to={"targets"} selected />
                             </List>
                         </Box>
-                        <Box flex='0 0 auto'>
+                        {appCtx.authInfo.authEnabled && <Box flex='0 0 auto'>
                             <List sx={{ padding: 0 }}>
                                 <Item text={"Log Out"} open={open} icon={<LogoutIcon />} onClick={props.logout} />
                             </List>
-                        </Box>
+                        </Box>}
                     </Box>
                 </Drawer>
             </ThemeProvider>

From 780af1010824a03750fdb0c9be5c5151b729480f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 16:43:26 +0200
Subject: [PATCH 1487/2268] fix: Defautl --host to localhost and only open
 browser if host is set

---
 cmd/kluctl/commands/cmd_webui_run.go |  2 +-
 pkg/webui/server.go                  | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index 6091e0301..0815924ad 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -13,7 +13,7 @@ import (
 )
 
 type webuiRunCmd struct {
-	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to localhost."`
+	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses." default:"localhost"`
 	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 4bf2c718a..1034ce4a4 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -158,12 +158,14 @@ func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) erro
 		Handler: router.Handler(),
 	}
 
-	url := fmt.Sprintf("http://%s", address)
-	status.Infof(s.ctx, "Webui is available at: %s\n", url)
+	if host != "" {
+		url := fmt.Sprintf("http://%s", address)
+		status.Infof(s.ctx, "Webui is available at: %s\n", url)
 
-	if openBrowser {
-		status.Infof(s.ctx, "Opening browser")
-		_ = utils.OpenBrowser(url)
+		if openBrowser {
+			status.Infof(s.ctx, "Opening browser")
+			_ = utils.OpenBrowser(url)
+		}
 	}
 
 	return httpServer.Serve(listener)

From ed323597f684e2aec62f8ff9f38dd50d73c6624a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 16:43:54 +0200
Subject: [PATCH 1488/2268] fix: Fix loading of generated scripts

---
 pkg/webui/ui/src/loadscript.ts | 55 ++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 12 deletions(-)

diff --git a/pkg/webui/ui/src/loadscript.ts b/pkg/webui/ui/src/loadscript.ts
index e8db35596..8ae9b0803 100644
--- a/pkg/webui/ui/src/loadscript.ts
+++ b/pkg/webui/ui/src/loadscript.ts
@@ -1,15 +1,48 @@
-const loadedScripts = new Map<string, any>()
 
-export const loadScript = (fileUrl: string, async = true, type = "text/javascript") => {
-    if (loadedScripts.has(fileUrl)) {
-        return loadedScripts.get(fileUrl)
+interface loadResult {
+    status: boolean
+    message?: string
+}
+const loadedScripts = new Map<string, Promise<loadResult>>()
+
+export async function loadScript(fileUrl: string) {
+    let p = loadedScripts.get(fileUrl)
+    if (!p) {
+        p = loadScript2(fileUrl)
+        loadedScripts.set(fileUrl, p)
+    }
+
+    const r = await p
+    if (!r.status) {
+        throw new Error(r.message)
     }
+}
 
-    const p = new Promise((resolve, reject) => {
+async function loadScript2(fileUrl: string): Promise<loadResult> {
+    const r = await fetch(fileUrl)
+
+    const contentType = r.headers.get("Content-Type")
+    if (!contentType) {
+        return {
+            status: false,
+            message: "not javascript"
+        }
+    }
+
+    console.log("ct="+contentType)
+    if (!contentType.startsWith("application/javascript")) {
+        console.log("error")
+        return {
+            status: false,
+            message: "not javascript"
+        }
+    }
+
+    const p = new Promise<loadResult>((resolve, reject) => {
         try {
             const scriptEle = document.createElement("script");
-            scriptEle.type = type;
-            scriptEle.async = async;
+            scriptEle.type = "application/javascript";
+            scriptEle.async = true;
             scriptEle.src = fileUrl;
 
             scriptEle.addEventListener("load", (ev) => {
@@ -17,9 +50,9 @@ export const loadScript = (fileUrl: string, async = true, type = "text/javascrip
             });
 
             scriptEle.addEventListener("error", (ev) => {
-                reject({
+                resolve({
                     status: false,
-                    message: `Failed to load the script ＄{FILE_URL}`
+                    message: `failed to load the script`
                 });
             });
 
@@ -29,7 +62,5 @@ export const loadScript = (fileUrl: string, async = true, type = "text/javascrip
         }
     });
 
-    loadedScripts.set(fileUrl, p)
-
     return p
-};
+}
\ No newline at end of file

From c99e3df30a886e82ebca34365e77e05e0e6f3c40 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 17:16:09 +0200
Subject: [PATCH 1489/2268] docs: Add webui build docs

---
 docs/reference/commands/webui-build.md | 36 ++++++++++++++++++++++++++
 docs/reference/commands/webui-run.md   |  5 ++--
 2 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 docs/reference/commands/webui-build.md

diff --git a/docs/reference/commands/webui-build.md b/docs/reference/commands/webui-build.md
new file mode 100644
index 000000000..bae3e34d7
--- /dev/null
+++ b/docs/reference/commands/webui-build.md
@@ -0,0 +1,36 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "webui build"
+linkTitle: "webui build"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "webui build" "Usage" false -->
+Usage: kluctl webui build [flags]
+
+Build the static Kluctl Webui
+This command will build the static Kluctl Webui.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "webui build" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --all-contexts          Use all Kubernetes contexts found in the kubeconfig.
+      --context stringArray   List of kubernetes contexts to use. Defaults to the current context.
+      --max-results int       Specify the maximum number of results per target. (default 1)
+      --path string           Output path.
+
+```
+<!-- END SECTION -->
+
diff --git a/docs/reference/commands/webui-run.md b/docs/reference/commands/webui-run.md
index afe4b7d17..40f19727c 100644
--- a/docs/reference/commands/webui-run.md
+++ b/docs/reference/commands/webui-run.md
@@ -26,13 +26,12 @@ Misc arguments:
 
       --all-contexts                Use all Kubernetes contexts found in the kubeconfig.
       --context stringArray         List of kubernetes contexts to use.
-      --host string                 Host to bind to. Pass an empty string to bind to all addresses. Defaults to
-                                    localhost.
+      --host string                 Host to bind to. Pass an empty string to bind to all addresses. (default
+                                    "localhost")
       --in-cluster                  This enables in-cluster functionality. This also enforces authentication.
       --in-cluster-context string   The context to use fo in-cluster functionality.
       --only-api                    Only serve API without the actual UI.
       --port int                    Port to bind to. (default 8080)
-      --static-path string          Build static webui.
 
 ```
 <!-- END SECTION -->

From d5bc92b25751dd5e356c9ccaf18e6cf723e81e06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Aug 2023 17:27:03 +0200
Subject: [PATCH 1490/2268] chore(deps): Bump github.com/aws/aws-sdk-go-v2 from
 1.20.2 to 1.21.0 (#740)

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.20.2 to 1.21.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.2...v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index cf567cf13..f1a9c0bfd 100644
--- a/go.mod
+++ b/go.mod
@@ -54,12 +54,12 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
-	github.com/aws/aws-sdk-go-v2 v1.20.2
+	github.com/aws/aws-sdk-go-v2 v1.21.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.33
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.33
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.3
-	github.com/aws/smithy-go v1.14.1
+	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/gin-contrib/sessions v0.0.5
diff --git a/go.sum b/go.sum
index 47a650883..5854f545e 100644
--- a/go.sum
+++ b/go.sum
@@ -117,8 +117,9 @@ github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
 github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
-github.com/aws/aws-sdk-go-v2 v1.20.2 h1:0Aok9u/HVTk7RtY6M1KDcthbaMKGhhS0eLPxIdSIzRI=
 github.com/aws/aws-sdk-go-v2 v1.20.2/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
+github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
+github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
 github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
 github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
@@ -154,8 +155,9 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IP
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.3 h1:s3wBkMxfA/u2EJJl6KRsPcWv858lDHkhinqXyN6fkZI=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.3/go.mod h1:b+y9zL57mwCRy6ftp9Nc7CONGHX3sZ50ZCLTrI5xpCc=
 github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
 github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
+github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 087434d84a7b60d70e505bcf00ca5faba705e2d7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 21:30:09 +0200
Subject: [PATCH 1491/2268] fix: Revert default --host handling (#744)

* docs: Add link to webui build command

* fix: Revert default --host handling
---
 cmd/kluctl/commands/cmd_webui_run.go | 2 +-
 docs/reference/commands/README.md    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index 0815924ad..19db85153 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -13,7 +13,7 @@ import (
 )
 
 type webuiRunCmd struct {
-	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses." default:"localhost"`
+	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to 'localhost' when run locally and to all hosts when run in-cluster."`
 	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
diff --git a/docs/reference/commands/README.md b/docs/reference/commands/README.md
index 14e14df26..88fb8608d 100644
--- a/docs/reference/commands/README.md
+++ b/docs/reference/commands/README.md
@@ -36,3 +36,4 @@ Individual commands are documented in sub-sections.
 14. [controller run](./controller-run.md)
 15. [controller install](./controller-install.md)
 16. [webui run](./webui-run.md)
+17. [webui build](./webui-build.md)

From 195270d0ad0637887ae6e80183c678244e4702cb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 14:29:59 +0200
Subject: [PATCH 1492/2268] fix: Upgrade to latest version of go-jinja2 to fix
 rendering of relative templates

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f1a9c0bfd..3964fd594 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/jinzhu/copier v0.3.5
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587
+	github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index 5854f545e..b5bff4edf 100644
--- a/go.sum
+++ b/go.sum
@@ -594,8 +594,8 @@ github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZX
 github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587 h1:sp9BhXobMzmd1qwbbQSIUMpj6ivDE+tYf3FeYVNvTLw=
-github.com/kluctl/go-jinja2 v0.0.0-20230625212202-e9c395af7587/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
+github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381 h1:0zYri8zATZtEIdDP5kOEqb2IzxWdN38tZ5gHxCMeBh8=
+github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=

From 3bac99aab344f8c895c419218f08a0e104399b02 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 14:43:34 +0200
Subject: [PATCH 1493/2268] chore: Run make replace-commands-help

---
 docs/reference/commands/webui-run.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/reference/commands/webui-run.md b/docs/reference/commands/webui-run.md
index 40f19727c..9cd167675 100644
--- a/docs/reference/commands/webui-run.md
+++ b/docs/reference/commands/webui-run.md
@@ -26,8 +26,8 @@ Misc arguments:
 
       --all-contexts                Use all Kubernetes contexts found in the kubeconfig.
       --context stringArray         List of kubernetes contexts to use.
-      --host string                 Host to bind to. Pass an empty string to bind to all addresses. (default
-                                    "localhost")
+      --host string                 Host to bind to. Pass an empty string to bind to all addresses. Defaults to
+                                    'localhost' when run locally and to all hosts when run in-cluster.
       --in-cluster                  This enables in-cluster functionality. This also enforces authentication.
       --in-cluster-context string   The context to use fo in-cluster functionality.
       --only-api                    Only serve API without the actual UI.

From 1b8c455a05ab4c74dab42c1580c984ad4cade9fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 15:18:20 +0200
Subject: [PATCH 1494/2268] fix: Also check for new "absolute path of xx could
 not be resolved" error

---
 pkg/vars/vars_loader.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index f810c41e4..c481e04b8 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -162,7 +162,8 @@ func (v *VarsLoader) loadFile(varsCtx *VarsCtx, path string, ignoreMissing bool,
 	rendered, err := varsCtx.RenderFile(path, searchDirs)
 	if err != nil {
 		// TODO the Jinja2 renderer should be able to better report this error
-		if ignoreMissing && err.Error() == fmt.Sprintf("template %s not found", path) {
+		notFound := err.Error() == fmt.Sprintf("template %s not found", path) || err.Error() == fmt.Sprintf("absolute path of %s could not be resolved", path)
+		if ignoreMissing && notFound {
 			return uo.New(), false, nil
 		}
 		return nil, false, fmt.Errorf("failed to render vars file %s: %w", path, err)

From bff04454bfc765da6b67a13b33bfa8b8d646c14c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 15:13:45 +0200
Subject: [PATCH 1495/2268] chore: Run go get -u ./...

---
 go.mod | 159 ++++++++--------
 go.sum | 566 +++++++++++++++++----------------------------------------
 2 files changed, 249 insertions(+), 476 deletions(-)

diff --git a/go.mod b/go.mod
index 3964fd594..e1a52e793 100644
--- a/go.mod
+++ b/go.mod
@@ -6,17 +6,17 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.23.0
+	github.com/bitnami-labs/sealed-secrets v0.23.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.15.0
+	github.com/go-playground/validator/v10 v10.15.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.15.2
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
-	github.com/jinzhu/copier v0.3.5
+	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
 	github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381
@@ -41,12 +41,12 @@ require (
 	golang.org/x/term v0.11.0 // indirect
 	golang.org/x/text v0.12.0
 	helm.sh/helm/v3 v3.12.3
-	k8s.io/api v0.27.4
-	k8s.io/apiextensions-apiserver v0.27.3
-	k8s.io/apimachinery v0.27.4
-	k8s.io/client-go v0.27.4
+	k8s.io/api v0.28.1
+	k8s.io/apiextensions-apiserver v0.28.1
+	k8s.io/apimachinery v0.28.1
+	k8s.io/client-go v0.28.1
 	k8s.io/klog/v2 v2.100.1
-	sigs.k8s.io/kustomize/kyaml v0.14.2
+	sigs.k8s.io/kustomize/kyaml v0.14.3
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 )
 
@@ -55,10 +55,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.33
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.33
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.3
+	github.com/aws/aws-sdk-go-v2/config v1.18.37
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.35
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
+	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
 	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -67,7 +67,7 @@ require (
 	github.com/go-git/go-git/v5 v5.8.1
 	github.com/go-logr/logr v1.2.4
 	github.com/google/gops v0.3.28
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.3.1
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.10
@@ -80,23 +80,23 @@ require (
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.15.1
-	sigs.k8s.io/kustomize/api v0.13.4
+	sigs.k8s.io/kustomize/api v0.14.0
 	sigs.k8s.io/yaml v1.3.0
 )
 
 require (
-	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.13.0 // indirect
-	cloud.google.com/go/kms v1.10.1 // indirect
+	cloud.google.com/go/iam v1.1.2 // indirect
+	cloud.google.com/go/kms v1.15.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
@@ -104,39 +104,40 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/bytedance/sonic v1.9.1 // indirect
+	github.com/bytedance/sonic v1.10.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
+	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/containerd/containerd v1.7.0 // indirect
+	github.com/containerd/containerd v1.7.4 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v23.0.5+incompatible // indirect
-	github.com/docker/docker v23.0.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/cli v24.0.5+incompatible // indirect
+	github.com/docker/docker v24.0.5+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
@@ -147,9 +148,9 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
@@ -158,13 +159,13 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/s2a-go v0.1.5 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
@@ -187,8 +188,8 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -204,25 +205,25 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
+	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc3 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/rivo/uniseg v0.4.3 // indirect
-	github.com/rubenv/sql-migrate v1.3.1 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
@@ -230,12 +231,12 @@ require (
 	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/tkrajina/go-reflector v0.5.5 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/tkrajina/go-reflector v0.5.6 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
-	github.com/urfave/cli v1.22.12 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
+	github.com/urfave/cli v1.22.14 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -243,35 +244,35 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
-	go.starlark.net v0.0.0-20221205180719-3fd0dac74452 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/mod v0.10.0 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.25.0 // indirect
+	golang.org/x/arch v0.4.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
-	google.golang.org/api v0.126.0 // indirect
+	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/api v0.138.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
-	google.golang.org/grpc v1.55.0 // indirect
+	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/grpc v1.57.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.27.3 // indirect
-	k8s.io/cli-runtime v0.27.3 // indirect
-	k8s.io/component-base v0.27.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/kubectl v0.27.3 // indirect
-	k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
+	k8s.io/apiserver v0.28.1 // indirect
+	k8s.io/cli-runtime v0.28.1 // indirect
+	k8s.io/component-base v0.28.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
+	k8s.io/kubectl v0.28.1 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index b5bff4edf..6e8594313 100644
--- a/go.sum
+++ b/go.sum
@@ -17,27 +17,23 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
-cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
-cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
-cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
+cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg=
-cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
-cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
-cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
-cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
+cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
+cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
+cloud.google.com/go/kms v1.15.1 h1:HUC3fAoepH3RpcQXiJhXWWYizjQ5r7YjI7SO9ZbHf9s=
+cloud.google.com/go/kms v1.15.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -53,8 +49,8 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
@@ -63,28 +59,26 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInm
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1/go.mod h1:yOYJv0tO0TTNcje8ahhBHQcdAiYqRIp5fsog5FPefr4=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0 h1:9cn6ICCGiWFNA/slKnrkf+ENyvaCRKHtuoGtnLIAgao=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.5.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
+github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
@@ -92,13 +86,11 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
+github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
-github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
@@ -107,91 +99,73 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
-github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw=
-github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
-github.com/aws/aws-sdk-go-v2 v1.20.2/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
-github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.33 h1:esA1X5Eti1xSGCF0W0LYpHH/r6p+MqT0DiKXsfDEPxs=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.33/go.mod h1:jNC10ZEYuLlt9IOowix60yNiO6vGA14RVK3oUfX5KgI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9 h1:DnNHcClgyFV5suHJ4axqhmG3YeRGgIu6yv29IEWR9aE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.9/go.mod h1:kz0hzQXlc/5Y5mkbwTKX8A+aTRA45t8Aavly60bQzAQ=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39 h1:OBokd2jreL7ItwqRRcN5QiSt24/i2r742aRsd2qMyeg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.39/go.mod h1:OLmjwglQh90dCcFJDGD+T44G0ToLH+696kRwRhS1KOU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33 h1:gcRN6PXAo8w3HYFp2wFyr+WYEP4n/a25/IOhzJl36Yw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.33/go.mod h1:S/zgOphghZAIvrbtvsVycoOncfqh1Hc4uGDIHqDLwTU=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33 h1:cr70Hw6Lq9cqRst1y4YOHLiaVWaWtBPiqdloinNkfis=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.33/go.mod h1:kcNtzCcEoflp+6e2CDTmm2h3xQGZOBZqYA/8DhYx/S8=
-github.com/aws/aws-sdk-go-v2/service/kms v1.17.5 h1:DkubF+BSEy0uX59+pYySzWFReN3fCcXobIO8L5Phh24=
-github.com/aws/aws-sdk-go-v2/service/kms v1.17.5/go.mod h1:ubAtMGRUMVv5kX8lpbeDguxZ64pR4kXTGApY4sCM0io=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0 h1:z9faFYBvadv9HdY+oFBgxqCnew9TK+jp9ccxktB5fl4=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.0/go.mod h1:Z6Oq1mXqvgwmUxvMrV/jMkQhwm06A9XO015dzGnS8TM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.3 h1:nceOkYE0jmaG9CoyXHJJm00FAQ8JE+/LCKJJ06hH/Nc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.3/go.mod h1:DApEBnZzexe+LDLaNrGOJA8xtRMCpikLW1gX7jZhHxc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3 h1:90qW9puxI7LgmiYKSPhx6wz4XqgVauTxCyS3185+JpA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.3/go.mod h1:kKpyLjToIS7E3z0672lBhxIPD+uoQ9V0MYRYCVGIkO0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.3 h1:s3wBkMxfA/u2EJJl6KRsPcWv858lDHkhinqXyN6fkZI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.3/go.mod h1:b+y9zL57mwCRy6ftp9Nc7CONGHX3sZ50ZCLTrI5xpCc=
-github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.37 h1:RNAfbPqw1CstCooHaTPhScz7z1PyocQj0UL+l95CgzI=
+github.com/aws/aws-sdk-go-v2/config v1.18.37/go.mod h1:8AnEFxW9/XGKCbjYDCJy7iltVNyEI9Iu9qC21UzhhgQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.35 h1:QpsNitYJu0GgvMBLUIYu9H4yryA5kMksjeIVQfgXrt8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.35/go.mod h1:o7rCaLtvK0hUggAGclf76mNGGkaG5a9KWlp+d9IpcV8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 h1:GPUcE/Yq7Ur8YSUk6lVkoIMWnJNO0HT18GUzCWCgCI0=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8ZuZr7dXKjyaOw94/Q=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 h1:oCvTFSDi67AX0pOX3PuPdGFewvLRU2zzFSrTsgURNo0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.5/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 h1:dnInJb4S0oy8aQuri1mV6ipLlnZPfnsDNB9BGO9PDNY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.23.0 h1:mXanM+5q14nt+7GgaoigBhiq5EIzcp8sZshsukBw2nY=
-github.com/bitnami-labs/sealed-secrets v0.23.0/go.mod h1:Pl86hTKdoyXF+l8VG4MRu4/H9Y6AqRwiNSkZo/cjm3o=
-github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
+github.com/bitnami-labs/sealed-secrets v0.23.1 h1:PhU0pfbFA15AL9Qub0rjtiehR49snX7zYABbdfjpwkc=
+github.com/bitnami-labs/sealed-secrets v0.23.1/go.mod h1:DMy40c+yHBXQKQGGlQplsqvwn76NRAj1JgN/+tx/1nE=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
-github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
+github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
+github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk=
+github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
-github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
+github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
+github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
+github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -202,26 +176,17 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
-github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
-github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/containerd v1.7.4 h1:Q5lwCrO44ahHhO65rXthXkfJUG5W78LXwK9gTt8XFfU=
+github.com/containerd/containerd v1.7.4/go.mod h1:gq7JDNtCrI1Zlcc572a9tvP1f1Ja8VBxiB9J00apAtU=
+github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381 h1:a5jOuoZHKBi2oH9JsfNqrrPpHhmrYU0NAte3M/EPudw=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
 github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -231,21 +196,18 @@ github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
-github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v20.10.19+incompatible h1:VKVBUb0KY/bx0FUCrCiNCL8wqgy8VxQli1dtNTn38AE=
+github.com/docker/cli v20.10.19+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
-github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
-github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
+github.com/docker/docker v20.10.19+incompatible h1:lzEmjivyNHFHMNAFLXORMBXyGIhw/UP4DvJwvyKYq64=
+github.com/docker/docker v20.10.19+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
+github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@@ -254,10 +216,9 @@ github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHz
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
-github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
-github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -265,8 +226,6 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -276,16 +235,12 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
-github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
@@ -311,7 +266,6 @@ github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0ab
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gorp/gorp/v3 v3.0.5/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
@@ -319,7 +273,6 @@ github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxF
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
@@ -328,12 +281,14 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
-github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
@@ -343,19 +298,16 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.15.0 h1:nDU5XeOKtB3GEa+uB7GNYwhVKsgjAR7VgKoNB6ryXfw=
-github.com/go-playground/validator/v10 v10.15.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM=
+github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
-github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
-github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
 github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=
-github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
@@ -366,19 +318,14 @@ github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
 github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -391,7 +338,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -407,7 +353,6 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -416,8 +361,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -429,12 +374,11 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
-github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
+github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
+github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -453,26 +397,23 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
-github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg=
+github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
-github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -482,7 +423,6 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@@ -492,29 +432,20 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I=
 github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
 github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
@@ -522,90 +453,69 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
 github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
-github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
 github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
+github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
-github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
+github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
 github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381 h1:0zYri8zATZtEIdDP5kOEqb2IzxWdN38tZ5gHxCMeBh8=
 github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -620,68 +530,47 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
-github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
 github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
-github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
-github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -693,8 +582,8 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
-github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA=
-github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
+github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -709,31 +598,24 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
-github.com/nelsam/hel/v2 v2.3.3/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/ohler55/ojg v1.19.2 h1:XvMP9oF6jo3T4eUyCsDwi3YFv0bGyQ4PvYBSMF9LiBM=
 github.com/ohler55/ojg v1.19.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8=
-github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
 github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
 github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
-github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
+github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
+github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -741,22 +623,16 @@ github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
-github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
 github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
@@ -766,84 +642,55 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
+github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
-github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
+github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
-github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/rubenv/sql-migrate v1.3.1 h1:Vx+n4Du8X8VTYuXbhNxdEUoh6wiJERA0GlWocR5FrbA=
-github.com/rubenv/sql-migrate v1.3.1/go.mod h1:YzG/Vh82CwyhTFXy+Mf5ahAiiEOpAlHurg+23VEzcsk=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
+github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
 github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
 github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
-github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
-github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
 github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -860,28 +707,25 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
-github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/tkrajina/go-reflector v0.5.5 h1:gwoQFNye30Kk7NrExj8zm3zFtrGPqOkzFMLuQZg1DtQ=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
+github.com/tkrajina/go-reflector v0.5.6 h1:hKQ0gyocG7vgMD2M3dRlYN6WBBOmdoOzJ6njQSepKdE=
+github.com/tkrajina/go-reflector v0.5.6/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/typescriptify-golang-structs v0.1.10 h1:W/Ta9Kqo2lV+7bVXuQoUhZ0bDlnjwtPpKsy3A9M1nYg=
 github.com/tkrajina/typescriptify-golang-structs v0.1.10/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
-github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
-github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
-github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
+github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
+github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
+github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
+github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -893,24 +737,17 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
 go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
 go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1 h1:4t4bmkosajncfGrQGfg6wXhyf96KdDzx+QxRd+rpQPM=
@@ -921,45 +758,36 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
+go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
+go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
+go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
+go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.starlark.net v0.0.0-20221205180719-3fd0dac74452 h1:JZtNuL6LPB+scU5yaQ6hqRlJFRiddZm2FwRt2AQqtHA=
-go.starlark.net v0.0.0-20221205180719-3fd0dac74452/go.mod h1:kIVgS18CjmEC3PqMd5kaJSGEifyV/CeB9x506ZJ1Vbk=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
+go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
-go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
+go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
-golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
+golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -967,7 +795,6 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
@@ -994,7 +821,6 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -1008,21 +834,17 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1047,15 +869,11 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
@@ -1069,9 +887,6 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
 golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1092,11 +907,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1106,7 +918,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1131,13 +942,8 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1145,20 +951,15 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
@@ -1167,7 +968,6 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
@@ -1178,12 +978,10 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
@@ -1193,14 +991,12 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -1210,7 +1006,6 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1228,7 +1023,6 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200313205530-4303120df7d8/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -1246,19 +1040,17 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
-golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E=
+golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc=
-gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1278,11 +1070,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
-google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
-google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o=
-google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw=
+google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0=
+google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1327,23 +1116,15 @@ google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
-google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
-google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
-google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
+google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -1360,12 +1141,9 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1378,7 +1156,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -1390,13 +1167,10 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1405,9 +1179,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
@@ -1421,30 +1192,31 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs=
-k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y=
-k8s.io/apiextensions-apiserver v0.27.3 h1:xAwC1iYabi+TDfpRhxh4Eapl14Hs2OftM2DN5MpgKX4=
-k8s.io/apiextensions-apiserver v0.27.3/go.mod h1:BH3wJ5NsB9XE1w+R6SSVpKmYNyIiyIz9xAmBl8Mb+84=
-k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs=
-k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/apiserver v0.27.3 h1:AxLvq9JYtveYWK+D/Dz/uoPCfz8JC9asR5z7+I/bbQ4=
-k8s.io/apiserver v0.27.3/go.mod h1:Y61+EaBMVWUBJtxD5//cZ48cHZbQD+yIyV/4iEBhhNA=
-k8s.io/cli-runtime v0.27.3 h1:h592I+2eJfXj/4jVYM+tu9Rv8FEc/dyCoD80UJlMW2Y=
-k8s.io/cli-runtime v0.27.3/go.mod h1:LzXud3vFFuDFXn2LIrWnscPgUiEj7gQQcYZE2UPn9Kw=
-k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk=
-k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc=
-k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k=
-k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY=
+k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108=
+k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg=
+k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
+k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
+k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY=
+k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
+k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM=
+k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w=
+k8s.io/cli-runtime v0.28.1 h1:7Njc4eD5kaO4tYdSYVJJEs54koYD/vT6gxOq8dEVf9g=
+k8s.io/cli-runtime v0.28.1/go.mod h1:yIThSWkAVLqeRs74CMkq6lNFW42GyJmvMtcNn01SZho=
+k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8=
+k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE=
+k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg=
+k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
-k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg=
-k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw=
-k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk=
-k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
+k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+k8s.io/kubectl v0.28.1 h1:jAq4yKEqQL+fwkWcEsUWxhJ7uIRcOYQraJxx4SyAMTY=
+k8s.io/kubectl v0.28.1/go.mod h1:a0nk/lMMeKBulp0lMTJAKbkjZg1ykqfLfz/d6dnv1ak=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
 oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
@@ -1457,10 +1229,10 @@ sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUT
 sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI=
-sigs.k8s.io/kustomize/api v0.13.4/go.mod h1:Bkaavz5RKK6ZzP0zgPrB7QbpbBJKiHuD3BB0KujY7Ls=
-sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=
-sigs.k8s.io/kustomize/kyaml v0.14.2/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
+sigs.k8s.io/kustomize/api v0.14.0 h1:6+QLmXXA8X4eDM7ejeaNUyruA1DDB3PVIjbpVhDOJRA=
+sigs.k8s.io/kustomize/api v0.14.0/go.mod h1:vmOXlC8BcmcUJQjiceUbcyQ75JBP6eg8sgoyzc+eLpQ=
+sigs.k8s.io/kustomize/kyaml v0.14.3 h1:WpabVAKZe2YEp/irTSHwD6bfjwZnTtSDewd2BVJGMZs=
+sigs.k8s.io/kustomize/kyaml v0.14.3/go.mod h1:npvh9epWysfQ689Rtt/U+dpOJDTBn8kUnF1O6VzvmZA=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From 688adbf1e7da9501982ea300af90c50cc34a94a5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 15:47:07 +0200
Subject: [PATCH 1496/2268] fix: Pin docker dependency to v23.0.6+incompatible

---
 go.mod |  4 ++++
 go.sum | 14 ++++++++------
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index e1a52e793..47dac18a0 100644
--- a/go.mod
+++ b/go.mod
@@ -276,3 +276,7 @@ require (
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
+
+// this is needed due to incompatibilities between oras-go (comes through helm) and docker/docker/registry
+// remove this when https://github.com/helm/helm/pull/12310 gets released
+replace github.com/docker/docker => github.com/docker/docker v23.0.6+incompatible
diff --git a/go.sum b/go.sum
index 6e8594313..d209d5f5e 100644
--- a/go.sum
+++ b/go.sum
@@ -59,6 +59,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInm
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1/go.mod h1:yOYJv0tO0TTNcje8ahhBHQcdAiYqRIp5fsog5FPefr4=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
@@ -200,12 +202,12 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/docker/cli v20.10.19+incompatible h1:VKVBUb0KY/bx0FUCrCiNCL8wqgy8VxQli1dtNTn38AE=
-github.com/docker/cli v20.10.19+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
+github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.19+incompatible h1:lzEmjivyNHFHMNAFLXORMBXyGIhw/UP4DvJwvyKYq64=
-github.com/docker/docker v20.10.19+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
+github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -377,8 +379,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
-github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
+github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From ad4c5ce5f633f1eb635c6592d40189c3d7e91671 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 15:56:36 +0200
Subject: [PATCH 1497/2268] chore: Switch to github.com/getsops/sops

---
 e2e/sops_test.go                              |  2 +-
 go.mod                                        |  8 +++----
 go.sum                                        | 23 ++++++++-----------
 pkg/controllers/internal/sops/aws_config.go   |  2 +-
 .../internal/sops/key_server_from_secret.go   | 12 +++++-----
 .../sops/key_server_from_service_account.go   |  4 ++--
 .../internal/sops/keyservice/keyservice.go    |  6 ++---
 .../internal/sops/keyservice/options.go       | 14 +++++------
 .../internal/sops/keyservice/server.go        | 14 +++++------
 .../internal/sops/keyservice/server_test.go   | 14 +++++------
 .../internal/sops/keyservice/utils_test.go    | 16 ++++++-------
 pkg/sops/decrypting_fs.go                     |  2 +-
 pkg/sops/decryptor/decryptor.go               | 18 +++++++--------
 pkg/sops/decryptor/decryptor_test.go          |  6 ++---
 pkg/sops/utils.go                             |  4 ++--
 pkg/vars/vars_loader.go                       |  2 +-
 pkg/vars/vars_loader_test.go                  |  2 +-
 17 files changed, 73 insertions(+), 76 deletions(-)

diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 6d0eed629..d0435f1f5 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -2,12 +2,12 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/getsops/sops/v3/age"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops/v3/age"
 	"testing"
 )
 
diff --git a/go.mod b/go.mod
index 47dac18a0..180df9bb0 100644
--- a/go.mod
+++ b/go.mod
@@ -62,6 +62,7 @@ require (
 	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
+	github.com/getsops/sops/v3 v3.8.0-rc.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.8.1
@@ -75,7 +76,6 @@ require (
 	github.com/prometheus/client_golang v1.16.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
-	go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1
 	golang.org/x/oauth2 v0.11.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
@@ -92,8 +92,8 @@ require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
@@ -140,6 +140,7 @@ require (
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
@@ -242,7 +243,6 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.16.0 // indirect
 	go.opentelemetry.io/otel/metric v1.16.0 // indirect
diff --git a/go.sum b/go.sum
index d209d5f5e..140701406 100644
--- a/go.sum
+++ b/go.sum
@@ -57,12 +57,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1 h1:AXFNQ6kLaPODEpGSMWjmbkt6iP7fa1DIEzjx6JRFC9U=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.5.1/go.mod h1:yOYJv0tO0TTNcje8ahhBHQcdAiYqRIp5fsog5FPefr4=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0 h1:yfJe15aSwEQ6Oo6J+gdfdulPNoZ3TEhmbhLIoxZcA+U=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0/go.mod h1:Q28U+75mpCaSCDowNEmhIo/rmgdkqmkmzI7N6TGR4UY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
@@ -153,9 +151,9 @@ github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
 github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk=
 github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
-github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
@@ -247,6 +245,10 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/FlgqECyS5ywq8cSN9j1fwZg6uyZ7G0B0=
+github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
+github.com/getsops/sops/v3 v3.8.0-rc.1 h1:Wlp+Ai91a98swEwsHEgxILGjVMMONtdZNM6PRunq7A8=
+github.com/getsops/sops/v3 v3.8.0-rc.1/go.mod h1:5RoZaVWqieZNdNrwPFcZfBQ2YgN+BWCnSY3rDOoqFVg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
@@ -612,7 +614,7 @@ github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYB
 github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
-github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA=
+github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
 github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
@@ -750,10 +752,6 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
-go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
-go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1 h1:4t4bmkosajncfGrQGfg6wXhyf96KdDzx+QxRd+rpQPM=
-go.mozilla.org/sops/v3 v3.7.4-0.20220901181616-9124783930b1/go.mod h1:eC/nw/CfC/v4aFitUY1JyiL+0dP6Drun/cpS/c9mypQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1183,7 +1181,6 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 helm.sh/helm/v3 v3.12.3 h1:5y1+Sbty12t48T/t/CGNYUIME5BJ0WKfmW/sobYqkFg=
 helm.sh/helm/v3 v3.12.3/go.mod h1:KPKQiX9IP5HX7o5YnnhViMnNuKiL/lJBVQ47GHe1R0k=
diff --git a/pkg/controllers/internal/sops/aws_config.go b/pkg/controllers/internal/sops/aws_config.go
index fe00c00c2..66d58ea79 100644
--- a/pkg/controllers/internal/sops/aws_config.go
+++ b/pkg/controllers/internal/sops/aws_config.go
@@ -3,7 +3,7 @@ package sops
 import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/credentials"
-	"go.mozilla.org/sops/v3/kms"
+	"github.com/getsops/sops/v3/kms"
 	"sigs.k8s.io/yaml"
 )
 
diff --git a/pkg/controllers/internal/sops/key_server_from_secret.go b/pkg/controllers/internal/sops/key_server_from_secret.go
index f687825d9..764638d4f 100644
--- a/pkg/controllers/internal/sops/key_server_from_secret.go
+++ b/pkg/controllers/internal/sops/key_server_from_secret.go
@@ -4,13 +4,13 @@ import (
 	"bytes"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/pgp"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/v3/hcvault"
-	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/v3/pgp"
 	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
 	"strings"
diff --git a/pkg/controllers/internal/sops/key_server_from_service_account.go b/pkg/controllers/internal/sops/key_server_from_service_account.go
index 105e27ea5..867aae090 100644
--- a/pkg/controllers/internal/sops/key_server_from_service_account.go
+++ b/pkg/controllers/internal/sops/key_server_from_service_account.go
@@ -8,9 +8,9 @@ import (
 	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"github.com/aws/smithy-go/logging"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
-	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/v3/kms"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/controllers/internal/sops/keyservice/keyservice.go b/pkg/controllers/internal/sops/keyservice/keyservice.go
index 4d2dda569..f9aab5767 100644
--- a/pkg/controllers/internal/sops/keyservice/keyservice.go
+++ b/pkg/controllers/internal/sops/keyservice/keyservice.go
@@ -7,9 +7,9 @@
 package keyservice
 
 import (
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/v3/pgp"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/keys"
+	"github.com/getsops/sops/v3/pgp"
 )
 
 // IsOfflineMethod returns true for offline decrypt methods or false otherwise
diff --git a/pkg/controllers/internal/sops/keyservice/options.go b/pkg/controllers/internal/sops/keyservice/options.go
index 555452ceb..545b9aea1 100644
--- a/pkg/controllers/internal/sops/keyservice/options.go
+++ b/pkg/controllers/internal/sops/keyservice/options.go
@@ -8,13 +8,13 @@ package keyservice
 
 import (
 	extage "filippo.io/age"
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/v3/hcvault"
-	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/v3/pgp"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/gcpkms"
+	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/pgp"
 )
 
 // ServerOption is some configuration that modifies the Server.
diff --git a/pkg/controllers/internal/sops/keyservice/server.go b/pkg/controllers/internal/sops/keyservice/server.go
index 584516957..d8463b1dc 100644
--- a/pkg/controllers/internal/sops/keyservice/server.go
+++ b/pkg/controllers/internal/sops/keyservice/server.go
@@ -8,13 +8,13 @@ package keyservice
 
 import (
 	"fmt"
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/v3/hcvault"
-	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/v3/pgp"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/gcpkms"
+	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/pgp"
 
 	"golang.org/x/net/context"
 )
diff --git a/pkg/controllers/internal/sops/keyservice/server_test.go b/pkg/controllers/internal/sops/keyservice/server_test.go
index ea34cecaf..3d13f8186 100644
--- a/pkg/controllers/internal/sops/keyservice/server_test.go
+++ b/pkg/controllers/internal/sops/keyservice/server_test.go
@@ -8,20 +8,20 @@ package keyservice
 
 import (
 	"fmt"
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/v3/hcvault"
-	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/v3/pgp"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/gcpkms"
+	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/pgp"
 	"os"
 	"runtime"
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/getsops/sops/v3/keyservice"
 	. "github.com/onsi/gomega"
-	"go.mozilla.org/sops/v3/keyservice"
 	"golang.org/x/net/context"
 )
 
diff --git a/pkg/controllers/internal/sops/keyservice/utils_test.go b/pkg/controllers/internal/sops/keyservice/utils_test.go
index 097dc5fbd..8c9da3ba2 100644
--- a/pkg/controllers/internal/sops/keyservice/utils_test.go
+++ b/pkg/controllers/internal/sops/keyservice/utils_test.go
@@ -9,16 +9,16 @@ package keyservice
 import (
 	"context"
 	"fmt"
-	"go.mozilla.org/sops/v3/kms"
+	"github.com/getsops/sops/v3/kms"
 
-	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/keys"
+	"github.com/getsops/sops/v3/keyservice"
 
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/v3/hcvault"
-	"go.mozilla.org/sops/v3/pgp"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/gcpkms"
+	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/pgp"
 )
 
 // KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can
diff --git a/pkg/sops/decrypting_fs.go b/pkg/sops/decrypting_fs.go
index 9bfc6f0b5..c18113e76 100644
--- a/pkg/sops/decrypting_fs.go
+++ b/pkg/sops/decrypting_fs.go
@@ -3,8 +3,8 @@ package sops
 import (
 	"bytes"
 	"fmt"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
 	"io"
 	"os"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
diff --git a/pkg/sops/decryptor/decryptor.go b/pkg/sops/decryptor/decryptor.go
index 84d65567b..2ef161eb9 100644
--- a/pkg/sops/decryptor/decryptor.go
+++ b/pkg/sops/decryptor/decryptor.go
@@ -21,9 +21,6 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/v3/pgp"
 	"io/fs"
 	"os"
 	"path/filepath"
@@ -32,11 +29,14 @@ import (
 	"time"
 
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/v3/aes"
-	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
-	"go.mozilla.org/sops/v3/keyservice"
+	"github.com/getsops/sops/v3"
+	"github.com/getsops/sops/v3/aes"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/cmd/sops/common"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
+	"github.com/getsops/sops/v3/keys"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/pgp"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/kustomize/api/konfig"
@@ -179,7 +179,7 @@ func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat
 		// Compute the hash of the cleartext tree and compare it with
 		// the one that was stored in the document. If they match,
 		// integrity was preserved
-		// Ref: go.mozilla.org/sops/v3/decrypt/decrypt.go
+		// Ref: github.com/getsops/sops/v3/decrypt/decrypt.go
 		originalMac, err := cipher.Decrypt(
 			tree.Metadata.MessageAuthenticationCode,
 			metadataKey,
diff --git a/pkg/sops/decryptor/decryptor_test.go b/pkg/sops/decryptor/decryptor_test.go
index 283901abe..113c7dd20 100644
--- a/pkg/sops/decryptor/decryptor_test.go
+++ b/pkg/sops/decryptor/decryptor_test.go
@@ -23,11 +23,11 @@ import (
 	"encoding/base64"
 	extage "filippo.io/age"
 	"fmt"
+	"github.com/getsops/sops/v3"
+	sopsage "github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
 	. "github.com/onsi/gomega"
 	gt "github.com/onsi/gomega/types"
-	"go.mozilla.org/sops/v3"
-	sopsage "go.mozilla.org/sops/v3/age"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
 	"io/fs"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
diff --git a/pkg/sops/utils.go b/pkg/sops/utils.go
index 66a733e72..51f8df64c 100644
--- a/pkg/sops/utils.go
+++ b/pkg/sops/utils.go
@@ -5,10 +5,10 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/getsops/sops/v3"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
 	"os"
 )
 
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index c481e04b8..67a46029e 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -6,6 +6,7 @@ import (
 	errors2 "errors"
 	"fmt"
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -19,7 +20,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"go.mozilla.org/sops/v3/cmd/sops/formats"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 2ede55e81..1905aa3a9 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -16,6 +16,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/getsops/sops/v3/age"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/git"
@@ -29,7 +30,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops/v3/age"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

From 3b178a411b4a7f028faeda3ed7890b28d8a7e317 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:09:50 +0200
Subject: [PATCH 1498/2268] chore: Upgrade controller-gen and envtest k8s
 version

---
 Makefile                                                 | 4 ++--
 api/v1beta1/zz_generated.deepcopy.go                     | 1 -
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 2 +-
 install/controller/controller/crd.yaml                   | 2 +-
 pkg/types/k8s/zz_generated.deepcopy.go                   | 1 -
 pkg/types/result/zz_generated.deepcopy.go                | 1 -
 pkg/types/zz_generated.deepcopy.go                       | 1 -
 7 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 6e187757a..a520e3c23 100644
--- a/Makefile
+++ b/Makefile
@@ -21,7 +21,7 @@ endif
 # Image URL to use all building/pushing image targets
 IMG ?= kluctl/kluctl:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26.1
+ENVTEST_K8S_VERSION = 1.28.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -168,7 +168,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.3
-CONTROLLER_TOOLS_VERSION ?= v0.12.0
+CONTROLLER_TOOLS_VERSION ?= v0.13.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index ef63432b6..b6bee9dac 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 Copyright 2023.
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index cc66f9a42..943edf401 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: kluctldeployments.gitops.kluctl.io
 spec:
   group: gitops.kluctl.io
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 633574abe..eb96ac13f 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.0
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: kluctldeployments.gitops.kluctl.io
 spec:
   group: gitops.kluctl.io
diff --git a/pkg/types/k8s/zz_generated.deepcopy.go b/pkg/types/k8s/zz_generated.deepcopy.go
index a753e48cd..d7a40e7ab 100644
--- a/pkg/types/k8s/zz_generated.deepcopy.go
+++ b/pkg/types/k8s/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 Copyright 2023.
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index d560f5b32..85c65c046 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 Copyright 2023.
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index ebe3ab596..65f55bc01 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -1,5 +1,4 @@
 //go:build !ignore_autogenerated
-// +build !ignore_autogenerated
 
 /*
 Copyright 2023.

From 68b5da728d9f8a48dc5af73230e8c5b311b764db Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:21:38 +0200
Subject: [PATCH 1499/2268] chore: Upgrade go-containerregistry to v0.16.1

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 180df9bb0..6ab440fd4 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/go-playground/validator/v10 v10.15.1
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/go-containerregistry v0.15.2
+	github.com/google/go-containerregistry v0.16.1
 	github.com/hashicorp/vault/api v1.9.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
diff --git a/go.sum b/go.sum
index 140701406..059c7a673 100644
--- a/go.sum
+++ b/go.sum
@@ -381,8 +381,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
-github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
+github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
+github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From d1b2abe380df1cf475d3edc0ae620a79fc4e0ad8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:33:04 +0200
Subject: [PATCH 1500/2268] fix: Fix args to controller and webui deployments

---
 install/controller/.kluctl.yaml | 2 +-
 install/webui/.kluctl.yaml      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 503bcf788..994695e1e 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -15,5 +15,5 @@ args:
     default: {}
   - name: controller_tolerations
     default: []
-  - name: controller_priority_class
+  - name: controller_priority_class_name
     default: {}
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index fc24ef9e4..479b96f07 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -15,5 +15,5 @@ args:
     default: {}
   - name: webui_tolerations
     default: []
-  - name: webui_priority_class
+  - name: webui_priority_class_name
     default: {}

From 9329c1343302a2813c6c6403d5a0c62b11e56789 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:37:05 +0200
Subject: [PATCH 1501/2268] fix: Fix crash when kluctl is called without
 sub-command

---
 cmd/kluctl/commands/root.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 766cc779b..3cf5b124f 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -269,7 +269,7 @@ func Main() {
 		ctx = initStatusHandlerAndPrompts(ctx, flags.Debug, flags.NoColor)
 		didSetupStatusHandler = true
 
-		if cmd.Name() != "run" && cmd.Parent().Name() != "controller" {
+		if cmd.Parent() == nil || (cmd.Name() != "run" && cmd.Parent().Name() != "controller") {
 			redirectLogsAndStderr(ctx)
 		}
 

From 97bf1b8a4bef2053f9a34e5819b7fbd4f421c855 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:55:11 +0200
Subject: [PATCH 1502/2268] fix: Avoid writing null to resources field in
 kustomization.yaml

---
 pkg/deployment/deployment_item.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 928156e4e..922722304 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -424,7 +424,7 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 		return nil, err
 	}
 
-	var list []any
+	list := make([]any, 0, len(des))
 	m := map[string]bool{}
 
 	for _, de := range des {

From 26ac4abf9e9677f3bc2a545520726ffcef753935 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 16:55:22 +0200
Subject: [PATCH 1503/2268] refactor: Introduce and use patchStatus

---
 .../kluctldeployment_controller_utils.go         | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index 7693450b3..a56b6f998 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -98,7 +98,7 @@ func (r *KluctlDeploymentReconciler) recordDuration(ctx context.Context, obj *kl
 	r.MetricsRecorder.RecordDuration(*objRef, startTime)
 }
 
-func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
+func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
 	backoff := wait.Backoff{
 		Steps:    5,
 		Duration: 100 * time.Millisecond,
@@ -112,16 +112,14 @@ func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key cli
 			return false, err
 		}
 
-		conditionsPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
+		statusPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
 
-		c := latest.GetConditions()
-		err = updateConditions(&c)
+		err = updateStatus(&latest.Status)
 		if err != nil {
 			return false, err
 		}
-		latest.SetConditions(c)
 
-		err = r.Status().Patch(ctx, &latest, conditionsPatch, client.FieldOwner(r.ControllerName))
+		err = r.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
 		if err != nil {
 			if errors.IsConflict(err) {
 				// retry
@@ -133,3 +131,9 @@ func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key cli
 		return true, nil
 	})
 }
+
+func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
+	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+		return updateConditions(&status.Conditions)
+	})
+}

From aeb41d6a761f0fad20a819f62d0302157a702786 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 25 Aug 2023 17:12:28 +0200
Subject: [PATCH 1504/2268] fix: Update projectKey/targetKey early

---
 .../kluctldeployment_controller.go            | 26 ++++++++++++++++---
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index f7f36fbeb..c29ad6e19 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -279,13 +279,23 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
-	obj.Status.ProjectKey = &result.ProjectKey{
+
+	newProjectKey := result.ProjectKey{
 		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
 		SubDir:     path.Clean(obj.Spec.Source.Path),
 	}
-	if obj.Status.ProjectKey.SubDir == "." {
-		obj.Status.ProjectKey.SubDir = ""
+	if newProjectKey.SubDir == "." {
+		newProjectKey.SubDir = ""
+	}
+
+	// we patch the projectKey immediately so that the webui knows it asap
+	if obj.Status.ProjectKey == nil || *obj.Status.ProjectKey != newProjectKey {
+		patchErr = r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			status.ProjectKey = &newProjectKey
+			return nil
+		})
 	}
+	obj.Status.ProjectKey = &newProjectKey
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
@@ -306,11 +316,19 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			return doFailPrepare(err)
 		}
-		obj.Status.TargetKey = &result.TargetKey{
+		newTargetKey := result.TargetKey{
 			TargetName:    targetContext.Target.Name,
 			Discriminator: targetContext.Target.Discriminator,
 			ClusterId:     clusterId,
 		}
+		// we patch the targetKey immediately so that the webui knows it asap
+		if obj.Status.TargetKey == nil || *obj.Status.TargetKey != newTargetKey {
+			patchErr = r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+				status.TargetKey = &newTargetKey
+				return nil
+			})
+		}
+		obj.Status.TargetKey = &newTargetKey
 	}
 	if err != nil {
 		return doFailPrepare(err)

From 7666d5c361b5b5468180b2558ae13ee79129f582 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 26 Aug 2023 07:39:23 +0200
Subject: [PATCH 1505/2268] docs: Move gitops docs one level up

---
 Makefile                                      |  4 +--
 docs/README.md                                |  3 +-
 docs/{reference => }/gitops/README.md         | 28 +++++++++----------
 .../api/kluctl-controller.front-matter.yaml   |  0
 .../gitops/api/kluctl-controller.md           |  0
 docs/{reference => }/gitops/metrics/README.md |  0
 .../gitops/metrics/v1beta1/README.md          |  0
 .../v1beta1/kluctldeployment_controller.md    |  0
 .../gitops/migration/README.md                |  2 +-
 docs/{reference => }/gitops/spec/README.md    |  0
 .../gitops/spec/v1beta1/README.md             |  0
 .../gitops/spec/v1beta1/kluctldeployment.md   | 22 +++++++--------
 docs/reference/README.md                      |  2 +-
 13 files changed, 31 insertions(+), 30 deletions(-)
 rename docs/{reference => }/gitops/README.md (71%)
 rename docs/{reference => }/gitops/api/kluctl-controller.front-matter.yaml (100%)
 rename docs/{reference => }/gitops/api/kluctl-controller.md (100%)
 rename docs/{reference => }/gitops/metrics/README.md (100%)
 rename docs/{reference => }/gitops/metrics/v1beta1/README.md (100%)
 rename docs/{reference => }/gitops/metrics/v1beta1/kluctldeployment_controller.md (100%)
 rename docs/{reference => }/gitops/migration/README.md (97%)
 rename docs/{reference => }/gitops/spec/README.md (100%)
 rename docs/{reference => }/gitops/spec/v1beta1/README.md (100%)
 rename docs/{reference => }/gitops/spec/v1beta1/kluctldeployment.md (94%)

diff --git a/Makefile b/Makefile
index a520e3c23..4d52b37bd 100644
--- a/Makefile
+++ b/Makefile
@@ -69,7 +69,7 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol
 
 # Generate API reference documentation
 api-docs: gen-crd-api-reference-docs
-	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/reference/gitops/api/kluctl-controller.md
+	$(GEN_CRD_API_REFERENCE_DOCS) -v=4 -api-dir=./api/v1beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/gitops/api/kluctl-controller.md
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -101,7 +101,7 @@ replace-commands-help: ## Replace commands help in docs
 MARKDOWN_LINK_CHECK_VERSION=3.11.2
 markdown-link-check: ## Check markdown files for dead links
 	find . -name '*.md' \
-		-and -not -path './docs/reference/gitops/api/kluctl-controller.md' \
+		-and -not -path './docs/gitops/api/kluctl-controller.md' \
 		-and -not -path './pkg/webui/ui/node_modules/*' \
 		-and -not -path './pkg/webui/ui/build/*' | \
 		xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
diff --git a/docs/README.md b/docs/README.md
index 9e921ca6b..04164d892 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -16,7 +16,8 @@ weight: 20
 3. [Installation](./installation.md)
 4. [Philosophy](./philosophy.md)
 5. [History](./history.md)
-6. [Reference](./reference)
+6. [GitOps](./gitops)
+7. [Reference](./reference)
 
 <!-- TODO
 ## Community
diff --git a/docs/reference/gitops/README.md b/docs/gitops/README.md
similarity index 71%
rename from docs/reference/gitops/README.md
rename to docs/gitops/README.md
index 63c6fd4ae..652908045 100644
--- a/docs/reference/gitops/README.md
+++ b/docs/gitops/README.md
@@ -10,16 +10,16 @@ weight: 3
 
 # GitOps
 
-GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](../../installation.md#installing-the-gitops-controller)
+GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](../installation.md#installing-the-gitops-controller)
 to your target cluster.
 
-The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#kluctldeployment)
+The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#kluctldeployment)
 custom resource. This resource allows to define a Kluctl deployment that should be constantly reconciled (re-deployed)
 whenever the deployment changes.
 
 ## Motivation and Philosophy
 
-Kluctl tries its best to implement all its features via [Kluctl projects](../kluctl-project/README.md), meaning that
+Kluctl tries its best to implement all its features via [Kluctl projects](../reference/kluctl-project/README.md), meaning that
 the deployments are, at least theoretically, deployable from the CLI at all times. The Kluctl Controller does not
 add functionality on top of that and thus does not couple your deployments to a running controller.
 
@@ -28,11 +28,11 @@ functionality and options as offered by the CLI, but through a custom resource i
 
 As an example, arguments passed via `-a arg=value` can be passed to the custom resource via the `spec.args` field.
 The same applies to options like `--dry-run`, which equals to `spec.dryRun: true` in the custom resource. Check the
-documentation of [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
+documentation of [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
 
 ## Installation
 
-Installation instructions can be found [here](../../installation.md#installing-the-gitops-controller)
+Installation instructions can be found [here](../installation.md#installing-the-gitops-controller)
 
 ## Design
 
@@ -40,24 +40,24 @@ The reconciliation process consists of multiple steps which are constantly repea
 
 - **clone** the root Kluctl project via Git
 - **prepare** the Kluctl deployment by rendering the whole deployment
-- **deploy** the specified target via [kluctl deploy](../commands/deploy.md) if the rendered resources changed
-- **prune** orphaned objects via [kluctl prune](../commands/prune.md)
-- **validate** the deployment status via [kluctl validate](../commands/validate.md)
+- **deploy** the specified target via [kluctl deploy](../reference/commands/deploy.md) if the rendered resources changed
+- **prune** orphaned objects via [kluctl prune](../reference/commands/prune.md)
+- **validate** the deployment status via [kluctl validate](../reference/commands/validate.md)
 
-Reconciliation is performed on a configurable [interval](./spec/v1beta1/kluctldeployment.md#interval). A single
+Reconciliation is performed on a configurable [interval](spec/v1beta1/kluctldeployment.md#interval). A single
 reconciliation iteration will first clone and prepare the project. Only when the rendered resources indicate a change
 (by using a hash internally), the controller will initiate a deployment. After the deployment, the controller will
-also perform pruning (only if [prune: true](./spec/v1beta1/kluctldeployment.md#prune) is set).
+also perform pruning (only if [prune: true](spec/v1beta1/kluctldeployment.md#prune) is set).
 
 When the `KluctlDeployment` is removed from the cluster, the controller cal also delete all resources belonging to
-that deployment. This will only happen if [delete: true](./spec/v1beta1/kluctldeployment.md#delete) is set.
+that deployment. This will only happen if [delete: true](spec/v1beta1/kluctldeployment.md#delete) is set.
 
-Deletion and pruning is based on the [discriminator](../kluctl-project/README.md#discriminator) of the given target.
+Deletion and pruning is based on the [discriminator](../reference/kluctl-project/README.md#discriminator) of the given target.
 
-A `KluctlDeployment` can be [suspended](./spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
+A `KluctlDeployment` can be [suspended](spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
 will skip reconciliation, including deletion and pruning.
 
-The API design of the controller can be found at [kluctldeployment.gitops.kluctl.io/v1beta1](./spec/v1beta1/README.md).
+The API design of the controller can be found at [kluctldeployment.gitops.kluctl.io/v1beta1](spec/v1beta1/README.md).
 
 ## Example
 
diff --git a/docs/reference/gitops/api/kluctl-controller.front-matter.yaml b/docs/gitops/api/kluctl-controller.front-matter.yaml
similarity index 100%
rename from docs/reference/gitops/api/kluctl-controller.front-matter.yaml
rename to docs/gitops/api/kluctl-controller.front-matter.yaml
diff --git a/docs/reference/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
similarity index 100%
rename from docs/reference/gitops/api/kluctl-controller.md
rename to docs/gitops/api/kluctl-controller.md
diff --git a/docs/reference/gitops/metrics/README.md b/docs/gitops/metrics/README.md
similarity index 100%
rename from docs/reference/gitops/metrics/README.md
rename to docs/gitops/metrics/README.md
diff --git a/docs/reference/gitops/metrics/v1beta1/README.md b/docs/gitops/metrics/v1beta1/README.md
similarity index 100%
rename from docs/reference/gitops/metrics/v1beta1/README.md
rename to docs/gitops/metrics/v1beta1/README.md
diff --git a/docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md b/docs/gitops/metrics/v1beta1/kluctldeployment_controller.md
similarity index 100%
rename from docs/reference/gitops/metrics/v1beta1/kluctldeployment_controller.md
rename to docs/gitops/metrics/v1beta1/kluctldeployment_controller.md
diff --git a/docs/reference/gitops/migration/README.md b/docs/gitops/migration/README.md
similarity index 97%
rename from docs/reference/gitops/migration/README.md
rename to docs/gitops/migration/README.md
index 9fb8d394c..99094f374 100644
--- a/docs/reference/gitops/migration/README.md
+++ b/docs/gitops/migration/README.md
@@ -20,7 +20,7 @@ To do this, follow the following steps:
 1. Upgrade the legacy flux-kluctl-controller to at least v0.16.0. This version will introduce a special marker field
 into the legacy `KluctlDeployment` status and set it to true. This marker field is used to inform the new Kluctl Controller
 that the legacy controller is now aware of the existence of the new controller.
-2. If not already done, [install](../../../installation.md#installing-the-gitops-controller) the new Kluctl Controller.
+2. If not already done, [install](../../installation.md#installing-the-gitops-controller) the new Kluctl Controller.
 3. To be on the safe side, disable [pruning](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#prune) and
 [deletion](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#delete) for all legacy `KluctlDeployment` objects.
 Don't forget to deploy/apply these changes before continuing with the next step.
diff --git a/docs/reference/gitops/spec/README.md b/docs/gitops/spec/README.md
similarity index 100%
rename from docs/reference/gitops/spec/README.md
rename to docs/gitops/spec/README.md
diff --git a/docs/reference/gitops/spec/v1beta1/README.md b/docs/gitops/spec/v1beta1/README.md
similarity index 100%
rename from docs/reference/gitops/spec/v1beta1/README.md
rename to docs/gitops/spec/v1beta1/README.md
diff --git a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
similarity index 94%
rename from docs/reference/gitops/spec/v1beta1/kluctldeployment.md
rename to docs/gitops/spec/v1beta1/kluctldeployment.md
index af10a0189..743b1996c 100644
--- a/docs/reference/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -10,8 +10,8 @@ weight: 20
 
 # KluctlDeployment
 
-The `KluctlDeployment` API defines a deployment of a [target](../../../kluctl-project/targets)
-from a [Kluctl Project](../../../kluctl-project).
+The `KluctlDeployment` API defines a deployment of a [target](../../../reference/kluctl-project/targets)
+from a [Kluctl Project](../../../reference/kluctl-project).
 
 ## Example
 
@@ -36,7 +36,7 @@ spec:
 In the above example a KluctlDeployment is being created that defines the deployment based on the Kluctl project.
 
 The deployment is performed every 5 minutes. It will deploy the `prod`
-[target](../../../kluctl-project/targets) and then prune orphaned objects afterward.
+[target](../../../reference/kluctl-project/targets) and then prune orphaned objects afterward.
 
 When the KluctlDeployment gets deleted, `delete: true` will cause the controller to actually delete the target
 resources.
@@ -86,7 +86,7 @@ See [Reconciliation](#reconciliation).
 
 ### target
 `spec.target` specifies the target to be deployed. It must exist in the Kluctl projects
-[kluctl.yaml targets](../../../kluctl-project/targets) list.
+[kluctl.yaml targets](../../../reference/kluctl-project/targets) list.
 
 This field is optional and can be omitted if the referenced Kluctl project allows deployments without targets.
 
@@ -101,7 +101,7 @@ This field is optional and can be omitted if the referenced Kluctl project allow
 ### deployMode
 By default, the operator will perform a full deployment, which is equivalent to using the `kluctl deploy` command.
 As an alternative, the controller can be instructed to only perform a `kluctl poke-images` command. Please
-see [poke-images](../../../commands/poke-images.md) for details on the command. To do so, set `spec.deployMode`
+see [poke-images](../../../reference/commands/poke-images.md) for details on the command. To do so, set `spec.deployMode`
 field to `poke-images`.
 
 Example:
@@ -170,7 +170,7 @@ The above example is equivalent to calling `kluctl deploy -t prod -a arg1=value1
 
 ### images
 `spec.images` specifies a list of fixed images to be used by
-[`image.get_image(...)`](../../../deployments/images.md#imagesget_image). Example:
+[`image.get_image(...)`](../../../reference/deployments/images.md#imagesget_image). Example:
 
 ```
 apiVersion: gitops.kluctl.io/v1beta1
@@ -197,7 +197,7 @@ The above example will cause the `images.get_image("nginx")` invocations of the
 to return `registry.gitlab.com/my-org/my-repo/image:1.2.3`.
 
 The fixed images provided here take precedence over the ones provided in the
-[target definition](../../../kluctl-project/targets#images).
+[target definition](../../../reference/kluctl-project/targets#images).
 
 `spec.images` is equivalent to calling `kluctl deploy -t prod --fixed-image=nginx:example-namespace:Deployment/example=nginx:1.21.6 ...`
 and to `kluctl deploy -t prod --fixed-images-file=fixed-images.yaml` with `fixed-images.yaml` containing:
@@ -287,7 +287,7 @@ handles impersonation, with the difference that a kubeconfig with a "default" co
 
 `spec.kubeConfig` will simply load the kubeconfig from `data.value` of the specified secret.
 
-Kluctl [targets](../../../kluctl-project/targets) specify a context name that is expected to
+Kluctl [targets](../../../reference/kluctl-project/targets) specify a context name that is expected to
 be present in the kubeconfig while deploying. As the context found in the generated kubeconfig does not necessarily
 have the correct name, `spec.context` can be used to while deploying. This is especially useful
 when using service account based kubeconfigs, as these always have the same context with the name "default".
@@ -392,8 +392,8 @@ stringData:
 
 ## Helm Repository authentication
 
-Kluctl allows to [integrate Helm Charts](../../../deployments/helm.md) in two different ways.
-One is to [pre-pull charts](../../../commands/helm-pull.md) and put them into version control,
+Kluctl allows to [integrate Helm Charts](../../../reference/deployments/helm.md) in two different ways.
+One is to [pre-pull charts](../../../reference/commands/helm-pull.md) and put them into version control,
 making it unnecessary to pull them at deploy time. This option also means that you don't have to take any special care
 on the controller side.
 
@@ -462,7 +462,7 @@ This will pass the credentials to all requests, even if the hostname changes.
 
 ## Secrets Decryption
 
-Kluctl offers a [SOPS Integration](../../../deployments/sops.md) that allows to use encrypted
+Kluctl offers a [SOPS Integration](../../../reference/deployments/sops.md) that allows to use encrypted
 manifests and variable sources in Kluctl deployments. Decryption by the controller is also supported and currently
 mirrors how the [Secrets Decryption configuration](https://fluxcd.io/flux/components/kustomize/kustomization/#secrets-decryption)
 of the Flux Kustomize Controller. To configure it in the `KluctlDeployment`, simply set the `decryption` field in the
diff --git a/docs/reference/README.md b/docs/reference/README.md
index 729f8fb45..cc01512cd 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -13,5 +13,5 @@ weight: 110
 
 1. [.kluctl.yaml](./kluctl-project)
 2. [Deployments](./deployments)
-3. [GitOps](./gitops)
+3. [Kluctl Webui](./webui)
 4. [Kluctl Commands](./commands)

From 0897dae89b3e58a545ef96cee5b393c73b5b85ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Aug 2023 21:48:40 +0200
Subject: [PATCH 1506/2268] docs: Add webui docs

---
 cmd/kluctl/commands/cmd_webui_run.go |  2 +-
 docs/installation.md                 |  4 ++
 docs/reference/README.md             |  3 +-
 docs/reference/webui/README.md       | 29 ++++++++++++++
 docs/reference/webui/installation.md | 57 ++++++++++++++++++++++++++++
 docs/reference/webui/run.md          | 23 +++++++++++
 hack/prepare-release.sh              |  1 +
 7 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100644 docs/reference/webui/README.md
 create mode 100644 docs/reference/webui/installation.md
 create mode 100644 docs/reference/webui/run.md

diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index 19db85153..ff86195bd 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -54,7 +54,7 @@ type webuiRunCmd struct {
 func (cmd *webuiRunCmd) Help() string {
 	return `This command will run the Kluctl Webui. It can be run in two modes:
 1. Locally, simply by invoking 'kluctl webui', which will run the Webui against the current Kubernetes context.
-2. On a Kubernetes Cluster. See https://kluctl.io/docs/kluctl/installation/#installing-the-webui for details and documentation.
+2. On a Kubernetes Cluster. See https://kluctl.io/docs/kluctl/installation/#installing-the-kluctl-webui for details and documentation.
 `
 }
 
diff --git a/docs/installation.md b/docs/installation.md
index 3bfdbf0ec..9296c1e33 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -116,3 +116,7 @@ deployments:
       ref:
         tag: v2.20.8
 ```
+
+## Installing the Kluctl Webui
+
+See [Installing the Kluctl Webui](./reference/webui/install.md) for details.
diff --git a/docs/reference/README.md b/docs/reference/README.md
index cc01512cd..62053046b 100644
--- a/docs/reference/README.md
+++ b/docs/reference/README.md
@@ -14,4 +14,5 @@ weight: 110
 1. [.kluctl.yaml](./kluctl-project)
 2. [Deployments](./deployments)
 3. [Kluctl Webui](./webui)
-4. [Kluctl Commands](./commands)
+4. [Kluctl Webui](./webui)
+5. [Kluctl Commands](./commands)
diff --git a/docs/reference/webui/README.md b/docs/reference/webui/README.md
new file mode 100644
index 000000000..7a41b04d4
--- /dev/null
+++ b/docs/reference/webui/README.md
@@ -0,0 +1,29 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "Kluctl Webui"
+linkTitle: "Kluctl Webui"
+description: "Kluctl Webui documentation."
+weight: 4
+---
+-->
+
+# Kluctl Webui
+
+The Kluctl Webui is a powerful UI which allows you to monitor and control your Kluctl GitOps deployments.
+
+You can [run it locally](./run.md) or [install](./installation.md) it to your Kubernetes cluster.
+
+## State of the Webui
+
+Please note that the Kluctl Webui is still in early stage of development, missing many planned features. It might
+also contain bugs and be unstable in some situations. If you encounter any such problems, please report these
+to https://github.com/kluctl/kluctl/issues.
+
+## Screenshots
+
+### Targets Overview
+![targets.jpg](https://kluctl.io/images/webui/targets.jpg)
+
+### Command Result
+![targets-result.jpg](https://kluctl.io/images/webui/targets-result.jpg)
diff --git a/docs/reference/webui/installation.md b/docs/reference/webui/installation.md
new file mode 100644
index 000000000..242ee5b9b
--- /dev/null
+++ b/docs/reference/webui/installation.md
@@ -0,0 +1,57 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Installation
+linkTitle: Installation
+description: Installing the Kluctl Webui
+weight: 20
+---
+-->
+
+# Installation
+
+The Kluctl Webui can be installed by using a [Git Include](../deployments/deployment-yml.md#git-includes) that refers
+to the [webui deployment project](https://github.com/kluctl/kluctl/tree/main/install/webui). Example:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/webui
+      ref:
+        tag: v2.20.8
+```
+
+# Overriding the version
+
+The image version of the Webui can be overriden with the `kluctl_version` arg:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/webui
+      ref:
+        tag: main
+    vars:
+      - values:
+          args:
+            kluctl_version: v2.20.8
+```
+
+# Passing arguments
+
+You can pass arbitrary command line arguments to the webui by providing the `webui_args` arg:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/webui
+      ref:
+        tag: v2.20.8
+    vars:
+      - values:
+          webui_args:
+            - --gops-agent
+```
diff --git a/docs/reference/webui/run.md b/docs/reference/webui/run.md
new file mode 100644
index 000000000..44fe3e0fe
--- /dev/null
+++ b/docs/reference/webui/run.md
@@ -0,0 +1,23 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Running locally
+linkTitle: Running locally
+description: Running the Kluctl Webui locally
+weight: 10
+---
+-->
+
+# Running locally
+
+The Kluctl Webui can be run locally by simply invoking [`kluctl webui run`](../commands/webui-run.md).
+It will by default connect to your local Kubeconfig Context and expose the Webui on `localhost`. It will also open
+the browser for you.
+
+## Multiple Clusters
+
+The Webui can already handle multiple clusters. Simply pass `--context <context-name>` multiple times to `kluctl webui run`.
+This will cause the Webui to listen for status updates on all passed clusters.
+
+As noted in [State of the Webui](./README.md#state-of-the-webui), the Webui is still in early stage and thus currently
+lacks sorting and filtering for clusters. This will be implemented in future releases.
diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 380832889..d0019d98b 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -30,6 +30,7 @@ FILES="$FILES install/controller/controller/kustomization.yaml"
 FILES="$FILES install/webui/.kluctl.yaml"
 FILES="$FILES install/webui/webui/deployment.yaml"
 FILES="$FILES docs/installation.md"
+FILES="$FILES docs/reference/webui/installation.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp

From 5910866f30438fbff0b909f284e89bd67a5fd73c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 26 Aug 2023 08:17:41 +0200
Subject: [PATCH 1507/2268] docs: Move around docs to be separated in
 kluctl/gitops/webui

---
 Makefile                                      |  2 +-
 README.md                                     |  4 +-
 docs/README.md                                | 39 +--------
 docs/concepts.md                              | 46 ----------
 docs/gitops/README.md                         |  8 +-
 docs/gitops/installation.md                   | 32 +++++++
 docs/history.md                               | 30 -------
 docs/kluctl/README.md                         | 85 +++++++++++++++++++
 docs/{reference => kluctl}/commands/README.md |  0
 .../commands/common-arguments.md              |  0
 .../commands/controller-install.md            |  0
 .../commands/controller-run.md                |  0
 docs/{reference => kluctl}/commands/delete.md |  0
 docs/{reference => kluctl}/commands/deploy.md |  0
 docs/{reference => kluctl}/commands/diff.md   |  0
 .../commands/environment-variables.md         |  0
 .../commands/helm-pull.md                     |  0
 .../commands/helm-update.md                   |  0
 .../commands/list-images.md                   |  0
 .../commands/list-targets.md                  |  0
 .../commands/poke-images.md                   |  0
 docs/{reference => kluctl}/commands/prune.md  |  0
 docs/{reference => kluctl}/commands/render.md |  0
 .../commands/validate.md                      |  0
 .../commands/webui-build.md                   |  0
 .../commands/webui-run.md                     |  0
 .../deployments/README.md                     |  0
 .../deployments/annotations/README.md         |  0
 .../deployments/annotations/all-resources.md  |  0
 .../deployments/annotations/hooks.md          |  0
 .../deployments/annotations/kustomization.md  |  0
 .../deployments/annotations/validation.md     |  0
 .../deployments/deployment-yml.md             |  0
 .../{reference => kluctl}/deployments/helm.md |  0
 .../deployments/hooks.md                      |  0
 .../deployments/images.md                     |  0
 .../deployments/kustomize.md                  |  0
 .../deployments/readiness.md                  |  0
 .../{reference => kluctl}/deployments/sops.md |  0
 .../{reference => kluctl}/deployments/tags.md |  0
 docs/{ => kluctl}/get-started.md              |  2 +-
 docs/{ => kluctl}/installation.md             |  0
 .../kluctl-project/README.md                  |  0
 .../kluctl-project/targets/README.md          |  0
 .../templating/README.md                      |  0
 .../templating/filters.md                     |  0
 .../templating/functions.md                   |  0
 .../templating/predefined-variables.md        |  0
 .../templating/variable-sources.md            |  0
 docs/philosophy.md                            | 41 ---------
 docs/reference/README.md                      | 18 ----
 docs/{reference => }/webui/README.md          |  4 +-
 docs/{reference => }/webui/installation.md    |  2 +-
 docs/{reference => }/webui/run.md             |  4 +-
 hack/prepare-release.sh                       |  5 +-
 55 files changed, 136 insertions(+), 186 deletions(-)
 delete mode 100644 docs/concepts.md
 create mode 100644 docs/gitops/installation.md
 delete mode 100644 docs/history.md
 create mode 100644 docs/kluctl/README.md
 rename docs/{reference => kluctl}/commands/README.md (100%)
 rename docs/{reference => kluctl}/commands/common-arguments.md (100%)
 rename docs/{reference => kluctl}/commands/controller-install.md (100%)
 rename docs/{reference => kluctl}/commands/controller-run.md (100%)
 rename docs/{reference => kluctl}/commands/delete.md (100%)
 rename docs/{reference => kluctl}/commands/deploy.md (100%)
 rename docs/{reference => kluctl}/commands/diff.md (100%)
 rename docs/{reference => kluctl}/commands/environment-variables.md (100%)
 rename docs/{reference => kluctl}/commands/helm-pull.md (100%)
 rename docs/{reference => kluctl}/commands/helm-update.md (100%)
 rename docs/{reference => kluctl}/commands/list-images.md (100%)
 rename docs/{reference => kluctl}/commands/list-targets.md (100%)
 rename docs/{reference => kluctl}/commands/poke-images.md (100%)
 rename docs/{reference => kluctl}/commands/prune.md (100%)
 rename docs/{reference => kluctl}/commands/render.md (100%)
 rename docs/{reference => kluctl}/commands/validate.md (100%)
 rename docs/{reference => kluctl}/commands/webui-build.md (100%)
 rename docs/{reference => kluctl}/commands/webui-run.md (100%)
 rename docs/{reference => kluctl}/deployments/README.md (100%)
 rename docs/{reference => kluctl}/deployments/annotations/README.md (100%)
 rename docs/{reference => kluctl}/deployments/annotations/all-resources.md (100%)
 rename docs/{reference => kluctl}/deployments/annotations/hooks.md (100%)
 rename docs/{reference => kluctl}/deployments/annotations/kustomization.md (100%)
 rename docs/{reference => kluctl}/deployments/annotations/validation.md (100%)
 rename docs/{reference => kluctl}/deployments/deployment-yml.md (100%)
 rename docs/{reference => kluctl}/deployments/helm.md (100%)
 rename docs/{reference => kluctl}/deployments/hooks.md (100%)
 rename docs/{reference => kluctl}/deployments/images.md (100%)
 rename docs/{reference => kluctl}/deployments/kustomize.md (100%)
 rename docs/{reference => kluctl}/deployments/readiness.md (100%)
 rename docs/{reference => kluctl}/deployments/sops.md (100%)
 rename docs/{reference => kluctl}/deployments/tags.md (100%)
 rename docs/{ => kluctl}/get-started.md (98%)
 rename docs/{ => kluctl}/installation.md (100%)
 rename docs/{reference => kluctl}/kluctl-project/README.md (100%)
 rename docs/{reference => kluctl}/kluctl-project/targets/README.md (100%)
 rename docs/{reference => kluctl}/templating/README.md (100%)
 rename docs/{reference => kluctl}/templating/filters.md (100%)
 rename docs/{reference => kluctl}/templating/functions.md (100%)
 rename docs/{reference => kluctl}/templating/predefined-variables.md (100%)
 rename docs/{reference => kluctl}/templating/variable-sources.md (100%)
 delete mode 100644 docs/philosophy.md
 delete mode 100644 docs/reference/README.md
 rename docs/{reference => }/webui/README.md (87%)
 rename docs/{reference => }/webui/installation.md (89%)
 rename docs/{reference => }/webui/run.md (81%)

diff --git a/Makefile b/Makefile
index 4d52b37bd..4e82b9089 100644
--- a/Makefile
+++ b/Makefile
@@ -96,7 +96,7 @@ test-e2e: envtest ## Run e2e tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -coverprofile cover.out -test.v
 
 replace-commands-help: ## Replace commands help in docs
-	go run ./internal/replace-commands-help --docs-dir ./docs/reference/commands
+	go run ./internal/replace-commands-help --docs-dir ./docs/kluctl/commands
 
 MARKDOWN_LINK_CHECK_VERSION=3.11.2
 markdown-link-check: ## Check markdown files for dead links
diff --git a/README.md b/README.md
index 1347f626b..d17b6c968 100644
--- a/README.md
+++ b/README.md
@@ -40,8 +40,8 @@ The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
 
 ## Where do I start?
 
-Installation instructions can be found [here](./docs/installation.md). For a getting started guide, continue
-[here](./docs/get-started.md).
+Installation instructions can be found [here](docs/kluctl/installation.md). For a getting started guide, continue
+[here](docs/kluctl/get-started.md).
 
 ## Community
 
diff --git a/docs/README.md b/docs/README.md
index 04164d892..0e06dbae8 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -11,39 +11,6 @@ weight: 20
 
 # Table of Contents
 
-1. [Get Started](./get-started.md)
-2. [Core Concepts](./concepts.md)
-3. [Installation](./installation.md)
-4. [Philosophy](./philosophy.md)
-5. [History](./history.md)
-6. [GitOps](./gitops)
-7. [Reference](./reference)
-
-<!-- TODO
-## Community
-
-Need help or want to contribute? Please see the links below. The Kluctl project is always looking for
-new contributors and there are a multitude of ways to get involved.
-
-- Getting Started?
-    - Look at our [Get Started guide](get-started/) and give us feedback
-- Need help?
-    - First: Ask questions on our [GH Discussions page](https://github.com/kluctl/kluctl/discussions)
-    - Second: Talk to us in the #kluctl channel on [CNCF Slack](https://slack.cncf.io/)
-    - Please follow our [Support Guidelines](/support/)
-      (in short: be nice, be respectful of volunteers' time, understand that maintainers and
-      contributors cannot respond to all DMs, and keep discussions in the public #kluctl channel as much as possible).
-- Have feature proposals or want to contribute?
-    - Propose features on our [GH Discussions page](https://github.com/kluctl/kluctl/discussions)
-    - Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
-    - [Join the flux-dev mailing list](https://lists.cncf.io/g/cncf-kluctl-dev).
-    - Check out [how to contribute](/contributing) to the project
-
-### Events
-
-Check out our **[events calendar](/#calendar)**,
-both with upcoming talks you can attend or past events videos you can watch.
-
-We look forward to seeing you with us!
-
--->
+1. [Kluctl](./kluctl)
+2. [Kluctl GitOps](./gitops)
+3. [Kluctl Webui](./webui)
diff --git a/docs/concepts.md b/docs/concepts.md
deleted file mode 100644
index ef99583dd..000000000
--- a/docs/concepts.md
+++ /dev/null
@@ -1,46 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: Core Concepts
-description: Core Concepts of Kluctl.
-weight: 10
----
--->
-
-# Core Concepts
-
-These are some core concepts in Kluctl.
-
-## Kluctl project
-The kluctl project defines targets.
-It is defined via the [.kluctl.yaml](./reference/kluctl-project) configuration file.
-
-## Targets
-A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
-allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
-
-## Deployments
-A [deployment](./reference/deployments) defines which Kustomize deployments and which sub-deployments
-to deploy. It also controls the order of deployments.
-
-Deployments may be configured through deployment arguments, which are typically provided via the targets but might also
-be provided through the CLI.
-
-## Variables
-[Variables](./reference/templating) are the main source of configuration. They are either loaded yaml
-files or directly defined inside deployments. Each variables file that is loaded has access to all the variables which
-were defined before, allowing complex composition of configuration.
-
-After being loaded, variables are usable through the templating engine at all nearly all places.
-
-## Templating
-All configuration files (including .kluctl.yaml and deployment.yaml) and all Kubernetes manifests involved are processed
-through a templating engine.
-The [templating engine](./reference/templating) allows simple variable substitution and also complex
-control structures (if/else, for loops, ...).
-
-## Unified CLI
-The CLI of kluctl is designed to be unified/consistent as much as possible. Most commands are centered around targets
-and thus require you to specify the target name (via `-t <target>`). If you remember how one command works, it's easy
-to figure out how the others work. Output from all targets based commands is also unified, allowing you to easily see
-what will and what did happen.
diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index 652908045..b2b2650f9 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -1,14 +1,14 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "GitOps"
-linkTitle: "GitOps"
+title: "Kluctl GitOps"
+linkTitle: "Kluctl GitOps"
 description: "Kluctl Controller documentation."
-weight: 3
+weight: 20
 ---
 -->
 
-# GitOps
+# Kluctl GitOps
 
 GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](../installation.md#installing-the-gitops-controller)
 to your target cluster.
diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
new file mode 100644
index 000000000..e939002d5
--- /dev/null
+++ b/docs/gitops/installation.md
@@ -0,0 +1,32 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "Installation"
+linkTitle: "Installation"
+weight: 20
+description: "Installing the Kluctl Controller"
+---
+-->
+
+# Installation
+
+The controller can be installed via two available options.
+
+## Using the "install" sub-command
+
+The [`kluctl controller install`](./reference/commands/controller-install.md) command can be used to install the
+controller. It will use an embedded version of the Controller Kluctl deployment project
+found [here](https://github.com/kluctl/kluctl/tree/main/install/controller).
+
+## Using a Kluctl deployment
+
+To manage and install the controller via Kluctl, you can use a Git include in your own deployment:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/controller
+      ref:
+        tag: v2.20.8
+```
diff --git a/docs/history.md b/docs/history.md
deleted file mode 100644
index f2f6fad8a..000000000
--- a/docs/history.md
+++ /dev/null
@@ -1,30 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "History"
-linkTitle: "History"
-weight: 40
-description: "The history of kluctl."
----
--->
-
-# History
-
-Kluctl was created after multiple incarnations of complex multi-environment (e.g. dev, test, prod) deployments, including everything
-from monitoring, persistency and the actual custom services. The philosophy of these deployments was always
-"what belongs together, should be put together", meaning that only as much Git repositories were involved as necessary.
-
-The problems to solve turned out to be always the same:
-* Dozens of Helm Charts, kustomize deployments and standalone Kubernetes manifests needed to be orchestrated in a way
-  that they work together (services need to connect to the correct databases, and so on)
-* (Encrypted) Secrets needed to be managed and orchestrated for multiple environments and clusters
-* Updates of components was always risky and required keeping track of what actually changed since the last deployment
-* Available tools (Helm, Kustomize) were not suitable to solve this on its own in an easy/natural way
-* A lot of bash scripting was required to put things together
-
-When this got more and more complex, and the bash scripts started to become a mess (as "simple" Bash scripts always tend to become),
-kluctl was started from scratch. It now tries to solve the mentioned problems and provide a useful set of features (commands)
-in a sane and unified way.
-
-The first versions of kluctl were written in Python, hence the use of Jinja2 templating in kluctl. With version 2.0.0,
-kluctl was rewritten in Go.
diff --git a/docs/kluctl/README.md b/docs/kluctl/README.md
new file mode 100644
index 000000000..9f862791f
--- /dev/null
+++ b/docs/kluctl/README.md
@@ -0,0 +1,85 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "Kluctl"
+linkTitle: "Kluctl"
+description: >
+  Kluctl Documentation
+weight: 10
+---
+-->
+
+# Kluctl
+
+## What is Kluctl?
+
+Kluctl is the missing glue that puts together your (and any third-party) deployments into one large declarative
+Kubernetes deployment, while making it fully manageable (deploy, diff, prune, delete, ...) via one unified command
+line interface.
+
+## Core Concepts
+
+These are some core concepts in Kluctl.
+
+### Kluctl project
+The kluctl project defines targets.
+It is defined via the [.kluctl.yaml](./reference/kluctl-project) configuration file.
+
+### Targets
+A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
+allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
+
+### Deployments
+A [deployment](./reference/deployments) defines which Kustomize deployments and which sub-deployments
+to deploy. It also controls the order of deployments.
+
+Deployments may be configured through deployment arguments, which are typically provided via the targets but might also
+be provided through the CLI.
+
+### Variables
+[Variables](./reference/templating) are the main source of configuration. They are either loaded yaml
+files or directly defined inside deployments. Each variables file that is loaded has access to all the variables which
+were defined before, allowing complex composition of configuration.
+
+After being loaded, variables are usable through the templating engine at all nearly all places.
+
+### Templating
+All configuration files (including .kluctl.yaml and deployment.yaml) and all Kubernetes manifests involved are processed
+through a templating engine.
+The [templating engine](./reference/templating) allows simple variable substitution and also complex
+control structures (if/else, for loops, ...).
+
+### Unified CLI
+The CLI of kluctl is designed to be unified/consistent as much as possible. Most commands are centered around targets
+and thus require you to specify the target name (via `-t <target>`). If you remember how one command works, it's easy
+to figure out how the others work. Output from all targets based commands is also unified, allowing you to easily see
+what will and what did happen.
+
+## History
+
+Kluctl was created after multiple incarnations of complex multi-environment (e.g. dev, test, prod) deployments, including everything
+from monitoring, persistency and the actual custom services. The philosophy of these deployments was always
+"what belongs together, should be put together", meaning that only as much Git repositories were involved as necessary.
+
+The problems to solve turned out to be always the same:
+* Dozens of Helm Charts, kustomize deployments and standalone Kubernetes manifests needed to be orchestrated in a way
+  that they work together (services need to connect to the correct databases, and so on)
+* (Encrypted) Secrets needed to be managed and orchestrated for multiple environments and clusters
+* Updates of components was always risky and required keeping track of what actually changed since the last deployment
+* Available tools (Helm, Kustomize) were not suitable to solve this on its own in an easy/natural way
+* A lot of bash scripting was required to put things together
+
+When this got more and more complex, and the bash scripts started to become a mess (as "simple" Bash scripts always tend to become),
+kluctl was started from scratch. It now tries to solve the mentioned problems and provide a useful set of features (commands)
+in a sane and unified way.
+
+The first versions of kluctl were written in Python, hence the use of Jinja2 templating in kluctl. With version 2.0.0,
+kluctl was rewritten in Go.
+
+## Table of Contents
+
+1. [Get Started](./get-started.md)
+2. [Installation](./installation.md)
+3. [Kluctl Commands](./commands)
+4. [.kluctl.yaml](./kluctl-project)
+5. [Deployments](./deployments)
diff --git a/docs/reference/commands/README.md b/docs/kluctl/commands/README.md
similarity index 100%
rename from docs/reference/commands/README.md
rename to docs/kluctl/commands/README.md
diff --git a/docs/reference/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
similarity index 100%
rename from docs/reference/commands/common-arguments.md
rename to docs/kluctl/commands/common-arguments.md
diff --git a/docs/reference/commands/controller-install.md b/docs/kluctl/commands/controller-install.md
similarity index 100%
rename from docs/reference/commands/controller-install.md
rename to docs/kluctl/commands/controller-install.md
diff --git a/docs/reference/commands/controller-run.md b/docs/kluctl/commands/controller-run.md
similarity index 100%
rename from docs/reference/commands/controller-run.md
rename to docs/kluctl/commands/controller-run.md
diff --git a/docs/reference/commands/delete.md b/docs/kluctl/commands/delete.md
similarity index 100%
rename from docs/reference/commands/delete.md
rename to docs/kluctl/commands/delete.md
diff --git a/docs/reference/commands/deploy.md b/docs/kluctl/commands/deploy.md
similarity index 100%
rename from docs/reference/commands/deploy.md
rename to docs/kluctl/commands/deploy.md
diff --git a/docs/reference/commands/diff.md b/docs/kluctl/commands/diff.md
similarity index 100%
rename from docs/reference/commands/diff.md
rename to docs/kluctl/commands/diff.md
diff --git a/docs/reference/commands/environment-variables.md b/docs/kluctl/commands/environment-variables.md
similarity index 100%
rename from docs/reference/commands/environment-variables.md
rename to docs/kluctl/commands/environment-variables.md
diff --git a/docs/reference/commands/helm-pull.md b/docs/kluctl/commands/helm-pull.md
similarity index 100%
rename from docs/reference/commands/helm-pull.md
rename to docs/kluctl/commands/helm-pull.md
diff --git a/docs/reference/commands/helm-update.md b/docs/kluctl/commands/helm-update.md
similarity index 100%
rename from docs/reference/commands/helm-update.md
rename to docs/kluctl/commands/helm-update.md
diff --git a/docs/reference/commands/list-images.md b/docs/kluctl/commands/list-images.md
similarity index 100%
rename from docs/reference/commands/list-images.md
rename to docs/kluctl/commands/list-images.md
diff --git a/docs/reference/commands/list-targets.md b/docs/kluctl/commands/list-targets.md
similarity index 100%
rename from docs/reference/commands/list-targets.md
rename to docs/kluctl/commands/list-targets.md
diff --git a/docs/reference/commands/poke-images.md b/docs/kluctl/commands/poke-images.md
similarity index 100%
rename from docs/reference/commands/poke-images.md
rename to docs/kluctl/commands/poke-images.md
diff --git a/docs/reference/commands/prune.md b/docs/kluctl/commands/prune.md
similarity index 100%
rename from docs/reference/commands/prune.md
rename to docs/kluctl/commands/prune.md
diff --git a/docs/reference/commands/render.md b/docs/kluctl/commands/render.md
similarity index 100%
rename from docs/reference/commands/render.md
rename to docs/kluctl/commands/render.md
diff --git a/docs/reference/commands/validate.md b/docs/kluctl/commands/validate.md
similarity index 100%
rename from docs/reference/commands/validate.md
rename to docs/kluctl/commands/validate.md
diff --git a/docs/reference/commands/webui-build.md b/docs/kluctl/commands/webui-build.md
similarity index 100%
rename from docs/reference/commands/webui-build.md
rename to docs/kluctl/commands/webui-build.md
diff --git a/docs/reference/commands/webui-run.md b/docs/kluctl/commands/webui-run.md
similarity index 100%
rename from docs/reference/commands/webui-run.md
rename to docs/kluctl/commands/webui-run.md
diff --git a/docs/reference/deployments/README.md b/docs/kluctl/deployments/README.md
similarity index 100%
rename from docs/reference/deployments/README.md
rename to docs/kluctl/deployments/README.md
diff --git a/docs/reference/deployments/annotations/README.md b/docs/kluctl/deployments/annotations/README.md
similarity index 100%
rename from docs/reference/deployments/annotations/README.md
rename to docs/kluctl/deployments/annotations/README.md
diff --git a/docs/reference/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
similarity index 100%
rename from docs/reference/deployments/annotations/all-resources.md
rename to docs/kluctl/deployments/annotations/all-resources.md
diff --git a/docs/reference/deployments/annotations/hooks.md b/docs/kluctl/deployments/annotations/hooks.md
similarity index 100%
rename from docs/reference/deployments/annotations/hooks.md
rename to docs/kluctl/deployments/annotations/hooks.md
diff --git a/docs/reference/deployments/annotations/kustomization.md b/docs/kluctl/deployments/annotations/kustomization.md
similarity index 100%
rename from docs/reference/deployments/annotations/kustomization.md
rename to docs/kluctl/deployments/annotations/kustomization.md
diff --git a/docs/reference/deployments/annotations/validation.md b/docs/kluctl/deployments/annotations/validation.md
similarity index 100%
rename from docs/reference/deployments/annotations/validation.md
rename to docs/kluctl/deployments/annotations/validation.md
diff --git a/docs/reference/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
similarity index 100%
rename from docs/reference/deployments/deployment-yml.md
rename to docs/kluctl/deployments/deployment-yml.md
diff --git a/docs/reference/deployments/helm.md b/docs/kluctl/deployments/helm.md
similarity index 100%
rename from docs/reference/deployments/helm.md
rename to docs/kluctl/deployments/helm.md
diff --git a/docs/reference/deployments/hooks.md b/docs/kluctl/deployments/hooks.md
similarity index 100%
rename from docs/reference/deployments/hooks.md
rename to docs/kluctl/deployments/hooks.md
diff --git a/docs/reference/deployments/images.md b/docs/kluctl/deployments/images.md
similarity index 100%
rename from docs/reference/deployments/images.md
rename to docs/kluctl/deployments/images.md
diff --git a/docs/reference/deployments/kustomize.md b/docs/kluctl/deployments/kustomize.md
similarity index 100%
rename from docs/reference/deployments/kustomize.md
rename to docs/kluctl/deployments/kustomize.md
diff --git a/docs/reference/deployments/readiness.md b/docs/kluctl/deployments/readiness.md
similarity index 100%
rename from docs/reference/deployments/readiness.md
rename to docs/kluctl/deployments/readiness.md
diff --git a/docs/reference/deployments/sops.md b/docs/kluctl/deployments/sops.md
similarity index 100%
rename from docs/reference/deployments/sops.md
rename to docs/kluctl/deployments/sops.md
diff --git a/docs/reference/deployments/tags.md b/docs/kluctl/deployments/tags.md
similarity index 100%
rename from docs/reference/deployments/tags.md
rename to docs/kluctl/deployments/tags.md
diff --git a/docs/get-started.md b/docs/kluctl/get-started.md
similarity index 98%
rename from docs/get-started.md
rename to docs/kluctl/get-started.md
index c92642802..6f1d3924b 100644
--- a/docs/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -47,7 +47,7 @@ for a given cluster.
 
 ## Install Kluctl
 
-The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](./installation.md)
+The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](installation.md)
 to figure out how to install it.
 
 ## Use Kluctl with a plain Kustomize deployment
diff --git a/docs/installation.md b/docs/kluctl/installation.md
similarity index 100%
rename from docs/installation.md
rename to docs/kluctl/installation.md
diff --git a/docs/reference/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
similarity index 100%
rename from docs/reference/kluctl-project/README.md
rename to docs/kluctl/kluctl-project/README.md
diff --git a/docs/reference/kluctl-project/targets/README.md b/docs/kluctl/kluctl-project/targets/README.md
similarity index 100%
rename from docs/reference/kluctl-project/targets/README.md
rename to docs/kluctl/kluctl-project/targets/README.md
diff --git a/docs/reference/templating/README.md b/docs/kluctl/templating/README.md
similarity index 100%
rename from docs/reference/templating/README.md
rename to docs/kluctl/templating/README.md
diff --git a/docs/reference/templating/filters.md b/docs/kluctl/templating/filters.md
similarity index 100%
rename from docs/reference/templating/filters.md
rename to docs/kluctl/templating/filters.md
diff --git a/docs/reference/templating/functions.md b/docs/kluctl/templating/functions.md
similarity index 100%
rename from docs/reference/templating/functions.md
rename to docs/kluctl/templating/functions.md
diff --git a/docs/reference/templating/predefined-variables.md b/docs/kluctl/templating/predefined-variables.md
similarity index 100%
rename from docs/reference/templating/predefined-variables.md
rename to docs/kluctl/templating/predefined-variables.md
diff --git a/docs/reference/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
similarity index 100%
rename from docs/reference/templating/variable-sources.md
rename to docs/kluctl/templating/variable-sources.md
diff --git a/docs/philosophy.md b/docs/philosophy.md
deleted file mode 100644
index 87065ee15..000000000
--- a/docs/philosophy.md
+++ /dev/null
@@ -1,41 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "Philosophy"
-linkTitle: "Philosophy"
-weight: 30
-description: "The philosophy behind kluctl."
----
--->
-
-# Philosophy
-
-Kluctl tries to follow a few basic ideas and a philosophy. Project and deployments structure, as well as all commands
-are centered on these.
-
-## Be practical
-Everything found in kluctl is based on years of experience in daily business, from the perspective of a DevOps Engineer. 
-Kluctl prefers practicability when possible, trying to make the daily life of a DevOps Engineer as comfortable as possible.
-
-## Consistent CLI
-Commands try to be as consistent as possible, making it easy to remember how they are used. For example, a `diff` is used the same way as a `deploy`. This applies to all sizes and complexities of projects. A simple/single-application deployment is used the same way as a complex one, so that it is easy to switch between projects.
-
-## Mostly declarative
-Kluctl tries to be declarative whenever possible, but loosens this in some cases to stay practical.
-For example, hooks, barriers and waitReadiness allows you to control order of deployments in a way that a pure declarative approach would not allow.
-
-## Predictable and traceable
-Always know what will happen (`diff` or `--dry-run`) and always know what happened (output changes done by a command).
-There is nothing worse than not knowing what's going to happen when you deploy the current state to prod. Not knowing what happened is on the same level.
-
-## Live and let live
-Kluctl tries to not interfere with any other tools or operators. It achieves this by honoring managed fields in an intelligent way.
-Kluctl will never force-apply anything without being told so, it will also always inform you about fields that you lost ownership of.
-
-## CLI/Client first
-Kluctl is centered around a unified command line interface and will always prioritize this. This
-guarantees that the DevOps Engineer never looses control, even if automation and/or GitOps style operators are being used.
-
-## No scripting
-Kluctl tries its best to remove the need for scripts (e.g. Bash) around deployments. It tries to remove the need
-for external orchestration of deployment order and/or dependencies.
diff --git a/docs/reference/README.md b/docs/reference/README.md
deleted file mode 100644
index 62053046b..000000000
--- a/docs/reference/README.md
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: "Reference"
-linkTitle: "Reference"
-description: >
-  Description of configuration files and commands
-weight: 110
----
--->
-
-## Table of Contents
-
-1. [.kluctl.yaml](./kluctl-project)
-2. [Deployments](./deployments)
-3. [Kluctl Webui](./webui)
-4. [Kluctl Webui](./webui)
-5. [Kluctl Commands](./commands)
diff --git a/docs/reference/webui/README.md b/docs/webui/README.md
similarity index 87%
rename from docs/reference/webui/README.md
rename to docs/webui/README.md
index 7a41b04d4..50d17c2e9 100644
--- a/docs/reference/webui/README.md
+++ b/docs/webui/README.md
@@ -4,7 +4,7 @@
 title: "Kluctl Webui"
 linkTitle: "Kluctl Webui"
 description: "Kluctl Webui documentation."
-weight: 4
+weight: 30
 ---
 -->
 
@@ -12,7 +12,7 @@ weight: 4
 
 The Kluctl Webui is a powerful UI which allows you to monitor and control your Kluctl GitOps deployments.
 
-You can [run it locally](./run.md) or [install](./installation.md) it to your Kubernetes cluster.
+You can [run it locally](run.md) or [install](installation.md) it to your Kubernetes cluster.
 
 ## State of the Webui
 
diff --git a/docs/reference/webui/installation.md b/docs/webui/installation.md
similarity index 89%
rename from docs/reference/webui/installation.md
rename to docs/webui/installation.md
index 242ee5b9b..3ad57a2b5 100644
--- a/docs/reference/webui/installation.md
+++ b/docs/webui/installation.md
@@ -10,7 +10,7 @@ weight: 20
 
 # Installation
 
-The Kluctl Webui can be installed by using a [Git Include](../deployments/deployment-yml.md#git-includes) that refers
+The Kluctl Webui can be installed by using a [Git Include](../kluctl/deployments/deployment-yml.md#git-includes) that refers
 to the [webui deployment project](https://github.com/kluctl/kluctl/tree/main/install/webui). Example:
 
 ```yaml
diff --git a/docs/reference/webui/run.md b/docs/webui/run.md
similarity index 81%
rename from docs/reference/webui/run.md
rename to docs/webui/run.md
index 44fe3e0fe..1342eeb37 100644
--- a/docs/reference/webui/run.md
+++ b/docs/webui/run.md
@@ -10,7 +10,7 @@ weight: 10
 
 # Running locally
 
-The Kluctl Webui can be run locally by simply invoking [`kluctl webui run`](../commands/webui-run.md).
+The Kluctl Webui can be run locally by simply invoking [`kluctl webui run`](../kluctl/commands/webui-run.md).
 It will by default connect to your local Kubeconfig Context and expose the Webui on `localhost`. It will also open
 the browser for you.
 
@@ -19,5 +19,5 @@ the browser for you.
 The Webui can already handle multiple clusters. Simply pass `--context <context-name>` multiple times to `kluctl webui run`.
 This will cause the Webui to listen for status updates on all passed clusters.
 
-As noted in [State of the Webui](./README.md#state-of-the-webui), the Webui is still in early stage and thus currently
+As noted in [State of the Webui](README.md#state-of-the-webui), the Webui is still in early stage and thus currently
 lacks sorting and filtering for clusters. This will be implemented in future releases.
diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index d0019d98b..558aecbd4 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -29,8 +29,9 @@ FILES="$FILES install/controller/.kluctl.yaml"
 FILES="$FILES install/controller/controller/kustomization.yaml"
 FILES="$FILES install/webui/.kluctl.yaml"
 FILES="$FILES install/webui/webui/deployment.yaml"
-FILES="$FILES docs/installation.md"
-FILES="$FILES docs/reference/webui/installation.md"
+FILES="$FILES docs/kluctl/installation.md"
+FILES="$FILES docs/gitops/installation.md"
+FILES="$FILES docs/webui/installation.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp

From 21348cc9030f25ca95a8fb6d81609d912befc800 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 26 Aug 2023 09:49:55 +0200
Subject: [PATCH 1508/2268] docs: Rename run.md to running-locally.md

---
 docs/webui/README.md                      | 2 +-
 docs/webui/{run.md => running-locally.md} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename docs/webui/{run.md => running-locally.md} (100%)

diff --git a/docs/webui/README.md b/docs/webui/README.md
index 50d17c2e9..4df77de86 100644
--- a/docs/webui/README.md
+++ b/docs/webui/README.md
@@ -12,7 +12,7 @@ weight: 30
 
 The Kluctl Webui is a powerful UI which allows you to monitor and control your Kluctl GitOps deployments.
 
-You can [run it locally](run.md) or [install](installation.md) it to your Kubernetes cluster.
+You can [run it locally](./running-locally.md) or [install](installation.md) it to your Kubernetes cluster.
 
 ## State of the Webui
 
diff --git a/docs/webui/run.md b/docs/webui/running-locally.md
similarity index 100%
rename from docs/webui/run.md
rename to docs/webui/running-locally.md

From 916867026a8e8d96c37d1179d4749058946523c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 26 Aug 2023 17:45:44 +0200
Subject: [PATCH 1509/2268] docs: Fix link

---
 docs/webui/running-locally.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/webui/running-locally.md b/docs/webui/running-locally.md
index 1342eeb37..f52287b2a 100644
--- a/docs/webui/running-locally.md
+++ b/docs/webui/running-locally.md
@@ -19,5 +19,5 @@ the browser for you.
 The Webui can already handle multiple clusters. Simply pass `--context <context-name>` multiple times to `kluctl webui run`.
 This will cause the Webui to listen for status updates on all passed clusters.
 
-As noted in [State of the Webui](README.md#state-of-the-webui), the Webui is still in early stage and thus currently
+As noted in [State of the Webui](./README.md#state-of-the-webui), the Webui is still in early stage and thus currently
 lacks sorting and filtering for clusters. This will be implemented in future releases.

From 1fc88328903f632864826184cfec5a742deaeaaf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 10:12:43 +0200
Subject: [PATCH 1510/2268] docs: Fix broken links

---
 docs/gitops/README.md                        | 14 ++++++------
 docs/gitops/installation.md                  |  2 +-
 docs/gitops/migration/README.md              |  2 +-
 docs/gitops/spec/v1beta1/kluctldeployment.md | 24 ++++++++++----------
 docs/kluctl/README.md                        |  8 +++----
 docs/kluctl/get-started.md                   |  2 +-
 docs/kluctl/installation.md                  |  4 ++--
 install/README.md                            |  2 +-
 8 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index b2b2650f9..c533387d8 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -10,7 +10,7 @@ weight: 20
 
 # Kluctl GitOps
 
-GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](../installation.md#installing-the-gitops-controller)
+GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](./installation.md)
 to your target cluster.
 
 The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#kluctldeployment)
@@ -19,7 +19,7 @@ whenever the deployment changes.
 
 ## Motivation and Philosophy
 
-Kluctl tries its best to implement all its features via [Kluctl projects](../reference/kluctl-project/README.md), meaning that
+Kluctl tries its best to implement all its features via [Kluctl projects](../kluctl/kluctl-project/README.md), meaning that
 the deployments are, at least theoretically, deployable from the CLI at all times. The Kluctl Controller does not
 add functionality on top of that and thus does not couple your deployments to a running controller.
 
@@ -32,7 +32,7 @@ documentation of [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#spec-fiel
 
 ## Installation
 
-Installation instructions can be found [here](../installation.md#installing-the-gitops-controller)
+Installation instructions can be found [here](./installation.md)
 
 ## Design
 
@@ -40,9 +40,9 @@ The reconciliation process consists of multiple steps which are constantly repea
 
 - **clone** the root Kluctl project via Git
 - **prepare** the Kluctl deployment by rendering the whole deployment
-- **deploy** the specified target via [kluctl deploy](../reference/commands/deploy.md) if the rendered resources changed
-- **prune** orphaned objects via [kluctl prune](../reference/commands/prune.md)
-- **validate** the deployment status via [kluctl validate](../reference/commands/validate.md)
+- **deploy** the specified target via [kluctl deploy](../kluctl/commands/deploy.md) if the rendered resources changed
+- **prune** orphaned objects via [kluctl prune](../kluctl/commands/prune.md)
+- **validate** the deployment status via [kluctl validate](../kluctl/commands/validate.md)
 
 Reconciliation is performed on a configurable [interval](spec/v1beta1/kluctldeployment.md#interval). A single
 reconciliation iteration will first clone and prepare the project. Only when the rendered resources indicate a change
@@ -52,7 +52,7 @@ also perform pruning (only if [prune: true](spec/v1beta1/kluctldeployment.md#pru
 When the `KluctlDeployment` is removed from the cluster, the controller cal also delete all resources belonging to
 that deployment. This will only happen if [delete: true](spec/v1beta1/kluctldeployment.md#delete) is set.
 
-Deletion and pruning is based on the [discriminator](../reference/kluctl-project/README.md#discriminator) of the given target.
+Deletion and pruning is based on the [discriminator](../kluctl/kluctl-project/README.md#discriminator) of the given target.
 
 A `KluctlDeployment` can be [suspended](spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
 will skip reconciliation, including deletion and pruning.
diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index e939002d5..8776f46a7 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -14,7 +14,7 @@ The controller can be installed via two available options.
 
 ## Using the "install" sub-command
 
-The [`kluctl controller install`](./reference/commands/controller-install.md) command can be used to install the
+The [`kluctl controller install`](../kluctl/commands/controller-install.md) command can be used to install the
 controller. It will use an embedded version of the Controller Kluctl deployment project
 found [here](https://github.com/kluctl/kluctl/tree/main/install/controller).
 
diff --git a/docs/gitops/migration/README.md b/docs/gitops/migration/README.md
index 99094f374..ef9dd3322 100644
--- a/docs/gitops/migration/README.md
+++ b/docs/gitops/migration/README.md
@@ -20,7 +20,7 @@ To do this, follow the following steps:
 1. Upgrade the legacy flux-kluctl-controller to at least v0.16.0. This version will introduce a special marker field
 into the legacy `KluctlDeployment` status and set it to true. This marker field is used to inform the new Kluctl Controller
 that the legacy controller is now aware of the existence of the new controller.
-2. If not already done, [install](../../installation.md#installing-the-gitops-controller) the new Kluctl Controller.
+2. If not already done, [install](../installation.md) the new Kluctl Controller.
 3. To be on the safe side, disable [pruning](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#prune) and
 [deletion](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#delete) for all legacy `KluctlDeployment` objects.
 Don't forget to deploy/apply these changes before continuing with the next step.
diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 743b1996c..1729086a8 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -10,8 +10,8 @@ weight: 20
 
 # KluctlDeployment
 
-The `KluctlDeployment` API defines a deployment of a [target](../../../reference/kluctl-project/targets)
-from a [Kluctl Project](../../../reference/kluctl-project).
+The `KluctlDeployment` API defines a deployment of a [target](../../../kluctl/kluctl-project/targets)
+from a [Kluctl Project](../../../kluctl/kluctl-project).
 
 ## Example
 
@@ -36,7 +36,7 @@ spec:
 In the above example a KluctlDeployment is being created that defines the deployment based on the Kluctl project.
 
 The deployment is performed every 5 minutes. It will deploy the `prod`
-[target](../../../reference/kluctl-project/targets) and then prune orphaned objects afterward.
+[target](../../../kluctl/kluctl-project/targets) and then prune orphaned objects afterward.
 
 When the KluctlDeployment gets deleted, `delete: true` will cause the controller to actually delete the target
 resources.
@@ -86,7 +86,7 @@ See [Reconciliation](#reconciliation).
 
 ### target
 `spec.target` specifies the target to be deployed. It must exist in the Kluctl projects
-[kluctl.yaml targets](../../../reference/kluctl-project/targets) list.
+[kluctl.yaml targets](../../../kluctl/kluctl-project/targets) list.
 
 This field is optional and can be omitted if the referenced Kluctl project allows deployments without targets.
 
@@ -101,7 +101,7 @@ This field is optional and can be omitted if the referenced Kluctl project allow
 ### deployMode
 By default, the operator will perform a full deployment, which is equivalent to using the `kluctl deploy` command.
 As an alternative, the controller can be instructed to only perform a `kluctl poke-images` command. Please
-see [poke-images](../../../reference/commands/poke-images.md) for details on the command. To do so, set `spec.deployMode`
+see [poke-images](../../../kluctl/commands/poke-images.md) for details on the command. To do so, set `spec.deployMode`
 field to `poke-images`.
 
 Example:
@@ -142,7 +142,7 @@ for this feature.
 Internally, approval happens by setting `spec.manualObjectsHash` to the objects hash of the approved command result.
 
 ### args
-`spec.args` is an object representing [arguments](../../../kluctl-project/#args)
+`spec.args` is an object representing [arguments](../../../kluctl/kluctl-project/README.md#args)
 passed to the deployment. Example:
 
 ```yaml
@@ -170,7 +170,7 @@ The above example is equivalent to calling `kluctl deploy -t prod -a arg1=value1
 
 ### images
 `spec.images` specifies a list of fixed images to be used by
-[`image.get_image(...)`](../../../reference/deployments/images.md#imagesget_image). Example:
+[`image.get_image(...)`](../../../kluctl/deployments/images.md#imagesget_image). Example:
 
 ```
 apiVersion: gitops.kluctl.io/v1beta1
@@ -197,7 +197,7 @@ The above example will cause the `images.get_image("nginx")` invocations of the
 to return `registry.gitlab.com/my-org/my-repo/image:1.2.3`.
 
 The fixed images provided here take precedence over the ones provided in the
-[target definition](../../../reference/kluctl-project/targets#images).
+[target definition](../../../kluctl/kluctl-project/targets#images).
 
 `spec.images` is equivalent to calling `kluctl deploy -t prod --fixed-image=nginx:example-namespace:Deployment/example=nginx:1.21.6 ...`
 and to `kluctl deploy -t prod --fixed-images-file=fixed-images.yaml` with `fixed-images.yaml` containing:
@@ -287,7 +287,7 @@ handles impersonation, with the difference that a kubeconfig with a "default" co
 
 `spec.kubeConfig` will simply load the kubeconfig from `data.value` of the specified secret.
 
-Kluctl [targets](../../../reference/kluctl-project/targets) specify a context name that is expected to
+Kluctl [targets](../../../kluctl/kluctl-project/targets) specify a context name that is expected to
 be present in the kubeconfig while deploying. As the context found in the generated kubeconfig does not necessarily
 have the correct name, `spec.context` can be used to while deploying. This is especially useful
 when using service account based kubeconfigs, as these always have the same context with the name "default".
@@ -392,8 +392,8 @@ stringData:
 
 ## Helm Repository authentication
 
-Kluctl allows to [integrate Helm Charts](../../../reference/deployments/helm.md) in two different ways.
-One is to [pre-pull charts](../../../reference/commands/helm-pull.md) and put them into version control,
+Kluctl allows to [integrate Helm Charts](../../../kluctl/deployments/helm.md) in two different ways.
+One is to [pre-pull charts](../../../kluctl/commands/helm-pull.md) and put them into version control,
 making it unnecessary to pull them at deploy time. This option also means that you don't have to take any special care
 on the controller side.
 
@@ -462,7 +462,7 @@ This will pass the credentials to all requests, even if the hostname changes.
 
 ## Secrets Decryption
 
-Kluctl offers a [SOPS Integration](../../../reference/deployments/sops.md) that allows to use encrypted
+Kluctl offers a [SOPS Integration](../../../kluctl/deployments/sops.md) that allows to use encrypted
 manifests and variable sources in Kluctl deployments. Decryption by the controller is also supported and currently
 mirrors how the [Secrets Decryption configuration](https://fluxcd.io/flux/components/kustomize/kustomization/#secrets-decryption)
 of the Flux Kustomize Controller. To configure it in the `KluctlDeployment`, simply set the `decryption` field in the
diff --git a/docs/kluctl/README.md b/docs/kluctl/README.md
index 9f862791f..d27972d09 100644
--- a/docs/kluctl/README.md
+++ b/docs/kluctl/README.md
@@ -23,21 +23,21 @@ These are some core concepts in Kluctl.
 
 ### Kluctl project
 The kluctl project defines targets.
-It is defined via the [.kluctl.yaml](./reference/kluctl-project) configuration file.
+It is defined via the [.kluctl.yaml](../kluctl/kluctl-project) configuration file.
 
 ### Targets
 A target defines a target cluster and a set of deployment arguments. Multiple targets can use the same cluster. Targets
 allow implementing multi-cluster, multi-environment, multi-customer, ... deployments.
 
 ### Deployments
-A [deployment](./reference/deployments) defines which Kustomize deployments and which sub-deployments
+A [deployment](../kluctl/deployments) defines which Kustomize deployments and which sub-deployments
 to deploy. It also controls the order of deployments.
 
 Deployments may be configured through deployment arguments, which are typically provided via the targets but might also
 be provided through the CLI.
 
 ### Variables
-[Variables](./reference/templating) are the main source of configuration. They are either loaded yaml
+[Variables](../kluctl/templating) are the main source of configuration. They are either loaded yaml
 files or directly defined inside deployments. Each variables file that is loaded has access to all the variables which
 were defined before, allowing complex composition of configuration.
 
@@ -46,7 +46,7 @@ After being loaded, variables are usable through the templating engine at all ne
 ### Templating
 All configuration files (including .kluctl.yaml and deployment.yaml) and all Kubernetes manifests involved are processed
 through a templating engine.
-The [templating engine](./reference/templating) allows simple variable substitution and also complex
+The [templating engine](../kluctl/templating) allows simple variable substitution and also complex
 control structures (if/else, for loops, ...).
 
 ### Unified CLI
diff --git a/docs/kluctl/get-started.md b/docs/kluctl/get-started.md
index 6f1d3924b..ddbfeffc8 100644
--- a/docs/kluctl/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -128,4 +128,4 @@ You should need 2 instances of the nginx POD running now.
 ## Where to continue?
 
 Continue by reading through the [tutorials](https://kluctl.io/docs/guides/tutorials/) and by consulting
-the [reference documentation](./reference).
+the [reference documentation](./README.md).
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 9296c1e33..2fe8eae58 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -100,7 +100,7 @@ The controller can be installed via two available options.
 
 ### Using the "install" sub-command
 
-The [`kluctl controller install`](./reference/commands/controller-install.md) command can be used to install the
+The [`kluctl controller install`](../kluctl/commands/controller-install.md) command can be used to install the
 controller. It will use an embedded version of the Controller Kluctl deployment project
 found [here](https://github.com/kluctl/kluctl/tree/main/install/controller).
 
@@ -119,4 +119,4 @@ deployments:
 
 ## Installing the Kluctl Webui
 
-See [Installing the Kluctl Webui](./reference/webui/install.md) for details.
+See [Installing the Kluctl Webui](../webui/installation.md) for details.
diff --git a/install/README.md b/install/README.md
index 12aca8ecb..5d76cfbd9 100644
--- a/install/README.md
+++ b/install/README.md
@@ -1,3 +1,3 @@
 # kluctl Installation
 
-Read [installation](../docs/installation.md) for instructions.
+Read [installation](../docs/kluctl/installation.md) for instructions.

From 72ca59c88429e80676d829f3dc4f40c92815f289 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 19:39:04 +0200
Subject: [PATCH 1511/2268] fix: Upgrade to latest go-jinja2 to fix a crash
 (#752)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6ab440fd4..fcb4de71f 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381
+	github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index 059c7a673..770b53feb 100644
--- a/go.sum
+++ b/go.sum
@@ -511,8 +511,8 @@ github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/q
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
 github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381 h1:0zYri8zATZtEIdDP5kOEqb2IzxWdN38tZ5gHxCMeBh8=
-github.com/kluctl/go-jinja2 v0.0.0-20230825103950-ac74568e0381/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
+github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2 h1:PvJ+c944vAYt+DmlCpYMQ+/ZUtfMA7BaUj+r3e/RX3E=
+github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=

From c4fca54b4abf5f491fd79d39404747fdf857ebbf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 18:36:43 +0200
Subject: [PATCH 1512/2268] refactor: Rename targets-view to target-cards-view

---
 pkg/webui/ui/src/components/ErrorMessage.tsx           |  2 +-
 pkg/webui/ui/src/components/Router.tsx                 |  4 ++--
 .../components/command-result/CommandResultCard.tsx    |  2 +-
 .../command-result/CommandResultSummaryView.tsx        |  2 +-
 .../{targets-view => target-cards-view}/Card.tsx       |  0
 .../ExpandableCard.tsx                                 |  0
 .../ProjectCard.tsx}                                   |  4 ++--
 .../TargetCard.tsx}                                    |  4 ++--
 .../TargetCardsView.tsx}                               | 10 +++++-----
 9 files changed, 14 insertions(+), 14 deletions(-)
 rename pkg/webui/ui/src/components/{targets-view => target-cards-view}/Card.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-cards-view}/ExpandableCard.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view/ProjectItem.tsx => target-cards-view/ProjectCard.tsx} (91%)
 rename pkg/webui/ui/src/components/{targets-view/TargetItem.tsx => target-cards-view/TargetCard.tsx} (99%)
 rename pkg/webui/ui/src/components/{targets-view/TargetsView.tsx => target-cards-view/TargetCardsView.tsx} (98%)

diff --git a/pkg/webui/ui/src/components/ErrorMessage.tsx b/pkg/webui/ui/src/components/ErrorMessage.tsx
index 4ae89b485..408ff00c1 100644
--- a/pkg/webui/ui/src/components/ErrorMessage.tsx
+++ b/pkg/webui/ui/src/components/ErrorMessage.tsx
@@ -1,5 +1,5 @@
 import { Box, Typography, useTheme } from "@mui/material";
-import { CardPaper } from "./targets-view/Card";
+import { CardPaper } from "./target-cards-view/Card";
 
 export interface ErrorMessageProps {
     children?: React.ReactNode;
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 0890a6536..e6dfb62ee 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,6 +1,6 @@
 import { createHashRouter, useNavigate, useRouteError } from "react-router-dom";
 import App from "./App";
-import { TargetsView } from "./targets-view/TargetsView";
+import { TargetCardsView } from "./target-cards-view/TargetCardsView";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
 import React, { useEffect } from "react";
@@ -35,7 +35,7 @@ export const Router = createHashRouter([
             },
             {
                 path: "targets/*",
-                element: <TargetsView />,
+                element: <TargetCardsView />,
                 errorElement: <ErrorPage />,
             },
         ],
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index b0c679e54..7d8131ed7 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -4,7 +4,7 @@ import { CommandResult, CommandResultSummary } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
-import { CardTemplate } from "../targets-view/Card";
+import { CardTemplate } from "../target-cards-view/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
 import { useAppContext } from "../App";
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
index 2fca9e195..2358ca7be 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
@@ -1,6 +1,6 @@
 import React, { useMemo } from "react";
 import { CommandResult } from "../../models";
-import { CardBody } from "../targets-view/Card";
+import { CardBody } from "../target-cards-view/Card";
 import { NodeBuilder } from "./nodes/NodeBuilder";
 
 
diff --git a/pkg/webui/ui/src/components/targets-view/Card.tsx b/pkg/webui/ui/src/components/target-cards-view/Card.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/Card.tsx
rename to pkg/webui/ui/src/components/target-cards-view/Card.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx b/pkg/webui/ui/src/components/target-cards-view/ExpandableCard.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/ExpandableCard.tsx
rename to pkg/webui/ui/src/components/target-cards-view/ExpandableCard.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
similarity index 91%
rename from pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
rename to pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
index c4595825e..65b7d77df 100644
--- a/pkg/webui/ui/src/components/targets-view/ProjectItem.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
@@ -5,7 +5,7 @@ import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
 import { CardTemplate, cardWidth, projectCardMinHeight } from "./Card";
 
-export const ProjectItem = React.memo((props: { ps: ProjectSummary }) => {
+export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
     const subDir = props.ps.project.subDir
 
@@ -35,4 +35,4 @@ export const ProjectItem = React.memo((props: { ps: ProjectSummary }) => {
     />;
 });
 
-ProjectItem.displayName = 'ProjectItem';
+ProjectCard.displayName = 'ProjectItem';
diff --git a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
similarity index 99%
rename from pkg/webui/ui/src/components/targets-view/TargetItem.tsx
rename to pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 7f8cd8fe0..033d089a7 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetItem.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -200,7 +200,7 @@ export const TargetItemBody = React.memo((props: {
     return <CardBody provider={new TargetItemCardProvider(props.ts, vr)}/>
 });
 
-export const TargetItem = React.memo(React.forwardRef((
+export const TargetCard = React.memo(React.forwardRef((
     props: {
         ps: ProjectSummary,
         ts: TargetSummary,
@@ -347,7 +347,7 @@ export const TargetItem = React.memo(React.forwardRef((
     />;
 }));
 
-TargetItem.displayName = 'TargetItem';
+TargetCard.displayName = 'TargetItem';
 
 class TargetItemCardProvider implements SidePanelProvider {
     private ts?: TargetSummary;
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
similarity index 98%
rename from pkg/webui/ui/src/components/targets-view/TargetsView.tsx
rename to pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index 455d1c5c2..39af9bd31 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -2,8 +2,8 @@ import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } fro
 import { Box, Typography, useTheme } from "@mui/material";
 import React, { useCallback, useMemo } from "react";
 import { useAppContext } from "../App";
-import { ProjectItem } from "./ProjectItem";
-import { TargetItem } from "./TargetItem";
+import { ProjectCard } from "./ProjectCard";
+import { TargetCard } from "./TargetCard";
 import Divider from "@mui/material/Divider";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
@@ -174,7 +174,7 @@ function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment
     return buildListKey(j)
 }
 
-export const TargetsView = () => {
+export const TargetCardsView = () => {
     const navigate = useNavigate();
     const loc = useLocation();
     const [searchParams] = useSearchParams()
@@ -254,7 +254,7 @@ export const TargetsView = () => {
             return <Box key={buildListKey(ps.project)}>
                 <Box display={"flex"} alignItems={"center"} margin='40px 0'>
                     <Box display='flex' alignItems='center' width={colWidth} flex='0 0 auto'>
-                        <ProjectItem ps={ps} />
+                        <ProjectCard ps={ps} />
                         <Box
                             flexGrow={1}
                             height={ps.targets.length * cardHeight + (ps.targets.length - 1) * cardGap}
@@ -284,7 +284,7 @@ export const TargetsView = () => {
                                     getKey={cd => buildListKey([cd.target, cd.kdInfo])}
                                     selected={selectedTargetKey}
                                     renderCard={(cardData, expanded, current) => {
-                                        return <TargetItem
+                                        return <TargetCard
                                             ps={ps}
                                             ts={ts}
                                             expanded={expanded}

From 846ff73eed843abe4d34b2685831140f27a6054b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 18:42:48 +0200
Subject: [PATCH 1513/2268] refactor: Move base cards code into own directory

---
 pkg/webui/ui/src/components/ErrorMessage.tsx                  | 2 +-
 .../ui/src/components/{target-cards-view => card}/Card.tsx    | 0
 .../components/{target-cards-view => card}/ExpandableCard.tsx | 0
 .../ui/src/components/command-result/CommandResultCard.tsx    | 2 +-
 .../components/command-result/CommandResultSummaryView.tsx    | 2 +-
 pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx | 2 +-
 pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx  | 2 +-
 .../ui/src/components/target-cards-view/TargetCardsView.tsx   | 4 ++--
 8 files changed, 7 insertions(+), 7 deletions(-)
 rename pkg/webui/ui/src/components/{target-cards-view => card}/Card.tsx (100%)
 rename pkg/webui/ui/src/components/{target-cards-view => card}/ExpandableCard.tsx (100%)

diff --git a/pkg/webui/ui/src/components/ErrorMessage.tsx b/pkg/webui/ui/src/components/ErrorMessage.tsx
index 408ff00c1..755abf7af 100644
--- a/pkg/webui/ui/src/components/ErrorMessage.tsx
+++ b/pkg/webui/ui/src/components/ErrorMessage.tsx
@@ -1,5 +1,5 @@
 import { Box, Typography, useTheme } from "@mui/material";
-import { CardPaper } from "./target-cards-view/Card";
+import { CardPaper } from "./card/Card";
 
 export interface ErrorMessageProps {
     children?: React.ReactNode;
diff --git a/pkg/webui/ui/src/components/target-cards-view/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/target-cards-view/Card.tsx
rename to pkg/webui/ui/src/components/card/Card.tsx
diff --git a/pkg/webui/ui/src/components/target-cards-view/ExpandableCard.tsx b/pkg/webui/ui/src/components/card/ExpandableCard.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/target-cards-view/ExpandableCard.tsx
rename to pkg/webui/ui/src/components/card/ExpandableCard.tsx
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 7d8131ed7..f5f575780 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -4,7 +4,7 @@ import { CommandResult, CommandResultSummary } from "../../models";
 import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
 import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
 import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
-import { CardTemplate } from "../target-cards-view/Card";
+import { CardTemplate } from "../card/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
 import { useAppContext } from "../App";
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
index 2358ca7be..a94b5ea14 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultSummaryView.tsx
@@ -1,6 +1,6 @@
 import React, { useMemo } from "react";
 import { CommandResult } from "../../models";
-import { CardBody } from "../target-cards-view/Card";
+import { CardBody } from "../card/Card";
 import { NodeBuilder } from "./nodes/NodeBuilder";
 
 
diff --git a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
index 65b7d77df..897b240e0 100644
--- a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
@@ -3,7 +3,7 @@ import { Box } from "@mui/material";
 import React from "react";
 import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
-import { CardTemplate, cardWidth, projectCardMinHeight } from "./Card";
+import { CardTemplate, cardWidth, projectCardMinHeight } from "../card/Card";
 
 export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 033d089a7..d24ced240 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -21,7 +21,7 @@ import {
 } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
-import { CardBody, CardTemplate } from "./Card";
+import { CardBody, CardTemplate } from "../card/Card";
 import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesEntry, PropertiesTable, pushProp } from "../PropertiesTable";
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index 39af9bd31..834518ddf 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -5,10 +5,10 @@ import { useAppContext } from "../App";
 import { ProjectCard } from "./ProjectCard";
 import { TargetCard } from "./TargetCard";
 import Divider from "@mui/material/Divider";
-import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "./Card";
+import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "../card/Card";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
-import { ExpandableCard } from "./ExpandableCard";
+import { ExpandableCard } from "../card/ExpandableCard";
 import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { CommandResultCard } from "../command-result/CommandResultCard";
 

From e58ecd54db26d98ff2c06938b5fa1676e92db95c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 18:48:48 +0200
Subject: [PATCH 1514/2268] refactor: Unify CardTabs

---
 pkg/webui/ui/src/components/card/Card.tsx     | 34 ++-----
 pkg/webui/ui/src/components/card/CardTabs.tsx | 89 +++++++++++++++++++
 .../command-result/CommandResultView.tsx      |  4 +-
 .../components/command-result/SidePanel.tsx   | 89 -------------------
 .../nodes/CommandResultNode.tsx               |  4 +-
 .../DeletedOrOrphanObjectsCollectionNode.tsx  |  4 +-
 .../nodes/DeploymentItemIncludeNode.tsx       |  4 +-
 .../nodes/DeploymentItemNode.tsx              |  4 +-
 .../command-result/nodes/NodeData.tsx         |  6 +-
 .../command-result/nodes/ObjectNode.tsx       |  4 +-
 .../nodes/VarsSourceCollectionNode.tsx        |  4 +-
 .../command-result/nodes/VarsSourceNode.tsx   |  4 +-
 .../target-cards-view/TargetCard.tsx          |  6 +-
 13 files changed, 116 insertions(+), 140 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/card/CardTabs.tsx
 delete mode 100644 pkg/webui/ui/src/components/command-result/SidePanel.tsx

diff --git a/pkg/webui/ui/src/components/card/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
index 9e44aa586..ba830abea 100644
--- a/pkg/webui/ui/src/components/card/Card.tsx
+++ b/pkg/webui/ui/src/components/card/Card.tsx
@@ -1,8 +1,7 @@
 import React from "react";
-import { Box, BoxProps, Divider, IconButton, Paper, PaperProps, Tab, Tooltip } from "@mui/material"
+import { Box, BoxProps, IconButton, Paper, PaperProps, Tooltip } from "@mui/material"
 import { CloseLightIcon } from "../../icons/Icons";
-import { SidePanelProvider, useSidePanelTabs } from "../command-result/SidePanel";
-import { TabContext, TabList, TabPanel } from "@mui/lab";
+import { CardTabs, CardTabsProvider, useCardTabs } from "./CardTabs";
 import { ScrollingTextLine } from "../ScrollingTextLine";
 
 export const cardWidth = 247;
@@ -154,8 +153,8 @@ export const CardTemplate = React.forwardRef((props: {
 
 CardTemplate.displayName = 'CardTemplate';
 
-export const CardBody = React.memo((props: { provider: SidePanelProvider }) => {
-    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
+export const CardBody = React.memo((props: { provider: CardTabsProvider }) => {
+    const { tabs, selectedTab, handleTabChange } = useCardTabs(props.provider)
 
     if (!props.provider
         || !selectedTab
@@ -164,30 +163,7 @@ export const CardBody = React.memo((props: { provider: SidePanelProvider }) => {
         return null;
     }
 
-    return <TabContext value={selectedTab}>
-        <Box display='flex' flexDirection='column' height='100%' overflow='hidden'>
-            <Box height='36px' flex='0 0 auto' p='0'>
-                <TabList onChange={handleTabChange}>
-                    {tabs.map((tab, i) => {
-                        return <Tab label={tab.label} value={tab.label} key={tab.label} />
-                    })}
-                </TabList>
-            </Box>
-            <Divider sx={{ margin: 0 }} />
-            <Box overflow='auto' p='10px 0' display={"flex"} flex={"1 1 auto"}>
-                {tabs.map(tab => {
-                    const sx: any = { padding: 0, flex: "1 1 auto" }
-                    if (selectedTab === tab.label) {
-                        // only the active tab should be a flex box, as otherwise the hidden ones go crazy
-                        sx.display = "flex"
-                    }
-                    return <TabPanel key={tab.label} value={tab.label} sx={sx} >
-                        {tab.content}
-                    </TabPanel>
-                })}
-            </Box>
-        </Box>
-    </TabContext>
+    return <CardTabs provider={props.provider}/>
 });
 
 CardBody.displayName = 'CardBody';
diff --git a/pkg/webui/ui/src/components/card/CardTabs.tsx b/pkg/webui/ui/src/components/card/CardTabs.tsx
new file mode 100644
index 000000000..8c779a690
--- /dev/null
+++ b/pkg/webui/ui/src/components/card/CardTabs.tsx
@@ -0,0 +1,89 @@
+import { Box, Divider, Tab } from "@mui/material";
+import React, { useCallback, useEffect, useMemo, useState } from "react";
+import { TabContext, TabList, TabPanel } from "@mui/lab";
+import { AppContextProps, useAppContext } from "../App";
+
+export interface CardTab {
+    label: string
+    content: React.ReactNode
+}
+
+export interface CardTabsProvider {
+    buildSidePanelTitle(): React.ReactNode
+    buildSidePanelTabs(appContext: AppContextProps): CardTab[]
+}
+
+export interface CardTabsProps {
+    provider?: CardTabsProvider;
+    onClose?: () => void;
+}
+
+export function useCardTabs(provider?: CardTabsProvider) {
+    const [selectedTab, setSelectedTab] = useState<string>();
+    const appCtx = useAppContext()
+
+    const handleTabChange = useCallback((_e: React.SyntheticEvent, value: string) => {
+        setSelectedTab(value);
+    }, []);
+
+    const tabs = useMemo(
+        () => provider?.buildSidePanelTabs(appCtx) || [],
+        [provider, appCtx]
+    );
+
+    useEffect(() => {
+        if (!tabs?.length) {
+            setSelectedTab("");
+            return
+        }
+
+        if (!selectedTab) {
+            setSelectedTab(tabs[0].label);
+            return
+        }
+
+        if (!tabs.find(x => x.label === selectedTab)) {
+            // reset it after the type of selected item has changed
+            setSelectedTab(tabs[0].label);
+        }
+    }, [selectedTab, tabs]);
+
+    return { tabs, selectedTab, handleTabChange }
+}
+
+export const CardTabs = (props: CardTabsProps) => {
+    const { tabs, selectedTab, handleTabChange } = useCardTabs(props.provider)
+
+    if (!selectedTab || !tabs.find(x => x.label === selectedTab)) {
+        return <></>
+    }
+
+    if (!props.provider) {
+        return <></>
+    }
+
+    return <TabContext value={selectedTab}>
+        <Box display='flex' flexDirection='column' height='100%' overflow='hidden'>
+            <Box height='36px' flex='0 0 auto' p='0'>
+                <TabList onChange={handleTabChange}>
+                    {tabs.map((tab, i) => {
+                        return <Tab label={tab.label} value={tab.label} key={tab.label}/>
+                    })}
+                </TabList>
+            </Box>
+            <Divider sx={{ margin: 0 }}/>
+            <Box overflow='auto' p='10px 0' display={"flex"} flex={"1 1 auto"}>
+                {tabs.map(tab => {
+                    const sx: any = { padding: 0, flex: "1 1 auto" }
+                    if (selectedTab === tab.label) {
+                        // only the active tab should be a flex box, as otherwise the hidden ones go crazy
+                        sx.display = "flex"
+                    }
+                    return <TabPanel key={tab.label} value={tab.label} sx={sx}>
+                        {tab.content}
+                    </TabPanel>
+                })}
+            </Box>
+        </Box>
+    </TabContext>
+}
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultView.tsx b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
index 8b076cfb9..5f7733e87 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultView.tsx
@@ -3,7 +3,7 @@ import { CommandResult } from "../../models";
 import { Box, Divider } from "@mui/material";
 import { NodeData } from "./nodes/NodeData";
 import CommandResultTree from "./CommandResultTree";
-import { SidePanel } from "./SidePanel";
+import { CardTabs } from "../card/CardTabs";
 import { NodeBuilder } from "./nodes/NodeBuilder";
 
 export const CommandResultBody = React.memo((props: {
@@ -31,7 +31,7 @@ export const CommandResultBody = React.memo((props: {
         </Box>
         <Divider orientation={"vertical"} sx={{marginX: "10px"}}/>
         <Box minWidth={"50%"} maxWidth={"50%"} height={"100%"}>
-            <SidePanel provider={selectedNode} onClose={() => setSelectedNode(undefined)} />
+            <CardTabs provider={selectedNode} onClose={() => setSelectedNode(undefined)} />
         </Box>
     </Box>
 });
diff --git a/pkg/webui/ui/src/components/command-result/SidePanel.tsx b/pkg/webui/ui/src/components/command-result/SidePanel.tsx
deleted file mode 100644
index 7eef7252b..000000000
--- a/pkg/webui/ui/src/components/command-result/SidePanel.tsx
+++ /dev/null
@@ -1,89 +0,0 @@
-import { Box, Divider, Tab, ThemeProvider } from "@mui/material";
-import React, { useCallback, useEffect, useMemo, useState } from "react";
-import { TabContext, TabList, TabPanel } from "@mui/lab";
-import { light } from "../theme";
-import { AppContextProps, useAppContext } from "../App";
-
-export interface SidePanelTab {
-    label: string
-    content: React.ReactNode
-}
-
-export interface SidePanelProvider {
-    buildSidePanelTitle(): React.ReactNode
-    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[]
-}
-
-export interface SidePanelProps {
-    provider?: SidePanelProvider;
-    onClose?: () => void;
-}
-
-export function useSidePanelTabs(provider?: SidePanelProvider) {
-    const [selectedTab, setSelectedTab] = useState<string>();
-    const appCtx = useAppContext()
-
-    const handleTabChange = useCallback((_e: React.SyntheticEvent, value: string) => {
-        setSelectedTab(value);
-    }, []);
-
-    const tabs = useMemo(
-        () => provider?.buildSidePanelTabs(appCtx) || [],
-        [provider, appCtx]
-    );
-
-    useEffect(() => {
-        if (!tabs?.length) {
-            setSelectedTab("");
-            return
-        }
-
-        if (!selectedTab) {
-            setSelectedTab(tabs[0].label);
-            return
-        }
-
-        if (!tabs.find(x => x.label === selectedTab)) {
-            // reset it after the type of selected item has changed
-            setSelectedTab(tabs[0].label);
-        }
-    }, [selectedTab, tabs]);
-
-    return { tabs, selectedTab, handleTabChange }
-}
-
-export const SidePanel = (props: SidePanelProps) => {
-    const { tabs, selectedTab, handleTabChange } = useSidePanelTabs(props.provider)
-
-    if (!selectedTab || !tabs.find(x => x.label === selectedTab)) {
-        return <></>
-    }
-
-    if (!props.provider) {
-        return <></>
-    }
-
-    return <Box width={"100%"} height={"100%"} display="flex" flexDirection="column" overflow='hidden'>
-        <TabContext value={selectedTab}>
-            <Box display='flex' flexDirection='column' flex='0 0 auto' justifyContent='space-between'>
-                <Box height='36px' flex='0 0 auto' p='0 30px'>
-                    <TabList onChange={handleTabChange}>
-                        {tabs.map((tab, i) => {
-                            return <Tab label={tab.label} value={tab.label} key={tab.label} />
-                        })}
-                    </TabList>
-                </Box>
-            </Box>
-            <Divider />
-            <Box overflow='auto' p='4px' flex={"1 1 auto"}>
-                {tabs.map(tab => {
-                    return <ThemeProvider theme={light} key={tab.label}>
-                        <TabPanel value={tab.label} sx={{padding: 0, display: "flex"}}>
-                            {tab.content}
-                        </TabPanel>
-                    </ThemeProvider>
-                })}
-            </Box>
-        </TabContext>
-    </Box>
-}
diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index bba187610..8c96aec0e 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -3,7 +3,7 @@ import React from 'react';
 import { NodeData } from "./NodeData";
 import { PropertiesEntry, PropertiesTable, pushProp } from "../../PropertiesTable";
 
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { DeployIcon } from '../../../icons/Icons';
 import { LogsViewer } from "../../LogsViewer";
 import { CommandResult } from "../../../models";
@@ -24,7 +24,7 @@ export class CommandResultNodeData extends NodeData {
         return [<DeployIcon />, "result"]
     }
 
-    buildSidePanelTabs(appCtx: AppContextProps): SidePanelTab[] {
+    buildSidePanelTabs(appCtx: AppContextProps): CardTab[] {
         const tabs = [
             {label: "Summary", content: this.buildSummaryPage()},
             {label: "Target", content: this.buildTargetPage()},
diff --git a/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
index be4e5d7fd..d4dc9321f 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeletedOrOrphanObjectsCollectionNode.tsx
@@ -2,7 +2,7 @@ import { NodeData } from "./NodeData";
 import React from "react";
 import { Delete, LinkOff } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { CommandResult } from "../../../models";
 
 export class DeletedOrOrphanObjectsCollectionNode extends NodeData {
@@ -29,7 +29,7 @@ export class DeletedOrOrphanObjectsCollectionNode extends NodeData {
         }
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(): CardTab[] {
         const tabs = [
             {label: "Summary", content: this.buildSummaryPage()}
         ]
diff --git a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
index 560ab4a59..1af68a37a 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
@@ -5,7 +5,7 @@ import { NodeData } from "./NodeData";
 import { GitIcon, IncludeIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { buildGitRefString } from "../../../api";
 
 
@@ -41,7 +41,7 @@ export class DeploymentItemIncludeNodeData extends NodeData {
         return [<IncludeIcon />, "include"]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(): CardTab[] {
         const tabs = [
             {label: "Summary", content: this.buildSummaryPage()},
         ]
diff --git a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
index b9ac982b5..0eaf75fc4 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemNode.tsx
@@ -4,7 +4,7 @@ import { CommandResult, DeploymentItemConfig } from "../../../models";
 import { NodeData } from "./NodeData";
 import { Source } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 
 
 export class DeploymentItemNodeData extends NodeData {
@@ -24,7 +24,7 @@ export class DeploymentItemNodeData extends NodeData {
         return [<Source fontSize={"large"}/>, iconText]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(): CardTab[] {
         const tabs = [
             {label: "Summary", content: this.buildSummaryPage()},
         ]
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index ca753a744..87cb4ea5f 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -6,7 +6,7 @@ import { ErrorsTable } from "../../ErrorsTable";
 import { ObjectType } from "../../../api";
 import { ResultObjectViewer } from "../../ResultObjectViewer";
 import { StatusLine } from "../CommandResultStatusLine";
-import { SidePanelProvider, SidePanelTab } from "../SidePanel";
+import { CardTabsProvider, CardTab } from "../../card/CardTabs";
 import { AppContextProps } from "../../App";
 
 export class DiffStatus {
@@ -68,7 +68,7 @@ export class HealthStatus {
     }
 }
 
-export abstract class NodeData implements SidePanelProvider {
+export abstract class NodeData implements CardTabsProvider {
     commandResult: CommandResult
 
     id: string
@@ -110,7 +110,7 @@ export abstract class NodeData implements SidePanelProvider {
 
     abstract buildIcon(appContext: AppContextProps): [React.ReactNode, string]
 
-    abstract buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[]
+    abstract buildSidePanelTabs(appContext: AppContextProps): CardTab[]
 
     buildStatusLine(): React.ReactNode {
         return <StatusLine
diff --git a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
index 3fe3cdb05..3d7003436 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/ObjectNode.tsx
@@ -5,7 +5,7 @@ import { NodeData } from "./NodeData";
 import { PublishedWithChanges, Settings, SettingsEthernet, SmartToy, SvgIconComponent } from "@mui/icons-material";
 import { PropertiesTable } from "../../PropertiesTable";
 import { findObjectByRef, ObjectType } from "../../../api";
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { BracketsCurlyIcon } from '../../../icons/Icons';
 import { AppContextProps } from "../../App";
 
@@ -40,7 +40,7 @@ export class ObjectNodeData extends NodeData {
         return [<BracketsCurlyIcon />, snStr]
     }
 
-    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[] {
+    buildSidePanelTabs(appContext: AppContextProps): CardTab[] {
         const tabs = [
             { label: "Summary", content: this.buildSummaryPage() }
         ]
diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
index 65d79464f..81a4b91ea 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceCollectionNode.tsx
@@ -1,7 +1,7 @@
 import { CommandResult, VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { BracketsSquareIcon } from "../../../icons/Icons";
 
 export class VarsSourceCollectionNodeData extends NodeData {
@@ -19,7 +19,7 @@ export class VarsSourceCollectionNodeData extends NodeData {
         return [<BracketsSquareIcon />, "vars"]
     }
 
-    buildSidePanelTabs(): SidePanelTab[] {
+    buildSidePanelTabs(): CardTab[] {
         return [];
     }
 }
diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index a9378b0d2..bb5c6fa83 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -8,7 +8,7 @@ import { CodeViewer } from "../../CodeViewer";
 import { Alert, Box } from "@mui/material";
 
 import * as yaml from 'js-yaml';
-import { SidePanelTab } from "../SidePanel";
+import { CardTab } from "../../card/CardTabs";
 import { buildGitRefString } from "../../../api";
 import { AppContextProps } from "../../App";
 
@@ -195,7 +195,7 @@ export class VarsSourceNodeData extends NodeData {
         return [h.icon(), h.type]
     }
 
-    buildSidePanelTabs(appContext: AppContextProps): SidePanelTab[] {
+    buildSidePanelTabs(appContext: AppContextProps): CardTab[] {
         const tabs = [
             { label: "Summary", content: this.buildSummaryPage() },
             { label: "Vars", content: this.buildVarsPage(appContext) }
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index d24ced240..971875743 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -22,7 +22,7 @@ import {
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
-import { SidePanelProvider, SidePanelTab } from "../command-result/SidePanel";
+import { CardTabsProvider, CardTab } from "../card/CardTabs";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesEntry, PropertiesTable, pushProp } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
@@ -349,7 +349,7 @@ export const TargetCard = React.memo(React.forwardRef((
 
 TargetCard.displayName = 'TargetItem';
 
-class TargetItemCardProvider implements SidePanelProvider {
+class TargetItemCardProvider implements CardTabsProvider {
     private ts?: TargetSummary;
     private lastValidateResult?: ValidateResult
 
@@ -358,7 +358,7 @@ class TargetItemCardProvider implements SidePanelProvider {
         this.lastValidateResult = vr
     }
 
-    buildSidePanelTabs(appCtx: AppContextProps): SidePanelTab[] {
+    buildSidePanelTabs(appCtx: AppContextProps): CardTab[] {
         if (!this.ts) {
             return []
         }

From d4463ababb38cd659df44c078473a7f9a5e1d78a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 18:59:02 +0200
Subject: [PATCH 1515/2268] refactor: Move out relations code into own source
 file

---
 .../target-cards-view/Relations.tsx           | 135 ++++++++++++++++++
 .../target-cards-view/TargetCard.tsx          |   2 +-
 .../target-cards-view/TargetCardsView.tsx     | 134 +----------------
 3 files changed, 138 insertions(+), 133 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/target-cards-view/Relations.tsx

diff --git a/pkg/webui/ui/src/components/target-cards-view/Relations.tsx b/pkg/webui/ui/src/components/target-cards-view/Relations.tsx
new file mode 100644
index 000000000..df140b110
--- /dev/null
+++ b/pkg/webui/ui/src/components/target-cards-view/Relations.tsx
@@ -0,0 +1,135 @@
+import React from "react";
+import { Box, useTheme } from "@mui/material";
+import { cardGap, cardHeight } from "../card/Card";
+
+const curveRadius = 12;
+const circleRadius = 5;
+const strokeWidth = 2;
+
+const Circle = React.memo((props: React.SVGProps<SVGCircleElement>) => {
+    const theme = useTheme();
+    return <circle
+        r={circleRadius}
+        fill={theme.palette.background.default}
+        stroke={theme.palette.secondary.main}
+        strokeWidth={strokeWidth}
+        {...props}
+    />
+})
+
+export const RelationHorizontalLine = React.memo(() => {
+    const theme = useTheme();
+    return <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
+        <svg
+            xmlns='http://www.w3.org/2000/svg'
+            fill='none'
+            height={`${2 * circleRadius + strokeWidth}px`}
+            width='100%'
+        >
+            <svg
+                height='100%'
+                width='100%'
+                viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
+                fill='none'
+                preserveAspectRatio='none'
+            >
+                <path
+                    d={`
+                  M ${circleRadius + strokeWidth / 2} ${circleRadius + strokeWidth / 2}
+                  H ${100 - circleRadius - strokeWidth / 2}
+                `}
+                    stroke={theme.palette.secondary.main}
+                    strokeWidth={strokeWidth}
+                />
+            </svg>
+            <svg
+                fill='none'
+                height='100%'
+                width='100%'
+            >
+                <Circle cx={circleRadius + strokeWidth / 2} cy='50%' />
+            </svg>
+            <svg
+                fill='none'
+                height='100%'
+                width='100%'
+            >
+                <Circle cx={`calc(100% - ${circleRadius + strokeWidth / 2}px)`} cy='50%' />
+            </svg>
+        </svg>
+    </Box>;
+});
+
+export const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
+    const theme = useTheme();
+    const height = targetCount * cardHeight + (targetCount - 1) * cardGap
+    const width = 152;
+
+    if (targetCount <= 0) {
+        return null;
+    }
+
+    const targetsCenterYs = Array(targetCount).fill(0).map((_, i) =>
+        cardHeight / 2 + i * (cardHeight + cardGap)
+    );
+    const rootCenterY = height / 2;
+
+    return <svg
+        width={width}
+        height={height}
+        viewBox={`0 0 ${width} ${height}`}
+        fill='none'
+    >
+        {targetsCenterYs.map((cy, i) => {
+            let d: React.SVGAttributes<SVGPathElement>['d'];
+            if (targetCount % 2 === 1 && i === Math.floor(targetCount / 2)) {
+                // target is in the middle.
+                d = `
+                        M ${circleRadius},${rootCenterY}
+                        h ${width - circleRadius}
+                    `;
+            } else if (i < targetCount / 2) {
+                // target is higher than root.
+                d = `
+                        M ${circleRadius},${rootCenterY}
+                        h ${width / 2 - curveRadius - circleRadius}
+                        a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} -${curveRadius}
+                        v ${cy - rootCenterY + curveRadius * 2}
+                        a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} -${curveRadius}
+                        h ${width / 2 - curveRadius - circleRadius}
+                    `;
+            } else {
+                // target is lower than root.
+                d = `
+                    M ${circleRadius},${rootCenterY}
+                    h ${width / 2 - curveRadius - circleRadius}
+                    a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} ${curveRadius}
+                    v ${cy - rootCenterY - curveRadius * 2}
+                    a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} ${curveRadius}
+                    h ${width / 2 - curveRadius - circleRadius}
+                `;
+            }
+
+            return [
+                <path
+                    key={`path-${i}`}
+                    d={d}
+                    stroke={theme.palette.secondary.main}
+                    strokeWidth={strokeWidth}
+                    strokeLinecap='round'
+                    strokeLinejoin='round'
+                />,
+                <Circle
+                    key={`circle-${i}`}
+                    cx={width - circleRadius - strokeWidth / 2}
+                    cy={cy}
+                />
+            ]
+        })}
+        <Circle
+            key='circle-root'
+            cx={circleRadius + strokeWidth / 2}
+            cy={rootCenterY}
+        />
+    </svg>
+});
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 971875743..f3074b29f 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -22,7 +22,7 @@ import {
 import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
-import { CardTabsProvider, CardTab } from "../card/CardTabs";
+import { CardTab, CardTabsProvider } from "../card/CardTabs";
 import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesEntry, PropertiesTable, pushProp } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index 834518ddf..5b7f63042 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -1,5 +1,5 @@
 import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } from "../../models";
-import { Box, Typography, useTheme } from "@mui/material";
+import { Box, Typography } from "@mui/material";
 import React, { useCallback, useMemo } from "react";
 import { useAppContext } from "../App";
 import { ProjectCard } from "./ProjectCard";
@@ -11,11 +11,9 @@ import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "../card/ExpandableCard";
 import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { CommandResultCard } from "../command-result/CommandResultCard";
+import { RelationHorizontalLine, RelationTree } from "./Relations";
 
 const colWidth = 416;
-const curveRadius = 12;
-const circleRadius = 5;
-const strokeWidth = 2;
 
 function ColHeader({ children }: { children: React.ReactNode }) {
     return <Box
@@ -37,134 +35,6 @@ function ColHeader({ children }: { children: React.ReactNode }) {
     </Box>
 }
 
-const Circle = React.memo((props: React.SVGProps<SVGCircleElement>) => {
-    const theme = useTheme();
-    return <circle
-        r={circleRadius}
-        fill={theme.palette.background.default}
-        stroke={theme.palette.secondary.main}
-        strokeWidth={strokeWidth}
-        {...props}
-    />
-})
-
-const RelationHorizontalLine = React.memo(() => {
-    const theme = useTheme();
-    return <Box flexGrow={1} display='flex' justifyContent='center' alignItems='center' px='9px'>
-        <svg
-            xmlns='http://www.w3.org/2000/svg'
-            fill='none'
-            height={`${2 * circleRadius + strokeWidth}px`}
-            width='100%'
-        >
-            <svg
-                height='100%'
-                width='100%'
-                viewBox={`0 0 100 ${2 * circleRadius + strokeWidth}`}
-                fill='none'
-                preserveAspectRatio='none'
-            >
-                <path
-                    d={`
-                  M ${circleRadius + strokeWidth / 2} ${circleRadius + strokeWidth / 2}
-                  H ${100 - circleRadius - strokeWidth / 2}
-                `}
-                    stroke={theme.palette.secondary.main}
-                    strokeWidth={strokeWidth}
-                />
-            </svg>
-            <svg
-                fill='none'
-                height='100%'
-                width='100%'
-            >
-                <Circle cx={circleRadius + strokeWidth / 2} cy='50%' />
-            </svg>
-            <svg
-                fill='none'
-                height='100%'
-                width='100%'
-            >
-                <Circle cx={`calc(100% - ${circleRadius + strokeWidth / 2}px)`} cy='50%' />
-            </svg>
-        </svg>
-    </Box>;
-});
-
-const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
-    const theme = useTheme();
-    const height = targetCount * cardHeight + (targetCount - 1) * cardGap
-    const width = 152;
-
-    if (targetCount <= 0) {
-        return null;
-    }
-
-    const targetsCenterYs = Array(targetCount).fill(0).map((_, i) =>
-        cardHeight / 2 + i * (cardHeight + cardGap)
-    );
-    const rootCenterY = height / 2;
-
-    return <svg
-        width={width}
-        height={height}
-        viewBox={`0 0 ${width} ${height}`}
-        fill='none'
-    >
-        {targetsCenterYs.map((cy, i) => {
-            let d: React.SVGAttributes<SVGPathElement>['d'];
-            if (targetCount % 2 === 1 && i === Math.floor(targetCount / 2)) {
-                // target is in the middle.
-                d = `
-                        M ${circleRadius},${rootCenterY}
-                        h ${width - circleRadius}
-                    `;
-            } else if (i < targetCount / 2) {
-                // target is higher than root.
-                d = `
-                        M ${circleRadius},${rootCenterY}
-                        h ${width / 2 - curveRadius - circleRadius}
-                        a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} -${curveRadius}
-                        v ${cy - rootCenterY + curveRadius * 2}
-                        a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} -${curveRadius}
-                        h ${width / 2 - curveRadius - circleRadius}
-                    `;
-            } else {
-                // target is lower than root.
-                d = `
-                    M ${circleRadius},${rootCenterY}
-                    h ${width / 2 - curveRadius - circleRadius}
-                    a ${curveRadius} ${curveRadius} 90 0 1 ${curveRadius} ${curveRadius}
-                    v ${cy - rootCenterY - curveRadius * 2}
-                    a ${curveRadius} ${curveRadius} 90 0 0 ${curveRadius} ${curveRadius}
-                    h ${width / 2 - curveRadius - circleRadius}
-                `;
-            }
-
-            return [
-                <path
-                    key={`path-${i}`}
-                    d={d}
-                    stroke={theme.palette.secondary.main}
-                    strokeWidth={strokeWidth}
-                    strokeLinecap='round'
-                    strokeLinejoin='round'
-                />,
-                <Circle
-                    key={`circle-${i}`}
-                    cx={width - circleRadius - strokeWidth / 2}
-                    cy={cy}
-                />
-            ]
-        })}
-        <Circle
-            key='circle-root'
-            cx={circleRadius + strokeWidth / 2}
-            cy={rootCenterY}
-        />
-    </svg>
-});
-
 function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo) {
     const j = {
         "project": project,

From bb1ecda3734f2e6b79a545fe55ed43680b29a25a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 19:38:26 +0200
Subject: [PATCH 1516/2268] refactor: Split navigation logic and
 TargetCardsView

---
 pkg/webui/ui/src/api.tsx                      |   3 +-
 pkg/webui/ui/src/components/Router.tsx        |   4 +-
 pkg/webui/ui/src/components/card/Card.tsx     |   2 +-
 .../ui/src/components/card/ExpandableCard.tsx |   2 +-
 .../command-result/nodes/NodeData.tsx         |   2 +-
 .../target-cards-view/TargetCardsView.tsx     | 113 ++++--------------
 .../components/targets-view/TargetsView.tsx   |  61 ++++++++++
 pkg/webui/ui/src/project-summaries.ts         |  12 +-
 8 files changed, 105 insertions(+), 94 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/TargetsView.tsx

diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 826f8ab97..7cef05954 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -1,6 +1,7 @@
 import {
     AuthInfo,
-    CommandResult, CommandResultSummary,
+    CommandResult,
+    CommandResultSummary,
     ObjectRef,
     ResultObject,
     ShortName,
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index e6dfb62ee..2de9daf30 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,9 +1,9 @@
 import { createHashRouter, useNavigate, useRouteError } from "react-router-dom";
 import App from "./App";
-import { TargetCardsView } from "./target-cards-view/TargetCardsView";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
 import React, { useEffect } from "react";
+import { TargetsView } from "./targets-view/TargetsView";
 
 function ErrorPage() {
     const error = useRouteError() as any;
@@ -35,7 +35,7 @@ export const Router = createHashRouter([
             },
             {
                 path: "targets/*",
-                element: <TargetCardsView />,
+                element: <TargetsView />,
                 errorElement: <ErrorPage />,
             },
         ],
diff --git a/pkg/webui/ui/src/components/card/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
index ba830abea..c470e00d8 100644
--- a/pkg/webui/ui/src/components/card/Card.tsx
+++ b/pkg/webui/ui/src/components/card/Card.tsx
@@ -154,7 +154,7 @@ export const CardTemplate = React.forwardRef((props: {
 CardTemplate.displayName = 'CardTemplate';
 
 export const CardBody = React.memo((props: { provider: CardTabsProvider }) => {
-    const { tabs, selectedTab, handleTabChange } = useCardTabs(props.provider)
+    const { tabs, selectedTab } = useCardTabs(props.provider)
 
     if (!props.provider
         || !selectedTab
diff --git a/pkg/webui/ui/src/components/card/ExpandableCard.tsx b/pkg/webui/ui/src/components/card/ExpandableCard.tsx
index cf2008c9f..13de1d236 100644
--- a/pkg/webui/ui/src/components/card/ExpandableCard.tsx
+++ b/pkg/webui/ui/src/components/card/ExpandableCard.tsx
@@ -52,7 +52,7 @@ export interface ExpandedCardsViewProps<CardData> {
     cardWidth: number,
     cardHeight: number,
     expand: boolean,
-    selected: string
+    selected?: string
 
     cardsData: CardData[],
     getKey: (cd: CardData) => string
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index 87cb4ea5f..dd13ff6a0 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -6,7 +6,7 @@ import { ErrorsTable } from "../../ErrorsTable";
 import { ObjectType } from "../../../api";
 import { ResultObjectViewer } from "../../ResultObjectViewer";
 import { StatusLine } from "../CommandResultStatusLine";
-import { CardTabsProvider, CardTab } from "../../card/CardTabs";
+import { CardTab, CardTabsProvider } from "../../card/CardTabs";
 import { AppContextProps } from "../../App";
 
 export class DiffStatus {
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index 5b7f63042..367c980f3 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -1,15 +1,14 @@
-import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey } from "../../models";
+import { CommandResultSummary } from "../../models";
 import { Box, Typography } from "@mui/material";
-import React, { useCallback, useMemo } from "react";
+import React, { useMemo } from "react";
 import { useAppContext } from "../App";
 import { ProjectCard } from "./ProjectCard";
 import { TargetCard } from "./TargetCard";
 import Divider from "@mui/material/Divider";
 import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "../card/Card";
-import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "../card/ExpandableCard";
-import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { CommandResultCard } from "../command-result/CommandResultCard";
 import { RelationHorizontalLine, RelationTree } from "./Relations";
 
@@ -35,83 +34,24 @@ function ColHeader({ children }: { children: React.ReactNode }) {
     </Box>
 }
 
-function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo) {
-    const j = {
-        "project": project,
-        "target": target,
-        "kluctlDeployment": kluctlDeployment,
-    }
-    return buildListKey(j)
+export interface TargetCardsViewProps {
+    selectedProject?: ProjectSummary
+    selectedTarget?: TargetSummary
+    selectedResult?: CommandResultSummary
+    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => void
+    onCloseExpanded: () => void
 }
 
-export const TargetCardsView = () => {
-    const navigate = useNavigate();
-    const loc = useLocation();
-    const [searchParams] = useSearchParams()
+export const TargetCardsView = (props: TargetCardsViewProps) => {
     const appContext = useAppContext();
     const projects = appContext.projects;
 
-    const fullResultStr = searchParams.get("full")
-    const fullResult = fullResultStr === "" || fullResultStr === "1"
-
-    const onSelectTargetItem = useCallback((ps: ProjectSummary, ts: TargetSummary) => {
-        navigate(`/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`);
-    }, [navigate]);
-
-    const onSelectCommandResultItem = useCallback((ps: ProjectSummary, ts: TargetSummary, rs: CommandResultSummary | undefined, forceFull: boolean | undefined) => {
-        let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}/results`
-        if (rs) {
-            p += "/" + rs.id
-            let full = false
-            if (forceFull !== undefined) {
-                full = forceFull
-            } else {
-                full = fullResult
-            }
-            if (full) {
-                p += "?full=1"
-            }
-        }
-        navigate(p);
-    }, [navigate, fullResult]);
-
-    const onCardClose = useCallback(() => {
-        navigate(`/targets/`);
-    }, [navigate]);
-
-    const targetsByKey = useMemo(() => {
-        const m = new Map<string, TargetSummary>()
-        projects.forEach(ps => {
-            ps.targets.forEach(ts => {
-                const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
-                m.set(key, ts)
-            })
-        })
-        return m
-    }, [projects])
-
-    const pathnameS = loc.pathname.split("/")
-    let selectedTargetKey = pathnameS[2]
-    const selectedTarget = targetsByKey.get(selectedTargetKey)
-
-    if (!selectedTarget) {
-        selectedTargetKey = ""
-    }
-
-    let expandedResults = false
-    let expandedResultId = ""
-    if (selectedTarget) {
-        if (pathnameS[3] === "results") {
-            expandedResults = true
-            const resultId = pathnameS[4]
-            if (resultId) {
-                if (appContext.commandResultSummaries.has(resultId)) {
-                    expandedResultId = resultId
-                }
-            }
+    const selectedTargetKey = useMemo(() => {
+        if (!props.selectedProject || !props.selectedTarget) {
+            return undefined
         }
-    }
-
+        return buildTargetKey(props.selectedProject.project, props.selectedTarget.target, props.selectedTarget.kdInfo)
+    }, [props.selectedProject, props.selectedTarget])
 
     return <Box minWidth={colWidth * 3} height={"100%"} p='0 40px'>
         <Box display={"flex"} alignItems={"center"} height='70px'>
@@ -143,10 +83,10 @@ export const TargetCardsView = () => {
                                 <ExpandableCard
                                     cardWidth={cardWidth}
                                     cardHeight={cardHeight}
-                                    expand={!expandedResults && selectedTargetKey === key}
-                                    onExpand={() => onSelectTargetItem(ps, ts)}
+                                    expand={!props.selectedResult && selectedTargetKey === key}
+                                    onExpand={() => props.onSelect(ps, ts, false)}
                                     onClose={() => {
-                                        onCardClose()
+                                        props.onCloseExpanded()
                                     }}
                                     onSelect={cd => {
                                     }}
@@ -159,7 +99,7 @@ export const TargetCardsView = () => {
                                             ts={ts}
                                             expanded={expanded}
                                             onClose={() => {
-                                                onCardClose()
+                                                props.onCloseExpanded()
                                             }}
                                         />
                                     }}/>
@@ -177,17 +117,17 @@ export const TargetCardsView = () => {
                                             key={rs.id}
                                             cardWidth={cardWidth}
                                             cardHeight={cardHeight}
-                                            expand={expandedResults && selectedTargetKey === tsKey}
+                                            expand={selectedTargetKey === tsKey && !!props.selectedResult}
                                             onExpand={() => {
-                                                onSelectCommandResultItem(ps, ts, rs, false)
+                                                props.onSelect(ps, ts, true, rs)
                                             }}
                                             onClose={() => {
-                                                onCardClose()
+                                                props.onCloseExpanded()
                                             }}
                                             onSelect={cd => {
-                                                onSelectCommandResultItem(ps, ts, cd, fullResult)
+                                                props.onSelect(ps, ts, true, cd)
                                             }}
-                                            selected={expandedResultId}
+                                            selected={props.selectedResult?.id}
                                             cardsData={ts.commandResults}
                                             getKey={cd => cd.id}
                                             renderCard={(cardData, expanded, current) => {
@@ -196,14 +136,13 @@ export const TargetCardsView = () => {
                                                     ps={ps}
                                                     ts={ts}
                                                     rs={cardData}
-                                                    showSummary={!fullResult}
+                                                    showSummary={true}
                                                     expanded={expanded}
                                                     loadData={expanded && current}
                                                     onClose={() => {
-                                                        onCardClose()
+                                                        props.onCloseExpanded()
                                                     }}
                                                     onSwitchFullCommandResult={() => {
-                                                        onSelectCommandResultItem(ps, ts, cardData, !fullResult)
                                                     }}
                                                 />
                                             }}/>
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
new file mode 100644
index 000000000..569b21375
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -0,0 +1,61 @@
+import { CommandResultSummary } from "../../models";
+import React, { useCallback, useMemo } from "react";
+import { useAppContext } from "../App";
+import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
+import { useLocation, useNavigate } from "react-router-dom";
+import { TargetCardsView } from "../target-cards-view/TargetCardsView";
+
+export const TargetsView = () => {
+    const navigate = useNavigate();
+    const loc = useLocation();
+    const appContext = useAppContext();
+    const projects = appContext.projects;
+
+    const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary | undefined) => {
+        let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
+        if (showResults) {
+            p += "/results"
+            if (rs) {
+                p += "/" + rs.id
+            }
+        }
+        navigate(p);
+    }, [navigate]);
+
+    const onCloseExpanded = useCallback(() => {
+        navigate(`/targets/`);
+    }, [navigate]);
+
+    const targetsByKey = useMemo(() => {
+        const m = new Map<string, {ps: ProjectSummary, ts: TargetSummary}>()
+        projects.forEach(ps => {
+            ps.targets.forEach(ts => {
+                const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
+                m.set(key, {ps: ps, ts: ts})
+            })
+        })
+        return m
+    }, [projects])
+
+    const pathnameS = loc.pathname.split("/")
+    const selectedTargetKey = pathnameS[2]
+    const selected = targetsByKey.get(selectedTargetKey)
+
+    let selectedCommandResult: CommandResultSummary | undefined
+    if (selected) {
+        if (pathnameS[3] === "results") {
+            const resultId = pathnameS[4]
+            if (resultId) {
+                selectedCommandResult = appContext.commandResultSummaries.get(resultId)
+            }
+        }
+    }
+
+    return <TargetCardsView
+        selectedProject={selected?.ps}
+        selectedTarget={selected?.ts}
+        selectedResult={selectedCommandResult}
+        onSelect={onSelect}
+        onCloseExpanded={onCloseExpanded}
+    />
+}
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 344e42b14..284a7d9a7 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -2,6 +2,7 @@ import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey, Vali
 import _ from "lodash";
 import { KluctlDeploymentWithClusterId } from "./components/App";
 import { ActiveFilters, DoFilterSwitches, DoFilterText } from "./components/FilterBar";
+import { buildListKey } from "./utils/listKey";
 
 export interface TargetSummary {
     target: TargetKey;
@@ -200,4 +201,13 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     })
 
     return ret
-}
\ No newline at end of file
+}
+
+export function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDeployment?: KluctlDeploymentInfo) {
+    const j = {
+        "project": project,
+        "target": target,
+        "kluctlDeployment": kluctlDeployment,
+    }
+    return buildListKey(j)
+}

From 5403acb6ff9834ade5336c3c13abc14cba376056 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 21:30:58 +0200
Subject: [PATCH 1517/2268] refactor: Move out dynamic icons

---
 .../target-cards-view/TargetCard.tsx          | 174 +-----------------
 .../targets-view/ReconcilingIcon.tsx          |  90 +++++++++
 .../components/targets-view/StatusIcon.tsx    |  60 ++++++
 .../targets-view/TargetTypeIcon.tsx           |  20 ++
 4 files changed, 177 insertions(+), 167 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/StatusIcon.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx

diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index f3074b29f..9afd88e1a 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,25 +1,10 @@
 import { ValidateResult } from "../../models";
 import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
-import { Alert, Box, CircularProgress, SxProps, Theme, Typography, useTheme } from "@mui/material";
+import { Alert, Box, SxProps, Theme, Typography } from "@mui/material";
 import React, { useState } from "react";
 import Tooltip from "@mui/material/Tooltip";
-import {
-    Approval,
-    Done,
-    Error,
-    Favorite,
-    HeartBroken,
-    Hotel,
-    HourglassTop,
-    Pause,
-    PlayArrow,
-    PublishedWithChanges,
-    RocketLaunch,
-    SyncProblem,
-    Toys,
-    Troubleshoot
-} from "@mui/icons-material";
-import { CpuIcon, FingerScanIcon, MessageQuestionIcon, TargetIcon } from "../../icons/Icons";
+import { Pause, PlayArrow, PublishedWithChanges, RocketLaunch, Troubleshoot } from "@mui/icons-material";
+import { CpuIcon, FingerScanIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
 import { CardTab, CardTabsProvider } from "../card/CardTabs";
@@ -27,149 +12,15 @@ import { ErrorsTable } from "../ErrorsTable";
 import { PropertiesEntry, PropertiesTable, pushProp } from "../PropertiesTable";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
-import { Since } from "../Since";
 import { ValidateResultsTable } from "../ValidateResultsTable";
 import { LogsViewer } from "../LogsViewer";
 import { K8sManifestViewer } from "../K8sManifestViewer";
 import { YamlViewer } from "../YamlViewer";
 import { gitRefToString } from "../../utils/git";
 import { AppContextProps, useAppContext } from "../App";
-
-const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
-    const theme = useTheme();
-
-    if (!props.ts.kd) {
-        return <></>
-    }
-
-    const buildStateTime = (c: any) => {
-        return <>In this state since <Since startTime={c.lastTransitionTime}/></>
-    }
-
-    let icon: React.ReactElement | undefined = undefined
-    const tooltip: React.ReactNode[] = []
-
-    const annotations: any = props.ts.kd.deployment.metadata?.annotations || {}
-    const requestReconcile = annotations["kluctl.io/request-reconcile"]
-    const requestValidate = annotations["kluctl.io/request-validate"]
-    const requestDeploy = annotations["kluctl.io/request-deploy"]
-
-    if (props.ts.kd.deployment.spec.suspend) {
-        icon = <Hotel color={"primary"}/>
-        tooltip.push("Deployment is suspended")
-    } else if (!props.ts.kd.deployment.status) {
-        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
-        tooltip.push("Status not available")
-    } else {
-        const conditions: any[] | undefined = props.ts.kd.deployment.status.conditions
-        const readyCondition = conditions?.find(c => c.type === "Ready")
-        const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
-
-        if (reconcilingCondition) {
-            icon = <CircularProgress color={"info"} size={24}/>
-            tooltip.push(reconcilingCondition.message)
-            tooltip.push(buildStateTime(reconcilingCondition))
-        } else {
-            if (requestReconcile && requestReconcile !== props.ts.kd.deployment.status.lastHandledReconcileAt) {
-                icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Reconcile requested: " + requestReconcile)
-            } else if (requestValidate && requestValidate !== props.ts.kd.deployment.status.lastHandledValidateAt) {
-                icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Validate requested: " + requestValidate)
-            } else if (requestDeploy && requestDeploy !== props.ts.kd.deployment.status.lastHandledDeployAt) {
-                icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Deploy requested: " + requestReconcile)
-            } else if (readyCondition) {
-                if (readyCondition.status === "True") {
-                    icon = <Done color={"success"}/>
-                    tooltip.push(readyCondition.message)
-                } else {
-                    if (readyCondition.reason === "PrepareFailed") {
-                        icon = <SyncProblem color={"error"}/>
-                        tooltip.push(readyCondition.message)
-                    } else if (readyCondition.reason === "ValidateFailed") {
-                        icon = <Done color={"success"}/>
-                        tooltip.push(readyCondition.message)
-                    } else {
-                        icon = <Error color={"warning"}/>
-                        tooltip.push(readyCondition.message)
-                    }
-                }
-                tooltip.push(buildStateTime(readyCondition))
-            } else {
-                icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
-                tooltip.push("Ready condition is missing")
-            }
-        }
-    }
-
-    if (!icon) {
-        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
-        tooltip.push("Unexpected state")
-    }
-
-    return <Tooltip title={
-        <>
-            <Typography key={"title"}><b>Reconciliation State</b></Typography>
-            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
-        </>
-    }>
-        <Box display='flex'>{icon}</Box>
-    </Tooltip>
-}
-
-const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
-    let icon: React.ReactElement
-    const theme = useTheme();
-
-    if (!props.ts.kd?.deployment.spec.validate) {
-        icon = <Favorite color={"disabled"}/>
-    } else if (props.ts.lastValidateResult === undefined) {
-        icon = <MessageQuestionIcon color={theme.palette.error.main}/>
-    } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
-        if (props.ts.lastValidateResult.warnings) {
-            icon = <Favorite color={"warning"}/>
-            /*} else if (props.ts.lastValidateResult.drift?.length) {
-                icon = <Favorite color={"primary"} />*/
-        } else {
-            icon = <Favorite color={"success"}/>
-        }
-    } else {
-        icon = <HeartBroken color={"error"}/>
-    }
-
-    const tooltip: React.ReactNode[] = []
-    if (!props.ts.kd?.deployment.spec.validate) {
-        tooltip.push("Validation is disabled.")
-    } else if (props.ts.lastValidateResult === undefined) {
-        tooltip.push("No validation result available.")
-    } else {
-        if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
-            tooltip.push("Target is ready.")
-        } else {
-            tooltip.push("Target is not ready.")
-        }
-        if (props.ts.lastValidateResult.errors) {
-            tooltip.push(`Target has ${props.ts.lastValidateResult.errors} validation errors.`)
-        }
-        if (props.ts.lastValidateResult.warnings) {
-            tooltip.push(`Target has ${props.ts.lastValidateResult.warnings} validation warnings.`)
-        }
-        /*if (props.ts.lastValidateResult.drift?.length) {
-            tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
-        }*/
-        tooltip.push(<>Validation performed <Since startTime={new Date(props.ts.lastValidateResult.startTime)}/> ago</>)
-    }
-
-    return <Tooltip title={
-        <>
-            <Typography key={"title"}><b>Validation State</b></Typography>
-            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
-        </>
-    }>
-        <Box display='flex'>{icon}</Box>
-    </Tooltip>
-}
+import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
+import { StatusIcon } from "../targets-view/StatusIcon";
+import { TargetTypeIcon } from "../targets-view/TargetTypeIcon";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -297,17 +148,6 @@ export const TargetCard = React.memo(React.forwardRef((
     }
     const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
 
-    let dryRunApprovalIcon: React.ReactElement | undefined
-    if (kd?.deployment.spec.manual) {
-        dryRunApprovalIcon = <Tooltip title={"Deployment needs manual triggering"}>
-            <Box display='flex'><Approval/></Box>
-        </Tooltip>
-    } else if (kd?.deployment.spec.dryRun) {
-        dryRunApprovalIcon = <Tooltip title={"Deployment is in dry-run mode"}>
-            <Box display='flex'><Toys/></Box>
-        </Tooltip>
-    }
-
     const body = props.expanded ? <TargetItemBody ts={props.ts}/> : undefined;
 
     return <CardTemplate
@@ -335,7 +175,7 @@ export const TargetCard = React.memo(React.forwardRef((
                     <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
                         <Box display='flex'><FingerScanIcon/></Box>
                     </Tooltip>
-                    {dryRunApprovalIcon}
+                    <TargetTypeIcon ts={props.ts}/>
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
                     <ReconcilingIcon {...props} />
diff --git a/pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx
new file mode 100644
index 000000000..7d91eaa8a
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx
@@ -0,0 +1,90 @@
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import { Box, CircularProgress, Typography, useTheme } from "@mui/material";
+import { Since } from "../Since";
+import React from "react";
+import { Done, Error, Hotel, HourglassTop, SyncProblem } from "@mui/icons-material";
+import { MessageQuestionIcon } from "../../icons/Icons";
+import Tooltip from "@mui/material/Tooltip";
+
+export const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
+    const theme = useTheme();
+
+    if (!props.ts.kd) {
+        return <></>
+    }
+
+    const buildStateTime = (c: any) => {
+        return <>In this state since <Since startTime={c.lastTransitionTime}/></>
+    }
+
+    let icon: React.ReactElement | undefined = undefined
+    const tooltip: React.ReactNode[] = []
+
+    const annotations: any = props.ts.kd.deployment.metadata?.annotations || {}
+    const requestReconcile = annotations["kluctl.io/request-reconcile"]
+    const requestValidate = annotations["kluctl.io/request-validate"]
+    const requestDeploy = annotations["kluctl.io/request-deploy"]
+
+    if (props.ts.kd.deployment.spec.suspend) {
+        icon = <Hotel color={"primary"}/>
+        tooltip.push("Deployment is suspended")
+    } else if (!props.ts.kd.deployment.status) {
+        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
+        tooltip.push("Status not available")
+    } else {
+        const conditions: any[] | undefined = props.ts.kd.deployment.status.conditions
+        const readyCondition = conditions?.find(c => c.type === "Ready")
+        const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
+
+        if (reconcilingCondition) {
+            icon = <CircularProgress color={"info"} size={24}/>
+            tooltip.push(reconcilingCondition.message)
+            tooltip.push(buildStateTime(reconcilingCondition))
+        } else {
+            if (requestReconcile && requestReconcile !== props.ts.kd.deployment.status.lastHandledReconcileAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Reconcile requested: " + requestReconcile)
+            } else if (requestValidate && requestValidate !== props.ts.kd.deployment.status.lastHandledValidateAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Validate requested: " + requestValidate)
+            } else if (requestDeploy && requestDeploy !== props.ts.kd.deployment.status.lastHandledDeployAt) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Deploy requested: " + requestReconcile)
+            } else if (readyCondition) {
+                if (readyCondition.status === "True") {
+                    icon = <Done color={"success"}/>
+                    tooltip.push(readyCondition.message)
+                } else {
+                    if (readyCondition.reason === "PrepareFailed") {
+                        icon = <SyncProblem color={"error"}/>
+                        tooltip.push(readyCondition.message)
+                    } else if (readyCondition.reason === "ValidateFailed") {
+                        icon = <Done color={"success"}/>
+                        tooltip.push(readyCondition.message)
+                    } else {
+                        icon = <Error color={"warning"}/>
+                        tooltip.push(readyCondition.message)
+                    }
+                }
+                tooltip.push(buildStateTime(readyCondition))
+            } else {
+                icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
+                tooltip.push("Ready condition is missing")
+            }
+        }
+    }
+
+    if (!icon) {
+        icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
+        tooltip.push("Unexpected state")
+    }
+
+    return <Tooltip title={
+        <>
+            <Typography key={"title"}><b>Reconciliation State</b></Typography>
+            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
+        </>
+    }>
+        <Box display='flex'>{icon}</Box>
+    </Tooltip>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/StatusIcon.tsx b/pkg/webui/ui/src/components/targets-view/StatusIcon.tsx
new file mode 100644
index 000000000..52a8d1a42
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/StatusIcon.tsx
@@ -0,0 +1,60 @@
+import { ProjectSummary, TargetSummary } from "../../project-summaries";
+import React from "react";
+import { Box, Typography, useTheme } from "@mui/material";
+import { Favorite, HeartBroken } from "@mui/icons-material";
+import { MessageQuestionIcon } from "../../icons/Icons";
+import { Since } from "../Since";
+import Tooltip from "@mui/material/Tooltip";
+
+export const StatusIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
+    let icon: React.ReactElement
+    const theme = useTheme();
+
+    if (!props.ts.kd?.deployment.spec.validate) {
+        icon = <Favorite color={"disabled"}/>
+    } else if (props.ts.lastValidateResult === undefined) {
+        icon = <MessageQuestionIcon color={theme.palette.error.main}/>
+    } else if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
+        if (props.ts.lastValidateResult.warnings) {
+            icon = <Favorite color={"warning"}/>
+            /*} else if (props.ts.lastValidateResult.drift?.length) {
+                icon = <Favorite color={"primary"} />*/
+        } else {
+            icon = <Favorite color={"success"}/>
+        }
+    } else {
+        icon = <HeartBroken color={"error"}/>
+    }
+
+    const tooltip: React.ReactNode[] = []
+    if (!props.ts.kd?.deployment.spec.validate) {
+        tooltip.push("Validation is disabled.")
+    } else if (props.ts.lastValidateResult === undefined) {
+        tooltip.push("No validation result available.")
+    } else {
+        if (props.ts.lastValidateResult.ready && !props.ts.lastValidateResult.errors) {
+            tooltip.push("Target is ready.")
+        } else {
+            tooltip.push("Target is not ready.")
+        }
+        if (props.ts.lastValidateResult.errors) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.errors} validation errors.`)
+        }
+        if (props.ts.lastValidateResult.warnings) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.warnings} validation warnings.`)
+        }
+        /*if (props.ts.lastValidateResult.drift?.length) {
+            tooltip.push(`Target has ${props.ts.lastValidateResult.drift.length} drifted objects.`)
+        }*/
+        tooltip.push(<>Validation performed <Since startTime={new Date(props.ts.lastValidateResult.startTime)}/> ago</>)
+    }
+
+    return <Tooltip title={
+        <>
+            <Typography key={"title"}><b>Validation State</b></Typography>
+            {tooltip.map((t, i) => <Typography key={i}>{t}</Typography>)}
+        </>
+    }>
+        <Box display='flex'>{icon}</Box>
+    </Tooltip>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx b/pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx
new file mode 100644
index 000000000..11d3b20de
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx
@@ -0,0 +1,20 @@
+import { TargetSummary } from "../../project-summaries";
+import React from "react";
+import Tooltip from "@mui/material/Tooltip";
+import { Box } from "@mui/material";
+import { Approval, Toys } from "@mui/icons-material";
+
+export const TargetTypeIcon = (props: {ts: TargetSummary}) => {
+    if (props.ts.kd?.deployment.spec.manual) {
+        return <Tooltip title={"Deployment needs manual triggering"}>
+            <Box display='flex'><Approval/></Box>
+        </Tooltip>
+    } else if (props.ts.kd?.deployment.spec.dryRun) {
+        return <Tooltip title={"Deployment is in dry-run mode"}>
+            <Box display='flex'><Toys/></Box>
+        </Tooltip>
+    } else {
+        // dummy icon
+        return <Box display='flex'><Toys opacity={"0%"}/></Box>
+    }
+}
\ No newline at end of file

From 27adae4e0bb0c2fd450d71fcf74b2aaaf82b97c2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 28 Aug 2023 21:37:26 +0200
Subject: [PATCH 1518/2268] refactor: Move out TargetActionMenu

---
 .../target-cards-view/TargetCard.tsx          | 48 +--------------
 .../targets-view/TargetActionMenu.tsx         | 61 +++++++++++++++++++
 2 files changed, 63 insertions(+), 46 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx

diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 9afd88e1a..88bc120dc 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,9 +1,7 @@
 import { ValidateResult } from "../../models";
-import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Alert, Box, SxProps, Theme, Typography } from "@mui/material";
 import React, { useState } from "react";
 import Tooltip from "@mui/material/Tooltip";
-import { Pause, PlayArrow, PublishedWithChanges, RocketLaunch, Troubleshoot } from "@mui/icons-material";
 import { CpuIcon, FingerScanIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
@@ -21,6 +19,7 @@ import { AppContextProps, useAppContext } from "../App";
 import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
 import { StatusIcon } from "../targets-view/StatusIcon";
 import { TargetTypeIcon } from "../targets-view/TargetTypeIcon";
+import { TargetActionMenu } from "../targets-view/TargetActionMenu";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -62,51 +61,8 @@ export const TargetCard = React.memo(React.forwardRef((
     },
     ref: React.ForwardedRef<HTMLDivElement>
 ) => {
-    const appCtx = useAppContext()
-    const actionMenuItems: ActionMenuItem[] = []
     const kd = props.ts.kd
 
-    if (kd && appCtx.user.isAdmin) {
-        actionMenuItems.push({
-            icon: <Troubleshoot/>,
-            text: <Typography>Validate</Typography>,
-            handler: () => {
-                appCtx.api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
-            }
-        })
-        actionMenuItems.push({
-            icon: <PublishedWithChanges/>,
-            text: <Typography>Reconcile</Typography>,
-            handler: () => {
-                appCtx.api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
-            }
-        })
-        actionMenuItems.push({
-            icon: <RocketLaunch/>,
-            text: <Typography>Deploy</Typography>,
-            handler: () => {
-                appCtx.api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
-            }
-        })
-        if (!kd.deployment.spec.suspend) {
-            actionMenuItems.push({
-                icon: <Pause/>,
-                text: <Typography>Suspend</Typography>,
-                handler: () => {
-                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
-                }
-            })
-        } else {
-            actionMenuItems.push({
-                icon: <PlayArrow/>,
-                text: <Typography>Resume</Typography>,
-                handler: () => {
-                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
-                }
-            })
-        }
-    }
-
     const allContexts: string[] = []
 
     const handleContext = (c?: string) => {
@@ -180,7 +136,7 @@ export const TargetCard = React.memo(React.forwardRef((
                 <Box display='flex' gap='6px' alignItems='center'>
                     <ReconcilingIcon {...props} />
                     <StatusIcon {...props} />
-                    <ActionsMenu menuItems={actionMenuItems}/>
+                    <TargetActionMenu ts={props.ts}/>
                 </Box>
             </>
         }
diff --git a/pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx b/pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx
new file mode 100644
index 000000000..e9e79c09f
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx
@@ -0,0 +1,61 @@
+import { TargetSummary } from "../../project-summaries";
+import { useAppContext } from "../App";
+import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
+import { Pause, PlayArrow, PublishedWithChanges, RocketLaunch, Troubleshoot } from "@mui/icons-material";
+import { Typography } from "@mui/material";
+import React, { useMemo } from "react";
+
+export const TargetActionMenu = (props: {ts: TargetSummary}) => {
+    const appCtx = useAppContext()
+    const kd = props.ts.kd
+
+    const actionMenuItems = useMemo(() => {
+        const actionMenuItems: ActionMenuItem[] = []
+        if (!kd || !appCtx.user.isAdmin) {
+            return actionMenuItems
+        }
+
+        actionMenuItems.push({
+            icon: <Troubleshoot/>,
+            text: <Typography>Validate</Typography>,
+            handler: () => {
+                appCtx.api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+            }
+        })
+        actionMenuItems.push({
+            icon: <PublishedWithChanges/>,
+            text: <Typography>Reconcile</Typography>,
+            handler: () => {
+                appCtx.api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+            }
+        })
+        actionMenuItems.push({
+            icon: <RocketLaunch/>,
+            text: <Typography>Deploy</Typography>,
+            handler: () => {
+                appCtx.api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+            }
+        })
+        if (!kd.deployment.spec.suspend) {
+            actionMenuItems.push({
+                icon: <Pause/>,
+                text: <Typography>Suspend</Typography>,
+                handler: () => {
+                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, true)
+                }
+            })
+        } else {
+            actionMenuItems.push({
+                icon: <PlayArrow/>,
+                text: <Typography>Resume</Typography>,
+                handler: () => {
+                    appCtx.api.setSuspended(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace, false)
+                }
+            })
+        }
+
+        return actionMenuItems
+    }, [props.ts, appCtx.user])
+
+    return <ActionsMenu menuItems={actionMenuItems}/>
+}
\ No newline at end of file

From 5d192e4c9652460503a68623e326f54a4ac6579c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 31 Aug 2023 11:15:47 +0200
Subject: [PATCH 1519/2268] feat: Show tooltips on Since components

---
 pkg/webui/ui/src/components/Since.tsx | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/ui/src/components/Since.tsx b/pkg/webui/ui/src/components/Since.tsx
index 10dd374fd..1d52c15fb 100644
--- a/pkg/webui/ui/src/components/Since.tsx
+++ b/pkg/webui/ui/src/components/Since.tsx
@@ -1,5 +1,7 @@
 import React, { useEffect, useState } from "react";
 import { formatDurationShort } from "../utils/duration";
+import Tooltip from "@mui/material/Tooltip";
+import { Typography } from "@mui/material";
 
 export const Since = (props: { startTime: Date | string }) => {
     const [str, setStr] = useState("")
@@ -28,5 +30,9 @@ export const Since = (props: { startTime: Date | string }) => {
         return () => clearTimeout(x)
     }, [props.startTime, counter])
 
-    return <>{str}</>
+    const tooltip = props.startTime.toString()
+
+    return <Tooltip title={tooltip}>
+        <Typography>{str}</Typography>
+    </Tooltip>
 }

From 948cb3936162368796f558f540faad965b1b6ec1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 31 Aug 2023 11:16:14 +0200
Subject: [PATCH 1520/2268] refactor: Introduce ClusterIcon and
 DiscriminatorIcon

---
 pkg/webui/ui/src/components/Jdenticon.tsx     |  9 ++--
 .../target-cards-view/TargetCard.tsx          | 13 ++---
 .../components/targets-view/ClusterIcon.tsx   | 53 +++++++++++++++++++
 .../targets-view/DiscriminatorIcon.tsx        | 20 +++++++
 4 files changed, 83 insertions(+), 12 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx
 create mode 100644 pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx

diff --git a/pkg/webui/ui/src/components/Jdenticon.tsx b/pkg/webui/ui/src/components/Jdenticon.tsx
index b46d01ffd..852b939bc 100644
--- a/pkg/webui/ui/src/components/Jdenticon.tsx
+++ b/pkg/webui/ui/src/components/Jdenticon.tsx
@@ -2,16 +2,17 @@ import React, { useEffect, useRef } from 'react';
 import * as jdenticon from 'jdenticon';
 import { Box, SvgIcon } from "@mui/material";
 
-export const Jdenticon = (props: { value: string, size: string }) => {
+export const Jdenticon = (props: { value: string, size: string, disabled?: boolean }) => {
     const icon = useRef<SVGSVGElement>(null);
     useEffect(() => {
         if (icon.current === null) {
             return
         }
-        jdenticon.update(icon.current, props.value);
-    }, [props, icon])
+        const sat = props.disabled ? 0.0 : 1.0
+        jdenticon.update(icon.current, props.value, {saturation: {color: sat}});
+    }, [props.value, props.size, props.disabled, icon.current])
 
-    return <Box>
+    return <Box display={"flex"} alignItems={"center"}>
         <SvgIcon ref={icon} height={props.size} width={props.size}/>
     </Box>
 }
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 88bc120dc..3b1740a4b 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,8 +1,7 @@
 import { ValidateResult } from "../../models";
 import { Alert, Box, SxProps, Theme, Typography } from "@mui/material";
 import React, { useState } from "react";
-import Tooltip from "@mui/material/Tooltip";
-import { CpuIcon, FingerScanIcon, TargetIcon } from "../../icons/Icons";
+import { TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
 import { CardTab, CardTabsProvider } from "../card/CardTabs";
@@ -20,6 +19,8 @@ import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
 import { StatusIcon } from "../targets-view/StatusIcon";
 import { TargetTypeIcon } from "../targets-view/TargetTypeIcon";
 import { TargetActionMenu } from "../targets-view/TargetActionMenu";
+import { ClusterIcon } from "../targets-view/ClusterIcon";
+import { DiscriminatorIcon } from "../targets-view/DiscriminatorIcon";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -125,12 +126,8 @@ export const TargetCard = React.memo(React.forwardRef((
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
-                    <Tooltip title={"Cluster ID: " + props.ts.target.clusterId}>
-                        <Box display='flex'><CpuIcon/></Box>
-                    </Tooltip>
-                    <Tooltip title={"Discriminator: " + props.ts.target.discriminator}>
-                        <Box display='flex'><FingerScanIcon/></Box>
-                    </Tooltip>
+                    <ClusterIcon ts={props.ts}/>
+                    <DiscriminatorIcon ts={props.ts}/>
                     <TargetTypeIcon ts={props.ts}/>
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
diff --git a/pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx b/pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx
new file mode 100644
index 000000000..6b1cb5ea1
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx
@@ -0,0 +1,53 @@
+import Tooltip from "@mui/material/Tooltip";
+import { TargetSummary } from "../../project-summaries";
+import { Box, Typography } from "@mui/material";
+import React, { useMemo } from "react";
+import { Jdenticon } from "../Jdenticon";
+
+export const gatherContexts = (ts: TargetSummary) => {
+    const allContexts: string[] = []
+
+    const handleContext = (c?: string) => {
+        if (!c) {
+            return
+        }
+        if (allContexts.find(x => x === c)) {
+            return
+        }
+        allContexts.push(c)
+    }
+
+    ts.commandResults?.forEach(rs => {
+        handleContext(rs.commandInfo.contextOverride)
+        handleContext(rs.target.context)
+    })
+
+    return allContexts
+}
+
+export const ClusterIcon = (props: {ts: TargetSummary}) => {
+    const iconTooltip = useMemo(() => {
+        const allContexts = gatherContexts(props.ts)
+        const children: React.ReactNode[] = []
+        children.push(<Typography key={children.length} variant="subtitle2"><b>Cluster ID</b></Typography>)
+        children.push(<Typography key={children.length} variant="subtitle2">{props.ts.target.clusterId}</Typography>)
+        children.push(<br/>)
+
+        if (allContexts.length) {
+            children.push(<Typography key={children.length} variant="subtitle2"><b>Contexts</b></Typography>)
+            allContexts.forEach(context => {
+                children.push(<Typography key={children.length} variant="subtitle2">{context}</Typography>)
+            })
+        }
+        const iconTooltip = <Box textAlign={"center"}>
+            {children}
+        </Box>
+        return iconTooltip
+    }, [props.ts])
+
+    return <Tooltip title={iconTooltip}>
+        <Box>
+            <Jdenticon value={props.ts.target.clusterId} size={"48px"}/>
+        </Box>
+    </Tooltip>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx b/pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx
new file mode 100644
index 000000000..38078f147
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx
@@ -0,0 +1,20 @@
+import { Box } from "@mui/material";
+import Tooltip from "@mui/material/Tooltip";
+import React from "react";
+import { Jdenticon } from "../Jdenticon";
+import { TargetSummary } from "../../project-summaries";
+
+export const DiscriminatorIcon = React.memo((props: { ts: TargetSummary }) => {
+    const disabled = !props.ts.target.discriminator
+
+    let tooltip = "Discriminator: " + props.ts.target.discriminator
+    if (disabled) {
+        tooltip = "Target has no discriminator"
+    }
+
+    return <Tooltip title={tooltip}>
+        <Box>
+            <Jdenticon value={props.ts.target.discriminator || ""} size={"48px"} disabled={disabled}/>
+        </Box>
+    </Tooltip>
+})

From 739c223170cd36ec7eeffa44e3f7ff4c3d411ce8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Sep 2023 18:52:01 +0200
Subject: [PATCH 1521/2268] fix: Fix Since component to not break lines

---
 pkg/webui/ui/src/components/Since.tsx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/webui/ui/src/components/Since.tsx b/pkg/webui/ui/src/components/Since.tsx
index 1d52c15fb..b93db6a16 100644
--- a/pkg/webui/ui/src/components/Since.tsx
+++ b/pkg/webui/ui/src/components/Since.tsx
@@ -1,7 +1,7 @@
 import React, { useEffect, useState } from "react";
 import { formatDurationShort } from "../utils/duration";
 import Tooltip from "@mui/material/Tooltip";
-import { Typography } from "@mui/material";
+import { Box, Typography } from "@mui/material";
 
 export const Since = (props: { startTime: Date | string }) => {
     const [str, setStr] = useState("")
@@ -30,9 +30,9 @@ export const Since = (props: { startTime: Date | string }) => {
         return () => clearTimeout(x)
     }, [props.startTime, counter])
 
-    const tooltip = props.startTime.toString()
+    const tooltip = <Typography>{props.startTime.toString()}</Typography>
 
     return <Tooltip title={tooltip}>
-        <Typography>{str}</Typography>
+        <span>{str}</span>
     </Tooltip>
 }

From f5ea63cd4df958c042981cca0147729e9f4f2667 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Sep 2023 18:52:38 +0200
Subject: [PATCH 1522/2268] refactor: Introduce CommandTypeIcon

---
 pkg/webui/ui/src/components/card/Card.tsx     | 21 ++++----
 .../command-result/CommandResultCard.tsx      | 42 ++++------------
 .../target-cards-view/TargetCard.tsx          |  9 +++-
 .../targets-view/CommandTypeIcon.tsx          | 48 +++++++++++++++++++
 pkg/webui/ui/src/icons/Icons.tsx              | 16 ++++---
 5 files changed, 83 insertions(+), 53 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx

diff --git a/pkg/webui/ui/src/components/card/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
index c470e00d8..bbf4f0b6e 100644
--- a/pkg/webui/ui/src/components/card/Card.tsx
+++ b/pkg/webui/ui/src/components/card/Card.tsx
@@ -52,7 +52,6 @@ export const CardTemplate = React.forwardRef((props: {
     paperProps?: CardPaperProps,
     boxProps?: BoxProps,
     icon?: React.ReactNode,
-    iconTooltip?: React.ReactNode,
     header?: React.ReactNode,
     headerTooltip?: React.ReactNode,
     subheader?: React.ReactNode,
@@ -63,17 +62,15 @@ export const CardTemplate = React.forwardRef((props: {
     onClose?: () => void
 }, ref: React.ForwardedRef<HTMLDivElement>) => {
     const icon = props.icon && (
-        <Tooltip title={props.iconTooltip}>
-            <Box
-                width='45px'
-                height='45px'
-                flex='0 0 auto'
-                justifyContent='center'
-                alignItems='center'
-            >
-                {props.icon}
-            </Box>
-        </Tooltip>
+        <Box
+            width='45px'
+            height='45px'
+            flex='0 0 auto'
+            justifyContent='center'
+            alignItems='center'
+        >
+            {props.icon}
+        </Box>
     );
 
     const header = props.header && (
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index f5f575780..f1cc1d12e 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -13,6 +13,7 @@ import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { YamlViewer } from "../YamlViewer";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
+import { CommandTypeIcon } from "../targets-view/CommandTypeIcon";
 
 const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
     const appCtx = useAppContext()
@@ -95,43 +96,19 @@ export const CommandResultCard = React.memo(React.forwardRef((
         return await appCtx.api.getCommandResult(props.rs.id)
     }, [props.rs.id, props.loadData])
 
-    let icon: React.ReactElement
     let cardGlow = false
     let header = props.rs.commandInfo?.command
-    switch (props.rs.commandInfo?.command) {
-        default:
-            icon = <DiffIcon/>
-            break
-        case "delete":
-            icon = <PruneIcon/>
-            break
-        case "deploy":
-            if (props.rs.commandInfo.dryRun) {
-                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
-                    icon = <LiveHelp sx={{ width: "100%", height: "100%" }}/>
-                    cardGlow = true
-                    header = "manual deploy"
-                } else {
-                    icon = <DeployIcon/>
-                    header = "dry-run deploy"
-                }
+    if (props.rs.commandInfo.command === "deploy") {
+        if (props.rs.commandInfo.dryRun) {
+            if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
+                cardGlow = true
+                header = "manual deploy"
             } else {
-                icon = <DeployIcon/>
+                header = "dry-run deploy"
             }
-            break
-        case "diff":
-            icon = <DiffIcon/>
-            break
-        case "poke-images":
-            icon = <DeployIcon/>
-            break
-        case "prune":
-            icon = <PruneIcon/>
-            break
+        }
     }
 
-    const iconTooltip = <YamlViewer obj={props.rs.commandInfo}/>
-
     let body: React.ReactElement | undefined
     if (props.expanded && props.loadData) {
         if (loading) {
@@ -186,8 +163,7 @@ export const CommandResultCard = React.memo(React.forwardRef((
             },
             glow: cardGlow,
         }}
-        icon={icon}
-        iconTooltip={iconTooltip}
+        icon={<CommandTypeIcon ts={props.ts} rs={props.rs}/>}
         header={header}
         subheader={<Since startTime={new Date(props.rs.commandInfo.startTime)}/>}
         subheaderTooltip={props.rs.commandInfo.startTime}
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 3b1740a4b..4258c3fca 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -21,6 +21,7 @@ import { TargetTypeIcon } from "../targets-view/TargetTypeIcon";
 import { TargetActionMenu } from "../targets-view/TargetActionMenu";
 import { ClusterIcon } from "../targets-view/ClusterIcon";
 import { DiscriminatorIcon } from "../targets-view/DiscriminatorIcon";
+import Tooltip from "@mui/material/Tooltip";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -104,6 +105,11 @@ export const TargetCard = React.memo(React.forwardRef((
         })
     }
     const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
+    const icon = <Tooltip title={iconTooltip}>
+        <Box>
+            <TargetIcon/>
+        </Box>
+    </Tooltip>
 
     const body = props.expanded ? <TargetItemBody ts={props.ts}/> : undefined;
 
@@ -118,8 +124,7 @@ export const TargetCard = React.memo(React.forwardRef((
             },
             onClick: e => props.onSelectTarget?.()
         }}
-        icon={<TargetIcon/>}
-        iconTooltip={iconTooltip}
+        icon={icon}
         header={header}
         subheader={subheader}
         body={body}
diff --git a/pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx b/pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx
new file mode 100644
index 000000000..da44eefc5
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx
@@ -0,0 +1,48 @@
+import { CommandResultSummary } from "../../models";
+import React from "react";
+import { DeployIcon, DiffIcon, PruneIcon } from "../../icons/Icons";
+import { LiveHelp } from "@mui/icons-material";
+import { TargetSummary } from "../../project-summaries";
+import Tooltip from "@mui/material/Tooltip";
+import { Box, Typography } from "@mui/material";
+
+export const CommandTypeIcon = (props: {ts: TargetSummary, rs: CommandResultSummary, size?: string}) => {
+    let icon: React.ReactElement
+    let tooltip = props.rs.commandInfo?.command
+    const size = props.size || "45px"
+    switch (props.rs.commandInfo?.command) {
+        default:
+            icon = <DiffIcon size={size}/>
+            break
+        case "delete":
+            icon = <PruneIcon size={size}/>
+            break
+        case "deploy":
+            if (props.rs.commandInfo.dryRun) {
+                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
+                    icon = <LiveHelp sx={{ width: size, height: size }}/>
+                    tooltip = "manual deploy"
+                } else {
+                    icon = <DeployIcon size={size}/>
+                    tooltip = "dry-run deploy"
+                }
+            } else {
+                icon = <DeployIcon size={size}/>
+            }
+            break
+        case "diff":
+            icon = <DiffIcon size={size}/>
+            break
+        case "poke-images":
+            icon = <DeployIcon size={size}/>
+            break
+        case "prune":
+            icon = <PruneIcon size={size}/>
+            break
+    }
+    return <Tooltip title={<Typography>{tooltip}</Typography>}>
+        <Box>
+            {icon}
+        </Box>
+    </Tooltip>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index a58e85303..14008192b 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -69,16 +69,20 @@ export const ProjectIcon = () => {
     return <ProjectIconSvg width="45px" height="45px" />
 }
 
-export const DeployIcon = () => {
-    return <DeployIconSvg width="45px" height="45px" />
+export const DeployIcon = (props: {size?: string}) => {
+    const size = props.size || "45px"
+    console.log(props.size)
+    return <DeployIconSvg width={size} height={size} />
 }
 
-export const PruneIcon = () => {
-    return <PruneIconSvg width="45px" height="45px" />
+export const PruneIcon = (props: {size?: string}) => {
+    const size = props.size || "45px"
+    return <PruneIconSvg width={size} height={size} />
 }
 
-export const DiffIcon = () => {
-    return <DiffIconSvg width="45px" height="45px" />
+export const DiffIcon = (props: {size?: string}) => {
+    const size = props.size || "45px"
+    return <DiffIconSvg width={size} height={size} />
 }
 
 export const CpuIcon = () => {

From c2b40dfbb8edb12de7bdf015198bfa25c824c17f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Sep 2023 18:55:07 +0200
Subject: [PATCH 1523/2268] refactor: Don't allow to pass sx

---
 .../ui/src/components/command-result/CommandResultCard.tsx      | 2 --
 pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx    | 2 --
 2 files changed, 4 deletions(-)

diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index f1cc1d12e..6f333acc2 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -79,7 +79,6 @@ export const CommandResultCard = React.memo(React.forwardRef((
         ts: TargetSummary,
         rs: CommandResultSummary,
         onSwitchFullCommandResult: () => void,
-        sx?: SxProps<Theme>,
         showSummary: boolean,
         expanded: boolean,
         loadData: boolean,
@@ -159,7 +158,6 @@ export const CommandResultCard = React.memo(React.forwardRef((
         paperProps={{
             sx: {
                 padding: '20px 16px 5px 16px',
-                ...props.sx,
             },
             glow: cardGlow,
         }}
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 4258c3fca..cd8454499 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -57,7 +57,6 @@ export const TargetCard = React.memo(React.forwardRef((
         ps: ProjectSummary,
         ts: TargetSummary,
         onSelectTarget?: () => void,
-        sx?: SxProps<Theme>,
         expanded?: boolean,
         onClose?: () => void
     },
@@ -120,7 +119,6 @@ export const TargetCard = React.memo(React.forwardRef((
         paperProps={{
             sx: {
                 padding: '20px 16px 12px 16px',
-                ...props.sx
             },
             onClick: e => props.onSelectTarget?.()
         }}

From 35ba7346ee8703d3b057dded571bdfa0b3de7e06 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 2 Sep 2023 21:32:49 +0200
Subject: [PATCH 1524/2268] feat: Introduce simple list based view

---
 pkg/webui/ui/package-lock.json                |  60 +++-
 pkg/webui/ui/package.json                     |   1 +
 .../targets-list-view/TargetsListView.tsx     | 314 ++++++++++++++++++
 .../components/targets-view/TargetsView.tsx   |  49 ++-
 pkg/webui/ui/src/icons/Icons.tsx              |   1 -
 5 files changed, 404 insertions(+), 21 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx

diff --git a/pkg/webui/ui/package-lock.json b/pkg/webui/ui/package-lock.json
index be777269d..a5b5166f0 100644
--- a/pkg/webui/ui/package-lock.json
+++ b/pkg/webui/ui/package-lock.json
@@ -15,6 +15,7 @@
         "@mui/icons-material": "^5.11.16",
         "@mui/lab": "^5.0.0-alpha.124",
         "@mui/material": "^5.13.4",
+        "@mui/x-data-grid": "^6.12.0",
         "@testing-library/jest-dom": "^5.16.5",
         "@testing-library/react": "^13.4.0",
         "@testing-library/user-event": "^13.5.0",
@@ -1952,16 +1953,21 @@
       "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA=="
     },
     "node_modules/@babel/runtime": {
-      "version": "7.22.6",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.6.tgz",
-      "integrity": "sha512-wDb5pWm4WDdF6LFUde3Jl8WzPA+3ZbxYqkC6xAXuD3irdEHN1k0NfTRrJD8ZD378SJ61miMLCqIOXYhd8x+AJQ==",
+      "version": "7.22.11",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.11.tgz",
+      "integrity": "sha512-ee7jVNlWN09+KftVOu9n7S8gQzD/Z6hN/I8VBRXW4P1+Xe7kJGXMwu8vds4aGIMHZnNbdpSWCfZZtinytpcAvA==",
       "dependencies": {
-        "regenerator-runtime": "^0.13.11"
+        "regenerator-runtime": "^0.14.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@babel/runtime/node_modules/regenerator-runtime": {
+      "version": "0.14.0",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.0.tgz",
+      "integrity": "sha512-srw17NI0TUWHuGa5CFGGmhfNIeja30WMBfbslPNhf6JrqQlLN5gcrvig1oqPxiVaXb0oW0XRKtH6Nngs5lKCIA=="
+    },
     "node_modules/@babel/template": {
       "version": "7.22.5",
       "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.5.tgz",
@@ -3542,11 +3548,11 @@
       }
     },
     "node_modules/@mui/utils": {
-      "version": "5.13.7",
-      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.13.7.tgz",
-      "integrity": "sha512-/3BLptG/q0u36eYED7Nhf4fKXmcKb6LjjT7ZMwhZIZSdSxVqDqSTmATW3a56n3KEPQUXCU9TpxAfCBQhs6brVA==",
+      "version": "5.14.6",
+      "resolved": "https://registry.npmjs.org/@mui/utils/-/utils-5.14.6.tgz",
+      "integrity": "sha512-AznpqLu6hrFnpHgcvsSSMCG+cDbkcCYfo+daUwBVReNYv4l+NQ8+wvBAF4aUMi155N7xWbbgh0cyKs6Wdsm3aA==",
       "dependencies": {
-        "@babel/runtime": "^7.22.5",
+        "@babel/runtime": "^7.22.10",
         "@types/prop-types": "^15.7.5",
         "@types/react-is": "^18.2.1",
         "prop-types": "^15.8.1",
@@ -3563,6 +3569,39 @@
         "react": "^17.0.0 || ^18.0.0"
       }
     },
+    "node_modules/@mui/x-data-grid": {
+      "version": "6.12.0",
+      "resolved": "https://registry.npmjs.org/@mui/x-data-grid/-/x-data-grid-6.12.0.tgz",
+      "integrity": "sha512-ZuQ8Uq/dF6gjrE/qU6VvP3tgy9n78DdCMD6hbXy/uDIoddJ4J8hSn9S6flnFnFQbRZzF/Q/pPWXZTR4oeg8NQg==",
+      "dependencies": {
+        "@babel/runtime": "^7.22.11",
+        "@mui/utils": "^5.14.5",
+        "clsx": "^2.0.0",
+        "prop-types": "^15.8.1",
+        "reselect": "^4.1.8"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
+      "peerDependencies": {
+        "@mui/material": "^5.4.1",
+        "@mui/system": "^5.4.1",
+        "react": "^17.0.0 || ^18.0.0",
+        "react-dom": "^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@mui/x-data-grid/node_modules/clsx": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.0.0.tgz",
+      "integrity": "sha512-rQ1+kcj+ttHG0MKVGBUXwayCCF1oh39BF5COIpRzuCEv8Mwjv0XucrI2ExNTOn9IlLifGClWQcU9BrZORvtw6Q==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/@nicolo-ribaudo/eslint-scope-5-internals": {
       "version": "5.1.1-v1",
       "resolved": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz",
@@ -16361,6 +16400,11 @@
       "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
       "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ=="
     },
+    "node_modules/reselect": {
+      "version": "4.1.8",
+      "resolved": "https://registry.npmjs.org/reselect/-/reselect-4.1.8.tgz",
+      "integrity": "sha512-ab9EmR80F/zQTMNeneUr4cv+jSwPJgIlvEmVwLerwrWVbpLlBuls9XHzIeTFy4cegU2NHBp3va0LKOzU5qFEYQ=="
+    },
     "node_modules/resolve": {
       "version": "1.22.2",
       "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.2.tgz",
diff --git a/pkg/webui/ui/package.json b/pkg/webui/ui/package.json
index 66b6d4176..503795e0a 100644
--- a/pkg/webui/ui/package.json
+++ b/pkg/webui/ui/package.json
@@ -11,6 +11,7 @@
     "@mui/icons-material": "^5.11.16",
     "@mui/lab": "^5.0.0-alpha.124",
     "@mui/material": "^5.13.4",
+    "@mui/x-data-grid": "^6.12.0",
     "@testing-library/jest-dom": "^5.16.5",
     "@testing-library/react": "^13.4.0",
     "@testing-library/user-event": "^13.5.0",
diff --git a/pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx
new file mode 100644
index 000000000..ade0b969e
--- /dev/null
+++ b/pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx
@@ -0,0 +1,314 @@
+import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
+import { CommandResultSummary } from "../../models";
+import { useAppContext } from "../App";
+import React, { useCallback, useMemo } from "react";
+import { Box, Dialog, Typography } from "@mui/material";
+import { DataGrid, GridColDef, gridStringOrNumberComparator } from '@mui/x-data-grid';
+import { getLastPathElement } from "../../utils/misc";
+import Tooltip from "@mui/material/Tooltip";
+import { Approval, Toys } from "@mui/icons-material";
+import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
+import { StatusIcon } from "../targets-view/StatusIcon";
+import { TargetActionMenu } from "../targets-view/TargetActionMenu";
+import { CommandResultStatusLine } from "../command-result/CommandResultStatusLine";
+import { Since } from "../Since";
+import { ScrollingTextLine } from "../ScrollingTextLine";
+import { ClusterIcon } from "../targets-view/ClusterIcon";
+import { CommandTypeIcon } from "../targets-view/CommandTypeIcon";
+import Divider from "@mui/material/Divider";
+import { TargetCard } from "../target-cards-view/TargetCard";
+import { CommandResultCard } from "../command-result/CommandResultCard";
+
+
+export interface TargetsListViewProps {
+    selectedProject?: ProjectSummary
+    selectedTarget?: TargetSummary
+    selectedResult?: CommandResultSummary
+    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => void
+    onCloseExpanded: () => void
+}
+
+export const TargetsListView = (props: TargetsListViewProps) => {
+    const appContext = useAppContext();
+    const projects = appContext.projects;
+
+    const selectedTargetKey = useMemo(() => {
+        if (!props.selectedProject || !props.selectedTarget) {
+            return undefined
+        }
+        return buildTargetKey(props.selectedProject.project, props.selectedTarget.target, props.selectedTarget.kdInfo)
+    }, [props.selectedProject, props.selectedTarget])
+
+    interface Row {
+        id: string,
+        ps: ProjectSummary
+        ts: TargetSummary
+    }
+
+    const doSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => {
+        console.log("select", ps, ts, showResults, rs)
+        props.onSelect(ps, ts, showResults, rs)
+    }, [])
+
+    const doSelectTarget = (row: Row) => {
+        doSelect(row.ps, row.ts, false)
+    }
+    const doSelectCommandResult = (row: Row, index: number) => {
+        if (index >= (row.ts.commandResults.length || 0)) {
+            return
+        }
+        const rs = row.ts.commandResults[index]
+        doSelect(row.ps, row.ts, true, rs)
+    }
+
+    const columns: GridColDef<Row>[] = [
+        {
+            field: "project",
+            headerName: "Project",
+            width: 200,
+            valueGetter: rp => {
+                return rp.row.ps.project.gitRepoKey
+            },
+            sortComparator: (v1, v2, cellParams1, cellParams2) => {
+                const name1 = getLastPathElement(v1)
+                const name2 = getLastPathElement(v2)
+                if (name1 === name2) {
+                    return gridStringOrNumberComparator(v1, v2, cellParams1, cellParams2)
+                }
+                return gridStringOrNumberComparator(name1, name2, cellParams1, cellParams2)
+            },
+            renderCell: (rp) => {
+                const name = getLastPathElement(rp.value)
+                return <Box width={"100%"}>
+                    <Tooltip title={<Typography>{rp.value}</Typography>}>
+                        <ScrollingTextLine>
+                            {name}
+                        </ScrollingTextLine>
+                    </Tooltip>
+                </Box>
+            }
+        },
+        {
+            field: "subDir",
+            headerName: "SubDir",
+            valueGetter: rp => {
+                return rp.row.ps.project.subDir
+            },
+            renderCell: rp => {
+                return <ScrollingTextLine>{rp.value}</ScrollingTextLine>
+            }
+        },
+        {
+            field: "cluster",
+            headerName: "Cluster",
+            valueGetter: rp => {
+                return rp.row.ts.target.clusterId
+            },
+            renderCell: rp => {
+                return <ClusterIcon ts={rp.row.ts}/>
+            }
+        },
+        {
+            field: "targetName",
+            headerName: "Target",
+            width: 100,
+            valueGetter: rp => {
+                return rp.row.ts.target.targetName
+            },
+            renderCell: rp => {
+                return <Box width={"100%"} onDoubleClick={() => doSelectTarget(rp.row)}>
+                    <ScrollingTextLine>{rp.value}</ScrollingTextLine>
+                </Box>
+            }
+        },
+        {
+            field: "discriminator",
+            headerName: "Discriminator",
+            width: 200,
+            valueGetter: rp => {
+                return rp.row.ts.target.discriminator
+            },
+            renderCell: rp => {
+                return <Box width={"100%"} onDoubleClick={() => doSelectTarget(rp.row)}>
+                    <ScrollingTextLine>{rp.value}</ScrollingTextLine>
+                </Box>
+            }
+        },
+        {
+            field: "type",
+            headerName: "Type",
+            width: 48,
+            valueGetter: rp => {
+                if (rp.row.ts.kd?.deployment.spec.manual) {
+                    return "manual"
+                } else if (rp.row.ts.kd?.deployment.spec.dryRun) {
+                    return "dryRun"
+                } else {
+                    return "normal"
+                }
+            },
+            renderCell: rp => {
+                if (rp.value === "manual") {
+                    return <Tooltip title={"Deployment needs manual triggering"}>
+                        <Approval/>
+                    </Tooltip>
+                } else if (rp.value === "dryRun") {
+                    return <Tooltip title={"Deployment needs manual triggering"}>
+                        <Toys/>
+                    </Tooltip>
+                } else {
+                    return <></>
+                }
+            }
+        },
+        {
+            field: "reconcileStatus",
+            headerName: "Rec",
+            description: "Reconcile Status",
+            sortable: false,
+            filterable: false,
+            width: 48,
+            renderCell: rp => {
+                return <Box onDoubleClick={() => doSelectTarget(rp.row)}>
+                    <ReconcilingIcon ps={rp.row.ps} ts={rp.row.ts}/>
+                </Box>
+            }
+        },
+        {
+            field: "status",
+            headerName: "Status",
+            width: 48,
+            renderCell: rp => {
+                return <Box onDoubleClick={() => doSelectTarget(rp.row)}>
+                    <StatusIcon ps={rp.row.ps} ts={rp.row.ts}/>
+                </Box>
+            }
+        },
+        {
+            field: "lastCommandResultTime",
+            headerName: "When",
+            width: 100,
+            type: "dateTime",
+            valueGetter: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return undefined
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return new Date(rs.commandInfo.startTime)
+            },
+            renderCell: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return <></>
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return <Box onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
+                    <Since startTime={new Date(rs.commandInfo.startTime)}/>
+                </Box>
+            }
+        },
+        {
+            field: "lastCommandResult",
+            headerName: "Last Command",
+            width: 120,
+            filterable: false,
+            valueGetter: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return ""
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return rs.commandInfo.command
+            },
+            renderCell: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return <></>
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return <Box display={"flex"}
+                            width={"100%"}
+                            onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
+                    <CommandTypeIcon ts={rp.row.ts} rs={rs} size={"24px"}/>
+                    <Divider orientation={"vertical"} sx={{height: "inherit", marginX: "5px"}}/>
+                    <CommandResultStatusLine rs={rs}/>
+                </Box>
+            }
+        },
+        {
+            field: "actions",
+            headerName: "Actions",
+            width: 96,
+            type: "actions",
+            renderCell: rp => {
+                return <TargetActionMenu ts={rp.row.ts}/>
+            },
+        },
+    ];
+
+
+
+    const rows = useMemo(() => {
+        const rows: Row[] = []
+        projects.forEach(ps => {
+            ps.targets.forEach(ts => {
+                const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
+                rows.push({
+                    id: key,
+                    ps: ps,
+                    ts: ts,
+                })
+            })
+        })
+        return rows
+    }, [projects])
+
+    let dialogCard: React.ReactElement | undefined
+    if (props.selectedProject && props.selectedTarget) {
+        if (!props.selectedResult) {
+            dialogCard = <TargetCard
+                ps={props.selectedProject}
+                ts={props.selectedTarget}
+                expanded={true}
+                onClose={() => props.onCloseExpanded()}
+            />
+        } else {
+            dialogCard = <CommandResultCard
+                current={true}
+                ps={props.selectedProject}
+                ts={props.selectedTarget}
+                rs={props.selectedResult}
+                onSwitchFullCommandResult={() => {}}
+                showSummary={true}
+                expanded={true}
+                loadData={true}
+                onClose={() => props.onCloseExpanded()}
+            />
+        }
+    }
+
+    const dialogPaperProps = {
+        sx: {
+            height: "100%"
+        }
+    }
+
+    return <Box>
+        <Dialog
+            open={!!dialogCard}
+            maxWidth={"lg"}
+            fullWidth={true}
+            PaperProps={dialogPaperProps}
+            onClose={() => props.onCloseExpanded()}
+        >
+            {dialogCard}
+        </Dialog>
+        <DataGrid
+            rows={rows}
+            columns={columns}
+            initialState={{
+                pagination: {
+                    paginationModel: { page: 0, pageSize: 50 },
+                },
+            }}
+            pageSizeOptions={[5, 50]}
+        />
+    </Box>
+}
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
index 569b21375..c5baed18e 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
@@ -2,14 +2,30 @@ import { CommandResultSummary } from "../../models";
 import React, { useCallback, useMemo } from "react";
 import { useAppContext } from "../App";
 import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
-import { useLocation, useNavigate } from "react-router-dom";
+import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { TargetCardsView } from "../target-cards-view/TargetCardsView";
+import { TargetsListView } from "../targets-list-view/TargetsListView";
 
 export const TargetsView = () => {
     const navigate = useNavigate();
     const loc = useLocation();
     const appContext = useAppContext();
     const projects = appContext.projects;
+    const [searchParams] = useSearchParams()
+
+    const cardsView = searchParams.get("cards") === "1"
+
+    const doNavigate = useCallback((p: string, sp?: URLSearchParams) => {
+        sp = new URLSearchParams(sp)
+        if (cardsView) {
+            sp.set("cards", "1")
+        }
+        const qs = sp.toString()
+        if (qs.length) {
+            p += "?" + qs
+        }
+        navigate(p)
+    }, [])
 
     const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary | undefined) => {
         let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
@@ -19,12 +35,12 @@ export const TargetsView = () => {
                 p += "/" + rs.id
             }
         }
-        navigate(p);
-    }, [navigate]);
+        doNavigate(p);
+    }, []);
 
     const onCloseExpanded = useCallback(() => {
-        navigate(`/targets/`);
-    }, [navigate]);
+        doNavigate(`/targets/`);
+    }, []);
 
     const targetsByKey = useMemo(() => {
         const m = new Map<string, {ps: ProjectSummary, ts: TargetSummary}>()
@@ -51,11 +67,20 @@ export const TargetsView = () => {
         }
     }
 
-    return <TargetCardsView
-        selectedProject={selected?.ps}
-        selectedTarget={selected?.ts}
-        selectedResult={selectedCommandResult}
-        onSelect={onSelect}
-        onCloseExpanded={onCloseExpanded}
-    />
+    if (cardsView) {
+        return <TargetCardsView
+            selectedProject={selected?.ps}
+            selectedTarget={selected?.ts}
+            selectedResult={selectedCommandResult}
+            onSelect={onSelect}
+            onCloseExpanded={onCloseExpanded}
+        />
+    } else {
+        return <TargetsListView selectedProject={selected?.ps}
+                                selectedTarget={selected?.ts}
+                                selectedResult={selectedCommandResult}
+                                onSelect={onSelect}
+                                onCloseExpanded={onCloseExpanded}
+        />
+    }
 }
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 14008192b..c384a2784 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -71,7 +71,6 @@ export const ProjectIcon = () => {
 
 export const DeployIcon = (props: {size?: string}) => {
     const size = props.size || "45px"
-    console.log(props.size)
     return <DeployIconSvg width={size} height={size} />
 }
 

From 3d707f623af9e62158d7d04927aaa2ea2ebe7bd7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 2 Sep 2023 21:33:14 +0200
Subject: [PATCH 1525/2268] chore: Optimize all imports

---
 pkg/webui/ui/src/components/Since.tsx                      | 2 +-
 .../ui/src/components/command-result/CommandResultCard.tsx | 7 +++----
 .../ui/src/components/target-cards-view/TargetCard.tsx     | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/pkg/webui/ui/src/components/Since.tsx b/pkg/webui/ui/src/components/Since.tsx
index b93db6a16..2459e84e9 100644
--- a/pkg/webui/ui/src/components/Since.tsx
+++ b/pkg/webui/ui/src/components/Since.tsx
@@ -1,7 +1,7 @@
 import React, { useEffect, useState } from "react";
 import { formatDurationShort } from "../utils/duration";
 import Tooltip from "@mui/material/Tooltip";
-import { Box, Typography } from "@mui/material";
+import { Typography } from "@mui/material";
 
 export const Since = (props: { startTime: Date | string }) => {
     const [str, setStr] = useState("")
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 6f333acc2..d6b63e2f4 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -1,16 +1,15 @@
 import React from "react";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CommandResult, CommandResultSummary } from "../../models";
-import { Box, IconButton, SxProps, Theme, Tooltip } from "@mui/material";
-import { DeployIcon, DiffIcon, PruneIcon, TreeViewIcon } from "../../icons/Icons";
-import { LiveHelp, RocketLaunch, Summarize } from "@mui/icons-material";
+import { Box, IconButton, Tooltip } from "@mui/material";
+import { TreeViewIcon } from "../../icons/Icons";
+import { RocketLaunch, Summarize } from "@mui/icons-material";
 import { CardTemplate } from "../card/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
 import { useAppContext } from "../App";
 import { CommandResultBody } from "./CommandResultView";
 import { CommandResultStatusLine } from "./CommandResultStatusLine";
-import { YamlViewer } from "../YamlViewer";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { CommandTypeIcon } from "../targets-view/CommandTypeIcon";
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index cd8454499..2ae5fe67b 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,5 +1,5 @@
 import { ValidateResult } from "../../models";
-import { Alert, Box, SxProps, Theme, Typography } from "@mui/material";
+import { Alert, Box, Typography } from "@mui/material";
 import React, { useState } from "react";
 import { TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";

From 4d0d18c9d508c1cfe7865a888148f5971eed5d42 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 3 Sep 2023 22:53:35 +0200
Subject: [PATCH 1526/2268] refactor: Introduce kluctlDeployOrPokeImages

---
 pkg/controllers/kluctl_project.go             | 10 ++++++++++
 .../kluctldeployment_controller.go            | 19 ++++---------------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index a6b722c7d..db1318926 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -772,6 +772,16 @@ func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error
 	return nil
 }
 
+func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, needDeployByRequest bool) (*result.CommandResult, error) {
+	if deployMode == kluctlv1.KluctlDeployModeFull {
+		return pt.kluctlDeploy(ctx, targetContext, crId, objectsHash, needDeployByRequest)
+	} else if deployMode == kluctlv1.KluctlDeployPokeImages {
+		return pt.kluctlPokeImages(ctx, targetContext, crId, objectsHash, needDeployByRequest)
+	} else {
+		return nil, fmt.Errorf("deployMode '%s' not supported", deployMode)
+	}
+}
+
 func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index c29ad6e19..7696159d4 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -398,22 +398,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	var deployResult *result.CommandResult
 	if needDeploy {
-		// deploy the kluctl project
-		if obj.Spec.DeployMode == kluctlv1.KluctlDeployModeFull {
-			patchErr = doProgressingCondition("Performing kluctl deploy", false)
-			if patchErr != nil {
-				return nil, patchErr
-			}
-			deployResult, err = pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
-		} else if obj.Spec.DeployMode == kluctlv1.KluctlDeployPokeImages {
-			patchErr = doProgressingCondition("Performing kluctl poke-images", false)
-			if patchErr != nil {
-				return nil, patchErr
-			}
-			deployResult, err = pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
-		} else {
-			err = fmt.Errorf("deployMode '%s' not supported", obj.Spec.DeployMode)
+		patchErr = doProgressingCondition(fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
+		if patchErr != nil {
+			return nil, patchErr
 		}
+		deployResult, err = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, needDeployByRequest)
 		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), err)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")

From 825f40fe49279c682300ede8780dd87c49efbc25 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 10:30:49 +0200
Subject: [PATCH 1527/2268] refactor: Split up handleCommandResult into
 addCommandResultInfo/writeCommandResult

---
 pkg/controllers/kluctl_project.go | 53 ++++++++++++++++++++-----------
 1 file changed, 34 insertions(+), 19 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index db1318926..cd1350db8 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -657,14 +657,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, crId string, objectsHash string, triggeredByRequest bool) error {
-	log := ctrl.LoggerFrom(ctx)
-
-	if cmdErr != nil {
-		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
-		return cmdErr
-	}
-
+func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, crId string, objectsHash string) error {
 	cmdResult.Id = crId
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.KluctlDeployment = &result.KluctlDeploymentInfo{
@@ -682,6 +675,19 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
 	cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
 
+	return nil
+}
+
+func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, triggeredByRequest bool) error {
+	log := ctrl.LoggerFrom(ctx)
+
+	if cmdErr != nil {
+		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
+		return cmdErr
+	}
+
+	var err error
+
 	summary := cmdResult.BuildSummary()
 	needStore := summary.NewObjects != 0 ||
 		summary.ChangedObjects != 0 ||
@@ -740,7 +746,7 @@ func (pt *preparedTarget) handleCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
-func (pt *preparedTarget) handleValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string, objectsHash string) error {
+func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -795,8 +801,12 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.Prune = pt.pp.obj.Spec.Prune
 	cmd.WaitPrune = false
 
-	cmdResult, err := cmd.Run(nil)
-	err = pt.handleCommandResult(ctx, err, cmdResult, "deploy", crId, objectsHash, triggeredByRequest)
+	cmdResult, cmdErr := cmd.Run(nil)
+	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
+	if err != nil {
+		return cmdResult, err
+	}
+	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "deploy", triggeredByRequest)
 	return cmdResult, err
 }
 
@@ -805,8 +815,12 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
-	cmdResult, err := cmd.Run()
-	err = pt.handleCommandResult(ctx, err, cmdResult, "poke-images", crId, objectsHash, triggeredByRequest)
+	cmdResult, cmdErr := cmd.Run()
+	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
+	if err != nil {
+		return cmdResult, err
+	}
+	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "poke-images", triggeredByRequest)
 	return cmdResult, err
 }
 
@@ -817,7 +831,7 @@ func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *klu
 	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
 
 	validateResult, err := cmd.Run(ctx)
-	err = pt.handleValidateResult(ctx, err, validateResult, crId, objectsHash)
+	err = pt.writeValidateResult(ctx, err, validateResult, crId, objectsHash)
 	return validateResult, err
 }
 
@@ -848,13 +862,10 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 		return nil, err
 	}
 
-	cmdResult, err := cmd.Run(ctx, k, func(refs []k8s.ObjectRef) error {
+	cmdResult, cmdErr := cmd.Run(ctx, k, func(refs []k8s.ObjectRef) error {
 		pt.printDeletedRefs(ctx, refs)
 		return nil
 	})
-	if err != nil {
-		return nil, err
-	}
 
 	if pt.pp.obj.Spec.Target != nil {
 		cmdResult.TargetKey.TargetName = *pt.pp.obj.Spec.Target
@@ -866,7 +877,11 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	cmdResult.TargetKey.Discriminator = discriminator
 	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
 
-	err = pt.handleCommandResult(ctx, err, cmdResult, "delete", crId, "", false)
+	err = pt.addCommandResultInfo(ctx, cmdResult, crId, "")
+	if err != nil {
+		return cmdResult, err
+	}
+	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "delete", false)
 	return cmdResult, err
 }
 

From 75bb5a8ddbadcd721e29a5f1378d6556b76c00c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 11:16:12 +0200
Subject: [PATCH 1528/2268] feat: Implement drift detection in controller

---
 api/v1beta1/kluctldeployment_types.go         | 42 +++++++++
 api/v1beta1/zz_generated.deepcopy.go          |  5 ++
 .../gitops.kluctl.io_kluctldeployments.yaml   | 14 +++
 install/controller/controller/crd.yaml        | 14 +++
 pkg/controllers/kluctl_project.go             | 16 ++++
 .../kluctldeployment_controller.go            | 17 +++-
 pkg/types/result/drift_detection_result.go    | 87 +++++++++++++++++++
 pkg/types/result/zz_generated.deepcopy.go     | 41 +++++++++
 8 files changed, 234 insertions(+), 2 deletions(-)
 create mode 100644 pkg/types/result/drift_detection_result.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index bbccbf1fe..0a8ee9ee0 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -372,6 +372,8 @@ type KluctlDeploymentStatus struct {
 	LastDeployError string `json:"lastDeployError,omitempty"`
 	// +optional
 	LastValidateError string `json:"lastValidateError,omitempty"`
+	// +optional
+	LastDriftDetectionError string `json:"lastDriftDetectionError,omitempty"`
 
 	// LastDeployResult is the result summary of the last deploy command
 	// +optional
@@ -381,6 +383,14 @@ type KluctlDeploymentStatus struct {
 	// LastValidateResult is the result summary of the last validate command
 	// +optional
 	LastValidateResult *runtime.RawExtension `json:"lastValidateResult,omitempty"`
+
+	// LastDriftDetectionResult is the result of the last drift detection command
+	// optional
+	LastDriftDetectionResult *runtime.RawExtension `json:"lastDriftDetectionResult,omitempty"`
+
+	// LastDriftDetectionResultMessage contains a short message that describes the drift
+	// optional
+	LastDriftDetectionResultMessage string `json:"lastDriftDetectionResultMessage,omitempty"`
 }
 
 func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSummary, err error) error {
@@ -417,6 +427,25 @@ func (s *KluctlDeploymentStatus) SetLastValidateResult(crs *result.ValidateResul
 	return nil
 }
 
+func (s *KluctlDeploymentStatus) SetLastDriftDetectionResult(dr *result.DriftDetectionResult, err error) error {
+	s.LastDriftDetectionError = ""
+	s.LastDriftDetectionResultMessage = ""
+	if err != nil {
+		s.LastDriftDetectionError = err.Error()
+	}
+	if dr == nil {
+		s.LastDriftDetectionResult = nil
+	} else {
+		b, err := yaml.WriteJsonString(dr)
+		if err != nil {
+			return err
+		}
+		s.LastDriftDetectionResult = &runtime.RawExtension{Raw: []byte(b)}
+		s.LastDriftDetectionResultMessage = dr.BuildShortMessage()
+	}
+	return nil
+}
+
 func (s *KluctlDeploymentStatus) GetLastDeployResult() (*result.CommandResultSummary, error) {
 	if s.LastDeployResult == nil {
 		return nil, nil
@@ -441,11 +470,24 @@ func (s *KluctlDeploymentStatus) GetLastValidateResult() (*result.ValidateResult
 	return &ret, nil
 }
 
+func (s *KluctlDeploymentStatus) GetDriftDetectionResult() (*result.DriftDetectionResult, error) {
+	if s.LastDriftDetectionResult == nil {
+		return nil, nil
+	}
+	var ret result.DriftDetectionResult
+	err := yaml.ReadYamlBytes(s.LastDriftDetectionResult.Raw, &ret)
+	if err != nil {
+		return nil, err
+	}
+	return &ret, nil
+}
+
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+kubebuilder:printcolumn:name="DryRun",type="boolean",JSONPath=".spec.dryRun",description=""
 //+kubebuilder:printcolumn:name="Deployed",type="date",JSONPath=".status.lastDeployResult.commandInfo.endTime",description=""
 //+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+//+kubebuilder:printcolumn:name="Drift",type="string",JSONPath=".status.lastDriftDetectionResultMessage",description=""
 //+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
 //+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
 
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index b6bee9dac..2aa37d131 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -277,6 +277,11 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 		*out = new(runtime.RawExtension)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.LastDriftDetectionResult != nil {
+		in, out := &in.LastDriftDetectionResult, &out.LastDriftDetectionResult
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlDeploymentStatus.
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 943edf401..811898c3f 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -24,6 +24,9 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
+    - jsonPath: .status.lastDriftDetectionResultMessage
+      name: Drift
+      type: string
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
@@ -499,6 +502,17 @@ spec:
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastDriftDetectionError:
+                type: string
+              lastDriftDetectionResult:
+                description: LastDriftDetectionResult is the result of the last drift
+                  detection command optional
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              lastDriftDetectionResultMessage:
+                description: LastDriftDetectionResultMessage contains a short message
+                  that describes the drift optional
+                type: string
               lastHandledDeployAt:
                 type: string
               lastHandledReconcileAt:
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index eb96ac13f..4067ce674 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -24,6 +24,9 @@ spec:
     - jsonPath: .status.conditions[?(@.type=="Ready")].status
       name: Ready
       type: string
+    - jsonPath: .status.lastDriftDetectionResultMessage
+      name: Drift
+      type: string
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
       type: string
@@ -499,6 +502,17 @@ spec:
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastDriftDetectionError:
+                type: string
+              lastDriftDetectionResult:
+                description: LastDriftDetectionResult is the result of the last drift
+                  detection command optional
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
+              lastDriftDetectionResultMessage:
+                description: LastDriftDetectionResultMessage contains a short message
+                  that describes the drift optional
+                type: string
               lastHandledDeployAt:
                 type: string
               lastHandledReconcileAt:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index cd1350db8..ace2b8565 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -824,6 +824,22 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	return cmdResult, err
 }
 
+func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
+	defer timer.ObserveDuration()
+	cmd := commands.NewDiffCommand(targetContext)
+	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
+	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
+	cmd.ForceReplaceOnError = pt.pp.obj.Spec.ForceReplaceOnError
+
+	cmdResult, cmdErr := cmd.Run()
+	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
+	if err != nil {
+		return cmdResult, err
+	}
+	return cmdResult, cmdErr
+}
+
 func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string, objectsHash string) (*result.ValidateResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 7696159d4..44c1819a1 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -342,6 +342,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	needDeploy := false
 	needDeployByRequest := false
 	needValidate := false
+	needDriftDetection := true
 
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
 		// either never deployed or source code changed
@@ -368,8 +369,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		log.Info("checking manual object hash")
 		if obj.Spec.ManualObjectsHash == nil || *obj.Spec.ManualObjectsHash != objectsHash {
 			log.Info("deployment is not approved", "manualObjectsHash", obj.Spec.ManualObjectsHash, "objectsHash", objectsHash)
-			targetContext.Params.DryRun = true
-			targetContext.SharedContext.K.DryRun = true
+			needDeploy = false
 		} else {
 			log.Info("deployment is approved", "objectsHash", objectsHash)
 		}
@@ -421,6 +421,19 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
+	if needDriftDetection {
+		patchErr = doProgressingCondition("Performing drift detection", false)
+		if patchErr != nil {
+			return nil, patchErr
+		}
+
+		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash)
+		err = obj.Status.SetLastDriftDetectionResult(diffResult.BuildDriftDetectionResult(), cmdErr)
+		if err != nil {
+			log.Error(err, "Failed to write drift detection result")
+		}
+	}
+
 	var ctrlResult ctrl.Result
 	ctrlResult.RequeueAfter = r.nextReconcileTime(obj).Sub(time.Now())
 	if ctrlResult.RequeueAfter < 0 {
diff --git a/pkg/types/result/drift_detection_result.go b/pkg/types/result/drift_detection_result.go
new file mode 100644
index 000000000..35e7ec77c
--- /dev/null
+++ b/pkg/types/result/drift_detection_result.go
@@ -0,0 +1,87 @@
+package result
+
+import (
+	"fmt"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type DriftDetectionResult struct {
+	Id                  string                `json:"id"`
+	ProjectKey          ProjectKey            `json:"projectKey"`
+	TargetKey           TargetKey             `json:"targetKey"`
+	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
+	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
+	StartTime           metav1.Time           `json:"startTime"`
+	EndTime             metav1.Time           `json:"endTime"`
+
+	Warnings []DeploymentError `json:"warnings,omitempty"`
+	Errors   []DeploymentError `json:"errors,omitempty"`
+	Objects  []BaseObject      `json:"objects,omitempty"`
+}
+
+func (cr *CommandResult) BuildDriftDetectionResult() *DriftDetectionResult {
+	if cr == nil {
+		return nil
+	}
+
+	ret := &DriftDetectionResult{
+		Id:                  cr.Id,
+		ProjectKey:          cr.ProjectKey,
+		TargetKey:           cr.TargetKey,
+		KluctlDeployment:    cr.KluctlDeployment,
+		RenderedObjectsHash: cr.RenderedObjectsHash,
+		StartTime:           cr.Command.StartTime,
+		EndTime:             cr.Command.EndTime,
+		Errors:              cr.Errors,
+		Warnings:            cr.Warnings,
+	}
+	for _, o := range cr.Objects {
+		if !o.New && !o.Orphan && !o.Deleted && len(o.Changes) == 0 {
+			continue
+		}
+		ret.Objects = append(ret.Objects, o.BaseObject)
+	}
+
+	return ret
+}
+
+func (dr *DriftDetectionResult) BuildShortMessage() string {
+	ret := ""
+
+	count := func(f func(o BaseObject) bool) int {
+		cnt := 0
+		for _, o := range dr.Objects {
+			if f(o) {
+				cnt++
+			}
+		}
+		return cnt
+	}
+
+	add := func(s string, cnt int) {
+		if cnt == 0 {
+			return
+		}
+		if ret != "" {
+			ret += "/"
+		}
+		ret += fmt.Sprintf("%d %s", cnt, s)
+	}
+
+	countAndAdd := func(s string, cntFun func(o BaseObject) bool) {
+		add(s, count(cntFun))
+	}
+
+	if len(dr.Objects) == 0 {
+		ret = "no drift"
+	} else {
+		countAndAdd("new", func(o BaseObject) bool { return o.New })
+		countAndAdd("chg", func(o BaseObject) bool { return len(o.Changes) != 0 })
+		countAndAdd("orp", func(o BaseObject) bool { return o.Orphan })
+		countAndAdd("del", func(o BaseObject) bool { return o.Deleted })
+		add("err", len(dr.Errors))
+		add("wrn", len(dr.Warnings))
+	}
+
+	return ret
+}
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 85c65c046..4c804cb78 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -326,6 +326,47 @@ func (in *DeploymentError) DeepCopy() *DeploymentError {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DriftDetectionResult) DeepCopyInto(out *DriftDetectionResult) {
+	*out = *in
+	out.ProjectKey = in.ProjectKey
+	out.TargetKey = in.TargetKey
+	if in.KluctlDeployment != nil {
+		in, out := &in.KluctlDeployment, &out.KluctlDeployment
+		*out = new(KluctlDeploymentInfo)
+		**out = **in
+	}
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	in.EndTime.DeepCopyInto(&out.EndTime)
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Errors != nil {
+		in, out := &in.Errors, &out.Errors
+		*out = make([]DeploymentError, len(*in))
+		copy(*out, *in)
+	}
+	if in.Objects != nil {
+		in, out := &in.Objects, &out.Objects
+		*out = make([]BaseObject, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DriftDetectionResult.
+func (in *DriftDetectionResult) DeepCopy() *DriftDetectionResult {
+	if in == nil {
+		return nil
+	}
+	out := new(DriftDetectionResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GitInfo) DeepCopyInto(out *GitInfo) {
 	*out = *in

From be28775c949f40a4d071174c2954a19da1817517 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 14:05:45 +0200
Subject: [PATCH 1529/2268] feat: Speedup drift detection by keeping track of
 resource versions

---
 pkg/controllers/kluctl_project.go             |  3 +-
 .../kluctldeployment_controller.go            | 59 ++++++++++++++++++-
 .../kluctldeployment_controller_setup.go      |  4 ++
 pkg/deployment/commands/diff.go               | 15 +++--
 pkg/deployment/utils/apply_utils.go           | 12 ++++
 pkg/types/result/drift_detection_result.go    | 34 ++++++++---
 pkg/types/result/zz_generated.deepcopy.go     | 18 +++++-
 7 files changed, 127 insertions(+), 18 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index ace2b8565..55b474a5e 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -824,13 +824,14 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDiffCommand(targetContext)
 	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
 	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
 	cmd.ForceReplaceOnError = pt.pp.obj.Spec.ForceReplaceOnError
+	cmd.SkipResourceVersions = resourceVersions
 
 	cmdResult, cmdErr := cmd.Run()
 	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 44c1819a1..7d0b5b4a1 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
@@ -32,6 +33,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sync"
 	"time"
 )
 
@@ -48,6 +50,9 @@ type KluctlDeploymentReconciler struct {
 	SshPool *ssh_pool.SshPool
 
 	ResultStore results.ResultStore
+
+	mutex               sync.Mutex
+	resourceVersionsMap map[client.ObjectKey]map[k8s.ObjectRef]string
 }
 
 // KluctlDeploymentReconcilerOpts contains options for the BaseReconciler.
@@ -407,6 +412,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
 		}
+
+		r.updateResourceVersions(key, deployResult.Objects, nil)
 	}
 
 	if needValidate {
@@ -427,11 +434,16 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			return nil, patchErr
 		}
 
-		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash)
-		err = obj.Status.SetLastDriftDetectionResult(diffResult.BuildDriftDetectionResult(), cmdErr)
+		resourceVersions := r.getResourceVersions(key)
+
+		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, resourceVersions)
+		driftDetectionResult := diffResult.BuildDriftDetectionResult()
+		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write drift detection result")
 		}
+
+		r.updateResourceVersions(key, diffResult.Objects, driftDetectionResult.Objects)
 	}
 
 	var ctrlResult ctrl.Result
@@ -460,6 +472,45 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	return &ctrlResult, nil
 }
 
+func (r *KluctlDeploymentReconciler) buildResourceVersionsMap(objects []result.ResultObject) map[k8s.ObjectRef]string {
+	m := map[k8s.ObjectRef]string{}
+	for _, o := range objects {
+		if o.Applied == nil && o.Remote == nil {
+			continue
+		}
+		ro := o.Applied
+		if ro == nil {
+			ro = o.Remote
+		}
+		s := ro.GetK8sResourceVersion()
+		if s == "" {
+			continue
+		}
+		m[o.Ref] = s
+	}
+	return m
+}
+
+func (r *KluctlDeploymentReconciler) getResourceVersions(key client.ObjectKey) map[k8s.ObjectRef]string {
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	m, _ := r.resourceVersionsMap[key]
+	return m
+}
+
+func (r *KluctlDeploymentReconciler) updateResourceVersions(key client.ObjectKey, diffObjects []result.ResultObject, driftedObjects []result.DriftedObject) {
+	newMap := r.buildResourceVersionsMap(diffObjects)
+
+	// ignore versions from already drifted objects so that we re-diff them the next time
+	for _, o := range driftedObjects {
+		delete(newMap, o.Ref)
+	}
+
+	r.mutex.Lock()
+	defer r.mutex.Unlock()
+	r.resourceVersionsMap[key] = newMap
+}
+
 func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
 	log := ctrl.LoggerFrom(ctx)
 
@@ -600,6 +651,10 @@ func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeploy
 func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) (ctrl.Result, error) {
 	r.doFinalize(ctx, obj)
 
+	r.mutex.Lock()
+	delete(r.resourceVersionsMap, client.ObjectKeyFromObject(obj))
+	r.mutex.Unlock()
+
 	// Remove our finalizer from the list and update it
 	patch := client.MergeFrom(obj.DeepCopy())
 	controllerutil.RemoveFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index eadbadcfb..38891f65a 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -3,14 +3,18 @@ package controllers
 import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 )
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, opts KluctlDeploymentReconcilerOpts) error {
+	r.resourceVersionsMap = map[client.ObjectKey]map[k8s.ObjectRef]string{}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		WithOptions(controller.Options{
 			MaxConcurrentReconciles: opts.Concurrency,
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 9285c5a23..9874178d4 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -18,6 +18,8 @@ type DiffCommand struct {
 	IgnoreTags          bool
 	IgnoreLabels        bool
 	IgnoreAnnotations   bool
+
+	SkipResourceVersions map[k8s2.ObjectRef]string
 }
 
 func NewDiffCommand(targetCtx *kluctl_project.TargetContext) *DiffCommand {
@@ -41,12 +43,13 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 	}
 
 	o := &utils.ApplyUtilOptions{
-		ForceApply:          cmd.ForceApply,
-		ReplaceOnError:      cmd.ReplaceOnError,
-		ForceReplaceOnError: cmd.ForceReplaceOnError,
-		DryRun:              true,
-		AbortOnError:        false,
-		ReadinessTimeout:    0,
+		ForceApply:           cmd.ForceApply,
+		ReplaceOnError:       cmd.ReplaceOnError,
+		ForceReplaceOnError:  cmd.ForceReplaceOnError,
+		DryRun:               true,
+		AbortOnError:         false,
+		ReadinessTimeout:     0,
+		SkipResourceVersions: cmd.SkipResourceVersions,
 	}
 	au := utils.NewApplyDeploymentsUtil(cmd.targetCtx.SharedContext.Ctx, dew, ru, cmd.targetCtx.SharedContext.K, o)
 	au.ApplyDeployments(cmd.targetCtx.DeploymentCollection.Deployments)
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 6923ab0f0..b6e74ed0c 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -33,6 +33,8 @@ type ApplyUtilOptions struct {
 	AbortOnError        bool
 	ReadinessTimeout    time.Duration
 	NoWait              bool
+
+	SkipResourceVersions map[k8s2.ObjectRef]string
 }
 
 type ApplyUtil struct {
@@ -339,6 +341,16 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 
 	x = a.k.FixObjectForPatch(x)
 	remoteObject := a.ru.GetRemoteObject(ref)
+
+	if a.o.SkipResourceVersions != nil && remoteObject != nil {
+		remoteResourceVersion := remoteObject.GetK8sResourceVersion()
+		skipVersion, ok := a.o.SkipResourceVersions[ref]
+		if ok && skipVersion == remoteResourceVersion {
+			a.handleResult(remoteObject, hook)
+			return
+		}
+	}
+
 	var remoteNamespace *uo.UnstructuredObject
 	if ref.Namespace != "" {
 		remoteNamespace = a.ru.GetRemoteNamespace(ref.Namespace)
diff --git a/pkg/types/result/drift_detection_result.go b/pkg/types/result/drift_detection_result.go
index 35e7ec77c..95704aa2b 100644
--- a/pkg/types/result/drift_detection_result.go
+++ b/pkg/types/result/drift_detection_result.go
@@ -5,6 +5,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+type DriftedObject struct {
+	BaseObject
+
+	LastResourceVersion string `json:"lastResourceVersion"`
+}
+
 type DriftDetectionResult struct {
 	Id                  string                `json:"id"`
 	ProjectKey          ProjectKey            `json:"projectKey"`
@@ -16,7 +22,7 @@ type DriftDetectionResult struct {
 
 	Warnings []DeploymentError `json:"warnings,omitempty"`
 	Errors   []DeploymentError `json:"errors,omitempty"`
-	Objects  []BaseObject      `json:"objects,omitempty"`
+	Objects  []DriftedObject   `json:"objects,omitempty"`
 }
 
 func (cr *CommandResult) BuildDriftDetectionResult() *DriftDetectionResult {
@@ -39,7 +45,19 @@ func (cr *CommandResult) BuildDriftDetectionResult() *DriftDetectionResult {
 		if !o.New && !o.Orphan && !o.Deleted && len(o.Changes) == 0 {
 			continue
 		}
-		ret.Objects = append(ret.Objects, o.BaseObject)
+		resourceVersion := ""
+		ro := o.Applied
+		if ro == nil {
+			ro = o.Remote
+		}
+		if ro != nil {
+			resourceVersion = ro.GetK8sResourceVersion()
+		}
+
+		ret.Objects = append(ret.Objects, DriftedObject{
+			BaseObject:          o.BaseObject,
+			LastResourceVersion: resourceVersion,
+		})
 	}
 
 	return ret
@@ -48,7 +66,7 @@ func (cr *CommandResult) BuildDriftDetectionResult() *DriftDetectionResult {
 func (dr *DriftDetectionResult) BuildShortMessage() string {
 	ret := ""
 
-	count := func(f func(o BaseObject) bool) int {
+	count := func(f func(o DriftedObject) bool) int {
 		cnt := 0
 		for _, o := range dr.Objects {
 			if f(o) {
@@ -68,17 +86,17 @@ func (dr *DriftDetectionResult) BuildShortMessage() string {
 		ret += fmt.Sprintf("%d %s", cnt, s)
 	}
 
-	countAndAdd := func(s string, cntFun func(o BaseObject) bool) {
+	countAndAdd := func(s string, cntFun func(o DriftedObject) bool) {
 		add(s, count(cntFun))
 	}
 
 	if len(dr.Objects) == 0 {
 		ret = "no drift"
 	} else {
-		countAndAdd("new", func(o BaseObject) bool { return o.New })
-		countAndAdd("chg", func(o BaseObject) bool { return len(o.Changes) != 0 })
-		countAndAdd("orp", func(o BaseObject) bool { return o.Orphan })
-		countAndAdd("del", func(o BaseObject) bool { return o.Deleted })
+		countAndAdd("new", func(o DriftedObject) bool { return o.New })
+		countAndAdd("chg", func(o DriftedObject) bool { return len(o.Changes) != 0 })
+		countAndAdd("orp", func(o DriftedObject) bool { return o.Orphan })
+		countAndAdd("del", func(o DriftedObject) bool { return o.Deleted })
 		add("err", len(dr.Errors))
 		add("wrn", len(dr.Warnings))
 	}
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 4c804cb78..fddafb3aa 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -350,7 +350,7 @@ func (in *DriftDetectionResult) DeepCopyInto(out *DriftDetectionResult) {
 	}
 	if in.Objects != nil {
 		in, out := &in.Objects, &out.Objects
-		*out = make([]BaseObject, len(*in))
+		*out = make([]DriftedObject, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -367,6 +367,22 @@ func (in *DriftDetectionResult) DeepCopy() *DriftDetectionResult {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DriftedObject) DeepCopyInto(out *DriftedObject) {
+	*out = *in
+	in.BaseObject.DeepCopyInto(&out.BaseObject)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DriftedObject.
+func (in *DriftedObject) DeepCopy() *DriftedObject {
+	if in == nil {
+		return nil
+	}
+	out := new(DriftedObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GitInfo) DeepCopyInto(out *GitInfo) {
 	*out = *in

From 6d9b30638d232dd72f5662894202d4dba114b352 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 14:09:45 +0200
Subject: [PATCH 1530/2268] refactor: Rename targets-xxx to target-xxx

---
 pkg/webui/ui/src/components/Router.tsx               |  2 +-
 .../components/command-result/CommandResultCard.tsx  |  2 +-
 .../src/components/target-cards-view/TargetCard.tsx  | 12 ++++++------
 .../TargetsListView.tsx                              | 10 +++++-----
 .../{targets-view => target-view}/ClusterIcon.tsx    |  0
 .../CommandTypeIcon.tsx                              |  0
 .../DiscriminatorIcon.tsx                            |  0
 .../ReconcilingIcon.tsx                              |  0
 .../{targets-view => target-view}/StatusIcon.tsx     |  0
 .../TargetActionMenu.tsx                             |  0
 .../{targets-view => target-view}/TargetTypeIcon.tsx |  0
 .../{targets-view => target-view}/TargetsView.tsx    |  2 +-
 12 files changed, 14 insertions(+), 14 deletions(-)
 rename pkg/webui/ui/src/components/{targets-list-view => target-list-view}/TargetsListView.tsx (97%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/ClusterIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/CommandTypeIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/DiscriminatorIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/ReconcilingIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/StatusIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/TargetActionMenu.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/TargetTypeIcon.tsx (100%)
 rename pkg/webui/ui/src/components/{targets-view => target-view}/TargetsView.tsx (97%)

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 2de9daf30..d888e4873 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -3,7 +3,7 @@ import App from "./App";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
 import React, { useEffect } from "react";
-import { TargetsView } from "./targets-view/TargetsView";
+import { TargetsView } from "./target-view/TargetsView";
 
 function ErrorPage() {
     const error = useRouteError() as any;
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index d6b63e2f4..2f99e90c3 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -12,7 +12,7 @@ import { CommandResultBody } from "./CommandResultView";
 import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
-import { CommandTypeIcon } from "../targets-view/CommandTypeIcon";
+import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
 
 const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
     const appCtx = useAppContext()
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 2ae5fe67b..fb4f34cce 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -15,12 +15,12 @@ import { K8sManifestViewer } from "../K8sManifestViewer";
 import { YamlViewer } from "../YamlViewer";
 import { gitRefToString } from "../../utils/git";
 import { AppContextProps, useAppContext } from "../App";
-import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
-import { StatusIcon } from "../targets-view/StatusIcon";
-import { TargetTypeIcon } from "../targets-view/TargetTypeIcon";
-import { TargetActionMenu } from "../targets-view/TargetActionMenu";
-import { ClusterIcon } from "../targets-view/ClusterIcon";
-import { DiscriminatorIcon } from "../targets-view/DiscriminatorIcon";
+import { ReconcilingIcon } from "../target-view/ReconcilingIcon";
+import { StatusIcon } from "../target-view/StatusIcon";
+import { TargetTypeIcon } from "../target-view/TargetTypeIcon";
+import { TargetActionMenu } from "../target-view/TargetActionMenu";
+import { ClusterIcon } from "../target-view/ClusterIcon";
+import { DiscriminatorIcon } from "../target-view/DiscriminatorIcon";
 import Tooltip from "@mui/material/Tooltip";
 
 export const TargetItemBody = React.memo((props: {
diff --git a/pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
similarity index 97%
rename from pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx
rename to pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index ade0b969e..25630b60e 100644
--- a/pkg/webui/ui/src/components/targets-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -7,14 +7,14 @@ import { DataGrid, GridColDef, gridStringOrNumberComparator } from '@mui/x-data-
 import { getLastPathElement } from "../../utils/misc";
 import Tooltip from "@mui/material/Tooltip";
 import { Approval, Toys } from "@mui/icons-material";
-import { ReconcilingIcon } from "../targets-view/ReconcilingIcon";
-import { StatusIcon } from "../targets-view/StatusIcon";
-import { TargetActionMenu } from "../targets-view/TargetActionMenu";
+import { ReconcilingIcon } from "../target-view/ReconcilingIcon";
+import { StatusIcon } from "../target-view/StatusIcon";
+import { TargetActionMenu } from "../target-view/TargetActionMenu";
 import { CommandResultStatusLine } from "../command-result/CommandResultStatusLine";
 import { Since } from "../Since";
 import { ScrollingTextLine } from "../ScrollingTextLine";
-import { ClusterIcon } from "../targets-view/ClusterIcon";
-import { CommandTypeIcon } from "../targets-view/CommandTypeIcon";
+import { ClusterIcon } from "../target-view/ClusterIcon";
+import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
 import Divider from "@mui/material/Divider";
 import { TargetCard } from "../target-cards-view/TargetCard";
 import { CommandResultCard } from "../command-result/CommandResultCard";
diff --git a/pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx b/pkg/webui/ui/src/components/target-view/ClusterIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/ClusterIcon.tsx
rename to pkg/webui/ui/src/components/target-view/ClusterIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx b/pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/CommandTypeIcon.tsx
rename to pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx b/pkg/webui/ui/src/components/target-view/DiscriminatorIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/DiscriminatorIcon.tsx
rename to pkg/webui/ui/src/components/target-view/DiscriminatorIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/ReconcilingIcon.tsx
rename to pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/StatusIcon.tsx b/pkg/webui/ui/src/components/target-view/StatusIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/StatusIcon.tsx
rename to pkg/webui/ui/src/components/target-view/StatusIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/TargetActionMenu.tsx
rename to pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx b/pkg/webui/ui/src/components/target-view/TargetTypeIcon.tsx
similarity index 100%
rename from pkg/webui/ui/src/components/targets-view/TargetTypeIcon.tsx
rename to pkg/webui/ui/src/components/target-view/TargetTypeIcon.tsx
diff --git a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
similarity index 97%
rename from pkg/webui/ui/src/components/targets-view/TargetsView.tsx
rename to pkg/webui/ui/src/components/target-view/TargetsView.tsx
index c5baed18e..808761362 100644
--- a/pkg/webui/ui/src/components/targets-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
@@ -4,7 +4,7 @@ import { useAppContext } from "../App";
 import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
 import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { TargetCardsView } from "../target-cards-view/TargetCardsView";
-import { TargetsListView } from "../targets-list-view/TargetsListView";
+import { TargetsListView } from "../target-list-view/TargetsListView";
 
 export const TargetsView = () => {
     const navigate = useNavigate();

From cfdabe3583fd5e836764a555a6ea8e1a4aa16de0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 16:06:45 +0200
Subject: [PATCH 1531/2268] fix: Reset resource versions when performing
 dry-run deploy

---
 pkg/controllers/kluctldeployment_controller.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 7d0b5b4a1..c6c8fdf6b 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -413,7 +413,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			log.Error(err, "Failed to write deploy result")
 		}
 
-		r.updateResourceVersions(key, deployResult.Objects, nil)
+		if obj.Spec.DryRun {
+			r.updateResourceVersions(key, nil, nil)
+		} else {
+			r.updateResourceVersions(key, deployResult.Objects, nil)
+		}
 	}
 
 	if needValidate {

From da7dfde1fa230f243045978f2abcad5b8216499a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 16:08:06 +0200
Subject: [PATCH 1532/2268] feat: Show drift in targets list

---
 pkg/webui/generate-ts/main.go                 |  1 +
 .../CommandResultStatusLine.tsx               | 30 ++++++-
 .../command-result/nodes/NodeData.tsx         |  2 +-
 .../target-cards-view/TargetCard.tsx          | 33 +++++++-
 .../target-list-view/TargetsListView.tsx      | 76 +++++++++++++----
 pkg/webui/ui/src/models.ts                    | 82 +++++++++++++++++++
 6 files changed, 204 insertions(+), 20 deletions(-)

diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index 4e59859fa..67f482a82 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -17,6 +17,7 @@ func main() {
 		Add(result.CommandResultSummary{}).
 		Add(result.ValidateResult{}).
 		Add(result.ValidateResultSummary{}).
+		Add(result.DriftDetectionResult{}).
 		Add(result.ChangedObject{}).
 		Add(webui.ShortName{}).
 		Add(uo.UnstructuredObject{}).
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx b/pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx
index 6e121df68..8c93e03b1 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultStatusLine.tsx
@@ -1,4 +1,4 @@
-import { CommandResultSummary, ValidateResult } from "../../models";
+import { CommandResultSummary, DriftDetectionResult, ValidateResult } from "../../models";
 import { Box, Tooltip, Typography } from "@mui/material";
 import React from "react";
 import { AddedIcon, ChangedIcon, ErrorIcon, OrphanIcon, TrashIcon, WarningIcon } from "../../icons/Icons";
@@ -75,4 +75,30 @@ export const ValidateResultStatusLine = (props: { vr?: ValidateResult }) => {
     return <StatusLine errors={props.vr?.errors?.length}
         warnings={props.vr?.warnings?.length}
     />
-}
\ No newline at end of file
+}
+
+function count<T>(l: T[] | undefined, f: (o: T) => boolean) {
+    let c = 0
+    if (!l) {
+        return c
+    }
+    l.forEach(o => {
+        if (f(o)) {
+            c++
+        }
+    })
+    return c
+}
+
+export const DriftDetectionResultStatusLine = (props: {dr?: DriftDetectionResult}) => {
+    if (!props.dr) {
+        return <></>
+    }
+    return <StatusLine errors={props.dr.errors?.length}
+                       warnings={props.dr.warnings?.length}
+                       changedObjects={count(props.dr.objects, o => !!o.changes?.length)}
+                       newObjects={count(props.dr.objects, o => !!o.new)}
+                       deletedObjects={count(props.dr.objects, o => !!o.deleted)}
+                       orphanObjects={count(props.dr.objects, o => !!o.orphan)}
+    />
+}
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index dd13ff6a0..afcd41920 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -19,7 +19,7 @@ export class DiffStatus {
     totalDeletions: number = 0;
     totalUpdates: number = 0;
 
-    addChangedObject(co: ResultObject) {
+    addChangedObject(co: ChangedObject) {
         this.changedObjects.push(co)
         co.changes?.forEach(x => {
             switch (x.type) {
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index fb4f34cce..d6f1fe91a 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,4 +1,4 @@
-import { ValidateResult } from "../../models";
+import { DriftDetectionResult, ValidateResult } from "../../models";
 import { Alert, Box, Typography } from "@mui/material";
 import React, { useState } from "react";
 import { TargetIcon } from "../../icons/Icons";
@@ -22,6 +22,8 @@ import { TargetActionMenu } from "../target-view/TargetActionMenu";
 import { ClusterIcon } from "../target-view/ClusterIcon";
 import { DiscriminatorIcon } from "../target-view/DiscriminatorIcon";
 import Tooltip from "@mui/material/Tooltip";
+import { ChangesTable } from "../command-result/ChangesTable";
+import { DiffStatus } from "../command-result/nodes/NodeData";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -170,6 +172,35 @@ class TargetItemCardProvider implements CardTabsProvider {
             })
         }
 
+        const dr: DriftDetectionResult | undefined = this.ts.kd?.deployment.status.lastDriftDetectionResult
+        if (dr?.warnings?.length) {
+            tabs.push({
+                label: "Drift Warning",
+                content: <ErrorsTable errors={dr.warnings}/>
+            })
+        }
+        if (dr?.errors?.length) {
+            tabs.push({
+                label: "Drift Errors",
+                content: <ErrorsTable errors={dr.errors}/>
+            })
+        }
+        if (dr?.objects?.length) {
+            const diffStatus = new DiffStatus()
+            dr.objects.forEach(o => {
+                if (o.changes?.length) {
+                    diffStatus.addChangedObject(o)
+                }
+                if (o.new) diffStatus.newObjects.push(o.ref)
+                if (o.orphan) diffStatus.orphanObjects.push(o.ref)
+                if (o.deleted) diffStatus.deletedObjects.push(o.ref)
+            })
+            tabs.push({
+                label: "Drift",
+                content: <ChangesTable diffStatus={diffStatus}/>
+            })
+        }
+
         if (this.lastValidateResult?.results) {
             tabs.push({
                 label: "Validation Results",
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index 25630b60e..8cae4ffde 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -1,16 +1,16 @@
 import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
-import { CommandResultSummary } from "../../models";
+import { CommandResultSummary, DriftDetectionResult } from "../../models";
 import { useAppContext } from "../App";
 import React, { useCallback, useMemo } from "react";
 import { Box, Dialog, Typography } from "@mui/material";
 import { DataGrid, GridColDef, gridStringOrNumberComparator } from '@mui/x-data-grid';
 import { getLastPathElement } from "../../utils/misc";
 import Tooltip from "@mui/material/Tooltip";
-import { Approval, Toys } from "@mui/icons-material";
+import { Approval, Keyboard, Toys } from "@mui/icons-material";
 import { ReconcilingIcon } from "../target-view/ReconcilingIcon";
 import { StatusIcon } from "../target-view/StatusIcon";
 import { TargetActionMenu } from "../target-view/TargetActionMenu";
-import { CommandResultStatusLine } from "../command-result/CommandResultStatusLine";
+import { CommandResultStatusLine, DriftDetectionResultStatusLine } from "../command-result/CommandResultStatusLine";
 import { Since } from "../Since";
 import { ScrollingTextLine } from "../ScrollingTextLine";
 import { ClusterIcon } from "../target-view/ClusterIcon";
@@ -62,6 +62,24 @@ export const TargetsListView = (props: TargetsListViewProps) => {
     }
 
     const columns: GridColDef<Row>[] = [
+        {
+            field: "cli",
+            headerName: "CLI",
+            width: 48,
+            valueGetter: rp => {
+                return !rp.row.ts.kdInfo
+            },
+            renderCell: rp => {
+                if (rp.value) {
+                    const tooltip = <Typography>Invoked via the CLI</Typography>
+                    return <Tooltip title={tooltip}>
+                        <Keyboard/>
+                    </Tooltip>
+                } else {
+                    return <></>
+                }
+            }
+        },
         {
             field: "project",
             headerName: "Project",
@@ -178,6 +196,8 @@ export const TargetsListView = (props: TargetsListViewProps) => {
             field: "status",
             headerName: "Status",
             width: 48,
+            sortable: false,
+            filterable: false,
             renderCell: rp => {
                 return <Box onDoubleClick={() => doSelectTarget(rp.row)}>
                     <StatusIcon ps={rp.row.ps} ts={rp.row.ts}/>
@@ -185,24 +205,27 @@ export const TargetsListView = (props: TargetsListViewProps) => {
             }
         },
         {
-            field: "lastCommandResultTime",
-            headerName: "When",
-            width: 100,
-            type: "dateTime",
+            field: "drift",
+            headerName: "Drift",
+            width: 120,
+            filterable: false,
+            sortable: false,
             valueGetter: rp => {
                 if (!rp.row.ts.commandResults.length) {
-                    return undefined
+                    return ""
                 }
                 const rs = rp.row.ts.commandResults[0]
-                return new Date(rs.commandInfo.startTime)
+                return rs.commandInfo.command
             },
             renderCell: rp => {
                 if (!rp.row.ts.commandResults.length) {
                     return <></>
                 }
-                const rs = rp.row.ts.commandResults[0]
-                return <Box onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
-                    <Since startTime={new Date(rs.commandInfo.startTime)}/>
+                const dr: DriftDetectionResult | undefined = rp.row.ts.kd?.deployment.status.lastDriftDetectionResult
+                return <Box display={"flex"}
+                            width={"100%"}
+                            onDoubleClick={() => doSelectTarget(rp.row)}>
+                    <DriftDetectionResultStatusLine dr={dr}/>
                 </Box>
             }
         },
@@ -211,6 +234,7 @@ export const TargetsListView = (props: TargetsListViewProps) => {
             headerName: "Last Command",
             width: 120,
             filterable: false,
+            sortable: false,
             valueGetter: rp => {
                 if (!rp.row.ts.commandResults.length) {
                     return ""
@@ -226,12 +250,34 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                 return <Box display={"flex"}
                             width={"100%"}
                             onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
-                    <CommandTypeIcon ts={rp.row.ts} rs={rs} size={"24px"}/>
-                    <Divider orientation={"vertical"} sx={{height: "inherit", marginX: "5px"}}/>
+                    {/*<CommandTypeIcon ts={rp.row.ts} rs={rs} size={"24px"}/>*/}
+                    {/*<Divider orientation={"vertical"} sx={{height: "inherit", marginX: "5px"}}/>*/}
                     <CommandResultStatusLine rs={rs}/>
                 </Box>
             }
         },
+        {
+            field: "lastCommandResultTime",
+            headerName: "When",
+            width: 100,
+            type: "dateTime",
+            valueGetter: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return undefined
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return new Date(rs.commandInfo.startTime)
+            },
+            renderCell: rp => {
+                if (!rp.row.ts.commandResults.length) {
+                    return <></>
+                }
+                const rs = rp.row.ts.commandResults[0]
+                return <Box onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
+                    <Since startTime={new Date(rs.commandInfo.startTime)}/>
+                </Box>
+            }
+        },
         {
             field: "actions",
             headerName: "Actions",
@@ -243,8 +289,6 @@ export const TargetsListView = (props: TargetsListViewProps) => {
         },
     ];
 
-
-
     const rows = useMemo(() => {
         const rows: Row[] = []
         projects.forEach(ps => {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 7a474f5e8..c47abd51b 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -854,6 +854,88 @@ export class ValidateResultSummary {
 	    return a;
 	}
 }
+export class DriftedObject {
+    ref: ObjectRef;
+    changes?: Change[];
+    new?: boolean;
+    orphan?: boolean;
+    deleted?: boolean;
+    hook?: boolean;
+    lastResourceVersion: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.ref = this.convertValues(source["ref"], ObjectRef);
+        this.changes = this.convertValues(source["changes"], Change);
+        this.new = source["new"];
+        this.orphan = source["orphan"];
+        this.deleted = source["deleted"];
+        this.hook = source["hook"];
+        this.lastResourceVersion = source["lastResourceVersion"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
+export class DriftDetectionResult {
+    id: string;
+    projectKey: ProjectKey;
+    targetKey: TargetKey;
+    kluctlDeployment?: KluctlDeploymentInfo;
+    renderedObjectsHash?: string;
+    startTime: string;
+    endTime: string;
+    warnings?: DeploymentError[];
+    errors?: DeploymentError[];
+    objects?: DriftedObject[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.id = source["id"];
+        this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
+        this.targetKey = this.convertValues(source["targetKey"], TargetKey);
+        this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.renderedObjectsHash = source["renderedObjectsHash"];
+        this.startTime = source["startTime"];
+        this.endTime = source["endTime"];
+        this.warnings = this.convertValues(source["warnings"], DeploymentError);
+        this.errors = this.convertValues(source["errors"], DeploymentError);
+        this.objects = this.convertValues(source["objects"], DriftedObject);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class ChangedObject {
     ref: ObjectRef;
     changes?: Change[];

From 304a45a2953916eeb58b097ad1377c550b379c8c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 16:09:21 +0200
Subject: [PATCH 1533/2268] feat: Add approve button to targets list

---
 .../command-result/CommandResultCard.tsx      | 67 +++----------------
 .../target-list-view/TargetsListView.tsx      |  2 +
 .../target-view/ManualApproveButton.tsx       | 55 +++++++++++++++
 .../target-view/TargetActionMenu.tsx          | 12 ++--
 4 files changed, 71 insertions(+), 65 deletions(-)
 create mode 100644 pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx

diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index 2f99e90c3..fd421c455 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -3,7 +3,7 @@ import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CommandResult, CommandResultSummary } from "../../models";
 import { Box, IconButton, Tooltip } from "@mui/material";
 import { TreeViewIcon } from "../../icons/Icons";
-import { RocketLaunch, Summarize } from "@mui/icons-material";
+import { Summarize } from "@mui/icons-material";
 import { CardTemplate } from "../card/Card";
 import { Since } from "../Since";
 import { CommandResultSummaryBody } from "./CommandResultSummaryView";
@@ -13,63 +13,7 @@ import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
-
-const ApprovalIcon = (props: {ts: TargetSummary, rs: CommandResultSummary}) => {
-    const appCtx = useAppContext()
-    const handleApprove = (approve: boolean) => {
-        if (!props.ts.kdInfo || !props.ts.kd) {
-            return
-        }
-        if (approve) {
-            if (!props.rs.renderedObjectsHash) {
-                return
-            }
-            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.rs.renderedObjectsHash)
-        } else {
-            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
-        }
-    }
-
-    if (appCtx.isStatic || !appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
-        return <></>
-    }
-    if (props.rs.id !== props.ts.commandResults[0].id) {
-        return <></>
-    }
-
-    if (!props.rs.commandInfo.dryRun || !props.rs.renderedObjectsHash) {
-        return <></>
-    }
-
-    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.rs.renderedObjectsHash
-
-    let icon: React.ReactElement
-    let tooltip: string
-    if (!isApproved) {
-        tooltip = "Click here to trigger this manual deployment."
-        icon = <RocketLaunch color={"info"}/>
-    } else {
-        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
-        icon = <RocketLaunch color={"success"}/>
-    }
-    return <Box display='flex' gap='6px' alignItems='center' height='39px'>
-        <IconButton
-            onClick={e => {
-                e.stopPropagation();
-                handleApprove(!isApproved)
-            }}
-            sx={{
-                padding: 0,
-                width: 26,
-                height: 26
-            }}
-        >
-            <Tooltip title={tooltip}>
-                <Box display='flex'>{icon}</Box>
-            </Tooltip>
-        </IconButton>
-    </Box>
-}
+import { ManualApproveButton } from "../target-view/ManualApproveButton";
 
 export const CommandResultCard = React.memo(React.forwardRef((
     props: {
@@ -126,11 +70,16 @@ export const CommandResultCard = React.memo(React.forwardRef((
         }
     }
 
+    let approveButton: React.ReactElement | undefined
+    if (props.rs.id === props.ts.commandResults[0].id && props.rs.commandInfo.dryRun && props.rs.renderedObjectsHash) {
+        approveButton = <ManualApproveButton ts={props.ts} renderedObjectsHash={props.rs.renderedObjectsHash}/>
+    }
+
     const footer = <>
         <Box display='flex' gap='6px' alignItems='center' flex={"1 1 auto"}>
             <CommandResultStatusLine rs={props.rs} />
         </Box>
-        <ApprovalIcon ts={props.ts} rs={props.rs}/>
+        {approveButton}
         <Box display='flex' gap='6px' alignItems='center' height='39px'>
             <IconButton
                 onClick={e => {
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index 8cae4ffde..a3e23ec28 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -18,6 +18,7 @@ import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
 import Divider from "@mui/material/Divider";
 import { TargetCard } from "../target-cards-view/TargetCard";
 import { CommandResultCard } from "../command-result/CommandResultCard";
+import { ManualApproveButton } from "../target-view/ManualApproveButton";
 
 
 export interface TargetsListViewProps {
@@ -226,6 +227,7 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                             width={"100%"}
                             onDoubleClick={() => doSelectTarget(rp.row)}>
                     <DriftDetectionResultStatusLine dr={dr}/>
+                    {dr?.objects?.length && <ManualApproveButton ts={rp.row.ts} renderedObjectsHash={dr.renderedObjectsHash!}/>}
                 </Box>
             }
         },
diff --git a/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
new file mode 100644
index 000000000..155c306e1
--- /dev/null
+++ b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
@@ -0,0 +1,55 @@
+import { TargetSummary } from "../../project-summaries";
+import { useAppContext } from "../App";
+import React from "react";
+import { RocketLaunch } from "@mui/icons-material";
+import { Box, IconButton, Tooltip } from "@mui/material";
+
+export const ManualApproveButton = (props: {ts: TargetSummary, renderedObjectsHash: string}) => {
+    const appCtx = useAppContext()
+    const handleApprove = (approve: boolean) => {
+        if (!props.ts.kdInfo || !props.ts.kd) {
+            return
+        }
+        if (approve) {
+            if (!props.renderedObjectsHash) {
+                return
+            }
+            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.renderedObjectsHash)
+        } else {
+            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
+        }
+    }
+
+    if (appCtx.isStatic || !appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
+        return <></>
+    }
+
+    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.renderedObjectsHash
+
+    let icon: React.ReactElement
+    let tooltip: string
+    if (!isApproved) {
+        tooltip = "Click here to trigger this manual deployment."
+        icon = <RocketLaunch color={"info"}/>
+    } else {
+        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
+        icon = <RocketLaunch color={"success"}/>
+    }
+    return <Box display='flex' gap='6px' alignItems='center' height='39px'>
+        <IconButton
+            onClick={e => {
+                e.stopPropagation();
+                handleApprove(!isApproved)
+            }}
+            sx={{
+                padding: 0,
+                width: 26,
+                height: 26
+            }}
+        >
+            <Tooltip title={tooltip}>
+                <Box display='flex'>{icon}</Box>
+            </Tooltip>
+        </IconButton>
+    </Box>
+}
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
index e9e79c09f..1a5856aef 100644
--- a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
@@ -16,17 +16,17 @@ export const TargetActionMenu = (props: {ts: TargetSummary}) => {
         }
 
         actionMenuItems.push({
-            icon: <Troubleshoot/>,
-            text: <Typography>Validate</Typography>,
+            icon: <PublishedWithChanges/>,
+            text: <Typography>Reconcile</Typography>,
             handler: () => {
-                appCtx.api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+                appCtx.api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({
-            icon: <PublishedWithChanges/>,
-            text: <Typography>Reconcile</Typography>,
+            icon: <Troubleshoot/>,
+            text: <Typography>Validate</Typography>,
             handler: () => {
-                appCtx.api.reconcileNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+                appCtx.api.validateNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
         actionMenuItems.push({

From 6aff1eb8b803c8b831ac320ac3da8c4f7507af01 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 21:25:01 +0200
Subject: [PATCH 1534/2268] fix: Fix filters to respect drift

---
 pkg/webui/ui/src/components/Jdenticon.tsx      |  2 +-
 .../command-result/nodes/NodeData.tsx          |  2 +-
 .../target-cards-view/TargetCard.tsx           |  4 ++--
 .../target-list-view/TargetsListView.tsx       | 18 +++++-------------
 .../src/components/target-view/ClusterIcon.tsx |  2 +-
 .../target-view/TargetActionMenu.tsx           |  5 +++--
 .../src/components/target-view/TargetsView.tsx |  6 +++---
 pkg/webui/ui/src/project-summaries.ts          | 18 +++++++++++++-----
 8 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/pkg/webui/ui/src/components/Jdenticon.tsx b/pkg/webui/ui/src/components/Jdenticon.tsx
index 852b939bc..811dcee47 100644
--- a/pkg/webui/ui/src/components/Jdenticon.tsx
+++ b/pkg/webui/ui/src/components/Jdenticon.tsx
@@ -10,7 +10,7 @@ export const Jdenticon = (props: { value: string, size: string, disabled?: boole
         }
         const sat = props.disabled ? 0.0 : 1.0
         jdenticon.update(icon.current, props.value, {saturation: {color: sat}});
-    }, [props.value, props.size, props.disabled, icon.current])
+    }, [props.value, props.size, props.disabled, icon])
 
     return <Box display={"flex"} alignItems={"center"}>
         <SvgIcon ref={icon} height={props.size} width={props.size}/>
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
index afcd41920..f2d9f4fe5 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeData.tsx
@@ -1,4 +1,4 @@
-import { ChangedObject, CommandResult, DeploymentError, ObjectRef, ResultObject } from "../../../models";
+import { ChangedObject, CommandResult, DeploymentError, ObjectRef } from "../../../models";
 import React from "react";
 import { Box, Divider, Typography } from "@mui/material";
 import { ChangesTable } from "../ChangesTable";
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index d6f1fe91a..246d4630e 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,4 +1,4 @@
-import { DriftDetectionResult, ValidateResult } from "../../models";
+import { ValidateResult } from "../../models";
 import { Alert, Box, Typography } from "@mui/material";
 import React, { useState } from "react";
 import { TargetIcon } from "../../icons/Icons";
@@ -172,7 +172,7 @@ class TargetItemCardProvider implements CardTabsProvider {
             })
         }
 
-        const dr: DriftDetectionResult | undefined = this.ts.kd?.deployment.status.lastDriftDetectionResult
+        const dr = this.ts.lastDriftDetectionResult
         if (dr?.warnings?.length) {
             tabs.push({
                 label: "Drift Warning",
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index a3e23ec28..89e6ac6b3 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -1,5 +1,5 @@
 import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
-import { CommandResultSummary, DriftDetectionResult } from "../../models";
+import { CommandResultSummary } from "../../models";
 import { useAppContext } from "../App";
 import React, { useCallback, useMemo } from "react";
 import { Box, Dialog, Typography } from "@mui/material";
@@ -14,8 +14,6 @@ import { CommandResultStatusLine, DriftDetectionResultStatusLine } from "../comm
 import { Since } from "../Since";
 import { ScrollingTextLine } from "../ScrollingTextLine";
 import { ClusterIcon } from "../target-view/ClusterIcon";
-import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
-import Divider from "@mui/material/Divider";
 import { TargetCard } from "../target-cards-view/TargetCard";
 import { CommandResultCard } from "../command-result/CommandResultCard";
 import { ManualApproveButton } from "../target-view/ManualApproveButton";
@@ -33,23 +31,17 @@ export const TargetsListView = (props: TargetsListViewProps) => {
     const appContext = useAppContext();
     const projects = appContext.projects;
 
-    const selectedTargetKey = useMemo(() => {
-        if (!props.selectedProject || !props.selectedTarget) {
-            return undefined
-        }
-        return buildTargetKey(props.selectedProject.project, props.selectedTarget.target, props.selectedTarget.kdInfo)
-    }, [props.selectedProject, props.selectedTarget])
-
     interface Row {
         id: string,
         ps: ProjectSummary
         ts: TargetSummary
     }
 
+    const onSelect = props.onSelect
     const doSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => {
         console.log("select", ps, ts, showResults, rs)
-        props.onSelect(ps, ts, showResults, rs)
-    }, [])
+        onSelect(ps, ts, showResults, rs)
+    }, [onSelect])
 
     const doSelectTarget = (row: Row) => {
         doSelect(row.ps, row.ts, false)
@@ -222,7 +214,7 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                 if (!rp.row.ts.commandResults.length) {
                     return <></>
                 }
-                const dr: DriftDetectionResult | undefined = rp.row.ts.kd?.deployment.status.lastDriftDetectionResult
+                const dr = rp.row.ts.lastDriftDetectionResult
                 return <Box display={"flex"}
                             width={"100%"}
                             onDoubleClick={() => doSelectTarget(rp.row)}>
diff --git a/pkg/webui/ui/src/components/target-view/ClusterIcon.tsx b/pkg/webui/ui/src/components/target-view/ClusterIcon.tsx
index 6b1cb5ea1..af928a255 100644
--- a/pkg/webui/ui/src/components/target-view/ClusterIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/ClusterIcon.tsx
@@ -31,7 +31,7 @@ export const ClusterIcon = (props: {ts: TargetSummary}) => {
         const children: React.ReactNode[] = []
         children.push(<Typography key={children.length} variant="subtitle2"><b>Cluster ID</b></Typography>)
         children.push(<Typography key={children.length} variant="subtitle2">{props.ts.target.clusterId}</Typography>)
-        children.push(<br/>)
+        children.push(<br key={children.length}/>)
 
         if (allContexts.length) {
             children.push(<Typography key={children.length} variant="subtitle2"><b>Contexts</b></Typography>)
diff --git a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
index 1a5856aef..c895e8de0 100644
--- a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
@@ -7,9 +7,10 @@ import React, { useMemo } from "react";
 
 export const TargetActionMenu = (props: {ts: TargetSummary}) => {
     const appCtx = useAppContext()
-    const kd = props.ts.kd
 
     const actionMenuItems = useMemo(() => {
+        const kd = props.ts.kd
+
         const actionMenuItems: ActionMenuItem[] = []
         if (!kd || !appCtx.user.isAdmin) {
             return actionMenuItems
@@ -55,7 +56,7 @@ export const TargetActionMenu = (props: {ts: TargetSummary}) => {
         }
 
         return actionMenuItems
-    }, [props.ts, appCtx.user])
+    }, [props.ts, appCtx.user, appCtx.api])
 
     return <ActionsMenu menuItems={actionMenuItems}/>
 }
\ No newline at end of file
diff --git a/pkg/webui/ui/src/components/target-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
index 808761362..097f3de8c 100644
--- a/pkg/webui/ui/src/components/target-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
@@ -25,7 +25,7 @@ export const TargetsView = () => {
             p += "?" + qs
         }
         navigate(p)
-    }, [])
+    }, [cardsView, navigate])
 
     const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary | undefined) => {
         let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
@@ -36,11 +36,11 @@ export const TargetsView = () => {
             }
         }
         doNavigate(p);
-    }, []);
+    }, [doNavigate]);
 
     const onCloseExpanded = useCallback(() => {
         doNavigate(`/targets/`);
-    }, []);
+    }, [doNavigate]);
 
     const targetsByKey = useMemo(() => {
         const m = new Map<string, {ps: ProjectSummary, ts: TargetSummary}>()
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 284a7d9a7..e1f4dbdac 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -1,4 +1,11 @@
-import { CommandResultSummary, KluctlDeploymentInfo, ProjectKey, TargetKey, ValidateResultSummary, } from "./models";
+import {
+    CommandResultSummary,
+    DriftDetectionResult,
+    KluctlDeploymentInfo,
+    ProjectKey,
+    TargetKey,
+    ValidateResultSummary,
+} from "./models";
 import _ from "lodash";
 import { KluctlDeploymentWithClusterId } from "./components/App";
 import { ActiveFilters, DoFilterSwitches, DoFilterText } from "./components/FilterBar";
@@ -9,6 +16,7 @@ export interface TargetSummary {
     kdInfo?: KluctlDeploymentInfo
     kd?: KluctlDeploymentWithClusterId;
     lastValidateResult?: ValidateResultSummary;
+    lastDriftDetectionResult?: DriftDetectionResult
     commandResults: CommandResultSummary[];
 }
 
@@ -60,9 +68,9 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     }
 
     const filterTargetByStatus = (ts: TargetSummary) => {
-        let hasErrors = !!ts.lastValidateResult?.errors
-        let hasWarnings = !!ts.lastValidateResult?.warnings
-        let hasChanges = false
+        let hasErrors = !!ts.lastValidateResult?.errors || !!ts.lastDriftDetectionResult?.errors?.length
+        let hasWarnings = !!ts.lastValidateResult?.warnings || !!ts.lastDriftDetectionResult?.warnings?.length
+        let hasChanges = !!ts.lastDriftDetectionResult?.objects?.length
 
         const conditions: any[] | undefined = ts.kd?.deployment.status?.conditions
         const readyCondition = conditions?.find(c => c.type === "Ready")
@@ -73,7 +81,6 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
         if (ts.commandResults.length) {
             hasErrors = hasErrors || !!ts.commandResults[0].errors?.length
             hasWarnings = hasWarnings || !!ts.commandResults[0].warnings?.length
-            hasChanges = hasChanges || !!ts.commandResults[0].changedObjects
         }
         return DoFilterSwitches(hasChanges, hasErrors, hasWarnings, filters)
     }
@@ -139,6 +146,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
 
         const target = getOrCreateTarget(kd.deployment.status.projectKey, kd.deployment.status.targetKey, kdInfo,true, true)
         target!.kd = kd
+        target!.lastDriftDetectionResult = kd.deployment.status?.lastDriftDetectionResult
     })
 
     sortedCommandResults.forEach(rs => {

From bfc865a30679291e5e03b7ad405737cf7b7c3280 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 21:53:26 +0200
Subject: [PATCH 1535/2268] feat: Implement switching to full results in list
 view

---
 .../command-result/CommandResultCard.tsx      |  7 ----
 .../target-list-view/TargetsListView.tsx      | 35 ++++++++++++++-----
 .../components/target-view/TargetsView.tsx    | 11 ++++--
 3 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index fd421c455..b41f539a9 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -13,7 +13,6 @@ import { CommandResultStatusLine } from "./CommandResultStatusLine";
 import { Loading, useLoadingHelper } from "../Loading";
 import { ErrorMessage } from "../ErrorMessage";
 import { CommandTypeIcon } from "../target-view/CommandTypeIcon";
-import { ManualApproveButton } from "../target-view/ManualApproveButton";
 
 export const CommandResultCard = React.memo(React.forwardRef((
     props: {
@@ -70,16 +69,10 @@ export const CommandResultCard = React.memo(React.forwardRef((
         }
     }
 
-    let approveButton: React.ReactElement | undefined
-    if (props.rs.id === props.ts.commandResults[0].id && props.rs.commandInfo.dryRun && props.rs.renderedObjectsHash) {
-        approveButton = <ManualApproveButton ts={props.ts} renderedObjectsHash={props.rs.renderedObjectsHash}/>
-    }
-
     const footer = <>
         <Box display='flex' gap='6px' alignItems='center' flex={"1 1 auto"}>
             <CommandResultStatusLine rs={props.rs} />
         </Box>
-        {approveButton}
         <Box display='flex' gap='6px' alignItems='center' height='39px'>
             <IconButton
                 onClick={e => {
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index 89e6ac6b3..b4dce66d6 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -2,7 +2,7 @@ import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-sum
 import { CommandResultSummary } from "../../models";
 import { useAppContext } from "../App";
 import React, { useCallback, useMemo } from "react";
-import { Box, Dialog, Typography } from "@mui/material";
+import { Box, Dialog, IconButton, Typography } from "@mui/material";
 import { DataGrid, GridColDef, gridStringOrNumberComparator } from '@mui/x-data-grid';
 import { getLastPathElement } from "../../utils/misc";
 import Tooltip from "@mui/material/Tooltip";
@@ -17,13 +17,15 @@ import { ClusterIcon } from "../target-view/ClusterIcon";
 import { TargetCard } from "../target-cards-view/TargetCard";
 import { CommandResultCard } from "../command-result/CommandResultCard";
 import { ManualApproveButton } from "../target-view/ManualApproveButton";
+import { TreeViewIcon } from "../../icons/Icons";
 
 
 export interface TargetsListViewProps {
     selectedProject?: ProjectSummary
     selectedTarget?: TargetSummary
     selectedResult?: CommandResultSummary
-    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => void
+    selectedResultFull?: boolean
+    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => void
     onCloseExpanded: () => void
 }
 
@@ -38,20 +40,20 @@ export const TargetsListView = (props: TargetsListViewProps) => {
     }
 
     const onSelect = props.onSelect
-    const doSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => {
+    const doSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => {
         console.log("select", ps, ts, showResults, rs)
-        onSelect(ps, ts, showResults, rs)
+        onSelect(ps, ts, showResults, rs, full)
     }, [onSelect])
 
     const doSelectTarget = (row: Row) => {
         doSelect(row.ps, row.ts, false)
     }
-    const doSelectCommandResult = (row: Row, index: number) => {
+    const doSelectCommandResult = (row: Row, index: number, full?: boolean) => {
         if (index >= (row.ts.commandResults.length || 0)) {
             return
         }
         const rs = row.ts.commandResults[index]
-        doSelect(row.ps, row.ts, true, rs)
+        doSelect(row.ps, row.ts, true, rs, full)
     }
 
     const columns: GridColDef<Row>[] = [
@@ -247,6 +249,21 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                     {/*<CommandTypeIcon ts={rp.row.ts} rs={rs} size={"24px"}/>*/}
                     {/*<Divider orientation={"vertical"} sx={{height: "inherit", marginX: "5px"}}/>*/}
                     <CommandResultStatusLine rs={rs}/>
+                    <Tooltip title={<Typography>Show full result tree</Typography>}>
+                    <IconButton
+                        onClick={e => {
+                            e.stopPropagation();
+                            doSelectCommandResult(rp.row, 0, true)
+                        }}
+                        sx={{
+                            padding: 0,
+                            width: 26,
+                            height: 26
+                        }}
+                    >
+                            <TreeViewIcon />
+                    </IconButton>
+                    </Tooltip>
                 </Box>
             }
         },
@@ -313,8 +330,8 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                 ps={props.selectedProject}
                 ts={props.selectedTarget}
                 rs={props.selectedResult}
-                onSwitchFullCommandResult={() => {}}
-                showSummary={true}
+                onSwitchFullCommandResult={() => doSelect(props.selectedProject!, props.selectedTarget!, true, props.selectedResult, !props.selectedResultFull)}
+                showSummary={!props.selectedResultFull}
                 expanded={true}
                 loadData={true}
                 onClose={() => props.onCloseExpanded()}
@@ -331,7 +348,7 @@ export const TargetsListView = (props: TargetsListViewProps) => {
     return <Box>
         <Dialog
             open={!!dialogCard}
-            maxWidth={"lg"}
+            maxWidth={"xl"}
             fullWidth={true}
             PaperProps={dialogPaperProps}
             onClose={() => props.onCloseExpanded()}
diff --git a/pkg/webui/ui/src/components/target-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
index 097f3de8c..745a8f612 100644
--- a/pkg/webui/ui/src/components/target-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
@@ -14,6 +14,7 @@ export const TargetsView = () => {
     const [searchParams] = useSearchParams()
 
     const cardsView = searchParams.get("cards") === "1"
+    const fullResult = searchParams.get("full") === "1"
 
     const doNavigate = useCallback((p: string, sp?: URLSearchParams) => {
         sp = new URLSearchParams(sp)
@@ -27,15 +28,20 @@ export const TargetsView = () => {
         navigate(p)
     }, [cardsView, navigate])
 
-    const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary | undefined) => {
+    const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => {
         let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
+        const sp = new URLSearchParams()
         if (showResults) {
             p += "/results"
             if (rs) {
                 p += "/" + rs.id
+                if (full) {
+                    console.log("full")
+                    sp.set("full", "1")
+                }
             }
         }
-        doNavigate(p);
+        doNavigate(p, sp);
     }, [doNavigate]);
 
     const onCloseExpanded = useCallback(() => {
@@ -79,6 +85,7 @@ export const TargetsView = () => {
         return <TargetsListView selectedProject={selected?.ps}
                                 selectedTarget={selected?.ts}
                                 selectedResult={selectedCommandResult}
+                                selectedResultFull={fullResult}
                                 onSelect={onSelect}
                                 onCloseExpanded={onCloseExpanded}
         />

From 8df975370c4c72bf0e8ec33df5d6675fd718b085 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 22:53:41 +0200
Subject: [PATCH 1536/2268] feat: Allow switch between target views via filter
 bar

---
 pkg/webui/ui/src/components/App.tsx                    |  2 ++
 pkg/webui/ui/src/components/FilterBar.tsx              | 10 +++++++++-
 .../ui/src/components/target-view/TargetsView.tsx      |  9 +++------
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 1afa251e3..8c10a4274 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -26,6 +26,7 @@ export interface AppContextProps {
     user: User
     authInfo: AuthInfo
     isStatic: boolean
+    filters?: ActiveFilters
     commandResultSummaries: Map<string, CommandResultSummary>
     projects: ProjectSummary[]
     validateResultSummaries: Map<string, ValidateResultSummary>
@@ -139,6 +140,7 @@ const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, isStatic
             user: props.user,
             authInfo: props.authInfo,
             isStatic: props.isStatic,
+            filters: filters,
             commandResultSummaries: commandResultSummaries,
             projects,
             validateResultSummaries: validateResultSummaries,
diff --git a/pkg/webui/ui/src/components/FilterBar.tsx b/pkg/webui/ui/src/components/FilterBar.tsx
index 93a8f7933..11055efd4 100644
--- a/pkg/webui/ui/src/components/FilterBar.tsx
+++ b/pkg/webui/ui/src/components/FilterBar.tsx
@@ -1,11 +1,12 @@
 import React, { useState } from "react";
 import { Box, Chip } from "@mui/material";
-import { AutoFixHigh, ErrorOutline, Grade } from "@mui/icons-material";
+import { AutoFixHigh, ErrorOutline, Grade, TableRows } from "@mui/icons-material";
 import { OverridableComponent } from "@mui/material/OverridableComponent";
 import Tooltip from "@mui/material/Tooltip";
 import { useTheme } from "@mui/material/styles";
 
 export interface ActiveFilters {
+    showTableView: boolean
     onlyImportant: boolean
     onlyChanged: boolean
     onlyWithErrorsOrWarnings: boolean
@@ -70,6 +71,7 @@ export const FilterBar = (props: { onFilterChange: (f: ActiveFilters) => void })
     const theme = useTheme();
 
     const [activeFilters, setActiveFilters] = useState<ActiveFilters>({
+        showTableView: false,
         onlyImportant: false,
         onlyChanged: false,
         onlyWithErrorsOrWarnings: false,
@@ -88,6 +90,12 @@ export const FilterBar = (props: { onFilterChange: (f: ActiveFilters) => void })
                 alignItems="center"
                 gap="5px"
             >
+                <FilterButton Icon={TableRows} tooltip={"Show table view"}
+                              color={"secondary"}
+                              active={activeFilters.showTableView}
+                              handler={(active: boolean) => {
+                                  doSetActiveFilters({ ...activeFilters, showTableView: active });
+                              }}/>
                 <FilterButton Icon={Grade} tooltip={"Only important (changed or with errors/warnings)"}
                               color={"secondary"}
                               active={activeFilters.onlyImportant}
diff --git a/pkg/webui/ui/src/components/target-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
index 745a8f612..d05bd7341 100644
--- a/pkg/webui/ui/src/components/target-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
@@ -13,20 +13,16 @@ export const TargetsView = () => {
     const projects = appContext.projects;
     const [searchParams] = useSearchParams()
 
-    const cardsView = searchParams.get("cards") === "1"
     const fullResult = searchParams.get("full") === "1"
 
     const doNavigate = useCallback((p: string, sp?: URLSearchParams) => {
         sp = new URLSearchParams(sp)
-        if (cardsView) {
-            sp.set("cards", "1")
-        }
         const qs = sp.toString()
         if (qs.length) {
             p += "?" + qs
         }
         navigate(p)
-    }, [cardsView, navigate])
+    }, [navigate])
 
     const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => {
         let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
@@ -73,11 +69,12 @@ export const TargetsView = () => {
         }
     }
 
-    if (cardsView) {
+    if (!appContext.filters?.showTableView) {
         return <TargetCardsView
             selectedProject={selected?.ps}
             selectedTarget={selected?.ts}
             selectedResult={selectedCommandResult}
+            selectedResultFull={fullResult}
             onSelect={onSelect}
             onCloseExpanded={onCloseExpanded}
         />

From 2330cc5fa8d3cdf2e25540239db132c0810438a1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 22:54:59 +0200
Subject: [PATCH 1537/2268] feat: Show drift in target card and implement
 approval in card view

---
 pkg/webui/ui/src/components/card/Card.tsx      |  1 -
 .../command-result/CommandResultCard.tsx       | 12 ------------
 .../target-cards-view/ProjectCard.tsx          | 10 ++++++----
 .../components/target-cards-view/Relations.tsx |  2 +-
 .../target-cards-view/TargetCard.tsx           | 13 ++++++++-----
 .../target-cards-view/TargetCardsView.tsx      | 18 +++++++++++-------
 .../target-list-view/TargetsListView.tsx       |  2 --
 .../components/target-view/CommandTypeIcon.tsx | 12 +++---------
 .../target-view/ManualApproveButton.tsx        | 10 ++++++++--
 pkg/webui/ui/src/icons/Icons.tsx               |  7 +++++++
 10 files changed, 44 insertions(+), 43 deletions(-)

diff --git a/pkg/webui/ui/src/components/card/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
index bbf4f0b6e..28a24d040 100644
--- a/pkg/webui/ui/src/components/card/Card.tsx
+++ b/pkg/webui/ui/src/components/card/Card.tsx
@@ -5,7 +5,6 @@ import { CardTabs, CardTabsProvider, useCardTabs } from "./CardTabs";
 import { ScrollingTextLine } from "../ScrollingTextLine";
 
 export const cardWidth = 247;
-export const projectCardMinHeight = 80;
 export const cardHeight = 126;
 export const cardGap = 20;
 
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
index b41f539a9..08521d83d 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultCard.tsx
@@ -37,18 +37,7 @@ export const CommandResultCard = React.memo(React.forwardRef((
         return await appCtx.api.getCommandResult(props.rs.id)
     }, [props.rs.id, props.loadData])
 
-    let cardGlow = false
     let header = props.rs.commandInfo?.command
-    if (props.rs.commandInfo.command === "deploy") {
-        if (props.rs.commandInfo.dryRun) {
-            if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
-                cardGlow = true
-                header = "manual deploy"
-            } else {
-                header = "dry-run deploy"
-            }
-        }
-    }
 
     let body: React.ReactElement | undefined
     if (props.expanded && props.loadData) {
@@ -100,7 +89,6 @@ export const CommandResultCard = React.memo(React.forwardRef((
             sx: {
                 padding: '20px 16px 5px 16px',
             },
-            glow: cardGlow,
         }}
         icon={<CommandTypeIcon ts={props.ts} rs={props.rs}/>}
         header={header}
diff --git a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
index 897b240e0..34af5f442 100644
--- a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
@@ -3,7 +3,9 @@ import { Box } from "@mui/material";
 import React from "react";
 import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
-import { CardTemplate, cardWidth, projectCardMinHeight } from "../card/Card";
+import { cardHeight, CardTemplate } from "../card/Card";
+
+const projectCardWidth = 300
 
 export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
     const name = getLastPathElement(props.ps.project.gitRepoKey)
@@ -20,9 +22,9 @@ export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
         paperProps={{
             sx: {
                 padding: '20px 16px',
-                width: cardWidth,
-                height: 'auto',
-                minHeight: projectCardMinHeight
+                width: projectCardWidth,
+                height: cardHeight,
+                minHeight: cardHeight
             }
         }}
         boxProps={{
diff --git a/pkg/webui/ui/src/components/target-cards-view/Relations.tsx b/pkg/webui/ui/src/components/target-cards-view/Relations.tsx
index df140b110..abc05ce86 100644
--- a/pkg/webui/ui/src/components/target-cards-view/Relations.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/Relations.tsx
@@ -63,7 +63,7 @@ export const RelationHorizontalLine = React.memo(() => {
 export const RelationTree = React.memo(({ targetCount }: { targetCount: number }): JSX.Element | null => {
     const theme = useTheme();
     const height = targetCount * cardHeight + (targetCount - 1) * cardGap
-    const width = 152;
+    const width = 100;
 
     if (targetCount <= 0) {
         return null;
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 246d4630e..36b9880e6 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -17,13 +17,13 @@ import { gitRefToString } from "../../utils/git";
 import { AppContextProps, useAppContext } from "../App";
 import { ReconcilingIcon } from "../target-view/ReconcilingIcon";
 import { StatusIcon } from "../target-view/StatusIcon";
-import { TargetTypeIcon } from "../target-view/TargetTypeIcon";
 import { TargetActionMenu } from "../target-view/TargetActionMenu";
 import { ClusterIcon } from "../target-view/ClusterIcon";
-import { DiscriminatorIcon } from "../target-view/DiscriminatorIcon";
 import Tooltip from "@mui/material/Tooltip";
 import { ChangesTable } from "../command-result/ChangesTable";
 import { DiffStatus } from "../command-result/nodes/NodeData";
+import { DriftDetectionResultStatusLine } from "../command-result/CommandResultStatusLine";
+import { ManualApproveButton } from "../target-view/ManualApproveButton";
 
 export const TargetItemBody = React.memo((props: {
     ts: TargetSummary
@@ -114,6 +114,8 @@ export const TargetCard = React.memo(React.forwardRef((
 
     const body = props.expanded ? <TargetItemBody ts={props.ts}/> : undefined;
 
+    const dr = props.ts.lastDriftDetectionResult
+
     return <CardTemplate
         ref={ref}
         showCloseButton={props.expanded}
@@ -122,6 +124,7 @@ export const TargetCard = React.memo(React.forwardRef((
             sx: {
                 padding: '20px 16px 12px 16px',
             },
+            glow: !!dr?.objects?.length,
             onClick: e => props.onSelectTarget?.()
         }}
         icon={icon}
@@ -131,11 +134,11 @@ export const TargetCard = React.memo(React.forwardRef((
         footer={
             <>
                 <Box display='flex' gap='6px' alignItems='center'>
-                    <ClusterIcon ts={props.ts}/>
-                    <DiscriminatorIcon ts={props.ts}/>
-                    <TargetTypeIcon ts={props.ts}/>
+                    <DriftDetectionResultStatusLine dr={dr}/>
                 </Box>
                 <Box display='flex' gap='6px' alignItems='center'>
+                    {dr && <ManualApproveButton ts={props.ts} renderedObjectsHash={dr.renderedObjectsHash!}/>}
+                    <ClusterIcon ts={props.ts}/>
                     <ReconcilingIcon {...props} />
                     <StatusIcon {...props} />
                     <TargetActionMenu ts={props.ts}/>
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index 367c980f3..a90cbb90e 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -5,7 +5,7 @@ import { useAppContext } from "../App";
 import { ProjectCard } from "./ProjectCard";
 import { TargetCard } from "./TargetCard";
 import Divider from "@mui/material/Divider";
-import { CardCol, cardGap, cardHeight, CardPaper, CardRow, cardWidth } from "../card/Card";
+import { CardCol, cardGap, cardHeight, CardPaper, CardRow } from "../card/Card";
 import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
 import { buildListKey } from "../../utils/listKey";
 import { ExpandableCard } from "../card/ExpandableCard";
@@ -13,6 +13,8 @@ import { CommandResultCard } from "../command-result/CommandResultCard";
 import { RelationHorizontalLine, RelationTree } from "./Relations";
 
 const colWidth = 416;
+const targetCardWidth = 300
+const commandResultCardWidth = 247
 
 function ColHeader({ children }: { children: React.ReactNode }) {
     return <Box
@@ -38,7 +40,8 @@ export interface TargetCardsViewProps {
     selectedProject?: ProjectSummary
     selectedTarget?: TargetSummary
     selectedResult?: CommandResultSummary
-    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary) => void
+    selectedResultFull?: boolean
+    onSelect: (ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => void
     onCloseExpanded: () => void
 }
 
@@ -81,7 +84,7 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                             const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
                             return <Box key={key} display='flex'>
                                 <ExpandableCard
-                                    cardWidth={cardWidth}
+                                    cardWidth={targetCardWidth}
                                     cardHeight={cardHeight}
                                     expand={!props.selectedResult && selectedTargetKey === key}
                                     onExpand={() => props.onSelect(ps, ts, false)}
@@ -115,7 +118,7 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                                 {ts.commandResults?.slice(0, 4).map((rs, i) => {
                                     return i === 0 ? <ExpandableCard
                                             key={rs.id}
-                                            cardWidth={cardWidth}
+                                            cardWidth={commandResultCardWidth}
                                             cardHeight={cardHeight}
                                             expand={selectedTargetKey === tsKey && !!props.selectedResult}
                                             onExpand={() => {
@@ -136,22 +139,23 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                                                     ps={ps}
                                                     ts={ts}
                                                     rs={cardData}
-                                                    showSummary={true}
+                                                    showSummary={!props.selectedResultFull}
                                                     expanded={expanded}
                                                     loadData={expanded && current}
                                                     onClose={() => {
                                                         props.onCloseExpanded()
                                                     }}
                                                     onSwitchFullCommandResult={() => {
+                                                        props.onSelect(ps, ts, true, cardData, !props.selectedResultFull)
                                                     }}
                                                 />
                                             }}/>
                                         : <CardPaper
                                             key={rs.id}
                                             sx={{
-                                                width: cardWidth,
+                                                width: commandResultCardWidth,
                                                 height: cardHeight,
-                                                translate: `${-i * (cardWidth + cardGap / 2)}px`,
+                                                translate: `${-i * (commandResultCardWidth + cardGap / 2)}px`,
                                                 zIndex: -i,
                                             }}
                                         />
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index b4dce66d6..aa66de093 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -246,8 +246,6 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                 return <Box display={"flex"}
                             width={"100%"}
                             onDoubleClick={() => doSelectCommandResult(rp.row, 0)}>
-                    {/*<CommandTypeIcon ts={rp.row.ts} rs={rs} size={"24px"}/>*/}
-                    {/*<Divider orientation={"vertical"} sx={{height: "inherit", marginX: "5px"}}/>*/}
                     <CommandResultStatusLine rs={rs}/>
                     <Tooltip title={<Typography>Show full result tree</Typography>}>
                     <IconButton
diff --git a/pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx b/pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx
index da44eefc5..df04183d4 100644
--- a/pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/CommandTypeIcon.tsx
@@ -1,7 +1,6 @@
 import { CommandResultSummary } from "../../models";
 import React from "react";
-import { DeployIcon, DiffIcon, PruneIcon } from "../../icons/Icons";
-import { LiveHelp } from "@mui/icons-material";
+import { DeployIcon, DiffIcon, DryRunDeployIcon, PruneIcon } from "../../icons/Icons";
 import { TargetSummary } from "../../project-summaries";
 import Tooltip from "@mui/material/Tooltip";
 import { Box, Typography } from "@mui/material";
@@ -19,13 +18,8 @@ export const CommandTypeIcon = (props: {ts: TargetSummary, rs: CommandResultSumm
             break
         case "deploy":
             if (props.rs.commandInfo.dryRun) {
-                if (props.ts.kd?.deployment.spec.manual && !props.ts.kd?.deployment.spec.dryRun) {
-                    icon = <LiveHelp sx={{ width: size, height: size }}/>
-                    tooltip = "manual deploy"
-                } else {
-                    icon = <DeployIcon size={size}/>
-                    tooltip = "dry-run deploy"
-                }
+                icon = <DryRunDeployIcon size={size}/>
+                tooltip = "dry-run deploy"
             } else {
                 icon = <DeployIcon size={size}/>
             }
diff --git a/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
index 155c306e1..7ceba45b9 100644
--- a/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
+++ b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
@@ -24,11 +24,15 @@ export const ManualApproveButton = (props: {ts: TargetSummary, renderedObjectsHa
         return <></>
     }
 
+    const hasDrift = !!props.ts.lastDriftDetectionResult?.objects?.length
     const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.renderedObjectsHash
 
     let icon: React.ReactElement
     let tooltip: string
-    if (!isApproved) {
+    if (!hasDrift) {
+        tooltip = "No drift, so there is nothing to be manually deployed!"
+        icon = <RocketLaunch color={"disabled"}/>
+    } else if (!isApproved) {
         tooltip = "Click here to trigger this manual deployment."
         icon = <RocketLaunch color={"info"}/>
     } else {
@@ -39,7 +43,9 @@ export const ManualApproveButton = (props: {ts: TargetSummary, renderedObjectsHa
         <IconButton
             onClick={e => {
                 e.stopPropagation();
-                handleApprove(!isApproved)
+                if (hasDrift) {
+                    handleApprove(!isApproved)
+                }
             }}
             sx={{
                 padding: 0,
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index c384a2784..890228388 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -37,6 +37,8 @@ import { ReactComponent as FileIconSvg } from './file.svg';
 import { ReactComponent as ResultIconSvg } from './result.svg';
 import { ReactComponent as IncludeIconSvg } from './include.svg';
 import { ReactComponent as LogoutIconSvg } from './logout.svg';
+import ToysIcon from '@mui/icons-material/Toys';
+import React from "react";
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -74,6 +76,11 @@ export const DeployIcon = (props: {size?: string}) => {
     return <DeployIconSvg width={size} height={size} />
 }
 
+export const DryRunDeployIcon = (props: {size?: string}) => {
+    const size = props.size || "45px"
+    return <ToysIcon sx={{width: size, height: size}} />
+}
+
 export const PruneIcon = (props: {size?: string}) => {
     const size = props.size || "45px"
     return <PruneIconSvg width={size} height={size} />

From 9c952c68dbfe121ed41ce34dd307191cb76be4d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 23:11:39 +0200
Subject: [PATCH 1538/2268] fix: Rename changed to drifted in filter bar

---
 pkg/webui/ui/src/components/App.tsx            |  2 +-
 pkg/webui/ui/src/components/FilterBar.tsx      | 18 +++++++++---------
 .../command-result/CommandResultTree.tsx       |  5 -----
 pkg/webui/ui/src/project-summaries.ts          |  4 ++--
 4 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index 8c10a4274..ce09c176f 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -148,7 +148,7 @@ const LoggedInApp = (props: { api: Api, user: User, authInfo: AuthInfo, isStatic
         }
     }, [
         props.api, props.user, props.authInfo, props.isStatic,
-        commandResultSummaries, projects, validateResultSummaries, shortNames,
+        filters, commandResultSummaries, projects, validateResultSummaries, shortNames,
     ])
 
     if (loading) {
diff --git a/pkg/webui/ui/src/components/FilterBar.tsx b/pkg/webui/ui/src/components/FilterBar.tsx
index 11055efd4..edf2c5173 100644
--- a/pkg/webui/ui/src/components/FilterBar.tsx
+++ b/pkg/webui/ui/src/components/FilterBar.tsx
@@ -8,17 +8,17 @@ import { useTheme } from "@mui/material/styles";
 export interface ActiveFilters {
     showTableView: boolean
     onlyImportant: boolean
-    onlyChanged: boolean
+    onlyDrifted: boolean
     onlyWithErrorsOrWarnings: boolean
     filterStr: string
 }
 
-export function DoFilterSwitches(hasChanges: boolean, hasErrors: boolean, hasWarnings: boolean, activeFilters?: ActiveFilters) {
+export function DoFilterSwitches(hasDrift: boolean, hasErrors: boolean, hasWarnings: boolean, activeFilters?: ActiveFilters) {
     const hasErrorsOrWarnings = hasErrors || hasWarnings
-    if (activeFilters?.onlyImportant && !hasChanges && !hasErrorsOrWarnings) {
+    if (activeFilters?.onlyImportant && !hasDrift && !hasErrorsOrWarnings) {
         return false
     }
-    if (activeFilters?.onlyChanged && !hasChanges) {
+    if (activeFilters?.onlyDrifted && !hasDrift) {
         return false
     }
     if (activeFilters?.onlyWithErrorsOrWarnings && !hasErrorsOrWarnings) {
@@ -73,7 +73,7 @@ export const FilterBar = (props: { onFilterChange: (f: ActiveFilters) => void })
     const [activeFilters, setActiveFilters] = useState<ActiveFilters>({
         showTableView: false,
         onlyImportant: false,
-        onlyChanged: false,
+        onlyDrifted: false,
         onlyWithErrorsOrWarnings: false,
         filterStr: "",
     })
@@ -96,16 +96,16 @@ export const FilterBar = (props: { onFilterChange: (f: ActiveFilters) => void })
                               handler={(active: boolean) => {
                                   doSetActiveFilters({ ...activeFilters, showTableView: active });
                               }}/>
-                <FilterButton Icon={Grade} tooltip={"Only important (changed or with errors/warnings)"}
+                <FilterButton Icon={Grade} tooltip={"Only important (drifted or with errors/warnings)"}
                               color={"secondary"}
                               active={activeFilters.onlyImportant}
                               handler={(active: boolean) => {
                                   doSetActiveFilters({ ...activeFilters, onlyImportant: active });
                               }}/>
-                <FilterButton Icon={AutoFixHigh} tooltip={"Only with changed"} color={"secondary"}
-                              active={activeFilters.onlyChanged}
+                <FilterButton Icon={AutoFixHigh} tooltip={"Only with drift"} color={"secondary"}
+                              active={activeFilters.onlyDrifted}
                               handler={(active: boolean) => {
-                                  doSetActiveFilters({ ...activeFilters, onlyChanged: active });
+                                  doSetActiveFilters({ ...activeFilters, onlyDrifted: active });
                               }}/>
                 <FilterButton Icon={ErrorOutline} tooltip={"Only with errors or warnings"} color={"error"}
                               active={activeFilters.onlyWithErrorsOrWarnings}
diff --git a/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
index 5fb0e0f7d..54358d2d0 100644
--- a/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
+++ b/pkg/webui/ui/src/components/command-result/CommandResultTree.tsx
@@ -3,7 +3,6 @@ import { useState } from 'react';
 import TreeView from '@mui/lab/TreeView';
 import { TreeItem } from "@mui/lab";
 import { NodeData } from "./nodes/NodeData";
-import { ActiveFilters, DoFilterSwitches } from "../FilterBar";
 import { Box, Divider, useTheme } from '@mui/material';
 import { TriangleDownIcon, TriangleRightIcon } from '../../icons/Icons';
 import { CommandResultNodeData } from "./nodes/CommandResultNode";
@@ -13,7 +12,6 @@ export interface CommandResultTreeProps {
     rootNode: CommandResultNodeData
 
     onSelectNode: (node?: NodeData) => void
-    activeFilters?: ActiveFilters
 }
 
 const CommandResultTree = (props: CommandResultTreeProps) => {
@@ -40,9 +38,6 @@ const CommandResultTree = (props: CommandResultTreeProps) => {
     }
 
     const renderTree = (nodes: NodeData) => {
-        if (!DoFilterSwitches(!!nodes.diffStatus?.hasDiffs(), !!nodes.healthStatus?.errors.length, !!nodes.healthStatus?.warnings.length, props.activeFilters)) {
-            return null
-        }
         return <TreeItem
             key={nodes.id}
             nodeId={nodes.id}
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index e1f4dbdac..5b7278055 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -70,7 +70,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     const filterTargetByStatus = (ts: TargetSummary) => {
         let hasErrors = !!ts.lastValidateResult?.errors || !!ts.lastDriftDetectionResult?.errors?.length
         let hasWarnings = !!ts.lastValidateResult?.warnings || !!ts.lastDriftDetectionResult?.warnings?.length
-        let hasChanges = !!ts.lastDriftDetectionResult?.objects?.length
+        let hasDrifted = !!ts.lastDriftDetectionResult?.objects?.length
 
         const conditions: any[] | undefined = ts.kd?.deployment.status?.conditions
         const readyCondition = conditions?.find(c => c.type === "Ready")
@@ -82,7 +82,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
             hasErrors = hasErrors || !!ts.commandResults[0].errors?.length
             hasWarnings = hasWarnings || !!ts.commandResults[0].warnings?.length
         }
-        return DoFilterSwitches(hasChanges, hasErrors, hasWarnings, filters)
+        return DoFilterSwitches(hasDrifted, hasErrors, hasWarnings, filters)
     }
 
     const sortedCommandResults = Array.from(commandResultSummaries.values())

From 3d8387d2f21fb13582660378bed4597c249a6730 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 23:12:00 +0200
Subject: [PATCH 1539/2268] feat: Show dedicated icon for CLI initiated deploys

---
 .../ui/src/components/target-cards-view/TargetCard.tsx    | 8 ++++++--
 pkg/webui/ui/src/icons/Icons.tsx                          | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
index 36b9880e6..ce2db50f7 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCard.tsx
@@ -1,7 +1,7 @@
 import { ValidateResult } from "../../models";
 import { Alert, Box, Typography } from "@mui/material";
 import React, { useState } from "react";
-import { TargetIcon } from "../../icons/Icons";
+import { CLITargetIcon, TargetIcon } from "../../icons/Icons";
 import { ProjectSummary, TargetSummary } from "../../project-summaries";
 import { CardBody, CardTemplate } from "../card/Card";
 import { CardTab, CardTabsProvider } from "../card/CardTabs";
@@ -84,8 +84,12 @@ export const TargetCard = React.memo(React.forwardRef((
     })
 
     let header = "<command-line>"
+    let targetIcon: React.ReactElement
     if (kd) {
         header = kd.deployment.metadata.name
+        targetIcon = <TargetIcon/>
+    } else {
+        targetIcon = <CLITargetIcon/>
     }
 
     let subheader = "<no-name>"
@@ -108,7 +112,7 @@ export const TargetCard = React.memo(React.forwardRef((
     const iconTooltip = <Box textAlign={"center"}>{iconTooltipChildren}</Box>
     const icon = <Tooltip title={iconTooltip}>
         <Box>
-            <TargetIcon/>
+            {targetIcon}
         </Box>
     </Tooltip>
 
diff --git a/pkg/webui/ui/src/icons/Icons.tsx b/pkg/webui/ui/src/icons/Icons.tsx
index 890228388..7f4733c70 100644
--- a/pkg/webui/ui/src/icons/Icons.tsx
+++ b/pkg/webui/ui/src/icons/Icons.tsx
@@ -39,6 +39,7 @@ import { ReactComponent as IncludeIconSvg } from './include.svg';
 import { ReactComponent as LogoutIconSvg } from './logout.svg';
 import ToysIcon from '@mui/icons-material/Toys';
 import React from "react";
+import { Keyboard } from "@mui/icons-material";
 
 export const KluctlText = () => {
     return <KluctlTextSvg width="115px" height="33px" />
@@ -63,6 +64,10 @@ export const TargetsIcon = () => {
 export const TargetIcon = () => {
     return <TargetIconSvg width="45px" height="45px" />
 }
+export const CLITargetIcon = () => {
+    const size = "45px"
+    return <Keyboard sx={{width: size, height: size}}/>
+}
 export const RelationHLine = () => {
     return <RelationHLineSvg width="169px" height="12px" />
 }

From 8571bff116cb974e76c985ccb6cd26c3e475a96b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Sep 2023 23:25:20 +0200
Subject: [PATCH 1540/2268] chore: Run make api-docs

---
 docs/gitops/api/kluctl-controller.md | 35 ++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index ef67bb47a..27b9fedf8 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1295,6 +1295,17 @@ string
 </tr>
 <tr>
 <td>
+<code>lastDriftDetectionError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastDeployResult</code><br>
 <em>
 k8s.io/apimachinery/pkg/runtime.RawExtension
@@ -1317,6 +1328,30 @@ k8s.io/apimachinery/pkg/runtime.RawExtension
 <p>LastValidateResult is the result summary of the last validate command</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>lastDriftDetectionResult</code><br>
+<em>
+k8s.io/apimachinery/pkg/runtime.RawExtension
+</em>
+</td>
+<td>
+<p>LastDriftDetectionResult is the result of the last drift detection command
+optional</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>lastDriftDetectionResultMessage</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>LastDriftDetectionResultMessage contains a short message that describes the drift
+optional</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>

From 4ec8af52be581c75a009314b52d566ea42c24bba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Sep 2023 08:50:16 +0200
Subject: [PATCH 1541/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#758)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.37 to 1.18.38.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.37...config/v1.18.38)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index fcb4de71f..dfb05fdc4 100644
--- a/go.mod
+++ b/go.mod
@@ -55,8 +55,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.37
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.35
+	github.com/aws/aws-sdk-go-v2/config v1.18.38
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.36
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
 	github.com/aws/smithy-go v1.14.2
@@ -111,7 +111,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 770b53feb..2efe51305 100644
--- a/go.sum
+++ b/go.sum
@@ -105,10 +105,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.37 h1:RNAfbPqw1CstCooHaTPhScz7z1PyocQj0UL+l95CgzI=
-github.com/aws/aws-sdk-go-v2/config v1.18.37/go.mod h1:8AnEFxW9/XGKCbjYDCJy7iltVNyEI9Iu9qC21UzhhgQ=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.35 h1:QpsNitYJu0GgvMBLUIYu9H4yryA5kMksjeIVQfgXrt8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.35/go.mod h1:o7rCaLtvK0hUggAGclf76mNGGkaG5a9KWlp+d9IpcV8=
+github.com/aws/aws-sdk-go-v2/config v1.18.38 h1:CByQCELMgm2tM1lAehx3XNg0R/pfeXsYzqn0Aq2chJQ=
+github.com/aws/aws-sdk-go-v2/config v1.18.38/go.mod h1:vNm9Hf5VgG2fSUWhT3zFrqN/RosGcabFMYgiSoxKFU8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.36 h1:ps0cPswZjpsOk6sLwG6fdXTzrYjCplgPEyG3OUbbdqE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.36/go.mod h1:sY2phUzxbygoyDtTXhqi7GjGjCQ1S5a5Rj8u3ksBxCg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
@@ -123,8 +123,8 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8Zu
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 h1:oCvTFSDi67AX0pOX3PuPdGFewvLRU2zzFSrTsgURNo0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.5/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd10wi1VfHG5FrW0/g=
+github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 h1:dnInJb4S0oy8aQuri1mV6ipLlnZPfnsDNB9BGO9PDNY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=

From af3d6abe5684c454db20ca1f0e99cb127f68a1d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Sep 2023 08:50:40 +0200
Subject: [PATCH 1542/2268] chore(deps): Bump golang.org/x/sys from 0.11.0 to
 0.12.0 (#761)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/sys/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index dfb05fdc4..2a615afca 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,7 @@ require (
 	golang.org/x/crypto v0.12.0
 	golang.org/x/net v0.14.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.11.0
+	golang.org/x/sys v0.12.0
 	golang.org/x/term v0.11.0 // indirect
 	golang.org/x/text v0.12.0
 	helm.sh/helm/v3 v3.12.3
diff --git a/go.sum b/go.sum
index 2efe51305..68df07294 100644
--- a/go.sum
+++ b/go.sum
@@ -962,8 +962,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From ce760a071b0ff6db78ba19d522ee02f965c6aa98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Sep 2023 08:50:59 +0200
Subject: [PATCH 1543/2268] chore(deps): Bump actions/checkout from 3 to 4
 (#760)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml       | 2 +-
 .github/workflows/preview-proxy.yml | 2 +-
 .github/workflows/preview-run.yml   | 2 +-
 .github/workflows/release.yml       | 2 +-
 .github/workflows/tests.yml         | 6 +++---
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 5786074f5..2e63b91f5 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Fetch all tags
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 905e28acc..61314ff89 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -28,7 +28,7 @@ jobs:
           message: |
             # 🤖 Preview Environment
             The preview environment is starting up and will be available soon.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # Warning, do not try to checkout the base branch here as it would introduce enormous security risks!
           # Also don't introduce a cache in this workflow!
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 6ac3099cc..97a7b42f4 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 56a929fcc..fb2aedbb7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Fetch all tags
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 4507b42e6..76565bbd5 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-go@v4
@@ -86,7 +86,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-node@v3
         with:
           node-version: 20
@@ -111,7 +111,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-go@v4
         with:
           go-version: '1.19'

From f0aaab3c4c82f9a05ca8a9edc8f12d4e97b2d377 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Sep 2023 08:52:25 +0200
Subject: [PATCH 1544/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#754)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.1 to 10.15.3.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.15.1...v10.15.3)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2a615afca..42dea6da4 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.23.1
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.15.1
+	github.com/go-playground/validator/v10 v10.15.3
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.16.1
diff --git a/go.sum b/go.sum
index 68df07294..3c74e183e 100644
--- a/go.sum
+++ b/go.sum
@@ -302,8 +302,8 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM=
-github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.3 h1:S+sSpunYjNPDuXkWbK+x+bA7iXiW296KG4dL3X7xUZo=
+github.com/go-playground/validator/v10 v10.15.3/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From 36bf6c5114067207ce6ca29eb2eae8f3ec4bdec4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Sep 2023 09:24:24 +0200
Subject: [PATCH 1545/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.15.1 to 0.16.1 (#757)

* chore(deps): Bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.1

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.1 to 0.16.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.1...v0.16.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Fix compilation after controller-runtime upgrade

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 cmd/kluctl/commands/cmd_controller_run.go | 8 +++++---
 go.mod                                    | 3 ++-
 go.sum                                    | 6 ++++--
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index a6c948b59..47f15d9f6 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -25,6 +25,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
 
 var (
@@ -90,9 +91,10 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
-		Scheme:                 cmd.scheme,
-		MetricsBindAddress:     cmd.MetricsBindAddress,
-		Port:                   9443,
+		Scheme: cmd.scheme,
+		Metrics: metricsserver.Options{
+			BindAddress: cmd.MetricsBindAddress,
+		},
 		HealthProbeBindAddress: cmd.HealthProbeBindAddress,
 		LeaderElection:         cmd.LeaderElect,
 		LeaderElectionID:       "5ab5d0f9.kluctl.io",
diff --git a/go.mod b/go.mod
index 42dea6da4..fc8b44e5b 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	golang.org/x/oauth2 v0.11.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.15.1
+	sigs.k8s.io/controller-runtime v0.16.1
 	sigs.k8s.io/kustomize/api v0.14.0
 	sigs.k8s.io/yaml v1.3.0
 )
@@ -251,6 +251,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
+	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
diff --git a/go.sum b/go.sum
index 3c74e183e..6982b0387 100644
--- a/go.sum
+++ b/go.sum
@@ -808,6 +808,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1224,8 +1226,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUTb/+4c=
-sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
+sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0=
+sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.14.0 h1:6+QLmXXA8X4eDM7ejeaNUyruA1DDB3PVIjbpVhDOJRA=

From 4dc1be454f8386d8fbb14292f65b6f13a9c65d65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 12:05:38 +0200
Subject: [PATCH 1546/2268] chore: Remove unnessary logs

---
 pkg/webui/ui/src/components/App.tsx   | 2 --
 pkg/webui/ui/src/components/Login.tsx | 1 -
 2 files changed, 3 deletions(-)

diff --git a/pkg/webui/ui/src/components/App.tsx b/pkg/webui/ui/src/components/App.tsx
index ce09c176f..0bc78910d 100644
--- a/pkg/webui/ui/src/components/App.tsx
+++ b/pkg/webui/ui/src/components/App.tsx
@@ -240,8 +240,6 @@ const App = () => {
         doGetUser()
     }, [user, api])
 
-    console.log(api, authInfo)
-
     if (!api || !authInfo) {
         return <Loading />
     }
diff --git a/pkg/webui/ui/src/components/Login.tsx b/pkg/webui/ui/src/components/Login.tsx
index 77cad329f..96ea10ea1 100644
--- a/pkg/webui/ui/src/components/Login.tsx
+++ b/pkg/webui/ui/src/components/Login.tsx
@@ -63,7 +63,6 @@ export default function Login(props: { authInfo: AuthInfo }) {
     }
 
     const [error, setError] = useState<LoginResult | undefined>(initialError);
-    console.log(searchParams, loginErrorFromSearchParams, initialError, error)
 
     const handleSubmit = async (e: SyntheticEvent) => {
         e.preventDefault();

From 528afaa0b994a179e00eeab52c58298a3e4eb95f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 12:06:16 +0200
Subject: [PATCH 1547/2268] feat: Allow to select target/commandResult via
 search params

---
 pkg/webui/ui/src/components/Router.tsx        | 118 ++++++++++++++++--
 .../components/target-view/TargetsView.tsx    |  32 +----
 pkg/webui/ui/src/project-summaries.ts         |  19 +++
 3 files changed, 134 insertions(+), 35 deletions(-)

diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index d888e4873..741653a78 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -1,9 +1,12 @@
-import { createHashRouter, useNavigate, useRouteError } from "react-router-dom";
-import App from "./App";
+import { createHashRouter, useRouteError, useSearchParams } from "react-router-dom";
+import App, { AppContextProps, useAppContext } from "./App";
 import { ErrorMessageCard } from "./ErrorMessage";
 import { Box } from "@mui/material";
-import React, { useEffect } from "react";
+import React, { useEffect, useState } from "react";
 import { TargetsView } from "./target-view/TargetsView";
+import { CommandResultSummary } from "../models";
+import { buildTargetPath, ProjectSummary, TargetSummary } from "../project-summaries";
+import { Loading } from "./Loading";
 
 function ErrorPage() {
     const error = useRouteError() as any;
@@ -14,12 +17,109 @@ function ErrorPage() {
     </ErrorMessageCard>
 }
 
-function Redirect(props: { to: string }) {
-    let navigate = useNavigate();
+function buildRedirectToTargetPath(app: AppContextProps, sp: URLSearchParams) {
+    const gitRepoKey = sp.get("gitRepoKey")
+    const subDir = sp.get("subDir")
+    const targetName = sp.get("targetName")
+    const targetClusterId = sp.get("targetClusterId")
+    const discriminator = sp.get("discriminator")
+    const commandResultId = sp.get("commandResultId")
+    const kdName = sp.get("kluctlDeploymentName")
+    const kdNamespace = sp.get("kluctlDeploymentNamespace")
+    const kdClusterId = sp.get("kluctlDeploymentClusterId")
+
+    if (!gitRepoKey && !subDir && !targetName && !targetClusterId && !discriminator &&
+        !kdName && !kdNamespace && !kdClusterId &&
+        !commandResultId) {
+        return "/targets"
+    }
+
+    let firstProject: ProjectSummary | undefined
+    let firstTarget: TargetSummary | undefined
+
+    let firstCommandResultSummary: CommandResultSummary | undefined
+    if (commandResultId) {
+        app.projects.forEach(ps => {
+            ps.targets.forEach(ts => {
+                ts.commandResults.forEach(rs => {
+                    if (rs.id === commandResultId && !firstCommandResultSummary) {
+                        firstProject = ps
+                        firstTarget = ts
+                        firstCommandResultSummary = rs
+                    }
+                })
+            })
+        })
+    } else {
+        app.projects.forEach(ps => {
+            if (firstProject) return
+            if (gitRepoKey !== null && gitRepoKey !== ps.project.gitRepoKey) return
+            if (subDir !== null && subDir !== ps.project.subDir) return
+
+            ps.targets.forEach(ts => {
+                if (firstTarget) return
+                if (targetName !== null && targetName !== ts.target.targetName) return
+                if (targetClusterId !== null && targetClusterId !== ts.target.clusterId) return
+                if (discriminator !== null && discriminator !== ts.target.discriminator) return
+                if (kdName !== null && kdName !== ts.kdInfo?.name) return
+                if (kdNamespace !== null && kdNamespace !== ts.kdInfo?.namespace) return
+                if (kdClusterId !== null && kdClusterId !== ts.kdInfo?.clusterId) return
+
+                firstProject = ps
+                firstTarget = ts
+            })
+        })
+    }
+
+    let redirectPath: string | undefined = undefined
+    if (firstProject && firstTarget) {
+        redirectPath = buildTargetPath(firstProject, firstTarget, !!firstCommandResultSummary, firstCommandResultSummary, false)
+    }
+
+    return redirectPath
+}
+
+function RedirectToTarget(props: {}) {
+    const [spFromRouter] = useSearchParams()
+    const spFromWindow = new URLSearchParams(window.location.search)
+
+    // we need to merge the search params from the window.location and from the react-router location
+    const sp = new URLSearchParams(spFromWindow)
+    spFromRouter.forEach((k, v) => {
+        sp.set(k, v)
+    })
+
+    const app = useAppContext()
+    const [timedout, setTimedout] = useState(false)
+
+    const redirectPath = buildRedirectToTargetPath(app, sp)
+
     useEffect(() => {
-        navigate(props.to, {replace: true});
-    });
-    return null;
+        console.log("start timer")
+        const timer = setTimeout(() => {
+            console.log("setTimedout")
+            setTimedout(true)
+        }, 5000)
+        return () => {
+            console.log("stop timer")
+            clearTimeout(timer)
+        }
+    }, [])
+
+    useEffect(() => {
+        if (timedout) {
+            console.log("timed out waiting for results/projects")
+            window.location.replace("/#/targets")
+            return
+        }
+        if (!redirectPath) {
+            return
+        }
+
+        window.location.replace("/#" + redirectPath)
+    }, [redirectPath, timedout]);
+
+    return <Loading/>
 }
 
 export const Router = createHashRouter([
@@ -30,7 +130,7 @@ export const Router = createHashRouter([
         children: [
             {
                 path: "/",
-                element: <Redirect to={"/targets"}/>,
+                element: <RedirectToTarget/>,
                 errorElement: <ErrorPage />,
             },
             {
diff --git a/pkg/webui/ui/src/components/target-view/TargetsView.tsx b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
index d05bd7341..02c68f91a 100644
--- a/pkg/webui/ui/src/components/target-view/TargetsView.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetsView.tsx
@@ -1,7 +1,7 @@
 import { CommandResultSummary } from "../../models";
 import React, { useCallback, useMemo } from "react";
 import { useAppContext } from "../App";
-import { buildTargetKey, ProjectSummary, TargetSummary } from "../../project-summaries";
+import { buildTargetKey, buildTargetPath, ProjectSummary, TargetSummary } from "../../project-summaries";
 import { useLocation, useNavigate, useSearchParams } from "react-router-dom";
 import { TargetCardsView } from "../target-cards-view/TargetCardsView";
 import { TargetsListView } from "../target-list-view/TargetsListView";
@@ -15,34 +15,14 @@ export const TargetsView = () => {
 
     const fullResult = searchParams.get("full") === "1"
 
-    const doNavigate = useCallback((p: string, sp?: URLSearchParams) => {
-        sp = new URLSearchParams(sp)
-        const qs = sp.toString()
-        if (qs.length) {
-            p += "?" + qs
-        }
-        navigate(p)
-    }, [navigate])
-
     const onSelect = useCallback((ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) => {
-        let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
-        const sp = new URLSearchParams()
-        if (showResults) {
-            p += "/results"
-            if (rs) {
-                p += "/" + rs.id
-                if (full) {
-                    console.log("full")
-                    sp.set("full", "1")
-                }
-            }
-        }
-        doNavigate(p, sp);
-    }, [doNavigate]);
+        const p = buildTargetPath(ps, ts, showResults, rs, full)
+        navigate(p);
+    }, [navigate]);
 
     const onCloseExpanded = useCallback(() => {
-        doNavigate(`/targets/`);
-    }, [doNavigate]);
+        navigate(`/targets/`);
+    }, [navigate]);
 
     const targetsByKey = useMemo(() => {
         const m = new Map<string, {ps: ProjectSummary, ts: TargetSummary}>()
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index 5b7278055..e58bf55dc 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -219,3 +219,22 @@ export function buildTargetKey(project: ProjectKey, target: TargetKey, kluctlDep
     }
     return buildListKey(j)
 }
+
+export function buildTargetPath(ps: ProjectSummary, ts: TargetSummary, showResults: boolean, rs?: CommandResultSummary, full?: boolean) {
+    let p = `/targets/${buildTargetKey(ps.project, ts.target, ts.kdInfo)}`
+    const sp = new URLSearchParams()
+    if (showResults) {
+        p += "/results"
+        if (rs) {
+            p += "/" + rs.id
+            if (full) {
+                sp.set("full", "1")
+            }
+        }
+    }
+    const qs = sp.toString()
+    if (qs.length) {
+        p += "?" + qs
+    }
+    return p
+}

From a42c684d9d9d9f464a1ef986f658c6e977e7bf66 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 12:06:56 +0200
Subject: [PATCH 1548/2268] feat: Allow to retry manual deployments via the
 rocket button

---
 .../target-view/ManualApproveButton.tsx       |  50 +++++---
 .../target-view/ReconcilingIcon.tsx           | 108 +++++++++++++-----
 2 files changed, 108 insertions(+), 50 deletions(-)

diff --git a/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
index 7ceba45b9..e64519e41 100644
--- a/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
+++ b/pkg/webui/ui/src/components/target-view/ManualApproveButton.tsx
@@ -3,49 +3,61 @@ import { useAppContext } from "../App";
 import React from "react";
 import { RocketLaunch } from "@mui/icons-material";
 import { Box, IconButton, Tooltip } from "@mui/material";
+import { buildReconcilingState } from "./ReconcilingIcon";
 
 export const ManualApproveButton = (props: {ts: TargetSummary, renderedObjectsHash: string}) => {
     const appCtx = useAppContext()
-    const handleApprove = (approve: boolean) => {
+
+    if (appCtx.isStatic || !appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
+        return <></>
+    }
+
+    const state = buildReconcilingState(props.ts)
+    if (!state) {
+        return <></>
+    }
+
+    const isApproved = state?.manualObjectsHash === props.renderedObjectsHash
+
+    const handleApproveButton = () => {
         if (!props.ts.kdInfo || !props.ts.kd) {
             return
         }
-        if (approve) {
-            if (!props.renderedObjectsHash) {
-                return
-            }
+        if (!props.renderedObjectsHash) {
+            return
+        }
+        if (!state.hasDrift) {
+            return
+        }
+        if (!isApproved) {
             appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, props.renderedObjectsHash)
         } else {
-            appCtx.api.setManualObjectsHash(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace, "")
+            appCtx.api.deployNow(props.ts.kdInfo.clusterId, props.ts.kdInfo.name, props.ts.kdInfo.namespace)
         }
     }
 
-    if (appCtx.isStatic || !appCtx.user.isAdmin || props.ts.kd?.deployment.spec.dryRun || !props.ts.kd?.deployment.spec.manual) {
-        return <></>
-    }
-
-    const hasDrift = !!props.ts.lastDriftDetectionResult?.objects?.length
-    const isApproved = props.ts.kd.deployment.spec.manualObjectsHash === props.renderedObjectsHash
-
     let icon: React.ReactElement
     let tooltip: string
-    if (!hasDrift) {
+    if (!state.hasDrift) {
         tooltip = "No drift, so there is nothing to be manually deployed!"
         icon = <RocketLaunch color={"disabled"}/>
     } else if (!isApproved) {
         tooltip = "Click here to trigger this manual deployment."
         icon = <RocketLaunch color={"info"}/>
     } else {
-        tooltip = "Click here to cancel this deployment. This will only have an effect if the deployment has not started reconciliation yet!"
-        icon = <RocketLaunch color={"success"}/>
+        if (state.requestedDeploy) {
+            tooltip = "Deployment has been requested, please wait!"
+            icon = <RocketLaunch color={"disabled"}/>
+        } else {
+            tooltip = "Click here to retry this already approved manual deployment."
+            icon = <RocketLaunch color={"warning"}/>
+        }
     }
     return <Box display='flex' gap='6px' alignItems='center' height='39px'>
         <IconButton
             onClick={e => {
                 e.stopPropagation();
-                if (hasDrift) {
-                    handleApprove(!isApproved)
-                }
+                handleApproveButton()
             }}
             sx={{
                 padding: 0,
diff --git a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
index 7d91eaa8a..2b73b07b8 100644
--- a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
@@ -6,67 +6,113 @@ import { Done, Error, Hotel, HourglassTop, SyncProblem } from "@mui/icons-materi
 import { MessageQuestionIcon } from "../../icons/Icons";
 import Tooltip from "@mui/material/Tooltip";
 
+export interface Condition {
+    status: string
+    reason: string
+    message: string
+    lastTransitionTime: string
+}
+
+export interface ReconcilingState {
+    suspended: boolean
+    requestedReconcile: string
+    requestedValidate: string
+    requestedDeploy: string
+
+    statusExists: boolean
+    readyCondition?: Condition
+    reconcilingCondition?: Condition
+
+    manualObjectsHash?: string
+    hasDrift: boolean
+    lastDriftDetectionResult?: any
+    lastDriftDetectionResultMessage: string
+}
+
+export function buildReconcilingState(ts: TargetSummary): ReconcilingState | undefined {
+    if (!ts.kd) {
+        return undefined
+    }
+    const annotations: any = ts.kd.deployment.metadata?.annotations || {}
+    const requestReconcile = annotations["kluctl.io/request-reconcile"]
+    const requestValidate = annotations["kluctl.io/request-validate"]
+    const requestDeploy = annotations["kluctl.io/request-deploy"]
+
+    const conditions: any[] | undefined = ts.kd.deployment.status.conditions
+    const readyCondition = conditions?.find(c => c.type === "Ready")
+    const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
+
+    const lastDriftDetectionResult: any | undefined = ts.kd.deployment.status?.lastDriftDetectionResult
+
+    return {
+        suspended: ts.kd.deployment.spec.suspend,
+        requestedReconcile: requestReconcile && requestReconcile !== ts.kd.deployment.status?.lastHandledReconcileAt && requestReconcile,
+        requestedValidate: requestValidate && requestValidate !== ts.kd.deployment.status?.lastHandledValidateAt && requestValidate,
+        requestedDeploy: requestDeploy && requestDeploy !== ts.kd.deployment.status?.lastHandledDeployAt && requestDeploy,
+        statusExists: !!ts.kd.deployment.status,
+        readyCondition: readyCondition,
+        reconcilingCondition: reconcilingCondition,
+        manualObjectsHash: ts.kd.deployment.spec.manualObjectsHash,
+        hasDrift: !!lastDriftDetectionResult?.objects?.length,
+        lastDriftDetectionResult: lastDriftDetectionResult,
+        lastDriftDetectionResultMessage: ts.kd.deployment.status?.lastDriftDetectionResultMessage,
+    }
+}
+
 export const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }) => {
     const theme = useTheme();
 
-    if (!props.ts.kd) {
+    const state = buildReconcilingState(props.ts)
+
+    if (!state) {
         return <></>
     }
 
-    const buildStateTime = (c: any) => {
+    const buildStateTime = (c: Condition) => {
         return <>In this state since <Since startTime={c.lastTransitionTime}/></>
     }
 
     let icon: React.ReactElement | undefined = undefined
     const tooltip: React.ReactNode[] = []
 
-    const annotations: any = props.ts.kd.deployment.metadata?.annotations || {}
-    const requestReconcile = annotations["kluctl.io/request-reconcile"]
-    const requestValidate = annotations["kluctl.io/request-validate"]
-    const requestDeploy = annotations["kluctl.io/request-deploy"]
-
-    if (props.ts.kd.deployment.spec.suspend) {
+    if (state.suspended) {
         icon = <Hotel color={"primary"}/>
         tooltip.push("Deployment is suspended")
-    } else if (!props.ts.kd.deployment.status) {
+    } else if (!state.statusExists) {
         icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
         tooltip.push("Status not available")
     } else {
-        const conditions: any[] | undefined = props.ts.kd.deployment.status.conditions
-        const readyCondition = conditions?.find(c => c.type === "Ready")
-        const reconcilingCondition = conditions?.find(c => c.type === "Reconciling")
-
-        if (reconcilingCondition) {
+        if (state.reconcilingCondition) {
             icon = <CircularProgress color={"info"} size={24}/>
-            tooltip.push(reconcilingCondition.message)
-            tooltip.push(buildStateTime(reconcilingCondition))
+            tooltip.push(state.reconcilingCondition.message)
+            tooltip.push(buildStateTime(state.reconcilingCondition))
         } else {
-            if (requestReconcile && requestReconcile !== props.ts.kd.deployment.status.lastHandledReconcileAt) {
+            if (state.requestedReconcile) {
                 icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Reconcile requested: " + requestReconcile)
-            } else if (requestValidate && requestValidate !== props.ts.kd.deployment.status.lastHandledValidateAt) {
+                tooltip.push("Reconcile requested: " + state.requestedReconcile)
+            } else if (state.requestedValidate) {
                 icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Validate requested: " + requestValidate)
-            } else if (requestDeploy && requestDeploy !== props.ts.kd.deployment.status.lastHandledDeployAt) {
+                tooltip.push("Validate requested: " + state.requestedValidate)
+            } else if (state.requestedDeploy) {
                 icon = <HourglassTop color={"primary"}/>
-                tooltip.push("Deploy requested: " + requestReconcile)
-            } else if (readyCondition) {
-                if (readyCondition.status === "True") {
+                tooltip.push("Deploy requested: " + state.requestedDeploy)
+            } else if (state.readyCondition) {
+                if (state.readyCondition.status === "True") {
                     icon = <Done color={"success"}/>
-                    tooltip.push(readyCondition.message)
+                    tooltip.push(state.readyCondition.message)
                 } else {
-                    if (readyCondition.reason === "PrepareFailed") {
+                    if (state.readyCondition.reason === "PrepareFailed") {
                         icon = <SyncProblem color={"error"}/>
-                        tooltip.push(readyCondition.message)
-                    } else if (readyCondition.reason === "ValidateFailed") {
+                        tooltip.push(state.readyCondition.message)
+                    } else if (state.readyCondition.reason === "ValidateFailed") {
                         icon = <Done color={"success"}/>
-                        tooltip.push(readyCondition.message)
+                        tooltip.push(state.readyCondition.message)
                     } else {
                         icon = <Error color={"warning"}/>
-                        tooltip.push(readyCondition.message)
+                        tooltip.push(state.readyCondition.message)
                     }
                 }
-                tooltip.push(buildStateTime(readyCondition))
+                tooltip.push(buildStateTime(state.readyCondition))
             } else {
                 icon = <MessageQuestionIcon color={theme.palette.warning.main}/>
                 tooltip.push("Ready condition is missing")

From 735dd714c73b745e6132280895dcbee7c83c13bd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 14:09:03 +0200
Subject: [PATCH 1549/2268] feat: Use 5 as default for
 --keep-command-results-count

---
 cmd/kluctl/args/project.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index c8928e18c..de65f2a84 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -47,6 +47,6 @@ type CommandResultFlags struct {
 	WriteCommandResult       bool   `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
 	ForceWriteCommandResult  bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
 	CommandResultNamespace   string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
-	KeepCommandResultsCount  int    `group:"results" help:"Configure how many old command results to keep." default:"10"`
+	KeepCommandResultsCount  int    `group:"results" help:"Configure how many old command results to keep." default:"5"`
 	KeepValidateResultsCount int    `group:"results" help:"Configure how many old validate results to keep." default:"2"`
 }

From 14ef8e5fe7bdf3a1df6b9e3148c30301bfcb8783 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 14:37:25 +0200
Subject: [PATCH 1550/2268] feat: Introduce reconcileId in results

---
 pkg/controllers/kluctl_project.go             | 27 ++++++++++---------
 pkg/types/result/command_result.go            |  1 +
 pkg/types/result/command_result_summary.go    |  2 ++
 pkg/types/result/drift_detection_result.go    |  2 ++
 pkg/types/result/validate_result.go           |  3 +++
 .../nodes/CommandResultNode.tsx               |  2 +-
 pkg/webui/ui/src/models.ts                    | 10 +++++++
 7 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 55b474a5e..b73c5d4f1 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
@@ -657,8 +658,9 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, crId string, objectsHash string) error {
-	cmdResult.Id = crId
+func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, reconcileId string, objectsHash string) error {
+	cmdResult.Id = uuid.NewString()
+	cmdResult.ReconcileId = reconcileId
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
 	cmdResult.KluctlDeployment = &result.KluctlDeploymentInfo{
 		Name:      pt.pp.obj.Name,
@@ -678,7 +680,7 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	return nil
 }
 
-func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, triggeredByRequest bool) error {
+func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, forceStore bool) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -695,9 +697,9 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error,
 		summary.DeletedObjects != 0 ||
 		len(summary.Errors) != 0 ||
 		len(summary.Warnings) != 0
-	if !needStore && triggeredByRequest {
+	if !needStore && forceStore {
 		needStore = true
-		log.Info("forcing storing of empty command result because the deploy was requested")
+		log.Info("forcing storing of empty command result because the command was requested")
 	}
 
 	if !needStore {
@@ -746,7 +748,7 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
-func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, crId string, objectsHash string) error {
+func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, reconcileId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdErr != nil {
@@ -754,7 +756,8 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error,
 		return cmdErr
 	}
 
-	validateResult.Id = crId
+	validateResult.Id = uuid.NewString()
+	validateResult.ReconcileId = reconcileId
 	validateResult.KluctlDeployment = &result.KluctlDeploymentInfo{
 		Name:      pt.pp.obj.Name,
 		Namespace: pt.pp.obj.Namespace,
@@ -778,17 +781,17 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error,
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, needDeployByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string, needDeployByRequest bool) (*result.CommandResult, error) {
 	if deployMode == kluctlv1.KluctlDeployModeFull {
-		return pt.kluctlDeploy(ctx, targetContext, crId, objectsHash, needDeployByRequest)
+		return pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
 	} else if deployMode == kluctlv1.KluctlDeployPokeImages {
-		return pt.kluctlPokeImages(ctx, targetContext, crId, objectsHash, needDeployByRequest)
+		return pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
 	} else {
 		return nil, fmt.Errorf("deployMode '%s' not supported", deployMode)
 	}
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -802,7 +805,7 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.WaitPrune = false
 
 	cmdResult, cmdErr := cmd.Run(nil)
-	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
+	err := pt.addCommandResultInfo(ctx, cmdResult, reconcileId, objectsHash)
 	if err != nil {
 		return cmdResult, err
 	}
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index c450ca6c2..0866bfc48 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -127,6 +127,7 @@ type ResultObject struct {
 
 type CommandResult struct {
 	Id               string                         `json:"id"`
+	ReconcileId      string                         `json:"reconcileId"`
 	ProjectKey       ProjectKey                     `json:"projectKey"`
 	TargetKey        TargetKey                      `json:"targetKey"`
 	Target           types.Target                   `json:"target"`
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index 4c2b4aaae..eac4165d1 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -6,6 +6,7 @@ import (
 
 type CommandResultSummary struct {
 	Id               string                `json:"id"`
+	ReconcileId      string                `json:"reconcileId"`
 	ProjectKey       ProjectKey            `json:"projectKey"`
 	TargetKey        TargetKey             `json:"targetKey"`
 	Target           types.Target          `json:"target"`
@@ -49,6 +50,7 @@ func (cr *CommandResult) BuildSummary() *CommandResultSummary {
 
 	ret := &CommandResultSummary{
 		Id:                  cr.Id,
+		ReconcileId:         cr.ReconcileId,
 		ProjectKey:          cr.ProjectKey,
 		TargetKey:           cr.TargetKey,
 		Target:              cr.Target,
diff --git a/pkg/types/result/drift_detection_result.go b/pkg/types/result/drift_detection_result.go
index 95704aa2b..28668cd08 100644
--- a/pkg/types/result/drift_detection_result.go
+++ b/pkg/types/result/drift_detection_result.go
@@ -13,6 +13,7 @@ type DriftedObject struct {
 
 type DriftDetectionResult struct {
 	Id                  string                `json:"id"`
+	ReconcileId         string                `json:"reconcileId"`
 	ProjectKey          ProjectKey            `json:"projectKey"`
 	TargetKey           TargetKey             `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
@@ -32,6 +33,7 @@ func (cr *CommandResult) BuildDriftDetectionResult() *DriftDetectionResult {
 
 	ret := &DriftDetectionResult{
 		Id:                  cr.Id,
+		ReconcileId:         cr.ReconcileId,
 		ProjectKey:          cr.ProjectKey,
 		TargetKey:           cr.TargetKey,
 		KluctlDeployment:    cr.KluctlDeployment,
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index a1118f623..7b0594732 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -13,6 +13,7 @@ type ValidateResultEntry struct {
 
 type ValidateResult struct {
 	Id                  string                `json:"id"`
+	ReconcileId         string                `json:"reconcileId"`
 	ProjectKey          ProjectKey            `json:"projectKey"`
 	TargetKey           TargetKey             `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
@@ -27,6 +28,7 @@ type ValidateResult struct {
 
 type ValidateResultSummary struct {
 	Id                  string                `json:"id"`
+	ReconcileId         string                `json:"reconcileId"`
 	ProjectKey          ProjectKey            `json:"projectKey"`
 	TargetKey           TargetKey             `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
@@ -43,6 +45,7 @@ type ValidateResultSummary struct {
 func (vr *ValidateResult) BuildSummary() ValidateResultSummary {
 	return ValidateResultSummary{
 		Id:                  vr.Id,
+		ReconcileId:         vr.ReconcileId,
 		ProjectKey:          vr.ProjectKey,
 		TargetKey:           vr.TargetKey,
 		KluctlDeployment:    vr.KluctlDeployment,
diff --git a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
index 8c96aec0e..c29b541dd 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/CommandResultNode.tsx
@@ -36,7 +36,7 @@ export class CommandResultNodeData extends NodeData {
             tabs.push({
                 label: "Logs", content: <LogsViewer
                     cluster={this.commandResult.clusterInfo.clusterId}
-                    reconcileId={this.commandResult.id}/>
+                    reconcileId={this.commandResult.reconcileId}/>
             })
         }
 
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index c47abd51b..e95263f8f 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -618,6 +618,7 @@ export class ProjectKey {
 }
 export class CommandResult {
     id: string;
+    reconcileId: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
     target: Target;
@@ -635,6 +636,7 @@ export class CommandResult {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.reconcileId = source["reconcileId"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.target = this.convertValues(source["target"], Target);
@@ -670,6 +672,7 @@ export class CommandResult {
 }
 export class CommandResultSummary {
     id: string;
+    reconcileId: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
     target: Target;
@@ -693,6 +696,7 @@ export class CommandResultSummary {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.reconcileId = source["reconcileId"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.target = this.convertValues(source["target"], Target);
@@ -764,6 +768,7 @@ export class ValidateResultEntry {
 }
 export class ValidateResult {
     id: string;
+    reconcileId: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
@@ -778,6 +783,7 @@ export class ValidateResult {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.reconcileId = source["reconcileId"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
@@ -810,6 +816,7 @@ export class ValidateResult {
 }
 export class ValidateResultSummary {
     id: string;
+    reconcileId: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
@@ -824,6 +831,7 @@ export class ValidateResultSummary {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.reconcileId = source["reconcileId"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
@@ -894,6 +902,7 @@ export class DriftedObject {
 }
 export class DriftDetectionResult {
     id: string;
+    reconcileId: string;
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
@@ -907,6 +916,7 @@ export class DriftDetectionResult {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.id = source["id"];
+        this.reconcileId = source["reconcileId"];
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);

From 08069027a654411e61f18cc6e48443b04dbc9ccb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 15:00:54 +0200
Subject: [PATCH 1551/2268] feat: Implement prune requests

---
 api/v1beta1/kluctldeployment_types.go         |  4 +++
 .../gitops.kluctl.io_kluctldeployments.yaml   |  2 ++
 docs/gitops/api/kluctl-controller.md          | 11 ++++++++
 docs/kluctl/commands/common-arguments.md      |  2 +-
 install/controller/controller/crd.yaml        |  2 ++
 pkg/controllers/kluctl_project.go             | 17 +++++++++++++
 .../kluctldeployment_controller.go            | 25 +++++++++++++++++++
 pkg/controllers/predicates.go                 |  5 +++-
 pkg/webui/server.go                           |  5 ++++
 pkg/webui/ui/src/api.tsx                      | 13 ++++++++++
 .../target-list-view/TargetsListView.tsx      |  3 ---
 .../target-view/ReconcilingIcon.tsx           |  6 +++++
 .../target-view/TargetActionMenu.tsx          |  8 ++++++
 13 files changed, 98 insertions(+), 5 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 0a8ee9ee0..fe98fe027 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -35,6 +35,7 @@ const (
 
 	KluctlRequestReconcileAnnotation = "kluctl.io/request-reconcile"
 	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
+	KluctlRequestPruneAnnotation     = "kluctl.io/request-prune"
 	KluctlRequestValidateAnnotation  = "kluctl.io/request-validate"
 )
 
@@ -341,6 +342,9 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastHandledDeployAt string `json:"lastHandledDeployAt,omitempty"`
 
+	// +optional
+	LastHandledPruneAt string `json:"lastHandledPruneAt,omitempty"`
+
 	// +optional
 	LastHandledValidateAt string `json:"lastHandledValidateAt,omitempty"`
 
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 811898c3f..9b66d9616 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -515,6 +515,8 @@ spec:
                 type: string
               lastHandledDeployAt:
                 type: string
+              lastHandledPruneAt:
+                type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 27b9fedf8..b7fa31cd2 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1171,6 +1171,17 @@ string
 </tr>
 <tr>
 <td>
+<code>lastHandledPruneAt</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastHandledValidateAt</code><br>
 <em>
 string
diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index 85e0853e0..53ce318a1 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -139,7 +139,7 @@ Command Results:
       --command-result-namespace string   Override the namespace to be used when writing command results. (default
                                           "kluctl-results")
       --force-write-command-result        Force writing of command results, even if the command is run in dry-run mode.
-      --keep-command-results-count int    Configure how many old command results to keep. (default 10)
+      --keep-command-results-count int    Configure how many old command results to keep. (default 5)
       --keep-validate-results-count int   Configure how many old validate results to keep. (default 2)
       --write-command-result              Enable writing of command results into the cluster. This is enabled by
                                           default. (default true)
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 4067ce674..71530f356 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -515,6 +515,8 @@ spec:
                 type: string
               lastHandledDeployAt:
                 type: string
+              lastHandledPruneAt:
+                type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index b73c5d4f1..86fba53fa 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -827,6 +827,23 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	return cmdResult, err
 }
 
+func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
+	defer timer.ObserveDuration()
+	cmd := commands.NewPruneCommand("", targetContext, false)
+
+	cmdResult, cmdErr := cmd.Run(func(refs []k8s.ObjectRef) error {
+		pt.printDeletedRefs(ctx, refs)
+		return nil
+	})
+	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
+	if err != nil {
+		return cmdResult, err
+	}
+	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "prune", false)
+	return cmdResult, err
+}
+
 func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index c6c8fdf6b..47ef24a6e 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -258,11 +258,14 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	oldGeneration := obj.Status.ObservedGeneration
 	oldDeployRequest := obj.Status.LastHandledDeployAt
+	oldPruneRequest := obj.Status.LastHandledPruneAt
 	oldValidateRequest := obj.Status.LastHandledValidateAt
 	curDeployRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]
+	curPruneRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestPruneAnnotation]
 	curValidateRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestValidateAnnotation]
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 	obj.Status.LastHandledDeployAt = curDeployRequest
+	obj.Status.LastHandledPruneAt = curPruneRequest
 	obj.Status.LastHandledValidateAt = curValidateRequest
 
 	patchErr = doProgressingCondition("Preparing project", true)
@@ -346,6 +349,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	needDeploy := false
 	needDeployByRequest := false
+	needPrune := false
 	needValidate := false
 	needDriftDetection := true
 
@@ -380,6 +384,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
+	if curPruneRequest != "" && oldPruneRequest != curPruneRequest {
+		// explicitly requested a prune
+		needPrune = true
+	}
+
 	if obj.Spec.Validate {
 		if obj.Status.LastValidateResult == nil || needDeploy {
 			// either never validated before or a deployment requested (which required re-validation)
@@ -414,12 +423,28 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 
 		if obj.Spec.DryRun {
+			// force full drift detection (otherwise we'd see the dry-run applied changes as non-drifted)
 			r.updateResourceVersions(key, nil, nil)
 		} else {
 			r.updateResourceVersions(key, deployResult.Objects, nil)
 		}
 	}
 
+	if needPrune {
+		patchErr = doProgressingCondition("Performing kluctl prune", false)
+		if patchErr != nil {
+			return nil, patchErr
+		}
+		pruneResult, err := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
+		err = obj.Status.SetLastDeployResult(pruneResult.BuildSummary(), err)
+		if err != nil {
+			log.Error(err, "Failed to write prune result")
+		}
+
+		// force full drift detection
+		r.updateResourceVersions(key, nil, nil)
+	}
+
 	if needValidate {
 		patchErr = doProgressingCondition("Performing kluctl validate", false)
 		if patchErr != nil {
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index 117c117d2..467fc24c5 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -22,5 +22,8 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 		return ok1 != ok2 || v1 != v2
 	}
 
-	return check(kluctlv1.KluctlRequestReconcileAnnotation) || check(kluctlv1.KluctlRequestDeployAnnotation) || check(kluctlv1.KluctlRequestValidateAnnotation)
+	return check(kluctlv1.KluctlRequestReconcileAnnotation) ||
+		check(kluctlv1.KluctlRequestDeployAnnotation) ||
+		check(kluctlv1.KluctlRequestPruneAnnotation) ||
+		check(kluctlv1.KluctlRequestValidateAnnotation)
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 1034ce4a4..85ccb76c3 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -133,6 +133,7 @@ func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) erro
 	api.POST("/validateNow", s.validateNow)
 	api.POST("/reconcileNow", s.reconcileNow)
 	api.POST("/deployNow", s.deployNow)
+	api.POST("/pruneNow", s.pruneNow)
 	api.POST("/setSuspended", s.setSuspended)
 	api.POST("/setManualObjectsHash", s.setManualObjectsHash)
 
@@ -538,6 +539,10 @@ func (s *CommandResultsServer) deployNow(c *gin.Context) {
 	s.doSetAnnotation(c, kluctlv1.KluctlRequestDeployAnnotation, time.Now().Format(time.RFC3339Nano))
 }
 
+func (s *CommandResultsServer) pruneNow(c *gin.Context) {
+	s.doSetAnnotation(c, kluctlv1.KluctlRequestPruneAnnotation, time.Now().Format(time.RFC3339Nano))
+}
+
 func (s *CommandResultsServer) setSuspended(c *gin.Context) {
 	var params struct {
 		KluctlDeploymentParam
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index 7cef05954..e6a34b39f 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -53,6 +53,7 @@ export interface Api {
     validateNow(cluster: string, name: string, namespace: string): Promise<Response>
     reconcileNow(cluster: string, name: string, namespace: string): Promise<Response>
     deployNow(cluster: string, name: string, namespace: string): Promise<Response>
+    pruneNow(cluster: string, name: string, namespace: string): Promise<Response>
     setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response>
     setManualObjectsHash(cluster: string, name: string, namespace: string, objectsHash: string): Promise<Response>
     watchLogs(cluster: string | undefined, name: string | undefined, namespace: string | undefined, reconcileId: string | undefined, handle: (lines: any[]) => void): () => void
@@ -231,6 +232,14 @@ export class RealApi implements Api {
         })
     }
 
+    async pruneNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        return this.doPost("/api/pruneNow", {
+            "cluster": cluster,
+            "name": name,
+            "namespace": namespace,
+        })
+    }
+
     async reconcileNow(cluster: string, name: string, namespace: string): Promise<Response> {
         return this.doPost("/api/reconcileNow", {
             "cluster": cluster,
@@ -381,6 +390,10 @@ export class StaticApi implements Api {
         throw new Error("not implemented")
     }
 
+    pruneNow(cluster: string, name: string, namespace: string): Promise<Response> {
+        throw new Error("not implemented")
+    }
+
     setSuspended(cluster: string, name: string, namespace: string, suspend: boolean): Promise<Response> {
         throw new Error("not implemented")
     }
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index aa66de093..e2f025498 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -213,9 +213,6 @@ export const TargetsListView = (props: TargetsListViewProps) => {
                 return rs.commandInfo.command
             },
             renderCell: rp => {
-                if (!rp.row.ts.commandResults.length) {
-                    return <></>
-                }
                 const dr = rp.row.ts.lastDriftDetectionResult
                 return <Box display={"flex"}
                             width={"100%"}
diff --git a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
index 2b73b07b8..9cbaef8b6 100644
--- a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
@@ -18,6 +18,7 @@ export interface ReconcilingState {
     requestedReconcile: string
     requestedValidate: string
     requestedDeploy: string
+    requestedPrune: string
 
     statusExists: boolean
     readyCondition?: Condition
@@ -37,6 +38,7 @@ export function buildReconcilingState(ts: TargetSummary): ReconcilingState | und
     const requestReconcile = annotations["kluctl.io/request-reconcile"]
     const requestValidate = annotations["kluctl.io/request-validate"]
     const requestDeploy = annotations["kluctl.io/request-deploy"]
+    const requestPrune = annotations["kluctl.io/request-prune"]
 
     const conditions: any[] | undefined = ts.kd.deployment.status.conditions
     const readyCondition = conditions?.find(c => c.type === "Ready")
@@ -49,6 +51,7 @@ export function buildReconcilingState(ts: TargetSummary): ReconcilingState | und
         requestedReconcile: requestReconcile && requestReconcile !== ts.kd.deployment.status?.lastHandledReconcileAt && requestReconcile,
         requestedValidate: requestValidate && requestValidate !== ts.kd.deployment.status?.lastHandledValidateAt && requestValidate,
         requestedDeploy: requestDeploy && requestDeploy !== ts.kd.deployment.status?.lastHandledDeployAt && requestDeploy,
+        requestedPrune: requestPrune && requestPrune !== ts.kd.deployment.status?.lastHandledPruneAt && requestPrune,
         statusExists: !!ts.kd.deployment.status,
         readyCondition: readyCondition,
         reconcilingCondition: reconcilingCondition,
@@ -96,6 +99,9 @@ export const ReconcilingIcon = (props: { ps: ProjectSummary, ts: TargetSummary }
             } else if (state.requestedDeploy) {
                 icon = <HourglassTop color={"primary"}/>
                 tooltip.push("Deploy requested: " + state.requestedDeploy)
+            } else if (state.requestedPrune) {
+                icon = <HourglassTop color={"primary"}/>
+                tooltip.push("Prune requested: " + state.requestedPrune)
             } else if (state.readyCondition) {
                 if (state.readyCondition.status === "True") {
                     icon = <Done color={"success"}/>
diff --git a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
index c895e8de0..68d78aad6 100644
--- a/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
+++ b/pkg/webui/ui/src/components/target-view/TargetActionMenu.tsx
@@ -4,6 +4,7 @@ import { ActionMenuItem, ActionsMenu } from "../ActionsMenu";
 import { Pause, PlayArrow, PublishedWithChanges, RocketLaunch, Troubleshoot } from "@mui/icons-material";
 import { Typography } from "@mui/material";
 import React, { useMemo } from "react";
+import { PruneIcon } from "../../icons/Icons";
 
 export const TargetActionMenu = (props: {ts: TargetSummary}) => {
     const appCtx = useAppContext()
@@ -37,6 +38,13 @@ export const TargetActionMenu = (props: {ts: TargetSummary}) => {
                 appCtx.api.deployNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
             }
         })
+        actionMenuItems.push({
+            icon: <PruneIcon size={"24px"}/>,
+            text: <Typography>Prune</Typography>,
+            handler: () => {
+                appCtx.api.pruneNow(kd.clusterId, kd.deployment.metadata.name, kd.deployment.metadata.namespace)
+            }
+        })
         if (!kd.deployment.spec.suspend) {
             actionMenuItems.push({
                 icon: <Pause/>,

From b1741a8901e7f591cd12f7ab521348f1db5b86e2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 15:34:19 +0200
Subject: [PATCH 1552/2268] docs: Fix links to webui screenshots (#764)

---
 docs/webui/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/webui/README.md b/docs/webui/README.md
index 4df77de86..bc2c491c3 100644
--- a/docs/webui/README.md
+++ b/docs/webui/README.md
@@ -23,7 +23,7 @@ to https://github.com/kluctl/kluctl/issues.
 ## Screenshots
 
 ### Targets Overview
-![targets.jpg](https://kluctl.io/images/webui/targets.jpg)
+![targets.png](https://kluctl.io/images/webui/targets.png)
 
 ### Command Result
-![targets-result.jpg](https://kluctl.io/images/webui/targets-result.jpg)
+![targets-result.png](https://kluctl.io/images/webui/targets-result.png)

From e2db6af2147ddc26aabf28396c9fa68dfd1f825f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 16:37:38 +0200
Subject: [PATCH 1553/2268] feat: Auto-generate static credentials and auth
 secret if non-existent

---
 install/webui/webui/webui-rbac.yaml | 32 ++++++++++++++++++++++
 pkg/k8s/utils.go                    | 42 ++++++++++++++++++++++++++---
 pkg/webui/auth.go                   | 14 ++++++----
 pkg/webui/auth_oidc.go              |  2 +-
 4 files changed, 80 insertions(+), 10 deletions(-)

diff --git a/install/webui/webui/webui-rbac.yaml b/install/webui/webui/webui-rbac.yaml
index b4831e862..46ed425a2 100644
--- a/install/webui/webui/webui-rbac.yaml
+++ b/install/webui/webui/webui-rbac.yaml
@@ -34,6 +34,17 @@ rules:
     verbs: ["impersonate"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kluctl-webui-role
+  namespace: kluctl-system
+rules:
+    # allow to read/write credentials
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch", "create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
@@ -52,3 +63,24 @@ subjects:
   - kind: ServiceAccount
     name: kluctl-webui
     namespace: kluctl-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/instance: kluctl-webui-rolebinding
+    app.kubernetes.io/managed-by: kluctl
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/part-of: controller
+  name: kluctl-webui-rolebinding
+  namespace: kluctl-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kluctl-webui-role
+subjects:
+  - kind: ServiceAccount
+    name: kluctl-webui
+    namespace: kluctl-system
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index dc139e015..c1e94308d 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -6,7 +6,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/rand"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -68,16 +70,48 @@ func GetClusterId(ctx context.Context, c client.Client) (string, error) {
 }
 
 func GetSingleSecret(ctx context.Context, c client.Client, name string, namespace string, key string) (string, error) {
+	return doGetOrGenerateSingleSecret(ctx, c, name, namespace, key, false, "")
+}
+
+func GetOrGenerateSingleSecret(ctx context.Context, c client.Client, name string, namespace string, key string, manager string) (string, error) {
+	return doGetOrGenerateSingleSecret(ctx, c, name, namespace, key, true, manager)
+}
+
+func doGetOrGenerateSingleSecret(ctx context.Context, c client.Client, name string, namespace string, key string, allowGenerate bool, manager string) (string, error) {
 	var secret corev1.Secret
 	err := c.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, &secret)
 	if err != nil {
-		return "", err
+		if !allowGenerate || !errors.IsNotFound(err) {
+			return "", err
+		}
+		secret.Name = name
+		secret.Namespace = namespace
+		err = c.Create(ctx, &secret, client.FieldOwner(manager))
+		if err != nil && !errors.IsAlreadyExists(err) {
+			return "", err
+		}
+	}
+
+	if secret.Data == nil {
+		secret.Data = map[string][]byte{}
 	}
 
 	x, ok := secret.Data[key]
-	if !ok {
-		return "", fmt.Errorf("secret %s has no '%s' key", name, key)
+	if ok {
+		return string(x), nil
+	}
+	if !allowGenerate {
+		return "", fmt.Errorf("secrets %s has no key %s", name, key)
+	}
+
+	generated := rand.String(32)
+	patch := client.MergeFrom(secret.DeepCopy())
+	secret.Data[key] = []byte(generated)
+
+	err = c.Patch(ctx, &secret, patch, client.FieldOwner(manager))
+	if err != nil {
+		return "", err
 	}
 
-	return string(x), nil
+	return generated, nil
 }
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index f70fd5f4f..368c61d99 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -86,20 +86,20 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig
 		return ret, nil
 	}
 
-	x, err := ret.getSecret(authConfig.AuthSecretName, authConfig.AuthSecretKey)
+	x, err := ret.getSecret(authConfig.AuthSecretName, authConfig.AuthSecretKey, true)
 	if err != nil {
 		return nil, err
 	}
 	ret.authSecret = []byte(x)
 
 	if authConfig.StaticLoginEnabled {
-		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticAdminSecretKey)
+		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticAdminSecretKey, true)
 		if err != nil {
 			return nil, err
 		}
 		ret.adminPassword = x
 
-		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticViewerSecretKey)
+		x, err = ret.getSecret(authConfig.StaticLoginSecretName, authConfig.StaticViewerSecretKey, true)
 		if err != nil {
 			return nil, err
 		}
@@ -251,9 +251,13 @@ func (s *authHandler) userHandler(c *gin.Context) {
 	c.JSON(http.StatusOK, user)
 }
 
-func (s *authHandler) getSecret(secretName string, secretKey string) (string, error) {
+func (s *authHandler) getSecret(secretName string, secretKey string, allowGenerate bool) (string, error) {
 	if s.serverClient == nil {
 		return "", fmt.Errorf("no serverClient set")
 	}
-	return k8s.GetSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey)
+	if allowGenerate {
+		return k8s.GetOrGenerateSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey, "kluctl-webui")
+	} else {
+		return k8s.GetSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey)
+	}
 }
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index 3d17663c9..6f61423f3 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -27,7 +27,7 @@ func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConf
 		return nil
 	}
 
-	clientSecret, err := s.getSecret(authConfig.OidcClientSecretName, authConfig.OidcClientSecretKey)
+	clientSecret, err := s.getSecret(authConfig.OidcClientSecretName, authConfig.OidcClientSecretKey, false)
 	if err != nil {
 		return err
 	}

From 9dd41f77900045becb19ea3a062460c0f0aeea72 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 16:38:00 +0200
Subject: [PATCH 1554/2268] fix: Perform full drift detection in case rendered
 objects hash changes

---
 pkg/controllers/kluctldeployment_controller.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 47ef24a6e..b9c13ad2c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -407,6 +407,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		obj.Status.LastValidateError = ""
 	}
 
+	if !needDeploy && obj.Status.LastObjectsHash != objectsHash {
+		// force full drift detection as we can't know which objects changed in-between
+		r.updateResourceVersions(key, nil, nil)
+	}
+
 	obj.Status.LastObjectsHash = objectsHash
 	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 

From c7917a36992c9cae6fb12e52f5d1bf1a29400ad3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Sep 2023 21:09:57 +0200
Subject: [PATCH 1555/2268] docs: Add webui installation and oidc docs

---
 docs/webui/installation.md    | 35 ++++++++++++--
 docs/webui/oidc-azure-ad.md   | 90 +++++++++++++++++++++++++++++++++++
 docs/webui/running-locally.md |  2 +-
 hack/prepare-release.sh       |  1 +
 4 files changed, 124 insertions(+), 4 deletions(-)
 create mode 100644 docs/webui/oidc-azure-ad.md

diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 3ad57a2b5..9f9faed42 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -4,7 +4,7 @@
 title: Installation
 linkTitle: Installation
 description: Installing the Kluctl Webui
-weight: 20
+weight: 10
 ---
 -->
 
@@ -22,7 +22,36 @@ deployments:
         tag: v2.20.8
 ```
 
-# Overriding the version
+## Login
+
+### Static Users
+
+By default, the Webui will automatically generate an static credentials for an admin and for a viewer user. These
+credentials can be extracted from the `kluctl-system/webui-secret` Secret after the Webui has started up for the first
+time. To get the admin password, invoke:
+
+```shell
+$ kubectl -n kluctl-system get secret webui-secret -o jsonpath='{.data.admin-password}' | base64 -d
+```
+
+For the viewer password, invoke:
+
+```shell
+$ kubectl -n kluctl-system get secret webui-secret -o jsonpath='{.data.viewer-password}' | base64 -d
+```
+
+If you do not want to rely on the Webui to generate those secrets, simply use your typical means of creating/updating
+the `webui-secret` Secret. The secret must contain values for `admin-password`, `viewer-password`.
+
+### OIDC Integration
+
+The Webui offers an OIDC integration, which can be configured via [CLI arguments](#passing-arguments).
+
+For an example of an OIDC provider configurations, see [Azure AD Integration](./oidc-azure-ad.md).
+
+## Customization
+
+### Overriding the version
 
 The image version of the Webui can be overriden with the `kluctl_version` arg:
 
@@ -39,7 +68,7 @@ deployments:
             kluctl_version: v2.20.8
 ```
 
-# Passing arguments
+### Passing arguments
 
 You can pass arbitrary command line arguments to the webui by providing the `webui_args` arg:
 
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
new file mode 100644
index 000000000..e25565d9f
--- /dev/null
+++ b/docs/webui/oidc-azure-ad.md
@@ -0,0 +1,90 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: Azure AD Integration
+linkTitle: Azure AD Integration
+description: Azure AD Integration
+weight: 20
+---
+-->
+
+# Azure AD Integration
+
+Azure AD can be integrated via the [OIDC integration](./installation.md#oidc-integration).
+
+## Configure a new Azure AD App registration
+### Add a new Azure AD App registration
+
+1. From the `Azure Active Directory` > `App registrations` menu, choose `+ New registration`
+2. Enter a `Name` for the application (e.g. `Kluctl Webui`).
+3. Specify who can use the application (e.g. `Accounts in this organizational directory only`).
+4. Enter Redirect URI (optional) as follows (replacing `my-kluctl-webui-url` with your Kluctl Webui URL), then choose `Add`.
+    - **Platform:** `Web`
+    - **Redirect URI:** https://`<my-kluctl-webui-url>`/auth/callback
+5. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the Application (client) ID.
+   ![Azure App registration's Overview](https://kluctl.io/images/webui/azure-app-registration-overview.png "Azure App registration's Overview")
+
+### Add credentials a new Azure AD App registration
+
+1. From the `Certificates & secrets` menu, choose `+ New client secret`
+2. Enter a `Name` for the secret (e.g. `Kluctl Webui SSO`).
+    - Make sure to copy and save generated value. This is a value for the `oidc-client-secret`.
+      ![Azure App registration's Secret](https://kluctl.io/images/webui/azure-app-registration-secret.png "Azure App registration's Secret")
+
+### Setup permissions for Azure AD Application
+
+1. From the `API permissions` menu, choose `+ Add a permission`
+2. Find `User.Read` permission (under `Microsoft Graph`) and grant it to the created application:
+   ![Azure AD API permissions](https://kluctl.io/images/webui/azure-api-permissions.png "Azure AD API permissions")
+3. From the `Token Configuration` menu, choose `+ Add groups claim`
+   ![Azure AD token configuration](https://kluctl.io/images/webui/azure-token-configuration.png "Azure AD token configuration")
+
+## Associate an Azure AD group to your Azure AD App registration
+
+1. From the `Azure Active Directory` > `Enterprise applications` menu, search the App that you created (e.g. `Kluctl Webui`).
+    - An Enterprise application with the same name of the Azure AD App registration is created when you add a new Azure AD App registration.
+2. From the `Users and groups` menu of the app, add any users or groups requiring access to the service.
+   ![Azure Enterprise SAML Users](https://kluctl.io/images/webui/azure-enterprise-users.png "Azure Enterprise SAML Users")
+
+## Configure the Kluctl Webui to use the new Azure AD App registration
+
+Use the following configuration when [installing](./installation.md) the Webui. Replace occurrences of 
+`<directory_tenant_id>`, `<client_id>`, `<my-kluctl-webui-url>` and `<admin_group_id>` with the appropriate values from
+above.
+
+```yaml
+deployments:
+  - path: secrets 
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/webui
+      ref:
+         tag: v2.20.8
+    vars:
+      - values:
+          args:
+            webui_args:
+              - --auth-oidc-issuer-url=https://login.microsoftonline.com/<directory_tenant_id>/v2.0
+              - --auth-oidc-client-id=<client_id>
+              - --auth-oidc-scope=openid
+              - --auth-oidc-scope=profile
+              - --auth-oidc-scope=email
+              - --auth-oidc-redirect-url=https://<my-kluctl-webui-url>/auth/callback
+              - --auth-oidc-group-claim=groups
+              - --auth-oidc-admins-group=<admin_group_id>
+```
+
+Also, add `webui-secrets.yaml` inside the `secrets` subdirectory:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webui-secret
+  namespace: kluctl-system
+stringData:
+  oidc-client-secret: "<client_secret>"
+```
+
+Please note that the client secret is sensitive data and should not be added unencrypted to you git repository.
+Consider encrypting it via [SOPS](../kluctl/deployments/sops.md).
diff --git a/docs/webui/running-locally.md b/docs/webui/running-locally.md
index f52287b2a..44e8d6ad6 100644
--- a/docs/webui/running-locally.md
+++ b/docs/webui/running-locally.md
@@ -4,7 +4,7 @@
 title: Running locally
 linkTitle: Running locally
 description: Running the Kluctl Webui locally
-weight: 10
+weight: 30
 ---
 -->
 
diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 558aecbd4..06e1daf91 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -32,6 +32,7 @@ FILES="$FILES install/webui/webui/deployment.yaml"
 FILES="$FILES docs/kluctl/installation.md"
 FILES="$FILES docs/gitops/installation.md"
 FILES="$FILES docs/webui/installation.md"
+FILES="$FILES docs/webui/oidc-azure-ad.md"
 
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp

From 74887f838bd6c8b2a66769a9770a76d08e163c44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Sep 2023 09:05:19 +0200
Subject: [PATCH 1556/2268] chore(deps): Bump golang.org/x/oauth2 from 0.11.0
 to 0.12.0 (#768)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index fc8b44e5b..a90e88688 100644
--- a/go.mod
+++ b/go.mod
@@ -34,12 +34,12 @@ require (
 	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.12.0
-	golang.org/x/net v0.14.0
+	golang.org/x/crypto v0.13.0
+	golang.org/x/net v0.15.0
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.12.0
-	golang.org/x/term v0.11.0 // indirect
-	golang.org/x/text v0.12.0
+	golang.org/x/term v0.12.0 // indirect
+	golang.org/x/text v0.13.0
 	helm.sh/helm/v3 v3.12.3
 	k8s.io/api v0.28.1
 	k8s.io/apiextensions-apiserver v0.28.1
@@ -76,7 +76,7 @@ require (
 	github.com/prometheus/client_golang v1.16.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
-	golang.org/x/oauth2 v0.11.0
+	golang.org/x/oauth2 v0.12.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.1
diff --git a/go.sum b/go.sum
index 6982b0387..a9178abd6 100644
--- a/go.sum
+++ b/go.sum
@@ -796,8 +796,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -878,8 +878,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -889,8 +889,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
-golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
+golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
+golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -972,8 +972,8 @@ golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -986,8 +986,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 82a4e5c60a76783e038ec9e2ed245878640b3cda Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Sep 2023 09:05:34 +0200
Subject: [PATCH 1557/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#770)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.38 to 1.18.39.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.38...config/v1.18.39)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index a90e88688..f4e4b661b 100644
--- a/go.mod
+++ b/go.mod
@@ -55,8 +55,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.38
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.36
+	github.com/aws/aws-sdk-go-v2/config v1.18.39
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.37
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
 	github.com/aws/smithy-go v1.14.2
@@ -112,7 +112,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
diff --git a/go.sum b/go.sum
index a9178abd6..acecbb82f 100644
--- a/go.sum
+++ b/go.sum
@@ -105,10 +105,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.38 h1:CByQCELMgm2tM1lAehx3XNg0R/pfeXsYzqn0Aq2chJQ=
-github.com/aws/aws-sdk-go-v2/config v1.18.38/go.mod h1:vNm9Hf5VgG2fSUWhT3zFrqN/RosGcabFMYgiSoxKFU8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.36 h1:ps0cPswZjpsOk6sLwG6fdXTzrYjCplgPEyG3OUbbdqE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.36/go.mod h1:sY2phUzxbygoyDtTXhqi7GjGjCQ1S5a5Rj8u3ksBxCg=
+github.com/aws/aws-sdk-go-v2/config v1.18.39 h1:oPVyh6fuu/u4OiW4qcuQyEtk7U7uuNBmHmJSLg1AJsQ=
+github.com/aws/aws-sdk-go-v2/config v1.18.39/go.mod h1:+NH/ZigdPckFpgB1TRcRuWCB/Kbbvkxc/iNAKTq5RhE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.37 h1:BvEdm09+ZEh2XtN+PVHPcYwKY3wIeB6pw7vPRM4M9/U=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.37/go.mod h1:ACLrdkd4CLZyXOghZ8IYumQbcooAcp2jo/s2xsFH8IM=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
@@ -125,8 +125,8 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd10wi1VfHG5FrW0/g=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 h1:dnInJb4S0oy8aQuri1mV6ipLlnZPfnsDNB9BGO9PDNY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 h1:pSB560BbVj9ZlJZF4WYj5zsytWHWKxg+NgyGV4B2L58=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=

From 89286082f4066d26717349f47c917ca0ea428881 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Sep 2023 09:05:59 +0200
Subject: [PATCH 1558/2268] chore(deps): Bump github.com/hashicorp/vault/api
 from 1.9.2 to 1.10.0 (#766)

Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.2 to 1.10.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/v1.10.0/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.2...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f4e4b661b..2591c8bfa 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.16.1
-	github.com/hashicorp/vault/api v1.9.2
+	github.com/hashicorp/vault/api v1.10.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
diff --git a/go.sum b/go.sum
index acecbb82f..d40e9594d 100644
--- a/go.sum
+++ b/go.sum
@@ -464,8 +464,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
-github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
+github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=

From 93d5900bced0d2a4b05fcd9c43d9dbd2633d8e09 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Sep 2023 09:23:55 +0200
Subject: [PATCH 1559/2268] chore: Also replace version in
 install/webui/webui/kustomization.yaml

---
 hack/prepare-release.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 06e1daf91..988e0f650 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -29,6 +29,7 @@ FILES="$FILES install/controller/.kluctl.yaml"
 FILES="$FILES install/controller/controller/kustomization.yaml"
 FILES="$FILES install/webui/.kluctl.yaml"
 FILES="$FILES install/webui/webui/deployment.yaml"
+FILES="$FILES install/webui/webui/kustomization.yaml"
 FILES="$FILES docs/kluctl/installation.md"
 FILES="$FILES docs/gitops/installation.md"
 FILES="$FILES docs/webui/installation.md"

From a4822108bb63488b7088131bdc521c897255abfc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Sep 2023 09:24:00 +0200
Subject: [PATCH 1560/2268] build: Preparing release v2.21.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 8776f46a7..b6e9395b4 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.20.8
+        tag: v2.21.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 2fe8eae58..0d0901219 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.20.8
+        tag: v2.21.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 9f9faed42..58145784a 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.20.8
+        tag: v2.21.0
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.20.8
+            kluctl_version: v2.21.0
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.20.8
+        tag: v2.21.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index e25565d9f..cc28017fa 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.20.8
+         tag: v2.21.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 994695e1e..4147d30c0 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.8
+    default: v2.21.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index a57b051e9..81b3a4a19 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.20.8") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 479b96f07..072027ed4 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.20.8
+    default: v2.21.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 6b40df304..103fa0042 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.20.8") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.21.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From e18e1c428b39488dfe3bd362f1c70a2ab68987a3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Sep 2023 16:11:24 +0200
Subject: [PATCH 1561/2268] fix: Pass YesArgs to deploy command for "controller
 install"

---
 cmd/kluctl/commands/cmd_controller_install.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
index 1e70e16a8..c8e7120af 100644
--- a/cmd/kluctl/commands/cmd_controller_install.go
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -46,6 +46,7 @@ func (cmd *controllerInstallCmd) Run(ctx context.Context) error {
 		ArgsFlags: args.ArgsFlags{
 			Arg: deployArgs,
 		},
+		YesFlags:           cmd.YesFlags,
 		DryRunFlags:        cmd.DryRunFlags,
 		CommandResultFlags: cmd.CommandResultFlags,
 		internal:           true,

From 5806e0226b4a32e820699b35dddf55bc211a3061 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Sep 2023 16:15:12 +0200
Subject: [PATCH 1562/2268] fix: Don't try to get git info when it's not a git
 repo

---
 pkg/deployment/commands/result_utils.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index fe8954171..4b37ee359 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
 	"path/filepath"
 	"time"
 )
@@ -98,6 +99,9 @@ func buildGitInfo(targetCtx *kluctl_project.TargetContext) (result.GitInfo, resu
 	if targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
 		return gitInfo, projectKey, nil
 	}
+	if _, err := os.Stat(filepath.Join(targetCtx.KluctlProject.LoadArgs.RepoRoot, ".git")); os.IsNotExist(err) {
+		return gitInfo, projectKey, nil
+	}
 
 	projectDirAbs, err := filepath.Abs(targetCtx.KluctlProject.LoadArgs.ProjectDir)
 	if err != nil {

From a9ed4fb9fd4e3408b6e4d5075dac9ebb0b83cb6f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 6 Sep 2023 16:40:24 +0200
Subject: [PATCH 1563/2268] fix: Show <no-name> for projects without a name

---
 .../target-cards-view/ProjectCard.tsx         | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
index 34af5f442..42e2f531a 100644
--- a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
@@ -1,5 +1,5 @@
 import { getLastPathElement } from "../../utils/misc";
-import { Box } from "@mui/material";
+import { Box, Typography } from "@mui/material";
 import React from "react";
 import { ProjectIcon } from "../../icons/Icons";
 import { ProjectSummary } from "../../project-summaries";
@@ -8,15 +8,20 @@ import { cardHeight, CardTemplate } from "../card/Card";
 const projectCardWidth = 300
 
 export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
-    const name = getLastPathElement(props.ps.project.gitRepoKey)
+    let name = getLastPathElement(props.ps.project.gitRepoKey)
     const subDir = props.ps.project.subDir
 
-    const projectInfo = <Box>
-        {props.ps.project.gitRepoKey}<br />
-        {props.ps.project.subDir ? <>
-            SubDir: {props.ps.project.subDir}<br />
-        </> : <></>}
-    </Box>
+    if (!name) {
+        name = "<no-name>"
+    }
+
+    let projectInfo: React.ReactElement | undefined
+    if (props.ps.project.gitRepoKey || props.ps.project.subDir) {
+        projectInfo =  <Box>
+            <Typography>{props.ps.project.gitRepoKey}</Typography>
+            {props.ps.project.subDir && <Typography>SubDir: {props.ps.project.subDir}</Typography>}
+        </Box>
+    }
 
     return <CardTemplate
         paperProps={{

From 60d22adda47ae057781ad06ee3306846e3b9f868 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 7 Sep 2023 11:42:33 +0200
Subject: [PATCH 1564/2268] fix: Flush status before outputting results

---
 cmd/kluctl/commands/command_result.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 60c9f821c..14066ffb8 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -300,6 +300,9 @@ func outputYamlResult(ctx context.Context, output []string, result interface{},
 }
 
 func outputResult(ctx context.Context, f *string, result string) error {
+	// make sure there is no pending render of a status line
+	status.Flush(ctx)
+
 	var w io.Writer
 	w = getStdout(ctx)
 	if f != nil && *f != "-" {

From 3b15a6ad4bf7387cecfcec9ef70544260e0e720d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 14:52:30 +0200
Subject: [PATCH 1565/2268] fix: Reduce initialDelaySeconds and periodSeconds
 for controller/webui

---
 config/manager/manager.yaml                | 4 ++--
 install/controller/controller/manager.yaml | 4 ++--
 install/webui/webui/deployment.yaml        | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 759ca8250..592de80cc 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -83,8 +83,8 @@ spec:
           httpGet:
             path: /healthz
             port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
+          initialDelaySeconds: 5
+          periodSeconds: 10
         readinessProbe:
           httpGet:
             path: /readyz
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index 75cd27bb6..ab095372b 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -51,8 +51,8 @@ spec:
           httpGet:
             path: /healthz
             port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
+          initialDelaySeconds: 5
+          periodSeconds: 10
         name: controller
         ports:
         - containerPort: 8080
diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index abdd5685b..489e35c5f 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -42,7 +42,7 @@ spec:
             path: /healthz
             port: 8080
           initialDelaySeconds: 5
-          periodSeconds: 20
+          periodSeconds: 10
         readinessProbe:
           httpGet:
             path: /readyz

From 18130fb31df8e7f2e27b41d3159ec3aadf0dacf3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 14:52:45 +0200
Subject: [PATCH 1566/2268] docs: Add docs about deployInterval

---
 docs/gitops/spec/v1beta1/kluctldeployment.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 1729086a8..752a97b21 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -81,6 +81,10 @@ See [Git authentication](#git-authentication) for details on authentication and
 ### interval
 See [Reconciliation](#reconciliation).
 
+### deployInterval
+If set, the controller will periodically force a deployment, even if the rendered manifests have not changed. 
+See [Reconciliation](#reconciliation) for more details.
+
 ### suspend
 See [Reconciliation](#reconciliation).
 

From 6b3de7bbf12de983631efb42aa07d870adc99ba7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 14:53:17 +0200
Subject: [PATCH 1567/2268] chore: Add a few html ids so that the demo recorder
 knows where to click

---
 pkg/webui/ui/src/components/LeftDrawer.tsx    |  2 +-
 pkg/webui/ui/src/components/card/Card.tsx     |  2 +-
 pkg/webui/ui/src/components/card/CardTabs.tsx |  3 +-
 .../target-cards-view/TargetCardsView.tsx     | 55 ++++++++++---------
 4 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/pkg/webui/ui/src/components/LeftDrawer.tsx b/pkg/webui/ui/src/components/LeftDrawer.tsx
index c778d7c68..f596fbfac 100644
--- a/pkg/webui/ui/src/components/LeftDrawer.tsx
+++ b/pkg/webui/ui/src/components/LeftDrawer.tsx
@@ -173,7 +173,7 @@ export default function LeftDrawer(props: {
             <ThemeProvider theme={dark}>
                 <Drawer variant="permanent" open={open}>
                     <DrawerHeader>
-                        <IconButton
+                        <IconButton id={"kluctl-logo"}
                             onClick={toggleDrawer}
                             sx={{ gap: '13px', padding: 0 }}>
                             <KluctlLogo />
diff --git a/pkg/webui/ui/src/components/card/Card.tsx b/pkg/webui/ui/src/components/card/Card.tsx
index 28a24d040..2d1e84489 100644
--- a/pkg/webui/ui/src/components/card/Card.tsx
+++ b/pkg/webui/ui/src/components/card/Card.tsx
@@ -115,7 +115,7 @@ export const CardTemplate = React.forwardRef((props: {
                 right='10px'
                 top='10px'
             >
-                <IconButton onClick={props.onClose}>
+                <IconButton id={"close-card-button"} onClick={props.onClose}>
                     <CloseLightIcon />
                 </IconButton>
             </Box>
diff --git a/pkg/webui/ui/src/components/card/CardTabs.tsx b/pkg/webui/ui/src/components/card/CardTabs.tsx
index 8c779a690..0c9ef076b 100644
--- a/pkg/webui/ui/src/components/card/CardTabs.tsx
+++ b/pkg/webui/ui/src/components/card/CardTabs.tsx
@@ -62,12 +62,13 @@ export const CardTabs = (props: CardTabsProps) => {
         return <></>
     }
 
+
     return <TabContext value={selectedTab}>
         <Box display='flex' flexDirection='column' height='100%' overflow='hidden'>
             <Box height='36px' flex='0 0 auto' p='0'>
                 <TabList onChange={handleTabChange}>
                     {tabs.map((tab, i) => {
-                        return <Tab label={tab.label} value={tab.label} key={tab.label}/>
+                        return <Tab id={tab.label} label={tab.label} value={tab.label} key={tab.label}/>
                     })}
                 </TabList>
             </Box>
diff --git a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
index a90cbb90e..1ed55011b 100644
--- a/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/TargetCardsView.tsx
@@ -83,29 +83,31 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                         {ps.targets.map((ts, i) => {
                             const key = buildTargetKey(ps.project, ts.target, ts.kdInfo)
                             return <Box key={key} display='flex'>
-                                <ExpandableCard
-                                    cardWidth={targetCardWidth}
-                                    cardHeight={cardHeight}
-                                    expand={!props.selectedResult && selectedTargetKey === key}
-                                    onExpand={() => props.onSelect(ps, ts, false)}
-                                    onClose={() => {
-                                        props.onCloseExpanded()
-                                    }}
-                                    onSelect={cd => {
-                                    }}
-                                    cardsData={[ts]}
-                                    getKey={cd => buildListKey([cd.target, cd.kdInfo])}
-                                    selected={selectedTargetKey}
-                                    renderCard={(cardData, expanded, current) => {
-                                        return <TargetCard
-                                            ps={ps}
-                                            ts={ts}
-                                            expanded={expanded}
-                                            onClose={() => {
-                                                props.onCloseExpanded()
-                                            }}
-                                        />
-                                    }}/>
+                                <Box id={"targetCard-" + ts.target.discriminator} >
+                                    <ExpandableCard
+                                        cardWidth={targetCardWidth}
+                                        cardHeight={cardHeight}
+                                        expand={!props.selectedResult && selectedTargetKey === key}
+                                        onExpand={() => props.onSelect(ps, ts, false)}
+                                        onClose={() => {
+                                            props.onCloseExpanded()
+                                        }}
+                                        onSelect={cd => {
+                                        }}
+                                        cardsData={[ts]}
+                                        getKey={cd => buildListKey([cd.target, cd.kdInfo])}
+                                        selected={selectedTargetKey}
+                                        renderCard={(cardData, expanded, current) => {
+                                            return <TargetCard
+                                                ps={ps}
+                                                ts={ts}
+                                                expanded={expanded}
+                                                onClose={() => {
+                                                    props.onCloseExpanded()
+                                                }}
+                                            />
+                                        }}/>
+                                </Box>
                                 {ts.commandResults.length ? <RelationHorizontalLine/> : <></>}
                             </Box>
                         })}
@@ -116,8 +118,9 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                             const tsKey = buildTargetKey(ps.project, ts.target, ts.kdInfo)
                             return <CardRow key={tsKey} height={cardHeight}>
                                 {ts.commandResults?.slice(0, 4).map((rs, i) => {
-                                    return i === 0 ? <ExpandableCard
-                                            key={rs.id}
+                                    const idSuffix = (ts.kdInfo ? "kd" : "cli") + "-" + ts.target.discriminator
+                                    return i === 0 ? <Box key={rs.id} id={"firstCommandResult-" + idSuffix}>
+                                        <ExpandableCard
                                             cardWidth={commandResultCardWidth}
                                             cardHeight={cardHeight}
                                             expand={selectedTargetKey === tsKey && !!props.selectedResult}
@@ -150,7 +153,9 @@ export const TargetCardsView = (props: TargetCardsViewProps) => {
                                                     }}
                                                 />
                                             }}/>
+                                        </Box>
                                         : <CardPaper
+                                            id={"additionalCommandResult-" + idSuffix}
                                             key={rs.id}
                                             sx={{
                                                 width: commandResultCardWidth,

From f9cf94c677ab72a52131c1e8c1aa02ea3c6f957a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 14:54:26 +0200
Subject: [PATCH 1568/2268] chore(deps): Bump
 github.com/cyphar/filepath-securejoin (#772)

Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2591c8bfa..15a186182 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/bitnami-labs/sealed-secrets v0.23.1
-	github.com/cyphar/filepath-securejoin v0.2.3
+	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.2+incompatible
 	github.com/go-playground/validator/v10 v10.15.3
 	github.com/gobwas/glob v0.2.3 // indirect
diff --git a/go.sum b/go.sum
index d40e9594d..338757b57 100644
--- a/go.sum
+++ b/go.sum
@@ -191,8 +191,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHH
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
-github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

From c35f6edf616eefa2bdad45bab4a56074c93c0a74 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 14:54:36 +0200
Subject: [PATCH 1569/2268] chore(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore (#773)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.7.1...sdk/azcore/v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 15a186182..d441b3e70 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 
 require (
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.39
diff --git a/go.sum b/go.sum
index 338757b57..30cf16cdb 100644
--- a/go.sum
+++ b/go.sum
@@ -51,8 +51,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2 h1:t5+QXLCK9SVi0PPdaY0PrFvYUo24KwA0QwxnaHRSVd4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=

From 88ad0699665fe9b7bdc27be8f2974bd08a06644b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 14:54:56 +0200
Subject: [PATCH 1570/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.19.2 to 1.19.3 (#777)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.19.2 to 1.19.3.
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.19.2...v1.19.3)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d441b3e70..5da39baf6 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.19.2
+	github.com/ohler55/ojg v1.19.3
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 30cf16cdb..ab8cf4314 100644
--- a/go.sum
+++ b/go.sum
@@ -603,8 +603,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/ohler55/ojg v1.19.2 h1:XvMP9oF6jo3T4eUyCsDwi3YFv0bGyQ4PvYBSMF9LiBM=
-github.com/ohler55/ojg v1.19.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
+github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=

From 457ee4d18f9d3d27efb4ba5143d960b7e66d9c2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Sep 2023 14:55:18 +0200
Subject: [PATCH 1571/2268] chore(deps): Bump goreleaser/goreleaser-action from
 4 to 5 (#778)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 2e63b91f5..aefa0becc 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -58,7 +58,7 @@ jobs:
         run: |
           cat .goreleaser.yaml | sed 's/draft: true/draft: false/g' > .goreleaser.yaml.tmp && mv .goreleaser.yaml.tmp .goreleaser.yaml
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           distribution: goreleaser-pro
           version: latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fb2aedbb7..cf2a63a34 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-goreleaser-release-
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           distribution: goreleaser-pro
           version: latest

From 9e2ea9159f5f624a25ce378a5b659b0384782a99 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 15:17:47 +0200
Subject: [PATCH 1572/2268] build: Preparing release v2.21.1

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index b6e9395b4..1b65908a2 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.0
+        tag: v2.21.1
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 0d0901219..6a1b8fb61 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.0
+        tag: v2.21.1
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 58145784a..985cc20fc 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.0
+        tag: v2.21.1
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.21.0
+            kluctl_version: v2.21.1
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.0
+        tag: v2.21.1
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index cc28017fa..b2c7f5d69 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.21.0
+         tag: v2.21.1
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 4147d30c0..040b58a18 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.0
+    default: v2.21.1
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 81b3a4a19..bb8e6c99b 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.0") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 072027ed4..02eb4b562 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.0
+    default: v2.21.1
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 103fa0042..97264f6ee 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.21.0") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.21.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 37b4464048dfde7b3ae88359a384104224906acc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 17:34:07 +0200
Subject: [PATCH 1573/2268] docs: Remove reference to flux-kluctl-controller

---
 README.md                       |  4 --
 docs/gitops/migration/README.md | 71 ---------------------------------
 2 files changed, 75 deletions(-)
 delete mode 100644 docs/gitops/migration/README.md

diff --git a/README.md b/README.md
index d17b6c968..e08bff1a1 100644
--- a/README.md
+++ b/README.md
@@ -24,10 +24,6 @@ local machine, from your CI/CD pipelines or any automation platform/system that
 If you want to follow a pull based GitOps flow, then you can use the Kluctl Controller, which then allows you to use
 `KluctlDeployment` custom resources to define your Kluctl deployments.
 
-Please note: GitOps support was previously implemented via the now deprecated [flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller).
-Historically, the flux-kluctl-controller depended on the Flux ecosystem (the source-controller to be specific), which
-has changed in the meantime, meaning that it runs completely independent and thus is not part of the Flux ecosystem anymore.
-
 ## What can I do with Kluctl?
 
 Kluctl allows you to define a Kluctl project, which in turn defines Kluctl
diff --git a/docs/gitops/migration/README.md b/docs/gitops/migration/README.md
deleted file mode 100644
index ef9dd3322..000000000
--- a/docs/gitops/migration/README.md
+++ /dev/null
@@ -1,71 +0,0 @@
-<!-- This comment is uncommented when auto-synced to www-kluctl.io
-
----
-title: Legacy Controller Migration
-linkTitle: Legacy Controller Migration
-description: Legacy Controller Migration
-weight: 100
----
--->
-
-# Legacy Controller Migration
-
-Older versions of Kluctl (pre v2.20.0) relied on a legacy version of the Kluctl controller, named
-[flux-kluctl-controller](https://github.com/kluctl/flux-kluctl-controller). If you upgraded from such an older
-version and were already using `KluctlDeployments` from the `flux.kluctl.io` API group, you must migrate these
-deployments to the new `gitops.kluctl.io` group.
-
-To do this, follow the following steps:
-
-1. Upgrade the legacy flux-kluctl-controller to at least v0.16.0. This version will introduce a special marker field
-into the legacy `KluctlDeployment` status and set it to true. This marker field is used to inform the new Kluctl Controller
-that the legacy controller is now aware of the existence of the new controller.
-2. If not already done, [install](../installation.md) the new Kluctl Controller.
-3. To be on the safe side, disable [pruning](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#prune) and
-[deletion](https://kluctl.io/docs/flux/spec/v1alpha1/kluctldeployment/#delete) for all legacy `KluctlDeployment` objects.
-Don't forget to deploy/apply these changes before continuing with the next step.
-4. Modify your `KluctlDeployment` manifests to use the `gitops.kluctl.io/v1beta1` as `apiVersion`. It's important
-to use the same name and namespace as used in the legacy resources. Also read the [breaking changes](#breaking-changes)
-section.
-5. Deploy/Apply the modified `KluctlDeployment` resources.
-6. At this point, the legacy controller will detect that the `KluctlDeployment` exists twice, once for the legacy
-API group/version and once for the new group/version. Based on that knowledge, the legacy controller will stop reconciling
-the legacy `KluctlDeployment`.
-7. At the same time, the new controller will detect that the legacy `KluctlDeployment` has the marker field set, which
-means that the legacy controller is known to honor the new controller's existence.
-8. This will lead to the new controller taking over and reconciling the new `KluctlDeployment`.
-9. If you disabled deletion/pruning in step 3., you should undo this on the new `KluctlDeployments` now.
-
-After these steps, the legacy `KluctlDeployment` resources will be excluded from reconciliation by the legacy controller.
-This means, you can safely remove/prune the legacy resources.
-
-# Breaking changes
-
-There exist some breaking changes between the legacy `flux.kluctl.io/v1alpha1` and `gitops.kluctl.io/v1beta1` custom
-resources and controllers. These are:
-
-### Only deploy when resources change
-
-The legacy controller did a full deploy on each reconciliation, following the Flux way of reconciliations. This
-behaviour was configurable by allowing you to set `spec.deployInterval: never`, which disabled full deployments and
-caused the controller to only deploy when the resulting rendered resources actually changed.
-
-The new controller will behave this way by default, unless you explicitly set `spec.deployInterval` to some interval
-value.
-
-This means, you will have to introduce `spec.deployInterval` in case you expect the controller to behave as before or
-remove `spec.deployInterval: never` if you already used the Kluctl specific behavior.
-
-### renameContexts has been removed
-
-The `spec.renameContexts` field is not available anymore. Use `spec.context` instead.
-
-### status will not contain full result anymore
-
-The legacy controller wrote the full command result (with objects, diffs, ...) into the status field. The new
-controller will instead only write a summary of the result.
-
-# Why no fully automated migration?
-
-I have decided against a fully automated migration as the move of the API group causes resources to have a different
-identity. This can easily lead to unexpected behaviour and does not play well with GitOps.

From da7eb2071a4d1893b2277fa53f6c495605deb947 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 17:40:00 +0200
Subject: [PATCH 1574/2268] docs: Update readme with infos about the Kluctl
 Webui

---
 README.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index e08bff1a1..b5844c492 100644
--- a/README.md
+++ b/README.md
@@ -21,9 +21,6 @@ Kluctl does not strictly depend on a controller and allows to use the same deplo
 as long as access to the kluctl project and clusters is available. This means, that you can use it from your
 local machine, from your CI/CD pipelines or any automation platform/system that allows to call custom tools.
 
-If you want to follow a pull based GitOps flow, then you can use the Kluctl Controller, which then allows you to use
-`KluctlDeployment` custom resources to define your Kluctl deployments.
-
 ## What can I do with Kluctl?
 
 Kluctl allows you to define a Kluctl project, which in turn defines Kluctl
@@ -34,6 +31,19 @@ and/or clusters.
 
 The Kluctl CLI then allows to deploy, diff, prune, delete, ... your deployments.
 
+## GitOps
+
+If you want to follow a pull based [GitOps](https://kluctl.io/docs/gitops/) flow, then you can use the Kluctl
+Controller, which then allows you to use `KluctlDeployment` custom resources to define your Kluctl deployments.
+
+## Kluctl Webui
+
+Kluctl also offers a [Webui](https://kluctl.io/docs/webui/) that allows you to visualise and control your Kluctl
+deployments. It works for deployments performed by the CLI and for deployments performed via GitOps.
+
+[Here](https://medium.com/kluctl/introducing-the-kluctl-webui-bcd3ea4b264d) is an introduction to the Webui together
+with a tutorial.
+
 ## Where do I start?
 
 Installation instructions can be found [here](docs/kluctl/installation.md). For a getting started guide, continue

From 1dbe07f5fbddd2f4c39ccf93715530d7864a2231 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Sep 2023 17:41:48 +0200
Subject: [PATCH 1575/2268] docs: Use new demo video in README.md

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b5844c492..c385a6894 100644
--- a/README.md
+++ b/README.md
@@ -89,4 +89,7 @@ handles these matters.
 | 🔐 Encrypted Secrets | Manage encrypted secrets for multiple target environments and clusters. |
 
 ## Demo
-![](https://kluctl.io/asciinema/kluctl.gif)
+
+https://kluctl.io/vhs/demo-cut.mp4
+
+Click on the link to play the video.
\ No newline at end of file

From 67bf6465d7c64e065f442e5942fb40ee15498832 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 07:16:17 +0200
Subject: [PATCH 1576/2268] chore(deps): Bump k8s.io/apimachinery from 0.28.1
 to 0.28.2 (#784)

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.28.1 to 0.28.2.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.28.1...v0.28.2)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5da39baf6..31474cedd 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	helm.sh/helm/v3 v3.12.3
 	k8s.io/api v0.28.1
 	k8s.io/apiextensions-apiserver v0.28.1
-	k8s.io/apimachinery v0.28.1
+	k8s.io/apimachinery v0.28.2
 	k8s.io/client-go v0.28.1
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.3
diff --git a/go.sum b/go.sum
index ab8cf4314..b51ee4912 100644
--- a/go.sum
+++ b/go.sum
@@ -1197,8 +1197,8 @@ k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108=
 k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg=
 k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
 k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
-k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY=
-k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
+k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ=
+k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU=
 k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM=
 k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w=
 k8s.io/cli-runtime v0.28.1 h1:7Njc4eD5kaO4tYdSYVJJEs54koYD/vT6gxOq8dEVf9g=

From 748b39fbd490f1bc5096da49e67cd6603669ba34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 07:17:31 +0200
Subject: [PATCH 1577/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#786)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.3 to 10.15.4.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.15.3...v10.15.4)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 31474cedd..e6f469cc6 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.23.1
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.15.3
+	github.com/go-playground/validator/v10 v10.15.4
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.16.1
diff --git a/go.sum b/go.sum
index b51ee4912..68e9c597a 100644
--- a/go.sum
+++ b/go.sum
@@ -302,8 +302,8 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.15.3 h1:S+sSpunYjNPDuXkWbK+x+bA7iXiW296KG4dL3X7xUZo=
-github.com/go-playground/validator/v10 v10.15.3/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.4 h1:zMXza4EpOdooxPel5xDqXEdXG5r+WggpvnAKMsalBjs=
+github.com/go-playground/validator/v10 v10.15.4/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From bea73bec2af0e306c19f95984a8226340f8d13e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 07:19:40 +0200
Subject: [PATCH 1578/2268] chore(deps): Bump k8s.io/client-go from 0.28.1 to
 0.28.2 (#785)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.28.1 to 0.28.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.28.1...v0.28.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index e6f469cc6..440b9cd51 100644
--- a/go.mod
+++ b/go.mod
@@ -41,10 +41,10 @@ require (
 	golang.org/x/term v0.12.0 // indirect
 	golang.org/x/text v0.13.0
 	helm.sh/helm/v3 v3.12.3
-	k8s.io/api v0.28.1
+	k8s.io/api v0.28.2
 	k8s.io/apiextensions-apiserver v0.28.1
 	k8s.io/apimachinery v0.28.2
-	k8s.io/client-go v0.28.1
+	k8s.io/client-go v0.28.2
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.3
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
diff --git a/go.sum b/go.sum
index 68e9c597a..60fa99971 100644
--- a/go.sum
+++ b/go.sum
@@ -1193,8 +1193,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108=
-k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg=
+k8s.io/api v0.28.2 h1:9mpl5mOb6vXZvqbQmankOfPIGiudghwCoLl1EYfUZbw=
+k8s.io/api v0.28.2/go.mod h1:RVnJBsjU8tcMq7C3iaRSGMeaKt2TWEUXcpIt/90fjEg=
 k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
 k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
 k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ=
@@ -1203,8 +1203,8 @@ k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM=
 k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w=
 k8s.io/cli-runtime v0.28.1 h1:7Njc4eD5kaO4tYdSYVJJEs54koYD/vT6gxOq8dEVf9g=
 k8s.io/cli-runtime v0.28.1/go.mod h1:yIThSWkAVLqeRs74CMkq6lNFW42GyJmvMtcNn01SZho=
-k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8=
-k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE=
+k8s.io/client-go v0.28.2 h1:DNoYI1vGq0slMBN/SWKMZMw0Rq+0EQW6/AK4v9+3VeY=
+k8s.io/client-go v0.28.2/go.mod h1:sMkApowspLuc7omj1FOSUxSoqjr+d5Q0Yc0LOFnYFJY=
 k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg=
 k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=

From 634f4144d541c73be724fd7360527e95dca34aaa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 09:26:24 +0200
Subject: [PATCH 1579/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.8.1 to 5.9.0 (#782)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.1 to 5.9.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 19 +++++++++----------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 440b9cd51..fa869d10e 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.0-rc.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
-	github.com/go-git/go-git/v5 v5.8.1
+	github.com/go-git/go-git/v5 v5.9.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.3.1
@@ -102,7 +102,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
@@ -144,7 +144,7 @@ require (
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.4.1 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -254,7 +254,7 @@ require (
 	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
+	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.138.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 60fa99971..efeb81882 100644
--- a/go.sum
+++ b/go.sum
@@ -88,8 +88,8 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
-github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
-github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
@@ -216,7 +216,7 @@ github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHz
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
-github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -262,11 +262,11 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
-github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
-github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A=
-github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo=
+github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY=
+github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -602,7 +602,6 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
 github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
@@ -1045,8 +1044,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E=
-golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 2d6872593b29fe9e338256eb843ee3834f4bbb03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 14 Sep 2023 09:26:39 +0200
Subject: [PATCH 1580/2268] feat: Remove flux-kluctl-controller migration code
 (#787)

---
 config/rbac/role.yaml                         |  14 -
 e2e/gitops_migration_test.go                  | 119 ----
 .../flux.kluctl.io_kluctldeployments.yaml     | 659 ------------------
 install/controller/controller/rbac.yaml       |  14 -
 .../kluctldeployment_controller.go            |  75 --
 pkg/webui/shortnames.go                       |   1 -
 6 files changed, 882 deletions(-)
 delete mode 100644 e2e/gitops_migration_test.go
 delete mode 100644 e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 5f7215c78..03ed9ed6f 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -21,20 +21,6 @@ rules:
   verbs:
   - create
   - patch
-- apiGroups:
-  - flux.kluctl.io
-  resources:
-  - kluctldeployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - flux.kluctl.io
-  resources:
-  - kluctldeployments/status
-  verbs:
-  - get
 - apiGroups:
   - gitops.kluctl.io
   resources:
diff --git a/e2e/gitops_migration_test.go b/e2e/gitops_migration_test.go
deleted file mode 100644
index 27d389ca4..000000000
--- a/e2e/gitops_migration_test.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package e2e
-
-import (
-	"context"
-	"fmt"
-	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	meta2 "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/stretchr/testify/assert"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	"k8s.io/apimachinery/pkg/api/meta"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"time"
-)
-import . "github.com/onsi/gomega"
-
-var legacyGvk = schema.GroupVersionKind{
-	Group:   "flux.kluctl.io",
-	Version: "v1alpha1",
-	Kind:    "KluctlDeployment",
-}
-
-func (suite *GitopsTestSuite) createLegacyKluctlDeployment(p *test_utils.TestProject, target string) client.ObjectKey {
-	gitopsNs := p.TestSlug() + "-gitops"
-	createNamespace(suite.T(), suite.k, gitopsNs)
-
-	kluctlDeployment := uo.New()
-	kluctlDeployment.SetK8sGVK(legacyGvk)
-
-	kluctlDeployment.SetK8sName(p.TestSlug())
-	kluctlDeployment.SetK8sNamespace(gitopsNs)
-	_ = kluctlDeployment.SetNestedField(map[string]any{
-		"interval":       interval.String(),
-		"deployInterval": "never",
-		"timeout":        timeout.String(),
-		"target":         target,
-		"source": map[string]any{
-			"url": p.GitUrl(),
-		},
-	}, "spec")
-
-	err := suite.k.Client.Create(context.Background(), kluctlDeployment.ToUnstructured())
-	if err != nil {
-		suite.T().Fatal(err)
-	}
-
-	key := client.ObjectKeyFromObject(kluctlDeployment.ToUnstructured())
-	return key
-}
-
-func (suite *GitopsTestSuite) TestGitOpsLegacyMigration() {
-	g := NewWithT(suite.T())
-
-	test_resources.ApplyYaml(suite.T(), "flux.kluctl.io_kluctldeployments.yaml", suite.k)
-	suite.T().Cleanup(func() {
-		obj := uo.New()
-		obj.SetK8sGVK(apiextensionsv1.SchemeGroupVersion.WithKind("CustomResourceDefinition"))
-		obj.SetK8sName("kluctldeployments.flux.kluctl.io")
-		_ = suite.k.Client.Delete(context.TODO(), obj.ToUnstructured())
-	})
-
-	p := test_utils.NewTestProject(suite.T())
-	createNamespace(suite.T(), suite.k, p.TestSlug())
-
-	p.UpdateTarget("target1", nil)
-	p.AddKustomizeDeployment("d1", []test_utils.KustomizeResource{
-		{Name: "cm1.yaml", Content: uo.FromStringMust(fmt.Sprintf(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cm1
-  namespace: "%s"
-data:
-  k1: v1
-`, p.TestSlug()))},
-	}, nil)
-
-	key := suite.createLegacyKluctlDeployment(p, "target1")
-	key2 := suite.createKluctlDeployment(p, "target1", nil)
-	assert.Equal(suite.T(), key, key2)
-
-	checkMigrationStatus := func() bool {
-		var kd kluctlv1.KluctlDeployment
-		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		c := meta.FindStatusCondition(kd.Status.Conditions, meta2.ReadyCondition)
-		return c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason
-	}
-
-	suite.Run("wait for migration to start", func() {
-		g.Eventually(checkMigrationStatus, timeout, time.Second).Should(BeTrue())
-	})
-
-	suite.Run("stays in migration state", func() {
-		suite.triggerReconcile(key)
-		g.Consistently(checkMigrationStatus, 3*time.Second, time.Second).Should(BeTrue())
-	})
-
-	suite.Run("legacy controller marks the deployment with readyForMigration", func() {
-		var obj unstructured.Unstructured
-		obj.SetGroupVersionKind(legacyGvk)
-		err := suite.k.Client.Get(context.TODO(), key, &obj)
-		g.Expect(err).To(Succeed())
-
-		_ = unstructured.SetNestedField(obj.Object, true, "status", "readyForMigration")
-		err = suite.k.Client.Status().Update(context.TODO(), &obj)
-		g.Expect(err).To(Succeed())
-	})
-
-	suite.Run("wait for migration to end", func() {
-		g.Eventually(checkMigrationStatus, timeout, time.Second).Should(BeFalse())
-	})
-
-	suite.Run("initial deployment", func() {
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-	})
-}
diff --git a/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml b/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml
deleted file mode 100644
index fe7d3b8d6..000000000
--- a/e2e/test_resources/flux.kluctl.io_kluctldeployments.yaml
+++ /dev/null
@@ -1,659 +0,0 @@
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
-  creationTimestamp: null
-  name: kluctldeployments.flux.kluctl.io
-spec:
-  group: flux.kluctl.io
-  names:
-    kind: KluctlDeployment
-    listKind: KluctlDeploymentList
-    plural: kluctldeployments
-    singular: kluctldeployment
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .spec.dryRun
-      name: DryRun
-      type: boolean
-    - jsonPath: .status.lastDeployResult.time
-      name: Deployed
-      type: date
-    - jsonPath: .status.lastPruneResult.time
-      name: Pruned
-      type: date
-    - jsonPath: .status.lastValidateResult.time
-      name: Validated
-      type: date
-    - jsonPath: .status.conditions[?(@.type=="Ready")].status
-      name: Ready
-      type: string
-    - jsonPath: .status.conditions[?(@.type=="Ready")].message
-      name: Status
-      type: string
-    - jsonPath: .metadata.creationTimestamp
-      name: Age
-      type: date
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: KluctlDeployment is the Schema for the kluctldeployments API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              abortOnError:
-                default: false
-                description: ForceReplaceOnError instructs kluctl to abort deployments
-                  immediately when something fails. Equivalent to using '--abort-on-error'
-                  when calling kluctl.
-                type: boolean
-              args:
-                description: Args specifies dynamic target args.
-                type: object
-                x-kubernetes-preserve-unknown-fields: true
-              context:
-                description: If specified, overrides the context to be used. This
-                  will effectively make kluctl ignore the context specified in the
-                  target.
-                type: string
-              decryption:
-                description: Decrypt Kubernetes secrets before applying them on the
-                  cluster.
-                properties:
-                  provider:
-                    description: Provider is the name of the decryption engine.
-                    enum:
-                    - sops
-                    type: string
-                  secretRef:
-                    description: The secret name containing the private OpenPGP keys
-                      used for decryption.
-                    properties:
-                      name:
-                        description: Name of the referent.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  serviceAccount:
-                    description: ServiceAccount specifies the service account used
-                      to authenticate against cloud providers. This is currently only
-                      usable for AWS KMS keys. The specified service account will
-                      be used to authenticate to AWS by signing a token in an IRSA
-                      compliant way.
-                    type: string
-                required:
-                - provider
-                type: object
-              delete:
-                default: false
-                description: Delete enables deletion of the specified target when
-                  the KluctlDeployment object gets deleted.
-                type: boolean
-              deployInterval:
-                description: DeployInterval specifies the interval at which to deploy
-                  the KluctlDeployment. It defaults to the Interval value, meaning
-                  that it will re-deploy on every reconciliation. If you set DeployInterval
-                  to a different value,
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
-                type: string
-              deployMode:
-                default: full-deploy
-                description: DeployMode specifies what deploy mode should be used.
-                  The options 'full-deploy' and 'poke-images' are supported. With
-                  'poke images' option, only the images from the fixed images are
-                  exchanged and no complete deployment is triggered.
-                enum:
-                - full-deploy
-                - poke-images
-                type: string
-              deployOnChanges:
-                default: true
-                description: DeployOnChanges will cause a re-deployment whenever the
-                  rendered resources change in the deployment. This check is performed
-                  on every reconciliation. This means that a deployment will be triggered
-                  even before the DeployInterval has passed in case something has
-                  changed in the rendered resources.
-                type: boolean
-              dryRun:
-                default: false
-                description: DryRun instructs kluctl to run everything in dry-run
-                  mode. Equivalent to using '--dry-run' when calling kluctl.
-                type: boolean
-              excludeDeploymentDirs:
-                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
-                  with the given dir. Equivalent to using '--exclude-deployment-dir'
-                  when calling kluctl.
-                items:
-                  type: string
-                type: array
-              excludeTags:
-                description: ExcludeTags instructs kluctl to exclude deployments with
-                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
-                items:
-                  type: string
-                type: array
-              forceApply:
-                default: false
-                description: ForceApply instructs kluctl to force-apply in case of
-                  SSA conflicts. Equivalent to using '--force-apply' when calling
-                  kluctl.
-                type: boolean
-              forceReplaceOnError:
-                default: false
-                description: ForceReplaceOnError instructs kluctl to force-replace
-                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
-                  when calling kluctl.
-                type: boolean
-              helmCredentials:
-                description: HelmCredentials is a list of Helm credentials used when
-                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
-                items:
-                  properties:
-                    secretRef:
-                      description: 'SecretRef holds the name of a secret that contains
-                        the Helm credentials. The secret must either contain the fields
-                        `credentialsId` which refers to the credentialsId found in
-                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
-                        or an `url` used to match the credentials found in Kluctl
-                        projects helm-chart.yaml files. The secret can either container
-                        basic authentication credentials via `username` and `password`
-                        or TLS authentication via `certFile` and `keyFile`. `caFile`
-                        can be specified to override the CA to use while contacting
-                        the repository. The secret can also contain `insecureSkipTlsVerify:
-                        "true"`, which will disable TLS verification. `passCredentialsAll:
-                        "true"` can be specified to make the controller pass credentials
-                        to all requests, even if the hostname changes in-between.'
-                      properties:
-                        name:
-                          description: Name of the referent.
-                          type: string
-                      required:
-                      - name
-                      type: object
-                  type: object
-                type: array
-              images:
-                description: Images contains a list of fixed image overrides. Equivalent
-                  to using '--fixed-images-file' when calling kluctl.
-                items:
-                  properties:
-                    container:
-                      type: string
-                    deployTags:
-                      items:
-                        type: string
-                      type: array
-                    deployedImage:
-                      type: string
-                    deployment:
-                      type: string
-                    deploymentDir:
-                      type: string
-                    image:
-                      type: string
-                    namespace:
-                      type: string
-                    object:
-                      description: ObjectRef contains the information necessary to
-                        locate a resource within a cluster.
-                      properties:
-                        group:
-                          type: string
-                        kind:
-                          type: string
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                        version:
-                          type: string
-                      required:
-                      - group
-                      - kind
-                      - name
-                      - namespace
-                      - version
-                      type: object
-                    registryImage:
-                      type: string
-                    resultImage:
-                      type: string
-                    versionFilter:
-                      type: string
-                  required:
-                  - image
-                  - resultImage
-                  type: object
-                type: array
-              includeDeploymentDirs:
-                description: IncludeDeploymentDirs instructs kluctl to only include
-                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
-                  when calling kluctl.
-                items:
-                  type: string
-                type: array
-              includeTags:
-                description: IncludeTags instructs kluctl to only include deployments
-                  with given tags. Equivalent to using '--include-tag' when calling
-                  kluctl.
-                items:
-                  type: string
-                type: array
-              interval:
-                description: The interval at which to reconcile the KluctlDeployment.
-                  By default, the controller will re-deploy and validate the deployment
-                  on each reconciliation. To override this behavior, change the DeployInterval
-                  and/or ValidateInterval values.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              kubeConfig:
-                description: The KubeConfig for deploying to the target cluster. Specifies
-                  the kubeconfig to be used when invoking kluctl. Contexts in this
-                  kubeconfig must match the context found in the kluctl target. As
-                  an alternative, specify the context to be used via 'context'
-                properties:
-                  secretRef:
-                    description: SecretRef holds the name of a secret that contains
-                      a key with the kubeconfig file as the value. If no key is set,
-                      the key will default to 'value'. The secret must be in the same
-                      namespace as the Kustomization. It is recommended that the kubeconfig
-                      is self-contained, and the secret is regularly updated if credentials
-                      such as a cloud-access-token expire. Cloud specific `cmd-path`
-                      auth helpers will not function without adding binaries and credentials
-                      to the Pod that is responsible for reconciling the KluctlDeployment.
-                    properties:
-                      key:
-                        description: Key in the Secret, when not specified an implementation-specific
-                          default key is used.
-                        type: string
-                      name:
-                        description: Name of the Secret.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                type: object
-              noWait:
-                default: false
-                description: NoWait instructs kluctl to not wait for any resources
-                  to become ready, including hooks. Equivalent to using '--no-wait'
-                  when calling kluctl.
-                type: boolean
-              path:
-                description: 'Path to the directory containing the .kluctl.yaml file,
-                  or the Defaults to ''None'', which translates to the root path of
-                  the SourceRef. Deprecated: Use source.path instead'
-                type: string
-              prune:
-                default: false
-                description: Prune enables pruning after deploying.
-                type: boolean
-              registrySecrets:
-                description: DEPRECATED RegistrySecrets is a list of secret references
-                  to be used for image registry authentication. The secrets must either
-                  have ".dockerconfigjson" included or "registry", "username" and
-                  "password". Additionally, "caFile" and "insecure" can be specified.
-                  Kluctl has deprecated querying the registry at deploy time and thus
-                  this field is also deprecated.
-                items:
-                  description: LocalObjectReference contains enough information to
-                    locate the referenced Kubernetes resource object.
-                  properties:
-                    name:
-                      description: Name of the referent.
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              renameContexts:
-                description: RenameContexts specifies a list of context rename operations.
-                  This is useful when the kluctl target's context does not match with
-                  the contexts found in the kubeconfig while deploying. This is the
-                  case when using kubeconfigs generated from service accounts, in
-                  which case the context name is always "default".
-                items:
-                  description: RenameContext specifies a single rename of a context
-                  properties:
-                    newContext:
-                      description: NewContext is the new name of the context
-                      type: string
-                    oldContext:
-                      description: OldContext is the name of the context to be renamed
-                      type: string
-                  required:
-                  - newContext
-                  - oldContext
-                  type: object
-                type: array
-              replaceOnError:
-                default: false
-                description: ReplaceOnError instructs kluctl to replace resources
-                  on error. Equivalent to using '--replace-on-error' when calling
-                  kluctl.
-                type: boolean
-              retryInterval:
-                description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the Interval value to retry
-                  failures.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              serviceAccountName:
-                description: The name of the Kubernetes service account to use while
-                  deploying. If not specified, the default service account is used.
-                type: string
-              source:
-                description: Specifies the project source location
-                properties:
-                  path:
-                    description: Path specifies the sub-directory to be used as project
-                      directory
-                    type: string
-                  ref:
-                    description: Ref specifies the branch, tag or commit that should
-                      be used. If omitted, the default branch of the repo is used.
-                    properties:
-                      branch:
-                        description: Branch to filter for. Can also be a regex.
-                        type: string
-                      tag:
-                        description: Branch to filter for. Can also be a regex.
-                        type: string
-                    type: object
-                  secretRef:
-                    description: SecretRef specifies the Secret containing authentication
-                      credentials for the git repository. For HTTPS repositories the
-                      Secret must contain 'username' and 'password' fields. For SSH
-                      repositories the Secret must contain 'identity' and 'known_hosts'
-                      fields.
-                    properties:
-                      name:
-                        description: Name of the referent.
-                        type: string
-                    required:
-                    - name
-                    type: object
-                  url:
-                    description: Url specifies the Git url where the project source
-                      is located
-                    type: string
-                required:
-                - url
-                type: object
-              sourceRef:
-                description: 'Reference of the source where the kluctl project is.
-                  The authentication secrets from the source are also used to authenticate
-                  dependent git repositories which are cloned while deploying the
-                  kluctl project. Deprecated: Use source instead'
-                properties:
-                  apiVersion:
-                    description: API version of the referent, if not specified the
-                      Kubernetes preferred version will be used.
-                    type: string
-                  kind:
-                    description: Kind of the referent.
-                    type: string
-                  name:
-                    description: Name of the referent.
-                    type: string
-                  namespace:
-                    description: Namespace of the referent, when not specified it
-                      acts as LocalObjectReference.
-                    type: string
-                required:
-                - kind
-                - name
-                type: object
-              suspend:
-                description: This flag tells the controller to suspend subsequent
-                  kluctl executions, it does not apply to already started executions.
-                  Defaults to false.
-                type: boolean
-              target:
-                description: Target specifies the kluctl target to deploy. If not
-                  specified, an empty target is used that has no name and no context.
-                  Use 'TargetName' and 'Context' to specify the name and context in
-                  that case.
-                maxLength: 63
-                minLength: 1
-                type: string
-              targetNameOverride:
-                description: TargetNameOverride sets or overrides the target name.
-                  This is especially useful when deployment without a target.
-                maxLength: 63
-                minLength: 1
-                type: string
-              timeout:
-                description: Timeout for all operations. Defaults to 'Interval' duration.
-                pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
-                type: string
-              updateImages:
-                default: false
-                description: DEPRECATED UpdateImages instructs kluctl to update dynamic
-                  images. Equivalent to using '-u' when calling kluctl. Setting this
-                  field to true is deprecated.
-                type: boolean
-              validate:
-                default: true
-                description: Validate enables validation after deploying
-                type: boolean
-              validateInterval:
-                description: ValidateInterval specifies the interval at which to validate
-                  the KluctlDeployment. Validation is performed the same way as with
-                  'kluctl validate -t <target>'. Defaults to the same value as specified
-                  in Interval. Validate is also performed whenever a deployment is
-                  performed, independent of the value of ValidateInterval
-                pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)|never$
-                type: string
-            required:
-            - interval
-            type: object
-          status:
-            description: KluctlDeploymentStatus defines the observed state of KluctlDeployment
-            properties:
-              conditions:
-                items:
-                  description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n \ttype FooStatus struct{ \t    // Represents the observations
-                    of a foo's current state. \t    // Known .status.conditions.type
-                    are: \"Available\", \"Progressing\", and \"Degraded\" \t    //
-                    +patchMergeKey=type \t    // +patchStrategy=merge \t    // +listType=map
-                    \t    // +listMapKey=type \t    Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n \t    // other fields
-                    \t}"
-                  properties:
-                    lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              discriminator:
-                description: Discriminator is the discriminator found in the target
-                  when the last deployment was done. This is used to perform cleanup/deletion
-                  in case the KluctlDeployment project is deleted
-                type: string
-              lastAttemptedRevision:
-                description: LastAttemptedRevision is the revision of the last reconciliation
-                  attempt.
-                type: string
-              lastDeployResult:
-                description: LastDeployResult is the result of the last deploy command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              lastHandledDeployAt:
-                type: string
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected.
-                type: string
-              lastPruneResult:
-                description: LastDeployResult is the result of the last prune command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              lastValidateResult:
-                description: LastValidateResult is the result of the last validate
-                  command
-                properties:
-                  error:
-                    type: string
-                  objectsHash:
-                    description: ObjectsHash is the hash of all rendered objects
-                    type: string
-                  rawResult:
-                    type: string
-                  revision:
-                    description: Revision is the source revision. Please note that
-                      kluctl projects have dependent git repositories which are not
-                      considered in the source revision
-                    type: string
-                  target:
-                    type: string
-                  targetNameOverride:
-                    type: string
-                  time:
-                    description: AttemptedAt is the time when the attempt was performed
-                    format: date-time
-                    type: string
-                required:
-                - time
-                type: object
-              observedGeneration:
-                description: ObservedGeneration is the last reconciled generation.
-                format: int64
-                type: integer
-              rawTarget:
-                type: string
-              readyForMigration:
-                description: ReadyForMigration is used to signal the new controller
-                  that this object is handled by a legacy controller version that
-                  will honor the existence of KluctlDeployment objects from the gitops.kluctl.io
-                  group.
-                type: boolean
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/install/controller/controller/rbac.yaml b/install/controller/controller/rbac.yaml
index 9072415fc..0d9a05d94 100644
--- a/install/controller/controller/rbac.yaml
+++ b/install/controller/controller/rbac.yaml
@@ -79,20 +79,6 @@ rules:
   verbs:
   - create
   - patch
-- apiGroups:
-  - flux.kluctl.io
-  resources:
-  - kluctldeployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - flux.kluctl.io
-  resources:
-  - kluctldeployments/status
-  verbs:
-  - get
 - apiGroups:
   - gitops.kluctl.io
   resources:
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index b9c13ad2c..5c4b32362 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -2,7 +2,6 @@ package controllers
 
 import (
 	"context"
-	errors2 "errors"
 	"fmt"
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
@@ -18,13 +17,9 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/rest"
 	kuberecorder "k8s.io/client-go/tools/record"
 	"path"
@@ -63,8 +58,6 @@ type KluctlDeploymentReconcilerOpts struct {
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=gitops.kluctl.io,resources=kluctldeployments/finalizers,verbs=get;create;update;patch;delete
-// +kubebuilder:rbac:groups=flux.kluctl.io,resources=kluctldeployments,verbs=get;list;watch
-// +kubebuilder:rbac:groups=flux.kluctl.io,resources=kluctldeployments/status,verbs=get
 // +kubebuilder:rbac:groups="",resources=configmaps;secrets;serviceaccounts,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
 
@@ -222,35 +215,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		obj.Status.LastHandledReconcileAt = v
 	}
 
-	legacyKd, err := r.checkLegacyKluctlDeployment(ctx, obj)
-	if err != nil {
-		return nil, err
-	}
-	if legacyKd {
-		c := apimeta.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
-		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
-			log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. ")
-			return &ctrl.Result{RequeueAfter: 5 * time.Second}, err
-		}
-		log.Info("legacy KluctlDeployment does not have the readyForMigration status set. Skipping reconciliation. " +
-			"Please ensure that you have upgraded to the latest version of the legacy flux-kluctl-controller and that is is still running.")
-		patchErr := doReadyCondition(metav1.ConditionFalse, kluctlv1.WaitingForLegacyMigrationReason, "waiting for the legacy controller to set readyForMigration=true")
-		if patchErr != nil {
-			return nil, patchErr
-		}
-		return &ctrl.Result{Requeue: true}, nil
-	} else {
-		c := apimeta.FindStatusCondition(obj.Status.Conditions, meta.ReadyCondition)
-		if c != nil && c.Reason == kluctlv1.WaitingForLegacyMigrationReason {
-			log.Info("legacy KluctlDeployment has the readyForMigration status set now")
-			patchErr := doReadyCondition(metav1.ConditionFalse, meta.ProgressingReason, "migration is finished")
-			if patchErr != nil {
-				return nil, patchErr
-			}
-			return &ctrl.Result{Requeue: true}, nil
-		}
-	}
-
 	patchErr := doProgressingCondition("Initializing", true)
 	if patchErr != nil {
 		return nil, patchErr
@@ -727,45 +691,6 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator, commandResultId)
 }
 
-// checkLegacyKluctlDeployment checks if a legacy KluctlDeployment from the old flux.kluctl.io group is present. If yes
-// we must ensure that this object is served by a recent legacy controller version which understands that it should stop
-// reconciliation in case the new gitops.kluctl.io object is present
-func (r *KluctlDeploymentReconciler) checkLegacyKluctlDeployment(ctx context.Context, obj *kluctlv1.KluctlDeployment) (bool, error) {
-	log := ctrl.LoggerFrom(ctx)
-
-	var obj2 unstructured.Unstructured
-	obj2.SetGroupVersionKind(schema.GroupVersionKind{
-		Group:   "flux.kluctl.io",
-		Version: "v1alpha1",
-		Kind:    "KluctlDeployment",
-	})
-	err := r.Get(ctx, client.ObjectKeyFromObject(obj), &obj2)
-	if err != nil {
-		if errors2.Unwrap(err) != nil {
-			err = errors2.Unwrap(err)
-		}
-		if apimeta.IsNoMatchError(err) || errors.IsNotFound(err) || discovery.IsGroupDiscoveryFailedError(err) {
-			// legacy object not present, we're safe to continue
-			return false, nil
-		}
-		log.Error(err, "Failed to retrieve legacy KluctlDeployment. Skipping reconciliation.")
-		// some unexpected error...we should be on the safe side and bail out reconciliation
-		return true, err
-	}
-
-	readyForMigration, _, err := unstructured.NestedBool(obj2.Object, "status", "readyForMigration")
-	if err != nil {
-		// some unexpected error...we should be on the safe side and bail out reconciliation
-		log.Error(err, "Failed to retrieve readyForMigration value. Skipping reconciliation.")
-		return true, err
-	}
-	if !readyForMigration {
-		return true, nil
-	}
-
-	return false, nil
-}
-
 func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.KluctlDeployment) {
 	pruneEnabled := 0.0
 	deleteEnabled := 0.0
diff --git a/pkg/webui/shortnames.go b/pkg/webui/shortnames.go
index 04ce897cb..aee03d1b2 100644
--- a/pkg/webui/shortnames.go
+++ b/pkg/webui/shortnames.go
@@ -90,7 +90,6 @@ expansiontemplate                                             expansion.gatekeep
 providers                                                     externaldata.gatekeeper.sh/v1beta1          false        Provider
 flowschemas                                                   flowcontrol.apiserver.k8s.io/v1beta2        false        FlowSchema
 prioritylevelconfigurations                                   flowcontrol.apiserver.k8s.io/v1beta2        false        PriorityLevelConfiguration
-kluctldeployments                                             flux.kluctl.io/v1alpha1                     true         KluctlDeployment
 jaegers                                                       jaegertracing.io/v1                         true         Jaeger
 kafkabridges                              kb                  kafka.strimzi.io/v1beta2                    true         KafkaBridge
 kafkaconnectors                           kctr                kafka.strimzi.io/v1beta2                    true         KafkaConnector

From 1969100784368c3f71af37c8f1eb84a5898c088d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 14 Sep 2023 12:24:11 +0200
Subject: [PATCH 1581/2268] fix: Use name as tie-breaker in
 calcRemoteObjectsForDiff (#788)

---
 pkg/deployment/utils/diff_utils.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 074020ace..322547181 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -9,7 +9,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"sort"
 	"sync"
-	"time"
 )
 
 type DiffUtil struct {
@@ -128,11 +127,22 @@ func (u *DiffUtil) calcRemoteObjectsForDiff() {
 	u.remoteDiffObjects = make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
 	for _, o := range u.ru.remoteObjects {
 		diffRef := u.GetDiffRef(o)
-		oldCreationTime := time.Time{}
-		if old, ok := u.remoteDiffObjects[diffRef]; ok {
-			oldCreationTime = old.GetK8sCreationTime()
+		old := u.remoteDiffObjects[diffRef]
+
+		replace := false
+		if old == nil {
+			replace = true
+		} else if old.GetK8sCreationTime() == o.GetK8sCreationTime() {
+			// unfortunately the creation time has only seconds resolution, meaning that we can easily get into a
+			// situation where two deployments happen in the same second resulting in a situation where it's unclear
+			// which of the two objects to use as the "diff-object". We have to resolve this tie in some way, and using
+			// the name of the real objects seems to be the most consistent way. Using the resourceVersion would be
+			// another option, but it would be unpredictable if other components start to modify resources in-between.
+			replace = o.GetK8sName() > old.GetK8sName()
+		} else {
+			replace = o.GetK8sCreationTime().After(old.GetK8sCreationTime())
 		}
-		if oldCreationTime.IsZero() || o.GetK8sCreationTime().After(oldCreationTime) {
+		if replace {
 			u.remoteDiffObjects[diffRef] = o
 		}
 	}

From bc1e2d94126b6f0960f82dbe4cb525baae37595c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Sep 2023 13:11:15 +0200
Subject: [PATCH 1582/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.16.1 to 0.16.2 (#783)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.16.1 to 0.16.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.16.1...v0.16.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fa869d10e..0af78af1a 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	golang.org/x/oauth2 v0.12.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.16.1
+	sigs.k8s.io/controller-runtime v0.16.2
 	sigs.k8s.io/kustomize/api v0.14.0
 	sigs.k8s.io/yaml v1.3.0
 )
diff --git a/go.sum b/go.sum
index efeb81882..90aa78256 100644
--- a/go.sum
+++ b/go.sum
@@ -1225,8 +1225,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0=
-sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
+sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQVuIPU=
+sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.14.0 h1:6+QLmXXA8X4eDM7ejeaNUyruA1DDB3PVIjbpVhDOJRA=

From 5b60959e873506996ba3f2e47737082ef046c4bc Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Thu, 14 Sep 2023 16:44:21 +0400
Subject: [PATCH 1583/2268] feat: GCP secret manager implementation (#781)

* GCP secret manager implementation

* go mod tidy

* Tests and docs

* Fix tests

* Fix comment

* Renaming gcpSecretsManager to gcpSecretManager; adding gcpSecretManager to UI
---
 docs/kluctl/templating/variable-sources.md    |  15 +++
 go.mod                                        |   7 +-
 go.sum                                        |   6 +-
 pkg/kluctl_project/target_context.go          |   3 +-
 pkg/types/vars_source.go                      |   6 +
 pkg/types/zz_generated.deepcopy.go            |  20 +++
 pkg/vars/gcp/clientfactory.go                 |  32 +++++
 pkg/vars/gcp/fake_clientfactory.go            |  39 ++++++
 pkg/vars/gcp/secrets_manager.go               |  26 ++++
 pkg/vars/vars_loader.go                       |  26 +++-
 pkg/vars/vars_loader_test.go                  | 125 ++++++++++++------
 .../command-result/nodes/VarsSourceNode.tsx   |  13 ++
 pkg/webui/ui/src/models.ts                    |  10 ++
 13 files changed, 283 insertions(+), 45 deletions(-)
 create mode 100644 pkg/vars/gcp/clientfactory.go
 create mode 100644 pkg/vars/gcp/fake_clientfactory.go
 create mode 100644 pkg/vars/gcp/secrets_manager.go

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 2d2ac9b92..61218a250 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -273,6 +273,21 @@ vars:
 The advantage of the latter is that the auto-generated suffix in the ARN (which might not be known at the time of
 writing the configuration) doesn't have to be specified.
 
+### gcpSecretManager
+[Google Secret Manager](https://cloud.google.com/secret-manager) integration. Loads a variables YAML from a Google Secrets
+Manager secret. The secret can be specified via full resource name.
+
+The secrets stored in Google Secrets manager must contain a valid yaml or json file.
+
+Example:
+```yaml
+vars:
+  - gcpSecretManager:
+      secretName: "projects/my-project/secrets/secret/versions/latest"
+```
+
+It is recommended to use [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) when you are using kluctl controller. To run it locally provide path to service account json file by setting environment variable `GOOGLE_APPLICATION_CREDENTIALS`.
+
 ### vault
 
 [Vault by HashiCorp](https://www.vaultproject.io/) with [Tokens](https://www.vaultproject.io/docs/concepts/tokens) 
diff --git a/go.mod b/go.mod
index 0af78af1a..1f0db3c26 100644
--- a/go.mod
+++ b/go.mod
@@ -51,6 +51,7 @@ require (
 )
 
 require (
+	cloud.google.com/go/secretmanager v1.11.1
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
@@ -69,6 +70,7 @@ require (
 	github.com/go-logr/logr v1.2.4
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.3.1
+	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.27.10
@@ -77,6 +79,8 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.12.0
+	google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832
+	google.golang.org/grpc v1.57.0
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
@@ -166,7 +170,6 @@ require (
 	github.com/google/s2a-go v0.1.5 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
@@ -258,10 +261,8 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.138.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/grpc v1.57.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 90aa78256..406645395 100644
--- a/go.sum
+++ b/go.sum
@@ -38,6 +38,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/secretmanager v1.11.1 h1:cLTCwAjFh9fKvU6F13Y4L9vPcx9yiWPyWXE4+zkuEQs=
+cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
@@ -1118,8 +1120,8 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY=
-google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
+google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832 h1:/30npZKtUjXqju7ZA2MsvpkGKD4mQFtf+zPnZasABjg=
+google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 81e605c6f..8c8f0132a 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -89,7 +90,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		return nil, err
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory())
+	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory(), gcp.NewClientFactory())
 
 	if params.ForSeal {
 		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index ca33e3be5..3c24aba44 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -48,6 +48,11 @@ type VarsSourceAwsSecretsManager struct {
 	Profile *string `json:"profile,omitempty"`
 }
 
+type VarsSourceGcpSecretManager struct {
+	// Name of the secret. Should be provided in relative resource name format: "projects/my-project/secrets/secret/versions/latest"
+	SecretName string `json:"secretName" validate:"required"`
+}
+
 type VarsSourceVault struct {
 	Address string `json:"address" validate:"required"`
 	Path    string `json:"path" validate:"required"`
@@ -66,6 +71,7 @@ type VarsSource struct {
 	SystemEnvVars     *uo.UnstructuredObject              `json:"systemEnvVars,omitempty"`
 	Http              *VarsSourceHttp                     `json:"http,omitempty"`
 	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty"`
+	GcpSecretManager  *VarsSourceGcpSecretManager         `json:"gcpSecretManager,omitempty"`
 	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
 
 	When string `json:"when,omitempty"`
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 65f55bc01..7f7dec802 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -769,6 +769,11 @@ func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 		*out = new(VarsSourceAwsSecretsManager)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.GcpSecretManager != nil {
+		in, out := &in.GcpSecretManager, &out.GcpSecretManager
+		*out = new(VarsSourceGcpSecretManager)
+		**out = **in
+	}
 	if in.Vault != nil {
 		in, out := &in.Vault, &out.Vault
 		*out = new(VarsSourceVault)
@@ -837,6 +842,21 @@ func (in *VarsSourceClusterConfigMapOrSecret) DeepCopy() *VarsSourceClusterConfi
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceGcpSecretManager) DeepCopyInto(out *VarsSourceGcpSecretManager) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceGcpSecretManager.
+func (in *VarsSourceGcpSecretManager) DeepCopy() *VarsSourceGcpSecretManager {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceGcpSecretManager)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *VarsSourceGit) DeepCopyInto(out *VarsSourceGit) {
 	*out = *in
diff --git a/pkg/vars/gcp/clientfactory.go b/pkg/vars/gcp/clientfactory.go
new file mode 100644
index 000000000..e7469eff9
--- /dev/null
+++ b/pkg/vars/gcp/clientfactory.go
@@ -0,0 +1,32 @@
+package gcp
+
+import (
+	secretmanager "cloud.google.com/go/secretmanager/apiv1"
+	"github.com/googleapis/gax-go/v2"
+	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
+
+	"context"
+)
+
+type AccessSecretVersionInterface interface {
+	AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error)
+}
+
+type GcpClientFactory interface {
+	SecretManagerClient(ctx context.Context) (AccessSecretVersionInterface, error)
+}
+
+type gcpClientFactory struct {
+}
+
+func (g *gcpClientFactory) SecretManagerClient(ctx context.Context) (AccessSecretVersionInterface, error) {
+	client, err := secretmanager.NewClient(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+func NewClientFactory() GcpClientFactory {
+	return &gcpClientFactory{}
+}
diff --git a/pkg/vars/gcp/fake_clientfactory.go b/pkg/vars/gcp/fake_clientfactory.go
new file mode 100644
index 000000000..6432a7f00
--- /dev/null
+++ b/pkg/vars/gcp/fake_clientfactory.go
@@ -0,0 +1,39 @@
+package gcp
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/googleapis/gax-go/v2"
+	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+type FakeClientFactory struct {
+	Secrets map[string]string
+}
+
+func (f *FakeClientFactory) AccessSecretVersion(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error) {
+	if secret, ok := f.Secrets[req.Name]; ok {
+		return &secretmanagerpb.AccessSecretVersionResponse{
+			Payload: &secretmanagerpb.SecretPayload{
+				Data: []byte(secret),
+			},
+		}, nil
+	}
+
+	errMsg := fmt.Sprintf("secret not found: failed to access secret version: rpc error: code = NotFound desc = secret %s not found", req.Name)
+	return nil, status.Errorf(codes.NotFound, errMsg)
+}
+
+func (f *FakeClientFactory) SecretManagerClient(ctx context.Context) (AccessSecretVersionInterface, error) {
+	return f, nil
+}
+
+func NewFakeClientFactory() *FakeClientFactory {
+	return &FakeClientFactory{
+		Secrets: make(map[string]string),
+	}
+}
diff --git a/pkg/vars/gcp/secrets_manager.go b/pkg/vars/gcp/secrets_manager.go
new file mode 100644
index 000000000..05dd9ae91
--- /dev/null
+++ b/pkg/vars/gcp/secrets_manager.go
@@ -0,0 +1,26 @@
+package gcp
+
+import (
+	"context"
+	"fmt"
+
+	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
+)
+
+func GetGoogleSecretsManagerSecret(ctx context.Context, cf GcpClientFactory, secretName string) (string, error) {
+	client, err := cf.SecretManagerClient(ctx)
+	if err != nil {
+		return "", fmt.Errorf("failed to create secret manager client: %w", err)
+	}
+
+	accessRequest := &secretmanagerpb.AccessSecretVersionRequest{
+		Name: secretName,
+	}
+
+	result, err := client.AccessSecretVersion(ctx, accessRequest)
+	if err != nil {
+		return "", fmt.Errorf("failed to access secret version: %w", err)
+	}
+
+	return string(result.Payload.Data), nil
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 67a46029e..3c0c445d9 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -18,6 +18,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -37,17 +38,19 @@ type VarsLoader struct {
 	sops *decryptor.Decryptor
 	rp   *repocache.GitRepoCache
 	aws  aws.AwsClientFactory
+	gcp  gcp.GcpClientFactory
 
 	credentialsCache map[string]usernamePassword
 }
 
-func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops *decryptor.Decryptor, rp *repocache.GitRepoCache, aws aws.AwsClientFactory) *VarsLoader {
+func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops *decryptor.Decryptor, rp *repocache.GitRepoCache, aws aws.AwsClientFactory, gcp gcp.GcpClientFactory) *VarsLoader {
 	return &VarsLoader{
 		ctx:              ctx,
 		k:                k,
 		sops:             sops,
 		rp:               rp,
 		aws:              aws,
+		gcp:              gcp,
 		credentialsCache: map[string]usernamePassword{},
 	}
 }
@@ -122,6 +125,9 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 	} else if source.AwsSecretsManager != nil {
 		newVars, err = v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing)
 		sensitive = true
+	} else if source.GcpSecretManager != nil {
+		newVars, err = v.loadGcpSecretManager(varsCtx, &source, ignoreMissing)
+		sensitive = true
 	} else if source.Vault != nil {
 		newVars, err = v.loadVault(varsCtx, &source, ignoreMissing)
 		sensitive = true
@@ -259,6 +265,24 @@ func (v *VarsLoader) loadAwsSecretsManager(varsCtx *VarsCtx, source *types.VarsS
 	return v.loadFromString(varsCtx, secret)
 }
 
+func (v *VarsLoader) loadGcpSecretManager(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+	if v.gcp == nil {
+		return uo.New(), fmt.Errorf("no GCP client factory provided")
+	}
+
+	secret, err := gcp.GetGoogleSecretsManagerSecret(v.ctx, v.gcp, source.GcpSecretManager.SecretName)
+	if err != nil {
+		if strings.Contains(err.Error(), "NotFound") {
+			if ignoreMissing {
+				return uo.New(), nil
+			}
+			return nil, fmt.Errorf("secret not found: %v", err)
+		}
+		return nil, err
+	}
+	return v.loadFromString(varsCtx, secret)
+}
+
 func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	secret, err := vault.GetSecret(source.Vault.Address, source.Vault.Path)
 	if err != nil {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 1905aa3a9..030e5f429 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -28,6 +28,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
@@ -82,21 +83,22 @@ func (s *VarsLoaderTestSuite) newRP() *repocache.GitRepoCache {
 	return grc
 }
 
-func (s *VarsLoaderTestSuite) testVarsLoader(test func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory)) {
+func (s *VarsLoaderTestSuite) testVarsLoader(test func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory)) {
 	grc := s.newRP()
 	fakeAws := aws.NewFakeClientFactory()
+	fakeGcp := gcp.NewFakeClientFactory()
 
 	d := decryptor.NewDecryptor("", decryptor.MaxEncryptedFileSize)
 	d.AddLocalKeyService()
 
-	vl := NewVarsLoader(context.TODO(), s.k2, d, grc, fakeAws)
+	vl := NewVarsLoader(context.TODO(), s.k2, d, grc, fakeAws, fakeGcp)
 	vc := NewVarsCtx(newJinja2Must(s.T()))
 
-	test(vl, vc, fakeAws)
+	test(vl, vc, fakeAws, fakeGcp)
 }
 
 func (s *VarsLoaderTestSuite) TestValues() {
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
@@ -108,7 +110,7 @@ func (s *VarsLoaderTestSuite) TestValues() {
 }
 
 func (s *VarsLoaderTestSuite) TestValuesNoOverrides() {
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": {"test2": 42}}`),
 		}, nil, "")
@@ -127,7 +129,7 @@ func (s *VarsLoaderTestSuite) TestValuesNoOverrides() {
 }
 
 func (s *VarsLoaderTestSuite) TestWhen() {
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Values: uo.FromStringMust(`{"test1": "a"}`),
 		}, nil, "")
@@ -154,7 +156,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 	d := s.T().TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": 42}}`), 0o600)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		vs := &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}
@@ -166,7 +168,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 		assert.False(s.T(), vs.RenderedSensitive)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -178,7 +180,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -196,7 +198,7 @@ func (s *VarsLoaderTestSuite) TestSopsFile() {
 
 	s.T().Setenv(age.SopsAgeKeyEnv, string(key))
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		vs := &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}
@@ -214,7 +216,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoad() {
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "test2.txt"), []byte(`42`), 0o600)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
@@ -231,7 +233,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoadSubDir() {
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{ load_template("test2.txt") }}}}`), 0o600)
 	_ = os.WriteFile(filepath.Join(d, "subdir/test2.txt"), []byte(`42`), 0o600)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d, filepath.Join(d, "subdir")}, "")
@@ -246,7 +248,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoadNotExists() {
 	d := s.T().TempDir()
 	_ = os.WriteFile(filepath.Join(d, "test.yaml"), []byte(`{"test1": {"test2": {{load_template("test3.txt")}}}}`), 0o600)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			File: utils.StrPtr("test.yaml"),
 		}, []string{d}, "")
@@ -264,7 +266,7 @@ func (s *VarsLoaderTestSuite) TestGit() {
 		return nil
 	}, "")
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
@@ -278,7 +280,7 @@ func (s *VarsLoaderTestSuite) TestGit() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
@@ -315,7 +317,7 @@ func (s *VarsLoaderTestSuite) TestGitBranch() {
 	})
 	assert.NoError(s.T(), err)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
@@ -345,7 +347,7 @@ func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
 	err := s.k.Client.Create(context.TODO(), &cm)
 	assert.NoError(s.T(), err)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
@@ -359,7 +361,7 @@ func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm1",
@@ -379,7 +381,7 @@ func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
 		assert.EqualError(s.T(), err, fmt.Sprintf("key vars1 not found in %s/ConfigMap/cm on cluster", s.namespace()))
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -392,7 +394,7 @@ func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
 		assert.NoError(s.T(), err)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "cm",
@@ -403,7 +405,7 @@ func (s *VarsLoaderTestSuite) TestClusterConfigMap() {
 		assert.Errorf(s.T(), err, "failed to load vars from kubernetes object default/ConfigMap/cm and key value: value is not a YAML dictionary")
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:       "cm",
@@ -432,7 +434,7 @@ func (s *VarsLoaderTestSuite) TestClusterSecret() {
 	err := s.k.Client.Create(context.TODO(), &secret)
 	assert.NoError(s.T(), err)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s",
@@ -446,7 +448,7 @@ func (s *VarsLoaderTestSuite) TestClusterSecret() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterSecret: &types.VarsSourceClusterConfigMapOrSecret{
 				Name:      "s1",
@@ -466,7 +468,7 @@ func (s *VarsLoaderTestSuite) TestClusterSecret() {
 		assert.EqualError(s.T(), err, fmt.Sprintf("key vars1 not found in %s/Secret/s on cluster", s.namespace()))
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		vs := &types.VarsSource{
 			IgnoreMissing: &b,
@@ -503,7 +505,7 @@ func (s *VarsLoaderTestSuite) TestK8sObjectLabels() {
 	err = s.k.Client.Create(context.TODO(), &cm2)
 	assert.NoError(s.T(), err)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label1": "value1"},
@@ -517,7 +519,7 @@ func (s *VarsLoaderTestSuite) TestK8sObjectLabels() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterConfigMap: &types.VarsSourceClusterConfigMapOrSecret{
 				Labels:    map[string]string{"label2": "value2"},
@@ -531,7 +533,7 @@ func (s *VarsLoaderTestSuite) TestK8sObjectLabels() {
 		assert.Equal(s.T(), int64(43), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -550,7 +552,7 @@ func (s *VarsLoaderTestSuite) TestSystemEnv() {
 	s.T().Setenv("TEST2", "'43'")
 	s.T().Setenv("TEST4", "44")
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test1": "TEST1",
@@ -588,7 +590,7 @@ func (s *VarsLoaderTestSuite) TestSystemEnv() {
 		assert.Equal(s.T(), "", v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			SystemEnvVars: uo.FromMap(map[string]interface{}{
 				"test5": "TEST5",
@@ -597,7 +599,7 @@ func (s *VarsLoaderTestSuite) TestSystemEnv() {
 		assert.EqualError(s.T(), err, "environment variable TEST5 not found for test5")
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -624,7 +626,7 @@ func (s *VarsLoaderTestSuite) TestHttp_GET() {
 	}))
 	defer ts.Close()
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/ok"
 
@@ -639,7 +641,7 @@ func (s *VarsLoaderTestSuite) TestHttp_GET() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/missing"
@@ -652,7 +654,7 @@ func (s *VarsLoaderTestSuite) TestHttp_GET() {
 		assert.NoError(s.T(), err)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		b := true
 		u, _ := url.Parse(ts.URL)
 		u.Path += "/error"
@@ -688,7 +690,7 @@ func (s *VarsLoaderTestSuite) TestHttp_POST() {
 
 	u, _ := url.Parse(ts.URL)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url: types.YamlUrl{URL: *u},
@@ -735,7 +737,7 @@ func (s *VarsLoaderTestSuite) TestHttp_JsonPath() {
 
 	u, _ := url.Parse(ts.URL)
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:      types.YamlUrl{URL: *u},
@@ -750,7 +752,7 @@ func (s *VarsLoaderTestSuite) TestHttp_JsonPath() {
 }
 
 func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -774,7 +776,7 @@ func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -790,7 +792,7 @@ func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
 		assert.Equal(s.T(), int64(42), v)
 	})
 
-	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory) {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		aws.Secrets = map[string]string{
 			"secret": `{"test1": {"test2": 42}}`,
 		}
@@ -806,3 +808,50 @@ func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
 		assert.NoError(s.T(), err)
 	})
 }
+
+func (s *VarsLoaderTestSuite) TestGcpSecretManager() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		gcp.Secrets = map[string]string{
+			"projects/my-project/secrets/secret/versions/latest": `{"test1": {"test2": 42}}`,
+		}
+
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GcpSecretManager: &types.VarsSourceGcpSecretManager{
+				SecretName: "projects/my-project/secrets/secret/versions/latest",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedInt("test1", "test2")
+		assert.Equal(s.T(), int64(42), v)
+	})
+
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		gcp.Secrets = map[string]string{
+			"projects/my-project/secrets/secret/versions/latest": `{"test1": {"test2": 42}}`,
+		}
+
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GcpSecretManager: &types.VarsSourceGcpSecretManager{
+				SecretName: "projects/different-project/secrets/secret/versions/latest",
+			},
+		}, nil, "")
+		assert.EqualError(s.T(), err, "secret not found: failed to access secret version: rpc error: code = NotFound desc = secret not found: failed to access secret version: rpc error: code = NotFound desc = secret projects/different-project/secrets/secret/versions/latest not found")
+
+	})
+
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		gcp.Secrets = map[string]string{
+			"projects/my-project/secrets/secret/versions/latest": `{"test1": {"test2": 42}}`,
+		}
+
+		b := true
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			IgnoreMissing: &b,
+			GcpSecretManager: &types.VarsSourceGcpSecretManager{
+				SecretName: "projects/my-project/secrets/missing-secret/versions/latest",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+	})
+}
diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index bb5c6fa83..4601c3b10 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -157,6 +157,19 @@ export class VarsSourceNodeData extends NodeData {
                     return sourceProps
                 }
             }
+        } else if (this.varsSource.gcpSecretManager) {
+            return {
+                type: "gcpSecretManager",
+                label: () => {
+                    return this.varsSource.gcpSecretManager!.secretName
+                },
+                icon: () => <Cloud fontSize={"large"}/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({ name: "SecretName", value: this.varsSource.gcpSecretManager!.secretName })
+                    return sourceProps
+                }
+            }
         } else if (this.varsSource.vault) {
             return {
                 type: "vault",
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index e95263f8f..e53e5ef41 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -236,6 +236,14 @@ export class VarsSourceVault {
         this.path = source["path"];
     }
 }
+export class VarsSourceGcpSecretManager {
+    secretName: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.secretName = source["secretName"];
+    }
+}
 export class VarsSourceAwsSecretsManager {
     secretName: string;
     region?: string;
@@ -304,6 +312,7 @@ export class VarsSource {
     systemEnvVars?: any;
     http?: VarsSourceHttp;
     awsSecretsManager?: VarsSourceAwsSecretsManager;
+    gcpSecretManager?: VarsSourceGcpSecretManager;
     vault?: VarsSourceVault;
     when?: string;
     renderedSensitive?: boolean;
@@ -322,6 +331,7 @@ export class VarsSource {
         this.systemEnvVars = source["systemEnvVars"];
         this.http = this.convertValues(source["http"], VarsSourceHttp);
         this.awsSecretsManager = this.convertValues(source["awsSecretsManager"], VarsSourceAwsSecretsManager);
+        this.gcpSecretManager = this.convertValues(source["gcpSecretManager"], VarsSourceGcpSecretManager);
         this.vault = this.convertValues(source["vault"], VarsSourceVault);
         this.when = source["when"];
         this.renderedSensitive = source["renderedSensitive"];

From da62ef02f94d97765d891ec72101d2ca398e3c92 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 14:08:10 +0200
Subject: [PATCH 1584/2268] fix: Print real ref when warning about about
 simulated CRDs while dry-running (#791)

---
 pkg/deployment/utils/apply_utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index b6e74ed0c..8a391121c 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -389,7 +389,7 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
 			if a.o.DryRun {
 				a.handleResult(x, hook)
-				a.HandleWarning(x.GetK8sRef(), fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
+				a.HandleWarning(ref, fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
 				return
 			} else {
 				// retry with invalidated discovery

From d8e45cb6944350758e958dea0c396d4d09b7748f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Sep 2023 14:20:26 +0200
Subject: [PATCH 1585/2268] chore(deps): Bump google.golang.org/grpc from
 1.57.0 to 1.58.1 (#790)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.58.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.58.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1f0db3c26..5399fff87 100644
--- a/go.mod
+++ b/go.mod
@@ -80,7 +80,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.12.0
 	google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832
-	google.golang.org/grpc v1.57.0
+	google.golang.org/grpc v1.58.1
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
diff --git a/go.sum b/go.sum
index 406645395..d8398af09 100644
--- a/go.sum
+++ b/go.sum
@@ -1145,8 +1145,8 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
-google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
-google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58=
+google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 980e5e1b958adfe7b62a53623a01700e53d22003 Mon Sep 17 00:00:00 2001
From: cliveseldon <ukclivecox@gmail.com>
Date: Fri, 15 Sep 2023 13:42:57 +0100
Subject: [PATCH 1586/2268] allow wait readiness checks to run after all
 resource are applied (#789)

---
 pkg/deployment/utils/apply_utils.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 8a391121c..18412278e 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -609,6 +609,12 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			startTime = time.Now()
 			didLog = true
 		}
+	}
+	// Wait for readiness if needed after we have applied all objects
+	for _, o := range applyObjects {
+		if a.abortSignal.Load().(bool) {
+			break
+		}
 
 		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/wait-readiness"))
 		if !a.o.NoWait && waitReadiness {

From 51a9ed5d35e6a274781b419861128dca067da795 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Sep 2023 14:43:33 +0200
Subject: [PATCH 1587/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#792)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.23.1 to 0.24.0.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.23.1...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 5399fff87..13448ef36 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.23.1
+	github.com/bitnami-labs/sealed-secrets v0.24.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.2+incompatible
 	github.com/go-playground/validator/v10 v10.15.4
diff --git a/go.sum b/go.sum
index d8398af09..431a89232 100644
--- a/go.sum
+++ b/go.sum
@@ -140,8 +140,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.23.1 h1:PhU0pfbFA15AL9Qub0rjtiehR49snX7zYABbdfjpwkc=
-github.com/bitnami-labs/sealed-secrets v0.23.1/go.mod h1:DMy40c+yHBXQKQGGlQplsqvwn76NRAj1JgN/+tx/1nE=
+github.com/bitnami-labs/sealed-secrets v0.24.0 h1:LmgvZ408PLStPpCDVnp8J0HEeXCVS/T0owKXUbyWF8A=
+github.com/bitnami-labs/sealed-secrets v0.24.0/go.mod h1:opL4DB1wOQd6dAfmS3lbLxwuqoHYBJHqo5VBxQGXTr4=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -606,7 +606,7 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
 github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
+github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 681386c20d3222fb0524245f8e1b02c67c5f78e2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 15:12:49 +0200
Subject: [PATCH 1588/2268] refactor: Introduce
 GetK8sAnnotationBool/GetK8sAnnotationBoolOrFalse and use it

---
 pkg/deployment/commands/validate.go  |  3 +--
 pkg/deployment/deployment_item.go    |  4 ++--
 pkg/deployment/utils/apply_utils.go  |  4 ++--
 pkg/deployment/utils/delete_utils.go |  4 ++--
 pkg/deployment/utils/hooks_util.go   | 11 +++--------
 pkg/diff/managed_fields.go           |  9 ++-------
 pkg/diff/normalize.go                |  3 +--
 pkg/utils/uo/k8s_fields.go           | 18 ++++++++++++++++++
 pkg/validation/validation.go         |  3 +--
 9 files changed, 32 insertions(+), 27 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 25d4a2735..f4c7584f0 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	"time"
@@ -86,7 +85,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
 	for _, o := range renderedObjects {
-		if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/delete")) {
+		if o.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
 			if cmd.ru.GetRemoteObject(o.GetK8sRef()) != nil {
 				cmd.dew.AddError(o.GetK8sRef(), fmt.Errorf("object is marked for deletion but still exists on the target cluster"))
 			}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 922722304..064e7fc43 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -499,8 +499,8 @@ func (di *DeploymentItem) prepareKustomizationYaml() (*uo.UnstructuredObject, er
 		}
 	}
 
-	di.Barrier = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/barrier"))
-	di.WaitReadiness = utils.ParseBoolOrFalse(ky.GetK8sAnnotation("kluctl.io/wait-readiness"))
+	di.Barrier, _ = ky.GetK8sAnnotationBool("kluctl.io/barrier")
+	di.WaitReadiness, _ = ky.GetK8sAnnotationBool("kluctl.io/wait-readiness")
 
 	return ky, nil
 }
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 18412278e..e04b3d707 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -538,7 +538,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		}
 	}
 	for _, x := range d.Objects {
-		if utils.ParseBoolOrFalse(x.GetK8sAnnotation("kluctl.io/delete")) {
+		if x.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
 			toDelete[x.GetK8sRef()] = true
 		}
 	}
@@ -616,7 +616,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			break
 		}
 
-		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/wait-readiness"))
+		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || o.GetK8sAnnotationBoolOrFalse("kluctl.io/wait-readiness")
 		if !a.o.NoWait && waitReadiness {
 			a.WaitReadiness(o.GetK8sRef(), 0)
 		}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index cf6f4fb0d..4b04d4544 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -50,7 +50,7 @@ func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef
 }
 
 func isSkipDelete(o *uo.UnstructuredObject) bool {
-	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete")) {
+	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/skip-delete") {
 		return true
 	}
 
@@ -134,7 +134,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 
 		// exclude resources which have the 'kluctl.io/skip-delete-if-tags' annotation set
 		if inclusionHasTags {
-			if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/skip-delete-if-tags")) {
+			if o.GetK8sAnnotationBoolOrFalse("kluctl.io/skip-delete-if-tags") {
 				continue
 			}
 		}
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 7657c3793..6f984caa8 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -157,7 +157,7 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 		return ret
 	}
 
-	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/delete")) {
+	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
 		return nil
 	}
 
@@ -215,14 +215,9 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 		}
 	}
 
-	waitStr := o.GetK8sAnnotation("kluctl.io/hook-wait")
-	if waitStr == nil {
-		x := "true"
-		waitStr = &x
-	}
-	wait, err := strconv.ParseBool(*waitStr)
+	wait, err := o.GetK8sAnnotationBool("kluctl.io/hook-wait")
 	if err != nil {
-		u.a.HandleError(ref, fmt.Errorf("failed to parse %s as bool", *waitStr))
+		u.a.HandleError(ref, err)
 		wait = true
 	}
 
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index c6730e3ae..5d2c09cfc 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -2,14 +2,12 @@ package diff
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
 	"regexp"
 	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
 	"sigs.k8s.io/structured-merge-diff/v4/value"
-	"strconv"
 )
 
 type LostOwnership struct {
@@ -175,11 +173,8 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 
 	ret := local.Clone()
 
-	forceApplyAll := utils.ParseBoolOrFalse(local.GetK8sAnnotation("kluctl.io/force-apply"))
-	ignoreConflictsAll := utils.ParseBoolOrFalse(local.GetK8sAnnotation("kluctl.io/ignore-conflicts"))
-	if x := local.GetK8sAnnotation("kluctl.io/force-apply"); x != nil {
-		forceApplyAll, _ = strconv.ParseBool(*x)
-	}
+	forceApplyAll := local.GetK8sAnnotationBoolOrFalse("kluctl.io/force-apply")
+	ignoreConflictsAll := local.GetK8sAnnotationBoolOrFalse("kluctl.io/ignore-conflicts")
 
 	forceApplyFields, err := collectFields(ret, forceApplyFieldAnnotationRegex)
 	if err != nil {
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index 08555cef5..b815c0dcb 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -3,7 +3,6 @@ package diff
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"regexp"
 	"strings"
@@ -152,7 +151,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		normalizeServiceAccount(o)
 	}
 
-	if utils.ParseBoolOrFalse(localObject.GetK8sAnnotation("kluctl.io/ignore-diff")) {
+	if localObject.GetK8sAnnotationBoolOrFalse("kluctl.io/ignore-diff") {
 		// Return empty object so that diffs will always be empty
 		return &uo.UnstructuredObject{Object: map[string]interface{}{}}, nil
 	}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index ea7c24475..50b5348ea 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -6,6 +6,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
 	"regexp"
+	"strconv"
 	"time"
 )
 
@@ -203,6 +204,23 @@ func (uo *UnstructuredObject) GetK8sAnnotationsWithRegex(r interface{}) map[stri
 	return ret
 }
 
+func (uo *UnstructuredObject) GetK8sAnnotationBool(name string) (bool, error) {
+	s := uo.GetK8sAnnotation(name)
+	if s == nil {
+		return false, nil
+	}
+	b, err := strconv.ParseBool(*s)
+	if err != nil {
+		return false, fmt.Errorf("failed to parse annotation %s=%v as bool", name, *s)
+	}
+	return b, nil
+}
+
+func (uo *UnstructuredObject) GetK8sAnnotationBoolOrFalse(name string) bool {
+	b, _ := uo.GetK8sAnnotationBool(name)
+	return b
+}
+
 func (uo *UnstructuredObject) GetK8sGeneration() int64 {
 	ret, ok, _ := uo.GetNestedInt("metadata", "generation")
 	if !ok {
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 1a84ebca1..26748f85a 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -51,7 +50,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 	// We assume all is good in case no validation is performed
 	ret.Ready = true
 
-	if utils.ParseBoolOrFalse(o.GetK8sAnnotation("kluctl.io/validate-ignore")) {
+	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/validate-ignore") {
 		return
 	}
 

From 586c791fe0b21bb43b911035f3a68dfa6be3c793 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 15:13:22 +0200
Subject: [PATCH 1589/2268] docs: Update docs about behaviour of
 kluctl.io/wait-readiness

---
 docs/kluctl/deployments/annotations/hooks.md         | 2 +-
 docs/kluctl/deployments/annotations/kustomization.md | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/deployments/annotations/hooks.md b/docs/kluctl/deployments/annotations/hooks.md
index bcc81b6e1..f9d5bc73d 100644
--- a/docs/kluctl/deployments/annotations/hooks.md
+++ b/docs/kluctl/deployments/annotations/hooks.md
@@ -26,4 +26,4 @@ Specifies a weight for the hook, used to determine deployment/execution order.
 Defines when to delete the hook resource.
 
 ### kluctl.io/hook-wait
-Defines whether kluctl should wait for hook-completion.
+Defines whether kluctl should wait for hook-completion. It defaults to `true` and can be manually set to `false`.
diff --git a/docs/kluctl/deployments/annotations/kustomization.md b/docs/kluctl/deployments/annotations/kustomization.md
index 6a740fc18..e2d88c27d 100644
--- a/docs/kluctl/deployments/annotations/kustomization.md
+++ b/docs/kluctl/deployments/annotations/kustomization.md
@@ -35,4 +35,5 @@ same effect as [barrier](../../deployments/deployment-yml.md#barriers) from depl
 
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of all objects from this kustomization project. Readiness is defined
-the same as in [hook readiness](../../deployments/readiness.md).
+the same as in [hook readiness](../../deployments/readiness.md). Waiting happens after all resources from the current
+deployment item have been applied.

From 5f557b3e7de3242d967e56ed7bab14a66e40421c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 15:13:40 +0200
Subject: [PATCH 1590/2268] docs: Add kluctl.io/wait-readiness annotation to
 all-resources.md

---
 docs/kluctl/deployments/annotations/all-resources.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index dacdc5b04..f63425b8f 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -42,6 +42,11 @@ This effectively disables the warnings that are shown when field ownership is lo
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
+### kluctl.io/wait-readiness
+If set to `true`, kluctl will wait for readiness of this object. Readiness is defined
+the same as in [hook readiness](../../deployments/readiness.md). Waiting happens after all resources from the parent 
+deployment item have been applied.
+
 ## Control deletion/pruning
 
 The following annotations control how delete/prune is behaving.

From 748342100d47ff338ca2e785d08a526dc035ede8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 15:44:55 +0200
Subject: [PATCH 1591/2268] feat: Add --no-wait flag to delete command (#794)

---
 cmd/kluctl/commands/cmd_delete.go | 4 +++-
 docs/kluctl/commands/delete.md    | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index eac7d6ee3..fd9e1fcc0 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -23,6 +23,8 @@ type deleteCmd struct {
 	args.CommandResultFlags
 
 	Discriminator string `group:"misc" help:"Override the discriminator used to find objects for deletion."`
+
+	NoWait bool `group:"misc" help:"Don't wait for deletion of objects to finish.'"`
 }
 
 func (cmd *deleteCmd) Help() string {
@@ -46,7 +48,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		commandResultFlags:   &cmd.CommandResultFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil, true)
+		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil, !cmd.NoWait)
 
 		result, err := cmd2.Run(cmdCtx.targetCtx.SharedContext.Ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
diff --git a/docs/kluctl/commands/delete.md b/docs/kluctl/commands/delete.md
index 058367db7..28760d956 100644
--- a/docs/kluctl/commands/delete.md
+++ b/docs/kluctl/commands/delete.md
@@ -53,6 +53,7 @@ Misc arguments:
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --no-obfuscate                                Disable obfuscation of sensitive/secret data
+      --no-wait                                     Don't wait for deletion of objects to finish.'
   -o, --output-format stringArray                   Specify output format and target file, in the format
                                                     'format=path'. Format can either be 'text' or 'yaml'. Can be
                                                     specified multiple times. The actual format for yaml is

From e336bba8e3dff6e82e9f0547de21ebcc45447cf5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 11:16:31 +0200
Subject: [PATCH 1592/2268] fix: Bail out early when cmdResult is nil

This fixes crashes in the controller in case something has gone seriosly
wrong.
---
 pkg/controllers/kluctl_project.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 86fba53fa..2a9e1a6d1 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -659,6 +659,11 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 }
 
 func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, reconcileId string, objectsHash string) error {
+	if cmdResult == nil {
+		// this might happen if something has gone so wrong that nothing succeeded
+		return nil
+	}
+
 	cmdResult.Id = uuid.NewString()
 	cmdResult.ReconcileId = reconcileId
 	cmdResult.Command.Initiator = result.CommandInititiator_KluctlDeployment
@@ -687,6 +692,11 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error,
 		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
 		return cmdErr
 	}
+	if cmdResult == nil {
+		err := fmt.Errorf("command result is nil, which should not happen if cmdErr is nil")
+		pt.pp.r.event(ctx, pt.pp.obj, true, err.Error(), nil)
+		return err
+	}
 
 	var err error
 

From 3025836250af0ae24d42eaa726a33b5ada44b9ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 12:09:21 +0200
Subject: [PATCH 1593/2268] fix: Solely use CommandResult as a means to return
 errors from commands

And never directly return an error. This ensures that we always have a
valid and initialized CommandResult to write to the result store.
---
 cmd/kluctl/commands/cmd_delete.go       |  8 ++--
 cmd/kluctl/commands/cmd_deploy.go       |  7 +---
 cmd/kluctl/commands/cmd_diff.go         |  7 +---
 cmd/kluctl/commands/cmd_poke_images.go  |  7 +---
 cmd/kluctl/commands/cmd_prune.go        |  7 +---
 cmd/kluctl/commands/cmd_validate.go     |  7 +---
 pkg/controllers/kluctl_project.go       | 43 +++++++++-------------
 pkg/deployment/commands/delete.go       | 49 +++++++++++++------------
 pkg/deployment/commands/deploy.go       | 49 ++++++++++++++-----------
 pkg/deployment/commands/diff.go         | 37 ++++++++++---------
 pkg/deployment/commands/poke_images.go  | 31 +++++++++-------
 pkg/deployment/commands/prune.go        | 39 ++++++++++++--------
 pkg/deployment/commands/result_utils.go | 32 +++++++++-------
 pkg/deployment/commands/validate.go     | 39 ++++++++++----------
 14 files changed, 181 insertions(+), 181 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index eac7d6ee3..2f2b7dd0b 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -48,13 +48,11 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewDeleteCommand(cmd.Discriminator, cmdCtx.targetCtx, nil, true)
 
-		result, err := cmd2.Run(cmdCtx.targetCtx.SharedContext.Ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
+		result := cmd2.Run(cmdCtx.targetCtx.SharedContext.Ctx, cmdCtx.targetCtx.SharedContext.K, func(refs []k8s2.ObjectRef) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
 		})
-		if err != nil {
-			return err
-		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+
+		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 2949c2368..92d5320cf 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -79,11 +79,8 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 		cb = nil
 	}
 
-	result, err := cmd2.Run(cb)
-	if err != nil {
-		return err
-	}
-	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+	result := cmd2.Run(cb)
+	err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index c0801e80c..0f9df6014 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -46,11 +46,8 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
-		result, err := cmd2.Run()
-		if err != nil {
-			return err
-		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
+		result := cmd2.Run()
+		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index ca4e5c906..2f5280e02 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -49,11 +49,8 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 
 		cmd2 := commands.NewPokeImagesCommand(cmdCtx.targetCtx)
 
-		result, err := cmd2.Run()
-		if err != nil {
-			return err
-		}
-		err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+		result := cmd2.Run()
+		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index f6bbd79fe..b2cf0bc7f 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -49,13 +49,10 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 
 func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx, true)
-	result, err := cmd2.Run(func(refs []k8s2.ObjectRef) error {
+	result := cmd2.Run(func(refs []k8s2.ObjectRef) error {
 		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
 	})
-	if err != nil {
-		return err
-	}
-	err = outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+	err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index f8185e033..103bf9481 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -47,13 +47,10 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 func (cmd *validateCmd) doValidate(ctx *commandCtx, cmd2 *commands.ValidateCommand) error {
 	startTime := time.Now()
 	for true {
-		result, err := cmd2.Run(ctx.ctx)
-		if err != nil {
-			return err
-		}
+		result := cmd2.Run(ctx.ctx)
 		failed := len(result.Errors) != 0 || (cmd.WarningsAsErrors && len(result.Warnings) != 0)
 
-		err = outputValidateResult(ctx, cmd.Output, result)
+		err := outputValidateResult(ctx, cmd.Output, result)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 2a9e1a6d1..144e15eee 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -685,17 +685,11 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	return nil
 }
 
-func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error, cmdResult *result.CommandResult, commandName string, forceStore bool) error {
+func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdResult *result.CommandResult, commandName string, forceStore bool) error {
 	log := ctrl.LoggerFrom(ctx)
 
-	if cmdErr != nil {
-		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("%s failed. %s", commandName, cmdErr.Error()), nil)
-		return cmdErr
-	}
 	if cmdResult == nil {
-		err := fmt.Errorf("command result is nil, which should not happen if cmdErr is nil")
-		pt.pp.r.event(ctx, pt.pp.obj, true, err.Error(), nil)
-		return err
+		return fmt.Errorf("command result is nil, which should not happen")
 	}
 
 	var err error
@@ -722,7 +716,7 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error,
 		}
 	}
 
-	log.Info(fmt.Sprintf("command finished with err=%v", cmdErr))
+	log.Info(fmt.Sprintf("command finished with %d errors and %d warnings", len(cmdResult.Errors), len(cmdResult.Warnings)))
 	defer pt.exportCommandResultMetricsToProm(summary)
 
 	msg := fmt.Sprintf("%s succeeded.", commandName)
@@ -758,12 +752,11 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdErr error,
 	return err
 }
 
-func (pt *preparedTarget) writeValidateResult(ctx context.Context, cmdErr error, validateResult *result.ValidateResult, reconcileId string, objectsHash string) error {
+func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResult *result.ValidateResult, reconcileId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
-	if cmdErr != nil {
-		pt.pp.r.event(ctx, pt.pp.obj, true, fmt.Sprintf("validation failed. %s", cmdErr.Error()), nil)
-		return cmdErr
+	if validateResult == nil {
+		return fmt.Errorf("validate result is nil, which should not happen")
 	}
 
 	validateResult.Id = uuid.NewString()
@@ -814,12 +807,12 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.Prune = pt.pp.obj.Spec.Prune
 	cmd.WaitPrune = false
 
-	cmdResult, cmdErr := cmd.Run(nil)
+	cmdResult := cmd.Run(nil)
 	err := pt.addCommandResultInfo(ctx, cmdResult, reconcileId, objectsHash)
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "deploy", triggeredByRequest)
+	err = pt.writeCommandResult(ctx, cmdResult, "deploy", triggeredByRequest)
 	return cmdResult, err
 }
 
@@ -828,12 +821,12 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
-	cmdResult, cmdErr := cmd.Run()
+	cmdResult := cmd.Run()
 	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "poke-images", triggeredByRequest)
+	err = pt.writeCommandResult(ctx, cmdResult, "poke-images", triggeredByRequest)
 	return cmdResult, err
 }
 
@@ -842,7 +835,7 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	defer timer.ObserveDuration()
 	cmd := commands.NewPruneCommand("", targetContext, false)
 
-	cmdResult, cmdErr := cmd.Run(func(refs []k8s.ObjectRef) error {
+	cmdResult := cmd.Run(func(refs []k8s.ObjectRef) error {
 		pt.printDeletedRefs(ctx, refs)
 		return nil
 	})
@@ -850,7 +843,7 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "prune", false)
+	err = pt.writeCommandResult(ctx, cmdResult, "prune", false)
 	return cmdResult, err
 }
 
@@ -863,12 +856,12 @@ func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_
 	cmd.ForceReplaceOnError = pt.pp.obj.Spec.ForceReplaceOnError
 	cmd.SkipResourceVersions = resourceVersions
 
-	cmdResult, cmdErr := cmd.Run()
+	cmdResult := cmd.Run()
 	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
 	if err != nil {
 		return cmdResult, err
 	}
-	return cmdResult, cmdErr
+	return cmdResult, nil
 }
 
 func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string, objectsHash string) (*result.ValidateResult, error) {
@@ -877,8 +870,8 @@ func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *klu
 
 	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
 
-	validateResult, err := cmd.Run(ctx)
-	err = pt.writeValidateResult(ctx, err, validateResult, crId, objectsHash)
+	validateResult := cmd.Run(ctx)
+	err := pt.writeValidateResult(ctx, validateResult, crId, objectsHash)
 	return validateResult, err
 }
 
@@ -909,7 +902,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 		return nil, err
 	}
 
-	cmdResult, cmdErr := cmd.Run(ctx, k, func(refs []k8s.ObjectRef) error {
+	cmdResult := cmd.Run(ctx, k, func(refs []k8s.ObjectRef) error {
 		pt.printDeletedRefs(ctx, refs)
 		return nil
 	})
@@ -928,7 +921,7 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdErr, cmdResult, "delete", false)
+	err = pt.writeCommandResult(ctx, cmdResult, "delete", false)
 	return cmdResult, err
 }
 
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 19c68145a..1a94ecd11 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -29,7 +29,7 @@ func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetCont
 	}
 }
 
-func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
+func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb func(refs []k8s2.ObjectRef) error) *result.CommandResult {
 	startTime := time.Now()
 
 	inclusion := cmd.inclusion
@@ -37,31 +37,48 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		inclusion = cmd.targetCtx.DeploymentCollection.Inclusion
 	}
 
+	dew := utils2.NewDeploymentErrorsAndWarnings()
+	r := &result.CommandResult{}
+
+	defer func() {
+		r.Errors = append(r.Errors, dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
+		if cmd.targetCtx != nil {
+			addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "delete")
+		} else {
+			addDeleteCommandInfoToResult(r, k, startTime, inclusion)
+		}
+	}()
+
 	discriminator := cmd.discriminator
 	if discriminator == "" && cmd.targetCtx != nil {
 		discriminator = cmd.targetCtx.Target.Discriminator
 	}
 
 	if discriminator == "" {
-		return nil, fmt.Errorf("deletion without a discriminator is not supported")
+		dew.AddError(k8s2.ObjectRef{}, fmt.Errorf("deletion without a discriminator is not supported"))
+		return r
 	}
 
-	dew := utils2.NewDeploymentErrorsAndWarnings()
 	ru := utils2.NewRemoteObjectsUtil(ctx, dew)
 	err := ru.UpdateRemoteObjects(k, &discriminator, nil, false)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	deleteRefs, err := utils2.FindObjectsForDelete(k, ru.GetFilteredRemoteObjects(inclusion), inclusion.HasType("tags"), nil)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	if confirmCb != nil {
 		err = confirmCb(deleteRefs)
 		if err != nil {
-			return nil, err
+			dew.AddError(k8s2.ObjectRef{}, err)
+			return r
 		}
 	}
 
@@ -72,21 +89,7 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 		c = cmd.targetCtx.DeploymentCollection
 	}
 
-	r := &result.CommandResult{
-		Objects:  collectObjects(c, ru, nil, nil, nil, deleted),
-		Errors:   dew.GetErrorsList(),
-		Warnings: dew.GetWarningsList(),
-	}
-	if cmd.targetCtx != nil {
-		err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "delete")
-		if err != nil {
-			return r, err
-		}
-	} else {
-		err = addDeleteCommandInfoToResult(r, k, startTime, inclusion)
-		if err != nil {
-			return r, err
-		}
-	}
-	return r, nil
+	r.Objects = collectObjects(c, ru, nil, nil, nil, deleted)
+
+	return r
 }
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 7ae6bc7b8..52e0295f0 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -29,9 +29,23 @@ func NewDeployCommand(targetCtx *kluctl_project.TargetContext) *DeployCommand {
 	}
 }
 
-func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult) error) (*result.CommandResult, error) {
+func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult) error) *result.CommandResult {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
+	r := &result.CommandResult{}
+	r.Command.ForceApply = cmd.ForceApply
+	r.Command.ReplaceOnError = cmd.ReplaceOnError
+	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
+	r.Command.AbortOnError = cmd.AbortOnError
+	r.Command.NoWait = cmd.NoWait
+
+	defer func() {
+		r.Errors = append(r.Errors, dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
+		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
+	}()
+
 	if cmd.targetCtx.Target.Discriminator == "" {
 		status.Warning(cmd.targetCtx.SharedContext.Ctx, "No discriminator configured. Orphan object detection will not work")
 		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
@@ -40,7 +54,8 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
 	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.targetCtx.Target.Discriminator, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	// prepare for a diff
@@ -72,7 +87,8 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 
 		err = diffResultCb(diffResult)
 		if err != nil {
-			return nil, err
+			dew.AddError(k8s2.ObjectRef{}, err)
+			return r
 		}
 	}
 
@@ -86,12 +102,14 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	du := utils2.NewDiffUtil(dew, ru, au.GetAppliedObjectsMap())
 	du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
-	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
+	var orphanObjects []k8s2.ObjectRef
+	var deleted []k8s2.ObjectRef
+
+	orphanObjects, err = FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
 	}
 
-	var deleted []k8s2.ObjectRef
 	if cmd.Prune && cmd.targetCtx.Target.Discriminator == "" {
 		dew.AddError(k8s2.ObjectRef{}, fmt.Errorf("pruning without a discriminator is not supported"))
 	} else if cmd.Prune {
@@ -101,20 +119,7 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 		orphanObjects = filterDeletedOrphans(orphanObjects, deleted)
 	}
 
-	r := &result.CommandResult{
-		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, deleted),
-		Errors:     dew.GetErrorsList(),
-		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}
-	r.Command.ForceApply = cmd.ForceApply
-	r.Command.ReplaceOnError = cmd.ReplaceOnError
-	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
-	r.Command.AbortOnError = cmd.AbortOnError
-	r.Command.NoWait = cmd.NoWait
-	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
-	if err != nil {
-		return r, err
-	}
-	return r, nil
+	r.Objects = collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, deleted)
+
+	return r
 }
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 9874178d4..89dbee6d1 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -28,9 +28,21 @@ func NewDiffCommand(targetCtx *kluctl_project.TargetContext) *DiffCommand {
 	}
 }
 
-func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
+func (cmd *DiffCommand) Run() *result.CommandResult {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
+	r := &result.CommandResult{}
+	r.Command.ForceApply = cmd.ForceApply
+	r.Command.ReplaceOnError = cmd.ReplaceOnError
+	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
+
+	defer func() {
+		r.Errors = append(r.Errors, dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
+		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "diff")
+	}()
+
 	if cmd.targetCtx.Target.Discriminator == "" {
 		status.Warning(cmd.targetCtx.SharedContext.Ctx, "No discriminator configured. Orphan object detection will not work")
 		dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("no discriminator configured. Orphan object detection will not work"))
@@ -39,7 +51,8 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 	ru := utils.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
 	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &cmd.targetCtx.Target.Discriminator, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	o := &utils.ApplyUtilOptions{
@@ -62,20 +75,10 @@ func (cmd *DiffCommand) Run() (*result.CommandResult, error) {
 
 	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
-		return nil, err
-	}
-	r := &result.CommandResult{
-		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
-		Errors:     dew.GetErrorsList(),
-		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}
-	r.Command.ForceApply = cmd.ForceApply
-	r.Command.ReplaceOnError = cmd.ReplaceOnError
-	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
-	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "diff")
-	if err != nil {
-		return r, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
-	return r, nil
+	r.Objects = collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil)
+
+	return r
 }
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 836403ea4..6de94834b 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -21,15 +21,25 @@ func NewPokeImagesCommand(targetCtx *kluctl_project.TargetContext) *PokeImagesCo
 	}
 }
 
-func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
+func (cmd *PokeImagesCommand) Run() *result.CommandResult {
 	var wg sync.WaitGroup
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
+	r := &result.CommandResult{}
+
+	defer func() {
+		r.Errors = append(r.Errors, dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
+		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "poke-images")
+	}()
+
 	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
 	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, nil, cmd.targetCtx.DeploymentCollection.LocalObjectRefs(), false)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	allObjects := make(map[k8s2.ObjectRef]*uo.UnstructuredObject)
@@ -95,18 +105,11 @@ func (cmd *PokeImagesCommand) Run() (*result.CommandResult, error) {
 
 	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
-	r := &result.CommandResult{
-		Objects:    collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil),
-		Errors:     dew.GetErrorsList(),
-		Warnings:   dew.GetWarningsList(),
-		SeenImages: cmd.targetCtx.DeploymentCollection.Images.SeenImages(false),
-	}
-	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
-	if err != nil {
-		return r, err
-	}
-	return r, nil
+	r.Objects = collectObjects(cmd.targetCtx.DeploymentCollection, ru, au, du, orphanObjects, nil)
+
+	return r
 }
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index 912d3ca45..cb67a732f 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -24,47 +24,54 @@ func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetConte
 	}
 }
 
-func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) (*result.CommandResult, error) {
+func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) *result.CommandResult {
+	dew := utils2.NewDeploymentErrorsAndWarnings()
+
+	r := &result.CommandResult{}
+
+	defer func() {
+		r.Errors = append(r.Errors, dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
+		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "prune")
+	}()
+
 	discriminator := cmd.discriminator
 	if discriminator == "" && cmd.targetCtx != nil {
 		discriminator = cmd.targetCtx.Target.Discriminator
 	}
 	if discriminator == "" {
-		return nil, fmt.Errorf("pruning without a discriminator is not supported")
+		dew.AddError(k8s2.ObjectRef{}, fmt.Errorf("pruning without a discriminator is not supported"))
+		return r
 	}
 
-	dew := utils2.NewDeploymentErrorsAndWarnings()
-
 	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
 	err := ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, nil, false)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
 	if err != nil {
-		return nil, err
+		dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	if confirmCb != nil {
 		err = confirmCb(orphanObjects)
 		if err != nil {
-			return nil, err
+			dew.AddError(k8s2.ObjectRef{}, err)
+			return r
 		}
 	}
 
 	deleted := utils2.DeleteObjects(cmd.targetCtx.SharedContext.Ctx, cmd.targetCtx.SharedContext.K, orphanObjects, dew, cmd.wait)
 	orphanObjects = filterDeletedOrphans(orphanObjects, deleted)
 
-	r := &result.CommandResult{
-		Objects:  collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, orphanObjects, deleted),
-		Warnings: dew.GetWarningsList(),
-	}
-	err = addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "prune")
-	if err != nil {
-		return r, err
-	}
-	return r, nil
+	r.Objects = collectObjects(cmd.targetCtx.DeploymentCollection, ru, nil, nil, orphanObjects, deleted)
+
+	return r
 }
 
 func FindOrphanObjects(k *k8s.K8sCluster, ru *utils2.RemoteObjectUtils, c *deployment.DeploymentCollection) ([]k8s2.ObjectRef, error) {
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 4b37ee359..b9f7e92ea 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -14,7 +14,7 @@ import (
 	"time"
 )
 
-func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.CommandResult, command string) error {
+func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.CommandResult, command string) {
 	r.Target = targetCtx.Target
 	r.Command = result.CommandInfo{
 		StartTime: metav1.NewTime(startTime),
@@ -36,43 +36,47 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTi
 	var err error
 	r.GitInfo, r.ProjectKey, err = buildGitInfo(targetCtx)
 	if err != nil {
-		return err
+		r.Errors = append(r.Errors, result.DeploymentError{
+			Message: err.Error(),
+		})
 	}
 
 	r.ClusterInfo, err = buildClusterInfo(targetCtx.SharedContext.K)
 	if err != nil {
-		return err
+		r.Errors = append(r.Errors, result.DeploymentError{
+			Message: err.Error(),
+		})
 	}
 
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
 	r.TargetKey.ClusterId = r.ClusterInfo.ClusterId
-
-	return nil
 }
 
-func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.ValidateResult) error {
+func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.ValidateResult) {
 	r.StartTime = metav1.NewTime(startTime)
 	r.EndTime = metav1.Now()
 	var err error
 	_, r.ProjectKey, err = buildGitInfo(targetCtx)
 	if err != nil {
-		return err
+		r.Errors = append(r.Errors, result.DeploymentError{
+			Message: err.Error(),
+		})
 	}
 
 	clusterInfo, err := buildClusterInfo(targetCtx.SharedContext.K)
 	if err != nil {
-		return err
+		r.Errors = append(r.Errors, result.DeploymentError{
+			Message: err.Error(),
+		})
 	}
 
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
 	r.TargetKey.ClusterId = clusterInfo.ClusterId
-
-	return nil
 }
 
-func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) error {
+func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) {
 	r.Command = result.CommandInfo{
 		StartTime: metav1.NewTime(startTime),
 		EndTime:   metav1.Now(),
@@ -87,10 +91,10 @@ func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, s
 	var err error
 	r.ClusterInfo, err = buildClusterInfo(k)
 	if err != nil {
-		return err
+		r.Errors = append(r.Errors, result.DeploymentError{
+			Message: err.Error(),
+		})
 	}
-
-	return nil
 }
 
 func buildGitInfo(targetCtx *kluctl_project.TargetContext) (result.GitInfo, result.ProjectKey, error) {
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 25d4a2735..32376365b 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -33,11 +33,7 @@ func NewValidateCommand(ctx context.Context, discriminator string, targetCtx *kl
 	return cmd
 }
 
-func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, error) {
-	ret := result.ValidateResult{
-		Ready: true,
-	}
-
+func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 	startTime := time.Now()
 	if cmd.r == nil {
 		startTime = cmd.targetCtx.KluctlProject.LoadTime
@@ -45,6 +41,16 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 
 	cmd.dew.Init()
 
+	r := &result.ValidateResult{
+		Ready: true,
+	}
+
+	defer func() {
+		r.Errors = append(r.Errors, cmd.dew.GetErrorsList()...)
+		r.Warnings = append(r.Warnings, cmd.dew.GetWarningsList()...)
+		addValidateCommandInfoToResult(cmd.targetCtx, startTime, r)
+	}()
+
 	var refs []k8s2.ObjectRef
 	var renderedObjects []*uo.UnstructuredObject
 	appliedObjects := map[k8s2.ObjectRef]*uo.UnstructuredObject{}
@@ -81,7 +87,8 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 
 	err := cmd.ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, refs, true)
 	if err != nil {
-		return nil, err
+		cmd.dew.AddError(k8s2.ObjectRef{}, err)
+		return r
 	}
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
@@ -104,27 +111,19 @@ func (cmd *ValidateCommand) Run(ctx context.Context) (*result.ValidateResult, er
 
 		remoteObject := cmd.ru.GetRemoteObject(ref)
 		if remoteObject == nil {
-			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
+			r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 			continue
 		}
 		r := validation.ValidateObject(cmd.targetCtx.SharedContext.K, remoteObject, true, false)
 		if !r.Ready {
-			ret.Ready = false
+			r.Ready = false
 		}
-		ret.Errors = append(ret.Errors, r.Errors...)
-		ret.Warnings = append(ret.Warnings, r.Warnings...)
-		ret.Results = append(ret.Results, r.Results...)
-	}
-
-	ret.Warnings = append(ret.Warnings, cmd.dew.GetWarningsList()...)
-	ret.Errors = append(ret.Errors, cmd.dew.GetErrorsList()...)
-
-	err = addValidateCommandInfoToResult(cmd.targetCtx, startTime, &ret)
-	if err != nil {
-		return nil, err
+		r.Errors = append(r.Errors, r.Errors...)
+		r.Warnings = append(r.Warnings, r.Warnings...)
+		r.Results = append(r.Results, r.Results...)
 	}
 
-	return &ret, nil
+	return r
 }
 
 func (cmd *ValidateCommand) ForgetRemoteObject(ref k8s2.ObjectRef) {

From 452e6577814a016365e830561f8c46b4651933ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 14:48:34 +0200
Subject: [PATCH 1594/2268] fix: Introduce newXXXResult funcs and let them do
 all generic intialisation

This ensures that things like clusterId fetching is happening before a
timeout, making sure that we always get a valid result.
---
 cmd/kluctl/commands/cmd_validate.go     |  2 +-
 pkg/controllers/kluctl_project.go       |  2 +-
 pkg/deployment/commands/delete.go       | 17 ++++++-------
 pkg/deployment/commands/deploy.go       |  7 ++---
 pkg/deployment/commands/diff.go         |  7 ++---
 pkg/deployment/commands/poke_images.go  |  7 ++---
 pkg/deployment/commands/prune.go        |  7 ++---
 pkg/deployment/commands/result_utils.go | 34 +++++++++++++++++++++----
 pkg/deployment/commands/validate.go     | 13 ++++------
 9 files changed, 52 insertions(+), 44 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 103bf9481..0eb3a5368 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -39,7 +39,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 	}
 
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewValidateCommand(cmdCtx.ctx, "", cmdCtx.targetCtx, nil)
+		cmd2 := commands.NewValidateCommand("", cmdCtx.targetCtx, nil)
 		return cmd.doValidate(cmdCtx, cmd2)
 	})
 }
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 144e15eee..be994b79f 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -868,7 +868,7 @@ func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *klu
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
-	cmd := commands.NewValidateCommand(ctx, targetContext.Target.Discriminator, targetContext, cmdResult)
+	cmd := commands.NewValidateCommand(targetContext.Target.Discriminator, targetContext, cmdResult)
 
 	validateResult := cmd.Run(ctx)
 	err := pt.writeValidateResult(ctx, validateResult, crId, objectsHash)
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 1a94ecd11..0bfb45a71 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -38,17 +38,16 @@ func (cmd *DeleteCommand) Run(ctx context.Context, k *k8s.K8sCluster, confirmCb
 	}
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
-	r := &result.CommandResult{}
+
+	var r *result.CommandResult
+	if cmd.targetCtx != nil {
+		r = newCommandResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, "delete")
+	} else {
+		r = newDeleteCommandResult(k, startTime, inclusion)
+	}
 
 	defer func() {
-		r.Errors = append(r.Errors, dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
-		if cmd.targetCtx != nil {
-			addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "delete")
-		} else {
-			addDeleteCommandInfoToResult(r, k, startTime, inclusion)
-		}
+		finishCommandResult(r, cmd.targetCtx, dew)
 	}()
 
 	discriminator := cmd.discriminator
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 52e0295f0..bf8ea813c 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -32,7 +32,7 @@ func NewDeployCommand(targetCtx *kluctl_project.TargetContext) *DeployCommand {
 func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult) error) *result.CommandResult {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	r := &result.CommandResult{}
+	r := newCommandResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, "deploy")
 	r.Command.ForceApply = cmd.ForceApply
 	r.Command.ReplaceOnError = cmd.ReplaceOnError
 	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
@@ -40,10 +40,7 @@ func (cmd *DeployCommand) Run(diffResultCb func(diffResult *result.CommandResult
 	r.Command.NoWait = cmd.NoWait
 
 	defer func() {
-		r.Errors = append(r.Errors, dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
-		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "deploy")
+		finishCommandResult(r, cmd.targetCtx, dew)
 	}()
 
 	if cmd.targetCtx.Target.Discriminator == "" {
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 89dbee6d1..7df4519f2 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -31,16 +31,13 @@ func NewDiffCommand(targetCtx *kluctl_project.TargetContext) *DiffCommand {
 func (cmd *DiffCommand) Run() *result.CommandResult {
 	dew := utils.NewDeploymentErrorsAndWarnings()
 
-	r := &result.CommandResult{}
+	r := newCommandResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, "diff")
 	r.Command.ForceApply = cmd.ForceApply
 	r.Command.ReplaceOnError = cmd.ReplaceOnError
 	r.Command.ForceReplaceOnError = cmd.ForceReplaceOnError
 
 	defer func() {
-		r.Errors = append(r.Errors, dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
-		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "diff")
+		finishCommandResult(r, cmd.targetCtx, dew)
 	}()
 
 	if cmd.targetCtx.Target.Discriminator == "" {
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 6de94834b..5df9c2af3 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -26,13 +26,10 @@ func (cmd *PokeImagesCommand) Run() *result.CommandResult {
 
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	r := &result.CommandResult{}
+	r := newCommandResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, "poke-images")
 
 	defer func() {
-		r.Errors = append(r.Errors, dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
-		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "poke-images")
+		finishCommandResult(r, cmd.targetCtx, dew)
 	}()
 
 	ru := utils2.NewRemoteObjectsUtil(cmd.targetCtx.SharedContext.Ctx, dew)
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index cb67a732f..a0bdd86c5 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -27,13 +27,10 @@ func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetConte
 func (cmd *PruneCommand) Run(confirmCb func(refs []k8s2.ObjectRef) error) *result.CommandResult {
 	dew := utils2.NewDeploymentErrorsAndWarnings()
 
-	r := &result.CommandResult{}
+	r := newCommandResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, "prune")
 
 	defer func() {
-		r.Errors = append(r.Errors, dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-		r.SeenImages = cmd.targetCtx.DeploymentCollection.Images.SeenImages(false)
-		addBaseCommandInfoToResult(cmd.targetCtx, cmd.targetCtx.KluctlProject.LoadTime, r, "prune")
+		finishCommandResult(r, cmd.targetCtx, dew)
 	}()
 
 	discriminator := cmd.discriminator
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index b9f7e92ea..e6459144e 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	git2 "github.com/go-git/go-git/v5"
+	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
@@ -14,11 +15,12 @@ import (
 	"time"
 )
 
-func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.CommandResult, command string) {
+func newCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, command string) *result.CommandResult {
+	r := &result.CommandResult{}
+
 	r.Target = targetCtx.Target
 	r.Command = result.CommandInfo{
 		StartTime: metav1.NewTime(startTime),
-		EndTime:   metav1.Now(),
 		Command:   command,
 		Args:      targetCtx.KluctlProject.LoadArgs.ExternalArgs,
 	}
@@ -51,9 +53,13 @@ func addBaseCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTi
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
 	r.TargetKey.ClusterId = r.ClusterInfo.ClusterId
+
+	return r
 }
 
-func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, r *result.ValidateResult) {
+func newValidateCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Time) *result.ValidateResult {
+	r := &result.ValidateResult{}
+
 	r.StartTime = metav1.NewTime(startTime)
 	r.EndTime = metav1.Now()
 	var err error
@@ -74,12 +80,15 @@ func addValidateCommandInfoToResult(targetCtx *kluctl_project.TargetContext, sta
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
 	r.TargetKey.ClusterId = clusterInfo.ClusterId
+
+	return r
 }
 
-func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) {
+func newDeleteCommandResult(k *k8s2.K8sCluster, startTime time.Time, inclusion *utils.Inclusion) *result.CommandResult {
+	r := &result.CommandResult{}
+
 	r.Command = result.CommandInfo{
 		StartTime: metav1.NewTime(startTime),
-		EndTime:   metav1.Now(),
 		Command:   "delete",
 	}
 
@@ -95,6 +104,21 @@ func addDeleteCommandInfoToResult(r *result.CommandResult, k *k8s2.K8sCluster, s
 			Message: err.Error(),
 		})
 	}
+
+	return r
+}
+
+func finishCommandResult(r *result.CommandResult, targetCtx *kluctl_project.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
+	r.Errors = append(r.Errors, dew.GetErrorsList()...)
+	r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+	r.SeenImages = targetCtx.DeploymentCollection.Images.SeenImages(false)
+	r.Command.EndTime = metav1.Now()
+}
+
+func finishValidateResult(r *result.ValidateResult, targetCtx *kluctl_project.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
+	r.Errors = append(r.Errors, dew.GetErrorsList()...)
+	r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
+	r.EndTime = metav1.Now()
 }
 
 func buildGitInfo(targetCtx *kluctl_project.TargetContext) (result.GitInfo, result.ProjectKey, error) {
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 32376365b..f4fa1b0a2 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -22,14 +22,14 @@ type ValidateCommand struct {
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(ctx context.Context, discriminator string, targetCtx *kluctl_project.TargetContext, r *result.CommandResult) *ValidateCommand {
+func NewValidateCommand(discriminator string, targetCtx *kluctl_project.TargetContext, r *result.CommandResult) *ValidateCommand {
 	cmd := &ValidateCommand{
 		targetCtx:     targetCtx,
 		r:             r,
 		discriminator: discriminator,
 		dew:           utils2.NewDeploymentErrorsAndWarnings(),
 	}
-	cmd.ru = utils2.NewRemoteObjectsUtil(ctx, cmd.dew)
+	cmd.ru = utils2.NewRemoteObjectsUtil(targetCtx.SharedContext.Ctx, cmd.dew)
 	return cmd
 }
 
@@ -41,14 +41,11 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 	cmd.dew.Init()
 
-	r := &result.ValidateResult{
-		Ready: true,
-	}
+	r := newValidateCommandResult(cmd.targetCtx, startTime)
+	r.Ready = true
 
 	defer func() {
-		r.Errors = append(r.Errors, cmd.dew.GetErrorsList()...)
-		r.Warnings = append(r.Warnings, cmd.dew.GetWarningsList()...)
-		addValidateCommandInfoToResult(cmd.targetCtx, startTime, r)
+		finishValidateResult(r, cmd.targetCtx, cmd.dew)
 	}()
 
 	var refs []k8s2.ObjectRef

From 8d3e00fa1f6ce82bdf8a47953b5feca3da1b17ae Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 14:49:37 +0200
Subject: [PATCH 1595/2268] fix: Use dedicated ctx with timeout actual work and
 the orifinal ctx for the rest

This ensures that writing command results and status is not affected by
timeouts.
---
 pkg/controllers/kluctldeployment_controller.go | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 5c4b32362..9a4dbdba7 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -78,10 +78,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
-	var cancel context.CancelFunc
-	ctx, cancel = context.WithTimeout(ctx, r.calcTimeout(obj))
-	defer cancel()
-
 	retryInterval := obj.Spec.GetRetryInterval()
 	interval := obj.Spec.Interval.Duration
 
@@ -239,7 +235,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	obj.Status.LastPrepareError = ""
 
-	pp, err := prepareProject(ctx, r, obj, true)
+	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
+	defer cancel()
+
+	pp, err := prepareProject(timeoutCtx, r, obj, true)
 	if err != nil {
 		return doFailPrepare(err)
 	}
@@ -277,12 +276,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	pt := pp.newTarget()
 
-	lp, err := pp.loadKluctlProject(ctx, pt, j2)
+	lp, err := pp.loadKluctlProject(timeoutCtx, pt, j2)
 	if err != nil {
 		return doFailPrepare(err)
 	}
 
-	targetContext, err := pt.loadTarget(ctx, lp)
+	targetContext, err := pt.loadTarget(timeoutCtx, lp)
 	if targetContext != nil {
 		clusterId, err := targetContext.SharedContext.K.GetClusterId()
 		if err != nil {

From 3442b3ad6bd37838502e64b07adb20da128faacd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 15:39:45 +0200
Subject: [PATCH 1596/2268] fix: Don't shadow result var

---
 pkg/deployment/commands/validate.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index f4fa1b0a2..5cf6684fc 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -41,11 +41,11 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 	cmd.dew.Init()
 
-	r := newValidateCommandResult(cmd.targetCtx, startTime)
-	r.Ready = true
+	ret := newValidateCommandResult(cmd.targetCtx, startTime)
+	ret.Ready = true
 
 	defer func() {
-		finishValidateResult(r, cmd.targetCtx, cmd.dew)
+		finishValidateResult(ret, cmd.targetCtx, cmd.dew)
 	}()
 
 	var refs []k8s2.ObjectRef
@@ -85,7 +85,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 	err := cmd.ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, refs, true)
 	if err != nil {
 		cmd.dew.AddError(k8s2.ObjectRef{}, err)
-		return r
+		return ret
 	}
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
@@ -108,19 +108,19 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 		remoteObject := cmd.ru.GetRemoteObject(ref)
 		if remoteObject == nil {
-			r.Errors = append(r.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
+			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 			continue
 		}
 		r := validation.ValidateObject(cmd.targetCtx.SharedContext.K, remoteObject, true, false)
 		if !r.Ready {
-			r.Ready = false
+			ret.Ready = false
 		}
-		r.Errors = append(r.Errors, r.Errors...)
-		r.Warnings = append(r.Warnings, r.Warnings...)
-		r.Results = append(r.Results, r.Results...)
+		ret.Errors = append(ret.Errors, r.Errors...)
+		ret.Warnings = append(ret.Warnings, r.Warnings...)
+		ret.Results = append(ret.Results, r.Results...)
 	}
 
-	return r
+	return ret
 }
 
 func (cmd *ValidateCommand) ForgetRemoteObject(ref k8s2.ObjectRef) {

From 319c3c04d15e87db0a080f3d5bdf3422516904a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Sep 2023 16:11:12 +0200
Subject: [PATCH 1597/2268] fix: Fix crash when no targetCtx is available

---
 pkg/deployment/commands/result_utils.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index e6459144e..da4587872 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -111,7 +111,9 @@ func newDeleteCommandResult(k *k8s2.K8sCluster, startTime time.Time, inclusion *
 func finishCommandResult(r *result.CommandResult, targetCtx *kluctl_project.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
 	r.Errors = append(r.Errors, dew.GetErrorsList()...)
 	r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
-	r.SeenImages = targetCtx.DeploymentCollection.Images.SeenImages(false)
+	if targetCtx != nil {
+		r.SeenImages = targetCtx.DeploymentCollection.Images.SeenImages(false)
+	}
 	r.Command.EndTime = metav1.Now()
 }
 

From 20566600269ea71ea7a68d38c57540b1becdb3eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 17 Sep 2023 12:23:55 +0200
Subject: [PATCH 1598/2268] chore(deps): Bump github.com/getsops/sops/v3 from
 3.8.0-rc.1 to 3.8.0 (#796)

Bumps [github.com/getsops/sops/v3](https://github.com/getsops/sops) from 3.8.0-rc.1 to 3.8.0.
- [Release notes](https://github.com/getsops/sops/releases)
- [Changelog](https://github.com/getsops/sops/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/getsops/sops/compare/v3.8.0-rc.1...v3.8.0)

---
updated-dependencies:
- dependency-name: github.com/getsops/sops/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 14 +++++++-------
 go.sum | 47 ++++++++++++++---------------------------------
 2 files changed, 21 insertions(+), 40 deletions(-)

diff --git a/go.mod b/go.mod
index 13448ef36..67e11bd6c 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/getsops/sops/v3 v3.8.0-rc.1
+	github.com/getsops/sops/v3 v3.8.0
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.9.0
@@ -92,12 +92,12 @@ require (
 	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.1.2 // indirect
-	cloud.google.com/go/kms v1.15.1 // indirect
+	cloud.google.com/go/kms v1.15.2 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
@@ -167,7 +167,7 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.5 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
@@ -259,10 +259,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.138.0 // indirect
+	google.golang.org/api v0.141.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 431a89232..3b2240a43 100644
--- a/go.sum
+++ b/go.sum
@@ -32,8 +32,8 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
 cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/kms v1.15.1 h1:HUC3fAoepH3RpcQXiJhXWWYizjQ5r7YjI7SO9ZbHf9s=
-cloud.google.com/go/kms v1.15.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
+cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE=
+cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -59,10 +59,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0 h1:yfJe15aSwEQ6Oo6J+gdfdulPNoZ3TEhmbhLIoxZcA+U=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0/go.mod h1:Q28U+75mpCaSCDowNEmhIo/rmgdkqmkmzI7N6TGR4UY=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
@@ -100,7 +100,6 @@ github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
@@ -157,7 +156,6 @@ github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTx
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
@@ -177,10 +175,6 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/containerd v1.7.4 h1:Q5lwCrO44ahHhO65rXthXkfJUG5W78LXwK9gTt8XFfU=
 github.com/containerd/containerd v1.7.4/go.mod h1:gq7JDNtCrI1Zlcc572a9tvP1f1Ja8VBxiB9J00apAtU=
@@ -228,7 +222,6 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -249,9 +242,8 @@ github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/FlgqECyS5ywq8cSN9j1fwZg6uyZ7G0B0=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
-github.com/getsops/sops/v3 v3.8.0-rc.1 h1:Wlp+Ai91a98swEwsHEgxILGjVMMONtdZNM6PRunq7A8=
-github.com/getsops/sops/v3 v3.8.0-rc.1/go.mod h1:5RoZaVWqieZNdNrwPFcZfBQ2YgN+BWCnSY3rDOoqFVg=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/getsops/sops/v3 v3.8.0 h1:jMbaxVKxGDGp36DejvXvqWDh2vRJmUSDHKWNcHNYfZE=
+github.com/getsops/sops/v3 v3.8.0/go.mod h1:1t7vEMUbtBzLfhKQXHYQg7TYOAcBLLZNHGuAV6EJtz0=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -359,7 +351,6 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -405,8 +396,8 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg=
-github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -438,7 +429,6 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -661,7 +651,6 @@ github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
@@ -767,7 +756,6 @@ go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26
 go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
 go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
 go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
@@ -791,7 +779,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
@@ -983,7 +970,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
@@ -1073,8 +1059,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0=
-google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY=
+google.golang.org/api v0.141.0 h1:Df6vfMgDoIM6ss0m7H4MPwFwY87WNXHfBIda/Bmfl4E=
+google.golang.org/api v0.141.0/go.mod h1:iZqLkdPlXKyG0b90eu6KxVSE4D/ccRF2e/doKD2CnQQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1106,7 +1092,6 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
@@ -1124,8 +1109,8 @@ google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832 h1:/30npZKtUjXqju7
 google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb h1:Isk1sSH7bovx8Rti2wZK0UZF6oraBDK74uoyLEEVFN0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1139,12 +1124,9 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58=
 google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1176,7 +1158,6 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=

From 715547e10ff0492031dbf5bb39a4c7818d06ab5e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Sep 2023 12:05:00 +0200
Subject: [PATCH 1599/2268] tests: Call ctrl.SetLogger at init() time (#797)

---
 e2e/gitops_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index ddc9fa2f1..8435a7fac 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -15,9 +15,11 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/klog/v2"
 	"math/rand"
 	"os"
 	"path/filepath"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"testing"
@@ -31,6 +33,11 @@ const (
 	interval = time.Second * 5
 )
 
+func init() {
+	// this must be called in the first 30 seconds of startup, so we have to do it here at init() time
+	ctrl.SetLogger(klog.NewKlogr())
+}
+
 type GitopsTestSuite struct {
 	suite.Suite
 

From debd8f4fd7c676fe2ce59d38438c8aae5b496a97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Sep 2023 14:07:43 +0200
Subject: [PATCH 1600/2268] build: Preparing release v2.21.2

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl.yaml                  | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl.yaml                       | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 1b65908a2..978386e5d 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.1
+        tag: v2.21.2
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 6a1b8fb61..f54b27c40 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.1
+        tag: v2.21.2
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 985cc20fc..60a2aebaa 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.1
+        tag: v2.21.2
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.21.1
+            kluctl_version: v2.21.2
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.1
+        tag: v2.21.2
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index b2c7f5d69..7ba65080f 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.21.1
+         tag: v2.21.2
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index 040b58a18..e66855346 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.1
+    default: v2.21.2
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index bb8e6c99b..c0193624b 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.1") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.2") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl.yaml
index 02eb4b562..c6523eea2 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl.yaml
@@ -4,7 +4,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.1
+    default: v2.21.2
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 97264f6ee..0a3dac94c 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.21.1") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.21.2") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 6315453f6f5c12a119dfc629d1a8a4c35e1261fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:44:36 +0200
Subject: [PATCH 1601/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/sts (#799)

Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.21.5 to 1.22.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.22.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.21.5...service/s3/v1.22.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 67e11bd6c..4006d6a20 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.18.39
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.37
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0
 	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
diff --git a/go.sum b/go.sum
index 3b2240a43..29328d873 100644
--- a/go.sum
+++ b/go.sum
@@ -128,8 +128,9 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd1
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 h1:pSB560BbVj9ZlJZF4WYj5zsytWHWKxg+NgyGV4B2L58=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

From 8e5803a5634d60896b10cae95d8acd55154f16c6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:45:08 +0200
Subject: [PATCH 1602/2268] chore(deps): Bump docker/setup-buildx-action from 2
 to 3 (#802)

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml     | 2 +-
 .github/workflows/preview-run.yml | 2 +-
 .github/workflows/release.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index aefa0becc..9a4812eb0 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -36,7 +36,7 @@ jobs:
         uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 97a7b42f4..2980e76dc 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -102,7 +102,7 @@ jobs:
       # BUILD
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build binary
         run: |
           make build-webui
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index cf2a63a34..ebd672a89 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
         uses: docker/setup-qemu-action@v2
       - name: Setup Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry

From bd553e28fe156541f8a97827fc1237a83a3acb87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:45:16 +0200
Subject: [PATCH 1603/2268] chore(deps): Bump docker/login-action from 2 to 3
 (#803)

Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 9a4812eb0..dddb17527 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -40,7 +40,7 @@ jobs:
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: kluctlbot
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ebd672a89..981fe9f8e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Setup Syft
         uses: anchore/sbom-action/download-syft@v0
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: kluctlbot

From f37bd78cdaab3dd92cb0ce7bfdf63a060cb8565b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:45:34 +0200
Subject: [PATCH 1604/2268] chore(deps): Bump docker/build-push-action from 4
 to 5 (#804)

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/preview-run.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 2980e76dc..8ab4a1e9c 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -108,7 +108,7 @@ jobs:
           make build-webui
           make build-bin
       - name: Build and push Docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: false

From 92567707f7124fce237b4770307f3d3f6b7cdfb4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:45:43 +0200
Subject: [PATCH 1605/2268] chore(deps): Bump docker/setup-qemu-action from 2
 to 3 (#805)

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index dddb17527..25f6bd538 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -33,7 +33,7 @@ jobs:
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 981fe9f8e..3a57a34b8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
         with:
           go-version: 1.19
       - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3

From 215a03ce12c5721b47d786e7ce51244d85ffd6f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 08:47:46 +0200
Subject: [PATCH 1606/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/credentials (#800)

Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.13.37 to 1.13.38.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.13.37...credentials/v1.13.38)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 6 +++---
 go.sum | 9 ++++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 4006d6a20..a5cb5c8c2 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.39
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.37
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.38
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0
 	github.com/aws/smithy-go v1.14.2
@@ -115,8 +115,8 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.14.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
diff --git a/go.sum b/go.sum
index 29328d873..0af4718b1 100644
--- a/go.sum
+++ b/go.sum
@@ -108,8 +108,9 @@ github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzR
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
 github.com/aws/aws-sdk-go-v2/config v1.18.39 h1:oPVyh6fuu/u4OiW4qcuQyEtk7U7uuNBmHmJSLg1AJsQ=
 github.com/aws/aws-sdk-go-v2/config v1.18.39/go.mod h1:+NH/ZigdPckFpgB1TRcRuWCB/Kbbvkxc/iNAKTq5RhE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.37 h1:BvEdm09+ZEh2XtN+PVHPcYwKY3wIeB6pw7vPRM4M9/U=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.37/go.mod h1:ACLrdkd4CLZyXOghZ8IYumQbcooAcp2jo/s2xsFH8IM=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.38 h1:gDAuCdVlA4lmmgQhvpZlscwicloCqH44vkxLklGkQLA=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.38/go.mod h1:sD4G/Ybgp6s89mWIES3Xn97CsRLpxvz9uVSdv0UxY8I=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
@@ -124,10 +125,12 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8Zu
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.6 h1:2PylFCfKCEDv6PeSN09pC/VUiRd10wi1VfHG5FrW0/g=
 github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6 h1:pSB560BbVj9ZlJZF4WYj5zsytWHWKxg+NgyGV4B2L58=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.0 h1:AR/hlTsCyk1CwlyKnPFvIMvnONydRjDDRT9OGb0i+/g=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0 h1:vbgiXuhtn49+erlPrgIvQ+J32rg1HseaPf8lEpKbkxQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=

From 70e8778321435bea197cee9d648be8c585b40ca6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Sep 2023 18:03:39 +0200
Subject: [PATCH 1607/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#801)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.39 to 1.18.40.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.39...config/v1.18.40)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index a5cb5c8c2..98ba9c840 100644
--- a/go.mod
+++ b/go.mod
@@ -56,7 +56,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.39
+	github.com/aws/aws-sdk-go-v2/config v1.18.40
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.38
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0
diff --git a/go.sum b/go.sum
index 0af4718b1..eff0ab992 100644
--- a/go.sum
+++ b/go.sum
@@ -106,9 +106,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.39 h1:oPVyh6fuu/u4OiW4qcuQyEtk7U7uuNBmHmJSLg1AJsQ=
-github.com/aws/aws-sdk-go-v2/config v1.18.39/go.mod h1:+NH/ZigdPckFpgB1TRcRuWCB/Kbbvkxc/iNAKTq5RhE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.37/go.mod h1:ACLrdkd4CLZyXOghZ8IYumQbcooAcp2jo/s2xsFH8IM=
+github.com/aws/aws-sdk-go-v2/config v1.18.40 h1:dbu1llI/nTIL+r6sYHMeVLl99DM8J8/o1I4EPurnhLg=
+github.com/aws/aws-sdk-go-v2/config v1.18.40/go.mod h1:JjrCZQwSPGCoZRQzKHyZNNueaKO+kFaEy2sR6mCzd90=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.38 h1:gDAuCdVlA4lmmgQhvpZlscwicloCqH44vkxLklGkQLA=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.38/go.mod h1:sD4G/Ybgp6s89mWIES3Xn97CsRLpxvz9uVSdv0UxY8I=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
@@ -125,13 +124,10 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8Zu
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.6/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.0 h1:AR/hlTsCyk1CwlyKnPFvIMvnONydRjDDRT9OGb0i+/g=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.6/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0 h1:vbgiXuhtn49+erlPrgIvQ+J32rg1HseaPf8lEpKbkxQ=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=

From 70801077b2d3a2c712509ec1a57f6bcbda2f5891 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mgebbe@hellmann.com>
Date: Sun, 24 Sep 2023 02:04:42 +0200
Subject: [PATCH 1608/2268] feat: add var source load from azure key vault

---
 go.mod                     |  4 +++-
 go.sum                     |  8 ++++++--
 pkg/types/vars_source.go   |  8 ++++++++
 pkg/vars/azure/keyvault.go | 23 +++++++++++++++++++++++
 pkg/vars/vars_loader.go    | 18 ++++++++++++++++++
 5 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 pkg/vars/azure/keyvault.go

diff --git a/go.mod b/go.mod
index 98ba9c840..2e18ad95e 100644
--- a/go.mod
+++ b/go.mod
@@ -55,6 +55,7 @@ require (
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.21.0
 	github.com/aws/aws-sdk-go-v2/config v1.18.40
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.38
@@ -96,10 +97,11 @@ require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index eff0ab992..7b3b39c50 100644
--- a/go.sum
+++ b/go.sum
@@ -59,6 +59,10 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
+github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
@@ -67,8 +71,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 3c24aba44..54fefd501 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -48,6 +48,13 @@ type VarsSourceAwsSecretsManager struct {
 	Profile *string `json:"profile,omitempty"`
 }
 
+type VarSourceAzureKeyVault struct {
+	// Name or ARN of the secret. In case a name is given, the region must be specified as well
+	VaultUri string `json:"vaultUri" validate:"required"`
+	// Name of the secret
+	SecretName string `json:"secretName" validate:"required"`
+}
+
 type VarsSourceGcpSecretManager struct {
 	// Name of the secret. Should be provided in relative resource name format: "projects/my-project/secrets/secret/versions/latest"
 	SecretName string `json:"secretName" validate:"required"`
@@ -73,6 +80,7 @@ type VarsSource struct {
 	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty"`
 	GcpSecretManager  *VarsSourceGcpSecretManager         `json:"gcpSecretManager,omitempty"`
 	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
+	AzureKeyVault     *VarSourceAzureKeyVault             `json:"azureKeyVault,omitempty"`
 
 	When string `json:"when,omitempty"`
 
diff --git a/pkg/vars/azure/keyvault.go b/pkg/vars/azure/keyvault.go
new file mode 100644
index 000000000..8d7c38ab4
--- /dev/null
+++ b/pkg/vars/azure/keyvault.go
@@ -0,0 +1,23 @@
+package azure
+
+import (
+	"context"
+	"fmt"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
+)
+
+func GetAzureKeyVaultSecret(ctx context.Context, vaultUri string, secretName string) (string, error) {
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		return "", fmt.Errorf("login to azure not working cannot get Azure credential")
+	}
+	client, err := azsecrets.NewClient(vaultUri, cred, nil)
+	// Get a secret. An empty string version gets the latest version of the secret.
+	version := ""
+	resp, err := client.GetSecret(ctx, secretName, version, nil)
+	if err != nil {
+		return "", fmt.Errorf("failed to get the secret %s", secretName)
+	}
+	return *resp.Value, nil
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 3c0c445d9..a7bb01b7d 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -18,6 +18,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
+	"github.com/kluctl/kluctl/v2/pkg/vars/azure"
 	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -131,6 +132,9 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 	} else if source.Vault != nil {
 		newVars, err = v.loadVault(varsCtx, &source, ignoreMissing)
 		sensitive = true
+	} else if source.AzureKeyVault != nil {
+		newVars, err = v.loadAzureKeyVault(varsCtx, &source, ignoreMissing)
+		sensitive = true
 	} else {
 		return fmt.Errorf("invalid vars source")
 	}
@@ -283,6 +287,20 @@ func (v *VarsLoader) loadGcpSecretManager(varsCtx *VarsCtx, source *types.VarsSo
 	return v.loadFromString(varsCtx, secret)
 }
 
+func (v *VarsLoader) loadAzureKeyVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+	secret, err := azure.GetAzureKeyVaultSecret(v.ctx, source.AzureKeyVault.VaultUri, source.AzureKeyVault.SecretName)
+	if err != nil {
+		return nil, err
+	}
+	if secret == "" {
+		if ignoreMissing {
+			return uo.New(), nil
+		}
+		return nil, fmt.Errorf("the specified azure-key-vault secret was not found")
+	}
+	return v.loadFromString(varsCtx, secret)
+}
+
 func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignoreMissing bool) (*uo.UnstructuredObject, error) {
 	secret, err := vault.GetSecret(source.Vault.Address, source.Vault.Path)
 	if err != nil {

From a1b2e32a9ed592de91793b89ed7fa2b4d0178b79 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mgebbe@hellmann.com>
Date: Sun, 24 Sep 2023 02:10:51 +0200
Subject: [PATCH 1609/2268] doc: add azureKeyVault in variable-sources doc

---
 docs/kluctl/templating/variable-sources.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 61218a250..19f4e8e6b 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -288,6 +288,27 @@ vars:
 
 It is recommended to use [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) when you are using kluctl controller. To run it locally provide path to service account json file by setting environment variable `GOOGLE_APPLICATION_CREDENTIALS`.
 
+### azureKeyVault
+[Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault/) integration.
+Loads a variables YAML from an Azure Key Vault.
+
+Example
+```yaml
+vars:
+  - azureKeyVault:
+      vaultUri: "https://example.vault.azure.net/"
+      secretName: kluctl
+```
+
+SDK [azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) supports `az login`
+or Environment Variables
+```bash
+  export AZURE_CLIENT_ID="__CLIENT_ID__"
+  export AZURE_CLIENT_SECRET="__CLIENT_SECRET__"
+  export AZURE_TENANT_ID="__TENANT_ID__"
+  export AZURE_SUBSCRIPTION_ID="__SUBSCRIPTION_ID__"
+```
+
 ### vault
 
 [Vault by HashiCorp](https://www.vaultproject.io/) with [Tokens](https://www.vaultproject.io/docs/concepts/tokens) 

From 9c61a1d4cf02f5c243153009543ff92c2d62479b Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Sun, 24 Sep 2023 22:49:00 +0400
Subject: [PATCH 1610/2268] feat: Allow to set service account annotations
 (#808)

* Patching ServiceAccount annotations

* Update docs on how to annotate service account

* Fix typo in docs and add documentation on needed role for google service account
---
 docs/kluctl/templating/variable-sources.md       | 13 +++++++++++--
 install/controller/.kluctl.yaml                  |  2 ++
 install/controller/controller/kustomization.yaml |  9 +++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 61218a250..48a3b4fe3 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -275,7 +275,7 @@ writing the configuration) doesn't have to be specified.
 
 ### gcpSecretManager
 [Google Secret Manager](https://cloud.google.com/secret-manager) integration. Loads a variables YAML from a Google Secrets
-Manager secret. The secret can be specified via full resource name.
+Manager secret. The secret name should be specified in `projects/*/secrets/*/versions/*` [format](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/get#path-parameters).
 
 The secrets stored in Google Secrets manager must contain a valid yaml or json file.
 
@@ -286,7 +286,16 @@ vars:
       secretName: "projects/my-project/secrets/secret/versions/latest"
 ```
 
-It is recommended to use [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) when you are using kluctl controller. To run it locally provide path to service account json file by setting environment variable `GOOGLE_APPLICATION_CREDENTIALS`.
+It is recommended to use [workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) when you are using kluctl controller. You will need to annotate kluctl controller service account with service account name created in your google project:
+
+```
+    args:
+      controller_service_account_annotations:
+        iam.gke.io/gcp-service-account: kluctl-controller@PROJECT-NAME.iam.gserviceaccount.com
+```
+substitute PROJECT-NAME with your real project name in google. Service account in your google project should have role `roles/secretmanager.secretAccessor` to access secrets.
+
+To run kluctl locally with gcpSecretManager enabled refer to [setting local development environment](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev) article.
 
 ### vault
 
diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl.yaml
index e66855346..64975fbea 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl.yaml
@@ -17,3 +17,5 @@ args:
     default: []
   - name: controller_priority_class_name
     default: {}
+  - name: controller_service_account_annotations
+    default: {}
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index c0193624b..6c3a674d4 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -53,3 +53,12 @@ patches:
         path: /spec/template/spec/priorityClassName
         value: {{ get_var("args.controller_priority_class_name", none) | to_json }}
 {% endif %}
+{% if get_var("args.controller_service_account_annotations", none) %}
+  - target:
+      kind: ServiceAccount
+      name: kluctl-controller
+    patch: |-
+      - op: add
+        path: /metadata/annotations
+        value: {{ get_var("args.controller_service_account_annotations", none) | to_json }}
+{% endif %}

From ac6aa868103a89f2585ffad5cb88e955b6859449 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Sep 2023 11:23:18 +0200
Subject: [PATCH 1611/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/config (#809)

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.40 to 1.18.42.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.40...config/v1.18.42)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 98ba9c840..82b0edaeb 100644
--- a/go.mod
+++ b/go.mod
@@ -56,8 +56,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.40
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.38
+	github.com/aws/aws-sdk-go-v2/config v1.18.42
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.40
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0
 	github.com/aws/smithy-go v1.14.2
@@ -112,11 +112,11 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.14.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
diff --git a/go.sum b/go.sum
index eff0ab992..0f083355e 100644
--- a/go.sum
+++ b/go.sum
@@ -106,28 +106,28 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.40 h1:dbu1llI/nTIL+r6sYHMeVLl99DM8J8/o1I4EPurnhLg=
-github.com/aws/aws-sdk-go-v2/config v1.18.40/go.mod h1:JjrCZQwSPGCoZRQzKHyZNNueaKO+kFaEy2sR6mCzd90=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.38 h1:gDAuCdVlA4lmmgQhvpZlscwicloCqH44vkxLklGkQLA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.38/go.mod h1:sD4G/Ybgp6s89mWIES3Xn97CsRLpxvz9uVSdv0UxY8I=
+github.com/aws/aws-sdk-go-v2/config v1.18.42 h1:28jHROB27xZwU0CB88giDSjz7M1Sba3olb5JBGwina8=
+github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.40 h1:s8yOkDh+5b1jUDhMBtngF6zKWLDs84chUk2Vk0c38Og=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 h1:GPUcE/Yq7Ur8YSUk6lVkoIMWnJNO0HT18GUzCWCgCI0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8ZuZr7dXKjyaOw94/Q=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.0 h1:AR/hlTsCyk1CwlyKnPFvIMvnONydRjDDRT9OGb0i+/g=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0 h1:vbgiXuhtn49+erlPrgIvQ+J32rg1HseaPf8lEpKbkxQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.16.0/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 h1:YkNzx1RLS0F5qdf9v1Q8Cuv9NXCL2TkosOxhzlUPV64=
+github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=

From 3ce9f725b5c247fdb5170e78e5008d43dc16a155 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Sep 2023 11:23:32 +0200
Subject: [PATCH 1612/2268] chore(deps): Bump google.golang.org/grpc from
 1.58.1 to 1.58.2 (#810)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.1 to 1.58.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.1...v1.58.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 82b0edaeb..53d053d89 100644
--- a/go.mod
+++ b/go.mod
@@ -80,7 +80,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.12.0
 	google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832
-	google.golang.org/grpc v1.58.1
+	google.golang.org/grpc v1.58.2
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
diff --git a/go.sum b/go.sum
index 0f083355e..29cd58b72 100644
--- a/go.sum
+++ b/go.sum
@@ -1127,8 +1127,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.58.1 h1:OL+Vz23DTtrrldqHK49FUOPHyY75rvFqJfXC84NYW58=
-google.golang.org/grpc v1.58.1/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
+google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From b7c1100a63a043f57408b0ef7132394269fa9a9c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Sep 2023 11:33:26 +0200
Subject: [PATCH 1613/2268] chore: Upgrade to go 1.21 (#814)

---
 .github/workflows/nightly.yml       |  2 +-
 .github/workflows/preview-proxy.yml |  2 +-
 .github/workflows/preview-run.yml   |  2 +-
 .github/workflows/release.yml       |  2 +-
 .github/workflows/tests.yml         |  4 +--
 DEVELOPMENT.md                      |  2 +-
 go.mod                              |  2 +-
 go.sum                              | 53 +++++++++++++++++++++++++++++
 8 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 25f6bd538..881dc4a0a 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.21
       - uses: actions/setup-node@v3
         with:
           node-version: 20
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 61314ff89..81b13a2ba 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -37,7 +37,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.21
       - name: Install some tools
         run: |
           sudo apt update
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 8ab4a1e9c..0cffacc97 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.21
       - uses: actions/setup-node@v3
         with:
           node-version: 20
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3a57a34b8..b76c7ff9e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.19
+          go-version: 1.21
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 76565bbd5..339df505a 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.19'
+          go-version: '1.21'
       - uses: actions/setup-node@v3
         with:
           node-version: 20
@@ -114,7 +114,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.19'
+          go-version: '1.21'
       - uses: actions/cache@v3
         with:
           path: |
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
index 015f2a904..f123f97a7 100644
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -16,7 +16,7 @@ If any of the above dependencies are not present on your system, the first invoc
 ## How to run the test suite
 
 Prerequisites:
-* Go >= 1.19
+* Go >= 1.21
 
 You can run the test suite by simply doing
 
diff --git a/go.mod b/go.mod
index 53d053d89..4d5232a52 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.19
+go 1.21
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
diff --git a/go.sum b/go.sum
index 29cd58b72..8c4dcfe2d 100644
--- a/go.sum
+++ b/go.sum
@@ -18,6 +18,7 @@ cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKP
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o=
+cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -74,6 +75,7 @@ github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
+github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -89,10 +91,13 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
+github.com/Microsoft/hcsshim v0.10.0-rc.8/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
 github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
+github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
@@ -100,8 +105,10 @@ github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
@@ -134,6 +141,7 @@ github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
+github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -144,9 +152,13 @@ github.com/bitnami-labs/sealed-secrets v0.24.0/go.mod h1:opL4DB1wOQd6dAfmS3lbLxw
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
+github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
+github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
+github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
+github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
@@ -155,6 +167,7 @@ github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf5
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -176,9 +189,11 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/containerd v1.7.4 h1:Q5lwCrO44ahHhO65rXthXkfJUG5W78LXwK9gTt8XFfU=
 github.com/containerd/containerd v1.7.4/go.mod h1:gq7JDNtCrI1Zlcc572a9tvP1f1Ja8VBxiB9J00apAtU=
 github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381 h1:a5jOuoZHKBi2oH9JsfNqrrPpHhmrYU0NAte3M/EPudw=
+github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
@@ -187,6 +202,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHH
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -195,7 +211,9 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
+github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
 github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
@@ -207,12 +225,15 @@ github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHO
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
+github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
+github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -234,8 +255,11 @@ github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYF
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
+github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
@@ -252,6 +276,7 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
+github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -259,6 +284,7 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmS
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
 github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY=
 github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -289,6 +315,7 @@ github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogB
 github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
@@ -302,10 +329,15 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
+github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
+github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
 github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=
+github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
@@ -354,6 +386,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
+github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
@@ -395,6 +428,7 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -414,6 +448,7 @@ github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
@@ -454,6 +489,7 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
@@ -512,6 +548,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -535,8 +572,11 @@ github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3v
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
+github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
 github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
+github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -554,10 +594,12 @@ github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZ
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
+github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -578,6 +620,7 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -597,6 +640,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
 github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI=
+github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -606,14 +650,17 @@ github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVn
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
+github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
 github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
+github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
 github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
+github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
@@ -627,6 +674,7 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
+github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
@@ -740,8 +788,11 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
+github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
+github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
+github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -761,6 +812,7 @@ go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
@@ -1166,6 +1218,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 helm.sh/helm/v3 v3.12.3 h1:5y1+Sbty12t48T/t/CGNYUIME5BJ0WKfmW/sobYqkFg=
 helm.sh/helm/v3 v3.12.3/go.mod h1:KPKQiX9IP5HX7o5YnnhViMnNuKiL/lJBVQ47GHe1R0k=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

From 3b64de6fbb7a487ba727a2ab4921df815e03dc3a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Sep 2023 09:40:34 +0200
Subject: [PATCH 1614/2268] fix: Add default value to GetK8sAnnotationBool and
 use true as default for kluctl.io/hook-wait

---
 pkg/deployment/commands/validate.go  |  2 +-
 pkg/deployment/deployment_item.go    |  4 ++--
 pkg/deployment/utils/apply_utils.go  |  4 ++--
 pkg/deployment/utils/delete_utils.go |  4 ++--
 pkg/deployment/utils/hooks_util.go   |  5 ++---
 pkg/diff/managed_fields.go           |  4 ++--
 pkg/diff/normalize.go                |  2 +-
 pkg/utils/uo/k8s_fields.go           | 10 +++++-----
 pkg/validation/validation.go         |  2 +-
 9 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 505e2a45e..eaa81c820 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -89,7 +89,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
 	for _, o := range renderedObjects {
-		if o.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
+		if o.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
 			if cmd.ru.GetRemoteObject(o.GetK8sRef()) != nil {
 				cmd.dew.AddError(o.GetK8sRef(), fmt.Errorf("object is marked for deletion but still exists on the target cluster"))
 			}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 064e7fc43..b2e9cb873 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -499,8 +499,8 @@ func (di *DeploymentItem) prepareKustomizationYaml() (*uo.UnstructuredObject, er
 		}
 	}
 
-	di.Barrier, _ = ky.GetK8sAnnotationBool("kluctl.io/barrier")
-	di.WaitReadiness, _ = ky.GetK8sAnnotationBool("kluctl.io/wait-readiness")
+	di.Barrier = ky.GetK8sAnnotationBoolNoError("kluctl.io/barrier", false)
+	di.WaitReadiness = ky.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
 
 	return ky, nil
 }
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index e04b3d707..4ee96af3e 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -538,7 +538,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		}
 	}
 	for _, x := range d.Objects {
-		if x.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
+		if x.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
 			toDelete[x.GetK8sRef()] = true
 		}
 	}
@@ -616,7 +616,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			break
 		}
 
-		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || o.GetK8sAnnotationBoolOrFalse("kluctl.io/wait-readiness")
+		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || o.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
 		if !a.o.NoWait && waitReadiness {
 			a.WaitReadiness(o.GetK8sRef(), 0)
 		}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 4b04d4544..546d20544 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -50,7 +50,7 @@ func objectRefForExclusion(k *k8s.K8sCluster, ref k8s2.ObjectRef) k8s2.ObjectRef
 }
 
 func isSkipDelete(o *uo.UnstructuredObject) bool {
-	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/skip-delete") {
+	if o.GetK8sAnnotationBoolNoError("kluctl.io/skip-delete", false) {
 		return true
 	}
 
@@ -134,7 +134,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 
 		// exclude resources which have the 'kluctl.io/skip-delete-if-tags' annotation set
 		if inclusionHasTags {
-			if o.GetK8sAnnotationBoolOrFalse("kluctl.io/skip-delete-if-tags") {
+			if o.GetK8sAnnotationBoolNoError("kluctl.io/skip-delete-if-tags", false) {
 				continue
 			}
 		}
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 6f984caa8..414d3b7f4 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -157,7 +157,7 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 		return ret
 	}
 
-	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/delete") {
+	if o.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
 		return nil
 	}
 
@@ -215,10 +215,9 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 		}
 	}
 
-	wait, err := o.GetK8sAnnotationBool("kluctl.io/hook-wait")
+	wait, err := o.GetK8sAnnotationBool("kluctl.io/hook-wait", true)
 	if err != nil {
 		u.a.HandleError(ref, err)
-		wait = true
 	}
 
 	timeoutStr := o.GetK8sAnnotation("kluctl.io/hook-timeout")
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 5d2c09cfc..8f9544996 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -173,8 +173,8 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 
 	ret := local.Clone()
 
-	forceApplyAll := local.GetK8sAnnotationBoolOrFalse("kluctl.io/force-apply")
-	ignoreConflictsAll := local.GetK8sAnnotationBoolOrFalse("kluctl.io/ignore-conflicts")
+	forceApplyAll := local.GetK8sAnnotationBoolNoError("kluctl.io/force-apply", false)
+	ignoreConflictsAll := local.GetK8sAnnotationBoolNoError("kluctl.io/ignore-conflicts", false)
 
 	forceApplyFields, err := collectFields(ret, forceApplyFieldAnnotationRegex)
 	if err != nil {
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index b815c0dcb..6a0307b21 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -151,7 +151,7 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		normalizeServiceAccount(o)
 	}
 
-	if localObject.GetK8sAnnotationBoolOrFalse("kluctl.io/ignore-diff") {
+	if localObject.GetK8sAnnotationBoolNoError("kluctl.io/ignore-diff", false) {
 		// Return empty object so that diffs will always be empty
 		return &uo.UnstructuredObject{Object: map[string]interface{}{}}, nil
 	}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index 50b5348ea..b5200a2e1 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -204,20 +204,20 @@ func (uo *UnstructuredObject) GetK8sAnnotationsWithRegex(r interface{}) map[stri
 	return ret
 }
 
-func (uo *UnstructuredObject) GetK8sAnnotationBool(name string) (bool, error) {
+func (uo *UnstructuredObject) GetK8sAnnotationBool(name string, defaultValue bool) (bool, error) {
 	s := uo.GetK8sAnnotation(name)
 	if s == nil {
-		return false, nil
+		return defaultValue, nil
 	}
 	b, err := strconv.ParseBool(*s)
 	if err != nil {
-		return false, fmt.Errorf("failed to parse annotation %s=%v as bool", name, *s)
+		return defaultValue, fmt.Errorf("failed to parse annotation %s=%v as bool", name, *s)
 	}
 	return b, nil
 }
 
-func (uo *UnstructuredObject) GetK8sAnnotationBoolOrFalse(name string) bool {
-	b, _ := uo.GetK8sAnnotationBool(name)
+func (uo *UnstructuredObject) GetK8sAnnotationBoolNoError(name string, defaultValue bool) bool {
+	b, _ := uo.GetK8sAnnotationBool(name, defaultValue)
 	return b
 }
 
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 26748f85a..8337896ae 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -50,7 +50,7 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 	// We assume all is good in case no validation is performed
 	ret.Ready = true
 
-	if o.GetK8sAnnotationBoolOrFalse("kluctl.io/validate-ignore") {
+	if o.GetK8sAnnotationBoolNoError("kluctl.io/validate-ignore", false) {
 		return
 	}
 

From ab9ef316f449e9ce998cb5ef960b861ec0c06134 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Sep 2023 10:46:57 +0200
Subject: [PATCH 1615/2268] refacotor: Introduce GetK8sAnnotationBoolPtr

---
 pkg/utils/uo/k8s_fields.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index b5200a2e1..b7a9ee3fa 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -204,16 +204,27 @@ func (uo *UnstructuredObject) GetK8sAnnotationsWithRegex(r interface{}) map[stri
 	return ret
 }
 
-func (uo *UnstructuredObject) GetK8sAnnotationBool(name string, defaultValue bool) (bool, error) {
+func (uo *UnstructuredObject) GetK8sAnnotationBoolPtr(name string) (*bool, error) {
 	s := uo.GetK8sAnnotation(name)
 	if s == nil {
-		return defaultValue, nil
+		return nil, nil
 	}
 	b, err := strconv.ParseBool(*s)
 	if err != nil {
-		return defaultValue, fmt.Errorf("failed to parse annotation %s=%v as bool", name, *s)
+		return nil, fmt.Errorf("failed to parse annotation %s=%v as bool", name, *s)
+	}
+	return &b, nil
+}
+
+func (uo *UnstructuredObject) GetK8sAnnotationBool(name string, defaultValue bool) (bool, error) {
+	b, err := uo.GetK8sAnnotationBoolPtr(name)
+	if err != nil {
+		return defaultValue, err
+	}
+	if b == nil {
+		return defaultValue, nil
 	}
-	return b, nil
+	return *b, nil
 }
 
 func (uo *UnstructuredObject) GetK8sAnnotationBoolNoError(name string, defaultValue bool) bool {

From dba4268d3104748781caccf1a671119e563a26ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Sep 2023 10:55:04 +0200
Subject: [PATCH 1616/2268] feat: Add kluctl.io/is-ready annotation

---
 docs/kluctl/deployments/annotations/all-resources.md |  7 +++++++
 docs/kluctl/deployments/readiness.md                 | 10 ++++++++++
 pkg/validation/validation.go                         | 10 ++++++++++
 3 files changed, 27 insertions(+)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index f63425b8f..c492749cc 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -47,6 +47,13 @@ If set to `true`, kluctl will wait for readiness of this object. Readiness is de
 the same as in [hook readiness](../../deployments/readiness.md). Waiting happens after all resources from the parent 
 deployment item have been applied.
 
+### kluctl.io/is-ready
+If set to `true`, kluctl will always consider this object as [ready](../../deployments/readiness.md). If set to `false`,
+kluctl will always consider this object as not ready. If omitted, kluctl will perform normal readiness checks.
+
+This annotation is useful if you need to introduce externalized readiness determination, e.g. inside a non-hook `Pod`
+that can annotate an object that something got ready.
+
 ## Control deletion/pruning
 
 The following annotations control how delete/prune is behaving.
diff --git a/docs/kluctl/deployments/readiness.md b/docs/kluctl/deployments/readiness.md
index ff3197659..dc2e9e64d 100644
--- a/docs/kluctl/deployments/readiness.md
+++ b/docs/kluctl/deployments/readiness.md
@@ -14,3 +14,13 @@ description:
 There are multiple places where kluctl can wait for "readiness" of resources, e.g. for hooks or when `waitReadiness` is
 specified on a deployment item. Readiness depends on the resource kind, e.g. for a Job, kluctl would wait until it
 finishes successfully.
+
+## Control via Annotations
+
+Multiple [annotations](./annotations/README.md) control the behaviour when waiting for readiness of resources. These are
+the following annoations:
+
+- [kluctl.io/wait-readiness in resources](./annotations/all-resources.md#kluctliowait-readiness)
+- [kluctl.io/wait-readiness in kustomization.yaml](./annotations/kustomization.md#kluctliowait-readiness)
+- [kluctl.io/is-ready](./annotations/all-resources.md#kluctliois-ready)
+- [kluctl.io/hook-wait](./annotations/hooks.md#kluctliohook-wait)
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 8337896ae..b23b79c98 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -115,6 +115,16 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 		}
 	}
 
+	isReadyAnnotation, _ := o.GetK8sAnnotationBoolPtr("kluctl.io/is-ready")
+	if isReadyAnnotation != nil {
+		if !*isReadyAnnotation {
+			addNotReady("kluctl.io/is-ready annotation is set to false")
+			return
+		}
+		// ready
+		return
+	}
+
 	status, _, _ := o.GetNestedObject("status")
 	if status == nil {
 		if forceStatusRequired {

From 23bb8e74b7075c8d9223d47137cfc125e0d1eabd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 27 Sep 2023 10:55:34 +0200
Subject: [PATCH 1617/2268] tests: Add tests for hook readiness and waiting

---
 e2e/hooks_test.go                   | 75 ++++++++++++++++++++++++++---
 e2e/utils.go                        | 20 ++++++--
 pkg/deployment/utils/apply_utils.go |  8 ++-
 3 files changed, 92 insertions(+), 11 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index e3e5114c2..2047f41c4 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -9,6 +9,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	"sync"
 	"testing"
+	"time"
 
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
@@ -102,6 +103,17 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 }
 
 func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string) *hooksTestContext {
+	s := prepareHookTestProjectBase(t)
+
+	s.p.AddKustomizeDeployment("hook", nil, nil)
+
+	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.TestSlug()})
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, false, hook, hookDeletionPolicy)
+
+	return s
+}
+
+func prepareHookTestProjectBase(t *testing.T) *hooksTestContext {
 	s := &hooksTestContext{
 		t: t,
 		k: defaultCluster2, // use cluster2 as it has webhooks setup
@@ -118,11 +130,6 @@ func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string
 		_ = target.SetNestedField(s.k.Context, "context")
 	})
 
-	s.p.AddKustomizeDeployment("hook", nil, nil)
-
-	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.TestSlug()})
-	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, false, hook, hookDeletionPolicy)
-
 	return s
 }
 
@@ -136,10 +143,20 @@ func (s *hooksTestContext) incRunCount() {
 }
 
 func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
+	_, err := s.ensureHookExecuted2(0, expectedCms...)
+	assert.NoError(s.t, err)
+}
+
+func (s *hooksTestContext) ensureHookExecuted2(timeout time.Duration, expectedCms ...string) (string, error) {
 	s.clearSeenConfigmaps()
 	s.incRunCount()
-	s.p.KluctlMust("deploy", "--yes", "-t", "test")
+	args := []string{"deploy", "--yes", "-t", "test"}
+	if timeout != 0 {
+		args = append(args, "--timeout", timeout.String())
+	}
+	_, stderr, err := s.p.Kluctl(args...)
 	assert.Equal(s.t, expectedCms, s.seenConfigMaps)
+	return stderr, err
 }
 
 func TestHooksPreDeployInitial(t *testing.T) {
@@ -221,3 +238,49 @@ func TestHooksPrePostDeploy2(t *testing.T) {
 	t.Parallel()
 	doTestHooksPrePostDeploy(t, "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
 }
+
+func TestHooksWait(t *testing.T) {
+	t.Parallel()
+
+	s := prepareHookTestProjectBase(t)
+
+	s.p.AddKustomizeDeployment("hook", nil, nil)
+
+	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.TestSlug()})
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, false, "post-deploy", "")
+	s.addHookConfigMap("hook", resourceOpts{name: "hook2", namespace: s.p.TestSlug(), annotations: map[string]string{
+		"kluctl.io/is-ready": "false",
+	}}, false, "post-deploy", "")
+	s.addHookConfigMap("hook", resourceOpts{name: "hook3", namespace: s.p.TestSlug()}, false, "post-deploy", "")
+
+	stderr, err := s.ensureHookExecuted2(3*time.Second, "cm1", "hook1", "hook2")
+	if err == nil {
+		t.Fatal("err == nil, but it should have timed out")
+	}
+	assert.Contains(t, stderr, "context deadline")
+
+	// we run a goroutine in the background that will wait for a few seconds and then annotate kluctl.io/is-ready=true,
+	// which will then cause the hook to get ready
+	go func() {
+		time.Sleep(5 * time.Second)
+		patchConfigMap(t, s.k, s.p.TestSlug(), "hook2", func(o *uo.UnstructuredObject) {
+			o.SetK8sAnnotation("kluctl.io/is-ready", "true")
+		})
+	}()
+
+	// hook2 appears twice because the patch from above causes the webhook to fire
+	stderr, err = s.ensureHookExecuted2(20*time.Second, "cm1", "hook1", "hook2", "hook2", "hook3")
+	assert.NoError(t, err)
+	assert.Contains(t, stderr, "Still waiting")
+
+	patchConfigMap(t, s.k, s.p.TestSlug(), "hook2", func(o *uo.UnstructuredObject) {
+		o.SetK8sAnnotation("kluctl.io/is-ready", "false")
+	})
+	s.p.UpdateYaml("hook/hook2.yml", func(o *uo.UnstructuredObject) error {
+		o.SetK8sAnnotation("kluctl.io/hook-wait", "false")
+		return nil
+	}, "")
+
+	_, err = s.ensureHookExecuted2(5*time.Second, "cm1", "hook1", "hook2", "hook3")
+	assert.NoError(t, err)
+}
diff --git a/e2e/utils.go b/e2e/utils.go
index 4b61a5ed0..800cc9227 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
 )
 
@@ -83,9 +84,20 @@ func assertNestedFieldEquals(t *testing.T, o *uo.UnstructuredObject, expected in
 }
 
 func updateObject(t *testing.T, k *test_utils.EnvTestCluster, o *uo.UnstructuredObject) {
-	_, err := k.DynamicClient.Resource(schema.GroupVersionResource{
-		Version:  "v1",
-		Resource: "configmaps",
-	}).Namespace(o.GetK8sNamespace()).Update(context.Background(), o.ToUnstructured(), metav1.UpdateOptions{})
+	_, err := k.DynamicClient.Resource(v1.SchemeGroupVersion.WithResource("configmaps")).
+		Namespace(o.GetK8sNamespace()).
+		Update(context.Background(), o.ToUnstructured(), metav1.UpdateOptions{})
 	assert.NoError(t, err)
 }
+
+func patchObject(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVersionResource, namespace string, name string, cb func(o *uo.UnstructuredObject)) {
+	o := assertObjectExists(t, k, gvr, namespace, name)
+	patch := client.MergeFrom(o.ToUnstructured().DeepCopy())
+	cb(o)
+	err := k.Client.Patch(context.Background(), o.ToUnstructured(), patch)
+	assert.NoError(t, err)
+}
+
+func patchConfigMap(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string, cb func(o *uo.UnstructuredObject)) {
+	patchObject(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name, cb)
+}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 4ee96af3e..48c05dcab 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -22,6 +22,7 @@ import (
 	"strings"
 	"sync"
 	"sync/atomic"
+	"testing"
 	"time"
 )
 
@@ -486,11 +487,16 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 
 		a.sctx.Update(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
 
+		reportStillWaitingTime := 10 * time.Second
+		if testing.Testing() {
+			reportStillWaitingTime = 3 * time.Second
+		}
+
 		if !didLog {
 			a.sctx.InfoFallbackf("Waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			didLog = true
 			lastLogTime = time.Now()
-		} else if didLog && time.Now().Sub(lastLogTime) >= 10*time.Second {
+		} else if didLog && time.Now().Sub(lastLogTime) >= reportStillWaitingTime {
 			a.sctx.InfoFallbackf("Still waiting for %s to get ready... (%ds elapsed)", ref.String(), elapsed)
 			lastLogTime = time.Now()
 		}

From 0cf9043250624a6019c46f401424b94e1d2631c3 Mon Sep 17 00:00:00 2001
From: Mathias Gebbe <mgebbe@hellmann.com>
Date: Wed, 27 Sep 2023 15:29:01 +0200
Subject: [PATCH 1618/2268] feat: add generated code for azureKeyVault support

---
 pkg/types/zz_generated.deepcopy.go | 20 ++++++++++++++++++++
 pkg/webui/ui/src/models.ts         | 12 ++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 7f7dec802..b88a5ec11 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -713,6 +713,21 @@ func (in *Target) DeepCopy() *Target {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarSourceAzureKeyVault) DeepCopyInto(out *VarSourceAzureKeyVault) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarSourceAzureKeyVault.
+func (in *VarSourceAzureKeyVault) DeepCopy() *VarSourceAzureKeyVault {
+	if in == nil {
+		return nil
+	}
+	out := new(VarSourceAzureKeyVault)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 	*out = *in
@@ -779,6 +794,11 @@ func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 		*out = new(VarsSourceVault)
 		**out = **in
 	}
+	if in.AzureKeyVault != nil {
+		in, out := &in.AzureKeyVault, &out.AzureKeyVault
+		*out = new(VarSourceAzureKeyVault)
+		**out = **in
+	}
 	if in.RenderedVars != nil {
 		in, out := &in.RenderedVars, &out.RenderedVars
 		*out = (*in).DeepCopy()
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index e53e5ef41..b22afb3b6 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -226,6 +226,16 @@ export class SealedSecretsConfig {
         this.outputPattern = source["outputPattern"];
     }
 }
+export class VarSourceAzureKeyVault {
+    vaultUri: string;
+    secretName: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.vaultUri = source["vaultUri"];
+        this.secretName = source["secretName"];
+    }
+}
 export class VarsSourceVault {
     address: string;
     path: string;
@@ -314,6 +324,7 @@ export class VarsSource {
     awsSecretsManager?: VarsSourceAwsSecretsManager;
     gcpSecretManager?: VarsSourceGcpSecretManager;
     vault?: VarsSourceVault;
+    azureKeyVault?: VarSourceAzureKeyVault;
     when?: string;
     renderedSensitive?: boolean;
     renderedVars?: any;
@@ -333,6 +344,7 @@ export class VarsSource {
         this.awsSecretsManager = this.convertValues(source["awsSecretsManager"], VarsSourceAwsSecretsManager);
         this.gcpSecretManager = this.convertValues(source["gcpSecretManager"], VarsSourceGcpSecretManager);
         this.vault = this.convertValues(source["vault"], VarsSourceVault);
+        this.azureKeyVault = this.convertValues(source["azureKeyVault"], VarSourceAzureKeyVault);
         this.when = source["when"];
         this.renderedSensitive = source["renderedSensitive"];
         this.renderedVars = source["renderedVars"];

From 23192f4647f8b5a579ac48fe5e77b8d63959c98d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Sep 2023 11:52:53 +0200
Subject: [PATCH 1619/2268] ci: Group aws-sdk dependabot updates (#819)

---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4143be270..8a36170c2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,7 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    groups:
+      aws-sdk:
+        patterns:
+          - "*aws-sdk*"

From 977c585795904c34b45dd56dafdbd38194e78d4c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 11:53:59 +0200
Subject: [PATCH 1620/2268] chore(deps): Bump helm.sh/helm/v3 from 3.12.3 to
 3.13.0 (#816)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.12.3 to 3.13.0.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.12.3...v3.13.0)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 15 ++++++++-------
 go.sum | 36 ++++++++++++++++++------------------
 2 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/go.mod b/go.mod
index 4d5232a52..e64e96eac 100644
--- a/go.mod
+++ b/go.mod
@@ -40,9 +40,9 @@ require (
 	golang.org/x/sys v0.12.0
 	golang.org/x/term v0.12.0 // indirect
 	golang.org/x/text v0.13.0
-	helm.sh/helm/v3 v3.12.3
+	helm.sh/helm/v3 v3.13.0
 	k8s.io/api v0.28.2
-	k8s.io/apiextensions-apiserver v0.28.1
+	k8s.io/apiextensions-apiserver v0.28.2
 	k8s.io/apimachinery v0.28.2
 	k8s.io/client-go v0.28.2
 	k8s.io/klog/v2 v2.100.1
@@ -106,6 +106,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -126,7 +127,7 @@ require (
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/containerd/containerd v1.7.4 // indirect
+	github.com/containerd/containerd v1.7.6 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -269,11 +270,11 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.28.1 // indirect
-	k8s.io/cli-runtime v0.28.1 // indirect
-	k8s.io/component-base v0.28.1 // indirect
+	k8s.io/apiserver v0.28.2 // indirect
+	k8s.io/cli-runtime v0.28.2 // indirect
+	k8s.io/component-base v0.28.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
-	k8s.io/kubectl v0.28.1 // indirect
+	k8s.io/kubectl v0.28.2 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	oras.land/oras-go v1.2.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index 8c4dcfe2d..c396feb5c 100644
--- a/go.sum
+++ b/go.sum
@@ -90,8 +90,8 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
-github.com/Microsoft/hcsshim v0.10.0-rc.8/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
+github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM=
+github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
@@ -190,10 +190,10 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/containerd v1.7.4 h1:Q5lwCrO44ahHhO65rXthXkfJUG5W78LXwK9gTt8XFfU=
-github.com/containerd/containerd v1.7.4/go.mod h1:gq7JDNtCrI1Zlcc572a9tvP1f1Ja8VBxiB9J00apAtU=
-github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381 h1:a5jOuoZHKBi2oH9JsfNqrrPpHhmrYU0NAte3M/EPudw=
-github.com/containerd/continuity v0.4.2-0.20230616210509-1e0d26eb2381/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
+github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4=
+github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
+github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
@@ -1219,8 +1219,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.12.3 h1:5y1+Sbty12t48T/t/CGNYUIME5BJ0WKfmW/sobYqkFg=
-helm.sh/helm/v3 v3.12.3/go.mod h1:KPKQiX9IP5HX7o5YnnhViMnNuKiL/lJBVQ47GHe1R0k=
+helm.sh/helm/v3 v3.13.0 h1:XPJKIU30K4JTQ6VX/6e0hFAmEIonYa8E7wx5aqv4xOc=
+helm.sh/helm/v3 v3.13.0/go.mod h1:2PBEKsMWKLVZTojUOqMS3Eadv5mP43FBWrRgLNkNm9Y=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1230,24 +1230,24 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.28.2 h1:9mpl5mOb6vXZvqbQmankOfPIGiudghwCoLl1EYfUZbw=
 k8s.io/api v0.28.2/go.mod h1:RVnJBsjU8tcMq7C3iaRSGMeaKt2TWEUXcpIt/90fjEg=
-k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw=
-k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs=
+k8s.io/apiextensions-apiserver v0.28.2 h1:J6/QRWIKV2/HwBhHRVITMLYoypCoPY1ftigDM0Kn+QU=
+k8s.io/apiextensions-apiserver v0.28.2/go.mod h1:5tnkxLGa9nefefYzWuAlWZ7RZYuN/765Au8cWLA6SRg=
 k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ=
 k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU=
-k8s.io/apiserver v0.28.1 h1:dw2/NKauDZCnOUAzIo2hFhtBRUo6gQK832NV8kuDbGM=
-k8s.io/apiserver v0.28.1/go.mod h1:d8aizlSRB6yRgJ6PKfDkdwCy2DXt/d1FDR6iJN9kY1w=
-k8s.io/cli-runtime v0.28.1 h1:7Njc4eD5kaO4tYdSYVJJEs54koYD/vT6gxOq8dEVf9g=
-k8s.io/cli-runtime v0.28.1/go.mod h1:yIThSWkAVLqeRs74CMkq6lNFW42GyJmvMtcNn01SZho=
+k8s.io/apiserver v0.28.2 h1:rBeYkLvF94Nku9XfXyUIirsVzCzJBs6jMn3NWeHieyI=
+k8s.io/apiserver v0.28.2/go.mod h1:f7D5e8wH8MWcKD7azq6Csw9UN+CjdtXIVQUyUhrtb+E=
+k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk=
+k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA=
 k8s.io/client-go v0.28.2 h1:DNoYI1vGq0slMBN/SWKMZMw0Rq+0EQW6/AK4v9+3VeY=
 k8s.io/client-go v0.28.2/go.mod h1:sMkApowspLuc7omj1FOSUxSoqjr+d5Q0Yc0LOFnYFJY=
-k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg=
-k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU=
+k8s.io/component-base v0.28.2 h1:Yc1yU+6AQSlpJZyvehm/NkJBII72rzlEsd6MkBQ+G0E=
+k8s.io/component-base v0.28.2/go.mod h1:4IuQPQviQCg3du4si8GpMrhAIegxpsgPngPRR/zWpzc=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
 k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
-k8s.io/kubectl v0.28.1 h1:jAq4yKEqQL+fwkWcEsUWxhJ7uIRcOYQraJxx4SyAMTY=
-k8s.io/kubectl v0.28.1/go.mod h1:a0nk/lMMeKBulp0lMTJAKbkjZg1ykqfLfz/d6dnv1ak=
+k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=
+k8s.io/kubectl v0.28.2/go.mod h1:6EQWTPySF1fn7yKoQZHYf9TPwIl2AygHEcJoxFekr64=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=

From 92e1f170a01ee1d2adbe4fc87ab544d86a499c4a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 11:54:15 +0200
Subject: [PATCH 1621/2268] chore(deps): Bump github.com/onsi/gomega from
 1.27.10 to 1.28.0 (#818)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.10 to 1.28.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.10...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e64e96eac..96c572c7e 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.27.10
+	github.com/onsi/gomega v1.28.0
 	github.com/otiai10/copy v1.12.0
 	github.com/prometheus/client_golang v1.16.0
 	github.com/sergi/go-diff v1.3.1
diff --git a/go.sum b/go.sum
index c396feb5c..3a4dd932f 100644
--- a/go.sum
+++ b/go.sum
@@ -641,8 +641,8 @@ github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
 github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI=
 github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
+github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=

From d0135390811b807840fe8127a173aa89f6c170aa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Sep 2023 12:09:04 +0200
Subject: [PATCH 1622/2268] chore(deps): Bump
 github.com/prometheus/client_golang (#815)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.17.0/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 96c572c7e..b0136aad1 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.28.0
 	github.com/otiai10/copy v1.12.0
-	github.com/prometheus/client_golang v1.16.0
+	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.12.0
@@ -224,7 +224,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.11.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
diff --git a/go.sum b/go.sum
index 3a4dd932f..2968bb2bc 100644
--- a/go.sum
+++ b/go.sum
@@ -678,13 +678,13 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
+github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=

From df9405bfb421d4167097fe00dda6613f6918ce19 Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Fri, 29 Sep 2023 19:36:10 +0400
Subject: [PATCH 1623/2268] Fix: git cli failing on latest devel (#817)

* Fix git cli glibc not found

* Bump .goreleaser.yaml

* Updated documentation on how to get latest wolfi-base images sha256

* Fix typo
---
 .goreleaser.yaml | 8 ++++----
 Dockerfile       | 5 +++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 55e5e3fa4..d4cf14341 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -88,8 +88,8 @@ dockers:
     goarch: amd64
     build_flag_templates:
       - "--pull"
-      # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
-      - "--build-arg=WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e329ef964"
+      # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/amd64 layer
+      - "--build-arg=WOLFI_DIGEST=sha256:3c41b0c5a5b09fb4e5fccdc9469c992cf489161989fcc3e17c7c394bbea4b215"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -103,8 +103,8 @@ dockers:
     goarch: arm64
     build_flag_templates:
       - "--pull"
-      # use https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/wolfi-base to find the latest one
-      - "--build-arg=WOLFI_DIGEST=sha256:05a4280b4c5b5cafc7eb2a012983bc79e3ddca938f01ddc3deb797ca3fddd399"
+      # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/arm64 layer
+      - "--build-arg=WOLFI_DIGEST=sha256:f27d65564f05397c920f63fb81b485f829de3ee23fd32a4a0af1002ec7ead0d2"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
diff --git a/Dockerfile b/Dockerfile
index 33b61cc71..dea151e51 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,11 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
-ARG WOLFI_DIGEST=sha256:e8411b9629bd13123a978a2d1a27c3ee64c7751d3032ce80ad6e673e329ef964
+# use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
+ARG WOLFI_DIGEST=sha256:ccc5551b5dd1fdcff5fc76ac1605b4c217f77f43410e0bd8a56599d6504dbbdd
 FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # We need git for kustomize to support overlays from git
-RUN apk add git tzdata
+RUN apk update && apk add git tzdata
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache

From 6a0e00d77eb40af99ed7024cd6ef7f68cff2a537 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 29 Sep 2023 22:57:04 +0200
Subject: [PATCH 1624/2268] feat: Allow Helm lookups (#820)

* feat: Allow Helm lookups

* tests: Test Helm lookups
---
 e2e/helm_test.go                              | 54 +++++++++++++++++++
 .../test-helm-chart/templates/configmap.yaml  |  8 +++
 pkg/helm/helm_release.go                      |  3 ++
 3 files changed, 65 insertions(+)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index a6de63655..e2b3dba3c 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
@@ -8,6 +9,8 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -630,3 +633,54 @@ func listChartVersions(t *testing.T, p *test_project.TestProject, url2 string, c
 	sort.Strings(versions)
 	return versions
 }
+
+func TestHelmLookup(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	lookupCm := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "lookup-cm",
+			Namespace: p.TestSlug(),
+		},
+		Data: map[string]string{
+			"a": "lookupValue",
+		},
+	}
+	err := k.Client.Create(context.Background(), &lookupCm)
+	assert.NoError(t, err)
+
+	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+	}, "", "")
+
+	values1 := map[string]any{
+		"lookup":          true,
+		"lookupNamespace": lookupCm.Namespace,
+		"lookupName":      lookupCm.Name,
+	}
+
+	p.UpdateTarget("test", nil)
+	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+
+	p.KluctlMust("helm-pull")
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
+	assertNestedFieldEquals(t, cm1, "lookupValue", "data", "lookup")
+
+	s, _ := p.KluctlMust("render", "-t", "test", "--print-all")
+	y, err := uo.FromString(s)
+	assert.NoError(t, err)
+	assertNestedFieldEquals(t, y, "lookupValue", "data", "lookup")
+
+	s, _ = p.KluctlMust("render", "-t", "test", "--print-all", "--offline-kubernetes")
+	y, err = uo.FromString(s)
+	assert.NoError(t, err)
+	assertNestedFieldEquals(t, y, "lookupReturnedNil", "data", "lookup")
+}
diff --git a/e2e/test-utils/test-helm-chart/templates/configmap.yaml b/e2e/test-utils/test-helm-chart/templates/configmap.yaml
index 25adf10ac..f79c8c650 100644
--- a/e2e/test-utils/test-helm-chart/templates/configmap.yaml
+++ b/e2e/test-utils/test-helm-chart/templates/configmap.yaml
@@ -9,3 +9,11 @@ data:
   b: {{ .Values.data.b }}
   version: {{ .Chart.Version }}
   kubeVersion: {{ .Capabilities.KubeVersion }}
+  {{ if .Values.lookup }}
+  {{ $lookupObj := lookup "v1" "ConfigMap" .Values.lookupNamespace .Values.lookupName }}
+  {{ if $lookupObj }}
+  lookup: {{ $lookupObj.data.a -}}
+  {{ else }}
+  lookup: lookupReturnedNil
+  {{ end }}
+  {{ end }}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 2cc6d3d08..81af59b85 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -200,6 +200,9 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 
 	client := action.NewInstall(cfg)
 	client.DryRun = true
+	if k != nil {
+		client.DryRunOption = "server"
+	}
 	client.Namespace = namespace
 	client.ReleaseName = hr.Config.ReleaseName
 	client.Replace = true

From f99e77d8dfdfa61d297e117e9a190ca098e671cf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 21:25:47 +0200
Subject: [PATCH 1625/2268] fix: Use modified config so that warning handler is
 actually respected

---
 pkg/k8s/client.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index e2a5936cf..a137e911b 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -51,9 +51,9 @@ func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
 		p.config.Burst = 20
 		p.config.WarningHandler = p
 
-		p.httpClient, err = rest.HTTPClientFor(k.config)
+		p.httpClient, err = rest.HTTPClientFor(p.config)
 
-		p.client, err = client.New(k.config, client.Options{
+		p.client, err = client.New(p.config, client.Options{
 			HTTPClient: p.httpClient,
 			Mapper:     k.mapper,
 		})

From 0860e96c126b3877548f75bed54b9abe5ff120ed Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 21:28:54 +0200
Subject: [PATCH 1626/2268] refactor: Move parallelClientEntry creation into
 own function

---
 pkg/k8s/client.go | 40 +++++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index a137e911b..6d2d2c076 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -9,6 +9,7 @@ import (
 )
 
 type k8sClients struct {
+	k          *K8sCluster
 	clientPool chan *parallelClientEntry
 	count      int
 }
@@ -36,27 +37,14 @@ func (p *parallelClientEntry) HandleWarningHeader(code int, agent string, text s
 }
 
 func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
-	var err error
-
 	kc := &k8sClients{
+		k:          k,
 		clientPool: make(chan *parallelClientEntry, count),
 		count:      count,
 	}
 
 	for i := 0; i < count; i++ {
-		p := &parallelClientEntry{}
-
-		p.config = rest.CopyConfig(k.config)
-		p.config.QPS = 10
-		p.config.Burst = 20
-		p.config.WarningHandler = p
-
-		p.httpClient, err = rest.HTTPClientFor(p.config)
-
-		p.client, err = client.New(p.config, client.Options{
-			HTTPClient: p.httpClient,
-			Mapper:     k.mapper,
-		})
+		p, err := kc.newClientEtry()
 		if err != nil {
 			return nil, err
 		}
@@ -66,6 +54,28 @@ func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
 	return kc, nil
 }
 
+func (kc *k8sClients) newClientEtry() (*parallelClientEntry, error) {
+	p := &parallelClientEntry{}
+
+	p.config = rest.CopyConfig(kc.k.config)
+	p.config.QPS = 10
+	p.config.Burst = 20
+	p.config.WarningHandler = p
+
+	var err error
+	p.httpClient, err = rest.HTTPClientFor(p.config)
+
+	p.client, err = client.New(p.config, client.Options{
+		HTTPClient: p.httpClient,
+		Mapper:     kc.k.mapper,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return p, nil
+}
+
 func (k *k8sClients) close() {
 	if k.clientPool != nil {
 		for i := 0; i < k.count; i++ {

From 10b4828eed4e3ec5af097625dd030570b1f6e0d7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 10:13:56 +0200
Subject: [PATCH 1627/2268] fix: Don't allow controller-runtime to interfere
 with warnings

---
 pkg/k8s/client.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 6d2d2c076..f7780bb07 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -68,6 +68,10 @@ func (kc *k8sClients) newClientEtry() (*parallelClientEntry, error) {
 	p.client, err = client.New(p.config, client.Options{
 		HTTPClient: p.httpClient,
 		Mapper:     kc.k.mapper,
+		WarningHandler: client.WarningHandlerOptions{
+			// we're handling warnings on our own, so don't let controller-runtime interfere
+			SuppressWarnings: true,
+		},
 	})
 	if err != nil {
 		return nil, err

From f8a1504a9455e2df74bad663c7eb962424d0e93d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 20:50:31 +0200
Subject: [PATCH 1628/2268] refactor: Move aws and gcp helpers into clouds
 package

---
 pkg/{vars => clouds}/aws/arn.go                | 0
 pkg/{vars => clouds}/aws/clientfactory.go      | 0
 pkg/{vars => clouds}/aws/fake_clientfactory.go | 0
 pkg/{vars => clouds}/aws/secrets_manager.go    | 0
 pkg/{vars => clouds}/gcp/clientfactory.go      | 0
 pkg/{vars => clouds}/gcp/fake_clientfactory.go | 0
 pkg/{vars => clouds}/gcp/secrets_manager.go    | 0
 pkg/kluctl_project/target_context.go           | 4 ++--
 pkg/vars/vars_loader.go                        | 5 ++---
 pkg/vars/vars_loader_test.go                   | 4 ++--
 10 files changed, 6 insertions(+), 7 deletions(-)
 rename pkg/{vars => clouds}/aws/arn.go (100%)
 rename pkg/{vars => clouds}/aws/clientfactory.go (100%)
 rename pkg/{vars => clouds}/aws/fake_clientfactory.go (100%)
 rename pkg/{vars => clouds}/aws/secrets_manager.go (100%)
 rename pkg/{vars => clouds}/gcp/clientfactory.go (100%)
 rename pkg/{vars => clouds}/gcp/fake_clientfactory.go (100%)
 rename pkg/{vars => clouds}/gcp/secrets_manager.go (100%)

diff --git a/pkg/vars/aws/arn.go b/pkg/clouds/aws/arn.go
similarity index 100%
rename from pkg/vars/aws/arn.go
rename to pkg/clouds/aws/arn.go
diff --git a/pkg/vars/aws/clientfactory.go b/pkg/clouds/aws/clientfactory.go
similarity index 100%
rename from pkg/vars/aws/clientfactory.go
rename to pkg/clouds/aws/clientfactory.go
diff --git a/pkg/vars/aws/fake_clientfactory.go b/pkg/clouds/aws/fake_clientfactory.go
similarity index 100%
rename from pkg/vars/aws/fake_clientfactory.go
rename to pkg/clouds/aws/fake_clientfactory.go
diff --git a/pkg/vars/aws/secrets_manager.go b/pkg/clouds/aws/secrets_manager.go
similarity index 100%
rename from pkg/vars/aws/secrets_manager.go
rename to pkg/clouds/aws/secrets_manager.go
diff --git a/pkg/vars/gcp/clientfactory.go b/pkg/clouds/gcp/clientfactory.go
similarity index 100%
rename from pkg/vars/gcp/clientfactory.go
rename to pkg/clouds/gcp/clientfactory.go
diff --git a/pkg/vars/gcp/fake_clientfactory.go b/pkg/clouds/gcp/fake_clientfactory.go
similarity index 100%
rename from pkg/vars/gcp/fake_clientfactory.go
rename to pkg/clouds/gcp/fake_clientfactory.go
diff --git a/pkg/vars/gcp/secrets_manager.go b/pkg/clouds/gcp/secrets_manager.go
similarity index 100%
rename from pkg/vars/gcp/secrets_manager.go
rename to pkg/clouds/gcp/secrets_manager.go
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 8c8f0132a..58a83f884 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -3,6 +3,8 @@ package kluctl_project
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -11,8 +13,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
-	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
-	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index a7bb01b7d..7dc62bd23 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,6 +8,8 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -17,9 +19,6 @@ import (
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
-	"github.com/kluctl/kluctl/v2/pkg/vars/azure"
-	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 030e5f429..71f60cfcc 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"github.com/huandu/xstrings"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/stretchr/testify/suite"
 	"io"
@@ -27,8 +29,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/vars/aws"
-	"github.com/kluctl/kluctl/v2/pkg/vars/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"

From 1e379d52aeef16ead432aaff7f97d6c139b1f130 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 21:00:21 +0200
Subject: [PATCH 1629/2268] refactor: Move webidentity creation code into aws
 package

---
 pkg/clouds/aws/webidentity.go                 | 79 +++++++++++++++++++
 .../sops/key_server_from_service_account.go   | 79 ++-----------------
 pkg/controllers/kluctl_project.go             |  8 +-
 pkg/k8s/client.go                             |  4 +-
 pkg/k8s/k8s_cluster.go                        |  8 ++
 5 files changed, 96 insertions(+), 82 deletions(-)
 create mode 100644 pkg/clouds/aws/webidentity.go

diff --git a/pkg/clouds/aws/webidentity.go b/pkg/clouds/aws/webidentity.go
new file mode 100644
index 000000000..256257f43
--- /dev/null
+++ b/pkg/clouds/aws/webidentity.go
@@ -0,0 +1,79 @@
+package aws
+
+import (
+	"context"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/arn"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/smithy-go/logging"
+	authenticationv1 "k8s.io/api/authentication/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type webIdentityToken string
+
+func (t webIdentityToken) GetIdentityToken() ([]byte, error) {
+	return []byte(t), nil
+}
+
+func BuildCredentialsFromServiceAccount(ctx context.Context, c client.Client, name string, namespace string, sessionName string) (*stscreds.WebIdentityRoleProvider, error) {
+	var sa corev1.ServiceAccount
+	err := c.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, &sa)
+	if err != nil {
+		return nil, err
+	}
+
+	roleArnStr := ""
+	if sa.GetAnnotations() != nil {
+		roleArnStr, _ = sa.GetAnnotations()["eks.amazonaws.com/role-arn"]
+	}
+	if roleArnStr == "" {
+		return nil, nil
+	}
+	roleArn, err := arn.Parse(roleArnStr)
+	if err != nil {
+		return nil, err
+	}
+
+	exp := int64(60 * 10)
+
+	tokenRequest := authenticationv1.TokenRequest{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      sa.Name,
+			Namespace: sa.Namespace,
+		},
+		Spec: authenticationv1.TokenRequestSpec{
+			Audiences:         []string{"sts.amazonaws.com"},
+			ExpirationSeconds: &exp,
+		},
+	}
+
+	err = c.SubResource("token").Create(ctx, &sa, &tokenRequest)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create token for AWS STS: %w", err)
+	}
+
+	cfg := aws.Config{
+		Credentials: aws.AnonymousCredentials{},
+		Logger:      logging.NewStandardLogger(os.Stderr),
+		Region:      roleArn.Region,
+	}
+	if cfg.Region == "" {
+		cfg.Region = "aws-global"
+	}
+
+	optFns := []func(*stscreds.WebIdentityRoleOptions){
+		func(options *stscreds.WebIdentityRoleOptions) {
+			options.RoleSessionName = sessionName
+		},
+	}
+
+	provider := stscreds.NewWebIdentityRoleProvider(sts.NewFromConfig(cfg), roleArnStr, webIdentityToken(tokenRequest.Status.Token), optFns...)
+
+	return provider, nil
+}
diff --git a/pkg/controllers/internal/sops/key_server_from_service_account.go b/pkg/controllers/internal/sops/key_server_from_service_account.go
index 867aae090..b9d7a9933 100644
--- a/pkg/controllers/internal/sops/key_server_from_service_account.go
+++ b/pkg/controllers/internal/sops/key_server_from_service_account.go
@@ -2,90 +2,23 @@ package sops
 
 import (
 	"context"
-	"fmt"
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/aws/arn"
-	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
-	"github.com/aws/aws-sdk-go-v2/service/sts"
-	"github.com/aws/smithy-go/logging"
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/kms"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
-	authenticationv1 "k8s.io/api/authentication/v1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"os"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) (keyservice.KeyServiceClient, error) {
+func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, name string, namespace string) (keyservice.KeyServiceClient, error) {
 	var serverOpts []intkeyservice.ServerOption
 
-	x, err := withAWSWebIdentity(ctx, client, sa)
-	if err != nil {
+	provider, err := aws.BuildCredentialsFromServiceAccount(ctx, client, name, namespace, "kluctl-sops-decrypter")
+	if err != nil || provider == nil {
 		return nil, err
 	}
-	serverOpts = append(serverOpts, x...)
+
+	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(provider)})
 
 	server := intkeyservice.NewServer(serverOpts...)
 	return keyservice.NewCustomLocalClient(server), nil
 }
-
-type webIdentityToken string
-
-func (t webIdentityToken) GetIdentityToken() ([]byte, error) {
-	return []byte(t), nil
-}
-
-func withAWSWebIdentity(ctx context.Context, client client.Client, sa *corev1.ServiceAccount) ([]intkeyservice.ServerOption, error) {
-	roleArnStr := ""
-	if sa.GetAnnotations() != nil {
-		roleArnStr, _ = sa.GetAnnotations()["eks.amazonaws.com/role-arn"]
-	}
-	if roleArnStr == "" {
-		return nil, nil
-	}
-	roleArn, err := arn.Parse(roleArnStr)
-	if err != nil {
-		return nil, err
-	}
-
-	exp := int64(60 * 10)
-
-	tokenRequest := authenticationv1.TokenRequest{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      sa.Name,
-			Namespace: sa.Namespace,
-		},
-		Spec: authenticationv1.TokenRequestSpec{
-			Audiences:         []string{"sts.amazonaws.com"},
-			ExpirationSeconds: &exp,
-		},
-	}
-
-	err = client.SubResource("token").Create(ctx, sa, &tokenRequest)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create token for AWS STS: %w", err)
-	}
-
-	cfg := aws.Config{
-		Credentials: aws.AnonymousCredentials{},
-		Logger:      logging.NewStandardLogger(os.Stderr),
-		Region:      roleArn.Region,
-	}
-	if cfg.Region == "" {
-		cfg.Region = "aws-global"
-	}
-
-	optFns := []func(*stscreds.WebIdentityRoleOptions){
-		func(options *stscreds.WebIdentityRoleOptions) {
-			options.RoleSessionName = "kluctl-sops-decrypter"
-		},
-	}
-
-	provider := stscreds.NewWebIdentityRoleProvider(sts.NewFromConfig(cfg), roleArnStr, webIdentityToken(tokenRequest.Status.Token), optFns...)
-
-	var serverOpts []intkeyservice.ServerOption
-	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(provider)})
-	return serverOpts, nil
-}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index be994b79f..5c6b39a5d 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -18,7 +18,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"os"
 	"path/filepath"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
 	"time"
 
@@ -547,13 +546,8 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 	if name == "" {
 		return nil
 	}
-	var sa corev1.ServiceAccount
-	err := pp.r.Client.Get(ctx, client.ObjectKey{Name: name, Namespace: pp.obj.Namespace}, &sa)
-	if err != nil {
-		return fmt.Errorf("failed to retrieve service account %s: %w", name, err)
-	}
 
-	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, &sa)
+	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, name, pp.obj.Namespace)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index f7780bb07..3d69983f4 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -44,7 +44,7 @@ func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
 	}
 
 	for i := 0; i < count; i++ {
-		p, err := kc.newClientEtry()
+		p, err := kc.newClientEntry()
 		if err != nil {
 			return nil, err
 		}
@@ -54,7 +54,7 @@ func newK8sClients(k *K8sCluster, count int) (*k8sClients, error) {
 	return kc, nil
 }
 
-func (kc *k8sClients) newClientEtry() (*parallelClientEntry, error) {
+func (kc *k8sClients) newClientEntry() (*parallelClientEntry, error) {
 	p := &parallelClientEntry{}
 
 	p.config = rest.CopyConfig(kc.k.config)
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 837aee5f0..1c6edca2c 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -530,3 +530,11 @@ func (k *K8sCluster) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, er
 func (k *K8sCluster) ToRESTMapper() (meta.RESTMapper, error) {
 	return k.mapper, nil
 }
+
+func (k *K8sCluster) ToClient() (client.Client, error) {
+	p, err := k.clients.newClientEntry()
+	if err != nil {
+		return nil, err
+	}
+	return p.client, nil
+}

From 47c799f4c201bc42691984b081dc7b74c3281912 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 22:23:48 +0200
Subject: [PATCH 1630/2268] feat: Allow to specify IRSA service account via
 .kluctl.yaml

---
 pkg/clouds/aws/clientfactory.go      | 27 ++++++++++++++++++++++-----
 pkg/clouds/aws/fake_clientfactory.go |  2 +-
 pkg/clouds/aws/secrets_manager.go    |  2 +-
 pkg/kluctl_project/target_context.go |  6 +++++-
 pkg/kluctl_project/targets.go        | 10 ++++++++++
 pkg/types/kluctl_project.go          | 12 ++++++++++++
 6 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/pkg/clouds/aws/clientfactory.go b/pkg/clouds/aws/clientfactory.go
index b0542058c..4632f4e7a 100644
--- a/pkg/clouds/aws/clientfactory.go
+++ b/pkg/clouds/aws/clientfactory.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type GetSecretValueInterface interface {
@@ -11,13 +13,19 @@ type GetSecretValueInterface interface {
 }
 
 type AwsClientFactory interface {
-	SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error)
+	SecretsManagerClient(ctx context.Context, profile *string, region *string) (GetSecretValueInterface, error)
 }
 
 type awsClientFactory struct {
+	client    client.Client
+	awsConfig *types.AwsConfig
 }
 
-func (a *awsClientFactory) SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error) {
+func (a *awsClientFactory) SecretsManagerClient(ctx context.Context, profile *string, region *string) (GetSecretValueInterface, error) {
+	if profile == nil {
+		profile = a.awsConfig.Profile
+	}
+
 	var configOpts []func(*config.LoadOptions) error
 	if profile != nil {
 		configOpts = append(configOpts, config.WithSharedConfigProfile(*profile))
@@ -27,14 +35,23 @@ func (a *awsClientFactory) SecretsManagerClient(profile *string, region *string)
 		configOpts = append(configOpts, config.WithRegion(*region))
 	}
 
+	if a.awsConfig.ServiceAccount != nil {
+		webIdentityCreds, err := BuildCredentialsFromServiceAccount(ctx, a.client, a.awsConfig.ServiceAccount.Name, a.awsConfig.ServiceAccount.Namespace, "kluctl-vars-loader")
+		if err == nil && webIdentityCreds != nil {
+			configOpts = append(configOpts, config.WithCredentialsProvider(webIdentityCreds))
+		}
+	}
+
 	cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
 	if err != nil {
 		return nil, err
 	}
-
 	return secretsmanager.NewFromConfig(cfg), nil
 }
 
-func NewClientFactory() AwsClientFactory {
-	return &awsClientFactory{}
+func NewClientFactory(c client.Client, awsConfig *types.AwsConfig) AwsClientFactory {
+	return &awsClientFactory{
+		client:    c,
+		awsConfig: awsConfig,
+	}
 }
diff --git a/pkg/clouds/aws/fake_clientfactory.go b/pkg/clouds/aws/fake_clientfactory.go
index 45859a5e1..80cc35de6 100644
--- a/pkg/clouds/aws/fake_clientfactory.go
+++ b/pkg/clouds/aws/fake_clientfactory.go
@@ -37,7 +37,7 @@ func (f *FakeAwsClientFactory) GetSecretValue(ctx context.Context, params *secre
 	}
 }
 
-func (f *FakeAwsClientFactory) SecretsManagerClient(profile *string, region *string) (GetSecretValueInterface, error) {
+func (f *FakeAwsClientFactory) SecretsManagerClient(ctx context.Context, profile *string, region *string) (GetSecretValueInterface, error) {
 	return f, nil
 }
 
diff --git a/pkg/clouds/aws/secrets_manager.go b/pkg/clouds/aws/secrets_manager.go
index b258e2c5d..b0c5c33c9 100644
--- a/pkg/clouds/aws/secrets_manager.go
+++ b/pkg/clouds/aws/secrets_manager.go
@@ -16,7 +16,7 @@ func GetAwsSecretsManagerSecret(ctx context.Context, aws AwsClientFactory, profi
 		region = &arn.Region
 	}
 
-	smClient, err := aws.SecretsManagerClient(profile, region)
+	smClient, err := aws.SecretsManagerClient(ctx, profile, region)
 	if err != nil {
 		return "", fmt.Errorf("getting secret %s from AWS secrets manager failed: %w", secretName, err)
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 58a83f884..585ce96a0 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -90,7 +90,11 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		return nil, err
 	}
 
-	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory(), gcp.NewClientFactory())
+	client, err := k.ToClient()
+	if err != nil {
+		return nil, err
+	}
+	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
 
 	if params.ForSeal {
 		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index f10f72398..47bd06e83 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -75,5 +75,15 @@ func (c *LoadedKluctlProject) buildTarget(configTarget *types.Target) (*types.Ta
 	if target.Discriminator == "" {
 		target.Discriminator = c.Config.Discriminator
 	}
+	if target.Aws == nil {
+		target.Aws = c.Config.Aws
+	} else if c.Config.Aws != nil {
+		if target.Aws.Profile == nil {
+			target.Aws.Profile = c.Config.Aws.Profile
+		}
+		if target.Aws.ServiceAccount == nil {
+			target.Aws.ServiceAccount = c.Config.Aws.ServiceAccount
+		}
+	}
 	return &target, nil
 }
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index c8293da48..67107fc8a 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -11,11 +11,22 @@ type SealingConfig struct {
 	CertFile   *string                `json:"certFile,omitempty"`
 }
 
+type ServiceAccountRef struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
+}
+
+type AwsConfig struct {
+	Profile        *string            `json:"profile,omitempty"`
+	ServiceAccount *ServiceAccountRef `json:"serviceAccount,omitempty"`
+}
+
 type Target struct {
 	Name          string                 `json:"name"`
 	Context       *string                `json:"context,omitempty"`
 	Args          *uo.UnstructuredObject `json:"args,omitempty"`
 	SealingConfig *SealingConfig         `json:"sealingConfig,omitempty"`
+	Aws           *AwsConfig             `json:"aws,omitempty"`
 	Images        []FixedImage           `json:"images,omitempty"`
 	Discriminator string                 `json:"discriminator,omitempty"`
 }
@@ -46,4 +57,5 @@ type KluctlProject struct {
 	Args          []*DeploymentArg `json:"args,omitempty"`
 	SecretsConfig *SecretsConfig   `json:"secretsConfig,omitempty"`
 	Discriminator string           `json:"discriminator,omitempty"`
+	Aws           *AwsConfig       `json:"aws,omitempty"`
 }

From 07731bd9c61339154e5f9d1b2d22a55dd1761594 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 23:05:48 +0200
Subject: [PATCH 1631/2268] refactor: Move sops keyservice into non-internal
 sops package

---
 pkg/controllers/internal/sops/LICENSE         | 373 ------------------
 pkg/controllers/kluctl_project.go             |   2 +-
 .../internal => }/sops/aws_config.go          |   0
 .../internal => }/sops/azure_config.go        |   0
 .../sops/key_server_from_secret.go            |   2 +-
 .../sops/key_server_from_service_account.go   |   2 +-
 .../sops/keyservice/keyservice.go             |   0
 .../internal => }/sops/keyservice/options.go  |   0
 .../internal => }/sops/keyservice/server.go   |   0
 .../sops/keyservice/server_test.go            |   0
 .../sops/keyservice/testdata/private.gpg      |   0
 .../sops/keyservice/testdata/public.gpg       |   0
 .../sops/keyservice/utils_test.go             |   0
 13 files changed, 3 insertions(+), 376 deletions(-)
 delete mode 100644 pkg/controllers/internal/sops/LICENSE
 rename pkg/{controllers/internal => }/sops/aws_config.go (100%)
 rename pkg/{controllers/internal => }/sops/azure_config.go (100%)
 rename pkg/{controllers/internal => }/sops/key_server_from_secret.go (97%)
 rename pkg/{controllers/internal => }/sops/key_server_from_service_account.go (90%)
 rename pkg/{controllers/internal => }/sops/keyservice/keyservice.go (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/options.go (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/server.go (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/server_test.go (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/testdata/private.gpg (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/testdata/public.gpg (100%)
 rename pkg/{controllers/internal => }/sops/keyservice/utils_test.go (100%)

diff --git a/pkg/controllers/internal/sops/LICENSE b/pkg/controllers/internal/sops/LICENSE
deleted file mode 100644
index a612ad981..000000000
--- a/pkg/controllers/internal/sops/LICENSE
+++ /dev/null
@@ -1,373 +0,0 @@
-Mozilla Public License Version 2.0
-==================================
-
-1. Definitions
---------------
-
-1.1. "Contributor"
-    means each individual or legal entity that creates, contributes to
-    the creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-    means the combination of the Contributions of others (if any) used
-    by a Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-    means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-    means Source Code Form to which the initial Contributor has attached
-    the notice in Exhibit A, the Executable Form of such Source Code
-    Form, and Modifications of such Source Code Form, in each case
-    including portions thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-    means
-
-    (a) that the initial Contributor has attached the notice described
-        in Exhibit B to the Covered Software; or
-
-    (b) that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the
-        terms of a Secondary License.
-
-1.6. "Executable Form"
-    means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-    means a work that combines Covered Software with other material, in
-    a separate file or files, that is not Covered Software.
-
-1.8. "License"
-    means this document.
-
-1.9. "Licensable"
-    means having the right to grant, to the maximum extent possible,
-    whether at the time of the initial grant or subsequently, any and
-    all of the rights conveyed by this License.
-
-1.10. "Modifications"
-    means any of the following:
-
-    (a) any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered
-        Software; or
-
-    (b) any new file in Source Code Form that contains any Covered
-        Software.
-
-1.11. "Patent Claims" of a Contributor
-    means any patent claim(s), including without limitation, method,
-    process, and apparatus claims, in any patent Licensable by such
-    Contributor that would be infringed, but for the grant of the
-    License, by the making, using, selling, offering for sale, having
-    made, import, or transfer of either its Contributions or its
-    Contributor Version.
-
-1.12. "Secondary License"
-    means either the GNU General Public License, Version 2.0, the GNU
-    Lesser General Public License, Version 2.1, the GNU Affero General
-    Public License, Version 3.0, or any later versions of those
-    licenses.
-
-1.13. "Source Code Form"
-    means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-    means an individual or a legal entity exercising rights under this
-    License. For legal entities, "You" includes any entity that
-    controls, is controlled by, or is under common control with You. For
-    purposes of this definition, "control" means (a) the power, direct
-    or indirect, to cause the direction or management of such entity,
-    whether by contract or otherwise, or (b) ownership of more than
-    fifty percent (50%) of the outstanding shares or beneficial
-    ownership of such entity.
-
-2. License Grants and Conditions
---------------------------------
-
-2.1. Grants
-
-Each Contributor hereby grants You a world-wide, royalty-free,
-non-exclusive license:
-
-(a) under intellectual property rights (other than patent or trademark)
-    Licensable by such Contributor to use, reproduce, make available,
-    modify, display, perform, distribute, and otherwise exploit its
-    Contributions, either on an unmodified basis, with Modifications, or
-    as part of a Larger Work; and
-
-(b) under Patent Claims of such Contributor to make, use, sell, offer
-    for sale, have made, import, and otherwise transfer either its
-    Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-The licenses granted in Section 2.1 with respect to any Contribution
-become effective for each Contribution on the date the Contributor first
-distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-The licenses granted in this Section 2 are the only rights granted under
-this License. No additional rights or licenses will be implied from the
-distribution or licensing of Covered Software under this License.
-Notwithstanding Section 2.1(b) above, no patent license is granted by a
-Contributor:
-
-(a) for any code that a Contributor has removed from Covered Software;
-    or
-
-(b) for infringements caused by: (i) Your and any other third party's
-    modifications of Covered Software, or (ii) the combination of its
-    Contributions with other software (except as part of its Contributor
-    Version); or
-
-(c) under Patent Claims infringed by Covered Software in the absence of
-    its Contributions.
-
-This License does not grant any rights in the trademarks, service marks,
-or logos of any Contributor (except as may be necessary to comply with
-the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-No Contributor makes additional grants as a result of Your choice to
-distribute the Covered Software under a subsequent version of this
-License (see Section 10.2) or under the terms of a Secondary License (if
-permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-Each Contributor represents that the Contributor believes its
-Contributions are its original creation(s) or it has sufficient rights
-to grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-This License is not intended to limit any rights You have under
-applicable copyright doctrines of fair use, fair dealing, or other
-equivalents.
-
-2.7. Conditions
-
-Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
-in Section 2.1.
-
-3. Responsibilities
--------------------
-
-3.1. Distribution of Source Form
-
-All distribution of Covered Software in Source Code Form, including any
-Modifications that You create or to which You contribute, must be under
-the terms of this License. You must inform recipients that the Source
-Code Form of the Covered Software is governed by the terms of this
-License, and how they can obtain a copy of this License. You may not
-attempt to alter or restrict the recipients' rights in the Source Code
-Form.
-
-3.2. Distribution of Executable Form
-
-If You distribute Covered Software in Executable Form then:
-
-(a) such Covered Software must also be made available in Source Code
-    Form, as described in Section 3.1, and You must inform recipients of
-    the Executable Form how they can obtain a copy of such Source Code
-    Form by reasonable means in a timely manner, at a charge no more
-    than the cost of distribution to the recipient; and
-
-(b) You may distribute such Executable Form under the terms of this
-    License, or sublicense it under different terms, provided that the
-    license for the Executable Form does not attempt to limit or alter
-    the recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-You may create and distribute a Larger Work under terms of Your choice,
-provided that You also comply with the requirements of this License for
-the Covered Software. If the Larger Work is a combination of Covered
-Software with a work governed by one or more Secondary Licenses, and the
-Covered Software is not Incompatible With Secondary Licenses, this
-License permits You to additionally distribute such Covered Software
-under the terms of such Secondary License(s), so that the recipient of
-the Larger Work may, at their option, further distribute the Covered
-Software under the terms of either this License or such Secondary
-License(s).
-
-3.4. Notices
-
-You may not remove or alter the substance of any license notices
-(including copyright notices, patent notices, disclaimers of warranty,
-or limitations of liability) contained within the Source Code Form of
-the Covered Software, except that You may alter any license notices to
-the extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-You may choose to offer, and to charge a fee for, warranty, support,
-indemnity or liability obligations to one or more recipients of Covered
-Software. However, You may do so only on Your own behalf, and not on
-behalf of any Contributor. You must make it absolutely clear that any
-such warranty, support, indemnity, or liability obligation is offered by
-You alone, and You hereby agree to indemnify every Contributor for any
-liability incurred by such Contributor as a result of warranty, support,
-indemnity or liability terms You offer. You may include additional
-disclaimers of warranty and limitations of liability specific to any
-jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
----------------------------------------------------
-
-If it is impossible for You to comply with any of the terms of this
-License with respect to some or all of the Covered Software due to
-statute, judicial order, or regulation then You must: (a) comply with
-the terms of this License to the maximum extent possible; and (b)
-describe the limitations and the code they affect. Such description must
-be placed in a text file included with all distributions of the Covered
-Software under this License. Except to the extent prohibited by statute
-or regulation, such description must be sufficiently detailed for a
-recipient of ordinary skill to be able to understand it.
-
-5. Termination
---------------
-
-5.1. The rights granted under this License will terminate automatically
-if You fail to comply with any of its terms. However, if You become
-compliant, then the rights granted under this License from a particular
-Contributor are reinstated (a) provisionally, unless and until such
-Contributor explicitly and finally terminates Your grants, and (b) on an
-ongoing basis, if such Contributor fails to notify You of the
-non-compliance by some reasonable means prior to 60 days after You have
-come back into compliance. Moreover, Your grants from a particular
-Contributor are reinstated on an ongoing basis if such Contributor
-notifies You of the non-compliance by some reasonable means, this is the
-first time You have received notice of non-compliance with this License
-from such Contributor, and You become compliant prior to 30 days after
-Your receipt of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-infringement claim (excluding declaratory judgment actions,
-counter-claims, and cross-claims) alleging that a Contributor Version
-directly or indirectly infringes any patent, then the rights granted to
-You by any and all Contributors for the Covered Software under Section
-2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all
-end user license agreements (excluding distributors and resellers) which
-have been validly granted by You or Your distributors under this License
-prior to termination shall survive termination.
-
-************************************************************************
-*                                                                      *
-*  6. Disclaimer of Warranty                                           *
-*  -------------------------                                           *
-*                                                                      *
-*  Covered Software is provided under this License on an "as is"       *
-*  basis, without warranty of any kind, either expressed, implied, or  *
-*  statutory, including, without limitation, warranties that the       *
-*  Covered Software is free of defects, merchantable, fit for a        *
-*  particular purpose or non-infringing. The entire risk as to the     *
-*  quality and performance of the Covered Software is with You.        *
-*  Should any Covered Software prove defective in any respect, You     *
-*  (not any Contributor) assume the cost of any necessary servicing,   *
-*  repair, or correction. This disclaimer of warranty constitutes an   *
-*  essential part of this License. No use of any Covered Software is   *
-*  authorized under this License except under this disclaimer.         *
-*                                                                      *
-************************************************************************
-
-************************************************************************
-*                                                                      *
-*  7. Limitation of Liability                                          *
-*  --------------------------                                          *
-*                                                                      *
-*  Under no circumstances and under no legal theory, whether tort      *
-*  (including negligence), contract, or otherwise, shall any           *
-*  Contributor, or anyone who distributes Covered Software as          *
-*  permitted above, be liable to You for any direct, indirect,         *
-*  special, incidental, or consequential damages of any character      *
-*  including, without limitation, damages for lost profits, loss of    *
-*  goodwill, work stoppage, computer failure or malfunction, or any    *
-*  and all other commercial damages or losses, even if such party      *
-*  shall have been informed of the possibility of such damages. This   *
-*  limitation of liability shall not apply to liability for death or   *
-*  personal injury resulting from such party's negligence to the       *
-*  extent applicable law prohibits such limitation. Some               *
-*  jurisdictions do not allow the exclusion or limitation of           *
-*  incidental or consequential damages, so this exclusion and          *
-*  limitation may not apply to You.                                    *
-*                                                                      *
-************************************************************************
-
-8. Litigation
--------------
-
-Any litigation relating to this License may be brought only in the
-courts of a jurisdiction where the defendant maintains its principal
-place of business and such litigation shall be governed by laws of that
-jurisdiction, without reference to its conflict-of-law provisions.
-Nothing in this Section shall prevent a party's ability to bring
-cross-claims or counter-claims.
-
-9. Miscellaneous
-----------------
-
-This License represents the complete agreement concerning the subject
-matter hereof. If any provision of this License is held to be
-unenforceable, such provision shall be reformed only to the extent
-necessary to make it enforceable. Any law or regulation which provides
-that the language of a contract shall be construed against the drafter
-shall not be used to construe this License against a Contributor.
-
-10. Versions of the License
----------------------------
-
-10.1. New Versions
-
-Mozilla Foundation is the license steward. Except as provided in Section
-10.3, no one other than the license steward has the right to modify or
-publish new versions of this License. Each version will be given a
-distinguishing version number.
-
-10.2. Effect of New Versions
-
-You may distribute the Covered Software under the terms of the version
-of the License under which You originally received the Covered Software,
-or under the terms of any subsequent version published by the license
-steward.
-
-10.3. Modified Versions
-
-If you create software not governed by this License, and you want to
-create a new license for such software, you may create and use a
-modified version of this License if you rename the license and remove
-any references to the name of the license steward (except to note that
-such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-Licenses
-
-If You choose to distribute Source Code Form that is Incompatible With
-Secondary Licenses under the terms of this version of the License, the
-notice described in Exhibit B of this License must be attached.
-
-Exhibit A - Source Code Form License Notice
--------------------------------------------
-
-  This Source Code Form is subject to the terms of the Mozilla Public
-  License, v. 2.0. If a copy of the MPL was not distributed with this
-  file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular
-file, then You may include the notice in a location (such as a LICENSE
-file in a relevant directory) where a recipient would be likely to look
-for such a notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
----------------------------------------------------------
-
-  This Source Code Form is "Incompatible With Secondary Licenses", as
-  defined by the Mozilla Public License, v. 2.0.
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 5c6b39a5d..e8856a2af 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/controllers/internal/sops/aws_config.go b/pkg/sops/aws_config.go
similarity index 100%
rename from pkg/controllers/internal/sops/aws_config.go
rename to pkg/sops/aws_config.go
diff --git a/pkg/controllers/internal/sops/azure_config.go b/pkg/sops/azure_config.go
similarity index 100%
rename from pkg/controllers/internal/sops/azure_config.go
rename to pkg/sops/azure_config.go
diff --git a/pkg/controllers/internal/sops/key_server_from_secret.go b/pkg/sops/key_server_from_secret.go
similarity index 97%
rename from pkg/controllers/internal/sops/key_server_from_secret.go
rename to pkg/sops/key_server_from_secret.go
index 764638d4f..c176f2f1b 100644
--- a/pkg/controllers/internal/sops/key_server_from_secret.go
+++ b/pkg/sops/key_server_from_secret.go
@@ -10,7 +10,7 @@ import (
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/kms"
 	"github.com/getsops/sops/v3/pgp"
-	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	corev1 "k8s.io/api/core/v1"
 	"path/filepath"
 	"strings"
diff --git a/pkg/controllers/internal/sops/key_server_from_service_account.go b/pkg/sops/key_server_from_service_account.go
similarity index 90%
rename from pkg/controllers/internal/sops/key_server_from_service_account.go
rename to pkg/sops/key_server_from_service_account.go
index b9d7a9933..90a60e3b1 100644
--- a/pkg/controllers/internal/sops/key_server_from_service_account.go
+++ b/pkg/sops/key_server_from_service_account.go
@@ -5,7 +5,7 @@ import (
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/kms"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
-	intkeyservice "github.com/kluctl/kluctl/v2/pkg/controllers/internal/sops/keyservice"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
diff --git a/pkg/controllers/internal/sops/keyservice/keyservice.go b/pkg/sops/keyservice/keyservice.go
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/keyservice.go
rename to pkg/sops/keyservice/keyservice.go
diff --git a/pkg/controllers/internal/sops/keyservice/options.go b/pkg/sops/keyservice/options.go
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/options.go
rename to pkg/sops/keyservice/options.go
diff --git a/pkg/controllers/internal/sops/keyservice/server.go b/pkg/sops/keyservice/server.go
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/server.go
rename to pkg/sops/keyservice/server.go
diff --git a/pkg/controllers/internal/sops/keyservice/server_test.go b/pkg/sops/keyservice/server_test.go
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/server_test.go
rename to pkg/sops/keyservice/server_test.go
diff --git a/pkg/controllers/internal/sops/keyservice/testdata/private.gpg b/pkg/sops/keyservice/testdata/private.gpg
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/testdata/private.gpg
rename to pkg/sops/keyservice/testdata/private.gpg
diff --git a/pkg/controllers/internal/sops/keyservice/testdata/public.gpg b/pkg/sops/keyservice/testdata/public.gpg
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/testdata/public.gpg
rename to pkg/sops/keyservice/testdata/public.gpg
diff --git a/pkg/controllers/internal/sops/keyservice/utils_test.go b/pkg/sops/keyservice/utils_test.go
similarity index 100%
rename from pkg/controllers/internal/sops/keyservice/utils_test.go
rename to pkg/sops/keyservice/utils_test.go

From 5b3d913bcab231243a2fcd0e4baf019e0642abfe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 23:37:37 +0200
Subject: [PATCH 1632/2268] feat: Use target aws config for sops decryption

---
 pkg/controllers/kluctl_project.go    | 33 ++++++---------
 pkg/kluctl_project/load.go           | 17 +++-----
 pkg/kluctl_project/project.go        |  6 +--
 pkg/kluctl_project/project_load.go   |  4 +-
 pkg/kluctl_project/sops.go           | 62 ++++++++++++++++++++++++++++
 pkg/kluctl_project/target_context.go |  9 +++-
 6 files changed, 91 insertions(+), 40 deletions(-)
 create mode 100644 pkg/kluctl_project/sops.go

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index e8856a2af..796b8c828 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -481,25 +481,23 @@ func (pt *preparedTarget) clientConfigGetter(ctx context.Context) func(context *
 	}
 }
 
-func (pp *preparedProject) buildSopsDecrypter(ctx context.Context) (*decryptor.Decryptor, error) {
+func (pp *preparedProject) addKeyServers(ctx context.Context, d *decryptor.Decryptor) error {
 	if pp.obj.Spec.Decryption == nil {
-		return nil, nil
+		return nil
 	}
 	if pp.obj.Spec.Decryption.Provider != "sops" {
-		return nil, fmt.Errorf("not supported decryption provider %s", pp.obj.Spec.Decryption.Provider)
+		return fmt.Errorf("not supported decryption provider %s", pp.obj.Spec.Decryption.Provider)
 	}
 
-	d := decryptor.NewDecryptor(filepath.Join(pp.tmpDir, "project"), decryptor.MaxEncryptedFileSize)
-
 	err := pp.addSecretBasedKeyServers(ctx, d)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	err = pp.addServiceAccountBasedKeyServers(ctx, d)
 	if err != nil {
-		return nil, err
+		return err
 	}
-	return d, nil
+	return nil
 }
 
 func (pp *preparedProject) addSecretBasedKeyServers(ctx context.Context, d *decryptor.Decryptor) error {
@@ -559,13 +557,6 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 
 func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTarget, j2 *jinja2.Jinja2) (*kluctl_project.LoadedKluctlProject, error) {
 	var err error
-	var sopsDecrypter *decryptor.Decryptor
-	if pp.obj.Spec.Decryption != nil {
-		sopsDecrypter, err = pp.buildSopsDecrypter(ctx)
-		if err != nil {
-			return nil, err
-		}
-	}
 
 	var externalArgs *uo.UnstructuredObject
 	if pt.pp.obj.Spec.Args != nil {
@@ -576,11 +567,13 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
-		RepoRoot:      pp.repoDir,
-		ExternalArgs:  externalArgs,
-		ProjectDir:    pp.projectDir,
-		RP:            pp.rp,
-		SopsDecrypter: sopsDecrypter,
+		RepoRoot:     pp.repoDir,
+		ExternalArgs: externalArgs,
+		ProjectDir:   pp.projectDir,
+		RP:           pp.rp,
+		AddKeyServersFunc: func(ctx context.Context, d *decryptor.Decryptor) error {
+			return pp.addKeyServers(ctx, d)
+		},
 	}
 	if pt != nil {
 		loadArgs.ClientConfigGetter = pt.clientConfigGetter(ctx)
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 8eb2db654..dc71aa0e0 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,7 +3,6 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"time"
 )
@@ -13,17 +12,11 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 	defer status.Trace(ctx, "leave LoadKluctlProject")
 
 	p := &LoadedKluctlProject{
-		LoadArgs:      args,
-		LoadTime:      time.Now(),
-		TmpDir:        tmpDir,
-		J2:            j2,
-		RP:            args.RP,
-		SopsDecrypter: args.SopsDecrypter,
-	}
-
-	if p.SopsDecrypter == nil {
-		p.SopsDecrypter = decryptor.NewDecryptor(args.ProjectDir, decryptor.MaxEncryptedFileSize)
-		p.SopsDecrypter.AddLocalKeyService()
+		LoadArgs: args,
+		LoadTime: time.Now(),
+		TmpDir:   tmpDir,
+		J2:       j2,
+		RP:       args.RP,
 	}
 
 	err := p.loadKluctlProject(ctx)
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 3b108a62b..7eb7cd8a3 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
-	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"time"
 )
@@ -20,9 +19,8 @@ type LoadedKluctlProject struct {
 	Config  types2.KluctlProject
 	Targets []*types2.Target
 
-	J2            *jinja2.Jinja2
-	RP            *repocache.GitRepoCache
-	SopsDecrypter *decryptor.Decryptor
+	J2 *jinja2.Jinja2
+	RP *repocache.GitRepoCache
 }
 
 func (c *LoadedKluctlProject) FindTarget(name string) (*types2.Target, error) {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 5c1d8bc70..acd3c5df9 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -19,9 +19,9 @@ type LoadKluctlProjectArgs struct {
 	ProjectConfig string
 	ExternalArgs  *uo.UnstructuredObject
 
-	SopsDecrypter *decryptor.Decryptor
-	RP            *repocache.GitRepoCache
+	RP *repocache.GitRepoCache
 
+	AddKeyServersFunc  func(ctx context.Context, d *decryptor.Decryptor) error
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
 
diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/sops.go
new file mode 100644
index 000000000..12a4bffa8
--- /dev/null
+++ b/pkg/kluctl_project/sops.go
@@ -0,0 +1,62 @@
+package kluctl_project
+
+import (
+	"context"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func (c *LoadedKluctlProject) buildSopsDecrypter(ctx context.Context, client client.Client, target *types.Target) (*decryptor.Decryptor, error) {
+	d := decryptor.NewDecryptor(c.LoadArgs.ProjectDir, decryptor.MaxEncryptedFileSize)
+
+	err := c.addAwsKeyServers(ctx, client, d, target)
+	if err != nil {
+		return nil, err
+	}
+
+	if c.LoadArgs.AddKeyServersFunc != nil {
+		err = c.LoadArgs.AddKeyServersFunc(ctx, d)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		d.AddLocalKeyService()
+	}
+
+	return d, nil
+}
+
+func (c *LoadedKluctlProject) addAwsKeyServers(ctx context.Context, client client.Client, d *decryptor.Decryptor, target *types.Target) error {
+	if target.Aws == nil {
+		return nil
+	}
+
+	if target.Aws.Profile != nil {
+		var configOpts []func(*config.LoadOptions) error
+		configOpts = append(configOpts, config.WithSharedConfigProfile(*target.Aws.Profile))
+		cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
+		if err == nil {
+			server := intkeyservice.NewServer(intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(cfg.Credentials)})
+			ks := keyservice.NewCustomLocalClient(server)
+			d.AddKeyServiceClient(ks)
+		}
+	}
+
+	if target.Aws.ServiceAccount != nil {
+		ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, client, target.Aws.ServiceAccount.Name, target.Aws.ServiceAccount.Namespace)
+		if err != nil {
+			return err
+		}
+		if ks != nil {
+			d.AddKeyServiceClient(ks)
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 585ce96a0..95039cf72 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -94,7 +94,12 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 	if err != nil {
 		return nil, err
 	}
-	varsLoader := vars.NewVarsLoader(ctx, k, p.SopsDecrypter, p.RP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
+
+	sopsDecryptor, err := p.buildSopsDecrypter(ctx, client, target)
+	if err != nil {
+		return nil, err
+	}
+	varsLoader := vars.NewVarsLoader(ctx, k, sopsDecryptor, p.RP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
 
 	if params.ForSeal {
 		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
@@ -108,7 +113,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		K:                                 k,
 		K8sVersion:                        params.K8sVersion,
 		RP:                                p.RP,
-		SopsDecrypter:                     p.SopsDecrypter,
+		SopsDecrypter:                     sopsDecryptor,
 		VarsLoader:                        varsLoader,
 		HelmCredentials:                   params.HelmCredentials,
 		Discriminator:                     target.Discriminator,

From d3e16f339922ce0441d19f1d054f2037e6464996 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 24 Sep 2023 23:57:33 +0200
Subject: [PATCH 1633/2268] fix: Only use service accounts when a k8s client is
 available

---
 pkg/clouds/aws/clientfactory.go      |  2 +-
 pkg/kluctl_project/sops.go           |  2 +-
 pkg/kluctl_project/target_context.go | 10 +++++++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/clouds/aws/clientfactory.go b/pkg/clouds/aws/clientfactory.go
index 4632f4e7a..fc834c6c3 100644
--- a/pkg/clouds/aws/clientfactory.go
+++ b/pkg/clouds/aws/clientfactory.go
@@ -35,7 +35,7 @@ func (a *awsClientFactory) SecretsManagerClient(ctx context.Context, profile *st
 		configOpts = append(configOpts, config.WithRegion(*region))
 	}
 
-	if a.awsConfig.ServiceAccount != nil {
+	if a.awsConfig.ServiceAccount != nil && a.client != nil {
 		webIdentityCreds, err := BuildCredentialsFromServiceAccount(ctx, a.client, a.awsConfig.ServiceAccount.Name, a.awsConfig.ServiceAccount.Namespace, "kluctl-vars-loader")
 		if err == nil && webIdentityCreds != nil {
 			configOpts = append(configOpts, config.WithCredentialsProvider(webIdentityCreds))
diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/sops.go
index 12a4bffa8..7f4cf6d59 100644
--- a/pkg/kluctl_project/sops.go
+++ b/pkg/kluctl_project/sops.go
@@ -48,7 +48,7 @@ func (c *LoadedKluctlProject) addAwsKeyServers(ctx context.Context, client clien
 		}
 	}
 
-	if target.Aws.ServiceAccount != nil {
+	if target.Aws.ServiceAccount != nil && client != nil {
 		ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, client, target.Aws.ServiceAccount.Name, target.Aws.ServiceAccount.Namespace)
 		if err != nil {
 			return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 95039cf72..6b8701b74 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -17,6 +17,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type TargetContext struct {
@@ -90,9 +91,12 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		return nil, err
 	}
 
-	client, err := k.ToClient()
-	if err != nil {
-		return nil, err
+	var client client.Client
+	if k != nil {
+		client, err = k.ToClient()
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	sopsDecryptor, err := p.buildSopsDecrypter(ctx, client, target)

From e8093c99613b53c4ad4a17caa11b93c0961c573e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 30 Sep 2023 09:17:38 +0200
Subject: [PATCH 1634/2268] feat: Support azureKeyVault in variables node

---
 .../command-result/nodes/VarsSourceNode.tsx     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index 4601c3b10..c8aed9765 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -187,6 +187,23 @@ export class VarsSourceNodeData extends NodeData {
                     return sourceProps
                 }
             }
+        } else if (this.varsSource.azureKeyVault) {
+            return {
+                type: "azureKeyVault",
+                label: () => {
+                    return <>
+                        {this.varsSource.azureKeyVault!.vaultUri}<br/>
+                        {this.varsSource.azureKeyVault!.secretName}
+                    </>
+                },
+                icon: () => <Cloud fontSize={"large"}/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({ name: "VaultURI", value: this.varsSource.azureKeyVault!.vaultUri })
+                    sourceProps.push({ name: "SecretName", value: this.varsSource.azureKeyVault!.secretName })
+                    return sourceProps
+                }
+            }
         } else {
             return {
                 type: "unknown",

From 8ead69fa7974b61f15f9670e6c989dc092f5d112 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 30 Sep 2023 09:19:40 +0200
Subject: [PATCH 1635/2268] refactor: Also move azure package into cloud
 package

---
 pkg/{vars => clouds}/azure/keyvault.go | 0
 pkg/vars/vars_loader.go                | 1 +
 2 files changed, 1 insertion(+)
 rename pkg/{vars => clouds}/azure/keyvault.go (100%)

diff --git a/pkg/vars/azure/keyvault.go b/pkg/clouds/azure/keyvault.go
similarity index 100%
rename from pkg/vars/azure/keyvault.go
rename to pkg/clouds/azure/keyvault.go
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 7dc62bd23..a26fd2d03 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -9,6 +9,7 @@ import (
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/azure"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"

From e669c3b574ece27e7c0cc22e65560728336d4bb7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 30 Sep 2023 09:29:37 +0200
Subject: [PATCH 1636/2268] chore: Run make generate

---
 pkg/types/zz_generated.deepcopy.go | 50 ++++++++++++++++++++++++++++++
 pkg/webui/ui/src/models.ts         | 40 ++++++++++++++++++++++++
 2 files changed, 90 insertions(+)

diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index b88a5ec11..af7b08d45 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -25,6 +25,31 @@ import (
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AwsConfig) DeepCopyInto(out *AwsConfig) {
+	*out = *in
+	if in.Profile != nil {
+		in, out := &in.Profile, &out.Profile
+		*out = new(string)
+		**out = **in
+	}
+	if in.ServiceAccount != nil {
+		in, out := &in.ServiceAccount, &out.ServiceAccount
+		*out = new(ServiceAccountRef)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsConfig.
+func (in *AwsConfig) DeepCopy() *AwsConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(AwsConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeleteObjectItemConfig) DeepCopyInto(out *DeleteObjectItemConfig) {
 	*out = *in
@@ -544,6 +569,11 @@ func (in *KluctlProject) DeepCopyInto(out *KluctlProject) {
 		*out = new(SecretsConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Aws != nil {
+		in, out := &in.Aws, &out.Aws
+		*out = new(AwsConfig)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlProject.
@@ -658,6 +688,21 @@ func (in *SecretsConfig) DeepCopy() *SecretsConfig {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef.
+func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef {
+	if in == nil {
+		return nil
+	}
+	out := new(ServiceAccountRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in SingleStringOrList) DeepCopyInto(out *SingleStringOrList) {
 	{
@@ -694,6 +739,11 @@ func (in *Target) DeepCopyInto(out *Target) {
 		*out = new(SealingConfig)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Aws != nil {
+		in, out := &in.Aws, &out.Aws
+		*out = new(AwsConfig)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Images != nil {
 		in, out := &in.Images, &out.Images
 		*out = make([]FixedImage, len(*in))
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index b22afb3b6..026776cac 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -568,6 +568,44 @@ export class FixedImage {
 	    return a;
 	}
 }
+export class ServiceAccountRef {
+    name: string;
+    namespace: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+    }
+}
+export class AwsConfig {
+    profile?: string;
+    serviceAccount?: ServiceAccountRef;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.profile = source["profile"];
+        this.serviceAccount = this.convertValues(source["serviceAccount"], ServiceAccountRef);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class SealingConfig {
     args?: any;
     secretSets?: string[];
@@ -585,6 +623,7 @@ export class Target {
     context?: string;
     args?: any;
     sealingConfig?: SealingConfig;
+    aws?: AwsConfig;
     images?: FixedImage[];
     discriminator?: string;
 
@@ -594,6 +633,7 @@ export class Target {
         this.context = source["context"];
         this.args = source["args"];
         this.sealingConfig = this.convertValues(source["sealingConfig"], SealingConfig);
+        this.aws = this.convertValues(source["aws"], AwsConfig);
         this.images = this.convertValues(source["images"], FixedImage);
         this.discriminator = source["discriminator"];
     }

From cea60b0b57dd5debf8150e13cc08b8ed6862697d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 30 Sep 2023 09:47:52 +0200
Subject: [PATCH 1637/2268] tests: Ensure enough time has passed between
 deployments

---
 e2e/results_test.go |  8 ++++++++
 e2e/utils.go        | 24 ++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/e2e/results_test.go b/e2e/results_test.go
index b7b14300f..3181b86f1 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -42,6 +42,10 @@ func TestWriteResult(t *testing.T) {
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
+	// we must ensure that at least a second passes between deployments, as otherwise command result sorting becomes
+	// unstable
+	b := newSecondPassedBarrier(t)
+
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
@@ -70,6 +74,8 @@ func TestWriteResult(t *testing.T) {
 		_ = o.SetNestedField("v2", "data", "d1")
 		return nil
 	}, "")
+
+	b.Wait()
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
@@ -87,6 +93,7 @@ func TestWriteResult(t *testing.T) {
 		_ = o.RemoveNestedField("deployments", 1)
 		return nil
 	})
+	b.Wait()
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
@@ -98,6 +105,7 @@ func TestWriteResult(t *testing.T) {
 		OrphanObjects:  1,
 	}, summaries[0])
 
+	b.Wait()
 	p.KluctlMust("prune", "--yes", "-t", "test")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 
diff --git a/e2e/utils.go b/e2e/utils.go
index 800cc9227..3ec0d5ab2 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -14,6 +14,7 @@ import (
 	"reflect"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
+	"time"
 )
 
 func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
@@ -101,3 +102,26 @@ func patchObject(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVer
 func patchConfigMap(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string, cb func(o *uo.UnstructuredObject)) {
 	patchObject(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name, cb)
 }
+
+type secondPassedBarrier struct {
+	last time.Time
+	t    *testing.T
+}
+
+func newSecondPassedBarrier(t *testing.T) secondPassedBarrier {
+	return secondPassedBarrier{
+		t:    t,
+		last: time.Now(),
+	}
+}
+
+func (b *secondPassedBarrier) Wait() {
+	t := time.Now()
+	passed := t.Sub(b.last)
+	if passed < time.Second {
+		sleep := time.Second - passed + 100*time.Millisecond
+		b.t.Logf("sleeping for %s", sleep.String())
+		time.Sleep(sleep)
+	}
+	b.last = time.Now()
+}

From 54c12d84ea3bb4f4bce61ac2a7420dae5aeebf85 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 30 Sep 2023 09:49:22 +0200
Subject: [PATCH 1638/2268] fix: Make result sorting more stable

---
 pkg/results/result-store.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 8b3517f16..3a14e76b9 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -71,7 +71,10 @@ func lessCommandSummary(a *result.CommandResultSummary, b *result.CommandResultS
 	if a.Command.EndTime != b.Command.EndTime {
 		return a.Command.EndTime.After(b.Command.EndTime.Time)
 	}
-	return a.Command.Command < b.Command.Command
+	if a.Command.Command != b.Command.Command {
+		return a.Command.Command < b.Command.Command
+	}
+	return a.Id < b.Id
 }
 
 func lessValidateSummary(a *result.ValidateResultSummary, b *result.ValidateResultSummary) bool {
@@ -81,5 +84,5 @@ func lessValidateSummary(a *result.ValidateResultSummary, b *result.ValidateResu
 	if a.EndTime != b.EndTime {
 		return a.EndTime.After(b.EndTime.Time)
 	}
-	return false
+	return a.Id < b.Id
 }

From 9ac555abd6fda952a8c3abbcf17eb981d09df253 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 08:51:17 +0200
Subject: [PATCH 1639/2268] fix: Fix crash when no aws config was specified

---
 pkg/kluctl_project/sops.go    | 4 ----
 pkg/kluctl_project/targets.go | 6 +++++-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/sops.go
index 7f4cf6d59..9fa61c671 100644
--- a/pkg/kluctl_project/sops.go
+++ b/pkg/kluctl_project/sops.go
@@ -33,10 +33,6 @@ func (c *LoadedKluctlProject) buildSopsDecrypter(ctx context.Context, client cli
 }
 
 func (c *LoadedKluctlProject) addAwsKeyServers(ctx context.Context, client client.Client, d *decryptor.Decryptor, target *types.Target) error {
-	if target.Aws == nil {
-		return nil
-	}
-
 	if target.Aws.Profile != nil {
 		var configOpts []func(*config.LoadOptions) error
 		configOpts = append(configOpts, config.WithSharedConfigProfile(*target.Aws.Profile))
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 47bd06e83..8cfe666f3 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -76,7 +76,11 @@ func (c *LoadedKluctlProject) buildTarget(configTarget *types.Target) (*types.Ta
 		target.Discriminator = c.Config.Discriminator
 	}
 	if target.Aws == nil {
-		target.Aws = c.Config.Aws
+		if c.Config.Aws != nil {
+			target.Aws = c.Config.Aws
+		} else {
+			target.Aws = &types.AwsConfig{}
+		}
 	} else if c.Config.Aws != nil {
 		if target.Aws.Profile == nil {
 			target.Aws.Profile = c.Config.Aws.Profile

From 8430869ca208d2e45b757529cb8e460995cb03ec Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 10:14:49 +0200
Subject: [PATCH 1640/2268] refactor: Unify loading of AWS config via
 LoadAwsConfigHelper

---
 pkg/clouds/aws/aws_config.go                | 47 +++++++++++++++++++++
 pkg/clouds/aws/clientfactory.go             | 16 +------
 pkg/controllers/kluctl_project.go           | 15 ++++---
 pkg/kluctl_project/sops.go                  | 27 +++---------
 pkg/sops/key_server_from_service_account.go | 24 -----------
 5 files changed, 65 insertions(+), 64 deletions(-)
 create mode 100644 pkg/clouds/aws/aws_config.go
 delete mode 100644 pkg/sops/key_server_from_service_account.go

diff --git a/pkg/clouds/aws/aws_config.go b/pkg/clouds/aws/aws_config.go
new file mode 100644
index 000000000..87f028ed0
--- /dev/null
+++ b/pkg/clouds/aws/aws_config.go
@@ -0,0 +1,47 @@
+package aws
+
+import (
+	"context"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// LoadAwsConfigHelper will try to load the profile given either by profile or by awsConfig.Profile and only if this succeeds (the profile exists),
+// it will use it to perform default config loading. The reason for this is that non-existent profiles is expected in Kluctl,
+// at it might run on an environment that does not have the profile configured, in which case it should not error out later (due to it using a non-existing profile).
+// This helper will also try to load service account based web identity configuration.
+func LoadAwsConfigHelper(ctx context.Context, c client.Client, awsConfig *types.AwsConfig, profile *string, optFnsIn ...func(*config.LoadOptions) error) (aws.Config, error) {
+	var configOpts []func(*config.LoadOptions) error
+
+	if profile == nil && awsConfig != nil {
+		profile = awsConfig.Profile
+	}
+
+	profileOk := false
+	if profile != nil {
+		_, err := config.LoadSharedConfigProfile(ctx, *profile)
+		if err != nil {
+			status.WarningOncef(ctx, "aws-profile-"+*profile, "The AWS profile %s could not be loaded, reverting to default handling: %s", *profile, err)
+		} else {
+			profileOk = true
+			configOpts = append(configOpts, config.WithSharedConfigProfile(*profile))
+		}
+	}
+	if !profileOk && c != nil && awsConfig != nil && awsConfig.ServiceAccount != nil {
+		creds, err := BuildCredentialsFromServiceAccount(ctx, c, awsConfig.ServiceAccount.Name, awsConfig.ServiceAccount.Namespace, "kluctl")
+		if err != nil {
+			status.WarningOncef(ctx, "aws-service-account-"+awsConfig.ServiceAccount.Namespace+"-"+awsConfig.ServiceAccount.Name,
+				"IRSA credentials could not be generated from the service account %s/%s: %s", awsConfig.ServiceAccount.Namespace, awsConfig.ServiceAccount.Name, err)
+		} else {
+			configOpts = append(configOpts, config.WithCredentialsProvider(creds))
+		}
+	}
+
+	configOpts = append(configOpts, optFnsIn...)
+
+	cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
+	return cfg, err
+}
diff --git a/pkg/clouds/aws/clientfactory.go b/pkg/clouds/aws/clientfactory.go
index fc834c6c3..09e2241a3 100644
--- a/pkg/clouds/aws/clientfactory.go
+++ b/pkg/clouds/aws/clientfactory.go
@@ -22,27 +22,13 @@ type awsClientFactory struct {
 }
 
 func (a *awsClientFactory) SecretsManagerClient(ctx context.Context, profile *string, region *string) (GetSecretValueInterface, error) {
-	if profile == nil {
-		profile = a.awsConfig.Profile
-	}
-
 	var configOpts []func(*config.LoadOptions) error
-	if profile != nil {
-		configOpts = append(configOpts, config.WithSharedConfigProfile(*profile))
-	}
 
 	if region != nil {
 		configOpts = append(configOpts, config.WithRegion(*region))
 	}
 
-	if a.awsConfig.ServiceAccount != nil && a.client != nil {
-		webIdentityCreds, err := BuildCredentialsFromServiceAccount(ctx, a.client, a.awsConfig.ServiceAccount.Name, a.awsConfig.ServiceAccount.Namespace, "kluctl-vars-loader")
-		if err == nil && webIdentityCreds != nil {
-			configOpts = append(configOpts, config.WithCredentialsProvider(webIdentityCreds))
-		}
-	}
-
-	cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
+	cfg, err := LoadAwsConfigHelper(ctx, a.client, a.awsConfig, profile, configOpts...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 796b8c828..99e574916 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -3,14 +3,18 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/kms"
 	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/prometheus/client_golang/prometheus"
@@ -545,13 +549,14 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 		return nil
 	}
 
-	ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, pp.r.Client, name, pp.obj.Namespace)
-	if err != nil {
+	creds, err := aws.BuildCredentialsFromServiceAccount(ctx, pp.r.Client, name, pp.obj.Namespace, "kluctl-controller")
+	if err != nil || creds == nil {
 		return err
 	}
-	if ks != nil {
-		d.AddKeyServiceClient(ks)
-	}
+
+	server := intkeyservice.NewServer(intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(creds)})
+	ks := keyservice.NewCustomLocalClient(server)
+	d.AddKeyServiceClient(ks)
 	return nil
 }
 
diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/sops.go
index 9fa61c671..254135f6b 100644
--- a/pkg/kluctl_project/sops.go
+++ b/pkg/kluctl_project/sops.go
@@ -2,10 +2,9 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/kms"
-	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -33,26 +32,14 @@ func (c *LoadedKluctlProject) buildSopsDecrypter(ctx context.Context, client cli
 }
 
 func (c *LoadedKluctlProject) addAwsKeyServers(ctx context.Context, client client.Client, d *decryptor.Decryptor, target *types.Target) error {
-	if target.Aws.Profile != nil {
-		var configOpts []func(*config.LoadOptions) error
-		configOpts = append(configOpts, config.WithSharedConfigProfile(*target.Aws.Profile))
-		cfg, err := config.LoadDefaultConfig(context.Background(), configOpts...)
-		if err == nil {
-			server := intkeyservice.NewServer(intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(cfg.Credentials)})
-			ks := keyservice.NewCustomLocalClient(server)
-			d.AddKeyServiceClient(ks)
-		}
+	cfg, err := aws.LoadAwsConfigHelper(ctx, client, target.Aws, nil)
+	if err != nil {
+		return err
 	}
 
-	if target.Aws.ServiceAccount != nil && client != nil {
-		ks, err := sops.BuildSopsKeyServerFromServiceAccount(ctx, client, target.Aws.ServiceAccount.Name, target.Aws.ServiceAccount.Namespace)
-		if err != nil {
-			return err
-		}
-		if ks != nil {
-			d.AddKeyServiceClient(ks)
-		}
-	}
+	server := intkeyservice.NewServer(intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(cfg.Credentials)})
+	ks := keyservice.NewCustomLocalClient(server)
+	d.AddKeyServiceClient(ks)
 
 	return nil
 }
diff --git a/pkg/sops/key_server_from_service_account.go b/pkg/sops/key_server_from_service_account.go
deleted file mode 100644
index 90a60e3b1..000000000
--- a/pkg/sops/key_server_from_service_account.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package sops
-
-import (
-	"context"
-	"github.com/getsops/sops/v3/keyservice"
-	"github.com/getsops/sops/v3/kms"
-	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
-	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-)
-
-func BuildSopsKeyServerFromServiceAccount(ctx context.Context, client client.Client, name string, namespace string) (keyservice.KeyServiceClient, error) {
-	var serverOpts []intkeyservice.ServerOption
-
-	provider, err := aws.BuildCredentialsFromServiceAccount(ctx, client, name, namespace, "kluctl-sops-decrypter")
-	if err != nil || provider == nil {
-		return nil, err
-	}
-
-	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(provider)})
-
-	server := intkeyservice.NewServer(serverOpts...)
-	return keyservice.NewCustomLocalClient(server), nil
-}

From 49d62f63535cfa39ca638f4b3638d7f98ef2436c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 10:21:40 +0200
Subject: [PATCH 1641/2268] docs: Add documentation for new AWS configuration

---
 docs/kluctl/kluctl-project/README.md         | 29 ++++++++++++++++++++
 docs/kluctl/kluctl-project/targets/README.md |  9 ++++++
 2 files changed, 38 insertions(+)

diff --git a/docs/kluctl/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
index e6c3186d2..43d7067b8 100644
--- a/docs/kluctl/kluctl-project/README.md
+++ b/docs/kluctl/kluctl-project/README.md
@@ -98,6 +98,35 @@ kluctl deploy -t my-target -a my.nested1=override`
 
 will only modify the value below `my.nested1` and keep the value of `my.nested2`.
 
+### aws
+If specified, configures the default AWS configuration to use for
+[awsSecretsManager](../templating/variable-sources.md#awssecretsmanager) vars sources and KMS based
+[SOPS descryption](../deployments/sops.md).
+
+Example:
+
+```yaml
+aws:
+  profile: my-local-aws-profile
+  serviceAccount:
+    name: service-account-name
+    namespace: service-account-namespace
+```
+
+#### profile
+If specified, Kluctl will use this [AWS config profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles)
+when found locally. If it is not found in your local AWS config, Kluctl will not try to use the specified profile.
+
+#### serviceAccount
+Optionally specifies the name and namespace of a service account to use for [IRSA based authentication](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+The specified service accounts needs to have the `eks.amazonaws.com/role-arn` annotation set to an existing IAM role
+with a proper trust policy that allows this service account to assume that role. Please read the AWS documentation
+for details.
+
+The service account is only used when [profile](#profile) was not specified or when it is not present locally.
+If a service account is specified and accessible (you need proper RBAC access), Kluctl will not try to perform default
+AWS config loading.
+
 ## Using Kluctl without .kluctl.yaml
 
 It's possible to use Kluctl without any `.kluctl.yaml`. In that case, all commands must be used without specifying the
diff --git a/docs/kluctl/kluctl-project/targets/README.md b/docs/kluctl/kluctl-project/targets/README.md
index 4cb00e161..4e7ebd50d 100644
--- a/docs/kluctl/kluctl-project/targets/README.md
+++ b/docs/kluctl/kluctl-project/targets/README.md
@@ -32,6 +32,11 @@ targets:
     images:
       - image: my-image
         resultImage: my-image:1.2.3
+    aws:
+      profile: my-local-aws-profile
+      serviceAccount:
+        name: service-account-name
+        namespace: service-account-namespace
     discriminator: "my-project-{{ target.name }}"
 ...
 ```
@@ -54,6 +59,10 @@ are configured via [deployment args](../../deployments/deployment-yml.md#args).
 This field specifies a list of fixed images to be used by [`images.get_image(...)`](../../deployments/images.md#imagesget_image).
 The format is identical to the [fixed images file](../../deployments/images.md#command-line-argument---fixed-images-file).
 
+## aws
+This field specifies target specific AWS configuration, which overrides what was optionally specified via the
+[global AWS configuration](../README.md#aws).
+
 ## discriminator
 
 Specifies a discriminator which is used to uniquely identify all deployed objects on the cluster. It is added to all

From 4134d209d4f6b545d3db598fa28e3289208c565d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 12:41:46 +0200
Subject: [PATCH 1642/2268] fix: Honor AWS credentials which are set via
 environment variables

---
 docs/kluctl/kluctl-project/README.md |  3 +++
 pkg/clouds/aws/aws_config.go         | 30 +++++++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/docs/kluctl/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
index 43d7067b8..65f6bc413 100644
--- a/docs/kluctl/kluctl-project/README.md
+++ b/docs/kluctl/kluctl-project/README.md
@@ -113,6 +113,9 @@ aws:
     namespace: service-account-namespace
 ```
 
+If any of the environment variables `AWS_PROFILE`, `AWS_ACCESS_KEY_ID`, `AWS_ACCESS_KEY` or `AWS_WEB_IDENTITY_TOKEN_FILE`
+is set, Kluctl will ignore this AWS configuration and revert to using the environment variables based credentials.
+
 #### profile
 If specified, Kluctl will use this [AWS config profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles)
 when found locally. If it is not found in your local AWS config, Kluctl will not try to use the specified profile.
diff --git a/pkg/clouds/aws/aws_config.go b/pkg/clouds/aws/aws_config.go
index 87f028ed0..6e46455d2 100644
--- a/pkg/clouds/aws/aws_config.go
+++ b/pkg/clouds/aws/aws_config.go
@@ -9,11 +9,32 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+func isConfiguredViaEnv(cfg config.EnvConfig) bool {
+	if cfg.SharedConfigProfile != "" {
+		return true
+	}
+	if cfg.Credentials.HasKeys() {
+		return true
+	}
+	if cfg.WebIdentityTokenFilePath != "" {
+		return true
+	}
+	return false
+}
+
 // LoadAwsConfigHelper will try to load the profile given either by profile or by awsConfig.Profile and only if this succeeds (the profile exists),
 // it will use it to perform default config loading. The reason for this is that non-existent profiles is expected in Kluctl,
 // at it might run on an environment that does not have the profile configured, in which case it should not error out later (due to it using a non-existing profile).
 // This helper will also try to load service account based web identity configuration.
 func LoadAwsConfigHelper(ctx context.Context, c client.Client, awsConfig *types.AwsConfig, profile *string, optFnsIn ...func(*config.LoadOptions) error) (aws.Config, error) {
+	envCfg, err := config.NewEnvConfig()
+	if err != nil {
+		return aws.Config{}, err
+	}
+	if isConfiguredViaEnv(envCfg) {
+		return config.LoadDefaultConfig(context.Background(), optFnsIn...)
+	}
+
 	var configOpts []func(*config.LoadOptions) error
 
 	if profile == nil && awsConfig != nil {
@@ -22,7 +43,14 @@ func LoadAwsConfigHelper(ctx context.Context, c client.Client, awsConfig *types.
 
 	profileOk := false
 	if profile != nil {
-		_, err := config.LoadSharedConfigProfile(ctx, *profile)
+		_, err := config.LoadSharedConfigProfile(ctx, *profile, func(options *config.LoadSharedConfigOptions) {
+			if envCfg.SharedConfigFile != "" {
+				options.ConfigFiles = append(options.ConfigFiles, envCfg.SharedConfigFile)
+			}
+			if envCfg.SharedCredentialsFile != "" {
+				options.CredentialsFiles = append(options.CredentialsFiles, envCfg.SharedCredentialsFile)
+			}
+		})
 		if err != nil {
 			status.WarningOncef(ctx, "aws-profile-"+*profile, "The AWS profile %s could not be loaded, reverting to default handling: %s", *profile, err)
 		} else {

From 5695b445b23aa6cd583a4688dc5ffb840cd65e8d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 12:41:56 +0200
Subject: [PATCH 1643/2268] tests: Add tests for aws config

---
 pkg/clouds/aws/aws_config_test.go | 181 ++++++++++++++++++++++++++++++
 1 file changed, 181 insertions(+)
 create mode 100644 pkg/clouds/aws/aws_config_test.go

diff --git a/pkg/clouds/aws/aws_config_test.go b/pkg/clouds/aws/aws_config_test.go
new file mode 100644
index 000000000..d571e38e5
--- /dev/null
+++ b/pkg/clouds/aws/aws_config_test.go
@@ -0,0 +1,181 @@
+package aws
+
+import (
+	"context"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+)
+
+func buildConfigPath(t *testing.T) string {
+	p := filepath.Join(t.TempDir(), t.Name()+".cfg")
+	err := os.MkdirAll(filepath.Dir(p), 0o777)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return p
+}
+
+func addProfile(t *testing.T, configPath string, profileName string, keyId string) {
+	newConfig := fmt.Sprintf(`
+[profile %s]
+region = eu-central-1
+`, profileName)
+
+	newCredentials := fmt.Sprintf(`
+[%s]
+aws_access_key_id = %s
+aws_secret_access_key = %s
+`, profileName, keyId, keyId)
+
+	oldConfig, _ := os.ReadFile(configPath)
+	oldCredentials, _ := os.ReadFile(configPath + ".creds")
+
+	err := os.WriteFile(configPath, []byte(string(oldConfig)+newConfig), 0o666)
+	assert.NoError(t, err)
+	err = os.WriteFile(configPath+".creds", []byte(string(oldCredentials)+newCredentials), 0o666)
+	assert.NoError(t, err)
+
+	t.Setenv("AWS_CONFIG_FILE", configPath)
+	t.Setenv("AWS_SHARED_CREDENTIALS_FILE", configPath+".creds")
+}
+
+func TestAwsConfig(t *testing.T) {
+	type testCase struct {
+		noK8s bool
+
+		configProfiles  []string
+		serviceAccounts []string
+
+		envProfile string
+		argProfile string
+
+		awsConfigProfile string
+		awsConfigSA      string
+
+		expectedProvider    aws.CredentialsProvider
+		expectedKey         string
+		expectedStatusLines []string
+	}
+
+	testCases := []testCase{
+		{configProfiles: []string{}, envProfile: "", noK8s: true, expectedProvider: &ec2rolecreds.Provider{}},
+		{configProfiles: []string{}, envProfile: "", expectedProvider: &ec2rolecreds.Provider{}},
+		{configProfiles: []string{"p1"}, envProfile: "", expectedProvider: &ec2rolecreds.Provider{}},
+		{configProfiles: []string{"p1"}, envProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
+		{configProfiles: []string{"p1", "p2"}, awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, awsConfigProfile: "p2", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p1", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p1", awsConfigProfile: "p2", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p3", awsConfigProfile: "p1", expectedProvider: &ec2rolecreds.Provider{}},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p3", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p3", argProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
+		{configProfiles: []string{"p1", "p2"}, awsConfigProfile: "p3", argProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, awsConfigProfile: "p3", expectedProvider: &ec2rolecreds.Provider{}},
+
+		{configProfiles: []string{"p1", "p2"}, awsConfigSA: "sa", expectedProvider: &ec2rolecreds.Provider{}, expectedStatusLines: []string{"IRSA credentials could not be generated from the service account default/sa: serviceaccounts \"sa\" not found"}},
+		{configProfiles: []string{"p1", "p2"}, awsConfigSA: "sa", envProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, awsConfigSA: "sa", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, serviceAccounts: []string{"sa"}, awsConfigSA: "sa", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
+		{configProfiles: []string{"p1", "p2"}, serviceAccounts: []string{"sa"}, awsConfigSA: "sa", expectedProvider: &stscreds.WebIdentityRoleProvider{}},
+		{configProfiles: []string{"p1", "p2"}, serviceAccounts: []string{"sa"}, awsConfigSA: "sa", awsConfigProfile: "p3", expectedProvider: &stscreds.WebIdentityRoleProvider{}},
+	}
+
+	k := test_utils.CreateEnvTestCluster("default")
+	err := k.Start()
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		k.Stop()
+	})
+
+	for i, tc := range testCases {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			configPath := buildConfigPath(t)
+			for _, p := range tc.configProfiles {
+				addProfile(t, configPath, p, p)
+			}
+			if tc.envProfile != "" {
+				t.Setenv("AWS_PROFILE", tc.envProfile)
+			}
+
+			c := k.Client
+			if tc.noK8s {
+				c = nil
+			}
+
+			for _, saName := range tc.serviceAccounts {
+				sa := corev1.ServiceAccount{
+					ObjectMeta: v1.ObjectMeta{
+						Name:      saName,
+						Namespace: "default",
+						Annotations: map[string]string{
+							"eks.amazonaws.com/role-arn": "arn:aws:iam::123456:role/test-role",
+						},
+					},
+				}
+				err := k.Client.Create(context.Background(), &sa)
+				assert.NoError(t, err)
+				t.Cleanup(func() {
+					_ = k.Client.Delete(context.Background(), &sa)
+				})
+			}
+
+			var argProfile *string
+			if tc.argProfile != "" {
+				argProfile = &tc.argProfile
+			}
+
+			var awsConfig types.AwsConfig
+			if tc.awsConfigProfile != "" {
+				awsConfig.Profile = &tc.awsConfigProfile
+			}
+			if tc.awsConfigSA != "" {
+				awsConfig.ServiceAccount = &types.ServiceAccountRef{
+					Name:      tc.awsConfigSA,
+					Namespace: "default",
+				}
+			}
+
+			var sls []string
+			sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
+				sls = append(sls, message)
+			}, false)
+			ctx := status.NewContext(context.Background(), sh)
+
+			cfg, err := LoadAwsConfigHelper(ctx, c, &awsConfig, argProfile)
+			assert.NoError(t, err)
+			assert.IsType(t, cfg.Credentials, &aws.CredentialsCache{})
+
+			cp := cfg.Credentials.(*aws.CredentialsCache)
+			if !cp.IsCredentialsProvider(tc.expectedProvider) {
+				assert.Fail(t, fmt.Sprintf("provider is not the expected one: %s", reflect.TypeOf(tc.expectedProvider).Name()))
+			}
+
+			if tc.expectedKey != "" {
+				creds, err := cp.Retrieve(context.Background())
+				assert.NoError(t, err)
+				assert.Equal(t, tc.expectedKey, creds.AccessKeyID)
+			}
+			if tc.expectedStatusLines != nil {
+				assert.Equal(t, tc.expectedStatusLines, sls)
+			}
+		})
+	}
+}

From 0ff8c105d54acdc871b40cd4e94e12b76ff62a17 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Oct 2023 13:08:49 +0200
Subject: [PATCH 1644/2268] chore(deps): Bump the aws-sdk group with 1 update
 (#821)

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2).

- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.42...config/v1.18.43)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 99d933e6f..37d1d9d0d 100644
--- a/go.mod
+++ b/go.mod
@@ -57,10 +57,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.42
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.40
+	github.com/aws/aws-sdk-go-v2/config v1.18.43
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.41
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
-	github.com/aws/aws-sdk-go-v2/service/sts v1.22.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.0
 	github.com/aws/smithy-go v1.14.2
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -118,7 +118,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index bda66d6bc..8640d4364 100644
--- a/go.sum
+++ b/go.sum
@@ -117,10 +117,10 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.42 h1:28jHROB27xZwU0CB88giDSjz7M1Sba3olb5JBGwina8=
-github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.40 h1:s8yOkDh+5b1jUDhMBtngF6zKWLDs84chUk2Vk0c38Og=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
+github.com/aws/aws-sdk-go-v2/config v1.18.43 h1:IgdUtTRvUDC6eiJBqU6vh7bHFNAEBjQ8S+qJ7zVhDOs=
+github.com/aws/aws-sdk-go-v2/config v1.18.43/go.mod h1:NiFev8qlgg8MPzw3fO/EwzMZeZwlJEKGwfpjRPA9Nvw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.41 h1:dgbKq1tamtboYAKSXWbqL0lKO9rmEzEhbZFh9JQW/Bg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.41/go.mod h1:cc3Fn7DkKbJalPtQnudHGZZ8ml9+hwtbc1CJONsYYqk=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
@@ -135,12 +135,12 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8Zu
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.1 h1:YkNzx1RLS0F5qdf9v1Q8Cuv9NXCL2TkosOxhzlUPV64=
-github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 h1:vuGK1vHNP9zx0PfOrtPumbwR2af0ATQ1Z2H6p75AgRQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.22.0 h1:s4bioTgjSFRwOoyEFzAVCmFmoowBgjTR8gkrF/sQ4wk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.0 h1:pyvfUqkNLMipdKNAtu7OVbRxUrR2BMaKccIPpk/Hkak=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

From 3ab83b1ce5595bd845b6b6bd7acdf62667c03d92 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Oct 2023 13:09:01 +0200
Subject: [PATCH 1645/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#824)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.4 to 10.15.5.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.15.4...v10.15.5)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 37d1d9d0d..43c63074f 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.24.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.2+incompatible
-	github.com/go-playground/validator/v10 v10.15.4
+	github.com/go-playground/validator/v10 v10.15.5
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.16.1
diff --git a/go.sum b/go.sum
index 8640d4364..a22e42f47 100644
--- a/go.sum
+++ b/go.sum
@@ -327,8 +327,8 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.15.4 h1:zMXza4EpOdooxPel5xDqXEdXG5r+WggpvnAKMsalBjs=
-github.com/go-playground/validator/v10 v10.15.4/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
+github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From 8c7f7a0602914465c78069232a9dd88db36de601 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Oct 2023 13:09:21 +0200
Subject: [PATCH 1646/2268] chore(deps): Bump github.com/otiai10/copy from
 1.12.0 to 1.14.0 (#822)

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](https://github.com/otiai10/copy/compare/v1.12.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 43c63074f..db6a91521 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.28.0
-	github.com/otiai10/copy v1.12.0
+	github.com/otiai10/copy v1.14.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
diff --git a/go.sum b/go.sum
index a22e42f47..a09285499 100644
--- a/go.sum
+++ b/go.sum
@@ -655,8 +655,8 @@ github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
-github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY=
-github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww=
+github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
+github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=

From 1c0d5fefdd8710dd730afaccb9ec94570bc0b2b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Oct 2023 14:14:18 +0200
Subject: [PATCH 1647/2268] chore(deps): Bump github.com/docker/distribution
 (#823)

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.2...v2.8.3)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 3 ++-
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index db6a91521..b0732360a 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/bitnami-labs/sealed-secrets v0.24.0
 	github.com/cyphar/filepath-securejoin v0.2.4
-	github.com/docker/distribution v2.8.2+incompatible
+	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -133,6 +133,7 @@ require (
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/cli v24.0.5+incompatible // indirect
 	github.com/docker/docker v24.0.5+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
diff --git a/go.sum b/go.sum
index a09285499..069bf2acf 100644
--- a/go.sum
+++ b/go.sum
@@ -216,12 +216,14 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
 github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
 github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=

From 6b5da71e98d4aa680e3c0563a817b2897d62a019 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 7 Oct 2023 12:59:44 +0200
Subject: [PATCH 1648/2268] chore: Add dependabot group for golang.org/x (#832)

---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8a36170c2..a9e8cd2ae 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,6 +10,9 @@ updates:
     schedule:
       interval: "daily"
     groups:
+      golang-x:
+        patterns:
+          - "golang.org/x/*"
       aws-sdk:
         patterns:
           - "*aws-sdk*"

From 19d2c8f89782c486d475d6b26804258526b4711c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 7 Oct 2023 14:17:04 +0200
Subject: [PATCH 1649/2268] chore(deps): Bump the golang-x group with 4 updates
 (#833)

---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index b0732360a..a754a012c 100644
--- a/go.mod
+++ b/go.mod
@@ -34,11 +34,11 @@ require (
 	github.com/spf13/viper v1.16.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.13.0
-	golang.org/x/net v0.15.0
-	golang.org/x/sync v0.3.0
-	golang.org/x/sys v0.12.0
-	golang.org/x/term v0.12.0 // indirect
+	golang.org/x/crypto v0.14.0
+	golang.org/x/net v0.16.0
+	golang.org/x/sync v0.4.0
+	golang.org/x/sys v0.13.0
+	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0
 	helm.sh/helm/v3 v3.13.0
 	k8s.io/api v0.28.2
@@ -79,7 +79,7 @@ require (
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
-	golang.org/x/oauth2 v0.12.0
+	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832
 	google.golang.org/grpc v1.58.2
 	nhooyr.io/websocket v1.8.7
diff --git a/go.sum b/go.sum
index 069bf2acf..4c292d1c1 100644
--- a/go.sum
+++ b/go.sum
@@ -842,8 +842,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -924,8 +924,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -935,8 +935,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
-golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -950,8 +950,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1010,16 +1010,16 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 2338284bfd5b39df5587be3232213b2f57ef9f04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 8 Oct 2023 08:55:10 +0200
Subject: [PATCH 1650/2268] chore(deps): Bump the aws-sdk group with 3 updates
 (#827)

Bumps the aws-sdk group with 3 updates: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.21.0 to 1.21.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.21.0...v1.21.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.18.43 to 1.18.44
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.43...config/v1.18.44)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.21.3 to 1.21.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.21.3...service/efs/v1.21.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 26 +++++++++++++-------------
 go.sum | 48 ++++++++++++++++++++++++++----------------------
 2 files changed, 39 insertions(+), 35 deletions(-)

diff --git a/go.mod b/go.mod
index a754a012c..635b7dc1a 100644
--- a/go.mod
+++ b/go.mod
@@ -56,12 +56,12 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.43
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.41
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.0
-	github.com/aws/smithy-go v1.14.2
+	github.com/aws/aws-sdk-go-v2 v1.21.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.44
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.42
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.1
+	github.com/aws/smithy-go v1.15.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/getsops/sops/v3 v3.8.0
@@ -112,14 +112,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
diff --git a/go.sum b/go.sum
index 4c292d1c1..8ebddd099 100644
--- a/go.sum
+++ b/go.sum
@@ -115,34 +115,38 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2/config v1.18.43 h1:IgdUtTRvUDC6eiJBqU6vh7bHFNAEBjQ8S+qJ7zVhDOs=
-github.com/aws/aws-sdk-go-v2/config v1.18.43/go.mod h1:NiFev8qlgg8MPzw3fO/EwzMZeZwlJEKGwfpjRPA9Nvw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.41 h1:dgbKq1tamtboYAKSXWbqL0lKO9rmEzEhbZFh9JQW/Bg=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.41/go.mod h1:cc3Fn7DkKbJalPtQnudHGZZ8ml9+hwtbc1CJONsYYqk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
+github.com/aws/aws-sdk-go-v2 v1.21.1 h1:wjHYshtPpYOZm+/mu3NhVgRRc0baM6LJZOmxPZ5Cwzs=
+github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.44 h1:U10NQ3OxiY0dGGozmVIENIDnCT0W432PWxk2VO8wGnY=
+github.com/aws/aws-sdk-go-v2/config v1.18.44/go.mod h1:pHxnQBldd0heEdJmolLBk78D1Bf69YnKLY3LOpFImlU=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.42 h1:KMkjpZqcMOwtRHChVlHdNxTUUAC6NC/b58mRZDIdcRg=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.42/go.mod h1:7ltKclhvEB8305sBhrpls24HGxORl6qgnQqSJ314Uw8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 h1:3j5lrl9kVQrJ1BU4O0z7MQ8sa+UXdiLuo4j0V+odNI8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12/go.mod h1:JbFpcHDBdsex1zpIKuVRorZSQiZEyc3MykNCcjgz174=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 h1:817VqVe6wvwE46xXy6YF5RywvjOX6U2zRQQ6IbQFK0s=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 h1:7ZApaXzWbo8slc+W5TynuUlB4z66g44h7uqa3/d/BsY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 h1:quOJOqlbSfeJTboXLjYXM1M9T52LBXqLoTPlmsKLpBo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44/go.mod h1:LNy+P1+1LiRcCsVYr/4zG5n8zWFL0xsvZkOybjbftm8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 h1:YXlm7LxwNlauqb2OrinWlcvtsflTzP8GaMvYfQBhoT4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36/go.mod h1:ou9ffqJ9hKOVZmjlC6kQ6oROAyG1M4yBKzR+9BKbDwk=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8ZuZr7dXKjyaOw94/Q=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3 h1:H6ZipEknzu7RkJW3w2PP75zd8XOdR35AEY5D57YrJtA=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.3/go.mod h1:5W2cYXDPabUmwULErlC92ffLhtTuyv4ai+5HhdbhfNo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 h1:vuGK1vHNP9zx0PfOrtPumbwR2af0ATQ1Z2H6p75AgRQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.0 h1:pyvfUqkNLMipdKNAtu7OVbRxUrR2BMaKccIPpk/Hkak=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
-github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4 h1:LUtjmUxYPkiFkiVyvLmHVcuthVPnEKd0hEprTOVRTS0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4/go.mod h1:Bph0xA97xjEciochtR3JKrgGHt1psILMtFgu3KAbiBE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 h1:ZN3bxw9OYC5D6umLw6f57rNJfGfhg1DIAAcKpzyUTOE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.1/go.mod h1:PieckvBoT5HtyB9AsJRrYZFY2Z+EyfVM/9zG6gbV8DQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 h1:fSCCJuT5i6ht8TqGdZc5Q5K9pz/atrf7qH4iK5C9XzU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2/go.mod h1:5eNtr+vNc5vVd92q7SJ+U/HszsIdhZBEyi9dkMRKsp8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 h1:ASNYk1ypWAxRhJjKS0jBnTUeDl7HROOpeSMu1xDA/I8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.1/go.mod h1:2cnsAhVT3mqusovc2stUSUrSBGTcX9nh8Tu6xh//2eI=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
 github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

From 1ee77ee78215b596a3927d3d563596abd5b1a88f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 8 Oct 2023 08:55:19 +0200
Subject: [PATCH 1651/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.19.3 to 1.19.4 (#830)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.19.3 to 1.19.4.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.19.3...v1.19.4)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 635b7dc1a..49c8a5fa4 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.19.3
+	github.com/ohler55/ojg v1.19.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 8ebddd099..019fb2729 100644
--- a/go.sum
+++ b/go.sum
@@ -647,8 +647,8 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/ohler55/ojg v1.19.3 h1:rFmEc33aZOvlwb7tibAmwVGEiPfMZkgvurK0YDDr1HI=
-github.com/ohler55/ojg v1.19.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
+github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI=
 github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=

From 3a0f1c1323d7abbc11691f131a3ec09bdd7e4756 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 09:41:04 +0200
Subject: [PATCH 1652/2268] ci: Add azure-sdk group for dependabot (#840)

---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a9e8cd2ae..d9af54b7a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,3 +16,6 @@ updates:
       aws-sdk:
         patterns:
           - "*aws-sdk*"
+      azure-sdk:
+        patterns:
+          - "*azure-sdk*"

From 42367758e3dd68c7eeccbe479e61b41886fd59b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Oct 2023 09:53:37 +0200
Subject: [PATCH 1653/2268] chore(deps): Bump the azure-sdk group with 2
 updates (#841)

Bumps the azure-sdk group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) and [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.7.2 to 1.8.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.7.2...sdk/azcore/v1.8.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.3.1 to 1.4.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.1...sdk/azcore/v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 49c8a5fa4..642f91f85 100644
--- a/go.mod
+++ b/go.mod
@@ -53,8 +53,8 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.11.1
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.21.1
 	github.com/aws/aws-sdk-go-v2/config v1.18.44
diff --git a/go.sum b/go.sum
index 019fb2729..c3dac6e59 100644
--- a/go.sum
+++ b/go.sum
@@ -54,10 +54,10 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2 h1:t5+QXLCK9SVi0PPdaY0PrFvYUo24KwA0QwxnaHRSVd4=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.2/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=

From 08d3f71f36201b69f06d1c1ec2e7034c2c070739 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Oct 2023 09:55:12 +0200
Subject: [PATCH 1654/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#835)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 642f91f85..94b0b50b0 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.24.0
+	github.com/bitnami-labs/sealed-secrets v0.24.1
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
diff --git a/go.sum b/go.sum
index c3dac6e59..c8179704f 100644
--- a/go.sum
+++ b/go.sum
@@ -155,8 +155,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.24.0 h1:LmgvZ408PLStPpCDVnp8J0HEeXCVS/T0owKXUbyWF8A=
-github.com/bitnami-labs/sealed-secrets v0.24.0/go.mod h1:opL4DB1wOQd6dAfmS3lbLxwuqoHYBJHqo5VBxQGXTr4=
+github.com/bitnami-labs/sealed-secrets v0.24.1 h1:kLpbxduT/G8pRZdPYzYP2Crg1CbJanIxydqHBcMu/rk=
+github.com/bitnami-labs/sealed-secrets v0.24.1/go.mod h1:UUGrYtR+xHNZAKgu/bGbSyvSVontCAyaRQOX3RZ9ltY=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -649,8 +649,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
 github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo/v2 v2.12.0 h1:UIVDowFPwpg6yMUpPjGkYvf06K3RAiJXUhCxEwQVHRI=
-github.com/onsi/ginkgo/v2 v2.12.0/go.mod h1:ZNEzXISYlqpb8S36iN71ifqLi3vVD1rVJGvWRCJOUpQ=
+github.com/onsi/ginkgo/v2 v2.12.1 h1:uHNEO1RP2SpuZApSkel9nEh1/Mu+hmQe7Q+Pepg5OYA=
+github.com/onsi/ginkgo/v2 v2.12.1/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
 github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 2686e87e70deaeeb5f0e274108976325ffd47ff2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Oct 2023 10:36:04 +0200
Subject: [PATCH 1655/2268] chore(deps): Bump github.com/spf13/viper from
 1.16.0 to 1.17.0 (#836)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 29 +++++++++++++-------------
 go.sum | 66 ++++++++++++++++++++++++++++------------------------------
 2 files changed, 47 insertions(+), 48 deletions(-)

diff --git a/go.mod b/go.mod
index 94b0b50b0..741a10ab6 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.16.0
+	github.com/spf13/viper v1.17.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.14.0
@@ -80,7 +80,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.13.0
-	google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832
+	google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb
 	google.golang.org/grpc v1.58.2
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
@@ -132,7 +132,7 @@ require (
 	github.com/containerd/containerd v1.7.6 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/cli v24.0.5+incompatible // indirect
 	github.com/docker/docker v24.0.5+incompatible // indirect
@@ -173,7 +173,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
@@ -183,7 +183,6 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.4.0 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
@@ -196,7 +195,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
@@ -222,11 +221,11 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.11.1 // indirect
@@ -234,11 +233,13 @@ require (
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.2.0 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.6 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
@@ -258,15 +259,15 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
-	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.141.0 // indirect
+	google.golang.org/api v0.143.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index c8179704f..92761766a 100644
--- a/go.sum
+++ b/go.sum
@@ -214,8 +214,9 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
@@ -261,7 +262,6 @@ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
@@ -448,8 +448,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -480,8 +480,8 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I=
-github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
@@ -542,8 +542,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
-github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
+github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
@@ -590,13 +590,10 @@ github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kN
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -665,8 +662,8 @@ github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
-github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -680,8 +677,9 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
@@ -719,6 +717,10 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
+github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
+github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -730,19 +732,19 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
-github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
-github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
+github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
 github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
-github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
+github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
+github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -755,7 +757,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
@@ -858,8 +859,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
-golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1002,9 +1003,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1121,8 +1119,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.141.0 h1:Df6vfMgDoIM6ss0m7H4MPwFwY87WNXHfBIda/Bmfl4E=
-google.golang.org/api v0.141.0/go.mod h1:iZqLkdPlXKyG0b90eu6KxVSE4D/ccRF2e/doKD2CnQQ=
+google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA=
+google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1167,12 +1165,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832 h1:/30npZKtUjXqju7ZA2MsvpkGKD4mQFtf+zPnZasABjg=
-google.golang.org/genproto v0.0.0-20230911183012-2d3300fd4832/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
-google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
-google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb h1:Isk1sSH7bovx8Rti2wZK0UZF6oraBDK74uoyLEEVFN0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA=
+google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
+google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI=
+google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

From 302cdc701d2bae86e4a2e2d8daf95d4c1736ed7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Oct 2023 22:39:13 +0200
Subject: [PATCH 1656/2268] chore(deps): Bump github.com/getsops/sops/v3 from
 3.8.0 to 3.8.1 (#842)

Bumps [github.com/getsops/sops/v3](https://github.com/getsops/sops) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/getsops/sops/releases)
- [Changelog](https://github.com/getsops/sops/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/getsops/sops/compare/v3.8.0...v3.8.1)

---
updated-dependencies:
- dependency-name: github.com/getsops/sops/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 20 ++++++++++----------
 go.sum | 47 ++++++++++++++++++++++-------------------------
 2 files changed, 32 insertions(+), 35 deletions(-)

diff --git a/go.mod b/go.mod
index 741a10ab6..5f560a9ed 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.14.0
-	golang.org/x/net v0.16.0
+	golang.org/x/net v0.17.0
 	golang.org/x/sync v0.4.0
 	golang.org/x/sys v0.13.0
 	golang.org/x/term v0.13.0 // indirect
@@ -64,7 +64,7 @@ require (
 	github.com/aws/smithy-go v1.15.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/getsops/sops/v3 v3.8.0
+	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.9.0
@@ -80,8 +80,8 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.10
 	golang.org/x/oauth2 v0.13.0
-	google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb
-	google.golang.org/grpc v1.58.2
+	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
+	google.golang.org/grpc v1.58.3
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
@@ -109,7 +109,7 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
@@ -117,7 +117,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -169,7 +169,7 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -264,10 +264,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.143.0 // indirect
+	google.golang.org/api v0.146.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 92761766a..6725b9690 100644
--- a/go.sum
+++ b/go.sum
@@ -17,8 +17,8 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o=
-cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI=
+cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
+cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -98,8 +98,8 @@ github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTB
 github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -115,7 +115,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
 github.com/aws/aws-sdk-go-v2 v1.21.1 h1:wjHYshtPpYOZm+/mu3NhVgRRc0baM6LJZOmxPZ5Cwzs=
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2/config v1.18.44 h1:U10NQ3OxiY0dGGozmVIENIDnCT0W432PWxk2VO8wGnY=
@@ -124,18 +123,16 @@ github.com/aws/aws-sdk-go-v2/credentials v1.13.42 h1:KMkjpZqcMOwtRHChVlHdNxTUUAC
 github.com/aws/aws-sdk-go-v2/credentials v1.13.42/go.mod h1:7ltKclhvEB8305sBhrpls24HGxORl6qgnQqSJ314Uw8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 h1:3j5lrl9kVQrJ1BU4O0z7MQ8sa+UXdiLuo4j0V+odNI8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12/go.mod h1:JbFpcHDBdsex1zpIKuVRorZSQiZEyc3MykNCcjgz174=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 h1:817VqVe6wvwE46xXy6YF5RywvjOX6U2zRQQ6IbQFK0s=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 h1:7ZApaXzWbo8slc+W5TynuUlB4z66g44h7uqa3/d/BsY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 h1:quOJOqlbSfeJTboXLjYXM1M9T52LBXqLoTPlmsKLpBo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44/go.mod h1:LNy+P1+1LiRcCsVYr/4zG5n8zWFL0xsvZkOybjbftm8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 h1:YXlm7LxwNlauqb2OrinWlcvtsflTzP8GaMvYfQBhoT4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36/go.mod h1:ou9ffqJ9hKOVZmjlC6kQ6oROAyG1M4yBKzR+9BKbDwk=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8ZuZr7dXKjyaOw94/Q=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4 h1:LUtjmUxYPkiFkiVyvLmHVcuthVPnEKd0hEprTOVRTS0=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4/go.mod h1:Bph0xA97xjEciochtR3JKrgGHt1psILMtFgu3KAbiBE=
 github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 h1:ZN3bxw9OYC5D6umLw6f57rNJfGfhg1DIAAcKpzyUTOE=
@@ -144,7 +141,6 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 h1:fSCCJuT5i6ht8TqGdZc5Q5K9
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2/go.mod h1:5eNtr+vNc5vVd92q7SJ+U/HszsIdhZBEyi9dkMRKsp8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 h1:ASNYk1ypWAxRhJjKS0jBnTUeDl7HROOpeSMu1xDA/I8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.23.1/go.mod h1:2cnsAhVT3mqusovc2stUSUrSBGTcX9nh8Tu6xh//2eI=
-github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
@@ -276,8 +272,8 @@ github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/FlgqECyS5ywq8cSN9j1fwZg6uyZ7G0B0=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
-github.com/getsops/sops/v3 v3.8.0 h1:jMbaxVKxGDGp36DejvXvqWDh2vRJmUSDHKWNcHNYfZE=
-github.com/getsops/sops/v3 v3.8.0/go.mod h1:1t7vEMUbtBzLfhKQXHYQg7TYOAcBLLZNHGuAV6EJtz0=
+github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
+github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -415,8 +411,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
 github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -929,8 +926,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
-golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1119,8 +1116,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA=
-google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk=
+google.golang.org/api v0.146.0 h1:9aBYT4vQXt9dhCuLNfwfd3zpwu8atg0yPkjBymwSrOM=
+google.golang.org/api v0.146.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1165,12 +1162,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA=
-google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
-google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI=
-google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
+google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 h1:U7+wNaVuSTaUqNvK2+osJ9ejEZxbjHHk8F2b6Hpx0AE=
+google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1187,8 +1184,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I=
-google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
+google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 8c3cec570bd0dd462f067710b7fc7dfc3025557d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:03:17 +0200
Subject: [PATCH 1657/2268] chore(deps): Bump the aws-sdk group with 3 updates
 (#844)

* chore(deps): Bump the aws-sdk group with 3 updates

Bumps the aws-sdk group with 3 updates: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.21.1 to 1.21.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.21.1...v1.21.2)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.18.44 to 1.18.45
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.44...config/v1.18.45)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.21.4 to 1.21.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.21.4...service/efs/v1.21.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Fix LoadAwsConfigHelper to work with latest aws-sdk version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 go.mod                            | 24 ++++++++---------
 go.sum                            | 45 ++++++++++++++++---------------
 pkg/clouds/aws/aws_config.go      |  8 +++++-
 pkg/clouds/aws/aws_config_test.go |  4 +--
 4 files changed, 45 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index 5f560a9ed..71081b8bc 100644
--- a/go.mod
+++ b/go.mod
@@ -56,11 +56,11 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.21.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.44
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.42
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.1
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/aws/aws-sdk-go-v2/config v1.18.45
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 	github.com/aws/smithy-go v1.15.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -112,14 +112,14 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
diff --git a/go.sum b/go.sum
index 6725b9690..c6cbe1414 100644
--- a/go.sum
+++ b/go.sum
@@ -115,32 +115,35 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.21.1 h1:wjHYshtPpYOZm+/mu3NhVgRRc0baM6LJZOmxPZ5Cwzs=
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.18.44 h1:U10NQ3OxiY0dGGozmVIENIDnCT0W432PWxk2VO8wGnY=
-github.com/aws/aws-sdk-go-v2/config v1.18.44/go.mod h1:pHxnQBldd0heEdJmolLBk78D1Bf69YnKLY3LOpFImlU=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.42 h1:KMkjpZqcMOwtRHChVlHdNxTUUAC6NC/b58mRZDIdcRg=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.42/go.mod h1:7ltKclhvEB8305sBhrpls24HGxORl6qgnQqSJ314Uw8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 h1:3j5lrl9kVQrJ1BU4O0z7MQ8sa+UXdiLuo4j0V+odNI8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12/go.mod h1:JbFpcHDBdsex1zpIKuVRorZSQiZEyc3MykNCcjgz174=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 h1:817VqVe6wvwE46xXy6YF5RywvjOX6U2zRQQ6IbQFK0s=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 h1:7ZApaXzWbo8slc+W5TynuUlB4z66g44h7uqa3/d/BsY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 h1:quOJOqlbSfeJTboXLjYXM1M9T52LBXqLoTPlmsKLpBo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44/go.mod h1:LNy+P1+1LiRcCsVYr/4zG5n8zWFL0xsvZkOybjbftm8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 h1:YXlm7LxwNlauqb2OrinWlcvtsflTzP8GaMvYfQBhoT4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36/go.mod h1:ou9ffqJ9hKOVZmjlC6kQ6oROAyG1M4yBKzR+9BKbDwk=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4 h1:LUtjmUxYPkiFkiVyvLmHVcuthVPnEKd0hEprTOVRTS0=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4/go.mod h1:Bph0xA97xjEciochtR3JKrgGHt1psILMtFgu3KAbiBE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 h1:ZN3bxw9OYC5D6umLw6f57rNJfGfhg1DIAAcKpzyUTOE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.1/go.mod h1:PieckvBoT5HtyB9AsJRrYZFY2Z+EyfVM/9zG6gbV8DQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 h1:fSCCJuT5i6ht8TqGdZc5Q5K9pz/atrf7qH4iK5C9XzU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2/go.mod h1:5eNtr+vNc5vVd92q7SJ+U/HszsIdhZBEyi9dkMRKsp8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.1 h1:ASNYk1ypWAxRhJjKS0jBnTUeDl7HROOpeSMu1xDA/I8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.1/go.mod h1:2cnsAhVT3mqusovc2stUSUrSBGTcX9nh8Tu6xh//2eI=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5 h1:BvRGAAdEHo+0tpyOlKV14Z49O/iyhqiddIntd0KQ3EA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5/go.mod h1:A108ijf0IFtqhYApU+Gia80aPSAUfi9dItm+h5fWGJE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
 github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
diff --git a/pkg/clouds/aws/aws_config.go b/pkg/clouds/aws/aws_config.go
index 6e46455d2..7bad34f82 100644
--- a/pkg/clouds/aws/aws_config.go
+++ b/pkg/clouds/aws/aws_config.go
@@ -32,7 +32,13 @@ func LoadAwsConfigHelper(ctx context.Context, c client.Client, awsConfig *types.
 		return aws.Config{}, err
 	}
 	if isConfiguredViaEnv(envCfg) {
-		return config.LoadDefaultConfig(context.Background(), optFnsIn...)
+		cfg, err := config.LoadDefaultConfig(context.Background(), optFnsIn...)
+		if err == nil {
+			return cfg, err
+		}
+		if _, ok := err.(config.SharedConfigProfileNotExistError); !ok {
+			return aws.Config{}, nil
+		}
 	}
 
 	var configOpts []func(*config.LoadOptions) error
diff --git a/pkg/clouds/aws/aws_config_test.go b/pkg/clouds/aws/aws_config_test.go
index d571e38e5..807f4f9a7 100644
--- a/pkg/clouds/aws/aws_config_test.go
+++ b/pkg/clouds/aws/aws_config_test.go
@@ -82,7 +82,7 @@ func TestAwsConfig(t *testing.T) {
 		{configProfiles: []string{"p1", "p2"}, envProfile: "p1", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
 		{configProfiles: []string{"p1", "p2"}, envProfile: "p1", awsConfigProfile: "p2", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
 		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
-		{configProfiles: []string{"p1", "p2"}, envProfile: "p3", awsConfigProfile: "p1", expectedProvider: &ec2rolecreds.Provider{}},
+		{configProfiles: []string{"p1", "p2"}, envProfile: "p3", awsConfigProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
 		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p3", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
 		{configProfiles: []string{"p1", "p2"}, envProfile: "p2", awsConfigProfile: "p3", argProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p2"},
 		{configProfiles: []string{"p1", "p2"}, awsConfigProfile: "p3", argProfile: "p1", expectedProvider: &credentials.StaticCredentialsProvider{}, expectedKey: "p1"},
@@ -161,7 +161,7 @@ func TestAwsConfig(t *testing.T) {
 
 			cfg, err := LoadAwsConfigHelper(ctx, c, &awsConfig, argProfile)
 			assert.NoError(t, err)
-			assert.IsType(t, cfg.Credentials, &aws.CredentialsCache{})
+			assert.IsType(t, &aws.CredentialsCache{}, cfg.Credentials)
 
 			cp := cfg.Credentials.(*aws.CredentialsCache)
 			if !cp.IsCredentialsProvider(tc.expectedProvider) {

From e2e4d56c1202805be7c2b931f02861ad5618d8cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:05:08 +0200
Subject: [PATCH 1658/2268] chore(deps): Bump cloud.google.com/go/secretmanager
 (#848)

Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.11.1...bigquery/v1.11.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 71081b8bc..074cbb4fb 100644
--- a/go.mod
+++ b/go.mod
@@ -51,7 +51,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/secretmanager v1.11.1
+	cloud.google.com/go/secretmanager v1.11.2
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
diff --git a/go.sum b/go.sum
index c6cbe1414..e5dd015ff 100644
--- a/go.sum
+++ b/go.sum
@@ -39,8 +39,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/secretmanager v1.11.1 h1:cLTCwAjFh9fKvU6F13Y4L9vPcx9yiWPyWXE4+zkuEQs=
-cloud.google.com/go/secretmanager v1.11.1/go.mod h1:znq9JlXgTNdBeQk9TBW/FnR/W4uChEKGeqQWAJ8SXFw=
+cloud.google.com/go/secretmanager v1.11.2 h1:52Z78hH8NBWIqbvIG0wi0EoTaAmSx99KIOAmDXIlX0M=
+cloud.google.com/go/secretmanager v1.11.2/go.mod h1:MQm4t3deoSub7+WNwiC4/tRYgDBHJgJPvswqQVB1Vss=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=

From af14bcbd5a8bf386c35ae335fd9d2c6611b7ea34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:26:49 +0200
Subject: [PATCH 1659/2268] chore(deps): Bump helm.sh/helm/v3 from 3.13.0 to
 3.13.1 (#845)

* chore(deps): Bump helm.sh/helm/v3 from 3.13.0 to 3.13.1

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.13.0 to 3.13.1.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.13.0...v3.13.1)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Remove replace for github.com/docker/docker

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 go.mod | 14 +++++---------
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/go.mod b/go.mod
index 074cbb4fb..e04b0234c 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	golang.org/x/sys v0.13.0
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0
-	helm.sh/helm/v3 v3.13.0
+	helm.sh/helm/v3 v3.13.1
 	k8s.io/api v0.28.2
 	k8s.io/apiextensions-apiserver v0.28.2
 	k8s.io/apimachinery v0.28.2
@@ -134,8 +134,8 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.5+incompatible // indirect
-	github.com/docker/docker v24.0.5+incompatible // indirect
+	github.com/docker/cli v24.0.6+incompatible // indirect
+	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
@@ -219,7 +219,7 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
@@ -280,10 +280,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
 	k8s.io/kubectl v0.28.2 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
-	oras.land/oras-go v1.2.3 // indirect
+	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
-
-// this is needed due to incompatibilities between oras-go (comes through helm) and docker/docker/registry
-// remove this when https://github.com/helm/helm/pull/12310 gets released
-replace github.com/docker/docker => github.com/docker/docker v23.0.6+incompatible
diff --git a/go.sum b/go.sum
index e5dd015ff..10b92c027 100644
--- a/go.sum
+++ b/go.sum
@@ -224,12 +224,12 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
-github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
-github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY=
+github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.6+incompatible h1:aBD4np894vatVX99UTx/GyOUOK4uEcROwA3+bQhEcoU=
-github.com/docker/docker v23.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE=
+github.com/docker/docker v24.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -652,8 +652,8 @@ github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
 github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
-github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
+github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
@@ -1227,8 +1227,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.13.0 h1:XPJKIU30K4JTQ6VX/6e0hFAmEIonYa8E7wx5aqv4xOc=
-helm.sh/helm/v3 v3.13.0/go.mod h1:2PBEKsMWKLVZTojUOqMS3Eadv5mP43FBWrRgLNkNm9Y=
+helm.sh/helm/v3 v3.13.1 h1:DG+XLGzBJeZvMLlMbm6bPDLV1dGaVW9eZsDoUd1/LM0=
+helm.sh/helm/v3 v3.13.1/go.mod h1:TdQRMiq46CSWcc68Hb0uVhvAWusaN90YwAV54cz6JzU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1261,8 +1261,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY=
-oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg=
+oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
+oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=

From 0f95d4b021385aa88f550e60cb85119828958701 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:27:00 +0200
Subject: [PATCH 1660/2268] chore(deps): Bump the aws-sdk group with 1 update
 (#849)

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2).

- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.19.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.45...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e04b0234c..d94c4c9a1 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.21.2
-	github.com/aws/aws-sdk-go-v2/config v1.18.45
+	github.com/aws/aws-sdk-go-v2/config v1.19.0
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
diff --git a/go.sum b/go.sum
index 10b92c027..5696f2c80 100644
--- a/go.sum
+++ b/go.sum
@@ -118,8 +118,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
 github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
-github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/config v1.19.0 h1:AdzDvwH6dWuVARCl3RTLGRc4Ogy+N7yLFxVxXe1ClQ0=
+github.com/aws/aws-sdk-go-v2/config v1.19.0/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=

From 29cb6f326dbb1a5daf9b25a6a34d14a105748bbc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:27:18 +0200
Subject: [PATCH 1661/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#850)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.24.1 to 0.24.2.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.24.1...v0.24.2)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index d94c4c9a1..72918204b 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.24.1
+	github.com/bitnami-labs/sealed-secrets v0.24.2
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
diff --git a/go.sum b/go.sum
index 5696f2c80..977387799 100644
--- a/go.sum
+++ b/go.sum
@@ -154,8 +154,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bitnami-labs/sealed-secrets v0.24.1 h1:kLpbxduT/G8pRZdPYzYP2Crg1CbJanIxydqHBcMu/rk=
-github.com/bitnami-labs/sealed-secrets v0.24.1/go.mod h1:UUGrYtR+xHNZAKgu/bGbSyvSVontCAyaRQOX3RZ9ltY=
+github.com/bitnami-labs/sealed-secrets v0.24.2 h1:6RELDjQk+1WvrgkOJX9Y3aRyMBda3JWKuP7Qoi7Ee2M=
+github.com/bitnami-labs/sealed-secrets v0.24.2/go.mod h1:uQUgGnyOmGPUb6tCMRdhOKKHo2xJGwoxSqDYaWZZ+Hc=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -646,8 +646,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
 github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo/v2 v2.12.1 h1:uHNEO1RP2SpuZApSkel9nEh1/Mu+hmQe7Q+Pepg5OYA=
-github.com/onsi/ginkgo/v2 v2.12.1/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
+github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
 github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 60dfa55c97a1451fe533621c1411b20b141af8b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 00:27:32 +0200
Subject: [PATCH 1662/2268] chore(deps): Bump
 github.com/tkrajina/typescriptify-golang-structs (#851)

Bumps [github.com/tkrajina/typescriptify-golang-structs](https://github.com/tkrajina/typescriptify-golang-structs) from 0.1.10 to 0.1.11.
- [Changelog](https://github.com/tkrajina/typescriptify-golang-structs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tkrajina/typescriptify-golang-structs/compare/v0.1.10...v0.1.11)

---
updated-dependencies:
- dependency-name: github.com/tkrajina/typescriptify-golang-structs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 72918204b..575b19171 100644
--- a/go.mod
+++ b/go.mod
@@ -78,7 +78,7 @@ require (
 	github.com/otiai10/copy v1.14.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
-	github.com/tkrajina/typescriptify-golang-structs v0.1.10
+	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
 	google.golang.org/grpc v1.58.3
diff --git a/go.sum b/go.sum
index 977387799..c1bb5006a 100644
--- a/go.sum
+++ b/go.sum
@@ -767,8 +767,8 @@ github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSW
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/go-reflector v0.5.6 h1:hKQ0gyocG7vgMD2M3dRlYN6WBBOmdoOzJ6njQSepKdE=
 github.com/tkrajina/go-reflector v0.5.6/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
-github.com/tkrajina/typescriptify-golang-structs v0.1.10 h1:W/Ta9Kqo2lV+7bVXuQoUhZ0bDlnjwtPpKsy3A9M1nYg=
-github.com/tkrajina/typescriptify-golang-structs v0.1.10/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
+github.com/tkrajina/typescriptify-golang-structs v0.1.11 h1:zEIVczF/iWgs4eTY7NQqbBe23OVlFVk9sWLX/FDYi4Q=
+github.com/tkrajina/typescriptify-golang-structs v0.1.11/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=

From 636b91cb419cc4f28a00d8d64719c91e66ee0c67 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 16:17:35 +0200
Subject: [PATCH 1663/2268] refactor: Rename cache.go to git_cache.go and fix
 typo

---
 pkg/repocache/{cache.go => git_cache.go} | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 rename pkg/repocache/{cache.go => git_cache.go} (97%)

diff --git a/pkg/repocache/cache.go b/pkg/repocache/git_cache.go
similarity index 97%
rename from pkg/repocache/cache.go
rename to pkg/repocache/git_cache.go
index c7e26690c..4fde6ae29 100644
--- a/pkg/repocache/cache.go
+++ b/pkg/repocache/git_cache.go
@@ -32,8 +32,8 @@ type GitRepoCache struct {
 
 	repoOverrides []RepoOverride
 
-	cleanupDirs       []string
-	cleeanupDirsMutex sync.Mutex
+	cleanupDirs      []string
+	cleanupDirsMutex sync.Mutex
 }
 
 type CacheEntry struct {
@@ -78,8 +78,8 @@ func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProvide
 }
 
 func (rp *GitRepoCache) Clear() {
-	rp.cleeanupDirsMutex.Lock()
-	defer rp.cleeanupDirsMutex.Unlock()
+	rp.cleanupDirsMutex.Lock()
+	defer rp.cleanupDirsMutex.Unlock()
 
 	for _, p := range rp.cleanupDirs {
 		_ = os.RemoveAll(p)
@@ -289,9 +289,9 @@ func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo,
 		return "", git.CheckoutInfo{}, err
 	}
 
-	e.rp.cleeanupDirsMutex.Lock()
+	e.rp.cleanupDirsMutex.Lock()
 	e.rp.cleanupDirs = append(e.rp.cleanupDirs, p)
-	e.rp.cleeanupDirsMutex.Unlock()
+	e.rp.cleanupDirsMutex.Unlock()
 
 	if e.mr == nil { // local override exist
 		err = cp.Copy(e.overridePath, p)

From f47728df0b5fcc2a64cef8f08df94ee2409f4d96 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 16:23:49 +0200
Subject: [PATCH 1664/2268] refactor: Rename CacheEntry to GitCacheEntry

---
 pkg/repocache/git_cache.go | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 4fde6ae29..00b2c35eb 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -27,7 +27,7 @@ type GitRepoCache struct {
 	sshPool        *ssh_pool.SshPool
 	updateInterval time.Duration
 
-	repos      map[types.GitRepoKey]*CacheEntry
+	repos      map[types.GitRepoKey]*GitCacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides []RepoOverride
@@ -36,7 +36,7 @@ type GitRepoCache struct {
 	cleanupDirsMutex sync.Mutex
 }
 
-type CacheEntry struct {
+type GitCacheEntry struct {
 	rp         *GitRepoCache
 	url        types.GitUrl
 	mr         *git.MirroredGitRepo
@@ -72,7 +72,7 @@ func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProvide
 		sshPool:        sshPool,
 		authProviders:  authProviders,
 		updateInterval: updateInterval,
-		repos:          map[types.GitRepoKey]*CacheEntry{},
+		repos:          map[types.GitRepoKey]*GitCacheEntry{},
 		repoOverrides:  repoOverrides,
 	}
 }
@@ -87,7 +87,7 @@ func (rp *GitRepoCache) Clear() {
 	rp.cleanupDirs = nil
 }
 
-func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
+func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 	rp.reposMutex.Lock()
 	defer rp.reposMutex.Unlock()
 
@@ -126,7 +126,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 
 		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
 
-		e := &CacheEntry{
+		e := &GitCacheEntry{
 			rp:           rp,
 			url:          url,
 			mr:           nil, // mark as overridden
@@ -143,7 +143,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 		if err != nil {
 			return nil, err
 		}
-		e = &CacheEntry{
+		e = &GitCacheEntry{
 			rp:         rp,
 			url:        url,
 			mr:         mr,
@@ -158,7 +158,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*CacheEntry, error) {
 	return e, nil
 }
 
-func (e *CacheEntry) Update() error {
+func (e *GitCacheEntry) Update() error {
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 
@@ -207,7 +207,7 @@ func (e *CacheEntry) Update() error {
 	return nil
 }
 
-func (e *CacheEntry) GetRepoInfo() RepoInfo {
+func (e *GitCacheEntry) GetRepoInfo() RepoInfo {
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 
@@ -220,7 +220,7 @@ func (e *CacheEntry) GetRepoInfo() RepoInfo {
 	return info
 }
 
-func (e *CacheEntry) findCommit(ref string) (string, string, error) {
+func (e *GitCacheEntry) findCommit(ref string) (string, string, error) {
 	ref, objectHash, err := e.findRef(ref)
 	if err != nil {
 		return "", "", err
@@ -241,7 +241,7 @@ func (e *CacheEntry) findCommit(ref string) (string, string, error) {
 	}
 }
 
-func (e *CacheEntry) findRef(ref string) (string, string, error) {
+func (e *GitCacheEntry) findRef(ref string) (string, string, error) {
 	switch {
 	case strings.HasPrefix(ref, "refs/heads"), strings.HasPrefix(ref, "refs/tags"):
 		c, ok := e.refs[ref]
@@ -265,7 +265,7 @@ func (e *CacheEntry) findRef(ref string) (string, string, error) {
 	}
 }
 
-func (e *CacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo, error) {
+func (e *GitCacheEntry) GetClonedDir(ref *types.GitRef) (string, git.CheckoutInfo, error) {
 	e.updateMutex.Lock()
 	defer e.updateMutex.Unlock()
 

From 116f4dbbfba37595695f91cfc6d8303ce15a0244 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 16:24:14 +0200
Subject: [PATCH 1665/2268] chore: Remove unused code

---
 pkg/types/git_project.go           | 15 ---------------
 pkg/types/zz_generated.deepcopy.go | 25 -------------------------
 2 files changed, 40 deletions(-)

diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 2a0c95b8f..07678bef4 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -133,21 +133,6 @@ func ValidateGitProject(sl validator.StructLevel) {
 	}
 }
 
-type ExternalProject struct {
-	Project *GitProject `json:"project,omitempty"`
-	Path    *string     `json:"path,omitempty"`
-}
-
-func ValidateExternalProject(sl validator.StructLevel) {
-	p := sl.Current().Interface().(ExternalProject)
-	if p.Project == nil && p.Path == nil {
-		sl.ReportError(p, ".", ".", "either project or path must be set", "")
-	} else if p.Project != nil && p.Path != nil {
-		sl.ReportError(p, ".", ".", "only one of project or path can be set", "")
-	}
-}
-
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
-	yaml.Validator.RegisterStructValidation(ValidateExternalProject, ExternalProject{})
 }
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index af7b08d45..63621a3c5 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -245,31 +245,6 @@ func (in *DeploymentProjectConfig) DeepCopy() *DeploymentProjectConfig {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExternalProject) DeepCopyInto(out *ExternalProject) {
-	*out = *in
-	if in.Project != nil {
-		in, out := &in.Project, &out.Project
-		*out = new(GitProject)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.Path != nil {
-		in, out := &in.Path, &out.Path
-		*out = new(string)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProject.
-func (in *ExternalProject) DeepCopy() *ExternalProject {
-	if in == nil {
-		return nil
-	}
-	out := new(ExternalProject)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FixedImage) DeepCopyInto(out *FixedImage) {
 	*out = *in

From 829021d37a8a475ca4a32ccafde439748145b564 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 16:35:53 +0200
Subject: [PATCH 1666/2268] refactor: Move out repo override logic into own
 function

---
 pkg/repocache/git_cache.go | 37 ++++++--------------------------
 pkg/repocache/utils.go     | 44 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 31 deletions(-)
 create mode 100644 pkg/repocache/utils.go

diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 00b2c35eb..d3155c337 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -91,39 +91,14 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 	rp.reposMutex.Lock()
 	defer rp.reposMutex.Unlock()
 
-	urlN := url.Normalize()
 	repoKey := url.RepoKey()
 
-	// evaluate overrides
-	for _, ro := range rp.repoOverrides {
-		if ro.RepoKey.Host != urlN.Host {
-			continue
-		}
-
-		var overridePath string
-		if ro.IsGroup {
-			prefix := "/" + ro.RepoKey.Path + "/"
-			if !strings.HasPrefix(urlN.Path, prefix) {
-				continue
-			}
-			relPath := strings.TrimPrefix(urlN.Path, prefix)
-			overridePath = path.Join(ro.Override, relPath)
-		} else {
-			if "/"+ro.RepoKey.Path != urlN.Path {
-				continue
-			}
-			overridePath = ro.Override
-		}
-
-		if st, err := os.Stat(overridePath); err != nil {
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, fmt.Errorf("can not override repo %s with %s: %w", url.String(), overridePath, err)
-		} else if !st.IsDir() {
-			return nil, fmt.Errorf("can not override repo %s. %s is not a directory", url.String(), overridePath)
-		}
+	overridePath, err := findRepoOverride(rp.repoOverrides, repoKey)
+	if err != nil {
+		return nil, err
+	}
 
+	if overridePath != "" {
 		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
 
 		e := &GitCacheEntry{
@@ -151,7 +126,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 		}
 		rp.repos[repoKey] = e
 	}
-	err := e.Update()
+	err = e.Update()
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/repocache/utils.go b/pkg/repocache/utils.go
new file mode 100644
index 000000000..ddc445bdf
--- /dev/null
+++ b/pkg/repocache/utils.go
@@ -0,0 +1,44 @@
+package repocache
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"os"
+	"path"
+	"strings"
+)
+
+func findRepoOverride(repoOverrides []RepoOverride, repoKey types.GitRepoKey) (string, error) {
+	for _, ro := range repoOverrides {
+		if ro.RepoKey.Host != repoKey.Host {
+			continue
+		}
+
+		var overridePath string
+		if ro.IsGroup {
+			prefix := "/" + ro.RepoKey.Path + "/"
+			if !strings.HasPrefix(repoKey.Path, prefix) {
+				continue
+			}
+			relPath := strings.TrimPrefix(repoKey.Path, prefix)
+			overridePath = path.Join(ro.Override, relPath)
+		} else {
+			if "/"+ro.RepoKey.Path != repoKey.Path {
+				continue
+			}
+			overridePath = ro.Override
+		}
+
+		if st, err := os.Stat(overridePath); err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
+		} else if !st.IsDir() {
+			return "", fmt.Errorf("can not override repo %s. %s is not a directory", repoKey.String(), overridePath)
+		}
+
+		return overridePath, nil
+	}
+	return "", nil
+}

From 4b4600deef1bf7d60d875f81416368ef5f0d60c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 00:28:33 +0200
Subject: [PATCH 1667/2268] feat: Add OCI include support

# Conflicts:
#	go.mod
#	go.sum
---
 cmd/kluctl/commands/utils.go                  |  10 +-
 go.mod                                        |   1 +
 go.sum                                        |   2 +
 pkg/controllers/kluctl_project.go             |  21 +-
 .../kluctldeployment_controller_source.go     |  34 ++-
 pkg/deployment/deployment_collection.go       |   2 +-
 pkg/deployment/deployment_project.go          |  15 +-
 pkg/deployment/shared_context.go              |   3 +-
 pkg/kluctl_project/load.go                    |   3 +-
 pkg/kluctl_project/project.go                 |   5 +-
 pkg/kluctl_project/project_load.go            |   3 +-
 pkg/kluctl_project/target_context.go          |   5 +-
 pkg/repocache/oci_cache.go                    | 191 ++++++++++++++
 pkg/tar/LICENSE                               |  27 ++
 pkg/tar/symlink_test.go                       | 128 +++++++++
 pkg/tar/tar.go                                | 231 +++++++++++++++++
 pkg/tar/tar_opts.go                           |  41 +++
 pkg/tar/tar_test.go                           | 245 ++++++++++++++++++
 pkg/types/deployment.go                       |   6 +-
 pkg/types/git_url.go                          |  15 +-
 pkg/types/oci_project.go                      |  33 +++
 pkg/types/zz_generated.deepcopy.go            |  40 +++
 pkg/webui/ui/src/api.tsx                      |  16 +-
 .../nodes/DeploymentItemIncludeNode.tsx       |  17 +-
 .../command-result/nodes/NodeBuilder.ts       |   2 +-
 pkg/webui/ui/src/models.ts                    |  44 ++++
 26 files changed, 1104 insertions(+), 36 deletions(-)
 create mode 100644 pkg/repocache/oci_cache.go
 create mode 100644 pkg/tar/LICENSE
 create mode 100644 pkg/tar/symlink_test.go
 create mode 100644 pkg/tar/tar.go
 create mode 100644 pkg/tar/tar_opts.go
 create mode 100644 pkg/tar/tar_test.go
 create mode 100644 pkg/types/oci_project.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3ba199e3d..6ab7f0338 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -88,8 +88,11 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	}
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 
-	rp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
-	defer rp.Clear()
+	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
+	defer gitRp.Clear()
+
+	ociRp := repocache.NewOciRepoCache(ctx, nil, projectFlags.GitCacheUpdateInterval)
+	defer gitRp.Clear()
 
 	var externalArgs *uo.UnstructuredObject
 	if argsFlags != nil {
@@ -115,7 +118,8 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		ProjectDir:         projectDir,
 		ProjectConfig:      projectFlags.ProjectConfig.String(),
 		ExternalArgs:       externalArgs,
-		RP:                 rp,
+		GitRP:              gitRp,
+		OciRP:              ociRp,
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
 
diff --git a/go.mod b/go.mod
index 575b19171..671a1ebcf 100644
--- a/go.mod
+++ b/go.mod
@@ -83,6 +83,7 @@ require (
 	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
 	google.golang.org/grpc v1.58.3
 	nhooyr.io/websocket v1.8.7
+	oras.land/oras-go/v2 v2.3.0
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
 	sigs.k8s.io/kustomize/api v0.14.0
diff --git a/go.sum b/go.sum
index c1bb5006a..8c3c74b2a 100644
--- a/go.sum
+++ b/go.sum
@@ -1263,6 +1263,8 @@ nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
+oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU=
+oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 99e574916..d43c8b8f9 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -47,7 +47,8 @@ type preparedProject struct {
 
 	startTime time.Time
 
-	rp *repocache.GitRepoCache
+	gitRP *repocache.GitRepoCache
+	ociRP *repocache.OciRepoCache
 
 	co         git.CheckoutInfo
 	tmpDir     string
@@ -90,13 +91,18 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
-	pp.rp, err = r.buildRepoCache(ctx, gitSecrets)
+	pp.gitRP, err = r.buildGitRepoCache(ctx, gitSecrets)
+	if err != nil {
+		return nil, err
+	}
+
+	pp.ociRP, err = r.buildOciRepoCache(ctx, nil)
 	if err != nil {
 		return nil, err
 	}
 
 	if doCloneSource {
-		rpEntry, err := pp.rp.GetEntry(pp.obj.Spec.Source.URL)
+		rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.URL)
 		if err != nil {
 			return nil, fmt.Errorf("failed clone source: %w", err)
 		}
@@ -125,9 +131,9 @@ func prepareProject(ctx context.Context,
 
 func (pp *preparedProject) cleanup() {
 	_ = os.RemoveAll(pp.tmpDir)
-	if pp.rp != nil {
-		pp.rp.Clear()
-		pp.rp = nil
+	if pp.gitRP != nil {
+		pp.gitRP.Clear()
+		pp.gitRP = nil
 	}
 }
 
@@ -575,7 +581,8 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 		RepoRoot:     pp.repoDir,
 		ExternalArgs: externalArgs,
 		ProjectDir:   pp.projectDir,
-		RP:           pp.rp,
+		GitRP:        pp.gitRP,
+		OciRP:        pp.ociRP,
 		AddKeyServersFunc: func(ctx context.Context, d *decryptor.Decryptor) error {
 			return pp.addKeyServers(ctx, d)
 		},
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index b563986ce..53c299d67 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -19,7 +19,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-type gitSecrets struct {
+type repoSecrets struct {
 	deprecatedSecret bool
 
 	host       string
@@ -27,12 +27,12 @@ type gitSecrets struct {
 	secret     corev1.Secret
 }
 
-func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]gitSecrets, error) {
+func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]repoSecrets, error) {
 	if source == nil {
 		return nil, nil
 	}
 
-	var ret []gitSecrets
+	var ret []repoSecrets
 
 	loadCredentials := func(deprecatedSecret bool, host string, pathPrefix string, secretName string) error {
 		if host == "" {
@@ -43,7 +43,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 		if err != nil {
 			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
-		ret = append(ret, gitSecrets{
+		ret = append(ret, repoSecrets{
 			deprecatedSecret: deprecatedSecret,
 			host:             host,
 			pathPrefix:       pathPrefix,
@@ -71,7 +71,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 	return ret, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []gitSecrets) (*auth.GitAuthProviders, error) {
+func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []repoSecrets) (*auth.GitAuthProviders, error) {
 	log := ctrl.LoggerFrom(ctx)
 	ga := auth.NewDefaultAuthProviders("KLUCTL_GIT", &messages.MessageCallbacks{
 		WarningFn: func(s string) {
@@ -119,7 +119,7 @@ func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret
 	return ga, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []gitSecrets) (string, error) {
+func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []repoSecrets) (string, error) {
 	// make sure we use a unique repo cache per set of credentials
 	h := sha256.New()
 	if len(secrets) == 0 {
@@ -141,13 +141,13 @@ func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []gitSecrets) (st
 	return h2, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildRepoCache(ctx context.Context, secrets []gitSecrets) (*repocache.GitRepoCache, error) {
+func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []repoSecrets) (*repocache.GitRepoCache, error) {
 	key, err := r.buildRepoCacheKey(secrets)
 	if err != nil {
 		return nil, err
 	}
 
-	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-repo-cache", key)
+	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-git-cache", key)
 	err = os.MkdirAll(tmpBaseDir, 0o700)
 	if err != nil {
 		return nil, err
@@ -163,3 +163,21 @@ func (r *KluctlDeploymentReconciler) buildRepoCache(ctx context.Context, secrets
 	rc := repocache.NewGitRepoCache(ctx, r.SshPool, ga, nil, 0)
 	return rc, nil
 }
+
+func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []repoSecrets) (*repocache.OciRepoCache, error) {
+	key, err := r.buildRepoCacheKey(secrets)
+	if err != nil {
+		return nil, err
+	}
+
+	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-oci-cache", key)
+	err = os.MkdirAll(tmpBaseDir, 0o700)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
+
+	rc := repocache.NewOciRepoCache(ctx, nil, 0)
+	return rc, nil
+}
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index ae0379a62..7bd93b91a 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -102,7 +102,7 @@ func (c *DeploymentCollection) collectAllDeployments(project *DeploymentProject,
 			continue
 		}
 
-		if diConfig.Include != nil || diConfig.Git != nil {
+		if diConfig.Include != nil || diConfig.Git != nil || diConfig.Oci != nil {
 			includedProject, ok := project.includes[i]
 			if !ok {
 				panic(fmt.Sprintf("Did not find find index %d in project.includes", i))
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index f8beb135c..bde3db87d 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -197,7 +197,7 @@ func (p *DeploymentProject) loadIncludes() error {
 				return err
 			}
 		} else if inc.Git != nil {
-			ge, err := p.ctx.RP.GetEntry(inc.Git.Url)
+			ge, err := p.ctx.GitRP.GetEntry(inc.Git.Url)
 			if err != nil {
 				return err
 			}
@@ -214,6 +214,19 @@ func (p *DeploymentProject) loadIncludes() error {
 			if err != nil {
 				return err
 			}
+		} else if inc.Oci != nil {
+			oe, err := p.ctx.OciRP.GetEntry(inc.Oci.Url)
+			if err != nil {
+				return err
+			}
+			extractedDir, _, err := oe.GetExtractedDir(inc.Oci.Ref)
+			if err != nil {
+				return err
+			}
+			newProject, err = p.loadLocalInclude(NewSource(extractedDir), inc.Oci.SubDir, inc.Vars)
+			if err != nil {
+				return err
+			}
 		} else {
 			continue
 		}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 9b20d151b..3a9d95974 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -13,7 +13,8 @@ type SharedContext struct {
 	Ctx             context.Context
 	K               *k8s.K8sCluster
 	K8sVersion      string
-	RP              *repocache.GitRepoCache
+	GitRP           *repocache.GitRepoCache
+	OciRP           *repocache.OciRepoCache
 	SopsDecrypter   *decryptor.Decryptor
 	VarsLoader      *vars.VarsLoader
 	HelmCredentials helm.HelmCredentialsProvider
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index dc71aa0e0..279e16fcf 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -16,7 +16,8 @@ func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir s
 		LoadTime: time.Now(),
 		TmpDir:   tmpDir,
 		J2:       j2,
-		RP:       args.RP,
+		GitRP:    args.GitRP,
+		OciRP:    args.OciRP,
 	}
 
 	err := p.loadKluctlProject(ctx)
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 7eb7cd8a3..41c2de9ed 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -19,8 +19,9 @@ type LoadedKluctlProject struct {
 	Config  types2.KluctlProject
 	Targets []*types2.Target
 
-	J2 *jinja2.Jinja2
-	RP *repocache.GitRepoCache
+	J2    *jinja2.Jinja2
+	GitRP *repocache.GitRepoCache
+	OciRP *repocache.OciRepoCache
 }
 
 func (c *LoadedKluctlProject) FindTarget(name string) (*types2.Target, error) {
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index acd3c5df9..38724b716 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -19,7 +19,8 @@ type LoadKluctlProjectArgs struct {
 	ProjectConfig string
 	ExternalArgs  *uo.UnstructuredObject
 
-	RP *repocache.GitRepoCache
+	GitRP *repocache.GitRepoCache
+	OciRP *repocache.OciRepoCache
 
 	AddKeyServersFunc  func(ctx context.Context, d *decryptor.Decryptor) error
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 6b8701b74..b148e94e4 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -103,7 +103,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 	if err != nil {
 		return nil, err
 	}
-	varsLoader := vars.NewVarsLoader(ctx, k, sopsDecryptor, p.RP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
+	varsLoader := vars.NewVarsLoader(ctx, k, sopsDecryptor, p.GitRP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
 
 	if params.ForSeal {
 		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
@@ -116,7 +116,8 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		Ctx:                               ctx,
 		K:                                 k,
 		K8sVersion:                        params.K8sVersion,
-		RP:                                p.RP,
+		GitRP:                             p.GitRP,
+		OciRP:                             p.OciRP,
 		SopsDecrypter:                     sopsDecryptor,
 		VarsLoader:                        varsLoader,
 		HelmCredentials:                   params.HelmCredentials,
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
new file mode 100644
index 000000000..1fb626e13
--- /dev/null
+++ b/pkg/repocache/oci_cache.go
@@ -0,0 +1,191 @@
+package repocache
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/tar"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	cp "github.com/otiai10/copy"
+	"net/url"
+	"oras.land/oras-go/v2"
+	"oras.land/oras-go/v2/content/file"
+	"oras.land/oras-go/v2/registry/remote"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"time"
+)
+
+type OciRepoCache struct {
+	ctx            context.Context
+	updateInterval time.Duration
+
+	repos      map[types.GitRepoKey]*OciCacheEntry
+	reposMutex sync.Mutex
+
+	repoOverrides []RepoOverride
+
+	cleanupDirs      []string
+	cleanupDirsMutex sync.Mutex
+}
+
+type OciCacheEntry struct {
+	rp   *OciRepoCache
+	url  url.URL
+	repo *remote.Repository
+
+	extractedDirs map[types.OciRef]string
+	updateMutex   sync.Mutex
+	overridePath  string
+}
+
+func NewOciRepoCache(ctx context.Context, repoOverrides []RepoOverride, updateInterval time.Duration) *OciRepoCache {
+	return &OciRepoCache{
+		ctx:            ctx,
+		updateInterval: updateInterval,
+		repos:          map[types.GitRepoKey]*OciCacheEntry{},
+		repoOverrides:  repoOverrides,
+	}
+}
+
+func (rp *OciRepoCache) Clear() {
+	rp.cleanupDirsMutex.Lock()
+	defer rp.cleanupDirsMutex.Unlock()
+
+	for _, p := range rp.cleanupDirs {
+		_ = os.RemoveAll(p)
+	}
+	rp.cleanupDirs = nil
+}
+
+func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
+	rp.reposMutex.Lock()
+	defer rp.reposMutex.Unlock()
+
+	urlN, err := url.Parse(urlIn)
+	if err != nil {
+		return nil, err
+	}
+	if urlN.Scheme != "oci" {
+		return nil, fmt.Errorf("unsupported scheme %s, must be oci://", urlN.Scheme)
+	}
+
+	repoKey := types.NewRepoKey(urlN.Host, urlN.Path)
+
+	overridePath, err := findRepoOverride(rp.repoOverrides, repoKey)
+	if err != nil {
+		return nil, err
+	}
+
+	if overridePath != "" {
+		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding oci repo %s with local directory %s", urlIn, overridePath)
+
+		e := &OciCacheEntry{
+			rp:            rp,
+			url:           *urlN,
+			repo:          nil, // mark as overridden
+			extractedDirs: map[types.OciRef]string{},
+			overridePath:  overridePath,
+		}
+		rp.repos[repoKey] = e
+		return e, nil
+	}
+
+	e, ok := rp.repos[repoKey]
+	if !ok {
+		repo, err := remote.NewRepository(strings.TrimPrefix(urlN.String(), "oci://"))
+		if err != nil {
+			return nil, err
+		}
+
+		repo.PlainHTTP = true
+
+		e = &OciCacheEntry{
+			rp:            rp,
+			url:           *urlN,
+			repo:          repo,
+			extractedDirs: map[types.OciRef]string{},
+		}
+		rp.repos[repoKey] = e
+	}
+	return e, nil
+}
+
+func (e *OciCacheEntry) GetExtractedDir(ref *types.OciRef) (string, git.CheckoutInfo, error) {
+	e.updateMutex.Lock()
+	defer e.updateMutex.Unlock()
+
+	if ref == nil {
+		ref = &types.OciRef{}
+	}
+
+	repoName := path.Base(e.url.Path) + "-"
+	repoName += ref.String() + "-"
+	repoName = strings.ReplaceAll(repoName, "/", "-")
+	repoName = strings.ReplaceAll(repoName, ":", "-")
+
+	ociDir := filepath.Join(utils.GetTmpBaseDir(e.rp.ctx), "oci")
+	err := os.MkdirAll(ociDir, 0700)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	ociDir, err = os.MkdirTemp(ociDir, repoName)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	pulledDir := filepath.Join(ociDir, "pulled")
+	extractedDir := filepath.Join(ociDir, "extracted")
+	err = os.Mkdir(pulledDir, 0700)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+	err = os.Mkdir(extractedDir, 0700)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	e.rp.cleanupDirsMutex.Lock()
+	e.rp.cleanupDirs = append(e.rp.cleanupDirs, ociDir)
+	e.rp.cleanupDirsMutex.Unlock()
+
+	if e.repo == nil { // local override exist
+		err = cp.Copy(e.overridePath, extractedDir)
+		if err != nil {
+			return "", git.CheckoutInfo{}, err
+		}
+		return extractedDir, git.CheckoutInfo{}, err
+	}
+
+	fs, err := file.New(pulledDir)
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	manifestDescriptor, err := oras.Copy(e.rp.ctx, e.repo, ref.String(), fs, "", oras.CopyOptions{})
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+	_ = manifestDescriptor
+
+	tgz, err := os.Open(filepath.Join(pulledDir, "artifact.tgz"))
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+	defer tgz.Close()
+
+	err = tar.Untar(tgz, extractedDir, tar.WithSkipSymlinks())
+	if err != nil {
+		return "", git.CheckoutInfo{}, err
+	}
+
+	e.extractedDirs[*ref] = extractedDir
+
+	return extractedDir, git.CheckoutInfo{}, nil
+}
diff --git a/pkg/tar/LICENSE b/pkg/tar/LICENSE
new file mode 100644
index 000000000..32017f8fa
--- /dev/null
+++ b/pkg/tar/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2017 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/tar/symlink_test.go b/pkg/tar/symlink_test.go
new file mode 100644
index 000000000..e8c4905ff
--- /dev/null
+++ b/pkg/tar/symlink_test.go
@@ -0,0 +1,128 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tar
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"testing"
+)
+
+func TestSkipSymlinks(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	symlinkTarget := filepath.Join(tmpDir, "symlink.target")
+	err := os.WriteFile(symlinkTarget, geRandomContent(256), os.ModePerm)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	symlink := filepath.Join(tmpDir, "symlink")
+	err = os.Symlink(symlinkTarget, symlink)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tgzFileName := filepath.Join(t.TempDir(), "test.tgz")
+	var buf bytes.Buffer
+	err = tgzWithSymlinks(tmpDir, &buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tgzFile, err := os.OpenFile(tgzFileName, os.O_CREATE|os.O_RDWR, os.ModePerm)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := io.Copy(tgzFile, &buf); err != nil {
+		t.Fatal(err)
+	}
+	if err = tgzFile.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	targetDirOutput := filepath.Join(t.TempDir(), "output")
+	f1, err := os.Open(tgzFileName)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = Untar(f1, targetDirOutput, WithMaxUntarSize(-1))
+	if err == nil {
+		t.Errorf("wanted error: unsupported symlink")
+	}
+
+	f2, err := os.Open(tgzFileName)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = Untar(f2, targetDirOutput, WithMaxUntarSize(-1), WithSkipSymlinks())
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+
+	if _, err := os.Open(path.Join(targetDirOutput, "symlink.target")); err != nil {
+		t.Errorf("regular file not found: %v", err)
+	}
+}
+
+func tgzWithSymlinks(src string, buf io.Writer) error {
+	absDir, err := filepath.Abs(src)
+	if err != nil {
+		return err
+	}
+
+	zr := gzip.NewWriter(buf)
+	tw := tar.NewWriter(zr)
+	if err := filepath.Walk(absDir, func(file string, fi os.FileInfo, err error) error {
+		header, err := tar.FileInfoHeader(fi, file)
+		if err != nil {
+			return err
+		}
+		if err := tw.WriteHeader(header); err != nil {
+			return err
+		}
+
+		if fi.Mode().IsRegular() {
+			f, err := os.Open(file)
+			if err != nil {
+				return err
+			}
+			if _, err := io.Copy(tw, f); err != nil {
+				return err
+			}
+			return f.Close()
+		}
+
+		return nil
+	}); err != nil {
+		return err
+	}
+	if err := tw.Close(); err != nil {
+		return err
+	}
+	if err := zr.Close(); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/tar/tar.go b/pkg/tar/tar.go
new file mode 100644
index 000000000..1ee8cd6c5
--- /dev/null
+++ b/pkg/tar/tar.go
@@ -0,0 +1,231 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Copyright 2020 The FluxCD contributors. All rights reserved.
+// Adapted from: golang.org/x/build/internal/untar
+
+// Package tar provides ways to manage tarball files.
+package tar
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+
+	securejoin "github.com/cyphar/filepath-securejoin"
+)
+
+const (
+	// DefaultMaxUntarSize defines the default (100MB) max amount of bytes that Untar will process.
+	DefaultMaxUntarSize = 100 << (10 * 2)
+
+	// UnlimitedUntarSize defines the value which disables untar size checks for maxUntarSize.
+	UnlimitedUntarSize = -1
+
+	// bufferSize defines the size of the buffer used when copying the tar file entries.
+	bufferSize = 32 * 1024
+)
+
+type tarOpts struct {
+	// maxUntarSize represents the limit size (bytes) for archives being decompressed by Untar.
+	// When max is a negative value the size checks are disabled.
+	maxUntarSize int
+
+	// skipSymlinks ignores symlinks instead of failing the decompression.
+	skipSymlinks bool
+}
+
+// Untar reads the gzip-compressed tar file from r and writes it into dir.
+//
+// If dir is a relative path, it cannot ascend from the current working dir.
+// If dir exists, it must be a directory.
+func Untar(r io.Reader, dir string, inOpts ...TarOption) (err error) {
+	opts := tarOpts{
+		maxUntarSize: DefaultMaxUntarSize,
+	}
+	opts.applyOpts(inOpts...)
+
+	dir = filepath.Clean(dir)
+	if !filepath.IsAbs(dir) {
+		cwd, err := os.Getwd()
+		if err != nil {
+			return err
+		}
+
+		dir, err = securejoin.SecureJoin(cwd, dir)
+		if err != nil {
+			return err
+		}
+	}
+
+	fi, err := os.Lstat(dir)
+	// Dir does not need to exist, as it can later be created.
+	if err != nil && !errors.Is(err, os.ErrNotExist) {
+		return fmt.Errorf("cannot lstat '%s': %w", dir, err)
+	}
+
+	if err == nil && !fi.IsDir() {
+		return fmt.Errorf("dir '%s' must be a directory", dir)
+	}
+
+	madeDir := map[string]bool{}
+	zr, err := gzip.NewReader(r)
+	if err != nil {
+		return fmt.Errorf("requires gzip-compressed body: %w", err)
+	}
+	tr := tar.NewReader(zr)
+	processedBytes := 0
+	t0 := time.Now()
+
+	// For improved concurrency, this could be optimised by sourcing
+	// the buffer from a sync.Pool.
+	buf := make([]byte, bufferSize)
+	for {
+		f, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return fmt.Errorf("tar error: %w", err)
+		}
+		processedBytes += int(f.Size)
+		if opts.maxUntarSize > UnlimitedUntarSize &&
+			processedBytes > opts.maxUntarSize {
+			return fmt.Errorf("tar %q is bigger than max archive size of %d bytes", f.Name, opts.maxUntarSize)
+		}
+		if !validRelPath(f.Name) {
+			return fmt.Errorf("tar contained invalid name error %q", f.Name)
+		}
+		rel := filepath.FromSlash(f.Name)
+		abs := filepath.Join(dir, rel)
+
+		fi := f.FileInfo()
+		mode := fi.Mode()
+
+		switch {
+		case mode.IsRegular():
+			// Make the directory. This is redundant because it should
+			// already be made by a directory entry in the tar
+			// beforehand. Thus, don't check for errors; the next
+			// write will fail with the same error.
+			dir := filepath.Dir(abs)
+			if !madeDir[dir] {
+				if err := os.MkdirAll(filepath.Dir(abs), 0o755); err != nil {
+					return err
+				}
+				madeDir[dir] = true
+			}
+			if runtime.GOOS == "darwin" && mode&0111 != 0 {
+				// The darwin kernel caches binary signatures
+				// and SIGKILLs binaries with mismatched
+				// signatures. Overwriting a binary with
+				// O_TRUNC does not clear the cache, rendering
+				// the new copy unusable. Removing the original
+				// file first does clear the cache. See #54132.
+				err := os.Remove(abs)
+				if err != nil && !errors.Is(err, fs.ErrNotExist) {
+					return err
+				}
+			}
+			wf, err := os.OpenFile(abs, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode.Perm())
+			if err != nil {
+				return err
+			}
+
+			n, err := copyBuffer(wf, tr, buf)
+			if err != nil && err != io.EOF {
+				return fmt.Errorf("error copying buffer: %w", err)
+			}
+
+			if closeErr := wf.Close(); closeErr != nil && err == nil {
+				err = closeErr
+			}
+			if err != nil {
+				return fmt.Errorf("error writing to %s: %w", abs, err)
+			}
+			if n != f.Size {
+				return fmt.Errorf("only wrote %d bytes to %s; expected %d", n, abs, f.Size)
+			}
+			modTime := f.ModTime
+			if modTime.After(t0) {
+				// Ensures that that files extracted are not newer then the
+				// current system time.
+				modTime = t0
+			}
+			if !modTime.IsZero() {
+				if err = os.Chtimes(abs, modTime, modTime); err != nil {
+					return fmt.Errorf("error changing file time %s: %w", abs, err)
+				}
+			}
+		case mode.IsDir():
+			if err := os.MkdirAll(abs, 0o755); err != nil {
+				return err
+			}
+			madeDir[abs] = true
+		case mode&os.ModeSymlink == os.ModeSymlink:
+			if !opts.skipSymlinks {
+				return fmt.Errorf("tar file entry %s is a symlink, which is not allowed in this context", f.Name)
+			}
+		default:
+			return fmt.Errorf("tar file entry %s contained unsupported file type %v", f.Name, mode)
+		}
+	}
+	return nil
+}
+
+// Uses a variant of io.CopyBuffer which ensures that a buffer is being used.
+// The upstream version prioritises the use of interfaces WriterTo and ReadFrom
+// which in this case causes the entirety of the tar file entry to be loaded
+// into memory.
+//
+// Original source:
+// https://github.com/golang/go/blob/6f445a9db55f65e55c5be29d3c506ecf3be37915/src/io/io.go#L405
+func copyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error) {
+	if buf == nil {
+		return 0, fmt.Errorf("buf is nil")
+	}
+	for {
+		nr, er := src.Read(buf)
+		if nr > 0 {
+			nw, ew := dst.Write(buf[0:nr])
+			if nw < 0 || nr < nw {
+				nw = 0
+				if ew == nil {
+					ew = fmt.Errorf("errInvalidWrite")
+				}
+			}
+			written += int64(nw)
+			if ew != nil {
+				err = ew
+				break
+			}
+			if nr != nw {
+				err = io.ErrShortWrite
+				break
+			}
+		}
+		if er != nil {
+			if er != io.EOF {
+				err = er
+			}
+			break
+		}
+	}
+	return written, err
+}
+
+func validRelPath(p string) bool {
+	if p == "" || strings.Contains(p, `\`) || strings.HasPrefix(p, "/") || strings.Contains(p, "../") {
+		return false
+	}
+	return true
+}
diff --git a/pkg/tar/tar_opts.go b/pkg/tar/tar_opts.go
new file mode 100644
index 000000000..127dfdfe5
--- /dev/null
+++ b/pkg/tar/tar_opts.go
@@ -0,0 +1,41 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tar
+
+// TarOption represents options to be applied to Tar.
+type TarOption func(*tarOpts)
+
+// WithMaxUntarSize sets the limit size for archives being decompressed by Untar.
+// When max is equal or less than 0 disables size checks.
+func WithMaxUntarSize(max int) TarOption {
+	return func(t *tarOpts) {
+		t.maxUntarSize = max
+	}
+}
+
+// WithSkipSymlinks allows for symlinks to be present in the tarball and skips them when decompressing.
+func WithSkipSymlinks() TarOption {
+	return func(t *tarOpts) {
+		t.skipSymlinks = true
+	}
+}
+
+func (t *tarOpts) applyOpts(tarOpts ...TarOption) {
+	for _, clientOpt := range tarOpts {
+		clientOpt(t)
+	}
+}
diff --git a/pkg/tar/tar_test.go b/pkg/tar/tar_test.go
new file mode 100644
index 000000000..339c3b28d
--- /dev/null
+++ b/pkg/tar/tar_test.go
@@ -0,0 +1,245 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tar
+
+import (
+	"archive/tar"
+	"bytes"
+	"compress/gzip"
+	"crypto/rand"
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+type untarTestCase struct {
+	name            string
+	targetDir       string
+	secureTargetDir string
+	fileName        string
+	content         []byte
+	wantErr         string
+	maxUntarSize    int
+	allowSymlink    bool
+}
+
+func TestUntar(t *testing.T) {
+	targetDirOutput := filepath.Join(t.TempDir(), "output")
+	symlink := filepath.Join(t.TempDir(), "symlink")
+
+	subdir := filepath.Join(targetDirOutput, "subdir")
+	err := os.MkdirAll(subdir, 0o755)
+	if err != nil {
+		t.Fatalf("cannot create subdir: %v", err)
+	}
+
+	err = os.Symlink(subdir, symlink)
+	if err != nil {
+		t.Fatalf("cannot create symlink: %v", err)
+	}
+
+	cases := []untarTestCase{
+		{
+			name:            "file at root",
+			fileName:        "file1",
+			content:         geRandomContent(256),
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "file at subdir root",
+			fileName:        "abc/fileX",
+			content:         geRandomContent(256),
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "directory traversal parent",
+			fileName:        "../abc/file",
+			content:         geRandomContent(256),
+			wantErr:         `tar contained invalid name error "../abc/file"`,
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "breach max size",
+			fileName:        "big-file",
+			content:         geRandomContent(256),
+			maxUntarSize:    255,
+			wantErr:         `tar "big-file" is bigger than max archive size of 255 bytes`,
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "breach default max untar size",
+			fileName:        "another-big-file",
+			content:         geRandomContent(DefaultMaxUntarSize + 1),
+			wantErr:         `tar "another-big-file" is bigger than max archive size of 104857600 bytes`,
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "disable max size checks",
+			fileName:        "another-big-file",
+			content:         geRandomContent(DefaultMaxUntarSize + 1),
+			maxUntarSize:    -1,
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "existing subdir",
+			fileName:        "subdir/file1",
+			content:         geRandomContent(256),
+			targetDir:       targetDirOutput,
+			secureTargetDir: targetDirOutput,
+		},
+		{
+			name:            "relative target dir",
+			fileName:        "file1",
+			content:         geRandomContent(256),
+			targetDir:       "anydir",
+			secureTargetDir: "./anydir",
+		},
+		{
+			name:            "relative paths can't ascend",
+			fileName:        "file1",
+			content:         geRandomContent(256),
+			targetDir:       "../../../../../../../../tmp/test",
+			secureTargetDir: "./tmp/test",
+		},
+		{
+			name:      "symlink",
+			fileName:  "any-file1",
+			content:   geRandomContent(256),
+			targetDir: symlink,
+			wantErr:   fmt.Sprintf(`dir '%s' must be a directory`, symlink),
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			f, err := createTestTar(tt)
+			if err != nil {
+				t.Fatalf("creating test tar: %v", err)
+			}
+			defer os.Remove(f.Name())
+			defer os.RemoveAll(tt.targetDir)
+
+			opts := make([]TarOption, 0)
+			if tt.maxUntarSize != 0 {
+				opts = append(opts, WithMaxUntarSize(tt.maxUntarSize))
+			}
+
+			err = Untar(f, tt.targetDir, opts...)
+			var got string
+			if err != nil {
+				got = err.Error()
+			}
+			if tt.wantErr != got {
+				t.Errorf("wanted error: '%s' got: '%v'", tt.wantErr, err)
+			}
+
+			if tt.wantErr == "" && err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+
+			// only assess file if no errors were expected
+			if tt.wantErr == "" {
+				abs := filepath.Join(tt.secureTargetDir, tt.fileName)
+				fi, err := os.Stat(abs)
+				if err != nil {
+					t.Errorf("stat %q: %v", abs, err)
+					return
+				}
+
+				if fi.Size() != int64(len(tt.content)) {
+					t.Errorf("file size wanted: %d got: %d", len(tt.content), fi.Size())
+				}
+			}
+
+			if tt.targetDir != tt.secureTargetDir {
+				os.RemoveAll(tt.secureTargetDir)
+			}
+		})
+	}
+}
+
+func Fuzz_Untar(f *testing.F) {
+	tf, err := createTestTar(untarTestCase{
+		name:     "file at root",
+		fileName: "file1",
+		content:  geRandomContent(256),
+	})
+	if err != nil {
+		f.Fatalf("cannot create test tar: %v", err)
+	}
+	defer os.Remove(tf.Name())
+
+	var content []byte
+	_, err = tf.Read(content)
+	if err != nil {
+		f.Fatalf("cannot read test tar: %v", err)
+	}
+
+	f.Add(content)
+
+	f.Fuzz(func(t *testing.T, data []byte) {
+		_ = Untar(bytes.NewReader(data), t.TempDir())
+	})
+}
+
+func createTestTar(tt untarTestCase) (*os.File, error) {
+	f, err := os.CreateTemp("", "flux-untar-*.tar.gz")
+	if err != nil {
+		return nil, fmt.Errorf("open file: %w", err)
+	}
+
+	gzw := gzip.NewWriter(f)
+	writer := tar.NewWriter(gzw)
+
+	writer.WriteHeader(&tar.Header{
+		Name: tt.fileName,
+		Size: int64(len(tt.content)),
+		Mode: 0o777,
+	})
+
+	writer.Write(tt.content)
+
+	if err = writer.Close(); err != nil {
+		return nil, fmt.Errorf("close tar: %v", err)
+	}
+	if err = gzw.Close(); err != nil {
+		return nil, fmt.Errorf("close gzip: %v", err)
+	}
+
+	name := f.Name()
+	if err = f.Close(); err != nil {
+		return nil, fmt.Errorf("close file: %v", err)
+	}
+	f, err = os.Open(name)
+	if err != nil {
+		return nil, fmt.Errorf("reopen file: %v", err)
+	}
+	return f, nil
+}
+
+func geRandomContent(len int) []byte {
+	content := make([]byte, len)
+	rand.Read(content)
+	return content
+}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 843186106..442b298ae 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -10,6 +10,7 @@ type DeploymentItemConfig struct {
 	Path             *string                  `json:"path,omitempty"`
 	Include          *string                  `json:"include,omitempty"`
 	Git              *GitProject              `json:"git,omitempty"`
+	Oci              *OciProject              `json:"oci,omitempty"`
 	Tags             []string                 `json:"tags,omitempty"`
 	Barrier          bool                     `json:"barrier,omitempty"`
 	Message          *string                  `json:"message,omitempty"`
@@ -39,8 +40,11 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	if s.Git != nil {
 		cnt += 1
 	}
+	if s.Oci != nil {
+		cnt += 1
+	}
 	if cnt > 1 {
-		sl.ReportError(s, "self", "self", "only one of path, include and git can be set at the same time", "")
+		sl.ReportError(s, "self", "self", "only one of path, include, git and oci can be set at the same time", "")
 	}
 	if s.Path == nil && s.WaitReadiness {
 		sl.ReportError(s, "waitReadiness", "WaitReadiness", "only kustomize deployments are allowed to have waitReadiness set", "")
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 0a8f1b59a..608f3ba90 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -134,11 +134,7 @@ func (u *GitUrl) Normalize() *GitUrl {
 
 func (u *GitUrl) RepoKey() GitRepoKey {
 	u2 := u.Normalize()
-	path := strings.TrimPrefix(u2.Path, "/")
-	return GitRepoKey{
-		Host: u2.Host,
-		Path: path,
-	}
+	return NewRepoKey(u2.Host, u2.Path)
 }
 
 // +kubebuilder:validation:Type=string
@@ -147,6 +143,15 @@ type GitRepoKey struct {
 	Path string `json:"-"`
 }
 
+func NewRepoKey(host string, path string) GitRepoKey {
+	path = strings.TrimSuffix(path, "/")
+	path = strings.TrimPrefix(path, "/")
+	return GitRepoKey{
+		Host: host,
+		Path: path,
+	}
+}
+
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
 
 func ParseGitRepoKey(s string) (GitRepoKey, error) {
diff --git a/pkg/types/oci_project.go b/pkg/types/oci_project.go
new file mode 100644
index 000000000..41660a81d
--- /dev/null
+++ b/pkg/types/oci_project.go
@@ -0,0 +1,33 @@
+package types
+
+type OciProject struct {
+	Url    string  `json:"url" validate:"required"`
+	Ref    *OciRef `json:"ref,omitempty"`
+	SubDir string  `json:"subDir,omitempty"`
+}
+
+type OciRef struct {
+	// Digest is the image digest to pull, takes precedence over SemVer.
+	// The value should be in the format 'sha256:<HASH>'.
+	// +optional
+	Digest string `json:"digest,omitempty"`
+
+	// Tag is the image tag to pull, defaults to latest.
+	// +optional
+	Tag string `json:"tag,omitempty"`
+}
+
+func (ref *OciRef) String() string {
+	if ref == nil {
+		return "latest"
+	}
+
+	if ref.Tag == "" && ref.Digest == "" {
+		return "latest"
+	}
+
+	if ref.Digest != "" {
+		return ref.Tag + "@" + ref.Digest
+	}
+	return ref.Tag
+}
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 63621a3c5..fa857f3c3 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -113,6 +113,11 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 		*out = new(GitProject)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Oci != nil {
+		in, out := &in.Oci, &out.Oci
+		*out = new(OciProject)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Tags != nil {
 		in, out := &in.Tags, &out.Tags
 		*out = make([]string, len(*in))
@@ -561,6 +566,41 @@ func (in *KluctlProject) DeepCopy() *KluctlProject {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OciProject) DeepCopyInto(out *OciProject) {
+	*out = *in
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(OciRef)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciProject.
+func (in *OciProject) DeepCopy() *OciProject {
+	if in == nil {
+		return nil
+	}
+	out := new(OciProject)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OciRef) DeepCopyInto(out *OciRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OciRef.
+func (in *OciRef) DeepCopy() *OciRef {
+	if in == nil {
+		return nil
+	}
+	out := new(OciRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SealedSecretsConfig) DeepCopyInto(out *SealedSecretsConfig) {
 	*out = *in
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index e6a34b39f..b82c69783 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -2,7 +2,7 @@ import {
     AuthInfo,
     CommandResult,
     CommandResultSummary,
-    ObjectRef,
+    ObjectRef, OciRef,
     ResultObject,
     ShortName,
     ValidateResult
@@ -472,6 +472,20 @@ export function buildGitRefString(ref?: GitRef) {
     }
 }
 
+export function buildOciRefString(ref?: OciRef) {
+    if (!ref) {
+        return "latest"
+    }
+    if (!ref.tag && !ref.digest) {
+        return "latest"
+    }
+    if (ref.tag && ref.digest) {
+        return ref.tag + "@" + ref.digest
+    } else if (ref.tag) {
+        return ref.tag
+    }
+}
+
 export function findObjectByRef(l: ResultObject[] | undefined, ref: ObjectRef, filter?: (o: ResultObject) => boolean): ResultObject | undefined {
     return l?.find(x => {
         if (filter && !filter(x)) {
diff --git a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
index 1af68a37a..132380548 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/DeploymentItemIncludeNode.tsx
@@ -6,7 +6,8 @@ import { GitIcon, IncludeIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { buildDeploymentItemSummaryProps } from "./DeploymentItemNode";
 import { CardTab } from "../../card/CardTabs";
-import { buildGitRefString } from "../../../api";
+import { buildGitRefString, buildOciRefString } from "../../../api";
+import { Archive } from "@mui/icons-material";
 
 
 export class DeploymentItemIncludeNodeData extends NodeData {
@@ -29,6 +30,13 @@ export class DeploymentItemIncludeNodeData extends NodeData {
                 {name}
                 {this.deploymentItem.git!.subDir && (<><br/>{this.deploymentItem.git!.subDir}</>)}
             </>
+        } else if (this.deploymentItem.oci) {
+            const s = this.deploymentItem.oci!.url.split("/")
+            const name = s[s.length-1]
+            return <>
+                {name}
+                {this.deploymentItem.oci!.subDir && (<><br/>{this.deploymentItem.oci!.subDir}</>)}
+            </>
         } else {
             return "unknown include"
         }
@@ -37,6 +45,8 @@ export class DeploymentItemIncludeNodeData extends NodeData {
     buildIcon(): [React.ReactNode, string] {
         if (this.deploymentItem.git) {
             return [<GitIcon/>, "git"]
+        } else if (this.deploymentItem.oci) {
+            return [<Archive/>, "oci"]
         }
         return [<IncludeIcon />, "include"]
     }
@@ -60,6 +70,11 @@ export class DeploymentItemIncludeNodeData extends NodeData {
             props.push({name: "Url", value: this.deploymentItem.git.url})
             props.push({name: "SubDir", value: this.deploymentItem.git.subDir})
             props.push({name: "Ref", value: buildGitRefString(this.deploymentItem.git.ref)})
+        } else if (this.deploymentItem.oci) {
+            props.push({name: "Type", value: "OciInclude"})
+            props.push({name: "Url", value: this.deploymentItem.oci.url})
+            props.push({name: "SubDir", value: this.deploymentItem.oci.subDir})
+            props.push({name: "Ref", value: buildOciRefString(this.deploymentItem.oci.ref)})
         } else {
             props.push({name: "Type", value: "Unknown"})
         }
diff --git a/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts b/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
index d62df424d..34e6d8bde 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
+++ b/pkg/webui/ui/src/components/command-result/nodes/NodeBuilder.ts
@@ -134,7 +134,7 @@ export class NodeBuilder {
             deploymentItem.renderedObjects?.forEach(renderedObject => {
                 this.buildObjectNode(node!, renderedObject)
             })
-        } else if (deploymentItem.include || deploymentItem.git) {
+        } else if (deploymentItem.include || deploymentItem.git || deploymentItem.oci) {
             node = new DeploymentItemIncludeNodeData(this.commandResult, newId, deploymentItem, deploymentItem.renderedInclude!)
             this.buildVarsSourceCollectionNode(node, deploymentItem.vars)
             if (deploymentItem.renderedInclude) {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 026776cac..22df1310d 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -150,6 +150,48 @@ export class DeleteObjectItemConfig {
         this.namespace = source["namespace"];
     }
 }
+export class OciRef {
+    digest?: string;
+    semver?: string;
+    tag?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.digest = source["digest"];
+        this.semver = source["semver"];
+        this.tag = source["tag"];
+    }
+}
+export class OciProject {
+    url: string;
+    ref?: OciRef;
+    subDir?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.ref = this.convertValues(source["ref"], OciRef);
+        this.subDir = source["subDir"];
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class GitProject {
     url: string;
     ref?: GitRef;
@@ -166,6 +208,7 @@ export class DeploymentItemConfig {
     path?: string;
     include?: string;
     git?: GitProject;
+    oci?: OciProject;
     tags?: string[];
     barrier?: boolean;
     message?: string;
@@ -185,6 +228,7 @@ export class DeploymentItemConfig {
         this.path = source["path"];
         this.include = source["include"];
         this.git = this.convertValues(source["git"], GitProject);
+        this.oci = this.convertValues(source["oci"], OciProject);
         this.tags = source["tags"];
         this.barrier = source["barrier"];
         this.message = source["message"];

From 43772254daa5509cff986035648c201060567c76 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 21:35:43 +0200
Subject: [PATCH 1668/2268] fix: Update projectKey as early as possible

---
 .../kluctldeployment_controller.go            | 35 +++++++++----------
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 9a4dbdba7..3f3d464f1 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -233,24 +233,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
-	obj.Status.LastPrepareError = ""
-
-	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
-	defer cancel()
-
-	pp, err := prepareProject(timeoutCtx, r, obj, true)
-	if err != nil {
-		return doFailPrepare(err)
-	}
-	defer pp.cleanup()
-
-	patchErr = doProgressingCondition("Loading project and target", true)
-	if patchErr != nil {
-		return nil, patchErr
-	}
-
-	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
-
 	newProjectKey := result.ProjectKey{
 		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
 		SubDir:     path.Clean(obj.Spec.Source.Path),
@@ -268,6 +250,23 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 	obj.Status.ProjectKey = &newProjectKey
 
+	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
+	defer cancel()
+
+	obj.Status.LastPrepareError = ""
+	pp, err := prepareProject(timeoutCtx, r, obj, true)
+	if err != nil {
+		return doFailPrepare(err)
+	}
+	defer pp.cleanup()
+
+	patchErr = doProgressingCondition("Loading project and target", true)
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
+	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
+
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
 		return doFailPrepare(err)

From a69cd217b3ec1900e0bb0e2748d8eda338c5558d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 22:13:55 +0200
Subject: [PATCH 1669/2268] feat: Add git field to spec.source and deprecate
 old fields

---
 api/v1beta1/kluctldeployment_types.go         | 42 +++++++++++++++++--
 e2e/gitops_errors_test.go                     |  4 +-
 e2e/gitops_test.go                            | 17 ++++++--
 pkg/controllers/kluctl_project.go             | 29 ++++++++-----
 .../kluctldeployment_controller.go            | 14 +++++--
 5 files changed, 83 insertions(+), 23 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index fe98fe027..92880a22d 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -235,6 +235,40 @@ func (in KluctlDeploymentSpec) GetRetryInterval() time.Duration {
 }
 
 type ProjectSource struct {
+	// Git specifies a git repository as project source
+	// +optional
+	Git *ProjectSourceGit `json:"git,omitempty"`
+
+	// Url specifies the Git url where the project source is located
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.
+	// +optional
+	URL types.GitUrl `json:"url"`
+
+	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.ref instead.
+	// +optional
+	Ref *types.GitRef `json:"ref,omitempty"`
+
+	// Path specifies the sub-directory to be used as project directory
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.path instead.
+	// +optional
+	Path string `json:"path,omitempty"`
+
+	// SecretRef specifies the Secret containing authentication credentials for
+	// See GitCredentials.SecretRef for details
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
+	// instead.
+	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+	// Use Credentials with a proper Host field instead.
+	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
+
+	// Credentials specifies a list of secrets with credentials
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.
+	// +optional
+	Credentials []GitCredentials `json:"credentials,omitempty"`
+}
+
+type ProjectSourceGit struct {
 	// Url specifies the Git url where the project source is located
 	// +required
 	URL types.GitUrl `json:"url"`
@@ -261,23 +295,23 @@ type ProjectSource struct {
 }
 
 type GitCredentials struct {
-	// Host specifies the hostname that this git secret applies to. If set to '*', this set of credentials
+	// Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
 	// applies to all hosts.
 	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
 	// You must always set a proper hostname in that case.
 	// +required
 	Host string `json:"host,omitempty"`
 
-	// PathPrefix specified the path prefix to be used to filter git urls. Only urls that have this prefix will use
+	// PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
 	// this set of credentials.
 	// +optional
 	PathPrefix string `json:"pathPrefix,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
 	// the git repository.
-	// For HTTPS repositories the Secret must contain 'username' and 'password'
+	// For HTTPS git repositories the Secret must contain 'username' and 'password'
 	// fields.
-	// For SSH repositories the Secret must contain 'identity'
+	// For SSH git repositories the Secret must contain 'identity'
 	// and 'known_hosts' fields.
 	// +required
 	SecretRef LocalObjectReference `json:"secretRef"`
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index dce75bf79..c1af4beeb 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -193,8 +193,8 @@ data:
 	suite.Run("non existing git repo", func() {
 		var backup types.GitUrl
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			backup = kd.Spec.Source.URL
-			kd.Spec.Source.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
+			backup = kd.Spec.Source.Git.URL
+			kd.Spec.Source.Git.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
 		})
 		suite.waitForReconcile(key)
 		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed clone source: repository not found", nil, nil)
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 8435a7fac..f5fa685b5 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -166,6 +166,14 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 }
 
 func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
+	return suite.createKluctlDeployment2(p, target, args, kluctlv1.ProjectSource{
+		Git: &kluctlv1.ProjectSourceGit{
+			URL: *types2.ParseGitUrlMust(p.GitUrl()),
+		},
+	})
+}
+
+func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProject, target string, args map[string]any, source kluctlv1.ProjectSource) client.ObjectKey {
 	gitopsNs := p.TestSlug() + "-gitops"
 	createNamespace(suite.T(), suite.k, gitopsNs)
 
@@ -186,9 +194,7 @@ func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject
 			Args: &runtime.RawExtension{
 				Raw: jargs,
 			},
-			Source: kluctlv1.ProjectSource{
-				URL: *types2.ParseGitUrlMust(p.GitUrl()),
-			},
+			Source: source,
 		},
 	}
 
@@ -250,9 +256,12 @@ data:
 `)},
 	}, nil)
 
-	key := suite.createKluctlDeployment(p, "target1", map[string]any{
+	key := suite.createKluctlDeployment2(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 		"k2":        42,
+	}, kluctlv1.ProjectSource{
+		// let's misuse this testcase to test the deprecated ProjectSource
+		URL: *types2.ParseGitUrlMust(p.GitUrl()),
 	})
 
 	suite.Run("initial deployment", func() {
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index d43c8b8f9..3429a7a28 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -102,18 +102,27 @@ func prepareProject(ctx context.Context,
 	}
 
 	if doCloneSource {
-		rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.URL)
-		if err != nil {
-			return nil, fmt.Errorf("failed clone source: %w", err)
-		}
+		if pp.obj.Spec.Source.Git != nil {
+			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.Git.URL)
+			if err != nil {
+				return nil, fmt.Errorf("failed to clone git source: %w", err)
+			}
 
-		clonedDir, co, err := rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref)
-		if err != nil {
-			return nil, err
-		}
+			pp.repoDir, pp.co, err = rpEntry.GetClonedDir(pp.obj.Spec.Source.Git.Ref)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.URL)
+			if err != nil {
+				return nil, fmt.Errorf("failed to clone git source: %w", err)
+			}
 
-		pp.co = co
-		pp.repoDir = clonedDir
+			pp.repoDir, pp.co, err = rpEntry.GetClonedDir(pp.obj.Spec.Source.Ref)
+			if err != nil {
+				return nil, err
+			}
+		}
 
 		// check kluctl project path exists
 		pp.projectDir, err = securejoin.SecureJoin(pp.repoDir, pp.obj.Spec.Source.Path)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 3f3d464f1..cf935dfbb 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -233,9 +233,17 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
-	newProjectKey := result.ProjectKey{
-		GitRepoKey: obj.Spec.Source.URL.RepoKey(),
-		SubDir:     path.Clean(obj.Spec.Source.Path),
+	var newProjectKey result.ProjectKey
+	if obj.Spec.Source.Git != nil {
+		newProjectKey = result.ProjectKey{
+			GitRepoKey: obj.Spec.Source.Git.URL.RepoKey(),
+			SubDir:     path.Clean(obj.Spec.Source.Git.Path),
+		}
+	} else {
+		newProjectKey = result.ProjectKey{
+			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
+			SubDir:     path.Clean(obj.Spec.Source.Path),
+		}
 	}
 	if newProjectKey.SubDir == "." {
 		newProjectKey.SubDir = ""

From 6a893ed735a00011745ad3f36a6e7e1f84a8b07d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 22:15:24 +0200
Subject: [PATCH 1670/2268] feat: Support oci sources in KluctlDeployment

---
 api/v1beta1/kluctldeployment_types.go         |  32 +-
 api/v1beta1/zz_generated.deepcopy.go          | 100 +++++-
 docs/gitops/api/kluctl-controller.md          | 332 ++++++++++++++----
 e2e/gitops_errors_test.go                     |   6 +-
 e2e/gitops_git_include_test.go                |   6 +-
 pkg/controllers/kluctl_project.go             |  10 +
 .../kluctldeployment_controller.go            |  25 +-
 .../metrics/kluctldeployment_controller.go    |  22 ++
 pkg/types/git_url.go                          |   8 +
 pkg/types/result/command_result.go            |   1 +
 pkg/types/result/zz_generated.deepcopy.go     |   1 +
 pkg/webui/ui/src/models.ts                    |   4 +-
 12 files changed, 446 insertions(+), 101 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 92880a22d..78baba0e2 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -239,6 +239,10 @@ type ProjectSource struct {
 	// +optional
 	Git *ProjectSourceGit `json:"git,omitempty"`
 
+	// Oci specifies an OCI repository as project source
+	// +optional
+	Oci *ProjectSourceOci `json:"oci,omitempty"`
+
 	// Url specifies the Git url where the project source is located
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.
 	// +optional
@@ -255,7 +259,7 @@ type ProjectSource struct {
 	Path string `json:"path,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
-	// See GitCredentials.SecretRef for details
+	// See ProjectSourceCredentials.SecretRef for details
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
 	// instead.
 	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
@@ -265,7 +269,7 @@ type ProjectSource struct {
 	// Credentials specifies a list of secrets with credentials
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.
 	// +optional
-	Credentials []GitCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
 }
 
 type ProjectSourceGit struct {
@@ -282,7 +286,7 @@ type ProjectSourceGit struct {
 	Path string `json:"path,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
-	// See GitCredentials.SecretRef for details
+	// See ProjectSourceCredentials.SecretRef for details
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
 	// instead.
 	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
@@ -291,10 +295,28 @@ type ProjectSourceGit struct {
 
 	// Credentials specifies a list of secrets with credentials
 	// +optional
-	Credentials []GitCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
+}
+
+type ProjectSourceOci struct {
+	// Url specifies the Git url where the project source is located
+	// +required
+	URL string `json:"url"`
+
+	// Ref specifies the tag to be used. If omitted, the "latest" tag is used.
+	// +optional
+	Ref *types.OciRef `json:"ref,omitempty"`
+
+	// Path specifies the sub-directory to be used as project directory
+	// +optional
+	Path string `json:"path,omitempty"`
+
+	// Credentials specifies a list of secrets with credentials
+	// +optional
+	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
 }
 
-type GitCredentials struct {
+type ProjectSourceCredentials struct {
 	// Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
 	// applies to all hosts.
 	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 2aa37d131..15b96d23d 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -47,22 +47,6 @@ func (in *Decryption) DeepCopy() *Decryption {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitCredentials) DeepCopyInto(out *GitCredentials) {
-	*out = *in
-	out.SecretRef = in.SecretRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitCredentials.
-func (in *GitCredentials) DeepCopy() *GitCredentials {
-	if in == nil {
-		return nil
-	}
-	out := new(GitCredentials)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmCredentials) DeepCopyInto(out *HelmCredentials) {
 	*out = *in
@@ -328,6 +312,16 @@ func (in *LocalObjectReference) DeepCopy() *LocalObjectReference {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	*out = *in
+	if in.Git != nil {
+		in, out := &in.Git, &out.Git
+		*out = new(ProjectSourceGit)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Oci != nil {
+		in, out := &in.Oci, &out.Oci
+		*out = new(ProjectSourceOci)
+		(*in).DeepCopyInto(*out)
+	}
 	in.URL.DeepCopyInto(&out.URL)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
@@ -341,7 +335,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]GitCredentials, len(*in))
+		*out = make([]ProjectSourceCredentials, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -356,6 +350,78 @@ func (in *ProjectSource) DeepCopy() *ProjectSource {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSourceCredentials) DeepCopyInto(out *ProjectSourceCredentials) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceCredentials.
+func (in *ProjectSourceCredentials) DeepCopy() *ProjectSourceCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSourceCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
+	*out = *in
+	in.URL.DeepCopyInto(&out.URL)
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(types.GitRef)
+		**out = **in
+	}
+	if in.SecretRef != nil {
+		in, out := &in.SecretRef, &out.SecretRef
+		*out = new(LocalObjectReference)
+		**out = **in
+	}
+	if in.Credentials != nil {
+		in, out := &in.Credentials, &out.Credentials
+		*out = make([]ProjectSourceCredentials, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceGit.
+func (in *ProjectSourceGit) DeepCopy() *ProjectSourceGit {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSourceGit)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSourceOci) DeepCopyInto(out *ProjectSourceOci) {
+	*out = *in
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(types.OciRef)
+		**out = **in
+	}
+	if in.Credentials != nil {
+		in, out := &in.Credentials, &out.Credentials
+		*out = make([]ProjectSourceCredentials, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceOci.
+func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSourceOci)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
 	*out = *in
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index b7fa31cd2..09f4c9694 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -69,71 +69,6 @@ by signing a token in an IRSA compliant way.</p>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.GitCredentials">GitCredentials
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
-</p>
-<div class="md-typeset__scrollwrap">
-<div class="md-typeset__table">
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>host</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Host specifies the hostname that this git secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
-applies to all hosts.
-Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
-You must always set a proper hostname in that case.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>pathPrefix</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>PathPrefix specified the path prefix to be used to filter git urls. Only urls that have this prefix will use
-this set of credentials.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>secretRef</code><br>
-<em>
-<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
-LocalObjectReference
-</a>
-</em>
-</td>
-<td>
-<p>SecretRef specifies the Secret containing authentication credentials for
-the git repository.
-For HTTPS repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
-fields.
-For SSH repositories the Secret must contain &lsquo;identity&rsquo;
-and &lsquo;known_hosts&rsquo; fields.</p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
 <h3 id="gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials
 </h3>
 <p>
@@ -1414,9 +1349,10 @@ the KluctlDeployment.</p>
 <p>
 (<em>Appears on:</em>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
-<a href="#gitops.kluctl.io/v1beta1.GitCredentials">GitCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">ProjectSourceCredentials</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1461,6 +1397,193 @@ string
 <tbody>
 <tr>
 <td>
+<code>git</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">
+ProjectSourceGit
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Git specifies a git repository as project source</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>oci</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">
+ProjectSourceOci
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Oci specifies an OCI repository as project source</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Url specifies the Git url where the project source is located
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>ref</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitRef
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.ref instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the sub-directory to be used as project directory
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.path instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef specifies the Secret containing authentication credentials for
+See ProjectSourceCredentials.SecretRef for details
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
+instead.
+WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+Use Credentials with a proper Host field instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
+[]ProjectSourceCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies a list of secrets with credentials
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceCredentials">ProjectSourceCredentials
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>host</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Host specifies the hostname that this secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
+applies to all hosts.
+Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+You must always set a proper hostname in that case.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>pathPrefix</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
+this set of credentials.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the git repository.
+For HTTPS git repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
+fields.
+For SSH git repositories the Secret must contain &lsquo;identity&rsquo;
+and &lsquo;known_hosts&rsquo; fields.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
 <code>url</code><br>
 <em>
 github.com/kluctl/kluctl/v2/pkg/types.GitUrl
@@ -1505,7 +1628,7 @@ LocalObjectReference
 </td>
 <td>
 <p>SecretRef specifies the Secret containing authentication credentials for
-See GitCredentials.SecretRef for details
+See ProjectSourceCredentials.SecretRef for details
 DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
 instead.
 WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
@@ -1516,8 +1639,77 @@ Use Credentials with a proper Host field instead.</p>
 <td>
 <code>credentials</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.GitCredentials">
-[]GitCredentials
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
+[]ProjectSourceCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies a list of secrets with credentials</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Url specifies the Git url where the project source is located</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>ref</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.OciRef
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Ref specifies the tag to be used. If omitted, the &ldquo;latest&rdquo; tag is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the sub-directory to be used as project directory</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
+[]ProjectSourceCredentials
 </a>
 </em>
 </td>
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index c1af4beeb..4a135b29c 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -206,15 +206,15 @@ data:
 	suite.Run("non existing git branch", func() {
 		var backup *types.GitRef
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			backup = kd.Spec.Source.Ref
-			kd.Spec.Source.Ref = &types.GitRef{
+			backup = kd.Spec.Source.Git.Ref
+			kd.Spec.Source.Git.Ref = &types.GitRef{
 				Branch: "invalid",
 			}
 		})
 		suite.waitForReconcile(key)
 		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Source.Ref = backup
+			kd.Spec.Source.Git.Ref = backup
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index b24337128..0d97d27da 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -122,17 +122,17 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
 		Host:       gs1.GitHost(),
 		PathPrefix: ip1.GitRepoName(),
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
 	})
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
 		Host:      mainGs.GitHost(),
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
 	// make sure this one is ignored for http based urls
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.GitCredentials{
+	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
 		Host:      "*",
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 3429a7a28..aa0b261b6 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -112,6 +112,16 @@ func prepareProject(ctx context.Context,
 			if err != nil {
 				return nil, err
 			}
+		} else if pp.obj.Spec.Source.Oci != nil {
+			rpEntry, err := pp.ociRP.GetEntry(pp.obj.Spec.Source.Oci.URL)
+			if err != nil {
+				return nil, fmt.Errorf("failed to pull OCI source: %w", err)
+			}
+
+			pp.repoDir, pp.co, err = rpEntry.GetExtractedDir(pp.obj.Spec.Source.Oci.Ref)
+			if err != nil {
+				return nil, err
+			}
 		} else {
 			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.URL)
 			if err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index cf935dfbb..b8aa41418 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -11,6 +11,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -239,6 +240,15 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			GitRepoKey: obj.Spec.Source.Git.URL.RepoKey(),
 			SubDir:     path.Clean(obj.Spec.Source.Git.Path),
 		}
+	} else if obj.Spec.Source.Oci != nil {
+		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
+		if err != nil {
+			return doFailPrepare(err)
+		}
+		newProjectKey = result.ProjectKey{
+			OciRepoKey: repoKey,
+			SubDir:     path.Clean(obj.Spec.Source.Oci.Path),
+		}
 	} else {
 		newProjectKey = result.ProjectKey{
 			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
@@ -724,5 +734,18 @@ func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.
 	internal_metrics.NewKluctlDeleteEnabled(obj.Namespace, obj.Name).Set(deleteEnabled)
 	internal_metrics.NewKluctlDryRunEnabled(obj.Namespace, obj.Name).Set(dryRunEnabled)
 	internal_metrics.NewKluctlDeploymentInterval(obj.Namespace, obj.Name).Set(deploymentInterval)
-	internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name, obj.Spec.Source.URL.String(), obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
+	if obj.Spec.Source.Git != nil {
+		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
+			obj.Spec.Source.Git.URL.String(), obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
+		internal_metrics.NewKluctlGitSourceSpec(obj.Namespace, obj.Name,
+			obj.Spec.Source.Git.URL.String(), obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
+	} else if obj.Spec.Source.Oci != nil {
+		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
+			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
+		internal_metrics.NewKluctlOciSourceSpec(obj.Namespace, obj.Name,
+			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
+	} else {
+		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
+			obj.Spec.Source.URL.String(), obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
+	}
 }
diff --git a/pkg/controllers/metrics/kluctldeployment_controller.go b/pkg/controllers/metrics/kluctldeployment_controller.go
index 8900146ad..c0793796f 100644
--- a/pkg/controllers/metrics/kluctldeployment_controller.go
+++ b/pkg/controllers/metrics/kluctldeployment_controller.go
@@ -15,6 +15,8 @@ const (
 	PruneEnabledKey       = "prune_enabled"
 	DeleteEnabledKey      = "delete_enabled"
 	SourceSpecKey         = "source_spec"
+	GitSourceSpecKey      = "git_source_spec"
+	OciSourceSpecKey      = "oci_source_spec"
 )
 
 var (
@@ -53,6 +55,18 @@ var (
 		Name:      SourceSpecKey,
 		Help:      "The configured source spec of a single deployment.",
 	}, []string{"namespace", "name", "url", "path", "ref"})
+
+	gitSourceSpec = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      GitSourceSpecKey,
+		Help:      "The configured git source spec of a single deployment.",
+	}, []string{"namespace", "name", "url", "path", "ref"})
+
+	ociSourceSpec = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      OciSourceSpecKey,
+		Help:      "The configured git source spec of a single deployment.",
+	}, []string{"namespace", "name", "url", "path", "ref"})
 )
 
 func init() {
@@ -87,3 +101,11 @@ func NewKluctlDeleteEnabled(namespace string, name string) prometheus.Gauge {
 func NewKluctlSourceSpec(namespace string, name string, url string, path string, ref string) prometheus.Gauge {
 	return sourceSpec.WithLabelValues(namespace, name, url, path, ref)
 }
+
+func NewKluctlGitSourceSpec(namespace string, name string, url string, path string, ref string) prometheus.Gauge {
+	return gitSourceSpec.WithLabelValues(namespace, name, url, path, ref)
+}
+
+func NewKluctlOciSourceSpec(namespace string, name string, url string, path string, ref string) prometheus.Gauge {
+	return ociSourceSpec.WithLabelValues(namespace, name, url, path, ref)
+}
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 608f3ba90..cb398e52a 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -152,6 +152,14 @@ func NewRepoKey(host string, path string) GitRepoKey {
 	}
 }
 
+func NewRepoKeyFromUrl(urlIn string) (GitRepoKey, error) {
+	u, err := url.Parse(urlIn)
+	if err != nil {
+		return GitRepoKey{}, err
+	}
+	return NewRepoKey(u.Host, u.Path), nil
+}
+
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
 
 func ParseGitRepoKey(s string) (GitRepoKey, error) {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 0866bfc48..03cc5033d 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -41,6 +41,7 @@ const (
 
 type ProjectKey struct {
 	GitRepoKey types.GitRepoKey `json:"gitRepoKey,omitempty"`
+	OciRepoKey types.GitRepoKey `json:"ociRepoKey,omitempty"`
 	SubDir     string           `json:"subDir,omitempty"`
 }
 
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index fddafb3aa..08700754c 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -426,6 +426,7 @@ func (in *KluctlDeploymentInfo) DeepCopy() *KluctlDeploymentInfo {
 func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
 	*out = *in
 	out.GitRepoKey = in.GitRepoKey
+	out.OciRepoKey = in.OciRepoKey
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 22df1310d..c8b50a1df 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -152,13 +152,11 @@ export class DeleteObjectItemConfig {
 }
 export class OciRef {
     digest?: string;
-    semver?: string;
     tag?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.digest = source["digest"];
-        this.semver = source["semver"];
         this.tag = source["tag"];
     }
 }
@@ -714,11 +712,13 @@ export class TargetKey {
 }
 export class ProjectKey {
     gitRepoKey?: string;
+    ociRepoKey?: string;
     subDir?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.gitRepoKey = source["gitRepoKey"];
+        this.ociRepoKey = source["ociRepoKey"];
         this.subDir = source["subDir"];
     }
 }

From 12b09b76f8ef16a51dbde2b2ba005485ab23a07b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 22:23:05 +0200
Subject: [PATCH 1671/2268] chore: Run make manifests

---
 .../gitops.kluctl.io_kluctldeployments.yaml   | 178 ++++++++++++++++--
 install/controller/controller/crd.yaml        | 178 ++++++++++++++++--
 2 files changed, 328 insertions(+), 28 deletions(-)

diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 9b66d9616..f92f01ec9 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -313,10 +313,12 @@ spec:
                 properties:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use git.credentials instead.
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this git secret
+                          description: Host specifies the hostname that this secret
                             applies to. If set to '*', this set of credentials applies
                             to all hosts. Using '*' for http(s) based repositories
                             is not supported, meaning that such credentials sets will
@@ -325,14 +327,14 @@ spec:
                           type: string
                         pathPrefix:
                           description: PathPrefix specified the path prefix to be
-                            used to filter git urls. Only urls that have this prefix
+                            used to filter source urls. Only urls that have this prefix
                             will use this set of credentials.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS repositories
+                            credentials for the git repository. For HTTPS git repositories
                             the Secret must contain 'username' and 'password' fields.
-                            For SSH repositories the Secret must contain 'identity'
+                            For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
                             name:
@@ -345,13 +347,160 @@ spec:
                       - secretRef
                       type: object
                     type: array
+                  git:
+                    description: Git specifies a git repository as project source
+                    properties:
+                      credentials:
+                        description: Credentials specifies a list of secrets with
+                          credentials
+                        items:
+                          properties:
+                            host:
+                              description: Host specifies the hostname that this secret
+                                applies to. If set to '*', this set of credentials
+                                applies to all hosts. Using '*' for http(s) based
+                                repositories is not supported, meaning that such credentials
+                                sets will be ignored. You must always set a proper
+                                hostname in that case.
+                              type: string
+                            pathPrefix:
+                              description: PathPrefix specified the path prefix to
+                                be used to filter source urls. Only urls that have
+                                this prefix will use this set of credentials.
+                              type: string
+                            secretRef:
+                              description: SecretRef specifies the Secret containing
+                                authentication credentials for the git repository.
+                                For HTTPS git repositories the Secret must contain
+                                'username' and 'password' fields. For SSH git repositories
+                                the Secret must contain 'identity' and 'known_hosts'
+                                fields.
+                              properties:
+                                name:
+                                  description: Name of the referent.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                          required:
+                          - secretRef
+                          type: object
+                        type: array
+                      path:
+                        description: Path specifies the sub-directory to be used as
+                          project directory
+                        type: string
+                      ref:
+                        description: Ref specifies the branch, tag or commit that
+                          should be used. If omitted, the default branch of the repo
+                          is used.
+                        properties:
+                          branch:
+                            description: Branch to use.
+                            type: string
+                          commit:
+                            description: Commit SHA to use.
+                            type: string
+                          tag:
+                            description: Tag to use.
+                            type: string
+                        type: object
+                      secretRef:
+                        description: SecretRef specifies the Secret containing authentication
+                          credentials for See ProjectSourceCredentials.SecretRef for
+                          details DEPRECATED this field is deprecated and will be
+                          removed in a future version of the controller. Use Credentials
+                          instead. WARNING using this field causes the controller
+                          to pass http basic auth credentials to ALL repositories
+                          involved. Use Credentials with a proper Host field instead.
+                        properties:
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      url:
+                        description: Url specifies the Git url where the project source
+                          is located
+                        type: string
+                    required:
+                    - url
+                    type: object
+                  oci:
+                    description: Oci specifies an OCI repository as project source
+                    properties:
+                      credentials:
+                        description: Credentials specifies a list of secrets with
+                          credentials
+                        items:
+                          properties:
+                            host:
+                              description: Host specifies the hostname that this secret
+                                applies to. If set to '*', this set of credentials
+                                applies to all hosts. Using '*' for http(s) based
+                                repositories is not supported, meaning that such credentials
+                                sets will be ignored. You must always set a proper
+                                hostname in that case.
+                              type: string
+                            pathPrefix:
+                              description: PathPrefix specified the path prefix to
+                                be used to filter source urls. Only urls that have
+                                this prefix will use this set of credentials.
+                              type: string
+                            secretRef:
+                              description: SecretRef specifies the Secret containing
+                                authentication credentials for the git repository.
+                                For HTTPS git repositories the Secret must contain
+                                'username' and 'password' fields. For SSH git repositories
+                                the Secret must contain 'identity' and 'known_hosts'
+                                fields.
+                              properties:
+                                name:
+                                  description: Name of the referent.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                          required:
+                          - secretRef
+                          type: object
+                        type: array
+                      path:
+                        description: Path specifies the sub-directory to be used as
+                          project directory
+                        type: string
+                      ref:
+                        description: Ref specifies the tag to be used. If omitted,
+                          the "latest" tag is used.
+                        properties:
+                          digest:
+                            description: Digest is the image digest to pull, takes
+                              precedence over SemVer. The value should be in the format
+                              'sha256:<HASH>'.
+                            type: string
+                          tag:
+                            description: Tag is the image tag to pull, defaults to
+                              latest.
+                            type: string
+                        type: object
+                      url:
+                        description: Url specifies the Git url where the project source
+                          is located
+                        type: string
+                    required:
+                    - url
+                    type: object
                   path:
                     description: Path specifies the sub-directory to be used as project
-                      directory
+                      directory DEPRECATED this field is deprecated and will be removed
+                      in a future version of the controller. Use git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -365,12 +514,12 @@ spec:
                     type: object
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
-                      credentials for See GitCredentials.SecretRef for details DEPRECATED
-                      this field is deprecated and will be removed in a future version
-                      of the controller. Use Credentials instead. WARNING using this
-                      field causes the controller to pass http basic auth credentials
-                      to ALL repositories involved. Use Credentials with a proper
-                      Host field instead.
+                      credentials for See ProjectSourceCredentials.SecretRef for details
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use Credentials instead. WARNING
+                      using this field causes the controller to pass http basic auth
+                      credentials to ALL repositories involved. Use Credentials with
+                      a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -380,10 +529,9 @@ spec:
                     type: object
                   url:
                     description: Url specifies the Git url where the project source
-                      is located
+                      is located DEPRECATED this field is deprecated and will be removed
+                      in a future version of the controller. Use git.url instead.
                     type: string
-                required:
-                - url
                 type: object
               suspend:
                 description: This flag tells the controller to suspend subsequent
@@ -548,6 +696,8 @@ spec:
                 properties:
                   gitRepoKey:
                     type: string
+                  ociRepoKey:
+                    type: string
                   subDir:
                     type: string
                 type: object
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 71530f356..f126fd2c8 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -313,10 +313,12 @@ spec:
                 properties:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use git.credentials instead.
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this git secret
+                          description: Host specifies the hostname that this secret
                             applies to. If set to '*', this set of credentials applies
                             to all hosts. Using '*' for http(s) based repositories
                             is not supported, meaning that such credentials sets will
@@ -325,14 +327,14 @@ spec:
                           type: string
                         pathPrefix:
                           description: PathPrefix specified the path prefix to be
-                            used to filter git urls. Only urls that have this prefix
+                            used to filter source urls. Only urls that have this prefix
                             will use this set of credentials.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS repositories
+                            credentials for the git repository. For HTTPS git repositories
                             the Secret must contain 'username' and 'password' fields.
-                            For SSH repositories the Secret must contain 'identity'
+                            For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
                             name:
@@ -345,13 +347,160 @@ spec:
                       - secretRef
                       type: object
                     type: array
+                  git:
+                    description: Git specifies a git repository as project source
+                    properties:
+                      credentials:
+                        description: Credentials specifies a list of secrets with
+                          credentials
+                        items:
+                          properties:
+                            host:
+                              description: Host specifies the hostname that this secret
+                                applies to. If set to '*', this set of credentials
+                                applies to all hosts. Using '*' for http(s) based
+                                repositories is not supported, meaning that such credentials
+                                sets will be ignored. You must always set a proper
+                                hostname in that case.
+                              type: string
+                            pathPrefix:
+                              description: PathPrefix specified the path prefix to
+                                be used to filter source urls. Only urls that have
+                                this prefix will use this set of credentials.
+                              type: string
+                            secretRef:
+                              description: SecretRef specifies the Secret containing
+                                authentication credentials for the git repository.
+                                For HTTPS git repositories the Secret must contain
+                                'username' and 'password' fields. For SSH git repositories
+                                the Secret must contain 'identity' and 'known_hosts'
+                                fields.
+                              properties:
+                                name:
+                                  description: Name of the referent.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                          required:
+                          - secretRef
+                          type: object
+                        type: array
+                      path:
+                        description: Path specifies the sub-directory to be used as
+                          project directory
+                        type: string
+                      ref:
+                        description: Ref specifies the branch, tag or commit that
+                          should be used. If omitted, the default branch of the repo
+                          is used.
+                        properties:
+                          branch:
+                            description: Branch to use.
+                            type: string
+                          commit:
+                            description: Commit SHA to use.
+                            type: string
+                          tag:
+                            description: Tag to use.
+                            type: string
+                        type: object
+                      secretRef:
+                        description: SecretRef specifies the Secret containing authentication
+                          credentials for See ProjectSourceCredentials.SecretRef for
+                          details DEPRECATED this field is deprecated and will be
+                          removed in a future version of the controller. Use Credentials
+                          instead. WARNING using this field causes the controller
+                          to pass http basic auth credentials to ALL repositories
+                          involved. Use Credentials with a proper Host field instead.
+                        properties:
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      url:
+                        description: Url specifies the Git url where the project source
+                          is located
+                        type: string
+                    required:
+                    - url
+                    type: object
+                  oci:
+                    description: Oci specifies an OCI repository as project source
+                    properties:
+                      credentials:
+                        description: Credentials specifies a list of secrets with
+                          credentials
+                        items:
+                          properties:
+                            host:
+                              description: Host specifies the hostname that this secret
+                                applies to. If set to '*', this set of credentials
+                                applies to all hosts. Using '*' for http(s) based
+                                repositories is not supported, meaning that such credentials
+                                sets will be ignored. You must always set a proper
+                                hostname in that case.
+                              type: string
+                            pathPrefix:
+                              description: PathPrefix specified the path prefix to
+                                be used to filter source urls. Only urls that have
+                                this prefix will use this set of credentials.
+                              type: string
+                            secretRef:
+                              description: SecretRef specifies the Secret containing
+                                authentication credentials for the git repository.
+                                For HTTPS git repositories the Secret must contain
+                                'username' and 'password' fields. For SSH git repositories
+                                the Secret must contain 'identity' and 'known_hosts'
+                                fields.
+                              properties:
+                                name:
+                                  description: Name of the referent.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                          required:
+                          - secretRef
+                          type: object
+                        type: array
+                      path:
+                        description: Path specifies the sub-directory to be used as
+                          project directory
+                        type: string
+                      ref:
+                        description: Ref specifies the tag to be used. If omitted,
+                          the "latest" tag is used.
+                        properties:
+                          digest:
+                            description: Digest is the image digest to pull, takes
+                              precedence over SemVer. The value should be in the format
+                              'sha256:<HASH>'.
+                            type: string
+                          tag:
+                            description: Tag is the image tag to pull, defaults to
+                              latest.
+                            type: string
+                        type: object
+                      url:
+                        description: Url specifies the Git url where the project source
+                          is located
+                        type: string
+                    required:
+                    - url
+                    type: object
                   path:
                     description: Path specifies the sub-directory to be used as project
-                      directory
+                      directory DEPRECATED this field is deprecated and will be removed
+                      in a future version of the controller. Use git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -365,12 +514,12 @@ spec:
                     type: object
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
-                      credentials for See GitCredentials.SecretRef for details DEPRECATED
-                      this field is deprecated and will be removed in a future version
-                      of the controller. Use Credentials instead. WARNING using this
-                      field causes the controller to pass http basic auth credentials
-                      to ALL repositories involved. Use Credentials with a proper
-                      Host field instead.
+                      credentials for See ProjectSourceCredentials.SecretRef for details
+                      DEPRECATED this field is deprecated and will be removed in a
+                      future version of the controller. Use Credentials instead. WARNING
+                      using this field causes the controller to pass http basic auth
+                      credentials to ALL repositories involved. Use Credentials with
+                      a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -380,10 +529,9 @@ spec:
                     type: object
                   url:
                     description: Url specifies the Git url where the project source
-                      is located
+                      is located DEPRECATED this field is deprecated and will be removed
+                      in a future version of the controller. Use git.url instead.
                     type: string
-                required:
-                - url
                 type: object
               suspend:
                 description: This flag tells the controller to suspend subsequent
@@ -548,6 +696,8 @@ spec:
                 properties:
                   gitRepoKey:
                     type: string
+                  ociRepoKey:
+                    type: string
                   subDir:
                     type: string
                 type: object

From 779a7c3e79ce90b8a49e7fe8b0ab13aed1155c65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 23:12:53 +0200
Subject: [PATCH 1672/2268] fix: Omit empty deprecated source url

---
 api/v1beta1/kluctldeployment_types.go          | 2 +-
 api/v1beta1/zz_generated.deepcopy.go           | 5 ++++-
 e2e/gitops_test.go                             | 2 +-
 pkg/controllers/kluctl_project.go              | 6 ++++--
 pkg/controllers/kluctldeployment_controller.go | 6 ++++--
 5 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 78baba0e2..a69dfee6a 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -246,7 +246,7 @@ type ProjectSource struct {
 	// Url specifies the Git url where the project source is located
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.
 	// +optional
-	URL types.GitUrl `json:"url"`
+	URL *types.GitUrl `json:"url,omitempty"`
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.ref instead.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 15b96d23d..3464f3a51 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -322,7 +322,10 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 		*out = new(ProjectSourceOci)
 		(*in).DeepCopyInto(*out)
 	}
-	in.URL.DeepCopyInto(&out.URL)
+	if in.URL != nil {
+		in, out := &in.URL, &out.URL
+		*out = (*in).DeepCopy()
+	}
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
 		*out = new(types.GitRef)
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index f5fa685b5..bd50916f6 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -261,7 +261,7 @@ data:
 		"k2":        42,
 	}, kluctlv1.ProjectSource{
 		// let's misuse this testcase to test the deprecated ProjectSource
-		URL: *types2.ParseGitUrlMust(p.GitUrl()),
+		URL: types2.ParseGitUrlMust(p.GitUrl()),
 	})
 
 	suite.Run("initial deployment", func() {
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index aa0b261b6..c78f1925f 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -122,8 +122,8 @@ func prepareProject(ctx context.Context,
 			if err != nil {
 				return nil, err
 			}
-		} else {
-			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.URL)
+		} else if pp.obj.Spec.Source.URL != nil {
+			rpEntry, err := pp.gitRP.GetEntry(*pp.obj.Spec.Source.URL)
 			if err != nil {
 				return nil, fmt.Errorf("failed to clone git source: %w", err)
 			}
@@ -132,6 +132,8 @@ func prepareProject(ctx context.Context,
 			if err != nil {
 				return nil, err
 			}
+		} else {
+			return nil, fmt.Errorf("missing source spec")
 		}
 
 		// check kluctl project path exists
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index b8aa41418..ee3654e56 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -249,11 +249,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			OciRepoKey: repoKey,
 			SubDir:     path.Clean(obj.Spec.Source.Oci.Path),
 		}
-	} else {
+	} else if obj.Spec.Source.URL != nil {
 		newProjectKey = result.ProjectKey{
 			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
 			SubDir:     path.Clean(obj.Spec.Source.Path),
 		}
+	} else {
+		return doFailPrepare(fmt.Errorf("missing source spec"))
 	}
 	if newProjectKey.SubDir == "." {
 		newProjectKey.SubDir = ""
@@ -744,7 +746,7 @@ func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.
 			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
 		internal_metrics.NewKluctlOciSourceSpec(obj.Namespace, obj.Name,
 			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
-	} else {
+	} else if obj.Spec.Source.URL != nil {
 		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
 			obj.Spec.Source.URL.String(), obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
 	}

From d094bbf2ba379f64d83304e4c14fc426ab3df244 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 6 Oct 2023 23:13:07 +0200
Subject: [PATCH 1673/2268] tests: Fix gitops tests

---
 e2e/gitops_errors_test.go      | 4 ++--
 e2e/gitops_git_include_test.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 4a135b29c..719690ee1 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -197,9 +197,9 @@ data:
 			kd.Spec.Source.Git.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
 		})
 		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed clone source: repository not found", nil, nil)
+		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to clone git source: repository not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Source.URL = backup
+			kd.Spec.Source.Git.URL = backup
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 0d97d27da..b25e3bdb2 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -33,7 +33,7 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(readinessCondition.Message).To(Equal("failed clone source: authentication required"))
+		g.Expect(readinessCondition.Message).To(Equal("failed to clone git source: authentication required"))
 	})
 
 	secret := corev1.Secret{
@@ -95,7 +95,7 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(readinessCondition.Message).To(Equal("failed clone source: authentication required"))
+		g.Expect(readinessCondition.Message).To(Equal("failed to clone git source: authentication required"))
 	})
 
 	createSecret := func(secretName string, username string, password string) {

From 7badee1051bcf90472fb87aa60c602b9fe172109 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 7 Oct 2023 12:57:51 +0200
Subject: [PATCH 1674/2268] fix: Stop assuming repo keys have / as prefix
 sometimes

---
 pkg/repocache/utils.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/repocache/utils.go b/pkg/repocache/utils.go
index ddc445bdf..409cd9deb 100644
--- a/pkg/repocache/utils.go
+++ b/pkg/repocache/utils.go
@@ -16,14 +16,14 @@ func findRepoOverride(repoOverrides []RepoOverride, repoKey types.GitRepoKey) (s
 
 		var overridePath string
 		if ro.IsGroup {
-			prefix := "/" + ro.RepoKey.Path + "/"
+			prefix := ro.RepoKey.Path + "/"
 			if !strings.HasPrefix(repoKey.Path, prefix) {
 				continue
 			}
 			relPath := strings.TrimPrefix(repoKey.Path, prefix)
 			overridePath = path.Join(ro.Override, relPath)
 		} else {
-			if "/"+ro.RepoKey.Path != repoKey.Path {
+			if ro.RepoKey.Path != repoKey.Path {
 				continue
 			}
 			overridePath = ro.Override

From b2854f20ca718ee06c635ab1ab5e6dc05a4fe3f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 09:49:41 +0200
Subject: [PATCH 1675/2268] refactor: Rename CreateOciRepo to CreateHelmOciRepo

---
 e2e/gitops_test.go                | 2 +-
 e2e/helm_test.go                  | 2 +-
 e2e/test-utils/helm_repo_utils.go | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index bd50916f6..31a6a4907 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -372,7 +372,7 @@ func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Helm() {
 	repoUrlWithCreds := test_utils.CreateHelmRepo(suite.T(), []test_utils.RepoChart{
 		{ChartName: "test-chart2", Version: "0.1.0"},
 	}, "test-user", "test-password")
-	ociRepoUrlWithCreds := test_utils.CreateOciRepo(suite.T(), []test_utils.RepoChart{
+	ociRepoUrlWithCreds := test_utils.CreateHelmOciRepo(suite.T(), []test_utils.RepoChart{
 		{ChartName: "test-chart3", Version: "0.1.0"},
 	}, "test-user", "test-password")
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index e2b3dba3c..58ac33885 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -20,7 +20,7 @@ import (
 
 func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, user string, password string) string {
 	if oci {
-		return test_utils.CreateOciRepo(t, charts, user, password)
+		return test_utils.CreateHelmOciRepo(t, charts, user, password)
 	} else {
 		return test_utils.CreateHelmRepo(t, charts, user, password)
 	}
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 6bf45c0f5..ee1dc8dcc 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -114,7 +114,7 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password
 	return s.URL
 }
 
-func CreateOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
+func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
 	tmpDir := t.TempDir()
 
 	ociRegistry := registry.New()

From f3c7a9d55b03ccbdd56d0b2dbd74318f7359c926 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 11:05:23 +0200
Subject: [PATCH 1676/2268] chore: Copy oci package from Flux

---
 pkg/oci/auth/aws/auth.go                      | 169 +++++
 pkg/oci/auth/aws/auth_test.go                 | 236 +++++++
 pkg/oci/auth/azure/auth.go                    | 158 +++++
 pkg/oci/auth/azure/auth_test.go               | 199 ++++++
 pkg/oci/auth/azure/exchanger.go               | 123 ++++
 pkg/oci/auth/azure/exchanger_test.go          |  95 +++
 pkg/oci/auth/azure/fake.go                    |  38 ++
 pkg/oci/auth/flag_test.go                     |  36 +
 pkg/oci/auth/gcp/auth.go                      | 131 ++++
 pkg/oci/auth/gcp/auth_test.go                 | 174 +++++
 pkg/oci/auth/login/login.go                   | 159 +++++
 pkg/oci/auth/login/login_test.go              | 163 +++++
 pkg/oci/client/build.go                       | 163 +++++
 pkg/oci/client/build_test.go                  | 160 +++++
 pkg/oci/client/client.go                      |  66 ++
 pkg/oci/client/delete.go                      |  35 +
 pkg/oci/client/delete_test.go                 |  91 +++
 pkg/oci/client/diff.go                        |  99 +++
 pkg/oci/client/diff_test.go                   |  65 ++
 pkg/oci/client/internal/fs/LICENSE            |  27 +
 pkg/oci/client/internal/fs/fs.go              | 345 ++++++++++
 pkg/oci/client/internal/fs/fs_test.go         | 625 ++++++++++++++++++
 pkg/oci/client/internal/fs/rename.go          |  31 +
 pkg/oci/client/internal/fs/rename_windows.go  |  42 ++
 pkg/oci/client/internal/fs/testdata/test.file |   0
 pkg/oci/client/list.go                        | 134 ++++
 pkg/oci/client/list_test.go                   | 144 ++++
 pkg/oci/client/login.go                       |  93 +++
 pkg/oci/client/login_test.go                  |  83 +++
 pkg/oci/client/meta.go                        |  57 ++
 pkg/oci/client/pull.go                        |  74 +++
 pkg/oci/client/pull_test.go                   |  84 +++
 pkg/oci/client/push.go                        |  86 +++
 pkg/oci/client/push_pull_test.go              | 110 +++
 pkg/oci/client/retry_transport.go             |  91 +++
 pkg/oci/client/suite_test.go                  |  89 +++
 pkg/oci/client/tag.go                         |  41 ++
 pkg/oci/client/tag_test.go                    |  47 ++
 .../client/testdata/artifact/deploy/repo.yaml |   8 +
 .../client/testdata/artifact/deployment.yaml  |  21 +
 .../artifact/ignore-dir/deployment.yaml       |  21 +
 pkg/oci/client/testdata/artifact/ignore.txt   |   1 +
 .../testdata/artifact/somedir/git/repo.yaml   |   8 +
 .../testdata/artifact/somedir/repo.yaml       |   8 +
 pkg/oci/client/url.go                         |  55 ++
 pkg/oci/constants.go                          |  54 ++
 pkg/oci/doc.go                                |  22 +
 pkg/oci/errors.go                             |  25 +
 pkg/oci/globals.go                            |  30 +
 pkg/oci/sourceignore/sourceignore.go          | 131 ++++
 pkg/oci/sourceignore/sourceignore_test.go     | 258 ++++++++
 pkg/oci/version/version.go                    |  33 +
 pkg/oci/version/version_test.go               |  49 ++
 53 files changed, 5287 insertions(+)
 create mode 100644 pkg/oci/auth/aws/auth.go
 create mode 100644 pkg/oci/auth/aws/auth_test.go
 create mode 100644 pkg/oci/auth/azure/auth.go
 create mode 100644 pkg/oci/auth/azure/auth_test.go
 create mode 100644 pkg/oci/auth/azure/exchanger.go
 create mode 100644 pkg/oci/auth/azure/exchanger_test.go
 create mode 100644 pkg/oci/auth/azure/fake.go
 create mode 100644 pkg/oci/auth/flag_test.go
 create mode 100644 pkg/oci/auth/gcp/auth.go
 create mode 100644 pkg/oci/auth/gcp/auth_test.go
 create mode 100644 pkg/oci/auth/login/login.go
 create mode 100644 pkg/oci/auth/login/login_test.go
 create mode 100644 pkg/oci/client/build.go
 create mode 100644 pkg/oci/client/build_test.go
 create mode 100644 pkg/oci/client/client.go
 create mode 100644 pkg/oci/client/delete.go
 create mode 100644 pkg/oci/client/delete_test.go
 create mode 100644 pkg/oci/client/diff.go
 create mode 100644 pkg/oci/client/diff_test.go
 create mode 100644 pkg/oci/client/internal/fs/LICENSE
 create mode 100644 pkg/oci/client/internal/fs/fs.go
 create mode 100644 pkg/oci/client/internal/fs/fs_test.go
 create mode 100644 pkg/oci/client/internal/fs/rename.go
 create mode 100644 pkg/oci/client/internal/fs/rename_windows.go
 create mode 100644 pkg/oci/client/internal/fs/testdata/test.file
 create mode 100644 pkg/oci/client/list.go
 create mode 100644 pkg/oci/client/list_test.go
 create mode 100644 pkg/oci/client/login.go
 create mode 100644 pkg/oci/client/login_test.go
 create mode 100644 pkg/oci/client/meta.go
 create mode 100644 pkg/oci/client/pull.go
 create mode 100644 pkg/oci/client/pull_test.go
 create mode 100644 pkg/oci/client/push.go
 create mode 100644 pkg/oci/client/push_pull_test.go
 create mode 100644 pkg/oci/client/retry_transport.go
 create mode 100644 pkg/oci/client/suite_test.go
 create mode 100644 pkg/oci/client/tag.go
 create mode 100644 pkg/oci/client/tag_test.go
 create mode 100644 pkg/oci/client/testdata/artifact/deploy/repo.yaml
 create mode 100644 pkg/oci/client/testdata/artifact/deployment.yaml
 create mode 100644 pkg/oci/client/testdata/artifact/ignore-dir/deployment.yaml
 create mode 100644 pkg/oci/client/testdata/artifact/ignore.txt
 create mode 100644 pkg/oci/client/testdata/artifact/somedir/git/repo.yaml
 create mode 100644 pkg/oci/client/testdata/artifact/somedir/repo.yaml
 create mode 100644 pkg/oci/client/url.go
 create mode 100644 pkg/oci/constants.go
 create mode 100644 pkg/oci/doc.go
 create mode 100644 pkg/oci/errors.go
 create mode 100644 pkg/oci/globals.go
 create mode 100644 pkg/oci/sourceignore/sourceignore.go
 create mode 100644 pkg/oci/sourceignore/sourceignore_test.go
 create mode 100644 pkg/oci/version/version.go
 create mode 100644 pkg/oci/version/version_test.go

diff --git a/pkg/oci/auth/aws/auth.go b/pkg/oci/auth/aws/auth.go
new file mode 100644
index 000000000..1019a86a0
--- /dev/null
+++ b/pkg/oci/auth/aws/auth.go
@@ -0,0 +1,169 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package aws
+
+import (
+	"context"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"regexp"
+	"strings"
+	"sync"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ecr"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)`)
+
+// ParseRegistry returns the AWS account ID and region and `true` if
+// the image registry/repository is hosted in AWS's Elastic Container Registry,
+// otherwise empty strings and `false`.
+func ParseRegistry(registry string) (accountId, awsEcrRegion string, ok bool) {
+	registryParts := registryPartRe.FindAllStringSubmatch(registry, -1)
+	if len(registryParts) < 1 || len(registryParts[0]) < 3 {
+		return "", "", false
+	}
+	return registryParts[0][1], registryParts[0][2], true
+}
+
+// Client is a AWS ECR client which can log into the registry and return
+// authorization information.
+type Client struct {
+	config *aws.Config
+	mu     sync.Mutex
+}
+
+// NewClient creates a new empty ECR client.
+// NOTE: In order to avoid breaking the auth API with aws-sdk-go-v2's default
+// config, return an empty Client. Client.getLoginAuth() loads the default
+// config if Client.config is nil. This also enables tests to configure the
+// Client with stub before calling the login method using Client.WithConfig().
+func NewClient() *Client {
+	return &Client{}
+}
+
+// WithConfig allows setting the client config if it's uninitialized.
+func (c *Client) WithConfig(cfg *aws.Config) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.config == nil {
+		c.config = cfg
+	}
+}
+
+// getLoginAuth obtains authentication for ECR given the
+// region (taken from the image). This assumes that the pod has
+// IAM permissions to get an authentication token, which will usually
+// be the case if it's running in EKS, and may need additional setup
+// otherwise (visit https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/
+// as a starting point).
+func (c *Client) getLoginAuth(ctx context.Context, awsEcrRegion string) (authn.AuthConfig, error) {
+	// No caching of tokens is attempted; the quota for getting an
+	// auth token is high enough that getting a token every time you
+	// scan an image is viable for O(500) images per region. See
+	// https://docs.aws.amazon.com/general/latest/gr/ecr.html.
+	var authConfig authn.AuthConfig
+	var cfg aws.Config
+
+	c.mu.Lock()
+	if c.config != nil {
+		cfg = c.config.Copy()
+	} else {
+		var err error
+		cfg, err = config.LoadDefaultConfig(ctx, config.WithRegion(awsEcrRegion))
+		if err != nil {
+			c.mu.Unlock()
+			return authConfig, fmt.Errorf("failed to load default configuration: %w", err)
+		}
+		c.config = &cfg
+	}
+	c.mu.Unlock()
+
+	ecrService := ecr.NewFromConfig(cfg)
+	// NOTE: ecr.GetAuthorizationTokenInput has deprecated RegistryIds. Hence,
+	// pass nil input.
+	ecrToken, err := ecrService.GetAuthorizationToken(ctx, nil)
+	if err != nil {
+		return authConfig, err
+	}
+
+	// Validate the authorization data.
+	if len(ecrToken.AuthorizationData) == 0 {
+		return authConfig, errors.New("no authorization data")
+	}
+	if ecrToken.AuthorizationData[0].AuthorizationToken == nil {
+		return authConfig, fmt.Errorf("no authorization token")
+	}
+	token, err := base64.StdEncoding.DecodeString(*ecrToken.AuthorizationData[0].AuthorizationToken)
+	if err != nil {
+		return authConfig, err
+	}
+
+	tokenSplit := strings.Split(string(token), ":")
+	// Validate the tokens.
+	if len(tokenSplit) != 2 {
+		return authConfig, fmt.Errorf("invalid authorization token, expected the token to have two parts separated by ':', got %d parts", len(tokenSplit))
+	}
+	authConfig = authn.AuthConfig{
+		Username: tokenSplit[0],
+		Password: tokenSplit[1],
+	}
+	return authConfig, nil
+}
+
+// Login attempts to get the authentication material for ECR.
+func (c *Client) Login(ctx context.Context, autoLogin bool, image string) (authn.Authenticator, error) {
+	if autoLogin {
+		log.FromContext(ctx).Info("logging in to AWS ECR for " + image)
+		_, awsEcrRegion, ok := ParseRegistry(image)
+		if !ok {
+			return nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
+		}
+
+		authConfig, err := c.getLoginAuth(ctx, awsEcrRegion)
+		if err != nil {
+			return nil, err
+		}
+
+		auth := authn.FromConfig(authConfig)
+		return auth, nil
+	}
+	return nil, fmt.Errorf("ECR authentication failed: %w", oci.ErrUnconfiguredProvider)
+}
+
+// OIDCLogin attempts to get the authentication material for ECR.
+func (c *Client) OIDCLogin(ctx context.Context, registryURL string) (authn.Authenticator, error) {
+	_, awsEcrRegion, ok := ParseRegistry(registryURL)
+	if !ok {
+		return nil, errors.New("failed to parse AWS ECR image, invalid ECR image")
+	}
+
+	authConfig, err := c.getLoginAuth(ctx, awsEcrRegion)
+	if err != nil {
+		return nil, err
+	}
+
+	auth := authn.FromConfig(authConfig)
+	return auth, nil
+}
diff --git a/pkg/oci/auth/aws/auth_test.go b/pkg/oci/auth/aws/auth_test.go
new file mode 100644
index 000000000..49bd416d0
--- /dev/null
+++ b/pkg/oci/auth/aws/auth_test.go
@@ -0,0 +1,236 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package aws
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/google/go-containerregistry/pkg/authn"
+	. "github.com/onsi/gomega"
+)
+
+const (
+	testValidECRImage = "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1"
+)
+
+func TestParseRegistry(t *testing.T) {
+	tests := []struct {
+		registry      string
+		wantAccountID string
+		wantRegion    string
+		wantOK        bool
+	}{
+		{
+			registry:      "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-east-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-east-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr.us-east-1.amazonaws.com",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-east-1",
+			wantOK:        true,
+		},
+		{
+			registry: "gcr.io/foo/bar:baz",
+			wantOK:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.registry, func(t *testing.T) {
+			g := NewWithT(t)
+
+			accId, region, ok := ParseRegistry(tt.registry)
+			g.Expect(ok).To(Equal(tt.wantOK), "unexpected OK")
+			g.Expect(accId).To(Equal(tt.wantAccountID), "unexpected account IDs")
+			g.Expect(region).To(Equal(tt.wantRegion), "unexpected regions")
+		})
+	}
+}
+
+func TestGetLoginAuth(t *testing.T) {
+	tests := []struct {
+		name           string
+		responseBody   []byte
+		statusCode     int
+		wantErr        bool
+		wantAuthConfig authn.AuthConfig
+	}{
+		{
+			// NOTE: The authorizationToken is base64 encoded.
+			name: "success",
+			responseBody: []byte(`{
+	"authorizationData": [
+		{
+			"authorizationToken": "c29tZS1rZXk6c29tZS1zZWNyZXQ="
+		}
+	]
+}`),
+			statusCode: http.StatusOK,
+			wantAuthConfig: authn.AuthConfig{
+				Username: "some-key",
+				Password: "some-secret",
+			},
+		},
+		{
+			name:       "fail",
+			statusCode: http.StatusInternalServerError,
+			wantErr:    true,
+		},
+		{
+			name: "invalid token",
+			responseBody: []byte(`{
+	"authorizationData": [
+		{
+			"authorizationToken": "c29tZS10b2tlbg=="
+		}
+	]
+}`),
+			statusCode: http.StatusOK,
+			wantErr:    true,
+		},
+		{
+			name: "invalid data",
+			responseBody: []byte(`{
+	"authorizationData": [
+		{
+			"foo": "bar"
+		}
+	]
+}`),
+			statusCode: http.StatusOK,
+			wantErr:    true,
+		},
+		{
+			name:         "invalid response",
+			responseBody: []byte(`{}`),
+			statusCode:   http.StatusOK,
+			wantErr:      true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(tt.responseBody))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			// Configure test client.
+			ec := NewClient()
+			cfg := aws.NewConfig()
+			cfg.EndpointResolverWithOptions = aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+				return aws.Endpoint{URL: srv.URL}, nil
+			})
+			// set the region in the config since we are not using the `LoadDefaultConfig` function that sets the region
+			// by querying the instance metadata service(IMDS)
+			cfg.Credentials = credentials.NewStaticCredentialsProvider("x", "y", "z")
+			ec.WithConfig(cfg)
+
+			a, err := ec.getLoginAuth(context.TODO(), "us-east-1")
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if tt.statusCode == http.StatusOK {
+				g.Expect(a).To(Equal(tt.wantAuthConfig))
+			}
+		})
+	}
+}
+
+func TestLogin(t *testing.T) {
+	tests := []struct {
+		name       string
+		autoLogin  bool
+		image      string
+		statusCode int
+		testOIDC   bool
+		wantErr    bool
+	}{
+		{
+			name:       "no auto login",
+			autoLogin:  false,
+			image:      testValidECRImage,
+			statusCode: http.StatusOK,
+			wantErr:    true,
+		},
+		{
+			name:       "with auto login",
+			autoLogin:  true,
+			image:      testValidECRImage,
+			statusCode: http.StatusOK,
+			testOIDC:   true,
+		},
+		{
+			name:       "login failure",
+			autoLogin:  true,
+			image:      testValidECRImage,
+			statusCode: http.StatusInternalServerError,
+			testOIDC:   true,
+			wantErr:    true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(`{"authorizationData": [{"authorizationToken": "c29tZS1rZXk6c29tZS1zZWNyZXQ="}]}`))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			// Configure test client.
+			ecrClient := NewClient()
+			cfg := aws.NewConfig()
+			cfg.EndpointResolverWithOptions = aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) {
+				return aws.Endpoint{URL: srv.URL}, nil
+			})
+			cfg.Credentials = credentials.NewStaticCredentialsProvider("x", "y", "z")
+			ecrClient.WithConfig(cfg)
+
+			_, err := ecrClient.Login(context.TODO(), tt.autoLogin, tt.image)
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+
+			if tt.testOIDC {
+				_, err = ecrClient.OIDCLogin(context.TODO(), tt.image)
+				g.Expect(err != nil).To(Equal(tt.wantErr))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/auth/azure/auth.go b/pkg/oci/auth/azure/auth.go
new file mode 100644
index 000000000..eea68d821
--- /dev/null
+++ b/pkg/oci/auth/azure/auth.go
@@ -0,0 +1,158 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	_ "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+// Client is an Azure ACR client which can log into the registry and return
+// authorization information.
+type Client struct {
+	credential azcore.TokenCredential
+	scheme     string
+}
+
+// NewClient creates a new ACR client with default configurations.
+func NewClient() *Client {
+	return &Client{scheme: "https"}
+}
+
+// WithTokenCredential sets the token credential used by the ACR client.
+func (c *Client) WithTokenCredential(tc azcore.TokenCredential) *Client {
+	c.credential = tc
+	return c
+}
+
+// WithScheme sets the scheme of the http request that the client makes.
+func (c *Client) WithScheme(scheme string) *Client {
+	c.scheme = scheme
+	return c
+}
+
+// getLoginAuth returns authentication for ACR. The details needed for authentication
+// are gotten from environment variable so there is no need to mount a host path.
+// The endpoint is the registry server and will be queried for OAuth authorization token.
+func (c *Client) getLoginAuth(ctx context.Context, registryURL string) (authn.AuthConfig, error) {
+	var authConfig authn.AuthConfig
+
+	// Use default credentials if no token credential is provided.
+	// NOTE: NewDefaultAzureCredential() performs a lot of environment lookup
+	// for creating default token credential. Load it only when it's needed.
+	if c.credential == nil {
+		cred, err := azidentity.NewDefaultAzureCredential(nil)
+		if err != nil {
+			return authConfig, err
+		}
+		c.credential = cred
+	}
+
+	configurationEnvironment := getCloudConfiguration(registryURL)
+	// Obtain access token using the token credential.
+	armToken, err := c.credential.GetToken(ctx, policy.TokenRequestOptions{
+		Scopes: []string{configurationEnvironment.Services[cloud.ResourceManager].Endpoint + "/" + ".default"},
+	})
+	if err != nil {
+		return authConfig, err
+	}
+
+	// Obtain ACR access token using exchanger.
+	ex := newExchanger(registryURL)
+	accessToken, err := ex.ExchangeACRAccessToken(string(armToken.Token))
+	if err != nil {
+		return authConfig, fmt.Errorf("error exchanging token: %w", err)
+	}
+
+	return authn.AuthConfig{
+		// This is the acr username used by Azure
+		// See documentation: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#az-acr-login-with---expose-token
+		Username: "00000000-0000-0000-0000-000000000000",
+		Password: accessToken,
+	}, nil
+}
+
+// getCloudConfiguration returns the cloud configuration based on the registry URL.
+// List from https://github.com/Azure/azure-sdk-for-go/blob/main/sdk/containers/azcontainerregistry/cloud_config.go#L16
+func getCloudConfiguration(url string) cloud.Configuration {
+	switch {
+	case strings.HasSuffix(url, ".azurecr.cn"):
+		return cloud.AzureChina
+	case strings.HasSuffix(url, ".azurecr.us"):
+		return cloud.AzureGovernment
+	default:
+		return cloud.AzurePublic
+	}
+}
+
+// ValidHost returns if a given host is a Azure container registry.
+// List from https://github.com/kubernetes/kubernetes/blob/v1.23.1/pkg/credentialprovider/azure/azure_credentials.go#L55
+func ValidHost(host string) bool {
+	for _, v := range []string{".azurecr.io", ".azurecr.cn", ".azurecr.de", ".azurecr.us"} {
+		if strings.HasSuffix(host, v) {
+			return true
+		}
+	}
+	return false
+}
+
+// Login attempts to get the authentication material for ACR. The caller can
+// ensure that the passed image is a valid ACR image using ValidHost().
+func (c *Client) Login(ctx context.Context, autoLogin bool, image string, ref name.Reference) (authn.Authenticator, error) {
+	if autoLogin {
+		log.FromContext(ctx).Info("logging in to Azure ACR for " + image)
+		// get registry host from image
+		strArr := strings.SplitN(image, "/", 2)
+		endpoint := fmt.Sprintf("%s://%s", c.scheme, strArr[0])
+		authConfig, err := c.getLoginAuth(ctx, endpoint)
+		if err != nil {
+			log.FromContext(ctx).Info("error logging into ACR " + err.Error())
+			return nil, err
+		}
+
+		auth := authn.FromConfig(authConfig)
+		return auth, nil
+	}
+	return nil, fmt.Errorf("ACR authentication failed: %w", oci.ErrUnconfiguredProvider)
+}
+
+// OIDCLogin attempts to get an Authenticator for the provided ACR registry URL endpoint.
+//
+// If you want to construct an Authenticator based on an image reference,
+// you may want to use Login instead.
+func (c *Client) OIDCLogin(ctx context.Context, registryUrl string) (authn.Authenticator, error) {
+	authConfig, err := c.getLoginAuth(ctx, registryUrl)
+	if err != nil {
+		log.FromContext(ctx).Info("error logging into ACR " + err.Error())
+		return nil, err
+	}
+
+	auth := authn.FromConfig(authConfig)
+	return auth, nil
+}
diff --git a/pkg/oci/auth/azure/auth_test.go b/pkg/oci/auth/azure/auth_test.go
new file mode 100644
index 000000000..a1618dae7
--- /dev/null
+++ b/pkg/oci/auth/azure/auth_test.go
@@ -0,0 +1,199 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"path"
+	"testing"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	. "github.com/onsi/gomega"
+)
+
+func TestGetAzureLoginAuth(t *testing.T) {
+	tests := []struct {
+		name            string
+		tokenCredential azcore.TokenCredential
+		responseBody    string
+		statusCode      int
+		wantErr         bool
+		wantAuthConfig  authn.AuthConfig
+	}{
+		{
+			name:            "success",
+			tokenCredential: &FakeTokenCredential{Token: "foo"},
+			responseBody:    `{"refresh_token": "bbbbb"}`,
+			statusCode:      http.StatusOK,
+			wantAuthConfig: authn.AuthConfig{
+				Username: "00000000-0000-0000-0000-000000000000",
+				Password: "bbbbb",
+			},
+		},
+		{
+			name:            "fail to get access token",
+			tokenCredential: &FakeTokenCredential{Err: errors.New("no access token")},
+			wantErr:         true,
+		},
+		{
+			name:            "error from exchange service",
+			tokenCredential: &FakeTokenCredential{Token: "foo"},
+			responseBody:    `[{"code": "111","message": "error message 1"}]`,
+			statusCode:      http.StatusInternalServerError,
+			wantErr:         true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			// Run a test server.
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(tt.responseBody))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			// Configure new client with test token credential.
+			c := NewClient().
+				WithTokenCredential(tt.tokenCredential).
+				WithScheme("http")
+
+			auth, err := c.getLoginAuth(context.TODO(), srv.URL)
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if tt.statusCode == http.StatusOK {
+				g.Expect(auth).To(Equal(tt.wantAuthConfig))
+			}
+		})
+	}
+}
+
+func TestValidHost(t *testing.T) {
+	tests := []struct {
+		host   string
+		result bool
+	}{
+		{"foo.azurecr.io", true},
+		{"foo.azurecr.cn", true},
+		{"foo.azurecr.de", true},
+		{"foo.azurecr.us", true},
+		{"gcr.io", false},
+		{"docker.io", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.host, func(t *testing.T) {
+			g := NewWithT(t)
+			g.Expect(ValidHost(tt.host)).To(Equal(tt.result))
+		})
+	}
+}
+
+func TestGetCloudConfiguration(t *testing.T) {
+	tests := []struct {
+		host   string
+		result cloud.Configuration
+	}{
+		{"foo.azurecr.io", cloud.AzurePublic},
+		{"foo.azurecr.cn", cloud.AzureChina},
+		{"foo.azurecr.de", cloud.AzurePublic},
+		{"foo.azurecr.us", cloud.AzureGovernment},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.host, func(t *testing.T) {
+			g := NewWithT(t)
+			g.Expect(getCloudConfiguration(tt.host)).To(Equal(tt.result))
+		})
+	}
+}
+
+func TestLogin(t *testing.T) {
+	tests := []struct {
+		name       string
+		autoLogin  bool
+		statusCode int
+		testOIDC   bool
+		wantErr    bool
+	}{
+		{
+			name:       "no auto login",
+			autoLogin:  false,
+			statusCode: http.StatusOK,
+			wantErr:    true,
+		},
+		{
+			name:       "with auto login",
+			autoLogin:  true,
+			testOIDC:   true,
+			statusCode: http.StatusOK,
+		},
+		{
+			name:       "login failure",
+			autoLogin:  true,
+			statusCode: http.StatusInternalServerError,
+			testOIDC:   true,
+			wantErr:    true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			// Run a test server.
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(`{"refresh_token": "bbbbb"}`))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			// Construct an image repo name against the test server.
+			u, err := url.Parse(srv.URL)
+			g.Expect(err).ToNot(HaveOccurred())
+			image := path.Join(u.Host, "foo/bar:v1")
+			ref, err := name.ParseReference(image)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			ac := NewClient().
+				WithTokenCredential(&FakeTokenCredential{Token: "foo"}).
+				WithScheme("http")
+
+			_, err = ac.Login(context.TODO(), tt.autoLogin, u.Host, ref)
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+
+			if tt.testOIDC {
+				_, err = ac.OIDCLogin(context.TODO(), srv.URL)
+				g.Expect(err != nil).To(Equal(tt.wantErr))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/auth/azure/exchanger.go b/pkg/oci/auth/azure/exchanger.go
new file mode 100644
index 000000000..9ab07ea4e
--- /dev/null
+++ b/pkg/oci/auth/azure/exchanger.go
@@ -0,0 +1,123 @@
+/*
+MIT License
+
+Copyright (c) Microsoft Corporation.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE
+*/
+
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+This package exchanges an ARM access token for an ACR access token on Azure
+It has been derived from
+https://github.com/Azure/msi-acrpull/blob/main/pkg/authorizer/token_exchanger.go
+since the project isn't actively maintained.
+*/
+
+package azure
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+)
+
+type tokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	Resource     string `json:"resource"`
+	TokenType    string `json:"token_type"`
+}
+
+type acrError struct {
+	Code    string `json:"code"`
+	Message string `json:"message"`
+}
+
+type exchanger struct {
+	endpoint string
+}
+
+// newExchanger returns an Azure Exchanger for Azure Container Registry with
+// a given endpoint, for example https://azurecr.io.
+func newExchanger(endpoint string) *exchanger {
+	return &exchanger{
+		endpoint: endpoint,
+	}
+}
+
+// ExchangeACRAccessToken exchanges an access token for a refresh token with the
+// exchange service.
+func (e *exchanger) ExchangeACRAccessToken(armToken string) (string, error) {
+	// Construct the exchange URL.
+	exchangeURL, err := url.Parse(e.endpoint)
+	if err != nil {
+		return "", err
+	}
+	exchangeURL.Path = path.Join(exchangeURL.Path, "oauth2/exchange")
+
+	parameters := url.Values{}
+	parameters.Add("grant_type", "access_token")
+	parameters.Add("service", exchangeURL.Hostname())
+	parameters.Add("access_token", armToken)
+
+	resp, err := http.PostForm(exchangeURL.String(), parameters)
+	if err != nil {
+		return "", fmt.Errorf("failed to send token exchange request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("failed to read the body of the response: %w", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		// Parse the error response.
+		var errors []acrError
+		if err = json.Unmarshal(b, &errors); err == nil {
+			return "", fmt.Errorf("unexpected status code %d from exchange request: %s",
+				resp.StatusCode, errors)
+		}
+
+		// Error response could not be parsed, return a generic error.
+		return "", fmt.Errorf("unexpected status code %d from exchange request, response body: %s",
+			resp.StatusCode, string(b))
+	}
+
+	var tokenResp tokenResponse
+	if err = json.Unmarshal(b, &tokenResp); err != nil {
+		return "", fmt.Errorf("failed to decode the response: %w, response body: %s", err, string(b))
+	}
+	return tokenResp.RefreshToken, nil
+}
diff --git a/pkg/oci/auth/azure/exchanger_test.go b/pkg/oci/auth/azure/exchanger_test.go
new file mode 100644
index 000000000..0c84079fb
--- /dev/null
+++ b/pkg/oci/auth/azure/exchanger_test.go
@@ -0,0 +1,95 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	. "github.com/onsi/gomega"
+)
+
+func TestExchanger_ExchangeACRAccessToken(t *testing.T) {
+	tests := []struct {
+		name         string
+		responseBody string
+		statusCode   int
+		wantErr      bool
+		wantToken    string
+	}{
+		{
+			name: "successful",
+			responseBody: `{
+	"access_token": "aaaaa",
+	"refresh_token": "bbbbb",
+	"resource": "ccccc",
+	"token_type": "ddddd"
+}`,
+			statusCode: http.StatusOK,
+			wantToken:  "bbbbb",
+		},
+		{
+			name:       "fail",
+			statusCode: http.StatusInternalServerError,
+			wantErr:    true,
+		},
+		{
+			name:         "invalid response",
+			responseBody: "foo",
+			statusCode:   http.StatusOK,
+			wantErr:      true,
+		},
+		{
+			name: "error response",
+			responseBody: `[
+	{
+		"code": "111",
+		"message": "error message 1"
+	},
+	{
+		"code": "112",
+		"message": "error message 2"
+	}
+]`,
+			statusCode: http.StatusInternalServerError,
+			wantErr:    true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(tt.responseBody))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			ex := newExchanger(srv.URL)
+			token, err := ex.ExchangeACRAccessToken("some-access-token")
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if tt.statusCode == http.StatusOK {
+				g.Expect(token).To(Equal(tt.wantToken))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/auth/azure/fake.go b/pkg/oci/auth/azure/fake.go
new file mode 100644
index 000000000..1719abeba
--- /dev/null
+++ b/pkg/oci/auth/azure/fake.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azure
+
+import (
+	"context"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+)
+
+type FakeTokenCredential struct {
+	Token     string
+	ExpiresOn time.Time
+	Err       error
+}
+
+func (tc *FakeTokenCredential) GetToken(ctx context.Context, options policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	if tc.Err != nil {
+		return azcore.AccessToken{}, tc.Err
+	}
+	return azcore.AccessToken{Token: tc.Token, ExpiresOn: tc.ExpiresOn}, nil
+}
diff --git a/pkg/oci/auth/flag_test.go b/pkg/oci/auth/flag_test.go
new file mode 100644
index 000000000..229ba8f71
--- /dev/null
+++ b/pkg/oci/auth/flag_test.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Make sure we never inject non-test flags when the auth packages are imported.
+// Refer https://github.com/fluxcd/pkg/issues/645.
+package auth_test
+
+import (
+	"flag"
+	"strings"
+	"testing"
+
+	_ "github.com/fluxcd/pkg/oci/auth/login"
+)
+
+func TestNonTestFlagCheck(t *testing.T) {
+	flagCheck := func(f *flag.Flag) {
+		if !strings.HasPrefix(f.Name, "test.") {
+			t.Errorf("found non-test command line flag: %q", f.Name)
+		}
+	}
+	flag.VisitAll(flagCheck)
+}
diff --git a/pkg/oci/auth/gcp/auth.go b/pkg/oci/auth/gcp/auth.go
new file mode 100644
index 000000000..2808bbb6c
--- /dev/null
+++ b/pkg/oci/auth/gcp/auth.go
@@ -0,0 +1,131 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gcp
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+type gceToken struct {
+	AccessToken string `json:"access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+	TokenType   string `json:"token_type"`
+}
+
+// GCP_TOKEN_URL is the default GCP metadata endpoint used for authentication.
+const GCP_TOKEN_URL = "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token"
+
+// ValidHost returns if a given host is a valid GCR host.
+func ValidHost(host string) bool {
+	return host == "gcr.io" || strings.HasSuffix(host, ".gcr.io") || strings.HasSuffix(host, "-docker.pkg.dev")
+}
+
+// Client is a GCP GCR client which can log into the registry and return
+// authorization information.
+type Client struct {
+	tokenURL string
+}
+
+// NewClient creates a new GCR client with default configurations.
+func NewClient() *Client {
+	return &Client{tokenURL: GCP_TOKEN_URL}
+}
+
+// WithTokenURL sets the token URL used by the GCR client.
+func (c *Client) WithTokenURL(url string) *Client {
+	c.tokenURL = url
+	return c
+}
+
+// getLoginAuth obtains authentication by getting a token from the metadata API
+// on GCP. This assumes that the pod has right to pull the image which would be
+// the case if it is hosted on GCP. It works with both service account and
+// workload identity enabled clusters.
+func (c *Client) getLoginAuth(ctx context.Context) (authn.AuthConfig, error) {
+	var authConfig authn.AuthConfig
+
+	request, err := http.NewRequestWithContext(ctx, http.MethodGet, c.tokenURL, nil)
+	if err != nil {
+		return authConfig, err
+	}
+
+	request.Header.Add("Metadata-Flavor", "Google")
+
+	client := &http.Client{}
+	response, err := client.Do(request)
+	if err != nil {
+		return authConfig, err
+	}
+	defer response.Body.Close()
+	defer io.Copy(io.Discard, response.Body)
+
+	if response.StatusCode != http.StatusOK {
+		return authConfig, fmt.Errorf("unexpected status from metadata service: %s", response.Status)
+	}
+
+	var accessToken gceToken
+	decoder := json.NewDecoder(response.Body)
+	if err := decoder.Decode(&accessToken); err != nil {
+		return authConfig, err
+	}
+
+	authConfig = authn.AuthConfig{
+		Username: "oauth2accesstoken",
+		Password: accessToken.AccessToken,
+	}
+	return authConfig, nil
+}
+
+// Login attempts to get the authentication material for GCR. The caller can
+// ensure that the passed image is a valid GCR image using ValidHost().
+func (c *Client) Login(ctx context.Context, autoLogin bool, image string, ref name.Reference) (authn.Authenticator, error) {
+	if autoLogin {
+		log.FromContext(ctx).Info("logging in to GCP GCR for " + image)
+		authConfig, err := c.getLoginAuth(ctx)
+		if err != nil {
+			log.FromContext(ctx).Info("error logging into GCP " + err.Error())
+			return nil, err
+		}
+
+		auth := authn.FromConfig(authConfig)
+		return auth, nil
+	}
+	return nil, fmt.Errorf("GCR authentication failed: %w", oci.ErrUnconfiguredProvider)
+}
+
+// OIDCLogin attempts to get the authentication material for GCR from the token url set in the client.
+func (c *Client) OIDCLogin(ctx context.Context) (authn.Authenticator, error) {
+	authConfig, err := c.getLoginAuth(ctx)
+	if err != nil {
+		log.FromContext(ctx).Info("error logging into GCP " + err.Error())
+		return nil, err
+	}
+
+	auth := authn.FromConfig(authConfig)
+	return auth, nil
+}
diff --git a/pkg/oci/auth/gcp/auth_test.go b/pkg/oci/auth/gcp/auth_test.go
new file mode 100644
index 000000000..afddfb0a0
--- /dev/null
+++ b/pkg/oci/auth/gcp/auth_test.go
@@ -0,0 +1,174 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gcp
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	. "github.com/onsi/gomega"
+)
+
+const testValidGCRImage = "gcr.io/foo/bar:v1"
+
+func TestGetLoginAuth(t *testing.T) {
+	tests := []struct {
+		name           string
+		responseBody   string
+		statusCode     int
+		wantErr        bool
+		wantAuthConfig authn.AuthConfig
+	}{
+		{
+			name: "success",
+			responseBody: `{
+	"access_token": "some-token",
+	"expires_in": 10,
+	"token_type": "foo"
+}`,
+			statusCode: http.StatusOK,
+			wantAuthConfig: authn.AuthConfig{
+				Username: "oauth2accesstoken",
+				Password: "some-token",
+			},
+		},
+		{
+			name:       "fail",
+			statusCode: http.StatusInternalServerError,
+			wantErr:    true,
+		},
+		{
+			name:         "invalid response",
+			responseBody: "foo",
+			statusCode:   http.StatusOK,
+			wantErr:      true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(tt.responseBody))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			gc := NewClient().WithTokenURL(srv.URL)
+			a, err := gc.getLoginAuth(context.TODO())
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+			if tt.statusCode == http.StatusOK {
+				g.Expect(a).To(Equal(tt.wantAuthConfig))
+			}
+		})
+	}
+}
+
+func TestValidHost(t *testing.T) {
+	tests := []struct {
+		host   string
+		result bool
+	}{
+		{"gcr.io", true},
+		{"foo.gcr.io", true},
+		{"foo-docker.pkg.dev", true},
+		{"docker.io", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.host, func(t *testing.T) {
+			g := NewWithT(t)
+			g.Expect(ValidHost(tt.host)).To(Equal(tt.result))
+		})
+	}
+}
+
+func TestLogin(t *testing.T) {
+	tests := []struct {
+		name       string
+		autoLogin  bool
+		image      string
+		statusCode int
+		testOIDC   bool
+		wantErr    bool
+	}{
+		{
+			name:       "no auto login",
+			autoLogin:  false,
+			image:      testValidGCRImage,
+			statusCode: http.StatusOK,
+			wantErr:    true,
+		},
+		{
+			name:       "with auto login",
+			autoLogin:  true,
+			image:      testValidGCRImage,
+			testOIDC:   true,
+			statusCode: http.StatusOK,
+		},
+		{
+			name:       "login failure",
+			autoLogin:  true,
+			image:      testValidGCRImage,
+			statusCode: http.StatusInternalServerError,
+			testOIDC:   true,
+			wantErr:    true,
+		},
+		{
+			name:       "non GCR image",
+			autoLogin:  true,
+			image:      "foo/bar:v1",
+			statusCode: http.StatusOK,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(tt.statusCode)
+				w.Write([]byte(`{"access_token": "some-token","expires_in": 10, "token_type": "foo"}`))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			ref, err := name.ParseReference(tt.image)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			gc := NewClient().WithTokenURL(srv.URL)
+
+			_, err = gc.Login(context.TODO(), tt.autoLogin, tt.image, ref)
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+
+			if tt.testOIDC {
+				_, err = gc.OIDCLogin(context.TODO())
+				g.Expect(err != nil).To(Equal(tt.wantErr))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/auth/login/login.go b/pkg/oci/auth/login/login.go
new file mode 100644
index 000000000..b56bb4627
--- /dev/null
+++ b/pkg/oci/auth/login/login.go
@@ -0,0 +1,159 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package login
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	"github.com/fluxcd/pkg/oci"
+	"github.com/fluxcd/pkg/oci/auth/aws"
+	"github.com/fluxcd/pkg/oci/auth/azure"
+	"github.com/fluxcd/pkg/oci/auth/gcp"
+)
+
+// ImageRegistryProvider analyzes the provided registry and returns the identified
+// container image registry provider.
+func ImageRegistryProvider(url string, ref name.Reference) oci.Provider {
+	// If the url is a repository root address, use it to analyze. Else, derive
+	// the registry from the name reference.
+	// NOTE: This is because name.Reference of a repository root assumes that
+	// the reference is an image name and defaults to using index.docker.io as
+	// the registry host.
+	addr := strings.TrimSuffix(url, "/")
+	if strings.ContainsRune(addr, '/') {
+		addr = ref.Context().RegistryStr()
+	}
+
+	_, _, ok := aws.ParseRegistry(addr)
+	if ok {
+		return oci.ProviderAWS
+	}
+	if gcp.ValidHost(addr) {
+		return oci.ProviderGCP
+	}
+	if azure.ValidHost(addr) {
+		return oci.ProviderAzure
+	}
+	return oci.ProviderGeneric
+}
+
+// ProviderOptions contains options for registry provider login.
+type ProviderOptions struct {
+	// AwsAutoLogin enables automatic attempt to get credentials for images in
+	// ECR.
+	AwsAutoLogin bool
+	// GcpAutoLogin enables automatic attempt to get credentials for images in
+	// GCP.
+	GcpAutoLogin bool
+	// AzureAutoLogin enables automatic attempt to get credentials for images in
+	// ACR.
+	AzureAutoLogin bool
+}
+
+// Manager is a login manager for various registry providers.
+type Manager struct {
+	ecr *aws.Client
+	gcr *gcp.Client
+	acr *azure.Client
+}
+
+// NewManager initializes a Manager with default registry clients
+// configurations.
+func NewManager() *Manager {
+	return &Manager{
+		ecr: aws.NewClient(),
+		gcr: gcp.NewClient(),
+		acr: azure.NewClient(),
+	}
+}
+
+// WithECRClient allows overriding the default ECR client.
+func (m *Manager) WithECRClient(c *aws.Client) *Manager {
+	m.ecr = c
+	return m
+}
+
+// WithGCRClient allows overriding the default GCR client.
+func (m *Manager) WithGCRClient(c *gcp.Client) *Manager {
+	m.gcr = c
+	return m
+}
+
+// WithACRClient allows overriding the default ACR client.
+func (m *Manager) WithACRClient(c *azure.Client) *Manager {
+	m.acr = c
+	return m
+}
+
+// Login performs authentication against a registry and returns the Authenticator.
+// For generic registry provider, it is no-op.
+func (m *Manager) Login(ctx context.Context, url string, ref name.Reference, opts ProviderOptions) (authn.Authenticator, error) {
+	switch ImageRegistryProvider(url, ref) {
+	case oci.ProviderAWS:
+		return m.ecr.Login(ctx, opts.AwsAutoLogin, url)
+	case oci.ProviderGCP:
+		return m.gcr.Login(ctx, opts.GcpAutoLogin, url, ref)
+	case oci.ProviderAzure:
+		return m.acr.Login(ctx, opts.AzureAutoLogin, url, ref)
+	}
+	return nil, nil
+}
+
+// OIDCLogin attempts to get an Authenticator for the provided URL endpoint.
+//
+// If you want to construct an Authenticator based on an image reference,
+// you may want to use Login instead.
+func (m *Manager) OIDCLogin(ctx context.Context, registryURL string, opts ProviderOptions) (authn.Authenticator, error) {
+	u, err := url.Parse(registryURL)
+	if err != nil {
+		return nil, fmt.Errorf("unable to parse registry url: %w", err)
+	}
+
+	provider := ImageRegistryProvider(u.Host, nil)
+	if err != nil {
+		return nil, fmt.Errorf("unable to set up provider: %w", err)
+	}
+
+	switch provider {
+	case oci.ProviderAWS:
+		if !opts.AwsAutoLogin {
+			return nil, fmt.Errorf("ECR authentication failed: %w", oci.ErrUnconfiguredProvider)
+		}
+		log.FromContext(ctx).Info("logging in to AWS ECR for " + u.Host)
+		return m.ecr.OIDCLogin(ctx, u.Host)
+	case oci.ProviderGCP:
+		if !opts.GcpAutoLogin {
+			return nil, fmt.Errorf("GCR authentication failed: %w", oci.ErrUnconfiguredProvider)
+		}
+		log.FromContext(ctx).Info("logging in to GCP GCR for " + u.Host)
+		return m.gcr.OIDCLogin(ctx)
+	case oci.ProviderAzure:
+		if !opts.AzureAutoLogin {
+			return nil, fmt.Errorf("ACR authentication failed: %w", oci.ErrUnconfiguredProvider)
+		}
+		log.FromContext(ctx).Info("logging in to Azure ACR for " + u.Host)
+		return m.acr.OIDCLogin(ctx, fmt.Sprintf("%s://%s", u.Scheme, u.Host))
+	}
+	return nil, nil
+}
diff --git a/pkg/oci/auth/login/login_test.go b/pkg/oci/auth/login/login_test.go
new file mode 100644
index 000000000..b23be1dc9
--- /dev/null
+++ b/pkg/oci/auth/login/login_test.go
@@ -0,0 +1,163 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package login
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	awssdk "github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/google/go-containerregistry/pkg/name"
+	. "github.com/onsi/gomega"
+
+	"github.com/fluxcd/pkg/oci"
+	"github.com/fluxcd/pkg/oci/auth/aws"
+	"github.com/fluxcd/pkg/oci/auth/azure"
+	"github.com/fluxcd/pkg/oci/auth/gcp"
+)
+
+func TestImageRegistryProvider(t *testing.T) {
+	tests := []struct {
+		name  string
+		image string
+		want  oci.Provider
+	}{
+		{"ecr", "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1", oci.ProviderAWS},
+		{"ecr-root", "012345678901.dkr.ecr.us-east-1.amazonaws.com", oci.ProviderAWS},
+		{"ecr-root with slash", "012345678901.dkr.ecr.us-east-1.amazonaws.com/", oci.ProviderAWS},
+		{"gcr", "gcr.io/foo/bar:v1", oci.ProviderGCP},
+		{"gcr-root", "gcr.io", oci.ProviderGCP},
+		{"acr", "foo.azurecr.io/bar:v1", oci.ProviderAzure},
+		{"acr-root", "foo.azurecr.io", oci.ProviderAzure},
+		{"docker.io", "foo/bar:v1", oci.ProviderGeneric},
+		{"docker.io-root", "docker.io", oci.ProviderGeneric},
+		{"library", "alpine", oci.ProviderGeneric},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			// Trim suffix to allow parsing it as reference without modifying
+			// the given image address.
+			ref, err := name.ParseReference(strings.TrimSuffix(tt.image, "/"))
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(ImageRegistryProvider(tt.image, ref)).To(Equal(tt.want))
+		})
+	}
+}
+
+func TestLogin(t *testing.T) {
+	tests := []struct {
+		name         string
+		responseBody string
+		statusCode   int
+		providerOpts ProviderOptions
+		beforeFunc   func(serverURL string, mgr *Manager, image *string)
+		wantErr      bool
+	}{
+		{
+			name:         "ecr",
+			responseBody: `{"authorizationData": [{"authorizationToken": "c29tZS1rZXk6c29tZS1zZWNyZXQ="}]}`,
+			providerOpts: ProviderOptions{AwsAutoLogin: true},
+			beforeFunc: func(serverURL string, mgr *Manager, image *string) {
+				// Create ECR client and configure the manager.
+				ecrClient := aws.NewClient()
+				cfg := awssdk.NewConfig()
+				cfg.EndpointResolverWithOptions = awssdk.EndpointResolverWithOptionsFunc(
+					func(service, region string, options ...interface{}) (awssdk.Endpoint, error) {
+						return awssdk.Endpoint{URL: serverURL}, nil
+					})
+				cfg.Credentials = credentials.NewStaticCredentialsProvider("x", "y", "z")
+				ecrClient.WithConfig(cfg)
+
+				mgr.WithECRClient(ecrClient)
+
+				*image = "012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1"
+			},
+		},
+		{
+			name:         "gcr",
+			responseBody: `{"access_token": "some-token","expires_in": 10, "token_type": "foo"}`,
+			providerOpts: ProviderOptions{GcpAutoLogin: true},
+			beforeFunc: func(serverURL string, mgr *Manager, image *string) {
+				// Create GCR client and configure the manager.
+				gcrClient := gcp.NewClient().WithTokenURL(serverURL)
+				mgr.WithGCRClient(gcrClient)
+
+				*image = "gcr.io/foo/bar:v1"
+			},
+		},
+		{
+			name:         "acr",
+			responseBody: `{"refresh_token": "bbbbb"}`,
+			providerOpts: ProviderOptions{AzureAutoLogin: true},
+			beforeFunc: func(serverURL string, mgr *Manager, image *string) {
+				acrClient := azure.NewClient().WithTokenCredential(&azure.FakeTokenCredential{Token: "foo"}).WithScheme("http")
+				mgr.WithACRClient(acrClient)
+
+				*image = "foo.azurecr.io/bar:v1"
+			},
+			// NOTE: This fails because the azure exchanger uses the image host
+			// to exchange token which can't be modified here without
+			// interfering image name based categorization of the login
+			// provider, that's actually being tested here. This is tested in
+			// detail in the azure package.
+			wantErr: true,
+		},
+		{
+			name:         "generic",
+			providerOpts: ProviderOptions{},
+			beforeFunc: func(serverURL string, mgr *Manager, image *string) {
+				*image = "foo/bar:v1"
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			// Create test server.
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusOK)
+				w.Write([]byte(tt.responseBody))
+			}
+			srv := httptest.NewServer(http.HandlerFunc(handler))
+			t.Cleanup(func() {
+				srv.Close()
+			})
+
+			mgr := NewManager()
+			var image string
+
+			if tt.beforeFunc != nil {
+				tt.beforeFunc(srv.URL, mgr, &image)
+			}
+
+			ref, err := name.ParseReference(image)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			_, err = mgr.Login(context.TODO(), image, ref, tt.providerOpts)
+			g.Expect(err != nil).To(Equal(tt.wantErr))
+		})
+	}
+}
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
new file mode 100644
index 000000000..e9f010aa0
--- /dev/null
+++ b/pkg/oci/client/build.go
@@ -0,0 +1,163 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/fluxcd/pkg/oci/client/internal/fs"
+	"github.com/fluxcd/pkg/sourceignore"
+)
+
+// Build archives the given directory as a tarball to the given local path.
+// While archiving, any environment specific data (for example, the user and group name) is stripped from file headers.
+func (c *Client) Build(artifactPath, sourceDir string, ignorePaths []string) (err error) {
+	absDir, err := filepath.Abs(sourceDir)
+	if err != nil {
+		return err
+	}
+
+	dirStat, err := os.Stat(absDir)
+	if os.IsNotExist(err) {
+		return fmt.Errorf("invalid source dir path: %s", absDir)
+	}
+
+	tf, err := os.CreateTemp(filepath.Split(absDir))
+	if err != nil {
+		return err
+	}
+	tmpName := tf.Name()
+	defer func() {
+		if err != nil {
+			os.Remove(tmpName)
+		}
+	}()
+
+	ignore := strings.Join(ignorePaths, "\n")
+	domain := strings.Split(filepath.Clean(absDir), string(filepath.Separator))
+	ps := sourceignore.ReadPatterns(strings.NewReader(ignore), domain)
+	matcher := sourceignore.NewMatcher(ps)
+	filter := func(p string, fi os.FileInfo) bool {
+		return matcher.Match(strings.Split(p, string(filepath.Separator)), fi.IsDir())
+	}
+
+	sz := &writeCounter{}
+	mw := io.MultiWriter(tf, sz)
+
+	gw := gzip.NewWriter(mw)
+	tw := tar.NewWriter(gw)
+	if err := filepath.Walk(absDir, func(p string, fi os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Ignore anything that is not a file or directories e.g. symlinks
+		if m := fi.Mode(); !(m.IsRegular() || m.IsDir()) {
+			return nil
+		}
+
+		if len(ignorePaths) > 0 && filter(p, fi) {
+			return nil
+		}
+
+		header, err := tar.FileInfoHeader(fi, p)
+		if err != nil {
+			return err
+		}
+		if dirStat.IsDir() {
+			// The name needs to be modified to maintain directory structure
+			// as tar.FileInfoHeader only has access to the base name of the file.
+			// Ref: https://golang.org/src/archive/tar/common.go?#L6264
+			//
+			// we only want to do this if a directory was passed in
+			relFilePath, err := filepath.Rel(absDir, p)
+			if err != nil {
+				return err
+			}
+			// Normalize file path so it works on windows
+			header.Name = filepath.ToSlash(relFilePath)
+		}
+
+		// Remove any environment specific data.
+		header.Gid = 0
+		header.Uid = 0
+		header.Uname = ""
+		header.Gname = ""
+		header.ModTime = time.Time{}
+		header.AccessTime = time.Time{}
+		header.ChangeTime = time.Time{}
+
+		if err := tw.WriteHeader(header); err != nil {
+			return err
+		}
+
+		if !fi.Mode().IsRegular() {
+			return nil
+		}
+		f, err := os.Open(p)
+		if err != nil {
+			f.Close()
+			return err
+		}
+		if _, err := io.Copy(tw, f); err != nil {
+			f.Close()
+			return err
+		}
+		return f.Close()
+	}); err != nil {
+		tw.Close()
+		gw.Close()
+		tf.Close()
+		return err
+	}
+
+	if err := tw.Close(); err != nil {
+		gw.Close()
+		tf.Close()
+		return err
+	}
+	if err := gw.Close(); err != nil {
+		tf.Close()
+		return err
+	}
+	if err := tf.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Chmod(tmpName, 0o640); err != nil {
+		return err
+	}
+
+	return fs.RenameWithFallback(tmpName, artifactPath)
+}
+
+type writeCounter struct {
+	written int64
+}
+
+func (wc *writeCounter) Write(p []byte) (int, error) {
+	n := len(p)
+	wc.written += int64(n)
+	return n, nil
+}
diff --git a/pkg/oci/client/build_test.go b/pkg/oci/client/build_test.go
new file mode 100644
index 000000000..233db8744
--- /dev/null
+++ b/pkg/oci/client/build_test.go
@@ -0,0 +1,160 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/fluxcd/pkg/tar"
+	. "github.com/onsi/gomega"
+)
+
+func TestBuild(t *testing.T) {
+	g := NewWithT(t)
+	c := NewClient(DefaultOptions())
+
+	absPath := fmt.Sprintf("%s/deployment.yaml", t.TempDir())
+	err := copyFile(absPath, "testdata/artifact/deployment.yaml")
+	g.Expect(err).To(BeNil())
+
+	absDir, err := filepath.Abs("testdata/artifact")
+	g.Expect(err).To(BeNil())
+
+	tests := []struct {
+		name       string
+		path       string
+		testDir    string
+		ignorePath []string
+		expectErr  bool
+		checkPaths []string
+	}{
+		{
+			name:      "non-existent path",
+			path:      "testdata/non-existent",
+			expectErr: true,
+		},
+		{
+			name:       "existing path",
+			path:       "testdata/artifact",
+			ignorePath: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+			checkPaths: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+		},
+		{
+			name:       "absolute directory path",
+			path:       absDir,
+			ignorePath: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+			checkPaths: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+		},
+		{
+			name:       "existing path with leading slash",
+			path:       "./testdata/artifact",
+			ignorePath: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+			checkPaths: []string{"ignore.txt", "ignore-dir/", "!/deploy", "somedir/git"},
+		},
+		{
+			name:       "current directory",
+			path:       ".",
+			ignorePath: []string{"/*", "!/internal"},
+			checkPaths: []string{"/testdata", "!internal/", "build.go", "meta.go"},
+		},
+		{
+			name:       "relative file path",
+			path:       "testdata/artifact/deployment.yaml",
+			testDir:    "./",
+			checkPaths: []string{"!deployment.yaml"},
+		},
+		{
+			name:       "absolute file path",
+			path:       absPath,
+			testDir:    "./",
+			checkPaths: []string{"!deployment.yaml"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			tmpDir := t.TempDir()
+			artifactPath := filepath.Join(tmpDir, "files.tar.gz")
+
+			err := c.Build(artifactPath, tt.path, tt.ignorePath)
+			if tt.expectErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+
+			g.Expect(err).To(Not(HaveOccurred()))
+
+			_, err = os.Stat(artifactPath)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			b, err := os.ReadFile(artifactPath)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			untarDir := t.TempDir()
+			err = tar.Untar(bytes.NewReader(b), untarDir, tar.WithMaxUntarSize(-1))
+			g.Expect(err).To(BeNil())
+
+			checkPath(g, untarDir, tt.checkPaths)
+		})
+	}
+}
+
+// checkPath takes a directory and an array of files as its argument. For each item in the array, if a file name in the list
+// is prefixed with an exclamation mark (!), it checks that the filepath exists else it checks that is doesn't exist.
+func checkPath(g *WithT, dir string, paths []string) {
+	g.THelper()
+
+	for _, path := range paths {
+		var shouldExist bool
+		if strings.HasPrefix(path, "!") {
+			shouldExist = true
+			path = path[1:]
+		}
+
+		fullPath := filepath.Join(dir, path)
+		_, err := os.Stat(fullPath)
+		if shouldExist {
+			g.Expect(err).To(BeNil())
+			continue
+		}
+		g.Expect(err).ToNot(BeNil())
+		g.Expect(os.IsNotExist(err)).To(BeTrue())
+	}
+}
+
+func copyFile(dst, src string) error {
+	f, err := os.Create(dst)
+	if err != nil {
+		return fmt.Errorf("unable to create file: %w", err)
+	}
+
+	source, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer source.Close()
+
+	_, err = io.Copy(f, source)
+	return err
+}
diff --git a/pkg/oci/client/client.go b/pkg/oci/client/client.go
new file mode 100644
index 000000000..b3cd257a0
--- /dev/null
+++ b/pkg/oci/client/client.go
@@ -0,0 +1,66 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+// Client holds the options for accessing remote OCI registries.
+type Client struct {
+	options []crane.Option
+}
+
+// NewClient returns an OCI client configured with the given crane options.
+func NewClient(opts []crane.Option) *Client {
+	options := []crane.Option{
+		crane.WithUserAgent(oci.UserAgent),
+	}
+	options = append(options, opts...)
+
+	return &Client{options: options}
+}
+
+// DefaultOptions returns an empty list of client options.
+func DefaultOptions() []crane.Option {
+	return []crane.Option{}
+}
+
+// GetOptions returns the list of crane.Option used by this Client.
+func (c *Client) GetOptions() []crane.Option {
+	return c.options
+}
+
+// optionsWithContext returns the crane options for the given context.
+func (c *Client) optionsWithContext(ctx context.Context) []crane.Option {
+	options := []crane.Option{
+		crane.WithContext(ctx),
+	}
+	return append(options, c.options...)
+}
+
+// WithRetryBackOff returns a function for setting the given backoff on crane.Option.
+func WithRetryBackOff(backoff remote.Backoff) crane.Option {
+	return func(options *crane.Options) {
+		options.Remote = append(options.Remote, remote.WithRetryBackoff(backoff))
+	}
+}
diff --git a/pkg/oci/client/delete.go b/pkg/oci/client/delete.go
new file mode 100644
index 000000000..a6b771abb
--- /dev/null
+++ b/pkg/oci/client/delete.go
@@ -0,0 +1,35 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// Delete deletes a particular image from an OCI repository
+// If the url has no tag, the latest image is deleted
+func (c *Client) Delete(ctx context.Context, url string) error {
+	_, err := name.ParseReference(url)
+	if err != nil {
+		return fmt.Errorf("invalid URL: %w", err)
+	}
+
+	return crane.Delete(url, c.optionsWithContext(ctx)...)
+}
diff --git a/pkg/oci/client/delete_test.go b/pkg/oci/client/delete_test.go
new file mode 100644
index 000000000..aed4c839b
--- /dev/null
+++ b/pkg/oci/client/delete_test.go
@@ -0,0 +1,91 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/go-containerregistry/pkg/crane"
+	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/random"
+	. "github.com/onsi/gomega"
+	"testing"
+	"time"
+)
+
+func TestDelete(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	repo := "test-delete" + randStringRunes(5)
+	tags := []string{"v0.0.1", "v0.0.2", "v0.0.3", "latest"}
+	source := "github.com/fluxcd/fluxv2"
+	rev := "rev"
+	ct := time.Now()
+	m := Metadata{
+		Source:   source,
+		Revision: rev,
+		Created:  ct.Format(time.RFC3339),
+	}
+
+	for _, tag := range tags {
+		dst := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
+		img, err := random.Image(1024, 1)
+		g.Expect(err).ToNot(HaveOccurred())
+		img = mutate.Annotations(img, m.ToAnnotations()).(gcrv1.Image)
+		err = crane.Push(img, dst, c.options...)
+		g.Expect(err).ToNot(HaveOccurred())
+	}
+
+	tests := []struct {
+		name        string
+		url         string
+		expectedErr bool
+		checkTags   []string
+	}{
+		{
+			name:      "delete with no tag (defaults to latest)",
+			url:       fmt.Sprintf("%s/%s", dockerReg, repo),
+			checkTags: []string{"latest"},
+		},
+		{
+			name:      "delete tag",
+			url:       fmt.Sprintf("%s/%s:v0.0.1", dockerReg, repo),
+			checkTags: []string{"v0.0.1"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			err := c.Delete(ctx, tt.url)
+			if tt.expectedErr {
+				g.Expect(err).ToNot(BeNil())
+				return
+			}
+
+			g.Expect(err).To(BeNil())
+
+			for _, tag := range tt.checkTags {
+				_, err = crane.Pull(fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag))
+				g.Expect(err).ToNot(BeNil())
+				g.Expect(err.Error()).To(ContainSubstring("manifest unknown"))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/client/diff.go b/pkg/oci/client/diff.go
new file mode 100644
index 000000000..6ca2bda56
--- /dev/null
+++ b/pkg/oci/client/diff.go
@@ -0,0 +1,99 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// Diff compares the files included in an OCI image with the local files in the given path
+// and returns an error if the contents is different
+func (c *Client) Diff(ctx context.Context, url, dir string, ignorePaths []string) error {
+	_, err := name.ParseReference(url)
+	if err != nil {
+		return fmt.Errorf("invalid URL: %w", err)
+	}
+
+	tmpBuildDir, err := os.MkdirTemp("", "ocibuild")
+	if err != nil {
+		return fmt.Errorf("creating temp build dir failed: %w", err)
+	}
+	defer os.RemoveAll(tmpBuildDir)
+
+	tmpFile := filepath.Join(tmpBuildDir, "artifact.tgz")
+
+	if err := c.Build(tmpFile, dir, ignorePaths); err != nil {
+		return fmt.Errorf("building artifact failed: %w", err)
+	}
+
+	f, err := os.Open(tmpFile)
+	if err != nil {
+		return fmt.Errorf("opening artifact failed: %w", err)
+	}
+	defer f.Close()
+
+	fstat, err := f.Stat()
+	if err != nil {
+		return fmt.Errorf("failed to get file stats: %w", err)
+	}
+
+	h1 := sha256.New()
+	if _, err := io.Copy(h1, f); err != nil {
+		return fmt.Errorf("calculating artifact hash failed: %w", err)
+	}
+
+	img, err := crane.Pull(url, c.optionsWithContext(ctx)...)
+	if err != nil {
+		return err
+	}
+
+	layers, err := img.Layers()
+	if err != nil {
+		return fmt.Errorf("failed to list layers: %w", err)
+	}
+
+	if len(layers) < 1 {
+		return fmt.Errorf("no layers found in artifact")
+	}
+
+	l0 := layers[0]
+
+	h, err := l0.Digest()
+	if err != nil {
+		return fmt.Errorf("failed to get layer digest: %w", err)
+	}
+
+	s, err := l0.Size()
+	if err != nil {
+		return fmt.Errorf("failed to get layer size: %w", err)
+	}
+
+	if hex.EncodeToString(h1.Sum(nil)) != h.Hex || fstat.Size() != s {
+		return fmt.Errorf("the remote artifact contents differs from the local one")
+	}
+
+	return nil
+}
diff --git a/pkg/oci/client/diff_test.go b/pkg/oci/client/diff_test.go
new file mode 100644
index 000000000..3f71dba66
--- /dev/null
+++ b/pkg/oci/client/diff_test.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+
+	_ "github.com/google/go-containerregistry/pkg/crane"
+	. "github.com/onsi/gomega"
+)
+
+func TestClient_Diff(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	tag := "v0.0.1"
+	repo := "test-push" + randStringRunes(5)
+
+	url := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
+	metadata := Metadata{
+		Source:   "github.com/fluxcd/flux2",
+		Revision: "rev",
+	}
+
+	testDir := "testdata/artifact"
+	_, err := c.Push(ctx, url, testDir, metadata, nil)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	err = c.Diff(ctx, url, testDir, nil)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	tmpBuildDir, err := os.MkdirTemp("", "oci")
+	g.Expect(err).ToNot(HaveOccurred())
+	defer os.RemoveAll(tmpBuildDir)
+
+	g.Expect(os.WriteFile(filepath.Join(tmpBuildDir, "test.txt"), []byte("test"), 0o600)).ToNot(HaveOccurred())
+
+	newTag := "v0.0.2"
+	url = fmt.Sprintf("%s/%s:%s", dockerReg, repo, newTag)
+
+	_, err = c.Push(ctx, url, tmpBuildDir, metadata, nil)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	err = c.Diff(ctx, url, testDir, nil)
+	g.Expect(err).To(HaveOccurred())
+	g.Expect(err).To(MatchError("the remote artifact contents differs from the local one"))
+}
diff --git a/pkg/oci/client/internal/fs/LICENSE b/pkg/oci/client/internal/fs/LICENSE
new file mode 100644
index 000000000..a2dd15faf
--- /dev/null
+++ b/pkg/oci/client/internal/fs/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2014 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/oci/client/internal/fs/fs.go b/pkg/oci/client/internal/fs/fs.go
new file mode 100644
index 000000000..21cf96e69
--- /dev/null
+++ b/pkg/oci/client/internal/fs/fs.go
@@ -0,0 +1,345 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fs
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+	"syscall"
+)
+
+// RenameWithFallback attempts to rename a file or directory, but falls back to
+// copying in the event of a cross-device link error. If the fallback copy
+// succeeds, src is still removed, emulating normal rename behavior.
+func RenameWithFallback(src, dst string) error {
+	_, err := os.Stat(src)
+	if err != nil {
+		return fmt.Errorf("cannot stat %s: %w", src, err)
+	}
+
+	err = os.Rename(src, dst)
+	if err == nil {
+		return nil
+	}
+
+	return renameFallback(err, src, dst)
+}
+
+// renameByCopy attempts to rename a file or directory by copying it to the
+// destination and then removing the src thus emulating the rename behavior.
+func renameByCopy(src, dst string) error {
+	var cerr error
+	if dir, _ := IsDir(src); dir {
+		cerr = CopyDir(src, dst)
+		if cerr != nil {
+			cerr = fmt.Errorf("copying directory failed: %w", cerr)
+		}
+	} else {
+		cerr = copyFile(src, dst)
+		if cerr != nil {
+			cerr = fmt.Errorf("copying file failed: %w", cerr)
+		}
+	}
+
+	if cerr != nil {
+		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, cerr)
+	}
+
+	if err := os.RemoveAll(src); err != nil {
+		return fmt.Errorf("cannot delete %s: %w", src, err)
+	}
+
+	return nil
+}
+
+var (
+	errSrcNotDir = errors.New("source is not a directory")
+	errDstExist  = errors.New("destination already exists")
+)
+
+// CopyDir recursively copies a directory tree, attempting to preserve permissions.
+// Source directory must exist, destination directory must *not* exist.
+func CopyDir(src, dst string) error {
+	src = filepath.Clean(src)
+	dst = filepath.Clean(dst)
+
+	// We use os.Lstat() here to ensure we don't fall in a loop where a symlink
+	// actually links to a one of its parent directories.
+	fi, err := os.Lstat(src)
+	if err != nil {
+		return err
+	}
+	if !fi.IsDir() {
+		return errSrcNotDir
+	}
+
+	_, err = os.Stat(dst)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	if err == nil {
+		return errDstExist
+	}
+
+	if err = os.MkdirAll(dst, fi.Mode()); err != nil {
+		return fmt.Errorf("cannot mkdir %s: %w", dst, err)
+	}
+
+	entries, err := os.ReadDir(src)
+	if err != nil {
+		return fmt.Errorf("cannot read directory %s: %w", dst, err)
+	}
+
+	for _, entry := range entries {
+		srcPath := filepath.Join(src, entry.Name())
+		dstPath := filepath.Join(dst, entry.Name())
+
+		if entry.IsDir() {
+			if err = CopyDir(srcPath, dstPath); err != nil {
+				return fmt.Errorf("copying directory failed: %w", err)
+			}
+		} else {
+			// This will include symlinks, which is what we want when
+			// copying things.
+			if err = copyFile(srcPath, dstPath); err != nil {
+				return fmt.Errorf("copying file failed: %w", err)
+			}
+		}
+	}
+
+	return nil
+}
+
+// copyFile copies the contents of the file named src to the file named
+// by dst. The file will be created if it does not already exist. If the
+// destination file exists, all its contents will be replaced by the contents
+// of the source file. The file mode will be copied from the source.
+func copyFile(src, dst string) (err error) {
+	if sym, err := IsSymlink(src); err != nil {
+		return fmt.Errorf("symlink check failed: %w", err)
+	} else if sym {
+		if err := cloneSymlink(src, dst); err != nil {
+			if runtime.GOOS == "windows" {
+				// If cloning the symlink fails on Windows because the user
+				// does not have the required privileges, ignore the error and
+				// fall back to copying the file contents.
+				//
+				// ERROR_PRIVILEGE_NOT_HELD is 1314 (0x522):
+				// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
+				if lerr, ok := err.(*os.LinkError); ok && lerr.Err != syscall.Errno(1314) {
+					return err
+				}
+			} else {
+				return err
+			}
+		} else {
+			return nil
+		}
+	}
+
+	in, err := os.Open(src)
+	if err != nil {
+		return
+	}
+	defer in.Close()
+
+	out, err := os.Create(dst)
+	if err != nil {
+		return
+	}
+
+	if _, err = io.Copy(out, in); err != nil {
+		out.Close()
+		return
+	}
+
+	// Check for write errors on Close
+	if err = out.Close(); err != nil {
+		return
+	}
+
+	si, err := os.Stat(src)
+	if err != nil {
+		return
+	}
+
+	// Temporary fix for Go < 1.9
+	//
+	// See: https://github.com/golang/dep/issues/774
+	// and https://github.com/golang/go/issues/20829
+	if runtime.GOOS == "windows" {
+		dst = fixLongPath(dst)
+	}
+	err = os.Chmod(dst, si.Mode())
+
+	return
+}
+
+// cloneSymlink will create a new symlink that points to the resolved path of sl.
+// If sl is a relative symlink, dst will also be a relative symlink.
+func cloneSymlink(sl, dst string) error {
+	resolved, err := os.Readlink(sl)
+	if err != nil {
+		return err
+	}
+
+	return os.Symlink(resolved, dst)
+}
+
+// IsDir determines is the path given is a directory or not.
+func IsDir(name string) (bool, error) {
+	fi, err := os.Stat(name)
+	if err != nil {
+		return false, err
+	}
+	if !fi.IsDir() {
+		return false, fmt.Errorf("%q is not a directory", name)
+	}
+	return true, nil
+}
+
+// IsSymlink determines if the given path is a symbolic link.
+func IsSymlink(path string) (bool, error) {
+	l, err := os.Lstat(path)
+	if err != nil {
+		return false, err
+	}
+
+	return l.Mode()&os.ModeSymlink == os.ModeSymlink, nil
+}
+
+// fixLongPath returns the extended-length (\\?\-prefixed) form of
+// path when needed, in order to avoid the default 260 character file
+// path limit imposed by Windows. If path is not easily converted to
+// the extended-length form (for example, if path is a relative path
+// or contains .. elements), or is short enough, fixLongPath returns
+// path unmodified.
+//
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
+func fixLongPath(path string) string {
+	// Do nothing (and don't allocate) if the path is "short".
+	// Empirically (at least on the Windows Server 2013 builder),
+	// the kernel is arbitrarily okay with < 248 bytes. That
+	// matches what the docs above say:
+	// "When using an API to create a directory, the specified
+	// path cannot be so long that you cannot append an 8.3 file
+	// name (that is, the directory name cannot exceed MAX_PATH
+	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
+	//
+	// The MSDN docs appear to say that a normal path that is 248 bytes long
+	// will work; empirically the path must be less then 248 bytes long.
+	if len(path) < 248 {
+		// Don't fix. (This is how Go 1.7 and earlier worked,
+		// not automatically generating the \\?\ form)
+		return path
+	}
+
+	// The extended form begins with \\?\, as in
+	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
+	// The extended form disables evaluation of . and .. path
+	// elements and disables the interpretation of / as equivalent
+	// to \. The conversion here rewrites / to \ and elides
+	// . elements as well as trailing or duplicate separators. For
+	// simplicity it avoids the conversion entirely for relative
+	// paths or paths containing .. elements. For now,
+	// \\server\share paths are not converted to
+	// \\?\UNC\server\share paths because the rules for doing so
+	// are less well-specified.
+	if len(path) >= 2 && path[:2] == `\\` {
+		// Don't canonicalize UNC paths.
+		return path
+	}
+	if !isAbs(path) {
+		// Relative path
+		return path
+	}
+
+	const prefix = `\\?`
+
+	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
+	copy(pathbuf, prefix)
+	n := len(path)
+	r, w := 0, len(prefix)
+	for r < n {
+		switch {
+		case os.IsPathSeparator(path[r]):
+			// empty block
+			r++
+		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
+			// /./
+			r++
+		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
+			// /../ is currently unhandled
+			return path
+		default:
+			pathbuf[w] = '\\'
+			w++
+			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
+				pathbuf[w] = path[r]
+				w++
+			}
+		}
+	}
+	// A drive's root directory needs a trailing \
+	if w == len(`\\?\c:`) {
+		pathbuf[w] = '\\'
+		w++
+	}
+	return string(pathbuf[:w])
+}
+
+func isAbs(path string) (b bool) {
+	v := volumeName(path)
+	if v == "" {
+		return false
+	}
+	path = path[len(v):]
+	if path == "" {
+		return false
+	}
+	return os.IsPathSeparator(path[0])
+}
+
+func volumeName(path string) (v string) {
+	if len(path) < 2 {
+		return ""
+	}
+	// with drive letter
+	c := path[0]
+	if path[1] == ':' &&
+		('0' <= c && c <= '9' || 'a' <= c && c <= 'z' ||
+			'A' <= c && c <= 'Z') {
+		return path[:2]
+	}
+	// is it UNC
+	if l := len(path); l >= 5 && os.IsPathSeparator(path[0]) && os.IsPathSeparator(path[1]) &&
+		!os.IsPathSeparator(path[2]) && path[2] != '.' {
+		// first, leading `\\` and next shouldn't be `\`. its server name.
+		for n := 3; n < l-1; n++ {
+			// second, next '\' shouldn't be repeated.
+			if os.IsPathSeparator(path[n]) {
+				n++
+				// third, following something characters. its share name.
+				if !os.IsPathSeparator(path[n]) {
+					if path[n] == '.' {
+						break
+					}
+					for ; n < l; n++ {
+						if os.IsPathSeparator(path[n]) {
+							break
+						}
+					}
+					return path[:n]
+				}
+				break
+			}
+		}
+	}
+	return ""
+}
diff --git a/pkg/oci/client/internal/fs/fs_test.go b/pkg/oci/client/internal/fs/fs_test.go
new file mode 100644
index 000000000..55173122c
--- /dev/null
+++ b/pkg/oci/client/internal/fs/fs_test.go
@@ -0,0 +1,625 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sync"
+	"testing"
+)
+
+var (
+	mu sync.Mutex
+)
+
+func TestMain(m *testing.M) {
+	symlinks := []struct {
+		oldPath string
+		newPath string
+	}{
+		{
+			oldPath: "C:/Users/fluxcd/go/src/github.com/golang/dep/internal/fs/testdata/test.file",
+			newPath: "testdata/symlinks/windows-file-symlink",
+		},
+		{
+			oldPath: "/non/existing/file",
+			newPath: "testdata/symlinks/invalid-symlink",
+		},
+		{
+			oldPath: "../test.file",
+			newPath: "testdata/symlinks/file-symlink",
+		},
+		{
+			oldPath: "../../testdata",
+			newPath: "testdata/symlinks/dir-symlink",
+		},
+	}
+
+	os.MkdirAll("testdata/symlinks", 0o755)
+
+	for _, sl := range symlinks {
+		err := os.Symlink(sl.oldPath, sl.newPath)
+		if err != nil {
+			panic(fmt.Errorf("failed to create symlink: %v", err))
+		}
+	}
+
+	code := m.Run()
+
+	if err := os.RemoveAll("testdata/symlinks"); err != nil {
+		panic(fmt.Errorf("failed to remove symlink directory: %v", err))
+	}
+
+	os.Exit(code)
+}
+
+func TestRenameWithFallback(t *testing.T) {
+	dir := t.TempDir()
+
+	if err := RenameWithFallback(filepath.Join(dir, "does_not_exists"), filepath.Join(dir, "dst")); err == nil {
+		t.Fatal("expected an error for non existing file, but got nil")
+	}
+
+	srcpath := filepath.Join(dir, "src")
+
+	if srcf, err := os.Create(srcpath); err != nil {
+		t.Fatal(err)
+	} else {
+		srcf.Close()
+	}
+
+	if err := RenameWithFallback(srcpath, filepath.Join(dir, "dst")); err != nil {
+		t.Fatal(err)
+	}
+
+	srcpath = filepath.Join(dir, "a")
+	if err := os.MkdirAll(srcpath, 0o770); err != nil {
+		t.Fatal(err)
+	}
+
+	dstpath := filepath.Join(dir, "b")
+	if err := os.MkdirAll(dstpath, 0o770); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := RenameWithFallback(srcpath, dstpath); err == nil {
+		t.Fatal("expected an error if dst is an existing directory, but got nil")
+	}
+}
+
+func TestCopyDir(t *testing.T) {
+	dir := t.TempDir()
+
+	srcdir := filepath.Join(dir, "src")
+	if err := os.MkdirAll(srcdir, 0o750); err != nil {
+		t.Fatal(err)
+	}
+
+	files := []struct {
+		path     string
+		contents string
+		fi       os.FileInfo
+	}{
+		{path: "myfile", contents: "hello world"},
+		{path: filepath.Join("subdir", "file"), contents: "subdir file"},
+	}
+
+	// Create structure indicated in 'files'
+	for i, file := range files {
+		fn := filepath.Join(srcdir, file.path)
+		dn := filepath.Dir(fn)
+		if err := os.MkdirAll(dn, 0o750); err != nil {
+			t.Fatal(err)
+		}
+
+		fh, err := os.Create(fn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if _, err = fh.Write([]byte(file.contents)); err != nil {
+			t.Fatal(err)
+		}
+		fh.Close()
+
+		files[i].fi, err = os.Stat(fn)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	destdir := filepath.Join(dir, "dest")
+	if err := CopyDir(srcdir, destdir); err != nil {
+		t.Fatal(err)
+	}
+
+	// Compare copy against structure indicated in 'files'
+	for _, file := range files {
+		fn := filepath.Join(srcdir, file.path)
+		dn := filepath.Dir(fn)
+		dirOK, err := IsDir(dn)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !dirOK {
+			t.Fatalf("expected %s to be a directory", dn)
+		}
+
+		got, err := os.ReadFile(fn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if file.contents != string(got) {
+			t.Fatalf("expected: %s, got: %s", file.contents, string(got))
+		}
+
+		gotinfo, err := os.Stat(fn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if file.fi.Mode() != gotinfo.Mode() {
+			t.Fatalf("expected %s: %#v\n to be the same mode as %s: %#v",
+				file.path, file.fi.Mode(), fn, gotinfo.Mode())
+		}
+	}
+}
+
+func TestCopyDirFail_SrcInaccessible(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// XXX: setting permissions works differently in
+		// Microsoft Windows. Skipping this this until a
+		// compatible implementation is provided.
+		t.Skip("skipping on windows")
+	}
+
+	var srcdir, dstdir string
+
+	setupInaccessibleDir(t, func(dir string) error {
+		srcdir = filepath.Join(dir, "src")
+		return os.MkdirAll(srcdir, 0o750)
+	})
+
+	dir := t.TempDir()
+
+	dstdir = filepath.Join(dir, "dst")
+	if err := CopyDir(srcdir, dstdir); err == nil {
+		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
+	}
+}
+
+func TestCopyDirFail_DstInaccessible(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// XXX: setting permissions works differently in
+		// Microsoft Windows. Skipping this this until a
+		// compatible implementation is provided.
+		t.Skip("skipping on windows")
+	}
+
+	var srcdir, dstdir string
+
+	dir := t.TempDir()
+
+	srcdir = filepath.Join(dir, "src")
+	if err := os.MkdirAll(srcdir, 0o750); err != nil {
+		t.Fatal(err)
+	}
+
+	setupInaccessibleDir(t, func(dir string) error {
+		dstdir = filepath.Join(dir, "dst")
+		return nil
+	})
+
+	if err := CopyDir(srcdir, dstdir); err == nil {
+		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
+	}
+}
+
+func TestCopyDirFail_SrcIsNotDir(t *testing.T) {
+	var srcdir, dstdir string
+
+	dir := t.TempDir()
+
+	srcdir = filepath.Join(dir, "src")
+	if _, err := os.Create(srcdir); err != nil {
+		t.Fatal(err)
+	}
+
+	dstdir = filepath.Join(dir, "dst")
+
+	err := CopyDir(srcdir, dstdir)
+	if err == nil {
+		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
+	}
+
+	if err != errSrcNotDir {
+		t.Fatalf("expected %v error for CopyDir(%s, %s), got %s", errSrcNotDir, srcdir, dstdir, err)
+	}
+
+}
+
+func TestCopyDirFail_DstExists(t *testing.T) {
+	var srcdir, dstdir string
+
+	dir := t.TempDir()
+
+	srcdir = filepath.Join(dir, "src")
+	if err := os.MkdirAll(srcdir, 0o750); err != nil {
+		t.Fatal(err)
+	}
+
+	dstdir = filepath.Join(dir, "dst")
+	if err := os.MkdirAll(dstdir, 0o750); err != nil {
+		t.Fatal(err)
+	}
+
+	err := CopyDir(srcdir, dstdir)
+	if err == nil {
+		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
+	}
+
+	if err != errDstExist {
+		t.Fatalf("expected %v error for CopyDir(%s, %s), got %s", errDstExist, srcdir, dstdir, err)
+	}
+}
+
+func TestCopyDirFailOpen(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// XXX: setting permissions works differently in
+		// Microsoft Windows. os.Chmod(..., 0o222) below is not
+		// enough for the file to be readonly, and os.Chmod(...,
+		// 0000) returns an invalid argument error. Skipping
+		// this this until a compatible implementation is
+		// provided.
+		t.Skip("skipping on windows")
+	}
+
+	var srcdir, dstdir string
+
+	dir := t.TempDir()
+
+	srcdir = filepath.Join(dir, "src")
+	if err := os.MkdirAll(srcdir, 0o750); err != nil {
+		t.Fatal(err)
+	}
+
+	srcfn := filepath.Join(srcdir, "file")
+	srcf, err := os.Create(srcfn)
+	if err != nil {
+		t.Fatal(err)
+	}
+	srcf.Close()
+
+	// setup source file so that it cannot be read
+	if err = os.Chmod(srcfn, 0o220); err != nil {
+		t.Fatal(err)
+	}
+
+	dstdir = filepath.Join(dir, "dst")
+
+	if err = CopyDir(srcdir, dstdir); err == nil {
+		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
+	}
+}
+
+func TestCopyFile(t *testing.T) {
+	dir := t.TempDir()
+
+	srcf, err := os.Create(filepath.Join(dir, "srcfile"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	want := "hello world"
+	if _, err := srcf.Write([]byte(want)); err != nil {
+		t.Fatal(err)
+	}
+	srcf.Close()
+
+	destf := filepath.Join(dir, "destf")
+	if err := copyFile(srcf.Name(), destf); err != nil {
+		t.Fatal(err)
+	}
+
+	got, err := os.ReadFile(destf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if want != string(got) {
+		t.Fatalf("expected: %s, got: %s", want, string(got))
+	}
+
+	wantinfo, err := os.Stat(srcf.Name())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	gotinfo, err := os.Stat(destf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if wantinfo.Mode() != gotinfo.Mode() {
+		t.Fatalf("expected %s: %#v\n to be the same mode as %s: %#v", srcf.Name(), wantinfo.Mode(), destf, gotinfo.Mode())
+	}
+}
+
+func TestCopyFileSymlink(t *testing.T) {
+	dir := t.TempDir()
+	defer cleanUpDir(dir)
+
+	testcases := map[string]string{
+		filepath.Join("./testdata/symlinks/file-symlink"):         filepath.Join(dir, "dst-file"),
+		filepath.Join("./testdata/symlinks/windows-file-symlink"): filepath.Join(dir, "windows-dst-file"),
+		filepath.Join("./testdata/symlinks/invalid-symlink"):      filepath.Join(dir, "invalid-symlink"),
+	}
+
+	for symlink, dst := range testcases {
+		t.Run(symlink, func(t *testing.T) {
+			var err error
+			if err = copyFile(symlink, dst); err != nil {
+				t.Fatalf("failed to copy symlink: %s", err)
+			}
+
+			var want, got string
+
+			if runtime.GOOS == "windows" {
+				// Creating symlinks on Windows require an additional permission
+				// regular users aren't granted usually. So we copy the file
+				// content as a fall back instead of creating a real symlink.
+				srcb, err := os.ReadFile(symlink)
+				if err != nil {
+					t.Fatalf("%+v", err)
+				}
+				dstb, err := os.ReadFile(dst)
+				if err != nil {
+					t.Fatalf("%+v", err)
+				}
+
+				want = string(srcb)
+				got = string(dstb)
+			} else {
+				want, err = os.Readlink(symlink)
+				if err != nil {
+					t.Fatalf("%+v", err)
+				}
+
+				got, err = os.Readlink(dst)
+				if err != nil {
+					t.Fatalf("could not resolve symlink: %s", err)
+				}
+			}
+
+			if want != got {
+				t.Fatalf("resolved path is incorrect. expected %s, got %s", want, got)
+			}
+		})
+	}
+}
+
+func TestCopyFileLongFilePath(t *testing.T) {
+	if runtime.GOOS != "windows" {
+		// We want to ensure the temporary fix actually fixes the issue with
+		// os.Chmod and long file paths. This is only applicable on Windows.
+		t.Skip("skipping on non-windows")
+	}
+
+	dir := t.TempDir()
+
+	// Create a directory with a long-enough path name to cause the bug in #774.
+	dirName := ""
+	for len(dir+string(os.PathSeparator)+dirName) <= 300 {
+		dirName += "directory"
+	}
+
+	fullPath := filepath.Join(dir, dirName, string(os.PathSeparator))
+	if err := os.MkdirAll(fullPath, 0o750); err != nil && !os.IsExist(err) {
+		t.Fatalf("%+v", fmt.Errorf("unable to create temp directory: %s", fullPath))
+	}
+
+	err := os.WriteFile(fullPath+"src", []byte(nil), 0o640)
+	if err != nil {
+		t.Fatalf("%+v", err)
+	}
+
+	err = copyFile(fullPath+"src", fullPath+"dst")
+	if err != nil {
+		t.Fatalf("unexpected error while copying file: %v", err)
+	}
+}
+
+// C:\Users\appveyor\AppData\Local\Temp\1\gotest639065787\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890
+
+func TestCopyFileFail(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// XXX: setting permissions works differently in
+		// Microsoft Windows. Skipping this this until a
+		// compatible implementation is provided.
+		t.Skip("skipping on windows")
+	}
+
+	dir := t.TempDir()
+
+	srcf, err := os.Create(filepath.Join(dir, "srcfile"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	srcf.Close()
+
+	var dstdir string
+
+	setupInaccessibleDir(t, func(dir string) error {
+		dstdir = filepath.Join(dir, "dir")
+		return os.Mkdir(dstdir, 0o770)
+	})
+
+	fn := filepath.Join(dstdir, "file")
+	if err := copyFile(srcf.Name(), fn); err == nil {
+		t.Fatalf("expected error for %s, got none", fn)
+	}
+}
+
+// setupInaccessibleDir creates a temporary location with a single
+// directory in it, in such a way that that directory is not accessible
+// after this function returns.
+//
+// op is called with the directory as argument, so that it can create
+// files or other test artifacts.
+//
+// If setupInaccessibleDir fails in its preparation, or op fails, t.Fatal
+// will be invoked.
+func setupInaccessibleDir(t *testing.T, op func(dir string) error) {
+	dir, err := os.MkdirTemp("", "dep")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	subdir := filepath.Join(dir, "dir")
+
+	t.Cleanup(func() {
+		if err := os.Chmod(subdir, 0o770); err != nil {
+			t.Error(err)
+		}
+	})
+
+	if err := os.Mkdir(subdir, 0o770); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := op(subdir); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := os.Chmod(subdir, 0o660); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestIsDir(t *testing.T) {
+	wd, err := os.Getwd()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var dn string
+
+	setupInaccessibleDir(t, func(dir string) error {
+		dn = filepath.Join(dir, "dir")
+		return os.Mkdir(dn, 0o770)
+	})
+
+	tests := map[string]struct {
+		exists bool
+		err    bool
+	}{
+		wd:                            {true, false},
+		filepath.Join(wd, "testdata"): {true, false},
+		filepath.Join(wd, "main.go"):  {false, true},
+		filepath.Join(wd, "this_file_does_not_exist.thing"): {false, true},
+		dn: {false, true},
+	}
+
+	if runtime.GOOS == "windows" {
+		// This test doesn't work on Microsoft Windows because
+		// of the differences in how file permissions are
+		// implemented. For this to work, the directory where
+		// the directory exists should be inaccessible.
+		delete(tests, dn)
+	}
+
+	for f, want := range tests {
+		got, err := IsDir(f)
+		if err != nil && !want.err {
+			t.Fatalf("expected no error, got %v", err)
+		}
+
+		if got != want.exists {
+			t.Fatalf("expected %t for %s, got %t", want.exists, f, got)
+		}
+	}
+}
+
+func TestIsSymlink(t *testing.T) {
+	dir := t.TempDir()
+
+	dirPath := filepath.Join(dir, "directory")
+	if err := os.MkdirAll(dirPath, 0o770); err != nil {
+		t.Fatal(err)
+	}
+
+	filePath := filepath.Join(dir, "file")
+	f, err := os.Create(filePath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	dirSymlink := filepath.Join(dir, "dirSymlink")
+	fileSymlink := filepath.Join(dir, "fileSymlink")
+
+	if err = os.Symlink(dirPath, dirSymlink); err != nil {
+		t.Fatal(err)
+	}
+	if err = os.Symlink(filePath, fileSymlink); err != nil {
+		t.Fatal(err)
+	}
+
+	var (
+		inaccessibleFile    string
+		inaccessibleSymlink string
+	)
+
+	setupInaccessibleDir(t, func(dir string) error {
+		inaccessibleFile = filepath.Join(dir, "file")
+		if fh, err := os.Create(inaccessibleFile); err != nil {
+			return err
+		} else if err = fh.Close(); err != nil {
+			return err
+		}
+
+		inaccessibleSymlink = filepath.Join(dir, "symlink")
+		return os.Symlink(inaccessibleFile, inaccessibleSymlink)
+	})
+
+	tests := map[string]struct{ expected, err bool }{
+		dirPath:             {false, false},
+		filePath:            {false, false},
+		dirSymlink:          {true, false},
+		fileSymlink:         {true, false},
+		inaccessibleFile:    {false, true},
+		inaccessibleSymlink: {false, true},
+	}
+
+	if runtime.GOOS == "windows" {
+		// XXX: setting permissions works differently in Windows. Skipping
+		// these cases until a compatible implementation is provided.
+		delete(tests, inaccessibleFile)
+		delete(tests, inaccessibleSymlink)
+	}
+
+	for path, want := range tests {
+		got, err := IsSymlink(path)
+		if err != nil {
+			if !want.err {
+				t.Errorf("expected no error, got %v", err)
+			}
+		}
+
+		if got != want.expected {
+			t.Errorf("expected %t for %s, got %t", want.expected, path, got)
+		}
+	}
+}
+
+func cleanUpDir(dir string) {
+	if dir != "" {
+		os.RemoveAll(dir)
+	}
+}
diff --git a/pkg/oci/client/internal/fs/rename.go b/pkg/oci/client/internal/fs/rename.go
new file mode 100644
index 000000000..bad1f4778
--- /dev/null
+++ b/pkg/oci/client/internal/fs/rename.go
@@ -0,0 +1,31 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !windows
+// +build !windows
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+)
+
+// renameFallback attempts to determine the appropriate fallback to failed rename
+// operation depending on the resulting error.
+func renameFallback(err error, src, dst string) error {
+	// Rename may fail if src and dst are on different devices; fall back to
+	// copy if we detect that case. syscall.EXDEV is the common name for the
+	// cross device link error which has varying output text across different
+	// operating systems.
+	terr, ok := err.(*os.LinkError)
+	if !ok {
+		return err
+	} else if terr.Err != syscall.EXDEV {
+		return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
+	}
+
+	return renameByCopy(src, dst)
+}
diff --git a/pkg/oci/client/internal/fs/rename_windows.go b/pkg/oci/client/internal/fs/rename_windows.go
new file mode 100644
index 000000000..fa9a0b4d9
--- /dev/null
+++ b/pkg/oci/client/internal/fs/rename_windows.go
@@ -0,0 +1,42 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+)
+
+// renameFallback attempts to determine the appropriate fallback to failed rename
+// operation depending on the resulting error.
+func renameFallback(err error, src, dst string) error {
+	// Rename may fail if src and dst are on different devices; fall back to
+	// copy if we detect that case. syscall.EXDEV is the common name for the
+	// cross device link error which has varying output text across different
+	// operating systems.
+	terr, ok := err.(*os.LinkError)
+	if !ok {
+		return err
+	}
+
+	if terr.Err != syscall.EXDEV {
+		// In windows it can drop down to an operating system call that
+		// returns an operating system error with a different number and
+		// message. Checking for that as a fall back.
+		noerr, ok := terr.Err.(syscall.Errno)
+
+		// 0x11 (ERROR_NOT_SAME_DEVICE) is the windows error.
+		// See https://msdn.microsoft.com/en-us/library/cc231199.aspx
+		if ok && noerr != 0x11 {
+			return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
+		}
+	}
+
+	return renameByCopy(src, dst)
+}
diff --git a/pkg/oci/client/internal/fs/testdata/test.file b/pkg/oci/client/internal/fs/testdata/test.file
new file mode 100644
index 000000000..e69de29bb
diff --git a/pkg/oci/client/list.go b/pkg/oci/client/list.go
new file mode 100644
index 000000000..32fb82f5f
--- /dev/null
+++ b/pkg/oci/client/list.go
@@ -0,0 +1,134 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/Masterminds/semver/v3"
+	"github.com/google/go-containerregistry/pkg/crane"
+	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
+
+	"github.com/fluxcd/pkg/version"
+)
+
+// ListOptions contains options for listing tags from an OCI repository.
+type ListOptions struct {
+	// SemverFilter contains semver for filtering tags.
+	SemverFilter string
+	// RegexFilter contains a regex that tags will be filtered by.
+	RegexFilter string
+	// IncludeCosignArtifacts can be used to include cosign attestation,
+	// signature and SBOM tags in the list, as these are excluded by default.
+	IncludeCosignArtifacts bool
+}
+
+// List fetches the tags and their manifests for a given OCI repository.
+func (c *Client) List(ctx context.Context, url string, opts ListOptions) ([]Metadata, error) {
+	metas := make([]Metadata, 0)
+	tags, err := crane.ListTags(url, c.options...)
+	if err != nil {
+		return nil, fmt.Errorf("listing tags failed: %w", err)
+	}
+
+	sort.Slice(tags, func(i, j int) bool { return tags[i] > tags[j] })
+
+	var constraint *semver.Constraints
+	if opts.SemverFilter != "" {
+		constraint, err = semver.NewConstraint(opts.SemverFilter)
+		if err != nil {
+			return nil, fmt.Errorf("semver '%s' parse error: %w", opts.SemverFilter, err)
+		}
+	}
+
+	var re *regexp.Regexp
+	if opts.RegexFilter != "" {
+		re, err = regexp.Compile(opts.RegexFilter)
+		if err != nil {
+			return nil, fmt.Errorf("regex '%s' parse error: %w", opts.RegexFilter, err)
+		}
+	}
+
+	for _, tag := range tags {
+		// ignore cosign artifacts by default
+		if !opts.IncludeCosignArtifacts && IsCosignArtifact(tag) {
+			continue
+		}
+
+		if constraint != nil {
+			v, err := version.ParseVersion(tag)
+			// version isn't a valid semver so we can skip
+			if err != nil {
+				continue
+			}
+
+			if !constraint.Check(v) {
+				continue
+			}
+		}
+
+		if re != nil && !re.Match([]byte(tag)) {
+			continue
+		}
+
+		meta := Metadata{
+			URL: fmt.Sprintf("%s:%s", url, tag),
+		}
+
+		manifestJSON, err := crane.Manifest(meta.URL, c.optionsWithContext(ctx)...)
+		if err != nil {
+			return nil, fmt.Errorf("fetching manifest failed: %w", err)
+		}
+
+		manifest, err := gcrv1.ParseManifest(bytes.NewReader(manifestJSON))
+		if err != nil {
+			return nil, fmt.Errorf("parsing manifest failed: %w", err)
+		}
+
+		manifestMetadata := MetadataFromAnnotations(manifest.Annotations)
+		meta.Revision = manifestMetadata.Revision
+		meta.Source = manifestMetadata.Source
+		meta.Created = manifestMetadata.Created
+
+		digest, err := crane.Digest(meta.URL, c.optionsWithContext(ctx)...)
+		if err != nil {
+			return nil, fmt.Errorf("fetching digest failed: %w", err)
+		}
+		meta.Digest = digest
+
+		metas = append(metas, meta)
+	}
+
+	return metas, nil
+}
+
+// IsCosignArtifact will return true if the tag has one of the following suffices:
+// ".att", ".sbom", or ".sig". These are the suffices used by cosign to store the
+// attestations, SBOMs, and signatures respectively.
+func IsCosignArtifact(tag string) bool {
+	for _, suffix := range []string{".att", ".sbom", ".sig"} {
+		if strings.HasSuffix(tag, suffix) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/oci/client/list_test.go b/pkg/oci/client/list_test.go
new file mode 100644
index 000000000..fb14659e7
--- /dev/null
+++ b/pkg/oci/client/list_test.go
@@ -0,0 +1,144 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/random"
+	. "github.com/onsi/gomega"
+)
+
+func Test_List(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	repo := "test-list" + randStringRunes(5)
+	appTags := []string{
+		"v0.0.1", "v0.0.2", "v0.0.3", "v6.0.0", "v6.0.1", "v6.0.2", "v6.0.2-rc.1", "v6.0.2-alpha",
+		"staging-fb3355b",
+	}
+	cosignTags := []string{
+		"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.sig",
+		"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.sbom",
+		"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.att",
+	}
+	allTags := append([]string{}, cosignTags...)
+	allTags = append(allTags, appTags...)
+
+	source := "github.com/fluxcd/fluxv2"
+	rev := "rev"
+	ct := time.Now()
+	m := Metadata{
+		Source:   source,
+		Revision: rev,
+		Created:  ct.Format(time.RFC3339),
+	}
+
+	for _, tag := range allTags {
+		dst := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
+		img, err := random.Image(1024, 1)
+		g.Expect(err).ToNot(HaveOccurred())
+		img = mutate.Annotations(img, m.ToAnnotations()).(gcrv1.Image)
+		err = crane.Push(img, dst, c.options...)
+		g.Expect(err).ToNot(HaveOccurred())
+	}
+
+	tests := []struct {
+		name                   string
+		regexFilter            string
+		semverFilter           string
+		expectedTags           []string
+		includeCosignArtifacts bool
+	}{
+		{
+			name:         "list all app tags",
+			expectedTags: appTags,
+		},
+		{
+			name:                   "list all tags (including cosign)",
+			includeCosignArtifacts: true,
+			expectedTags:           allTags,
+		},
+		{
+			name:         "list 6.0.x tags",
+			semverFilter: "6.0.x",
+			expectedTags: []string{"v6.0.0", "v6.0.1", "v6.0.2"},
+		},
+		{
+			name:         "list tags starting with staging",
+			regexFilter:  "^staging.*$",
+			expectedTags: []string{"staging-fb3355b"},
+		},
+		{
+			name:         "filter for alpha 6.0.x",
+			semverFilter: ">=6.0.0-rc",
+			regexFilter:  "alpha",
+			expectedTags: []string{"v6.0.2-alpha"},
+		},
+		{
+			name:                   "list cosign tags",
+			regexFilter:            "sha256-.*..*",
+			includeCosignArtifacts: true,
+			expectedTags: []string{
+				"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.sig",
+				"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.sbom",
+				"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.att",
+			},
+		},
+		{
+			name:                   "list cosign signature",
+			regexFilter:            "sha256-.*.sig",
+			includeCosignArtifacts: true,
+			expectedTags: []string{
+				"sha256-e2688bb75ee43df49c9bfb2aa30dd98173649db53955e87c347024ba71bc1c80.sig",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			metadata, err := c.List(ctx, fmt.Sprintf("%s/%s", dockerReg, repo), ListOptions{
+				SemverFilter:           tt.semverFilter,
+				RegexFilter:            tt.regexFilter,
+				IncludeCosignArtifacts: tt.includeCosignArtifacts,
+			})
+			g.Expect(err).ToNot(HaveOccurred())
+
+			g.Expect(len(metadata)).To(Equal(len(tt.expectedTags)))
+			for _, meta := range metadata {
+				tag, err := name.NewTag(meta.URL)
+				g.Expect(err).ToNot(HaveOccurred())
+				g.Expect(tag.TagStr()).Should(BeElementOf(tt.expectedTags))
+
+				g.Expect(meta.ToAnnotations()).To(Equal(m.ToAnnotations()))
+
+				digest, err := crane.Digest(meta.URL, c.options...)
+				g.Expect(err).ToNot(HaveOccurred())
+				g.Expect(meta.Digest).To(Equal(digest))
+			}
+		})
+	}
+}
diff --git a/pkg/oci/client/login.go b/pkg/oci/client/login.go
new file mode 100644
index 000000000..313b2a05e
--- /dev/null
+++ b/pkg/oci/client/login.go
@@ -0,0 +1,93 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/fluxcd/pkg/oci"
+	"github.com/fluxcd/pkg/oci/auth/aws"
+	"github.com/fluxcd/pkg/oci/auth/azure"
+	"github.com/fluxcd/pkg/oci/auth/gcp"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// LoginWithCredentials configures the client with static credentials, accepts a single token
+// or a user:password format.
+func (c *Client) LoginWithCredentials(credentials string) error {
+	auth, err := GetAuthFromCredentials(credentials)
+	if err != nil {
+		return err
+	}
+
+	c.options = append(c.options, crane.WithAuth(auth))
+	return nil
+}
+
+// GetAuthFromCredentials returns an authn.Authenticator for the static credentials, accepts a single token
+// or a user:password format.
+func GetAuthFromCredentials(credentials string) (authn.Authenticator, error) {
+	var authConfig authn.AuthConfig
+
+	if credentials == "" {
+		return nil, errors.New("credentials cannot be empty")
+	}
+
+	parts := strings.SplitN(credentials, ":", 2)
+
+	if len(parts) == 1 {
+		authConfig = authn.AuthConfig{RegistryToken: parts[0]}
+	} else {
+		authConfig = authn.AuthConfig{Username: parts[0], Password: parts[1]}
+	}
+
+	return authn.FromConfig(authConfig), nil
+}
+
+// LoginWithProvider configures the client to log in to the specified provider
+func (c *Client) LoginWithProvider(ctx context.Context, url string, provider oci.Provider) error {
+	var authenticator authn.Authenticator
+	var err error
+
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return fmt.Errorf("could not create reference from url '%s': %w", url, err)
+	}
+
+	switch provider {
+	case oci.ProviderAWS:
+		authenticator, err = aws.NewClient().Login(ctx, true, url)
+	case oci.ProviderGCP:
+		authenticator, err = gcp.NewClient().Login(ctx, true, url, ref)
+	case oci.ProviderAzure:
+		authenticator, err = azure.NewClient().Login(ctx, true, url, ref)
+	default:
+		return errors.New(fmt.Sprintf("unsupported provider"))
+	}
+
+	if err != nil {
+		return fmt.Errorf("could not login to provider %v with url %s: %w", provider, url, err)
+	}
+
+	c.options = append(c.options, crane.WithAuth(authenticator))
+	return nil
+}
diff --git a/pkg/oci/client/login_test.go b/pkg/oci/client/login_test.go
new file mode 100644
index 000000000..bb6e9d52e
--- /dev/null
+++ b/pkg/oci/client/login_test.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	. "github.com/onsi/gomega"
+)
+
+type mockTransport struct {
+	request  *http.Request
+	response *http.Response
+	err      error
+}
+
+func (m *mockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	m.request = req.Clone(context.TODO())
+	return m.response, m.err
+}
+
+func Test_Login(t *testing.T) {
+	tests := []struct {
+		name         string
+		creds        string
+		expectedAuth string
+	}{
+		{
+			name:         "credentials with username and password",
+			creds:        "username:password",
+			expectedAuth: "Basic dXNlcm5hbWU6cGFzc3dvcmQ=",
+		},
+		{
+			name:         "credentials like a pat-token",
+			creds:        "pat-token",
+			expectedAuth: "Bearer pat-token",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			c := NewClient(DefaultOptions())
+			ctx := context.Background()
+			err := c.LoginWithCredentials(tt.creds)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			transportFunc := mockTransport{
+				response: &http.Response{
+					StatusCode: http.StatusOK,
+					Body:       ioutil.NopCloser(strings.NewReader(`{}`)),
+				},
+			}
+
+			c.options = append(c.options, crane.WithTransport(&transportFunc))
+
+			err = crane.Delete(fmt.Sprintf("%s/%s:%s", dockerReg, "test", "test"), c.optionsWithContext(ctx)...)
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(transportFunc.request).ToNot(BeNil())
+			g.Expect(transportFunc.request.Header.Get("Authorization")).To(Equal(tt.expectedAuth))
+		})
+	}
+}
diff --git a/pkg/oci/client/meta.go b/pkg/oci/client/meta.go
new file mode 100644
index 000000000..592f8234a
--- /dev/null
+++ b/pkg/oci/client/meta.go
@@ -0,0 +1,57 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"github.com/fluxcd/pkg/oci"
+)
+
+// Metadata holds the upstream information about on artifact's source.
+// https://github.com/opencontainers/image-spec/blob/main/annotations.md
+type Metadata struct {
+	Created     string            `json:"created,omitempty"`
+	Source      string            `json:"source_url,omitempty"`
+	Revision    string            `json:"source_revision,omitempty"`
+	Digest      string            `json:"digest"`
+	URL         string            `json:"url"`
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// ToAnnotations returns the OpenContainers annotations map.
+func (m *Metadata) ToAnnotations() map[string]string {
+	annotations := map[string]string{
+		oci.CreatedAnnotation:  m.Created,
+		oci.SourceAnnotation:   m.Source,
+		oci.RevisionAnnotation: m.Revision,
+	}
+
+	for k, v := range m.Annotations {
+		annotations[k] = v
+	}
+
+	return annotations
+}
+
+// MetadataFromAnnotations parses the OpenContainers annotations and returns a Metadata object.
+func MetadataFromAnnotations(annotations map[string]string) *Metadata {
+	return &Metadata{
+		Created:     annotations[oci.CreatedAnnotation],
+		Source:      annotations[oci.SourceAnnotation],
+		Revision:    annotations[oci.RevisionAnnotation],
+		Annotations: annotations,
+	}
+}
diff --git a/pkg/oci/client/pull.go b/pkg/oci/client/pull.go
new file mode 100644
index 000000000..b23452c26
--- /dev/null
+++ b/pkg/oci/client/pull.go
@@ -0,0 +1,74 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+
+	"github.com/fluxcd/pkg/tar"
+)
+
+// Pull downloads an artifact from an OCI repository and extracts the content to the given directory.
+func (c *Client) Pull(ctx context.Context, url, outDir string) (*Metadata, error) {
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return nil, fmt.Errorf("invalid URL: %w", err)
+	}
+
+	img, err := crane.Pull(url, c.optionsWithContext(ctx)...)
+	if err != nil {
+		return nil, err
+	}
+
+	digest, err := img.Digest()
+	if err != nil {
+		return nil, fmt.Errorf("parsing digest failed: %w", err)
+	}
+
+	manifest, err := img.Manifest()
+	if err != nil {
+		return nil, fmt.Errorf("parsing manifest failed: %w", err)
+	}
+
+	meta := MetadataFromAnnotations(manifest.Annotations)
+	meta.URL = url
+	meta.Digest = ref.Context().Digest(digest.String()).String()
+
+	layers, err := img.Layers()
+	if err != nil {
+		return nil, fmt.Errorf("failed to list layers: %w", err)
+	}
+
+	if len(layers) < 1 {
+		return nil, fmt.Errorf("no layers found in artifact")
+	}
+
+	blob, err := layers[0].Compressed()
+	if err != nil {
+		return nil, fmt.Errorf("extracting first layer failed: %w", err)
+	}
+
+	if err = tar.Untar(blob, outDir, tar.WithMaxUntarSize(-1), tar.WithSkipSymlinks()); err != nil {
+		return nil, fmt.Errorf("failed to untar first layer: %w", err)
+	}
+
+	return meta, nil
+}
diff --git a/pkg/oci/client/pull_test.go b/pkg/oci/client/pull_test.go
new file mode 100644
index 000000000..772ffd202
--- /dev/null
+++ b/pkg/oci/client/pull_test.go
@@ -0,0 +1,84 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+	"testing"
+
+	"github.com/fluxcd/pkg/oci"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	. "github.com/onsi/gomega"
+)
+
+func Test_PullAnyTarball(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	testDir := "testdata/artifact"
+
+	tag := "latest"
+	repo := "test-no-annotations" + randStringRunes(5)
+
+	dst := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
+
+	artifact := filepath.Join(t.TempDir(), "artifact.tgz")
+	g.Expect(c.Build(artifact, testDir, nil)).To(Succeed())
+
+	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
+	img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
+
+	layer, err := tarball.LayerFromFile(artifact, tarball.WithMediaType("application/vnd.acme.some.content.layer.v1.tar+gzip"))
+	g.Expect(err).ToNot(HaveOccurred())
+
+	img, err = mutate.Append(img, mutate.Addendum{Layer: layer})
+	g.Expect(err).ToNot(HaveOccurred())
+
+	g.Expect(crane.Push(img, dst, c.optionsWithContext(ctx)...)).ToNot(HaveOccurred())
+
+	extractTo := filepath.Join(t.TempDir(), "artifact")
+	m, err := c.Pull(ctx, dst, extractTo)
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(m).ToNot(BeNil())
+	g.Expect(m.Annotations).To(BeEmpty())
+	g.Expect(m.Created).To(BeEmpty())
+	g.Expect(m.Revision).To(BeEmpty())
+	g.Expect(m.Source).To(BeEmpty())
+	g.Expect(m.URL).To(Equal(dst))
+	g.Expect(m.Digest).ToNot(BeEmpty())
+	g.Expect(extractTo).To(BeADirectory())
+
+	for _, entry := range []string{
+		"deploy",
+		"deploy/repo.yaml",
+		"deployment.yaml",
+		"ignore-dir",
+		"ignore-dir/deployment.yaml",
+		"ignore.txt",
+		"somedir",
+		"somedir/repo.yaml",
+		"somedir/git/repo.yaml",
+	} {
+		g.Expect(extractTo + "/" + entry).To(Or(BeAnExistingFile(), BeADirectory()))
+	}
+}
diff --git a/pkg/oci/client/push.go b/pkg/oci/client/push.go
new file mode 100644
index 000000000..356a119fd
--- /dev/null
+++ b/pkg/oci/client/push.go
@@ -0,0 +1,86 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+// Push creates an artifact from the given directory, uploads the artifact
+// to the given OCI repository and returns the digest.
+func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata, ignorePaths []string) (string, error) {
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return "", fmt.Errorf("invalid URL: %w", err)
+	}
+
+	tmpDir, err := os.MkdirTemp("", "oci")
+	if err != nil {
+		return "", err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	tmpFile := filepath.Join(tmpDir, "artifact.tgz")
+
+	if err := c.Build(tmpFile, sourceDir, ignorePaths); err != nil {
+		return "", err
+	}
+
+	if meta.Created == "" {
+		ct := time.Now().UTC()
+		meta.Created = ct.Format(time.RFC3339)
+	}
+
+	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
+	img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
+	img = mutate.Annotations(img, meta.ToAnnotations()).(gcrv1.Image)
+
+	layer, err := tarball.LayerFromFile(tmpFile, tarball.WithMediaType(oci.CanonicalContentMediaType))
+	if err != nil {
+		return "", fmt.Errorf("creating content layer failed: %w", err)
+	}
+
+	img, err = mutate.Append(img, mutate.Addendum{Layer: layer})
+	if err != nil {
+		return "", fmt.Errorf("appeding content to artifact failed: %w", err)
+	}
+
+	if err := crane.Push(img, url, c.optionsWithContext(ctx)...); err != nil {
+		return "", fmt.Errorf("pushing artifact failed: %w", err)
+	}
+
+	digest, err := img.Digest()
+	if err != nil {
+		return "", fmt.Errorf("parsing artifact digest failed: %w", err)
+	}
+
+	return ref.Context().Digest(digest.String()).String(), err
+}
diff --git a/pkg/oci/client/push_pull_test.go b/pkg/oci/client/push_pull_test.go
new file mode 100644
index 000000000..0d17aeca3
--- /dev/null
+++ b/pkg/oci/client/push_pull_test.go
@@ -0,0 +1,110 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	. "github.com/onsi/gomega"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+func Test_Push_Pull(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	testDir := "testdata/artifact"
+	tag := "v0.0.1"
+	source := "github.com/fluxcd/flux2"
+	revision := "rev"
+	repo := "test-push" + randStringRunes(5)
+	ct := time.Now().UTC()
+	created := ct.Format(time.RFC3339)
+
+	url := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
+	metadata := Metadata{
+		Source:   source,
+		Revision: revision,
+		Created:  created,
+		Annotations: map[string]string{
+			"org.opencontainers.image.documentation": "https://my/readme.md",
+			"org.opencontainers.image.licenses":      "Apache-2.0",
+		},
+	}
+
+	// Build and push the artifact to registry
+	_, err := c.Push(ctx, url, testDir, metadata, nil)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	// Verify that the artifact and its tag is present in the registry
+	tags, err := crane.ListTags(fmt.Sprintf("%s/%s", dockerReg, repo))
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(len(tags)).To(BeEquivalentTo(1))
+	g.Expect(tags[0]).To(BeEquivalentTo(tag))
+
+	// Pull the artifact from registry
+	image, err := crane.Pull(fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag))
+	g.Expect(err).ToNot(HaveOccurred())
+
+	// Extract the manifest from the pulled artifact
+	manifest, err := image.Manifest()
+	g.Expect(err).ToNot(HaveOccurred())
+
+	// Verify that annotations exist in manifest
+	g.Expect(manifest.Annotations[oci.CreatedAnnotation]).To(BeEquivalentTo(created))
+	g.Expect(manifest.Annotations[oci.SourceAnnotation]).To(BeEquivalentTo(source))
+	g.Expect(manifest.Annotations[oci.RevisionAnnotation]).To(BeEquivalentTo(revision))
+
+	// Verify media types
+	g.Expect(manifest.MediaType).To(Equal(types.OCIManifestSchema1))
+	g.Expect(manifest.Config.MediaType).To(BeEquivalentTo(oci.CanonicalConfigMediaType))
+	g.Expect(len(manifest.Layers)).To(BeEquivalentTo(1))
+	g.Expect(manifest.Layers[0].MediaType).To(BeEquivalentTo(oci.CanonicalContentMediaType))
+
+	tmpDir := t.TempDir()
+
+	// Pull the artifact from registry and extract its contents to tmp
+	meta, err := c.Pull(ctx, url, tmpDir)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	// Verify custom annotations
+	g.Expect(meta.Annotations["org.opencontainers.image.documentation"]).To(BeEquivalentTo("https://my/readme.md"))
+	g.Expect(meta.Annotations["org.opencontainers.image.licenses"]).To(BeEquivalentTo("Apache-2.0"))
+
+	// Walk the test directory and check that all files exist in the pulled artifact
+	fsErr := filepath.Walk(testDir, func(path string, info fs.FileInfo, err error) error {
+		if !info.IsDir() {
+			tmpPath := filepath.Join(tmpDir, strings.TrimPrefix(path, testDir))
+			if _, err := os.Stat(tmpPath); err != nil && os.IsNotExist(err) {
+				return fmt.Errorf("path '%s' doesn't exist in archive", path)
+			}
+		}
+
+		return nil
+	})
+	g.Expect(fsErr).ToNot(HaveOccurred())
+}
diff --git a/pkg/oci/client/retry_transport.go b/pkg/oci/client/retry_transport.go
new file mode 100644
index 000000000..a55452765
--- /dev/null
+++ b/pkg/oci/client/retry_transport.go
@@ -0,0 +1,91 @@
+/*
+Copyright 2023 The Flux authors
+Copyright 2018 Google LLC All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http"
+	"syscall"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/logs"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+// WithRetryTransport returns a crane.Option for setting transport that uses the  backoff for retries
+//
+// Most parts(including the functions below) are copied from https://github.com/google/go-containerregistry/blob/v0.14.0/pkg/v1/remote/options.go#L152
+// so we have the same transport used in the library but with a different retry backoff.
+func WithRetryTransport(ctx context.Context, ref name.Reference, auth authn.Authenticator, backoff remote.Backoff, scopes []string) (crane.Option, error) {
+	var retryTransport http.RoundTripper
+	retryTransport = remote.DefaultTransport.(*http.Transport).Clone()
+	if logs.Enabled(logs.Debug) {
+		retryTransport = transport.NewLogger(retryTransport)
+	}
+	retryTransport = transport.NewRetry(retryTransport,
+		transport.WithRetryPredicate(defaultRetryPredicate),
+		transport.WithRetryStatusCodes(retryableStatusCodes...),
+		transport.WithRetryBackoff(backoff))
+	retryTransport = transport.NewUserAgent(retryTransport, oci.UserAgent)
+
+	t, err := transport.NewWithContext(ctx, ref.Context().Registry, auth, retryTransport, scopes)
+	if err != nil {
+		return nil, err
+	}
+	return crane.WithTransport(t), nil
+}
+
+var defaultRetryPredicate = func(err error) bool {
+	// Various failure modes here, as we're often reading from and writing to
+	// the network.
+	if isTemporary(err) || errors.Is(err, io.ErrUnexpectedEOF) || errors.Is(err, io.EOF) || errors.Is(err, syscall.EPIPE) || errors.Is(err, syscall.ECONNRESET) {
+		logs.Warn.Printf("retrying %v", err)
+		return true
+	}
+	return false
+}
+
+type temporary interface {
+	Temporary() bool
+}
+
+// isTemporary returns true if err implements Temporary() and it returns true.
+func isTemporary(err error) bool {
+	if errors.Is(err, context.DeadlineExceeded) {
+		return false
+	}
+	if te, ok := err.(temporary); ok && te.Temporary() {
+		return true
+	}
+	return false
+}
+
+var retryableStatusCodes = []int{
+	http.StatusRequestTimeout,
+	http.StatusInternalServerError,
+	http.StatusBadGateway,
+	http.StatusServiceUnavailable,
+	http.StatusGatewayTimeout,
+}
diff --git a/pkg/oci/client/suite_test.go b/pkg/oci/client/suite_test.go
new file mode 100644
index 000000000..ac7650101
--- /dev/null
+++ b/pkg/oci/client/suite_test.go
@@ -0,0 +1,89 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"math/rand"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/distribution/distribution/v3/configuration"
+	dcontext "github.com/distribution/distribution/v3/context"
+	"github.com/distribution/distribution/v3/registry"
+	_ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
+	_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
+	"github.com/phayes/freeport"
+	"github.com/sirupsen/logrus"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+var (
+	dockerReg string
+)
+
+func setupRegistryServer(ctx context.Context) error {
+	// Registry config
+	config := &configuration.Configuration{}
+	config.Log.AccessLog.Disabled = true
+	config.Log.Level = "error"
+	logger := logrus.New()
+	logger.SetOutput(io.Discard)
+	dcontext.SetDefaultLogger(logrus.NewEntry(logger))
+	port, err := freeport.GetFreePort()
+	if err != nil {
+		return fmt.Errorf("failed to get free port: %s", err)
+	}
+
+	dockerReg = fmt.Sprintf("localhost:%d", port)
+	config.HTTP.Addr = fmt.Sprintf("127.0.0.1:%d", port)
+	config.HTTP.DrainTimeout = time.Duration(10) * time.Second
+	config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}}
+	dockerRegistry, err := registry.NewRegistry(ctx, config)
+	if err != nil {
+		return fmt.Errorf("failed to create docker registry: %w", err)
+	}
+
+	// Start Docker registry
+	go dockerRegistry.ListenAndServe()
+
+	return nil
+}
+
+func TestMain(m *testing.M) {
+	ctx := ctrl.SetupSignalHandler()
+	err := setupRegistryServer(ctx)
+	if err != nil {
+		panic(fmt.Sprintf("failed to start docker registry: %s", err))
+	}
+
+	code := m.Run()
+	os.Exit(code)
+}
+
+var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz1234567890")
+
+func randStringRunes(n int) string {
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+	}
+	return string(b)
+}
diff --git a/pkg/oci/client/tag.go b/pkg/oci/client/tag.go
new file mode 100644
index 000000000..84b737cb6
--- /dev/null
+++ b/pkg/oci/client/tag.go
@@ -0,0 +1,41 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// Tag creates a new tag for the given artifact using the same OCI repository as the origin.
+func (c *Client) Tag(ctx context.Context, url, tag string) (string, error) {
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return "", fmt.Errorf("invalid URL: %w", err)
+	}
+
+	if err := crane.Tag(url, tag, c.optionsWithContext(ctx)...); err != nil {
+		return "", err
+	}
+
+	dst := ref.Context().Tag(tag)
+
+	return dst.Name(), nil
+}
diff --git a/pkg/oci/client/tag_test.go b/pkg/oci/client/tag_test.go
new file mode 100644
index 000000000..54fa61117
--- /dev/null
+++ b/pkg/oci/client/tag_test.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/v1/random"
+	. "github.com/onsi/gomega"
+)
+
+func Test_Tag(t *testing.T) {
+	g := NewWithT(t)
+	ctx := context.Background()
+	c := NewClient(DefaultOptions())
+	testRepo := "test-tag"
+	url := fmt.Sprintf("%s/%s:v0.0.1", dockerReg, testRepo)
+	img, err := random.Image(1024, 1)
+	g.Expect(err).ToNot(HaveOccurred())
+	err = crane.Push(img, url, c.options...)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	_, err = c.Tag(ctx, url, "v0.0.2")
+	g.Expect(err).ToNot(HaveOccurred())
+
+	tags, err := crane.ListTags(fmt.Sprintf("%s/%s", dockerReg, testRepo))
+	g.Expect(err).ToNot(HaveOccurred())
+	g.Expect(len(tags)).To(BeEquivalentTo(2))
+	g.Expect(tags).To(BeEquivalentTo([]string{"v0.0.1", "v0.0.2"}))
+}
diff --git a/pkg/oci/client/testdata/artifact/deploy/repo.yaml b/pkg/oci/client/testdata/artifact/deploy/repo.yaml
new file mode 100644
index 000000000..41638a177
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/deploy/repo.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: default
+spec:
+  interval: 1m
+  url: https://stefanprodan.github.io/podinfo
diff --git a/pkg/oci/client/testdata/artifact/deployment.yaml b/pkg/oci/client/testdata/artifact/deployment.yaml
new file mode 100644
index 000000000..007ecd317
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.14.2
+          ports:
+            - containerPort: 80
diff --git a/pkg/oci/client/testdata/artifact/ignore-dir/deployment.yaml b/pkg/oci/client/testdata/artifact/ignore-dir/deployment.yaml
new file mode 100644
index 000000000..007ecd317
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/ignore-dir/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.14.2
+          ports:
+            - containerPort: 80
diff --git a/pkg/oci/client/testdata/artifact/ignore.txt b/pkg/oci/client/testdata/artifact/ignore.txt
new file mode 100644
index 000000000..828cf936f
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/ignore.txt
@@ -0,0 +1 @@
+excluded file
diff --git a/pkg/oci/client/testdata/artifact/somedir/git/repo.yaml b/pkg/oci/client/testdata/artifact/somedir/git/repo.yaml
new file mode 100644
index 000000000..253b76323
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/somedir/git/repo.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  interval: 2m
+  url: https://stefanprodan.github.io/podinfo
diff --git a/pkg/oci/client/testdata/artifact/somedir/repo.yaml b/pkg/oci/client/testdata/artifact/somedir/repo.yaml
new file mode 100644
index 000000000..253b76323
--- /dev/null
+++ b/pkg/oci/client/testdata/artifact/somedir/repo.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: flux-system
+spec:
+  interval: 2m
+  url: https://stefanprodan.github.io/podinfo
diff --git a/pkg/oci/client/url.go b/pkg/oci/client/url.go
new file mode 100644
index 000000000..63ec4cff1
--- /dev/null
+++ b/pkg/oci/client/url.go
@@ -0,0 +1,55 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/name"
+
+	"github.com/fluxcd/pkg/oci"
+)
+
+// ParseArtifactURL validates the OCI URL and returns the address of the artifact.
+func ParseArtifactURL(ociURL string) (string, error) {
+	if !strings.HasPrefix(ociURL, oci.OCIRepositoryPrefix) {
+		return "", fmt.Errorf("URL must be in format 'oci://<domain>/<org>/<repo>'")
+	}
+
+	url := strings.TrimPrefix(ociURL, oci.OCIRepositoryPrefix)
+	if _, err := name.ParseReference(url); err != nil {
+		return "", fmt.Errorf("'%s' invalid URL: %w", ociURL, err)
+	}
+
+	return url, nil
+}
+
+// ParseRepositoryURL validates the OCI URL and returns the address of the artifact repository.
+func ParseRepositoryURL(ociURL string) (string, error) {
+	if !strings.HasPrefix(ociURL, oci.OCIRepositoryPrefix) {
+		return "", fmt.Errorf("URL must be in format 'oci://<domain>/<org>/<repo>'")
+	}
+
+	url := strings.TrimPrefix(ociURL, oci.OCIRepositoryPrefix)
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return "", fmt.Errorf("'%s' invalid URL: %w", ociURL, err)
+	}
+
+	return ref.Context().Name(), nil
+}
diff --git a/pkg/oci/constants.go b/pkg/oci/constants.go
new file mode 100644
index 000000000..c11f469d0
--- /dev/null
+++ b/pkg/oci/constants.go
@@ -0,0 +1,54 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oci
+
+// Provider is used to categorize the OCI registry providers.
+type Provider int
+
+// Registry providers.
+const (
+	// ProviderGeneric is used to categorize registry provider that we don't
+	// support.
+	ProviderGeneric Provider = iota
+	ProviderAWS
+	ProviderGCP
+	ProviderAzure
+)
+
+// Registry TLS transport config.
+const (
+	ClientCert = "certFile"
+	ClientKey  = "keyFile"
+	CACert     = "caFile"
+)
+
+const (
+	// SourceAnnotation is the OpenContainers annotation for specifying
+	// the upstream source of an OCI artifact.
+	SourceAnnotation = "org.opencontainers.image.source"
+
+	// RevisionAnnotation is the OpenContainers annotation for specifying
+	// the upstream source revision of an OCI artifact.
+	RevisionAnnotation = "org.opencontainers.image.revision"
+
+	// CreatedAnnotation is the OpenContainers annotation for specifying
+	// the date and time on which the OCI artifact was built (RFC 3339).
+	CreatedAnnotation = "org.opencontainers.image.created"
+
+	// OCIRepositoryPrefix is the prefix used for OCIRepository URLs.
+	OCIRepositoryPrefix = "oci://"
+)
diff --git a/pkg/oci/doc.go b/pkg/oci/doc.go
new file mode 100644
index 000000000..3af362c15
--- /dev/null
+++ b/pkg/oci/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package oci contains OCI registry related helpers for the registries offered
+// by the various cloud providers. It can be used to perform various operations
+// like pushing, pulling and tagging artifacts, auto-login using the native
+// authentication mechanism of the platform, etc.
+// +kubebuilder:object:generate=false
+package oci
diff --git a/pkg/oci/errors.go b/pkg/oci/errors.go
new file mode 100644
index 000000000..b9b63e0e7
--- /dev/null
+++ b/pkg/oci/errors.go
@@ -0,0 +1,25 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oci
+
+import "errors"
+
+var (
+	// ErrUnconfiguredProvider is returned when the OCI registry provider is
+	// not configured.
+	ErrUnconfiguredProvider = errors.New("registry provider not configured")
+)
diff --git a/pkg/oci/globals.go b/pkg/oci/globals.go
new file mode 100644
index 000000000..4f21e6ebd
--- /dev/null
+++ b/pkg/oci/globals.go
@@ -0,0 +1,30 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oci
+
+import "github.com/google/go-containerregistry/pkg/v1/types"
+
+var (
+	// CanonicalConfigMediaType is the OCI media type for the config layer.
+	CanonicalConfigMediaType types.MediaType = "application/vnd.cncf.flux.config.v1+json"
+
+	// CanonicalContentMediaType is the OCI media type for the content layer.
+	CanonicalContentMediaType types.MediaType = "application/vnd.cncf.flux.content.v1.tar+gzip"
+
+	// UserAgent string used for OCI calls.
+	UserAgent = "flux/v2"
+)
diff --git a/pkg/oci/sourceignore/sourceignore.go b/pkg/oci/sourceignore/sourceignore.go
new file mode 100644
index 000000000..f31bbd9a2
--- /dev/null
+++ b/pkg/oci/sourceignore/sourceignore.go
@@ -0,0 +1,131 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sourceignore
+
+import (
+	"bufio"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+)
+
+const (
+	IgnoreFile   = ".sourceignore"
+	ExcludeVCS   = ".git/,.gitignore,.gitmodules,.gitattributes"
+	ExcludeExt   = "*.jpg,*.jpeg,*.gif,*.png,*.wmv,*.flv,*.tar.gz,*.zip"
+	ExcludeCI    = ".github/,.circleci/,.travis.yml,.gitlab-ci.yml,appveyor.yml,.drone.yml,cloudbuild.yaml,codeship-services.yml,codeship-steps.yml"
+	ExcludeExtra = "**/.goreleaser.yml,**/.sops.yaml,**/.flux.yaml"
+)
+
+// NewMatcher returns a gitignore.Matcher for the given gitignore.Pattern
+// slice. It mainly exists to compliment the API.
+func NewMatcher(ps []gitignore.Pattern) gitignore.Matcher {
+	return gitignore.NewMatcher(ps)
+}
+
+// NewDefaultMatcher returns a gitignore.Matcher with the DefaultPatterns
+// as lowest priority patterns.
+func NewDefaultMatcher(ps []gitignore.Pattern, domain []string) gitignore.Matcher {
+	var defaultPs []gitignore.Pattern
+	defaultPs = append(defaultPs, VCSPatterns(domain)...)
+	defaultPs = append(defaultPs, DefaultPatterns(domain)...)
+	ps = append(defaultPs, ps...)
+	return gitignore.NewMatcher(ps)
+}
+
+// VCSPatterns returns a gitignore.Pattern slice with ExcludeVCS
+// patterns.
+func VCSPatterns(domain []string) []gitignore.Pattern {
+	var ps []gitignore.Pattern
+	for _, p := range strings.Split(ExcludeVCS, ",") {
+		ps = append(ps, gitignore.ParsePattern(p, domain))
+	}
+	return ps
+}
+
+// DefaultPatterns returns a gitignore.Pattern slice with the default
+// ExcludeExt, ExcludeCI, ExcludeExtra patterns.
+func DefaultPatterns(domain []string) []gitignore.Pattern {
+	all := strings.Join([]string{ExcludeExt, ExcludeCI, ExcludeExtra}, ",")
+	var ps []gitignore.Pattern
+	for _, p := range strings.Split(all, ",") {
+		ps = append(ps, gitignore.ParsePattern(p, domain))
+	}
+	return ps
+}
+
+// ReadPatterns collects ignore patterns from the given reader and
+// returns them as a gitignore.Pattern slice.
+// If a domain is supplied, this is used as the scope of the read
+// patterns.
+func ReadPatterns(reader io.Reader, domain []string) []gitignore.Pattern {
+	var ps []gitignore.Pattern
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		s := scanner.Text()
+		if !strings.HasPrefix(s, "#") && len(strings.TrimSpace(s)) > 0 {
+			ps = append(ps, gitignore.ParsePattern(s, domain))
+		}
+	}
+	return ps
+}
+
+// ReadIgnoreFile attempts to read the file at the given path and
+// returns the read patterns.
+func ReadIgnoreFile(path string, domain []string) ([]gitignore.Pattern, error) {
+	var ps []gitignore.Pattern
+	if f, err := os.Open(path); err == nil {
+		defer f.Close()
+		ps = append(ps, ReadPatterns(f, domain)...)
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+	return ps, nil
+}
+
+// LoadIgnorePatterns recursively loads the IgnoreFile patterns found
+// in the directory.
+func LoadIgnorePatterns(dir string, domain []string) ([]gitignore.Pattern, error) {
+	// Make a copy of the domain so that the underlying string array of domain
+	// in the gitignore patterns are unique without any side effects.
+	dom := make([]string, len(domain))
+	copy(dom, domain)
+
+	ps, err := ReadIgnoreFile(filepath.Join(dir, IgnoreFile), dom)
+	if err != nil {
+		return nil, err
+	}
+	fis, err := os.ReadDir(dir)
+	if err != nil {
+		return nil, err
+	}
+	for _, fi := range fis {
+		if fi.IsDir() && fi.Name() != ".git" {
+			var subps []gitignore.Pattern
+			if subps, err = LoadIgnorePatterns(filepath.Join(dir, fi.Name()), append(dom, fi.Name())); err != nil {
+				return nil, err
+			}
+			if len(subps) > 0 {
+				ps = append(ps, subps...)
+			}
+		}
+	}
+	return ps, nil
+}
diff --git a/pkg/oci/sourceignore/sourceignore_test.go b/pkg/oci/sourceignore/sourceignore_test.go
new file mode 100644
index 000000000..804c213ef
--- /dev/null
+++ b/pkg/oci/sourceignore/sourceignore_test.go
@@ -0,0 +1,258 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sourceignore
+
+import (
+	"os"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"gotest.tools/assert"
+)
+
+func TestReadPatterns(t *testing.T) {
+	tests := []struct {
+		name       string
+		ignore     string
+		domain     []string
+		matches    []string
+		mismatches []string
+	}{
+		{
+			name: "simple",
+			ignore: `ignore-dir/*
+!ignore-dir/include
+`,
+			matches:    []string{"ignore-dir/file.yaml"},
+			mismatches: []string{"file.yaml", "ignore-dir/include"},
+		},
+		{
+			name: "with comments",
+			ignore: `ignore-dir/*
+# !ignore-dir/include`,
+			matches: []string{"ignore-dir/file.yaml", "ignore-dir/include"},
+		},
+		{
+			name:       "domain scoped",
+			domain:     []string{"domain", "scoped"},
+			ignore:     "ignore-dir/*",
+			matches:    []string{"domain/scoped/ignore-dir/file.yaml"},
+			mismatches: []string{"ignore-dir/file.yaml"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			reader := strings.NewReader(tt.ignore)
+			ps := ReadPatterns(reader, tt.domain)
+			matcher := NewMatcher(ps)
+			for _, m := range tt.matches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), true, "expected %s to match", m)
+			}
+			for _, m := range tt.mismatches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), false, "expected %s to not match", m)
+			}
+		})
+	}
+}
+
+func TestReadIgnoreFile(t *testing.T) {
+	f, err := os.CreateTemp("", IgnoreFile)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(f.Name())
+	if _, err = f.Write([]byte(`# .sourceignore
+ignore-this.txt`)); err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	tests := []struct {
+		name   string
+		path   string
+		domain []string
+		want   []gitignore.Pattern
+	}{
+		{
+			name: IgnoreFile,
+			path: f.Name(),
+			want: []gitignore.Pattern{
+				gitignore.ParsePattern("ignore-this.txt", nil),
+			},
+		},
+		{
+			name:   "with domain",
+			path:   f.Name(),
+			domain: strings.Split(filepath.Dir(f.Name()), string(filepath.Separator)),
+			want: []gitignore.Pattern{
+				gitignore.ParsePattern("ignore-this.txt", strings.Split(filepath.Dir(f.Name()), string(filepath.Separator))),
+			},
+		},
+		{
+			name: "non existing",
+			path: "",
+			want: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ReadIgnoreFile(tt.path, tt.domain)
+			if err != nil {
+				t.Error(err)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ReadIgnoreFile() got = %d, want %#v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestVCSPatterns(t *testing.T) {
+	tests := []struct {
+		name       string
+		domain     []string
+		patterns   []gitignore.Pattern
+		matches    []string
+		mismatches []string
+	}{
+		{
+			name:       "simple matches",
+			matches:    []string{".git/config", ".gitignore"},
+			mismatches: []string{"workload.yaml", "workload.yml", "simple.txt"},
+		},
+		{
+			name:       "domain scoped matches",
+			domain:     []string{"directory"},
+			matches:    []string{"directory/.git/config", "directory/.gitignore"},
+			mismatches: []string{"other/.git/config"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			matcher := NewDefaultMatcher(tt.patterns, tt.domain)
+			for _, m := range tt.matches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), true, "expected %s to match", m)
+			}
+			for _, m := range tt.mismatches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), false, "expected %s to not match", m)
+			}
+		})
+	}
+}
+
+func TestDefaultPatterns(t *testing.T) {
+	tests := []struct {
+		name       string
+		domain     []string
+		patterns   []gitignore.Pattern
+		matches    []string
+		mismatches []string
+	}{
+		{
+			name:       "simple matches",
+			matches:    []string{"image.jpg", "archive.tar.gz", ".github/workflows/workflow.yaml", "subdir/.flux.yaml", "subdir2/.sops.yaml"},
+			mismatches: []string{"workload.yaml", "workload.yml", "simple.txt"},
+		},
+		{
+			name:       "domain scoped matches",
+			domain:     []string{"directory"},
+			matches:    []string{"directory/image.jpg", "directory/archive.tar.gz"},
+			mismatches: []string{"other/image.jpg", "other/archive.tar.gz"},
+		},
+		{
+			name:       "patterns",
+			patterns:   []gitignore.Pattern{gitignore.ParsePattern("!*.jpg", nil)},
+			mismatches: []string{"image.jpg"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			matcher := NewDefaultMatcher(tt.patterns, tt.domain)
+			for _, m := range tt.matches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), true, "expected %s to match", m)
+			}
+			for _, m := range tt.mismatches {
+				assert.Equal(t, matcher.Match(strings.Split(m, "/"), false), false, "expected %s to not match", m)
+			}
+		})
+	}
+}
+
+func TestLoadExcludePatterns(t *testing.T) {
+	tmpDir := t.TempDir()
+	files := map[string]string{
+		".sourceignore":     "root.txt",
+		"d/.gitignore":      "ignored",
+		"z/.sourceignore":   "last.txt",
+		"a/b/.sourceignore": "subdir.txt",
+		"e/last.txt":        "foo",
+		"a/c/subdir.txt":    "bar",
+	}
+	for n, c := range files {
+		if err := os.MkdirAll(filepath.Join(tmpDir, filepath.Dir(n)), 0o750); err != nil {
+			t.Fatal(err)
+		}
+		if err := os.WriteFile(filepath.Join(tmpDir, n), []byte(c), 0o640); err != nil {
+			t.Fatal(err)
+		}
+	}
+	tests := []struct {
+		name   string
+		dir    string
+		domain []string
+		want   []gitignore.Pattern
+	}{
+		{
+			name: "traverse loads",
+			dir:  tmpDir,
+			want: []gitignore.Pattern{
+				gitignore.ParsePattern("root.txt", []string{}),
+				gitignore.ParsePattern("subdir.txt", []string{"a", "b"}),
+				gitignore.ParsePattern("last.txt", []string{"z"}),
+			},
+		},
+		{
+			name:   "domain",
+			dir:    tmpDir,
+			domain: strings.Split(tmpDir, string(filepath.Separator)),
+			want: []gitignore.Pattern{
+				gitignore.ParsePattern("root.txt", strings.Split(tmpDir, string(filepath.Separator))),
+				gitignore.ParsePattern("subdir.txt", append(strings.Split(tmpDir, string(filepath.Separator)), "a", "b")),
+				gitignore.ParsePattern("last.txt", append(strings.Split(tmpDir, string(filepath.Separator)), "z")),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := LoadIgnorePatterns(tt.dir, tt.domain)
+			if err != nil {
+				t.Error(err)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("LoadIgnorePatterns() got = %#v, want %#v", got, tt.want)
+				for _, v := range got {
+					t.Error(v)
+				}
+			}
+		})
+	}
+}
diff --git a/pkg/oci/version/version.go b/pkg/oci/version/version.go
new file mode 100644
index 000000000..fa80ab627
--- /dev/null
+++ b/pkg/oci/version/version.go
@@ -0,0 +1,33 @@
+/*
+Copyright 2020 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package version
+
+import (
+	"strings"
+
+	"github.com/Masterminds/semver/v3"
+)
+
+// ParseVersion behaves as semver.StrictNewVersion, with as sole exception
+// that it allows versions with a preceding "v" (i.e. v1.2.3).
+func ParseVersion(v string) (*semver.Version, error) {
+	vLessV := strings.TrimPrefix(v, "v")
+	if _, err := semver.StrictNewVersion(vLessV); err != nil {
+		return nil, err
+	}
+	return semver.NewVersion(v)
+}
diff --git a/pkg/oci/version/version_test.go b/pkg/oci/version/version_test.go
new file mode 100644
index 000000000..7d470b45f
--- /dev/null
+++ b/pkg/oci/version/version_test.go
@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package version
+
+import (
+	"testing"
+)
+
+func TestParseVersion(t *testing.T) {
+	tests := []struct {
+		version string
+		err     bool
+	}{
+		{"v1.2.3", false},
+		{"v1.0", true},
+		{"v1", true},
+		{"v1.2.beta", true},
+		{"v1.2-5", true},
+		{"v1.2-beta.5", true},
+		{"\nv1.2", true},
+		{"v1.2.0-x.Y.0+metadata", false},
+		{"v1.2.0-x.Y.0+metadata-width-hypen", false},
+		{"v1.2.3-rc1-with-hypen", false},
+		{"v1.2.3.4", true},
+	}
+
+	for _, tc := range tests {
+		_, err := ParseVersion(tc.version)
+		if tc.err && err == nil {
+			t.Fatalf("expected error for version: %s", tc.version)
+		} else if !tc.err && err != nil {
+			t.Fatalf("error for version %s: %s", tc.version, err)
+		}
+	}
+}

From 705e32e6d91fb9fbd9ad29fc73dbfada4b24921d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 20:27:47 +0200
Subject: [PATCH 1677/2268] chore: Use kluctl packages in oci package

---
 pkg/oci/auth/aws/auth.go          | 2 +-
 pkg/oci/auth/azure/auth.go        | 2 +-
 pkg/oci/auth/flag_test.go         | 2 +-
 pkg/oci/auth/gcp/auth.go          | 2 +-
 pkg/oci/auth/login/login.go       | 8 ++++----
 pkg/oci/auth/login/login_test.go  | 8 ++++----
 pkg/oci/client/build.go           | 4 ++--
 pkg/oci/client/build_test.go      | 2 +-
 pkg/oci/client/client.go          | 2 +-
 pkg/oci/client/list.go            | 2 +-
 pkg/oci/client/login.go           | 8 ++++----
 pkg/oci/client/meta.go            | 2 +-
 pkg/oci/client/pull.go            | 2 +-
 pkg/oci/client/pull_test.go       | 2 +-
 pkg/oci/client/push.go            | 2 +-
 pkg/oci/client/push_pull_test.go  | 2 +-
 pkg/oci/client/retry_transport.go | 2 +-
 pkg/oci/client/url.go             | 2 +-
 18 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/pkg/oci/auth/aws/auth.go b/pkg/oci/auth/aws/auth.go
index 1019a86a0..2f59fe41c 100644
--- a/pkg/oci/auth/aws/auth.go
+++ b/pkg/oci/auth/aws/auth.go
@@ -31,7 +31,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/authn"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)`)
diff --git a/pkg/oci/auth/azure/auth.go b/pkg/oci/auth/azure/auth.go
index eea68d821..c7b2c93ba 100644
--- a/pkg/oci/auth/azure/auth.go
+++ b/pkg/oci/auth/azure/auth.go
@@ -30,7 +30,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // Client is an Azure ACR client which can log into the registry and return
diff --git a/pkg/oci/auth/flag_test.go b/pkg/oci/auth/flag_test.go
index 229ba8f71..dcdec0058 100644
--- a/pkg/oci/auth/flag_test.go
+++ b/pkg/oci/auth/flag_test.go
@@ -23,7 +23,7 @@ import (
 	"strings"
 	"testing"
 
-	_ "github.com/fluxcd/pkg/oci/auth/login"
+	_ "github.com/kluctl/kluctl/v2/pkg/oci/auth/login"
 )
 
 func TestNonTestFlagCheck(t *testing.T) {
diff --git a/pkg/oci/auth/gcp/auth.go b/pkg/oci/auth/gcp/auth.go
index 2808bbb6c..8ea1a90cb 100644
--- a/pkg/oci/auth/gcp/auth.go
+++ b/pkg/oci/auth/gcp/auth.go
@@ -28,7 +28,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 type gceToken struct {
diff --git a/pkg/oci/auth/login/login.go b/pkg/oci/auth/login/login.go
index b56bb4627..c55a56a90 100644
--- a/pkg/oci/auth/login/login.go
+++ b/pkg/oci/auth/login/login.go
@@ -26,10 +26,10 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	"github.com/fluxcd/pkg/oci"
-	"github.com/fluxcd/pkg/oci/auth/aws"
-	"github.com/fluxcd/pkg/oci/auth/azure"
-	"github.com/fluxcd/pkg/oci/auth/gcp"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/aws"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/azure"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/gcp"
 )
 
 // ImageRegistryProvider analyzes the provided registry and returns the identified
diff --git a/pkg/oci/auth/login/login_test.go b/pkg/oci/auth/login/login_test.go
index b23be1dc9..af412c697 100644
--- a/pkg/oci/auth/login/login_test.go
+++ b/pkg/oci/auth/login/login_test.go
@@ -28,10 +28,10 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	. "github.com/onsi/gomega"
 
-	"github.com/fluxcd/pkg/oci"
-	"github.com/fluxcd/pkg/oci/auth/aws"
-	"github.com/fluxcd/pkg/oci/auth/azure"
-	"github.com/fluxcd/pkg/oci/auth/gcp"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/aws"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/azure"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/gcp"
 )
 
 func TestImageRegistryProvider(t *testing.T) {
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index e9f010aa0..54be4f790 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -20,14 +20,14 @@ import (
 	"archive/tar"
 	"compress/gzip"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 
-	"github.com/fluxcd/pkg/oci/client/internal/fs"
-	"github.com/fluxcd/pkg/sourceignore"
+	"github.com/kluctl/kluctl/v2/pkg/oci/client/internal/fs"
 )
 
 // Build archives the given directory as a tarball to the given local path.
diff --git a/pkg/oci/client/build_test.go b/pkg/oci/client/build_test.go
index 233db8744..e3f4d6afd 100644
--- a/pkg/oci/client/build_test.go
+++ b/pkg/oci/client/build_test.go
@@ -25,7 +25,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/fluxcd/pkg/tar"
+	"github.com/kluctl/kluctl/v2/pkg/tar"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/oci/client/client.go b/pkg/oci/client/client.go
index b3cd257a0..628d998d8 100644
--- a/pkg/oci/client/client.go
+++ b/pkg/oci/client/client.go
@@ -22,7 +22,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // Client holds the options for accessing remote OCI registries.
diff --git a/pkg/oci/client/list.go b/pkg/oci/client/list.go
index 32fb82f5f..feb4425e0 100644
--- a/pkg/oci/client/list.go
+++ b/pkg/oci/client/list.go
@@ -28,7 +28,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
 
-	"github.com/fluxcd/pkg/version"
+	"github.com/kluctl/kluctl/v2/pkg/oci/version"
 )
 
 // ListOptions contains options for listing tags from an OCI repository.
diff --git a/pkg/oci/client/login.go b/pkg/oci/client/login.go
index 313b2a05e..ab8b0e366 100644
--- a/pkg/oci/client/login.go
+++ b/pkg/oci/client/login.go
@@ -22,13 +22,13 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/fluxcd/pkg/oci"
-	"github.com/fluxcd/pkg/oci/auth/aws"
-	"github.com/fluxcd/pkg/oci/auth/azure"
-	"github.com/fluxcd/pkg/oci/auth/gcp"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/aws"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/azure"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/gcp"
 )
 
 // LoginWithCredentials configures the client with static credentials, accepts a single token
diff --git a/pkg/oci/client/meta.go b/pkg/oci/client/meta.go
index 592f8234a..9ef7cc4f0 100644
--- a/pkg/oci/client/meta.go
+++ b/pkg/oci/client/meta.go
@@ -17,7 +17,7 @@ limitations under the License.
 package client
 
 import (
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // Metadata holds the upstream information about on artifact's source.
diff --git a/pkg/oci/client/pull.go b/pkg/oci/client/pull.go
index b23452c26..09753748e 100644
--- a/pkg/oci/client/pull.go
+++ b/pkg/oci/client/pull.go
@@ -23,7 +23,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/name"
 
-	"github.com/fluxcd/pkg/tar"
+	"github.com/kluctl/kluctl/v2/pkg/tar"
 )
 
 // Pull downloads an artifact from an OCI repository and extracts the content to the given directory.
diff --git a/pkg/oci/client/pull_test.go b/pkg/oci/client/pull_test.go
index 772ffd202..d28c08585 100644
--- a/pkg/oci/client/pull_test.go
+++ b/pkg/oci/client/pull_test.go
@@ -22,12 +22,12 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/fluxcd/pkg/oci"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 	. "github.com/onsi/gomega"
 )
 
diff --git a/pkg/oci/client/push.go b/pkg/oci/client/push.go
index 356a119fd..566b3a04a 100644
--- a/pkg/oci/client/push.go
+++ b/pkg/oci/client/push.go
@@ -31,7 +31,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // Push creates an artifact from the given directory, uploads the artifact
diff --git a/pkg/oci/client/push_pull_test.go b/pkg/oci/client/push_pull_test.go
index 0d17aeca3..a5e1314c4 100644
--- a/pkg/oci/client/push_pull_test.go
+++ b/pkg/oci/client/push_pull_test.go
@@ -30,7 +30,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/types"
 	. "github.com/onsi/gomega"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 func Test_Push_Pull(t *testing.T) {
diff --git a/pkg/oci/client/retry_transport.go b/pkg/oci/client/retry_transport.go
index a55452765..68e994a03 100644
--- a/pkg/oci/client/retry_transport.go
+++ b/pkg/oci/client/retry_transport.go
@@ -31,7 +31,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // WithRetryTransport returns a crane.Option for setting transport that uses the  backoff for retries
diff --git a/pkg/oci/client/url.go b/pkg/oci/client/url.go
index 63ec4cff1..6556047a3 100644
--- a/pkg/oci/client/url.go
+++ b/pkg/oci/client/url.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/google/go-containerregistry/pkg/name"
 
-	"github.com/fluxcd/pkg/oci"
+	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
 // ParseArtifactURL validates the OCI URL and returns the address of the artifact.

From ae6db690f8695822d316f0ae0273cba3a826cd49 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 20:50:03 +0200
Subject: [PATCH 1678/2268] refactor: Move buildGitInfo into git package

---
 pkg/deployment/commands/result_utils.go | 88 ++-----------------------
 pkg/git/git_info.go                     | 88 +++++++++++++++++++++++++
 2 files changed, 92 insertions(+), 84 deletions(-)
 create mode 100644 pkg/git/git_info.go

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index da4587872..2cf31f72c 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -1,17 +1,13 @@
 package commands
 
 import (
-	git2 "github.com/go-git/go-git/v5"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"os"
-	"path/filepath"
 	"time"
 )
 
@@ -36,7 +32,8 @@ func newCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Ti
 	r.Deployment = &targetCtx.DeploymentProject.Config
 
 	var err error
-	r.GitInfo, r.ProjectKey, err = buildGitInfo(targetCtx)
+	r.GitInfo, r.ProjectKey, err = git.BuildGitInfo(targetCtx.SharedContext.Ctx,
+		targetCtx.KluctlProject.LoadArgs.RepoRoot, targetCtx.KluctlProject.LoadArgs.ProjectDir)
 	if err != nil {
 		r.Errors = append(r.Errors, result.DeploymentError{
 			Message: err.Error(),
@@ -63,7 +60,8 @@ func newValidateCommandResult(targetCtx *kluctl_project.TargetContext, startTime
 	r.StartTime = metav1.NewTime(startTime)
 	r.EndTime = metav1.Now()
 	var err error
-	_, r.ProjectKey, err = buildGitInfo(targetCtx)
+	_, r.ProjectKey, err = git.BuildGitInfo(targetCtx.SharedContext.Ctx,
+		targetCtx.KluctlProject.LoadArgs.RepoRoot, targetCtx.KluctlProject.LoadArgs.ProjectDir)
 	if err != nil {
 		r.Errors = append(r.Errors, result.DeploymentError{
 			Message: err.Error(),
@@ -123,84 +121,6 @@ func finishValidateResult(r *result.ValidateResult, targetCtx *kluctl_project.Ta
 	r.EndTime = metav1.Now()
 }
 
-func buildGitInfo(targetCtx *kluctl_project.TargetContext) (result.GitInfo, result.ProjectKey, error) {
-	var gitInfo result.GitInfo
-	var projectKey result.ProjectKey
-	if targetCtx.KluctlProject.LoadArgs.RepoRoot == "" {
-		return gitInfo, projectKey, nil
-	}
-	if _, err := os.Stat(filepath.Join(targetCtx.KluctlProject.LoadArgs.RepoRoot, ".git")); os.IsNotExist(err) {
-		return gitInfo, projectKey, nil
-	}
-
-	projectDirAbs, err := filepath.Abs(targetCtx.KluctlProject.LoadArgs.ProjectDir)
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
-	subDir, err := filepath.Rel(targetCtx.KluctlProject.LoadArgs.RepoRoot, projectDirAbs)
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-	if subDir == "." {
-		subDir = ""
-	}
-
-	g, err := git2.PlainOpen(targetCtx.KluctlProject.LoadArgs.RepoRoot)
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
-	s, err := git.GetWorktreeStatus(targetCtx.SharedContext.Ctx, targetCtx.KluctlProject.LoadArgs.RepoRoot)
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
-	head, err := g.Head()
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
-	remotes, err := g.Remotes()
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
-	var originUrl *types.GitUrl
-	for _, r := range remotes {
-		if r.Config().Name == "origin" {
-			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
-			if err != nil {
-				return gitInfo, projectKey, err
-			}
-		}
-	}
-
-	var repoKey types.GitRepoKey
-	if originUrl != nil {
-		repoKey = originUrl.RepoKey()
-	}
-
-	gitInfo = result.GitInfo{
-		Url:    originUrl,
-		SubDir: subDir,
-		Commit: head.Hash().String(),
-		Dirty:  !s.IsClean(),
-	}
-	if head.Name().IsBranch() {
-		gitInfo.Ref = &types.GitRef{
-			Branch: head.Name().Short(),
-		}
-	} else if head.Name().IsTag() {
-		gitInfo.Ref = &types.GitRef{
-			Tag: head.Name().Short(),
-		}
-	}
-	projectKey.GitRepoKey = repoKey
-	projectKey.SubDir = subDir
-	return gitInfo, projectKey, nil
-}
-
 func buildClusterInfo(k *k8s2.K8sCluster) (result.ClusterInfo, error) {
 	var clusterInfo result.ClusterInfo
 	clusterId, err := k.GetClusterId()
diff --git a/pkg/git/git_info.go b/pkg/git/git_info.go
new file mode 100644
index 000000000..46b00a73d
--- /dev/null
+++ b/pkg/git/git_info.go
@@ -0,0 +1,88 @@
+package git
+
+import (
+	"context"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"os"
+	"path/filepath"
+)
+
+func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (result.GitInfo, result.ProjectKey, error) {
+	var gitInfo result.GitInfo
+	var projectKey result.ProjectKey
+	if repoRoot == "" {
+		return gitInfo, projectKey, nil
+	}
+	if _, err := os.Stat(filepath.Join(repoRoot, ".git")); os.IsNotExist(err) {
+		return gitInfo, projectKey, nil
+	}
+
+	projectDirAbs, err := filepath.Abs(projectDir)
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+
+	subDir, err := filepath.Rel(repoRoot, projectDirAbs)
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+	if subDir == "." {
+		subDir = ""
+	}
+
+	g, err := git2.PlainOpen(repoRoot)
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+
+	s, err := GetWorktreeStatus(ctx, repoRoot)
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+
+	head, err := g.Head()
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+
+	remotes, err := g.Remotes()
+	if err != nil {
+		return gitInfo, projectKey, err
+	}
+
+	var originUrl *types.GitUrl
+	for _, r := range remotes {
+		if r.Config().Name == "origin" {
+			originUrl, err = types.ParseGitUrl(r.Config().URLs[0])
+			if err != nil {
+				return gitInfo, projectKey, err
+			}
+		}
+	}
+
+	var repoKey types.GitRepoKey
+	if originUrl != nil {
+		repoKey = originUrl.RepoKey()
+	}
+
+	gitInfo = result.GitInfo{
+		Url:    originUrl,
+		SubDir: subDir,
+		Commit: head.Hash().String(),
+		Dirty:  !s.IsClean(),
+	}
+	if head.Name().IsBranch() {
+		gitInfo.Ref = &types.GitRef{
+			Branch: head.Name().Short(),
+		}
+	} else if head.Name().IsTag() {
+		gitInfo.Ref = &types.GitRef{
+			Tag: head.Name().Short(),
+		}
+	}
+	projectKey.GitRepoKey = repoKey
+	projectKey.SubDir = subDir
+	return gitInfo, projectKey, nil
+}

From d67c86a964c12ac291affbafb0237e2002411c00 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 21:27:44 +0200
Subject: [PATCH 1679/2268] tests: Introduce CreateOciRegistry

---
 e2e/test-utils/helm_repo_utils.go | 33 +++++-----------------------
 e2e/test-utils/oci_utils.go       | 36 +++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 28 deletions(-)
 create mode 100644 e2e/test-utils/oci_utils.go

diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index ee1dc8dcc..8ac67bf86 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -1,7 +1,6 @@
 package test_utils
 
 import (
-	"github.com/google/go-containerregistry/pkg/registry"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -17,7 +16,6 @@ import (
 	"io/fs"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -116,28 +114,7 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password
 
 func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
 	tmpDir := t.TempDir()
-
-	ociRegistry := registry.New()
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if username != "" || password != "" {
-			u, p, ok := r.BasicAuth()
-			if !ok {
-				w.Header().Add("WWW-Authenticate", "Basic")
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-			if u != username || p != password {
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-		}
-		ociRegistry.ServeHTTP(w, r)
-	}))
-
-	t.Cleanup(s.Close)
-
-	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
-	ociUrl2, _ := url.Parse(ociUrl)
+	ociUrl := CreateOciRegistry(t, username, password)
 
 	var out strings.Builder
 	settings := cli.New()
@@ -154,7 +131,7 @@ func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, passwo
 		if err != nil {
 			t.Fatal(err)
 		}
-		err = registryClient.Login(ociUrl2.Host, registry2.LoginOptBasicAuth(username, password), registry2.LoginOptInsecure(true))
+		err = registryClient.Login(ociUrl.Host, registry2.LoginOptBasicAuth(username, password), registry2.LoginOptInsecure(true))
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -165,15 +142,15 @@ func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, passwo
 		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
 		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
 
-		err := c.UploadTo(tgz, ociUrl)
+		err := c.UploadTo(tgz, ociUrl.String())
 		if err != nil {
 			t.Fatal(err)
 		}
 	}
 
 	if registryClient != nil {
-		registryClient.Logout(ociUrl2.Host)
+		registryClient.Logout(ociUrl.Host)
 	}
 
-	return ociUrl
+	return ociUrl.String()
 }
diff --git a/e2e/test-utils/oci_utils.go b/e2e/test-utils/oci_utils.go
new file mode 100644
index 000000000..188f0bb32
--- /dev/null
+++ b/e2e/test-utils/oci_utils.go
@@ -0,0 +1,36 @@
+package test_utils
+
+import (
+	"github.com/google/go-containerregistry/pkg/registry"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strings"
+	"testing"
+)
+
+func CreateOciRegistry(t *testing.T, username string, password string) *url.URL {
+	ociRegistry := registry.New()
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if username != "" || password != "" {
+			u, p, ok := r.BasicAuth()
+			if !ok {
+				w.Header().Add("WWW-Authenticate", "Basic")
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+			if u != username || p != password {
+				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		ociRegistry.ServeHTTP(w, r)
+	}))
+
+	t.Cleanup(s.Close)
+
+	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
+	ociUrl2, _ := url.Parse(ociUrl)
+
+	return ociUrl2
+}

From 2f1d14c611c7c13e040759b991e589f7c92df096 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 8 Oct 2023 22:03:48 +0200
Subject: [PATCH 1680/2268] feat: Introduce kluctl mime types and user agent

---
 pkg/oci/globals.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/oci/globals.go b/pkg/oci/globals.go
index 4f21e6ebd..867815efd 100644
--- a/pkg/oci/globals.go
+++ b/pkg/oci/globals.go
@@ -20,11 +20,11 @@ import "github.com/google/go-containerregistry/pkg/v1/types"
 
 var (
 	// CanonicalConfigMediaType is the OCI media type for the config layer.
-	CanonicalConfigMediaType types.MediaType = "application/vnd.cncf.flux.config.v1+json"
+	CanonicalConfigMediaType types.MediaType = "application/vnd.io.kluctl.config.v1+json"
 
 	// CanonicalContentMediaType is the OCI media type for the content layer.
-	CanonicalContentMediaType types.MediaType = "application/vnd.cncf.flux.content.v1.tar+gzip"
+	CanonicalContentMediaType types.MediaType = "application/vnd.io.kluctl.content.v1.tar+gzip"
 
 	// UserAgent string used for OCI calls.
-	UserAgent = "flux/v2"
+	UserAgent = "kluctl/v2"
 )

From 04104711a44861074657002b62b2eacba2ccce65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 Oct 2023 00:01:01 +0200
Subject: [PATCH 1681/2268] feat: Add oci push command

---
 cmd/kluctl/commands/cmd_oci.go      |   5 +
 cmd/kluctl/commands/cmd_oci_push.go | 228 ++++++++++++++++++++++++++++
 cmd/kluctl/commands/root.go         |   6 +
 docs/kluctl/commands/oci-push.md    |  44 ++++++
 4 files changed, 283 insertions(+)
 create mode 100644 cmd/kluctl/commands/cmd_oci.go
 create mode 100644 cmd/kluctl/commands/cmd_oci_push.go
 create mode 100644 docs/kluctl/commands/oci-push.md

diff --git a/cmd/kluctl/commands/cmd_oci.go b/cmd/kluctl/commands/cmd_oci.go
new file mode 100644
index 000000000..869198bc6
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_oci.go
@@ -0,0 +1,5 @@
+package commands
+
+type ociCmd struct {
+	Push ociPushCmd `cmd:"" help:"Push to an oci repository"`
+}
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
new file mode 100644
index 000000000..1a4986a8d
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -0,0 +1,228 @@
+package commands
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
+	reg "github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth/login"
+	"github.com/kluctl/kluctl/v2/pkg/oci/client"
+	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
+)
+
+var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Split(sourceignore.ExcludeExt, ",")...)
+
+type ociPushCmd struct {
+	args.ProjectDir
+
+	Url        string   `group:"misc" help:"Specifies the artifact URL. This argument is required." required:"true"`
+	Creds      string   `group:"misc" help:"credentials for OCI registry in the format <username>[:<password>] if --provider is generic"`
+	Provider   string   `group:"misc" help:"the OCI provider name, available options are: (generic, aws, azure, gcp)" default:"generic"`
+	IgnorePath []string `group:"misc" help:"set paths to ignore in .gitignore format."`
+	Annotation []string `group:"misc" help:"Set custom OCI annotations in the format '<key>=<value>'"`
+	Output     string   `group:"misc" help:"the format in which the artifact digest should be printed, can be 'json' or 'yaml'"`
+
+	Timeout time.Duration `group:"misc" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
+}
+
+func (cmd *ociPushCmd) Help() string {
+	return `The push command creates a tarball from the current project and uploads the
+artifact to an OCI repository. The command can read the credentials from '~/.docker/config.json' but they can also be
+passed with --creds. It can also login to a supported provider with the --provider flag.`
+}
+
+func (cmd *ociPushCmd) Run(ctx context.Context) error {
+	if cmd.IgnorePath == nil {
+		cmd.IgnorePath = excludeOCI
+	}
+
+	if cmd.Provider != "generic" &&
+		cmd.Provider != "azure" &&
+		cmd.Provider != "aws" &&
+		cmd.Provider != "gcp" {
+		return fmt.Errorf("unknown provider %s", cmd.Provider)
+	}
+
+	url, err := client.ParseArtifactURL(cmd.Url)
+	if err != nil {
+		return err
+	}
+
+	ref, err := name.ParseReference(url)
+	if err != nil {
+		return err
+	}
+
+	path, err := cmd.ProjectDir.GetProjectDir()
+	if err != nil {
+		return err
+	}
+
+	repoRoot, err := git.DetectGitRepositoryRoot(path)
+	if err != nil {
+		return err
+	}
+	gitInfo, _, err := git.BuildGitInfo(ctx, repoRoot, path)
+	if err != nil {
+		return err
+	}
+
+	if _, err := os.Stat(path); err != nil {
+		return fmt.Errorf("invalid path '%s', must point to an existing project: %w", path, err)
+	}
+
+	annotations := map[string]string{}
+	for _, annotation := range cmd.Annotation {
+		kv := strings.Split(annotation, "=")
+		if len(kv) != 2 {
+			return fmt.Errorf("invalid annotation %s, must be in the format key=value", annotation)
+		}
+		annotations[kv[0]] = kv[1]
+	}
+
+	annotations["io.kluctl.image.git_info"], err = yaml.WriteJsonString(&gitInfo)
+	if err != nil {
+		return err
+	}
+
+	meta := client.Metadata{
+		Source:      gitInfo.Url.String(),
+		Revision:    gitInfo.Commit,
+		Annotations: annotations,
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, cmd.Timeout)
+	defer cancel()
+
+	var auth authn.Authenticator
+	opts := client.DefaultOptions()
+	if cmd.Provider == "generic" && cmd.Creds != "" {
+		status.Info(ctx, "Logging in to registry with credentials")
+		auth, err = client.GetAuthFromCredentials(cmd.Creds)
+		if err != nil {
+			return fmt.Errorf("could not login with credentials: %w", err)
+		}
+		opts = append(opts, crane.WithAuth(auth))
+	}
+
+	if cmd.Provider != "generic" {
+		status.Info(ctx, "Logging in to registry with provider credentials")
+
+		auth, err = login.NewManager().Login(ctx, url, ref, getProviderLoginOption(cmd.Provider))
+		if err != nil {
+			return fmt.Errorf("error during login with provider: %w", err)
+		}
+		opts = append(opts, crane.WithAuth(auth))
+	}
+
+	if cmd.Timeout != 0 {
+		backoff := remote.Backoff{
+			Duration: 1.0 * time.Second,
+			Factor:   3,
+			Jitter:   0.1,
+			// timeout happens when the cap is exceeded or number of steps is reached
+			// 10 steps is big enough that most reasonable cap(under 30min) will be exceeded before
+			// the number of steps are completed.
+			Steps: 10,
+			Cap:   cmd.Timeout,
+		}
+
+		if auth == nil {
+			auth, err = authn.DefaultKeychain.Resolve(ref.Context())
+			if err != nil {
+				return err
+			}
+		}
+		transportOpts, err := client.WithRetryTransport(ctx, ref, auth, backoff, []string{ref.Context().Scope(transport.PushScope)})
+		if err != nil {
+			return fmt.Errorf("error setting up transport: %w", err)
+		}
+		opts = append(opts, transportOpts, client.WithRetryBackOff(backoff))
+	}
+
+	var st *status.StatusContext
+	if cmd.Output == "" {
+		st = status.Startf(ctx, "Pushing artifact to %s", url)
+		defer st.Failed()
+	}
+
+	ociClient := client.NewClient(opts)
+	digestURL, err := ociClient.Push(ctx, url, path, meta, cmd.IgnorePath)
+	if err != nil {
+		return fmt.Errorf("pushing artifact failed: %w", err)
+	}
+
+	digest, err := reg.NewDigest(digestURL)
+	if err != nil {
+		return fmt.Errorf("artifact digest parsing failed: %w", err)
+	}
+
+	tag, err := reg.NewTag(url)
+	if err != nil {
+		return fmt.Errorf("artifact tag parsing failed: %w", err)
+	}
+
+	info := struct {
+		URL        string `json:"url"`
+		Repository string `json:"repository"`
+		Tag        string `json:"tag"`
+		Digest     string `json:"digest"`
+	}{
+		URL:        fmt.Sprintf("oci://%s", digestURL),
+		Repository: digest.Repository.Name(),
+		Tag:        tag.TagStr(),
+		Digest:     digest.DigestStr(),
+	}
+
+	if cmd.Output == "" {
+		st.UpdateAndInfoFallbackf("Artifact successfully pushed to %s", digestURL)
+	}
+
+	st.Success()
+	status.Flush(ctx)
+
+	switch cmd.Output {
+	case "json":
+		marshalled, err := json.MarshalIndent(&info, "", "  ")
+		if err != nil {
+			return fmt.Errorf("artifact digest JSON conversion failed: %w", err)
+		}
+		marshalled = append(marshalled, "\n"...)
+		_, _ = getStdout(ctx).Write(marshalled)
+	case "yaml":
+		marshalled, err := yaml.WriteYamlBytes(&info)
+		if err != nil {
+			return fmt.Errorf("artifact digest YAML conversion failed: %w", err)
+		}
+		_, _ = getStdout(ctx).Write(marshalled)
+	}
+
+	return nil
+}
+
+func getProviderLoginOption(provider string) login.ProviderOptions {
+	var opts login.ProviderOptions
+	switch provider {
+	case "azure":
+		opts.AzureAutoLogin = true
+	case "aws":
+		opts.AwsAutoLogin = true
+	case "gcp":
+		opts.GcpAutoLogin = true
+	}
+	return opts
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 3cf5b124f..ba50b4aea 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -18,6 +18,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	go_container_logs "github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/gops/agent"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	flag "github.com/spf13/pflag"
@@ -73,6 +74,7 @@ type cli struct {
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
 	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
 	Webui       webuiCmd       `cmd:"" help:"Kluctl Webui sub-commands"`
+	Oci         ociCmd         `cmd:"" help:"Oci sub-commands"`
 
 	Version versionCmd `cmd:"" help:"Print kluctl version"`
 }
@@ -123,6 +125,10 @@ func redirectLogsAndStderr(ctx context.Context) {
 	log.SetOutput(lr2)
 	ctrl.SetLogger(klog.NewKlogr())
 
+	go_container_logs.Warn.SetOutput(status.NewLineRedirector(func(line string) {
+		status.Warning(ctx, line)
+	}))
+
 	pr, pw, err := os.Pipe()
 	if err != nil {
 		panic(err)
diff --git a/docs/kluctl/commands/oci-push.md b/docs/kluctl/commands/oci-push.md
new file mode 100644
index 000000000..f597b836b
--- /dev/null
+++ b/docs/kluctl/commands/oci-push.md
@@ -0,0 +1,44 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "oci push"
+linkTitle: "oci push"
+weight: 10
+description: >
+    oci push command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "oci push" "Usage" false -->
+Usage: kluctl oci push [flags]
+
+Push to an oci repository
+The push command creates a tarball from the given directory or the single file and uploads the
+artifact to an OCI repository. The command can read the credentials from '~/.docker/config.json' but they can also be
+passed with --creds. It can also login to a supported provider with the --provider flag.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "oci push" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --annotation stringArray    Set custom OCI annotations in the format '<key>=<value>'
+      --creds string              credentials for OCI registry in the format <username>[:<password>] if --provider
+                                  is generic
+      --ignore-path stringArray   set paths to ignore in .gitignore format.
+      --output string             the format in which the artifact digest should be printed, can be 'json' or 'yaml'
+      --provider string           the OCI provider name, available options are: (generic, aws, azure, gcp)
+                                  (default "generic")
+      --timeout duration          Specify timeout for all operations, including loading of the project, all
+                                  external api calls and waiting for readiness. (default 10m0s)
+      --url string                Specifies the artifact URL. This argument is required.
+
+```
+<!-- END SECTION -->
+

From 01470f9063f5387b7cdb5687cc6c3b2c0f7f8db4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 Oct 2023 00:01:52 +0200
Subject: [PATCH 1682/2268] feat: Make oci pulling based on oci package

---
 go.mod                     |  20 +++++-
 go.sum                     |  13 +++-
 pkg/repocache/oci_cache.go | 144 ++++++++++++++++++-------------------
 3 files changed, 99 insertions(+), 78 deletions(-)

diff --git a/go.mod b/go.mod
index 671a1ebcf..ccd3b119c 100644
--- a/go.mod
+++ b/go.mod
@@ -59,11 +59,13 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.21.2
 	github.com/aws/aws-sdk-go-v2/config v1.19.0
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 	github.com/aws/smithy-go v1.15.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
+	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
@@ -76,14 +78,15 @@ require (
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.28.0
 	github.com/otiai10/copy v1.14.0
+	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
 	google.golang.org/grpc v1.58.3
+	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.7
-	oras.land/oras-go/v2 v2.3.0
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
 	sigs.k8s.io/kustomize/api v0.14.0
@@ -111,6 +114,7 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
@@ -123,6 +127,10 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
+	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
+	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
+	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
 	github.com/bytedance/sonic v1.10.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -139,14 +147,17 @@ require (
 	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
@@ -168,6 +179,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
@@ -176,6 +188,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
+	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/gorilla/sessions v1.2.1 // indirect
@@ -189,9 +202,11 @@ require (
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -252,6 +267,9 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
+	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
+	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.16.0 // indirect
 	go.opentelemetry.io/otel/metric v1.16.0 // indirect
diff --git a/go.sum b/go.sum
index 8c3c74b2a..9ef1956b9 100644
--- a/go.sum
+++ b/go.sum
@@ -132,6 +132,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1 h1:Y2zGozmCogCCQbO2fplC6tZylBTBBgt/2EcdVRRK5go=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1/go.mod h1:J9goPpIjXafA1u3XGJeoHu9WlMp5qAGwWmS1A8LfZVw=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
@@ -154,6 +156,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
+github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bitnami-labs/sealed-secrets v0.24.2 h1:6RELDjQk+1WvrgkOJX9Y3aRyMBda3JWKuP7Qoi7Ee2M=
 github.com/bitnami-labs/sealed-secrets v0.24.2/go.mod h1:uQUgGnyOmGPUb6tCMRdhOKKHo2xJGwoxSqDYaWZZ+Hc=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
@@ -263,6 +267,7 @@ github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSY
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
@@ -521,7 +526,9 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
@@ -619,6 +626,8 @@ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTS
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f h1:2+myh5ml7lgEU/51gbeLHfKGNfgEQQIWrlbdaOsidbQ=
+github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
@@ -1225,6 +1234,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 helm.sh/helm/v3 v3.13.1 h1:DG+XLGzBJeZvMLlMbm6bPDLV1dGaVW9eZsDoUd1/LM0=
@@ -1263,8 +1274,6 @@ nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
-oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU=
-oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 1fb626e13..012253752 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -2,19 +2,17 @@ package repocache
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/tar"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
 	"net/url"
-	"oras.land/oras-go/v2"
-	"oras.land/oras-go/v2/content/file"
-	"oras.land/oras-go/v2/registry/remote"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -35,13 +33,14 @@ type OciRepoCache struct {
 }
 
 type OciCacheEntry struct {
-	rp   *OciRepoCache
-	url  url.URL
-	repo *remote.Repository
-
-	extractedDirs map[types.OciRef]string
-	updateMutex   sync.Mutex
-	overridePath  string
+	rp          *OciRepoCache
+	url         url.URL
+	ociClient   *client.Client
+	ociCacheDir string
+
+	pulledDirs   map[types.OciRef]clonedDir
+	updateMutex  sync.Mutex
+	overridePath string
 }
 
 func NewOciRepoCache(ctx context.Context, repoOverrides []RepoOverride, updateInterval time.Duration) *OciRepoCache {
@@ -86,33 +85,50 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding oci repo %s with local directory %s", urlIn, overridePath)
 
 		e := &OciCacheEntry{
-			rp:            rp,
-			url:           *urlN,
-			repo:          nil, // mark as overridden
-			extractedDirs: map[types.OciRef]string{},
-			overridePath:  overridePath,
+			rp:           rp,
+			url:          *urlN,
+			ociClient:    nil, // mark as overridden
+			pulledDirs:   map[types.OciRef]clonedDir{},
+			overridePath: overridePath,
 		}
 		rp.repos[repoKey] = e
 		return e, nil
 	}
 
 	e, ok := rp.repos[repoKey]
-	if !ok {
-		repo, err := remote.NewRepository(strings.TrimPrefix(urlN.String(), "oci://"))
-		if err != nil {
-			return nil, err
-		}
+	if ok {
+		return e, nil
+	}
 
-		repo.PlainHTTP = true
+	hostOciCacheDir := filepath.Join(utils.GetTmpBaseDir(rp.ctx), "oci")
+	hostOciCacheDir = filepath.Join(hostOciCacheDir, strings.ReplaceAll(urlN.Host, ":", "-"))
 
-		e = &OciCacheEntry{
-			rp:            rp,
-			url:           *urlN,
-			repo:          repo,
-			extractedDirs: map[types.OciRef]string{},
-		}
-		rp.repos[repoKey] = e
+	ociCacheDir := filepath.Join(hostOciCacheDir, urlN.Path)
+	err = utils.CheckSubInDir(hostOciCacheDir, ociCacheDir)
+	if err != nil {
+		return nil, err
 	}
+
+	err = os.MkdirAll(ociCacheDir, 0700)
+	if err != nil {
+		return nil, err
+	}
+
+	rp.cleanupDirsMutex.Lock()
+	rp.cleanupDirs = append(rp.cleanupDirs, ociCacheDir)
+	rp.cleanupDirsMutex.Unlock()
+
+	ociClient := client.NewClient(nil)
+
+	e = &OciCacheEntry{
+		rp:          rp,
+		url:         *urlN,
+		ociClient:   ociClient,
+		ociCacheDir: ociCacheDir,
+		pulledDirs:  map[types.OciRef]clonedDir{},
+	}
+	rp.repos[repoKey] = e
+
 	return e, nil
 }
 
@@ -124,68 +140,46 @@ func (e *OciCacheEntry) GetExtractedDir(ref *types.OciRef) (string, git.Checkout
 		ref = &types.OciRef{}
 	}
 
-	repoName := path.Base(e.url.Path) + "-"
-	repoName += ref.String() + "-"
-	repoName = strings.ReplaceAll(repoName, "/", "-")
-	repoName = strings.ReplaceAll(repoName, ":", "-")
-
-	ociDir := filepath.Join(utils.GetTmpBaseDir(e.rp.ctx), "oci")
-	err := os.MkdirAll(ociDir, 0700)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	ociDir, err = os.MkdirTemp(ociDir, repoName)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
+	ed, ok := e.pulledDirs[*ref]
+	if ok {
+		return ed.dir, ed.info, nil
 	}
 
-	pulledDir := filepath.Join(ociDir, "pulled")
-	extractedDir := filepath.Join(ociDir, "extracted")
-	err = os.Mkdir(pulledDir, 0700)
+	ociDir, err := os.MkdirTemp(e.ociCacheDir, "")
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
-	err = os.Mkdir(extractedDir, 0700)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-
-	e.rp.cleanupDirsMutex.Lock()
-	e.rp.cleanupDirs = append(e.rp.cleanupDirs, ociDir)
-	e.rp.cleanupDirsMutex.Unlock()
 
-	if e.repo == nil { // local override exist
-		err = cp.Copy(e.overridePath, extractedDir)
+	if e.ociClient == nil { // local override exist
+		err = cp.Copy(e.overridePath, ociDir)
 		if err != nil {
 			return "", git.CheckoutInfo{}, err
 		}
-		return extractedDir, git.CheckoutInfo{}, err
+		return ociDir, git.CheckoutInfo{}, err
 	}
 
-	fs, err := file.New(pulledDir)
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
+	image := strings.TrimPrefix(e.url.String(), "oci://") + ":" + ref.String()
 
-	manifestDescriptor, err := oras.Copy(e.rp.ctx, e.repo, ref.String(), fs, "", oras.CopyOptions{})
+	md, err := e.ociClient.Pull(e.rp.ctx, image, ociDir)
 	if err != nil {
 		return "", git.CheckoutInfo{}, err
 	}
-	_ = manifestDescriptor
 
-	tgz, err := os.Open(filepath.Join(pulledDir, "artifact.tgz"))
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
-	}
-	defer tgz.Close()
+	var cd clonedDir
+	cd.dir = ociDir
 
-	err = tar.Untar(tgz, extractedDir, tar.WithSkipSymlinks())
-	if err != nil {
-		return "", git.CheckoutInfo{}, err
+	if a, ok := md.Annotations["io.kluctl.image.git_info"]; ok {
+		var gitInfo result.GitInfo
+		err = json.Unmarshal([]byte(a), &gitInfo)
+		if err != nil {
+			return ociDir, git.CheckoutInfo{}, err
+		}
+		if gitInfo.Ref != nil {
+			cd.info.CheckedOutRef = *gitInfo.Ref
+		}
+		cd.info.CheckedOutCommit = gitInfo.Commit
 	}
 
-	e.extractedDirs[*ref] = extractedDir
-
-	return extractedDir, git.CheckoutInfo{}, nil
+	e.pulledDirs[*ref] = cd
+	return cd.dir, cd.info, nil
 }

From f29c03d677ffc71a809f7b3c6f7b241cc036ddb9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 Oct 2023 15:09:09 +0200
Subject: [PATCH 1683/2268] feat: Add --local-oci-override and
 --local-oci-group-override flags

---
 cmd/kluctl/args/project.go   |  2 ++
 cmd/kluctl/commands/utils.go | 35 +++++++++++++++++++++++++++--------
 pkg/types/git_url.go         |  9 +++++----
 3 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index de65f2a84..20e8ec090 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -30,6 +30,8 @@ type ProjectFlags struct {
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
 	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com/my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
 	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com/some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
+	LocalOciOverride       []string      `group:"project" help:"Same as --local-git-override, but for OCI repositories."`
+	LocalOciGroupOverride  []string      `group:"project" help:"Same as --local-git-group-override, but for OCI repositories."`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 6ab7f0338..00d86ce88 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -64,20 +64,35 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	sshPool := &ssh_pool.SshPool{}
 
-	var repoOverrides []repocache.RepoOverride
+	var gitRepoOverrides []repocache.RepoOverride
+	var ociRepoOverrides []repocache.RepoOverride
 	for _, x := range projectFlags.LocalGitOverride {
-		ro, err := parseRepoOverride(ctx, x, false)
+		ro, err := parseRepoOverride(ctx, x, false, true)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-override: %w", err)
 		}
-		repoOverrides = append(repoOverrides, ro)
+		gitRepoOverrides = append(gitRepoOverrides, ro)
 	}
 	for _, x := range projectFlags.LocalGitGroupOverride {
-		ro, err := parseRepoOverride(ctx, x, true)
+		ro, err := parseRepoOverride(ctx, x, true, true)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-group-override: %w", err)
 		}
-		repoOverrides = append(repoOverrides, ro)
+		gitRepoOverrides = append(gitRepoOverrides, ro)
+	}
+	for _, x := range projectFlags.LocalOciOverride {
+		ro, err := parseRepoOverride(ctx, x, false, false)
+		if err != nil {
+			return fmt.Errorf("invalid --local-oci-override: %w", err)
+		}
+		ociRepoOverrides = append(ociRepoOverrides, ro)
+	}
+	for _, x := range projectFlags.LocalOciGroupOverride {
+		ro, err := parseRepoOverride(ctx, x, true, false)
+		if err != nil {
+			return fmt.Errorf("invalid --local-oci-group-override: %w", err)
+		}
+		ociRepoOverrides = append(ociRepoOverrides, ro)
 	}
 
 	messageCallbacks := &messages.MessageCallbacks{
@@ -88,10 +103,10 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	}
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 
-	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, repoOverrides, projectFlags.GitCacheUpdateInterval)
+	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, gitRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
-	ociRp := repocache.NewOciRepoCache(ctx, nil, projectFlags.GitCacheUpdateInterval)
+	ociRp := repocache.NewOciRepoCache(ctx, ociRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
 	var externalArgs *uo.UnstructuredObject
@@ -302,7 +317,7 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 	}
 }
 
-func parseRepoOverride(ctx context.Context, s string, isGroup bool) (repocache.RepoOverride, error) {
+func parseRepoOverride(ctx context.Context, s string, isGroup bool, allowLegacy bool) (repocache.RepoOverride, error) {
 	sp := strings.SplitN(s, "=", 2)
 	if len(sp) != 2 {
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
@@ -310,6 +325,10 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool) (repocache.R
 
 	repoKey, err := types.ParseGitRepoKey(sp[0])
 	if err != nil {
+		if !allowLegacy {
+			return repocache.RepoOverride{}, err
+		}
+
 		// try as legacy repo key
 		u, err2 := types.ParseGitUrl(sp[0])
 		if err2 != nil {
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index cb398e52a..fcca769f0 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -161,6 +161,7 @@ func NewRepoKeyFromUrl(urlIn string) (GitRepoKey, error) {
 }
 
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
+var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
 
 func ParseGitRepoKey(s string) (GitRepoKey, error) {
 	if s == "" {
@@ -169,7 +170,7 @@ func ParseGitRepoKey(s string) (GitRepoKey, error) {
 
 	s2 := strings.SplitN(s, "/", 2)
 	if len(s2) != 2 {
-		return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+		return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 	}
 
 	var host, port string
@@ -181,13 +182,13 @@ func ParseGitRepoKey(s string) (GitRepoKey, error) {
 		host = s2[0]
 	}
 
-	if !hostNameRegex.MatchString(host) {
-		return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+	if !hostNameRegex.MatchString(host) && !ipRegex.MatchString(host) {
+		return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 	}
 
 	if port != "" {
 		if _, err := strconv.ParseInt(port, 10, 32); err != nil {
-			return GitRepoKey{}, fmt.Errorf("invalid git repo key: %s", s)
+			return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 		}
 	}
 

From da5a2d51874388fe8876a507fe64ccc743619fde Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 Oct 2023 15:09:49 +0200
Subject: [PATCH 1684/2268] refactor: Rename GitRepoKey to RepoKey

---
 cmd/kluctl/commands/utils.go       |  4 ++--
 pkg/git/git_info.go                |  2 +-
 pkg/repocache/git_cache.go         |  6 +++---
 pkg/repocache/oci_cache.go         |  4 ++--
 pkg/repocache/utils.go             |  2 +-
 pkg/types/git_url.go               | 32 +++++++++++++++---------------
 pkg/types/result/command_result.go |  6 +++---
 pkg/types/zz_generated.deepcopy.go | 30 ++++++++++++++--------------
 pkg/webui/events.go                |  2 +-
 pkg/webui/generate-ts/main.go      |  2 +-
 10 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 00d86ce88..ec8bc846e 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -323,7 +323,7 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, allowLegacy
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	repoKey, err := types.ParseGitRepoKey(sp[0])
+	repoKey, err := types.ParseRepoKey(sp[0])
 	if err != nil {
 		if !allowLegacy {
 			return repocache.RepoOverride{}, err
@@ -341,7 +341,7 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, allowLegacy
 			x += "/"
 		}
 		x += u.Path
-		repoKey, err2 = types.ParseGitRepoKey(x)
+		repoKey, err2 = types.ParseRepoKey(x)
 		if err2 != nil {
 			// return original error
 			return repocache.RepoOverride{}, err
diff --git a/pkg/git/git_info.go b/pkg/git/git_info.go
index 46b00a73d..db97bf1eb 100644
--- a/pkg/git/git_info.go
+++ b/pkg/git/git_info.go
@@ -62,7 +62,7 @@ func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (resu
 		}
 	}
 
-	var repoKey types.GitRepoKey
+	var repoKey types.RepoKey
 	if originUrl != nil {
 		repoKey = originUrl.RepoKey()
 	}
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index d3155c337..01cee0234 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -27,7 +27,7 @@ type GitRepoCache struct {
 	sshPool        *ssh_pool.SshPool
 	updateInterval time.Duration
 
-	repos      map[types.GitRepoKey]*GitCacheEntry
+	repos      map[types.RepoKey]*GitCacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides []RepoOverride
@@ -55,7 +55,7 @@ type RepoInfo struct {
 }
 
 type RepoOverride struct {
-	RepoKey  types.GitRepoKey
+	RepoKey  types.RepoKey
 	Ref      string
 	Override string
 	IsGroup  bool
@@ -72,7 +72,7 @@ func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProvide
 		sshPool:        sshPool,
 		authProviders:  authProviders,
 		updateInterval: updateInterval,
-		repos:          map[types.GitRepoKey]*GitCacheEntry{},
+		repos:          map[types.RepoKey]*GitCacheEntry{},
 		repoOverrides:  repoOverrides,
 	}
 }
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 012253752..6d19c833e 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -23,7 +23,7 @@ type OciRepoCache struct {
 	ctx            context.Context
 	updateInterval time.Duration
 
-	repos      map[types.GitRepoKey]*OciCacheEntry
+	repos      map[types.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides []RepoOverride
@@ -47,7 +47,7 @@ func NewOciRepoCache(ctx context.Context, repoOverrides []RepoOverride, updateIn
 	return &OciRepoCache{
 		ctx:            ctx,
 		updateInterval: updateInterval,
-		repos:          map[types.GitRepoKey]*OciCacheEntry{},
+		repos:          map[types.RepoKey]*OciCacheEntry{},
 		repoOverrides:  repoOverrides,
 	}
 }
diff --git a/pkg/repocache/utils.go b/pkg/repocache/utils.go
index 409cd9deb..449f9f09d 100644
--- a/pkg/repocache/utils.go
+++ b/pkg/repocache/utils.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 )
 
-func findRepoOverride(repoOverrides []RepoOverride, repoKey types.GitRepoKey) (string, error) {
+func findRepoOverride(repoOverrides []RepoOverride, repoKey types.RepoKey) (string, error) {
 	for _, ro := range repoOverrides {
 		if ro.RepoKey.Host != repoKey.Host {
 			continue
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index fcca769f0..1f6289b9f 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -132,30 +132,30 @@ func (u *GitUrl) Normalize() *GitUrl {
 	return &u2
 }
 
-func (u *GitUrl) RepoKey() GitRepoKey {
+func (u *GitUrl) RepoKey() RepoKey {
 	u2 := u.Normalize()
 	return NewRepoKey(u2.Host, u2.Path)
 }
 
 // +kubebuilder:validation:Type=string
-type GitRepoKey struct {
+type RepoKey struct {
 	Host string `json:"-"`
 	Path string `json:"-"`
 }
 
-func NewRepoKey(host string, path string) GitRepoKey {
+func NewRepoKey(host string, path string) RepoKey {
 	path = strings.TrimSuffix(path, "/")
 	path = strings.TrimPrefix(path, "/")
-	return GitRepoKey{
+	return RepoKey{
 		Host: host,
 		Path: path,
 	}
 }
 
-func NewRepoKeyFromUrl(urlIn string) (GitRepoKey, error) {
+func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
 	u, err := url.Parse(urlIn)
 	if err != nil {
-		return GitRepoKey{}, err
+		return RepoKey{}, err
 	}
 	return NewRepoKey(u.Host, u.Path), nil
 }
@@ -163,14 +163,14 @@ func NewRepoKeyFromUrl(urlIn string) (GitRepoKey, error) {
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
 var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
 
-func ParseGitRepoKey(s string) (GitRepoKey, error) {
+func ParseRepoKey(s string) (RepoKey, error) {
 	if s == "" {
-		return GitRepoKey{}, nil
+		return RepoKey{}, nil
 	}
 
 	s2 := strings.SplitN(s, "/", 2)
 	if len(s2) != 2 {
-		return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 	}
 
 	var host, port string
@@ -183,29 +183,29 @@ func ParseGitRepoKey(s string) (GitRepoKey, error) {
 	}
 
 	if !hostNameRegex.MatchString(host) && !ipRegex.MatchString(host) {
-		return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 	}
 
 	if port != "" {
 		if _, err := strconv.ParseInt(port, 10, 32); err != nil {
-			return GitRepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+			return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
 		}
 	}
 
-	return GitRepoKey{
+	return RepoKey{
 		Host: s2[0],
 		Path: s2[1],
 	}, nil
 }
 
-func (u GitRepoKey) String() string {
+func (u RepoKey) String() string {
 	if u.Host == "" && u.Path == "" {
 		return ""
 	}
 	return fmt.Sprintf("%s/%s", u.Host, u.Path)
 }
 
-func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
+func (u *RepoKey) UnmarshalJSON(b []byte) error {
 	var s string
 	err := yaml.ReadYamlBytes(b, &s)
 	if err != nil {
@@ -216,7 +216,7 @@ func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
 		u.Path = ""
 		return nil
 	}
-	x, err := ParseGitRepoKey(s)
+	x, err := ParseRepoKey(s)
 	if err != nil {
 		return err
 	}
@@ -224,7 +224,7 @@ func (u *GitRepoKey) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-func (u GitRepoKey) MarshalJSON() ([]byte, error) {
+func (u RepoKey) MarshalJSON() ([]byte, error) {
 	b, err := json.Marshal(u.String())
 	if err != nil {
 		return nil, err
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 03cc5033d..8398c67ce 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -40,9 +40,9 @@ const (
 )
 
 type ProjectKey struct {
-	GitRepoKey types.GitRepoKey `json:"gitRepoKey,omitempty"`
-	OciRepoKey types.GitRepoKey `json:"ociRepoKey,omitempty"`
-	SubDir     string           `json:"subDir,omitempty"`
+	GitRepoKey types.RepoKey `json:"gitRepoKey,omitempty"`
+	OciRepoKey types.RepoKey `json:"ociRepoKey,omitempty"`
+	SubDir     string        `json:"subDir,omitempty"`
 }
 
 func (k ProjectKey) Less(o ProjectKey) bool {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index fa857f3c3..36e0d799f 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -368,21 +368,6 @@ func (in *GitRef) DeepCopy() *GitRef {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitRepoKey) DeepCopyInto(out *GitRepoKey) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepoKey.
-func (in *GitRepoKey) DeepCopy() *GitRepoKey {
-	if in == nil {
-		return nil
-	}
-	out := new(GitRepoKey)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitUrl.
 func (in *GitUrl) DeepCopy() *GitUrl {
 	if in == nil {
@@ -601,6 +586,21 @@ func (in *OciRef) DeepCopy() *OciRef {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RepoKey) DeepCopyInto(out *RepoKey) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepoKey.
+func (in *RepoKey) DeepCopy() *RepoKey {
+	if in == nil {
+		return nil
+	}
+	out := new(RepoKey)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SealedSecretsConfig) DeepCopyInto(out *SealedSecretsConfig) {
 	*out = *in
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index ec654ff1a..9e4677e50 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -237,7 +237,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		return
 	}
 
-	repoKey, err := types.ParseGitRepoKey(args.FilterProject)
+	repoKey, err := types.ParseRepoKey(args.FilterProject)
 	if err != nil {
 		_ = c.AbortWithError(http.StatusBadRequest, err)
 		return
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index 67f482a82..cd467188c 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -25,7 +25,7 @@ func main() {
 		Add(webui.AuthInfo{}).
 		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.GitRef{}, typescriptify.TypeOptions{TSType: "GitRef", TSTransform: "new GitRef(__VALUE__)"}).
-		ManageType(types.GitRepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(types.RepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.YamlUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(uo.UnstructuredObject{}, typescriptify.TypeOptions{TSType: "any"}).
 		ManageType(metav1.Time{}, typescriptify.TypeOptions{TSType: "string"}).

From 630999118e9a52065acd4524e5fc94921b497170 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 9 Oct 2023 15:29:55 +0200
Subject: [PATCH 1685/2268] feat: Embed repo type in RepoKey

---
 cmd/kluctl/commands/utils.go | 14 +++++++-------
 pkg/repocache/oci_cache.go   |  2 +-
 pkg/repocache/utils.go       |  3 +++
 pkg/types/git_url.go         | 35 +++++++++++++++++++++++++++++------
 pkg/webui/events.go          |  2 +-
 5 files changed, 41 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ec8bc846e..705c4547f 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -67,28 +67,28 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	var gitRepoOverrides []repocache.RepoOverride
 	var ociRepoOverrides []repocache.RepoOverride
 	for _, x := range projectFlags.LocalGitOverride {
-		ro, err := parseRepoOverride(ctx, x, false, true)
+		ro, err := parseRepoOverride(ctx, x, false, "git", true)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-override: %w", err)
 		}
 		gitRepoOverrides = append(gitRepoOverrides, ro)
 	}
 	for _, x := range projectFlags.LocalGitGroupOverride {
-		ro, err := parseRepoOverride(ctx, x, true, true)
+		ro, err := parseRepoOverride(ctx, x, true, "git", true)
 		if err != nil {
 			return fmt.Errorf("invalid --local-git-group-override: %w", err)
 		}
 		gitRepoOverrides = append(gitRepoOverrides, ro)
 	}
 	for _, x := range projectFlags.LocalOciOverride {
-		ro, err := parseRepoOverride(ctx, x, false, false)
+		ro, err := parseRepoOverride(ctx, x, false, "oci", false)
 		if err != nil {
 			return fmt.Errorf("invalid --local-oci-override: %w", err)
 		}
 		ociRepoOverrides = append(ociRepoOverrides, ro)
 	}
 	for _, x := range projectFlags.LocalOciGroupOverride {
-		ro, err := parseRepoOverride(ctx, x, true, false)
+		ro, err := parseRepoOverride(ctx, x, true, "oci", false)
 		if err != nil {
 			return fmt.Errorf("invalid --local-oci-group-override: %w", err)
 		}
@@ -317,13 +317,13 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 	}
 }
 
-func parseRepoOverride(ctx context.Context, s string, isGroup bool, allowLegacy bool) (repocache.RepoOverride, error) {
+func parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string, allowLegacy bool) (repocache.RepoOverride, error) {
 	sp := strings.SplitN(s, "=", 2)
 	if len(sp) != 2 {
 		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
-	repoKey, err := types.ParseRepoKey(sp[0])
+	repoKey, err := types.ParseRepoKey(sp[0], type_)
 	if err != nil {
 		if !allowLegacy {
 			return repocache.RepoOverride{}, err
@@ -341,7 +341,7 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, allowLegacy
 			x += "/"
 		}
 		x += u.Path
-		repoKey, err2 = types.ParseRepoKey(x)
+		repoKey, err2 = types.ParseRepoKey(x, type_)
 		if err2 != nil {
 			// return original error
 			return repocache.RepoOverride{}, err
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 6d19c833e..4977d8f6f 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -74,7 +74,7 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 		return nil, fmt.Errorf("unsupported scheme %s, must be oci://", urlN.Scheme)
 	}
 
-	repoKey := types.NewRepoKey(urlN.Host, urlN.Path)
+	repoKey := types.NewRepoKey("oci", urlN.Host, urlN.Path)
 
 	overridePath, err := findRepoOverride(rp.repoOverrides, repoKey)
 	if err != nil {
diff --git a/pkg/repocache/utils.go b/pkg/repocache/utils.go
index 449f9f09d..70f61809d 100644
--- a/pkg/repocache/utils.go
+++ b/pkg/repocache/utils.go
@@ -10,6 +10,9 @@ import (
 
 func findRepoOverride(repoOverrides []RepoOverride, repoKey types.RepoKey) (string, error) {
 	for _, ro := range repoOverrides {
+		if ro.RepoKey.Type != repoKey.Type {
+			continue
+		}
 		if ro.RepoKey.Host != repoKey.Host {
 			continue
 		}
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 1f6289b9f..ac50318b8 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -134,19 +134,21 @@ func (u *GitUrl) Normalize() *GitUrl {
 
 func (u *GitUrl) RepoKey() RepoKey {
 	u2 := u.Normalize()
-	return NewRepoKey(u2.Host, u2.Path)
+	return NewRepoKey("git", u2.Host, u2.Path)
 }
 
 // +kubebuilder:validation:Type=string
 type RepoKey struct {
+	Type string `json:"-"`
 	Host string `json:"-"`
 	Path string `json:"-"`
 }
 
-func NewRepoKey(host string, path string) RepoKey {
+func NewRepoKey(type_ string, host string, path string) RepoKey {
 	path = strings.TrimSuffix(path, "/")
 	path = strings.TrimPrefix(path, "/")
 	return RepoKey{
+		Type: type_,
 		Host: host,
 		Path: path,
 	}
@@ -157,17 +159,32 @@ func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
 	if err != nil {
 		return RepoKey{}, err
 	}
-	return NewRepoKey(u.Host, u.Path), nil
+	t := "git"
+	if u.Scheme == "oci" {
+		t = "oci"
+	}
+	return NewRepoKey(t, u.Host, u.Path), nil
 }
 
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
 var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
 
-func ParseRepoKey(s string) (RepoKey, error) {
+func ParseRepoKey(s string, defaultType string) (RepoKey, error) {
 	if s == "" {
 		return RepoKey{}, nil
 	}
 
+	var t string
+	if strings.HasPrefix(s, "git://") {
+		t = "git"
+		s = strings.TrimPrefix(s, "git://")
+	} else if strings.HasPrefix(s, "oci://") {
+		t = "oci"
+		s = strings.TrimPrefix(s, "oci://")
+	} else {
+		t = defaultType
+	}
+
 	s2 := strings.SplitN(s, "/", 2)
 	if len(s2) != 2 {
 		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
@@ -193,6 +210,7 @@ func ParseRepoKey(s string) (RepoKey, error) {
 	}
 
 	return RepoKey{
+		Type: t,
 		Host: s2[0],
 		Path: s2[1],
 	}, nil
@@ -202,7 +220,11 @@ func (u RepoKey) String() string {
 	if u.Host == "" && u.Path == "" {
 		return ""
 	}
-	return fmt.Sprintf("%s/%s", u.Host, u.Path)
+	t := u.Type
+	if t == "" {
+		t = "git"
+	}
+	return fmt.Sprintf("%s://%s/%s", t, u.Host, u.Path)
 }
 
 func (u *RepoKey) UnmarshalJSON(b []byte) error {
@@ -212,11 +234,12 @@ func (u *RepoKey) UnmarshalJSON(b []byte) error {
 		return err
 	}
 	if s == "" {
+		u.Type = ""
 		u.Host = ""
 		u.Path = ""
 		return nil
 	}
-	x, err := ParseRepoKey(s)
+	x, err := ParseRepoKey(s, "git")
 	if err != nil {
 		return err
 	}
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 9e4677e50..b3386fcbf 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -237,7 +237,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		return
 	}
 
-	repoKey, err := types.ParseRepoKey(args.FilterProject)
+	repoKey, err := types.ParseRepoKey(args.FilterProject, "git")
 	if err != nil {
 		_ = c.AbortWithError(http.StatusBadRequest, err)
 		return

From e9c790743a74c4509603190a0c7934f25f3d65f9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 09:15:31 +0200
Subject: [PATCH 1686/2268] feat: Implement OCI authentication provider and OCI
 credentials via the CRD

Also remove RegistryHelper and instead use crane.
---
 api/v1beta1/kluctldeployment_types.go         |  33 +-
 api/v1beta1/zz_generated.deepcopy.go          |  59 ++-
 cmd/kluctl/commands/cmd_helm_pull.go          |  14 +-
 cmd/kluctl/commands/cmd_helm_update.go        |  13 +-
 cmd/kluctl/commands/utils.go                  |   6 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   |  41 +-
 docs/gitops/api/kluctl-controller.md          | 148 ++++--
 e2e/gitops_git_include_test.go                |  38 +-
 e2e/gitops_oci_include_test.go                | 141 +++++
 e2e/gitops_test.go                            |   5 +-
 e2e/oci_include_test.go                       | 352 +++++++++++++
 go.mod                                        |   5 +-
 go.sum                                        |   2 -
 install/controller/controller/crd.yaml        |  41 +-
 pkg/controllers/kluctl_project.go             |   7 +-
 .../kluctldeployment_controller_source.go     | 156 +++++-
 pkg/deployment/deployment_item.go             |   2 +-
 pkg/deployment/shared_context.go              |   2 +
 pkg/helm/chart.go                             |  30 +-
 pkg/helm/helm_release.go                      |   5 +-
 pkg/kluctl_project/project_load.go            |   3 +
 pkg/kluctl_project/target_context.go          |   3 +
 pkg/oci/auth_provider/auth_provider.go        |  67 +++
 .../docker_config_auth_provider.go            |  37 ++
 pkg/oci/auth_provider/env_auth_provider.go    |  80 +++
 pkg/oci/auth_provider/list_auth_provider.go   |  80 +++
 pkg/registries/registries.go                  | 495 ------------------
 pkg/repocache/oci_cache.go                    |  26 +-
 28 files changed, 1181 insertions(+), 710 deletions(-)
 create mode 100644 e2e/gitops_oci_include_test.go
 create mode 100644 e2e/oci_include_test.go
 create mode 100644 pkg/oci/auth_provider/auth_provider.go
 create mode 100644 pkg/oci/auth_provider/docker_config_auth_provider.go
 create mode 100644 pkg/oci/auth_provider/env_auth_provider.go
 create mode 100644 pkg/oci/auth_provider/list_auth_provider.go
 delete mode 100644 pkg/registries/registries.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index a69dfee6a..569dde688 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -269,7 +269,7 @@ type ProjectSource struct {
 	// Credentials specifies a list of secrets with credentials
 	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.
 	// +optional
-	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectSourceGitCredentials `json:"credentials,omitempty"`
 }
 
 type ProjectSourceGit struct {
@@ -285,17 +285,9 @@ type ProjectSourceGit struct {
 	// +optional
 	Path string `json:"path,omitempty"`
 
-	// SecretRef specifies the Secret containing authentication credentials for
-	// See ProjectSourceCredentials.SecretRef for details
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
-	// instead.
-	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
-	// Use Credentials with a proper Host field instead.
-	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
-
 	// Credentials specifies a list of secrets with credentials
 	// +optional
-	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectSourceGitCredentials `json:"credentials,omitempty"`
 }
 
 type ProjectSourceOci struct {
@@ -313,10 +305,10 @@ type ProjectSourceOci struct {
 
 	// Credentials specifies a list of secrets with credentials
 	// +optional
-	Credentials []ProjectSourceCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectSourceOciCredentials `json:"credentials,omitempty"`
 }
 
-type ProjectSourceCredentials struct {
+type ProjectSourceGitCredentials struct {
 	// Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
 	// applies to all hosts.
 	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
@@ -339,6 +331,23 @@ type ProjectSourceCredentials struct {
 	SecretRef LocalObjectReference `json:"secretRef"`
 }
 
+type ProjectSourceOciCredentials struct {
+	// Registry specifies the hostname that this secret applies to.
+	// +required
+	Registry string `json:"registry,omitempty"`
+
+	// Repository specifies the org and repo name in the format 'org-name/repo-name'.
+	// Both 'org-name' and 'repo-name' can be specified as '*', meaning that all names are matched.
+	// +optional
+	Repository string `json:"repository,omitempty"`
+
+	// SecretRef specifies the Secret containing authentication credentials for
+	// the oci repository.
+	// The secret must contain 'username' and 'password'.
+	// +required
+	SecretRef LocalObjectReference `json:"secretRef"`
+}
+
 // Decryption defines how decryption is handled for Kubernetes manifests.
 type Decryption struct {
 	// Provider is the name of the decryption engine.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 3464f3a51..e0df5ef78 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -338,7 +338,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceCredentials, len(*in))
+		*out = make([]ProjectSourceGitCredentials, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -353,22 +353,6 @@ func (in *ProjectSource) DeepCopy() *ProjectSource {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectSourceCredentials) DeepCopyInto(out *ProjectSourceCredentials) {
-	*out = *in
-	out.SecretRef = in.SecretRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceCredentials.
-func (in *ProjectSourceCredentials) DeepCopy() *ProjectSourceCredentials {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectSourceCredentials)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
 	*out = *in
@@ -378,14 +362,9 @@ func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
 		*out = new(types.GitRef)
 		**out = **in
 	}
-	if in.SecretRef != nil {
-		in, out := &in.SecretRef, &out.SecretRef
-		*out = new(LocalObjectReference)
-		**out = **in
-	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceCredentials, len(*in))
+		*out = make([]ProjectSourceGitCredentials, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -400,6 +379,22 @@ func (in *ProjectSourceGit) DeepCopy() *ProjectSourceGit {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSourceGitCredentials) DeepCopyInto(out *ProjectSourceGitCredentials) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceGitCredentials.
+func (in *ProjectSourceGitCredentials) DeepCopy() *ProjectSourceGitCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSourceGitCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSourceOci) DeepCopyInto(out *ProjectSourceOci) {
 	*out = *in
@@ -410,7 +405,7 @@ func (in *ProjectSourceOci) DeepCopyInto(out *ProjectSourceOci) {
 	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceCredentials, len(*in))
+		*out = make([]ProjectSourceOciCredentials, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -425,6 +420,22 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectSourceOciCredentials) DeepCopyInto(out *ProjectSourceOciCredentials) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceOciCredentials.
+func (in *ProjectSourceOciCredentials) DeepCopy() *ProjectSourceOciCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectSourceOciCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
 	*out = *in
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index d73dcdaae..429a49d64 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -33,16 +34,19 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
 		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
-	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, false, true)
+
+	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+
+	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, false, true)
 	return err
 }
 
-func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.HelmCredentials, dryRun bool, force bool) (int, error) {
+func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.HelmCredentials, ociAuthProvider auth_provider.OciAuthProvider, dryRun bool, force bool) (int, error) {
 	actions := 0
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, helmCredentials)
+	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, helmCredentials, ociAuthProvider)
 	if err != nil {
 		return actions, err
 	}
@@ -123,7 +127,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.He
 	return actions, nil
 }
 
-func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvider helm.HelmCredentialsProvider) ([]*helm.Release, []*helm.Chart, error) {
+func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvider helm.HelmCredentialsProvider, ociAuthProvider auth_provider.OciAuthProvider) ([]*helm.Release, []*helm.Chart, error) {
 	var releases []*helm.Release
 	chartsMap := make(map[string]*helm.Chart)
 	err := filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
@@ -137,7 +141,7 @@ func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvid
 			return err
 		}
 
-		hr, err := helm.NewRelease(projectDir, relDir, p, baseChartsDir, credentialsProvider)
+		hr, err := helm.NewRelease(projectDir, relDir, p, baseChartsDir, credentialsProvider, ociAuthProvider)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 9122a45ce..44e1c09a1 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -47,6 +48,8 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return err
 	}
 
+	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+
 	if cmd.Commit {
 		gitStatus, err := git2.GetWorktreeStatus(ctx, gitRootPath)
 		if err != nil {
@@ -68,13 +71,13 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	g := utils.NewGoHelper(ctx, 8)
 
-	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials)
+	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials, ociAuthProvider)
 	if err != nil {
 		return err
 	}
 
 	if cmd.Commit {
-		actions, err := doHelmPull(ctx, projectDir, &cmd.HelmCredentials, true, false)
+		actions, err := doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, true, false)
 		if err != nil {
 			return err
 		}
@@ -189,7 +192,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	for k, hrs := range upgrades {
-		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion)
+		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion, ociAuthProvider)
 		if err != nil {
 			return err
 		}
@@ -219,7 +222,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string) error {
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, ociAuthProvider *auth_provider.OciAuthProviders) error {
 	chart := hrs[0].Chart
 	newVersion := hrs[0].Config.ChartVersion
 
@@ -264,7 +267,7 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 		}
 	}
 
-	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, false, false)
+	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, false, false)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 705c4547f..8370aa7c1 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -13,6 +13,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/results"
@@ -102,11 +103,12 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		AskForConfirmationFn: func(s string) bool { return prompts.AskForConfirmation(ctx, s) },
 	}
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
+	ociAuth := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 
 	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, gitRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
-	ociRp := repocache.NewOciRepoCache(ctx, ociRepoOverrides, projectFlags.GitCacheUpdateInterval)
+	ociRp := repocache.NewOciRepoCache(ctx, ociAuth, ociRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
 	var externalArgs *uo.UnstructuredObject
@@ -135,6 +137,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		ExternalArgs:       externalArgs,
 		GitRP:              gitRp,
 		OciRP:              ociRp,
+		OciAuthProvider:    ociAuth,
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
 
@@ -216,6 +219,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		Images:             images,
 		Inclusion:          inclusion,
 		HelmCredentials:    &args.helmCredentials,
+		OciAuthProvider:    p.LoadArgs.OciAuthProvider,
 		RenderOutputDir:    renderOutputDir,
 	}
 
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index f92f01ec9..67438302f 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -405,21 +405,6 @@ spec:
                             description: Tag to use.
                             type: string
                         type: object
-                      secretRef:
-                        description: SecretRef specifies the Secret containing authentication
-                          credentials for See ProjectSourceCredentials.SecretRef for
-                          details DEPRECATED this field is deprecated and will be
-                          removed in a future version of the controller. Use Credentials
-                          instead. WARNING using this field causes the controller
-                          to pass http basic auth credentials to ALL repositories
-                          involved. Use Credentials with a proper Host field instead.
-                        properties:
-                          name:
-                            description: Name of the referent.
-                            type: string
-                        required:
-                        - name
-                        type: object
                       url:
                         description: Url specifies the Git url where the project source
                           is located
@@ -435,26 +420,20 @@ spec:
                           credentials
                         items:
                           properties:
-                            host:
-                              description: Host specifies the hostname that this secret
-                                applies to. If set to '*', this set of credentials
-                                applies to all hosts. Using '*' for http(s) based
-                                repositories is not supported, meaning that such credentials
-                                sets will be ignored. You must always set a proper
-                                hostname in that case.
+                            registry:
+                              description: Registry specifies the hostname that this
+                                secret applies to.
                               type: string
-                            pathPrefix:
-                              description: PathPrefix specified the path prefix to
-                                be used to filter source urls. Only urls that have
-                                this prefix will use this set of credentials.
+                            repository:
+                              description: Repository specifies the org and repo name
+                                in the format 'org-name/repo-name'. Both 'org-name'
+                                and 'repo-name' can be specified as '*', meaning that
+                                all names are matched.
                               type: string
                             secretRef:
                               description: SecretRef specifies the Secret containing
-                                authentication credentials for the git repository.
-                                For HTTPS git repositories the Secret must contain
-                                'username' and 'password' fields. For SSH git repositories
-                                the Secret must contain 'identity' and 'known_hosts'
-                                fields.
+                                authentication credentials for the oci repository.
+                                The secret must contain 'username' and 'password'.
                               properties:
                                 name:
                                   description: Name of the referent.
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 09f4c9694..16a233956 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1351,8 +1351,8 @@ the KluctlDeployment.</p>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">ProjectSourceCredentials</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">ProjectSourceGitCredentials</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">ProjectSourceOciCredentials</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1484,8 +1484,8 @@ Use Credentials with a proper Host field instead.</p>
 <td>
 <code>credentials</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
-[]ProjectSourceCredentials
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">
+[]ProjectSourceGitCredentials
 </a>
 </em>
 </td>
@@ -1499,13 +1499,81 @@ DEPRECATED this field is deprecated and will be removed in a future version of t
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceCredentials">ProjectSourceCredentials
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+</em>
+</td>
+<td>
+<p>Url specifies the Git url where the project source is located</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>ref</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitRef
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the sub-directory to be used as project directory</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">
+[]ProjectSourceGitCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies a list of secrets with credentials</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">ProjectSourceGitCredentials
 </h3>
 <p>
 (<em>Appears on:</em>
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1566,7 +1634,7 @@ and &lsquo;known_hosts&rsquo; fields.</p>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci
 </h3>
 <p>
 (<em>Appears on:</em>
@@ -1586,7 +1654,7 @@ and &lsquo;known_hosts&rsquo; fields.</p>
 <td>
 <code>url</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+string
 </em>
 </td>
 <td>
@@ -1597,12 +1665,12 @@ github.com/kluctl/kluctl/v2/pkg/types.GitUrl
 <td>
 <code>ref</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitRef
+github.com/kluctl/kluctl/v2/pkg/types.OciRef
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.</p>
+<p>Ref specifies the tag to be used. If omitted, the &ldquo;latest&rdquo; tag is used.</p>
 </td>
 </tr>
 <tr>
@@ -1619,28 +1687,10 @@ string
 </tr>
 <tr>
 <td>
-<code>secretRef</code><br>
-<em>
-<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
-LocalObjectReference
-</a>
-</em>
-</td>
-<td>
-<p>SecretRef specifies the Secret containing authentication credentials for
-See ProjectSourceCredentials.SecretRef for details
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
-instead.
-WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
-Use Credentials with a proper Host field instead.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>credentials</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
-[]ProjectSourceCredentials
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">
+[]ProjectSourceOciCredentials
 </a>
 </em>
 </td>
@@ -1653,11 +1703,11 @@ Use Credentials with a proper Host field instead.</p>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">ProjectSourceOciCredentials
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1671,51 +1721,41 @@ Use Credentials with a proper Host field instead.</p>
 <tbody>
 <tr>
 <td>
-<code>url</code><br>
+<code>registry</code><br>
 <em>
 string
 </em>
 </td>
 <td>
-<p>Url specifies the Git url where the project source is located</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>ref</code><br>
-<em>
-github.com/kluctl/kluctl/v2/pkg/types.OciRef
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Ref specifies the tag to be used. If omitted, the &ldquo;latest&rdquo; tag is used.</p>
+<p>Registry specifies the hostname that this secret applies to.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>path</code><br>
+<code>repository</code><br>
 <em>
 string
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Path specifies the sub-directory to be used as project directory</p>
+<p>Repository specifies the org and repo name in the format &lsquo;org-name/repo-name&rsquo;.
+Both &lsquo;org-name&rsquo; and &lsquo;repo-name&rsquo; can be specified as &lsquo;*&rsquo;, meaning that all names are matched.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>credentials</code><br>
+<code>secretRef</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceCredentials">
-[]ProjectSourceCredentials
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
 </a>
 </em>
 </td>
 <td>
-<em>(Optional)</em>
-<p>Credentials specifies a list of secrets with credentials</p>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the oci repository.
+The secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;.</p>
 </td>
 </tr>
 </tbody>
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index b25e3bdb2..5861075d2 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,7 +21,9 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 
 	p, _, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
 
-	key := suite.createKluctlDeployment(p, "test", nil)
+	key := suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
+		URL: types2.ParseGitUrlMust(p.GitUrl()),
+	})
 
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
@@ -72,7 +75,7 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	})
 }
 
-func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
+func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bool) {
 	g := NewWithT(suite.T())
 	_ = g
 
@@ -82,7 +85,14 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
 
 	p, ip1, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
 
-	key := suite.createKluctlDeployment(p, "test", nil)
+	var key client.ObjectKey
+	if legacyGitSource {
+		key = suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
+			URL: types2.ParseGitUrlMust(p.GitUrl()),
+		})
+	} else {
+		key = suite.createKluctlDeployment(p, "test", nil)
+	}
 
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
@@ -122,21 +132,29 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
+	var credentials []v1beta1.ProjectSourceGitCredentials
+
+	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
 		Host:       gs1.GitHost(),
 		PathPrefix: ip1.GitRepoName(),
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
 	})
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
+	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
 		Host:      mainGs.GitHost(),
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
 	// make sure this one is ignored for http based urls
-	kd.Spec.Source.Credentials = append(kd.Spec.Source.Credentials, v1beta1.ProjectSourceCredentials{
+	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
 		Host:      "*",
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
 
+	if legacyGitSource {
+		kd.Spec.Source.Credentials = credentials
+	} else {
+		kd.Spec.Source.Git.Credentials = credentials
+	}
+
 	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
 	g.Expect(err).To(Succeed())
 
@@ -152,3 +170,11 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
 	})
 }
+
+func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
+	suite.testGitOpsGitIncludeCredentials(false)
+}
+
+func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentialsLegacy() {
+	suite.testGitOpsGitIncludeCredentials(true)
+}
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
new file mode 100644
index 000000000..b6bbde83c
--- /dev/null
+++ b/e2e/gitops_oci_include_test.go
@@ -0,0 +1,141 @@
+package e2e
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
+	g := NewWithT(suite.T())
+	_ = g
+
+	ip1 := prepareIncludeProject(suite.T(), "include1", "", nil)
+	ip2 := prepareIncludeProject(suite.T(), "include2", "subDir", nil)
+	ip3 := prepareIncludeProject(suite.T(), "include3", "", nil)
+
+	ociUrl0 := test_utils.CreateOciRegistry(suite.T(), "user0", "pass0")
+	ociUrl1 := test_utils.CreateOciRegistry(suite.T(), "user1", "pass1")
+	ociUrl2 := test_utils.CreateOciRegistry(suite.T(), "user2", "pass2")
+	ociUrl3 := test_utils.CreateOciRegistry(suite.T(), "user3", "pass3")
+	repo0 := ociUrl0.String() + "/org0/repo0"
+	repo1 := ociUrl1.String() + "/org1/repo1"
+	repo2 := ociUrl2.String() + "/org2/repo2"
+	repo3 := ociUrl3.String() + "/org3/repo3"
+
+	ip1.KluctlMust("oci", "push", "--url", repo1, "--creds", "user1:pass1")
+	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
+	ip3.KluctlMust("oci", "push", "--url", repo3, "--creds", "user3:pass3")
+
+	p := test_project.NewTestProject(suite.T())
+
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url":    repo2,
+			"subDir": "subDir",
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo3,
+		},
+	}))
+	p.KluctlMust("oci", "push", "--url", repo0, "--creds", "user0:pass0")
+
+	key := suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
+		Oci: &v1beta1.ProjectSourceOci{
+			URL: repo0,
+		},
+	})
+
+	suite.Run("fail without authentication", func() {
+		suite.waitForCommit(key, "")
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
+		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
+		g.Expect(readinessCondition.Message).To(ContainSubstring("401 Unauthorized"))
+	})
+
+	createSecret := func(secretName string, username string, password string) {
+		secret := corev1.Secret{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      secretName,
+				Namespace: key.Namespace,
+			},
+			Data: map[string][]byte{
+				"username": []byte(username),
+				"password": []byte(password),
+			},
+		}
+		err := suite.k.Client.Create(context.Background(), &secret)
+		g.Expect(err).To(Succeed())
+	}
+
+	createSecret("secret0", "user0", "pass0")
+	createSecret("secret1", "user1", "pass1")
+	createSecret("secret2", "user2", "pass2")
+	createSecret("secret3", "user3", "pass3")
+
+	var kd v1beta1.KluctlDeployment
+	err := suite.k.Client.Get(context.Background(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	patch := client.MergeFrom(kd.DeepCopy())
+
+	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+		Registry:   ociUrl0.Host,
+		Repository: "org0/repo0",
+		SecretRef:  v1beta1.LocalObjectReference{Name: "secret0"},
+	})
+	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+		Registry:   ociUrl1.Host,
+		Repository: "org1/repo1",
+		SecretRef:  v1beta1.LocalObjectReference{Name: "secret1"},
+	})
+	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+		Registry:   ociUrl2.Host,
+		Repository: "*/repo2",
+		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
+	})
+	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+		Registry:   ociUrl3.Host,
+		Repository: "org3/*",
+		SecretRef:  v1beta1.LocalObjectReference{Name: "secret3"},
+	})
+
+	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
+	g.Expect(err).To(Succeed())
+
+	suite.Run("retry with authentication", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+		var kd v1beta1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readinessCondition := suite.getReadiness(&kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
+	})
+}
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 31a6a4907..5b4510e3d 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -256,12 +256,9 @@ data:
 `)},
 	}, nil)
 
-	key := suite.createKluctlDeployment2(p, "target1", map[string]any{
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
 		"namespace": p.TestSlug(),
 		"k2":        42,
-	}, kluctlv1.ProjectSource{
-		// let's misuse this testcase to test the deprecated ProjectSource
-		URL: types2.ParseGitUrlMust(p.GitUrl()),
 	})
 
 	suite.Run("initial deployment", func() {
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
new file mode 100644
index 000000000..620b54c8d
--- /dev/null
+++ b/e2e/oci_include_test.go
@@ -0,0 +1,352 @@
+package e2e
+
+import (
+	"fmt"
+	"github.com/docker/cli/cli/config/configfile"
+	"github.com/docker/cli/cli/config/types"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	homedir "github.com/mitchellh/go-homedir"
+	cp "github.com/otiai10/copy"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestOciIncludeMultipleRepos(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	ip1 := prepareIncludeProject(t, "include1", "", nil)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
+
+	ociUrl := test_utils.CreateOciRegistry(t, "", "")
+	repo1 := ociUrl.String() + "/org1/repo1"
+	repo2 := ociUrl.String() + "/org2/repo2"
+
+	ip1.KluctlMust("oci", "push", "--url", repo1)
+	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url":    repo2,
+			"subDir": "subDir",
+		},
+	}))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+}
+
+func TestOciIncludeWithCreds(t *testing.T) {
+	k := defaultCluster1
+
+	ip1 := prepareIncludeProject(t, "include1", "", nil)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
+	ip3 := prepareIncludeProject(t, "include3", "", nil)
+
+	ociUrl1 := test_utils.CreateOciRegistry(t, "user1", "pass1")
+	ociUrl2 := test_utils.CreateOciRegistry(t, "user2", "pass2")
+	ociUrl3 := test_utils.CreateOciRegistry(t, "user3", "pass3")
+	repo1 := ociUrl1.String() + "/org1/repo1"
+	repo2 := ociUrl2.String() + "/org2/repo2"
+	repo3 := ociUrl3.String() + "/org3/repo3"
+
+	// push with no creds
+	_, stderr, err := ip1.Kluctl("oci", "push", "--url", repo1)
+	assert.ErrorContains(t, err, "401 Unauthorized")
+	assert.Contains(t, stderr, "401 Unauthorized")
+
+	// push with invalid creds
+	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repo1, "--creds", "user1:invalid")
+	assert.ErrorContains(t, err, "401 Unauthorized")
+	assert.Contains(t, stderr, "401 Unauthorized")
+
+	// now with valid creds
+	ip1.KluctlMust("oci", "push", "--url", repo1, "--creds", "user1:pass1")
+	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
+	ip3.KluctlMust("oci", "push", "--url", repo3, "--creds", "user3:pass3")
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url":    repo2,
+			"subDir": "subDir",
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo3,
+		},
+	}))
+
+	// deploy with no auth
+	_, stderr, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	assert.ErrorContains(t, err, "401 Unauthorized")
+	assert.Contains(t, stderr, "401 Unauthorized")
+
+	// deploy with some invalid creds
+	t.Setenv("KLUCTL_REGISTRY_1_HOST", ociUrl1.Host)
+	t.Setenv("KLUCTL_REGISTRY_1_REPO", "org1/repo1")
+	t.Setenv("KLUCTL_REGISTRY_1_USERNAME", "user1")
+	t.Setenv("KLUCTL_REGISTRY_1_PASSWORD", "pass1")
+	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", ociUrl2.Host))
+	t.Setenv("KLUCTL_REGISTRY_2_USERNAME", "user2")
+	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "invalid")
+	_, stderr, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	assert.ErrorContains(t, err, "401 Unauthorized")
+	assert.Contains(t, stderr, "401 Unauthorized")
+
+	// deploy with valid creds
+	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "pass2")
+	dockerLogin(t, ociUrl3.Host, "user3", "pass3")
+
+	x, _ := homedir.Dir()
+	t.Logf("homedir=%s", x)
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+}
+
+func dockerLogin(t *testing.T, host string, username string, password string) {
+	dir := t.TempDir()
+
+	var cf configfile.ConfigFile
+	cf.AuthConfigs = map[string]types.AuthConfig{
+		host: {
+			Username: username,
+			Password: password,
+		},
+	}
+
+	s := yaml.WriteJsonStringMust(&cf)
+
+	err := os.WriteFile(filepath.Join(dir, "config.json"), []byte(s), 0600)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Setenv("DOCKER_CONFIG", dir)
+}
+
+func TestOciIncludeTagsAndDigests(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	ip1 := prepareIncludeProject(t, "include1", "", nil)
+
+	ociUrl := test_utils.CreateOciRegistry(t, "", "")
+	repo1 := ociUrl.String() + "/org1/repo1"
+
+	ip1.KluctlMust("oci", "push", "--url", repo1+":tag1")
+
+	ip1.UpdateYaml("cm/configmap-include1-cm.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v2", "data", "a")
+		return nil
+	}, "")
+	ip1.KluctlMust("oci", "push", "--url", repo1+":tag2")
+
+	ip1.UpdateYaml("cm/configmap-include1-cm.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v3", "data", "a")
+		return nil
+	}, "")
+	stdout, _ := ip1.KluctlMust("oci", "push", "--url", repo1+":tag3", "--output", "json")
+	md := uo.FromStringMust(stdout)
+	digest, _, _ := md.GetNestedString("digest")
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+			"ref": map[string]any{
+				"tag": "tag1",
+			},
+		},
+	}))
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "v", "data", "a")
+
+	p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		_ = items[0].SetNestedField(map[string]any{
+			"tag": "tag2",
+		}, "oci", "ref")
+		return items
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "v2", "data", "a")
+
+	p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		_ = items[0].SetNestedField(map[string]any{
+			"digest": digest,
+		}, "oci", "ref")
+		return items
+	})
+
+	p.KluctlMust("deploy", "--yes", "-t", "test")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "v3", "data", "a")
+}
+
+func TestLocalOciOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	ip1 := prepareIncludeProject(t, "include1", "", nil)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
+
+	ociUrl := test_utils.CreateOciRegistry(t, "", "")
+	repo1 := ociUrl.String() + "/org1/repo1"
+	repo2 := ociUrl.String() + "/org2/repo2"
+
+	ip1.KluctlMust("oci", "push", "--url", repo1)
+	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+
+	p := test_project.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url":    repo2,
+			"subDir": "subDir",
+		},
+	}))
+
+	override1 := t.TempDir()
+	err := cp.Copy(ip1.LocalRepoDir(), override1)
+	assert.NoError(t, err)
+
+	override2 := t.TempDir()
+	err = cp.Copy(ip2.LocalRepoDir(), override2)
+	assert.NoError(t, err)
+
+	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o1", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
+
+	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o2", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
+
+	k1 := strings.TrimPrefix(repo1, "oci://")
+	k2 := strings.TrimPrefix(repo2, "oci://")
+
+	p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-oci-override", fmt.Sprintf("%s=%s", k1, override1),
+		"--local-oci-override", fmt.Sprintf("%s=%s", k2, override2),
+	)
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
+
+func TestLocalOciGroupOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	ip1 := prepareIncludeProject(t, "include1", "", nil)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
+
+	ociUrl := test_utils.CreateOciRegistry(t, "", "")
+	repo1 := ociUrl.String() + "/org1/repo1"
+	repo2 := ociUrl.String() + "/org1/repo2"
+
+	ip1.KluctlMust("oci", "push", "--url", repo1)
+	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+
+	p := test_project.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url": repo1,
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"oci": map[string]any{
+			"url":    repo2,
+			"subDir": "subDir",
+		},
+	}))
+
+	overrideGroupDir := t.TempDir()
+
+	override1 := filepath.Join(overrideGroupDir, "repo1")
+	err := cp.Copy(ip1.LocalRepoDir(), override1)
+	assert.NoError(t, err)
+
+	override2 := filepath.Join(overrideGroupDir, "repo2")
+	err = cp.Copy(ip2.LocalRepoDir(), override2)
+	assert.NoError(t, err)
+
+	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o1", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
+
+	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o2", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
+
+	k1 := strings.TrimPrefix(ociUrl.String(), "oci://") + "/org1"
+
+	p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
+	)
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
diff --git a/go.mod b/go.mod
index ccd3b119c..bcbd31554 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,6 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/go-containerregistry v0.16.1
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/hexops/gotextdiff v1.0.3
@@ -66,6 +65,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
+	github.com/docker/cli v24.0.6+incompatible
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
@@ -76,6 +76,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
+	github.com/mitchellh/go-homedir v1.1.0
 	github.com/onsi/gomega v1.28.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
@@ -143,7 +144,6 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.6+incompatible // indirect
 	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
@@ -223,7 +223,6 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
diff --git a/go.sum b/go.sum
index 9ef1956b9..4dc0277dc 100644
--- a/go.sum
+++ b/go.sum
@@ -365,8 +365,6 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
 github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index f126fd2c8..3498fe1f2 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -405,21 +405,6 @@ spec:
                             description: Tag to use.
                             type: string
                         type: object
-                      secretRef:
-                        description: SecretRef specifies the Secret containing authentication
-                          credentials for See ProjectSourceCredentials.SecretRef for
-                          details DEPRECATED this field is deprecated and will be
-                          removed in a future version of the controller. Use Credentials
-                          instead. WARNING using this field causes the controller
-                          to pass http basic auth credentials to ALL repositories
-                          involved. Use Credentials with a proper Host field instead.
-                        properties:
-                          name:
-                            description: Name of the referent.
-                            type: string
-                        required:
-                        - name
-                        type: object
                       url:
                         description: Url specifies the Git url where the project source
                           is located
@@ -435,26 +420,20 @@ spec:
                           credentials
                         items:
                           properties:
-                            host:
-                              description: Host specifies the hostname that this secret
-                                applies to. If set to '*', this set of credentials
-                                applies to all hosts. Using '*' for http(s) based
-                                repositories is not supported, meaning that such credentials
-                                sets will be ignored. You must always set a proper
-                                hostname in that case.
+                            registry:
+                              description: Registry specifies the hostname that this
+                                secret applies to.
                               type: string
-                            pathPrefix:
-                              description: PathPrefix specified the path prefix to
-                                be used to filter source urls. Only urls that have
-                                this prefix will use this set of credentials.
+                            repository:
+                              description: Repository specifies the org and repo name
+                                in the format 'org-name/repo-name'. Both 'org-name'
+                                and 'repo-name' can be specified as '*', meaning that
+                                all names are matched.
                               type: string
                             secretRef:
                               description: SecretRef specifies the Secret containing
-                                authentication credentials for the git repository.
-                                For HTTPS git repositories the Secret must contain
-                                'username' and 'password' fields. For SSH git repositories
-                                the Secret must contain 'identity' and 'known_hosts'
-                                fields.
+                                authentication credentials for the oci repository.
+                                The secret must contain 'username' and 'password'.
                               properties:
                                 name:
                                   description: Name of the referent.
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index c78f1925f..a8da589d4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -91,12 +91,17 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
+	ociSecrets, err := r.getOciSecrets(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
+	if err != nil {
+		return nil, err
+	}
+
 	pp.gitRP, err = r.buildGitRepoCache(ctx, gitSecrets)
 	if err != nil {
 		return nil, err
 	}
 
-	pp.ociRP, err = r.buildOciRepoCache(ctx, nil)
+	pp.ociRP, err = r.buildOciRepoCache(ctx, ociSecrets)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 53c299d67..d64eaa4b4 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -9,6 +9,7 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -19,7 +20,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-type repoSecrets struct {
+type gitRepoSecrets struct {
 	deprecatedSecret bool
 
 	host       string
@@ -27,12 +28,18 @@ type repoSecrets struct {
 	secret     corev1.Secret
 }
 
-func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]repoSecrets, error) {
+type ociRepoSecrets struct {
+	registry string
+	repo     string
+	secret   corev1.Secret
+}
+
+func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]gitRepoSecrets, error) {
 	if source == nil {
 		return nil, nil
 	}
 
-	var ret []repoSecrets
+	var ret []gitRepoSecrets
 
 	loadCredentials := func(deprecatedSecret bool, host string, pathPrefix string, secretName string) error {
 		if host == "" {
@@ -43,7 +50,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 		if err != nil {
 			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
-		ret = append(ret, repoSecrets{
+		ret = append(ret, gitRepoSecrets{
 			deprecatedSecret: deprecatedSecret,
 			host:             host,
 			pathPrefix:       pathPrefix,
@@ -52,17 +59,62 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 		return nil
 	}
 
-	if source.SecretRef != nil {
-		// Attempt to retrieve deprecated secret
-		err := loadCredentials(true, "", "", source.SecretRef.Name)
+	if source.Git != nil {
+		for _, c := range source.Git.Credentials {
+			err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+			if err != nil {
+				return nil, err
+			}
+		}
+	} else if source.Oci == nil {
+		status.Deprecation(ctx, "spec.source.url", "'spec.source.url' is deprecated and will be removed in the next API version bump. Use 'spec.source.git.url' instead")
+
+		if source.SecretRef != nil {
+			// Attempt to retrieve deprecated secret
+			err := loadCredentials(true, "", "", source.SecretRef.Name)
+			if err != nil {
+				return nil, err
+			}
+			status.Deprecation(ctx, "spec.source.secretRef", "the 'spec.source.secretRef' is deprecated and will be removed in the next API version bump.")
+		}
+
+		for _, c := range source.Credentials {
+			err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	return ret, nil
+}
+
+func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]ociRepoSecrets, error) {
+	if source == nil || source.Oci == nil {
+		return nil, nil
+	}
+
+	var ret []ociRepoSecrets
+
+	loadCredentials := func(deprecatedSecret bool, registry string, repo string, secretName string) error {
+		if repo == "" {
+			repo = "*"
+		}
+		var secret corev1.Secret
+		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
-			return nil, err
+			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
-		status.Deprecation(ctx, "spec.source.secretRef", "the 'spec.source.secretRef' is deprecated and will be removed in the next API version bump.")
+		ret = append(ret, ociRepoSecrets{
+			registry: registry,
+			repo:     repo,
+			secret:   secret,
+		})
+		return nil
 	}
 
-	for _, c := range source.Credentials {
-		err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+	for _, c := range source.Oci.Credentials {
+		err := loadCredentials(false, c.Registry, c.Repository, c.SecretRef.Name)
 		if err != nil {
 			return nil, err
 		}
@@ -71,7 +123,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 	return ret, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []repoSecrets) (*auth.GitAuthProviders, error) {
+func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []gitRepoSecrets) (*auth.GitAuthProviders, error) {
 	log := ctrl.LoggerFrom(ctx)
 	ga := auth.NewDefaultAuthProviders("KLUCTL_GIT", &messages.MessageCallbacks{
 		WarningFn: func(s string) {
@@ -119,7 +171,48 @@ func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret
 	return ga, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []repoSecrets) (string, error) {
+func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecrets []ociRepoSecrets) (*auth_provider.OciAuthProviders, error) {
+	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+
+	if len(ociSecrets) == 0 {
+		return ociAuthProvider, nil
+	}
+
+	var la auth_provider.ListAuthProvider
+	ociAuthProvider.RegisterAuthProvider(&la, false)
+
+	for _, secret := range ociSecrets {
+		e := auth_provider.AuthEntry{
+			Registry: secret.registry,
+			Repo:     secret.repo,
+		}
+
+		if x, ok := secret.secret.Data["username"]; ok {
+			e.AuthConfig.Username = string(x)
+		}
+		if x, ok := secret.secret.Data["password"]; ok {
+			e.AuthConfig.Password = string(x)
+		}
+		if x, ok := secret.secret.Data["auth"]; ok {
+			e.AuthConfig.Auth = string(x)
+		}
+		if x, ok := secret.secret.Data["identity_token"]; ok {
+			e.AuthConfig.IdentityToken = string(x)
+		}
+		if x, ok := secret.secret.Data["registry_token"]; ok {
+			e.AuthConfig.RegistryToken = string(x)
+		}
+		if x, ok := secret.secret.Data["insecure"]; ok {
+			x2 := string(x)
+			e.Insecure = utils.ParseBoolOrFalse(&x2)
+		}
+
+		la.AddEntry(e)
+	}
+	return ociAuthProvider, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildGitRepoCacheKey(secrets []gitRepoSecrets) (string, error) {
 	// make sure we use a unique repo cache per set of credentials
 	h := sha256.New()
 	if len(secrets) == 0 {
@@ -141,8 +234,30 @@ func (r *KluctlDeploymentReconciler) buildRepoCacheKey(secrets []repoSecrets) (s
 	return h2, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []repoSecrets) (*repocache.GitRepoCache, error) {
-	key, err := r.buildRepoCacheKey(secrets)
+func (r *KluctlDeploymentReconciler) buildOciRepoCacheKey(secrets []ociRepoSecrets) (string, error) {
+	// make sure we use a unique repo cache per set of credentials
+	h := sha256.New()
+	if len(secrets) == 0 {
+		h.Write([]byte("no-secret"))
+	} else {
+		m := json.NewEncoder(h)
+		for _, secret := range secrets {
+			err := m.Encode(map[string]any{
+				"registry": secret.registry,
+				"repo":     secret.repo,
+				"data":     secret.secret.Data,
+			})
+			if err != nil {
+				return "", err
+			}
+		}
+	}
+	h2 := hex.EncodeToString(h.Sum(nil))
+	return h2, nil
+}
+
+func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets) (*repocache.GitRepoCache, error) {
+	key, err := r.buildGitRepoCacheKey(secrets)
 	if err != nil {
 		return nil, err
 	}
@@ -164,8 +279,8 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 	return rc, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []repoSecrets) (*repocache.OciRepoCache, error) {
-	key, err := r.buildRepoCacheKey(secrets)
+func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets) (*repocache.OciRepoCache, error) {
+	key, err := r.buildOciRepoCacheKey(secrets)
 	if err != nil {
 		return nil, err
 	}
@@ -178,6 +293,11 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secr
 
 	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
 
-	rc := repocache.NewOciRepoCache(ctx, nil, 0)
+	ociAuthProvider, err := r.buildOciAuth(ctx, secrets)
+	if err != nil {
+		return nil, err
+	}
+
+	rc := repocache.NewOciRepoCache(ctx, ociAuthProvider, nil, 0)
 	return rc, nil
 }
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b2e9cb873..afd2799b8 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -191,7 +191,7 @@ func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
 		helmChartsDir = filepath.Join(di.Project.source.dir, ".helm-charts")
 	}
 
-	hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmCredentials)
+	hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmCredentials, di.ctx.OciAuthProvider)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 3a9d95974..85950107e 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
@@ -18,6 +19,7 @@ type SharedContext struct {
 	SopsDecrypter   *decryptor.Decryptor
 	VarsLoader      *vars.VarsLoader
 	HelmCredentials helm.HelmCredentialsProvider
+	OciAuthProvider auth_provider.OciAuthProvider
 
 	Discriminator                     string
 	RenderDir                         string
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 6710da2dd..6b5bad2c7 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -4,7 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/Masterminds/semver/v3"
-	"github.com/kluctl/kluctl/v2/pkg/registries"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -36,15 +37,18 @@ type Chart struct {
 	credentials   HelmCredentialsProvider
 	credentialsId string
 
+	ociAuthProvider auth_provider.OciAuthProvider
+
 	versions []string
 }
 
-func NewChart(repo string, localPath string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string, ociAuthProvider auth_provider.OciAuthProvider) (*Chart, error) {
 	hc := &Chart{
-		repo:          repo,
-		localPath:     localPath,
-		credentials:   credentialsProvider,
-		credentialsId: credentialsId,
+		repo:            repo,
+		localPath:       localPath,
+		credentials:     credentialsProvider,
+		credentialsId:   credentialsId,
+		ociAuthProvider: ociAuthProvider,
 	}
 
 	if localPath == "" && repo == "" {
@@ -184,7 +188,7 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 
 	if c.credentialsId != "" {
 		if registry.IsOCI(c.repo) {
-			return nil, fmt.Errorf("OCI charts can currently only be authenticated via registry login and not via cli arguments")
+			return nil, fmt.Errorf("OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments")
 		}
 		if c.credentials == nil {
 			return nil, fmt.Errorf("no credentials provider")
@@ -363,10 +367,18 @@ func (c *Chart) QueryVersions(ctx context.Context) error {
 }
 
 func (c *Chart) queryVersionsOci(ctx context.Context) error {
-	rh := registries.NewRegistryHelper(ctx)
+	var clientOpts []crane.Option
+	clientOpts = append(clientOpts, crane.WithContext(ctx))
+	if c.ociAuthProvider != nil {
+		auth, err := c.ociAuthProvider.Login(ctx, c.repo)
+		if err != nil {
+			return err
+		}
+		clientOpts = append(clientOpts, auth.BuildCraneOptions()...)
+	}
 
 	imageName := strings.TrimPrefix(c.repo, "oci://")
-	tags, err := rh.ListImageTags(imageName)
+	tags, err := crane.ListTags(imageName, clientOpts...)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 81af59b85..dff103547 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
 	"path/filepath"
 	"strings"
@@ -38,7 +39,7 @@ type Release struct {
 	baseChartsDir string
 }
 
-func NewRelease(projectRoot string, relDirInProject string, configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider) (*Release, error) {
+func NewRelease(projectRoot string, relDirInProject string, configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider, ociAuthProvider auth_provider.OciAuthProvider) (*Release, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
@@ -72,7 +73,7 @@ func NewRelease(projectRoot string, relDirInProject string, configFile string, b
 	if config.CredentialsId != nil {
 		credentialsId = *config.CredentialsId
 	}
-	chart, err := NewChart(config.Repo, localPath, config.ChartName, credentialsProvider, credentialsId)
+	chart, err := NewChart(config.Repo, localPath, config.ChartName, credentialsProvider, credentialsId, ociAuthProvider)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 38724b716..c6659c72d 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,6 +2,7 @@ package kluctl_project
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -22,6 +23,8 @@ type LoadKluctlProjectArgs struct {
 	GitRP *repocache.GitRepoCache
 	OciRP *repocache.OciRepoCache
 
+	OciAuthProvider auth_provider.OciAuthProvider
+
 	AddKeyServersFunc  func(ctx context.Context, d *decryptor.Decryptor) error
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
 }
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index b148e94e4..0fc4e9401 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -43,6 +44,7 @@ type TargetContextParams struct {
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
 	HelmCredentials    helm.HelmCredentialsProvider
+	OciAuthProvider    auth_provider.OciAuthProvider
 	RenderOutputDir    string
 }
 
@@ -121,6 +123,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		SopsDecrypter:                     sopsDecryptor,
 		VarsLoader:                        varsLoader,
 		HelmCredentials:                   params.HelmCredentials,
+		OciAuthProvider:                   params.OciAuthProvider,
 		Discriminator:                     target.Discriminator,
 		RenderDir:                         params.RenderOutputDir,
 		SealedSecretsDir:                  p.sealedSecretsDir,
diff --git a/pkg/oci/auth_provider/auth_provider.go b/pkg/oci/auth_provider/auth_provider.go
new file mode 100644
index 000000000..fcc228646
--- /dev/null
+++ b/pkg/oci/auth_provider/auth_provider.go
@@ -0,0 +1,67 @@
+package auth_provider
+
+import (
+	"context"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/hashicorp/go-multierror"
+)
+
+type OciAuthInfo struct {
+	Authenticator authn.Authenticator
+
+	Insecure bool
+}
+
+type OciAuthProvider interface {
+	Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error)
+}
+
+type OciAuthProviders struct {
+	authProviders []OciAuthProvider
+}
+
+func (a *OciAuthProviders) RegisterAuthProvider(p OciAuthProvider, last bool) {
+	if last {
+		a.authProviders = append(a.authProviders, p)
+	} else {
+		a.authProviders = append([]OciAuthProvider{p}, a.authProviders...)
+	}
+}
+
+func (a *OciAuthProviders) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+	var errs *multierror.Error
+	for _, p := range a.authProviders {
+		auth, err := p.Login(ctx, ociUrl)
+		if err != nil {
+			errs = multierror.Append(errs, err)
+			continue
+		}
+		if auth == nil {
+			continue
+		}
+		return auth, nil
+	}
+	return nil, errs.ErrorOrNil()
+}
+
+func NewDefaultAuthProviders(envPrefix string) *OciAuthProviders {
+	a := &OciAuthProviders{}
+	a.RegisterAuthProvider(&OciEnvAuthProvider{Prefix: envPrefix}, true)
+	a.RegisterAuthProvider(&OciDockerConfigAuthProvider{}, true)
+	return a
+}
+
+func (a *OciAuthInfo) BuildCraneOptions() []crane.Option {
+	var ret []crane.Option
+	if a == nil {
+		return ret
+	}
+	if a.Insecure {
+		ret = append(ret, crane.Insecure)
+	}
+	if a.Authenticator != nil {
+		ret = append(ret, crane.WithAuth(a.Authenticator))
+	}
+	return ret
+}
diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
new file mode 100644
index 000000000..f83b07484
--- /dev/null
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -0,0 +1,37 @@
+package auth_provider
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"strings"
+)
+
+type OciDockerConfigAuthProvider struct {
+}
+
+func (o OciDockerConfigAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+	if !strings.HasPrefix(ociUrl, "oci://") {
+		return nil, fmt.Errorf("invalid oci url: %s", ociUrl)
+	}
+
+	ociRef, err := name.ParseReference(strings.TrimPrefix(ociUrl, "oci://"))
+	if err != nil {
+		return nil, err
+	}
+
+	auth, err := authn.DefaultKeychain.Resolve(ociRef.Context())
+	status.Infof(ctx, "login ociRef=%s, auth=%v, err=%s", ociRef.String(), auth, err)
+	if err != nil {
+		return nil, err
+	}
+	if auth == authn.Anonymous {
+		return nil, nil
+	}
+
+	return &OciAuthInfo{
+		Authenticator: auth,
+	}, nil
+}
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
new file mode 100644
index 000000000..e10afe8c8
--- /dev/null
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -0,0 +1,80 @@
+package auth_provider
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"strconv"
+)
+
+type OciEnvAuthProvider struct {
+	Prefix string
+}
+
+func (a *OciEnvAuthProvider) isDefaultInsecure(ctx context.Context) bool {
+	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE", a.Prefix), false)
+	if err != nil {
+		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE: %s", a.Prefix, err)
+		return false
+	}
+	return defaultInsecure
+}
+
+func (a *OciEnvAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+	defaultInsecure := a.isDefaultInsecure(ctx)
+
+	var la ListAuthProvider
+
+	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
+		host := m["HOST"]
+		repo := m["REPOSITORY"]
+		if host == "" && repo == "" {
+			continue
+		}
+
+		if host == "" {
+			ociRef, err := name.ParseReference(repo)
+			if err != nil {
+				continue
+			}
+			host = ociRef.Context().RegistryStr()
+			repo = ociRef.Context().RepositoryStr()
+		} else if repo == "" {
+			repo = "*"
+		}
+		if host == "" {
+			continue
+		}
+
+		e := AuthEntry{
+			Registry: host,
+			Repo:     repo,
+			AuthConfig: authn.AuthConfig{
+				Username:      m["USERNAME"],
+				Password:      m["PASSWORD"],
+				Auth:          m["AUTH"],
+				IdentityToken: m["IDENTITY_TOKEN"],
+				RegistryToken: m["REGISTRY_TOKEN"],
+			},
+			Insecure: defaultInsecure,
+		}
+		if e.Registry == "" {
+			continue
+		}
+
+		insecureStr, ok := m["INSECURE"]
+		if ok {
+			insecure, err := strconv.ParseBool(insecureStr)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse INSECURE from env: %w", err)
+			}
+			e.Insecure = insecure
+		}
+
+		la.AddEntry(e)
+	}
+	return la.Login(ctx, ociUrl)
+}
diff --git a/pkg/oci/auth_provider/list_auth_provider.go b/pkg/oci/auth_provider/list_auth_provider.go
new file mode 100644
index 000000000..a19e1c675
--- /dev/null
+++ b/pkg/oci/auth_provider/list_auth_provider.go
@@ -0,0 +1,80 @@
+package auth_provider
+
+import (
+	"context"
+	"fmt"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"strings"
+)
+
+type ListAuthProvider struct {
+	entries []AuthEntry
+}
+
+type AuthEntry struct {
+	Registry string
+	Repo     string
+
+	AuthConfig authn.AuthConfig
+
+	Insecure bool
+}
+
+func (a *ListAuthProvider) AddEntry(e AuthEntry) {
+	a.entries = append(a.entries, e)
+}
+
+func splitRepo(repoIn string) (string, string) {
+	var org, repo string
+	s := strings.SplitN(repoIn, "/", 2)
+	if len(s) == 1 {
+		repo = s[0]
+	} else {
+		org = s[0]
+		repo = s[1]
+	}
+	return org, repo
+}
+
+func (a *ListAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+	status.Tracef(ctx, "ListAuthProvider: BuildAuth for %s", ociUrl)
+
+	if !strings.HasPrefix(ociUrl, "oci://") {
+		return nil, fmt.Errorf("invalid oci url: %s", ociUrl)
+	}
+
+	ociRef, err := name.ParseReference(strings.TrimPrefix(ociUrl, "oci://"))
+	if err != nil {
+		return nil, err
+	}
+
+	org, repo := splitRepo(ociRef.Context().RepositoryStr())
+
+	for _, e := range a.entries {
+		status.Tracef(ctx, "ListAuthProvider: try registry=%s, repo=%s", e.Registry, e.Repo)
+
+		if e.Registry != ociRef.Context().RegistryStr() {
+			continue
+		}
+
+		testOrg, testRepo := splitRepo(e.Repo)
+		if testOrg == "" {
+			testOrg = "*"
+		}
+
+		if testOrg != "*" && testOrg != org {
+			continue
+		}
+		if testRepo != "*" && testRepo != repo {
+			continue
+		}
+
+		return &OciAuthInfo{
+			Authenticator: authn.FromConfig(e.AuthConfig),
+			Insecure:      e.Insecure,
+		}, nil
+	}
+	return nil, nil
+}
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
deleted file mode 100644
index e8a9e41b8..000000000
--- a/pkg/registries/registries.go
+++ /dev/null
@@ -1,495 +0,0 @@
-package registries
-
-import (
-	"bufio"
-	"bytes"
-	"context"
-	"crypto/x509"
-	"fmt"
-	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/golang-jwt/jwt/v4"
-	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/google/go-containerregistry/pkg/v1/remote"
-	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/rogpeppe/go-internal/lockedfile"
-	"io"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-)
-
-type noAuthRetryError struct {
-	msg string
-}
-
-func (e *noAuthRetryError) Error() string {
-	return e.msg
-}
-
-type transportKeyType int
-
-var transportKey transportKeyType
-
-type RegistryHelper struct {
-	ctx context.Context
-
-	authEntries []AuthEntry
-
-	cachedTransports utils.ThreadSafeCache
-	cachedAuth       utils.ThreadSafeCache
-	cachedResponses  utils.ThreadSafeMultiCache
-	authRealms       map[string]bool
-	authErrors       map[string]bool
-	init             sync.Once
-	mutex            sync.Mutex
-}
-
-type AuthEntry struct {
-	Registry      string
-	Username      string
-	Password      string
-	Auth          string
-	CABundle      []byte
-	Insecure      bool
-	SkipTlsVerify bool
-}
-
-func NewRegistryHelper(ctx context.Context) *RegistryHelper {
-	return &RegistryHelper{
-		ctx: ctx,
-	}
-}
-
-func (rh *RegistryHelper) ListImageTags(image string) ([]string, error) {
-	var nameOpts []name.Option
-	repo, err := name.NewRepository(image, nameOpts...)
-	if err != nil {
-		return nil, err
-	}
-
-	t, err := rh.buildTransport(repo.RegistryStr())
-	if err != nil {
-		return nil, err
-	}
-
-	remoteOpts := []remote.Option{
-		remote.WithAuthFromKeychain(rh),
-		remote.WithTransport(rh),
-		remote.WithContext(context.WithValue(rh.ctx, transportKey, t)),
-	}
-
-	if rh.isInsecureRegistry(repo.RegistryStr()) {
-		nameOpts = append(nameOpts, name.Insecure)
-		repo, err = name.NewRepository(image, nameOpts...)
-	}
-
-	ret, err := remote.List(repo, remoteOpts...)
-	if e, ok := err.(*transport.Error); ok && (e.StatusCode == http.StatusUnauthorized || e.StatusCode == http.StatusForbidden) {
-		return nil, fmt.Errorf("failed to authenticate against image registry %s, "+
-			"please make sure that you provided credentials, e.g. via 'docker login' or via environment variables: %w", repo.Registry, err)
-	}
-	if e, ok := err.(*url.Error); ok {
-		if _, ok := e.Err.(*noAuthRetryError); ok {
-			// we explicitly ignore these errors as we assume that the original auth error is handled by another request
-			return nil, nil
-		}
-	}
-	return ret, err
-}
-
-func (rh *RegistryHelper) AddAuthEntry(e AuthEntry) {
-	rh.authEntries = append(rh.authEntries, e)
-}
-
-func (rh *RegistryHelper) isDefaultInsecure() bool {
-	defaultInsecure, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_INSECURE", false)
-	if err != nil {
-		status.Warningf(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_INSECURE: %s", err)
-		return false
-	}
-	return defaultInsecure
-}
-
-func (rh *RegistryHelper) isDefaultSkipTlsVerify() bool {
-	defaultTlsVerify, err := utils.ParseEnvBool("KLUCTL_REGISTRY_DEFAULT_TLSVERIFY", true)
-	if err != nil {
-		status.Warningf(rh.ctx, "Failed to parse KLUCTL_REGISTRY_DEFAULT_TLSVERIFY: %s", err)
-		return false
-	}
-	return !defaultTlsVerify
-}
-
-func (rh *RegistryHelper) isInsecureRegistry(registry string) bool {
-	e := rh.findAuthEntry(registry)
-	if e == nil {
-		return rh.isDefaultInsecure()
-	}
-	return e.Insecure
-}
-
-func (rh *RegistryHelper) isSkipTlsVerify(registry string) bool {
-	e := rh.findAuthEntry(registry)
-	if e == nil {
-		return rh.isDefaultSkipTlsVerify()
-	}
-	return e.SkipTlsVerify
-}
-
-func (rh *RegistryHelper) ParseAuthEntriesFromEnv() error {
-	defaultInsecure := rh.isDefaultInsecure()
-	defaultSkipTlsVerify := rh.isDefaultSkipTlsVerify()
-
-	for _, m := range utils.ParseEnvConfigSets("KLUCTL_REGISTRY") {
-		e := AuthEntry{
-			Registry:      m["HOST"],
-			Username:      m["USERNAME"],
-			Password:      m["PASSWORD"],
-			Auth:          m["AUTH"],
-			Insecure:      defaultInsecure,
-			SkipTlsVerify: defaultSkipTlsVerify,
-		}
-		if e.Registry == "" {
-			continue
-		}
-		insecureStr, ok := m["INSECURE"]
-		if ok {
-			insecure, err := strconv.ParseBool(insecureStr)
-			if err != nil {
-				return fmt.Errorf("failed to parse INSECURE from env: %w", err)
-			}
-			e.Insecure = insecure
-		}
-		tlsverifyStr, ok := m["TLSVERIFY"]
-		if ok {
-			tlsverify, err := strconv.ParseBool(tlsverifyStr)
-			if err != nil {
-				return fmt.Errorf("failed to parse TLSVERIFY from env: %w", err)
-			}
-			e.SkipTlsVerify = !tlsverify
-		}
-
-		ca_bundle_path := m["CA_BUNDLE"]
-		if ca_bundle_path != "" {
-			ca_bundle_path = utils.ExpandPath(ca_bundle_path)
-			b, err := os.ReadFile(ca_bundle_path)
-			if err != nil {
-				return fmt.Errorf("failed to read ca bundle %s: %w", ca_bundle_path, err)
-			} else {
-				e.CABundle = b
-			}
-		}
-
-		rh.AddAuthEntry(e)
-	}
-	return nil
-}
-
-func (rh *RegistryHelper) findAuthEntry(registry string) *AuthEntry {
-	for _, e := range rh.authEntries {
-		if e.Registry == "*" || e.Registry == registry {
-			return &e
-		}
-	}
-	return nil
-}
-
-func (rh *RegistryHelper) loadCA(registry string) (*x509.CertPool, error) {
-	e := rh.findAuthEntry(registry)
-	if e == nil || e.CABundle == nil {
-		return nil, nil
-	}
-
-	p := x509.NewCertPool()
-	if !p.AppendCertsFromPEM(e.CABundle) {
-		return nil, fmt.Errorf("failed to load CA for %s", registry)
-	}
-
-	return p, nil
-}
-
-func (rh *RegistryHelper) buildTransport(registry string) (http.RoundTripper, error) {
-	ret, err := rh.cachedTransports.Get(registry, func() (interface{}, error) {
-		skipTls := rh.isSkipTlsVerify(registry)
-
-		ca, err := rh.loadCA(registry)
-		if err != nil {
-			return nil, err
-		}
-		if ca == nil && !skipTls {
-			return remote.DefaultTransport, nil
-		}
-
-		httpTransport, ok := remote.DefaultTransport.(*http.Transport)
-		if !ok {
-			return nil, fmt.Errorf("remote.DefaultTransport is not a http.Transport anymore. Please report this to https://github.com/kluctl/kluctl")
-		}
-		t := httpTransport.Clone()
-
-		t.TLSClientConfig.RootCAs = ca
-		t.TLSClientConfig.InsecureSkipVerify = skipTls
-		return t, nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	return ret.(http.RoundTripper), nil
-}
-
-func (rh *RegistryHelper) getTransport(req *http.Request) http.RoundTripper {
-	t := req.Context().Value(transportKey).(http.RoundTripper)
-	return t
-}
-
-func (rh *RegistryHelper) doResolve(resource authn.Resource) (authn.Authenticator, error) {
-	e := rh.findAuthEntry(resource.RegistryStr())
-	if e != nil {
-		// only use credentials from entry if present, otherwise fallback to default keychain
-		// (which will also check ~/.docker/config.json)
-		if e.Username != "" || e.Auth != "" {
-			return authn.FromConfig(authn.AuthConfig{
-				Username: e.Username,
-				Password: e.Password,
-				Auth:     e.Auth,
-			}), nil
-		}
-	}
-
-	return authn.DefaultKeychain.Resolve(resource)
-}
-
-func (rh *RegistryHelper) Resolve(resource authn.Resource) (authn.Authenticator, error) {
-	registry := resource.RegistryStr()
-
-	ret, err := rh.cachedAuth.Get(registry, func() (interface{}, error) {
-		return rh.doResolve(resource)
-	})
-	if err != nil {
-		return nil, err
-	}
-	return ret.(authn.Authenticator), nil
-}
-
-func (rh *RegistryHelper) realmFromRequest(req *http.Request) string {
-	return fmt.Sprintf("%s://%s%s", req.URL.Scheme, req.URL.Host, req.URL.Path)
-}
-
-func (rh *RegistryHelper) getCachePath(key string) string {
-	return filepath.Join(utils.GetTmpBaseDir(rh.ctx), "registries-cache", key[0:2], key[2:4], key)
-}
-
-func (rh *RegistryHelper) checkInvalidToken(resBody []byte) bool {
-	j, err := uo.FromString(string(resBody))
-	if err != nil {
-		return false
-	}
-
-	tokenStr, ok, _ := j.GetNestedString("token")
-	if !ok {
-		return false
-	}
-
-	_, err = jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
-		return nil, nil
-	})
-	if err != nil {
-		if vErr, ok := err.(*jwt.ValidationError); ok {
-			if vErr.Errors & ^jwt.ValidationErrorSignatureInvalid == 0 {
-				// invalid signature errors are expected as we did not provide a key
-				return false
-			}
-		}
-		return true
-	}
-	return false
-}
-
-func (rh *RegistryHelper) readCachedResponse(key string) []byte {
-	cachePath := rh.getCachePath(key)
-	st, err := os.Stat(cachePath)
-
-	if err != nil {
-		return nil
-	}
-
-	if time.Now().Sub(st.ModTime()) > 55*time.Minute {
-		return nil
-	}
-
-	f, err := lockedfile.OpenFile(cachePath, os.O_RDONLY, 0)
-	if err != nil {
-		status.Warningf(rh.ctx, "readCachedResponse failed: %v", err)
-		return nil
-	}
-	b, err := io.ReadAll(f)
-	_ = f.Close()
-	if err != nil {
-		return nil
-	}
-
-	res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(b)), nil)
-	if err != nil {
-		status.Warningf(rh.ctx, "readCachedResponse failed: %v", err)
-		return nil
-	}
-
-	if strings.HasPrefix(res.Header.Get("Content-Type"), "application/json") {
-		jb, err := io.ReadAll(res.Body)
-		if err != nil {
-			return nil
-		}
-		if rh.checkInvalidToken(jb) {
-			return nil
-		}
-	}
-
-	return b
-}
-
-func (rh *RegistryHelper) writeCachedResponse(key string, data []byte) {
-	cachePath := rh.getCachePath(key)
-	cacheDir := filepath.Dir(cachePath)
-	if !utils.Exists(cacheDir) {
-		err := os.MkdirAll(cacheDir, 0o700)
-		if err != nil {
-			status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
-			return
-		}
-	}
-
-	f, err := lockedfile.OpenFile(cachePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
-	if err != nil {
-		status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
-		return
-	}
-	defer f.Close()
-
-	_, err = f.Write(data)
-	if err != nil {
-		status.Warningf(rh.ctx, "writeCachedResponse failed: %v", err)
-		return
-	}
-}
-
-func (rh *RegistryHelper) RoundTripCached(req *http.Request, extraKey string, onNew func(res *http.Response) error) (*http.Response, error) {
-	key := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n", req.URL.Scheme, req.URL.Host, req.Host, req.URL.Path, extraKey)
-	key = utils.Sha256String(key)
-
-	isNew := false
-	resI, err := rh.cachedResponses.Get(req.Host, key, func() (interface{}, error) {
-		isNew = true
-
-		b := rh.readCachedResponse(key)
-		if b == nil {
-			res, err := rh.getTransport(req).RoundTrip(req)
-			if err != nil {
-				return nil, err
-			}
-			b, err = httputil.DumpResponse(res, true)
-			if err != nil {
-				return nil, err
-			}
-
-			if res.StatusCode < 500 {
-				rh.writeCachedResponse(key, b)
-			}
-		}
-
-		return b, nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	resBytes, _ := resI.([]byte)
-
-	res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(resBytes)), req)
-	if err != nil {
-		return res, err
-	}
-
-	if isNew && onNew != nil {
-		err = onNew(res)
-		if err != nil {
-			return nil, err
-		}
-		res, _ = http.ReadResponse(bufio.NewReader(bytes.NewReader(resBytes)), req)
-	}
-
-	return res, err
-}
-
-func (rh *RegistryHelper) RoundTripInfoReq(req *http.Request) (*http.Response, error) {
-	return rh.RoundTripCached(req, "info", func(res *http.Response) error {
-		rh.mutex.Lock()
-		defer rh.mutex.Unlock()
-
-		chgs := challenge.ResponseChallenges(res)
-		for _, chg := range chgs {
-			if realm, ok := chg.Parameters["realm"]; ok {
-				rh.authRealms[realm] = true
-			}
-		}
-		return nil
-	})
-}
-
-func (rh *RegistryHelper) RoundTripAuth(req *http.Request) (*http.Response, error) {
-	b := bytes.NewBuffer(nil)
-	err := req.Header.Write(b)
-	if err != nil {
-		return nil, err
-	}
-
-	b.WriteString("\n" + req.URL.RawQuery)
-
-	hash := utils.Sha256String(b.String())
-
-	return rh.RoundTripCached(req, hash, func(res *http.Response) error {
-		rh.mutex.Lock()
-		defer rh.mutex.Unlock()
-
-		if res.StatusCode == http.StatusUnauthorized || res.StatusCode == http.StatusForbidden {
-			// if auth fails once for a registry, we must not retry any auth on that registry as we could easily run
-			// into an IP block
-			rh.authErrors[rh.realmFromRequest(req)] = true
-		}
-
-		return nil
-	})
-}
-
-func (rh *RegistryHelper) RoundTrip(req *http.Request) (*http.Response, error) {
-	rh.init.Do(func() {
-		rh.authRealms = make(map[string]bool)
-		rh.authErrors = make(map[string]bool)
-	})
-
-	if req.URL.Path == "/v2/" {
-		return rh.RoundTripInfoReq(req)
-	}
-
-	rh.mutex.Lock()
-	realm := rh.realmFromRequest(req)
-	_, isAuthRealm := rh.authRealms[realm]
-	_, isAuthError := rh.authErrors[realm]
-	rh.mutex.Unlock()
-
-	if isAuthError {
-		return nil, &noAuthRetryError{fmt.Sprintf("previous auth request for %s gave an error, we won't retry", realm)}
-	}
-
-	if isAuthRealm {
-		return rh.RoundTripAuth(req)
-	}
-
-	return rh.getTransport(req).RoundTrip(req)
-}
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 4977d8f6f..cca9bfcb6 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -23,6 +25,8 @@ type OciRepoCache struct {
 	ctx            context.Context
 	updateInterval time.Duration
 
+	ociAuthProvider auth_provider.OciAuthProvider
+
 	repos      map[types.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
@@ -43,12 +47,13 @@ type OciCacheEntry struct {
 	overridePath string
 }
 
-func NewOciRepoCache(ctx context.Context, repoOverrides []RepoOverride, updateInterval time.Duration) *OciRepoCache {
+func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthProvider, repoOverrides []RepoOverride, updateInterval time.Duration) *OciRepoCache {
 	return &OciRepoCache{
-		ctx:            ctx,
-		updateInterval: updateInterval,
-		repos:          map[types.RepoKey]*OciCacheEntry{},
-		repoOverrides:  repoOverrides,
+		ctx:             ctx,
+		updateInterval:  updateInterval,
+		ociAuthProvider: ociAuthProvider,
+		repos:           map[types.RepoKey]*OciCacheEntry{},
+		repoOverrides:   repoOverrides,
 	}
 }
 
@@ -118,7 +123,16 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 	rp.cleanupDirs = append(rp.cleanupDirs, ociCacheDir)
 	rp.cleanupDirsMutex.Unlock()
 
-	ociClient := client.NewClient(nil)
+	var clientOpts []crane.Option
+	if rp.ociAuthProvider != nil {
+		auth, err := rp.ociAuthProvider.Login(rp.ctx, urlN.String())
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, auth.BuildCraneOptions()...)
+	}
+
+	ociClient := client.NewClient(clientOpts)
 
 	e = &OciCacheEntry{
 		rp:          rp,

From 1087c3c366261c2405430a725ba82164ce387710 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 09:31:49 +0200
Subject: [PATCH 1687/2268] tests: Fix helm tests

---
 e2e/helm_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 58ac33885..bf1a7c684 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -118,7 +118,7 @@ func TestHelmPull(t *testing.T) {
 		{name: "oci", oci: true},
 		{name: "oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
 			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:secret-password"},
-			expectedError: "OCI charts can currently only be authenticated via registry login and not via cli arguments"},
+			expectedError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments"},
 	}
 
 	for _, tc := range tests {

From 2c1838a36549584d5938b96196f58a2840b5c1e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 10:43:52 +0200
Subject: [PATCH 1688/2268] feat: Move credentials into dedicated field

---
 api/v1beta1/kluctldeployment_types.go         |  42 ++-
 api/v1beta1/zz_generated.deepcopy.go          | 102 +++---
 .../gitops.kluctl.io_kluctldeployments.yaml   | 158 +++++-----
 docs/gitops/api/kluctl-controller.md          | 298 ++++++++++--------
 e2e/gitops_git_include_test.go                |  10 +-
 e2e/gitops_oci_include_test.go                |   8 +-
 install/controller/controller/crd.yaml        | 158 +++++-----
 pkg/controllers/kluctl_project.go             |   4 +-
 .../kluctldeployment_controller_source.go     |  44 +--
 9 files changed, 447 insertions(+), 377 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 569dde688..68a84dd7b 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -43,6 +43,10 @@ type KluctlDeploymentSpec struct {
 	// Specifies the project source location
 	Source ProjectSource `json:"source"`
 
+	// Credentials specifies the credentials used when pulling sources
+	// +optional
+	Credentials ProjectCredentials `json:"credentials,omitempty"`
+
 	// Decrypt Kubernetes secrets before applying them on the cluster.
 	// +optional
 	Decryption *Decryption `json:"decryption,omitempty"`
@@ -244,36 +248,37 @@ type ProjectSource struct {
 	Oci *ProjectSourceOci `json:"oci,omitempty"`
 
 	// Url specifies the Git url where the project source is located
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.url instead.
 	// +optional
 	URL *types.GitUrl `json:"url,omitempty"`
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.ref instead.
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.ref instead.
 	// +optional
 	Ref *types.GitRef `json:"ref,omitempty"`
 
 	// Path specifies the sub-directory to be used as project directory
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.path instead.
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.path instead.
 	// +optional
 	Path string `json:"path,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
 	// See ProjectSourceCredentials.SecretRef for details
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git
 	// instead.
 	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
-	// Use Credentials with a proper Host field instead.
+	// Use spec.credentials.git with a proper Host field instead.
 	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
 
 	// Credentials specifies a list of secrets with credentials
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.
+	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git instead.
 	// +optional
-	Credentials []ProjectSourceGitCredentials `json:"credentials,omitempty"`
+	Credentials []ProjectCredentialsGit `json:"credentials,omitempty"`
 }
 
 type ProjectSourceGit struct {
-	// Url specifies the Git url where the project source is located
+	// URL specifies the Git url where the project source is located. If the given Git repository needs authentication,
+	// use spec.credentials.git to specify those.
 	// +required
 	URL types.GitUrl `json:"url"`
 
@@ -284,14 +289,11 @@ type ProjectSourceGit struct {
 	// Path specifies the sub-directory to be used as project directory
 	// +optional
 	Path string `json:"path,omitempty"`
-
-	// Credentials specifies a list of secrets with credentials
-	// +optional
-	Credentials []ProjectSourceGitCredentials `json:"credentials,omitempty"`
 }
 
 type ProjectSourceOci struct {
-	// Url specifies the Git url where the project source is located
+	// Url specifies the Git url where the project source is located. If the given OCI repository needs authentication,
+	// use spec.credentials.oci to specify those.
 	// +required
 	URL string `json:"url"`
 
@@ -302,13 +304,19 @@ type ProjectSourceOci struct {
 	// Path specifies the sub-directory to be used as project directory
 	// +optional
 	Path string `json:"path,omitempty"`
+}
 
-	// Credentials specifies a list of secrets with credentials
+type ProjectCredentials struct {
+	// Git specifies a list of git credentials
+	// +optional
+	Git []ProjectCredentialsGit `json:"git,omitempty"`
+
+	// Oci specifies a list of OCI credentials
 	// +optional
-	Credentials []ProjectSourceOciCredentials `json:"credentials,omitempty"`
+	Oci []ProjectCredentialsOci `json:"oci,omitempty"`
 }
 
-type ProjectSourceGitCredentials struct {
+type ProjectCredentialsGit struct {
 	// Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
 	// applies to all hosts.
 	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
@@ -331,7 +339,7 @@ type ProjectSourceGitCredentials struct {
 	SecretRef LocalObjectReference `json:"secretRef"`
 }
 
-type ProjectSourceOciCredentials struct {
+type ProjectCredentialsOci struct {
 	// Registry specifies the hostname that this secret applies to.
 	// +required
 	Registry string `json:"registry,omitempty"`
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index e0df5ef78..ab029f08b 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -126,6 +126,7 @@ func (in *KluctlDeploymentList) DeepCopyObject() runtime.Object {
 func (in *KluctlDeploymentSpec) DeepCopyInto(out *KluctlDeploymentSpec) {
 	*out = *in
 	in.Source.DeepCopyInto(&out.Source)
+	in.Credentials.DeepCopyInto(&out.Credentials)
 	if in.Decryption != nil {
 		in, out := &in.Decryption, &out.Decryption
 		*out = new(Decryption)
@@ -309,6 +310,63 @@ func (in *LocalObjectReference) DeepCopy() *LocalObjectReference {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectCredentials) DeepCopyInto(out *ProjectCredentials) {
+	*out = *in
+	if in.Git != nil {
+		in, out := &in.Git, &out.Git
+		*out = make([]ProjectCredentialsGit, len(*in))
+		copy(*out, *in)
+	}
+	if in.Oci != nil {
+		in, out := &in.Oci, &out.Oci
+		*out = make([]ProjectCredentialsOci, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentials.
+func (in *ProjectCredentials) DeepCopy() *ProjectCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectCredentialsGit) DeepCopyInto(out *ProjectCredentialsGit) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentialsGit.
+func (in *ProjectCredentialsGit) DeepCopy() *ProjectCredentialsGit {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectCredentialsGit)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectCredentialsOci) DeepCopyInto(out *ProjectCredentialsOci) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentialsOci.
+func (in *ProjectCredentialsOci) DeepCopy() *ProjectCredentialsOci {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectCredentialsOci)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	*out = *in
@@ -338,7 +396,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceGitCredentials, len(*in))
+		*out = make([]ProjectCredentialsGit, len(*in))
 		copy(*out, *in)
 	}
 }
@@ -362,11 +420,6 @@ func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
 		*out = new(types.GitRef)
 		**out = **in
 	}
-	if in.Credentials != nil {
-		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceGitCredentials, len(*in))
-		copy(*out, *in)
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceGit.
@@ -379,22 +432,6 @@ func (in *ProjectSourceGit) DeepCopy() *ProjectSourceGit {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectSourceGitCredentials) DeepCopyInto(out *ProjectSourceGitCredentials) {
-	*out = *in
-	out.SecretRef = in.SecretRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceGitCredentials.
-func (in *ProjectSourceGitCredentials) DeepCopy() *ProjectSourceGitCredentials {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectSourceGitCredentials)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSourceOci) DeepCopyInto(out *ProjectSourceOci) {
 	*out = *in
@@ -403,11 +440,6 @@ func (in *ProjectSourceOci) DeepCopyInto(out *ProjectSourceOci) {
 		*out = new(types.OciRef)
 		**out = **in
 	}
-	if in.Credentials != nil {
-		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectSourceOciCredentials, len(*in))
-		copy(*out, *in)
-	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceOci.
@@ -420,22 +452,6 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectSourceOciCredentials) DeepCopyInto(out *ProjectSourceOciCredentials) {
-	*out = *in
-	out.SecretRef = in.SecretRef
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSourceOciCredentials.
-func (in *ProjectSourceOciCredentials) DeepCopy() *ProjectSourceOciCredentials {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectSourceOciCredentials)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
 	*out = *in
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 67438302f..894b0a38b 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -67,6 +67,74 @@ spec:
                   will effectively make kluctl ignore the context specified in the
                   target.
                 type: string
+              credentials:
+                description: Credentials specifies the credentials used when pulling
+                  sources
+                properties:
+                  git:
+                    description: Git specifies a list of git credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this secret
+                            applies to. If set to '*', this set of credentials applies
+                            to all hosts. Using '*' for http(s) based repositories
+                            is not supported, meaning that such credentials sets will
+                            be ignored. You must always set a proper hostname in that
+                            case.
+                          type: string
+                        pathPrefix:
+                          description: PathPrefix specified the path prefix to be
+                            used to filter source urls. Only urls that have this prefix
+                            will use this set of credentials.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the git repository. For HTTPS git repositories
+                            the Secret must contain 'username' and 'password' fields.
+                            For SSH git repositories the Secret must contain 'identity'
+                            and 'known_hosts' fields.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
+                  oci:
+                    description: Oci specifies a list of OCI credentials
+                    items:
+                      properties:
+                        registry:
+                          description: Registry specifies the hostname that this secret
+                            applies to.
+                          type: string
+                        repository:
+                          description: Repository specifies the org and repo name
+                            in the format 'org-name/repo-name'. Both 'org-name' and
+                            'repo-name' can be specified as '*', meaning that all
+                            names are matched.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the oci repository. The secret must contain
+                            'username' and 'password'.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
+                type: object
               decryption:
                 description: Decrypt Kubernetes secrets before applying them on the
                   cluster.
@@ -314,7 +382,7 @@ spec:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use git.credentials instead.
+                      future version of the controller. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
@@ -350,42 +418,6 @@ spec:
                   git:
                     description: Git specifies a git repository as project source
                     properties:
-                      credentials:
-                        description: Credentials specifies a list of secrets with
-                          credentials
-                        items:
-                          properties:
-                            host:
-                              description: Host specifies the hostname that this secret
-                                applies to. If set to '*', this set of credentials
-                                applies to all hosts. Using '*' for http(s) based
-                                repositories is not supported, meaning that such credentials
-                                sets will be ignored. You must always set a proper
-                                hostname in that case.
-                              type: string
-                            pathPrefix:
-                              description: PathPrefix specified the path prefix to
-                                be used to filter source urls. Only urls that have
-                                this prefix will use this set of credentials.
-                              type: string
-                            secretRef:
-                              description: SecretRef specifies the Secret containing
-                                authentication credentials for the git repository.
-                                For HTTPS git repositories the Secret must contain
-                                'username' and 'password' fields. For SSH git repositories
-                                the Secret must contain 'identity' and 'known_hosts'
-                                fields.
-                              properties:
-                                name:
-                                  description: Name of the referent.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                          required:
-                          - secretRef
-                          type: object
-                        type: array
                       path:
                         description: Path specifies the sub-directory to be used as
                           project directory
@@ -406,8 +438,9 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: Url specifies the Git url where the project source
-                          is located
+                        description: URL specifies the Git url where the project source
+                          is located. If the given Git repository needs authentication,
+                          use spec.credentials.git to specify those.
                         type: string
                     required:
                     - url
@@ -415,36 +448,6 @@ spec:
                   oci:
                     description: Oci specifies an OCI repository as project source
                     properties:
-                      credentials:
-                        description: Credentials specifies a list of secrets with
-                          credentials
-                        items:
-                          properties:
-                            registry:
-                              description: Registry specifies the hostname that this
-                                secret applies to.
-                              type: string
-                            repository:
-                              description: Repository specifies the org and repo name
-                                in the format 'org-name/repo-name'. Both 'org-name'
-                                and 'repo-name' can be specified as '*', meaning that
-                                all names are matched.
-                              type: string
-                            secretRef:
-                              description: SecretRef specifies the Secret containing
-                                authentication credentials for the oci repository.
-                                The secret must contain 'username' and 'password'.
-                              properties:
-                                name:
-                                  description: Name of the referent.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                          required:
-                          - secretRef
-                          type: object
-                        type: array
                       path:
                         description: Path specifies the sub-directory to be used as
                           project directory
@@ -465,7 +468,8 @@ spec:
                         type: object
                       url:
                         description: Url specifies the Git url where the project source
-                          is located
+                          is located. If the given OCI repository needs authentication,
+                          use spec.credentials.oci to specify those.
                         type: string
                     required:
                     - url
@@ -473,13 +477,13 @@ spec:
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use git.path instead.
+                      in a future version of the controller. Use spec.git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use git.ref instead.
+                      future version of the controller. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -495,10 +499,10 @@ spec:
                     description: SecretRef specifies the Secret containing authentication
                       credentials for See ProjectSourceCredentials.SecretRef for details
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use Credentials instead. WARNING
-                      using this field causes the controller to pass http basic auth
-                      credentials to ALL repositories involved. Use Credentials with
-                      a proper Host field instead.
+                      future version of the controller. Use spec.credentials.git instead.
+                      WARNING using this field causes the controller to pass http
+                      basic auth credentials to ALL repositories involved. Use spec.credentials.git
+                      with a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -509,7 +513,7 @@ spec:
                   url:
                     description: Url specifies the Git url where the project source
                       is located DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use git.url instead.
+                      in a future version of the controller. Use spec.git.url instead.
                     type: string
                 type: object
               suspend:
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 16a233956..1e2f6828d 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -166,6 +166,20 @@ ProjectSource
 </tr>
 <tr>
 <td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">
+ProjectCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies the credentials used when pulling sources</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>decryption</code><br>
 <em>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">
@@ -637,6 +651,20 @@ ProjectSource
 </tr>
 <tr>
 <td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">
+ProjectCredentials
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies the credentials used when pulling sources</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>decryption</code><br>
 <em>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">
@@ -1350,9 +1378,9 @@ the KluctlDeployment.</p>
 (<em>Appears on:</em>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">ProjectSourceGitCredentials</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">ProjectSourceOciCredentials</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">ProjectCredentialsGit</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsOci">ProjectCredentialsOci</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1379,7 +1407,7 @@ string
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource
+<h3 id="gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials
 </h3>
 <p>
 (<em>Appears on:</em>
@@ -1399,67 +1427,76 @@ string
 <td>
 <code>git</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">
-ProjectSourceGit
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">
+[]ProjectCredentialsGit
 </a>
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Git specifies a git repository as project source</p>
+<p>Git specifies a list of git credentials</p>
 </td>
 </tr>
 <tr>
 <td>
 <code>oci</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">
-ProjectSourceOci
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsOci">
+[]ProjectCredentialsOci
 </a>
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Oci specifies an OCI repository as project source</p>
+<p>Oci specifies a list of OCI credentials</p>
 </td>
 </tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectCredentialsGit">ProjectCredentialsGit
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
 <tr>
-<td>
-<code>url</code><br>
-<em>
-github.com/kluctl/kluctl/v2/pkg/types.GitUrl
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Url specifies the Git url where the project source is located
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.url instead.</p>
-</td>
+<th>Field</th>
+<th>Description</th>
 </tr>
+</thead>
+<tbody>
 <tr>
 <td>
-<code>ref</code><br>
+<code>host</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitRef
+string
 </em>
 </td>
 <td>
-<em>(Optional)</em>
-<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.ref instead.</p>
+<p>Host specifies the hostname that this secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
+applies to all hosts.
+Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+You must always set a proper hostname in that case.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>path</code><br>
+<code>pathPrefix</code><br>
 <em>
 string
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Path specifies the sub-directory to be used as project directory
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.path instead.</p>
+<p>PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
+this set of credentials.</p>
 </td>
 </tr>
 <tr>
@@ -1473,37 +1510,22 @@ LocalObjectReference
 </td>
 <td>
 <p>SecretRef specifies the Secret containing authentication credentials for
-See ProjectSourceCredentials.SecretRef for details
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use Credentials
-instead.
-WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
-Use Credentials with a proper Host field instead.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>credentials</code><br>
-<em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">
-[]ProjectSourceGitCredentials
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Credentials specifies a list of secrets with credentials
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use git.credentials instead.</p>
+the git repository.
+For HTTPS git repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
+fields.
+For SSH git repositories the Secret must contain &lsquo;identity&rsquo;
+and &lsquo;known_hosts&rsquo; fields.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit
+<h3 id="gitops.kluctl.io/v1beta1.ProjectCredentialsOci">ProjectCredentialsOci
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1517,63 +1539,52 @@ DEPRECATED this field is deprecated and will be removed in a future version of t
 <tbody>
 <tr>
 <td>
-<code>url</code><br>
-<em>
-github.com/kluctl/kluctl/v2/pkg/types.GitUrl
-</em>
-</td>
-<td>
-<p>Url specifies the Git url where the project source is located</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>ref</code><br>
+<code>registry</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitRef
+string
 </em>
 </td>
 <td>
-<em>(Optional)</em>
-<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.</p>
+<p>Registry specifies the hostname that this secret applies to.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>path</code><br>
+<code>repository</code><br>
 <em>
 string
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Path specifies the sub-directory to be used as project directory</p>
+<p>Repository specifies the org and repo name in the format &lsquo;org-name/repo-name&rsquo;.
+Both &lsquo;org-name&rsquo; and &lsquo;repo-name&rsquo; can be specified as &lsquo;*&rsquo;, meaning that all names are matched.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>credentials</code><br>
+<code>secretRef</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">
-[]ProjectSourceGitCredentials
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
 </a>
 </em>
 </td>
 <td>
-<em>(Optional)</em>
-<p>Credentials specifies a list of secrets with credentials</p>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the oci repository.
+The secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGitCredentials">ProjectSourceGitCredentials
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>, 
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit</a>)
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1587,29 +1598,69 @@ string
 <tbody>
 <tr>
 <td>
-<code>host</code><br>
+<code>git</code><br>
 <em>
-string
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceGit">
+ProjectSourceGit
+</a>
 </em>
 </td>
 <td>
-<p>Host specifies the hostname that this secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
-applies to all hosts.
-Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
-You must always set a proper hostname in that case.</p>
+<em>(Optional)</em>
+<p>Git specifies a git repository as project source</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>pathPrefix</code><br>
+<code>oci</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">
+ProjectSourceOci
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Oci specifies an OCI repository as project source</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Url specifies the Git url where the project source is located
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.url instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>ref</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.GitRef
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.ref instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
 <em>
 string
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
-this set of credentials.</p>
+<p>Path specifies the sub-directory to be used as project directory
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.path instead.</p>
 </td>
 </tr>
 <tr>
@@ -1623,18 +1674,33 @@ LocalObjectReference
 </td>
 <td>
 <p>SecretRef specifies the Secret containing authentication credentials for
-the git repository.
-For HTTPS git repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
-fields.
-For SSH git repositories the Secret must contain &lsquo;identity&rsquo;
-and &lsquo;known_hosts&rsquo; fields.</p>
+See ProjectSourceCredentials.SecretRef for details
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git
+instead.
+WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+Use spec.credentials.git with a proper Host field instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>credentials</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">
+[]ProjectCredentialsGit
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Credentials specifies a list of secrets with credentials
+DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git instead.</p>
 </td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceGit">ProjectSourceGit
 </h3>
 <p>
 (<em>Appears on:</em>
@@ -1654,23 +1720,24 @@ and &lsquo;known_hosts&rsquo; fields.</p>
 <td>
 <code>url</code><br>
 <em>
-string
+github.com/kluctl/kluctl/v2/pkg/types.GitUrl
 </em>
 </td>
 <td>
-<p>Url specifies the Git url where the project source is located</p>
+<p>URL specifies the Git url where the project source is located. If the given Git repository needs authentication,
+use spec.credentials.git to specify those.</p>
 </td>
 </tr>
 <tr>
 <td>
 <code>ref</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.OciRef
+github.com/kluctl/kluctl/v2/pkg/types.GitRef
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Ref specifies the tag to be used. If omitted, the &ldquo;latest&rdquo; tag is used.</p>
+<p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.</p>
 </td>
 </tr>
 <tr>
@@ -1685,29 +1752,15 @@ string
 <p>Path specifies the sub-directory to be used as project directory</p>
 </td>
 </tr>
-<tr>
-<td>
-<code>credentials</code><br>
-<em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">
-[]ProjectSourceOciCredentials
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>Credentials specifies a list of secrets with credentials</p>
-</td>
-</tr>
 </tbody>
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOciCredentials">ProjectSourceOciCredentials
+<h3 id="gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectSourceOci">ProjectSourceOci</a>)
+<a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
 </p>
 <div class="md-typeset__scrollwrap">
 <div class="md-typeset__table">
@@ -1721,41 +1774,38 @@ string
 <tbody>
 <tr>
 <td>
-<code>registry</code><br>
+<code>url</code><br>
 <em>
 string
 </em>
 </td>
 <td>
-<p>Registry specifies the hostname that this secret applies to.</p>
+<p>Url specifies the Git url where the project source is located. If the given OCI repository needs authentication,
+use spec.credentials.oci to specify those.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>repository</code><br>
+<code>ref</code><br>
 <em>
-string
+github.com/kluctl/kluctl/v2/pkg/types.OciRef
 </em>
 </td>
 <td>
 <em>(Optional)</em>
-<p>Repository specifies the org and repo name in the format &lsquo;org-name/repo-name&rsquo;.
-Both &lsquo;org-name&rsquo; and &lsquo;repo-name&rsquo; can be specified as &lsquo;*&rsquo;, meaning that all names are matched.</p>
+<p>Ref specifies the tag to be used. If omitted, the &ldquo;latest&rdquo; tag is used.</p>
 </td>
 </tr>
 <tr>
 <td>
-<code>secretRef</code><br>
+<code>path</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
-LocalObjectReference
-</a>
+string
 </em>
 </td>
 <td>
-<p>SecretRef specifies the Secret containing authentication credentials for
-the oci repository.
-The secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;.</p>
+<em>(Optional)</em>
+<p>Path specifies the sub-directory to be used as project directory</p>
 </td>
 </tr>
 </tbody>
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 5861075d2..ac636147a 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -132,19 +132,19 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	var credentials []v1beta1.ProjectSourceGitCredentials
+	var credentials []v1beta1.ProjectCredentialsGit
 
-	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
+	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:       gs1.GitHost(),
 		PathPrefix: ip1.GitRepoName(),
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
 	})
-	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
+	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:      mainGs.GitHost(),
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
 	// make sure this one is ignored for http based urls
-	credentials = append(credentials, v1beta1.ProjectSourceGitCredentials{
+	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:      "*",
 		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
 	})
@@ -152,7 +152,7 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 	if legacyGitSource {
 		kd.Spec.Source.Credentials = credentials
 	} else {
-		kd.Spec.Source.Git.Credentials = credentials
+		kd.Spec.Credentials.Git = credentials
 	}
 
 	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index b6bbde83c..e4dcb72cb 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -103,22 +103,22 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
 		Registry:   ociUrl0.Host,
 		Repository: "org0/repo0",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret0"},
 	})
-	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
 		Registry:   ociUrl1.Host,
 		Repository: "org1/repo1",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret1"},
 	})
-	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
 		Registry:   ociUrl2.Host,
 		Repository: "*/repo2",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
 	})
-	kd.Spec.Source.Oci.Credentials = append(kd.Spec.Source.Oci.Credentials, v1beta1.ProjectSourceOciCredentials{
+	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
 		Registry:   ociUrl3.Host,
 		Repository: "org3/*",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret3"},
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 3498fe1f2..b1c573784 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -67,6 +67,74 @@ spec:
                   will effectively make kluctl ignore the context specified in the
                   target.
                 type: string
+              credentials:
+                description: Credentials specifies the credentials used when pulling
+                  sources
+                properties:
+                  git:
+                    description: Git specifies a list of git credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this secret
+                            applies to. If set to '*', this set of credentials applies
+                            to all hosts. Using '*' for http(s) based repositories
+                            is not supported, meaning that such credentials sets will
+                            be ignored. You must always set a proper hostname in that
+                            case.
+                          type: string
+                        pathPrefix:
+                          description: PathPrefix specified the path prefix to be
+                            used to filter source urls. Only urls that have this prefix
+                            will use this set of credentials.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the git repository. For HTTPS git repositories
+                            the Secret must contain 'username' and 'password' fields.
+                            For SSH git repositories the Secret must contain 'identity'
+                            and 'known_hosts' fields.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
+                  oci:
+                    description: Oci specifies a list of OCI credentials
+                    items:
+                      properties:
+                        registry:
+                          description: Registry specifies the hostname that this secret
+                            applies to.
+                          type: string
+                        repository:
+                          description: Repository specifies the org and repo name
+                            in the format 'org-name/repo-name'. Both 'org-name' and
+                            'repo-name' can be specified as '*', meaning that all
+                            names are matched.
+                          type: string
+                        secretRef:
+                          description: SecretRef specifies the Secret containing authentication
+                            credentials for the oci repository. The secret must contain
+                            'username' and 'password'.
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - secretRef
+                      type: object
+                    type: array
+                type: object
               decryption:
                 description: Decrypt Kubernetes secrets before applying them on the
                   cluster.
@@ -314,7 +382,7 @@ spec:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use git.credentials instead.
+                      future version of the controller. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
@@ -350,42 +418,6 @@ spec:
                   git:
                     description: Git specifies a git repository as project source
                     properties:
-                      credentials:
-                        description: Credentials specifies a list of secrets with
-                          credentials
-                        items:
-                          properties:
-                            host:
-                              description: Host specifies the hostname that this secret
-                                applies to. If set to '*', this set of credentials
-                                applies to all hosts. Using '*' for http(s) based
-                                repositories is not supported, meaning that such credentials
-                                sets will be ignored. You must always set a proper
-                                hostname in that case.
-                              type: string
-                            pathPrefix:
-                              description: PathPrefix specified the path prefix to
-                                be used to filter source urls. Only urls that have
-                                this prefix will use this set of credentials.
-                              type: string
-                            secretRef:
-                              description: SecretRef specifies the Secret containing
-                                authentication credentials for the git repository.
-                                For HTTPS git repositories the Secret must contain
-                                'username' and 'password' fields. For SSH git repositories
-                                the Secret must contain 'identity' and 'known_hosts'
-                                fields.
-                              properties:
-                                name:
-                                  description: Name of the referent.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                          required:
-                          - secretRef
-                          type: object
-                        type: array
                       path:
                         description: Path specifies the sub-directory to be used as
                           project directory
@@ -406,8 +438,9 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: Url specifies the Git url where the project source
-                          is located
+                        description: URL specifies the Git url where the project source
+                          is located. If the given Git repository needs authentication,
+                          use spec.credentials.git to specify those.
                         type: string
                     required:
                     - url
@@ -415,36 +448,6 @@ spec:
                   oci:
                     description: Oci specifies an OCI repository as project source
                     properties:
-                      credentials:
-                        description: Credentials specifies a list of secrets with
-                          credentials
-                        items:
-                          properties:
-                            registry:
-                              description: Registry specifies the hostname that this
-                                secret applies to.
-                              type: string
-                            repository:
-                              description: Repository specifies the org and repo name
-                                in the format 'org-name/repo-name'. Both 'org-name'
-                                and 'repo-name' can be specified as '*', meaning that
-                                all names are matched.
-                              type: string
-                            secretRef:
-                              description: SecretRef specifies the Secret containing
-                                authentication credentials for the oci repository.
-                                The secret must contain 'username' and 'password'.
-                              properties:
-                                name:
-                                  description: Name of the referent.
-                                  type: string
-                              required:
-                              - name
-                              type: object
-                          required:
-                          - secretRef
-                          type: object
-                        type: array
                       path:
                         description: Path specifies the sub-directory to be used as
                           project directory
@@ -465,7 +468,8 @@ spec:
                         type: object
                       url:
                         description: Url specifies the Git url where the project source
-                          is located
+                          is located. If the given OCI repository needs authentication,
+                          use spec.credentials.oci to specify those.
                         type: string
                     required:
                     - url
@@ -473,13 +477,13 @@ spec:
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use git.path instead.
+                      in a future version of the controller. Use spec.git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use git.ref instead.
+                      future version of the controller. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -495,10 +499,10 @@ spec:
                     description: SecretRef specifies the Secret containing authentication
                       credentials for See ProjectSourceCredentials.SecretRef for details
                       DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use Credentials instead. WARNING
-                      using this field causes the controller to pass http basic auth
-                      credentials to ALL repositories involved. Use Credentials with
-                      a proper Host field instead.
+                      future version of the controller. Use spec.credentials.git instead.
+                      WARNING using this field causes the controller to pass http
+                      basic auth credentials to ALL repositories involved. Use spec.credentials.git
+                      with a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -509,7 +513,7 @@ spec:
                   url:
                     description: Url specifies the Git url where the project source
                       is located DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use git.url instead.
+                      in a future version of the controller. Use spec.git.url instead.
                     type: string
                 type: object
               suspend:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index a8da589d4..8a36928e5 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -86,12 +86,12 @@ func prepareProject(ctx context.Context,
 
 	pp.tmpDir = tmpDir
 
-	gitSecrets, err := r.getGitSecrets(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
+	gitSecrets, err := r.getGitSecrets(ctx, pp.obj.Spec.Source, pp.obj.Spec.Credentials, obj.GetNamespace())
 	if err != nil {
 		return nil, err
 	}
 
-	ociSecrets, err := r.getOciSecrets(ctx, &pp.obj.Spec.Source, obj.GetNamespace())
+	ociSecrets, err := r.getOciSecrets(ctx, pp.obj.Spec.Credentials, obj.GetNamespace())
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index d64eaa4b4..fb27e6e11 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -34,11 +34,7 @@ type ociRepoSecrets struct {
 	secret   corev1.Secret
 }
 
-func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]gitRepoSecrets, error) {
-	if source == nil {
-		return nil, nil
-	}
-
+func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source kluctlv1.ProjectSource, credentials kluctlv1.ProjectCredentials, objNs string) ([]gitRepoSecrets, error) {
 	var ret []gitRepoSecrets
 
 	loadCredentials := func(deprecatedSecret bool, host string, pathPrefix string, secretName string) error {
@@ -59,25 +55,21 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 		return nil
 	}
 
-	if source.Git != nil {
-		for _, c := range source.Git.Credentials {
-			err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
-			if err != nil {
-				return nil, err
-			}
+	for _, c := range credentials.Git {
+		err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+		if err != nil {
+			return nil, err
 		}
-	} else if source.Oci == nil {
-		status.Deprecation(ctx, "spec.source.url", "'spec.source.url' is deprecated and will be removed in the next API version bump. Use 'spec.source.git.url' instead")
-
-		if source.SecretRef != nil {
-			// Attempt to retrieve deprecated secret
-			err := loadCredentials(true, "", "", source.SecretRef.Name)
-			if err != nil {
-				return nil, err
-			}
-			status.Deprecation(ctx, "spec.source.secretRef", "the 'spec.source.secretRef' is deprecated and will be removed in the next API version bump.")
+	}
+	if source.SecretRef != nil {
+		status.Deprecation(ctx, "spec.source.secretRef", "the 'spec.source.secretRef' is deprecated and will be removed in the next API version bump.")
+		err := loadCredentials(true, "", "", source.SecretRef.Name)
+		if err != nil {
+			return nil, err
 		}
-
+	}
+	if len(source.Credentials) != 0 {
+		status.Deprecation(ctx, "spec.source.credentials", "'spec.source.credentials' is deprecated and will be removed in the next API version bump. Use 'spec.credentials.git' instead")
 		for _, c := range source.Credentials {
 			err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
 			if err != nil {
@@ -89,11 +81,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source *
 	return ret, nil
 }
 
-func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, source *kluctlv1.ProjectSource, objNs string) ([]ociRepoSecrets, error) {
-	if source == nil || source.Oci == nil {
-		return nil, nil
-	}
-
+func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, credentials kluctlv1.ProjectCredentials, objNs string) ([]ociRepoSecrets, error) {
 	var ret []ociRepoSecrets
 
 	loadCredentials := func(deprecatedSecret bool, registry string, repo string, secretName string) error {
@@ -113,7 +101,7 @@ func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, source *
 		return nil
 	}
 
-	for _, c := range source.Oci.Credentials {
+	for _, c := range credentials.Oci {
 		err := loadCredentials(false, c.Registry, c.Repository, c.SecretRef.Name)
 		if err != nil {
 			return nil, err

From 8c71b125df4108854b8a97ad93c9b827ba73dc81 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 20:51:20 +0200
Subject: [PATCH 1689/2268] feat: Align Helm credentials handling with the
 git/oci way

---
 api/v1beta1/kluctldeployment_types.go         |  40 +++-
 api/v1beta1/zz_generated.deepcopy.go          |  21 ++
 cmd/kluctl/args/helm_credentials.go           | 138 ++++++++------
 cmd/kluctl/commands/cmd_helm_pull.go          |  17 +-
 cmd/kluctl/commands/cmd_helm_update.go        |  17 +-
 cmd/kluctl/commands/cmd_list_targets.go       |   2 +-
 cmd/kluctl/commands/cmd_seal.go               |   2 +-
 cmd/kluctl/commands/completion.go             |   2 +-
 cmd/kluctl/commands/utils.go                  |  14 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   |  67 +++++--
 docs/gitops/api/kluctl-controller.md          | 100 +++++++++-
 docs/kluctl/commands/delete.md                |  13 +-
 docs/kluctl/commands/deploy.md                |  13 +-
 docs/kluctl/commands/diff.md                  |  13 +-
 docs/kluctl/commands/helm-update.md           |  13 +-
 docs/kluctl/commands/list-images.md           |  13 +-
 docs/kluctl/commands/poke-images.md           |  13 +-
 docs/kluctl/commands/prune.md                 |  13 +-
 docs/kluctl/commands/render.md                |  13 +-
 docs/kluctl/commands/validate.md              |  13 +-
 e2e/gitops_git_include_test.go                |   8 +-
 e2e/gitops_helm_test.go                       | 125 ++++++++++++
 e2e/gitops_oci_include_test.go                |   7 +-
 e2e/gitops_test.go                            | 180 +-----------------
 e2e/helm_test.go                              | 172 +++++++++++++----
 e2e/sops_test.go                              |   2 +-
 e2e/test-utils/helm_repo_utils.go             |  13 +-
 install/controller/controller/crd.yaml        |  67 +++++--
 pkg/controllers/kluctl_project.go             |  98 ++--------
 .../kluctldeployment_controller_source.go     | 110 ++++++++++-
 pkg/deployment/deployment_item.go             |   2 +-
 pkg/deployment/shared_context.go              |  20 +-
 pkg/git/auth/list_auth_provider.go            |   5 +-
 pkg/helm/auth/auth_provider.go                |  51 +++++
 pkg/helm/auth/env_auth_provider.go            |  64 +++++++
 pkg/helm/auth/helm_config_auth_provider.go    |  32 ++++
 pkg/helm/auth/list_auth_provider.go           | 135 +++++++++++++
 pkg/helm/chart.go                             |  79 ++++----
 pkg/helm/helm_release.go                      |   8 +-
 pkg/kluctl_project/project_load.go            |   4 +-
 pkg/kluctl_project/target_context.go          |   6 +-
 pkg/utils/utils.go                            |  14 +-
 42 files changed, 1217 insertions(+), 522 deletions(-)
 create mode 100644 e2e/gitops_helm_test.go
 create mode 100644 pkg/helm/auth/auth_provider.go
 create mode 100644 pkg/helm/auth/env_auth_provider.go
 create mode 100644 pkg/helm/auth/helm_config_auth_provider.go
 create mode 100644 pkg/helm/auth/list_auth_provider.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 68a84dd7b..093d55a78 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -94,6 +94,7 @@ type KluctlDeploymentSpec struct {
 
 	// HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
 	// Kluctl deployment.
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.
 	// +optional
 	HelmCredentials []HelmCredentials `json:"helmCredentials,omitempty"`
 
@@ -248,30 +249,30 @@ type ProjectSource struct {
 	Oci *ProjectSourceOci `json:"oci,omitempty"`
 
 	// Url specifies the Git url where the project source is located
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.url instead.
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.
 	// +optional
 	URL *types.GitUrl `json:"url,omitempty"`
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.ref instead.
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.
 	// +optional
 	Ref *types.GitRef `json:"ref,omitempty"`
 
 	// Path specifies the sub-directory to be used as project directory
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.path instead.
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.
 	// +optional
 	Path string `json:"path,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
 	// See ProjectSourceCredentials.SecretRef for details
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git
 	// instead.
 	// WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
 	// Use spec.credentials.git with a proper Host field instead.
 	SecretRef *LocalObjectReference `json:"secretRef,omitempty"`
 
 	// Credentials specifies a list of secrets with credentials
-	// DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git instead.
+	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.
 	// +optional
 	Credentials []ProjectCredentialsGit `json:"credentials,omitempty"`
 }
@@ -314,6 +315,10 @@ type ProjectCredentials struct {
 	// Oci specifies a list of OCI credentials
 	// +optional
 	Oci []ProjectCredentialsOci `json:"oci,omitempty"`
+
+	// Helm specifies a list of Helm credentials
+	// +optional
+	Helm []ProjectCredentialsHelm `json:"helm,omitempty"`
 }
 
 type ProjectCredentialsGit struct {
@@ -324,9 +329,10 @@ type ProjectCredentialsGit struct {
 	// +required
 	Host string `json:"host,omitempty"`
 
-	// PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
+	// PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
 	// this set of credentials.
 	// +optional
+	// TODO deprecate this
 	PathPrefix string `json:"pathPrefix,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
@@ -356,6 +362,28 @@ type ProjectCredentialsOci struct {
 	SecretRef LocalObjectReference `json:"secretRef"`
 }
 
+type ProjectCredentialsHelm struct {
+	// Host specifies the hostname that this secret applies to.
+	// +required
+	Host string `json:"host"`
+
+	// Path specifies the path to be used to filter Helm urls. The path can contain wildcards. These credentials
+	// will only be used for matching URLs. If omitted, all URLs are considered to match.
+	// +optional
+	Path string `json:"path,omitempty"`
+
+	// SecretRef specifies the Secret containing authentication credentials for
+	// the Helm repository.
+	// The secret can either container basic authentication credentials via `username` and `password` or
+	// TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+	// contacting the repository.
+	// The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+	// `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+	// the hostname changes in-between.
+	// +required
+	SecretRef LocalObjectReference `json:"secretRef"`
+}
+
 // Decryption defines how decryption is handled for Kubernetes manifests.
 type Decryption struct {
 	// Provider is the name of the decryption engine.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index ab029f08b..212ac7bda 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -323,6 +323,11 @@ func (in *ProjectCredentials) DeepCopyInto(out *ProjectCredentials) {
 		*out = make([]ProjectCredentialsOci, len(*in))
 		copy(*out, *in)
 	}
+	if in.Helm != nil {
+		in, out := &in.Helm, &out.Helm
+		*out = make([]ProjectCredentialsHelm, len(*in))
+		copy(*out, *in)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentials.
@@ -351,6 +356,22 @@ func (in *ProjectCredentialsGit) DeepCopy() *ProjectCredentialsGit {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectCredentialsHelm) DeepCopyInto(out *ProjectCredentialsHelm) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentialsHelm.
+func (in *ProjectCredentialsHelm) DeepCopy() *ProjectCredentialsHelm {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectCredentialsHelm)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectCredentialsOci) DeepCopyInto(out *ProjectCredentialsOci) {
 	*out = *in
diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 451ff7ef2..399de0642 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -1,83 +1,103 @@
 package args
 
 import (
+	"context"
+	"fmt"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
 	"strings"
-
-	"helm.sh/helm/v3/pkg/cli"
-	"helm.sh/helm/v3/pkg/repo"
 )
 
 type HelmCredentials struct {
-	HelmUsername              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmPassword              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmKeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<credentialsId>:<path>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmUsername              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmPassword              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmKeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 }
 
-func (c *HelmCredentials) FindCredentials(repoUrl string, credentialsId *string) *repo.Entry {
-	if credentialsId != nil {
-		splitIdAndValue := func(s string) (string, bool) {
-			x := strings.SplitN(s, ":", 2)
-			if len(x) < 0 {
-				return "", false
-			}
-			if x[0] != *credentialsId {
-				return "", false
-			}
-			return x[1], true
-		}
+func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.HelmAuthProvider, error) {
+	la := &helm_auth.ListAuthProvider{}
+	if c == nil {
+		return la, nil
+	}
 
-		var e repo.Entry
-		for _, x := range c.HelmUsername {
-			if v, ok := splitIdAndValue(x); ok {
-				e.Username = v
-			}
-		}
-		for _, x := range c.HelmPassword {
-			if v, ok := splitIdAndValue(x); ok {
-				e.Password = v
-			}
-		}
-		for _, x := range c.HelmKeyFile {
-			if v, ok := splitIdAndValue(x); ok {
-				e.KeyFile = v
+	byCredentialId := map[string]*helm_auth.AuthEntry{}
+	byHostPath := map[string]*helm_auth.AuthEntry{}
+
+	getEntry := func(s string) (*helm_auth.AuthEntry, string, error) {
+		x1 := strings.SplitN(s, "=", 2)
+		x2 := strings.SplitN(s, ":", 2) // deprecated
+		if len(x1) == 2 {
+			k := x1[0]
+			e, ok := byHostPath[k]
+			if !ok {
+				x := strings.SplitN(k, "/", 2)
+				e = &helm_auth.AuthEntry{}
+				if len(x) == 2 {
+					e.Host = x[0]
+					e.Path = x[1]
+				} else {
+					e.Host = x[0]
+				}
+				byHostPath[k] = e
 			}
-		}
-		for _, x := range c.HelmInsecureSkipTlsVerify {
-			if x == *credentialsId {
-				e.InsecureSkipTLSverify = true
+			return e, x1[1], nil
+		} else if len(x2) == 2 {
+			status.Deprecation(ctx, "helm-credential-args-id", "Passing Helm credentials via credentialsId is deprecated and support for it will be removed in a future version of Kluctl. Please switch to using the <host>/<path>=value format.")
+			k := x2[0]
+			e, ok := byCredentialId[k]
+			if !ok {
+				e = &helm_auth.AuthEntry{
+					CredentialsId: k,
+				}
+				byCredentialId[k] = e
 			}
+			return e, x2[1], nil
+		} else {
+			return nil, "", fmt.Errorf("invalid parameter format")
 		}
+	}
 
-		if e != (repo.Entry{}) {
-			e.URL = repoUrl
-			return &e
+	for _, s := range c.HelmUsername {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
 		}
+		e.Username = v
 	}
-
-	env := cli.New()
-
-	f, err := repo.LoadFile(env.RepositoryConfig)
-	if err != nil {
-		return nil
+	for _, s := range c.HelmPassword {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.Password = v
 	}
-
-	removeTrailingSlash := func(s string) string {
-		if len(s) == 0 {
-			return s
+	for _, s := range c.HelmKeyFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
 		}
-		if s[len(s)-1] == '/' {
-			return s[:len(s)-1]
+		e.Key, err = os.ReadFile(v)
+		if err != nil {
+			return nil, err
 		}
-		return s
 	}
-	repoUrl = removeTrailingSlash(repoUrl)
-
-	for _, e := range f.Repositories {
-		if removeTrailingSlash(e.URL) == repoUrl {
-			return e
+	for _, s := range c.HelmInsecureSkipTlsVerify {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
 		}
+		e.InsecureSkipTLSverify = utils.ParseBoolOrFalse(v)
+	}
+
+	for _, e := range byCredentialId {
+		la.AddEntry(*e)
+	}
+	for _, e := range byHostPath {
+		la.AddEntry(*e)
 	}
 
-	return nil
+	return la, nil
 }
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 429a49d64..0a5d1786b 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -36,17 +37,23 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	}
 
 	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	helmAuthProvider := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		helmAuthProvider.RegisterAuthProvider(x, false)
+	}
 
-	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, false, true)
+	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, false, true)
 	return err
 }
 
-func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.HelmCredentials, ociAuthProvider auth_provider.OciAuthProvider, dryRun bool, force bool) (int, error) {
+func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider, dryRun bool, force bool) (int, error) {
 	actions := 0
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, helmCredentials, ociAuthProvider)
+	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider)
 	if err != nil {
 		return actions, err
 	}
@@ -127,7 +134,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmCredentials *args.He
 	return actions, nil
 }
 
-func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvider helm.HelmCredentialsProvider, ociAuthProvider auth_provider.OciAuthProvider) ([]*helm.Release, []*helm.Chart, error) {
+func loadHelmReleases(ctx context.Context, projectDir string, baseChartsDir string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider) ([]*helm.Release, []*helm.Chart, error) {
 	var releases []*helm.Release
 	chartsMap := make(map[string]*helm.Chart)
 	err := filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
@@ -141,7 +148,7 @@ func loadHelmReleases(projectDir string, baseChartsDir string, credentialsProvid
 			return err
 		}
 
-		hr, err := helm.NewRelease(projectDir, relDir, p, baseChartsDir, credentialsProvider, ociAuthProvider)
+		hr, err := helm.NewRelease(ctx, projectDir, relDir, p, baseChartsDir, helmAuthProvider, ociAuthProvider)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 44e1c09a1..55a52c0d4 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -49,6 +50,12 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	helmAuthProvider := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		helmAuthProvider.RegisterAuthProvider(x, false)
+	}
 
 	if cmd.Commit {
 		gitStatus, err := git2.GetWorktreeStatus(ctx, gitRootPath)
@@ -71,13 +78,13 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	g := utils.NewGoHelper(ctx, 8)
 
-	releases, charts, err := loadHelmReleases(projectDir, baseChartsDir, &cmd.HelmCredentials, ociAuthProvider)
+	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider)
 	if err != nil {
 		return err
 	}
 
 	if cmd.Commit {
-		actions, err := doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, true, false)
+		actions, err := doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, true, false)
 		if err != nil {
 			return err
 		}
@@ -192,7 +199,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	for k, hrs := range upgrades {
-		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion, ociAuthProvider)
+		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion, helmAuthProvider, ociAuthProvider)
 		if err != nil {
 			return err
 		}
@@ -222,7 +229,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, ociAuthProvider *auth_provider.OciAuthProviders) error {
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider *auth_provider.OciAuthProviders) error {
 	chart := hrs[0].Chart
 	newVersion := hrs[0].Config.ChartVersion
 
@@ -267,7 +274,7 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 		}
 	}
 
-	_, err = doHelmPull(ctx, projectDir, &cmd.HelmCredentials, ociAuthProvider, false, false)
+	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, false, false)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 8df9d4373..45e71b2ad 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.Targets {
 			result = append(result, t)
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 8ad9956a6..189187cf6 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -155,7 +155,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 }
 
 func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		noTargetMatch := true
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index a020dbde8..94865a7e4 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -50,7 +50,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 8370aa7c1..6c5580836 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
@@ -30,7 +31,7 @@ import (
 	"strings"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -104,6 +105,12 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	}
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuth := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	helmAuth := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := helmCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		helmAuth.RegisterAuthProvider(x, false)
+	}
 
 	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, gitRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
@@ -138,6 +145,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		GitRP:              gitRp,
 		OciRP:              ociRp,
 		OciAuthProvider:    ociAuth,
+		HelmAuthProvider:   helmAuth,
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
 
@@ -177,7 +185,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, &args.helmCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
@@ -218,8 +226,8 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		ForSeal:            args.forSeal,
 		Images:             images,
 		Inclusion:          inclusion,
-		HelmCredentials:    &args.helmCredentials,
 		OciAuthProvider:    p.LoadArgs.OciAuthProvider,
+		HelmAuthProvider:   p.LoadArgs.HelmAuthProvider,
 		RenderOutputDir:    renderOutputDir,
 	}
 
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 894b0a38b..3b3e8b64f 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -84,9 +84,9 @@ spec:
                             case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specified the path prefix to be
+                          description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                            will use this set of credentials. TODO deprecate this
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -105,6 +105,43 @@ spec:
                       - secretRef
                       type: object
                     type: array
+                  helm:
+                    description: Helm specifies a list of Helm credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this secret
+                            applies to.
+                          type: string
+                        path:
+                          description: Path specifies the path to be used to filter
+                            Helm urls. The path can contain wildcards. These credentials
+                            will only be used for matching URLs. If omitted, all URLs
+                            are considered to match.
+                          type: string
+                        secretRef:
+                          description: 'SecretRef specifies the Secret containing
+                            authentication credentials for the Helm repository. The
+                            secret can either container basic authentication credentials
+                            via `username` and `password` or TLS authentication via
+                            `certFile` and `keyFile`. `caFile` can be specified to
+                            override the CA to use while contacting the repository.
+                            The secret can also contain `insecureSkipTlsVerify: "true"`,
+                            which will disable TLS verification. `passCredentialsAll:
+                            "true"` can be specified to make the controller pass credentials
+                            to all requests, even if the hostname changes in-between.'
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - host
+                      - secretRef
+                      type: object
+                    type: array
                   oci:
                     description: Oci specifies a list of OCI credentials
                     items:
@@ -218,6 +255,8 @@ spec:
               helmCredentials:
                 description: HelmCredentials is a list of Helm credentials used when
                   non pre-pulled Helm Charts are used inside a Kluctl deployment.
+                  DEPRECATED this field is deprecated and will be removed in the next
+                  API version bump. Use spec.credentials.helm instead.
                 items:
                   properties:
                     secretRef:
@@ -381,8 +420,8 @@ spec:
                 properties:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.credentials.git instead.
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
@@ -394,9 +433,9 @@ spec:
                             case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specified the path prefix to be
+                          description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                            will use this set of credentials. TODO deprecate this
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -477,13 +516,13 @@ spec:
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use spec.git.path instead.
+                      in the next API version bump. Use spec.git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.git.ref instead.
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -498,10 +537,10 @@ spec:
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
                       credentials for See ProjectSourceCredentials.SecretRef for details
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.credentials.git instead.
-                      WARNING using this field causes the controller to pass http
-                      basic auth credentials to ALL repositories involved. Use spec.credentials.git
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.credentials.git instead. WARNING
+                      using this field causes the controller to pass http basic auth
+                      credentials to ALL repositories involved. Use spec.credentials.git
                       with a proper Host field instead.
                     properties:
                       name:
@@ -513,7 +552,7 @@ spec:
                   url:
                     description: Url specifies the Git url where the project source
                       is located DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use spec.git.url instead.
+                      in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
               suspend:
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 1e2f6828d..7a3b541cd 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -296,7 +296,8 @@ it does not apply to already started executions. Defaults to false.</p>
 <td>
 <em>(Optional)</em>
 <p>HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
-Kluctl deployment.</p>
+Kluctl deployment.
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.</p>
 </td>
 </tr>
 <tr>
@@ -781,7 +782,8 @@ it does not apply to already started executions. Defaults to false.</p>
 <td>
 <em>(Optional)</em>
 <p>HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
-Kluctl deployment.</p>
+Kluctl deployment.
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.</p>
 </td>
 </tr>
 <tr>
@@ -1379,6 +1381,7 @@ the KluctlDeployment.</p>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">ProjectCredentialsGit</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsHelm">ProjectCredentialsHelm</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsOci">ProjectCredentialsOci</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
 </p>
@@ -1451,6 +1454,20 @@ string
 <p>Oci specifies a list of OCI credentials</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>helm</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsHelm">
+[]ProjectCredentialsHelm
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Helm specifies a list of Helm credentials</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
@@ -1495,8 +1512,9 @@ string
 </td>
 <td>
 <em>(Optional)</em>
-<p>PathPrefix specified the path prefix to be used to filter source urls. Only urls that have this prefix will use
-this set of credentials.</p>
+<p>PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
+this set of credentials.
+TODO deprecate this</p>
 </td>
 </tr>
 <tr>
@@ -1521,6 +1539,70 @@ and &lsquo;known_hosts&rsquo; fields.</p>
 </table>
 </div>
 </div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectCredentialsHelm">ProjectCredentialsHelm
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>host</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Host specifies the hostname that this secret applies to.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the path to be used to filter Helm urls. The path can contain wildcards. These credentials
+will only be used for matching URLs. If omitted, all URLs are considered to match.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the Helm repository.
+The secret can either container basic authentication credentials via <code>username</code> and <code>password</code> or
+TLS authentication via <code>certFile</code> and <code>keyFile</code>. <code>caFile</code> can be specified to override the CA to use while
+contacting the repository.
+The secret can also contain <code>insecureSkipTlsVerify: &quot;true&quot;</code>, which will disable TLS verification.
+<code>passCredentialsAll: &quot;true&quot;</code> can be specified to make the controller pass credentials to all requests, even if
+the hostname changes in-between.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="gitops.kluctl.io/v1beta1.ProjectCredentialsOci">ProjectCredentialsOci
 </h3>
 <p>
@@ -1634,7 +1716,7 @@ github.com/kluctl/kluctl/v2/pkg/types.GitUrl
 <td>
 <em>(Optional)</em>
 <p>Url specifies the Git url where the project source is located
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.url instead.</p>
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.</p>
 </td>
 </tr>
 <tr>
@@ -1647,7 +1729,7 @@ github.com/kluctl/kluctl/v2/pkg/types.GitRef
 <td>
 <em>(Optional)</em>
 <p>Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.ref instead.</p>
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.</p>
 </td>
 </tr>
 <tr>
@@ -1660,7 +1742,7 @@ string
 <td>
 <em>(Optional)</em>
 <p>Path specifies the sub-directory to be used as project directory
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.git.path instead.</p>
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.</p>
 </td>
 </tr>
 <tr>
@@ -1675,7 +1757,7 @@ LocalObjectReference
 <td>
 <p>SecretRef specifies the Secret containing authentication credentials for
 See ProjectSourceCredentials.SecretRef for details
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git
 instead.
 WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
 Use spec.credentials.git with a proper Host field instead.</p>
@@ -1693,7 +1775,7 @@ Use spec.credentials.git with a proper Host field instead.</p>
 <td>
 <em>(Optional)</em>
 <p>Credentials specifies a list of secrets with credentials
-DEPRECATED this field is deprecated and will be removed in a future version of the controller. Use spec.credentials.git instead.</p>
+DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.</p>
 </td>
 </tr>
 </tbody>
diff --git a/docs/kluctl/commands/delete.md b/docs/kluctl/commands/delete.md
index 28760d956..134e44579 100644
--- a/docs/kluctl/commands/delete.md
+++ b/docs/kluctl/commands/delete.md
@@ -38,18 +38,23 @@ Misc arguments:
       --discriminator string                        Override the discriminator used to find objects for deletion.
       --dry-run                                     Performs all kubernetes API calls in dry-run mode.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --no-obfuscate                                Disable obfuscation of sensitive/secret data
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index ff964cf64..3f2a5e1c4 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -41,18 +41,23 @@ Misc arguments:
       --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
                                                     re-create objects. See documentation for more details.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --no-obfuscate                                Disable obfuscation of sensitive/secret data
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 19909b274..7f5744f53 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -38,18 +38,23 @@ Misc arguments:
       --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
                                                     re-create objects. See documentation for more details.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --ignore-annotations                          Ignores changes in annotations when diffing
diff --git a/docs/kluctl/commands/helm-update.md b/docs/kluctl/commands/helm-update.md
index 0e671b5aa..b4a82c63e 100644
--- a/docs/kluctl/commands/helm-update.md
+++ b/docs/kluctl/commands/helm-update.md
@@ -30,18 +30,23 @@ Misc arguments:
 
       --commit                                      Create a git commit for every updated chart
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
   -i, --interactive                                 Ask for every Helm Chart if it should be upgraded.
diff --git a/docs/kluctl/commands/list-images.md b/docs/kluctl/commands/list-images.md
index 125b79770..bc1fd6ac3 100644
--- a/docs/kluctl/commands/list-images.md
+++ b/docs/kluctl/commands/list-images.md
@@ -34,18 +34,23 @@ Misc arguments:
   Command specific arguments.
 
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
diff --git a/docs/kluctl/commands/poke-images.md b/docs/kluctl/commands/poke-images.md
index 6dc316676..1ae877ae4 100644
--- a/docs/kluctl/commands/poke-images.md
+++ b/docs/kluctl/commands/poke-images.md
@@ -35,18 +35,23 @@ Misc arguments:
 
       --dry-run                                     Performs all kubernetes API calls in dry-run mode.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --no-obfuscate                                Disable obfuscation of sensitive/secret data
diff --git a/docs/kluctl/commands/prune.md b/docs/kluctl/commands/prune.md
index 40b7f211f..ef625e61b 100644
--- a/docs/kluctl/commands/prune.md
+++ b/docs/kluctl/commands/prune.md
@@ -31,18 +31,23 @@ Misc arguments:
 
       --dry-run                                     Performs all kubernetes API calls in dry-run mode.
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --no-obfuscate                                Disable obfuscation of sensitive/secret data
diff --git a/docs/kluctl/commands/render.md b/docs/kluctl/commands/render.md
index 5681e0f57..37537fe33 100644
--- a/docs/kluctl/commands/render.md
+++ b/docs/kluctl/commands/render.md
@@ -32,18 +32,23 @@ Misc arguments:
   Command specific arguments.
 
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
diff --git a/docs/kluctl/commands/validate.md b/docs/kluctl/commands/validate.md
index 77a0abb98..7faf9c15b 100644
--- a/docs/kluctl/commands/validate.md
+++ b/docs/kluctl/commands/validate.md
@@ -32,18 +32,23 @@ Misc arguments:
   Command specific arguments.
 
       --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
                                                     --helm-insecure-skip-tls-verify=<credentialsId>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
                                                     authentication. Must be in the form
-                                                    --helm-key-file=<credentialsId>:<path>, where <credentialsId>
-                                                    must match the id specified in the helm-chart.yaml.
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
                                                     --helm-password=<credentialsId>:<password>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
       --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
                                                     --helm-username=<credentialsId>:<username>, where
                                                     <credentialsId> must match the id specified in the helm-chart.yaml.
   -o, --output stringArray                          Specify output target file. Can be specified multiple times
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index ac636147a..f3b47cea0 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -21,8 +21,8 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 
 	p, _, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
 
-	key := suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
-		URL: types2.ParseGitUrlMust(p.GitUrl()),
+	key := suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
+		kd.Spec.Source.URL = types2.ParseGitUrlMust(p.GitUrl())
 	})
 
 	suite.Run("fail without authentication", func() {
@@ -87,8 +87,8 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 
 	var key client.ObjectKey
 	if legacyGitSource {
-		key = suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
-			URL: types2.ParseGitUrlMust(p.GitUrl()),
+		key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
+			kd.Spec.Source.URL = types2.ParseGitUrlMust(p.GitUrl())
 		})
 	} else {
 		key = suite.createKluctlDeployment(p, "test", nil)
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
new file mode 100644
index 000000000..e89e9d6c8
--- /dev/null
+++ b/e2e/gitops_helm_test.go
@@ -0,0 +1,125 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"strings"
+)
+
+func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
+	g := NewWithT(suite.T())
+
+	p, repoUrl, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull)
+	if err != nil {
+		if tc.expectedError == "" {
+			assert.Fail(suite.T(), "did not expect error")
+		}
+		return
+	}
+
+	createNamespace(suite.T(), suite.k, p.TestSlug()+"-gitops")
+
+	createSecret := func(name string, m map[string]string) {
+		mb := map[string][]byte{}
+		for k, v := range m {
+			mb[k] = []byte(v)
+		}
+		credsSecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: p.TestSlug() + "-gitops",
+				Name:      name,
+			},
+			Data: mb,
+		}
+		err := suite.k.Client.Create(context.TODO(), credsSecret)
+		g.Expect(err).To(Succeed())
+	}
+
+	kdModSource := func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Source = kluctlv1.ProjectSource{
+			Git: &kluctlv1.ProjectSourceGit{
+				URL: *types2.ParseGitUrlMust(p.GitUrl()),
+			},
+		}
+	}
+	var kdModCreds func(kd *kluctlv1.KluctlDeployment)
+	if tc.argCredsId != "" {
+		createSecret("helm-secrets-1", map[string]string{
+			"credentialsId": tc.argCredsId,
+			"username":      tc.argUsername,
+			"password":      tc.argPassword,
+		})
+		kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{
+				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+			})
+		}
+	} else if tc.argCredsHost != "" {
+		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repoUrl.Host)
+		createSecret("helm-secrets-1", map[string]string{
+			"username": tc.argUsername,
+			"password": tc.argPassword,
+		})
+		kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Credentials.Helm = append(kd.Spec.Credentials.Helm, kluctlv1.ProjectCredentialsHelm{
+				Host:      host,
+				Path:      tc.argCredsPath,
+				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+			})
+		}
+	}
+
+	key := suite.createKluctlDeployment2(p, "test", map[string]any{
+		"namespace": p.TestSlug(),
+	}, kdModSource, kdModCreds)
+
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+	var kd kluctlv1.KluctlDeployment
+	err = suite.k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	readinessCondition := suite.getReadiness(&kd)
+	g.Expect(readinessCondition).ToNot(BeNil())
+
+	if tc.expectedError == "" {
+		g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).ToNot(Equal(metav1.ConditionFalse))
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "test-helm1-test-chart1")
+	} else {
+		g.Expect(kd.Status.LastDeployResult).To(BeNil())
+
+		g.Expect(readinessCondition.Status).To(Equal(metav1.ConditionFalse))
+		g.Expect(readinessCondition.Reason).To(Equal(kluctlv1.PrepareFailedReason))
+		g.Expect(readinessCondition.Message).To(ContainSubstring(tc.expectedError))
+	}
+}
+
+func (suite *GitopsTestSuite) TestHelm() {
+	for _, tc := range helmTests {
+		tc := tc
+		if tc.name == "dep-oci-creds-fail" {
+			continue
+		}
+		suite.Run(tc.name, func() {
+			suite.testHelmPull(tc, false)
+		})
+	}
+}
+
+func (suite *GitopsTestSuite) TestHelmPrePull() {
+	for _, tc := range helmTests {
+		tc := tc
+		if tc.name == "dep-oci-creds-fail" {
+			continue
+		}
+		suite.Run(tc.name, func() {
+			suite.testHelmPull(tc, true)
+		})
+	}
+}
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index e4dcb72cb..b3adb8555 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -57,12 +57,11 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 	}))
 	p.KluctlMust("oci", "push", "--url", repo0, "--creds", "user0:pass0")
 
-	key := suite.createKluctlDeployment2(p, "test", nil, v1beta1.ProjectSource{
-		Oci: &v1beta1.ProjectSourceOci{
+	var key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
+		kd.Spec.Source.Oci = &v1beta1.ProjectSourceOci{
 			URL: repo0,
-		},
+		}
 	})
-
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
 
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
index 5b4510e3d..0ff7c2958 100644
--- a/e2e/gitops_test.go
+++ b/e2e/gitops_test.go
@@ -21,7 +21,6 @@ import (
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
 	"testing"
 	"time"
 
@@ -166,14 +165,14 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 }
 
 func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
-	return suite.createKluctlDeployment2(p, target, args, kluctlv1.ProjectSource{
-		Git: &kluctlv1.ProjectSourceGit{
+	return suite.createKluctlDeployment2(p, target, args, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Source.Git = &kluctlv1.ProjectSourceGit{
 			URL: *types2.ParseGitUrlMust(p.GitUrl()),
-		},
+		}
 	})
 }
 
-func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProject, target string, args map[string]any, source kluctlv1.ProjectSource) client.ObjectKey {
+func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProject, target string, args map[string]any, modify ...func(kd *kluctlv1.KluctlDeployment)) client.ObjectKey {
 	gitopsNs := p.TestSlug() + "-gitops"
 	createNamespace(suite.T(), suite.k, gitopsNs)
 
@@ -194,10 +193,15 @@ func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProjec
 			Args: &runtime.RawExtension{
 				Raw: jargs,
 			},
-			Source: source,
 		},
 	}
 
+	for _, m := range modify {
+		if m != nil {
+			m(kluctlDeployment)
+		}
+	}
+
 	err = suite.k.Client.Create(context.Background(), kluctlDeployment)
 	if err != nil {
 		suite.T().Fatal(err)
@@ -355,170 +359,6 @@ data:
 	})
 }
 
-func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Helm() {
-	g := NewWithT(suite.T())
-
-	p := test_project.NewTestProject(suite.T())
-	createNamespace(suite.T(), suite.k, p.TestSlug())
-
-	p.UpdateTarget("target1", nil)
-
-	repoUrl := test_utils.CreateHelmRepo(suite.T(), []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "")
-	repoUrlWithCreds := test_utils.CreateHelmRepo(suite.T(), []test_utils.RepoChart{
-		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "test-user", "test-password")
-	ociRepoUrlWithCreds := test_utils.CreateHelmOciRepo(suite.T(), []test_utils.RepoChart{
-		{ChartName: "test-chart3", Version: "0.1.0"},
-	}, "test-user", "test-password")
-
-	p.AddHelmDeployment("d1", repoUrl, "test-chart1", "0.1.0", "test-helm-1", p.TestSlug(), nil)
-	p.UpdateYaml("d1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
-		return nil
-	}, "")
-
-	key := suite.createKluctlDeployment(p, "target1", map[string]any{
-		"namespace": p.TestSlug(),
-	})
-
-	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-	cm := &corev1.ConfigMap{}
-
-	suite.Run("chart got deployed", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "test-helm-1-test-chart1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
-	})
-
-	p.AddHelmDeployment("d2", repoUrlWithCreds, "test-chart2", "0.1.0", "test-helm-2", p.TestSlug(), nil)
-	p.UpdateYaml("d2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
-		return nil
-	}, "")
-
-	kd := &kluctlv1.KluctlDeployment{}
-
-	suite.Run("chart with credentials fails with 401", func() {
-		g.Eventually(func() bool {
-			err := suite.k.Client.Get(context.TODO(), key, kd)
-			g.Expect(err).To(Succeed())
-			for _, c := range kd.Status.Conditions {
-				_ = c
-				if c.Type == "Ready" && c.Reason == "PrepareFailed" && strings.Contains(c.Message, "401 Unauthorized") {
-					return true
-				}
-			}
-			return false
-		}, timeout, time.Second).Should(BeTrue())
-	})
-
-	credsSecret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Namespace: key.Namespace,
-			Name:      "helm-secrets-1",
-		},
-		Data: map[string][]byte{
-			"url":      []byte(repoUrlWithCreds),
-			"username": []byte("test-user"),
-			"password": []byte("test-password"),
-		},
-	}
-	err := suite.k.Client.Create(context.TODO(), credsSecret)
-	g.Expect(err).To(Succeed())
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"}})
-	})
-
-	suite.Run("chart with credentials succeeds", func() {
-		g.Eventually(func() bool {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "test-helm-2-test-chart2",
-				Namespace: p.TestSlug(),
-			}, cm)
-			if err != nil {
-				return false
-			}
-			g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
-			return true
-		}, timeout, time.Second).Should(BeTrue())
-	})
-
-	p.AddHelmDeployment("d3", ociRepoUrlWithCreds, "test-chart3", "0.1.0", "test-helm-3", p.TestSlug(), nil)
-	p.UpdateYaml("d3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
-		return nil
-	}, "")
-
-	suite.Run("OCI chart with credentials fails with 401", func() {
-		g.Eventually(func() bool {
-			err = suite.k.Client.Get(context.TODO(), key, kd)
-			g.Expect(err).To(Succeed())
-			for _, c := range kd.Status.Conditions {
-				_ = c
-				if c.Type == "Ready" && c.Reason == "PrepareFailed" && strings.Contains(c.Message, "401 Unauthorized") {
-					return true
-				}
-			}
-			return false
-		}, timeout, time.Second).Should(BeTrue())
-	})
-
-	/*
-		TODO enable this when Kluctl supports OCI authentication
-		url, err := url2.Parse(ociRepoUrlWithCreds)
-		g.Expect(err).To(Succeed())
-
-		dockerJson := map[string]any{
-			"auths": map[string]any{
-				url.Host: map[string]any{
-					"username": "test-user",
-					"password": "test-password,",
-					"auth":     base64.StdEncoding.EncodeToString([]byte("test-user:test-password")),
-				},
-			},
-		}
-		dockerJsonStr, err := json.Marshal(dockerJson)
-		g.Expect(err).To(Succeed())
-
-		credsSecret2 := &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Namespace: namespace,
-				Name:      "helm-secrets-2",
-			},
-			Data: map[string][]byte{
-				"url":               []byte(ociRepoUrlWithCreds),
-				".dockerconfigjson": dockerJsonStr,
-			},
-		}
-		err = k.Client.Create(context.TODO(), credsSecret2)
-		g.Expect(err).To(Succeed())
-
-		kluctlDeployment.Spec.HelmCredentials = append(kluctlDeployment.Spec.HelmCredentials, flux_utils.LocalObjectReference{Name: "helm-secrets-2"})
-		err = k.Client.Update(context.TODO(), kluctlDeployment)
-		g.Expect(err).To(Succeed())
-
-		t.Run("OCI chart with credentials succeeds", func(t *testing.T) {
-			g.Eventually(func() bool {
-				err := k.Client.Get(context.TODO(), client.ObjectKey{
-					Name:      "test-helm-3-test-chart3",
-					Namespace: namespace,
-				}, cm)
-				if err != nil {
-					return false
-				}
-				g.Expect(cm.Data).To(HaveKeyWithValue("a", "v1"))
-				return true
-			}, timeout, time.Second).Should(BeTrue())
-		})*/
-}
-
 func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Prune() {
 	g := NewWithT(suite.T())
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index bf1a7c684..7098e6658 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -15,31 +15,107 @@ import (
 	"os"
 	"path/filepath"
 	"sort"
+	"strings"
 	"testing"
 )
 
-func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, user string, password string) string {
+func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, path string, user string, password string) string {
 	if oci {
 		return test_utils.CreateHelmOciRepo(t, charts, user, password)
 	} else {
-		return test_utils.CreateHelmRepo(t, charts, user, password)
+		return test_utils.CreateHelmRepo(t, charts, path, user, password)
 	}
 }
 
-type testCase struct {
-	name          string
-	oci           bool
-	testAuth      bool
-	credsId       string
-	extraArgs     []string
+type helmTestCase struct {
+	path     string
+	name     string
+	oci      bool
+	testAuth bool
+	credsId  string
+
+	argCredsId   string
+	argCredsHost string
+	argCredsPath string
+	argUsername  string
+	argPassword  string
+
 	expectedError string
 }
 
-func testHelmPull(t *testing.T, tc testCase, prePull bool) {
-	t.Parallel()
+var helmTests = []helmTestCase{
+	{name: "helm-no-creds"},
+	{name: "oci-no-creds", oci: true},
+
+	// deprecated helm credentials flags
+	{
+		name: "dep-helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "dep-helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
+		argCredsId: "test-creds", argUsername: "test-user", argPassword: "invalid",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "dep-helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
+		argCredsId: "test-creds", argUsername: "test-user", argPassword: "secret-password",
+	},
+	{
+		name: "dep-oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
+		argCredsId: "test-creds", argUsername: "test-user", argPassword: "secret-password",
+		expectedError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments",
+	},
+
+	// new helm credentials flags
+	{
+		name: "helm-creds-missing", oci: false, testAuth: true,
+		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
+		expectedError: "401 Unauthorized"},
+	{
+		name: "helm-creds-invalid", oci: false, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "helm-creds-valid", oci: false, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "secret-password",
+	},
+	{
+		name: "helm-creds-missing-path", oci: false, testAuth: true, path: "path1",
+		argCredsHost: "<host>", argCredsPath: "path2", argUsername: "test-user", argPassword: "secret-password",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "helm-creds-invalid-path", oci: false, testAuth: true, path: "path1",
+		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "invalid",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "helm-creds-valid-path", oci: false, testAuth: true, path: "path1",
+		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "secret-password",
+	},
+}
 
-	k := defaultCluster1
+func buildHelmTestExtraArgs(tc helmTestCase, repoUrl string) []string {
+	u, _ := url.Parse(repoUrl)
 
+	var ret []string
+	if tc.argCredsId != "" {
+		ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
+		ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
+	} else if tc.argCredsHost != "" {
+		r := strings.ReplaceAll(tc.argCredsHost, "<host>", u.Host)
+		if tc.argCredsPath != "" {
+			r += "/" + tc.argCredsPath
+		}
+		ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
+		ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
+	}
+	return ret
+}
+
+func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool) (*test_project.TestProject, url.URL, error) {
 	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
@@ -53,7 +129,11 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, tc.oci, user, password)
+	}, tc.oci, tc.path, user, password)
+	repoUrl2, err := url.Parse(repoUrl)
+	assert.NoError(t, err)
+
+	extraArgs := buildHelmTestExtraArgs(tc, repoUrl)
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -69,16 +149,18 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 
 	if prePull {
 		args := []string{"helm-pull"}
-		args = append(args, tc.extraArgs...)
+		args = append(args, extraArgs...)
 
 		_, stderr, err := p.Kluctl(args...)
 		if tc.expectedError != "" {
 			assert.Error(t, err)
 			assert.Contains(t, stderr, tc.expectedError)
-			return
+			return p, *repoUrl2, err
 		} else {
 			assert.NoError(t, err)
 			assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
+
+			p.GitServer().CommitFiles(p.GitRepoName(), []string{".helm-charts"}, true, "helm-pull")
 		}
 	} else {
 		p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
@@ -87,8 +169,24 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 		}, "")
 	}
 
+	return p, *repoUrl2, nil
+}
+
+func testHelmPull(t *testing.T, tc helmTestCase, prePull bool) {
+	t.Parallel()
+
+	k := defaultCluster1
+	p, repoUrl, err := prepareHelmTestCase(t, k, tc, prePull)
+	if err != nil {
+		if tc.expectedError == "" {
+			assert.Fail(t, "did not expect error")
+		}
+		return
+	}
+
 	args := []string{"deploy", "--yes", "-t", "test"}
-	args = append(args, tc.extraArgs...)
+	args = append(args, buildHelmTestExtraArgs(tc, repoUrl.String())...)
+
 	_, stderr, err := p.Kluctl(args...)
 	pullMessage := "Pulling Helm Chart test-chart1 with version 0.1.0"
 	if prePull {
@@ -106,26 +204,18 @@ func testHelmPull(t *testing.T, tc testCase, prePull bool) {
 }
 
 func TestHelmPull(t *testing.T) {
-	tests := []testCase{
-		{name: "helm-no-creds"},
-		{name: "helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
-			expectedError: "401 Unauthorized"},
-		{name: "helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
-			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:invalid"},
-			expectedError: "401 Unauthorized"},
-		{name: "helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
-			extraArgs: []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:secret-password"}},
-		{name: "oci", oci: true},
-		{name: "oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
-			extraArgs:     []string{"--helm-username=test-creds:test-user", "--helm-password=test-creds:secret-password"},
-			expectedError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments"},
-	}
-
-	for _, tc := range tests {
+	for _, tc := range helmTests {
+		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
 			testHelmPull(t, tc, false)
 		})
-		t.Run(tc.name+"-prepull", func(t *testing.T) {
+	}
+}
+
+func TestHelmPrePull(t *testing.T) {
+	for _, tc := range helmTests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
 			testHelmPull(t, tc, true)
 		})
 	}
@@ -143,7 +233,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
-	}, oci, "", "")
+	}, oci, "", "", "")
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -191,7 +281,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		{ChartName: "test-chart1", Version: "0.2.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.3.0"},
-	}, oci, "", "")
+	}, oci, "", "", "")
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -308,7 +398,7 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 		{ChartName: "test-chart1", Version: "1.1.0"},
 		{ChartName: "test-chart1", Version: "1.1.1"},
 		{ChartName: "test-chart1", Version: "1.2.1"},
-	}, oci, "", "")
+	}, oci, "", "", "")
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -367,7 +457,7 @@ func TestHelmValues(t *testing.T) {
 	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "", "")
+	}, "", "", "")
 
 	values1 := map[string]any{
 		"data": map[string]any{
@@ -434,7 +524,7 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "", "")
+	}, "", "", "")
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
@@ -462,7 +552,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "")
+	}, "", "", "")
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -530,7 +620,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		{ChartName: "test-chart1", Version: "0.1.0"},
 		{ChartName: "test-chart1", Version: "0.1.1"},
 		{ChartName: "test-chart1", Version: "0.2.0"},
-	}, false, "", "")
+	}, false, "", "", "")
 	u, _ := url.Parse(repoUrl)
 
 	p.UpdateTarget("test", nil)
@@ -610,7 +700,7 @@ func getChartDir(t *testing.T, p *test_project.TestProject, url2 string, chartNa
 	if u.Scheme == "oci" {
 		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s", u.Scheme, u.Hostname()), chartName)
 	} else {
-		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), u.Path, chartName)
 	}
 	if chartVersion != "" {
 		dir = filepath.Join(dir, chartVersion)
@@ -657,7 +747,7 @@ func TestHelmLookup(t *testing.T) {
 
 	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "")
+	}, "", "", "")
 
 	values1 := map[string]any{
 		"lookup":          true,
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index d0435f1f5..7c744b730 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -101,7 +101,7 @@ func TestSopsHelmValues(t *testing.T) {
 
 	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
 		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "")
+	}, "", "", "")
 
 	valuesBytes, err := sops_test_resources.TestResources.ReadFile("helm-values.yaml")
 	assert.NoError(t, err)
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 8ac67bf86..6b63af23f 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -76,12 +76,12 @@ type RepoChart struct {
 	Version   string
 }
 
-func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password string) string {
+func CreateHelmRepo(t *testing.T, charts []RepoChart, path string, username string, password string) string {
 	tmpDir := t.TempDir()
 
 	for _, c := range charts {
 		tgz := createHelmPackage(t, c.ChartName, c.Version)
-		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+		_ = cp.Copy(tgz, filepath.Join(tmpDir, path, filepath.Base(tgz)))
 	}
 
 	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
@@ -104,12 +104,17 @@ func CreateHelmRepo(t *testing.T, charts []RepoChart, username string, password
 	}
 
 	i.SortEntries()
-	err = i.WriteFile(filepath.Join(tmpDir, "index.yaml"), 0644)
+	err = i.WriteFile(filepath.Join(tmpDir, path, "index.yaml"), 0644)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	return s.URL
+	retUrl := s.URL
+	if path != "" {
+		retUrl += "/" + path
+	}
+
+	return retUrl
 }
 
 func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index b1c573784..fdfed639a 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -84,9 +84,9 @@ spec:
                             case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specified the path prefix to be
+                          description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                            will use this set of credentials. TODO deprecate this
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -105,6 +105,43 @@ spec:
                       - secretRef
                       type: object
                     type: array
+                  helm:
+                    description: Helm specifies a list of Helm credentials
+                    items:
+                      properties:
+                        host:
+                          description: Host specifies the hostname that this secret
+                            applies to.
+                          type: string
+                        path:
+                          description: Path specifies the path to be used to filter
+                            Helm urls. The path can contain wildcards. These credentials
+                            will only be used for matching URLs. If omitted, all URLs
+                            are considered to match.
+                          type: string
+                        secretRef:
+                          description: 'SecretRef specifies the Secret containing
+                            authentication credentials for the Helm repository. The
+                            secret can either container basic authentication credentials
+                            via `username` and `password` or TLS authentication via
+                            `certFile` and `keyFile`. `caFile` can be specified to
+                            override the CA to use while contacting the repository.
+                            The secret can also contain `insecureSkipTlsVerify: "true"`,
+                            which will disable TLS verification. `passCredentialsAll:
+                            "true"` can be specified to make the controller pass credentials
+                            to all requests, even if the hostname changes in-between.'
+                          properties:
+                            name:
+                              description: Name of the referent.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                      required:
+                      - host
+                      - secretRef
+                      type: object
+                    type: array
                   oci:
                     description: Oci specifies a list of OCI credentials
                     items:
@@ -218,6 +255,8 @@ spec:
               helmCredentials:
                 description: HelmCredentials is a list of Helm credentials used when
                   non pre-pulled Helm Charts are used inside a Kluctl deployment.
+                  DEPRECATED this field is deprecated and will be removed in the next
+                  API version bump. Use spec.credentials.helm instead.
                 items:
                   properties:
                     secretRef:
@@ -381,8 +420,8 @@ spec:
                 properties:
                   credentials:
                     description: Credentials specifies a list of secrets with credentials
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.credentials.git instead.
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
@@ -394,9 +433,9 @@ spec:
                             case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specified the path prefix to be
+                          description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                            will use this set of credentials. TODO deprecate this
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -477,13 +516,13 @@ spec:
                   path:
                     description: Path specifies the sub-directory to be used as project
                       directory DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use spec.git.path instead.
+                      in the next API version bump. Use spec.git.path instead.
                     type: string
                   ref:
                     description: Ref specifies the branch, tag or commit that should
                       be used. If omitted, the default branch of the repo is used.
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.git.ref instead.
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -498,10 +537,10 @@ spec:
                   secretRef:
                     description: SecretRef specifies the Secret containing authentication
                       credentials for See ProjectSourceCredentials.SecretRef for details
-                      DEPRECATED this field is deprecated and will be removed in a
-                      future version of the controller. Use spec.credentials.git instead.
-                      WARNING using this field causes the controller to pass http
-                      basic auth credentials to ALL repositories involved. Use spec.credentials.git
+                      DEPRECATED this field is deprecated and will be removed in the
+                      next API version bump. Use spec.credentials.git instead. WARNING
+                      using this field causes the controller to pass http basic auth
+                      credentials to ALL repositories involved. Use spec.credentials.git
                       with a proper Host field instead.
                     properties:
                       name:
@@ -513,7 +552,7 @@ spec:
                   url:
                     description: Url specifies the Git url where the project source
                       is located DEPRECATED this field is deprecated and will be removed
-                      in a future version of the controller. Use spec.git.url instead.
+                      in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
               suspend:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 8a36928e5..dd220fbfd 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -10,7 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/helm"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -50,6 +50,8 @@ type preparedProject struct {
 	gitRP *repocache.GitRepoCache
 	ociRP *repocache.OciRepoCache
 
+	helmAuthProvider helm_auth.HelmAuthProvider
+
 	co         git.CheckoutInfo
 	tmpDir     string
 	repoDir    string
@@ -96,6 +98,11 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
+	helmSecrets, err := r.getHelmSecrets(ctx, pp.obj, obj.GetNamespace())
+	if err != nil {
+		return nil, err
+	}
+
 	pp.gitRP, err = r.buildGitRepoCache(ctx, gitSecrets)
 	if err != nil {
 		return nil, err
@@ -106,6 +113,11 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
+	pp.helmAuthProvider, err = r.buildHelmAuth(ctx, helmSecrets)
+	if err != nil {
+		return nil, err
+	}
+
 	if doCloneSource {
 		if pp.obj.Spec.Source.Git != nil {
 			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.Git.URL)
@@ -404,75 +416,6 @@ func (p helmCredentialsProvider) FindCredentials(repoUrl string, credentialsId *
 	return nil
 }
 
-func (pt *preparedTarget) buildHelmCredentials(ctx context.Context) (helm.HelmCredentialsProvider, error) {
-	var creds []repo.Entry
-
-	tmpDirBase := filepath.Join(pt.pp.tmpDir, "helm-certs")
-	_ = os.MkdirAll(tmpDirBase, 0o700)
-
-	var writeTmpFilErr error
-	writeTmpFile := func(secretData map[string][]byte, name string) string {
-		b, ok := secretData["certFile"]
-		if ok {
-			tmpFile, err := os.CreateTemp(tmpDirBase, name+"-")
-			if err != nil {
-				writeTmpFilErr = err
-				return ""
-			}
-			defer tmpFile.Close()
-			_, err = tmpFile.Write(b)
-			if err != nil {
-				writeTmpFilErr = err
-			}
-			return tmpFile.Name()
-		}
-		return ""
-	}
-
-	for _, e := range pt.pp.obj.Spec.HelmCredentials {
-		var secret corev1.Secret
-		err := pt.pp.r.Client.Get(ctx, types.NamespacedName{
-			Namespace: pt.pp.obj.GetNamespace(),
-			Name:      e.SecretRef.Name,
-		}, &secret)
-		if err != nil {
-			return nil, err
-		}
-
-		var entry repo.Entry
-
-		credentialsId := string(secret.Data["credentialsId"])
-		url := string(secret.Data["url"])
-		if credentialsId == "" && url == "" {
-			return nil, fmt.Errorf("secret %s must at least contain 'credentialsId' or 'url'", e.SecretRef.Name)
-		}
-		entry.Name = credentialsId
-		entry.URL = url
-		entry.Username = string(secret.Data["username"])
-		entry.Password = string(secret.Data["password"])
-		entry.CertFile = writeTmpFile(secret.Data, "certFile")
-		entry.KeyFile = writeTmpFile(secret.Data, "keyFile")
-		entry.CAFile = writeTmpFile(secret.Data, "caFile")
-		if writeTmpFilErr != nil {
-			return nil, writeTmpFilErr
-		}
-
-		b, _ := secret.Data["insecureSkipTlsVerify"]
-		s := string(b)
-		if utils.ParseBoolOrFalse(&s) {
-			entry.InsecureSkipTLSverify = true
-		}
-		b, _ = secret.Data["passCredentialsAll"]
-		s = string(b)
-		if utils.ParseBoolOrFalse(&s) {
-			entry.PassCredentialsAll = true
-		}
-		creds = append(creds, entry)
-	}
-
-	return helmCredentialsProvider(creds), nil
-}
-
 func (pt *preparedTarget) buildInclusion() *utils.Inclusion {
 	inc := utils.NewInclusion()
 	for _, x := range pt.pp.obj.Spec.IncludeTags {
@@ -634,18 +577,15 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	if err != nil {
 		return nil, err
 	}
-	helmCredentials, err := pt.buildHelmCredentials(ctx)
-	if err != nil {
-		return nil, err
-	}
+
 	inclusion := pt.buildInclusion()
 
 	props := kluctl_project.TargetContextParams{
-		DryRun:          pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
-		Images:          images,
-		Inclusion:       inclusion,
-		HelmCredentials: helmCredentials,
-		RenderOutputDir: renderOutputDir,
+		DryRun:           pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
+		Images:           images,
+		Inclusion:        inclusion,
+		HelmAuthProvider: pt.pp.helmAuthProvider,
+		RenderOutputDir:  renderOutputDir,
 	}
 	if pt.pp.obj.Spec.Target != nil {
 		props.TargetName = *pt.pp.obj.Spec.Target
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index fb27e6e11..b9fc0d0b3 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -9,15 +9,18 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
+	"net/url"
 	"os"
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
 )
 
 type gitRepoSecrets struct {
@@ -34,6 +37,13 @@ type ociRepoSecrets struct {
 	secret   corev1.Secret
 }
 
+type helmRepoSecrets struct {
+	credentialsId string
+	host          string
+	path          string
+	secret        corev1.Secret
+}
+
 func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source kluctlv1.ProjectSource, credentials kluctlv1.ProjectCredentials, objNs string) ([]gitRepoSecrets, error) {
 	var ret []gitRepoSecrets
 
@@ -111,6 +121,55 @@ func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, credenti
 	return ret, nil
 }
 
+func (r *KluctlDeploymentReconciler) getHelmSecrets(ctx context.Context, obj *kluctlv1.KluctlDeployment, objNs string) ([]helmRepoSecrets, error) {
+	var ret []helmRepoSecrets
+
+	loadCredentials := func(host string, path string, secretName string) error {
+		var secret corev1.Secret
+		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
+		if err != nil {
+			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
+		}
+		ret = append(ret, helmRepoSecrets{
+			host:   host,
+			path:   path,
+			secret: secret,
+		})
+		return nil
+	}
+
+	for _, c := range obj.Spec.Credentials.Helm {
+		err := loadCredentials(c.Host, c.Path, c.SecretRef.Name)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	for _, c := range obj.Spec.HelmCredentials {
+		err := loadCredentials("", "", c.SecretRef.Name)
+		if err != nil {
+			return nil, err
+		}
+		e := &ret[len(ret)-1]
+		cid := e.secret.Data["credentialsId"]
+		u := e.secret.Data["url"]
+		if cid != nil {
+			e.credentialsId = string(cid)
+		}
+		if u != nil {
+			u2, err := url.Parse(string(u))
+			if err != nil {
+				return nil, err
+			}
+			e.host = u2.Host
+			e.path = strings.TrimPrefix(u2.Path, "/")
+			e.path = strings.TrimSuffix(e.path, "/")
+		}
+	}
+
+	return ret, nil
+}
+
 func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecrets []gitRepoSecrets) (*auth.GitAuthProviders, error) {
 	log := ctrl.LoggerFrom(ctx)
 	ga := auth.NewDefaultAuthProviders("KLUCTL_GIT", &messages.MessageCallbacks{
@@ -191,8 +250,7 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 			e.AuthConfig.RegistryToken = string(x)
 		}
 		if x, ok := secret.secret.Data["insecure"]; ok {
-			x2 := string(x)
-			e.Insecure = utils.ParseBoolOrFalse(&x2)
+			e.Insecure = utils.ParseBoolOrFalse(string(x))
 		}
 
 		la.AddEntry(e)
@@ -200,6 +258,54 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 	return ociAuthProvider, nil
 }
 
+func (r *KluctlDeploymentReconciler) buildHelmAuth(ctx context.Context, helmSecrets []helmRepoSecrets) (helm_auth.HelmAuthProvider, error) {
+	authProvider := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+
+	var la helm_auth.ListAuthProvider
+	authProvider.RegisterAuthProvider(&la, false)
+
+	for _, secret := range helmSecrets {
+		e := helm_auth.AuthEntry{
+			CredentialsId: secret.credentialsId,
+			Host:          secret.host,
+			Path:          secret.path,
+		}
+
+		if x, ok := secret.secret.Data["username"]; ok {
+			e.Username = string(x)
+		}
+		if x, ok := secret.secret.Data["password"]; ok {
+			e.Password = string(x)
+		}
+		if x, ok := secret.secret.Data["cert"]; ok {
+			e.Cert = x
+		} else if x, ok := secret.secret.Data["certFile"]; ok {
+			e.Cert = x
+		}
+		if x, ok := secret.secret.Data["key"]; ok {
+			e.Key = x
+		} else if x, ok := secret.secret.Data["keyFile"]; ok {
+			e.Key = x
+		}
+		if x, ok := secret.secret.Data["ca"]; ok {
+			e.CA = x
+		} else if x, ok := secret.secret.Data["caFile"]; ok {
+			e.CA = x
+		}
+		if x, ok := secret.secret.Data["insecure"]; ok {
+			e.InsecureSkipTLSverify = utils.ParseBoolOrFalse(string(x))
+		} else if x, ok := secret.secret.Data["insecureSkipTlsVerify"]; ok {
+			e.InsecureSkipTLSverify = utils.ParseBoolOrFalse(string(x))
+		}
+		if x, ok := secret.secret.Data["passCredentialsAll"]; ok {
+			e.PassCredentialsAll = utils.ParseBoolOrFalse(string(x))
+		}
+
+		la.AddEntry(e)
+	}
+	return authProvider, nil
+}
+
 func (r *KluctlDeploymentReconciler) buildGitRepoCacheKey(secrets []gitRepoSecrets) (string, error) {
 	// make sure we use a unique repo cache per set of credentials
 	h := sha256.New()
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index afd2799b8..86c478c18 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -191,7 +191,7 @@ func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
 		helmChartsDir = filepath.Join(di.Project.source.dir, ".helm-charts")
 	}
 
-	hr, err := helm.NewRelease(di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmCredentials, di.ctx.OciAuthProvider)
+	hr, err := helm.NewRelease(di.ctx.Ctx, di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmAuthProvider, di.ctx.OciAuthProvider)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 85950107e..730d13c7b 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -2,7 +2,7 @@ package deployment
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/helm"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -11,15 +11,15 @@ import (
 )
 
 type SharedContext struct {
-	Ctx             context.Context
-	K               *k8s.K8sCluster
-	K8sVersion      string
-	GitRP           *repocache.GitRepoCache
-	OciRP           *repocache.OciRepoCache
-	SopsDecrypter   *decryptor.Decryptor
-	VarsLoader      *vars.VarsLoader
-	HelmCredentials helm.HelmCredentialsProvider
-	OciAuthProvider auth_provider.OciAuthProvider
+	Ctx              context.Context
+	K                *k8s.K8sCluster
+	K8sVersion       string
+	GitRP            *repocache.GitRepoCache
+	OciRP            *repocache.OciRepoCache
+	SopsDecrypter    *decryptor.Decryptor
+	VarsLoader       *vars.VarsLoader
+	HelmAuthProvider helm_auth.HelmAuthProvider
+	OciAuthProvider  auth_provider.OciAuthProvider
 
 	Discriminator                     string
 	RenderDir                         string
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index b8da25b00..8dc220f68 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -50,10 +50,7 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 		if e.Host != "*" && e.Host != gitUrl.Host {
 			continue
 		}
-		urlPath := gitUrl.Path
-		if strings.HasPrefix(urlPath, "/") {
-			urlPath = urlPath[1:]
-		}
+		urlPath := strings.TrimPrefix(gitUrl.Path, "/")
 		if !strings.HasPrefix(urlPath, e.PathPrefix) {
 			continue
 		}
diff --git a/pkg/helm/auth/auth_provider.go b/pkg/helm/auth/auth_provider.go
new file mode 100644
index 000000000..2ef1825f8
--- /dev/null
+++ b/pkg/helm/auth/auth_provider.go
@@ -0,0 +1,51 @@
+package auth
+
+import (
+	"context"
+	"github.com/hashicorp/go-multierror"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/url"
+)
+
+type CleanupFunc func()
+
+var cleanupNoop = func() {}
+
+type HelmAuthProvider interface {
+	FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error)
+}
+
+type HelmAuthProviders struct {
+	authProviders []HelmAuthProvider
+}
+
+func (a *HelmAuthProviders) RegisterAuthProvider(p HelmAuthProvider, last bool) {
+	if last {
+		a.authProviders = append(a.authProviders, p)
+	} else {
+		a.authProviders = append([]HelmAuthProvider{p}, a.authProviders...)
+	}
+}
+
+func (a *HelmAuthProviders) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+	var errs *multierror.Error
+	for _, p := range a.authProviders {
+		auth, cf, err := p.FindAuthEntry(ctx, repoUrl, credentialsId)
+		if err != nil {
+			errs = multierror.Append(errs, err)
+			continue
+		}
+		if auth == nil {
+			continue
+		}
+		return auth, cf, nil
+	}
+	return nil, cleanupNoop, errs.ErrorOrNil()
+}
+
+func NewDefaultAuthProviders(envPrefix string) *HelmAuthProviders {
+	a := &HelmAuthProviders{}
+	a.RegisterAuthProvider(&HelmEnvAuthProvider{Prefix: envPrefix}, true)
+	a.RegisterAuthProvider(&HelmConfigAuthProvider{}, true)
+	return a
+}
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
new file mode 100644
index 000000000..8ab8e5e69
--- /dev/null
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -0,0 +1,64 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/url"
+)
+
+type HelmEnvAuthProvider struct {
+	Prefix string
+}
+
+func (a *HelmEnvAuthProvider) isDefaultInsecure(ctx context.Context) bool {
+	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE", a.Prefix), false)
+	if err != nil {
+		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE: %s", a.Prefix, err)
+		return false
+	}
+	return defaultInsecure
+}
+
+func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+	defaultInsecure := a.isDefaultInsecure(ctx)
+
+	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
+		host := m["HOST"]
+		cid := m["CREDENTIALS_ID"]
+		if host == "" && cid == "" {
+			continue
+		}
+
+		e := AuthEntry{
+			CredentialsId:         cid,
+			Host:                  host,
+			Path:                  m["PATH"],
+			Username:              m["USERNAME"],
+			Password:              m["PASSWORD"],
+			InsecureSkipTLSverify: utils.ParseBoolOrDefault(m["INSECURE"], defaultInsecure),
+			PassCredentialsAll:    utils.ParseBoolOrFalse(m["PASS_CREDENTIALS_ALL"]),
+		}
+
+		if !e.Match(repoUrl, credentialsId) {
+			continue
+		}
+
+		ret, cf, err := e.BuildEntry(ctx, repoUrl)
+		if err != nil {
+			return nil, cf, err
+		}
+		if ret == nil {
+			continue
+		}
+
+		ret.CertFile = m["CERT_FILE"]
+		ret.KeyFile = m["KEY_FILE"]
+		ret.CAFile = m["CA_FILE"]
+
+		return ret, cf, nil
+	}
+	return nil, nil, nil
+}
diff --git a/pkg/helm/auth/helm_config_auth_provider.go b/pkg/helm/auth/helm_config_auth_provider.go
new file mode 100644
index 000000000..07b8039a3
--- /dev/null
+++ b/pkg/helm/auth/helm_config_auth_provider.go
@@ -0,0 +1,32 @@
+package auth
+
+import (
+	"context"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/url"
+	"strings"
+)
+
+type HelmConfigAuthProvider struct {
+}
+
+func (a *HelmConfigAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+	env := cli.New()
+
+	f, err := repo.LoadFile(env.RepositoryConfig)
+	if err != nil {
+		return nil, cleanupNoop, nil
+	}
+
+	repoUrl2 := strings.TrimSuffix(repoUrl.String(), "/")
+
+	for _, e := range f.Repositories {
+		x := strings.TrimSuffix(e.URL, "/")
+		if repoUrl2 == x {
+			return e, cleanupNoop, nil
+		}
+	}
+
+	return nil, cleanupNoop, nil
+}
diff --git a/pkg/helm/auth/list_auth_provider.go b/pkg/helm/auth/list_auth_provider.go
new file mode 100644
index 000000000..1f894d8af
--- /dev/null
+++ b/pkg/helm/auth/list_auth_provider.go
@@ -0,0 +1,135 @@
+package auth
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"helm.sh/helm/v3/pkg/repo"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+type ListAuthProvider struct {
+	entries []AuthEntry
+}
+
+type AuthEntry struct {
+	CredentialsId string
+
+	Host string
+	Path string
+
+	Username string
+	Password string
+
+	Cert []byte
+	Key  []byte
+	CA   []byte
+
+	InsecureSkipTLSverify bool
+	PassCredentialsAll    bool
+}
+
+func (e *AuthEntry) Match(repoUrl url.URL, credentialsId string) bool {
+	if e.CredentialsId != "" {
+		if credentialsId == "" {
+			return false
+		}
+		if e.CredentialsId != credentialsId {
+			return false
+		}
+		return true
+	}
+
+	if e.Host != repoUrl.Host {
+		return false
+	}
+
+	if e.Path != "" {
+		urlPath := strings.TrimPrefix(repoUrl.Path, "/")
+		m, err := filepath.Match(e.Path, urlPath)
+		if err != nil || !m {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (e *AuthEntry) BuildEntry(ctx context.Context, repoUrl url.URL) (*repo.Entry, CleanupFunc, error) {
+	var tmpFiles []string
+	cleanup := func() {
+		for _, f := range tmpFiles {
+			_ = os.Remove(f)
+		}
+	}
+	newTmpFile := func(data []byte) (string, error) {
+		f, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "")
+		if err != nil {
+			return "", err
+		}
+		defer f.Close()
+		tmpFiles = append(tmpFiles, f.Name())
+
+		_, err = f.Write(data)
+		if err != nil {
+			return "", err
+		}
+		return f.Name(), nil
+	}
+
+	ret := repo.Entry{
+		URL:                   repoUrl.String(),
+		Username:              e.Username,
+		Password:              e.Password,
+		InsecureSkipTLSverify: e.InsecureSkipTLSverify,
+		PassCredentialsAll:    e.PassCredentialsAll,
+	}
+	var err error
+	if e.Cert != nil {
+		ret.CertFile, err = newTmpFile(e.Cert)
+		if err != nil {
+			cleanup()
+			return nil, cleanupNoop, err
+		}
+	}
+	if e.Key != nil {
+		ret.KeyFile, err = newTmpFile(e.Key)
+		if err != nil {
+			cleanup()
+			return nil, cleanupNoop, err
+		}
+	}
+	if e.CA != nil {
+		ret.CAFile, err = newTmpFile(e.CA)
+		if err != nil {
+			cleanup()
+			return nil, cleanupNoop, err
+		}
+	}
+
+	return &ret, cleanup, nil
+}
+
+func (a *ListAuthProvider) AddEntry(e AuthEntry) {
+	a.entries = append(a.entries, e)
+}
+
+func (a *ListAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+	status.Tracef(ctx, "ListAuthProvider: BuildAuth for %s and credentialsId %v", repoUrl.String(), credentialsId)
+
+	for _, e := range a.entries {
+		status.Tracef(ctx, "ListAuthProvider: try host=%s, path=%s", e.Host, e.Path)
+
+		if !e.Match(repoUrl, credentialsId) {
+			status.Tracef(ctx, "ListAuthProvider: no match")
+			continue
+		}
+
+		status.Tracef(ctx, "ListAuthProvider: matched")
+		return e.BuildEntry(ctx, repoUrl)
+	}
+	return nil, cleanupNoop, nil
+}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 6b5bad2c7..9574bd4a7 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -25,30 +26,26 @@ import (
 	"strings"
 )
 
-type HelmCredentialsProvider interface {
-	FindCredentials(repoUrl string, credentialsId *string) *repo.Entry
-}
-
 type Chart struct {
 	repo      string
 	localPath string
 	chartName string
 
-	credentials   HelmCredentialsProvider
-	credentialsId string
+	helmAuthProvider auth.HelmAuthProvider
+	credentialsId    string
 
 	ociAuthProvider auth_provider.OciAuthProvider
 
 	versions []string
 }
 
-func NewChart(repo string, localPath string, chartName string, credentialsProvider HelmCredentialsProvider, credentialsId string, ociAuthProvider auth_provider.OciAuthProvider) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, helmAuthProvider auth.HelmAuthProvider, credentialsId string, ociAuthProvider auth_provider.OciAuthProvider) (*Chart, error) {
 	hc := &Chart{
-		repo:            repo,
-		localPath:       localPath,
-		credentials:     credentialsProvider,
-		credentialsId:   credentialsId,
-		ociAuthProvider: ociAuthProvider,
+		repo:             repo,
+		localPath:        localPath,
+		helmAuthProvider: helmAuthProvider,
+		credentialsId:    credentialsId,
+		ociAuthProvider:  ociAuthProvider,
 	}
 
 	if localPath == "" && repo == "" {
@@ -170,6 +167,11 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		return nil, fmt.Errorf("can not pull local charts")
 	}
 
+	u, err := url.Parse(c.repo)
+	if err != nil {
+		return nil, err
+	}
+
 	tmpPullDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pull-")
 	if err != nil {
 		return nil, err
@@ -190,26 +192,21 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		if registry.IsOCI(c.repo) {
 			return nil, fmt.Errorf("OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments")
 		}
-		if c.credentials == nil {
-			return nil, fmt.Errorf("no credentials provider")
-		}
 	}
 
-	if c.credentials != nil {
-		p := &c.credentialsId
-		if c.credentialsId == "" {
-			p = nil
-		}
-		creds := c.credentials.FindCredentials(c.repo, p)
-		if creds != nil {
-			a.Username = creds.Username
-			a.Password = creds.Password
-			a.CertFile = creds.CertFile
-			a.CaFile = creds.CAFile
-			a.KeyFile = creds.KeyFile
-			a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
-			a.PassCredentialsAll = creds.PassCredentialsAll
-		}
+	creds, cf, err := c.helmAuthProvider.FindAuthEntry(ctx, *u, c.credentialsId)
+	if err != nil {
+		return nil, err
+	}
+	defer cf()
+	if creds != nil {
+		a.Username = creds.Username
+		a.Password = creds.Password
+		a.CertFile = creds.CertFile
+		a.CaFile = creds.CAFile
+		a.KeyFile = creds.KeyFile
+		a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
+		a.PassCredentialsAll = creds.PassCredentialsAll
 	}
 
 	var out string
@@ -391,16 +388,20 @@ func (c *Chart) queryVersionsOci(ctx context.Context) error {
 func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
 	settings := cli.New()
 
-	var e *repo.Entry
-	if c.credentialsId != "" {
-		if c.credentials == nil {
-			return fmt.Errorf("no credentials provider")
-		}
-		e = c.credentials.FindCredentials(c.repo, &c.credentialsId)
-		if e == nil {
-			return fmt.Errorf("no credentials provided for Chart %s", c.chartName)
+	u, err := url.Parse(c.repo)
+	if err != nil {
+		return err
+	}
+
+	e, cf, err := c.helmAuthProvider.FindAuthEntry(ctx, *u, c.credentialsId)
+	if err != nil {
+		return err
+	}
+	defer cf()
+	if e == nil {
+		if c.credentialsId != "" {
+			return fmt.Errorf("no credentials found for Chart %s", c.chartName)
 		}
-	} else {
 		e = &repo.Entry{
 			URL: c.repo,
 		}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index dff103547..6a3d25fb8 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
 	"path/filepath"
@@ -39,7 +40,7 @@ type Release struct {
 	baseChartsDir string
 }
 
-func NewRelease(projectRoot string, relDirInProject string, configFile string, baseChartsDir string, credentialsProvider HelmCredentialsProvider, ociAuthProvider auth_provider.OciAuthProvider) (*Release, error) {
+func NewRelease(ctx context.Context, projectRoot string, relDirInProject string, configFile string, baseChartsDir string, helmAuthProvider auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider) (*Release, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
@@ -73,7 +74,10 @@ func NewRelease(projectRoot string, relDirInProject string, configFile string, b
 	if config.CredentialsId != nil {
 		credentialsId = *config.CredentialsId
 	}
-	chart, err := NewChart(config.Repo, localPath, config.ChartName, credentialsProvider, credentialsId, ociAuthProvider)
+	if credentialsId != "" {
+		status.Deprecation(ctx, "helm-release-credentials-id", "'credentialsId' in helm-chart.yaml is deprecated and support for it will be removed in a future version of Kluctl.")
+	}
+	chart, err := NewChart(config.Repo, localPath, config.ChartName, helmAuthProvider, credentialsId, ociAuthProvider)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index c6659c72d..f786bb6e9 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,6 +2,7 @@ package kluctl_project
 
 import (
 	"context"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -23,7 +24,8 @@ type LoadKluctlProjectArgs struct {
 	GitRP *repocache.GitRepoCache
 	OciRP *repocache.OciRepoCache
 
-	OciAuthProvider auth_provider.OciAuthProvider
+	OciAuthProvider  auth_provider.OciAuthProvider
+	HelmAuthProvider helm_auth.HelmAuthProvider
 
 	AddKeyServersFunc  func(ctx context.Context, d *decryptor.Decryptor) error
 	ClientConfigGetter func(context *string) (*rest.Config, *api.Config, error)
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 0fc4e9401..02d45613c 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -6,7 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	"github.com/kluctl/kluctl/v2/pkg/helm"
+	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -43,7 +43,7 @@ type TargetContextParams struct {
 	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
-	HelmCredentials    helm.HelmCredentialsProvider
+	HelmAuthProvider   helm_auth.HelmAuthProvider
 	OciAuthProvider    auth_provider.OciAuthProvider
 	RenderOutputDir    string
 }
@@ -122,7 +122,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		OciRP:                             p.OciRP,
 		SopsDecrypter:                     sopsDecryptor,
 		VarsLoader:                        varsLoader,
-		HelmCredentials:                   params.HelmCredentials,
+		HelmAuthProvider:                  params.HelmAuthProvider,
 		OciAuthProvider:                   params.OciAuthProvider,
 		Discriminator:                     target.Discriminator,
 		RenderDir:                         params.RenderOutputDir,
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index 345291931..c9b38dd85 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -31,13 +31,21 @@ func FindStrInSlice(a []string, s string) int {
 	return -1
 }
 
-func ParseBoolOrFalse(s *string) bool {
+func ParseBoolOrFalsePtr(s *string) bool {
 	if s == nil {
 		return false
 	}
-	b, err := strconv.ParseBool(*s)
+	return ParseBoolOrFalse(*s)
+}
+
+func ParseBoolOrFalse(s string) bool {
+	return ParseBoolOrDefault(s, false)
+}
+
+func ParseBoolOrDefault(s string, def bool) bool {
+	b, err := strconv.ParseBool(s)
 	if err != nil {
-		return false
+		return def
 	}
 	return b
 }

From 77801b734ff9e0e3dc2c2b3222593c1510190b12 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 21:17:42 +0200
Subject: [PATCH 1690/2268] fix: Create a copy of watched objects before
 modifying

---
 pkg/results/result-store-secrets.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 2a9162e2a..d2f22efea 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -793,7 +793,9 @@ func (s *ResultStoreSecrets) ListKluctlDeployments() ([]WatchKluctlDeploymentEve
 	}
 	ret := make([]WatchKluctlDeploymentEvent, 0, len(l.Items))
 	for _, x := range l.Items {
-		x := x
+		o := x.DeepCopy()
+		o.Kind = kluctlv1.KluctlDeploymentKind
+		o.APIVersion = kluctlv1.GroupVersion.String()
 		ret = append(ret, WatchKluctlDeploymentEvent{
 			ClusterId:  s.clusterId,
 			Deployment: &x,
@@ -816,6 +818,7 @@ func (s *ResultStoreSecrets) WatchKluctlDeployments() (<-chan WatchKluctlDeploym
 		if o == nil {
 			return nil
 		}
+		o = o.DeepCopy()
 		o.Kind = kluctlv1.KluctlDeploymentKind
 		o.APIVersion = kluctlv1.GroupVersion.String()
 		return &WatchKluctlDeploymentEvent{

From ff7759e7762f78a3cb477eae552a25f8c9128aab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 21:18:00 +0200
Subject: [PATCH 1691/2268] tests: Wait a bit longer before setting
 is-ready=true

---
 e2e/hooks_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 2047f41c4..c27cb67ab 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -262,7 +262,7 @@ func TestHooksWait(t *testing.T) {
 	// we run a goroutine in the background that will wait for a few seconds and then annotate kluctl.io/is-ready=true,
 	// which will then cause the hook to get ready
 	go func() {
-		time.Sleep(5 * time.Second)
+		time.Sleep(10 * time.Second)
 		patchConfigMap(t, s.k, s.p.TestSlug(), "hook2", func(o *uo.UnstructuredObject) {
 			o.SetK8sAnnotation("kluctl.io/is-ready", "true")
 		})

From f22153e109ed32d4159727d87710e6537ab3ec68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 22:34:09 +0200
Subject: [PATCH 1692/2268] refactor: Get rid of internal/fs package

---
 pkg/oci/client/build.go                       |  29 +-
 .../internal/{fs/testdata/test.file => .keep} |   0
 pkg/oci/client/internal/fs/LICENSE            |  27 -
 pkg/oci/client/internal/fs/fs.go              | 345 ----------
 pkg/oci/client/internal/fs/fs_test.go         | 625 ------------------
 pkg/oci/client/internal/fs/rename.go          |  31 -
 pkg/oci/client/internal/fs/rename_windows.go  |  42 --
 7 files changed, 26 insertions(+), 1073 deletions(-)
 rename pkg/oci/client/internal/{fs/testdata/test.file => .keep} (100%)
 delete mode 100644 pkg/oci/client/internal/fs/LICENSE
 delete mode 100644 pkg/oci/client/internal/fs/fs.go
 delete mode 100644 pkg/oci/client/internal/fs/fs_test.go
 delete mode 100644 pkg/oci/client/internal/fs/rename.go
 delete mode 100644 pkg/oci/client/internal/fs/rename_windows.go

diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 54be4f790..3621a1f08 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -26,8 +26,6 @@ import (
 	"path/filepath"
 	"strings"
 	"time"
-
-	"github.com/kluctl/kluctl/v2/pkg/oci/client/internal/fs"
 )
 
 // Build archives the given directory as a tarball to the given local path.
@@ -149,7 +147,32 @@ func (c *Client) Build(artifactPath, sourceDir string, ignorePaths []string) (er
 		return err
 	}
 
-	return fs.RenameWithFallback(tmpName, artifactPath)
+	return renameWithFallback(tmpName, artifactPath)
+}
+
+func renameWithFallback(src, dst string) error {
+	err := os.Rename(src, dst)
+	if err == nil {
+		return nil
+	}
+
+	f, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	f2, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return err
+	}
+	defer f2.Close()
+
+	_, err = io.Copy(f2, f)
+	if err != nil {
+		return err
+	}
+	return nil
 }
 
 type writeCounter struct {
diff --git a/pkg/oci/client/internal/fs/testdata/test.file b/pkg/oci/client/internal/.keep
similarity index 100%
rename from pkg/oci/client/internal/fs/testdata/test.file
rename to pkg/oci/client/internal/.keep
diff --git a/pkg/oci/client/internal/fs/LICENSE b/pkg/oci/client/internal/fs/LICENSE
deleted file mode 100644
index a2dd15faf..000000000
--- a/pkg/oci/client/internal/fs/LICENSE
+++ /dev/null
@@ -1,27 +0,0 @@
-Copyright (c) 2014 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/oci/client/internal/fs/fs.go b/pkg/oci/client/internal/fs/fs.go
deleted file mode 100644
index 21cf96e69..000000000
--- a/pkg/oci/client/internal/fs/fs.go
+++ /dev/null
@@ -1,345 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package fs
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"runtime"
-	"syscall"
-)
-
-// RenameWithFallback attempts to rename a file or directory, but falls back to
-// copying in the event of a cross-device link error. If the fallback copy
-// succeeds, src is still removed, emulating normal rename behavior.
-func RenameWithFallback(src, dst string) error {
-	_, err := os.Stat(src)
-	if err != nil {
-		return fmt.Errorf("cannot stat %s: %w", src, err)
-	}
-
-	err = os.Rename(src, dst)
-	if err == nil {
-		return nil
-	}
-
-	return renameFallback(err, src, dst)
-}
-
-// renameByCopy attempts to rename a file or directory by copying it to the
-// destination and then removing the src thus emulating the rename behavior.
-func renameByCopy(src, dst string) error {
-	var cerr error
-	if dir, _ := IsDir(src); dir {
-		cerr = CopyDir(src, dst)
-		if cerr != nil {
-			cerr = fmt.Errorf("copying directory failed: %w", cerr)
-		}
-	} else {
-		cerr = copyFile(src, dst)
-		if cerr != nil {
-			cerr = fmt.Errorf("copying file failed: %w", cerr)
-		}
-	}
-
-	if cerr != nil {
-		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, cerr)
-	}
-
-	if err := os.RemoveAll(src); err != nil {
-		return fmt.Errorf("cannot delete %s: %w", src, err)
-	}
-
-	return nil
-}
-
-var (
-	errSrcNotDir = errors.New("source is not a directory")
-	errDstExist  = errors.New("destination already exists")
-)
-
-// CopyDir recursively copies a directory tree, attempting to preserve permissions.
-// Source directory must exist, destination directory must *not* exist.
-func CopyDir(src, dst string) error {
-	src = filepath.Clean(src)
-	dst = filepath.Clean(dst)
-
-	// We use os.Lstat() here to ensure we don't fall in a loop where a symlink
-	// actually links to a one of its parent directories.
-	fi, err := os.Lstat(src)
-	if err != nil {
-		return err
-	}
-	if !fi.IsDir() {
-		return errSrcNotDir
-	}
-
-	_, err = os.Stat(dst)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	if err == nil {
-		return errDstExist
-	}
-
-	if err = os.MkdirAll(dst, fi.Mode()); err != nil {
-		return fmt.Errorf("cannot mkdir %s: %w", dst, err)
-	}
-
-	entries, err := os.ReadDir(src)
-	if err != nil {
-		return fmt.Errorf("cannot read directory %s: %w", dst, err)
-	}
-
-	for _, entry := range entries {
-		srcPath := filepath.Join(src, entry.Name())
-		dstPath := filepath.Join(dst, entry.Name())
-
-		if entry.IsDir() {
-			if err = CopyDir(srcPath, dstPath); err != nil {
-				return fmt.Errorf("copying directory failed: %w", err)
-			}
-		} else {
-			// This will include symlinks, which is what we want when
-			// copying things.
-			if err = copyFile(srcPath, dstPath); err != nil {
-				return fmt.Errorf("copying file failed: %w", err)
-			}
-		}
-	}
-
-	return nil
-}
-
-// copyFile copies the contents of the file named src to the file named
-// by dst. The file will be created if it does not already exist. If the
-// destination file exists, all its contents will be replaced by the contents
-// of the source file. The file mode will be copied from the source.
-func copyFile(src, dst string) (err error) {
-	if sym, err := IsSymlink(src); err != nil {
-		return fmt.Errorf("symlink check failed: %w", err)
-	} else if sym {
-		if err := cloneSymlink(src, dst); err != nil {
-			if runtime.GOOS == "windows" {
-				// If cloning the symlink fails on Windows because the user
-				// does not have the required privileges, ignore the error and
-				// fall back to copying the file contents.
-				//
-				// ERROR_PRIVILEGE_NOT_HELD is 1314 (0x522):
-				// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
-				if lerr, ok := err.(*os.LinkError); ok && lerr.Err != syscall.Errno(1314) {
-					return err
-				}
-			} else {
-				return err
-			}
-		} else {
-			return nil
-		}
-	}
-
-	in, err := os.Open(src)
-	if err != nil {
-		return
-	}
-	defer in.Close()
-
-	out, err := os.Create(dst)
-	if err != nil {
-		return
-	}
-
-	if _, err = io.Copy(out, in); err != nil {
-		out.Close()
-		return
-	}
-
-	// Check for write errors on Close
-	if err = out.Close(); err != nil {
-		return
-	}
-
-	si, err := os.Stat(src)
-	if err != nil {
-		return
-	}
-
-	// Temporary fix for Go < 1.9
-	//
-	// See: https://github.com/golang/dep/issues/774
-	// and https://github.com/golang/go/issues/20829
-	if runtime.GOOS == "windows" {
-		dst = fixLongPath(dst)
-	}
-	err = os.Chmod(dst, si.Mode())
-
-	return
-}
-
-// cloneSymlink will create a new symlink that points to the resolved path of sl.
-// If sl is a relative symlink, dst will also be a relative symlink.
-func cloneSymlink(sl, dst string) error {
-	resolved, err := os.Readlink(sl)
-	if err != nil {
-		return err
-	}
-
-	return os.Symlink(resolved, dst)
-}
-
-// IsDir determines is the path given is a directory or not.
-func IsDir(name string) (bool, error) {
-	fi, err := os.Stat(name)
-	if err != nil {
-		return false, err
-	}
-	if !fi.IsDir() {
-		return false, fmt.Errorf("%q is not a directory", name)
-	}
-	return true, nil
-}
-
-// IsSymlink determines if the given path is a symbolic link.
-func IsSymlink(path string) (bool, error) {
-	l, err := os.Lstat(path)
-	if err != nil {
-		return false, err
-	}
-
-	return l.Mode()&os.ModeSymlink == os.ModeSymlink, nil
-}
-
-// fixLongPath returns the extended-length (\\?\-prefixed) form of
-// path when needed, in order to avoid the default 260 character file
-// path limit imposed by Windows. If path is not easily converted to
-// the extended-length form (for example, if path is a relative path
-// or contains .. elements), or is short enough, fixLongPath returns
-// path unmodified.
-//
-// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
-func fixLongPath(path string) string {
-	// Do nothing (and don't allocate) if the path is "short".
-	// Empirically (at least on the Windows Server 2013 builder),
-	// the kernel is arbitrarily okay with < 248 bytes. That
-	// matches what the docs above say:
-	// "When using an API to create a directory, the specified
-	// path cannot be so long that you cannot append an 8.3 file
-	// name (that is, the directory name cannot exceed MAX_PATH
-	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
-	//
-	// The MSDN docs appear to say that a normal path that is 248 bytes long
-	// will work; empirically the path must be less then 248 bytes long.
-	if len(path) < 248 {
-		// Don't fix. (This is how Go 1.7 and earlier worked,
-		// not automatically generating the \\?\ form)
-		return path
-	}
-
-	// The extended form begins with \\?\, as in
-	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
-	// The extended form disables evaluation of . and .. path
-	// elements and disables the interpretation of / as equivalent
-	// to \. The conversion here rewrites / to \ and elides
-	// . elements as well as trailing or duplicate separators. For
-	// simplicity it avoids the conversion entirely for relative
-	// paths or paths containing .. elements. For now,
-	// \\server\share paths are not converted to
-	// \\?\UNC\server\share paths because the rules for doing so
-	// are less well-specified.
-	if len(path) >= 2 && path[:2] == `\\` {
-		// Don't canonicalize UNC paths.
-		return path
-	}
-	if !isAbs(path) {
-		// Relative path
-		return path
-	}
-
-	const prefix = `\\?`
-
-	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
-	copy(pathbuf, prefix)
-	n := len(path)
-	r, w := 0, len(prefix)
-	for r < n {
-		switch {
-		case os.IsPathSeparator(path[r]):
-			// empty block
-			r++
-		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
-			// /./
-			r++
-		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
-			// /../ is currently unhandled
-			return path
-		default:
-			pathbuf[w] = '\\'
-			w++
-			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
-				pathbuf[w] = path[r]
-				w++
-			}
-		}
-	}
-	// A drive's root directory needs a trailing \
-	if w == len(`\\?\c:`) {
-		pathbuf[w] = '\\'
-		w++
-	}
-	return string(pathbuf[:w])
-}
-
-func isAbs(path string) (b bool) {
-	v := volumeName(path)
-	if v == "" {
-		return false
-	}
-	path = path[len(v):]
-	if path == "" {
-		return false
-	}
-	return os.IsPathSeparator(path[0])
-}
-
-func volumeName(path string) (v string) {
-	if len(path) < 2 {
-		return ""
-	}
-	// with drive letter
-	c := path[0]
-	if path[1] == ':' &&
-		('0' <= c && c <= '9' || 'a' <= c && c <= 'z' ||
-			'A' <= c && c <= 'Z') {
-		return path[:2]
-	}
-	// is it UNC
-	if l := len(path); l >= 5 && os.IsPathSeparator(path[0]) && os.IsPathSeparator(path[1]) &&
-		!os.IsPathSeparator(path[2]) && path[2] != '.' {
-		// first, leading `\\` and next shouldn't be `\`. its server name.
-		for n := 3; n < l-1; n++ {
-			// second, next '\' shouldn't be repeated.
-			if os.IsPathSeparator(path[n]) {
-				n++
-				// third, following something characters. its share name.
-				if !os.IsPathSeparator(path[n]) {
-					if path[n] == '.' {
-						break
-					}
-					for ; n < l; n++ {
-						if os.IsPathSeparator(path[n]) {
-							break
-						}
-					}
-					return path[:n]
-				}
-				break
-			}
-		}
-	}
-	return ""
-}
diff --git a/pkg/oci/client/internal/fs/fs_test.go b/pkg/oci/client/internal/fs/fs_test.go
deleted file mode 100644
index 55173122c..000000000
--- a/pkg/oci/client/internal/fs/fs_test.go
+++ /dev/null
@@ -1,625 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package fs
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"runtime"
-	"sync"
-	"testing"
-)
-
-var (
-	mu sync.Mutex
-)
-
-func TestMain(m *testing.M) {
-	symlinks := []struct {
-		oldPath string
-		newPath string
-	}{
-		{
-			oldPath: "C:/Users/fluxcd/go/src/github.com/golang/dep/internal/fs/testdata/test.file",
-			newPath: "testdata/symlinks/windows-file-symlink",
-		},
-		{
-			oldPath: "/non/existing/file",
-			newPath: "testdata/symlinks/invalid-symlink",
-		},
-		{
-			oldPath: "../test.file",
-			newPath: "testdata/symlinks/file-symlink",
-		},
-		{
-			oldPath: "../../testdata",
-			newPath: "testdata/symlinks/dir-symlink",
-		},
-	}
-
-	os.MkdirAll("testdata/symlinks", 0o755)
-
-	for _, sl := range symlinks {
-		err := os.Symlink(sl.oldPath, sl.newPath)
-		if err != nil {
-			panic(fmt.Errorf("failed to create symlink: %v", err))
-		}
-	}
-
-	code := m.Run()
-
-	if err := os.RemoveAll("testdata/symlinks"); err != nil {
-		panic(fmt.Errorf("failed to remove symlink directory: %v", err))
-	}
-
-	os.Exit(code)
-}
-
-func TestRenameWithFallback(t *testing.T) {
-	dir := t.TempDir()
-
-	if err := RenameWithFallback(filepath.Join(dir, "does_not_exists"), filepath.Join(dir, "dst")); err == nil {
-		t.Fatal("expected an error for non existing file, but got nil")
-	}
-
-	srcpath := filepath.Join(dir, "src")
-
-	if srcf, err := os.Create(srcpath); err != nil {
-		t.Fatal(err)
-	} else {
-		srcf.Close()
-	}
-
-	if err := RenameWithFallback(srcpath, filepath.Join(dir, "dst")); err != nil {
-		t.Fatal(err)
-	}
-
-	srcpath = filepath.Join(dir, "a")
-	if err := os.MkdirAll(srcpath, 0o770); err != nil {
-		t.Fatal(err)
-	}
-
-	dstpath := filepath.Join(dir, "b")
-	if err := os.MkdirAll(dstpath, 0o770); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := RenameWithFallback(srcpath, dstpath); err == nil {
-		t.Fatal("expected an error if dst is an existing directory, but got nil")
-	}
-}
-
-func TestCopyDir(t *testing.T) {
-	dir := t.TempDir()
-
-	srcdir := filepath.Join(dir, "src")
-	if err := os.MkdirAll(srcdir, 0o750); err != nil {
-		t.Fatal(err)
-	}
-
-	files := []struct {
-		path     string
-		contents string
-		fi       os.FileInfo
-	}{
-		{path: "myfile", contents: "hello world"},
-		{path: filepath.Join("subdir", "file"), contents: "subdir file"},
-	}
-
-	// Create structure indicated in 'files'
-	for i, file := range files {
-		fn := filepath.Join(srcdir, file.path)
-		dn := filepath.Dir(fn)
-		if err := os.MkdirAll(dn, 0o750); err != nil {
-			t.Fatal(err)
-		}
-
-		fh, err := os.Create(fn)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if _, err = fh.Write([]byte(file.contents)); err != nil {
-			t.Fatal(err)
-		}
-		fh.Close()
-
-		files[i].fi, err = os.Stat(fn)
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	destdir := filepath.Join(dir, "dest")
-	if err := CopyDir(srcdir, destdir); err != nil {
-		t.Fatal(err)
-	}
-
-	// Compare copy against structure indicated in 'files'
-	for _, file := range files {
-		fn := filepath.Join(srcdir, file.path)
-		dn := filepath.Dir(fn)
-		dirOK, err := IsDir(dn)
-		if err != nil {
-			t.Fatal(err)
-		}
-		if !dirOK {
-			t.Fatalf("expected %s to be a directory", dn)
-		}
-
-		got, err := os.ReadFile(fn)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if file.contents != string(got) {
-			t.Fatalf("expected: %s, got: %s", file.contents, string(got))
-		}
-
-		gotinfo, err := os.Stat(fn)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if file.fi.Mode() != gotinfo.Mode() {
-			t.Fatalf("expected %s: %#v\n to be the same mode as %s: %#v",
-				file.path, file.fi.Mode(), fn, gotinfo.Mode())
-		}
-	}
-}
-
-func TestCopyDirFail_SrcInaccessible(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		// XXX: setting permissions works differently in
-		// Microsoft Windows. Skipping this this until a
-		// compatible implementation is provided.
-		t.Skip("skipping on windows")
-	}
-
-	var srcdir, dstdir string
-
-	setupInaccessibleDir(t, func(dir string) error {
-		srcdir = filepath.Join(dir, "src")
-		return os.MkdirAll(srcdir, 0o750)
-	})
-
-	dir := t.TempDir()
-
-	dstdir = filepath.Join(dir, "dst")
-	if err := CopyDir(srcdir, dstdir); err == nil {
-		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
-	}
-}
-
-func TestCopyDirFail_DstInaccessible(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		// XXX: setting permissions works differently in
-		// Microsoft Windows. Skipping this this until a
-		// compatible implementation is provided.
-		t.Skip("skipping on windows")
-	}
-
-	var srcdir, dstdir string
-
-	dir := t.TempDir()
-
-	srcdir = filepath.Join(dir, "src")
-	if err := os.MkdirAll(srcdir, 0o750); err != nil {
-		t.Fatal(err)
-	}
-
-	setupInaccessibleDir(t, func(dir string) error {
-		dstdir = filepath.Join(dir, "dst")
-		return nil
-	})
-
-	if err := CopyDir(srcdir, dstdir); err == nil {
-		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
-	}
-}
-
-func TestCopyDirFail_SrcIsNotDir(t *testing.T) {
-	var srcdir, dstdir string
-
-	dir := t.TempDir()
-
-	srcdir = filepath.Join(dir, "src")
-	if _, err := os.Create(srcdir); err != nil {
-		t.Fatal(err)
-	}
-
-	dstdir = filepath.Join(dir, "dst")
-
-	err := CopyDir(srcdir, dstdir)
-	if err == nil {
-		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
-	}
-
-	if err != errSrcNotDir {
-		t.Fatalf("expected %v error for CopyDir(%s, %s), got %s", errSrcNotDir, srcdir, dstdir, err)
-	}
-
-}
-
-func TestCopyDirFail_DstExists(t *testing.T) {
-	var srcdir, dstdir string
-
-	dir := t.TempDir()
-
-	srcdir = filepath.Join(dir, "src")
-	if err := os.MkdirAll(srcdir, 0o750); err != nil {
-		t.Fatal(err)
-	}
-
-	dstdir = filepath.Join(dir, "dst")
-	if err := os.MkdirAll(dstdir, 0o750); err != nil {
-		t.Fatal(err)
-	}
-
-	err := CopyDir(srcdir, dstdir)
-	if err == nil {
-		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
-	}
-
-	if err != errDstExist {
-		t.Fatalf("expected %v error for CopyDir(%s, %s), got %s", errDstExist, srcdir, dstdir, err)
-	}
-}
-
-func TestCopyDirFailOpen(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		// XXX: setting permissions works differently in
-		// Microsoft Windows. os.Chmod(..., 0o222) below is not
-		// enough for the file to be readonly, and os.Chmod(...,
-		// 0000) returns an invalid argument error. Skipping
-		// this this until a compatible implementation is
-		// provided.
-		t.Skip("skipping on windows")
-	}
-
-	var srcdir, dstdir string
-
-	dir := t.TempDir()
-
-	srcdir = filepath.Join(dir, "src")
-	if err := os.MkdirAll(srcdir, 0o750); err != nil {
-		t.Fatal(err)
-	}
-
-	srcfn := filepath.Join(srcdir, "file")
-	srcf, err := os.Create(srcfn)
-	if err != nil {
-		t.Fatal(err)
-	}
-	srcf.Close()
-
-	// setup source file so that it cannot be read
-	if err = os.Chmod(srcfn, 0o220); err != nil {
-		t.Fatal(err)
-	}
-
-	dstdir = filepath.Join(dir, "dst")
-
-	if err = CopyDir(srcdir, dstdir); err == nil {
-		t.Fatalf("expected error for CopyDir(%s, %s), got none", srcdir, dstdir)
-	}
-}
-
-func TestCopyFile(t *testing.T) {
-	dir := t.TempDir()
-
-	srcf, err := os.Create(filepath.Join(dir, "srcfile"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	want := "hello world"
-	if _, err := srcf.Write([]byte(want)); err != nil {
-		t.Fatal(err)
-	}
-	srcf.Close()
-
-	destf := filepath.Join(dir, "destf")
-	if err := copyFile(srcf.Name(), destf); err != nil {
-		t.Fatal(err)
-	}
-
-	got, err := os.ReadFile(destf)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if want != string(got) {
-		t.Fatalf("expected: %s, got: %s", want, string(got))
-	}
-
-	wantinfo, err := os.Stat(srcf.Name())
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	gotinfo, err := os.Stat(destf)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if wantinfo.Mode() != gotinfo.Mode() {
-		t.Fatalf("expected %s: %#v\n to be the same mode as %s: %#v", srcf.Name(), wantinfo.Mode(), destf, gotinfo.Mode())
-	}
-}
-
-func TestCopyFileSymlink(t *testing.T) {
-	dir := t.TempDir()
-	defer cleanUpDir(dir)
-
-	testcases := map[string]string{
-		filepath.Join("./testdata/symlinks/file-symlink"):         filepath.Join(dir, "dst-file"),
-		filepath.Join("./testdata/symlinks/windows-file-symlink"): filepath.Join(dir, "windows-dst-file"),
-		filepath.Join("./testdata/symlinks/invalid-symlink"):      filepath.Join(dir, "invalid-symlink"),
-	}
-
-	for symlink, dst := range testcases {
-		t.Run(symlink, func(t *testing.T) {
-			var err error
-			if err = copyFile(symlink, dst); err != nil {
-				t.Fatalf("failed to copy symlink: %s", err)
-			}
-
-			var want, got string
-
-			if runtime.GOOS == "windows" {
-				// Creating symlinks on Windows require an additional permission
-				// regular users aren't granted usually. So we copy the file
-				// content as a fall back instead of creating a real symlink.
-				srcb, err := os.ReadFile(symlink)
-				if err != nil {
-					t.Fatalf("%+v", err)
-				}
-				dstb, err := os.ReadFile(dst)
-				if err != nil {
-					t.Fatalf("%+v", err)
-				}
-
-				want = string(srcb)
-				got = string(dstb)
-			} else {
-				want, err = os.Readlink(symlink)
-				if err != nil {
-					t.Fatalf("%+v", err)
-				}
-
-				got, err = os.Readlink(dst)
-				if err != nil {
-					t.Fatalf("could not resolve symlink: %s", err)
-				}
-			}
-
-			if want != got {
-				t.Fatalf("resolved path is incorrect. expected %s, got %s", want, got)
-			}
-		})
-	}
-}
-
-func TestCopyFileLongFilePath(t *testing.T) {
-	if runtime.GOOS != "windows" {
-		// We want to ensure the temporary fix actually fixes the issue with
-		// os.Chmod and long file paths. This is only applicable on Windows.
-		t.Skip("skipping on non-windows")
-	}
-
-	dir := t.TempDir()
-
-	// Create a directory with a long-enough path name to cause the bug in #774.
-	dirName := ""
-	for len(dir+string(os.PathSeparator)+dirName) <= 300 {
-		dirName += "directory"
-	}
-
-	fullPath := filepath.Join(dir, dirName, string(os.PathSeparator))
-	if err := os.MkdirAll(fullPath, 0o750); err != nil && !os.IsExist(err) {
-		t.Fatalf("%+v", fmt.Errorf("unable to create temp directory: %s", fullPath))
-	}
-
-	err := os.WriteFile(fullPath+"src", []byte(nil), 0o640)
-	if err != nil {
-		t.Fatalf("%+v", err)
-	}
-
-	err = copyFile(fullPath+"src", fullPath+"dst")
-	if err != nil {
-		t.Fatalf("unexpected error while copying file: %v", err)
-	}
-}
-
-// C:\Users\appveyor\AppData\Local\Temp\1\gotest639065787\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890\dir4567890
-
-func TestCopyFileFail(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		// XXX: setting permissions works differently in
-		// Microsoft Windows. Skipping this this until a
-		// compatible implementation is provided.
-		t.Skip("skipping on windows")
-	}
-
-	dir := t.TempDir()
-
-	srcf, err := os.Create(filepath.Join(dir, "srcfile"))
-	if err != nil {
-		t.Fatal(err)
-	}
-	srcf.Close()
-
-	var dstdir string
-
-	setupInaccessibleDir(t, func(dir string) error {
-		dstdir = filepath.Join(dir, "dir")
-		return os.Mkdir(dstdir, 0o770)
-	})
-
-	fn := filepath.Join(dstdir, "file")
-	if err := copyFile(srcf.Name(), fn); err == nil {
-		t.Fatalf("expected error for %s, got none", fn)
-	}
-}
-
-// setupInaccessibleDir creates a temporary location with a single
-// directory in it, in such a way that that directory is not accessible
-// after this function returns.
-//
-// op is called with the directory as argument, so that it can create
-// files or other test artifacts.
-//
-// If setupInaccessibleDir fails in its preparation, or op fails, t.Fatal
-// will be invoked.
-func setupInaccessibleDir(t *testing.T, op func(dir string) error) {
-	dir, err := os.MkdirTemp("", "dep")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	subdir := filepath.Join(dir, "dir")
-
-	t.Cleanup(func() {
-		if err := os.Chmod(subdir, 0o770); err != nil {
-			t.Error(err)
-		}
-	})
-
-	if err := os.Mkdir(subdir, 0o770); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := op(subdir); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := os.Chmod(subdir, 0o660); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestIsDir(t *testing.T) {
-	wd, err := os.Getwd()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var dn string
-
-	setupInaccessibleDir(t, func(dir string) error {
-		dn = filepath.Join(dir, "dir")
-		return os.Mkdir(dn, 0o770)
-	})
-
-	tests := map[string]struct {
-		exists bool
-		err    bool
-	}{
-		wd:                            {true, false},
-		filepath.Join(wd, "testdata"): {true, false},
-		filepath.Join(wd, "main.go"):  {false, true},
-		filepath.Join(wd, "this_file_does_not_exist.thing"): {false, true},
-		dn: {false, true},
-	}
-
-	if runtime.GOOS == "windows" {
-		// This test doesn't work on Microsoft Windows because
-		// of the differences in how file permissions are
-		// implemented. For this to work, the directory where
-		// the directory exists should be inaccessible.
-		delete(tests, dn)
-	}
-
-	for f, want := range tests {
-		got, err := IsDir(f)
-		if err != nil && !want.err {
-			t.Fatalf("expected no error, got %v", err)
-		}
-
-		if got != want.exists {
-			t.Fatalf("expected %t for %s, got %t", want.exists, f, got)
-		}
-	}
-}
-
-func TestIsSymlink(t *testing.T) {
-	dir := t.TempDir()
-
-	dirPath := filepath.Join(dir, "directory")
-	if err := os.MkdirAll(dirPath, 0o770); err != nil {
-		t.Fatal(err)
-	}
-
-	filePath := filepath.Join(dir, "file")
-	f, err := os.Create(filePath)
-	if err != nil {
-		t.Fatal(err)
-	}
-	f.Close()
-
-	dirSymlink := filepath.Join(dir, "dirSymlink")
-	fileSymlink := filepath.Join(dir, "fileSymlink")
-
-	if err = os.Symlink(dirPath, dirSymlink); err != nil {
-		t.Fatal(err)
-	}
-	if err = os.Symlink(filePath, fileSymlink); err != nil {
-		t.Fatal(err)
-	}
-
-	var (
-		inaccessibleFile    string
-		inaccessibleSymlink string
-	)
-
-	setupInaccessibleDir(t, func(dir string) error {
-		inaccessibleFile = filepath.Join(dir, "file")
-		if fh, err := os.Create(inaccessibleFile); err != nil {
-			return err
-		} else if err = fh.Close(); err != nil {
-			return err
-		}
-
-		inaccessibleSymlink = filepath.Join(dir, "symlink")
-		return os.Symlink(inaccessibleFile, inaccessibleSymlink)
-	})
-
-	tests := map[string]struct{ expected, err bool }{
-		dirPath:             {false, false},
-		filePath:            {false, false},
-		dirSymlink:          {true, false},
-		fileSymlink:         {true, false},
-		inaccessibleFile:    {false, true},
-		inaccessibleSymlink: {false, true},
-	}
-
-	if runtime.GOOS == "windows" {
-		// XXX: setting permissions works differently in Windows. Skipping
-		// these cases until a compatible implementation is provided.
-		delete(tests, inaccessibleFile)
-		delete(tests, inaccessibleSymlink)
-	}
-
-	for path, want := range tests {
-		got, err := IsSymlink(path)
-		if err != nil {
-			if !want.err {
-				t.Errorf("expected no error, got %v", err)
-			}
-		}
-
-		if got != want.expected {
-			t.Errorf("expected %t for %s, got %t", want.expected, path, got)
-		}
-	}
-}
-
-func cleanUpDir(dir string) {
-	if dir != "" {
-		os.RemoveAll(dir)
-	}
-}
diff --git a/pkg/oci/client/internal/fs/rename.go b/pkg/oci/client/internal/fs/rename.go
deleted file mode 100644
index bad1f4778..000000000
--- a/pkg/oci/client/internal/fs/rename.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !windows
-// +build !windows
-
-package fs
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// renameFallback attempts to determine the appropriate fallback to failed rename
-// operation depending on the resulting error.
-func renameFallback(err error, src, dst string) error {
-	// Rename may fail if src and dst are on different devices; fall back to
-	// copy if we detect that case. syscall.EXDEV is the common name for the
-	// cross device link error which has varying output text across different
-	// operating systems.
-	terr, ok := err.(*os.LinkError)
-	if !ok {
-		return err
-	} else if terr.Err != syscall.EXDEV {
-		return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
-	}
-
-	return renameByCopy(src, dst)
-}
diff --git a/pkg/oci/client/internal/fs/rename_windows.go b/pkg/oci/client/internal/fs/rename_windows.go
deleted file mode 100644
index fa9a0b4d9..000000000
--- a/pkg/oci/client/internal/fs/rename_windows.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build windows
-// +build windows
-
-package fs
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-)
-
-// renameFallback attempts to determine the appropriate fallback to failed rename
-// operation depending on the resulting error.
-func renameFallback(err error, src, dst string) error {
-	// Rename may fail if src and dst are on different devices; fall back to
-	// copy if we detect that case. syscall.EXDEV is the common name for the
-	// cross device link error which has varying output text across different
-	// operating systems.
-	terr, ok := err.(*os.LinkError)
-	if !ok {
-		return err
-	}
-
-	if terr.Err != syscall.EXDEV {
-		// In windows it can drop down to an operating system call that
-		// returns an operating system error with a different number and
-		// message. Checking for that as a fall back.
-		noerr, ok := terr.Err.(syscall.Errno)
-
-		// 0x11 (ERROR_NOT_SAME_DEVICE) is the windows error.
-		// See https://msdn.microsoft.com/en-us/library/cc231199.aspx
-		if ok && noerr != 0x11 {
-			return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
-		}
-	}
-
-	return renameByCopy(src, dst)
-}

From 531541274ccdc43189c87a5a14bc2ba303b70b8e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 09:49:08 +0200
Subject: [PATCH 1693/2268] ci: Update workflow OSes

---
 .github/workflows/tests.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 339df505a..034f93399 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -100,13 +100,13 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
             run_on_pull_requests: true
-          - os: macos-11
+          - os: macos-12
             run_on_pull_requests: false
-          - os: windows-2019
+          - os: windows-2022
             run_on_pull_requests: false
-        os: [ubuntu-20.04, macos-11, windows-2019]
+        os: [ubuntu-22.04, macos-12, windows-2022]
       fail-fast: false
     runs-on: ${{ matrix.os }}
     steps:

From 52fbac76e5e4ec0c317b6a772a0e5ee53fd22be4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 10:22:20 +0200
Subject: [PATCH 1694/2268] tests: Add helm credentials-via-env tests

---
 e2e/helm_test.go | 51 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 7098e6658..8014362a2 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -97,15 +97,13 @@ var helmTests = []helmTestCase{
 	},
 }
 
-func buildHelmTestExtraArgs(tc helmTestCase, repoUrl string) []string {
-	u, _ := url.Parse(repoUrl)
-
+func buildHelmTestExtraArgs(tc helmTestCase, host string) []string {
 	var ret []string
 	if tc.argCredsId != "" {
 		ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
 		ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
 	} else if tc.argCredsHost != "" {
-		r := strings.ReplaceAll(tc.argCredsHost, "<host>", u.Host)
+		r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
 		if tc.argCredsPath != "" {
 			r += "/" + tc.argCredsPath
 		}
@@ -115,6 +113,24 @@ func buildHelmTestExtraArgs(tc helmTestCase, repoUrl string) []string {
 	return ret
 }
 
+func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
+	if tc.argCredsId != "" {
+		t.Setenv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
+	}
+	if tc.argCredsHost != "" {
+		t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
+	}
+	if tc.argCredsPath != "" {
+		t.Setenv("KLUCTL_HELM_PATH", tc.argCredsPath)
+	}
+	if tc.argUsername != "" {
+		t.Setenv("KLUCTL_HELM_USERNAME", tc.argUsername)
+	}
+	if tc.argPassword != "" {
+		t.Setenv("KLUCTL_HELM_PASSWORD", tc.argPassword)
+	}
+}
+
 func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool) (*test_project.TestProject, url.URL, error) {
 	p := test_project.NewTestProject(t)
 
@@ -133,7 +149,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 	repoUrl2, err := url.Parse(repoUrl)
 	assert.NoError(t, err)
 
-	extraArgs := buildHelmTestExtraArgs(tc, repoUrl)
+	extraArgs := buildHelmTestExtraArgs(tc, repoUrl2.Host)
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -172,8 +188,10 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 	return p, *repoUrl2, nil
 }
 
-func testHelmPull(t *testing.T, tc helmTestCase, prePull bool) {
-	t.Parallel()
+func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool) {
+	if !credsViaEnv {
+		t.Parallel()
+	}
 
 	k := defaultCluster1
 	p, repoUrl, err := prepareHelmTestCase(t, k, tc, prePull)
@@ -185,7 +203,11 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool) {
 	}
 
 	args := []string{"deploy", "--yes", "-t", "test"}
-	args = append(args, buildHelmTestExtraArgs(tc, repoUrl.String())...)
+	if credsViaEnv {
+		buildHelmTestEnvVars(t, tc, repoUrl.Host)
+	} else {
+		args = append(args, buildHelmTestExtraArgs(tc, repoUrl.Host)...)
+	}
 
 	_, stderr, err := p.Kluctl(args...)
 	pullMessage := "Pulling Helm Chart test-chart1 with version 0.1.0"
@@ -207,7 +229,7 @@ func TestHelmPull(t *testing.T) {
 	for _, tc := range helmTests {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			testHelmPull(t, tc, false)
+			testHelmPull(t, tc, false, false)
 		})
 	}
 }
@@ -216,7 +238,16 @@ func TestHelmPrePull(t *testing.T) {
 	for _, tc := range helmTests {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			testHelmPull(t, tc, true)
+			testHelmPull(t, tc, true, false)
+		})
+	}
+}
+
+func TestHelmPullCredsViaEnv(t *testing.T) {
+	for _, tc := range helmTests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			testHelmPull(t, tc, false, true)
 		})
 	}
 }

From 46f918d6bfdf80f568855293301eeb6e5cba5af9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 10:32:19 +0200
Subject: [PATCH 1695/2268] tests: Skip TestSkipSymlinks and Test_Push_Pull on
 windows

---
 pkg/oci/client/push_pull_test.go | 5 +++++
 pkg/tar/symlink_test.go          | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/pkg/oci/client/push_pull_test.go b/pkg/oci/client/push_pull_test.go
index a5e1314c4..1dbc3a1aa 100644
--- a/pkg/oci/client/push_pull_test.go
+++ b/pkg/oci/client/push_pull_test.go
@@ -22,6 +22,7 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@@ -34,6 +35,10 @@ import (
 )
 
 func Test_Push_Pull(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
 	g := NewWithT(t)
 	ctx := context.Background()
 	c := NewClient(DefaultOptions())
diff --git a/pkg/tar/symlink_test.go b/pkg/tar/symlink_test.go
index e8c4905ff..031d4796e 100644
--- a/pkg/tar/symlink_test.go
+++ b/pkg/tar/symlink_test.go
@@ -24,10 +24,15 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"testing"
 )
 
 func TestSkipSymlinks(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
 	tmpDir := t.TempDir()
 
 	symlinkTarget := filepath.Join(tmpDir, "symlink.target")

From a28b2e9bf984bdede834667738ada2bda6cba987 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 13:43:37 +0200
Subject: [PATCH 1696/2268] feat: Add --registry-xxx args for OCI
 authentication

---
 cmd/kluctl/args/registry_credentials.go | 89 +++++++++++++++++++++++++
 cmd/kluctl/commands/cmd_delete.go       |  2 +
 cmd/kluctl/commands/cmd_deploy.go       |  2 +
 cmd/kluctl/commands/cmd_diff.go         |  2 +
 cmd/kluctl/commands/cmd_helm_pull.go    |  6 ++
 cmd/kluctl/commands/cmd_helm_update.go  |  6 ++
 cmd/kluctl/commands/cmd_list_images.go  |  2 +
 cmd/kluctl/commands/cmd_list_targets.go |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go  |  2 +
 cmd/kluctl/commands/cmd_prune.go        |  2 +
 cmd/kluctl/commands/cmd_render.go       |  2 +
 cmd/kluctl/commands/cmd_seal.go         | 16 +++--
 cmd/kluctl/commands/cmd_validate.go     |  2 +
 cmd/kluctl/commands/completion.go       |  2 +-
 cmd/kluctl/commands/utils.go            | 10 ++-
 15 files changed, 136 insertions(+), 11 deletions(-)
 create mode 100644 cmd/kluctl/args/registry_credentials.go

diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
new file mode 100644
index 000000000..5503374e6
--- /dev/null
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -0,0 +1,89 @@
+package args
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"strings"
+)
+
+type RegistryCredentials struct {
+	RegistryUsername      []string `group:"misc" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
+	RegistryPassword      []string `group:"misc" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
+	RegistryAuth          []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
+	RegistryIdentityToken []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
+	RegistryToken         []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+}
+
+func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provider.OciAuthProvider, error) {
+	la := &auth_provider.ListAuthProvider{}
+	if c == nil {
+		return la, nil
+	}
+
+	byRegistryAndRepo := map[string]*auth_provider.AuthEntry{}
+
+	getEntry := func(s string) (*auth_provider.AuthEntry, string, error) {
+		x := strings.SplitN(s, "=", 2)
+		if len(x) == 2 {
+			k := x[0]
+			e, ok := byRegistryAndRepo[k]
+			if !ok {
+				x := strings.SplitN(k, "/", 2)
+				e = &auth_provider.AuthEntry{}
+				if len(x) == 2 {
+					e.Registry = x[0]
+					e.Repo = x[1]
+				} else {
+					e.Registry = x[0]
+				}
+				byRegistryAndRepo[k] = e
+			}
+			return e, x[1], nil
+		} else {
+			return nil, "", fmt.Errorf("invalid parameter format")
+		}
+	}
+
+	for _, s := range c.RegistryUsername {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.AuthConfig.Username = v
+	}
+	for _, s := range c.RegistryPassword {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.AuthConfig.Password = v
+	}
+	for _, s := range c.RegistryAuth {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.AuthConfig.Auth = v
+	}
+	for _, s := range c.RegistryIdentityToken {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.AuthConfig.IdentityToken = v
+	}
+	for _, s := range c.RegistryToken {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.AuthConfig.RegistryToken = v
+	}
+
+	for _, e := range byRegistryAndRepo {
+		la.AddEntry(*e)
+	}
+
+	return la, nil
+}
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 9372521fc..9767e3fd2 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -16,6 +16,7 @@ type deleteCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -43,6 +44,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 92d5320cf..1a7035a2a 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -17,6 +17,7 @@ type deployCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.ForceApplyFlags
@@ -48,6 +49,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 0f9df6014..ffe02a4f9 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -14,6 +14,7 @@ type diffCmd struct {
 	args.InclusionFlags
 	args.ImageFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.ForceApplyFlags
 	args.ReplaceOnErrorFlags
 	args.IgnoreFlags
@@ -36,6 +37,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 0a5d1786b..7b17a4b11 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -18,6 +18,7 @@ import (
 type helmPullCmd struct {
 	args.ProjectDir
 	args.HelmCredentials
+	args.RegistryCredentials
 }
 
 func (cmd *helmPullCmd) Help() string {
@@ -43,6 +44,11 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	} else {
 		helmAuthProvider.RegisterAuthProvider(x, false)
 	}
+	if x, err := cmd.RegistryCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		ociAuthProvider.RegisterAuthProvider(x, false)
+	}
 
 	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, false, true)
 	return err
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 55a52c0d4..28087cd7e 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -23,6 +23,7 @@ import (
 type helmUpdateCmd struct {
 	args.ProjectDir
 	args.HelmCredentials
+	args.RegistryCredentials
 
 	Upgrade bool `group:"misc" help:"Write new versions into helm-chart.yaml and perform helm-pull afterwards"`
 	Commit  bool `group:"misc" help:"Create a git commit for every updated chart"`
@@ -56,6 +57,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	} else {
 		helmAuthProvider.RegisterAuthProvider(x, false)
 	}
+	if x, err := cmd.RegistryCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		ociAuthProvider.RegisterAuthProvider(x, false)
+	}
 
 	if cmd.Commit {
 		gitStatus, err := git2.GetWorktreeStatus(ctx, gitRootPath)
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 7e1f78e83..883bfb161 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -13,6 +13,7 @@ type listImagesCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.OutputFlags
 	args.RenderOutputDirFlags
 	args.OfflineKubernetesFlags
@@ -35,6 +36,7 @@ func (cmd *listImagesCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
 		kubernetesVersion:    cmd.KubernetesVersion,
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 45e71b2ad..378549583 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.Targets {
 			result = append(result, t)
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 2f5280e02..544f77dc5 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -15,6 +15,7 @@ type pokeImagesCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -36,6 +37,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index b2cf0bc7f..b21d02aa7 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -15,6 +15,7 @@ type pruneCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.YesFlags
 	args.DryRunFlags
 	args.OutputFormatFlags
@@ -38,6 +39,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 09146afdf..e986ffc32 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -17,6 +17,7 @@ type renderCmd struct {
 	args.ImageFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.RenderOutputDirFlags
 	args.OfflineKubernetesFlags
 
@@ -46,6 +47,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		offlineKubernetes:    cmd.OfflineKubernetes,
 		kubernetesVersion:    cmd.KubernetesVersion,
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 189187cf6..1f9de1f41 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -18,6 +18,7 @@ type sealCmd struct {
 	args.ProjectFlags
 	args.TargetFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.OfflineKubernetesFlags
 
 	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
@@ -43,12 +44,13 @@ func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.L
 	}
 
 	ptArgs := projectTargetCommandArgs{
-		projectFlags:      cmd.ProjectFlags,
-		targetFlags:       cmd.TargetFlags,
-		helmCredentials:   cmd.HelmCredentials,
-		forSeal:           true,
-		offlineKubernetes: cmd.OfflineKubernetes,
-		kubernetesVersion: cmd.KubernetesVersion,
+		projectFlags:        cmd.ProjectFlags,
+		targetFlags:         cmd.TargetFlags,
+		helmCredentials:     cmd.HelmCredentials,
+		registryCredentials: cmd.RegistryCredentials,
+		forSeal:             true,
+		offlineKubernetes:   cmd.OfflineKubernetes,
+		kubernetesVersion:   cmd.KubernetesVersion,
 	}
 	ptArgs.targetFlags.Target = targetName
 
@@ -155,7 +157,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 }
 
 func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, &cmd.HelmCredentials, &cmd.RegistryCredentials, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		noTargetMatch := true
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 0eb3a5368..5f2c306aa 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -14,6 +14,7 @@ type validateCmd struct {
 	args.ArgsFlags
 	args.InclusionFlags
 	args.HelmCredentials
+	args.RegistryCredentials
 	args.OutputFlags
 	args.RenderOutputDirFlags
 
@@ -35,6 +36,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		inclusionFlags:       cmd.InclusionFlags,
 		helmCredentials:      cmd.HelmCredentials,
+		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 	}
 
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 94865a7e4..bd53fd172 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -50,7 +50,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, nil, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 6c5580836..cf56efafe 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -31,7 +31,7 @@ import (
 	"strings"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
 	if err != nil {
 		return fmt.Errorf("creating temporary project directory failed: %w", err)
@@ -111,6 +111,11 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	} else {
 		helmAuth.RegisterAuthProvider(x, false)
 	}
+	if x, err := registryCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		ociAuth.RegisterAuthProvider(x, false)
+	}
 
 	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, gitRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
@@ -164,6 +169,7 @@ type projectTargetCommandArgs struct {
 	imageFlags           args.ImageFlags
 	inclusionFlags       args.InclusionFlags
 	helmCredentials      args.HelmCredentials
+	registryCredentials  args.RegistryCredentials
 	dryRunArgs           *args.DryRunFlags
 	renderOutputDirFlags args.RenderOutputDirFlags
 	commandResultFlags   *args.CommandResultFlags
@@ -185,7 +191,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, &args.helmCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, &args.helmCredentials, &args.registryCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }

From c79a44a4ee2f947aefd3e4a18084b833204e5c08 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 13:43:58 +0200
Subject: [PATCH 1697/2268] feat: Use oci authentication provider for Helm

---
 pkg/controllers/kluctl_project.go             |   5 +-
 .../kluctldeployment_controller_source.go     |  10 +-
 pkg/helm/chart.go                             | 127 +++++++++++++++---
 pkg/helm/helm_release.go                      |   2 +-
 pkg/helm/utils.go                             |   9 +-
 5 files changed, 122 insertions(+), 31 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index dd220fbfd..52880c8fc 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -11,6 +11,7 @@ import (
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
@@ -51,6 +52,7 @@ type preparedProject struct {
 	ociRP *repocache.OciRepoCache
 
 	helmAuthProvider helm_auth.HelmAuthProvider
+	ociAuthProvider  auth_provider.OciAuthProvider
 
 	co         git.CheckoutInfo
 	tmpDir     string
@@ -108,7 +110,7 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
-	pp.ociRP, err = r.buildOciRepoCache(ctx, ociSecrets)
+	pp.ociRP, pp.ociAuthProvider, err = r.buildOciRepoCache(ctx, ociSecrets)
 	if err != nil {
 		return nil, err
 	}
@@ -585,6 +587,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 		Images:           images,
 		Inclusion:        inclusion,
 		HelmAuthProvider: pt.pp.helmAuthProvider,
+		OciAuthProvider:  pt.pp.ociAuthProvider,
 		RenderOutputDir:  renderOutputDir,
 	}
 	if pt.pp.obj.Spec.Target != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index b9fc0d0b3..abfb0ee6e 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -373,25 +373,25 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 	return rc, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets) (*repocache.OciRepoCache, error) {
+func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
 	key, err := r.buildOciRepoCacheKey(secrets)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-oci-cache", key)
 	err = os.MkdirAll(tmpBaseDir, 0o700)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
 
 	ociAuthProvider, err := r.buildOciAuth(ctx, secrets)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	rc := repocache.NewOciRepoCache(ctx, ociAuthProvider, nil, 0)
-	return rc, nil
+	return rc, ociAuthProvider, nil
 }
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 9574bd4a7..729bc172f 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -2,8 +2,11 @@ package helm
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"github.com/Masterminds/semver/v3"
+	"github.com/docker/cli/cli/config/configfile"
+	types2 "github.com/docker/cli/cli/config/types"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
@@ -32,9 +35,9 @@ type Chart struct {
 	chartName string
 
 	helmAuthProvider auth.HelmAuthProvider
-	credentialsId    string
+	ociAuthProvider  auth_provider.OciAuthProvider
 
-	ociAuthProvider auth_provider.OciAuthProvider
+	credentialsId string
 
 	versions []string
 }
@@ -162,6 +165,85 @@ func (c *Chart) GetChartName() string {
 	return c.chartName
 }
 
+func (c *Chart) buildOciAuth(ctx context.Context) (*auth_provider.OciAuthInfo, string, error) {
+	u, err := url.Parse(c.repo)
+	if err != nil {
+		return nil, "", err
+	}
+
+	ai, err := c.ociAuthProvider.Login(ctx, c.repo)
+	if err != nil {
+		return nil, "", err
+	}
+	if ai == nil {
+		return nil, "", nil
+	}
+	a, err := ai.Authenticator.Authorization()
+	if err != nil {
+		return nil, "", err
+	}
+
+	cf := configfile.ConfigFile{
+		AuthConfigs: map[string]types2.AuthConfig{
+			u.Host: {
+				Username:      a.Username,
+				Password:      a.Password,
+				Auth:          a.Auth,
+				IdentityToken: a.IdentityToken,
+				RegistryToken: a.RegistryToken,
+			},
+		},
+	}
+	cfStr, err := json.Marshal(&cf)
+	if err != nil {
+		return nil, "", err
+	}
+
+	tmpFile, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "helm-config-*.json")
+	if err != nil {
+		return nil, "", err
+	}
+	defer tmpFile.Close()
+
+	_, err = tmpFile.Write(cfStr)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return ai, tmpFile.Name(), nil
+}
+
+func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings) (*registry.Client, func(), error) {
+	noop := func() {}
+	cleanup := noop
+
+	opts := []registry.ClientOption{
+		registry.ClientOptDebug(settings.Debug),
+		registry.ClientOptEnableCache(true),
+	}
+
+	if registry.IsOCI(c.repo) {
+		_, configFile, err := c.buildOciAuth(ctx)
+		if err != nil {
+			return nil, noop, err
+		}
+		cleanup = func() {
+			_ = os.Remove(configFile)
+		}
+		opts = append(opts, registry.ClientOptCredentialsFile(configFile))
+	} else {
+		opts = append(opts, registry.ClientOptCredentialsFile(settings.RegistryConfig))
+	}
+
+	// Create a new registry client
+	registryClient, err := registry.NewClient(opts...)
+	if err != nil {
+		cleanup()
+		return nil, noop, err
+	}
+	return registryClient, cleanup, nil
+}
+
 func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
@@ -178,12 +260,20 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 	}
 	defer os.RemoveAll(tmpPullDir)
 
-	cfg, err := buildHelmConfig(nil)
+	settings := cli.New()
+	registryClient, cleanup, err := c.newRegistryClient(ctx, settings)
 	if err != nil {
 		return nil, err
 	}
+	defer cleanup()
+
+	cfg, err := buildHelmConfig(nil, registryClient)
+	if err != nil {
+		return nil, err
+	}
+
 	a := action.NewPullWithOpts(action.WithConfig(cfg))
-	a.Settings = cli.New()
+	a.Settings = settings
 	a.Untar = true
 	a.DestDir = tmpPullDir
 	a.Version = version
@@ -194,19 +284,22 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		}
 	}
 
-	creds, cf, err := c.helmAuthProvider.FindAuthEntry(ctx, *u, c.credentialsId)
-	if err != nil {
-		return nil, err
-	}
-	defer cf()
-	if creds != nil {
-		a.Username = creds.Username
-		a.Password = creds.Password
-		a.CertFile = creds.CertFile
-		a.CaFile = creds.CAFile
-		a.KeyFile = creds.KeyFile
-		a.InsecureSkipTLSverify = creds.InsecureSkipTLSverify
-		a.PassCredentialsAll = creds.PassCredentialsAll
+	if !registry.IsOCI(c.repo) {
+		helmCreds, cf, err := c.helmAuthProvider.FindAuthEntry(ctx, *u, c.credentialsId)
+		if err != nil {
+			return nil, err
+		}
+		defer cf()
+
+		if helmCreds != nil {
+			a.Username = helmCreds.Username
+			a.Password = helmCreds.Password
+			a.CertFile = helmCreds.CertFile
+			a.CaFile = helmCreds.CAFile
+			a.KeyFile = helmCreds.KeyFile
+			a.InsecureSkipTLSverify = helmCreds.InsecureSkipTLSverify
+			a.PassCredentialsAll = helmCreds.PassCredentialsAll
+		}
 	}
 
 	var out string
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 6a3d25fb8..9fa48ef49 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -167,7 +167,7 @@ func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion s
 	}
 	valuesPath := yaml.FixPathExt(filepath.Join(filepath.Dir(hr.ConfigFile), "helm-values.yml"))
 
-	cfg, err := buildHelmConfig(k)
+	cfg, err := buildHelmConfig(k, nil)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/helm/utils.go b/pkg/helm/utils.go
index d02c70ef0..6a9f71280 100644
--- a/pkg/helm/utils.go
+++ b/pkg/helm/utils.go
@@ -6,14 +6,9 @@ import (
 	"helm.sh/helm/v3/pkg/registry"
 )
 
-func buildHelmConfig(k *k8s.K8sCluster) (*action.Configuration, error) {
-	rc, err := registry.NewClient()
-	if err != nil {
-		return nil, err
-	}
-
+func buildHelmConfig(k *k8s.K8sCluster, registryClient *registry.Client) (*action.Configuration, error) {
 	return &action.Configuration{
 		RESTClientGetter: k,
-		RegistryClient:   rc,
+		RegistryClient:   registryClient,
 	}, nil
 }

From 1c58bbdc453c9afc8a97267a3ec6f628be7f6161 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 13:44:12 +0200
Subject: [PATCH 1698/2268] fix: Validate subDir of OciProject

---
 pkg/types/oci_project.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/pkg/types/oci_project.go b/pkg/types/oci_project.go
index 41660a81d..05f82b8ca 100644
--- a/pkg/types/oci_project.go
+++ b/pkg/types/oci_project.go
@@ -1,5 +1,11 @@
 package types
 
+import (
+	"fmt"
+	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+)
+
 type OciProject struct {
 	Url    string  `json:"url" validate:"required"`
 	Ref    *OciRef `json:"ref,omitempty"`
@@ -31,3 +37,14 @@ func (ref *OciRef) String() string {
 	}
 	return ref.Tag
 }
+
+func ValidateOciProject(sl validator.StructLevel) {
+	p := sl.Current().Interface().(OciProject)
+	if !validateGitSubDir(p.SubDir) {
+		sl.ReportError(p.SubDir, "subDir", "SubDir", fmt.Sprintf("'%s' is not valid oci subdirectory path", p.SubDir), "")
+	}
+}
+
+func init() {
+	yaml.Validator.RegisterStructValidation(ValidateOciProject, OciProject{})
+}

From 37cf94dd951a0e96e81677ba0be3c671e469043a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 15:31:08 +0200
Subject: [PATCH 1699/2268] tests: Stop writing to the global helm registry
 config

---
 e2e/test-utils/helm_repo_utils.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 6b63af23f..d0db621d0 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -131,8 +131,10 @@ func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, passwo
 
 	var registryClient *registry2.Client
 	if password != "" {
+		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
+
 		var err error
-		registryClient, err = registry2.NewClient()
+		registryClient, err = registry2.NewClient(registry2.ClientOptCredentialsFile(tmpConfigFile))
 		if err != nil {
 			t.Fatal(err)
 		}

From c26de2118e975c147d52415e0e03dfa77d9f4625 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 15:32:26 +0200
Subject: [PATCH 1700/2268] feat: Allow to override TLS config for registries

---
 cmd/kluctl/args/registry_credentials.go       |  48 +++++++
 .../kluctldeployment_controller_source.go     |   7 +-
 pkg/helm/chart.go                             |  80 +++---------
 pkg/oci/auth_provider/auth_provider.go        | 123 ++++++++++++++++--
 .../docker_config_auth_provider.go            |  13 +-
 pkg/oci/auth_provider/env_auth_provider.go    |  30 ++---
 pkg/oci/auth_provider/list_auth_provider.go   |  46 ++-----
 pkg/oci/auth_provider/utils.go                |  31 +++++
 pkg/repocache/oci_cache.go                    |   8 +-
 9 files changed, 254 insertions(+), 132 deletions(-)
 create mode 100644 pkg/oci/auth_provider/utils.go

diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 5503374e6..1505b8f18 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
 	"strings"
 )
 
@@ -13,6 +15,12 @@ type RegistryCredentials struct {
 	RegistryAuth          []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
 	RegistryIdentityToken []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
 	RegistryToken         []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+
+	RegistryKeyFile  []string `group:"misc" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
+	RegistryCertFile []string `group:"misc" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
+	RegistryCAFile   []string `group:"misc" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
+
+	RegistryInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
 }
 
 func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provider.OciAuthProvider, error) {
@@ -80,6 +88,46 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		}
 		e.AuthConfig.RegistryToken = v
 	}
+	for _, s := range c.RegistryKeyFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.Key = b
+	}
+	for _, s := range c.RegistryCertFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.Cert = b
+	}
+	for _, s := range c.RegistryCAFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.CA = b
+	}
+	for _, s := range c.RegistryInsecureSkipTlsVerify {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(v)
+	}
 
 	for _, e := range byRegistryAndRepo {
 		la.AddEntry(*e)
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index abfb0ee6e..422ecf896 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -249,8 +249,11 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 		if x, ok := secret.secret.Data["registry_token"]; ok {
 			e.AuthConfig.RegistryToken = string(x)
 		}
-		if x, ok := secret.secret.Data["insecure"]; ok {
-			e.Insecure = utils.ParseBoolOrFalse(string(x))
+		if x, ok := secret.secret.Data["plain_http"]; ok {
+			e.PlainHTTP = utils.ParseBoolOrFalse(string(x))
+		}
+		if x, ok := secret.secret.Data["insecure_skip_tls_verify"]; ok {
+			e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(string(x))
 		}
 
 		la.AddEntry(e)
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 729bc172f..3db55fd82 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -2,11 +2,8 @@ package helm
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"github.com/Masterminds/semver/v3"
-	"github.com/docker/cli/cli/config/configfile"
-	types2 "github.com/docker/cli/cli/config/types"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
@@ -125,6 +122,7 @@ func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, err
 	switch {
 	case u.Scheme == "oci":
 		scheme = "oci"
+		port = u.Port()
 	case u.Scheme == "http":
 		scheme = "http"
 		if u.Port() != "80" {
@@ -165,72 +163,32 @@ func (c *Chart) GetChartName() string {
 	return c.chartName
 }
 
-func (c *Chart) buildOciAuth(ctx context.Context) (*auth_provider.OciAuthInfo, string, error) {
-	u, err := url.Parse(c.repo)
-	if err != nil {
-		return nil, "", err
-	}
-
-	ai, err := c.ociAuthProvider.Login(ctx, c.repo)
-	if err != nil {
-		return nil, "", err
-	}
-	if ai == nil {
-		return nil, "", nil
-	}
-	a, err := ai.Authenticator.Authorization()
-	if err != nil {
-		return nil, "", err
-	}
-
-	cf := configfile.ConfigFile{
-		AuthConfigs: map[string]types2.AuthConfig{
-			u.Host: {
-				Username:      a.Username,
-				Password:      a.Password,
-				Auth:          a.Auth,
-				IdentityToken: a.IdentityToken,
-				RegistryToken: a.RegistryToken,
-			},
-		},
-	}
-	cfStr, err := json.Marshal(&cf)
-	if err != nil {
-		return nil, "", err
-	}
-
-	tmpFile, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "helm-config-*.json")
-	if err != nil {
-		return nil, "", err
-	}
-	defer tmpFile.Close()
+func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings) (*registry.Client, func(), error) {
+	cleanup := func() {}
 
-	_, err = tmpFile.Write(cfStr)
+	u, err := url.Parse(c.repo)
 	if err != nil {
-		return nil, "", err
+		return nil, nil, err
 	}
 
-	return ai, tmpFile.Name(), nil
-}
-
-func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings) (*registry.Client, func(), error) {
-	noop := func() {}
-	cleanup := noop
-
 	opts := []registry.ClientOption{
 		registry.ClientOptDebug(settings.Debug),
 		registry.ClientOptEnableCache(true),
 	}
 
 	if registry.IsOCI(c.repo) {
-		_, configFile, err := c.buildOciAuth(ctx)
+		ociAuth, err := c.ociAuthProvider.FindAuthEntry(ctx, c.repo)
 		if err != nil {
-			return nil, noop, err
+			return nil, nil, err
 		}
-		cleanup = func() {
-			_ = os.Remove(configFile)
+		if ociAuth != nil {
+			var authOpts []registry.ClientOption
+			authOpts, cleanup, err = ociAuth.BuildHelmRegistryOptions(ctx, u.Host)
+			if err != nil {
+				return nil, nil, err
+			}
+			opts = append(opts, authOpts...)
 		}
-		opts = append(opts, registry.ClientOptCredentialsFile(configFile))
 	} else {
 		opts = append(opts, registry.ClientOptCredentialsFile(settings.RegistryConfig))
 	}
@@ -239,7 +197,7 @@ func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings
 	registryClient, err := registry.NewClient(opts...)
 	if err != nil {
 		cleanup()
-		return nil, noop, err
+		return nil, nil, err
 	}
 	return registryClient, cleanup, nil
 }
@@ -460,11 +418,15 @@ func (c *Chart) queryVersionsOci(ctx context.Context) error {
 	var clientOpts []crane.Option
 	clientOpts = append(clientOpts, crane.WithContext(ctx))
 	if c.ociAuthProvider != nil {
-		auth, err := c.ociAuthProvider.Login(ctx, c.repo)
+		auth, err := c.ociAuthProvider.FindAuthEntry(ctx, c.repo)
 		if err != nil {
 			return err
 		}
-		clientOpts = append(clientOpts, auth.BuildCraneOptions()...)
+		authOpts, err := auth.BuildCraneOptions()
+		if err != nil {
+			return nil
+		}
+		clientOpts = append(clientOpts, authOpts...)
 	}
 
 	imageName := strings.TrimPrefix(c.repo, "oci://")
diff --git a/pkg/oci/auth_provider/auth_provider.go b/pkg/oci/auth_provider/auth_provider.go
index fcc228646..36296cb48 100644
--- a/pkg/oci/auth_provider/auth_provider.go
+++ b/pkg/oci/auth_provider/auth_provider.go
@@ -2,19 +2,35 @@ package auth_provider
 
 import (
 	"context"
+	"encoding/json"
+	"github.com/docker/cli/cli/config/configfile"
+	types2 "github.com/docker/cli/cli/config/types"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/hashicorp/go-multierror"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"helm.sh/helm/v3/pkg/registry"
+	"net/http"
+	"os"
 )
 
-type OciAuthInfo struct {
-	Authenticator authn.Authenticator
+type AuthEntry struct {
+	Registry string
+	Repo     string
 
-	Insecure bool
+	AuthConfig authn.AuthConfig
+
+	Key  []byte
+	Cert []byte
+	CA   []byte
+
+	PlainHTTP             bool
+	InsecureSkipTlsVerify bool
 }
 
 type OciAuthProvider interface {
-	Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error)
+	FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error)
 }
 
 type OciAuthProviders struct {
@@ -29,10 +45,10 @@ func (a *OciAuthProviders) RegisterAuthProvider(p OciAuthProvider, last bool) {
 	}
 }
 
-func (a *OciAuthProviders) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+func (a *OciAuthProviders) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
 	var errs *multierror.Error
 	for _, p := range a.authProviders {
-		auth, err := p.Login(ctx, ociUrl)
+		auth, err := p.FindAuthEntry(ctx, ociUrl)
 		if err != nil {
 			errs = multierror.Append(errs, err)
 			continue
@@ -52,16 +68,97 @@ func NewDefaultAuthProviders(envPrefix string) *OciAuthProviders {
 	return a
 }
 
-func (a *OciAuthInfo) BuildCraneOptions() []crane.Option {
+func (a *AuthEntry) BuildHttpTransport() (*http.Transport, error) {
+	tlsConfig, err := newTLSConfig(a.Cert, a.Key, a.CA, a.InsecureSkipTlsVerify)
+	if err != nil {
+		return nil, err
+	}
+	t := &http.Transport{
+		TLSClientConfig: tlsConfig,
+	}
+	return t, nil
+}
+
+func (a *AuthEntry) BuildCraneOptions() ([]crane.Option, error) {
 	var ret []crane.Option
 	if a == nil {
-		return ret
+		return ret, nil
+	}
+	if a.PlainHTTP {
+		ret = append(ret, func(options *crane.Options) {
+			options.Name = append(options.Name, name.Insecure)
+		})
+	}
+
+	t, err := a.BuildHttpTransport()
+	if err != nil {
+		return nil, err
+	}
+	ret = append(ret, crane.WithTransport(t))
+
+	if a.AuthConfig != (authn.AuthConfig{}) {
+		ret = append(ret, crane.WithAuth(authn.FromConfig(a.AuthConfig)))
+	}
+
+	return ret, nil
+}
+
+func (a *AuthEntry) BuildDockerConfig(ctx context.Context, host string) (string, error) {
+	cf := configfile.ConfigFile{
+		AuthConfigs: map[string]types2.AuthConfig{
+			host: {
+				Username:      a.AuthConfig.Username,
+				Password:      a.AuthConfig.Password,
+				Auth:          a.AuthConfig.Auth,
+				IdentityToken: a.AuthConfig.IdentityToken,
+				RegistryToken: a.AuthConfig.RegistryToken,
+			},
+		},
 	}
-	if a.Insecure {
-		ret = append(ret, crane.Insecure)
+	cfStr, err := json.Marshal(&cf)
+	if err != nil {
+		return "", err
 	}
-	if a.Authenticator != nil {
-		ret = append(ret, crane.WithAuth(a.Authenticator))
+
+	tmpFile, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "oci-config-*.json")
+	if err != nil {
+		return "", err
 	}
-	return ret
+	defer tmpFile.Close()
+
+	_, err = tmpFile.Write(cfStr)
+	if err != nil {
+		return "", err
+	}
+
+	return tmpFile.Name(), nil
+}
+
+func (a *AuthEntry) BuildHelmRegistryOptions(ctx context.Context, host string) ([]registry.ClientOption, func(), error) {
+	var ret []registry.ClientOption
+
+	cleanup := func() {}
+
+	cf, err := a.BuildDockerConfig(ctx, host)
+	if err != nil {
+		return nil, nil, err
+	}
+	cleanup = func() {
+		_ = os.Remove(cf)
+	}
+
+	ret = append(ret, registry.ClientOptCredentialsFile(cf))
+
+	t, err := a.BuildHttpTransport()
+	if err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+
+	hc := &http.Client{
+		Transport: t,
+	}
+	ret = append(ret, registry.ClientOptHTTPClient(hc))
+
+	return ret, cleanup, nil
 }
diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
index f83b07484..52e53f8c0 100644
--- a/pkg/oci/auth_provider/docker_config_auth_provider.go
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -12,7 +12,7 @@ import (
 type OciDockerConfigAuthProvider struct {
 }
 
-func (o OciDockerConfigAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+func (o OciDockerConfigAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
 	if !strings.HasPrefix(ociUrl, "oci://") {
 		return nil, fmt.Errorf("invalid oci url: %s", ociUrl)
 	}
@@ -31,7 +31,14 @@ func (o OciDockerConfigAuthProvider) Login(ctx context.Context, ociUrl string) (
 		return nil, nil
 	}
 
-	return &OciAuthInfo{
-		Authenticator: auth,
+	authConfig, err := auth.Authorization()
+	if err != nil {
+		return nil, err
+	}
+
+	return &AuthEntry{
+		Registry:   ociRef.Context().RegistryStr(),
+		Repo:       ociRef.Context().RepositoryStr(),
+		AuthConfig: *authConfig,
 	}, nil
 }
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index e10afe8c8..a1a3c9405 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -7,24 +7,23 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"strconv"
 )
 
 type OciEnvAuthProvider struct {
 	Prefix string
 }
 
-func (a *OciEnvAuthProvider) isDefaultInsecure(ctx context.Context) bool {
-	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE", a.Prefix), false)
+func (a *OciEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
+	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
 	if err != nil {
-		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE: %s", a.Prefix, err)
+		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE_SKIP_TLS_VERIFY: %s", a.Prefix, err)
 		return false
 	}
 	return defaultInsecure
 }
 
-func (a *OciEnvAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
-	defaultInsecure := a.isDefaultInsecure(ctx)
+func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
+	defaultInsecureSkipTlsVerify := a.isDefaultInsecureSkipTlsVerify(ctx)
 
 	var la ListAuthProvider
 
@@ -57,24 +56,25 @@ func (a *OciEnvAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuth
 				Password:      m["PASSWORD"],
 				Auth:          m["AUTH"],
 				IdentityToken: m["IDENTITY_TOKEN"],
-				RegistryToken: m["REGISTRY_TOKEN"],
+				RegistryToken: m["TOKEN"],
 			},
-			Insecure: defaultInsecure,
+			InsecureSkipTlsVerify: defaultInsecureSkipTlsVerify,
 		}
 		if e.Registry == "" {
 			continue
 		}
 
-		insecureStr, ok := m["INSECURE"]
+		x, ok := m["PLAIN_HTTP"]
 		if ok {
-			insecure, err := strconv.ParseBool(insecureStr)
-			if err != nil {
-				return nil, fmt.Errorf("failed to parse INSECURE from env: %w", err)
-			}
-			e.Insecure = insecure
+			e.PlainHTTP = utils.ParseBoolOrFalse(x)
+		}
+
+		x, ok = m["INSECURE_SKIP_TLS_VERIFY"]
+		if ok {
+			e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(x)
 		}
 
 		la.AddEntry(e)
 	}
-	return la.Login(ctx, ociUrl)
+	return la.FindAuthEntry(ctx, ociUrl)
 }
diff --git a/pkg/oci/auth_provider/list_auth_provider.go b/pkg/oci/auth_provider/list_auth_provider.go
index a19e1c675..0ba8ffbcf 100644
--- a/pkg/oci/auth_provider/list_auth_provider.go
+++ b/pkg/oci/auth_provider/list_auth_provider.go
@@ -3,9 +3,9 @@ package auth_provider
 import (
 	"context"
 	"fmt"
-	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"path"
 	"strings"
 )
 
@@ -13,32 +13,11 @@ type ListAuthProvider struct {
 	entries []AuthEntry
 }
 
-type AuthEntry struct {
-	Registry string
-	Repo     string
-
-	AuthConfig authn.AuthConfig
-
-	Insecure bool
-}
-
 func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func splitRepo(repoIn string) (string, string) {
-	var org, repo string
-	s := strings.SplitN(repoIn, "/", 2)
-	if len(s) == 1 {
-		repo = s[0]
-	} else {
-		org = s[0]
-		repo = s[1]
-	}
-	return org, repo
-}
-
-func (a *ListAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthInfo, error) {
+func (a *ListAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
 	status.Tracef(ctx, "ListAuthProvider: BuildAuth for %s", ociUrl)
 
 	if !strings.HasPrefix(ociUrl, "oci://") {
@@ -50,7 +29,7 @@ func (a *ListAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthIn
 		return nil, err
 	}
 
-	org, repo := splitRepo(ociRef.Context().RepositoryStr())
+	repo := ociRef.Context().RepositoryStr()
 
 	for _, e := range a.entries {
 		status.Tracef(ctx, "ListAuthProvider: try registry=%s, repo=%s", e.Registry, e.Repo)
@@ -59,22 +38,13 @@ func (a *ListAuthProvider) Login(ctx context.Context, ociUrl string) (*OciAuthIn
 			continue
 		}
 
-		testOrg, testRepo := splitRepo(e.Repo)
-		if testOrg == "" {
-			testOrg = "*"
-		}
-
-		if testOrg != "*" && testOrg != org {
-			continue
-		}
-		if testRepo != "*" && testRepo != repo {
-			continue
+		if e.Repo != "" {
+			if m, _ := path.Match(e.Repo, repo); !m {
+				continue
+			}
 		}
 
-		return &OciAuthInfo{
-			Authenticator: authn.FromConfig(e.AuthConfig),
-			Insecure:      e.Insecure,
-		}, nil
+		return &e, nil
 	}
 	return nil, nil
 }
diff --git a/pkg/oci/auth_provider/utils.go b/pkg/oci/auth_provider/utils.go
new file mode 100644
index 000000000..29f9216bf
--- /dev/null
+++ b/pkg/oci/auth_provider/utils.go
@@ -0,0 +1,31 @@
+package auth_provider
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"github.com/pkg/errors"
+)
+
+func newTLSConfig(cert []byte, key []byte, ca []byte, insecureSkipTLSverify bool) (*tls.Config, error) {
+	config := tls.Config{
+		InsecureSkipVerify: insecureSkipTLSverify,
+	}
+
+	if cert != nil && key != nil {
+		x, err := tls.X509KeyPair(cert, key)
+		if err != nil {
+			return nil, err
+		}
+		config.Certificates = []tls.Certificate{x}
+	}
+
+	if ca != nil {
+		cp := x509.NewCertPool()
+		if !cp.AppendCertsFromPEM(ca) {
+			return nil, errors.Errorf("failed to append certificates")
+		}
+		config.RootCAs = cp
+	}
+
+	return &config, nil
+}
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index cca9bfcb6..3e913929a 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -125,11 +125,15 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 
 	var clientOpts []crane.Option
 	if rp.ociAuthProvider != nil {
-		auth, err := rp.ociAuthProvider.Login(rp.ctx, urlN.String())
+		auth, err := rp.ociAuthProvider.FindAuthEntry(rp.ctx, urlN.String())
 		if err != nil {
 			return nil, err
 		}
-		clientOpts = append(clientOpts, auth.BuildCraneOptions()...)
+		authOpts, err := auth.BuildCraneOptions()
+		if err != nil {
+			return nil, err
+		}
+		clientOpts = append(clientOpts, authOpts...)
 	}
 
 	ociClient := client.NewClient(clientOpts)

From 2f673539058eb6919d683866fcd41c459b0d15bd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 15:32:50 +0200
Subject: [PATCH 1701/2268] tests: Add Helm+OCI+creds tests

---
 e2e/gitops_helm_test.go |  32 ++++++++----
 e2e/helm_test.go        | 111 ++++++++++++++++++++++++++++++----------
 2 files changed, 107 insertions(+), 36 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index e89e9d6c8..111b8d828 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -61,16 +61,30 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		}
 	} else if tc.argCredsHost != "" {
 		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repoUrl.Host)
-		createSecret("helm-secrets-1", map[string]string{
-			"username": tc.argUsername,
-			"password": tc.argPassword,
-		})
-		kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Credentials.Helm = append(kd.Spec.Credentials.Helm, kluctlv1.ProjectCredentialsHelm{
-				Host:      host,
-				Path:      tc.argCredsPath,
-				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+		if tc.oci {
+			createSecret("oci-secrets-1", map[string]string{
+				"username": tc.argUsername,
+				"password": tc.argPassword,
+			})
+			kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
+				kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, kluctlv1.ProjectCredentialsOci{
+					Registry:   host,
+					Repository: tc.argCredsPath,
+					SecretRef:  kluctlv1.LocalObjectReference{Name: "oci-secrets-1"},
+				})
+			}
+		} else {
+			createSecret("helm-secrets-1", map[string]string{
+				"username": tc.argUsername,
+				"password": tc.argPassword,
 			})
+			kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
+				kd.Spec.Credentials.Helm = append(kd.Spec.Credentials.Helm, kluctlv1.ProjectCredentialsHelm{
+					Host:      host,
+					Path:      tc.argCredsPath,
+					SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+				})
+			}
 		}
 	}
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 8014362a2..df4db37b3 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -71,7 +71,8 @@ var helmTests = []helmTestCase{
 	{
 		name: "helm-creds-missing", oci: false, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "401 Unauthorized"},
+		expectedError: "401 Unauthorized",
+	},
 	{
 		name: "helm-creds-invalid", oci: false, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
@@ -95,39 +96,95 @@ var helmTests = []helmTestCase{
 		name: "helm-creds-valid-path", oci: false, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "secret-password",
 	},
+
+	// oci creds
+	{
+		name: "oci-creds-missing", oci: true, testAuth: true,
+		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "oci-creds-invalid", oci: true, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "oci-creds-valid", oci: true, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "secret-password",
+	},
+	{
+		name: "oci-creds-missing-path", oci: true, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "test-chart2", argUsername: "test-user", argPassword: "secret-password",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "oci-creds-invalid-path", oci: true, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "invalid",
+		expectedError: "401 Unauthorized",
+	},
+	{
+		name: "oci-creds-valid-path", oci: true, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "secret-password",
+	},
 }
 
-func buildHelmTestExtraArgs(tc helmTestCase, host string) []string {
+func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, host string) []string {
 	var ret []string
-	if tc.argCredsId != "" {
-		ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
-		ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
-	} else if tc.argCredsHost != "" {
-		r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
-		if tc.argCredsPath != "" {
-			r += "/" + tc.argCredsPath
+	if tc.oci {
+		if tc.argCredsHost != "" {
+			r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
+			if tc.argCredsPath != "" {
+				r += "/" + tc.argCredsPath
+			}
+			ret = append(ret, fmt.Sprintf("--registry-username=%s=%s", r, tc.argUsername))
+			ret = append(ret, fmt.Sprintf("--registry-password=%s=%s", r, tc.argPassword))
+		}
+	} else {
+		if tc.argCredsId != "" {
+			ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
+			ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
+		} else if tc.argCredsHost != "" {
+			r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
+			if tc.argCredsPath != "" {
+				r += "/" + tc.argCredsPath
+			}
+			ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
+			ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
 		}
-		ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
-		ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
 	}
 	return ret
 }
 
 func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
-	if tc.argCredsId != "" {
-		t.Setenv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
-	}
-	if tc.argCredsHost != "" {
-		t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
-	}
-	if tc.argCredsPath != "" {
-		t.Setenv("KLUCTL_HELM_PATH", tc.argCredsPath)
-	}
-	if tc.argUsername != "" {
-		t.Setenv("KLUCTL_HELM_USERNAME", tc.argUsername)
-	}
-	if tc.argPassword != "" {
-		t.Setenv("KLUCTL_HELM_PASSWORD", tc.argPassword)
+	if tc.oci {
+		if tc.argCredsHost != "" {
+			t.Setenv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
+		}
+		if tc.argCredsPath != "" {
+			t.Setenv("KLUCTL_REGISTRY_REPOSITORY", tc.argCredsPath)
+		}
+		if tc.argUsername != "" {
+			t.Setenv("KLUCTL_REGISTRY_USERNAME", tc.argUsername)
+		}
+		if tc.argPassword != "" {
+			t.Setenv("KLUCTL_REGISTRY_PASSWORD", tc.argPassword)
+		}
+	} else {
+		if tc.argCredsId != "" {
+			t.Setenv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
+		}
+		if tc.argCredsHost != "" {
+			t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
+		}
+		if tc.argCredsPath != "" {
+			t.Setenv("KLUCTL_HELM_PATH", tc.argCredsPath)
+		}
+		if tc.argUsername != "" {
+			t.Setenv("KLUCTL_HELM_USERNAME", tc.argUsername)
+		}
+		if tc.argPassword != "" {
+			t.Setenv("KLUCTL_HELM_PASSWORD", tc.argPassword)
+		}
 	}
 }
 
@@ -149,7 +206,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 	repoUrl2, err := url.Parse(repoUrl)
 	assert.NoError(t, err)
 
-	extraArgs := buildHelmTestExtraArgs(tc, repoUrl2.Host)
+	extraArgs := buildHelmTestExtraArgs(t, tc, repoUrl2.Host)
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -206,7 +263,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 	if credsViaEnv {
 		buildHelmTestEnvVars(t, tc, repoUrl.Host)
 	} else {
-		args = append(args, buildHelmTestExtraArgs(tc, repoUrl.Host)...)
+		args = append(args, buildHelmTestExtraArgs(t, tc, repoUrl.Host)...)
 	}
 
 	_, stderr, err := p.Kluctl(args...)

From 5e14664f4d24fab6e079cb79c411b69cbc2fe2fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 11 Oct 2023 15:39:34 +0200
Subject: [PATCH 1702/2268] feat: Support overriding Helm repo TLS certs/ca via
 command line

---
 cmd/kluctl/args/helm_credentials.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 399de0642..1f17130fa 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -14,6 +14,8 @@ type HelmCredentials struct {
 	HelmUsername              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 	HelmPassword              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 	HelmKeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCertFile              []string `group:"misc" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCAFile                []string `group:"misc" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 }
 
@@ -84,6 +86,26 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 			return nil, err
 		}
 	}
+	for _, s := range c.HelmCertFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.Cert, err = os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+	}
+	for _, s := range c.HelmCAFile {
+		e, v, err := getEntry(s)
+		if err != nil {
+			return nil, err
+		}
+		e.CA, err = os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+	}
 	for _, s := range c.HelmInsecureSkipTlsVerify {
 		e, v, err := getEntry(s)
 		if err != nil {

From 823197df98a76125158279cf1829a709ae6a143a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 00:04:42 +0200
Subject: [PATCH 1703/2268] tests: Refactor helm repo handling

---
 e2e/gitops_helm_test.go            |   4 +-
 e2e/gitops_oci_include_test.go     |  55 ++++---
 e2e/helm_test.go                   | 221 ++++++++++++++++-------------
 e2e/oci_include_test.go            |  79 +++++++----
 e2e/sops_test.go                   |  11 +-
 e2e/test-utils/helm_repo_utils.go  |  99 -------------
 e2e/test-utils/helm_test_repo.go   | 123 ++++++++++++++++
 e2e/test-utils/http_test_server.go |  42 ++++++
 e2e/test-utils/oci_utils.go        |  36 -----
 9 files changed, 385 insertions(+), 285 deletions(-)
 create mode 100644 e2e/test-utils/helm_test_repo.go
 create mode 100644 e2e/test-utils/http_test_server.go
 delete mode 100644 e2e/test-utils/oci_utils.go

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 111b8d828..74fb535cf 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -14,7 +14,7 @@ import (
 func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	g := NewWithT(suite.T())
 
-	p, repoUrl, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull)
+	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull)
 	if err != nil {
 		if tc.expectedError == "" {
 			assert.Fail(suite.T(), "did not expect error")
@@ -60,7 +60,7 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 			})
 		}
 	} else if tc.argCredsHost != "" {
-		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repoUrl.Host)
+		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
 		if tc.oci {
 			createSecret("oci-secrets-1", map[string]string{
 				"username": tc.argUsername,
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index b3adb8555..257b19fa7 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -20,18 +20,31 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 	ip2 := prepareIncludeProject(suite.T(), "include2", "subDir", nil)
 	ip3 := prepareIncludeProject(suite.T(), "include3", "", nil)
 
-	ociUrl0 := test_utils.CreateOciRegistry(suite.T(), "user0", "pass0")
-	ociUrl1 := test_utils.CreateOciRegistry(suite.T(), "user1", "pass1")
-	ociUrl2 := test_utils.CreateOciRegistry(suite.T(), "user2", "pass2")
-	ociUrl3 := test_utils.CreateOciRegistry(suite.T(), "user3", "pass3")
-	repo0 := ociUrl0.String() + "/org0/repo0"
-	repo1 := ociUrl1.String() + "/org1/repo1"
-	repo2 := ociUrl2.String() + "/org2/repo2"
-	repo3 := ociUrl3.String() + "/org3/repo3"
-
-	ip1.KluctlMust("oci", "push", "--url", repo1, "--creds", "user1:pass1")
-	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
-	ip3.KluctlMust("oci", "push", "--url", repo3, "--creds", "user3:pass3")
+	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
+		repo := &test_utils.TestHelmRepo{
+			TestHttpServer: test_utils.TestHttpServer{
+				Username: user,
+				Password: pass,
+			},
+			Oci: true,
+		}
+		repo.Start(suite.T())
+		return repo
+	}
+
+	repo0 := createRepo("user0", "pass0")
+	repo1 := createRepo("user1", "pass1")
+	repo2 := createRepo("user2", "pass2")
+	repo3 := createRepo("user3", "pass3")
+
+	repoUrl0 := repo0.URL.String() + "/org0/repo0"
+	repoUrl1 := repo1.URL.String() + "/org1/repo1"
+	repoUrl2 := repo2.URL.String() + "/org2/repo2"
+	repoUrl3 := repo3.URL.String() + "/org3/repo3"
+
+	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--creds", "user1:pass1")
+	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
+	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--creds", "user3:pass3")
 
 	p := test_project.NewTestProject(suite.T())
 
@@ -41,25 +54,25 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url": repo1,
+			"url": repoUrl1,
 		},
 	}))
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url":    repo2,
+			"url":    repoUrl2,
 			"subDir": "subDir",
 		},
 	}))
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url": repo3,
+			"url": repoUrl3,
 		},
 	}))
-	p.KluctlMust("oci", "push", "--url", repo0, "--creds", "user0:pass0")
+	p.KluctlMust("oci", "push", "--url", repoUrl0, "--creds", "user0:pass0")
 
 	var key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
 		kd.Spec.Source.Oci = &v1beta1.ProjectSourceOci{
-			URL: repo0,
+			URL: repoUrl0,
 		}
 	})
 	suite.Run("fail without authentication", func() {
@@ -103,22 +116,22 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 	patch := client.MergeFrom(kd.DeepCopy())
 
 	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   ociUrl0.Host,
+		Registry:   repo0.URL.Host,
 		Repository: "org0/repo0",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret0"},
 	})
 	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   ociUrl1.Host,
+		Registry:   repo1.URL.Host,
 		Repository: "org1/repo1",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret1"},
 	})
 	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   ociUrl2.Host,
+		Registry:   repo2.URL.Host,
 		Repository: "*/repo2",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
 	})
 	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   ociUrl3.Host,
+		Registry:   repo3.URL.Host,
 		Repository: "org3/*",
 		SecretRef:  v1beta1.LocalObjectReference{Name: "secret3"},
 	})
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index df4db37b3..08a4bb5c4 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -19,19 +19,12 @@ import (
 	"testing"
 )
 
-func createHelmOrOciRepo(t *testing.T, charts []test_utils.RepoChart, oci bool, path string, user string, password string) string {
-	if oci {
-		return test_utils.CreateHelmOciRepo(t, charts, user, password)
-	} else {
-		return test_utils.CreateHelmRepo(t, charts, path, user, password)
-	}
-}
-
 type helmTestCase struct {
 	path     string
 	name     string
 	oci      bool
 	testAuth bool
+	testTLS  bool
 	credsId  string
 
 	argCredsId   string
@@ -188,7 +181,7 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
 	}
 }
 
-func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool) (*test_project.TestProject, url.URL, error) {
+func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool) (*test_project.TestProject, *test_utils.TestHelmRepo, error) {
 	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
@@ -200,16 +193,24 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		password = "secret-password"
 	}
 
-	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, tc.oci, tc.path, user, password)
-	repoUrl2, err := url.Parse(repoUrl)
-	assert.NoError(t, err)
+	repo := &test_utils.TestHelmRepo{
+		TestHttpServer: test_utils.TestHttpServer{
+			Username:   user,
+			Password:   password,
+			TLSEnabled: tc.testTLS,
+		},
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+		},
+		Oci:  tc.oci,
+		Path: tc.path,
+	}
+	repo.Start(t)
 
-	extraArgs := buildHelmTestExtraArgs(t, tc, repoUrl2.Host)
+	extraArgs := buildHelmTestExtraArgs(t, tc, repo.URL.Host)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	if tc.testAuth {
 		if tc.credsId != "" {
@@ -228,10 +229,10 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		if tc.expectedError != "" {
 			assert.Error(t, err)
 			assert.Contains(t, stderr, tc.expectedError)
-			return p, *repoUrl2, err
+			return p, repo, err
 		} else {
 			assert.NoError(t, err)
-			assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
+			assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 
 			p.GitServer().CommitFiles(p.GitRepoName(), []string{".helm-charts"}, true, "helm-pull")
 		}
@@ -242,7 +243,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		}, "")
 	}
 
-	return p, *repoUrl2, nil
+	return p, repo, nil
 }
 
 func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool) {
@@ -251,7 +252,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 	}
 
 	k := defaultCluster1
-	p, repoUrl, err := prepareHelmTestCase(t, k, tc, prePull)
+	p, repo, err := prepareHelmTestCase(t, k, tc, prePull)
 	if err != nil {
 		if tc.expectedError == "" {
 			assert.Fail(t, "did not expect error")
@@ -261,9 +262,9 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 
 	args := []string{"deploy", "--yes", "-t", "test"}
 	if credsViaEnv {
-		buildHelmTestEnvVars(t, tc, repoUrl.Host)
+		buildHelmTestEnvVars(t, tc, repo.URL.Host)
 	} else {
-		args = append(args, buildHelmTestExtraArgs(t, tc, repoUrl.Host)...)
+		args = append(args, buildHelmTestExtraArgs(t, tc, repo.URL.Host)...)
 	}
 
 	_, stderr, err := p.Kluctl(args...)
@@ -318,16 +319,20 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart1", Version: "0.2.0"},
-	}, oci, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Oci: oci,
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart1", Version: "0.2.0"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
@@ -339,8 +344,8 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	}, "")
 
 	p.KluctlMust("helm-pull")
-	assert.NoFileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
-	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.2.0"))
+	assert.NoFileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.2.0"))
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
@@ -364,17 +369,21 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart1", Version: "0.2.0"},
-		{ChartName: "test-chart2", Version: "0.1.0"},
-		{ChartName: "test-chart2", Version: "0.3.0"},
-	}, oci, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Oci: oci,
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart1", Version: "0.2.0"},
+			{ChartName: "test-chart2", Version: "0.1.0"},
+			{ChartName: "test-chart2", Version: "0.3.0"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipUpdate")
@@ -382,8 +391,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}, "")
 
 	p.KluctlMust("helm-pull")
-	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart1", "0.1.0"))
-	assert.FileExists(t, getChartFile(t, p, repoUrl, "test-chart2", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart2", "0.1.0"))
 
 	if commit {
 		wt, _ := p.GetGitRepo().Worktree()
@@ -413,8 +422,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		assert.Contains(t, stderr, "Committed helm chart test-chart2 with version 0.3.0")
 	}
 
-	pulledVersions1 := listChartVersions(t, p, repoUrl, "test-chart1")
-	pulledVersions2 := listChartVersions(t, p, repoUrl, "test-chart2")
+	pulledVersions1 := listChartVersions(t, p, repo.URL.String(), "test-chart1")
+	pulledVersions2 := listChartVersions(t, p, repo.URL.String(), "test-chart2")
 
 	if upgrade {
 		assert.Equal(t, []string{"0.1.0", "0.2.0"}, pulledVersions1)
@@ -479,19 +488,23 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart1", Version: "0.1.1"},
-		{ChartName: "test-chart1", Version: "0.2.0"},
-		{ChartName: "test-chart1", Version: "1.1.0"},
-		{ChartName: "test-chart1", Version: "1.1.1"},
-		{ChartName: "test-chart1", Version: "1.2.1"},
-	}, oci, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Oci: oci,
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart1", Version: "0.1.1"},
+			{ChartName: "test-chart1", Version: "0.2.0"},
+			{ChartName: "test-chart1", Version: "1.1.0"},
+			{ChartName: "test-chart1", Version: "1.1.1"},
+			{ChartName: "test-chart1", Version: "1.2.1"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repoUrl, "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("~0.1.0", "helmChart", "updateConstraints")
@@ -542,10 +555,13 @@ func TestHelmValues(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart2", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
 
 	values1 := map[string]any{
 		"data": map[string]any{
@@ -567,9 +583,9 @@ func TestHelmValues(t *testing.T) {
 	}
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
-	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
-	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
+	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
@@ -609,16 +625,19 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	createNamespace(t, k, p.TestSlug()+"-a")
 	createNamespace(t, k, p.TestSlug()+"-b")
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart2", Version: "0.1.0"},
-	}, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart2", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repoUrl, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
-	p.AddHelmDeployment("helm4", repoUrl, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
+	p.AddHelmDeployment("helm4", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
@@ -638,12 +657,15 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
@@ -704,16 +726,18 @@ func TestHelmSkipPrePull(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := createHelmOrOciRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-		{ChartName: "test-chart1", Version: "0.1.1"},
-		{ChartName: "test-chart1", Version: "0.2.0"},
-	}, false, "", "", "")
-	u, _ := url.Parse(repoUrl)
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+			{ChartName: "test-chart1", Version: "0.1.1"},
+			{ChartName: "test-chart1", Version: "0.2.0"},
+		},
+	}
+	repo.Start(t)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repoUrl, "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
@@ -725,8 +749,8 @@ func TestHelmSkipPrePull(t *testing.T) {
 	_, stderr := p.KluctlMust(args...)
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
-	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
 
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
@@ -735,8 +759,8 @@ func TestHelmSkipPrePull(t *testing.T) {
 	_, stderr = p.KluctlMust(args...)
 	assert.Contains(t, stderr, "Removing unused Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
 
 	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
@@ -745,8 +769,8 @@ func TestHelmSkipPrePull(t *testing.T) {
 	_, stderr = p.KluctlMust(args...)
 	assert.Contains(t, stderr, "test-chart1: Pulling Chart with version 0.1.1")
 	assert.NotContains(t, stderr, "version 0.1.0")
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
-	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
 
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
@@ -755,8 +779,8 @@ func TestHelmSkipPrePull(t *testing.T) {
 	_, stderr = p.KluctlMust(args...)
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.1")
-	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
-	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
 
 	// not try to update+pull
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
@@ -774,9 +798,9 @@ func TestHelmSkipPrePull(t *testing.T) {
 	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.1")
 	assert.Contains(t, stderr, "Pulling Chart with version 0.2.0")
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", u.Port())))
-	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", u.Port())))
-	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.2.0", u.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
+	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
+	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.2.0", repo.URL.Port())))
 }
 
 func getChartDir(t *testing.T, p *test_project.TestProject, url2 string, chartName string, chartVersion string) string {
@@ -786,7 +810,7 @@ func getChartDir(t *testing.T, p *test_project.TestProject, url2 string, chartNa
 	}
 	var dir string
 	if u.Scheme == "oci" {
-		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s", u.Scheme, u.Hostname()), chartName)
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
 	} else {
 		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), u.Path, chartName)
 	}
@@ -833,9 +857,12 @@ func TestHelmLookup(t *testing.T) {
 	err := k.Client.Create(context.Background(), &lookupCm)
 	assert.NoError(t, err)
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
 
 	values1 := map[string]any{
 		"lookup":          true,
@@ -844,7 +871,7 @@ func TestHelmLookup(t *testing.T) {
 	}
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
 
 	p.KluctlMust("helm-pull")
 	p.KluctlMust("deploy", "--yes", "-t", "test")
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 620b54c8d..4e44fb8ee 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -25,9 +25,13 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 
-	ociUrl := test_utils.CreateOciRegistry(t, "", "")
-	repo1 := ociUrl.String() + "/org1/repo1"
-	repo2 := ociUrl.String() + "/org2/repo2"
+	repo := &test_utils.TestHelmRepo{
+		Oci: true,
+	}
+	repo.Start(t)
+
+	repo1 := repo.URL.String() + "/org1/repo1"
+	repo2 := repo.URL.String() + "/org2/repo2"
 
 	ip1.KluctlMust("oci", "push", "--url", repo1)
 	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
@@ -62,27 +66,38 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 	ip3 := prepareIncludeProject(t, "include3", "", nil)
 
-	ociUrl1 := test_utils.CreateOciRegistry(t, "user1", "pass1")
-	ociUrl2 := test_utils.CreateOciRegistry(t, "user2", "pass2")
-	ociUrl3 := test_utils.CreateOciRegistry(t, "user3", "pass3")
-	repo1 := ociUrl1.String() + "/org1/repo1"
-	repo2 := ociUrl2.String() + "/org2/repo2"
-	repo3 := ociUrl3.String() + "/org3/repo3"
+	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
+		repo := &test_utils.TestHelmRepo{
+			TestHttpServer: test_utils.TestHttpServer{
+				Username: user,
+				Password: pass,
+			},
+			Oci: true,
+		}
+		repo.Start(t)
+		return repo
+	}
+	repo1 := createRepo("user1", "pass1")
+	repo2 := createRepo("user1", "pass1")
+	repo3 := createRepo("user1", "pass1")
+	repoUrl1 := repo1.URL.String() + "/org1/repo1"
+	repoUrl2 := repo2.URL.String() + "/org2/repo2"
+	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
 	// push with no creds
-	_, stderr, err := ip1.Kluctl("oci", "push", "--url", repo1)
+	_, stderr, err := ip1.Kluctl("oci", "push", "--url", repoUrl1)
 	assert.ErrorContains(t, err, "401 Unauthorized")
 	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// push with invalid creds
-	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repo1, "--creds", "user1:invalid")
+	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--creds", "user1:invalid")
 	assert.ErrorContains(t, err, "401 Unauthorized")
 	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// now with valid creds
-	ip1.KluctlMust("oci", "push", "--url", repo1, "--creds", "user1:pass1")
-	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
-	ip3.KluctlMust("oci", "push", "--url", repo3, "--creds", "user3:pass3")
+	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--creds", "user1:pass1")
+	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
+	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--creds", "user3:pass3")
 
 	p := test_project.NewTestProject(t)
 
@@ -113,11 +128,11 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// deploy with some invalid creds
-	t.Setenv("KLUCTL_REGISTRY_1_HOST", ociUrl1.Host)
+	t.Setenv("KLUCTL_REGISTRY_1_HOST", repo1.URL.Host)
 	t.Setenv("KLUCTL_REGISTRY_1_REPO", "org1/repo1")
 	t.Setenv("KLUCTL_REGISTRY_1_USERNAME", "user1")
 	t.Setenv("KLUCTL_REGISTRY_1_PASSWORD", "pass1")
-	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", ociUrl2.Host))
+	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", repo2.URL.Host))
 	t.Setenv("KLUCTL_REGISTRY_2_USERNAME", "user2")
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "invalid")
 	_, stderr, err = p.Kluctl("deploy", "--yes", "-t", "test")
@@ -126,7 +141,7 @@ func TestOciIncludeWithCreds(t *testing.T) {
 
 	// deploy with valid creds
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "pass2")
-	dockerLogin(t, ociUrl3.Host, "user3", "pass3")
+	dockerLogin(t, repo3.URL.Host, "user3", "pass3")
 
 	x, _ := homedir.Dir()
 	t.Logf("homedir=%s", x)
@@ -164,8 +179,12 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 
-	ociUrl := test_utils.CreateOciRegistry(t, "", "")
-	repo1 := ociUrl.String() + "/org1/repo1"
+	repo := test_utils.TestHelmRepo{
+		Oci: true,
+	}
+	repo.Start(t)
+
+	repo1 := repo.URL.String() + "/org1/repo1"
 
 	ip1.KluctlMust("oci", "push", "--url", repo1+":tag1")
 
@@ -233,9 +252,13 @@ func TestLocalOciOverride(t *testing.T) {
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 
-	ociUrl := test_utils.CreateOciRegistry(t, "", "")
-	repo1 := ociUrl.String() + "/org1/repo1"
-	repo2 := ociUrl.String() + "/org2/repo2"
+	repo := test_utils.TestHelmRepo{
+		Oci: true,
+	}
+	repo.Start(t)
+
+	repo1 := repo.URL.String() + "/org1/repo1"
+	repo2 := repo.URL.String() + "/org2/repo2"
 
 	ip1.KluctlMust("oci", "push", "--url", repo1)
 	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
@@ -296,9 +319,13 @@ func TestLocalOciGroupOverride(t *testing.T) {
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 
-	ociUrl := test_utils.CreateOciRegistry(t, "", "")
-	repo1 := ociUrl.String() + "/org1/repo1"
-	repo2 := ociUrl.String() + "/org1/repo2"
+	repo := test_utils.TestHelmRepo{
+		Oci: true,
+	}
+	repo.Start(t)
+
+	repo1 := repo.URL.String() + "/org1/repo1"
+	repo2 := repo.URL.String() + "/org1/repo2"
 
 	ip1.KluctlMust("oci", "push", "--url", repo1)
 	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
@@ -340,7 +367,7 @@ func TestLocalOciGroupOverride(t *testing.T) {
 	_ = cm.SetNestedField("o2", "data", "a")
 	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
 
-	k1 := strings.TrimPrefix(ociUrl.String(), "oci://") + "/org1"
+	k1 := strings.TrimPrefix(repo.URL.String(), "oci://") + "/org1"
 
 	p.KluctlMust("deploy", "--yes", "-t", "test",
 		"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 7c744b730..6a8d99f6a 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -99,9 +99,12 @@ func TestSopsHelmValues(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repoUrl := test_utils.CreateHelmRepo(t, []test_utils.RepoChart{
-		{ChartName: "test-chart1", Version: "0.1.0"},
-	}, "", "", "")
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
 
 	valuesBytes, err := sops_test_resources.TestResources.ReadFile("helm-values.yaml")
 	assert.NoError(t, err)
@@ -109,7 +112,7 @@ func TestSopsHelmValues(t *testing.T) {
 	assert.NoError(t, err)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repoUrl, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index d0db621d0..08ea1f25c 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -4,21 +4,13 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	cp "github.com/otiai10/copy"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/cli/values"
 	"helm.sh/helm/v3/pkg/getter"
-	"helm.sh/helm/v3/pkg/pusher"
-	registry2 "helm.sh/helm/v3/pkg/registry"
-	"helm.sh/helm/v3/pkg/repo"
-	"helm.sh/helm/v3/pkg/uploader"
 	"io/fs"
-	"net/http"
-	"net/http/httptest"
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 )
 
@@ -70,94 +62,3 @@ func createHelmPackage(t *testing.T, name string, version string) string {
 
 	return retName
 }
-
-type RepoChart struct {
-	ChartName string
-	Version   string
-}
-
-func CreateHelmRepo(t *testing.T, charts []RepoChart, path string, username string, password string) string {
-	tmpDir := t.TempDir()
-
-	for _, c := range charts {
-		tgz := createHelmPackage(t, c.ChartName, c.Version)
-		_ = cp.Copy(tgz, filepath.Join(tmpDir, path, filepath.Base(tgz)))
-	}
-
-	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if password != "" {
-			u, p, ok := r.BasicAuth()
-			if !ok || u != username || p != password {
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-		}
-		fs.ServeHTTP(w, r)
-	}))
-
-	t.Cleanup(s.Close)
-
-	i, err := repo.IndexDirectory(tmpDir, s.URL)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	i.SortEntries()
-	err = i.WriteFile(filepath.Join(tmpDir, path, "index.yaml"), 0644)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	retUrl := s.URL
-	if path != "" {
-		retUrl += "/" + path
-	}
-
-	return retUrl
-}
-
-func CreateHelmOciRepo(t *testing.T, charts []RepoChart, username string, password string) string {
-	tmpDir := t.TempDir()
-	ociUrl := CreateOciRegistry(t, username, password)
-
-	var out strings.Builder
-	settings := cli.New()
-	c := uploader.ChartUploader{
-		Out:     &out,
-		Pushers: pusher.All(settings),
-		Options: []pusher.Option{},
-	}
-
-	var registryClient *registry2.Client
-	if password != "" {
-		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
-
-		var err error
-		registryClient, err = registry2.NewClient(registry2.ClientOptCredentialsFile(tmpConfigFile))
-		if err != nil {
-			t.Fatal(err)
-		}
-		err = registryClient.Login(ociUrl.Host, registry2.LoginOptBasicAuth(username, password), registry2.LoginOptInsecure(true))
-		if err != nil {
-			t.Fatal(err)
-		}
-		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
-	}
-
-	for _, chart := range charts {
-		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
-		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
-
-		err := c.UploadTo(tgz, ociUrl.String())
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	if registryClient != nil {
-		registryClient.Logout(ociUrl.Host)
-	}
-
-	return ociUrl.String()
-}
diff --git a/e2e/test-utils/helm_test_repo.go b/e2e/test-utils/helm_test_repo.go
new file mode 100644
index 000000000..3698511c0
--- /dev/null
+++ b/e2e/test-utils/helm_test_repo.go
@@ -0,0 +1,123 @@
+package test_utils
+
+import (
+	"github.com/google/go-containerregistry/pkg/registry"
+	cp "github.com/otiai10/copy"
+	"helm.sh/helm/v3/pkg/cli"
+	"helm.sh/helm/v3/pkg/pusher"
+	registry2 "helm.sh/helm/v3/pkg/registry"
+	"helm.sh/helm/v3/pkg/repo"
+	"helm.sh/helm/v3/pkg/uploader"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+type TestHelmRepo struct {
+	TestHttpServer
+
+	Oci bool
+
+	Path   string
+	Charts []RepoChart
+
+	URL url.URL
+}
+
+type RepoChart struct {
+	ChartName string
+	Version   string
+}
+
+func (s *TestHelmRepo) Start(t *testing.T) {
+	if s.Oci {
+		s.startOciRepo(t)
+	} else {
+		s.startHelmRepo(t)
+	}
+}
+
+func (s *TestHelmRepo) startHelmRepo(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	for _, c := range s.Charts {
+		tgz := createHelmPackage(t, c.ChartName, c.Version)
+		_ = cp.Copy(tgz, filepath.Join(tmpDir, s.Path, filepath.Base(tgz)))
+	}
+
+	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
+	s.TestHttpServer.Start(t, fs)
+
+	i, err := repo.IndexDirectory(tmpDir, s.Server.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	i.SortEntries()
+	err = i.WriteFile(filepath.Join(tmpDir, s.Path, "index.yaml"), 0644)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path := s.Path
+	if path != "" {
+		path = "/" + path
+	}
+
+	u, _ := url.Parse(s.Server.URL + path)
+	s.URL = *u
+}
+
+func (s *TestHelmRepo) startOciRepo(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	ociRegistry := registry.New()
+
+	s.TestHttpServer.Start(t, http.HandlerFunc(ociRegistry.ServeHTTP))
+
+	ociUrl := strings.ReplaceAll(s.Server.URL, "http://", "oci://")
+	ociUrl2, _ := url.Parse(ociUrl)
+	s.URL = *ociUrl2
+
+	var out strings.Builder
+	settings := cli.New()
+	c := uploader.ChartUploader{
+		Out:     &out,
+		Pushers: pusher.All(settings),
+		Options: []pusher.Option{},
+	}
+
+	var registryClient *registry2.Client
+	if s.Password != "" {
+		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
+
+		var err error
+		registryClient, err = registry2.NewClient(registry2.ClientOptCredentialsFile(tmpConfigFile))
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = registryClient.Login(s.URL.Host, registry2.LoginOptBasicAuth(s.Username, s.Password),
+			registry2.LoginOptInsecure(true))
+		if err != nil {
+			t.Fatal(err)
+		}
+		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
+	}
+
+	for _, chart := range s.Charts {
+		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
+		_ = cp.Copy(tgz, filepath.Join(tmpDir, filepath.Base(tgz)))
+
+		err := c.UploadTo(tgz, s.URL.String())
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if registryClient != nil {
+		registryClient.Logout(s.URL.Host)
+	}
+}
diff --git a/e2e/test-utils/http_test_server.go b/e2e/test-utils/http_test_server.go
new file mode 100644
index 000000000..ae7d535d7
--- /dev/null
+++ b/e2e/test-utils/http_test_server.go
@@ -0,0 +1,42 @@
+package test_utils
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+type TestHttpServer struct {
+	TLSEnabled bool
+	Username   string
+	Password   string
+
+	Server *httptest.Server
+}
+
+func (s *TestHttpServer) Start(t *testing.T, h http.Handler) {
+	authH := http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		if s.Username != "" || s.Password != "" {
+			u, p, ok := request.BasicAuth()
+			if !ok {
+				writer.Header().Add("WWW-Authenticate", "Basic")
+				http.Error(writer, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+			if u != s.Username || p != s.Password {
+				http.Error(writer, "Auth header was incorrect", http.StatusUnauthorized)
+				return
+			}
+		}
+		h.ServeHTTP(writer, request)
+	})
+
+	if s.TLSEnabled {
+		s.Server = httptest.NewUnstartedServer(authH)
+		s.Server.StartTLS()
+	} else {
+		s.Server = httptest.NewServer(authH)
+	}
+
+	t.Cleanup(s.Server.Close)
+}
diff --git a/e2e/test-utils/oci_utils.go b/e2e/test-utils/oci_utils.go
deleted file mode 100644
index 188f0bb32..000000000
--- a/e2e/test-utils/oci_utils.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package test_utils
-
-import (
-	"github.com/google/go-containerregistry/pkg/registry"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"strings"
-	"testing"
-)
-
-func CreateOciRegistry(t *testing.T, username string, password string) *url.URL {
-	ociRegistry := registry.New()
-	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if username != "" || password != "" {
-			u, p, ok := r.BasicAuth()
-			if !ok {
-				w.Header().Add("WWW-Authenticate", "Basic")
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-			if u != username || p != password {
-				http.Error(w, "Auth header was incorrect", http.StatusUnauthorized)
-				return
-			}
-		}
-		ociRegistry.ServeHTTP(w, r)
-	}))
-
-	t.Cleanup(s.Close)
-
-	ociUrl := strings.ReplaceAll(s.URL, "http://", "oci://")
-	ociUrl2, _ := url.Parse(ociUrl)
-
-	return ociUrl2
-}

From 1b030fff04492092058853ae6370b60a9fa44a9b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 16:43:33 +0200
Subject: [PATCH 1704/2268] fix: Fix parsing of --registry-xx and --helm-xxx
 args

---
 cmd/kluctl/args/helm_credentials.go     | 89 +++++++++++++++----------
 cmd/kluctl/args/registry_credentials.go | 59 ++++++++--------
 2 files changed, 83 insertions(+), 65 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 1f17130fa..0a49c208b 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"strings"
 )
@@ -28,56 +27,72 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 	byCredentialId := map[string]*helm_auth.AuthEntry{}
 	byHostPath := map[string]*helm_auth.AuthEntry{}
 
-	getEntry := func(s string) (*helm_auth.AuthEntry, string, error) {
-		x1 := strings.SplitN(s, "=", 2)
-		x2 := strings.SplitN(s, ":", 2) // deprecated
-		if len(x1) == 2 {
-			k := x1[0]
-			e, ok := byHostPath[k]
-			if !ok {
-				x := strings.SplitN(k, "/", 2)
-				e = &helm_auth.AuthEntry{}
-				if len(x) == 2 {
-					e.Host = x[0]
-					e.Path = x[1]
-				} else {
-					e.Host = x[0]
-				}
-				byHostPath[k] = e
+	getDeprecatedEntry := func(s string) (*helm_auth.AuthEntry, string, bool) {
+		x := strings.Split(s, ":")
+		if len(x) != 2 {
+			return nil, "", false
+		}
+		status.Deprecation(ctx, "helm-credential-args-id", "Passing Helm credentials via credentialsId is deprecated and support for it will be removed in a future version of Kluctl. Please switch to using the <host>/<path>=value format.")
+		k := x[0]
+		e, ok := byCredentialId[k]
+		if !ok {
+			e = &helm_auth.AuthEntry{
+				CredentialsId: k,
 			}
-			return e, x1[1], nil
-		} else if len(x2) == 2 {
-			status.Deprecation(ctx, "helm-credential-args-id", "Passing Helm credentials via credentialsId is deprecated and support for it will be removed in a future version of Kluctl. Please switch to using the <host>/<path>=value format.")
-			k := x2[0]
-			e, ok := byCredentialId[k]
-			if !ok {
-				e = &helm_auth.AuthEntry{
-					CredentialsId: k,
-				}
-				byCredentialId[k] = e
+			byCredentialId[k] = e
+		}
+		return e, x[1], true
+	}
+
+	getEntry := func(s string, expectValue bool) (*helm_auth.AuthEntry, string, error) {
+		if !strings.Contains(s, "=") {
+			e, v, ok := getDeprecatedEntry(s)
+			if ok {
+				return e, v, nil
 			}
-			return e, x2[1], nil
-		} else {
-			return nil, "", fmt.Errorf("invalid parameter format")
 		}
+
+		x := strings.SplitN(s, "=", 2)
+		if expectValue && len(x) != 2 {
+			return nil, "", fmt.Errorf("expected value")
+		}
+
+		k := x[0]
+		e, ok := byHostPath[k]
+		if !ok {
+			x := strings.SplitN(k, "/", 2)
+			e = &helm_auth.AuthEntry{}
+			if len(x) == 2 {
+				e.Host = x[0]
+				e.Path = x[1]
+			} else {
+				e.Host = x[0]
+			}
+			byHostPath[k] = e
+		}
+
+		if len(x) == 1 {
+			return e, "", nil
+		}
+		return e, x[1], nil
 	}
 
 	for _, s := range c.HelmUsername {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.Username = v
 	}
 	for _, s := range c.HelmPassword {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.Password = v
 	}
 	for _, s := range c.HelmKeyFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -87,7 +102,7 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 	}
 	for _, s := range c.HelmCertFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -97,7 +112,7 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 	}
 	for _, s := range c.HelmCAFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -107,11 +122,11 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 	}
 	for _, s := range c.HelmInsecureSkipTlsVerify {
-		e, v, err := getEntry(s)
+		e, _, err := getEntry(s, false)
 		if err != nil {
 			return nil, err
 		}
-		e.InsecureSkipTLSverify = utils.ParseBoolOrFalse(v)
+		e.InsecureSkipTLSverify = true
 	}
 
 	for _, e := range byCredentialId {
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 1505b8f18..751ea0ed3 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"strings"
 )
@@ -20,6 +19,7 @@ type RegistryCredentials struct {
 	RegistryCertFile []string `group:"misc" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
 	RegistryCAFile   []string `group:"misc" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
 
+	RegistryPlainHttp             []string `group:"misc" help:"Forces the use of http (no TLS). Must be in the form --registry-plain-http=<registry>/<repo>."`
 	RegistryInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
 }
 
@@ -31,65 +31,68 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 
 	byRegistryAndRepo := map[string]*auth_provider.AuthEntry{}
 
-	getEntry := func(s string) (*auth_provider.AuthEntry, string, error) {
+	getEntry := func(s string, expectValue bool) (*auth_provider.AuthEntry, string, error) {
 		x := strings.SplitN(s, "=", 2)
-		if len(x) == 2 {
-			k := x[0]
-			e, ok := byRegistryAndRepo[k]
-			if !ok {
-				x := strings.SplitN(k, "/", 2)
-				e = &auth_provider.AuthEntry{}
-				if len(x) == 2 {
-					e.Registry = x[0]
-					e.Repo = x[1]
-				} else {
-					e.Registry = x[0]
-				}
-				byRegistryAndRepo[k] = e
+		if expectValue && len(x) != 2 {
+			return nil, "", fmt.Errorf("expected value")
+		}
+		k := x[0]
+		e, ok := byRegistryAndRepo[k]
+		if !ok {
+			x := strings.SplitN(k, "/", 2)
+			e = &auth_provider.AuthEntry{}
+			if len(x) == 2 {
+				e.Registry = x[0]
+				e.Repo = x[1]
+			} else {
+				e.Registry = x[0]
 			}
-			return e, x[1], nil
-		} else {
-			return nil, "", fmt.Errorf("invalid parameter format")
+			byRegistryAndRepo[k] = e
+		}
+
+		if len(x) == 1 {
+			return e, "", nil
 		}
+		return e, x[1], nil
 	}
 
 	for _, s := range c.RegistryUsername {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.AuthConfig.Username = v
 	}
 	for _, s := range c.RegistryPassword {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.AuthConfig.Password = v
 	}
 	for _, s := range c.RegistryAuth {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.AuthConfig.Auth = v
 	}
 	for _, s := range c.RegistryIdentityToken {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.AuthConfig.IdentityToken = v
 	}
 	for _, s := range c.RegistryToken {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
 		e.AuthConfig.RegistryToken = v
 	}
 	for _, s := range c.RegistryKeyFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -100,7 +103,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		e.Key = b
 	}
 	for _, s := range c.RegistryCertFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -111,7 +114,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		e.Cert = b
 	}
 	for _, s := range c.RegistryCAFile {
-		e, v, err := getEntry(s)
+		e, v, err := getEntry(s, true)
 		if err != nil {
 			return nil, err
 		}
@@ -122,11 +125,11 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		e.CA = b
 	}
 	for _, s := range c.RegistryInsecureSkipTlsVerify {
-		e, v, err := getEntry(s)
+		e, _, err := getEntry(s, false)
 		if err != nil {
 			return nil, err
 		}
-		e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(v)
+		e.InsecureSkipTlsVerify = true
 	}
 
 	for _, e := range byRegistryAndRepo {

From 0c63dffd5852a706b5a27ebd257a6682b0889f6d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 16:44:11 +0200
Subject: [PATCH 1705/2268] fix: Properly pass around TLS options

---
 cmd/kluctl/args/registry_credentials.go       |  7 +++++
 .../kluctldeployment_controller_source.go     | 15 +++++++++++
 pkg/oci/auth_provider/auth_provider.go        | 21 +++++++++------
 pkg/oci/auth_provider/env_auth_provider.go    | 26 +++++++++++++++++++
 4 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 751ea0ed3..d66e6d29a 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -124,6 +124,13 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		}
 		e.CA = b
 	}
+	for _, s := range c.RegistryPlainHttp {
+		e, _, err := getEntry(s, false)
+		if err != nil {
+			return nil, err
+		}
+		e.PlainHTTP = true
+	}
 	for _, s := range c.RegistryInsecureSkipTlsVerify {
 		e, _, err := getEntry(s, false)
 		if err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 422ecf896..878e08629 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -252,6 +252,21 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 		if x, ok := secret.secret.Data["plain_http"]; ok {
 			e.PlainHTTP = utils.ParseBoolOrFalse(string(x))
 		}
+		if x, ok := secret.secret.Data["cert"]; ok {
+			e.Cert = x
+		} else if x, ok := secret.secret.Data["certFile"]; ok {
+			e.Cert = x
+		}
+		if x, ok := secret.secret.Data["key"]; ok {
+			e.Key = x
+		} else if x, ok := secret.secret.Data["keyFile"]; ok {
+			e.Key = x
+		}
+		if x, ok := secret.secret.Data["ca"]; ok {
+			e.CA = x
+		} else if x, ok := secret.secret.Data["caFile"]; ok {
+			e.CA = x
+		}
 		if x, ok := secret.secret.Data["insecure_skip_tls_verify"]; ok {
 			e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(string(x))
 		}
diff --git a/pkg/oci/auth_provider/auth_provider.go b/pkg/oci/auth_provider/auth_provider.go
index 36296cb48..44e6756b7 100644
--- a/pkg/oci/auth_provider/auth_provider.go
+++ b/pkg/oci/auth_provider/auth_provider.go
@@ -139,16 +139,17 @@ func (a *AuthEntry) BuildHelmRegistryOptions(ctx context.Context, host string) (
 
 	cleanup := func() {}
 
-	cf, err := a.BuildDockerConfig(ctx, host)
-	if err != nil {
-		return nil, nil, err
-	}
-	cleanup = func() {
-		_ = os.Remove(cf)
+	if a.AuthConfig != (authn.AuthConfig{}) {
+		cf, err := a.BuildDockerConfig(ctx, host)
+		if err != nil {
+			return nil, nil, err
+		}
+		cleanup = func() {
+			_ = os.Remove(cf)
+		}
+		ret = append(ret, registry.ClientOptCredentialsFile(cf))
 	}
 
-	ret = append(ret, registry.ClientOptCredentialsFile(cf))
-
 	t, err := a.BuildHttpTransport()
 	if err != nil {
 		cleanup()
@@ -160,5 +161,9 @@ func (a *AuthEntry) BuildHelmRegistryOptions(ctx context.Context, host string) (
 	}
 	ret = append(ret, registry.ClientOptHTTPClient(hc))
 
+	if a.PlainHTTP {
+		ret = append(ret, registry.ClientOptPlainHTTP())
+	}
+
 	return ret, cleanup, nil
 }
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index a1a3c9405..10dbabe40 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -7,6 +7,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
 )
 
 type OciEnvAuthProvider struct {
@@ -74,6 +75,31 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 			e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(x)
 		}
 
+		x, ok = m["CA_FILE"]
+		if ok {
+			b, err := os.ReadFile(x)
+			if err != nil {
+				return nil, err
+			}
+			e.CA = b
+		}
+		x, ok = m["CERT_FILE"]
+		if ok {
+			b, err := os.ReadFile(x)
+			if err != nil {
+				return nil, err
+			}
+			e.Cert = b
+		}
+		x, ok = m["KEY_FILE"]
+		if ok {
+			b, err := os.ReadFile(x)
+			if err != nil {
+				return nil, err
+			}
+			e.Key = b
+		}
+
 		la.AddEntry(e)
 	}
 	return la.FindAuthEntry(ctx, ociUrl)

From d3a69ad001ad35365a0e43e6cf45adbc15f0d2b3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 16:44:25 +0200
Subject: [PATCH 1706/2268] tests: Add TLS tests for helm

---
 e2e/gitops_helm_test.go            |  92 ++++++++----
 e2e/gitops_oci_include_test.go     |   5 +-
 e2e/helm_test.go                   | 154 +++++++++++++++++---
 e2e/test-utils/helm_test_repo.go   |  56 +++++---
 e2e/test-utils/http_test_server.go | 218 ++++++++++++++++++++++++++++-
 5 files changed, 452 insertions(+), 73 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 74fb535cf..32b0a4ec0 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -40,57 +40,89 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		g.Expect(err).To(Succeed())
 	}
 
-	kdModSource := func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.Source = kluctlv1.ProjectSource{
-			Git: &kluctlv1.ProjectSourceGit{
-				URL: *types2.ParseGitUrlMust(p.GitUrl()),
-			},
-		}
-	}
-	var kdModCreds func(kd *kluctlv1.KluctlDeployment)
+	var legacyHelmCreds []kluctlv1.HelmCredentials
+	var projectCreds kluctlv1.ProjectCredentials
+
 	if tc.argCredsId != "" {
 		createSecret("helm-secrets-1", map[string]string{
 			"credentialsId": tc.argCredsId,
 			"username":      tc.argUsername,
 			"password":      tc.argPassword,
 		})
-		kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.HelmCredentials = append(kd.Spec.HelmCredentials, kluctlv1.HelmCredentials{
-				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
-			})
-		}
+		legacyHelmCreds = append(legacyHelmCreds, kluctlv1.HelmCredentials{
+			SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+		})
 	} else if tc.argCredsHost != "" {
 		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
 		if tc.oci {
-			createSecret("oci-secrets-1", map[string]string{
+			m := map[string]string{
 				"username": tc.argUsername,
 				"password": tc.argPassword,
-			})
-			kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
-				kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, kluctlv1.ProjectCredentialsOci{
-					Registry:   host,
-					Repository: tc.argCredsPath,
-					SecretRef:  kluctlv1.LocalObjectReference{Name: "oci-secrets-1"},
-				})
 			}
+			if !repo.TLSEnabled {
+				m["plain_http"] = "true"
+			}
+			if tc.argPassCA {
+				m["ca"] = string(repo.ServerCAs)
+			}
+			if tc.argPassClientCert {
+				m["cert"] = string(repo.ClientCert)
+			}
+			if tc.argPassClientCert {
+				m["key"] = string(repo.ClientKey)
+			}
+			createSecret("oci-secrets-1", m)
+			projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
+				Registry:   host,
+				Repository: tc.argCredsPath,
+				SecretRef:  kluctlv1.LocalObjectReference{Name: "oci-secrets-1"},
+			})
 		} else {
-			createSecret("helm-secrets-1", map[string]string{
+			m := map[string]string{
 				"username": tc.argUsername,
 				"password": tc.argPassword,
-			})
-			kdModCreds = func(kd *kluctlv1.KluctlDeployment) {
-				kd.Spec.Credentials.Helm = append(kd.Spec.Credentials.Helm, kluctlv1.ProjectCredentialsHelm{
-					Host:      host,
-					Path:      tc.argCredsPath,
-					SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
-				})
 			}
+			if tc.argPassCA {
+				m["ca"] = string(repo.ServerCAs)
+			}
+			if tc.argPassClientCert {
+				m["cert"] = string(repo.ClientCert)
+			}
+			if tc.argPassClientCert {
+				m["key"] = string(repo.ClientKey)
+			}
+			createSecret("helm-secrets-1", m)
+			projectCreds.Helm = append(projectCreds.Helm, kluctlv1.ProjectCredentialsHelm{
+				Host:      host,
+				Path:      tc.argCredsPath,
+				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+			})
+		}
+	}
+
+	// add a fallback secret that enables plain_http in case we have no matching creds
+	if tc.oci && !repo.TLSEnabled {
+		m := map[string]string{
+			"plain_http": "true",
 		}
+		createSecret("oci-secrets-plain-http", m)
+		projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
+			Registry:  repo.URL.Host,
+			SecretRef: kluctlv1.LocalObjectReference{Name: "oci-secrets-plain-http"},
+		})
 	}
 
 	key := suite.createKluctlDeployment2(p, "test", map[string]any{
 		"namespace": p.TestSlug(),
-	}, kdModSource, kdModCreds)
+	}, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Source = kluctlv1.ProjectSource{
+			Git: &kluctlv1.ProjectSourceGit{
+				URL: *types2.ParseGitUrlMust(p.GitUrl()),
+			},
+		}
+		kd.Spec.HelmCredentials = legacyHelmCreds
+		kd.Spec.Credentials = projectCreds
+	})
 
 	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 257b19fa7..2fcdbded0 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -96,8 +96,9 @@ func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
 				Namespace: key.Namespace,
 			},
 			Data: map[string][]byte{
-				"username": []byte(username),
-				"password": []byte(password),
+				"username":   []byte(username),
+				"password":   []byte(password),
+				"plain_http": []byte("true"),
 			},
 		}
 		err := suite.k.Client.Create(context.Background(), &secret)
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 08a4bb5c4..33e9497c8 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -20,12 +20,13 @@ import (
 )
 
 type helmTestCase struct {
-	path     string
-	name     string
-	oci      bool
-	testAuth bool
-	testTLS  bool
-	credsId  string
+	path              string
+	name              string
+	oci               bool
+	testAuth          bool
+	testTLS           bool
+	testTLSClientCert bool
+	credsId           string
 
 	argCredsId   string
 	argCredsHost string
@@ -33,6 +34,9 @@ type helmTestCase struct {
 	argUsername  string
 	argPassword  string
 
+	argPassCA         bool
+	argPassClientCert bool
+
 	expectedError string
 }
 
@@ -40,6 +44,57 @@ var helmTests = []helmTestCase{
 	{name: "helm-no-creds"},
 	{name: "oci-no-creds", oci: true},
 
+	// tls tests
+	{
+		name: "helm-tls-missing-ca", testTLS: true,
+		argPassCA:     false,
+		argCredsHost:  "<host>",
+		expectedError: "failed to verify certificate",
+	},
+	{
+		name: "helm-tls-valid-ca", testTLS: true,
+		argPassCA:    true,
+		argCredsHost: "<host>",
+	},
+	{
+		name: "helm-tls-missing-cert", testTLS: true, testTLSClientCert: true,
+		argPassCA:         true,
+		argPassClientCert: false,
+		argCredsHost:      "<host>",
+		expectedError:     "certificate required",
+	},
+	{
+		name: "helm-tls-valid-cert", testTLS: true, testTLSClientCert: true,
+		argPassCA:         true,
+		argPassClientCert: true,
+		argCredsHost:      "<host>",
+	},
+
+	{
+		name: "oci-tls-missing-ca", oci: true, testTLS: true,
+		argPassCA:     false,
+		argCredsHost:  "<host>",
+		expectedError: "failed to verify certificate",
+	},
+	{
+		name: "oci-tls-valid-ca", oci: true, testTLS: true,
+		argPassCA:    true,
+		argCredsHost: "<host>",
+	},
+	{
+		name: "oci-tls-missing-cert", oci: true, testTLS: true, testTLSClientCert: true,
+		argPassCA:         true,
+		argPassClientCert: false,
+		argCredsHost:      "<host>",
+		expectedError:     "certificate required",
+	},
+	{
+		name: "oci-tls-valid-cert", oci: true, testTLS: true, testTLSClientCert: true,
+		argPassCA:         true,
+		argPassClientCert: true,
+		argCredsHost:      "<host>",
+	},
+
 	// deprecated helm credentials flags
 	{
 		name: "dep-helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
@@ -121,37 +176,76 @@ var helmTests = []helmTestCase{
 	},
 }
 
-func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, host string) []string {
+func newTmpFile(t *testing.T, b []byte) string {
+	tmp, _ := os.Create(filepath.Join(t.TempDir(), "x.pem"))
+	defer tmp.Close()
+	tmp.Write(b)
+	return tmp.Name()
+}
+
+func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.TestHelmRepo) []string {
 	var ret []string
 	if tc.oci {
 		if tc.argCredsHost != "" {
-			r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
+			r := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
 			if tc.argCredsPath != "" {
 				r += "/" + tc.argCredsPath
 			}
 			ret = append(ret, fmt.Sprintf("--registry-username=%s=%s", r, tc.argUsername))
 			ret = append(ret, fmt.Sprintf("--registry-password=%s=%s", r, tc.argPassword))
+			if !repo.TLSEnabled {
+				ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", r))
+			}
+		}
+		if !repo.TLSEnabled {
+			r := repo.URL.Host
+			if tc.argCredsPath != "" {
+				r += "/" + tc.argCredsPath
+			}
+			ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", r))
+		}
+		if tc.testTLS {
+			if tc.argPassCA {
+				ret = append(ret, fmt.Sprintf("--registry-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ServerCAs)))
+			}
+			if tc.argPassClientCert {
+				ret = append(ret, fmt.Sprintf("--registry-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientCert)))
+				ret = append(ret, fmt.Sprintf("--registry-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientKey)))
+			}
 		}
 	} else {
 		if tc.argCredsId != "" {
 			ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
 			ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
 		} else if tc.argCredsHost != "" {
-			r := strings.ReplaceAll(tc.argCredsHost, "<host>", host)
+			r := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
 			if tc.argCredsPath != "" {
 				r += "/" + tc.argCredsPath
 			}
 			ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
 			ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
 		}
+		if tc.testTLS {
+			if tc.argPassCA {
+				ret = append(ret, fmt.Sprintf("--helm-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ServerCAs)))
+			}
+			if tc.argPassClientCert {
+				ret = append(ret, fmt.Sprintf("--helm-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientCert)))
+				ret = append(ret, fmt.Sprintf("--helm-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientKey)))
+			}
+		}
+	}
+	// add a fallback that enables plain_http in case we have no matching creds
+	if tc.oci && !repo.TLSEnabled {
+		ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", repo.URL.Host))
 	}
 	return ret
 }
 
-func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
+func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, repo *test_utils.TestHelmRepo) {
 	if tc.oci {
 		if tc.argCredsHost != "" {
-			t.Setenv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
+			t.Setenv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
 		}
 		if tc.argCredsPath != "" {
 			t.Setenv("KLUCTL_REGISTRY_REPOSITORY", tc.argCredsPath)
@@ -162,12 +256,22 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
 		if tc.argPassword != "" {
 			t.Setenv("KLUCTL_REGISTRY_PASSWORD", tc.argPassword)
 		}
+		if !repo.TLSEnabled {
+			t.Setenv("KLUCTL_REGISTRY_PLAIN_HTTP", "true")
+		}
+		if tc.argPassCA {
+			t.Setenv("KLUCTL_REGISTRY_CA_FILE", newTmpFile(t, repo.ServerCAs))
+		}
+		if tc.argPassClientCert {
+			t.Setenv("KLUCTL_REGISTRY_CERT_FILE", newTmpFile(t, repo.ClientCert))
+			t.Setenv("KLUCTL_REGISTRY_KEY_FILE", newTmpFile(t, repo.ClientKey))
+		}
 	} else {
 		if tc.argCredsId != "" {
 			t.Setenv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
 		}
 		if tc.argCredsHost != "" {
-			t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", host))
+			t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
 		}
 		if tc.argCredsPath != "" {
 			t.Setenv("KLUCTL_HELM_PATH", tc.argCredsPath)
@@ -178,6 +282,18 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, host string) {
 		if tc.argPassword != "" {
 			t.Setenv("KLUCTL_HELM_PASSWORD", tc.argPassword)
 		}
+		if tc.argPassCA {
+			t.Setenv("KLUCTL_HELM_CA_FILE", newTmpFile(t, repo.ServerCAs))
+		}
+		if tc.argPassClientCert {
+			t.Setenv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.ClientCert))
+			t.Setenv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.ClientKey))
+		}
+	}
+	// add a fallback that enables plain_http in case we have no matching creds
+	if tc.oci && !repo.TLSEnabled {
+		t.Setenv("KLUCTL_REGISTRY_1_HOST", repo.URL.Host)
+		t.Setenv("KLUCTL_REGISTRY_1_PLAIN_HTTP", "true")
 	}
 }
 
@@ -195,9 +311,11 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 
 	repo := &test_utils.TestHelmRepo{
 		TestHttpServer: test_utils.TestHttpServer{
-			Username:   user,
-			Password:   password,
-			TLSEnabled: tc.testTLS,
+			Username:               user,
+			Password:               password,
+			NoLoopbackProxyEnabled: true,
+			TLSEnabled:             tc.testTLS,
+			TLSClientCertEnabled:   tc.testTLSClientCert,
 		},
 		Charts: []test_utils.RepoChart{
 			{ChartName: "test-chart1", Version: "0.1.0"},
@@ -207,7 +325,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 	}
 	repo.Start(t)
 
-	extraArgs := buildHelmTestExtraArgs(t, tc, repo.URL.Host)
+	extraArgs := buildHelmTestExtraArgs(t, tc, repo)
 
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
@@ -262,9 +380,9 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 
 	args := []string{"deploy", "--yes", "-t", "test"}
 	if credsViaEnv {
-		buildHelmTestEnvVars(t, tc, repo.URL.Host)
+		buildHelmTestEnvVars(t, tc, repo)
 	} else {
-		args = append(args, buildHelmTestExtraArgs(t, tc, repo.URL.Host)...)
+		args = append(args, buildHelmTestExtraArgs(t, tc, repo)...)
 	}
 
 	_, stderr, err := p.Kluctl(args...)
diff --git a/e2e/test-utils/helm_test_repo.go b/e2e/test-utils/helm_test_repo.go
index 3698511c0..1683503d6 100644
--- a/e2e/test-utils/helm_test_repo.go
+++ b/e2e/test-utils/helm_test_repo.go
@@ -71,6 +71,38 @@ func (s *TestHelmRepo) startHelmRepo(t *testing.T) {
 	s.URL = *u
 }
 
+func (s *TestHelmRepo) buildOciRegistryClient(t *testing.T) *registry2.Client {
+	var opts []registry2.ClientOption
+	if !s.TLSEnabled {
+		opts = append(opts, registry2.ClientOptPlainHTTP())
+	}
+
+	opts = append(opts, registry2.ClientOptHTTPClient(s.Server.Client()))
+
+	if s.Password != "" {
+		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
+		opts = append(opts, registry2.ClientOptCredentialsFile(tmpConfigFile))
+	}
+
+	registryClient, err := registry2.NewClient(opts...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if s.Password != "" {
+		var loginOpts []registry2.LoginOption
+		loginOpts = append(loginOpts, registry2.LoginOptBasicAuth(s.Username, s.Password))
+		if !s.TLSEnabled {
+			loginOpts = append(loginOpts, registry2.LoginOptInsecure(true))
+		}
+		err = registryClient.Login(s.URL.Host, loginOpts...)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	return registryClient
+}
+
 func (s *TestHelmRepo) startOciRepo(t *testing.T) {
 	tmpDir := t.TempDir()
 
@@ -78,9 +110,9 @@ func (s *TestHelmRepo) startOciRepo(t *testing.T) {
 
 	s.TestHttpServer.Start(t, http.HandlerFunc(ociRegistry.ServeHTTP))
 
-	ociUrl := strings.ReplaceAll(s.Server.URL, "http://", "oci://")
-	ociUrl2, _ := url.Parse(ociUrl)
-	s.URL = *ociUrl2
+	u, _ := url.Parse(s.Server.URL)
+	s.URL = *u
+	s.URL.Scheme = "oci"
 
 	var out strings.Builder
 	settings := cli.New()
@@ -90,22 +122,8 @@ func (s *TestHelmRepo) startOciRepo(t *testing.T) {
 		Options: []pusher.Option{},
 	}
 
-	var registryClient *registry2.Client
-	if s.Password != "" {
-		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
-
-		var err error
-		registryClient, err = registry2.NewClient(registry2.ClientOptCredentialsFile(tmpConfigFile))
-		if err != nil {
-			t.Fatal(err)
-		}
-		err = registryClient.Login(s.URL.Host, registry2.LoginOptBasicAuth(s.Username, s.Password),
-			registry2.LoginOptInsecure(true))
-		if err != nil {
-			t.Fatal(err)
-		}
-		c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
-	}
+	registryClient := s.buildOciRegistryClient(t)
+	c.Options = append(c.Options, pusher.WithRegistryClient(registryClient))
 
 	for _, chart := range s.Charts {
 		tgz := createHelmPackage(t, chart.ChartName, chart.Version)
diff --git a/e2e/test-utils/http_test_server.go b/e2e/test-utils/http_test_server.go
index ae7d535d7..e567417b2 100644
--- a/e2e/test-utils/http_test_server.go
+++ b/e2e/test-utils/http_test_server.go
@@ -1,17 +1,40 @@
 package test_utils
 
 import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"github.com/docker/go-connections/proxy"
+	"math/big"
+	"net"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
+	"strconv"
 	"testing"
+	"time"
 )
 
+var nonLoopbackIp = findNonLoopbackIp()
+var caBytes, serverCert, clientCert, clientKey, _ = certsetup()
+
 type TestHttpServer struct {
-	TLSEnabled bool
-	Username   string
-	Password   string
+	TLSEnabled             bool
+	TLSClientCertEnabled   bool
+	NoLoopbackProxyEnabled bool
+
+	Username string
+	Password string
 
-	Server *httptest.Server
+	Server     *httptest.Server
+	ServerCAs  []byte
+	ClientCAs  []byte
+	ClientCert []byte
+	ClientKey  []byte
 }
 
 func (s *TestHttpServer) Start(t *testing.T, h http.Handler) {
@@ -33,10 +56,197 @@ func (s *TestHttpServer) Start(t *testing.T, h http.Handler) {
 
 	if s.TLSEnabled {
 		s.Server = httptest.NewUnstartedServer(authH)
+
+		s.Server.TLS = &tls.Config{
+			Certificates: []tls.Certificate{*serverCert},
+		}
+		s.ServerCAs = caBytes
+
+		if s.TLSClientCertEnabled {
+			s.ClientCAs = caBytes
+			s.ClientCert = clientCert
+			s.ClientKey = clientKey
+
+			certPool := x509.NewCertPool()
+			certPool.AppendCertsFromPEM(caBytes)
+
+			s.Server.TLS.ClientAuth = tls.RequireAndVerifyClientCert
+			s.Server.TLS.ClientCAs = certPool
+		}
+
 		s.Server.StartTLS()
 	} else {
 		s.Server = httptest.NewServer(authH)
 	}
 
+	transport := s.Server.Client().Transport.(*http.Transport)
+	if s.TLSClientCertEnabled {
+		clientCertX, _ := tls.X509KeyPair(clientCert, clientKey)
+
+		transport.TLSClientConfig.Certificates = append(transport.TLSClientConfig.Certificates, clientCertX)
+	}
+
+	if s.NoLoopbackProxyEnabled {
+		s.startTLSProxy(t)
+	}
+
 	t.Cleanup(s.Server.Close)
 }
+
+// the TLS proxy is required because oras is treating local registries as non-tls, so we must use a non-loopback IP
+func (s *TestHttpServer) startTLSProxy(t *testing.T) {
+	u, _ := url.Parse(s.Server.URL)
+
+	localhostIp := net.ParseIP(u.Hostname())
+	port, _ := strconv.ParseInt(u.Port(), 10, 32)
+
+	frontendAddr := &net.TCPAddr{IP: nonLoopbackIp}
+	backendAddr := &net.TCPAddr{IP: localhostIp, Port: int(port)}
+
+	p, err := proxy.NewTCPProxy(frontendAddr, backendAddr)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	u.Host = p.FrontendAddr().String()
+	s.Server.URL = u.String()
+
+	go func() {
+		p.Run()
+	}()
+
+	t.Cleanup(func() {
+		p.Close()
+	})
+}
+
+func findNonLoopbackIp() net.IP {
+	ifs, _ := net.Interfaces()
+	var goodAddr *net.IPNet
+outer:
+	for _, x := range ifs {
+		addrs, _ := x.Addrs()
+		if len(addrs) == 0 {
+			continue
+		}
+		if (x.Flags&net.FlagRunning) != 0 && (x.Flags&net.FlagLoopback) == 0 {
+			for _, a := range addrs {
+				if a.Network() == "ip+net" {
+					a2 := a.(*net.IPNet)
+					if a2.IP.Equal(a2.IP.To4()) {
+						goodAddr = a2
+						break outer
+					}
+				}
+			}
+		}
+	}
+	if goodAddr == nil {
+		panic("no good listen address found")
+	}
+	return goodAddr.IP
+}
+
+func certsetup() (caPEMBytes []byte, serverCert *tls.Certificate, clientCertPEMBytes []byte, clientKeyPEMBytes []byte, err error) {
+	// set up our CA certificate
+	ca := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Company, INC."},
+			Country:       []string{"US"},
+			Province:      []string{""},
+			Locality:      []string{"San Francisco"},
+			StreetAddress: []string{"Golden Gate Bridge"},
+			PostalCode:    []string{"94016"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+
+	// create our private and public key
+	caPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	// create the CA
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+
+	// pem encode
+	caPEM := new(bytes.Buffer)
+	pem.Encode(caPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	})
+	caPEMBytes = caPEM.Bytes()
+
+	caPrivKeyPEM := new(bytes.Buffer)
+	pem.Encode(caPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+	})
+
+	serverCertPEM, serverKeyPEM := generateCert(ca, caPrivKey)
+
+	serverCert2, err := tls.X509KeyPair(serverCertPEM, serverKeyPEM)
+	if err != nil {
+		return nil, nil, nil, nil, err
+	}
+	serverCert = &serverCert2
+
+	clientCertPEMBytes, clientKeyPEMBytes = generateCert(ca, caPrivKey)
+
+	return
+}
+
+func generateCert(ca *x509.Certificate, caPrivKey *rsa.PrivateKey) ([]byte, []byte) {
+	// set up our server certificate
+	cert := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Company, INC."},
+			Country:       []string{"US"},
+			Province:      []string{""},
+			Locality:      []string{"San Francisco"},
+			StreetAddress: []string{"Golden Gate Bridge"},
+			PostalCode:    []string{"94016"},
+		},
+		IPAddresses:  []net.IP{nonLoopbackIp, net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(10, 0, 0),
+		SubjectKeyId: []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+	}
+
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil
+	}
+
+	certPEM := new(bytes.Buffer)
+	pem.Encode(certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+
+	certPrivKeyPEM := new(bytes.Buffer)
+	pem.Encode(certPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	})
+
+	return certPEM.Bytes(), certPrivKeyPEM.Bytes()
+}

From 7deae3f80ce0f23b98a5e440fdd891d7bd8b6f8b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 17:21:33 +0200
Subject: [PATCH 1707/2268] fix: Make ordering of ParseEnvConfigSets stable

---
 pkg/git/auth/env_auth_provider.go          |  3 +-
 pkg/helm/auth/env_auth_provider.go         |  3 +-
 pkg/k8s/k8s_cluster.go                     |  3 +-
 pkg/oci/auth_provider/env_auth_provider.go |  3 +-
 pkg/utils/env.go                           | 33 ++++++++++++++++------
 pkg/utils/env_test.go                      |  8 +++---
 6 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 359aaa224..d98a623b9 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -18,7 +18,8 @@ type GitEnvAuthProvider struct {
 func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
 	var la ListAuthProvider
 
-	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+		m := s.Map
 		e := AuthEntry{
 			Host:       m["HOST"],
 			PathPrefix: m["PATH_PREFIX"],
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index 8ab8e5e69..50ad6e03c 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -25,7 +25,8 @@ func (a *HelmEnvAuthProvider) isDefaultInsecure(ctx context.Context) bool {
 func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
 	defaultInsecure := a.isDefaultInsecure(ctx)
 
-	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+		m := s.Map
 		host := m["HOST"]
 		cid := m["CREDENTIALS_ID"]
 		if host == "" && cid == "" {
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 1c6edca2c..42e899f2e 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -374,7 +374,8 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 
 // envtestProxyGet checks the environment variables KLUCTL_K8S_SERVICE_PROXY_XXX to enable testing of proxy requests with envtest
 func (k *K8sCluster) envtestProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
-	for _, m := range utils.ParseEnvConfigSets("KLUCTL_K8S_SERVICE_PROXY") {
+	for _, s := range utils.ParseEnvConfigSets("KLUCTL_K8S_SERVICE_PROXY") {
+		m := s.Map
 		envApiHost := strings.TrimSuffix(m["API_HOST"], "/")
 		envNamespace := m["SERVICE_NAMESPACE"]
 		envName := m["SERVICE_NAME"]
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index 10dbabe40..2567803a7 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -28,7 +28,8 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 
 	var la ListAuthProvider
 
-	for _, m := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+		m := s.Map
 		host := m["HOST"]
 		repo := m["REPOSITORY"]
 		if host == "" && repo == "" {
diff --git a/pkg/utils/env.go b/pkg/utils/env.go
index a4b2845aa..8c90fcba5 100644
--- a/pkg/utils/env.go
+++ b/pkg/utils/env.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"regexp"
+	"sort"
 	"strconv"
 	"strings"
 )
@@ -19,8 +20,13 @@ func ParseEnvBool(name string, def bool) (bool, error) {
 	return def, nil
 }
 
-func parseEnv(prefix string, withIndex bool, withSuffix bool) map[int]map[string]string {
-	ret := make(map[int]map[string]string)
+type EnvSet struct {
+	Index int
+	Map   map[string]string
+}
+
+func parseEnv(prefix string, withIndex bool, withSuffix bool) []EnvSet {
+	envSetMap := make(map[int]map[string]string)
 
 	rs := prefix
 	curGroup := 1
@@ -70,23 +76,34 @@ func parseEnv(prefix string, withIndex bool, withSuffix bool) map[int]map[string
 			suffix = m[suffixGroup]
 		}
 
-		if _, ok := ret[idx]; !ok {
-			ret[idx] = map[string]string{}
+		if _, ok := envSetMap[idx]; !ok {
+			envSetMap[idx] = map[string]string{}
 		}
-		ret[idx][suffix] = v
+		envSetMap[idx][suffix] = v
+	}
+
+	var ret []EnvSet
+	for idx, v := range envSetMap {
+		ret = append(ret, EnvSet{
+			Index: idx,
+			Map:   v,
+		})
 	}
+	sort.Slice(ret, func(i, j int) bool {
+		return ret[i].Index < ret[j].Index
+	})
 	return ret
 }
 
-func ParseEnvConfigSets(prefix string) map[int]map[string]string {
+func ParseEnvConfigSets(prefix string) []EnvSet {
 	return parseEnv(prefix, true, true)
 }
 
 func ParseEnvConfigList(prefix string) map[int]string {
 	ret := make(map[int]string)
 
-	for idx, m := range parseEnv(prefix, true, false) {
-		ret[idx] = m[""]
+	for _, s := range parseEnv(prefix, true, false) {
+		ret[s.Index] = s.Map[""]
 	}
 	return ret
 }
diff --git a/pkg/utils/env_test.go b/pkg/utils/env_test.go
index 2da463533..cf1d2ccf1 100644
--- a/pkg/utils/env_test.go
+++ b/pkg/utils/env_test.go
@@ -9,9 +9,9 @@ func TestParseEnvConfigSets_Prefixes(t *testing.T) {
 	t.Setenv("PREFIX_A", "a")
 	t.Setenv("PREFIX_B", "b")
 	t.Setenv("PREFIX2_C", "c")
-	assert.Equal(t, map[int]map[string]string{}, ParseEnvConfigSets("DUMMY"))
-	assert.Equal(t, map[int]map[string]string{-1: {"A": "a", "B": "b"}}, ParseEnvConfigSets("PREFIX"))
-	assert.Equal(t, map[int]map[string]string{-1: {"C": "c"}}, ParseEnvConfigSets("PREFIX2"))
+	assert.Equal(t, []EnvSet(nil), ParseEnvConfigSets("DUMMY"))
+	assert.Equal(t, []EnvSet{{Index: -1, Map: map[string]string{"A": "a", "B": "b"}}}, ParseEnvConfigSets("PREFIX"))
+	assert.Equal(t, []EnvSet{{Index: -1, Map: map[string]string{"C": "c"}}}, ParseEnvConfigSets("PREFIX2"))
 }
 
 func TestParseEnvConfigSets_Indexes(t *testing.T) {
@@ -19,7 +19,7 @@ func TestParseEnvConfigSets_Indexes(t *testing.T) {
 	t.Setenv("PREFIX_0_A", "a0")
 	t.Setenv("PREFIX_0_B", "b0")
 	t.Setenv("PREFIX_1_A", "a1")
-	assert.Equal(t, map[int]map[string]string{-1: {"A": "a"}, 0: {"A": "a0", "B": "b0"}, 1: {"A": "a1"}}, ParseEnvConfigSets("PREFIX"))
+	assert.Equal(t, []EnvSet{{Index: -1, Map: map[string]string{"A": "a"}}, {Index: 0, Map: map[string]string{"A": "a0", "B": "b0"}}, {Index: 1, Map: map[string]string{"A": "a1"}}}, ParseEnvConfigSets("PREFIX"))
 }
 
 func TestParseEnvConfigList(t *testing.T) {

From 10cd56549f46bd050e8cadb6fcd09b7f16915a3d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 17:21:49 +0200
Subject: [PATCH 1708/2268] tests: Fix oci tests

---
 e2e/oci_include_test.go | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 4e44fb8ee..8125cf23c 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	homedir "github.com/mitchellh/go-homedir"
 	cp "github.com/otiai10/copy"
 	"github.com/stretchr/testify/assert"
 	"os"
@@ -78,8 +77,8 @@ func TestOciIncludeWithCreds(t *testing.T) {
 		return repo
 	}
 	repo1 := createRepo("user1", "pass1")
-	repo2 := createRepo("user1", "pass1")
-	repo3 := createRepo("user1", "pass1")
+	repo2 := createRepo("user2", "pass2")
+	repo3 := createRepo("user3", "pass3")
 	repoUrl1 := repo1.URL.String() + "/org1/repo1"
 	repoUrl2 := repo2.URL.String() + "/org2/repo2"
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
@@ -107,18 +106,18 @@ func TestOciIncludeWithCreds(t *testing.T) {
 
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url": repo1,
+			"url": repoUrl1,
 		},
 	}))
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url":    repo2,
+			"url":    repoUrl2,
 			"subDir": "subDir",
 		},
 	}))
 	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
 		"oci": map[string]any{
-			"url": repo3,
+			"url": repoUrl3,
 		},
 	}))
 
@@ -129,7 +128,7 @@ func TestOciIncludeWithCreds(t *testing.T) {
 
 	// deploy with some invalid creds
 	t.Setenv("KLUCTL_REGISTRY_1_HOST", repo1.URL.Host)
-	t.Setenv("KLUCTL_REGISTRY_1_REPO", "org1/repo1")
+	t.Setenv("KLUCTL_REGISTRY_1_REPOSITORY", "org1/repo1")
 	t.Setenv("KLUCTL_REGISTRY_1_USERNAME", "user1")
 	t.Setenv("KLUCTL_REGISTRY_1_PASSWORD", "pass1")
 	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", repo2.URL.Host))
@@ -143,9 +142,6 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "pass2")
 	dockerLogin(t, repo3.URL.Host, "user3", "pass3")
 
-	x, _ := homedir.Dir()
-	t.Logf("homedir=%s", x)
-
 	p.KluctlMust("deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")

From 3424079856f6430002f930b42528a735d4aec8bc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Oct 2023 09:28:31 +0200
Subject: [PATCH 1709/2268] chore: Run make replace-commands-help and go mod
 tidy

---
 docs/kluctl/commands/common-arguments.md |   2 +
 docs/kluctl/commands/delete.md           | 111 ++++++++++++------
 docs/kluctl/commands/deploy.md           | 137 +++++++++++++++--------
 docs/kluctl/commands/diff.md             | 119 +++++++++++++-------
 docs/kluctl/commands/helm-update.md      |  89 +++++++++++----
 docs/kluctl/commands/list-images.md      |  98 +++++++++++-----
 docs/kluctl/commands/oci-push.md         |   2 +-
 docs/kluctl/commands/poke-images.md      | 107 ++++++++++++------
 docs/kluctl/commands/prune.md            | 107 ++++++++++++------
 docs/kluctl/commands/render.md           |  96 +++++++++++-----
 docs/kluctl/commands/validate.md         |  94 +++++++++++-----
 go.mod                                   |   4 +-
 12 files changed, 670 insertions(+), 296 deletions(-)

diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index 53ce318a1..a5f01111b 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -70,6 +70,8 @@ Project arguments:
                                                but instead use the local directory. This is useful in case you
                                                need to test out changes in external git repositories without
                                                pushing them.
+      --local-oci-group-override stringArray   Same as --local-git-group-override, but for OCI repositories.
+      --local-oci-override stringArray         Same as --local-git-override, but for OCI repositories.
   -c, --project-config existingfile            Location of the .kluctl.yaml config file. Defaults to
                                                $PROJECT/.kluctl.yaml
       --project-dir existingdir                Specify the project directory. Defaults to the current working
diff --git a/docs/kluctl/commands/delete.md b/docs/kluctl/commands/delete.md
index 134e44579..a4b774077 100644
--- a/docs/kluctl/commands/delete.md
+++ b/docs/kluctl/commands/delete.md
@@ -35,41 +35,82 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --discriminator string                        Override the discriminator used to find objects for deletion.
-      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --no-obfuscate                                Disable obfuscation of sensitive/secret data
-      --no-wait                                     Don't wait for deletion of objects to finish.'
-  -o, --output-format stringArray                   Specify output format and target file, in the format
-                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
-                                                    specified multiple times. The actual format for yaml is
-                                                    currently not documented and subject to change.
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --short-output                                When using the 'text' output format (which is the default),
-                                                    only names of changes objects are shown instead of showing all
-                                                    changes.
-  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
-                                                    would answer 'yes'.
+      --discriminator string                            Override the discriminator used to find objects for deletion.
+      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
+      --no-wait                                         Don't wait for deletion of objects to finish.'
+  -o, --output-format stringArray                       Specify output format and target file, in the format
+                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
+                                                        be specified multiple times. The actual format for yaml is
+                                                        currently not documented and subject to change.
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --short-output                                    When using the 'text' output format (which is the
+                                                        default), only names of changes objects are shown instead
+                                                        of showing all changes.
+  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
+                                                        you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index 3f2a5e1c4..e93c28de7 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -33,54 +33,95 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --abort-on-error                              Abort deploying when an error occurs instead of trying the
-                                                    remaining deployments
-      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
-      --force-apply                                 Force conflict resolution when applying. See documentation for
-                                                    details
-      --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
-                                                    re-create objects. See documentation for more details.
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --no-obfuscate                                Disable obfuscation of sensitive/secret data
-      --no-wait                                     Don't wait for objects readiness'
-  -o, --output-format stringArray                   Specify output format and target file, in the format
-                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
-                                                    specified multiple times. The actual format for yaml is
-                                                    currently not documented and subject to change.
-      --prune                                       Prune orphaned objects directly after deploying. See the help
-                                                    for the 'prune' sub-command for details.'
-      --readiness-timeout duration                  Maximum time to wait for object readiness. The timeout is
-                                                    meant per-object. Timeouts are in the duration format (1s, 1m,
-                                                    1h, ...). If not specified, a default timeout of 5m is used.
-                                                    (default 5m0s)
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --replace-on-error                            When patching an object fails, try to replace it. See
-                                                    documentation for more details.
-      --short-output                                When using the 'text' output format (which is the default),
-                                                    only names of changes objects are shown instead of showing all
-                                                    changes.
-  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
-                                                    would answer 'yes'.
+      --abort-on-error                                  Abort deploying when an error occurs instead of trying the
+                                                        remaining deployments
+      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
+      --force-apply                                     Force conflict resolution when applying. See documentation
+                                                        for details
+      --force-replace-on-error                          Same as --replace-on-error, but also try to delete and
+                                                        re-create objects. See documentation for more details.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
+      --no-wait                                         Don't wait for objects readiness'
+  -o, --output-format stringArray                       Specify output format and target file, in the format
+                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
+                                                        be specified multiple times. The actual format for yaml is
+                                                        currently not documented and subject to change.
+      --prune                                           Prune orphaned objects directly after deploying. See the
+                                                        help for the 'prune' sub-command for details.'
+      --readiness-timeout duration                      Maximum time to wait for object readiness. The timeout is
+                                                        meant per-object. Timeouts are in the duration format (1s,
+                                                        1m, 1h, ...). If not specified, a default timeout of 5m is
+                                                        used. (default 5m0s)
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --replace-on-error                                When patching an object fails, try to replace it. See
+                                                        documentation for more details.
+      --short-output                                    When using the 'text' output format (which is the
+                                                        default), only names of changes objects are shown instead
+                                                        of showing all changes.
+  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
+                                                        you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 7f5744f53..207161b0a 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -33,45 +33,86 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --force-apply                                 Force conflict resolution when applying. See documentation for
-                                                    details
-      --force-replace-on-error                      Same as --replace-on-error, but also try to delete and
-                                                    re-create objects. See documentation for more details.
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --ignore-annotations                          Ignores changes in annotations when diffing
-      --ignore-labels                               Ignores changes in labels when diffing
-      --ignore-tags                                 Ignores changes in tags when diffing
-      --no-obfuscate                                Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                   Specify output format and target file, in the format
-                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
-                                                    specified multiple times. The actual format for yaml is
-                                                    currently not documented and subject to change.
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --replace-on-error                            When patching an object fails, try to replace it. See
-                                                    documentation for more details.
-      --short-output                                When using the 'text' output format (which is the default),
-                                                    only names of changes objects are shown instead of showing all
-                                                    changes.
+      --force-apply                                     Force conflict resolution when applying. See documentation
+                                                        for details
+      --force-replace-on-error                          Same as --replace-on-error, but also try to delete and
+                                                        re-create objects. See documentation for more details.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --ignore-annotations                              Ignores changes in annotations when diffing
+      --ignore-labels                                   Ignores changes in labels when diffing
+      --ignore-tags                                     Ignores changes in tags when diffing
+      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray                       Specify output format and target file, in the format
+                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
+                                                        be specified multiple times. The actual format for yaml is
+                                                        currently not documented and subject to change.
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --replace-on-error                                When patching an object fails, try to replace it. See
+                                                        documentation for more details.
+      --short-output                                    When using the 'text' output format (which is the
+                                                        default), only names of changes objects are shown instead
+                                                        of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/helm-update.md b/docs/kluctl/commands/helm-update.md
index b4a82c63e..835259897 100644
--- a/docs/kluctl/commands/helm-update.md
+++ b/docs/kluctl/commands/helm-update.md
@@ -28,30 +28,71 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --commit                                      Create a git commit for every updated chart
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-  -i, --interactive                                 Ask for every Helm Chart if it should be upgraded.
-      --upgrade                                     Write new versions into helm-chart.yaml and perform helm-pull
-                                                    afterwards
+      --commit                                          Create a git commit for every updated chart
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+  -i, --interactive                                     Ask for every Helm Chart if it should be upgraded.
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --upgrade                                         Write new versions into helm-chart.yaml and perform
+                                                        helm-pull afterwards
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/list-images.md b/docs/kluctl/commands/list-images.md
index bc1fd6ac3..87bb26821 100644
--- a/docs/kluctl/commands/list-images.md
+++ b/docs/kluctl/commands/list-images.md
@@ -33,34 +33,76 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
-                                                    also override the kubeVersion used when rendering Helm Charts.
-      --offline-kubernetes                          Run command in offline mode, meaning that it will not try to
-                                                    connect the target cluster
-  -o, --output stringArray                          Specify output target file. Can be specified multiple times
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --simple                                      Output a simplified version of the images list
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --kubernetes-version string                       Specify the Kubernetes version that will be assumed. This
+                                                        will also override the kubeVersion used when rendering
+                                                        Helm Charts.
+      --offline-kubernetes                              Run command in offline mode, meaning that it will not try
+                                                        to connect the target cluster
+  -o, --output stringArray                              Specify output target file. Can be specified multiple times
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --simple                                          Output a simplified version of the images list
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/oci-push.md b/docs/kluctl/commands/oci-push.md
index f597b836b..4ed6b4a8c 100644
--- a/docs/kluctl/commands/oci-push.md
+++ b/docs/kluctl/commands/oci-push.md
@@ -14,7 +14,7 @@ description: >
 Usage: kluctl oci push [flags]
 
 Push to an oci repository
-The push command creates a tarball from the given directory or the single file and uploads the
+The push command creates a tarball from the current project and uploads the
 artifact to an OCI repository. The command can read the credentials from '~/.docker/config.json' but they can also be
 passed with --creds. It can also login to a supported provider with the --provider flag.
 
diff --git a/docs/kluctl/commands/poke-images.md b/docs/kluctl/commands/poke-images.md
index 1ae877ae4..90cc4a27c 100644
--- a/docs/kluctl/commands/poke-images.md
+++ b/docs/kluctl/commands/poke-images.md
@@ -33,39 +33,80 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --no-obfuscate                                Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                   Specify output format and target file, in the format
-                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
-                                                    specified multiple times. The actual format for yaml is
-                                                    currently not documented and subject to change.
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --short-output                                When using the 'text' output format (which is the default),
-                                                    only names of changes objects are shown instead of showing all
-                                                    changes.
-  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
-                                                    would answer 'yes'.
+      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray                       Specify output format and target file, in the format
+                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
+                                                        be specified multiple times. The actual format for yaml is
+                                                        currently not documented and subject to change.
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --short-output                                    When using the 'text' output format (which is the
+                                                        default), only names of changes objects are shown instead
+                                                        of showing all changes.
+  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
+                                                        you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/prune.md b/docs/kluctl/commands/prune.md
index ef625e61b..cbddf4f37 100644
--- a/docs/kluctl/commands/prune.md
+++ b/docs/kluctl/commands/prune.md
@@ -29,39 +29,80 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                                     Performs all kubernetes API calls in dry-run mode.
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --no-obfuscate                                Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                   Specify output format and target file, in the format
-                                                    'format=path'. Format can either be 'text' or 'yaml'. Can be
-                                                    specified multiple times. The actual format for yaml is
-                                                    currently not documented and subject to change.
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --short-output                                When using the 'text' output format (which is the default),
-                                                    only names of changes objects are shown instead of showing all
-                                                    changes.
-  -y, --yes                                         Suppresses 'Are you sure?' questions and proceeds as if you
-                                                    would answer 'yes'.
+      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray                       Specify output format and target file, in the format
+                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
+                                                        be specified multiple times. The actual format for yaml is
+                                                        currently not documented and subject to change.
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --short-output                                    When using the 'text' output format (which is the
+                                                        default), only names of changes objects are shown instead
+                                                        of showing all changes.
+  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
+                                                        you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/render.md b/docs/kluctl/commands/render.md
index 37537fe33..9ea69326f 100644
--- a/docs/kluctl/commands/render.md
+++ b/docs/kluctl/commands/render.md
@@ -31,33 +31,75 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --kubernetes-version string                   Specify the Kubernetes version that will be assumed. This will
-                                                    also override the kubeVersion used when rendering Helm Charts.
-      --offline-kubernetes                          Run command in offline mode, meaning that it will not try to
-                                                    connect the target cluster
-      --print-all                                   Write all rendered manifests to stdout
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --kubernetes-version string                       Specify the Kubernetes version that will be assumed. This
+                                                        will also override the kubeVersion used when rendering
+                                                        Helm Charts.
+      --offline-kubernetes                              Run command in offline mode, meaning that it will not try
+                                                        to connect the target cluster
+      --print-all                                       Write all rendered manifests to stdout
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/validate.md b/docs/kluctl/commands/validate.md
index 7faf9c15b..7420cdea9 100644
--- a/docs/kluctl/commands/validate.md
+++ b/docs/kluctl/commands/validate.md
@@ -31,32 +31,74 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                    deprecated form
-                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
-                                                    authentication. Must be in the form
-                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
-                                                    form --helm-key-file=<credentialsId>:<filePath>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
-                                                    Must be in the form --helm-password=<host>/<path>=<password>
-                                                    or in the deprecated form
-                                                    --helm-password=<credentialsId>:<password>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
-                                                    Must be in the form --helm-username=<host>/<path>=<username>
-                                                    or in the deprecated form
-                                                    --helm-username=<credentialsId>:<username>, where
-                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
-  -o, --output stringArray                          Specify output target file. Can be specified multiple times
-      --render-output-dir string                    Specifies the target directory to render the project into. If
-                                                    omitted, a temporary directory is used.
-      --sleep duration                              Sleep duration between validation attempts (default 5s)
-      --wait duration                               Wait for the given amount of time until the deployment validates
-      --warnings-as-errors                          Consider warnings as failures
+      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
+                                                        where <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
+                                                        Must be in the form
+                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-cert-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
+                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                        deprecated form
+                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-key-file=<host>/<path>=<filePath> or in the
+                                                        deprecated form
+                                                        --helm-key-file=<credentialsId>:<filePath>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-password stringArray                       Specify password to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-password=<host>/<path>=<password> or in the
+                                                        deprecated form
+                                                        --helm-password=<credentialsId>:<password>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+      --helm-username stringArray                       Specify username to use for Helm Repository
+                                                        authentication. Must be in the form
+                                                        --helm-username=<host>/<path>=<username> or in the
+                                                        deprecated form
+                                                        --helm-username=<credentialsId>:<username>, where
+                                                        <credentialsId> must match the id specified in the
+                                                        helm-chart.yaml.
+  -o, --output stringArray                              Specify output target file. Can be specified multiple times
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
+                                                        in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --render-output-dir string                        Specifies the target directory to render the project into.
+                                                        If omitted, a temporary directory is used.
+      --sleep duration                                  Sleep duration between validation attempts (default 5s)
+      --wait duration                                   Wait for the given amount of time until the deployment
+                                                        validates
+      --warnings-as-errors                              Consider warnings as failures
 
 ```
 <!-- END SECTION -->
diff --git a/go.mod b/go.mod
index bcbd31554..dd1eb4aa9 100644
--- a/go.mod
+++ b/go.mod
@@ -66,6 +66,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
+	github.com/docker/go-connections v0.4.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
@@ -76,7 +77,6 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/mitchellh/go-homedir v1.1.0
 	github.com/onsi/gomega v1.28.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
@@ -146,7 +146,6 @@ require (
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -223,6 +222,7 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect

From 244c0a1642fce2760dcbb798df81f9c9b722b792 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 22:57:37 +0200
Subject: [PATCH 1710/2268] feat: Add --namespace arg to controller run

---
 cmd/kluctl/commands/cmd_controller_run.go | 12 ++++++++++++
 docs/kluctl/commands/controller-run.md    |  1 +
 2 files changed, 13 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 47f15d9f6..63c888595 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -21,6 +21,7 @@ import (
 	"path/filepath"
 	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -39,6 +40,7 @@ type controllerRunCmd struct {
 
 	Kubeconfig string `group:"misc" help:"Override the kubeconfig to use."`
 	Context    string `group:"misc" help:"Override the context to use."`
+	Namespace  string `group:"misc" help:"Specify the namespace to watch. If omitted, all namespaces are watched."`
 
 	MetricsBindAddress     string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
 	HealthProbeBindAddress string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
@@ -90,6 +92,13 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		restConfig.Burst = -1
 	}
 
+	var cacheNamespaces map[string]cache.Config
+	if cmd.Namespace != "" {
+		cacheNamespaces = map[string]cache.Config{
+			cmd.Namespace: {},
+		}
+	}
+
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme: cmd.scheme,
 		Metrics: metricsserver.Options{
@@ -109,6 +118,9 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		// if you are doing or is intended to do any operation such as perform cleanups
 		// after the manager stops then its usage might be unsafe.
 		// LeaderElectionReleaseOnCancel: true,
+		Cache: cache.Options{
+			DefaultNamespaces: cacheNamespaces,
+		},
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
diff --git a/docs/kluctl/commands/controller-run.md b/docs/kluctl/commands/controller-run.md
index 0cb69a263..c3c85e4e8 100644
--- a/docs/kluctl/commands/controller-run.md
+++ b/docs/kluctl/commands/controller-run.md
@@ -36,6 +36,7 @@ Misc arguments:
       --leader-elect                       Enable leader election for controller manager. Enabling this will
                                            ensure there is only one active controller manager.
       --metrics-bind-address string        The address the metric endpoint binds to. (default ":8080")
+      --namespace string                   Specify the namespace to watch. If omitted, all namespaces are watched.
 
 ```
 <!-- END SECTION -->

From 402df4d59c2fb324e9ce92dcce02ecb63e8a48f1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 22:59:08 +0200
Subject: [PATCH 1711/2268] fix: Don't try to register metrics collectors when
 bind address is 0

---
 cmd/kluctl/commands/cmd_controller_run.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 63c888595..a2720e410 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -73,7 +73,10 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	cmd.initScheme()
 
 	metricsRecorder := metrics.NewRecorder()
-	crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
+	if cmd.MetricsBindAddress != "0" {
+		metricsRecorder = metrics.NewRecorder()
+		crtlmetrics.Registry.MustRegister(metricsRecorder.Collectors()...)
+	}
 
 	opts := zap.Options{}
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))

From f03cdffcc04b6cdf52c2e17e6e7498eaa5ebbe56 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 12 Oct 2023 22:59:46 +0200
Subject: [PATCH 1712/2268] tests: Paralellize gitops tests

---
 e2e/default_clusters.go         |  12 +-
 e2e/diff_name_test.go           |   6 +-
 e2e/gitops_approval_test.go     |  13 +-
 e2e/gitops_errors_test.go       |  23 +-
 e2e/gitops_fieldmanager_test.go | 143 +++++++++
 e2e/gitops_git_include_test.go  |  47 +--
 e2e/gitops_helm_test.go         |  52 ++-
 e2e/gitops_oci_include_test.go  |  13 +-
 e2e/gitops_prune_delete_test.go | 204 ++++++++++++
 e2e/gitops_suite.go             | 278 ++++++++++++++++
 e2e/gitops_test.go              | 544 --------------------------------
 e2e/render_test.go              |   2 +-
 e2e/test_project/project.go     |   9 +-
 13 files changed, 731 insertions(+), 615 deletions(-)
 create mode 100644 e2e/gitops_fieldmanager_test.go
 create mode 100644 e2e/gitops_prune_delete_test.go
 create mode 100644 e2e/gitops_suite.go
 delete mode 100644 e2e/gitops_test.go

diff --git a/e2e/default_clusters.go b/e2e/default_clusters.go
index 387be2edb..05bcc1488 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters.go
@@ -16,6 +16,7 @@ import (
 
 var defaultCluster1 = test_utils.CreateEnvTestCluster("cluster1")
 var defaultCluster2 = test_utils.CreateEnvTestCluster("cluster2")
+var gitopsCluster = test_utils.CreateEnvTestCluster("gitops")
 var mergedKubeconfig string
 
 func init() {
@@ -24,7 +25,7 @@ func init() {
 	}
 
 	var wg sync.WaitGroup
-	wg.Add(2)
+	wg.Add(3)
 	go func() {
 		defer wg.Done()
 		err := defaultCluster1.Start()
@@ -44,6 +45,14 @@ func init() {
 		}
 		test_resources.ApplyYaml(nil, "sealed-secrets.yaml", defaultCluster2)
 	}()
+	go func() {
+		defer wg.Done()
+		gitopsCluster.CRDDirectoryPaths = []string{"../config/crd/bases"}
+		err := gitopsCluster.Start()
+		if err != nil {
+			panic(err)
+		}
+	}()
 	wg.Wait()
 
 	tmpKubeconfig, err := os.CreateTemp("", "")
@@ -57,6 +66,7 @@ func init() {
 
 	mergeKubeconfig(tmpKubeconfig.Name(), defaultCluster1.Kubeconfig)
 	mergeKubeconfig(tmpKubeconfig.Name(), defaultCluster2.Kubeconfig)
+	mergeKubeconfig(tmpKubeconfig.Name(), gitopsCluster.Kubeconfig)
 
 	mergedKubeconfig = tmpKubeconfig.Name()
 	_ = os.Setenv("KUBECONFIG", mergedKubeconfig)
diff --git a/e2e/diff_name_test.go b/e2e/diff_name_test.go
index 5cdf3e073..39d812243 100644
--- a/e2e/diff_name_test.go
+++ b/e2e/diff_name_test.go
@@ -55,7 +55,7 @@ func TestDiffName(t *testing.T) {
 			{Type: "update", JsonPath: "metadata.name", OldValue: &v1.JSON{Raw: []byte("\"cm-1\"")}, NewValue: &v1.JSON{Raw: []byte("\"cm-2\"")}, UnifiedDiff: "-cm-1\n+cm-2"}},
 	}, r.Objects[0].BaseObject)
 	assert.Equal(t, result.BaseObject{
-		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: "test-diff-name"},
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: p.TestSlug()},
 		Orphan: true,
 	}, r.Objects[1].BaseObject)
 
@@ -77,11 +77,11 @@ func TestDiffName(t *testing.T) {
 			{Type: "update", JsonPath: "metadata.name", OldValue: &v1.JSON{Raw: []byte("\"cm-2\"")}, NewValue: &v1.JSON{Raw: []byte("\"cm-3\"")}, UnifiedDiff: "-cm-2\n+cm-3"}},
 	}, r.Objects[0].BaseObject)
 	assert.Equal(t, result.BaseObject{
-		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: "test-diff-name"},
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-1", Namespace: p.TestSlug()},
 		Orphan: true,
 	}, r.Objects[1].BaseObject)
 	assert.Equal(t, result.BaseObject{
-		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-2", Namespace: "test-diff-name"},
+		Ref:    k8s.ObjectRef{Version: "v1", Kind: "ConfigMap", Name: "cm-2", Namespace: p.TestSlug()},
 		Orphan: true,
 	}, r.Objects[2].BaseObject)
 }
diff --git a/e2e/gitops_approval_test.go b/e2e/gitops_approval_test.go
index b019a9ae4..89371049a 100644
--- a/e2e/gitops_approval_test.go
+++ b/e2e/gitops_approval_test.go
@@ -3,9 +3,20 @@ package e2e
 import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/stretchr/testify/suite"
+	"testing"
 )
 
-func (suite *GitopsTestSuite) TestGitOpsManualDeployment() {
+type GitOpsApprovalTestSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsApproval(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsApprovalTestSuite))
+}
+
+func (suite *GitOpsApprovalTestSuite) TestGitOpsManualDeployment() {
 	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 719690ee1..7fbc012d1 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -9,23 +9,24 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
 )
 
-func (suite *GitopsTestSuite) getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
-	for _, c := range obj.Status.Conditions {
-		if c.Type == meta.ReadyCondition {
-			return &c
-		}
-	}
-	return nil
+type GitOpsErrorsSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsErrors(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsErrorsSuite))
 }
 
-func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
+func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
 	g := NewWithT(suite.T())
 
 	var kd kluctlv1.KluctlDeployment
@@ -62,7 +63,7 @@ func (suite *GitopsTestSuite) assertErrors(key client.ObjectKey, rstatus metav1.
 	g.Expect(lastDeployResult.Warnings).To(ConsistOf(expectedWarnings))
 }
 
-func (suite *GitopsTestSuite) TestGitOpsErrors() {
+func (suite *GitOpsErrorsSuite) TestGitOpsErrors() {
 	g := NewWithT(suite.T())
 	_ = g
 
@@ -117,7 +118,7 @@ data:
 		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
 			{
 				Ref:     cm1Ref,
-				Message: "failed to patch test-git-ops-test-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (test-git-ops-test-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
+				Message: "failed to patch git-ops-errors-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (git-ops-errors-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
 			},
 		}, nil)
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
diff --git a/e2e/gitops_fieldmanager_test.go b/e2e/gitops_fieldmanager_test.go
new file mode 100644
index 000000000..d429b9c3b
--- /dev/null
+++ b/e2e/gitops_fieldmanager_test.go
@@ -0,0 +1,143 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
+	"time"
+
+	. "github.com/onsi/gomega"
+)
+
+type GitOpsFieldManagerTestSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsFieldManager(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsFieldManagerTestSuite))
+}
+
+func (suite *GitopsTestSuite) TestFieldManager() {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+  k2: "{{ args.k2 + 1 }}"
+`)},
+	}, nil)
+
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+		"k2":        42,
+	})
+
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
+	})
+
+	cm := &corev1.ConfigMap{}
+
+	suite.Run("cm1 is deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v1"))
+		g.Expect(cm.Data).To(HaveKeyWithValue("k2", "43"))
+	})
+
+	suite.Run("cm1 is modified and restored", func() {
+		cm.Data["k1"] = "v2"
+		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	suite.Run("cm1 gets a key added which is not modified by the controller", func() {
+		cm.Data["k1"] = "v2"
+		cm.Data["k3"] = "v3"
+		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+
+		g.Expect(cm.Data).To(HaveKeyWithValue("k3", "v3"))
+	})
+
+	suite.Run("cm1 gets modified with another field manager", func() {
+		patch := client.MergeFrom(cm.DeepCopy())
+		cm.Data["k1"] = "v2"
+
+		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		g.Expect(err).To(Succeed())
+
+		for i := 0; i < 2; i++ {
+			suite.waitForReconcile(key)
+		}
+
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v2"))
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.ForceApply = true
+	})
+
+	suite.Run("forceApply is true and cm1 gets restored even with another field manager", func() {
+		patch := client.MergeFrom(cm.DeepCopy())
+		cm.Data["k1"] = "v2"
+
+		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
+		g.Expect(err).To(Succeed())
+
+		g.Eventually(func() bool {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+			return cm.Data["k1"] == "v1"
+		}, timeout, time.Second).Should(BeTrue())
+	})
+}
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index f3b47cea0..dd97b6f6c 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -6,12 +6,23 @@ import (
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
 )
 
-func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
+type GitOpsIncludesSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsIncludes(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsIncludesSuite))
+}
+
+func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	g := NewWithT(suite.T())
 	_ = g
 
@@ -75,7 +86,7 @@ func (suite *GitopsTestSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	})
 }
 
-func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bool) {
+func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSource bool) {
 	g := NewWithT(suite.T())
 	_ = g
 
@@ -108,23 +119,15 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 		g.Expect(readinessCondition.Message).To(Equal("failed to clone git source: authentication required"))
 	})
 
-	createSecret := func(secretName string, username string, password string) {
-		secret := corev1.Secret{
-			ObjectMeta: v1.ObjectMeta{
-				Name:      secretName,
-				Namespace: key.Namespace,
-			},
-			Data: map[string][]byte{
-				"username": []byte(username),
-				"password": []byte(password),
-			},
-		}
-		err := suite.k.Client.Create(context.Background(), &secret)
-		g.Expect(err).To(Succeed())
+	createSecret := func(username string, password string) string {
+		return suite.createGitopsSecret(map[string]string{
+			"username": username,
+			"password": password,
+		})
 	}
 
-	createSecret("secret1", "user1", "password1")
-	createSecret("secret2", "user2", "password2")
+	secret1 := createSecret("user1", "password1")
+	secret2 := createSecret("user2", "password2")
 
 	var kd v1beta1.KluctlDeployment
 	err := suite.k.Client.Get(context.Background(), key, &kd)
@@ -137,16 +140,16 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:       gs1.GitHost(),
 		PathPrefix: ip1.GitRepoName(),
-		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
+		SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
 	})
 	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:      mainGs.GitHost(),
-		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
+		SecretRef: v1beta1.LocalObjectReference{Name: secret1},
 	})
 	// make sure this one is ignored for http based urls
 	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 		Host:      "*",
-		SecretRef: v1beta1.LocalObjectReference{Name: "secret1"},
+		SecretRef: v1beta1.LocalObjectReference{Name: secret1},
 	})
 
 	if legacyGitSource {
@@ -171,10 +174,10 @@ func (suite *GitopsTestSuite) testGitOpsGitIncludeCredentials(legacyGitSource bo
 	})
 }
 
-func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentials() {
+func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeCredentials() {
 	suite.testGitOpsGitIncludeCredentials(false)
 }
 
-func (suite *GitopsTestSuite) TestGitOpsGitIncludeCredentialsLegacy() {
+func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeCredentialsLegacy() {
 	suite.testGitOpsGitIncludeCredentials(true)
 }
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 32b0a4ec0..06c23863c 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -6,12 +6,22 @@ import (
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
+	"github.com/stretchr/testify/suite"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"strings"
+	"testing"
 )
 
-func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
+type GitOpsHelmSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsHelm(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsHelmSuite))
+}
+
+func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	g := NewWithT(suite.T())
 
 	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull)
@@ -22,35 +32,17 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		return
 	}
 
-	createNamespace(suite.T(), suite.k, p.TestSlug()+"-gitops")
-
-	createSecret := func(name string, m map[string]string) {
-		mb := map[string][]byte{}
-		for k, v := range m {
-			mb[k] = []byte(v)
-		}
-		credsSecret := &corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Namespace: p.TestSlug() + "-gitops",
-				Name:      name,
-			},
-			Data: mb,
-		}
-		err := suite.k.Client.Create(context.TODO(), credsSecret)
-		g.Expect(err).To(Succeed())
-	}
-
 	var legacyHelmCreds []kluctlv1.HelmCredentials
 	var projectCreds kluctlv1.ProjectCredentials
 
 	if tc.argCredsId != "" {
-		createSecret("helm-secrets-1", map[string]string{
+		name := suite.createGitopsSecret(map[string]string{
 			"credentialsId": tc.argCredsId,
 			"username":      tc.argUsername,
 			"password":      tc.argPassword,
 		})
 		legacyHelmCreds = append(legacyHelmCreds, kluctlv1.HelmCredentials{
-			SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+			SecretRef: kluctlv1.LocalObjectReference{Name: name},
 		})
 	} else if tc.argCredsHost != "" {
 		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
@@ -71,11 +63,11 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 			if tc.argPassClientCert {
 				m["key"] = string(repo.ClientKey)
 			}
-			createSecret("oci-secrets-1", m)
+			name := suite.createGitopsSecret(m)
 			projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
 				Registry:   host,
 				Repository: tc.argCredsPath,
-				SecretRef:  kluctlv1.LocalObjectReference{Name: "oci-secrets-1"},
+				SecretRef:  kluctlv1.LocalObjectReference{Name: name},
 			})
 		} else {
 			m := map[string]string{
@@ -91,11 +83,11 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 			if tc.argPassClientCert {
 				m["key"] = string(repo.ClientKey)
 			}
-			createSecret("helm-secrets-1", m)
+			name := suite.createGitopsSecret(m)
 			projectCreds.Helm = append(projectCreds.Helm, kluctlv1.ProjectCredentialsHelm{
 				Host:      host,
 				Path:      tc.argCredsPath,
-				SecretRef: kluctlv1.LocalObjectReference{Name: "helm-secrets-1"},
+				SecretRef: kluctlv1.LocalObjectReference{Name: name},
 			})
 		}
 	}
@@ -105,10 +97,10 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		m := map[string]string{
 			"plain_http": "true",
 		}
-		createSecret("oci-secrets-plain-http", m)
+		name := suite.createGitopsSecret(m)
 		projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
 			Registry:  repo.URL.Host,
-			SecretRef: kluctlv1.LocalObjectReference{Name: "oci-secrets-plain-http"},
+			SecretRef: kluctlv1.LocalObjectReference{Name: name},
 		})
 	}
 
@@ -146,7 +138,7 @@ func (suite *GitopsTestSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	}
 }
 
-func (suite *GitopsTestSuite) TestHelm() {
+func (suite *GitOpsHelmSuite) TestHelm() {
 	for _, tc := range helmTests {
 		tc := tc
 		if tc.name == "dep-oci-creds-fail" {
@@ -158,7 +150,7 @@ func (suite *GitopsTestSuite) TestHelm() {
 	}
 }
 
-func (suite *GitopsTestSuite) TestHelmPrePull() {
+func (suite *GitOpsHelmSuite) TestHelmPrePull() {
 	for _, tc := range helmTests {
 		tc := tc
 		if tc.name == "dep-oci-creds-fail" {
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 2fcdbded0..2d6e0db86 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -7,12 +7,23 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
 )
 
-func (suite *GitopsTestSuite) TestGitOpsOciIncludeCredentials() {
+type GitOpsOciIncludeSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsOciInclude(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsOciIncludeSuite))
+}
+
+func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	g := NewWithT(suite.T())
 	_ = g
 
diff --git a/e2e/gitops_prune_delete_test.go b/e2e/gitops_prune_delete_test.go
new file mode 100644
index 000000000..a1563ca8e
--- /dev/null
+++ b/e2e/gitops_prune_delete_test.go
@@ -0,0 +1,204 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
+	"time"
+
+	. "github.com/onsi/gomega"
+)
+
+type GitOpsPruneDeleteSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsPruneDelete(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsPruneDeleteSuite))
+}
+
+func (suite *GitOpsPruneDeleteSuite) TestKluctlDeploymentReconciler_Prune() {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+	p.AddKustomizeDeployment("d2", []test_project.KustomizeResource{
+		{Name: "cm2.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm2
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+	cm := &corev1.ConfigMap{}
+
+	suite.Run("cm1 and cm2 got deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.RemoveNestedField("deployments", 1)
+		return nil
+	})
+
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		_ = suite.k.Client.Get(context.Background(), key, &obj)
+		if obj.Status.LastDeployResult == nil {
+			return false
+		}
+		ldr, err := obj.Status.GetLastDeployResult()
+		g.Expect(err).To(Succeed())
+		return ldr.GitInfo.Commit == getHeadRevision(suite.T(), p)
+	}, timeout, time.Second).Should(BeTrue())
+
+	suite.Run("cm1 and cm2 were not deleted", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Prune = true
+	})
+
+	suite.waitForReconcile(key)
+
+	suite.Run("cm1 did not get deleted and cm2 got deleted", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm2",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(MatchError("configmaps \"cm2\" not found"))
+	})
+}
+
+func (suite *GitOpsPruneDeleteSuite) doTestDelete(delete bool) {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+
+	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
+		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm1
+  namespace: "{{ args.namespace }}"
+data:
+  k1: v1
+`)},
+	}, nil)
+
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
+		"namespace": p.TestSlug(),
+	})
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Delete = delete
+	})
+
+	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+	cm := &corev1.ConfigMap{}
+
+	suite.Run("cm1 got deployed", func() {
+		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+			Name:      "cm1",
+			Namespace: p.TestSlug(),
+		}, cm)
+		g.Expect(err).To(Succeed())
+	})
+
+	suite.deleteKluctlDeployment(key)
+
+	g.Eventually(func() bool {
+		var obj kluctlv1.KluctlDeployment
+		err := suite.k.Client.Get(context.Background(), key, &obj)
+		if err == nil {
+			return false
+		}
+		if !errors.IsNotFound(err) {
+			return false
+		}
+		return true
+	}, timeout, time.Second).Should(BeTrue())
+
+	if delete {
+		suite.Run("cm1 was deleted", func() {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(MatchError("configmaps \"cm1\" not found"))
+		})
+	} else {
+		suite.Run("cm1 was not deleted", func() {
+			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
+				Name:      "cm1",
+				Namespace: p.TestSlug(),
+			}, cm)
+			g.Expect(err).To(Succeed())
+		})
+	}
+}
+
+func (suite *GitOpsPruneDeleteSuite) Test_Delete_True() {
+	suite.doTestDelete(true)
+}
+
+func (suite *GitOpsPruneDeleteSuite) Test_Delete_False() {
+	suite.doTestDelete(false)
+}
diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite.go
new file mode 100644
index 000000000..bd6cee23e
--- /dev/null
+++ b/e2e/gitops_suite.go
@@ -0,0 +1,278 @@
+package e2e
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/huandu/xstrings"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/klog/v2"
+	"math/rand"
+	"os"
+	"path/filepath"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
+	"time"
+
+	. "github.com/onsi/gomega"
+)
+
+const (
+	timeout  = time.Second * 300
+	interval = time.Second * 5
+)
+
+func init() {
+	// this must be called in the first 30 seconds of startup, so we have to do it here at init() time
+	ctrl.SetLogger(klog.NewKlogr())
+}
+
+type GitopsTestSuite struct {
+	suite.Suite
+
+	k *test_utils.EnvTestCluster
+
+	cancelController context.CancelFunc
+
+	gitopsNamespace    string
+	gitopsSecretIdx    int
+	deployments        []client.ObjectKey
+	deletedDeployments []client.ObjectKey
+}
+
+func (suite *GitopsTestSuite) SetupSuite() {
+	suite.k = gitopsCluster
+
+	n := suite.T().Name()
+	n = xstrings.ToKebabCase(n)
+	n = strings.ReplaceAll(n, "/", "-")
+	n += "-gitops"
+	suite.gitopsNamespace = n
+
+	createNamespace(suite.T(), suite.k, suite.gitopsNamespace)
+
+	suite.startController()
+}
+
+func (suite *GitopsTestSuite) TearDownSuite() {
+	g := NewWithT(suite.T())
+
+	g.Eventually(func() bool {
+		for _, key := range suite.deletedDeployments {
+			var kd kluctlv1.KluctlDeployment
+			err := suite.k.Client.Get(context.TODO(), key, &kd)
+			if err == nil {
+				return false
+			}
+		}
+		return true
+	}, timeout, time.Second).Should(BeTrue())
+
+	if suite.cancelController != nil {
+		suite.cancelController()
+	}
+}
+
+func (suite *GitopsTestSuite) TearDownTest() {
+	for _, key := range suite.deployments {
+		suite.deleteKluctlDeployment(key)
+	}
+
+	suite.deployments = nil
+}
+
+func (suite *GitopsTestSuite) startController() {
+	tmpKubeconfig := filepath.Join(suite.T().TempDir(), "kubeconfig")
+	err := os.WriteFile(tmpKubeconfig, suite.k.Kubeconfig, 0o600)
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
+	ctx, ctxCancel := context.WithCancel(context.Background())
+	args := []string{
+		"controller",
+		"run",
+		"--kubeconfig",
+		tmpKubeconfig,
+		"--context",
+		"gitops",
+		"--namespace",
+		suite.gitopsNamespace,
+		"--metrics-bind-address=0",
+		"--health-probe-bind-address=0",
+	}
+	done := make(chan struct{})
+	go func() {
+		_, _, err := test_project.KluctlExecute(suite.T(), ctx, args...)
+		if err != nil {
+			suite.T().Error(err)
+		}
+		close(done)
+	}()
+
+	cancel := func() {
+		ctxCancel()
+		<-done
+	}
+	suite.cancelController = cancel
+}
+
+func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
+	reconcileId := fmt.Sprintf("%d", rand.Int63())
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		a := kd.GetAnnotations()
+		if a == nil {
+			a = map[string]string{}
+		}
+		a[kluctlv1.KluctlRequestReconcileAnnotation] = reconcileId
+		kd.SetAnnotations(a)
+	})
+	return reconcileId
+}
+
+func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
+	g := gomega.NewWithT(suite.T())
+
+	reconcileId := suite.triggerReconcile(key)
+
+	g.Eventually(func() bool {
+		var kd kluctlv1.KluctlDeployment
+		err := suite.k.Client.Get(context.TODO(), key, &kd)
+		g.Expect(err).To(Succeed())
+		return kd.Status.LastHandledReconcileAt == reconcileId
+	}, timeout, time.Second).Should(BeTrue())
+}
+
+func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) {
+	g := gomega.NewWithT(suite.T())
+
+	reconcileId := suite.triggerReconcile(key)
+
+	g.Eventually(func() bool {
+		var kd kluctlv1.KluctlDeployment
+		_ = suite.k.Client.Get(context.Background(), key, &kd)
+		return kd.Status.LastHandledReconcileAt == reconcileId && kd.Status.ObservedCommit == commit
+	}, timeout, time.Second).Should(BeTrue())
+}
+
+func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
+	return suite.createKluctlDeployment2(p, target, args, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Source.Git = &kluctlv1.ProjectSourceGit{
+			URL: *types2.ParseGitUrlMust(p.GitUrl()),
+		}
+	})
+}
+
+func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProject, target string, args map[string]any, modify ...func(kd *kluctlv1.KluctlDeployment)) client.ObjectKey {
+	createNamespace(suite.T(), suite.k, suite.gitopsNamespace)
+
+	jargs, err := json.Marshal(args)
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
+	kluctlDeployment := &kluctlv1.KluctlDeployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      p.TestSlug(),
+			Namespace: suite.gitopsNamespace,
+		},
+		Spec: kluctlv1.KluctlDeploymentSpec{
+			Interval: metav1.Duration{Duration: interval},
+			Timeout:  &metav1.Duration{Duration: timeout},
+			Target:   &target,
+			Args: &runtime.RawExtension{
+				Raw: jargs,
+			},
+		},
+	}
+
+	for _, m := range modify {
+		if m != nil {
+			m(kluctlDeployment)
+		}
+	}
+
+	err = suite.k.Client.Create(context.Background(), kluctlDeployment)
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
+	key := client.ObjectKeyFromObject(kluctlDeployment)
+	suite.deployments = append(suite.deployments, key)
+	return key
+}
+
+func (suite *GitopsTestSuite) updateKluctlDeployment(key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
+	g := NewWithT(suite.T())
+
+	var kd kluctlv1.KluctlDeployment
+	err := suite.k.Client.Get(context.TODO(), key, &kd)
+	g.Expect(err).To(Succeed())
+
+	patch := client.MergeFrom(kd.DeepCopy())
+
+	update(&kd)
+
+	err = suite.k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
+	g.Expect(err).To(Succeed())
+
+	return &kd
+}
+
+func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
+	g := NewWithT(suite.T())
+
+	var kd kluctlv1.KluctlDeployment
+	kd.Name = key.Name
+	kd.Namespace = key.Namespace
+	err := suite.k.Client.Delete(context.Background(), &kd)
+	if err != nil && !errors.IsNotFound(err) {
+		g.Expect(err).To(Succeed())
+	}
+
+	suite.deletedDeployments = append(suite.deletedDeployments, key)
+}
+
+func (suite *GitopsTestSuite) createGitopsSecret(m map[string]string) string {
+	g := NewWithT(suite.T())
+
+	name := fmt.Sprintf("gitops-seceet-%d", suite.gitopsSecretIdx)
+	suite.gitopsSecretIdx++
+
+	mb := map[string][]byte{}
+	for k, v := range m {
+		mb[k] = []byte(v)
+	}
+	credsSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: suite.gitopsNamespace,
+			Name:      name,
+		},
+		Data: mb,
+	}
+	err := suite.k.Client.Create(context.TODO(), credsSecret)
+	g.Expect(err).To(Succeed())
+
+	return name
+}
+
+func (suite *GitopsTestSuite) getReadiness(obj *kluctlv1.KluctlDeployment) *metav1.Condition {
+	for _, c := range obj.Status.Conditions {
+		if c.Type == meta.ReadyCondition {
+			return &c
+		}
+	}
+	return nil
+}
diff --git a/e2e/gitops_test.go b/e2e/gitops_test.go
deleted file mode 100644
index 0ff7c2958..000000000
--- a/e2e/gitops_test.go
+++ /dev/null
@@ -1,544 +0,0 @@
-package e2e
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/onsi/gomega"
-	"github.com/stretchr/testify/suite"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/klog/v2"
-	"math/rand"
-	"os"
-	"path/filepath"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"testing"
-	"time"
-
-	. "github.com/onsi/gomega"
-)
-
-const (
-	timeout  = time.Second * 300
-	interval = time.Second * 5
-)
-
-func init() {
-	// this must be called in the first 30 seconds of startup, so we have to do it here at init() time
-	ctrl.SetLogger(klog.NewKlogr())
-}
-
-type GitopsTestSuite struct {
-	suite.Suite
-
-	k *test_utils.EnvTestCluster
-
-	cancelController context.CancelFunc
-
-	deployments []client.ObjectKey
-}
-
-func (suite *GitopsTestSuite) SetupSuite() {
-	suite.startCluster()
-	suite.startController()
-}
-
-func (suite *GitopsTestSuite) TearDownSuite() {
-	if suite.cancelController != nil {
-		suite.cancelController()
-	}
-
-	if suite.k != nil {
-		suite.k.Stop()
-	}
-}
-
-func (suite *GitopsTestSuite) TearDownTest() {
-	g := NewWithT(suite.T())
-
-	for _, key := range suite.deployments {
-		suite.deleteKluctlDeployment(key)
-	}
-
-	g.Eventually(func() bool {
-		for _, key := range suite.deployments {
-			var kd kluctlv1.KluctlDeployment
-			err := suite.k.Client.Get(context.TODO(), key, &kd)
-			if err == nil {
-				return false
-			}
-		}
-		return true
-	}, timeout, time.Second).Should(BeTrue())
-
-	suite.deployments = nil
-}
-
-func (suite *GitopsTestSuite) startCluster() {
-	suite.k = test_utils.CreateEnvTestCluster("context1")
-	suite.k.CRDDirectoryPaths = []string{"../config/crd/bases"}
-
-	err := suite.k.Start()
-	if err != nil {
-		suite.T().Fatal(err)
-	}
-}
-
-func (suite *GitopsTestSuite) startController() {
-	tmpKubeconfig := filepath.Join(suite.T().TempDir(), "kubeconfig")
-	err := os.WriteFile(tmpKubeconfig, suite.k.Kubeconfig, 0o600)
-	if err != nil {
-		suite.T().Fatal(err)
-	}
-
-	ctx, ctxCancel := context.WithCancel(context.Background())
-	args := []string{
-		"controller",
-		"run",
-		"--kubeconfig",
-		tmpKubeconfig,
-		"--context",
-		"context1",
-	}
-	done := make(chan struct{})
-	go func() {
-		_, _, err := test_project.KluctlExecute(suite.T(), ctx, args...)
-		if err != nil {
-			suite.T().Error(err)
-		}
-		close(done)
-	}()
-
-	cancel := func() {
-		ctxCancel()
-		<-done
-	}
-	suite.cancelController = cancel
-}
-
-func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
-	reconcileId := fmt.Sprintf("%d", rand.Int63())
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		a := kd.GetAnnotations()
-		if a == nil {
-			a = map[string]string{}
-		}
-		a[kluctlv1.KluctlRequestReconcileAnnotation] = reconcileId
-		kd.SetAnnotations(a)
-	})
-	return reconcileId
-}
-
-func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
-	g := gomega.NewWithT(suite.T())
-
-	reconcileId := suite.triggerReconcile(key)
-
-	g.Eventually(func() bool {
-		var kd kluctlv1.KluctlDeployment
-		err := suite.k.Client.Get(context.TODO(), key, &kd)
-		g.Expect(err).To(Succeed())
-		return kd.Status.LastHandledReconcileAt == reconcileId
-	}, timeout, time.Second).Should(BeTrue())
-}
-
-func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) {
-	g := gomega.NewWithT(suite.T())
-
-	reconcileId := suite.triggerReconcile(key)
-
-	g.Eventually(func() bool {
-		var kd kluctlv1.KluctlDeployment
-		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		return kd.Status.LastHandledReconcileAt == reconcileId && kd.Status.ObservedCommit == commit
-	}, timeout, time.Second).Should(BeTrue())
-}
-
-func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
-	return suite.createKluctlDeployment2(p, target, args, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.Source.Git = &kluctlv1.ProjectSourceGit{
-			URL: *types2.ParseGitUrlMust(p.GitUrl()),
-		}
-	})
-}
-
-func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProject, target string, args map[string]any, modify ...func(kd *kluctlv1.KluctlDeployment)) client.ObjectKey {
-	gitopsNs := p.TestSlug() + "-gitops"
-	createNamespace(suite.T(), suite.k, gitopsNs)
-
-	jargs, err := json.Marshal(args)
-	if err != nil {
-		suite.T().Fatal(err)
-	}
-
-	kluctlDeployment := &kluctlv1.KluctlDeployment{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      p.TestSlug(),
-			Namespace: gitopsNs,
-		},
-		Spec: kluctlv1.KluctlDeploymentSpec{
-			Interval: metav1.Duration{Duration: interval},
-			Timeout:  &metav1.Duration{Duration: timeout},
-			Target:   &target,
-			Args: &runtime.RawExtension{
-				Raw: jargs,
-			},
-		},
-	}
-
-	for _, m := range modify {
-		if m != nil {
-			m(kluctlDeployment)
-		}
-	}
-
-	err = suite.k.Client.Create(context.Background(), kluctlDeployment)
-	if err != nil {
-		suite.T().Fatal(err)
-	}
-
-	key := client.ObjectKeyFromObject(kluctlDeployment)
-	suite.deployments = append(suite.deployments, key)
-	return key
-}
-
-func (suite *GitopsTestSuite) updateKluctlDeployment(key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
-	g := NewWithT(suite.T())
-
-	var kd kluctlv1.KluctlDeployment
-	err := suite.k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	patch := client.MergeFrom(kd.DeepCopy())
-
-	update(&kd)
-
-	err = suite.k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
-	g.Expect(err).To(Succeed())
-
-	return &kd
-}
-
-func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
-	g := NewWithT(suite.T())
-
-	var kd kluctlv1.KluctlDeployment
-	kd.Name = key.Name
-	kd.Namespace = key.Namespace
-	err := suite.k.Client.Delete(context.Background(), &kd)
-	if err != nil && !errors.IsNotFound(err) {
-		g.Expect(err).To(Succeed())
-	}
-}
-
-func (suite *GitopsTestSuite) TestGitOpsFieldManager() {
-	g := NewWithT(suite.T())
-
-	p := test_project.NewTestProject(suite.T())
-	createNamespace(suite.T(), suite.k, p.TestSlug())
-
-	p.UpdateTarget("target1", nil)
-	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
-		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cm1
-  namespace: "{{ args.namespace }}"
-data:
-  k1: v1
-  k2: "{{ args.k2 + 1 }}"
-`)},
-	}, nil)
-
-	key := suite.createKluctlDeployment(p, "target1", map[string]any{
-		"namespace": p.TestSlug(),
-		"k2":        42,
-	})
-
-	suite.Run("initial deployment", func() {
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-	})
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: interval}}
-	})
-
-	cm := &corev1.ConfigMap{}
-
-	suite.Run("cm1 is deployed", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v1"))
-		g.Expect(cm.Data).To(HaveKeyWithValue("k2", "43"))
-	})
-
-	suite.Run("cm1 is modified and restored", func() {
-		cm.Data["k1"] = "v2"
-		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
-		g.Expect(err).To(Succeed())
-
-		g.Eventually(func() bool {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "cm1",
-				Namespace: p.TestSlug(),
-			}, cm)
-			g.Expect(err).To(Succeed())
-			return cm.Data["k1"] == "v1"
-		}, timeout, time.Second).Should(BeTrue())
-	})
-
-	suite.Run("cm1 gets a key added which is not modified by the controller", func() {
-		cm.Data["k1"] = "v2"
-		cm.Data["k3"] = "v3"
-		err := suite.k.Client.Update(context.TODO(), cm, client.FieldOwner("kubectl"))
-		g.Expect(err).To(Succeed())
-
-		g.Eventually(func() bool {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "cm1",
-				Namespace: p.TestSlug(),
-			}, cm)
-			g.Expect(err).To(Succeed())
-			return cm.Data["k1"] == "v1"
-		}, timeout, time.Second).Should(BeTrue())
-
-		g.Expect(cm.Data).To(HaveKeyWithValue("k3", "v3"))
-	})
-
-	suite.Run("cm1 gets modified with another field manager", func() {
-		patch := client.MergeFrom(cm.DeepCopy())
-		cm.Data["k1"] = "v2"
-
-		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
-		g.Expect(err).To(Succeed())
-
-		for i := 0; i < 2; i++ {
-			suite.waitForReconcile(key)
-		}
-
-		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		g.Expect(cm.Data).To(HaveKeyWithValue("k1", "v2"))
-	})
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.ForceApply = true
-	})
-
-	suite.Run("forceApply is true and cm1 gets restored even with another field manager", func() {
-		patch := client.MergeFrom(cm.DeepCopy())
-		cm.Data["k1"] = "v2"
-
-		err := suite.k.Client.Patch(context.TODO(), cm, patch, client.FieldOwner("test-field-manager"))
-		g.Expect(err).To(Succeed())
-
-		g.Eventually(func() bool {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "cm1",
-				Namespace: p.TestSlug(),
-			}, cm)
-			g.Expect(err).To(Succeed())
-			return cm.Data["k1"] == "v1"
-		}, timeout, time.Second).Should(BeTrue())
-	})
-}
-
-func (suite *GitopsTestSuite) TestKluctlDeploymentReconciler_Prune() {
-	g := NewWithT(suite.T())
-
-	p := test_project.NewTestProject(suite.T())
-	createNamespace(suite.T(), suite.k, p.TestSlug())
-
-	p.UpdateTarget("target1", nil)
-
-	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
-		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cm1
-  namespace: "{{ args.namespace }}"
-data:
-  k1: v1
-`)},
-	}, nil)
-	p.AddKustomizeDeployment("d2", []test_project.KustomizeResource{
-		{Name: "cm2.yaml", Content: uo.FromStringMust(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cm2
-  namespace: "{{ args.namespace }}"
-data:
-  k1: v1
-`)},
-	}, nil)
-
-	key := suite.createKluctlDeployment(p, "target1", map[string]any{
-		"namespace": p.TestSlug(),
-	})
-
-	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-	cm := &corev1.ConfigMap{}
-
-	suite.Run("cm1 and cm2 got deployed", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm2",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-	})
-
-	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
-		_ = o.RemoveNestedField("deployments", 1)
-		return nil
-	})
-
-	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		_ = suite.k.Client.Get(context.Background(), key, &obj)
-		if obj.Status.LastDeployResult == nil {
-			return false
-		}
-		ldr, err := obj.Status.GetLastDeployResult()
-		g.Expect(err).To(Succeed())
-		return ldr.GitInfo.Commit == getHeadRevision(suite.T(), p)
-	}, timeout, time.Second).Should(BeTrue())
-
-	suite.Run("cm1 and cm2 were not deleted", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm2",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-	})
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.Prune = true
-	})
-
-	suite.waitForReconcile(key)
-
-	suite.Run("cm1 did not get deleted and cm2 got deleted", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-		err = suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm2",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(MatchError("configmaps \"cm2\" not found"))
-	})
-}
-
-func (suite *GitopsTestSuite) doTestDelete(delete bool) {
-	g := NewWithT(suite.T())
-
-	p := test_project.NewTestProject(suite.T())
-	createNamespace(suite.T(), suite.k, p.TestSlug())
-
-	p.UpdateTarget("target1", nil)
-
-	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
-		{Name: "cm1.yaml", Content: uo.FromStringMust(`apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cm1
-  namespace: "{{ args.namespace }}"
-data:
-  k1: v1
-`)},
-	}, nil)
-
-	key := suite.createKluctlDeployment(p, "target1", map[string]any{
-		"namespace": p.TestSlug(),
-	})
-
-	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-		kd.Spec.Delete = delete
-	})
-
-	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-	cm := &corev1.ConfigMap{}
-
-	suite.Run("cm1 got deployed", func() {
-		err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-			Name:      "cm1",
-			Namespace: p.TestSlug(),
-		}, cm)
-		g.Expect(err).To(Succeed())
-	})
-
-	suite.deleteKluctlDeployment(key)
-
-	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &obj)
-		if err == nil {
-			return false
-		}
-		if !errors.IsNotFound(err) {
-			return false
-		}
-		return true
-	}, timeout, time.Second).Should(BeTrue())
-
-	if delete {
-		suite.Run("cm1 was deleted", func() {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "cm1",
-				Namespace: p.TestSlug(),
-			}, cm)
-			g.Expect(err).To(MatchError("configmaps \"cm1\" not found"))
-		})
-	} else {
-		suite.Run("cm1 was not deleted", func() {
-			err := suite.k.Client.Get(context.TODO(), client.ObjectKey{
-				Name:      "cm1",
-				Namespace: p.TestSlug(),
-			}, cm)
-			g.Expect(err).To(Succeed())
-		})
-	}
-}
-
-func (suite *GitopsTestSuite) Test_Delete_True() {
-	suite.doTestDelete(true)
-}
-
-func (suite *GitopsTestSuite) Test_Delete_False() {
-	suite.doTestDelete(false)
-}
-
-func TestGitOps(t *testing.T) {
-	t.Parallel()
-	suite.Run(t, new(GitopsTestSuite))
-}
diff --git a/e2e/render_test.go b/e2e/render_test.go
index 8190dd1a1..280531478 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -35,7 +35,7 @@ func TestRenderPrintAll(t *testing.T) {
 				"project_name":            p.TestSlug(),
 			},
 			"name":      "cm",
-			"namespace": "test-render-print-all",
+			"namespace": p.TestSlug(),
 		}}}, y)
 }
 
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 2322be079..1d7dad655 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -99,7 +99,14 @@ func (p *TestProject) TestSlug() string {
 	n := p.t.Name()
 	n = xstrings.ToKebabCase(n)
 	n = strings.ReplaceAll(n, "/", "-")
-	return n
+	var x []string
+	for _, y := range strings.Split(n, "-") {
+		if y == "test" {
+			continue
+		}
+		x = append(x, y)
+	}
+	return strings.Join(x, "-")
 }
 
 func (p TestProject) Discriminator(targetName string) string {

From 8e2f29a7da979e97f36493115299432f6c5848fb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 00:09:23 +0200
Subject: [PATCH 1713/2268] tests: Fix race condition on git server cleanup

---
 pkg/git/test_git_server.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkg/git/test_git_server.go b/pkg/git/test_git_server.go
index d034524ed..fa826d9d3 100644
--- a/pkg/git/test_git_server.go
+++ b/pkg/git/test_git_server.go
@@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"sigs.k8s.io/yaml"
+	"sync"
 	"testing"
 
 	"github.com/go-git/go-git/v5"
@@ -30,6 +31,8 @@ type TestGitServer struct {
 	authUsername string
 	authPassword string
 	failWhenAuth bool
+
+	cleanupMutex sync.RWMutex
 }
 
 type repoInfo struct {
@@ -76,6 +79,14 @@ func (p *TestGitServer) initGitServer() {
 	p.gitServer = http_server.New(p.baseDir)
 
 	handler := http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		p.cleanupMutex.RLock()
+		defer p.cleanupMutex.RUnlock()
+
+		if p.gitServer == nil {
+			http.Error(writer, "server closed", http.StatusInternalServerError)
+			return
+		}
+
 		username, password, ok := request.BasicAuth()
 		if p.failWhenAuth {
 			if ok {
@@ -109,6 +120,9 @@ func (p *TestGitServer) initGitServer() {
 }
 
 func (p *TestGitServer) Cleanup() {
+	p.cleanupMutex.Lock()
+	defer p.cleanupMutex.Unlock()
+
 	if p.gitHttpServer != nil {
 		_ = p.gitHttpServer.Shutdown(context.Background())
 		p.gitHttpServer = nil

From 8adbac9736b0f342db5a3340cd0ddb7d11aef108 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 00:09:57 +0200
Subject: [PATCH 1714/2268] fix: Make helm/oci creds args order stable

---
 cmd/kluctl/args/helm_credentials.go     | 17 ++++++++-------
 cmd/kluctl/args/registry_credentials.go |  9 ++++----
 cmd/kluctl/commands/completion.go       |  6 ++---
 pkg/deployment/deployment_item.go       |  2 +-
 pkg/deployment/deployment_project.go    |  4 ++--
 pkg/utils/ordered_map.go                | 29 +++++++++++++------------
 6 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 0a49c208b..1ec1b3932 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"strings"
 )
@@ -24,8 +25,8 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		return la, nil
 	}
 
-	byCredentialId := map[string]*helm_auth.AuthEntry{}
-	byHostPath := map[string]*helm_auth.AuthEntry{}
+	var byCredentialId utils.OrderedMap[*helm_auth.AuthEntry]
+	var byHostPath utils.OrderedMap[*helm_auth.AuthEntry]
 
 	getDeprecatedEntry := func(s string) (*helm_auth.AuthEntry, string, bool) {
 		x := strings.Split(s, ":")
@@ -34,12 +35,12 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 		status.Deprecation(ctx, "helm-credential-args-id", "Passing Helm credentials via credentialsId is deprecated and support for it will be removed in a future version of Kluctl. Please switch to using the <host>/<path>=value format.")
 		k := x[0]
-		e, ok := byCredentialId[k]
+		e, ok := byCredentialId.Get(k)
 		if !ok {
 			e = &helm_auth.AuthEntry{
 				CredentialsId: k,
 			}
-			byCredentialId[k] = e
+			byCredentialId.Set(k, e)
 		}
 		return e, x[1], true
 	}
@@ -58,7 +59,7 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 
 		k := x[0]
-		e, ok := byHostPath[k]
+		e, ok := byHostPath.Get(k)
 		if !ok {
 			x := strings.SplitN(k, "/", 2)
 			e = &helm_auth.AuthEntry{}
@@ -68,7 +69,7 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 			} else {
 				e.Host = x[0]
 			}
-			byHostPath[k] = e
+			byHostPath.Set(k, e)
 		}
 
 		if len(x) == 1 {
@@ -129,10 +130,10 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		e.InsecureSkipTLSverify = true
 	}
 
-	for _, e := range byCredentialId {
+	for _, e := range byCredentialId.ListValues() {
 		la.AddEntry(*e)
 	}
-	for _, e := range byHostPath {
+	for _, e := range byHostPath.ListValues() {
 		la.AddEntry(*e)
 	}
 
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index d66e6d29a..008fcd26b 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"strings"
 )
@@ -29,7 +30,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		return la, nil
 	}
 
-	byRegistryAndRepo := map[string]*auth_provider.AuthEntry{}
+	var byRegistryAndRepo utils.OrderedMap[*auth_provider.AuthEntry]
 
 	getEntry := func(s string, expectValue bool) (*auth_provider.AuthEntry, string, error) {
 		x := strings.SplitN(s, "=", 2)
@@ -37,7 +38,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 			return nil, "", fmt.Errorf("expected value")
 		}
 		k := x[0]
-		e, ok := byRegistryAndRepo[k]
+		e, ok := byRegistryAndRepo.Get(k)
 		if !ok {
 			x := strings.SplitN(k, "/", 2)
 			e = &auth_provider.AuthEntry{}
@@ -47,7 +48,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 			} else {
 				e.Registry = x[0]
 			}
-			byRegistryAndRepo[k] = e
+			byRegistryAndRepo.Set(k, e)
 		}
 
 		if len(x) == 1 {
@@ -139,7 +140,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		e.InsecureSkipTlsVerify = true
 	}
 
-	for _, e := range byRegistryAndRepo {
+	for _, e := range byRegistryAndRepo.ListValues() {
 		la.AddEntry(*e)
 	}
 
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index bd53fd172..5e0722333 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -100,8 +100,8 @@ func buildInclusionCompletionFunc(ctx context.Context, cmdStruct interface{}, fo
 	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
 
-		var tags utils.OrderedMap
-		var deploymentItemDirs utils.OrderedMap
+		var tags utils.OrderedMap[bool]
+		var deploymentItemDirs utils.OrderedMap[bool]
 		var mutex sync.Mutex
 
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
@@ -155,7 +155,7 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 			return nil, cobra.ShellCompDirectiveDefault
 		}
 
-		var images utils.OrderedMap
+		var images utils.OrderedMap[bool]
 		var mutex sync.Mutex
 
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 86c478c18..6228b6e17 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -37,7 +37,7 @@ type DeploymentItem struct {
 	WaitReadiness bool
 
 	Objects []*uo.UnstructuredObject
-	Tags    *utils.OrderedMap
+	Tags    *utils.OrderedMap[bool]
 
 	RenderedSourceRootDir string
 	RelToSourceItemDir    string
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index bde3db87d..e1ef5aa7e 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -340,8 +340,8 @@ func (p *DeploymentProject) getOverrideNamespace() *string {
 	return nil
 }
 
-func (p *DeploymentProject) getTags() *utils.OrderedMap {
-	var tags utils.OrderedMap
+func (p *DeploymentProject) getTags() *utils.OrderedMap[bool] {
+	var tags utils.OrderedMap[bool]
 	for _, e := range p.getParents() {
 		if e.inc != nil {
 			tags.SetMultiple(e.inc.Tags, true)
diff --git a/pkg/utils/ordered_map.go b/pkg/utils/ordered_map.go
index b19de7aff..9c634173d 100644
--- a/pkg/utils/ordered_map.go
+++ b/pkg/utils/ordered_map.go
@@ -1,16 +1,16 @@
 package utils
 
-type orderedMapEntry struct {
+type orderedMapEntry[T any] struct {
 	k string
-	v interface{}
+	v T
 }
 
-type OrderedMap struct {
+type OrderedMap[T any] struct {
 	m map[string]int
-	l []orderedMapEntry
+	l []orderedMapEntry[T]
 }
 
-func (s *OrderedMap) Set(k string, v interface{}) bool {
+func (s *OrderedMap[T]) Set(k string, v T) bool {
 	if s.m == nil {
 		s.m = map[string]int{k: 0}
 	} else {
@@ -19,30 +19,31 @@ func (s *OrderedMap) Set(k string, v interface{}) bool {
 		}
 		s.m[k] = len(s.l)
 	}
-	s.l = append(s.l, orderedMapEntry{k: k, v: v})
+	s.l = append(s.l, orderedMapEntry[T]{k: k, v: v})
 	return true
 }
 
-func (s *OrderedMap) SetMultiple(k []string, v interface{}) {
+func (s *OrderedMap[T]) SetMultiple(k []string, v T) {
 	for _, x := range k {
 		s.Set(x, v)
 	}
 }
 
-func (s *OrderedMap) Has(v string) bool {
+func (s *OrderedMap[T]) Has(v string) bool {
 	_, ok := s.m[v]
 	return ok
 }
 
-func (s *OrderedMap) Get(v string) (interface{}, bool) {
+func (s *OrderedMap[T]) Get(v string) (T, bool) {
 	i, ok := s.m[v]
 	if !ok {
-		return nil, ok
+		var n T
+		return n, ok
 	}
 	return s.l[i].v, true
 }
 
-func (s *OrderedMap) ListKeys() []string {
+func (s *OrderedMap[T]) ListKeys() []string {
 	l := make([]string, len(s.l))
 	for i, e := range s.l {
 		l[i] = e.k
@@ -50,15 +51,15 @@ func (s *OrderedMap) ListKeys() []string {
 	return l
 }
 
-func (s *OrderedMap) ListValues() []interface{} {
-	l := make([]interface{}, len(s.l))
+func (s *OrderedMap[T]) ListValues() []T {
+	l := make([]T, len(s.l))
 	for i, e := range s.l {
 		l[i] = e.v
 	}
 	return l
 }
 
-func (s *OrderedMap) Merge(other *OrderedMap) {
+func (s *OrderedMap[T]) Merge(other *OrderedMap[T]) {
 	for _, e := range other.l {
 		s.Set(e.k, e.v)
 	}

From 265d5f3da0cc3e949e6b8e79daeedfe2a565d10c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 20:46:02 +0200
Subject: [PATCH 1715/2268] tests: Enable race detection on mac

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 4e82b9089..b8252feba 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@ EXE=.exe
 endif
 
 RACE=
-ifeq ($(GOOS), linux)
+ifneq ($(GOOS), windows)
 RACE=-race
 endif
 

From f32783b1621d02fe6d264595ce4f5fe15c7caa6a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 20:46:33 +0200
Subject: [PATCH 1716/2268] tests: Use development config for logging when in
 testing mode

---
 cmd/kluctl/commands/cmd_controller_run.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index a2720e410..d4b3c7f5d 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -27,6 +27,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"testing"
 )
 
 var (
@@ -79,6 +80,9 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	opts := zap.Options{}
+	if testing.Testing() {
+		opts.Development = true
+	}
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
 	restConfig, err := cmd.loadConfig(cmd.Kubeconfig, cmd.Context)

From a3709953b6e92e0b683edf9076058343f8dc7d35 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 20:47:20 +0200
Subject: [PATCH 1717/2268] tests: Use separate namespace for results in
 parallel tests

---
 e2e/gitops_errors_test.go |  2 ++
 e2e/gitops_suite.go       | 12 ++++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 7fbc012d1..8d7027eff 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -53,7 +53,9 @@ func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav
 	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
 		Id: lastDeployResult.Id,
 	})
+	g.Expect(err).To(Succeed())
 	if len(expectedErrors) != 0 || len(expectedWarnings) != 0 {
+		g.Expect(cr).ToNot(BeNil())
 		g.Expect(err).To(Succeed())
 		g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
 		g.Expect(cr.Warnings).To(ConsistOf(expectedWarnings))
diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite.go
index bd6cee23e..67232209d 100644
--- a/e2e/gitops_suite.go
+++ b/e2e/gitops_suite.go
@@ -45,10 +45,11 @@ type GitopsTestSuite struct {
 
 	cancelController context.CancelFunc
 
-	gitopsNamespace    string
-	gitopsSecretIdx    int
-	deployments        []client.ObjectKey
-	deletedDeployments []client.ObjectKey
+	gitopsNamespace        string
+	gitopsResultsNamespace string
+	gitopsSecretIdx        int
+	deployments            []client.ObjectKey
+	deletedDeployments     []client.ObjectKey
 }
 
 func (suite *GitopsTestSuite) SetupSuite() {
@@ -59,6 +60,7 @@ func (suite *GitopsTestSuite) SetupSuite() {
 	n = strings.ReplaceAll(n, "/", "-")
 	n += "-gitops"
 	suite.gitopsNamespace = n
+	suite.gitopsResultsNamespace = n + "-r"
 
 	createNamespace(suite.T(), suite.k, suite.gitopsNamespace)
 
@@ -109,6 +111,8 @@ func (suite *GitopsTestSuite) startController() {
 		"gitops",
 		"--namespace",
 		suite.gitopsNamespace,
+		"--command-result-namespace",
+		suite.gitopsNamespace + "-results",
 		"--metrics-bind-address=0",
 		"--health-probe-bind-address=0",
 	}

From c8243d1efc074b5c1c60eb49e13a7bf8ea95c8a2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 20:47:47 +0200
Subject: [PATCH 1718/2268] fix: Only cleanup results from writeNamespace

---
 pkg/results/result-store-secrets.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index d2f22efea..3b8e44c58 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -324,6 +324,9 @@ func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
 	}
 
 	tryDeleteResult := func(secretKey client.ObjectKey, deployment *result.KluctlDeploymentInfo, id string, t string) {
+		if secretKey.Namespace != s.writeNamespace {
+			return
+		}
 		if _, ok := deploymentsMap[*deployment]; ok {
 			return
 		}

From 1136d7d9a0e77d953fa30ff2fe110c58ced7d2e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 13 Oct 2023 20:48:10 +0200
Subject: [PATCH 1719/2268] tests: Fix race when controller gets stopped

---
 e2e/test_project/kluctl_execute.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 2f8487da5..7b72335a1 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -29,6 +29,9 @@ func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, s
 	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		m.Lock()
 		defer m.Unlock()
+		if ctx.Err() != nil {
+			return
+		}
 		t.Log(message)
 		stderrBuf.WriteString(message + "\n")
 	}, true)

From 8fc9ac5cf378415d6a81eaca196cef42360dbe45 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 14 Oct 2023 00:16:06 +0200
Subject: [PATCH 1720/2268] tests: Increase timeout for all e2e tests

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index b8252feba..c75449a5a 100644
--- a/Makefile
+++ b/Makefile
@@ -93,7 +93,7 @@ test-unit: envtest ## Run unit tests.
 
 .PHONY: test-e2e
 test-e2e: envtest ## Run e2e tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -coverprofile cover.out -test.v
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -timeout 15m -coverprofile cover.out -test.v
 
 replace-commands-help: ## Replace commands help in docs
 	go run ./internal/replace-commands-help --docs-dir ./docs/kluctl/commands

From b3e5734b95f5197d5d5732c5505c3f3dc94ff3cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 14 Oct 2023 23:01:22 +0200
Subject: [PATCH 1721/2268] tests: Wait until status != unknown

---
 e2e/gitops_errors_test.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 8d7027eff..2e573f8e9 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -15,6 +15,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
+	"time"
 )
 
 type GitOpsErrorsSuite struct {
@@ -30,8 +31,13 @@ func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav
 	g := NewWithT(suite.T())
 
 	var kd kluctlv1.KluctlDeployment
-	err := suite.k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
+	g.Eventually(func() bool {
+		err := suite.k.Client.Get(context.TODO(), key, &kd)
+		g.Expect(err).To(Succeed())
+
+		readiness := suite.getReadiness(&kd)
+		return readiness.Status != metav1.ConditionUnknown
+	}, timeout, time.Second).Should(BeTrue())
 
 	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
 

From 9ab79751c1bd29cd7a728dd06992a2e4d8ac39f7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 09:24:57 +0200
Subject: [PATCH 1722/2268] tests: Introduce custom TestMain to ensure the
 user's Helm configs are not used

---
 e2e/main_test.go | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 e2e/main_test.go

diff --git a/e2e/main_test.go b/e2e/main_test.go
new file mode 100644
index 000000000..97c6ef92e
--- /dev/null
+++ b/e2e/main_test.go
@@ -0,0 +1,40 @@
+package e2e
+
+import (
+	"os"
+	"testing"
+)
+
+func TestMain(m *testing.M) {
+	tmpFile1, err := os.CreateTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	tmpFile2, err := os.CreateTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	tmpFile2.Close()
+	defer func() {
+		os.Remove(tmpFile2.Name())
+	}()
+	tmpDir1, err := os.MkdirTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	defer func() {
+		os.RemoveAll(tmpDir1)
+	}()
+	tmpDir2, err := os.MkdirTemp("", "")
+	if err != nil {
+		panic(err)
+	}
+	defer func() {
+		os.RemoveAll(tmpDir2)
+	}()
+	os.Setenv("HELM_REGISTRY_CONFIG", tmpFile1.Name())
+	os.Setenv("HELM_REPOSITORY_CONFIG", tmpFile2.Name())
+	os.Setenv("HELM_REPOSITORY_CACHE", tmpDir1)
+	os.Setenv("HELM_PLUGINS", tmpDir2)
+	os.Exit(m.Run())
+}

From f583d2087d7fcfd1a886142f7d97ae0bde79fde4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 10:55:18 +0200
Subject: [PATCH 1723/2268] feat: Introduce --helm-creds and --registry-creds
 arguments

---
 cmd/kluctl/args/helm_credentials.go     | 13 +++++++++++++
 cmd/kluctl/args/registry_credentials.go | 18 ++++++++++++++++--
 docs/kluctl/commands/delete.md          | 20 ++++++++++++++++----
 docs/kluctl/commands/deploy.md          | 20 ++++++++++++++++----
 docs/kluctl/commands/diff.md            | 20 ++++++++++++++++----
 docs/kluctl/commands/helm-update.md     | 20 ++++++++++++++++----
 docs/kluctl/commands/list-images.md     | 20 ++++++++++++++++----
 docs/kluctl/commands/poke-images.md     | 20 ++++++++++++++++----
 docs/kluctl/commands/prune.md           | 20 ++++++++++++++++----
 docs/kluctl/commands/render.md          | 20 ++++++++++++++++----
 docs/kluctl/commands/validate.md        | 20 ++++++++++++++++----
 e2e/helm_test.go                        | 17 +++++++++++++----
 e2e/oci_include_test.go                 |  8 ++++----
 13 files changed, 190 insertions(+), 46 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 1ec1b3932..1c5bdaee8 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -17,6 +17,7 @@ type HelmCredentials struct {
 	HelmCertFile              []string `group:"misc" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 	HelmCAFile                []string `group:"misc" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
 	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCreds                 []string `group:"misc" help:"This is a shortcut to --helm-username and --helm-password. Must be in the form --helm-creds=<host>/<path>=<username>:<password>, which specifies the username and password for the same repository."`
 }
 
 func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.HelmAuthProvider, error) {
@@ -129,6 +130,18 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		}
 		e.InsecureSkipTLSverify = true
 	}
+	for _, s := range c.HelmCreds {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		x := strings.SplitN(v, ":", 2)
+		if len(x) != 2 {
+			return nil, fmt.Errorf("format of --helm-creds values must be <host>/<path>=<username>:<password>")
+		}
+		e.Username = x[0]
+		e.Password = x[1]
+	}
 
 	for _, e := range byCredentialId.ListValues() {
 		la.AddEntry(*e)
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 008fcd26b..05d101036 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -13,8 +13,9 @@ type RegistryCredentials struct {
 	RegistryUsername      []string `group:"misc" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
 	RegistryPassword      []string `group:"misc" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
 	RegistryAuth          []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
-	RegistryIdentityToken []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
-	RegistryToken         []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+	RegistryIdentityToken []string `group:"misc" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
+	RegistryToken         []string `group:"misc" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+	RegistryCreds         []string `group:"misc" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
 
 	RegistryKeyFile  []string `group:"misc" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
 	RegistryCertFile []string `group:"misc" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
@@ -139,6 +140,19 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		}
 		e.InsecureSkipTlsVerify = true
 	}
+	for _, s := range c.RegistryCreds {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		x := strings.SplitN(v, ":", 2)
+		if len(x) == 1 {
+			e.AuthConfig.RegistryToken = x[0]
+		} else {
+			e.AuthConfig.Username = x[0]
+			e.AuthConfig.Password = x[1]
+		}
+	}
 
 	for _, e := range byRegistryAndRepo.ListValues() {
 		la.AddEntry(*e)
diff --git a/docs/kluctl/commands/delete.md b/docs/kluctl/commands/delete.md
index a4b774077..70f2a696b 100644
--- a/docs/kluctl/commands/delete.md
+++ b/docs/kluctl/commands/delete.md
@@ -50,6 +50,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -89,8 +93,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -100,8 +112,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index e93c28de7..fd907a037 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -53,6 +53,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -98,8 +102,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -109,8 +121,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 207161b0a..5634cf6b4 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -50,6 +50,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -91,8 +95,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -102,8 +114,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/helm-update.md b/docs/kluctl/commands/helm-update.md
index 835259897..cb71294dc 100644
--- a/docs/kluctl/commands/helm-update.md
+++ b/docs/kluctl/commands/helm-update.md
@@ -42,6 +42,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -76,8 +80,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -87,8 +99,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --upgrade                                         Write new versions into helm-chart.yaml and perform
diff --git a/docs/kluctl/commands/list-images.md b/docs/kluctl/commands/list-images.md
index 87bb26821..d952b8be6 100644
--- a/docs/kluctl/commands/list-images.md
+++ b/docs/kluctl/commands/list-images.md
@@ -46,6 +46,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -85,8 +89,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -96,8 +108,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/poke-images.md b/docs/kluctl/commands/poke-images.md
index 90cc4a27c..6631f8774 100644
--- a/docs/kluctl/commands/poke-images.md
+++ b/docs/kluctl/commands/poke-images.md
@@ -47,6 +47,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -85,8 +89,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -96,8 +108,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/prune.md b/docs/kluctl/commands/prune.md
index cbddf4f37..f203f594b 100644
--- a/docs/kluctl/commands/prune.md
+++ b/docs/kluctl/commands/prune.md
@@ -43,6 +43,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -81,8 +85,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -92,8 +104,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/render.md b/docs/kluctl/commands/render.md
index 9ea69326f..b4a0730da 100644
--- a/docs/kluctl/commands/render.md
+++ b/docs/kluctl/commands/render.md
@@ -44,6 +44,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -83,8 +87,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -94,8 +106,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/docs/kluctl/commands/validate.md b/docs/kluctl/commands/validate.md
index 7420cdea9..8609cd9ad 100644
--- a/docs/kluctl/commands/validate.md
+++ b/docs/kluctl/commands/validate.md
@@ -44,6 +44,10 @@ Misc arguments:
                                                         --helm-cert-file=<credentialsId>:<filePath>, where
                                                         <credentialsId> must match the id specified in the
                                                         helm-chart.yaml.
+      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
+                                                        Must be in the form
+                                                        --helm-creds=<host>/<path>=<username>:<password>, which
+                                                        specifies the username and password for the same repository.
       --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
                                                         --helm-insecure-skip-tls-verify=<host>/<path> or in the
                                                         deprecated form
@@ -78,8 +82,16 @@ Misc arguments:
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
                                                         in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-identity-token stringArray             Specify auth string to use for OCI authentication. Must be
-                                                        in the form
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
                                                         --registry-identity-token=<registry>/<repo>=<identity-token>.
       --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
                                                         --registry-insecure-skip-tls-verify=<registry>/<repo>.
@@ -89,8 +101,8 @@ Misc arguments:
                                                         the form --registry-password=<registry>/<repo>=<password>.
       --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
                                                         --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
       --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
                                                         the form --registry-username=<registry>/<repo>=<username>.
       --render-output-dir string                        Specifies the target directory to render the project into.
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 33e9497c8..5973f1a93 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"math/rand"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -191,8 +192,12 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 			if tc.argCredsPath != "" {
 				r += "/" + tc.argCredsPath
 			}
-			ret = append(ret, fmt.Sprintf("--registry-username=%s=%s", r, tc.argUsername))
-			ret = append(ret, fmt.Sprintf("--registry-password=%s=%s", r, tc.argPassword))
+			if (rand.Int() & 1) == 0 {
+				ret = append(ret, fmt.Sprintf("--registry-username=%s=%s", r, tc.argUsername))
+				ret = append(ret, fmt.Sprintf("--registry-password=%s=%s", r, tc.argPassword))
+			} else {
+				ret = append(ret, fmt.Sprintf("--registry-creds=%s=%s:%s", r, tc.argUsername, tc.argPassword))
+			}
 			if !repo.TLSEnabled {
 				ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", r))
 			}
@@ -222,8 +227,12 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 			if tc.argCredsPath != "" {
 				r += "/" + tc.argCredsPath
 			}
-			ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
-			ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
+			if (rand.Int() & 1) == 0 {
+				ret = append(ret, fmt.Sprintf("--helm-username=%s=%s", r, tc.argUsername))
+				ret = append(ret, fmt.Sprintf("--helm-password=%s=%s", r, tc.argPassword))
+			} else {
+				ret = append(ret, fmt.Sprintf("--helm-creds=%s=%s:%s", r, tc.argUsername, tc.argPassword))
+			}
 		}
 		if tc.testTLS {
 			if tc.argPassCA {
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 8125cf23c..74e3bc3f0 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -89,14 +89,14 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// push with invalid creds
-	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--creds", "user1:invalid")
+	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:invalid", repo1.URL.Host))
 	assert.ErrorContains(t, err, "401 Unauthorized")
 	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// now with valid creds
-	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--creds", "user1:pass1")
-	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
-	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--creds", "user3:pass3")
+	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
+	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(t)
 

From 5e9a871e17f3db57bc00dcb4e336f355223b101c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 10:55:52 +0200
Subject: [PATCH 1724/2268] feat: Let "oci push" command use
 RegistryCredentials instead of own implementation

---
 cmd/kluctl/commands/cmd_oci_push.go | 91 +++++++----------------------
 docs/kluctl/commands/oci-push.md    | 50 ++++++++++++----
 e2e/gitops_oci_include_test.go      |  9 +--
 3 files changed, 63 insertions(+), 87 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index 1a4986a8d..a4815e97a 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -6,20 +6,14 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
 	"strings"
 	"time"
 
-	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/crane"
-	"github.com/google/go-containerregistry/pkg/name"
 	reg "github.com/google/go-containerregistry/pkg/name"
-	"github.com/google/go-containerregistry/pkg/v1/remote"
-	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
-
-	"github.com/kluctl/kluctl/v2/pkg/oci/auth/login"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 )
@@ -28,10 +22,9 @@ var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Spl
 
 type ociPushCmd struct {
 	args.ProjectDir
+	args.RegistryCredentials
 
 	Url        string   `group:"misc" help:"Specifies the artifact URL. This argument is required." required:"true"`
-	Creds      string   `group:"misc" help:"credentials for OCI registry in the format <username>[:<password>] if --provider is generic"`
-	Provider   string   `group:"misc" help:"the OCI provider name, available options are: (generic, aws, azure, gcp)" default:"generic"`
 	IgnorePath []string `group:"misc" help:"set paths to ignore in .gitignore format."`
 	Annotation []string `group:"misc" help:"Set custom OCI annotations in the format '<key>=<value>'"`
 	Output     string   `group:"misc" help:"the format in which the artifact digest should be printed, can be 'json' or 'yaml'"`
@@ -41,8 +34,7 @@ type ociPushCmd struct {
 
 func (cmd *ociPushCmd) Help() string {
 	return `The push command creates a tarball from the current project and uploads the
-artifact to an OCI repository. The command can read the credentials from '~/.docker/config.json' but they can also be
-passed with --creds. It can also login to a supported provider with the --provider flag.`
+artifact to an OCI repository.`
 }
 
 func (cmd *ociPushCmd) Run(ctx context.Context) error {
@@ -50,19 +42,20 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 		cmd.IgnorePath = excludeOCI
 	}
 
-	if cmd.Provider != "generic" &&
-		cmd.Provider != "azure" &&
-		cmd.Provider != "aws" &&
-		cmd.Provider != "gcp" {
-		return fmt.Errorf("unknown provider %s", cmd.Provider)
+	if cmd.Timeout != 0 {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithTimeout(ctx, cmd.Timeout)
+		defer cancel()
 	}
 
-	url, err := client.ParseArtifactURL(cmd.Url)
-	if err != nil {
+	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	if x, err := cmd.RegistryCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
+	} else {
+		ociAuthProvider.RegisterAuthProvider(x, false)
 	}
 
-	ref, err := name.ParseReference(url)
+	url, err := client.ParseArtifactURL(cmd.Url)
 	if err != nil {
 		return err
 	}
@@ -108,50 +101,19 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 	ctx, cancel := context.WithTimeout(ctx, cmd.Timeout)
 	defer cancel()
 
-	var auth authn.Authenticator
-	opts := client.DefaultOptions()
-	if cmd.Provider == "generic" && cmd.Creds != "" {
-		status.Info(ctx, "Logging in to registry with credentials")
-		auth, err = client.GetAuthFromCredentials(cmd.Creds)
-		if err != nil {
-			return fmt.Errorf("could not login with credentials: %w", err)
-		}
-		opts = append(opts, crane.WithAuth(auth))
-	}
-
-	if cmd.Provider != "generic" {
-		status.Info(ctx, "Logging in to registry with provider credentials")
-
-		auth, err = login.NewManager().Login(ctx, url, ref, getProviderLoginOption(cmd.Provider))
-		if err != nil {
-			return fmt.Errorf("error during login with provider: %w", err)
-		}
-		opts = append(opts, crane.WithAuth(auth))
+	ae, err := ociAuthProvider.FindAuthEntry(ctx, cmd.Url)
+	if err != nil {
+		return err
 	}
 
-	if cmd.Timeout != 0 {
-		backoff := remote.Backoff{
-			Duration: 1.0 * time.Second,
-			Factor:   3,
-			Jitter:   0.1,
-			// timeout happens when the cap is exceeded or number of steps is reached
-			// 10 steps is big enough that most reasonable cap(under 30min) will be exceeded before
-			// the number of steps are completed.
-			Steps: 10,
-			Cap:   cmd.Timeout,
-		}
+	opts := client.DefaultOptions()
 
-		if auth == nil {
-			auth, err = authn.DefaultKeychain.Resolve(ref.Context())
-			if err != nil {
-				return err
-			}
-		}
-		transportOpts, err := client.WithRetryTransport(ctx, ref, auth, backoff, []string{ref.Context().Scope(transport.PushScope)})
+	if ae != nil {
+		authOpts, err := ae.BuildCraneOptions()
 		if err != nil {
-			return fmt.Errorf("error setting up transport: %w", err)
+			return err
 		}
-		opts = append(opts, transportOpts, client.WithRetryBackOff(backoff))
+		opts = append(opts, authOpts...)
 	}
 
 	var st *status.StatusContext
@@ -213,16 +175,3 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 
 	return nil
 }
-
-func getProviderLoginOption(provider string) login.ProviderOptions {
-	var opts login.ProviderOptions
-	switch provider {
-	case "azure":
-		opts.AzureAutoLogin = true
-	case "aws":
-		opts.AwsAutoLogin = true
-	case "gcp":
-		opts.GcpAutoLogin = true
-	}
-	return opts
-}
diff --git a/docs/kluctl/commands/oci-push.md b/docs/kluctl/commands/oci-push.md
index 4ed6b4a8c..0daea8bd7 100644
--- a/docs/kluctl/commands/oci-push.md
+++ b/docs/kluctl/commands/oci-push.md
@@ -15,8 +15,7 @@ Usage: kluctl oci push [flags]
 
 Push to an oci repository
 The push command creates a tarball from the current project and uploads the
-artifact to an OCI repository. The command can read the credentials from '~/.docker/config.json' but they can also be
-passed with --creds. It can also login to a supported provider with the --provider flag.
+artifact to an OCI repository.
 
 <!-- END SECTION -->
 
@@ -28,16 +27,43 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --annotation stringArray    Set custom OCI annotations in the format '<key>=<value>'
-      --creds string              credentials for OCI registry in the format <username>[:<password>] if --provider
-                                  is generic
-      --ignore-path stringArray   set paths to ignore in .gitignore format.
-      --output string             the format in which the artifact digest should be printed, can be 'json' or 'yaml'
-      --provider string           the OCI provider name, available options are: (generic, aws, azure, gcp)
-                                  (default "generic")
-      --timeout duration          Specify timeout for all operations, including loading of the project, all
-                                  external api calls and waiting for readiness. (default 10m0s)
-      --url string                Specifies the artifact URL. This argument is required.
+      --annotation stringArray                          Set custom OCI annotations in the format '<key>=<value>'
+      --ignore-path stringArray                         set paths to ignore in .gitignore format.
+      --output string                                   the format in which the artifact digest should be printed,
+                                                        can be 'json' or 'yaml'
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+      --timeout duration                                Specify timeout for all operations, including loading of
+                                                        the project, all external api calls and waiting for
+                                                        readiness. (default 10m0s)
+      --url string                                      Specifies the artifact URL. This argument is required.
 
 ```
 <!-- END SECTION -->
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 2d6e0db86..e11ff8cbb 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
@@ -53,9 +54,9 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	repoUrl2 := repo2.URL.String() + "/org2/repo2"
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
-	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--creds", "user1:pass1")
-	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--creds", "user2:pass2")
-	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--creds", "user3:pass3")
+	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
+	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(suite.T())
 
@@ -79,7 +80,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 			"url": repoUrl3,
 		},
 	}))
-	p.KluctlMust("oci", "push", "--url", repoUrl0, "--creds", "user0:pass0")
+	p.KluctlMust("oci", "push", "--url", repoUrl0, "--registry-creds", fmt.Sprintf("%s=user0:pass0", repo0.URL.Host))
 
 	var key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
 		kd.Spec.Source.Oci = &v1beta1.ProjectSourceOci{

From fddb0c04f9ba0d007f35c3d6a59d921c8e593ddf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 11:11:49 +0200
Subject: [PATCH 1725/2268] docs: Introduce dedicate argument groups for helm
 and registry

---
 cmd/kluctl/args/helm_credentials.go      |  14 +--
 cmd/kluctl/args/registry_credentials.go  |  22 ++--
 cmd/kluctl/commands/root.go              |   2 +
 docs/kluctl/commands/common-arguments.md |  90 ++++++++++++++++
 docs/kluctl/commands/delete.md           | 102 +++---------------
 docs/kluctl/commands/deploy.md           | 125 +++++------------------
 docs/kluctl/commands/diff.md             | 110 ++++----------------
 docs/kluctl/commands/helm-pull.md        |   2 +
 docs/kluctl/commands/helm-update.md      |  82 +--------------
 docs/kluctl/commands/list-images.md      |  92 ++---------------
 docs/kluctl/commands/oci-push.md         |  48 ++-------
 docs/kluctl/commands/poke-images.md      |  98 +++---------------
 docs/kluctl/commands/prune.md            |  98 +++---------------
 docs/kluctl/commands/render.md           |  90 ++--------------
 docs/kluctl/commands/validate.md         |  88 ++--------------
 15 files changed, 234 insertions(+), 829 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 1c5bdaee8..d8cec4669 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -11,13 +11,13 @@ import (
 )
 
 type HelmCredentials struct {
-	HelmUsername              []string `group:"misc" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmPassword              []string `group:"misc" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmKeyFile               []string `group:"misc" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCertFile              []string `group:"misc" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCAFile                []string `group:"misc" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCreds                 []string `group:"misc" help:"This is a shortcut to --helm-username and --helm-password. Must be in the form --helm-creds=<host>/<path>=<username>:<password>, which specifies the username and password for the same repository."`
+	HelmUsername              []string `group:"helm" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmPassword              []string `group:"helm" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmKeyFile               []string `group:"helm" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCertFile              []string `group:"helm" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCAFile                []string `group:"helm" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmInsecureSkipTlsVerify []string `group:"helm" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCreds                 []string `group:"helm" help:"This is a shortcut to --helm-username and --helm-password. Must be in the form --helm-creds=<host>/<path>=<username>:<password>, which specifies the username and password for the same repository."`
 }
 
 func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.HelmAuthProvider, error) {
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 05d101036..ae56c5b4b 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -10,19 +10,19 @@ import (
 )
 
 type RegistryCredentials struct {
-	RegistryUsername      []string `group:"misc" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
-	RegistryPassword      []string `group:"misc" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
-	RegistryAuth          []string `group:"misc" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
-	RegistryIdentityToken []string `group:"misc" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
-	RegistryToken         []string `group:"misc" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
-	RegistryCreds         []string `group:"misc" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
+	RegistryUsername      []string `group:"registry" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
+	RegistryPassword      []string `group:"registry" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
+	RegistryAuth          []string `group:"registry" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
+	RegistryIdentityToken []string `group:"registry" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
+	RegistryToken         []string `group:"registry" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+	RegistryCreds         []string `group:"registry" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
 
-	RegistryKeyFile  []string `group:"misc" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
-	RegistryCertFile []string `group:"misc" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
-	RegistryCAFile   []string `group:"misc" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
+	RegistryKeyFile  []string `group:"registry" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
+	RegistryCertFile []string `group:"registry" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
+	RegistryCAFile   []string `group:"registry" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
 
-	RegistryPlainHttp             []string `group:"misc" help:"Forces the use of http (no TLS). Must be in the form --registry-plain-http=<registry>/<repo>."`
-	RegistryInsecureSkipTlsVerify []string `group:"misc" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
+	RegistryPlainHttp             []string `group:"registry" help:"Forces the use of http (no TLS). Must be in the form --registry-plain-http=<registry>/<repo>."`
+	RegistryInsecureSkipTlsVerify []string `group:"registry" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
 }
 
 func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provider.OciAuthProvider, error) {
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index ba50b4aea..ad9654560 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -86,6 +86,8 @@ var flagGroups = []groupInfo{
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
+	{group: "helm", title: "Helm arguments:", description: "Configure Helm authentication."},
+	{group: "registry", title: "Registry arguments:", description: "Configure OCI registry authentication."},
 	{group: "auth", title: "Auth arguments:", description: "Configure authentication."},
 }
 
diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index a5f01111b..632b4af92 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -148,3 +148,93 @@ Command Results:
 
 ```
 <!-- END SECTION -->
+
+## Helm arguments
+
+These arguments mainly control authentication to Helm repositories.
+
+<!-- BEGIN SECTION "deploy" "Helm arguments" true -->
+```
+Helm arguments:
+  Configure Helm authentication.
+
+      --helm-ca-file stringArray                    Specify ca bundle certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-ca-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-ca-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-cert-file stringArray                  Specify key to use for Helm Repository authentication. Must be
+                                                    in the form --helm-cert-file=<host>/<path>=<filePath> or in
+                                                    the deprecated form
+                                                    --helm-cert-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-creds stringArray                      This is a shortcut to --helm-username and --helm-password.
+                                                    Must be in the form
+                                                    --helm-creds=<host>/<path>=<username>:<password>, which
+                                                    specifies the username and password for the same repository.
+      --helm-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                    --helm-insecure-skip-tls-verify=<host>/<path> or in the
+                                                    deprecated form
+                                                    --helm-insecure-skip-tls-verify=<credentialsId>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-key-file stringArray                   Specify client certificate to use for Helm Repository
+                                                    authentication. Must be in the form
+                                                    --helm-key-file=<host>/<path>=<filePath> or in the deprecated
+                                                    form --helm-key-file=<credentialsId>:<filePath>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-password stringArray                   Specify password to use for Helm Repository authentication.
+                                                    Must be in the form --helm-password=<host>/<path>=<password>
+                                                    or in the deprecated form
+                                                    --helm-password=<credentialsId>:<password>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+      --helm-username stringArray                   Specify username to use for Helm Repository authentication.
+                                                    Must be in the form --helm-username=<host>/<path>=<username>
+                                                    or in the deprecated form
+                                                    --helm-username=<credentialsId>:<username>, where
+                                                    <credentialsId> must match the id specified in the helm-chart.yaml.
+
+```
+<!-- END SECTION -->
+
+## Registry arguments
+
+These arguments mainly control authentication to OCI based registries. This is used by the Helm integration and
+by the OCI includes integration.
+
+<!-- BEGIN SECTION "deploy" "Registry arguments" true -->
+```
+Registry arguments:
+  Configure OCI registry authentication.
+
+      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
+                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
+      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
+                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
+      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
+                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
+      --registry-creds stringArray                      This is a shortcut to --registry-username,
+                                                        --registry-password and --registry-token. It can be
+                                                        specified in two different forms. The first one is
+                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
+                                                        which specifies the username and password for the same
+                                                        registry. The second form is
+                                                        --registry-creds=<registry>/<repo>=<token>, which
+                                                        specifies a JWT token for the specified registry.
+      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
+                                                        be in the form
+                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
+      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
+                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
+      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
+                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
+      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
+                                                        the form --registry-password=<registry>/<repo>=<password>.
+      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
+                                                        --registry-plain-http=<registry>/<repo>.
+      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
+                                                        be in the form --registry-token=<registry>/<repo>=<token>.
+      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
+                                                        the form --registry-username=<registry>/<repo>=<username>.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/delete.md b/docs/kluctl/commands/delete.md
index 70f2a696b..66c2defe6 100644
--- a/docs/kluctl/commands/delete.md
+++ b/docs/kluctl/commands/delete.md
@@ -28,6 +28,8 @@ The following sets of arguments are available:
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 1. [command results arguments](./common-arguments.md#command-results-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "delete" "Misc arguments" true -->
@@ -35,94 +37,18 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --discriminator string                            Override the discriminator used to find objects for deletion.
-      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
-      --no-wait                                         Don't wait for deletion of objects to finish.'
-  -o, --output-format stringArray                       Specify output format and target file, in the format
-                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
-                                                        be specified multiple times. The actual format for yaml is
-                                                        currently not documented and subject to change.
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --short-output                                    When using the 'text' output format (which is the
-                                                        default), only names of changes objects are shown instead
-                                                        of showing all changes.
-  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
-                                                        you would answer 'yes'.
+      --discriminator string        Override the discriminator used to find objects for deletion.
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+      --no-wait                     Don't wait for deletion of objects to finish.'
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index fd907a037..f148c3b55 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -26,6 +26,8 @@ The following sets of arguments are available:
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 1. [command results arguments](./common-arguments.md#command-results-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "deploy" "Misc arguments" true -->
@@ -33,107 +35,28 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --abort-on-error                                  Abort deploying when an error occurs instead of trying the
-                                                        remaining deployments
-      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
-      --force-apply                                     Force conflict resolution when applying. See documentation
-                                                        for details
-      --force-replace-on-error                          Same as --replace-on-error, but also try to delete and
-                                                        re-create objects. See documentation for more details.
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
-      --no-wait                                         Don't wait for objects readiness'
-  -o, --output-format stringArray                       Specify output format and target file, in the format
-                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
-                                                        be specified multiple times. The actual format for yaml is
-                                                        currently not documented and subject to change.
-      --prune                                           Prune orphaned objects directly after deploying. See the
-                                                        help for the 'prune' sub-command for details.'
-      --readiness-timeout duration                      Maximum time to wait for object readiness. The timeout is
-                                                        meant per-object. Timeouts are in the duration format (1s,
-                                                        1m, 1h, ...). If not specified, a default timeout of 5m is
-                                                        used. (default 5m0s)
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --replace-on-error                                When patching an object fails, try to replace it. See
-                                                        documentation for more details.
-      --short-output                                    When using the 'text' output format (which is the
-                                                        default), only names of changes objects are shown instead
-                                                        of showing all changes.
-  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
-                                                        you would answer 'yes'.
+      --abort-on-error               Abort deploying when an error occurs instead of trying the remaining deployments
+      --dry-run                      Performs all kubernetes API calls in dry-run mode.
+      --force-apply                  Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error       Same as --replace-on-error, but also try to delete and re-create objects. See
+                                     documentation for more details.
+      --no-obfuscate                 Disable obfuscation of sensitive/secret data
+      --no-wait                      Don't wait for objects readiness'
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --prune                        Prune orphaned objects directly after deploying. See the help for the 'prune'
+                                     sub-command for details.'
+      --readiness-timeout duration   Maximum time to wait for object readiness. The timeout is meant per-object.
+                                     Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a
+                                     default timeout of 5m is used. (default 5m0s)
+      --render-output-dir string     Specifies the target directory to render the project into. If omitted, a
+                                     temporary directory is used.
+      --replace-on-error             When patching an object fails, try to replace it. See documentation for more
+                                     details.
+      --short-output                 When using the 'text' output format (which is the default), only names of
+                                     changes objects are shown instead of showing all changes.
+  -y, --yes                          Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 5634cf6b4..828ca684d 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -26,6 +26,8 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "diff" "Misc arguments" true -->
@@ -33,98 +35,22 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --force-apply                                     Force conflict resolution when applying. See documentation
-                                                        for details
-      --force-replace-on-error                          Same as --replace-on-error, but also try to delete and
-                                                        re-create objects. See documentation for more details.
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --ignore-annotations                              Ignores changes in annotations when diffing
-      --ignore-labels                                   Ignores changes in labels when diffing
-      --ignore-tags                                     Ignores changes in tags when diffing
-      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                       Specify output format and target file, in the format
-                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
-                                                        be specified multiple times. The actual format for yaml is
-                                                        currently not documented and subject to change.
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --replace-on-error                                When patching an object fails, try to replace it. See
-                                                        documentation for more details.
-      --short-output                                    When using the 'text' output format (which is the
-                                                        default), only names of changes objects are shown instead
-                                                        of showing all changes.
+      --force-apply                 Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
+                                    documentation for more details.
+      --ignore-annotations          Ignores changes in annotations when diffing
+      --ignore-labels               Ignores changes in labels when diffing
+      --ignore-tags                 Ignores changes in tags when diffing
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --replace-on-error            When patching an object fails, try to replace it. See documentation for more
+                                    details.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/helm-pull.md b/docs/kluctl/commands/helm-pull.md
index c8c5c8ce9..47f6d75f7 100644
--- a/docs/kluctl/commands/helm-pull.md
+++ b/docs/kluctl/commands/helm-pull.md
@@ -25,3 +25,5 @@ See [helm-integration](../deployments/helm.md) for more details.
 ## Arguments
 The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
diff --git a/docs/kluctl/commands/helm-update.md b/docs/kluctl/commands/helm-update.md
index cb71294dc..ca25c8a4b 100644
--- a/docs/kluctl/commands/helm-update.md
+++ b/docs/kluctl/commands/helm-update.md
@@ -21,6 +21,8 @@ Optionally performs the actual upgrade and/or add a commit to version control.
 ## Arguments
 The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments) (except `-a`)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "helm-update" "Misc arguments" true -->
@@ -28,83 +30,9 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --commit                                          Create a git commit for every updated chart
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-  -i, --interactive                                     Ask for every Helm Chart if it should be upgraded.
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --upgrade                                         Write new versions into helm-chart.yaml and perform
-                                                        helm-pull afterwards
+      --commit        Create a git commit for every updated chart
+  -i, --interactive   Ask for every Helm Chart if it should be upgraded.
+      --upgrade       Write new versions into helm-chart.yaml and perform helm-pull afterwards
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/list-images.md b/docs/kluctl/commands/list-images.md
index d952b8be6..2838b4515 100644
--- a/docs/kluctl/commands/list-images.md
+++ b/docs/kluctl/commands/list-images.md
@@ -26,6 +26,8 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "list-images" "Misc arguments" true -->
@@ -33,88 +35,14 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --kubernetes-version string                       Specify the Kubernetes version that will be assumed. This
-                                                        will also override the kubeVersion used when rendering
-                                                        Helm Charts.
-      --offline-kubernetes                              Run command in offline mode, meaning that it will not try
-                                                        to connect the target cluster
-  -o, --output stringArray                              Specify output target file. Can be specified multiple times
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --simple                                          Output a simplified version of the images list
+      --kubernetes-version string   Specify the Kubernetes version that will be assumed. This will also override
+                                    the kubeVersion used when rendering Helm Charts.
+      --offline-kubernetes          Run command in offline mode, meaning that it will not try to connect the
+                                    target cluster
+  -o, --output stringArray          Specify output target file. Can be specified multiple times
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --simple                      Output a simplified version of the images list
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/oci-push.md b/docs/kluctl/commands/oci-push.md
index 0daea8bd7..663d35e28 100644
--- a/docs/kluctl/commands/oci-push.md
+++ b/docs/kluctl/commands/oci-push.md
@@ -20,50 +20,22 @@ artifact to an OCI repository.
 <!-- END SECTION -->
 
 ## Arguments
+The following sets of arguments are available:
+1. [registry arguments](./common-arguments.md#registry-arguments)
+
+In addition, the following arguments are available:
 
-The following arguments are available:
 <!-- BEGIN SECTION "oci push" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --annotation stringArray                          Set custom OCI annotations in the format '<key>=<value>'
-      --ignore-path stringArray                         set paths to ignore in .gitignore format.
-      --output string                                   the format in which the artifact digest should be printed,
-                                                        can be 'json' or 'yaml'
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --timeout duration                                Specify timeout for all operations, including loading of
-                                                        the project, all external api calls and waiting for
-                                                        readiness. (default 10m0s)
-      --url string                                      Specifies the artifact URL. This argument is required.
+      --annotation stringArray    Set custom OCI annotations in the format '<key>=<value>'
+      --ignore-path stringArray   set paths to ignore in .gitignore format.
+      --output string             the format in which the artifact digest should be printed, can be 'json' or 'yaml'
+      --timeout duration          Specify timeout for all operations, including loading of the project, all
+                                  external api calls and waiting for readiness. (default 10m0s)
+      --url string                Specifies the artifact URL. This argument is required.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/poke-images.md b/docs/kluctl/commands/poke-images.md
index 6631f8774..49fef9659 100644
--- a/docs/kluctl/commands/poke-images.md
+++ b/docs/kluctl/commands/poke-images.md
@@ -26,6 +26,8 @@ The following sets of arguments are available:
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 1. [command results arguments](./common-arguments.md#command-results-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "poke-images" "Misc arguments" true -->
@@ -33,92 +35,16 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                       Specify output format and target file, in the format
-                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
-                                                        be specified multiple times. The actual format for yaml is
-                                                        currently not documented and subject to change.
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --short-output                                    When using the 'text' output format (which is the
-                                                        default), only names of changes objects are shown instead
-                                                        of showing all changes.
-  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
-                                                        you would answer 'yes'.
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/prune.md b/docs/kluctl/commands/prune.md
index f203f594b..3fd5d047e 100644
--- a/docs/kluctl/commands/prune.md
+++ b/docs/kluctl/commands/prune.md
@@ -22,6 +22,8 @@ The following sets of arguments are available:
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
 1. [command results arguments](./common-arguments.md#command-results-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "prune" "Misc arguments" true -->
@@ -29,92 +31,16 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --dry-run                                         Performs all kubernetes API calls in dry-run mode.
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --no-obfuscate                                    Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray                       Specify output format and target file, in the format
-                                                        'format=path'. Format can either be 'text' or 'yaml'. Can
-                                                        be specified multiple times. The actual format for yaml is
-                                                        currently not documented and subject to change.
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --short-output                                    When using the 'text' output format (which is the
-                                                        default), only names of changes objects are shown instead
-                                                        of showing all changes.
-  -y, --yes                                             Suppresses 'Are you sure?' questions and proceeds as if
-                                                        you would answer 'yes'.
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+  -y, --yes                         Suppresses 'Are you sure?' questions and proceeds as if you would answer 'yes'.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/render.md b/docs/kluctl/commands/render.md
index b4a0730da..cc6aac4d5 100644
--- a/docs/kluctl/commands/render.md
+++ b/docs/kluctl/commands/render.md
@@ -24,6 +24,8 @@ The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
 1. [inclusion/exclusion arguments](./common-arguments.md#inclusionexclusion-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "render" "Misc arguments" true -->
@@ -31,87 +33,13 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --kubernetes-version string                       Specify the Kubernetes version that will be assumed. This
-                                                        will also override the kubeVersion used when rendering
-                                                        Helm Charts.
-      --offline-kubernetes                              Run command in offline mode, meaning that it will not try
-                                                        to connect the target cluster
-      --print-all                                       Write all rendered manifests to stdout
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
+      --kubernetes-version string   Specify the Kubernetes version that will be assumed. This will also override
+                                    the kubeVersion used when rendering Helm Charts.
+      --offline-kubernetes          Run command in offline mode, meaning that it will not try to connect the
+                                    target cluster
+      --print-all                   Write all rendered manifests to stdout
+      --render-output-dir string    Specifies the target directory to render the project into. If omitted, a
+                                    temporary directory is used.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/validate.md b/docs/kluctl/commands/validate.md
index 8609cd9ad..352f365f8 100644
--- a/docs/kluctl/commands/validate.md
+++ b/docs/kluctl/commands/validate.md
@@ -24,6 +24,8 @@ TODO: This needs to be better documented!
 The following sets of arguments are available:
 1. [project arguments](./common-arguments.md#project-arguments)
 1. [image arguments](./common-arguments.md#image-arguments)
+1. [helm arguments](./common-arguments.md#helm-arguments)
+1. [registry arguments](./common-arguments.md#registry-arguments)
 
 In addition, the following arguments are available:
 <!-- BEGIN SECTION "validate" "Misc arguments" true -->
@@ -31,86 +33,12 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --helm-ca-file stringArray                        Specify ca bundle certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-ca-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form --helm-ca-file=<credentialsId>:<filePath>,
-                                                        where <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-cert-file stringArray                      Specify key to use for Helm Repository authentication.
-                                                        Must be in the form
-                                                        --helm-cert-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-cert-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-creds stringArray                          This is a shortcut to --helm-username and --helm-password.
-                                                        Must be in the form
-                                                        --helm-creds=<host>/<path>=<username>:<password>, which
-                                                        specifies the username and password for the same repository.
-      --helm-insecure-skip-tls-verify stringArray       Controls skipping of TLS verification. Must be in the form
-                                                        --helm-insecure-skip-tls-verify=<host>/<path> or in the
-                                                        deprecated form
-                                                        --helm-insecure-skip-tls-verify=<credentialsId>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-key-file stringArray                       Specify client certificate to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-key-file=<host>/<path>=<filePath> or in the
-                                                        deprecated form
-                                                        --helm-key-file=<credentialsId>:<filePath>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-password stringArray                       Specify password to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-password=<host>/<path>=<password> or in the
-                                                        deprecated form
-                                                        --helm-password=<credentialsId>:<password>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-      --helm-username stringArray                       Specify username to use for Helm Repository
-                                                        authentication. Must be in the form
-                                                        --helm-username=<host>/<path>=<username> or in the
-                                                        deprecated form
-                                                        --helm-username=<credentialsId>:<username>, where
-                                                        <credentialsId> must match the id specified in the
-                                                        helm-chart.yaml.
-  -o, --output stringArray                              Specify output target file. Can be specified multiple times
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
-      --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
-                                                        in the form --registry-ca-file=<registry>/<repo>=<filePath>.
-      --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
-                                                        in the form --registry-cert-file=<registry>/<repo>=<filePath>.
-      --registry-creds stringArray                      This is a shortcut to --registry-username,
-                                                        --registry-password and --registry-token. It can be
-                                                        specified in two different forms. The first one is
-                                                        --registry-creds=<registry>/<repo>=<username>:<password>,
-                                                        which specifies the username and password for the same
-                                                        registry. The second form is
-                                                        --registry-creds=<registry>/<repo>=<token>, which
-                                                        specifies a JWT token for the specified registry.
-      --registry-identity-token stringArray             Specify identity token to use for OCI authentication. Must
-                                                        be in the form
-                                                        --registry-identity-token=<registry>/<repo>=<identity-token>.
-      --registry-insecure-skip-tls-verify stringArray   Controls skipping of TLS verification. Must be in the form
-                                                        --registry-insecure-skip-tls-verify=<registry>/<repo>.
-      --registry-key-file stringArray                   Specify key to use for OCI authentication. Must be in the
-                                                        form --registry-key-file=<registry>/<repo>=<filePath>.
-      --registry-password stringArray                   Specify password to use for OCI authentication. Must be in
-                                                        the form --registry-password=<registry>/<repo>=<password>.
-      --registry-plain-http stringArray                 Forces the use of http (no TLS). Must be in the form
-                                                        --registry-plain-http=<registry>/<repo>.
-      --registry-token stringArray                      Specify registry token to use for OCI authentication. Must
-                                                        be in the form --registry-token=<registry>/<repo>=<token>.
-      --registry-username stringArray                   Specify username to use for OCI authentication. Must be in
-                                                        the form --registry-username=<registry>/<repo>=<username>.
-      --render-output-dir string                        Specifies the target directory to render the project into.
-                                                        If omitted, a temporary directory is used.
-      --sleep duration                                  Sleep duration between validation attempts (default 5s)
-      --wait duration                                   Wait for the given amount of time until the deployment
-                                                        validates
-      --warnings-as-errors                              Consider warnings as failures
+  -o, --output stringArray         Specify output target file. Can be specified multiple times
+      --render-output-dir string   Specifies the target directory to render the project into. If omitted, a
+                                   temporary directory is used.
+      --sleep duration             Sleep duration between validation attempts (default 5s)
+      --wait duration              Wait for the given amount of time until the deployment validates
+      --warnings-as-errors         Consider warnings as failures
 
 ```
 <!-- END SECTION -->

From 79eab9d0dc2adf21b49438e6f892dc4315b400d3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 11:37:31 +0200
Subject: [PATCH 1726/2268] fix: Use INSECURE_SKIP_TLS_VERIFY instead of
 INSECURE

---
 pkg/helm/auth/env_auth_provider.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index 50ad6e03c..f5dd386c5 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -13,17 +13,17 @@ type HelmEnvAuthProvider struct {
 	Prefix string
 }
 
-func (a *HelmEnvAuthProvider) isDefaultInsecure(ctx context.Context) bool {
-	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE", a.Prefix), false)
+func (a *HelmEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
+	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
 	if err != nil {
-		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE: %s", a.Prefix, err)
+		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE_SKIP_TLS_VERIFY: %s", a.Prefix, err)
 		return false
 	}
 	return defaultInsecure
 }
 
 func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
-	defaultInsecure := a.isDefaultInsecure(ctx)
+	defaultInsecure := a.isDefaultInsecureSkipTlsVerify(ctx)
 
 	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
@@ -39,7 +39,7 @@ func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL
 			Path:                  m["PATH"],
 			Username:              m["USERNAME"],
 			Password:              m["PASSWORD"],
-			InsecureSkipTLSverify: utils.ParseBoolOrDefault(m["INSECURE"], defaultInsecure),
+			InsecureSkipTLSverify: utils.ParseBoolOrDefault(m["INSECURE_SKIP_TLS_VERIFY"], defaultInsecure),
 			PassCredentialsAll:    utils.ParseBoolOrFalse(m["PASS_CREDENTIALS_ALL"]),
 		}
 

From 523daf21b407c6e9d86918f6c005305cb07b9a0a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 14:15:02 +0200
Subject: [PATCH 1727/2268] feat: Remove support for --registry-auth as
 --registry-creds is basically the same

But without the need to base64 encode the string.
---
 cmd/kluctl/args/registry_credentials.go               | 8 --------
 pkg/controllers/kluctldeployment_controller_source.go | 3 ---
 pkg/oci/auth_provider/env_auth_provider.go            | 1 -
 3 files changed, 12 deletions(-)

diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index ae56c5b4b..cf950e09c 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -12,7 +12,6 @@ import (
 type RegistryCredentials struct {
 	RegistryUsername      []string `group:"registry" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
 	RegistryPassword      []string `group:"registry" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
-	RegistryAuth          []string `group:"registry" help:"Specify auth string to use for OCI authentication. Must be in the form --registry-auth=<registry>/<repo>=<auth>."`
 	RegistryIdentityToken []string `group:"registry" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
 	RegistryToken         []string `group:"registry" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
 	RegistryCreds         []string `group:"registry" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
@@ -72,13 +71,6 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		}
 		e.AuthConfig.Password = v
 	}
-	for _, s := range c.RegistryAuth {
-		e, v, err := getEntry(s, true)
-		if err != nil {
-			return nil, err
-		}
-		e.AuthConfig.Auth = v
-	}
 	for _, s := range c.RegistryIdentityToken {
 		e, v, err := getEntry(s, true)
 		if err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 878e08629..798a5388d 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -240,9 +240,6 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 		if x, ok := secret.secret.Data["password"]; ok {
 			e.AuthConfig.Password = string(x)
 		}
-		if x, ok := secret.secret.Data["auth"]; ok {
-			e.AuthConfig.Auth = string(x)
-		}
 		if x, ok := secret.secret.Data["identity_token"]; ok {
 			e.AuthConfig.IdentityToken = string(x)
 		}
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index 2567803a7..71e1c6699 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -56,7 +56,6 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 			AuthConfig: authn.AuthConfig{
 				Username:      m["USERNAME"],
 				Password:      m["PASSWORD"],
-				Auth:          m["AUTH"],
 				IdentityToken: m["IDENTITY_TOKEN"],
 				RegistryToken: m["TOKEN"],
 			},

From bb038cae04843b90674f81f2fa66135ba80e97a1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 14:16:50 +0200
Subject: [PATCH 1728/2268] feat: Replace pathPrefix with path with wildcards
 support

---
 api/v1beta1/kluctldeployment_types.go         | 26 +++++++++-
 api/v1beta1/zz_generated.deepcopy.go          | 18 ++++++-
 .../gitops.kluctl.io_kluctldeployments.yaml   | 11 +++--
 docs/kluctl/commands/common-arguments.md      |  2 -
 e2e/gitops_git_include_test.go                | 47 ++++++++++++-------
 install/controller/controller/crd.yaml        | 11 +++--
 .../kluctldeployment_controller_source.go     | 29 +++++++-----
 pkg/git/auth/env_auth_provider.go             | 20 ++++++--
 pkg/git/auth/list_auth_provider.go            | 13 ++---
 9 files changed, 121 insertions(+), 56 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 093d55a78..295729260 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -274,7 +274,7 @@ type ProjectSource struct {
 	// Credentials specifies a list of secrets with credentials
 	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.
 	// +optional
-	Credentials []ProjectCredentialsGit `json:"credentials,omitempty"`
+	Credentials []ProjectCredentialsGitDeprecated `json:"credentials,omitempty"`
 }
 
 type ProjectSourceGit struct {
@@ -329,10 +329,32 @@ type ProjectCredentialsGit struct {
 	// +required
 	Host string `json:"host,omitempty"`
 
+	// Path specifies the path to be used to filter Git repositories. The path can contain wildcards. These credentials
+	// will only be used for matching Git URLs. If omitted, all repositories are considered to match.
+	// +optional
+	Path string `json:"path,omitempty"`
+
+	// SecretRef specifies the Secret containing authentication credentials for
+	// the git repository.
+	// For HTTPS git repositories the Secret must contain 'username' and 'password'
+	// fields.
+	// For SSH git repositories the Secret must contain 'identity'
+	// and 'known_hosts' fields.
+	// +required
+	SecretRef LocalObjectReference `json:"secretRef"`
+}
+
+type ProjectCredentialsGitDeprecated struct {
+	// Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
+	// applies to all hosts.
+	// Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+	// You must always set a proper hostname in that case.
+	// +required
+	Host string `json:"host,omitempty"`
+
 	// PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
 	// this set of credentials.
 	// +optional
-	// TODO deprecate this
 	PathPrefix string `json:"pathPrefix,omitempty"`
 
 	// SecretRef specifies the Secret containing authentication credentials for
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 212ac7bda..83877d676 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -356,6 +356,22 @@ func (in *ProjectCredentialsGit) DeepCopy() *ProjectCredentialsGit {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectCredentialsGitDeprecated) DeepCopyInto(out *ProjectCredentialsGitDeprecated) {
+	*out = *in
+	out.SecretRef = in.SecretRef
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectCredentialsGitDeprecated.
+func (in *ProjectCredentialsGitDeprecated) DeepCopy() *ProjectCredentialsGitDeprecated {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectCredentialsGitDeprecated)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectCredentialsHelm) DeepCopyInto(out *ProjectCredentialsHelm) {
 	*out = *in
@@ -417,7 +433,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.Credentials != nil {
 		in, out := &in.Credentials, &out.Credentials
-		*out = make([]ProjectCredentialsGit, len(*in))
+		*out = make([]ProjectCredentialsGitDeprecated, len(*in))
 		copy(*out, *in)
 	}
 }
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 3b3e8b64f..2379b3b92 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -83,10 +83,11 @@ spec:
                             be ignored. You must always set a proper hostname in that
                             case.
                           type: string
-                        pathPrefix:
-                          description: PathPrefix specifies the path prefix to be
-                            used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials. TODO deprecate this
+                        path:
+                          description: Path specifies the path to be used to filter
+                            Git repositories. The path can contain wildcards. These
+                            credentials will only be used for matching Git URLs. If
+                            omitted, all repositories are considered to match.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -435,7 +436,7 @@ spec:
                         pathPrefix:
                           description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials. TODO deprecate this
+                            will use this set of credentials.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index 632b4af92..b4350d222 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -206,8 +206,6 @@ by the OCI includes integration.
 Registry arguments:
   Configure OCI registry authentication.
 
-      --registry-auth stringArray                       Specify auth string to use for OCI authentication. Must be
-                                                        in the form --registry-auth=<registry>/<repo>=<auth>.
       --registry-ca-file stringArray                    Specify CA bundle to use for https verification. Must be
                                                         in the form --registry-ca-file=<registry>/<repo>=<filePath>.
       --registry-cert-file stringArray                  Specify certificate to use for OCI authentication. Must be
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index dd97b6f6c..c9ed9b910 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -135,26 +135,39 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	var credentials []v1beta1.ProjectCredentialsGit
-
-	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-		Host:       gs1.GitHost(),
-		PathPrefix: ip1.GitRepoName(),
-		SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
-	})
-	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-		Host:      mainGs.GitHost(),
-		SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-	})
-	// make sure this one is ignored for http based urls
-	credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-		Host:      "*",
-		SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-	})
-
 	if legacyGitSource {
+		var credentials []v1beta1.ProjectCredentialsGitDeprecated
+		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+			Host:       gs1.GitHost(),
+			PathPrefix: ip1.GitRepoName(),
+			SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
+		})
+		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+			Host:      mainGs.GitHost(),
+			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+		})
+		// make sure this one is ignored for http based urls
+		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+			Host:      "*",
+			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+		})
 		kd.Spec.Source.Credentials = credentials
 	} else {
+		var credentials []v1beta1.ProjectCredentialsGit
+		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+			Host:      gs1.GitHost(),
+			Path:      ip1.GitRepoName(),
+			SecretRef: v1beta1.LocalObjectReference{Name: secret2},
+		})
+		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+			Host:      mainGs.GitHost(),
+			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+		})
+		// make sure this one is ignored for http based urls
+		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+			Host:      "*",
+			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+		})
 		kd.Spec.Credentials.Git = credentials
 	}
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index fdfed639a..db0f3e4d3 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -83,10 +83,11 @@ spec:
                             be ignored. You must always set a proper hostname in that
                             case.
                           type: string
-                        pathPrefix:
-                          description: PathPrefix specifies the path prefix to be
-                            used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials. TODO deprecate this
+                        path:
+                          description: Path specifies the path to be used to filter
+                            Git repositories. The path can contain wildcards. These
+                            credentials will only be used for matching Git URLs. If
+                            omitted, all repositories are considered to match.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
@@ -435,7 +436,7 @@ spec:
                         pathPrefix:
                           description: PathPrefix specifies the path prefix to be
                             used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials. TODO deprecate this
+                            will use this set of credentials.
                           type: string
                         secretRef:
                           description: SecretRef specifies the Secret containing authentication
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 798a5388d..ec3ff1a6d 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -26,9 +26,9 @@ import (
 type gitRepoSecrets struct {
 	deprecatedSecret bool
 
-	host       string
-	pathPrefix string
-	secret     corev1.Secret
+	host   string
+	path   string
+	secret corev1.Secret
 }
 
 type ociRepoSecrets struct {
@@ -47,10 +47,13 @@ type helmRepoSecrets struct {
 func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source kluctlv1.ProjectSource, credentials kluctlv1.ProjectCredentials, objNs string) ([]gitRepoSecrets, error) {
 	var ret []gitRepoSecrets
 
-	loadCredentials := func(deprecatedSecret bool, host string, pathPrefix string, secretName string) error {
+	loadCredentials := func(deprecatedSecret bool, host string, path string, secretName string) error {
 		if host == "" {
 			host = "*"
 		}
+		if path == "" {
+			path = "*"
+		}
 		var secret corev1.Secret
 		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
@@ -59,14 +62,14 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source k
 		ret = append(ret, gitRepoSecrets{
 			deprecatedSecret: deprecatedSecret,
 			host:             host,
-			pathPrefix:       pathPrefix,
+			path:             path,
 			secret:           secret,
 		})
 		return nil
 	}
 
 	for _, c := range credentials.Git {
-		err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+		err := loadCredentials(false, c.Host, c.Path, c.SecretRef.Name)
 		if err != nil {
 			return nil, err
 		}
@@ -81,7 +84,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source k
 	if len(source.Credentials) != 0 {
 		status.Deprecation(ctx, "spec.source.credentials", "'spec.source.credentials' is deprecated and will be removed in the next API version bump. Use 'spec.credentials.git' instead")
 		for _, c := range source.Credentials {
-			err := loadCredentials(false, c.Host, c.PathPrefix, c.SecretRef.Name)
+			err := loadCredentials(false, c.Host, c.PathPrefix+"*", c.SecretRef.Name)
 			if err != nil {
 				return nil, err
 			}
@@ -192,9 +195,9 @@ func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret
 		e := auth.AuthEntry{
 			AllowWildcardHostForHttp: secret.deprecatedSecret,
 
-			Host:       secret.host,
-			PathPrefix: secret.pathPrefix,
-			Username:   "*",
+			Host:     secret.host,
+			Path:     secret.path,
+			Username: "*",
 		}
 
 		if x, ok := secret.secret.Data["username"]; ok {
@@ -330,9 +333,9 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCacheKey(secrets []gitRepoSecre
 		m := json.NewEncoder(h)
 		for _, secret := range secrets {
 			err := m.Encode(map[string]any{
-				"host":       secret.host,
-				"pathPrefix": secret.pathPrefix,
-				"data":       secret.secret.Data,
+				"host": secret.host,
+				"path": secret.path,
+				"data": secret.secret.Data,
 			})
 			if err != nil {
 				return "", err
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index d98a623b9..5acaca721 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
@@ -21,18 +22,27 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl)
 	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
 		e := AuthEntry{
-			Host:       m["HOST"],
-			PathPrefix: m["PATH_PREFIX"],
-			Username:   m["USERNAME"],
-			Password:   m["PASSWORD"],
+			Host:     m["HOST"],
+			Username: m["USERNAME"],
+			Password: m["PASSWORD"],
 		}
 		if e.Host == "" {
 			continue
 		}
 
+		path, ok := m["PATH"]
+		if !ok {
+			path, ok = m["PATH_PREFIX"]
+			if ok {
+				status.Deprecation(ctx, "git-prefix-path", "The environment variable KLUCTL_GIT_PREFIX_PATH is deprecated and support for it will be removed in a future Kluctl version. Please switch to KLUCTL_GIT_PATH with wildcards instead.")
+				path += "*"
+			}
+		}
+		e.Path = path
+
 		ssh_key_path, _ := m["SSH_KEY"]
 
-		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, pathPrefix=%s, username=%s, ssh_key=%s", e.Host, e.PathPrefix, e.Username, ssh_key_path))
+		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, path=%s, username=%s, ssh_key=%s", e.Host, e.Path, e.Username, ssh_key_path))
 
 		if ssh_key_path != "" {
 			ssh_key_path = expandHomeDir(ssh_key_path)
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index 8dc220f68..fcfaa379a 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"path/filepath"
 	"strings"
 )
 
@@ -18,10 +19,10 @@ type ListAuthProvider struct {
 type AuthEntry struct {
 	AllowWildcardHostForHttp bool
 
-	Host       string
-	PathPrefix string
-	Username   string
-	Password   string
+	Host     string
+	Path     string
+	Username string
+	Password string
 
 	SshKey     []byte
 	KnownHosts []byte
@@ -40,7 +41,7 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 	a.MessageCallbacks.Trace("ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
 
 	for _, e := range a.entries {
-		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, pathPrefix=%s, username=%s", e.Host, e.PathPrefix, e.Username)
+		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, path=%s, username=%s", e.Host, e.Path, e.Username)
 
 		if !e.AllowWildcardHostForHttp && e.Host == "*" && !gitUrl.IsSsh() {
 			a.MessageCallbacks.Trace("ListAuthProvider: wildcard hosts are not allowed for http urls")
@@ -51,7 +52,7 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 			continue
 		}
 		urlPath := strings.TrimPrefix(gitUrl.Path, "/")
-		if !strings.HasPrefix(urlPath, e.PathPrefix) {
+		if m, _ := filepath.Match(e.Path, urlPath); !m {
 			continue
 		}
 		if e.Username == "" {

From eea3d02798947c0f02c0820509afbbf1fa729eb1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 15:09:56 +0200
Subject: [PATCH 1729/2268] feat: Properly support double-star patterns when
 filtering credentials

---
 cmd/kluctl/args/helm_credentials.go           |  8 +-
 cmd/kluctl/args/registry_credentials.go       |  8 +-
 .../kluctldeployment_controller_source.go     | 38 +++++++---
 pkg/git/auth/auth_provider.go                 | 19 +++--
 pkg/git/auth/env_auth_provider.go             | 49 ++++++++++--
 pkg/git/auth/git_credentials_file.go          | 14 ++--
 pkg/git/auth/list_auth_provider.go            | 24 +++---
 pkg/git/auth/ssh_auth_provider.go             |  8 +-
 pkg/git/mirrored_repo.go                      |  5 +-
 pkg/helm/auth/env_auth_provider.go            | 76 +++++++++++++++----
 pkg/helm/auth/list_auth_provider.go           | 14 ++--
 pkg/oci/auth_provider/auth_provider.go        |  4 +-
 .../docker_config_auth_provider.go            |  5 +-
 pkg/oci/auth_provider/env_auth_provider.go    | 56 +++++++++++---
 pkg/oci/auth_provider/list_auth_provider.go   |  7 +-
 15 files changed, 250 insertions(+), 85 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index d8cec4669..510d30ce3 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -3,6 +3,7 @@ package args
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -66,7 +67,12 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 			e = &helm_auth.AuthEntry{}
 			if len(x) == 2 {
 				e.Host = x[0]
-				e.Path = x[1]
+				g, err := glob.Compile(x[1], '/')
+				if err != nil {
+					return nil, "", err
+				}
+				e.PathStr = x[1]
+				e.PathGlob = g
 			} else {
 				e.Host = x[0]
 			}
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index cf950e09c..5876c4736 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -3,6 +3,7 @@ package args
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
@@ -44,7 +45,12 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 			e = &auth_provider.AuthEntry{}
 			if len(x) == 2 {
 				e.Registry = x[0]
-				e.Repo = x[1]
+				g, err := glob.Compile(x[1], '/')
+				if err != nil {
+					return nil, "", err
+				}
+				e.RepoStr = x[1]
+				e.RepoGlob = g
 			} else {
 				e.Registry = x[0]
 			}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index ec3ff1a6d..c1aeb0235 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"github.com/gobwas/glob"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
@@ -51,9 +52,6 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source k
 		if host == "" {
 			host = "*"
 		}
-		if path == "" {
-			path = "*"
-		}
 		var secret corev1.Secret
 		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
@@ -84,7 +82,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source k
 	if len(source.Credentials) != 0 {
 		status.Deprecation(ctx, "spec.source.credentials", "'spec.source.credentials' is deprecated and will be removed in the next API version bump. Use 'spec.credentials.git' instead")
 		for _, c := range source.Credentials {
-			err := loadCredentials(false, c.Host, c.PathPrefix+"*", c.SecretRef.Name)
+			err := loadCredentials(false, c.Host, c.PathPrefix+"**", c.SecretRef.Name)
 			if err != nil {
 				return nil, err
 			}
@@ -98,9 +96,6 @@ func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, credenti
 	var ret []ociRepoSecrets
 
 	loadCredentials := func(deprecatedSecret bool, registry string, repo string, secretName string) error {
-		if repo == "" {
-			repo = "*"
-		}
 		var secret corev1.Secret
 		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
@@ -196,9 +191,16 @@ func (r *KluctlDeploymentReconciler) buildGitAuth(ctx context.Context, gitSecret
 			AllowWildcardHostForHttp: secret.deprecatedSecret,
 
 			Host:     secret.host,
-			Path:     secret.path,
 			Username: "*",
 		}
+		if secret.path != "" {
+			g, err := glob.Compile(secret.path, '/')
+			if err != nil {
+				return nil, err
+			}
+			e.PathStr = secret.path
+			e.PathGlob = g
+		}
 
 		if x, ok := secret.secret.Data["username"]; ok {
 			e.Username = string(x)
@@ -234,7 +236,15 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 	for _, secret := range ociSecrets {
 		e := auth_provider.AuthEntry{
 			Registry: secret.registry,
-			Repo:     secret.repo,
+		}
+
+		if secret.repo != "" {
+			g, err := glob.Compile(secret.repo, '/')
+			if err != nil {
+				return nil, err
+			}
+			e.RepoStr = secret.repo
+			e.RepoGlob = g
 		}
 
 		if x, ok := secret.secret.Data["username"]; ok {
@@ -286,7 +296,15 @@ func (r *KluctlDeploymentReconciler) buildHelmAuth(ctx context.Context, helmSecr
 		e := helm_auth.AuthEntry{
 			CredentialsId: secret.credentialsId,
 			Host:          secret.host,
-			Path:          secret.path,
+		}
+
+		if secret.path != "" {
+			g, err := glob.Compile(secret.path, '/')
+			if err != nil {
+				return nil, err
+			}
+			e.PathStr = secret.path
+			e.PathGlob = g
 		}
 
 		if x, ok := secret.secret.Data["username"]; ok {
diff --git a/pkg/git/auth/auth_provider.go b/pkg/git/auth/auth_provider.go
index 8e9c3430b..0cd0611d0 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/pkg/git/auth/auth_provider.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"golang.org/x/crypto/ssh"
@@ -26,7 +27,7 @@ func (a *AuthMethodAndCA) SshClientConfig() (*ssh.ClientConfig, error) {
 }
 
 type GitAuthProvider interface {
-	BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA
+	BuildAuth(ctx context.Context, gitUrl types.GitUrl) (AuthMethodAndCA, error)
 }
 
 type GitAuthProviders struct {
@@ -41,14 +42,20 @@ func (a *GitAuthProviders) RegisterAuthProvider(p GitAuthProvider, last bool) {
 	}
 }
 
-func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
+func (a *GitAuthProviders) BuildAuth(ctx context.Context, gitUrl types.GitUrl) (AuthMethodAndCA, error) {
+	var errs *multierror.Error
 	for _, p := range a.authProviders {
-		auth := p.BuildAuth(ctx, gitUrl)
-		if auth.AuthMethod != nil {
-			return auth
+		auth, err := p.BuildAuth(ctx, gitUrl)
+		if err != nil {
+			errs = multierror.Append(errs, err)
+			continue
 		}
+		if auth.AuthMethod == nil {
+			continue
+		}
+		return auth, nil
 	}
-	return AuthMethodAndCA{}
+	return AuthMethodAndCA{}, errs.ErrorOrNil()
 }
 
 func NewDefaultAuthProviders(envPrefix string, messageCallbacks *messages.MessageCallbacks) *GitAuthProviders {
diff --git a/pkg/git/auth/env_auth_provider.go b/pkg/git/auth/env_auth_provider.go
index 5acaca721..5d11f6a13 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/pkg/git/auth/env_auth_provider.go
@@ -3,21 +3,40 @@ package auth
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
+	"sync"
 )
 
 type GitEnvAuthProvider struct {
 	MessageCallbacks messages.MessageCallbacks
 
 	Prefix string
+
+	mutext  sync.Mutex
+	list    *ListAuthProvider
+	listErr error
+}
+
+func (a *GitEnvAuthProvider) buildList(ctx context.Context) error {
+	a.mutext.Lock()
+	defer a.mutext.Unlock()
+	if a.listErr != nil {
+		return a.listErr
+	}
+	if a.list != nil {
+		return nil
+	}
+	a.listErr = a.doBuildList(ctx)
+	return a.listErr
 }
 
-func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
-	var la ListAuthProvider
+func (a *GitEnvAuthProvider) doBuildList(ctx context.Context) error {
+	a.list = &ListAuthProvider{}
 
 	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
@@ -35,14 +54,21 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl)
 			path, ok = m["PATH_PREFIX"]
 			if ok {
 				status.Deprecation(ctx, "git-prefix-path", "The environment variable KLUCTL_GIT_PREFIX_PATH is deprecated and support for it will be removed in a future Kluctl version. Please switch to KLUCTL_GIT_PATH with wildcards instead.")
-				path += "*"
+				path += "**"
+			}
+		}
+		if path != "" {
+			e.PathStr = path
+			g, err := glob.Compile(e.PathStr, '/')
+			if err != nil {
+				return err
 			}
+			e.PathGlob = g
 		}
-		e.Path = path
 
 		ssh_key_path, _ := m["SSH_KEY"]
 
-		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, path=%s, username=%s, ssh_key=%s", e.Host, e.Path, e.Username, ssh_key_path))
+		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, path=%s, username=%s, ssh_key=%s", e.Host, e.PathStr, e.Username, ssh_key_path))
 
 		if ssh_key_path != "" {
 			ssh_key_path = expandHomeDir(ssh_key_path)
@@ -63,7 +89,16 @@ func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl)
 				e.CABundle = b
 			}
 		}
-		la.AddEntry(e)
+		a.list.AddEntry(e)
+	}
+
+	return nil
+}
+
+func (a *GitEnvAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) (AuthMethodAndCA, error) {
+	err := a.buildList(ctx)
+	if err != nil {
+		return AuthMethodAndCA{}, err
 	}
-	return la.BuildAuth(ctx, gitUrl)
+	return a.list.BuildAuth(ctx, gitUrl)
 }
diff --git a/pkg/git/auth/git_credentials_file.go b/pkg/git/auth/git_credentials_file.go
index ca89766a8..ac3c2283d 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/pkg/git/auth/git_credentials_file.go
@@ -15,34 +15,34 @@ type GitCredentialsFileAuthProvider struct {
 	MessageCallbacks messages.MessageCallbacks
 }
 
-func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
+func (a *GitCredentialsFileAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) (AuthMethodAndCA, error) {
 	if gitUrl.Scheme != "http" && gitUrl.Scheme != "https" {
-		return AuthMethodAndCA{}
+		return AuthMethodAndCA{}, nil
 	}
 	a.MessageCallbacks.Trace("GitCredentialsFileAuthProvider: BuildAuth for %s", gitUrl.String())
 
 	home, err := os.UserHomeDir()
 	if err != nil {
 		a.MessageCallbacks.Warning("Could not determine home directory: %v", err)
-		return AuthMethodAndCA{}
+		return AuthMethodAndCA{}, err
 	}
 	auth := a.tryBuildAuth(gitUrl, filepath.Join(home, ".git-credentials"))
 	if auth != nil {
-		return *auth
+		return *auth, nil
 	}
 
 	if xdgHome, ok := os.LookupEnv("XDG_CONFIG_HOME"); ok && xdgHome != "" {
 		auth = a.tryBuildAuth(gitUrl, filepath.Join(xdgHome, ".git-credentials"))
 		if auth != nil {
-			return *auth
+			return *auth, nil
 		}
 	} else {
 		auth = a.tryBuildAuth(gitUrl, filepath.Join(home, ".config/.git-credentials"))
 		if auth != nil {
-			return *auth
+			return *auth, nil
 		}
 	}
-	return AuthMethodAndCA{}
+	return AuthMethodAndCA{}, nil
 }
 
 func (a *GitCredentialsFileAuthProvider) tryBuildAuth(gitUrl types.GitUrl, gitCredentialsPath string) *AuthMethodAndCA {
diff --git a/pkg/git/auth/list_auth_provider.go b/pkg/git/auth/list_auth_provider.go
index fcfaa379a..10d55b00a 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/pkg/git/auth/list_auth_provider.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
+	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"path/filepath"
 	"strings"
 )
 
@@ -20,7 +20,9 @@ type AuthEntry struct {
 	AllowWildcardHostForHttp bool
 
 	Host     string
-	Path     string
+	PathGlob glob.Glob
+	PathStr  string
+
 	Username string
 	Password string
 
@@ -34,14 +36,14 @@ func (a *ListAuthProvider) AddEntry(e AuthEntry) {
 	a.entries = append(a.entries, e)
 }
 
-func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl) AuthMethodAndCA {
+func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl) (AuthMethodAndCA, error) {
 	gitUrl := gitUrlIn.Normalize()
 
 	a.MessageCallbacks.Trace("ListAuthProvider: BuildAuth for %s", gitUrl.String())
 	a.MessageCallbacks.Trace("ListAuthProvider: path=%s, username=%s, scheme=%s", gitUrl.Path, gitUrl.User.Username(), gitUrl.Scheme)
 
 	for _, e := range a.entries {
-		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, path=%s, username=%s", e.Host, e.Path, e.Username)
+		a.MessageCallbacks.Trace("ListAuthProvider: try host=%s, path=%s, username=%s", e.Host, e.PathStr, e.Username)
 
 		if !e.AllowWildcardHostForHttp && e.Host == "*" && !gitUrl.IsSsh() {
 			a.MessageCallbacks.Trace("ListAuthProvider: wildcard hosts are not allowed for http urls")
@@ -51,9 +53,11 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 		if e.Host != "*" && e.Host != gitUrl.Host {
 			continue
 		}
-		urlPath := strings.TrimPrefix(gitUrl.Path, "/")
-		if m, _ := filepath.Match(e.Path, urlPath); !m {
-			continue
+		if e.PathGlob != nil {
+			urlPath := strings.TrimPrefix(gitUrl.Path, "/")
+			if !e.PathGlob.Match(urlPath) {
+				continue
+			}
 		}
 		if e.Username == "" {
 			continue
@@ -93,7 +97,7 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 					Hash: func() ([]byte, error) {
 						return buildHash(pk.Signer)
 					},
-				}
+				}, nil
 			}
 		} else {
 			if e.Password == "" {
@@ -107,8 +111,8 @@ func (a *ListAuthProvider) BuildAuth(ctx context.Context, gitUrlIn types.GitUrl)
 					Password: e.Password,
 				},
 				CABundle: e.CABundle,
-			}
+			}, nil
 		}
 	}
-	return AuthMethodAndCA{}
+	return AuthMethodAndCA{}, nil
 }
diff --git a/pkg/git/auth/ssh_auth_provider.go b/pkg/git/auth/ssh_auth_provider.go
index 7793f5747..de94a58cc 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/pkg/git/auth/ssh_auth_provider.go
@@ -144,12 +144,12 @@ func (a *sshDefaultIdentityAndAgent) addAgentIdentities(gitUrl types.GitUrl) {
 	}
 }
 
-func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) AuthMethodAndCA {
+func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl) (AuthMethodAndCA, error) {
 	if !gitUrl.IsSsh() {
-		return AuthMethodAndCA{}
+		return AuthMethodAndCA{}, nil
 	}
 	if gitUrl.User == nil {
-		return AuthMethodAndCA{}
+		return AuthMethodAndCA{}, nil
 	}
 
 	auth := &sshDefaultIdentityAndAgent{
@@ -173,7 +173,7 @@ func (a *GitSshAuthProvider) BuildAuth(ctx context.Context, gitUrl types.GitUrl)
 			}
 			return buildHashForList(signers)
 		},
-	}
+	}, nil
 }
 
 // we defer asking for passphrase so that we don't unnecessarily ask for passphrases for keys that are already provided
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index 99a934928..be4f34dfc 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -220,7 +220,10 @@ func (g *MirroredGitRepo) update(repoDir string) error {
 		return err
 	}
 
-	auth := g.authProviders.BuildAuth(g.ctx, g.url)
+	auth, err := g.authProviders.BuildAuth(g.ctx, g.url)
+	if err != nil {
+		return err
+	}
 
 	remoteRefs, err := ListRemoteRefs(g.ctx, g.url, g.sshPool, auth)
 	if err != nil {
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index f5dd386c5..4de31983c 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -3,14 +3,21 @@ package auth
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
+	"os"
+	"sync"
 )
 
 type HelmEnvAuthProvider struct {
 	Prefix string
+
+	mutext  sync.Mutex
+	list    *ListAuthProvider
+	listErr error
 }
 
 func (a *HelmEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
@@ -22,7 +29,22 @@ func (a *HelmEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context
 	return defaultInsecure
 }
 
-func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+func (a *HelmEnvAuthProvider) buildList(ctx context.Context) error {
+	a.mutext.Lock()
+	defer a.mutext.Unlock()
+	if a.listErr != nil {
+		return a.listErr
+	}
+	if a.list != nil {
+		return nil
+	}
+	a.listErr = a.doBuildList(ctx)
+	return a.listErr
+}
+
+func (a *HelmEnvAuthProvider) doBuildList(ctx context.Context) error {
+	a.list = &ListAuthProvider{}
+
 	defaultInsecure := a.isDefaultInsecureSkipTlsVerify(ctx)
 
 	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
@@ -36,30 +58,56 @@ func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL
 		e := AuthEntry{
 			CredentialsId:         cid,
 			Host:                  host,
-			Path:                  m["PATH"],
+			PathStr:               m["PATH"],
 			Username:              m["USERNAME"],
 			Password:              m["PASSWORD"],
 			InsecureSkipTLSverify: utils.ParseBoolOrDefault(m["INSECURE_SKIP_TLS_VERIFY"], defaultInsecure),
 			PassCredentialsAll:    utils.ParseBoolOrFalse(m["PASS_CREDENTIALS_ALL"]),
 		}
 
-		if !e.Match(repoUrl, credentialsId) {
-			continue
+		if e.PathStr != "" {
+			g, err := glob.Compile(e.PathStr, '/')
+			if err != nil {
+				return err
+			}
+			e.PathGlob = g
 		}
 
-		ret, cf, err := e.BuildEntry(ctx, repoUrl)
-		if err != nil {
-			return nil, cf, err
+		p, ok := m["CERT_FILE"]
+		if ok {
+			b, err := os.ReadFile(p)
+			if err != nil {
+				return err
+			}
+			e.Cert = b
 		}
-		if ret == nil {
-			continue
+		p, ok = m["KEY_FILE"]
+		if ok {
+			b, err := os.ReadFile(p)
+			if err != nil {
+				return err
+			}
+			e.Key = b
+		}
+		p, ok = m["CA_FILE"]
+		if ok {
+			b, err := os.ReadFile(p)
+			if err != nil {
+				return err
+			}
+			e.CA = b
 		}
 
-		ret.CertFile = m["CERT_FILE"]
-		ret.KeyFile = m["KEY_FILE"]
-		ret.CAFile = m["CA_FILE"]
+		a.list.AddEntry(e)
+	}
 
-		return ret, cf, nil
+	return nil
+}
+
+func (a *HelmEnvAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, credentialsId string) (*repo.Entry, CleanupFunc, error) {
+	err := a.buildList(ctx)
+	if err != nil {
+		return nil, nil, err
 	}
-	return nil, nil, nil
+	return a.list.FindAuthEntry(ctx, repoUrl, credentialsId)
 }
diff --git a/pkg/helm/auth/list_auth_provider.go b/pkg/helm/auth/list_auth_provider.go
index 1f894d8af..d7b860f35 100644
--- a/pkg/helm/auth/list_auth_provider.go
+++ b/pkg/helm/auth/list_auth_provider.go
@@ -2,12 +2,12 @@ package auth
 
 import (
 	"context"
+	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
 	"os"
-	"path/filepath"
 	"strings"
 )
 
@@ -18,8 +18,9 @@ type ListAuthProvider struct {
 type AuthEntry struct {
 	CredentialsId string
 
-	Host string
-	Path string
+	Host     string
+	PathGlob glob.Glob
+	PathStr  string
 
 	Username string
 	Password string
@@ -47,10 +48,9 @@ func (e *AuthEntry) Match(repoUrl url.URL, credentialsId string) bool {
 		return false
 	}
 
-	if e.Path != "" {
+	if e.PathGlob != nil {
 		urlPath := strings.TrimPrefix(repoUrl.Path, "/")
-		m, err := filepath.Match(e.Path, urlPath)
-		if err != nil || !m {
+		if !e.PathGlob.Match(urlPath) {
 			return false
 		}
 	}
@@ -121,7 +121,7 @@ func (a *ListAuthProvider) FindAuthEntry(ctx context.Context, repoUrl url.URL, c
 	status.Tracef(ctx, "ListAuthProvider: BuildAuth for %s and credentialsId %v", repoUrl.String(), credentialsId)
 
 	for _, e := range a.entries {
-		status.Tracef(ctx, "ListAuthProvider: try host=%s, path=%s", e.Host, e.Path)
+		status.Tracef(ctx, "ListAuthProvider: try host=%s, path=%s", e.Host, e.PathStr)
 
 		if !e.Match(repoUrl, credentialsId) {
 			status.Tracef(ctx, "ListAuthProvider: no match")
diff --git a/pkg/oci/auth_provider/auth_provider.go b/pkg/oci/auth_provider/auth_provider.go
index 44e6756b7..ad7eba156 100644
--- a/pkg/oci/auth_provider/auth_provider.go
+++ b/pkg/oci/auth_provider/auth_provider.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"github.com/docker/cli/cli/config/configfile"
 	types2 "github.com/docker/cli/cli/config/types"
+	"github.com/gobwas/glob"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -17,7 +18,8 @@ import (
 
 type AuthEntry struct {
 	Registry string
-	Repo     string
+	RepoGlob glob.Glob
+	RepoStr  string
 
 	AuthConfig authn.AuthConfig
 
diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
index 52e53f8c0..f97116141 100644
--- a/pkg/oci/auth_provider/docker_config_auth_provider.go
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -3,6 +3,7 @@ package auth_provider
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob/match"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -36,9 +37,11 @@ func (o OciDockerConfigAuthProvider) FindAuthEntry(ctx context.Context, ociUrl s
 		return nil, err
 	}
 
+	g := match.NewText(ociRef.Context().RepositoryStr())
 	return &AuthEntry{
 		Registry:   ociRef.Context().RegistryStr(),
-		Repo:       ociRef.Context().RepositoryStr(),
+		RepoStr:    ociRef.Context().RepositoryStr(),
+		RepoGlob:   g,
 		AuthConfig: *authConfig,
 	}, nil
 }
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index 71e1c6699..b0350c212 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -3,15 +3,21 @@ package auth_provider
 import (
 	"context"
 	"fmt"
+	"github.com/gobwas/glob"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
+	"sync"
 )
 
 type OciEnvAuthProvider struct {
 	Prefix string
+
+	mutext  sync.Mutex
+	list    *ListAuthProvider
+	listErr error
 }
 
 func (a *OciEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
@@ -23,10 +29,23 @@ func (a *OciEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context)
 	return defaultInsecure
 }
 
-func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
-	defaultInsecureSkipTlsVerify := a.isDefaultInsecureSkipTlsVerify(ctx)
+func (a *OciEnvAuthProvider) buildList(ctx context.Context) error {
+	a.mutext.Lock()
+	defer a.mutext.Unlock()
+	if a.listErr != nil {
+		return a.listErr
+	}
+	if a.list != nil {
+		return nil
+	}
+	a.listErr = a.doBuildList(ctx)
+	return a.listErr
+}
+
+func (a *OciEnvAuthProvider) doBuildList(ctx context.Context) error {
+	a.list = &ListAuthProvider{}
 
-	var la ListAuthProvider
+	defaultInsecureSkipTlsVerify := a.isDefaultInsecureSkipTlsVerify(ctx)
 
 	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
@@ -43,8 +62,6 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 			}
 			host = ociRef.Context().RegistryStr()
 			repo = ociRef.Context().RepositoryStr()
-		} else if repo == "" {
-			repo = "*"
 		}
 		if host == "" {
 			continue
@@ -52,7 +69,6 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 
 		e := AuthEntry{
 			Registry: host,
-			Repo:     repo,
 			AuthConfig: authn.AuthConfig{
 				Username:      m["USERNAME"],
 				Password:      m["PASSWORD"],
@@ -65,6 +81,15 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 			continue
 		}
 
+		if repo != "" {
+			g, err := glob.Compile(repo, '/')
+			if err != nil {
+				return err
+			}
+			e.RepoStr = repo
+			e.RepoGlob = g
+		}
+
 		x, ok := m["PLAIN_HTTP"]
 		if ok {
 			e.PlainHTTP = utils.ParseBoolOrFalse(x)
@@ -79,7 +104,7 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 		if ok {
 			b, err := os.ReadFile(x)
 			if err != nil {
-				return nil, err
+				return err
 			}
 			e.CA = b
 		}
@@ -87,7 +112,7 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 		if ok {
 			b, err := os.ReadFile(x)
 			if err != nil {
-				return nil, err
+				return err
 			}
 			e.Cert = b
 		}
@@ -95,12 +120,21 @@ func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (
 		if ok {
 			b, err := os.ReadFile(x)
 			if err != nil {
-				return nil, err
+				return err
 			}
 			e.Key = b
 		}
 
-		la.AddEntry(e)
+		a.list.AddEntry(e)
+	}
+
+	return nil
+}
+
+func (a *OciEnvAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*AuthEntry, error) {
+	err := a.buildList(ctx)
+	if err != nil {
+		return nil, err
 	}
-	return la.FindAuthEntry(ctx, ociUrl)
+	return a.list.FindAuthEntry(ctx, ociUrl)
 }
diff --git a/pkg/oci/auth_provider/list_auth_provider.go b/pkg/oci/auth_provider/list_auth_provider.go
index 0ba8ffbcf..54a2bc746 100644
--- a/pkg/oci/auth_provider/list_auth_provider.go
+++ b/pkg/oci/auth_provider/list_auth_provider.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"path"
 	"strings"
 )
 
@@ -32,14 +31,14 @@ func (a *ListAuthProvider) FindAuthEntry(ctx context.Context, ociUrl string) (*A
 	repo := ociRef.Context().RepositoryStr()
 
 	for _, e := range a.entries {
-		status.Tracef(ctx, "ListAuthProvider: try registry=%s, repo=%s", e.Registry, e.Repo)
+		status.Tracef(ctx, "ListAuthProvider: try registry=%s, repo=%s", e.Registry, e.RepoStr)
 
 		if e.Registry != ociRef.Context().RegistryStr() {
 			continue
 		}
 
-		if e.Repo != "" {
-			if m, _ := path.Match(e.Repo, repo); !m {
+		if e.RepoGlob != nil {
+			if !e.RepoGlob.Match(repo) {
 				continue
 			}
 		}

From dcd8d34c3d5ceef16bc0a297e3ad503174bfd04e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 23:29:17 +0200
Subject: [PATCH 1730/2268] docs: Update docs with all changes from this PR

---
 api/v1beta1/kluctldeployment_types.go         |   2 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   |   2 +-
 docs/gitops/README.md                         |  10 +-
 docs/gitops/api/kluctl-controller.md          |  76 ++++-
 docs/gitops/spec/v1beta1/README.md            |   3 +-
 docs/gitops/spec/v1beta1/kluctldeployment.md  | 290 ++++++++++++++----
 docs/kluctl/commands/environment-variables.md |   7 +-
 docs/kluctl/deployments/README.md             |  11 +-
 docs/kluctl/deployments/deployment-yml.md     |  49 +++
 docs/kluctl/deployments/helm.md               |  73 +++--
 docs/kluctl/deployments/oci.md                |  61 ++++
 install/controller/controller/crd.yaml        |   2 +-
 12 files changed, 481 insertions(+), 105 deletions(-)
 create mode 100644 docs/kluctl/deployments/oci.md

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 295729260..c5f467889 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -427,7 +427,7 @@ type Decryption struct {
 type HelmCredentials struct {
 	// SecretRef holds the name of a secret that contains the Helm credentials.
 	// The secret must either contain the fields `credentialsId` which refers to the credentialsId
-	// found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories or an `url` used
+	// found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories or an `url` used
 	// to match the credentials found in Kluctl projects helm-chart.yaml files.
 	// The secret can either container basic authentication credentials via `username` and `password` or
 	// TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 2379b3b92..444851d99 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -264,7 +264,7 @@ spec:
                       description: 'SecretRef holds the name of a secret that contains
                         the Helm credentials. The secret must either contain the fields
                         `credentialsId` which refers to the credentialsId found in
-                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
+                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories
                         or an `url` used to match the credentials found in Kluctl
                         projects helm-chart.yaml files. The secret can either container
                         basic authentication credentials via `username` and `password`
diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index c533387d8..db29ad935 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -76,8 +76,9 @@ metadata:
 spec:
   interval: 10m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   timeout: 2m
   target: test
   context: default
@@ -98,8 +99,9 @@ metadata:
 spec:
   interval: 10m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   timeout: 2m
   target: prod
   context: default
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 7a3b541cd..3880f8714 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -97,7 +97,7 @@ LocalObjectReference
 <td>
 <p>SecretRef holds the name of a secret that contains the Helm credentials.
 The secret must either contain the fields <code>credentialsId</code> which refers to the credentialsId
-found in <a href="https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories">https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories</a> or an <code>url</code> used
+found in <a href="https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories">https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories</a> or an <code>url</code> used
 to match the credentials found in Kluctl projects helm-chart.yaml files.
 The secret can either container basic authentication credentials via <code>username</code> and <code>password</code> or
 TLS authentication via <code>certFile</code> and <code>keyFile</code>. <code>caFile</code> can be specified to override the CA to use while
@@ -1381,6 +1381,7 @@ the KluctlDeployment.</p>
 <a href="#gitops.kluctl.io/v1beta1.Decryption">Decryption</a>, 
 <a href="#gitops.kluctl.io/v1beta1.HelmCredentials">HelmCredentials</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">ProjectCredentialsGit</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGitDeprecated">ProjectCredentialsGitDeprecated</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsHelm">ProjectCredentialsHelm</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsOci">ProjectCredentialsOci</a>, 
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
@@ -1476,7 +1477,71 @@ string
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials</a>, 
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>host</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Host specifies the hostname that this secret applies to. If set to &lsquo;<em>&rsquo;, this set of credentials
+applies to all hosts.
+Using &lsquo;</em>&rsquo; for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+You must always set a proper hostname in that case.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>path</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Path specifies the path to be used to filter Git repositories. The path can contain wildcards. These credentials
+will only be used for matching Git URLs. If omitted, all repositories are considered to match.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.LocalObjectReference">
+LocalObjectReference
+</a>
+</em>
+</td>
+<td>
+<p>SecretRef specifies the Secret containing authentication credentials for
+the git repository.
+For HTTPS git repositories the Secret must contain &lsquo;username&rsquo; and &lsquo;password&rsquo;
+fields.
+For SSH git repositories the Secret must contain &lsquo;identity&rsquo;
+and &lsquo;known_hosts&rsquo; fields.</p>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ProjectCredentialsGitDeprecated">ProjectCredentialsGitDeprecated
+</h3>
+<p>
+(<em>Appears on:</em>
 <a href="#gitops.kluctl.io/v1beta1.ProjectSource">ProjectSource</a>)
 </p>
 <div class="md-typeset__scrollwrap">
@@ -1513,8 +1578,7 @@ string
 <td>
 <em>(Optional)</em>
 <p>PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
-this set of credentials.
-TODO deprecate this</p>
+this set of credentials.</p>
 </td>
 </tr>
 <tr>
@@ -1767,8 +1831,8 @@ Use spec.credentials.git with a proper Host field instead.</p>
 <td>
 <code>credentials</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGit">
-[]ProjectCredentialsGit
+<a href="#gitops.kluctl.io/v1beta1.ProjectCredentialsGitDeprecated">
+[]ProjectCredentialsGitDeprecated
 </a>
 </em>
 </td>
diff --git a/docs/gitops/spec/v1beta1/README.md b/docs/gitops/spec/v1beta1/README.md
index 19271ca12..b945ad685 100644
--- a/docs/gitops/spec/v1beta1/README.md
+++ b/docs/gitops/spec/v1beta1/README.md
@@ -19,7 +19,6 @@ of Kluctl Deployments.
     + [Spec fields](kluctldeployment.md#spec-fields)
     + [Reconciliation](kluctldeployment.md#reconciliation)
     + [Kubeconfigs and RBAC](kluctldeployment.md#kubeconfigs-and-rbac)
-    + [Git authentication](kluctldeployment.md#git-authentication)
-    + [Helm Repository authentication](kluctldeployment.md#helm-repository-authentication)
+    + [Credentilas](kluctldeployment.md#credentials)
     + [Secrets Decryption](kluctldeployment.md#secrets-decryption)
     + [Status](kluctldeployment.md#status)
diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 752a97b21..94257d1dc 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -23,8 +23,9 @@ metadata:
 spec:
   interval: 5m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   timeout: 2m
   target: prod
   context: default
@@ -50,6 +51,14 @@ target definition.
 
 The KluctlDeployment `spec.source` specifies the source repository to be used. Example:
 
+Multiple source types are supported, as described in the following subsections.
+
+#### Git source
+
+Specifies a Git repository to load the project source from.
+
+Example:
+
 ```yaml
 apiVersion: gitops.kluctl.io/v1beta1
 kind: KluctlDeployment
@@ -57,26 +66,67 @@ metadata:
   name: example
 spec:
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: path/to/project
-    credentials:
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: path/to/project
+      ref:
+        branch: my-branch
+  credentials:
+    git:
       - host: github.com
-        pathPrefix: kluctl/
+        path: kluctl/*
         secretRef:
           name: git-credentials
-    ref:
-      branch: my-branch
   ...
 ```
 
 The `url` specifies the git clone url. It can either be a https or a git/ssh url. Git/Ssh url will require a secret
 to be provided with credentials.
 
-The `path` specifies the sub-directory where the Kluctl project is located.
+The `path` specifies the subdirectory where the Kluctl project is located.
+
+The `ref` provides the Git reference to be used. The `ref` field has the same format as in
+[git includes](../../../kluctl/deployments/deployment-yml.md#git-includes).
 
-The `ref` provides the Git reference to be used. It can either be a branch or a tag.
+See [Git authentication](#git-authentication) for details on authentication via the `spec.credentials.git` field.
 
-See [Git authentication](#git-authentication) for details on authentication and the `credentials` field.
+#### OCI source
+
+Specifies a OCI artifact to load the project source from. The artifact must have been pushed via the
+[kluctl oci push](../../../kluctl/commands/oci-push.md) command.
+
+Example:
+
+```yaml
+apiVersion: gitops.kluctl.io/v1beta1
+kind: KluctlDeployment
+metadata:
+  name: example
+spec:
+  source:
+    oci:
+      url: oci://ghcr.io/kluctl/kluctl-examples/simple
+      path: my-subdir
+      ref:
+        tag: latest
+  credentials:
+    oci:
+      - registry: ghcr.io
+        repository: kluctl/**
+        secretRef:
+          name: oci-credentials
+  ...
+```
+
+The `url` specifies the OCI repository url. It must use the `oci://` scheme. It is not allowed to add tags or digests to
+the url. Instead, use the dedicated `ref` field.
+
+The `path` specifies the subdirectory where the Kluctl project is located.
+
+The `ref` provides the Git reference to be used. The `ref` field has the same format as in
+[oci includes](../../../kluctl/deployments/deployment-yml.md#oci-includes).
+
+See [OCI authentication](#oci-registry-authentication) for details on authentication via the `spec.credentials.oci` field.
 
 ### interval
 See [Reconciliation](#reconciliation).
@@ -117,8 +167,9 @@ metadata:
 spec:
   interval: 5m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   timeout: 2m
   target: prod
   context: default
@@ -157,8 +208,9 @@ metadata:
 spec:
   interval: 5m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   timeout: 2m
   target: prod
   context: default
@@ -184,7 +236,8 @@ metadata:
 spec:
   interval: 5m
   source:
-    url: https://example.com
+    git:
+      url: https://example.com
   timeout: 2m
   target: prod
   images:
@@ -308,35 +361,54 @@ metadata:
 spec:
   interval: 10m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
+    git:
+      url: https://github.com/kluctl/kluctl-examples.git
+      path: "./microservices-demo/3-templating-and-multi-env/"
   target: prod
   serviceAccountName: prod-service-account
   context: default
 ```
 
-## Git authentication
+## Credentials
+A `KluctlDeployment` can specify multiple sets of credentials for different kind of repositories and registries. These
+are specified through the `spec.credentials` field, which specifies multiple list of credentials.
 
-The `spec.source` can optionally specify `spec.source.credentials` (see [here](#source)), which lists multiple
-sets of credentials for different git hosts.
+### Git authentication
+Git authentication can be specified via `spec.credentials.git`, which is a list of credential configs. Each entry
+specifies information to match Git repositories and a reference to a Kubernetes secret.
 
 Each time the controller needs to access a git repository, it will iterate through this list and pick the first one
 matching.
 
-Each `credentials` entry has the following fields:
+Example:
+
+```yaml
+spec:
+  source:
+    git:
+      url: https://github.com/my-org/my-repo.git
+  credentials:
+    git:
+      - host: github.com
+        path: my-org/*
+        secretRef:
+          name: my-git-secrets
+```
+
+Each entry has the following fields:
 
 `host` is required and specifies the hostname to apply this set of credentials. It can also be set to `*`, meaning that
 it will match all git hosts. `*` will however be ignored for https based urls to avoid leaking credentials.
 
-`pathPrefix` is optional and allows to filter for different path prefixed on the same host. This is for example useful
-when public Git providers are used, for example github.com. For these, you can for example use `my-org/` as prefix to
+`path` is optional and allows to filter for different paths on the same host. This is for example useful
+when public Git providers are used, for example github.com. For these, you can for example use `my-org/*` as pattern to
 tell the controller that it should use this set of credentials only for projects below the `my-org` GitHub organisation.
 
 `secretRef` is required and specifies the name of the secret that contains the actual credentials.
 
 The following authentication types are supported through the referenced secret.
 
-### Basic access authentication
+#### Basic access authentication
 
 To authenticate towards a Git repository over HTTPS using basic access
 authentication (in other words: using a username and password), the referenced
@@ -354,7 +426,7 @@ data:
   password: <BASE64>
 ```
 
-### HTTPS Certificate Authority
+#### HTTPS Certificate Authority
 
 To provide a Certificate Authority to trust while connecting with a Git
 repository over HTTPS, the referenced Secret can contain a `.data.caFile`
@@ -372,7 +444,7 @@ data:
   caFile: <BASE64>
 ```
 
-### SSH authentication
+#### SSH authentication
 
 To authenticate towards a Git repository over SSH, the referenced Secret is
 expected to contain `identity` and `known_hosts` fields. With the respective
@@ -394,50 +466,153 @@ stringData:
     github.com ecdsa-sha2-nistp256 AAAA...
 ```
 
-## Helm Repository authentication
-
+### Helm Repository authentication
 Kluctl allows to [integrate Helm Charts](../../../kluctl/deployments/helm.md) in two different ways.
 One is to [pre-pull charts](../../../kluctl/commands/helm-pull.md) and put them into version control,
 making it unnecessary to pull them at deploy time. This option also means that you don't have to take any special care
 on the controller side.
 
 The other way is to let Kluctl pull Helm Charts at deploy time. In that case, you have to ensure that the controller
-has the necessary access to the Helm repositories. To add credentials for authentication, set the `spec.helmCredentials`
-field to a list of secret references:
+has the necessary access to the Helm repositories.
+
+Helm Repository authentication can be specified via `spec.credentials.helm`, which is a list of credential configs. Each entry
+specifies information to match Helm repositories and a reference to a Kubernetes secret.
+
+Each time the controller needs to access a Helm repository, it will iterate through this list and pick the first one
+matching.
 
-### Basic access authentication
+Example:
 
 ```yaml
-apiVersion: gitops.kluctl.io/v1beta1
-kind: KluctlDeployment
+spec:
+  source:
+    git:
+      url: https://github.com/my-org/my-repo.git
+  credentials:
+    helm:
+      - host: my-repo.com
+        path: some-path/*
+        secretRef:
+          name: my-helm-secrets
+```
+
+Each entry has the following fields:
+
+`host` is required and specifies the hostname to apply this set of credentials.
+
+`path` is optional and allows to filter for different paths on the same host. The behavior is identical to how
+Git credentials handle it.
+
+`secretRef` is required and specifies the name of the secret that contains the actual credentials.
+
+The following authentication types are supported through the referenced secret.
+
+#### Basic access authentication
+
+To authenticate towards a Helm repository over HTTP/HTTPS using basic access
+authentication (in other words: using a username and password), the referenced
+Secret is expected to contain `.data.username` and `.data.password` values.
+
+```yaml
+apiVersion: v1
+kind: Secret
 metadata:
-  name: example
+  name: my-helm-creds
   namespace: kluctl-system
+stringData:
+  username: my-user
+  password: my-password
+```
+
+#### TLS authentication
+
+For TLS authentication, see the following example secret:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-helm-creds
+  namespace: kluctl-system
+data:
+  certFile: <BASE64>
+  keyFile: <BASE64>
+  # NOTE: The following values can be supplied without the above values and for all other (e.g. basic) authentication types as well
+  caFile: <BASE64>
+  insecureSkipTlsVerify: "true" # this field is optional
+  passCredentialsAll: "true" # this field is optional
+```
+
+`certFile` and `keyFile` optionally specify a client certificate and key pair to use for client certificate based
+authentication. `caFile` specifies a CA bundle to use when TSL/https verification is performed.
+
+If `insecureSkipTlsVerify` is set to `true`, TLS verification is skipped.
+
+If `passCredentialsAll` is set to `true`, Kluctl will pass credentials to all domains. See https://helm.sh/docs/helm/helm_repo_add/ for details. 
+
+### OCI registry authentication
+OCI registry authentication can be specified via `spec.credentials.oci`, which is a list of credential configs. Each entry
+specifies information to match OCI registries and a reference to a Kubernetes secret.
+
+Each time the controller needs to access an OCI registry, it will iterate through this list and pick the first one
+matching. This also includes OCI registry usages via the [Helm integration](../../../kluctl/deployments/helm.md).
+
+Example:
+
+```yaml
 spec:
-  interval: 10m
   source:
-    url: https://github.com/kluctl/kluctl-examples.git
-    path: "./microservices-demo/3-templating-and-multi-env/"
-  target: prod
-  serviceAccountName: prod-service-account
-  context: default
+    git:
+      url: https://github.com/my-org/my-repo.git
+  credentials:
+    oci:
+      - registry: docker.com
+        repository: my-org/*
+        secretRef:
+          name: my-oci-secrets
+```
 
-  helmCredentials:
-    - secretRef:
-        name: helm-creds
----
+Each entry has the following fields:
+
+`registry` is required and specifies the registry name to apply this set of credentials.
+
+`repository` is optional and allows to filter for different repositories in the same registry. Wildcards can also be used.
+If omitted, all repositories on the specified registry will match.
+
+`secretRef` is required and specifies the name of the secret that contains the actual credentials.
+
+The following authentication types are supported through the referenced secret.
+
+#### Basic access authentication
+To authenticate towards an OCI registry over HTTP/HTTPS using basic access
+authentication (in other words: using a username and password), the referenced
+Secret is expected to contain `.data.username` and `.data.password` values.
+
+```yaml
 apiVersion: v1
 kind: Secret
 metadata:
-  name: helm-creds
+  name: my-oci-secrets
   namespace: kluctl-system
 stringData:
-  url: https://example-repo.com
   username: my-user
   password: my-password
 ```
 
-### TLS authentication
+#### Token based authentication
+To authenticate via a bearer token, use specify `.data.token` in the referenced secret.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-oci-secrets
+  namespace: kluctl-system
+stringData:
+  token: my-token
+```
+
+#### TLS authentication
 
 For TLS authentication, see the following example secret:
 
@@ -445,24 +620,27 @@ For TLS authentication, see the following example secret:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: helm-creds
+  name: my-oci-creds
   namespace: kluctl-system
 data:
   certFile: <BASE64>
   keyFile: <BASE64>
-  # NOTE: Can be supplied without the above values
+  # NOTE: The following values can be supplied without the above values and for all other (e.g. basic) authentication types as well
   caFile: <BASE64>
+  insecureSkipTlsVerify: "true" # this field is optional
+  plainHttp: "true" # this field is optional
 ```
 
-### Disabling TLS verification
+`certFile` and `keyFile` optionally specify a client certificate and key pair to use for client certificate based
+authentication. `caFile` specifies a CA bundle to use when TSL/https verification is performed.
 
-In case you need to disable TLS verification (not recommended!), add the key `insecureSkipTlsVerify` with the value
-`"true"` (make sure it's a string, so surround it with `"`).
+If `insecureSkipTlsVerify` is set to `true`, TLS verification is skipped.
 
-### Pass credentials
+If `plainHttp` if set to `true`, HTTPS is disabled and HTTP is used instead.
 
-To enable passing of credentials to all requests, add the key `passCredentialsAll` with the value `"true"`.
-This will pass the credentials to all requests, even if the hostname changes.
+### Deprecated ways of credentials configurations
+Kluctl still supports the deprecated `spec.source.credentials`, `spec.source.secretRef` and `spec.helmCredentials` fields
+in the `v1beta1` api version. These fields are however deprecated and will be removed in the next version bump.
 
 ## Secrets Decryption
 
diff --git a/docs/kluctl/commands/environment-variables.md b/docs/kluctl/commands/environment-variables.md
index a76dcea9b..d6a020765 100644
--- a/docs/kluctl/commands/environment-variables.md
+++ b/docs/kluctl/commands/environment-variables.md
@@ -23,6 +23,7 @@ names of the environment variables, e.g. `KLUCTL_ARG_0=name1=value1` and `KLUCTL
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
-1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [registries](../deployments/images.md#supported-image-registries-and-authentication) for details.
-2. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
-3. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
+1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [OCI authentication](../deployments/oci.md#authentication) for details.
+2. `KLUCTL_HELM_<idx>_HOST`, `KLUCTL_HELM_<idx>_USERNAME`, and so on. See [Helm private repositories](../deployments/helm.md#private-repositories) for details.
+3. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
+4. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
diff --git a/docs/kluctl/deployments/README.md b/docs/kluctl/deployments/README.md
index 36c4f42d7..7f45f93ab 100644
--- a/docs/kluctl/deployments/README.md
+++ b/docs/kluctl/deployments/README.md
@@ -15,11 +15,12 @@ description: >
 2. [Kustomize Integration](./kustomize.md)
 3. [Container Images](./images.md)
 4. [Helm Integration](./helm.md)
-5. [SOPS Integration](./sops.md)
-6. [Hooks](./hooks.md)
-7. [Readiness](./readiness.md)
-8. [Tags](./tags.md)
-9. [Annotations](./annotations)
+5. [OCI Integration](./oci.md)
+6. [SOPS Integration](./sops.md)
+7. [Hooks](./hooks.md)
+8. [Readiness](./readiness.md)
+9. [Tags](./tags.md)
+10. [Annotations](./annotations)
 
 A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
 [Kustomize](./kustomize.md) deployments, but can also integrate [Helm Charts](./helm.md).
diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index a13d3670d..f4c6ded28 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -20,6 +20,10 @@ deployments:
 - path: nginx
 - path: my-app
 - include: monitoring
+- git:
+    url: git@github.com/example/example.git
+- oci:
+    url: oci://ghcr.io/kluctl/kluctl-examples/simple
 
 commonLabels:
   my.prefix/target: "{{ target.name }}"
@@ -117,6 +121,51 @@ If `ref` is omitted, the default branch will be checked out.
 
 `subDir` is optional and specifies the sub directory inside the git repository to include.
 
+### OCI includes
+
+Specifies an OCI based artifact to include. The artifact must be pushed to your OCI repository via the
+[`kluctl oci push`](../commands/oci-push.md) command. The artifact is extracted and then included the same way a
+[git include](#git-includes) is included.
+
+Simple example:
+```yaml
+deployments:
+- oci:
+    url: oci://ghcr.io/kluctl/kluctl-examples/simple
+```
+
+The `url` specifies the OCI repository url. It must use the `oci://` scheme. It is not allowed to add tags or digests to
+the url. Instead, use the dedicated `ref` field:
+
+```yaml
+deployments:
+- oci:
+    url: oci://ghcr.io/kluctl/kluctl-examples/simple
+    ref:
+      tag: latest
+```
+
+For digests, use:
+
+```yaml
+deployments:
+- oci:
+    url: oci://ghcr.io/kluctl/kluctl-examples/simple
+    ref:
+      digest: sha256:9ac3ba762c373ebccecb9dd3ac1d8ca091e4bd4a101701ce99e6058c0c74eedc
+```
+
+Subdirectories of the pushed artifact can be specified via `subDir`:
+
+```yaml
+deployments:
+- oci:
+    url: oci://ghcr.io/kluctl/kluctl-examples/simple
+    subDir: my-subdir
+```
+
+See [OCI support](./oci.md) for more details, especially in regard to authentication for private registries.
+
 ### Barriers
 Causes kluctl to wait until all previous kustomize deployments have been applied. This is useful when
 upcoming deployments need the current or previous deployments to be finished beforehand. Previous deployments also
diff --git a/docs/kluctl/deployments/helm.md b/docs/kluctl/deployments/helm.md
index 64116a4fe..067b51ff6 100644
--- a/docs/kluctl/deployments/helm.md
+++ b/docs/kluctl/deployments/helm.md
@@ -154,9 +154,9 @@ In case a Helm Chart needs to be updated, you can either do this manually by rep
 value in `helm-chart.yaml` and the calling the [helm-pull](../commands/helm-pull.md) command or by simply invoking
 [helm-update](../commands/helm-update.md) with `--upgrade` and/or `--commit` being set.
 
-## Private Chart Repositories
-It is also possible to use private chart repositories. There are currently two options to provide Helm Repository
-credentials to Kluctl.
+## Private Repositories
+It is also possible to use private chart repositories and private OCI registries. There are multiple options to
+provide credentials to Kluctl.
 
 ### Use `helm repo add --username xxx --password xxx` before
 Kluctl will try to find known repositories that are managed by the Helm CLI and then try to reuse the credentials of
@@ -164,29 +164,50 @@ these. The repositories are identified by the URL of the repository, so it doesn
 added the repository to Helm. The same method can be used for client certificate based authentication (`--key-file`
 in `helm repo add`).
 
-### Use the --username/--password arguments in `kluctl helm-pull`
-See the [helm-pull command](../commands/helm-pull.md). You can control repository credentials
-via `--username`, `--password` and `--key-file`. Each argument must be in the form `credentialsId:value`, where
-the `credentialsId` must match the id specified in the `helm-chart.yaml`. Example:
-
-```yaml
-helmChart:
-  repo: https://raw.githubusercontent.com/example/private-helm-repo/main/
-  credentialsId: private-helm-repo
-  chartName: my-chart
-  chartVersion: 1.2.3
-  releaseName: my-chart
-  namespace: default
-```
-
-When credentialsId is specified, Kluctl will require you to specify `--username=private-helm-repo:my-username` and
-`--password=private-helm-repo:my-password`. You can also specify a client-side certificate instead via
-`--key-file=private-helm-repo:/path/to/cert`.
-
-Multiple Helm Charts can use the same `credentialsId`.
-
-Environment variables can also be used instead of arguments. See
-[Environment Variables](../commands/environment-variables.md) for details.
+### Use `helm registry login --username xxx --password xxx` for OCI registries
+The same as for `helm repo add` applies here, except that authentication entries are matched by hostname.
+
+
+### Use `docker login` for OCI registries
+Kluctl tries to use credentials stored in `$HOME/.docker/config.json` as well, so
+[`docker login`](https://docs.docker.com/engine/reference/commandline/login/) will also allow Kluctl to authenticate
+against OCI registries.
+
+### Use the --helm-xxx and --registry-xxx arguments of Kluctl sub-commands
+All [commands](../commands/README.md) that interact with Helm Chart repositories and OCI registries support the
+[helm arguments](../commands/common-arguments.md#helm-arguments) and [registry arguments](../commands/common-arguments.md#registry-arguments)
+to specify authentication per repository and/or OCI registry.
+
+⚠️DEPRECATION WARNING ⚠️
+Previous versions (prior to v2.22.0) of Kluctl supported managing Helm credentials via `credentialsId` in `helm-chart.yaml`.
+This is deprecated now and will be removed in the future. Please switch to hostname/registry-name based authentication
+instead. See [helm arguments](../commands/common-arguments.md#helm-arguments) for details.
+
+### Use environment variables to specify authentication
+You can also use environment variables to specify Helm Chart repository authentication. For OCI based registries, see
+[OCI authentication](./oci.md#authentication) for details.
+
+The following environment variables are supported:
+
+1. `KLUCTL_HELM_HOST`: Specifies the host name of the repository to match before the specified credentials are considered.
+2. `KLUCTL_HELM_PATH`: Specifies the path to match before the specified credentials are considered. If omitted, credentials are applied to all matching hosts. Can contain wildcards.
+3. `KLUCTL_HELM_USERNAME`: Specifies the username.
+4. `KLUCTL_HELM_PASSWORD`: Specifies the password.
+5. `KLUCTL_HELM_INSECURE_SKIP_TLS_VERIFY`: If set to `true`, Kluctl will skip TLS verification for matching repositories.
+6. `KLUCTL_HELM_PASS_CREDENTIALS_ALL`: If set to `true`, Kluctl will instruct Helm to pass credentials to all domains. See https://helm.sh/docs/helm/helm_repo_add/ for details.
+7. `KLUCTL_HELM_CERT_FILE`: Specifies the client certificate to use while connecting to the matching repository.
+8. `KLUCTL_HELM_KEY_FILE`: Specifies the client key to use while connecting to the matching repository.
+9. `KLUCTL_HELM_CA_FILE`: Specifies CA bundle to use for TLS/https verification.
+
+Multiple credential sets can be specified by including an index in the environment variable names, e.g.
+`KLUCTL_HELM_1_HOST=host.org`, `KLUCTL_HELM_1_USERNAME=my-user` and `KLUCTL_HELM_1_PASSWORD=my-password` will apply
+the given credential to all repositories with the host `host.org`, while `KLUCTL_HELM_2_HOST=other.org`,
+`KLUCTL_HELM_2_USERNAME=my-other-user` and `KLUCTL_HELM_2_PASSWORD=my-other-password` will apply the other credentials
+to the `other.org` repository.
+
+### Credentials when using the kluctl-controller
+In case you want to use the same Kluctl deployment via the [kluctl-controller](../../gitops/README.md), you have to
+configure Helm and OCI credentials via [`spec.credentials`](../../gitops/spec/v1beta1/kluctldeployment.md#credentials).
 
 ## Templating
 
diff --git a/docs/kluctl/deployments/oci.md b/docs/kluctl/deployments/oci.md
new file mode 100644
index 000000000..ed2ee4697
--- /dev/null
+++ b/docs/kluctl/deployments/oci.md
@@ -0,0 +1,61 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "OCI Support"
+linkTitle: "OCI Support"
+weight: 4
+description: >
+    OCI Support in Kluctl
+---
+-->
+
+# OCI Support
+Kluctl provides OCI support in multiple places. See the following sections for details.
+
+## Helm OCI based registries
+Kluctl fully supports [OCI based Helm registries](https://helm.sh/docs/topics/registries/) in
+the [Helm integration](./helm.md).
+
+## OCI includes
+Kluctl can include sub-deployments from OCI artifacts via [OCI includes](./deployment-yml.md#oci-includes).
+
+These artifacts can be pushed via the [kluctl oci push](../commands/oci-push.md) sub-command.
+
+## Authentication
+Private registries are supported as well. To authenticate to these, use one of the following methods.
+
+### Authenticate via `--registry-xxx` arguments
+All [commands](../commands/README.md) that interact with OCI registries support the
+[registry arguments](../commands/common-arguments.md#registry-arguments) to specify authentication per OCI registry.
+
+### Authenticate via `docker login`
+Kluctl tries to use credentials stored in `$HOME/.docker/config.json` as well, so
+[`docker login`](https://docs.docker.com/engine/reference/commandline/login/) will also allow Kluctl to authenticate
+against OCI registries.
+
+### Use environment variables to specify authentication
+You can also use environment variables to specify OCI authentication.
+
+The following environment variables are supported:
+
+1. `KLUCTL_REGISTRY_HOST`: Specifies the registry host name to match before the specified credentials are considered.
+2. `KLUCTL_REGISTRY_REPOSITORY`: Specifies the repository name to match before the specified credentials are considered. The repository name can contain the organization name, which default to `library` is omitted. Can contain wildcards.
+3. `KLUCTL_REGISTRY_USERNAME`: Specifies the username.
+4. `KLUCTL_REGISTRY_PASSWORD`: Specifies the password.
+5. `KLUCTL_REGISTRY_IDENTITY_TOKEN`: Specifies the identity token used for authentication.
+6. `KLUCTL_REGISTRY_TOKEN`: Specifies the bearer token used for authentication.
+7. `KLUCTL_REGISTRY_INSECURE_SKIP_TLS_VERIFY`: If set to `true`, Kluctl will skip TLS verification for matching registries.
+8. `KLUCTL_REGISTRY_PLAIN_HTTP`: If set to `true`, forces the use of http (no TLS).
+9. `KLUCTL_REGISTRY_CERT_FILE`: Specifies the client certificate to use while connecting to the matching repository.
+10. `KLUCTL_REGISTRY_KEY_FILE`: Specifies the client key to use while connecting to the matching repository.
+11. `KLUCTL_REGISTRY_CA_FILE`: Specifies CA bundle to use for TLS/https verification.
+
+Multiple credential sets can be specified by including an index in the environment variable names, e.g.
+`KLUCTL_REGISTRY_1_HOST=host.org`, `KLUCTL_REGISTRY_1_USERNAME=my-user` and `KLUCTL_REGISTRY_1_PASSWORD=my-password` will apply
+the given credential to all registries with the host `host.org`, while `KLUCTL_REGISTRY_2_HOST=other.org`,
+`KLUCTL_REGISTRY_2_USERNAME=my-other-user` and `KLUCTL_REGISTRY_2_PASSWORD=my-other-password` will apply the other credentials
+to the `other.org` registry.
+
+### Credentials when using the kluctl-controller
+In case you want to use the same Kluctl deployment via the [kluctl-controller](../../gitops/README.md), you have to
+configure OCI credentials via [`spec.credentials`](../../gitops/spec/v1beta1/kluctldeployment.md#oci-registry-authentication).
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index db0f3e4d3..56885c205 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -264,7 +264,7 @@ spec:
                       description: 'SecretRef holds the name of a secret that contains
                         the Helm credentials. The secret must either contain the fields
                         `credentialsId` which refers to the credentialsId found in
-                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-chart-repositories
+                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories
                         or an `url` used to match the credentials found in Kluctl
                         projects helm-chart.yaml files. The secret can either container
                         basic authentication credentials via `username` and `password`

From 38c5546fe969e8fbe0d5a70a5307ff7e9c6017a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 23:30:11 +0200
Subject: [PATCH 1731/2268] feat: Use camelCase for identityToken, plainHttp
 and insecureSkipTlsVerify

---
 e2e/gitops_helm_test.go                               | 6 +++---
 pkg/controllers/kluctldeployment_controller_source.go | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 06c23863c..6c90fb9b6 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -52,7 +52,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 				"password": tc.argPassword,
 			}
 			if !repo.TLSEnabled {
-				m["plain_http"] = "true"
+				m["plainHttp"] = "true"
 			}
 			if tc.argPassCA {
 				m["ca"] = string(repo.ServerCAs)
@@ -92,10 +92,10 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		}
 	}
 
-	// add a fallback secret that enables plain_http in case we have no matching creds
+	// add a fallback secret that enables plainHttp in case we have no matching creds
 	if tc.oci && !repo.TLSEnabled {
 		m := map[string]string{
-			"plain_http": "true",
+			"plainHttp": "true",
 		}
 		name := suite.createGitopsSecret(m)
 		projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index c1aeb0235..3256c4e69 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -253,13 +253,13 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 		if x, ok := secret.secret.Data["password"]; ok {
 			e.AuthConfig.Password = string(x)
 		}
-		if x, ok := secret.secret.Data["identity_token"]; ok {
+		if x, ok := secret.secret.Data["identityToken"]; ok {
 			e.AuthConfig.IdentityToken = string(x)
 		}
-		if x, ok := secret.secret.Data["registry_token"]; ok {
+		if x, ok := secret.secret.Data["token"]; ok {
 			e.AuthConfig.RegistryToken = string(x)
 		}
-		if x, ok := secret.secret.Data["plain_http"]; ok {
+		if x, ok := secret.secret.Data["plainHttp"]; ok {
 			e.PlainHTTP = utils.ParseBoolOrFalse(string(x))
 		}
 		if x, ok := secret.secret.Data["cert"]; ok {
@@ -277,7 +277,7 @@ func (r *KluctlDeploymentReconciler) buildOciAuth(ctx context.Context, ociSecret
 		} else if x, ok := secret.secret.Data["caFile"]; ok {
 			e.CA = x
 		}
-		if x, ok := secret.secret.Data["insecure_skip_tls_verify"]; ok {
+		if x, ok := secret.secret.Data["insecureSkipTlsVerify"]; ok {
 			e.InsecureSkipTlsVerify = utils.ParseBoolOrFalse(string(x))
 		}
 

From 3848647f926bb7d1bb158a5e737cd26b31e10c02 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Oct 2023 23:55:03 +0200
Subject: [PATCH 1732/2268] chore: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index dd1eb4aa9..706b9e091 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
-	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.16.1
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/hexops/gotextdiff v1.0.3

From e47cd12d8007794792864dea10873dd120fbfac2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 10:40:10 +0200
Subject: [PATCH 1733/2268] tests: Skip gitops tests on windows (#853)

---
 e2e/gitops_suite.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite.go
index 67232209d..98fda529e 100644
--- a/e2e/gitops_suite.go
+++ b/e2e/gitops_suite.go
@@ -20,6 +20,7 @@ import (
 	"math/rand"
 	"os"
 	"path/filepath"
+	runtime2 "runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
@@ -53,6 +54,10 @@ type GitopsTestSuite struct {
 }
 
 func (suite *GitopsTestSuite) SetupSuite() {
+	if runtime2.GOOS == "windows" {
+		suite.T().Skip("skipping gitops tests on windows")
+	}
+
 	suite.k = gitopsCluster
 
 	n := suite.T().Name()

From 795d7f16ed0cdda3cdb0c18b666fa0dd7d795b70 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 10:36:51 +0200
Subject: [PATCH 1734/2268] feat: Introduce gitops
 deploy/prune/validate/reconcile sub-commands

---
 cmd/kluctl/args/gitops_args.go              |   9 ++
 cmd/kluctl/commands/cmd_gitops.go           | 128 ++++++++++++++++++++
 cmd/kluctl/commands/cmd_gitops_deploy.go    |  32 +++++
 cmd/kluctl/commands/cmd_gitops_prune.go     |  32 +++++
 cmd/kluctl/commands/cmd_gitops_reconcile.go |  32 +++++
 cmd/kluctl/commands/cmd_gitops_validate.go  |  32 +++++
 cmd/kluctl/commands/root.go                 |   1 +
 docs/kluctl/commands/gitops-deploy.md       |  36 ++++++
 docs/kluctl/commands/gitops-prune.md        |  36 ++++++
 docs/kluctl/commands/gitops-reconcile.md    |  36 ++++++
 docs/kluctl/commands/gitops-validate.md     |  36 ++++++
 11 files changed, 410 insertions(+)
 create mode 100644 cmd/kluctl/args/gitops_args.go
 create mode 100644 cmd/kluctl/commands/cmd_gitops.go
 create mode 100644 cmd/kluctl/commands/cmd_gitops_deploy.go
 create mode 100644 cmd/kluctl/commands/cmd_gitops_prune.go
 create mode 100644 cmd/kluctl/commands/cmd_gitops_reconcile.go
 create mode 100644 cmd/kluctl/commands/cmd_gitops_validate.go
 create mode 100644 docs/kluctl/commands/gitops-deploy.md
 create mode 100644 docs/kluctl/commands/gitops-prune.md
 create mode 100644 docs/kluctl/commands/gitops-reconcile.md
 create mode 100644 docs/kluctl/commands/gitops-validate.md

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
new file mode 100644
index 000000000..10b1981c3
--- /dev/null
+++ b/cmd/kluctl/args/gitops_args.go
@@ -0,0 +1,9 @@
+package args
+
+type GitOpsArgs struct {
+	Name          string `group:"misc" help:"Specifies the name of the KluctlDeployment."`
+	Namespace     string `group:"misc" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
+	LabelSelector string `group:"misc" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
+
+	Context string `group:"misc" help:"Override the context to use."`
+}
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
new file mode 100644
index 000000000..105cc9f28
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -0,0 +1,128 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type gitopsCmd struct {
+	Reconcile gitopsReconcileCmd `cmd:"" help:"Trigger a GitOps reconciliation"`
+	Deploy    gitopsDeployCmd    `cmd:"" help:"Trigger a GitOps deployment"`
+	Prune     gitopsPruneCmd     `cmd:"" help:"Trigger a GitOps prune"`
+	Validate  gitopsValidateCmd  `cmd:"" help:"Trigger a GitOps validate"`
+}
+
+type gitopsCmdHelper struct {
+	args args.GitOpsArgs
+	kds  []v1beta1.KluctlDeployment
+
+	client       client.Client
+	corev1Client *v1.CoreV1Client
+}
+
+func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error {
+	configOverrides := &clientcmd.ConfigOverrides{
+		CurrentContext: args.Context,
+	}
+	var err error
+	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		clientcmd.NewDefaultClientConfigLoadingRules(),
+		configOverrides)
+	restConfig, err := clientConfig.ClientConfig()
+	if err != nil {
+		return err
+	}
+	defaultNs, _, err := clientConfig.Namespace()
+	if err != nil {
+		return err
+	}
+
+	g.client, err = client.NewWithWatch(restConfig, client.Options{})
+	if err != nil {
+		return err
+	}
+	g.corev1Client = v1.NewForConfigOrDie(restConfig)
+
+	ns := args.Namespace
+	if ns == "" {
+		ns = defaultNs
+	}
+
+	var opts []client.ListOption
+	if args.Name != "" {
+		if ns == "" {
+			return fmt.Errorf("no namespace specified")
+		}
+		if args.LabelSelector != "" {
+			return fmt.Errorf("either name or label selector must be set, not both")
+		}
+
+		var kd v1beta1.KluctlDeployment
+		err = g.client.Get(ctx, client.ObjectKey{Name: args.Name, Namespace: ns}, &kd)
+		if err != nil {
+			return err
+		}
+		g.kds = append(g.kds, kd)
+	} else if args.LabelSelector != "" {
+		label, err := metav1.ParseToLabelSelector(args.LabelSelector)
+		if err != nil {
+			return err
+		}
+		sel, err := metav1.LabelSelectorAsSelector(label)
+		if err != nil {
+			return err
+		}
+
+		opts = append(opts, client.MatchingLabelsSelector{Selector: sel})
+		if ns != "" {
+			opts = append(opts, client.InNamespace(ns))
+		}
+
+		var l v1beta1.KluctlDeploymentList
+		err = g.client.List(ctx, &l, opts...)
+		if err != nil {
+			return err
+		}
+		g.kds = append(g.kds, l.Items...)
+	} else {
+		return fmt.Errorf("either name or label selector must be set")
+	}
+
+	return nil
+}
+
+func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, kd *v1beta1.KluctlDeployment, name string, value string) error {
+	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s with annotation %s=%s", kd.Namespace, kd.Name, name, value)
+	defer s.Failed()
+
+	patch := client.MergeFrom(kd.DeepCopy())
+
+	a := kd.GetAnnotations()
+	if a == nil {
+		a = map[string]string{}
+	}
+	a[name] = value
+	kd.SetAnnotations(a)
+
+	err := g.client.Patch(ctx, kd, patch, client.FieldOwner("kluctl"))
+	if err != nil {
+		return err
+	}
+
+	s.Success()
+
+	return nil
+}
+
+func init() {
+	utilruntime.Must(v1beta1.AddToScheme(scheme.Scheme))
+}
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
new file mode 100644
index 000000000..df8d4861e
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -0,0 +1,32 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"time"
+)
+
+type gitopsDeployCmd struct {
+	args.GitOpsArgs
+}
+
+func (cmd *gitopsDeployCmd) Help() string {
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment. It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.`
+}
+
+func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
+	var g gitopsCmdHelper
+	err := g.init(ctx, cmd.GitOpsArgs)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		v := time.Now().Format(time.RFC3339Nano)
+		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestDeployAnnotation, v)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
new file mode 100644
index 000000000..2afa06b40
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -0,0 +1,32 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"time"
+)
+
+type gitopsPruneCmd struct {
+	args.GitOpsArgs
+}
+
+func (cmd *gitopsPruneCmd) Help() string {
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune. It does this by setting the annotation 'kluctl.io/request-prune' to the current time.`
+}
+
+func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
+	var g gitopsCmdHelper
+	err := g.init(ctx, cmd.GitOpsArgs)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		v := time.Now().Format(time.RFC3339Nano)
+		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestPruneAnnotation, v)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
new file mode 100644
index 000000000..87f1afaf4
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -0,0 +1,32 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"time"
+)
+
+type gitopsReconcileCmd struct {
+	args.GitOpsArgs
+}
+
+func (cmd *gitopsReconcileCmd) Help() string {
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.`
+}
+
+func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
+	var g gitopsCmdHelper
+	err := g.init(ctx, cmd.GitOpsArgs)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		v := time.Now().Format(time.RFC3339Nano)
+		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestReconcileAnnotation, v)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
new file mode 100644
index 000000000..55653f847
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -0,0 +1,32 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"time"
+)
+
+type gitopsValidateCmd struct {
+	args.GitOpsArgs
+}
+
+func (cmd *gitopsValidateCmd) Help() string {
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.`
+}
+
+func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
+	var g gitopsCmdHelper
+	err := g.init(ctx, cmd.GitOpsArgs)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		v := time.Now().Format(time.RFC3339Nano)
+		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestValidateAnnotation, v)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index ad9654560..541136d88 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -73,6 +73,7 @@ type cli struct {
 	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
 	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
+	Gitops      gitopsCmd      `cmd:"" help:"GitOps sub-commands"`
 	Webui       webuiCmd       `cmd:"" help:"Kluctl Webui sub-commands"`
 	Oci         ociCmd         `cmd:"" help:"Oci sub-commands"`
 
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
new file mode 100644
index 000000000..3f105fa2d
--- /dev/null
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -0,0 +1,36 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops deploy"
+linkTitle: "gitops deploy"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops deploy" "Usage" false -->
+Usage: kluctl gitops deploy [flags]
+
+Trigger a GitOps deployment
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment. It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops deploy" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
new file mode 100644
index 000000000..b662da290
--- /dev/null
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -0,0 +1,36 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops prune"
+linkTitle: "gitops prune"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops prune" "Usage" false -->
+Usage: kluctl gitops prune [flags]
+
+Trigger a GitOps prune
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune. It does this by setting the annotation 'kluctl.io/request-prune' to the current time.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops prune" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
new file mode 100644
index 000000000..acfbd0233
--- /dev/null
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -0,0 +1,36 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops reconcile"
+linkTitle: "gitops reconcile"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops reconcile" "Usage" false -->
+Usage: kluctl gitops reconcile [flags]
+
+Trigger a GitOps reconciliation
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops reconcile" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
new file mode 100644
index 000000000..1f2a9524e
--- /dev/null
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -0,0 +1,36 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops validate"
+linkTitle: "gitops validate"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops validate" "Usage" false -->
+Usage: kluctl gitops validate [flags]
+
+Trigger a GitOps validate
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops validate" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->

From 5f5ece87ae74d220df62b43409afcb49782cbea7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 13:50:03 +0200
Subject: [PATCH 1735/2268] feat: Track reconcile id, result id and time per
 manual request

---
 api/v1beta1/kluctldeployment_types.go         |  36 ++++
 api/v1beta1/zz_generated.deepcopy.go          |  40 +++++
 .../gitops.kluctl.io_kluctldeployments.yaml   |  89 +++++++++-
 docs/gitops/api/kluctl-controller.md          | 145 +++++++++++++++-
 e2e/gitops_suite.go                           |   4 +-
 install/controller/controller/crd.yaml        |  89 +++++++++-
 .../kluctldeployment_controller.go            | 161 +++++++++++++++---
 .../target-view/ReconcilingIcon.tsx           |   8 +-
 8 files changed, 540 insertions(+), 32 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index c5f467889..4367d167a 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -454,20 +454,56 @@ type KubeConfig struct {
 	SecretRef SecretKeyReference `json:"secretRef,omitempty"`
 }
 
+type RequestResult struct {
+	// +required
+	RequestValue string `json:"requestValue"`
+
+	// +required
+	StartedTime metav1.Time `json:"startedTime"`
+
+	// +optional
+	FinishedTime *metav1.Time `json:"finishedTime,omitempty"`
+
+	// +required
+	ReconcileId string `json:"reconcileId"`
+
+	// +optional
+	ResultId string `json:"resultId,omitempty"`
+
+	// +optional
+	CommandError string `json:"commandError,omitempty"`
+}
+
 // KluctlDeploymentStatus defines the observed state of KluctlDeployment
 type KluctlDeploymentStatus struct {
+	// +optional
+	ReconcileRequestResult *RequestResult `json:"reconcileRequestResult,omitempty"`
+
+	// +optional
+	DeployRequestResult *RequestResult `json:"deployRequestResult,omitempty"`
+
+	// +optional
+	PruneRequestResult *RequestResult `json:"pruneRequestResult,omitempty"`
+
+	// +optional
+	ValidateRequestResult *RequestResult `json:"validateRequestResult,omitempty"`
+
 	// LastHandledReconcileAt holds the value of the most recent
 	// reconcile request value, so a change of the annotation value
 	// can be detected.
+	// DEPRECATED
 	// +optional
 	LastHandledReconcileAt string `json:"lastHandledReconcileAt,omitempty"`
 
+	// DEPRECATED
 	// +optional
 	LastHandledDeployAt string `json:"lastHandledDeployAt,omitempty"`
 
+	// DEPRECATED
 	// +optional
 	LastHandledPruneAt string `json:"lastHandledPruneAt,omitempty"`
 
+	// DEPRECATED
 	// +optional
 	LastHandledValidateAt string `json:"lastHandledValidateAt,omitempty"`
 
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 83877d676..adcc728d7 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -230,6 +230,26 @@ func (in *KluctlDeploymentSpec) DeepCopy() *KluctlDeploymentSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 	*out = *in
+	if in.ReconcileRequestResult != nil {
+		in, out := &in.ReconcileRequestResult, &out.ReconcileRequestResult
+		*out = new(RequestResult)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.DeployRequestResult != nil {
+		in, out := &in.DeployRequestResult, &out.DeployRequestResult
+		*out = new(RequestResult)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.PruneRequestResult != nil {
+		in, out := &in.PruneRequestResult, &out.PruneRequestResult
+		*out = new(RequestResult)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ValidateRequestResult != nil {
+		in, out := &in.ValidateRequestResult, &out.ValidateRequestResult
+		*out = new(RequestResult)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Conditions != nil {
 		in, out := &in.Conditions, &out.Conditions
 		*out = make([]v1.Condition, len(*in))
@@ -489,6 +509,26 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestResult) DeepCopyInto(out *RequestResult) {
+	*out = *in
+	in.StartedTime.DeepCopyInto(&out.StartedTime)
+	if in.FinishedTime != nil {
+		in, out := &in.FinishedTime, &out.FinishedTime
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestResult.
+func (in *RequestResult) DeepCopy() *RequestResult {
+	if in == nil {
+		return nil
+	}
+	out := new(RequestResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
 	*out = *in
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 444851d99..0badb98b9 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -666,6 +666,27 @@ spec:
                   - type
                   type: object
                 type: array
+              deployRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
               lastDeployError:
                 type: string
               lastDeployResult:
@@ -685,15 +706,18 @@ spec:
                   that describes the drift optional
                 type: string
               lastHandledDeployAt:
+                description: DEPRECATED
                 type: string
               lastHandledPruneAt:
+                description: DEPRECATED
                 type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
-                  be detected.
+                  be detected. DEPRECATED
                 type: string
               lastHandledValidateAt:
+                description: DEPRECATED
                 type: string
               lastManualObjectsHash:
                 type: string
@@ -724,6 +748,48 @@ spec:
                   subDir:
                     type: string
                 type: object
+              pruneRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
+              reconcileRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
               targetKey:
                 properties:
                   clusterId:
@@ -735,6 +801,27 @@ spec:
                 required:
                 - clusterId
                 type: object
+              validateRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
             type: object
         type: object
     served: true
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 3880f8714..7f1bdc5e0 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1111,6 +1111,58 @@ There are two ways to use this value properly.
 <tbody>
 <tr>
 <td>
+<code>reconcileRequestResult</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.RequestResult">
+RequestResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>deployRequestResult</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.RequestResult">
+RequestResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>pruneRequestResult</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.RequestResult">
+RequestResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>validateRequestResult</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.RequestResult">
+RequestResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastHandledReconcileAt</code><br>
 <em>
 string
@@ -1120,7 +1172,8 @@ string
 <em>(Optional)</em>
 <p>LastHandledReconcileAt holds the value of the most recent
 reconcile request value, so a change of the annotation value
-can be detected.</p>
+can be detected.
+DEPRECATED</p>
 </td>
 </tr>
 <tr>
@@ -1132,6 +1185,7 @@ string
 </td>
 <td>
 <em>(Optional)</em>
+<p>DEPRECATED</p>
 </td>
 </tr>
 <tr>
@@ -1143,6 +1197,7 @@ string
 </td>
 <td>
 <em>(Optional)</em>
+<p>DEPRECATED</p>
 </td>
 </tr>
 <tr>
@@ -1154,6 +1209,7 @@ string
 </td>
 <td>
 <em>(Optional)</em>
+<p>DEPRECATED</p>
 </td>
 </tr>
 <tr>
@@ -1958,6 +2014,93 @@ string
 </table>
 </div>
 </div>
+<h3 id="gitops.kluctl.io/v1beta1.RequestResult">RequestResult
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentStatus">KluctlDeploymentStatus</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>requestValue</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>startedTime</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
+Kubernetes meta/v1.Time
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>finishedTime</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
+Kubernetes meta/v1.Time
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>reconcileId</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>resultId</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>commandError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="gitops.kluctl.io/v1beta1.SafeDuration">SafeDuration
 </h3>
 <p>
diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite.go
index 98fda529e..303050fd8 100644
--- a/e2e/gitops_suite.go
+++ b/e2e/gitops_suite.go
@@ -160,7 +160,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
-		return kd.Status.LastHandledReconcileAt == reconcileId
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.FinishedTime == nil
 	}, timeout, time.Second).Should(BeTrue())
 }
 
@@ -172,7 +172,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
 		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		return kd.Status.LastHandledReconcileAt == reconcileId && kd.Status.ObservedCommit == commit
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.FinishedTime == nil && kd.Status.ObservedCommit == commit
 	}, timeout, time.Second).Should(BeTrue())
 }
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 56885c205..fa142c5e9 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -666,6 +666,27 @@ spec:
                   - type
                   type: object
                 type: array
+              deployRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
               lastDeployError:
                 type: string
               lastDeployResult:
@@ -685,15 +706,18 @@ spec:
                   that describes the drift optional
                 type: string
               lastHandledDeployAt:
+                description: DEPRECATED
                 type: string
               lastHandledPruneAt:
+                description: DEPRECATED
                 type: string
               lastHandledReconcileAt:
                 description: LastHandledReconcileAt holds the value of the most recent
                   reconcile request value, so a change of the annotation value can
-                  be detected.
+                  be detected. DEPRECATED
                 type: string
               lastHandledValidateAt:
+                description: DEPRECATED
                 type: string
               lastManualObjectsHash:
                 type: string
@@ -724,6 +748,48 @@ spec:
                   subDir:
                     type: string
                 type: object
+              pruneRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
+              reconcileRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
               targetKey:
                 properties:
                   clusterId:
@@ -735,6 +801,27 @@ spec:
                 required:
                 - clusterId
                 type: object
+              validateRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  finishedTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startedTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startedTime
+                type: object
             type: object
         type: object
     served: true
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index ee3654e56..93815f438 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -207,27 +207,113 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		})
 	}
 
-	// record the value of the reconciliation request, if any
-	if v, ok := obj.GetAnnotations()[kluctlv1.KluctlRequestReconcileAnnotation]; ok {
-		obj.Status.LastHandledReconcileAt = v
-	}
-
 	patchErr := doProgressingCondition("Initializing", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
 
 	oldGeneration := obj.Status.ObservedGeneration
-	oldDeployRequest := obj.Status.LastHandledDeployAt
-	oldPruneRequest := obj.Status.LastHandledPruneAt
-	oldValidateRequest := obj.Status.LastHandledValidateAt
-	curDeployRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestDeployAnnotation]
-	curPruneRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestPruneAnnotation]
-	curValidateRequest, _ := obj.GetAnnotations()[kluctlv1.KluctlRequestValidateAnnotation]
 	obj.Status.ObservedGeneration = obj.GetGeneration()
-	obj.Status.LastHandledDeployAt = curDeployRequest
-	obj.Status.LastHandledPruneAt = curPruneRequest
-	obj.Status.LastHandledValidateAt = curValidateRequest
+
+	startHandleRequest := func(rr *kluctlv1.RequestResult, requestAnnotation string, setResult func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult), getLegacyOldValue func(status *kluctlv1.KluctlDeploymentStatus) string) (*kluctlv1.RequestResult, error) {
+		v, _ := obj.GetAnnotations()[requestAnnotation]
+		if v == "" {
+			return nil, nil
+		}
+		if rr == nil && getLegacyOldValue(&obj.Status) == v {
+			// legacy value in status is still present, and we never executed the new request status handling
+			// ensure that we don't accidentally re-process the request
+			t := metav1.Now()
+			rr = &kluctlv1.RequestResult{
+				RequestValue: v,
+				StartedTime:  t,
+				FinishedTime: &t,
+				ReconcileId:  "unknown",
+			}
+			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+				setResult(status, rr)
+				return nil
+			})
+			if err != nil {
+				return nil, err
+			}
+			return nil, nil
+		}
+		if rr == nil || rr.RequestValue != v {
+			rr = &kluctlv1.RequestResult{
+				RequestValue: v,
+				StartedTime:  metav1.Now(),
+				ReconcileId:  reconcileId,
+			}
+			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+				setResult(status, rr)
+				return nil
+			})
+			if err != nil {
+				return nil, err
+			}
+			return rr, nil
+		}
+		return nil, nil
+	}
+	finishHandleRequest := func(rr *kluctlv1.RequestResult, resultId string, commandErr error, setResult func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult)) error {
+		if rr == nil {
+			return nil
+		}
+		t := metav1.Now()
+		rr.FinishedTime = &t
+		rr.ResultId = resultId
+		if commandErr != nil {
+			rr.CommandError = commandErr.Error()
+		}
+		return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			setResult(status, rr)
+			return nil
+		})
+	}
+
+	setReconcileRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.ReconcileRequestResult = requestResult
+	}
+	setDeployRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.DeployRequestResult = requestResult
+	}
+	setPruneRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.PruneRequestResult = requestResult
+	}
+	setValidateRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.ValidateRequestResult = requestResult
+	}
+
+	curReconcileRequest, err := startHandleRequest(obj.Status.ReconcileRequestResult, kluctlv1.KluctlRequestReconcileAnnotation, setReconcileRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledReconcileAt
+	})
+	if err != nil {
+		return doFailPrepare(err)
+	}
+	curDeployRequest, err := startHandleRequest(obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledDeployAt
+	})
+	if err != nil {
+		return doFailPrepare(err)
+	}
+	curPruneRequest, err := startHandleRequest(obj.Status.PruneRequestResult, kluctlv1.KluctlRequestPruneAnnotation, setPruneRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledPruneAt
+	})
+	if err != nil {
+		return doFailPrepare(err)
+	}
+	curValidateRequest, err := startHandleRequest(obj.Status.ValidateRequestResult, kluctlv1.KluctlRequestValidateAnnotation, setValidateRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledValidateAt
+	})
+	if err != nil {
+		return doFailPrepare(err)
+	}
+
+	obj.Status.LastHandledReconcileAt = ""
+	obj.Status.LastHandledDeployAt = ""
+	obj.Status.LastHandledPruneAt = ""
+	obj.Status.LastHandledValidateAt = ""
 
 	patchErr = doProgressingCondition("Preparing project", true)
 	if patchErr != nil {
@@ -341,7 +427,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	} else if obj.Spec.Manual && !utils.StrPtrEquals(obj.Status.LastManualObjectsHash, obj.Spec.ManualObjectsHash) {
 		// approval hash was changed
 		needDeploy = true
-	} else if curDeployRequest != "" && oldDeployRequest != curDeployRequest {
+	} else if curDeployRequest != nil {
 		// explicitly requested a deploy
 		needDeploy = true
 		needDeployByRequest = true
@@ -366,7 +452,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
-	if curPruneRequest != "" && oldPruneRequest != curPruneRequest {
+	if curPruneRequest != nil {
 		// explicitly requested a prune
 		needPrune = true
 	}
@@ -375,7 +461,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if obj.Status.LastValidateResult == nil || needDeploy {
 			// either never validated before or a deployment requested (which required re-validation)
 			needValidate = true
-		} else if curValidateRequest != "" && oldValidateRequest != curValidateRequest {
+		} else if curValidateRequest != nil {
 			// explicitly requested a validate
 			needValidate = true
 		} else {
@@ -403,8 +489,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		deployResult, err = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, needDeployByRequest)
-		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), err)
+		var cmdErr error
+		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, needDeployByRequest)
+		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
 		}
@@ -415,6 +502,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		} else {
 			r.updateResourceVersions(key, deployResult.Objects, nil)
 		}
+
+		err = finishHandleRequest(curDeployRequest, deployResult.Id, cmdErr, setDeployRequestResult)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if needPrune {
@@ -422,14 +514,19 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		pruneResult, err := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
-		err = obj.Status.SetLastDeployResult(pruneResult.BuildSummary(), err)
+		pruneResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
+		err = obj.Status.SetLastDeployResult(pruneResult.BuildSummary(), cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write prune result")
 		}
 
 		// force full drift detection
 		r.updateResourceVersions(key, nil, nil)
+
+		err = finishHandleRequest(curPruneRequest, pruneResult.Id, cmdErr, setPruneRequestResult)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if needValidate {
@@ -437,11 +534,16 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if patchErr != nil {
 			return nil, patchErr
 		}
-		validateResult, err := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId, objectsHash)
-		err = obj.Status.SetLastValidateResult(validateResult, err)
+		validateResult, cmdErr := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId, objectsHash)
+		err = obj.Status.SetLastValidateResult(validateResult, cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write validate result")
 		}
+
+		err = finishHandleRequest(curValidateRequest, validateResult.Id, cmdErr, setValidateRequestResult)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if needDriftDetection {
@@ -473,6 +575,13 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if reason != kluctlv1.ReconciliationSucceededReason {
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 		err = fmt.Errorf(finalStatus)
+
+		patchErr = finishHandleRequest(curReconcileRequest, "", err, setReconcileRequestResult)
+		if patchErr != nil {
+			err = multierror.Append(err, patchErr)
+			return nil, err
+		}
+
 		patchErr = doReadyCondition(metav1.ConditionFalse, reason, finalStatus)
 		if patchErr != nil {
 			err = multierror.Append(err, patchErr)
@@ -480,6 +589,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 		return &ctrlResult, err
 	}
+
+	patchErr = finishHandleRequest(curReconcileRequest, "", nil, setReconcileRequestResult)
+	if patchErr != nil {
+		return nil, patchErr
+	}
+
 	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(1.0)
 	patchErr = doReadyCondition(metav1.ConditionTrue, reason, finalStatus)
 	if patchErr != nil {
diff --git a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
index 9cbaef8b6..ec35f7f91 100644
--- a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
@@ -48,10 +48,10 @@ export function buildReconcilingState(ts: TargetSummary): ReconcilingState | und
 
     return {
         suspended: ts.kd.deployment.spec.suspend,
-        requestedReconcile: requestReconcile && requestReconcile !== ts.kd.deployment.status?.lastHandledReconcileAt && requestReconcile,
-        requestedValidate: requestValidate && requestValidate !== ts.kd.deployment.status?.lastHandledValidateAt && requestValidate,
-        requestedDeploy: requestDeploy && requestDeploy !== ts.kd.deployment.status?.lastHandledDeployAt && requestDeploy,
-        requestedPrune: requestPrune && requestPrune !== ts.kd.deployment.status?.lastHandledPruneAt && requestPrune,
+        requestedReconcile: requestReconcile && !ts.kd.deployment.status?.reconcileRequestResult?.finishedTime && requestReconcile,
+        requestedValidate: requestValidate && !ts.kd.deployment.status?.validateRequestResult?.finishedTime && requestValidate,
+        requestedDeploy: requestDeploy && !ts.kd.deployment.status?.deployRequestResult?.finishedTime && requestDeploy,
+        requestedPrune: requestPrune && !ts.kd.deployment.status?.pruneRequestResult?.finishedTime && requestPrune,
         statusExists: !!ts.kd.deployment.status,
         readyCondition: readyCondition,
         reconcilingCondition: reconcilingCondition,

From 17ad3de31b15bbcf2ee1ed53fcdf0100a4ea0a86 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 14:51:48 +0200
Subject: [PATCH 1736/2268] refactor: Introduce helper to watch for controller
 logs

---
 pkg/controllers/logs/controller_logs.go | 103 ++++++++++++++++++++++++
 pkg/webui/server_logs.go                |  77 +++---------------
 2 files changed, 113 insertions(+), 67 deletions(-)
 create mode 100644 pkg/controllers/logs/controller_logs.go

diff --git a/pkg/controllers/logs/controller_logs.go b/pkg/controllers/logs/controller_logs.go
new file mode 100644
index 000000000..dd408ca14
--- /dev/null
+++ b/pkg/controllers/logs/controller_logs.go
@@ -0,0 +1,103 @@
+package logs
+
+import (
+	"bufio"
+	"context"
+	"encoding/json"
+	"io"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
+)
+
+func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerNamespace string, kdKey client.ObjectKey, reconcileId string, since time.Duration) (chan string, error) {
+	pods, err := c.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
+		LabelSelector: "control-plane=kluctl-controller",
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var streams []io.ReadCloser
+	cleanupStreams := func() {
+		for _, s := range streams {
+			_ = s.Close()
+		}
+	}
+
+	ok := false
+	defer func() {
+		if ok {
+			return
+		}
+		cleanupStreams()
+	}()
+
+	for _, pod := range pods.Items {
+		since2 := int64(since.Seconds())
+		rc, err := c.Pods(pod.Namespace).GetLogs(pod.Name, &corev1.PodLogOptions{
+			Follow:       true,
+			SinceSeconds: &since2,
+		}).Stream(ctx)
+		if err != nil {
+			if errors.IsNotFound(err) {
+				continue
+			}
+			return nil, err
+		}
+		streams = append(streams, rc)
+	}
+
+	rawLineCh := make(chan string)
+	for _, s := range streams {
+		s := s
+		go func() {
+			sc := bufio.NewScanner(s)
+			for sc.Scan() {
+				l := sc.Text()
+				rawLineCh <- l
+			}
+		}()
+	}
+
+	ok = true
+
+	logCh := make(chan string)
+	go func() {
+		defer cleanupStreams()
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case l := <-rawLineCh:
+				var j map[string]any
+				err = json.Unmarshal([]byte(l), &j)
+				if err != nil {
+					continue
+				}
+
+				name := j["name"]
+				namespace := j["namespace"]
+
+				if kdKey.Name != "" && name != kdKey.Name {
+					continue
+				}
+				if kdKey.Namespace != "" && namespace != kdKey.Namespace {
+					continue
+				}
+
+				rid := j["reconcileID"]
+				if reconcileId != "" && rid != reconcileId {
+					continue
+				}
+
+				logCh <- l
+			}
+		}
+	}()
+
+	return logCh, nil
+}
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index fe84649c5..d91ac9597 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -1,15 +1,13 @@
 package webui
 
 import (
-	"bufio"
-	"encoding/json"
+	"context"
 	"github.com/gin-gonic/gin"
-	"io"
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"net/http"
 	"nhooyr.io/websocket"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
@@ -37,72 +35,17 @@ func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
 	ctx := conn.CloseRead(gctx)
 
 	controllerNamespace := "kluctl-system"
-	pods, err := s.serverCoreV1Client.Pods(controllerNamespace).List(s.ctx, metav1.ListOptions{
-		LabelSelector: "control-plane=kluctl-controller",
-	})
+
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second)
 	if err != nil {
 		_ = gctx.AbortWithError(http.StatusBadRequest, err)
 		return
 	}
 
-	var streams []io.ReadCloser
-	defer func() {
-		for _, s := range streams {
-			_ = s.Close()
-		}
-	}()
-
-	lineCh := make(chan string)
-
-	for _, pod := range pods.Items {
-		since := int64(60 * 5)
-		rc, err := s.serverCoreV1Client.Pods("kluctl-system").GetLogs(pod.Name, &corev1.PodLogOptions{
-			Follow:       true,
-			SinceSeconds: &since,
-		}).Stream(s.ctx)
-		if err != nil {
-			if errors.IsNotFound(err) {
-				continue
-			}
-			_ = gctx.AbortWithError(http.StatusBadRequest, err)
-			return
-		}
-		streams = append(streams, rc)
-	}
-
-	for _, s := range streams {
-		s := s
-		go func() {
-			sc := bufio.NewScanner(s)
-			for sc.Scan() {
-				l := sc.Text()
-				lineCh <- l
-			}
-		}()
-	}
-
-	for l := range lineCh {
-		var j map[string]any
-		err = json.Unmarshal([]byte(l), &j)
-		if err != nil {
-			continue
-		}
-
-		name := j["name"]
-		namespace := j["namespace"]
-
-		if args.Name != "" && name != args.Name {
-			continue
-		}
-		if args.Namespace != "" && namespace != args.Namespace {
-			continue
-		}
-
-		rid := j["reconcileID"]
-		if args.ReconcileId != "" && rid != args.ReconcileId {
-			continue
-		}
-
+	for l := range logCh {
 		err = conn.Write(ctx, websocket.MessageText, []byte(l))
 		if err != nil {
 			return

From 500eb166ab610e8c7d2117b6fceaa49c76434eb2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Oct 2023 16:42:34 +0200
Subject: [PATCH 1737/2268] feat: Wait for request to finish and print
 logs+result

---
 cmd/kluctl/args/gitops_args.go              |  2 +
 cmd/kluctl/commands/cmd_controller_run.go   | 20 +----
 cmd/kluctl/commands/cmd_gitops.go           | 88 ++++++++++++++++++++-
 cmd/kluctl/commands/cmd_gitops_deploy.go    | 21 +++++
 cmd/kluctl/commands/cmd_gitops_prune.go     | 21 +++++
 cmd/kluctl/commands/cmd_gitops_reconcile.go |  8 ++
 cmd/kluctl/commands/cmd_gitops_validate.go  | 32 ++++++++
 cmd/kluctl/commands/cmd_validate.go         |  3 +-
 cmd/kluctl/commands/command_result.go       | 28 ++++---
 cmd/kluctl/commands/utils.go                | 25 ++++++
 pkg/controllers/logs/controller_logs.go     | 15 +++-
 pkg/webui/server_logs.go                    |  2 +-
 12 files changed, 234 insertions(+), 31 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 10b1981c3..87ff5b156 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -1,6 +1,8 @@
 package args
 
 type GitOpsArgs struct {
+	CommandResultFlags
+
 	Name          string `group:"misc" help:"Specifies the name of the KluctlDeployment."`
 	Namespace     string `group:"misc" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
 	LabelSelector string `group:"misc" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index d4b3c7f5d..ac366e2d5 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -22,7 +21,6 @@ import (
 	"sigs.k8s.io/cli-utils/pkg/flowcontrol"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
@@ -150,21 +148,9 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		SshPool:               sshPool,
 	}
 
-	if cmd.WriteCommandResult {
-		c, err := client.NewWithWatch(restConfig, client.Options{})
-		if err != nil {
-			return err
-		}
-		resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, cmd.CommandResultNamespace, cmd.KeepCommandResultsCount, cmd.KeepValidateResultsCount)
-		if err != nil {
-			return err
-		}
-		r.ResultStore = resultStore
-
-		err = resultStore.StartCleanupOrphans()
-		if err != nil {
-			return err
-		}
+	r.ResultStore, err = buildResultStore(ctx, restConfig, cmd.CommandResultFlags, true)
+	if err != nil {
+		return err
 	}
 
 	if err = r.SetupWithManager(ctx, mgr, controllers.KluctlDeploymentReconcilerOpts{
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 105cc9f28..a5db3e67d 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -5,13 +5,17 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 type gitopsCmd struct {
@@ -27,6 +31,8 @@ type gitopsCmdHelper struct {
 
 	client       client.Client
 	corev1Client *v1.CoreV1Client
+
+	resultStore results.ResultStore
 }
 
 func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error {
@@ -50,7 +56,10 @@ func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error
 	if err != nil {
 		return err
 	}
-	g.corev1Client = v1.NewForConfigOrDie(restConfig)
+	g.corev1Client, err = v1.NewForConfig(restConfig)
+	if err != nil {
+		return err
+	}
 
 	ns := args.Namespace
 	if ns == "" {
@@ -97,6 +106,11 @@ func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error
 		return fmt.Errorf("either name or label selector must be set")
 	}
 
+	g.resultStore, err = buildResultStore(ctx, restConfig, args.CommandResultFlags, false)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -123,6 +137,78 @@ func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, kd *v1beta1.Kluct
 	return nil
 }
 
+func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+	s := status.Startf(ctx, "Waiting for controller to start processing the request")
+	defer s.Failed()
+
+	sleep := time.Second * 1
+
+	var rr *v1beta1.RequestResult
+	for {
+		var kd v1beta1.KluctlDeployment
+		err := g.client.Get(ctx, key, &kd)
+		if err != nil {
+			return nil, err
+		}
+
+		rr = getRequestResult(&kd.Status)
+		if rr == nil {
+			time.Sleep(sleep)
+			continue
+		}
+
+		if rr.RequestValue != requestValue {
+			time.Sleep(sleep)
+			continue
+		}
+		break
+	}
+	s.Success()
+
+	status.Infof(ctx, "Watching logs...")
+
+	ctx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	logsCh, err := logs.WatchControllerLogs(ctx, g.corev1Client, "kluctl-system", key, rr.ReconcileId, 60*time.Second, true)
+	if err != nil {
+		return nil, err
+	}
+
+	gh := utils.NewGoHelper(ctx, 0)
+	gh.RunE(func() error {
+		defer func() {
+			// give some extra time for log printing
+			time.Sleep(sleep)
+			cancel()
+		}()
+
+		for {
+			var kd v1beta1.KluctlDeployment
+			err := g.client.Get(ctx, key, &kd)
+			if err != nil {
+				return fmt.Errorf("unexpected error while getting KluctlDeployment status: %w", err)
+			}
+
+			rr = getRequestResult(&kd.Status)
+			if rr == nil {
+				return fmt.Errorf("request result is nil")
+			}
+			if rr.FinishedTime != nil {
+				return nil
+			}
+		}
+	})
+	gh.Run(func() {
+		for l := range logsCh {
+			status.Info(ctx, l)
+		}
+	})
+	gh.Wait()
+
+	return rr, gh.ErrorOrNil()
+}
+
 func init() {
 	utilruntime.Must(v1beta1.AddToScheme(scheme.Scheme))
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index df8d4861e..e988a2474 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -4,11 +4,14 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
 type gitopsDeployCmd struct {
 	args.GitOpsArgs
+	args.OutputFormatFlags
 }
 
 func (cmd *gitopsDeployCmd) Help() string {
@@ -27,6 +30,24 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+			return status.DeployRequestResult
+		})
+		if err != nil {
+			return err
+		}
+
+		if g.resultStore != nil && rr != nil && rr.ResultId != "" {
+			cmdResult, err := g.resultStore.GetCommandResult(results.GetCommandResultOptions{Id: rr.ResultId, Reduced: true})
+			if err != nil {
+				return err
+			}
+			err = outputCommandResult2(ctx, cmd.OutputFormatFlags, cmdResult)
+			if err != nil {
+				return err
+			}
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index 2afa06b40..b66dacb16 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -4,11 +4,14 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
 type gitopsPruneCmd struct {
 	args.GitOpsArgs
+	args.OutputFormatFlags
 }
 
 func (cmd *gitopsPruneCmd) Help() string {
@@ -27,6 +30,24 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+			return status.PruneRequestResult
+		})
+		if err != nil {
+			return err
+		}
+
+		if g.resultStore != nil && rr != nil && rr.ResultId != "" {
+			cmdResult, err := g.resultStore.GetCommandResult(results.GetCommandResultOptions{Id: rr.ResultId, Reduced: true})
+			if err != nil {
+				return err
+			}
+			err = outputCommandResult2(ctx, cmd.OutputFormatFlags, cmdResult)
+			if err != nil {
+				return err
+			}
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 87f1afaf4..7b7b1fc33 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
@@ -27,6 +28,13 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		_, err = g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+			return status.ReconcileRequestResult
+		})
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 55653f847..27e564890 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -2,13 +2,20 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
 
 type gitopsValidateCmd struct {
 	args.GitOpsArgs
+	args.OutputFlags
+
+	WarningsAsErrors bool `group:"misc" help:"Consider warnings as failures"`
 }
 
 func (cmd *gitopsValidateCmd) Help() string {
@@ -27,6 +34,31 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+
+		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+			return status.ValidateRequestResult
+		})
+		if err != nil {
+			return err
+		}
+		if g.resultStore != nil && rr != nil && rr.ResultId != "" {
+			cmdResult, err := g.resultStore.GetValidateResult(results.GetValidateResultOptions{Id: rr.ResultId})
+			if err != nil {
+				return err
+			}
+			err = outputValidateResult2(ctx, cmd.Output, cmdResult)
+			if err != nil {
+				return err
+			}
+			failed := len(cmdResult.Errors) != 0 || (cmd.WarningsAsErrors && len(cmdResult.Warnings) != 0)
+			if failed {
+				return fmt.Errorf("Validation failed")
+			} else {
+				status.Info(ctx, "Validation succeeded")
+			}
+		} else {
+			status.Info(ctx, "No validation result was returned.")
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 5f2c306aa..0fa7d042f 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"time"
 )
 
@@ -58,7 +59,7 @@ func (cmd *validateCmd) doValidate(ctx *commandCtx, cmd2 *commands.ValidateComma
 		}
 
 		if !failed {
-			_, _ = getStderr(ctx.ctx).WriteString("Validation succeeded\n")
+			status.Info(ctx.ctx, "Validation succeeded")
 			return nil
 		}
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 14066ffb8..28daebc79 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -222,8 +222,6 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 }
 
 func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
-	status.Flush(ctx.ctx)
-
 	cr.Id = ctx.resultId
 	cr.Command.Initiator = result.CommandInititiator_CommandLine
 
@@ -246,24 +244,36 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 			s.Success()
 		}
 	}
-
-	err := outputHelper(ctx.ctx, flags.OutputFormat, func(format string) (string, error) {
-		return formatCommandResult(cr, format, flags.ShortOutput)
-	})
+	err := outputCommandResult2(ctx.ctx, flags, cr)
 	if err == nil && resultStoreErr != nil {
 		return resultStoreErr
 	}
 	return err
 }
 
-func outputValidateResult(ctx *commandCtx, output []string, vr *result.ValidateResult) error {
-	status.Flush(ctx.ctx)
+func outputCommandResult2(ctx context.Context, flags args.OutputFormatFlags, cr *result.CommandResult) error {
+	status.Flush(ctx)
+	err := outputHelper(ctx, flags.OutputFormat, func(format string) (string, error) {
+		return formatCommandResult(cr, format, flags.ShortOutput)
+	})
+	status.Flush(ctx)
+	return err
+}
 
+func outputValidateResult(ctx *commandCtx, output []string, vr *result.ValidateResult) error {
 	vr.Id = ctx.resultId
 
-	return outputHelper(ctx.ctx, output, func(format string) (string, error) {
+	return outputValidateResult2(ctx.ctx, output, vr)
+}
+
+func outputValidateResult2(ctx context.Context, output []string, vr *result.ValidateResult) error {
+	status.Flush(ctx)
+
+	err := outputHelper(ctx, output, func(format string) (string, error) {
 		return formatValidateResult(vr, format)
 	})
+	status.Flush(ctx)
+	return err
 }
 
 func outputYamlResult(ctx context.Context, output []string, result interface{}, multiDoc bool) error {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index cf56efafe..0c8c9aaa1 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -374,3 +374,28 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string
 		Override: sp[1],
 	}, nil
 }
+
+func buildResultStore(ctx context.Context, restConfig *rest.Config, args args.CommandResultFlags, startCleanup bool) (results.ResultStore, error) {
+	if !args.WriteCommandResult {
+		return nil, nil
+	}
+
+	c, err := client2.NewWithWatch(restConfig, client2.Options{})
+	if err != nil {
+		return nil, err
+	}
+
+	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, args.CommandResultNamespace, args.KeepCommandResultsCount, args.KeepValidateResultsCount)
+	if err != nil {
+		return nil, err
+	}
+
+	if startCleanup {
+		err = resultStore.StartCleanupOrphans()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return resultStore, nil
+}
diff --git a/pkg/controllers/logs/controller_logs.go b/pkg/controllers/logs/controller_logs.go
index dd408ca14..3908fb858 100644
--- a/pkg/controllers/logs/controller_logs.go
+++ b/pkg/controllers/logs/controller_logs.go
@@ -13,7 +13,7 @@ import (
 	"time"
 )
 
-func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerNamespace string, kdKey client.ObjectKey, reconcileId string, since time.Duration) (chan string, error) {
+func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerNamespace string, kdKey client.ObjectKey, reconcileId string, since time.Duration, onlyMessage bool) (chan string, error) {
 	pods, err := c.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
 		LabelSelector: "control-plane=kluctl-controller",
 	})
@@ -71,6 +71,7 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 		for {
 			select {
 			case <-ctx.Done():
+				close(logCh)
 				return
 			case l := <-rawLineCh:
 				var j map[string]any
@@ -94,7 +95,17 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 					continue
 				}
 
-				logCh <- l
+				if onlyMessage {
+					x, ok := j["msg"]
+					if ok {
+						s, ok := x.(string)
+						if ok {
+							logCh <- s
+						}
+					}
+				} else {
+					logCh <- l
+				}
 			}
 		}
 	}()
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index d91ac9597..80877fddd 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -39,7 +39,7 @@ func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second)
+	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second, false)
 	if err != nil {
 		_ = gctx.AbortWithError(http.StatusBadRequest, err)
 		return

From 4056f04bb10c771cb6538f5c063dbbe81c116ec4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 08:41:24 +0200
Subject: [PATCH 1738/2268] feat: Add completion for --context, --name and
 --namespace

---
 cmd/kluctl/commands/completion.go | 139 ++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)

diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 5e0722333..d64a68ca9 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -2,11 +2,19 @@ package commands
 
 import (
 	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
 	"reflect"
 	"strings"
 	"sync"
@@ -20,6 +28,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 	targetFlags := v.FieldByName("TargetFlags")
 	inclusionFlags := v.FieldByName("InclusionFlags")
 	imageFlags := v.FieldByName("ImageFlags")
+	gitopsFlags := v.FieldByName("GitOpsArgs")
 
 	ctx := context.Background()
 
@@ -44,6 +53,16 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 		_ = ccmd.RegisterFlagCompletionFunc("fixed-image", buildImagesCompletionFunc(ctx, cmdStruct))
 	}
 
+	if gitopsFlags.IsValid() {
+		_ = ccmd.RegisterFlagCompletionFunc("context", buildContextCompletionFunc(ctx, cmdStruct))
+		_ = ccmd.RegisterFlagCompletionFunc("namespace", buildObjectNamespaceCompletionFunc(ctx, cmdStruct))
+		_ = ccmd.RegisterFlagCompletionFunc("name", buildObjectNameCompletionFunc(ctx, cmdStruct, schema.GroupVersionResource{
+			Group:    kluctlv1.GroupVersion.Group,
+			Version:  kluctlv1.GroupVersion.Version,
+			Resource: "kluctldeployments",
+		}))
+	}
+
 	return nil
 }
 
@@ -210,3 +229,123 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 		return images.ListKeys(), cobra.ShellCompDirectiveNoSpace
 	}
 }
+
+func loadKubeconfig(ctx context.Context, cmdStruct interface{}) (api.Config, *rest.Config, error) {
+	var kubeconfigPath string
+	var kubeContext string
+	cmdV := reflect.ValueOf(cmdStruct).Elem()
+	if cmdV.FieldByName("Kubeconfig").IsValid() {
+		kubeconfigPath = cmdV.FieldByName("Kubeconfig").Interface().(string)
+	}
+	if cmdV.FieldByName("Context").IsValid() {
+		kubeContext = cmdV.FieldByName("Context").Interface().(string)
+	}
+
+	rules := clientcmd.NewDefaultClientConfigLoadingRules()
+	if kubeconfigPath != "" {
+		rules.ExplicitPath = kubeconfigPath
+	}
+
+	configOverrides := &clientcmd.ConfigOverrides{
+		CurrentContext: kubeContext,
+	}
+
+	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		rules, configOverrides)
+
+	rawConfig, err := clientConfig.RawConfig()
+	if err != nil {
+		return api.Config{}, nil, err
+	}
+
+	restConfig, err := clientConfig.ClientConfig()
+	if err != nil {
+		return api.Config{}, nil, err
+	}
+
+	return rawConfig, restConfig, nil
+}
+
+func buildContextCompletionFunc(ctx context.Context, cmdStruct interface{}) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		if strings.Index(toComplete, "=") != -1 {
+			return nil, cobra.ShellCompDirectiveDefault
+		}
+
+		rawConfig, _, err := loadKubeconfig(ctx, cmdStruct)
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		var contextNames []string
+		for n, _ := range rawConfig.Contexts {
+			contextNames = append(contextNames, n)
+		}
+		return contextNames, cobra.ShellCompDirectiveNoSpace
+	}
+}
+
+func buildObjectNamespaceCompletionFunc(ctx context.Context, cmdStruct interface{}) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		if strings.Index(toComplete, "=") != -1 {
+			return nil, cobra.ShellCompDirectiveDefault
+		}
+
+		_, restConfig, err := loadKubeconfig(ctx, cmdStruct)
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		c, err := v1.NewForConfig(restConfig)
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		l, err := c.Namespaces().List(ctx, metav1.ListOptions{})
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		var names []string
+		for _, x := range l.Items {
+			names = append(names, x.Name)
+		}
+		return names, cobra.ShellCompDirectiveNoSpace
+	}
+}
+
+func buildObjectNameCompletionFunc(ctx context.Context, cmdStruct interface{}, gvr schema.GroupVersionResource) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		if strings.Index(toComplete, "=") != -1 {
+			return nil, cobra.ShellCompDirectiveDefault
+		}
+
+		var namespace string
+
+		cmdV := reflect.ValueOf(cmdStruct).Elem()
+		if cmdV.FieldByName("Namespace").IsValid() {
+			namespace = cmdV.FieldByName("Namespace").Interface().(string)
+		}
+
+		_, restConfig, err := loadKubeconfig(ctx, cmdStruct)
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		c, err := dynamic.NewForConfig(restConfig)
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		l, err := c.Resource(gvr).Namespace(namespace).List(ctx, metav1.ListOptions{})
+		if err != nil {
+			return nil, cobra.ShellCompDirectiveError
+		}
+
+		var names []string
+		for _, x := range l.Items {
+			names = append(names, x.GetName())
+		}
+		return names, cobra.ShellCompDirectiveNoSpace
+	}
+}

From af11484411e6c6a9f81421828a9e2b609f7be2b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 09:05:48 +0200
Subject: [PATCH 1739/2268] fix: Stop printing final error twice

---
 cmd/kluctl/commands/root.go | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 541136d88..069c3ea58 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -347,14 +347,5 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 		return nil
 	}
 
-	err = rootCmd.Execute()
-	if err != nil {
-		if status.FromContext(ctx) != nil {
-			status.Error(ctx, err.Error())
-		} else {
-			_, _ = fmt.Fprintf(os.Stderr, "%s\n", err.Error())
-		}
-		return err
-	}
-	return nil
+	return rootCmd.Execute()
 }

From 66ec2b5a648af58a5dc8edb732369aeb4a7e82d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 09:19:47 +0200
Subject: [PATCH 1740/2268] fix: Align naming of startedTime/finishedTime with
 other result types

---
 api/v1beta1/kluctldeployment_types.go         |  4 ++--
 api/v1beta1/zz_generated.deepcopy.go          |  6 ++---
 cmd/kluctl/commands/cmd_gitops.go             |  2 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   | 24 +++++++++----------
 docs/gitops/api/kluctl-controller.md          |  4 ++--
 e2e/gitops_suite.go                           |  4 ++--
 install/controller/controller/crd.yaml        | 24 +++++++++----------
 .../kluctldeployment_controller.go            |  8 +++----
 .../target-view/ReconcilingIcon.tsx           |  8 +++----
 9 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 4367d167a..dd963730a 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -459,10 +459,10 @@ type RequestResult struct {
 	RequestValue string `json:"requestValue"`
 
 	// +required
-	StartedTime metav1.Time `json:"startedTime"`
+	StartTime metav1.Time `json:"startTime"`
 
 	// +optional
-	FinishedTime *metav1.Time `json:"finishedTime,omitempty"`
+	EndTime *metav1.Time `json:"endTime,omitempty"`
 
 	// +required
 	ReconcileId string `json:"reconcileId"`
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index adcc728d7..488eef25f 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -512,9 +512,9 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RequestResult) DeepCopyInto(out *RequestResult) {
 	*out = *in
-	in.StartedTime.DeepCopyInto(&out.StartedTime)
-	if in.FinishedTime != nil {
-		in, out := &in.FinishedTime, &out.FinishedTime
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	if in.EndTime != nil {
+		in, out := &in.EndTime, &out.EndTime
 		*out = (*in).DeepCopy()
 	}
 }
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index a5db3e67d..1610c99f7 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -194,7 +194,7 @@ func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client
 			if rr == nil {
 				return fmt.Errorf("request result is nil")
 			}
-			if rr.FinishedTime != nil {
+			if rr.EndTime != nil {
 				return nil
 			}
 		}
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 0badb98b9..9b10a216d 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -670,7 +670,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -679,13 +679,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               lastDeployError:
                 type: string
@@ -752,7 +752,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -761,19 +761,19 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               reconcileRequestResult:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -782,13 +782,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               targetKey:
                 properties:
@@ -805,7 +805,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -814,13 +814,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
             type: object
         type: object
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 7f1bdc5e0..3fed1bde4 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -2042,7 +2042,7 @@ string
 </tr>
 <tr>
 <td>
-<code>startedTime</code><br>
+<code>startTime</code><br>
 <em>
 <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
 Kubernetes meta/v1.Time
@@ -2054,7 +2054,7 @@ Kubernetes meta/v1.Time
 </tr>
 <tr>
 <td>
-<code>finishedTime</code><br>
+<code>endTime</code><br>
 <em>
 <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
 Kubernetes meta/v1.Time
diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite.go
index 303050fd8..55e729b98 100644
--- a/e2e/gitops_suite.go
+++ b/e2e/gitops_suite.go
@@ -160,7 +160,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.FinishedTime == nil
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime == nil
 	}, timeout, time.Second).Should(BeTrue())
 }
 
@@ -172,7 +172,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
 		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.FinishedTime == nil && kd.Status.ObservedCommit == commit
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime == nil && kd.Status.ObservedCommit == commit
 	}, timeout, time.Second).Should(BeTrue())
 }
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index fa142c5e9..bbedfdb33 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -670,7 +670,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -679,13 +679,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               lastDeployError:
                 type: string
@@ -752,7 +752,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -761,19 +761,19 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               reconcileRequestResult:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -782,13 +782,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
               targetKey:
                 properties:
@@ -805,7 +805,7 @@ spec:
                 properties:
                   commandError:
                     type: string
-                  finishedTime:
+                  endTime:
                     format: date-time
                     type: string
                   reconcileId:
@@ -814,13 +814,13 @@ spec:
                     type: string
                   resultId:
                     type: string
-                  startedTime:
+                  startTime:
                     format: date-time
                     type: string
                 required:
                 - reconcileId
                 - requestValue
-                - startedTime
+                - startTime
                 type: object
             type: object
         type: object
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 93815f438..15517b440 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -226,8 +226,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			t := metav1.Now()
 			rr = &kluctlv1.RequestResult{
 				RequestValue: v,
-				StartedTime:  t,
-				FinishedTime: &t,
+				StartTime:    t,
+				EndTime:      &t,
 				ReconcileId:  "unknown",
 			}
 			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
@@ -242,7 +242,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if rr == nil || rr.RequestValue != v {
 			rr = &kluctlv1.RequestResult{
 				RequestValue: v,
-				StartedTime:  metav1.Now(),
+				StartTime:    metav1.Now(),
 				ReconcileId:  reconcileId,
 			}
 			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
@@ -261,7 +261,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			return nil
 		}
 		t := metav1.Now()
-		rr.FinishedTime = &t
+		rr.EndTime = &t
 		rr.ResultId = resultId
 		if commandErr != nil {
 			rr.CommandError = commandErr.Error()
diff --git a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
index ec35f7f91..74327259a 100644
--- a/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
+++ b/pkg/webui/ui/src/components/target-view/ReconcilingIcon.tsx
@@ -48,10 +48,10 @@ export function buildReconcilingState(ts: TargetSummary): ReconcilingState | und
 
     return {
         suspended: ts.kd.deployment.spec.suspend,
-        requestedReconcile: requestReconcile && !ts.kd.deployment.status?.reconcileRequestResult?.finishedTime && requestReconcile,
-        requestedValidate: requestValidate && !ts.kd.deployment.status?.validateRequestResult?.finishedTime && requestValidate,
-        requestedDeploy: requestDeploy && !ts.kd.deployment.status?.deployRequestResult?.finishedTime && requestDeploy,
-        requestedPrune: requestPrune && !ts.kd.deployment.status?.pruneRequestResult?.finishedTime && requestPrune,
+        requestedReconcile: requestReconcile && !ts.kd.deployment.status?.reconcileRequestResult?.endTime && requestReconcile,
+        requestedValidate: requestValidate && !ts.kd.deployment.status?.validateRequestResult?.endTime && requestValidate,
+        requestedDeploy: requestDeploy && !ts.kd.deployment.status?.deployRequestResult?.endTime && requestDeploy,
+        requestedPrune: requestPrune && !ts.kd.deployment.status?.pruneRequestResult?.endTime && requestPrune,
         statusExists: !!ts.kd.deployment.status,
         readyCondition: readyCondition,
         reconcilingCondition: reconcilingCondition,

From 4f45d0bcdbd38f4752fff20dee4786f862a1b309 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 10:15:57 +0200
Subject: [PATCH 1741/2268] fix: Return empty result on error

---
 pkg/controllers/kluctldeployment_controller.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 15517b440..8b02d346d 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -124,7 +124,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// now patch all the other changes to the status
 	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
-		return ctrl.Result{Requeue: true}, err
+		return ctrl.Result{}, err
 	}
 
 	if ctrlResult == nil {

From 74ea19c7394ecbad081206a40281c05ddde95622 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 14:14:59 +0200
Subject: [PATCH 1742/2268] feat: Implement time-grouped logging

---
 cmd/kluctl/args/gitops_args.go              |  12 ++
 cmd/kluctl/commands/cmd_gitops.go           | 208 ++++++++++++++++----
 cmd/kluctl/commands/cmd_gitops_deploy.go    |  10 +-
 cmd/kluctl/commands/cmd_gitops_prune.go     |  10 +-
 cmd/kluctl/commands/cmd_gitops_reconcile.go |  10 +-
 cmd/kluctl/commands/cmd_gitops_validate.go  |  10 +-
 pkg/controllers/logs/controller_logs.go     |  53 ++---
 pkg/webui/server_logs.go                    |  10 +-
 8 files changed, 247 insertions(+), 76 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 87ff5b156..552ef9a32 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -1,5 +1,7 @@
 package args
 
+import "time"
+
 type GitOpsArgs struct {
 	CommandResultFlags
 
@@ -9,3 +11,13 @@ type GitOpsArgs struct {
 
 	Context string `group:"misc" help:"Override the context to use."`
 }
+
+func (a GitOpsArgs) AnyObjectArgSet() bool {
+	return a.Name != "" || a.Namespace != "" || a.LabelSelector != ""
+}
+
+type GitOpsLogArgs struct {
+	LogSince        time.Duration `group:"misc" help:"Show logs since this time." default:"60s"`
+	LogGroupingTime time.Duration `group:"misc" help:"Logs are by default grouped by time passed, meaning that they are printed in batches to make reading them easier. This argument allows to modify the grouping time." default:"1s"`
+	LogTime         bool          `group:"misc" help:"If enabled, adds timestamps to log lines"`
+}
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 1610c99f7..ec3d658a0 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -15,6 +15,7 @@ import (
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sync"
 	"time"
 )
 
@@ -26,18 +27,36 @@ type gitopsCmd struct {
 }
 
 type gitopsCmdHelper struct {
-	args args.GitOpsArgs
-	kds  []v1beta1.KluctlDeployment
+	args     args.GitOpsArgs
+	logsArgs args.GitOpsLogArgs
+
+	kds []v1beta1.KluctlDeployment
 
 	client       client.Client
 	corev1Client *v1.CoreV1Client
 
 	resultStore results.ResultStore
+
+	logsMutex          sync.Mutex
+	logsBufs           map[logsKey]*logsBuf
+	lastFlushedLogsKey *logsKey
+}
+
+type logsKey struct {
+	objectKey   client.ObjectKey
+	reconcileId string
+}
+
+type logsBuf struct {
+	lastFlushTime time.Time
+	lines         []logs.LogLine
 }
 
-func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error {
+func (g *gitopsCmdHelper) init(ctx context.Context, allowNoArgs bool) error {
+	g.logsBufs = map[logsKey]*logsBuf{}
+
 	configOverrides := &clientcmd.ConfigOverrides{
-		CurrentContext: args.Context,
+		CurrentContext: g.args.Context,
 	}
 	var err error
 	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
@@ -61,28 +80,28 @@ func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error
 		return err
 	}
 
-	ns := args.Namespace
+	ns := g.args.Namespace
 	if ns == "" {
 		ns = defaultNs
 	}
 
 	var opts []client.ListOption
-	if args.Name != "" {
+	if g.args.Name != "" {
 		if ns == "" {
 			return fmt.Errorf("no namespace specified")
 		}
-		if args.LabelSelector != "" {
+		if g.args.LabelSelector != "" {
 			return fmt.Errorf("either name or label selector must be set, not both")
 		}
 
 		var kd v1beta1.KluctlDeployment
-		err = g.client.Get(ctx, client.ObjectKey{Name: args.Name, Namespace: ns}, &kd)
+		err = g.client.Get(ctx, client.ObjectKey{Name: g.args.Name, Namespace: ns}, &kd)
 		if err != nil {
 			return err
 		}
 		g.kds = append(g.kds, kd)
-	} else if args.LabelSelector != "" {
-		label, err := metav1.ParseToLabelSelector(args.LabelSelector)
+	} else if g.args.LabelSelector != "" {
+		label, err := metav1.ParseToLabelSelector(g.args.LabelSelector)
 		if err != nil {
 			return err
 		}
@@ -102,11 +121,11 @@ func (g *gitopsCmdHelper) init(ctx context.Context, args args.GitOpsArgs) error
 			return err
 		}
 		g.kds = append(g.kds, l.Items...)
-	} else {
+	} else if !allowNoArgs {
 		return fmt.Errorf("either name or label selector must be set")
 	}
 
-	g.resultStore, err = buildResultStore(ctx, restConfig, args.CommandResultFlags, false)
+	g.resultStore, err = buildResultStore(ctx, restConfig, g.args.CommandResultFlags, false)
 	if err != nil {
 		return err
 	}
@@ -137,7 +156,7 @@ func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, kd *v1beta1.Kluct
 	return nil
 }
 
-func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
 	s := status.Startf(ctx, "Waiting for controller to start processing the request")
 	defer s.Failed()
 
@@ -164,49 +183,162 @@ func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client
 		break
 	}
 	s.Success()
+	return rr, nil
+}
 
-	status.Infof(ctx, "Watching logs...")
+func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client.ObjectKey, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+	sleep := time.Second * 1
 
-	ctx, cancel := context.WithCancel(ctx)
-	defer cancel()
+	var rr *v1beta1.RequestResult
+	for {
+		var kd v1beta1.KluctlDeployment
+		err := g.client.Get(ctx, key, &kd)
+		if err != nil {
+			return nil, err
+		}
 
-	logsCh, err := logs.WatchControllerLogs(ctx, g.corev1Client, "kluctl-system", key, rr.ReconcileId, 60*time.Second, true)
+		rr = getRequestResult(&kd.Status)
+		if rr == nil {
+			time.Sleep(sleep)
+			continue
+		}
+
+		if rr.EndTime == nil {
+			time.Sleep(sleep)
+			continue
+		}
+		break
+	}
+	return rr, nil
+}
+
+func (g *gitopsCmdHelper) waitForRequestToStartAndFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+	rr, err := g.waitForRequestToStart(ctx, key, requestValue, getRequestResult)
 	if err != nil {
 		return nil, err
 	}
 
+	stopCh := make(chan struct{})
+
 	gh := utils.NewGoHelper(ctx, 0)
 	gh.RunE(func() error {
 		defer func() {
-			// give some extra time for log printing
-			time.Sleep(sleep)
-			cancel()
+			close(stopCh)
 		}()
+		var err error
+		rr, err = g.waitForRequestToFinish(ctx, key, getRequestResult)
+		return err
+	})
+	gh.RunE(func() error {
+		return g.watchLogs(ctx, stopCh, key, true, "")
+	})
+	gh.Wait()
 
-		for {
-			var kd v1beta1.KluctlDeployment
-			err := g.client.Get(ctx, key, &kd)
-			if err != nil {
-				return fmt.Errorf("unexpected error while getting KluctlDeployment status: %w", err)
-			}
+	if gh.ErrorOrNil() != nil {
+		return nil, gh.ErrorOrNil()
+	}
+	return rr, nil
+}
 
-			rr = getRequestResult(&kd.Status)
-			if rr == nil {
-				return fmt.Errorf("request result is nil")
-			}
-			if rr.EndTime != nil {
+func (g *gitopsCmdHelper) watchLogs(ctx context.Context, stopCh chan struct{}, key client.ObjectKey, follow bool, reconcileId string) error {
+	if key == (client.ObjectKey{}) {
+		status.Infof(ctx, "Watching logs...")
+	} else {
+		status.Infof(ctx, "Watching logs for %s/%s...", key.Namespace, key.Name)
+	}
+
+	logsCh, err := logs.WatchControllerLogs(ctx, g.corev1Client, "kluctl-system", key, reconcileId, g.logsArgs.LogSince, follow)
+	if err != nil {
+		return err
+	}
+
+	timeout := g.logsArgs.LogGroupingTime
+	timeoutCh := time.After(timeout)
+	for {
+		select {
+		case <-ctx.Done():
+			g.flushLogLines(ctx, true)
+			return ctx.Err()
+		case <-stopCh:
+			g.flushLogLines(ctx, true)
+			return nil
+		case <-timeoutCh:
+			g.flushLogLines(ctx, true)
+			timeoutCh = time.After(timeout)
+		case l, ok := <-logsCh:
+			if !ok {
+				g.flushLogLines(ctx, true)
 				return nil
 			}
+			g.handleLogLine(ctx, l)
 		}
-	})
-	gh.Run(func() {
-		for l := range logsCh {
-			status.Info(ctx, l)
+	}
+}
+
+func (g *gitopsCmdHelper) handleLogLine(ctx context.Context, logLine logs.LogLine) {
+	g.logsMutex.Lock()
+	defer g.logsMutex.Unlock()
+
+	lk := logsKey{
+		objectKey:   client.ObjectKey{Name: logLine.Name, Namespace: logLine.Namespace},
+		reconcileId: logLine.ReconcileID,
+	}
+
+	lb := g.logsBufs[lk]
+	if lb == nil {
+		lb = &logsBuf{}
+		g.logsBufs[lk] = lb
+	}
+	lb.lines = append(lb.lines, logLine)
+
+	hasOther := false
+	for k, x := range g.logsBufs {
+		if k != lk && len(x.lines) != 0 {
+			hasOther = true
+			break
 		}
-	})
-	gh.Wait()
+	}
+	if !hasOther && (g.lastFlushedLogsKey == nil || *g.lastFlushedLogsKey == lk) {
+		g.flushLogLines(ctx, false)
+	}
+}
+
+func (g *gitopsCmdHelper) flushLogLines(ctx context.Context, needLock bool) {
+	if needLock {
+		g.logsMutex.Lock()
+		defer g.logsMutex.Unlock()
+	}
 
-	return rr, gh.ErrorOrNil()
+	for lk, lb := range g.logsBufs {
+		lk := lk
+		if len(lb.lines) == 0 {
+			if time.Now().After(lb.lastFlushTime.Add(5 * time.Second)) {
+				delete(g.logsBufs, lk)
+			}
+			continue
+		}
+		if g.lastFlushedLogsKey == nil || *g.lastFlushedLogsKey != lk {
+			g.lastFlushedLogsKey = &lk
+			lb.lastFlushTime = time.Now()
+			if lk.reconcileId == "" {
+				status.Info(ctx, "Showing general controller logs")
+			} else {
+				status.Infof(ctx, "Showing logs for %s/%s and reconciliation ID %s", lk.objectKey.Namespace, lk.objectKey.Name, lk.reconcileId)
+			}
+			status.Flush(ctx)
+		}
+
+		for _, l := range lb.lines {
+			var s string
+			if g.logsArgs.LogTime {
+				s = fmt.Sprintf("%s: %s\n", l.Timestamp.Format(time.RFC3339), s)
+			} else {
+				s = l.Msg + "\n"
+			}
+			_, _ = getStdout(ctx).WriteString(s)
+		}
+		lb.lines = lb.lines[0:0]
+	}
 }
 
 func init() {
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index e988a2474..98cb5350b 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -12,6 +12,7 @@ import (
 type gitopsDeployCmd struct {
 	args.GitOpsArgs
 	args.OutputFormatFlags
+	args.GitOpsLogArgs
 }
 
 func (cmd *gitopsDeployCmd) Help() string {
@@ -19,8 +20,11 @@ func (cmd *gitopsDeployCmd) Help() string {
 }
 
 func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
-	var g gitopsCmdHelper
-	err := g.init(ctx, cmd.GitOpsArgs)
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	err := g.init(ctx, false)
 	if err != nil {
 		return err
 	}
@@ -31,7 +35,7 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
 			return status.DeployRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index b66dacb16..15237e394 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -11,6 +11,7 @@ import (
 
 type gitopsPruneCmd struct {
 	args.GitOpsArgs
+	args.GitOpsLogArgs
 	args.OutputFormatFlags
 }
 
@@ -19,8 +20,11 @@ func (cmd *gitopsPruneCmd) Help() string {
 }
 
 func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
-	var g gitopsCmdHelper
-	err := g.init(ctx, cmd.GitOpsArgs)
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	err := g.init(ctx, false)
 	if err != nil {
 		return err
 	}
@@ -31,7 +35,7 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
 			return status.PruneRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 7b7b1fc33..11f06e2cc 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -10,6 +10,7 @@ import (
 
 type gitopsReconcileCmd struct {
 	args.GitOpsArgs
+	args.GitOpsLogArgs
 }
 
 func (cmd *gitopsReconcileCmd) Help() string {
@@ -17,8 +18,11 @@ func (cmd *gitopsReconcileCmd) Help() string {
 }
 
 func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
-	var g gitopsCmdHelper
-	err := g.init(ctx, cmd.GitOpsArgs)
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	err := g.init(ctx, false)
 	if err != nil {
 		return err
 	}
@@ -29,7 +33,7 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		_, err = g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		_, err = g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
 			return status.ReconcileRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 27e564890..184fdd6aa 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -13,6 +13,7 @@ import (
 
 type gitopsValidateCmd struct {
 	args.GitOpsArgs
+	args.GitOpsLogArgs
 	args.OutputFlags
 
 	WarningsAsErrors bool `group:"misc" help:"Consider warnings as failures"`
@@ -23,8 +24,11 @@ func (cmd *gitopsValidateCmd) Help() string {
 }
 
 func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
-	var g gitopsCmdHelper
-	err := g.init(ctx, cmd.GitOpsArgs)
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	err := g.init(ctx, false)
 	if err != nil {
 		return err
 	}
@@ -35,7 +39,7 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
 			return status.ValidateRequestResult
 		})
 		if err != nil {
diff --git a/pkg/controllers/logs/controller_logs.go b/pkg/controllers/logs/controller_logs.go
index 3908fb858..9db9c9700 100644
--- a/pkg/controllers/logs/controller_logs.go
+++ b/pkg/controllers/logs/controller_logs.go
@@ -10,10 +10,20 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sync/atomic"
 	"time"
 )
 
-func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerNamespace string, kdKey client.ObjectKey, reconcileId string, since time.Duration, onlyMessage bool) (chan string, error) {
+type LogLine struct {
+	Level       string    `json:"level"`
+	Timestamp   time.Time `json:"ts"`
+	Msg         string    `json:"msg"`
+	Name        string    `json:"name"`
+	Namespace   string    `json:"namespace"`
+	ReconcileID string    `json:"reconcileID"`
+}
+
+func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerNamespace string, kdKey client.ObjectKey, reconcileId string, since time.Duration, follow bool) (chan LogLine, error) {
 	pods, err := c.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
 		LabelSelector: "control-plane=kluctl-controller",
 	})
@@ -39,7 +49,7 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 	for _, pod := range pods.Items {
 		since2 := int64(since.Seconds())
 		rc, err := c.Pods(pod.Namespace).GetLogs(pod.Name, &corev1.PodLogOptions{
-			Follow:       true,
+			Follow:       follow,
 			SinceSeconds: &since2,
 		}).Stream(ctx)
 		if err != nil {
@@ -51,6 +61,7 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 		streams = append(streams, rc)
 	}
 
+	var closedCount atomic.Int32
 	rawLineCh := make(chan string)
 	for _, s := range streams {
 		s := s
@@ -60,12 +71,16 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 				l := sc.Text()
 				rawLineCh <- l
 			}
+			closedCount.Add(1)
+			if closedCount.Load() == int32(len(streams)) {
+				close(rawLineCh)
+			}
 		}()
 	}
 
 	ok = true
 
-	logCh := make(chan string)
+	logCh := make(chan LogLine)
 	go func() {
 		defer cleanupStreams()
 		for {
@@ -73,39 +88,29 @@ func WatchControllerLogs(ctx context.Context, c *v1.CoreV1Client, controllerName
 			case <-ctx.Done():
 				close(logCh)
 				return
-			case l := <-rawLineCh:
-				var j map[string]any
-				err = json.Unmarshal([]byte(l), &j)
+			case l, ok := <-rawLineCh:
+				if !ok {
+					close(logCh)
+					return
+				}
+				var ll LogLine
+				err = json.Unmarshal([]byte(l), &ll)
 				if err != nil {
 					continue
 				}
 
-				name := j["name"]
-				namespace := j["namespace"]
-
-				if kdKey.Name != "" && name != kdKey.Name {
+				if kdKey.Name != "" && ll.Name != kdKey.Name {
 					continue
 				}
-				if kdKey.Namespace != "" && namespace != kdKey.Namespace {
+				if kdKey.Namespace != "" && ll.Namespace != kdKey.Namespace {
 					continue
 				}
 
-				rid := j["reconcileID"]
-				if reconcileId != "" && rid != reconcileId {
+				if reconcileId != "" && ll.ReconcileID != reconcileId {
 					continue
 				}
 
-				if onlyMessage {
-					x, ok := j["msg"]
-					if ok {
-						s, ok := x.(string)
-						if ok {
-							logCh <- s
-						}
-					}
-				} else {
-					logCh <- l
-				}
+				logCh <- ll
 			}
 		}
 	}()
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index 80877fddd..32204253c 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -2,6 +2,7 @@ package webui
 
 import (
 	"context"
+	"encoding/json"
 	"github.com/gin-gonic/gin"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"net/http"
@@ -39,14 +40,19 @@ func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second, false)
+	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second, true)
 	if err != nil {
 		_ = gctx.AbortWithError(http.StatusBadRequest, err)
 		return
 	}
 
 	for l := range logCh {
-		err = conn.Write(ctx, websocket.MessageText, []byte(l))
+		var b []byte
+		b, err = json.Marshal(&l)
+		if err != nil {
+			return
+		}
+		err = conn.Write(ctx, websocket.MessageText, b)
 		if err != nil {
 			return
 		}

From b6e53a3390ae1aa99b18e81402b0546e289ca5f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 14:19:39 +0200
Subject: [PATCH 1743/2268] feat: Add kluctl gitops logs command

---
 cmd/kluctl/commands/cmd_gitops.go      |  1 +
 cmd/kluctl/commands/cmd_gitops_logs.go | 50 ++++++++++++++++++++++++++
 docs/kluctl/commands/gitops-logs.md    | 43 ++++++++++++++++++++++
 3 files changed, 94 insertions(+)
 create mode 100644 cmd/kluctl/commands/cmd_gitops_logs.go
 create mode 100644 docs/kluctl/commands/gitops-logs.md

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index ec3d658a0..62f890edb 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -24,6 +24,7 @@ type gitopsCmd struct {
 	Deploy    gitopsDeployCmd    `cmd:"" help:"Trigger a GitOps deployment"`
 	Prune     gitopsPruneCmd     `cmd:"" help:"Trigger a GitOps prune"`
 	Validate  gitopsValidateCmd  `cmd:"" help:"Trigger a GitOps validate"`
+	Logs      gitopsLogsCmd      `cmd:"" help:"Show logs from controller"`
 }
 
 type gitopsCmdHelper struct {
diff --git a/cmd/kluctl/commands/cmd_gitops_logs.go b/cmd/kluctl/commands/cmd_gitops_logs.go
new file mode 100644
index 000000000..dada98637
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_logs.go
@@ -0,0 +1,50 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type gitopsLogsCmd struct {
+	args.GitOpsArgs
+	args.GitOpsLogArgs
+
+	ReconcileId string `group:"misc" help:"If specified, logs are filtered for the given reconcile ID."`
+	Follow      bool   `group:"misc" short:"f" help:"Follow logs after printing old logs."`
+}
+
+func (cmd *gitopsLogsCmd) Help() string {
+	return `Print and watch logs of specified KluctlDeployments from the kluctl-controller.`
+}
+
+func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	err := g.init(ctx, true)
+	if err != nil {
+		return err
+	}
+
+	stopCh := make(chan struct{})
+
+	gh := utils.NewGoHelper(ctx, 0)
+	if !cmd.GitOpsArgs.AnyObjectArgSet() {
+		gh.RunE(func() error {
+			return g.watchLogs(ctx, stopCh, client.ObjectKey{}, cmd.Follow, cmd.ReconcileId)
+		})
+	} else {
+		for _, kd := range g.kds {
+			key := client.ObjectKeyFromObject(&kd)
+			gh.RunE(func() error {
+				return g.watchLogs(ctx, stopCh, key, cmd.Follow, cmd.ReconcileId)
+			})
+		}
+	}
+	gh.Wait()
+
+	return gh.ErrorOrNil()
+}
diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
new file mode 100644
index 000000000..ee5111c15
--- /dev/null
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -0,0 +1,43 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops logs"
+linkTitle: "gitops logs"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops logs" "Usage" false -->
+Usage: kluctl gitops logs [flags]
+
+Show logs from controller
+Print and watch logs of specified KluctlDeployments from the kluctl-controller.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops logs" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --context string               Override the context to use.
+  -f, --follow                       Follow logs after printing old logs.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+      --reconcile-id string          If specified, logs are filtered for the given reconcile ID.
+
+```
+<!-- END SECTION -->

From 0eb471be0b213fe08bf029fe27fe3e723e1d75d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 14:21:25 +0200
Subject: [PATCH 1744/2268] docs: Update docs and run replace-commands-help

---
 docs/gitops/README.md                    | 12 ++++++++++++
 docs/kluctl/commands/README.md           | 13 +++++++++----
 docs/kluctl/commands/gitops-deploy.md    | 21 ++++++++++++++++-----
 docs/kluctl/commands/gitops-prune.md     | 21 ++++++++++++++++-----
 docs/kluctl/commands/gitops-reconcile.md | 15 ++++++++++-----
 docs/kluctl/commands/gitops-validate.md  | 17 ++++++++++++-----
 6 files changed, 75 insertions(+), 24 deletions(-)

diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index db29ad935..ffcb31c4d 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -30,6 +30,17 @@ As an example, arguments passed via `-a arg=value` can be passed to the custom r
 The same applies to options like `--dry-run`, which equals to `spec.dryRun: true` in the custom resource. Check the
 documentation of [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
 
+## GitOps Commands
+
+Kluctl GitOps deployments can be controlled via the Kluctl CLI interface, e.g. with
+`kluctl gitops deploy --namespace my-ns --name my-deployment`, which will trigger a deployment and wait for it to finish.
+
+See [commands](../kluctl/commands/README.md) for more details.
+
+## Kluctl Webui
+
+The same deployments can also be controlled and monitored via the [Kluctl Webui](../webui/README.md).
+
 ## Installation
 
 Installation instructions can be found [here](./installation.md)
@@ -43,6 +54,7 @@ The reconciliation process consists of multiple steps which are constantly repea
 - **deploy** the specified target via [kluctl deploy](../kluctl/commands/deploy.md) if the rendered resources changed
 - **prune** orphaned objects via [kluctl prune](../kluctl/commands/prune.md)
 - **validate** the deployment status via [kluctl validate](../kluctl/commands/validate.md)
+- **drift-detection** is performed to allow the [Kluctl Webui](../webui/README.md) to show drift.
 
 Reconciliation is performed on a configurable [interval](spec/v1beta1/kluctldeployment.md#interval). A single
 reconciliation iteration will first clone and prepare the project. Only when the rendered resources indicate a change
diff --git a/docs/kluctl/commands/README.md b/docs/kluctl/commands/README.md
index 88fb8608d..82166feaf 100644
--- a/docs/kluctl/commands/README.md
+++ b/docs/kluctl/commands/README.md
@@ -33,7 +33,12 @@ Individual commands are documented in sub-sections.
 11. [prune](./prune.md)
 12. [render](./render.md)
 13. [validate](./validate.md)
-14. [controller run](./controller-run.md)
-15. [controller install](./controller-install.md)
-16. [webui run](./webui-run.md)
-17. [webui build](./webui-build.md)
+14. [gitops deploy](./gitops-deploy.md)
+15. [gitops logs](./gitops-logs.md)
+16. [gitops prune](./gitops-prune.md)
+17. [gitops reconcile](./gitops-reconcile.md)
+18. [gitops validate](./gitops-validate.md)
+19. [controller run](./controller-run.md)
+20. [controller install](./controller-install.md)
+21. [webui run](./webui-run.md)
+22. [webui build](./webui-build.md)
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
index 3f105fa2d..07ab28a4e 100644
--- a/docs/kluctl/commands/gitops-deploy.md
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -26,11 +26,22 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+      --no-obfuscate                 Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --short-output                 When using the 'text' output format (which is the default), only names of
+                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
index b662da290..23bca24a1 100644
--- a/docs/kluctl/commands/gitops-prune.md
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -26,11 +26,22 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+      --no-obfuscate                 Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --short-output                 When using the 'text' output format (which is the default), only names of
+                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
index acfbd0233..295431e97 100644
--- a/docs/kluctl/commands/gitops-reconcile.md
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -26,11 +26,16 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index 1f2a9524e..6f859387a 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -26,11 +26,18 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+  -o, --output stringArray           Specify output target file. Can be specified multiple times
+      --warnings-as-errors           Consider warnings as failures
 
 ```
 <!-- END SECTION -->

From 53255fd06e481cfbb36553ab2e119d92fd9b0837 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 15:08:18 +0200
Subject: [PATCH 1745/2268] docs: Fix help string for gitops validate

---
 cmd/kluctl/commands/cmd_gitops_validate.go | 2 +-
 docs/kluctl/commands/gitops-validate.md    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 184fdd6aa..32de2fbc8 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -20,7 +20,7 @@ type gitopsValidateCmd struct {
 }
 
 func (cmd *gitopsValidateCmd) Help() string {
-	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.`
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validate. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.`
 }
 
 func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index 6f859387a..78b9cc669 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -14,7 +14,7 @@ description: >
 Usage: kluctl gitops validate [flags]
 
 Trigger a GitOps validate
-This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validate. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
 
 <!-- END SECTION -->
 

From 3f3853c967d0582f2801e7c3e48315d8f83bc023 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 15:35:42 +0200
Subject: [PATCH 1746/2268] feat: Add printer column for suspend field

---
 api/v1beta1/kluctldeployment_types.go                    | 1 +
 config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml | 3 +++
 install/controller/controller/crd.yaml                   | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index dd963730a..99ce9409d 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -647,6 +647,7 @@ func (s *KluctlDeploymentStatus) GetDriftDetectionResult() (*result.DriftDetecti
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="Suspend",type="boolean",JSONPath=".spec.suspend",description=""
 //+kubebuilder:printcolumn:name="DryRun",type="boolean",JSONPath=".spec.dryRun",description=""
 //+kubebuilder:printcolumn:name="Deployed",type="date",JSONPath=".status.lastDeployResult.commandInfo.endTime",description=""
 //+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 9b10a216d..7f879f91e 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -15,6 +15,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
+    - jsonPath: .spec.suspend
+      name: Suspend
+      type: boolean
     - jsonPath: .spec.dryRun
       name: DryRun
       type: boolean
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index bbedfdb33..581a7531d 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -15,6 +15,9 @@ spec:
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
+    - jsonPath: .spec.suspend
+      name: Suspend
+      type: boolean
     - jsonPath: .spec.dryRun
       name: DryRun
       type: boolean

From db57f5a869288a9978570cd4ceb0bbf4d90a5acf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 15:36:24 +0200
Subject: [PATCH 1747/2268] feat: Add gitops suspend/resume commands

---
 cmd/kluctl/commands/cmd_gitops.go             | 90 ++++++++++++++++---
 cmd/kluctl/commands/cmd_gitops_deploy.go      |  4 +-
 cmd/kluctl/commands/cmd_gitops_logs.go        |  2 +-
 cmd/kluctl/commands/cmd_gitops_prune.go       |  4 +-
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |  4 +-
 .../commands/cmd_gitops_suspend_resume.go     | 65 ++++++++++++++
 cmd/kluctl/commands/cmd_gitops_validate.go    |  4 +-
 docs/kluctl/commands/README.md                | 10 ++-
 docs/kluctl/commands/gitops-resume.md         | 48 ++++++++++
 docs/kluctl/commands/gitops-suspend.md        | 48 ++++++++++
 10 files changed, 256 insertions(+), 23 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_gitops_suspend_resume.go
 create mode 100644 docs/kluctl/commands/gitops-resume.md
 create mode 100644 docs/kluctl/commands/gitops-suspend.md

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 62f890edb..3ce3f3b5e 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -20,6 +20,8 @@ import (
 )
 
 type gitopsCmd struct {
+	Suspend   GitopsSuspendCmd   `cmd:"" help:"Suspend a GitOps deployment"`
+	Resume    gitopsResumeCmd    `cmd:"" help:"Resume a GitOps deployment"`
 	Reconcile gitopsReconcileCmd `cmd:"" help:"Trigger a GitOps reconciliation"`
 	Deploy    gitopsDeployCmd    `cmd:"" help:"Trigger a GitOps deployment"`
 	Prune     gitopsPruneCmd     `cmd:"" help:"Trigger a GitOps prune"`
@@ -53,7 +55,18 @@ type logsBuf struct {
 	lines         []logs.LogLine
 }
 
-func (g *gitopsCmdHelper) init(ctx context.Context, allowNoArgs bool) error {
+type noArgsReact int
+
+const (
+	noArgsForbid noArgsReact = iota
+	noArgsNoDeployments
+	noArgsAllDeployments
+)
+
+func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
+	s := status.Startf(ctx, "Initializing")
+	defer s.Failed()
+
 	g.logsBufs = map[logsKey]*logsBuf{}
 
 	configOverrides := &clientcmd.ConfigOverrides{
@@ -122,7 +135,16 @@ func (g *gitopsCmdHelper) init(ctx context.Context, allowNoArgs bool) error {
 			return err
 		}
 		g.kds = append(g.kds, l.Items...)
-	} else if !allowNoArgs {
+	} else if noArgs == noArgsNoDeployments {
+		// do nothing
+	} else if noArgs == noArgsAllDeployments {
+		var l v1beta1.KluctlDeploymentList
+		err = g.client.List(ctx, &l, opts...)
+		if err != nil {
+			return err
+		}
+		g.kds = append(g.kds, l.Items...)
+	} else {
 		return fmt.Errorf("either name or label selector must be set")
 	}
 
@@ -131,23 +153,71 @@ func (g *gitopsCmdHelper) init(ctx context.Context, allowNoArgs bool) error {
 		return err
 	}
 
+	s.Success()
+
 	return nil
 }
 
-func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, kd *v1beta1.KluctlDeployment, name string, value string) error {
-	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s with annotation %s=%s", kd.Namespace, kd.Name, name, value)
+func (g *gitopsCmdHelper) patchDeployment(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error) error {
+	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s", key.Namespace, key.Name)
 	defer s.Failed()
 
+	var kd v1beta1.KluctlDeployment
+	err := g.client.Get(ctx, key, &kd)
+	if err != nil {
+		return err
+	}
+
+	patch := client.MergeFrom(kd.DeepCopy())
+	err = cb(&kd)
+	if err != nil {
+		return err
+	}
+
+	err = g.client.Patch(ctx, &kd, patch, client.FieldOwner("kluctl"))
+	if err != nil {
+		return err
+	}
+
+	s.Success()
+
+	return nil
+}
+
+func (g *gitopsCmdHelper) patchDeploymentStatus(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error) error {
+	var kd v1beta1.KluctlDeployment
+	err := g.client.Get(ctx, key, &kd)
+	if err != nil {
+		return err
+	}
+
 	patch := client.MergeFrom(kd.DeepCopy())
+	err = cb(&kd)
+	if err != nil {
+		return err
+	}
 
-	a := kd.GetAnnotations()
-	if a == nil {
-		a = map[string]string{}
+	err = g.client.Status().Patch(ctx, &kd, patch, client.FieldOwner("kluctl"))
+	if err != nil {
+		return err
 	}
-	a[name] = value
-	kd.SetAnnotations(a)
 
-	err := g.client.Patch(ctx, kd, patch, client.FieldOwner("kluctl"))
+	return nil
+}
+
+func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, key client.ObjectKey, name string, value string) error {
+	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s with annotation %s=%s", key.Namespace, key.Name, name, value)
+	defer s.Failed()
+
+	err := g.patchDeployment(ctx, key, func(kd *v1beta1.KluctlDeployment) error {
+		a := kd.GetAnnotations()
+		if a == nil {
+			a = map[string]string{}
+		}
+		a[name] = value
+		kd.SetAnnotations(a)
+		return nil
+	})
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index 98cb5350b..fd2cd37d1 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -24,13 +24,13 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, false)
+	err := g.init(ctx, noArgsForbid)
 	if err != nil {
 		return err
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestDeployAnnotation, v)
+		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestDeployAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_logs.go b/cmd/kluctl/commands/cmd_gitops_logs.go
index dada98637..8a2f101cc 100644
--- a/cmd/kluctl/commands/cmd_gitops_logs.go
+++ b/cmd/kluctl/commands/cmd_gitops_logs.go
@@ -24,7 +24,7 @@ func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, true)
+	err := g.init(ctx, noArgsNoDeployments)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index 15237e394..56cead406 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -24,13 +24,13 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, false)
+	err := g.init(ctx, noArgsForbid)
 	if err != nil {
 		return err
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestPruneAnnotation, v)
+		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestPruneAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 11f06e2cc..26f62da3e 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -22,13 +22,13 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, false)
+	err := g.init(ctx, noArgsForbid)
 	if err != nil {
 		return err
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestReconcileAnnotation, v)
+		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestReconcileAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
new file mode 100644
index 000000000..bda765364
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -0,0 +1,65 @@
+package commands
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type GitopsSuspendCmd struct {
+	args.GitOpsArgs
+	args.OutputFormatFlags
+	args.GitOpsLogArgs
+
+	All bool `group:"misc" help:"If enabled, suspend all deployments."`
+
+	// we re-use the same code for "gitops resume" as well :)
+	forResume bool
+}
+
+type gitopsResumeCmd struct {
+	GitopsSuspendCmd
+}
+
+func (cmd *GitopsSuspendCmd) Help() string {
+	if cmd.forResume {
+		return `This command will resume a GitOps deployment by setting spec.suspend to 'false'.`
+	} else {
+		return `This command will suspend a GitOps deployment by setting spec.suspend to 'true'.`
+	}
+}
+
+func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
+	g := gitopsCmdHelper{
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
+	}
+	na := noArgsForbid
+	if cmd.All {
+		na = noArgsAllDeployments
+	}
+	err := g.init(ctx, na)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		err = g.patchDeployment(ctx, client.ObjectKeyFromObject(&kd), func(kd *v1beta1.KluctlDeployment) error {
+			if cmd.forResume {
+				kd.Spec.Suspend = false
+			} else {
+				kd.Spec.Suspend = true
+			}
+			return nil
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (cmd *gitopsResumeCmd) Run(ctx context.Context) error {
+	cmd.forResume = true
+	return cmd.GitopsSuspendCmd.Run(ctx)
+}
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 32de2fbc8..6dec78e8c 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -28,13 +28,13 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, false)
+	err := g.init(ctx, noArgsForbid)
 	if err != nil {
 		return err
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, &kd, v1beta1.KluctlRequestValidateAnnotation, v)
+		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestValidateAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/docs/kluctl/commands/README.md b/docs/kluctl/commands/README.md
index 82166feaf..85b39a18e 100644
--- a/docs/kluctl/commands/README.md
+++ b/docs/kluctl/commands/README.md
@@ -38,7 +38,9 @@ Individual commands are documented in sub-sections.
 16. [gitops prune](./gitops-prune.md)
 17. [gitops reconcile](./gitops-reconcile.md)
 18. [gitops validate](./gitops-validate.md)
-19. [controller run](./controller-run.md)
-20. [controller install](./controller-install.md)
-21. [webui run](./webui-run.md)
-22. [webui build](./webui-build.md)
+19. [gitops resume](./gitops-resume.md)
+20. [gitops suspend](./gitops-suspend.md)
+21. [controller run](./controller-run.md)
+22. [controller install](./controller-install.md)
+23. [webui run](./webui-run.md)
+24. [webui build](./webui-build.md)
diff --git a/docs/kluctl/commands/gitops-resume.md b/docs/kluctl/commands/gitops-resume.md
new file mode 100644
index 000000000..474496817
--- /dev/null
+++ b/docs/kluctl/commands/gitops-resume.md
@@ -0,0 +1,48 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops resume"
+linkTitle: "gitops resume"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops resume" "Usage" false -->
+Usage: kluctl gitops resume [flags]
+
+Resume a GitOps deployment
+This command will suspend a GitOps deployment by setting spec.suspend to 'true'.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops resume" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --all                          If enabled, suspend all deployments.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+      --no-obfuscate                 Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --short-output                 When using the 'text' output format (which is the default), only names of
+                                     changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-suspend.md b/docs/kluctl/commands/gitops-suspend.md
new file mode 100644
index 000000000..3e4af2505
--- /dev/null
+++ b/docs/kluctl/commands/gitops-suspend.md
@@ -0,0 +1,48 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops suspend"
+linkTitle: "gitops suspend"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops suspend" "Usage" false -->
+Usage: kluctl gitops suspend [flags]
+
+Suspend a GitOps deployment
+This command will suspend a GitOps deployment by setting spec.suspend to 'true'.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops suspend" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --all                          If enabled, suspend all deployments.
+      --context string               Override the context to use.
+  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+      --name string                  Specifies the name of the KluctlDeployment.
+  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                     namespace from your kubeconfig is used.
+      --no-obfuscate                 Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
+                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
+                                     format for yaml is currently not documented and subject to change.
+      --short-output                 When using the 'text' output format (which is the default), only names of
+                                     changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->

From 708a3d04982ab5aa45885f036900fc1caf323177 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 15:44:28 +0200
Subject: [PATCH 1748/2268] feat: Skip suspended deployments on requests

---
 cmd/kluctl/commands/cmd_gitops.go             | 33 +++++++++++++------
 cmd/kluctl/commands/cmd_gitops_deploy.go      |  2 +-
 cmd/kluctl/commands/cmd_gitops_logs.go        |  8 +++--
 cmd/kluctl/commands/cmd_gitops_prune.go       |  2 +-
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |  2 +-
 .../commands/cmd_gitops_suspend_resume.go     | 10 +++---
 cmd/kluctl/commands/cmd_gitops_validate.go    |  2 +-
 7 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 3ce3f3b5e..39de5935a 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -30,8 +30,10 @@ type gitopsCmd struct {
 }
 
 type gitopsCmdHelper struct {
-	args     args.GitOpsArgs
-	logsArgs args.GitOpsLogArgs
+	args           args.GitOpsArgs
+	logsArgs       args.GitOpsLogArgs
+	noArgsReact    noArgsReact
+	allowSuspended bool
 
 	kds []v1beta1.KluctlDeployment
 
@@ -63,7 +65,7 @@ const (
 	noArgsAllDeployments
 )
 
-func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
+func (g *gitopsCmdHelper) init(ctx context.Context) error {
 	s := status.Startf(ctx, "Initializing")
 	defer s.Failed()
 
@@ -99,7 +101,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
 		ns = defaultNs
 	}
 
-	var opts []client.ListOption
+	var kds []v1beta1.KluctlDeployment
 	if g.args.Name != "" {
 		if ns == "" {
 			return fmt.Errorf("no namespace specified")
@@ -113,7 +115,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
 		if err != nil {
 			return err
 		}
-		g.kds = append(g.kds, kd)
+		kds = append(kds, kd)
 	} else if g.args.LabelSelector != "" {
 		label, err := metav1.ParseToLabelSelector(g.args.LabelSelector)
 		if err != nil {
@@ -124,6 +126,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
 			return err
 		}
 
+		var opts []client.ListOption
 		opts = append(opts, client.MatchingLabelsSelector{Selector: sel})
 		if ns != "" {
 			opts = append(opts, client.InNamespace(ns))
@@ -134,20 +137,30 @@ func (g *gitopsCmdHelper) init(ctx context.Context, noArgs noArgsReact) error {
 		if err != nil {
 			return err
 		}
-		g.kds = append(g.kds, l.Items...)
-	} else if noArgs == noArgsNoDeployments {
+		kds = append(kds, l.Items...)
+	} else if g.noArgsReact == noArgsNoDeployments {
 		// do nothing
-	} else if noArgs == noArgsAllDeployments {
+	} else if g.noArgsReact == noArgsAllDeployments {
 		var l v1beta1.KluctlDeploymentList
-		err = g.client.List(ctx, &l, opts...)
+		err = g.client.List(ctx, &l)
 		if err != nil {
 			return err
 		}
-		g.kds = append(g.kds, l.Items...)
+		kds = append(kds, l.Items...)
 	} else {
 		return fmt.Errorf("either name or label selector must be set")
 	}
 
+	for _, kd := range kds {
+		if kd.Spec.Suspend {
+			if !g.allowSuspended {
+				status.Warningf(ctx, "Skipping suspended deployment %s/%s", kd.Namespace, kd.Name)
+				continue
+			}
+		}
+		g.kds = append(g.kds, kd)
+	}
+
 	g.resultStore, err = buildResultStore(ctx, restConfig, g.args.CommandResultFlags, false)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index fd2cd37d1..db79fbd4f 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -24,7 +24,7 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, noArgsForbid)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_logs.go b/cmd/kluctl/commands/cmd_gitops_logs.go
index 8a2f101cc..c51ebc9da 100644
--- a/cmd/kluctl/commands/cmd_gitops_logs.go
+++ b/cmd/kluctl/commands/cmd_gitops_logs.go
@@ -21,10 +21,12 @@ func (cmd *gitopsLogsCmd) Help() string {
 
 func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:           cmd.GitOpsArgs,
+		logsArgs:       cmd.GitOpsLogArgs,
+		noArgsReact:    noArgsNoDeployments,
+		allowSuspended: true,
 	}
-	err := g.init(ctx, noArgsNoDeployments)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index 56cead406..b4685900a 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -24,7 +24,7 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, noArgsForbid)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 26f62da3e..bf6344095 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -22,7 +22,7 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, noArgsForbid)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index bda765364..f826928c3 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -32,14 +32,14 @@ func (cmd *GitopsSuspendCmd) Help() string {
 
 func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:           cmd.GitOpsArgs,
+		logsArgs:       cmd.GitOpsLogArgs,
+		allowSuspended: true,
 	}
-	na := noArgsForbid
 	if cmd.All {
-		na = noArgsAllDeployments
+		g.noArgsReact = noArgsAllDeployments
 	}
-	err := g.init(ctx, na)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 6dec78e8c..b3fd1cbdb 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -28,7 +28,7 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 		args:     cmd.GitOpsArgs,
 		logsArgs: cmd.GitOpsLogArgs,
 	}
-	err := g.init(ctx, noArgsForbid)
+	err := g.init(ctx)
 	if err != nil {
 		return err
 	}

From 7ec55ae4618a86ecbff81d813ce6d393f623774c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 23:50:41 +0200
Subject: [PATCH 1749/2268] feat: Allow to override KluctlDeployment settings
 in gitops commands

---
 api/v1beta1/kluctldeployment_types.go         |   5 +
 cmd/kluctl/args/gitops_args.go                |  13 ++
 cmd/kluctl/args/project.go                    |  35 ++++-
 cmd/kluctl/commands/cmd_deploy.go             |   8 +-
 cmd/kluctl/commands/cmd_gitops.go             | 147 ++++++++++++++++--
 cmd/kluctl/commands/cmd_gitops_deploy.go      |  15 +-
 cmd/kluctl/commands/cmd_gitops_prune.go       |  13 +-
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |  13 +-
 cmd/kluctl/commands/cmd_gitops_validate.go    |  13 +-
 cmd/kluctl/commands/root.go                   |  17 +-
 cmd/kluctl/commands/utils.go                  |  21 +--
 .../kluctldeployment_controller.go            |  54 ++++++-
 12 files changed, 303 insertions(+), 51 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 99ce9409d..5304c76e7 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -37,6 +37,11 @@ const (
 	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
 	KluctlRequestPruneAnnotation     = "kluctl.io/request-prune"
 	KluctlRequestValidateAnnotation  = "kluctl.io/request-validate"
+
+	// KluctlOnetimePatchAnnotation can be set to apply a onetime json-patch to the KluctlDeployment in the next
+	// reconciliation loop. The patched KluctlDeployment is in-memory only and not persisted. The annotation is removed
+	// immediately after it is read.
+	KluctlOnetimePatchAnnotation = "kluctl.io/gitops-onetime-patch"
 )
 
 type KluctlDeploymentSpec struct {
diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 552ef9a32..46ddf7774 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -21,3 +21,16 @@ type GitOpsLogArgs struct {
 	LogGroupingTime time.Duration `group:"misc" help:"Logs are by default grouped by time passed, meaning that they are printed in batches to make reading them easier. This argument allows to modify the grouping time." default:"1s"`
 	LogTime         bool          `group:"misc" help:"If enabled, adds timestamps to log lines"`
 }
+
+type GitOpsOverridableArgs struct {
+	TargetFlagsBase
+	ArgsFlags
+	ImageFlags
+	InclusionFlags
+	DryRunFlags
+	ForceApplyFlags
+	ReplaceOnErrorFlags
+	AbortOnErrorFlags
+
+	TargetContext string `group:"override" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
+}
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 20e8ec090..fc9fdbe19 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -1,6 +1,8 @@
 package args
 
 import (
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"path/filepath"
 	"time"
@@ -39,10 +41,39 @@ type ArgsFlags struct {
 	ArgsFromFile []string `group:"project" help:"Loads a yaml file and makes it available as arguments, meaning that they will be available thought the global 'args' variable."`
 }
 
-type TargetFlags struct {
+func (a *ArgsFlags) LoadArgs() (*uo.UnstructuredObject, error) {
+	if a == nil {
+		return uo.New(), nil
+	}
+
+	var args *uo.UnstructuredObject
+	optionArgs, err := deployment.ParseArgs(a.Arg)
+	if err != nil {
+		return nil, err
+	}
+	args, err = deployment.ConvertArgsToVars(optionArgs, true)
+	if err != nil {
+		return nil, err
+	}
+	for _, a := range a.ArgsFromFile {
+		optionArgs2, err := uo.FromFile(a)
+		if err != nil {
+			return nil, err
+		}
+		args.Merge(optionArgs2)
+	}
+	return args, nil
+}
+
+type TargetFlagsBase struct {
 	Target             string `group:"project" short:"t" help:"Target name to run command for. Target must exist in .kluctl.yaml."`
 	TargetNameOverride string `group:"project" short:"T" help:"Overrides the target name. If -t is used at the same time, then the target will be looked up based on -t <name> and then renamed to the value of -T. If no target is specified via -t, then the no-name target is renamed to the value of -T."`
-	Context            string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
+}
+
+type TargetFlags struct {
+	TargetFlagsBase
+	Context string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
+}
 }
 
 type CommandResultFlags struct {
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 1a7035a2a..dd9cdd18f 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -28,12 +28,16 @@ type deployCmd struct {
 	args.RenderOutputDirFlags
 	args.CommandResultFlags
 
-	NoWait bool `group:"misc" help:"Don't wait for objects readiness'"`
-	Prune  bool `group:"misc" help:"Prune orphaned objects directly after deploying. See the help for the 'prune' sub-command for details.'"`
+	DeployExtraFlags
 
 	internal bool
 }
 
+type DeployExtraFlags struct {
+	NoWait bool `group:"misc" help:"Don't wait for objects readiness."`
+	Prune  bool `group:"misc" help:"Prune orphaned objects directly after deploying. See the help for the 'prune' sub-command for details."`
+}
+
 func (cmd *deployCmd) Help() string {
 	return `This command will also output a diff between the initial state and the state after
 deployment. The format of this diff is the same as for the 'diff' command.
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 39de5935a..0c86e8def 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -1,15 +1,21 @@
 package commands
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	flag "github.com/spf13/pflag"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -30,8 +36,10 @@ type gitopsCmd struct {
 }
 
 type gitopsCmdHelper struct {
-	args           args.GitOpsArgs
-	logsArgs       args.GitOpsLogArgs
+	args            args.GitOpsArgs
+	logsArgs        args.GitOpsLogArgs
+	overridableArgs args.GitOpsOverridableArgs
+
 	noArgsReact    noArgsReact
 	allowSuspended bool
 
@@ -161,7 +169,8 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		g.kds = append(g.kds, kd)
 	}
 
-	g.resultStore, err = buildResultStore(ctx, restConfig, g.args.CommandResultFlags, false)
+	g.resultStore, err = buildResultStore(ctx, restConfig,
+		g.args.CommandResultReadOnlyFlags, args.CommandResultWriteFlags{}, false)
 	if err != nil {
 		return err
 	}
@@ -218,16 +227,24 @@ func (g *gitopsCmdHelper) patchDeploymentStatus(ctx context.Context, key client.
 	return nil
 }
 
-func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, key client.ObjectKey, name string, value string) error {
-	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s with annotation %s=%s", key.Namespace, key.Name, name, value)
-	defer s.Failed()
-
+func (g *gitopsCmdHelper) patchManualRequest(ctx context.Context, key client.ObjectKey, requestAnnotation string, value string) error {
 	err := g.patchDeployment(ctx, key, func(kd *v1beta1.KluctlDeployment) error {
 		a := kd.GetAnnotations()
 		if a == nil {
 			a = map[string]string{}
 		}
-		a[name] = value
+		a[requestAnnotation] = value
+
+		onetimePatch, err := g.buildOnetimePatch(ctx, kd)
+		if err != nil {
+			return err
+		}
+		if len(onetimePatch) != 0 && !bytes.Equal(onetimePatch, []byte("{}")) {
+			a[v1beta1.KluctlOnetimePatchAnnotation] = string(onetimePatch)
+		} else {
+			delete(a, v1beta1.KluctlOnetimePatchAnnotation)
+		}
+
 		kd.SetAnnotations(a)
 		return nil
 	})
@@ -235,7 +252,119 @@ func (g *gitopsCmdHelper) patchAnnotation(ctx context.Context, key client.Object
 		return err
 	}
 
-	s.Success()
+	return nil
+}
+
+func (g *gitopsCmdHelper) buildOnetimePatch(ctx context.Context, kdIn *v1beta1.KluctlDeployment) ([]byte, error) {
+	cobraCmd := getCobraCommand(ctx)
+	if cobraCmd == nil {
+		panic("no cobra cmd")
+	}
+
+	handleFlag := func(name string, cb func(f *flag.Flag)) {
+		f := cobraCmd.Flag(name)
+		if f == nil {
+			panic(fmt.Sprintf("flag %s not found", name))
+		}
+		if f.Changed {
+			cb(f)
+		}
+	}
+
+	kd := kdIn.DeepCopy()
+
+	handleFlag("dry-run", func(f *flag.Flag) {
+		kd.Spec.DryRun = g.overridableArgs.DryRun
+	})
+	handleFlag("force-apply", func(f *flag.Flag) {
+		kd.Spec.ForceApply = g.overridableArgs.ForceApply
+	})
+	handleFlag("replace-on-error", func(f *flag.Flag) {
+		kd.Spec.ReplaceOnError = g.overridableArgs.ReplaceOnError
+	})
+	handleFlag("force-replace-on-error", func(f *flag.Flag) {
+		kd.Spec.ForceReplaceOnError = g.overridableArgs.ForceReplaceOnError
+	})
+	handleFlag("abort-on-error", func(f *flag.Flag) {
+		kd.Spec.AbortOnError = g.overridableArgs.AbortOnError
+	})
+	handleFlag("no-wait", func(f *flag.Flag) {
+		kd.Spec.NoWait = utils.ParseBoolOrFalse(f.Value.String())
+	})
+	handleFlag("prune", func(f *flag.Flag) {
+		kd.Spec.Prune = utils.ParseBoolOrFalse(f.Value.String())
+	})
+
+	if g.overridableArgs.Target != "" {
+		kd.Spec.Target = &g.overridableArgs.Target
+	}
+	if g.overridableArgs.TargetNameOverride != "" {
+		kd.Spec.TargetNameOverride = &g.overridableArgs.TargetNameOverride
+	}
+	if g.overridableArgs.TargetContext != "" {
+		kd.Spec.Context = &g.overridableArgs.TargetContext
+	}
+
+	fis, err := g.overridableArgs.ImageFlags.LoadFixedImagesFromArgs()
+	if err != nil {
+		return nil, err
+	}
+	kd.Spec.Images = append(kd.Spec.Images, fis...)
+
+	inc, err := g.overridableArgs.InclusionFlags.ParseInclusionFromArgs()
+	if err != nil {
+		return nil, err
+	}
+	kd.Spec.IncludeTags = append(kd.Spec.IncludeTags, inc.GetIncludes("tag")...)
+	kd.Spec.ExcludeTags = append(kd.Spec.ExcludeTags, inc.GetExcludes("tag")...)
+	kd.Spec.IncludeDeploymentDirs = append(kd.Spec.IncludeDeploymentDirs, inc.GetIncludes("deploymentItemDir")...)
+	kd.Spec.ExcludeDeploymentDirs = append(kd.Spec.ExcludeDeploymentDirs, inc.GetExcludes("deploymentItemDir")...)
+
+	err = g.overrideDeploymentArgs(kd)
+	if err != nil {
+		return nil, err
+	}
+
+	kdOrigS, err := yaml.WriteJsonString(kdIn)
+	if err != nil {
+		return nil, err
+	}
+	kdS, err := yaml.WriteJsonString(kd)
+	if err != nil {
+		return nil, err
+	}
+
+	patchB, err := json_patch.CreateMergePatch([]byte(kdOrigS), []byte(kdS))
+	if err != nil {
+		return nil, err
+	}
+
+	return patchB, nil
+}
+
+func (g *gitopsCmdHelper) overrideDeploymentArgs(kd *v1beta1.KluctlDeployment) error {
+	overrideArgs, err := g.overridableArgs.ArgsFlags.LoadArgs()
+	if err != nil {
+		return err
+	}
+	if overrideArgs.IsZero() {
+		return nil
+	}
+
+	newArgs := uo.New()
+	if kd.Spec.Args != nil {
+		x, err := uo.FromString(string(kd.Spec.Args.Raw))
+		if err != nil {
+			return err
+		}
+		newArgs = x
+	}
+	newArgs.Merge(overrideArgs)
+	b, err := yaml.WriteJsonString(newArgs)
+	if err != nil {
+		return err
+	}
+	kd.Spec.Args = &runtime.RawExtension{Raw: []byte(b)}
 
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index db79fbd4f..a4b7870f3 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -13,16 +13,23 @@ type gitopsDeployCmd struct {
 	args.GitOpsArgs
 	args.OutputFormatFlags
 	args.GitOpsLogArgs
+	args.GitOpsOverridableArgs `groupOverride:"override"`
+
+	DeployExtraFlags
 }
 
 func (cmd *gitopsDeployCmd) Help() string {
-	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment. It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.`
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment.
+It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.`
 }
 
 func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:            cmd.GitOpsArgs,
+		logsArgs:        cmd.GitOpsLogArgs,
+		overridableArgs: cmd.GitOpsOverridableArgs,
 	}
 	err := g.init(ctx)
 	if err != nil {
@@ -30,7 +37,7 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestDeployAnnotation, v)
+		err := g.patchManualRequest(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestDeployAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index b4685900a..df99eb7bb 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -13,16 +13,21 @@ type gitopsPruneCmd struct {
 	args.GitOpsArgs
 	args.GitOpsLogArgs
 	args.OutputFormatFlags
+	args.GitOpsOverridableArgs
 }
 
 func (cmd *gitopsPruneCmd) Help() string {
-	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune. It does this by setting the annotation 'kluctl.io/request-prune' to the current time.`
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune.
+It does this by setting the annotation 'kluctl.io/request-prune' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.`
 }
 
 func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:            cmd.GitOpsArgs,
+		logsArgs:        cmd.GitOpsLogArgs,
+		overridableArgs: cmd.GitOpsOverridableArgs,
 	}
 	err := g.init(ctx)
 	if err != nil {
@@ -30,7 +35,7 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestPruneAnnotation, v)
+		err := g.patchManualRequest(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestPruneAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index bf6344095..568a00fb0 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -11,16 +11,21 @@ import (
 type gitopsReconcileCmd struct {
 	args.GitOpsArgs
 	args.GitOpsLogArgs
+	args.GitOpsOverridableArgs
 }
 
 func (cmd *gitopsReconcileCmd) Help() string {
-	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.`
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop.
+It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.`
 }
 
 func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:            cmd.GitOpsArgs,
+		logsArgs:        cmd.GitOpsLogArgs,
+		overridableArgs: cmd.GitOpsOverridableArgs,
 	}
 	err := g.init(ctx)
 	if err != nil {
@@ -28,7 +33,7 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestReconcileAnnotation, v)
+		err := g.patchManualRequest(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestReconcileAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index b3fd1cbdb..7b76d9abf 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -14,19 +14,24 @@ import (
 type gitopsValidateCmd struct {
 	args.GitOpsArgs
 	args.GitOpsLogArgs
+	args.GitOpsOverridableArgs
 	args.OutputFlags
 
 	WarningsAsErrors bool `group:"misc" help:"Consider warnings as failures"`
 }
 
 func (cmd *gitopsValidateCmd) Help() string {
-	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validate. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.`
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validation.
+It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.`
 }
 
 func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:            cmd.GitOpsArgs,
+		logsArgs:        cmd.GitOpsLogArgs,
+		overridableArgs: cmd.GitOpsOverridableArgs,
 	}
 	err := g.init(ctx)
 	if err != nil {
@@ -34,7 +39,7 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 	}
 	for _, kd := range g.kds {
 		v := time.Now().Format(time.RFC3339Nano)
-		err := g.patchAnnotation(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestValidateAnnotation, v)
+		err := g.patchManualRequest(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestValidateAnnotation, v)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 069c3ea58..480504e7e 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -275,7 +275,7 @@ func Main() {
 			return ctx, err
 		}
 
-		ctx = initStatusHandlerAndPrompts(ctx, flags.Debug, flags.NoColor)
+		ctx = initStatusHandlerAndPrompts(ctxIn, flags.Debug, flags.NoColor)
 		didSetupStatusHandler = true
 
 		if cmd.Parent() == nil || (cmd.Name() != "run" && cmd.Parent().Name() != "controller") {
@@ -314,6 +314,16 @@ func Main() {
 	}
 }
 
+type cobraCmdContextKey struct{}
+
+func getCobraCommand(ctx context.Context) *cobra.Command {
+	v := ctx.Value(cobraCmdContextKey{})
+	if x, ok := v.(*cobra.Command); ok {
+		return x
+	}
+	return nil
+}
+
 func Execute(ctx context.Context, args []string, preRun func(ctx context.Context, rootCmd *cobra.Command, flags *GlobalFlags) (context.Context, error)) error {
 	root := cli{}
 	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
@@ -333,6 +343,11 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 	rootCmd.SilenceErrors = true
 
 	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
+		ctx = context.WithValue(ctx, cobraCmdContextKey{}, cmd)
+		for c := cmd; c != nil; c = c.Parent() {
+			c.SetContext(ctx)
+		}
+
 		if preRun != nil {
 			ctx, err = preRun(ctx, cmd, &root.GlobalFlags)
 			if ctx != nil {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 0c8c9aaa1..4eb2488ec 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -21,7 +21,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -123,23 +122,9 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 	ociRp := repocache.NewOciRepoCache(ctx, ociAuth, ociRepoOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
-	var externalArgs *uo.UnstructuredObject
-	if argsFlags != nil {
-		optionArgs, err := deployment.ParseArgs(argsFlags.Arg)
-		if err != nil {
-			return err
-		}
-		externalArgs, err = deployment.ConvertArgsToVars(optionArgs, true)
-		if err != nil {
-			return err
-		}
-		for _, a := range argsFlags.ArgsFromFile {
-			optionArgs2, err := uo.FromFile(a)
-			if err != nil {
-				return err
-			}
-			externalArgs.Merge(optionArgs2)
-		}
+	externalArgs, err := argsFlags.LoadArgs()
+	if err != nil {
+		return err
 	}
 
 	loadArgs := kluctl_project.LoadKluctlProjectArgs{
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 8b02d346d..7d513fb2a 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	json_patch "github.com/evanphx/json-patch"
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
@@ -156,6 +157,50 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	return *ctrlResult, nil
 }
 
+func (r *KluctlDeploymentReconciler) applyOnetimePatch(ctx context.Context, obj *kluctlv1.KluctlDeployment) error {
+	if obj.GetAnnotations() == nil {
+		return nil
+	}
+
+	patchStr, ok := obj.GetAnnotations()[kluctlv1.KluctlOnetimePatchAnnotation]
+	if !ok {
+		return nil
+	}
+
+	log := ctrl.LoggerFrom(ctx)
+	log.Info("Applying onetime patch", "patch", patchStr)
+
+	objJson, err := yaml.WriteJsonString(obj)
+	if err != nil {
+		return err
+	}
+
+	objJson2, err := json_patch.MergePatch([]byte(objJson), []byte(patchStr))
+	if err != nil {
+		return err
+	}
+
+	var patchedObj kluctlv1.KluctlDeployment
+	err = yaml.ReadYamlBytes(objJson2, &patchedObj)
+	if err != nil {
+		return err
+	}
+
+	ap := client.MergeFrom(patchedObj.DeepCopy())
+	a := patchedObj.GetAnnotations()
+	if a != nil {
+		delete(a, kluctlv1.KluctlOnetimePatchAnnotation)
+		patchedObj.SetAnnotations(a)
+		err = r.Patch(ctx, patchedObj.DeepCopy(), ap, client.FieldOwner(r.ControllerName))
+		if err != nil {
+			return err
+		}
+	}
+
+	*obj = patchedObj
+	return nil
+}
+
 func (r *KluctlDeploymentReconciler) doReconcile(
 	ctx context.Context,
 	obj *kluctlv1.KluctlDeployment,
@@ -212,6 +257,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
+	err := r.applyOnetimePatch(ctx, obj)
+	if err != nil {
+		return doFailPrepare(err)
+	}
+
 	oldGeneration := obj.Status.ObservedGeneration
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 
@@ -416,7 +466,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	needDeploy := false
-	needDeployByRequest := false
 	needPrune := false
 	needValidate := false
 	needDriftDetection := true
@@ -430,7 +479,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	} else if curDeployRequest != nil {
 		// explicitly requested a deploy
 		needDeploy = true
-		needDeployByRequest = true
 	} else if oldGeneration != obj.GetGeneration() {
 		// spec has changed
 		needDeploy = true
@@ -490,7 +538,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			return nil, patchErr
 		}
 		var cmdErr error
-		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, needDeployByRequest)
+		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, curDeployRequest != nil)
 		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")

From 8fa13acc00ebd6231c126f84e202ffdf04fc1980 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 23:51:12 +0200
Subject: [PATCH 1750/2268] feat: Restructure gitops command help

---
 cmd/kluctl/args/gitops_args.go            |  20 +++--
 cmd/kluctl/args/project.go                |  17 ++--
 cmd/kluctl/commands/cmd_controller_run.go |   2 +-
 cmd/kluctl/commands/cmd_gitops_deploy.go  |   2 +-
 cmd/kluctl/commands/cobra_utils.go        |  23 +++--
 cmd/kluctl/commands/root.go               |   3 +
 cmd/kluctl/commands/utils.go              |   6 +-
 docs/kluctl/commands/deploy.md            |   4 +-
 docs/kluctl/commands/gitops-deploy.md     | 102 +++++++++++++++++++---
 docs/kluctl/commands/gitops-logs.md       |  40 +++++++--
 docs/kluctl/commands/gitops-prune.md      |  71 ++++++++++++---
 docs/kluctl/commands/gitops-reconcile.md  |  58 ++++++++++--
 docs/kluctl/commands/gitops-resume.md     |  50 ++++++++---
 docs/kluctl/commands/gitops-suspend.md    |  50 ++++++++---
 docs/kluctl/commands/gitops-validate.md   |  62 +++++++++++--
 15 files changed, 414 insertions(+), 96 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 46ddf7774..9a982b0f1 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -1,15 +1,17 @@
 package args
 
-import "time"
+import (
+	"time"
+)
 
 type GitOpsArgs struct {
-	CommandResultFlags
+	CommandResultReadOnlyFlags
 
-	Name          string `group:"misc" help:"Specifies the name of the KluctlDeployment."`
-	Namespace     string `group:"misc" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
-	LabelSelector string `group:"misc" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
+	Name          string `group:"gitops" help:"Specifies the name of the KluctlDeployment."`
+	Namespace     string `group:"gitops" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
+	LabelSelector string `group:"gitops" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
 
-	Context string `group:"misc" help:"Override the context to use."`
+	Context string `group:"gitops" help:"Override the context to use."`
 }
 
 func (a GitOpsArgs) AnyObjectArgSet() bool {
@@ -17,9 +19,9 @@ func (a GitOpsArgs) AnyObjectArgSet() bool {
 }
 
 type GitOpsLogArgs struct {
-	LogSince        time.Duration `group:"misc" help:"Show logs since this time." default:"60s"`
-	LogGroupingTime time.Duration `group:"misc" help:"Logs are by default grouped by time passed, meaning that they are printed in batches to make reading them easier. This argument allows to modify the grouping time." default:"1s"`
-	LogTime         bool          `group:"misc" help:"If enabled, adds timestamps to log lines"`
+	LogSince        time.Duration `group:"logs" help:"Show logs since this time." default:"60s"`
+	LogGroupingTime time.Duration `group:"logs" help:"Logs are by default grouped by time passed, meaning that they are printed in batches to make reading them easier. This argument allows to modify the grouping time." default:"1s"`
+	LogTime         bool          `group:"logs" help:"If enabled, adds timestamps to log lines"`
 }
 
 type GitOpsOverridableArgs struct {
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index fc9fdbe19..e72c74eac 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -74,12 +74,19 @@ type TargetFlags struct {
 	TargetFlagsBase
 	Context string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
 }
+
+type CommandResultReadOnlyFlags struct {
+	CommandResultNamespace string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
+}
+
+type CommandResultWriteFlags struct {
+	WriteCommandResult       bool `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
+	ForceWriteCommandResult  bool `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
+	KeepCommandResultsCount  int  `group:"results" help:"Configure how many old command results to keep." default:"5"`
+	KeepValidateResultsCount int  `group:"results" help:"Configure how many old validate results to keep." default:"2"`
 }
 
 type CommandResultFlags struct {
-	WriteCommandResult       bool   `group:"results" help:"Enable writing of command results into the cluster. This is enabled by default." default:"true"`
-	ForceWriteCommandResult  bool   `group:"results" help:"Force writing of command results, even if the command is run in dry-run mode."`
-	CommandResultNamespace   string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
-	KeepCommandResultsCount  int    `group:"results" help:"Configure how many old command results to keep." default:"5"`
-	KeepValidateResultsCount int    `group:"results" help:"Configure how many old validate results to keep." default:"2"`
+	CommandResultReadOnlyFlags
+	CommandResultWriteFlags
 }
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index ac366e2d5..dcbb2e221 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -148,7 +148,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		SshPool:               sshPool,
 	}
 
-	r.ResultStore, err = buildResultStore(ctx, restConfig, cmd.CommandResultFlags, true)
+	r.ResultStore, err = buildResultStore(ctx, restConfig, cmd.CommandResultReadOnlyFlags, cmd.CommandResultWriteFlags, true)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index a4b7870f3..815c3573b 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -15,7 +15,7 @@ type gitopsDeployCmd struct {
 	args.GitOpsLogArgs
 	args.GitOpsOverridableArgs `groupOverride:"override"`
 
-	DeployExtraFlags
+	DeployExtraFlags `groupOverride:"override"`
 }
 
 func (cmd *gitopsDeployCmd) Help() string {
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 8ecf0fbf2..3b214f377 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -78,7 +78,7 @@ func (c *rootCommand) buildCobraCmd(parent *commandAndGroups, cmdStruct interfac
 	if err != nil {
 		return nil, err
 	}
-	err = c.buildCobraArgs(cg, cmdStruct)
+	err = c.buildCobraArgs(cg, cmdStruct, "")
 	if err != nil {
 		return nil, err
 	}
@@ -127,7 +127,7 @@ func (c *rootCommand) buildCobraSubCommands(cg *commandAndGroups, cmdStruct inte
 	return nil
 }
 
-func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}) error {
+func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}, groupOverride string) error {
 	v := reflect.ValueOf(cmdStruct).Elem()
 	t := v.Type()
 	for i := 0; i < t.NumField(); i++ {
@@ -139,7 +139,15 @@ func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}
 			continue
 		}
 
-		err := c.buildCobraArg(cg, f, v.Field(i))
+		groupOverride2, _ := f.Tag.Lookup("groupOverride")
+		if groupOverride2 != "" {
+			fmt.Sprintf("")
+		}
+		if groupOverride2 == "" {
+			groupOverride2 = groupOverride
+		}
+
+		err := c.buildCobraArg(cg, f, v.Field(i), groupOverride2)
 		if err != nil {
 			return err
 		}
@@ -147,7 +155,7 @@ func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}
 	return nil
 }
 
-func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField, v reflect.Value) error {
+func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField, v reflect.Value, groupOverride string) error {
 	v2 := v.Addr().Interface()
 	name := buildCobraName(f.Name)
 
@@ -156,7 +164,10 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 	defaultValue := f.Tag.Get("default")
 	required := f.Tag.Get("required") == "true"
 
-	group := f.Tag.Get("group")
+	group := groupOverride
+	if group == "" {
+		group = f.Tag.Get("group")
+	}
 	if group != "" {
 		cg.groups[name] = group
 	}
@@ -215,7 +226,7 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 		cg.cmd.PersistentFlags().DurationVarP(v2.(*time.Duration), name, shortFlag, parsedDefault, help)
 	default:
 		if f.Anonymous {
-			return c.buildCobraArgs(cg, v2)
+			return c.buildCobraArgs(cg, v2, groupOverride)
 		}
 		return fmt.Errorf("unknown type %s", f.Type.Name())
 	}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 480504e7e..f57e07a21 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -85,8 +85,11 @@ var flagGroups = []groupInfo{
 	{group: "project", title: "Project arguments:", description: "Define where and how to load the kluctl project and its components from."},
 	{group: "images", title: "Image arguments:", description: "Control fixed images and update behaviour."},
 	{group: "inclusion", title: "Inclusion/Exclusion arguments:", description: "Control inclusion/exclusion."},
+	{group: "gitops", title: "GitOps arguments:", description: "Specify gitops flags."},
 	{group: "misc", title: "Misc arguments:", description: "Command specific arguments."},
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
+	{group: "logs", title: "Log arguments:", description: "Configure logging."},
+	{group: "override", title: "GitOps overrides:", description: "Override settings for GitOps deployments."},
 	{group: "helm", title: "Helm arguments:", description: "Configure Helm authentication."},
 	{group: "registry", title: "Registry arguments:", description: "Configure OCI registry authentication."},
 	{group: "auth", title: "Auth arguments:", description: "Configure authentication."},
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 4eb2488ec..f614b6978 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -360,8 +360,8 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string
 	}, nil
 }
 
-func buildResultStore(ctx context.Context, restConfig *rest.Config, args args.CommandResultFlags, startCleanup bool) (results.ResultStore, error) {
-	if !args.WriteCommandResult {
+func buildResultStore(ctx context.Context, restConfig *rest.Config, roArgs args.CommandResultReadOnlyFlags, wArgs args.CommandResultWriteFlags, startCleanup bool) (results.ResultStore, error) {
+	if !wArgs.WriteCommandResult {
 		return nil, nil
 	}
 
@@ -370,7 +370,7 @@ func buildResultStore(ctx context.Context, restConfig *rest.Config, args args.Co
 		return nil, err
 	}
 
-	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, args.CommandResultNamespace, args.KeepCommandResultsCount, args.KeepValidateResultsCount)
+	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, roArgs.CommandResultNamespace, wArgs.KeepCommandResultsCount, wArgs.KeepValidateResultsCount)
 	if err != nil {
 		return nil, err
 	}
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index f148c3b55..f88bb0ab2 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -41,12 +41,12 @@ Misc arguments:
       --force-replace-on-error       Same as --replace-on-error, but also try to delete and re-create objects. See
                                      documentation for more details.
       --no-obfuscate                 Disable obfuscation of sensitive/secret data
-      --no-wait                      Don't wait for objects readiness'
+      --no-wait                      Don't wait for objects readiness.
   -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
                                      can either be 'text' or 'yaml'. Can be specified multiple times. The actual
                                      format for yaml is currently not documented and subject to change.
       --prune                        Prune orphaned objects directly after deploying. See the help for the 'prune'
-                                     sub-command for details.'
+                                     sub-command for details.
       --readiness-timeout duration   Maximum time to wait for object readiness. The timeout is meant per-object.
                                      Timeouts are in the duration format (1s, 1m, 1h, ...). If not specified, a
                                      default timeout of 5m is used. (default 5m0s)
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
index 07ab28a4e..c1037ebad 100644
--- a/docs/kluctl/commands/gitops-deploy.md
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -14,34 +14,112 @@ description: >
 Usage: kluctl gitops deploy [flags]
 
 Trigger a GitOps deployment
-This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment. It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced deployment.
+It does this by setting the annotation 'kluctl.io/request-deploy' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.
 
 <!-- END SECTION -->
 
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops deploy" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops deploy" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops deploy" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops deploy" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-      --no-obfuscate                 Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
-                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                     format for yaml is currently not documented and subject to change.
-      --short-output                 When using the 'text' output format (which is the default), only names of
-                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
+<!-- BEGIN SECTION "gitops deploy" "GitOps overrides" true -->
+```
+GitOps overrides:
+  Override settings for GitOps deployments.
+
+      --abort-on-error                       Abort deploying when an error occurs instead of trying the remaining
+                                             deployments
+  -a, --arg stringArray                      Passes a template argument in the form of name=value. Nested args can
+                                             be set with the '-a my.nested.arg=value' syntax. Values are
+                                             interpreted as yaml values, meaning that 'true' and 'false' will lead
+                                             to boolean values and numbers will be treated as numbers. Use quotes
+                                             if you want these to be treated as strings. If the value starts with
+                                             @, it is treated as a file, meaning that the contents of the file
+                                             will be loaded and treated as yaml.
+      --args-from-file stringArray           Loads a yaml file and makes it available as arguments, meaning that
+                                             they will be available thought the global 'args' variable.
+      --dry-run                              Performs all kubernetes API calls in dry-run mode.
+      --exclude-deployment-dir stringArray   Exclude deployment dir. The path must be relative to the root
+                                             deployment project. Exclusion has precedence over inclusion, same as
+                                             in --exclude-tag
+  -E, --exclude-tag stringArray              Exclude deployments with given tag. Exclusion has precedence over
+                                             inclusion, meaning that explicitly excluded deployments will always
+                                             be excluded even if an inclusion rule would match the same deployment.
+  -F, --fixed-image stringArray              Pin an image to a given version. Expects
+                                             '--fixed-image=image<:namespace:deployment:container>=result'
+      --fixed-images-file existingfile       Use .yaml file to pin image versions. See output of list-images
+                                             sub-command or read the documentation for details about the output format
+      --force-apply                          Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error               Same as --replace-on-error, but also try to delete and re-create
+                                             objects. See documentation for more details.
+      --include-deployment-dir stringArray   Include deployment dir. The path must be relative to the root
+                                             deployment project.
+  -I, --include-tag stringArray              Include deployments with given tag.
+      --no-wait                              Don't wait for objects readiness.
+      --prune                                Prune orphaned objects directly after deploying. See the help for the
+                                             'prune' sub-command for details.
+      --replace-on-error                     When patching an object fails, try to replace it. See documentation
+                                             for more details.
+  -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
+      --target-context string                Overrides the context name specified in the target. If the selected
+                                             target does not specify a context or the no-name target is used,
+                                             --context will override the currently active context.
+  -T, --target-name-override string          Overrides the target name. If -t is used at the same time, then the
+                                             target will be looked up based on -t <name> and then renamed to the
+                                             value of -T. If no target is specified via -t, then the no-name
+                                             target is renamed to the value of -T.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
index ee5111c15..775e1ff28 100644
--- a/docs/kluctl/commands/gitops-logs.md
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -21,23 +21,49 @@ Print and watch logs of specified KluctlDeployments from the kluctl-controller.
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops logs" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops logs" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --context string               Override the context to use.
-  -f, --follow                       Follow logs after printing old logs.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+  -f, --follow                Follow logs after printing old logs.
+      --reconcile-id string   If specified, logs are filtered for the given reconcile ID.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops logs" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops logs" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-      --reconcile-id string          If specified, logs are filtered for the given reconcile ID.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
index 23bca24a1..44ce624b1 100644
--- a/docs/kluctl/commands/gitops-prune.md
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -14,34 +14,81 @@ description: >
 Usage: kluctl gitops prune [flags]
 
 Trigger a GitOps prune
-This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune. It does this by setting the annotation 'kluctl.io/request-prune' to the current time.
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced prune.
+It does this by setting the annotation 'kluctl.io/request-prune' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.
 
 <!-- END SECTION -->
 
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops prune" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops prune" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --abort-on-error              Abort deploying when an error occurs instead of trying the remaining deployments
+      --dry-run                     Performs all kubernetes API calls in dry-run mode.
+      --force-apply                 Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
+                                    documentation for more details.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --replace-on-error            When patching an object fails, try to replace it. See documentation for more
+                                    details.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops prune" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops prune" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-      --no-obfuscate                 Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
-                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                     format for yaml is currently not documented and subject to change.
-      --short-output                 When using the 'text' output format (which is the default), only names of
-                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
+<!-- BEGIN SECTION "gitops prune" "GitOps overrides" true -->
+```
+GitOps overrides:
+  Override settings for GitOps deployments.
+
+      --target-context string   Overrides the context name specified in the target. If the selected target does
+                                not specify a context or the no-name target is used, --context will override the
+                                currently active context.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
index 295431e97..1ff78b697 100644
--- a/docs/kluctl/commands/gitops-reconcile.md
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -14,28 +14,74 @@ description: >
 Usage: kluctl gitops reconcile [flags]
 
 Trigger a GitOps reconciliation
-This command will trigger an existing KluctlDeployment to perform a reconciliation loop. It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop.
+It does this by setting the annotation 'kluctl.io/request-reconcile' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.
 
 <!-- END SECTION -->
 
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops reconcile" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops reconcile" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --abort-on-error           Abort deploying when an error occurs instead of trying the remaining deployments
+      --dry-run                  Performs all kubernetes API calls in dry-run mode.
+      --force-apply              Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error   Same as --replace-on-error, but also try to delete and re-create objects. See
+                                 documentation for more details.
+      --replace-on-error         When patching an object fails, try to replace it. See documentation for more details.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops reconcile" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops reconcile" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
+<!-- BEGIN SECTION "gitops reconcile" "GitOps overrides" true -->
+```
+GitOps overrides:
+  Override settings for GitOps deployments.
+
+      --target-context string   Overrides the context name specified in the target. If the selected target does
+                                not specify a context or the no-name target is used, --context will override the
+                                currently active context.
+
+```
+<!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/gitops-resume.md b/docs/kluctl/commands/gitops-resume.md
index 474496817..7e55b1d05 100644
--- a/docs/kluctl/commands/gitops-resume.md
+++ b/docs/kluctl/commands/gitops-resume.md
@@ -21,28 +21,54 @@ This command will suspend a GitOps deployment by setting spec.suspend to 'true'.
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops resume" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops resume" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --all                          If enabled, suspend all deployments.
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --all                         If enabled, suspend all deployments.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops resume" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops resume" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-      --no-obfuscate                 Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
-                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                     format for yaml is currently not documented and subject to change.
-      --short-output                 When using the 'text' output format (which is the default), only names of
-                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-suspend.md b/docs/kluctl/commands/gitops-suspend.md
index 3e4af2505..966c2e533 100644
--- a/docs/kluctl/commands/gitops-suspend.md
+++ b/docs/kluctl/commands/gitops-suspend.md
@@ -21,28 +21,54 @@ This command will suspend a GitOps deployment by setting spec.suspend to 'true'.
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops suspend" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops suspend" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --all                          If enabled, suspend all deployments.
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --all                         If enabled, suspend all deployments.
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops suspend" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops suspend" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-      --no-obfuscate                 Disable obfuscation of sensitive/secret data
-  -o, --output-format stringArray    Specify output format and target file, in the format 'format=path'. Format
-                                     can either be 'text' or 'yaml'. Can be specified multiple times. The actual
-                                     format for yaml is currently not documented and subject to change.
-      --short-output                 When using the 'text' output format (which is the default), only names of
-                                     changes objects are shown instead of showing all changes.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index 78b9cc669..88059cc0a 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -14,30 +14,76 @@ description: >
 Usage: kluctl gitops validate [flags]
 
 Trigger a GitOps validate
-This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validate. It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced validation.
+It does this by setting the annotation 'kluctl.io/request-validate' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.
 
 <!-- END SECTION -->
 
 ## Arguments
 
 The following arguments are available:
+<!-- BEGIN SECTION "gitops validate" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string          Override the context to use.
+  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
+      --name string             Specifies the name of the KluctlDeployment.
+  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
+                                from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
 <!-- BEGIN SECTION "gitops validate" "Misc arguments" true -->
 ```
 Misc arguments:
   Command specific arguments.
 
-      --context string               Override the context to use.
-  -l, --label-selector string        If specified, KluctlDeployments are searched and filtered by this label selector.
+      --abort-on-error           Abort deploying when an error occurs instead of trying the remaining deployments
+      --dry-run                  Performs all kubernetes API calls in dry-run mode.
+      --force-apply              Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error   Same as --replace-on-error, but also try to delete and re-create objects. See
+                                 documentation for more details.
+  -o, --output stringArray       Specify output target file. Can be specified multiple times
+      --replace-on-error         When patching an object fails, try to replace it. See documentation for more details.
+      --warnings-as-errors       Consider warnings as failures
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops validate" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops validate" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
       --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
                                      batches to make reading them easier. This argument allows to modify the
                                      grouping time. (default 1s)
       --log-since duration           Show logs since this time. (default 1m0s)
       --log-time                     If enabled, adds timestamps to log lines
-      --name string                  Specifies the name of the KluctlDeployment.
-  -n, --namespace string             Specifies the namespace of the KluctlDeployment. If omitted, the current
-                                     namespace from your kubeconfig is used.
-  -o, --output stringArray           Specify output target file. Can be specified multiple times
-      --warnings-as-errors           Consider warnings as failures
 
 ```
 <!-- END SECTION -->
+<!-- BEGIN SECTION "gitops validate" "GitOps overrides" true -->
+```
+GitOps overrides:
+  Override settings for GitOps deployments.
+
+      --target-context string   Overrides the context name specified in the target. If the selected target does
+                                not specify a context or the no-name target is used, --context will override the
+                                currently active context.
+
+```
+<!-- END SECTION -->
\ No newline at end of file

From 86fd97153df875cdeb47edacd43606a4a0544a3a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Oct 2023 23:51:38 +0200
Subject: [PATCH 1751/2268] chore: Run go mod tidy

---
 go.mod | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 706b9e091..2cb38ac63 100644
--- a/go.mod
+++ b/go.mod
@@ -67,6 +67,8 @@ require (
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
 	github.com/docker/go-connections v0.4.0
+	github.com/evanphx/json-patch v5.6.0+incompatible
+	github.com/evanphx/json-patch/v5 v5.6.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
@@ -152,8 +154,6 @@ require (
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect

From 6307557393957d640d991fce84fd3a1b85e8df5d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 08:22:40 +0200
Subject: [PATCH 1752/2268] fix: Properly report error after manual requests

---
 cmd/kluctl/commands/cmd_gitops.go             | 11 ++++++----
 cmd/kluctl/commands/cmd_gitops_deploy.go      |  4 ++++
 cmd/kluctl/commands/cmd_gitops_prune.go       |  4 ++++
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |  6 +++++-
 cmd/kluctl/commands/cmd_gitops_validate.go    |  3 +++
 cmd/kluctl/commands/cobra_utils.go            |  3 ---
 .../kluctldeployment_controller.go            | 21 +++++++++++++++++++
 7 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 0c86e8def..0d6fdb2d4 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -426,31 +426,34 @@ func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client
 }
 
 func (g *gitopsCmdHelper) waitForRequestToStartAndFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
-	rr, err := g.waitForRequestToStart(ctx, key, requestValue, getRequestResult)
+	rrStarted, err := g.waitForRequestToStart(ctx, key, requestValue, getRequestResult)
 	if err != nil {
 		return nil, err
 	}
 
 	stopCh := make(chan struct{})
 
+	var rrFinished *v1beta1.RequestResult
+
 	gh := utils.NewGoHelper(ctx, 0)
 	gh.RunE(func() error {
 		defer func() {
 			close(stopCh)
 		}()
 		var err error
-		rr, err = g.waitForRequestToFinish(ctx, key, getRequestResult)
+		rrFinished, err = g.waitForRequestToFinish(ctx, key, getRequestResult)
 		return err
 	})
 	gh.RunE(func() error {
-		return g.watchLogs(ctx, stopCh, key, true, "")
+		return g.watchLogs(ctx, stopCh, key, true, rrStarted.ReconcileId)
 	})
 	gh.Wait()
 
 	if gh.ErrorOrNil() != nil {
 		return nil, gh.ErrorOrNil()
 	}
-	return rr, nil
+
+	return rrFinished, nil
 }
 
 func (g *gitopsCmdHelper) watchLogs(ctx context.Context, stopCh chan struct{}, key client.ObjectKey, follow bool, reconcileId string) error {
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index 815c3573b..29cfde348 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/results"
@@ -59,6 +60,9 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 				return err
 			}
 		}
+		if rr.CommandError != "" {
+			return fmt.Errorf("%s", rr.CommandError)
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index df99eb7bb..7d618015b 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/results"
@@ -57,6 +58,9 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 				return err
 			}
 		}
+		if rr.CommandError != "" {
+			return fmt.Errorf("%s", rr.CommandError)
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 568a00fb0..15e53f69d 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -38,12 +39,15 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		_, err = g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
 			return status.ReconcileRequestResult
 		})
 		if err != nil {
 			return err
 		}
+		if rr.CommandError != "" {
+			return fmt.Errorf("%s", rr.CommandError)
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 7b76d9abf..bd613b229 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -68,6 +68,9 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 		} else {
 			status.Info(ctx, "No validation result was returned.")
 		}
+		if rr.CommandError != "" {
+			return fmt.Errorf("%s", rr.CommandError)
+		}
 	}
 	return nil
 }
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 3b214f377..a48133949 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -140,9 +140,6 @@ func (c *rootCommand) buildCobraArgs(cg *commandAndGroups, cmdStruct interface{}
 		}
 
 		groupOverride2, _ := f.Tag.Lookup("groupOverride")
-		if groupOverride2 != "" {
-			fmt.Sprintf("")
-		}
 		if groupOverride2 == "" {
 			groupOverride2 = groupOverride
 		}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 7d513fb2a..b70aeb63b 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -360,6 +360,27 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFailPrepare(err)
 	}
 
+	origDoFailPrepare := doFailPrepare
+	doFailPrepare = func(errIn error) (*ctrl.Result, error) {
+		err = finishHandleRequest(curReconcileRequest, "", errIn, setReconcileRequestResult)
+		if err != nil {
+			return nil, err
+		}
+		err = finishHandleRequest(curDeployRequest, "", errIn, setDeployRequestResult)
+		if err != nil {
+			return nil, err
+		}
+		err = finishHandleRequest(curPruneRequest, "", errIn, setPruneRequestResult)
+		if err != nil {
+			return nil, err
+		}
+		err = finishHandleRequest(curValidateRequest, "", errIn, setValidateRequestResult)
+		if err != nil {
+			return nil, err
+		}
+		return origDoFailPrepare(errIn)
+	}
+
 	obj.Status.LastHandledReconcileAt = ""
 	obj.Status.LastHandledDeployAt = ""
 	obj.Status.LastHandledPruneAt = ""

From baf8207b2660df766dccd2c5d55f1741b790d321 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 08:55:18 +0200
Subject: [PATCH 1753/2268] refactor: Unify result store creation

---
 cmd/kluctl/commands/cmd_controller_run.go |  2 +-
 cmd/kluctl/commands/cmd_gitops.go         | 13 ++++--
 cmd/kluctl/commands/cmd_webui.go          |  7 +--
 cmd/kluctl/commands/utils.go              | 52 ++++++++++++-----------
 e2e/gitops_errors_test.go                 |  2 +-
 e2e/results_test.go                       |  2 +-
 pkg/results/result-store-secrets.go       | 27 +++++++++++-
 7 files changed, 70 insertions(+), 35 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index dcbb2e221..4b4ea1961 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -148,7 +148,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		SshPool:               sshPool,
 	}
 
-	r.ResultStore, err = buildResultStore(ctx, restConfig, cmd.CommandResultReadOnlyFlags, cmd.CommandResultWriteFlags, true)
+	r.ResultStore, err = buildResultStoreRW(ctx, restConfig, mgr.GetRESTMapper(), &cmd.CommandResultFlags, true)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 0d6fdb2d4..259a0e6b8 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -95,7 +96,14 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		return err
 	}
 
-	g.client, err = client.NewWithWatch(restConfig, client.Options{})
+	_, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, restConfig)
+	if err != nil {
+		return err
+	}
+
+	g.client, err = client.NewWithWatch(restConfig, client.Options{
+		Mapper: mapper,
+	})
 	if err != nil {
 		return err
 	}
@@ -169,8 +177,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		g.kds = append(g.kds, kd)
 	}
 
-	g.resultStore, err = buildResultStore(ctx, restConfig,
-		g.args.CommandResultReadOnlyFlags, args.CommandResultWriteFlags{}, false)
+	g.resultStore, err = buildResultStoreRO(ctx, restConfig, mapper, &g.args.CommandResultReadOnlyFlags)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 8e888b4cb..7cbe5d801 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -3,11 +3,12 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type webuiCmd struct {
@@ -66,12 +67,12 @@ func createResultStores(ctx context.Context, k8sContexts []string, allContexts b
 				return err
 			}
 
-			client, err := client.NewWithWatch(config, client.Options{})
+			_, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, config)
 			if err != nil {
 				return err
 			}
 
-			store, err := results.NewResultStoreSecrets(ctx, config, client, "", 0, 0)
+			store, err := buildResultStoreRO(ctx, config, mapper, &args.CommandResultReadOnlyFlags{})
 			if err != nil {
 				return err
 			}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index f614b6978..a27c42627 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -245,7 +245,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		}
 		s.Success()
 
-		resultStore, err = initStores(ctx, clientConfig, mapper, args.commandResultFlags)
+		resultStore, err = buildResultStoreRW(ctx, clientConfig, mapper, args.commandResultFlags, false)
 		if err != nil {
 			return err
 		}
@@ -273,26 +273,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
-func initStores(ctx context.Context, clientConfig *rest.Config, mapper meta.RESTMapper, flags *args.CommandResultFlags) (results.ResultStore, error) {
-	if flags == nil || !flags.WriteCommandResult {
-		return nil, nil
-	}
-
-	client, err := client2.New(clientConfig, client2.Options{
-		Mapper: mapper,
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	resultStore, err := results.NewResultStoreSecrets(ctx, clientConfig, client, flags.CommandResultNamespace, flags.KeepCommandResultsCount, flags.KeepValidateResultsCount)
-	if err != nil {
-		return nil, err
-	}
-
-	return resultStore, nil
-}
-
 func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {
@@ -360,17 +340,39 @@ func parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string
 	}, nil
 }
 
-func buildResultStore(ctx context.Context, restConfig *rest.Config, roArgs args.CommandResultReadOnlyFlags, wArgs args.CommandResultWriteFlags, startCleanup bool) (results.ResultStore, error) {
-	if !wArgs.WriteCommandResult {
+func buildResultStoreRO(ctx context.Context, restConfig *rest.Config, mapper meta.RESTMapper, flags *args.CommandResultReadOnlyFlags) (results.ResultStore, error) {
+	if flags == nil {
+		return nil, nil
+	}
+
+	c, err := client2.NewWithWatch(restConfig, client2.Options{
+		Mapper: mapper,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, false, flags.CommandResultNamespace, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	return resultStore, nil
+}
+
+func buildResultStoreRW(ctx context.Context, restConfig *rest.Config, mapper meta.RESTMapper, flags *args.CommandResultFlags, startCleanup bool) (results.ResultStore, error) {
+	if flags == nil || !flags.WriteCommandResult {
 		return nil, nil
 	}
 
-	c, err := client2.NewWithWatch(restConfig, client2.Options{})
+	c, err := client2.NewWithWatch(restConfig, client2.Options{
+		Mapper: mapper,
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, roArgs.CommandResultNamespace, wArgs.KeepCommandResultsCount, wArgs.KeepValidateResultsCount)
+	resultStore, err := results.NewResultStoreSecrets(ctx, restConfig, c, true, flags.CommandResultNamespace, flags.KeepCommandResultsCount, flags.KeepValidateResultsCount)
 	if err != nil {
 		return nil, err
 	}
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 2e573f8e9..355ba3b78 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -51,7 +51,7 @@ func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, "", 0, 0)
+	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, false, "", 0, 0)
 	g.Expect(err).To(Succeed())
 
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 3181b86f1..661cb2325 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -49,7 +49,7 @@ func TestWriteResult(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	rs, err := results.NewResultStoreSecrets(ctx, k.RESTConfig(), k.Client, "kluctl-results", 0, 0)
+	rs, err := results.NewResultStoreSecrets(ctx, k.RESTConfig(), k.Client, false, "kluctl-results", 0, 0)
 	assert.NoError(t, err)
 
 	opts := results.ListResultSummariesOptions{
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 3b8e44c58..8307a366d 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -36,6 +36,7 @@ type ResultStoreSecrets struct {
 	validateResultsCache cache.Cache
 	clusterId            string
 
+	allowWrite               bool
 	writeNamespace           string
 	keepCommandResultsCount  int
 	keepValidateResultsCount int
@@ -43,7 +44,7 @@ type ResultStoreSecrets struct {
 	mutex sync.Mutex
 }
 
-func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ client.Client, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
+func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ client.Client, allowWrite bool, writeNamespace string, keepCommandResultsCount int, keepValidateResultsCount int) (*ResultStoreSecrets, error) {
 	clusterId, err := k8s.GetClusterId(ctx, client_)
 	if err != nil {
 		return nil, err
@@ -73,6 +74,7 @@ func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ cli
 	s := &ResultStoreSecrets{
 		ctx:                      ctx,
 		client:                   client_,
+		allowWrite:               allowWrite,
 		writeNamespace:           writeNamespace,
 		cache:                    c1,
 		clusterId:                clusterId,
@@ -115,6 +117,9 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 	if s.writeNamespace == "" {
 		return fmt.Errorf("missing writeNamespace")
 	}
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
 	var ns corev1.Namespace
 	err := s.client.Get(s.ctx, client.ObjectKey{Name: s.writeNamespace}, &ns)
 	if err != nil && errors.IsNotFound(err) {
@@ -135,6 +140,10 @@ func (s *ResultStoreSecrets) ensureWriteNamespace() error {
 }
 
 func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+
 	err := s.ensureWriteNamespace()
 	if err != nil {
 		return err
@@ -210,6 +219,10 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 }
 
 func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+
 	err := s.ensureWriteNamespace()
 	if err != nil {
 		return err
@@ -275,6 +288,10 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 }
 
 func (s *ResultStoreSecrets) cleanupOldCommandResults(project result.ProjectKey, target result.TargetKey) error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+
 	results, err := s.ListCommandResultSummaries(ListResultSummariesOptions{
 		ProjectFilter: &project,
 	})
@@ -304,6 +321,10 @@ func (s *ResultStoreSecrets) cleanupOldCommandResults(project result.ProjectKey,
 }
 
 func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+
 	commandResults, err := s.doListCommandResultSummaries(ListResultSummariesOptions{})
 	if err != nil {
 		return err
@@ -360,6 +381,10 @@ func (s *ResultStoreSecrets) cleanupOrphanedResults() error {
 }
 
 func (s *ResultStoreSecrets) StartCleanupOrphans() error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+
 	ch, _, err := s.WatchKluctlDeployments()
 	if err != nil {
 		return err

From 31022c73c8e248f9ac00615cddc29deec98faf14 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 08:55:45 +0200
Subject: [PATCH 1754/2268] feat: Log progressing and readiness changes

---
 .../kluctldeployment_controller.go            | 22 +++++++++----------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index b70aeb63b..9c4b4fba3 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -214,13 +214,18 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	// keep old status until we're doing real work (deploying, validating, ...)
 	oldReadyCondition := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition)
 
-	doFail := func(reason string, err error) (*ctrl.Result, error) {
-		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
-		patchErr := r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
-			setReadinessCondition(c, metav1.ConditionFalse, reason, err.Error(), obj.Generation)
+	doReadyCondition := func(status metav1.ConditionStatus, reason, message string) error {
+		log.Info(fmt.Sprintf("updating readiness condition: status=%s, reason=%s, message=%s", status, reason, message))
+		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+			setReadinessCondition(c, status, reason, message, obj.Generation)
 			apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
 			return nil
 		})
+	}
+
+	doFail := func(reason string, err error) (*ctrl.Result, error) {
+		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
+		patchErr := doReadyCondition(metav1.ConditionFalse, reason, err.Error())
 		if patchErr != nil {
 			err = multierror.Append(err, patchErr)
 		}
@@ -233,6 +238,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	doProgressingCondition := func(message string, keepOldReadyStatus bool) error {
+		log.Info("progressing: " + message)
 		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
 			if keepOldReadyStatus && oldReadyCondition != nil {
 				setReadinessCondition(c, oldReadyCondition.Status, oldReadyCondition.Reason, oldReadyCondition.Message, obj.Generation)
@@ -244,14 +250,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		})
 	}
 
-	doReadyCondition := func(status metav1.ConditionStatus, reason, message string) error {
-		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
-			setReadinessCondition(c, status, reason, message, obj.Generation)
-			apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
-			return nil
-		})
-	}
-
 	patchErr := doProgressingCondition("Initializing", true)
 	if patchErr != nil {
 		return nil, patchErr

From 73c0d0d39b0d2720a84f2354d4948088236e8dac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 09:12:37 +0200
Subject: [PATCH 1755/2268] fix: Fix ListKluctlDeployments to actually return
 the copies

---
 pkg/results/result-store-secrets.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 8307a366d..a120ee968 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -826,7 +826,7 @@ func (s *ResultStoreSecrets) ListKluctlDeployments() ([]WatchKluctlDeploymentEve
 		o.APIVersion = kluctlv1.GroupVersion.String()
 		ret = append(ret, WatchKluctlDeploymentEvent{
 			ClusterId:  s.clusterId,
-			Deployment: &x,
+			Deployment: o,
 		})
 	}
 	return ret, nil

From 28b7a976b0f0fa62002a4d9d4de379485867d84f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 09:28:28 +0200
Subject: [PATCH 1756/2268] tests: Put TestFieldManager into correct test suite

---
 e2e/gitops_fieldmanager_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/gitops_fieldmanager_test.go b/e2e/gitops_fieldmanager_test.go
index d429b9c3b..f79be2267 100644
--- a/e2e/gitops_fieldmanager_test.go
+++ b/e2e/gitops_fieldmanager_test.go
@@ -24,7 +24,7 @@ func TestGitOpsFieldManager(t *testing.T) {
 	suite.Run(t, new(GitOpsFieldManagerTestSuite))
 }
 
-func (suite *GitopsTestSuite) TestFieldManager() {
+func (suite *GitOpsFieldManagerTestSuite) TestFieldManager() {
 	g := NewWithT(suite.T())
 
 	p := test_project.NewTestProject(suite.T())

From cef17872eccbd34ea7b4bd1ece33f6c577460715 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 11:23:30 +0200
Subject: [PATCH 1757/2268] tests: Stop using the init() hack and instead use
 TestMain to call kluctl

---
 e2e/call_kluctl_hack.go                       | 19 -------------------
 ...t_clusters.go => default_clusters_test.go} |  2 +-
 e2e/{gitops_suite.go => gitops_suite_test.go} |  0
 e2e/main_test.go                              | 12 ++++++++++++
 4 files changed, 13 insertions(+), 20 deletions(-)
 delete mode 100644 e2e/call_kluctl_hack.go
 rename e2e/{default_clusters.go => default_clusters_test.go} (99%)
 rename e2e/{gitops_suite.go => gitops_suite_test.go} (100%)

diff --git a/e2e/call_kluctl_hack.go b/e2e/call_kluctl_hack.go
deleted file mode 100644
index fa5268d30..000000000
--- a/e2e/call_kluctl_hack.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package e2e
-
-import (
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
-	"os"
-)
-
-func isCallKluctlHack() bool {
-	return os.Getenv("CALL_KLUCTL") == "true"
-}
-
-func init() {
-	// We use the Golang's initializing mechanism to run kluctl even though the test executable was invoked
-	// This is clearly a hack, but it avoids the requirement to have a kluctl executable pre-built
-	if isCallKluctlHack() {
-		commands.Main()
-		os.Exit(0)
-	}
-}
diff --git a/e2e/default_clusters.go b/e2e/default_clusters_test.go
similarity index 99%
rename from e2e/default_clusters.go
rename to e2e/default_clusters_test.go
index 05bcc1488..a2a887521 100644
--- a/e2e/default_clusters.go
+++ b/e2e/default_clusters_test.go
@@ -20,7 +20,7 @@ var gitopsCluster = test_utils.CreateEnvTestCluster("gitops")
 var mergedKubeconfig string
 
 func init() {
-	if isCallKluctlHack() {
+	if isCallKluctl() {
 		return
 	}
 
diff --git a/e2e/gitops_suite.go b/e2e/gitops_suite_test.go
similarity index 100%
rename from e2e/gitops_suite.go
rename to e2e/gitops_suite_test.go
diff --git a/e2e/main_test.go b/e2e/main_test.go
index 97c6ef92e..a91610b71 100644
--- a/e2e/main_test.go
+++ b/e2e/main_test.go
@@ -1,11 +1,23 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
 	"os"
 	"testing"
 )
 
+func isCallKluctl() bool {
+	return os.Getenv("CALL_KLUCTL") == "true"
+}
+
 func TestMain(m *testing.M) {
+	// We use the TestMail to run kluctl even though the test executable was invoked
+	// This is clearly a hack, but it avoids the requirement to have a kluctl executable pre-built
+	if isCallKluctl() {
+		commands.Main()
+		os.Exit(0)
+	}
+
 	tmpFile1, err := os.CreateTemp("", "")
 	if err != nil {
 		panic(err)

From 1b8564985cf40a9d105460c161830ca34a4518c2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 11:48:05 +0200
Subject: [PATCH 1758/2268] tests: Fix tests after latest changes

---
 e2e/gitops_suite_test.go |  4 ++--
 e2e/helm_test.go         |  3 +--
 e2e/images_test.go       |  5 ++---
 e2e/oci_include_test.go  | 12 ++++--------
 e2e/render_test.go       |  4 ++--
 e2e/validate_test.go     |  3 +--
 6 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 55e729b98..dfc26722c 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -160,7 +160,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime == nil
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime != nil
 	}, timeout, time.Second).Should(BeTrue())
 }
 
@@ -172,7 +172,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
 		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime == nil && kd.Status.ObservedCommit == commit
+		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime != nil && kd.Status.ObservedCommit == commit
 	}, timeout, time.Second).Should(BeTrue())
 }
 
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 5973f1a93..1ca0cf1a7 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -402,8 +402,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 		assert.Contains(t, stderr, pullMessage)
 	}
 	if tc.expectedError != "" {
-		assert.Error(t, err)
-		assert.Contains(t, stderr, tc.expectedError)
+		assert.ErrorContains(t, err, tc.expectedError)
 	} else {
 		assert.NoError(t, err)
 		assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
diff --git a/e2e/images_test.go b/e2e/images_test.go
index 1afd8eb0a..4561e3d1d 100644
--- a/e2e/images_test.go
+++ b/e2e/images_test.go
@@ -76,9 +76,8 @@ func TestGetImageNotFound(t *testing.T) {
 
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 
-	_, stderr, err := p.Kluctl("deploy", "-y", "-t", "test")
-	assert.Error(t, err)
-	assert.Contains(t, stderr, "failed to find fixed image for i1")
+	_, _, err := p.Kluctl("deploy", "-y", "-t", "test")
+	assert.ErrorContains(t, err, "failed to find fixed image for i1")
 }
 
 func TestGetImageArg(t *testing.T) {
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 74e3bc3f0..d4d656682 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -84,14 +84,12 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
 	// push with no creds
-	_, stderr, err := ip1.Kluctl("oci", "push", "--url", repoUrl1)
+	_, _, err := ip1.Kluctl("oci", "push", "--url", repoUrl1)
 	assert.ErrorContains(t, err, "401 Unauthorized")
-	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// push with invalid creds
-	_, stderr, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:invalid", repo1.URL.Host))
+	_, _, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:invalid", repo1.URL.Host))
 	assert.ErrorContains(t, err, "401 Unauthorized")
-	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// now with valid creds
 	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
@@ -122,9 +120,8 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	}))
 
 	// deploy with no auth
-	_, stderr, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	_, _, err = p.Kluctl("deploy", "--yes", "-t", "test")
 	assert.ErrorContains(t, err, "401 Unauthorized")
-	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// deploy with some invalid creds
 	t.Setenv("KLUCTL_REGISTRY_1_HOST", repo1.URL.Host)
@@ -134,9 +131,8 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", repo2.URL.Host))
 	t.Setenv("KLUCTL_REGISTRY_2_USERNAME", "user2")
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "invalid")
-	_, stderr, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	_, _, err = p.Kluctl("deploy", "--yes", "-t", "test")
 	assert.ErrorContains(t, err, "401 Unauthorized")
-	assert.Contains(t, stderr, "401 Unauthorized")
 
 	// deploy with valid creds
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "pass2")
diff --git a/e2e/render_test.go b/e2e/render_test.go
index 280531478..e29d6688c 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -55,7 +55,7 @@ func TestRenderNoKubeconfig(t *testing.T) {
 	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField("context1", "context")
 	})
-	_, stderr, _ = p.Kluctl("render", "-t", "test", "--print-all")
-	assert.Contains(t, stderr, "context \"context1\" does not exist")
+	_, stderr, err := p.Kluctl("render", "-t", "test", "--print-all")
+	assert.ErrorContains(t, err, "context \"context1\" does not exist")
 
 }
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 59d44a584..9cfd97fd1 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -89,9 +89,8 @@ func assertValidate(t *testing.T, p *test_project.TestProject, succeed bool) (st
 		assert.NotContains(t, stdout, fmt.Sprintf("%s/Deployment/d1: readyReplicas field not in status or empty", p.TestSlug()))
 		assert.NotContains(t, stderr, "Validation failed")
 	} else {
-		assert.Error(t, err)
+		assert.ErrorContains(t, err, "Validation failed")
 		assert.Contains(t, stdout, fmt.Sprintf("%s/Deployment/d1: readyReplicas field not in status or empty", p.TestSlug()))
-		assert.Contains(t, stderr, "Validation failed")
 	}
 
 	return stdout, stderr

From f6a5cd112cdf65aaad62bd7d46a36a94b44bf783 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 11:54:31 +0200
Subject: [PATCH 1759/2268] tests: Use t.Cleanup() to cleanup deployments

---
 e2e/gitops_suite_test.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index dfc26722c..ece5bec6d 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -49,7 +49,6 @@ type GitopsTestSuite struct {
 	gitopsNamespace        string
 	gitopsResultsNamespace string
 	gitopsSecretIdx        int
-	deployments            []client.ObjectKey
 	deletedDeployments     []client.ObjectKey
 }
 
@@ -92,11 +91,6 @@ func (suite *GitopsTestSuite) TearDownSuite() {
 }
 
 func (suite *GitopsTestSuite) TearDownTest() {
-	for _, key := range suite.deployments {
-		suite.deleteKluctlDeployment(key)
-	}
-
-	suite.deployments = nil
 }
 
 func (suite *GitopsTestSuite) startController() {
@@ -219,7 +213,9 @@ func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProjec
 	}
 
 	key := client.ObjectKeyFromObject(kluctlDeployment)
-	suite.deployments = append(suite.deployments, key)
+	suite.T().Cleanup(func() {
+		suite.deleteKluctlDeployment(key)
+	})
 	return key
 }
 

From 6d16f68071a0a15da5b9e1b4f4fa43c303e2599a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 12:13:33 +0200
Subject: [PATCH 1760/2268] ci: Split non-gitops and gitops tests in CI

---
 .github/workflows/tests.yml | 36 +++++++++++++++++++++++++++++-------
 Makefile                    | 10 +++++++++-
 e2e/gitops_suite_test.go    |  5 -----
 3 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 034f93399..f48990085 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -101,14 +101,30 @@ jobs:
       matrix:
         include:
           - os: ubuntu-22.04
-            run_on_pull_requests: true
+            run_unit_tests: false
+            run_e2e_non_gitops: true
+            run_e2e_gitops: false
+            name: ubuntu-non-gitops
+          - os: ubuntu-22.04
+            run_unit_tests: true
+            run_e2e_non_gitops: false
+            run_e2e_gitops: true
+            name: ubuntu-gitops
           - os: macos-12
-            run_on_pull_requests: false
+            run_unit_tests: true
+            # only run e2e tests on branches
+            run_e2e_non_gitops: ${{ github.event_name != 'pull_request' }}
+            run_e2e_gitops: ${{ github.event_name != 'pull_request' }}
+            name: macos
           - os: windows-2022
-            run_on_pull_requests: false
-        os: [ubuntu-22.04, macos-12, windows-2022]
+            run_unit_tests: true
+            # only run e2e tests on branches
+            run_e2e_non_gitops: ${{ github.event_name != 'pull_request' }}
+            run_e2e_gitops: false # never run gitops tests on windows
+            name: windows
       fail-fast: false
     runs-on: ${{ matrix.os }}
+    name: tests-${{ matrix.name }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -124,11 +140,17 @@ jobs:
           restore-keys: |
             tests-go-${{ runner.os }}-
       - name: Run unit tests
+        if: matrix.run_unit_tests
         shell: bash
         run: |
           make test-unit
-      - name: Run e2e tests
-        if: matrix.run_on_pull_requests || github.event_name != 'pull_request'
+      - name: Run e2e-non-gitops tests
+        if: matrix.run_e2e_non_gitops
+        shell: bash
+        run: |
+          make test-e2e-non-gitops
+      - name: Run e2e-gitops tests
+        if: matrix.run_e2e_gitops
         shell: bash
         run: |
-          make test-e2e
+          make test-e2e-gitops
diff --git a/Makefile b/Makefile
index c75449a5a..ee41d1da6 100644
--- a/Makefile
+++ b/Makefile
@@ -92,9 +92,17 @@ test-unit: envtest ## Run unit tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out -test.v
 
 .PHONY: test-e2e
-test-e2e: envtest ## Run e2e tests.
+test-e2e: envtest ## Run all e2e tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -timeout 15m -coverprofile cover.out -test.v
 
+.PHONY: test-e2e-non-gitops
+test-e2e-non-gitops: envtest ## Run non-gitops e2e tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -timeout 15m -coverprofile cover.out -test.v -skip 'TestGitOps.*'
+
+.PHONY: test-e2e-gitops
+test-e2e-gitops: envtest ## Run gitops e2e tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -timeout 15m -coverprofile cover.out -test.v -run 'TestGitOps.*'
+
 replace-commands-help: ## Replace commands help in docs
 	go run ./internal/replace-commands-help --docs-dir ./docs/kluctl/commands
 
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index ece5bec6d..e0e1c91b0 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -20,7 +20,6 @@ import (
 	"math/rand"
 	"os"
 	"path/filepath"
-	runtime2 "runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
@@ -53,10 +52,6 @@ type GitopsTestSuite struct {
 }
 
 func (suite *GitopsTestSuite) SetupSuite() {
-	if runtime2.GOOS == "windows" {
-		suite.T().Skip("skipping gitops tests on windows")
-	}
-
 	suite.k = gitopsCluster
 
 	n := suite.T().Name()

From d1c53abe36e34f8ceec9bc3277ad31eddc2e9bbe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 13:10:01 +0200
Subject: [PATCH 1761/2268] tests: Add some logging to gitops helper funcs

---
 e2e/gitops_suite_test.go | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index e0e1c91b0..0f0d30e7c 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -129,6 +129,8 @@ func (suite *GitopsTestSuite) startController() {
 func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
 	reconcileId := fmt.Sprintf("%d", rand.Int63())
 
+	suite.T().Logf("%s: triggerReconcile", reconcileId)
+
 	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 		a := kd.GetAnnotations()
 		if a == nil {
@@ -145,11 +147,21 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 
 	reconcileId := suite.triggerReconcile(key)
 
+	suite.T().Logf("%s: waiting for reconcile to finish", reconcileId)
+
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime != nil
+		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
+			suite.T().Logf("%s: request processing not started yet", reconcileId)
+			return false
+		}
+		if kd.Status.ReconcileRequestResult.EndTime == nil {
+			suite.T().Logf("%s: request processing not finished yet", reconcileId)
+			return false
+		}
+		return true
 	}, timeout, time.Second).Should(BeTrue())
 }
 
@@ -158,10 +170,25 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 
 	reconcileId := suite.triggerReconcile(key)
 
+	suite.T().Logf("%s: waiting for commit %s", reconcileId, commit)
+
 	g.Eventually(func() bool {
 		var kd kluctlv1.KluctlDeployment
-		_ = suite.k.Client.Get(context.Background(), key, &kd)
-		return kd.Status.ReconcileRequestResult != nil && kd.Status.ReconcileRequestResult.RequestValue == reconcileId && kd.Status.ReconcileRequestResult.EndTime != nil && kd.Status.ObservedCommit == commit
+		err := suite.k.Client.Get(context.Background(), key, &kd)
+		g.Expect(err).To(Succeed())
+		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
+			suite.T().Logf("%s: request processing not started yet", reconcileId)
+			return false
+		}
+		if kd.Status.ReconcileRequestResult.EndTime == nil {
+			suite.T().Logf("%s: request processing not finished yet", reconcileId)
+			return false
+		}
+		if kd.Status.ObservedCommit != commit {
+			suite.T().Logf("%s: commit %s does mot match %s", reconcileId, kd.Status.ObservedCommit, commit)
+			return false
+		}
+		return true
 	}, timeout, time.Second).Should(BeTrue())
 }
 

From 3d50fff4be43669a44137a05216794956853e595 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 13:10:18 +0200
Subject: [PATCH 1762/2268] fix: First write condition, then the request result
 in status

---
 pkg/controllers/kluctldeployment_controller.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 9c4b4fba3..c567ddd2c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -360,23 +360,28 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	origDoFailPrepare := doFailPrepare
 	doFailPrepare = func(errIn error) (*ctrl.Result, error) {
+		retErr := errIn
+		ret, err := origDoFailPrepare(errIn)
+		if err != nil {
+			retErr = multierror.Append(retErr, err)
+		}
 		err = finishHandleRequest(curReconcileRequest, "", errIn, setReconcileRequestResult)
 		if err != nil {
-			return nil, err
+			retErr = multierror.Append(retErr, err)
 		}
 		err = finishHandleRequest(curDeployRequest, "", errIn, setDeployRequestResult)
 		if err != nil {
-			return nil, err
+			retErr = multierror.Append(retErr, err)
 		}
 		err = finishHandleRequest(curPruneRequest, "", errIn, setPruneRequestResult)
 		if err != nil {
-			return nil, err
+			retErr = multierror.Append(retErr, err)
 		}
 		err = finishHandleRequest(curValidateRequest, "", errIn, setValidateRequestResult)
 		if err != nil {
-			return nil, err
+			retErr = multierror.Append(retErr, err)
 		}
-		return origDoFailPrepare(errIn)
+		return ret, retErr
 	}
 
 	obj.Status.LastHandledReconcileAt = ""

From e5940b5b6d2b59041ee09631a4eb3610891cadd0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Oct 2023 13:53:08 +0200
Subject: [PATCH 1763/2268] ci: Add dependabot group for k8s.io (#860)

---
 .github/dependabot.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d9af54b7a..dd0ca4403 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,6 +13,9 @@ updates:
       golang-x:
         patterns:
           - "golang.org/x/*"
+      k8s-io:
+        patterns:
+          - "k8s.io/*"
       aws-sdk:
         patterns:
           - "*aws-sdk*"

From 58a30fcb975d33aa3b66ee3c4387ad294964e16e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 Oct 2023 14:55:58 +0200
Subject: [PATCH 1764/2268] feat: Use .gitignore for OCI artifact building

---
 cmd/kluctl/commands/cmd_oci_push.go       | 49 +++++++++++++----------
 pkg/git/utils.go                          | 13 ++++++
 pkg/oci/client/build.go                   | 10 ++---
 pkg/oci/client/build_test.go              |  6 ++-
 pkg/oci/client/diff.go                    |  5 ++-
 pkg/oci/client/push.go                    |  5 ++-
 pkg/oci/sourceignore/sourceignore.go      |  6 +--
 pkg/oci/sourceignore/sourceignore_test.go |  2 +-
 8 files changed, 59 insertions(+), 37 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index a4815e97a..a9e01463f 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -25,7 +26,6 @@ type ociPushCmd struct {
 	args.RegistryCredentials
 
 	Url        string   `group:"misc" help:"Specifies the artifact URL. This argument is required." required:"true"`
-	IgnorePath []string `group:"misc" help:"set paths to ignore in .gitignore format."`
 	Annotation []string `group:"misc" help:"Set custom OCI annotations in the format '<key>=<value>'"`
 	Output     string   `group:"misc" help:"the format in which the artifact digest should be printed, can be 'json' or 'yaml'"`
 
@@ -38,8 +38,31 @@ artifact to an OCI repository.`
 }
 
 func (cmd *ociPushCmd) Run(ctx context.Context) error {
-	if cmd.IgnorePath == nil {
-		cmd.IgnorePath = excludeOCI
+	path, err := cmd.ProjectDir.GetProjectDir()
+	if err != nil {
+		return err
+	}
+
+	repoRoot, err := git.DetectGitRepositoryRoot(path)
+	if err != nil {
+		return err
+	}
+	gitInfo, _, err := git.BuildGitInfo(ctx, repoRoot, path)
+	if err != nil {
+		return err
+	}
+
+	if _, err := os.Stat(path); err != nil {
+		return fmt.Errorf("invalid path '%s', must point to an existing project: %w", path, err)
+	}
+
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return err
+	}
+	ignorePatterns, err := git.LoadGitignore(absPath)
+	if err != nil {
+		return err
 	}
 
 	if cmd.Timeout != 0 {
@@ -60,24 +83,6 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	path, err := cmd.ProjectDir.GetProjectDir()
-	if err != nil {
-		return err
-	}
-
-	repoRoot, err := git.DetectGitRepositoryRoot(path)
-	if err != nil {
-		return err
-	}
-	gitInfo, _, err := git.BuildGitInfo(ctx, repoRoot, path)
-	if err != nil {
-		return err
-	}
-
-	if _, err := os.Stat(path); err != nil {
-		return fmt.Errorf("invalid path '%s', must point to an existing project: %w", path, err)
-	}
-
 	annotations := map[string]string{}
 	for _, annotation := range cmd.Annotation {
 		kv := strings.Split(annotation, "=")
@@ -123,7 +128,7 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 	}
 
 	ociClient := client.NewClient(opts)
-	digestURL, err := ociClient.Push(ctx, url, path, meta, cmd.IgnorePath)
+	digestURL, err := ociClient.Push(ctx, url, path, meta, ignorePatterns)
 	if err != nil {
 		return fmt.Errorf("pushing artifact failed: %w", err)
 	}
diff --git a/pkg/git/utils.go b/pkg/git/utils.go
index f0b3d7f76..88e4e0d18 100644
--- a/pkg/git/utils.go
+++ b/pkg/git/utils.go
@@ -6,6 +6,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
@@ -111,3 +113,14 @@ func parsePorcelainStatus(out string) (git.Status, error) {
 	}
 	return ret, nil
 }
+
+func LoadGitignore(p string) ([]gitignore.Pattern, error) {
+	p = filepath.Clean(p)
+	domain := strings.Split(p, string(filepath.Separator))
+	ignorePatterns, err := sourceignore.LoadIgnorePatterns(p, domain, ".gitignore")
+	if err != nil {
+		return nil, err
+	}
+	ignorePatterns = append(ignorePatterns, sourceignore.ReadPatterns(strings.NewReader(".git"), domain)...)
+	return ignorePatterns, nil
+}
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 3621a1f08..05d6247fb 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -20,6 +20,7 @@ import (
 	"archive/tar"
 	"compress/gzip"
 	"fmt"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
 	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
@@ -30,7 +31,7 @@ import (
 
 // Build archives the given directory as a tarball to the given local path.
 // While archiving, any environment specific data (for example, the user and group name) is stripped from file headers.
-func (c *Client) Build(artifactPath, sourceDir string, ignorePaths []string) (err error) {
+func (c *Client) Build(artifactPath, sourceDir string, ignorePatterns []gitignore.Pattern) (err error) {
 	absDir, err := filepath.Abs(sourceDir)
 	if err != nil {
 		return err
@@ -52,10 +53,7 @@ func (c *Client) Build(artifactPath, sourceDir string, ignorePaths []string) (er
 		}
 	}()
 
-	ignore := strings.Join(ignorePaths, "\n")
-	domain := strings.Split(filepath.Clean(absDir), string(filepath.Separator))
-	ps := sourceignore.ReadPatterns(strings.NewReader(ignore), domain)
-	matcher := sourceignore.NewMatcher(ps)
+	matcher := sourceignore.NewMatcher(ignorePatterns)
 	filter := func(p string, fi os.FileInfo) bool {
 		return matcher.Match(strings.Split(p, string(filepath.Separator)), fi.IsDir())
 	}
@@ -75,7 +73,7 @@ func (c *Client) Build(artifactPath, sourceDir string, ignorePaths []string) (er
 			return nil
 		}
 
-		if len(ignorePaths) > 0 && filter(p, fi) {
+		if len(ignorePatterns) > 0 && filter(p, fi) {
 			return nil
 		}
 
diff --git a/pkg/oci/client/build_test.go b/pkg/oci/client/build_test.go
index e3f4d6afd..439e954bd 100644
--- a/pkg/oci/client/build_test.go
+++ b/pkg/oci/client/build_test.go
@@ -19,6 +19,7 @@ package client
 import (
 	"bytes"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
 	"path/filepath"
@@ -97,7 +98,10 @@ func TestBuild(t *testing.T) {
 			tmpDir := t.TempDir()
 			artifactPath := filepath.Join(tmpDir, "files.tar.gz")
 
-			err := c.Build(artifactPath, tt.path, tt.ignorePath)
+			absPath, _ := filepath.Abs(tt.path)
+			domain := strings.Split(absPath, string(filepath.Separator))
+			patterns := sourceignore.ReadPatterns(strings.NewReader(strings.Join(tt.ignorePath, "\n")), domain)
+			err := c.Build(artifactPath, tt.path, patterns)
 			if tt.expectErr {
 				g.Expect(err).To(HaveOccurred())
 				return
diff --git a/pkg/oci/client/diff.go b/pkg/oci/client/diff.go
index 6ca2bda56..296c7e042 100644
--- a/pkg/oci/client/diff.go
+++ b/pkg/oci/client/diff.go
@@ -21,6 +21,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
 	"io"
 	"os"
 	"path/filepath"
@@ -31,7 +32,7 @@ import (
 
 // Diff compares the files included in an OCI image with the local files in the given path
 // and returns an error if the contents is different
-func (c *Client) Diff(ctx context.Context, url, dir string, ignorePaths []string) error {
+func (c *Client) Diff(ctx context.Context, url, dir string, ignorePatterns []gitignore.Pattern) error {
 	_, err := name.ParseReference(url)
 	if err != nil {
 		return fmt.Errorf("invalid URL: %w", err)
@@ -45,7 +46,7 @@ func (c *Client) Diff(ctx context.Context, url, dir string, ignorePaths []string
 
 	tmpFile := filepath.Join(tmpBuildDir, "artifact.tgz")
 
-	if err := c.Build(tmpFile, dir, ignorePaths); err != nil {
+	if err := c.Build(tmpFile, dir, ignorePatterns); err != nil {
 		return fmt.Errorf("building artifact failed: %w", err)
 	}
 
diff --git a/pkg/oci/client/push.go b/pkg/oci/client/push.go
index 566b3a04a..95145a42f 100644
--- a/pkg/oci/client/push.go
+++ b/pkg/oci/client/push.go
@@ -19,6 +19,7 @@ package client
 import (
 	"context"
 	"fmt"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
 	"os"
 	"path/filepath"
 	"time"
@@ -36,7 +37,7 @@ import (
 
 // Push creates an artifact from the given directory, uploads the artifact
 // to the given OCI repository and returns the digest.
-func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata, ignorePaths []string) (string, error) {
+func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata, ignorePatterns []gitignore.Pattern) (string, error) {
 	ref, err := name.ParseReference(url)
 	if err != nil {
 		return "", fmt.Errorf("invalid URL: %w", err)
@@ -50,7 +51,7 @@ func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata,
 
 	tmpFile := filepath.Join(tmpDir, "artifact.tgz")
 
-	if err := c.Build(tmpFile, sourceDir, ignorePaths); err != nil {
+	if err := c.Build(tmpFile, sourceDir, ignorePatterns); err != nil {
 		return "", err
 	}
 
diff --git a/pkg/oci/sourceignore/sourceignore.go b/pkg/oci/sourceignore/sourceignore.go
index f31bbd9a2..999f21ea0 100644
--- a/pkg/oci/sourceignore/sourceignore.go
+++ b/pkg/oci/sourceignore/sourceignore.go
@@ -102,13 +102,13 @@ func ReadIgnoreFile(path string, domain []string) ([]gitignore.Pattern, error) {
 
 // LoadIgnorePatterns recursively loads the IgnoreFile patterns found
 // in the directory.
-func LoadIgnorePatterns(dir string, domain []string) ([]gitignore.Pattern, error) {
+func LoadIgnorePatterns(dir string, domain []string, ignoreFile string) ([]gitignore.Pattern, error) {
 	// Make a copy of the domain so that the underlying string array of domain
 	// in the gitignore patterns are unique without any side effects.
 	dom := make([]string, len(domain))
 	copy(dom, domain)
 
-	ps, err := ReadIgnoreFile(filepath.Join(dir, IgnoreFile), dom)
+	ps, err := ReadIgnoreFile(filepath.Join(dir, ignoreFile), dom)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +119,7 @@ func LoadIgnorePatterns(dir string, domain []string) ([]gitignore.Pattern, error
 	for _, fi := range fis {
 		if fi.IsDir() && fi.Name() != ".git" {
 			var subps []gitignore.Pattern
-			if subps, err = LoadIgnorePatterns(filepath.Join(dir, fi.Name()), append(dom, fi.Name())); err != nil {
+			if subps, err = LoadIgnorePatterns(filepath.Join(dir, fi.Name()), append(dom, fi.Name()), ignoreFile); err != nil {
 				return nil, err
 			}
 			if len(subps) > 0 {
diff --git a/pkg/oci/sourceignore/sourceignore_test.go b/pkg/oci/sourceignore/sourceignore_test.go
index 804c213ef..f03a74c2d 100644
--- a/pkg/oci/sourceignore/sourceignore_test.go
+++ b/pkg/oci/sourceignore/sourceignore_test.go
@@ -242,7 +242,7 @@ func TestLoadExcludePatterns(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := LoadIgnorePatterns(tt.dir, tt.domain)
+			got, err := LoadIgnorePatterns(tt.dir, tt.domain, IgnoreFile)
 			if err != nil {
 				t.Error(err)
 				return

From 265f3ba599c717f4d19da6b48531edeb5e6208c9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 Oct 2023 11:17:15 +0200
Subject: [PATCH 1765/2268] refactor: Move source overrides into own args
 struct

---
 cmd/kluctl/args/gitops_args.go |  1 +
 cmd/kluctl/args/overrides.go   | 91 ++++++++++++++++++++++++++++++++++
 cmd/kluctl/args/project.go     |  5 +-
 cmd/kluctl/commands/utils.go   | 74 ++-------------------------
 4 files changed, 96 insertions(+), 75 deletions(-)
 create mode 100644 cmd/kluctl/args/overrides.go

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 9a982b0f1..659a5fbd2 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -25,6 +25,7 @@ type GitOpsLogArgs struct {
 }
 
 type GitOpsOverridableArgs struct {
+	SourceOverrides
 	TargetFlagsBase
 	ArgsFlags
 	ImageFlags
diff --git a/cmd/kluctl/args/overrides.go b/cmd/kluctl/args/overrides.go
new file mode 100644
index 000000000..d5ea80317
--- /dev/null
+++ b/cmd/kluctl/args/overrides.go
@@ -0,0 +1,91 @@
+package args
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"strings"
+)
+
+type SourceOverrides struct {
+	LocalGitOverride      []string `group:"project" help:"Specify a single repository local git override in the form of 'github.com/my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
+	LocalGitGroupOverride []string `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com/some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
+	LocalOciOverride      []string `group:"project" help:"Same as --local-git-override, but for OCI repositories."`
+	LocalOciGroupOverride []string `group:"project" help:"Same as --local-git-group-override, but for OCI repositories."`
+}
+
+func (a *SourceOverrides) ParseOverrides(ctx context.Context) ([]repocache.RepoOverride, []repocache.RepoOverride, error) {
+	var gitRepoOverrides []repocache.RepoOverride
+	var ociRepoOverrides []repocache.RepoOverride
+	for _, x := range a.LocalGitOverride {
+		ro, err := a.parseRepoOverride(ctx, x, false, "git", true)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid --local-git-override: %w", err)
+		}
+		gitRepoOverrides = append(gitRepoOverrides, ro)
+	}
+	for _, x := range a.LocalGitGroupOverride {
+		ro, err := a.parseRepoOverride(ctx, x, true, "git", true)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid --local-git-group-override: %w", err)
+		}
+		gitRepoOverrides = append(gitRepoOverrides, ro)
+	}
+	for _, x := range a.LocalOciOverride {
+		ro, err := a.parseRepoOverride(ctx, x, false, "oci", false)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid --local-oci-override: %w", err)
+		}
+		ociRepoOverrides = append(ociRepoOverrides, ro)
+	}
+	for _, x := range a.LocalOciGroupOverride {
+		ro, err := a.parseRepoOverride(ctx, x, true, "oci", false)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid --local-oci-group-override: %w", err)
+		}
+		ociRepoOverrides = append(ociRepoOverrides, ro)
+	}
+	return gitRepoOverrides, ociRepoOverrides, nil
+}
+
+func (a *SourceOverrides) parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string, allowLegacy bool) (repocache.RepoOverride, error) {
+	sp := strings.SplitN(s, "=", 2)
+	if len(sp) != 2 {
+		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
+	}
+
+	repoKey, err := types.ParseRepoKey(sp[0], type_)
+	if err != nil {
+		if !allowLegacy {
+			return repocache.RepoOverride{}, err
+		}
+
+		// try as legacy repo key
+		u, err2 := types.ParseGitUrl(sp[0])
+		if err2 != nil {
+			// return original error
+			return repocache.RepoOverride{}, err
+		}
+
+		x := u.Host
+		if !strings.HasPrefix(u.Path, "/") {
+			x += "/"
+		}
+		x += u.Path
+		repoKey, err2 = types.ParseRepoKey(x, type_)
+		if err2 != nil {
+			// return original error
+			return repocache.RepoOverride{}, err
+		}
+
+		status.Deprecation(ctx, "old-repo-override", "Passing --local-git-override/--local-git-override-group in the example.com:path form is deprecated and will not be supported in future versions of Kluctl. Please use the example.com/path form.")
+	}
+
+	return repocache.RepoOverride{
+		RepoKey:  repoKey,
+		IsGroup:  isGroup,
+		Override: sp[1],
+	}, nil
+}
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index e72c74eac..cf26fdaab 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -25,15 +25,12 @@ func (a ProjectDir) GetProjectDir() (string, error) {
 
 type ProjectFlags struct {
 	ProjectDir
+	SourceOverrides
 
 	ProjectConfig ExistingFileType `group:"project" short:"c" help:"Location of the .kluctl.yaml config file. Defaults to $PROJECT/.kluctl.yaml" exts:"yml,yaml"`
 
 	Timeout                time.Duration `group:"project" help:"Specify timeout for all operations, including loading of the project, all external api calls and waiting for readiness." default:"10m"`
 	GitCacheUpdateInterval time.Duration `group:"project" help:"Specify the time to wait between git cache updates. Defaults to not wait at all and always updating caches."`
-	LocalGitOverride       []string      `group:"project" help:"Specify a single repository local git override in the form of 'github.com/my-org/my-repo=/local/path/to/override'. This will cause kluctl to not use git to clone for the specified repository but instead use the local directory. This is useful in case you need to test out changes in external git repositories without pushing them."`
-	LocalGitGroupOverride  []string      `group:"project" help:"Same as --local-git-override, but for a whole group prefix instead of a single repository. All repositories that have the given prefix will be overridden with the given local path and the repository suffix appended. For example, 'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override all repositories below 'gitlab.com/some-org/sub-org/' with the repositories found in '/local/path/to/my-forks'. It will however only perform an override if the given repository actually exists locally and otherwise revert to the actual (non-overridden) repository."`
-	LocalOciOverride       []string      `group:"project" help:"Same as --local-git-override, but for OCI repositories."`
-	LocalOciGroupOverride  []string      `group:"project" help:"Same as --local-git-group-override, but for OCI repositories."`
 }
 
 type ArgsFlags struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a27c42627..18ee01f45 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -19,7 +19,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/rest"
@@ -27,7 +26,6 @@ import (
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
 	client2 "sigs.k8s.io/controller-runtime/pkg/client"
-	"strings"
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
@@ -65,35 +63,9 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	sshPool := &ssh_pool.SshPool{}
 
-	var gitRepoOverrides []repocache.RepoOverride
-	var ociRepoOverrides []repocache.RepoOverride
-	for _, x := range projectFlags.LocalGitOverride {
-		ro, err := parseRepoOverride(ctx, x, false, "git", true)
-		if err != nil {
-			return fmt.Errorf("invalid --local-git-override: %w", err)
-		}
-		gitRepoOverrides = append(gitRepoOverrides, ro)
-	}
-	for _, x := range projectFlags.LocalGitGroupOverride {
-		ro, err := parseRepoOverride(ctx, x, true, "git", true)
-		if err != nil {
-			return fmt.Errorf("invalid --local-git-group-override: %w", err)
-		}
-		gitRepoOverrides = append(gitRepoOverrides, ro)
-	}
-	for _, x := range projectFlags.LocalOciOverride {
-		ro, err := parseRepoOverride(ctx, x, false, "oci", false)
-		if err != nil {
-			return fmt.Errorf("invalid --local-oci-override: %w", err)
-		}
-		ociRepoOverrides = append(ociRepoOverrides, ro)
-	}
-	for _, x := range projectFlags.LocalOciGroupOverride {
-		ro, err := parseRepoOverride(ctx, x, true, "oci", false)
-		if err != nil {
-			return fmt.Errorf("invalid --local-oci-group-override: %w", err)
-		}
-		ociRepoOverrides = append(ociRepoOverrides, ro)
+	gitRepoOverrides, ociRepoOverrides, err := projectFlags.SourceOverrides.ParseOverrides(ctx)
+	if err != nil {
+		return err
 	}
 
 	messageCallbacks := &messages.MessageCallbacks{
@@ -300,46 +272,6 @@ func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config,
 	}
 }
 
-func parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string, allowLegacy bool) (repocache.RepoOverride, error) {
-	sp := strings.SplitN(s, "=", 2)
-	if len(sp) != 2 {
-		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
-	}
-
-	repoKey, err := types.ParseRepoKey(sp[0], type_)
-	if err != nil {
-		if !allowLegacy {
-			return repocache.RepoOverride{}, err
-		}
-
-		// try as legacy repo key
-		u, err2 := types.ParseGitUrl(sp[0])
-		if err2 != nil {
-			// return original error
-			return repocache.RepoOverride{}, err
-		}
-
-		x := u.Host
-		if !strings.HasPrefix(u.Path, "/") {
-			x += "/"
-		}
-		x += u.Path
-		repoKey, err2 = types.ParseRepoKey(x, type_)
-		if err2 != nil {
-			// return original error
-			return repocache.RepoOverride{}, err
-		}
-
-		status.Deprecation(ctx, "old-repo-override", "Passing --local-git-override/--local-git-override-group in the example.com:path form is deprecated and will not be supported in future versions of Kluctl. Please use the example.com/path form.")
-	}
-
-	return repocache.RepoOverride{
-		RepoKey:  repoKey,
-		IsGroup:  isGroup,
-		Override: sp[1],
-	}, nil
-}
-
 func buildResultStoreRO(ctx context.Context, restConfig *rest.Config, mapper meta.RESTMapper, flags *args.CommandResultReadOnlyFlags) (results.ResultStore, error) {
 	if flags == nil {
 		return nil, nil

From ed17fad5d45f1f6014fe407e0bfb299b953e499a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 Oct 2023 09:22:31 +0200
Subject: [PATCH 1766/2268] refactor: Introduce sourceoverride manager and
 client interface

---
 cmd/kluctl/args/overrides.go  | 38 ++++++++++----------
 cmd/kluctl/commands/utils.go  |  6 ++--
 pkg/repocache/git_cache.go    | 22 ++++++------
 pkg/repocache/oci_cache.go    | 14 +++++---
 pkg/repocache/utils.go        | 47 ------------------------
 pkg/sourceoverride/manager.go | 68 +++++++++++++++++++++++++++++++++++
 6 files changed, 109 insertions(+), 86 deletions(-)
 delete mode 100644 pkg/repocache/utils.go
 create mode 100644 pkg/sourceoverride/manager.go

diff --git a/cmd/kluctl/args/overrides.go b/cmd/kluctl/args/overrides.go
index d5ea80317..cee013b74 100644
--- a/cmd/kluctl/args/overrides.go
+++ b/cmd/kluctl/args/overrides.go
@@ -3,7 +3,7 @@ package args
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strings"
@@ -16,57 +16,57 @@ type SourceOverrides struct {
 	LocalOciGroupOverride []string `group:"project" help:"Same as --local-git-group-override, but for OCI repositories."`
 }
 
-func (a *SourceOverrides) ParseOverrides(ctx context.Context) ([]repocache.RepoOverride, []repocache.RepoOverride, error) {
-	var gitRepoOverrides []repocache.RepoOverride
-	var ociRepoOverrides []repocache.RepoOverride
+func (a *SourceOverrides) ParseOverrides(ctx context.Context) (*sourceoverride.Manager, error) {
+	var overrides []sourceoverride.RepoOverride
 	for _, x := range a.LocalGitOverride {
 		ro, err := a.parseRepoOverride(ctx, x, false, "git", true)
 		if err != nil {
-			return nil, nil, fmt.Errorf("invalid --local-git-override: %w", err)
+			return nil, fmt.Errorf("invalid --local-git-override: %w", err)
 		}
-		gitRepoOverrides = append(gitRepoOverrides, ro)
+		overrides = append(overrides, ro)
 	}
 	for _, x := range a.LocalGitGroupOverride {
 		ro, err := a.parseRepoOverride(ctx, x, true, "git", true)
 		if err != nil {
-			return nil, nil, fmt.Errorf("invalid --local-git-group-override: %w", err)
+			return nil, fmt.Errorf("invalid --local-git-group-override: %w", err)
 		}
-		gitRepoOverrides = append(gitRepoOverrides, ro)
+		overrides = append(overrides, ro)
 	}
 	for _, x := range a.LocalOciOverride {
 		ro, err := a.parseRepoOverride(ctx, x, false, "oci", false)
 		if err != nil {
-			return nil, nil, fmt.Errorf("invalid --local-oci-override: %w", err)
+			return nil, fmt.Errorf("invalid --local-oci-override: %w", err)
 		}
-		ociRepoOverrides = append(ociRepoOverrides, ro)
+		overrides = append(overrides, ro)
 	}
 	for _, x := range a.LocalOciGroupOverride {
 		ro, err := a.parseRepoOverride(ctx, x, true, "oci", false)
 		if err != nil {
-			return nil, nil, fmt.Errorf("invalid --local-oci-group-override: %w", err)
+			return nil, fmt.Errorf("invalid --local-oci-group-override: %w", err)
 		}
-		ociRepoOverrides = append(ociRepoOverrides, ro)
+		overrides = append(overrides, ro)
 	}
-	return gitRepoOverrides, ociRepoOverrides, nil
+	m := sourceoverride.NewManager(overrides)
+	return m, nil
 }
 
-func (a *SourceOverrides) parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string, allowLegacy bool) (repocache.RepoOverride, error) {
+func (a *SourceOverrides) parseRepoOverride(ctx context.Context, s string, isGroup bool, type_ string, allowLegacy bool) (sourceoverride.RepoOverride, error) {
 	sp := strings.SplitN(s, "=", 2)
 	if len(sp) != 2 {
-		return repocache.RepoOverride{}, fmt.Errorf("%s", s)
+		return sourceoverride.RepoOverride{}, fmt.Errorf("%s", s)
 	}
 
 	repoKey, err := types.ParseRepoKey(sp[0], type_)
 	if err != nil {
 		if !allowLegacy {
-			return repocache.RepoOverride{}, err
+			return sourceoverride.RepoOverride{}, err
 		}
 
 		// try as legacy repo key
 		u, err2 := types.ParseGitUrl(sp[0])
 		if err2 != nil {
 			// return original error
-			return repocache.RepoOverride{}, err
+			return sourceoverride.RepoOverride{}, err
 		}
 
 		x := u.Host
@@ -77,13 +77,13 @@ func (a *SourceOverrides) parseRepoOverride(ctx context.Context, s string, isGro
 		repoKey, err2 = types.ParseRepoKey(x, type_)
 		if err2 != nil {
 			// return original error
-			return repocache.RepoOverride{}, err
+			return sourceoverride.RepoOverride{}, err
 		}
 
 		status.Deprecation(ctx, "old-repo-override", "Passing --local-git-override/--local-git-override-group in the example.com:path form is deprecated and will not be supported in future versions of Kluctl. Please use the example.com/path form.")
 	}
 
-	return repocache.RepoOverride{
+	return sourceoverride.RepoOverride{
 		RepoKey:  repoKey,
 		IsGroup:  isGroup,
 		Override: sp[1],
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 18ee01f45..50c9744fa 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -63,7 +63,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 	sshPool := &ssh_pool.SshPool{}
 
-	gitRepoOverrides, ociRepoOverrides, err := projectFlags.SourceOverrides.ParseOverrides(ctx)
+	sourceOverrides, err := projectFlags.SourceOverrides.ParseOverrides(ctx)
 	if err != nil {
 		return err
 	}
@@ -88,10 +88,10 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		ociAuth.RegisterAuthProvider(x, false)
 	}
 
-	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, gitRepoOverrides, projectFlags.GitCacheUpdateInterval)
+	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuth, sourceOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
-	ociRp := repocache.NewOciRepoCache(ctx, ociAuth, ociRepoOverrides, projectFlags.GitCacheUpdateInterval)
+	ociRp := repocache.NewOciRepoCache(ctx, ociAuth, sourceOverrides, projectFlags.GitCacheUpdateInterval)
 	defer gitRp.Clear()
 
 	externalArgs, err := argsFlags.LoadArgs()
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 01cee0234..eca3c5052 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"path"
@@ -30,7 +31,7 @@ type GitRepoCache struct {
 	repos      map[types.RepoKey]*GitCacheEntry
 	reposMutex sync.Mutex
 
-	repoOverrides []RepoOverride
+	repoOverrides sourceoverride.Client
 
 	cleanupDirs      []string
 	cleanupDirsMutex sync.Mutex
@@ -54,19 +55,12 @@ type RepoInfo struct {
 	DefaultRef types.GitRef      `json:"defaultRef"`
 }
 
-type RepoOverride struct {
-	RepoKey  types.RepoKey
-	Ref      string
-	Override string
-	IsGroup  bool
-}
-
 type clonedDir struct {
 	dir  string
 	info git.CheckoutInfo
 }
 
-func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, repoOverrides []RepoOverride, updateInterval time.Duration) *GitRepoCache {
+func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, repoOverrides sourceoverride.Client, updateInterval time.Duration) *GitRepoCache {
 	return &GitRepoCache{
 		ctx:            ctx,
 		sshPool:        sshPool,
@@ -93,9 +87,13 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 
 	repoKey := url.RepoKey()
 
-	overridePath, err := findRepoOverride(rp.repoOverrides, repoKey)
-	if err != nil {
-		return nil, err
+	var overridePath string
+	var err error
+	if rp.repoOverrides != nil {
+		_, overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if overridePath != "" {
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 3e913929a..cfc3b6de3 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -30,7 +31,7 @@ type OciRepoCache struct {
 	repos      map[types.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
-	repoOverrides []RepoOverride
+	repoOverrides sourceoverride.Client
 
 	cleanupDirs      []string
 	cleanupDirsMutex sync.Mutex
@@ -47,7 +48,7 @@ type OciCacheEntry struct {
 	overridePath string
 }
 
-func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthProvider, repoOverrides []RepoOverride, updateInterval time.Duration) *OciRepoCache {
+func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthProvider, repoOverrides sourceoverride.Client, updateInterval time.Duration) *OciRepoCache {
 	return &OciRepoCache{
 		ctx:             ctx,
 		updateInterval:  updateInterval,
@@ -81,9 +82,12 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 
 	repoKey := types.NewRepoKey("oci", urlN.Host, urlN.Path)
 
-	overridePath, err := findRepoOverride(rp.repoOverrides, repoKey)
-	if err != nil {
-		return nil, err
+	var overridePath string
+	if rp.repoOverrides != nil {
+		_, overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if overridePath != "" {
diff --git a/pkg/repocache/utils.go b/pkg/repocache/utils.go
deleted file mode 100644
index 70f61809d..000000000
--- a/pkg/repocache/utils.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package repocache
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"os"
-	"path"
-	"strings"
-)
-
-func findRepoOverride(repoOverrides []RepoOverride, repoKey types.RepoKey) (string, error) {
-	for _, ro := range repoOverrides {
-		if ro.RepoKey.Type != repoKey.Type {
-			continue
-		}
-		if ro.RepoKey.Host != repoKey.Host {
-			continue
-		}
-
-		var overridePath string
-		if ro.IsGroup {
-			prefix := ro.RepoKey.Path + "/"
-			if !strings.HasPrefix(repoKey.Path, prefix) {
-				continue
-			}
-			relPath := strings.TrimPrefix(repoKey.Path, prefix)
-			overridePath = path.Join(ro.Override, relPath)
-		} else {
-			if ro.RepoKey.Path != repoKey.Path {
-				continue
-			}
-			overridePath = ro.Override
-		}
-
-		if st, err := os.Stat(overridePath); err != nil {
-			if os.IsNotExist(err) {
-				continue
-			}
-			return "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
-		} else if !st.IsDir() {
-			return "", fmt.Errorf("can not override repo %s. %s is not a directory", repoKey.String(), overridePath)
-		}
-
-		return overridePath, nil
-	}
-	return "", nil
-}
diff --git a/pkg/sourceoverride/manager.go b/pkg/sourceoverride/manager.go
new file mode 100644
index 000000000..c367a209f
--- /dev/null
+++ b/pkg/sourceoverride/manager.go
@@ -0,0 +1,68 @@
+package sourceoverride
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"os"
+	"path"
+	"strings"
+)
+
+type Client interface {
+	ResolveOverride(ctx context.Context, repoKey types.RepoKey) (*RepoOverride, string, error)
+}
+
+type RepoOverride struct {
+	RepoKey  types.RepoKey `json:"repoKey"`
+	Override string        `json:"override"`
+	IsGroup  bool          `json:"isGroup"`
+}
+
+type Manager struct {
+	repoOverrides []RepoOverride
+}
+
+func NewManager(overrides []RepoOverride) *Manager {
+	return &Manager{
+		repoOverrides: overrides,
+	}
+}
+
+func (m *Manager) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (*RepoOverride, string, error) {
+	for _, ro := range m.repoOverrides {
+		if ro.RepoKey.Type != repoKey.Type {
+			continue
+		}
+		if ro.RepoKey.Host != repoKey.Host {
+			continue
+		}
+
+		var overridePath string
+		if ro.IsGroup {
+			prefix := ro.RepoKey.Path + "/"
+			if !strings.HasPrefix(repoKey.Path, prefix) {
+				continue
+			}
+			relPath := strings.TrimPrefix(repoKey.Path, prefix)
+			overridePath = path.Join(ro.Override, relPath)
+		} else {
+			if ro.RepoKey.Path != repoKey.Path {
+				continue
+			}
+			overridePath = ro.Override
+		}
+
+		if st, err := os.Stat(overridePath); err != nil {
+			if os.IsNotExist(err) {
+				continue
+			}
+			return nil, "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
+		} else if !st.IsDir() {
+			return nil, "", fmt.Errorf("can not override repo %s. %s is not a directory", repoKey.String(), overridePath)
+		}
+
+		return &ro, overridePath, nil
+	}
+	return nil, "", nil
+}

From 6b0a86accacaf5f8ac87e70f13e7ee621dbbe5fd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 Oct 2023 22:33:54 +0200
Subject: [PATCH 1767/2268] feat: Add sourceOverrides to KluctlDeployment

---
 api/v1beta1/kluctldeployment_types.go         | 15 ++++
 api/v1beta1/zz_generated.deepcopy.go          | 21 +++++
 .../gitops.kluctl.io_kluctldeployments.yaml   | 15 ++++
 docs/gitops/api/kluctl-controller.md          | 79 +++++++++++++++++++
 install/controller/controller/crd.yaml        | 15 ++++
 .../kluctldeployment_controller_source.go     | 29 ++++++-
 6 files changed, 170 insertions(+), 4 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 5304c76e7..f0feb01d4 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -42,12 +42,18 @@ const (
 	// reconciliation loop. The patched KluctlDeployment is in-memory only and not persisted. The annotation is removed
 	// immediately after it is read.
 	KluctlOnetimePatchAnnotation = "kluctl.io/gitops-onetime-patch"
+
+	SourceOverrideScheme = "grpc+source-override"
 )
 
 type KluctlDeploymentSpec struct {
 	// Specifies the project source location
 	Source ProjectSource `json:"source"`
 
+	// Specifies source overrides
+	// +optional
+	SourceOverrides []SourceOverride `json:"sourceOverrides,omitempty"`
+
 	// Credentials specifies the credentials used when pulling sources
 	// +optional
 	Credentials ProjectCredentials `json:"credentials,omitempty"`
@@ -312,6 +318,15 @@ type ProjectSourceOci struct {
 	Path string `json:"path,omitempty"`
 }
 
+type SourceOverride struct {
+	// +required
+	RepoKey types.RepoKey `json:"repoKey"`
+	// +required
+	Url string `json:"url"`
+	// +optional
+	IsGroup bool `json:"isGroup,omitempty"`
+}
+
 type ProjectCredentials struct {
 	// Git specifies a list of git credentials
 	// +optional
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 488eef25f..3fb31f363 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -126,6 +126,11 @@ func (in *KluctlDeploymentList) DeepCopyObject() runtime.Object {
 func (in *KluctlDeploymentSpec) DeepCopyInto(out *KluctlDeploymentSpec) {
 	*out = *in
 	in.Source.DeepCopyInto(&out.Source)
+	if in.SourceOverrides != nil {
+		in, out := &in.SourceOverrides, &out.SourceOverrides
+		*out = make([]SourceOverride, len(*in))
+		copy(*out, *in)
+	}
 	in.Credentials.DeepCopyInto(&out.Credentials)
 	if in.Decryption != nil {
 		in, out := &in.Decryption, &out.Decryption
@@ -559,3 +564,19 @@ func (in *SecretKeyReference) DeepCopy() *SecretKeyReference {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SourceOverride) DeepCopyInto(out *SourceOverride) {
+	*out = *in
+	out.RepoKey = in.RepoKey
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceOverride.
+func (in *SourceOverride) DeepCopy() *SourceOverride {
+	if in == nil {
+		return nil
+	}
+	out := new(SourceOverride)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 7f879f91e..b01f54a08 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -559,6 +559,21 @@ spec:
                       in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
+              sourceOverrides:
+                description: Specifies source overrides
+                items:
+                  properties:
+                    isGroup:
+                      type: boolean
+                    repoKey:
+                      type: string
+                    url:
+                      type: string
+                  required:
+                  - repoKey
+                  - url
+                  type: object
+                type: array
               suspend:
                 description: This flag tells the controller to suspend subsequent
                   kluctl executions, it does not apply to already started executions.
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 3fed1bde4..6970d40fc 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -166,6 +166,20 @@ ProjectSource
 </tr>
 <tr>
 <td>
+<code>sourceOverrides</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SourceOverride">
+[]SourceOverride
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Specifies source overrides</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>credentials</code><br>
 <em>
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">
@@ -652,6 +666,20 @@ ProjectSource
 </tr>
 <tr>
 <td>
+<code>sourceOverrides</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.SourceOverride">
+[]SourceOverride
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Specifies source overrides</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>credentials</code><br>
 <em>
 <a href="#gitops.kluctl.io/v1beta1.ProjectCredentials">
@@ -2180,6 +2208,57 @@ string
 </table>
 </div>
 </div>
+<h3 id="gitops.kluctl.io/v1beta1.SourceOverride">SourceOverride
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentSpec">KluctlDeploymentSpec</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>repoKey</code><br>
+<em>
+github.com/kluctl/kluctl/v2/pkg/types.RepoKey
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>url</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>isGroup</code><br>
+<em>
+bool
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <div class="admonition note">
 <p class="last">This page was automatically generated with <code>gen-crd-api-reference-docs</code></p>
 </div>
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 581a7531d..76594318c 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -559,6 +559,21 @@ spec:
                       in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
+              sourceOverrides:
+                description: Specifies source overrides
+                items:
+                  properties:
+                    isGroup:
+                      type: boolean
+                    repoKey:
+                      type: string
+                    url:
+                      type: string
+                  required:
+                  - repoKey
+                  - url
+                  type: object
+                type: array
               suspend:
                 description: This flag tells the controller to suspend subsequent
                   kluctl executions, it does not apply to already started executions.
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 3256c4e69..45710fd64 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -13,6 +13,7 @@ import (
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
@@ -21,6 +22,7 @@ import (
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"slices"
 	"strings"
 )
 
@@ -45,6 +47,25 @@ type helmRepoSecrets struct {
 	secret        corev1.Secret
 }
 
+func (r *KluctlDeploymentReconciler) buildRepoOverrides(ctx context.Context, obj *kluctlv1.KluctlDeployment) ([]sourceoverride.RepoOverride, error) {
+	var ret []sourceoverride.RepoOverride
+	for _, x := range obj.Spec.SourceOverrides {
+		u, err := url.Parse(x.Url)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse source override: %w", err)
+		}
+		if slices.Index(kluctlv1.SourceOverrideSchemes, u.Scheme) == -1 {
+			return nil, fmt.Errorf("invalid scheme in source override url")
+		}
+		ret = append(ret, sourceoverride.RepoOverride{
+			RepoKey:  x.RepoKey,
+			Override: u.String(),
+			IsGroup:  x.IsGroup,
+		})
+	}
+	return ret, nil
+}
+
 func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source kluctlv1.ProjectSource, credentials kluctlv1.ProjectCredentials, objNs string) ([]gitRepoSecrets, error) {
 	var ret []gitRepoSecrets
 
@@ -386,7 +407,7 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCacheKey(secrets []ociRepoSecre
 	return h2, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets) (*repocache.GitRepoCache, error) {
+func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets, soClient sourceoverride.Client) (*repocache.GitRepoCache, error) {
 	key, err := r.buildGitRepoCacheKey(secrets)
 	if err != nil {
 		return nil, err
@@ -405,11 +426,11 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 		return nil, err
 	}
 
-	rc := repocache.NewGitRepoCache(ctx, r.SshPool, ga, nil, 0)
+	rc := repocache.NewGitRepoCache(ctx, r.SshPool, ga, soClient, 0)
 	return rc, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
+func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets, soClient sourceoverride.Client) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
 	key, err := r.buildOciRepoCacheKey(secrets)
 	if err != nil {
 		return nil, nil, err
@@ -428,6 +449,6 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secr
 		return nil, nil, err
 	}
 
-	rc := repocache.NewOciRepoCache(ctx, ociAuthProvider, nil, 0)
+	rc := repocache.NewOciRepoCache(ctx, ociAuthProvider, soClient, 0)
 	return rc, ociAuthProvider, nil
 }

From 4396d262195f130890dd18593eea6550bee5fd09 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 20 Oct 2023 22:34:14 +0200
Subject: [PATCH 1768/2268] feat: Implement source overrides for gitops
 sub-commands

---
 cmd/kluctl/commands/cmd_controller_run.go     |  24 +-
 cmd/kluctl/commands/cmd_gitops.go             |  90 ++++
 go.mod                                        |  71 +++
 go.sum                                        | 294 +++++++++++
 pkg/controllers/kluctl_project.go             |  22 +-
 .../kluctldeployment_controller_source.go     |  57 ++-
 pkg/repocache/git_cache.go                    |   6 +-
 pkg/repocache/oci_cache.go                    |   6 +-
 pkg/sourceoverride/chained.go                 |  29 ++
 pkg/sourceoverride/generate.go                |   3 +
 pkg/sourceoverride/manager.go                 |  74 +--
 pkg/sourceoverride/proxyclient_cli.go         | 269 ++++++++++
 pkg/sourceoverride/proxyclient_controller.go  | 106 ++++
 pkg/sourceoverride/proxyserver.go             | 213 ++++++++
 pkg/sourceoverride/sourceoverride.pb.go       | 469 ++++++++++++++++++
 pkg/sourceoverride/sourceoverride.proto       |  34 ++
 pkg/sourceoverride/sourceoverride_grpc.pb.go  | 170 +++++++
 pkg/utils/thread_safe_cache.go                |  43 +-
 18 files changed, 1913 insertions(+), 67 deletions(-)
 create mode 100644 pkg/sourceoverride/chained.go
 create mode 100644 pkg/sourceoverride/generate.go
 create mode 100644 pkg/sourceoverride/proxyclient_cli.go
 create mode 100644 pkg/sourceoverride/proxyclient_controller.go
 create mode 100644 pkg/sourceoverride/proxyserver.go
 create mode 100644 pkg/sourceoverride/sourceoverride.pb.go
 create mode 100644 pkg/sourceoverride/sourceoverride.proto
 create mode 100644 pkg/sourceoverride/sourceoverride_grpc.pb.go

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 4b4ea1961..0f764b952 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -7,6 +7,8 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -41,10 +43,12 @@ type controllerRunCmd struct {
 	Context    string `group:"misc" help:"Override the context to use."`
 	Namespace  string `group:"misc" help:"Specify the namespace to watch. If omitted, all namespaces are watched."`
 
-	MetricsBindAddress     string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
-	HealthProbeBindAddress string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
-	LeaderElect            bool   `group:"misc" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
-	Concurrency            int    `group:"misc" help:"Configures how many KluctlDeployments can be be reconciled concurrently." default:"4"`
+	MetricsBindAddress        string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
+	HealthProbeBindAddress    string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
+	SourceOverrideBindAddress string `group:"misc" help:"The address the source override manager endpoint binds to." default:":8082"`
+
+	LeaderElect bool `group:"misc" help:"Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager."`
+	Concurrency int  `group:"misc" help:"Configures how many KluctlDeployments can be be reconciled concurrently." default:"4"`
 
 	DefaultServiceAccount string `group:"misc" help:"Default service account used for impersonation."`
 	DryRun                bool   `group:"misc" help:"Run all deployments in dryRun=true mode."`
@@ -136,6 +140,18 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 
 	sshPool := &ssh_pool.SshPool{}
 
+	var soProxyServer *sourceoverride.ProxyServerImpl
+	if cmd.SourceOverrideBindAddress != "0" {
+		soProxyServer = sourceoverride.NewProxyServerImpl(ctx)
+		go func() {
+			err = soProxyServer.Start(cmd.SourceOverrideBindAddress)
+			if err != nil {
+				status.Error(ctx, err.Error())
+			}
+		}()
+		defer soProxyServer.Stop()
+	}
+
 	r := controllers.KluctlDeploymentReconciler{
 		ControllerName:        controllerName,
 		DefaultServiceAccount: cmd.DefaultServiceAccount,
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 259a0e6b8..1c35396b5 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -10,17 +10,22 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	flag "github.com/spf13/pflag"
+	v12 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	"math/rand"
+	"net/url"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sync"
 	"time"
@@ -46,9 +51,13 @@ type gitopsCmdHelper struct {
 
 	kds []v1beta1.KluctlDeployment
 
+	restConfig   *rest.Config
 	client       client.Client
 	corev1Client *v1.CoreV1Client
 
+	soResolver *sourceoverride.Manager
+	soClient   *sourceoverride.ProxyClientCli
+
 	resultStore results.ResultStore
 
 	logsMutex          sync.Mutex
@@ -96,6 +105,8 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		return err
 	}
 
+	g.restConfig = restConfig
+
 	_, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, restConfig)
 	if err != nil {
 		return err
@@ -182,6 +193,11 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		return err
 	}
 
+	err = g.initSourceOverrides(ctx)
+	if err != nil {
+		return err
+	}
+
 	s.Success()
 
 	return nil
@@ -332,6 +348,24 @@ func (g *gitopsCmdHelper) buildOnetimePatch(ctx context.Context, kdIn *v1beta1.K
 		return nil, err
 	}
 
+	var proxyUrl *url.URL
+	if len(g.soResolver.Overrides) != 0 {
+		if g.soClient == nil {
+			return nil, fmt.Errorf("local source overrides present but no connection to source override proxy established")
+		}
+		proxyUrl, err = g.soClient.BuildProxyUrl()
+		if err != nil {
+			return nil, err
+		}
+	}
+	for _, ro := range g.soResolver.Overrides {
+		kd.Spec.SourceOverrides = append(kd.Spec.SourceOverrides, v1beta1.SourceOverride{
+			RepoKey: ro.RepoKey,
+			Url:     proxyUrl.String(),
+			IsGroup: ro.IsGroup,
+		})
+	}
+
 	kdOrigS, err := yaml.WriteJsonString(kdIn)
 	if err != nil {
 		return nil, err
@@ -564,6 +598,62 @@ func (g *gitopsCmdHelper) flushLogLines(ctx context.Context, needLock bool) {
 	}
 }
 
+func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
+	var err error
+	g.soResolver, err = g.overridableArgs.SourceOverrides.ParseOverrides(ctx)
+	if err != nil {
+		return err
+	}
+
+	if len(g.soResolver.Overrides) == 0 {
+		return nil
+	}
+
+	controllerNamespace := "kluctl-system"
+	pods, err := g.corev1Client.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
+		LabelSelector: "control-plane=kluctl-controller",
+	})
+	if err != nil {
+		return err
+	}
+	var pod *v12.Pod
+	if len(pods.Items) > 0 {
+		pod = &pods.Items[rand.Int()%len(pods.Items)]
+	}
+
+	soClient, err := sourceoverride.NewClientCli(ctx, g.soResolver)
+	if err != nil {
+		return err
+	}
+
+	if pod != nil {
+		err = soClient.ConnectToPod(g.restConfig, *pod)
+		if err != nil {
+			return err
+		}
+	} else {
+		err = soClient.Connect("localhost:8082")
+		if err != nil {
+			return err
+		}
+	}
+	g.soClient = soClient
+
+	err = g.soClient.Handshake()
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		err := soClient.Start()
+		if err != nil {
+			status.Error(ctx, err.Error())
+		}
+	}()
+
+	return nil
+}
+
 func init() {
 	utilruntime.Must(v1beta1.AddToScheme(scheme.Scheme))
 }
diff --git a/go.mod b/go.mod
index 2cb38ac63..9001b06d5 100644
--- a/go.mod
+++ b/go.mod
@@ -128,6 +128,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
@@ -141,10 +142,14 @@ require (
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/containerd v1.7.6 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
@@ -152,11 +157,14 @@ require (
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
+	github.com/elastic/gosigar v0.14.2 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/flynn/noise v1.0.0 // indirect
+	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
@@ -173,16 +181,21 @@ require (
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/gopacket v1.1.19 // indirect
+	github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
@@ -191,6 +204,7 @@ require (
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/gorilla/sessions v1.2.1 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -203,8 +217,18 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/huin/goupnp v1.2.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/ipfs/boxo v0.10.0 // indirect
+	github.com/ipfs/go-cid v0.4.1 // indirect
+	github.com/ipfs/go-datastore v0.6.0 // indirect
+	github.com/ipfs/go-log v1.0.5 // indirect
+	github.com/ipfs/go-log/v2 v2.5.1 // indirect
+	github.com/ipld/go-ipld-prime v0.20.0 // indirect
+	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
+	github.com/jbenet/goprocess v0.1.4 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -212,15 +236,35 @@ require (
 	github.com/karrick/godirwalk v1.17.0 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/koron/go-ssdp v0.0.4 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.9 // indirect
+	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
+	github.com/libp2p/go-cidranger v1.1.0 // indirect
+	github.com/libp2p/go-flow-metrics v0.1.0 // indirect
+	github.com/libp2p/go-libp2p v0.31.0 // indirect
+	github.com/libp2p/go-libp2p-asn-util v0.3.0 // indirect
+	github.com/libp2p/go-libp2p-kad-dht v0.25.1 // indirect
+	github.com/libp2p/go-libp2p-kbucket v0.6.3 // indirect
+	github.com/libp2p/go-libp2p-record v0.2.0 // indirect
+	github.com/libp2p/go-libp2p-routing-helpers v0.7.2 // indirect
+	github.com/libp2p/go-msgio v0.3.0 // indirect
+	github.com/libp2p/go-nat v0.2.0 // indirect
+	github.com/libp2p/go-netroute v0.2.1 // indirect
+	github.com/libp2p/go-reuseport v0.4.0 // indirect
+	github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/miekg/dns v1.1.55 // indirect
+	github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
+	github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -232,18 +276,39 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/mr-tron/base58 v1.2.0 // indirect
+	github.com/multiformats/go-base32 v0.1.0 // indirect
+	github.com/multiformats/go-base36 v0.2.0 // indirect
+	github.com/multiformats/go-multiaddr v0.11.0 // indirect
+	github.com/multiformats/go-multiaddr-dns v0.3.1 // indirect
+	github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
+	github.com/multiformats/go-multibase v0.2.0 // indirect
+	github.com/multiformats/go-multicodec v0.9.0 // indirect
+	github.com/multiformats/go-multihash v0.2.3 // indirect
+	github.com/multiformats/go-multistream v0.4.1 // indirect
+	github.com/multiformats/go-varint v0.0.7 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.13.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/polydawn/refmt v0.89.0 // indirect
 	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/quic-go/qpack v0.4.0 // indirect
+	github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
+	github.com/quic-go/quic-go v0.38.1 // indirect
+	github.com/quic-go/webtransport-go v0.5.3 // indirect
+	github.com/raulk/go-watchdog v1.3.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -253,6 +318,7 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
@@ -262,6 +328,7 @@ require (
 	github.com/urfave/cli v1.22.14 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
@@ -274,6 +341,8 @@ require (
 	go.opentelemetry.io/otel/metric v1.16.0 // indirect
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
+	go.uber.org/dig v1.17.0 // indirect
+	go.uber.org/fx v1.20.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
@@ -282,6 +351,7 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	gonum.org/v1/gonum v0.13.0 // indirect
 	google.golang.org/api v0.146.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
@@ -298,6 +368,7 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
 	k8s.io/kubectl v0.28.2 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	lukechampine.com/blake3 v1.2.1 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 4dc0277dc..75ddea590 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
@@ -49,9 +51,14 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
+dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
+dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
@@ -108,6 +115,7 @@ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -151,6 +159,8 @@ github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
 github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
+github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -162,8 +172,10 @@ github.com/bitnami-labs/sealed-secrets v0.24.2 h1:6RELDjQk+1WvrgkOJX9Y3aRyMBda3J
 github.com/bitnami-labs/sealed-secrets v0.24.2/go.mod h1:uQUgGnyOmGPUb6tCMRdhOKKHo2xJGwoxSqDYaWZZ+Hc=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
+github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
@@ -193,12 +205,14 @@ github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLI
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
@@ -209,6 +223,12 @@ github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSk
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
 github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
+github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -220,6 +240,10 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
+github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
@@ -242,10 +266,15 @@ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/elastic/gosigar v0.12.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
+github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4=
+github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
@@ -270,10 +299,16 @@ github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBD
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
+github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
 github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
+github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
+github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
@@ -282,6 +317,7 @@ github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/Fl
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
 github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -289,8 +325,10 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -346,6 +384,7 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
@@ -362,7 +401,12 @@ github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
@@ -373,6 +417,7 @@ github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -380,6 +425,8 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -422,9 +469,13 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
 github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -442,6 +493,10 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo=
+github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
+github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ=
+github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -453,11 +508,14 @@ github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
 github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
+github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -471,12 +529,16 @@ github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/z
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -512,6 +574,8 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY=
+github.com/huin/goupnp v1.2.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -519,8 +583,30 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/ipfs/boxo v0.10.0 h1:tdDAxq8jrsbRkYoF+5Rcqyeb91hgWe2hp7iLu7ORZLY=
+github.com/ipfs/boxo v0.10.0/go.mod h1:Fg+BnfxZ0RPzR0nOodzdIq3A7KgoWAOWsEIImrIQdBM=
+github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=
+github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=
+github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=
+github.com/ipfs/go-datastore v0.6.0/go.mod h1:rt5M3nNbSO/8q1t4LNkLyUwRs8HupMeN/8O4Vn9YAT8=
+github.com/ipfs/go-detect-race v0.0.1/go.mod h1:8BNT7shDZPo99Q74BpGMK+4D8Mn4j46UU0LZ723meps=
+github.com/ipfs/go-log v1.0.5 h1:2dOuUCB1Z7uoczMWgAyDck5JLb72zHzrMnGnCNNbvY8=
+github.com/ipfs/go-log v1.0.5/go.mod h1:j0b8ZoR+7+R99LD9jZ6+AJsrzkPbSXbZfGakb5JPtIo=
+github.com/ipfs/go-log/v2 v2.1.3/go.mod h1:/8d0SH3Su5Ooc31QlL1WysJhvyOTDCjcCZ9Axpmri6g=
+github.com/ipfs/go-log/v2 v2.5.1 h1:1XdUzF7048prq4aBjDQQ4SL5RxftpRGdXhNRwKSAlcY=
+github.com/ipfs/go-log/v2 v2.5.1/go.mod h1:prSpmC1Gpllc9UYWxDiZDreBYw7zp4Iqp1kOLU9U5UI=
+github.com/ipld/go-ipld-prime v0.20.0 h1:Ud3VwE9ClxpO2LkCYP7vWPc0Fo+dYdYzgxUJZ3uRG4g=
+github.com/ipld/go-ipld-prime v0.20.0/go.mod h1:PzqZ/ZR981eKbgdr3y2DJYeD/8bgMawdGVlJDE8kK+M=
+github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
+github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
+github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk=
+github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk=
+github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0o=
+github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4=
+github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
@@ -539,11 +625,13 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
 github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
@@ -558,6 +646,8 @@ github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2 h1:PvJ+c944vAYt+D
 github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0=
+github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -565,6 +655,7 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
@@ -580,10 +671,40 @@ github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNa
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
+github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
+github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c=
+github.com/libp2p/go-cidranger v1.1.0/go.mod h1:KWZTfSr+r9qEo9OkI9/SIEeAtw+NNoU0dXIXt15Okic=
+github.com/libp2p/go-flow-metrics v0.1.0 h1:0iPhMI8PskQwzh57jB9WxIuIOQ0r+15PChFGkx3Q3WM=
+github.com/libp2p/go-flow-metrics v0.1.0/go.mod h1:4Xi8MX8wj5aWNDAZttg6UPmc0ZrnFNsMtpsYUClFtro=
+github.com/libp2p/go-libp2p v0.31.0 h1:LFShhP8F6xthWiBBq3euxbKjZsoRajVEyBS9snfHxYg=
+github.com/libp2p/go-libp2p v0.31.0/go.mod h1:W/FEK1c/t04PbRH3fA9i5oucu5YcgrG0JVoBWT1B7Eg=
+github.com/libp2p/go-libp2p-asn-util v0.3.0 h1:gMDcMyYiZKkocGXDQ5nsUQyquC9+H+iLEQHwOCZ7s8s=
+github.com/libp2p/go-libp2p-asn-util v0.3.0/go.mod h1:B1mcOrKUE35Xq/ASTmQ4tN3LNzVVaMNmq2NACuqyB9w=
+github.com/libp2p/go-libp2p-kad-dht v0.25.1 h1:ofFNrf6MMEy4vi3R1VbJ7LOcTn3Csh0cDcaWHTxtWNA=
+github.com/libp2p/go-libp2p-kad-dht v0.25.1/go.mod h1:6za56ncRHYXX4Nc2vn8z7CZK0P4QiMcrn77acKLM2Oo=
+github.com/libp2p/go-libp2p-kbucket v0.6.3 h1:p507271wWzpy2f1XxPzCQG9NiN6R6lHL9GiSErbQQo0=
+github.com/libp2p/go-libp2p-kbucket v0.6.3/go.mod h1:RCseT7AH6eJWxxk2ol03xtP9pEHetYSPXOaJnOiD8i0=
+github.com/libp2p/go-libp2p-record v0.2.0 h1:oiNUOCWno2BFuxt3my4i1frNrt7PerzB3queqa1NkQ0=
+github.com/libp2p/go-libp2p-record v0.2.0/go.mod h1:I+3zMkvvg5m2OcSdoL0KPljyJyvNDFGKX7QdlpYUcwk=
+github.com/libp2p/go-libp2p-routing-helpers v0.7.2 h1:xJMFyhQ3Iuqnk9Q2dYE1eUTzsah7NLw3Qs2zjUV78T0=
+github.com/libp2p/go-libp2p-routing-helpers v0.7.2/go.mod h1:cN4mJAD/7zfPKXBcs9ze31JGYAZgzdABEm+q/hkswb8=
+github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
+github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM=
+github.com/libp2p/go-nat v0.2.0 h1:Tyz+bUFAYqGyJ/ppPPymMGbIgNRH+WqC5QrT5fKrrGk=
+github.com/libp2p/go-nat v0.2.0/go.mod h1:3MJr+GRpRkyT65EpVPBstXLvOlAPzUVlG6Pwg9ohLJk=
+github.com/libp2p/go-netroute v0.2.1 h1:V8kVrpD8GK0Riv15/7VN6RbUQ3URNZVosw7H2v9tksU=
+github.com/libp2p/go-netroute v0.2.1/go.mod h1:hraioZr0fhBjG0ZRXJJ6Zj2IVEVNx6tDTFQfSmcq7mQ=
+github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s=
+github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU=
+github.com/libp2p/go-yamux/v4 v4.0.1 h1:FfDR4S1wj6Bw2Pqbc8Uz7pCxeRBPbwsBbEdfwiCypkQ=
+github.com/libp2p/go-yamux/v4 v4.0.1/go.mod h1:NWjl8ZTLOGlozrXSOZ/HlfG++39iKNnM5wwmtQP1YB4=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
+github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
@@ -592,6 +713,8 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY
 github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk=
+github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -599,6 +722,7 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -610,8 +734,21 @@ github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
 github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
 github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc=
+github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b/go.mod h1:lxPUiZwKoFL8DUUmalo2yJJUCxbPKtm8OKfqr2/FTNU=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc h1:PTfri+PuQmWDqERdnNMiD9ZejrlswWrCpBEZgWOiTrc=
+github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc/go.mod h1:cGKTAVKx4SxOuR/czcZ/E2RSJ3sfHs8FpHhQ5CWMf9s=
+github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
+github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
+github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
+github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -648,11 +785,41 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
+github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
+github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
+github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
+github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
+github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo=
+github.com/multiformats/go-multiaddr v0.2.0/go.mod h1:0nO36NvPpyV4QzvTLi/lafl2y95ncPj0vFwVF6k6wJ4=
+github.com/multiformats/go-multiaddr v0.11.0 h1:XqGyJ8ufbCE0HmTDwx2kPdsrQ36AGPZNZX6s6xfJH10=
+github.com/multiformats/go-multiaddr v0.11.0/go.mod h1:gWUm0QLR4thQ6+ZF6SXUw8YjtwQSPapICM+NmCkxHSM=
+github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A=
+github.com/multiformats/go-multiaddr-dns v0.3.1/go.mod h1:G/245BRQ6FJGmryJCrOuTdB37AMA5AMOVuO6NY3JwTk=
+github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
+github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo=
+github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
+github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk=
+github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3IbPKOXWJkmg=
+github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k=
+github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew=
+github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
+github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
+github.com/multiformats/go-multistream v0.4.1 h1:rFy0Iiyn3YT0asivDUIR05leAdwZq3de4741sbiSdfo=
+github.com/multiformats/go-multistream v0.4.1/go.mod h1:Mz5eykRVAjJWckE2U78c6xqdtyNUEhKSM0Lwar2p77Q=
+github.com/multiformats/go-varint v0.0.1/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE=
+github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
+github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
+github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
 github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
@@ -663,12 +830,20 @@ github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/
 github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
+github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
+github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
+github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
 github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -687,9 +862,12 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
+github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
+github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
@@ -700,17 +878,29 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
 github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
+github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
+github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
+github.com/quic-go/qtls-go1-20 v0.3.3 h1:17/glZSLI9P9fDAeyCHBFSWSqJcwx1byhLwP5eUIDCM=
+github.com/quic-go/qtls-go1-20 v0.3.3/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
+github.com/quic-go/quic-go v0.38.1 h1:M36YWA5dEhEeT+slOu/SwMEucbYd0YFidxG3KlGPZaE=
+github.com/quic-go/quic-go v0.38.1/go.mod h1:ijnZM7JsFIkp4cRyjxJNIzdSfCLmUMg9wdyhGmg+SN4=
+github.com/quic-go/webtransport-go v0.5.3 h1:5XMlzemqB4qmOlgIus5zB45AcZ2kCgCy2EptUrfOPWU=
+github.com/quic-go/webtransport-go v0.5.3/go.mod h1:OhmmgJIzTTqXK5xvtuX0oBpLV2GkLWNDA+UeTGJXErU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
+github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk=
+github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -719,6 +909,8 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
 github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -728,19 +920,49 @@ github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9c
 github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
+github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
+github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
+github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
+github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
+github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
+github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
+github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
+github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
+github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
+github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
+github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
+github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
+github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
+github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
+github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
+github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
+github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
+github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
+github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
 github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -771,6 +993,7 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/go-reflector v0.5.6 h1:hKQ0gyocG7vgMD2M3dRlYN6WBBOmdoOzJ6njQSepKdE=
 github.com/tkrajina/go-reflector v0.5.6/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
@@ -782,12 +1005,19 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
 github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
+github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
+github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
+github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -811,6 +1041,7 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
+go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -827,26 +1058,43 @@ go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZE
 go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/dig v1.17.0 h1:5Chju+tUvcC+N7N6EV08BJz41UZuO3BmHcN4A287ZLI=
+go.uber.org/dig v1.17.0/go.mod h1:rTxpf7l5I0eBTlE6/9RL+lDybC7WFwY2QH55ZSjy1mU=
+go.uber.org/fx v1.20.0 h1:ZMC/pnRvhsthOZh9MZjMq5U8Or3mA9zBSPaLnzs3ihQ=
+go.uber.org/fx v1.20.0/go.mod h1:qCUj0btiR3/JnanEr1TYEePfSw6o/4qYJscgvzQ5Ub0=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
+go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
 go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
+go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
 golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -870,6 +1118,7 @@ golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjs
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -898,10 +1147,14 @@ golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -929,6 +1182,7 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -939,6 +1193,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -949,6 +1205,7 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -964,12 +1221,16 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
 golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -984,6 +1245,7 @@ golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -994,6 +1256,7 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1003,6 +1266,7 @@ golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1010,6 +1274,7 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1042,17 +1307,22 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -1062,6 +1332,8 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1096,6 +1368,7 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
@@ -1107,6 +1380,11 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.13.0 h1:a0T3bh+7fhRyqeNbiC3qVHYmkiQgit3wnNan/2c0HMM=
+gonum.org/v1/gonum v0.13.0/go.mod h1:/WPYRckkfWrhWefxyYTfrTtQR0KH4iyHNuzxqXAKyAU=
+google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
+google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1129,6 +1407,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.146.0 h1:9aBYT4vQXt9dhCuLNfwfd3zpwu8atg0yPkjBymwSrOM=
 google.golang.org/api v0.146.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
@@ -1137,6 +1417,10 @@ google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
+google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1178,6 +1462,9 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 h1:
 google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1230,14 +1517,17 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
+grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
 helm.sh/helm/v3 v3.13.1 h1:DG+XLGzBJeZvMLlMbm6bPDLV1dGaVW9eZsDoUd1/LM0=
 helm.sh/helm/v3 v3.13.1/go.mod h1:TdQRMiq46CSWcc68Hb0uVhvAWusaN90YwAV54cz6JzU=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1267,6 +1557,8 @@ k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=
 k8s.io/kubectl v0.28.2/go.mod h1:6EQWTPySF1fn7yKoQZHYf9TPwIl2AygHEcJoxFekr64=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
+lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
@@ -1290,3 +1582,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6Lv
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
+sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 52880c8fc..05e3d7c8f 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -16,6 +16,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/prometheus/client_golang/prometheus"
@@ -58,6 +59,8 @@ type preparedProject struct {
 	tmpDir     string
 	repoDir    string
 	projectDir string
+
+	soClients []*sourceoverride.ProxyClientController
 }
 
 type preparedTarget struct {
@@ -90,6 +93,17 @@ func prepareProject(ctx context.Context,
 
 	pp.tmpDir = tmpDir
 
+	pp.soClients, err = r.buildSourceOverridesClients(ctx, obj)
+	if err != nil {
+		return nil, err
+	}
+
+	var resolvers []sourceoverride.Resolver
+	for _, x := range pp.soClients {
+		resolvers = append(resolvers, x)
+	}
+	resolver := sourceoverride.NewChainedResolver(resolvers)
+
 	gitSecrets, err := r.getGitSecrets(ctx, pp.obj.Spec.Source, pp.obj.Spec.Credentials, obj.GetNamespace())
 	if err != nil {
 		return nil, err
@@ -105,12 +119,12 @@ func prepareProject(ctx context.Context,
 		return nil, err
 	}
 
-	pp.gitRP, err = r.buildGitRepoCache(ctx, gitSecrets)
+	pp.gitRP, err = r.buildGitRepoCache(ctx, gitSecrets, resolver)
 	if err != nil {
 		return nil, err
 	}
 
-	pp.ociRP, pp.ociAuthProvider, err = r.buildOciRepoCache(ctx, ociSecrets)
+	pp.ociRP, pp.ociAuthProvider, err = r.buildOciRepoCache(ctx, ociSecrets, resolver)
 	if err != nil {
 		return nil, err
 	}
@@ -175,6 +189,10 @@ func (pp *preparedProject) cleanup() {
 		pp.gitRP.Clear()
 		pp.gitRP = nil
 	}
+	for _, c := range pp.soClients {
+		_ = c.Close()
+		c.Cleanup()
+	}
 }
 
 func (pp *preparedProject) newTarget() *preparedTarget {
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 45710fd64..ae3e61880 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -22,7 +22,6 @@ import (
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"slices"
 	"strings"
 )
 
@@ -47,23 +46,53 @@ type helmRepoSecrets struct {
 	secret        corev1.Secret
 }
 
-func (r *KluctlDeploymentReconciler) buildRepoOverrides(ctx context.Context, obj *kluctlv1.KluctlDeployment) ([]sourceoverride.RepoOverride, error) {
-	var ret []sourceoverride.RepoOverride
+func (r *KluctlDeploymentReconciler) buildSourceOverridesClients(ctx context.Context, obj *kluctlv1.KluctlDeployment) ([]*sourceoverride.ProxyClientController, error) {
+	cleanup := true
+	m := map[string]*sourceoverride.ProxyClientController{}
+
+	defer func() {
+		if cleanup {
+			for _, c := range m {
+				_ = c.Close()
+				c.Cleanup()
+			}
+		}
+	}()
+
 	for _, x := range obj.Spec.SourceOverrides {
+		if _, ok := m[x.Url]; ok {
+			continue
+		}
+
 		u, err := url.Parse(x.Url)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse source override: %w", err)
+			return nil, fmt.Errorf("failed to parse override url: %w", err)
 		}
-		if slices.Index(kluctlv1.SourceOverrideSchemes, u.Scheme) == -1 {
-			return nil, fmt.Errorf("invalid scheme in source override url")
+
+		if u.Scheme != kluctlv1.SourceOverrideScheme {
+			return nil, fmt.Errorf("unsupported source override url scheme: %s", u.Scheme)
 		}
-		ret = append(ret, sourceoverride.RepoOverride{
-			RepoKey:  x.RepoKey,
-			Override: u.String(),
-			IsGroup:  x.IsGroup,
-		})
+
+		serverId := strings.TrimPrefix(u.Path, "/")
+
+		c, err := sourceoverride.NewClientController(serverId, x.RepoKey, x.IsGroup)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create source override client: %w", err)
+		}
+
+		err = c.Connect(ctx, u.Host)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create source override client: %w", err)
+		}
+
+		m[x.Url] = c
 	}
-	return ret, nil
+	var l []*sourceoverride.ProxyClientController
+	for _, c := range m {
+		l = append(l, c)
+	}
+	cleanup = false
+	return l, nil
 }
 
 func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source kluctlv1.ProjectSource, credentials kluctlv1.ProjectCredentials, objNs string) ([]gitRepoSecrets, error) {
@@ -407,7 +436,7 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCacheKey(secrets []ociRepoSecre
 	return h2, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets, soClient sourceoverride.Client) (*repocache.GitRepoCache, error) {
+func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets, soClient sourceoverride.Resolver) (*repocache.GitRepoCache, error) {
 	key, err := r.buildGitRepoCacheKey(secrets)
 	if err != nil {
 		return nil, err
@@ -430,7 +459,7 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 	return rc, nil
 }
 
-func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets, soClient sourceoverride.Client) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
+func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets, soClient sourceoverride.Resolver) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
 	key, err := r.buildOciRepoCacheKey(secrets)
 	if err != nil {
 		return nil, nil, err
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index eca3c5052..c9d793dd4 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -31,7 +31,7 @@ type GitRepoCache struct {
 	repos      map[types.RepoKey]*GitCacheEntry
 	reposMutex sync.Mutex
 
-	repoOverrides sourceoverride.Client
+	repoOverrides sourceoverride.Resolver
 
 	cleanupDirs      []string
 	cleanupDirsMutex sync.Mutex
@@ -60,7 +60,7 @@ type clonedDir struct {
 	info git.CheckoutInfo
 }
 
-func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, repoOverrides sourceoverride.Client, updateInterval time.Duration) *GitRepoCache {
+func NewGitRepoCache(ctx context.Context, sshPool *ssh_pool.SshPool, authProviders *auth.GitAuthProviders, repoOverrides sourceoverride.Resolver, updateInterval time.Duration) *GitRepoCache {
 	return &GitRepoCache{
 		ctx:            ctx,
 		sshPool:        sshPool,
@@ -90,7 +90,7 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 	var overridePath string
 	var err error
 	if rp.repoOverrides != nil {
-		_, overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
+		overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index cfc3b6de3..61bad26a3 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -31,7 +31,7 @@ type OciRepoCache struct {
 	repos      map[types.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
-	repoOverrides sourceoverride.Client
+	repoOverrides sourceoverride.Resolver
 
 	cleanupDirs      []string
 	cleanupDirsMutex sync.Mutex
@@ -48,7 +48,7 @@ type OciCacheEntry struct {
 	overridePath string
 }
 
-func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthProvider, repoOverrides sourceoverride.Client, updateInterval time.Duration) *OciRepoCache {
+func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthProvider, repoOverrides sourceoverride.Resolver, updateInterval time.Duration) *OciRepoCache {
 	return &OciRepoCache{
 		ctx:             ctx,
 		updateInterval:  updateInterval,
@@ -84,7 +84,7 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 
 	var overridePath string
 	if rp.repoOverrides != nil {
-		_, overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
+		overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/sourceoverride/chained.go b/pkg/sourceoverride/chained.go
new file mode 100644
index 000000000..5d4564b43
--- /dev/null
+++ b/pkg/sourceoverride/chained.go
@@ -0,0 +1,29 @@
+package sourceoverride
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+)
+
+type ChainedResolver struct {
+	resolvers []Resolver
+}
+
+func NewChainedResolver(resolvers []Resolver) *ChainedResolver {
+	return &ChainedResolver{
+		resolvers: resolvers,
+	}
+}
+
+func (c *ChainedResolver) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
+	for _, x := range c.resolvers {
+		p, err := x.ResolveOverride(ctx, repoKey)
+		if err != nil {
+			return "", err
+		}
+		if p != "" {
+			return p, nil
+		}
+	}
+	return "", nil
+}
diff --git a/pkg/sourceoverride/generate.go b/pkg/sourceoverride/generate.go
new file mode 100644
index 000000000..0a4ebf5a5
--- /dev/null
+++ b/pkg/sourceoverride/generate.go
@@ -0,0 +1,3 @@
+package sourceoverride
+
+//go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sourceoverride.proto
diff --git a/pkg/sourceoverride/manager.go b/pkg/sourceoverride/manager.go
index c367a209f..6572d20fe 100644
--- a/pkg/sourceoverride/manager.go
+++ b/pkg/sourceoverride/manager.go
@@ -4,13 +4,15 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 )
 
-type Client interface {
-	ResolveOverride(ctx context.Context, repoKey types.RepoKey) (*RepoOverride, string, error)
+type Resolver interface {
+	ResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error)
 }
 
 type RepoOverride struct {
@@ -19,50 +21,66 @@ type RepoOverride struct {
 	IsGroup  bool          `json:"isGroup"`
 }
 
+func (ro *RepoOverride) Match(repoKey types.RepoKey) (string, bool) {
+	if ro.RepoKey.Type != repoKey.Type {
+		return "", false
+	}
+	if ro.RepoKey.Host != repoKey.Host {
+		return "", false
+	}
+
+	var overridePath string
+	if ro.IsGroup {
+		prefix := ro.RepoKey.Path + "/"
+		if !strings.HasPrefix(repoKey.Path, prefix) {
+			return "", false
+		}
+		relPath := strings.TrimPrefix(repoKey.Path, prefix)
+		overridePath = path.Join(ro.Override, relPath)
+	} else {
+		if ro.RepoKey.Path != repoKey.Path {
+			return "", false
+		}
+		overridePath = ro.Override
+	}
+
+	return overridePath, true
+}
+
 type Manager struct {
-	repoOverrides []RepoOverride
+	Overrides []RepoOverride
 }
 
 func NewManager(overrides []RepoOverride) *Manager {
 	return &Manager{
-		repoOverrides: overrides,
+		Overrides: overrides,
 	}
 }
 
-func (m *Manager) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (*RepoOverride, string, error) {
-	for _, ro := range m.repoOverrides {
-		if ro.RepoKey.Type != repoKey.Type {
-			continue
-		}
-		if ro.RepoKey.Host != repoKey.Host {
+func (m *Manager) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
+	for _, ro := range m.Overrides {
+		overridePath, ok := ro.Match(repoKey)
+		if !ok {
 			continue
 		}
 
-		var overridePath string
-		if ro.IsGroup {
-			prefix := ro.RepoKey.Path + "/"
-			if !strings.HasPrefix(repoKey.Path, prefix) {
-				continue
-			}
-			relPath := strings.TrimPrefix(repoKey.Path, prefix)
-			overridePath = path.Join(ro.Override, relPath)
-		} else {
-			if ro.RepoKey.Path != repoKey.Path {
-				continue
-			}
-			overridePath = ro.Override
-		}
+		overridePath = filepath.FromSlash(overridePath)
 
 		if st, err := os.Stat(overridePath); err != nil {
 			if os.IsNotExist(err) {
 				continue
 			}
-			return nil, "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
+			return "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
 		} else if !st.IsDir() {
-			return nil, "", fmt.Errorf("can not override repo %s. %s is not a directory", repoKey.String(), overridePath)
+			return "", fmt.Errorf("can not override repo %s. %s is not a directory", repoKey.String(), overridePath)
+		}
+
+		err := utils.CheckInDir(ro.Override, overridePath)
+		if err != nil {
+			return "", fmt.Errorf("can not override repo %s with %s: %w", repoKey.String(), overridePath, err)
 		}
 
-		return &ro, overridePath, nil
+		return overridePath, nil
 	}
-	return nil, "", nil
+	return "", nil
 }
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
new file mode 100644
index 000000000..846957f65
--- /dev/null
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -0,0 +1,269 @@
+package sourceoverride
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"github.com/google/uuid"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	"io"
+	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/portforward"
+	"k8s.io/client-go/transport/spdy"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+)
+
+type ProxyClientCli struct {
+	ctx context.Context
+
+	resolver Resolver
+	serverId string
+
+	pod     *v1.Pod
+	podPort int
+	podFW   *portforward.PortForwarder
+
+	target string
+
+	grpcConn *grpc.ClientConn
+	stream   Proxy_ProxyStreamClient
+	smClient ProxyClient
+}
+
+func NewClientCli(ctx context.Context, resolver Resolver) (*ProxyClientCli, error) {
+	s := &ProxyClientCli{
+		ctx:      ctx,
+		resolver: resolver,
+		serverId: uuid.NewString(),
+	}
+	return s, nil
+}
+
+func (c *ProxyClientCli) BuildProxyUrl() (*url.URL, error) {
+	var host string
+	if c.pod != nil {
+		host = fmt.Sprintf("%s:%d", c.pod.Status.PodIP, c.podPort)
+	} else {
+		host = c.target
+	}
+	u := fmt.Sprintf("%s://%s/%s", kluctlv1.SourceOverrideScheme, host, c.serverId)
+	return url.Parse(u)
+}
+
+func (c *ProxyClientCli) ConnectToPod(restConfig *rest.Config, pod v1.Pod) error {
+	var err error
+	c.podPort, err = c.findPodPort(pod, "source-override")
+	if err != nil {
+		return err
+	}
+
+	fw, err := c.newPodPortForward(restConfig, pod, c.podPort)
+	if err != nil {
+		return err
+	}
+	c.podFW = fw
+	c.pod = &pod
+
+	ports, err := fw.GetPorts()
+	if err != nil {
+		return err
+	}
+
+	return c.Connect(fmt.Sprintf("localhost:%d", ports[0].Local))
+}
+
+func (c *ProxyClientCli) Connect(target string) error {
+	grpcConn, err := grpc.DialContext(c.ctx, target,
+		grpc.WithBlock(),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	if err != nil {
+		return err
+	}
+	c.grpcConn = grpcConn
+
+	c.smClient = NewProxyClient(c.grpcConn)
+	c.target = target
+
+	return nil
+}
+
+func (c *ProxyClientCli) findPodPort(pod v1.Pod, portName string) (int, error) {
+	for _, c := range pod.Spec.Containers {
+		for _, p := range c.Ports {
+			if p.Name == portName {
+				return int(p.ContainerPort), nil
+			}
+		}
+	}
+	return 0, fmt.Errorf("pod does not have containerPort with name %s", portName)
+}
+
+func (c *ProxyClientCli) newPodPortForward(restConfig *rest.Config, pod v1.Pod, podPort int) (*portforward.PortForwarder, error) {
+	cv1Client, err := corev1.NewForConfig(restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	req := cv1Client.RESTClient().Post().
+		Resource("pods").
+		Namespace(pod.Namespace).
+		Name(pod.Name).
+		SubResource("portforward")
+
+	transport, upgrader, err := spdy.RoundTripperFor(restConfig)
+	if err != nil {
+		return nil, err
+	}
+	dialer := spdy.NewDialer(upgrader, &http.Client{Transport: transport}, "POST", req.URL())
+
+	readyCh := make(chan struct{})
+	fw, err := portforward.New(dialer, []string{fmt.Sprintf(":%d", podPort)}, c.ctx.Done(), readyCh, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	go func() {
+		_ = fw.ForwardPorts()
+	}()
+
+	<-readyCh
+
+	return fw, err
+}
+
+func (c *ProxyClientCli) Handshake() error {
+	var err error
+	c.stream, err = c.smClient.ProxyStream(c.ctx)
+	if err != nil {
+		return err
+	}
+
+	msg := &ProxyResponse{
+		Auth: &Auth{
+			ServerId: c.serverId,
+		},
+	}
+	err = c.stream.Send(msg)
+	if err != nil {
+		return err
+	}
+	resp, err := c.stream.Recv()
+	if err != nil {
+		return err
+	}
+	if resp.AuthError == nil {
+		return fmt.Errorf("missing authError")
+	}
+	if *resp.AuthError != "" {
+		return errors.New(*resp.AuthError)
+	}
+	return nil
+}
+
+func (c *ProxyClientCli) Start() error {
+	for {
+		req, err := c.stream.Recv()
+		if err != nil {
+			if err == io.EOF {
+				return nil
+			}
+			return err
+		}
+		if req.Request == nil {
+			return fmt.Errorf("missing request")
+		}
+		var resp ResolveOverrideResponse
+		b, err := c.handleRequest(req.Request)
+		if err != nil {
+			resp.Error = utils.StrPtr(err.Error())
+		} else {
+			resp.Artifact = b
+		}
+
+		err = c.stream.Send(&ProxyResponse{
+			Response: &resp,
+		})
+		if err != nil {
+			return err
+		}
+	}
+}
+
+func (c *ProxyClientCli) handleRequest(req *ResolveOverrideRequest) ([]byte, error) {
+	ctx := c.stream.Context()
+
+	repoKey, err := types.ParseRepoKey(req.RepoKey, "")
+	if err != nil {
+		return nil, fmt.Errorf("invalid RepoKey: %w", err)
+	}
+	if repoKey.Type == "" {
+		return nil, fmt.Errorf("missing type in RepoKey")
+	}
+
+	p, err := c.resolver.ResolveOverride(ctx, repoKey)
+	if err != nil {
+		return nil, fmt.Errorf("ResolveOverride failed: %w", err)
+	}
+	if p == "" {
+		return nil, nil
+	}
+
+	status.Infof(c.ctx, "Controller requested override for %s", req.RepoKey)
+
+	cleanup := false
+	f, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "so-*.tgz")
+	if err != nil {
+		return nil, fmt.Errorf("failed to create temp file: %w", err)
+	}
+	f.Close()
+	defer func() {
+		if cleanup {
+			_ = os.Remove(f.Name())
+		}
+	}()
+
+	absPath, err := filepath.Abs(p)
+	if err != nil {
+		return nil, err
+	}
+	ignorePatterns, err := git.LoadGitignore(absPath)
+	if err != nil {
+		return nil, err
+	}
+
+	ociClient := oci_client.NewClient(nil)
+	err = ociClient.Build(f.Name(), p, ignorePatterns)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build artifact: %w", err)
+	}
+
+	st, err := os.Stat(f.Name())
+	if err != nil {
+		return nil, fmt.Errorf("failed to stat artifact: %w", err)
+	}
+	if st.Size() > maxTarSize {
+		return nil, fmt.Errorf("tgz is too large: %d", st.Size())
+	}
+
+	b, err := os.ReadFile(f.Name())
+	if err != nil {
+		return nil, fmt.Errorf("failed to read artifact: %w", err)
+	}
+
+	status.Infof(c.ctx, "Sending source override tarball with %d bytes", len(b))
+
+	return b, nil
+}
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
new file mode 100644
index 000000000..d569231d2
--- /dev/null
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -0,0 +1,106 @@
+package sourceoverride
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"github.com/kluctl/kluctl/v2/pkg/tar"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	"os"
+)
+
+type ProxyClientController struct {
+	serverId string
+	repoKey  types.RepoKey
+	isGroup  bool
+
+	grpcConn *grpc.ClientConn
+	smClient ProxyClient
+
+	cache utils.ThreadSafeCache[types.RepoKey, string]
+}
+
+func NewClientController(serverId string, repoKey types.RepoKey, isGroup bool) (*ProxyClientController, error) {
+	s := &ProxyClientController{
+		serverId: serverId,
+		repoKey:  repoKey,
+		isGroup:  isGroup,
+	}
+	return s, nil
+}
+
+func (c *ProxyClientController) Close() error {
+	return c.grpcConn.Close()
+}
+
+func (c *ProxyClientController) Cleanup() {
+	c.cache.ForEach(func(k types.RepoKey, v string) {
+		_ = os.RemoveAll(v)
+	})
+}
+
+func (c *ProxyClientController) Connect(ctx context.Context, target string) error {
+	grpcConn, err := grpc.DialContext(ctx, target,
+		grpc.WithBlock(),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)),
+	)
+	if err != nil {
+		return err
+	}
+	c.grpcConn = grpcConn
+	c.smClient = NewProxyClient(c.grpcConn)
+	return nil
+}
+
+func (c *ProxyClientController) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
+	tmp := RepoOverride{
+		RepoKey: c.repoKey,
+		IsGroup: c.isGroup,
+	}
+	if _, ok := tmp.Match(repoKey); !ok {
+		return "", nil
+	}
+
+	return c.cache.Get(repoKey, func() (string, error) {
+		return c.doResolveOverride(ctx, repoKey)
+	})
+}
+
+func (c *ProxyClientController) doResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
+	msg := &ProxyRequest{
+		ServerId: c.serverId,
+		Request: &ResolveOverrideRequest{
+			RepoKey: repoKey.String(),
+		},
+	}
+	resp, err := c.smClient.ResolveOverride(ctx, msg)
+	if err != nil {
+		return "", err
+	}
+	if resp.Error != nil {
+		return "", errors.New(*resp.Error)
+	}
+	if resp.Artifact == nil {
+		return "", nil
+	}
+
+	cleanup := true
+	dir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "source-override-*")
+	defer func() {
+		if cleanup {
+			_ = os.RemoveAll(dir)
+		}
+	}()
+
+	err = tar.Untar(bytes.NewReader(resp.Artifact), dir, tar.WithMaxUntarSize(maxUntarSize), tar.WithSkipSymlinks())
+	if err != nil {
+		return "", err
+	}
+
+	cleanup = false
+	return dir, nil
+}
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
new file mode 100644
index 000000000..7404d6368
--- /dev/null
+++ b/pkg/sourceoverride/proxyserver.go
@@ -0,0 +1,213 @@
+package sourceoverride
+
+import (
+	"context"
+	"fmt"
+	"google.golang.org/grpc"
+	"net"
+	"sync"
+)
+
+const (
+	maxTarSize   = 32 * 1024 * 1024
+	maxUntarSize = 64 * 1024 * 1024
+	maxMsgSize   = maxTarSize + 1024
+)
+
+type ProxyServerImpl struct {
+	UnimplementedProxyServer
+
+	ctx context.Context
+
+	mutex       sync.Mutex
+	connections map[string]*ProxyConnection
+	grpcServer  *grpc.Server
+}
+
+type ProxyConnection struct {
+	server *ProxyServerImpl
+
+	id     string
+	stream Proxy_ProxyStreamServer
+
+	requestsCh chan *wrappedRequest
+	stopCh     chan struct{}
+	doneCh     chan struct{}
+}
+
+type wrappedRequest struct {
+	req    *ResolveOverrideRequest
+	respCh chan *ResolveOverrideResponse
+	errCh  chan error
+}
+
+func NewProxyServerImpl(ctx context.Context) *ProxyServerImpl {
+	return &ProxyServerImpl{
+		ctx:         ctx,
+		connections: map[string]*ProxyConnection{},
+	}
+}
+
+func (m *ProxyServerImpl) Start(addr string) error {
+	is, err := net.Listen("tcp", addr)
+	if err != nil {
+		return err
+	}
+	m.grpcServer = grpc.NewServer(grpc.MaxRecvMsgSize(maxMsgSize))
+	RegisterProxyServer(m.grpcServer, m)
+
+	err = m.grpcServer.Serve(is)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ProxyServerImpl) Stop() {
+	m.grpcServer.Stop()
+}
+
+func (s *ProxyServerImpl) ProxyStream(stream Proxy_ProxyStreamServer) error {
+	con, err := s.handshake(stream)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+		delete(s.connections, con.id)
+	}()
+
+	return con.proxyRequests()
+}
+
+func (s *ProxyServerImpl) handshake(stream Proxy_ProxyStreamServer) (*ProxyConnection, error) {
+	msg, err := stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+
+	if msg.Response != nil || msg.Auth == nil {
+		return nil, fmt.Errorf("expected auth")
+	}
+
+	doResp := func(err error) error {
+		errStr := ""
+		if err != nil {
+			errStr = err.Error()
+		}
+		err2 := stream.Send(&ProxyRequest{
+			AuthError: &errStr,
+			ServerId:  msg.Auth.ServerId,
+		})
+		if err2 != nil {
+			return err2
+		}
+		return nil
+	}
+
+	con := &ProxyConnection{
+		server:     s,
+		id:         msg.Auth.ServerId,
+		stream:     stream,
+		requestsCh: make(chan *wrappedRequest),
+		stopCh:     make(chan struct{}),
+		doneCh:     make(chan struct{}),
+	}
+
+	s.mutex.Lock()
+	if _, ok := s.connections[msg.Auth.ServerId]; ok {
+		s.mutex.Unlock()
+		err = fmt.Errorf("duplicate server id")
+		_ = doResp(err)
+		return nil, err
+	}
+	s.connections[msg.Auth.ServerId] = con
+	s.mutex.Unlock()
+
+	return con, doResp(nil)
+}
+
+func (s *ProxyServerImpl) ResolveOverride(ctx context.Context, req *ProxyRequest) (*ResolveOverrideResponse, error) {
+	if req.Request == nil {
+		return nil, fmt.Errorf("missing request")
+	}
+
+	s.mutex.Lock()
+	con, ok := s.connections[req.ServerId]
+	s.mutex.Unlock()
+	if !ok {
+		return nil, fmt.Errorf("connection not found")
+	}
+
+	wreq := &wrappedRequest{
+		req:    req.Request,
+		respCh: make(chan *ResolveOverrideResponse),
+		errCh:  make(chan error),
+	}
+	con.requestsCh <- wreq
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case err := <-wreq.errCh:
+		return nil, err
+	case resp := <-wreq.respCh:
+		return resp, nil
+	}
+}
+
+func (c *ProxyConnection) Close() {
+	close(c.stopCh)
+	<-c.doneCh
+}
+
+func (c *ProxyConnection) proxyRequests() error {
+	defer func() {
+		close(c.doneCh)
+	}()
+	for {
+		select {
+		case <-c.server.ctx.Done():
+			return c.server.ctx.Err()
+		case <-c.stopCh:
+			return nil
+		case req, ok := <-c.requestsCh:
+			if !ok {
+				return nil
+			}
+			err := c.proxyRequest(req)
+			if err != nil {
+				return err
+			}
+		}
+	}
+}
+
+func (c *ProxyConnection) proxyRequest(req *wrappedRequest) error {
+	err := c.stream.Send(&ProxyRequest{
+		ServerId: c.id,
+		Request:  req.req,
+	})
+	if err != nil {
+		req.errCh <- err
+		return err
+	}
+
+	msg, err := c.stream.Recv()
+	if err != nil {
+		req.errCh <- err
+		return err
+	}
+	if msg.Response == nil {
+		err = fmt.Errorf("missing response")
+		req.errCh <- err
+		return err
+	}
+
+	req.respCh <- msg.Response
+
+	return nil
+}
diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
new file mode 100644
index 000000000..0842ceb05
--- /dev/null
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -0,0 +1,469 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v4.24.4
+// source: sourceoverride.proto
+
+package sourceoverride
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ProxyResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Auth     *Auth                    `protobuf:"bytes,1,opt,name=auth,proto3,oneof" json:"auth,omitempty"`
+	Response *ResolveOverrideResponse `protobuf:"bytes,2,opt,name=response,proto3,oneof" json:"response,omitempty"`
+}
+
+func (x *ProxyResponse) Reset() {
+	*x = ProxyResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sourceoverride_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ProxyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProxyResponse) ProtoMessage() {}
+
+func (x *ProxyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sourceoverride_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProxyResponse.ProtoReflect.Descriptor instead.
+func (*ProxyResponse) Descriptor() ([]byte, []int) {
+	return file_sourceoverride_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ProxyResponse) GetAuth() *Auth {
+	if x != nil {
+		return x.Auth
+	}
+	return nil
+}
+
+func (x *ProxyResponse) GetResponse() *ResolveOverrideResponse {
+	if x != nil {
+		return x.Response
+	}
+	return nil
+}
+
+type ProxyRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	AuthError *string                 `protobuf:"bytes,1,opt,name=authError,proto3,oneof" json:"authError,omitempty"`
+	ServerId  string                  `protobuf:"bytes,2,opt,name=serverId,proto3" json:"serverId,omitempty"`
+	Request   *ResolveOverrideRequest `protobuf:"bytes,3,opt,name=request,proto3,oneof" json:"request,omitempty"`
+}
+
+func (x *ProxyRequest) Reset() {
+	*x = ProxyRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sourceoverride_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ProxyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProxyRequest) ProtoMessage() {}
+
+func (x *ProxyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sourceoverride_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProxyRequest.ProtoReflect.Descriptor instead.
+func (*ProxyRequest) Descriptor() ([]byte, []int) {
+	return file_sourceoverride_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ProxyRequest) GetAuthError() string {
+	if x != nil && x.AuthError != nil {
+		return *x.AuthError
+	}
+	return ""
+}
+
+func (x *ProxyRequest) GetServerId() string {
+	if x != nil {
+		return x.ServerId
+	}
+	return ""
+}
+
+func (x *ProxyRequest) GetRequest() *ResolveOverrideRequest {
+	if x != nil {
+		return x.Request
+	}
+	return nil
+}
+
+type Auth struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	ServerId string `protobuf:"bytes,1,opt,name=serverId,proto3" json:"serverId,omitempty"`
+}
+
+func (x *Auth) Reset() {
+	*x = Auth{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sourceoverride_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Auth) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Auth) ProtoMessage() {}
+
+func (x *Auth) ProtoReflect() protoreflect.Message {
+	mi := &file_sourceoverride_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Auth.ProtoReflect.Descriptor instead.
+func (*Auth) Descriptor() ([]byte, []int) {
+	return file_sourceoverride_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Auth) GetServerId() string {
+	if x != nil {
+		return x.ServerId
+	}
+	return ""
+}
+
+type ResolveOverrideRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	RepoKey string `protobuf:"bytes,1,opt,name=repoKey,proto3" json:"repoKey,omitempty"`
+}
+
+func (x *ResolveOverrideRequest) Reset() {
+	*x = ResolveOverrideRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sourceoverride_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResolveOverrideRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveOverrideRequest) ProtoMessage() {}
+
+func (x *ResolveOverrideRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sourceoverride_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveOverrideRequest.ProtoReflect.Descriptor instead.
+func (*ResolveOverrideRequest) Descriptor() ([]byte, []int) {
+	return file_sourceoverride_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ResolveOverrideRequest) GetRepoKey() string {
+	if x != nil {
+		return x.RepoKey
+	}
+	return ""
+}
+
+type ResolveOverrideResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Error    *string `protobuf:"bytes,1,opt,name=error,proto3,oneof" json:"error,omitempty"`
+	Artifact []byte  `protobuf:"bytes,2,opt,name=artifact,proto3,oneof" json:"artifact,omitempty"`
+}
+
+func (x *ResolveOverrideResponse) Reset() {
+	*x = ResolveOverrideResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sourceoverride_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ResolveOverrideResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveOverrideResponse) ProtoMessage() {}
+
+func (x *ResolveOverrideResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sourceoverride_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveOverrideResponse.ProtoReflect.Descriptor instead.
+func (*ResolveOverrideResponse) Descriptor() ([]byte, []int) {
+	return file_sourceoverride_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResolveOverrideResponse) GetError() string {
+	if x != nil && x.Error != nil {
+		return *x.Error
+	}
+	return ""
+}
+
+func (x *ResolveOverrideResponse) GetArtifact() []byte {
+	if x != nil {
+		return x.Artifact
+	}
+	return nil
+}
+
+var File_sourceoverride_proto protoreflect.FileDescriptor
+
+var file_sourceoverride_proto_rawDesc = []byte{
+	0x0a, 0x14, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x22, 0x9e, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2d, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x48, 0x00, 0x52, 0x04,
+	0x61, 0x75, 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x48, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c,
+	0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x48, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x88, 0x01,
+	0x01, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x72,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xae, 0x01, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68,
+	0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x61,
+	0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x12, 0x1a, 0x0a, 0x08, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76,
+	0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x48, 0x01, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0c,
+	0x0a, 0x0a, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0a, 0x0a, 0x08,
+	0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x22, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68,
+	0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x22, 0x32, 0x0a, 0x16,
+	0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79,
+	0x22, 0x6c, 0x0a, 0x17, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72,
+	0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72,
+	0x72, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x12, 0x1f, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61,
+	0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x01, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69,
+	0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x65, 0x72, 0x72, 0x6f,
+	0x72, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x32, 0xb5,
+	0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x50, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x1d, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x12, 0x5a, 0x0a, 0x0f, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1c, 0x2e,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x6b, 0x6c, 0x75, 0x63,
+	0x74, 0x6c, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_sourceoverride_proto_rawDescOnce sync.Once
+	file_sourceoverride_proto_rawDescData = file_sourceoverride_proto_rawDesc
+)
+
+func file_sourceoverride_proto_rawDescGZIP() []byte {
+	file_sourceoverride_proto_rawDescOnce.Do(func() {
+		file_sourceoverride_proto_rawDescData = protoimpl.X.CompressGZIP(file_sourceoverride_proto_rawDescData)
+	})
+	return file_sourceoverride_proto_rawDescData
+}
+
+var file_sourceoverride_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_sourceoverride_proto_goTypes = []interface{}{
+	(*ProxyResponse)(nil),           // 0: sourceoverride.ProxyResponse
+	(*ProxyRequest)(nil),            // 1: sourceoverride.ProxyRequest
+	(*Auth)(nil),                    // 2: sourceoverride.Auth
+	(*ResolveOverrideRequest)(nil),  // 3: sourceoverride.ResolveOverrideRequest
+	(*ResolveOverrideResponse)(nil), // 4: sourceoverride.ResolveOverrideResponse
+}
+var file_sourceoverride_proto_depIdxs = []int32{
+	2, // 0: sourceoverride.ProxyResponse.auth:type_name -> sourceoverride.Auth
+	4, // 1: sourceoverride.ProxyResponse.response:type_name -> sourceoverride.ResolveOverrideResponse
+	3, // 2: sourceoverride.ProxyRequest.request:type_name -> sourceoverride.ResolveOverrideRequest
+	0, // 3: sourceoverride.Proxy.ProxyStream:input_type -> sourceoverride.ProxyResponse
+	1, // 4: sourceoverride.Proxy.ResolveOverride:input_type -> sourceoverride.ProxyRequest
+	1, // 5: sourceoverride.Proxy.ProxyStream:output_type -> sourceoverride.ProxyRequest
+	4, // 6: sourceoverride.Proxy.ResolveOverride:output_type -> sourceoverride.ResolveOverrideResponse
+	5, // [5:7] is the sub-list for method output_type
+	3, // [3:5] is the sub-list for method input_type
+	3, // [3:3] is the sub-list for extension type_name
+	3, // [3:3] is the sub-list for extension extendee
+	0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_sourceoverride_proto_init() }
+func file_sourceoverride_proto_init() {
+	if File_sourceoverride_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_sourceoverride_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ProxyResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sourceoverride_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ProxyRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sourceoverride_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Auth); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sourceoverride_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResolveOverrideRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sourceoverride_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ResolveOverrideResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_sourceoverride_proto_msgTypes[0].OneofWrappers = []interface{}{}
+	file_sourceoverride_proto_msgTypes[1].OneofWrappers = []interface{}{}
+	file_sourceoverride_proto_msgTypes[4].OneofWrappers = []interface{}{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_sourceoverride_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   5,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sourceoverride_proto_goTypes,
+		DependencyIndexes: file_sourceoverride_proto_depIdxs,
+		MessageInfos:      file_sourceoverride_proto_msgTypes,
+	}.Build()
+	File_sourceoverride_proto = out.File
+	file_sourceoverride_proto_rawDesc = nil
+	file_sourceoverride_proto_goTypes = nil
+	file_sourceoverride_proto_depIdxs = nil
+}
diff --git a/pkg/sourceoverride/sourceoverride.proto b/pkg/sourceoverride/sourceoverride.proto
new file mode 100644
index 000000000..b582df4d4
--- /dev/null
+++ b/pkg/sourceoverride/sourceoverride.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+
+option go_package = "github.com/kluctl/kluctl/v2/pkg/sourceoverride";
+
+package sourceoverride;
+
+service Proxy {
+  rpc ProxyStream(stream ProxyResponse) returns (stream ProxyRequest) {}
+  rpc ResolveOverride(ProxyRequest) returns (ResolveOverrideResponse) {}
+}
+
+message ProxyResponse {
+  optional Auth auth = 1;
+  optional ResolveOverrideResponse response = 2;
+}
+
+message ProxyRequest {
+  optional string authError = 1;
+  string serverId = 2;
+  optional ResolveOverrideRequest request = 3;
+}
+
+message Auth {
+  string serverId = 1;
+}
+
+message ResolveOverrideRequest {
+  string repoKey = 1;
+}
+
+message ResolveOverrideResponse {
+  optional string error = 1;
+  optional bytes artifact = 2;
+}
diff --git a/pkg/sourceoverride/sourceoverride_grpc.pb.go b/pkg/sourceoverride/sourceoverride_grpc.pb.go
new file mode 100644
index 000000000..d0d7e8f1b
--- /dev/null
+++ b/pkg/sourceoverride/sourceoverride_grpc.pb.go
@@ -0,0 +1,170 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+
+package sourceoverride
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+// ProxyClient is the client API for Proxy service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type ProxyClient interface {
+	ProxyStream(ctx context.Context, opts ...grpc.CallOption) (Proxy_ProxyStreamClient, error)
+	ResolveOverride(ctx context.Context, in *ProxyRequest, opts ...grpc.CallOption) (*ResolveOverrideResponse, error)
+}
+
+type proxyClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewProxyClient(cc grpc.ClientConnInterface) ProxyClient {
+	return &proxyClient{cc}
+}
+
+func (c *proxyClient) ProxyStream(ctx context.Context, opts ...grpc.CallOption) (Proxy_ProxyStreamClient, error) {
+	stream, err := c.cc.NewStream(ctx, &Proxy_ServiceDesc.Streams[0], "/sourceoverride.Proxy/ProxyStream", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &proxyProxyStreamClient{stream}
+	return x, nil
+}
+
+type Proxy_ProxyStreamClient interface {
+	Send(*ProxyResponse) error
+	Recv() (*ProxyRequest, error)
+	grpc.ClientStream
+}
+
+type proxyProxyStreamClient struct {
+	grpc.ClientStream
+}
+
+func (x *proxyProxyStreamClient) Send(m *ProxyResponse) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *proxyProxyStreamClient) Recv() (*ProxyRequest, error) {
+	m := new(ProxyRequest)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *proxyClient) ResolveOverride(ctx context.Context, in *ProxyRequest, opts ...grpc.CallOption) (*ResolveOverrideResponse, error) {
+	out := new(ResolveOverrideResponse)
+	err := c.cc.Invoke(ctx, "/sourceoverride.Proxy/ResolveOverride", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// ProxyServer is the server API for Proxy service.
+// All implementations must embed UnimplementedProxyServer
+// for forward compatibility
+type ProxyServer interface {
+	ProxyStream(Proxy_ProxyStreamServer) error
+	ResolveOverride(context.Context, *ProxyRequest) (*ResolveOverrideResponse, error)
+	mustEmbedUnimplementedProxyServer()
+}
+
+// UnimplementedProxyServer must be embedded to have forward compatible implementations.
+type UnimplementedProxyServer struct {
+}
+
+func (UnimplementedProxyServer) ProxyStream(Proxy_ProxyStreamServer) error {
+	return status.Errorf(codes.Unimplemented, "method ProxyStream not implemented")
+}
+func (UnimplementedProxyServer) ResolveOverride(context.Context, *ProxyRequest) (*ResolveOverrideResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ResolveOverride not implemented")
+}
+func (UnimplementedProxyServer) mustEmbedUnimplementedProxyServer() {}
+
+// UnsafeProxyServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to ProxyServer will
+// result in compilation errors.
+type UnsafeProxyServer interface {
+	mustEmbedUnimplementedProxyServer()
+}
+
+func RegisterProxyServer(s grpc.ServiceRegistrar, srv ProxyServer) {
+	s.RegisterService(&Proxy_ServiceDesc, srv)
+}
+
+func _Proxy_ProxyStream_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(ProxyServer).ProxyStream(&proxyProxyStreamServer{stream})
+}
+
+type Proxy_ProxyStreamServer interface {
+	Send(*ProxyRequest) error
+	Recv() (*ProxyResponse, error)
+	grpc.ServerStream
+}
+
+type proxyProxyStreamServer struct {
+	grpc.ServerStream
+}
+
+func (x *proxyProxyStreamServer) Send(m *ProxyRequest) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *proxyProxyStreamServer) Recv() (*ProxyResponse, error) {
+	m := new(ProxyResponse)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func _Proxy_ResolveOverride_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ProxyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ProxyServer).ResolveOverride(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/sourceoverride.Proxy/ResolveOverride",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ProxyServer).ResolveOverride(ctx, req.(*ProxyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// Proxy_ServiceDesc is the grpc.ServiceDesc for Proxy service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var Proxy_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "sourceoverride.Proxy",
+	HandlerType: (*ProxyServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "ResolveOverride",
+			Handler:    _Proxy_ResolveOverride_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "ProxyStream",
+			Handler:       _Proxy_ProxyStream_Handler,
+			ServerStreams: true,
+			ClientStreams: true,
+		},
+	},
+	Metadata: "sourceoverride.proto",
+}
diff --git a/pkg/utils/thread_safe_cache.go b/pkg/utils/thread_safe_cache.go
index f73829d29..b80d7ff14 100644
--- a/pkg/utils/thread_safe_cache.go
+++ b/pkg/utils/thread_safe_cache.go
@@ -2,42 +2,59 @@ package utils
 
 import "sync"
 
-type ThreadSafeCache struct {
+type ThreadSafeCache[K comparable, V any] struct {
 	mutex sync.Mutex
-	cache map[string]*cacheEntry
+	cache map[K]*cacheEntry[V]
 }
 
-type cacheEntry struct {
-	value interface{}
+type cacheEntry[V any] struct {
+	value V
 	err   error
 }
 
-func (c *ThreadSafeCache) Get(key string, f func() (interface{}, error)) (interface{}, error) {
+func (c *ThreadSafeCache[K, V]) Clear() {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+	clear(c.cache)
+}
+
+func (c *ThreadSafeCache[K, V]) ForEach(cb func(k K, v V)) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+	for k, v := range c.cache {
+		if v.err != nil {
+			continue
+		}
+		cb(k, v.value)
+	}
+}
+
+func (c *ThreadSafeCache[K, V]) Get(key K, f func() (V, error)) (V, error) {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
 
 	if c.cache == nil {
-		c.cache = make(map[string]*cacheEntry)
+		c.cache = make(map[K]*cacheEntry[V])
 	}
 
 	e, ok := c.cache[key]
 	if ok {
 		return e.value, e.err
 	}
-	e = &cacheEntry{}
+	e = &cacheEntry[V]{}
 	e.value, e.err = f()
 	c.cache[key] = e
 
 	return e.value, e.err
 }
 
-type ThreadSafeMultiCache struct {
-	cache ThreadSafeCache
+type ThreadSafeMultiCache[K comparable, V any] struct {
+	cache ThreadSafeCache[string, *ThreadSafeCache[K, V]]
 }
 
-func (c *ThreadSafeMultiCache) Get(cacheKey string, key string, f func() (interface{}, error)) (interface{}, error) {
-	cache, _ := c.cache.Get(cacheKey, func() (interface{}, error) {
-		return &ThreadSafeCache{}, nil
+func (c *ThreadSafeMultiCache[K, V]) Get(cacheKey string, key K, f func() (V, error)) (V, error) {
+	cache, _ := c.cache.Get(cacheKey, func() (*ThreadSafeCache[K, V], error) {
+		return &ThreadSafeCache[K, V]{}, nil
 	})
-	return cache.(*ThreadSafeCache).Get(key, f)
+	return cache.Get(key, f)
 }

From 8f5d3823446d815f33d17c7610bab584dcd64d4c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 23 Oct 2023 23:08:21 +0200
Subject: [PATCH 1769/2268] feat: Implement gitops diff command

---
 api/v1beta1/kluctldeployment_types.go         |  28 +++++
 api/v1beta1/zz_generated.deepcopy.go          |  10 ++
 cmd/kluctl/commands/cmd_gitops.go             |  42 +++++++-
 cmd/kluctl/commands/cmd_gitops_diff.go        | 102 ++++++++++++++++++
 .../gitops.kluctl.io_kluctldeployments.yaml   |  28 +++++
 docs/gitops/api/kluctl-controller.md          |  36 +++++++
 install/controller/controller/crd.yaml        |  28 +++++
 pkg/controllers/kluctl_project.go             |   9 +-
 .../kluctldeployment_controller.go            |  39 ++++++-
 pkg/controllers/predicates.go                 |   1 +
 pkg/results/result-store-secrets.go           |  20 ++++
 pkg/results/result-store.go                   |   1 +
 pkg/results/results-collector.go              |   4 +
 13 files changed, 340 insertions(+), 8 deletions(-)
 create mode 100644 cmd/kluctl/commands/cmd_gitops_diff.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index f0feb01d4..e3faeb347 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -34,6 +34,7 @@ const (
 	KluctlDeployPokeImages = "poke-images"
 
 	KluctlRequestReconcileAnnotation = "kluctl.io/request-reconcile"
+	KluctlRequestDiffAnnotation      = "kluctl.io/request-diff"
 	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
 	KluctlRequestPruneAnnotation     = "kluctl.io/request-prune"
 	KluctlRequestValidateAnnotation  = "kluctl.io/request-validate"
@@ -499,6 +500,9 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	ReconcileRequestResult *RequestResult `json:"reconcileRequestResult,omitempty"`
 
+	// +optional
+	DiffRequestResult *RequestResult `json:"diffRequestResult,omitempty"`
+
 	// +optional
 	DeployRequestResult *RequestResult `json:"deployRequestResult,omitempty"`
 
@@ -552,12 +556,19 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	LastPrepareError string `json:"lastPrepareError,omitempty"`
 	// +optional
+	LastDiffError string `json:"lastDiffError,omitempty"`
+	// +optional
 	LastDeployError string `json:"lastDeployError,omitempty"`
 	// +optional
 	LastValidateError string `json:"lastValidateError,omitempty"`
 	// +optional
 	LastDriftDetectionError string `json:"lastDriftDetectionError,omitempty"`
 
+	// LastDiffResult is the result summary of the last diff command
+	// +optional
+	// +kubebuilder:pruning:PreserveUnknownFields
+	LastDiffResult *runtime.RawExtension `json:"lastDiffResult,omitempty"`
+
 	// LastDeployResult is the result summary of the last deploy command
 	// +optional
 	// +kubebuilder:pruning:PreserveUnknownFields
@@ -576,6 +587,23 @@ type KluctlDeploymentStatus struct {
 	LastDriftDetectionResultMessage string `json:"lastDriftDetectionResultMessage,omitempty"`
 }
 
+func (s *KluctlDeploymentStatus) SetLastDiffResult(crs *result.CommandResultSummary, err error) error {
+	s.LastDiffError = ""
+	if err != nil {
+		s.LastDiffError = err.Error()
+	}
+	if crs == nil {
+		s.LastDiffResult = nil
+	} else {
+		b, err := yaml.WriteJsonString(crs)
+		if err != nil {
+			return err
+		}
+		s.LastDiffResult = &runtime.RawExtension{Raw: []byte(b)}
+	}
+	return nil
+}
+
 func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSummary, err error) error {
 	s.LastDeployError = ""
 	if err != nil {
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 3fb31f363..b9fb1f2b1 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -240,6 +240,11 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 		*out = new(RequestResult)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.DiffRequestResult != nil {
+		in, out := &in.DiffRequestResult, &out.DiffRequestResult
+		*out = new(RequestResult)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.DeployRequestResult != nil {
 		in, out := &in.DeployRequestResult, &out.DeployRequestResult
 		*out = new(RequestResult)
@@ -277,6 +282,11 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.LastDiffResult != nil {
+		in, out := &in.LastDiffResult, &out.LastDiffResult
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.LastDeployResult != nil {
 		in, out := &in.LastDeployResult, &out.LastDeployResult
 		*out = new(runtime.RawExtension)
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 1c35396b5..22c5228ef 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -17,6 +17,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	flag "github.com/spf13/pflag"
 	v12 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -35,6 +37,7 @@ type gitopsCmd struct {
 	Suspend   GitopsSuspendCmd   `cmd:"" help:"Suspend a GitOps deployment"`
 	Resume    gitopsResumeCmd    `cmd:"" help:"Resume a GitOps deployment"`
 	Reconcile gitopsReconcileCmd `cmd:"" help:"Trigger a GitOps reconciliation"`
+	Diff      gitopsDiffCmd      `cmd:"" help:"Trigger a GitOps diff"`
 	Deploy    gitopsDeployCmd    `cmd:"" help:"Trigger a GitOps deployment"`
 	Prune     gitopsPruneCmd     `cmd:"" help:"Trigger a GitOps prune"`
 	Validate  gitopsValidateCmd  `cmd:"" help:"Trigger a GitOps validate"`
@@ -52,6 +55,7 @@ type gitopsCmdHelper struct {
 	kds []v1beta1.KluctlDeployment
 
 	restConfig   *rest.Config
+	restMapper   meta.RESTMapper
 	client       client.Client
 	corev1Client *v1.CoreV1Client
 
@@ -105,13 +109,14 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		return err
 	}
 
-	g.restConfig = restConfig
-
 	_, mapper, err := k8s.CreateDiscoveryAndMapper(ctx, restConfig)
 	if err != nil {
 		return err
 	}
 
+	g.restConfig = restConfig
+	g.restMapper = mapper
+
 	g.client, err = client.NewWithWatch(restConfig, client.Options{
 		Mapper: mapper,
 	})
@@ -229,6 +234,37 @@ func (g *gitopsCmdHelper) patchDeployment(ctx context.Context, key client.Object
 	return nil
 }
 
+func (g *gitopsCmdHelper) updateDeploymentStatus(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error, retries int) error {
+	s := status.Startf(ctx, "Updating KluctlDeployment %s/%s", key.Namespace, key.Name)
+	defer s.Failed()
+
+	var lastErr error
+	for i := 0; i < retries; i++ {
+		var kd v1beta1.KluctlDeployment
+		err := g.client.Get(ctx, key, &kd)
+		if err != nil {
+			return err
+		}
+
+		err = cb(&kd)
+		if err != nil {
+			return err
+		}
+
+		err = g.client.Status().Update(ctx, &kd, client.FieldOwner("kluctl"))
+		lastErr = err
+		if err != nil {
+			if !errors.IsConflict(err) {
+				return err
+			}
+		}
+		s.Success()
+		return nil
+	}
+
+	return lastErr
+}
+
 func (g *gitopsCmdHelper) patchDeploymentStatus(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error) error {
 	var kd v1beta1.KluctlDeployment
 	err := g.client.Get(ctx, key, &kd)
@@ -287,7 +323,7 @@ func (g *gitopsCmdHelper) buildOnetimePatch(ctx context.Context, kdIn *v1beta1.K
 	handleFlag := func(name string, cb func(f *flag.Flag)) {
 		f := cobraCmd.Flag(name)
 		if f == nil {
-			panic(fmt.Sprintf("flag %s not found", name))
+			return
 		}
 		if f.Changed {
 			cb(f)
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
new file mode 100644
index 000000000..f3afa3ba7
--- /dev/null
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -0,0 +1,102 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
+)
+
+type gitopsDiffCmd struct {
+	args.GitOpsArgs
+	args.OutputFormatFlags
+	args.GitOpsLogArgs
+	args.GitOpsOverridableArgs `groupOverride:"override"`
+}
+
+func (cmd *gitopsDiffCmd) Help() string {
+	return `This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced diff.
+It does this by setting the annotation 'kluctl.io/request-diff' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.`
+}
+
+func (cmd *gitopsDiffCmd) Run(ctx context.Context) error {
+	g := gitopsCmdHelper{
+		args:            cmd.GitOpsArgs,
+		logsArgs:        cmd.GitOpsLogArgs,
+		overridableArgs: cmd.GitOpsOverridableArgs,
+	}
+	err := g.init(ctx)
+	if err != nil {
+		return err
+	}
+	for _, kd := range g.kds {
+		v := time.Now().Format(time.RFC3339Nano)
+		err := g.patchManualRequest(ctx, client.ObjectKeyFromObject(&kd), v1beta1.KluctlRequestDiffAnnotation, v)
+		if err != nil {
+			return err
+		}
+
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+			return status.DiffRequestResult
+		})
+		if err != nil {
+			return err
+		}
+
+		if g.resultStore != nil && rr != nil && rr.ResultId != "" {
+			cmdResult, err := g.resultStore.GetCommandResult(results.GetCommandResultOptions{Id: rr.ResultId, Reduced: true})
+			if err != nil {
+				return err
+			}
+			err = outputCommandResult2(ctx, cmd.OutputFormatFlags, cmdResult)
+			if err != nil {
+				return err
+			}
+
+			err = cmd.cleanupDiffResult(ctx, &g, &kd, rr)
+			if err != nil {
+				status.Warningf(ctx, "Failed to cleanup diff result: %s", err.Error())
+			}
+		}
+		if rr.CommandError != "" {
+			return fmt.Errorf("%s", rr.CommandError)
+		}
+	}
+	return nil
+}
+
+func (cmd *gitopsDiffCmd) cleanupDiffResult(ctx context.Context, g *gitopsCmdHelper, kd *v1beta1.KluctlDeployment, rr *v1beta1.RequestResult) error {
+	flags := args.CommandResultFlags{
+		CommandResultReadOnlyFlags: cmd.CommandResultReadOnlyFlags,
+		CommandResultWriteFlags: args.CommandResultWriteFlags{
+			WriteCommandResult: true,
+		},
+	}
+	rwRS, err := buildResultStoreRW(ctx, g.restConfig, g.restMapper, &flags, false)
+	if err != nil {
+		return err
+	}
+
+	err = rwRS.DeleteCommandResult(rr.ResultId)
+	if err != nil {
+		return err
+	}
+
+	err = g.updateDeploymentStatus(ctx, client.ObjectKeyFromObject(kd), func(kd *v1beta1.KluctlDeployment) error {
+		if kd.Status.DiffRequestResult == nil || kd.Status.DiffRequestResult.RequestValue != rr.RequestValue {
+			return nil
+		}
+		kd.Status.LastDiffResult = nil
+		return nil
+	}, 5)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index b01f54a08..099ea2c66 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -705,6 +705,27 @@ spec:
                 - requestValue
                 - startTime
                 type: object
+              diffRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  endTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startTime
+                type: object
               lastDeployError:
                 type: string
               lastDeployResult:
@@ -712,6 +733,13 @@ spec:
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastDiffError:
+                type: string
+              lastDiffResult:
+                description: LastDiffResult is the result summary of the last diff
+                  command
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionError:
                 type: string
               lastDriftDetectionResult:
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 6970d40fc..62af298e9 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1152,6 +1152,19 @@ RequestResult
 </tr>
 <tr>
 <td>
+<code>diffRequestResult</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.RequestResult">
+RequestResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>deployRequestResult</code><br>
 <em>
 <a href="#gitops.kluctl.io/v1beta1.RequestResult">
@@ -1333,6 +1346,17 @@ string
 </tr>
 <tr>
 <td>
+<code>lastDiffError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastDeployError</code><br>
 <em>
 string
@@ -1366,6 +1390,18 @@ string
 </tr>
 <tr>
 <td>
+<code>lastDiffResult</code><br>
+<em>
+k8s.io/apimachinery/pkg/runtime.RawExtension
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>LastDiffResult is the result summary of the last diff command</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>lastDeployResult</code><br>
 <em>
 k8s.io/apimachinery/pkg/runtime.RawExtension
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 76594318c..f956649a9 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -705,6 +705,27 @@ spec:
                 - requestValue
                 - startTime
                 type: object
+              diffRequestResult:
+                properties:
+                  commandError:
+                    type: string
+                  endTime:
+                    format: date-time
+                    type: string
+                  reconcileId:
+                    type: string
+                  requestValue:
+                    type: string
+                  resultId:
+                    type: string
+                  startTime:
+                    format: date-time
+                    type: string
+                required:
+                - reconcileId
+                - requestValue
+                - startTime
+                type: object
               lastDeployError:
                 type: string
               lastDeployResult:
@@ -712,6 +733,13 @@ spec:
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
+              lastDiffError:
+                type: string
+              lastDiffResult:
+                description: LastDiffResult is the result summary of the last diff
+                  command
+                type: object
+                x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionError:
                 type: string
               lastDriftDetectionResult:
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 05e3d7c8f..b16d3ddaa 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -833,9 +833,7 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string) (*result.CommandResult, error) {
-	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
-	defer timer.ObserveDuration()
+func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string, writeCmdResult bool) (*result.CommandResult, error) {
 	cmd := commands.NewDiffCommand(targetContext)
 	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
 	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
@@ -847,7 +845,10 @@ func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_
 	if err != nil {
 		return cmdResult, err
 	}
-	return cmdResult, nil
+	if writeCmdResult {
+		err = pt.writeCommandResult(ctx, cmdResult, "diff", true)
+	}
+	return cmdResult, err
 }
 
 func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string, objectsHash string) (*result.ValidateResult, error) {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index c567ddd2c..b805d3d8b 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -323,6 +323,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	setReconcileRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
 		status.ReconcileRequestResult = requestResult
 	}
+	setDiffRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.DiffRequestResult = requestResult
+	}
 	setDeployRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
 		status.DeployRequestResult = requestResult
 	}
@@ -339,6 +342,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	if err != nil {
 		return doFailPrepare(err)
 	}
+	curDiffRequest, err := startHandleRequest(obj.Status.DiffRequestResult, kluctlv1.KluctlRequestDiffAnnotation, setDiffRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return ""
+	})
+	if err != nil {
+		return doFailPrepare(err)
+	}
 	curDeployRequest, err := startHandleRequest(obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledDeployAt
 	})
@@ -369,6 +378,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
+		err = finishHandleRequest(curDiffRequest, "", errIn, setDiffRequestResult)
+		if err != nil {
+			retErr = multierror.Append(retErr, err)
+		}
 		err = finishHandleRequest(curDeployRequest, "", errIn, setDeployRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
@@ -489,11 +502,17 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return doFailPrepare(err)
 	}
 
+	needDiff := false
 	needDeploy := false
 	needPrune := false
 	needValidate := false
 	needDriftDetection := true
 
+	if curDiffRequest != nil {
+		// explicitly requested a diff
+		needDiff = true
+	}
+
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
 		// either never deployed or source code changed
 		needDeploy = true
@@ -555,6 +574,24 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastObjectsHash = objectsHash
 	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 
+	if needDiff {
+		patchErr = doProgressingCondition("Performing diff", false)
+		if patchErr != nil {
+			return nil, patchErr
+		}
+
+		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
+		err = obj.Status.SetLastDiffResult(diffResult.BuildSummary(), cmdErr)
+		if err != nil {
+			log.Error(err, "Failed to write diff result")
+		}
+
+		err = finishHandleRequest(curDiffRequest, diffResult.Id, cmdErr, setDiffRequestResult)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	var deployResult *result.CommandResult
 	if needDeploy {
 		patchErr = doProgressingCondition(fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
@@ -626,7 +663,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 		resourceVersions := r.getResourceVersions(key)
 
-		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, resourceVersions)
+		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, resourceVersions, false)
 		driftDetectionResult := diffResult.BuildDriftDetectionResult()
 		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
 		if err != nil {
diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index 467fc24c5..dc456314f 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -23,6 +23,7 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 	}
 
 	return check(kluctlv1.KluctlRequestReconcileAnnotation) ||
+		check(kluctlv1.KluctlRequestDiffAnnotation) ||
 		check(kluctlv1.KluctlRequestDeployAnnotation) ||
 		check(kluctlv1.KluctlRequestPruneAnnotation) ||
 		check(kluctlv1.KluctlRequestValidateAnnotation)
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index a120ee968..b98b19673 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -218,6 +218,26 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 	return nil
 }
 
+func (s *ResultStoreSecrets) DeleteCommandResult(rsId string) error {
+	if !s.allowWrite {
+		return fmt.Errorf("result store is read-only")
+	}
+	if rsId == "" {
+		return fmt.Errorf("empty rsId is not allowed")
+	}
+
+	var tmp corev1.Secret
+	err := s.client.DeleteAllOf(s.ctx, &tmp,
+		client.InNamespace(s.writeNamespace),
+		client.MatchingLabels{
+			"kluctl.io/command-result-id": rsId,
+		})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) error {
 	if !s.allowWrite {
 		return fmt.Errorf("result store is read-only")
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 3a14e76b9..cd60537bc 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -38,6 +38,7 @@ type WatchKluctlDeploymentEvent struct {
 type ResultStore interface {
 	WriteCommandResult(cr *result.CommandResult) error
 	WriteValidateResult(vr *result.ValidateResult) error
+	DeleteCommandResult(rsId string) error
 
 	ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error)
 	WatchCommandResultSummaries(options ListResultSummariesOptions) (<-chan WatchCommandResultSummaryEvent, context.CancelFunc, error)
diff --git a/pkg/results/results-collector.go b/pkg/results/results-collector.go
index 5463e3ef6..b9b785fa5 100644
--- a/pkg/results/results-collector.go
+++ b/pkg/results/results-collector.go
@@ -247,6 +247,10 @@ func (rc *ResultsCollector) WriteValidateResult(vr *result.ValidateResult) error
 	return fmt.Errorf("WriteValidateResult is not supported in ResultsCollector")
 }
 
+func (rc *ResultsCollector) DeleteCommandResult(rsId string) error {
+	return fmt.Errorf("DeleteCommandResult is not supported in ResultsCollector")
+}
+
 func (rc *ResultsCollector) ListCommandResultSummaries(options ListResultSummariesOptions) ([]result.CommandResultSummary, error) {
 	rc.mutex.Lock()
 	defer rc.mutex.Unlock()

From 04adb2411f4cac6afc0d71fd09517ea7ccd22d4d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 09:30:00 +0200
Subject: [PATCH 1770/2268] refactor: Move
 startHandleRequest/finishHandleRequest into own funcs

---
 .../kluctldeployment_controller.go            | 89 ++++---------------
 .../kluctldeployment_controller_reconcile.go  | 77 ++++++++++++++++
 2 files changed, 93 insertions(+), 73 deletions(-)
 create mode 100644 pkg/controllers/kluctldeployment_controller_reconcile.go

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index b805d3d8b..94ffca1c5 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -263,63 +263,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	oldGeneration := obj.Status.ObservedGeneration
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 
-	startHandleRequest := func(rr *kluctlv1.RequestResult, requestAnnotation string, setResult func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult), getLegacyOldValue func(status *kluctlv1.KluctlDeploymentStatus) string) (*kluctlv1.RequestResult, error) {
-		v, _ := obj.GetAnnotations()[requestAnnotation]
-		if v == "" {
-			return nil, nil
-		}
-		if rr == nil && getLegacyOldValue(&obj.Status) == v {
-			// legacy value in status is still present, and we never executed the new request status handling
-			// ensure that we don't accidentally re-process the request
-			t := metav1.Now()
-			rr = &kluctlv1.RequestResult{
-				RequestValue: v,
-				StartTime:    t,
-				EndTime:      &t,
-				ReconcileId:  "unknown",
-			}
-			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-				setResult(status, rr)
-				return nil
-			})
-			if err != nil {
-				return nil, err
-			}
-			return nil, nil
-		}
-		if rr == nil || rr.RequestValue != v {
-			rr = &kluctlv1.RequestResult{
-				RequestValue: v,
-				StartTime:    metav1.Now(),
-				ReconcileId:  reconcileId,
-			}
-			err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-				setResult(status, rr)
-				return nil
-			})
-			if err != nil {
-				return nil, err
-			}
-			return rr, nil
-		}
-		return nil, nil
-	}
-	finishHandleRequest := func(rr *kluctlv1.RequestResult, resultId string, commandErr error, setResult func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult)) error {
-		if rr == nil {
-			return nil
-		}
-		t := metav1.Now()
-		rr.EndTime = &t
-		rr.ResultId = resultId
-		if commandErr != nil {
-			rr.CommandError = commandErr.Error()
-		}
-		return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			setResult(status, rr)
-			return nil
-		})
-	}
-
 	setReconcileRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
 		status.ReconcileRequestResult = requestResult
 	}
@@ -336,31 +279,31 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		status.ValidateRequestResult = requestResult
 	}
 
-	curReconcileRequest, err := startHandleRequest(obj.Status.ReconcileRequestResult, kluctlv1.KluctlRequestReconcileAnnotation, setReconcileRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+	curReconcileRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ReconcileRequestResult, kluctlv1.KluctlRequestReconcileAnnotation, setReconcileRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledReconcileAt
 	})
 	if err != nil {
 		return doFailPrepare(err)
 	}
-	curDiffRequest, err := startHandleRequest(obj.Status.DiffRequestResult, kluctlv1.KluctlRequestDiffAnnotation, setDiffRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+	curDiffRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, kluctlv1.KluctlRequestDiffAnnotation, setDiffRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return ""
 	})
 	if err != nil {
 		return doFailPrepare(err)
 	}
-	curDeployRequest, err := startHandleRequest(obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+	curDeployRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledDeployAt
 	})
 	if err != nil {
 		return doFailPrepare(err)
 	}
-	curPruneRequest, err := startHandleRequest(obj.Status.PruneRequestResult, kluctlv1.KluctlRequestPruneAnnotation, setPruneRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+	curPruneRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.PruneRequestResult, kluctlv1.KluctlRequestPruneAnnotation, setPruneRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledPruneAt
 	})
 	if err != nil {
 		return doFailPrepare(err)
 	}
-	curValidateRequest, err := startHandleRequest(obj.Status.ValidateRequestResult, kluctlv1.KluctlRequestValidateAnnotation, setValidateRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
+	curValidateRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ValidateRequestResult, kluctlv1.KluctlRequestValidateAnnotation, setValidateRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledValidateAt
 	})
 	if err != nil {
@@ -374,23 +317,23 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = finishHandleRequest(curReconcileRequest, "", errIn, setReconcileRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", errIn, setReconcileRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = finishHandleRequest(curDiffRequest, "", errIn, setDiffRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curDiffRequest, "", errIn, setDiffRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = finishHandleRequest(curDeployRequest, "", errIn, setDeployRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curDeployRequest, "", errIn, setDeployRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = finishHandleRequest(curPruneRequest, "", errIn, setPruneRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curPruneRequest, "", errIn, setPruneRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = finishHandleRequest(curValidateRequest, "", errIn, setValidateRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curValidateRequest, "", errIn, setValidateRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
@@ -586,7 +529,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			log.Error(err, "Failed to write diff result")
 		}
 
-		err = finishHandleRequest(curDiffRequest, diffResult.Id, cmdErr, setDiffRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curDiffRequest, diffResult.Id, cmdErr, setDiffRequestResult)
 		if err != nil {
 			return nil, err
 		}
@@ -612,7 +555,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			r.updateResourceVersions(key, deployResult.Objects, nil)
 		}
 
-		err = finishHandleRequest(curDeployRequest, deployResult.Id, cmdErr, setDeployRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curDeployRequest, deployResult.Id, cmdErr, setDeployRequestResult)
 		if err != nil {
 			return nil, err
 		}
@@ -632,7 +575,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		// force full drift detection
 		r.updateResourceVersions(key, nil, nil)
 
-		err = finishHandleRequest(curPruneRequest, pruneResult.Id, cmdErr, setPruneRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curPruneRequest, pruneResult.Id, cmdErr, setPruneRequestResult)
 		if err != nil {
 			return nil, err
 		}
@@ -649,7 +592,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			log.Error(err, "Failed to write validate result")
 		}
 
-		err = finishHandleRequest(curValidateRequest, validateResult.Id, cmdErr, setValidateRequestResult)
+		err = r.finishHandleManualRequest(ctx, obj, curValidateRequest, validateResult.Id, cmdErr, setValidateRequestResult)
 		if err != nil {
 			return nil, err
 		}
@@ -685,7 +628,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 		err = fmt.Errorf(finalStatus)
 
-		patchErr = finishHandleRequest(curReconcileRequest, "", err, setReconcileRequestResult)
+		patchErr = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", err, setReconcileRequestResult)
 		if patchErr != nil {
 			err = multierror.Append(err, patchErr)
 			return nil, err
@@ -699,7 +642,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return &ctrlResult, err
 	}
 
-	patchErr = finishHandleRequest(curReconcileRequest, "", nil, setReconcileRequestResult)
+	patchErr = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", nil, setReconcileRequestResult)
 	if patchErr != nil {
 		return nil, patchErr
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
new file mode 100644
index 000000000..7e67f734e
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -0,0 +1,77 @@
+package controllers
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type setResultCallback func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult)
+type getLegacyOldValueCallback func(status *kluctlv1.KluctlDeploymentStatus) string
+
+func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string, rr *kluctlv1.RequestResult,
+	requestAnnotation string, setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback,
+) (*kluctlv1.RequestResult, error) {
+	key := client.ObjectKeyFromObject(obj)
+
+	v, _ := obj.GetAnnotations()[requestAnnotation]
+	if v == "" {
+		return nil, nil
+	}
+	if rr == nil && getLegacyOldValue(&obj.Status) == v {
+		// legacy value in status is still present, and we never executed the new request status handling
+		// ensure that we don't accidentally re-process the request
+		t := metav1.Now()
+		rr = &kluctlv1.RequestResult{
+			RequestValue: v,
+			StartTime:    t,
+			EndTime:      &t,
+			ReconcileId:  "unknown",
+		}
+		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			setResult(status, rr)
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+		return nil, nil
+	}
+	if rr == nil || rr.RequestValue != v {
+		rr = &kluctlv1.RequestResult{
+			RequestValue: v,
+			StartTime:    metav1.Now(),
+			ReconcileId:  reconcileId,
+		}
+		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			setResult(status, rr)
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+		return rr, nil
+	}
+	return nil, nil
+}
+
+func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Context,
+	obj *kluctlv1.KluctlDeployment, rr *kluctlv1.RequestResult, resultId string, commandErr error, setResult setResultCallback) error {
+	key := client.ObjectKeyFromObject(obj)
+
+	if rr == nil {
+		return nil
+	}
+	t := metav1.Now()
+	rr.EndTime = &t
+	rr.ResultId = resultId
+	if commandErr != nil {
+		rr.CommandError = commandErr.Error()
+	}
+	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+		setResult(status, rr)
+		return nil
+	})
+}

From 5d2413e17cb40cb938af1197565d23b469f9ffe1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 09:35:03 +0200
Subject: [PATCH 1771/2268] refactor: Move project key update into own func

---
 .../kluctldeployment_controller.go            | 39 +------------
 .../kluctldeployment_controller_status.go     | 55 +++++++++++++++++++
 2 files changed, 58 insertions(+), 36 deletions(-)
 create mode 100644 pkg/controllers/kluctldeployment_controller_status.go

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 94ffca1c5..5f2382e38 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -12,7 +12,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -24,7 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
 	kuberecorder "k8s.io/client-go/tools/record"
-	"path"
 	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -350,41 +348,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
-	var newProjectKey result.ProjectKey
-	if obj.Spec.Source.Git != nil {
-		newProjectKey = result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.Git.URL.RepoKey(),
-			SubDir:     path.Clean(obj.Spec.Source.Git.Path),
-		}
-	} else if obj.Spec.Source.Oci != nil {
-		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
-		if err != nil {
-			return doFailPrepare(err)
-		}
-		newProjectKey = result.ProjectKey{
-			OciRepoKey: repoKey,
-			SubDir:     path.Clean(obj.Spec.Source.Oci.Path),
-		}
-	} else if obj.Spec.Source.URL != nil {
-		newProjectKey = result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
-			SubDir:     path.Clean(obj.Spec.Source.Path),
-		}
-	} else {
-		return doFailPrepare(fmt.Errorf("missing source spec"))
-	}
-	if newProjectKey.SubDir == "." {
-		newProjectKey.SubDir = ""
-	}
-
-	// we patch the projectKey immediately so that the webui knows it asap
-	if obj.Status.ProjectKey == nil || *obj.Status.ProjectKey != newProjectKey {
-		patchErr = r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			status.ProjectKey = &newProjectKey
-			return nil
-		})
+	err = r.patchProjectKey(ctx, obj)
+	if err != nil {
+		return doFailPrepare(err)
 	}
-	obj.Status.ProjectKey = &newProjectKey
 
 	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
 	defer cancel()
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
new file mode 100644
index 000000000..da9e852dd
--- /dev/null
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -0,0 +1,55 @@
+package controllers
+
+import (
+	"context"
+	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"path"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *kluctlv1.KluctlDeployment) error {
+	key := client.ObjectKeyFromObject(obj)
+
+	var newProjectKey result.ProjectKey
+	if obj.Spec.Source.Git != nil {
+		newProjectKey = result.ProjectKey{
+			GitRepoKey: obj.Spec.Source.Git.URL.RepoKey(),
+			SubDir:     path.Clean(obj.Spec.Source.Git.Path),
+		}
+	} else if obj.Spec.Source.Oci != nil {
+		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
+		if err != nil {
+			return err
+		}
+		newProjectKey = result.ProjectKey{
+			OciRepoKey: repoKey,
+			SubDir:     path.Clean(obj.Spec.Source.Oci.Path),
+		}
+	} else if obj.Spec.Source.URL != nil {
+		newProjectKey = result.ProjectKey{
+			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
+			SubDir:     path.Clean(obj.Spec.Source.Path),
+		}
+	} else {
+		return fmt.Errorf("missing source spec")
+	}
+	if newProjectKey.SubDir == "." {
+		newProjectKey.SubDir = ""
+	}
+
+	// we patch the projectKey immediately so that the webui knows it asap
+	if obj.Status.ProjectKey == nil || *obj.Status.ProjectKey != newProjectKey {
+		patchErr := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			status.ProjectKey = &newProjectKey
+			return nil
+		})
+		if patchErr != nil {
+			return patchErr
+		}
+	}
+	obj.Status.ProjectKey = &newProjectKey
+	return nil
+}

From 05a214590cff5b150d45cf987c8cf824d82ac0c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 10:06:55 +0200
Subject: [PATCH 1772/2268] refactor: Move status/readiness patching into own
 funcs

---
 .../kluctldeployment_controller.go            | 94 +++++-------------
 .../kluctldeployment_controller_status.go     | 95 +++++++++++++++++++
 .../kluctldeployment_controller_utils.go      | 42 --------
 3 files changed, 121 insertions(+), 110 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 5f2382e38..9406028b0 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -15,10 +15,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
@@ -209,53 +207,14 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	r.exportDeploymentObjectToProm(obj)
 
-	// keep old status until we're doing real work (deploying, validating, ...)
-	oldReadyCondition := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition)
-
-	doReadyCondition := func(status metav1.ConditionStatus, reason, message string) error {
-		log.Info(fmt.Sprintf("updating readiness condition: status=%s, reason=%s, message=%s", status, reason, message))
-		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
-			setReadinessCondition(c, status, reason, message, obj.Generation)
-			apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
-			return nil
-		})
-	}
-
-	doFail := func(reason string, err error) (*ctrl.Result, error) {
-		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
-		patchErr := doReadyCondition(metav1.ConditionFalse, reason, err.Error())
-		if patchErr != nil {
-			err = multierror.Append(err, patchErr)
-		}
-		return nil, err
-	}
-
-	doFailPrepare := func(err error) (*ctrl.Result, error) {
-		obj.Status.LastPrepareError = err.Error()
-		return doFail(kluctlv1.PrepareFailedReason, err)
-	}
-
-	doProgressingCondition := func(message string, keepOldReadyStatus bool) error {
-		log.Info("progressing: " + message)
-		return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
-			if keepOldReadyStatus && oldReadyCondition != nil {
-				setReadinessCondition(c, oldReadyCondition.Status, oldReadyCondition.Reason, oldReadyCondition.Message, obj.Generation)
-			} else {
-				setReadinessCondition(c, metav1.ConditionUnknown, meta.ProgressingReason, "Reconciliation in progress", obj.Generation)
-			}
-			setReconcilingCondition(c, metav1.ConditionTrue, meta.ProgressingReason, message, obj.Generation)
-			return nil
-		})
-	}
-
-	patchErr := doProgressingCondition("Initializing", true)
+	patchErr := r.patchProgressingCondition(ctx, obj, "Initializing", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
 
 	err := r.applyOnetimePatch(ctx, obj)
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 
 	oldGeneration := obj.Status.ObservedGeneration
@@ -281,37 +240,36 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return status.LastHandledReconcileAt
 	})
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 	curDiffRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, kluctlv1.KluctlRequestDiffAnnotation, setDiffRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return ""
 	})
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 	curDeployRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledDeployAt
 	})
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 	curPruneRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.PruneRequestResult, kluctlv1.KluctlRequestPruneAnnotation, setPruneRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledPruneAt
 	})
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 	curValidateRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ValidateRequestResult, kluctlv1.KluctlRequestValidateAnnotation, setValidateRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledValidateAt
 	})
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 
-	origDoFailPrepare := doFailPrepare
-	doFailPrepare = func(errIn error) (*ctrl.Result, error) {
+	finishAllRequestsWithError := func(errIn error) error {
 		retErr := errIn
-		ret, err := origDoFailPrepare(errIn)
+		err := r.patchFailPrepare(ctx, obj, errIn)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
@@ -335,7 +293,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		return ret, retErr
+		return retErr
 	}
 
 	obj.Status.LastHandledReconcileAt = ""
@@ -343,14 +301,14 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastHandledPruneAt = ""
 	obj.Status.LastHandledValidateAt = ""
 
-	patchErr = doProgressingCondition("Preparing project", true)
+	patchErr = r.patchProgressingCondition(ctx, obj, "Preparing project", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
 
 	err = r.patchProjectKey(ctx, obj)
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 
 	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
@@ -359,11 +317,11 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastPrepareError = ""
 	pp, err := prepareProject(timeoutCtx, r, obj, true)
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 	defer pp.cleanup()
 
-	patchErr = doProgressingCondition("Loading project and target", true)
+	patchErr = r.patchProgressingCondition(ctx, obj, "Loading project and target", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
@@ -372,7 +330,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 	defer j2.Close()
 
@@ -380,14 +338,14 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	lp, err := pp.loadKluctlProject(timeoutCtx, pt, j2)
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 
 	targetContext, err := pt.loadTarget(timeoutCtx, lp)
 	if targetContext != nil {
 		clusterId, err := targetContext.SharedContext.K.GetClusterId()
 		if err != nil {
-			return doFailPrepare(err)
+			return nil, finishAllRequestsWithError(err)
 		}
 		newTargetKey := result.TargetKey{
 			TargetName:    targetContext.Target.Name,
@@ -404,12 +362,12 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		obj.Status.TargetKey = &newTargetKey
 	}
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 
 	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
 	if err != nil {
-		return doFailPrepare(err)
+		return nil, finishAllRequestsWithError(err)
 	}
 
 	needDiff := false
@@ -485,7 +443,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 
 	if needDiff {
-		patchErr = doProgressingCondition("Performing diff", false)
+		patchErr = r.patchProgressingCondition(ctx, obj, "Performing diff", false)
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -504,7 +462,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 
 	var deployResult *result.CommandResult
 	if needDeploy {
-		patchErr = doProgressingCondition(fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
+		patchErr = r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -529,7 +487,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	if needPrune {
-		patchErr = doProgressingCondition("Performing kluctl prune", false)
+		patchErr = r.patchProgressingCondition(ctx, obj, "Performing kluctl prune", false)
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -549,7 +507,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	if needValidate {
-		patchErr = doProgressingCondition("Performing kluctl validate", false)
+		patchErr = r.patchProgressingCondition(ctx, obj, "Performing kluctl validate", false)
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -566,7 +524,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	if needDriftDetection {
-		patchErr = doProgressingCondition("Performing drift detection", false)
+		patchErr = r.patchProgressingCondition(ctx, obj, "Performing drift detection", false)
 		if patchErr != nil {
 			return nil, patchErr
 		}
@@ -601,7 +559,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			return nil, err
 		}
 
-		patchErr = doReadyCondition(metav1.ConditionFalse, reason, finalStatus)
+		patchErr = r.patchReadyCondition(ctx, obj, metav1.ConditionFalse, reason, finalStatus)
 		if patchErr != nil {
 			err = multierror.Append(err, patchErr)
 			return nil, err
@@ -615,7 +573,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(1.0)
-	patchErr = doReadyCondition(metav1.ConditionTrue, reason, finalStatus)
+	patchErr = r.patchReadyCondition(ctx, obj, metav1.ConditionTrue, reason, finalStatus)
 	if patchErr != nil {
 		return nil, patchErr
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index da9e852dd..e869df7e8 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -3,13 +3,68 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"k8s.io/apimachinery/pkg/api/errors"
+	apimeta "k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"path"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
+func (r *KluctlDeploymentReconciler) patchReadyCondition(ctx context.Context, obj *kluctlv1.KluctlDeployment, status metav1.ConditionStatus, reason, message string) error {
+	log := ctrl.LoggerFrom(ctx)
+	key := client.ObjectKeyFromObject(obj)
+
+	log.Info(fmt.Sprintf("updating readiness condition: status=%s, reason=%s, message=%s", status, reason, message))
+	return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+		setReadinessCondition(c, status, reason, message, obj.Generation)
+		apimeta.RemoveStatusCondition(c, meta.ReconcilingCondition)
+		return nil
+	})
+}
+
+// patchFail returns the original error + patchErr if required
+func (r *KluctlDeploymentReconciler) patchFail(ctx context.Context, obj *kluctlv1.KluctlDeployment, reason string, err error) error {
+	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
+	patchErr := r.patchReadyCondition(ctx, obj, metav1.ConditionFalse, reason, err.Error())
+	if patchErr != nil {
+		err = multierror.Append(err, patchErr)
+	}
+	return err
+}
+
+func (r *KluctlDeploymentReconciler) patchFailPrepare(ctx context.Context, obj *kluctlv1.KluctlDeployment, err error) error {
+	obj.Status.LastPrepareError = err.Error()
+	return r.patchFail(ctx, obj, kluctlv1.PrepareFailedReason, err)
+}
+
+func (r *KluctlDeploymentReconciler) patchProgressingCondition(ctx context.Context, obj *kluctlv1.KluctlDeployment, message string, keepOldReadyStatus bool) error {
+	log := ctrl.LoggerFrom(ctx)
+	key := client.ObjectKeyFromObject(obj)
+
+	// keep old status until we're doing real work (deploying, validating, ...)
+	oldReadyCondition := apimeta.FindStatusCondition(obj.GetConditions(), meta.ReadyCondition)
+
+	log.Info("progressing: " + message)
+	return r.patchCondition(ctx, key, func(c *[]metav1.Condition) error {
+		if keepOldReadyStatus && oldReadyCondition != nil {
+			setReadinessCondition(c, oldReadyCondition.Status, oldReadyCondition.Reason, oldReadyCondition.Message, obj.Generation)
+		} else {
+			setReadinessCondition(c, metav1.ConditionUnknown, meta.ProgressingReason, "Reconciliation in progress", obj.Generation)
+		}
+		setReconcilingCondition(c, metav1.ConditionTrue, meta.ProgressingReason, message, obj.Generation)
+		return nil
+	})
+}
+
 func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *kluctlv1.KluctlDeployment) error {
 	key := client.ObjectKeyFromObject(obj)
 
@@ -53,3 +108,43 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 	obj.Status.ProjectKey = &newProjectKey
 	return nil
 }
+
+func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
+	backoff := wait.Backoff{
+		Steps:    5,
+		Duration: 100 * time.Millisecond,
+		Jitter:   1.0,
+	}
+
+	return wait.ExponentialBackoff(backoff, func() (bool, error) {
+		var latest kluctlv1.KluctlDeployment
+		err := r.Client.Get(ctx, key, &latest)
+		if err != nil {
+			return false, err
+		}
+
+		statusPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
+
+		err = updateStatus(&latest.Status)
+		if err != nil {
+			return false, err
+		}
+
+		err = r.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
+		if err != nil {
+			if errors.IsConflict(err) {
+				// retry
+				return false, nil
+			}
+			return false, err
+		}
+
+		return true, nil
+	})
+}
+
+func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
+	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+		return updateConditions(&status.Conditions)
+	})
+}
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index a56b6f998..aa11e28d4 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -4,10 +4,8 @@ import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
-	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/tools/reference"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -97,43 +95,3 @@ func (r *KluctlDeploymentReconciler) recordDuration(ctx context.Context, obj *kl
 
 	r.MetricsRecorder.RecordDuration(*objRef, startTime)
 }
-
-func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
-	backoff := wait.Backoff{
-		Steps:    5,
-		Duration: 100 * time.Millisecond,
-		Jitter:   1.0,
-	}
-
-	return wait.ExponentialBackoff(backoff, func() (bool, error) {
-		var latest kluctlv1.KluctlDeployment
-		err := r.Client.Get(ctx, key, &latest)
-		if err != nil {
-			return false, err
-		}
-
-		statusPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
-
-		err = updateStatus(&latest.Status)
-		if err != nil {
-			return false, err
-		}
-
-		err = r.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
-		if err != nil {
-			if errors.IsConflict(err) {
-				// retry
-				return false, nil
-			}
-			return false, err
-		}
-
-		return true, nil
-	})
-}
-
-func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
-	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-		return updateConditions(&status.Conditions)
-	})
-}

From ce4860106092212ce0fc5a5999cca05b5df3bb2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 14:03:28 +0200
Subject: [PATCH 1773/2268] refactor: Use non-anonymous Client member

---
 pkg/controllers/kluctl_project.go                    |  4 ++--
 pkg/controllers/kluctldeployment_controller.go       | 12 ++++++------
 .../kluctldeployment_controller_source.go            |  6 +++---
 .../kluctldeployment_controller_status.go            |  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index b16d3ddaa..a1c49356a 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -245,7 +245,7 @@ func (pt *preparedTarget) getKubeconfigFromSecret(ctx context.Context) ([]byte,
 	}
 
 	var secret corev1.Secret
-	if err := pt.pp.r.Get(ctx, secretName, &secret); err != nil {
+	if err := pt.pp.r.Client.Get(ctx, secretName, &secret); err != nil {
 		return nil, fmt.Errorf("unable to read KubeConfig secret '%s' error: %w", secretName.String(), err)
 	}
 
@@ -510,7 +510,7 @@ func (pp *preparedProject) addSecretBasedKeyServers(ctx context.Context, d *decr
 	}
 
 	var secret corev1.Secret
-	if err := pp.r.Get(ctx, secretName, &secret); err != nil {
+	if err := pp.r.Client.Get(ctx, secretName, &secret); err != nil {
 		if apierrors.IsNotFound(err) {
 			return err
 		}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 9406028b0..4031c0e1f 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -31,8 +31,8 @@ import (
 )
 
 type KluctlDeploymentReconciler struct {
-	client.Client
 	RestConfig            *rest.Config
+	Client                client.Client
 	Scheme                *runtime.Scheme
 	EventRecorder         kuberecorder.EventRecorder
 	MetricsRecorder       *metrics.Recorder
@@ -72,7 +72,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}, false))
 
 	obj := &kluctlv1.KluctlDeployment{}
-	if err := r.Get(ctx, req.NamespacedName, obj); err != nil {
+	if err := r.Client.Get(ctx, req.NamespacedName, obj); err != nil {
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
@@ -89,7 +89,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	if !controllerutil.ContainsFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer) {
 		patch := client.MergeFrom(obj.DeepCopy())
 		controllerutil.AddFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
-		if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+		if err := r.Client.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 			log.Error(err, "unable to register finalizer")
 			return ctrl.Result{}, err
 		}
@@ -120,7 +120,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	// now patch all the other changes to the status
-	if err := r.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+	if err := r.Client.Status().Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 		return ctrl.Result{}, err
 	}
 
@@ -187,7 +187,7 @@ func (r *KluctlDeploymentReconciler) applyOnetimePatch(ctx context.Context, obj
 	if a != nil {
 		delete(a, kluctlv1.KluctlOnetimePatchAnnotation)
 		patchedObj.SetAnnotations(a)
-		err = r.Patch(ctx, patchedObj.DeepCopy(), ap, client.FieldOwner(r.ControllerName))
+		err = r.Client.Patch(ctx, patchedObj.DeepCopy(), ap, client.FieldOwner(r.ControllerName))
 		if err != nil {
 			return err
 		}
@@ -766,7 +766,7 @@ func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1
 	// Remove our finalizer from the list and update it
 	patch := client.MergeFrom(obj.DeepCopy())
 	controllerutil.RemoveFinalizer(obj, kluctlv1.KluctlDeploymentFinalizer)
-	if err := r.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
+	if err := r.Client.Patch(ctx, obj, patch, client.FieldOwner(r.ControllerName)); err != nil {
 		return ctrl.Result{}, err
 	}
 
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index ae3e61880..1fc7c7646 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -103,7 +103,7 @@ func (r *KluctlDeploymentReconciler) getGitSecrets(ctx context.Context, source k
 			host = "*"
 		}
 		var secret corev1.Secret
-		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
+		err := r.Client.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
 			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
@@ -147,7 +147,7 @@ func (r *KluctlDeploymentReconciler) getOciSecrets(ctx context.Context, credenti
 
 	loadCredentials := func(deprecatedSecret bool, registry string, repo string, secretName string) error {
 		var secret corev1.Secret
-		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
+		err := r.Client.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
 			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
@@ -174,7 +174,7 @@ func (r *KluctlDeploymentReconciler) getHelmSecrets(ctx context.Context, obj *kl
 
 	loadCredentials := func(host string, path string, secretName string) error {
 		var secret corev1.Secret
-		err := r.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
+		err := r.Client.Get(ctx, client.ObjectKey{Namespace: objNs, Name: secretName}, &secret)
 		if err != nil {
 			return fmt.Errorf("failed to get secret '%s': %w", secretName, err)
 		}
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index e869df7e8..c3ec31554 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -130,7 +130,7 @@ func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client
 			return false, err
 		}
 
-		err = r.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
+		err = r.Client.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
 		if err != nil {
 			if errors.IsConflict(err) {
 				// retry

From b4925a620999ddb958ec00df931c59e0963a95fe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 14:23:27 +0200
Subject: [PATCH 1774/2268] fix: Use non-cached ApiReader to get
 KluctlDeployments in the reconcile loop

---
 cmd/kluctl/commands/cmd_controller_run.go             | 1 +
 pkg/controllers/kluctldeployment_controller.go        | 5 ++++-
 pkg/controllers/kluctldeployment_controller_status.go | 1 +
 pkg/controllers/kluctldeployment_controller_utils.go  | 2 +-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 0f764b952..fd4a736b9 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -157,6 +157,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		DefaultServiceAccount: cmd.DefaultServiceAccount,
 		DryRun:                cmd.DryRun,
 		RestConfig:            restConfig,
+		ApiReader:             mgr.GetAPIReader(),
 		Client:                mgr.GetClient(),
 		Scheme:                mgr.GetScheme(),
 		EventRecorder:         eventRecorder,
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 4031c0e1f..68fbbfe40 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -33,6 +33,7 @@ import (
 type KluctlDeploymentReconciler struct {
 	RestConfig            *rest.Config
 	Client                client.Client
+	ApiReader             client.Reader
 	Scheme                *runtime.Scheme
 	EventRecorder         kuberecorder.EventRecorder
 	MetricsRecorder       *metrics.Recorder
@@ -72,7 +73,9 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}, false))
 
 	obj := &kluctlv1.KluctlDeployment{}
-	if err := r.Client.Get(ctx, req.NamespacedName, obj); err != nil {
+	// we must use ApiReader here to ensure that we don't get stale objects from the cache, which can easily happen
+	// if the previous reconciliation loop modified the object itself
+	if err := r.ApiReader.Get(ctx, req.NamespacedName, obj); err != nil {
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index c3ec31554..0e2be91f1 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -118,6 +118,7 @@ func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client
 
 	return wait.ExponentialBackoff(backoff, func() (bool, error) {
 		var latest kluctlv1.KluctlDeployment
+		// we're not using r.ApiReader here because the patch+optimistic-lock already prevents us from updating an outdated object
 		err := r.Client.Get(ctx, key, &latest)
 		if err != nil {
 			return false, err
diff --git a/pkg/controllers/kluctldeployment_controller_utils.go b/pkg/controllers/kluctldeployment_controller_utils.go
index aa11e28d4..fd99b2034 100644
--- a/pkg/controllers/kluctldeployment_controller_utils.go
+++ b/pkg/controllers/kluctldeployment_controller_utils.go
@@ -41,7 +41,7 @@ func (r *KluctlDeploymentReconciler) recordReadiness(ctx context.Context, obj *k
 
 	// make sure we use the latest conditions
 	var latest kluctlv1.KluctlDeployment
-	err := r.Client.Get(ctx, client.ObjectKeyFromObject(obj), &latest)
+	err := r.ApiReader.Get(ctx, client.ObjectKeyFromObject(obj), &latest)
 	if err != nil {
 		return
 	}

From e6d2f21210b57c8072e46640857a48692cea7f65 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 14:23:44 +0200
Subject: [PATCH 1775/2268] fix: Fix crash in ProxyServerImpl.Stop()

---
 pkg/sourceoverride/proxyserver.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index 7404d6368..7ffb090af 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -42,10 +42,13 @@ type wrappedRequest struct {
 }
 
 func NewProxyServerImpl(ctx context.Context) *ProxyServerImpl {
-	return &ProxyServerImpl{
+	m := &ProxyServerImpl{
 		ctx:         ctx,
 		connections: map[string]*ProxyConnection{},
 	}
+	m.grpcServer = grpc.NewServer(grpc.MaxRecvMsgSize(maxMsgSize))
+	RegisterProxyServer(m.grpcServer, m)
+	return m
 }
 
 func (m *ProxyServerImpl) Start(addr string) error {
@@ -53,8 +56,6 @@ func (m *ProxyServerImpl) Start(addr string) error {
 	if err != nil {
 		return err
 	}
-	m.grpcServer = grpc.NewServer(grpc.MaxRecvMsgSize(maxMsgSize))
-	RegisterProxyServer(m.grpcServer, m)
 
 	err = m.grpcServer.Serve(is)
 	if err != nil {

From ccb60fb0b29247cb38c9bc4b032a2ab2a156de37 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 14:24:03 +0200
Subject: [PATCH 1776/2268] tests: Log when waiting for a commit is finished

---
 e2e/gitops_suite_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 0f0d30e7c..fb8f54a0b 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -188,6 +188,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 			suite.T().Logf("%s: commit %s does mot match %s", reconcileId, kd.Status.ObservedCommit, commit)
 			return false
 		}
+		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
 }

From 5366bc1554e3ade99d7fb08322a7b16d2274b625 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 17:22:33 +0200
Subject: [PATCH 1777/2268] fix: Skip handling of registry/helm credentials via
 viper

These are already handled by the auth providers.
---
 cmd/kluctl/args/helm_credentials.go     | 20 ++++++++++----------
 cmd/kluctl/args/registry_credentials.go | 22 +++++++++++-----------
 cmd/kluctl/commands/cobra_utils.go      |  7 +++++++
 cmd/kluctl/commands/root.go             | 17 ++++++++++-------
 4 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index 510d30ce3..d9d470833 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -12,13 +12,13 @@ import (
 )
 
 type HelmCredentials struct {
-	HelmUsername              []string `group:"helm" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmPassword              []string `group:"helm" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmKeyFile               []string `group:"helm" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCertFile              []string `group:"helm" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCAFile                []string `group:"helm" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmInsecureSkipTlsVerify []string `group:"helm" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
-	HelmCreds                 []string `group:"helm" help:"This is a shortcut to --helm-username and --helm-password. Must be in the form --helm-creds=<host>/<path>=<username>:<password>, which specifies the username and password for the same repository."`
+	HelmUsername              []string `group:"helm" skipenv:"true" help:"Specify username to use for Helm Repository authentication. Must be in the form --helm-username=<host>/<path>=<username> or in the deprecated form --helm-username=<credentialsId>:<username>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmPassword              []string `group:"helm" skipenv:"true" help:"Specify password to use for Helm Repository authentication. Must be in the form --helm-password=<host>/<path>=<password> or in the deprecated form --helm-password=<credentialsId>:<password>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmKeyFile               []string `group:"helm" skipenv:"true" help:"Specify client certificate to use for Helm Repository authentication. Must be in the form --helm-key-file=<host>/<path>=<filePath> or in the deprecated form --helm-key-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCertFile              []string `group:"helm" skipenv:"true" help:"Specify key to use for Helm Repository authentication. Must be in the form --helm-cert-file=<host>/<path>=<filePath> or in the deprecated form --helm-cert-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCAFile                []string `group:"helm" skipenv:"true" help:"Specify ca bundle certificate to use for Helm Repository authentication. Must be in the form --helm-ca-file=<host>/<path>=<filePath> or in the deprecated form --helm-ca-file=<credentialsId>:<filePath>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmInsecureSkipTlsVerify []string `group:"helm" skipenv:"true" help:"Controls skipping of TLS verification. Must be in the form --helm-insecure-skip-tls-verify=<host>/<path> or in the deprecated form --helm-insecure-skip-tls-verify=<credentialsId>, where <credentialsId> must match the id specified in the helm-chart.yaml."`
+	HelmCreds                 []string `group:"helm" skipenv:"true" help:"This is a shortcut to --helm-username and --helm-password. Must be in the form --helm-creds=<host>/<path>=<username>:<password>, which specifies the username and password for the same repository."`
 }
 
 func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.HelmAuthProvider, error) {
@@ -27,8 +27,8 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 		return la, nil
 	}
 
-	var byCredentialId utils.OrderedMap[*helm_auth.AuthEntry]
-	var byHostPath utils.OrderedMap[*helm_auth.AuthEntry]
+	var byCredentialId utils.OrderedMap[string, *helm_auth.AuthEntry]
+	var byHostPath utils.OrderedMap[string, *helm_auth.AuthEntry]
 
 	getDeprecatedEntry := func(s string) (*helm_auth.AuthEntry, string, bool) {
 		x := strings.Split(s, ":")
@@ -57,7 +57,7 @@ func (c *HelmCredentials) BuildAuthProvider(ctx context.Context) (helm_auth.Helm
 
 		x := strings.SplitN(s, "=", 2)
 		if expectValue && len(x) != 2 {
-			return nil, "", fmt.Errorf("expected value")
+			return nil, "", fmt.Errorf("expected value: %s", s)
 		}
 
 		k := x[0]
diff --git a/cmd/kluctl/args/registry_credentials.go b/cmd/kluctl/args/registry_credentials.go
index 5876c4736..7262da506 100644
--- a/cmd/kluctl/args/registry_credentials.go
+++ b/cmd/kluctl/args/registry_credentials.go
@@ -11,18 +11,18 @@ import (
 )
 
 type RegistryCredentials struct {
-	RegistryUsername      []string `group:"registry" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
-	RegistryPassword      []string `group:"registry" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
-	RegistryIdentityToken []string `group:"registry" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
-	RegistryToken         []string `group:"registry" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
-	RegistryCreds         []string `group:"registry" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
+	RegistryUsername      []string `group:"registry" skipenv:"true" help:"Specify username to use for OCI authentication. Must be in the form --registry-username=<registry>/<repo>=<username>."`
+	RegistryPassword      []string `group:"registry" skipenv:"true" help:"Specify password to use for OCI authentication. Must be in the form --registry-password=<registry>/<repo>=<password>."`
+	RegistryIdentityToken []string `group:"registry" skipenv:"true" help:"Specify identity token to use for OCI authentication. Must be in the form --registry-identity-token=<registry>/<repo>=<identity-token>."`
+	RegistryToken         []string `group:"registry" skipenv:"true" help:"Specify registry token to use for OCI authentication. Must be in the form --registry-token=<registry>/<repo>=<token>."`
+	RegistryCreds         []string `group:"registry" skipenv:"true" help:"This is a shortcut to --registry-username, --registry-password and --registry-token. It can be specified in two different forms. The first one is --registry-creds=<registry>/<repo>=<username>:<password>, which specifies the username and password for the same registry. The second form is --registry-creds=<registry>/<repo>=<token>, which specifies a JWT token for the specified registry."`
 
-	RegistryKeyFile  []string `group:"registry" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
-	RegistryCertFile []string `group:"registry" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
-	RegistryCAFile   []string `group:"registry" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
+	RegistryKeyFile  []string `group:"registry" skipenv:"true" help:"Specify key to use for OCI authentication. Must be in the form --registry-key-file=<registry>/<repo>=<filePath>."`
+	RegistryCertFile []string `group:"registry" skipenv:"true" help:"Specify certificate to use for OCI authentication. Must be in the form --registry-cert-file=<registry>/<repo>=<filePath>."`
+	RegistryCAFile   []string `group:"registry" skipenv:"true" help:"Specify CA bundle to use for https verification. Must be in the form --registry-ca-file=<registry>/<repo>=<filePath>."`
 
-	RegistryPlainHttp             []string `group:"registry" help:"Forces the use of http (no TLS). Must be in the form --registry-plain-http=<registry>/<repo>."`
-	RegistryInsecureSkipTlsVerify []string `group:"registry" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
+	RegistryPlainHttp             []string `group:"registry" skipenv:"true" help:"Forces the use of http (no TLS). Must be in the form --registry-plain-http=<registry>/<repo>."`
+	RegistryInsecureSkipTlsVerify []string `group:"registry" skipenv:"true" help:"Controls skipping of TLS verification. Must be in the form --registry-insecure-skip-tls-verify=<registry>/<repo>."`
 }
 
 func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provider.OciAuthProvider, error) {
@@ -31,7 +31,7 @@ func (c *RegistryCredentials) BuildAuthProvider(ctx context.Context) (auth_provi
 		return la, nil
 	}
 
-	var byRegistryAndRepo utils.OrderedMap[*auth_provider.AuthEntry]
+	var byRegistryAndRepo utils.OrderedMap[string, *auth_provider.AuthEntry]
 
 	getEntry := func(s string, expectValue bool) (*auth_provider.AuthEntry, string, error) {
 		x := strings.SplitN(s, "=", 2)
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index a48133949..394a2c582 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -160,6 +160,7 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 	shortFlag := f.Tag.Get("short")
 	defaultValue := f.Tag.Get("default")
 	required := f.Tag.Get("required") == "true"
+	skipEnv := f.Tag.Get("skipenv")
 
 	group := groupOverride
 	if group == "" {
@@ -232,6 +233,8 @@ func (c *rootCommand) buildCobraArg(cg *commandAndGroups, f reflect.StructField,
 		_ = cg.cmd.MarkPersistentFlagRequired(name)
 	}
 
+	_ = cg.cmd.PersistentFlags().SetAnnotation(name, "skipenv", []string{skipEnv})
+
 	return nil
 }
 
@@ -249,6 +252,10 @@ func copyViperValuesToCobraCmd(cmd *cobra.Command) error {
 func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 	var errs *multierror.Error
 	flags.VisitAll(func(flag *pflag.Flag) {
+		if a := flag.Annotations["skipenv"]; len(a) != 0 && a[0] == "true" {
+			return
+		}
+
 		sliceValue, _ := flag.Value.(pflag.SliceValue)
 		if flag.Changed && sliceValue == nil {
 			return
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index f57e07a21..ccbfa7ea7 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -243,7 +243,7 @@ func (c *cli) Run(ctx context.Context) error {
 	return flag.ErrHelp
 }
 
-func initViper(ctx context.Context) {
+func initViper() {
 	viper.SetConfigName("config")
 	viper.SetConfigType("yaml")
 	viper.AddConfigPath("/etc/kluctl/")
@@ -260,8 +260,6 @@ func Main() {
 	colorable.EnableColorsStdout(nil)
 	ctx := context.Background()
 
-	initViper(ctx)
-
 	didSetupStatusHandler := false
 
 	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
@@ -269,10 +267,6 @@ func Main() {
 		if err != nil {
 			return ctx, err
 		}
-		err = copyViperValuesToCobraCmd(cmd)
-		if err != nil {
-			return ctx, err
-		}
 		err = setupProfiling(flags.CpuProfile)
 		if err != nil {
 			return ctx, err
@@ -351,6 +345,11 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 			c.SetContext(ctx)
 		}
 
+		err = copyViperValuesToCobraCmd(cmd)
+		if err != nil {
+			return err
+		}
+
 		if preRun != nil {
 			ctx, err = preRun(ctx, cmd, &root.GlobalFlags)
 			if ctx != nil {
@@ -367,3 +366,7 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 
 	return rootCmd.Execute()
 }
+
+func init() {
+	initViper()
+}

From 510509175bd1fa24f22edc83121adb7503102db7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 17:23:50 +0200
Subject: [PATCH 1778/2268] tests: Paralellise helm tests that set creds via
 environment

---
 cmd/kluctl/commands/completion.go    |  6 +--
 e2e/args_test.go                     | 14 +++---
 e2e/gitops_helm_test.go              |  2 +-
 e2e/helm_test.go                     | 67 +++++++++++++++++-----------
 e2e/seal_test.go                     | 15 ++++---
 e2e/sops_test.go                     |  3 +-
 e2e/test_project/project.go          | 19 +++++---
 pkg/deployment/deployment_item.go    |  2 +-
 pkg/deployment/deployment_project.go |  4 +-
 pkg/utils/ordered_map.go             | 50 ++++++++++++---------
 10 files changed, 109 insertions(+), 73 deletions(-)

diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index d64a68ca9..66588ba7e 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -119,8 +119,8 @@ func buildInclusionCompletionFunc(ctx context.Context, cmdStruct interface{}, fo
 	return func(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		ptArgs := buildAutocompleteProjectTargetCommandArgs(cmdStruct)
 
-		var tags utils.OrderedMap[bool]
-		var deploymentItemDirs utils.OrderedMap[bool]
+		var tags utils.OrderedMap[string, bool]
+		var deploymentItemDirs utils.OrderedMap[string, bool]
 		var mutex sync.Mutex
 
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
@@ -174,7 +174,7 @@ func buildImagesCompletionFunc(ctx context.Context, cmdStruct interface{}) func(
 			return nil, cobra.ShellCompDirectiveDefault
 		}
 
-		var images utils.OrderedMap[bool]
+		var images utils.OrderedMap[string, bool]
 		var mutex sync.Mutex
 
 		err := withProjectForCompletion(ctx, &ptArgs.projectFlags, &ptArgs.argsFlags, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
diff --git a/e2e/args_test.go b/e2e/args_test.go
index 906dc8336..ccc2cdd60 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -122,11 +122,11 @@ func TestArgsFromEnv(t *testing.T) {
 	k := defaultCluster1
 
 	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
-	p.AddExtraEnv("KLUCTL_ARG=a=a")
-	p.AddExtraEnv("KLUCTL_ARG_1=b=b")
-	p.AddExtraEnv(`KLUCTL_ARG_2=c={"nested":{"nested2":"c"}}`)
-	p.AddExtraEnv("KLUCTL_ARG_3=d=true")
-	p.AddExtraEnv("KLUCTL_ARG_4=e='true'")
+	p.SetEnv("KLUCTL_ARG", "a=a")
+	p.SetEnv("KLUCTL_ARG_1", "b=b")
+	p.SetEnv("KLUCTL_ARG_2", `c={"nested":{"nested2":"c"}}`)
+	p.SetEnv("KLUCTL_ARG_3", "d=true")
+	p.SetEnv("KLUCTL_ARG_4", "e='true'")
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -157,8 +157,8 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 	k := defaultCluster1
 
 	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
-	p.AddExtraEnv("KLUCTL_ARG_1=a=a")
-	p.AddExtraEnv("KLUCTL_ARG_2=c=c")
+	p.SetEnv("KLUCTL_ARG_1", "a=a")
+	p.SetEnv("KLUCTL_ARG_2", "c=c")
 
 	createNamespace(t, k, p.TestSlug())
 
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 6c90fb9b6..4f69e6ce9 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -24,7 +24,7 @@ func TestGitOpsHelm(t *testing.T) {
 func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	g := NewWithT(suite.T())
 
-	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull)
+	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull, false)
 	if err != nil {
 		if tc.expectedError == "" {
 			assert.Fail(suite.T(), "did not expect error")
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 1ca0cf1a7..7a02f509d 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -251,63 +251,71 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 	return ret
 }
 
-func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, repo *test_utils.TestHelmRepo) {
+func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestProject, repo *test_utils.TestHelmRepo) {
+	setEnv := func(k string, v string) {
+		if p.IsUseProcess() {
+			p.SetEnv(k, v)
+		} else {
+			t.Setenv(k, v)
+		}
+	}
+
 	if tc.oci {
 		if tc.argCredsHost != "" {
-			t.Setenv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
+			setEnv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
 		}
 		if tc.argCredsPath != "" {
-			t.Setenv("KLUCTL_REGISTRY_REPOSITORY", tc.argCredsPath)
+			setEnv("KLUCTL_REGISTRY_REPOSITORY", tc.argCredsPath)
 		}
 		if tc.argUsername != "" {
-			t.Setenv("KLUCTL_REGISTRY_USERNAME", tc.argUsername)
+			setEnv("KLUCTL_REGISTRY_USERNAME", tc.argUsername)
 		}
 		if tc.argPassword != "" {
-			t.Setenv("KLUCTL_REGISTRY_PASSWORD", tc.argPassword)
+			setEnv("KLUCTL_REGISTRY_PASSWORD", tc.argPassword)
 		}
 		if !repo.TLSEnabled {
-			t.Setenv("KLUCTL_REGISTRY_PLAIN_HTTP", "true")
+			setEnv("KLUCTL_REGISTRY_PLAIN_HTTP", "true")
 		}
 		if tc.argPassCA {
-			t.Setenv("KLUCTL_REGISTRY_CA_FILE", newTmpFile(t, repo.ServerCAs))
+			setEnv("KLUCTL_REGISTRY_CA_FILE", newTmpFile(t, repo.ServerCAs))
 		}
 		if tc.argPassClientCert {
-			t.Setenv("KLUCTL_REGISTRY_CERT_FILE", newTmpFile(t, repo.ClientCert))
-			t.Setenv("KLUCTL_REGISTRY_KEY_FILE", newTmpFile(t, repo.ClientKey))
+			setEnv("KLUCTL_REGISTRY_CERT_FILE", newTmpFile(t, repo.ClientCert))
+			setEnv("KLUCTL_REGISTRY_KEY_FILE", newTmpFile(t, repo.ClientKey))
 		}
 	} else {
 		if tc.argCredsId != "" {
-			t.Setenv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
+			setEnv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
 		}
 		if tc.argCredsHost != "" {
-			t.Setenv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
+			setEnv("KLUCTL_HELM_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
 		}
 		if tc.argCredsPath != "" {
-			t.Setenv("KLUCTL_HELM_PATH", tc.argCredsPath)
+			setEnv("KLUCTL_HELM_PATH", tc.argCredsPath)
 		}
 		if tc.argUsername != "" {
-			t.Setenv("KLUCTL_HELM_USERNAME", tc.argUsername)
+			setEnv("KLUCTL_HELM_USERNAME", tc.argUsername)
 		}
 		if tc.argPassword != "" {
-			t.Setenv("KLUCTL_HELM_PASSWORD", tc.argPassword)
+			setEnv("KLUCTL_HELM_PASSWORD", tc.argPassword)
 		}
 		if tc.argPassCA {
-			t.Setenv("KLUCTL_HELM_CA_FILE", newTmpFile(t, repo.ServerCAs))
+			setEnv("KLUCTL_HELM_CA_FILE", newTmpFile(t, repo.ServerCAs))
 		}
 		if tc.argPassClientCert {
-			t.Setenv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.ClientCert))
-			t.Setenv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.ClientKey))
+			setEnv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.ClientCert))
+			setEnv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.ClientKey))
 		}
 	}
 	// add a fallback that enables plain_http in case we have no matching creds
 	if tc.oci && !repo.TLSEnabled {
-		t.Setenv("KLUCTL_REGISTRY_1_HOST", repo.URL.Host)
-		t.Setenv("KLUCTL_REGISTRY_1_PLAIN_HTTP", "true")
+		setEnv("KLUCTL_REGISTRY_1_HOST", repo.URL.Host)
+		setEnv("KLUCTL_REGISTRY_1_PLAIN_HTTP", "true")
 	}
 }
 
-func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool) (*test_project.TestProject, *test_utils.TestHelmRepo, error) {
-	p := test_project.NewTestProject(t)
+func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool, useProcess bool) (*test_project.TestProject, *test_utils.TestHelmRepo, error) {
+	p := test_project.NewTestProject(t, test_project.WithUseProcess(useProcess))
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -374,12 +382,17 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 }
 
 func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool) {
-	if !credsViaEnv {
+	useProcess := credsViaEnv
+
+	// uncomment this if you want to debug this when credsViaEnv==true
+	// useProcess = false
+
+	if !credsViaEnv || useProcess {
 		t.Parallel()
 	}
 
 	k := defaultCluster1
-	p, repo, err := prepareHelmTestCase(t, k, tc, prePull)
+	p, repo, err := prepareHelmTestCase(t, k, tc, prePull, useProcess)
 	if err != nil {
 		if tc.expectedError == "" {
 			assert.Fail(t, "did not expect error")
@@ -389,7 +402,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 
 	args := []string{"deploy", "--yes", "-t", "test"}
 	if credsViaEnv {
-		buildHelmTestEnvVars(t, tc, repo)
+		buildHelmTestEnvVars(t, tc, p, repo)
 	} else {
 		args = append(args, buildHelmTestExtraArgs(t, tc, repo)...)
 	}
@@ -402,7 +415,11 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 		assert.Contains(t, stderr, pullMessage)
 	}
 	if tc.expectedError != "" {
-		assert.ErrorContains(t, err, tc.expectedError)
+		if useProcess {
+			assert.Contains(t, stderr, tc.expectedError)
+		} else {
+			assert.ErrorContains(t, err, tc.expectedError)
+		}
 	} else {
 		assert.NoError(t, err)
 		assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 820d9f1e0..c70373f7a 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -88,11 +88,14 @@ func startCertServer() (*certServer, error) {
 
 func addProxyVars(p *test_project.TestProject) {
 	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
-		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST=%s", idx, k.RESTConfig().Host))
-		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE=%s", idx, "kube-system"))
-		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME=%s", idx, "sealed-secrets-controller"))
-		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT=%s", idx, "http"))
-		p.AddExtraEnv(fmt.Sprintf("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL=%s", idx, cs.url))
+		setEnv := func(k string, v string) {
+			p.SetEnv(fmt.Sprintf(k, idx), v)
+		}
+		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST", k.RESTConfig().Host)
+		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE", "kube-system")
+		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME", "sealed-secrets-controller")
+		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT", "http")
+		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL", cs.url)
 	}
 	f(0, defaultCluster1, certServer1)
 	f(1, defaultCluster2, certServer2)
@@ -536,7 +539,7 @@ func TestSeal_Vault(t *testing.T) {
 			}),
 		}, true)
 
-	p.AddExtraEnv("VAULT_TOKEN=root")
+	p.SetEnv("VAULT_TOKEN", "root")
 	p.KluctlMust("seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 6a8d99f6a..6392a24e0 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -1,7 +1,6 @@
 package e2e
 
 import (
-	"fmt"
 	"github.com/getsops/sops/v3/age"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
@@ -13,7 +12,7 @@ import (
 
 func setSopsKey(p *test_project.TestProject) {
 	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
-	p.AddExtraEnv(fmt.Sprintf("%s=%s", age.SopsAgeKeyEnv, string(key)))
+	p.SetEnv(age.SopsAgeKeyEnv, string(key))
 }
 
 func TestSopsVars(t *testing.T) {
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 1d7dad655..c95d46156 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -7,6 +7,7 @@ import (
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	registry2 "helm.sh/helm/v3/pkg/registry"
@@ -23,7 +24,7 @@ import (
 type TestProject struct {
 	t *testing.T
 
-	extraEnv   []string
+	extraEnv   utils.OrderedMap[string, string]
 	useProcess bool
 	bare       bool
 
@@ -91,6 +92,10 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	return p
 }
 
+func (p *TestProject) IsUseProcess() bool {
+	return p.useProcess
+}
+
 func (p *TestProject) GitServer() *git2.TestGitServer {
 	return p.gitServer
 }
@@ -109,15 +114,15 @@ func (p *TestProject) TestSlug() string {
 	return strings.Join(x, "-")
 }
 
-func (p TestProject) Discriminator(targetName string) string {
+func (p *TestProject) Discriminator(targetName string) string {
 	if targetName == "" {
 		targetName = "no-name"
 	}
 	return fmt.Sprintf("%s-%s", p.TestSlug(), targetName)
 }
 
-func (p *TestProject) AddExtraEnv(e string) {
-	p.extraEnv = append(p.extraEnv, e)
+func (p *TestProject) SetEnv(k string, v string) {
+	p.extraEnv.Set(k, v)
 }
 
 func (p *TestProject) UpdateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
@@ -456,7 +461,9 @@ func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	args = append(args, "--debug")
 
 	env := os.Environ()
-	env = append(env, p.extraEnv...)
+	p.extraEnv.ForEach(func(k string, v string) {
+		env = append(env, fmt.Sprintf("%s=%s", k, v))
+	})
 
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
@@ -487,7 +494,7 @@ func (p *TestProject) KluctlProcessMust(argsIn ...string) (string, string) {
 }
 
 func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
-	if len(p.extraEnv) != 0 {
+	if p.extraEnv.Len() != 0 {
 		p.t.Fatal("extraEnv is only supported in KluctlProcess(...)")
 	}
 
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 6228b6e17..d7f237aa7 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -37,7 +37,7 @@ type DeploymentItem struct {
 	WaitReadiness bool
 
 	Objects []*uo.UnstructuredObject
-	Tags    *utils.OrderedMap[bool]
+	Tags    *utils.OrderedMap[string, bool]
 
 	RenderedSourceRootDir string
 	RelToSourceItemDir    string
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index e1ef5aa7e..ef70753f1 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -340,8 +340,8 @@ func (p *DeploymentProject) getOverrideNamespace() *string {
 	return nil
 }
 
-func (p *DeploymentProject) getTags() *utils.OrderedMap[bool] {
-	var tags utils.OrderedMap[bool]
+func (p *DeploymentProject) getTags() *utils.OrderedMap[string, bool] {
+	var tags utils.OrderedMap[string, bool]
 	for _, e := range p.getParents() {
 		if e.inc != nil {
 			tags.SetMultiple(e.inc.Tags, true)
diff --git a/pkg/utils/ordered_map.go b/pkg/utils/ordered_map.go
index 9c634173d..f4b61fb2b 100644
--- a/pkg/utils/ordered_map.go
+++ b/pkg/utils/ordered_map.go
@@ -1,66 +1,76 @@
 package utils
 
-type orderedMapEntry[T any] struct {
-	k string
-	v T
+type orderedMapEntry[K comparable, V any] struct {
+	k K
+	v V
 }
 
-type OrderedMap[T any] struct {
-	m map[string]int
-	l []orderedMapEntry[T]
+type OrderedMap[K comparable, V any] struct {
+	m map[K]int
+	l []orderedMapEntry[K, V]
 }
 
-func (s *OrderedMap[T]) Set(k string, v T) bool {
+func (s *OrderedMap[K, V]) ForEach(cb func(k K, v V)) {
+	for _, kv := range s.l {
+		cb(kv.k, kv.v)
+	}
+}
+
+func (s *OrderedMap[K, V]) Set(k K, v V) bool {
 	if s.m == nil {
-		s.m = map[string]int{k: 0}
+		s.m = map[K]int{k: 0}
 	} else {
 		if _, ok := s.m[k]; ok {
 			return false
 		}
 		s.m[k] = len(s.l)
 	}
-	s.l = append(s.l, orderedMapEntry[T]{k: k, v: v})
+	s.l = append(s.l, orderedMapEntry[K, V]{k: k, v: v})
 	return true
 }
 
-func (s *OrderedMap[T]) SetMultiple(k []string, v T) {
+func (s *OrderedMap[K, V]) SetMultiple(k []K, v V) {
 	for _, x := range k {
 		s.Set(x, v)
 	}
 }
 
-func (s *OrderedMap[T]) Has(v string) bool {
-	_, ok := s.m[v]
+func (s *OrderedMap[K, V]) Has(k K) bool {
+	_, ok := s.m[k]
 	return ok
 }
 
-func (s *OrderedMap[T]) Get(v string) (T, bool) {
-	i, ok := s.m[v]
+func (s *OrderedMap[K, V]) Get(k K) (V, bool) {
+	i, ok := s.m[k]
 	if !ok {
-		var n T
+		var n V
 		return n, ok
 	}
 	return s.l[i].v, true
 }
 
-func (s *OrderedMap[T]) ListKeys() []string {
-	l := make([]string, len(s.l))
+func (s *OrderedMap[K, V]) ListKeys() []K {
+	l := make([]K, len(s.l))
 	for i, e := range s.l {
 		l[i] = e.k
 	}
 	return l
 }
 
-func (s *OrderedMap[T]) ListValues() []T {
-	l := make([]T, len(s.l))
+func (s *OrderedMap[K, V]) ListValues() []V {
+	l := make([]V, len(s.l))
 	for i, e := range s.l {
 		l[i] = e.v
 	}
 	return l
 }
 
-func (s *OrderedMap[T]) Merge(other *OrderedMap[T]) {
+func (s *OrderedMap[K, V]) Merge(other *OrderedMap[K, V]) {
 	for _, e := range other.l {
 		s.Set(e.k, e.v)
 	}
 }
+
+func (s *OrderedMap[K, V]) Len() int {
+	return len(s.l)
+}

From 05a4c28a283dbe5e635bff40198e989bc09e2d0f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 17:28:45 +0200
Subject: [PATCH 1779/2268] tests: Log waitForReconcile being finished

---
 e2e/gitops_suite_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index fb8f54a0b..cee8ff0ef 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -161,6 +161,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 			suite.T().Logf("%s: request processing not finished yet", reconcileId)
 			return false
 		}
+		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
 }

From 261e25fabccb2e1823f593c939093c5c400c1c98 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 24 Oct 2023 17:31:49 +0200
Subject: [PATCH 1780/2268] refactor: Move loading of
 project/target/targetContext into own func

---
 pkg/controllers/kluctl_project.go             | 34 ++++++++----
 .../kluctldeployment_controller.go            | 55 +++----------------
 .../kluctldeployment_controller_reconcile.go  | 21 +++++++
 .../kluctldeployment_controller_status.go     | 27 +++++++++
 4 files changed, 78 insertions(+), 59 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index a1c49356a..37bf9c9e4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -11,6 +11,7 @@ import (
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -49,6 +50,7 @@ type preparedProject struct {
 
 	startTime time.Time
 
+	j2    *jinja2.Jinja2
 	gitRP *repocache.GitRepoCache
 	ociRP *repocache.OciRepoCache
 
@@ -72,18 +74,13 @@ func prepareProject(ctx context.Context,
 	obj *kluctlv1.KluctlDeployment,
 	doCloneSource bool) (*preparedProject, error) {
 
+	cleanup := true
+
 	pp := &preparedProject{
 		r:         r,
 		obj:       obj,
 		startTime: time.Now(),
 	}
-
-	// create tmp dir
-	tmpDir, err := os.MkdirTemp("", obj.GetName()+"-")
-	if err != nil {
-		return pp, fmt.Errorf("failed to create temp dir for kluctl project: %w", err)
-	}
-	cleanup := true
 	defer func() {
 		if !cleanup {
 			return
@@ -91,7 +88,17 @@ func prepareProject(ctx context.Context,
 		pp.cleanup()
 	}()
 
-	pp.tmpDir = tmpDir
+	var err error
+	pp.j2, err = kluctl_jinja2.NewKluctlJinja2(true)
+	if err != nil {
+		return nil, err
+	}
+
+	// create tmp dir
+	pp.tmpDir, err = os.MkdirTemp("", obj.GetName()+"-")
+	if err != nil {
+		return pp, fmt.Errorf("failed to create temp dir for kluctl project: %w", err)
+	}
 
 	pp.soClients, err = r.buildSourceOverridesClients(ctx, obj)
 	if err != nil {
@@ -184,7 +191,9 @@ func prepareProject(ctx context.Context,
 }
 
 func (pp *preparedProject) cleanup() {
-	_ = os.RemoveAll(pp.tmpDir)
+	if pp.tmpDir != "" {
+		_ = os.RemoveAll(pp.tmpDir)
+	}
 	if pp.gitRP != nil {
 		pp.gitRP.Clear()
 		pp.gitRP = nil
@@ -193,6 +202,9 @@ func (pp *preparedProject) cleanup() {
 		_ = c.Close()
 		c.Cleanup()
 	}
+	if pp.j2 != nil {
+		pp.j2.Close()
+	}
 }
 
 func (pp *preparedProject) newTarget() *preparedTarget {
@@ -555,7 +567,7 @@ func (pp *preparedProject) addServiceAccountBasedKeyServers(ctx context.Context,
 	return nil
 }
 
-func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTarget, j2 *jinja2.Jinja2) (*kluctl_project.LoadedKluctlProject, error) {
+func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTarget) (*kluctl_project.LoadedKluctlProject, error) {
 	var err error
 
 	var externalArgs *uo.UnstructuredObject
@@ -580,7 +592,7 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 		loadArgs.ClientConfigGetter = pt.clientConfigGetter(ctx)
 	}
 
-	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, filepath.Join(pp.tmpDir, "project"), j2)
+	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, filepath.Join(pp.tmpDir, "project"), pp.j2)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 68fbbfe40..ee8da8bf3 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -9,7 +9,6 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
@@ -271,11 +270,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	}
 
 	finishAllRequestsWithError := func(errIn error) error {
-		retErr := errIn
-		err := r.patchFailPrepare(ctx, obj, errIn)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
+		retErr := r.patchFailPrepare(ctx, obj, errIn)
 		err = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", errIn, setReconcileRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
@@ -304,7 +299,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastHandledPruneAt = ""
 	obj.Status.LastHandledValidateAt = ""
 
-	patchErr = r.patchProgressingCondition(ctx, obj, "Preparing project", true)
+	patchErr = r.patchProgressingCondition(ctx, obj, "Loading project and target", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
@@ -318,52 +313,16 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	defer cancel()
 
 	obj.Status.LastPrepareError = ""
-	pp, err := prepareProject(timeoutCtx, r, obj, true)
-	if err != nil {
-		return nil, finishAllRequestsWithError(err)
+	pp, pt, targetContext, err := r.prepareProjectAndTarget(timeoutCtx, obj)
+	if pp != nil {
+		obj.Status.ObservedCommit = pp.co.CheckedOutCommit
+		defer pp.cleanup()
 	}
-	defer pp.cleanup()
-
-	patchErr = r.patchProgressingCondition(ctx, obj, "Loading project and target", true)
-	if patchErr != nil {
-		return nil, patchErr
-	}
-
-	obj.Status.ObservedCommit = pp.co.CheckedOutCommit
-
-	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
-	if err != nil {
-		return nil, finishAllRequestsWithError(err)
-	}
-	defer j2.Close()
-
-	pt := pp.newTarget()
-
-	lp, err := pp.loadKluctlProject(timeoutCtx, pt, j2)
 	if err != nil {
 		return nil, finishAllRequestsWithError(err)
 	}
 
-	targetContext, err := pt.loadTarget(timeoutCtx, lp)
-	if targetContext != nil {
-		clusterId, err := targetContext.SharedContext.K.GetClusterId()
-		if err != nil {
-			return nil, finishAllRequestsWithError(err)
-		}
-		newTargetKey := result.TargetKey{
-			TargetName:    targetContext.Target.Name,
-			Discriminator: targetContext.Target.Discriminator,
-			ClusterId:     clusterId,
-		}
-		// we patch the targetKey immediately so that the webui knows it asap
-		if obj.Status.TargetKey == nil || *obj.Status.TargetKey != newTargetKey {
-			patchErr = r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-				status.TargetKey = &newTargetKey
-				return nil
-			})
-		}
-		obj.Status.TargetKey = &newTargetKey
-	}
+	err = r.patchTargetKey(ctx, obj, targetContext)
 	if err != nil {
 		return nil, finishAllRequestsWithError(err)
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 7e67f734e..d68c91ea8 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -3,6 +3,7 @@ package controllers
 import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -75,3 +76,23 @@ func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Conte
 		return nil
 	})
 }
+
+func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context, obj *kluctlv1.KluctlDeployment) (*preparedProject, *preparedTarget, *kluctl_project.TargetContext, error) {
+	pp, err := prepareProject(ctx, r, obj, true)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	pt := pp.newTarget()
+
+	lp, err := pp.loadKluctlProject(ctx, pt)
+	if err != nil {
+		return pp, pt, nil, err
+	}
+
+	targetContext, err := pt.loadTarget(ctx, lp)
+	if err != nil {
+		return pp, pt, nil, err
+	}
+	return pp, pt, targetContext, err
+}
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 0e2be91f1..005057c4d 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -6,6 +6,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
@@ -109,6 +110,32 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 	return nil
 }
 
+func (r *KluctlDeploymentReconciler) patchTargetKey(ctx context.Context, obj *kluctlv1.KluctlDeployment, targetContext *kluctl_project.TargetContext) error {
+	key := client.ObjectKeyFromObject(obj)
+
+	clusterId, err := targetContext.SharedContext.K.GetClusterId()
+	if err != nil {
+		return err
+	}
+	newTargetKey := result.TargetKey{
+		TargetName:    targetContext.Target.Name,
+		Discriminator: targetContext.Target.Discriminator,
+		ClusterId:     clusterId,
+	}
+	// we patch the targetKey immediately so that the webui knows it asap
+	if obj.Status.TargetKey == nil || *obj.Status.TargetKey != newTargetKey {
+		patchErr := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			status.TargetKey = &newTargetKey
+			return nil
+		})
+		if patchErr != nil {
+			return patchErr
+		}
+	}
+	obj.Status.TargetKey = &newTargetKey
+	return nil
+}
+
 func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
 	backoff := wait.Backoff{
 		Steps:    5,

From b669c44fba5d2b1f3a91413c5cd15a0119c123f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 08:45:23 +0200
Subject: [PATCH 1781/2268] feat: Perform manual request reconciliation outside
 of the normal loop

---
 api/v1beta1/condition_types.go                |   8 +
 .../kluctldeployment_controller.go            | 161 ++-----------
 .../kluctldeployment_controller_reconcile.go  | 217 ++++++++++++++++++
 3 files changed, 248 insertions(+), 138 deletions(-)

diff --git a/api/v1beta1/condition_types.go b/api/v1beta1/condition_types.go
index 6a0711228..6db9f66bd 100644
--- a/api/v1beta1/condition_types.go
+++ b/api/v1beta1/condition_types.go
@@ -17,10 +17,18 @@ limitations under the License.
 package v1beta1
 
 const (
+	// DiffFailedReason represents the fact that the
+	// kluctl diff command failed.
+	DiffFailedReason string = "DiffFailed"
+
 	// DeployFailedReason represents the fact that the
 	// kluctl deploy command failed.
 	DeployFailedReason string = "DeployFailed"
 
+	// PruneFailedReason represents the fact that the
+	// kluctl prune command failed.
+	PruneFailedReason string = "PruneFailed"
+
 	// ValidateFailedReason represents the fact that the
 	// validate of the KluctlDeployment failed.
 	ValidateFailedReason string = "ValidateFailed"
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index ee8da8bf3..f8a1611ed 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -214,104 +214,55 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, patchErr
 	}
 
-	err := r.applyOnetimePatch(ctx, obj)
+	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
+	defer cancel()
+
+	err := r.patchProjectKey(ctx, obj)
+	if err != nil {
+		return nil, r.patchFailPrepare(ctx, obj, err)
+	}
+
+	err = r.applyOnetimePatch(ctx, obj)
 	if err != nil {
 		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 
+	processed, err := r.reconcileManualRequests(ctx, timeoutCtx, obj, reconcileId)
+	if err != nil {
+		return nil, err
+	}
+	if processed {
+		// immediately cause another reconcile loop to ensure we didn't miss regular reconciliation
+		return &ctrl.Result{Requeue: true}, nil
+	}
+
 	oldGeneration := obj.Status.ObservedGeneration
 	obj.Status.ObservedGeneration = obj.GetGeneration()
 
 	setReconcileRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
 		status.ReconcileRequestResult = requestResult
 	}
-	setDiffRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.DiffRequestResult = requestResult
-	}
-	setDeployRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.DeployRequestResult = requestResult
-	}
-	setPruneRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.PruneRequestResult = requestResult
-	}
-	setValidateRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.ValidateRequestResult = requestResult
-	}
-
 	curReconcileRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ReconcileRequestResult, kluctlv1.KluctlRequestReconcileAnnotation, setReconcileRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
 		return status.LastHandledReconcileAt
 	})
 	if err != nil {
 		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
-	curDiffRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, kluctlv1.KluctlRequestDiffAnnotation, setDiffRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return ""
-	})
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
-	curDeployRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DeployRequestResult, kluctlv1.KluctlRequestDeployAnnotation, setDeployRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledDeployAt
-	})
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
-	curPruneRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.PruneRequestResult, kluctlv1.KluctlRequestPruneAnnotation, setPruneRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledPruneAt
-	})
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
-	curValidateRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ValidateRequestResult, kluctlv1.KluctlRequestValidateAnnotation, setValidateRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledValidateAt
-	})
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
 
-	finishAllRequestsWithError := func(errIn error) error {
+	finishReconcileRequestWithError := func(errIn error) error {
 		retErr := r.patchFailPrepare(ctx, obj, errIn)
 		err = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", errIn, setReconcileRequestResult)
 		if err != nil {
 			retErr = multierror.Append(retErr, err)
 		}
-		err = r.finishHandleManualRequest(ctx, obj, curDiffRequest, "", errIn, setDiffRequestResult)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
-		err = r.finishHandleManualRequest(ctx, obj, curDeployRequest, "", errIn, setDeployRequestResult)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
-		err = r.finishHandleManualRequest(ctx, obj, curPruneRequest, "", errIn, setPruneRequestResult)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
-		err = r.finishHandleManualRequest(ctx, obj, curValidateRequest, "", errIn, setValidateRequestResult)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
 		return retErr
 	}
 
-	obj.Status.LastHandledReconcileAt = ""
-	obj.Status.LastHandledDeployAt = ""
-	obj.Status.LastHandledPruneAt = ""
-	obj.Status.LastHandledValidateAt = ""
-
 	patchErr = r.patchProgressingCondition(ctx, obj, "Loading project and target", true)
 	if patchErr != nil {
 		return nil, patchErr
 	}
 
-	err = r.patchProjectKey(ctx, obj)
-	if err != nil {
-		return nil, finishAllRequestsWithError(err)
-	}
-
-	timeoutCtx, cancel := context.WithTimeout(ctx, r.calcTimeout(obj))
-	defer cancel()
-
 	obj.Status.LastPrepareError = ""
 	pp, pt, targetContext, err := r.prepareProjectAndTarget(timeoutCtx, obj)
 	if pp != nil {
@@ -319,39 +270,29 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		defer pp.cleanup()
 	}
 	if err != nil {
-		return nil, finishAllRequestsWithError(err)
+		return nil, finishReconcileRequestWithError(err)
 	}
 
 	err = r.patchTargetKey(ctx, obj, targetContext)
 	if err != nil {
-		return nil, finishAllRequestsWithError(err)
+		return nil, finishReconcileRequestWithError(err)
 	}
 
 	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
 	if err != nil {
-		return nil, finishAllRequestsWithError(err)
+		return nil, finishReconcileRequestWithError(err)
 	}
 
-	needDiff := false
 	needDeploy := false
-	needPrune := false
 	needValidate := false
 	needDriftDetection := true
 
-	if curDiffRequest != nil {
-		// explicitly requested a diff
-		needDiff = true
-	}
-
 	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
 		// either never deployed or source code changed
 		needDeploy = true
 	} else if obj.Spec.Manual && !utils.StrPtrEquals(obj.Status.LastManualObjectsHash, obj.Spec.ManualObjectsHash) {
 		// approval hash was changed
 		needDeploy = true
-	} else if curDeployRequest != nil {
-		// explicitly requested a deploy
-		needDeploy = true
 	} else if oldGeneration != obj.GetGeneration() {
 		// spec has changed
 		needDeploy = true
@@ -373,18 +314,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		}
 	}
 
-	if curPruneRequest != nil {
-		// explicitly requested a prune
-		needPrune = true
-	}
-
 	if obj.Spec.Validate {
 		if obj.Status.LastValidateResult == nil || needDeploy {
 			// either never validated before or a deployment requested (which required re-validation)
 			needValidate = true
-		} else if curValidateRequest != nil {
-			// explicitly requested a validate
-			needValidate = true
 		} else {
 			nextValidateTime := r.nextValidateTime(obj)
 			if nextValidateTime != nil {
@@ -404,24 +337,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj.Status.LastObjectsHash = objectsHash
 	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 
-	if needDiff {
-		patchErr = r.patchProgressingCondition(ctx, obj, "Performing diff", false)
-		if patchErr != nil {
-			return nil, patchErr
-		}
-
-		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
-		err = obj.Status.SetLastDiffResult(diffResult.BuildSummary(), cmdErr)
-		if err != nil {
-			log.Error(err, "Failed to write diff result")
-		}
-
-		err = r.finishHandleManualRequest(ctx, obj, curDiffRequest, diffResult.Id, cmdErr, setDiffRequestResult)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	var deployResult *result.CommandResult
 	if needDeploy {
 		patchErr = r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
@@ -429,7 +344,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 			return nil, patchErr
 		}
 		var cmdErr error
-		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, curDeployRequest != nil)
+		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, false)
 		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
@@ -441,31 +356,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		} else {
 			r.updateResourceVersions(key, deployResult.Objects, nil)
 		}
-
-		err = r.finishHandleManualRequest(ctx, obj, curDeployRequest, deployResult.Id, cmdErr, setDeployRequestResult)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if needPrune {
-		patchErr = r.patchProgressingCondition(ctx, obj, "Performing kluctl prune", false)
-		if patchErr != nil {
-			return nil, patchErr
-		}
-		pruneResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
-		err = obj.Status.SetLastDeployResult(pruneResult.BuildSummary(), cmdErr)
-		if err != nil {
-			log.Error(err, "Failed to write prune result")
-		}
-
-		// force full drift detection
-		r.updateResourceVersions(key, nil, nil)
-
-		err = r.finishHandleManualRequest(ctx, obj, curPruneRequest, pruneResult.Id, cmdErr, setPruneRequestResult)
-		if err != nil {
-			return nil, err
-		}
 	}
 
 	if needValidate {
@@ -478,11 +368,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		if err != nil {
 			log.Error(err, "Failed to write validate result")
 		}
-
-		err = r.finishHandleManualRequest(ctx, obj, curValidateRequest, validateResult.Id, cmdErr, setValidateRequestResult)
-		if err != nil {
-			return nil, err
-		}
 	}
 
 	if needDriftDetection {
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index d68c91ea8..b490a12bb 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -2,9 +2,13 @@ package controllers
 
 import (
 	"context"
+	"fmt"
+	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -96,3 +100,216 @@ func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context
 	}
 	return pp, pt, targetContext, err
 }
+
+type reconcileCallback func(targetContext *kluctl_project.TargetContext,
+	pt *preparedTarget, reconcileID string, objectsHash string) (any, error)
+
+func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string,
+	commandName string, annotationName string, failReason string,
+	setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback,
+	reconcileRequest reconcileCallback,
+) (bool, error) {
+	req, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, annotationName, setResult, getLegacyOldValue)
+	if err != nil {
+		return false, r.patchFailPrepare(ctx, obj, err)
+	}
+	if req == nil {
+		return false, nil
+	}
+
+	doError := func(resultId string, err error) (bool, error) {
+		err2 := r.patchFailPrepare(ctx, obj, err)
+		if err2 != nil {
+			err = multierror.Append(err, err2)
+		}
+		err2 = r.finishHandleManualRequest(ctx, obj, req, resultId, err, setResult)
+		if err2 != nil {
+			err = multierror.Append(err, err2)
+		}
+		return true, err
+	}
+
+	pp, pt, targetContext, err := r.prepareProjectAndTarget(timeoutCtx, obj)
+	if pp != nil {
+		obj.Status.ObservedCommit = pp.co.CheckedOutCommit
+		defer pp.cleanup()
+	}
+	if err != nil {
+		return doError("", err)
+	}
+
+	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
+	if err != nil {
+		return doError("", err)
+	}
+
+	err = r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing %s", commandName), false)
+	if err != nil {
+		return doError("", err)
+	}
+
+	cmdResult, cmdErr := reconcileRequest(targetContext, pt, reconcileId, objectsHash)
+
+	resultId := ""
+	if x, ok := cmdResult.(*result.CommandResult); ok {
+		resultId = x.Id
+	}
+	if x, ok := cmdResult.(*result.ValidateResult); ok {
+		resultId = x.Id
+	}
+
+	err = r.finishHandleManualRequest(ctx, obj, req, resultId, cmdErr, setResult)
+	if err != nil {
+		if cmdErr != nil {
+			err = multierror.Append(err, cmdErr)
+		}
+		return true, r.patchFail(ctx, obj, failReason, err)
+	}
+
+	return true, nil
+}
+
+func (r *KluctlDeploymentReconciler) reconcileManualRequests(ctx context.Context, timeoutCtx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+	processed, err := r.reconcileDiffRequest(ctx, timeoutCtx, obj, reconcileId)
+	if err != nil {
+		return false, r.patchFailPrepare(ctx, obj, err)
+	}
+	if processed {
+		return true, nil
+	}
+
+	processed, err = r.reconcileDeployRequest(ctx, timeoutCtx, obj, reconcileId)
+	if err != nil {
+		return true, r.patchFailPrepare(ctx, obj, err)
+	}
+	if processed {
+		return true, nil
+	}
+
+	processed, err = r.reconcilePruneRequest(ctx, timeoutCtx, obj, reconcileId)
+	if err != nil {
+		return true, r.patchFailPrepare(ctx, obj, err)
+	}
+	if processed {
+		return true, nil
+	}
+
+	processed, err = r.reconcileValidateRequest(ctx, timeoutCtx, obj, reconcileId)
+	if err != nil {
+		return true, r.patchFailPrepare(ctx, obj, err)
+	}
+	if processed {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+	log := ctrl.LoggerFrom(ctx)
+
+	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.DiffRequestResult = requestResult
+	}
+	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return ""
+	}
+
+	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
+		"diff", kluctlv1.KluctlRequestDiffAnnotation, kluctlv1.DiffFailedReason,
+		setRequestResult, getLegacyOldValue,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
+			err := obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
+			if err != nil {
+				log.Error(err, "Failed to write diff result")
+			}
+			return cmdResult, err
+		})
+}
+
+func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+	log := ctrl.LoggerFrom(ctx)
+
+	defer func() {
+		obj.Status.LastHandledDeployAt = ""
+	}()
+
+	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.DeployRequestResult = requestResult
+	}
+	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledDeployAt
+	}
+
+	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
+		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation, kluctlv1.DeployFailedReason,
+		setRequestResult, getLegacyOldValue,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, true)
+			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
+			if err != nil {
+				log.Error(err, "Failed to write deploy result")
+			}
+			return cmdResult, err
+		})
+}
+
+func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+	log := ctrl.LoggerFrom(ctx)
+
+	defer func() {
+		obj.Status.LastHandledPruneAt = ""
+	}()
+
+	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.PruneRequestResult = requestResult
+	}
+	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledPruneAt
+	}
+
+	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
+		"prune", kluctlv1.KluctlRequestPruneAnnotation, kluctlv1.PruneFailedReason,
+		setRequestResult, getLegacyOldValue,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
+			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
+			if err != nil {
+				log.Error(err, "Failed to write prune result")
+			}
+			return cmdResult, err
+		})
+}
+
+func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+	log := ctrl.LoggerFrom(ctx)
+
+	defer func() {
+		obj.Status.LastHandledValidateAt = ""
+	}()
+
+	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.ValidateRequestResult = requestResult
+	}
+	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledValidateAt
+	}
+
+	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
+		"validate", kluctlv1.KluctlRequestValidateAnnotation, kluctlv1.ValidateFailedReason,
+		setRequestResult, getLegacyOldValue,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil, reconcileId, objectsHash)
+			err := obj.Status.SetLastValidateResult(cmdResult, cmdErr)
+			if err != nil {
+				log.Error(err, "Failed to write validate result")
+			}
+			return cmdResult, err
+		})
+}

From 47a92c27a0298150ff4538c48a364f8f5c256676 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 09:19:37 +0200
Subject: [PATCH 1782/2268] refactor: Move full reconile handler into own func

---
 .../kluctldeployment_controller.go            | 166 +---------------
 .../kluctldeployment_controller_reconcile.go  | 186 ++++++++++++++++--
 2 files changed, 167 insertions(+), 185 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index f8a1611ed..673acf25f 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -13,7 +13,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -204,9 +203,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj *kluctlv1.KluctlDeployment,
 	reconcileId string) (*ctrl.Result, error) {
 
-	log := ctrl.LoggerFrom(ctx)
-	key := client.ObjectKeyFromObject(obj)
-
 	r.exportDeploymentObjectToProm(obj)
 
 	patchErr := r.patchProgressingCondition(ctx, obj, "Initializing", true)
@@ -236,156 +232,9 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return &ctrl.Result{Requeue: true}, nil
 	}
 
-	oldGeneration := obj.Status.ObservedGeneration
-	obj.Status.ObservedGeneration = obj.GetGeneration()
-
-	setReconcileRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.ReconcileRequestResult = requestResult
-	}
-	curReconcileRequest, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.ReconcileRequestResult, kluctlv1.KluctlRequestReconcileAnnotation, setReconcileRequestResult, func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledReconcileAt
-	})
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
-
-	finishReconcileRequestWithError := func(errIn error) error {
-		retErr := r.patchFailPrepare(ctx, obj, errIn)
-		err = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", errIn, setReconcileRequestResult)
-		if err != nil {
-			retErr = multierror.Append(retErr, err)
-		}
-		return retErr
-	}
-
-	patchErr = r.patchProgressingCondition(ctx, obj, "Loading project and target", true)
-	if patchErr != nil {
-		return nil, patchErr
-	}
-
-	obj.Status.LastPrepareError = ""
-	pp, pt, targetContext, err := r.prepareProjectAndTarget(timeoutCtx, obj)
-	if pp != nil {
-		obj.Status.ObservedCommit = pp.co.CheckedOutCommit
-		defer pp.cleanup()
-	}
-	if err != nil {
-		return nil, finishReconcileRequestWithError(err)
-	}
-
-	err = r.patchTargetKey(ctx, obj, targetContext)
-	if err != nil {
-		return nil, finishReconcileRequestWithError(err)
-	}
-
-	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
+	_, err = r.reconcileFullRequest(ctx, timeoutCtx, obj, reconcileId)
 	if err != nil {
-		return nil, finishReconcileRequestWithError(err)
-	}
-
-	needDeploy := false
-	needValidate := false
-	needDriftDetection := true
-
-	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
-		// either never deployed or source code changed
-		needDeploy = true
-	} else if obj.Spec.Manual && !utils.StrPtrEquals(obj.Status.LastManualObjectsHash, obj.Spec.ManualObjectsHash) {
-		// approval hash was changed
-		needDeploy = true
-	} else if oldGeneration != obj.GetGeneration() {
-		// spec has changed
-		needDeploy = true
-	} else {
-		// was deployed before, let's check if we need to do periodic deployments
-		nextDeployTime := r.nextDeployTime(obj)
-		if nextDeployTime != nil {
-			needDeploy = nextDeployTime.Before(time.Now())
-		}
-	}
-
-	if needDeploy && obj.Spec.Manual {
-		log.Info("checking manual object hash")
-		if obj.Spec.ManualObjectsHash == nil || *obj.Spec.ManualObjectsHash != objectsHash {
-			log.Info("deployment is not approved", "manualObjectsHash", obj.Spec.ManualObjectsHash, "objectsHash", objectsHash)
-			needDeploy = false
-		} else {
-			log.Info("deployment is approved", "objectsHash", objectsHash)
-		}
-	}
-
-	if obj.Spec.Validate {
-		if obj.Status.LastValidateResult == nil || needDeploy {
-			// either never validated before or a deployment requested (which required re-validation)
-			needValidate = true
-		} else {
-			nextValidateTime := r.nextValidateTime(obj)
-			if nextValidateTime != nil {
-				needValidate = nextValidateTime.Before(time.Now())
-			}
-		}
-	} else {
-		obj.Status.LastValidateResult = nil
-		obj.Status.LastValidateError = ""
-	}
-
-	if !needDeploy && obj.Status.LastObjectsHash != objectsHash {
-		// force full drift detection as we can't know which objects changed in-between
-		r.updateResourceVersions(key, nil, nil)
-	}
-
-	obj.Status.LastObjectsHash = objectsHash
-	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
-
-	var deployResult *result.CommandResult
-	if needDeploy {
-		patchErr = r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
-		if patchErr != nil {
-			return nil, patchErr
-		}
-		var cmdErr error
-		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, false)
-		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
-		if err != nil {
-			log.Error(err, "Failed to write deploy result")
-		}
-
-		if obj.Spec.DryRun {
-			// force full drift detection (otherwise we'd see the dry-run applied changes as non-drifted)
-			r.updateResourceVersions(key, nil, nil)
-		} else {
-			r.updateResourceVersions(key, deployResult.Objects, nil)
-		}
-	}
-
-	if needValidate {
-		patchErr = r.patchProgressingCondition(ctx, obj, "Performing kluctl validate", false)
-		if patchErr != nil {
-			return nil, patchErr
-		}
-		validateResult, cmdErr := pt.kluctlValidate(ctx, targetContext, deployResult, reconcileId, objectsHash)
-		err = obj.Status.SetLastValidateResult(validateResult, cmdErr)
-		if err != nil {
-			log.Error(err, "Failed to write validate result")
-		}
-	}
-
-	if needDriftDetection {
-		patchErr = r.patchProgressingCondition(ctx, obj, "Performing drift detection", false)
-		if patchErr != nil {
-			return nil, patchErr
-		}
-
-		resourceVersions := r.getResourceVersions(key)
-
-		diffResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, resourceVersions, false)
-		driftDetectionResult := diffResult.BuildDriftDetectionResult()
-		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
-		if err != nil {
-			log.Error(err, "Failed to write drift detection result")
-		}
-
-		r.updateResourceVersions(key, diffResult.Objects, driftDetectionResult.Objects)
+		return nil, err
 	}
 
 	var ctrlResult ctrl.Result
@@ -400,12 +249,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 		err = fmt.Errorf(finalStatus)
 
-		patchErr = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", err, setReconcileRequestResult)
-		if patchErr != nil {
-			err = multierror.Append(err, patchErr)
-			return nil, err
-		}
-
 		patchErr = r.patchReadyCondition(ctx, obj, metav1.ConditionFalse, reason, finalStatus)
 		if patchErr != nil {
 			err = multierror.Append(err, patchErr)
@@ -414,11 +257,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return &ctrlResult, err
 	}
 
-	patchErr = r.finishHandleManualRequest(ctx, obj, curReconcileRequest, "", nil, setReconcileRequestResult)
-	if patchErr != nil {
-		return nil, patchErr
-	}
-
 	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(1.0)
 	patchErr = r.patchReadyCondition(ctx, obj, metav1.ConditionTrue, reason, finalStatus)
 	if patchErr != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index b490a12bb..69eb35337 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -7,9 +7,11 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 type setResultCallback func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult)
@@ -102,19 +104,19 @@ func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context
 }
 
 type reconcileCallback func(targetContext *kluctl_project.TargetContext,
-	pt *preparedTarget, reconcileID string, objectsHash string) (any, error)
+	pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error)
 
 func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context, timeoutCtx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string,
-	commandName string, annotationName string, failReason string,
-	setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback,
+	commandName string, annotationName string,
+	setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback, force bool,
 	reconcileRequest reconcileCallback,
 ) (bool, error) {
 	req, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, annotationName, setResult, getLegacyOldValue)
 	if err != nil {
 		return false, r.patchFailPrepare(ctx, obj, err)
 	}
-	if req == nil {
+	if req == nil && !force {
 		return false, nil
 	}
 
@@ -149,7 +151,7 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		return doError("", err)
 	}
 
-	cmdResult, cmdErr := reconcileRequest(targetContext, pt, reconcileId, objectsHash)
+	cmdResult, failReason, cmdErr := reconcileRequest(targetContext, pt, reconcileId, objectsHash)
 
 	resultId := ""
 	if x, ok := cmdResult.(*result.CommandResult); ok {
@@ -218,15 +220,15 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
-		"diff", kluctlv1.KluctlRequestDiffAnnotation, kluctlv1.DiffFailedReason,
-		setRequestResult, getLegacyOldValue,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+		"diff", kluctlv1.KluctlRequestDiffAnnotation,
+		setRequestResult, getLegacyOldValue, false,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
 			err := obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
 			if err != nil {
 				log.Error(err, "Failed to write diff result")
 			}
-			return cmdResult, err
+			return cmdResult, kluctlv1.DiffFailedReason, err
 		})
 }
 
@@ -246,15 +248,15 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
-		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation, kluctlv1.DeployFailedReason,
-		setRequestResult, getLegacyOldValue,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation,
+		setRequestResult, getLegacyOldValue, false,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, true)
 			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
 			if err != nil {
 				log.Error(err, "Failed to write deploy result")
 			}
-			return cmdResult, err
+			return cmdResult, kluctlv1.DeployFailedReason, err
 		})
 }
 
@@ -274,15 +276,15 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
-		"prune", kluctlv1.KluctlRequestPruneAnnotation, kluctlv1.PruneFailedReason,
-		setRequestResult, getLegacyOldValue,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+		"prune", kluctlv1.KluctlRequestPruneAnnotation,
+		setRequestResult, getLegacyOldValue, false,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
 			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
 			if err != nil {
 				log.Error(err, "Failed to write prune result")
 			}
-			return cmdResult, err
+			return cmdResult, kluctlv1.PruneFailedReason, err
 		})
 }
 
@@ -302,14 +304,156 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
-		"validate", kluctlv1.KluctlRequestValidateAnnotation, kluctlv1.ValidateFailedReason,
-		setRequestResult, getLegacyOldValue,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, error) {
+		"validate", kluctlv1.KluctlRequestValidateAnnotation,
+		setRequestResult, getLegacyOldValue, false,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil, reconcileId, objectsHash)
 			err := obj.Status.SetLastValidateResult(cmdResult, cmdErr)
 			if err != nil {
 				log.Error(err, "Failed to write validate result")
 			}
-			return cmdResult, err
+			return cmdResult, kluctlv1.ValidateFailedReason, err
 		})
 }
+
+func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
+
+	defer func() {
+		obj.Status.LastHandledReconcileAt = ""
+		obj.Status.ObservedGeneration = obj.GetGeneration()
+	}()
+
+	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
+		status.ReconcileRequestResult = requestResult
+	}
+	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
+		return status.LastHandledReconcileAt
+	}
+
+	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
+		"reconcile", kluctlv1.KluctlRequestReconcileAnnotation,
+		setRequestResult, getLegacyOldValue, true,
+		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			return r.reconcileFullRequest2(ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
+		})
+}
+
+func (r *KluctlDeploymentReconciler) reconcileFullRequest2(ctx context.Context, timeoutCtx context.Context,
+	obj *kluctlv1.KluctlDeployment, reconcileId string, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+	key := client.ObjectKeyFromObject(obj)
+	log := ctrl.LoggerFrom(ctx)
+
+	err := r.patchTargetKey(ctx, obj, targetContext)
+	if err != nil {
+		return nil, kluctlv1.PrepareFailedReason, err
+	}
+
+	needDeploy := false
+	needValidate := false
+	needDriftDetection := true
+
+	if obj.Status.LastDeployResult == nil || obj.Status.LastObjectsHash != objectsHash {
+		// either never deployed or source code changed
+		needDeploy = true
+	} else if obj.Spec.Manual && !utils.StrPtrEquals(obj.Status.LastManualObjectsHash, obj.Spec.ManualObjectsHash) {
+		// approval hash was changed
+		needDeploy = true
+	} else if obj.Status.ObservedGeneration != obj.GetGeneration() {
+		// spec has changed
+		needDeploy = true
+	} else {
+		// was deployed before, let's check if we need to do periodic deployments
+		nextDeployTime := r.nextDeployTime(obj)
+		if nextDeployTime != nil {
+			needDeploy = nextDeployTime.Before(time.Now())
+		}
+	}
+
+	if needDeploy && obj.Spec.Manual {
+		log.Info("checking manual object hash")
+		if obj.Spec.ManualObjectsHash == nil || *obj.Spec.ManualObjectsHash != objectsHash {
+			log.Info("deployment is not approved", "manualObjectsHash", obj.Spec.ManualObjectsHash, "objectsHash", objectsHash)
+			needDeploy = false
+		} else {
+			log.Info("deployment is approved", "objectsHash", objectsHash)
+		}
+	}
+
+	if obj.Spec.Validate {
+		if obj.Status.LastValidateResult == nil || needDeploy {
+			// either never validated before or a deployment requested (which required re-validation)
+			needValidate = true
+		} else {
+			nextValidateTime := r.nextValidateTime(obj)
+			if nextValidateTime != nil {
+				needValidate = nextValidateTime.Before(time.Now())
+			}
+		}
+	} else {
+		obj.Status.LastValidateResult = nil
+		obj.Status.LastValidateError = ""
+	}
+
+	if !needDeploy && obj.Status.LastObjectsHash != objectsHash {
+		// force full drift detection as we can't know which objects changed in-between
+		r.updateResourceVersions(key, nil, nil)
+	}
+
+	obj.Status.LastObjectsHash = objectsHash
+	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
+
+	var deployResult *result.CommandResult
+	if needDeploy {
+		err := r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
+		if err != nil {
+			return nil, kluctlv1.DeployFailedReason, err
+		}
+
+		var cmdErr error
+		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(timeoutCtx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, false)
+		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
+		if err != nil {
+			log.Error(err, "Failed to write deploy result")
+		}
+
+		if obj.Spec.DryRun {
+			// force full drift detection (otherwise we'd see the dry-run applied changes as non-drifted)
+			r.updateResourceVersions(key, nil, nil)
+		} else {
+			r.updateResourceVersions(key, deployResult.Objects, nil)
+		}
+	}
+
+	if needValidate {
+		err := r.patchProgressingCondition(ctx, obj, "Performing kluctl validate", false)
+		if err != nil {
+			return nil, kluctlv1.ValidateFailedReason, err
+		}
+		validateResult, cmdErr := pt.kluctlValidate(timeoutCtx, targetContext, deployResult, reconcileId, objectsHash)
+		err = obj.Status.SetLastValidateResult(validateResult, cmdErr)
+		if err != nil {
+			log.Error(err, "Failed to write validate result")
+		}
+	}
+
+	if needDriftDetection {
+		err := r.patchProgressingCondition(ctx, obj, "Performing drift detection", false)
+		if err != nil {
+			return nil, kluctlv1.DiffFailedReason, err
+		}
+
+		resourceVersions := r.getResourceVersions(key)
+
+		diffResult, cmdErr := pt.kluctlDiff(timeoutCtx, targetContext, reconcileId, objectsHash, resourceVersions, false)
+		driftDetectionResult := diffResult.BuildDriftDetectionResult()
+		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
+		if err != nil {
+			log.Error(err, "Failed to write drift detection result")
+		}
+
+		r.updateResourceVersions(key, diffResult.Objects, driftDetectionResult.Objects)
+	}
+
+	return nil, "", nil
+}

From fffd97063c636f14413eab1a85b6ad6b33b05d2a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 09:31:40 +0200
Subject: [PATCH 1783/2268] tests: Return KluctlDeployment from waitXXX funcs
 and use them for assertions

---
 e2e/gitops_oci_include_test.go |  8 ++------
 e2e/gitops_suite_test.go       | 10 ++++++----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index e11ff8cbb..490666508 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -153,13 +153,9 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	g.Expect(err).To(Succeed())
 
 	suite.Run("retry with authentication", func() {
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
-
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
 	})
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index cee8ff0ef..86e2625cc 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -142,15 +142,15 @@ func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
 	return reconcileId
 }
 
-func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
+func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) *kluctlv1.KluctlDeployment {
 	g := gomega.NewWithT(suite.T())
 
 	reconcileId := suite.triggerReconcile(key)
 
 	suite.T().Logf("%s: waiting for reconcile to finish", reconcileId)
 
+	var kd kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
-		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.TODO(), key, &kd)
 		g.Expect(err).To(Succeed())
 		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
@@ -164,17 +164,18 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) {
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
+	return &kd
 }
 
-func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) {
+func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) *kluctlv1.KluctlDeployment {
 	g := gomega.NewWithT(suite.T())
 
 	reconcileId := suite.triggerReconcile(key)
 
 	suite.T().Logf("%s: waiting for commit %s", reconcileId, commit)
 
+	var kd kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
-		var kd kluctlv1.KluctlDeployment
 		err := suite.k.Client.Get(context.Background(), key, &kd)
 		g.Expect(err).To(Succeed())
 		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
@@ -192,6 +193,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
+	return &kd
 }
 
 func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {

From 0be477d86b6f22a4fe5c5b9b77025573f9b4799d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 10:18:46 +0200
Subject: [PATCH 1784/2268] tests: Introduce and use getKluctlDeployment

---
 e2e/gitops_errors_test.go       |  10 ++-
 e2e/gitops_git_include_test.go  | 117 +++++++++++++-------------------
 e2e/gitops_helm_test.go         |   7 +-
 e2e/gitops_oci_include_test.go  |  56 +++++++--------
 e2e/gitops_prune_delete_test.go |  18 ++---
 e2e/gitops_suite_test.go        |  48 ++++++++-----
 6 files changed, 112 insertions(+), 144 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 355ba3b78..3b6d71503 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -30,18 +30,16 @@ func TestGitOpsErrors(t *testing.T) {
 func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
 	g := NewWithT(suite.T())
 
-	var kd kluctlv1.KluctlDeployment
+	var kd *kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
-		err := suite.k.Client.Get(context.TODO(), key, &kd)
-		g.Expect(err).To(Succeed())
-
-		readiness := suite.getReadiness(&kd)
+		kd = suite.getKluctlDeployment(key)
+		readiness := suite.getReadiness(kd)
 		return readiness.Status != metav1.ConditionUnknown
 	}, timeout, time.Second).Should(BeTrue())
 
 	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
 
-	readinessCondition := suite.getReadiness(&kd)
+	readinessCondition := suite.getReadiness(kd)
 	g.Expect(readinessCondition).ToNot(BeNil())
 
 	g.Expect(readinessCondition.Status).To(Equal(rstatus))
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index c9ed9b910..1a5381d42 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -39,11 +39,9 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd := suite.getKluctlDeployment(key)
 
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
@@ -63,24 +61,16 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	err := suite.k.Client.Create(context.Background(), &secret)
 	g.Expect(err).To(Succeed())
 
-	var kd v1beta1.KluctlDeployment
-	err = suite.k.Client.Get(context.Background(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	patch := client.MergeFrom(kd.DeepCopy())
-	kd.Spec.Source.SecretRef = &v1beta1.LocalObjectReference{Name: "git-secrets"}
-
-	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
-	g.Expect(err).To(Succeed())
+	suite.updateKluctlDeployment(key, func(kd *v1beta1.KluctlDeployment) {
+		kd.Spec.Source.SecretRef = &v1beta1.LocalObjectReference{Name: "git-secrets"}
+	})
 
 	suite.Run("retry with authentication", func() {
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd := suite.getKluctlDeployment(key)
 
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
 	})
@@ -108,11 +98,9 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd := suite.getKluctlDeployment(key)
 
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
@@ -129,59 +117,50 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 	secret1 := createSecret("user1", "password1")
 	secret2 := createSecret("user2", "password2")
 
-	var kd v1beta1.KluctlDeployment
-	err := suite.k.Client.Get(context.Background(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	patch := client.MergeFrom(kd.DeepCopy())
-
-	if legacyGitSource {
-		var credentials []v1beta1.ProjectCredentialsGitDeprecated
-		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
-			Host:       gs1.GitHost(),
-			PathPrefix: ip1.GitRepoName(),
-			SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
-		})
-		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
-			Host:      mainGs.GitHost(),
-			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-		})
-		// make sure this one is ignored for http based urls
-		credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
-			Host:      "*",
-			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-		})
-		kd.Spec.Source.Credentials = credentials
-	} else {
-		var credentials []v1beta1.ProjectCredentialsGit
-		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-			Host:      gs1.GitHost(),
-			Path:      ip1.GitRepoName(),
-			SecretRef: v1beta1.LocalObjectReference{Name: secret2},
-		})
-		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-			Host:      mainGs.GitHost(),
-			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-		})
-		// make sure this one is ignored for http based urls
-		credentials = append(credentials, v1beta1.ProjectCredentialsGit{
-			Host:      "*",
-			SecretRef: v1beta1.LocalObjectReference{Name: secret1},
-		})
-		kd.Spec.Credentials.Git = credentials
-	}
-
-	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
-	g.Expect(err).To(Succeed())
+	suite.updateKluctlDeployment(key, func(kd *v1beta1.KluctlDeployment) {
+		if legacyGitSource {
+			var credentials []v1beta1.ProjectCredentialsGitDeprecated
+			credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+				Host:       gs1.GitHost(),
+				PathPrefix: ip1.GitRepoName(),
+				SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
+			})
+			credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+				Host:      mainGs.GitHost(),
+				SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+			})
+			// make sure this one is ignored for http based urls
+			credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
+				Host:      "*",
+				SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+			})
+			kd.Spec.Source.Credentials = credentials
+		} else {
+			var credentials []v1beta1.ProjectCredentialsGit
+			credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+				Host:      gs1.GitHost(),
+				Path:      ip1.GitRepoName(),
+				SecretRef: v1beta1.LocalObjectReference{Name: secret2},
+			})
+			credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+				Host:      mainGs.GitHost(),
+				SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+			})
+			// make sure this one is ignored for http based urls
+			credentials = append(credentials, v1beta1.ProjectCredentialsGit{
+				Host:      "*",
+				SecretRef: v1beta1.LocalObjectReference{Name: secret1},
+			})
+			kd.Spec.Credentials.Git = credentials
+		}
+	})
 
 	suite.Run("retry with authentication", func() {
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd := suite.getKluctlDeploymentAllowNil(key)
 
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
 	})
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 4f69e6ce9..ed299b5e0 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -1,7 +1,6 @@
 package e2e
 
 import (
-	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
@@ -118,11 +117,9 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 
 	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
-	var kd kluctlv1.KluctlDeployment
-	err = suite.k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
+	kd := suite.getKluctlDeploymentAllowNil(key)
 
-	readinessCondition := suite.getReadiness(&kd)
+	readinessCondition := suite.getReadiness(kd)
 	g.Expect(readinessCondition).ToNot(BeNil())
 
 	if tc.expectedError == "" {
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 490666508..09bd897bd 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -11,7 +11,6 @@ import (
 	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
 )
 
@@ -90,11 +89,9 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	suite.Run("fail without authentication", func() {
 		suite.waitForCommit(key, "")
 
-		var kd v1beta1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd := suite.getKluctlDeploymentAllowNil(key)
 
-		readinessCondition := suite.getReadiness(&kd)
+		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
@@ -122,35 +119,28 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	createSecret("secret2", "user2", "pass2")
 	createSecret("secret3", "user3", "pass3")
 
-	var kd v1beta1.KluctlDeployment
-	err := suite.k.Client.Get(context.Background(), key, &kd)
-	g.Expect(err).To(Succeed())
-
-	patch := client.MergeFrom(kd.DeepCopy())
-
-	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   repo0.URL.Host,
-		Repository: "org0/repo0",
-		SecretRef:  v1beta1.LocalObjectReference{Name: "secret0"},
+	suite.updateKluctlDeployment(key, func(kd *v1beta1.KluctlDeployment) {
+		kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
+			Registry:   repo0.URL.Host,
+			Repository: "org0/repo0",
+			SecretRef:  v1beta1.LocalObjectReference{Name: "secret0"},
+		})
+		kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
+			Registry:   repo1.URL.Host,
+			Repository: "org1/repo1",
+			SecretRef:  v1beta1.LocalObjectReference{Name: "secret1"},
+		})
+		kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
+			Registry:   repo2.URL.Host,
+			Repository: "*/repo2",
+			SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
+		})
+		kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
+			Registry:   repo3.URL.Host,
+			Repository: "org3/*",
+			SecretRef:  v1beta1.LocalObjectReference{Name: "secret3"},
+		})
 	})
-	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   repo1.URL.Host,
-		Repository: "org1/repo1",
-		SecretRef:  v1beta1.LocalObjectReference{Name: "secret1"},
-	})
-	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   repo2.URL.Host,
-		Repository: "*/repo2",
-		SecretRef:  v1beta1.LocalObjectReference{Name: "secret2"},
-	})
-	kd.Spec.Credentials.Oci = append(kd.Spec.Credentials.Oci, v1beta1.ProjectCredentialsOci{
-		Registry:   repo3.URL.Host,
-		Repository: "org3/*",
-		SecretRef:  v1beta1.LocalObjectReference{Name: "secret3"},
-	})
-
-	err = suite.k.Client.Patch(context.Background(), &kd, patch, client.FieldOwner("kluctl"))
-	g.Expect(err).To(Succeed())
 
 	suite.Run("retry with authentication", func() {
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
diff --git a/e2e/gitops_prune_delete_test.go b/e2e/gitops_prune_delete_test.go
index a1563ca8e..6e751976f 100644
--- a/e2e/gitops_prune_delete_test.go
+++ b/e2e/gitops_prune_delete_test.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
 	"time"
@@ -80,12 +79,11 @@ data:
 	})
 
 	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		_ = suite.k.Client.Get(context.Background(), key, &obj)
-		if obj.Status.LastDeployResult == nil {
+		kd := suite.getKluctlDeploymentAllowNil(key)
+		if kd.Status.LastDeployResult == nil {
 			return false
 		}
-		ldr, err := obj.Status.GetLastDeployResult()
+		ldr, err := kd.Status.GetLastDeployResult()
 		g.Expect(err).To(Succeed())
 		return ldr.GitInfo.Commit == getHeadRevision(suite.T(), p)
 	}, timeout, time.Second).Should(BeTrue())
@@ -165,15 +163,7 @@ data:
 	suite.deleteKluctlDeployment(key)
 
 	g.Eventually(func() bool {
-		var obj kluctlv1.KluctlDeployment
-		err := suite.k.Client.Get(context.Background(), key, &obj)
-		if err == nil {
-			return false
-		}
-		if !errors.IsNotFound(err) {
-			return false
-		}
-		return true
+		return suite.getKluctlDeploymentAllowNil(key) == nil
 	}, timeout, time.Second).Should(BeTrue())
 
 	if delete {
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 86e2625cc..79722017c 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -71,9 +71,7 @@ func (suite *GitopsTestSuite) TearDownSuite() {
 
 	g.Eventually(func() bool {
 		for _, key := range suite.deletedDeployments {
-			var kd kluctlv1.KluctlDeployment
-			err := suite.k.Client.Get(context.TODO(), key, &kd)
-			if err == nil {
+			if suite.getKluctlDeploymentAllowNil(key) != nil {
 				return false
 			}
 		}
@@ -149,10 +147,9 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) *kluctlv1.K
 
 	suite.T().Logf("%s: waiting for reconcile to finish", reconcileId)
 
-	var kd kluctlv1.KluctlDeployment
+	var kd *kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
-		err := suite.k.Client.Get(context.TODO(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd = suite.getKluctlDeployment(key)
 		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
 			suite.T().Logf("%s: request processing not started yet", reconcileId)
 			return false
@@ -164,7 +161,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) *kluctlv1.K
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
-	return &kd
+	return kd
 }
 
 func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string) *kluctlv1.KluctlDeployment {
@@ -174,10 +171,9 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 
 	suite.T().Logf("%s: waiting for commit %s", reconcileId, commit)
 
-	var kd kluctlv1.KluctlDeployment
+	var kd *kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
-		err := suite.k.Client.Get(context.Background(), key, &kd)
-		g.Expect(err).To(Succeed())
+		kd = suite.getKluctlDeployment(key)
 		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
 			suite.T().Logf("%s: request processing not started yet", reconcileId)
 			return false
@@ -193,7 +189,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
-	return &kd
+	return kd
 }
 
 func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
@@ -245,21 +241,39 @@ func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProjec
 	return key
 }
 
+func (suite *GitopsTestSuite) getKluctlDeploymentAllowNil(key client.ObjectKey) *kluctlv1.KluctlDeployment {
+	var kd kluctlv1.KluctlDeployment
+	err := suite.k.Client.Get(context.TODO(), key, &kd)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return nil
+		}
+		suite.T().Fatal(err)
+	}
+	return &kd
+}
+
+func (suite *GitopsTestSuite) getKluctlDeployment(key client.ObjectKey) *kluctlv1.KluctlDeployment {
+	kd := suite.getKluctlDeploymentAllowNil(key)
+	if kd == nil {
+		suite.T().Fatal(fmt.Sprintf("KluctlDeployment %s not found", key.String()))
+	}
+	return kd
+}
+
 func (suite *GitopsTestSuite) updateKluctlDeployment(key client.ObjectKey, update func(kd *kluctlv1.KluctlDeployment)) *kluctlv1.KluctlDeployment {
 	g := NewWithT(suite.T())
 
-	var kd kluctlv1.KluctlDeployment
-	err := suite.k.Client.Get(context.TODO(), key, &kd)
-	g.Expect(err).To(Succeed())
+	kd := suite.getKluctlDeployment(key)
 
 	patch := client.MergeFrom(kd.DeepCopy())
 
-	update(&kd)
+	update(kd)
 
-	err = suite.k.Client.Patch(context.TODO(), &kd, patch, client.FieldOwner("kubectl"))
+	err := suite.k.Client.Patch(context.TODO(), kd, patch, client.FieldOwner("kubectl"))
 	g.Expect(err).To(Succeed())
 
-	return &kd
+	return kd
 }
 
 func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {

From 9a26bf95334fade825e525ace88517bf91ad1f3d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 10:39:36 +0200
Subject: [PATCH 1785/2268] feat: Allow manual requests to be processed for
 suspended deployments

---
 cmd/kluctl/commands/cmd_gitops.go             | 20 ++++---------------
 cmd/kluctl/commands/cmd_gitops_logs.go        |  7 +++----
 .../commands/cmd_gitops_suspend_resume.go     |  5 ++---
 docs/gitops/spec/v1beta1/kluctldeployment.md  |  3 ++-
 .../kluctldeployment_controller.go            | 12 +++++------
 .../kluctldeployment_controller_reconcile.go  |  8 +++++++-
 6 files changed, 24 insertions(+), 31 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 22c5228ef..06f0e051a 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -49,8 +49,7 @@ type gitopsCmdHelper struct {
 	logsArgs        args.GitOpsLogArgs
 	overridableArgs args.GitOpsOverridableArgs
 
-	noArgsReact    noArgsReact
-	allowSuspended bool
+	noArgsReact noArgsReact
 
 	kds []v1beta1.KluctlDeployment
 
@@ -133,7 +132,6 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		ns = defaultNs
 	}
 
-	var kds []v1beta1.KluctlDeployment
 	if g.args.Name != "" {
 		if ns == "" {
 			return fmt.Errorf("no namespace specified")
@@ -147,7 +145,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		kds = append(kds, kd)
+		g.kds = append(g.kds, kd)
 	} else if g.args.LabelSelector != "" {
 		label, err := metav1.ParseToLabelSelector(g.args.LabelSelector)
 		if err != nil {
@@ -169,7 +167,7 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		kds = append(kds, l.Items...)
+		g.kds = append(g.kds, l.Items...)
 	} else if g.noArgsReact == noArgsNoDeployments {
 		// do nothing
 	} else if g.noArgsReact == noArgsAllDeployments {
@@ -178,21 +176,11 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		kds = append(kds, l.Items...)
+		g.kds = append(g.kds, l.Items...)
 	} else {
 		return fmt.Errorf("either name or label selector must be set")
 	}
 
-	for _, kd := range kds {
-		if kd.Spec.Suspend {
-			if !g.allowSuspended {
-				status.Warningf(ctx, "Skipping suspended deployment %s/%s", kd.Namespace, kd.Name)
-				continue
-			}
-		}
-		g.kds = append(g.kds, kd)
-	}
-
 	g.resultStore, err = buildResultStoreRO(ctx, restConfig, mapper, &g.args.CommandResultReadOnlyFlags)
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_gitops_logs.go b/cmd/kluctl/commands/cmd_gitops_logs.go
index c51ebc9da..5511552ad 100644
--- a/cmd/kluctl/commands/cmd_gitops_logs.go
+++ b/cmd/kluctl/commands/cmd_gitops_logs.go
@@ -21,10 +21,9 @@ func (cmd *gitopsLogsCmd) Help() string {
 
 func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:           cmd.GitOpsArgs,
-		logsArgs:       cmd.GitOpsLogArgs,
-		noArgsReact:    noArgsNoDeployments,
-		allowSuspended: true,
+		args:        cmd.GitOpsArgs,
+		logsArgs:    cmd.GitOpsLogArgs,
+		noArgsReact: noArgsNoDeployments,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index f826928c3..ce1adb62a 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -32,9 +32,8 @@ func (cmd *GitopsSuspendCmd) Help() string {
 
 func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:           cmd.GitOpsArgs,
-		logsArgs:       cmd.GitOpsLogArgs,
-		allowSuspended: true,
+		args:     cmd.GitOpsArgs,
+		logsArgs: cmd.GitOpsLogArgs,
 	}
 	if cmd.All {
 		g.noArgsReact = noArgsAllDeployments
diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 94257d1dc..2fb821f77 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -310,7 +310,8 @@ all rendered objects.
 To enforce periodic full deployments even if nothing has changed, `spec.deployInterval` can be used to specify an
 interval at which forced deployments must be performed by the controller.
 
-The KluctlDeployment reconciliation can be suspended by setting `spec.suspend` to `true`.
+The KluctlDeployment reconciliation can be suspended by setting `spec.suspend` to `true`. Suspension will however not
+prevent manual reconciliation requests via the `kluctl gitops` sub-commands.
 
 The controller can be told to reconcile the KluctlDeployment outside of the specified interval
 by annotating the KluctlDeployment object with `kluctl.io/request-reconcile`.
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 673acf25f..196c30fa0 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -102,12 +102,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		return r.finalize(ctx, obj)
 	}
 
-	// Return early if the KluctlDeployment is suspended.
-	if obj.Spec.Suspend {
-		log.Info("Reconciliation is suspended for this object")
-		return ctrl.Result{}, nil
-	}
-
 	patchObj := obj.DeepCopy()
 	patch := client.MergeFrom(patchObj)
 
@@ -203,6 +197,8 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	obj *kluctlv1.KluctlDeployment,
 	reconcileId string) (*ctrl.Result, error) {
 
+	log := ctrl.LoggerFrom(ctx)
+
 	r.exportDeploymentObjectToProm(obj)
 
 	patchErr := r.patchProgressingCondition(ctx, obj, "Initializing", true)
@@ -223,6 +219,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 
+	if obj.Spec.Suspend {
+		log.Info("Reconciliation is suspended for this object, only allowing manual requests to be processed")
+	}
+
 	processed, err := r.reconcileManualRequests(ctx, timeoutCtx, obj, reconcileId)
 	if err != nil {
 		return nil, err
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 69eb35337..a6557d26d 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -331,9 +331,15 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 		return status.LastHandledReconcileAt
 	}
 
+	forceReconcile := true
+	if obj.Spec.Suspend {
+		// suspend disables forces reconciliation on every request. It still allows reconciliation via manual requests.
+		forceReconcile = false
+	}
+
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"reconcile", kluctlv1.KluctlRequestReconcileAnnotation,
-		setRequestResult, getLegacyOldValue, true,
+		setRequestResult, getLegacyOldValue, forceReconcile,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			return r.reconcileFullRequest2(ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
 		})

From ff56dd657e61e07292f63cb51e7910ef85229383 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 13:15:45 +0200
Subject: [PATCH 1786/2268] fix: Force writing of prune result when requested
 manually

---
 pkg/controllers/kluctl_project.go                        | 4 ++--
 pkg/controllers/kluctldeployment_controller_reconcile.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 37bf9c9e4..87f7707d3 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -828,7 +828,7 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPruneCommand("", targetContext, false)
@@ -841,7 +841,7 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdResult, "prune", false)
+	err = pt.writeCommandResult(ctx, cmdResult, "prune", triggeredByRequest)
 	return cmdResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index a6557d26d..bfe572a54 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -279,7 +279,7 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 		"prune", kluctlv1.KluctlRequestPruneAnnotation,
 		setRequestResult, getLegacyOldValue, false,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
+			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash, true)
 			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
 			if err != nil {
 				log.Error(err, "Failed to write prune result")

From 882d8b850309265f6e4d8ee70f2a9df127d2e648 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 13:16:46 +0200
Subject: [PATCH 1787/2268] fix: Set correct request result

---
 .../kluctldeployment_controller_reconcile.go  | 78 +++++++++----------
 1 file changed, 35 insertions(+), 43 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index bfe572a54..80b34ef4d 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -14,12 +14,11 @@ import (
 	"time"
 )
 
-type setResultCallback func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult)
-type getLegacyOldValueCallback func(status *kluctlv1.KluctlDeploymentStatus) string
+type getResultPtrCallback func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string)
 
 func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Context,
-	obj *kluctlv1.KluctlDeployment, reconcileId string, rr *kluctlv1.RequestResult,
-	requestAnnotation string, setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback,
+	obj *kluctlv1.KluctlDeployment, reconcileId string,
+	requestAnnotation string, getResultPtr getResultPtrCallback,
 ) (*kluctlv1.RequestResult, error) {
 	key := client.ObjectKeyFromObject(obj)
 
@@ -27,7 +26,11 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 	if v == "" {
 		return nil, nil
 	}
-	if rr == nil && getLegacyOldValue(&obj.Status) == v {
+
+	resultPtr, legacyValue := getResultPtr(&obj.Status)
+	rr := *resultPtr
+
+	if rr == nil && legacyValue == v {
 		// legacy value in status is still present, and we never executed the new request status handling
 		// ensure that we don't accidentally re-process the request
 		t := metav1.Now()
@@ -38,7 +41,8 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 			ReconcileId:  "unknown",
 		}
 		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			setResult(status, rr)
+			resultPtr, _ := getResultPtr(status)
+			*resultPtr = rr
 			return nil
 		})
 		if err != nil {
@@ -53,7 +57,8 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 			ReconcileId:  reconcileId,
 		}
 		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			setResult(status, rr)
+			resultPtr, _ := getResultPtr(status)
+			*resultPtr = rr
 			return nil
 		})
 		if err != nil {
@@ -65,12 +70,13 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 }
 
 func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Context,
-	obj *kluctlv1.KluctlDeployment, rr *kluctlv1.RequestResult, resultId string, commandErr error, setResult setResultCallback) error {
+	obj *kluctlv1.KluctlDeployment, rr *kluctlv1.RequestResult, resultId string, commandErr error, getResultPtr getResultPtrCallback) error {
 	key := client.ObjectKeyFromObject(obj)
 
 	if rr == nil {
 		return nil
 	}
+
 	t := metav1.Now()
 	rr.EndTime = &t
 	rr.ResultId = resultId
@@ -78,7 +84,8 @@ func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Conte
 		rr.CommandError = commandErr.Error()
 	}
 	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-		setResult(status, rr)
+		resultPtr, _ := getResultPtr(status)
+		*resultPtr = rr
 		return nil
 	})
 }
@@ -109,10 +116,10 @@ type reconcileCallback func(targetContext *kluctl_project.TargetContext,
 func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context, timeoutCtx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string,
 	commandName string, annotationName string,
-	setResult setResultCallback, getLegacyOldValue getLegacyOldValueCallback, force bool,
+	getResultPtr getResultPtrCallback, force bool,
 	reconcileRequest reconcileCallback,
 ) (bool, error) {
-	req, err := r.startHandleManualRequest(ctx, obj, reconcileId, obj.Status.DiffRequestResult, annotationName, setResult, getLegacyOldValue)
+	req, err := r.startHandleManualRequest(ctx, obj, reconcileId, annotationName, getResultPtr)
 	if err != nil {
 		return false, r.patchFailPrepare(ctx, obj, err)
 	}
@@ -125,7 +132,7 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		if err2 != nil {
 			err = multierror.Append(err, err2)
 		}
-		err2 = r.finishHandleManualRequest(ctx, obj, req, resultId, err, setResult)
+		err2 = r.finishHandleManualRequest(ctx, obj, req, resultId, err, getResultPtr)
 		if err2 != nil {
 			err = multierror.Append(err, err2)
 		}
@@ -161,7 +168,7 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		resultId = x.Id
 	}
 
-	err = r.finishHandleManualRequest(ctx, obj, req, resultId, cmdErr, setResult)
+	err = r.finishHandleManualRequest(ctx, obj, req, resultId, cmdErr, getResultPtr)
 	if err != nil {
 		if cmdErr != nil {
 			err = multierror.Append(err, cmdErr)
@@ -212,16 +219,13 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.DiffRequestResult = requestResult
-	}
-	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return ""
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+		return &status.DiffRequestResult, ""
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"diff", kluctlv1.KluctlRequestDiffAnnotation,
-		setRequestResult, getLegacyOldValue, false,
+		getResultPtr, false,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
 			err := obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
@@ -240,16 +244,13 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 		obj.Status.LastHandledDeployAt = ""
 	}()
 
-	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.DeployRequestResult = requestResult
-	}
-	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledDeployAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+		return &status.DeployRequestResult, status.LastHandledDeployAt
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation,
-		setRequestResult, getLegacyOldValue, false,
+		getResultPtr, false,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, true)
 			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
@@ -268,16 +269,13 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 		obj.Status.LastHandledPruneAt = ""
 	}()
 
-	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.PruneRequestResult = requestResult
-	}
-	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledPruneAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+		return &status.PruneRequestResult, status.LastHandledPruneAt
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"prune", kluctlv1.KluctlRequestPruneAnnotation,
-		setRequestResult, getLegacyOldValue, false,
+		getResultPtr, false,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash, true)
 			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
@@ -296,16 +294,13 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 		obj.Status.LastHandledValidateAt = ""
 	}()
 
-	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.ValidateRequestResult = requestResult
-	}
-	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledValidateAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+		return &status.ValidateRequestResult, status.LastHandledValidateAt
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"validate", kluctlv1.KluctlRequestValidateAnnotation,
-		setRequestResult, getLegacyOldValue, false,
+		getResultPtr, false,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil, reconcileId, objectsHash)
 			err := obj.Status.SetLastValidateResult(cmdResult, cmdErr)
@@ -324,11 +319,8 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 		obj.Status.ObservedGeneration = obj.GetGeneration()
 	}()
 
-	setRequestResult := func(status *kluctlv1.KluctlDeploymentStatus, requestResult *kluctlv1.RequestResult) {
-		status.ReconcileRequestResult = requestResult
-	}
-	getLegacyOldValue := func(status *kluctlv1.KluctlDeploymentStatus) string {
-		return status.LastHandledReconcileAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+		return &status.ReconcileRequestResult, status.LastHandledReconcileAt
 	}
 
 	forceReconcile := true
@@ -339,7 +331,7 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"reconcile", kluctlv1.KluctlRequestReconcileAnnotation,
-		setRequestResult, getLegacyOldValue, forceReconcile,
+		getResultPtr, forceReconcile,
 		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			return r.reconcileFullRequest2(ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
 		})

From 7d37043090467b4dbad2047e72a62e5f5aac98c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 13:18:25 +0200
Subject: [PATCH 1788/2268] fix: Wait for next reconciliation when using
 suspend/resume

---
 cmd/kluctl/commands/cmd_gitops.go             | 12 ++++----
 .../commands/cmd_gitops_suspend_resume.go     | 29 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 06f0e051a..c98950c4c 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -196,30 +196,30 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 	return nil
 }
 
-func (g *gitopsCmdHelper) patchDeployment(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error) error {
+func (g *gitopsCmdHelper) patchDeployment(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error) (*v1beta1.KluctlDeployment, error) {
 	s := status.Startf(ctx, "Patching KluctlDeployment %s/%s", key.Namespace, key.Name)
 	defer s.Failed()
 
 	var kd v1beta1.KluctlDeployment
 	err := g.client.Get(ctx, key, &kd)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	patch := client.MergeFrom(kd.DeepCopy())
 	err = cb(&kd)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	err = g.client.Patch(ctx, &kd, patch, client.FieldOwner("kluctl"))
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	s.Success()
 
-	return nil
+	return &kd, nil
 }
 
 func (g *gitopsCmdHelper) updateDeploymentStatus(ctx context.Context, key client.ObjectKey, cb func(kd *v1beta1.KluctlDeployment) error, retries int) error {
@@ -275,7 +275,7 @@ func (g *gitopsCmdHelper) patchDeploymentStatus(ctx context.Context, key client.
 }
 
 func (g *gitopsCmdHelper) patchManualRequest(ctx context.Context, key client.ObjectKey, requestAnnotation string, value string) error {
-	err := g.patchDeployment(ctx, key, func(kd *v1beta1.KluctlDeployment) error {
+	_, err := g.patchDeployment(ctx, key, func(kd *v1beta1.KluctlDeployment) error {
 		a := kd.GetAnnotations()
 		if a == nil {
 			a = map[string]string{}
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index ce1adb62a..51e93ff34 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
 )
 
 type GitopsSuspendCmd struct {
@@ -43,7 +45,7 @@ func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 		return err
 	}
 	for _, kd := range g.kds {
-		err = g.patchDeployment(ctx, client.ObjectKeyFromObject(&kd), func(kd *v1beta1.KluctlDeployment) error {
+		patchedKd, err := g.patchDeployment(ctx, client.ObjectKeyFromObject(&kd), func(kd *v1beta1.KluctlDeployment) error {
 			if cmd.forResume {
 				kd.Spec.Suspend = false
 			} else {
@@ -54,6 +56,31 @@ func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
+		err = func() error {
+			st := status.Startf(ctx, "Waiting for final reconciliation loop to finish")
+			defer st.Failed()
+
+			tick := time.NewTicker(time.Second)
+			for {
+				select {
+				case <-ctx.Done():
+					return ctx.Err()
+				case <-tick.C:
+					var kd2 v1beta1.KluctlDeployment
+					err := g.client.Get(ctx, client.ObjectKeyFromObject(&kd), &kd2)
+					if err != nil {
+						return err
+					}
+					if kd2.Status.ObservedGeneration >= patchedKd.Generation {
+						st.Success()
+						return nil
+					}
+				}
+			}
+		}()
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }

From b85db7076e61e2d5fab0cdd01a6826560fc45ebc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 13:18:59 +0200
Subject: [PATCH 1789/2268] feat: Allow to override --prune and --no-wait for
 reconcile requests

---
 cmd/kluctl/commands/cmd_gitops_reconcile.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 15e53f69d..60631e4a9 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -13,6 +13,8 @@ type gitopsReconcileCmd struct {
 	args.GitOpsArgs
 	args.GitOpsLogArgs
 	args.GitOpsOverridableArgs
+
+	DeployExtraFlags `groupOverride:"override"`
 }
 
 func (cmd *gitopsReconcileCmd) Help() string {

From 868011dbf6f10a6b291cb87995ec68f369a6f635 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 13:19:13 +0200
Subject: [PATCH 1790/2268] tests: Add manual gitops request tests

---
 e2e/gitops_errors_test.go          |  13 +-
 e2e/gitops_manual_requests_test.go | 408 +++++++++++++++++++++++++++++
 e2e/gitops_suite_test.go           |  31 +++
 e2e/test_project/project.go        |  17 +-
 4 files changed, 454 insertions(+), 15 deletions(-)
 create mode 100644 e2e/gitops_manual_requests_test.go

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 3b6d71503..84e42042a 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -1,10 +1,8 @@
 package e2e
 
 import (
-	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -46,19 +44,12 @@ func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, false, "", 0, 0)
-	g.Expect(err).To(Succeed())
-
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
 	g.Expect(err).To(Succeed())
-	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{
-		Id: lastDeployResult.Id,
-	})
+
 	g.Expect(err).To(Succeed())
 	if len(expectedErrors) != 0 || len(expectedWarnings) != 0 {
+		cr := suite.getCommandResult(lastDeployResult.Id)
 		g.Expect(cr).ToNot(BeNil())
 		g.Expect(err).To(Succeed())
 		g.Expect(cr.Errors).To(ConsistOf(expectedErrors))
diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
new file mode 100644
index 000000000..35dd15390
--- /dev/null
+++ b/e2e/gitops_manual_requests_test.go
@@ -0,0 +1,408 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
+	"time"
+
+	. "github.com/onsi/gomega"
+)
+
+type GitOpsManualRequestsSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsManualRequests(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsManualRequestsSuite))
+}
+
+func (suite *GitOpsManualRequestsSuite) assertNoChanges(resultId string) {
+	cr := suite.getCommandResult(resultId)
+	assert.NotNil(suite.T(), cr)
+
+	sum := cr.BuildSummary()
+	assert.Zero(suite.T(), sum.NewObjects)
+	assert.Zero(suite.T(), sum.ChangedObjects)
+	assert.Zero(suite.T(), sum.OrphanObjects)
+	assert.Zero(suite.T(), sum.DeletedObjects)
+}
+
+func (suite *GitOpsManualRequestsSuite) assertChanges(resultId string, new int, changed int, orphan int, deleted int) {
+	cr := suite.getCommandResult(resultId)
+	assert.NotNil(suite.T(), cr)
+
+	sum := cr.BuildSummary()
+	assert.Equal(suite.T(), new, sum.NewObjects)
+	assert.Equal(suite.T(), changed, sum.ChangedObjects)
+	assert.Equal(suite.T(), orphan, sum.OrphanObjects)
+	assert.Equal(suite.T(), deleted, sum.DeletedObjects)
+}
+
+func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T(), test_project.WithSkipProjectDirArg(true))
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	addConfigMapDeployment(p, "d1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v1", "data", "k")
+		return nil
+	}, "")
+
+	key := suite.createKluctlDeployment(p, "target1", nil)
+
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+	})
+
+	suite.Run("suspending the deployment", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Suspend = true
+			// this will get important later when we test suspend/resume
+			kd.Spec.DeployInterval = &kluctlv1.SafeDuration{Duration: metav1.Duration{Duration: time.Second * 2}}
+		})
+		suite.waitForReconcile(key)
+	})
+
+	suite.Run("run manual diff (with no changes)", func() {
+		p.KluctlMust("gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DiffRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DiffRequestResult.ResultId)
+
+		suite.assertNoChanges(kd.Status.DiffRequestResult.ResultId)
+	})
+
+	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v2", "data", "k")
+		return nil
+	}, "")
+	addConfigMapDeployment(p, "d2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	suite.Run("run manual diff (with changes)", func() {
+		p.KluctlMust("gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DiffRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DiffRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DiffRequestResult.ResultId, 1, 1, 0, 0)
+
+		// assert nothing actually changed
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k")
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	suite.Run("run manual deploy (with changes)", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 1, 1, 0, 0)
+
+		// assert it actually changed
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v2", "data", "k")
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	suite.Run("run manual deploy (with no changes)", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertNoChanges(kd.Status.DeployRequestResult.ResultId)
+
+		// assert nothing actually changed
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v2", "data", "k")
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	suite.Run("run manual prune (with no changes)", func() {
+		p.KluctlMust("gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.PruneRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.PruneRequestResult.ResultId)
+
+		suite.assertNoChanges(kd.Status.PruneRequestResult.ResultId)
+	})
+
+	p.DeleteKustomizeDeployment("d2")
+
+	suite.Run("run manual prune (with changes)", func() {
+		p.KluctlMust("gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.PruneRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.PruneRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.PruneRequestResult.ResultId, 0, 0, 0, 1)
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	suite.Run("run manual validate (with no errors)", func() {
+		p.KluctlMust("gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.ValidateRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.ValidateRequestResult.ResultId)
+
+		vr := suite.getValidateResult(kd.Status.ValidateRequestResult.ResultId)
+		assert.Empty(suite.T(), vr.Errors)
+		assert.Empty(suite.T(), vr.Warnings)
+	})
+
+	cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+	err := suite.k.Client.Delete(context.Background(), cm1.ToUnstructured())
+	assert.NoError(suite.T(), err)
+
+	suite.Run("run manual validate (with errors)", func() {
+		_, _, err := p.Kluctl("gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		assert.ErrorContains(suite.T(), err, "Validation failed")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.ValidateRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.ValidateRequestResult.ResultId)
+
+		vr := suite.getValidateResult(kd.Status.ValidateRequestResult.ResultId)
+		assert.Equal(suite.T(), []result.DeploymentError{{Ref: k8s.ObjectRef{Group: "", Version: "v1", Kind: "ConfigMap", Name: "cm1", Namespace: p.TestSlug()}, Message: "object not found"}}, vr.Errors)
+		assert.Empty(suite.T(), vr.Warnings)
+	})
+
+	suite.Run("resume and wait for reconcile", func() {
+		p.KluctlMust("gitops", "resume", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		g.Eventually(func() bool {
+			var cm1 corev1.ConfigMap
+			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
+			return err == nil
+		}, timeout, time.Second).Should(BeTrue())
+
+		// delete it again and ensure it re-appears (we have deployInterval=2s)
+		err := suite.k.Client.Delete(context.Background(), cm1.ToUnstructured())
+		assert.NoError(suite.T(), err)
+
+		g.Eventually(func() bool {
+			var cm1 corev1.ConfigMap
+			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
+			return err == nil
+		}, timeout, time.Second).Should(BeTrue())
+	})
+
+	suite.Run("suspend and ensure reconcile does not happen", func() {
+		p.KluctlMust("gitops", "suspend", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		err := suite.k.Client.Delete(context.Background(), cm1.ToUnstructured())
+		assert.NoError(suite.T(), err)
+
+		g.Consistently(func() bool {
+			var cm1 corev1.ConfigMap
+			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
+			return errors.IsNotFound(err)
+		}, 5*time.Second, time.Second).Should(BeTrue())
+	})
+
+	suite.Run("run manual reconcile", func() {
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+
+		// this should ren even though suspend=true
+		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.ReconcileRequestResult)
+
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+	})
+}
+
+func (suite *GitOpsManualRequestsSuite) TestOverrides() {
+	//g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T(), test_project.WithSkipProjectDirArg(true))
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	addConfigMapDeployment(p, "d1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v1", "data", "k1")
+		_ = o.SetNestedField("{{ args.a }}", "data", "k2")
+		return nil
+	}, "")
+
+	key := suite.createKluctlDeployment(p, "target1", map[string]any{
+		"a": "v1",
+	})
+
+	suite.Run("initial deployment", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k1")
+		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k2")
+	})
+
+	suite.Run("suspending the deployment", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Suspend = true
+		})
+		suite.waitForReconcile(key)
+	})
+
+	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v2", "data", "k1")
+		return nil
+	}, "")
+	addConfigMapDeployment(p, "d2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	suite.Run("deploy with dry-run", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		// assert that the result pretends that it was changed
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 1, 1, 0, 0)
+
+		// assert that in reality nothing was changed
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k1")
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+
+		// now re-deploy with dry-run=false
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.DryRun = true
+		})
+		suite.waitForReconcile(key)
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run=false")
+
+		kd = suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 1, 1, 0, 0)
+
+		// assert it actually changed this time
+		cm1 = assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "v2", "data", "k1")
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	// we've set dryRun=true in the previous test, let's undo this
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.DryRun = false
+	})
+	suite.waitForReconcile(key)
+
+	suite.Run("deploy with overridden args", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-a", "a=via_arg")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 1, 0, 0)
+
+		// assert it actually changed this time
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "via_arg", "data", "k2")
+
+		// undo it
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+	})
+
+	p.DeleteKustomizeDeployment("d2")
+
+	suite.Run("deploy with overridden prune", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Prune = true
+		})
+
+		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 0, 1, 0)
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Prune = false
+		})
+		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune")
+
+		kd = suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 0, 0, 1)
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm2")
+	})
+
+	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("v1", "data", "k3")
+		return nil
+	}, "")
+	addConfigMapDeployment(p, "d3", nil, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+	})
+
+	suite.Run("deploy with overridden inclusion", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-I", "d1")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 1, 0, 0)
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm3")
+	})
+
+	suite.Run("deploy with overridden exclusion", func() {
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-E", "d1")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 1, 0, 0, 0)
+		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm3")
+	})
+}
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 79722017c..057eebc8b 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -8,9 +8,12 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/results"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/onsi/gomega"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -321,3 +324,31 @@ func (suite *GitopsTestSuite) getReadiness(obj *kluctlv1.KluctlDeployment) *meta
 	}
 	return nil
 }
+
+func (suite *GitopsTestSuite) getCommandResult(id string) *result.CommandResult {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, false, "", 0, 0)
+	assert.NoError(suite.T(), err)
+
+	cr, err := rs.GetCommandResult(results.GetCommandResultOptions{Id: id})
+	if err != nil {
+		return nil
+	}
+	return cr
+}
+
+func (suite *GitopsTestSuite) getValidateResult(id string) *result.ValidateResult {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	rs, err := results.NewResultStoreSecrets(ctx, suite.k.RESTConfig(), suite.k.Client, false, "", 0, 0)
+	assert.NoError(suite.T(), err)
+
+	vr, err := rs.GetValidateResult(results.GetValidateResultOptions{Id: id})
+	if err != nil {
+		return nil
+	}
+	return vr
+}
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index c95d46156..08dd1d8f7 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -24,9 +24,10 @@ import (
 type TestProject struct {
 	t *testing.T
 
-	extraEnv   utils.OrderedMap[string, string]
-	useProcess bool
-	bare       bool
+	extraEnv          utils.OrderedMap[string, string]
+	useProcess        bool
+	skipProjectDirArg bool
+	bare              bool
 
 	gitServer   *git2.TestGitServer
 	gitRepoName string
@@ -65,6 +66,12 @@ func WithBareProject() TestProjectOption {
 	}
 }
 
+func WithSkipProjectDirArg(b bool) TestProjectOption {
+	return func(p *TestProject) {
+		p.skipProjectDirArg = b
+	}
+}
+
 func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
 		t:           t,
@@ -499,7 +506,9 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	}
 
 	var args []string
-	args = append(args, "--project-dir", p.LocalProjectDir())
+	if !p.skipProjectDirArg {
+		args = append(args, "--project-dir", p.LocalProjectDir())
+	}
 	args = append(args, argsIn...)
 
 	return KluctlExecute(p.t, context.Background(), args...)

From 0994f4be9c3ac5e718cf6a14756c7cdced52cbbb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 14:02:31 +0200
Subject: [PATCH 1791/2268] tests: Move source override tests into own test
 suite and make test projects reusable

---
 e2e/git_include_test.go            |  82 -------------
 e2e/gitops_manual_requests_test.go |  53 +++++----
 e2e/oci_include_test.go            | 136 ---------------------
 e2e/source_override_test.go        | 183 +++++++++++++++++++++++++++++
 e2e/test_project/project.go        |  12 ++
 5 files changed, 223 insertions(+), 243 deletions(-)
 create mode 100644 e2e/source_override_test.go

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 96d307543..0f55924ec 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -7,12 +7,8 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	git2 "github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	cp "github.com/otiai10/copy"
 	"github.com/stretchr/testify/assert"
-	"path/filepath"
 	"testing"
 )
 
@@ -224,81 +220,3 @@ func TestGitIncludeRef(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "tag5")
 	assertConfigMapExists(t, k, p.TestSlug(), "commit6")
 }
-
-func TestLocalGitOverride(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-	p, ip1, ip2 := prepareGitIncludeTest(t, k, nil, nil, nil)
-
-	override1 := t.TempDir()
-	err := cp.Copy(ip1.LocalRepoDir(), override1)
-	assert.NoError(t, err)
-
-	override2 := t.TempDir()
-	err = cp.Copy(ip2.LocalRepoDir(), override2)
-	assert.NoError(t, err)
-
-	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o1", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
-
-	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o2", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
-
-	u1, _ := types.ParseGitUrl(ip1.GitUrl())
-	u2, _ := types.ParseGitUrl(ip2.GitUrl())
-	k1 := u1.RepoKey().String()
-	k2 := u2.RepoKey().String()
-
-	p.KluctlMust("deploy", "--yes", "-t", "test",
-		"--local-git-override", fmt.Sprintf("%s=%s", k1, override1),
-		"--local-git-override", fmt.Sprintf("%s=%s", k2, override2),
-	)
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
-	assertNestedFieldEquals(t, cm, "o1", "data", "a")
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
-	assertNestedFieldEquals(t, cm, "o2", "data", "a")
-}
-
-func TestLocalGitGroupOverride(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-	gs := git2.NewTestGitServer(t)
-	p, ip1, ip2 := prepareGitIncludeTest(t, k, gs, gs, gs)
-
-	overrideGroupDir := t.TempDir()
-
-	override1 := filepath.Join(overrideGroupDir, "include1")
-	err := cp.Copy(ip1.LocalRepoDir(), override1)
-	assert.NoError(t, err)
-
-	override2 := filepath.Join(overrideGroupDir, "include2")
-	err = cp.Copy(ip2.LocalRepoDir(), override2)
-	assert.NoError(t, err)
-
-	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o1", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
-
-	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o2", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
-
-	u1, _ := types.ParseGitUrl(p.GitServer().GitUrl() + "/repos")
-	k1 := u1.RepoKey().String()
-
-	p.KluctlMust("deploy", "--yes", "-t", "test",
-		"--local-git-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
-	)
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
-	assertNestedFieldEquals(t, cm, "o1", "data", "a")
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
-	assertNestedFieldEquals(t, cm, "o2", "data", "a")
-}
diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
index 35dd15390..06eac41bb 100644
--- a/e2e/gitops_manual_requests_test.go
+++ b/e2e/gitops_manual_requests_test.go
@@ -28,28 +28,6 @@ func TestGitOpsManualRequests(t *testing.T) {
 	suite.Run(t, new(GitOpsManualRequestsSuite))
 }
 
-func (suite *GitOpsManualRequestsSuite) assertNoChanges(resultId string) {
-	cr := suite.getCommandResult(resultId)
-	assert.NotNil(suite.T(), cr)
-
-	sum := cr.BuildSummary()
-	assert.Zero(suite.T(), sum.NewObjects)
-	assert.Zero(suite.T(), sum.ChangedObjects)
-	assert.Zero(suite.T(), sum.OrphanObjects)
-	assert.Zero(suite.T(), sum.DeletedObjects)
-}
-
-func (suite *GitOpsManualRequestsSuite) assertChanges(resultId string, new int, changed int, orphan int, deleted int) {
-	cr := suite.getCommandResult(resultId)
-	assert.NotNil(suite.T(), cr)
-
-	sum := cr.BuildSummary()
-	assert.Equal(suite.T(), new, sum.NewObjects)
-	assert.Equal(suite.T(), changed, sum.ChangedObjects)
-	assert.Equal(suite.T(), orphan, sum.OrphanObjects)
-	assert.Equal(suite.T(), deleted, sum.DeletedObjects)
-}
-
 func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	g := NewWithT(suite.T())
 
@@ -244,8 +222,6 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 }
 
 func (suite *GitOpsManualRequestsSuite) TestOverrides() {
-	//g := NewWithT(suite.T())
-
 	p := test_project.NewTestProject(suite.T(), test_project.WithSkipProjectDirArg(true))
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
@@ -257,6 +233,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("v1", "data", "k1")
 		_ = o.SetNestedField("{{ args.a }}", "data", "k2")
+		_ = o.SetNestedField(`{{ get_var("args.b", "na") }}`, "data", "k3")
 		return nil
 	}, "")
 
@@ -269,6 +246,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
 		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k1")
 		assertNestedFieldEquals(suite.T(), cm1, "v1", "data", "k2")
+		assertNestedFieldEquals(suite.T(), cm1, "na", "data", "k3")
 	})
 
 	suite.Run("suspending the deployment", func() {
@@ -376,7 +354,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	})
 
 	p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField("v1", "data", "k3")
+		_ = o.SetNestedField("v1", "data", "k4")
 		return nil
 	}, "")
 	addConfigMapDeployment(p, "d3", nil, resourceOpts{
@@ -405,4 +383,29 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 1, 0, 0, 0)
 		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm3")
 	})
+
+	p.UpdateTarget("target2", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField("via_target", "args", "b")
+	})
+
+	suite.Run("deploy with overridden target", func() {
+		// first, deploy without overrides
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		assertNestedFieldEquals(suite.T(), cm1, "na", "data", "k3")
+
+		// now with override
+		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--target", "target2")
+
+		kd := suite.getKluctlDeployment(key)
+		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+		assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+		suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 2, 0, 0)
+		cm1 = assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
+		cm3 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm3")
+		assertNestedFieldEquals(suite.T(), cm1, p.TestSlug()+"-target2", "metadata", "labels", "kluctl.io/discriminator")
+		assertNestedFieldEquals(suite.T(), cm3, p.TestSlug()+"-target2", "metadata", "labels", "kluctl.io/discriminator")
+		assertNestedFieldEquals(suite.T(), cm1, "via_target", "data", "k3")
+	})
 }
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index d4d656682..07e0bc279 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -8,11 +8,9 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	cp "github.com/otiai10/copy"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 )
 
@@ -235,137 +233,3 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertNestedFieldEquals(t, cm, "v3", "data", "a")
 }
-
-func TestLocalOciOverride(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	ip1 := prepareIncludeProject(t, "include1", "", nil)
-	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
-
-	repo := test_utils.TestHelmRepo{
-		Oci: true,
-	}
-	repo.Start(t)
-
-	repo1 := repo.URL.String() + "/org1/repo1"
-	repo2 := repo.URL.String() + "/org2/repo2"
-
-	ip1.KluctlMust("oci", "push", "--url", repo1)
-	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
-
-	p := test_project.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
-
-	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
-
-	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
-		"oci": map[string]any{
-			"url": repo1,
-		},
-	}))
-	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
-		"oci": map[string]any{
-			"url":    repo2,
-			"subDir": "subDir",
-		},
-	}))
-
-	override1 := t.TempDir()
-	err := cp.Copy(ip1.LocalRepoDir(), override1)
-	assert.NoError(t, err)
-
-	override2 := t.TempDir()
-	err = cp.Copy(ip2.LocalRepoDir(), override2)
-	assert.NoError(t, err)
-
-	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o1", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
-
-	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o2", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
-
-	k1 := strings.TrimPrefix(repo1, "oci://")
-	k2 := strings.TrimPrefix(repo2, "oci://")
-
-	p.KluctlMust("deploy", "--yes", "-t", "test",
-		"--local-oci-override", fmt.Sprintf("%s=%s", k1, override1),
-		"--local-oci-override", fmt.Sprintf("%s=%s", k2, override2),
-	)
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
-	assertNestedFieldEquals(t, cm, "o1", "data", "a")
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
-	assertNestedFieldEquals(t, cm, "o2", "data", "a")
-}
-
-func TestLocalOciGroupOverride(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	ip1 := prepareIncludeProject(t, "include1", "", nil)
-	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
-
-	repo := test_utils.TestHelmRepo{
-		Oci: true,
-	}
-	repo.Start(t)
-
-	repo1 := repo.URL.String() + "/org1/repo1"
-	repo2 := repo.URL.String() + "/org1/repo2"
-
-	ip1.KluctlMust("oci", "push", "--url", repo1)
-	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
-
-	p := test_project.NewTestProject(t)
-	createNamespace(t, k, p.TestSlug())
-
-	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
-
-	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
-		"oci": map[string]any{
-			"url": repo1,
-		},
-	}))
-	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
-		"oci": map[string]any{
-			"url":    repo2,
-			"subDir": "subDir",
-		},
-	}))
-
-	overrideGroupDir := t.TempDir()
-
-	override1 := filepath.Join(overrideGroupDir, "repo1")
-	err := cp.Copy(ip1.LocalRepoDir(), override1)
-	assert.NoError(t, err)
-
-	override2 := filepath.Join(overrideGroupDir, "repo2")
-	err = cp.Copy(ip2.LocalRepoDir(), override2)
-	assert.NoError(t, err)
-
-	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o1", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
-
-	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
-	assert.NoError(t, err)
-	_ = cm.SetNestedField("o2", "data", "a")
-	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
-
-	k1 := strings.TrimPrefix(repo.URL.String(), "oci://") + "/org1"
-
-	p.KluctlMust("deploy", "--yes", "-t", "test",
-		"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, overrideGroupDir),
-	)
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
-	assertNestedFieldEquals(t, cm, "o1", "data", "a")
-	cm = assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
-	assertNestedFieldEquals(t, cm, "o2", "data", "a")
-}
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
new file mode 100644
index 000000000..0a5cc7038
--- /dev/null
+++ b/e2e/source_override_test.go
@@ -0,0 +1,183 @@
+package e2e
+
+import (
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+type preparedSourceOverrideTest struct {
+	p   *test_project.TestProject
+	ip1 *test_project.TestProject
+	ip2 *test_project.TestProject
+
+	repo     *test_utils.TestHelmRepo
+	repoUrl1 string
+	repoUrl2 string
+
+	overrideGroupDir string
+	override1        string
+	override2        string
+}
+
+func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster, gs *git2.TestGitServer, oci bool) preparedSourceOverrideTest {
+	p := test_project.NewTestProject(t, test_project.WithGitServer(gs))
+	ip1 := prepareIncludeProject(t, "include1", "", gs)
+	ip2 := prepareIncludeProject(t, "include2", "subDir", gs)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	repo := &test_utils.TestHelmRepo{
+		Oci: true,
+	}
+	if oci {
+		repo.Start(t)
+	}
+
+	repo1 := repo.URL.String() + "/org1/include1"
+	repo2 := repo.URL.String() + "/org1/include2"
+
+	if oci {
+		ip1.KluctlMust("oci", "push", "--url", repo1)
+		ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+	}
+
+	if oci {
+		p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"oci": map[string]any{
+				"url": repo1,
+			},
+		}))
+		p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"oci": map[string]any{
+				"url":    repo2,
+				"subDir": "subDir",
+			},
+		}))
+	} else {
+		p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"git": map[string]any{
+				"url": ip1.GitUrl(),
+			},
+		}))
+		p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"git": map[string]any{
+				"url":    ip2.GitUrl(),
+				"subDir": "subDir",
+			},
+		}))
+	}
+
+	overrideGroupDir := t.TempDir()
+
+	override1 := ip1.CopyProjectSourceTo(filepath.Join(overrideGroupDir, "include1"))
+	override2 := ip2.CopyProjectSourceTo(filepath.Join(overrideGroupDir, "include2"))
+
+	cm, err := uo.FromFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o1", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override1, "cm", "configmap-include1-cm.yml"), cm)
+
+	cm, err = uo.FromFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"))
+	assert.NoError(t, err)
+	_ = cm.SetNestedField("o2", "data", "a")
+	_ = yaml.WriteYamlFile(filepath.Join(override2, "subDir", "cm", "configmap-include2-cm.yml"), cm)
+
+	return preparedSourceOverrideTest{
+		p:                p,
+		ip1:              ip1,
+		ip2:              ip2,
+		repo:             repo,
+		repoUrl1:         repo1,
+		repoUrl2:         repo2,
+		overrideGroupDir: overrideGroupDir,
+		override1:        override1,
+		override2:        override2,
+	}
+}
+
+func TestLocalGitOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	pt := prepareLocalSourceOverrideTest(t, k, nil, false)
+
+	u1, _ := types.ParseGitUrl(pt.ip1.GitUrl())
+	u2, _ := types.ParseGitUrl(pt.ip2.GitUrl())
+	k1 := u1.RepoKey().String()
+	k2 := u2.RepoKey().String()
+
+	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-git-override", fmt.Sprintf("%s=%s", k1, pt.override1),
+		"--local-git-override", fmt.Sprintf("%s=%s", k2, pt.override2),
+	)
+	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
+
+func TestGitGroup(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	gs := git2.NewTestGitServer(t)
+	pt := prepareLocalSourceOverrideTest(t, k, gs, false)
+
+	u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
+	k1 := u1.RepoKey().String()
+
+	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-git-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
+	)
+	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
+
+func TestLocalOciOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	pt := prepareLocalSourceOverrideTest(t, k, nil, true)
+
+	k1 := strings.TrimPrefix(pt.repoUrl1, "oci://")
+	k2 := strings.TrimPrefix(pt.repoUrl2, "oci://")
+
+	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-oci-override", fmt.Sprintf("%s=%s", k1, pt.override1),
+		"--local-oci-override", fmt.Sprintf("%s=%s", k2, pt.override2),
+	)
+	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
+
+func TestLocalOciGroupOverride(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+	pt := prepareLocalSourceOverrideTest(t, k, nil, true)
+
+	k1 := strings.TrimPrefix(pt.repo.URL.String(), "oci://") + "/org1"
+
+	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+		"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
+	)
+	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(t, cm, "o1", "data", "a")
+	cm = assertConfigMapExists(t, k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(t, cm, "o2", "data", "a")
+}
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 08dd1d8f7..2e7731035 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -10,6 +10,8 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	cp "github.com/otiai10/copy"
+	"github.com/stretchr/testify/assert"
 	registry2 "helm.sh/helm/v3/pkg/registry"
 	"net/url"
 	"os"
@@ -458,6 +460,16 @@ func (p *TestProject) GetGitWorktree() *git.Worktree {
 	return wt
 }
 
+func (p *TestProject) CopyProjectSource() string {
+	return p.CopyProjectSourceTo(p.t.TempDir())
+}
+
+func (p *TestProject) CopyProjectSourceTo(dst string) string {
+	err := cp.Copy(p.LocalRepoDir(), dst)
+	assert.NoError(p.t, err)
+	return dst
+}
+
 func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)

From a0b5ef47696e0af4ddb704a05c6673ae093740a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 15:38:11 +0200
Subject: [PATCH 1792/2268] feat: Allow to specify local port for source
 override server when controller is run locally

---
 cmd/kluctl/args/gitops_args.go            |  2 ++
 cmd/kluctl/commands/cmd_controller_run.go | 10 +++++-----
 cmd/kluctl/commands/cmd_gitops.go         |  5 ++++-
 pkg/sourceoverride/proxyserver.go         | 19 ++++++++++---------
 4 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 659a5fbd2..880f3a240 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -12,6 +12,8 @@ type GitOpsArgs struct {
 	LabelSelector string `group:"gitops" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
 
 	Context string `group:"gitops" help:"Override the context to use."`
+
+	LocalSourceOverridePort int `group:"gitops" help:"Specifies the local port to which the source-override client should connect to when running the controller locally." default:"0"`
 }
 
 func (a GitOpsArgs) AnyObjectArgSet() bool {
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index fd4a736b9..4636c28b9 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -8,7 +8,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -143,11 +142,12 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	var soProxyServer *sourceoverride.ProxyServerImpl
 	if cmd.SourceOverrideBindAddress != "0" {
 		soProxyServer = sourceoverride.NewProxyServerImpl(ctx)
+		_, err := soProxyServer.Listen(cmd.SourceOverrideBindAddress)
+		if err != nil {
+			return err
+		}
 		go func() {
-			err = soProxyServer.Start(cmd.SourceOverrideBindAddress)
-			if err != nil {
-				status.Error(ctx, err.Error())
-			}
+			_ = soProxyServer.Serve()
 		}()
 		defer soProxyServer.Stop()
 	}
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index c98950c4c..71f06a9f4 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -656,7 +656,10 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 			return err
 		}
 	} else {
-		err = soClient.Connect("localhost:8082")
+		if g.args.LocalSourceOverridePort == 0 {
+			return nil
+		}
+		err = soClient.Connect(fmt.Sprintf("localhost:%d", g.args.LocalSourceOverridePort))
 		if err != nil {
 			return err
 		}
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index 7ffb090af..4b01c256f 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -21,7 +21,9 @@ type ProxyServerImpl struct {
 
 	mutex       sync.Mutex
 	connections map[string]*ProxyConnection
-	grpcServer  *grpc.Server
+
+	listener   net.Listener
+	grpcServer *grpc.Server
 }
 
 type ProxyConnection struct {
@@ -51,18 +53,17 @@ func NewProxyServerImpl(ctx context.Context) *ProxyServerImpl {
 	return m
 }
 
-func (m *ProxyServerImpl) Start(addr string) error {
+func (m *ProxyServerImpl) Listen(addr string) (net.Addr, error) {
 	is, err := net.Listen("tcp", addr)
 	if err != nil {
-		return err
-	}
-
-	err = m.grpcServer.Serve(is)
-	if err != nil {
-		return err
+		return nil, err
 	}
+	m.listener = is
+	return is.Addr(), nil
+}
 
-	return nil
+func (m *ProxyServerImpl) Serve() error {
+	return m.grpcServer.Serve(m.listener)
 }
 
 func (m *ProxyServerImpl) Stop() {

From a3610df9331b5bba71310adad98072b063af682e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 15:38:44 +0200
Subject: [PATCH 1793/2268] fix: Properly support multiple source overrides

---
 .../kluctldeployment_controller_source.go     | 26 ++++++++++++-------
 pkg/sourceoverride/proxyclient_controller.go  | 24 ++++++++++-------
 2 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 1fc7c7646..6fbdb378a 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -59,12 +59,15 @@ func (r *KluctlDeploymentReconciler) buildSourceOverridesClients(ctx context.Con
 		}
 	}()
 
-	for _, x := range obj.Spec.SourceOverrides {
-		if _, ok := m[x.Url]; ok {
-			continue
-		}
+	byUrl := map[string][]kluctlv1.SourceOverride{}
+	var l []*sourceoverride.ProxyClientController
 
-		u, err := url.Parse(x.Url)
+	for _, so := range obj.Spec.SourceOverrides {
+		byUrl[so.Url] = append(byUrl[so.Url], so)
+	}
+
+	for urlStr, sos := range byUrl {
+		u, err := url.Parse(urlStr)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse override url: %w", err)
 		}
@@ -75,20 +78,23 @@ func (r *KluctlDeploymentReconciler) buildSourceOverridesClients(ctx context.Con
 
 		serverId := strings.TrimPrefix(u.Path, "/")
 
-		c, err := sourceoverride.NewClientController(serverId, x.RepoKey, x.IsGroup)
+		c, err := sourceoverride.NewClientController(serverId)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create source override client: %w", err)
 		}
 
+		for _, so := range sos {
+			c.AddKnownOverride(sourceoverride.RepoOverride{
+				RepoKey: so.RepoKey,
+				IsGroup: so.IsGroup,
+			})
+		}
+
 		err = c.Connect(ctx, u.Host)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create source override client: %w", err)
 		}
 
-		m[x.Url] = c
-	}
-	var l []*sourceoverride.ProxyClientController
-	for _, c := range m {
 		l = append(l, c)
 	}
 	cleanup = false
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index d569231d2..9e0f70f8d 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -13,9 +13,8 @@ import (
 )
 
 type ProxyClientController struct {
-	serverId string
-	repoKey  types.RepoKey
-	isGroup  bool
+	serverId       string
+	knownOverrides []RepoOverride
 
 	grpcConn *grpc.ClientConn
 	smClient ProxyClient
@@ -23,15 +22,17 @@ type ProxyClientController struct {
 	cache utils.ThreadSafeCache[types.RepoKey, string]
 }
 
-func NewClientController(serverId string, repoKey types.RepoKey, isGroup bool) (*ProxyClientController, error) {
+func NewClientController(serverId string) (*ProxyClientController, error) {
 	s := &ProxyClientController{
 		serverId: serverId,
-		repoKey:  repoKey,
-		isGroup:  isGroup,
 	}
 	return s, nil
 }
 
+func (c *ProxyClientController) AddKnownOverride(ro RepoOverride) {
+	c.knownOverrides = append(c.knownOverrides, ro)
+}
+
 func (c *ProxyClientController) Close() error {
 	return c.grpcConn.Close()
 }
@@ -57,11 +58,14 @@ func (c *ProxyClientController) Connect(ctx context.Context, target string) erro
 }
 
 func (c *ProxyClientController) ResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
-	tmp := RepoOverride{
-		RepoKey: c.repoKey,
-		IsGroup: c.isGroup,
+	anyMatch := false
+	for _, ro := range c.knownOverrides {
+		if _, ok := ro.Match(repoKey); ok {
+			anyMatch = true
+			break
+		}
 	}
-	if _, ok := tmp.Match(repoKey); !ok {
+	if !anyMatch {
 		return "", nil
 	}
 

From ff89228d6ce6918208c7771a66631f32d9d77375 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 15:38:59 +0200
Subject: [PATCH 1794/2268] tests: Add GitOps source override tests

---
 e2e/gitops_source_override_test.go | 147 +++++++++++++++++++++++++++++
 e2e/gitops_suite_test.go           |  51 +++++++++-
 e2e/test_project/project.go        |   4 +
 3 files changed, 201 insertions(+), 1 deletion(-)
 create mode 100644 e2e/gitops_source_override_test.go

diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
new file mode 100644
index 000000000..9311d04e6
--- /dev/null
+++ b/e2e/gitops_source_override_test.go
@@ -0,0 +1,147 @@
+package e2e
+
+import (
+	"fmt"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
+	"testing"
+)
+
+type GitOpsLocalSourceOverrideSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsLocalSourceOverride(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsLocalSourceOverrideSuite))
+}
+
+func (suite *GitOpsLocalSourceOverrideSuite) assertOverridesDidNotHappen(key client.ObjectKey, pt *preparedSourceOverrideTest) {
+	cm := assertConfigMapExists(suite.T(), suite.k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(suite.T(), cm, "v", "data", "a")
+	cm = assertConfigMapExists(suite.T(), suite.k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(suite.T(), cm, "v", "data", "a")
+}
+
+func (suite *GitOpsLocalSourceOverrideSuite) assertOverridesDidHappen(key client.ObjectKey, pt *preparedSourceOverrideTest) {
+	kd := suite.getKluctlDeployment(key)
+	assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
+	assert.NotEmpty(suite.T(), kd.Status.DeployRequestResult.ResultId)
+
+	suite.assertChanges(kd.Status.DeployRequestResult.ResultId, 0, 2, 0, 0)
+	cm := assertConfigMapExists(suite.T(), suite.k, pt.p.TestSlug(), "include1-cm")
+	assertNestedFieldEquals(suite.T(), cm, "o1", "data", "a")
+	cm = assertConfigMapExists(suite.T(), suite.k, pt.p.TestSlug(), "include2-cm")
+	assertNestedFieldEquals(suite.T(), cm, "o2", "data", "a")
+}
+
+func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
+	gs := git.NewTestGitServer(suite.T())
+	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, gs, false)
+	pt.p.SetSkipProjectDirArg(true)
+
+	key := suite.createKluctlDeployment(pt.p, "test", nil)
+
+	suite.Run("initial deployment", func() {
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		suite.assertOverridesDidNotHappen(key, &pt)
+	})
+
+	suite.Run("suspending the deployment", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Suspend = true
+		})
+		suite.waitForReconcile(key)
+	})
+
+	suite.Run("deploy with overridden git source", func() {
+		u1, _ := types.ParseGitUrl(pt.ip1.GitUrl())
+		u2, _ := types.ParseGitUrl(pt.ip2.GitUrl())
+		k1 := u1.RepoKey().String()
+		k2 := u2.RepoKey().String()
+
+		suite.assertOverridesDidNotHappen(key, &pt)
+
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+			"--local-git-override", fmt.Sprintf("%s=%s", k1, pt.override1),
+			"--local-git-override", fmt.Sprintf("%s=%s", k2, pt.override2),
+			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
+
+		suite.assertOverridesDidHappen(key, &pt)
+
+		// undo everything
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+	})
+
+	suite.Run("deploy with overridden git group source", func() {
+		u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
+		k1 := u1.RepoKey().String()
+
+		suite.assertOverridesDidNotHappen(key, &pt)
+
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+			"--local-git-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
+			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
+
+		suite.assertOverridesDidHappen(key, &pt)
+
+		// undo everything
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+	})
+}
+
+func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
+	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, nil, true)
+	pt.p.SetSkipProjectDirArg(true)
+
+	key := suite.createKluctlDeployment(pt.p, "test", nil)
+
+	suite.Run("initial deployment", func() {
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		suite.assertOverridesDidNotHappen(key, &pt)
+	})
+
+	suite.Run("suspending the deployment", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Suspend = true
+		})
+		suite.waitForReconcile(key)
+	})
+
+	suite.Run("deploy with overridden oci source", func() {
+		k1 := strings.TrimPrefix(pt.repoUrl1, "oci://")
+		k2 := strings.TrimPrefix(pt.repoUrl2, "oci://")
+
+		suite.assertOverridesDidNotHappen(key, &pt)
+
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+			"--local-oci-override", fmt.Sprintf("%s=%s", k1, pt.override1),
+			"--local-oci-override", fmt.Sprintf("%s=%s", k2, pt.override2),
+			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
+
+		suite.assertOverridesDidHappen(key, &pt)
+
+		// undo everything
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+	})
+
+	suite.Run("deploy with overridden oci group source", func() {
+		k1 := strings.TrimPrefix(pt.repo.URL.String(), "oci://") + "/org1"
+
+		suite.assertOverridesDidNotHappen(key, &pt)
+
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+			"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
+			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
+
+		suite.assertOverridesDidHappen(key, &pt)
+
+		// undo everything
+		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+	})
+}
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 057eebc8b..526b50c90 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -21,11 +21,14 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/klog/v2"
 	"math/rand"
+	"net"
 	"os"
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
+	"sync"
+	"testing"
 	"time"
 
 	. "github.com/onsi/gomega"
@@ -46,7 +49,8 @@ type GitopsTestSuite struct {
 
 	k *test_utils.EnvTestCluster
 
-	cancelController context.CancelFunc
+	sourceOverridePort int
+	cancelController   context.CancelFunc
 
 	gitopsNamespace        string
 	gitopsResultsNamespace string
@@ -89,6 +93,19 @@ func (suite *GitopsTestSuite) TearDownSuite() {
 func (suite *GitopsTestSuite) TearDownTest() {
 }
 
+var portMutex sync.Mutex
+
+func getFreePort(t *testing.T) int {
+	l, err := net.Listen("tcp", "localhost:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+
+	port := l.Addr().(*net.TCPAddr).Port
+	return port
+}
+
 func (suite *GitopsTestSuite) startController() {
 	tmpKubeconfig := filepath.Join(suite.T().TempDir(), "kubeconfig")
 	err := os.WriteFile(tmpKubeconfig, suite.k.Kubeconfig, 0o600)
@@ -96,6 +113,15 @@ func (suite *GitopsTestSuite) startController() {
 		suite.T().Fatal(err)
 	}
 
+	portMutex.Lock()
+	go func() {
+		// make sure we don't call getFreePort() too fast
+		time.Sleep(1 * time.Second)
+		portMutex.Unlock()
+	}()
+
+	suite.sourceOverridePort = getFreePort(suite.T())
+
 	ctx, ctxCancel := context.WithCancel(context.Background())
 	args := []string{
 		"controller",
@@ -110,6 +136,7 @@ func (suite *GitopsTestSuite) startController() {
 		suite.gitopsNamespace + "-results",
 		"--metrics-bind-address=0",
 		"--health-probe-bind-address=0",
+		fmt.Sprintf("--source-override-bind-address=localhost:%d", suite.sourceOverridePort),
 	}
 	done := make(chan struct{})
 	go func() {
@@ -352,3 +379,25 @@ func (suite *GitopsTestSuite) getValidateResult(id string) *result.ValidateResul
 	}
 	return vr
 }
+
+func (suite *GitopsTestSuite) assertNoChanges(resultId string) {
+	cr := suite.getCommandResult(resultId)
+	assert.NotNil(suite.T(), cr)
+
+	sum := cr.BuildSummary()
+	assert.Zero(suite.T(), sum.NewObjects)
+	assert.Zero(suite.T(), sum.ChangedObjects)
+	assert.Zero(suite.T(), sum.OrphanObjects)
+	assert.Zero(suite.T(), sum.DeletedObjects)
+}
+
+func (suite *GitopsTestSuite) assertChanges(resultId string, new int, changed int, orphan int, deleted int) {
+	cr := suite.getCommandResult(resultId)
+	assert.NotNil(suite.T(), cr)
+
+	sum := cr.BuildSummary()
+	assert.Equal(suite.T(), new, sum.NewObjects)
+	assert.Equal(suite.T(), changed, sum.ChangedObjects)
+	assert.Equal(suite.T(), orphan, sum.OrphanObjects)
+	assert.Equal(suite.T(), deleted, sum.DeletedObjects)
+}
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 2e7731035..c58b4dfeb 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -101,6 +101,10 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	return p
 }
 
+func (p *TestProject) SetSkipProjectDirArg(b bool) {
+	p.skipProjectDirArg = b
+}
+
 func (p *TestProject) IsUseProcess() bool {
 	return p.useProcess
 }

From 621a4f1d66d81789e7abea56329eebb2b6cb6277 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 15:43:45 +0200
Subject: [PATCH 1795/2268] docs: Run make replace-commands-help

---
 docs/kluctl/commands/controller-run.md   |  24 ++---
 docs/kluctl/commands/gitops-deploy.md    | 113 ++++++++++++++---------
 docs/kluctl/commands/gitops-logs.md      |  13 ++-
 docs/kluctl/commands/gitops-prune.md     |  13 ++-
 docs/kluctl/commands/gitops-reconcile.md |  16 +++-
 docs/kluctl/commands/gitops-resume.md    |  13 ++-
 docs/kluctl/commands/gitops-suspend.md   |  13 ++-
 docs/kluctl/commands/gitops-validate.md  |  13 ++-
 docs/kluctl/commands/oci-push.md         |  11 +--
 9 files changed, 136 insertions(+), 93 deletions(-)

diff --git a/docs/kluctl/commands/controller-run.md b/docs/kluctl/commands/controller-run.md
index c3c85e4e8..ac3287d2b 100644
--- a/docs/kluctl/commands/controller-run.md
+++ b/docs/kluctl/commands/controller-run.md
@@ -26,17 +26,19 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --concurrency int                    Configures how many KluctlDeployments can be be reconciled
-                                           concurrently. (default 4)
-      --context string                     Override the context to use.
-      --default-service-account string     Default service account used for impersonation.
-      --dry-run                            Run all deployments in dryRun=true mode.
-      --health-probe-bind-address string   The address the probe endpoint binds to. (default ":8081")
-      --kubeconfig string                  Override the kubeconfig to use.
-      --leader-elect                       Enable leader election for controller manager. Enabling this will
-                                           ensure there is only one active controller manager.
-      --metrics-bind-address string        The address the metric endpoint binds to. (default ":8080")
-      --namespace string                   Specify the namespace to watch. If omitted, all namespaces are watched.
+      --concurrency int                       Configures how many KluctlDeployments can be be reconciled
+                                              concurrently. (default 4)
+      --context string                        Override the context to use.
+      --default-service-account string        Default service account used for impersonation.
+      --dry-run                               Run all deployments in dryRun=true mode.
+      --health-probe-bind-address string      The address the probe endpoint binds to. (default ":8081")
+      --kubeconfig string                     Override the kubeconfig to use.
+      --leader-elect                          Enable leader election for controller manager. Enabling this will
+                                              ensure there is only one active controller manager.
+      --metrics-bind-address string           The address the metric endpoint binds to. (default ":8080")
+      --namespace string                      Specify the namespace to watch. If omitted, all namespaces are watched.
+      --source-override-bind-address string   The address the source override manager endpoint binds to. (default
+                                              ":8082")
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
index c1037ebad..754e2fd0d 100644
--- a/docs/kluctl/commands/gitops-deploy.md
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -29,11 +29,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
@@ -79,47 +82,65 @@ Log arguments:
 GitOps overrides:
   Override settings for GitOps deployments.
 
-      --abort-on-error                       Abort deploying when an error occurs instead of trying the remaining
-                                             deployments
-  -a, --arg stringArray                      Passes a template argument in the form of name=value. Nested args can
-                                             be set with the '-a my.nested.arg=value' syntax. Values are
-                                             interpreted as yaml values, meaning that 'true' and 'false' will lead
-                                             to boolean values and numbers will be treated as numbers. Use quotes
-                                             if you want these to be treated as strings. If the value starts with
-                                             @, it is treated as a file, meaning that the contents of the file
-                                             will be loaded and treated as yaml.
-      --args-from-file stringArray           Loads a yaml file and makes it available as arguments, meaning that
-                                             they will be available thought the global 'args' variable.
-      --dry-run                              Performs all kubernetes API calls in dry-run mode.
-      --exclude-deployment-dir stringArray   Exclude deployment dir. The path must be relative to the root
-                                             deployment project. Exclusion has precedence over inclusion, same as
-                                             in --exclude-tag
-  -E, --exclude-tag stringArray              Exclude deployments with given tag. Exclusion has precedence over
-                                             inclusion, meaning that explicitly excluded deployments will always
-                                             be excluded even if an inclusion rule would match the same deployment.
-  -F, --fixed-image stringArray              Pin an image to a given version. Expects
-                                             '--fixed-image=image<:namespace:deployment:container>=result'
-      --fixed-images-file existingfile       Use .yaml file to pin image versions. See output of list-images
-                                             sub-command or read the documentation for details about the output format
-      --force-apply                          Force conflict resolution when applying. See documentation for details
-      --force-replace-on-error               Same as --replace-on-error, but also try to delete and re-create
-                                             objects. See documentation for more details.
-      --include-deployment-dir stringArray   Include deployment dir. The path must be relative to the root
-                                             deployment project.
-  -I, --include-tag stringArray              Include deployments with given tag.
-      --no-wait                              Don't wait for objects readiness.
-      --prune                                Prune orphaned objects directly after deploying. See the help for the
-                                             'prune' sub-command for details.
-      --replace-on-error                     When patching an object fails, try to replace it. See documentation
-                                             for more details.
-  -t, --target string                        Target name to run command for. Target must exist in .kluctl.yaml.
-      --target-context string                Overrides the context name specified in the target. If the selected
-                                             target does not specify a context or the no-name target is used,
-                                             --context will override the currently active context.
-  -T, --target-name-override string          Overrides the target name. If -t is used at the same time, then the
-                                             target will be looked up based on -t <name> and then renamed to the
-                                             value of -T. If no target is specified via -t, then the no-name
-                                             target is renamed to the value of -T.
+      --abort-on-error                         Abort deploying when an error occurs instead of trying the
+                                               remaining deployments
+  -a, --arg stringArray                        Passes a template argument in the form of name=value. Nested args
+                                               can be set with the '-a my.nested.arg=value' syntax. Values are
+                                               interpreted as yaml values, meaning that 'true' and 'false' will
+                                               lead to boolean values and numbers will be treated as numbers. Use
+                                               quotes if you want these to be treated as strings. If the value
+                                               starts with @, it is treated as a file, meaning that the contents
+                                               of the file will be loaded and treated as yaml.
+      --args-from-file stringArray             Loads a yaml file and makes it available as arguments, meaning that
+                                               they will be available thought the global 'args' variable.
+      --dry-run                                Performs all kubernetes API calls in dry-run mode.
+      --exclude-deployment-dir stringArray     Exclude deployment dir. The path must be relative to the root
+                                               deployment project. Exclusion has precedence over inclusion, same
+                                               as in --exclude-tag
+  -E, --exclude-tag stringArray                Exclude deployments with given tag. Exclusion has precedence over
+                                               inclusion, meaning that explicitly excluded deployments will always
+                                               be excluded even if an inclusion rule would match the same deployment.
+  -F, --fixed-image stringArray                Pin an image to a given version. Expects
+                                               '--fixed-image=image<:namespace:deployment:container>=result'
+      --fixed-images-file existingfile         Use .yaml file to pin image versions. See output of list-images
+                                               sub-command or read the documentation for details about the output
+                                               format
+      --force-apply                            Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error                 Same as --replace-on-error, but also try to delete and re-create
+                                               objects. See documentation for more details.
+      --include-deployment-dir stringArray     Include deployment dir. The path must be relative to the root
+                                               deployment project.
+  -I, --include-tag stringArray                Include deployments with given tag.
+      --local-git-group-override stringArray   Same as --local-git-override, but for a whole group prefix instead
+                                               of a single repository. All repositories that have the given prefix
+                                               will be overridden with the given local path and the repository
+                                               suffix appended. For example,
+                                               'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override
+                                               all repositories below 'gitlab.com/some-org/sub-org/' with the
+                                               repositories found in '/local/path/to/my-forks'. It will however
+                                               only perform an override if the given repository actually exists
+                                               locally and otherwise revert to the actual (non-overridden) repository.
+      --local-git-override stringArray         Specify a single repository local git override in the form of
+                                               'github.com/my-org/my-repo=/local/path/to/override'. This will
+                                               cause kluctl to not use git to clone for the specified repository
+                                               but instead use the local directory. This is useful in case you
+                                               need to test out changes in external git repositories without
+                                               pushing them.
+      --local-oci-group-override stringArray   Same as --local-git-group-override, but for OCI repositories.
+      --local-oci-override stringArray         Same as --local-git-override, but for OCI repositories.
+      --no-wait                                Don't wait for objects readiness.
+      --prune                                  Prune orphaned objects directly after deploying. See the help for
+                                               the 'prune' sub-command for details.
+      --replace-on-error                       When patching an object fails, try to replace it. See documentation
+                                               for more details.
+  -t, --target string                          Target name to run command for. Target must exist in .kluctl.yaml.
+      --target-context string                  Overrides the context name specified in the target. If the selected
+                                               target does not specify a context or the no-name target is used,
+                                               --context will override the currently active context.
+  -T, --target-name-override string            Overrides the target name. If -t is used at the same time, then the
+                                               target will be looked up based on -t <name> and then renamed to the
+                                               value of -T. If no target is specified via -t, then the no-name
+                                               target is renamed to the value of -T.
 
 ```
 <!-- END SECTION -->
\ No newline at end of file
diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
index 775e1ff28..858f781e8 100644
--- a/docs/kluctl/commands/gitops-logs.md
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -26,11 +26,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
index 44ce624b1..60534c4e1 100644
--- a/docs/kluctl/commands/gitops-prune.md
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -29,11 +29,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
index 1ff78b697..8f03961ec 100644
--- a/docs/kluctl/commands/gitops-reconcile.md
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -29,11 +29,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
@@ -79,6 +82,9 @@ Log arguments:
 GitOps overrides:
   Override settings for GitOps deployments.
 
+      --no-wait                 Don't wait for objects readiness.
+      --prune                   Prune orphaned objects directly after deploying. See the help for the 'prune'
+                                sub-command for details.
       --target-context string   Overrides the context name specified in the target. If the selected target does
                                 not specify a context or the no-name target is used, --context will override the
                                 currently active context.
diff --git a/docs/kluctl/commands/gitops-resume.md b/docs/kluctl/commands/gitops-resume.md
index 7e55b1d05..f3c47a830 100644
--- a/docs/kluctl/commands/gitops-resume.md
+++ b/docs/kluctl/commands/gitops-resume.md
@@ -26,11 +26,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-suspend.md b/docs/kluctl/commands/gitops-suspend.md
index 966c2e533..48f48041d 100644
--- a/docs/kluctl/commands/gitops-suspend.md
+++ b/docs/kluctl/commands/gitops-suspend.md
@@ -26,11 +26,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index 88059cc0a..863aff0c3 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -29,11 +29,14 @@ The following arguments are available:
 GitOps arguments:
   Specify gitops flags.
 
-      --context string          Override the context to use.
-  -l, --label-selector string   If specified, KluctlDeployments are searched and filtered by this label selector.
-      --name string             Specifies the name of the KluctlDeployment.
-  -n, --namespace string        Specifies the namespace of the KluctlDeployment. If omitted, the current namespace
-                                from your kubeconfig is used.
+      --context string                   Override the context to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
 
 ```
 <!-- END SECTION -->
diff --git a/docs/kluctl/commands/oci-push.md b/docs/kluctl/commands/oci-push.md
index 663d35e28..7921e1d68 100644
--- a/docs/kluctl/commands/oci-push.md
+++ b/docs/kluctl/commands/oci-push.md
@@ -30,12 +30,11 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --annotation stringArray    Set custom OCI annotations in the format '<key>=<value>'
-      --ignore-path stringArray   set paths to ignore in .gitignore format.
-      --output string             the format in which the artifact digest should be printed, can be 'json' or 'yaml'
-      --timeout duration          Specify timeout for all operations, including loading of the project, all
-                                  external api calls and waiting for readiness. (default 10m0s)
-      --url string                Specifies the artifact URL. This argument is required.
+      --annotation stringArray   Set custom OCI annotations in the format '<key>=<value>'
+      --output string            the format in which the artifact digest should be printed, can be 'json' or 'yaml'
+      --timeout duration         Specify timeout for all operations, including loading of the project, all
+                                 external api calls and waiting for readiness. (default 10m0s)
+      --url string               Specifies the artifact URL. This argument is required.
 
 ```
 <!-- END SECTION -->

From b615ac016fed8763de16546f1d5a0f0f1eb8e0d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 16:20:50 +0200
Subject: [PATCH 1796/2268] ci: Install protoc in generate-checks

---
 .github/workflows/tests.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index f48990085..038d1d47b 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -33,6 +33,16 @@ jobs:
           key: docs-check-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             docs1-check-go-${{ runner.os }}-
+      - name: Install some tools
+        run: |
+          PB_REL="https://github.com/protocolbuffers/protobuf/releases"
+          PB_VER="24.4"
+          curl -LO $PB_REL/download/v$PB_VER/protoc-$PB_VER-linux-x86_64.zip
+          sudo unzip protoc-$PB_VER-linux-x86_64.zip -d /usr/local
+          rm protoc-$PB_VER-linux-x86_64.zip
+
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.31.0
+          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.3.0
       - name: Check links on changed files
         run: |
           make markdown-link-check

From 653cfe61eb0da56296059f50b26c262e37657b30 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 19:17:39 +0200
Subject: [PATCH 1797/2268] chore: Run make generate with latest protoc

---
 pkg/sourceoverride/sourceoverride.pb.go      |  2 +-
 pkg/sourceoverride/sourceoverride_grpc.pb.go | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
index 0842ceb05..a55ab11ee 100644
--- a/pkg/sourceoverride/sourceoverride.pb.go
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.24.4
 // source: sourceoverride.proto
 
diff --git a/pkg/sourceoverride/sourceoverride_grpc.pb.go b/pkg/sourceoverride/sourceoverride_grpc.pb.go
index d0d7e8f1b..b61ffdab8 100644
--- a/pkg/sourceoverride/sourceoverride_grpc.pb.go
+++ b/pkg/sourceoverride/sourceoverride_grpc.pb.go
@@ -1,4 +1,8 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.3.0
+// - protoc             v4.24.4
+// source: sourceoverride.proto
 
 package sourceoverride
 
@@ -14,6 +18,11 @@ import (
 // Requires gRPC-Go v1.32.0 or later.
 const _ = grpc.SupportPackageIsVersion7
 
+const (
+	Proxy_ProxyStream_FullMethodName     = "/sourceoverride.Proxy/ProxyStream"
+	Proxy_ResolveOverride_FullMethodName = "/sourceoverride.Proxy/ResolveOverride"
+)
+
 // ProxyClient is the client API for Proxy service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
@@ -31,7 +40,7 @@ func NewProxyClient(cc grpc.ClientConnInterface) ProxyClient {
 }
 
 func (c *proxyClient) ProxyStream(ctx context.Context, opts ...grpc.CallOption) (Proxy_ProxyStreamClient, error) {
-	stream, err := c.cc.NewStream(ctx, &Proxy_ServiceDesc.Streams[0], "/sourceoverride.Proxy/ProxyStream", opts...)
+	stream, err := c.cc.NewStream(ctx, &Proxy_ServiceDesc.Streams[0], Proxy_ProxyStream_FullMethodName, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +72,7 @@ func (x *proxyProxyStreamClient) Recv() (*ProxyRequest, error) {
 
 func (c *proxyClient) ResolveOverride(ctx context.Context, in *ProxyRequest, opts ...grpc.CallOption) (*ResolveOverrideResponse, error) {
 	out := new(ResolveOverrideResponse)
-	err := c.cc.Invoke(ctx, "/sourceoverride.Proxy/ResolveOverride", in, out, opts...)
+	err := c.cc.Invoke(ctx, Proxy_ResolveOverride_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -138,7 +147,7 @@ func _Proxy_ResolveOverride_Handler(srv interface{}, ctx context.Context, dec fu
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/sourceoverride.Proxy/ResolveOverride",
+		FullMethod: Proxy_ResolveOverride_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(ProxyServer).ResolveOverride(ctx, req.(*ProxyRequest))

From 09cb7b0bdc73c2bd4b46c1a5e00c4452aa7e9f44 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 19:24:21 +0200
Subject: [PATCH 1798/2268] tests: Move test_git_server into test-utils package

---
 e2e/git_include_test.go                                  | 5 ++---
 e2e/gitops_git_include_test.go                           | 2 +-
 e2e/gitops_source_override_test.go                       | 4 ++--
 e2e/source_override_test.go                              | 5 ++---
 {pkg/git => e2e/test-utils}/http-server/http.go          | 0
 {pkg/git => e2e/test-utils}/http-server/utils.go         | 0
 {pkg/git => e2e/test-utils}/http-server/write_flusher.go | 0
 {pkg/git => e2e/test-utils}/test_git_server.go           | 4 ++--
 e2e/test_project/project.go                              | 2 +-
 pkg/vars/vars_loader_test.go                             | 5 ++---
 10 files changed, 12 insertions(+), 15 deletions(-)
 rename {pkg/git => e2e/test-utils}/http-server/http.go (100%)
 rename {pkg/git => e2e/test-utils}/http-server/utils.go (100%)
 rename {pkg/git => e2e/test-utils}/http-server/write_flusher.go (100%)
 rename {pkg/git => e2e/test-utils}/test_git_server.go (98%)

diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 0f55924ec..1117b11b2 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -6,13 +6,12 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
-func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer *git2.TestGitServer) *test_project.TestProject {
+func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer *test_utils.TestGitServer) *test_project.TestProject {
 	p := test_project.NewTestProject(t,
 		test_project.WithGitSubDir(subDir),
 		test_project.WithGitServer(gitServer),
@@ -25,7 +24,7 @@ func prepareIncludeProject(t *testing.T, prefix string, subDir string, gitServer
 	return p
 }
 
-func prepareGitIncludeTest(t *testing.T, k *test_utils.EnvTestCluster, mainGs *git2.TestGitServer, gs1 *git2.TestGitServer, gs2 *git2.TestGitServer) (*test_project.TestProject, *test_project.TestProject, *test_project.TestProject) {
+func prepareGitIncludeTest(t *testing.T, k *test_utils.EnvTestCluster, mainGs *test_utils.TestGitServer, gs1 *test_utils.TestGitServer, gs2 *test_utils.TestGitServer) (*test_project.TestProject, *test_project.TestProject, *test_project.TestProject) {
 	p := test_project.NewTestProject(t, test_project.WithGitServer(mainGs))
 	ip1 := prepareIncludeProject(t, "include1", "", gs1)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", gs2)
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 1a5381d42..b665d6db2 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -3,7 +3,7 @@ package e2e
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/suite"
diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
index 9311d04e6..f31a90684 100644
--- a/e2e/gitops_source_override_test.go
+++ b/e2e/gitops_source_override_test.go
@@ -3,7 +3,7 @@ package e2e
 import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
@@ -41,7 +41,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) assertOverridesDidHappen(key client
 }
 
 func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
-	gs := git.NewTestGitServer(suite.T())
+	gs := test_utils.NewTestGitServer(suite.T())
 	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, gs, false)
 	pt.p.SetSkipProjectDirArg(true)
 
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index 0a5cc7038..6d087d198 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -28,7 +27,7 @@ type preparedSourceOverrideTest struct {
 	override2        string
 }
 
-func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster, gs *git2.TestGitServer, oci bool) preparedSourceOverrideTest {
+func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster, gs *test_utils.TestGitServer, oci bool) preparedSourceOverrideTest {
 	p := test_project.NewTestProject(t, test_project.WithGitServer(gs))
 	ip1 := prepareIncludeProject(t, "include1", "", gs)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", gs)
@@ -131,7 +130,7 @@ func TestGitGroup(t *testing.T) {
 	t.Parallel()
 
 	k := defaultCluster1
-	gs := git2.NewTestGitServer(t)
+	gs := test_utils.NewTestGitServer(t)
 	pt := prepareLocalSourceOverrideTest(t, k, gs, false)
 
 	u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
diff --git a/pkg/git/http-server/http.go b/e2e/test-utils/http-server/http.go
similarity index 100%
rename from pkg/git/http-server/http.go
rename to e2e/test-utils/http-server/http.go
diff --git a/pkg/git/http-server/utils.go b/e2e/test-utils/http-server/utils.go
similarity index 100%
rename from pkg/git/http-server/utils.go
rename to e2e/test-utils/http-server/utils.go
diff --git a/pkg/git/http-server/write_flusher.go b/e2e/test-utils/http-server/write_flusher.go
similarity index 100%
rename from pkg/git/http-server/write_flusher.go
rename to e2e/test-utils/http-server/write_flusher.go
diff --git a/pkg/git/test_git_server.go b/e2e/test-utils/test_git_server.go
similarity index 98%
rename from pkg/git/test_git_server.go
rename to e2e/test-utils/test_git_server.go
index fa826d9d3..154683e1b 100644
--- a/pkg/git/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -1,9 +1,10 @@
-package git
+package test_utils
 
 import (
 	"context"
 	"fmt"
 	config2 "github.com/go-git/go-git/v5/config"
+	"github.com/kluctl/kluctl/v2/e2e/test-utils/http-server"
 	"log"
 	"net"
 	"net/http"
@@ -16,7 +17,6 @@ import (
 
 	"github.com/go-git/go-git/v5"
 	"github.com/jinzhu/copier"
-	http_server "github.com/kluctl/kluctl/v2/pkg/git/http-server"
 )
 
 type TestGitServer struct {
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index c58b4dfeb..2e86b1c4d 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 71f60cfcc..6e0b0a80a 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -21,7 +21,6 @@ import (
 	"github.com/getsops/sops/v3/age"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/git/auth"
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -257,7 +256,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoadNotExists() {
 }
 
 func (s *VarsLoaderTestSuite) TestGit() {
-	gs := git.NewTestGitServer(s.T())
+	gs := test_utils.NewTestGitServer(s.T())
 	gs.GitInit("repo")
 	gs.UpdateYaml("repo", "test.yaml", func(o map[string]any) error {
 		o["test1"] = map[string]any{
@@ -295,7 +294,7 @@ func (s *VarsLoaderTestSuite) TestGit() {
 }
 
 func (s *VarsLoaderTestSuite) TestGitBranch() {
-	gs := git.NewTestGitServer(s.T())
+	gs := test_utils.NewTestGitServer(s.T())
 	gs.GitInit("repo")
 
 	wt := gs.GetWorktree("repo")

From 1273c0fb4c6ee10c13bd1585f29c2bde0030dde0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 20:45:47 +0200
Subject: [PATCH 1799/2268] tests: Introduce NewListenerWithUniquePort to avoid
 reusing ports

---
 e2e/gitops_suite_test.go              | 26 +------
 e2e/seal_test.go                      |  6 +-
 e2e/test-utils/http_test_server.go    | 21 +++---
 e2e/test-utils/port-tool/port-tool.go | 43 ++++++++++++
 e2e/test-utils/tcp_proxy.go           | 97 +++++++++++++++++++++++++++
 e2e/test-utils/test_git_server.go     | 13 +---
 6 files changed, 158 insertions(+), 48 deletions(-)
 create mode 100644 e2e/test-utils/port-tool/port-tool.go
 create mode 100644 e2e/test-utils/tcp_proxy.go

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 526b50c90..443fafafb 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/huandu/xstrings"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
@@ -21,14 +22,11 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/klog/v2"
 	"math/rand"
-	"net"
 	"os"
 	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
-	"sync"
-	"testing"
 	"time"
 
 	. "github.com/onsi/gomega"
@@ -93,19 +91,6 @@ func (suite *GitopsTestSuite) TearDownSuite() {
 func (suite *GitopsTestSuite) TearDownTest() {
 }
 
-var portMutex sync.Mutex
-
-func getFreePort(t *testing.T) int {
-	l, err := net.Listen("tcp", "localhost:0")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer l.Close()
-
-	port := l.Addr().(*net.TCPAddr).Port
-	return port
-}
-
 func (suite *GitopsTestSuite) startController() {
 	tmpKubeconfig := filepath.Join(suite.T().TempDir(), "kubeconfig")
 	err := os.WriteFile(tmpKubeconfig, suite.k.Kubeconfig, 0o600)
@@ -113,14 +98,7 @@ func (suite *GitopsTestSuite) startController() {
 		suite.T().Fatal(err)
 	}
 
-	portMutex.Lock()
-	go func() {
-		// make sure we don't call getFreePort() too fast
-		time.Sleep(1 * time.Second)
-		portMutex.Unlock()
-	}()
-
-	suite.sourceOverridePort = getFreePort(suite.T())
+	suite.sourceOverridePort = port_tool.NextFreePort("127.0.0.1")
 
 	ctx, ctxCancel := context.WithCancel(context.Background())
 	args := []string{
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index c70373f7a..d790b9ace 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"github.com/kluctl/kluctl/v2/pkg/seal"
@@ -58,10 +59,7 @@ func startCertServer() (*certServer, error) {
 	certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
 	keybytes := pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)})
 	_ = keybytes
-	l, err := net.Listen("tcp", "")
-	if err != nil {
-		return nil, err
-	}
+	l := port_tool.NewListenerWithUniquePort("127.0.0.1")
 
 	mux := http.NewServeMux()
 	mux.Handle("/v1/cert.pem", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/e2e/test-utils/http_test_server.go b/e2e/test-utils/http_test_server.go
index e567417b2..ad5006bfb 100644
--- a/e2e/test-utils/http_test_server.go
+++ b/e2e/test-utils/http_test_server.go
@@ -8,7 +8,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
-	"github.com/docker/go-connections/proxy"
+	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"math/big"
 	"net"
 	"net/http"
@@ -54,9 +54,12 @@ func (s *TestHttpServer) Start(t *testing.T, h http.Handler) {
 		h.ServeHTTP(writer, request)
 	})
 
-	if s.TLSEnabled {
-		s.Server = httptest.NewUnstartedServer(authH)
+	s.Server = &httptest.Server{
+		Listener: port_tool.NewListenerWithUniquePort("127.0.0.1"),
+		Config:   &http.Server{Handler: authH},
+	}
 
+	if s.TLSEnabled {
 		s.Server.TLS = &tls.Config{
 			Certificates: []tls.Certificate{*serverCert},
 		}
@@ -76,7 +79,7 @@ func (s *TestHttpServer) Start(t *testing.T, h http.Handler) {
 
 		s.Server.StartTLS()
 	} else {
-		s.Server = httptest.NewServer(authH)
+		s.Server.Start()
 	}
 
 	transport := s.Server.Client().Transport.(*http.Transport)
@@ -103,10 +106,14 @@ func (s *TestHttpServer) startTLSProxy(t *testing.T) {
 	frontendAddr := &net.TCPAddr{IP: nonLoopbackIp}
 	backendAddr := &net.TCPAddr{IP: localhostIp, Port: int(port)}
 
-	p, err := proxy.NewTCPProxy(frontendAddr, backendAddr)
+	l := port_tool.NewListenerWithUniquePort(frontendAddr.IP.String())
+	p, err := NewTCPProxy(l, backendAddr)
 	if err != nil {
 		t.Fatal(err)
 	}
+	t.Cleanup(func() {
+		p.Close()
+	})
 
 	u.Host = p.FrontendAddr().String()
 	s.Server.URL = u.String()
@@ -114,10 +121,6 @@ func (s *TestHttpServer) startTLSProxy(t *testing.T) {
 	go func() {
 		p.Run()
 	}()
-
-	t.Cleanup(func() {
-		p.Close()
-	})
 }
 
 func findNonLoopbackIp() net.IP {
diff --git a/e2e/test-utils/port-tool/port-tool.go b/e2e/test-utils/port-tool/port-tool.go
new file mode 100644
index 000000000..53a81262d
--- /dev/null
+++ b/e2e/test-utils/port-tool/port-tool.go
@@ -0,0 +1,43 @@
+package port_tool
+
+import (
+	"fmt"
+	"net"
+	"sync"
+)
+
+var nextPort = 30000
+var mutex sync.Mutex
+
+func NextFreePort(ip string) int {
+	mutex.Lock()
+	defer mutex.Unlock()
+
+	for {
+		a := net.TCPAddr{
+			IP:   net.ParseIP(ip),
+			Port: nextPort,
+		}
+		var ra net.TCPAddr
+		nextPort++
+		c, err := net.DialTCP("tcp", &a, &ra)
+		if err == nil {
+			c.Close()
+			continue
+		}
+		return a.Port
+	}
+}
+
+func NewListenerWithUniquePort(host string) net.Listener {
+	mutex.Lock()
+	defer mutex.Unlock()
+
+	for {
+		l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", host, nextPort))
+		nextPort++
+		if err == nil {
+			return l
+		}
+	}
+}
diff --git a/e2e/test-utils/tcp_proxy.go b/e2e/test-utils/tcp_proxy.go
new file mode 100644
index 000000000..d9b8bc56f
--- /dev/null
+++ b/e2e/test-utils/tcp_proxy.go
@@ -0,0 +1,97 @@
+package test_utils
+
+import (
+	"io"
+	"net"
+	"syscall"
+)
+
+// TCPProxy is a proxy for TCP connections. It implements the Proxy interface to
+// handle TCP traffic forwarding between the frontend and backend addresses.
+type TCPProxy struct {
+	listener     net.Listener
+	frontendAddr *net.TCPAddr
+	backendAddr  *net.TCPAddr
+}
+
+// NewTCPProxy creates a new TCPProxy.
+func NewTCPProxy(listener net.Listener, backendAddr *net.TCPAddr, ops ...func(*TCPProxy)) (*TCPProxy, error) {
+	// If the port in frontendAddr was 0 then ListenTCP will have a picked
+	// a port to listen on, hence the call to Addr to get that actual port:
+	proxy := &TCPProxy{
+		listener:     listener,
+		frontendAddr: listener.Addr().(*net.TCPAddr),
+		backendAddr:  backendAddr,
+	}
+
+	for _, op := range ops {
+		op(proxy)
+	}
+
+	return proxy, nil
+}
+
+func (proxy *TCPProxy) clientLoop(client *net.TCPConn, quit chan bool) {
+	backend, err := net.DialTCP("tcp", nil, proxy.backendAddr)
+	if err != nil {
+		client.Close()
+		return
+	}
+
+	event := make(chan int64)
+	var broker = func(to, from *net.TCPConn) {
+		written, err := io.Copy(to, from)
+		if err != nil {
+			// If the socket we are writing to is shutdown with
+			// SHUT_WR, forward it to the other end of the pipe:
+			if err, ok := err.(*net.OpError); ok && err.Err == syscall.EPIPE {
+				from.CloseWrite()
+			}
+		}
+		to.CloseRead()
+		event <- written
+	}
+
+	go broker(client, backend)
+	go broker(backend, client)
+
+	var transferred int64
+	for i := 0; i < 2; i++ {
+		select {
+		case written := <-event:
+			transferred += written
+		case <-quit:
+			// Interrupt the two brokers and "join" them.
+			client.Close()
+			backend.Close()
+			for ; i < 2; i++ {
+				transferred += <-event
+			}
+			return
+		}
+	}
+	client.Close()
+	backend.Close()
+}
+
+// Run starts forwarding the traffic using TCP.
+func (proxy *TCPProxy) Run() {
+	quit := make(chan bool)
+	defer close(quit)
+	for {
+		client, err := proxy.listener.Accept()
+		if err != nil {
+			return
+		}
+		go proxy.clientLoop(client.(*net.TCPConn), quit)
+	}
+}
+
+// Close stops forwarding the traffic.
+func (proxy *TCPProxy) Close() { proxy.listener.Close() }
+
+// FrontendAddr returns the TCP address on which the proxy is listening.
+func (proxy *TCPProxy) FrontendAddr() net.Addr { return proxy.frontendAddr }
+
+// BackendAddr returns the TCP proxied address.
+func (proxy *TCPProxy) BackendAddr() net.Addr { return proxy.backendAddr }
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 154683e1b..61021db1c 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	config2 "github.com/go-git/go-git/v5/config"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/http-server"
-	"log"
+	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"net"
 	"net/http"
 	"os"
@@ -35,12 +35,6 @@ type TestGitServer struct {
 	cleanupMutex sync.RWMutex
 }
 
-type repoInfo struct {
-	repoName string
-	username string
-	password string
-}
-
 type TestGitServerOpt func(*TestGitServer)
 
 func WithTestGitServerAuth(username string, password string) TestGitServerOpt {
@@ -107,10 +101,7 @@ func (p *TestGitServer) initGitServer() {
 		Handler: handler,
 	}
 
-	ln, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		log.Fatal(err)
-	}
+	ln := port_tool.NewListenerWithUniquePort("127.0.0.1")
 	a := ln.Addr().(*net.TCPAddr)
 	p.gitServerPort = a.Port
 

From fce4cda879673dbb3945764555a2b8de0512989c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 22:34:41 +0200
Subject: [PATCH 1800/2268] tests: Fix data race causes by log after finished
 tests

---
 e2e/gitops_suite_test.go           |  5 ++++-
 e2e/test_project/kluctl_execute.go | 29 ++++++++++++++++++-----------
 e2e/test_project/project.go        |  2 +-
 pkg/status/utils.go                | 19 +++++++++++--------
 4 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 443fafafb..8ed8dbd5d 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -118,7 +118,10 @@ func (suite *GitopsTestSuite) startController() {
 	}
 	done := make(chan struct{})
 	go func() {
-		_, _, err := test_project.KluctlExecute(suite.T(), ctx, args...)
+		logFn := func(args ...any) {
+			suite.T().Log(args...)
+		}
+		_, _, err := test_project.KluctlExecute(suite.T(), ctx, logFn, args...)
 		if err != nil {
 			suite.T().Error(err)
 		}
diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 7b72335a1..49d57ef9e 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -11,29 +11,31 @@ import (
 	"testing"
 )
 
-func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, string, error) {
+func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), args ...string) (string, string, error) {
 	t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
 	var m sync.Mutex
+
 	stdoutBuf := bytes.NewBuffer(nil)
+	stderrBuf := bytes.NewBuffer(nil)
+
 	stdout := status.NewLineRedirector(func(line string) {
 		m.Lock()
 		defer m.Unlock()
-		t.Log(line)
+		logFn(line)
 		stdoutBuf.WriteString(line + "\n")
 	})
-	stderrBuf := bytes.NewBuffer(nil)
+	stderr := status.NewLineRedirector(func(line string) {
+		m.Lock()
+		defer m.Unlock()
+		logFn(line)
+		stderrBuf.WriteString(line + "\n")
+	})
 
 	ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
-	ctx = commands.WithStdStreams(ctx, stdout, stderrBuf)
+	ctx = commands.WithStdStreams(ctx, stdout, stderr)
 	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
-		m.Lock()
-		defer m.Unlock()
-		if ctx.Err() != nil {
-			return
-		}
-		t.Log(message)
-		stderrBuf.WriteString(message + "\n")
+		_, _ = stderr.Write([]byte(message + "\n"))
 	}, true)
 	defer func() {
 		if sh != nil {
@@ -44,7 +46,12 @@ func KluctlExecute(t *testing.T, ctx context.Context, args ...string) (string, s
 	err := commands.Execute(ctx, args, nil)
 	sh.Stop()
 	sh = nil
+
 	_ = stdout.Close()
+	_ = stderr.Close()
+
+	<-stdout.Done()
+	<-stderr.Done()
 
 	m.Lock()
 	defer m.Unlock()
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 2e86b1c4d..db71f5800 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -527,7 +527,7 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	}
 	args = append(args, argsIn...)
 
-	return KluctlExecute(p.t, context.Background(), args...)
+	return KluctlExecute(p.t, context.Background(), p.t.Log, args...)
 }
 
 func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
diff --git a/pkg/status/utils.go b/pkg/status/utils.go
index 4930ddf2f..8fe30b794 100644
--- a/pkg/status/utils.go
+++ b/pkg/status/utils.go
@@ -5,23 +5,26 @@ import (
 	"io"
 )
 
-type lineRedirector struct {
+type LineRedirector struct {
 	io.WriteCloser
-	done chan bool
+	done chan struct{}
 }
 
-func (lr *lineRedirector) Close() error {
+func (lr *LineRedirector) Close() error {
 	err := lr.WriteCloser.Close()
 	if err != nil {
 		return err
 	}
-	<-lr.done
 	return nil
 }
 
-func NewLineRedirector(cb func(line string)) io.WriteCloser {
+func (lr *LineRedirector) Done() <-chan struct{} {
+	return lr.done
+}
+
+func NewLineRedirector(cb func(line string)) *LineRedirector {
 	r, w := io.Pipe()
-	done := make(chan bool, 1)
+	done := make(chan struct{})
 
 	go func() {
 		br := bufio.NewReader(r)
@@ -33,10 +36,10 @@ func NewLineRedirector(cb func(line string)) io.WriteCloser {
 			}
 			cb(msg)
 		}
-		done <- true
+		close(done)
 	}()
 
-	return &lineRedirector{w, done}
+	return &LineRedirector{w, done}
 }
 
 type replaceRReader struct {

From 244890feaab59219475e75d117a1242c8c1c764b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 23:01:11 +0200
Subject: [PATCH 1801/2268] tests: Fix flakiness of multiple tests

---
 e2e/gitops_errors_test.go      | 51 ++++++++++++++--------------------
 e2e/gitops_git_include_test.go |  8 ++----
 e2e/gitops_helm_test.go        |  4 +--
 e2e/gitops_oci_include_test.go |  4 +--
 e2e/gitops_suite_test.go       | 12 +++++++-
 5 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 84e42042a..030c94222 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -11,9 +11,7 @@ import (
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/suite"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"testing"
-	"time"
 )
 
 type GitOpsErrorsSuite struct {
@@ -25,16 +23,9 @@ func TestGitOpsErrors(t *testing.T) {
 	suite.Run(t, new(GitOpsErrorsSuite))
 }
 
-func (suite *GitOpsErrorsSuite) assertErrors(key client.ObjectKey, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
+func (suite *GitOpsErrorsSuite) assertErrors(kd *kluctlv1.KluctlDeployment, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
 	g := NewWithT(suite.T())
 
-	var kd *kluctlv1.KluctlDeployment
-	g.Eventually(func() bool {
-		kd = suite.getKluctlDeployment(key)
-		readiness := suite.getReadiness(kd)
-		return readiness.Status != metav1.ConditionUnknown
-	}, timeout, time.Second).Should(BeTrue())
-
 	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
 
 	readinessCondition := suite.getReadiness(kd)
@@ -111,8 +102,8 @@ data:
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return badCm1_1, nil
 		}, "")
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
 			{
 				Ref:     cm1Ref,
 				Message: "failed to patch git-ops-errors-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (git-ops-errors-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
@@ -128,8 +119,8 @@ data:
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return badCm1_2, nil
 		}, "")
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return goodCm1, nil
 		}, "")
@@ -142,8 +133,8 @@ data:
 			kluctlBackup = f
 			return "a: b", nil
 		}, "")
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
 			return kluctlBackup, nil
 		}, "")
@@ -156,8 +147,8 @@ data:
 			deploymentBackup = f
 			return "a: b", nil
 		}, "")
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile("deployment.yml", func(f string) (string, error) {
 			return deploymentBackup, nil
 		}, "")
@@ -168,8 +159,8 @@ data:
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Target = utils.StrPtr("invalid")
 		})
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Target = utils.StrPtr("target1")
 		})
@@ -180,8 +171,8 @@ data:
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Context = utils.StrPtr("invalid")
 		})
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Context = utils.StrPtr("default")
 		})
@@ -194,8 +185,8 @@ data:
 			backup = kd.Spec.Source.Git.URL
 			kd.Spec.Source.Git.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
 		})
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to clone git source: repository not found", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to clone git source: repository not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.Git.URL = backup
 		})
@@ -209,8 +200,8 @@ data:
 				Branch: "invalid",
 			}
 		})
-		suite.waitForReconcile(key)
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
+		kd := suite.waitForReconcile(key)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.Git.Ref = backup
 		})
@@ -227,8 +218,8 @@ data:
 			_ = o.RemoveNestedField("discriminator")
 			return nil
 		})
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(key, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
 			{Message: "pruning without a discriminator is not supported"},
 		}, []result.DeploymentError{
 			{Message: "no discriminator configured. Orphan object detection will not work"},
@@ -237,8 +228,8 @@ data:
 			_ = o.SetNestedField(backup, "discriminator")
 			return nil
 		})
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(key, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok", nil, nil)
+		kd = suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		suite.assertErrors(kd, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index b665d6db2..2c40b5527 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -66,9 +66,7 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	})
 
 	suite.Run("retry with authentication", func() {
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-		kd := suite.getKluctlDeployment(key)
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
@@ -156,9 +154,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 	})
 
 	suite.Run("retry with authentication", func() {
-		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-		kd := suite.getKluctlDeploymentAllowNil(key)
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index ed299b5e0..d8199332d 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -115,9 +115,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		kd.Spec.Credentials = projectCreds
 	})
 
-	suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-
-	kd := suite.getKluctlDeploymentAllowNil(key)
+	kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 
 	readinessCondition := suite.getReadiness(kd)
 	g.Expect(readinessCondition).ToNot(BeNil())
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 09bd897bd..de977853f 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -87,9 +87,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 		}
 	})
 	suite.Run("fail without authentication", func() {
-		suite.waitForCommit(key, "")
-
-		kd := suite.getKluctlDeploymentAllowNil(key)
+		kd := suite.waitForCommit(key, "")
 
 		readinessCondition := suite.getReadiness(kd)
 		g.Expect(readinessCondition).ToNot(BeNil())
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 8ed8dbd5d..4c2adc0fe 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -169,6 +169,11 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) *kluctlv1.K
 			suite.T().Logf("%s: request processing not finished yet", reconcileId)
 			return false
 		}
+		readinessCondition := suite.getReadiness(kd)
+		if readinessCondition == nil || readinessCondition.Status == metav1.ConditionUnknown {
+			suite.T().Logf("%s: readiness status == unknown", reconcileId)
+			return false
+		}
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
@@ -197,6 +202,11 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 			suite.T().Logf("%s: commit %s does mot match %s", reconcileId, kd.Status.ObservedCommit, commit)
 			return false
 		}
+		readinessCondition := suite.getReadiness(kd)
+		if readinessCondition == nil || readinessCondition.Status == metav1.ConditionUnknown {
+			suite.T().Logf("%s: readiness status == unknown", reconcileId)
+			return false
+		}
 		suite.T().Logf("%s: finished waiting", reconcileId)
 		return true
 	}, timeout, time.Second).Should(BeTrue())
@@ -304,7 +314,7 @@ func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
 func (suite *GitopsTestSuite) createGitopsSecret(m map[string]string) string {
 	g := NewWithT(suite.T())
 
-	name := fmt.Sprintf("gitops-seceet-%d", suite.gitopsSecretIdx)
+	name := fmt.Sprintf("gitops-secret-%d", suite.gitopsSecretIdx)
 	suite.gitopsSecretIdx++
 
 	mb := map[string][]byte{}

From 5b1f30d4afbd9b5046e1a782dc961e4d94848ce7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 25 Oct 2023 20:46:13 +0200
Subject: [PATCH 1802/2268] chore: Run go mod tidy

---
 go.mod |  72 +-------------
 go.sum | 302 ++-------------------------------------------------------
 2 files changed, 9 insertions(+), 365 deletions(-)

diff --git a/go.mod b/go.mod
index 9001b06d5..852596c1f 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,6 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
-	github.com/docker/go-connections v0.4.0
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/evanphx/json-patch/v5 v5.6.0
 	github.com/getsops/sops/v3 v3.8.1
@@ -88,6 +87,7 @@ require (
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
 	google.golang.org/grpc v1.58.3
+	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
@@ -142,29 +142,23 @@ require (
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.0 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/containerd v1.7.6 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/docker v24.0.6+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
-	github.com/elastic/gosigar v0.14.2 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/flynn/noise v1.0.0 // indirect
-	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
@@ -181,20 +175,17 @@ require (
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/gobwas/ws v1.2.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/gopacket v1.1.19 // indirect
 	github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -217,18 +208,8 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/huin/goupnp v1.2.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/ipfs/boxo v0.10.0 // indirect
-	github.com/ipfs/go-cid v0.4.1 // indirect
-	github.com/ipfs/go-datastore v0.6.0 // indirect
-	github.com/ipfs/go-log v1.0.5 // indirect
-	github.com/ipfs/go-log/v2 v2.5.1 // indirect
-	github.com/ipld/go-ipld-prime v0.20.0 // indirect
-	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
-	github.com/jbenet/goprocess v0.1.4 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -236,35 +217,16 @@ require (
 	github.com/karrick/godirwalk v1.17.0 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
-	github.com/koron/go-ssdp v0.0.4 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.9 // indirect
-	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
-	github.com/libp2p/go-cidranger v1.1.0 // indirect
-	github.com/libp2p/go-flow-metrics v0.1.0 // indirect
-	github.com/libp2p/go-libp2p v0.31.0 // indirect
-	github.com/libp2p/go-libp2p-asn-util v0.3.0 // indirect
-	github.com/libp2p/go-libp2p-kad-dht v0.25.1 // indirect
-	github.com/libp2p/go-libp2p-kbucket v0.6.3 // indirect
-	github.com/libp2p/go-libp2p-record v0.2.0 // indirect
-	github.com/libp2p/go-libp2p-routing-helpers v0.7.2 // indirect
-	github.com/libp2p/go-msgio v0.3.0 // indirect
-	github.com/libp2p/go-nat v0.2.0 // indirect
-	github.com/libp2p/go-netroute v0.2.1 // indirect
-	github.com/libp2p/go-reuseport v0.4.0 // indirect
-	github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/miekg/dns v1.1.55 // indirect
-	github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
-	github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
-	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -276,39 +238,18 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/mr-tron/base58 v1.2.0 // indirect
-	github.com/multiformats/go-base32 v0.1.0 // indirect
-	github.com/multiformats/go-base36 v0.2.0 // indirect
-	github.com/multiformats/go-multiaddr v0.11.0 // indirect
-	github.com/multiformats/go-multiaddr-dns v0.3.1 // indirect
-	github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
-	github.com/multiformats/go-multibase v0.2.0 // indirect
-	github.com/multiformats/go-multicodec v0.9.0 // indirect
-	github.com/multiformats/go-multihash v0.2.3 // indirect
-	github.com/multiformats/go-multistream v0.4.1 // indirect
-	github.com/multiformats/go-varint v0.0.7 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/onsi/ginkgo/v2 v2.13.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0 // indirect
-	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/polydawn/refmt v0.89.0 // indirect
 	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.11.1 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
-	github.com/quic-go/quic-go v0.38.1 // indirect
-	github.com/quic-go/webtransport-go v0.5.3 // indirect
-	github.com/raulk/go-watchdog v1.3.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -318,7 +259,6 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
@@ -328,7 +268,6 @@ require (
 	github.com/urfave/cli v1.22.14 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
@@ -341,8 +280,6 @@ require (
 	go.opentelemetry.io/otel/metric v1.16.0 // indirect
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
-	go.uber.org/dig v1.17.0 // indirect
-	go.uber.org/fx v1.20.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
@@ -351,12 +288,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	gonum.org/v1/gonum v0.13.0 // indirect
 	google.golang.org/api v0.146.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
@@ -368,7 +303,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
 	k8s.io/kubectl v0.28.2 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
-	lukechampine.com/blake3 v1.2.1 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 75ddea590..c83c07688 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,5 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
@@ -51,14 +49,9 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
-dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
-dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
-git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
@@ -115,7 +108,6 @@ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
@@ -157,8 +149,6 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsP
 github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
-github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
 github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -172,10 +162,8 @@ github.com/bitnami-labs/sealed-secrets v0.24.2 h1:6RELDjQk+1WvrgkOJX9Y3aRyMBda3J
 github.com/bitnami-labs/sealed-secrets v0.24.2/go.mod h1:uQUgGnyOmGPUb6tCMRdhOKKHo2xJGwoxSqDYaWZZ+Hc=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
@@ -205,14 +193,12 @@ github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLI
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
@@ -223,12 +209,6 @@ github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSk
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
 github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
-github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
-github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -240,10 +220,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
-github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
@@ -266,15 +242,10 @@ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elastic/gosigar v0.12.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
-github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4=
-github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
@@ -299,16 +270,10 @@ github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBD
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
-github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
 github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
-github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
-github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
@@ -317,7 +282,6 @@ github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/Fl
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
 github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -325,10 +289,8 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
-github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
-github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -384,7 +346,6 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
 github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
 github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
 github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
@@ -393,20 +354,18 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
 github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
+github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
+github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
+github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
+github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
+github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
-github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
@@ -417,7 +376,6 @@ github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -425,8 +383,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -469,13 +425,9 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
 github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
-github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -491,10 +443,6 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo=
-github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
@@ -508,14 +456,11 @@ github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
 github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
-github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -527,7 +472,6 @@ github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@@ -535,10 +479,8 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -574,8 +516,6 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY=
-github.com/huin/goupnp v1.2.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -583,30 +523,8 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/ipfs/boxo v0.10.0 h1:tdDAxq8jrsbRkYoF+5Rcqyeb91hgWe2hp7iLu7ORZLY=
-github.com/ipfs/boxo v0.10.0/go.mod h1:Fg+BnfxZ0RPzR0nOodzdIq3A7KgoWAOWsEIImrIQdBM=
-github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=
-github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=
-github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=
-github.com/ipfs/go-datastore v0.6.0/go.mod h1:rt5M3nNbSO/8q1t4LNkLyUwRs8HupMeN/8O4Vn9YAT8=
-github.com/ipfs/go-detect-race v0.0.1/go.mod h1:8BNT7shDZPo99Q74BpGMK+4D8Mn4j46UU0LZ723meps=
-github.com/ipfs/go-log v1.0.5 h1:2dOuUCB1Z7uoczMWgAyDck5JLb72zHzrMnGnCNNbvY8=
-github.com/ipfs/go-log v1.0.5/go.mod h1:j0b8ZoR+7+R99LD9jZ6+AJsrzkPbSXbZfGakb5JPtIo=
-github.com/ipfs/go-log/v2 v2.1.3/go.mod h1:/8d0SH3Su5Ooc31QlL1WysJhvyOTDCjcCZ9Axpmri6g=
-github.com/ipfs/go-log/v2 v2.5.1 h1:1XdUzF7048prq4aBjDQQ4SL5RxftpRGdXhNRwKSAlcY=
-github.com/ipfs/go-log/v2 v2.5.1/go.mod h1:prSpmC1Gpllc9UYWxDiZDreBYw7zp4Iqp1kOLU9U5UI=
-github.com/ipld/go-ipld-prime v0.20.0 h1:Ud3VwE9ClxpO2LkCYP7vWPc0Fo+dYdYzgxUJZ3uRG4g=
-github.com/ipld/go-ipld-prime v0.20.0/go.mod h1:PzqZ/ZR981eKbgdr3y2DJYeD/8bgMawdGVlJDE8kK+M=
-github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
-github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
-github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk=
-github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk=
-github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0o=
-github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4=
-github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
@@ -625,13 +543,11 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
 github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
@@ -646,8 +562,6 @@ github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2 h1:PvJ+c944vAYt+D
 github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0=
-github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -655,7 +569,6 @@ github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
@@ -671,40 +584,10 @@ github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNa
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
-github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
-github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c=
-github.com/libp2p/go-cidranger v1.1.0/go.mod h1:KWZTfSr+r9qEo9OkI9/SIEeAtw+NNoU0dXIXt15Okic=
-github.com/libp2p/go-flow-metrics v0.1.0 h1:0iPhMI8PskQwzh57jB9WxIuIOQ0r+15PChFGkx3Q3WM=
-github.com/libp2p/go-flow-metrics v0.1.0/go.mod h1:4Xi8MX8wj5aWNDAZttg6UPmc0ZrnFNsMtpsYUClFtro=
-github.com/libp2p/go-libp2p v0.31.0 h1:LFShhP8F6xthWiBBq3euxbKjZsoRajVEyBS9snfHxYg=
-github.com/libp2p/go-libp2p v0.31.0/go.mod h1:W/FEK1c/t04PbRH3fA9i5oucu5YcgrG0JVoBWT1B7Eg=
-github.com/libp2p/go-libp2p-asn-util v0.3.0 h1:gMDcMyYiZKkocGXDQ5nsUQyquC9+H+iLEQHwOCZ7s8s=
-github.com/libp2p/go-libp2p-asn-util v0.3.0/go.mod h1:B1mcOrKUE35Xq/ASTmQ4tN3LNzVVaMNmq2NACuqyB9w=
-github.com/libp2p/go-libp2p-kad-dht v0.25.1 h1:ofFNrf6MMEy4vi3R1VbJ7LOcTn3Csh0cDcaWHTxtWNA=
-github.com/libp2p/go-libp2p-kad-dht v0.25.1/go.mod h1:6za56ncRHYXX4Nc2vn8z7CZK0P4QiMcrn77acKLM2Oo=
-github.com/libp2p/go-libp2p-kbucket v0.6.3 h1:p507271wWzpy2f1XxPzCQG9NiN6R6lHL9GiSErbQQo0=
-github.com/libp2p/go-libp2p-kbucket v0.6.3/go.mod h1:RCseT7AH6eJWxxk2ol03xtP9pEHetYSPXOaJnOiD8i0=
-github.com/libp2p/go-libp2p-record v0.2.0 h1:oiNUOCWno2BFuxt3my4i1frNrt7PerzB3queqa1NkQ0=
-github.com/libp2p/go-libp2p-record v0.2.0/go.mod h1:I+3zMkvvg5m2OcSdoL0KPljyJyvNDFGKX7QdlpYUcwk=
-github.com/libp2p/go-libp2p-routing-helpers v0.7.2 h1:xJMFyhQ3Iuqnk9Q2dYE1eUTzsah7NLw3Qs2zjUV78T0=
-github.com/libp2p/go-libp2p-routing-helpers v0.7.2/go.mod h1:cN4mJAD/7zfPKXBcs9ze31JGYAZgzdABEm+q/hkswb8=
-github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
-github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM=
-github.com/libp2p/go-nat v0.2.0 h1:Tyz+bUFAYqGyJ/ppPPymMGbIgNRH+WqC5QrT5fKrrGk=
-github.com/libp2p/go-nat v0.2.0/go.mod h1:3MJr+GRpRkyT65EpVPBstXLvOlAPzUVlG6Pwg9ohLJk=
-github.com/libp2p/go-netroute v0.2.1 h1:V8kVrpD8GK0Riv15/7VN6RbUQ3URNZVosw7H2v9tksU=
-github.com/libp2p/go-netroute v0.2.1/go.mod h1:hraioZr0fhBjG0ZRXJJ6Zj2IVEVNx6tDTFQfSmcq7mQ=
-github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s=
-github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU=
-github.com/libp2p/go-yamux/v4 v4.0.1 h1:FfDR4S1wj6Bw2Pqbc8Uz7pCxeRBPbwsBbEdfwiCypkQ=
-github.com/libp2p/go-yamux/v4 v4.0.1/go.mod h1:NWjl8ZTLOGlozrXSOZ/HlfG++39iKNnM5wwmtQP1YB4=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
@@ -713,8 +596,6 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY
 github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk=
-github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -722,7 +603,6 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -734,21 +614,8 @@ github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg=
-github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms=
-github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc=
-github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b/go.mod h1:lxPUiZwKoFL8DUUmalo2yJJUCxbPKtm8OKfqr2/FTNU=
-github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc h1:PTfri+PuQmWDqERdnNMiD9ZejrlswWrCpBEZgWOiTrc=
-github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc/go.mod h1:cGKTAVKx4SxOuR/czcZ/E2RSJ3sfHs8FpHhQ5CWMf9s=
-github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
-github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
-github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
-github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
@@ -785,41 +652,11 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
-github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
-github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
-github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
-github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
-github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
-github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
-github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo=
-github.com/multiformats/go-multiaddr v0.2.0/go.mod h1:0nO36NvPpyV4QzvTLi/lafl2y95ncPj0vFwVF6k6wJ4=
-github.com/multiformats/go-multiaddr v0.11.0 h1:XqGyJ8ufbCE0HmTDwx2kPdsrQ36AGPZNZX6s6xfJH10=
-github.com/multiformats/go-multiaddr v0.11.0/go.mod h1:gWUm0QLR4thQ6+ZF6SXUw8YjtwQSPapICM+NmCkxHSM=
-github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A=
-github.com/multiformats/go-multiaddr-dns v0.3.1/go.mod h1:G/245BRQ6FJGmryJCrOuTdB37AMA5AMOVuO6NY3JwTk=
-github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
-github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo=
-github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
-github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk=
-github.com/multiformats/go-multicodec v0.9.0 h1:pb/dlPnzee/Sxv/j4PmkDRxCOi3hXTz3IbPKOXWJkmg=
-github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI16i14xuaojr/H7Ai54k=
-github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew=
-github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
-github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
-github.com/multiformats/go-multistream v0.4.1 h1:rFy0Iiyn3YT0asivDUIR05leAdwZq3de4741sbiSdfo=
-github.com/multiformats/go-multistream v0.4.1/go.mod h1:Mz5eykRVAjJWckE2U78c6xqdtyNUEhKSM0Lwar2p77Q=
-github.com/multiformats/go-varint v0.0.1/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE=
-github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
-github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
-github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
 github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
@@ -830,20 +667,12 @@ github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/
 github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
 github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
-github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
-github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
 github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
@@ -862,12 +691,9 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
-github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
-github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
@@ -878,29 +704,17 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
 github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-20 v0.3.3 h1:17/glZSLI9P9fDAeyCHBFSWSqJcwx1byhLwP5eUIDCM=
-github.com/quic-go/qtls-go1-20 v0.3.3/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.38.1 h1:M36YWA5dEhEeT+slOu/SwMEucbYd0YFidxG3KlGPZaE=
-github.com/quic-go/quic-go v0.38.1/go.mod h1:ijnZM7JsFIkp4cRyjxJNIzdSfCLmUMg9wdyhGmg+SN4=
-github.com/quic-go/webtransport-go v0.5.3 h1:5XMlzemqB4qmOlgIus5zB45AcZ2kCgCy2EptUrfOPWU=
-github.com/quic-go/webtransport-go v0.5.3/go.mod h1:OhmmgJIzTTqXK5xvtuX0oBpLV2GkLWNDA+UeTGJXErU=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
-github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk=
-github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -909,8 +723,6 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
 github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -920,49 +732,19 @@ github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9c
 github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
-github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
-github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
-github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
-github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
-github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
-github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
-github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
-github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
-github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
-github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
-github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
-github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
-github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
-github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
-github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
-github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
-github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
-github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
-github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
-github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
-github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
-github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
 github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
@@ -993,7 +775,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
 github.com/tkrajina/go-reflector v0.5.6 h1:hKQ0gyocG7vgMD2M3dRlYN6WBBOmdoOzJ6njQSepKdE=
 github.com/tkrajina/go-reflector v0.5.6/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
@@ -1005,19 +786,12 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
 github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
-github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
-github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
-github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
-github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1041,7 +815,6 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1058,43 +831,26 @@ go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZE
 go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
 go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/dig v1.17.0 h1:5Chju+tUvcC+N7N6EV08BJz41UZuO3BmHcN4A287ZLI=
-go.uber.org/dig v1.17.0/go.mod h1:rTxpf7l5I0eBTlE6/9RL+lDybC7WFwY2QH55ZSjy1mU=
-go.uber.org/fx v1.20.0 h1:ZMC/pnRvhsthOZh9MZjMq5U8Or3mA9zBSPaLnzs3ihQ=
-go.uber.org/fx v1.20.0/go.mod h1:qCUj0btiR3/JnanEr1TYEePfSw6o/4qYJscgvzQ5Ub0=
-go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
-go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
 go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
-go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
 golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -1118,7 +874,6 @@ golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjs
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1147,14 +902,10 @@ golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -1182,7 +933,6 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -1193,8 +943,6 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1205,7 +953,6 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
 golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
-golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1221,16 +968,12 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
 golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1245,7 +988,6 @@ golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1256,7 +998,6 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1266,7 +1007,6 @@ golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1274,7 +1014,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1307,22 +1046,17 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -1332,8 +1066,6 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1368,7 +1100,6 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
@@ -1380,11 +1111,6 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-gonum.org/v1/gonum v0.13.0 h1:a0T3bh+7fhRyqeNbiC3qVHYmkiQgit3wnNan/2c0HMM=
-gonum.org/v1/gonum v0.13.0/go.mod h1:/WPYRckkfWrhWefxyYTfrTtQR0KH4iyHNuzxqXAKyAU=
-google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
-google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1407,8 +1133,6 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR
 google.golang.org/api v0.146.0 h1:9aBYT4vQXt9dhCuLNfwfd3zpwu8atg0yPkjBymwSrOM=
 google.golang.org/api v0.146.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
@@ -1417,10 +1141,6 @@ google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
-google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1462,9 +1182,6 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 h1:
 google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
-google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1517,17 +1234,14 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
 helm.sh/helm/v3 v3.13.1 h1:DG+XLGzBJeZvMLlMbm6bPDLV1dGaVW9eZsDoUd1/LM0=
 helm.sh/helm/v3 v3.13.1/go.mod h1:TdQRMiq46CSWcc68Hb0uVhvAWusaN90YwAV54cz6JzU=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1557,8 +1271,6 @@ k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=
 k8s.io/kubectl v0.28.2/go.mod h1:6EQWTPySF1fn7yKoQZHYf9TPwIl2AygHEcJoxFekr64=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
-lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
 nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
 nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
@@ -1582,5 +1294,3 @@ sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6Lv
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
-sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
-sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=

From fcb386401dd366a31c58a845446630119859e91c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 26 Oct 2023 00:59:12 +0200
Subject: [PATCH 1803/2268] fix: Pass ctx into ctrl.NewManager

---
 cmd/kluctl/commands/cmd_controller_run.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 4636c28b9..7c09f99ac 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -108,6 +108,9 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
+		BaseContext: func() context.Context {
+			return ctx
+		},
 		Scheme: cmd.scheme,
 		Metrics: metricsserver.Options{
 			BindAddress: cmd.MetricsBindAddress,

From 55a36e6f435561a0157ce769277c566c4be40e0c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 26 Oct 2023 01:00:43 +0200
Subject: [PATCH 1804/2268] fix: Respect current tmp dir in
 buildGitRepoCache/buildOciRepoCache

---
 pkg/controllers/kluctldeployment_controller_source.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 6fbdb378a..fae6c48ca 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -448,7 +448,7 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 		return nil, err
 	}
 
-	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-git-cache", key)
+	tmpBaseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kluctl-controller-git-cache", key)
 	err = os.MkdirAll(tmpBaseDir, 0o700)
 	if err != nil {
 		return nil, err
@@ -471,7 +471,7 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secr
 		return nil, nil, err
 	}
 
-	tmpBaseDir := filepath.Join(os.TempDir(), "kluctl-controller-oci-cache", key)
+	tmpBaseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kluctl-controller-oci-cache", key)
 	err = os.MkdirAll(tmpBaseDir, 0o700)
 	if err != nil {
 		return nil, nil, err

From 235cc0a6aa88a0924128fb1d98d5be4a1c645613 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 26 Oct 2023 14:34:08 +0200
Subject: [PATCH 1805/2268] fix: Add missing source-override containerPort

---
 config/manager/manager.yaml                | 2 ++
 install/controller/controller/manager.yaml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 592de80cc..82cab85df 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -74,6 +74,8 @@ spec:
         ports:
         - containerPort: 8080
           name: metrics
+        - containerPort: 8082
+          name: source-override
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/install/controller/controller/manager.yaml b/install/controller/controller/manager.yaml
index ab095372b..7e9efe944 100644
--- a/install/controller/controller/manager.yaml
+++ b/install/controller/controller/manager.yaml
@@ -57,6 +57,8 @@ spec:
         ports:
         - containerPort: 8080
           name: metrics
+        - containerPort: 8082
+          name: source-override
         readinessProbe:
           httpGet:
             path: /readyz

From cc0dd31257e08881f5cff9722a30034d460cfc97 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 09:12:11 +0200
Subject: [PATCH 1806/2268] fix: Avoid setting empty git ref

---
 pkg/controllers/kluctl_project.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 87f7707d3..587c497d1 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -18,6 +18,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/prometheus/client_golang/prometheus"
@@ -678,7 +679,9 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	}
 
 	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
-	cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
+	if pt.pp.co.CheckedOutRef != (types2.GitRef{}) {
+		cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
+	}
 
 	return nil
 }

From 0b80c32209f12c4d657a0c9179158ee2197c8099 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 09:12:46 +0200
Subject: [PATCH 1807/2268] fix: Reset lastPreparedError before re-trying

---
 pkg/controllers/kluctldeployment_controller_reconcile.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 80b34ef4d..d4fdd667f 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -127,6 +127,8 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		return false, nil
 	}
 
+	obj.Status.LastPrepareError = ""
+
 	doError := func(resultId string, err error) (bool, error) {
 		err2 := r.patchFailPrepare(ctx, obj, err)
 		if err2 != nil {

From 59ec1407fdd217da1a6311b22394e085afd45f34 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 09:15:05 +0200
Subject: [PATCH 1808/2268] refactor: Move RequestResult into own file and
 rename it ManualRequestResult

---
 api/v1beta1/kluctldeployment_types.go         | 30 ++++---------------
 api/v1beta1/manual_requests.go                | 23 ++++++++++++++
 api/v1beta1/zz_generated.deepcopy.go          | 18 +++++------
 cmd/kluctl/commands/cmd_gitops.go             | 12 ++++----
 cmd/kluctl/commands/cmd_gitops_deploy.go      |  2 +-
 cmd/kluctl/commands/cmd_gitops_diff.go        |  4 +--
 cmd/kluctl/commands/cmd_gitops_prune.go       |  2 +-
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |  2 +-
 cmd/kluctl/commands/cmd_gitops_validate.go    |  2 +-
 .../kluctldeployment_controller_reconcile.go  | 20 ++++++-------
 10 files changed, 59 insertions(+), 56 deletions(-)
 create mode 100644 api/v1beta1/manual_requests.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index e3faeb347..3d870fa26 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -475,42 +475,22 @@ type KubeConfig struct {
 	SecretRef SecretKeyReference `json:"secretRef,omitempty"`
 }
 
-type RequestResult struct {
-	// +required
-	RequestValue string `json:"requestValue"`
-
-	// +required
-	StartTime metav1.Time `json:"startTime"`
-
-	// +optional
-	EndTime *metav1.Time `json:"endTime,omitempty"`
-
-	// +required
-	ReconcileId string `json:"reconcileId"`
-
-	// +optional
-	ResultId string `json:"resultId,omitempty"`
-
-	// +optional
-	CommandError string `json:"commandError,omitempty"`
-}
-
 // KluctlDeploymentStatus defines the observed state of KluctlDeployment
 type KluctlDeploymentStatus struct {
 	// +optional
-	ReconcileRequestResult *RequestResult `json:"reconcileRequestResult,omitempty"`
+	ReconcileRequestResult *ManualRequestResult `json:"reconcileRequestResult,omitempty"`
 
 	// +optional
-	DiffRequestResult *RequestResult `json:"diffRequestResult,omitempty"`
+	DiffRequestResult *ManualRequestResult `json:"diffRequestResult,omitempty"`
 
 	// +optional
-	DeployRequestResult *RequestResult `json:"deployRequestResult,omitempty"`
+	DeployRequestResult *ManualRequestResult `json:"deployRequestResult,omitempty"`
 
 	// +optional
-	PruneRequestResult *RequestResult `json:"pruneRequestResult,omitempty"`
+	PruneRequestResult *ManualRequestResult `json:"pruneRequestResult,omitempty"`
 
 	// +optional
-	ValidateRequestResult *RequestResult `json:"validateRequestResult,omitempty"`
+	ValidateRequestResult *ManualRequestResult `json:"validateRequestResult,omitempty"`
 
 	// LastHandledReconcileAt holds the value of the most recent
 	// reconcile request value, so a change of the annotation value
diff --git a/api/v1beta1/manual_requests.go b/api/v1beta1/manual_requests.go
new file mode 100644
index 000000000..fbc451b05
--- /dev/null
+++ b/api/v1beta1/manual_requests.go
@@ -0,0 +1,23 @@
+package v1beta1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+type ManualRequestResult struct {
+	// +required
+	RequestValue string `json:"requestValue"`
+
+	// +required
+	StartTime metav1.Time `json:"startTime"`
+
+	// +optional
+	EndTime *metav1.Time `json:"endTime,omitempty"`
+
+	// +required
+	ReconcileId string `json:"reconcileId"`
+
+	// +optional
+	ResultId string `json:"resultId,omitempty"`
+
+	// +optional
+	CommandError string `json:"commandError,omitempty"`
+}
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index b9fb1f2b1..ec677cd09 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -237,27 +237,27 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 	*out = *in
 	if in.ReconcileRequestResult != nil {
 		in, out := &in.ReconcileRequestResult, &out.ReconcileRequestResult
-		*out = new(RequestResult)
+		*out = new(ManualRequestResult)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.DiffRequestResult != nil {
 		in, out := &in.DiffRequestResult, &out.DiffRequestResult
-		*out = new(RequestResult)
+		*out = new(ManualRequestResult)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.DeployRequestResult != nil {
 		in, out := &in.DeployRequestResult, &out.DeployRequestResult
-		*out = new(RequestResult)
+		*out = new(ManualRequestResult)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.PruneRequestResult != nil {
 		in, out := &in.PruneRequestResult, &out.PruneRequestResult
-		*out = new(RequestResult)
+		*out = new(ManualRequestResult)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ValidateRequestResult != nil {
 		in, out := &in.ValidateRequestResult, &out.ValidateRequestResult
-		*out = new(RequestResult)
+		*out = new(ManualRequestResult)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Conditions != nil {
@@ -525,7 +525,7 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RequestResult) DeepCopyInto(out *RequestResult) {
+func (in *ManualRequestResult) DeepCopyInto(out *ManualRequestResult) {
 	*out = *in
 	in.StartTime.DeepCopyInto(&out.StartTime)
 	if in.EndTime != nil {
@@ -534,12 +534,12 @@ func (in *RequestResult) DeepCopyInto(out *RequestResult) {
 	}
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestResult.
-func (in *RequestResult) DeepCopy() *RequestResult {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualRequestResult.
+func (in *ManualRequestResult) DeepCopy() *ManualRequestResult {
 	if in == nil {
 		return nil
 	}
-	out := new(RequestResult)
+	out := new(ManualRequestResult)
 	in.DeepCopyInto(out)
 	return out
 }
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 71f06a9f4..4cfdab58e 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -434,13 +434,13 @@ func (g *gitopsCmdHelper) overrideDeploymentArgs(kd *v1beta1.KluctlDeployment) e
 	return nil
 }
 
-func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult) (*v1beta1.ManualRequestResult, error) {
 	s := status.Startf(ctx, "Waiting for controller to start processing the request")
 	defer s.Failed()
 
 	sleep := time.Second * 1
 
-	var rr *v1beta1.RequestResult
+	var rr *v1beta1.ManualRequestResult
 	for {
 		var kd v1beta1.KluctlDeployment
 		err := g.client.Get(ctx, key, &kd)
@@ -464,10 +464,10 @@ func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.
 	return rr, nil
 }
 
-func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client.ObjectKey, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client.ObjectKey, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult) (*v1beta1.ManualRequestResult, error) {
 	sleep := time.Second * 1
 
-	var rr *v1beta1.RequestResult
+	var rr *v1beta1.ManualRequestResult
 	for {
 		var kd v1beta1.KluctlDeployment
 		err := g.client.Get(ctx, key, &kd)
@@ -490,7 +490,7 @@ func (g *gitopsCmdHelper) waitForRequestToFinish(ctx context.Context, key client
 	return rr, nil
 }
 
-func (g *gitopsCmdHelper) waitForRequestToStartAndFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult) (*v1beta1.RequestResult, error) {
+func (g *gitopsCmdHelper) waitForRequestToStartAndFinish(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult) (*v1beta1.ManualRequestResult, error) {
 	rrStarted, err := g.waitForRequestToStart(ctx, key, requestValue, getRequestResult)
 	if err != nil {
 		return nil, err
@@ -498,7 +498,7 @@ func (g *gitopsCmdHelper) waitForRequestToStartAndFinish(ctx context.Context, ke
 
 	stopCh := make(chan struct{})
 
-	var rrFinished *v1beta1.RequestResult
+	var rrFinished *v1beta1.ManualRequestResult
 
 	gh := utils.NewGoHelper(ctx, 0)
 	gh.RunE(func() error {
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index 29cfde348..cfe6a4646 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -43,7 +43,7 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult {
 			return status.DeployRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
index f3afa3ba7..5a4567e92 100644
--- a/cmd/kluctl/commands/cmd_gitops_diff.go
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -42,7 +42,7 @@ func (cmd *gitopsDiffCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult {
 			return status.DiffRequestResult
 		})
 		if err != nil {
@@ -71,7 +71,7 @@ func (cmd *gitopsDiffCmd) Run(ctx context.Context) error {
 	return nil
 }
 
-func (cmd *gitopsDiffCmd) cleanupDiffResult(ctx context.Context, g *gitopsCmdHelper, kd *v1beta1.KluctlDeployment, rr *v1beta1.RequestResult) error {
+func (cmd *gitopsDiffCmd) cleanupDiffResult(ctx context.Context, g *gitopsCmdHelper, kd *v1beta1.KluctlDeployment, rr *v1beta1.ManualRequestResult) error {
 	flags := args.CommandResultFlags{
 		CommandResultReadOnlyFlags: cmd.CommandResultReadOnlyFlags,
 		CommandResultWriteFlags: args.CommandResultWriteFlags{
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index 7d618015b..43ca80fac 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -41,7 +41,7 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult {
 			return status.PruneRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index 60631e4a9..c65d5916a 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -41,7 +41,7 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult {
 			return status.ReconcileRequestResult
 		})
 		if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index bd613b229..9aa09bbf2 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -44,7 +44,7 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 			return err
 		}
 
-		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.RequestResult {
+		rr, err := g.waitForRequestToStartAndFinish(ctx, client.ObjectKeyFromObject(&kd), v, func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult {
 			return status.ValidateRequestResult
 		})
 		if err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index d4fdd667f..c5097ea89 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -14,12 +14,12 @@ import (
 	"time"
 )
 
-type getResultPtrCallback func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string)
+type getResultPtrCallback func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string)
 
 func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string,
 	requestAnnotation string, getResultPtr getResultPtrCallback,
-) (*kluctlv1.RequestResult, error) {
+) (*kluctlv1.ManualRequestResult, error) {
 	key := client.ObjectKeyFromObject(obj)
 
 	v, _ := obj.GetAnnotations()[requestAnnotation]
@@ -34,7 +34,7 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 		// legacy value in status is still present, and we never executed the new request status handling
 		// ensure that we don't accidentally re-process the request
 		t := metav1.Now()
-		rr = &kluctlv1.RequestResult{
+		rr = &kluctlv1.ManualRequestResult{
 			RequestValue: v,
 			StartTime:    t,
 			EndTime:      &t,
@@ -51,7 +51,7 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 		return nil, nil
 	}
 	if rr == nil || rr.RequestValue != v {
-		rr = &kluctlv1.RequestResult{
+		rr = &kluctlv1.ManualRequestResult{
 			RequestValue: v,
 			StartTime:    metav1.Now(),
 			ReconcileId:  reconcileId,
@@ -70,7 +70,7 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 }
 
 func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Context,
-	obj *kluctlv1.KluctlDeployment, rr *kluctlv1.RequestResult, resultId string, commandErr error, getResultPtr getResultPtrCallback) error {
+	obj *kluctlv1.KluctlDeployment, rr *kluctlv1.ManualRequestResult, resultId string, commandErr error, getResultPtr getResultPtrCallback) error {
 	key := client.ObjectKeyFromObject(obj)
 
 	if rr == nil {
@@ -221,7 +221,7 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
 		return &status.DiffRequestResult, ""
 	}
 
@@ -246,7 +246,7 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 		obj.Status.LastHandledDeployAt = ""
 	}()
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
 		return &status.DeployRequestResult, status.LastHandledDeployAt
 	}
 
@@ -271,7 +271,7 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 		obj.Status.LastHandledPruneAt = ""
 	}()
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
 		return &status.PruneRequestResult, status.LastHandledPruneAt
 	}
 
@@ -296,7 +296,7 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 		obj.Status.LastHandledValidateAt = ""
 	}()
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
 		return &status.ValidateRequestResult, status.LastHandledValidateAt
 	}
 
@@ -321,7 +321,7 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 		obj.Status.ObservedGeneration = obj.GetGeneration()
 	}()
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.RequestResult, string) {
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
 		return &status.ReconcileRequestResult, status.LastHandledReconcileAt
 	}
 

From 5c5aef611f7f156ffc06eefada9c90e32bee7645 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 13:26:56 +0200
Subject: [PATCH 1809/2268] feat: Expect request annotations to be a
 ManualRequest json struct

Also use this struct for the one-time patch and write the patch into the
command result as well.
---
 api/v1beta1/kluctldeployment_types.go         |  10 +-
 api/v1beta1/manual_requests.go                |  16 +-
 api/v1beta1/zz_generated.deepcopy.go          |  61 +++--
 cmd/kluctl/commands/cmd_gitops.go             |  29 ++-
 cmd/kluctl/commands/cmd_gitops_diff.go        |   2 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   |  80 ++++--
 docs/gitops/api/kluctl-controller.md          | 238 +++++++++++-------
 install/controller/controller/crd.yaml        |  80 ++++--
 pkg/controllers/kluctl_project.go             |  31 +--
 .../kluctldeployment_controller.go            |  50 ----
 .../kluctldeployment_controller_reconcile.go  | 167 +++++++++---
 .../kluctldeployment_controller_status.go     |  18 +-
 pkg/types/result/command_result.go            |   1 +
 pkg/types/result/validate_result.go           |  26 +-
 pkg/types/result/zz_generated.deepcopy.go     |   8 +
 pkg/webui/ui/src/models.ts                    |   4 +
 16 files changed, 540 insertions(+), 281 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 3d870fa26..9417e8f8f 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -32,18 +32,18 @@ const (
 
 	KluctlDeployModeFull   = "full-deploy"
 	KluctlDeployPokeImages = "poke-images"
+)
 
+// The following annotations are set by the CLI (gitops sub-commands) and the webui. The values contains a JSON serialized
+// ManualRequest
+const (
 	KluctlRequestReconcileAnnotation = "kluctl.io/request-reconcile"
 	KluctlRequestDiffAnnotation      = "kluctl.io/request-diff"
 	KluctlRequestDeployAnnotation    = "kluctl.io/request-deploy"
 	KluctlRequestPruneAnnotation     = "kluctl.io/request-prune"
 	KluctlRequestValidateAnnotation  = "kluctl.io/request-validate"
 
-	// KluctlOnetimePatchAnnotation can be set to apply a onetime json-patch to the KluctlDeployment in the next
-	// reconciliation loop. The patched KluctlDeployment is in-memory only and not persisted. The annotation is removed
-	// immediately after it is read.
-	KluctlOnetimePatchAnnotation = "kluctl.io/gitops-onetime-patch"
-
+	// SourceOverrideScheme is used when source overrides are setup via the CLI
 	SourceOverrideScheme = "grpc+source-override"
 )
 
diff --git a/api/v1beta1/manual_requests.go b/api/v1beta1/manual_requests.go
index fbc451b05..b88391b89 100644
--- a/api/v1beta1/manual_requests.go
+++ b/api/v1beta1/manual_requests.go
@@ -1,11 +1,23 @@
 package v1beta1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
 
-type ManualRequestResult struct {
+// ManualRequest is used in json form inside the manual request annotations
+type ManualRequest struct {
 	// +required
 	RequestValue string `json:"requestValue"`
 
+	// +optional
+	OverridesPatch *runtime.RawExtension `json:"overridesPatch,omitempty"`
+}
+
+type ManualRequestResult struct {
+	// +required
+	Request ManualRequest `json:"request"`
+
 	// +required
 	StartTime metav1.Time `json:"startTime"`
 
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index ec677cd09..c9abb7b3d 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -345,6 +345,47 @@ func (in *LocalObjectReference) DeepCopy() *LocalObjectReference {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualRequest) DeepCopyInto(out *ManualRequest) {
+	*out = *in
+	if in.OverridesPatch != nil {
+		in, out := &in.OverridesPatch, &out.OverridesPatch
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualRequest.
+func (in *ManualRequest) DeepCopy() *ManualRequest {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualRequest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManualRequestResult) DeepCopyInto(out *ManualRequestResult) {
+	*out = *in
+	in.Request.DeepCopyInto(&out.Request)
+	in.StartTime.DeepCopyInto(&out.StartTime)
+	if in.EndTime != nil {
+		in, out := &in.EndTime, &out.EndTime
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualRequestResult.
+func (in *ManualRequestResult) DeepCopy() *ManualRequestResult {
+	if in == nil {
+		return nil
+	}
+	out := new(ManualRequestResult)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectCredentials) DeepCopyInto(out *ProjectCredentials) {
 	*out = *in
@@ -524,26 +565,6 @@ func (in *ProjectSourceOci) DeepCopy() *ProjectSourceOci {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ManualRequestResult) DeepCopyInto(out *ManualRequestResult) {
-	*out = *in
-	in.StartTime.DeepCopyInto(&out.StartTime)
-	if in.EndTime != nil {
-		in, out := &in.EndTime, &out.EndTime
-		*out = (*in).DeepCopy()
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManualRequestResult.
-func (in *ManualRequestResult) DeepCopy() *ManualRequestResult {
-	if in == nil {
-		return nil
-	}
-	out := new(ManualRequestResult)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SafeDuration) DeepCopyInto(out *SafeDuration) {
 	*out = *in
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 4cfdab58e..6d8237e33 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -276,21 +276,28 @@ func (g *gitopsCmdHelper) patchDeploymentStatus(ctx context.Context, key client.
 
 func (g *gitopsCmdHelper) patchManualRequest(ctx context.Context, key client.ObjectKey, requestAnnotation string, value string) error {
 	_, err := g.patchDeployment(ctx, key, func(kd *v1beta1.KluctlDeployment) error {
-		a := kd.GetAnnotations()
-		if a == nil {
-			a = map[string]string{}
+		overridePatch, err := g.buildOverridePatch(ctx, kd)
+		if err != nil {
+			return err
+		}
+
+		mr := v1beta1.ManualRequest{
+			RequestValue: value,
+		}
+		if len(overridePatch) != 0 && !bytes.Equal(overridePatch, []byte("{}")) {
+			mr.OverridesPatch = &runtime.RawExtension{Raw: overridePatch}
 		}
-		a[requestAnnotation] = value
 
-		onetimePatch, err := g.buildOnetimePatch(ctx, kd)
+		mrJson, err := yaml.WriteJsonString(&mr)
 		if err != nil {
 			return err
 		}
-		if len(onetimePatch) != 0 && !bytes.Equal(onetimePatch, []byte("{}")) {
-			a[v1beta1.KluctlOnetimePatchAnnotation] = string(onetimePatch)
-		} else {
-			delete(a, v1beta1.KluctlOnetimePatchAnnotation)
+
+		a := kd.GetAnnotations()
+		if a == nil {
+			a = map[string]string{}
 		}
+		a[requestAnnotation] = mrJson
 
 		kd.SetAnnotations(a)
 		return nil
@@ -302,7 +309,7 @@ func (g *gitopsCmdHelper) patchManualRequest(ctx context.Context, key client.Obj
 	return nil
 }
 
-func (g *gitopsCmdHelper) buildOnetimePatch(ctx context.Context, kdIn *v1beta1.KluctlDeployment) ([]byte, error) {
+func (g *gitopsCmdHelper) buildOverridePatch(ctx context.Context, kdIn *v1beta1.KluctlDeployment) ([]byte, error) {
 	cobraCmd := getCobraCommand(ctx)
 	if cobraCmd == nil {
 		panic("no cobra cmd")
@@ -454,7 +461,7 @@ func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.
 			continue
 		}
 
-		if rr.RequestValue != requestValue {
+		if rr.Request.RequestValue != requestValue {
 			time.Sleep(sleep)
 			continue
 		}
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
index 5a4567e92..3da43d8c6 100644
--- a/cmd/kluctl/commands/cmd_gitops_diff.go
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -89,7 +89,7 @@ func (cmd *gitopsDiffCmd) cleanupDiffResult(ctx context.Context, g *gitopsCmdHel
 	}
 
 	err = g.updateDeploymentStatus(ctx, client.ObjectKeyFromObject(kd), func(kd *v1beta1.KluctlDeployment) error {
-		if kd.Status.DiffRequestResult == nil || kd.Status.DiffRequestResult.RequestValue != rr.RequestValue {
+		if kd.Status.DiffRequestResult == nil || kd.Status.DiffRequestResult.Request.RequestValue != rr.Request.RequestValue {
 			return nil
 		}
 		kd.Status.LastDiffResult = nil
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 099ea2c66..727642938 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -693,8 +693,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -702,7 +712,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               diffRequestResult:
@@ -714,8 +724,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -723,7 +743,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               lastDeployError:
@@ -803,8 +823,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -812,7 +842,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               reconcileRequestResult:
@@ -824,8 +854,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -833,7 +873,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               targetKey:
@@ -856,8 +896,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -865,7 +915,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
             type: object
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 62af298e9..8b2679ac1 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1141,8 +1141,8 @@ There are two ways to use this value properly.
 <td>
 <code>reconcileRequestResult</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.RequestResult">
-RequestResult
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">
+ManualRequestResult
 </a>
 </em>
 </td>
@@ -1154,8 +1154,8 @@ RequestResult
 <td>
 <code>diffRequestResult</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.RequestResult">
-RequestResult
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">
+ManualRequestResult
 </a>
 </em>
 </td>
@@ -1167,8 +1167,8 @@ RequestResult
 <td>
 <code>deployRequestResult</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.RequestResult">
-RequestResult
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">
+ManualRequestResult
 </a>
 </em>
 </td>
@@ -1180,8 +1180,8 @@ RequestResult
 <td>
 <code>pruneRequestResult</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.RequestResult">
-RequestResult
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">
+ManualRequestResult
 </a>
 </em>
 </td>
@@ -1193,8 +1193,8 @@ RequestResult
 <td>
 <code>validateRequestResult</code><br>
 <em>
-<a href="#gitops.kluctl.io/v1beta1.RequestResult">
-RequestResult
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">
+ManualRequestResult
 </a>
 </em>
 </td>
@@ -1531,6 +1531,137 @@ string
 </table>
 </div>
 </div>
+<h3 id="gitops.kluctl.io/v1beta1.ManualRequest">ManualRequest
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.ManualRequestResult">ManualRequestResult</a>)
+</p>
+<p>ManualRequest is used in json form inside the manual request annotations</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>requestValue</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>overridesPatch</code><br>
+<em>
+k8s.io/apimachinery/pkg/runtime.RawExtension
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+<h3 id="gitops.kluctl.io/v1beta1.ManualRequestResult">ManualRequestResult
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentStatus">KluctlDeploymentStatus</a>)
+</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>request</code><br>
+<em>
+<a href="#gitops.kluctl.io/v1beta1.ManualRequest">
+ManualRequest
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>startTime</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
+Kubernetes meta/v1.Time
+</a>
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>endTime</code><br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
+Kubernetes meta/v1.Time
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>reconcileId</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>resultId</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+<tr>
+<td>
+<code>commandError</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="gitops.kluctl.io/v1beta1.ProjectCredentials">ProjectCredentials
 </h3>
 <p>
@@ -2078,93 +2209,6 @@ string
 </table>
 </div>
 </div>
-<h3 id="gitops.kluctl.io/v1beta1.RequestResult">RequestResult
-</h3>
-<p>
-(<em>Appears on:</em>
-<a href="#gitops.kluctl.io/v1beta1.KluctlDeploymentStatus">KluctlDeploymentStatus</a>)
-</p>
-<div class="md-typeset__scrollwrap">
-<div class="md-typeset__table">
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>requestValue</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>startTime</code><br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
-Kubernetes meta/v1.Time
-</a>
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>endTime</code><br>
-<em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta">
-Kubernetes meta/v1.Time
-</a>
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>reconcileId</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-</td>
-</tr>
-<tr>
-<td>
-<code>resultId</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>commandError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
 <h3 id="gitops.kluctl.io/v1beta1.SafeDuration">SafeDuration
 </h3>
 <p>
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index f956649a9..0406df6e9 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -693,8 +693,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -702,7 +712,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               diffRequestResult:
@@ -714,8 +724,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -723,7 +743,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               lastDeployError:
@@ -803,8 +823,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -812,7 +842,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               reconcileRequestResult:
@@ -824,8 +854,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -833,7 +873,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
               targetKey:
@@ -856,8 +896,18 @@ spec:
                     type: string
                   reconcileId:
                     type: string
-                  requestValue:
-                    type: string
+                  request:
+                    description: ManualRequest is used in json form inside the manual
+                      request annotations
+                    properties:
+                      overridesPatch:
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      requestValue:
+                        type: string
+                    required:
+                    - requestValue
+                    type: object
                   resultId:
                     type: string
                   startTime:
@@ -865,7 +915,7 @@ spec:
                     type: string
                 required:
                 - reconcileId
-                - requestValue
+                - request
                 - startTime
                 type: object
             type: object
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 587c497d1..7180ddf95 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -785,17 +785,17 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResul
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string, needDeployByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string) (*result.CommandResult, error) {
 	if deployMode == kluctlv1.KluctlDeployModeFull {
-		return pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
+		return pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash)
 	} else if deployMode == kluctlv1.KluctlDeployPokeImages {
-		return pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash, needDeployByRequest)
+		return pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash)
 	} else {
 		return nil, fmt.Errorf("deployMode '%s' not supported", deployMode)
 	}
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -813,11 +813,10 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdResult, "deploy", triggeredByRequest)
-	return cmdResult, err
+	return cmdResult, nil
 }
 
-func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
@@ -827,11 +826,10 @@ func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *k
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdResult, "poke-images", triggeredByRequest)
-	return cmdResult, err
+	return cmdResult, nil
 }
 
-func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, triggeredByRequest bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPruneCommand("", targetContext, false)
@@ -844,11 +842,10 @@ func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl
 	if err != nil {
 		return cmdResult, err
 	}
-	err = pt.writeCommandResult(ctx, cmdResult, "prune", triggeredByRequest)
-	return cmdResult, err
+	return cmdResult, nil
 }
 
-func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string, writeCmdResult bool) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string) (*result.CommandResult, error) {
 	cmd := commands.NewDiffCommand(targetContext)
 	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
 	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
@@ -860,21 +857,17 @@ func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_
 	if err != nil {
 		return cmdResult, err
 	}
-	if writeCmdResult {
-		err = pt.writeCommandResult(ctx, cmdResult, "diff", true)
-	}
 	return cmdResult, err
 }
 
-func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult, crId string, objectsHash string) (*result.ValidateResult, error) {
+func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) (*result.ValidateResult, error) {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
 	cmd := commands.NewValidateCommand(targetContext.Target.Discriminator, targetContext, cmdResult)
 
 	validateResult := cmd.Run(ctx)
-	err := pt.writeValidateResult(ctx, validateResult, crId, objectsHash)
-	return validateResult, err
+	return validateResult, nil
 }
 
 func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string, crId string) (*result.CommandResult, error) {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 196c30fa0..002df817c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -3,7 +3,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	json_patch "github.com/evanphx/json-patch"
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
@@ -148,50 +147,6 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	return *ctrlResult, nil
 }
 
-func (r *KluctlDeploymentReconciler) applyOnetimePatch(ctx context.Context, obj *kluctlv1.KluctlDeployment) error {
-	if obj.GetAnnotations() == nil {
-		return nil
-	}
-
-	patchStr, ok := obj.GetAnnotations()[kluctlv1.KluctlOnetimePatchAnnotation]
-	if !ok {
-		return nil
-	}
-
-	log := ctrl.LoggerFrom(ctx)
-	log.Info("Applying onetime patch", "patch", patchStr)
-
-	objJson, err := yaml.WriteJsonString(obj)
-	if err != nil {
-		return err
-	}
-
-	objJson2, err := json_patch.MergePatch([]byte(objJson), []byte(patchStr))
-	if err != nil {
-		return err
-	}
-
-	var patchedObj kluctlv1.KluctlDeployment
-	err = yaml.ReadYamlBytes(objJson2, &patchedObj)
-	if err != nil {
-		return err
-	}
-
-	ap := client.MergeFrom(patchedObj.DeepCopy())
-	a := patchedObj.GetAnnotations()
-	if a != nil {
-		delete(a, kluctlv1.KluctlOnetimePatchAnnotation)
-		patchedObj.SetAnnotations(a)
-		err = r.Client.Patch(ctx, patchedObj.DeepCopy(), ap, client.FieldOwner(r.ControllerName))
-		if err != nil {
-			return err
-		}
-	}
-
-	*obj = patchedObj
-	return nil
-}
-
 func (r *KluctlDeploymentReconciler) doReconcile(
 	ctx context.Context,
 	obj *kluctlv1.KluctlDeployment,
@@ -214,11 +169,6 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		return nil, r.patchFailPrepare(ctx, obj, err)
 	}
 
-	err = r.applyOnetimePatch(ctx, obj)
-	if err != nil {
-		return nil, r.patchFailPrepare(ctx, obj, err)
-	}
-
 	if obj.Spec.Suspend {
 		log.Info("Reconciliation is suspended for this object, only allowing manual requests to be processed")
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index c5097ea89..89fc89b47 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -2,13 +2,18 @@ package controllers
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
@@ -22,11 +27,52 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 ) (*kluctlv1.ManualRequestResult, error) {
 	key := client.ObjectKeyFromObject(obj)
 
+	log := ctrl.LoggerFrom(ctx)
+
+	old, _ := getResultPtr(&obj.Status)
+	if *old != nil && (*old).Request.RequestValue == "" {
+		r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
+			resultPtr, _ := getResultPtr(status)
+			*resultPtr = nil
+			return nil
+		})
+	}
+
 	v, _ := obj.GetAnnotations()[requestAnnotation]
 	if v == "" {
 		return nil, nil
 	}
 
+	log.Info(fmt.Sprintf("Processing %s: %s", requestAnnotation, v))
+
+	// first remove the annotation so that it doesn't get re-processed
+	err := r.patch(ctx, key, false, func(obj *kluctlv1.KluctlDeployment) error {
+		a := obj.GetAnnotations()
+		if a == nil {
+			return nil
+		}
+		v2 := a[requestAnnotation]
+		if v != v2 {
+			return nil
+		}
+		delete(a, requestAnnotation)
+		return nil
+	})
+
+	var mr kluctlv1.ManualRequest
+	err = yaml.ReadYamlString(v, &mr)
+	if err != nil {
+		return nil, err
+	}
+	if mr.RequestValue == "" {
+		return nil, errors.New("missing requestValue in manual request annotation")
+	}
+
+	err = r.applyOverridePatch(ctx, obj, &mr)
+	if err != nil {
+		return nil, err
+	}
+
 	resultPtr, legacyValue := getResultPtr(&obj.Status)
 	rr := *resultPtr
 
@@ -35,10 +81,10 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 		// ensure that we don't accidentally re-process the request
 		t := metav1.Now()
 		rr = &kluctlv1.ManualRequestResult{
-			RequestValue: v,
-			StartTime:    t,
-			EndTime:      &t,
-			ReconcileId:  "unknown",
+			Request:     mr,
+			StartTime:   t,
+			EndTime:     &t,
+			ReconcileId: "unknown",
 		}
 		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
 			resultPtr, _ := getResultPtr(status)
@@ -50,11 +96,11 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 		}
 		return nil, nil
 	}
-	if rr == nil || rr.RequestValue != v {
+	if rr == nil || rr.Request.RequestValue != v {
 		rr = &kluctlv1.ManualRequestResult{
-			RequestValue: v,
-			StartTime:    metav1.Now(),
-			ReconcileId:  reconcileId,
+			Request:     mr,
+			StartTime:   metav1.Now(),
+			ReconcileId: reconcileId,
 		}
 		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
 			resultPtr, _ := getResultPtr(status)
@@ -77,6 +123,10 @@ func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Conte
 		return nil
 	}
 
+	log := ctrl.LoggerFrom(ctx)
+
+	log.Info("Finishing handling of manual request")
+
 	t := metav1.Now()
 	rr.EndTime = &t
 	rr.ResultId = resultId
@@ -90,6 +140,43 @@ func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Conte
 	})
 }
 
+func (r *KluctlDeploymentReconciler) applyOverridePatch(ctx context.Context, obj *kluctlv1.KluctlDeployment, mr *kluctlv1.ManualRequest) error {
+	if mr.OverridesPatch == nil {
+		return nil
+	}
+
+	log := ctrl.LoggerFrom(ctx)
+	log.Info("Applying onetime patch from manual request")
+
+	objJson, err := yaml.WriteJsonString(obj)
+	if err != nil {
+		return err
+	}
+
+	objJson2, err := json_patch.MergePatch([]byte(objJson), mr.OverridesPatch.Raw)
+	if err != nil {
+		return err
+	}
+
+	var patchedObj kluctlv1.KluctlDeployment
+	err = yaml.ReadYamlBytes(objJson2, &patchedObj)
+	if err != nil {
+		return err
+	}
+
+	testObj1 := *obj
+	testObj2 := patchedObj
+	testObj1.Spec = kluctlv1.KluctlDeploymentSpec{}
+	testObj2.Spec = kluctlv1.KluctlDeploymentSpec{}
+
+	if !reflect.DeepEqual(&testObj1, &testObj2) {
+		return fmt.Errorf("override patch tried to modify non-spec fields")
+	}
+
+	*obj = patchedObj
+	return nil
+}
+
 func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context, obj *kluctlv1.KluctlDeployment) (*preparedProject, *preparedTarget, *kluctl_project.TargetContext, error) {
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
@@ -110,7 +197,7 @@ func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context
 	return pp, pt, targetContext, err
 }
 
-type reconcileCallback func(targetContext *kluctl_project.TargetContext,
+type reconcileCallback func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext,
 	pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error)
 
 func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context, timeoutCtx context.Context,
@@ -160,7 +247,7 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		return doError("", err)
 	}
 
-	cmdResult, failReason, cmdErr := reconcileRequest(targetContext, pt, reconcileId, objectsHash)
+	cmdResult, failReason, cmdErr := reconcileRequest(req, targetContext, pt, reconcileId, objectsHash)
 
 	resultId := ""
 	if x, ok := cmdResult.(*result.CommandResult); ok {
@@ -228,12 +315,16 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"diff", kluctlv1.KluctlRequestDiffAnnotation,
 		getResultPtr, false,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil, true)
-			err := obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
+		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil)
+			if cmdResult != nil && rr != nil {
+				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+			}
+			err := pt.writeCommandResult(ctx, cmdResult, "diff", true)
 			if err != nil {
 				log.Error(err, "Failed to write diff result")
 			}
+			err = obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
 			return cmdResult, kluctlv1.DiffFailedReason, err
 		})
 }
@@ -253,12 +344,16 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation,
 		getResultPtr, false,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, true)
-			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
+		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash)
+			if cmdResult != nil && rr != nil {
+				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+			}
+			err := pt.writeCommandResult(ctx, cmdResult, "deploy", true)
 			if err != nil {
 				log.Error(err, "Failed to write deploy result")
 			}
+			err = obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
 			return cmdResult, kluctlv1.DeployFailedReason, err
 		})
 }
@@ -278,12 +373,16 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"prune", kluctlv1.KluctlRequestPruneAnnotation,
 		getResultPtr, false,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash, true)
-			err := obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
+		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
+			if cmdResult != nil && rr != nil {
+				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+			}
+			err := pt.writeCommandResult(ctx, cmdResult, "prune", true)
 			if err != nil {
 				log.Error(err, "Failed to write prune result")
 			}
+			err = obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
 			return cmdResult, kluctlv1.PruneFailedReason, err
 		})
 }
@@ -303,12 +402,16 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"validate", kluctlv1.KluctlRequestValidateAnnotation,
 		getResultPtr, false,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil, reconcileId, objectsHash)
-			err := obj.Status.SetLastValidateResult(cmdResult, cmdErr)
+		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil)
+			if cmdResult != nil && rr != nil {
+				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+			}
+			err := pt.writeValidateResult(ctx, cmdResult, reconcileId, objectsHash)
 			if err != nil {
 				log.Error(err, "Failed to write validate result")
 			}
+			err = obj.Status.SetLastValidateResult(cmdResult, cmdErr)
 			return cmdResult, kluctlv1.ValidateFailedReason, err
 		})
 }
@@ -334,13 +437,12 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"reconcile", kluctlv1.KluctlRequestReconcileAnnotation,
 		getResultPtr, forceReconcile,
-		func(targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			return r.reconcileFullRequest2(ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
+		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+			return r.reconcileFullRequest2(rr, ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
 		})
 }
 
-func (r *KluctlDeploymentReconciler) reconcileFullRequest2(ctx context.Context, timeoutCtx context.Context,
-	obj *kluctlv1.KluctlDeployment, reconcileId string, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRequestResult, ctx context.Context, timeoutCtx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 	key := client.ObjectKeyFromObject(obj)
 	log := ctrl.LoggerFrom(ctx)
 
@@ -411,11 +513,12 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(ctx context.Context,
 		}
 
 		var cmdErr error
-		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(timeoutCtx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash, false)
-		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
+		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(timeoutCtx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash)
+		err = pt.writeCommandResult(ctx, deployResult, obj.Spec.DeployMode, false)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
 		}
+		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
 
 		if obj.Spec.DryRun {
 			// force full drift detection (otherwise we'd see the dry-run applied changes as non-drifted)
@@ -430,7 +533,11 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(ctx context.Context,
 		if err != nil {
 			return nil, kluctlv1.ValidateFailedReason, err
 		}
-		validateResult, cmdErr := pt.kluctlValidate(timeoutCtx, targetContext, deployResult, reconcileId, objectsHash)
+		validateResult, cmdErr := pt.kluctlValidate(timeoutCtx, targetContext, deployResult)
+		err = pt.writeValidateResult(ctx, validateResult, obj.Spec.DeployMode, objectsHash)
+		if err != nil {
+			log.Error(err, "Failed to write deploy result")
+		}
 		err = obj.Status.SetLastValidateResult(validateResult, cmdErr)
 		if err != nil {
 			log.Error(err, "Failed to write validate result")
@@ -445,7 +552,7 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(ctx context.Context,
 
 		resourceVersions := r.getResourceVersions(key)
 
-		diffResult, cmdErr := pt.kluctlDiff(timeoutCtx, targetContext, reconcileId, objectsHash, resourceVersions, false)
+		diffResult, cmdErr := pt.kluctlDiff(timeoutCtx, targetContext, reconcileId, objectsHash, resourceVersions)
 		driftDetectionResult := diffResult.BuildDriftDetectionResult()
 		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
 		if err != nil {
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 005057c4d..9197b8dfb 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -136,7 +136,7 @@ func (r *KluctlDeploymentReconciler) patchTargetKey(ctx context.Context, obj *kl
 	return nil
 }
 
-func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
+func (r *KluctlDeploymentReconciler) patch(ctx context.Context, key client.ObjectKey, patchStatus bool, update func(obj *kluctlv1.KluctlDeployment) error) error {
 	backoff := wait.Backoff{
 		Steps:    5,
 		Duration: 100 * time.Millisecond,
@@ -151,14 +151,18 @@ func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client
 			return false, err
 		}
 
-		statusPatch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
+		patch := client.MergeFromWithOptions(latest.DeepCopy(), client.MergeFromWithOptimisticLock{})
 
-		err = updateStatus(&latest.Status)
+		err = update(&latest)
 		if err != nil {
 			return false, err
 		}
 
-		err = r.Client.Status().Patch(ctx, &latest, statusPatch, client.FieldOwner(r.ControllerName))
+		if patchStatus {
+			err = r.Client.Status().Patch(ctx, &latest, patch, client.FieldOwner(r.ControllerName))
+		} else {
+			err = r.Client.Patch(ctx, &latest, patch, client.FieldOwner(r.ControllerName))
+		}
 		if err != nil {
 			if errors.IsConflict(err) {
 				// retry
@@ -171,6 +175,12 @@ func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client
 	})
 }
 
+func (r *KluctlDeploymentReconciler) patchStatus(ctx context.Context, key client.ObjectKey, updateStatus func(status *kluctlv1.KluctlDeploymentStatus) error) error {
+	return r.patch(ctx, key, true, func(obj *kluctlv1.KluctlDeployment) error {
+		return updateStatus(&obj.Status)
+	})
+}
+
 func (r *KluctlDeploymentReconciler) patchCondition(ctx context.Context, key client.ObjectKey, updateConditions func(c *[]metav1.Condition) error) error {
 	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
 		return updateConditions(&status.Conditions)
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 8398c67ce..0ce485bb6 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -134,6 +134,7 @@ type CommandResult struct {
 	Target           types.Target                   `json:"target"`
 	Command          CommandInfo                    `json:"command,omitempty"`
 	KluctlDeployment *KluctlDeploymentInfo          `json:"kluctlDeployment,omitempty"`
+	OverridesPatch   *uo.UnstructuredObject         `json:"overridesPatch,omitempty"`
 	GitInfo          GitInfo                        `json:"gitInfo,omitempty"`
 	ClusterInfo      ClusterInfo                    `json:"clusterInfo"`
 	Deployment       *types.DeploymentProjectConfig `json:"deployment,omitempty"`
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index 7b0594732..1fea58346 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -2,6 +2,7 @@ package result
 
 import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -12,18 +13,19 @@ type ValidateResultEntry struct {
 }
 
 type ValidateResult struct {
-	Id                  string                `json:"id"`
-	ReconcileId         string                `json:"reconcileId"`
-	ProjectKey          ProjectKey            `json:"projectKey"`
-	TargetKey           TargetKey             `json:"targetKey"`
-	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
-	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
-	StartTime           metav1.Time           `json:"startTime"`
-	EndTime             metav1.Time           `json:"endTime"`
-	Ready               bool                  `json:"ready"`
-	Warnings            []DeploymentError     `json:"warnings,omitempty"`
-	Errors              []DeploymentError     `json:"errors,omitempty"`
-	Results             []ValidateResultEntry `json:"results,omitempty"`
+	Id                  string                 `json:"id"`
+	ReconcileId         string                 `json:"reconcileId"`
+	ProjectKey          ProjectKey             `json:"projectKey"`
+	TargetKey           TargetKey              `json:"targetKey"`
+	KluctlDeployment    *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
+	OverridesPatch      *uo.UnstructuredObject `json:"overridesPatch,omitempty"`
+	RenderedObjectsHash string                 `json:"renderedObjectsHash,omitempty"`
+	StartTime           metav1.Time            `json:"startTime"`
+	EndTime             metav1.Time            `json:"endTime"`
+	Ready               bool                   `json:"ready"`
+	Warnings            []DeploymentError      `json:"warnings,omitempty"`
+	Errors              []DeploymentError      `json:"errors,omitempty"`
+	Results             []ValidateResultEntry  `json:"results,omitempty"`
 }
 
 type ValidateResultSummary struct {
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 08700754c..77cec6021 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -171,6 +171,10 @@ func (in *CommandResult) DeepCopyInto(out *CommandResult) {
 		*out = new(KluctlDeploymentInfo)
 		**out = **in
 	}
+	if in.OverridesPatch != nil {
+		in, out := &in.OverridesPatch, &out.OverridesPatch
+		*out = (*in).DeepCopy()
+	}
 	in.GitInfo.DeepCopyInto(&out.GitInfo)
 	out.ClusterInfo = in.ClusterInfo
 	if in.Deployment != nil {
@@ -492,6 +496,10 @@ func (in *ValidateResult) DeepCopyInto(out *ValidateResult) {
 		*out = new(KluctlDeploymentInfo)
 		**out = **in
 	}
+	if in.OverridesPatch != nil {
+		in, out := &in.OverridesPatch, &out.OverridesPatch
+		*out = (*in).DeepCopy()
+	}
 	in.StartTime.DeepCopyInto(&out.StartTime)
 	in.EndTime.DeepCopyInto(&out.EndTime)
 	if in.Warnings != nil {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index c8b50a1df..0412750c5 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -730,6 +730,7 @@ export class CommandResult {
     target: Target;
     command?: CommandInfo;
     kluctlDeployment?: KluctlDeploymentInfo;
+    overridesPatch?: any;
     gitInfo?: GitInfo;
     clusterInfo: ClusterInfo;
     deployment?: DeploymentProjectConfig;
@@ -748,6 +749,7 @@ export class CommandResult {
         this.target = this.convertValues(source["target"], Target);
         this.command = this.convertValues(source["command"], CommandInfo);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.overridesPatch = source["overridesPatch"];
         this.gitInfo = this.convertValues(source["gitInfo"], GitInfo);
         this.clusterInfo = this.convertValues(source["clusterInfo"], ClusterInfo);
         this.deployment = this.convertValues(source["deployment"], DeploymentProjectConfig);
@@ -878,6 +880,7 @@ export class ValidateResult {
     projectKey: ProjectKey;
     targetKey: TargetKey;
     kluctlDeployment?: KluctlDeploymentInfo;
+    overridesPatch?: any;
     renderedObjectsHash?: string;
     startTime: string;
     endTime: string;
@@ -893,6 +896,7 @@ export class ValidateResult {
         this.projectKey = this.convertValues(source["projectKey"], ProjectKey);
         this.targetKey = this.convertValues(source["targetKey"], TargetKey);
         this.kluctlDeployment = this.convertValues(source["kluctlDeployment"], KluctlDeploymentInfo);
+        this.overridesPatch = source["overridesPatch"];
         this.renderedObjectsHash = source["renderedObjectsHash"];
         this.startTime = source["startTime"];
         this.endTime = source["endTime"];

From 9fa9ea0c751dddb01d7ad0d8230026eb2289dbdd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 13:27:08 +0200
Subject: [PATCH 1810/2268] fix: Don't re-schedule reconciliation on suspend

---
 pkg/controllers/kluctldeployment_controller.go           | 6 ++++++
 pkg/controllers/kluctldeployment_controller_reconcile.go | 9 ---------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 002df817c..0c1a0be16 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -352,6 +352,9 @@ func (r *KluctlDeploymentReconciler) nextReconcileTime(obj *kluctlv1.KluctlDeplo
 }
 
 func (r *KluctlDeploymentReconciler) nextDeployTime(obj *kluctlv1.KluctlDeployment) *time.Time {
+	if obj.Spec.Suspend {
+		return nil
+	}
 	if obj.Status.LastDeployResult == nil {
 		// was never deployed before. Return early.
 		return nil
@@ -372,6 +375,9 @@ func (r *KluctlDeploymentReconciler) nextDeployTime(obj *kluctlv1.KluctlDeployme
 }
 
 func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeployment) *time.Time {
+	if obj.Spec.Suspend {
+		return nil
+	}
 	if obj.Status.LastValidateResult == nil {
 		// was never validated before. Return early.
 		return nil
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 89fc89b47..f62bf400d 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -29,15 +29,6 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 
 	log := ctrl.LoggerFrom(ctx)
 
-	old, _ := getResultPtr(&obj.Status)
-	if *old != nil && (*old).Request.RequestValue == "" {
-		r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			resultPtr, _ := getResultPtr(status)
-			*resultPtr = nil
-			return nil
-		})
-	}
-
 	v, _ := obj.GetAnnotations()[requestAnnotation]
 	if v == "" {
 		return nil, nil

From 7bd765ca3fb5b098dfea959ade62ddda733c776b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 09:40:07 +0200
Subject: [PATCH 1811/2268] tests: Improve parallel tests logging by passing t
 per Kluctl call

---
 e2e/args_test.go                      | 28 ++++++-------
 e2e/contexts_test.go                  | 20 ++++-----
 e2e/deployment_items_test.go          | 16 ++++----
 e2e/diff_name_test.go                 |  6 +--
 e2e/git_include_test.go               |  4 +-
 e2e/gitops_manual_requests_test.go    | 48 +++++++++++-----------
 e2e/gitops_oci_include_test.go        |  8 ++--
 e2e/gitops_source_override_test.go    | 20 ++++-----
 e2e/helm_test.go                      | 54 ++++++++++++------------
 e2e/hooks_test.go                     | 46 ++++++++++-----------
 e2e/images_test.go                    | 14 +++----
 e2e/inclusion_test.go                 | 50 +++++++++++------------
 e2e/no_target_test.go                 |  6 +--
 e2e/obfuscate_test.go                 | 12 +++---
 e2e/oci_include_test.go               | 34 +++++++--------
 e2e/prune_test.go                     |  8 ++--
 e2e/remote_objects_permission_test.go |  4 +-
 e2e/render_test.go                    |  6 +--
 e2e/results_test.go                   |  8 ++--
 e2e/seal_test.go                      | 40 +++++++++---------
 e2e/skip_delete_test.go               | 16 ++++----
 e2e/sops_test.go                      |  6 +--
 e2e/source_override_test.go           | 12 +++---
 e2e/test-utils/test_git_server.go     |  9 +++-
 e2e/test_project/project.go           | 59 +++++++++++++--------------
 e2e/validate_test.go                  |  4 +-
 e2e/when_test.go                      |  2 +-
 27 files changed, 272 insertions(+), 268 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index ccc2cdd60..547d4de72 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -56,7 +56,7 @@ func TestArgs(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a")
 	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
@@ -64,25 +64,25 @@ func TestArgs(t *testing.T) {
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 	assertNestedFieldEquals(t, cm, `43`, "data", "e")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "na", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c")
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 	assertNestedFieldEquals(t, cm, `{"nested": "default"}`, "data", "d")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", "-ad.nested=d")
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d"}`, "data", "d")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", `-ad={"nested": "d2"}`)
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": "d2"}`, "data", "d")
 
@@ -96,7 +96,7 @@ nested:
   nested2: d3
 `)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b", "-ac=c", fmt.Sprintf(`-ad=@%s`, tmpFile.Name()))
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, `{"nested": {"nested2": "d3"}}`, "data", "d")
 
@@ -110,7 +110,7 @@ d:
     nested2: d4
 `)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", fmt.Sprintf(`--args-from-file=%s`, tmpFile.Name()))
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a2", "data", "a")
 	assertNestedFieldEquals(t, cm, "default", "data", "b")
@@ -144,7 +144,7 @@ func TestArgsFromEnv(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
@@ -174,14 +174,14 @@ func TestArgsFromEnvAndCli(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "b=b")
 	cm := k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
 	assertNestedFieldEquals(t, cm, "c", "data", "c")
 
 	// make sure the CLI overrides values from env
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "b=b", "-a", "c=c2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "b=b", "-a", "c=c2")
 	cm = k.MustGetCoreV1(t, "configmaps", p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "a", "data", "a")
 	assertNestedFieldEquals(t, cm, "b", "data", "b")
@@ -225,21 +225,21 @@ func testArgsInDiscriminator(t *testing.T, inDefaultDiscriminator bool) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "discriminator-default", "metadata", "labels", "kluctl.io/discriminator")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, "discriminator-a", "metadata", "labels", "kluctl.io/discriminator")
 
 	if inDefaultDiscriminator {
 		// now without targets
-		p.KluctlMust("deploy", "--yes")
+		p.KluctlMust(t, "deploy", "--yes")
 		cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
 		assertNestedFieldEquals(t, cm, "discriminator-default", "metadata", "labels", "kluctl.io/discriminator")
 
-		p.KluctlMust("deploy", "--yes", "-aa=a")
+		p.KluctlMust(t, "deploy", "--yes", "-aa=a")
 		cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
 		assertNestedFieldEquals(t, cm, "discriminator-a", "metadata", "labels", "kluctl.io/discriminator")
 	}
diff --git a/e2e/contexts_test.go b/e2e/contexts_test.go
index 4f41e6f4e..b93ce968c 100644
--- a/e2e/contexts_test.go
+++ b/e2e/contexts_test.go
@@ -27,13 +27,13 @@ func TestContextCurrent(t *testing.T) {
 		// no context set, assume the current one is used
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
 	setMergedKubeconfigContext(t, defaultCluster2.Context)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
@@ -46,7 +46,7 @@ func TestContext1(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
@@ -60,7 +60,7 @@ func TestContext2(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster1, p.TestSlug(), "cm")
 }
@@ -77,11 +77,11 @@ func TestContext1And2(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test2")
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
@@ -94,7 +94,7 @@ func TestContextSwitch(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
@@ -102,7 +102,7 @@ func TestContextSwitch(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
 
@@ -115,10 +115,10 @@ func TestContextOverride(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster1.Context, "context")
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
 	assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1", "--context", defaultCluster2.Context)
 	assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 }
diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index ada1a8cc4..e8541fa48 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -24,16 +24,16 @@ func TestKustomize(t *testing.T) {
 		name:      "cm",
 		namespace: p.TestSlug(),
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
 		name:      "cm2",
 		namespace: p.TestSlug(),
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--dry-run")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--dry-run")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 }
 
@@ -78,7 +78,7 @@ func TestGeneratedKustomize(t *testing.T) {
 		return nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
@@ -128,7 +128,7 @@ namespace: %s
 `, p.TestSlug()), nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "a=v1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "a=v1")
 	// it should not appear in the default namespace as that would indicate that the component was treated as a deployment item
 	assertConfigMapNotExists(t, k, "default", p.TestSlug()+"-cm")
 	s := assertConfigMapExists(t, k, p.TestSlug(), p.TestSlug()+"-cm")
@@ -161,7 +161,7 @@ func TestKustomizeBase(t *testing.T) {
 		Name: "../base",
 	}}, nil)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "base-cm")
 }
 
@@ -204,7 +204,7 @@ func TestTemplateIgnore(t *testing.T) {
 		return `/configmap-cm3.yml`, nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	cm3 := assertConfigMapExists(t, k, p.TestSlug(), "cm3")
@@ -275,7 +275,7 @@ func testLocalIncludes(t *testing.T, projectDir string) {
 		return nil
 	})
 
-	p.KluctlMust("deploy", "--yes", "--project-dir", filepath.Join(p.LocalProjectDir(), projectDir))
+	p.KluctlMust(t, "deploy", "--yes", "--project-dir", filepath.Join(p.LocalProjectDir(), projectDir))
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-inc1")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-inc2")
 }
diff --git a/e2e/diff_name_test.go b/e2e/diff_name_test.go
index 39d812243..724fb1b8e 100644
--- a/e2e/diff_name_test.go
+++ b/e2e/diff_name_test.go
@@ -32,10 +32,10 @@ func TestDiffName(t *testing.T) {
 			"kluctl.io/diff-name": "cm",
 		},
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-1", "-a", "v=a")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-1", "-a", "v=a")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-1")
 
-	resultStr, _ := p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-2", "-a", "v=b", "-oyaml")
+	resultStr, _ := p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-2", "-a", "v=b", "-oyaml")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
 
 	var cr result.CompactedCommandResult
@@ -59,7 +59,7 @@ func TestDiffName(t *testing.T) {
 		Orphan: true,
 	}, r.Objects[1].BaseObject)
 
-	resultStr, _ = p.KluctlMust("deploy", "--yes", "-t", "test", "-a", "cm_name=cm-3", "-a", "v=c", "-oyaml")
+	resultStr, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-3", "-a", "v=c", "-oyaml")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
 	err = yaml.ReadYamlString(resultStr, &cr)
 	assert.NoError(t, err)
diff --git a/e2e/git_include_test.go b/e2e/git_include_test.go
index 1117b11b2..9fb8dfa3d 100644
--- a/e2e/git_include_test.go
+++ b/e2e/git_include_test.go
@@ -55,7 +55,7 @@ func TestGitInclude(t *testing.T) {
 
 	p, _, _ := prepareGitIncludeTest(t, k, nil, nil, nil)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
@@ -209,7 +209,7 @@ func TestGitIncludeRef(t *testing.T) {
 		},
 	}))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "parent")
 	assertConfigMapExists(t, k, p.TestSlug(), "head")
 	assertConfigMapExists(t, k, p.TestSlug(), "branch1")
diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
index 06eac41bb..fab93ce38 100644
--- a/e2e/gitops_manual_requests_test.go
+++ b/e2e/gitops_manual_requests_test.go
@@ -61,7 +61,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual diff (with no changes)", func() {
-		p.KluctlMust("gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DiffRequestResult)
@@ -80,7 +80,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual diff (with changes)", func() {
-		p.KluctlMust("gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "diff", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DiffRequestResult)
@@ -95,7 +95,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual deploy (with changes)", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -110,7 +110,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual deploy (with no changes)", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -125,7 +125,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual prune (with no changes)", func() {
-		p.KluctlMust("gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.PruneRequestResult)
@@ -137,7 +137,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	p.DeleteKustomizeDeployment("d2")
 
 	suite.Run("run manual prune (with changes)", func() {
-		p.KluctlMust("gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "prune", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.PruneRequestResult)
@@ -148,7 +148,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("run manual validate (with no errors)", func() {
-		p.KluctlMust("gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.ValidateRequestResult)
@@ -164,7 +164,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	assert.NoError(suite.T(), err)
 
 	suite.Run("run manual validate (with errors)", func() {
-		_, _, err := p.Kluctl("gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		_, _, err := p.Kluctl(suite.T(), "gitops", "validate", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 		assert.ErrorContains(suite.T(), err, "Validation failed")
 
 		kd := suite.getKluctlDeployment(key)
@@ -177,7 +177,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("resume and wait for reconcile", func() {
-		p.KluctlMust("gitops", "resume", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "resume", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 		g.Eventually(func() bool {
 			var cm1 corev1.ConfigMap
 			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
@@ -196,7 +196,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	})
 
 	suite.Run("suspend and ensure reconcile does not happen", func() {
-		p.KluctlMust("gitops", "suspend", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "suspend", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		err := suite.k.Client.Delete(context.Background(), cm1.ToUnstructured())
 		assert.NoError(suite.T(), err)
@@ -211,8 +211,8 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	suite.Run("run manual reconcile", func() {
 		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm1")
 
-		// this should ren even though suspend=true
-		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		// this should run even though suspend=true
+		p.KluctlMust(suite.T(), "gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.ReconcileRequestResult)
@@ -266,7 +266,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	})
 
 	suite.Run("deploy with dry-run", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -285,7 +285,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 			kd.Spec.DryRun = true
 		})
 		suite.waitForReconcile(key)
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run=false")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--dry-run=false")
 
 		kd = suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -306,7 +306,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	suite.waitForReconcile(key)
 
 	suite.Run("deploy with overridden args", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-a", "a=via_arg")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-a", "a=via_arg")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -319,7 +319,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 		assertNestedFieldEquals(suite.T(), cm1, "via_arg", "data", "k2")
 
 		// undo it
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 	})
 
 	p.DeleteKustomizeDeployment("d2")
@@ -329,8 +329,8 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 			kd.Spec.Prune = true
 		})
 
-		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
+		p.KluctlMust(suite.T(), "gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune=false")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -342,8 +342,8 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
-		p.KluctlMust("gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune")
+		p.KluctlMust(suite.T(), "gitops", "reconcile", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--prune")
 
 		kd = suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -363,7 +363,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	})
 
 	suite.Run("deploy with overridden inclusion", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-I", "d1")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-I", "d1")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -374,7 +374,7 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	})
 
 	suite.Run("deploy with overridden exclusion", func() {
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-E", "d1")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "-E", "d1")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
@@ -390,12 +390,12 @@ func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 
 	suite.Run("deploy with overridden target", func() {
 		// first, deploy without overrides
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 		cm1 := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm1")
 		assertNestedFieldEquals(suite.T(), cm1, "na", "data", "k3")
 
 		// now with override
-		p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--target", "target2")
+		p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name, "--target", "target2")
 
 		kd := suite.getKluctlDeployment(key)
 		assert.NotNil(suite.T(), kd.Status.DeployRequestResult)
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index de977853f..b86df28be 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -53,9 +53,9 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	repoUrl2 := repo2.URL.String() + "/org2/repo2"
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
-	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
-	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
-	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
+	ip1.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
+	ip2.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip3.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(suite.T())
 
@@ -79,7 +79,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 			"url": repoUrl3,
 		},
 	}))
-	p.KluctlMust("oci", "push", "--url", repoUrl0, "--registry-creds", fmt.Sprintf("%s=user0:pass0", repo0.URL.Host))
+	p.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl0, "--registry-creds", fmt.Sprintf("%s=user0:pass0", repo0.URL.Host))
 
 	var key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
 		kd.Spec.Source.Oci = &v1beta1.ProjectSourceOci{
diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
index f31a90684..870262fe8 100644
--- a/e2e/gitops_source_override_test.go
+++ b/e2e/gitops_source_override_test.go
@@ -48,7 +48,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 	key := suite.createKluctlDeployment(pt.p, "test", nil)
 
 	suite.Run("initial deployment", func() {
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 		suite.assertOverridesDidNotHappen(key, &pt)
 	})
 
@@ -67,7 +67,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 
 		suite.assertOverridesDidNotHappen(key, &pt)
 
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
 			"--local-git-override", fmt.Sprintf("%s=%s", k1, pt.override1),
 			"--local-git-override", fmt.Sprintf("%s=%s", k2, pt.override2),
 			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
@@ -75,7 +75,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 		suite.assertOverridesDidHappen(key, &pt)
 
 		// undo everything
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 	})
 
 	suite.Run("deploy with overridden git group source", func() {
@@ -84,14 +84,14 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 
 		suite.assertOverridesDidNotHappen(key, &pt)
 
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
 			"--local-git-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
 			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
 
 		suite.assertOverridesDidHappen(key, &pt)
 
 		// undo everything
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 	})
 }
 
@@ -102,7 +102,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
 	key := suite.createKluctlDeployment(pt.p, "test", nil)
 
 	suite.Run("initial deployment", func() {
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 		suite.assertOverridesDidNotHappen(key, &pt)
 	})
 
@@ -119,7 +119,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
 
 		suite.assertOverridesDidNotHappen(key, &pt)
 
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
 			"--local-oci-override", fmt.Sprintf("%s=%s", k1, pt.override1),
 			"--local-oci-override", fmt.Sprintf("%s=%s", k2, pt.override2),
 			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
@@ -127,7 +127,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
 		suite.assertOverridesDidHappen(key, &pt)
 
 		// undo everything
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 	})
 
 	suite.Run("deploy with overridden oci group source", func() {
@@ -135,13 +135,13 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
 
 		suite.assertOverridesDidNotHappen(key, &pt)
 
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name,
 			"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
 			"--local-source-override-port", fmt.Sprintf("%d", suite.sourceOverridePort))
 
 		suite.assertOverridesDidHappen(key, &pt)
 
 		// undo everything
-		pt.p.KluctlMust("gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
+		pt.p.KluctlMust(suite.T(), "gitops", "deploy", "--context", suite.k.Context, "--namespace", key.Namespace, "--name", key.Name)
 	})
 }
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 7a02f509d..949fe2cb2 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -360,7 +360,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		args := []string{"helm-pull"}
 		args = append(args, extraArgs...)
 
-		_, stderr, err := p.Kluctl(args...)
+		_, stderr, err := p.Kluctl(t, args...)
 		if tc.expectedError != "" {
 			assert.Error(t, err)
 			assert.Contains(t, stderr, tc.expectedError)
@@ -407,7 +407,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 		args = append(args, buildHelmTestExtraArgs(t, tc, repo)...)
 	}
 
-	_, stderr, err := p.Kluctl(args...)
+	_, stderr, err := p.Kluctl(t, args...)
 	pullMessage := "Pulling Helm Chart test-chart1 with version 0.1.0"
 	if prePull {
 		assert.NotContains(t, stderr, pullMessage)
@@ -474,9 +474,9 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
-	p.KluctlMust("helm-pull")
+	p.KluctlMust(t, "helm-pull")
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.1.0", v)
@@ -486,10 +486,10 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 		return nil
 	}, "")
 
-	p.KluctlMust("helm-pull")
+	p.KluctlMust(t, "helm-pull")
 	assert.NoFileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.2.0"))
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.2.0", v)
@@ -533,7 +533,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		return nil
 	}, "")
 
-	p.KluctlMust("helm-pull")
+	p.KluctlMust(t, "helm-pull")
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart2", "0.1.0"))
 
@@ -551,7 +551,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 		args = append(args, "--commit")
 	}
 
-	_, stderr := p.KluctlMust(args...)
+	_, stderr := p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.2.0 available")
 	assert.Contains(t, stderr, "helm2: Chart test-chart2 has new version 0.3.0 available")
 	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
@@ -664,7 +664,7 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 
 	args := []string{"helm-update", "--upgrade"}
 
-	_, stderr := p.KluctlMust(args...)
+	_, stderr := p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.1.1 available")
 	assert.Contains(t, stderr, "helm2: Chart test-chart1 has new version 0.2.0 available")
 	assert.Contains(t, stderr, "helm3: Chart test-chart1 has new version 1.2.1 available")
@@ -730,8 +730,8 @@ func TestHelmValues(t *testing.T) {
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
-	p.KluctlMust("helm-pull")
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	p.KluctlMust(t, "helm-pull")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm2-test-chart2")
@@ -782,8 +782,8 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
 	p.AddHelmDeployment("helm4", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
-	p.KluctlMust("helm-pull")
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	p.KluctlMust(t, "helm-pull")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
 
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-a-test-chart1")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-b-test-chart2")
@@ -814,7 +814,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 		return nil
 	}, "")
 
-	stdout, _ := p.KluctlMust("render", "--print-all", "--offline-kubernetes", "-t", "test")
+	stdout, _ := p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes", "-t", "test")
 	cm1 := uo.FromStringMust(stdout)
 
 	assert.Equal(t, map[string]any{
@@ -824,7 +824,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 		"kubeVersion": "v1.20.0",
 	}, cm1.Object["data"])
 
-	stdout, _ = p.KluctlMust("render", "--print-all", "--offline-kubernetes", "--kubernetes-version", "1.22.1", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes", "--kubernetes-version", "1.22.1", "-t", "test")
 	cm1 = uo.FromStringMust(stdout)
 
 	assert.Equal(t, map[string]any{
@@ -851,11 +851,11 @@ func TestHelmLocalChart(t *testing.T) {
 	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalProjectDir(), "test-chart1"))
 	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalProjectDir(), "helm2/test-chart2"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-1-test-chart1")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-2-test-chart2")
 
-	_, stderr := p.KluctlMust("helm-pull")
+	_, stderr := p.KluctlMust(t, "helm-pull")
 	assert.NotContains(t, stderr, "test-chart1")
 	assert.NotContains(t, stderr, "test-chart2")
 }
@@ -889,7 +889,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 
 	args := []string{"helm-pull"}
 
-	_, stderr := p.KluctlMust(args...)
+	_, stderr := p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
 	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
@@ -899,7 +899,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
 	}, "")
-	_, stderr = p.KluctlMust(args...)
+	_, stderr = p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "Removing unused Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
@@ -909,7 +909,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
 		return nil
 	}, "")
-	_, stderr = p.KluctlMust(args...)
+	_, stderr = p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "test-chart1: Pulling Chart with version 0.1.1")
 	assert.NotContains(t, stderr, "version 0.1.0")
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
@@ -919,7 +919,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		_ = o.SetNestedField(false, "helmChart", "skipPrePull")
 		return nil
 	}, "")
-	_, stderr = p.KluctlMust(args...)
+	_, stderr = p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.1")
 	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
@@ -930,14 +930,14 @@ func TestHelmSkipPrePull(t *testing.T) {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
 	}, "")
-	_, stderr = p.KluctlMust(args...)
+	_, stderr = p.KluctlMust(t, args...)
 	p.GitServer().CommitFiles("kluctl-project", []string{".helm-charts"}, false, ".helm-charts")
 	args = []string{
 		"helm-update",
 		"--upgrade",
 		"--commit",
 	}
-	_, stderr = p.KluctlMust(args...)
+	_, stderr = p.KluctlMust(t, args...)
 	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "Pulling Chart with version 0.1.1")
 	assert.Contains(t, stderr, "Pulling Chart with version 0.2.0")
@@ -1016,18 +1016,18 @@ func TestHelmLookup(t *testing.T) {
 	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
 
-	p.KluctlMust("helm-pull")
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "helm-pull")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	assertNestedFieldEquals(t, cm1, "lookupValue", "data", "lookup")
 
-	s, _ := p.KluctlMust("render", "-t", "test", "--print-all")
+	s, _ := p.KluctlMust(t, "render", "-t", "test", "--print-all")
 	y, err := uo.FromString(s)
 	assert.NoError(t, err)
 	assertNestedFieldEquals(t, y, "lookupValue", "data", "lookup")
 
-	s, _ = p.KluctlMust("render", "-t", "test", "--print-all", "--offline-kubernetes")
+	s, _ = p.KluctlMust(t, "render", "-t", "test", "--print-all", "--offline-kubernetes")
 	y, err = uo.FromString(s)
 	assert.NoError(t, err)
 	assertNestedFieldEquals(t, y, "lookupReturnedNil", "data", "lookup")
diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index c27cb67ab..7a4b16116 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -142,19 +142,19 @@ func (s *hooksTestContext) incRunCount() {
 	})
 }
 
-func (s *hooksTestContext) ensureHookExecuted(expectedCms ...string) {
-	_, err := s.ensureHookExecuted2(0, expectedCms...)
+func (s *hooksTestContext) ensureHookExecuted(t *testing.T, expectedCms ...string) {
+	_, err := s.ensureHookExecuted2(t, 0, expectedCms...)
 	assert.NoError(s.t, err)
 }
 
-func (s *hooksTestContext) ensureHookExecuted2(timeout time.Duration, expectedCms ...string) (string, error) {
+func (s *hooksTestContext) ensureHookExecuted2(t *testing.T, timeout time.Duration, expectedCms ...string) (string, error) {
 	s.clearSeenConfigmaps()
 	s.incRunCount()
 	args := []string{"deploy", "--yes", "-t", "test"}
 	if timeout != 0 {
 		args = append(args, "--timeout", timeout.String())
 	}
-	_, stderr, err := s.p.Kluctl(args...)
+	_, stderr, err := s.p.Kluctl(t, args...)
 	assert.Equal(s.t, expectedCms, s.seenConfigMaps)
 	return stderr, err
 }
@@ -162,49 +162,49 @@ func (s *hooksTestContext) ensureHookExecuted2(timeout time.Duration, expectedCm
 func TestHooksPreDeployInitial(t *testing.T) {
 	t.Parallel()
 	s := prepareHookTestProject(t, "pre-deploy-initial", "")
-	s.ensureHookExecuted("hook1", "cm1")
-	s.ensureHookExecuted("cm1")
+	s.ensureHookExecuted(t, "hook1", "cm1")
+	s.ensureHookExecuted(t, "cm1")
 }
 
 func TestHooksPostDeployInitial(t *testing.T) {
 	t.Parallel()
 	s := prepareHookTestProject(t, "post-deploy-initial", "")
-	s.ensureHookExecuted("cm1", "hook1")
-	s.ensureHookExecuted("cm1")
+	s.ensureHookExecuted(t, "cm1", "hook1")
+	s.ensureHookExecuted(t, "cm1")
 }
 
 func TestHooksPreDeployUpgrade(t *testing.T) {
 	t.Parallel()
 	s := prepareHookTestProject(t, "pre-deploy-upgrade", "")
-	s.ensureHookExecuted("cm1")
-	s.ensureHookExecuted("hook1", "cm1")
-	s.ensureHookExecuted("hook1", "cm1")
+	s.ensureHookExecuted(t, "cm1")
+	s.ensureHookExecuted(t, "hook1", "cm1")
+	s.ensureHookExecuted(t, "hook1", "cm1")
 }
 
 func TestHooksPostDeployUpgrade(t *testing.T) {
 	t.Parallel()
 	s := prepareHookTestProject(t, "post-deploy-upgrade", "")
-	s.ensureHookExecuted("cm1")
-	s.ensureHookExecuted("cm1", "hook1")
-	s.ensureHookExecuted("cm1", "hook1")
+	s.ensureHookExecuted(t, "cm1")
+	s.ensureHookExecuted(t, "cm1", "hook1")
+	s.ensureHookExecuted(t, "cm1", "hook1")
 }
 
 func doTestHooksPreDeploy(t *testing.T, hooks string) {
 	s := prepareHookTestProject(t, hooks, "")
-	s.ensureHookExecuted("hook1", "cm1")
-	s.ensureHookExecuted("hook1", "cm1")
+	s.ensureHookExecuted(t, "hook1", "cm1")
+	s.ensureHookExecuted(t, "hook1", "cm1")
 }
 
 func doTestHooksPostDeploy(t *testing.T, hooks string) {
 	s := prepareHookTestProject(t, hooks, "")
-	s.ensureHookExecuted("cm1", "hook1")
-	s.ensureHookExecuted("cm1", "hook1")
+	s.ensureHookExecuted(t, "cm1", "hook1")
+	s.ensureHookExecuted(t, "cm1", "hook1")
 }
 
 func doTestHooksPrePostDeploy(t *testing.T, hooks string) {
 	s := prepareHookTestProject(t, hooks, "")
-	s.ensureHookExecuted("hook1", "cm1", "hook1")
-	s.ensureHookExecuted("hook1", "cm1", "hook1")
+	s.ensureHookExecuted(t, "hook1", "cm1", "hook1")
+	s.ensureHookExecuted(t, "hook1", "cm1", "hook1")
 }
 
 func TestHooksPreDeploy(t *testing.T) {
@@ -253,7 +253,7 @@ func TestHooksWait(t *testing.T) {
 	}}, false, "post-deploy", "")
 	s.addHookConfigMap("hook", resourceOpts{name: "hook3", namespace: s.p.TestSlug()}, false, "post-deploy", "")
 
-	stderr, err := s.ensureHookExecuted2(3*time.Second, "cm1", "hook1", "hook2")
+	stderr, err := s.ensureHookExecuted2(t, 3*time.Second, "cm1", "hook1", "hook2")
 	if err == nil {
 		t.Fatal("err == nil, but it should have timed out")
 	}
@@ -269,7 +269,7 @@ func TestHooksWait(t *testing.T) {
 	}()
 
 	// hook2 appears twice because the patch from above causes the webhook to fire
-	stderr, err = s.ensureHookExecuted2(20*time.Second, "cm1", "hook1", "hook2", "hook2", "hook3")
+	stderr, err = s.ensureHookExecuted2(t, 20*time.Second, "cm1", "hook1", "hook2", "hook2", "hook3")
 	assert.NoError(t, err)
 	assert.Contains(t, stderr, "Still waiting")
 
@@ -281,6 +281,6 @@ func TestHooksWait(t *testing.T) {
 		return nil
 	}, "")
 
-	_, err = s.ensureHookExecuted2(5*time.Second, "cm1", "hook1", "hook2", "hook3")
+	_, err = s.ensureHookExecuted2(t, 5*time.Second, "cm1", "hook1", "hook2", "hook3")
 	assert.NoError(t, err)
 }
diff --git a/e2e/images_test.go b/e2e/images_test.go
index 4561e3d1d..e990fb393 100644
--- a/e2e/images_test.go
+++ b/e2e/images_test.go
@@ -76,7 +76,7 @@ func TestGetImageNotFound(t *testing.T) {
 
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 
-	_, _, err := p.Kluctl("deploy", "-y", "-t", "test")
+	_, _, err := p.Kluctl(t, "deploy", "-y", "-t", "test")
 	assert.ErrorContains(t, err, "failed to find fixed image for i1")
 }
 
@@ -94,7 +94,7 @@ func TestGetImageArg(t *testing.T) {
 
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
 	assertImage(t, k, p, "d1", "c1", "i1:arg")
 }
 
@@ -131,7 +131,7 @@ func TestGetImageVars(t *testing.T) {
 
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test")
 	assertImage(t, k, p, "d1", "c1", "i1:vars")
 }
 
@@ -154,7 +154,7 @@ func TestGetImageMixed(t *testing.T) {
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i2") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test", "--fixed-image", "i1=i1:arg")
 	assertImage(t, k, p, "d1", "c1", "i1:arg")
 	assertImage(t, k, p, "d2", "c2", "i2:vars")
 }
@@ -179,7 +179,7 @@ func TestGetImageByDeployment(t *testing.T) {
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i1") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test")
 	assertImage(t, k, p, "d1", "c1", "i1:vars1")
 	assertImage(t, k, p, "d2", "c2", "i1:vars2")
 }
@@ -204,7 +204,7 @@ func TestGetImageByContainer(t *testing.T) {
 	addGetImageDeployment(p, "d1", "c1", `{{ images.get_image("i1") }}`)
 	addGetImageDeployment(p, "d2", "c2", `{{ images.get_image("i1") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test")
 	assertImage(t, k, p, "d1", "c1", "i1:vars1")
 	assertImage(t, k, p, "d2", "c2", "i1:vars2")
 }
@@ -231,7 +231,7 @@ func TestGetImageRegex(t *testing.T) {
 	addGetImageDeployment(p, "d3", "c1", `{{ images.get_image("j1") }}`)
 	addGetImageDeployment(p, "d4", "c2", `{{ images.get_image("j2") }}`)
 
-	p.KluctlMust("deploy", "-y", "-t", "test")
+	p.KluctlMust(t, "deploy", "-y", "-t", "test")
 	assertImage(t, k, p, "d1", "c1", "i1:x")
 	assertImage(t, k, p, "d2", "c2", "i1:x")
 	assertImage(t, k, p, "d3", "c1", "i1:y")
diff --git a/e2e/inclusion_test.go b/e2e/inclusion_test.go
index 206ff4df6..3a9303e34 100644
--- a/e2e/inclusion_test.go
+++ b/e2e/inclusion_test.go
@@ -76,25 +76,25 @@ func TestInclusionTags(t *testing.T) {
 	doAssertExists()
 
 	// test default tags
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "cm1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "cm1")
 	doAssertExists("cm1")
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "cm2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "cm2")
 	doAssertExists("cm2")
 
 	// cm3/cm4 don't have default tags, so they should not deploy
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "cm3")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "cm3")
 	doAssertExists()
 
 	// but with tag2, at least cm3 should deploy
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "tag2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "tag2")
 	doAssertExists("cm3")
 
 	// let's try 2 tags at once
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "tag3", "-I", "tag4")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "tag3", "-I", "tag4")
 	doAssertExists("cm4", "cm5")
 
 	// And now let's try a tag that matches all non-default ones
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "tag3", "-I", "tag1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "tag3", "-I", "tag1")
 	doAssertExists("cm6", "cm7")
 }
 
@@ -110,15 +110,15 @@ func TestExclusionTags(t *testing.T) {
 	doAssertExists()
 
 	// Exclude everything except cm1
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-E", "cm2", "-E", "tag1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-E", "cm2", "-E", "tag1")
 	doAssertExists("cm1")
 
 	// Test that exclusion has precedence over inclusion
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-E", "cm2", "-E", "tag1", "-I", "cm2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-E", "cm2", "-E", "tag1", "-I", "cm2")
 	doAssertExists()
 
 	// Test that exclusion has precedence over inclusion
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "tag1", "-E", "tag6")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "tag1", "-E", "tag6")
 	doAssertExists("cm3", "cm4", "cm5", "cm6")
 }
 
@@ -133,13 +133,13 @@ func TestInclusionIncludeDirs(t *testing.T) {
 
 	doAssertExists()
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "itag1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "itag1")
 	doAssertExists("icm1")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "include2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "include2")
 	doAssertExists("icm2", "icm3")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-I", "itag5")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-I", "itag5")
 	doAssertExists("icm4", "icm5")
 }
 
@@ -154,13 +154,13 @@ func TestInclusionDeploymentDirs(t *testing.T) {
 
 	doAssertExists()
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--include-deployment-dir", "include1/icm1")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--include-deployment-dir", "include1/icm1")
 	doAssertExists("icm1")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--include-deployment-dir", "include2/icm3")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--include-deployment-dir", "include2/icm3")
 	doAssertExists("icm3")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--exclude-deployment-dir", "include3/icm5")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--exclude-deployment-dir", "include3/icm5")
 	var a []string
 	for _, x := range p.ListDeploymentItemPathes(".", false) {
 		if x != "icm5" {
@@ -181,25 +181,25 @@ func TestInclusionPrune(t *testing.T) {
 
 	doAssertExists(nil, nil)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	doAssertExists(p.ListDeploymentItemPathes(".", false), nil)
 
 	p.DeleteKustomizeDeployment("cm1")
-	p.KluctlMust("prune", "--yes", "-t", "test", "-I", "non-existent-tag")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test", "-I", "non-existent-tag")
 	doAssertExists(nil, nil)
 
-	p.KluctlMust("prune", "--yes", "-t", "test", "-I", "cm1")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test", "-I", "cm1")
 	doAssertExists(nil, []string{"cm1"})
 
 	p.DeleteKustomizeDeployment("cm2")
-	p.KluctlMust("prune", "--yes", "-t", "test", "-E", "cm2")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test", "-E", "cm2")
 	doAssertExists(nil, nil)
 
 	p.DeleteKustomizeDeployment("cm3")
-	p.KluctlMust("prune", "--yes", "-t", "test", "--exclude-deployment-dir", "cm3")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test", "--exclude-deployment-dir", "cm3")
 	doAssertExists(nil, []string{"cm2"})
 
-	p.KluctlMust("prune", "--yes", "-t", "test")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
 	doAssertExists(nil, []string{"cm3"})
 }
 
@@ -212,16 +212,16 @@ func TestInclusionDelete(t *testing.T) {
 		assertExistsHelper(t, p, k, shouldExists, add, remove)
 	}
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	doAssertExists(p.ListDeploymentItemPathes(".", false), nil)
 
-	p.KluctlMust("delete", "--yes", "-t", "test", "-I", "non-existent-tag")
+	p.KluctlMust(t, "delete", "--yes", "-t", "test", "-I", "non-existent-tag")
 	doAssertExists(nil, nil)
 
-	p.KluctlMust("delete", "--yes", "-t", "test", "-I", "cm1")
+	p.KluctlMust(t, "delete", "--yes", "-t", "test", "-I", "cm1")
 	doAssertExists(nil, []string{"cm1"})
 
-	p.KluctlMust("delete", "--yes", "-t", "test", "-E", "cm2")
+	p.KluctlMust(t, "delete", "--yes", "-t", "test", "-E", "cm2")
 	var a []string
 	for _, x := range p.ListDeploymentItemPathes(".", false) {
 		if x != "cm1" && x != "cm2" {
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 4840d8ae1..8759a7bf1 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -38,7 +38,7 @@ func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 
 	p := prepareNoTargetTest(t, withDeploymentYaml)
 
-	p.KluctlMust("deploy", "--yes")
+	p.KluctlMust(t, "deploy", "--yes")
 	cm := assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assertConfigMapNotExists(t, defaultCluster2, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
@@ -46,14 +46,14 @@ func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
-	p.KluctlMust("deploy", "--yes", "-T", "override-name")
+	p.KluctlMust(t, "deploy", "--yes", "-T", "override-name")
 	cm = assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
 		"targetContext": defaultCluster1.Context,
 	}, cm.Object["data"])
 
-	p.KluctlMust("deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
+	p.KluctlMust(t, "deploy", "--yes", "-T", "override-name", "--context", defaultCluster2.Context)
 	cm = assertConfigMapExists(t, defaultCluster2, p.TestSlug(), "cm")
 	assert.Equal(t, map[string]any{
 		"targetName":    "override-name",
diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
index fa1563fd2..3b00f29a8 100644
--- a/e2e/obfuscate_test.go
+++ b/e2e/obfuscate_test.go
@@ -34,7 +34,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		namespace: p.TestSlug(),
 	}, false)
 
-	stdout, _ := p.KluctlMust("deploy", "--yes", "-t", "test")
+	stdout, _ := p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertSecretExists(t, k, p.TestSlug(), "secret")
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value")))
 
@@ -42,7 +42,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		_ = o.SetNestedField("secret_value_2", "stringData", "secret")
 		return nil
 	}, "")
-	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value")))
 	assert.Contains(t, stdout, "***** (obfuscated)")
 
@@ -50,7 +50,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		_ = o.SetNestedField("secret_value_3", "stringData", "secret")
 		return nil
 	}, "")
-	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test", "--no-obfuscate")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--no-obfuscate")
 	assert.Contains(t, stdout, "-"+base64.StdEncoding.EncodeToString([]byte("secret_value_2")))
 	assert.Contains(t, stdout, "+"+base64.StdEncoding.EncodeToString([]byte("secret_value_3")))
 	assert.NotContains(t, stdout, "***** (obfuscated)")
@@ -63,7 +63,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		return nil
 	}, "")
 
-	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_2")))
 	assert.Contains(t, stdout, "+secret2: '***** (obfuscated)'")
 
@@ -74,7 +74,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		}, "stringData")
 		return nil
 	}, "")
-	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_3")))
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_4")))
 	assert.Contains(t, stdout, "+secret3: '***** (obfuscated)'")
@@ -87,7 +87,7 @@ func TestObfuscateSecrets(t *testing.T) {
 		}, "stringData")
 		return nil
 	}, "")
-	stdout, _ = p.KluctlMust("deploy", "--yes", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_5")))
 	assert.NotContains(t, stdout, base64.StdEncoding.EncodeToString([]byte("secret_value_6")))
 	assert.Contains(t, stdout, "data[\"secret.dot1\"] | +***** (obfuscated)")
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 07e0bc279..c3385cc74 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -30,8 +30,8 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 	repo1 := repo.URL.String() + "/org1/repo1"
 	repo2 := repo.URL.String() + "/org2/repo2"
 
-	ip1.KluctlMust("oci", "push", "--url", repo1)
-	ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+	ip1.KluctlMust(t, "oci", "push", "--url", repo1)
+	ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
 
 	p := test_project.NewTestProject(t)
 
@@ -51,7 +51,7 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 		},
 	}))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
@@ -82,17 +82,17 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
 	// push with no creds
-	_, _, err := ip1.Kluctl("oci", "push", "--url", repoUrl1)
+	_, _, err := ip1.Kluctl(t, "oci", "push", "--url", repoUrl1)
 	assert.ErrorContains(t, err, "401 Unauthorized")
 
 	// push with invalid creds
-	_, _, err = ip1.Kluctl("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:invalid", repo1.URL.Host))
+	_, _, err = ip1.Kluctl(t, "oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:invalid", repo1.URL.Host))
 	assert.ErrorContains(t, err, "401 Unauthorized")
 
 	// now with valid creds
-	ip1.KluctlMust("oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
-	ip2.KluctlMust("oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
-	ip3.KluctlMust("oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
+	ip1.KluctlMust(t, "oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
+	ip2.KluctlMust(t, "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip3.KluctlMust(t, "oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(t)
 
@@ -118,7 +118,7 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	}))
 
 	// deploy with no auth
-	_, _, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	_, _, err = p.Kluctl(t, "deploy", "--yes", "-t", "test")
 	assert.ErrorContains(t, err, "401 Unauthorized")
 
 	// deploy with some invalid creds
@@ -129,14 +129,14 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	t.Setenv("KLUCTL_REGISTRY_2_REPOSITORY", fmt.Sprintf("%s/org2/repo2", repo2.URL.Host))
 	t.Setenv("KLUCTL_REGISTRY_2_USERNAME", "user2")
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "invalid")
-	_, _, err = p.Kluctl("deploy", "--yes", "-t", "test")
+	_, _, err = p.Kluctl(t, "deploy", "--yes", "-t", "test")
 	assert.ErrorContains(t, err, "401 Unauthorized")
 
 	// deploy with valid creds
 	t.Setenv("KLUCTL_REGISTRY_2_PASSWORD", "pass2")
 	dockerLogin(t, repo3.URL.Host, "user3", "pass3")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertConfigMapExists(t, k, p.TestSlug(), "include2-cm")
 }
@@ -176,19 +176,19 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 
 	repo1 := repo.URL.String() + "/org1/repo1"
 
-	ip1.KluctlMust("oci", "push", "--url", repo1+":tag1")
+	ip1.KluctlMust(t, "oci", "push", "--url", repo1+":tag1")
 
 	ip1.UpdateYaml("cm/configmap-include1-cm.yml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("v2", "data", "a")
 		return nil
 	}, "")
-	ip1.KluctlMust("oci", "push", "--url", repo1+":tag2")
+	ip1.KluctlMust(t, "oci", "push", "--url", repo1+":tag2")
 
 	ip1.UpdateYaml("cm/configmap-include1-cm.yml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("v3", "data", "a")
 		return nil
 	}, "")
-	stdout, _ := ip1.KluctlMust("oci", "push", "--url", repo1+":tag3", "--output", "json")
+	stdout, _ := ip1.KluctlMust(t, "oci", "push", "--url", repo1+":tag3", "--output", "json")
 	md := uo.FromStringMust(stdout)
 	digest, _, _ := md.GetNestedString("digest")
 
@@ -207,7 +207,7 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 		},
 	}))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertNestedFieldEquals(t, cm, "v", "data", "a")
 
@@ -218,7 +218,7 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 		return items
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertNestedFieldEquals(t, cm, "v2", "data", "a")
 
@@ -229,7 +229,7 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 		return items
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "include1-cm")
 	assertNestedFieldEquals(t, cm, "v3", "data", "a")
 }
diff --git a/e2e/prune_test.go b/e2e/prune_test.go
index bea7fa554..92dbe322c 100644
--- a/e2e/prune_test.go
+++ b/e2e/prune_test.go
@@ -25,13 +25,13 @@ func TestPrune(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
 	p.DeleteKustomizeDeployment("cm2")
 
-	p.KluctlMust("prune", "--yes", "-t", "test")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 }
@@ -56,7 +56,7 @@ func TestDeployWithPrune(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
@@ -66,7 +66,7 @@ func TestDeployWithPrune(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "--prune")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--prune")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index ab41ad78c..0ea7acdf6 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -47,7 +47,7 @@ roleRef:
 		{Name: "rbac.yaml", Content: rbac},
 	}, nil)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 	assertSecretExists(t, k, p.TestSlug(), "secret")
 
@@ -56,7 +56,7 @@ roleRef:
 
 	setKubeconfigString(t, kc)
 
-	stdout, _, err := p.Kluctl("deploy", "--yes", "-t", "test", "--write-command-result=false")
+	stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test", "--write-command-result=false")
 	assert.Error(t, err)
 	assert.Contains(t, stdout, "at least one permission error was encountered while gathering objects by discriminator labels")
 }
diff --git a/e2e/render_test.go b/e2e/render_test.go
index e29d6688c..c397f464d 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -21,7 +21,7 @@ func TestRenderPrintAll(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	stdout, _ := p.KluctlMust("render", "-t", "test", "--print-all")
+	stdout, _ := p.KluctlMust(t, "render", "-t", "test", "--print-all")
 	y, err := yaml.ReadYamlAllString(stdout)
 	assert.NoError(t, err)
 	assert.Equal(t, []any{map[string]any{
@@ -49,13 +49,13 @@ func TestRenderNoKubeconfig(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	_, stderr := p.KluctlMust("render", "--print-all")
+	_, stderr := p.KluctlMust(t, "render", "--print-all")
 	assert.Contains(t, stderr, "No valid KUBECONFIG provided, which means the Kubernetes client is not available")
 
 	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
 		_ = target.SetNestedField("context1", "context")
 	})
-	_, stderr, err := p.Kluctl("render", "-t", "test", "--print-all")
+	_, stderr, err := p.Kluctl(t, "render", "-t", "test", "--print-all")
 	assert.ErrorContains(t, err, "context \"context1\" does not exist")
 
 }
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 661cb2325..54509f574 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -39,7 +39,7 @@ func TestWriteResult(t *testing.T) {
 		name:      "cm",
 		namespace: p.TestSlug(),
 	})
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm")
 
 	// we must ensure that at least a second passes between deployments, as otherwise command result sorting becomes
@@ -76,7 +76,7 @@ func TestWriteResult(t *testing.T) {
 	}, "")
 
 	b.Wait()
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)
@@ -94,7 +94,7 @@ func TestWriteResult(t *testing.T) {
 		return nil
 	})
 	b.Wait()
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)
@@ -106,7 +106,7 @@ func TestWriteResult(t *testing.T) {
 	}, summaries[0])
 
 	b.Wait()
-	p.KluctlMust("prune", "--yes", "-t", "test")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 
 	summaries, err = rs.ListCommandResultSummaries(opts)
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index d790b9ace..6e56f7721 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -178,12 +178,12 @@ func TestSeal_WithOperator(t *testing.T) {
 			}),
 		}, true)
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
 		"s2": "v2",
@@ -213,14 +213,14 @@ func TestSeal_WithBootstrap(t *testing.T) {
 			}),
 		}, false)
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
 	test_resources.ApplyYaml(t, "sealed-secrets.yaml", k)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	pkCm := k.MustGetCoreV1(t, "configmaps", "kube-system", "sealed-secrets-key-kluctl-bootstrap")
 	certBytes, ok, _ := pkCm.GetNestedString("data", "tls.crt")
@@ -261,12 +261,12 @@ func TestSeal_MultipleVarSources(t *testing.T) {
 			}),
 		}, true)
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -301,12 +301,12 @@ func TestSeal_MultipleSecretSets(t *testing.T) {
 	})
 	addSecretsSetToTarget(p, "test-target", "test2")
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -351,15 +351,15 @@ func TestSeal_MultipleTargets(t *testing.T) {
 		_ = target.SetNestedField(defaultCluster2.Context, "context")
 	})
 
-	p.KluctlMust("seal", "-t", "test-target")
-	p.KluctlMust("seal", "-t", "test-target2")
+	p.KluctlMust(t, "seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target2")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
-	p.KluctlMust("deploy", "--yes", "-t", "test-target2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target2")
 
 	assertSealedSecret(t, defaultCluster1, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -395,13 +395,13 @@ func TestSeal_MultipleSecrets(t *testing.T) {
 		}, true)
 	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}, true)
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment2/test-target/secret-secret2.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -442,12 +442,12 @@ func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
 		return f, nil
 	}, "")
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -483,12 +483,12 @@ func TestSeal_File(t *testing.T) {
 		return nil
 	}, "")
 
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
@@ -538,12 +538,12 @@ func TestSeal_Vault(t *testing.T) {
 		}, true)
 
 	p.SetEnv("VAULT_TOKEN", "root")
-	p.KluctlMust("seal", "-t", "test-target")
+	p.KluctlMust(t, "seal", "-t", "test-target")
 
 	sealedSecretsDir := p.LocalProjectDir()
 	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
 
-	p.KluctlMust("deploy", "--yes", "-t", "test-target")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
 
 	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
 		"s1": "v1",
diff --git a/e2e/skip_delete_test.go b/e2e/skip_delete_test.go
index 6c2a32bb4..e3ea87606 100644
--- a/e2e/skip_delete_test.go
+++ b/e2e/skip_delete_test.go
@@ -42,7 +42,7 @@ func TestSkipDelete(t *testing.T) {
 		},
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
@@ -51,13 +51,13 @@ func TestSkipDelete(t *testing.T) {
 	cm2.SetK8sAnnotation("kluctl.io/skip-delete", "true")
 	updateObject(t, k, cm2)
 
-	p.KluctlMust("delete", "--yes", "-t", "test")
+	p.KluctlMust(t, "delete", "--yes", "-t", "test")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm1")
 	cm2 = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm4")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	cm1.SetK8sAnnotation("kluctl.io/skip-delete", "true")
 	cm2.SetK8sAnnotation("kluctl.io/skip-delete", "false")
@@ -66,7 +66,7 @@ func TestSkipDelete(t *testing.T) {
 	p.DeleteKustomizeDeployment("cm1")
 	p.DeleteKustomizeDeployment("cm2")
 	p.DeleteKustomizeDeployment("cm3")
-	p.KluctlMust("prune", "--yes", "-t", "test")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
 	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
@@ -94,7 +94,7 @@ func TestForceReplaceSkipDelete(t *testing.T) {
 		},
 	})
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assert.Equal(t, map[string]any{
 		"k1": "v1",
@@ -105,7 +105,7 @@ func TestForceReplaceSkipDelete(t *testing.T) {
 		return nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assert.Equal(t, map[string]any{
 		"k1": "v2",
@@ -116,13 +116,13 @@ func TestForceReplaceSkipDelete(t *testing.T) {
 		o.SetK8sLabel(invalidLabel, "invalid_label")
 		return nil
 	}, "")
-	stdout, _, err := p.Kluctl("deploy", "--yes", "-t", "test")
+	stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test")
 	assert.Error(t, err)
 	assert.Contains(t, stdout, "invalid: metadata.labels")
 	// make sure it did not try to replace it
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 
-	stdout, stderr, err := p.Kluctl("deploy", "--yes", "-t", "test", "--force-replace-on-error")
+	stdout, stderr, err := p.Kluctl(t, "deploy", "--yes", "-t", "test", "--force-replace-on-error")
 	assert.Error(t, err)
 	assert.Contains(t, stdout, "retrying with replace instead of patch")
 	assert.Contains(t, stderr, "skipped forced replace")
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index 6392a24e0..c19626ebd 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -47,7 +47,7 @@ func TestSopsVars(t *testing.T) {
 		return string(b), nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
@@ -80,7 +80,7 @@ func TestSopsResources(t *testing.T) {
 		return string(b), nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "encrypted-cm")
 	assertNestedFieldEquals(t, cm, map[string]any{
@@ -117,7 +117,7 @@ func TestSopsHelmValues(t *testing.T) {
 		return nil
 	}, "")
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index 6d087d198..9bd08d61d 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -47,8 +47,8 @@ func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster,
 	repo2 := repo.URL.String() + "/org1/include2"
 
 	if oci {
-		ip1.KluctlMust("oci", "push", "--url", repo1)
-		ip2.KluctlMust("oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+		ip1.KluctlMust(t, "oci", "push", "--url", repo1)
+		ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
 	}
 
 	if oci {
@@ -116,7 +116,7 @@ func TestLocalGitOverride(t *testing.T) {
 	k1 := u1.RepoKey().String()
 	k2 := u2.RepoKey().String()
 
-	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+	pt.p.KluctlMust(t, "deploy", "--yes", "-t", "test",
 		"--local-git-override", fmt.Sprintf("%s=%s", k1, pt.override1),
 		"--local-git-override", fmt.Sprintf("%s=%s", k2, pt.override2),
 	)
@@ -136,7 +136,7 @@ func TestGitGroup(t *testing.T) {
 	u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
 	k1 := u1.RepoKey().String()
 
-	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+	pt.p.KluctlMust(t, "deploy", "--yes", "-t", "test",
 		"--local-git-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
 	)
 	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
@@ -154,7 +154,7 @@ func TestLocalOciOverride(t *testing.T) {
 	k1 := strings.TrimPrefix(pt.repoUrl1, "oci://")
 	k2 := strings.TrimPrefix(pt.repoUrl2, "oci://")
 
-	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+	pt.p.KluctlMust(t, "deploy", "--yes", "-t", "test",
 		"--local-oci-override", fmt.Sprintf("%s=%s", k1, pt.override1),
 		"--local-oci-override", fmt.Sprintf("%s=%s", k2, pt.override2),
 	)
@@ -172,7 +172,7 @@ func TestLocalOciGroupOverride(t *testing.T) {
 
 	k1 := strings.TrimPrefix(pt.repo.URL.String(), "oci://") + "/org1"
 
-	pt.p.KluctlMust("deploy", "--yes", "-t", "test",
+	pt.p.KluctlMust(t, "deploy", "--yes", "-t", "test",
 		"--local-oci-group-override", fmt.Sprintf("%s=%s", k1, pt.overrideGroupDir),
 	)
 	cm := assertConfigMapExists(t, k, pt.p.TestSlug(), "include1-cm")
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 61021db1c..2d68c7f8f 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -106,7 +106,12 @@ func (p *TestGitServer) initGitServer() {
 	p.gitServerPort = a.Port
 
 	go func() {
-		_ = p.gitHttpServer.Serve(ln)
+		err := p.gitHttpServer.Serve(ln)
+		if err != nil {
+			p.t.Logf("gitHttpServer.Serve() with port %d returned error: %s", p.gitServerPort, err.Error())
+		} else {
+			p.t.Logf("gitHttpServer.Serve() with port %d returned with no error", p.gitServerPort)
+		}
 	}()
 }
 
@@ -114,6 +119,8 @@ func (p *TestGitServer) Cleanup() {
 	p.cleanupMutex.Lock()
 	defer p.cleanupMutex.Unlock()
 
+	p.t.Logf("gitHttpServer.Cleanup() called for port %d", p.gitServerPort)
+
 	if p.gitHttpServer != nil {
 		_ = p.gitHttpServer.Shutdown(context.Background())
 		p.gitHttpServer = nil
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index db71f5800..df24b6ee9 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -11,7 +11,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
-	"github.com/stretchr/testify/assert"
 	registry2 "helm.sh/helm/v3/pkg/registry"
 	"net/url"
 	"os"
@@ -24,7 +23,7 @@ import (
 )
 
 type TestProject struct {
-	t *testing.T
+	initialName string
 
 	extraEnv          utils.OrderedMap[string, string]
 	useProcess        bool
@@ -76,7 +75,7 @@ func WithSkipProjectDirArg(b bool) TestProjectOption {
 
 func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	p := &TestProject{
-		t:           t,
+		initialName: t.Name(),
 		gitRepoName: "kluctl-project",
 	}
 
@@ -114,7 +113,7 @@ func (p *TestProject) GitServer() *git2.TestGitServer {
 }
 
 func (p *TestProject) TestSlug() string {
-	n := p.t.Name()
+	n := p.initialName
 	n = xstrings.ToKebabCase(n)
 	n = strings.ReplaceAll(n, "/", "-")
 	var x []string
@@ -170,7 +169,7 @@ func (p *TestProject) UpdateFile(pth string, update func(f string) (string, erro
 func (p *TestProject) GetYaml(path string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.LocalProjectDir(), path))
 	if err != nil {
-		p.t.Fatal(err)
+		panic(err)
 	}
 	return o
 }
@@ -184,7 +183,7 @@ func (p *TestProject) ListDeploymentItemPathes(dir string, fullPath bool) []stri
 	o := p.GetDeploymentYaml(dir)
 	l, _, err := o.GetNestedObjectList("deployments")
 	if err != nil {
-		p.t.Fatal(err)
+		panic(err)
 	}
 	for _, x := range l {
 		pth, ok, _ := x.GetNestedString("path")
@@ -300,7 +299,7 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 
 	err := os.MkdirAll(absKustomizeDir, 0o700)
 	if err != nil {
-		p.t.Fatal(err)
+		panic(err)
 	}
 
 	p.UpdateKustomizeDeployment(dir, func(o *uo.UnstructuredObject, wt *git.Worktree) error {
@@ -370,7 +369,7 @@ func (p *TestProject) convertInterfaceToList(x interface{}) []interface{} {
 	if s, ok := x.(string); ok {
 		l, err := yaml.ReadYamlAllString(s)
 		if err != nil {
-			p.t.Fatal(err)
+			panic(err)
 		}
 		return l
 	}
@@ -459,22 +458,20 @@ func (p *TestProject) GetGitRepo() *git.Repository {
 func (p *TestProject) GetGitWorktree() *git.Worktree {
 	wt, err := p.GetGitRepo().Worktree()
 	if err != nil {
-		p.t.Fatal(err)
+		panic(err)
 	}
 	return wt
 }
 
-func (p *TestProject) CopyProjectSource() string {
-	return p.CopyProjectSourceTo(p.t.TempDir())
-}
-
 func (p *TestProject) CopyProjectSourceTo(dst string) string {
 	err := cp.Copy(p.LocalRepoDir(), dst)
-	assert.NoError(p.t, err)
+	if err != nil {
+		panic(err)
+	}
 	return dst
 }
 
-func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
+func (p *TestProject) KluctlProcess(t *testing.T, argsIn ...string) (string, string, error) {
 	var args []string
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
@@ -490,9 +487,9 @@ func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
-	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", p.t.TempDir()))
+	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", t.TempDir()))
 
-	p.t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
+	t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
 	testExe, err := os.Executable()
 	if err != nil {
@@ -503,22 +500,22 @@ func (p *TestProject) KluctlProcess(argsIn ...string) (string, string, error) {
 	cmd.Dir = cwd
 	cmd.Env = env
 
-	stdout, stderr, err := runHelper(p.t, cmd)
+	stdout, stderr, err := runHelper(t, cmd)
 	return stdout, stderr, err
 }
 
-func (p *TestProject) KluctlProcessMust(argsIn ...string) (string, string) {
-	stdout, stderr, err := p.KluctlProcess(argsIn...)
+func (p *TestProject) KluctlProcessMust(t *testing.T, argsIn ...string) (string, string) {
+	stdout, stderr, err := p.KluctlProcess(t, argsIn...)
 	if err != nil {
-		p.t.Logf(stderr)
-		p.t.Fatal(fmt.Errorf("kluctl failed: %w", err))
+		t.Logf(stderr)
+		t.Fatal(fmt.Errorf("kluctl failed: %w", err))
 	}
 	return stdout, stderr
 }
 
-func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
+func (p *TestProject) KluctlExecute(t *testing.T, argsIn ...string) (string, string, error) {
 	if p.extraEnv.Len() != 0 {
-		p.t.Fatal("extraEnv is only supported in KluctlProcess(...)")
+		t.Fatal("extraEnv is only supported in KluctlProcess(...)")
 	}
 
 	var args []string
@@ -527,21 +524,21 @@ func (p *TestProject) KluctlExecute(argsIn ...string) (string, string, error) {
 	}
 	args = append(args, argsIn...)
 
-	return KluctlExecute(p.t, context.Background(), p.t.Log, args...)
+	return KluctlExecute(t, context.Background(), t.Log, args...)
 }
 
-func (p *TestProject) Kluctl(argsIn ...string) (string, string, error) {
+func (p *TestProject) Kluctl(t *testing.T, argsIn ...string) (string, string, error) {
 	if p.useProcess {
-		return p.KluctlProcess(argsIn...)
+		return p.KluctlProcess(t, argsIn...)
 	} else {
-		return p.KluctlExecute(argsIn...)
+		return p.KluctlExecute(t, argsIn...)
 	}
 }
 
-func (p *TestProject) KluctlMust(argsIn ...string) (string, string) {
-	stdout, stderr, err := p.Kluctl(argsIn...)
+func (p *TestProject) KluctlMust(t *testing.T, argsIn ...string) (string, string) {
+	stdout, stderr, err := p.Kluctl(t, argsIn...)
 	if err != nil {
-		p.t.Fatal(fmt.Errorf("kluctl failed: %w", err))
+		t.Fatal(fmt.Errorf("kluctl failed: %w", err))
 	}
 	return stdout, stderr
 }
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 9cfd97fd1..644ac5bab 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -82,7 +82,7 @@ func assertValidate(t *testing.T, p *test_project.TestProject, succeed bool) (st
 	args := []string{"validate"}
 	args = append(args, "-t", "test")
 
-	stdout, stderr, err := p.Kluctl(args...)
+	stdout, stderr, err := p.Kluctl(t, args...)
 
 	if succeed {
 		assert.NoError(t, err)
@@ -103,7 +103,7 @@ func TestValidate(t *testing.T) {
 
 	p := prepareValidateTest(t, k)
 
-	p.KluctlMust("deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
 
 	assertValidate(t, p, false)
diff --git a/e2e/when_test.go b/e2e/when_test.go
index 65b5fcee1..c58a2c88e 100644
--- a/e2e/when_test.go
+++ b/e2e/when_test.go
@@ -79,7 +79,7 @@ func TestWhen(t *testing.T) {
 		}
 	}
 
-	p.KluctlMust("deploy", "--yes", "-t", "test", "-aa=test", "-ab=test2")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=test", "-ab=test2")
 
 	for _, test := range tests {
 		if test.want {

From d1cc87c50bdce44728df1d7d05da593970173633 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 27 Oct 2023 16:06:15 +0200
Subject: [PATCH 1812/2268] refactor: Re-work error handling and reporting,
 also get rid of LastHandledXXXAt

---
 api/v1beta1/kluctldeployment_types.go         |  76 +--------
 .../gitops.kluctl.io_kluctldeployments.yaml   |  22 ---
 docs/gitops/api/kluctl-controller.md          |  95 -----------
 e2e/gitops_errors_test.go                     |   2 +-
 e2e/gitops_manual_requests_test.go            |  13 ++
 e2e/gitops_suite_test.go                      |  10 +-
 install/controller/controller/crd.yaml        |  22 ---
 pkg/controllers/kluctl_project.go             | 105 ++++--------
 .../kluctldeployment_controller.go            | 123 ++++++++------
 .../kluctldeployment_controller_reconcile.go  | 152 +++++++-----------
 10 files changed, 197 insertions(+), 423 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 9417e8f8f..ece48e25e 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -492,25 +492,6 @@ type KluctlDeploymentStatus struct {
 	// +optional
 	ValidateRequestResult *ManualRequestResult `json:"validateRequestResult,omitempty"`
 
-	// LastHandledReconcileAt holds the value of the most recent
-	// reconcile request value, so a change of the annotation value
-	// can be detected.
-	// DEPRECATED
-	// +optional
-	LastHandledReconcileAt string `json:"lastHandledReconcileAt,omitempty"`
-
-	// DEPRECATED
-	// +optional
-	LastHandledDeployAt string `json:"lastHandledDeployAt,omitempty"`
-
-	// DEPRECATED
-	// +optional
-	LastHandledPruneAt string `json:"lastHandledPruneAt,omitempty"`
-
-	// DEPRECATED
-	// +optional
-	LastHandledValidateAt string `json:"lastHandledValidateAt,omitempty"`
-
 	// ObservedGeneration is the last reconciled generation.
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
@@ -535,14 +516,6 @@ type KluctlDeploymentStatus struct {
 
 	// +optional
 	LastPrepareError string `json:"lastPrepareError,omitempty"`
-	// +optional
-	LastDiffError string `json:"lastDiffError,omitempty"`
-	// +optional
-	LastDeployError string `json:"lastDeployError,omitempty"`
-	// +optional
-	LastValidateError string `json:"lastValidateError,omitempty"`
-	// +optional
-	LastDriftDetectionError string `json:"lastDriftDetectionError,omitempty"`
 
 	// LastDiffResult is the result summary of the last diff command
 	// +optional
@@ -567,74 +540,41 @@ type KluctlDeploymentStatus struct {
 	LastDriftDetectionResultMessage string `json:"lastDriftDetectionResultMessage,omitempty"`
 }
 
-func (s *KluctlDeploymentStatus) SetLastDiffResult(crs *result.CommandResultSummary, err error) error {
-	s.LastDiffError = ""
-	if err != nil {
-		s.LastDiffError = err.Error()
-	}
+func (s *KluctlDeploymentStatus) SetLastDiffResult(crs *result.CommandResultSummary) {
 	if crs == nil {
 		s.LastDiffResult = nil
 	} else {
-		b, err := yaml.WriteJsonString(crs)
-		if err != nil {
-			return err
-		}
+		b := yaml.WriteJsonStringMust(crs)
 		s.LastDiffResult = &runtime.RawExtension{Raw: []byte(b)}
 	}
-	return nil
 }
 
-func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSummary, err error) error {
-	s.LastDeployError = ""
-	if err != nil {
-		s.LastDeployError = err.Error()
-	}
+func (s *KluctlDeploymentStatus) SetLastDeployResult(crs *result.CommandResultSummary) {
 	if crs == nil {
 		s.LastDeployResult = nil
 	} else {
-		b, err := yaml.WriteJsonString(crs)
-		if err != nil {
-			return err
-		}
+		b := yaml.WriteJsonStringMust(crs)
 		s.LastDeployResult = &runtime.RawExtension{Raw: []byte(b)}
 	}
-	return nil
 }
 
-func (s *KluctlDeploymentStatus) SetLastValidateResult(crs *result.ValidateResult, err error) error {
-	s.LastValidateError = ""
-	if err != nil {
-		s.LastValidateError = err.Error()
-	}
+func (s *KluctlDeploymentStatus) SetLastValidateResult(crs *result.ValidateResult) {
 	if crs == nil {
 		s.LastValidateResult = nil
 	} else {
-		b, err := yaml.WriteJsonString(crs)
-		if err != nil {
-			return err
-		}
+		b := yaml.WriteJsonStringMust(crs)
 		s.LastValidateResult = &runtime.RawExtension{Raw: []byte(b)}
 	}
-	return nil
 }
 
-func (s *KluctlDeploymentStatus) SetLastDriftDetectionResult(dr *result.DriftDetectionResult, err error) error {
-	s.LastDriftDetectionError = ""
-	s.LastDriftDetectionResultMessage = ""
-	if err != nil {
-		s.LastDriftDetectionError = err.Error()
-	}
+func (s *KluctlDeploymentStatus) SetLastDriftDetectionResult(dr *result.DriftDetectionResult) {
 	if dr == nil {
 		s.LastDriftDetectionResult = nil
 	} else {
-		b, err := yaml.WriteJsonString(dr)
-		if err != nil {
-			return err
-		}
+		b := yaml.WriteJsonStringMust(dr)
 		s.LastDriftDetectionResult = &runtime.RawExtension{Raw: []byte(b)}
 		s.LastDriftDetectionResultMessage = dr.BuildShortMessage()
 	}
-	return nil
 }
 
 func (s *KluctlDeploymentStatus) GetLastDeployResult() (*result.CommandResultSummary, error) {
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 727642938..b2727daa1 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -746,22 +746,16 @@ spec:
                 - request
                 - startTime
                 type: object
-              lastDeployError:
-                type: string
               lastDeployResult:
                 description: LastDeployResult is the result summary of the last deploy
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
-              lastDiffError:
-                type: string
               lastDiffResult:
                 description: LastDiffResult is the result summary of the last diff
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
-              lastDriftDetectionError:
-                type: string
               lastDriftDetectionResult:
                 description: LastDriftDetectionResult is the result of the last drift
                   detection command optional
@@ -771,28 +765,12 @@ spec:
                 description: LastDriftDetectionResultMessage contains a short message
                   that describes the drift optional
                 type: string
-              lastHandledDeployAt:
-                description: DEPRECATED
-                type: string
-              lastHandledPruneAt:
-                description: DEPRECATED
-                type: string
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected. DEPRECATED
-                type: string
-              lastHandledValidateAt:
-                description: DEPRECATED
-                type: string
               lastManualObjectsHash:
                 type: string
               lastObjectsHash:
                 type: string
               lastPrepareError:
                 type: string
-              lastValidateError:
-                type: string
               lastValidateResult:
                 description: LastValidateResult is the result summary of the last
                   validate command
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 8b2679ac1..f2bea245d 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1204,57 +1204,6 @@ ManualRequestResult
 </tr>
 <tr>
 <td>
-<code>lastHandledReconcileAt</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>LastHandledReconcileAt holds the value of the most recent
-reconcile request value, so a change of the annotation value
-can be detected.
-DEPRECATED</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastHandledDeployAt</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DEPRECATED</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastHandledPruneAt</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DEPRECATED</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastHandledValidateAt</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-<p>DEPRECATED</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>observedGeneration</code><br>
 <em>
 int64
@@ -1346,50 +1295,6 @@ string
 </tr>
 <tr>
 <td>
-<code>lastDiffError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastDeployError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastValidateError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
-<code>lastDriftDetectionError</code><br>
-<em>
-string
-</em>
-</td>
-<td>
-<em>(Optional)</em>
-</td>
-</tr>
-<tr>
-<td>
 <code>lastDiffResult</code><br>
 <em>
 k8s.io/apimachinery/pkg/runtime.RawExtension
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 030c94222..163bc0a5c 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -229,7 +229,7 @@ data:
 			return nil
 		})
 		kd = suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(kd, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy: ok", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy succeeded", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
index fab93ce38..f434ae829 100644
--- a/e2e/gitops_manual_requests_test.go
+++ b/e2e/gitops_manual_requests_test.go
@@ -206,6 +206,19 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
 			return errors.IsNotFound(err)
 		}, 5*time.Second, time.Second).Should(BeTrue())
+
+		// ensure source is changed
+		p.UpdateYaml("d1/configmap-cm1.yml", func(o *uo.UnstructuredObject) error {
+			_ = o.SetNestedField("v3", "data", "k")
+			return nil
+		}, "")
+
+		// and it should still not reconcile
+		g.Consistently(func() bool {
+			var cm1 corev1.ConfigMap
+			err := suite.k.Client.Get(context.Background(), client.ObjectKey{Name: "cm1", Namespace: p.TestSlug()}, &cm1)
+			return errors.IsNotFound(err)
+		}, 5*time.Second, time.Second).Should(BeTrue())
 	})
 
 	suite.Run("run manual reconcile", func() {
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 4c2adc0fe..9dec37d4c 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -13,6 +13,7 @@ import (
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
@@ -145,7 +146,10 @@ func (suite *GitopsTestSuite) triggerReconcile(key client.ObjectKey) string {
 		if a == nil {
 			a = map[string]string{}
 		}
-		a[kluctlv1.KluctlRequestReconcileAnnotation] = reconcileId
+		mr := kluctlv1.ManualRequest{
+			RequestValue: reconcileId,
+		}
+		a[kluctlv1.KluctlRequestReconcileAnnotation] = yaml.WriteJsonStringMust(&mr)
 		kd.SetAnnotations(a)
 	})
 	return reconcileId
@@ -161,7 +165,7 @@ func (suite *GitopsTestSuite) waitForReconcile(key client.ObjectKey) *kluctlv1.K
 	var kd *kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
 		kd = suite.getKluctlDeployment(key)
-		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
+		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.Request.RequestValue != reconcileId {
 			suite.T().Logf("%s: request processing not started yet", reconcileId)
 			return false
 		}
@@ -190,7 +194,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 	var kd *kluctlv1.KluctlDeployment
 	g.Eventually(func() bool {
 		kd = suite.getKluctlDeployment(key)
-		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.RequestValue != reconcileId {
+		if kd.Status.ReconcileRequestResult == nil || kd.Status.ReconcileRequestResult.Request.RequestValue != reconcileId {
 			suite.T().Logf("%s: request processing not started yet", reconcileId)
 			return false
 		}
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 0406df6e9..e551bca45 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -746,22 +746,16 @@ spec:
                 - request
                 - startTime
                 type: object
-              lastDeployError:
-                type: string
               lastDeployResult:
                 description: LastDeployResult is the result summary of the last deploy
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
-              lastDiffError:
-                type: string
               lastDiffResult:
                 description: LastDiffResult is the result summary of the last diff
                   command
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
-              lastDriftDetectionError:
-                type: string
               lastDriftDetectionResult:
                 description: LastDriftDetectionResult is the result of the last drift
                   detection command optional
@@ -771,28 +765,12 @@ spec:
                 description: LastDriftDetectionResultMessage contains a short message
                   that describes the drift optional
                 type: string
-              lastHandledDeployAt:
-                description: DEPRECATED
-                type: string
-              lastHandledPruneAt:
-                description: DEPRECATED
-                type: string
-              lastHandledReconcileAt:
-                description: LastHandledReconcileAt holds the value of the most recent
-                  reconcile request value, so a change of the annotation value can
-                  be detected. DEPRECATED
-                type: string
-              lastHandledValidateAt:
-                description: DEPRECATED
-                type: string
               lastManualObjectsHash:
                 type: string
               lastObjectsHash:
                 type: string
               lastPrepareError:
                 type: string
-              lastValidateError:
-                type: string
               lastValidateResult:
                 description: LastValidateResult is the result summary of the last
                   validate command
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 7180ddf95..627386e06 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -657,7 +657,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 	return targetContext, nil
 }
 
-func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, reconcileId string, objectsHash string) error {
+func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *result.CommandResult, rr *kluctlv1.ManualRequestResult, reconcileId string, objectsHash string) error {
 	if cmdResult == nil {
 		// this might happen if something has gone so wrong that nothing succeeded
 		return nil
@@ -672,6 +672,10 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	}
 	cmdResult.RenderedObjectsHash = objectsHash
 
+	if rr != nil && rr.Request.OverridesPatch != nil {
+		cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+	}
+
 	var err error
 	cmdResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
 	if err != nil {
@@ -686,14 +690,17 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	return nil
 }
 
-func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdResult *result.CommandResult, commandName string, forceStore bool) error {
+func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdResult *result.CommandResult, rr *kluctlv1.ManualRequestResult, commandName string, reconcileId string, objectsHash string, forceStore bool) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if cmdResult == nil {
 		return fmt.Errorf("command result is nil, which should not happen")
 	}
 
-	var err error
+	err := pt.addCommandResultInfo(ctx, cmdResult, rr, reconcileId, objectsHash)
+	if err != nil {
+		return err
+	}
 
 	summary := cmdResult.BuildSummary()
 	needStore := summary.NewObjects != 0 ||
@@ -720,40 +727,13 @@ func (pt *preparedTarget) writeCommandResult(ctx context.Context, cmdResult *res
 	log.Info(fmt.Sprintf("command finished with %d errors and %d warnings", len(cmdResult.Errors), len(cmdResult.Warnings)))
 	defer pt.exportCommandResultMetricsToProm(summary)
 
-	msg := fmt.Sprintf("%s succeeded.", commandName)
-	if summary.NewObjects != 0 {
-		msg += fmt.Sprintf(" %d new objects.", summary.NewObjects)
-	}
-	if summary.ChangedObjects != 0 {
-		msg += fmt.Sprintf(" %d changed objects.", summary.ChangedObjects)
-	}
-	if summary.AppliedHookObjects != 0 {
-		msg += fmt.Sprintf(" %d hooks run.", summary.AppliedHookObjects)
-	}
-	if summary.DeletedObjects != 0 {
-		msg += fmt.Sprintf(" %d deleted objects.", summary.DeletedObjects)
-	}
-	if summary.OrphanObjects != 0 {
-		msg += fmt.Sprintf(" %d orphan objects.", summary.OrphanObjects)
-	}
-	if len(cmdResult.Errors) != 0 {
-		msg += fmt.Sprintf(" %d errors.", len(cmdResult.Errors))
-	}
-	if len(cmdResult.Warnings) != 0 {
-		msg += fmt.Sprintf(" %d warnings.", len(cmdResult.Warnings))
-	}
-
-	warning := false
-	if len(cmdResult.Errors) != 0 {
-		warning = true
-		err = fmt.Errorf("%s failed with %d errors", commandName, len(cmdResult.Errors))
-	}
-	pt.pp.r.event(ctx, pt.pp.obj, warning, msg, nil)
+	msg := pt.pp.r.buildResultMessage(summary, commandName)
+	pt.pp.r.event(ctx, pt.pp.obj, len(cmdResult.Errors) != 0, msg, nil)
 
-	return err
+	return nil
 }
 
-func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResult *result.ValidateResult, reconcileId string, objectsHash string) error {
+func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResult *result.ValidateResult, rr *kluctlv1.ManualRequestResult, reconcileId string, objectsHash string) error {
 	log := ctrl.LoggerFrom(ctx)
 
 	if validateResult == nil {
@@ -768,6 +748,10 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResul
 	}
 	validateResult.RenderedObjectsHash = objectsHash
 
+	if rr != nil && rr.Request.OverridesPatch != nil {
+		validateResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+	}
+
 	var err error
 	validateResult.KluctlDeployment.ClusterId, err = k8s2.GetClusterId(ctx, pt.pp.r.Client)
 	if err != nil {
@@ -785,17 +769,17 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResul
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeployOrPokeImages(ctx context.Context, deployMode string, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeployOrPokeImages(deployMode string, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
 	if deployMode == kluctlv1.KluctlDeployModeFull {
-		return pt.kluctlDeploy(ctx, targetContext, reconcileId, objectsHash)
+		return pt.kluctlDeploy(targetContext), nil
 	} else if deployMode == kluctlv1.KluctlDeployPokeImages {
-		return pt.kluctlPokeImages(ctx, targetContext, reconcileId, objectsHash)
+		return pt.kluctlPokeImages(targetContext), nil
 	} else {
 		return nil, fmt.Errorf("deployMode '%s' not supported", deployMode)
 	}
 }
 
-func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluctl_project.TargetContext, reconcileId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeploy(targetContext *kluctl_project.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -809,43 +793,31 @@ func (pt *preparedTarget) kluctlDeploy(ctx context.Context, targetContext *kluct
 	cmd.WaitPrune = false
 
 	cmdResult := cmd.Run(nil)
-	err := pt.addCommandResultInfo(ctx, cmdResult, reconcileId, objectsHash)
-	if err != nil {
-		return cmdResult, err
-	}
-	return cmdResult, nil
+	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlPokeImages(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPokeImages(targetContext *kluctl_project.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
 
 	cmdResult := cmd.Run()
-	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
-	if err != nil {
-		return cmdResult, err
-	}
-	return cmdResult, nil
+	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlPrune(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlPrune(targetContext *kluctl_project.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPruneCommand("", targetContext, false)
 
 	cmdResult := cmd.Run(func(refs []k8s.ObjectRef) error {
-		pt.printDeletedRefs(ctx, refs)
+		pt.printDeletedRefs(targetContext.SharedContext.Ctx, refs)
 		return nil
 	})
-	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
-	if err != nil {
-		return cmdResult, err
-	}
-	return cmdResult, nil
+	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_project.TargetContext, crId string, objectsHash string, resourceVersions map[k8s.ObjectRef]string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDiff(targetContext *kluctl_project.TargetContext, resourceVersions map[k8s.ObjectRef]string) *result.CommandResult {
 	cmd := commands.NewDiffCommand(targetContext)
 	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
 	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
@@ -853,24 +825,20 @@ func (pt *preparedTarget) kluctlDiff(ctx context.Context, targetContext *kluctl_
 	cmd.SkipResourceVersions = resourceVersions
 
 	cmdResult := cmd.Run()
-	err := pt.addCommandResultInfo(ctx, cmdResult, crId, objectsHash)
-	if err != nil {
-		return cmdResult, err
-	}
-	return cmdResult, err
+	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlValidate(ctx context.Context, targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) (*result.ValidateResult, error) {
+func (pt *preparedTarget) kluctlValidate(targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) *result.ValidateResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
 	cmd := commands.NewValidateCommand(targetContext.Target.Discriminator, targetContext, cmdResult)
 
-	validateResult := cmd.Run(ctx)
-	return validateResult, nil
+	validateResult := cmd.Run(targetContext.SharedContext.Ctx)
+	return validateResult
 }
 
-func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string, crId string) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string) (*result.CommandResult, error) {
 	if !pt.pp.obj.Spec.Delete {
 		return nil, nil
 	}
@@ -912,11 +880,6 @@ func (pt *preparedTarget) kluctlDelete(ctx context.Context, discriminator string
 	cmdResult.TargetKey.Discriminator = discriminator
 	cmdResult.TargetKey.ClusterId = cmdResult.ClusterInfo.ClusterId
 
-	err = pt.addCommandResultInfo(ctx, cmdResult, crId, "")
-	if err != nil {
-		return cmdResult, err
-	}
-	err = pt.writeCommandResult(ctx, cmdResult, "delete", false)
 	return cmdResult, err
 }
 
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 0c1a0be16..57d622ec3 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -2,8 +2,8 @@ package controllers
 
 import (
 	"context"
+	"errors"
 	"fmt"
-	"github.com/google/uuid"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
@@ -98,7 +98,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	// Examine if the object is under deletion
 	if !obj.GetDeletionTimestamp().IsZero() {
-		return r.finalize(ctx, obj)
+		return r.finalize(ctx, obj, reconcileID)
 	}
 
 	patchObj := obj.DeepCopy()
@@ -254,18 +254,51 @@ func (r *KluctlDeploymentReconciler) updateResourceVersions(key client.ObjectKey
 	r.resourceVersionsMap[key] = newMap
 }
 
-func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (finalStatus string, reason string) {
-	log := ctrl.LoggerFrom(ctx)
+func (r *KluctlDeploymentReconciler) buildErrorFromResult(errors_ []result.DeploymentError, warnings []result.DeploymentError, commandName string) error {
+	if len(errors_) == 0 {
+		return nil
+	}
+	return errors.New(r.buildBaseResultMessage(errors_, warnings, commandName))
+}
 
-	if obj.Status.LastDeployError != "" {
-		finalStatus = obj.Status.LastDeployError
-		reason = kluctlv1.DeployFailedReason
-		return
-	} else if obj.Status.LastValidateError != "" {
-		finalStatus = obj.Status.LastValidateError
-		reason = kluctlv1.ValidateFailedReason
-		return
+func (r *KluctlDeploymentReconciler) buildBaseResultMessage(errors []result.DeploymentError, warnings []result.DeploymentError, commandName string) string {
+	var msg string
+	if len(errors) != 0 {
+		if len(warnings) != 0 {
+			msg = fmt.Sprintf("%s failed with %d errors and %d warnings.", commandName, len(errors), len(warnings))
+		} else {
+			msg = fmt.Sprintf("%s failed with %d errors.", commandName, len(errors))
+		}
+	} else if len(warnings) != 0 {
+		msg = fmt.Sprintf("%s succeeded with %d warnings.", commandName, len(warnings))
+	} else {
+		msg = fmt.Sprintf("%s succeeded.", commandName)
 	}
+	return msg
+}
+
+func (r *KluctlDeploymentReconciler) buildResultMessage(summary *result.CommandResultSummary, commandName string) string {
+	msg := r.buildBaseResultMessage(summary.Errors, summary.Warnings, commandName)
+	if summary.NewObjects != 0 {
+		msg += fmt.Sprintf(" %d new objects.", summary.NewObjects)
+	}
+	if summary.ChangedObjects != 0 {
+		msg += fmt.Sprintf(" %d changed objects.", summary.ChangedObjects)
+	}
+	if summary.AppliedHookObjects != 0 {
+		msg += fmt.Sprintf(" %d hooks run.", summary.AppliedHookObjects)
+	}
+	if summary.DeletedObjects != 0 {
+		msg += fmt.Sprintf(" %d deleted objects.", summary.DeletedObjects)
+	}
+	if summary.OrphanObjects != 0 {
+		msg += fmt.Sprintf(" %d orphan objects.", summary.OrphanObjects)
+	}
+	return msg
+}
+
+func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (string, string) {
+	log := ctrl.LoggerFrom(ctx)
 
 	var lastDeployResult *result.CommandResultSummary
 	var lastValidateResult *result.ValidateResult
@@ -282,45 +315,26 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 		}
 	}
 
-	deployOk := lastDeployResult != nil && len(lastDeployResult.Errors) == 0
-	validateOk := lastValidateResult != nil && len(lastValidateResult.Errors) == 0 && lastValidateResult.Ready
-
-	if !obj.Spec.Validate {
-		validateOk = true
+	if lastDeployResult == nil {
+		return "deployment status unknown", kluctlv1.DeployFailedReason
 	}
 
-	if obj.Status.LastDeployResult != nil {
-		finalStatus += "deploy: "
-		if deployOk {
-			finalStatus += "ok"
-		} else {
-			finalStatus += "failed"
-		}
-	}
-	if obj.Spec.Validate && obj.Status.LastValidateResult != nil {
-		if finalStatus != "" {
-			finalStatus += ", "
-		}
-		finalStatus += "validate: "
-		if validateOk {
-			finalStatus += "ok"
-		} else {
-			finalStatus += "failed"
+	msg := r.buildResultMessage(lastDeployResult, "deploy")
+	if obj.Spec.Validate {
+		if lastValidateResult == nil {
+			return msg + " Validation status unknown.", kluctlv1.ValidateFailedReason
 		}
+		msg += " " + r.buildBaseResultMessage(lastValidateResult.Errors, lastDeployResult.Warnings, "validate")
 	}
 
-	if deployOk {
-		if validateOk {
-			reason = kluctlv1.ReconciliationSucceededReason
-		} else {
-			reason = kluctlv1.ValidateFailedReason
-			return
-		}
-	} else {
-		reason = kluctlv1.DeployFailedReason
-		return
+	if len(lastDeployResult.Errors) != 0 {
+		return msg, kluctlv1.DeployFailedReason
+	}
+	if lastValidateResult != nil && len(lastValidateResult.Errors) != 0 {
+		return msg, kluctlv1.ValidateFailedReason
 	}
-	return
+
+	return msg, kluctlv1.ReconciliationSucceededReason
 }
 
 func (r *KluctlDeploymentReconciler) calcTimeout(obj *kluctlv1.KluctlDeployment) time.Duration {
@@ -397,8 +411,8 @@ func (r *KluctlDeploymentReconciler) nextValidateTime(obj *kluctlv1.KluctlDeploy
 	return &t
 }
 
-func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) (ctrl.Result, error) {
-	r.doFinalize(ctx, obj)
+func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string) (ctrl.Result, error) {
+	r.doFinalize(ctx, obj, reconcileId)
 
 	r.mutex.Lock()
 	delete(r.resourceVersionsMap, client.ObjectKeyFromObject(obj))
@@ -415,7 +429,7 @@ func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1
 	return ctrl.Result{}, nil
 }
 
-func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctlv1.KluctlDeployment) {
+func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string) {
 	log := ctrl.LoggerFrom(ctx)
 
 	if !obj.Spec.Delete || obj.Spec.Suspend {
@@ -437,9 +451,16 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 
 	pt := pp.newTarget()
 
-	commandResultId := uuid.NewString()
-
-	_, _ = pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator, commandResultId)
+	cmdResult, err := pt.kluctlDelete(ctx, obj.Status.TargetKey.Discriminator)
+	if err != nil {
+		log.Error(err, "delete failed with an error")
+	}
+	if cmdResult != nil {
+		err = pt.writeCommandResult(ctx, cmdResult, nil, "delete", reconcileId, "", false)
+		if err != nil {
+			log.Error(err, "delete write delete command result")
+		}
+	}
 }
 
 func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.KluctlDeployment) {
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index f62bf400d..6e24d0049 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -10,7 +10,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
@@ -19,7 +18,7 @@ import (
 	"time"
 )
 
-type getResultPtrCallback func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string)
+type getResultPtrCallback func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult
 
 func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string,
@@ -64,29 +63,9 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 		return nil, err
 	}
 
-	resultPtr, legacyValue := getResultPtr(&obj.Status)
+	resultPtr := getResultPtr(&obj.Status)
 	rr := *resultPtr
 
-	if rr == nil && legacyValue == v {
-		// legacy value in status is still present, and we never executed the new request status handling
-		// ensure that we don't accidentally re-process the request
-		t := metav1.Now()
-		rr = &kluctlv1.ManualRequestResult{
-			Request:     mr,
-			StartTime:   t,
-			EndTime:     &t,
-			ReconcileId: "unknown",
-		}
-		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			resultPtr, _ := getResultPtr(status)
-			*resultPtr = rr
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
-		return nil, nil
-	}
 	if rr == nil || rr.Request.RequestValue != v {
 		rr = &kluctlv1.ManualRequestResult{
 			Request:     mr,
@@ -94,8 +73,7 @@ func (r *KluctlDeploymentReconciler) startHandleManualRequest(ctx context.Contex
 			ReconcileId: reconcileId,
 		}
 		err := r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-			resultPtr, _ := getResultPtr(status)
-			*resultPtr = rr
+			*getResultPtr(status) = rr
 			return nil
 		})
 		if err != nil {
@@ -125,8 +103,7 @@ func (r *KluctlDeploymentReconciler) finishHandleManualRequest(ctx context.Conte
 		rr.CommandError = commandErr.Error()
 	}
 	return r.patchStatus(ctx, key, func(status *kluctlv1.KluctlDeploymentStatus) error {
-		resultPtr, _ := getResultPtr(status)
-		*resultPtr = rr
+		*getResultPtr(status) = rr
 		return nil
 	})
 }
@@ -299,24 +276,21 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
-		return &status.DiffRequestResult, ""
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult {
+		return &status.DiffRequestResult
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"diff", kluctlv1.KluctlRequestDiffAnnotation,
 		getResultPtr, false,
 		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlDiff(ctx, targetContext, reconcileId, objectsHash, nil)
-			if cmdResult != nil && rr != nil {
-				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
-			}
-			err := pt.writeCommandResult(ctx, cmdResult, "diff", true)
+			cmdResult := pt.kluctlDiff(targetContext, nil)
+			err := pt.writeCommandResult(ctx, cmdResult, rr, "diff", reconcileId, objectsHash, true)
 			if err != nil {
 				log.Error(err, "Failed to write diff result")
 			}
-			err = obj.Status.SetLastDiffResult(cmdResult.BuildSummary(), cmdErr)
-			return cmdResult, kluctlv1.DiffFailedReason, err
+			obj.Status.SetLastDiffResult(cmdResult.BuildSummary())
+			return cmdResult, kluctlv1.DiffFailedReason, r.buildErrorFromResult(cmdResult.Errors, cmdResult.Warnings, "diff")
 		})
 }
 
@@ -324,28 +298,24 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	defer func() {
-		obj.Status.LastHandledDeployAt = ""
-	}()
-
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
-		return &status.DeployRequestResult, status.LastHandledDeployAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult {
+		return &status.DeployRequestResult
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation,
 		getResultPtr, false,
 		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlDeployOrPokeImages(ctx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash)
-			if cmdResult != nil && rr != nil {
-				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
+			cmdResult, err := pt.kluctlDeployOrPokeImages(obj.Spec.DeployMode, targetContext)
+			if err != nil {
+				return nil, kluctlv1.DeployFailedReason, err
 			}
-			err := pt.writeCommandResult(ctx, cmdResult, "deploy", true)
+			err = pt.writeCommandResult(ctx, cmdResult, rr, "deploy", reconcileId, objectsHash, true)
 			if err != nil {
 				log.Error(err, "Failed to write deploy result")
 			}
-			err = obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
-			return cmdResult, kluctlv1.DeployFailedReason, err
+			obj.Status.SetLastDeployResult(cmdResult.BuildSummary())
+			return cmdResult, kluctlv1.DeployFailedReason, r.buildErrorFromResult(cmdResult.Errors, cmdResult.Warnings, "deploy")
 		})
 }
 
@@ -353,28 +323,21 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	defer func() {
-		obj.Status.LastHandledPruneAt = ""
-	}()
-
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
-		return &status.PruneRequestResult, status.LastHandledPruneAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult {
+		return &status.PruneRequestResult
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"prune", kluctlv1.KluctlRequestPruneAnnotation,
 		getResultPtr, false,
 		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlPrune(ctx, targetContext, reconcileId, objectsHash)
-			if cmdResult != nil && rr != nil {
-				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
-			}
-			err := pt.writeCommandResult(ctx, cmdResult, "prune", true)
+			cmdResult := pt.kluctlPrune(targetContext)
+			err := pt.writeCommandResult(ctx, cmdResult, rr, "prune", reconcileId, objectsHash, true)
 			if err != nil {
 				log.Error(err, "Failed to write prune result")
 			}
-			err = obj.Status.SetLastDeployResult(cmdResult.BuildSummary(), cmdErr)
-			return cmdResult, kluctlv1.PruneFailedReason, err
+			obj.Status.SetLastDeployResult(cmdResult.BuildSummary())
+			return cmdResult, kluctlv1.PruneFailedReason, r.buildErrorFromResult(cmdResult.Errors, cmdResult.Warnings, "prune")
 		})
 }
 
@@ -382,28 +345,21 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 	log := ctrl.LoggerFrom(ctx)
 
-	defer func() {
-		obj.Status.LastHandledValidateAt = ""
-	}()
-
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
-		return &status.ValidateRequestResult, status.LastHandledValidateAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult {
+		return &status.ValidateRequestResult
 	}
 
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"validate", kluctlv1.KluctlRequestValidateAnnotation,
 		getResultPtr, false,
 		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult, cmdErr := pt.kluctlValidate(ctx, targetContext, nil)
-			if cmdResult != nil && rr != nil {
-				cmdResult.OverridesPatch = uo.FromStringMust(string(rr.Request.OverridesPatch.Raw))
-			}
-			err := pt.writeValidateResult(ctx, cmdResult, reconcileId, objectsHash)
+			cmdResult := pt.kluctlValidate(targetContext, nil)
+			err := pt.writeValidateResult(ctx, cmdResult, rr, reconcileId, objectsHash)
 			if err != nil {
 				log.Error(err, "Failed to write validate result")
 			}
-			err = obj.Status.SetLastValidateResult(cmdResult, cmdErr)
-			return cmdResult, kluctlv1.ValidateFailedReason, err
+			obj.Status.SetLastValidateResult(cmdResult)
+			return cmdResult, kluctlv1.ValidateFailedReason, r.buildErrorFromResult(cmdResult.Errors, cmdResult.Warnings, "validate")
 		})
 }
 
@@ -411,12 +367,11 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 	obj *kluctlv1.KluctlDeployment, reconcileId string) (bool, error) {
 
 	defer func() {
-		obj.Status.LastHandledReconcileAt = ""
 		obj.Status.ObservedGeneration = obj.GetGeneration()
 	}()
 
-	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) (**kluctlv1.ManualRequestResult, string) {
-		return &status.ReconcileRequestResult, status.LastHandledReconcileAt
+	getResultPtr := func(status *kluctlv1.KluctlDeploymentStatus) **kluctlv1.ManualRequestResult {
+		return &status.ReconcileRequestResult
 	}
 
 	forceReconcile := true
@@ -485,7 +440,6 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 		}
 	} else {
 		obj.Status.LastValidateResult = nil
-		obj.Status.LastValidateError = ""
 	}
 
 	if !needDeploy && obj.Status.LastObjectsHash != objectsHash {
@@ -496,6 +450,8 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 	obj.Status.LastObjectsHash = objectsHash
 	obj.Status.LastManualObjectsHash = obj.Spec.ManualObjectsHash
 
+	var cmdErrors error
+
 	var deployResult *result.CommandResult
 	if needDeploy {
 		err := r.patchProgressingCondition(ctx, obj, fmt.Sprintf("Performing kluctl %s", obj.Spec.DeployMode), false)
@@ -503,13 +459,17 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 			return nil, kluctlv1.DeployFailedReason, err
 		}
 
-		var cmdErr error
-		deployResult, cmdErr = pt.kluctlDeployOrPokeImages(timeoutCtx, obj.Spec.DeployMode, targetContext, reconcileId, objectsHash)
-		err = pt.writeCommandResult(ctx, deployResult, obj.Spec.DeployMode, false)
+		deployResult, err = pt.kluctlDeployOrPokeImages(obj.Spec.DeployMode, targetContext)
+		if err != nil {
+			return nil, kluctlv1.DeployFailedReason, err
+		}
+		err = pt.writeCommandResult(ctx, deployResult, rr, obj.Spec.DeployMode, reconcileId, objectsHash, false)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
 		}
-		err = obj.Status.SetLastDeployResult(deployResult.BuildSummary(), cmdErr)
+		obj.Status.SetLastDeployResult(deployResult.BuildSummary())
+
+		cmdErrors = r.buildErrorFromResult(deployResult.Errors, deployResult.Warnings, "deploy")
 
 		if obj.Spec.DryRun {
 			// force full drift detection (otherwise we'd see the dry-run applied changes as non-drifted)
@@ -524,14 +484,20 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 		if err != nil {
 			return nil, kluctlv1.ValidateFailedReason, err
 		}
-		validateResult, cmdErr := pt.kluctlValidate(timeoutCtx, targetContext, deployResult)
-		err = pt.writeValidateResult(ctx, validateResult, obj.Spec.DeployMode, objectsHash)
+		validateResult := pt.kluctlValidate(targetContext, deployResult)
+		err = pt.writeValidateResult(ctx, validateResult, rr, reconcileId, objectsHash)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
 		}
-		err = obj.Status.SetLastValidateResult(validateResult, cmdErr)
+		obj.Status.SetLastValidateResult(validateResult)
+
+		err = r.buildErrorFromResult(validateResult.Errors, validateResult.Warnings, "validate")
 		if err != nil {
-			log.Error(err, "Failed to write validate result")
+			if cmdErrors == nil {
+				cmdErrors = err
+			} else {
+				cmdErrors = multierror.Append(cmdErrors, err)
+			}
 		}
 	}
 
@@ -543,15 +509,21 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 
 		resourceVersions := r.getResourceVersions(key)
 
-		diffResult, cmdErr := pt.kluctlDiff(timeoutCtx, targetContext, reconcileId, objectsHash, resourceVersions)
+		diffResult := pt.kluctlDiff(targetContext, resourceVersions)
 		driftDetectionResult := diffResult.BuildDriftDetectionResult()
-		err = obj.Status.SetLastDriftDetectionResult(driftDetectionResult, cmdErr)
+		obj.Status.SetLastDriftDetectionResult(driftDetectionResult)
+
+		err = r.buildErrorFromResult(diffResult.Errors, diffResult.Warnings, "diff")
 		if err != nil {
-			log.Error(err, "Failed to write drift detection result")
+			if cmdErrors == nil {
+				cmdErrors = err
+			} else {
+				cmdErrors = multierror.Append(cmdErrors, err)
+			}
 		}
 
 		r.updateResourceVersions(key, diffResult.Objects, driftDetectionResult.Objects)
 	}
 
-	return nil, "", nil
+	return nil, "", cmdErrors
 }

From 4fae190aac64edbb5dc5fea1d5eb3d9f603c97c6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 10:28:14 +0200
Subject: [PATCH 1813/2268] tests: Wait for deletion of KluctlDeployments

---
 e2e/gitops_suite_test.go | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 9dec37d4c..5fc3883b9 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -54,7 +54,6 @@ type GitopsTestSuite struct {
 	gitopsNamespace        string
 	gitopsResultsNamespace string
 	gitopsSecretIdx        int
-	deletedDeployments     []client.ObjectKey
 }
 
 func (suite *GitopsTestSuite) SetupSuite() {
@@ -73,17 +72,6 @@ func (suite *GitopsTestSuite) SetupSuite() {
 }
 
 func (suite *GitopsTestSuite) TearDownSuite() {
-	g := NewWithT(suite.T())
-
-	g.Eventually(func() bool {
-		for _, key := range suite.deletedDeployments {
-			if suite.getKluctlDeploymentAllowNil(key) != nil {
-				return false
-			}
-		}
-		return true
-	}, timeout, time.Second).Should(BeTrue())
-
 	if suite.cancelController != nil {
 		suite.cancelController()
 	}
@@ -304,6 +292,8 @@ func (suite *GitopsTestSuite) updateKluctlDeployment(key client.ObjectKey, updat
 func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
 	g := NewWithT(suite.T())
 
+	suite.T().Logf("Deleting KluctlDeployment %s", key.String())
+
 	var kd kluctlv1.KluctlDeployment
 	kd.Name = key.Name
 	kd.Namespace = key.Namespace
@@ -312,7 +302,14 @@ func (suite *GitopsTestSuite) deleteKluctlDeployment(key client.ObjectKey) {
 		g.Expect(err).To(Succeed())
 	}
 
-	suite.deletedDeployments = append(suite.deletedDeployments, key)
+	g.Eventually(func() bool {
+		if suite.getKluctlDeploymentAllowNil(key) != nil {
+			return false
+		}
+		return true
+	}, timeout, time.Second).Should(BeTrue())
+
+	suite.T().Logf("KluctlDeployment %s has vanished", key.String())
 }
 
 func (suite *GitopsTestSuite) createGitopsSecret(m map[string]string) string {

From a84531751c0cc9ac8b95dba49243d404b2049224 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 10:28:38 +0200
Subject: [PATCH 1814/2268] chore: Add some more logging to finalization

---
 pkg/controllers/kluctldeployment_controller.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 57d622ec3..835319c6c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -432,6 +432,8 @@ func (r *KluctlDeploymentReconciler) finalize(ctx context.Context, obj *kluctlv1
 func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string) {
 	log := ctrl.LoggerFrom(ctx)
 
+	log.Info("Finalizing")
+
 	if !obj.Spec.Delete || obj.Spec.Suspend {
 		return
 	}
@@ -441,7 +443,7 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 		return
 	}
 
-	log.V(1).Info("Deleting target")
+	log.Info(fmt.Sprintf("Deleting objects with discriminator '%s'", obj.Status.TargetKey.Discriminator))
 
 	pp, err := prepareProject(ctx, r, obj, false)
 	if err != nil {
@@ -458,7 +460,7 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 	if cmdResult != nil {
 		err = pt.writeCommandResult(ctx, cmdResult, nil, "delete", reconcileId, "", false)
 		if err != nil {
-			log.Error(err, "delete write delete command result")
+			log.Error(err, "write delete command result failed")
 		}
 	}
 }

From c356ed6da90aedbb466de72f5a980ab33aa86874 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 10:28:51 +0200
Subject: [PATCH 1815/2268] fix: Support new manual requests form the webui

---
 pkg/webui/server.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 85ccb76c3..02d2f1d6c 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -527,20 +528,28 @@ func (s *CommandResultsServer) doSetAnnotation(c *gin.Context, aname string, ava
 	})
 }
 
+func (s *CommandResultsServer) manualRequest(c *gin.Context, annotationName string) {
+	mr := &kluctlv1.ManualRequest{
+		RequestValue: time.Now().Format(time.RFC3339Nano),
+	}
+
+	s.doSetAnnotation(c, annotationName, yaml.WriteJsonStringMust(mr))
+}
+
 func (s *CommandResultsServer) validateNow(c *gin.Context) {
-	s.doSetAnnotation(c, kluctlv1.KluctlRequestValidateAnnotation, time.Now().Format(time.RFC3339Nano))
+	s.manualRequest(c, kluctlv1.KluctlRequestValidateAnnotation)
 }
 
 func (s *CommandResultsServer) reconcileNow(c *gin.Context) {
-	s.doSetAnnotation(c, kluctlv1.KluctlRequestReconcileAnnotation, time.Now().Format(time.RFC3339Nano))
+	s.manualRequest(c, kluctlv1.KluctlRequestReconcileAnnotation)
 }
 
 func (s *CommandResultsServer) deployNow(c *gin.Context) {
-	s.doSetAnnotation(c, kluctlv1.KluctlRequestDeployAnnotation, time.Now().Format(time.RFC3339Nano))
+	s.manualRequest(c, kluctlv1.KluctlRequestDeployAnnotation)
 }
 
 func (s *CommandResultsServer) pruneNow(c *gin.Context) {
-	s.doSetAnnotation(c, kluctlv1.KluctlRequestPruneAnnotation, time.Now().Format(time.RFC3339Nano))
+	s.manualRequest(c, kluctlv1.KluctlRequestPruneAnnotation)
 }
 
 func (s *CommandResultsServer) setSuspended(c *gin.Context) {

From 1c1d28efc9b7af5922af455db60022542d353bec Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 23:54:02 +0200
Subject: [PATCH 1816/2268] tests: Fix race condition in TestGitServer shutdown

---
 e2e/test-utils/test_git_server.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 2d68c7f8f..f55489258 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -32,7 +32,8 @@ type TestGitServer struct {
 	authPassword string
 	failWhenAuth bool
 
-	cleanupMutex sync.RWMutex
+	cleanupMutex  sync.RWMutex
+	cleanupDoneCh chan struct{}
 }
 
 type TestGitServerOpt func(*TestGitServer)
@@ -52,8 +53,9 @@ func WithTestGitServerFailWhenAuth(fail bool) TestGitServerOpt {
 
 func NewTestGitServer(t *testing.T, opts ...TestGitServerOpt) *TestGitServer {
 	p := &TestGitServer{
-		t:       t,
-		baseDir: t.TempDir(),
+		t:             t,
+		baseDir:       t.TempDir(),
+		cleanupDoneCh: make(chan struct{}),
 	}
 
 	for _, o := range opts {
@@ -112,6 +114,7 @@ func (p *TestGitServer) initGitServer() {
 		} else {
 			p.t.Logf("gitHttpServer.Serve() with port %d returned with no error", p.gitServerPort)
 		}
+		close(p.cleanupDoneCh)
 	}()
 }
 
@@ -125,6 +128,7 @@ func (p *TestGitServer) Cleanup() {
 		_ = p.gitHttpServer.Shutdown(context.Background())
 		p.gitHttpServer = nil
 		p.gitServer = nil
+		<-p.cleanupDoneCh
 	}
 
 	p.baseDir = ""

From a2629e7d9f901280a6f5553b19c5ea7e086440a7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 28 Oct 2023 23:54:32 +0200
Subject: [PATCH 1817/2268] chore: Run go mod tidy

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 852596c1f..9a1fadc59 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,6 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
-	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/evanphx/json-patch/v5 v5.6.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
@@ -156,6 +155,7 @@ require (
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect

From 51a43fff589a5bcc3e7f344be9b02d57b634b5a1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 10:33:34 +0100
Subject: [PATCH 1818/2268] refactor: Move building of source overrides into
 own func

---
 cmd/kluctl/commands/cmd_gitops.go | 40 ++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 6d8237e33..5aa3c5c77 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -379,23 +379,7 @@ func (g *gitopsCmdHelper) buildOverridePatch(ctx context.Context, kdIn *v1beta1.
 		return nil, err
 	}
 
-	var proxyUrl *url.URL
-	if len(g.soResolver.Overrides) != 0 {
-		if g.soClient == nil {
-			return nil, fmt.Errorf("local source overrides present but no connection to source override proxy established")
-		}
-		proxyUrl, err = g.soClient.BuildProxyUrl()
-		if err != nil {
-			return nil, err
-		}
-	}
-	for _, ro := range g.soResolver.Overrides {
-		kd.Spec.SourceOverrides = append(kd.Spec.SourceOverrides, v1beta1.SourceOverride{
-			RepoKey: ro.RepoKey,
-			Url:     proxyUrl.String(),
-			IsGroup: ro.IsGroup,
-		})
-	}
+	err = g.buildSourceOverrides(kd)
 
 	kdOrigS, err := yaml.WriteJsonString(kdIn)
 	if err != nil {
@@ -441,6 +425,28 @@ func (g *gitopsCmdHelper) overrideDeploymentArgs(kd *v1beta1.KluctlDeployment) e
 	return nil
 }
 
+func (g *gitopsCmdHelper) buildSourceOverrides(kd *v1beta1.KluctlDeployment) error {
+	var err error
+	var proxyUrl *url.URL
+	if len(g.soResolver.Overrides) != 0 {
+		if g.soClient == nil {
+			return fmt.Errorf("local source overrides present but no connection to source override proxy established")
+		}
+		proxyUrl, err = g.soClient.BuildProxyUrl()
+		if err != nil {
+			return err
+		}
+	}
+	for _, ro := range g.soResolver.Overrides {
+		kd.Spec.SourceOverrides = append(kd.Spec.SourceOverrides, v1beta1.SourceOverride{
+			RepoKey: ro.RepoKey,
+			Url:     proxyUrl.String(),
+			IsGroup: ro.IsGroup,
+		})
+	}
+	return nil
+}
+
 func (g *gitopsCmdHelper) waitForRequestToStart(ctx context.Context, key client.ObjectKey, requestValue string, getRequestResult func(status *v1beta1.KluctlDeploymentStatus) *v1beta1.ManualRequestResult) (*v1beta1.ManualRequestResult, error) {
 	s := status.Startf(ctx, "Waiting for controller to start processing the request")
 	defer s.Failed()

From 8cdd92185cd9e4b3102faf2abc597787ff40bec0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 17:50:20 +0100
Subject: [PATCH 1819/2268] fix: Use single repoKey in projectKey instead of
 one for oci and one for git

---
 .../bases/gitops.kluctl.io_kluctldeployments.yaml    |  4 +---
 e2e/results_test.go                                  |  2 +-
 install/controller/controller/crd.yaml               |  4 +---
 .../kluctldeployment_controller_status.go            | 12 ++++++------
 pkg/git/git_info.go                                  |  2 +-
 pkg/results/result-store-secrets.go                  | 12 ++++++------
 pkg/results/result-store.go                          |  2 +-
 pkg/types/result/command_result.go                   |  9 ++++-----
 pkg/types/result/zz_generated.deepcopy.go            |  3 +--
 pkg/webui/events.go                                  |  4 ++--
 pkg/webui/ui/src/api.tsx                             |  4 ++--
 pkg/webui/ui/src/components/Router.tsx               |  6 +++---
 .../src/components/target-cards-view/ProjectCard.tsx |  6 +++---
 .../components/target-list-view/TargetsListView.tsx  |  2 +-
 pkg/webui/ui/src/models.ts                           |  6 ++----
 pkg/webui/ui/src/project-summaries.ts                |  4 ++--
 16 files changed, 37 insertions(+), 45 deletions(-)

diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index b2727daa1..91a6817a2 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -785,9 +785,7 @@ spec:
                 type: integer
               projectKey:
                 properties:
-                  gitRepoKey:
-                    type: string
-                  ociRepoKey:
+                  repoKey:
                     type: string
                   subDir:
                     type: string
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 54509f574..422adde7f 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -54,7 +54,7 @@ func TestWriteResult(t *testing.T) {
 
 	opts := results.ListResultSummariesOptions{
 		ProjectFilter: &result.ProjectKey{
-			GitRepoKey: types.ParseGitUrlMust(p.GitUrl()).RepoKey(),
+			RepoKey: types.ParseGitUrlMust(p.GitUrl()).RepoKey(),
 		},
 	}
 
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index e551bca45..2adcc483f 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -785,9 +785,7 @@ spec:
                 type: integer
               projectKey:
                 properties:
-                  gitRepoKey:
-                    type: string
-                  ociRepoKey:
+                  repoKey:
                     type: string
                   subDir:
                     type: string
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 9197b8dfb..3141c3a8c 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -72,8 +72,8 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 	var newProjectKey result.ProjectKey
 	if obj.Spec.Source.Git != nil {
 		newProjectKey = result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.Git.URL.RepoKey(),
-			SubDir:     path.Clean(obj.Spec.Source.Git.Path),
+			RepoKey: obj.Spec.Source.Git.URL.RepoKey(),
+			SubDir:  path.Clean(obj.Spec.Source.Git.Path),
 		}
 	} else if obj.Spec.Source.Oci != nil {
 		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
@@ -81,13 +81,13 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 			return err
 		}
 		newProjectKey = result.ProjectKey{
-			OciRepoKey: repoKey,
-			SubDir:     path.Clean(obj.Spec.Source.Oci.Path),
+			RepoKey: repoKey,
+			SubDir:  path.Clean(obj.Spec.Source.Oci.Path),
 		}
 	} else if obj.Spec.Source.URL != nil {
 		newProjectKey = result.ProjectKey{
-			GitRepoKey: obj.Spec.Source.URL.RepoKey(),
-			SubDir:     path.Clean(obj.Spec.Source.Path),
+			RepoKey: obj.Spec.Source.URL.RepoKey(),
+			SubDir:  path.Clean(obj.Spec.Source.Path),
 		}
 	} else {
 		return fmt.Errorf("missing source spec")
diff --git a/pkg/git/git_info.go b/pkg/git/git_info.go
index db97bf1eb..32ac0bdcd 100644
--- a/pkg/git/git_info.go
+++ b/pkg/git/git_info.go
@@ -82,7 +82,7 @@ func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (resu
 			Tag: head.Name().Short(),
 		}
 	}
-	projectKey.GitRepoKey = repoKey
+	projectKey.RepoKey = repoKey
 	projectKey.SubDir = subDir
 	return gitInfo, projectKey, nil
 }
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index b98b19673..09e903bc4 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -90,8 +90,8 @@ var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 func (s *ResultStoreSecrets) buildName(prefix string, id string, projectKey result.ProjectKey) string {
 	name := ""
 
-	if projectKey.GitRepoKey.Path != "" {
-		name = path.Base(projectKey.GitRepoKey.Path)
+	if projectKey.RepoKey.Path != "" {
+		name = path.Base(projectKey.RepoKey.Path)
 	}
 
 	name = strings.ReplaceAll(name, "_", "-")
@@ -194,8 +194,8 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 			"compactedObjects": compressedObjects,
 		},
 	}
-	if cr.ProjectKey.GitRepoKey.String() != "" {
-		secret.Annotations["kluctl.io/result-project-repo-key"] = cr.ProjectKey.GitRepoKey.String()
+	if cr.ProjectKey.RepoKey.String() != "" {
+		secret.Annotations["kluctl.io/result-project-repo-key"] = cr.ProjectKey.RepoKey.String()
 	}
 	if cr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
@@ -283,8 +283,8 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 			"result": compressedVr,
 		},
 	}
-	if vr.ProjectKey.GitRepoKey.String() != "" {
-		secret.Annotations["kluctl.io/result-project-repo-key"] = vr.ProjectKey.GitRepoKey.String()
+	if vr.ProjectKey.RepoKey.String() != "" {
+		secret.Annotations["kluctl.io/result-project-repo-key"] = vr.ProjectKey.RepoKey.String()
 	}
 	if vr.ProjectKey.SubDir != "" {
 		secret.Annotations["kluctl.io/result-project-subdir"] = vr.ProjectKey.SubDir
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index cd60537bc..460977707 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -55,7 +55,7 @@ type ResultStore interface {
 
 func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
 	if filter != nil {
-		if filter.GitRepoKey.String() != "" && x.GitRepoKey != filter.GitRepoKey {
+		if filter.RepoKey.String() != "" && x.RepoKey != filter.RepoKey {
 			return false
 		}
 		if filter.SubDir != "" && x.SubDir != filter.SubDir {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 0ce485bb6..b8f1e103b 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -40,14 +40,13 @@ const (
 )
 
 type ProjectKey struct {
-	GitRepoKey types.RepoKey `json:"gitRepoKey,omitempty"`
-	OciRepoKey types.RepoKey `json:"ociRepoKey,omitempty"`
-	SubDir     string        `json:"subDir,omitempty"`
+	RepoKey types.RepoKey `json:"repoKey,omitempty"`
+	SubDir  string        `json:"subDir,omitempty"`
 }
 
 func (k ProjectKey) Less(o ProjectKey) bool {
-	if k.GitRepoKey != o.GitRepoKey {
-		return k.GitRepoKey.String() < o.GitRepoKey.String()
+	if k.RepoKey != o.RepoKey {
+		return k.RepoKey.String() < o.RepoKey.String()
 	}
 	if k.SubDir != o.SubDir {
 		return k.SubDir < o.SubDir
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 77cec6021..7bdb4ae83 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -429,8 +429,7 @@ func (in *KluctlDeploymentInfo) DeepCopy() *KluctlDeploymentInfo {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
 	*out = *in
-	out.GitRepoKey = in.GitRepoKey
-	out.OciRepoKey = in.OciRepoKey
+	out.RepoKey = in.RepoKey
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index b3386fcbf..d8ae9f0dc 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -246,8 +246,8 @@ func (h *eventsHandler) handler(c *gin.Context) {
 	var filter *result.ProjectKey
 	if args.FilterProject != "" {
 		filter = &result.ProjectKey{
-			GitRepoKey: repoKey,
-			SubDir:     args.FilterSubDir,
+			RepoKey: repoKey,
+			SubDir:  args.FilterSubDir,
 		}
 	}
 
diff --git a/pkg/webui/ui/src/api.tsx b/pkg/webui/ui/src/api.tsx
index b82c69783..f3ec54f3c 100644
--- a/pkg/webui/ui/src/api.tsx
+++ b/pkg/webui/ui/src/api.tsx
@@ -321,7 +321,7 @@ export class StaticApi implements Api {
 
         staticKluctlDeployments.forEach(kd_ => {
             const kd = kd_ as KluctlDeploymentWithClusterId
-            if (filterProject && filterProject !== kd.deployment.status?.projectKey?.gitRepoKey) {
+            if (filterProject && filterProject !== kd.deployment.status?.projectKey?.repoKey) {
                 return
             }
             if (filterSubDir && filterSubDir !== kd.deployment.status?.projectKey?.subDir) {
@@ -336,7 +336,7 @@ export class StaticApi implements Api {
 
         staticSummaries.forEach(rs_ => {
             const rs = rs_ as CommandResultSummary
-            if (filterProject && filterProject !== rs.projectKey.gitRepoKey) {
+            if (filterProject && filterProject !== rs.projectKey.repoKey) {
                 return
             }
             if (filterSubDir && filterSubDir !== rs.projectKey.subDir) {
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 741653a78..73e809dea 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -18,7 +18,7 @@ function ErrorPage() {
 }
 
 function buildRedirectToTargetPath(app: AppContextProps, sp: URLSearchParams) {
-    const gitRepoKey = sp.get("gitRepoKey")
+    const repoKey = sp.get("repoKey")
     const subDir = sp.get("subDir")
     const targetName = sp.get("targetName")
     const targetClusterId = sp.get("targetClusterId")
@@ -28,7 +28,7 @@ function buildRedirectToTargetPath(app: AppContextProps, sp: URLSearchParams) {
     const kdNamespace = sp.get("kluctlDeploymentNamespace")
     const kdClusterId = sp.get("kluctlDeploymentClusterId")
 
-    if (!gitRepoKey && !subDir && !targetName && !targetClusterId && !discriminator &&
+    if (!repoKey && !subDir && !targetName && !targetClusterId && !discriminator &&
         !kdName && !kdNamespace && !kdClusterId &&
         !commandResultId) {
         return "/targets"
@@ -53,7 +53,7 @@ function buildRedirectToTargetPath(app: AppContextProps, sp: URLSearchParams) {
     } else {
         app.projects.forEach(ps => {
             if (firstProject) return
-            if (gitRepoKey !== null && gitRepoKey !== ps.project.gitRepoKey) return
+            if (repoKey !== null && repoKey !== ps.project.repoKey) return
             if (subDir !== null && subDir !== ps.project.subDir) return
 
             ps.targets.forEach(ts => {
diff --git a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
index 42e2f531a..01c9870e9 100644
--- a/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
+++ b/pkg/webui/ui/src/components/target-cards-view/ProjectCard.tsx
@@ -8,7 +8,7 @@ import { cardHeight, CardTemplate } from "../card/Card";
 const projectCardWidth = 300
 
 export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
-    let name = getLastPathElement(props.ps.project.gitRepoKey)
+    let name = getLastPathElement(props.ps.project.repoKey)
     const subDir = props.ps.project.subDir
 
     if (!name) {
@@ -16,9 +16,9 @@ export const ProjectCard = React.memo((props: { ps: ProjectSummary }) => {
     }
 
     let projectInfo: React.ReactElement | undefined
-    if (props.ps.project.gitRepoKey || props.ps.project.subDir) {
+    if (props.ps.project.repoKey || props.ps.project.subDir) {
         projectInfo =  <Box>
-            <Typography>{props.ps.project.gitRepoKey}</Typography>
+            <Typography>{props.ps.project.repoKey}</Typography>
             {props.ps.project.subDir && <Typography>SubDir: {props.ps.project.subDir}</Typography>}
         </Box>
     }
diff --git a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
index e2f025498..8a7282c60 100644
--- a/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
+++ b/pkg/webui/ui/src/components/target-list-view/TargetsListView.tsx
@@ -80,7 +80,7 @@ export const TargetsListView = (props: TargetsListViewProps) => {
             headerName: "Project",
             width: 200,
             valueGetter: rp => {
-                return rp.row.ps.project.gitRepoKey
+                return rp.row.ps.project.repoKey
             },
             sortComparator: (v1, v2, cellParams1, cellParams2) => {
                 const name1 = getLastPathElement(v1)
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 0412750c5..3c160d613 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -711,14 +711,12 @@ export class TargetKey {
     }
 }
 export class ProjectKey {
-    gitRepoKey?: string;
-    ociRepoKey?: string;
+    repoKey?: string;
     subDir?: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
-        this.gitRepoKey = source["gitRepoKey"];
-        this.ociRepoKey = source["ociRepoKey"];
+        this.repoKey = source["repoKey"];
         this.subDir = source["subDir"];
     }
 }
diff --git a/pkg/webui/ui/src/project-summaries.ts b/pkg/webui/ui/src/project-summaries.ts
index e58bf55dc..ba4ddf084 100644
--- a/pkg/webui/ui/src/project-summaries.ts
+++ b/pkg/webui/ui/src/project-summaries.ts
@@ -56,7 +56,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
            return true
        }
         if (DoFilterText([
-            projectKey.gitRepoKey,
+            projectKey.repoKey,
             projectKey.subDir,
             targetKey.targetName,
             targetKey.clusterId,
@@ -204,7 +204,7 @@ export function buildProjectSummaries(commandResultSummaries: Map<string, Comman
     })
 
     ret.sort((a, b) => {
-        return (a.project.gitRepoKey || "").localeCompare(b.project.gitRepoKey || "") ||
+        return (a.project.repoKey || "").localeCompare(b.project.repoKey || "") ||
             (a.project.subDir || "").localeCompare(b.project.subDir || "")
     })
 

From 6d64f285e33fa6830b7cae7b1458096147c8a885 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 17:50:33 +0100
Subject: [PATCH 1820/2268] fix: Trim .git suffix from repo keys

---
 pkg/types/git_url.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index ac50318b8..5b59f9ff4 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -163,7 +163,11 @@ func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
 	if u.Scheme == "oci" {
 		t = "oci"
 	}
-	return NewRepoKey(t, u.Host, u.Path), nil
+	p := u.Path
+	if t == "git" {
+		p = strings.TrimSuffix(p, ".git")
+	}
+	return NewRepoKey(t, u.Host, p), nil
 }
 
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)

From 91c4ff4f49ed7a60930767410e60c24cff06e8bc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 18:17:29 +0100
Subject: [PATCH 1821/2268] feat: Auto-detect KluctlDeployment and
 auto-override with local project source

---
 cmd/kluctl/args/gitops_args.go                |   5 +-
 cmd/kluctl/commands/cmd_gitops.go             | 190 ++++++++++++++++--
 cmd/kluctl/commands/cmd_gitops_deploy.go      |   1 +
 cmd/kluctl/commands/cmd_gitops_diff.go        |   1 +
 cmd/kluctl/commands/cmd_gitops_logs.go        |  11 +-
 cmd/kluctl/commands/cmd_gitops_prune.go       |   1 +
 cmd/kluctl/commands/cmd_gitops_reconcile.go   |   1 +
 .../commands/cmd_gitops_suspend_resume.go     |   9 +-
 cmd/kluctl/commands/cmd_gitops_validate.go    |   1 +
 pkg/prompts/prompts.go                        |  19 ++
 10 files changed, 215 insertions(+), 24 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index 880f3a240..e7a53fc1d 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -5,6 +5,7 @@ import (
 )
 
 type GitOpsArgs struct {
+	ProjectDir
 	CommandResultReadOnlyFlags
 
 	Name          string `group:"gitops" help:"Specifies the name of the KluctlDeployment."`
@@ -16,10 +17,6 @@ type GitOpsArgs struct {
 	LocalSourceOverridePort int `group:"gitops" help:"Specifies the local port to which the source-override client should connect to when running the controller locally." default:"0"`
 }
 
-func (a GitOpsArgs) AnyObjectArgSet() bool {
-	return a.Name != "" || a.Namespace != "" || a.LabelSelector != ""
-}
-
 type GitOpsLogArgs struct {
 	LogSince        time.Duration `group:"logs" help:"Show logs since this time." default:"60s"`
 	LogGroupingTime time.Duration `group:"logs" help:"Logs are by default grouped by time passed, meaning that they are printed in batches to make reading them easier. This argument allows to modify the grouping time." default:"1s"`
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 5aa3c5c77..3d35ee967 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,10 +8,14 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
+	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -29,6 +33,7 @@ import (
 	"math/rand"
 	"net/url"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strconv"
 	"sync"
 	"time"
 )
@@ -51,6 +56,10 @@ type gitopsCmdHelper struct {
 
 	noArgsReact noArgsReact
 
+	projectGitRoot string
+	projectGitInfo *result.GitInfo
+	projectKey     *result.ProjectKey
+
 	kds []v1beta1.KluctlDeployment
 
 	restConfig   *rest.Config
@@ -84,18 +93,21 @@ const (
 	noArgsForbid noArgsReact = iota
 	noArgsNoDeployments
 	noArgsAllDeployments
+	noArgsAutoDetectProject
+	noArgsAutoDetectProjectAsk
 )
 
 func (g *gitopsCmdHelper) init(ctx context.Context) error {
-	s := status.Startf(ctx, "Initializing")
-	defer s.Failed()
+	err := g.collectLocalProjectInfo(ctx)
+	if err != nil {
+		status.Warningf(ctx, "Failed to collect local project info: %s", err.Error())
+	}
 
 	g.logsBufs = map[logsKey]*logsBuf{}
 
 	configOverrides := &clientcmd.ConfigOverrides{
 		CurrentContext: g.args.Context,
 	}
-	var err error
 	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 		clientcmd.NewDefaultClientConfigLoadingRules(),
 		configOverrides)
@@ -172,11 +184,16 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		// do nothing
 	} else if g.noArgsReact == noArgsAllDeployments {
 		var l v1beta1.KluctlDeploymentList
-		err = g.client.List(ctx, &l)
+		err = g.client.List(ctx, &l, client.InNamespace(g.args.Namespace))
 		if err != nil {
 			return err
 		}
 		g.kds = append(g.kds, l.Items...)
+	} else if g.noArgsReact == noArgsAutoDetectProject || g.noArgsReact == noArgsAutoDetectProjectAsk {
+		err = g.autoDetectDeployment(ctx)
+		if err != nil {
+			return err
+		}
 	} else {
 		return fmt.Errorf("either name or label selector must be set")
 	}
@@ -187,11 +204,128 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 	}
 
 	err = g.initSourceOverrides(ctx)
+	if err != nil {
+		status.Warningf(ctx, "Failed to initialize source overrides: %s", err.Error())
+	}
+
+	return nil
+}
+
+func (g *gitopsCmdHelper) collectLocalProjectInfo(ctx context.Context) error {
+	projectDir, err := g.args.ProjectDir.GetProjectDir()
+	if err != nil {
+		return err
+	}
+	gitRoot, err := git.DetectGitRepositoryRoot(projectDir)
+	if err != nil {
+		return err
+	}
+	gitInfo, projectKey, err := git.BuildGitInfo(ctx, gitRoot, projectDir)
 	if err != nil {
 		return err
 	}
 
-	s.Success()
+	if projectKey.RepoKey == (types.RepoKey{}) {
+		return fmt.Errorf("failed to determine repo key")
+	}
+
+	g.projectGitRoot = gitRoot
+	g.projectGitInfo = &gitInfo
+	g.projectKey = &projectKey
+
+	return nil
+}
+
+func (g *gitopsCmdHelper) autoDetectDeployment(ctx context.Context) error {
+	if g.projectKey == nil {
+		return fmt.Errorf("auto-detection of KluctlDeployments only possible if local project is a Git repository")
+	}
+
+	msg := fmt.Sprintf("Auto-detecting KluctlDeployments via repo key %s", g.projectKey.RepoKey.String())
+	if g.projectKey.SubDir != "" {
+		msg += fmt.Sprintf(" and sub directory %s", g.projectKey.SubDir)
+	}
+
+	st := status.Start(ctx, msg)
+	defer st.Failed()
+
+	var l v1beta1.KluctlDeploymentList
+	err := g.client.List(ctx, &l, client.InNamespace(g.args.Namespace))
+	if err != nil {
+		return err
+	}
+
+	var matching []v1beta1.KluctlDeployment
+	for _, kd := range l.Items {
+		var u, subDir string
+		if kd.Spec.Source.Git != nil {
+			u = kd.Spec.Source.Git.URL.String()
+			subDir = kd.Spec.Source.Git.Path
+		} else if kd.Spec.Source.Oci != nil {
+			u = kd.Spec.Source.Oci.URL
+			subDir = kd.Spec.Source.Oci.Path
+		} else if kd.Spec.Source.URL != nil {
+			u = kd.Spec.Source.URL.String()
+			subDir = kd.Spec.Source.Path
+		}
+		repoKey, err := types.NewRepoKeyFromUrl(u)
+		if err != nil {
+			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s", kd.Namespace, kd.Name, kd.Spec.Source.Git.URL.String())
+			continue
+		}
+
+		if repoKey != g.projectKey.RepoKey || subDir != g.projectKey.SubDir {
+			continue
+		}
+
+		matching = append(matching, kd)
+	}
+
+	if len(matching) == 0 {
+		return fmt.Errorf("no matching KluctlDeployments found")
+	}
+
+	if len(matching) == 1 {
+		if g.noArgsReact == noArgsAutoDetectProjectAsk {
+			kd := matching[0]
+			if !prompts.AskForConfirmation(ctx, fmt.Sprintf("Auto-detected %s/%s, do you want to run the command for this deployment?", kd.Namespace, kd.Name)) {
+				return fmt.Errorf("aborted")
+			}
+		}
+		g.kds = matching
+		st.Success()
+		return nil
+	}
+
+	if g.noArgsReact == noArgsAutoDetectProjectAsk {
+		if len(matching) == 1 {
+			if !prompts.AskForConfirmation(ctx, "Auto-detected %s/%s, do you want to run the command for this deployment?") {
+				return fmt.Errorf("aborted")
+			}
+		}
+
+		var choices utils.OrderedMap[string, string]
+		for i, kd := range matching {
+			choices.Set(fmt.Sprintf("%d", i+1), fmt.Sprintf("%s/%s", kd.Namespace, kd.Name))
+		}
+		choices.Set("a", "All")
+
+		response, err := prompts.AskForChoice(ctx, "Auto-detected multiple KluctlDeployments. Which one do you want to run the command for?", &choices)
+		if err != nil {
+			return err
+		}
+
+		if response == "a" {
+			g.kds = matching
+		} else {
+			idx, _ := strconv.ParseInt(response, 10, 32)
+			g.kds = append(g.kds, matching[idx-1])
+		}
+	} else {
+		g.kds = matching
+	}
+
+	st.Success()
 
 	return nil
 }
@@ -379,7 +513,7 @@ func (g *gitopsCmdHelper) buildOverridePatch(ctx context.Context, kdIn *v1beta1.
 		return nil, err
 	}
 
-	err = g.buildSourceOverrides(kd)
+	err = g.buildSourceOverrides(ctx, kd)
 
 	kdOrigS, err := yaml.WriteJsonString(kdIn)
 	if err != nil {
@@ -425,18 +559,22 @@ func (g *gitopsCmdHelper) overrideDeploymentArgs(kd *v1beta1.KluctlDeployment) e
 	return nil
 }
 
-func (g *gitopsCmdHelper) buildSourceOverrides(kd *v1beta1.KluctlDeployment) error {
+func (g *gitopsCmdHelper) buildSourceOverrides(ctx context.Context, kd *v1beta1.KluctlDeployment) error {
 	var err error
 	var proxyUrl *url.URL
-	if len(g.soResolver.Overrides) != 0 {
-		if g.soClient == nil {
-			return fmt.Errorf("local source overrides present but no connection to source override proxy established")
-		}
+
+	if g.soClient != nil {
 		proxyUrl, err = g.soClient.BuildProxyUrl()
 		if err != nil {
 			return err
 		}
+	} else if len(g.soResolver.Overrides) != 0 {
+		return fmt.Errorf("local source overrides present but no connection to source override proxy established")
+	} else {
+		status.Warningf(ctx, "Will not try to auto override local project source")
+		return nil
 	}
+
 	for _, ro := range g.soResolver.Overrides {
 		kd.Spec.SourceOverrides = append(kd.Spec.SourceOverrides, v1beta1.SourceOverride{
 			RepoKey: ro.RepoKey,
@@ -444,6 +582,32 @@ func (g *gitopsCmdHelper) buildSourceOverrides(kd *v1beta1.KluctlDeployment) err
 			IsGroup: ro.IsGroup,
 		})
 	}
+
+	err = g.buildProjectDirSourceOverride(kd, proxyUrl)
+	if err != nil {
+		status.Warningf(ctx, "Failed to add source override for local deployment project: %s", err.Error())
+	}
+
+	return nil
+}
+
+func (g *gitopsCmdHelper) buildProjectDirSourceOverride(kd *v1beta1.KluctlDeployment, proxyUrl *url.URL) error {
+	if g.projectKey == nil || proxyUrl == nil {
+		return nil
+	}
+
+	g.soResolver.Overrides = append(g.soResolver.Overrides, sourceoverride.RepoOverride{
+		RepoKey:  g.projectKey.RepoKey,
+		Override: g.projectGitRoot,
+		IsGroup:  false,
+	})
+
+	kd.Spec.SourceOverrides = append(kd.Spec.SourceOverrides, v1beta1.SourceOverride{
+		RepoKey: g.projectKey.RepoKey,
+		Url:     proxyUrl.String(),
+		IsGroup: false,
+	})
+
 	return nil
 }
 
@@ -642,10 +806,6 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 		return err
 	}
 
-	if len(g.soResolver.Overrides) == 0 {
-		return nil
-	}
-
 	controllerNamespace := "kluctl-system"
 	pods, err := g.corev1Client.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
 		LabelSelector: "control-plane=kluctl-controller",
diff --git a/cmd/kluctl/commands/cmd_gitops_deploy.go b/cmd/kluctl/commands/cmd_gitops_deploy.go
index cfe6a4646..6dd2cf366 100644
--- a/cmd/kluctl/commands/cmd_gitops_deploy.go
+++ b/cmd/kluctl/commands/cmd_gitops_deploy.go
@@ -31,6 +31,7 @@ func (cmd *gitopsDeployCmd) Run(ctx context.Context) error {
 		args:            cmd.GitOpsArgs,
 		logsArgs:        cmd.GitOpsLogArgs,
 		overridableArgs: cmd.GitOpsOverridableArgs,
+		noArgsReact:     noArgsAutoDetectProjectAsk,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
index 3da43d8c6..89b9d9854 100644
--- a/cmd/kluctl/commands/cmd_gitops_diff.go
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -30,6 +30,7 @@ func (cmd *gitopsDiffCmd) Run(ctx context.Context) error {
 		args:            cmd.GitOpsArgs,
 		logsArgs:        cmd.GitOpsLogArgs,
 		overridableArgs: cmd.GitOpsOverridableArgs,
+		noArgsReact:     noArgsAutoDetectProject,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_logs.go b/cmd/kluctl/commands/cmd_gitops_logs.go
index 5511552ad..38a2ff1ac 100644
--- a/cmd/kluctl/commands/cmd_gitops_logs.go
+++ b/cmd/kluctl/commands/cmd_gitops_logs.go
@@ -13,6 +13,8 @@ type gitopsLogsCmd struct {
 
 	ReconcileId string `group:"misc" help:"If specified, logs are filtered for the given reconcile ID."`
 	Follow      bool   `group:"misc" short:"f" help:"Follow logs after printing old logs."`
+
+	All bool `group:"misc" help:"Follow all controller logs, including all deployments and non-deployment related logs."`
 }
 
 func (cmd *gitopsLogsCmd) Help() string {
@@ -23,8 +25,13 @@ func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
 		args:        cmd.GitOpsArgs,
 		logsArgs:    cmd.GitOpsLogArgs,
-		noArgsReact: noArgsNoDeployments,
+		noArgsReact: noArgsAutoDetectProject,
+	}
+
+	if cmd.All {
+		g.noArgsReact = noArgsNoDeployments
 	}
+
 	err := g.init(ctx)
 	if err != nil {
 		return err
@@ -33,7 +40,7 @@ func (cmd *gitopsLogsCmd) Run(ctx context.Context) error {
 	stopCh := make(chan struct{})
 
 	gh := utils.NewGoHelper(ctx, 0)
-	if !cmd.GitOpsArgs.AnyObjectArgSet() {
+	if cmd.All {
 		gh.RunE(func() error {
 			return g.watchLogs(ctx, stopCh, client.ObjectKey{}, cmd.Follow, cmd.ReconcileId)
 		})
diff --git a/cmd/kluctl/commands/cmd_gitops_prune.go b/cmd/kluctl/commands/cmd_gitops_prune.go
index 43ca80fac..bda9a04d2 100644
--- a/cmd/kluctl/commands/cmd_gitops_prune.go
+++ b/cmd/kluctl/commands/cmd_gitops_prune.go
@@ -29,6 +29,7 @@ func (cmd *gitopsPruneCmd) Run(ctx context.Context) error {
 		args:            cmd.GitOpsArgs,
 		logsArgs:        cmd.GitOpsLogArgs,
 		overridableArgs: cmd.GitOpsOverridableArgs,
+		noArgsReact:     noArgsAutoDetectProjectAsk,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_reconcile.go b/cmd/kluctl/commands/cmd_gitops_reconcile.go
index c65d5916a..aaecfc5ec 100644
--- a/cmd/kluctl/commands/cmd_gitops_reconcile.go
+++ b/cmd/kluctl/commands/cmd_gitops_reconcile.go
@@ -29,6 +29,7 @@ func (cmd *gitopsReconcileCmd) Run(ctx context.Context) error {
 		args:            cmd.GitOpsArgs,
 		logsArgs:        cmd.GitOpsLogArgs,
 		overridableArgs: cmd.GitOpsOverridableArgs,
+		noArgsReact:     noArgsAutoDetectProjectAsk,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index 51e93ff34..56729f1df 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -34,8 +34,9 @@ func (cmd *GitopsSuspendCmd) Help() string {
 
 func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 	g := gitopsCmdHelper{
-		args:     cmd.GitOpsArgs,
-		logsArgs: cmd.GitOpsLogArgs,
+		args:        cmd.GitOpsArgs,
+		logsArgs:    cmd.GitOpsLogArgs,
+		noArgsReact: noArgsAutoDetectProjectAsk,
 	}
 	if cmd.All {
 		g.noArgsReact = noArgsAllDeployments
@@ -57,7 +58,9 @@ func (cmd *GitopsSuspendCmd) Run(ctx context.Context) error {
 			return err
 		}
 		err = func() error {
-			st := status.Startf(ctx, "Waiting for final reconciliation loop to finish")
+			// modifying the spec causes a reconciliation loop and we should really wait for it to finish before we consider
+			// suspension to be done (otherwise you'd be surprised for some last-second deployments...)
+			st := status.Startf(ctx, "Waiting for final reconciliation to finish")
 			defer st.Failed()
 
 			tick := time.NewTicker(time.Second)
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 9aa09bbf2..8c57cdb2c 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -32,6 +32,7 @@ func (cmd *gitopsValidateCmd) Run(ctx context.Context) error {
 		args:            cmd.GitOpsArgs,
 		logsArgs:        cmd.GitOpsLogArgs,
 		overridableArgs: cmd.GitOpsOverridableArgs,
+		noArgsReact:     noArgsAutoDetectProjectAsk,
 	}
 	err := g.init(ctx)
 	if err != nil {
diff --git a/pkg/prompts/prompts.go b/pkg/prompts/prompts.go
index c26b19dd7..d28c7da0a 100644
--- a/pkg/prompts/prompts.go
+++ b/pkg/prompts/prompts.go
@@ -55,6 +55,25 @@ func AskForCredentials(ctx context.Context, prompt string) (string, string, erro
 	return strings.TrimSpace(username), strings.TrimSpace(password), nil
 }
 
+func AskForChoice(ctx context.Context, prompt string, choices *utils.OrderedMap[string, string]) (string, error) {
+	msg := prompt + "\n"
+	choices.ForEach(func(k string, v string) {
+		msg += fmt.Sprintf("%s. %s\n", k, v)
+	})
+
+	response, err := Prompt(ctx, false, msg)
+	if err != nil {
+		status.Warningf(ctx, "Failed prompting for \"%s\". Error: %v", prompt, err)
+		return "", err
+	}
+
+	if !choices.Has(response) {
+		// retry
+		return AskForChoice(ctx, prompt, choices)
+	}
+	return response, nil
+}
+
 func Prompt(ctx context.Context, password bool, message string) (string, error) {
 	provider := FromContext(ctx)
 	if provider == nil {

From 412f4d285c2be6d01c933ed2b2a5bc411b8131de Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 18:17:46 +0100
Subject: [PATCH 1822/2268] feat: Verify a recent CRD is installed before
 allowing gitops sub-commands

---
 cmd/kluctl/commands/cmd_gitops.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 3d35ee967..10fe381c3 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -21,6 +21,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	flag "github.com/spf13/pflag"
 	v12 "k8s.io/api/core/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -139,6 +140,11 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 		return err
 	}
 
+	err = g.checkCRDSupport(ctx)
+	if err != nil {
+		return err
+	}
+
 	ns := g.args.Namespace
 	if ns == "" {
 		ns = defaultNs
@@ -854,6 +860,30 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 	return nil
 }
 
+func (g *gitopsCmdHelper) checkCRDSupport(ctx context.Context) error {
+	var crd apiextensionsv1.CustomResourceDefinition
+	err := g.client.Get(ctx, client.ObjectKey{Name: "kluctldeployments.gitops.kluctl.io"}, &crd)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return fmt.Errorf("KluctlDeployment CRD not found, which usually means the kluctl-controller is not installed")
+		}
+		return err
+	}
+
+	for _, version := range crd.Spec.Versions {
+		if !version.Storage {
+			continue
+		}
+		status := version.Schema.OpenAPIV3Schema.Properties["status"]
+		if _, ok := status.Properties["reconcileRequestResult"]; ok {
+			// seems to be recent enough
+			return nil
+		}
+	}
+
+	return fmt.Errorf("the KluctlDeployment CRD on the cluster seems to be outdated. Ensure to install at least kluctl-controller v2.22.0 with its corresponding CRDs")
+}
+
 func init() {
 	utilruntime.Must(v1beta1.AddToScheme(scheme.Scheme))
 }

From d35fc3b722b52e7e057c156c969078cff1953868 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 18:43:48 +0100
Subject: [PATCH 1823/2268] fix: Don't reconciliation on annotation removal

---
 pkg/controllers/predicates.go | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index dc456314f..b8cf39c24 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -16,15 +16,21 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 		return false
 	}
 
-	check := func(aname string) bool {
+	checkManualRequest := func(aname string) bool {
 		v1, ok1 := e.ObjectNew.GetAnnotations()[aname]
 		v2, ok2 := e.ObjectOld.GetAnnotations()[aname]
+		if !ok2 {
+			// if it gets removed, no need for reconciliation
+			// the annotation actually gets removed at the beginning of the reconciliation, which would cause an
+			// unnecessary reconciliation anyway.
+			return false
+		}
 		return ok1 != ok2 || v1 != v2
 	}
 
-	return check(kluctlv1.KluctlRequestReconcileAnnotation) ||
-		check(kluctlv1.KluctlRequestDiffAnnotation) ||
-		check(kluctlv1.KluctlRequestDeployAnnotation) ||
-		check(kluctlv1.KluctlRequestPruneAnnotation) ||
-		check(kluctlv1.KluctlRequestValidateAnnotation)
+	return checkManualRequest(kluctlv1.KluctlRequestReconcileAnnotation) ||
+		checkManualRequest(kluctlv1.KluctlRequestDiffAnnotation) ||
+		checkManualRequest(kluctlv1.KluctlRequestDeployAnnotation) ||
+		checkManualRequest(kluctlv1.KluctlRequestPruneAnnotation) ||
+		checkManualRequest(kluctlv1.KluctlRequestValidateAnnotation)
 }

From 508e8ecdec70fecc7364ce24b9fbc8aeccca2fab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 19:19:39 +0100
Subject: [PATCH 1824/2268] fix: Add command info to drift result

---
 pkg/controllers/kluctldeployment_controller_reconcile.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 6e24d0049..fe8ba2e07 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -510,6 +510,10 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 		resourceVersions := r.getResourceVersions(key)
 
 		diffResult := pt.kluctlDiff(targetContext, resourceVersions)
+		err = pt.addCommandResultInfo(ctx, diffResult, rr, reconcileId, objectsHash)
+		if err != nil {
+			log.Error(err, "addCommandResultInfo failed")
+		}
 		driftDetectionResult := diffResult.BuildDriftDetectionResult()
 		obj.Status.SetLastDriftDetectionResult(driftDetectionResult)
 

From 4af3b38e140208d66ef9ebfdf29f9d6e2d67cdac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 19:25:08 +0100
Subject: [PATCH 1825/2268] chore: Run make replace-commands-help

---
 docs/kluctl/commands/gitops-logs.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
index 858f781e8..c8a1e6cbf 100644
--- a/docs/kluctl/commands/gitops-logs.md
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -42,6 +42,7 @@ GitOps arguments:
 Misc arguments:
   Command specific arguments.
 
+      --all                   Follow all controller logs, including all deployments and non-deployment related logs.
   -f, --follow                Follow logs after printing old logs.
       --reconcile-id string   If specified, logs are filtered for the given reconcile ID.
 

From 566a0088db5750dc9a80335c541fc3a27b5c26e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 21:41:19 +0100
Subject: [PATCH 1826/2268] chore(deps): Bump the aws-sdk group with 3 updates
 (#866)

Bumps the aws-sdk group with 3 updates: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.19.0 to 1.19.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.19.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.19.0...v1.19.1)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.20.1 to 1.20.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.1...v1.20.2)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.21.5 to 1.21.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.21.5...service/efs/v1.21.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 9a1fadc59..eb42757b5 100644
--- a/go.mod
+++ b/go.mod
@@ -56,10 +56,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.21.2
-	github.com/aws/aws-sdk-go-v2/config v1.19.0
+	github.com/aws/aws-sdk-go-v2/config v1.19.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 	github.com/aws/smithy-go v1.15.0
 	github.com/coreos/go-oidc/v3 v3.6.0
diff --git a/go.sum b/go.sum
index c83c07688..8710cc1fd 100644
--- a/go.sum
+++ b/go.sum
@@ -118,8 +118,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
 github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.19.0 h1:AdzDvwH6dWuVARCl3RTLGRc4Ogy+N7yLFxVxXe1ClQ0=
-github.com/aws/aws-sdk-go-v2/config v1.19.0/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
+github.com/aws/aws-sdk-go-v2/config v1.19.1/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
@@ -132,14 +132,14 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1 h1:Y2zGozmCogCCQbO2fplC6tZylBTBBgt/2EcdVRRK5go=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.20.1/go.mod h1:J9goPpIjXafA1u3XGJeoHu9WlMp5qAGwWmS1A8LfZVw=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5 h1:BvRGAAdEHo+0tpyOlKV14Z49O/iyhqiddIntd0KQ3EA=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5/go.mod h1:A108ijf0IFtqhYApU+Gia80aPSAUfi9dItm+h5fWGJE=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6 h1:y3n83jEM6EuawrD5HZCh3eMj9RsfxniVLcXlyFMNITM=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6/go.mod h1:A108ijf0IFtqhYApU+Gia80aPSAUfi9dItm+h5fWGJE=
 github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
 github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=

From 4424b8982cc9d92a64e9a634508fd9faede7a8b1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 21:42:49 +0100
Subject: [PATCH 1827/2268] chore(deps): Bump github.com/mattn/go-isatty from
 0.0.19 to 0.0.20 (#855)

Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.19 to 0.0.20.
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eb42757b5..d10bcebd2 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
 	github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2
 	github.com/mattn/go-colorable v0.1.13
-	github.com/mattn/go-isatty v0.0.19
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.19.4
diff --git a/go.sum b/go.sum
index 8710cc1fd..4f731fa9d 100644
--- a/go.sum
+++ b/go.sum
@@ -604,8 +604,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=

From d69aba017898f0d31f752bb8c7b716500c7db261 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 21:43:06 +0100
Subject: [PATCH 1828/2268] chore(deps): Bump actions/setup-node from 3 to 4
 (#865)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml     | 2 +-
 .github/workflows/preview-run.yml | 2 +-
 .github/workflows/tests.yml       | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 881dc4a0a..cf0d3271f 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: 1.21
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 0cffacc97..1004b3f68 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -21,7 +21,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: 1.21
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 038d1d47b..2ae32b4ba 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: '1.21'
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
@@ -97,7 +97,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'

From bc0ba211f3f0d249537db091340527b0ae4ea46e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 22:30:02 +0100
Subject: [PATCH 1829/2268] fix: Use string as type for URLs on CRD level

fixes #856
---
 api/v1beta1/kluctldeployment_types.go          |  4 ++--
 api/v1beta1/zz_generated.deepcopy.go           |  4 ++--
 cmd/kluctl/commands/cmd_gitops.go              |  6 +++---
 docs/gitops/api/kluctl-controller.md           |  4 ++--
 e2e/gitops_errors_test.go                      |  4 ++--
 e2e/gitops_git_include_test.go                 |  6 +++---
 e2e/gitops_helm_test.go                        |  3 +--
 e2e/gitops_suite_test.go                       |  3 +--
 pkg/controllers/kluctldeployment_controller.go |  6 +++---
 .../kluctldeployment_controller_status.go      | 12 ++++++++++--
 pkg/deployment/deployment_project.go           |  2 +-
 pkg/repocache/git_cache.go                     | 18 +++++++++++-------
 pkg/vars/vars_loader.go                        |  2 +-
 13 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index ece48e25e..5a8843a23 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -263,7 +263,7 @@ type ProjectSource struct {
 	// Url specifies the Git url where the project source is located
 	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.
 	// +optional
-	URL *types.GitUrl `json:"url,omitempty"`
+	URL *string `json:"url,omitempty"`
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.
@@ -293,7 +293,7 @@ type ProjectSourceGit struct {
 	// URL specifies the Git url where the project source is located. If the given Git repository needs authentication,
 	// use spec.credentials.git to specify those.
 	// +required
-	URL types.GitUrl `json:"url"`
+	URL string `json:"url"`
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// +optional
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index c9abb7b3d..0f0bfafbf 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -495,7 +495,8 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.URL != nil {
 		in, out := &in.URL, &out.URL
-		*out = (*in).DeepCopy()
+		*out = new(string)
+		**out = **in
 	}
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
@@ -527,7 +528,6 @@ func (in *ProjectSource) DeepCopy() *ProjectSource {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
 	*out = *in
-	in.URL.DeepCopyInto(&out.URL)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
 		*out = new(types.GitRef)
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 10fe381c3..582ec8d61 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -265,18 +265,18 @@ func (g *gitopsCmdHelper) autoDetectDeployment(ctx context.Context) error {
 	for _, kd := range l.Items {
 		var u, subDir string
 		if kd.Spec.Source.Git != nil {
-			u = kd.Spec.Source.Git.URL.String()
+			u = kd.Spec.Source.Git.URL
 			subDir = kd.Spec.Source.Git.Path
 		} else if kd.Spec.Source.Oci != nil {
 			u = kd.Spec.Source.Oci.URL
 			subDir = kd.Spec.Source.Oci.Path
 		} else if kd.Spec.Source.URL != nil {
-			u = kd.Spec.Source.URL.String()
+			u = *kd.Spec.Source.URL
 			subDir = kd.Spec.Source.Path
 		}
 		repoKey, err := types.NewRepoKeyFromUrl(u)
 		if err != nil {
-			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s", kd.Namespace, kd.Name, kd.Spec.Source.Git.URL.String())
+			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s", kd.Namespace, kd.Name, kd.Spec.Source.Git.URL)
 			continue
 		}
 
diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index f2bea245d..621984567 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1930,7 +1930,7 @@ ProjectSourceOci
 <td>
 <code>url</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+string
 </em>
 </td>
 <td>
@@ -2022,7 +2022,7 @@ DEPRECATED this field is deprecated and will be removed in the next API version
 <td>
 <code>url</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitUrl
+string
 </em>
 </td>
 <td>
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 163bc0a5c..19db79b48 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -180,10 +180,10 @@ data:
 	})
 
 	suite.Run("non existing git repo", func() {
-		var backup types.GitUrl
+		var backup string
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			backup = kd.Spec.Source.Git.URL
-			kd.Spec.Source.Git.URL = *types.ParseGitUrlMust(backup.String() + "/invalid")
+			kd.Spec.Source.Git.URL = backup + "/invalid"
 		})
 		kd := suite.waitForReconcile(key)
 		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to clone git source: repository not found", nil, nil)
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 2c40b5527..f91559621 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
@@ -33,7 +33,7 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	p, _, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
 
 	key := suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
-		kd.Spec.Source.URL = types2.ParseGitUrlMust(p.GitUrl())
+		kd.Spec.Source.URL = utils.StrPtr(p.GitUrl())
 	})
 
 	suite.Run("fail without authentication", func() {
@@ -87,7 +87,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 	var key client.ObjectKey
 	if legacyGitSource {
 		key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
-			kd.Spec.Source.URL = types2.ParseGitUrlMust(p.GitUrl())
+			kd.Spec.Source.URL = utils.StrPtr(p.GitUrl())
 		})
 	} else {
 		key = suite.createKluctlDeployment(p, "test", nil)
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index d8199332d..f679861e7 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -2,7 +2,6 @@ package e2e
 
 import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
@@ -108,7 +107,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	}, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.Source = kluctlv1.ProjectSource{
 			Git: &kluctlv1.ProjectSourceGit{
-				URL: *types2.ParseGitUrlMust(p.GitUrl()),
+				URL: p.GitUrl(),
 			},
 		}
 		kd.Spec.HelmCredentials = legacyHelmCreds
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 5fc3883b9..13dc62c08 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -10,7 +10,6 @@ import (
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -208,7 +207,7 @@ func (suite *GitopsTestSuite) waitForCommit(key client.ObjectKey, commit string)
 func (suite *GitopsTestSuite) createKluctlDeployment(p *test_project.TestProject, target string, args map[string]any) client.ObjectKey {
 	return suite.createKluctlDeployment2(p, target, args, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.Source.Git = &kluctlv1.ProjectSourceGit{
-			URL: *types2.ParseGitUrlMust(p.GitUrl()),
+			URL: p.GitUrl(),
 		}
 	})
 }
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 835319c6c..a7e52340c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -494,9 +494,9 @@ func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.
 	internal_metrics.NewKluctlDeploymentInterval(obj.Namespace, obj.Name).Set(deploymentInterval)
 	if obj.Spec.Source.Git != nil {
 		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
-			obj.Spec.Source.Git.URL.String(), obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
+			obj.Spec.Source.Git.URL, obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
 		internal_metrics.NewKluctlGitSourceSpec(obj.Namespace, obj.Name,
-			obj.Spec.Source.Git.URL.String(), obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
+			obj.Spec.Source.Git.URL, obj.Spec.Source.Git.Path, obj.Spec.Source.Git.Ref.String()).Set(0.0)
 	} else if obj.Spec.Source.Oci != nil {
 		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
 			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
@@ -504,6 +504,6 @@ func (r *KluctlDeploymentReconciler) exportDeploymentObjectToProm(obj *kluctlv1.
 			obj.Spec.Source.Oci.URL, obj.Spec.Source.Oci.Path, obj.Spec.Source.Oci.Ref.String()).Set(0.0)
 	} else if obj.Spec.Source.URL != nil {
 		internal_metrics.NewKluctlSourceSpec(obj.Namespace, obj.Name,
-			obj.Spec.Source.URL.String(), obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
+			*obj.Spec.Source.URL, obj.Spec.Source.Path, obj.Spec.Source.Ref.String()).Set(0.0)
 	}
 }
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 3141c3a8c..49bf6ded6 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -71,8 +71,12 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 
 	var newProjectKey result.ProjectKey
 	if obj.Spec.Source.Git != nil {
+		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Git.URL)
+		if err != nil {
+			return err
+		}
 		newProjectKey = result.ProjectKey{
-			RepoKey: obj.Spec.Source.Git.URL.RepoKey(),
+			RepoKey: repoKey,
 			SubDir:  path.Clean(obj.Spec.Source.Git.Path),
 		}
 	} else if obj.Spec.Source.Oci != nil {
@@ -85,8 +89,12 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 			SubDir:  path.Clean(obj.Spec.Source.Oci.Path),
 		}
 	} else if obj.Spec.Source.URL != nil {
+		repoKey, err := types.NewRepoKeyFromUrl(*obj.Spec.Source.URL)
+		if err != nil {
+			return err
+		}
 		newProjectKey = result.ProjectKey{
-			RepoKey: obj.Spec.Source.URL.RepoKey(),
+			RepoKey: repoKey,
 			SubDir:  path.Clean(obj.Spec.Source.Path),
 		}
 	} else {
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index ef70753f1..a92611351 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -197,7 +197,7 @@ func (p *DeploymentProject) loadIncludes() error {
 				return err
 			}
 		} else if inc.Git != nil {
-			ge, err := p.ctx.GitRP.GetEntry(inc.Git.Url)
+			ge, err := p.ctx.GitRP.GetEntry(inc.Git.Url.String())
 			if err != nil {
 				return err
 			}
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index c9d793dd4..91f8295aa 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -81,14 +81,18 @@ func (rp *GitRepoCache) Clear() {
 	rp.cleanupDirs = nil
 }
 
-func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
+func (rp *GitRepoCache) GetEntry(url string) (*GitCacheEntry, error) {
 	rp.reposMutex.Lock()
 	defer rp.reposMutex.Unlock()
 
-	repoKey := url.RepoKey()
+	u, err := types.ParseGitUrl(url)
+	if err != nil {
+		return nil, err
+	}
+
+	repoKey := u.RepoKey()
 
 	var overridePath string
-	var err error
 	if rp.repoOverrides != nil {
 		overridePath, err = rp.repoOverrides.ResolveOverride(rp.ctx, repoKey)
 		if err != nil {
@@ -97,11 +101,11 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 	}
 
 	if overridePath != "" {
-		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url.String(), overridePath)
+		status.WarningOncef(rp.ctx, fmt.Sprintf("git-override-%s", repoKey), "Overriding git repo %s with local directory %s", url, overridePath)
 
 		e := &GitCacheEntry{
 			rp:           rp,
-			url:          url,
+			url:          *u,
 			mr:           nil, // mark as overridden
 			clonedDirs:   map[types.GitRef]clonedDir{},
 			overridePath: overridePath,
@@ -112,13 +116,13 @@ func (rp *GitRepoCache) GetEntry(url types.GitUrl) (*GitCacheEntry, error) {
 
 	e, ok := rp.repos[repoKey]
 	if !ok {
-		mr, err := git.NewMirroredGitRepo(rp.ctx, url, filepath.Join(utils.GetTmpBaseDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
+		mr, err := git.NewMirroredGitRepo(rp.ctx, *u, filepath.Join(utils.GetTmpBaseDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
 		if err != nil {
 			return nil, err
 		}
 		e = &GitCacheEntry{
 			rp:         rp,
-			url:        url,
+			url:        *u,
 			mr:         mr,
 			clonedDirs: map[types.GitRef]clonedDir{},
 		}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index a26fd2d03..e3bc3ffa2 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -316,7 +316,7 @@ func (v *VarsLoader) loadVault(varsCtx *VarsCtx, source *types.VarsSource, ignor
 }
 
 func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *types.VarsSourceGit, ignoreMissing bool) (*uo.UnstructuredObject, bool, error) {
-	ge, err := v.rp.GetEntry(gitFile.Url)
+	ge, err := v.rp.GetEntry(gitFile.Url.String())
 	if err != nil {
 		return nil, false, err
 	}

From eb1e2f7cd2a7ba42ab3df98bb38bcc2538bd20b2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 22:30:26 +0100
Subject: [PATCH 1830/2268] tests: Don't skip passing --project-dir in gitops
 tests

---
 e2e/gitops_manual_requests_test.go | 4 ++--
 e2e/gitops_source_override_test.go | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
index f434ae829..367181bee 100644
--- a/e2e/gitops_manual_requests_test.go
+++ b/e2e/gitops_manual_requests_test.go
@@ -31,7 +31,7 @@ func TestGitOpsManualRequests(t *testing.T) {
 func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	g := NewWithT(suite.T())
 
-	p := test_project.NewTestProject(suite.T(), test_project.WithSkipProjectDirArg(true))
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
@@ -235,7 +235,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 }
 
 func (suite *GitOpsManualRequestsSuite) TestOverrides() {
-	p := test_project.NewTestProject(suite.T(), test_project.WithSkipProjectDirArg(true))
+	p := test_project.NewTestProject(suite.T())
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
index 870262fe8..c9b3aa6d5 100644
--- a/e2e/gitops_source_override_test.go
+++ b/e2e/gitops_source_override_test.go
@@ -43,7 +43,6 @@ func (suite *GitOpsLocalSourceOverrideSuite) assertOverridesDidHappen(key client
 func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 	gs := test_utils.NewTestGitServer(suite.T())
 	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, gs, false)
-	pt.p.SetSkipProjectDirArg(true)
 
 	key := suite.createKluctlDeployment(pt.p, "test", nil)
 

From ea0a6b1f47947112b3d7399db48e9dbfa7d3d056 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 29 Oct 2023 22:30:48 +0100
Subject: [PATCH 1831/2268] fix: Fix ReconcileRequestedPredicate to check for
 annotation removal on new object

---
 pkg/controllers/predicates.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/controllers/predicates.go b/pkg/controllers/predicates.go
index b8cf39c24..23241fd5e 100644
--- a/pkg/controllers/predicates.go
+++ b/pkg/controllers/predicates.go
@@ -19,7 +19,7 @@ func (ReconcileRequestedPredicate) Update(e event.UpdateEvent) bool {
 	checkManualRequest := func(aname string) bool {
 		v1, ok1 := e.ObjectNew.GetAnnotations()[aname]
 		v2, ok2 := e.ObjectOld.GetAnnotations()[aname]
-		if !ok2 {
+		if !ok1 {
 			// if it gets removed, no need for reconciliation
 			// the annotation actually gets removed at the beginning of the reconciliation, which would cause an
 			// unnecessary reconciliation anyway.

From 03c40905b7c8fb10ed6b5d0691e032c915311f60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 22:47:16 +0100
Subject: [PATCH 1832/2268] chore(deps): Bump the k8s-io group with 2 updates
 (#861)

Bumps the k8s-io group with 2 updates: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `k8s.io/api` from 0.28.2 to 0.28.3
- [Commits](https://github.com/kubernetes/api/compare/v0.28.2...v0.28.3)

Updates `k8s.io/client-go` from 0.28.2 to 0.28.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.28.2...v0.28.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index d10bcebd2..07601ac14 100644
--- a/go.mod
+++ b/go.mod
@@ -40,10 +40,10 @@ require (
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0
 	helm.sh/helm/v3 v3.13.1
-	k8s.io/api v0.28.2
+	k8s.io/api v0.28.3
 	k8s.io/apiextensions-apiserver v0.28.2
-	k8s.io/apimachinery v0.28.2
-	k8s.io/client-go v0.28.2
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
 	k8s.io/klog/v2 v2.100.1
 	sigs.k8s.io/kustomize/kyaml v0.14.3
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
diff --git a/go.sum b/go.sum
index 4f731fa9d..be190e76c 100644
--- a/go.sum
+++ b/go.sum
@@ -1249,18 +1249,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.28.2 h1:9mpl5mOb6vXZvqbQmankOfPIGiudghwCoLl1EYfUZbw=
-k8s.io/api v0.28.2/go.mod h1:RVnJBsjU8tcMq7C3iaRSGMeaKt2TWEUXcpIt/90fjEg=
+k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
+k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
 k8s.io/apiextensions-apiserver v0.28.2 h1:J6/QRWIKV2/HwBhHRVITMLYoypCoPY1ftigDM0Kn+QU=
 k8s.io/apiextensions-apiserver v0.28.2/go.mod h1:5tnkxLGa9nefefYzWuAlWZ7RZYuN/765Au8cWLA6SRg=
-k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ=
-k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU=
+k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
+k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
 k8s.io/apiserver v0.28.2 h1:rBeYkLvF94Nku9XfXyUIirsVzCzJBs6jMn3NWeHieyI=
 k8s.io/apiserver v0.28.2/go.mod h1:f7D5e8wH8MWcKD7azq6Csw9UN+CjdtXIVQUyUhrtb+E=
 k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk=
 k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA=
-k8s.io/client-go v0.28.2 h1:DNoYI1vGq0slMBN/SWKMZMw0Rq+0EQW6/AK4v9+3VeY=
-k8s.io/client-go v0.28.2/go.mod h1:sMkApowspLuc7omj1FOSUxSoqjr+d5Q0Yc0LOFnYFJY=
+k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
+k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
 k8s.io/component-base v0.28.2 h1:Yc1yU+6AQSlpJZyvehm/NkJBII72rzlEsd6MkBQ+G0E=
 k8s.io/component-base v0.28.2/go.mod h1:4IuQPQviQCg3du4si8GpMrhAIegxpsgPngPRR/zWpzc=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=

From d46dc4de9d5607d7f97ef418b6e1d1ccda8bf084 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 22:47:24 +0100
Subject: [PATCH 1833/2268] chore(deps): Bump google.golang.org/grpc from
 1.58.3 to 1.59.0 (#854)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.3 to 1.59.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.3...v1.59.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 07601ac14..e4089df80 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.13.0
 	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
-	google.golang.org/grpc v1.58.3
+	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.7
diff --git a/go.sum b/go.sum
index be190e76c..b3981aadc 100644
--- a/go.sum
+++ b/go.sum
@@ -1198,8 +1198,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 79bddef2d45b68f7dcebc33ea3d5a76a540c7e71 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 22:47:34 +0100
Subject: [PATCH 1834/2268] chore(deps): Bump github.com/evanphx/json-patch/v5
 from 5.6.0 to 5.7.0 (#862)

Bumps [github.com/evanphx/json-patch/v5](https://github.com/evanphx/json-patch) from 5.6.0 to 5.7.0.
- [Release notes](https://github.com/evanphx/json-patch/releases)
- [Commits](https://github.com/evanphx/json-patch/compare/v5.6.0...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/evanphx/json-patch/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index e4089df80..6945dc5a7 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
-	github.com/evanphx/json-patch/v5 v5.6.0
+	github.com/evanphx/json-patch/v5 v5.7.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
diff --git a/go.sum b/go.sum
index b3981aadc..a21c03d07 100644
--- a/go.sum
+++ b/go.sum
@@ -260,8 +260,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
-github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
+github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
+github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -525,7 +525,6 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=

From 476802fb64a402ec19cf6fe6451538003eab20f4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Oct 2023 23:24:03 +0100
Subject: [PATCH 1835/2268] chore(deps): Bump github.com/evanphx/json-patch
 (#863)

Bumps [github.com/evanphx/json-patch](https://github.com/evanphx/json-patch) from 5.6.0+incompatible to 5.7.0+incompatible.
- [Release notes](https://github.com/evanphx/json-patch/releases)
- [Commits](https://github.com/evanphx/json-patch/compare/v5.6.0...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/evanphx/json-patch
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6945dc5a7..dc66fd2af 100644
--- a/go.mod
+++ b/go.mod
@@ -155,7 +155,7 @@ require (
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
diff --git a/go.sum b/go.sum
index a21c03d07..85839568d 100644
--- a/go.sum
+++ b/go.sum
@@ -258,8 +258,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
-github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
+github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
 github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=

From 873d60d29f126709384447b7690f7e28e7f1589a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 11:17:56 +0100
Subject: [PATCH 1836/2268] feat: Add TLS to source-override gRPC connections

---
 cmd/kluctl/commands/cmd_controller_run.go     |  15 +-
 cmd/kluctl/commands/cmd_gitops.go             |   2 +-
 .../kluctldeployment_controller_source.go     |   2 +-
 pkg/sourceoverride/proxyclient_cli.go         |  25 +-
 pkg/sourceoverride/proxyclient_controller.go  |  21 +-
 pkg/sourceoverride/proxyserver.go             |  50 +++-
 pkg/sourceoverride/tls.go                     | 258 ++++++++++++++++++
 7 files changed, 351 insertions(+), 22 deletions(-)
 create mode 100644 pkg/sourceoverride/tls.go

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 7c09f99ac..6b2e757fc 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"testing"
@@ -138,13 +139,25 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		os.Exit(1)
 	}
 
+	err = mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
+		if cmd.SourceOverrideBindAddress == "0" {
+			return nil
+		}
+		setupLog.Info("Initializing source-override server TLS")
+		return sourceoverride.InitTLS(ctx, mgr.GetClient(), "kluctl-system")
+	}))
+	if err != nil {
+		setupLog.Error(err, "unable to start manager")
+		os.Exit(1)
+	}
+
 	eventRecorder := mgr.GetEventRecorderFor(controllerName)
 
 	sshPool := &ssh_pool.SshPool{}
 
 	var soProxyServer *sourceoverride.ProxyServerImpl
 	if cmd.SourceOverrideBindAddress != "0" {
-		soProxyServer = sourceoverride.NewProxyServerImpl(ctx)
+		soProxyServer = sourceoverride.NewProxyServerImpl(ctx, mgr.GetClient(), "kluctl-system")
 		_, err := soProxyServer.Listen(cmd.SourceOverrideBindAddress)
 		if err != nil {
 			return err
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 582ec8d61..2ba47762e 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -824,7 +824,7 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 		pod = &pods.Items[rand.Int()%len(pods.Items)]
 	}
 
-	soClient, err := sourceoverride.NewClientCli(ctx, g.soResolver)
+	soClient, err := sourceoverride.NewClientCli(ctx, g.client, controllerNamespace, g.soResolver)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index fae6c48ca..81bc7de6b 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -78,7 +78,7 @@ func (r *KluctlDeploymentReconciler) buildSourceOverridesClients(ctx context.Con
 
 		serverId := strings.TrimPrefix(u.Path, "/")
 
-		c, err := sourceoverride.NewClientController(serverId)
+		c, err := sourceoverride.NewClientController(r.Client, "kluctl-system", serverId)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create source override client: %w", err)
 		}
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 846957f65..b6938f88d 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -12,7 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/credentials"
 	"io"
 	v1 "k8s.io/api/core/v1"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -23,10 +23,13 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type ProxyClientCli struct {
-	ctx context.Context
+	ctx                 context.Context
+	client              client.Client
+	controllerNamespace string
 
 	resolver Resolver
 	serverId string
@@ -42,11 +45,13 @@ type ProxyClientCli struct {
 	smClient ProxyClient
 }
 
-func NewClientCli(ctx context.Context, resolver Resolver) (*ProxyClientCli, error) {
+func NewClientCli(ctx context.Context, c client.Client, controllerNamespace string, resolver Resolver) (*ProxyClientCli, error) {
 	s := &ProxyClientCli{
-		ctx:      ctx,
-		resolver: resolver,
-		serverId: uuid.NewString(),
+		ctx:                 ctx,
+		client:              c,
+		controllerNamespace: controllerNamespace,
+		resolver:            resolver,
+		serverId:            uuid.NewString(),
 	}
 	return s, nil
 }
@@ -85,9 +90,15 @@ func (c *ProxyClientCli) ConnectToPod(restConfig *rest.Config, pod v1.Pod) error
 }
 
 func (c *ProxyClientCli) Connect(target string) error {
+	cp, err := LoadTLSCA(c.ctx, c.client, c.controllerNamespace)
+	if err != nil {
+		return err
+	}
+	creds := credentials.NewClientTLSFromCert(cp, "")
+
 	grpcConn, err := grpc.DialContext(c.ctx, target,
 		grpc.WithBlock(),
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithTransportCredentials(creds),
 	)
 	if err != nil {
 		return err
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index 9e0f70f8d..1cd0803dd 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -8,11 +8,15 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/credentials"
 	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type ProxyClientController struct {
+	client              client.Client
+	controllerNamespace string
+
 	serverId       string
 	knownOverrides []RepoOverride
 
@@ -22,9 +26,11 @@ type ProxyClientController struct {
 	cache utils.ThreadSafeCache[types.RepoKey, string]
 }
 
-func NewClientController(serverId string) (*ProxyClientController, error) {
+func NewClientController(c client.Client, controllerNamespace string, serverId string) (*ProxyClientController, error) {
 	s := &ProxyClientController{
-		serverId: serverId,
+		client:              c,
+		controllerNamespace: controllerNamespace,
+		serverId:            serverId,
 	}
 	return s, nil
 }
@@ -44,10 +50,17 @@ func (c *ProxyClientController) Cleanup() {
 }
 
 func (c *ProxyClientController) Connect(ctx context.Context, target string) error {
+	cp, err := LoadTLSCA(ctx, c.client, c.controllerNamespace)
+	if err != nil {
+		return err
+	}
+	creds := credentials.NewClientTLSFromCert(cp, "")
+
 	grpcConn, err := grpc.DialContext(ctx, target,
 		grpc.WithBlock(),
-		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithTransportCredentials(creds),
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)),
+		grpc.WithAuthority("source-override"),
 	)
 	if err != nil {
 		return err
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index 4b01c256f..3e8fea4ef 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"fmt"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"net"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sync"
 )
 
@@ -17,9 +19,12 @@ const (
 type ProxyServerImpl struct {
 	UnimplementedProxyServer
 
-	ctx context.Context
+	ctx                 context.Context
+	client              client.Reader
+	controllerNamespace string
 
 	mutex       sync.Mutex
+	stopped     bool
 	connections map[string]*ProxyConnection
 
 	listener   net.Listener
@@ -43,13 +48,13 @@ type wrappedRequest struct {
 	errCh  chan error
 }
 
-func NewProxyServerImpl(ctx context.Context) *ProxyServerImpl {
+func NewProxyServerImpl(ctx context.Context, c client.Reader, controllerNamespace string) *ProxyServerImpl {
 	m := &ProxyServerImpl{
-		ctx:         ctx,
-		connections: map[string]*ProxyConnection{},
+		ctx:                 ctx,
+		client:              c,
+		controllerNamespace: controllerNamespace,
+		connections:         map[string]*ProxyConnection{},
 	}
-	m.grpcServer = grpc.NewServer(grpc.MaxRecvMsgSize(maxMsgSize))
-	RegisterProxyServer(m.grpcServer, m)
 	return m
 }
 
@@ -63,11 +68,40 @@ func (m *ProxyServerImpl) Listen(addr string) (net.Addr, error) {
 }
 
 func (m *ProxyServerImpl) Serve() error {
-	return m.grpcServer.Serve(m.listener)
+	cert, err := WaitAndLoadTLSCert(m.ctx, m.client, m.controllerNamespace)
+	if err != nil {
+		return err
+	}
+	creds := credentials.NewServerTLSFromCert(cert)
+
+	var grpcServer *grpc.Server
+
+	m.mutex.Lock()
+	if m.stopped {
+		m.mutex.Unlock()
+		return fmt.Errorf("stopped while starting")
+	}
+	grpcServer = grpc.NewServer(
+		grpc.Creds(creds),
+		grpc.MaxRecvMsgSize(maxMsgSize),
+	)
+	RegisterProxyServer(grpcServer, m)
+	m.grpcServer = grpcServer
+	m.mutex.Unlock()
+
+	return grpcServer.Serve(m.listener)
 }
 
 func (m *ProxyServerImpl) Stop() {
-	m.grpcServer.Stop()
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+	if m.stopped {
+		return
+	}
+	m.stopped = true
+	if m.grpcServer != nil {
+		m.grpcServer.Stop()
+	}
 }
 
 func (s *ProxyServerImpl) ProxyStream(stream Proxy_ProxyStreamServer) error {
diff --git a/pkg/sourceoverride/tls.go b/pkg/sourceoverride/tls.go
new file mode 100644
index 000000000..832c933f8
--- /dev/null
+++ b/pkg/sourceoverride/tls.go
@@ -0,0 +1,258 @@
+package sourceoverride
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"math/big"
+	"net"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"time"
+)
+
+const certSecretName = "kluctl-source-override-cert"
+const caConfigMapName = "kluctl-source-override-ca"
+
+func WaitAndLoadTLSCert(ctx context.Context, c client.Reader, controllerNamespace string) (*tls.Certificate, error) {
+	var certSecret corev1.Secret
+
+	for {
+		err := c.Get(ctx, client.ObjectKey{Name: certSecretName, Namespace: controllerNamespace}, &certSecret)
+		if err == nil {
+			break
+		} else if errors.IsNotFound(err) {
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			case <-time.After(1 * time.Second):
+				continue
+			}
+		} else {
+			return nil, err
+		}
+	}
+
+	certBytes, ok := certSecret.Data["tls.crt"]
+	if !ok {
+		return nil, fmt.Errorf("missing tls.crt in %s", certSecretName)
+	}
+	keyBytes, ok := certSecret.Data["tls.key"]
+	if !ok {
+		return nil, fmt.Errorf("missing tls.key in %s", certSecretName)
+	}
+
+	cert, err := tls.X509KeyPair(certBytes, keyBytes)
+	if err != nil {
+		return nil, err
+	}
+	return &cert, nil
+}
+
+func LoadTLSCA(ctx context.Context, c client.Reader, controllerNamespace string) (*x509.CertPool, error) {
+	var caCM corev1.ConfigMap
+
+	err := c.Get(ctx, client.ObjectKey{Name: caConfigMapName, Namespace: controllerNamespace}, &caCM)
+	if err != nil {
+		return nil, err
+	}
+
+	caPEM, ok := caCM.Data["ca.pem"]
+	if !ok {
+		return nil, fmt.Errorf("missing ca.pem in %s", caConfigMapName)
+	}
+
+	cp := x509.NewCertPool()
+	ok = cp.AppendCertsFromPEM([]byte(caPEM))
+	if !ok {
+		return nil, fmt.Errorf("failed to add CA to pool")
+	}
+
+	return cp, nil
+}
+
+func InitTLS(ctx context.Context, c client.Client, controllerNamespace string) error {
+	var certSecret corev1.Secret
+
+	err := c.Get(ctx, client.ObjectKey{Name: certSecretName, Namespace: controllerNamespace}, &certSecret)
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	} else if err == nil {
+		return initTLSCA(ctx, c, &certSecret, false)
+	}
+
+	caPem, cert, key, err := certsetup()
+	if err != nil {
+		return err
+	}
+
+	certSecret.Data = map[string][]byte{
+		"ca.pem":  caPem,
+		"tls.crt": cert,
+		"tls.key": key,
+	}
+
+	certSecret.APIVersion = "v1"
+	certSecret.Kind = "Secret"
+	certSecret.Name = certSecretName
+	certSecret.Namespace = controllerNamespace
+	err = c.Patch(ctx, &certSecret, client.Apply, client.FieldOwner("kluctl-controller"))
+	if err != nil {
+		return err
+	}
+	return initTLSCA(ctx, c, &certSecret, true)
+}
+
+func initTLSCA(ctx context.Context, c client.Client, certSecret *corev1.Secret, force bool) error {
+	var caCM corev1.ConfigMap
+
+	if !force {
+		err := c.Get(ctx, client.ObjectKey{Name: caConfigMapName, Namespace: certSecret.Namespace}, &caCM)
+		if err != nil && !errors.IsNotFound(err) {
+			return err
+		} else if err == nil {
+			if _, ok := caCM.Data["ca.pem"]; !ok {
+				return fmt.Errorf("invalid CA configmap, missing ca.pem")
+			}
+			return nil
+		}
+	}
+
+	caPem, ok := certSecret.Data["ca.pem"]
+	if !ok {
+		return fmt.Errorf("invalid cert secret, missing ca.pem")
+	}
+
+	caCM.Data = map[string]string{
+		"ca.pem": string(caPem),
+	}
+
+	caCM.APIVersion = "v1"
+	caCM.Kind = "ConfigMap"
+	caCM.Name = caConfigMapName
+	caCM.Namespace = certSecret.Namespace
+	err := c.Patch(ctx, &caCM, client.Apply, client.FieldOwner("kluctl-controller"))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func certsetup() ([]byte, []byte, []byte, error) {
+	// set up our CA certificate
+	ca := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Kluctl"},
+			Country:       []string{"Germany"},
+			Province:      []string{""},
+			Locality:      []string{""},
+			StreetAddress: []string{""},
+			PostalCode:    []string{""},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+
+	// create our private and public key
+	caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	// create the CA
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	// pem encode
+	caPEM := new(bytes.Buffer)
+	err = pem.Encode(caPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	})
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	caPrivKeyPEM := new(bytes.Buffer)
+	err = pem.Encode(caPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+	})
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	serverCertPEM, serverKeyPEM, err := generateCert(ca, caPrivKey)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	return caPEM.Bytes(), serverCertPEM, serverKeyPEM, nil
+}
+
+func generateCert(ca *x509.Certificate, caPrivKey *rsa.PrivateKey) ([]byte, []byte, error) {
+	// set up our server certificate
+	cert := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Kluctl"},
+			Country:       []string{"Germany"},
+			Province:      []string{""},
+			Locality:      []string{""},
+			StreetAddress: []string{""},
+			PostalCode:    []string{""},
+		},
+		// we connect via a local port-forward, so 127.0.0.1 is what we need
+		IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		DNSNames:    []string{"localhost", "source-override"},
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().AddDate(10, 0, 0),
+		//SubjectKeyId: []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		KeyUsage:    x509.KeyUsageDigitalSignature,
+	}
+
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	certPEM := new(bytes.Buffer)
+	err = pem.Encode(certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	certPrivKeyPEM := new(bytes.Buffer)
+	err = pem.Encode(certPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return certPEM.Bytes(), certPrivKeyPEM.Bytes(), nil
+}

From 72de30983002707573e846b6900a0e93f983770c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 11:18:17 +0100
Subject: [PATCH 1837/2268] fix: Properly create repoKeys from scp style git
 urls

---
 cmd/kluctl/commands/cmd_gitops.go                    | 12 ++++++++++--
 .../kluctldeployment_controller_status.go            |  4 ++--
 pkg/types/git_url.go                                 |  8 ++++++++
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 2ba47762e..219c313bb 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -263,20 +263,28 @@ func (g *gitopsCmdHelper) autoDetectDeployment(ctx context.Context) error {
 
 	var matching []v1beta1.KluctlDeployment
 	for _, kd := range l.Items {
+		isGit := false
 		var u, subDir string
 		if kd.Spec.Source.Git != nil {
+			isGit = true
 			u = kd.Spec.Source.Git.URL
 			subDir = kd.Spec.Source.Git.Path
 		} else if kd.Spec.Source.Oci != nil {
 			u = kd.Spec.Source.Oci.URL
 			subDir = kd.Spec.Source.Oci.Path
 		} else if kd.Spec.Source.URL != nil {
+			isGit = true
 			u = *kd.Spec.Source.URL
 			subDir = kd.Spec.Source.Path
 		}
-		repoKey, err := types.NewRepoKeyFromUrl(u)
+		var repoKey types.RepoKey
+		if isGit {
+			repoKey, err = types.NewRepoKeyFromGitUrl(u)
+		} else {
+			repoKey, err = types.NewRepoKeyFromUrl(u)
+		}
 		if err != nil {
-			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s", kd.Namespace, kd.Name, kd.Spec.Source.Git.URL)
+			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s: %s", kd.Namespace, kd.Name, u, err.Error())
 			continue
 		}
 
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 49bf6ded6..3074bbd08 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -71,7 +71,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 
 	var newProjectKey result.ProjectKey
 	if obj.Spec.Source.Git != nil {
-		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Git.URL)
+		repoKey, err := types.NewRepoKeyFromGitUrl(obj.Spec.Source.Git.URL)
 		if err != nil {
 			return err
 		}
@@ -89,7 +89,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 			SubDir:  path.Clean(obj.Spec.Source.Oci.Path),
 		}
 	} else if obj.Spec.Source.URL != nil {
-		repoKey, err := types.NewRepoKeyFromUrl(*obj.Spec.Source.URL)
+		repoKey, err := types.NewRepoKeyFromGitUrl(*obj.Spec.Source.URL)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 5b59f9ff4..44ff15a49 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -170,6 +170,14 @@ func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
 	return NewRepoKey(t, u.Host, p), nil
 }
 
+func NewRepoKeyFromGitUrl(urlIn string) (RepoKey, error) {
+	u, err := ParseGitUrl(urlIn)
+	if err != nil {
+		return RepoKey{}, err
+	}
+	return NewRepoKeyFromUrl(u.String())
+}
+
 var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
 var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
 

From d1754a1bf7c3d759dbedf164a6a8d0d5f8ecfb34 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 12:36:45 +0100
Subject: [PATCH 1838/2268] feat: Use ecdsa keys and signatures for to
 authenticate CLI connections

---
 pkg/sourceoverride/proxyclient_cli.go        |  76 ++++++-
 pkg/sourceoverride/proxyclient_controller.go |  10 +-
 pkg/sourceoverride/proxyserver.go            | 110 +++++++---
 pkg/sourceoverride/sourceoverride.pb.go      | 208 +++++++++++--------
 pkg/sourceoverride/sourceoverride.proto      |  18 +-
 5 files changed, 289 insertions(+), 133 deletions(-)

diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index b6938f88d..90c06bac8 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -2,9 +2,14 @@ package sourceoverride
 
 import (
 	"context"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/google/uuid"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
@@ -32,7 +37,10 @@ type ProxyClientCli struct {
 	controllerNamespace string
 
 	resolver Resolver
-	serverId string
+
+	key         *ecdsa.PrivateKey
+	pubKeyBytes []byte
+	pubKeyHash  []byte
 
 	pod     *v1.Pod
 	podPort int
@@ -51,8 +59,24 @@ func NewClientCli(ctx context.Context, c client.Client, controllerNamespace stri
 		client:              c,
 		controllerNamespace: controllerNamespace,
 		resolver:            resolver,
-		serverId:            uuid.NewString(),
 	}
+
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	s.key = key
+
+	pubKeyBytes, err := x509.MarshalPKIXPublicKey(key.Public())
+	if err != nil {
+		return nil, err
+	}
+	s.pubKeyBytes = pubKeyBytes
+
+	h := sha256.New()
+	h.Write(pubKeyBytes)
+	s.pubKeyHash = h.Sum(nil)
+
 	return s, nil
 }
 
@@ -63,7 +87,7 @@ func (c *ProxyClientCli) BuildProxyUrl() (*url.URL, error) {
 	} else {
 		host = c.target
 	}
-	u := fmt.Sprintf("%s://%s/%s", kluctlv1.SourceOverrideScheme, host, c.serverId)
+	u := fmt.Sprintf("%s://%s/%s", kluctlv1.SourceOverrideScheme, host, hex.EncodeToString(c.pubKeyHash))
 	return url.Parse(u)
 }
 
@@ -163,23 +187,57 @@ func (c *ProxyClientCli) Handshake() error {
 	}
 
 	msg := &ProxyResponse{
-		Auth: &Auth{
-			ServerId: c.serverId,
+		Auth: &AuthMsg{
+			PubKey: c.pubKeyBytes,
 		},
 	}
+
 	err = c.stream.Send(msg)
 	if err != nil {
 		return err
 	}
+
 	resp, err := c.stream.Recv()
 	if err != nil {
 		return err
 	}
-	if resp.AuthError == nil {
+
+	if resp.Auth == nil || len(resp.Auth.Challenge) != challengeSize {
+		return fmt.Errorf("response is missing auth message")
+	}
+
+	h := sha256.New()
+	h.Write(c.pubKeyHash)
+	h.Write(resp.Auth.Challenge)
+
+	sig, err := ecdsa.SignASN1(rand.Reader, c.key, h.Sum(nil))
+	if err != nil {
+		return err
+	}
+
+	msg = &ProxyResponse{
+		Auth: &AuthMsg{
+			Pop: sig,
+		},
+	}
+	err = c.stream.Send(msg)
+	if err != nil {
+		return err
+	}
+	resp, err = c.stream.Recv()
+	if err != nil {
+		return err
+	}
+
+	if resp.Auth == nil {
+		return fmt.Errorf("response is missing auth message")
+	}
+
+	if resp.Auth.AuthError == nil {
 		return fmt.Errorf("missing authError")
 	}
-	if *resp.AuthError != "" {
-		return errors.New(*resp.AuthError)
+	if *resp.Auth.AuthError != "" {
+		return errors.New(*resp.Auth.AuthError)
 	}
 	return nil
 }
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index 1cd0803dd..f4258b5e4 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -17,7 +17,7 @@ type ProxyClientController struct {
 	client              client.Client
 	controllerNamespace string
 
-	serverId       string
+	pubKeyHash     string
 	knownOverrides []RepoOverride
 
 	grpcConn *grpc.ClientConn
@@ -26,11 +26,11 @@ type ProxyClientController struct {
 	cache utils.ThreadSafeCache[types.RepoKey, string]
 }
 
-func NewClientController(c client.Client, controllerNamespace string, serverId string) (*ProxyClientController, error) {
+func NewClientController(c client.Client, controllerNamespace string, pubKeyHash string) (*ProxyClientController, error) {
 	s := &ProxyClientController{
 		client:              c,
 		controllerNamespace: controllerNamespace,
-		serverId:            serverId,
+		pubKeyHash:          pubKeyHash,
 	}
 	return s, nil
 }
@@ -89,7 +89,9 @@ func (c *ProxyClientController) ResolveOverride(ctx context.Context, repoKey typ
 
 func (c *ProxyClientController) doResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
 	msg := &ProxyRequest{
-		ServerId: c.serverId,
+		Auth: &AuthMsg{
+			PubKeyHash: &c.pubKeyHash,
+		},
 		Request: &ResolveOverrideRequest{
 			RepoKey: repoKey.String(),
 		},
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index 3e8fea4ef..86254cee9 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -2,7 +2,13 @@ package sourceoverride
 
 import (
 	"context"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/hex"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"net"
@@ -14,6 +20,8 @@ const (
 	maxTarSize   = 32 * 1024 * 1024
 	maxUntarSize = 64 * 1024 * 1024
 	maxMsgSize   = maxTarSize + 1024
+
+	challengeSize = 32
 )
 
 type ProxyServerImpl struct {
@@ -34,8 +42,8 @@ type ProxyServerImpl struct {
 type ProxyConnection struct {
 	server *ProxyServerImpl
 
-	id     string
-	stream Proxy_ProxyStreamServer
+	pubKeyHash string
+	stream     Proxy_ProxyStreamServer
 
 	requestsCh chan *wrappedRequest
 	stopCh     chan struct{}
@@ -113,40 +121,78 @@ func (s *ProxyServerImpl) ProxyStream(stream Proxy_ProxyStreamServer) error {
 	defer func() {
 		s.mutex.Lock()
 		defer s.mutex.Unlock()
-		delete(s.connections, con.id)
+		delete(s.connections, con.pubKeyHash)
 	}()
 
 	return con.proxyRequests()
 }
 
 func (s *ProxyServerImpl) handshake(stream Proxy_ProxyStreamServer) (*ProxyConnection, error) {
-	msg, err := stream.Recv()
+	resp, err := stream.Recv()
 	if err != nil {
 		return nil, err
 	}
 
-	if msg.Response != nil || msg.Auth == nil {
+	if len(resp.Auth.PubKey) == 0 {
 		return nil, fmt.Errorf("expected auth")
 	}
 
-	doResp := func(err error) error {
-		errStr := ""
-		if err != nil {
-			errStr = err.Error()
-		}
-		err2 := stream.Send(&ProxyRequest{
-			AuthError: &errStr,
-			ServerId:  msg.Auth.ServerId,
-		})
-		if err2 != nil {
-			return err2
-		}
-		return nil
+	pubKeyAny, err := x509.ParsePKIXPublicKey(resp.Auth.PubKey)
+	if err != nil {
+		return nil, err
+	}
+	pubKey, ok := pubKeyAny.(*ecdsa.PublicKey)
+	if !ok {
+		return nil, fmt.Errorf("not an ECDSA public key")
+	}
+
+	h := sha256.New()
+	h.Write(resp.Auth.PubKey)
+	pubKeyHash := h.Sum(nil)
+
+	challenge := make([]byte, challengeSize)
+	_, err = rand.Read(challenge)
+	if err != nil {
+		return nil, err
+	}
+
+	msg := &ProxyRequest{
+		Auth: &AuthMsg{
+			Challenge: challenge,
+		},
+	}
+
+	err = stream.Send(msg)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err = stream.Recv()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(resp.Auth.Pop) == 0 {
+		return nil, fmt.Errorf("expected pop")
+	}
+
+	h = sha256.New()
+	h.Write(pubKeyHash)
+	h.Write(challenge)
+
+	if !ecdsa.VerifyASN1(pubKey, h.Sum(nil), resp.Auth.Pop) {
+		return nil, fmt.Errorf("proof of possession failed")
+	}
+
+	msg = &ProxyRequest{
+		Auth: &AuthMsg{
+			AuthError: utils.StrPtr(""),
+		},
 	}
 
 	con := &ProxyConnection{
 		server:     s,
-		id:         msg.Auth.ServerId,
+		pubKeyHash: hex.EncodeToString(pubKeyHash),
 		stream:     stream,
 		requestsCh: make(chan *wrappedRequest),
 		stopCh:     make(chan struct{}),
@@ -154,25 +200,31 @@ func (s *ProxyServerImpl) handshake(stream Proxy_ProxyStreamServer) (*ProxyConne
 	}
 
 	s.mutex.Lock()
-	if _, ok := s.connections[msg.Auth.ServerId]; ok {
+	if _, ok := s.connections[con.pubKeyHash]; ok {
 		s.mutex.Unlock()
-		err = fmt.Errorf("duplicate server id")
-		_ = doResp(err)
-		return nil, err
+		return nil, fmt.Errorf("duplicate server id")
 	}
-	s.connections[msg.Auth.ServerId] = con
+	s.connections[con.pubKeyHash] = con
 	s.mutex.Unlock()
 
-	return con, doResp(nil)
+	err = stream.Send(msg)
+	if err != nil {
+		return nil, err
+	}
+
+	return con, nil
 }
 
 func (s *ProxyServerImpl) ResolveOverride(ctx context.Context, req *ProxyRequest) (*ResolveOverrideResponse, error) {
+	if req.Auth.PubKeyHash == nil {
+		return nil, fmt.Errorf("missing pubKeyHash")
+	}
 	if req.Request == nil {
 		return nil, fmt.Errorf("missing request")
 	}
 
 	s.mutex.Lock()
-	con, ok := s.connections[req.ServerId]
+	con, ok := s.connections[*req.Auth.PubKeyHash]
 	s.mutex.Unlock()
 	if !ok {
 		return nil, fmt.Errorf("connection not found")
@@ -224,8 +276,10 @@ func (c *ProxyConnection) proxyRequests() error {
 
 func (c *ProxyConnection) proxyRequest(req *wrappedRequest) error {
 	err := c.stream.Send(&ProxyRequest{
-		ServerId: c.id,
-		Request:  req.req,
+		Auth: &AuthMsg{
+			PubKeyHash: &c.pubKeyHash,
+		},
+		Request: req.req,
 	})
 	if err != nil {
 		req.errCh <- err
diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
index a55ab11ee..eb549adb3 100644
--- a/pkg/sourceoverride/sourceoverride.pb.go
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -25,7 +25,7 @@ type ProxyResponse struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Auth     *Auth                    `protobuf:"bytes,1,opt,name=auth,proto3,oneof" json:"auth,omitempty"`
+	Auth     *AuthMsg                 `protobuf:"bytes,1,opt,name=auth,proto3" json:"auth,omitempty"`
 	Response *ResolveOverrideResponse `protobuf:"bytes,2,opt,name=response,proto3,oneof" json:"response,omitempty"`
 }
 
@@ -61,7 +61,7 @@ func (*ProxyResponse) Descriptor() ([]byte, []int) {
 	return file_sourceoverride_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *ProxyResponse) GetAuth() *Auth {
+func (x *ProxyResponse) GetAuth() *AuthMsg {
 	if x != nil {
 		return x.Auth
 	}
@@ -80,9 +80,8 @@ type ProxyRequest struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	AuthError *string                 `protobuf:"bytes,1,opt,name=authError,proto3,oneof" json:"authError,omitempty"`
-	ServerId  string                  `protobuf:"bytes,2,opt,name=serverId,proto3" json:"serverId,omitempty"`
-	Request   *ResolveOverrideRequest `protobuf:"bytes,3,opt,name=request,proto3,oneof" json:"request,omitempty"`
+	Auth    *AuthMsg                `protobuf:"bytes,1,opt,name=auth,proto3" json:"auth,omitempty"`
+	Request *ResolveOverrideRequest `protobuf:"bytes,2,opt,name=request,proto3,oneof" json:"request,omitempty"`
 }
 
 func (x *ProxyRequest) Reset() {
@@ -117,18 +116,11 @@ func (*ProxyRequest) Descriptor() ([]byte, []int) {
 	return file_sourceoverride_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *ProxyRequest) GetAuthError() string {
-	if x != nil && x.AuthError != nil {
-		return *x.AuthError
-	}
-	return ""
-}
-
-func (x *ProxyRequest) GetServerId() string {
+func (x *ProxyRequest) GetAuth() *AuthMsg {
 	if x != nil {
-		return x.ServerId
+		return x.Auth
 	}
-	return ""
+	return nil
 }
 
 func (x *ProxyRequest) GetRequest() *ResolveOverrideRequest {
@@ -138,16 +130,20 @@ func (x *ProxyRequest) GetRequest() *ResolveOverrideRequest {
 	return nil
 }
 
-type Auth struct {
+type AuthMsg struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	ServerId string `protobuf:"bytes,1,opt,name=serverId,proto3" json:"serverId,omitempty"`
+	PubKey     []byte  `protobuf:"bytes,1,opt,name=pubKey,proto3,oneof" json:"pubKey,omitempty"`
+	Challenge  []byte  `protobuf:"bytes,2,opt,name=challenge,proto3,oneof" json:"challenge,omitempty"`
+	Pop        []byte  `protobuf:"bytes,3,opt,name=pop,proto3,oneof" json:"pop,omitempty"`
+	AuthError  *string `protobuf:"bytes,4,opt,name=authError,proto3,oneof" json:"authError,omitempty"`
+	PubKeyHash *string `protobuf:"bytes,5,opt,name=pubKeyHash,proto3,oneof" json:"pubKeyHash,omitempty"`
 }
 
-func (x *Auth) Reset() {
-	*x = Auth{}
+func (x *AuthMsg) Reset() {
+	*x = AuthMsg{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_sourceoverride_proto_msgTypes[2]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -155,13 +151,13 @@ func (x *Auth) Reset() {
 	}
 }
 
-func (x *Auth) String() string {
+func (x *AuthMsg) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*Auth) ProtoMessage() {}
+func (*AuthMsg) ProtoMessage() {}
 
-func (x *Auth) ProtoReflect() protoreflect.Message {
+func (x *AuthMsg) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[2]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -173,14 +169,42 @@ func (x *Auth) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use Auth.ProtoReflect.Descriptor instead.
-func (*Auth) Descriptor() ([]byte, []int) {
+// Deprecated: Use AuthMsg.ProtoReflect.Descriptor instead.
+func (*AuthMsg) Descriptor() ([]byte, []int) {
 	return file_sourceoverride_proto_rawDescGZIP(), []int{2}
 }
 
-func (x *Auth) GetServerId() string {
+func (x *AuthMsg) GetPubKey() []byte {
+	if x != nil {
+		return x.PubKey
+	}
+	return nil
+}
+
+func (x *AuthMsg) GetChallenge() []byte {
 	if x != nil {
-		return x.ServerId
+		return x.Challenge
+	}
+	return nil
+}
+
+func (x *AuthMsg) GetPop() []byte {
+	if x != nil {
+		return x.Pop
+	}
+	return nil
+}
+
+func (x *AuthMsg) GetAuthError() string {
+	if x != nil && x.AuthError != nil {
+		return *x.AuthError
+	}
+	return ""
+}
+
+func (x *AuthMsg) GetPubKeyHash() string {
+	if x != nil && x.PubKeyHash != nil {
+		return *x.PubKeyHash
 	}
 	return ""
 }
@@ -292,55 +316,65 @@ var File_sourceoverride_proto protoreflect.FileDescriptor
 var file_sourceoverride_proto_rawDesc = []byte{
 	0x0a, 0x14, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76,
-	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x22, 0x9e, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2d, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
-	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x48, 0x00, 0x52, 0x04,
-	0x61, 0x75, 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x48, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x73, 0x6f, 0x75, 0x72,
-	0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c,
-	0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x48, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x88, 0x01,
-	0x01, 0x42, 0x07, 0x0a, 0x05, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x72,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xae, 0x01, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68,
-	0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x61,
-	0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x12, 0x1a, 0x0a, 0x08, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63,
-	0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x22, 0x93, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x73, 0x67, 0x52,
+	0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x48, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65,
+	0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x48, 0x00, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x88, 0x01, 0x01, 0x42,
+	0x0b, 0x0a, 0x09, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8e, 0x01, 0x0a,
+	0x0c, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a,
+	0x04, 0x61, 0x75, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x41, 0x75, 0x74,
+	0x68, 0x4d, 0x73, 0x67, 0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x45, 0x0a, 0x07, 0x72, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x88, 0x01,
+	0x01, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xe6, 0x01,
+	0x0a, 0x07, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x73, 0x67, 0x12, 0x1b, 0x0a, 0x06, 0x70, 0x75, 0x62,
+	0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x70, 0x75, 0x62,
+	0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, 0x12, 0x21, 0x0a, 0x09, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65,
+	0x6e, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x01, 0x52, 0x09, 0x63, 0x68, 0x61,
+	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x88, 0x01, 0x01, 0x12, 0x15, 0x0a, 0x03, 0x70, 0x6f, 0x70,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x02, 0x52, 0x03, 0x70, 0x6f, 0x70, 0x88, 0x01, 0x01,
+	0x12, 0x21, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x48, 0x03, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72,
+	0x88, 0x01, 0x01, 0x12, 0x23, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x73,
+	0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x04, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x4b, 0x65,
+	0x79, 0x48, 0x61, 0x73, 0x68, 0x88, 0x01, 0x01, 0x42, 0x09, 0x0a, 0x07, 0x5f, 0x70, 0x75, 0x62,
+	0x4b, 0x65, 0x79, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
+	0x65, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x70, 0x6f, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x61, 0x75,
+	0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x70, 0x75, 0x62, 0x4b,
+	0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76,
 	0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x48, 0x01, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0c,
-	0x0a, 0x0a, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0a, 0x0a, 0x08,
-	0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x22, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68,
-	0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x49, 0x64, 0x22, 0x32, 0x0a, 0x16,
-	0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65,
-	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79,
-	0x22, 0x6c, 0x0a, 0x17, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72,
-	0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72,
-	0x72, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x12, 0x1f, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61,
-	0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x01, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69,
-	0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x32, 0xb5,
-	0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x50, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78,
-	0x79, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x1d, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x6c, 0x0a, 0x17, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x88, 0x01, 0x01,
+	0x12, 0x1f, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0c, 0x48, 0x01, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x88, 0x01,
+	0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0b, 0x0a, 0x09, 0x5f,
+	0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x32, 0xb5, 0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x12, 0x50, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x72, 0x65, 0x61,
+	0x6d, 0x12, 0x1d, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
+	0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x1a, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64,
+	0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x00,
+	0x28, 0x01, 0x30, 0x01, 0x12, 0x5a, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
 	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
-	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x12, 0x5a, 0x0a, 0x0f, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1c, 0x2e,
-	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50,
-	0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x73, 0x6f,
-	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73,
-	0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x6b, 0x6c, 0x75, 0x63,
-	0x74, 0x6c, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
-	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76,
+	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b,
+	0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x6b, 0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x76, 0x32, 0x2f,
+	0x70, 0x6b, 0x67, 0x2f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
+	0x64, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -359,23 +393,24 @@ var file_sourceoverride_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
 var file_sourceoverride_proto_goTypes = []interface{}{
 	(*ProxyResponse)(nil),           // 0: sourceoverride.ProxyResponse
 	(*ProxyRequest)(nil),            // 1: sourceoverride.ProxyRequest
-	(*Auth)(nil),                    // 2: sourceoverride.Auth
+	(*AuthMsg)(nil),                 // 2: sourceoverride.AuthMsg
 	(*ResolveOverrideRequest)(nil),  // 3: sourceoverride.ResolveOverrideRequest
 	(*ResolveOverrideResponse)(nil), // 4: sourceoverride.ResolveOverrideResponse
 }
 var file_sourceoverride_proto_depIdxs = []int32{
-	2, // 0: sourceoverride.ProxyResponse.auth:type_name -> sourceoverride.Auth
+	2, // 0: sourceoverride.ProxyResponse.auth:type_name -> sourceoverride.AuthMsg
 	4, // 1: sourceoverride.ProxyResponse.response:type_name -> sourceoverride.ResolveOverrideResponse
-	3, // 2: sourceoverride.ProxyRequest.request:type_name -> sourceoverride.ResolveOverrideRequest
-	0, // 3: sourceoverride.Proxy.ProxyStream:input_type -> sourceoverride.ProxyResponse
-	1, // 4: sourceoverride.Proxy.ResolveOverride:input_type -> sourceoverride.ProxyRequest
-	1, // 5: sourceoverride.Proxy.ProxyStream:output_type -> sourceoverride.ProxyRequest
-	4, // 6: sourceoverride.Proxy.ResolveOverride:output_type -> sourceoverride.ResolveOverrideResponse
-	5, // [5:7] is the sub-list for method output_type
-	3, // [3:5] is the sub-list for method input_type
-	3, // [3:3] is the sub-list for extension type_name
-	3, // [3:3] is the sub-list for extension extendee
-	0, // [0:3] is the sub-list for field type_name
+	2, // 2: sourceoverride.ProxyRequest.auth:type_name -> sourceoverride.AuthMsg
+	3, // 3: sourceoverride.ProxyRequest.request:type_name -> sourceoverride.ResolveOverrideRequest
+	0, // 4: sourceoverride.Proxy.ProxyStream:input_type -> sourceoverride.ProxyResponse
+	1, // 5: sourceoverride.Proxy.ResolveOverride:input_type -> sourceoverride.ProxyRequest
+	1, // 6: sourceoverride.Proxy.ProxyStream:output_type -> sourceoverride.ProxyRequest
+	4, // 7: sourceoverride.Proxy.ResolveOverride:output_type -> sourceoverride.ResolveOverrideResponse
+	6, // [6:8] is the sub-list for method output_type
+	4, // [4:6] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
 }
 
 func init() { file_sourceoverride_proto_init() }
@@ -409,7 +444,7 @@ func file_sourceoverride_proto_init() {
 			}
 		}
 		file_sourceoverride_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Auth); i {
+			switch v := v.(*AuthMsg); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -447,6 +482,7 @@ func file_sourceoverride_proto_init() {
 	}
 	file_sourceoverride_proto_msgTypes[0].OneofWrappers = []interface{}{}
 	file_sourceoverride_proto_msgTypes[1].OneofWrappers = []interface{}{}
+	file_sourceoverride_proto_msgTypes[2].OneofWrappers = []interface{}{}
 	file_sourceoverride_proto_msgTypes[4].OneofWrappers = []interface{}{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
diff --git a/pkg/sourceoverride/sourceoverride.proto b/pkg/sourceoverride/sourceoverride.proto
index b582df4d4..b08a9a128 100644
--- a/pkg/sourceoverride/sourceoverride.proto
+++ b/pkg/sourceoverride/sourceoverride.proto
@@ -10,18 +10,24 @@ service Proxy {
 }
 
 message ProxyResponse {
-  optional Auth auth = 1;
+  AuthMsg auth = 1;
   optional ResolveOverrideResponse response = 2;
 }
 
 message ProxyRequest {
-  optional string authError = 1;
-  string serverId = 2;
-  optional ResolveOverrideRequest request = 3;
+  AuthMsg auth = 1;
+  optional ResolveOverrideRequest request = 2;
 }
 
-message Auth {
-  string serverId = 1;
+message AuthMsg {
+  optional bytes pubKey = 1;
+
+  optional bytes challenge = 2;
+  optional bytes pop = 3;
+
+  optional string authError = 4;
+
+  optional string pubKeyHash = 5;
 }
 
 message ResolveOverrideRequest {

From fc9a72c75e06083719c5067c7f89091f16840895 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 13:35:28 +0100
Subject: [PATCH 1839/2268] feat: Allow to configure controller-namespace via
 arg

---
 cmd/kluctl/args/gitops_args.go                  |  3 ++-
 cmd/kluctl/commands/cmd_controller_run.go       | 12 ++++++++----
 cmd/kluctl/commands/cmd_gitops.go               |  7 +++----
 cmd/kluctl/commands/cmd_webui_run.go            |  7 ++++---
 docs/kluctl/commands/controller-run.md          |  1 +
 docs/kluctl/commands/gitops-deploy.md           |  1 +
 docs/kluctl/commands/gitops-logs.md             |  1 +
 docs/kluctl/commands/gitops-prune.md            |  1 +
 docs/kluctl/commands/gitops-reconcile.md        |  1 +
 docs/kluctl/commands/gitops-resume.md           |  1 +
 docs/kluctl/commands/gitops-suspend.md          |  1 +
 docs/kluctl/commands/gitops-validate.md         |  1 +
 docs/kluctl/commands/webui-run.md               | 17 +++++++++--------
 e2e/gitops_suite_test.go                        |  2 ++
 e2e/utils.go                                    |  2 +-
 pkg/controllers/kluctldeployment_controller.go  |  1 +
 .../kluctldeployment_controller_source.go       |  2 +-
 pkg/webui/auth.go                               | 16 +++++++++-------
 pkg/webui/server.go                             |  5 ++++-
 pkg/webui/server_logs.go                        |  4 +---
 20 files changed, 53 insertions(+), 33 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index e7a53fc1d..d776ca882 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -12,7 +12,8 @@ type GitOpsArgs struct {
 	Namespace     string `group:"gitops" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
 	LabelSelector string `group:"gitops" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
 
-	Context string `group:"gitops" help:"Override the context to use."`
+	Context             string `group:"gitops" help:"Override the context to use."`
+	ControllerNamespace string `group:"gitops" help:"The namespace where the controller runs in." default:"kluctl-system"`
 
 	LocalSourceOverridePort int `group:"gitops" help:"Specifies the local port to which the source-override client should connect to when running the controller locally." default:"0"`
 }
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 6b2e757fc..f014229f8 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -41,7 +41,9 @@ type controllerRunCmd struct {
 
 	Kubeconfig string `group:"misc" help:"Override the kubeconfig to use."`
 	Context    string `group:"misc" help:"Override the context to use."`
-	Namespace  string `group:"misc" help:"Specify the namespace to watch. If omitted, all namespaces are watched."`
+
+	ControllerNamespace string `group:"misc" help:"The namespace where the controller runs in." default:"kluctl-system"`
+	Namespace           string `group:"misc" help:"Specify the namespace to watch. If omitted, all namespaces are watched."`
 
 	MetricsBindAddress        string `group:"misc" help:"The address the metric endpoint binds to." default:":8080"`
 	HealthProbeBindAddress    string `group:"misc" help:"The address the probe endpoint binds to." default:":8081"`
@@ -104,7 +106,8 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	var cacheNamespaces map[string]cache.Config
 	if cmd.Namespace != "" {
 		cacheNamespaces = map[string]cache.Config{
-			cmd.Namespace: {},
+			cmd.ControllerNamespace: {},
+			cmd.Namespace:           {},
 		}
 	}
 
@@ -144,7 +147,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 			return nil
 		}
 		setupLog.Info("Initializing source-override server TLS")
-		return sourceoverride.InitTLS(ctx, mgr.GetClient(), "kluctl-system")
+		return sourceoverride.InitTLS(ctx, mgr.GetClient(), cmd.ControllerNamespace)
 	}))
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -157,7 +160,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 
 	var soProxyServer *sourceoverride.ProxyServerImpl
 	if cmd.SourceOverrideBindAddress != "0" {
-		soProxyServer = sourceoverride.NewProxyServerImpl(ctx, mgr.GetClient(), "kluctl-system")
+		soProxyServer = sourceoverride.NewProxyServerImpl(ctx, mgr.GetAPIReader(), cmd.ControllerNamespace)
 		_, err := soProxyServer.Listen(cmd.SourceOverrideBindAddress)
 		if err != nil {
 			return err
@@ -170,6 +173,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 
 	r := controllers.KluctlDeploymentReconciler{
 		ControllerName:        controllerName,
+		ControllerNamespace:   cmd.ControllerNamespace,
 		DefaultServiceAccount: cmd.DefaultServiceAccount,
 		DryRun:                cmd.DryRun,
 		RestConfig:            restConfig,
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 219c313bb..2651f629b 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -719,7 +719,7 @@ func (g *gitopsCmdHelper) watchLogs(ctx context.Context, stopCh chan struct{}, k
 		status.Infof(ctx, "Watching logs for %s/%s...", key.Namespace, key.Name)
 	}
 
-	logsCh, err := logs.WatchControllerLogs(ctx, g.corev1Client, "kluctl-system", key, reconcileId, g.logsArgs.LogSince, follow)
+	logsCh, err := logs.WatchControllerLogs(ctx, g.corev1Client, g.args.ControllerNamespace, key, reconcileId, g.logsArgs.LogSince, follow)
 	if err != nil {
 		return err
 	}
@@ -820,8 +820,7 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 		return err
 	}
 
-	controllerNamespace := "kluctl-system"
-	pods, err := g.corev1Client.Pods(controllerNamespace).List(ctx, metav1.ListOptions{
+	pods, err := g.corev1Client.Pods(g.args.ControllerNamespace).List(ctx, metav1.ListOptions{
 		LabelSelector: "control-plane=kluctl-controller",
 	})
 	if err != nil {
@@ -832,7 +831,7 @@ func (g *gitopsCmdHelper) initSourceOverrides(ctx context.Context) error {
 		pod = &pods.Items[rand.Int()%len(pods.Items)]
 	}
 
-	soClient, err := sourceoverride.NewClientCli(ctx, g.client, controllerNamespace, g.soResolver)
+	soClient, err := sourceoverride.NewClientCli(ctx, g.client, g.args.ControllerNamespace, g.soResolver)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index ff86195bd..ed73efb33 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -18,8 +18,9 @@ type webuiRunCmd struct {
 	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
 	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
 
-	InCluster        bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
-	InClusterContext string `group:"misc" help:"The context to use fo in-cluster functionality."`
+	InCluster           bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
+	InClusterContext    string `group:"misc" help:"The context to use fo in-cluster functionality."`
+	ControllerNamespace string `group:"misc" help:"The namespace where the controller runs in." default:"kluctl-system"`
 
 	OnlyApi bool `group:"misc" help:"Only serve API without the actual UI."`
 
@@ -150,7 +151,7 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 	collector := results.NewResultsCollector(ctx, stores)
 	collector.Start()
 
-	server, err := webui.NewCommandResultsServer(ctx, collector, configs, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
+	server, err := webui.NewCommandResultsServer(ctx, collector, configs, cmd.ControllerNamespace, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
 	if err != nil {
 		return err
 	}
diff --git a/docs/kluctl/commands/controller-run.md b/docs/kluctl/commands/controller-run.md
index ac3287d2b..0e22e8e24 100644
--- a/docs/kluctl/commands/controller-run.md
+++ b/docs/kluctl/commands/controller-run.md
@@ -29,6 +29,7 @@ Misc arguments:
       --concurrency int                       Configures how many KluctlDeployments can be be reconciled
                                               concurrently. (default 4)
       --context string                        Override the context to use.
+      --controller-namespace string           The namespace where the controller runs in. (default "kluctl-system")
       --default-service-account string        Default service account used for impersonation.
       --dry-run                               Run all deployments in dryRun=true mode.
       --health-probe-bind-address string      The address the probe endpoint binds to. (default ":8081")
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
index 754e2fd0d..8a8a65a78 100644
--- a/docs/kluctl/commands/gitops-deploy.md
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -30,6 +30,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
index c8a1e6cbf..e2f64969a 100644
--- a/docs/kluctl/commands/gitops-logs.md
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -27,6 +27,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
index 60534c4e1..64be04449 100644
--- a/docs/kluctl/commands/gitops-prune.md
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -30,6 +30,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
index 8f03961ec..a71ccbef6 100644
--- a/docs/kluctl/commands/gitops-reconcile.md
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -30,6 +30,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-resume.md b/docs/kluctl/commands/gitops-resume.md
index f3c47a830..c3f2974a1 100644
--- a/docs/kluctl/commands/gitops-resume.md
+++ b/docs/kluctl/commands/gitops-resume.md
@@ -27,6 +27,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-suspend.md b/docs/kluctl/commands/gitops-suspend.md
index 48f48041d..f61f605ca 100644
--- a/docs/kluctl/commands/gitops-suspend.md
+++ b/docs/kluctl/commands/gitops-suspend.md
@@ -27,6 +27,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index 863aff0c3..e18f94c23 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -30,6 +30,7 @@ GitOps arguments:
   Specify gitops flags.
 
       --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/webui-run.md b/docs/kluctl/commands/webui-run.md
index 9cd167675..d0bc898f7 100644
--- a/docs/kluctl/commands/webui-run.md
+++ b/docs/kluctl/commands/webui-run.md
@@ -24,14 +24,15 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
-      --all-contexts                Use all Kubernetes contexts found in the kubeconfig.
-      --context stringArray         List of kubernetes contexts to use.
-      --host string                 Host to bind to. Pass an empty string to bind to all addresses. Defaults to
-                                    'localhost' when run locally and to all hosts when run in-cluster.
-      --in-cluster                  This enables in-cluster functionality. This also enforces authentication.
-      --in-cluster-context string   The context to use fo in-cluster functionality.
-      --only-api                    Only serve API without the actual UI.
-      --port int                    Port to bind to. (default 8080)
+      --all-contexts                  Use all Kubernetes contexts found in the kubeconfig.
+      --context stringArray           List of kubernetes contexts to use.
+      --controller-namespace string   The namespace where the controller runs in. (default "kluctl-system")
+      --host string                   Host to bind to. Pass an empty string to bind to all addresses. Defaults to
+                                      'localhost' when run locally and to all hosts when run in-cluster.
+      --in-cluster                    This enables in-cluster functionality. This also enforces authentication.
+      --in-cluster-context string     The context to use fo in-cluster functionality.
+      --only-api                      Only serve API without the actual UI.
+      --port int                      Port to bind to. (default 8080)
 
 ```
 <!-- END SECTION -->
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 13dc62c08..c0c68f95c 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -86,6 +86,8 @@ func (suite *GitopsTestSuite) startController() {
 		suite.T().Fatal(err)
 	}
 
+	createNamespace(suite.T(), suite.k, "kluctl-system")
+
 	suite.sourceOverridePort = port_tool.NextFreePort("127.0.0.1")
 
 	ctx, ctxCancel := context.WithCancel(context.Background())
diff --git a/e2e/utils.go b/e2e/utils.go
index 3ec0d5ab2..502a0d7db 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -27,7 +27,7 @@ func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace strin
 	ns.SetName(namespace)
 	_, err := r.Create(context.Background(), &ns, metav1.CreateOptions{})
 
-	if err != nil {
+	if err != nil && !errors.IsAlreadyExists(err) {
 		t.Fatal(err)
 	}
 }
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index a7e52340c..2253196e9 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -35,6 +35,7 @@ type KluctlDeploymentReconciler struct {
 	EventRecorder         kuberecorder.EventRecorder
 	MetricsRecorder       *metrics.Recorder
 	ControllerName        string
+	ControllerNamespace   string
 	DefaultServiceAccount string
 	DryRun                bool
 
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 81bc7de6b..40c59a01b 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -78,7 +78,7 @@ func (r *KluctlDeploymentReconciler) buildSourceOverridesClients(ctx context.Con
 
 		serverId := strings.TrimPrefix(u.Path, "/")
 
-		c, err := sourceoverride.NewClientController(r.Client, "kluctl-system", serverId)
+		c, err := sourceoverride.NewClientController(r.Client, r.ControllerNamespace, serverId)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create source override client: %w", err)
 		}
diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 368c61d99..7f4c90f6d 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -54,7 +54,8 @@ type login struct {
 type authHandler struct {
 	ctx context.Context
 
-	serverClient client.Client
+	serverClient        client.Client
+	controllerNamespace string
 
 	authConfig AuthConfig
 
@@ -72,11 +73,12 @@ type User struct {
 	IsAdmin  bool   `json:"isAdmin"`
 }
 
-func newAuthHandler(ctx context.Context, serverClient client.Client, authConfig AuthConfig) (*authHandler, error) {
+func newAuthHandler(ctx context.Context, serverClient client.Client, controllerNamespace string, authConfig AuthConfig) (*authHandler, error) {
 	ret := &authHandler{
-		ctx:          ctx,
-		authConfig:   authConfig,
-		serverClient: serverClient,
+		ctx:                 ctx,
+		authConfig:          authConfig,
+		serverClient:        serverClient,
+		controllerNamespace: controllerNamespace,
 	}
 
 	if serverClient == nil {
@@ -256,8 +258,8 @@ func (s *authHandler) getSecret(secretName string, secretKey string, allowGenera
 		return "", fmt.Errorf("no serverClient set")
 	}
 	if allowGenerate {
-		return k8s.GetOrGenerateSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey, "kluctl-webui")
+		return k8s.GetOrGenerateSingleSecret(s.ctx, s.serverClient, secretName, s.controllerNamespace, secretKey, "kluctl-webui")
 	} else {
-		return k8s.GetSingleSecret(s.ctx, s.serverClient, secretName, "kluctl-system", secretKey)
+		return k8s.GetSingleSecret(s.ctx, s.serverClient, secretName, s.controllerNamespace, secretKey)
 	}
 }
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 02d2f1d6c..6604ffd55 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -38,6 +38,8 @@ type CommandResultsServer struct {
 	store results.ResultStore
 	cam   *clusterAccessorManager
 
+	controllerNamespace string
+
 	// this is the client for the k8s cluster where the server runs on
 	serverClient       client.Client
 	serverCoreV1Client *corev1.CoreV1Client
@@ -52,6 +54,7 @@ func NewCommandResultsServer(
 	ctx context.Context,
 	store *results.ResultsCollector,
 	configs []*rest.Config,
+	controllerNamespace string,
 	serverConfig *rest.Config,
 	serverClient client.Client,
 	authConfig AuthConfig,
@@ -77,7 +80,7 @@ func NewCommandResultsServer(
 
 	ret.events = newEventsHandler(ret)
 
-	ret.auth, err = newAuthHandler(ctx, serverClient, authConfig)
+	ret.auth, err = newAuthHandler(ctx, serverClient, controllerNamespace, authConfig)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index 32204253c..b1f6e22d4 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -35,12 +35,10 @@ func (s *CommandResultsServer) logsHandler(gctx *gin.Context) {
 
 	ctx := conn.CloseRead(gctx)
 
-	controllerNamespace := "kluctl-system"
-
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second, true)
+	logCh, err := logs.WatchControllerLogs(ctx, s.serverCoreV1Client, s.controllerNamespace, client.ObjectKey{Name: args.Name, Namespace: args.Namespace}, args.ReconcileId, 60*time.Second, true)
 	if err != nil {
 		_ = gctx.AbortWithError(http.StatusBadRequest, err)
 		return

From 26ca9f0f20ce74c89777b559fb9ca254d515a1b1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 17:43:40 +0100
Subject: [PATCH 1840/2268] feat: Also authenticate controller client

---
 cmd/kluctl/commands/cmd_controller_run.go    |  2 +-
 pkg/sourceoverride/proxyclient_controller.go | 17 ++--
 pkg/sourceoverride/proxyserver.go            | 10 ++-
 pkg/sourceoverride/{tls.go => secret.go}     | 72 ++++++++++-------
 pkg/sourceoverride/sourceoverride.pb.go      | 82 +++++++++++---------
 pkg/sourceoverride/sourceoverride.proto      |  1 +
 6 files changed, 115 insertions(+), 69 deletions(-)
 rename pkg/sourceoverride/{tls.go => secret.go} (74%)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index f014229f8..c1f71372f 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -147,7 +147,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 			return nil
 		}
 		setupLog.Info("Initializing source-override server TLS")
-		return sourceoverride.InitTLS(ctx, mgr.GetClient(), cmd.ControllerNamespace)
+		return sourceoverride.InitControllerSecret(ctx, mgr.GetClient(), cmd.ControllerNamespace)
 	}))
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index f4258b5e4..c894cf1f3 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -14,24 +14,26 @@ import (
 )
 
 type ProxyClientController struct {
-	client              client.Client
+	client              client.Reader
 	controllerNamespace string
 
 	pubKeyHash     string
 	knownOverrides []RepoOverride
 
-	grpcConn *grpc.ClientConn
-	smClient ProxyClient
+	grpcConn         *grpc.ClientConn
+	smClient         ProxyClient
+	controllerSecret []byte
 
 	cache utils.ThreadSafeCache[types.RepoKey, string]
 }
 
-func NewClientController(c client.Client, controllerNamespace string, pubKeyHash string) (*ProxyClientController, error) {
+func NewClientController(c client.Reader, controllerNamespace string, pubKeyHash string) (*ProxyClientController, error) {
 	s := &ProxyClientController{
 		client:              c,
 		controllerNamespace: controllerNamespace,
 		pubKeyHash:          pubKeyHash,
 	}
+
 	return s, nil
 }
 
@@ -50,10 +52,11 @@ func (c *ProxyClientController) Cleanup() {
 }
 
 func (c *ProxyClientController) Connect(ctx context.Context, target string) error {
-	cp, err := LoadTLSCA(ctx, c.client, c.controllerNamespace)
+	cp, _, controllerSecret, err := WaitAndLoadSecret(ctx, c.client, c.controllerNamespace)
 	if err != nil {
 		return err
 	}
+
 	creds := credentials.NewClientTLSFromCert(cp, "")
 
 	grpcConn, err := grpc.DialContext(ctx, target,
@@ -67,6 +70,7 @@ func (c *ProxyClientController) Connect(ctx context.Context, target string) erro
 	}
 	c.grpcConn = grpcConn
 	c.smClient = NewProxyClient(c.grpcConn)
+	c.controllerSecret = controllerSecret
 	return nil
 }
 
@@ -90,7 +94,8 @@ func (c *ProxyClientController) ResolveOverride(ctx context.Context, repoKey typ
 func (c *ProxyClientController) doResolveOverride(ctx context.Context, repoKey types.RepoKey) (string, error) {
 	msg := &ProxyRequest{
 		Auth: &AuthMsg{
-			PubKeyHash: &c.pubKeyHash,
+			PubKeyHash:       &c.pubKeyHash,
+			ControllerSecret: c.controllerSecret,
 		},
 		Request: &ResolveOverrideRequest{
 			RepoKey: repoKey.String(),
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index 86254cee9..a6ce02e18 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -1,6 +1,7 @@
 package sourceoverride
 
 import (
+	"bytes"
 	"context"
 	"crypto/ecdsa"
 	"crypto/rand"
@@ -31,6 +32,8 @@ type ProxyServerImpl struct {
 	client              client.Reader
 	controllerNamespace string
 
+	controllerSecret []byte
+
 	mutex       sync.Mutex
 	stopped     bool
 	connections map[string]*ProxyConnection
@@ -76,7 +79,7 @@ func (m *ProxyServerImpl) Listen(addr string) (net.Addr, error) {
 }
 
 func (m *ProxyServerImpl) Serve() error {
-	cert, err := WaitAndLoadTLSCert(m.ctx, m.client, m.controllerNamespace)
+	_, cert, controllerSecret, err := WaitAndLoadSecret(m.ctx, m.client, m.controllerNamespace)
 	if err != nil {
 		return err
 	}
@@ -95,6 +98,7 @@ func (m *ProxyServerImpl) Serve() error {
 	)
 	RegisterProxyServer(grpcServer, m)
 	m.grpcServer = grpcServer
+	m.controllerSecret = controllerSecret
 	m.mutex.Unlock()
 
 	return grpcServer.Serve(m.listener)
@@ -224,6 +228,10 @@ func (s *ProxyServerImpl) ResolveOverride(ctx context.Context, req *ProxyRequest
 	}
 
 	s.mutex.Lock()
+	if !bytes.Equal(s.controllerSecret, req.Auth.ControllerSecret) {
+		s.mutex.Unlock()
+		return nil, fmt.Errorf("controllerSecret does not match")
+	}
 	con, ok := s.connections[*req.Auth.PubKeyHash]
 	s.mutex.Unlock()
 	if !ok {
diff --git a/pkg/sourceoverride/tls.go b/pkg/sourceoverride/secret.go
similarity index 74%
rename from pkg/sourceoverride/tls.go
rename to pkg/sourceoverride/secret.go
index 832c933f8..e3b5e9647 100644
--- a/pkg/sourceoverride/tls.go
+++ b/pkg/sourceoverride/secret.go
@@ -18,42 +18,55 @@ import (
 	"time"
 )
 
-const certSecretName = "kluctl-source-override-cert"
+const secretName = "kluctl-source-override-secret"
 const caConfigMapName = "kluctl-source-override-ca"
 
-func WaitAndLoadTLSCert(ctx context.Context, c client.Reader, controllerNamespace string) (*tls.Certificate, error) {
-	var certSecret corev1.Secret
+func WaitAndLoadSecret(ctx context.Context, c client.Reader, controllerNamespace string) (*x509.CertPool, *tls.Certificate, []byte, error) {
+	var secret corev1.Secret
 
 	for {
-		err := c.Get(ctx, client.ObjectKey{Name: certSecretName, Namespace: controllerNamespace}, &certSecret)
+		err := c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: controllerNamespace}, &secret)
 		if err == nil {
 			break
 		} else if errors.IsNotFound(err) {
 			select {
 			case <-ctx.Done():
-				return nil, ctx.Err()
+				return nil, nil, nil, ctx.Err()
 			case <-time.After(1 * time.Second):
 				continue
 			}
 		} else {
-			return nil, err
+			return nil, nil, nil, err
 		}
 	}
 
-	certBytes, ok := certSecret.Data["tls.crt"]
+	caBytes, ok := secret.Data["ca.pem"]
 	if !ok {
-		return nil, fmt.Errorf("missing tls.crt in %s", certSecretName)
+		return nil, nil, nil, fmt.Errorf("missing ca.pem in %s", secretName)
 	}
-	keyBytes, ok := certSecret.Data["tls.key"]
+	certBytes, ok := secret.Data["tls.crt"]
 	if !ok {
-		return nil, fmt.Errorf("missing tls.key in %s", certSecretName)
+		return nil, nil, nil, fmt.Errorf("missing tls.crt in %s", secretName)
+	}
+	keyBytes, ok := secret.Data["tls.key"]
+	if !ok {
+		return nil, nil, nil, fmt.Errorf("missing tls.key in %s", secretName)
+	}
+	controllerSecret, ok := secret.Data["controllerSecret"]
+	if !ok {
+		return nil, nil, nil, fmt.Errorf("missing controllerSecret in %s", secretName)
+	}
+
+	cp := x509.NewCertPool()
+	if !cp.AppendCertsFromPEM(caBytes) {
+		return nil, nil, nil, fmt.Errorf("failed to add CA to pool")
 	}
 
 	cert, err := tls.X509KeyPair(certBytes, keyBytes)
 	if err != nil {
-		return nil, err
+		return nil, nil, nil, err
 	}
-	return &cert, nil
+	return cp, &cert, controllerSecret, nil
 }
 
 func LoadTLSCA(ctx context.Context, c client.Reader, controllerNamespace string) (*x509.CertPool, error) {
@@ -78,14 +91,14 @@ func LoadTLSCA(ctx context.Context, c client.Reader, controllerNamespace string)
 	return cp, nil
 }
 
-func InitTLS(ctx context.Context, c client.Client, controllerNamespace string) error {
-	var certSecret corev1.Secret
+func InitControllerSecret(ctx context.Context, c client.Client, controllerNamespace string) error {
+	var secret corev1.Secret
 
-	err := c.Get(ctx, client.ObjectKey{Name: certSecretName, Namespace: controllerNamespace}, &certSecret)
+	err := c.Get(ctx, client.ObjectKey{Name: secretName, Namespace: controllerNamespace}, &secret)
 	if err != nil && !errors.IsNotFound(err) {
 		return err
 	} else if err == nil {
-		return initTLSCA(ctx, c, &certSecret, false)
+		return initTLSCA(ctx, c, &secret, false)
 	}
 
 	caPem, cert, key, err := certsetup()
@@ -93,21 +106,28 @@ func InitTLS(ctx context.Context, c client.Client, controllerNamespace string) e
 		return err
 	}
 
-	certSecret.Data = map[string][]byte{
-		"ca.pem":  caPem,
-		"tls.crt": cert,
-		"tls.key": key,
+	controllerSecret := make([]byte, challengeSize)
+	_, err = rand.Read(controllerSecret)
+	if err != nil {
+		return err
+	}
+
+	secret.Data = map[string][]byte{
+		"ca.pem":           caPem,
+		"tls.crt":          cert,
+		"tls.key":          key,
+		"controllerSecret": controllerSecret,
 	}
 
-	certSecret.APIVersion = "v1"
-	certSecret.Kind = "Secret"
-	certSecret.Name = certSecretName
-	certSecret.Namespace = controllerNamespace
-	err = c.Patch(ctx, &certSecret, client.Apply, client.FieldOwner("kluctl-controller"))
+	secret.APIVersion = "v1"
+	secret.Kind = "Secret"
+	secret.Name = secretName
+	secret.Namespace = controllerNamespace
+	err = c.Patch(ctx, &secret, client.Apply, client.FieldOwner("kluctl-controller"))
 	if err != nil {
 		return err
 	}
-	return initTLSCA(ctx, c, &certSecret, true)
+	return initTLSCA(ctx, c, &secret, true)
 }
 
 func initTLSCA(ctx context.Context, c client.Client, certSecret *corev1.Secret, force bool) error {
diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
index eb549adb3..6375f3b9f 100644
--- a/pkg/sourceoverride/sourceoverride.pb.go
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -135,11 +135,12 @@ type AuthMsg struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	PubKey     []byte  `protobuf:"bytes,1,opt,name=pubKey,proto3,oneof" json:"pubKey,omitempty"`
-	Challenge  []byte  `protobuf:"bytes,2,opt,name=challenge,proto3,oneof" json:"challenge,omitempty"`
-	Pop        []byte  `protobuf:"bytes,3,opt,name=pop,proto3,oneof" json:"pop,omitempty"`
-	AuthError  *string `protobuf:"bytes,4,opt,name=authError,proto3,oneof" json:"authError,omitempty"`
-	PubKeyHash *string `protobuf:"bytes,5,opt,name=pubKeyHash,proto3,oneof" json:"pubKeyHash,omitempty"`
+	PubKey           []byte  `protobuf:"bytes,1,opt,name=pubKey,proto3,oneof" json:"pubKey,omitempty"`
+	Challenge        []byte  `protobuf:"bytes,2,opt,name=challenge,proto3,oneof" json:"challenge,omitempty"`
+	Pop              []byte  `protobuf:"bytes,3,opt,name=pop,proto3,oneof" json:"pop,omitempty"`
+	AuthError        *string `protobuf:"bytes,4,opt,name=authError,proto3,oneof" json:"authError,omitempty"`
+	PubKeyHash       *string `protobuf:"bytes,5,opt,name=pubKeyHash,proto3,oneof" json:"pubKeyHash,omitempty"`
+	ControllerSecret []byte  `protobuf:"bytes,6,opt,name=controllerSecret,proto3,oneof" json:"controllerSecret,omitempty"`
 }
 
 func (x *AuthMsg) Reset() {
@@ -209,6 +210,13 @@ func (x *AuthMsg) GetPubKeyHash() string {
 	return ""
 }
 
+func (x *AuthMsg) GetControllerSecret() []byte {
+	if x != nil {
+		return x.ControllerSecret
+	}
+	return nil
+}
+
 type ResolveOverrideRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -334,7 +342,7 @@ var file_sourceoverride_proto_rawDesc = []byte{
 	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73,
 	0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75,
 	0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x88, 0x01,
-	0x01, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xe6, 0x01,
+	0x01, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xac, 0x02,
 	0x0a, 0x07, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x73, 0x67, 0x12, 0x1b, 0x0a, 0x06, 0x70, 0x75, 0x62,
 	0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06, 0x70, 0x75, 0x62,
 	0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, 0x12, 0x21, 0x0a, 0x09, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65,
@@ -345,36 +353,40 @@ var file_sourceoverride_proto_rawDesc = []byte{
 	0x01, 0x28, 0x09, 0x48, 0x03, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72,
 	0x88, 0x01, 0x01, 0x12, 0x23, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x73,
 	0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x04, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x79, 0x48, 0x61, 0x73, 0x68, 0x88, 0x01, 0x01, 0x42, 0x09, 0x0a, 0x07, 0x5f, 0x70, 0x75, 0x62,
-	0x4b, 0x65, 0x79, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x70, 0x6f, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x61, 0x75,
-	0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x70, 0x75, 0x62, 0x4b,
-	0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22, 0x32, 0x0a, 0x16, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76,
-	0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x6c, 0x0a, 0x17, 0x52, 0x65,
-	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x88, 0x01, 0x01,
-	0x12, 0x1f, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0c, 0x48, 0x01, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x88, 0x01,
-	0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0b, 0x0a, 0x09, 0x5f,
-	0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x32, 0xb5, 0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f,
-	0x78, 0x79, 0x12, 0x50, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x72, 0x65, 0x61,
-	0x6d, 0x12, 0x1d, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
-	0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x1a, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64,
-	0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x00,
-	0x28, 0x01, 0x30, 0x01, 0x12, 0x5a, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f,
-	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x79, 0x48, 0x61, 0x73, 0x68, 0x88, 0x01, 0x01, 0x12, 0x2f, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x74,
+	0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x0c, 0x48, 0x05, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72,
+	0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x88, 0x01, 0x01, 0x42, 0x09, 0x0a, 0x07, 0x5f, 0x70, 0x75,
+	0x62, 0x4b, 0x65, 0x79, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e,
+	0x67, 0x65, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x70, 0x6f, 0x70, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x61,
+	0x75, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x70, 0x75, 0x62,
+	0x4b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x63, 0x6f, 0x6e, 0x74,
+	0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, 0x32, 0x0a, 0x16,
+	0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x70, 0x6f, 0x4b, 0x65, 0x79,
+	0x22, 0x6c, 0x0a, 0x17, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72,
+	0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x65,
+	0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x72,
+	0x72, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x12, 0x1f, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61,
+	0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x01, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69,
+	0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x65, 0x72, 0x72, 0x6f,
+	0x72, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x32, 0xb5,
+	0x01, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x50, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78,
+	0x79, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x1d, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
 	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76,
-	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76,
-	0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b,
-	0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x6b, 0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x76, 0x32, 0x2f,
-	0x70, 0x6b, 0x67, 0x2f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69,
-	0x64, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x1c, 0x2e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f,
+	0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x12, 0x5a, 0x0a, 0x0f, 0x52, 0x65,
+	0x73, 0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x1c, 0x2e,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x73, 0x6f,
+	0x75, 0x72, 0x63, 0x65, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x2e, 0x52, 0x65, 0x73,
+	0x6f, 0x6c, 0x76, 0x65, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x6c, 0x75, 0x63, 0x74, 0x6c, 0x2f, 0x6b, 0x6c, 0x75, 0x63,
+	0x74, 0x6c, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/pkg/sourceoverride/sourceoverride.proto b/pkg/sourceoverride/sourceoverride.proto
index b08a9a128..5ec9e1a11 100644
--- a/pkg/sourceoverride/sourceoverride.proto
+++ b/pkg/sourceoverride/sourceoverride.proto
@@ -28,6 +28,7 @@ message AuthMsg {
   optional string authError = 4;
 
   optional string pubKeyHash = 5;
+  optional bytes controllerSecret = 6;
 }
 
 message ResolveOverrideRequest {

From 4cfa1aaf0b5dae257e60a0a4d8406aa0e8c54131 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 30 Oct 2023 23:23:10 +0100
Subject: [PATCH 1841/2268] tests: Use own controller namespace per testsuite

---
 e2e/gitops_manual_requests_test.go |  2 ++
 e2e/gitops_source_override_test.go |  3 ++-
 e2e/gitops_suite_test.go           | 11 ++++++++++-
 e2e/test_project/project.go        |  7 +++++++
 4 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/e2e/gitops_manual_requests_test.go b/e2e/gitops_manual_requests_test.go
index 367181bee..3dc8b4cc7 100644
--- a/e2e/gitops_manual_requests_test.go
+++ b/e2e/gitops_manual_requests_test.go
@@ -32,6 +32,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 	g := NewWithT(suite.T())
 
 	p := test_project.NewTestProject(suite.T())
+	p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
@@ -236,6 +237,7 @@ func (suite *GitOpsManualRequestsSuite) TestManualRequests() {
 
 func (suite *GitOpsManualRequestsSuite) TestOverrides() {
 	p := test_project.NewTestProject(suite.T())
+	p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
 	createNamespace(suite.T(), suite.k, p.TestSlug())
 
 	p.UpdateTarget("target1", nil)
diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
index c9b3aa6d5..3e45fe9f9 100644
--- a/e2e/gitops_source_override_test.go
+++ b/e2e/gitops_source_override_test.go
@@ -43,6 +43,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) assertOverridesDidHappen(key client
 func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 	gs := test_utils.NewTestGitServer(suite.T())
 	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, gs, false)
+	pt.p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
 
 	key := suite.createKluctlDeployment(pt.p, "test", nil)
 
@@ -96,7 +97,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 
 func (suite *GitOpsLocalSourceOverrideSuite) TestLocalOciOverrides() {
 	pt := prepareLocalSourceOverrideTest(suite.T(), suite.k, nil, true)
-	pt.p.SetSkipProjectDirArg(true)
+	pt.p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
 
 	key := suite.createKluctlDeployment(pt.p, "test", nil)
 
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index c0c68f95c..41aeeab0f 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -10,6 +10,7 @@ import (
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
+	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -86,7 +87,8 @@ func (suite *GitopsTestSuite) startController() {
 		suite.T().Fatal(err)
 	}
 
-	createNamespace(suite.T(), suite.k, "kluctl-system")
+	controllerNamespace := suite.gitopsNamespace + "-system"
+	createNamespace(suite.T(), suite.k, controllerNamespace)
 
 	suite.sourceOverridePort = port_tool.NextFreePort("127.0.0.1")
 
@@ -102,6 +104,8 @@ func (suite *GitopsTestSuite) startController() {
 		suite.gitopsNamespace,
 		"--command-result-namespace",
 		suite.gitopsNamespace + "-results",
+		"--controller-namespace",
+		controllerNamespace,
 		"--metrics-bind-address=0",
 		"--health-probe-bind-address=0",
 		fmt.Sprintf("--source-override-bind-address=localhost:%d", suite.sourceOverridePort),
@@ -118,6 +122,11 @@ func (suite *GitopsTestSuite) startController() {
 		close(done)
 	}()
 
+	_, _, _, err = sourceoverride.WaitAndLoadSecret(ctx, suite.k.Client, controllerNamespace)
+	if err != nil {
+		suite.T().Fatal(err)
+	}
+
 	cancel := func() {
 		ctxCancel()
 		<-done
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index df24b6ee9..702314a50 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -26,6 +26,7 @@ type TestProject struct {
 	initialName string
 
 	extraEnv          utils.OrderedMap[string, string]
+	extraArgs         []string
 	useProcess        bool
 	skipProjectDirArg bool
 	bare              bool
@@ -137,6 +138,10 @@ func (p *TestProject) SetEnv(k string, v string) {
 	p.extraEnv.Set(k, v)
 }
 
+func (p *TestProject) AddExtraArgs(a ...string) {
+	p.extraArgs = append(p.extraArgs, a...)
+}
+
 func (p *TestProject) UpdateKluctlYaml(update func(o *uo.UnstructuredObject) error) {
 	p.UpdateYaml(".kluctl.yml", update, "")
 }
@@ -473,6 +478,7 @@ func (p *TestProject) CopyProjectSourceTo(dst string) string {
 
 func (p *TestProject) KluctlProcess(t *testing.T, argsIn ...string) (string, string, error) {
 	var args []string
+	args = append(args, p.extraArgs...)
 	args = append(args, argsIn...)
 	args = append(args, "--no-update-check")
 
@@ -519,6 +525,7 @@ func (p *TestProject) KluctlExecute(t *testing.T, argsIn ...string) (string, str
 	}
 
 	var args []string
+	args = append(args, p.extraArgs...)
 	if !p.skipProjectDirArg {
 		args = append(args, "--project-dir", p.LocalProjectDir())
 	}

From bdaf4e5c78571c0777156e6d7cc68b0fe60670af Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:47:54 +0100
Subject: [PATCH 1842/2268] chore(deps): Bump sigs.k8s.io/kustomize/api from
 0.14.0 to 0.15.0 (#870)

Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.14.0...api/v0.15.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  5 +++--
 go.sum | 10 ++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index dc66fd2af..b54768757 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
 	k8s.io/klog/v2 v2.100.1
-	sigs.k8s.io/kustomize/kyaml v0.14.3
+	sigs.k8s.io/kustomize/kyaml v0.15.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 )
 
@@ -91,7 +91,7 @@ require (
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.2
-	sigs.k8s.io/kustomize/api v0.14.0
+	sigs.k8s.io/kustomize/api v0.15.0
 	sigs.k8s.io/yaml v1.3.0
 )
 
@@ -292,6 +292,7 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
+	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index 85839568d..8b2d36dce 100644
--- a/go.sum
+++ b/go.sum
@@ -1220,6 +1220,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk=
+gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
@@ -1285,10 +1287,10 @@ sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQ
 sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.14.0 h1:6+QLmXXA8X4eDM7ejeaNUyruA1DDB3PVIjbpVhDOJRA=
-sigs.k8s.io/kustomize/api v0.14.0/go.mod h1:vmOXlC8BcmcUJQjiceUbcyQ75JBP6eg8sgoyzc+eLpQ=
-sigs.k8s.io/kustomize/kyaml v0.14.3 h1:WpabVAKZe2YEp/irTSHwD6bfjwZnTtSDewd2BVJGMZs=
-sigs.k8s.io/kustomize/kyaml v0.14.3/go.mod h1:npvh9epWysfQ689Rtt/U+dpOJDTBn8kUnF1O6VzvmZA=
+sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4=
+sigs.k8s.io/kustomize/api v0.15.0/go.mod h1:p19kb+E14gN7zcIBR/nhByJDAfUa7N8mp6ZdH/mMXbg=
+sigs.k8s.io/kustomize/kyaml v0.15.0 h1:ynlLMAxDhrY9otSg5GYE2TcIz31XkGZ2Pkj7SdolD84=
+sigs.k8s.io/kustomize/kyaml v0.15.0/go.mod h1:+uMkBahdU1KNOj78Uta4rrXH+iH7wvg+nW7+GULvREA=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From 5ef159cd6d63c6b60c1b96b318ed4298700cb7a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:48:10 +0100
Subject: [PATCH 1843/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.19.4 to 1.20.1 (#871)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.19.4 to 1.20.1.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.19.4...v1.20.1)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b54768757..125329fbc 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.19.4
+	github.com/ohler55/ojg v1.20.1
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 8b2d36dce..6ca7887ee 100644
--- a/go.sum
+++ b/go.sum
@@ -654,8 +654,8 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/ohler55/ojg v1.19.4 h1:ZIgfyHI83aLx+fi1VoKn4I80HqWo45usWKnnxw94Mro=
-github.com/ohler55/ojg v1.19.4/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.20.1 h1:Io65sHjMjYPI7yuhUr8VdNmIQdYU6asKeFhOs8xgBnY=
+github.com/ohler55/ojg v1.20.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=

From 44e2b3f6e878ef0eb9cfd039d89e752fcf9045bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 11:48:42 +0100
Subject: [PATCH 1844/2268] chore(deps): Bump github.com/go-git/go-git/v5 from
 5.9.0 to 5.10.0 (#872)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 125329fbc..62b8979cd 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
-	github.com/go-git/go-git/v5 v5.9.0
+	github.com/go-git/go-git/v5 v5.10.0
 	github.com/go-logr/logr v1.2.4
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.3.1
diff --git a/go.sum b/go.sum
index 6ca7887ee..ce9cae7d0 100644
--- a/go.sum
+++ b/go.sum
@@ -297,10 +297,10 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
-github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8=
-github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
-github.com/go-git/go-git/v5 v5.9.0 h1:cD9SFA7sHVRdJ7AYck1ZaAa/yeuBvGPxwXDL8cxrObY=
-github.com/go-git/go-git/v5 v5.9.0/go.mod h1:RKIqga24sWdMGZF+1Ekv9kylsDz6LzdTSI2s/OsZWE0=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
+github.com/go-git/go-git/v5 v5.10.0 h1:F0x3xXrAWmhwtzoCokU4IMPcBdncG+HAAqi9FcOOjbQ=
+github.com/go-git/go-git/v5 v5.10.0/go.mod h1:1FOZ/pQnqw24ghP2n7cunVl0ON55BsjPYvhWHvZGhoo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=

From cc910622355e0a73582ebde9fd5eb74757711723 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 12:11:31 +0100
Subject: [PATCH 1845/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.16.2 to 0.16.3 (#874)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.16.2 to 0.16.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.16.2...v0.16.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 62b8979cd..367575b4a 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	golang.org/x/text v0.13.0
 	helm.sh/helm/v3 v3.13.1
 	k8s.io/api v0.28.3
-	k8s.io/apiextensions-apiserver v0.28.2
+	k8s.io/apiextensions-apiserver v0.28.3
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
 	k8s.io/klog/v2 v2.100.1
@@ -90,7 +90,7 @@ require (
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.7
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.16.2
+	sigs.k8s.io/controller-runtime v0.16.3
 	sigs.k8s.io/kustomize/api v0.15.0
 	sigs.k8s.io/yaml v1.3.0
 )
@@ -298,9 +298,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.28.2 // indirect
+	k8s.io/apiserver v0.28.3 // indirect
 	k8s.io/cli-runtime v0.28.2 // indirect
-	k8s.io/component-base v0.28.2 // indirect
+	k8s.io/component-base v0.28.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
 	k8s.io/kubectl v0.28.2 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
diff --git a/go.sum b/go.sum
index ce9cae7d0..bcfbe54d9 100644
--- a/go.sum
+++ b/go.sum
@@ -1252,18 +1252,18 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
 k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
-k8s.io/apiextensions-apiserver v0.28.2 h1:J6/QRWIKV2/HwBhHRVITMLYoypCoPY1ftigDM0Kn+QU=
-k8s.io/apiextensions-apiserver v0.28.2/go.mod h1:5tnkxLGa9nefefYzWuAlWZ7RZYuN/765Au8cWLA6SRg=
+k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
+k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
 k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
 k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
-k8s.io/apiserver v0.28.2 h1:rBeYkLvF94Nku9XfXyUIirsVzCzJBs6jMn3NWeHieyI=
-k8s.io/apiserver v0.28.2/go.mod h1:f7D5e8wH8MWcKD7azq6Csw9UN+CjdtXIVQUyUhrtb+E=
+k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w=
+k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM=
 k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk=
 k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA=
 k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
 k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
-k8s.io/component-base v0.28.2 h1:Yc1yU+6AQSlpJZyvehm/NkJBII72rzlEsd6MkBQ+G0E=
-k8s.io/component-base v0.28.2/go.mod h1:4IuQPQviQCg3du4si8GpMrhAIegxpsgPngPRR/zWpzc=
+k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI=
+k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
@@ -1283,8 +1283,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQVuIPU=
-sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
+sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
+sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4=

From c280033b9e800a9e146412ecdec3e52e5327c32c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Oct 2023 12:12:07 +0100
Subject: [PATCH 1846/2268] chore(deps): Bump github.com/go-logr/logr from
 1.2.4 to 1.3.0 (#873)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.4 to 1.3.0.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 367575b4a..fac90f4cf 100644
--- a/go.mod
+++ b/go.mod
@@ -71,7 +71,7 @@ require (
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.10.0
-	github.com/go-logr/logr v1.2.4
+	github.com/go-logr/logr v1.3.0
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.3.1
 	github.com/googleapis/gax-go/v2 v2.12.0
diff --git a/go.sum b/go.sum
index bcfbe54d9..82bb44ca6 100644
--- a/go.sum
+++ b/go.sum
@@ -313,8 +313,9 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=

From 59224646a42c93b4037286dcc49dff27ef4545e5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 14:16:39 +0100
Subject: [PATCH 1847/2268] refactor: Rearrange DeploymentItemConfig fields

---
 pkg/types/deployment.go | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 442b298ae..0fbe10215 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -7,20 +7,23 @@ import (
 )
 
 type DeploymentItemConfig struct {
-	Path             *string                  `json:"path,omitempty"`
-	Include          *string                  `json:"include,omitempty"`
-	Git              *GitProject              `json:"git,omitempty"`
-	Oci              *OciProject              `json:"oci,omitempty"`
-	Tags             []string                 `json:"tags,omitempty"`
-	Barrier          bool                     `json:"barrier,omitempty"`
-	Message          *string                  `json:"message,omitempty"`
-	WaitReadiness    bool                     `json:"waitReadiness,omitempty"`
-	Vars             []*VarsSource            `json:"vars,omitempty"`
-	SkipDeleteIfTags bool                     `json:"skipDeleteIfTags,omitempty"`
-	OnlyRender       bool                     `json:"onlyRender,omitempty"`
-	AlwaysDeploy     bool                     `json:"alwaysDeploy,omitempty"`
-	DeleteObjects    []DeleteObjectItemConfig `json:"deleteObjects,omitempty"`
-	When             string                   `json:"when,omitempty"`
+	Path          *string                  `json:"path,omitempty"`
+	Include       *string                  `json:"include,omitempty"`
+	Git           *GitProject              `json:"git,omitempty"`
+	Oci           *OciProject              `json:"oci,omitempty"`
+	DeleteObjects []DeleteObjectItemConfig `json:"deleteObjects,omitempty"`
+
+	Tags          []string `json:"tags,omitempty"`
+	Barrier       bool     `json:"barrier,omitempty"`
+	Message       *string  `json:"message,omitempty"`
+	WaitReadiness bool     `json:"waitReadiness,omitempty"`
+
+	Vars []*VarsSource `json:"vars,omitempty"`
+
+	SkipDeleteIfTags bool   `json:"skipDeleteIfTags,omitempty"`
+	OnlyRender       bool   `json:"onlyRender,omitempty"`
+	AlwaysDeploy     bool   `json:"alwaysDeploy,omitempty"`
+	When             string `json:"when,omitempty"`
 
 	// these are only allowed when writing the command result
 	RenderedHelmChartConfig *HelmChartConfig         `json:"renderedHelmChartConfig,omitempty"`

From 18d8ae80eba988421e984484c04ee38a8bb98bbd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 15:44:22 +0100
Subject: [PATCH 1848/2268] refactor: Remove TmpDir from LoadedKluctlProject

---
 cmd/kluctl/commands/utils.go      | 16 ++++++++--------
 pkg/controllers/kluctl_project.go |  2 +-
 pkg/kluctl_project/load.go        |  3 +--
 pkg/kluctl_project/project.go     |  2 --
 4 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 50c9744fa..7c33df455 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -29,12 +29,6 @@ import (
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
-	if err != nil {
-		return fmt.Errorf("creating temporary project directory failed: %w", err)
-	}
-	defer os.RemoveAll(tmpDir)
-
 	j2, err := kluctl_jinja2.NewKluctlJinja2(strictTemplates)
 	if err != nil {
 		return err
@@ -111,7 +105,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		ClientConfigGetter: clientConfigGetter(forCompletion),
 	}
 
-	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, tmpDir, j2)
+	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, j2)
 	if err != nil {
 		return err
 	}
@@ -154,6 +148,12 @@ func withProjectCommandContext(ctx context.Context, args projectTargetCommandArg
 }
 
 func withProjectTargetCommandContext(ctx context.Context, args projectTargetCommandArgs, p *kluctl_project.LoadedKluctlProject, cb func(cmdCtx *commandCtx) error) error {
+	tmpDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), "project-")
+	if err != nil {
+		return fmt.Errorf("creating temporary project directory failed: %w", err)
+	}
+	defer os.RemoveAll(tmpDir)
+
 	images, err := deployment.NewImages()
 	if err != nil {
 		return err
@@ -171,7 +171,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	renderOutputDir := args.renderOutputDirFlags.RenderOutputDir
 	if renderOutputDir == "" {
-		tmpDir, err := os.MkdirTemp(p.TmpDir, "rendered")
+		tmpDir, err := os.MkdirTemp(tmpDir, "rendered")
 		if err != nil {
 			return err
 		}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 627386e06..aabc3624c 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -593,7 +593,7 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 		loadArgs.ClientConfigGetter = pt.clientConfigGetter(ctx)
 	}
 
-	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, filepath.Join(pp.tmpDir, "project"), pp.j2)
+	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, pp.j2)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 279e16fcf..552fb99f8 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -7,14 +7,13 @@ import (
 	"time"
 )
 
-func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, tmpDir string, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
+func LoadKluctlProject(ctx context.Context, args LoadKluctlProjectArgs, j2 *jinja2.Jinja2) (*LoadedKluctlProject, error) {
 	status.Trace(ctx, "enter LoadKluctlProject")
 	defer status.Trace(ctx, "leave LoadKluctlProject")
 
 	p := &LoadedKluctlProject{
 		LoadArgs: args,
 		LoadTime: time.Now(),
-		TmpDir:   tmpDir,
 		J2:       j2,
 		GitRP:    args.GitRP,
 		OciRP:    args.OciRP,
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 41c2de9ed..09d8cdb82 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -12,8 +12,6 @@ type LoadedKluctlProject struct {
 	LoadArgs LoadKluctlProjectArgs
 	LoadTime time.Time
 
-	TmpDir string
-
 	sealedSecretsDir string
 
 	Config  types2.KluctlProject

From a9fd83ea2ca3b5789cffaf5af5c31f179084bb55 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 15:45:10 +0100
Subject: [PATCH 1849/2268] feat: Support passing args to included kluctl
 projects

---
 pkg/deployment/deployment_project.go | 43 ++++++++++++++++++++++++----
 pkg/kluctl_project/target_context.go |  4 +--
 pkg/kluctl_project/targets.go        |  2 +-
 pkg/types/deployment.go              | 15 +++++++++-
 pkg/utils/uo/uo.go                   |  2 +-
 5 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index a92611351..59795e082 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -192,7 +193,7 @@ func (p *DeploymentProject) loadIncludes() error {
 		}
 
 		if inc.Include != nil {
-			newProject, err = p.loadLocalInclude(p.source, filepath.Join(p.relDir, *inc.Include), inc.Vars)
+			newProject, err = p.loadLocalInclude(p.source, filepath.Join(p.relDir, *inc.Include), inc)
 			if err != nil {
 				return err
 			}
@@ -210,7 +211,7 @@ func (p *DeploymentProject) loadIncludes() error {
 			if err != nil {
 				return err
 			}
-			newProject, err = p.loadLocalInclude(NewSource(cloneDir), inc.Git.SubDir, inc.Vars)
+			newProject, err = p.loadLocalInclude(NewSource(cloneDir), inc.Git.SubDir, inc)
 			if err != nil {
 				return err
 			}
@@ -223,7 +224,7 @@ func (p *DeploymentProject) loadIncludes() error {
 			if err != nil {
 				return err
 			}
-			newProject, err = p.loadLocalInclude(NewSource(extractedDir), inc.Oci.SubDir, inc.Vars)
+			newProject, err = p.loadLocalInclude(NewSource(extractedDir), inc.Oci.SubDir, inc)
 			if err != nil {
 				return err
 			}
@@ -237,9 +238,39 @@ func (p *DeploymentProject) loadIncludes() error {
 	return nil
 }
 
-func (p *DeploymentProject) loadLocalInclude(source Source, incDir string, vars []*types.VarsSource) (*DeploymentProject, error) {
-	varsCtx := p.VarsCtx.Copy()
-	err := p.loadVarsList(varsCtx, vars)
+func (p *DeploymentProject) loadLocalInclude(source Source, incDir string, inc *types.DeploymentItemConfig) (*DeploymentProject, error) {
+	var varsCtx *vars.VarsCtx
+	if yaml.Exists(filepath.Join(incDir, ".kluctl.yaml")) {
+		loadArgs := kluctl_project.LoadKluctlProjectArgs{
+			RepoRoot:     source.dir,
+			ProjectDir:   filepath.Join(source.dir, incDir),
+			ExternalArgs: inc.Args,
+		}
+		lp, err := kluctl_project.LoadKluctlProject(p.ctx.Ctx, loadArgs, p.VarsCtx.J2)
+		if err != nil {
+			return nil, err
+		}
+
+		if lp.Config.Discriminator != "" {
+			status.Warningf(p.ctx.Ctx, "Included project defines a discriminator (%s) that will be ignored", lp.Config.Discriminator)
+		}
+
+		varsCtx, err = lp.BuildVars(nil, false)
+		if err != nil {
+			return nil, err
+		}
+
+		if inc.PassVars {
+			x := p.VarsCtx.Vars.Clone()
+			_ = x.RemoveNestedField("args") // args should not be merged but taken 1:1
+			x.Merge(varsCtx.Vars)
+			varsCtx.Vars = x
+		}
+	} else {
+		varsCtx = p.VarsCtx.Copy()
+	}
+
+	err := p.loadVarsList(varsCtx, inc.Vars)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index 02d45613c..d6e082af8 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -88,7 +88,7 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		}
 	}
 
-	varsCtx, err := p.buildVars(target, params.ForSeal)
+	varsCtx, err := p.BuildVars(target, params.ForSeal)
 	if err != nil {
 		return nil, err
 	}
@@ -185,7 +185,7 @@ func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, params TargetCo
 	return clientConfig, *contextName, nil
 }
 
-func (p *LoadedKluctlProject) buildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
+func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
 	varsCtx := vars.NewVarsCtx(p.J2)
 
 	targetVars, err := uo.FromStruct(target)
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 8cfe666f3..8f3e26f6d 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -52,7 +52,7 @@ func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 
 	var retErr error
 	for i := 0; i < 10; i++ {
-		varsCtx, err := c.buildVars(target, false)
+		varsCtx, err := c.BuildVars(target, false)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 0fbe10215..cc52f3b9e 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -3,6 +3,7 @@ package types
 import (
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
@@ -18,7 +19,9 @@ type DeploymentItemConfig struct {
 	Message       *string  `json:"message,omitempty"`
 	WaitReadiness bool     `json:"waitReadiness,omitempty"`
 
-	Vars []*VarsSource `json:"vars,omitempty"`
+	Args     *uo.UnstructuredObject `json:"args,omitempty"`
+	PassVars bool                   `json:"passVars,omitempty"`
+	Vars     []*VarsSource          `json:"vars,omitempty"`
 
 	SkipDeleteIfTags bool   `json:"skipDeleteIfTags,omitempty"`
 	OnlyRender       bool   `json:"onlyRender,omitempty"`
@@ -34,17 +37,21 @@ type DeploymentItemConfig struct {
 func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeploymentItemConfig)
 	cnt := 0
+	isInclude := false
 	if s.Path != nil {
 		cnt += 1
 	}
 	if s.Include != nil {
 		cnt += 1
+		isInclude = true
 	}
 	if s.Git != nil {
 		cnt += 1
+		isInclude = true
 	}
 	if s.Oci != nil {
 		cnt += 1
+		isInclude = true
 	}
 	if cnt > 1 {
 		sl.ReportError(s, "self", "self", "only one of path, include, git and oci can be set at the same time", "")
@@ -52,6 +59,12 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	if s.Path == nil && s.WaitReadiness {
 		sl.ReportError(s, "waitReadiness", "WaitReadiness", "only kustomize deployments are allowed to have waitReadiness set", "")
 	}
+	if !s.Args.IsZero() && !isInclude {
+		sl.ReportError(s, "self", "self", "args are only allowed when another project is included (via include, git or oci)", "")
+	}
+	if s.PassVars && !isInclude {
+		sl.ReportError(s, "self", "self", "passVars is only allowed when another project is included (via include, git or oci)", "")
+	}
 }
 
 type DeleteObjectItemConfig struct {
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index c9ab95bf1..351b2259a 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -23,7 +23,7 @@ func (uo *UnstructuredObject) UnmarshalJSON(b []byte) error {
 }
 
 func (uo *UnstructuredObject) IsZero() bool {
-	return len(uo.Object) == 0
+	return uo == nil || len(uo.Object) == 0
 }
 
 func New() *UnstructuredObject {

From 558d286c21242e24a7f6b3294085945dfe9b818e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 15:49:59 +0100
Subject: [PATCH 1850/2268] refactor: Make NewTargetContext a non-member of
 LoadedKluctlProject

---
 cmd/kluctl/commands/utils.go         |  2 +-
 pkg/controllers/kluctl_project.go    |  2 +-
 pkg/kluctl_project/sops.go           | 12 ++++++------
 pkg/kluctl_project/target_context.go | 28 ++++++++++++++--------------
 4 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 7c33df455..eceb7f950 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -223,7 +223,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		}
 	}
 
-	targetCtx, err := p.NewTargetContext(ctx, contextName, k, targetParams)
+	targetCtx, err := kluctl_project.NewTargetContext(ctx, p, contextName, k, targetParams)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index aabc3624c..84a0a3025 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -646,7 +646,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 		return nil, err
 	}
 
-	targetContext, err := p.NewTargetContext(ctx, contextName, k, props)
+	targetContext, err := kluctl_project.NewTargetContext(ctx, p, contextName, k, props)
 	if err != nil {
 		return targetContext, err
 	}
diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/sops.go
index 254135f6b..54cbf64e2 100644
--- a/pkg/kluctl_project/sops.go
+++ b/pkg/kluctl_project/sops.go
@@ -11,16 +11,16 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func (c *LoadedKluctlProject) buildSopsDecrypter(ctx context.Context, client client.Client, target *types.Target) (*decryptor.Decryptor, error) {
-	d := decryptor.NewDecryptor(c.LoadArgs.ProjectDir, decryptor.MaxEncryptedFileSize)
+func buildSopsDecrypter(ctx context.Context, rootDir string, client client.Client, target *types.Target, addKeyServersFunc func(ctx context.Context, d *decryptor.Decryptor) error) (*decryptor.Decryptor, error) {
+	d := decryptor.NewDecryptor(rootDir, decryptor.MaxEncryptedFileSize)
 
-	err := c.addAwsKeyServers(ctx, client, d, target)
+	err := addAwsKeyServers(ctx, client, d, target)
 	if err != nil {
 		return nil, err
 	}
 
-	if c.LoadArgs.AddKeyServersFunc != nil {
-		err = c.LoadArgs.AddKeyServersFunc(ctx, d)
+	if addKeyServersFunc != nil {
+		err = addKeyServersFunc(ctx, d)
 		if err != nil {
 			return nil, err
 		}
@@ -31,7 +31,7 @@ func (c *LoadedKluctlProject) buildSopsDecrypter(ctx context.Context, client cli
 	return d, nil
 }
 
-func (c *LoadedKluctlProject) addAwsKeyServers(ctx context.Context, client client.Client, d *decryptor.Decryptor, target *types.Target) error {
+func addAwsKeyServers(ctx context.Context, client client.Client, d *decryptor.Decryptor, target *types.Target) error {
 	cfg, err := aws.LoadAwsConfigHelper(ctx, client, target.Aws, nil)
 	if err != nil {
 		return err
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target_context.go
index d6e082af8..02e664a04 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target_context.go
@@ -48,7 +48,7 @@ type TargetContextParams struct {
 	RenderOutputDir    string
 }
 
-func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName string, k *k8s.K8sCluster, params TargetContextParams) (*TargetContext, error) {
+func NewTargetContext(ctx context.Context, p *LoadedKluctlProject, contextName string, k *k8s.K8sCluster, params TargetContextParams) (*TargetContext, error) {
 	repoRoot, err := filepath.Abs(p.LoadArgs.RepoRoot)
 	if err != nil {
 		return nil, err
@@ -101,19 +101,12 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		}
 	}
 
-	sopsDecryptor, err := p.buildSopsDecrypter(ctx, client, target)
+	sopsDecryptor, err := buildSopsDecrypter(ctx, p.LoadArgs.ProjectDir, client, target, p.LoadArgs.AddKeyServersFunc)
 	if err != nil {
 		return nil, err
 	}
 	varsLoader := vars.NewVarsLoader(ctx, k, sopsDecryptor, p.GitRP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
 
-	if params.ForSeal {
-		err = p.loadSecrets(ctx, target, varsCtx, varsLoader)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	dctx := deployment.SharedContext{
 		Ctx:                               ctx,
 		K:                                 k,
@@ -138,6 +131,13 @@ func (p *LoadedKluctlProject) NewTargetContext(ctx context.Context, contextName
 		ClusterContext: contextName,
 	}
 
+	if params.ForSeal {
+		err = targetCtx.loadSecrets(ctx, target, varsCtx, varsLoader)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(repoRoot), relProjectDir, nil)
 	if err != nil {
 		return targetCtx, err
@@ -220,8 +220,8 @@ func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*va
 	return varsCtx, nil
 }
 
-func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, error) {
-	for _, e := range p.Config.SecretsConfig.SecretSets {
+func (tc *TargetContext) findSecretsEntry(name string) (*types.SecretSet, error) {
+	for _, e := range tc.KluctlProject.Config.SecretsConfig.SecretSets {
 		if e.Name == name {
 			return &e, nil
 		}
@@ -229,11 +229,11 @@ func (p *LoadedKluctlProject) findSecretsEntry(name string) (*types.SecretSet, e
 	return nil, fmt.Errorf("secret Set with name %s was not found", name)
 }
 
-func (p *LoadedKluctlProject) loadSecrets(ctx context.Context, target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
-	searchDirs := []string{p.LoadArgs.ProjectDir}
+func (tc *TargetContext) loadSecrets(ctx context.Context, target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
+	searchDirs := []string{tc.KluctlProject.LoadArgs.ProjectDir}
 
 	for _, secretSetName := range target.SealingConfig.SecretSets {
-		secretEntry, err := p.findSecretsEntry(secretSetName)
+		secretEntry, err := tc.findSecretsEntry(secretSetName)
 		if err != nil {
 			return err
 		}

From dfd31b49aeb39a841ee79f385c609c7aa9ed78fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 15:59:43 +0100
Subject: [PATCH 1851/2268] refactor: Move TargetContext into own package

---
 cmd/kluctl/commands/utils.go                  |  9 +-
 pkg/controllers/kluctl_project.go             | 21 ++---
 .../kluctldeployment_controller_reconcile.go  | 18 ++--
 .../kluctldeployment_controller_status.go     |  4 +-
 pkg/deployment/commands/delete.go             |  6 +-
 pkg/deployment/commands/deploy.go             |  6 +-
 pkg/deployment/commands/diff.go               |  6 +-
 pkg/deployment/commands/poke_images.go        |  6 +-
 pkg/deployment/commands/prune.go              |  6 +-
 pkg/deployment/commands/result_utils.go       | 10 +--
 pkg/deployment/commands/validate.go           |  6 +-
 pkg/kluctl_project/k8s.go                     | 37 ++++++++
 pkg/kluctl_project/project.go                 |  2 +-
 pkg/kluctl_project/project_load.go            |  2 +-
 .../{ => target-context}/sops.go              |  2 +-
 .../{ => target-context}/target_context.go    | 87 ++-----------------
 pkg/kluctl_project/targets.go                 |  4 +-
 pkg/kluctl_project/vars.go                    | 43 +++++++++
 18 files changed, 143 insertions(+), 132 deletions(-)
 create mode 100644 pkg/kluctl_project/k8s.go
 rename pkg/kluctl_project/{ => target-context}/sops.go (98%)
 rename pkg/kluctl_project/{ => target-context}/target_context.go (66%)
 create mode 100644 pkg/kluctl_project/vars.go

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index eceb7f950..e52d63470 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
@@ -134,7 +135,7 @@ type projectTargetCommandArgs struct {
 
 type commandCtx struct {
 	ctx       context.Context
-	targetCtx *kluctl_project.TargetContext
+	targetCtx *target_context.TargetContext
 	images    *deployment.Images
 
 	resultId    string
@@ -179,7 +180,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		renderOutputDir = tmpDir
 	}
 
-	targetParams := kluctl_project.TargetContextParams{
+	targetParams := target_context.TargetContextParams{
 		TargetName:         args.targetFlags.Target,
 		TargetNameOverride: args.targetFlags.TargetNameOverride,
 		ContextOverride:    args.targetFlags.Context,
@@ -196,7 +197,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	commandResultId := uuid.NewString()
 
-	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams)
+	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams.TargetName, targetParams.ContextOverride)
 	if err != nil {
 		return err
 	}
@@ -223,7 +224,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		}
 	}
 
-	targetCtx, err := kluctl_project.NewTargetContext(ctx, p, contextName, k, targetParams)
+	targetCtx, err := target_context.NewTargetContext(ctx, p, contextName, k, targetParams)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 84a0a3025..ab6192979 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -12,6 +12,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -601,7 +602,7 @@ func (pp *preparedProject) loadKluctlProject(ctx context.Context, pt *preparedTa
 	return p, nil
 }
 
-func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject) (*kluctl_project.TargetContext, error) {
+func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject) (*target_context.TargetContext, error) {
 	renderOutputDir, err := os.MkdirTemp(pt.pp.tmpDir, "render-")
 	if err != nil {
 		return nil, err
@@ -613,7 +614,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 
 	inclusion := pt.buildInclusion()
 
-	props := kluctl_project.TargetContextParams{
+	props := target_context.TargetContextParams{
 		DryRun:           pt.pp.r.DryRun || pt.pp.obj.Spec.DryRun,
 		Images:           images,
 		Inclusion:        inclusion,
@@ -631,7 +632,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 		props.ContextOverride = *pt.pp.obj.Spec.Context
 	}
 
-	restConfig, contextName, err := p.LoadK8sConfig(ctx, props)
+	restConfig, contextName, err := p.LoadK8sConfig(ctx, props.TargetName, props.ContextOverride)
 	if err != nil {
 		return nil, err
 	}
@@ -646,7 +647,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 		return nil, err
 	}
 
-	targetContext, err := kluctl_project.NewTargetContext(ctx, p, contextName, k, props)
+	targetContext, err := target_context.NewTargetContext(ctx, p, contextName, k, props)
 	if err != nil {
 		return targetContext, err
 	}
@@ -769,7 +770,7 @@ func (pt *preparedTarget) writeValidateResult(ctx context.Context, validateResul
 	return nil
 }
 
-func (pt *preparedTarget) kluctlDeployOrPokeImages(deployMode string, targetContext *kluctl_project.TargetContext) (*result.CommandResult, error) {
+func (pt *preparedTarget) kluctlDeployOrPokeImages(deployMode string, targetContext *target_context.TargetContext) (*result.CommandResult, error) {
 	if deployMode == kluctlv1.KluctlDeployModeFull {
 		return pt.kluctlDeploy(targetContext), nil
 	} else if deployMode == kluctlv1.KluctlDeployPokeImages {
@@ -779,7 +780,7 @@ func (pt *preparedTarget) kluctlDeployOrPokeImages(deployMode string, targetCont
 	}
 }
 
-func (pt *preparedTarget) kluctlDeploy(targetContext *kluctl_project.TargetContext) *result.CommandResult {
+func (pt *preparedTarget) kluctlDeploy(targetContext *target_context.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewDeployCommand(targetContext)
@@ -796,7 +797,7 @@ func (pt *preparedTarget) kluctlDeploy(targetContext *kluctl_project.TargetConte
 	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlPokeImages(targetContext *kluctl_project.TargetContext) *result.CommandResult {
+func (pt *preparedTarget) kluctlPokeImages(targetContext *target_context.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPokeImagesCommand(targetContext)
@@ -805,7 +806,7 @@ func (pt *preparedTarget) kluctlPokeImages(targetContext *kluctl_project.TargetC
 	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlPrune(targetContext *kluctl_project.TargetContext) *result.CommandResult {
+func (pt *preparedTarget) kluctlPrune(targetContext *target_context.TargetContext) *result.CommandResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlDeploymentDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name, pt.pp.obj.Spec.DeployMode))
 	defer timer.ObserveDuration()
 	cmd := commands.NewPruneCommand("", targetContext, false)
@@ -817,7 +818,7 @@ func (pt *preparedTarget) kluctlPrune(targetContext *kluctl_project.TargetContex
 	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlDiff(targetContext *kluctl_project.TargetContext, resourceVersions map[k8s.ObjectRef]string) *result.CommandResult {
+func (pt *preparedTarget) kluctlDiff(targetContext *target_context.TargetContext, resourceVersions map[k8s.ObjectRef]string) *result.CommandResult {
 	cmd := commands.NewDiffCommand(targetContext)
 	cmd.ForceApply = pt.pp.obj.Spec.ForceApply
 	cmd.ReplaceOnError = pt.pp.obj.Spec.ReplaceOnError
@@ -828,7 +829,7 @@ func (pt *preparedTarget) kluctlDiff(targetContext *kluctl_project.TargetContext
 	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlValidate(targetContext *kluctl_project.TargetContext, cmdResult *result.CommandResult) *result.ValidateResult {
+func (pt *preparedTarget) kluctlValidate(targetContext *target_context.TargetContext, cmdResult *result.CommandResult) *result.ValidateResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index fe8ba2e07..d86421865 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -7,7 +7,7 @@ import (
 	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -145,7 +145,7 @@ func (r *KluctlDeploymentReconciler) applyOverridePatch(ctx context.Context, obj
 	return nil
 }
 
-func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context, obj *kluctlv1.KluctlDeployment) (*preparedProject, *preparedTarget, *kluctl_project.TargetContext, error) {
+func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context, obj *kluctlv1.KluctlDeployment) (*preparedProject, *preparedTarget, *target_context.TargetContext, error) {
 	pp, err := prepareProject(ctx, r, obj, true)
 	if err != nil {
 		return nil, nil, nil, err
@@ -165,7 +165,7 @@ func (r *KluctlDeploymentReconciler) prepareProjectAndTarget(ctx context.Context
 	return pp, pt, targetContext, err
 }
 
-type reconcileCallback func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext,
+type reconcileCallback func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext,
 	pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error)
 
 func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context, timeoutCtx context.Context,
@@ -283,7 +283,7 @@ func (r *KluctlDeploymentReconciler) reconcileDiffRequest(ctx context.Context, t
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"diff", kluctlv1.KluctlRequestDiffAnnotation,
 		getResultPtr, false,
-		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult := pt.kluctlDiff(targetContext, nil)
 			err := pt.writeCommandResult(ctx, cmdResult, rr, "diff", reconcileId, objectsHash, true)
 			if err != nil {
@@ -305,7 +305,7 @@ func (r *KluctlDeploymentReconciler) reconcileDeployRequest(ctx context.Context,
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		obj.Spec.DeployMode, kluctlv1.KluctlRequestDeployAnnotation,
 		getResultPtr, false,
-		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult, err := pt.kluctlDeployOrPokeImages(obj.Spec.DeployMode, targetContext)
 			if err != nil {
 				return nil, kluctlv1.DeployFailedReason, err
@@ -330,7 +330,7 @@ func (r *KluctlDeploymentReconciler) reconcilePruneRequest(ctx context.Context,
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"prune", kluctlv1.KluctlRequestPruneAnnotation,
 		getResultPtr, false,
-		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult := pt.kluctlPrune(targetContext)
 			err := pt.writeCommandResult(ctx, cmdResult, rr, "prune", reconcileId, objectsHash, true)
 			if err != nil {
@@ -352,7 +352,7 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"validate", kluctlv1.KluctlRequestValidateAnnotation,
 		getResultPtr, false,
-		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			cmdResult := pt.kluctlValidate(targetContext, nil)
 			err := pt.writeValidateResult(ctx, cmdResult, rr, reconcileId, objectsHash)
 			if err != nil {
@@ -383,12 +383,12 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest(ctx context.Context, t
 	return r.reconcileManualRequest(ctx, timeoutCtx, obj, reconcileId,
 		"reconcile", kluctlv1.KluctlRequestReconcileAnnotation,
 		getResultPtr, forceReconcile,
-		func(rr *kluctlv1.ManualRequestResult, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 			return r.reconcileFullRequest2(rr, ctx, timeoutCtx, obj, reconcileId, targetContext, pt, reconcileId, objectsHash)
 		})
 }
 
-func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRequestResult, ctx context.Context, timeoutCtx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string, targetContext *kluctl_project.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
+func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRequestResult, ctx context.Context, timeoutCtx context.Context, obj *kluctlv1.KluctlDeployment, reconcileId string, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
 	key := client.ObjectKeyFromObject(obj)
 	log := ctrl.LoggerFrom(ctx)
 
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 3074bbd08..e9b8a74b8 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -6,7 +6,7 @@ import (
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
@@ -118,7 +118,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 	return nil
 }
 
-func (r *KluctlDeploymentReconciler) patchTargetKey(ctx context.Context, obj *kluctlv1.KluctlDeployment, targetContext *kluctl_project.TargetContext) error {
+func (r *KluctlDeploymentReconciler) patchTargetKey(ctx context.Context, obj *kluctlv1.KluctlDeployment, targetContext *target_context.TargetContext) error {
 	key := client.ObjectKeyFromObject(obj)
 
 	clusterId, err := targetContext.SharedContext.K.GetClusterId()
diff --git a/pkg/deployment/commands/delete.go b/pkg/deployment/commands/delete.go
index 0bfb45a71..79bfd35e4 100644
--- a/pkg/deployment/commands/delete.go
+++ b/pkg/deployment/commands/delete.go
@@ -6,7 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -15,12 +15,12 @@ import (
 
 type DeleteCommand struct {
 	discriminator string
-	targetCtx     *kluctl_project.TargetContext
+	targetCtx     *target_context.TargetContext
 	inclusion     *utils.Inclusion
 	wait          bool
 }
 
-func NewDeleteCommand(discriminator string, targetCtx *kluctl_project.TargetContext, inclusion *utils.Inclusion, wait bool) *DeleteCommand {
+func NewDeleteCommand(discriminator string, targetCtx *target_context.TargetContext, inclusion *utils.Inclusion, wait bool) *DeleteCommand {
 	return &DeleteCommand{
 		discriminator: discriminator,
 		targetCtx:     targetCtx,
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index bf8ea813c..4b3cbb4b2 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -3,7 +3,7 @@ package commands
 import (
 	"fmt"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -11,7 +11,7 @@ import (
 )
 
 type DeployCommand struct {
-	targetCtx *kluctl_project.TargetContext
+	targetCtx *target_context.TargetContext
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -23,7 +23,7 @@ type DeployCommand struct {
 	WaitPrune           bool
 }
 
-func NewDeployCommand(targetCtx *kluctl_project.TargetContext) *DeployCommand {
+func NewDeployCommand(targetCtx *target_context.TargetContext) *DeployCommand {
 	return &DeployCommand{
 		targetCtx: targetCtx,
 	}
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 7df4519f2..d450fc267 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -3,14 +3,14 @@ package commands
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type DiffCommand struct {
-	targetCtx *kluctl_project.TargetContext
+	targetCtx *target_context.TargetContext
 
 	ForceApply          bool
 	ReplaceOnError      bool
@@ -22,7 +22,7 @@ type DiffCommand struct {
 	SkipResourceVersions map[k8s2.ObjectRef]string
 }
 
-func NewDiffCommand(targetCtx *kluctl_project.TargetContext) *DiffCommand {
+func NewDiffCommand(targetCtx *target_context.TargetContext) *DiffCommand {
 	return &DiffCommand{
 		targetCtx: targetCtx,
 	}
diff --git a/pkg/deployment/commands/poke_images.go b/pkg/deployment/commands/poke_images.go
index 5df9c2af3..186306480 100644
--- a/pkg/deployment/commands/poke_images.go
+++ b/pkg/deployment/commands/poke_images.go
@@ -3,7 +3,7 @@ package commands
 import (
 	"fmt"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -12,10 +12,10 @@ import (
 )
 
 type PokeImagesCommand struct {
-	targetCtx *kluctl_project.TargetContext
+	targetCtx *target_context.TargetContext
 }
 
-func NewPokeImagesCommand(targetCtx *kluctl_project.TargetContext) *PokeImagesCommand {
+func NewPokeImagesCommand(targetCtx *target_context.TargetContext) *PokeImagesCommand {
 	return &PokeImagesCommand{
 		targetCtx: targetCtx,
 	}
diff --git a/pkg/deployment/commands/prune.go b/pkg/deployment/commands/prune.go
index a0bdd86c5..72af390ae 100644
--- a/pkg/deployment/commands/prune.go
+++ b/pkg/deployment/commands/prune.go
@@ -5,18 +5,18 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type PruneCommand struct {
 	discriminator string
-	targetCtx     *kluctl_project.TargetContext
+	targetCtx     *target_context.TargetContext
 	wait          bool
 }
 
-func NewPruneCommand(discriminator string, targetCtx *kluctl_project.TargetContext, wait bool) *PruneCommand {
+func NewPruneCommand(discriminator string, targetCtx *target_context.TargetContext, wait bool) *PruneCommand {
 	return &PruneCommand{
 		discriminator: discriminator,
 		targetCtx:     targetCtx,
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 2cf31f72c..a4b691fe4 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -4,14 +4,14 @@ import (
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"time"
 )
 
-func newCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Time, command string) *result.CommandResult {
+func newCommandResult(targetCtx *target_context.TargetContext, startTime time.Time, command string) *result.CommandResult {
 	r := &result.CommandResult{}
 
 	r.Target = targetCtx.Target
@@ -54,7 +54,7 @@ func newCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Ti
 	return r
 }
 
-func newValidateCommandResult(targetCtx *kluctl_project.TargetContext, startTime time.Time) *result.ValidateResult {
+func newValidateCommandResult(targetCtx *target_context.TargetContext, startTime time.Time) *result.ValidateResult {
 	r := &result.ValidateResult{}
 
 	r.StartTime = metav1.NewTime(startTime)
@@ -106,7 +106,7 @@ func newDeleteCommandResult(k *k8s2.K8sCluster, startTime time.Time, inclusion *
 	return r
 }
 
-func finishCommandResult(r *result.CommandResult, targetCtx *kluctl_project.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
+func finishCommandResult(r *result.CommandResult, targetCtx *target_context.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
 	r.Errors = append(r.Errors, dew.GetErrorsList()...)
 	r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
 	if targetCtx != nil {
@@ -115,7 +115,7 @@ func finishCommandResult(r *result.CommandResult, targetCtx *kluctl_project.Targ
 	r.Command.EndTime = metav1.Now()
 }
 
-func finishValidateResult(r *result.ValidateResult, targetCtx *kluctl_project.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
+func finishValidateResult(r *result.ValidateResult, targetCtx *target_context.TargetContext, dew *utils2.DeploymentErrorsAndWarnings) {
 	r.Errors = append(r.Errors, dew.GetErrorsList()...)
 	r.Warnings = append(r.Warnings, dew.GetWarningsList()...)
 	r.EndTime = metav1.Now()
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index eaa81c820..96942489d 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -13,7 +13,7 @@ import (
 )
 
 type ValidateCommand struct {
-	targetCtx     *kluctl_project.TargetContext
+	targetCtx     *target_context.TargetContext
 	r             *result.CommandResult
 	discriminator string
 
@@ -21,7 +21,7 @@ type ValidateCommand struct {
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(discriminator string, targetCtx *kluctl_project.TargetContext, r *result.CommandResult) *ValidateCommand {
+func NewValidateCommand(discriminator string, targetCtx *target_context.TargetContext, r *result.CommandResult) *ValidateCommand {
 	cmd := &ValidateCommand{
 		targetCtx:     targetCtx,
 		r:             r,
diff --git a/pkg/kluctl_project/k8s.go b/pkg/kluctl_project/k8s.go
new file mode 100644
index 000000000..2d4d8098f
--- /dev/null
+++ b/pkg/kluctl_project/k8s.go
@@ -0,0 +1,37 @@
+package kluctl_project
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/status"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/tools/clientcmd/api"
+)
+
+func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, targetName string, contextOverride string) (*rest.Config, string, error) {
+	var contextName *string
+	if targetName != "" {
+		t, err := p.FindTarget(targetName)
+		if err != nil {
+			return nil, "", err
+		}
+		contextName = t.Context
+	}
+	if contextOverride != "" {
+		contextName = &contextOverride
+	}
+
+	var err error
+	var clientConfig *rest.Config
+	var restConfig *api.Config
+	clientConfig, restConfig, err = p.LoadArgs.ClientConfigGetter(contextName)
+	if err != nil {
+		if contextName == nil && clientcmd.IsEmptyConfig(err) {
+			status.Warning(ctx, "No valid KUBECONFIG provided, which means the Kubernetes client is not available. Depending on your deployment project, this might cause follow-up errors.")
+			return nil, "", nil
+		}
+		return nil, "", err
+	}
+	contextName = &restConfig.CurrentContext
+	return clientConfig, *contextName, nil
+}
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 09d8cdb82..0d5985be3 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -12,7 +12,7 @@ type LoadedKluctlProject struct {
 	LoadArgs LoadKluctlProjectArgs
 	LoadTime time.Time
 
-	sealedSecretsDir string
+	SealedSecretsDir string
 
 	Config  types2.KluctlProject
 	Targets []*types2.Target
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index f786bb6e9..50acb954e 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -64,7 +64,7 @@ func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 	s := status.Start(ctx, "Loading kluctl project")
 	defer s.Failed()
 
-	c.sealedSecretsDir = filepath.Join(c.LoadArgs.ProjectDir, ".sealed-secrets")
+	c.SealedSecretsDir = filepath.Join(c.LoadArgs.ProjectDir, ".sealed-secrets")
 
 	sealedSecretsUsed := false
 	if c.Config.SecretsConfig != nil {
diff --git a/pkg/kluctl_project/sops.go b/pkg/kluctl_project/target-context/sops.go
similarity index 98%
rename from pkg/kluctl_project/sops.go
rename to pkg/kluctl_project/target-context/sops.go
index 54cbf64e2..1c58178ca 100644
--- a/pkg/kluctl_project/sops.go
+++ b/pkg/kluctl_project/target-context/sops.go
@@ -1,4 +1,4 @@
-package kluctl_project
+package target_context
 
 import (
 	"context"
diff --git a/pkg/kluctl_project/target_context.go b/pkg/kluctl_project/target-context/target_context.go
similarity index 66%
rename from pkg/kluctl_project/target_context.go
rename to pkg/kluctl_project/target-context/target_context.go
index 02e664a04..6b9e93e39 100644
--- a/pkg/kluctl_project/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -1,4 +1,4 @@
-package kluctl_project
+package target_context
 
 import (
 	"context"
@@ -6,17 +6,13 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -26,7 +22,7 @@ type TargetContext struct {
 
 	SharedContext deployment.SharedContext
 
-	KluctlProject        *LoadedKluctlProject
+	KluctlProject        *kluctl_project.LoadedKluctlProject
 	Target               types.Target
 	ClusterContext       string
 	DeploymentProject    *deployment.DeploymentProject
@@ -43,12 +39,12 @@ type TargetContextParams struct {
 	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
-	HelmAuthProvider   helm_auth.HelmAuthProvider
+	HelmAuthProvider   auth.HelmAuthProvider
 	OciAuthProvider    auth_provider.OciAuthProvider
 	RenderOutputDir    string
 }
 
-func NewTargetContext(ctx context.Context, p *LoadedKluctlProject, contextName string, k *k8s.K8sCluster, params TargetContextParams) (*TargetContext, error) {
+func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject, contextName string, k *k8s.K8sCluster, params TargetContextParams) (*TargetContext, error) {
 	repoRoot, err := filepath.Abs(p.LoadArgs.RepoRoot)
 	if err != nil {
 		return nil, err
@@ -82,7 +78,7 @@ func NewTargetContext(ctx context.Context, p *LoadedKluctlProject, contextName s
 
 	if needRender {
 		// we must render the target after handling overrides
-		err = p.renderTarget(target)
+		err = p.RenderTarget(target)
 		if err != nil {
 			return nil, err
 		}
@@ -119,7 +115,7 @@ func NewTargetContext(ctx context.Context, p *LoadedKluctlProject, contextName s
 		OciAuthProvider:                   params.OciAuthProvider,
 		Discriminator:                     target.Discriminator,
 		RenderDir:                         params.RenderOutputDir,
-		SealedSecretsDir:                  p.sealedSecretsDir,
+		SealedSecretsDir:                  p.SealedSecretsDir,
 		DefaultSealedSecretsOutputPattern: target.Name,
 	}
 
@@ -153,73 +149,6 @@ func NewTargetContext(ctx context.Context, p *LoadedKluctlProject, contextName s
 	return targetCtx, nil
 }
 
-func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, params TargetContextParams) (*rest.Config, string, error) {
-	if params.OfflineK8s {
-		return nil, "", nil
-	}
-
-	var contextName *string
-	if params.TargetName != "" {
-		t, err := p.FindTarget(params.TargetName)
-		if err != nil {
-			return nil, "", err
-		}
-		contextName = t.Context
-	}
-	if params.ContextOverride != "" {
-		contextName = &params.ContextOverride
-	}
-
-	var err error
-	var clientConfig *rest.Config
-	var restConfig *api.Config
-	clientConfig, restConfig, err = p.LoadArgs.ClientConfigGetter(contextName)
-	if err != nil {
-		if contextName == nil && clientcmd.IsEmptyConfig(err) {
-			status.Warning(ctx, "No valid KUBECONFIG provided, which means the Kubernetes client is not available. Depending on your deployment project, this might cause follow-up errors.")
-			return nil, "", nil
-		}
-		return nil, "", err
-	}
-	contextName = &restConfig.CurrentContext
-	return clientConfig, *contextName, nil
-}
-
-func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
-	varsCtx := vars.NewVarsCtx(p.J2)
-
-	targetVars, err := uo.FromStruct(target)
-	if err != nil {
-		return nil, err
-	}
-	varsCtx.UpdateChild("target", targetVars)
-
-	allArgs := uo.New()
-
-	if target != nil {
-		if target.Args != nil {
-			allArgs.Merge(target.Args)
-		}
-		if forSeal {
-			if target.SealingConfig.Args != nil {
-				allArgs.Merge(target.SealingConfig.Args)
-			}
-		}
-	}
-	if p.LoadArgs.ExternalArgs != nil {
-		allArgs.Merge(p.LoadArgs.ExternalArgs)
-	}
-
-	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
-	if err != nil {
-		return nil, err
-	}
-
-	varsCtx.UpdateChild("args", allArgs)
-
-	return varsCtx, nil
-}
-
 func (tc *TargetContext) findSecretsEntry(name string) (*types.SecretSet, error) {
 	for _, e := range tc.KluctlProject.Config.SecretsConfig.SecretSets {
 		if e.Name == name {
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 8f3e26f6d..86cdd5677 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -27,7 +27,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 			continue
 		}
 
-		err = c.renderTarget(target)
+		err = c.RenderTarget(target)
 		if err != nil {
 			status.Warningf(ctx, "Failed to load target %s: %v", target.Name, err)
 			continue
@@ -46,7 +46,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 	return nil
 }
 
-func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
+func (c *LoadedKluctlProject) RenderTarget(target *types.Target) error {
 	// Try rendering the target multiple times, until all values can be rendered successfully. This allows the target
 	// to reference itself in complex ways. We'll also try loading the cluster vars in each iteration.
 
diff --git a/pkg/kluctl_project/vars.go b/pkg/kluctl_project/vars.go
new file mode 100644
index 000000000..145641323
--- /dev/null
+++ b/pkg/kluctl_project/vars.go
@@ -0,0 +1,43 @@
+package kluctl_project
+
+import (
+	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars"
+)
+
+func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
+	varsCtx := vars.NewVarsCtx(p.J2)
+
+	targetVars, err := uo.FromStruct(target)
+	if err != nil {
+		return nil, err
+	}
+	varsCtx.UpdateChild("target", targetVars)
+
+	allArgs := uo.New()
+
+	if target != nil {
+		if target.Args != nil {
+			allArgs.Merge(target.Args)
+		}
+		if forSeal {
+			if target.SealingConfig.Args != nil {
+				allArgs.Merge(target.SealingConfig.Args)
+			}
+		}
+	}
+	if p.LoadArgs.ExternalArgs != nil {
+		allArgs.Merge(p.LoadArgs.ExternalArgs)
+	}
+
+	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
+	if err != nil {
+		return nil, err
+	}
+
+	varsCtx.UpdateChild("args", allArgs)
+
+	return varsCtx, nil
+}

From 795f5edad6fc462e64ab902cc0c6af4f6700021f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 16:08:43 +0100
Subject: [PATCH 1852/2268] refactor: Move external args parsing into
 kluctl_project package

---
 cmd/kluctl/args/project.go                          | 6 +++---
 pkg/{deployment => kluctl_project}/external_args.go | 2 +-
 pkg/kluctl_project/vars.go                          | 3 +--
 3 files changed, 5 insertions(+), 6 deletions(-)
 rename pkg/{deployment => kluctl_project}/external_args.go (98%)

diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index cf26fdaab..677f66fa4 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -1,7 +1,7 @@
 package args
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
+	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
 	"path/filepath"
@@ -44,11 +44,11 @@ func (a *ArgsFlags) LoadArgs() (*uo.UnstructuredObject, error) {
 	}
 
 	var args *uo.UnstructuredObject
-	optionArgs, err := deployment.ParseArgs(a.Arg)
+	optionArgs, err := kluctl_project.ParseArgs(a.Arg)
 	if err != nil {
 		return nil, err
 	}
-	args, err = deployment.ConvertArgsToVars(optionArgs, true)
+	args, err = kluctl_project.ConvertArgsToVars(optionArgs, true)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/deployment/external_args.go b/pkg/kluctl_project/external_args.go
similarity index 98%
rename from pkg/deployment/external_args.go
rename to pkg/kluctl_project/external_args.go
index 17c003d84..d6d5f5bcf 100644
--- a/pkg/deployment/external_args.go
+++ b/pkg/kluctl_project/external_args.go
@@ -1,4 +1,4 @@
-package deployment
+package kluctl_project
 
 import (
 	"fmt"
diff --git a/pkg/kluctl_project/vars.go b/pkg/kluctl_project/vars.go
index 145641323..0d3a266f7 100644
--- a/pkg/kluctl_project/vars.go
+++ b/pkg/kluctl_project/vars.go
@@ -1,7 +1,6 @@
 package kluctl_project
 
 import (
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
@@ -32,7 +31,7 @@ func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*va
 		allArgs.Merge(p.LoadArgs.ExternalArgs)
 	}
 
-	err = deployment.LoadDefaultArgs(p.Config.Args, allArgs)
+	err = LoadDefaultArgs(p.Config.Args, allArgs)
 	if err != nil {
 		return nil, err
 	}

From 739a01c652c884f28ac23ac382ec1397afb60181 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 17:19:15 +0100
Subject: [PATCH 1853/2268] feat: Introduce Kluctl library projects

---
 pkg/deployment/deployment_project.go | 34 +++++++++++++---------------
 pkg/types/kluctl_project.go          |  4 ++++
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 59795e082..f4500cbff 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -239,33 +239,31 @@ func (p *DeploymentProject) loadIncludes() error {
 }
 
 func (p *DeploymentProject) loadLocalInclude(source Source, incDir string, inc *types.DeploymentItemConfig) (*DeploymentProject, error) {
-	var varsCtx *vars.VarsCtx
-	if yaml.Exists(filepath.Join(incDir, ".kluctl.yaml")) {
-		loadArgs := kluctl_project.LoadKluctlProjectArgs{
-			RepoRoot:     source.dir,
-			ProjectDir:   filepath.Join(source.dir, incDir),
-			ExternalArgs: inc.Args,
-		}
-		lp, err := kluctl_project.LoadKluctlProject(p.ctx.Ctx, loadArgs, p.VarsCtx.J2)
+	varsCtx := vars.NewVarsCtx(p.VarsCtx.J2)
+
+	libraryFile := yaml.FixPathExt(filepath.Join(source.dir, incDir, ".kluctl-library.yaml"))
+	if yaml.Exists(libraryFile) {
+		var lib types.KluctlLibraryProject
+		err := yaml.ReadYamlFile(libraryFile, &lib)
 		if err != nil {
 			return nil, err
 		}
 
-		if lp.Config.Discriminator != "" {
-			status.Warningf(p.ctx.Ctx, "Included project defines a discriminator (%s) that will be ignored", lp.Config.Discriminator)
+		if inc.PassVars {
+			varsCtx.Vars = p.VarsCtx.Vars.Clone()
+			_ = varsCtx.Vars.RemoveNestedField("args") // args should not be merged but taken 1:1
 		}
 
-		varsCtx, err = lp.BuildVars(nil, false)
-		if err != nil {
-			return nil, err
+		args := uo.New()
+		if inc.Args != nil {
+			args = inc.Args.Clone()
 		}
 
-		if inc.PassVars {
-			x := p.VarsCtx.Vars.Clone()
-			_ = x.RemoveNestedField("args") // args should not be merged but taken 1:1
-			x.Merge(varsCtx.Vars)
-			varsCtx.Vars = x
+		err = kluctl_project.LoadDefaultArgs(lib.Args, args)
+		if err != nil {
+			return nil, err
 		}
+		varsCtx.UpdateChild("args", args)
 	} else {
 		varsCtx = p.VarsCtx.Copy()
 	}
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 67107fc8a..64fee054b 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -59,3 +59,7 @@ type KluctlProject struct {
 	Discriminator string           `json:"discriminator,omitempty"`
 	Aws           *AwsConfig       `json:"aws,omitempty"`
 }
+
+type KluctlLibraryProject struct {
+	Args []*DeploymentArg `json:"args,omitempty"`
+}

From a6cc6dde39d6ce9f628d33e9c17d3b3a859e5768 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 17:06:55 +0100
Subject: [PATCH 1854/2268] feat: Convert controller and webui kluctl projects
 into libraries

---
 install/controller/{.kluctl.yaml => .kluctl-library.yaml} | 2 --
 install/webui/{.kluctl.yaml => .kluctl-library.yaml}      | 2 --
 2 files changed, 4 deletions(-)
 rename install/controller/{.kluctl.yaml => .kluctl-library.yaml} (92%)
 rename install/webui/{.kluctl.yaml => .kluctl-library.yaml} (92%)

diff --git a/install/controller/.kluctl.yaml b/install/controller/.kluctl-library.yaml
similarity index 92%
rename from install/controller/.kluctl.yaml
rename to install/controller/.kluctl-library.yaml
index 64975fbea..b5667d73d 100644
--- a/install/controller/.kluctl.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -1,5 +1,3 @@
-discriminator: kluctl.io-controller
-
 args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
diff --git a/install/webui/.kluctl.yaml b/install/webui/.kluctl-library.yaml
similarity index 92%
rename from install/webui/.kluctl.yaml
rename to install/webui/.kluctl-library.yaml
index c6523eea2..ee172236b 100644
--- a/install/webui/.kluctl.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -1,5 +1,3 @@
-discriminator: kluctl.io-webui
-
 args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl

From 8021a02fb45cb2a62d4967c19f761978c36885fc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 17:42:01 +0100
Subject: [PATCH 1855/2268] docs: Add docs about libraries

---
 docs/kluctl/README.md                     |  5 +-
 docs/kluctl/deployments/deployment-yml.md | 20 ++++++-
 docs/kluctl/kluctl-libraries/README.md    | 72 +++++++++++++++++++++++
 docs/kluctl/kluctl-project/README.md      |  4 +-
 4 files changed, 96 insertions(+), 5 deletions(-)
 create mode 100644 docs/kluctl/kluctl-libraries/README.md

diff --git a/docs/kluctl/README.md b/docs/kluctl/README.md
index d27972d09..496cf4196 100644
--- a/docs/kluctl/README.md
+++ b/docs/kluctl/README.md
@@ -81,5 +81,6 @@ kluctl was rewritten in Go.
 1. [Get Started](./get-started.md)
 2. [Installation](./installation.md)
 3. [Kluctl Commands](./commands)
-4. [.kluctl.yaml](./kluctl-project)
-5. [Deployments](./deployments)
+4. [Kluctl Projects](./kluctl-project)
+5. [Kluctl Libraries](./kluctl-libraries)
+6. [Deployments](./deployments)
diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index f4c6ded28..2318c09f3 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -93,6 +93,10 @@ Specifies an external git project to be included. The project is included the sa
 that the included project can not use/load templates from the parent project. An included project might also include
 further git projects.
 
+If the included project is a [Kluctl Library Project](../kluctl-libraries/README.md), current variables are NOT passed
+automatically into the included project. Only when [passVars](#passvars) is set to true, all current variables are passed.
+For library projects, [args](#args) is the preferred way to pass configuration.
+
 Simple example:
 ```yaml
 deployments:
@@ -127,6 +131,10 @@ Specifies an OCI based artifact to include. The artifact must be pushed to your
 [`kluctl oci push`](../commands/oci-push.md) command. The artifact is extracted and then included the same way a
 [git include](#git-includes) is included.
 
+If the included project is a [Kluctl Library Project](../kluctl-libraries/README.md), current variables are NOT passed
+automatically into the included project. Only when [passVars](#passvars) is set to true, all current variables are passed.
+For library projects, [args](#args) is the preferred way to pass configuration.
+
 Simple example:
 ```yaml
 deployments:
@@ -245,8 +253,18 @@ deployments:
     - file: vars2.yaml
 ```
 
-### when
+### passVars
+Can only be used on [include](#includes), [git include](#git-includes) and [oci include](#oci-includes). If set to `true`,
+all variables will be passed down to the included project even if the project is an explicitly marked
+[Kluctl Library Project](../kluctl-libraries/README.md).
 
+If the included project is not a library project, variables are always fully passed into the included deployment. 
+
+### args
+Can only be used on [include](#includes), [git include](#git-includes) and [oci include](#oci-includes). Passes the given
+arguments into [Kluctl Library Projects](../kluctl-libraries/README.md).
+
+### when
 Each deployment item can be conditional with the help of the `when` field. It must be set to a
 [Jinja2 based expression](https://jinja.palletsprojects.com/en/latest/templates/#expressions)
 that evaluates to a boolean.
diff --git a/docs/kluctl/kluctl-libraries/README.md b/docs/kluctl/kluctl-libraries/README.md
new file mode 100644
index 000000000..17cd52930
--- /dev/null
+++ b/docs/kluctl/kluctl-libraries/README.md
@@ -0,0 +1,72 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "Kluctl Libraries"
+linkTitle: "Kluctl Libraries"
+weight: 1
+description: >
+    Kluctl library project configuration, found in the .kluctl-library.yaml file.
+---
+-->
+
+# Kluctl Library Projects
+
+A library project is a Kluctl deployment that is meant to be included by other projects. It can be provided with
+configuration either via [args](#args) or via [vars in the include](../deployments/deployment-yml.md#vars-deployment-item).
+
+Kluctl [deployment projects](../deployments/README.md) can include these library projects via
+[local include](../deployments/deployment-yml.md#includes), [Git include](../deployments/deployment-yml.md#git-includes)
+or [Oci includes](../deployments/deployment-yml.md#oci-includes). 
+artifacts.
+
+The `.kluctl-library.yaml` marks a deployment project as a library project and provides some configuration.
+
+## Example
+
+Consider the following root `deployment.yaml` inside your root project:
+
+```yaml
+deployments:
+  - git:
+      url: git@github.com/example/example-library.git
+    args:
+      arg1: value1
+```
+
+And the following `.kluctl-library.yaml` inside the included `example-library` git project:
+
+```yaml
+args:
+  - name: arg1
+  - name: arg2
+    default: value2
+```
+
+This will include the given git repository and make `args.arg1` and `args.arg2` available via [templating](../templating/README.md).
+
+## Allowed fields
+
+### args
+
+A list of arguments that can or must be passed when including the library project. Each of these arguments is then available
+in templating via the global `args` object.
+
+An example looks like this:
+```yaml
+args:
+  - name: environment
+  - name: enable_debug
+    default: false
+  - name: complex_arg
+    default:
+      my:
+        nested1: arg1
+        nested2: arg2
+```
+
+The meaning and function of these arguements is identical to the [args in .kluctl.yaml](../kluctl-project/README.md#args).
+
+## Using Kluctl Libraries without .kluctl-library.yaml
+
+Includes can also be done on projects that do not have a `.kluctl-library.yaml` configuration. In that case, all
+currently available variables are passed into the include project, including the `args` from the root deployment project.
diff --git a/docs/kluctl/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
index 65f6bc413..983a4ae99 100644
--- a/docs/kluctl/kluctl-project/README.md
+++ b/docs/kluctl/kluctl-project/README.md
@@ -1,8 +1,8 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "Kluctl project"
-linkTitle: ".kluctl.yaml"
+title: "Kluctl Projects"
+linkTitle: "Kluctl Projects"
 weight: 1
 description: >
     Kluctl project configuration, found in the .kluctl.yaml file.

From 1d3f69674f6244ba4e81def22c02cfd2bbc9f442 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 18:15:59 +0100
Subject: [PATCH 1856/2268] fix: Fix --offline-kubernetes

---
 cmd/kluctl/commands/utils.go      | 2 +-
 pkg/controllers/kluctl_project.go | 2 +-
 pkg/kluctl_project/k8s.go         | 6 +++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index e52d63470..596501a5d 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -197,7 +197,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 	commandResultId := uuid.NewString()
 
-	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams.TargetName, targetParams.ContextOverride)
+	clientConfig, contextName, err := p.LoadK8sConfig(ctx, targetParams.TargetName, targetParams.ContextOverride, targetParams.OfflineK8s)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index ab6192979..929e7fe05 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -632,7 +632,7 @@ func (pt *preparedTarget) loadTarget(ctx context.Context, p *kluctl_project.Load
 		props.ContextOverride = *pt.pp.obj.Spec.Context
 	}
 
-	restConfig, contextName, err := p.LoadK8sConfig(ctx, props.TargetName, props.ContextOverride)
+	restConfig, contextName, err := p.LoadK8sConfig(ctx, props.TargetName, props.ContextOverride, props.OfflineK8s)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_project/k8s.go b/pkg/kluctl_project/k8s.go
index 2d4d8098f..98833db49 100644
--- a/pkg/kluctl_project/k8s.go
+++ b/pkg/kluctl_project/k8s.go
@@ -8,7 +8,11 @@ import (
 	"k8s.io/client-go/tools/clientcmd/api"
 )
 
-func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, targetName string, contextOverride string) (*rest.Config, string, error) {
+func (p *LoadedKluctlProject) LoadK8sConfig(ctx context.Context, targetName string, contextOverride string, offlineK8s bool) (*rest.Config, string, error) {
+	if offlineK8s {
+		return nil, "", nil
+	}
+
 	var contextName *string
 	if targetName != "" {
 		t, err := p.FindTarget(targetName)

From 6a17999d3afc974b94b28b8c8ee4804016c982a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 18:16:09 +0100
Subject: [PATCH 1857/2268] tests: Add library include tests

---
 e2e/library_test.go               | 142 ++++++++++++++++++++++++++++++
 e2e/test-utils/test_git_server.go |  10 +++
 e2e/test_project/project.go       |   4 +
 3 files changed, 156 insertions(+)
 create mode 100644 e2e/library_test.go

diff --git a/e2e/library_test.go b/e2e/library_test.go
new file mode 100644
index 000000000..e0c3bab32
--- /dev/null
+++ b/e2e/library_test.go
@@ -0,0 +1,142 @@
+package e2e
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"testing"
+)
+
+func prepareLibraryProject(t *testing.T, prefix string, subDir string, cmData map[string]string, args []types.DeploymentArg) *test_project.TestProject {
+	p := test_project.NewTestProject(t,
+		test_project.WithGitSubDir(subDir),
+		test_project.WithRepoName(fmt.Sprintf("repos/%s", prefix)),
+	)
+	addConfigMapDeployment(p, "cm", cmData, resourceOpts{
+		name:      fmt.Sprintf("%s-cm", prefix),
+		namespace: p.TestSlug(),
+	})
+	p.UpdateYaml(".kluctl-library.yaml", func(o *uo.UnstructuredObject) error {
+		*o = *uo.FromMap(map[string]interface{}{
+			"args": args,
+		})
+		return nil
+	}, "")
+	return p
+}
+
+func TestLibraryIncludePassVars(t *testing.T) {
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+	ip1 := prepareLibraryProject(t, "lib1", "", map[string]string{
+		"a": `{{ get_var("k1", "na") }}`,
+	}, []types.DeploymentArg{})
+	ip2 := prepareLibraryProject(t, "lib2", "subDir", map[string]string{
+		"a": `{{ get_var("k2", "na") }}`,
+	}, []types.DeploymentArg{})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	// add vars to deployment.yaml
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]types.VarsSource{
+			{
+				Values: uo.FromMap(map[string]interface{}{
+					"k1": "v1",
+					"k2": "v2",
+				}),
+			},
+		}, "vars")
+		return nil
+	})
+
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+		},
+	}))
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url":    ip2.GitUrl(),
+			"subDir": "subDir",
+		},
+	}))
+
+	// ensure vars were not passed
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "lib1-cm")
+	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "lib2-cm")
+	assertNestedFieldEquals(t, cm1, "na", "data", "a")
+	assertNestedFieldEquals(t, cm2, "na", "data", "a")
+
+	// now let it pass vars to lib1
+	p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		_ = items[0].SetNestedField(true, "passVars")
+		return items
+	})
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "lib1-cm")
+	cm2 = assertConfigMapExists(t, k, p.TestSlug(), "lib2-cm")
+	assertNestedFieldEquals(t, cm1, "v1", "data", "a")
+	assertNestedFieldEquals(t, cm2, "na", "data", "a")
+
+	// now remove .kluctl-library.yaml and let it auto-pass variables
+	ip2.DeleteFile(".kluctl-library.yaml", "")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm1 = assertConfigMapExists(t, k, p.TestSlug(), "lib1-cm")
+	cm2 = assertConfigMapExists(t, k, p.TestSlug(), "lib2-cm")
+	assertNestedFieldEquals(t, cm1, "v1", "data", "a")
+	assertNestedFieldEquals(t, cm2, "v2", "data", "a")
+}
+
+func TestLibraryIncludeArgs(t *testing.T) {
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+	ip1 := prepareLibraryProject(t, "lib1", "", map[string]string{
+		"a": `{{ get_var("args.a", "na") }}`,
+		"b": `{{ get_var("args.b", "na") }}`,
+	}, []types.DeploymentArg{
+		{
+			Name:    "a",
+			Default: &apiextensionsv1.JSON{Raw: []byte(`"def"`)},
+		},
+		{
+			Name: "b",
+		},
+	})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
+
+	// no args passed
+	p.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+		"git": map[string]any{
+			"url": ip1.GitUrl(),
+		},
+	}))
+
+	// ensure vars were not passed
+	_, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test")
+	assert.ErrorContains(t, err, "required argument b not set")
+
+	// pass args
+	p.UpdateDeploymentItems("", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		_ = items[0].SetNestedField(uo.FromMap(map[string]interface{}{
+			"b": "b",
+		}), "args")
+		return items
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "lib1-cm")
+	assertNestedFieldEquals(t, cm1, "def", "data", "a")
+	assertNestedFieldEquals(t, cm1, "b", "data", "b")
+}
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index f55489258..94efc5952 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -298,6 +298,16 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	p.CommitYaml(repo, pth, message, o)
 }
 
+func (p *TestGitServer) DeleteFile(repo string, pth string, message string) {
+	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	_ = os.Remove(fullPath)
+
+	if message == "" {
+		message = fmt.Sprintf("delete %s", filepath.Join(repo, pth))
+	}
+	p.CommitFiles(repo, []string{pth}, false, message)
+}
+
 func (p *TestGitServer) GitHost() string {
 	return fmt.Sprintf("localhost:%d", p.gitServerPort)
 }
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 702314a50..7310b1a95 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -171,6 +171,10 @@ func (p *TestProject) UpdateFile(pth string, update func(f string) (string, erro
 	p.gitServer.UpdateFile(p.gitRepoName, path.Join(p.gitSubDir, pth), update, message)
 }
 
+func (p *TestProject) DeleteFile(pth string, message string) {
+	p.gitServer.DeleteFile(p.gitRepoName, path.Join(p.gitSubDir, pth), message)
+}
+
 func (p *TestProject) GetYaml(path string) *uo.UnstructuredObject {
 	o, err := uo.FromFile(filepath.Join(p.LocalProjectDir(), path))
 	if err != nil {

From 5e45b4bd17291e7c19ddf07160d48e0afa1dafb5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 31 Oct 2023 18:31:30 +0100
Subject: [PATCH 1858/2268] chore: Run make generate

---
 pkg/types/zz_generated.deepcopy.go | 44 +++++++++++++++++++++++++-----
 pkg/webui/ui/src/models.ts         |  8 ++++--
 2 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 36e0d799f..17e07dda2 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -118,6 +118,13 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 		*out = new(OciProject)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.DeleteObjects != nil {
+		in, out := &in.DeleteObjects, &out.DeleteObjects
+		*out = make([]DeleteObjectItemConfig, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	if in.Tags != nil {
 		in, out := &in.Tags, &out.Tags
 		*out = make([]string, len(*in))
@@ -128,6 +135,10 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = (*in).DeepCopy()
+	}
 	if in.Vars != nil {
 		in, out := &in.Vars, &out.Vars
 		*out = make([]*VarsSource, len(*in))
@@ -139,13 +150,6 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 			}
 		}
 	}
-	if in.DeleteObjects != nil {
-		in, out := &in.DeleteObjects, &out.DeleteObjects
-		*out = make([]DeleteObjectItemConfig, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
 	if in.RenderedHelmChartConfig != nil {
 		in, out := &in.RenderedHelmChartConfig, &out.RenderedHelmChartConfig
 		*out = new(HelmChartConfig)
@@ -504,6 +508,32 @@ func (in *IgnoreForDiffItemConfig) DeepCopy() *IgnoreForDiffItemConfig {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KluctlLibraryProject) DeepCopyInto(out *KluctlLibraryProject) {
+	*out = *in
+	if in.Args != nil {
+		in, out := &in.Args, &out.Args
+		*out = make([]*DeploymentArg, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(DeploymentArg)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KluctlLibraryProject.
+func (in *KluctlLibraryProject) DeepCopy() *KluctlLibraryProject {
+	if in == nil {
+		return nil
+	}
+	out := new(KluctlLibraryProject)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KluctlProject) DeepCopyInto(out *KluctlProject) {
 	*out = *in
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 3c160d613..42b51ea09 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -207,15 +207,17 @@ export class DeploymentItemConfig {
     include?: string;
     git?: GitProject;
     oci?: OciProject;
+    deleteObjects?: DeleteObjectItemConfig[];
     tags?: string[];
     barrier?: boolean;
     message?: string;
     waitReadiness?: boolean;
+    args?: any;
+    passVars?: boolean;
     vars?: VarsSource[];
     skipDeleteIfTags?: boolean;
     onlyRender?: boolean;
     alwaysDeploy?: boolean;
-    deleteObjects?: DeleteObjectItemConfig[];
     when?: string;
     renderedHelmChartConfig?: HelmChartConfig;
     renderedObjects?: ObjectRef[];
@@ -227,15 +229,17 @@ export class DeploymentItemConfig {
         this.include = source["include"];
         this.git = this.convertValues(source["git"], GitProject);
         this.oci = this.convertValues(source["oci"], OciProject);
+        this.deleteObjects = this.convertValues(source["deleteObjects"], DeleteObjectItemConfig);
         this.tags = source["tags"];
         this.barrier = source["barrier"];
         this.message = source["message"];
         this.waitReadiness = source["waitReadiness"];
+        this.args = source["args"];
+        this.passVars = source["passVars"];
         this.vars = this.convertValues(source["vars"], VarsSource);
         this.skipDeleteIfTags = source["skipDeleteIfTags"];
         this.onlyRender = source["onlyRender"];
         this.alwaysDeploy = source["alwaysDeploy"];
-        this.deleteObjects = this.convertValues(source["deleteObjects"], DeleteObjectItemConfig);
         this.when = source["when"];
         this.renderedHelmChartConfig = this.convertValues(source["renderedHelmChartConfig"], HelmChartConfig);
         this.renderedObjects = this.convertValues(source["renderedObjects"], ObjectRef);

From 996a51672f2cc7fcff565fcd6c437123002084f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 08:11:30 +0100
Subject: [PATCH 1859/2268] chore(deps): Bump the k8s-io group with 1 update
 (#877)

Bumps the k8s-io group with 1 update: [k8s.io/klog/v2](https://github.com/kubernetes/klog).

- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.100.1...v2.110.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index fac90f4cf..b3609d2fb 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.28.3
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
-	k8s.io/klog/v2 v2.100.1
+	k8s.io/klog/v2 v2.110.1
 	sigs.k8s.io/kustomize/kyaml v0.15.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 )
diff --git a/go.sum b/go.sum
index 82bb44ca6..dc87ea291 100644
--- a/go.sum
+++ b/go.sum
@@ -311,7 +311,6 @@ github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxF
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
@@ -1265,8 +1264,8 @@ k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
 k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
 k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI=
 k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
+k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
 k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
 k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=

From 4b42f4ce2ce6e5b44b8beee71cffdc9ecf9c65f7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 08:12:02 +0100
Subject: [PATCH 1860/2268] chore(deps): Bump github.com/onsi/gomega from
 1.28.0 to 1.29.0 (#879)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.28.0 to 1.29.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.28.0...v1.29.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b3609d2fb..e18010b2a 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.28.0
+	github.com/onsi/gomega v1.29.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/prometheus/client_golang v1.17.0
diff --git a/go.sum b/go.sum
index dc87ea291..5986dd527 100644
--- a/go.sum
+++ b/go.sum
@@ -658,8 +658,8 @@ github.com/ohler55/ojg v1.20.1 h1:Io65sHjMjYPI7yuhUr8VdNmIQdYU6asKeFhOs8xgBnY=
 github.com/ohler55/ojg v1.20.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c=
-github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8=
+github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
+github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=

From 29687aa6b1bbcea9eeb6eebb599b360efb88f412 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 08:12:29 +0100
Subject: [PATCH 1861/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.20.1 to 1.20.2 (#880)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.20.1...v1.20.2)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e18010b2a..228f12684 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.20.1
+	github.com/ohler55/ojg v1.20.2
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
diff --git a/go.sum b/go.sum
index 5986dd527..8c2a64ab3 100644
--- a/go.sum
+++ b/go.sum
@@ -654,8 +654,8 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/ohler55/ojg v1.20.1 h1:Io65sHjMjYPI7yuhUr8VdNmIQdYU6asKeFhOs8xgBnY=
-github.com/ohler55/ojg v1.20.1/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.20.2 h1:ragZXnawcsq/knqIHaflvIX/8RzzAKMZSluAZAz+RFs=
+github.com/ohler55/ojg v1.20.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=

From 9d664f98ed7c7554857e435935a046a413cbaf31 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 08:12:50 +0100
Subject: [PATCH 1862/2268] chore(deps): Bump cloud.google.com/go/secretmanager
 (#881)

Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.11.2 to 1.11.4.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.11.2...orgpolicy/v1.11.4)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 20 ++++++++++----------
 go.sum | 40 ++++++++++++++++++++--------------------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 228f12684..1fdf5d526 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/secretmanager v1.11.2
+	cloud.google.com/go/secretmanager v1.11.4
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
@@ -73,7 +73,7 @@ require (
 	github.com/go-git/go-git/v5 v5.10.0
 	github.com/go-logr/logr v1.3.0
 	github.com/google/gops v0.3.28
-	github.com/google/uuid v1.3.1
+	github.com/google/uuid v1.4.0
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -84,7 +84,7 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.13.0
-	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
@@ -96,10 +96,10 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go/compute v1.23.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.2 // indirect
-	cloud.google.com/go/kms v1.15.2 // indirect
+	cloud.google.com/go/iam v1.1.3 // indirect
+	cloud.google.com/go/kms v1.15.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
@@ -189,7 +189,7 @@ require (
 	github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
@@ -288,10 +288,10 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.146.0 // indirect
+	google.golang.org/api v0.149.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 8c2a64ab3..c4dacacd2 100644
--- a/go.sum
+++ b/go.sum
@@ -25,22 +25,22 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
-cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
+cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
-cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE=
-cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w=
+cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc=
+cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
+cloud.google.com/go/kms v1.15.3 h1:RYsbxTRmk91ydKCzekI2YjryO4c5Y2M80Zwcs9/D/cI=
+cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/secretmanager v1.11.2 h1:52Z78hH8NBWIqbvIG0wi0EoTaAmSx99KIOAmDXIlX0M=
-cloud.google.com/go/secretmanager v1.11.2/go.mod h1:MQm4t3deoSub7+WNwiC4/tRYgDBHJgJPvswqQVB1Vss=
+cloud.google.com/go/secretmanager v1.11.4 h1:krnX9qpG2kR2fJ+u+uNyNo+ACVhplIAS4Pu7u+4gd+k=
+cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
@@ -452,10 +452,10 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -1129,8 +1129,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.146.0 h1:9aBYT4vQXt9dhCuLNfwfd3zpwu8atg0yPkjBymwSrOM=
-google.golang.org/api v0.146.0/go.mod h1:OARJqIfoYjXJj4C1AiBSXYZt03qsoz8FQYU6fBEfrHM=
+google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
+google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1175,12 +1175,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
-google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13 h1:U7+wNaVuSTaUqNvK2+osJ9ejEZxbjHHk8F2b6Hpx0AE=
-google.golang.org/genproto/googleapis/api v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:RdyHbowztCGQySiCvQPgWQWgWhGnouTdCflKoDBt32U=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

From 7309a21c78481faf93bc16f134ac2cc3033ea007 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Nov 2023 08:13:03 +0100
Subject: [PATCH 1863/2268] chore(deps): Bump the aws-sdk group with 4 updates
 (#882)

Bumps the aws-sdk group with 4 updates: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.21.2 to 1.22.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.21.2...v1.22.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.19.1 to 1.21.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.19.1...v1.21.0)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.20.2 to 1.22.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.20.2...v1.22.0)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.21.6 to 1.23.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.23.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.21.6...service/s3/v1.23.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 28 ++++++++++++++--------------
 go.sum | 55 ++++++++++++++++++++++++++++---------------------------
 2 files changed, 42 insertions(+), 41 deletions(-)

diff --git a/go.mod b/go.mod
index 1fdf5d526..ff5bf4ba2 100644
--- a/go.mod
+++ b/go.mod
@@ -55,13 +55,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.21.2
-	github.com/aws/aws-sdk-go-v2/config v1.19.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
-	github.com/aws/smithy-go v1.15.0
+	github.com/aws/aws-sdk-go-v2 v1.22.1
+	github.com/aws/aws-sdk-go-v2/config v1.21.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.15.0
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.25.0
+	github.com/aws/smithy-go v1.16.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
@@ -119,14 +119,14 @@ require (
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.17.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index c4dacacd2..516959bdf 100644
--- a/go.sum
+++ b/go.sum
@@ -116,38 +116,39 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
-github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
-github.com/aws/aws-sdk-go-v2/config v1.19.1/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2 v1.22.1 h1:sjnni/AuoTXxHitsIdT0FwmqUuNUuHtufcVDErVFT9U=
+github.com/aws/aws-sdk-go-v2 v1.22.1/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
+github.com/aws/aws-sdk-go-v2/config v1.21.0 h1:BZEX5S6hkrAJ9rJn2hEMWIMkg+l1RC7gBQ84qkb0Cp0=
+github.com/aws/aws-sdk-go-v2/config v1.21.0/go.mod h1:DMs4GYoTUo21V0cuDvwbdRb6coTcJ/EJxD7/WYZOinA=
+github.com/aws/aws-sdk-go-v2/credentials v1.15.0 h1:gSRUMOU/wxxf89+4XYg0hYwOmcgdA0bohb7A/5nO+oE=
+github.com/aws/aws-sdk-go-v2/credentials v1.15.0/go.mod h1:2zRQYW9jm3t18Ku+qP/107djyjAL7Ght6eBTWiNF/5c=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1 h1:PYlUVUJRnXf2QU7IS+WLNSoU42f/oYRAmpwvXRH0Zq4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1/go.mod h1:wLyMIo/zPOhQhPXTddpfdkSleyigtFi8iMnC+2m/SK4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1 h1:fi1ga6WysOyYb5PAf3Exd6B5GiSNpnZim4h1rhlBqx0=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1/go.mod h1:V5CY8wNurvPUibTi9mwqUqpiFZ5LnioKWIFUDtIzdI8=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1 h1:ZpaV/j48RlPc4AmOZuPv22pJliXjXq8/reL63YzyFnw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1/go.mod h1:R8aXraabD2e3qv1csxM14/X9WF4wFMIY0kH4YEtYD5M=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0 h1:DqOQvIfmGkXZUVJnl9VRk0AnxyS59tCtX9k1Pyss4Ak=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0/go.mod h1:VV/Kbw9Mg1GWJOT9WK+oTL3cWZiXtapnNvDSRqTZLsg=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0 h1:TA2V0OLAwEooOnCk2ZBgxTPAtb20Fgbkr7IrI/YxbAg=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0/go.mod h1:/1jvJouA9LvRdzQmTFwlvf3RKFXQz3jgL4AcPuaaoO8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1 h1:2OXw3ppu1XsB6rqKEMV4tnecTjIY3PRV2U6IP6KPJQo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1/go.mod h1:FZB4AdakIqW/yERVdGJA6Z9jraax1beXfhBBnK2wwR8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6 h1:y3n83jEM6EuawrD5HZCh3eMj9RsfxniVLcXlyFMNITM=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6/go.mod h1:A108ijf0IFtqhYApU+Gia80aPSAUfi9dItm+h5fWGJE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
-github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0 h1:PXSCgeF51ApT3k+fduqw7IaCxICt1nozWV1iPz7TyxU=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0/go.mod h1:bpDXZjRbNT5gb9pa2jJlSUvBkfNwfG3OWgGqFYY73kA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.0 h1:I/Oh3IxGPfHXiGnwM54TD6hNr/8TlUrBXAtTyGhR+zw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.0/go.mod h1:H6NCMvDBqA+CvIaXzaSqM6LWtzv9BzZrqBOqz+PzRF8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0 h1:irbXQkfVYIRaewYSXcu4yVk0m2T+JzZd0dkop7FjmO0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0/go.mod h1:4wPNCkM22+oRe71oydP66K50ojDUC33XutSMi2pEF/M=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.0 h1:sYIFy8tm1xQwRvVQ4CRuBGXKIg9sHNuG6+3UAQuoujk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.0/go.mod h1:S/LOQUeYDfJeJpFCIJDMjy7dwL4aA33HUdVi+i7uH8k=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
+github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
 github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

From 26e2073e046d1e498cc2f387380144ba7d2af901 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 2 Nov 2023 08:42:24 +0100
Subject: [PATCH 1864/2268] chore: Fix prepare-release.sh to sed
 .kluctl-library.yaml and not .kluctl.yaml

---
 hack/prepare-release.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 988e0f650..89e2250b3 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -25,9 +25,9 @@ fi
 echo VERSION=$VERSION
 
 FILES=""
-FILES="$FILES install/controller/.kluctl.yaml"
+FILES="$FILES install/controller/.kluctl-library.yaml"
 FILES="$FILES install/controller/controller/kustomization.yaml"
-FILES="$FILES install/webui/.kluctl.yaml"
+FILES="$FILES install/webui/.kluctl-library.yaml"
 FILES="$FILES install/webui/webui/deployment.yaml"
 FILES="$FILES install/webui/webui/kustomization.yaml"
 FILES="$FILES docs/kluctl/installation.md"

From e44782321f135bf74ce2be2c5abfbf9df337b710 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 2 Nov 2023 08:42:44 +0100
Subject: [PATCH 1865/2268] build: Preparing release v2.22.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 978386e5d..095e4765b 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.2
+        tag: v2.22.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index f54b27c40..149abb0c4 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.21.2
+        tag: v2.22.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 60a2aebaa..21a9bfaf3 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.2
+        tag: v2.22.0
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.21.2
+            kluctl_version: v2.22.0
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.21.2
+        tag: v2.22.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 7ba65080f..27ce26be0 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.21.2
+         tag: v2.22.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index b5667d73d..d5368250c 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.2
+    default: v2.22.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 6c3a674d4..dce448436 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.21.2") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.22.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index ee172236b..dca2a9aee 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.21.2
+    default: v2.22.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 0a3dac94c..f7b137d31 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.21.2") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.22.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From a72d8302dff34949dff143aa339ec8903d115894 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 2 Nov 2023 14:14:19 +0100
Subject: [PATCH 1866/2268] fix: Use correct sub-path when using
 spec.source.git or spec.source.oci

---
 e2e/gitops_misc_test.go           | 97 +++++++++++++++++++++++++++++++
 pkg/controllers/kluctl_project.go |  6 +-
 2 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 e2e/gitops_misc_test.go

diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
new file mode 100644
index 000000000..6418e7723
--- /dev/null
+++ b/e2e/gitops_misc_test.go
@@ -0,0 +1,97 @@
+package e2e
+
+import (
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"testing"
+)
+
+type GitOpsMiscSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsMisc(t *testing.T) {
+	t.Parallel()
+	suite.Run(t, new(GitOpsMiscSuite))
+}
+
+func (suite *GitOpsMiscSuite) TestGitSourceWithPath() {
+	p := test_project.NewTestProject(suite.T(), test_project.WithGitSubDir("subDir"))
+	p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	addConfigMapDeployment(p, "d1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+
+	key := suite.createKluctlDeployment(p, "target1", nil)
+
+	suite.Run("initial deployment fails", func() {
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		status := suite.getReadiness(kd)
+		assert.Equal(suite.T(), v1.ConditionFalse, status.Status)
+		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
+	})
+
+	suite.Run("deployment with path succeeds", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Source.Git.Path = "subDir"
+		})
+
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		status := suite.getReadiness(kd)
+		assert.Equal(suite.T(), v1.ConditionTrue, status.Status)
+	})
+}
+
+func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
+	p := test_project.NewTestProject(suite.T(), test_project.WithGitSubDir("subDir"))
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", nil)
+	addConfigMapDeployment(p, "d1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+
+	repo := &test_utils.TestHelmRepo{
+		TestHttpServer: test_utils.TestHttpServer{},
+		Oci:            true,
+	}
+	repo.Start(suite.T())
+
+	repoUrl := repo.URL.String() + "/org/repo"
+
+	p.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl, "--project-dir", p.LocalRepoDir())
+
+	p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
+
+	key := suite.createKluctlDeployment2(p, "target1", nil, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Source.Oci = &kluctlv1.ProjectSourceOci{
+			URL: repoUrl,
+		}
+	})
+
+	suite.Run("initial deployment fails", func() {
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		status := suite.getReadiness(kd)
+		assert.Equal(suite.T(), v1.ConditionFalse, status.Status)
+		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
+	})
+
+	suite.Run("deployment with path succeeds", func() {
+		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+			kd.Spec.Source.Oci.Path = "subDir"
+		})
+
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		status := suite.getReadiness(kd)
+		assert.Equal(suite.T(), v1.ConditionTrue, status.Status)
+	})
+}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 929e7fe05..f63c5300d 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -144,7 +144,9 @@ func prepareProject(ctx context.Context,
 	}
 
 	if doCloneSource {
+		pth := ""
 		if pp.obj.Spec.Source.Git != nil {
+			pth = pp.obj.Spec.Source.Git.Path
 			rpEntry, err := pp.gitRP.GetEntry(pp.obj.Spec.Source.Git.URL)
 			if err != nil {
 				return nil, fmt.Errorf("failed to clone git source: %w", err)
@@ -155,6 +157,7 @@ func prepareProject(ctx context.Context,
 				return nil, err
 			}
 		} else if pp.obj.Spec.Source.Oci != nil {
+			pth = pp.obj.Spec.Source.Oci.Path
 			rpEntry, err := pp.ociRP.GetEntry(pp.obj.Spec.Source.Oci.URL)
 			if err != nil {
 				return nil, fmt.Errorf("failed to pull OCI source: %w", err)
@@ -165,6 +168,7 @@ func prepareProject(ctx context.Context,
 				return nil, err
 			}
 		} else if pp.obj.Spec.Source.URL != nil {
+			pth = pp.obj.Spec.Source.Path
 			rpEntry, err := pp.gitRP.GetEntry(*pp.obj.Spec.Source.URL)
 			if err != nil {
 				return nil, fmt.Errorf("failed to clone git source: %w", err)
@@ -179,7 +183,7 @@ func prepareProject(ctx context.Context,
 		}
 
 		// check kluctl project path exists
-		pp.projectDir, err = securejoin.SecureJoin(pp.repoDir, pp.obj.Spec.Source.Path)
+		pp.projectDir, err = securejoin.SecureJoin(pp.repoDir, pth)
 		if err != nil {
 			return pp, err
 		}

From 81396f84d3c310ef34a8e61a2fd8afcf2b729076 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 2 Nov 2023 14:19:49 +0100
Subject: [PATCH 1867/2268] docs: Update docs about manual reconciliation

---
 docs/gitops/spec/v1beta1/kluctldeployment.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 2fb821f77..e1ef685f5 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -313,22 +313,31 @@ interval at which forced deployments must be performed by the controller.
 The KluctlDeployment reconciliation can be suspended by setting `spec.suspend` to `true`. Suspension will however not
 prevent manual reconciliation requests via the `kluctl gitops` sub-commands.
 
+## Manual requests/reconciliation
+
 The controller can be told to reconcile the KluctlDeployment outside of the specified interval
-by annotating the KluctlDeployment object with `kluctl.io/request-reconcile`.
+by using the [`kluctl gitops`](../../../kluctl/commands/README.md) sub-commands.
 
 On-demand reconciliation example:
 
 ```bash
-kubectl annotate --overwrite kluctldeployment/microservices-demo-prod kluctl.io/request-reconcile="$(date +%s)"
+kluctl gitops deploy --namespace my-namespace --name my-deployment
+```
+
+You can also perform manual requests while temporarily overriding deployment configurations, e.g.:
+
+```bash
+kluctl gitops deploy --namespace my-namespace --name my-deployment --force-apply
 ```
 
-Similarly, a deployment can be forced even if the source has not changed by using the  `kluctl.io/request-deploy`
-annotation:
+Local source overrides are also possible, allowing you to test changes before pushing them:
 
 ```bash
-kubectl annotate --overwrite kluctldeployment/microservices-demo-prod kluctl.io/request-deploy="$(date +%s)"
+kluctl gitops diff --namespace my-namespace --name my-deployment --local-git-override=github.com/exaple-org/example-project=/local/path/to/modified/repo
 ```
 
+When `--namespace` and `--name` are omitted, the CLI will try to auto-detect the deployment on the current cluster
+and suggest the auto-detected deployment to you.
 
 ## Kubeconfigs and RBAC
 

From 13612fbf4e10002345fc4fb097bf1040acfa08ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 2 Nov 2023 14:45:33 +0100
Subject: [PATCH 1868/2268] build: Preparing release v2.22.1

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 095e4765b..0407051c5 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.22.0
+        tag: v2.22.1
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 149abb0c4..8287f2796 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.22.0
+        tag: v2.22.1
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 21a9bfaf3..2fe232483 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.22.0
+        tag: v2.22.1
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.22.0
+            kluctl_version: v2.22.1
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.22.0
+        tag: v2.22.1
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 27ce26be0..be8171c0d 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.22.0
+         tag: v2.22.1
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index d5368250c..60c4c9c2b 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.22.0
+    default: v2.22.1
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index dce448436..3345b761d 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.22.0") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.22.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index dca2a9aee..5c095a16f 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.22.0
+    default: v2.22.1
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index f7b137d31..9cc0ac639 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.22.0") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.22.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 9c66f4f35e2e1018a9f5b86a42ada0e461094510 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 22 Nov 2023 16:32:40 +0100
Subject: [PATCH 1869/2268] chore: Fix authors in LICENSE (#902)

---
 LICENSE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LICENSE b/LICENSE
index d64569567..5fc370f65 100644
--- a/LICENSE
+++ b/LICENSE
@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright [2023] [The Kluctl authors]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

From 1344e343d53baf0c51a61d902b6d889809886cde Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:33:45 +0100
Subject: [PATCH 1870/2268] chore(deps): Bump the aws-sdk group with 4 updates
 (#911)

Bumps the aws-sdk group with 4 updates: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.22.1 to 1.24.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.22.1...v1.24.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.21.0 to 1.26.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.21.0...config/v1.26.1)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.22.0 to 1.24.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.22.0...service/ecr/v1.24.5)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.23.0 to 1.25.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.23.0...config/v1.25.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 29 +++++++++++++++--------------
 go.sum | 58 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 45 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index ff5bf4ba2..34972c385 100644
--- a/go.mod
+++ b/go.mod
@@ -55,13 +55,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.22.1
-	github.com/aws/aws-sdk-go-v2/config v1.21.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.15.0
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.25.0
-	github.com/aws/smithy-go v1.16.0
+	github.com/aws/aws-sdk-go-v2 v1.24.0
+	github.com/aws/aws-sdk-go-v2/config v1.26.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5
+	github.com/aws/smithy-go v1.19.0
 	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
@@ -119,14 +119,15 @@ require (
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.17.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 516959bdf..09c35fb03 100644
--- a/go.sum
+++ b/go.sum
@@ -116,39 +116,41 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2 v1.22.1 h1:sjnni/AuoTXxHitsIdT0FwmqUuNUuHtufcVDErVFT9U=
-github.com/aws/aws-sdk-go-v2 v1.22.1/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
-github.com/aws/aws-sdk-go-v2/config v1.21.0 h1:BZEX5S6hkrAJ9rJn2hEMWIMkg+l1RC7gBQ84qkb0Cp0=
-github.com/aws/aws-sdk-go-v2/config v1.21.0/go.mod h1:DMs4GYoTUo21V0cuDvwbdRb6coTcJ/EJxD7/WYZOinA=
-github.com/aws/aws-sdk-go-v2/credentials v1.15.0 h1:gSRUMOU/wxxf89+4XYg0hYwOmcgdA0bohb7A/5nO+oE=
-github.com/aws/aws-sdk-go-v2/credentials v1.15.0/go.mod h1:2zRQYW9jm3t18Ku+qP/107djyjAL7Ght6eBTWiNF/5c=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1 h1:PYlUVUJRnXf2QU7IS+WLNSoU42f/oYRAmpwvXRH0Zq4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.1/go.mod h1:wLyMIo/zPOhQhPXTddpfdkSleyigtFi8iMnC+2m/SK4=
+github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
+github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
+github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1 h1:fi1ga6WysOyYb5PAf3Exd6B5GiSNpnZim4h1rhlBqx0=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.1/go.mod h1:V5CY8wNurvPUibTi9mwqUqpiFZ5LnioKWIFUDtIzdI8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1 h1:ZpaV/j48RlPc4AmOZuPv22pJliXjXq8/reL63YzyFnw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.1/go.mod h1:R8aXraabD2e3qv1csxM14/X9WF4wFMIY0kH4YEtYD5M=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0 h1:DqOQvIfmGkXZUVJnl9VRk0AnxyS59tCtX9k1Pyss4Ak=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.5.0/go.mod h1:VV/Kbw9Mg1GWJOT9WK+oTL3cWZiXtapnNvDSRqTZLsg=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0 h1:TA2V0OLAwEooOnCk2ZBgxTPAtb20Fgbkr7IrI/YxbAg=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.22.0/go.mod h1:/1jvJouA9LvRdzQmTFwlvf3RKFXQz3jgL4AcPuaaoO8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1 h1:2OXw3ppu1XsB6rqKEMV4tnecTjIY3PRV2U6IP6KPJQo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.1/go.mod h1:FZB4AdakIqW/yERVdGJA6Z9jraax1beXfhBBnK2wwR8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5 h1:wLPDAUFT50NEXGXpywRU3AA74pg35RJjWol/68ruvQQ=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5/go.mod h1:AOHmGMoPtSY9Zm2zBuwUJQBisIvYAZeA1n7b6f4e880=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0 h1:PXSCgeF51ApT3k+fduqw7IaCxICt1nozWV1iPz7TyxU=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.23.0/go.mod h1:bpDXZjRbNT5gb9pa2jJlSUvBkfNwfG3OWgGqFYY73kA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.0 h1:I/Oh3IxGPfHXiGnwM54TD6hNr/8TlUrBXAtTyGhR+zw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.0/go.mod h1:H6NCMvDBqA+CvIaXzaSqM6LWtzv9BzZrqBOqz+PzRF8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0 h1:irbXQkfVYIRaewYSXcu4yVk0m2T+JzZd0dkop7FjmO0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.0/go.mod h1:4wPNCkM22+oRe71oydP66K50ojDUC33XutSMi2pEF/M=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.0 h1:sYIFy8tm1xQwRvVQ4CRuBGXKIg9sHNuG6+3UAQuoujk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.0/go.mod h1:S/LOQUeYDfJeJpFCIJDMjy7dwL4aA33HUdVi+i7uH8k=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 h1:qYi/BfDrWXZxlmRjlKCyFmtI4HKJwW8OKDKhKRAOZQI=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
-github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
+github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
 github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=

From 72b1155055db16fd92c3e36002ddba090bec03d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:34:02 +0100
Subject: [PATCH 1871/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#896)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.24.2 to 0.24.4.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.24.2...v0.24.4)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 16 ++++++++--------
 go.sum | 36 ++++++++++++++++++------------------
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/go.mod b/go.mod
index 34972c385..e8e2e11b3 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.24.2
+	github.com/bitnami-labs/sealed-secrets v0.24.4
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
@@ -33,12 +33,12 @@ require (
 	github.com/spf13/viper v1.17.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.14.0
+	golang.org/x/crypto v0.15.0
 	golang.org/x/net v0.17.0
 	golang.org/x/sync v0.4.0
-	golang.org/x/sys v0.13.0
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0
+	golang.org/x/sys v0.14.0
+	golang.org/x/term v0.14.0 // indirect
+	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.1
 	k8s.io/api v0.28.3
 	k8s.io/apiextensions-apiserver v0.28.3
@@ -77,7 +77,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.29.0
+	github.com/onsi/gomega v1.30.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/prometheus/client_golang v1.17.0
@@ -285,9 +285,9 @@ require (
 	go.uber.org/zap v1.25.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.149.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
diff --git a/go.sum b/go.sum
index 09c35fb03..6f95aa8ab 100644
--- a/go.sum
+++ b/go.sum
@@ -161,8 +161,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/sealed-secrets v0.24.2 h1:6RELDjQk+1WvrgkOJX9Y3aRyMBda3JWKuP7Qoi7Ee2M=
-github.com/bitnami-labs/sealed-secrets v0.24.2/go.mod h1:uQUgGnyOmGPUb6tCMRdhOKKHo2xJGwoxSqDYaWZZ+Hc=
+github.com/bitnami-labs/sealed-secrets v0.24.4 h1:ssJRQ+dtvmP+0AMzAstNgLivqwnP0TtjddFplSOhDJs=
+github.com/bitnami-labs/sealed-secrets v0.24.4/go.mod h1:AQQ3N08Chrpwa6gTToZMFR4luoaubMiZp8e0A/LmtCI=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -659,10 +659,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/ohler55/ojg v1.20.2 h1:ragZXnawcsq/knqIHaflvIX/8RzzAKMZSluAZAz+RFs=
 github.com/ohler55/ojg v1.20.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
-github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
-github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
-github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
+github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
+github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
@@ -860,8 +860,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -900,8 +900,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1025,16 +1025,16 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
+golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1046,8 +1046,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1105,8 +1105,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 1f7bd4ca43c024db4193c36beffa7a160e1c3782 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:34:19 +0100
Subject: [PATCH 1872/2268] chore(deps): Bump nhooyr.io/websocket from 1.8.7 to
 1.8.10 (#886)

Bumps [nhooyr.io/websocket](https://github.com/nhooyr/websocket) from 1.8.7 to 1.8.10.
- [Release notes](https://github.com/nhooyr/websocket/releases)
- [Commits](https://github.com/nhooyr/websocket/compare/v1.8.7...v1.8.10)

---
updated-dependencies:
- dependency-name: nhooyr.io/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  4 +---
 go.sum | 28 ++--------------------------
 2 files changed, 3 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index e8e2e11b3..d43aa6515 100644
--- a/go.mod
+++ b/go.mod
@@ -88,7 +88,7 @@ require (
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
-	nhooyr.io/websocket v1.8.7
+	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.3
 	sigs.k8s.io/kustomize/api v0.15.0
@@ -176,7 +176,6 @@ require (
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/gobwas/ws v1.2.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
@@ -196,7 +195,6 @@ require (
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/gorilla/sessions v1.2.1 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
diff --git a/go.sum b/go.sum
index 6f95aa8ab..dc2b42330 100644
--- a/go.sum
+++ b/go.sum
@@ -289,7 +289,6 @@ github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfm
 github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
@@ -330,16 +329,12 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
 github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
 github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
 github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
@@ -357,15 +352,6 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
-github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
-github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
-github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
-github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=
-github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -474,10 +460,7 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
@@ -540,7 +523,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
@@ -552,7 +534,6 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
 github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -580,7 +561,6 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -604,7 +584,6 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -784,8 +763,6 @@ github.com/tkrajina/typescriptify-golang-structs v0.1.11 h1:zEIVczF/iWgs4eTY7NQq
 github.com/tkrajina/typescriptify-golang-structs v0.1.11/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
@@ -988,7 +965,6 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1275,8 +1251,8 @@ k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=
 k8s.io/kubectl v0.28.2/go.mod h1:6EQWTPySF1fn7yKoQZHYf9TPwIl2AygHEcJoxFekr64=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
-nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=
+nhooyr.io/websocket v1.8.10/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=

From 2bbb02795ac38e6cf5487b7c92dcf43ca39ed6d4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:34:38 +0100
Subject: [PATCH 1873/2268] chore(deps): Bump
 sigs.k8s.io/structured-merge-diff/v4 (#885)

Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.3.0 to 4.4.1.
- [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases)
- [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.3.0...v4.4.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/structured-merge-diff/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d43aa6515..02d155628 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	k8s.io/client-go v0.28.3
 	k8s.io/klog/v2 v2.110.1
 	sigs.k8s.io/kustomize/kyaml v0.15.0
-	sigs.k8s.io/structured-merge-diff/v4 v4.3.0
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )
 
 require (
diff --git a/go.sum b/go.sum
index dc2b42330..89dd08eec 100644
--- a/go.sum
+++ b/go.sum
@@ -1270,7 +1270,7 @@ sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4
 sigs.k8s.io/kustomize/api v0.15.0/go.mod h1:p19kb+E14gN7zcIBR/nhByJDAfUa7N8mp6ZdH/mMXbg=
 sigs.k8s.io/kustomize/kyaml v0.15.0 h1:ynlLMAxDhrY9otSg5GYE2TcIz31XkGZ2Pkj7SdolD84=
 sigs.k8s.io/kustomize/kyaml v0.15.0/go.mod h1:+uMkBahdU1KNOj78Uta4rrXH+iH7wvg+nW7+GULvREA=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

From c4a2671d36ba466260a3842dad42fe4b3337ddcc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:34:51 +0100
Subject: [PATCH 1874/2268] chore(deps): Bump the azure-sdk group with 1 update
 (#891)

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).

- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.8.0...sdk/azcore/v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 02d155628..94d0bacbb 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.11.4
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.24.0
@@ -102,7 +102,7 @@ require (
 	cloud.google.com/go/kms v1.15.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 89dd08eec..af57edd0e 100644
--- a/go.sum
+++ b/go.sum
@@ -54,12 +54,12 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=

From 5652fdce893c80dc745927d2223623dea877e3f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 15:26:00 +0100
Subject: [PATCH 1875/2268] chore(deps): Bump github.com/coreos/go-oidc/v3 from
 3.6.0 to 3.9.0 (#912)

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.6.0 to 3.9.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.6.0...v3.9.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 13 ++++++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 94d0bacbb..1b7457b04 100644
--- a/go.mod
+++ b/go.mod
@@ -62,7 +62,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5
 	github.com/aws/smithy-go v1.19.0
-	github.com/coreos/go-oidc/v3 v3.6.0
+	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.6+incompatible
@@ -168,7 +168,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
@@ -288,7 +288,7 @@ require (
 	golang.org/x/tools v0.14.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.149.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
diff --git a/go.sum b/go.sum
index af57edd0e..066f152cd 100644
--- a/go.sum
+++ b/go.sum
@@ -210,8 +210,8 @@ github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
-github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
-github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
+github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo=
+github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -308,8 +308,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
-github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
+github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -387,6 +387,7 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -1019,6 +1020,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
@@ -1116,8 +1118,9 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=

From 80471a19476e7260f4651eaa72654335b3e2140a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:09:28 +0100
Subject: [PATCH 1876/2268] chore(deps): Bump actions/setup-go from 4 to 5
 (#918)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml       | 2 +-
 .github/workflows/preview-proxy.yml | 2 +-
 .github/workflows/preview-run.yml   | 2 +-
 .github/workflows/release.yml       | 2 +-
 .github/workflows/tests.yml         | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index cf0d3271f..b149cbb30 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Fetch all tags
         run: git fetch --force --tags
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 81b13a2ba..c71255846 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -35,7 +35,7 @@ jobs:
           ref: main
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21
       - name: Install some tools
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 1004b3f68..cda2bcd9e 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b76c7ff9e..763e0d5f6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Fetch all tags
         run: git fetch --force --tags
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21
       - name: Setup QEMU
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2ae32b4ba..0cf00d523 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
       - uses: actions/setup-node@v4
@@ -138,7 +138,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
       - uses: actions/cache@v3

From b73c07860795269a11d0328863d77ffdbdf31c2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:09:42 +0100
Subject: [PATCH 1877/2268] chore(deps): Bump github.com/docker/cli (#917)

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Commits](https://github.com/docker/cli/compare/v24.0.6...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1b7457b04..122b3b1c2 100644
--- a/go.mod
+++ b/go.mod
@@ -65,7 +65,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
-	github.com/docker/cli v24.0.6+incompatible
+	github.com/docker/cli v24.0.7+incompatible
 	github.com/evanphx/json-patch/v5 v5.7.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
diff --git a/go.sum b/go.sum
index 066f152cd..f9b3355fc 100644
--- a/go.sum
+++ b/go.sum
@@ -231,8 +231,8 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
-github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY=
-github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
+github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE=

From 1947c2d72eb69200425d441f111578a6e2d4201d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:09:56 +0100
Subject: [PATCH 1878/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#916)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 122b3b1c2..92b16f6a0 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.15.5
 	github.com/gobwas/glob v0.2.3
-	github.com/google/go-containerregistry v0.16.1
+	github.com/google/go-containerregistry v0.17.0
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
diff --git a/go.sum b/go.sum
index f9b3355fc..f6fa950f1 100644
--- a/go.sum
+++ b/go.sum
@@ -413,8 +413,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
-github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/google/go-containerregistry v0.17.0 h1:5p+zYs/R4VGHkhyvgWurWrpJ2hW4Vv9fQI+GzdcwXLk=
+github.com/google/go-containerregistry v0.17.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 38956860598969a39174cf27cfd64f37e1969a25 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:10:05 +0100
Subject: [PATCH 1879/2268] chore(deps): Bump the k8s-io group with 2 updates
 (#915)

Bumps the k8s-io group with 2 updates: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `k8s.io/api` from 0.28.3 to 0.28.4
- [Commits](https://github.com/kubernetes/api/compare/v0.28.3...v0.28.4)

Updates `k8s.io/client-go` from 0.28.3 to 0.28.4
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.28.3...v0.28.4)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 92b16f6a0..b5c712627 100644
--- a/go.mod
+++ b/go.mod
@@ -40,10 +40,10 @@ require (
 	golang.org/x/term v0.14.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.1
-	k8s.io/api v0.28.3
+	k8s.io/api v0.28.4
 	k8s.io/apiextensions-apiserver v0.28.3
-	k8s.io/apimachinery v0.28.3
-	k8s.io/client-go v0.28.3
+	k8s.io/apimachinery v0.28.4
+	k8s.io/client-go v0.28.4
 	k8s.io/klog/v2 v2.110.1
 	sigs.k8s.io/kustomize/kyaml v0.15.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
diff --git a/go.sum b/go.sum
index f6fa950f1..0885cc225 100644
--- a/go.sum
+++ b/go.sum
@@ -1232,18 +1232,18 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
-k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
+k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
+k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
 k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
 k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
-k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
-k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
+k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
+k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
 k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w=
 k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM=
 k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk=
 k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA=
-k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
-k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
+k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
+k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
 k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI=
 k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=

From 0a317a97e7ead26acf261cc6469ea036a2cedaaa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 09:10:14 +0100
Subject: [PATCH 1880/2268] chore(deps): Bump the azure-sdk group with 1 update
 (#914)

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).

- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.9.0...sdk/azcore/v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index b5c712627..f96d0a5d9 100644
--- a/go.mod
+++ b/go.mod
@@ -33,11 +33,11 @@ require (
 	github.com/spf13/viper v1.17.0
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.15.0
-	golang.org/x/net v0.17.0
+	golang.org/x/crypto v0.16.0
+	golang.org/x/net v0.19.0
 	golang.org/x/sync v0.4.0
-	golang.org/x/sys v0.14.0
-	golang.org/x/term v0.14.0 // indirect
+	golang.org/x/sys v0.15.0
+	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.1
 	k8s.io/api v0.28.4
@@ -52,7 +52,7 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.11.4
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.24.0
@@ -102,7 +102,7 @@ require (
 	cloud.google.com/go/kms v1.15.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 0885cc225..f5a35cb5e 100644
--- a/go.sum
+++ b/go.sum
@@ -54,12 +54,12 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
@@ -838,8 +838,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -920,8 +920,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1002,16 +1002,16 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
-golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From be29d7d6bbc2f4928677ddc486ba2c5ef095abba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Dec 2023 10:00:54 +0100
Subject: [PATCH 1881/2268] chore(deps): Bump the golang-x group with 2 updates
 (#919)

Bumps the golang-x group with 2 updates: [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/sync` from 0.4.0 to 0.5.0
- [Commits](https://github.com/golang/sync/compare/v0.4.0...v0.5.0)

Updates `golang.org/x/oauth2` from 0.13.0 to 0.15.0
- [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index f96d0a5d9..774022de8 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.16.0
 	golang.org/x/net v0.19.0
-	golang.org/x/sync v0.4.0
+	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.15.0
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
@@ -83,7 +83,7 @@ require (
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	golang.org/x/oauth2 v0.13.0
+	golang.org/x/oauth2 v0.15.0
 	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
diff --git a/go.sum b/go.sum
index f5a35cb5e..4f8c816ff 100644
--- a/go.sum
+++ b/go.sum
@@ -931,8 +931,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -946,8 +946,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From 45d0779153ec37be33698dd5e27f38538fc46b7d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Dec 2023 14:52:22 +0100
Subject: [PATCH 1882/2268] fix: Allow to retry with force-replace when
 conflict resolution fails (#920)

---
 pkg/deployment/utils/apply_utils.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 48c05dcab..838e397ac 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -329,12 +329,11 @@ func (a *ApplyUtil) retryApplyWithConflicts(x *uo.UnstructuredObject, hook bool,
 	}
 	r, apiWarnings, err := a.k.ApplyObject(x2, options)
 	a.handleApiWarnings(ref, apiWarnings)
-	if err != nil {
-		// We didn't manage to solve it, better to abort (and not retry with replace!)
-		a.HandleError(ref, err)
-		return
+	if err == nil {
+		a.handleResult(r, hook)
+	} else {
+		a.retryApplyForceReplace(x, hook, remoteObject, err)
 	}
-	a.handleResult(r, hook)
 }
 
 func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bool) {

From 36a74e91a06bf234a1059993b039b46d55ccb464 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Dec 2023 14:52:32 +0100
Subject: [PATCH 1883/2268] feat: Introduce the kluctl.io/force-managed
 annotation (#921)

---
 docs/kluctl/deployments/annotations/all-resources.md | 4 ++++
 pkg/deployment/utils/delete_utils.go                 | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index c492749cc..28591814d 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -70,6 +70,10 @@ This tag is especially useful and required on resources that would otherwise cau
 do not match the specified inclusion/exclusion tags. Namespaces are the most prominent example of such resources, as
 they most likely don't match exclusion tags, but cascaded deletion would still cause deletion of the excluded resources.
 
+### kluctl.io/force-managed
+If set to "true", Kluctl will always treat the annotated resource as being managed by Kluctl, meaning that it will
+consider it for deletion and pruning even if a foreign field manager resets/removes the Kluctl field manager.
+
 ## Control diff behavior
 
 The following annotations control how diffs are performed.
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 546d20544..54ee07b5d 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -122,7 +122,7 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 				break
 			}
 		}
-		if !found {
+		if !found && !o.GetK8sAnnotationBoolNoError("kluctl.io/force-managed", false) {
 			// This object is not managed by kluctl, so we shouldn't delete it
 			continue
 		}

From 191b7bb5e4e664b3fc1f64c6c7b191a6d9560052 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 12 Dec 2023 16:15:41 +0100
Subject: [PATCH 1884/2268] chore: Upgrade go-jinja2 and all other dependencies
 (#922)

* chore: Upgrade go-jinja2 to v0.0.0-20231212133626-a0ab9d228150

* chore: Run go get -u ./...

* tests: Fix helm tests
---
 e2e/helm_test.go |   4 +-
 go.mod           | 148 +++++------
 go.sum           | 658 +++++++++++------------------------------------
 3 files changed, 230 insertions(+), 580 deletions(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 949fe2cb2..dc0ec2268 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -150,7 +150,7 @@ var helmTests = []helmTestCase{
 	{
 		name: "oci-creds-missing", oci: true, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "401 Unauthorized",
+		expectedError: "no basic auth credentials",
 	},
 	{
 		name: "oci-creds-invalid", oci: true, testAuth: true,
@@ -164,7 +164,7 @@ var helmTests = []helmTestCase{
 	{
 		name: "oci-creds-missing-path", oci: true, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart2", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "401 Unauthorized",
+		expectedError: "no basic auth credentials",
 	},
 	{
 		name: "oci-creds-invalid-path", oci: true, testAuth: true,
diff --git a/go.mod b/go.mod
index 774022de8..38ab5d1f1 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.24.4
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/go-playground/validator/v10 v10.15.5
+	github.com/go-playground/validator/v10 v10.16.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.17.0
 	github.com/hashicorp/vault/api v1.10.0
@@ -17,20 +17,20 @@ require (
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2
-	github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2
+	github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1
+	github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.20.2
+	github.com/ohler55/ojg v1.20.3
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.11.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.17.0
+	github.com/spf13/viper v1.18.1
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.16.0
@@ -39,13 +39,13 @@ require (
 	golang.org/x/sys v0.15.0
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
-	helm.sh/helm/v3 v3.13.1
+	helm.sh/helm/v3 v3.13.2
 	k8s.io/api v0.28.4
-	k8s.io/apiextensions-apiserver v0.28.3
+	k8s.io/apiextensions-apiserver v0.28.4
 	k8s.io/apimachinery v0.28.4
 	k8s.io/client-go v0.28.4
 	k8s.io/klog/v2 v2.110.1
-	sigs.k8s.io/kustomize/kyaml v0.15.0
+	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )
 
@@ -70,7 +70,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
-	github.com/go-git/go-git/v5 v5.10.0
+	github.com/go-git/go-git/v5 v5.11.0
 	github.com/go-logr/logr v1.3.0
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.4.0
@@ -84,22 +84,22 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.15.0
-	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b
-	google.golang.org/grpc v1.59.0
+	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
+	google.golang.org/grpc v1.60.0
 	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.16.3
-	sigs.k8s.io/kustomize/api v0.15.0
-	sigs.k8s.io/yaml v1.3.0
+	sigs.k8s.io/kustomize/api v0.16.0
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.3 // indirect
-	cloud.google.com/go/kms v1.15.3 // indirect
+	cloud.google.com/go/iam v1.1.5 // indirect
+	cloud.google.com/go/kms v1.15.5 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
@@ -114,10 +114,9 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.11.0 // indirect
+	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
-	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
@@ -125,29 +124,29 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
-	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
 	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
 	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
 	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
-	github.com/bytedance/sonic v1.10.0 // indirect
+	github.com/bytedance/sonic v1.10.2 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
-	github.com/chenzhuoyu/iasm v0.9.0 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/containerd/containerd v1.7.6 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/chenzhuoyu/iasm v0.9.1 // indirect
+	github.com/cloudflare/circl v1.3.6 // indirect
+	github.com/containerd/containerd v1.7.11 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/docker v24.0.6+incompatible // indirect
+	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -158,19 +157,19 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.15.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/fatih/color v1.16.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-errors/errors v1.4.2 // indirect
+	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-logr/zapr v1.2.4 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.4 // indirect
@@ -178,7 +177,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
@@ -190,21 +189,21 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/gorilla/context v1.1.1 // indirect
+	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
-	github.com/gorilla/sessions v1.2.1 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/sessions v1.2.2 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -214,8 +213,8 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -224,7 +223,7 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/miekg/dns v1.1.55 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -241,29 +240,29 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/skeema/knownhosts v1.2.0 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.10.0 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.6 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/urfave/cli v1.22.14 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
@@ -275,34 +274,35 @@ require (
 	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.25.0 // indirect
-	golang.org/x/arch v0.4.0 // indirect
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/arch v0.6.0 // indirect
+	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.16.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.149.0 // indirect
+	google.golang.org/api v0.153.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 // indirect
+	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.28.3 // indirect
-	k8s.io/cli-runtime v0.28.2 // indirect
-	k8s.io/component-base v0.28.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect
-	k8s.io/kubectl v0.28.2 // indirect
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	k8s.io/apiserver v0.28.4 // indirect
+	k8s.io/cli-runtime v0.28.4 // indirect
+	k8s.io/component-base v0.28.4 // indirect
+	k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
+	k8s.io/kubectl v0.28.4 // indirect
+	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 4f8c816ff..b14236f4e 100644
--- a/go.sum
+++ b/go.sum
@@ -1,55 +1,18 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
-cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
-cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
+cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
+cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc=
-cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
-cloud.google.com/go/kms v1.15.3 h1:RYsbxTRmk91ydKCzekI2YjryO4c5Y2M80Zwcs9/D/cI=
-cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
+cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
+cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM=
+cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI=
 cloud.google.com/go/secretmanager v1.11.4 h1:krnX9qpG2kR2fJ+u+uNyNo+ACVhplIAS4Pu7u+4gd+k=
 cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
@@ -77,7 +40,6 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
@@ -94,8 +56,8 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM=
-github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
+github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
+github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
@@ -104,18 +66,14 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
-github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
 github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
 github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
@@ -124,10 +82,8 @@ github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuT
 github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
@@ -138,8 +94,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
+github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
+github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 h1:qYi/BfDrWXZxlmRjlKCyFmtI4HKJwW8OKDKhKRAOZQI=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
@@ -148,17 +104,12 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsY
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
-github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
-github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bitnami-labs/sealed-secrets v0.24.4 h1:ssJRQ+dtvmP+0AMzAstNgLivqwnP0TtjddFplSOhDJs=
@@ -176,8 +127,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
-github.com/bytedance/sonic v1.10.0 h1:qtNZduETEIWJVIyDl01BeNxur2rW9OwTQ/yBqFRkKEk=
-github.com/bytedance/sonic v1.10.0/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/bytedance/sonic v1.10.2 h1:GQebETVBxYB7JGWJtLBi07OVzWwt+8dWA00gEVW2ZFE=
+github.com/bytedance/sonic v1.10.2/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
@@ -191,29 +142,29 @@ github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
-github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
 github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/chenzhuoyu/iasm v0.9.1 h1:tUHQJXo3NhBqw6s33wkGn9SP3bvrWLdlVIJ3hQBL7P0=
+github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg=
+github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
-github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4=
+github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw=
+github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
 github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo=
 github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
@@ -235,8 +186,8 @@ github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1x
 github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE=
-github.com/docker/docker v24.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
+github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
@@ -258,8 +209,6 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -267,20 +216,19 @@ github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0n
 github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
 github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
-github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
-github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/FlgqECyS5ywq8cSN9j1fwZg6uyZ7G0B0=
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
@@ -293,19 +241,16 @@ github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
-github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
-github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
+github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.10.0 h1:F0x3xXrAWmhwtzoCokU4IMPcBdncG+HAAqi9FcOOjbQ=
-github.com/go-git/go-git/v5 v5.10.0/go.mod h1:1FOZ/pQnqw24ghP2n7cunVl0ON55BsjPYvhWHvZGhoo=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
+github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
@@ -314,13 +259,12 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
-github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
 github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
@@ -335,8 +279,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.15.5 h1:LEBecTWb/1j5TNY1YYG2RcOUN3R7NLylN+x8TTueE24=
-github.com/go-playground/validator/v10 v10.15.5/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
+github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -357,34 +301,22 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -392,8 +324,6 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
@@ -402,14 +332,9 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -420,22 +345,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -446,21 +357,18 @@ github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
-github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
-github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
@@ -476,22 +384,18 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
 github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
-github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
+github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
-github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
-github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I=
+github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -503,8 +407,6 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
@@ -526,8 +428,6 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
 github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
@@ -535,18 +435,17 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
+github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
-github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2 h1:K96SwIr8MzBQ3kFFz2H/pA2y+EEk04vZ4fWj/YZghBU=
-github.com/kluctl/go-embed-python v0.0.0-3.10.9-20230206-2/go.mod h1:vzngsPshNKUtq0gxkYQKNJafrcH7Qy7Qt6yGNt7JmQI=
-github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2 h1:PvJ+c944vAYt+DmlCpYMQ+/ZUtfMA7BaUj+r3e/RX3E=
-github.com/kluctl/go-jinja2 v0.0.0-20230828163747-df21eb5fbda2/go.mod h1:yIf5kSdssmZghhQZPG0XcM6nXtvuV+K4Ag8ijMyHnfM=
+github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
+github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1 h1:L+ZH/eN5gE7eh3BTye/Z8td8YjbhEs6hzybVByz2twQ=
+github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1/go.mod h1:2/V+QZL7VyhTXtKHorARyA7UYOizVV37M8kkXMEk+Kg=
+github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150 h1:Iz6c78GzlaRhazmV9rO10+bxk8Nh+v3aAZ60ulnGKPs=
+github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150/go.mod h1:7FmUmt2zgHJfJE82ZNY/AHNGsGdyHBaF3OA12r4Zj+8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -579,12 +478,8 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY
 github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
 github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
-github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -594,20 +489,17 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f h1:2+myh5ml7lgEU/51gbeLHfKGNfgEQQIWrlbdaOsidbQ=
@@ -637,8 +529,8 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/ohler55/ojg v1.20.2 h1:ragZXnawcsq/knqIHaflvIX/8RzzAKMZSluAZAz+RFs=
-github.com/ohler55/ojg v1.20.2/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.20.3 h1:Z+fnElsA/GbI5oiT726qJaG4Ca9q5l7UO68Qd0PtkD4=
+github.com/ohler55/ojg v1.20.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
 github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
 github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
@@ -655,8 +547,8 @@ github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
-github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
+github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -666,14 +558,11 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
 github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -684,34 +573,32 @@ github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+L
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
 github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
-github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
@@ -723,21 +610,21 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
-github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
+github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
+github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
-github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
-github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
-github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
+github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM=
+github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -764,8 +651,8 @@ github.com/tkrajina/typescriptify-golang-structs v0.1.11 h1:zEIVczF/iWgs4eTY7NQq
 github.com/tkrajina/typescriptify-golang-structs v0.1.11/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
-github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
 github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
@@ -783,11 +670,8 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
@@ -795,126 +679,64 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
-go.starlark.net v0.0.0-20230814145427-12f4cb8177e4 h1:Ydko8M6UfXgvSpGOnbAjRMQDIvBheUsjBjkm6Azcpf4=
-go.starlark.net v0.0.0-20230814145427-12f4cb8177e4/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
+go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
-go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.4.0 h1:A8WCeEWhLwPBKNbFi5Wv5UTCBx5zzubnXDlMOFAzFMc=
-golang.org/x/arch v0.4.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.6.0 h1:S0JTfE48HbRj80+4tbvZDYsJ3tGv6BUU3XxyZ7CirAc=
+golang.org/x/arch v0.6.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
 golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
+golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
@@ -923,73 +745,29 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
 golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -997,7 +775,6 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1006,18 +783,14 @@ golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
@@ -1026,161 +799,49 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
+golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
-google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
+google.golang.org/api v0.153.0 h1:N1AwGhielyKFaUqH07/ZSIQR3uNPcV7NVw0vj+j4iR4=
+google.golang.org/api v0.153.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
+google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
+google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 h1:kzJAXnzZoFbe5bhZd4zjUuHos/I31yH4thfMb/13oVY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k=
+google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1189,7 +850,6 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
@@ -1197,13 +857,11 @@ google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk=
-gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
+gopkg.in/evanphx/json-patch.v5 v5.7.0 h1:dGKGylPlZ/jus2g1YqhhyzfH0gPy2R8/MYUpW/OslTY=
+gopkg.in/evanphx/json-patch.v5 v5.7.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
@@ -1223,57 +881,49 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.13.1 h1:DG+XLGzBJeZvMLlMbm6bPDLV1dGaVW9eZsDoUd1/LM0=
-helm.sh/helm/v3 v3.13.1/go.mod h1:TdQRMiq46CSWcc68Hb0uVhvAWusaN90YwAV54cz6JzU=
+helm.sh/helm/v3 v3.13.2 h1:IcO9NgmmpetJODLZhR3f3q+6zzyXVKlRizKFwbi7K8w=
+helm.sh/helm/v3 v3.13.2/go.mod h1:GIHDwZggaTGbedevTlrQ6DB++LBN6yuQdeGj0HNaDx0=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
 k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
-k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
-k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
+k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU=
+k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM=
 k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
 k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
-k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w=
-k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM=
-k8s.io/cli-runtime v0.28.2 h1:64meB2fDj10/ThIMEJLO29a1oujSm0GQmKzh1RtA/uk=
-k8s.io/cli-runtime v0.28.2/go.mod h1:bTpGOvpdsPtDKoyfG4EG041WIyFZLV9qq4rPlkyYfDA=
+k8s.io/apiserver v0.28.4 h1:BJXlaQbAU/RXYX2lRz+E1oPe3G3TKlozMMCZWu5GMgg=
+k8s.io/apiserver v0.28.4/go.mod h1:Idq71oXugKZoVGUUL2wgBCTHbUR+FYTWa4rq9j4n23w=
+k8s.io/cli-runtime v0.28.4 h1:IW3aqSNFXiGDllJF4KVYM90YX4cXPGxuCxCVqCD8X+Q=
+k8s.io/cli-runtime v0.28.4/go.mod h1:MLGRB7LWTIYyYR3d/DOgtUC8ihsAPA3P8K8FDNIqJ0k=
 k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
 k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
-k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI=
-k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8=
+k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo=
+k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
-k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 h1:CAIciCnJnSOQxPd0xvpV6JU3D4AJvnYbImPpFpO9Hnw=
-k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
-k8s.io/kubectl v0.28.2 h1:fOWOtU6S0smdNjG1PB9WFbqEIMlkzU5ahyHkc7ESHgM=
-k8s.io/kubectl v0.28.2/go.mod h1:6EQWTPySF1fn7yKoQZHYf9TPwIl2AygHEcJoxFekr64=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
+k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
+k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ=
+k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c=
+k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
+k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=
 nhooyr.io/websocket v1.8.10/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
 sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
 sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.15.0 h1:6Ca88kEOBVotHDw+y2IsIMYtg9Pvv7MKpW9JMyF/OH4=
-sigs.k8s.io/kustomize/api v0.15.0/go.mod h1:p19kb+E14gN7zcIBR/nhByJDAfUa7N8mp6ZdH/mMXbg=
-sigs.k8s.io/kustomize/kyaml v0.15.0 h1:ynlLMAxDhrY9otSg5GYE2TcIz31XkGZ2Pkj7SdolD84=
-sigs.k8s.io/kustomize/kyaml v0.15.0/go.mod h1:+uMkBahdU1KNOj78Uta4rrXH+iH7wvg+nW7+GULvREA=
+sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g=
+sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c=
+sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0=
+sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From cca33f73d1c014bfb0f924258e8f8827bb68b926 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Dec 2023 10:18:15 +0100
Subject: [PATCH 1885/2268] chore(deps): Bump github.com/google/uuid from 1.4.0
 to 1.5.0 (#923)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 38ab5d1f1..2a01a7300 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/go-git/go-git/v5 v5.11.0
 	github.com/go-logr/logr v1.3.0
 	github.com/google/gops v0.3.28
-	github.com/google/uuid v1.4.0
+	github.com/google/uuid v1.5.0
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
diff --git a/go.sum b/go.sum
index b14236f4e..0ccd63267 100644
--- a/go.sum
+++ b/go.sum
@@ -353,8 +353,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=

From ff948ce125faa31959182e7f5b0c3d5dca8f6961 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Dec 2023 15:55:08 +0100
Subject: [PATCH 1886/2268] chore(deps): Bump helm.sh/helm/v3 from 3.13.2 to
 3.13.3 (#928)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.13.2 to 3.13.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.13.2...v3.13.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2a01a7300..dc60f7dc9 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,7 @@ require (
 	golang.org/x/sys v0.15.0
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
-	helm.sh/helm/v3 v3.13.2
+	helm.sh/helm/v3 v3.13.3
 	k8s.io/api v0.28.4
 	k8s.io/apiextensions-apiserver v0.28.4
 	k8s.io/apimachinery v0.28.4
diff --git a/go.sum b/go.sum
index 0ccd63267..84b76a3e5 100644
--- a/go.sum
+++ b/go.sum
@@ -881,8 +881,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.13.2 h1:IcO9NgmmpetJODLZhR3f3q+6zzyXVKlRizKFwbi7K8w=
-helm.sh/helm/v3 v3.13.2/go.mod h1:GIHDwZggaTGbedevTlrQ6DB++LBN6yuQdeGj0HNaDx0=
+helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY=
+helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=

From 69b63a6c9293262f5ecc649ff7a34eadfb617490 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Dec 2023 15:55:33 +0100
Subject: [PATCH 1887/2268] chore(deps): Bump github.com/rogpeppe/go-internal
 from 1.11.0 to 1.12.0 (#926)

Bumps [github.com/rogpeppe/go-internal](https://github.com/rogpeppe/go-internal) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/rogpeppe/go-internal/releases)
- [Commits](https://github.com/rogpeppe/go-internal/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/rogpeppe/go-internal
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index dc60f7dc9..4fe201acb 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/ohler55/ojg v1.20.3
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.11.0
+	github.com/rogpeppe/go-internal v1.12.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
diff --git a/go.sum b/go.sum
index 84b76a3e5..81abdf68d 100644
--- a/go.sum
+++ b/go.sum
@@ -589,8 +589,8 @@ github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
 github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=

From 5662cf24e8df9246437d21d9a88f1af86791f35a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Dec 2023 10:45:03 +0100
Subject: [PATCH 1888/2268] chore(deps): Bump the k8s-io group with 2 updates
 (#925)

* chore(deps): Bump the k8s-io group with 2 updates

Bumps the k8s-io group with 2 updates: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver).


Updates `k8s.io/api` from 0.28.4 to 0.29.0
- [Commits](https://github.com/kubernetes/api/compare/v0.28.4...v0.29.0)

Updates `k8s.io/apiextensions-apiserver` from 0.28.4 to 0.29.0
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.28.4...v0.29.0)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Upgrade k8s.io/kubectl to v0.29.0

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 go.mod | 18 ++++++++++--------
 go.sum | 36 ++++++++++++++++++++----------------
 2 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/go.mod b/go.mod
index 4fe201acb..0715fc096 100644
--- a/go.mod
+++ b/go.mod
@@ -40,10 +40,10 @@ require (
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
-	k8s.io/api v0.28.4
-	k8s.io/apiextensions-apiserver v0.28.4
-	k8s.io/apimachinery v0.28.4
-	k8s.io/client-go v0.28.4
+	k8s.io/api v0.29.0
+	k8s.io/apiextensions-apiserver v0.29.0
+	k8s.io/apimachinery v0.29.0
+	k8s.io/client-go v0.29.0
 	k8s.io/klog/v2 v2.110.1
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
@@ -194,6 +194,7 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.2.2 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -237,6 +238,7 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.6 // indirect
@@ -297,11 +299,11 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.28.4 // indirect
-	k8s.io/cli-runtime v0.28.4 // indirect
-	k8s.io/component-base v0.28.4 // indirect
+	k8s.io/apiserver v0.29.0 // indirect
+	k8s.io/cli-runtime v0.29.0 // indirect
+	k8s.io/component-base v0.29.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
-	k8s.io/kubectl v0.28.4 // indirect
+	k8s.io/kubectl v0.29.0 // indirect
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
 	oras.land/oras-go v1.2.4 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index 81abdf68d..e4c543ca7 100644
--- a/go.sum
+++ b/go.sum
@@ -370,6 +370,8 @@ github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pw
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
@@ -529,6 +531,8 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.20.3 h1:Z+fnElsA/GbI5oiT726qJaG4Ca9q5l7UO68Qd0PtkD4=
 github.com/ohler55/ojg v1.20.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
 github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
@@ -885,26 +889,26 @@ helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY=
 helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
-k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
-k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU=
-k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM=
-k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
-k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
-k8s.io/apiserver v0.28.4 h1:BJXlaQbAU/RXYX2lRz+E1oPe3G3TKlozMMCZWu5GMgg=
-k8s.io/apiserver v0.28.4/go.mod h1:Idq71oXugKZoVGUUL2wgBCTHbUR+FYTWa4rq9j4n23w=
-k8s.io/cli-runtime v0.28.4 h1:IW3aqSNFXiGDllJF4KVYM90YX4cXPGxuCxCVqCD8X+Q=
-k8s.io/cli-runtime v0.28.4/go.mod h1:MLGRB7LWTIYyYR3d/DOgtUC8ihsAPA3P8K8FDNIqJ0k=
-k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
-k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
-k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo=
-k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU=
+k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A=
+k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA=
+k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
+k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
+k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o=
+k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis=
+k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o=
+k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM=
+k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4=
+k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk=
+k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8=
+k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38=
+k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s=
+k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
-k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ=
-k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c=
+k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI=
+k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=

From 36203f9d80245e61e38ade552bfc9d2d56a2642b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Jan 2024 10:44:51 +0100
Subject: [PATCH 1889/2268] fix: Use SetOne when setting value to targetPath

---
 pkg/utils/uo/jsonpath.go | 4 ++++
 pkg/vars/vars_loader.go  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index e21876c7f..a1918e8fe 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -150,3 +150,7 @@ func (j *MyJsonPath) Del(o *UnstructuredObject) error {
 func (j *MyJsonPath) Set(o *UnstructuredObject, v any) error {
 	return j.exp.Set(o.Object, v)
 }
+
+func (j *MyJsonPath) SetOne(o *UnstructuredObject, v any) error {
+	return j.exp.SetOne(o.Object, v)
+}
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index e3bc3ffa2..789224826 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -419,7 +419,7 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 			return doError(err)
 		}
 		newVars := uo.New()
-		err = p.Set(newVars, parsed)
+		err = p.SetOne(newVars, parsed)
 		if err != nil {
 			return doError(err)
 		}

From 6e3b8753fe63e900bb803dcc808eca3ae916f70f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Jan 2024 10:45:45 +0100
Subject: [PATCH 1890/2268] feat: Implement clusterObject vars source

---
 docs/kluctl/templating/variable-sources.md    |  90 +++++
 pkg/types/k8s/ref.go                          |  14 +
 pkg/types/vars_source.go                      |  28 ++
 pkg/vars/vars_loader.go                       | 147 +++++++-
 pkg/vars/vars_loader_test.go                  | 339 ++++++++++++++++++
 .../command-result/nodes/VarsSourceNode.tsx   |  15 +-
 pkg/webui/ui/src/models.ts                    |  28 ++
 7 files changed, 652 insertions(+), 9 deletions(-)

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 90f442406..7884ef7f7 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -202,6 +202,96 @@ vars:
 ### clusterSecret
 Same as clusterConfigMap, but for secrets.
 
+### clusterObject
+Retrieves an arbitrary Kubernetes object from the target's cluster and loads the specified content under `path` into the
+templating context. The content can either be interpreted as is or interpreted and loaded as yaml text. In both cases,
+rendering with the current context (without the newly introduced variables) can also be enabled.
+
+`targetPath` must also be specified to configure under which sub-keys the new variables should be loaded.
+
+The referred Kubernetes object must already exist while the Kluctl project is loaded, meaning that it is not possible to use
+an object that is deployed as part of the Kluctl project itself. The exception to this is when you use `ignoreMissing: true`
+and properly handle the missing case inside your templating (an example can be found further down).
+
+Objects can either be referred to by `name` or by `labels`. In case of `labels`, Kluctl assumes that only a single object
+matches. If multiple object are expected to match, `list: true` must also be passed, in which case the result loaded
+into `targetPath` will be a list of objects instead of a single object. 
+
+Assume the following object to be already deployed to the target cluster:
+```yaml
+apiVersion: some.group/v1
+kind: SomeObject
+metadata:
+  name: my-object
+  namespace: my-namespace
+spec:
+  ...
+status:
+  my-status: all-good
+```
+
+This object can be loaded via:
+
+```yaml
+vars:
+  - clusterObject:
+      kind: SomeObject
+      name: my-object
+      namespace: my-namespace
+      path: status
+      targetPath: my.custom.object.status
+```
+
+The following properties are supported for clusterObject sources:
+
+##### kind (required)
+The object kind. Kluctl will try to find the matching Kubernetes resource for this kind, which might either be a native
+API resource or a custom resource. If multiple resources match, `apiVersion` must also be specified.
+
+##### apiVersion (optional)
+The apiVersion of the object. This field is only required if `kind` is not enough to identify the underlying API resource.
+
+##### namespace (required)
+The namespace from which to load the object.
+
+##### name (optional)
+The name of the object. If specified, the object with the given name must exist (`ignoreMissing: true` can override this).
+
+Can be omitted when `labels` is specified.
+
+##### labels (optional)
+Specifies one or multiple labels to match. If specified, `name` is not allowed.
+
+By default, assumes and requires (unless `ignoreMissing: true` is set) that only one object matches. If multiple objects
+are assumed to match, set `list: true` as well, in which case the result will be a list as well.
+
+##### list (optional)
+If set to `true`, the result will be a list with one or more elements.
+
+##### path (required)
+Specifies a [JSON path](https://goessner.net/articles/JsonPath/) to be used to load a sub-key from the matching object(s).
+Use `$` to load the whole object. To load a single field, use something like `status.my.field`. To load a whole
+sub-dict/sub-object or sub-list, use something like `status.conditions`.
+
+The specified JSON path is only allowed to result in a single match.
+
+##### render (optional)
+If set to `true`, Kluctl will render the resulting object(s) with the current templating context (excluding the newly
+loaded variables). Rendering happens on the values of individual fields of the resulting object(s). When `parseYaml: true`
+is specified as well, rendering happens before parsing the YAML string.
+
+##### parseYaml (optional)
+Instructs Kluctl to treat the value found at `path` as a YAML string. The value must be of type string. Kluctl will parse
+the string as YAML and use the resulting YAML value (which can be a simple int/float/bool or a complex list/dict) as the
+result and store it in `targetPath`. When `render: true` is specified as well, the YAML string is rendered before parsing
+happens.
+
+##### targetPath (required)
+Specifies a [JSON path](https://goessner.net/articles/JsonPath/) to be used as the target path in the new templating
+context.
+
+Only simple pathes are supported that do not contain wildcards or lists.
+
 ### http
 The http variables source allows to load variables from an arbitrary HTTP resource by performing a GET (or any other
 configured HTTP method) on the URL. Example:
diff --git a/pkg/types/k8s/ref.go b/pkg/types/k8s/ref.go
index 478e2bc42..e1b1e4b6b 100644
--- a/pkg/types/k8s/ref.go
+++ b/pkg/types/k8s/ref.go
@@ -26,6 +26,20 @@ func (r ObjectRef) String() string {
 	}
 }
 
+func (r ObjectRef) Less(o ObjectRef) bool {
+	if r.Group != o.Group {
+		return r.Group < o.Group
+	} else if r.Version != o.Version {
+		return r.Version < o.Version
+	} else if r.Kind != o.Kind {
+		return r.Kind < o.Kind
+	} else if r.Namespace != o.Namespace {
+		return r.Namespace < o.Namespace
+	} else {
+		return r.Name < o.Name
+	}
+}
+
 func (r ObjectRef) GroupVersionKind() schema.GroupVersionKind {
 	return schema.GroupVersionKind{
 		Group:   r.Group,
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 54fefd501..7f16e30fa 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -31,6 +31,32 @@ func ValidateVarsSourceClusterConfigMapOrSecret(sl validator.StructLevel) {
 	}
 }
 
+type VarsSourceClusterObject struct {
+	Kind       string `json:"kind" validate:"required"`
+	ApiVersion string `json:"apiVersion,omitempty"`
+
+	Namespace string `json:"namespace" validate:"required"`
+
+	Name   string            `json:"name,omitempty"`
+	Labels map[string]string `json:"labels,omitempty"`
+	List   bool              `json:"list,omitempty"`
+
+	Path       string `json:"path" validate:"required"`
+	Render     bool   `json:"render,omitempty"`
+	ParseYaml  bool   `json:"parseYaml,omitempty"`
+	TargetPath string `json:"targetPath" validate:"required"`
+}
+
+func ValidateVarsSourceClusterObject(sl validator.StructLevel) {
+	s := sl.Current().Interface().(VarsSourceClusterObject)
+
+	if s.Name == "" && len(s.Labels) == 0 {
+		sl.ReportError(s, "self", "self", "either name or labels must be set", "")
+	} else if s.Name != "" && len(s.Labels) != 0 {
+		sl.ReportError(s, "self", "self", "only one of name or labels can be set", "")
+	}
+}
+
 type VarsSourceHttp struct {
 	Url      YamlUrl           `json:"url,omitempty" validate:"required"`
 	Method   *string           `json:"method,omitempty"`
@@ -75,6 +101,7 @@ type VarsSource struct {
 	Git               *VarsSourceGit                      `json:"git,omitempty"`
 	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `json:"clusterConfigMap,omitempty"`
 	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `json:"clusterSecret,omitempty"`
+	ClusterObject     *VarsSourceClusterObject            `json:"clusterObject,omitempty"`
 	SystemEnvVars     *uo.UnstructuredObject              `json:"systemEnvVars,omitempty"`
 	Http              *VarsSourceHttp                     `json:"http,omitempty"`
 	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty"`
@@ -113,5 +140,6 @@ func ValidateVarsSource(sl validator.StructLevel) {
 
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateVarsSourceClusterConfigMapOrSecret, VarsSourceClusterConfigMapOrSecret{})
+	yaml.Validator.RegisterStructValidation(ValidateVarsSourceClusterObject, VarsSourceClusterObject{})
 	yaml.Validator.RegisterStructValidation(ValidateVarsSource, VarsSource{})
 }
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 789224826..8896d14a8 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -23,8 +23,10 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"os"
+	"sort"
 	"strings"
 )
 
@@ -114,9 +116,12 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 	} else if source.Git != nil {
 		newVars, sensitive, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
-		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
+		newVars, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
-		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
+		newVars, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
+		sensitive = true
+	} else if source.ClusterObject != nil {
+		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterObject, ignoreMissing)
 		sensitive = true
 	} else if source.SystemEnvVars != nil {
 		newVars, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
@@ -335,7 +340,7 @@ func (v *VarsLoader) loadGit(ctx context.Context, varsCtx *VarsCtx, gitFile *typ
 	return v.loadFile(varsCtx, gitFile.Path, ignoreMissing, []string{clonedDir})
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, ignoreMissing bool, base64Decode bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadFromK8sConfigMapOrSecret(varsCtx *VarsCtx, varsSource types.VarsSourceClusterConfigMapOrSecret, kind string, ignoreMissing bool, base64Decode bool) (*uo.UnstructuredObject, error) {
 	if v.k == nil {
 		return nil, fmt.Errorf("loading vars from cluster is disabled")
 	}
@@ -427,6 +432,142 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 	}
 }
 
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterObject, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+	if v.k == nil {
+		return nil, fmt.Errorf("loading vars from cluster is disabled")
+	}
+
+	var err error
+
+	var gvk schema.GroupVersionKind
+	if varsSource.ApiVersion != "" {
+		gv, err := schema.ParseGroupVersion(varsSource.ApiVersion)
+		if err != nil {
+			return nil, err
+		}
+		gvk.Kind = varsSource.Kind
+		gvk.Group = gv.Group
+		gvk.Version = gv.Version
+	} else {
+		gvks, err := v.k.GetFilteredPreferredGVKs(func(ar *metav1.APIResource) bool {
+			return ar.Kind == varsSource.Kind
+		})
+		if err != nil {
+			return nil, err
+		}
+		if len(gvks) == 0 {
+			return nil, fmt.Errorf("no matching resource found for kind %s", varsSource.Kind)
+		}
+		if len(gvks) != 1 {
+			return nil, fmt.Errorf("more then one matching resources found for kind %s, consider also specifying apiVersion", varsSource.Kind)
+		}
+		gvk = gvks[0]
+	}
+
+	var objs []*uo.UnstructuredObject
+	if varsSource.Name != "" {
+		o, _, err := v.k.GetSingleObject(k8s2.NewObjectRef(gvk.Group, gvk.Version, gvk.Kind, varsSource.Name, varsSource.Namespace))
+		if err != nil && !errors.IsNotFound(err) {
+			return nil, err
+		}
+		if o != nil {
+			objs = append(objs, o)
+		}
+	} else {
+		objs, _, err = v.k.ListObjects(gvk, varsSource.Namespace, varsSource.Labels)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// we want stable sorting
+	sort.Slice(objs, func(i, j int) bool {
+		return objs[i].GetK8sRef().Less(objs[j].GetK8sRef())
+	})
+
+	if len(objs) == 0 {
+		if ignoreMissing {
+			return uo.New(), nil
+		}
+		return nil, fmt.Errorf("no object found")
+	}
+	if len(objs) != 1 {
+		if !varsSource.List {
+			return nil, fmt.Errorf("found more than one object")
+		}
+	}
+
+	path, err := uo.NewMyJsonPath(varsSource.Path)
+	if err != nil {
+		return nil, fmt.Errorf("invalid json path %s: %w", varsSource.Path, err)
+	}
+
+	var values []any
+	for _, o := range objs {
+		ref := o.GetK8sRef()
+
+		doError := func(err error) (*uo.UnstructuredObject, error) {
+			return nil, fmt.Errorf("failed to load vars from kubernetes object %s and json path %s: %w", ref.String(), varsSource.Path, err)
+		}
+
+		valList := path.Get(o)
+		if len(valList) == 0 {
+			if ignoreMissing {
+				return uo.New(), nil
+			}
+			return doError(fmt.Errorf("json path not found"))
+		} else if len(valList) > 1 {
+			return doError(fmt.Errorf("json path resulted in multiple matches"))
+		}
+		val := valList[0]
+
+		if varsSource.Render {
+			if s, ok := val.(string); ok {
+				s2, err := varsCtx.RenderString(s, nil)
+				if err != nil {
+					return doError(err)
+				}
+				val = s2
+			} else if m, ok := val.(map[string]any); ok {
+				_, err := varsCtx.RenderStruct(m)
+				if err != nil {
+					return doError(err)
+				}
+				val = m
+			}
+		}
+
+		if varsSource.ParseYaml {
+			s, ok := val.(string)
+			if !ok {
+				return doError(fmt.Errorf("value is not a string, but parsing YAML was requested"))
+			}
+			x, err := uo.FromString(s)
+			if err != nil {
+				return doError(err)
+			}
+			val = x
+		}
+
+		values = append(values, val)
+	}
+
+	p, err := uo.NewMyJsonPath(varsSource.TargetPath)
+	if err != nil {
+		return nil, err
+	}
+	newVars := uo.New()
+	if varsSource.List {
+		err = p.SetOne(newVars, values)
+	} else {
+		err = p.SetOne(newVars, values[0])
+	}
+	if err != nil {
+		return nil, fmt.Errorf("failed to set vars on path %s: %w", varsSource.TargetPath, err)
+	}
+	return newVars, nil
+}
+
 func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string) (*uo.UnstructuredObject, error) {
 	newVars := uo.New()
 	err := v.renderYamlString(varsCtx, s, newVars)
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 6e0b0a80a..7f5f6bb02 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -546,6 +546,345 @@ func (s *VarsLoaderTestSuite) TestK8sObjectLabels() {
 	})
 }
 
+func (s *VarsLoaderTestSuite) TestClusterObject() {
+	s.createNamespace()
+
+	cm1 := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "cm1",
+			Namespace: s.namespace(),
+			Labels: map[string]string{
+				"label1": "lv1",
+				"label2": "42",
+				"label3": "x",
+			},
+			Annotations: map[string]string{
+				"yaml":          `{"x": 45}`,
+				"render":        `{{ my.target.a }}`,
+				"renderAndYaml": `{"a": {{ my.target.b.x * 2 }} }`,
+			},
+		},
+		Data: map[string]string{},
+	}
+	cm2 := corev1.ConfigMap{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "cm2",
+			Namespace: s.namespace(),
+			Labels: map[string]string{
+				"label1": "lv2",
+				"label2": "44",
+				"label3": "x",
+			},
+			Annotations: map[string]string{
+				"a1": "v1",
+				"a2": `{{ 1 + 2 }}`,
+			},
+		},
+		Data: map[string]string{},
+	}
+
+	err := s.k.Client.Create(context.TODO(), &cm1)
+	assert.NoError(s.T(), err)
+	err = s.k.Client.Create(context.TODO(), &cm2)
+	assert.NoError(s.T(), err)
+
+	// test path
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `$`,
+				TargetPath: "my.target2",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels.*`,
+				TargetPath: "my.target3",
+			},
+		}, nil, "")
+		assert.ErrorContains(s.T(), err, "json path resulted in multiple matches")
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target")
+		assert.Equal(s.T(), "42", v)
+
+		v, _, _ = vc.Vars.GetNestedString("my", "target2", "apiVersion")
+		assert.Equal(s.T(), "v1", v)
+	})
+
+	// test targetPath
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
+			},
+		}, nil, "")
+		assert.ErrorContains(s.T(), err, "can not set with an empty expression")
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target")
+		assert.Equal(s.T(), "42", v)
+	})
+
+	// test targetPath with multiple matches
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		vc.Update(uo.FromMap(map[string]interface{}{
+			"list": []map[string]any{
+				{
+					"x": map[string]any{},
+				},
+				{
+					"x": map[string]any{},
+				},
+			},
+		}))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "list[*].x.y",
+			},
+		}, nil, "")
+		assert.ErrorContains(s.T(), err, `can not deduce what element to add at 'list'`)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "list[0].x.y",
+			},
+		}, nil, "")
+		assert.ErrorContains(s.T(), err, `can not follow a <nil> at 'list[0]'`)
+	})
+
+	// test apiVersion
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				ApiVersion: "v1",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target")
+		assert.Equal(s.T(), "42", v)
+	})
+
+	// test labels
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind: "ConfigMap",
+				Labels: map[string]string{
+					"label1": "lv1",
+				},
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.a",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind: "ConfigMap",
+				Labels: map[string]string{
+					"label1": "lv2",
+				},
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.b",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind: "ConfigMap",
+				Labels: map[string]string{
+					"label3": "x",
+				},
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.b",
+			},
+		}, nil, "")
+		assert.ErrorContains(s.T(), err, "found more than one object")
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind: "ConfigMap",
+				Labels: map[string]string{
+					"label3": "x",
+				},
+				List:       true,
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.c",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target", "a")
+		assert.Equal(s.T(), "42", v)
+		v, _, _ = vc.Vars.GetNestedString("my", "target", "b")
+		assert.Equal(s.T(), "44", v)
+		l, _, _ := vc.Vars.GetNestedStringList("my", "target", "c")
+		assert.Equal(s.T(), []string{"42", "44"}, l)
+	})
+
+	// test render
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.a",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.annotations["render"]`,
+				TargetPath: "my.target.b",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.annotations["render"]`,
+				Render:     true,
+				TargetPath: "my.target.c",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm2",
+				Namespace:  s.namespace(),
+				Path:       `metadata.annotations`,
+				Render:     true,
+				TargetPath: "my.target.d",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target", "a")
+		assert.Equal(s.T(), "42", v)
+		v, _, _ = vc.Vars.GetNestedString("my", "target", "b")
+		assert.Equal(s.T(), `{{ my.target.a }}`, v)
+		v, _, _ = vc.Vars.GetNestedString("my", "target", "c")
+		assert.Equal(s.T(), "42", v)
+		x, _, _ := vc.Vars.GetNestedField("my", "target", "d")
+		assert.Equal(s.T(), map[string]any{
+			"a1": "v1",
+			"a2": "3",
+		}, x)
+	})
+
+	// test parseYaml
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.labels["label2"]`,
+				TargetPath: "my.target.a",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.annotations["yaml"]`,
+				ParseYaml:  true,
+				TargetPath: "my.target.b",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				Namespace:  s.namespace(),
+				Path:       `metadata.annotations["renderAndYaml"]`,
+				Render:     true,
+				ParseYaml:  true,
+				TargetPath: "my.target.c",
+			},
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedString("my", "target", "a")
+		assert.Equal(s.T(), "42", v)
+		x, _, _ := vc.Vars.GetNestedField("my", "target", "b")
+		assert.Equal(s.T(), uo.FromMap(map[string]any{
+			"x": float64(45),
+		}), x)
+		x, _, _ = vc.Vars.GetNestedField("my", "target", "c")
+		assert.Equal(s.T(), uo.FromMap(map[string]any{
+			"a": float64(90),
+		}), x)
+	})
+}
+
 func (s *VarsLoaderTestSuite) TestSystemEnv() {
 	s.T().Setenv("TEST1", "42")
 	s.T().Setenv("TEST2", "'43'")
diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index c8aed9765..d2011678a 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -1,7 +1,7 @@
 import { CommandResult, VarsSource } from "../../../models";
 import { NodeData } from "./NodeData";
 import React from "react";
-import { Category, Cloud, Dvr, Http, Lock, Settings } from "@mui/icons-material";
+import { Category, Cloud, DataObject, Dvr, Http, Lock, Settings } from "@mui/icons-material";
 import { FileIcon, GitIcon } from "../../../icons/Icons";
 import { PropertiesTable } from "../../PropertiesTable";
 import { CodeViewer } from "../../CodeViewer";
@@ -33,6 +33,9 @@ export class VarsSourceNodeData extends NodeData {
         if (!labels) {
             labels = this.varsSource.clusterSecret?.labels
         }
+        if (!labels) {
+            labels = this.varsSource.clusterObject?.labels
+        }
         if (labels) {
             this.labelsYaml = yaml.dump(labels)
         }
@@ -85,14 +88,14 @@ export class VarsSourceNodeData extends NodeData {
                     return sourceProps
                 }
             }
-        } else if (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret) {
-            const vs = (this.varsSource.clusterConfigMap ? this.varsSource.clusterConfigMap : this.varsSource.clusterSecret)!
-            const type = this.varsSource.clusterConfigMap ? "cm" : "secret"
-            const icon = this.varsSource.clusterConfigMap ? <Settings fontSize={"large"}/> : <Lock fontSize={"large"}/>
+        } else if (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret || this.varsSource.clusterObject) {
+            const vs = (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret || this.varsSource.clusterObject)!
+            const type = this.varsSource.clusterObject ? this.varsSource.clusterObject.kind : (this.varsSource.clusterConfigMap ? "cm" : "secret")
+            const icon = this.varsSource.clusterObject ? <DataObject fontSize={"large"}/> : (this.varsSource.clusterConfigMap ? <Settings fontSize={"large"}/> : <Lock fontSize={"large"}/>)
             return {
                 type: type,
                 label: () => {
-                    return this.varsSource.clusterConfigMap?.name!
+                    return vs.name
                 },
                 icon: () => icon,
                 sourceProps: () => {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 42b51ea09..2d8871577 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -328,6 +328,32 @@ export class VarsSourceHttp {
         this.jsonPath = source["jsonPath"];
     }
 }
+export class VarsSourceClusterObject {
+    kind: string;
+    apiVersion?: string;
+    namespace: string;
+    name?: string;
+    labels?: {[key: string]: string};
+    list?: boolean;
+    path: string;
+    render?: boolean;
+    parseYaml?: boolean;
+    targetPath: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.kind = source["kind"];
+        this.apiVersion = source["apiVersion"];
+        this.namespace = source["namespace"];
+        this.name = source["name"];
+        this.labels = source["labels"];
+        this.list = source["list"];
+        this.path = source["path"];
+        this.render = source["render"];
+        this.parseYaml = source["parseYaml"];
+        this.targetPath = source["targetPath"];
+    }
+}
 export class VarsSourceClusterConfigMapOrSecret {
     name?: string;
     labels?: {[key: string]: string};
@@ -365,6 +391,7 @@ export class VarsSource {
     git?: VarsSourceGit;
     clusterConfigMap?: VarsSourceClusterConfigMapOrSecret;
     clusterSecret?: VarsSourceClusterConfigMapOrSecret;
+    clusterObject?: VarsSourceClusterObject;
     systemEnvVars?: any;
     http?: VarsSourceHttp;
     awsSecretsManager?: VarsSourceAwsSecretsManager;
@@ -385,6 +412,7 @@ export class VarsSource {
         this.git = this.convertValues(source["git"], VarsSourceGit);
         this.clusterConfigMap = this.convertValues(source["clusterConfigMap"], VarsSourceClusterConfigMapOrSecret);
         this.clusterSecret = this.convertValues(source["clusterSecret"], VarsSourceClusterConfigMapOrSecret);
+        this.clusterObject = this.convertValues(source["clusterObject"], VarsSourceClusterObject);
         this.systemEnvVars = source["systemEnvVars"];
         this.http = this.convertValues(source["http"], VarsSourceHttp);
         this.awsSecretsManager = this.convertValues(source["awsSecretsManager"], VarsSourceAwsSecretsManager);

From ebd59cb82e9c133c2acf675faea3a962ac01b3d3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Jan 2024 11:35:08 +0100
Subject: [PATCH 1891/2268] fix: Implement jp.Keyed interface for
 UnstructuredObject

---
 pkg/utils/uo/jsonpath.go     |  2 +-
 pkg/utils/uo/unstructured.go | 19 +++++++++++++++++--
 pkg/utils/uo/uo_keyed.go     | 31 +++++++++++++++++++++++++++++++
 pkg/utils/uo/utils.go        | 16 +++++++++++++---
 4 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 pkg/utils/uo/uo_keyed.go

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index a1918e8fe..fca098539 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -116,7 +116,7 @@ func (j *MyJsonPath) GetFirstObject(o *UnstructuredObject) (*UnstructuredObject,
 	if !found {
 		return nil, false, nil
 	}
-	m, ok := x.(map[string]interface{})
+	m, ok := getDict(x)
 	if !ok {
 		return nil, false, fmt.Errorf("child is not a map")
 	}
diff --git a/pkg/utils/uo/unstructured.go b/pkg/utils/uo/unstructured.go
index f0793e843..943bb2ec7 100644
--- a/pkg/utils/uo/unstructured.go
+++ b/pkg/utils/uo/unstructured.go
@@ -2,6 +2,7 @@ package uo
 
 import (
 	"fmt"
+	"github.com/ohler55/ojg/jp"
 )
 
 func MergeStrMap(a map[string]string, b map[string]string) {
@@ -18,13 +19,20 @@ func CopyMergeStrMap(a map[string]string, b map[string]string) map[string]string
 }
 
 func GetChild(parent interface{}, key interface{}) (interface{}, bool, error) {
-	if m, ok := parent.(map[string]interface{}); ok {
+	if m, ok := getDict(parent); ok {
 		keyStr, ok := key.(string)
 		if !ok {
 			return nil, false, fmt.Errorf("key is not a string")
 		}
 		v, found := m[keyStr]
 		return v, found, nil
+	} else if m, ok := parent.(jp.Keyed); ok {
+		keyStr, ok := key.(string)
+		if !ok {
+			return nil, false, fmt.Errorf("key is not a string")
+		}
+		v, found := m.ValueForKey(keyStr)
+		return v, found, nil
 	} else if l, ok := parent.([]interface{}); ok {
 		keyInt, ok := key.(int)
 		if !ok {
@@ -40,13 +48,20 @@ func GetChild(parent interface{}, key interface{}) (interface{}, bool, error) {
 }
 
 func SetChild(parent interface{}, key interface{}, value interface{}) error {
-	if m, ok := parent.(map[string]interface{}); ok {
+	if m, ok := getDict(parent); ok {
 		keyStr, ok := key.(string)
 		if !ok {
 			return fmt.Errorf("key is not a string")
 		}
 		m[keyStr] = value
 		return nil
+	} else if m, ok := parent.(jp.Keyed); ok {
+		keyStr, ok := key.(string)
+		if !ok {
+			return fmt.Errorf("key is not a string")
+		}
+		m.SetValueForKey(keyStr, value)
+		return nil
 	} else if l, ok := parent.([]interface{}); ok {
 		keyInt, ok := key.(int)
 		if !ok {
diff --git a/pkg/utils/uo/uo_keyed.go b/pkg/utils/uo/uo_keyed.go
new file mode 100644
index 000000000..4bbc0ef93
--- /dev/null
+++ b/pkg/utils/uo/uo_keyed.go
@@ -0,0 +1,31 @@
+package uo
+
+import (
+	"github.com/ohler55/ojg/jp"
+)
+
+// implementation of Keyed from ojg/jp (json path)
+
+// ensure we implement the interface
+var _ jp.Keyed = &UnstructuredObject{}
+
+func (uo *UnstructuredObject) ValueForKey(key string) (value any, has bool) {
+	v, ok := uo.Object[key]
+	return v, ok
+}
+
+func (uo *UnstructuredObject) SetValueForKey(key string, value any) {
+	uo.Object[key] = value
+}
+
+func (uo *UnstructuredObject) RemoveValueForKey(key string) {
+	delete(uo.Object, key)
+}
+
+func (uo *UnstructuredObject) Keys() []string {
+	ret := make([]string, 0, len(uo.Object))
+	for key, _ := range uo.Object {
+		ret = append(ret, key)
+	}
+	return ret
+}
diff --git a/pkg/utils/uo/utils.go b/pkg/utils/uo/utils.go
index 3e324fc1c..a6a8ff1dc 100644
--- a/pkg/utils/uo/utils.go
+++ b/pkg/utils/uo/utils.go
@@ -1,10 +1,10 @@
 package uo
 
-func MergeMap(a, b map[string]interface{}) {
+func MergeMap(a, b map[string]any) {
 	for key := range b {
 		if _, ok := a[key]; ok {
-			adict, adictOk := a[key].(map[string]interface{})
-			bdict, bdictOk := b[key].(map[string]interface{})
+			adict, adictOk := getDict(a[key])
+			bdict, bdictOk := getDict(b[key])
 			if adictOk && bdictOk {
 				MergeMap(adict, bdict)
 			} else {
@@ -15,3 +15,13 @@ func MergeMap(a, b map[string]interface{}) {
 		}
 	}
 }
+
+func getDict(o any) (map[string]any, bool) {
+	if d, ok := o.(map[string]any); ok {
+		return d, true
+	}
+	if x, ok := o.(*UnstructuredObject); ok {
+		return x.Object, true
+	}
+	return nil, false
+}

From 07eacc0db4940f31cb400117c1be577b01f82fc2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Jan 2024 11:35:41 +0100
Subject: [PATCH 1892/2268] feat: Make targetPath a common vars source property

---
 docs/kluctl/templating/variable-sources.md |  25 ++-
 pkg/types/vars_source.go                   |   9 +-
 pkg/vars/vars_loader.go                    |  65 +++++---
 pkg/vars/vars_loader_test.go               | 183 +++++++++++----------
 4 files changed, 159 insertions(+), 123 deletions(-)

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 7884ef7f7..c53fcb50a 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -35,27 +35,44 @@ vars:
   when: some.var == "value"
 - file: vars3.yaml
   sensitive: true
+- file: vars4.yaml
+  targetPath: my.target.path
 ```
 
 `vars2.yaml` can now use variables that are defined in `vars1.yaml`. A special case is the use of previously defined
 variables inside [values](#values) vars sources. Please see the documentation of [values](#values) for details.
 
 At all times, variables defined by
-parents of the current sub-deployment project can be used in the current vars file.
+parents of the current sub-deployment project can be used in the current vars source.
 
+The following properties can be set on all variable sources:
+
+##### ignoreMissing
 Each variable source can have the optional field `ignoreMissing` set to `true`, causing Kluctl to ignore if the source
 can not be found.
 
+##### noOverride
 When specifying `noOverride: true`, Kluctl will not override variables from the previously loaded variables. This is
 useful if you want to load default values for variables.
 
+##### when
 Variables can also be loaded conditionally by specifying a condition via `when: <condition>`. The condition must be in
 the same format as described in [conditional deployment items](../deployments/deployment-yml.md#when)
 
+##### sensitive
 Specifying `sensitive: true` causes the Webui to redact the underlying variables for non-admin users. This will be set
 to `true` by default for all variable sources that usually load sensitive data, including sops encrypted files and
 Kubernetes secrets.
 
+##### targetPath
+Specifies a [JSON path](https://goessner.net/articles/JsonPath/) to be used as the target path in the new templating
+context.
+
+Only simple pathes are supported that do not contain wildcards or lists.
+
+For some variable sources, `targetPath` will become mandatory when the resulting variable is not a dictionary.
+
+## Variable source types
 Different types of vars entries are possible:
 
 ### file
@@ -286,12 +303,6 @@ the string as YAML and use the resulting YAML value (which can be a simple int/f
 result and store it in `targetPath`. When `render: true` is specified as well, the YAML string is rendered before parsing
 happens.
 
-##### targetPath (required)
-Specifies a [JSON path](https://goessner.net/articles/JsonPath/) to be used as the target path in the new templating
-context.
-
-Only simple pathes are supported that do not contain wildcards or lists.
-
 ### http
 The http variables source allows to load variables from an arbitrary HTTP resource by performing a GET (or any other
 configured HTTP method) on the URL. Example:
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 7f16e30fa..a421e3ed3 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -41,10 +41,9 @@ type VarsSourceClusterObject struct {
 	Labels map[string]string `json:"labels,omitempty"`
 	List   bool              `json:"list,omitempty"`
 
-	Path       string `json:"path" validate:"required"`
-	Render     bool   `json:"render,omitempty"`
-	ParseYaml  bool   `json:"parseYaml,omitempty"`
-	TargetPath string `json:"targetPath" validate:"required"`
+	Path      string `json:"path" validate:"required"`
+	Render    bool   `json:"render,omitempty"`
+	ParseYaml bool   `json:"parseYaml,omitempty"`
 }
 
 func ValidateVarsSourceClusterObject(sl validator.StructLevel) {
@@ -109,6 +108,8 @@ type VarsSource struct {
 	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
 	AzureKeyVault     *VarSourceAzureKeyVault             `json:"azureKeyVault,omitempty"`
 
+	TargetPath string `json:"targetPath,omitempty"`
+
 	When string `json:"when,omitempty"`
 
 	// these are only allowed when writing the command result
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 8896d14a8..4ba5f8022 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -102,43 +102,44 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 		ignoreMissing = *source.IgnoreMissing
 	}
 
-	var newVars *uo.UnstructuredObject
+	var newValue any
 	var sensitive bool
 	if source.Values != nil {
-		newVars = source.Values
 		if rootKey != "" {
-			newVars = uo.FromMap(map[string]interface{}{
-				rootKey: newVars.Object,
+			newValue = uo.FromMap(map[string]interface{}{
+				rootKey: source.Values.Object,
 			})
+		} else {
+			newValue = source.Values
 		}
 	} else if source.File != nil {
-		newVars, sensitive, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
+		newValue, sensitive, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
 	} else if source.Git != nil {
-		newVars, sensitive, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
+		newValue, sensitive, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
-		newVars, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
+		newValue, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
-		newVars, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
+		newValue, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterSecret, "Secret", ignoreMissing, true)
 		sensitive = true
 	} else if source.ClusterObject != nil {
-		newVars, err = v.loadFromK8sObject(varsCtx, *source.ClusterObject, ignoreMissing)
+		newValue, err = v.loadFromK8sObject(varsCtx, *source.ClusterObject, ignoreMissing)
 		sensitive = true
 	} else if source.SystemEnvVars != nil {
-		newVars, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
+		newValue, err = v.loadSystemEnvs(varsCtx, &source, ignoreMissing, rootKey)
 		sensitive = true
 	} else if source.Http != nil {
-		newVars, sensitive, err = v.loadHttp(varsCtx, &source, ignoreMissing)
+		newValue, sensitive, err = v.loadHttp(varsCtx, &source, ignoreMissing)
 	} else if source.AwsSecretsManager != nil {
-		newVars, err = v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing)
+		newValue, err = v.loadAwsSecretsManager(varsCtx, &source, ignoreMissing)
 		sensitive = true
 	} else if source.GcpSecretManager != nil {
-		newVars, err = v.loadGcpSecretManager(varsCtx, &source, ignoreMissing)
+		newValue, err = v.loadGcpSecretManager(varsCtx, &source, ignoreMissing)
 		sensitive = true
 	} else if source.Vault != nil {
-		newVars, err = v.loadVault(varsCtx, &source, ignoreMissing)
+		newValue, err = v.loadVault(varsCtx, &source, ignoreMissing)
 		sensitive = true
 	} else if source.AzureKeyVault != nil {
-		newVars, err = v.loadAzureKeyVault(varsCtx, &source, ignoreMissing)
+		newValue, err = v.loadAzureKeyVault(varsCtx, &source, ignoreMissing)
 		sensitive = true
 	} else {
 		return fmt.Errorf("invalid vars source")
@@ -152,6 +153,25 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 		sensitive = *sourceIn.Sensitive
 	}
 
+	var newVars *uo.UnstructuredObject
+	if source.TargetPath != "" {
+		p, err := uo.NewMyJsonPath(source.TargetPath)
+		if err != nil {
+			return fmt.Errorf("failed to parse targetPath: %w", err)
+		}
+		newVars = uo.New()
+		err = p.SetOne(newVars, newValue)
+		if err != nil {
+			return fmt.Errorf("failed to set value to targetPath: %w", err)
+		}
+	} else {
+		var ok bool
+		newVars, ok = newValue.(*uo.UnstructuredObject)
+		if !ok {
+			return fmt.Errorf("'targetPath' is required for this variable source")
+		}
+	}
+
 	sourceIn.RenderedSensitive = sensitive
 	sourceIn.RenderedVars = newVars.Clone()
 
@@ -432,7 +452,7 @@ func (v *VarsLoader) loadFromK8sConfigMapOrSecret(varsCtx *VarsCtx, varsSource t
 	}
 }
 
-func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterObject, ignoreMissing bool) (*uo.UnstructuredObject, error) {
+func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSourceClusterObject, ignoreMissing bool) (any, error) {
 	if v.k == nil {
 		return nil, fmt.Errorf("loading vars from cluster is disabled")
 	}
@@ -552,20 +572,11 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		values = append(values, val)
 	}
 
-	p, err := uo.NewMyJsonPath(varsSource.TargetPath)
-	if err != nil {
-		return nil, err
-	}
-	newVars := uo.New()
 	if varsSource.List {
-		err = p.SetOne(newVars, values)
+		return values, nil
 	} else {
-		err = p.SetOne(newVars, values[0])
-	}
-	if err != nil {
-		return nil, fmt.Errorf("failed to set vars on path %s: %w", varsSource.TargetPath, err)
+		return values[0], nil
 	}
-	return newVars, nil
 }
 
 func (v *VarsLoader) loadFromString(varsCtx *VarsCtx, s string) (*uo.UnstructuredObject, error) {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 7f5f6bb02..7dd9b60f5 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -127,6 +127,19 @@ func (s *VarsLoaderTestSuite) TestValuesNoOverrides() {
 	})
 }
 
+func (s *VarsLoaderTestSuite) TestValuesTargetPath() {
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			Values:     uo.FromStringMust(`{"test1": {"test2": 42}}`),
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		v, _, _ := vc.Vars.GetNestedInt("my", "target", "test1", "test2")
+		assert.Equal(s.T(), int64(42), v)
+	})
+}
+
 func (s *VarsLoaderTestSuite) TestWhen() {
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
@@ -592,34 +605,34 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `$`,
-				TargetPath: "my.target2",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `$`,
 			},
+			TargetPath: "my.target2",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels.*`,
-				TargetPath: "my.target3",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels.*`,
 			},
+			TargetPath: "my.target3",
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, "json path resulted in multiple matches")
 
@@ -640,16 +653,16 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Path:      `metadata.labels["label2"]`,
 			},
 		}, nil, "")
-		assert.ErrorContains(s.T(), err, "can not set with an empty expression")
+		assert.ErrorContains(s.T(), err, `'targetPath' is required for this variable source`)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -671,23 +684,23 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 		}))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "list[*].x.y",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "list[*].x.y",
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, `can not deduce what element to add at 'list'`)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "list[0].x.y",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "list[0].x.y",
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, `can not follow a <nil> at 'list[0]'`)
 	})
@@ -701,8 +714,8 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Name:       "cm1",
 				Namespace:  s.namespace(),
 				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target",
 			},
+			TargetPath: "my.target",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -718,10 +731,10 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Labels: map[string]string{
 					"label1": "lv1",
 				},
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.a",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.a",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -731,10 +744,10 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Labels: map[string]string{
 					"label1": "lv2",
 				},
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.b",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.b",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -744,10 +757,10 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Labels: map[string]string{
 					"label3": "x",
 				},
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.b",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.b",
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, "found more than one object")
 
@@ -757,11 +770,11 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 				Labels: map[string]string{
 					"label3": "x",
 				},
-				List:       true,
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.c",
+				List:      true,
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.c",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -777,47 +790,47 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.a",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.a",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.annotations["render"]`,
-				TargetPath: "my.target.b",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.annotations["render"]`,
 			},
+			TargetPath: "my.target.b",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.annotations["render"]`,
-				Render:     true,
-				TargetPath: "my.target.c",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.annotations["render"]`,
+				Render:    true,
 			},
+			TargetPath: "my.target.c",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm2",
-				Namespace:  s.namespace(),
-				Path:       `metadata.annotations`,
-				Render:     true,
-				TargetPath: "my.target.d",
+				Kind:      "ConfigMap",
+				Name:      "cm2",
+				Namespace: s.namespace(),
+				Path:      `metadata.annotations`,
+				Render:    true,
 			},
+			TargetPath: "my.target.d",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
@@ -838,37 +851,37 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.labels["label2"]`,
-				TargetPath: "my.target.a",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.labels["label2"]`,
 			},
+			TargetPath: "my.target.a",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.annotations["yaml"]`,
-				ParseYaml:  true,
-				TargetPath: "my.target.b",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.annotations["yaml"]`,
+				ParseYaml: true,
 			},
+			TargetPath: "my.target.b",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			ClusterObject: &types.VarsSourceClusterObject{
-				Kind:       "ConfigMap",
-				Name:       "cm1",
-				Namespace:  s.namespace(),
-				Path:       `metadata.annotations["renderAndYaml"]`,
-				Render:     true,
-				ParseYaml:  true,
-				TargetPath: "my.target.c",
+				Kind:      "ConfigMap",
+				Name:      "cm1",
+				Namespace: s.namespace(),
+				Path:      `metadata.annotations["renderAndYaml"]`,
+				Render:    true,
+				ParseYaml: true,
 			},
+			TargetPath: "my.target.c",
 		}, nil, "")
 		assert.NoError(s.T(), err)
 

From bee19b48c7e6768a3aabbb16172dbb5f3760197c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 3 Jan 2024 11:36:00 +0100
Subject: [PATCH 1893/2268] feat: Deprecate targetPath from
 clusterConfigMap/clusterSecret

---
 pkg/types/vars_source.go | 2 +-
 pkg/vars/vars_loader.go  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index a421e3ed3..a4bcdb4e8 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -124,7 +124,7 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
 		switch v.Type().Field(i).Name {
-		case "IgnoreMissing", "NoOverride", "When", "RenderedSensitive", "RenderedVars":
+		case "IgnoreMissing", "NoOverride", "TargetPath", "When", "RenderedSensitive", "RenderedVars":
 			continue
 		}
 		if !v.Field(i).IsNil() {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 4ba5f8022..9406698ed 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -439,6 +439,8 @@ func (v *VarsLoader) loadFromK8sConfigMapOrSecret(varsCtx *VarsCtx, varsSource t
 		}
 		return uo.FromMap(m), nil
 	} else {
+		status.Deprecation(v.ctx, "cm-or-secret-target-path", "'targetPath' in clusterConfigMap and clusterSecret is deprecated, use the common 'targetPath' property from one level above instead.")
+
 		p, err := uo.NewMyJsonPath(varsSource.TargetPath)
 		if err != nil {
 			return doError(err)

From 39e7e208500bff13bb668d1fc0352fa171a4bd8f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 4 Jan 2024 08:35:49 +0100
Subject: [PATCH 1894/2268] fix: Properly support all slices types in
 GetChild/SetChild

---
 pkg/utils/uo/jsonpath.go          | 11 +++--
 pkg/utils/uo/unstructured.go      | 21 +++++++---
 pkg/utils/uo/unstructured_test.go | 68 +++++++++++++++++++++++++++++++
 3 files changed, 90 insertions(+), 10 deletions(-)
 create mode 100644 pkg/utils/uo/unstructured_test.go

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index fca098539..9b92e8819 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -3,6 +3,7 @@ package uo
 import (
 	"fmt"
 	"github.com/ohler55/ojg/jp"
+	"reflect"
 	"regexp"
 	"strings"
 )
@@ -128,13 +129,15 @@ func (j *MyJsonPath) GetFirstListOfObjects(o *UnstructuredObject) ([]*Unstructur
 	if !found {
 		return nil, false, nil
 	}
-	l, ok := x.([]interface{})
-	if !ok {
+	v := reflect.ValueOf(x)
+	if v.Type().Kind() != reflect.Slice {
 		return nil, false, fmt.Errorf("child is not a list")
 	}
+
 	var ret []*UnstructuredObject
-	for _, x := range l {
-		m, ok := x.(map[string]interface{})
+	for i := 0; i < v.Len(); i++ {
+		e := v.Index(i).Interface()
+		m, ok := getDict(e)
 		if !ok {
 			return nil, false, fmt.Errorf("child is not a list of maps")
 		}
diff --git a/pkg/utils/uo/unstructured.go b/pkg/utils/uo/unstructured.go
index 943bb2ec7..6da4f1b70 100644
--- a/pkg/utils/uo/unstructured.go
+++ b/pkg/utils/uo/unstructured.go
@@ -3,6 +3,7 @@ package uo
 import (
 	"fmt"
 	"github.com/ohler55/ojg/jp"
+	"reflect"
 )
 
 func MergeStrMap(a map[string]string, b map[string]string) {
@@ -33,16 +34,19 @@ func GetChild(parent interface{}, key interface{}) (interface{}, bool, error) {
 		}
 		v, found := m.ValueForKey(keyStr)
 		return v, found, nil
-	} else if l, ok := parent.([]interface{}); ok {
+	}
+
+	v := reflect.ValueOf(parent)
+	if v.Type().Kind() == reflect.Slice {
 		keyInt, ok := key.(int)
 		if !ok {
 			return nil, false, fmt.Errorf("key is not an int")
 		}
-		if keyInt < 0 || keyInt >= len(l) {
+		if keyInt < 0 || keyInt >= v.Len() {
 			return nil, false, fmt.Errorf("index out of bounds")
 		}
-		v := l[keyInt]
-		return v, true, nil
+		e := v.Index(keyInt)
+		return e.Interface(), true, nil
 	}
 	return nil, false, fmt.Errorf("unknown parent type")
 }
@@ -62,12 +66,17 @@ func SetChild(parent interface{}, key interface{}, value interface{}) error {
 		}
 		m.SetValueForKey(keyStr, value)
 		return nil
-	} else if l, ok := parent.([]interface{}); ok {
+	}
+
+	v := reflect.ValueOf(parent)
+	if v.Type().Kind() == reflect.Slice {
 		keyInt, ok := key.(int)
 		if !ok {
 			return fmt.Errorf("key is not an int")
 		}
-		l[keyInt] = value
+
+		e := v.Index(keyInt)
+		e.Set(reflect.ValueOf(value))
 		return nil
 	}
 	return fmt.Errorf("unknown parent type")
diff --git a/pkg/utils/uo/unstructured_test.go b/pkg/utils/uo/unstructured_test.go
new file mode 100644
index 000000000..eefa1248a
--- /dev/null
+++ b/pkg/utils/uo/unstructured_test.go
@@ -0,0 +1,68 @@
+package uo
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestSetChildMap(t *testing.T) {
+	x := map[string]any{
+		"a": 1,
+	}
+
+	_ = SetChild(x, "b", 42)
+	assert.Equal(t, 1, x["a"])
+	assert.Equal(t, 42, x["b"])
+
+	v, _, _ := GetChild(x, "a")
+	assert.Equal(t, 1, v)
+	v, _, _ = GetChild(x, "b")
+	assert.Equal(t, 42, v)
+}
+
+func TestSetGetChildUnstructuredObject(t *testing.T) {
+	x := FromMap(map[string]any{
+		"a": 1,
+	})
+
+	_ = SetChild(x, "b", 42)
+	assert.Equal(t, 1, x.Object["a"])
+	assert.Equal(t, 42, x.Object["b"])
+
+	v, _, _ := GetChild(x, "a")
+	assert.Equal(t, 1, v)
+	v, _, _ = GetChild(x, "b")
+	assert.Equal(t, 42, v)
+}
+
+func TestSetGetChildAnySlice(t *testing.T) {
+	x := []any{
+		1,
+		111,
+	}
+
+	_ = SetChild(x, 1, 42)
+	assert.Equal(t, 1, x[0])
+	assert.Equal(t, 42, x[1])
+
+	v, _, _ := GetChild(x, 0)
+	assert.Equal(t, 1, v)
+	v, _, _ = GetChild(x, 1)
+	assert.Equal(t, 42, v)
+}
+
+func TestSetGetChildIntSlice(t *testing.T) {
+	x := []int{
+		1,
+		111,
+	}
+
+	_ = SetChild(x, 1, 42)
+	assert.Equal(t, 1, x[0])
+	assert.Equal(t, 42, x[1])
+
+	v, _, _ := GetChild(x, 0)
+	assert.Equal(t, 1, v)
+	v, _, _ = GetChild(x, 1)
+	assert.Equal(t, 42, v)
+}

From 41dad478661366497426f717762190cb391d7d1d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 4 Jan 2024 08:37:37 +0100
Subject: [PATCH 1895/2268] feat: Implement gitFiles variables source

---
 docs/kluctl/templating/variable-sources.md | 100 ++-
 e2e/test-utils/test_git_server.go          |   9 +
 pkg/types/vars_source.go                   |  33 +
 pkg/types/zz_generated.deepcopy.go         | 129 ++++
 pkg/vars/vars_loader.go                    |   2 +
 pkg/vars/vars_loader_git_files.go          | 235 +++++++
 pkg/vars/vars_loader_git_files_test.go     | 684 +++++++++++++++++++++
 pkg/webui/ui/src/models.ts                 |  50 +-
 8 files changed, 1239 insertions(+), 3 deletions(-)
 create mode 100644 pkg/vars/vars_loader_git_files.go
 create mode 100644 pkg/vars/vars_loader_git_files_test.go

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index c53fcb50a..b729cd99b 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -143,7 +143,7 @@ The advantage of the second method is that the type (number) of `a` is preserved
 it into a string.
 
 ### git
-This loads variables from a git repository. Example:
+This loads variables from a file inside a git repository. Example:
 
 ```yaml
 vars:
@@ -159,6 +159,104 @@ The ref field has the same format at found in [Git includes](../deployments/depl
 Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
 [sops integration](../deployments/sops.md) integration for more details.
 
+### gitFiles
+This loads multiple branches/tags and its contents from a git repository. The branches/tags can be filtered via regex
+and the files to load can be filtered via globs. Files can also be parsed and interpreted as yaml. Providing
+[`targrtPath`](#targetpath) is mandatory for this variables source.
+
+Example:
+
+```yaml
+vars:
+  - gitFiles:
+      url: ssh://git@github.com/example/repo.git
+      ref:
+        branch: preview-env-.*
+      files:
+        - glob: preview-info.yaml
+          parseYaml: true
+    targetPath: previewEnvs
+```
+
+The following fields are supported for `gitFiles`.
+
+##### url
+Specified the Git url.
+
+##### ref
+Specifies the ref to match. The ref field has the same format at found in [Git includes](../deployments/deployment-yml.md#git-includes),
+with the addition that branches and tags can specify regular expressions.
+
+##### files
+Specifies a list of file filters. Each entry can have the following fields:
+
+| field        | required | description                                                                                                                                                                                                                          |
+|--------------|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| glob         | yes      | Specifies the globbing pattern to test files against. `/` must be used as separator, even on Windows.                                                                                                                                |
+| render       | no       | If set to `true`, Kluctl will render the content of matching files with the current context (excluding the currently loaded `gitFiles`.                                                                                              |
+| parseYaml    | no       | If set to `true`, Kluctl will parse and interpret the content of matching files as YAML.<br/>The result is stored in the `parsed` field of the resulting file dict.<br/>Parsing happend after rendering (if `render: true` is used). |
+| yamlMultiDoc | no       | If set to `true`, Kluctl will treat the content of matching files as multi-document YAML file.                                                                                                                                       |
+
+
+#### gitFiles result
+The above example will put the result into the variable `previewEnvs`. The result is a list of matching branches/tags with each entry
+having the following form:
+
+```yaml
+previewEnvs:
+- ref:
+    branch: preview-env-1
+  refStr: refs/heads/preview-env-1
+  files:
+  - path: preview-info.yaml
+    size: 1234
+    content: |
+      some:
+        arbitrary:
+          yamlContent: 42
+    parsed:
+      some:
+        arbitrary:
+          yamlContent: 42
+    # this is a copy of the original `gitFiles.files` entry that caused this match
+    file:
+      glob: preview-info.yaml
+      parseYaml: true
+  # this is a flat dict with each entry being a copy of what is found in `files` for that same entry
+  # it is indexed by the relative path of each file
+  filesByPath:
+    preview-info.yaml:
+      path: preview-info.yaml
+      content: ...
+    dir1/sub-dir/file.yaml:
+      path: dir1/sub-dir/file.yaml
+      content: ...
+  # this is a nested dict that follows the directory structure
+  filesTree:
+    preview-info.yaml:
+      path: preview-info.yaml
+      content: ...
+    dir1:
+      sub-dir:
+        file.yaml:
+          path: dir1/sub-dir/file.yaml
+          content: ...
+- ref:
+    branch: preview-env-2
+  ...
+```
+
+Each file entry, as found in `files`, `filesByPath` and `filesTree` has the following fields:
+
+| field   | description                                                                                                                                                                                  |
+|---------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| file    | This is a copy of the `files` entry from `gitFiles` that caused the match.                                                                                                                   |
+| path    | The relative path inside the git repository.                                                                                                                                                 |
+| size    | The size of the file. If the file is encrypted, this specifies the size of the unencrypted content.                                                                                          |
+| content | The content of the file. If the original file is encrypted, the `content` will contain the unencrypted content. If `render: true` was specified, the `content` will be the rendered content. |
+| parsed  | If `parsed: true` was specified, this field will contain the parsed content of the file.                                                                                                     |
+
+
 ### clusterConfigMap
 Loads a configmap from the target's cluster and loads the specified key's value into the templating context. The value
 is treated and loaded as YAML and thus can either be a simple value or a complex nested structure. In case of a simple
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 94efc5952..1297cc45f 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -308,6 +308,15 @@ func (p *TestGitServer) DeleteFile(repo string, pth string, message string) {
 	p.CommitFiles(repo, []string{pth}, false, message)
 }
 
+func (p *TestGitServer) ReadFile(repo string, pth string) []byte {
+	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	b, err := os.ReadFile(fullPath)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	return b
+}
+
 func (p *TestGitServer) GitHost() string {
 	return fmt.Sprintf("localhost:%d", p.gitServerPort)
 }
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index a4bcdb4e8..1f8289f81 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -4,6 +4,7 @@ import (
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"k8s.io/apimachinery/pkg/runtime"
 	"reflect"
 )
 
@@ -13,6 +14,37 @@ type VarsSourceGit struct {
 	Path string  `json:"path" validate:"required"`
 }
 
+type VarsSourceGitFiles struct {
+	Url GitUrl  `json:"url" validate:"required"`
+	Ref *GitRef `json:"ref,omitempty"`
+
+	Files []GitFile `json:"files,omitempty"`
+}
+
+type GitFile struct {
+	Glob         string `json:"glob" validate:"required"`
+	Render       bool   `json:"render,omitempty"`
+	ParseYaml    bool   `json:"parseYaml,omitempty"`
+	YamlMultiDoc bool   `json:"yamlMultiDoc,omitempty"`
+}
+
+type GitFileMatch struct {
+	File    GitFile               `json:"file"`
+	Path    string                `json:"path"`
+	Size    int32                 `json:"size"`
+	Content string                `json:"content"`
+	Parsed  *runtime.RawExtension `json:"parsed,omitempty"`
+}
+
+type GitFilesRefMatch struct {
+	Ref    GitRef `json:"ref"`
+	RefStr string `json:"refStr"`
+
+	Files       []GitFileMatch          `json:"files"`
+	FilesByPath map[string]GitFileMatch `json:"filesByPath"`
+	FilesTree   *uo.UnstructuredObject  `json:"filesTree"`
+}
+
 type VarsSourceClusterConfigMapOrSecret struct {
 	Name       string            `json:"name,omitempty"`
 	Labels     map[string]string `json:"labels,omitempty"`
@@ -98,6 +130,7 @@ type VarsSource struct {
 	Values            *uo.UnstructuredObject              `json:"values,omitempty"`
 	File              *string                             `json:"file,omitempty"`
 	Git               *VarsSourceGit                      `json:"git,omitempty"`
+	GitFiles          *VarsSourceGitFiles                 `json:"gitFiles,omitempty"`
 	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `json:"clusterConfigMap,omitempty"`
 	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `json:"clusterSecret,omitempty"`
 	ClusterObject     *VarsSourceClusterObject            `json:"clusterObject,omitempty"`
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 17e07dda2..509fb2caf 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -23,6 +23,7 @@ package types
 import (
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -336,6 +337,76 @@ func (in *FixedImagesConfig) DeepCopy() *FixedImagesConfig {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitFile) DeepCopyInto(out *GitFile) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitFile.
+func (in *GitFile) DeepCopy() *GitFile {
+	if in == nil {
+		return nil
+	}
+	out := new(GitFile)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitFileMatch) DeepCopyInto(out *GitFileMatch) {
+	*out = *in
+	out.File = in.File
+	if in.Parsed != nil {
+		in, out := &in.Parsed, &out.Parsed
+		*out = new(runtime.RawExtension)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitFileMatch.
+func (in *GitFileMatch) DeepCopy() *GitFileMatch {
+	if in == nil {
+		return nil
+	}
+	out := new(GitFileMatch)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitFilesRefMatch) DeepCopyInto(out *GitFilesRefMatch) {
+	*out = *in
+	out.Ref = in.Ref
+	if in.Files != nil {
+		in, out := &in.Files, &out.Files
+		*out = make([]GitFileMatch, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.FilesByPath != nil {
+		in, out := &in.FilesByPath, &out.FilesByPath
+		*out = make(map[string]GitFileMatch, len(*in))
+		for key, val := range *in {
+			(*out)[key] = *val.DeepCopy()
+		}
+	}
+	if in.FilesTree != nil {
+		in, out := &in.FilesTree, &out.FilesTree
+		*out = (*in).DeepCopy()
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitFilesRefMatch.
+func (in *GitFilesRefMatch) DeepCopy() *GitFilesRefMatch {
+	if in == nil {
+		return nil
+	}
+	out := new(GitFilesRefMatch)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GitProject) DeepCopyInto(out *GitProject) {
 	*out = *in
@@ -855,6 +926,11 @@ func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 		*out = new(VarsSourceGit)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.GitFiles != nil {
+		in, out := &in.GitFiles, &out.GitFiles
+		*out = new(VarsSourceGitFiles)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.ClusterConfigMap != nil {
 		in, out := &in.ClusterConfigMap, &out.ClusterConfigMap
 		*out = new(VarsSourceClusterConfigMapOrSecret)
@@ -865,6 +941,11 @@ func (in *VarsSource) DeepCopyInto(out *VarsSource) {
 		*out = new(VarsSourceClusterConfigMapOrSecret)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.ClusterObject != nil {
+		in, out := &in.ClusterObject, &out.ClusterObject
+		*out = new(VarsSourceClusterObject)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.SystemEnvVars != nil {
 		in, out := &in.SystemEnvVars, &out.SystemEnvVars
 		*out = (*in).DeepCopy()
@@ -957,6 +1038,28 @@ func (in *VarsSourceClusterConfigMapOrSecret) DeepCopy() *VarsSourceClusterConfi
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceClusterObject) DeepCopyInto(out *VarsSourceClusterObject) {
+	*out = *in
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceClusterObject.
+func (in *VarsSourceClusterObject) DeepCopy() *VarsSourceClusterObject {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceClusterObject)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *VarsSourceGcpSecretManager) DeepCopyInto(out *VarsSourceGcpSecretManager) {
 	*out = *in
@@ -993,6 +1096,32 @@ func (in *VarsSourceGit) DeepCopy() *VarsSourceGit {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VarsSourceGitFiles) DeepCopyInto(out *VarsSourceGitFiles) {
+	*out = *in
+	in.Url.DeepCopyInto(&out.Url)
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(GitRef)
+		**out = **in
+	}
+	if in.Files != nil {
+		in, out := &in.Files, &out.Files
+		*out = make([]GitFile, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarsSourceGitFiles.
+func (in *VarsSourceGitFiles) DeepCopy() *VarsSourceGitFiles {
+	if in == nil {
+		return nil
+	}
+	out := new(VarsSourceGitFiles)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *VarsSourceHttp) DeepCopyInto(out *VarsSourceHttp) {
 	*out = *in
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 9406698ed..8b0ac5701 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -116,6 +116,8 @@ func (v *VarsLoader) LoadVars(ctx context.Context, varsCtx *VarsCtx, sourceIn *t
 		newValue, sensitive, err = v.loadFile(varsCtx, *source.File, ignoreMissing, searchDirs)
 	} else if source.Git != nil {
 		newValue, sensitive, err = v.loadGit(ctx, varsCtx, source.Git, ignoreMissing)
+	} else if source.GitFiles != nil {
+		newValue, sensitive, err = v.loadGitFiles(ctx, varsCtx, source.GitFiles, ignoreMissing)
 	} else if source.ClusterConfigMap != nil {
 		newValue, err = v.loadFromK8sConfigMapOrSecret(varsCtx, *source.ClusterConfigMap, "ConfigMap", ignoreMissing, false)
 	} else if source.ClusterSecret != nil {
diff --git a/pkg/vars/vars_loader_git_files.go b/pkg/vars/vars_loader_git_files.go
new file mode 100644
index 000000000..18d947432
--- /dev/null
+++ b/pkg/vars/vars_loader_git_files.go
@@ -0,0 +1,235 @@
+package vars
+
+import (
+	"context"
+	"fmt"
+	"github.com/getsops/sops/v3/cmd/sops/formats"
+	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
+	"github.com/kluctl/kluctl/v2/pkg/sops"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"io/fs"
+	"k8s.io/apimachinery/pkg/runtime"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+func (v *VarsLoader) loadGitFiles(ctx context.Context, varsCtx *VarsCtx, gitFiles *types.VarsSourceGitFiles, ignoreMissing bool) ([]*uo.UnstructuredObject, bool, error) {
+	sensible := false
+
+	ge, err := v.rp.GetEntry(gitFiles.Url.String())
+	if err != nil {
+		return nil, false, err
+	}
+
+	if gitFiles.Ref != nil && gitFiles.Ref.Ref != "" {
+		return nil, false, fmt.Errorf("passing 'ref' as string is not supported for the 'gitFiles' vars source")
+	}
+
+	matchingRefs, err := v.filterGitRefs(gitFiles.Ref, ge)
+	if err != nil {
+		return nil, false, err
+	}
+
+	if len(matchingRefs) == 0 {
+		if ignoreMissing {
+			return nil, false, nil
+		}
+	}
+
+	var globs []glob.Glob
+	for _, f := range gitFiles.Files {
+		g, err := glob.Compile(f.Glob, '/')
+		if err != nil {
+			return nil, false, err
+		}
+		globs = append(globs, g)
+	}
+
+	results := make([]*uo.UnstructuredObject, 0, len(matchingRefs))
+	for ref, hash := range matchingRefs {
+		dir, _, err := ge.GetClonedDir(&types.GitRef{
+			Commit: hash,
+		})
+		if err != nil {
+			return nil, false, err
+		}
+
+		var matchedFiles []types.GitFileMatch
+
+		err = filepath.Walk(dir, func(path string, info fs.FileInfo, err error) error {
+			if info.IsDir() {
+				return nil
+			}
+			relPath, err := filepath.Rel(dir, path)
+			if err != nil {
+				return err
+			}
+			var gitFile *types.GitFile
+			for i, g := range globs {
+				if g.Match(filepath.ToSlash(relPath)) {
+					gitFile = &gitFiles.Files[i]
+					break
+				}
+			}
+			if gitFile == nil {
+				return nil
+			}
+
+			contentBytes, err := os.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			content := string(contentBytes)
+			size := int32(info.Size())
+
+			if gitFile.Render {
+				x, err := varsCtx.RenderString(content, nil)
+				if err != nil {
+					return fmt.Errorf("failed to render %s: %w", relPath, err)
+				}
+				content = x
+			}
+
+			format := formats.FormatForPath(path)
+			decrypted, isEncrypted, err := sops.MaybeDecrypt(v.sops, []byte(content), format, format)
+			if err != nil {
+				return err
+			}
+			if isEncrypted {
+				sensible = true
+				content = string(decrypted)
+				size = int32(len(decrypted))
+			}
+
+			var parsedRawExt *runtime.RawExtension
+			if gitFile.ParseYaml {
+				var parsed any
+				if gitFile.YamlMultiDoc {
+					parsed, err = yaml.ReadYamlAllString(content)
+				} else {
+					err = yaml.ReadYamlString(content, &parsed)
+				}
+				if err != nil {
+					return fmt.Errorf("failed to parse %s: %w", relPath, err)
+				}
+				x, err := yaml.WriteJsonString(parsed)
+				if err != nil {
+					return fmt.Errorf("failed to parse %s: %w", relPath, err)
+				}
+				parsedRawExt = &runtime.RawExtension{Raw: []byte(x)}
+			}
+
+			matchedFiles = append(matchedFiles, types.GitFileMatch{
+				File:    *gitFile,
+				Path:    filepath.ToSlash(relPath),
+				Size:    size,
+				Content: content,
+				Parsed:  parsedRawExt,
+			})
+
+			return nil
+		})
+		if err != nil {
+			return nil, false, err
+		}
+
+		filesByPath := map[string]types.GitFileMatch{}
+		filesTree := uo.New()
+		for _, gf := range matchedFiles {
+			filesByPath[gf.Path] = gf
+			keys := strings.Split(gf.Path, "/")
+			keysI := make([]any, 0, len(keys))
+			for _, k := range keys {
+				keysI = append(keysI, k)
+			}
+			err := filesTree.SetNestedField(gf, keysI...)
+			if err != nil {
+				return nil, false, err
+			}
+		}
+
+		result := types.GitFilesRefMatch{
+			Ref:         ref,
+			RefStr:      ref.String(),
+			Files:       matchedFiles,
+			FilesByPath: filesByPath,
+			FilesTree:   filesTree,
+		}
+
+		o, err := uo.FromStruct(result)
+		if err != nil {
+			return nil, false, err
+		}
+		results = append(results, o)
+	}
+
+	return results, sensible, nil
+}
+
+func (v *VarsLoader) filterGitRefs(ref *types.GitRef, ge *repocache.GitCacheEntry) (map[types.GitRef]string, error) {
+	var err error
+	matchingRefs := map[types.GitRef]string{}
+
+	ri := ge.GetRepoInfo()
+
+	if ref == nil {
+		defaultRef := ri.DefaultRef.String()
+		hash, ok := ri.RemoteRefs[defaultRef]
+		if !ok {
+			return nil, fmt.Errorf("default ref %s not found", defaultRef)
+		}
+		matchingRefs[ri.DefaultRef] = hash
+		return matchingRefs, nil
+	}
+
+	if ref.Commit != "" {
+		found := false
+		for name, hash := range ri.RemoteRefs {
+			if hash == ref.Commit {
+				ref2, err := types.ParseGitRef(name)
+				if err != nil {
+					return nil, err
+				}
+				matchingRefs[ref2] = hash
+				found = true
+				break
+			}
+		}
+		if !found {
+			return nil, fmt.Errorf("commit %s not found", ref.Commit)
+		}
+		return matchingRefs, nil
+	}
+
+	var regex *regexp.Regexp
+	if ref.Tag != "" {
+		regex, err = regexp.Compile(fmt.Sprintf("^refs/tags/%s$", ref.Tag))
+		if err != nil {
+			return nil, fmt.Errorf("invalid tag regex specified: %w", err)
+		}
+	} else if ref.Branch != "" {
+		regex, err = regexp.Compile(fmt.Sprintf("^refs/heads/%s$", ref.Branch))
+		if err != nil {
+			return nil, fmt.Errorf("invalid branch regex specified: %w", err)
+		}
+	} else {
+		return nil, fmt.Errorf("ref is empty")
+	}
+
+	for name, hash := range ri.RemoteRefs {
+		if regex.MatchString(name) {
+			ref2, err := types.ParseGitRef(name)
+			if err != nil {
+				return nil, err
+			}
+			matchingRefs[ref2] = hash
+		}
+	}
+
+	return matchingRefs, nil
+}
diff --git a/pkg/vars/vars_loader_git_files_test.go b/pkg/vars/vars_loader_git_files_test.go
new file mode 100644
index 000000000..c8aa27259
--- /dev/null
+++ b/pkg/vars/vars_loader_git_files_test.go
@@ -0,0 +1,684 @@
+package vars
+
+import (
+	"context"
+	"github.com/getsops/sops/v3/age"
+	git2 "github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
+	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
+	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/runtime"
+	"strings"
+)
+
+func (s *VarsLoaderTestSuite) TestGitFiles() {
+	gs := test_utils.NewTestGitServer(s.T())
+	gs.GitInit("repo")
+
+	wt := gs.GetWorktree("repo")
+
+	updateFile := func(name string, v int) {
+		gs.UpdateYaml("repo", name, func(o map[string]any) error {
+			o["test1"] = map[string]any{
+				"test2": v,
+			}
+			return nil
+		}, "")
+	}
+
+	updateFile("test1.yaml", 42)
+	updateFile("test2.yaml", 43)
+	updateFile("dir1/test.yaml", 1)
+	updateFile("dir2/test.yaml", 2)
+
+	err := wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("b1"),
+		Create: true,
+	})
+	assert.NoError(s.T(), err)
+
+	updateFile("test1.yaml", 142)
+	updateFile("test2.yaml", 143)
+
+	err = wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.Master,
+	})
+	assert.NoError(s.T(), err)
+
+	err = wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("b2"),
+		Create: true,
+	})
+	assert.NoError(s.T(), err)
+
+	updateFile("test1.yaml", 242)
+	updateFile("test2.yaml", 243)
+
+	err = wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.NewBranchReferenceName("c1"),
+		Create: true,
+	})
+	assert.NoError(s.T(), err)
+
+	gs.DeleteFile("repo", "test1.yaml", "")
+	gs.DeleteFile("repo", "test2.yaml", "")
+	updateFile("test3.yaml", 342)
+	updateFile("test4.yaml", 343)
+	gs.UpdateFile("repo", "multidoc.yaml", func(f string) (string, error) {
+		return `
+test1:
+  test2: 1000
+---
+test1:
+  test2: 2000
+`, nil
+	}, "")
+	gs.UpdateFile("repo", "rendered.yaml", func(f string) (string, error) {
+		return `
+test1:
+  test2: {{ 1 + 2 }}
+---
+test1:
+  test2: {{ 1 + 3 }}
+`, nil
+	}, "")
+
+	gs.UpdateFile("repo", "sops.yaml", func(f string) (string, error) {
+		x, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
+		return string(x), nil
+	}, "")
+	key, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	s.T().Setenv(age.SopsAgeKeyEnv, string(key))
+
+	err = wt.Checkout(&git2.CheckoutOptions{
+		Branch: plumbing.Master,
+	})
+	assert.NoError(s.T(), err)
+
+	assertResults := func(vc *VarsCtx, targetPath string, expectedResults []types.GitFilesRefMatch) {
+		targetPath2 := uo.NewMyJsonPathMust(targetPath)
+		resultsO, ok, _ := targetPath2.GetFirstListOfObjects(vc.Vars)
+		if !ok {
+			s.T().Errorf("results not found")
+		}
+		var results []types.GitFilesRefMatch
+		for _, ro := range resultsO {
+			var x types.GitFilesRefMatch
+			err := ro.ToStruct(&x)
+			if err != nil {
+				s.T().Fatal(err)
+			}
+			results = append(results, x)
+		}
+		if len(results) != len(expectedResults) {
+			s.T().Errorf("expected num of results does not match: %d != %d", len(results), len(expectedResults))
+			return
+		}
+		for _, er := range expectedResults {
+			found := false
+			for _, r := range results {
+				if r.Ref == er.Ref {
+					found = true
+
+					if r.RefStr != er.Ref.String() {
+						s.T().Errorf("refStr: %s != %s", r.RefStr, r.Ref.String())
+						return
+					}
+
+					err := wt.Checkout(&git2.CheckoutOptions{
+						Branch: plumbing.ReferenceName(r.Ref.String()),
+					})
+					assert.NoError(s.T(), err)
+
+					assert.Len(s.T(), r.Files, len(er.Files))
+
+					for _, ef := range er.Files {
+						foundFile := false
+						for _, f := range r.Files {
+							if f.Path != ef.Path {
+								continue
+							}
+							if f.File.Glob != ef.File.Glob {
+								s.T().Errorf("glob does not match: %s != %s", f.File.Glob, ef.File.Glob)
+							}
+							foundFile = true
+
+							if ef.Content == "" {
+								expectedContent := gs.ReadFile("repo", f.Path)
+								assert.Equal(s.T(), string(expectedContent), f.Content)
+							} else {
+								assert.Equal(s.T(), ef.Content, f.Content)
+							}
+							if f.File.ParseYaml {
+								var parsed any
+								if f.File.YamlMultiDoc {
+									parsed, err = yaml.ReadYamlAllString(f.Content)
+									if err != nil {
+										s.T().Error(err)
+										return
+									}
+								} else {
+									err = yaml.ReadYamlString(f.Content, &parsed)
+									if err != nil {
+										s.T().Error(err)
+										return
+									}
+								}
+								parsedJson, err := yaml.WriteJsonString(parsed)
+								if err != nil {
+									s.T().Error(err)
+									return
+								}
+								assert.Equal(s.T(), string(ef.Parsed.Raw), parsedJson)
+							}
+
+							if _, ok := r.FilesByPath[f.Path]; !ok {
+								s.T().Errorf("missing path %s", f.Path)
+							}
+							var keysI []any
+							for _, k := range strings.Split(f.Path, "/") {
+								keysI = append(keysI, k)
+							}
+							if _, ok, _ := r.FilesTree.GetNestedObject(keysI...); !ok {
+								s.T().Errorf("missing tree item %s", f.Path)
+							}
+						}
+						if !foundFile {
+							s.T().Errorf("file not found: %s", ef.Path)
+						}
+					}
+
+					break
+				}
+			}
+			if !found {
+				s.T().Errorf("ref %s not found", er.Ref.Branch)
+			}
+		}
+	}
+
+	// master branch, single file
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Files: []types.GitFile{
+					{
+						Glob: "test1.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "master",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test1.yaml",
+						},
+						Path: "test1.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// master branch, multiple files
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Files: []types.GitFile{
+					{
+						Glob: "test*.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "master",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test2.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// master branch, multiple files in subdirs
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Files: []types.GitFile{
+					{
+						Glob: "dir*/*.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "master",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "dir*/*.yaml",
+						},
+						Path: "dir1/test.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "dir*/*.yaml",
+						},
+						Path: "dir2/test.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// b1+b2 branches, no files
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "b.*",
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFileMatch{},
+			},
+			{
+				Ref: types.GitRef{
+					Branch: "b2",
+				},
+				Files: []types.GitFileMatch{},
+			},
+		})
+	})
+
+	// b1 branch, multiple files
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFile{
+					{
+						Glob: "test*.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test2.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// b1+b2 branch, single file
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "b.*",
+				},
+				Files: []types.GitFile{
+					{
+						Glob: "test1.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test1.yaml",
+						},
+						Path: "test1.yaml",
+					},
+				},
+			},
+			{
+				Ref: types.GitRef{
+					Branch: "b2",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test1.yaml",
+						},
+						Path: "test1.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// b1+b2 branch, multiple files
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "b.*",
+				},
+				Files: []types.GitFile{
+					{
+						Glob: "test*.yaml",
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test2.yaml",
+					},
+				},
+			},
+			{
+				Ref: types.GitRef{
+					Branch: "b2",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test*.yaml",
+						},
+						Path: "test2.yaml",
+					},
+				},
+			},
+		})
+	})
+
+	// b1+b2+c1 branch but with multiple file patterns and parsed yaml
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "b.*",
+				},
+				Files: []types.GitFile{
+					{
+						Glob: "test1.yaml",
+					},
+					{
+						Glob:      "test2.yaml",
+						ParseYaml: true,
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "b1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test1.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test2.yaml",
+						},
+						Path:   "test2.yaml",
+						Parsed: &runtime.RawExtension{Raw: []byte("{\"test1\":{\"test2\":143}}")},
+					},
+				},
+			},
+			{
+				Ref: types.GitRef{
+					Branch: "b2",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "test1.yaml",
+						},
+						Path: "test1.yaml",
+					},
+					{
+						File: types.GitFile{
+							Glob: "test2.yaml",
+						},
+						Path:   "test2.yaml",
+						Parsed: &runtime.RawExtension{Raw: []byte("{\"test1\":{\"test2\":243}}")},
+					},
+				},
+			},
+		})
+	})
+
+	// c1 branch multidoc.yaml
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFile{
+					{
+						Glob:         "multidoc.yaml",
+						ParseYaml:    true,
+						YamlMultiDoc: true,
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "multidoc.yaml",
+						},
+						Path:   "multidoc.yaml",
+						Parsed: &runtime.RawExtension{Raw: []byte("[{\"test1\":{\"test2\":1000}},{\"test1\":{\"test2\":2000}}]")},
+					},
+				},
+			},
+		})
+	})
+
+	// c1 branch rendered.yaml
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFile{
+					{
+						Glob:         "rendered.yaml",
+						Render:       true,
+						ParseYaml:    true,
+						YamlMultiDoc: true,
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "rendered.yaml",
+						},
+						Path:    "rendered.yaml",
+						Content: "\ntest1:\n  test2: 3\n---\ntest1:\n  test2: 4",
+						Parsed:  &runtime.RawExtension{Raw: []byte("[{\"test1\":{\"test2\":3}},{\"test1\":{\"test2\":4}}]")},
+					},
+				},
+			},
+		})
+	})
+
+	// c1 branch sops.yaml
+	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
+		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			GitFiles: &types.VarsSourceGitFiles{
+				Url: *url,
+				Ref: &types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFile{
+					{
+						Glob:      "sops.yaml",
+						ParseYaml: true,
+					},
+				},
+			},
+			TargetPath: "my.target",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
+		assertResults(vc, "my.target", []types.GitFilesRefMatch{
+			{
+				Ref: types.GitRef{
+					Branch: "c1",
+				},
+				Files: []types.GitFileMatch{
+					{
+						File: types.GitFile{
+							Glob: "sops.yaml",
+						},
+						Path:    "sops.yaml",
+						Content: "test1:\n    test2: 42\n",
+						Parsed:  &runtime.RawExtension{Raw: []byte("{\"test1\":{\"test2\":42}}")},
+					},
+				},
+			},
+		})
+	})
+}
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 2d8871577..dfd785690 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -338,7 +338,6 @@ export class VarsSourceClusterObject {
     path: string;
     render?: boolean;
     parseYaml?: boolean;
-    targetPath: string;
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
@@ -351,7 +350,6 @@ export class VarsSourceClusterObject {
         this.path = source["path"];
         this.render = source["render"];
         this.parseYaml = source["parseYaml"];
-        this.targetPath = source["targetPath"];
     }
 }
 export class VarsSourceClusterConfigMapOrSecret {
@@ -370,6 +368,50 @@ export class VarsSourceClusterConfigMapOrSecret {
         this.targetPath = source["targetPath"];
     }
 }
+export class GitFile {
+    glob: string;
+    render?: boolean;
+    parseYaml?: boolean;
+    yamlMultiDoc?: boolean;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.glob = source["glob"];
+        this.render = source["render"];
+        this.parseYaml = source["parseYaml"];
+        this.yamlMultiDoc = source["yamlMultiDoc"];
+    }
+}
+export class VarsSourceGitFiles {
+    url: string;
+    ref?: GitRef;
+    files?: GitFile[];
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.url = source["url"];
+        this.ref = new GitRef(source["ref"]);
+        this.files = this.convertValues(source["files"], GitFile);
+    }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
+}
 export class VarsSourceGit {
     url: string;
     ref?: GitRef;
@@ -389,6 +431,7 @@ export class VarsSource {
     values?: any;
     file?: string;
     git?: VarsSourceGit;
+    gitFiles?: VarsSourceGitFiles;
     clusterConfigMap?: VarsSourceClusterConfigMapOrSecret;
     clusterSecret?: VarsSourceClusterConfigMapOrSecret;
     clusterObject?: VarsSourceClusterObject;
@@ -398,6 +441,7 @@ export class VarsSource {
     gcpSecretManager?: VarsSourceGcpSecretManager;
     vault?: VarsSourceVault;
     azureKeyVault?: VarSourceAzureKeyVault;
+    targetPath?: string;
     when?: string;
     renderedSensitive?: boolean;
     renderedVars?: any;
@@ -410,6 +454,7 @@ export class VarsSource {
         this.values = source["values"];
         this.file = source["file"];
         this.git = this.convertValues(source["git"], VarsSourceGit);
+        this.gitFiles = this.convertValues(source["gitFiles"], VarsSourceGitFiles);
         this.clusterConfigMap = this.convertValues(source["clusterConfigMap"], VarsSourceClusterConfigMapOrSecret);
         this.clusterSecret = this.convertValues(source["clusterSecret"], VarsSourceClusterConfigMapOrSecret);
         this.clusterObject = this.convertValues(source["clusterObject"], VarsSourceClusterObject);
@@ -419,6 +464,7 @@ export class VarsSource {
         this.gcpSecretManager = this.convertValues(source["gcpSecretManager"], VarsSourceGcpSecretManager);
         this.vault = this.convertValues(source["vault"], VarsSourceVault);
         this.azureKeyVault = this.convertValues(source["azureKeyVault"], VarSourceAzureKeyVault);
+        this.targetPath = source["targetPath"];
         this.when = source["when"];
         this.renderedSensitive = source["renderedSensitive"];
         this.renderedVars = source["renderedVars"];

From dd2e4512e42c76f0e88e8c41ddc51e5e10dbf9b2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 4 Jan 2024 09:16:29 +0100
Subject: [PATCH 1896/2268] fix: Fix clusterObject in webui and implement
 gitFiles support

---
 .../command-result/nodes/VarsSourceNode.tsx   | 64 +++++++++++++++++--
 1 file changed, 59 insertions(+), 5 deletions(-)

diff --git a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
index d2011678a..6327765db 100644
--- a/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
+++ b/pkg/webui/ui/src/components/command-result/nodes/VarsSourceNode.tsx
@@ -88,10 +88,34 @@ export class VarsSourceNodeData extends NodeData {
                     return sourceProps
                 }
             }
-        } else if (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret || this.varsSource.clusterObject) {
-            const vs = (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret || this.varsSource.clusterObject)!
-            const type = this.varsSource.clusterObject ? this.varsSource.clusterObject.kind : (this.varsSource.clusterConfigMap ? "cm" : "secret")
-            const icon = this.varsSource.clusterObject ? <DataObject fontSize={"large"}/> : (this.varsSource.clusterConfigMap ? <Settings fontSize={"large"}/> : <Lock fontSize={"large"}/>)
+        } else if (this.varsSource.gitFiles) {
+            return {
+                type: "gitFiles",
+                label: () => {
+                    const s = this.varsSource.gitFiles!.url.split("/")
+                    const name = s[s.length - 1]
+                    return <>
+                        {name}
+                    </>
+                },
+                icon: () => <GitIcon/>,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({ name: "Url", value: this.varsSource.gitFiles!.url })
+                    sourceProps.push({ name: "Ref", value: buildGitRefString(this.varsSource.gitFiles?.ref) })
+                    this.varsSource.gitFiles!.files?.forEach((gf, i) => {
+                        sourceProps.push({ name: `Files[${i}].glob`, value: gf.glob })
+                        sourceProps.push({ name: `Files[${i}].render`, value: !!gf.render + "" })
+                        sourceProps.push({ name: `Files[${i}].parseYaml`, value: !!gf.parseYaml + "" })
+                        sourceProps.push({ name: `Files[${i}].yamlMultiDoc`, value: !!gf.yamlMultiDoc + "" })
+                    })
+                    return sourceProps
+                }
+            }
+        } else if (this.varsSource.clusterConfigMap || this.varsSource.clusterSecret) {
+            const vs = (this.varsSource.clusterConfigMap ? this.varsSource.clusterConfigMap : this.varsSource.clusterSecret)!
+            const type = this.varsSource.clusterConfigMap ? "cm" : "secret"
+            const icon = this.varsSource.clusterConfigMap ? <Settings fontSize={"large"}/> : <Lock fontSize={"large"}/>
             return {
                 type: type,
                 label: () => {
@@ -112,6 +136,33 @@ export class VarsSourceNodeData extends NodeData {
                     return sourceProps
                 }
             }
+        } else if (this.varsSource.clusterObject) {
+            const vs = this.varsSource.clusterObject
+            const type = "clusterObject"
+            const icon = <DataObject fontSize={"large"}/>
+            return {
+                type: type,
+                label: () => {
+                    return vs.name
+                },
+                icon: () => icon,
+                sourceProps: () => {
+                    const sourceProps = []
+                    sourceProps.push({ name: "Name", value: vs.name })
+                    sourceProps.push({ name: "Namespace", value: vs.namespace })
+                    if (vs.labels) {
+                        sourceProps.push({
+                            name: "Labels",
+                            value: <CodeViewer code={this.labelsYaml!} language={"yaml"}/>
+                        })
+                    }
+                    sourceProps.push({ name: "Path", value: vs.path })
+                    sourceProps.push({ name: "List", value: !!vs.list + "" })
+                    sourceProps.push({ name: "Render", value: !!vs.render + "" })
+                    sourceProps.push({ name: "ParseYaml", value: !!vs.parseYaml + "" })
+                    return sourceProps
+                }
+            }
         } else if (this.varsSource.systemEnvVars) {
             return {
                 type: "systemEnvVar",
@@ -248,6 +299,10 @@ export class VarsSourceNodeData extends NodeData {
             { name: "NoOverride", value: (!!this.varsSource.noOverride) + "" },
         ]
 
+        if (this.varsSource.targetPath) {
+            props.push({ name: "TargetPath", value: this.varsSource.targetPath })
+        }
+
         if (this.varsSource.when) {
             props.push({ name: "When", value: this.varsSource.when })
         }
@@ -267,7 +322,6 @@ export class VarsSourceNodeData extends NodeData {
 
             {!redactedWarning &&
                 <CodeViewer code={this.renderedVarsYaml} language={"yaml"}/>
-
             }
         </Box>
     }

From 1932c55f92b7a1ac2dc1e08437b8c79f2847c0b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jan 2024 14:45:54 +0100
Subject: [PATCH 1897/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#929)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.24.4 to 0.24.5.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.24.4...v0.24.5)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 0715fc096..957b2509f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.24.4
+	github.com/bitnami-labs/sealed-secrets v0.24.5
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.16.0
diff --git a/go.sum b/go.sum
index e4c543ca7..833651a88 100644
--- a/go.sum
+++ b/go.sum
@@ -112,8 +112,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/sealed-secrets v0.24.4 h1:ssJRQ+dtvmP+0AMzAstNgLivqwnP0TtjddFplSOhDJs=
-github.com/bitnami-labs/sealed-secrets v0.24.4/go.mod h1:AQQ3N08Chrpwa6gTToZMFR4luoaubMiZp8e0A/LmtCI=
+github.com/bitnami-labs/sealed-secrets v0.24.5 h1:C5zx29thAk0D/0zZnwxjVcxVe428Ah70AwmJaRee95o=
+github.com/bitnami-labs/sealed-secrets v0.24.5/go.mod h1:I8Wm+jD3QHt4t3j5XQIRarRulDLv3OG7vpObtddl36w=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -535,8 +535,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.20.3 h1:Z+fnElsA/GbI5oiT726qJaG4Ca9q5l7UO68Qd0PtkD4=
 github.com/ohler55/ojg v1.20.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
-github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
-github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
+github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
 github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
 github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

From 4db4174abe5864fc5d26a0f58013ae30420f9b93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jan 2024 14:46:03 +0100
Subject: [PATCH 1898/2268] chore(deps): Bump the golang-x group with 1 update
 (#930)

Bumps the golang-x group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 957b2509f..0fa560223 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/spf13/viper v1.18.1
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.16.0
+	golang.org/x/crypto v0.17.0
 	golang.org/x/net v0.19.0
 	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.15.0
diff --git a/go.sum b/go.sum
index 833651a88..6623e2b4c 100644
--- a/go.sum
+++ b/go.sum
@@ -714,8 +714,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=

From 7247de21c236ffc5c2c57a780e8c02896e9c7b99 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jan 2024 14:46:09 +0100
Subject: [PATCH 1899/2268] chore(deps): Bump github.com/spf13/viper from
 1.18.1 to 1.18.2 (#931)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0fa560223..cbb88a0b2 100644
--- a/go.mod
+++ b/go.mod
@@ -30,7 +30,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.18.1
+	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.17.0
diff --git a/go.sum b/go.sum
index 6623e2b4c..a99ea5855 100644
--- a/go.sum
+++ b/go.sum
@@ -627,8 +627,8 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM=
-github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
+github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
+github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=

From 0834b3968731843a38ae9bd5fc2ad45e6e978750 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jan 2024 14:46:19 +0100
Subject: [PATCH 1900/2268] chore(deps): Bump google.golang.org/grpc from
 1.60.0 to 1.60.1 (#932)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.0 to 1.60.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.60.0...v1.60.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index cbb88a0b2..459443328 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.15.0
 	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
-	google.golang.org/grpc v1.60.0
+	google.golang.org/grpc v1.60.1
 	google.golang.org/protobuf v1.31.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
diff --git a/go.sum b/go.sum
index a99ea5855..1e4dbd7fc 100644
--- a/go.sum
+++ b/go.sum
@@ -844,8 +844,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k=
-google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
+google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 6c10eb8a0bb428d14e99a762c4deb022975eedbe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Dec 2023 12:38:19 +0100
Subject: [PATCH 1901/2268] docs: Fix title of kluctl-libraries docs

---
 docs/kluctl/kluctl-libraries/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/kluctl-libraries/README.md b/docs/kluctl/kluctl-libraries/README.md
index 17cd52930..a6849726d 100644
--- a/docs/kluctl/kluctl-libraries/README.md
+++ b/docs/kluctl/kluctl-libraries/README.md
@@ -1,8 +1,8 @@
 <!-- This comment is uncommented when auto-synced to www-kluctl.io
 
 ---
-title: "Kluctl Libraries"
-linkTitle: "Kluctl Libraries"
+title: "Kluctl Library Projects"
+linkTitle: "Kluctl Library Projects"
 weight: 1
 description: >
     Kluctl library project configuration, found in the .kluctl-library.yaml file.

From 701255963f0510bc5b182f8c685b3e666e31ae3c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Dec 2023 17:25:56 +0100
Subject: [PATCH 1902/2268] docs: Remove not workign links in docs

---
 docs/kluctl/deployments/README.md | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/docs/kluctl/deployments/README.md b/docs/kluctl/deployments/README.md
index 7f45f93ab..c91ba569d 100644
--- a/docs/kluctl/deployments/README.md
+++ b/docs/kluctl/deployments/README.md
@@ -37,12 +37,9 @@ as you need.
 Each level in this structure recursively adds [tags](./tags.md) to each deployed resources, allowing you to control
 precisely what is deployed in the future.
 
-Some visualized files/directories have links attached, follow them to get more information.
-
-<!-- markdown-link-check-disable -->
-<pre>
+```
 -- project-dir/
-   |-- <a href="./deployment-yml">deployment.yaml</a>
+   |-- deployment.yaml
    |-- .gitignore
    |-- kustomize-deployment1/
    |   |-- kustomization.yaml
@@ -58,7 +55,7 @@ Some visualized files/directories have links attached, follow them to get more i
    |   |   |-- resource2.yaml
    |   |   |-- patch1.yaml
    |   |   `-- ...
-   |   |-- <a href="./helm">kustomize-with-helm-deployment/</a>
+   |   |-- kustomize-with-helm-deployment
    |   |   |-- charts/
    |   |   |   `-- ...
    |   |   |-- kustomization.yaml
@@ -70,8 +67,7 @@ Some visualized files/directories have links attached, follow them to get more i
    |       `-- ... subsubsub deployments
    `-- sub-deployment/
        `-- ...
-</pre>
-<!-- markdown-link-check-enable -->
+```
 
 ## Order of deployments
 Deployments are done in parallel, meaning that there are usually no order guarantees. The only way to somehow control

From 0a8a11ce75add1105cd1467859cc69c6eb78c0f6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Dec 2023 17:33:07 +0100
Subject: [PATCH 1903/2268] docs: Reorder kluctl docs menu

---
 docs/gitops/installation.md            | 2 +-
 docs/gitops/metrics/README.md          | 2 +-
 docs/gitops/spec/README.md             | 2 +-
 docs/kluctl/commands/README.md         | 2 +-
 docs/kluctl/deployments/README.md      | 2 +-
 docs/kluctl/get-started.md             | 2 +-
 docs/kluctl/installation.md            | 2 +-
 docs/kluctl/kluctl-libraries/README.md | 2 +-
 docs/kluctl/kluctl-project/README.md   | 2 +-
 docs/kluctl/templating/README.md       | 2 +-
 docs/webui/oidc-azure-ad.md            | 2 +-
 docs/webui/running-locally.md          | 2 +-
 12 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 0407051c5..3836b7977 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -3,7 +3,7 @@
 ---
 title: "Installation"
 linkTitle: "Installation"
-weight: 20
+weight: 10
 description: "Installing the Kluctl Controller"
 ---
 -->
diff --git a/docs/gitops/metrics/README.md b/docs/gitops/metrics/README.md
index 2ae19f029..a580dc43b 100644
--- a/docs/gitops/metrics/README.md
+++ b/docs/gitops/metrics/README.md
@@ -4,6 +4,6 @@
 title: Metrics
 linkTitle: Metrics
 description: OpenMetrics-compatible export of controller metrics
-weight: 10
+weight: 30
 ---
 -->
diff --git a/docs/gitops/spec/README.md b/docs/gitops/spec/README.md
index cb95e02f6..b770afede 100644
--- a/docs/gitops/spec/README.md
+++ b/docs/gitops/spec/README.md
@@ -4,6 +4,6 @@
 title: Specs
 linkTitle: Specs
 description: Kluctl Controller specs
-weight: 10
+weight: 20
 ---
 -->
diff --git a/docs/kluctl/commands/README.md b/docs/kluctl/commands/README.md
index 85b39a18e..48a579247 100644
--- a/docs/kluctl/commands/README.md
+++ b/docs/kluctl/commands/README.md
@@ -3,7 +3,7 @@
 ---
 title: "Commands"
 linkTitle: "Commands"
-weight: 10
+weight: 50
 description: >
     Description of available commands.
 ---
diff --git a/docs/kluctl/deployments/README.md b/docs/kluctl/deployments/README.md
index c91ba569d..579908c1b 100644
--- a/docs/kluctl/deployments/README.md
+++ b/docs/kluctl/deployments/README.md
@@ -3,7 +3,7 @@
 ---
 title: "Deployments"
 linkTitle: "Deployments"
-weight: 2
+weight: 30
 description: >
     Deployments and sub-deployments.
 ---
diff --git a/docs/kluctl/get-started.md b/docs/kluctl/get-started.md
index ddbfeffc8..10532b75f 100644
--- a/docs/kluctl/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -4,7 +4,7 @@
 title: "Get Started"
 linkTitle: "Get Started"
 description: "Get Started with Kluctl."
-weight: 20
+weight: 1
 ---
 -->
 
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 8287f2796..441c52840 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -3,7 +3,7 @@
 ---
 title: "Installation"
 linkTitle: "Installation"
-weight: 20
+weight: 5
 description: "Installing kluctl."
 ---
 -->
diff --git a/docs/kluctl/kluctl-libraries/README.md b/docs/kluctl/kluctl-libraries/README.md
index a6849726d..015e15d89 100644
--- a/docs/kluctl/kluctl-libraries/README.md
+++ b/docs/kluctl/kluctl-libraries/README.md
@@ -3,7 +3,7 @@
 ---
 title: "Kluctl Library Projects"
 linkTitle: "Kluctl Library Projects"
-weight: 1
+weight: 20
 description: >
     Kluctl library project configuration, found in the .kluctl-library.yaml file.
 ---
diff --git a/docs/kluctl/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
index 983a4ae99..fc4ba4083 100644
--- a/docs/kluctl/kluctl-project/README.md
+++ b/docs/kluctl/kluctl-project/README.md
@@ -3,7 +3,7 @@
 ---
 title: "Kluctl Projects"
 linkTitle: "Kluctl Projects"
-weight: 1
+weight: 10
 description: >
     Kluctl project configuration, found in the .kluctl.yaml file.
 ---
diff --git a/docs/kluctl/templating/README.md b/docs/kluctl/templating/README.md
index 96155e728..4d914599c 100644
--- a/docs/kluctl/templating/README.md
+++ b/docs/kluctl/templating/README.md
@@ -3,7 +3,7 @@
 ---
 title: "Templating"
 linkTitle: "Templating"
-weight: 2
+weight: 40
 description: >
     Templating Engine.
 ---
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index be8171c0d..eb79fc62e 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -4,7 +4,7 @@
 title: Azure AD Integration
 linkTitle: Azure AD Integration
 description: Azure AD Integration
-weight: 20
+weight: 30
 ---
 -->
 
diff --git a/docs/webui/running-locally.md b/docs/webui/running-locally.md
index 44e8d6ad6..b4c21bd47 100644
--- a/docs/webui/running-locally.md
+++ b/docs/webui/running-locally.md
@@ -4,7 +4,7 @@
 title: Running locally
 linkTitle: Running locally
 description: Running the Kluctl Webui locally
-weight: 30
+weight: 20
 ---
 -->
 

From b34d20f36ac2195062d0ebeec83f3f28388483e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 18 Dec 2023 17:40:12 +0100
Subject: [PATCH 1904/2268] docs: Fix "kluctl projects" title

---
 docs/kluctl/kluctl-project/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/kluctl/kluctl-project/README.md b/docs/kluctl/kluctl-project/README.md
index fc4ba4083..5f4fa88fc 100644
--- a/docs/kluctl/kluctl-project/README.md
+++ b/docs/kluctl/kluctl-project/README.md
@@ -9,7 +9,7 @@ description: >
 ---
 -->
 
-# Kluctl project
+# Kluctl Projects
 
 The `.kluctl.yaml` is the central configuration and entry point for your deployments. It defines which targets are
 available to invoke [commands](../commands) on.

From 0cd29810240d4b76f4ef934973286cefe1d76de3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 14:15:14 +0100
Subject: [PATCH 1905/2268] feat: Make -t mandatory when the project defines
 targets (#939)

* feat: Make -t mandatory when the project defines targets

* tests: Add tests for new mandatory targets
---
 e2e/args_test.go                              |  5 ++
 e2e/gitops_misc_test.go                       | 52 +++++++++++++++++--
 e2e/gitops_suite_test.go                      |  7 ++-
 e2e/no_target_test.go                         | 17 ++++--
 .../target-context/target_context.go          |  5 ++
 5 files changed, 77 insertions(+), 9 deletions(-)

diff --git a/e2e/args_test.go b/e2e/args_test.go
index 547d4de72..1c117bdc7 100644
--- a/e2e/args_test.go
+++ b/e2e/args_test.go
@@ -235,6 +235,11 @@ func testArgsInDiscriminator(t *testing.T, inDefaultDiscriminator bool) {
 
 	if inDefaultDiscriminator {
 		// now without targets
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			_ = o.RemoveNestedField("targets")
+			return nil
+		})
+
 		p.KluctlMust(t, "deploy", "--yes")
 		cm = assertConfigMapExists(t, k, p.TestSlug(), "cm")
 		assertNestedFieldEquals(t, cm, "discriminator-default", "metadata", "labels", "kluctl.io/discriminator")
diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
index 6418e7723..a83156fa0 100644
--- a/e2e/gitops_misc_test.go
+++ b/e2e/gitops_misc_test.go
@@ -4,10 +4,13 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"testing"
+
+	. "github.com/onsi/gomega"
 )
 
 type GitOpsMiscSuite struct {
@@ -35,7 +38,7 @@ func (suite *GitOpsMiscSuite) TestGitSourceWithPath() {
 	suite.Run("initial deployment fails", func() {
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
-		assert.Equal(suite.T(), v1.ConditionFalse, status.Status)
+		assert.Equal(suite.T(), metav1.ConditionFalse, status.Status)
 		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
 	})
 
@@ -46,7 +49,7 @@ func (suite *GitOpsMiscSuite) TestGitSourceWithPath() {
 
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
-		assert.Equal(suite.T(), v1.ConditionTrue, status.Status)
+		assert.Equal(suite.T(), metav1.ConditionTrue, status.Status)
 	})
 }
 
@@ -81,7 +84,7 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 	suite.Run("initial deployment fails", func() {
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
-		assert.Equal(suite.T(), v1.ConditionFalse, status.Status)
+		assert.Equal(suite.T(), metav1.ConditionFalse, status.Status)
 		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
 	})
 
@@ -92,6 +95,45 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
-		assert.Equal(suite.T(), v1.ConditionTrue, status.Status)
+		assert.Equal(suite.T(), metav1.ConditionTrue, status.Status)
+	})
+}
+
+func (suite *GitOpsMiscSuite) TestNoTarget() {
+	p := prepareNoTargetTest(suite.T(), true)
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	key := suite.createKluctlDeployment(p, "", nil)
+
+	suite.Run("deployment with no target", func() {
+		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		cm := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm")
+		assert.Equal(suite.T(), map[string]any{
+			"targetName":    "",
+			"targetContext": "default",
+		}, cm.Object["data"])
+	})
+}
+
+func (suite *GitOpsMiscSuite) TestNoTargetError() {
+	g := NewWithT(suite.T())
+
+	p := prepareNoTargetTest(suite.T(), true)
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("target1", func(target *uo.UnstructuredObject) {
+	})
+
+	key := suite.createKluctlDeployment(p, "", nil)
+
+	suite.Run("deployment with no target", func() {
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+
+		readinessCondition := suite.getReadiness(kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+
+		g.Expect(readinessCondition.Status).To(Equal(metav1.ConditionFalse))
+		g.Expect(readinessCondition.Reason).To(Equal(kluctlv1.PrepareFailedReason))
+		g.Expect(readinessCondition.Message).To(ContainSubstring("a target must be explicitly selected when targets are defined in the Kluctl project"))
 	})
 }
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 41aeeab0f..5ad0fc5a0 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -231,6 +231,11 @@ func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProjec
 		suite.T().Fatal(err)
 	}
 
+	var targetPtr *string
+	if target != "" {
+		targetPtr = &target
+	}
+
 	kluctlDeployment := &kluctlv1.KluctlDeployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      p.TestSlug(),
@@ -239,7 +244,7 @@ func (suite *GitopsTestSuite) createKluctlDeployment2(p *test_project.TestProjec
 		Spec: kluctlv1.KluctlDeploymentSpec{
 			Interval: metav1.Duration{Duration: interval},
 			Timeout:  &metav1.Duration{Duration: timeout},
-			Target:   &target,
+			Target:   targetPtr,
 			Args: &runtime.RawExtension{
 				Raw: jargs,
 			},
diff --git a/e2e/no_target_test.go b/e2e/no_target_test.go
index 8759a7bf1..17c83f832 100644
--- a/e2e/no_target_test.go
+++ b/e2e/no_target_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
@@ -11,9 +12,6 @@ import (
 func prepareNoTargetTest(t *testing.T, withDeploymentYaml bool) *test_project.TestProject {
 	p := test_project.NewTestProject(t)
 
-	createNamespace(t, defaultCluster1, p.TestSlug())
-	createNamespace(t, defaultCluster2, p.TestSlug())
-
 	cm := createConfigMapObject(map[string]string{
 		"targetName":    `{{ target.name }}`,
 		"targetContext": `{{ target.context }}`,
@@ -37,6 +35,8 @@ func testNoTarget(t *testing.T, withDeploymentYaml bool) {
 	t.Parallel()
 
 	p := prepareNoTargetTest(t, withDeploymentYaml)
+	createNamespace(t, defaultCluster1, p.TestSlug())
+	createNamespace(t, defaultCluster2, p.TestSlug())
 
 	p.KluctlMust(t, "deploy", "--yes")
 	cm := assertConfigMapExists(t, defaultCluster1, p.TestSlug(), "cm")
@@ -68,3 +68,14 @@ func TestNoTarget(t *testing.T) {
 func TestNoTargetNoDeployment(t *testing.T) {
 	testNoTarget(t, false)
 }
+
+func TestNoTargetWithTargetsInProject(t *testing.T) {
+	t.Parallel()
+
+	p := prepareNoTargetTest(t, true)
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	_, _, err := p.Kluctl(t, "deploy", "--yes")
+	assert.ErrorContains(t, err, "a target must be explicitly selected when targets are defined in the Kluctl project")
+}
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index 6b9e93e39..6e3b26f3d 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -10,6 +10,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
@@ -63,6 +64,10 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 		}
 		target = &*t
 	} else {
+		if len(p.Targets) != 0 {
+			status.Deprecation(ctx, "no-target", "Warning, tried to use Kluctl without explicitly specifying a target, while the Kluctl project contains target definitions. This was allowed in older version of Kluctl, but is forbidden since v2.23.0. If mixing deployments with and without targets was actually intended, please switch to creating and using a dedicated target that serves as a replacement for no-target deployments.")
+			return nil, fmt.Errorf("a target must be explicitly selected when targets are defined in the Kluctl project")
+		}
 		target = &types.Target{
 			Discriminator: p.Config.Discriminator,
 		}

From ded20009199a5ae951d7ef4e8291e6b170a54ed3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jan 2024 12:10:12 +0100
Subject: [PATCH 1906/2268] feat: Print warning at the bottom of the pretty
 command result output (#940)

---
 cmd/kluctl/commands/command_result.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 28daebc79..59dcb03d9 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -19,11 +19,6 @@ import (
 func formatCommandResultText(cr *result.CommandResult, short bool) string {
 	buf := bytes.NewBuffer(nil)
 
-	if len(cr.Warnings) != 0 {
-		buf.WriteString("\nWarnings:\n")
-		prettyErrors(buf, cr.Warnings)
-	}
-
 	var newObjects []k8s.ObjectRef
 	var changedObjects []k8s.ObjectRef
 	var deletedObjects []k8s.ObjectRef
@@ -84,6 +79,11 @@ func formatCommandResultText(cr *result.CommandResult, short bool) string {
 		prettyObjectRefs(buf, orphanObjects)
 	}
 
+	if len(cr.Warnings) != 0 {
+		buf.WriteString("\nWarnings:\n")
+		prettyErrors(buf, cr.Warnings)
+	}
+
 	if len(cr.Errors) != 0 {
 		buf.WriteString("\nErrors:\n")
 		prettyErrors(buf, cr.Errors)

From 7e8a11f4b8293487755668b7f8ccccd349ae2f08 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:10:37 +0100
Subject: [PATCH 1907/2268] chore(deps): Bump the aws-sdk group with 4 updates
 (#934)

Bumps the aws-sdk group with 4 updates: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.24.0 to 1.24.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.24.0...v1.24.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.26.1 to 1.26.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.1...config/v1.26.3)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.24.5 to 1.24.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.24.5...service/ecr/v1.24.7)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.25.5 to 1.26.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.25.5...config/v1.26.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 24 ++++++++++++------------
 go.sum | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index 459443328..6e6e9a77b 100644
--- a/go.mod
+++ b/go.mod
@@ -55,12 +55,12 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.24.0
-	github.com/aws/aws-sdk-go-v2/config v1.26.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5
+	github.com/aws/aws-sdk-go-v2 v1.24.1
+	github.com/aws/aws-sdk-go-v2/config v1.26.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.14
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
 	github.com/aws/smithy-go v1.19.0
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -118,15 +118,15 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 1e4dbd7fc..6f6ed648c 100644
--- a/go.sum
+++ b/go.sum
@@ -74,36 +74,36 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
-github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
-github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.3 h1:dKuc2jdp10y13dEEvPqWxqLoc0vF3Z9FC45MvuQSxOA=
+github.com/aws/aws-sdk-go-v2/config v1.26.3/go.mod h1:Bxgi+DeeswYofcYO0XyGClwlrq3DZEXli0kLf4hkGA0=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.14 h1:mMDTwwYO9A0/JbOCOG7EOZHtYM+o7OfGWfu0toa23VE=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.14/go.mod h1:cniAUh3ErQPHtCQGPT5ouvSAQ0od8caTO9OOuufZOAE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5 h1:wLPDAUFT50NEXGXpywRU3AA74pg35RJjWol/68ruvQQ=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.24.5/go.mod h1:AOHmGMoPtSY9Zm2zBuwUJQBisIvYAZeA1n7b6f4e880=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5 h1:qYi/BfDrWXZxlmRjlKCyFmtI4HKJwW8OKDKhKRAOZQI=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.25.5/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1 h1:Sn3MAV9YeACCULaxNWWYFH1a6G4wYFwBn3/TA5MwE2Q=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1/go.mod h1:qutL00aW8GSo2D0I6UEOqMvRS3ZyuBrOC1BLe5D2jPc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 h1:Yf2MIo9x+0tyv76GljxzqA3WtC5mw7NmazD2chwjxE4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 158daed801a87ad6508e1c4b937694abd66c5549 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:10:47 +0100
Subject: [PATCH 1908/2268] chore(deps): Bump the golang-x group with 2 updates
 (#935)

Bumps the golang-x group with 2 updates: [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/sync` from 0.5.0 to 0.6.0
- [Commits](https://github.com/golang/sync/compare/v0.5.0...v0.6.0)

Updates `golang.org/x/sys` from 0.15.0 to 0.16.0
- [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 6e6e9a77b..3907f3f05 100644
--- a/go.mod
+++ b/go.mod
@@ -35,8 +35,8 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.17.0
 	golang.org/x/net v0.19.0
-	golang.org/x/sync v0.5.0
-	golang.org/x/sys v0.15.0
+	golang.org/x/sync v0.6.0
+	golang.org/x/sys v0.16.0
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
diff --git a/go.sum b/go.sum
index 6f6ed648c..1cd3271ba 100644
--- a/go.sum
+++ b/go.sum
@@ -759,8 +759,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -783,8 +783,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

From ee9328b691858b57620fc9ac45df11f70096f473 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:10:54 +0100
Subject: [PATCH 1909/2268] chore(deps): Bump github.com/go-logr/logr from
 1.3.0 to 1.4.1 (#936)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.3.0 to 1.4.1.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-logr/logr/compare/v1.3.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 3907f3f05..98b26414e 100644
--- a/go.mod
+++ b/go.mod
@@ -71,7 +71,7 @@ require (
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-git/go-git/v5 v5.11.0
-	github.com/go-logr/logr v1.3.0
+	github.com/go-logr/logr v1.4.1
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.5.0
 	github.com/googleapis/gax-go/v2 v2.12.0
diff --git a/go.sum b/go.sum
index 1cd3271ba..8a12aa4c1 100644
--- a/go.sum
+++ b/go.sum
@@ -259,8 +259,9 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=

From cff3b4d798be3aa5fbeeb840c8cd513d2803223c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:11:05 +0100
Subject: [PATCH 1910/2268] chore(deps): Bump google.golang.org/protobuf from
 1.31.0 to 1.32.0 (#937)

Bumps google.golang.org/protobuf from 1.31.0 to 1.32.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 98b26414e..7aa27761f 100644
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
 	golang.org/x/oauth2 v0.15.0
 	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
 	google.golang.org/grpc v1.60.1
-	google.golang.org/protobuf v1.31.0
+	google.golang.org/protobuf v1.32.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
diff --git a/go.sum b/go.sum
index 8a12aa4c1..68e869ee6 100644
--- a/go.sum
+++ b/go.sum
@@ -858,8 +858,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From 5aaa894fa9a9c93ff82c7c0210b6cc2a8c85396c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:07:12 +0100
Subject: [PATCH 1911/2268] feat: Implement waitReadinessObjects deployment
 item

---
 docs/kluctl/deployments/deployment-yml.md | 55 ++++++++++++++++--
 pkg/deployment/utils/apply_utils.go       | 69 +++++++++++++++++------
 pkg/types/deployment.go                   | 28 +++++++--
 3 files changed, 124 insertions(+), 28 deletions(-)

diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index 2318c09f3..411c42e78 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -64,15 +64,11 @@ Example:
 deployments:
 - path: path/to/deployment1
 - path: path/to/deployment2
-  waitReadiness: true
 ```
 
 The `path` must point to a directory relative to the directory containing the `deployment.yaml`. Only directories
 that are part of the kluctl project are allowed. The directory must contain a valid `kustomization.yaml`.
 
-`waitReadiness` is optional and if set to `true` instructs kluctl to wait for readiness of each individual object
-of the kustomize deployment. Readiness is defined in [readiness](./readiness.md).
-
 ### Includes
 
 Specifies a sub-deployment project to be included. The included sub-deployment project will inherit many properties
@@ -179,6 +175,10 @@ Causes kluctl to wait until all previous kustomize deployments have been applied
 upcoming deployments need the current or previous deployments to be finished beforehand. Previous deployments also
 include all sub-deployments from included deployments.
 
+Please note that barriers do not wait for readiness of individual resources. This means that it will not wait for
+readiness of services, deployments, daemon sets, and so on. To actually wait for readiness, use `waitReadiness: true` or
+`waitReadinessObjects`.
+
 Example:
 ```yaml
 deployments:
@@ -202,13 +202,58 @@ deployments:
 - barrier: true
   message: "Waiting for subDeployment1 to be finished"
 # At this point, it's ensured that kustomizeDeployment1, kustomizeDeployment2 and all sub-deployments from
-# subDeployment1 are fully deployed.
+# subDeployment1 are fully applied.
 - path: kustomizeDeployment3
 ```
 If no custom message is provided, the barrier will be created without a specific message, and the default behavior will be applied.
 
 When viewing the `kluctl deploy` status, the custom message, if provided, will be displayed along with default barrier information.
 
+### waitReadiness
+`waitReadiness` can be set on all deployment items. If set to `true`, Kluctl will wait for readiness of each individual object
+of the current deployment item. Readiness is defined in [readiness](./readiness.md).
+
+Please note that Kluctl will not wait for readiness of previous deployment items.
+
+This can also be combined with [barriers](#barriers), which will instruct Kluctl to stop processing the next deployment
+items until everything before the barrier is applied and the current deployment item's objects are all ready.
+
+Examples:
+```yaml
+deployments:
+- path: kustomizeDeployment1
+  waitReadiness: true
+- path: kustomizeDeployment2
+  # this will wait for kustomizeDeployment1 to be applied+ready and kustomizeDeployment2 to be applied
+  # kustomizeDeployment2 is not guaranteed to be ready at this point, but might be due to the parallel nature of Kluctl
+- barrier: true
+- path: kustomizeDeployment3
+```
+
+### waitReadinessObjects
+This is comparable to `waitReadiness`, but instead of waiting for all objects of the current deployment item, it allows
+to explicitly specify objects which are not necessarily part of the current (or any) deployment item.
+
+This is for example useful if you used an external Helm Chart and want to wait for readiness of some individual objects,
+e.g. CRDs that are being deployment by some in-cluster operator instead of the Helm chart itself.
+
+Examples:
+```yaml
+deployments:
+# The cilium Helm chart does not deploy CRDs anymore. Instead, the cilium-operator does this on startup. This means,
+# we can't apply CiliumNetworkPolicies before the CRDs get applied by the operator.
+- path: cilium
+- barrier: true
+  waitReadinessObjects:
+  - kind: Deployment
+    name: cilium-operator
+    namespace: kube-system
+  - kind: CustomResourceDefinition
+    name: ciliumnetworkpolicies.cilium.io
+# This deployment can now safely use the CRDs applied by the operator
+- path: kustomizeDeployment1
+```
+
 ### deleteObjects
 Causes kluctl to delete matching objects, specified by a list of group/kind/name/namespace dictionaries.
 The order/parallelization of deletion is identical to the order and parallelization of normal deployment items,
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 838e397ac..b699ca7b9 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -524,28 +525,57 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 	return false
 }
 
+func (a *ApplyUtil) convertObjectRef(x types2.ObjectRefItem, refs map[k8s2.ObjectRef]bool) {
+	gvks, err := a.k.GetFilteredPreferredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind))
+	if err != nil {
+		a.HandleError(k8s2.ObjectRef{}, err)
+		return
+	}
+	if len(gvks) == 0 {
+		nameAndNs := x.Name
+		if x.Namespace != "" {
+			nameAndNs = x.Namespace + "/" + x.Name
+		}
+		var gk schema.GroupKind
+		if x.Group != nil {
+			gk.Group = *x.Group
+		}
+		if x.Kind != nil {
+			gk.Kind = *x.Kind
+		}
+		a.HandleError(k8s2.ObjectRef{}, fmt.Errorf("failed to wait for readiness of %s. resource with group/kind %s not found", nameAndNs, gk.String()))
+		return
+	}
+	for _, gvk := range gvks {
+		ref := k8s2.ObjectRef{
+			Group:     gvk.Group,
+			Version:   gvk.Version,
+			Kind:      gvk.Kind,
+			Name:      x.Name,
+			Namespace: x.Namespace,
+		}
+		refs[ref] = true
+	}
+}
+
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 	toDelete := map[k8s2.ObjectRef]bool{}
+	toWaitReadiness := map[k8s2.ObjectRef]bool{}
 	for _, x := range d.Config.DeleteObjects {
-		gvks, err := a.k.GetFilteredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind))
-		if err != nil {
-			a.HandleError(k8s2.ObjectRef{}, err)
-		}
-		for _, gvk := range gvks {
-			ref := k8s2.ObjectRef{
-				Group:     gvk.Group,
-				Version:   gvk.Version,
-				Kind:      gvk.Kind,
-				Name:      x.Name,
-				Namespace: x.Namespace,
-			}
-			toDelete[ref] = true
-		}
+		a.convertObjectRef(x.ObjectRefItem, toDelete)
+	}
+	for _, x := range d.Config.WaitReadinessObjects {
+		a.convertObjectRef(x.ObjectRefItem, toWaitReadiness)
 	}
 	for _, x := range d.Objects {
 		if x.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
 			toDelete[x.GetK8sRef()] = true
 		}
+
+		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || x.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
+		if waitReadiness {
+			toWaitReadiness[x.GetK8sRef()] = true
+		}
 	}
 
 	h := HooksUtil{a: a}
@@ -616,14 +646,13 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 		}
 	}
 	// Wait for readiness if needed after we have applied all objects
-	for _, o := range applyObjects {
+	for ref, _ := range toWaitReadiness {
 		if a.abortSignal.Load().(bool) {
 			break
 		}
 
-		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || o.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
-		if !a.o.NoWait && waitReadiness {
-			a.WaitReadiness(o.GetK8sRef(), 0)
+		if !a.o.NoWait {
+			a.WaitReadiness(ref, 0)
 		}
 	}
 	if a.abortSignal.Load().(bool) {
@@ -672,6 +701,10 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 		s := "<delete>"
 		return &s
 	}
+	if len(d.Config.WaitReadinessObjects) != 0 {
+		s := "<wait>"
+		return &s
+	}
 	return nil
 }
 
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index cc52f3b9e..d3f247640 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -14,10 +14,12 @@ type DeploymentItemConfig struct {
 	Oci           *OciProject              `json:"oci,omitempty"`
 	DeleteObjects []DeleteObjectItemConfig `json:"deleteObjects,omitempty"`
 
-	Tags          []string `json:"tags,omitempty"`
-	Barrier       bool     `json:"barrier,omitempty"`
-	Message       *string  `json:"message,omitempty"`
-	WaitReadiness bool     `json:"waitReadiness,omitempty"`
+	Tags    []string `json:"tags,omitempty"`
+	Barrier bool     `json:"barrier,omitempty"`
+	Message *string  `json:"message,omitempty"`
+
+	WaitReadiness        bool                            `json:"waitReadiness,omitempty"`
+	WaitReadinessObjects []WaitReadinessObjectItemConfig `json:"waitReadinessObjects,omitempty"`
 
 	Args     *uo.UnstructuredObject `json:"args,omitempty"`
 	PassVars bool                   `json:"passVars,omitempty"`
@@ -67,13 +69,17 @@ func ValidateDeploymentItemConfig(sl validator.StructLevel) {
 	}
 }
 
-type DeleteObjectItemConfig struct {
+type ObjectRefItem struct {
 	Group     *string `json:"group,omitempty"`
 	Kind      *string `json:"kind,omitempty"`
 	Name      string  `json:"name" validate:"required"`
 	Namespace string  `json:"namespace,omitempty"`
 }
 
+type DeleteObjectItemConfig struct {
+	ObjectRefItem
+}
+
 func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(DeleteObjectItemConfig)
 	if s.Group == nil && s.Kind == nil {
@@ -81,6 +87,17 @@ func ValidateDeleteObjectItemConfig(sl validator.StructLevel) {
 	}
 }
 
+type WaitReadinessObjectItemConfig struct {
+	ObjectRefItem
+}
+
+func ValidateWaitReadinessObjectItemConfig(sl validator.StructLevel) {
+	s := sl.Current().Interface().(WaitReadinessObjectItemConfig)
+	if s.Group == nil && s.Kind == nil {
+		sl.ReportError(s, "self", "self", "at least one of group or kind must be set", "")
+	}
+}
+
 type SealedSecretsConfig struct {
 	OutputPattern *string `json:"outputPattern,omitempty"`
 }
@@ -138,5 +155,6 @@ type DeploymentProjectConfig struct {
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateDeploymentItemConfig, DeploymentItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
+	yaml.Validator.RegisterStructValidation(ValidateWaitReadinessObjectItemConfig, WaitReadinessObjectItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateIgnoreForDiffItemConfig, IgnoreForDiffItemConfig{})
 }

From 72ef444e19e67b767876d423f279f685004061f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:07:32 +0100
Subject: [PATCH 1912/2268] tests: Implement wait for readiness tests

---
 e2e/readiness_test.go | 105 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 e2e/readiness_test.go

diff --git a/e2e/readiness_test.go b/e2e/readiness_test.go
new file mode 100644
index 000000000..bc000015c
--- /dev/null
+++ b/e2e/readiness_test.go
@@ -0,0 +1,105 @@
+package e2e
+
+import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"testing"
+	"time"
+)
+
+func testWaitReadiness(t *testing.T, fn func(p *test_project.TestProject)) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"kluctl.io/is-ready": "false",
+		},
+	})
+	p.AddDeploymentItem(".", uo.FromMap(map[string]interface{}{
+		"barrier": true,
+	}))
+	addConfigMapDeployment(p, "cm3", nil, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+	})
+
+	fn(p)
+
+	_, stderr, err := p.Kluctl(t, "deploy", "--yes", "-t", "test", "--timeout", (3 * time.Second).String())
+	assert.ErrorContains(t, err, "context deadline exceeded")
+	assert.Contains(t, stderr, fmt.Sprintf("context cancelled while waiting for readiness of %s/ConfigMap/cm2", p.TestSlug()))
+
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
+
+	// we run a goroutine in the background that will wait for a few seconds and then annotate kluctl.io/is-ready=true,
+	// which will then cause the hook to get ready
+	go func() {
+		time.Sleep(3 * time.Second)
+		patchConfigMap(t, k, p.TestSlug(), "cm2", func(o *uo.UnstructuredObject) {
+			o.SetK8sAnnotation("kluctl.io/is-ready", "true")
+		})
+	}()
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+}
+
+func TestWaitReadinessViaDeployment(t *testing.T) {
+	testWaitReadiness(t, func(p *test_project.TestProject) {
+		p.UpdateDeploymentItems(".", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+			items[1].SetNestedField(true, "waitReadiness")
+			return items
+		})
+	})
+}
+
+func TestWaitReadinessViaDeployment2(t *testing.T) {
+	testWaitReadiness(t, func(p *test_project.TestProject) {
+		p.UpdateDeploymentItems(".", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+			items[2].SetNestedField([]map[string]any{
+				{
+					"kind":      "ConfigMap",
+					"namespace": p.TestSlug(),
+					"name":      "cm2",
+				},
+			}, "waitReadinessObjects")
+			return items
+		})
+	})
+}
+
+func TestWaitReadinessViaAnnotation(t *testing.T) {
+	testWaitReadiness(t, func(p *test_project.TestProject) {
+		p.UpdateYaml("cm2/configmap-cm2.yml", func(o *uo.UnstructuredObject) error {
+			o.SetK8sAnnotation("kluctl.io/wait-readiness", "true")
+			return nil
+		}, "")
+	})
+}
+
+func TestWaitReadinessViaKustomization(t *testing.T) {
+	testWaitReadiness(t, func(p *test_project.TestProject) {
+		p.UpdateYaml("cm2/kustomization.yml", func(o *uo.UnstructuredObject) error {
+			o.SetK8sAnnotation("kluctl.io/wait-readiness", "true")
+			return nil
+		}, "")
+	})
+}

From b163f61c73fbcd9d88e6e171654fecf21dcde1b9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:08:12 +0100
Subject: [PATCH 1913/2268] feat: Allow objects to be deployed after the
 wait-for-readiness loop starts

---
 pkg/deployment/utils/apply_utils.go | 47 +++++++++++++++++------------
 1 file changed, 28 insertions(+), 19 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index b699ca7b9..86e0f58ad 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -451,6 +451,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 
 	lastLogTime := time.Now()
 	didLog := false
+	seen := false
 	startTime := time.Now()
 	for true {
 		elapsed := int(time.Now().Sub(startTime).Seconds())
@@ -458,35 +459,43 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		o, apiWarnings, err := a.k.GetSingleObject(ref)
 		a.handleApiWarnings(ref, apiWarnings)
 		if err != nil {
-			if errors.IsNotFound(err) {
+			if !errors.IsNotFound(err) {
+				a.HandleError(ref, err)
+				return false
+			}
+		}
+
+		if o == nil {
+			if seen {
 				if didLog {
 					status.Warningf(a.ctx, "Cancelled waiting for %s as it disappeared while waiting for it (%ds elapsed)", ref.String(), elapsed)
 				}
 				a.HandleError(ref, fmt.Errorf("%s disappeared while waiting for it to become ready", ref.String()))
 				return false
 			}
-			a.HandleError(ref, err)
-			return false
-		}
-		v := validation.ValidateObject(a.k, o, false, false)
-		if v.Ready {
-			if didLog {
-				a.sctx.InfoFallbackf("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
-			}
-			return true
-		}
-		if len(v.Errors) != 0 {
-			if didLog {
-				status.Warningf(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
+			a.sctx.Update(fmt.Sprintf("Waiting for %s to appear...", ref.String()))
+		} else {
+			seen = true
+
+			v := validation.ValidateObject(a.k, o, false, false)
+			if v.Ready {
+				if didLog {
+					a.sctx.InfoFallbackf("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
+				}
+				return true
 			}
-			for _, e := range v.Errors {
-				a.HandleError(ref, fmt.Errorf(e.Message))
+			if len(v.Errors) != 0 {
+				if didLog {
+					status.Warningf(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
+				}
+				for _, e := range v.Errors {
+					a.HandleError(ref, fmt.Errorf(e.Message))
+				}
+				return false
 			}
-			return false
+			a.sctx.Update(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
 		}
 
-		a.sctx.Update(fmt.Sprintf("Waiting for %s to get ready...", ref.String()))
-
 		reportStillWaitingTime := 10 * time.Second
 		if testing.Testing() {
 			reportStillWaitingTime = 3 * time.Second

From fba6042f0d13279e58ce03201930225efe8914f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:09:30 +0100
Subject: [PATCH 1914/2268] refactor: Introduce GetSingleObjectMetadata

---
 pkg/k8s/k8s_cluster.go | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 42e899f2e..a5fe8daf4 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -138,23 +138,38 @@ func (k *K8sCluster) ListMetadata(gvk schema.GroupVersionKind, namespace string,
 	return k.doList(&l, namespace, labels)
 }
 
-func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
-	var o unstructured.Unstructured
-	o.SetGroupVersionKind(ref.GroupVersionKind())
-
+func (k *K8sCluster) doGet(ref k8s.ObjectRef, o client.Object) ([]ApiWarning, error) {
+	o.SetName(ref.Name)
+	o.SetNamespace(ref.Namespace)
+	o.GetObjectKind().SetGroupVersionKind(ref.GroupVersionKind())
 	apiWarnings, err := k.clients.withCClientFromPool(k.ctx, true, func(c client.Client) error {
-		return c.Get(k.ctx, client.ObjectKey{
-			Name:      ref.Name,
-			Namespace: ref.Namespace,
-		}, &o)
-
+		return c.Get(k.ctx, client.ObjectKeyFromObject(o), o)
 	})
+	if err != nil {
+		return apiWarnings, err
+	}
+	return apiWarnings, nil
+}
+
+func (k *K8sCluster) GetSingleObject(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
+	var o unstructured.Unstructured
+	apiWarnings, err := k.doGet(ref, &o)
 	if err != nil {
 		return nil, apiWarnings, err
 	}
 	return uo.FromUnstructured(&o), apiWarnings, nil
 }
 
+func (k *K8sCluster) GetSingleObjectMetadata(ref k8s.ObjectRef) (*uo.UnstructuredObject, []ApiWarning, error) {
+	var o v1.PartialObjectMetadata
+	apiWarnings, err := k.doGet(ref, &o)
+	if err != nil {
+		return nil, apiWarnings, err
+	}
+	x, err := uo.FromStruct(&o)
+	return x, apiWarnings, err
+}
+
 type DeleteOptions struct {
 	ForceDryRun         bool
 	NoWait              bool

From 99b41be81766a318c1b39b9b805b40fd808223ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:35:38 +0100
Subject: [PATCH 1915/2268] fix: Stop showing "Running server-side apply for
 all objects"

Kluctl is doing so much more today that this message is more confusing
then helping.
---
 pkg/deployment/utils/apply_utils.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 86e0f58ad..4bb2d1c7d 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -718,9 +718,6 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 }
 
 func (a *ApplyDeploymentsUtil) ApplyDeployments(deployments []*deployment.DeploymentItem) {
-	s := status.Start(a.ctx, "Running server-side apply for all objects")
-	defer s.Failed()
-
 	var wg sync.WaitGroup
 	sem := semaphore.NewWeighted(8)
 
@@ -777,7 +774,6 @@ func (a *ApplyDeploymentsUtil) ApplyDeployments(deployments []*deployment.Deploy
 		}
 	}
 	wg.Wait()
-	s.Success()
 }
 
 func (a *ApplyUtil) ReplaceObject(ref k8s2.ObjectRef, firstVersion *uo.UnstructuredObject, callback func(o *uo.UnstructuredObject) (*uo.UnstructuredObject, error)) {

From 7d0123758587242abc828882ba5846186fdfc806 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:36:36 +0100
Subject: [PATCH 1916/2268] fix: Handle outdated discovery caches properly when
 we detect that CRD exists

---
 pkg/deployment/utils/apply_utils.go | 36 +++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 4bb2d1c7d..577029c06 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -18,6 +18,7 @@ import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"reflect"
 	"strings"
@@ -381,21 +382,48 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		ForceDryRun: a.o.DryRun,
 	}
 	r, apiWarnings, err := a.k.ApplyObject(x, options)
+
+	retryWhenCRDExists := meta.IsNoMatchError(err)
+	if errors.IsUnexpectedServerError(err) {
+		reason := errors.ReasonForError(err)
+		if reason == metav1.StatusReasonNotFound {
+			// this happens when a CRD was present in the past, causing the on-disk discovery cache to persist the info
+			// about it. When the CRD is then deleted, the cache gets out-of-date, causing the k8s client to perform
+			// requests against non-existing resources. In that case, we do not get no-match errors but instead unexpected
+			// 404 errors. We simply retry with invalidated caches in that case.
+			retryWhenCRDExists = true
+		}
+	}
+
 	if r != nil && usesDummyName {
 		tmpName := r.GetK8sName()
 		_ = r.ReplaceKeys(tmpName, ref.Name)
 		_ = r.ReplaceValues(tmpName, ref.Name)
 		r.SetK8sNamespace(ref.Namespace)
-	} else if meta.IsNoMatchError(err) {
-		if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
-			if a.o.DryRun {
+	} else if retryWhenCRDExists {
+		if a.o.DryRun {
+			if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
+				// simulate that the apply "succeeded"
 				a.handleResult(x, hook)
 				a.HandleWarning(ref, fmt.Errorf("the underyling custom resource definition for %s has not been applied yet as Kluctl is running in dry-run mode. It is not guaranteed that the object will actually sucessfully apply", x.GetK8sRef().String()))
 				return
-			} else {
+			}
+		} else {
+			// let's do a metadata lookup for the guessed CRD and check if it appeared in the meantime. If yes,
+			// invalidate discovery cache and retry. This case happens when the current deployment applied some
+			// form of controller that then applies CRDs in the background, missed by Kluctl due to the discovery cache.
+			plural, _ := meta.UnsafeGuessKindToResource(ref.GroupVersionKind())
+			crdName := plural.Resource + "." + plural.Group
+			crdRef := k8s2.NewObjectRef("apiextensions.k8s.io", "v1", "CustomResourceDefinition", crdName, "")
+
+			_, _, tmpErr := a.k.GetSingleObjectMetadata(crdRef)
+			if tmpErr == nil {
+				status.Tracef(a.ctx, "resource unknown, and CRD %s is available, retrying with invalidated caches", crdName)
 				// retry with invalidated discovery
 				a.k.ResetMapper()
 				r, apiWarnings, err = a.k.ApplyObject(x, options)
+			} else {
+				status.Tracef(a.ctx, "resource unknown, and CRD %s not available", crdName)
 			}
 		}
 	}

From 8e0c6f0434b837128dafcb09271c4c8390bd640e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jan 2024 17:44:14 +0100
Subject: [PATCH 1917/2268] chore: Run make generate

---
 pkg/types/zz_generated.deepcopy.go | 59 +++++++++++++++++++++++++-----
 pkg/webui/ui/src/models.ts         | 16 ++++++++
 2 files changed, 65 insertions(+), 10 deletions(-)

diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 509fb2caf..02ac8bd74 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -54,16 +54,7 @@ func (in *AwsConfig) DeepCopy() *AwsConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeleteObjectItemConfig) DeepCopyInto(out *DeleteObjectItemConfig) {
 	*out = *in
-	if in.Group != nil {
-		in, out := &in.Group, &out.Group
-		*out = new(string)
-		**out = **in
-	}
-	if in.Kind != nil {
-		in, out := &in.Kind, &out.Kind
-		*out = new(string)
-		**out = **in
-	}
+	in.ObjectRefItem.DeepCopyInto(&out.ObjectRefItem)
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeleteObjectItemConfig.
@@ -136,6 +127,13 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.WaitReadinessObjects != nil {
+		in, out := &in.WaitReadinessObjects, &out.WaitReadinessObjects
+		*out = make([]WaitReadinessObjectItemConfig, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	if in.Args != nil {
 		in, out := &in.Args, &out.Args
 		*out = (*in).DeepCopy()
@@ -652,6 +650,31 @@ func (in *KluctlProject) DeepCopy() *KluctlProject {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ObjectRefItem) DeepCopyInto(out *ObjectRefItem) {
+	*out = *in
+	if in.Group != nil {
+		in, out := &in.Group, &out.Group
+		*out = new(string)
+		**out = **in
+	}
+	if in.Kind != nil {
+		in, out := &in.Kind, &out.Kind
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectRefItem.
+func (in *ObjectRefItem) DeepCopy() *ObjectRefItem {
+	if in == nil {
+		return nil
+	}
+	out := new(ObjectRefItem)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *OciProject) DeepCopyInto(out *OciProject) {
 	*out = *in
@@ -1175,6 +1198,22 @@ func (in *VarsSourceVault) DeepCopy() *VarsSourceVault {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WaitReadinessObjectItemConfig) DeepCopyInto(out *WaitReadinessObjectItemConfig) {
+	*out = *in
+	in.ObjectRefItem.DeepCopyInto(&out.ObjectRefItem)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WaitReadinessObjectItemConfig.
+func (in *WaitReadinessObjectItemConfig) DeepCopy() *WaitReadinessObjectItemConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(WaitReadinessObjectItemConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YamlUrl.
 func (in *YamlUrl) DeepCopy() *YamlUrl {
 	if in == nil {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index dfd785690..6540147c0 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -136,6 +136,20 @@ export class HelmChartConfig {
         this.skipPrePull = source["skipPrePull"];
     }
 }
+export class WaitReadinessObjectItemConfig {
+    group?: string;
+    kind?: string;
+    name: string;
+    namespace?: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+    }
+}
 export class DeleteObjectItemConfig {
     group?: string;
     kind?: string;
@@ -212,6 +226,7 @@ export class DeploymentItemConfig {
     barrier?: boolean;
     message?: string;
     waitReadiness?: boolean;
+    waitReadinessObjects?: WaitReadinessObjectItemConfig[];
     args?: any;
     passVars?: boolean;
     vars?: VarsSource[];
@@ -234,6 +249,7 @@ export class DeploymentItemConfig {
         this.barrier = source["barrier"];
         this.message = source["message"];
         this.waitReadiness = source["waitReadiness"];
+        this.waitReadinessObjects = this.convertValues(source["waitReadinessObjects"], WaitReadinessObjectItemConfig);
         this.args = source["args"];
         this.passVars = source["passVars"];
         this.vars = this.convertValues(source["vars"], VarsSource);

From dd78f40fd8ccafba8e565c07eadbafd8605e03b5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jan 2024 12:09:28 +0100
Subject: [PATCH 1918/2268] feat: Implement --kubeconfig argument

---
 cmd/kluctl/args/gitops_args.go           |  5 +++--
 cmd/kluctl/args/project.go               |  4 ++++
 cmd/kluctl/commands/cmd_delete.go        |  2 ++
 cmd/kluctl/commands/cmd_deploy.go        |  2 ++
 cmd/kluctl/commands/cmd_diff.go          |  2 ++
 cmd/kluctl/commands/cmd_gitops.go        |  7 ++++---
 cmd/kluctl/commands/cmd_list_images.go   |  2 ++
 cmd/kluctl/commands/cmd_list_targets.go  |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go   |  2 ++
 cmd/kluctl/commands/cmd_prune.go         |  2 ++
 cmd/kluctl/commands/cmd_render.go        |  2 ++
 cmd/kluctl/commands/cmd_seal.go          |  2 +-
 cmd/kluctl/commands/cmd_validate.go      |  2 ++
 cmd/kluctl/commands/cmd_webui.go         |  3 ++-
 cmd/kluctl/commands/cmd_webui_build.go   |  2 +-
 cmd/kluctl/commands/cmd_webui_run.go     | 13 ++++++++-----
 cmd/kluctl/commands/completion.go        |  2 +-
 cmd/kluctl/commands/utils.go             | 12 ++++++++----
 docs/kluctl/commands/common-arguments.md |  1 +
 docs/kluctl/commands/gitops-deploy.md    |  1 +
 docs/kluctl/commands/gitops-logs.md      |  1 +
 docs/kluctl/commands/gitops-prune.md     |  1 +
 docs/kluctl/commands/gitops-reconcile.md |  1 +
 docs/kluctl/commands/gitops-resume.md    |  1 +
 docs/kluctl/commands/gitops-suspend.md   |  1 +
 docs/kluctl/commands/gitops-validate.md  |  1 +
 docs/kluctl/commands/webui-run.md        |  1 +
 27 files changed, 58 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/args/gitops_args.go b/cmd/kluctl/args/gitops_args.go
index d776ca882..c50c33688 100644
--- a/cmd/kluctl/args/gitops_args.go
+++ b/cmd/kluctl/args/gitops_args.go
@@ -12,8 +12,9 @@ type GitOpsArgs struct {
 	Namespace     string `group:"gitops" short:"n" help:"Specifies the namespace of the KluctlDeployment. If omitted, the current namespace from your kubeconfig is used."`
 	LabelSelector string `group:"gitops" short:"l" help:"If specified, KluctlDeployments are searched and filtered by this label selector."`
 
-	Context             string `group:"gitops" help:"Override the context to use."`
-	ControllerNamespace string `group:"gitops" help:"The namespace where the controller runs in." default:"kluctl-system"`
+	Kubeconfig          ExistingFileType `group:"gitops" help:"Overrides the kubeconfig to use."`
+	Context             string           `group:"gitops" help:"Override the context to use."`
+	ControllerNamespace string           `group:"gitops" help:"The namespace where the controller runs in." default:"kluctl-system"`
 
 	LocalSourceOverridePort int `group:"gitops" help:"Specifies the local port to which the source-override client should connect to when running the controller locally." default:"0"`
 }
diff --git a/cmd/kluctl/args/project.go b/cmd/kluctl/args/project.go
index 677f66fa4..4a4d658c7 100644
--- a/cmd/kluctl/args/project.go
+++ b/cmd/kluctl/args/project.go
@@ -72,6 +72,10 @@ type TargetFlags struct {
 	Context string `group:"project" help:"Overrides the context name specified in the target. If the selected target does not specify a context or the no-name target is used, --context will override the currently active context."`
 }
 
+type KubeconfigFlags struct {
+	Kubeconfig ExistingFileType `group:"project" help:"Overrides the kubeconfig to use."`
+}
+
 type CommandResultReadOnlyFlags struct {
 	CommandResultNamespace string `group:"results" help:"Override the namespace to be used when writing command results." default:"kluctl-results"`
 }
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 9767e3fd2..e7b4b444a 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -11,6 +11,7 @@ import (
 
 type deleteCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -39,6 +40,7 @@ take the local target/state into account!`
 func (cmd *deleteCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index dd9cdd18f..cffc96142 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -12,6 +12,7 @@ import (
 
 type deployCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -48,6 +49,7 @@ It will also output a list of prunable objects (without actually deleting them).
 func (cmd *deployCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index ffe02a4f9..57fcb6003 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -9,6 +9,7 @@ import (
 
 type diffCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.InclusionFlags
@@ -32,6 +33,7 @@ After the diff is performed, the command will also search for prunable objects a
 func (cmd *diffCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 2651f629b..6bc9c43b7 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -106,12 +106,13 @@ func (g *gitopsCmdHelper) init(ctx context.Context) error {
 
 	g.logsBufs = map[logsKey]*logsBuf{}
 
+	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+	loadingRules.ExplicitPath = g.args.Kubeconfig.String()
+
 	configOverrides := &clientcmd.ConfigOverrides{
 		CurrentContext: g.args.Context,
 	}
-	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
-		clientcmd.NewDefaultClientConfigLoadingRules(),
-		configOverrides)
+	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, configOverrides)
 	restConfig, err := clientConfig.ClientConfig()
 	if err != nil {
 		return err
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 883bfb161..99e0053ae 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -8,6 +8,7 @@ import (
 
 type listImagesCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -31,6 +32,7 @@ as described in the deploy command.`
 func (cmd *listImagesCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 378549583..19a73a203 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.Targets {
 			result = append(result, t)
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 544f77dc5..5ac81676d 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -10,6 +10,7 @@ import (
 
 type pokeImagesCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -32,6 +33,7 @@ replaced`
 func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index b21d02aa7..154dea637 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -10,6 +10,7 @@ import (
 
 type pruneCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -34,6 +35,7 @@ func (cmd *pruneCmd) Help() string {
 func (cmd *pruneCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index e986ffc32..7f113925d 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -12,6 +12,7 @@ import (
 
 type renderCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.ImageFlags
@@ -42,6 +43,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
index 1f9de1f41..75130ba79 100644
--- a/cmd/kluctl/commands/cmd_seal.go
+++ b/cmd/kluctl/commands/cmd_seal.go
@@ -157,7 +157,7 @@ func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
 }
 
 func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, cmd.ProjectFlags, nil, &cmd.HelmCredentials, &cmd.RegistryCredentials, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, &cmd.HelmCredentials, &cmd.RegistryCredentials, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		hadError := false
 
 		noTargetMatch := true
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 0fa7d042f..7d0930a0a 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -11,6 +11,7 @@ import (
 
 type validateCmd struct {
 	args.ProjectFlags
+	args.KubeconfigFlags
 	args.TargetFlags
 	args.ArgsFlags
 	args.InclusionFlags
@@ -33,6 +34,7 @@ TODO: This needs to be better documented!`
 func (cmd *validateCmd) Run(ctx context.Context) error {
 	ptArgs := projectTargetCommandArgs{
 		projectFlags:         cmd.ProjectFlags,
+		kubeconfigFlags:      cmd.KubeconfigFlags,
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		inclusionFlags:       cmd.InclusionFlags,
diff --git a/cmd/kluctl/commands/cmd_webui.go b/cmd/kluctl/commands/cmd_webui.go
index 7cbe5d801..2bf8bb9c2 100644
--- a/cmd/kluctl/commands/cmd_webui.go
+++ b/cmd/kluctl/commands/cmd_webui.go
@@ -16,8 +16,9 @@ type webuiCmd struct {
 	Build webuiBuildCmd `cmd:"build" help:"Build the static Kluctl Webui"`
 }
 
-func createResultStores(ctx context.Context, k8sContexts []string, allContexts bool, inCluster bool) ([]results.ResultStore, []*rest.Config, error) {
+func createResultStores(ctx context.Context, kubeconfigOverride string, k8sContexts []string, allContexts bool, inCluster bool) ([]results.ResultStore, []*rest.Config, error) {
 	r := clientcmd.NewDefaultClientConfigLoadingRules()
+	r.ExplicitPath = kubeconfigOverride
 
 	kcfg, err := r.Load()
 	if err != nil {
diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
index 4a7b9951c..5efb5e8bf 100644
--- a/cmd/kluctl/commands/cmd_webui_build.go
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -26,7 +26,7 @@ func (cmd *webuiBuildCmd) Run(ctx context.Context) error {
 		return fmt.Errorf("this build of Kluctl does not have the webui embedded")
 	}
 
-	stores, _, err := createResultStores(ctx, cmd.Context, cmd.AllContexts, false)
+	stores, _, err := createResultStores(ctx, "", cmd.Context, cmd.AllContexts, false)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index ed73efb33..0d78272dd 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
@@ -13,10 +14,12 @@ import (
 )
 
 type webuiRunCmd struct {
-	Host        string   `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to 'localhost' when run locally and to all hosts when run in-cluster."`
-	Port        int      `group:"misc" help:"Port to bind to." default:"8080"`
-	Context     []string `group:"misc" help:"List of kubernetes contexts to use."`
-	AllContexts bool     `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
+	Host string `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to 'localhost' when run locally and to all hosts when run in-cluster."`
+	Port int    `group:"misc" help:"Port to bind to." default:"8080"`
+
+	Kubeconfig  args.ExistingFileType `group:"misc" help:"Overrides the kubeconfig to use."`
+	Context     []string              `group:"misc" help:"List of kubernetes contexts to use."`
+	AllContexts bool                  `group:"misc" help:"Use all Kubernetes contexts found in the kubeconfig."`
 
 	InCluster           bool   `group:"misc" help:"This enables in-cluster functionality. This also enforces authentication."`
 	InClusterContext    string `group:"misc" help:"The context to use fo in-cluster functionality."`
@@ -143,7 +146,7 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 		}
 	}
 
-	stores, configs, err := createResultStores(ctx, cmd.Context, cmd.AllContexts, cmd.InCluster)
+	stores, configs, err := createResultStores(ctx, cmd.Kubeconfig.String(), cmd.Context, cmd.AllContexts, cmd.InCluster)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 66588ba7e..d0e508129 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -69,7 +69,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, *projectArgs, argsFlags, nil, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, nil, *projectArgs, argsFlags, nil, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 596501a5d..43d4f2707 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -29,7 +29,7 @@ import (
 	client2 "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.KubeconfigFlags, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	j2, err := kluctl_jinja2.NewKluctlJinja2(strictTemplates)
 	if err != nil {
 		return err
@@ -103,7 +103,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 		OciRP:              ociRp,
 		OciAuthProvider:    ociAuth,
 		HelmAuthProvider:   helmAuth,
-		ClientConfigGetter: clientConfigGetter(forCompletion),
+		ClientConfigGetter: clientConfigGetter(kubeconfigFlags, forCompletion),
 	}
 
 	p, err := kluctl_project.LoadKluctlProject(ctx, loadArgs, j2)
@@ -116,6 +116,7 @@ func withKluctlProjectFromArgs(ctx context.Context, projectFlags args.ProjectFla
 
 type projectTargetCommandArgs struct {
 	projectFlags         args.ProjectFlags
+	kubeconfigFlags      args.KubeconfigFlags
 	targetFlags          args.TargetFlags
 	argsFlags            args.ArgsFlags
 	imageFlags           args.ImageFlags
@@ -143,7 +144,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, args.projectFlags, &args.argsFlags, &args.helmCredentials, &args.registryCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, &args.kubeconfigFlags, args.projectFlags, &args.argsFlags, &args.helmCredentials, &args.registryCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }
@@ -246,13 +247,16 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 	return cb(cmdCtx)
 }
 
-func clientConfigGetter(forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
+func clientConfigGetter(kubeconfigFlags *args.KubeconfigFlags, forCompletion bool) func(context *string) (*rest.Config, *api.Config, error) {
 	return func(context *string) (*rest.Config, *api.Config, error) {
 		if forCompletion {
 			return nil, nil, nil
 		}
 
 		configLoadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+		if kubeconfigFlags != nil {
+			configLoadingRules.ExplicitPath = kubeconfigFlags.Kubeconfig.String()
+		}
 		configOverrides := &clientcmd.ConfigOverrides{}
 		if context != nil {
 			configOverrides.CurrentContext = *context
diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index b4350d222..a206b24f6 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -55,6 +55,7 @@ Project arguments:
                                                --context will override the currently active context.
       --git-cache-update-interval duration     Specify the time to wait between git cache updates. Defaults to not
                                                wait at all and always updating caches.
+      --kubeconfig existingfile                Overrides the kubeconfig to use.
       --local-git-group-override stringArray   Same as --local-git-override, but for a whole group prefix instead
                                                of a single repository. All repositories that have the given prefix
                                                will be overridden with the given local path and the repository
diff --git a/docs/kluctl/commands/gitops-deploy.md b/docs/kluctl/commands/gitops-deploy.md
index 8a8a65a78..306daf2cb 100644
--- a/docs/kluctl/commands/gitops-deploy.md
+++ b/docs/kluctl/commands/gitops-deploy.md
@@ -31,6 +31,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-logs.md b/docs/kluctl/commands/gitops-logs.md
index e2f64969a..ea867b338 100644
--- a/docs/kluctl/commands/gitops-logs.md
+++ b/docs/kluctl/commands/gitops-logs.md
@@ -28,6 +28,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-prune.md b/docs/kluctl/commands/gitops-prune.md
index 64be04449..e9ea342a8 100644
--- a/docs/kluctl/commands/gitops-prune.md
+++ b/docs/kluctl/commands/gitops-prune.md
@@ -31,6 +31,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-reconcile.md b/docs/kluctl/commands/gitops-reconcile.md
index a71ccbef6..fdb3033be 100644
--- a/docs/kluctl/commands/gitops-reconcile.md
+++ b/docs/kluctl/commands/gitops-reconcile.md
@@ -31,6 +31,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-resume.md b/docs/kluctl/commands/gitops-resume.md
index c3f2974a1..cdf2f1be2 100644
--- a/docs/kluctl/commands/gitops-resume.md
+++ b/docs/kluctl/commands/gitops-resume.md
@@ -28,6 +28,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-suspend.md b/docs/kluctl/commands/gitops-suspend.md
index f61f605ca..7a701581c 100644
--- a/docs/kluctl/commands/gitops-suspend.md
+++ b/docs/kluctl/commands/gitops-suspend.md
@@ -28,6 +28,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/gitops-validate.md b/docs/kluctl/commands/gitops-validate.md
index e18f94c23..f1ac80bff 100644
--- a/docs/kluctl/commands/gitops-validate.md
+++ b/docs/kluctl/commands/gitops-validate.md
@@ -31,6 +31,7 @@ GitOps arguments:
 
       --context string                   Override the context to use.
       --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
   -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
                                          selector.
       --local-source-override-port int   Specifies the local port to which the source-override client should
diff --git a/docs/kluctl/commands/webui-run.md b/docs/kluctl/commands/webui-run.md
index d0bc898f7..d5ab64140 100644
--- a/docs/kluctl/commands/webui-run.md
+++ b/docs/kluctl/commands/webui-run.md
@@ -31,6 +31,7 @@ Misc arguments:
                                       'localhost' when run locally and to all hosts when run in-cluster.
       --in-cluster                    This enables in-cluster functionality. This also enforces authentication.
       --in-cluster-context string     The context to use fo in-cluster functionality.
+      --kubeconfig existingfile       Overrides the kubeconfig to use.
       --only-api                      Only serve API without the actual UI.
       --port int                      Port to bind to. (default 8080)
 

From 556b1971fe69e44363693f61bc759bf5f88ea3cb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jan 2024 12:09:53 +0100
Subject: [PATCH 1919/2268] tests: Add tests for CRD deployments

---
 e2e/crds_test.go                     | 130 +++++++++++++++++++++++++++
 e2e/default_clusters_test.go         |  20 ++---
 e2e/test_resources/example-crds.yaml |  40 +++++++++
 e2e/test_resources/resources.go      |  33 ++-----
 4 files changed, 185 insertions(+), 38 deletions(-)
 create mode 100644 e2e/crds_test.go
 create mode 100644 e2e/test_resources/example-crds.yaml

diff --git a/e2e/crds_test.go b/e2e/crds_test.go
new file mode 100644
index 000000000..b651faa3e
--- /dev/null
+++ b/e2e/crds_test.go
@@ -0,0 +1,130 @@
+package e2e
+
+import (
+	"fmt"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/stretchr/testify/assert"
+	"strings"
+	"testing"
+	"time"
+)
+
+func createExampleCR(name string, namespace string) string {
+	return fmt.Sprintf(`
+apiVersion: "stable.example.com/v1"
+kind: CronTab
+metadata:
+  name: %s
+  namespace: %s
+spec:
+  cronSpec: "* * * * */5"
+  image: my-awesome-cron-image
+
+`, name, namespace)
+}
+
+func createCRDTestCluster(t *testing.T) *test_utils.EnvTestCluster {
+	k := test_utils.CreateEnvTestCluster("cluster1")
+	err := k.Start()
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		k.Stop()
+	})
+	return k
+}
+
+func prepareCRDsTest(t *testing.T, k *test_utils.EnvTestCluster, crds bool, barrier bool) *test_project.TestProject {
+	p := test_project.NewTestProject(t)
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, k.Kubeconfig))
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test1", func(target *uo.UnstructuredObject) {
+	})
+
+	if crds {
+		p.AddKustomizeDeployment("crds", []test_project.KustomizeResource{
+			{Name: "crds.yaml", Content: test_resources.GetYamlDocs(t, "example-crds.yaml")},
+		}, nil)
+	}
+	if barrier {
+		p.AddDeploymentItem(".", uo.FromMap(map[string]interface{}{
+			"barrier": true,
+		}))
+	}
+	p.AddKustomizeDeployment("crs", []test_project.KustomizeResource{
+		{Name: "crs.yaml", Content: createExampleCR("test", p.TestSlug())},
+	}, nil)
+
+	return p
+}
+
+func TestDeployCRDUnordered(t *testing.T) {
+	t.Parallel()
+
+	k := createCRDTestCluster(t)
+	p := prepareCRDsTest(t, k, true, false)
+
+	for i := 0; i < 100; i++ {
+		stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test1")
+		if err != nil && strings.Contains(err.Error(), "command failed") && strings.Contains(stdout, `no matches for kind "CronTab" in version`) {
+			// success
+			return
+		}
+		p.KluctlMust(t, "delete", "--yes", "-t", "test1")
+	}
+
+	t.Errorf("could not cause missing CRD error")
+}
+
+func TestDiffCRDSimulated(t *testing.T) {
+	t.Parallel()
+
+	k := createCRDTestCluster(t)
+
+	p := prepareCRDsTest(t, k, true, true)
+
+	stdout, _ := p.KluctlMust(t, "diff", "-t", "test1")
+	assert.Contains(t, stdout, fmt.Sprintf("the underyling custom resource definition for %s/CronTab/test has not been applied yet", p.TestSlug()))
+}
+
+func TestDeployCRDBarrier(t *testing.T) {
+	t.Parallel()
+
+	k := createCRDTestCluster(t)
+
+	p := prepareCRDsTest(t, k, true, true)
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
+}
+
+func TestDeployCRDByController(t *testing.T) {
+	t.Parallel()
+
+	k := createCRDTestCluster(t)
+
+	p := prepareCRDsTest(t, k, false, true)
+	p.UpdateDeploymentItems(".", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
+		barrierItem := items[0]
+		barrierItem.SetNestedField([]map[string]any{
+			{
+				"kind": "CustomResourceDefinition",
+				"name": "crontabs.stable.example.com",
+			},
+		}, "waitReadinessObjects")
+		return items
+	})
+
+	// we simulate a controller being spun up that needs a few seconds to get ready and then apply the CRDs
+	go func() {
+		time.Sleep(5 * time.Second)
+		test_resources.ApplyYaml(t, "example-crds.yaml", k)
+	}()
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test1")
+}
diff --git a/e2e/default_clusters_test.go b/e2e/default_clusters_test.go
index a2a887521..8f77bc083 100644
--- a/e2e/default_clusters_test.go
+++ b/e2e/default_clusters_test.go
@@ -9,6 +9,7 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"os"
+	"path/filepath"
 	"runtime"
 	"sync"
 	"testing"
@@ -96,20 +97,19 @@ func mergeKubeconfig(path string, kubeconfig []byte) {
 	}
 }
 
-func setKubeconfigString(t *testing.T, content []byte) {
-	tmpKubeconfig, err := os.CreateTemp(t.TempDir(), "kubeconfig-")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer tmpKubeconfig.Close()
-
-	_, err = tmpKubeconfig.Write(content)
+func getKubeconfigTmpFile(t *testing.T, content []byte) string {
+	fname := filepath.Join(t.TempDir(), "kubeconfig")
+	err := os.WriteFile(fname, content, 0600)
 	if err != nil {
 		t.Fatal(err)
 	}
+	return fname
+}
 
-	t.Logf("set KUBECONFIG=%s\n", tmpKubeconfig.Name())
-	t.Setenv("KUBECONFIG", tmpKubeconfig.Name())
+func setKubeconfigString(t *testing.T, content []byte) {
+	tmpKubeconfig := getKubeconfigTmpFile(t, content)
+	t.Logf("set KUBECONFIG=%s\n", tmpKubeconfig)
+	t.Setenv("KUBECONFIG", tmpKubeconfig)
 }
 
 func setKubeconfig(t *testing.T, config api.Config) {
diff --git a/e2e/test_resources/example-crds.yaml b/e2e/test_resources/example-crds.yaml
new file mode 100644
index 000000000..f7e8b43ce
--- /dev/null
+++ b/e2e/test_resources/example-crds.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  # name must match the spec fields below, and be in the form: <plural>.<group>
+  name: crontabs.stable.example.com
+spec:
+  # group name to use for REST API: /apis/<group>/<version>
+  group: stable.example.com
+  # list of versions supported by this CustomResourceDefinition
+  versions:
+    - name: v1
+      # Each version can be enabled/disabled by Served flag.
+      served: true
+      # One and only one version must be marked as the storage version.
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                cronSpec:
+                  type: string
+                image:
+                  type: string
+                replicas:
+                  type: integer
+  # either Namespaced or Cluster
+  scope: Namespaced
+  names:
+    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+    plural: crontabs
+    # singular name to be used as an alias on the CLI and for display
+    singular: crontab
+    # kind is normally the CamelCased singular type. Your resource manifests use this.
+    kind: CronTab
+    # shortNames allow shorter string to match your resource on the CLI
+    shortNames:
+      - ct
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 0d7b050c2..1ea99bb8e 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -3,7 +3,6 @@ package test_resources
 import (
 	"context"
 	"embed"
-	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
@@ -11,7 +10,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
-	"os"
 	"sort"
 	"strings"
 	"sync"
@@ -22,23 +20,18 @@ import (
 //go:embed *.yaml
 var Yamls embed.FS
 
-func GetYamlTmpFile(name string) string {
-	tmpFile, err := os.CreateTemp("", "")
-	if err != nil {
-		panic(err)
-	}
-	tmpFile.Close()
-
+func GetYamlDocs(t *testing.T, name string) []*uo.UnstructuredObject {
 	b, err := Yamls.ReadFile(name)
 	if err != nil {
 		panic(err)
 	}
-	err = os.WriteFile(tmpFile.Name(), b, 0o600)
+
+	docs, err := uo.FromStringMulti(string(b))
 	if err != nil {
 		panic(err)
 	}
 
-	return tmpFile.Name()
+	return docs
 }
 
 // poor mans resource mapper :)
@@ -82,9 +75,6 @@ func waitReadiness(k *test_utils.EnvTestCluster, x *uo.UnstructuredObject) {
 }
 
 func ApplyYaml(t *testing.T, name string, k *test_utils.EnvTestCluster) {
-	tmpFile := GetYamlTmpFile(name)
-	defer os.Remove(tmpFile)
-
 	doPanic := func(err error) {
 		if t != nil {
 			t.Fatal(err)
@@ -93,20 +83,7 @@ func ApplyYaml(t *testing.T, name string, k *test_utils.EnvTestCluster) {
 		}
 	}
 
-	docs, err := yaml.ReadYamlAllFile(tmpFile)
-	if err != nil {
-		doPanic(err)
-	}
-
-	var objects []*uo.UnstructuredObject
-	for _, doc := range docs {
-		m, ok := doc.(map[string]any)
-		if !ok {
-			doPanic(fmt.Errorf("not a map!"))
-		}
-		x := uo.FromMap(m)
-		objects = append(objects, x)
-	}
+	objects := GetYamlDocs(t, name)
 
 	sort.SliceStable(objects, func(i, j int) bool {
 		return prio(objects[i]) > prio(objects[j])

From 2bdeeb45b61b22cc0bf5ef29c2ff7baa566a17b1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jan 2024 13:53:42 +0100
Subject: [PATCH 1920/2268] tests: Fix flaky readiness tests (#942)

---
 e2e/readiness_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/readiness_test.go b/e2e/readiness_test.go
index bc000015c..93e4301e1 100644
--- a/e2e/readiness_test.go
+++ b/e2e/readiness_test.go
@@ -42,7 +42,7 @@ func testWaitReadiness(t *testing.T, fn func(p *test_project.TestProject)) {
 	fn(p)
 
 	_, stderr, err := p.Kluctl(t, "deploy", "--yes", "-t", "test", "--timeout", (3 * time.Second).String())
-	assert.ErrorContains(t, err, "context deadline exceeded")
+	assert.Error(t, err)
 	assert.Contains(t, stderr, fmt.Sprintf("context cancelled while waiting for readiness of %s/ConfigMap/cm2", p.TestSlug()))
 
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")

From e32f99c15a25307de68436ae81ff4f1b48de066b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jan 2024 15:51:05 +0100
Subject: [PATCH 1921/2268] feat: Put extracted embedded Jinja2 binaries and
 sources into users cache dir

---
 cmd/kluctl/commands/utils.go      |  2 +-
 go.mod                            |  2 +-
 go.sum                            |  4 +--
 pkg/controllers/kluctl_project.go |  2 +-
 pkg/kluctl_jinja2/jinja2.go       | 12 +++++--
 pkg/utils/tmpdir.go               | 60 +++++++++++++++++++++++++++----
 pkg/vars/vars_test.go             |  3 +-
 7 files changed, 69 insertions(+), 16 deletions(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 43d4f2707..ef6624df9 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -30,7 +30,7 @@ import (
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.KubeconfigFlags, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	j2, err := kluctl_jinja2.NewKluctlJinja2(strictTemplates)
+	j2, err := kluctl_jinja2.NewKluctlJinja2(ctx, strictTemplates)
 	if err != nil {
 		return err
 	}
diff --git a/go.mod b/go.mod
index 7aa27761f..19e56e52f 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1
-	github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150
+	github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index 68e869ee6..1e61e5149 100644
--- a/go.sum
+++ b/go.sum
@@ -445,8 +445,8 @@ github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/4
 github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1 h1:L+ZH/eN5gE7eh3BTye/Z8td8YjbhEs6hzybVByz2twQ=
 github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1/go.mod h1:2/V+QZL7VyhTXtKHorARyA7UYOizVV37M8kkXMEk+Kg=
-github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150 h1:Iz6c78GzlaRhazmV9rO10+bxk8Nh+v3aAZ60ulnGKPs=
-github.com/kluctl/go-jinja2 v0.0.0-20231212133626-a0ab9d228150/go.mod h1:7FmUmt2zgHJfJE82ZNY/AHNGsGdyHBaF3OA12r4Zj+8=
+github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537 h1:oG9FYqprfbAI9kQtec4D0gPwJqLJlS+euknEVz25gp0=
+github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537/go.mod h1:7FmUmt2zgHJfJE82ZNY/AHNGsGdyHBaF3OA12r4Zj+8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index f63c5300d..6821ef296 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -91,7 +91,7 @@ func prepareProject(ctx context.Context,
 	}()
 
 	var err error
-	pp.j2, err = kluctl_jinja2.NewKluctlJinja2(true)
+	pp.j2, err = kluctl_jinja2.NewKluctlJinja2(ctx, true)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
index 8f81ebd5e..ec0c86286 100644
--- a/pkg/kluctl_jinja2/jinja2.go
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -1,14 +1,18 @@
 package kluctl_jinja2
 
 import (
+	"context"
 	"github.com/kluctl/go-embed-python/embed_util"
 	x "github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"path/filepath"
 )
 
 const parallelism = 4
 
-func NewKluctlJinja2(strict bool) (*x.Jinja2, error) {
-	extSrc, err := embed_util.NewEmbeddedFiles(ExtSource, "kluctl-ext")
+func NewKluctlJinja2(ctx context.Context, strict bool) (*x.Jinja2, error) {
+	tmpDir := filepath.Join(utils.GetCacheDir(ctx), "go-embed-jinja2")
+	extSrc, err := embed_util.NewEmbeddedFilesWithTmpDir(ExtSource, filepath.Join(tmpDir, "kluctl-ext"), true)
 	if err != nil {
 		return nil, err
 	}
@@ -20,5 +24,7 @@ func NewKluctlJinja2(strict bool) (*x.Jinja2, error) {
 		x.WithExtension("go_jinja2.ext.kluctl"),
 		x.WithExtension("go_jinja2.ext.time"),
 		x.WithExtension("ext.images_ext.ImagesExtension"),
-		x.WithPythonPath(extSrc.GetExtractedPath()))
+		x.WithPythonPath(extSrc.GetExtractedPath()),
+		x.WithEmbeddedExtractDir(tmpDir),
+	)
 }
diff --git a/pkg/utils/tmpdir.go b/pkg/utils/tmpdir.go
index 76d684f8a..cb4dfaf77 100644
--- a/pkg/utils/tmpdir.go
+++ b/pkg/utils/tmpdir.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io/fs"
+	"k8s.io/client-go/util/homedir"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -11,35 +12,55 @@ import (
 	"sync"
 )
 
-type tmpBaseDirKey int
-type tmpBaseDirValue struct {
+type tmpBaseDirKey struct{}
+type cacheDirKey struct{}
+
+type dirValue struct {
 	dir      string
 	initOnce sync.Once
 }
 
-var tmpBaseDirKeyInst tmpBaseDirKey
-var tmpBaseDirValueDefault = &tmpBaseDirValue{
+var tmpBaseDirValueDefault = &dirValue{
 	dir: getDefaultTmpBaseDir(),
 }
 
 func WithTmpBaseDir(ctx context.Context, tmpBaseDir string) context.Context {
-	return context.WithValue(ctx, tmpBaseDirKeyInst, &tmpBaseDirValue{
+	return context.WithValue(ctx, &tmpBaseDirKey{}, &dirValue{
 		dir: tmpBaseDir,
 	})
 }
 
+func WithCacheDir(ctx context.Context, cacheDir string) context.Context {
+	return context.WithValue(ctx, cacheDirKey{}, &dirValue{
+		dir: cacheDir,
+	})
+}
+
 func GetTmpBaseDir(ctx context.Context) string {
-	v := ctx.Value(tmpBaseDirKeyInst)
+	v := ctx.Value(tmpBaseDirKey{})
 	if v == nil {
 		v = tmpBaseDirValueDefault
 	}
-	v2 := v.(*tmpBaseDirValue)
+	v2 := v.(*dirValue)
 	v2.initOnce.Do(func() {
 		v2.dir = createTmpBaseDir(v2.dir)
 	})
 	return v2.dir
 }
 
+func GetCacheDir(ctx context.Context) string {
+	v := ctx.Value(cacheDirKey{})
+	var dir string
+	if v == nil {
+		dir = getDefaultCacheDir(ctx)
+	} else {
+		v2 := v.(*dirValue)
+		dir = v2.dir
+	}
+	ensureDir(dir, 0o700, true)
+	return dir
+}
+
 func getDefaultTmpBaseDir() string {
 	dir := os.Getenv("KLUCTL_BASE_TMP_DIR")
 	if dir != "" {
@@ -49,6 +70,31 @@ func getDefaultTmpBaseDir() string {
 	return filepath.Join(os.TempDir(), "kluctl-workdir")
 }
 
+func getDefaultCacheDir(ctx context.Context) string {
+	p := os.Getenv("KLUCTL_CACHE_DIR")
+	if p != "" {
+		return p
+	}
+	p = os.Getenv("XDG_CACHE_HOME")
+	if p != "" {
+		return filepath.Join(p, "kluctl")
+	}
+	h := homedir.HomeDir()
+	switch runtime.GOOS {
+	case "linux":
+		if h != "" {
+			return filepath.Join(h, ".cache", "kluctl")
+		}
+	case "darwin":
+		if h != "" {
+			return filepath.Join(h, "Library", "Caches", "kluctl")
+		}
+	case "windows":
+		break
+	}
+	return filepath.Join(GetTmpBaseDir(ctx), "cache")
+}
+
 func createTmpBaseDir(dir string) string {
 	ensureDir(dir, 0o777, true)
 
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index a69c7077c..470f1e346 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -1,6 +1,7 @@
 package vars
 
 import (
+	"context"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -9,7 +10,7 @@ import (
 )
 
 func newJinja2Must(t *testing.T) *jinja2.Jinja2 {
-	j2, err := kluctl_jinja2.NewKluctlJinja2(true)
+	j2, err := kluctl_jinja2.NewKluctlJinja2(context.Background(), true)
 	if err != nil {
 		t.Fatal(err)
 	}

From 127ce9d99f5638b243fcb84d612f70f033d3debe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 09:59:11 +0100
Subject: [PATCH 1922/2268] feat: Put git, oci and version check caches into
 cache dir

---
 cmd/kluctl/commands/root.go                   |  2 +-
 .../kluctldeployment_controller_source.go     | 28 -------------------
 pkg/helm/chart.go                             |  2 +-
 pkg/k8s/discovery.go                          |  2 +-
 pkg/repocache/git_cache.go                    |  2 +-
 pkg/repocache/oci_cache.go                    |  2 +-
 6 files changed, 5 insertions(+), 33 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index ccbfa7ea7..73f9db7a5 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -187,7 +187,7 @@ func checkNewVersion(ctx context.Context) {
 		return
 	}
 
-	versionCheckPath := filepath.Join(utils.GetTmpBaseDir(ctx), "version_check.yaml")
+	versionCheckPath := filepath.Join(utils.GetCacheDir(ctx), "version_check.yaml")
 	var versionCheckState VersionCheckState
 	err := yaml.ReadYamlFile(versionCheckPath, &versionCheckState)
 	if err == nil {
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 40c59a01b..39a29543a 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -18,8 +18,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"net/url"
-	"os"
-	"path/filepath"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"strings"
@@ -443,19 +441,6 @@ func (r *KluctlDeploymentReconciler) buildOciRepoCacheKey(secrets []ociRepoSecre
 }
 
 func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secrets []gitRepoSecrets, soClient sourceoverride.Resolver) (*repocache.GitRepoCache, error) {
-	key, err := r.buildGitRepoCacheKey(secrets)
-	if err != nil {
-		return nil, err
-	}
-
-	tmpBaseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kluctl-controller-git-cache", key)
-	err = os.MkdirAll(tmpBaseDir, 0o700)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
-
 	ga, err := r.buildGitAuth(ctx, secrets)
 	if err != nil {
 		return nil, err
@@ -466,19 +451,6 @@ func (r *KluctlDeploymentReconciler) buildGitRepoCache(ctx context.Context, secr
 }
 
 func (r *KluctlDeploymentReconciler) buildOciRepoCache(ctx context.Context, secrets []ociRepoSecrets, soClient sourceoverride.Resolver) (*repocache.OciRepoCache, *auth_provider.OciAuthProviders, error) {
-	key, err := r.buildOciRepoCacheKey(secrets)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	tmpBaseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kluctl-controller-oci-cache", key)
-	err = os.MkdirAll(tmpBaseDir, 0o700)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	ctx = utils.WithTmpBaseDir(ctx, tmpBaseDir)
-
 	ociAuthProvider, err := r.buildOciAuth(ctx, secrets)
 	if err != nil {
 		return nil, nil, err
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 3db55fd82..819ffb62a 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -321,7 +321,7 @@ func (c *Chart) Pull(ctx context.Context, pc *PulledChart) error {
 }
 
 func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart, *lockedfile.File, error) {
-	baseDir := filepath.Join(utils.GetTmpBaseDir(ctx), "helm-charts")
+	baseDir := filepath.Join(utils.GetCacheDir(ctx), "helm-charts")
 	cacheDir, err := c.BuildPulledChartDir(baseDir, version)
 	_ = os.MkdirAll(cacheDir, 0o755)
 
diff --git a/pkg/k8s/discovery.go b/pkg/k8s/discovery.go
index d5bcc4fc8..be75afce3 100644
--- a/pkg/k8s/discovery.go
+++ b/pkg/k8s/discovery.go
@@ -20,7 +20,7 @@ func CreateDiscoveryAndMapper(ctx context.Context, config *rest.Config) (discove
 	if err != nil {
 		return nil, nil, err
 	}
-	discoveryCacheDir := filepath.Join(utils.GetTmpBaseDir(ctx), "kube-cache/discovery", strings.ReplaceAll(apiHost.Host, ":", "-"))
+	discoveryCacheDir := filepath.Join(utils.GetCacheDir(ctx), "kube-cache", "discovery", strings.ReplaceAll(apiHost.Host, ":", "-"))
 	discovery2, err := disk.NewCachedDiscoveryClientForConfig(dynamic.ConfigFor(config), discoveryCacheDir, "", time.Hour*24)
 	if err != nil {
 		return nil, nil, err
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 91f8295aa..6b360f0da 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -116,7 +116,7 @@ func (rp *GitRepoCache) GetEntry(url string) (*GitCacheEntry, error) {
 
 	e, ok := rp.repos[repoKey]
 	if !ok {
-		mr, err := git.NewMirroredGitRepo(rp.ctx, *u, filepath.Join(utils.GetTmpBaseDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
+		mr, err := git.NewMirroredGitRepo(rp.ctx, *u, filepath.Join(utils.GetCacheDir(rp.ctx), "git-cache"), rp.sshPool, rp.authProviders)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 61bad26a3..ca35aa5fc 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -109,7 +109,7 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 		return e, nil
 	}
 
-	hostOciCacheDir := filepath.Join(utils.GetTmpBaseDir(rp.ctx), "oci")
+	hostOciCacheDir := filepath.Join(utils.GetCacheDir(rp.ctx), "oci")
 	hostOciCacheDir = filepath.Join(hostOciCacheDir, strings.ReplaceAll(urlN.Host, ":", "-"))
 
 	ociCacheDir := filepath.Join(hostOciCacheDir, urlN.Path)

From 104e4172f1b1ba515e56124d64f8e74d4d72d3e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:00:24 +0100
Subject: [PATCH 1923/2268] tests: Avoid having /.git in test git urls

---
 e2e/deployment_items_test.go      |  2 +-
 e2e/gitops_git_include_test.go    |  4 +--
 e2e/gitops_misc_test.go           |  2 +-
 e2e/gitops_oci_include_test.go    |  2 +-
 e2e/oci_include_test.go           |  4 +--
 e2e/source_override_test.go       |  2 +-
 e2e/test-utils/test_git_server.go | 56 ++++++++++++++++++++-----------
 e2e/test_project/project.go       | 17 +++++++---
 8 files changed, 58 insertions(+), 31 deletions(-)

diff --git a/e2e/deployment_items_test.go b/e2e/deployment_items_test.go
index e8541fa48..2fa21b818 100644
--- a/e2e/deployment_items_test.go
+++ b/e2e/deployment_items_test.go
@@ -244,7 +244,7 @@ func testLocalIncludes(t *testing.T, projectDir string) {
 		return nil
 	}, "")
 
-	baseDir, _ := filepath.Rel(filepath.Join(p.LocalProjectDir(), projectDir), filepath.Join(p.LocalRepoDir(), "base"))
+	baseDir, _ := filepath.Rel(filepath.Join(p.LocalProjectDir(), projectDir), filepath.Join(p.LocalWorkDir(), "base"))
 	baseDir = filepath.ToSlash(baseDir)
 
 	p.UpdateDeploymentYaml(projectDir, func(o *uo.UnstructuredObject) error {
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index f91559621..f307d4d61 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -120,7 +120,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 			var credentials []v1beta1.ProjectCredentialsGitDeprecated
 			credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
 				Host:       gs1.GitHost(),
-				PathPrefix: ip1.GitRepoName(),
+				PathPrefix: ip1.GitUrlPath(),
 				SecretRef:  v1beta1.LocalObjectReference{Name: secret2},
 			})
 			credentials = append(credentials, v1beta1.ProjectCredentialsGitDeprecated{
@@ -137,7 +137,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 			var credentials []v1beta1.ProjectCredentialsGit
 			credentials = append(credentials, v1beta1.ProjectCredentialsGit{
 				Host:      gs1.GitHost(),
-				Path:      ip1.GitRepoName(),
+				Path:      ip1.GitUrlPath(),
 				SecretRef: v1beta1.LocalObjectReference{Name: secret2},
 			})
 			credentials = append(credentials, v1beta1.ProjectCredentialsGit{
diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
index a83156fa0..39d35e931 100644
--- a/e2e/gitops_misc_test.go
+++ b/e2e/gitops_misc_test.go
@@ -71,7 +71,7 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 
 	repoUrl := repo.URL.String() + "/org/repo"
 
-	p.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl, "--project-dir", p.LocalRepoDir())
+	p.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl, "--project-dir", p.LocalWorkDir())
 
 	p.AddExtraArgs("--controller-namespace", suite.gitopsNamespace+"-system")
 
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index b86df28be..727d51359 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -54,7 +54,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	repoUrl3 := repo3.URL.String() + "/org3/repo3"
 
 	ip1.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
-	ip2.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip2.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalWorkDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
 	ip3.KluctlMust(suite.T(), "oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(suite.T())
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index c3385cc74..87faf2821 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -31,7 +31,7 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 	repo2 := repo.URL.String() + "/org2/repo2"
 
 	ip1.KluctlMust(t, "oci", "push", "--url", repo1)
-	ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+	ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalWorkDir())
 
 	p := test_project.NewTestProject(t)
 
@@ -91,7 +91,7 @@ func TestOciIncludeWithCreds(t *testing.T) {
 
 	// now with valid creds
 	ip1.KluctlMust(t, "oci", "push", "--url", repoUrl1, "--registry-creds", fmt.Sprintf("%s=user1:pass1", repo1.URL.Host))
-	ip2.KluctlMust(t, "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalRepoDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
+	ip2.KluctlMust(t, "oci", "push", "--url", repoUrl2, "--project-dir", ip2.LocalWorkDir(), "--registry-creds", fmt.Sprintf("%s=user2:pass2", repo2.URL.Host))
 	ip3.KluctlMust(t, "oci", "push", "--url", repoUrl3, "--registry-creds", fmt.Sprintf("%s=user3:pass3", repo3.URL.Host))
 
 	p := test_project.NewTestProject(t)
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index 9bd08d61d..033c7d879 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -48,7 +48,7 @@ func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster,
 
 	if oci {
 		ip1.KluctlMust(t, "oci", "push", "--url", repo1)
-		ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalRepoDir())
+		ip2.KluctlMust(t, "oci", "push", "--url", repo2, "--project-dir", ip2.LocalWorkDir())
 	}
 
 	if oci {
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 1297cc45f..5f81bd2e4 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	config2 "github.com/go-git/go-git/v5/config"
+	"github.com/huandu/xstrings"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/http-server"
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"net"
@@ -12,6 +13,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"sigs.k8s.io/yaml"
+	"strings"
 	"sync"
 	"testing"
 
@@ -135,14 +137,19 @@ func (p *TestGitServer) Cleanup() {
 }
 
 func (p *TestGitServer) GitInit(repo string) {
-	dir := p.LocalRepoDir(repo)
+	gitDir := p.LocalGitDir(repo)
+	workDir := p.LocalWorkDir(repo)
 
-	err := os.MkdirAll(dir, 0o700)
+	err := os.MkdirAll(workDir, 0o700)
 	if err != nil {
 		p.t.Fatal(err)
 	}
 
-	r, err := git.PlainInit(dir, false)
+	r, err := git.PlainInit(workDir, false)
+	if err != nil {
+		p.t.Fatal(err)
+	}
+	err = os.Symlink(filepath.Join(workDir, ".git"), gitDir)
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -159,10 +166,6 @@ func (p *TestGitServer) GitInit(repo string) {
 	if err != nil {
 		p.t.Fatal(err)
 	}
-	wt, err := r.Worktree()
-	if err != nil {
-		p.t.Fatal(err)
-	}
 
 	config.User.Name = "Test User"
 	config.User.Email = "no@mail.com"
@@ -172,11 +175,16 @@ func (p *TestGitServer) GitInit(repo string) {
 	if err != nil {
 		p.t.Fatal(err)
 	}
-	f, err := os.Create(filepath.Join(dir, ".dummy"))
+	f, err := os.Create(filepath.Join(workDir, ".dummy"))
 	if err != nil {
 		p.t.Fatal(err)
 	}
 	_ = f.Close()
+
+	wt, err := r.Worktree()
+	if err != nil {
+		p.t.Fatal(err)
+	}
 	_, err = wt.Add(".dummy")
 	if err != nil {
 		p.t.Fatal(err)
@@ -188,7 +196,7 @@ func (p *TestGitServer) GitInit(repo string) {
 }
 
 func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message string) {
-	r, err := git.PlainOpen(p.LocalRepoDir(repo))
+	r, err := git.PlainOpen(p.LocalWorkDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -211,7 +219,7 @@ func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message
 }
 
 func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o map[string]any) {
-	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 
 	dir, _ := filepath.Split(fullPath)
 	if dir != "" {
@@ -236,7 +244,7 @@ func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o ma
 }
 
 func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string) (string, error), message string) {
-	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 	f := ""
 	if _, err := os.Stat(fullPath); err == nil {
 		b, err := os.ReadFile(fullPath)
@@ -266,7 +274,7 @@ func (p *TestGitServer) UpdateFile(repo string, pth string, update func(f string
 }
 
 func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[string]any) error, message string) {
-	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 
 	var o map[string]any
 	if _, err := os.Stat(fullPath); err == nil {
@@ -299,7 +307,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 }
 
 func (p *TestGitServer) DeleteFile(repo string, pth string, message string) {
-	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 	_ = os.Remove(fullPath)
 
 	if message == "" {
@@ -309,7 +317,7 @@ func (p *TestGitServer) DeleteFile(repo string, pth string, message string) {
 }
 
 func (p *TestGitServer) ReadFile(repo string, pth string) []byte {
-	fullPath := filepath.Join(p.LocalRepoDir(repo), pth)
+	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 	b, err := os.ReadFile(fullPath)
 	if err != nil {
 		p.t.Fatal(err)
@@ -322,19 +330,29 @@ func (p *TestGitServer) GitHost() string {
 }
 
 func (p *TestGitServer) GitUrl() string {
-	return fmt.Sprintf("http://localhost:%d", p.gitServerPort)
+	return fmt.Sprintf("http://localhost:%d/%s", p.gitServerPort, p.testNameSlug())
 }
 
 func (p *TestGitServer) GitRepoUrl(repo string) string {
-	return fmt.Sprintf("%s/%s/.git", p.GitUrl(), repo)
+	return fmt.Sprintf("%s/%s", p.GitUrl(), repo)
+}
+
+func (p *TestGitServer) testNameSlug() string {
+	n := xstrings.ToKebabCase(p.t.Name())
+	n = strings.ReplaceAll(n, "/", "-")
+	return n
+}
+
+func (p *TestGitServer) LocalGitDir(repo string) string {
+	return filepath.Join(p.baseDir, p.testNameSlug(), repo)
 }
 
-func (p *TestGitServer) LocalRepoDir(repo string) string {
-	return filepath.Join(p.baseDir, repo)
+func (p *TestGitServer) LocalWorkDir(repo string) string {
+	return filepath.Join(p.baseDir, p.testNameSlug(), repo) + "-workdir"
 }
 
 func (p *TestGitServer) GetGitRepo(repo string) *git.Repository {
-	r, err := git.PlainOpen(p.LocalRepoDir(repo))
+	r, err := git.PlainOpen(p.LocalWorkDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
 	}
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 7310b1a95..8cc205670 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -7,6 +7,7 @@ import (
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -452,12 +453,20 @@ func (p *TestProject) GitUrl() string {
 	return p.gitServer.GitRepoUrl(p.gitRepoName)
 }
 
-func (p *TestProject) LocalRepoDir() string {
-	return p.gitServer.LocalRepoDir(p.gitRepoName)
+func (p *TestProject) GitUrlPath() string {
+	u, err := types.ParseGitUrl(p.GitUrl())
+	if err != nil {
+		panic(err)
+	}
+	return strings.TrimPrefix(u.Path, "/")
+}
+
+func (p *TestProject) LocalWorkDir() string {
+	return p.gitServer.LocalWorkDir(p.gitRepoName)
 }
 
 func (p *TestProject) LocalProjectDir() string {
-	return path.Join(p.LocalRepoDir(), p.gitSubDir)
+	return path.Join(p.LocalWorkDir(), p.gitSubDir)
 }
 
 func (p *TestProject) GetGitRepo() *git.Repository {
@@ -473,7 +482,7 @@ func (p *TestProject) GetGitWorktree() *git.Worktree {
 }
 
 func (p *TestProject) CopyProjectSourceTo(dst string) string {
-	err := cp.Copy(p.LocalRepoDir(), dst)
+	err := cp.Copy(p.LocalWorkDir(), dst)
 	if err != nil {
 		panic(err)
 	}

From 27a31a7b6779cbc42f70ed1219aed602b7a9e213 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:00:42 +0100
Subject: [PATCH 1924/2268] fix: Don't trim /.git suffixes

---
 pkg/types/git_url.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index 44ff15a49..ba9784a7e 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -6,6 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/url"
+	"path"
 	"regexp"
 	"strconv"
 	"strings"
@@ -112,19 +113,22 @@ func (u *GitUrl) NormalizePort() string {
 }
 
 func (u *GitUrl) Normalize() *GitUrl {
-	path := strings.ToLower(u.Path)
-	path = strings.TrimSuffix(path, ".git")
-	path = strings.TrimSuffix(path, "/")
+	p := strings.ToLower(u.Path)
+	if path.Base(p) != ".git" {
+		// we only trim it with it does not end with /.git
+		p = strings.TrimSuffix(p, ".git")
+	}
+	p = strings.TrimSuffix(p, "/")
 
 	hostname := strings.ToLower(u.Hostname())
 	port := u.NormalizePort()
 
-	if path != "" && hostname != "" && !strings.HasPrefix(path, "/") {
-		path = "/" + path
+	if p != "" && hostname != "" && !strings.HasPrefix(p, "/") {
+		p = "/" + p
 	}
 
 	u2 := *u
-	u2.Path = path
+	u2.Path = p
 	u2.Host = hostname
 	if port != "" {
 		u2.Host += ":" + port

From cc60bee927964f1c9ab27b6838bdae0d9bb5d465 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:01:46 +0100
Subject: [PATCH 1925/2268] feat: Use /tmp/kluctl-cache in docker container

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index dea151e51..f53a3aec2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,7 @@ RUN apk update && apk add git tzdata
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache
+ENV KLUCTL_CACHE_DIR=/tmp/kluctl-cache
 
 COPY bin/kluctl /usr/bin/
 

From f3bb16f76fbd04828a9cc81549220586be116222 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:02:07 +0100
Subject: [PATCH 1926/2268] tests: Use temporary cache dir in tests

---
 e2e/test_project/kluctl_execute.go | 1 +
 e2e/test_project/project.go        | 1 +
 pkg/kluctl_jinja2/jinja2.go        | 9 +++++++++
 3 files changed, 11 insertions(+)

diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 49d57ef9e..68ca1a17a 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -33,6 +33,7 @@ func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), a
 	})
 
 	ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
+	ctx = utils.WithCacheDir(ctx, t.TempDir())
 	ctx = commands.WithStdStreams(ctx, stdout, stderr)
 	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		_, _ = stderr.Write([]byte(message + "\n"))
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 8cc205670..d7e27fbf7 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -507,6 +507,7 @@ func (p *TestProject) KluctlProcess(t *testing.T, argsIn ...string) (string, str
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
 	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", t.TempDir()))
+	env = append(env, fmt.Sprintf("KLUCTL_CACHE_DIR=%s", t.TempDir()))
 
 	t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
index ec0c86286..672cc73fb 100644
--- a/pkg/kluctl_jinja2/jinja2.go
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -5,13 +5,22 @@ import (
 	"github.com/kluctl/go-embed-python/embed_util"
 	x "github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
 	"path/filepath"
+	"testing"
 )
 
 const parallelism = 4
 
 func NewKluctlJinja2(ctx context.Context, strict bool) (*x.Jinja2, error) {
 	tmpDir := filepath.Join(utils.GetCacheDir(ctx), "go-embed-jinja2")
+
+	if testing.Testing() {
+		// we share the cache for all tests, even though WithCacheDir is used in tests
+		// otherwise things get really slow
+		tmpDir = filepath.Join(os.TempDir(), "kluctl-tests-jinja2")
+	}
+
 	extSrc, err := embed_util.NewEmbeddedFilesWithTmpDir(ExtSource, filepath.Join(tmpDir, "kluctl-ext"), true)
 	if err != nil {
 		return nil, err

From 39ac59bed0041635a11b4fcb40cd0196fa92a067 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:02:46 +0100
Subject: [PATCH 1927/2268] fix: Reduce verbosity of FindAuthEntry

---
 pkg/oci/auth_provider/docker_config_auth_provider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
index f97116141..2d01029f9 100644
--- a/pkg/oci/auth_provider/docker_config_auth_provider.go
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -24,7 +24,7 @@ func (o OciDockerConfigAuthProvider) FindAuthEntry(ctx context.Context, ociUrl s
 	}
 
 	auth, err := authn.DefaultKeychain.Resolve(ociRef.Context())
-	status.Infof(ctx, "login ociRef=%s, auth=%v, err=%s", ociRef.String(), auth, err)
+	status.Tracef(ctx, "login ociRef=%s, auth=%v, err=%s", ociRef.String(), auth, err)
 	if err != nil {
 		return nil, err
 	}

From 017ac74b83544491e0f45af864d41f53ad5336a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 10:03:07 +0100
Subject: [PATCH 1928/2268] fix: Actually clean up temporary source override
 tarball

---
 pkg/sourceoverride/proxyclient_cli.go | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 90c06bac8..584373081 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -292,17 +292,12 @@ func (c *ProxyClientCli) handleRequest(req *ResolveOverrideRequest) ([]byte, err
 
 	status.Infof(c.ctx, "Controller requested override for %s", req.RepoKey)
 
-	cleanup := false
 	f, err := os.CreateTemp(utils.GetTmpBaseDir(ctx), "so-*.tgz")
 	if err != nil {
 		return nil, fmt.Errorf("failed to create temp file: %w", err)
 	}
 	f.Close()
-	defer func() {
-		if cleanup {
-			_ = os.Remove(f.Name())
-		}
-	}()
+	defer os.Remove(f.Name())
 
 	absPath, err := filepath.Abs(p)
 	if err != nil {

From 6fce450b1a9c6aa70af4659a03b7c09421179f90 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 11:59:23 +0100
Subject: [PATCH 1929/2268] fix: Shorten prepare errors to avoid killing k9s
 and friends

---
 e2e/gitops_errors_test.go                     | 24 +++---
 e2e/gitops_git_include_test.go                |  4 +-
 e2e/gitops_helm_test.go                       | 13 ++-
 e2e/gitops_misc_test.go                       |  6 +-
 e2e/gitops_oci_include_test.go                |  2 +-
 e2e/helm_test.go                              | 80 +++++++++++--------
 .../kluctldeployment_controller_status.go     |  8 ++
 7 files changed, 85 insertions(+), 52 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 19db79b48..556f62c61 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -23,7 +23,7 @@ func TestGitOpsErrors(t *testing.T) {
 	suite.Run(t, new(GitOpsErrorsSuite))
 }
 
-func (suite *GitOpsErrorsSuite) assertErrors(kd *kluctlv1.KluctlDeployment, rstatus metav1.ConditionStatus, rreason string, rmessage string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
+func (suite *GitOpsErrorsSuite) assertErrors(kd *kluctlv1.KluctlDeployment, rstatus metav1.ConditionStatus, rreason string, rmessage string, prepareError string, expectedErrors []result.DeploymentError, expectedWarnings []result.DeploymentError) {
 	g := NewWithT(suite.T())
 
 	g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
@@ -35,6 +35,8 @@ func (suite *GitOpsErrorsSuite) assertErrors(kd *kluctlv1.KluctlDeployment, rsta
 	g.Expect(readinessCondition.Reason).To(Equal(rreason))
 	g.Expect(readinessCondition.Message).To(ContainSubstring(rmessage))
 
+	g.Expect(kd.Status.LastPrepareError, prepareError)
+
 	lastDeployResult, err := kd.Status.GetLastDeployResult()
 	g.Expect(err).To(Succeed())
 
@@ -103,7 +105,7 @@ data:
 			return badCm1_1, nil
 		}, "")
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", "", []result.DeploymentError{
 			{
 				Ref:     cm1Ref,
 				Message: "failed to patch git-ops-errors-git-ops-errors/ConfigMap/cm1: failed to create typed patch object (git-ops-errors-git-ops-errors/cm1; /v1, Kind=ConfigMap): .data_error: field not declared in schema",
@@ -120,7 +122,7 @@ data:
 			return badCm1_2, nil
 		}, "")
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed with 1 errors. Check status.lastPrepareError for details", "MalformedYAMLError: yaml: line 7: did not find expected node content in File: cm1.yaml", nil, nil)
 		p.UpdateFile("d1/cm1.yaml", func(f string) (string, error) {
 			return goodCm1, nil
 		}, "")
@@ -134,7 +136,7 @@ data:
 			return "a: b", nil
 		}, "")
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", ".kluctl.yml failed: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile(".kluctl.yml", func(f string) (string, error) {
 			return kluctlBackup, nil
 		}, "")
@@ -148,7 +150,7 @@ data:
 			return "a: b", nil
 		}, "")
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "failed to load deployment.yml: error unmarshaling JSON: while decoding JSON: json: unknown field \"a\"", nil, nil)
 		p.UpdateFile("deployment.yml", func(f string) (string, error) {
 			return deploymentBackup, nil
 		}, "")
@@ -160,7 +162,7 @@ data:
 			kd.Spec.Target = utils.StrPtr("invalid")
 		})
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "target invalid not existent in kluctl project config", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "target invalid not existent in kluctl project config", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Target = utils.StrPtr("target1")
 		})
@@ -172,7 +174,7 @@ data:
 			kd.Spec.Context = utils.StrPtr("invalid")
 		})
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "context \"invalid\" does not exist", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "context \"invalid\" does not exist", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Context = utils.StrPtr("default")
 		})
@@ -186,7 +188,7 @@ data:
 			kd.Spec.Source.Git.URL = backup + "/invalid"
 		})
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "failed to clone git source: repository not found", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "failed to clone git source: repository not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.Git.URL = backup
 		})
@@ -201,7 +203,7 @@ data:
 			}
 		})
 		kd := suite.waitForReconcile(key)
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "ref refs/heads/invalid not found", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "ref refs/heads/invalid not found", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Source.Git.Ref = backup
 		})
@@ -219,7 +221,7 @@ data:
 			return nil
 		})
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", []result.DeploymentError{
+		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.DeployFailedReason, "deploy failed with 1 errors", "", []result.DeploymentError{
 			{Message: "pruning without a discriminator is not supported"},
 		}, []result.DeploymentError{
 			{Message: "no discriminator configured. Orphan object detection will not work"},
@@ -229,7 +231,7 @@ data:
 			return nil
 		})
 		kd = suite.waitForCommit(key, getHeadRevision(suite.T(), p))
-		suite.assertErrors(kd, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy succeeded", nil, nil)
+		suite.assertErrors(kd, metav1.ConditionTrue, kluctlv1.ReconciliationSucceededReason, "deploy succeeded", "", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			kd.Spec.Prune = false
 		})
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index f91559621..d035ca4ea 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -45,7 +45,7 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(readinessCondition.Message).To(Equal("failed to clone git source: authentication required"))
+		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required"))
 	})
 
 	secret := corev1.Secret{
@@ -102,7 +102,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(readinessCondition.Message).To(Equal("failed to clone git source: authentication required"))
+		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required"))
 	})
 
 	createSecret := func(username string, password string) string {
diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index f679861e7..016a76ab7 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -24,7 +24,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 
 	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull, false)
 	if err != nil {
-		if tc.expectedError == "" {
+		if tc.expectedPrepareError == "" {
 			assert.Fail(suite.T(), "did not expect error")
 		}
 		return
@@ -119,7 +119,14 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	readinessCondition := suite.getReadiness(kd)
 	g.Expect(readinessCondition).ToNot(BeNil())
 
-	if tc.expectedError == "" {
+	if tc.expectedReadyError == "" {
+		g.Expect(readinessCondition.Status).ToNot(Equal(metav1.ConditionFalse))
+	} else {
+		g.Expect(readinessCondition.Status).To(Equal(metav1.ConditionFalse))
+		g.Expect(readinessCondition.Message).To(ContainSubstring(tc.expectedReadyError))
+	}
+
+	if tc.expectedPrepareError == "" {
 		g.Expect(kd.Status.LastDeployResult).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).ToNot(Equal(metav1.ConditionFalse))
 		assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "test-helm1-test-chart1")
@@ -128,7 +135,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 
 		g.Expect(readinessCondition.Status).To(Equal(metav1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal(kluctlv1.PrepareFailedReason))
-		g.Expect(readinessCondition.Message).To(ContainSubstring(tc.expectedError))
+		g.Expect(kd.Status.LastPrepareError).To(ContainSubstring(tc.expectedPrepareError))
 	}
 }
 
diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
index a83156fa0..c714a34b8 100644
--- a/e2e/gitops_misc_test.go
+++ b/e2e/gitops_misc_test.go
@@ -39,7 +39,7 @@ func (suite *GitOpsMiscSuite) TestGitSourceWithPath() {
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
 		assert.Equal(suite.T(), metav1.ConditionFalse, status.Status)
-		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
+		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", kd.Status.LastPrepareError)
 	})
 
 	suite.Run("deployment with path succeeds", func() {
@@ -85,7 +85,7 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 		status := suite.getReadiness(kd)
 		assert.Equal(suite.T(), metav1.ConditionFalse, status.Status)
-		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", status.Message)
+		assert.Equal(suite.T(), "target target1 not existent in kluctl project config", kd.Status.LastPrepareError)
 	})
 
 	suite.Run("deployment with path succeeds", func() {
@@ -134,6 +134,6 @@ func (suite *GitOpsMiscSuite) TestNoTargetError() {
 
 		g.Expect(readinessCondition.Status).To(Equal(metav1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal(kluctlv1.PrepareFailedReason))
-		g.Expect(readinessCondition.Message).To(ContainSubstring("a target must be explicitly selected when targets are defined in the Kluctl project"))
+		g.Expect(kd.Status.LastPrepareError).To(ContainSubstring("a target must be explicitly selected when targets are defined in the Kluctl project"))
 	})
 }
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index b86df28be..ec3ca782a 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -93,7 +93,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(readinessCondition.Message).To(ContainSubstring("401 Unauthorized"))
+		g.Expect(kd.Status.LastPrepareError).To(ContainSubstring("401 Unauthorized"))
 	})
 
 	createSecret := func(secretName string, username string, password string) {
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index dc0ec2268..aa07aec3a 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -38,7 +38,8 @@ type helmTestCase struct {
 	argPassCA         bool
 	argPassClientCert bool
 
-	expectedError string
+	expectedReadyError   string
+	expectedPrepareError string
 }
 
 var helmTests = []helmTestCase{
@@ -48,9 +49,10 @@ var helmTests = []helmTestCase{
 	// tls tests
 	{
 		name: "helm-tls-missing-ca", testTLS: true,
-		argPassCA:     false,
-		argCredsHost:  "<host>",
-		expectedError: "failed to verify certificate",
+		argPassCA:            false,
+		argCredsHost:         "<host>",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "failed to verify certificate",
 	},
 	{
 		name: "helm-tls-valid-ca", testTLS: true,
@@ -59,10 +61,11 @@ var helmTests = []helmTestCase{
 	},
 	{
 		name: "helm-tls-missing-cert", testTLS: true, testTLSClientCert: true,
-		argPassCA:         true,
-		argPassClientCert: false,
-		argCredsHost:      "<host>",
-		expectedError:     "certificate required",
+		argPassCA:            true,
+		argPassClientCert:    false,
+		argCredsHost:         "<host>",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "certificate required",
 	},
 	{
 		name: "helm-tls-valid-cert", testTLS: true, testTLSClientCert: true,
@@ -73,9 +76,10 @@ var helmTests = []helmTestCase{
 
 	{
 		name: "oci-tls-missing-ca", oci: true, testTLS: true,
-		argPassCA:     false,
-		argCredsHost:  "<host>",
-		expectedError: "failed to verify certificate",
+		argPassCA:            false,
+		argCredsHost:         "<host>",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "failed to verify certificate",
 	},
 	{
 		name: "oci-tls-valid-ca", oci: true, testTLS: true,
@@ -84,10 +88,11 @@ var helmTests = []helmTestCase{
 	},
 	{
 		name: "oci-tls-missing-cert", oci: true, testTLS: true, testTLSClientCert: true,
-		argPassCA:         true,
-		argPassClientCert: false,
-		argCredsHost:      "<host>",
-		expectedError:     "certificate required",
+		argPassCA:            true,
+		argPassClientCert:    false,
+		argCredsHost:         "<host>",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "certificate required",
 	},
 	{
 		name: "oci-tls-valid-cert", oci: true, testTLS: true, testTLSClientCert: true,
@@ -99,12 +104,14 @@ var helmTests = []helmTestCase{
 	// deprecated helm credentials flags
 	{
 		name: "dep-helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "dep-helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
 		argCredsId: "test-creds", argUsername: "test-user", argPassword: "invalid",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "dep-helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
@@ -113,19 +120,22 @@ var helmTests = []helmTestCase{
 	{
 		name: "dep-oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
 		argCredsId: "test-creds", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments",
 	},
 
 	// new helm credentials flags
 	{
 		name: "helm-creds-missing", oci: false, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "helm-creds-invalid", oci: false, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "helm-creds-valid", oci: false, testAuth: true,
@@ -134,12 +144,14 @@ var helmTests = []helmTestCase{
 	{
 		name: "helm-creds-missing-path", oci: false, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path2", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "helm-creds-invalid-path", oci: false, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "invalid",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "helm-creds-valid-path", oci: false, testAuth: true, path: "path1",
@@ -150,12 +162,14 @@ var helmTests = []helmTestCase{
 	{
 		name: "oci-creds-missing", oci: true, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "no basic auth credentials",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "no basic auth credentials",
 	},
 	{
 		name: "oci-creds-invalid", oci: true, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "oci-creds-valid", oci: true, testAuth: true,
@@ -164,12 +178,14 @@ var helmTests = []helmTestCase{
 	{
 		name: "oci-creds-missing-path", oci: true, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart2", argUsername: "test-user", argPassword: "secret-password",
-		expectedError: "no basic auth credentials",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "no basic auth credentials",
 	},
 	{
 		name: "oci-creds-invalid-path", oci: true, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "invalid",
-		expectedError: "401 Unauthorized",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "401 Unauthorized",
 	},
 	{
 		name: "oci-creds-valid-path", oci: true, testAuth: true,
@@ -361,9 +377,9 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		args = append(args, extraArgs...)
 
 		_, stderr, err := p.Kluctl(t, args...)
-		if tc.expectedError != "" {
+		if tc.expectedPrepareError != "" {
 			assert.Error(t, err)
-			assert.Contains(t, stderr, tc.expectedError)
+			assert.Contains(t, stderr, tc.expectedPrepareError)
 			return p, repo, err
 		} else {
 			assert.NoError(t, err)
@@ -394,7 +410,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 	k := defaultCluster1
 	p, repo, err := prepareHelmTestCase(t, k, tc, prePull, useProcess)
 	if err != nil {
-		if tc.expectedError == "" {
+		if tc.expectedPrepareError == "" {
 			assert.Fail(t, "did not expect error")
 		}
 		return
@@ -414,11 +430,11 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 	} else {
 		assert.Contains(t, stderr, pullMessage)
 	}
-	if tc.expectedError != "" {
+	if tc.expectedPrepareError != "" {
 		if useProcess {
-			assert.Contains(t, stderr, tc.expectedError)
+			assert.Contains(t, stderr, tc.expectedPrepareError)
 		} else {
-			assert.ErrorContains(t, err, tc.expectedError)
+			assert.ErrorContains(t, err, tc.expectedPrepareError)
 		}
 	} else {
 		assert.NoError(t, err)
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index e9b8a74b8..4ef67fe6e 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"context"
+	errors2 "errors"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
@@ -44,6 +45,13 @@ func (r *KluctlDeploymentReconciler) patchFail(ctx context.Context, obj *kluctlv
 
 func (r *KluctlDeploymentReconciler) patchFailPrepare(ctx context.Context, obj *kluctlv1.KluctlDeployment, err error) error {
 	obj.Status.LastPrepareError = err.Error()
+	var err2 *multierror.Error
+	if errors2.As(err, &err2) {
+		// prepare errors tend to be extremely long, which makes tools like k9s unusable
+		err = fmt.Errorf("prepare failed with %d errors. Check status.lastPrepareError for details", len(err2.Errors))
+	} else {
+		err = fmt.Errorf("prepare failed. Check status.lastPrepareError for details")
+	}
 	return r.patchFail(ctx, obj, kluctlv1.PrepareFailedReason, err)
 }
 

From 37009ae955e69020a80f7687022d39a5e3b91ce1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jan 2024 15:17:24 +0100
Subject: [PATCH 1930/2268] fix: Wait for readiness of freshly deployed CRDs

---
 pkg/deployment/utils/apply_utils.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 577029c06..eda45e708 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -418,6 +418,11 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 
 			_, _, tmpErr := a.k.GetSingleObjectMetadata(crdRef)
 			if tmpErr == nil {
+				// CRD might be so fresh that it is not accepted/ready yet, so lets wait for readiness
+				if !a.WaitReadiness(crdRef, 5*time.Second) {
+					a.HandleError(ref, err)
+					return
+				}
 				status.Tracef(a.ctx, "resource unknown, and CRD %s is available, retrying with invalidated caches", crdName)
 				// retry with invalidated discovery
 				a.k.ResetMapper()

From e4a28f8cdd349de2e253ad9240e5fca2c600dbfc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 08:55:18 +0100
Subject: [PATCH 1931/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.20.3 to 1.21.0 (#945)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.20.3 to 1.21.0.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.20.3...v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 19e56e52f..be6bb3de5 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.20.3
+	github.com/ohler55/ojg v1.21.0
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.12.0
diff --git a/go.sum b/go.sum
index 1e61e5149..02ee19227 100644
--- a/go.sum
+++ b/go.sum
@@ -534,8 +534,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.20.3 h1:Z+fnElsA/GbI5oiT726qJaG4Ca9q5l7UO68Qd0PtkD4=
-github.com/ohler55/ojg v1.20.3/go.mod h1:uHcD1ErbErC27Zhb5Df2jUjbseLLcmOCo6oxSr3jZxo=
+github.com/ohler55/ojg v1.21.0 h1:niqSS6yl3PQZJrqh7pKs/zinl4HebGe8urXEfpvlpYY=
+github.com/ohler55/ojg v1.21.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
 github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
 github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=

From 0ded13d4375cb6fa2b5a6fa97bbf2e32cb445c80 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 08:55:38 +0100
Subject: [PATCH 1932/2268] chore(deps): Bump the golang-x group with 3 updates
 (#943)

Bumps the golang-x group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/crypto` from 0.17.0 to 0.18.0
- [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.18.0)

Updates `golang.org/x/net` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.20.0)

Updates `golang.org/x/oauth2` from 0.15.0 to 0.16.0
- [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index be6bb3de5..8627e7e5c 100644
--- a/go.mod
+++ b/go.mod
@@ -33,11 +33,11 @@ require (
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.17.0
-	golang.org/x/net v0.19.0
+	golang.org/x/crypto v0.18.0
+	golang.org/x/net v0.20.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/sys v0.16.0
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
 	k8s.io/api v0.29.0
@@ -83,7 +83,7 @@ require (
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	golang.org/x/oauth2 v0.15.0
+	golang.org/x/oauth2 v0.16.0
 	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
 	google.golang.org/grpc v1.60.1
 	google.golang.org/protobuf v1.32.0
diff --git a/go.sum b/go.sum
index 02ee19227..aa82ccd88 100644
--- a/go.sum
+++ b/go.sum
@@ -715,8 +715,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
@@ -747,11 +747,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -791,8 +791,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From a484144d108601f49e635d81dd8b74f1ca0eb951 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Jan 2024 11:55:56 +0100
Subject: [PATCH 1933/2268] fix: Do not use slices of struct pointers in yaml
 related structs (#948)

Otherwise stuff like this results in crashes:

targets:
- null
---
 pkg/deployment/deployment_collection.go |  4 +-
 pkg/deployment/deployment_project.go    | 20 ++++----
 pkg/deployment/utils/diff_utils.go      |  4 +-
 pkg/diff/normalize.go                   |  8 ++--
 pkg/diff/normalize_test.go              | 18 +++----
 pkg/kluctl_project/external_args.go     |  4 +-
 pkg/kluctl_project/targets.go           |  2 +-
 pkg/types/deployment.go                 |  8 ++--
 pkg/types/kluctl_project.go             | 16 +++----
 pkg/types/zz_generated.deepcopy.go      | 64 +++++++------------------
 pkg/vars/vars_loader.go                 |  5 +-
 pkg/webui/server.go                     |  8 ++--
 12 files changed, 67 insertions(+), 94 deletions(-)

diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 7bd93b91a..77b41e966 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -93,7 +93,9 @@ func (c *DeploymentCollection) collectAllDeployments(project *DeploymentProject,
 		return nil, err
 	}
 
-	for i, diConfig := range project.Config.Deployments {
+	for i, _ := range project.Config.Deployments {
+		diConfig := &project.Config.Deployments[i]
+
 		whenTrue, err := project.VarsCtx.CheckConditional(diConfig.When)
 		if err != nil {
 			return nil, err
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index f4500cbff..1dce94e29 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -73,7 +73,7 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 	return dp, nil
 }
 
-func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []*types.VarsSource) error {
+func (p *DeploymentProject) loadVarsList(varsCtx *vars.VarsCtx, varsList []types.VarsSource) error {
 	return p.ctx.VarsLoader.LoadVarsList(p.ctx.Ctx, varsCtx, varsList, p.getRenderSearchDirs(), "")
 }
 
@@ -101,7 +101,7 @@ func (p *DeploymentProject) loadConfig() error {
 }
 
 func (p *DeploymentProject) generateSingleKustomizeProject() error {
-	p.Config.Deployments = append(p.Config.Deployments, &types.DeploymentItemConfig{
+	p.Config.Deployments = append(p.Config.Deployments, types.DeploymentItemConfig{
 		Path: utils.StrPtr("."),
 	})
 	return nil
@@ -127,7 +127,8 @@ func (p *DeploymentProject) processConfig() error {
 
 	// If there are no explicit tags set, interpret the path as a tag, which allows to
 	// enable/disable single deployments via included/excluded tags
-	for _, item := range p.Config.Deployments {
+	for i, _ := range p.Config.Deployments {
+		item := &p.Config.Deployments[i]
 		if len(item.Tags) != 0 {
 			continue
 		}
@@ -180,7 +181,8 @@ func (p *DeploymentProject) CheckWhenTrue() (bool, error) {
 }
 
 func (p *DeploymentProject) loadIncludes() error {
-	for i, inc := range p.Config.Deployments {
+	for i, _ := range p.Config.Deployments {
+		inc := &p.Config.Deployments[i]
 		var err error
 		var newProject *DeploymentProject
 
@@ -380,19 +382,19 @@ func (p *DeploymentProject) getTags() *utils.OrderedMap[string, bool] {
 	return &tags
 }
 
-func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAnnotations bool) []*types.IgnoreForDiffItemConfig {
-	var ret []*types.IgnoreForDiffItemConfig
+func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAnnotations bool) []types.IgnoreForDiffItemConfig {
+	var ret []types.IgnoreForDiffItemConfig
 	for _, e := range p.getParents() {
 		ret = append(ret, e.p.Config.IgnoreForDiff...)
 	}
 	if ignoreTags {
-		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.labels\["kluctl\.io/tag-.*"\]`}})
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.labels\["kluctl\.io/tag-.*"\]`}})
 	}
 	if ignoreLabels {
-		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.labels.*`}})
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.labels.*`}})
 	}
 	if ignoreAnnotations {
-		ret = append(ret, &types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.annotations.*`}})
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.annotations.*`}})
 	}
 	return ret
 }
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index 322547181..fde1f3fab 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -61,7 +61,7 @@ func (u *DiffUtil) sortChanges() {
 	})
 }
 
-func (u *DiffUtil) diffObjects(objects []*uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig, wg *sync.WaitGroup) {
+func (u *DiffUtil) diffObjects(objects []*uo.UnstructuredObject, ignoreForDiffs []types.IgnoreForDiffItemConfig, wg *sync.WaitGroup) {
 	for _, o := range objects {
 		o := o
 		ref := o.GetK8sRef()
@@ -84,7 +84,7 @@ func (u *DiffUtil) diffObjects(objects []*uo.UnstructuredObject, ignoreForDiffs
 	}
 }
 
-func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig) {
+func (u *DiffUtil) diffObject(lo *uo.UnstructuredObject, diffRef k8s2.ObjectRef, ao *uo.UnstructuredObject, ro *uo.UnstructuredObject, ignoreForDiffs []types.IgnoreForDiffItemConfig) {
 	if ao != nil && ro == nil {
 		// new?
 		return
diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index 6a0307b21..c04908772 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -132,7 +132,7 @@ var ignoreDiffFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-
 var ignoreDiffFieldRegexAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-diff-field-regex(-\d*)?$`)
 
 // NormalizeObject Performs some deterministic sorting and other normalizations to avoid ugly diffs due to order changes
-func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreForDiffItemConfig, localObject *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
+func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []types.IgnoreForDiffItemConfig, localObject *uo.UnstructuredObject) (*uo.UnstructuredObject, error) {
 	gvk := o_.GetK8sGVK()
 	name := o_.GetK8sName()
 	ns := o_.GetK8sNamespace()
@@ -163,14 +163,14 @@ func NormalizeObject(o_ *uo.UnstructuredObject, ignoreForDiffs []*types.IgnoreFo
 		return v == *m
 	}
 
-	ignoreForDiffs = append([]*types.IgnoreForDiffItemConfig{}, ignoreForDiffs...)
+	ignoreForDiffs = append([]types.IgnoreForDiffItemConfig{}, ignoreForDiffs...)
 	for _, v := range localObject.GetK8sAnnotationsWithRegex(ignoreDiffFieldAnnotationRegex) {
-		ignoreForDiffs = append(ignoreForDiffs, &types.IgnoreForDiffItemConfig{
+		ignoreForDiffs = append(ignoreForDiffs, types.IgnoreForDiffItemConfig{
 			FieldPath: []string{v},
 		})
 	}
 	for _, v := range localObject.GetK8sAnnotationsWithRegex(ignoreDiffFieldRegexAnnotationRegex) {
-		ignoreForDiffs = append(ignoreForDiffs, &types.IgnoreForDiffItemConfig{
+		ignoreForDiffs = append(ignoreForDiffs, types.IgnoreForDiffItemConfig{
 			FieldPathRegex: []string{v},
 		})
 	}
diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
index d380ea9b0..af040ed63 100644
--- a/pkg/diff/normalize_test.go
+++ b/pkg/diff/normalize_test.go
@@ -40,7 +40,7 @@ type testCase struct {
 	remote         *uo.UnstructuredObject
 	local          *uo.UnstructuredObject
 	result         *uo.UnstructuredObject
-	ignoreForDiffs []*types.IgnoreForDiffItemConfig
+	ignoreForDiffs []types.IgnoreForDiffItemConfig
 }
 
 func runTests(t *testing.T, tests []testCase) {
@@ -112,7 +112,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.l1", "metadata.labels.l2"}},
 			},
 		},
@@ -120,7 +120,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}},
 			},
 		},
@@ -128,7 +128,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPathRegex: []string{`metadata\.labels\.l.*`}},
 			},
 		},
@@ -136,7 +136,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("Nope")},
 			},
 		},
@@ -144,7 +144,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}, Kind: utils.StrPtr("Nope")},
 			},
 		},
@@ -152,7 +152,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}, Name: utils.StrPtr("Nope")},
 			},
 		},
@@ -160,7 +160,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}, Namespace: utils.StrPtr("Nope")},
 			},
 		},
@@ -168,7 +168,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			remote: buildObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2"}}}`),
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {}}}`),
-			ignoreForDiffs: []*types.IgnoreForDiffItemConfig{
+			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
 				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("apps"), Kind: utils.StrPtr("Deployment"), Name: utils.StrPtr("test"), Namespace: utils.StrPtr("ns")},
 			},
 		},
diff --git a/pkg/kluctl_project/external_args.go b/pkg/kluctl_project/external_args.go
index d6d5f5bcf..7a570927c 100644
--- a/pkg/kluctl_project/external_args.go
+++ b/pkg/kluctl_project/external_args.go
@@ -54,7 +54,7 @@ func ConvertArgsToVars(args map[string]string, allowLoadFromFiles bool) (*uo.Uns
 	return vars, nil
 }
 
-func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObject) error {
+func LoadDefaultArgs(args []types.DeploymentArg, deployArgs *uo.UnstructuredObject) error {
 	// load defaults
 	defaults := uo.New()
 	for _, a := range args {
@@ -80,7 +80,7 @@ func LoadDefaultArgs(args []*types.DeploymentArg, deployArgs *uo.UnstructuredObj
 	return nil
 }
 
-func checkRequiredArgs(argsDef []*types.DeploymentArg, args *uo.UnstructuredObject) error {
+func checkRequiredArgs(argsDef []types.DeploymentArg, args *uo.UnstructuredObject) error {
 	for _, a := range argsDef {
 		var p []interface{}
 		for _, x := range strings.Split(a.Name, ".") {
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 86cdd5677..52e3cf89e 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -21,7 +21,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 			continue
 		}
 
-		target, err := c.buildTarget(configTarget)
+		target, err := c.buildTarget(&configTarget)
 		if err != nil {
 			status.Warningf(ctx, "Failed to load target config for project: %v", err)
 			continue
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index d3f247640..4e8bc0e79 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -23,7 +23,7 @@ type DeploymentItemConfig struct {
 
 	Args     *uo.UnstructuredObject `json:"args,omitempty"`
 	PassVars bool                   `json:"passVars,omitempty"`
-	Vars     []*VarsSource          `json:"vars,omitempty"`
+	Vars     []VarsSource           `json:"vars,omitempty"`
 
 	SkipDeleteIfTags bool   `json:"skipDeleteIfTags,omitempty"`
 	OnlyRender       bool   `json:"onlyRender,omitempty"`
@@ -137,19 +137,19 @@ func ValidateIgnoreForDiffItemConfig(sl validator.StructLevel) {
 }
 
 type DeploymentProjectConfig struct {
-	Vars          []*VarsSource        `json:"vars,omitempty"`
+	Vars          []VarsSource         `json:"vars,omitempty"`
 	SealedSecrets *SealedSecretsConfig `json:"sealedSecrets,omitempty"`
 
 	When string `json:"when,omitempty"`
 
-	Deployments []*DeploymentItemConfig `json:"deployments,omitempty"`
+	Deployments []DeploymentItemConfig `json:"deployments,omitempty"`
 
 	CommonLabels      map[string]string `json:"commonLabels,omitempty"`
 	CommonAnnotations map[string]string `json:"commonAnnotations,omitempty"`
 	OverrideNamespace *string           `json:"overrideNamespace,omitempty"`
 	Tags              []string          `json:"tags,omitempty"`
 
-	IgnoreForDiff []*IgnoreForDiffItemConfig `json:"ignoreForDiff,omitempty"`
+	IgnoreForDiff []IgnoreForDiffItemConfig `json:"ignoreForDiff,omitempty"`
 }
 
 func init() {
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index 64fee054b..be1dce8d7 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -37,8 +37,8 @@ type DeploymentArg struct {
 }
 
 type SecretSet struct {
-	Name string        `json:"name" validate:"required"`
-	Vars []*VarsSource `json:"vars,omitempty"`
+	Name string       `json:"name" validate:"required"`
+	Vars []VarsSource `json:"vars,omitempty"`
 }
 
 type GlobalSealedSecretsConfig struct {
@@ -53,13 +53,13 @@ type SecretsConfig struct {
 }
 
 type KluctlProject struct {
-	Targets       []*Target        `json:"targets,omitempty"`
-	Args          []*DeploymentArg `json:"args,omitempty"`
-	SecretsConfig *SecretsConfig   `json:"secretsConfig,omitempty"`
-	Discriminator string           `json:"discriminator,omitempty"`
-	Aws           *AwsConfig       `json:"aws,omitempty"`
+	Targets       []Target        `json:"targets,omitempty"`
+	Args          []DeploymentArg `json:"args,omitempty"`
+	SecretsConfig *SecretsConfig  `json:"secretsConfig,omitempty"`
+	Discriminator string          `json:"discriminator,omitempty"`
+	Aws           *AwsConfig      `json:"aws,omitempty"`
 }
 
 type KluctlLibraryProject struct {
-	Args []*DeploymentArg `json:"args,omitempty"`
+	Args []DeploymentArg `json:"args,omitempty"`
 }
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 02ac8bd74..1770cae8d 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -140,13 +140,9 @@ func (in *DeploymentItemConfig) DeepCopyInto(out *DeploymentItemConfig) {
 	}
 	if in.Vars != nil {
 		in, out := &in.Vars, &out.Vars
-		*out = make([]*VarsSource, len(*in))
+		*out = make([]VarsSource, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(VarsSource)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.RenderedHelmChartConfig != nil {
@@ -181,13 +177,9 @@ func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
 	*out = *in
 	if in.Vars != nil {
 		in, out := &in.Vars, &out.Vars
-		*out = make([]*VarsSource, len(*in))
+		*out = make([]VarsSource, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(VarsSource)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.SealedSecrets != nil {
@@ -197,13 +189,9 @@ func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
 	}
 	if in.Deployments != nil {
 		in, out := &in.Deployments, &out.Deployments
-		*out = make([]*DeploymentItemConfig, len(*in))
+		*out = make([]DeploymentItemConfig, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(DeploymentItemConfig)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.CommonLabels != nil {
@@ -232,13 +220,9 @@ func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
 	}
 	if in.IgnoreForDiff != nil {
 		in, out := &in.IgnoreForDiff, &out.IgnoreForDiff
-		*out = make([]*IgnoreForDiffItemConfig, len(*in))
+		*out = make([]IgnoreForDiffItemConfig, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(IgnoreForDiffItemConfig)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 }
@@ -582,13 +566,9 @@ func (in *KluctlLibraryProject) DeepCopyInto(out *KluctlLibraryProject) {
 	*out = *in
 	if in.Args != nil {
 		in, out := &in.Args, &out.Args
-		*out = make([]*DeploymentArg, len(*in))
+		*out = make([]DeploymentArg, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(DeploymentArg)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 }
@@ -608,24 +588,16 @@ func (in *KluctlProject) DeepCopyInto(out *KluctlProject) {
 	*out = *in
 	if in.Targets != nil {
 		in, out := &in.Targets, &out.Targets
-		*out = make([]*Target, len(*in))
+		*out = make([]Target, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(Target)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.Args != nil {
 		in, out := &in.Args, &out.Args
-		*out = make([]*DeploymentArg, len(*in))
+		*out = make([]DeploymentArg, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(DeploymentArg)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 	if in.SecretsConfig != nil {
@@ -779,13 +751,9 @@ func (in *SecretSet) DeepCopyInto(out *SecretSet) {
 	*out = *in
 	if in.Vars != nil {
 		in, out := &in.Vars, &out.Vars
-		*out = make([]*VarsSource, len(*in))
+		*out = make([]VarsSource, len(*in))
 		for i := range *in {
-			if (*in)[i] != nil {
-				in, out := &(*in)[i], &(*out)[i]
-				*out = new(VarsSource)
-				(*in).DeepCopyInto(*out)
-			}
+			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 }
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 8b0ac5701..b71f69bce 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -58,8 +58,9 @@ func NewVarsLoader(ctx context.Context, k *k8s.K8sCluster, sops *decryptor.Decry
 	}
 }
 
-func (v *VarsLoader) LoadVarsList(ctx context.Context, varsCtx *VarsCtx, varsList []*types.VarsSource, searchDirs []string, rootKey string) error {
-	for _, source := range varsList {
+func (v *VarsLoader) LoadVarsList(ctx context.Context, varsCtx *VarsCtx, varsList []types.VarsSource, searchDirs []string, rootKey string) error {
+	for i, _ := range varsList {
+		source := &varsList[i]
 		err := v.LoadVars(ctx, varsCtx, source, searchDirs, rootKey)
 		if err != nil {
 			return err
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 6604ffd55..9a8286c5d 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -296,13 +296,13 @@ func (s *CommandResultsServer) redactSensitiveVars(user *User, d *types.Deployme
 		}
 	}
 
-	for _, v := range d.Vars {
-		doRedact(v)
+	for i, _ := range d.Vars {
+		doRedact(&d.Vars[i])
 	}
 
 	for _, di := range d.Deployments {
-		for _, v := range di.Vars {
-			doRedact(v)
+		for i, _ := range di.Vars {
+			doRedact(&di.Vars[i])
 		}
 		s.redactSensitiveVars(user, di.RenderedInclude)
 	}

From e784843a51d5c5bbc04bed6aa1adadfaf3131330 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jan 2024 11:56:07 +0100
Subject: [PATCH 1934/2268] chore(deps): Bump
 github.com/prometheus/client_golang (#944)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8627e7e5c..5136f8e90 100644
--- a/go.mod
+++ b/go.mod
@@ -80,7 +80,7 @@ require (
 	github.com/onsi/gomega v1.30.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
-	github.com/prometheus/client_golang v1.17.0
+	github.com/prometheus/client_golang v1.18.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.16.0
diff --git a/go.sum b/go.sum
index aa82ccd88..f6395589b 100644
--- a/go.sum
+++ b/go.sum
@@ -573,8 +573,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
+github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
+github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=

From f18001f39be97fa1580774aa28d2ee9241501f6b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Jan 2024 14:57:31 +0100
Subject: [PATCH 1935/2268] fix: Update go-git to current master to fix slow
 git status (#949)

---
 go.mod |  4 ++--
 go.sum | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 5136f8e90..2a5c19185 100644
--- a/go.mod
+++ b/go.mod
@@ -70,7 +70,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
-	github.com/go-git/go-git/v5 v5.11.0
+	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
 	github.com/go-logr/logr v1.4.1
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.5.0
@@ -139,7 +139,7 @@ require (
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
-	github.com/cloudflare/circl v1.3.6 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/containerd/containerd v1.7.11 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
diff --git a/go.sum b/go.sum
index f6395589b..cd00619e9 100644
--- a/go.sum
+++ b/go.sum
@@ -147,8 +147,8 @@ github.com/chenzhuoyu/iasm v0.9.1 h1:tUHQJXo3NhBqw6s33wkGn9SP3bvrWLdlVIJ3hQBL7P0
 github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg=
-github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
@@ -239,8 +239,8 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
-github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
+github.com/gliderlabs/ssh v0.3.6 h1:ZzjlDa05TcFRICb3anf/dSPN3ewz1Zx6CMLPWgkm3b8=
+github.com/gliderlabs/ssh v0.3.6/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -249,8 +249,8 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
-github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
+github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0 h1:XBPz8KeTUbi7DKytfs8o0ScmK26udHu5lIQuq4jsu34=
+github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0/go.mod h1:rGg8aLOxsDU5LgK8kiSJUzXaTPmwYZQYCj4+ouohMuM=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=

From 1d54529157331ea6e112e6be308f0f9dad47bf46 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 11 Jan 2024 08:49:17 +0100
Subject: [PATCH 1936/2268] build: Preparing release v2.23.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 3836b7977..6c98e49bd 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.22.1
+        tag: v2.23.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 441c52840..0a4b8e5b6 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.22.1
+        tag: v2.23.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 2fe232483..bc78fd956 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.22.1
+        tag: v2.23.0
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.22.1
+            kluctl_version: v2.23.0
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.22.1
+        tag: v2.23.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index eb79fc62e..621e04c54 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.22.1
+         tag: v2.23.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 60c4c9c2b..c14155042 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.22.1
+    default: v2.23.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 3345b761d..aafa54ada 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.22.1") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 5c095a16f..0354dbd41 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.22.1
+    default: v2.23.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 9cc0ac639..858988069 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.22.1") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 8d79f753bc3f52b22a6f432291eae53a24e13046 Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Thu, 11 Jan 2024 16:37:48 +0400
Subject: [PATCH 1937/2268] Bump wolfi image to latest (#951)

---
 .goreleaser.yaml | 4 ++--
 Dockerfile       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index d4cf14341..e2e98bd06 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -89,7 +89,7 @@ dockers:
     build_flag_templates:
       - "--pull"
       # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/amd64 layer
-      - "--build-arg=WOLFI_DIGEST=sha256:3c41b0c5a5b09fb4e5fccdc9469c992cf489161989fcc3e17c7c394bbea4b215"
+      - "--build-arg=WOLFI_DIGEST=sha256:bf06e4be7e7fd13fda57290bc339022e1fdb34ecaa9beb07bad1b7f91038c6e4"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -104,7 +104,7 @@ dockers:
     build_flag_templates:
       - "--pull"
       # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/arm64 layer
-      - "--build-arg=WOLFI_DIGEST=sha256:f27d65564f05397c920f63fb81b485f829de3ee23fd32a4a0af1002ec7ead0d2"
+      - "--build-arg=WOLFI_DIGEST=sha256:98ff8900f4e2173fa2e32ba52c695b1b5c6b76c6e16914f6873f5aa6502e23d3"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
diff --git a/Dockerfile b/Dockerfile
index f53a3aec2..99cb52892 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
 # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
-ARG WOLFI_DIGEST=sha256:ccc5551b5dd1fdcff5fc76ac1605b4c217f77f43410e0bd8a56599d6504dbbdd
+ARG WOLFI_DIGEST=sha256:5bab300be31cd472c6f45ba7c059415b0bdeb0a49b32ecc12060394d642fd192
 FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # We need git for kustomize to support overlays from git

From 0d506729b91cf61896155c0af7b703f92e52ed10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 11 Jan 2024 13:38:06 +0100
Subject: [PATCH 1938/2268] build: Preparing release v2.23.1

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 6c98e49bd..d0a2674d6 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.0
+        tag: v2.23.1
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 0a4b8e5b6..78fd3783c 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.0
+        tag: v2.23.1
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index bc78fd956..7b69cd94a 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.0
+        tag: v2.23.1
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.0
+            kluctl_version: v2.23.1
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.0
+        tag: v2.23.1
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 621e04c54..e7331c16f 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.0
+         tag: v2.23.1
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index c14155042..df33d2066 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.0
+    default: v2.23.1
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index aafa54ada..a567d2d87 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.0") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 0354dbd41..5cd3e9fb5 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.0
+    default: v2.23.1
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 858988069..f616017fe 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.0") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 1529f0579155cc9c5cb3245db42111f6adabc7f5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 11 Jan 2024 14:45:16 +0100
Subject: [PATCH 1939/2268] build: Simplify updating of wolfi-base by using
 $TARGETPLATFORM in FROM

This allows to use the multiarch image even when releasing.
---
 .goreleaser.yaml | 4 ----
 Dockerfile       | 5 ++++-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index e2e98bd06..692de5238 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -88,8 +88,6 @@ dockers:
     goarch: amd64
     build_flag_templates:
       - "--pull"
-      # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/amd64 layer
-      - "--build-arg=WOLFI_DIGEST=sha256:bf06e4be7e7fd13fda57290bc339022e1fdb34ecaa9beb07bad1b7f91038c6e4"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
@@ -103,8 +101,6 @@ dockers:
     goarch: arm64
     build_flag_templates:
       - "--pull"
-      # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of linux/arm64 layer
-      - "--build-arg=WOLFI_DIGEST=sha256:98ff8900f4e2173fa2e32ba52c695b1b5c6b76c6e16914f6873f5aa6502e23d3"
       - "--label=org.opencontainers.image.created={{ .Date }}"
       - "--label=org.opencontainers.image.name={{ .ProjectName }}"
       - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
diff --git a/Dockerfile b/Dockerfile
index 99cb52892..196677e84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,10 @@
 # see https://github.com/indygreg/python-build-standalone/issues/87
 # use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
 ARG WOLFI_DIGEST=sha256:5bab300be31cd472c6f45ba7c059415b0bdeb0a49b32ecc12060394d642fd192
-FROM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
+FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
+
+# See https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG TARGETPLATFORM
 
 # We need git for kustomize to support overlays from git
 RUN apk update && apk add git tzdata

From ed09a4f8b45b127bf11839db4a8e5ac9c2c0e877 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 11 Jan 2024 14:56:16 +0100
Subject: [PATCH 1940/2268] ci: Add tests for docker image and git

---
 .github/workflows/tests.yml | 42 +++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0cf00d523..8937721a2 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -106,6 +106,48 @@ jobs:
         run: |
           make build-webui
 
+  check-docker-images:
+    strategy:
+      matrix:
+        include:
+          - docker_platform: linux/amd64
+            goarch: amd64
+          - docker_platform: linux/arm64
+            goarch: arm64
+      fail-fast: false
+    runs-on: ubuntu-latest
+    name: check-docker-images-${{ matrix.docker_platform }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: check-docker-images-${{ matrix.docker_platform }}-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            tests-go-${{ runner.os }}-
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build kluctl
+        run: |
+          GOARCH=${{ matrix.goarch }} make build-bin
+      - name: Build docker images
+        run: |
+          docker build -t test-image --platform=${{ matrix.docker_platform }} .
+      - name: Test if git works
+        run: |
+          # test if the git binary is still working, which keep breaking due to wolfi-base updates being missed
+          # If you see this failing, it's time to upgrade the base image in Dockerfile...
+          docker run --platform=${{ matrix.docker_platform }} --rm -i --entrypoint=/bin/sh test-image -c "cd && git clone https://github.com/kluctl/kluctl.git"
+
   tests:
     strategy:
       matrix:

From 8c11c4d260317705fa533249aff1313a66ddff8a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 Jan 2024 09:47:53 +0100
Subject: [PATCH 1941/2268] fix: Remove ensureDir and instead just use
 os.MkdirAll

ensureDir was only needed in the past when we were moving from "one tmp dir
for all users" to "one tmp dir per user".
---
 pkg/utils/tmpdir.go | 48 ++++++++++++++-------------------------------
 1 file changed, 15 insertions(+), 33 deletions(-)

diff --git a/pkg/utils/tmpdir.go b/pkg/utils/tmpdir.go
index cb4dfaf77..57aadb877 100644
--- a/pkg/utils/tmpdir.go
+++ b/pkg/utils/tmpdir.go
@@ -3,7 +3,6 @@ package utils
 import (
 	"context"
 	"fmt"
-	"io/fs"
 	"k8s.io/client-go/util/homedir"
 	"os"
 	"os/user"
@@ -57,7 +56,10 @@ func GetCacheDir(ctx context.Context) string {
 		v2 := v.(*dirValue)
 		dir = v2.dir
 	}
-	ensureDir(dir, 0o700, true)
+	err := os.MkdirAll(dir, 0o700)
+	if err != nil {
+		panic(err)
+	}
 	return dir
 }
 
@@ -96,7 +98,11 @@ func getDefaultCacheDir(ctx context.Context) string {
 }
 
 func createTmpBaseDir(dir string) string {
-	ensureDir(dir, 0o777, true)
+	// all users can access the parent dir
+	err := os.MkdirAll(dir, 0o777)
+	if err != nil {
+		panic(err)
+	}
 
 	// every user gets its own tmp dir
 	if runtime.GOOS == "windows" {
@@ -110,35 +116,11 @@ func createTmpBaseDir(dir string) string {
 		dir = filepath.Join(dir, fmt.Sprintf("%d", uid))
 	}
 
-	ensureDir(dir, 0o700, true)
-	return dir
-}
-
-func ensureDir(path string, perm fs.FileMode, allowCreate bool) {
-	if Exists(path) {
-		st, err := os.Lstat(path)
-		if err != nil {
-			panic(err)
-		}
-		if !st.IsDir() {
-			panic(fmt.Sprintf("%s is not a directory", path))
-		}
-		if st.Mode().Perm() != perm {
-			err = os.Chmod(path, perm)
-			if err != nil {
-				panic(err)
-			}
-		}
-	} else if !allowCreate {
-		panic(fmt.Sprintf("failed to ensure directory %s", path))
-	} else {
-		err := os.Mkdir(path, perm)
-		if err != nil {
-			if os.IsExist(err) {
-				ensureDir(path, perm, false)
-			} else {
-				panic(err)
-			}
-		}
+	// only current user can access the actual tmp dir
+	err = os.Mkdir(dir, 0o700)
+	if err != nil && !os.IsExist(err) {
+		panic(err)
 	}
+
+	return dir
 }

From 2aa41c25fbcaaa979d09af28d3e9c2d2c6d66d07 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 Jan 2024 09:12:47 +0100
Subject: [PATCH 1942/2268] ci: Test if kluctl binary works inside Github
 actions

---
 .github/workflows/tests.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 8937721a2..c4c215b5d 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -142,11 +142,16 @@ jobs:
       - name: Build docker images
         run: |
           docker build -t test-image --platform=${{ matrix.docker_platform }} .
-      - name: Test if git works
+      - name: Test if git works inside container
         run: |
           # test if the git binary is still working, which keep breaking due to wolfi-base updates being missed
           # If you see this failing, it's time to upgrade the base image in Dockerfile...
           docker run --platform=${{ matrix.docker_platform }} --rm -i --entrypoint=/bin/sh test-image -c "cd && git clone https://github.com/kluctl/kluctl.git"
+      - name: Test if binary can be executed inside Github actions
+        if: matrix.goarch == 'amd64'
+        run: |
+          cd install/controller
+          ../../bin/kluctl render --offline-kubernetes
 
   tests:
     strategy:

From b5f30b33f70f65cb84519dabdd69c36f4754c935 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 12 Jan 2024 10:10:12 +0100
Subject: [PATCH 1943/2268] build: Preparing release v2.23.2

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index d0a2674d6..326ea6562 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.1
+        tag: v2.23.2
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 78fd3783c..bc5ddf2fd 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.1
+        tag: v2.23.2
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 7b69cd94a..adfba0ed1 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.1
+        tag: v2.23.2
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.1
+            kluctl_version: v2.23.2
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.1
+        tag: v2.23.2
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index e7331c16f..6f6f49067 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.1
+         tag: v2.23.2
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index df33d2066..6f4f1fea2 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.1
+    default: v2.23.2
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index a567d2d87..73b017432 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.1") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.2") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 5cd3e9fb5..b0ad2831a 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.1
+    default: v2.23.2
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index f616017fe..c95d81ec0 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.1") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.2") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 3ca8f62d6326cdd74007c9923bc8612ede83f045 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 Jan 2024 14:01:34 +0100
Subject: [PATCH 1944/2268] fix: Skip hooks when determining objects to wait
 for readiness

hooks have their own waitReadiness logic, so we must skip them here.
Otherwise we'd wait for an object didn't even get deployed yet
(e.g. post-deploy hooks).
---
 pkg/deployment/utils/apply_utils.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index eda45e708..6fa20c309 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -601,6 +601,8 @@ func (a *ApplyUtil) convertObjectRef(x types2.ObjectRefItem, refs map[k8s2.Objec
 }
 
 func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
+	h := HooksUtil{a: a}
+
 	toDelete := map[k8s2.ObjectRef]bool{}
 	toWaitReadiness := map[k8s2.ObjectRef]bool{}
 	for _, x := range d.Config.DeleteObjects {
@@ -614,14 +616,16 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 			toDelete[x.GetK8sRef()] = true
 		}
 
-		waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || x.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
-		if waitReadiness {
-			toWaitReadiness[x.GetK8sRef()] = true
+		// hooks have their own waitReadiness logic, so we must skip them here. Otherwise we'd wait for an object
+		// didn't even get deployed yet (e.g. post-deploy hooks).
+		if h.GetHook(x) == nil {
+			waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || x.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
+			if waitReadiness {
+				toWaitReadiness[x.GetK8sRef()] = true
+			}
 		}
 	}
 
-	h := HooksUtil{a: a}
-
 	initialDeploy := true
 	for _, o := range d.Objects {
 		if a.ru.GetRemoteObject(o.GetK8sRef()) != nil {

From 23a899e95918f0f3f63734fc8e3be856c6bb5aa0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 Jan 2024 14:09:30 +0100
Subject: [PATCH 1945/2268] tests: Add
 TestWaitReadinessViaKustomizationWithHook test

---
 e2e/readiness_test.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/e2e/readiness_test.go b/e2e/readiness_test.go
index 93e4301e1..c518dbfcc 100644
--- a/e2e/readiness_test.go
+++ b/e2e/readiness_test.go
@@ -103,3 +103,18 @@ func TestWaitReadinessViaKustomization(t *testing.T) {
 		}, "")
 	})
 }
+
+func TestWaitReadinessViaKustomizationWithHook(t *testing.T) {
+	testWaitReadiness(t, func(p *test_project.TestProject) {
+		// the kustomization.yaml wait-readiness should actually be ignored in this case...
+		p.UpdateYaml("cm2/kustomization.yml", func(o *uo.UnstructuredObject) error {
+			o.SetK8sAnnotation("kluctl.io/wait-readiness", "true")
+			return nil
+		}, "")
+		// because the hook object is what is waited for instead
+		p.UpdateYaml("cm2/configmap-cm2.yml", func(o *uo.UnstructuredObject) error {
+			o.SetK8sAnnotation("kluctl.io/hook", "post-deploy")
+			return nil
+		}, "")
+	})
+}

From c3c70db7a9137d4435f2efc810ce18ecd67be0ef Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 15 Jan 2024 14:19:23 +0100
Subject: [PATCH 1946/2268] build: Preparing release v2.23.3

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 326ea6562..e2edf3e63 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.2
+        tag: v2.23.3
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index bc5ddf2fd..fb960785c 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.2
+        tag: v2.23.3
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index adfba0ed1..1882a2bc9 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.2
+        tag: v2.23.3
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.2
+            kluctl_version: v2.23.3
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.2
+        tag: v2.23.3
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 6f6f49067..8ff045eef 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.2
+         tag: v2.23.3
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 6f4f1fea2..28e94af3d 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.2
+    default: v2.23.3
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 73b017432..fc6f2c18c 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.2") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.3") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index b0ad2831a..c640a3be5 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.2
+    default: v2.23.3
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index c95d81ec0..24e139299 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.2") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.3") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From f3edf1817d426fe26c5cef3b8f5a09c442c996ee Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 Jan 2024 15:17:54 +0100
Subject: [PATCH 1947/2268] refactor: Move detection of object being managed by
 kluctl into own func

---
 pkg/deployment/utils/delete_utils.go | 56 ++++++++++++++++------------
 1 file changed, 32 insertions(+), 24 deletions(-)

diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 54ee07b5d..af854cef8 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -65,6 +65,37 @@ func isSkipDelete(o *uo.UnstructuredObject) bool {
 	return false
 }
 
+func isManagedByKluctl(o *uo.UnstructuredObject) bool {
+	ownerRefs := o.GetK8sOwnerReferences()
+	managedFields := o.GetK8sManagedFields()
+
+	// exclude objects which are owned by some other object
+	if len(ownerRefs) != 0 {
+		return false
+	}
+
+	if len(managedFields) == 0 {
+		// We don't know who manages it...be safe and exclude it
+		return false
+	}
+
+	// check if kluctl is managing this object
+	found := false
+	for _, mf := range managedFields {
+		mgr, _, _ := mf.GetNestedString("manager")
+		if mgr == "kluctl" {
+			found = true
+			break
+		}
+	}
+	if !found && !o.GetK8sAnnotationBoolNoError("kluctl.io/force-managed", false) {
+		// This object is not managed by kluctl, so we shouldn't delete it
+		return false
+	}
+
+	return true
+}
+
 func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject, apiFilter []string, inclusionHasTags bool, excludedObjects map[k8s2.ObjectRef]bool) ([]*uo.UnstructuredObject, error) {
 	filterFunc := func(ar *v1.APIResource) bool {
 		if len(apiFilter) == 0 {
@@ -95,35 +126,12 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 			continue
 		}
 
-		ownerRefs := o.GetK8sOwnerReferences()
-		managedFields := o.GetK8sManagedFields()
-
 		// exclude when explicitly requested
 		if isSkipDelete(o) {
 			continue
 		}
 
-		// exclude objects which are owned by some other object
-		if len(ownerRefs) != 0 {
-			continue
-		}
-
-		if len(managedFields) == 0 {
-			// We don't know who manages it...be safe and exclude it
-			continue
-		}
-
-		// check if kluctl is managing this object
-		found := false
-		for _, mf := range managedFields {
-			mgr, _, _ := mf.GetNestedString("manager")
-			if mgr == "kluctl" {
-				found = true
-				break
-			}
-		}
-		if !found && !o.GetK8sAnnotationBoolNoError("kluctl.io/force-managed", false) {
-			// This object is not managed by kluctl, so we shouldn't delete it
+		if !isManagedByKluctl(o) {
 			continue
 		}
 

From 6e0b86383af75036cdebe5557c4565fe5a73a256 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 Jan 2024 15:19:17 +0100
Subject: [PATCH 1948/2268] feat: Unconditionally assume an object is managed
 by Kluctl if kluctl.io/force-managed=true

---
 docs/kluctl/deployments/annotations/all-resources.md | 3 ++-
 pkg/deployment/utils/delete_utils.go                 | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index 28591814d..392603d74 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -72,7 +72,8 @@ they most likely don't match exclusion tags, but cascaded deletion would still c
 
 ### kluctl.io/force-managed
 If set to "true", Kluctl will always treat the annotated resource as being managed by Kluctl, meaning that it will
-consider it for deletion and pruning even if a foreign field manager resets/removes the Kluctl field manager.
+consider it for deletion and pruning even if a foreign field manager resets/removes the Kluctl field manager or if
+foreign controllers add `ownerReferences` even though they do not really own the resources.
 
 ## Control diff behavior
 
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index af854cef8..8c666a255 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -66,6 +66,10 @@ func isSkipDelete(o *uo.UnstructuredObject) bool {
 }
 
 func isManagedByKluctl(o *uo.UnstructuredObject) bool {
+	if o.GetK8sAnnotationBoolNoError("kluctl.io/force-managed", false) {
+		return true
+	}
+
 	ownerRefs := o.GetK8sOwnerReferences()
 	managedFields := o.GetK8sManagedFields()
 
@@ -88,7 +92,7 @@ func isManagedByKluctl(o *uo.UnstructuredObject) bool {
 			break
 		}
 	}
-	if !found && !o.GetK8sAnnotationBoolNoError("kluctl.io/force-managed", false) {
+	if !found {
 		// This object is not managed by kluctl, so we shouldn't delete it
 		return false
 	}

From 6fd8298ad10620f48456aa3a384635c9fcd22347 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 Jan 2024 13:33:11 +0100
Subject: [PATCH 1949/2268] tests Add tests for pruning with
 kluctl.io/force-managed

---
 e2e/prune_test.go          | 54 ++++++++++++++++++++++++++++++++++++++
 pkg/utils/uo/k8s_fields.go |  4 +++
 pkg/utils/uo/uo.go         |  8 ++++++
 3 files changed, 66 insertions(+)

diff --git a/e2e/prune_test.go b/e2e/prune_test.go
index 92dbe322c..f55d91ee5 100644
--- a/e2e/prune_test.go
+++ b/e2e/prune_test.go
@@ -2,6 +2,10 @@ package e2e
 
 import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	"testing"
 )
 
@@ -71,3 +75,53 @@ func TestDeployWithPrune(t *testing.T) {
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
 }
+
+func TestPruneForceManaged(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_utils.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", map[string]string{}, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", map[string]string{}, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+
+	p.DeleteKustomizeDeployment("cm2")
+
+	patchObject(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), p.TestSlug(), "cm2", func(o *uo.UnstructuredObject) {
+		// objects with owner references are not considered when pruning...
+		o.SetK8sOwnerReferences([]*uo.UnstructuredObject{
+			uo.FromStructMust(&metav1.OwnerReference{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+				Name:       "cm1",
+				UID:        types.UID(cm1.GetK8sUid()),
+			}),
+		})
+	})
+
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2") // not pruned because of owner ref
+
+	patchObject(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), p.TestSlug(), "cm2", func(o *uo.UnstructuredObject) {
+		// ... except when force-managed=true
+		o.SetK8sAnnotation("kluctl.io/force-managed", "true")
+	})
+	p.KluctlMust(t, "prune", "--yes", "-t", "test")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+}
diff --git a/pkg/utils/uo/k8s_fields.go b/pkg/utils/uo/k8s_fields.go
index b7a9ee3fa..413123b1b 100644
--- a/pkg/utils/uo/k8s_fields.go
+++ b/pkg/utils/uo/k8s_fields.go
@@ -261,6 +261,10 @@ func (uo *UnstructuredObject) GetK8sOwnerReferences() []*UnstructuredObject {
 	return ret
 }
 
+func (uo *UnstructuredObject) SetK8sOwnerReferences(l []*UnstructuredObject) {
+	_ = uo.SetNestedField(l, "metadata", "ownerReferences")
+}
+
 func (uo *UnstructuredObject) GetK8sManagedFields() []*UnstructuredObject {
 	ret, _, _ := uo.GetNestedObjectList("metadata", "managedFields")
 	return ret
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 351b2259a..170b81f4f 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -56,6 +56,14 @@ func FromStruct(o interface{}) (*UnstructuredObject, error) {
 	return FromMap(m), nil
 }
 
+func FromStructMust(o interface{}) *UnstructuredObject {
+	x, err := FromStruct(o)
+	if err != nil {
+		panic(err)
+	}
+	return x
+}
+
 func (uo *UnstructuredObject) ToStruct(out interface{}) error {
 	b, err := yaml.WriteYamlBytes(uo.Object)
 	if err != nil {

From 4d01301f91a68b4afcff82934c4bc9ebe9542693 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 10:06:11 +0100
Subject: [PATCH 1950/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#959)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.16.0 to 10.17.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.16.0...v10.17.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2a5c19185..660ffd379 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/bitnami-labs/sealed-secrets v0.24.5
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/go-playground/validator/v10 v10.16.0
+	github.com/go-playground/validator/v10 v10.17.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.17.0
 	github.com/hashicorp/vault/api v1.10.0
diff --git a/go.sum b/go.sum
index cd00619e9..ad623021e 100644
--- a/go.sum
+++ b/go.sum
@@ -280,8 +280,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
-github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.17.0 h1:SmVVlfAOtlZncTxRuinDPomC2DkXJ4E5T9gDA0AIH74=
+github.com/go-playground/validator/v10 v10.17.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From cc3db5d2288470f620ffe0a2cec7d96edfb28be8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 10:07:36 +0100
Subject: [PATCH 1951/2268] chore(deps): Bump the k8s-io group with 3 updates
 (#963)

Bumps the k8s-io group with 3 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) and [k8s.io/klog/v2](https://github.com/kubernetes/klog).


Updates `k8s.io/api` from 0.29.0 to 0.29.1
- [Commits](https://github.com/kubernetes/api/compare/v0.29.0...v0.29.1)

Updates `k8s.io/apiextensions-apiserver` from 0.29.0 to 0.29.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.29.0...v0.29.1)

Updates `k8s.io/klog/v2` from 2.110.1 to 2.120.1
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.110.1...v2.120.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 16 ++++++++--------
 go.sum | 33 ++++++++++++++++-----------------
 2 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/go.mod b/go.mod
index 660ffd379..e9232c608 100644
--- a/go.mod
+++ b/go.mod
@@ -40,11 +40,11 @@ require (
 	golang.org/x/term v0.16.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
-	k8s.io/api v0.29.0
-	k8s.io/apiextensions-apiserver v0.29.0
-	k8s.io/apimachinery v0.29.0
-	k8s.io/client-go v0.29.0
-	k8s.io/klog/v2 v2.110.1
+	k8s.io/api v0.29.1
+	k8s.io/apiextensions-apiserver v0.29.1
+	k8s.io/apimachinery v0.29.1
+	k8s.io/client-go v0.29.1
+	k8s.io/klog/v2 v2.120.1
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )
@@ -287,7 +287,7 @@ require (
 	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.16.0 // indirect
+	golang.org/x/tools v0.16.1 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.153.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
@@ -299,9 +299,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.29.0 // indirect
+	k8s.io/apiserver v0.29.1 // indirect
 	k8s.io/cli-runtime v0.29.0 // indirect
-	k8s.io/component-base v0.29.0 // indirect
+	k8s.io/component-base v0.29.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
 	k8s.io/kubectl v0.29.0 // indirect
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
diff --git a/go.sum b/go.sum
index ad623021e..5a673d56d 100644
--- a/go.sum
+++ b/go.sum
@@ -259,7 +259,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
@@ -816,8 +815,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
-golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -890,22 +889,22 @@ helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY=
 helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A=
-k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA=
-k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
-k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
-k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o=
-k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis=
-k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o=
-k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM=
+k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw=
+k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ=
+k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw=
+k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU=
+k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc=
+k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
+k8s.io/apiserver v0.29.1 h1:e2wwHUfEmMsa8+cuft8MT56+16EONIEK8A/gpBSco+g=
+k8s.io/apiserver v0.29.1/go.mod h1:V0EpkTRrJymyVT3M49we8uh2RvXf7fWC5XLB0P3SwRw=
 k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4=
 k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk=
-k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8=
-k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38=
-k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s=
-k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M=
-k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
-k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
+k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A=
+k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks=
+k8s.io/component-base v0.29.1 h1:MUimqJPCRnnHsskTTjKD+IC1EHBbRCVyi37IoFBrkYw=
+k8s.io/component-base v0.29.1/go.mod h1:fP9GFjxYrLERq1GcWWZAE3bqbNcDKDytn2srWuHTtKc=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI=

From 71f5df50e40947d6090bd364e9ea46bb1301c206 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 10:07:51 +0100
Subject: [PATCH 1952/2268] chore(deps): Bump actions/cache from 3 to 4 (#965)

Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml     | 2 +-
 .github/workflows/preview-run.yml | 2 +-
 .github/workflows/release.yml     | 2 +-
 .github/workflows/tests.yml       | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index b149cbb30..2a883ae98 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -45,7 +45,7 @@ jobs:
           registry: ghcr.io
           username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index cda2bcd9e..28b291bb6 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -26,7 +26,7 @@ jobs:
           node-version: 20
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 763e0d5f6..09d77bec9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
           registry: ghcr.io
           username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c4c215b5d..26f49a5e9 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -25,7 +25,7 @@ jobs:
           node-version: 20
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -123,7 +123,7 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -188,7 +188,7 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod

From 041633e6db8e2ba591e07bae2f8daef6956e19eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 10:08:09 +0100
Subject: [PATCH 1953/2268] chore(deps): Bump the aws-sdk group with 2 updates
 (#966)

Bumps the aws-sdk group with 2 updates: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.26.3 to 1.26.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.3...config/v1.26.6)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.26.1 to 1.26.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.1...config/v1.26.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index e9232c608..7d2404377 100644
--- a/go.mod
+++ b/go.mod
@@ -56,10 +56,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.3
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.14
+	github.com/aws/aws-sdk-go-v2/config v1.26.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
 	github.com/aws/smithy-go v1.19.0
 	github.com/coreos/go-oidc/v3 v3.9.0
@@ -121,12 +121,12 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 5a673d56d..ddb146d5c 100644
--- a/go.sum
+++ b/go.sum
@@ -76,18 +76,18 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
 github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.3 h1:dKuc2jdp10y13dEEvPqWxqLoc0vF3Z9FC45MvuQSxOA=
-github.com/aws/aws-sdk-go-v2/config v1.26.3/go.mod h1:Bxgi+DeeswYofcYO0XyGClwlrq3DZEXli0kLf4hkGA0=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.14 h1:mMDTwwYO9A0/JbOCOG7EOZHtYM+o7OfGWfu0toa23VE=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.14/go.mod h1:cniAUh3ErQPHtCQGPT5ouvSAQ0od8caTO9OOuufZOAE=
+github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
+github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
@@ -96,12 +96,12 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIG
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1 h1:Sn3MAV9YeACCULaxNWWYFH1a6G4wYFwBn3/TA5MwE2Q=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.1/go.mod h1:qutL00aW8GSo2D0I6UEOqMvRS3ZyuBrOC1BLe5D2jPc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 h1:Yf2MIo9x+0tyv76GljxzqA3WtC5mw7NmazD2chwjxE4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2 h1:A5sGOT/mukuU+4At1vkSIWAN8tPwPCoYZBp7aruR540=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2/go.mod h1:qutL00aW8GSo2D0I6UEOqMvRS3ZyuBrOC1BLe5D2jPc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=

From 309ac56d70668e0e7760de2395d8f8f1dfb43832 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 6 Feb 2024 10:31:09 +0100
Subject: [PATCH 1954/2268] chore: Upgrade go-jinja2 (#970)

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 7d2404377..b5dc2f4be 100644
--- a/go.mod
+++ b/go.mod
@@ -17,8 +17,8 @@ require (
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537
+	github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1
+	github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index ddb146d5c..443f74583 100644
--- a/go.sum
+++ b/go.sum
@@ -442,10 +442,10 @@ github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6K
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
 github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1 h1:L+ZH/eN5gE7eh3BTye/Z8td8YjbhEs6hzybVByz2twQ=
-github.com/kluctl/go-embed-python v0.0.0-3.11.6-20231002-1/go.mod h1:2/V+QZL7VyhTXtKHorARyA7UYOizVV37M8kkXMEk+Kg=
-github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537 h1:oG9FYqprfbAI9kQtec4D0gPwJqLJlS+euknEVz25gp0=
-github.com/kluctl/go-jinja2 v0.0.0-20240108142937-8839259d2537/go.mod h1:7FmUmt2zgHJfJE82ZNY/AHNGsGdyHBaF3OA12r4Zj+8=
+github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1 h1:FRjmtgCHeK4IcZTOosx5tJ8LZ4VDMzFaaXBylsMRAGQ=
+github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1/go.mod h1:nhLUuBr5jJ6TMy4RlZn0wEtGC/RuTfERNVHyP1t0joI=
+github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236 h1:qHDKDrp92XNv1crPOMol5fZ3t1RzmuS452Ku7Hj3X0A=
+github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236/go.mod h1:tf65M11BQMkV4k2ukb8dkxCho7VuG86LcJdzE8kuR3U=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From 15608d9c5ca4724c7150b41a2310cae1986026e3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 6 Feb 2024 10:34:27 +0100
Subject: [PATCH 1955/2268] docs: Point to 3.1.x docs for Jinja2 (#971)

* docs: Point to 3.1.x docs for Jinja2

* docs: Fix link to tutorials and add link to recipes
---
 docs/gitops/README.md                     | 2 +-
 docs/kluctl/deployments/deployment-yml.md | 2 +-
 docs/kluctl/get-started.md                | 4 ++--
 docs/kluctl/templating/README.md          | 8 ++++----
 docs/kluctl/templating/filters.md         | 2 +-
 docs/kluctl/templating/functions.md       | 2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index ffcb31c4d..70140205f 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -74,7 +74,7 @@ The API design of the controller can be found at [kluctldeployment.gitops.kluctl
 ## Example
 
 After installing the Kluctl Controller, we can create a `KluctlDeployment` that automatically deploys the
-[Microservices Demo](https://kluctl.io/docs/guides/tutorials/microservices-demo/3-templating-and-multi-env/).
+[Microservices Demo](https://kluctl.io/docs/tutorials/microservices-demo/3-templating-and-multi-env/).
 
 Create a KluctlDeployment that uses the demo project source to deploy the `test` target to the same cluster that the
 controller runs on.
diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index 411c42e78..3df56801a 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -311,7 +311,7 @@ arguments into [Kluctl Library Projects](../kluctl-libraries/README.md).
 
 ### when
 Each deployment item can be conditional with the help of the `when` field. It must be set to a
-[Jinja2 based expression](https://jinja.palletsprojects.com/en/latest/templates/#expressions)
+[Jinja2 based expression](https://jinja.palletsprojects.com/en/3.1.x/templates/#expressions)
 that evaluates to a boolean.
 
 Example:
diff --git a/docs/kluctl/get-started.md b/docs/kluctl/get-started.md
index 10532b75f..4a55f0464 100644
--- a/docs/kluctl/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -127,5 +127,5 @@ You should need 2 instances of the nginx POD running now.
 
 ## Where to continue?
 
-Continue by reading through the [tutorials](https://kluctl.io/docs/guides/tutorials/) and by consulting
-the [reference documentation](./README.md).
+Continue by reading through the [recipes](https://kluctl.io/docs/recipes/) and [tutorials](https://kluctl.io/docs/tutorials/).
+Also, consult the [reference documentation](./README.md) for details about specifics.
diff --git a/docs/kluctl/templating/README.md b/docs/kluctl/templating/README.md
index 4d914599c..27f9e193f 100644
--- a/docs/kluctl/templating/README.md
+++ b/docs/kluctl/templating/README.md
@@ -23,7 +23,7 @@ actually interpreting it. Only files that are explicitly excluded via [.template
 are not rendered via Jinja2.
 
 Generally, everything that is possible with Jinja2 is possible in kluctl configuration/resources. Please
-read into the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.0.x/templates/) to understand what exactly
+read into the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/templates/) to understand what exactly
 is possible and how to use it.
 
 ## .templateignore
@@ -33,8 +33,8 @@ a `.templateignore` beside the excluded files or into a parent folder of it. The
 file is the same as you would use in a `.gitignore` file.
 
 ## Includes and imports
-Standard Jinja2 [includes](https://jinja.palletsprojects.com/en/2.11.x/templates/#include) and
-[imports](https://jinja.palletsprojects.com/en/2.11.x/templates/#import) can be used in all templates.
+Standard Jinja2 [includes](https://jinja.palletsprojects.com/en/3.1.x/templates/#include) and
+[imports](https://jinja.palletsprojects.com/en/3.1.x/templates/#import) can be used in all templates.
 
 The path given to include/import is searched in the directory of the root template and all it's parent directories up
 until the project root. Please note that the search path is not altered in included templates, meaning that it will
@@ -45,7 +45,7 @@ the path with `./`, e.g. use `{% include "./my-relative-file.j2" %}"`.
 
 ## Macros
 
-[Jinja2 macros](https://jinja.palletsprojects.com/en/2.11.x/templates/#macros) are fully supported. When writing
+[Jinja2 macros](https://jinja.palletsprojects.com/en/3.1.x/templates/#macros) are fully supported. When writing
 macros that produce yaml resources, you must use the `---` yaml separator in case you want to produce multiple resources
 in one go.
 
diff --git a/docs/kluctl/templating/filters.md b/docs/kluctl/templating/filters.md
index b0050eeab..6c3b46314 100644
--- a/docs/kluctl/templating/filters.md
+++ b/docs/kluctl/templating/filters.md
@@ -11,7 +11,7 @@ description: >
 
 # Filters
 
-In addition to the [builtin Jinja2 filters](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-builtin-filters),
+In addition to the [builtin Jinja2 filters](https://jinja.palletsprojects.com/en/3.1.x/templates/#list-of-builtin-filters),
 kluctl provides a few additional filters:
 
 ### b64encode
diff --git a/docs/kluctl/templating/functions.md b/docs/kluctl/templating/functions.md
index 0ce224c56..13c033956 100644
--- a/docs/kluctl/templating/functions.md
+++ b/docs/kluctl/templating/functions.md
@@ -12,7 +12,7 @@ description: >
 # Functions
 
 In addition to the provided
-[builtin global functions](https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-global-functions),
+[builtin global functions](https://jinja.palletsprojects.com/en/3.1.x/templates/#list-of-global-functions),
 kluctl also provides a few global functions:
 
 ### load_template(file)

From d54443625c5bcc5a8904f21d0098d0d6745b4c62 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 6 Feb 2024 12:18:55 +0100
Subject: [PATCH 1956/2268] build: Preparing release v2.23.4

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index e2edf3e63..9967c6974 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.3
+        tag: v2.23.4
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index fb960785c..d7c800bbb 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.3
+        tag: v2.23.4
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 1882a2bc9..ac7a2a6ad 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.3
+        tag: v2.23.4
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.3
+            kluctl_version: v2.23.4
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.3
+        tag: v2.23.4
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 8ff045eef..8f7840743 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.3
+         tag: v2.23.4
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 28e94af3d..4e2537c84 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.3
+    default: v2.23.4
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index fc6f2c18c..ee767bce3 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.3") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.4") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index c640a3be5..cd387dc8f 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.3
+    default: v2.23.4
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 24e139299..443441684 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.3") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.4") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From ef3d5b414f2035774262381324014611f426f3eb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 09:24:35 +0100
Subject: [PATCH 1957/2268] fix: Ignore delete hooks on validation

---
 pkg/deployment/commands/validate.go | 12 +++++++++---
 pkg/deployment/utils/hooks_util.go  | 12 ++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 96942489d..90fa0270b 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -98,9 +98,15 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 		au := ad.NewApplyUtil(ctx, nil)
 		h := utils2.NewHooksUtil(au)
-		hook := h.GetHook(o)
-		if hook != nil && !hook.IsPersistent() {
-			continue
+		if hook := h.GetHook(o); hook != nil {
+			if !hook.IsPersistent() {
+				// the hook is not expected to exist after deployment
+				continue
+			}
+			if hook.IsOnlyDelete() {
+				// the hook is not expected to be executed
+				continue
+			}
 		}
 
 		ref := o.GetK8sRef()
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 414d3b7f4..b61cde48b 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -268,3 +268,15 @@ func (h *hook) IsPersistent() bool {
 	}
 	return true
 }
+
+func (h *hook) IsOnlyDelete() bool {
+	found := false
+	for x := range h.hooks {
+		if x == "pre-delete" || x == "post-delete" {
+			found = true
+		} else {
+			return false
+		}
+	}
+	return found
+}

From 6d91f1f445d7fa668571bc79e8845b196318002e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 09:27:17 +0100
Subject: [PATCH 1958/2268] fix: always use the target context for validation

---
 cmd/kluctl/commands/cmd_validate.go           |  2 +-
 pkg/controllers/kluctl_project.go             |  4 +-
 .../kluctldeployment_controller_reconcile.go  |  4 +-
 pkg/deployment/commands/validate.go           | 45 +++++--------------
 4 files changed, 15 insertions(+), 40 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 7d0930a0a..6bd61e384 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -44,7 +44,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 	}
 
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		cmd2 := commands.NewValidateCommand("", cmdCtx.targetCtx, nil)
+		cmd2 := commands.NewValidateCommand("", cmdCtx.targetCtx)
 		return cmd.doValidate(cmdCtx, cmd2)
 	})
 }
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 6821ef296..d60cf10c4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -833,11 +833,11 @@ func (pt *preparedTarget) kluctlDiff(targetContext *target_context.TargetContext
 	return cmdResult
 }
 
-func (pt *preparedTarget) kluctlValidate(targetContext *target_context.TargetContext, cmdResult *result.CommandResult) *result.ValidateResult {
+func (pt *preparedTarget) kluctlValidate(targetContext *target_context.TargetContext) *result.ValidateResult {
 	timer := prometheus.NewTimer(internal_metrics.NewKluctlValidateDuration(pt.pp.obj.ObjectMeta.Namespace, pt.pp.obj.ObjectMeta.Name))
 	defer timer.ObserveDuration()
 
-	cmd := commands.NewValidateCommand(targetContext.Target.Discriminator, targetContext, cmdResult)
+	cmd := commands.NewValidateCommand(targetContext.Target.Discriminator, targetContext)
 
 	validateResult := cmd.Run(targetContext.SharedContext.Ctx)
 	return validateResult
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index d86421865..25802d0b6 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -353,7 +353,7 @@ func (r *KluctlDeploymentReconciler) reconcileValidateRequest(ctx context.Contex
 		"validate", kluctlv1.KluctlRequestValidateAnnotation,
 		getResultPtr, false,
 		func(rr *kluctlv1.ManualRequestResult, targetContext *target_context.TargetContext, pt *preparedTarget, reconcileID string, objectsHash string) (any, string, error) {
-			cmdResult := pt.kluctlValidate(targetContext, nil)
+			cmdResult := pt.kluctlValidate(targetContext)
 			err := pt.writeValidateResult(ctx, cmdResult, rr, reconcileId, objectsHash)
 			if err != nil {
 				log.Error(err, "Failed to write validate result")
@@ -484,7 +484,7 @@ func (r *KluctlDeploymentReconciler) reconcileFullRequest2(rr *kluctlv1.ManualRe
 		if err != nil {
 			return nil, kluctlv1.ValidateFailedReason, err
 		}
-		validateResult := pt.kluctlValidate(targetContext, deployResult)
+		validateResult := pt.kluctlValidate(targetContext)
 		err = pt.writeValidateResult(ctx, validateResult, rr, reconcileId, objectsHash)
 		if err != nil {
 			log.Error(err, "Failed to write deploy result")
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 90fa0270b..7cbc08ffc 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -9,22 +9,19 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	"time"
 )
 
 type ValidateCommand struct {
 	targetCtx     *target_context.TargetContext
-	r             *result.CommandResult
 	discriminator string
 
 	dew *utils2.DeploymentErrorsAndWarnings
 	ru  *utils2.RemoteObjectUtils
 }
 
-func NewValidateCommand(discriminator string, targetCtx *target_context.TargetContext, r *result.CommandResult) *ValidateCommand {
+func NewValidateCommand(discriminator string, targetCtx *target_context.TargetContext) *ValidateCommand {
 	cmd := &ValidateCommand{
 		targetCtx:     targetCtx,
-		r:             r,
 		discriminator: discriminator,
 		dew:           utils2.NewDeploymentErrorsAndWarnings(),
 	}
@@ -33,10 +30,7 @@ func NewValidateCommand(discriminator string, targetCtx *target_context.TargetCo
 }
 
 func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
-	startTime := time.Now()
-	if cmd.r == nil {
-		startTime = cmd.targetCtx.KluctlProject.LoadTime
-	}
+	startTime := cmd.targetCtx.KluctlProject.LoadTime
 
 	cmd.dew.Init()
 
@@ -49,37 +43,18 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 
 	var refs []k8s2.ObjectRef
 	var renderedObjects []*uo.UnstructuredObject
-	appliedObjects := map[k8s2.ObjectRef]*uo.UnstructuredObject{}
 	discriminator := cmd.discriminator
 
-	if cmd.r != nil {
-		for _, o := range cmd.r.Objects {
-			refs = append(refs, o.Ref)
-			if o.Hook {
-				continue
-			}
-			if o.Rendered != nil {
-				renderedObjects = append(renderedObjects, o.Rendered)
-			}
-			if o.Applied != nil {
-				appliedObjects[o.Ref] = o.Applied
-			}
-		}
-		if discriminator == "" {
-			discriminator = cmd.r.TargetKey.Discriminator
-		}
-	} else {
-		for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
-			for _, o := range d.Objects {
-				ref := o.GetK8sRef()
-				refs = append(refs, ref)
-				renderedObjects = append(renderedObjects, o)
-			}
-		}
-		if discriminator == "" {
-			discriminator = cmd.targetCtx.Target.Discriminator
+	for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
+		for _, o := range d.Objects {
+			ref := o.GetK8sRef()
+			refs = append(refs, ref)
+			renderedObjects = append(renderedObjects, o)
 		}
 	}
+	if discriminator == "" {
+		discriminator = cmd.targetCtx.Target.Discriminator
+	}
 
 	err := cmd.ru.UpdateRemoteObjects(cmd.targetCtx.SharedContext.K, &discriminator, refs, true)
 	if err != nil {

From d049e7922bd9675979191d31be861d718a2389c7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 10:42:50 +0100
Subject: [PATCH 1959/2268] tests: Test that delete hooks are properly ignored
 when validating

---
 e2e/hooks_test.go    | 54 ++++++++++++++++++++++++++++++++++++--------
 e2e/utils.go         | 18 +++++++++------
 e2e/validate_test.go | 52 ++++++++++++++++++++++++++++++++++++++----
 3 files changed, 103 insertions(+), 21 deletions(-)

diff --git a/e2e/hooks_test.go b/e2e/hooks_test.go
index 7a4b16116..50abf60c9 100644
--- a/e2e/hooks_test.go
+++ b/e2e/hooks_test.go
@@ -102,13 +102,13 @@ func (s *hooksTestContext) addConfigMap(dir string, opts resourceOpts) {
 	})
 }
 
-func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string) *hooksTestContext {
+func prepareHookTestProject(t *testing.T, hook string, hookDeletionPolicy string, isHelm bool) *hooksTestContext {
 	s := prepareHookTestProjectBase(t)
 
 	s.p.AddKustomizeDeployment("hook", nil, nil)
 
 	s.addConfigMap("hook", resourceOpts{name: "cm1", namespace: s.p.TestSlug()})
-	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, false, hook, hookDeletionPolicy)
+	s.addHookConfigMap("hook", resourceOpts{name: "hook1", namespace: s.p.TestSlug()}, isHelm, hook, hookDeletionPolicy)
 
 	return s
 }
@@ -161,21 +161,21 @@ func (s *hooksTestContext) ensureHookExecuted2(t *testing.T, timeout time.Durati
 
 func TestHooksPreDeployInitial(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "pre-deploy-initial", "")
+	s := prepareHookTestProject(t, "pre-deploy-initial", "", false)
 	s.ensureHookExecuted(t, "hook1", "cm1")
 	s.ensureHookExecuted(t, "cm1")
 }
 
 func TestHooksPostDeployInitial(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "post-deploy-initial", "")
+	s := prepareHookTestProject(t, "post-deploy-initial", "", false)
 	s.ensureHookExecuted(t, "cm1", "hook1")
 	s.ensureHookExecuted(t, "cm1")
 }
 
 func TestHooksPreDeployUpgrade(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "pre-deploy-upgrade", "")
+	s := prepareHookTestProject(t, "pre-deploy-upgrade", "", false)
 	s.ensureHookExecuted(t, "cm1")
 	s.ensureHookExecuted(t, "hook1", "cm1")
 	s.ensureHookExecuted(t, "hook1", "cm1")
@@ -183,26 +183,26 @@ func TestHooksPreDeployUpgrade(t *testing.T) {
 
 func TestHooksPostDeployUpgrade(t *testing.T) {
 	t.Parallel()
-	s := prepareHookTestProject(t, "post-deploy-upgrade", "")
+	s := prepareHookTestProject(t, "post-deploy-upgrade", "", false)
 	s.ensureHookExecuted(t, "cm1")
 	s.ensureHookExecuted(t, "cm1", "hook1")
 	s.ensureHookExecuted(t, "cm1", "hook1")
 }
 
 func doTestHooksPreDeploy(t *testing.T, hooks string) {
-	s := prepareHookTestProject(t, hooks, "")
+	s := prepareHookTestProject(t, hooks, "", false)
 	s.ensureHookExecuted(t, "hook1", "cm1")
 	s.ensureHookExecuted(t, "hook1", "cm1")
 }
 
 func doTestHooksPostDeploy(t *testing.T, hooks string) {
-	s := prepareHookTestProject(t, hooks, "")
+	s := prepareHookTestProject(t, hooks, "", false)
 	s.ensureHookExecuted(t, "cm1", "hook1")
 	s.ensureHookExecuted(t, "cm1", "hook1")
 }
 
 func doTestHooksPrePostDeploy(t *testing.T, hooks string) {
-	s := prepareHookTestProject(t, hooks, "")
+	s := prepareHookTestProject(t, hooks, "", false)
 	s.ensureHookExecuted(t, "hook1", "cm1", "hook1")
 	s.ensureHookExecuted(t, "hook1", "cm1", "hook1")
 }
@@ -239,6 +239,42 @@ func TestHooksPrePostDeploy2(t *testing.T) {
 	doTestHooksPrePostDeploy(t, "pre-deploy-initial,pre-deploy-upgrade,post-deploy-initial,post-deploy-upgrade")
 }
 
+func TestHooksPreDelete(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "pre-delete", "", true)
+	s.ensureHookExecuted(t, "cm1") // none is executed actually
+}
+
+func TestHooksPostDelete(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-delete", "", true)
+	s.ensureHookExecuted(t, "cm1") // none is executed actually
+}
+
+func TestHooksDeleteAndDeploy(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-delete,post-install", "", true)
+	s.ensureHookExecuted(t, "cm1", "hook1")
+}
+
+func TestHooksPreRollback(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "pre-rollback", "", true)
+	s.ensureHookExecuted(t, "cm1") // none is executed actually
+}
+
+func TestHooksPostRollback(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-rollback", "", true)
+	s.ensureHookExecuted(t, "cm1") // none is executed actually
+}
+
+func TestHooksRollbackAndDeploy(t *testing.T) {
+	t.Parallel()
+	s := prepareHookTestProject(t, "post-rollback,post-install", "", true)
+	s.ensureHookExecuted(t, "cm1", "hook1")
+}
+
 func TestHooksWait(t *testing.T) {
 	t.Parallel()
 
diff --git a/e2e/utils.go b/e2e/utils.go
index 502a0d7db..3a6056dfd 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -44,17 +44,13 @@ func getHeadRevision(t *testing.T, p *test_project.TestProject) string {
 func assertObjectExists(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVersionResource, namespace string, name string) *uo.UnstructuredObject {
 	x, err := k.Get(gvr, namespace, name)
 	if err != nil {
-		t.Fatalf("unexpected error '%v' while getting ConfigMap %s/%s", err, namespace, name)
+		t.Fatalf("unexpected error '%v' while getting %s %s/%s", err, gvr.GroupResource().String(), namespace, name)
 	}
 	return x
 }
 
-func assertConfigMapExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
-	return assertObjectExists(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
-}
-
-func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) {
-	_, err := k.Get(v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+func assertObjectNotExists(t *testing.T, k *test_utils.EnvTestCluster, gvr schema.GroupVersionResource, namespace string, name string) {
+	_, err := k.Get(gvr, namespace, name)
 	if err == nil {
 		t.Fatalf("expected %s/%s to not exist", namespace, name)
 	}
@@ -63,6 +59,14 @@ func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namesp
 	}
 }
 
+func assertConfigMapExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
+	return assertObjectExists(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+}
+
+func assertConfigMapNotExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) {
+	assertObjectNotExists(t, k, v1.SchemeGroupVersion.WithResource("configmaps"), namespace, name)
+}
+
 func assertSecretExists(t *testing.T, k *test_utils.EnvTestCluster, namespace string, name string) *uo.UnstructuredObject {
 	x, err := k.Get(v1.SchemeGroupVersion.WithResource("secrets"), namespace, name)
 	if err != nil {
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 644ac5bab..b8c432b80 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -14,7 +14,7 @@ import (
 	"testing"
 )
 
-func buildDeployment(name string, namespace string, ready bool) *uo.UnstructuredObject {
+func buildDeployment(name string, namespace string, ready bool, annotations map[string]string) *uo.UnstructuredObject {
 	deployment := uo.FromStringMust(fmt.Sprintf(`
 apiVersion: apps/v1
 kind: Deployment
@@ -39,6 +39,9 @@ spec:
         ports:
         - containerPort: 80
 `, name, namespace))
+	if annotations != nil {
+		deployment.SetK8sAnnotations(annotations)
+	}
 	if ready {
 		deployment.Merge(uo.FromStringMust(`
 status:
@@ -64,7 +67,7 @@ status:
 	return deployment
 }
 
-func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_project.TestProject {
+func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster, annotations map[string]string) *test_project.TestProject {
 	p := test_project.NewTestProject(t)
 
 	createNamespace(t, k, p.TestSlug())
@@ -72,7 +75,7 @@ func prepareValidateTest(t *testing.T, k *test_utils.EnvTestCluster) *test_proje
 	p.UpdateTarget("test", nil)
 
 	p.AddKustomizeDeployment("d1", []test_project.KustomizeResource{
-		{Name: fmt.Sprintf("configmap-%s.yml", "d1"), Content: buildDeployment("d1", p.TestSlug(), false)},
+		{Name: "d1.yml", Content: buildDeployment("d1", p.TestSlug(), false, annotations)},
 	}, nil)
 
 	return p
@@ -101,14 +104,14 @@ func TestValidate(t *testing.T) {
 
 	k := defaultCluster1
 
-	p := prepareValidateTest(t, k)
+	p := prepareValidateTest(t, k, nil)
 
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
 
 	assertValidate(t, p, false)
 
-	readyDeployment := buildDeployment("d1", p.TestSlug(), true)
+	readyDeployment := buildDeployment("d1", p.TestSlug(), true, nil)
 
 	_, err := k.DynamicClient.Resource(appsv1.SchemeGroupVersion.WithResource("deployments")).Namespace(p.TestSlug()).
 		Patch(context.Background(), "d1", types.ApplyPatchType, []byte(yaml.WriteJsonStringMust(readyDeployment)), metav1.PatchOptions{
@@ -118,3 +121,42 @@ func TestValidate(t *testing.T) {
 
 	assertValidate(t, p, true)
 }
+
+func TestValidateSkipHooks(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k, map[string]string{
+		"kluctl.io/hook":      "post-deploy",
+		"kluctl.io/hook-wait": "false",
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertObjectExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	assertValidate(t, p, false)
+
+	p.UpdateYaml("d1/d1.yml", func(o *uo.UnstructuredObject) error {
+		o.SetK8sAnnotation("kluctl.io/hook-delete-policy", "hook-succeeded")
+		return nil
+	}, "")
+
+	assertValidate(t, p, true)
+}
+
+func TestValidateSkipDeleteHooks(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k, map[string]string{
+		"helm.sh/hook":        "post-delete",
+		"kluctl.io/hook-wait": "false",
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertObjectNotExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	assertValidate(t, p, true)
+}

From a5a217ec5cb06503a591caba72582db5c178eaac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 10:44:32 +0100
Subject: [PATCH 1960/2268] refactor: reorder helmCompatibility calls to match
 the helm docs

---
 pkg/deployment/utils/hooks_util.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index b61cde48b..4a0e0a034 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -182,11 +182,11 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 	}
 
 	helmCompatibility("pre-install", "pre-deploy-initial")
-	helmCompatibility("pre-upgrade", "pre-deploy-upgrade")
 	helmCompatibility("post-install", "post-deploy-initial")
-	helmCompatibility("post-upgrade", "post-deploy-upgrade")
 	helmCompatibility("pre-delete", "pre-delete")
 	helmCompatibility("post-delete", "post-delete")
+	helmCompatibility("pre-upgrade", "pre-deploy-upgrade")
+	helmCompatibility("post-upgrade", "post-deploy-upgrade")
 
 	weightStr := o.GetK8sAnnotation("kluctl.io/hook-weight")
 	if weightStr == nil {

From a9326e27a012a9b7466adca30c895a1751f688f8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 10:52:17 +0100
Subject: [PATCH 1961/2268] fix: Warn about delete/rollback hooks not being
 supported

---
 pkg/deployment/utils/hooks_util.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 4a0e0a034..d120bf612 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -24,12 +24,11 @@ var supportedKluctlDeletePolicies = []string{
 	"hook-failed",
 }
 
-// delete/rollback hooks are actually not supported, but we won't show warnings about that to not spam the user
 var supportedHelmHooks = []string{
 	"pre-install", "post-install",
 	"pre-upgrade", "post-upgrade",
-	"pre-delete", "post-delete",
-	"pre-rollback", "post-rollback",
+	//"pre-delete", "post-delete", TODO re-add this when we actually support delete
+	//"pre-rollback", "post-rollback", TODO re-add this when we actually support rollback
 }
 
 type HooksUtil struct {

From 45ace5c8cd69dcdd5791f8863a49d709be5c24c0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 10:53:01 +0100
Subject: [PATCH 1962/2268] fix: Do not execute rollback hooks

---
 pkg/deployment/utils/hooks_util.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index d120bf612..43019b9ab 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -182,10 +182,12 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 
 	helmCompatibility("pre-install", "pre-deploy-initial")
 	helmCompatibility("post-install", "post-deploy-initial")
-	helmCompatibility("pre-delete", "pre-delete")
-	helmCompatibility("post-delete", "post-delete")
+	helmCompatibility("pre-delete", "pre-delete")   // actually not implemented, so it will be ignored
+	helmCompatibility("post-delete", "post-delete") // actually not implemented, so it will be ignored
 	helmCompatibility("pre-upgrade", "pre-deploy-upgrade")
 	helmCompatibility("post-upgrade", "post-deploy-upgrade")
+	helmCompatibility("pre-rollback", "pre-rollback")   // actually not implemented, so it will be ignored
+	helmCompatibility("post-rollback", "post-rollback") // actually not implemented, so it will be ignored
 
 	weightStr := o.GetK8sAnnotation("kluctl.io/hook-weight")
 	if weightStr == nil {

From 4ea1e4989468b3c5a0dd1dd556970922f736f84f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 14 Feb 2024 10:57:50 +0100
Subject: [PATCH 1963/2268] fix: Ignore rollback hooks when validating

---
 e2e/validate_test.go                | 16 ++++++++++++++++
 pkg/deployment/commands/validate.go |  2 +-
 pkg/deployment/utils/hooks_util.go  | 12 ++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index b8c432b80..491c51047 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -160,3 +160,19 @@ func TestValidateSkipDeleteHooks(t *testing.T) {
 
 	assertValidate(t, p, true)
 }
+
+func TestValidateSkipRollbackHooks(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := prepareValidateTest(t, k, map[string]string{
+		"helm.sh/hook":        "post-rollback",
+		"kluctl.io/hook-wait": "false",
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertObjectNotExists(t, k, appsv1.SchemeGroupVersion.WithResource("deployments"), p.TestSlug(), "d1")
+
+	assertValidate(t, p, true)
+}
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 7cbc08ffc..ba0f77b75 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -78,7 +78,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 				// the hook is not expected to exist after deployment
 				continue
 			}
-			if hook.IsOnlyDelete() {
+			if hook.IsOnlyDelete() || hook.IsOnlyRollback() {
 				// the hook is not expected to be executed
 				continue
 			}
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 43019b9ab..80aa8aec8 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -281,3 +281,15 @@ func (h *hook) IsOnlyDelete() bool {
 	}
 	return found
 }
+
+func (h *hook) IsOnlyRollback() bool {
+	found := false
+	for x := range h.hooks {
+		if x == "pre-rollback" || x == "post-rollback" {
+			found = true
+		} else {
+			return false
+		}
+	}
+	return found
+}

From 8af2b3acd36d63ed16387f11b1b1b28b5c2cdcca Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 19 Feb 2024 10:24:50 +0100
Subject: [PATCH 1964/2268] fix: Fix crash in GetFirstObject that happens if a
 nil list is encountered (#982)

---
 pkg/utils/uo/jsonpath.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 9b92e8819..26d95bed5 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -129,6 +129,10 @@ func (j *MyJsonPath) GetFirstListOfObjects(o *UnstructuredObject) ([]*Unstructur
 	if !found {
 		return nil, false, nil
 	}
+	if x == nil {
+		// nil is a valid list of zero elements, so treat it as 'found'
+		return nil, true, nil
+	}
 	v := reflect.ValueOf(x)
 	if v.Type().Kind() != reflect.Slice {
 		return nil, false, fmt.Errorf("child is not a list")

From 3d23833c1ff1ef96b4d1ae22f9a272964d2dbee1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 09:24:41 +0100
Subject: [PATCH 1965/2268] docs: Use targetPath on the correct level in
 examples

---
 docs/kluctl/templating/variable-sources.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index b729cd99b..2f3b0d4b1 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -311,7 +311,7 @@ vars:
       name: my-vars
       namespace: my-namespace
       key: value
-      targetPath: deep.nested.path
+    targetPath: deep.nested.path
 ```
 
 ### clusterSecret
@@ -354,7 +354,7 @@ vars:
       name: my-object
       namespace: my-namespace
       path: status
-      targetPath: my.custom.object.status
+    targetPath: my.custom.object.status
 ```
 
 The following properties are supported for clusterObject sources:

From e84a35114428fb8f105761a2b8d01965243e8fea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 09:24:57 +0100
Subject: [PATCH 1966/2268] docs: Add missing gitops diff command docs

---
 docs/kluctl/commands/gitops-diff.md | 145 ++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 docs/kluctl/commands/gitops-diff.md

diff --git a/docs/kluctl/commands/gitops-diff.md b/docs/kluctl/commands/gitops-diff.md
new file mode 100644
index 000000000..feb18fb2e
--- /dev/null
+++ b/docs/kluctl/commands/gitops-diff.md
@@ -0,0 +1,145 @@
+<!-- This comment is uncommented when auto-synced to www-kluctl.io
+
+---
+title: "gitops diff"
+linkTitle: "gitops diff"
+weight: 10
+description: >
+    webui command
+---
+-->
+
+## Command
+<!-- BEGIN SECTION "gitops diff" "Usage" false -->
+Usage: kluctl gitops diff [flags]
+
+Trigger a GitOps diff
+This command will trigger an existing KluctlDeployment to perform a reconciliation loop with a forced diff.
+It does this by setting the annotation 'kluctl.io/request-diff' to the current time.
+
+You can override many deployment relevant fields, see the list of command flags for details.
+
+<!-- END SECTION -->
+
+## Arguments
+
+The following arguments are available:
+<!-- BEGIN SECTION "gitops diff" "GitOps arguments" true -->
+```
+GitOps arguments:
+  Specify gitops flags.
+
+      --context string                   Override the context to use.
+      --controller-namespace string      The namespace where the controller runs in. (default "kluctl-system")
+      --kubeconfig existingfile          Overrides the kubeconfig to use.
+  -l, --label-selector string            If specified, KluctlDeployments are searched and filtered by this label
+                                         selector.
+      --local-source-override-port int   Specifies the local port to which the source-override client should
+                                         connect to when running the controller locally.
+      --name string                      Specifies the name of the KluctlDeployment.
+  -n, --namespace string                 Specifies the namespace of the KluctlDeployment. If omitted, the current
+                                         namespace from your kubeconfig is used.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops diff" "Misc arguments" true -->
+```
+Misc arguments:
+  Command specific arguments.
+
+      --no-obfuscate                Disable obfuscation of sensitive/secret data
+  -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
+                                    either be 'text' or 'yaml'. Can be specified multiple times. The actual format
+                                    for yaml is currently not documented and subject to change.
+      --short-output                When using the 'text' output format (which is the default), only names of
+                                    changes objects are shown instead of showing all changes.
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops diff" "Command Results" true -->
+```
+Command Results:
+  Configure how command results are stored.
+
+      --command-result-namespace string   Override the namespace to be used when writing command results. (default
+                                          "kluctl-results")
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops diff" "Log arguments" true -->
+```
+Log arguments:
+  Configure logging.
+
+      --log-grouping-time duration   Logs are by default grouped by time passed, meaning that they are printed in
+                                     batches to make reading them easier. This argument allows to modify the
+                                     grouping time. (default 1s)
+      --log-since duration           Show logs since this time. (default 1m0s)
+      --log-time                     If enabled, adds timestamps to log lines
+
+```
+<!-- END SECTION -->
+<!-- BEGIN SECTION "gitops diff" "GitOps overrides" true -->
+```
+GitOps overrides:
+  Override settings for GitOps deployments.
+
+      --abort-on-error                         Abort deploying when an error occurs instead of trying the
+                                               remaining deployments
+  -a, --arg stringArray                        Passes a template argument in the form of name=value. Nested args
+                                               can be set with the '-a my.nested.arg=value' syntax. Values are
+                                               interpreted as yaml values, meaning that 'true' and 'false' will
+                                               lead to boolean values and numbers will be treated as numbers. Use
+                                               quotes if you want these to be treated as strings. If the value
+                                               starts with @, it is treated as a file, meaning that the contents
+                                               of the file will be loaded and treated as yaml.
+      --args-from-file stringArray             Loads a yaml file and makes it available as arguments, meaning that
+                                               they will be available thought the global 'args' variable.
+      --dry-run                                Performs all kubernetes API calls in dry-run mode.
+      --exclude-deployment-dir stringArray     Exclude deployment dir. The path must be relative to the root
+                                               deployment project. Exclusion has precedence over inclusion, same
+                                               as in --exclude-tag
+  -E, --exclude-tag stringArray                Exclude deployments with given tag. Exclusion has precedence over
+                                               inclusion, meaning that explicitly excluded deployments will always
+                                               be excluded even if an inclusion rule would match the same deployment.
+  -F, --fixed-image stringArray                Pin an image to a given version. Expects
+                                               '--fixed-image=image<:namespace:deployment:container>=result'
+      --fixed-images-file existingfile         Use .yaml file to pin image versions. See output of list-images
+                                               sub-command or read the documentation for details about the output
+                                               format
+      --force-apply                            Force conflict resolution when applying. See documentation for details
+      --force-replace-on-error                 Same as --replace-on-error, but also try to delete and re-create
+                                               objects. See documentation for more details.
+      --include-deployment-dir stringArray     Include deployment dir. The path must be relative to the root
+                                               deployment project.
+  -I, --include-tag stringArray                Include deployments with given tag.
+      --local-git-group-override stringArray   Same as --local-git-override, but for a whole group prefix instead
+                                               of a single repository. All repositories that have the given prefix
+                                               will be overridden with the given local path and the repository
+                                               suffix appended. For example,
+                                               'gitlab.com/some-org/sub-org=/local/path/to/my-forks' will override
+                                               all repositories below 'gitlab.com/some-org/sub-org/' with the
+                                               repositories found in '/local/path/to/my-forks'. It will however
+                                               only perform an override if the given repository actually exists
+                                               locally and otherwise revert to the actual (non-overridden) repository.
+      --local-git-override stringArray         Specify a single repository local git override in the form of
+                                               'github.com/my-org/my-repo=/local/path/to/override'. This will
+                                               cause kluctl to not use git to clone for the specified repository
+                                               but instead use the local directory. This is useful in case you
+                                               need to test out changes in external git repositories without
+                                               pushing them.
+      --local-oci-group-override stringArray   Same as --local-git-group-override, but for OCI repositories.
+      --local-oci-override stringArray         Same as --local-git-override, but for OCI repositories.
+      --replace-on-error                       When patching an object fails, try to replace it. See documentation
+                                               for more details.
+  -t, --target string                          Target name to run command for. Target must exist in .kluctl.yaml.
+      --target-context string                  Overrides the context name specified in the target. If the selected
+                                               target does not specify a context or the no-name target is used,
+                                               --context will override the currently active context.
+  -T, --target-name-override string            Overrides the target name. If -t is used at the same time, then the
+                                               target will be looked up based on -t <name> and then renamed to the
+                                               value of -T. If no target is specified via -t, then the no-name
+                                               target is renamed to the value of -T.
+
+```
+<!-- END SECTION -->
\ No newline at end of file

From a251a4e2578bcc757223873bda85474d032b0c79 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 10:09:23 +0100
Subject: [PATCH 1967/2268] fix: Also try LIST on namespaces when GET on
 kube-system fails

---
 e2e/remote_objects_permission_test.go | 68 +++++++++++++++++++++++++++
 pkg/k8s/utils.go                      | 29 ++++++++++--
 2 files changed, 94 insertions(+), 3 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 0ea7acdf6..1287a0deb 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -60,3 +60,71 @@ roleRef:
 	assert.Error(t, err)
 	assert.Contains(t, stdout, "at least one permission error was encountered while gathering objects by discriminator labels")
 }
+
+func TestNoGetKubeSystemPermissions(t *testing.T) {
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	username := p.TestSlug()
+	au, err := k.AddUser(envtest.User{Name: username}, nil)
+	assert.NoError(t, err)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+
+	rbac := fmt.Sprintf(`
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: %s
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    # only list allowed, get is forbidden. it should still be able to get the cluster ID
+    verbs: ["list"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "update", "patch", "get", "list", "watch"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["*"]
+    verbs: ["create", "update",  "patch", "get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: %s
+subjects:
+  - kind: User
+    name: %s
+roleRef:
+  kind: ClusterRole
+  name: %s
+  apiGroup: rbac.authorization.k8s.io
+`, username, username, username, username)
+	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
+		{Name: "rbac.yaml", Content: rbac},
+	}, nil)
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+
+	kc, err := au.KubeConfig()
+	assert.NoError(t, err)
+
+	setKubeconfigString(t, kc)
+
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--write-command-result=false")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+}
diff --git a/pkg/k8s/utils.go b/pkg/k8s/utils.go
index c1e94308d..fdedcbb8a 100644
--- a/pkg/k8s/utils.go
+++ b/pkg/k8s/utils.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/rand"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -56,17 +57,39 @@ func FixNamespaceInRef(ref k8s.ObjectRef, namespaced bool, def string) k8s.Objec
 }
 
 func GetClusterId(ctx context.Context, c client.Client) (string, error) {
+	var clusterId string
+
 	// we reuse the kube-system namespace uid as global cluster id
 	var ns corev1.Namespace
 	err := c.Get(ctx, client.ObjectKey{Name: "kube-system"}, &ns)
 	if err != nil {
-		return "", err
+		if !errors.IsForbidden(err) {
+			return "", err
+		}
+		// There is a good chance that the user does not have permissions to GET specific namespaces while still being
+		// able to list them. Let's give this a try.
+		var nsl metav1.PartialObjectMetadataList
+		nsl.SetGroupVersionKind(schema.GroupVersionKind{
+			Version: "v1",
+			Kind:    "Namespace",
+		})
+
+		err = c.List(ctx, &nsl)
+		if err != nil {
+			return "", err
+		}
+		for _, x := range nsl.Items {
+			if x.Name == "kube-system" {
+				clusterId = string(x.UID)
+			}
+		}
+	} else {
+		clusterId = string(ns.UID)
 	}
-	clusterId := ns.UID
 	if clusterId == "" {
 		return "", fmt.Errorf("kube-system namespace has no uid")
 	}
-	return string(clusterId), nil
+	return clusterId, nil
 }
 
 func GetSingleSecret(ctx context.Context, c client.Client, name string, namespace string, key string) (string, error) {

From 6b6d033e55769f0a03a2134943ff5cfe33924105 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 10:55:22 +0100
Subject: [PATCH 1968/2268] tests: Run permission error tests in parallel

---
 e2e/remote_objects_permission_test.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 1287a0deb..6a3c396aa 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -9,6 +9,8 @@ import (
 )
 
 func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
+	t.Parallel()
+
 	k := defaultCluster1
 
 	p := test_project.NewTestProject(t)
@@ -54,7 +56,7 @@ roleRef:
 	kc, err := au.KubeConfig()
 	assert.NoError(t, err)
 
-	setKubeconfigString(t, kc)
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, kc))
 
 	stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test", "--write-command-result=false")
 	assert.Error(t, err)
@@ -62,6 +64,8 @@ roleRef:
 }
 
 func TestNoGetKubeSystemPermissions(t *testing.T) {
+	t.Parallel()
+
 	k := defaultCluster1
 
 	p := test_project.NewTestProject(t)
@@ -118,7 +122,7 @@ roleRef:
 	kc, err := au.KubeConfig()
 	assert.NoError(t, err)
 
-	setKubeconfigString(t, kc)
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, kc))
 
 	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
 		name:      "cm2",

From 4e9281ac34ac52c507440517c6df9a30bfaddc68 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 11:25:17 +0100
Subject: [PATCH 1969/2268] fix: Don't fail when LIST permissions for
 namespaces are missing

---
 pkg/deployment/utils/apply_utils.go          |  7 +++-
 pkg/deployment/utils/remote_objects_utils.go | 42 ++++++++++++++------
 2 files changed, 35 insertions(+), 14 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 6fa20c309..7d7292bb1 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -355,7 +355,12 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 
 	var remoteNamespace *uo.UnstructuredObject
 	if ref.Namespace != "" {
-		remoteNamespace = a.ru.GetRemoteNamespace(ref.Namespace)
+		var err error
+		remoteNamespace, err = a.ru.GetRemoteNamespace(a.k, ref.Namespace)
+		if err != nil {
+			a.HandleError(ref, err)
+			return
+		}
 	}
 
 	usesDummyName := false
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 239c751fe..889becc36 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -16,10 +16,12 @@ import (
 )
 
 type RemoteObjectUtils struct {
-	ctx              context.Context
-	dew              *DeploymentErrorsAndWarnings
-	remoteObjects    map[k8s2.ObjectRef]*uo.UnstructuredObject
-	remoteNamespaces map[string]*uo.UnstructuredObject
+	ctx           context.Context
+	dew           *DeploymentErrorsAndWarnings
+	remoteObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
+
+	remoteNamespacesOk bool
+	remoteNamespaces   map[string]*uo.UnstructuredObject
 }
 
 func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings) *RemoteObjectUtils {
@@ -212,10 +214,16 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator
 		Kind:    "Namespace",
 	}, "", nil)
 	if err != nil {
-		return err
-	}
-	for _, o := range r {
-		u.remoteNamespaces[o.GetK8sName()] = o
+		// listing namespaces might be forbidden by the user, while getting individual ones is allowed
+		// in that case, GetRemoteNamespace will do a GET
+		if !errors2.IsForbidden(err) {
+			return err
+		}
+	} else {
+		u.remoteNamespacesOk = true
+		for _, o := range r {
+			u.remoteNamespaces[o.GetK8sName()] = o
+		}
 	}
 
 	s.Success()
@@ -224,13 +232,21 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator
 }
 
 func (u *RemoteObjectUtils) GetRemoteObject(ref k8s2.ObjectRef) *uo.UnstructuredObject {
-	o, _ := u.remoteObjects[ref]
-	return o
+	return u.remoteObjects[ref]
 }
 
-func (u *RemoteObjectUtils) GetRemoteNamespace(name string) *uo.UnstructuredObject {
-	o, _ := u.remoteNamespaces[name]
-	return o
+func (u *RemoteObjectUtils) GetRemoteNamespace(k *k8s.K8sCluster, name string) (*uo.UnstructuredObject, error) {
+	if u.remoteNamespacesOk {
+		return u.remoteNamespaces[name], nil
+	}
+
+	ref := k8s2.NewObjectRef("", "v1", "Namespace", name, "")
+	o, _, err := k.GetSingleObject(ref)
+	if err != nil && !errors2.IsNotFound(err) {
+		return nil, err
+	}
+
+	return o, nil
 }
 
 func (u *RemoteObjectUtils) ForgetRemoteObject(ref k8s2.ObjectRef) {

From 65103de03577791b689c8bef62908eb955bc906b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 11:33:39 +0100
Subject: [PATCH 1970/2268] fix: Warn when Kluctl is unable to determine the
 cluster ID

---
 cmd/kluctl/commands/command_result.go   | 17 ++++++++++-
 pkg/deployment/commands/result_utils.go | 38 +++++++++----------------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 59dcb03d9..dd629ec3b 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -237,11 +237,26 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 	if writeToResultStore && ctx.resultStore != nil {
 		s := status.Start(ctx.ctx, "Writing command result")
 		defer s.Failed()
+
+		didWarn := false
+		if cr.ClusterInfo.ClusterId == "" {
+			warning := "failed to determine cluster ID due to missing get/list permissions for the kube-system namespace. This might result in follow up issues in regard to cluster differentiation stored command results"
+			cr.Warnings = append(cr.Warnings, result.DeploymentError{
+				Message: warning,
+			})
+			status.Warning(ctx.ctx, warning)
+			didWarn = true
+		}
+
 		resultStoreErr = ctx.resultStore.WriteCommandResult(cr)
 		if resultStoreErr != nil {
 			s.FailedWithMessagef("Failed to write result to result store: %s", resultStoreErr.Error())
 		} else {
-			s.Success()
+			if didWarn {
+				s.Warning()
+			} else {
+				s.Success()
+			}
 		}
 	}
 	err := outputCommandResult2(ctx.ctx, flags, cr)
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index a4b691fe4..e13bd8112 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"time"
 )
@@ -40,12 +41,7 @@ func newCommandResult(targetCtx *target_context.TargetContext, startTime time.Ti
 		})
 	}
 
-	r.ClusterInfo, err = buildClusterInfo(targetCtx.SharedContext.K)
-	if err != nil {
-		r.Errors = append(r.Errors, result.DeploymentError{
-			Message: err.Error(),
-		})
-	}
+	r.ClusterInfo = buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
 
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
@@ -68,12 +64,7 @@ func newValidateCommandResult(targetCtx *target_context.TargetContext, startTime
 		})
 	}
 
-	clusterInfo, err := buildClusterInfo(targetCtx.SharedContext.K)
-	if err != nil {
-		r.Errors = append(r.Errors, result.DeploymentError{
-			Message: err.Error(),
-		})
-	}
+	clusterInfo := buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
 
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
@@ -95,13 +86,7 @@ func newDeleteCommandResult(k *k8s2.K8sCluster, startTime time.Time, inclusion *
 	r.Command.IncludeDeploymentDirs = inclusion.GetIncludes("deploymentItemDir")
 	r.Command.ExcludeDeploymentDirs = inclusion.GetExcludes("deploymentItemDir")
 
-	var err error
-	r.ClusterInfo, err = buildClusterInfo(k)
-	if err != nil {
-		r.Errors = append(r.Errors, result.DeploymentError{
-			Message: err.Error(),
-		})
-	}
+	r.ClusterInfo = buildClusterInfo(k, &r.Warnings)
 
 	return r
 }
@@ -121,14 +106,19 @@ func finishValidateResult(r *result.ValidateResult, targetCtx *target_context.Ta
 	r.EndTime = metav1.Now()
 }
 
-func buildClusterInfo(k *k8s2.K8sCluster) (result.ClusterInfo, error) {
+func buildClusterInfo(k *k8s2.K8sCluster, warnings *[]result.DeploymentError) result.ClusterInfo {
 	var clusterInfo result.ClusterInfo
 	clusterId, err := k.GetClusterId()
-	if err != nil {
-		return clusterInfo, err
-	}
 	clusterInfo = result.ClusterInfo{
 		ClusterId: clusterId,
 	}
-	return clusterInfo, nil
+	if err == nil {
+		return clusterInfo
+	}
+	if !errors.IsForbidden(err) {
+		*warnings = append(*warnings, result.DeploymentError{
+			Message: err.Error(),
+		})
+	}
+	return clusterInfo
 }

From b6580b833ab00236b0d555f28f2c6ed1586910d8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 11:51:05 +0100
Subject: [PATCH 1971/2268] fix: Only warn when permissions are not sufficient
 for the result store

---
 cmd/kluctl/commands/utils.go        | 6 +++++-
 pkg/results/result-store-secrets.go | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index ef6624df9..194180c49 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -21,6 +21,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
@@ -221,7 +222,10 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 
 		resultStore, err = buildResultStoreRW(ctx, clientConfig, mapper, args.commandResultFlags, false)
 		if err != nil {
-			return err
+			if !errors.IsForbidden(err) {
+				return err
+			}
+			status.Warningf(ctx, "Not enough permissions to write to the result store.")
 		}
 	}
 
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 09e903bc4..b470cc108 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -316,6 +316,9 @@ func (s *ResultStoreSecrets) cleanupOldCommandResults(project result.ProjectKey,
 		ProjectFilter: &project,
 	})
 	if err != nil {
+		if errors.IsForbidden(err) {
+			return nil
+		}
 		return err
 	}
 
@@ -429,6 +432,9 @@ func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, t
 		ProjectFilter: &project,
 	})
 	if err != nil {
+		if errors.IsForbidden(err) {
+			return nil
+		}
 		return err
 	}
 

From 8b1684285d0d205b698416865939baf659b38cbe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 11:51:49 +0100
Subject: [PATCH 1972/2268] tests: Add TestOnlyOneNamespacePermissions

---
 e2e/remote_objects_permission_test.go | 96 +++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 6a3c396aa..8b8f9fba4 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/stretchr/testify/assert"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
+	"strings"
 	"testing"
 )
 
@@ -132,3 +133,98 @@ roleRef:
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--write-command-result=false")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 }
+
+func TestOnlyOneNamespacePermissions(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	username := p.TestSlug()
+	au, err := k.AddUser(envtest.User{Name: username}, nil)
+	assert.NoError(t, err)
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+
+	rbac := strings.NewReplacer(
+		"USERNAME", username,
+		"SLUG", p.TestSlug(),
+	).Replace(`
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    resourceNames: ["SLUG"]
+    verbs: ["create", "update", "patch", "get", "list", "watch"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["*"]
+    verbs: ["create", "update",  "patch", "get", "list", "watch"]
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+  namespace: SLUG
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "update", "patch", "get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+subjects:
+  - kind: User
+    name: USERNAME
+roleRef:
+  kind: ClusterRole
+  name: USERNAME
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+  namespace: SLUG
+subjects:
+  - kind: User
+    name: USERNAME
+roleRef:
+  kind: Role
+  name: USERNAME
+  apiGroup: rbac.authorization.k8s.io
+`)
+	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
+		{Name: "rbac.yaml", Content: rbac},
+	}, nil)
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+
+	kc, err := au.KubeConfig()
+	assert.NoError(t, err)
+
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, kc))
+
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+
+	_, stderr, err := p.Kluctl(t, "deploy", "--yes", "-t", "test")
+	assert.NoError(t, err)
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assert.Contains(t, stderr, "Not enough permissions to write to the result store.")
+}

From 5e7da010d293aaf1a44bbbe1a34c0128b667bf29 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 28 Feb 2024 12:17:05 +0100
Subject: [PATCH 1973/2268] fix: Make namespace optional in clusterObject vars
 source (#986)

---
 pkg/types/vars_source.go     |  2 +-
 pkg/vars/vars_loader_test.go | 30 ++++++++++++++++++++++++------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 1f8289f81..f7878b25c 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -67,7 +67,7 @@ type VarsSourceClusterObject struct {
 	Kind       string `json:"kind" validate:"required"`
 	ApiVersion string `json:"apiVersion,omitempty"`
 
-	Namespace string `json:"namespace" validate:"required"`
+	Namespace string `json:"namespace"`
 
 	Name   string            `json:"name,omitempty"`
 	Labels map[string]string `json:"labels,omitempty"`
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 7dd9b60f5..791bd2701 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -567,9 +567,10 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 			Name:      "cm1",
 			Namespace: s.namespace(),
 			Labels: map[string]string{
-				"label1": "lv1",
-				"label2": "42",
-				"label3": "x",
+				"label1":    "lv1",
+				"label2":    "42",
+				"label3":    "x",
+				"namespace": s.namespace(),
 			},
 			Annotations: map[string]string{
 				"yaml":          `{"x": 45}`,
@@ -584,9 +585,10 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 			Name:      "cm2",
 			Namespace: s.namespace(),
 			Labels: map[string]string{
-				"label1": "lv2",
-				"label2": "44",
-				"label3": "x",
+				"label1":    "lv2",
+				"label2":    "44",
+				"label3":    "x",
+				"namespace": s.namespace(),
 			},
 			Annotations: map[string]string{
 				"a1": "v1",
@@ -778,12 +780,28 @@ func (s *VarsLoaderTestSuite) TestClusterObject() {
 		}, nil, "")
 		assert.NoError(s.T(), err)
 
+		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
+			ClusterObject: &types.VarsSourceClusterObject{
+				Kind: "ConfigMap",
+				Labels: map[string]string{
+					"namespace": s.namespace(),
+				},
+				List: true,
+				// no namespace
+				Path: `metadata.labels["label2"]`,
+			},
+			TargetPath: "my.target.d",
+		}, nil, "")
+		assert.NoError(s.T(), err)
+
 		v, _, _ := vc.Vars.GetNestedString("my", "target", "a")
 		assert.Equal(s.T(), "42", v)
 		v, _, _ = vc.Vars.GetNestedString("my", "target", "b")
 		assert.Equal(s.T(), "44", v)
 		l, _, _ := vc.Vars.GetNestedStringList("my", "target", "c")
 		assert.Equal(s.T(), []string{"42", "44"}, l)
+		l, _, _ = vc.Vars.GetNestedStringList("my", "target", "d")
+		assert.Equal(s.T(), []string{"42", "44"}, l)
 	})
 
 	// test render

From aa54c8c7c119d4dbf0aeb6b816828bf8d98922d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Feb 2024 12:17:16 +0100
Subject: [PATCH 1974/2268] chore(deps): Bump the golang-x group with 4 updates
 (#985)

Bumps the golang-x group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/crypto` from 0.18.0 to 0.20.0
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.20.0)

Updates `golang.org/x/net` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

Updates `golang.org/x/oauth2` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index b5dc2f4be..2949f71cc 100644
--- a/go.mod
+++ b/go.mod
@@ -33,11 +33,11 @@ require (
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.18.0
-	golang.org/x/net v0.20.0
+	golang.org/x/crypto v0.20.0
+	golang.org/x/net v0.21.0
 	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.16.0
-	golang.org/x/term v0.16.0 // indirect
+	golang.org/x/sys v0.17.0
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
 	k8s.io/api v0.29.1
@@ -83,7 +83,7 @@ require (
 	github.com/prometheus/client_golang v1.18.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	golang.org/x/oauth2 v0.16.0
+	golang.org/x/oauth2 v0.17.0
 	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
 	google.golang.org/grpc v1.60.1
 	google.golang.org/protobuf v1.32.0
diff --git a/go.sum b/go.sum
index 443f74583..71201df2e 100644
--- a/go.sum
+++ b/go.sum
@@ -714,8 +714,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg=
+golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
@@ -746,11 +746,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
-golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
+golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
+golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -783,15 +783,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 301d535ccd75807ca7a0ae747818603a277f22b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Feb 2024 12:18:27 +0100
Subject: [PATCH 1975/2268] chore(deps): Bump google.golang.org/grpc from
 1.60.1 to 1.62.0 (#983)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.62.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.60.1...v1.62.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 26 ++++++++++++++------------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 2949f71cc..6ffc88616 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
 	github.com/go-logr/logr v1.4.1
 	github.com/google/gops v0.3.28
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.6.0
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
@@ -84,8 +84,8 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.17.0
-	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3
-	google.golang.org/grpc v1.60.1
+	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80
+	google.golang.org/grpc v1.62.0
 	google.golang.org/protobuf v1.32.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
@@ -291,8 +291,8 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.153.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 71201df2e..9b834730a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
-cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
+cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
 cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
 cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -353,8 +353,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
-github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -691,6 +691,8 @@ go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
 go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
 go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
 go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
+go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
 go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
 go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
@@ -833,19 +835,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 h1:kzJAXnzZoFbe5bhZd4zjUuHos/I31yH4thfMb/13oVY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
-google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 9c1680d11d57c135b3218702bf5704f7099769ad Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Mar 2024 09:32:51 +0100
Subject: [PATCH 1976/2268] fix: Also deep-clone aws config in buildTarget
 (#992)

---
 pkg/kluctl_project/targets.go | 8 +++++---
 pkg/utils/utils.go            | 9 +++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 52e3cf89e..c4789d16b 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -67,8 +67,7 @@ func (c *LoadedKluctlProject) RenderTarget(target *types.Target) error {
 }
 
 func (c *LoadedKluctlProject) buildTarget(configTarget *types.Target) (*types.Target, error) {
-	var target types.Target
-	err := utils.DeepCopy(&target, configTarget)
+	target, err := utils.DeepClone(configTarget)
 	if err != nil {
 		return nil, err
 	}
@@ -89,5 +88,8 @@ func (c *LoadedKluctlProject) buildTarget(configTarget *types.Target) (*types.Ta
 			target.Aws.ServiceAccount = c.Config.Aws.ServiceAccount
 		}
 	}
-	return &target, nil
+	// just to make sure we don't later overwrite stuff from c.Config, which we might have copied into the target a few
+	// lines above this
+	target, err = utils.DeepClone(target)
+	return target, nil
 }
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index c9b38dd85..fb799507a 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -22,6 +22,15 @@ func DeepCopy(dst interface{}, src interface{}) error {
 	})
 }
 
+func DeepClone[T any](src *T) (*T, error) {
+	ret := new(T)
+	err := DeepCopy(ret, src)
+	if err != nil {
+		return ret, err
+	}
+	return ret, nil
+}
+
 func FindStrInSlice(a []string, s string) int {
 	for i, v := range a {
 		if v == s {

From 35f2bb51af15dd3278b5ba9c47063bfccdd856df Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Mar 2024 09:33:06 +0100
Subject: [PATCH 1977/2268] chore(deps): Bump the k8s-io group with 4 updates
 (#990)

Bumps the k8s-io group with 4 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `k8s.io/api` from 0.29.1 to 0.29.2
- [Commits](https://github.com/kubernetes/api/compare/v0.29.1...v0.29.2)

Updates `k8s.io/apiextensions-apiserver` from 0.29.1 to 0.29.2
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.29.1...v0.29.2)

Updates `k8s.io/apimachinery` from 0.29.1 to 0.29.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.1...v0.29.2)

Updates `k8s.io/client-go` from 0.29.1 to 0.29.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.1...v0.29.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index 6ffc88616..0a312ec01 100644
--- a/go.mod
+++ b/go.mod
@@ -40,10 +40,10 @@ require (
 	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
-	k8s.io/api v0.29.1
-	k8s.io/apiextensions-apiserver v0.29.1
-	k8s.io/apimachinery v0.29.1
-	k8s.io/client-go v0.29.1
+	k8s.io/api v0.29.2
+	k8s.io/apiextensions-apiserver v0.29.2
+	k8s.io/apimachinery v0.29.2
+	k8s.io/client-go v0.29.2
 	k8s.io/klog/v2 v2.120.1
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
@@ -299,9 +299,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.29.1 // indirect
+	k8s.io/apiserver v0.29.2 // indirect
 	k8s.io/cli-runtime v0.29.0 // indirect
-	k8s.io/component-base v0.29.1 // indirect
+	k8s.io/component-base v0.29.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
 	k8s.io/kubectl v0.29.0 // indirect
 	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
diff --git a/go.sum b/go.sum
index 9b834730a..a98127434 100644
--- a/go.sum
+++ b/go.sum
@@ -891,20 +891,20 @@ helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY=
 helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw=
-k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ=
-k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw=
-k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU=
-k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc=
-k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
-k8s.io/apiserver v0.29.1 h1:e2wwHUfEmMsa8+cuft8MT56+16EONIEK8A/gpBSco+g=
-k8s.io/apiserver v0.29.1/go.mod h1:V0EpkTRrJymyVT3M49we8uh2RvXf7fWC5XLB0P3SwRw=
+k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A=
+k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0=
+k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg=
+k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8=
+k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8=
+k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
+k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ=
+k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ=
 k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4=
 k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk=
-k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A=
-k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks=
-k8s.io/component-base v0.29.1 h1:MUimqJPCRnnHsskTTjKD+IC1EHBbRCVyi37IoFBrkYw=
-k8s.io/component-base v0.29.1/go.mod h1:fP9GFjxYrLERq1GcWWZAE3bqbNcDKDytn2srWuHTtKc=
+k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
+k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
+k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8=
+k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=

From 54db83b59bee405f3a21325b672d4159497d96db Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Mar 2024 09:33:15 +0100
Subject: [PATCH 1978/2268] chore(deps): Bump the aws-sdk group with 6 updates
 (#989)

Bumps the aws-sdk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.24.1` | `1.25.2` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.26.6` | `1.27.4` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.16.16` | `1.17.4` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.24.7` | `1.27.1` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.26.2` | `1.28.1` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.26.7` | `1.28.1` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.24.1 to 1.25.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.24.1...v1.25.2)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.26.6 to 1.27.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.6...config/v1.27.4)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.16.16 to 1.17.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.17.4/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.16.16...v1.17.4)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.24.7 to 1.27.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.24.7...config/v1.27.1)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.26.2 to 1.28.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.26.2...service/ecs/v1.28.1)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.26.7 to 1.28.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.26.7...service/ecs/v1.28.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 30 ++++++++++++++---------------
 go.sum | 60 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/go.mod b/go.mod
index 0a312ec01..7e24fc8fb 100644
--- a/go.mod
+++ b/go.mod
@@ -55,13 +55,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.6
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7
-	github.com/aws/smithy-go v1.19.0
+	github.com/aws/aws-sdk-go-v2 v1.25.2
+	github.com/aws/aws-sdk-go-v2/config v1.27.4
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.4
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.1
+	github.com/aws/smithy-go v1.20.1
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
@@ -118,15 +118,15 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index a98127434..fd40080f1 100644
--- a/go.sum
+++ b/go.sum
@@ -74,38 +74,38 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
-github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
+github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
+github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M=
+github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1 h1:GFt/4yMrCuMDi4YzKy0HCW9NhwbxoYZUMqIWqWJFsqE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1/go.mod h1:ydHfHlVpaydWdStDKNcV6BnI0fD+ZwlPWvDgVG2fLt0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2 h1:A5sGOT/mukuU+4At1vkSIWAN8tPwPCoYZBp7aruR540=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.2/go.mod h1:qutL00aW8GSo2D0I6UEOqMvRS3ZyuBrOC1BLe5D2jPc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
-github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
-github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 h1:DtKw4TxZT3VrzYupXQJPBqT9ImyobZZE+JIQPPAVxqs=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1/go.mod h1:bit9G2ORpSjUTr4PA4usvbBfbOyvMj0LbE1dXF14Sug=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
+github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
+github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From eb5cbf0ba9ef123a6a30fdc2b8e276aa9cf1096b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Mar 2024 09:33:26 +0100
Subject: [PATCH 1979/2268] chore(deps): Bump the azure-sdk group with 2
 updates (#973)

Bumps the azure-sdk group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) and [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.9.1 to 1.9.2
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.9.1...sdk/azcore/v1.9.2)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.4.0 to 1.5.1
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.4.0...sdk/internal/v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 22 +++++++++++-----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/go.mod b/go.mod
index 7e24fc8fb..8cfec8ea3 100644
--- a/go.mod
+++ b/go.mod
@@ -52,8 +52,8 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.11.4
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.25.2
 	github.com/aws/aws-sdk-go-v2/config v1.27.4
@@ -102,12 +102,12 @@ require (
 	cloud.google.com/go/kms v1.15.5 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@@ -245,7 +245,7 @@ require (
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.45.0 // indirect
diff --git a/go.sum b/go.sum
index fd40080f1..197852c52 100644
--- a/go.sum
+++ b/go.sum
@@ -17,12 +17,12 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
@@ -35,8 +35,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
@@ -559,8 +559,8 @@ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1H
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
-github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
-github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -775,12 +775,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From 4bc3fb89b778f9fd5a4ed3a36e034864327e42dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Mar 2024 09:39:11 +0100
Subject: [PATCH 1980/2268] chore(deps): Bump the azure-sdk group with 1 update
 (#993)

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.9.2 to 1.10.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.9.2...sdk/azcore/v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8cfec8ea3..089211f78 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.11.4
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.25.2
diff --git a/go.sum b/go.sum
index 197852c52..f11642ee7 100644
--- a/go.sum
+++ b/go.sum
@@ -17,8 +17,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 h1:n1DH8TPV4qqPTje2RcUBYwtrTWlabVp4n46+74X2pn4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0/go.mod h1:HDcZnuGbiyppErN6lB+idp4CKhjbc8gwjto6OPpyggM=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=

From 335d766dd2c8b698343df2730cb26188e32794e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 1 Mar 2024 16:32:07 +0100
Subject: [PATCH 1981/2268] fix: Upgrade go-jinja2 to latest main branch to fix
 local vars with get_var/render

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 089211f78..ea08db322 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236
+	github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index f11642ee7..34e9cd009 100644
--- a/go.sum
+++ b/go.sum
@@ -444,8 +444,8 @@ github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/4
 github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1 h1:FRjmtgCHeK4IcZTOosx5tJ8LZ4VDMzFaaXBylsMRAGQ=
 github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1/go.mod h1:nhLUuBr5jJ6TMy4RlZn0wEtGC/RuTfERNVHyP1t0joI=
-github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236 h1:qHDKDrp92XNv1crPOMol5fZ3t1RzmuS452Ku7Hj3X0A=
-github.com/kluctl/go-jinja2 v0.0.0-20240206085301-ad6f23980236/go.mod h1:tf65M11BQMkV4k2ukb8dkxCho7VuG86LcJdzE8kuR3U=
+github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e h1:la0Z8jPORDnWN0qFuuJul9LfS9d71CB8rlecg3DcdXU=
+github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e/go.mod h1:tf65M11BQMkV4k2ukb8dkxCho7VuG86LcJdzE8kuR3U=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From 1fa849e42502add03103d7b322a0f1515744bcba Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Mar 2024 11:05:56 +0100
Subject: [PATCH 1982/2268] docs: Deprecate the render filter in favor of the
 render global function

---
 docs/kluctl/templating/filters.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/docs/kluctl/templating/filters.md b/docs/kluctl/templating/filters.md
index 6c3b46314..cedf900b0 100644
--- a/docs/kluctl/templating/filters.md
+++ b/docs/kluctl/templating/filters.md
@@ -78,11 +78,8 @@ The required indention filter is the part that makes this error-prone and hard t
 whenever you can.
 
 ### render
-Renders the input string with the current Jinja2 context. Example:
-```
-{% set a="{{ my_var }}" %}
-{{ a | render }}
-```
+Same as the global [render function](./functions.md#rendertemplate), but deprecated now. `render` being a filter turned out to
+not work well with local variables, as these are not accessible in filters. Please only use the global function.
 
 ### sha256(digest_len)
 Calculates the sha256 digest of the input string. Example:

From 1760475cb8e4a84c96c38f2f07b27adc699d6a0d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Mar 2024 11:06:11 +0100
Subject: [PATCH 1983/2268] docs: Add workaround description for loop variables

---
 docs/kluctl/templating/functions.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/docs/kluctl/templating/functions.md b/docs/kluctl/templating/functions.md
index 13c033956..82f5dc8fe 100644
--- a/docs/kluctl/templating/functions.md
+++ b/docs/kluctl/templating/functions.md
@@ -24,6 +24,11 @@ Loads the given file into memory, renders it with the current Jinja2 context and
 
 `load_template` uses the same path searching rules as described in [includes/imports](../templating#includes-and-imports).
 
+Please note that there is a limitation in this (and other) functions in regard to loop variables. You can currently not
+use loop variables directly as they are not accessible inside Jinja2 extensions/filters. There is an open issue in 
+that regard [here](https://github.com/pallets/jinja/issues/1478). For a workaround, perform the same as in
+[get_var](#getvarfieldpath-default).
+
 ### load_sha256(file, digest_len)
 Loads the given file into memory, renders it and calculates the sha256 hash of the result.
 
@@ -57,6 +62,18 @@ The `field_path` parameter can also be a list of pathes, which are then tried on
 result that gives a value that is not None. For example, `{{ get_var(['non.existing.var', my.deep.var'], 'my-default') }}`
 would also return `value`.
 
+Please note that there is a limitation in this (and other) functions in regard to loop variables. You can currently not
+use loop variables directly as they are not accessible inside Jinja2 global functions or filters. There is an open issue in
+that regard [here](https://github.com/pallets/jinja/issues/1478). For a workaround, assign the loop variable to a local variable:
+
+```
+{% set list=[{x: "a"}, {x: "b"}, {x: "c"}] %}
+{% for e in list %}
+{% set e=e %} <-- this is the workaround
+{{ get_var('e.x') }}
+{% endfor %}
+```
+
 ### merge_dict(d1, d2)
 Clones d1 and then recursively merges d2 into it and returns the result. Values inside d2 will override values in d1.
 
@@ -66,6 +83,18 @@ Same as `merge_dict`, but merging is performed in-place into d1.
 ### raise(msg)
 Raises a python exception with the given message. This causes the current command to abort.
 
+### render(template)
+Renders the input string with the current Jinja2 context. Example:
+```
+{% set a="{{ my_var }}" %}
+{{ render(a) }}
+```
+
+Please note that there is a limitation in this (and other) functions in regard to loop variables. You can currently not
+use loop variables directly as they are not accessible inside Jinja2 global functions or filters. There is an open issue in
+that regard [here](https://github.com/pallets/jinja/issues/1478). For a workaround, perform the same as in
+[get_var](#getvarfieldpath-default).
+
 ### debug_print(msg)
 Prints a line to stderr.
 

From 061e3cbd7d6a2b6c2c1cc451e5957881eb11e02f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Mar 2024 12:07:50 +0100
Subject: [PATCH 1984/2268] ci: Switch to lychee for markdown link checks

---
 .github/workflows/check-links-cron.yml |   9 +-
 Makefile                               |   8 +-
 lychee.toml                            | 127 +++++++++++++++++++++++++
 3 files changed, 133 insertions(+), 11 deletions(-)
 create mode 100644 lychee.toml

diff --git a/.github/workflows/check-links-cron.yml b/.github/workflows/check-links-cron.yml
index 117b11289..d3140b2e3 100644
--- a/.github/workflows/check-links-cron.yml
+++ b/.github/workflows/check-links-cron.yml
@@ -12,8 +12,7 @@ jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-      - uses: gaurav-nelson/github-action-markdown-link-check@v1
-        with:
-          folder-path: 'docs, install'
-          file-path: './README.md'
+      - uses: actions/checkout@v3
+      - name: Check links on changed files
+        run: |
+          make markdown-link-check
diff --git a/Makefile b/Makefile
index ee41d1da6..326011291 100644
--- a/Makefile
+++ b/Makefile
@@ -106,13 +106,9 @@ test-e2e-gitops: envtest ## Run gitops e2e tests.
 replace-commands-help: ## Replace commands help in docs
 	go run ./internal/replace-commands-help --docs-dir ./docs/kluctl/commands
 
-MARKDOWN_LINK_CHECK_VERSION=3.11.2
+LYCHEE_VERSION=0.14
 markdown-link-check: ## Check markdown files for dead links
-	find . -name '*.md' \
-		-and -not -path './docs/gitops/api/kluctl-controller.md' \
-		-and -not -path './pkg/webui/ui/node_modules/*' \
-		-and -not -path './pkg/webui/ui/build/*' | \
-		xargs docker run -v ${PWD}:/tmp:ro --rm -i -w /tmp ghcr.io/tcort/markdown-link-check:$(MARKDOWN_LINK_CHECK_VERSION)
+	docker run --init -i --rm -w /input -v ${PWD}:/input:ro lycheeverse/lychee:$(LYCHEE_VERSION) -- README.md docs install
 
 ##@ Build
 
diff --git a/lychee.toml b/lychee.toml
new file mode 100644
index 000000000..137061a6a
--- /dev/null
+++ b/lychee.toml
@@ -0,0 +1,127 @@
+#############################  Display  #############################
+
+# Verbose program output
+# Accepts log level: "error", "warn", "info", "debug", "trace"
+verbose = "info"
+
+# Don't show interactive progress bar while checking links.
+no_progress = false
+
+# Path to summary output file.
+# output = ".config.dummy.report.md"
+
+#############################  Cache  ###############################
+
+# Enable link caching. This can be helpful to avoid checking the same links on
+# multiple runs.
+# cache = true
+
+# Discard all cached requests older than this duration.
+# max_cache_age = "2d"
+
+#############################  Runtime  #############################
+
+# Number of threads to utilize.
+# Defaults to number of cores available to the system if omitted.
+threads = 2
+
+# Maximum number of allowed redirects.
+max_redirects = 10
+
+# Maximum number of allowed retries before a link is declared dead.
+max_retries = 2
+
+# Maximum number of concurrent link checks.
+max_concurrency = 8
+
+#############################  Requests  ############################
+
+# User agent to send with each request.
+user_agent = "curl/7.83. 1"
+
+# Website timeout from connect to response finished.
+timeout = 20
+
+# Minimum wait time in seconds between retries of failed requests.
+retry_wait_time = 2
+
+# Comma-separated list of accepted status codes for valid links.
+# Supported values are:
+#
+# accept = ["200..=204", "429"]
+# accept = "200..=204, 429"
+# accept = ["200", "429"]
+# accept = "200, 429"
+# accept = ["200", "429"]
+
+# Proceed for server connections considered insecure (invalid TLS).
+insecure = false
+
+# Only test links with the given schemes (e.g. https).
+# Omit to check links with any other scheme.
+# At the moment, we support http, https, file, and mailto.
+# scheme = ["https"]
+
+# When links are available using HTTPS, treat HTTP links as errors.
+# require_https = false
+
+# Request method
+method = "get"
+
+# Custom request headers
+headers = []
+
+# Remap URI matching pattern to different URI.
+# remap = ["https://example.com http://example.invalid"]
+
+# Base URL or website root directory to check relative URLs.
+# base = "https://example.com"
+
+# HTTP basic auth support. This will be the username and password passed to the
+# authorization HTTP header. See
+# <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization>
+# basic_auth = ["example.com user:pwd"]
+
+#############################  Exclusions  ##########################
+
+# Skip missing input files (default is to error if they don't exist).
+# skip_missing = false
+
+# Check links inside `<code>` and `<pre>` blocks as well as Markdown code
+# blocks.
+# include_verbatim = false
+
+# Ignore case of paths when matching glob patterns.
+# glob_ignore_case = false
+
+# Exclude URLs and mail addresses from checking (supports regex).
+# exclude = ['^https://www\.linkedin\.com', '^https://web\.archive\.org/web/']
+exclude = [
+    '^https://kubernetes\.io/docs/reference/generated/kubernetes-api/v1\.18/',
+    '.*#getvarfieldpath-default', # lychee seems to not understand this one
+]
+
+# Exclude these filesystem paths from getting checked.
+# exclude_path = ["file/path/to/Ignore", "./other/file/path/to/Ignore"]
+
+# URLs to check (supports regex). Has preference over all excludes.
+# include = ['gist\.github\.com.*']
+
+# Exclude all private IPs from checking.
+# Equivalent to setting `exclude_private`, `exclude_link_local`, and
+# `exclude_loopback` to true.
+# exclude_all_private = false
+
+# Exclude private IP address ranges from checking.
+# exclude_private = false
+
+# Exclude link-local IP address range from checking.
+# exclude_link_local = false
+
+# Exclude loopback IP address range and localhost from checking.
+# exclude_loopback = false
+
+# Check mail addresses
+# include_mail = true
+
+include_fragments = true

From 2a0773699409c61eb753edecb45cae149041e953 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Mar 2024 14:07:47 +0100
Subject: [PATCH 1985/2268] chore(deps): Bump cloud.google.com/go/secretmanager
 (#996)

Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.11.4 to 1.11.5.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/orgpolicy/v1.11.4...secretmanager/v1.11.5)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 15 ++++++++-------
 go.sum | 38 ++++++++++++++++++++++----------------
 2 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/go.mod b/go.mod
index ea08db322..4bdaad457 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/secretmanager v1.11.4
+	cloud.google.com/go/secretmanager v1.11.5
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
@@ -276,10 +276,11 @@ require (
 	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
-	go.opentelemetry.io/otel v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.21.0 // indirect
-	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
+	go.opentelemetry.io/otel v1.22.0 // indirect
+	go.opentelemetry.io/otel/metric v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
@@ -289,9 +290,9 @@ require (
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.1 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.153.0 // indirect
+	google.golang.org/api v0.160.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
diff --git a/go.sum b/go.sum
index 34e9cd009..94b08b002 100644
--- a/go.sum
+++ b/go.sum
@@ -9,8 +9,8 @@ cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
 cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
 cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM=
 cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI=
-cloud.google.com/go/secretmanager v1.11.4 h1:krnX9qpG2kR2fJ+u+uNyNo+ACVhplIAS4Pu7u+4gd+k=
-cloud.google.com/go/secretmanager v1.11.4/go.mod h1:wreJlbS9Zdq21lMzWmJ0XhWW2ZxgPeahsqeV/vZoJ3w=
+cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHwKXUEAfYY=
+cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
@@ -150,6 +150,8 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw=
@@ -210,6 +212,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
@@ -685,16 +689,18 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
-go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
-go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A=
-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
+go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
+go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
+go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
+go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
+go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
+go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
+go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
+go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
 go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
 go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -825,8 +831,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.153.0 h1:N1AwGhielyKFaUqH07/ZSIQR3uNPcV7NVw0vj+j4iR4=
-google.golang.org/api v0.153.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY=
+google.golang.org/api v0.160.0 h1:SEspjXHVqE1m5a1fRy8JFB+5jSu+V0GEDKDghF3ttO4=
+google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -837,8 +843,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
-google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=

From d714f9174a2803d36a27124d07840346c4319730 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Mar 2024 14:07:54 +0100
Subject: [PATCH 1986/2268] chore(deps): Bump github.com/onsi/gomega from
 1.30.0 to 1.31.1 (#995)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.30.0 to 1.31.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.30.0...v1.31.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 4bdaad457..f8db68883 100644
--- a/go.mod
+++ b/go.mod
@@ -77,7 +77,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.30.0
+	github.com/onsi/gomega v1.31.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/prometheus/client_golang v1.18.0
diff --git a/go.sum b/go.sum
index 94b08b002..09dccf851 100644
--- a/go.sum
+++ b/go.sum
@@ -539,10 +539,10 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.21.0 h1:niqSS6yl3PQZJrqh7pKs/zinl4HebGe8urXEfpvlpYY=
 github.com/ohler55/ojg v1.21.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
-github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
-github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
-github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=

From 71b5401d9c191914defe59d3c50d3e752d776dae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Mar 2024 14:08:08 +0100
Subject: [PATCH 1987/2268] chore(deps): Bump
 github.com/prometheus/client_golang (#994)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.19.0/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  5 ++---
 go.sum | 10 ++++------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index f8db68883..317d9ce7a 100644
--- a/go.mod
+++ b/go.mod
@@ -80,7 +80,7 @@ require (
 	github.com/onsi/gomega v1.31.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
-	github.com/prometheus/client_golang v1.18.0
+	github.com/prometheus/client_golang v1.19.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.17.0
@@ -224,7 +224,6 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/miekg/dns v1.1.55 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -248,7 +247,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
diff --git a/go.sum b/go.sum
index 09dccf851..2adf239c4 100644
--- a/go.sum
+++ b/go.sum
@@ -495,8 +495,6 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
@@ -576,8 +574,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
-github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -585,8 +583,8 @@ github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cY
 github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
-github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=

From f7d1817a0436a1da6c1ac586eefefcb8190905b8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 4 Mar 2024 14:47:38 +0100
Subject: [PATCH 1988/2268] build: Preparing release v2.23.5

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 9967c6974..9d274164b 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.4
+        tag: v2.23.5
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index d7c800bbb..58f5b49e0 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.4
+        tag: v2.23.5
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index ac7a2a6ad..e0d0900c9 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.4
+        tag: v2.23.5
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.4
+            kluctl_version: v2.23.5
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.4
+        tag: v2.23.5
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 8f7840743..627bea5a9 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.4
+         tag: v2.23.5
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 4e2537c84..3fc8d74c7 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.4
+    default: v2.23.5
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index ee767bce3..f70f7fa05 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.4") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.5") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index cd387dc8f..a2eea9580 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.4
+    default: v2.23.5
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 443441684..98d07985c 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.4") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.23.5") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From a10a0585e4a761cf438b4e683ccc56a8490e3dfb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Mar 2024 08:40:22 +0100
Subject: [PATCH 1989/2268] fix: Upgrade controller-gen to v0.14.0 (#1002)

This fixes crashes with Go v1.22
---
 Makefile                                      |   2 +-
 .../gitops.kluctl.io_kluctldeployments.yaml   | 448 +++++++++---------
 install/controller/controller/crd.yaml        | 448 +++++++++---------
 3 files changed, 461 insertions(+), 437 deletions(-)

diff --git a/Makefile b/Makefile
index 326011291..efd31d74f 100644
--- a/Makefile
+++ b/Makefile
@@ -172,7 +172,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.3
-CONTROLLER_TOOLS_VERSION ?= v0.13.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
diff --git a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
index 91a6817a2..6ae4812f8 100644
--- a/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
+++ b/config/crd/bases/gitops.kluctl.io_kluctldeployments.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: kluctldeployments.gitops.kluctl.io
 spec:
   group: gitops.kluctl.io
@@ -42,14 +42,19 @@ spec:
         description: KluctlDeployment is the Schema for the kluctldeployments API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -57,18 +62,18 @@ spec:
             properties:
               abortOnError:
                 default: false
-                description: ForceReplaceOnError instructs kluctl to abort deployments
-                  immediately when something fails. Equivalent to using '--abort-on-error'
-                  when calling kluctl.
+                description: |-
+                  ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails.
+                  Equivalent to using '--abort-on-error' when calling kluctl.
                 type: boolean
               args:
                 description: Args specifies dynamic target args.
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               context:
-                description: If specified, overrides the context to be used. This
-                  will effectively make kluctl ignore the context specified in the
-                  target.
+                description: |-
+                  If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified
+                  in the target.
                 type: string
               credentials:
                 description: Credentials specifies the credentials used when pulling
@@ -79,23 +84,23 @@ spec:
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this secret
-                            applies to. If set to '*', this set of credentials applies
-                            to all hosts. Using '*' for http(s) based repositories
-                            is not supported, meaning that such credentials sets will
-                            be ignored. You must always set a proper hostname in that
-                            case.
+                          description: |-
+                            Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
+                            applies to all hosts.
+                            Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+                            You must always set a proper hostname in that case.
                           type: string
                         path:
-                          description: Path specifies the path to be used to filter
-                            Git repositories. The path can contain wildcards. These
-                            credentials will only be used for matching Git URLs. If
-                            omitted, all repositories are considered to match.
+                          description: |-
+                            Path specifies the path to be used to filter Git repositories. The path can contain wildcards. These credentials
+                            will only be used for matching Git URLs. If omitted, all repositories are considered to match.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS git repositories
-                            the Secret must contain 'username' and 'password' fields.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the git repository.
+                            For HTTPS git repositories the Secret must contain 'username' and 'password'
+                            fields.
                             For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
@@ -118,22 +123,20 @@ spec:
                             applies to.
                           type: string
                         path:
-                          description: Path specifies the path to be used to filter
-                            Helm urls. The path can contain wildcards. These credentials
-                            will only be used for matching URLs. If omitted, all URLs
-                            are considered to match.
+                          description: |-
+                            Path specifies the path to be used to filter Helm urls. The path can contain wildcards. These credentials
+                            will only be used for matching URLs. If omitted, all URLs are considered to match.
                           type: string
                         secretRef:
-                          description: 'SecretRef specifies the Secret containing
-                            authentication credentials for the Helm repository. The
-                            secret can either container basic authentication credentials
-                            via `username` and `password` or TLS authentication via
-                            `certFile` and `keyFile`. `caFile` can be specified to
-                            override the CA to use while contacting the repository.
-                            The secret can also contain `insecureSkipTlsVerify: "true"`,
-                            which will disable TLS verification. `passCredentialsAll:
-                            "true"` can be specified to make the controller pass credentials
-                            to all requests, even if the hostname changes in-between.'
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the Helm repository.
+                            The secret can either container basic authentication credentials via `username` and `password` or
+                            TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+                            contacting the repository.
+                            The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+                            `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+                            the hostname changes in-between.
                           properties:
                             name:
                               description: Name of the referent.
@@ -155,15 +158,15 @@ spec:
                             applies to.
                           type: string
                         repository:
-                          description: Repository specifies the org and repo name
-                            in the format 'org-name/repo-name'. Both 'org-name' and
-                            'repo-name' can be specified as '*', meaning that all
-                            names are matched.
+                          description: |-
+                            Repository specifies the org and repo name in the format 'org-name/repo-name'.
+                            Both 'org-name' and 'repo-name' can be specified as '*', meaning that all names are matched.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the oci repository. The secret must contain
-                            'username' and 'password'.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the oci repository.
+                            The secret must contain 'username' and 'password'.
                           properties:
                             name:
                               description: Name of the referent.
@@ -196,11 +199,10 @@ spec:
                     - name
                     type: object
                   serviceAccount:
-                    description: ServiceAccount specifies the service account used
-                      to authenticate against cloud providers. This is currently only
-                      usable for AWS KMS keys. The specified service account will
-                      be used to authenticate to AWS by signing a token in an IRSA
-                      compliant way.
+                    description: |-
+                      ServiceAccount specifies the service account used to authenticate against cloud providers.
+                      This is currently only usable for AWS KMS keys. The specified service account will be used to authenticate to AWS
+                      by signing a token in an IRSA compliant way.
                     type: string
                 required:
                 - provider
@@ -211,72 +213,72 @@ spec:
                   the KluctlDeployment object gets deleted.
                 type: boolean
               deployInterval:
-                description: DeployInterval specifies the interval at which to deploy
-                  the KluctlDeployment, even in cases the rendered result does not
-                  change.
+                description: |-
+                  DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered
+                  result does not change.
                 pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
               deployMode:
                 default: full-deploy
-                description: DeployMode specifies what deploy mode should be used.
-                  The options 'full-deploy' and 'poke-images' are supported. With
-                  the 'poke-images' option, only images are patched into the target
-                  without performing a full deployment.
+                description: |-
+                  DeployMode specifies what deploy mode should be used.
+                  The options 'full-deploy' and 'poke-images' are supported.
+                  With the 'poke-images' option, only images are patched into the target without performing a full deployment.
                 enum:
                 - full-deploy
                 - poke-images
                 type: string
               dryRun:
                 default: false
-                description: DryRun instructs kluctl to run everything in dry-run
-                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                description: |-
+                  DryRun instructs kluctl to run everything in dry-run mode.
+                  Equivalent to using '--dry-run' when calling kluctl.
                 type: boolean
               excludeDeploymentDirs:
-                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
-                  with the given dir. Equivalent to using '--exclude-deployment-dir'
-                  when calling kluctl.
+                description: |-
+                  ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir.
+                  Equivalent to using '--exclude-deployment-dir' when calling kluctl.
                 items:
                   type: string
                 type: array
               excludeTags:
-                description: ExcludeTags instructs kluctl to exclude deployments with
-                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                description: |-
+                  ExcludeTags instructs kluctl to exclude deployments with given tags.
+                  Equivalent to using '--exclude-tag' when calling kluctl.
                 items:
                   type: string
                 type: array
               forceApply:
                 default: false
-                description: ForceApply instructs kluctl to force-apply in case of
-                  SSA conflicts. Equivalent to using '--force-apply' when calling
-                  kluctl.
+                description: |-
+                  ForceApply instructs kluctl to force-apply in case of SSA conflicts.
+                  Equivalent to using '--force-apply' when calling kluctl.
                 type: boolean
               forceReplaceOnError:
                 default: false
-                description: ForceReplaceOnError instructs kluctl to force-replace
-                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
-                  when calling kluctl.
+                description: |-
+                  ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails.
+                  Equivalent to using '--force-replace-on-error' when calling kluctl.
                 type: boolean
               helmCredentials:
-                description: HelmCredentials is a list of Helm credentials used when
-                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
-                  DEPRECATED this field is deprecated and will be removed in the next
-                  API version bump. Use spec.credentials.helm instead.
+                description: |-
+                  HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
+                  Kluctl deployment.
+                  DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.
                 items:
                   properties:
                     secretRef:
-                      description: 'SecretRef holds the name of a secret that contains
-                        the Helm credentials. The secret must either contain the fields
-                        `credentialsId` which refers to the credentialsId found in
-                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories
-                        or an `url` used to match the credentials found in Kluctl
-                        projects helm-chart.yaml files. The secret can either container
-                        basic authentication credentials via `username` and `password`
-                        or TLS authentication via `certFile` and `keyFile`. `caFile`
-                        can be specified to override the CA to use while contacting
-                        the repository. The secret can also contain `insecureSkipTlsVerify:
-                        "true"`, which will disable TLS verification. `passCredentialsAll:
-                        "true"` can be specified to make the controller pass credentials
-                        to all requests, even if the hostname changes in-between.'
+                      description: |-
+                        SecretRef holds the name of a secret that contains the Helm credentials.
+                        The secret must either contain the fields `credentialsId` which refers to the credentialsId
+                        found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories or an `url` used
+                        to match the credentials found in Kluctl projects helm-chart.yaml files.
+                        The secret can either container basic authentication credentials via `username` and `password` or
+                        TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+                        contacting the repository.
+                        The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+                        `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+                        the hostname changes in-between.
                       properties:
                         name:
                           description: Name of the referent.
@@ -287,8 +289,9 @@ spec:
                   type: object
                 type: array
               images:
-                description: Images contains a list of fixed image overrides. Equivalent
-                  to using '--fixed-images-file' when calling kluctl.
+                description: |-
+                  Images contains a list of fixed image overrides.
+                  Equivalent to using '--fixed-images-file' when calling kluctl.
                 items:
                   properties:
                     container:
@@ -332,41 +335,44 @@ spec:
                   type: object
                 type: array
               includeDeploymentDirs:
-                description: IncludeDeploymentDirs instructs kluctl to only include
-                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
-                  when calling kluctl.
+                description: |-
+                  IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir.
+                  Equivalent to using '--include-deployment-dir' when calling kluctl.
                 items:
                   type: string
                 type: array
               includeTags:
-                description: IncludeTags instructs kluctl to only include deployments
-                  with given tags. Equivalent to using '--include-tag' when calling
-                  kluctl.
+                description: |-
+                  IncludeTags instructs kluctl to only include deployments with given tags.
+                  Equivalent to using '--include-tag' when calling kluctl.
                 items:
                   type: string
                 type: array
               interval:
-                description: The interval at which to reconcile the KluctlDeployment.
-                  Reconciliation means that the deployment is fully rendered and only
-                  deployed when the result changes compared to the last deployment.
+                description: |-
+                  The interval at which to reconcile the KluctlDeployment.
+                  Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared
+                  to the last deployment.
                   To override this behavior, set the DeployInterval value.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               kubeConfig:
-                description: The KubeConfig for deploying to the target cluster. Specifies
-                  the kubeconfig to be used when invoking kluctl. Contexts in this
-                  kubeconfig must match the context found in the kluctl target. As
-                  an alternative, specify the context to be used via 'context'
+                description: |-
+                  The KubeConfig for deploying to the target cluster.
+                  Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
+                  the context found in the kluctl target. As an alternative, specify the context to be used via 'context'
                 properties:
                   secretRef:
-                    description: SecretRef holds the name of a secret that contains
-                      a key with the kubeconfig file as the value. If no key is set,
-                      the key will default to 'value'. The secret must be in the same
-                      namespace as the Kustomization. It is recommended that the kubeconfig
-                      is self-contained, and the secret is regularly updated if credentials
-                      such as a cloud-access-token expire. Cloud specific `cmd-path`
-                      auth helpers will not function without adding binaries and credentials
-                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    description: |-
+                      SecretRef holds the name of a secret that contains a key with
+                      the kubeconfig file as the value. If no key is set, the key will default
+                      to 'value'. The secret must be in the same namespace as
+                      the Kustomization.
+                      It is recommended that the kubeconfig is self-contained, and the secret
+                      is regularly updated if credentials such as a cloud-access-token expire.
+                      Cloud specific `cmd-path` auth helpers will not function without adding
+                      binaries and credentials to the Pod that is responsible for reconciling
+                      the KluctlDeployment.
                     properties:
                       key:
                         description: Key in the Secret, when not specified an implementation-specific
@@ -380,24 +386,24 @@ spec:
                     type: object
                 type: object
               manual:
-                description: Manual enables manual deployments, meaning that the deployment
-                  will initially start as a dry run deployment and only after manual
-                  approval cause a real deployment
+                description: |-
+                  Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment
+                  and only after manual approval cause a real deployment
                 type: boolean
               manualObjectsHash:
-                description: ManualObjectsHash specifies the rendered objects hash
-                  that is approved for manual deployment. If Manual is set to true,
-                  the controller will skip deployments when the current reconciliation
-                  loops calculated objects hash does not match this value. There are
-                  two ways to use this value properly. 1. Set it manually to the value
-                  found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually
-                  approve a deployment, which will set this field appropriately.
+                description: |-
+                  ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment.
+                  If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated
+                  objects hash does not match this value.
+                  There are two ways to use this value properly.
+                  1. Set it manually to the value found in status.lastObjectsHash.
+                  2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.
                 type: string
               noWait:
                 default: false
-                description: NoWait instructs kluctl to not wait for any resources
-                  to become ready, including hooks. Equivalent to using '--no-wait'
-                  when calling kluctl.
+                description: |-
+                  NoWait instructs kluctl to not wait for any resources to become ready, including hooks.
+                  Equivalent to using '--no-wait' when calling kluctl.
                 type: boolean
               prune:
                 default: false
@@ -405,46 +411,49 @@ spec:
                 type: boolean
               replaceOnError:
                 default: false
-                description: ReplaceOnError instructs kluctl to replace resources
-                  on error. Equivalent to using '--replace-on-error' when calling
-                  kluctl.
+                description: |-
+                  ReplaceOnError instructs kluctl to replace resources on error.
+                  Equivalent to using '--replace-on-error' when calling kluctl.
                 type: boolean
               retryInterval:
-                description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the Interval value to retry
-                  failures.
+                description: |-
+                  The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the Interval
+                  value to retry failures.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               serviceAccountName:
-                description: The name of the Kubernetes service account to use while
-                  deploying. If not specified, the default service account is used.
+                description: |-
+                  The name of the Kubernetes service account to use while deploying.
+                  If not specified, the default service account is used.
                 type: string
               source:
                 description: Specifies the project source location
                 properties:
                   credentials:
-                    description: Credentials specifies a list of secrets with credentials
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.credentials.git instead.
+                    description: |-
+                      Credentials specifies a list of secrets with credentials
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this secret
-                            applies to. If set to '*', this set of credentials applies
-                            to all hosts. Using '*' for http(s) based repositories
-                            is not supported, meaning that such credentials sets will
-                            be ignored. You must always set a proper hostname in that
-                            case.
+                          description: |-
+                            Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
+                            applies to all hosts.
+                            Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+                            You must always set a proper hostname in that case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specifies the path prefix to be
-                            used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                          description: |-
+                            PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
+                            this set of credentials.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS git repositories
-                            the Secret must contain 'username' and 'password' fields.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the git repository.
+                            For HTTPS git repositories the Secret must contain 'username' and 'password'
+                            fields.
                             For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
@@ -481,8 +490,8 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: URL specifies the Git url where the project source
-                          is located. If the given Git repository needs authentication,
+                        description: |-
+                          URL specifies the Git url where the project source is located. If the given Git repository needs authentication,
                           use spec.credentials.git to specify those.
                         type: string
                     required:
@@ -500,9 +509,9 @@ spec:
                           the "latest" tag is used.
                         properties:
                           digest:
-                            description: Digest is the image digest to pull, takes
-                              precedence over SemVer. The value should be in the format
-                              'sha256:<HASH>'.
+                            description: |-
+                              Digest is the image digest to pull, takes precedence over SemVer.
+                              The value should be in the format 'sha256:<HASH>'.
                             type: string
                           tag:
                             description: Tag is the image tag to pull, defaults to
@@ -510,23 +519,22 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: Url specifies the Git url where the project source
-                          is located. If the given OCI repository needs authentication,
+                        description: |-
+                          Url specifies the Git url where the project source is located. If the given OCI repository needs authentication,
                           use spec.credentials.oci to specify those.
                         type: string
                     required:
                     - url
                     type: object
                   path:
-                    description: Path specifies the sub-directory to be used as project
-                      directory DEPRECATED this field is deprecated and will be removed
-                      in the next API version bump. Use spec.git.path instead.
+                    description: |-
+                      Path specifies the sub-directory to be used as project directory
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.
                     type: string
                   ref:
-                    description: Ref specifies the branch, tag or commit that should
-                      be used. If omitted, the default branch of the repo is used.
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.git.ref instead.
+                    description: |-
+                      Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -539,13 +547,13 @@ spec:
                         type: string
                     type: object
                   secretRef:
-                    description: SecretRef specifies the Secret containing authentication
-                      credentials for See ProjectSourceCredentials.SecretRef for details
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.credentials.git instead. WARNING
-                      using this field causes the controller to pass http basic auth
-                      credentials to ALL repositories involved. Use spec.credentials.git
-                      with a proper Host field instead.
+                    description: |-
+                      SecretRef specifies the Secret containing authentication credentials for
+                      See ProjectSourceCredentials.SecretRef for details
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git
+                      instead.
+                      WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+                      Use spec.credentials.git with a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -554,9 +562,9 @@ spec:
                     - name
                     type: object
                   url:
-                    description: Url specifies the Git url where the project source
-                      is located DEPRECATED this field is deprecated and will be removed
-                      in the next API version bump. Use spec.git.url instead.
+                    description: |-
+                      Url specifies the Git url where the project source is located
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
               sourceOverrides:
@@ -575,15 +583,14 @@ spec:
                   type: object
                 type: array
               suspend:
-                description: This flag tells the controller to suspend subsequent
-                  kluctl executions, it does not apply to already started executions.
-                  Defaults to false.
+                description: |-
+                  This flag tells the controller to suspend subsequent kluctl executions,
+                  it does not apply to already started executions. Defaults to false.
                 type: boolean
               target:
-                description: Target specifies the kluctl target to deploy. If not
-                  specified, an empty target is used that has no name and no context.
-                  Use 'TargetName' and 'Context' to specify the name and context in
-                  that case.
+                description: |-
+                  Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
+                  context. Use 'TargetName' and 'Context' to specify the name and context in that case.
                 maxLength: 63
                 minLength: 1
                 type: string
@@ -594,7 +601,9 @@ spec:
                 minLength: 1
                 type: string
               timeout:
-                description: Timeout for all operations. Defaults to 'Interval' duration.
+                description: |-
+                  Timeout for all operations.
+                  Defaults to 'Interval' duration.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               validate:
@@ -602,11 +611,11 @@ spec:
                 description: Validate enables validation after deploying
                 type: boolean
               validateInterval:
-                description: ValidateInterval specifies the interval at which to validate
-                  the KluctlDeployment. Validation is performed the same way as with
-                  'kluctl validate -t <target>'. Defaults to the same value as specified
-                  in Interval. Validate is also performed whenever a deployment is
-                  performed, independent of the value of ValidateInterval
+                description: |-
+                  ValidateInterval specifies the interval at which to validate the KluctlDeployment.
+                  Validation is performed the same way as with 'kluctl validate -t <target>'.
+                  Defaults to the same value as specified in Interval.
+                  Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval
                 pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
             required:
@@ -619,42 +628,42 @@ spec:
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n type FooStatus struct{ // Represents the observations of a
-                    foo's current state. // Known .status.conditions.type are: \"Available\",
-                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
-                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
                   properties:
                     lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
                       maxLength: 32768
                       type: string
                     observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
                       format: int64
                       minimum: 0
                       type: integer
                     reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
                         This field may not be empty.
                       maxLength: 1024
                       minLength: 1
@@ -668,11 +677,12 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -757,13 +767,15 @@ spec:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionResult:
-                description: LastDriftDetectionResult is the result of the last drift
-                  detection command optional
+                description: |-
+                  LastDriftDetectionResult is the result of the last drift detection command
+                  optional
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionResultMessage:
-                description: LastDriftDetectionResultMessage contains a short message
-                  that describes the drift optional
+                description: |-
+                  LastDriftDetectionResultMessage contains a short message that describes the drift
+                  optional
                 type: string
               lastManualObjectsHash:
                 type: string
diff --git a/install/controller/controller/crd.yaml b/install/controller/controller/crd.yaml
index 2adcc483f..d302ab18e 100644
--- a/install/controller/controller/crd.yaml
+++ b/install/controller/controller/crd.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: kluctldeployments.gitops.kluctl.io
 spec:
   group: gitops.kluctl.io
@@ -42,14 +42,19 @@ spec:
         description: KluctlDeployment is the Schema for the kluctldeployments API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -57,18 +62,18 @@ spec:
             properties:
               abortOnError:
                 default: false
-                description: ForceReplaceOnError instructs kluctl to abort deployments
-                  immediately when something fails. Equivalent to using '--abort-on-error'
-                  when calling kluctl.
+                description: |-
+                  ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails.
+                  Equivalent to using '--abort-on-error' when calling kluctl.
                 type: boolean
               args:
                 description: Args specifies dynamic target args.
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               context:
-                description: If specified, overrides the context to be used. This
-                  will effectively make kluctl ignore the context specified in the
-                  target.
+                description: |-
+                  If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified
+                  in the target.
                 type: string
               credentials:
                 description: Credentials specifies the credentials used when pulling
@@ -79,23 +84,23 @@ spec:
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this secret
-                            applies to. If set to '*', this set of credentials applies
-                            to all hosts. Using '*' for http(s) based repositories
-                            is not supported, meaning that such credentials sets will
-                            be ignored. You must always set a proper hostname in that
-                            case.
+                          description: |-
+                            Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
+                            applies to all hosts.
+                            Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+                            You must always set a proper hostname in that case.
                           type: string
                         path:
-                          description: Path specifies the path to be used to filter
-                            Git repositories. The path can contain wildcards. These
-                            credentials will only be used for matching Git URLs. If
-                            omitted, all repositories are considered to match.
+                          description: |-
+                            Path specifies the path to be used to filter Git repositories. The path can contain wildcards. These credentials
+                            will only be used for matching Git URLs. If omitted, all repositories are considered to match.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS git repositories
-                            the Secret must contain 'username' and 'password' fields.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the git repository.
+                            For HTTPS git repositories the Secret must contain 'username' and 'password'
+                            fields.
                             For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
@@ -118,22 +123,20 @@ spec:
                             applies to.
                           type: string
                         path:
-                          description: Path specifies the path to be used to filter
-                            Helm urls. The path can contain wildcards. These credentials
-                            will only be used for matching URLs. If omitted, all URLs
-                            are considered to match.
+                          description: |-
+                            Path specifies the path to be used to filter Helm urls. The path can contain wildcards. These credentials
+                            will only be used for matching URLs. If omitted, all URLs are considered to match.
                           type: string
                         secretRef:
-                          description: 'SecretRef specifies the Secret containing
-                            authentication credentials for the Helm repository. The
-                            secret can either container basic authentication credentials
-                            via `username` and `password` or TLS authentication via
-                            `certFile` and `keyFile`. `caFile` can be specified to
-                            override the CA to use while contacting the repository.
-                            The secret can also contain `insecureSkipTlsVerify: "true"`,
-                            which will disable TLS verification. `passCredentialsAll:
-                            "true"` can be specified to make the controller pass credentials
-                            to all requests, even if the hostname changes in-between.'
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the Helm repository.
+                            The secret can either container basic authentication credentials via `username` and `password` or
+                            TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+                            contacting the repository.
+                            The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+                            `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+                            the hostname changes in-between.
                           properties:
                             name:
                               description: Name of the referent.
@@ -155,15 +158,15 @@ spec:
                             applies to.
                           type: string
                         repository:
-                          description: Repository specifies the org and repo name
-                            in the format 'org-name/repo-name'. Both 'org-name' and
-                            'repo-name' can be specified as '*', meaning that all
-                            names are matched.
+                          description: |-
+                            Repository specifies the org and repo name in the format 'org-name/repo-name'.
+                            Both 'org-name' and 'repo-name' can be specified as '*', meaning that all names are matched.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the oci repository. The secret must contain
-                            'username' and 'password'.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the oci repository.
+                            The secret must contain 'username' and 'password'.
                           properties:
                             name:
                               description: Name of the referent.
@@ -196,11 +199,10 @@ spec:
                     - name
                     type: object
                   serviceAccount:
-                    description: ServiceAccount specifies the service account used
-                      to authenticate against cloud providers. This is currently only
-                      usable for AWS KMS keys. The specified service account will
-                      be used to authenticate to AWS by signing a token in an IRSA
-                      compliant way.
+                    description: |-
+                      ServiceAccount specifies the service account used to authenticate against cloud providers.
+                      This is currently only usable for AWS KMS keys. The specified service account will be used to authenticate to AWS
+                      by signing a token in an IRSA compliant way.
                     type: string
                 required:
                 - provider
@@ -211,72 +213,72 @@ spec:
                   the KluctlDeployment object gets deleted.
                 type: boolean
               deployInterval:
-                description: DeployInterval specifies the interval at which to deploy
-                  the KluctlDeployment, even in cases the rendered result does not
-                  change.
+                description: |-
+                  DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered
+                  result does not change.
                 pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
               deployMode:
                 default: full-deploy
-                description: DeployMode specifies what deploy mode should be used.
-                  The options 'full-deploy' and 'poke-images' are supported. With
-                  the 'poke-images' option, only images are patched into the target
-                  without performing a full deployment.
+                description: |-
+                  DeployMode specifies what deploy mode should be used.
+                  The options 'full-deploy' and 'poke-images' are supported.
+                  With the 'poke-images' option, only images are patched into the target without performing a full deployment.
                 enum:
                 - full-deploy
                 - poke-images
                 type: string
               dryRun:
                 default: false
-                description: DryRun instructs kluctl to run everything in dry-run
-                  mode. Equivalent to using '--dry-run' when calling kluctl.
+                description: |-
+                  DryRun instructs kluctl to run everything in dry-run mode.
+                  Equivalent to using '--dry-run' when calling kluctl.
                 type: boolean
               excludeDeploymentDirs:
-                description: ExcludeDeploymentDirs instructs kluctl to exclude deployments
-                  with the given dir. Equivalent to using '--exclude-deployment-dir'
-                  when calling kluctl.
+                description: |-
+                  ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir.
+                  Equivalent to using '--exclude-deployment-dir' when calling kluctl.
                 items:
                   type: string
                 type: array
               excludeTags:
-                description: ExcludeTags instructs kluctl to exclude deployments with
-                  given tags. Equivalent to using '--exclude-tag' when calling kluctl.
+                description: |-
+                  ExcludeTags instructs kluctl to exclude deployments with given tags.
+                  Equivalent to using '--exclude-tag' when calling kluctl.
                 items:
                   type: string
                 type: array
               forceApply:
                 default: false
-                description: ForceApply instructs kluctl to force-apply in case of
-                  SSA conflicts. Equivalent to using '--force-apply' when calling
-                  kluctl.
+                description: |-
+                  ForceApply instructs kluctl to force-apply in case of SSA conflicts.
+                  Equivalent to using '--force-apply' when calling kluctl.
                 type: boolean
               forceReplaceOnError:
                 default: false
-                description: ForceReplaceOnError instructs kluctl to force-replace
-                  resources in case a normal replace fails. Equivalent to using '--force-replace-on-error'
-                  when calling kluctl.
+                description: |-
+                  ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails.
+                  Equivalent to using '--force-replace-on-error' when calling kluctl.
                 type: boolean
               helmCredentials:
-                description: HelmCredentials is a list of Helm credentials used when
-                  non pre-pulled Helm Charts are used inside a Kluctl deployment.
-                  DEPRECATED this field is deprecated and will be removed in the next
-                  API version bump. Use spec.credentials.helm instead.
+                description: |-
+                  HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a
+                  Kluctl deployment.
+                  DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.
                 items:
                   properties:
                     secretRef:
-                      description: 'SecretRef holds the name of a secret that contains
-                        the Helm credentials. The secret must either contain the fields
-                        `credentialsId` which refers to the credentialsId found in
-                        https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories
-                        or an `url` used to match the credentials found in Kluctl
-                        projects helm-chart.yaml files. The secret can either container
-                        basic authentication credentials via `username` and `password`
-                        or TLS authentication via `certFile` and `keyFile`. `caFile`
-                        can be specified to override the CA to use while contacting
-                        the repository. The secret can also contain `insecureSkipTlsVerify:
-                        "true"`, which will disable TLS verification. `passCredentialsAll:
-                        "true"` can be specified to make the controller pass credentials
-                        to all requests, even if the hostname changes in-between.'
+                      description: |-
+                        SecretRef holds the name of a secret that contains the Helm credentials.
+                        The secret must either contain the fields `credentialsId` which refers to the credentialsId
+                        found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories or an `url` used
+                        to match the credentials found in Kluctl projects helm-chart.yaml files.
+                        The secret can either container basic authentication credentials via `username` and `password` or
+                        TLS authentication via `certFile` and `keyFile`. `caFile` can be specified to override the CA to use while
+                        contacting the repository.
+                        The secret can also contain `insecureSkipTlsVerify: "true"`, which will disable TLS verification.
+                        `passCredentialsAll: "true"` can be specified to make the controller pass credentials to all requests, even if
+                        the hostname changes in-between.
                       properties:
                         name:
                           description: Name of the referent.
@@ -287,8 +289,9 @@ spec:
                   type: object
                 type: array
               images:
-                description: Images contains a list of fixed image overrides. Equivalent
-                  to using '--fixed-images-file' when calling kluctl.
+                description: |-
+                  Images contains a list of fixed image overrides.
+                  Equivalent to using '--fixed-images-file' when calling kluctl.
                 items:
                   properties:
                     container:
@@ -332,41 +335,44 @@ spec:
                   type: object
                 type: array
               includeDeploymentDirs:
-                description: IncludeDeploymentDirs instructs kluctl to only include
-                  deployments with the given dir. Equivalent to using '--include-deployment-dir'
-                  when calling kluctl.
+                description: |-
+                  IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir.
+                  Equivalent to using '--include-deployment-dir' when calling kluctl.
                 items:
                   type: string
                 type: array
               includeTags:
-                description: IncludeTags instructs kluctl to only include deployments
-                  with given tags. Equivalent to using '--include-tag' when calling
-                  kluctl.
+                description: |-
+                  IncludeTags instructs kluctl to only include deployments with given tags.
+                  Equivalent to using '--include-tag' when calling kluctl.
                 items:
                   type: string
                 type: array
               interval:
-                description: The interval at which to reconcile the KluctlDeployment.
-                  Reconciliation means that the deployment is fully rendered and only
-                  deployed when the result changes compared to the last deployment.
+                description: |-
+                  The interval at which to reconcile the KluctlDeployment.
+                  Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared
+                  to the last deployment.
                   To override this behavior, set the DeployInterval value.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               kubeConfig:
-                description: The KubeConfig for deploying to the target cluster. Specifies
-                  the kubeconfig to be used when invoking kluctl. Contexts in this
-                  kubeconfig must match the context found in the kluctl target. As
-                  an alternative, specify the context to be used via 'context'
+                description: |-
+                  The KubeConfig for deploying to the target cluster.
+                  Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match
+                  the context found in the kluctl target. As an alternative, specify the context to be used via 'context'
                 properties:
                   secretRef:
-                    description: SecretRef holds the name of a secret that contains
-                      a key with the kubeconfig file as the value. If no key is set,
-                      the key will default to 'value'. The secret must be in the same
-                      namespace as the Kustomization. It is recommended that the kubeconfig
-                      is self-contained, and the secret is regularly updated if credentials
-                      such as a cloud-access-token expire. Cloud specific `cmd-path`
-                      auth helpers will not function without adding binaries and credentials
-                      to the Pod that is responsible for reconciling the KluctlDeployment.
+                    description: |-
+                      SecretRef holds the name of a secret that contains a key with
+                      the kubeconfig file as the value. If no key is set, the key will default
+                      to 'value'. The secret must be in the same namespace as
+                      the Kustomization.
+                      It is recommended that the kubeconfig is self-contained, and the secret
+                      is regularly updated if credentials such as a cloud-access-token expire.
+                      Cloud specific `cmd-path` auth helpers will not function without adding
+                      binaries and credentials to the Pod that is responsible for reconciling
+                      the KluctlDeployment.
                     properties:
                       key:
                         description: Key in the Secret, when not specified an implementation-specific
@@ -380,24 +386,24 @@ spec:
                     type: object
                 type: object
               manual:
-                description: Manual enables manual deployments, meaning that the deployment
-                  will initially start as a dry run deployment and only after manual
-                  approval cause a real deployment
+                description: |-
+                  Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment
+                  and only after manual approval cause a real deployment
                 type: boolean
               manualObjectsHash:
-                description: ManualObjectsHash specifies the rendered objects hash
-                  that is approved for manual deployment. If Manual is set to true,
-                  the controller will skip deployments when the current reconciliation
-                  loops calculated objects hash does not match this value. There are
-                  two ways to use this value properly. 1. Set it manually to the value
-                  found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually
-                  approve a deployment, which will set this field appropriately.
+                description: |-
+                  ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment.
+                  If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated
+                  objects hash does not match this value.
+                  There are two ways to use this value properly.
+                  1. Set it manually to the value found in status.lastObjectsHash.
+                  2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.
                 type: string
               noWait:
                 default: false
-                description: NoWait instructs kluctl to not wait for any resources
-                  to become ready, including hooks. Equivalent to using '--no-wait'
-                  when calling kluctl.
+                description: |-
+                  NoWait instructs kluctl to not wait for any resources to become ready, including hooks.
+                  Equivalent to using '--no-wait' when calling kluctl.
                 type: boolean
               prune:
                 default: false
@@ -405,46 +411,49 @@ spec:
                 type: boolean
               replaceOnError:
                 default: false
-                description: ReplaceOnError instructs kluctl to replace resources
-                  on error. Equivalent to using '--replace-on-error' when calling
-                  kluctl.
+                description: |-
+                  ReplaceOnError instructs kluctl to replace resources on error.
+                  Equivalent to using '--replace-on-error' when calling kluctl.
                 type: boolean
               retryInterval:
-                description: The interval at which to retry a previously failed reconciliation.
-                  When not specified, the controller uses the Interval value to retry
-                  failures.
+                description: |-
+                  The interval at which to retry a previously failed reconciliation.
+                  When not specified, the controller uses the Interval
+                  value to retry failures.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               serviceAccountName:
-                description: The name of the Kubernetes service account to use while
-                  deploying. If not specified, the default service account is used.
+                description: |-
+                  The name of the Kubernetes service account to use while deploying.
+                  If not specified, the default service account is used.
                 type: string
               source:
                 description: Specifies the project source location
                 properties:
                   credentials:
-                    description: Credentials specifies a list of secrets with credentials
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.credentials.git instead.
+                    description: |-
+                      Credentials specifies a list of secrets with credentials
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.
                     items:
                       properties:
                         host:
-                          description: Host specifies the hostname that this secret
-                            applies to. If set to '*', this set of credentials applies
-                            to all hosts. Using '*' for http(s) based repositories
-                            is not supported, meaning that such credentials sets will
-                            be ignored. You must always set a proper hostname in that
-                            case.
+                          description: |-
+                            Host specifies the hostname that this secret applies to. If set to '*', this set of credentials
+                            applies to all hosts.
+                            Using '*' for http(s) based repositories is not supported, meaning that such credentials sets will be ignored.
+                            You must always set a proper hostname in that case.
                           type: string
                         pathPrefix:
-                          description: PathPrefix specifies the path prefix to be
-                            used to filter source urls. Only urls that have this prefix
-                            will use this set of credentials.
+                          description: |-
+                            PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use
+                            this set of credentials.
                           type: string
                         secretRef:
-                          description: SecretRef specifies the Secret containing authentication
-                            credentials for the git repository. For HTTPS git repositories
-                            the Secret must contain 'username' and 'password' fields.
+                          description: |-
+                            SecretRef specifies the Secret containing authentication credentials for
+                            the git repository.
+                            For HTTPS git repositories the Secret must contain 'username' and 'password'
+                            fields.
                             For SSH git repositories the Secret must contain 'identity'
                             and 'known_hosts' fields.
                           properties:
@@ -481,8 +490,8 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: URL specifies the Git url where the project source
-                          is located. If the given Git repository needs authentication,
+                        description: |-
+                          URL specifies the Git url where the project source is located. If the given Git repository needs authentication,
                           use spec.credentials.git to specify those.
                         type: string
                     required:
@@ -500,9 +509,9 @@ spec:
                           the "latest" tag is used.
                         properties:
                           digest:
-                            description: Digest is the image digest to pull, takes
-                              precedence over SemVer. The value should be in the format
-                              'sha256:<HASH>'.
+                            description: |-
+                              Digest is the image digest to pull, takes precedence over SemVer.
+                              The value should be in the format 'sha256:<HASH>'.
                             type: string
                           tag:
                             description: Tag is the image tag to pull, defaults to
@@ -510,23 +519,22 @@ spec:
                             type: string
                         type: object
                       url:
-                        description: Url specifies the Git url where the project source
-                          is located. If the given OCI repository needs authentication,
+                        description: |-
+                          Url specifies the Git url where the project source is located. If the given OCI repository needs authentication,
                           use spec.credentials.oci to specify those.
                         type: string
                     required:
                     - url
                     type: object
                   path:
-                    description: Path specifies the sub-directory to be used as project
-                      directory DEPRECATED this field is deprecated and will be removed
-                      in the next API version bump. Use spec.git.path instead.
+                    description: |-
+                      Path specifies the sub-directory to be used as project directory
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.
                     type: string
                   ref:
-                    description: Ref specifies the branch, tag or commit that should
-                      be used. If omitted, the default branch of the repo is used.
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.git.ref instead.
+                    description: |-
+                      Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.
                     properties:
                       branch:
                         description: Branch to use.
@@ -539,13 +547,13 @@ spec:
                         type: string
                     type: object
                   secretRef:
-                    description: SecretRef specifies the Secret containing authentication
-                      credentials for See ProjectSourceCredentials.SecretRef for details
-                      DEPRECATED this field is deprecated and will be removed in the
-                      next API version bump. Use spec.credentials.git instead. WARNING
-                      using this field causes the controller to pass http basic auth
-                      credentials to ALL repositories involved. Use spec.credentials.git
-                      with a proper Host field instead.
+                    description: |-
+                      SecretRef specifies the Secret containing authentication credentials for
+                      See ProjectSourceCredentials.SecretRef for details
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git
+                      instead.
+                      WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved.
+                      Use spec.credentials.git with a proper Host field instead.
                     properties:
                       name:
                         description: Name of the referent.
@@ -554,9 +562,9 @@ spec:
                     - name
                     type: object
                   url:
-                    description: Url specifies the Git url where the project source
-                      is located DEPRECATED this field is deprecated and will be removed
-                      in the next API version bump. Use spec.git.url instead.
+                    description: |-
+                      Url specifies the Git url where the project source is located
+                      DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.
                     type: string
                 type: object
               sourceOverrides:
@@ -575,15 +583,14 @@ spec:
                   type: object
                 type: array
               suspend:
-                description: This flag tells the controller to suspend subsequent
-                  kluctl executions, it does not apply to already started executions.
-                  Defaults to false.
+                description: |-
+                  This flag tells the controller to suspend subsequent kluctl executions,
+                  it does not apply to already started executions. Defaults to false.
                 type: boolean
               target:
-                description: Target specifies the kluctl target to deploy. If not
-                  specified, an empty target is used that has no name and no context.
-                  Use 'TargetName' and 'Context' to specify the name and context in
-                  that case.
+                description: |-
+                  Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no
+                  context. Use 'TargetName' and 'Context' to specify the name and context in that case.
                 maxLength: 63
                 minLength: 1
                 type: string
@@ -594,7 +601,9 @@ spec:
                 minLength: 1
                 type: string
               timeout:
-                description: Timeout for all operations. Defaults to 'Interval' duration.
+                description: |-
+                  Timeout for all operations.
+                  Defaults to 'Interval' duration.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
               validate:
@@ -602,11 +611,11 @@ spec:
                 description: Validate enables validation after deploying
                 type: boolean
               validateInterval:
-                description: ValidateInterval specifies the interval at which to validate
-                  the KluctlDeployment. Validation is performed the same way as with
-                  'kluctl validate -t <target>'. Defaults to the same value as specified
-                  in Interval. Validate is also performed whenever a deployment is
-                  performed, independent of the value of ValidateInterval
+                description: |-
+                  ValidateInterval specifies the interval at which to validate the KluctlDeployment.
+                  Validation is performed the same way as with 'kluctl validate -t <target>'.
+                  Defaults to the same value as specified in Interval.
+                  Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval
                 pattern: ^(([0-9]+(\.[0-9]+)?(ms|s|m|h))+)
                 type: string
             required:
@@ -619,42 +628,42 @@ spec:
               conditions:
                 items:
                   description: "Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
-                    use as an array at the field path .status.conditions.  For example,
-                    \n type FooStatus struct{ // Represents the observations of a
-                    foo's current state. // Known .status.conditions.type are: \"Available\",
-                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
-                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
                   properties:
                     lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
-                        transitioned from one status to another. This should be when
-                        the underlying condition changed.  If that is not known, then
-                        using the time when the API field changed is acceptable.
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating
-                        details about the transition. This may be an empty string.
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
                       maxLength: 32768
                       type: string
                     observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
-                        that the condition was set based upon. For instance, if .metadata.generation
-                        is currently 12, but the .status.conditions[x].observedGeneration
-                        is 9, the condition is out of date with respect to the current
-                        state of the instance.
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
                       format: int64
                       minimum: 0
                       type: integer
                     reason:
-                      description: reason contains a programmatic identifier indicating
-                        the reason for the condition's last transition. Producers
-                        of specific condition types may define expected values and
-                        meanings for this field, and whether the values are considered
-                        a guaranteed API. The value should be a CamelCase string.
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
                         This field may not be empty.
                       maxLength: 1024
                       minLength: 1
@@ -668,11 +677,12 @@ spec:
                       - Unknown
                       type: string
                     type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -757,13 +767,15 @@ spec:
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionResult:
-                description: LastDriftDetectionResult is the result of the last drift
-                  detection command optional
+                description: |-
+                  LastDriftDetectionResult is the result of the last drift detection command
+                  optional
                 type: object
                 x-kubernetes-preserve-unknown-fields: true
               lastDriftDetectionResultMessage:
-                description: LastDriftDetectionResultMessage contains a short message
-                  that describes the drift optional
+                description: |-
+                  LastDriftDetectionResultMessage contains a short message that describes the drift
+                  optional
                 type: string
               lastManualObjectsHash:
                 type: string

From 88fc3e33ce40df1d1bb10bd7cbdc35bec8a86a7b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Mar 2024 09:07:42 +0100
Subject: [PATCH 1990/2268] feat: Allow to pass --kubeconfig to "kluctl
 controller install"

---
 cmd/kluctl/commands/cmd_controller_install.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
index c8e7120af..c9d748a05 100644
--- a/cmd/kluctl/commands/cmd_controller_install.go
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -10,6 +10,7 @@ import (
 )
 
 type controllerInstallCmd struct {
+	args.KubeconfigFlags
 	args.YesFlags
 	args.DryRunFlags
 	args.CommandResultFlags
@@ -40,6 +41,7 @@ func (cmd *controllerInstallCmd) Run(ctx context.Context) error {
 			},
 			Timeout: 10 * time.Minute,
 		},
+		KubeconfigFlags: cmd.KubeconfigFlags,
 		TargetFlags: args.TargetFlags{
 			Context: cmd.Context,
 		},

From 4c4ea4e0fcca6a2ed0ba4154413423c1eae647ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Mar 2024 11:33:11 +0100
Subject: [PATCH 1991/2268] feat: Allow to pass discriminator via CLI flags

---
 cmd/kluctl/commands/cmd_deploy.go                   | 3 +++
 cmd/kluctl/commands/cmd_diff.go                     | 3 +++
 cmd/kluctl/commands/cmd_prune.go                    | 3 +++
 cmd/kluctl/commands/utils.go                        | 3 +++
 docs/kluctl/commands/deploy.md                      | 1 +
 docs/kluctl/commands/diff.md                        | 1 +
 docs/kluctl/commands/prune.md                       | 1 +
 pkg/kluctl_project/target-context/target_context.go | 5 +++++
 8 files changed, 20 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index cffc96142..2ea8ea23d 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -31,6 +31,8 @@ type deployCmd struct {
 
 	DeployExtraFlags
 
+	Discriminator string `group:"misc" help:"Override the target discriminator."`
+
 	internal bool
 }
 
@@ -60,6 +62,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
 		internalDeploy:       cmd.internal,
+		discriminator:        cmd.Discriminator,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		return cmd.runCmdDeploy(cmdCtx)
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 57fcb6003..62f7452a3 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -21,6 +21,8 @@ type diffCmd struct {
 	args.IgnoreFlags
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
+
+	Discriminator string `group:"misc" help:"Override the target discriminator."`
 }
 
 func (cmd *diffCmd) Help() string {
@@ -41,6 +43,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
+		discriminator:        cmd.Discriminator,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewDiffCommand(cmdCtx.targetCtx)
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 154dea637..e165d7cf1 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -22,6 +22,8 @@ type pruneCmd struct {
 	args.OutputFormatFlags
 	args.RenderOutputDirFlags
 	args.CommandResultFlags
+
+	Discriminator string `group:"misc" help:"Override the target discriminator."`
 }
 
 func (cmd *pruneCmd) Help() string {
@@ -45,6 +47,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		dryRunArgs:           &cmd.DryRunFlags,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
 		commandResultFlags:   &cmd.CommandResultFlags,
+		discriminator:        cmd.Discriminator,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		return cmd.runCmdPrune(cmdCtx)
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 194180c49..3b68f9377 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -128,6 +128,8 @@ type projectTargetCommandArgs struct {
 	renderOutputDirFlags args.RenderOutputDirFlags
 	commandResultFlags   *args.CommandResultFlags
 
+	discriminator string
+
 	internalDeploy    bool
 	forSeal           bool
 	forCompletion     bool
@@ -186,6 +188,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		TargetName:         args.targetFlags.Target,
 		TargetNameOverride: args.targetFlags.TargetNameOverride,
 		ContextOverride:    args.targetFlags.Context,
+		Discriminator:      args.discriminator,
 		OfflineK8s:         args.offlineKubernetes,
 		K8sVersion:         args.kubernetesVersion,
 		DryRun:             args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
diff --git a/docs/kluctl/commands/deploy.md b/docs/kluctl/commands/deploy.md
index f88bb0ab2..07073b5e4 100644
--- a/docs/kluctl/commands/deploy.md
+++ b/docs/kluctl/commands/deploy.md
@@ -36,6 +36,7 @@ Misc arguments:
   Command specific arguments.
 
       --abort-on-error               Abort deploying when an error occurs instead of trying the remaining deployments
+      --discriminator string         Override the target discriminator.
       --dry-run                      Performs all kubernetes API calls in dry-run mode.
       --force-apply                  Force conflict resolution when applying. See documentation for details
       --force-replace-on-error       Same as --replace-on-error, but also try to delete and re-create objects. See
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 828ca684d..26be0b310 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -35,6 +35,7 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --discriminator string        Override the target discriminator.
       --force-apply                 Force conflict resolution when applying. See documentation for details
       --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
                                     documentation for more details.
diff --git a/docs/kluctl/commands/prune.md b/docs/kluctl/commands/prune.md
index 3fd5d047e..5c3c82305 100644
--- a/docs/kluctl/commands/prune.md
+++ b/docs/kluctl/commands/prune.md
@@ -31,6 +31,7 @@ In addition, the following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --discriminator string        Override the target discriminator.
       --dry-run                     Performs all kubernetes API calls in dry-run mode.
       --no-obfuscate                Disable obfuscation of sensitive/secret data
   -o, --output-format stringArray   Specify output format and target file, in the format 'format=path'. Format can
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index 6e3b26f3d..7afa7524c 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -34,6 +34,7 @@ type TargetContextParams struct {
 	TargetName         string
 	TargetNameOverride string
 	ContextOverride    string
+	Discriminator      string
 	OfflineK8s         bool
 	K8sVersion         string
 	DryRun             bool
@@ -76,6 +77,10 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 	if params.TargetNameOverride != "" {
 		target.Name = params.TargetNameOverride
 	}
+	if params.Discriminator != "" {
+		target.Discriminator = params.Discriminator
+		needRender = true
+	}
 
 	params.Images.PrependFixedImages(target.Images)
 

From d0e505baf16268d0815a05360fb056830e10b18f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Mar 2024 11:34:24 +0100
Subject: [PATCH 1992/2268] fix: Pass discriminator to deployment when using
 controller install

---
 cmd/kluctl/commands/cmd_controller_install.go |  1 +
 e2e/controller_install_test.go                | 32 +++++++++++++++++++
 e2e/crds_test.go                              | 20 +++---------
 e2e/utils.go                                  | 12 +++++++
 4 files changed, 49 insertions(+), 16 deletions(-)
 create mode 100644 e2e/controller_install_test.go

diff --git a/cmd/kluctl/commands/cmd_controller_install.go b/cmd/kluctl/commands/cmd_controller_install.go
index c9d748a05..947bf59c7 100644
--- a/cmd/kluctl/commands/cmd_controller_install.go
+++ b/cmd/kluctl/commands/cmd_controller_install.go
@@ -51,6 +51,7 @@ func (cmd *controllerInstallCmd) Run(ctx context.Context) error {
 		YesFlags:           cmd.YesFlags,
 		DryRunFlags:        cmd.DryRunFlags,
 		CommandResultFlags: cmd.CommandResultFlags,
+		Discriminator:      "kluctl.io-controller",
 		internal:           true,
 	}
 	return cmd2.Run(ctx)
diff --git a/e2e/controller_install_test.go b/e2e/controller_install_test.go
new file mode 100644
index 000000000..81a187213
--- /dev/null
+++ b/e2e/controller_install_test.go
@@ -0,0 +1,32 @@
+package e2e
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"testing"
+)
+
+func TestControllerInstall(t *testing.T) {
+	k := createTestCluster(t, "cluster1")
+	kubeconfig := getKubeconfigTmpFile(t, k.Kubeconfig)
+
+	_, _, err := test_project.KluctlExecute(t, context.TODO(), func(args ...any) {
+		t.Log(args...)
+	}, "controller", "install", "--yes", "--kubeconfig", kubeconfig)
+	assert.NoError(t, err)
+
+	x := assertObjectExists(t, k, schema.GroupVersionResource{
+		Group:    "apps",
+		Version:  "v1",
+		Resource: "deployments",
+	}, "kluctl-system", "kluctl-controller")
+	assertNestedFieldEquals(t, x, "kluctl.io-controller", "metadata", "labels", "kluctl.io/discriminator")
+
+	stdout, _, err := test_project.KluctlExecute(t, context.TODO(), func(args ...any) {
+		t.Log(args...)
+	}, "controller", "install", "--yes", "--kubeconfig", kubeconfig, "--kluctl-version", "v2.99999")
+	assert.NoError(t, err)
+	assert.Contains(t, stdout, "v2.99999")
+}
diff --git a/e2e/crds_test.go b/e2e/crds_test.go
index b651faa3e..a329a1aee 100644
--- a/e2e/crds_test.go
+++ b/e2e/crds_test.go
@@ -26,18 +26,6 @@ spec:
 `, name, namespace)
 }
 
-func createCRDTestCluster(t *testing.T) *test_utils.EnvTestCluster {
-	k := test_utils.CreateEnvTestCluster("cluster1")
-	err := k.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-	t.Cleanup(func() {
-		k.Stop()
-	})
-	return k
-}
-
 func prepareCRDsTest(t *testing.T, k *test_utils.EnvTestCluster, crds bool, barrier bool) *test_project.TestProject {
 	p := test_project.NewTestProject(t)
 	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, k.Kubeconfig))
@@ -67,7 +55,7 @@ func prepareCRDsTest(t *testing.T, k *test_utils.EnvTestCluster, crds bool, barr
 func TestDeployCRDUnordered(t *testing.T) {
 	t.Parallel()
 
-	k := createCRDTestCluster(t)
+	k := createTestCluster(t, "cluster1")
 	p := prepareCRDsTest(t, k, true, false)
 
 	for i := 0; i < 100; i++ {
@@ -85,7 +73,7 @@ func TestDeployCRDUnordered(t *testing.T) {
 func TestDiffCRDSimulated(t *testing.T) {
 	t.Parallel()
 
-	k := createCRDTestCluster(t)
+	k := createTestCluster(t, "cluster1")
 
 	p := prepareCRDsTest(t, k, true, true)
 
@@ -96,7 +84,7 @@ func TestDiffCRDSimulated(t *testing.T) {
 func TestDeployCRDBarrier(t *testing.T) {
 	t.Parallel()
 
-	k := createCRDTestCluster(t)
+	k := createTestCluster(t, "cluster1")
 
 	p := prepareCRDsTest(t, k, true, true)
 
@@ -106,7 +94,7 @@ func TestDeployCRDBarrier(t *testing.T) {
 func TestDeployCRDByController(t *testing.T) {
 	t.Parallel()
 
-	k := createCRDTestCluster(t)
+	k := createTestCluster(t, "cluster1")
 
 	p := prepareCRDsTest(t, k, false, true)
 	p.UpdateDeploymentItems(".", func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
diff --git a/e2e/utils.go b/e2e/utils.go
index 3a6056dfd..b6b9d92d0 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -17,6 +17,18 @@ import (
 	"time"
 )
 
+func createTestCluster(t *testing.T, context string) *test_utils.EnvTestCluster {
+	k := test_utils.CreateEnvTestCluster(context)
+	err := k.Start()
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() {
+		k.Stop()
+	})
+	return k
+}
+
 func createNamespace(t *testing.T, k *test_utils.EnvTestCluster, namespace string) {
 	r := k.DynamicClient.Resource(v1.SchemeGroupVersion.WithResource("namespaces"))
 	if _, err := r.Get(context.Background(), namespace, metav1.GetOptions{}); err == nil {

From f41269968481db988cfdedeab2cb03c239c3e07d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 5 Mar 2024 11:34:40 +0100
Subject: [PATCH 1993/2268] tests: Add discriminator tests

---
 e2e/discriminator_test.go | 108 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 e2e/discriminator_test.go

diff --git a/e2e/discriminator_test.go b/e2e/discriminator_test.go
new file mode 100644
index 000000000..5a098c989
--- /dev/null
+++ b/e2e/discriminator_test.go
@@ -0,0 +1,108 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"testing"
+)
+
+func TestDiscriminator(t *testing.T) {
+	t.Parallel()
+
+	p := test_project.NewTestProject(t)
+	k := defaultCluster1
+
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.TestSlug()})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField("from-kluctl-yaml-{{ args.a }}", "discriminator")
+		return nil
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-a", "a=x")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "from-kluctl-yaml-x", "metadata", "labels", "kluctl.io/discriminator")
+
+	// add a target without a discriminator
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "a=x")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "from-kluctl-yaml-x", "metadata", "labels", "kluctl.io/discriminator")
+
+	// modify target to contain a discriminator
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField("from-target-{{ target.name }}", "discriminator")
+	})
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "a=x")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "from-target-test", "metadata", "labels", "kluctl.io/discriminator")
+}
+
+func TestDiscriminatorArgWithoutTarget(t *testing.T) {
+	t.Parallel()
+
+	p := test_project.NewTestProject(t)
+	k := defaultCluster1
+
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.TestSlug()})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.TestSlug()})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.KluctlMust(t, "deploy", "--yes", "--discriminator", "test-discriminator")
+
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.KluctlMust(t, "deploy", "--yes", "--discriminator", "test-discriminator-{{ args.a }}", "-a", "a=x")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "test-discriminator-x", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.DeleteKustomizeDeployment("cm2")
+	p.KluctlMust(t, "prune", "--yes", "--discriminator", "test-discriminator-x")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+}
+
+func TestDiscriminatorArgWithTarget(t *testing.T) {
+	t.Parallel()
+
+	p := test_project.NewTestProject(t)
+	k := defaultCluster1
+
+	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {
+		_ = target.SetNestedField("from-target-{{ target.name }}", "discriminator")
+	})
+
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{name: "cm1", namespace: p.TestSlug()})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{name: "cm2", namespace: p.TestSlug()})
+
+	createNamespace(t, k, p.TestSlug())
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	cm := assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "from-target-test", "metadata", "labels", "kluctl.io/discriminator")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertNestedFieldEquals(t, cm, "from-target-test", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--discriminator", "test-discriminator")
+
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--discriminator", "test-discriminator-{{ target.name }}-{{ args.a }}", "-a", "a=x")
+	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertNestedFieldEquals(t, cm, "test-discriminator-test-x", "metadata", "labels", "kluctl.io/discriminator")
+
+	p.DeleteKustomizeDeployment("cm3")
+	p.KluctlMust(t, "prune", "--yes", "-t", "test", "--discriminator", "test-discriminator-test-x")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
+}

From 2d75a22b71f5d3dafa3fe5d5290e172fb55dd068 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 11 Mar 2024 14:10:38 +0100
Subject: [PATCH 1994/2268] fix: Panic when deadline is exceeded too much while
 fetching from git (#1009)

---
 go.mod                   |  2 +-
 pkg/git/mirrored_repo.go | 17 ++++++++++++-----
 pkg/utils/watchdog.go    | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 6 deletions(-)
 create mode 100644 pkg/utils/watchdog.go

diff --git a/go.mod b/go.mod
index 317d9ce7a..4ce6958b0 100644
--- a/go.mod
+++ b/go.mod
@@ -70,6 +70,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
+	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
 	github.com/go-logr/logr v1.4.1
 	github.com/google/gops v0.3.28
@@ -163,7 +164,6 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
diff --git a/pkg/git/mirrored_repo.go b/pkg/git/mirrored_repo.go
index be4f34dfc..59d05c9d4 100644
--- a/pkg/git/mirrored_repo.go
+++ b/pkg/git/mirrored_repo.go
@@ -16,6 +16,7 @@ import (
 	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
 	"path/filepath"
@@ -270,11 +271,17 @@ func (g *MirroredGitRepo) update(repoDir string) error {
 		if err != nil {
 			return err
 		}
-		err = remote.FetchContext(g.ctx, &git.FetchOptions{
-			Auth:     auth.AuthMethod,
-			CABundle: auth.CABundle,
-			Tags:     git.AllTags,
-			Force:    true,
+
+		// go-git does not respect the context deadline in some situations, especially after errors occur internally.
+		// This leads to hanging fetches, which can easily deadlock the whole kluctl process. The only way to handle
+		// this currently is to panic when the deadline is exceeded too much.
+		err = utils.RunWithDeadlineAndPanic(g.ctx, 5*time.Second, func() error {
+			return remote.FetchContext(g.ctx, &git.FetchOptions{
+				Auth:     auth.AuthMethod,
+				CABundle: auth.CABundle,
+				Tags:     git.AllTags,
+				Force:    true,
+			})
 		})
 		if err != nil && err != git.NoErrAlreadyUpToDate {
 			return err
diff --git a/pkg/utils/watchdog.go b/pkg/utils/watchdog.go
new file mode 100644
index 000000000..63ce71e7b
--- /dev/null
+++ b/pkg/utils/watchdog.go
@@ -0,0 +1,38 @@
+package utils
+
+import (
+	"context"
+	"fmt"
+	"github.com/go-errors/errors"
+	"sync/atomic"
+	"time"
+)
+
+func RunWithDeadlineAndPanic(ctx context.Context, extraDeadline time.Duration, f func() error) error {
+	deadline, hasDeadline := ctx.Deadline()
+
+	if !hasDeadline {
+		return f()
+	}
+
+	var finished atomic.Bool
+
+	wait := deadline.Sub(time.Now()) + extraDeadline
+	if wait < 0 {
+		return ctx.Err()
+	}
+
+	deadlineErr := errors.New(fmt.Errorf("deadline exceeded while calling function"))
+
+	t := time.AfterFunc(wait, func() {
+		if !finished.Load() {
+			panic(deadlineErr.ErrorStack())
+		}
+	})
+	defer t.Stop()
+
+	err := f()
+	finished.Store(true)
+
+	return err
+}

From 9f2c259b4aceb7991d8f888637f0bcdcc6d66003 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Mar 2024 08:48:43 +0100
Subject: [PATCH 1995/2268] fix: Use struct tag to mark fields that should be
 exclusive

---
 pkg/types/validators_test.go | 32 ++++++++++++++++++++++++++++++++
 pkg/types/vars_source.go     | 33 +++++++++++++++------------------
 2 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
index f29fb24e9..fa65b7f87 100644
--- a/pkg/types/validators_test.go
+++ b/pkg/types/validators_test.go
@@ -1,6 +1,9 @@
 package types
 
 import (
+	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
 
 	"github.com/go-playground/validator/v10"
@@ -34,3 +37,32 @@ func TestValidateGitProjectSubDir(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateVarsSource(t *testing.T) {
+	validate := validator.New()
+	validate.RegisterStructValidation(ValidateVarsSource, VarsSource{})
+
+	type testCase struct {
+		vs VarsSource
+		e  string
+	}
+
+	tests := []testCase{
+		{vs: VarsSource{Values: uo.New()}}, // no error
+		{vs: VarsSource{}, e: "unknown vars source type"},
+		{vs: VarsSource{Values: uo.New(), File: utils.StrPtr("test")}, e: "more then one vars source type"},
+		{vs: VarsSource{Values: uo.New(), File: utils.StrPtr("test"), SystemEnvVars: uo.New()}, e: "more then one vars source type"},
+	}
+
+	for i, tc := range tests {
+		tc := tc
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			err := validate.Struct(&tc.vs)
+			if tc.e == "" {
+				assert.NoError(t, err)
+			} else {
+				assert.ErrorContains(t, err, tc.e)
+			}
+		})
+	}
+}
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index f7878b25c..3b31e4d59 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -127,19 +127,19 @@ type VarsSource struct {
 	NoOverride    *bool `json:"noOverride,omitempty"`
 	Sensitive     *bool `json:"sensitive,omitempty"`
 
-	Values            *uo.UnstructuredObject              `json:"values,omitempty"`
-	File              *string                             `json:"file,omitempty"`
-	Git               *VarsSourceGit                      `json:"git,omitempty"`
-	GitFiles          *VarsSourceGitFiles                 `json:"gitFiles,omitempty"`
-	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `json:"clusterConfigMap,omitempty"`
-	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `json:"clusterSecret,omitempty"`
-	ClusterObject     *VarsSourceClusterObject            `json:"clusterObject,omitempty"`
-	SystemEnvVars     *uo.UnstructuredObject              `json:"systemEnvVars,omitempty"`
-	Http              *VarsSourceHttp                     `json:"http,omitempty"`
-	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty"`
-	GcpSecretManager  *VarsSourceGcpSecretManager         `json:"gcpSecretManager,omitempty"`
-	Vault             *VarsSourceVault                    `json:"vault,omitempty"`
-	AzureKeyVault     *VarSourceAzureKeyVault             `json:"azureKeyVault,omitempty"`
+	Values            *uo.UnstructuredObject              `json:"values,omitempty" isVarsSource:"true"`
+	File              *string                             `json:"file,omitempty" isVarsSource:"true"`
+	Git               *VarsSourceGit                      `json:"git,omitempty" isVarsSource:"true"`
+	GitFiles          *VarsSourceGitFiles                 `json:"gitFiles,omitempty" isVarsSource:"true"`
+	ClusterConfigMap  *VarsSourceClusterConfigMapOrSecret `json:"clusterConfigMap,omitempty" isVarsSource:"true"`
+	ClusterSecret     *VarsSourceClusterConfigMapOrSecret `json:"clusterSecret,omitempty" isVarsSource:"true"`
+	ClusterObject     *VarsSourceClusterObject            `json:"clusterObject,omitempty" isVarsSource:"true"`
+	SystemEnvVars     *uo.UnstructuredObject              `json:"systemEnvVars,omitempty" isVarsSource:"true"`
+	Http              *VarsSourceHttp                     `json:"http,omitempty" isVarsSource:"true" isVarsSource:"true"`
+	AwsSecretsManager *VarsSourceAwsSecretsManager        `json:"awsSecretsManager,omitempty" isVarsSource:"true"`
+	GcpSecretManager  *VarsSourceGcpSecretManager         `json:"gcpSecretManager,omitempty" isVarsSource:"true"`
+	Vault             *VarsSourceVault                    `json:"vault,omitempty" isVarsSource:"true"`
+	AzureKeyVault     *VarSourceAzureKeyVault             `json:"azureKeyVault,omitempty" isVarsSource:"true"`
 
 	TargetPath string `json:"targetPath,omitempty"`
 
@@ -156,11 +156,8 @@ func ValidateVarsSource(sl validator.StructLevel) {
 	count := 0
 	v := reflect.ValueOf(s)
 	for i := 0; i < v.NumField(); i++ {
-		switch v.Type().Field(i).Name {
-		case "IgnoreMissing", "NoOverride", "TargetPath", "When", "RenderedSensitive", "RenderedVars":
-			continue
-		}
-		if !v.Field(i).IsNil() {
+		f := v.Type().Field(i)
+		if f.Tag.Get("isVarsSource") == "true" && !v.Field(i).IsNil() {
 			count += 1
 		}
 	}

From 0b66855912a4875345d0b412ce8fbb104a30194f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Mar 2024 09:06:46 +0100
Subject: [PATCH 1996/2268] refactor: Introduce generic utiuls.Ptr func

---
 e2e/gitops_errors_test.go             |  8 +++----
 e2e/gitops_git_include_test.go        |  4 ++--
 e2e/images_test.go                    | 16 +++++++-------
 e2e/seal_test.go                      |  2 +-
 pkg/deployment/deployment_project.go  |  2 +-
 pkg/diff/normalize_test.go            | 10 ++++-----
 pkg/sourceoverride/proxyclient_cli.go |  2 +-
 pkg/sourceoverride/proxyserver.go     |  2 +-
 pkg/types/validators_test.go          |  4 ++--
 pkg/utils/utils.go                    |  4 ++--
 pkg/vars/vars_loader_test.go          | 30 +++++++++++++--------------
 11 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index 556f62c61..b12bd2234 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -159,24 +159,24 @@ data:
 
 	suite.Run("invalid target", func() {
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Target = utils.StrPtr("invalid")
+			kd.Spec.Target = utils.Ptr("invalid")
 		})
 		kd := suite.waitForReconcile(key)
 		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "target invalid not existent in kluctl project config", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Target = utils.StrPtr("target1")
+			kd.Spec.Target = utils.Ptr("target1")
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 
 	suite.Run("invalid context", func() {
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Context = utils.StrPtr("invalid")
+			kd.Spec.Context = utils.Ptr("invalid")
 		})
 		kd := suite.waitForReconcile(key)
 		suite.assertErrors(kd, metav1.ConditionFalse, kluctlv1.PrepareFailedReason, "prepare failed. Check status.lastPrepareError for details", "context \"invalid\" does not exist", nil, nil)
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
-			kd.Spec.Context = utils.StrPtr("default")
+			kd.Spec.Context = utils.Ptr("default")
 		})
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 8c85b9adc..67a11ebe1 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -33,7 +33,7 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 	p, _, _ := prepareGitIncludeTest(suite.T(), suite.k, mainGs, gs1, gs2)
 
 	key := suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
-		kd.Spec.Source.URL = utils.StrPtr(p.GitUrl())
+		kd.Spec.Source.URL = utils.Ptr(p.GitUrl())
 	})
 
 	suite.Run("fail without authentication", func() {
@@ -87,7 +87,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 	var key client.ObjectKey
 	if legacyGitSource {
 		key = suite.createKluctlDeployment2(p, "test", nil, func(kd *v1beta1.KluctlDeployment) {
-			kd.Spec.Source.URL = utils.StrPtr(p.GitUrl())
+			kd.Spec.Source.URL = utils.Ptr(p.GitUrl())
 		})
 	} else {
 		key = suite.createKluctlDeployment(p, "test", nil)
diff --git a/e2e/images_test.go b/e2e/images_test.go
index e990fb393..de791657a 100644
--- a/e2e/images_test.go
+++ b/e2e/images_test.go
@@ -121,7 +121,7 @@ func TestGetImageVars(t *testing.T) {
 	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
-		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars"},
+		{Image: utils.Ptr("i1"), ResultImage: "i1:vars"},
 	})
 
 	createNamespace(t, k, p.TestSlug())
@@ -143,7 +143,7 @@ func TestGetImageMixed(t *testing.T) {
 	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
-		{Image: utils.StrPtr("i2"), ResultImage: "i2:vars"},
+		{Image: utils.Ptr("i2"), ResultImage: "i2:vars"},
 	})
 
 	createNamespace(t, k, p.TestSlug())
@@ -167,8 +167,8 @@ func TestGetImageByDeployment(t *testing.T) {
 	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
-		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Deployment: utils.StrPtr("Deployment/d1")},
-		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars2", Deployment: utils.StrPtr("Deployment/d2")},
+		{Image: utils.Ptr("i1"), ResultImage: "i1:vars1", Deployment: utils.Ptr("Deployment/d1")},
+		{Image: utils.Ptr("i1"), ResultImage: "i1:vars2", Deployment: utils.Ptr("Deployment/d2")},
 	})
 
 	createNamespace(t, k, p.TestSlug())
@@ -192,8 +192,8 @@ func TestGetImageByContainer(t *testing.T) {
 	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
-		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars1", Container: utils.StrPtr("c1")},
-		{Image: utils.StrPtr("i1"), ResultImage: "i1:vars2", Container: utils.StrPtr("c2")},
+		{Image: utils.Ptr("i1"), ResultImage: "i1:vars1", Container: utils.Ptr("c1")},
+		{Image: utils.Ptr("i1"), ResultImage: "i1:vars2", Container: utils.Ptr("c2")},
 	})
 
 	createNamespace(t, k, p.TestSlug())
@@ -217,8 +217,8 @@ func TestGetImageRegex(t *testing.T) {
 	p := test_project.NewTestProject(t)
 
 	setImagesVars(p, []types.FixedImage{
-		{ImageRegex: utils.StrPtr("i.*"), ResultImage: "i1:x"},
-		{ImageRegex: utils.StrPtr("j.*"), ResultImage: "i1:y"},
+		{ImageRegex: utils.Ptr("i.*"), ResultImage: "i1:x"},
+		{ImageRegex: utils.Ptr("j.*"), ResultImage: "i1:y"},
 	})
 
 	createNamespace(t, k, p.TestSlug())
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
index 6e56f7721..a66ca7632 100644
--- a/e2e/seal_test.go
+++ b/e2e/seal_test.go
@@ -469,7 +469,7 @@ func TestSeal_File(t *testing.T) {
 		},
 		[]*uo.UnstructuredObject{
 			uo.FromMap(map[string]interface{}{
-				"file": utils.StrPtr("secret-values.yaml"),
+				"file": utils.Ptr("secret-values.yaml"),
 			}),
 		}, true)
 
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 1dce94e29..14b7a3e68 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -102,7 +102,7 @@ func (p *DeploymentProject) loadConfig() error {
 
 func (p *DeploymentProject) generateSingleKustomizeProject() error {
 	p.Config.Deployments = append(p.Config.Deployments, types.DeploymentItemConfig{
-		Path: utils.StrPtr("."),
+		Path: utils.Ptr("."),
 	})
 	return nil
 }
diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
index af040ed63..2fc6368f1 100644
--- a/pkg/diff/normalize_test.go
+++ b/pkg/diff/normalize_test.go
@@ -137,7 +137,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
-				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("Nope")},
+				{FieldPath: []string{"metadata.labels.*"}, Group: utils.Ptr("Nope")},
 			},
 		},
 		{
@@ -145,7 +145,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
-				{FieldPath: []string{"metadata.labels.*"}, Kind: utils.StrPtr("Nope")},
+				{FieldPath: []string{"metadata.labels.*"}, Kind: utils.Ptr("Nope")},
 			},
 		},
 		{
@@ -153,7 +153,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
-				{FieldPath: []string{"metadata.labels.*"}, Name: utils.StrPtr("Nope")},
+				{FieldPath: []string{"metadata.labels.*"}, Name: utils.Ptr("Nope")},
 			},
 		},
 		{
@@ -161,7 +161,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {"l1": "v1", "l2": "l2", "good": "keep"}}}`),
 			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
-				{FieldPath: []string{"metadata.labels.*"}, Namespace: utils.StrPtr("Nope")},
+				{FieldPath: []string{"metadata.labels.*"}, Namespace: utils.Ptr("Nope")},
 			},
 		},
 		{
@@ -169,7 +169,7 @@ func TestNormalizeIgnoreForDiffs(t *testing.T) {
 			local:  buildObject(),
 			result: buildResultObject(`{"metadata": {"labels": {}}}`),
 			ignoreForDiffs: []types.IgnoreForDiffItemConfig{
-				{FieldPath: []string{"metadata.labels.*"}, Group: utils.StrPtr("apps"), Kind: utils.StrPtr("Deployment"), Name: utils.StrPtr("test"), Namespace: utils.StrPtr("ns")},
+				{FieldPath: []string{"metadata.labels.*"}, Group: utils.Ptr("apps"), Kind: utils.Ptr("Deployment"), Name: utils.Ptr("test"), Namespace: utils.Ptr("ns")},
 			},
 		},
 	}
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 584373081..9f07ae639 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -257,7 +257,7 @@ func (c *ProxyClientCli) Start() error {
 		var resp ResolveOverrideResponse
 		b, err := c.handleRequest(req.Request)
 		if err != nil {
-			resp.Error = utils.StrPtr(err.Error())
+			resp.Error = utils.Ptr(err.Error())
 		} else {
 			resp.Artifact = b
 		}
diff --git a/pkg/sourceoverride/proxyserver.go b/pkg/sourceoverride/proxyserver.go
index a6ce02e18..d4afedf71 100644
--- a/pkg/sourceoverride/proxyserver.go
+++ b/pkg/sourceoverride/proxyserver.go
@@ -190,7 +190,7 @@ func (s *ProxyServerImpl) handshake(stream Proxy_ProxyStreamServer) (*ProxyConne
 
 	msg = &ProxyRequest{
 		Auth: &AuthMsg{
-			AuthError: utils.StrPtr(""),
+			AuthError: utils.Ptr(""),
 		},
 	}
 
diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
index fa65b7f87..25e2dc2a2 100644
--- a/pkg/types/validators_test.go
+++ b/pkg/types/validators_test.go
@@ -50,8 +50,8 @@ func TestValidateVarsSource(t *testing.T) {
 	tests := []testCase{
 		{vs: VarsSource{Values: uo.New()}}, // no error
 		{vs: VarsSource{}, e: "unknown vars source type"},
-		{vs: VarsSource{Values: uo.New(), File: utils.StrPtr("test")}, e: "more then one vars source type"},
-		{vs: VarsSource{Values: uo.New(), File: utils.StrPtr("test"), SystemEnvVars: uo.New()}, e: "more then one vars source type"},
+		{vs: VarsSource{Values: uo.New(), File: utils.Ptr("test")}, e: "more then one vars source type"},
+		{vs: VarsSource{Values: uo.New(), File: utils.Ptr("test"), SystemEnvVars: uo.New()}, e: "more then one vars source type"},
 	}
 
 	for i, tc := range tests {
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
index fb799507a..c8f86e3f6 100644
--- a/pkg/utils/utils.go
+++ b/pkg/utils/utils.go
@@ -59,8 +59,8 @@ func ParseBoolOrDefault(s string, def bool) bool {
 	return b
 }
 
-func StrPtr(s string) *string {
-	return &s
+func Ptr[T any](v T) *T {
+	return &v
 }
 
 func StrPtrEquals(s1 *string, s2 *string) bool {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 791bd2701..8fa78212b 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -170,7 +170,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		vs := &types.VarsSource{
-			File: utils.StrPtr("test.yaml"),
+			File: utils.Ptr("test.yaml"),
 		}
 		err := vl.LoadVars(context.TODO(), vc, vs, []string{d}, "")
 		assert.NoError(s.T(), err)
@@ -184,7 +184,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
-			File:          utils.StrPtr("test.yaml"),
+			File:          utils.Ptr("test.yaml"),
 		}, []string{d}, "")
 		assert.NoError(s.T(), err)
 
@@ -196,7 +196,7 @@ func (s *VarsLoaderTestSuite) TestFile() {
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
-			File:          utils.StrPtr("test-missing.yaml"),
+			File:          utils.Ptr("test-missing.yaml"),
 		}, []string{d}, "")
 		assert.NoError(s.T(), err)
 	})
@@ -212,7 +212,7 @@ func (s *VarsLoaderTestSuite) TestSopsFile() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		vs := &types.VarsSource{
-			File: utils.StrPtr("test.yaml"),
+			File: utils.Ptr("test.yaml"),
 		}
 		err := vl.LoadVars(context.TODO(), vc, vs, []string{d}, "")
 		assert.NoError(s.T(), err)
@@ -230,7 +230,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoad() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
-			File: utils.StrPtr("test.yaml"),
+			File: utils.Ptr("test.yaml"),
 		}, []string{d}, "")
 		assert.NoError(s.T(), err)
 
@@ -247,7 +247,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoadSubDir() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
-			File: utils.StrPtr("test.yaml"),
+			File: utils.Ptr("test.yaml"),
 		}, []string{d, filepath.Join(d, "subdir")}, "")
 		assert.NoError(s.T(), err)
 
@@ -262,7 +262,7 @@ func (s *VarsLoaderTestSuite) TestFileWithLoadNotExists() {
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
-			File: utils.StrPtr("test.yaml"),
+			File: utils.Ptr("test.yaml"),
 		}, []string{d}, "")
 		assert.EqualError(s.T(), err, "failed to render vars file test.yaml: template test3.txt not found")
 	})
@@ -1070,7 +1070,7 @@ func (s *VarsLoaderTestSuite) TestHttp_POST() {
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:    types.YamlUrl{URL: *u},
-				Method: utils.StrPtr("POST"),
+				Method: utils.Ptr("POST"),
 			},
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, "failed with status code 543")
@@ -1078,8 +1078,8 @@ func (s *VarsLoaderTestSuite) TestHttp_POST() {
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:    types.YamlUrl{URL: *u},
-				Method: utils.StrPtr("POST"),
-				Body:   utils.StrPtr("body"),
+				Method: utils.Ptr("POST"),
+				Body:   utils.Ptr("body"),
 			},
 		}, nil, "")
 		assert.ErrorContains(s.T(), err, "failed with status code 544")
@@ -1087,8 +1087,8 @@ func (s *VarsLoaderTestSuite) TestHttp_POST() {
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:     types.YamlUrl{URL: *u},
-				Method:  utils.StrPtr("POST"),
-				Body:    utils.StrPtr("body"),
+				Method:  utils.Ptr("POST"),
+				Body:    utils.Ptr("body"),
 				Headers: map[string]string{"h": "h"},
 			},
 		}, nil, "")
@@ -1110,7 +1110,7 @@ func (s *VarsLoaderTestSuite) TestHttp_JsonPath() {
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Http: &types.VarsSourceHttp{
 				Url:      types.YamlUrl{URL: *u},
-				JsonPath: utils.StrPtr("test1"),
+				JsonPath: utils.Ptr("test1"),
 			},
 		}, nil, "")
 		assert.NoError(s.T(), err)
@@ -1136,7 +1136,7 @@ func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "secret",
-				Region:     utils.StrPtr("eu-central1"),
+				Region:     utils.Ptr("eu-central1"),
 			},
 		}, nil, "")
 		assert.NoError(s.T(), err)
@@ -1171,7 +1171,7 @@ func (s *VarsLoaderTestSuite) TestAwsSecretsManager() {
 			IgnoreMissing: &b,
 			AwsSecretsManager: &types.VarsSourceAwsSecretsManager{
 				SecretName: "missing",
-				Region:     utils.StrPtr("eu-central1"),
+				Region:     utils.Ptr("eu-central1"),
 			},
 		}, nil, "")
 		assert.NoError(s.T(), err)

From 047215ec64d079377bf73db76432fbed037a75bd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Mar 2024 08:57:21 +0100
Subject: [PATCH 1997/2268] tests: Also test for sensive flag being set

---
 pkg/types/validators_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
index 25e2dc2a2..0e8d37157 100644
--- a/pkg/types/validators_test.go
+++ b/pkg/types/validators_test.go
@@ -48,7 +48,8 @@ func TestValidateVarsSource(t *testing.T) {
 	}
 
 	tests := []testCase{
-		{vs: VarsSource{Values: uo.New()}}, // no error
+		{vs: VarsSource{Values: uo.New()}},                             // no error
+		{vs: VarsSource{Values: uo.New(), Sensitive: utils.Ptr(true)}}, // no error
 		{vs: VarsSource{}, e: "unknown vars source type"},
 		{vs: VarsSource{Values: uo.New(), File: utils.Ptr("test")}, e: "more then one vars source type"},
 		{vs: VarsSource{Values: uo.New(), File: utils.Ptr("test"), SystemEnvVars: uo.New()}, e: "more then one vars source type"},

From d6d85b8ad55431a71b85e8df67265d2c6ec74fc7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 15 Mar 2024 09:25:45 +0100
Subject: [PATCH 1998/2268] feat: Implement --ignore-kluctl-metadata (#1017)

---
 cmd/kluctl/args/misc.go              |  7 ++++---
 cmd/kluctl/commands/cmd_diff.go      |  1 +
 docs/kluctl/commands/diff.md         |  1 +
 pkg/deployment/commands/diff.go      | 14 ++++++++------
 pkg/deployment/deployment_project.go |  7 ++++++-
 pkg/deployment/utils/diff_utils.go   | 11 ++++++-----
 6 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/args/misc.go b/cmd/kluctl/args/misc.go
index 45ec1050d..308617930 100644
--- a/cmd/kluctl/args/misc.go
+++ b/cmd/kluctl/args/misc.go
@@ -31,9 +31,10 @@ type HookFlags struct {
 }
 
 type IgnoreFlags struct {
-	IgnoreTags        bool `group:"misc" help:"Ignores changes in tags when diffing"`
-	IgnoreLabels      bool `group:"misc" help:"Ignores changes in labels when diffing"`
-	IgnoreAnnotations bool `group:"misc" help:"Ignores changes in annotations when diffing"`
+	IgnoreTags           bool `group:"misc" help:"Ignores changes in tags when diffing"`
+	IgnoreLabels         bool `group:"misc" help:"Ignores changes in labels when diffing"`
+	IgnoreAnnotations    bool `group:"misc" help:"Ignores changes in annotations when diffing"`
+	IgnoreKluctlMetadata bool `group:"misc" help:"Ignores changes in Kluctl related metadata (e.g. tags, discriminators, ...)"`
 }
 
 type AbortOnErrorFlags struct {
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 62f7452a3..3a2c04d5a 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -53,6 +53,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		cmd2.IgnoreTags = cmd.IgnoreTags
 		cmd2.IgnoreLabels = cmd.IgnoreLabels
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
+		cmd2.IgnoreKluctlMetadata = cmd.IgnoreKluctlMetadata
 		result := cmd2.Run()
 		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
diff --git a/docs/kluctl/commands/diff.md b/docs/kluctl/commands/diff.md
index 26be0b310..393fbbb90 100644
--- a/docs/kluctl/commands/diff.md
+++ b/docs/kluctl/commands/diff.md
@@ -40,6 +40,7 @@ Misc arguments:
       --force-replace-on-error      Same as --replace-on-error, but also try to delete and re-create objects. See
                                     documentation for more details.
       --ignore-annotations          Ignores changes in annotations when diffing
+      --ignore-kluctl-metadata      Ignores changes in Kluctl related metadata (e.g. tags, discriminators, ...)
       --ignore-labels               Ignores changes in labels when diffing
       --ignore-tags                 Ignores changes in tags when diffing
       --no-obfuscate                Disable obfuscation of sensitive/secret data
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index d450fc267..ac816dea2 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -12,12 +12,13 @@ import (
 type DiffCommand struct {
 	targetCtx *target_context.TargetContext
 
-	ForceApply          bool
-	ReplaceOnError      bool
-	ForceReplaceOnError bool
-	IgnoreTags          bool
-	IgnoreLabels        bool
-	IgnoreAnnotations   bool
+	ForceApply           bool
+	ReplaceOnError       bool
+	ForceReplaceOnError  bool
+	IgnoreTags           bool
+	IgnoreLabels         bool
+	IgnoreAnnotations    bool
+	IgnoreKluctlMetadata bool
 
 	SkipResourceVersions map[k8s2.ObjectRef]string
 }
@@ -68,6 +69,7 @@ func (cmd *DiffCommand) Run() *result.CommandResult {
 	du.IgnoreTags = cmd.IgnoreTags
 	du.IgnoreLabels = cmd.IgnoreLabels
 	du.IgnoreAnnotations = cmd.IgnoreAnnotations
+	du.IgnoreKluctlMetadata = cmd.IgnoreKluctlMetadata
 	du.DiffDeploymentItems(cmd.targetCtx.DeploymentCollection.Deployments)
 
 	orphanObjects, err := FindOrphanObjects(cmd.targetCtx.SharedContext.K, ru, cmd.targetCtx.DeploymentCollection)
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 14b7a3e68..c7f124caa 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -382,7 +382,7 @@ func (p *DeploymentProject) getTags() *utils.OrderedMap[string, bool] {
 	return &tags
 }
 
-func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAnnotations bool) []types.IgnoreForDiffItemConfig {
+func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAnnotations, ignoreKluctlMetadata bool) []types.IgnoreForDiffItemConfig {
 	var ret []types.IgnoreForDiffItemConfig
 	for _, e := range p.getParents() {
 		ret = append(ret, e.p.Config.IgnoreForDiff...)
@@ -396,5 +396,10 @@ func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAn
 	if ignoreAnnotations {
 		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPath: []string{`metadata.annotations.*`}})
 	}
+	if ignoreKluctlMetadata {
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.labels\["kluctl\.io/tag-.*"\]`}})
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.labels\["kluctl\.io/discriminator"\]`}})
+		ret = append(ret, types.IgnoreForDiffItemConfig{FieldPathRegex: []string{`metadata\.annotations\["kluctl\.io/deployment-item-dir"\]`}})
+	}
 	return ret
 }
diff --git a/pkg/deployment/utils/diff_utils.go b/pkg/deployment/utils/diff_utils.go
index fde1f3fab..ba6e16da6 100644
--- a/pkg/deployment/utils/diff_utils.go
+++ b/pkg/deployment/utils/diff_utils.go
@@ -16,10 +16,11 @@ type DiffUtil struct {
 	appliedObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
 	ru             *RemoteObjectUtils
 
-	IgnoreTags        bool
-	IgnoreLabels      bool
-	IgnoreAnnotations bool
-	Swapped           bool
+	IgnoreTags           bool
+	IgnoreLabels         bool
+	IgnoreAnnotations    bool
+	IgnoreKluctlMetadata bool
+	Swapped              bool
 
 	remoteDiffObjects map[k8s2.ObjectRef]*uo.UnstructuredObject
 	ChangedObjects    []result.ChangedObject
@@ -40,7 +41,7 @@ func (u *DiffUtil) DiffDeploymentItems(deployments []*deployment.DeploymentItem)
 	var wg sync.WaitGroup
 
 	for _, d := range deployments {
-		ignoreForDiffs := d.Project.GetIgnoreForDiffs(u.IgnoreTags, u.IgnoreLabels, u.IgnoreAnnotations)
+		ignoreForDiffs := d.Project.GetIgnoreForDiffs(u.IgnoreTags, u.IgnoreLabels, u.IgnoreAnnotations, u.IgnoreKluctlMetadata)
 		u.diffObjects(d.Objects, ignoreForDiffs, &wg)
 	}
 	wg.Wait()

From 9e2d0577deda73af5edc9c7f1827269ae16d854e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 11:20:46 +0100
Subject: [PATCH 1999/2268] fix: Reimplement GetFilteredPreferredGVKs to
 account for resources without PV

Sometimes individual resources inside a group do not have an APIResource
with a version that matches the preferred version of the group. In that
case, we must use the latest version instead.

Before this, such resources were completely ignored/skipped, leading to
orphan detection to not work for these resources.
---
 pkg/deployment/utils/apply_utils.go          |  12 +-
 pkg/deployment/utils/delete_utils.go         |  10 +-
 pkg/deployment/utils/remote_objects_utils.go |  11 +-
 pkg/helm/helm_release.go                     |  11 +-
 pkg/k8s/resources.go                         | 121 ++++++++++++++-----
 pkg/vars/vars_loader.go                      |  12 +-
 6 files changed, 124 insertions(+), 53 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 7d7292bb1..329378be1 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -573,12 +573,12 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 }
 
 func (a *ApplyUtil) convertObjectRef(x types2.ObjectRefItem, refs map[k8s2.ObjectRef]bool) {
-	gvks, err := a.k.GetFilteredPreferredGVKs(k8s.BuildGVKFilter(x.Group, nil, x.Kind))
+	ars, err := a.k.GetFilteredPreferredAPIResources(k8s.BuildGVKFilter(x.Group, nil, x.Kind))
 	if err != nil {
 		a.HandleError(k8s2.ObjectRef{}, err)
 		return
 	}
-	if len(gvks) == 0 {
+	if len(ars) == 0 {
 		nameAndNs := x.Name
 		if x.Namespace != "" {
 			nameAndNs = x.Namespace + "/" + x.Name
@@ -593,11 +593,11 @@ func (a *ApplyUtil) convertObjectRef(x types2.ObjectRefItem, refs map[k8s2.Objec
 		a.HandleError(k8s2.ObjectRef{}, fmt.Errorf("failed to wait for readiness of %s. resource with group/kind %s not found", nameAndNs, gk.String()))
 		return
 	}
-	for _, gvk := range gvks {
+	for _, ar := range ars {
 		ref := k8s2.ObjectRef{
-			Group:     gvk.Group,
-			Version:   gvk.Version,
-			Kind:      gvk.Kind,
+			Group:     ar.Group,
+			Version:   ar.Version,
+			Kind:      ar.Kind,
 			Name:      x.Name,
 			Namespace: x.Namespace,
 		}
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 8c666a255..774050581 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -114,12 +114,16 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 	}
 
 	filteredResources := make(map[schema.GroupKind]bool)
-	gvks, err := k.GetFilteredPreferredGVKs(filterFunc)
+	ars, err := k.GetFilteredPreferredAPIResources(filterFunc)
 	if err != nil {
 		return nil, err
 	}
-	for _, gvk := range gvks {
-		filteredResources[gvk.GroupKind()] = true
+	for _, ar := range ars {
+		gk := schema.GroupKind{
+			Group: ar.Group,
+			Kind:  ar.Kind,
+		}
+		filteredResources[gk] = true
 	}
 
 	var ret []*uo.UnstructuredObject
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 889becc36..f655a2a3b 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -54,7 +54,7 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 	errCount := 0
 	permissionErrCount := 0
 
-	gvks, err := k.GetFilteredPreferredGVKs(func(ar *v1.APIResource) bool {
+	ars, err := k.GetFilteredPreferredAPIResources(func(ar *v1.APIResource) bool {
 		if onlyUsedGKs != nil {
 			gk := schema.GroupKind{
 				Group: ar.Group,
@@ -71,8 +71,13 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 	}
 
 	g := utils.NewGoHelper(u.ctx, 0)
-	for _, gvk := range gvks {
-		gvk := gvk
+	for _, ar := range ars {
+		ar := ar
+		gvk := schema.GroupVersionKind{
+			Group:   ar.Group,
+			Version: ar.Version,
+			Kind:    ar.Kind,
+		}
 		g.Run(func() {
 			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
 			u.dew.AddApiWarnings(k8s2.ObjectRef{
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 9fa48ef49..805e69dfc 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -295,14 +295,17 @@ func (hr *Release) getApiVersions(k *k8s.K8sCluster) (chartutil.VersionSet, erro
 
 	m := map[string]bool{}
 
-	gvks, err := k.GetFilteredGVKs(nil)
+	ars, err := k.GetAllAPIResources()
 	if err != nil {
 		return nil, err
 	}
-	for _, gvk := range gvks {
-		gvStr := gvk.GroupVersion().String()
+	for _, ar := range ars {
+		gvStr := ar.Version
+		if ar.Group != "" {
+			gvStr = ar.Group + "/" + ar.Version
+		}
 		m[gvStr] = true
-		gvkStr := fmt.Sprintf("%s/%s", gvStr, gvk.Kind)
+		gvkStr := fmt.Sprintf("%s/%s", gvStr, ar.Kind)
 		m[gvkStr] = true
 	}
 
diff --git a/pkg/k8s/resources.go b/pkg/k8s/resources.go
index 1809a9a9a..669831657 100644
--- a/pkg/k8s/resources.go
+++ b/pkg/k8s/resources.go
@@ -4,15 +4,16 @@ import (
 	"fmt"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/restmapper"
 	"strings"
 )
 
 var (
-	deprecatedResources = map[schema.GroupKind]bool{
-		{Group: "extensions", Kind: "Ingress"}: true,
-		{Group: "", Kind: "ComponentStatus"}:   true,
+	deprecatedResources = map[schema.GroupResource]bool{
+		{Group: "extensions", Resource: "ingresses"}: true,
+		{Group: "", Resource: "componentstatuses"}:   true,
 	}
 )
 
@@ -47,57 +48,111 @@ func (k *K8sCluster) doGetApiGroupResources() ([]*restmapper.APIGroupResources,
 	return ret, nil
 }
 
-func (k *K8sCluster) doGetFilteredGVKs(ret *[]schema.GroupVersionKind, g v1.APIGroup, v string, vrs []v1.APIResource, filter func(ar *v1.APIResource) bool) {
-	for _, vr := range vrs {
-		vr.Group = g.Name
-		vr.Version = v
-		if strings.Index(vr.Name, "/") != -1 {
-			// skip sub-resources
-			continue
-		}
-		gvk := schema.GroupVersionKind{
-			Group:   g.Name,
-			Version: v,
-			Kind:    vr.Kind,
-		}
-		if _, ok := deprecatedResources[gvk.GroupKind()]; ok {
-			continue
-		}
-		if filter != nil && !filter(&vr) {
-			continue
-		}
-		*ret = append(*ret, gvk)
+func (k *K8sCluster) filterResource(ar *v1.APIResource) bool {
+	if strings.Index(ar.Name, "/") != -1 {
+		// skip sub-resources
+		return false
+	}
+
+	gr := schema.GroupResource{
+		Group:    ar.Group,
+		Resource: ar.Name,
+	}
+	if _, ok := deprecatedResources[gr]; ok {
+		return false
 	}
+
+	return true
 }
 
-func (k *K8sCluster) GetFilteredGVKs(filter func(ar *v1.APIResource) bool) ([]schema.GroupVersionKind, error) {
+func (k *K8sCluster) GetAllAPIResources() ([]v1.APIResource, error) {
 	agrs, err := k.doGetApiGroupResources()
 	if err != nil {
 		return nil, err
 	}
 
-	var ret []schema.GroupVersionKind
+	var ret []v1.APIResource
 	for _, agr := range agrs {
-		for v, vrs := range agr.VersionedResources {
-			k.doGetFilteredGVKs(&ret, agr.Group, v, vrs, filter)
+		for v, ars := range agr.VersionedResources {
+			for _, ar := range ars {
+				ar := ar
+				ar.Group = agr.Group.Name
+				ar.Version = v
+
+				if !k.filterResource(&ar) {
+					continue
+				}
+				ret = append(ret, ar)
+			}
 		}
 	}
 	return ret, nil
 }
 
-func (k *K8sCluster) GetFilteredPreferredGVKs(filter func(ar *v1.APIResource) bool) ([]schema.GroupVersionKind, error) {
+func (k *K8sCluster) GetAllPreferredAPIResources() ([]v1.APIResource, error) {
 	agrs, err := k.doGetApiGroupResources()
 	if err != nil {
 		return nil, err
 	}
 
-	var ret []schema.GroupVersionKind
+	preferredVersions := map[string]string{}
+	grs := map[schema.GroupResource][]v1.APIResource{}
 	for _, agr := range agrs {
-		vrs, ok := agr.VersionedResources[agr.Group.PreferredVersion.Version]
-		if !ok {
-			continue
+		preferredVersions[agr.Group.Name] = agr.Group.PreferredVersion.Version
+		for v, ars := range agr.VersionedResources {
+			for _, ar := range ars {
+				ar := ar
+				ar.Group = agr.Group.Name
+				ar.Version = v
+
+				if !k.filterResource(&ar) {
+					continue
+				}
+
+				gr := schema.GroupResource{
+					Group:    agr.Group.Name,
+					Resource: ar.Name,
+				}
+
+				l := grs[gr]
+				l = append(l, ar)
+				grs[gr] = l
+			}
+		}
+	}
+
+	var ret []v1.APIResource
+	for gkr, ars := range grs {
+		var preferredAR *v1.APIResource
+		if len(ars) > 1 {
+			err = nil
+		}
+		for _, ar := range ars {
+			ar := ar
+			if preferredVersions[gkr.Group] == ar.Version {
+				preferredAR = &ar
+				break
+			}
+			if preferredAR == nil || version.CompareKubeAwareVersionStrings(preferredAR.Version, ar.Version) < 0 {
+				preferredAR = &ar
+			}
+		}
+		ret = append(ret, *preferredAR)
+	}
+	return ret, nil
+}
+
+func (k *K8sCluster) GetFilteredPreferredAPIResources(filter func(ar *v1.APIResource) bool) ([]v1.APIResource, error) {
+	ars, err := k.GetAllPreferredAPIResources()
+	if err != nil {
+		return nil, err
+	}
+
+	var ret []v1.APIResource
+	for _, ar := range ars {
+		if filter == nil || filter(&ar) {
+			ret = append(ret, ar)
 		}
-		k.doGetFilteredGVKs(&ret, agr.Group, agr.Group.PreferredVersion.Version, vrs, filter)
 	}
 	return ret, nil
 }
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index b71f69bce..ebe46244c 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -474,19 +474,23 @@ func (v *VarsLoader) loadFromK8sObject(varsCtx *VarsCtx, varsSource types.VarsSo
 		gvk.Group = gv.Group
 		gvk.Version = gv.Version
 	} else {
-		gvks, err := v.k.GetFilteredPreferredGVKs(func(ar *metav1.APIResource) bool {
+		ars, err := v.k.GetFilteredPreferredAPIResources(func(ar *metav1.APIResource) bool {
 			return ar.Kind == varsSource.Kind
 		})
 		if err != nil {
 			return nil, err
 		}
-		if len(gvks) == 0 {
+		if len(ars) == 0 {
 			return nil, fmt.Errorf("no matching resource found for kind %s", varsSource.Kind)
 		}
-		if len(gvks) != 1 {
+		if len(ars) != 1 {
 			return nil, fmt.Errorf("more then one matching resources found for kind %s, consider also specifying apiVersion", varsSource.Kind)
 		}
-		gvk = gvks[0]
+		gvk = schema.GroupVersionKind{
+			Group:   ars[0].Group,
+			Version: ars[0].Version,
+			Kind:    ars[0].Kind,
+		}
 	}
 
 	var objs []*uo.UnstructuredObject

From 45137336a27aa9e9491859bfcb8d3b734a651018 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 11:32:50 +0100
Subject: [PATCH 2000/2268] fix: Fix potential crash in deployment item
 rendering

---
 pkg/deployment/deployment_item.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index d7f237aa7..74d6d0bf5 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -129,6 +129,9 @@ func (di *DeploymentItem) render(forSeal bool) error {
 	excludePatterns = append(excludePatterns, "**/.git")
 
 	err = filepath.WalkDir(*di.dir, func(p string, d fs.DirEntry, err error) error {
+		if d == nil {
+			return nil
+		}
 		if d.IsDir() {
 			relDir, err := filepath.Rel(*di.dir, p)
 			if err != nil {

From ac080f285f6fc9aaeb79fadccc4879475e01cd6e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 12:15:07 +0100
Subject: [PATCH 2001/2268] fix: Introduce RandomizeSuffix that respects max
 length of names

---
 pkg/deployment/utils/apply_utils.go | 4 ++--
 pkg/utils/rand.go                   | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 7d7292bb1..8a168c148 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -371,14 +371,14 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		// result
 		usesDummyName = true
 		x = x.Clone()
-		x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
+		x.SetK8sName(utils.RandomizeSuffix(ref.Name, 8, 63))
 	} else if a.o.DryRun && remoteNamespace == nil && ref.Namespace != "" {
 		if _, ok := a.allNamespaces.Load(ref.Namespace); ok {
 			// The namespace does not really exist, but would have been created if dryRun would be false.
 			// So let's pretend we deploy it to the default namespace with a dummy name
 			usesDummyName = true
 			x = x.Clone()
-			x.SetK8sName(fmt.Sprintf("%s-%s", ref.Name, utils.RandomString(8)))
+			x.SetK8sName(utils.RandomizeSuffix(ref.Name, 8, 63))
 			x.SetK8sNamespace("default")
 		}
 	}
diff --git a/pkg/utils/rand.go b/pkg/utils/rand.go
index 7e113042f..565e9c7e0 100644
--- a/pkg/utils/rand.go
+++ b/pkg/utils/rand.go
@@ -32,3 +32,11 @@ func RandomString(n int) string {
 	}
 	return string(b)
 }
+
+func RandomizeSuffix(s string, randLen int, maxLen int) string {
+	maxPrefixLen := maxLen - 1 - randLen
+	if len(s) > maxPrefixLen {
+		s = s[:maxPrefixLen]
+	}
+	return s + "-" + RandomString(randLen)
+}

From ec4fca7d6c867ab8412591544da88935c3d7f848 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 12:17:09 +0100
Subject: [PATCH 2002/2268] fix: Always undo dummy name randomization in
 ApplyObject

And not only on success.
---
 pkg/deployment/utils/apply_utils.go | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 8a168c148..9aae2d28c 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -383,6 +383,16 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		}
 	}
 
+	undoDummyName := func(x *uo.UnstructuredObject) {
+		if !usesDummyName || x == nil {
+			return
+		}
+		tmpName := x.GetK8sName()
+		_ = x.ReplaceKeys(tmpName, ref.Name)
+		_ = x.ReplaceValues(tmpName, ref.Name)
+		x.SetK8sNamespace(ref.Namespace)
+	}
+
 	options := k8s.PatchOptions{
 		ForceDryRun: a.o.DryRun,
 	}
@@ -400,12 +410,10 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 		}
 	}
 
-	if r != nil && usesDummyName {
-		tmpName := r.GetK8sName()
-		_ = r.ReplaceKeys(tmpName, ref.Name)
-		_ = r.ReplaceValues(tmpName, ref.Name)
-		r.SetK8sNamespace(ref.Namespace)
-	} else if retryWhenCRDExists {
+	undoDummyName(r)
+	undoDummyName(x)
+
+	if r == nil && retryWhenCRDExists {
 		if a.o.DryRun {
 			if _, ok := a.allCRDs.Load(x.GetK8sGVK()); ok {
 				// simulate that the apply "succeeded"

From e553ebb8f1ec218ce358763784d6b72c0fb94caa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 12:40:27 +0100
Subject: [PATCH 2003/2268] tests: Introduce buildSingleNamespaceRbac

---
 e2e/remote_objects_permission_test.go | 110 ++++++++++++++------------
 1 file changed, 58 insertions(+), 52 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 8b8f9fba4..65d406108 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -9,6 +9,63 @@ import (
 	"testing"
 )
 
+func buildSingleNamespaceRbac(username string, namespace string) string {
+	rbac := strings.NewReplacer(
+		"USERNAME", username,
+		"NAMESPACE", namespace,
+	).Replace(`
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    resourceNames: ["NAMESPACE"]
+    verbs: ["create", "update", "patch", "get", "list", "watch"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["*"]
+    verbs: ["create", "update",  "patch", "get", "list", "watch"]
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+  namespace: NAMESPACE
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "update", "patch", "get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+subjects:
+  - kind: User
+    name: USERNAME
+roleRef:
+  kind: ClusterRole
+  name: USERNAME
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: USERNAME
+  namespace: NAMESPACE
+subjects:
+  - kind: User
+    name: USERNAME
+roleRef:
+  kind: Role
+  name: USERNAME
+  apiGroup: rbac.authorization.k8s.io
+`)
+
+	return rbac
+}
+
 func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 	t.Parallel()
 
@@ -154,58 +211,7 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	rbac := strings.NewReplacer(
-		"USERNAME", username,
-		"SLUG", p.TestSlug(),
-	).Replace(`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-rules:
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    resourceNames: ["SLUG"]
-    verbs: ["create", "update", "patch", "get", "list", "watch"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["*"]
-    verbs: ["create", "update",  "patch", "get", "list", "watch"]
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-  namespace: SLUG
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "update", "patch", "get", "list", "watch"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-subjects:
-  - kind: User
-    name: USERNAME
-roleRef:
-  kind: ClusterRole
-  name: USERNAME
-  apiGroup: rbac.authorization.k8s.io
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-  namespace: SLUG
-subjects:
-  - kind: User
-    name: USERNAME
-roleRef:
-  kind: Role
-  name: USERNAME
-  apiGroup: rbac.authorization.k8s.io
-`)
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug())
 	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
 		{Name: "rbac.yaml", Content: rbac},
 	}, nil)

From e5120b55f2b9ea5d50a4a934c36951ad7c39c334 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 15:11:06 +0100
Subject: [PATCH 2004/2268] refactor: Introduce checkStatusRequired to check
 for required status fields

---
 e2e/remote_objects_permission_test.go | 123 ++++++++++++++------------
 e2e/test_resources/resources.go       |   2 +-
 pkg/deployment/commands/validate.go   |   2 +-
 pkg/deployment/utils/apply_utils.go   |   2 +-
 pkg/validation/validation.go          |  70 ++++++++++-----
 5 files changed, 119 insertions(+), 80 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 65d406108..1acae804d 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -3,67 +3,76 @@ package e2e
 import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
+	v1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
-	"strings"
 	"testing"
 )
 
-func buildSingleNamespaceRbac(username string, namespace string) string {
-	rbac := strings.NewReplacer(
-		"USERNAME", username,
-		"NAMESPACE", namespace,
-	).Replace(`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-rules:
-  - apiGroups: [""]
-    resources: ["namespaces"]
-    resourceNames: ["NAMESPACE"]
-    verbs: ["create", "update", "patch", "get", "list", "watch"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["*"]
-    verbs: ["create", "update",  "patch", "get", "list", "watch"]
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-  namespace: NAMESPACE
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps"]
-    verbs: ["create", "update", "patch", "get", "list", "watch"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-subjects:
-  - kind: User
-    name: USERNAME
-roleRef:
-  kind: ClusterRole
-  name: USERNAME
-  apiGroup: rbac.authorization.k8s.io
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: USERNAME
-  namespace: NAMESPACE
-subjects:
-  - kind: User
-    name: USERNAME
-roleRef:
-  kind: Role
-  name: USERNAME
-  apiGroup: rbac.authorization.k8s.io
-`)
-
-	return rbac
+func buildSingleNamespaceRbac(username string, namespace string, resources []schema.GroupResource) []*uo.UnstructuredObject {
+	var ret []*uo.UnstructuredObject
+
+	var clusterRole v1.ClusterRole
+	clusterRole.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("ClusterRole"))
+	clusterRole.Name = username
+	clusterRole.Rules = append(clusterRole.Rules, v1.PolicyRule{
+		APIGroups:     []string{""},
+		Resources:     []string{"namespaces"},
+		ResourceNames: []string{namespace},
+		Verbs:         []string{"create", "update", "patch", "get", "list", "watch"},
+	})
+	clusterRole.Rules = append(clusterRole.Rules, v1.PolicyRule{
+		APIGroups: []string{"rbac.authorization.k8s.io"},
+		Resources: []string{"*"},
+		Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
+	})
+	ret = append(ret, uo.FromStructMust(clusterRole))
+
+	var role v1.Role
+	role.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("Role"))
+	role.Name = username
+	role.Namespace = namespace
+	for _, r := range resources {
+		role.Rules = append(role.Rules, v1.PolicyRule{
+			APIGroups: []string{r.Group},
+			Resources: []string{r.Resource},
+			Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
+		})
+	}
+	ret = append(ret, uo.FromStructMust(role))
+
+	var clusterRoleBinding v1.ClusterRoleBinding
+	clusterRoleBinding.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("ClusterRoleBinding"))
+	clusterRoleBinding.Name = username
+	clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, v1.Subject{
+		Kind: "User",
+		Name: username,
+	})
+	clusterRoleBinding.RoleRef = v1.RoleRef{
+		Kind:     "ClusterRole",
+		Name:     username,
+		APIGroup: "rbac.authorization.k8s.io",
+	}
+	ret = append(ret, uo.FromStructMust(clusterRoleBinding))
+
+	var roleBinding v1.ClusterRoleBinding
+	roleBinding.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("RoleBinding"))
+	roleBinding.Name = username
+	roleBinding.Namespace = namespace
+	roleBinding.Subjects = append(roleBinding.Subjects, v1.Subject{
+		Kind: "User",
+		Name: username,
+	})
+	roleBinding.RoleRef = v1.RoleRef{
+		Kind:     "Role",
+		Name:     username,
+		APIGroup: "rbac.authorization.k8s.io",
+	}
+	ret = append(ret, uo.FromStructMust(roleBinding))
+
+	return ret
 }
 
 func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
@@ -211,7 +220,7 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	rbac := buildSingleNamespaceRbac(username, p.TestSlug())
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), []schema.GroupResource{{Group: "", Resource: "configmaps"}})
 	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
 		{Name: "rbac.yaml", Content: rbac},
 	}, nil)
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 1ea99bb8e..ab5f7e305 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -65,7 +65,7 @@ func waitReadiness(k *test_utils.EnvTestCluster, x *uo.UnstructuredObject) {
 		if err != nil {
 			panic(err)
 		}
-		vr := validation.ValidateObject(nil, uo.FromUnstructured(u), true, true)
+		vr := validation.ValidateObject(context.TODO(), nil, uo.FromUnstructured(u), true, true)
 		if vr.Ready {
 			break
 		} else {
diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index ba0f77b75..6916d16b2 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -91,7 +91,7 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
 			continue
 		}
-		r := validation.ValidateObject(cmd.targetCtx.SharedContext.K, remoteObject, true, false)
+		r := validation.ValidateObject(ctx, cmd.targetCtx.SharedContext.K, remoteObject, true, false)
 		if !r.Ready {
 			ret.Ready = false
 		}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 7d7292bb1..7a85cf9db 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -515,7 +515,7 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 		} else {
 			seen = true
 
-			v := validation.ValidateObject(a.k, o, false, false)
+			v := validation.ValidateObject(a.ctx, a.k, o, false, false)
 			if v.Ready {
 				if didLog {
 					a.sctx.InfoFallbackf("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index b23b79c98..bb9c05843 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -1,8 +1,10 @@
 package validation
 
 import (
+	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -44,7 +46,7 @@ const (
 	reactNotReady
 )
 
-func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool, forceStatusRequired bool) (ret result.ValidateResult) {
+func ValidateObject(ctx context.Context, k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError bool, forceStatusRequired bool) (ret result.ValidateResult) {
 	ref := o.GetK8sRef()
 
 	// We assume all is good in case no validation is performed
@@ -131,34 +133,22 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 			addNotReady("no status available yet")
 			return
 		}
-		if k == nil {
-			// can't really say anything...
-			return
-		}
-		s, err := k.GetSchemaForGVK(ref.GroupVersionKind())
-		if err != nil && !errors.IsNotFound(err) {
-			addError(err.Error())
-			return
-		}
-		if s == nil {
-			return
-		} else {
-			_, ok, _ := s.GetNestedObject("properties", "status")
-			if !ok {
-				// it has no status, so all is good
-				return
-			}
 
+		required, err := checkStatusRequired(ctx, k, o.GetK8sRef())
+		if err != nil {
+			addError(err.Error())
+		} else if required == statusRequiredYes {
 			age := time.Now().Sub(o.GetK8sCreationTime())
 			if age > 15*time.Second {
 				// TODO this is a hack for CRDs that pretend that a status should be there but the corresponding
 				// controllers/operators don't set it for whatever reason (e.g. cilium)
 				return
 			}
-
 			addNotReady("no status available yet")
-			return
+		} else if required == statusRequiredUnknown {
+			addWarning("unable to determine if a status is expected. This usually happens when you don't have permission to list CRDs or status sub-resources")
 		}
+		return
 	}
 
 	findConditions := func(typ string, er errorReaction, doRaise bool) []condition {
@@ -410,3 +400,43 @@ func ValidateObject(k *k8s.K8sCluster, o *uo.UnstructuredObject, notReadyIsError
 	}
 	return
 }
+
+type statusRequired int
+
+const (
+	statusRequiredYes statusRequired = iota
+	statusRequiredNo
+	statusRequiredUnknown
+)
+
+func checkStatusRequired(ctx context.Context, k *k8s.K8sCluster, ref k8s2.ObjectRef) (statusRequired, error) {
+	if k == nil {
+		// can't really say anything...
+		return statusRequiredUnknown, nil
+	}
+
+	ret, err := checkStatusRequiredByCRD(ctx, k, ref)
+	if err != nil {
+		return statusRequiredUnknown, err
+	}
+	if ret != statusRequiredUnknown {
+		return ret, nil
+	}
+	return ret, nil
+}
+
+func checkStatusRequiredByCRD(ctx context.Context, k *k8s.K8sCluster, ref k8s2.ObjectRef) (statusRequired, error) {
+	s, err := k.GetSchemaForGVK(ref.GroupVersionKind())
+	if err == nil {
+		_, ok, _ := s.GetNestedObject("properties", "status")
+		if !ok {
+			// it has no status, so all is good
+			return statusRequiredNo, nil
+		}
+		return statusRequiredYes, nil
+	} else if errors.IsNotFound(err) || errors.IsForbidden(err) {
+		return statusRequiredUnknown, nil
+	} else {
+		return statusRequiredUnknown, err
+	}
+}

From 4d95593ba8d2f33df0edadfa382ebe05749135db Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 15:12:12 +0100
Subject: [PATCH 2005/2268] fix: Implement fallback for requrired status field
 check

---
 pkg/validation/validation.go | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index bb9c05843..796fb6a50 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"regexp"
 	"strconv"
@@ -422,6 +423,11 @@ func checkStatusRequired(ctx context.Context, k *k8s.K8sCluster, ref k8s2.Object
 	if ret != statusRequiredUnknown {
 		return ret, nil
 	}
+
+	ret, err = checkStatusRequiredBySubresource(ctx, k, ref)
+	if err != nil {
+		return statusRequiredUnknown, err
+	}
 	return ret, nil
 }
 
@@ -440,3 +446,28 @@ func checkStatusRequiredByCRD(ctx context.Context, k *k8s.K8sCluster, ref k8s2.O
 		return statusRequiredUnknown, err
 	}
 }
+
+func checkStatusRequiredBySubresource(ctx context.Context, k *k8s.K8sCluster, ref k8s2.ObjectRef) (statusRequired, error) {
+	c, err := k.ToClient()
+	if err != nil {
+		return statusRequiredUnknown, err
+	}
+
+	// test if status sub-resource can generally be retrieved via a GET on the subresource, which in indicates the
+	// resource is well known to contain a status
+	var o unstructured.Unstructured
+	o.SetNamespace(ref.Namespace)
+	o.SetName(ref.Name)
+	o.SetGroupVersionKind(ref.GroupVersionKind())
+	err = c.SubResource("status").Get(ctx, &o, &unstructured.Unstructured{})
+	if err == nil {
+		return statusRequiredYes, nil
+	} else if errors.IsNotFound(err) {
+		// looks like the resource has no status sub-resource
+		return statusRequiredNo, nil
+	} else if errors.IsForbidden(err) {
+		return statusRequiredUnknown, nil
+	} else {
+		return statusRequiredUnknown, err
+	}
+}

From f1125e73598b04093e984450ea38c24f9426e0f5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 15:45:10 +0100
Subject: [PATCH 2006/2268] tests: Don't use kluctl to apply RBAC

---
 e2e/remote_objects_permission_test.go | 15 +++++----------
 e2e/test-utils/envtest_cluster.go     | 17 +++++++++++++++++
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 1acae804d..880586063 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -23,11 +23,6 @@ func buildSingleNamespaceRbac(username string, namespace string, resources []sch
 		ResourceNames: []string{namespace},
 		Verbs:         []string{"create", "update", "patch", "get", "list", "watch"},
 	})
-	clusterRole.Rules = append(clusterRole.Rules, v1.PolicyRule{
-		APIGroups: []string{"rbac.authorization.k8s.io"},
-		Resources: []string{"*"},
-		Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
-	})
 	ret = append(ret, uo.FromStructMust(clusterRole))
 
 	var role v1.Role
@@ -213,6 +208,11 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), []schema.GroupResource{{Group: "", Resource: "configmaps"}})
+	for _, x := range rbac {
+		k.MustApply(t, x)
+	}
+
 	p.UpdateTarget("test", nil)
 
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
@@ -220,11 +220,6 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 		namespace: p.TestSlug(),
 	})
 
-	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), []schema.GroupResource{{Group: "", Resource: "configmaps"}})
-	p.AddKustomizeDeployment("rbac", []test_project.KustomizeResource{
-		{Name: "rbac.yaml", Content: rbac},
-	}, nil)
-
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index 9fe0dfa92..15ab986f4 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/version"
@@ -191,3 +192,19 @@ func (c *EnvTestCluster) List(gvr schema.GroupVersionResource, namespace string,
 	}
 	return ret, nil
 }
+
+func (c *EnvTestCluster) Apply(o *uo.UnstructuredObject) error {
+	var x unstructured.Unstructured
+	err := o.ToStruct(&x)
+	if err != nil {
+		return err
+	}
+	return c.Client.Patch(context.Background(), &x, client.Apply, client.FieldOwner("envtestcluster"))
+}
+
+func (c *EnvTestCluster) MustApply(t *testing.T, o *uo.UnstructuredObject) {
+	err := c.Apply(o)
+	if err != nil {
+		t.Fatal(err)
+	}
+}

From 4271875f898f10bd461c8fb6bd64d1e6cd2afc37 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 16:47:15 +0100
Subject: [PATCH 2007/2268] tests: Test validation without permissions to
 determine status requirements

---
 e2e/remote_objects_permission_test.go |  11 ++-
 e2e/test-utils/envtest_cluster.go     |  16 ++++
 e2e/test_resources/example-crds.yaml  |  45 +++++++++++
 e2e/validate_test.go                  | 103 ++++++++++++++++++++++++++
 4 files changed, 173 insertions(+), 2 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 880586063..8a831f4f7 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -11,7 +11,7 @@ import (
 	"testing"
 )
 
-func buildSingleNamespaceRbac(username string, namespace string, resources []schema.GroupResource) []*uo.UnstructuredObject {
+func buildSingleNamespaceRbac(username string, namespace string, globalResources []schema.GroupResource, resources []schema.GroupResource) []*uo.UnstructuredObject {
 	var ret []*uo.UnstructuredObject
 
 	var clusterRole v1.ClusterRole
@@ -23,6 +23,13 @@ func buildSingleNamespaceRbac(username string, namespace string, resources []sch
 		ResourceNames: []string{namespace},
 		Verbs:         []string{"create", "update", "patch", "get", "list", "watch"},
 	})
+	for _, r := range globalResources {
+		clusterRole.Rules = append(clusterRole.Rules, v1.PolicyRule{
+			APIGroups: []string{r.Group},
+			Resources: []string{r.Resource},
+			Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
+		})
+	}
 	ret = append(ret, uo.FromStructMust(clusterRole))
 
 	var role v1.Role
@@ -208,7 +215,7 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), []schema.GroupResource{{Group: "", Resource: "configmaps"}})
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), nil, []schema.GroupResource{{Group: "", Resource: "configmaps"}})
 	for _, x := range rbac {
 		k.MustApply(t, x)
 	}
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index 15ab986f4..d3dcfe700 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -208,3 +208,19 @@ func (c *EnvTestCluster) MustApply(t *testing.T, o *uo.UnstructuredObject) {
 		t.Fatal(err)
 	}
 }
+
+func (c *EnvTestCluster) ApplyStatus(o *uo.UnstructuredObject) error {
+	var x unstructured.Unstructured
+	err := o.ToStruct(&x)
+	if err != nil {
+		return err
+	}
+	return c.Client.SubResource("status").Patch(context.Background(), &x, client.Apply, client.FieldOwner("envtestcluster"))
+}
+
+func (c *EnvTestCluster) MustApplyStatus(t *testing.T, o *uo.UnstructuredObject) {
+	err := c.ApplyStatus(o)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/e2e/test_resources/example-crds.yaml b/e2e/test_resources/example-crds.yaml
index f7e8b43ce..8457c90cb 100644
--- a/e2e/test_resources/example-crds.yaml
+++ b/e2e/test_resources/example-crds.yaml
@@ -38,3 +38,48 @@ spec:
     # shortNames allow shorter string to match your resource on the CLI
     shortNames:
       - ct
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  # name must match the spec fields below, and be in the form: <plural>.<group>
+  name: crontabstatuses.stable.example.com
+spec:
+  # group name to use for REST API: /apis/<group>/<version>
+  group: stable.example.com
+  # list of versions supported by this CustomResourceDefinition
+  versions:
+    - name: v1
+      # Each version can be enabled/disabled by Served flag.
+      served: true
+      # One and only one version must be marked as the storage version.
+      storage: true
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                cronSpec:
+                  type: string
+                image:
+                  type: string
+                replicas:
+                  type: integer
+            status:
+              x-kubernetes-preserve-unknown-fields: true
+  # either Namespaced or Cluster
+  scope: Namespaced
+  names:
+    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+    plural: crontabstatuses
+    # singular name to be used as an alias on the CLI and for display
+    singular: crontabstatuse
+    # kind is normally the CamelCased singular type. Your resource manifests use this.
+    kind: CronTabStatus
+    # shortNames allow shorter string to match your resource on the CLI
+    shortNames:
+      - cts
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 491c51047..205c25e68 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -5,13 +5,17 @@ import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"testing"
+	"time"
 )
 
 func buildDeployment(name string, namespace string, ready bool, annotations map[string]string) *uo.UnstructuredObject {
@@ -176,3 +180,102 @@ func TestValidateSkipRollbackHooks(t *testing.T) {
 
 	assertValidate(t, p, true)
 }
+
+func TestValidateWithoutPermissions(t *testing.T) {
+	t.Parallel()
+
+	// need our own cluster due to CRDs being involved
+	k := createTestCluster(t, "cluster1")
+	test_resources.ApplyYaml(t, "example-crds.yaml", k)
+
+	p := test_project.NewTestProject(t)
+
+	createNamespace(t, k, p.TestSlug())
+
+	username := p.TestSlug()
+	au, err := k.AddUser(envtest.User{Name: username}, nil)
+	assert.NoError(t, err)
+
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), nil, []schema.GroupResource{
+		{Group: "stable.example.com", Resource: "crontabs"},
+		{Group: "stable.example.com", Resource: "crontabstatuses"},
+	})
+	for _, x := range rbac {
+		k.MustApply(t, x)
+	}
+
+	kc, err := au.KubeConfig()
+	assert.NoError(t, err)
+
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, kc))
+
+	cronTab := uo.New()
+	cronTab.SetK8sGVK(schema.GroupVersionKind{Group: "stable.example.com", Version: "v1", Kind: "CronTab"})
+	cronTab.SetK8sNamespace(p.TestSlug())
+	cronTab.SetK8sName("crontab")
+	_ = cronTab.SetNestedField(map[string]any{
+		"cronSpec": "x",
+	}, "spec")
+	cronTab.SetK8sAnnotation("kluctl.io/wait-readiness", "true")
+	cronTab2 := cronTab.Clone()
+	cronTab2.SetK8sGVK(schema.GroupVersionKind{Group: "stable.example.com", Version: "v1", Kind: "CronTabStatus"})
+
+	p.AddKustomizeDeployment("x", []test_project.KustomizeResource{
+		{Name: "crontab.yaml", Content: cronTab},
+		{Name: "crontab2.yaml", Content: cronTab2},
+	}, nil)
+
+	// this should succeed but emit a warning about the wait not knowing if a status is expected
+	stdout, _, err := p.Kluctl(t, "deploy", "--yes")
+	assert.NoError(t, err)
+	assert.Contains(t, stdout, "CronTab/crontab: unable to determine if a status is expected")
+	assert.Contains(t, stdout, "CronTabStatus/crontab: unable to determine if a status is expected")
+
+	testSuccess := func(globalRbacResources []schema.GroupResource, rbacResources []schema.GroupResource) {
+		rbac = buildSingleNamespaceRbac(username, p.TestSlug(), globalRbacResources, rbacResources)
+		for _, x := range rbac {
+			k.MustApply(t, x)
+		}
+
+		// need to reset status
+		err = k.Client.Delete(context.TODO(), cronTab2.ToUnstructured())
+		assert.NoError(t, err)
+
+		// this should succeed without any warning
+		go func() {
+			// set the status sub-resource after a few seconds so that the wait finishes
+			time.Sleep(3 * time.Second)
+			x := cronTab2.Clone()
+			_ = x.SetNestedField("test", "status", "x")
+			k.MustApplyStatus(t, x)
+		}()
+		stdout, _, err = p.Kluctl(t, "deploy", "--yes", "--timeout=10s")
+		assert.NoError(t, err)
+		assert.NotContains(t, stdout, "CronTab/crontab: unable to determine if a status is expected")
+		assert.NotContains(t, stdout, "CronTabStatus/crontab: unable to determine if a status is expected")
+	}
+
+	// status requirement detection via sub-resource GET
+	testSuccess(nil, []schema.GroupResource{
+		{Group: "stable.example.com", Resource: "crontabs"},
+		{Group: "stable.example.com", Resource: "crontabs/status"},
+		{Group: "stable.example.com", Resource: "crontabstatuses"},
+		{Group: "stable.example.com", Resource: "crontabstatuses/status"},
+	})
+	// status requirement detection via CRDs
+	testSuccess([]schema.GroupResource{
+		{Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"},
+	}, []schema.GroupResource{
+		{Group: "stable.example.com", Resource: "crontabs"},
+		{Group: "stable.example.com", Resource: "crontabstatuses"},
+	})
+	// both
+	testSuccess([]schema.GroupResource{
+		{Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"},
+	}, []schema.GroupResource{
+		{Group: "stable.example.com", Resource: "crontabs"},
+		{Group: "stable.example.com", Resource: "crontabs/status"},
+		{Group: "stable.example.com", Resource: "crontabstatuses"},
+		{Group: "stable.example.com", Resource: "crontabstatuses/status"},
+	})
+}

From ab306a330b0d51dbad4e0ce50fe6ce363a66d7c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 16:47:46 +0100
Subject: [PATCH 2008/2268] fix: Properly pass validation warnings to result

---
 pkg/deployment/utils/apply_utils.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 7a85cf9db..a8de532e7 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -520,6 +520,12 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 				if didLog {
 					a.sctx.InfoFallbackf("Finished waiting for %s (%ds elapsed)", ref.String(), elapsed)
 				}
+				for _, e := range v.Errors {
+					a.HandleError(ref, errors2.New(e.Message))
+				}
+				for _, e := range v.Warnings {
+					a.HandleWarning(ref, errors2.New(e.Message))
+				}
 				return true
 			}
 			if len(v.Errors) != 0 {
@@ -527,7 +533,10 @@ func (a *ApplyUtil) WaitReadiness(ref k8s2.ObjectRef, timeout time.Duration) boo
 					status.Warningf(a.ctx, "Cancelled waiting for %s due to errors (%ds elapsed)", ref.String(), elapsed)
 				}
 				for _, e := range v.Errors {
-					a.HandleError(ref, fmt.Errorf(e.Message))
+					a.HandleError(ref, errors2.New(e.Message))
+				}
+				for _, e := range v.Warnings {
+					a.HandleWarning(ref, errors2.New(e.Message))
 				}
 				return false
 			}

From 8ae861c8f08a6ab753b6157beeb64be4ae0835b0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 17:36:08 +0100
Subject: [PATCH 2009/2268] fix: First check status requirement by looking into
 the client scheme

---
 pkg/validation/validation.go | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/pkg/validation/validation.go b/pkg/validation/validation.go
index 796fb6a50..fcb17956c 100644
--- a/pkg/validation/validation.go
+++ b/pkg/validation/validation.go
@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@@ -416,7 +417,15 @@ func checkStatusRequired(ctx context.Context, k *k8s.K8sCluster, ref k8s2.Object
 		return statusRequiredUnknown, nil
 	}
 
-	ret, err := checkStatusRequiredByCRD(ctx, k, ref)
+	ret, err := checkStatusRequiredByScheme(k, ref)
+	if err != nil {
+		return statusRequiredUnknown, err
+	}
+	if ret != statusRequiredUnknown {
+		return ret, nil
+	}
+
+	ret, err = checkStatusRequiredByCRD(ctx, k, ref)
 	if err != nil {
 		return statusRequiredUnknown, err
 	}
@@ -431,6 +440,26 @@ func checkStatusRequired(ctx context.Context, k *k8s.K8sCluster, ref k8s2.Object
 	return ret, nil
 }
 
+func checkStatusRequiredByScheme(k *k8s.K8sCluster, ref k8s2.ObjectRef) (statusRequired, error) {
+	c, err := k.ToClient()
+	if err != nil {
+		return statusRequiredUnknown, err
+	}
+
+	x, err := c.Scheme().New(ref.GroupVersionKind())
+	if err != nil {
+		return statusRequiredUnknown, nil
+	}
+
+	t := reflect.Indirect(reflect.ValueOf(x)).Type()
+	f, ok := t.FieldByName("Status")
+	if !ok {
+		return statusRequiredNo, nil
+	}
+	_ = f
+	return statusRequiredYes, nil
+}
+
 func checkStatusRequiredByCRD(ctx context.Context, k *k8s.K8sCluster, ref k8s2.ObjectRef) (statusRequired, error) {
 	s, err := k.GetSchemaForGVK(ref.GroupVersionKind())
 	if err == nil {

From 22d1360d5cf6a4ffa80c90c69563766db65afd26 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 20 Mar 2024 17:36:31 +0100
Subject: [PATCH 2010/2268] tests: Test for ConfigMap readiness

---
 e2e/validate_test.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 205c25e68..db7191638 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -197,6 +197,7 @@ func TestValidateWithoutPermissions(t *testing.T) {
 	assert.NoError(t, err)
 
 	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), nil, []schema.GroupResource{
+		{Group: "", Resource: "configmaps"},
 		{Group: "stable.example.com", Resource: "crontabs"},
 		{Group: "stable.example.com", Resource: "crontabstatuses"},
 	})
@@ -224,6 +225,14 @@ func TestValidateWithoutPermissions(t *testing.T) {
 		{Name: "crontab.yaml", Content: cronTab},
 		{Name: "crontab2.yaml", Content: cronTab2},
 	}, nil)
+	// a configmap should always be considered ready thanks to the scheme based check
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+		annotations: map[string]string{
+			"kluctl.io/wait-readiness": "true",
+		},
+	})
 
 	// this should succeed but emit a warning about the wait not knowing if a status is expected
 	stdout, _, err := p.Kluctl(t, "deploy", "--yes")
@@ -257,6 +266,7 @@ func TestValidateWithoutPermissions(t *testing.T) {
 
 	// status requirement detection via sub-resource GET
 	testSuccess(nil, []schema.GroupResource{
+		{Group: "", Resource: "configmaps"},
 		{Group: "stable.example.com", Resource: "crontabs"},
 		{Group: "stable.example.com", Resource: "crontabs/status"},
 		{Group: "stable.example.com", Resource: "crontabstatuses"},
@@ -266,6 +276,7 @@ func TestValidateWithoutPermissions(t *testing.T) {
 	testSuccess([]schema.GroupResource{
 		{Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"},
 	}, []schema.GroupResource{
+		{Group: "", Resource: "configmaps"},
 		{Group: "stable.example.com", Resource: "crontabs"},
 		{Group: "stable.example.com", Resource: "crontabstatuses"},
 	})
@@ -273,6 +284,7 @@ func TestValidateWithoutPermissions(t *testing.T) {
 	testSuccess([]schema.GroupResource{
 		{Group: "apiextensions.k8s.io", Resource: "customresourcedefinitions"},
 	}, []schema.GroupResource{
+		{Group: "", Resource: "configmaps"},
 		{Group: "stable.example.com", Resource: "crontabs"},
 		{Group: "stable.example.com", Resource: "crontabs/status"},
 		{Group: "stable.example.com", Resource: "crontabstatuses"},

From 4d3f76351e35561331bb432937f646c765e79da0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 09:23:18 +0100
Subject: [PATCH 2011/2268] fix: Don't crash on oci push when git repo has no
 remote

---
 cmd/kluctl/commands/cmd_oci_push.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index a9e01463f..7b8037dce 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -98,10 +98,12 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 	}
 
 	meta := client.Metadata{
-		Source:      gitInfo.Url.String(),
 		Revision:    gitInfo.Commit,
 		Annotations: annotations,
 	}
+	if gitInfo.Url != nil {
+		meta.Source = gitInfo.Url.String()
+	}
 
 	ctx, cancel := context.WithTimeout(ctx, cmd.Timeout)
 	defer cancel()

From 8505cfdef436aaf24202ec279b6cc193d6e4a431 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:36:00 +0100
Subject: [PATCH 2012/2268] chore(deps): Bump actions/checkout from 3 to 4
 (#998)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/check-links-cron.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check-links-cron.yml b/.github/workflows/check-links-cron.yml
index d3140b2e3..11cc27391 100644
--- a/.github/workflows/check-links-cron.yml
+++ b/.github/workflows/check-links-cron.yml
@@ -12,7 +12,7 @@ jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Check links on changed files
         run: |
           make markdown-link-check

From 331af9b3cfa2fdf8768ed32e182b8706d57ef444 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:36:24 +0100
Subject: [PATCH 2013/2268] chore(deps): Bump github.com/stretchr/testify from
 1.8.4 to 1.9.0 (#1001)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4ce6958b0..28053a638 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.2
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.20.0
 	golang.org/x/net v0.21.0
diff --git a/go.sum b/go.sum
index 2adf239c4..36986c501 100644
--- a/go.sum
+++ b/go.sum
@@ -634,8 +634,9 @@ github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMV
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -646,8 +647,9 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=

From 30be0d3e49da6ab810c5e5b68034335d6a58f919 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:36:42 +0100
Subject: [PATCH 2014/2268] chore(deps): Bump the golang-x group with 4 updates
 (#1004)

Bumps the golang-x group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/crypto` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/net` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0)

Updates `golang.org/x/sys` from 0.17.0 to 0.18.0
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

Updates `golang.org/x/oauth2` from 0.17.0 to 0.18.0
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 28053a638..3053f7315 100644
--- a/go.mod
+++ b/go.mod
@@ -33,11 +33,11 @@ require (
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.9.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.20.0
-	golang.org/x/net v0.21.0
+	golang.org/x/crypto v0.21.0
+	golang.org/x/net v0.22.0
 	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.17.0
-	golang.org/x/term v0.17.0 // indirect
+	golang.org/x/sys v0.18.0
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0
 	helm.sh/helm/v3 v3.13.3
 	k8s.io/api v0.29.2
@@ -84,7 +84,7 @@ require (
 	github.com/prometheus/client_golang v1.19.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	golang.org/x/oauth2 v0.17.0
+	golang.org/x/oauth2 v0.18.0
 	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80
 	google.golang.org/grpc v1.62.0
 	google.golang.org/protobuf v1.32.0
diff --git a/go.sum b/go.sum
index 36986c501..12353dd55 100644
--- a/go.sum
+++ b/go.sum
@@ -722,8 +722,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg=
-golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
@@ -754,11 +754,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -791,15 +791,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 55a882e5576e9a9d3886d2ea632504d794682ac2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:37:08 +0100
Subject: [PATCH 2015/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#1013)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.17.0 to 0.19.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.17.0...v0.19.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3053f7315..71a338d72 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/go-playground/validator/v10 v10.17.0
 	github.com/gobwas/glob v0.2.3
-	github.com/google/go-containerregistry v0.17.0
+	github.com/google/go-containerregistry v0.19.1
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
diff --git a/go.sum b/go.sum
index 12353dd55..e307959d2 100644
--- a/go.sum
+++ b/go.sum
@@ -342,8 +342,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.17.0 h1:5p+zYs/R4VGHkhyvgWurWrpJ2hW4Vv9fQI+GzdcwXLk=
-github.com/google/go-containerregistry v0.17.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=
+github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 4f388773102d5dd060fc5425ba60b7c0f1401565 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:37:20 +0100
Subject: [PATCH 2016/2268] chore(deps): Bump the aws-sdk group with 6 updates
 (#1018)

Bumps the aws-sdk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.25.2` | `1.26.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.4` | `1.27.8` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.4` | `1.17.8` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.27.1` | `1.27.3` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.28.4` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.1` | `1.28.5` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.25.2 to 1.26.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.25.2...v1.26.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.4 to 1.27.8
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.4...config/v1.27.8)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.4 to 1.17.8
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/v1.17.8/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.4...v1.17.8)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.27.1 to 1.27.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.1...config/v1.27.3)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.28.1 to 1.28.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.28.1...service/emr/v1.28.4)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.1 to 1.28.5
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.28.1...service/emr/v1.28.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 24 ++++++++++++------------
 go.sum | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index 71a338d72..fc64ce061 100644
--- a/go.mod
+++ b/go.mod
@@ -55,12 +55,12 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.25.2
-	github.com/aws/aws-sdk-go-v2/config v1.27.4
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.4
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.1
+	github.com/aws/aws-sdk-go-v2 v1.26.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.8
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.8
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5
 	github.com/aws/smithy-go v1.20.1
 	github.com/coreos/go-oidc/v3 v3.9.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -119,15 +119,15 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index e307959d2..1a101b5dc 100644
--- a/go.sum
+++ b/go.sum
@@ -74,36 +74,36 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
-github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
-github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M=
-github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
+github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=
+github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
+github.com/aws/aws-sdk-go-v2/config v1.27.8 h1:0r8epOsiJ7YJz65MGcb8i91ehFp4kvvFe2qkq5oYeRI=
+github.com/aws/aws-sdk-go-v2/config v1.27.8/go.mod h1:XsmYKxYNuIhLsFddpNds+j9H5XKzjWDdg/SZngiwFio=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.8 h1:WUdNLXbyNbU07V/WFrSOBXqZTDgmmMNMgUFzpYOKJhw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.8/go.mod h1:iPZzLpaBIfhyvVS/XGD3JvR1GP3YdHTqpySKDlqkfs8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 h1:S+L2QSKhUuShih3aq9P/mkzDBiOO5tTyVg+vXREfsfg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4/go.mod h1:WjpDrhWisWOIoS9n3nk67A3Ll1vfULJ9Kq6h29HTD48=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1 h1:GFt/4yMrCuMDi4YzKy0HCW9NhwbxoYZUMqIWqWJFsqE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.1/go.mod h1:ydHfHlVpaydWdStDKNcV6BnI0fD+ZwlPWvDgVG2fLt0=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3 h1:gfgt0D8MGL3gHrJPEv4rcWptA4Nz7uYn25ls8lLiANw=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3/go.mod h1:O5Fvd41s5KfDG093xLM7FhGiH6EmhmEli5D5MQH3TWw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1 h1:DtKw4TxZT3VrzYupXQJPBqT9ImyobZZE+JIQPPAVxqs=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.1/go.mod h1:bit9G2ORpSjUTr4PA4usvbBfbOyvMj0LbE1dXF14Sug=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4 h1:5GYToReUFSGP6/zqvG3fv8qNqeetyfsSiPHduHShjAc=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4/go.mod h1:slgOMs1CQu8UVgwoFqEvCi71L4HVoZgM0r8MtcNP6Mc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.3/go.mod h1:5HFu51Elk+4oRBZVxmHrSds5jFXmFj8C3w7DVF2gnrs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3/go.mod h1:b+qdhjnxj8GSR6t5YfphOffeoQSQ1KmpoVVuBn+PWxs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0=
 github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
 github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 660dde37b49ef00786bb8a917f412a26ce08df87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 09:37:51 +0100
Subject: [PATCH 2017/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.16.3 to 0.17.2 (#981)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.16.3 to 0.17.2.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.16.3...v0.17.2)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index fc64ce061..183e3a63b 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.7+incompatible
-	github.com/evanphx/json-patch/v5 v5.7.0
+	github.com/evanphx/json-patch/v5 v5.8.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
@@ -91,7 +91,7 @@ require (
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.16.3
+	sigs.k8s.io/controller-runtime v0.17.2
 	sigs.k8s.io/kustomize/api v0.16.0
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 1a101b5dc..dd9cb113a 100644
--- a/go.sum
+++ b/go.sum
@@ -216,8 +216,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU
 github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
-github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro=
+github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
@@ -927,8 +927,8 @@ oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
-sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
+sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0=
+sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g=

From f9d6d0135618e09ec03da3f9e03e38c667acb268 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Mar 2024 10:18:01 +0100
Subject: [PATCH 2018/2268] chore(deps): Bump github.com/evanphx/json-patch/v5
 from 5.7.0 to 5.9.0 (#968)

Bumps [github.com/evanphx/json-patch/v5](https://github.com/evanphx/json-patch) from 5.7.0 to 5.9.0.
- [Release notes](https://github.com/evanphx/json-patch/releases)
- [Commits](https://github.com/evanphx/json-patch/compare/v5.7.0...v5.9.0)

---
updated-dependencies:
- dependency-name: github.com/evanphx/json-patch/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 183e3a63b..772c8e207 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/docker/cli v24.0.7+incompatible
-	github.com/evanphx/json-patch/v5 v5.8.0
+	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-gonic/gin v1.9.1
diff --git a/go.sum b/go.sum
index dd9cb113a..33bb73dcd 100644
--- a/go.sum
+++ b/go.sum
@@ -216,8 +216,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU
 github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro=
-github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
+github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=

From 37fb5eb20d35b3aeeab0246fb65afd771c20d433 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 11:04:16 +0100
Subject: [PATCH 2019/2268] chore: Upgrade go-jinja2 to
 v0.0.0-20240321095105-c4279600dc1c (#1024)

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 772c8e207..5cde24195 100644
--- a/go.mod
+++ b/go.mod
@@ -17,8 +17,8 @@ require (
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e
+	github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1
+	github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
@@ -214,7 +214,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
diff --git a/go.sum b/go.sum
index 33bb73dcd..8e447da5e 100644
--- a/go.sum
+++ b/go.sum
@@ -441,15 +441,15 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
+github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
 github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1 h1:FRjmtgCHeK4IcZTOosx5tJ8LZ4VDMzFaaXBylsMRAGQ=
-github.com/kluctl/go-embed-python v0.0.0-3.11.7-20240107-1/go.mod h1:nhLUuBr5jJ6TMy4RlZn0wEtGC/RuTfERNVHyP1t0joI=
-github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e h1:la0Z8jPORDnWN0qFuuJul9LfS9d71CB8rlecg3DcdXU=
-github.com/kluctl/go-jinja2 v0.0.0-20240304095917-f7191e3c936e/go.mod h1:tf65M11BQMkV4k2ukb8dkxCho7VuG86LcJdzE8kuR3U=
+github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1 h1:iTRFxf3UDQw9vMqs128iCuCKA99u0lptLzp6ceDYfHc=
+github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1/go.mod h1:FJ7V83X5BIqrkPpy2Lmlu2zoDpUnQfVfGpMeRbI0hQ4=
+github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c h1:RJRccOHbOwGaxy2TF8tsixgUMEiWyoXhdHGvH5Gojrg=
+github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c/go.mod h1:GkpC2+7HUb0iE8BFOmBii3iYWEJmdh9+qr1XhL3zXF8=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From 077e1fb6f8501290549d48f8c1e4b4abe1f0da83 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 11:36:31 +0100
Subject: [PATCH 2020/2268] chore: Upgrade go to 1.22 and upgrade all packages
 via go get -u ./... (#1025)

* chore: Upgrade to go 1.22

* chore: Run go get -u ./... to upgrade all dependencies

# Conflicts:
#	go.mod
#	go.sum
---
 .github/workflows/nightly.yml       |   2 +-
 .github/workflows/preview-proxy.yml |   2 +-
 .github/workflows/preview-run.yml   |   2 +-
 .github/workflows/release.yml       |   2 +-
 .github/workflows/tests.yml         |   6 +-
 go.mod                              | 152 ++++++------
 go.sum                              | 349 ++++++++++++++--------------
 7 files changed, 251 insertions(+), 264 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 2a883ae98..5dea80811 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22
       - uses: actions/setup-node@v4
         with:
           node-version: 20
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index c71255846..28b3be36c 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -37,7 +37,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22
       - name: Install some tools
         run: |
           sudo apt update
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 28b291bb6..e357eaa5d 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22
       - uses: actions/setup-node@v4
         with:
           node-version: 20
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 09d77bec9..e9fd145a7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 26f49a5e9..60a15c7d3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - uses: actions/setup-node@v4
         with:
           node-version: 20
@@ -122,7 +122,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - uses: actions/cache@v4
         with:
           path: |
@@ -187,7 +187,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - uses: actions/cache@v4
         with:
           path: |
diff --git a/go.mod b/go.mod
index 5cde24195..c4f69c667 100644
--- a/go.mod
+++ b/go.mod
@@ -1,18 +1,18 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.21
+go 1.22
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/bitnami-labs/sealed-secrets v0.24.5
+	github.com/bitnami-labs/sealed-secrets v0.26.1
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/go-playground/validator/v10 v10.17.0
+	github.com/go-playground/validator/v10 v10.19.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.19.1
-	github.com/hashicorp/vault/api v1.10.0
+	github.com/hashicorp/vault/api v1.12.2
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
@@ -23,7 +23,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.21.0
+	github.com/ohler55/ojg v1.21.4
 	github.com/pkg/errors v0.9.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.12.0
@@ -39,18 +39,18 @@ require (
 	golang.org/x/sys v0.18.0
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0
-	helm.sh/helm/v3 v3.13.3
-	k8s.io/api v0.29.2
-	k8s.io/apiextensions-apiserver v0.29.2
-	k8s.io/apimachinery v0.29.2
-	k8s.io/client-go v0.29.2
+	helm.sh/helm/v3 v3.14.3
+	k8s.io/api v0.29.3
+	k8s.io/apiextensions-apiserver v0.29.3
+	k8s.io/apimachinery v0.29.3
+	k8s.io/client-go v0.29.3
 	k8s.io/klog/v2 v2.120.1
 	sigs.k8s.io/kustomize/kyaml v0.16.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 )
 
 require (
-	cloud.google.com/go/secretmanager v1.11.5
+	cloud.google.com/go/secretmanager v1.12.0
 	filippo.io/age v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
@@ -62,10 +62,10 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5
 	github.com/aws/smithy-go v1.20.1
-	github.com/coreos/go-oidc/v3 v3.9.0
+	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
-	github.com/docker/cli v24.0.7+incompatible
+	github.com/docker/cli v26.0.0+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v0.0.5
@@ -75,7 +75,7 @@ require (
 	github.com/go-logr/logr v1.4.1
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.12.0
+	github.com/googleapis/gax-go/v2 v2.12.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
 	github.com/onsi/gomega v1.31.1
@@ -85,9 +85,9 @@ require (
 	github.com/sergi/go-diff v1.3.1
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	golang.org/x/oauth2 v0.18.0
-	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80
-	google.golang.org/grpc v1.62.0
-	google.golang.org/protobuf v1.32.0
+	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
+	google.golang.org/grpc v1.62.1
+	google.golang.org/protobuf v1.33.0
 	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
@@ -97,26 +97,26 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute v1.25.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.5 // indirect
-	cloud.google.com/go/kms v1.15.5 // indirect
+	cloud.google.com/go/iam v1.1.7 // indirect
+	cloud.google.com/go/kms v1.15.8 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.11.4 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/Microsoft/hcsshim v0.12.0 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 // indirect
@@ -125,7 +125,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -134,29 +134,28 @@ require (
 	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
 	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
 	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
-	github.com/bytedance/sonic v1.10.2 // indirect
+	github.com/bytedance/sonic v1.11.3 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/containerd/containerd v1.7.11 // indirect
+	github.com/containerd/containerd v1.7.14 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/docker v24.0.7+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.8.0 // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/docker v26.0.0+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.1 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -167,19 +166,20 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
@@ -194,7 +194,7 @@ require (
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.2.2 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
@@ -205,7 +205,7 @@ require (
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -213,13 +213,12 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/karrick/godirwalk v1.17.0 // indirect
 	github.com/klauspost/compress v1.17.7 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -229,34 +228,33 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
-	github.com/opencontainers/runc v1.1.6 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/rubenv/sql-migrate v1.5.2 // indirect
+	github.com/prometheus/client_model v0.6.0 // indirect
+	github.com/prometheus/common v0.50.0 // indirect
+	github.com/prometheus/procfs v0.13.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rubenv/sql-migrate v1.6.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
@@ -275,36 +273,36 @@ require (
 	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
-	go.opentelemetry.io/otel v1.22.0 // indirect
-	go.opentelemetry.io/otel/metric v1.22.0 // indirect
-	go.opentelemetry.io/otel/trace v1.22.0 // indirect
-	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.starlark.net v0.0.0-20240314022150-ee8ed142361c // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/arch v0.6.0 // indirect
-	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/arch v0.7.0 // indirect
+	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
+	golang.org/x/mod v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.16.1 // indirect
+	golang.org/x/tools v0.19.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.160.0 // indirect
+	google.golang.org/api v0.170.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
-	gopkg.in/evanphx/json-patch.v5 v5.7.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.29.2 // indirect
-	k8s.io/cli-runtime v0.29.0 // indirect
-	k8s.io/component-base v0.29.2 // indirect
-	k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 // indirect
-	k8s.io/kubectl v0.29.0 // indirect
-	k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
-	oras.land/oras-go v1.2.4 // indirect
+	k8s.io/apiserver v0.29.3 // indirect
+	k8s.io/cli-runtime v0.29.3 // indirect
+	k8s.io/component-base v0.29.3 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kubectl v0.29.3 // indirect
+	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
+	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index 8e447da5e..4818b5457 100644
--- a/go.sum
+++ b/go.sum
@@ -1,16 +1,16 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
-cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
-cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
-cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
+cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
+cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
+cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
-cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
-cloud.google.com/go/kms v1.15.5 h1:pj1sRfut2eRbD9pFRjNnPNg/CzJPuQAzUujMIM1vVeM=
-cloud.google.com/go/kms v1.15.5/go.mod h1:cU2H5jnp6G2TDpUGZyqTCoy1n16fbubHZjmVXSMtwDI=
-cloud.google.com/go/secretmanager v1.11.5 h1:82fpF5vBBvu9XW4qj0FU2C6qVMtj1RM/XHwKXUEAfYY=
-cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4=
+cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM=
+cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA=
+cloud.google.com/go/kms v1.15.8 h1:szIeDCowID8th2i8XE4uRev5PMxQFqW+JjwYxL9h6xs=
+cloud.google.com/go/kms v1.15.8/go.mod h1:WoUHcDjD9pluCg7pNds131awnH429QGvRM3N/4MyoVs=
+cloud.google.com/go/secretmanager v1.12.0 h1:e5pIo/QEgiFiHPVJPxM5jbtUr4O/u5h2zLHYtkFQr24=
+cloud.google.com/go/secretmanager v1.12.0/go.mod h1:Y1Gne3Ag+fZ2TDTiJc8ZJCMFbi7k1rYT4Rw30GXfvlk=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
@@ -27,21 +27,21 @@ github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
-github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
+github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -56,12 +56,12 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
-github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
+github.com/Microsoft/hcsshim v0.12.0 h1:rbICA+XZFwrBef2Odk++0LjFvClNCJGRK+fsrP254Ts=
+github.com/Microsoft/hcsshim v0.12.0/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
+github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -94,8 +94,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibR
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU=
-github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xWedMuANiNVXiD2S8=
-github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8=
+github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU=
+github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4 h1:5GYToReUFSGP6/zqvG3fv8qNqeetyfsSiPHduHShjAc=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4/go.mod h1:slgOMs1CQu8UVgwoFqEvCi71L4HVoZgM0r8MtcNP6Mc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=
@@ -112,8 +112,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/sealed-secrets v0.24.5 h1:C5zx29thAk0D/0zZnwxjVcxVe428Ah70AwmJaRee95o=
-github.com/bitnami-labs/sealed-secrets v0.24.5/go.mod h1:I8Wm+jD3QHt4t3j5XQIRarRulDLv3OG7vpObtddl36w=
+github.com/bitnami-labs/sealed-secrets v0.26.1 h1:2s57Rjp9dWuKb89NGz7CU7a+7iUT8ENYLhlhZPmYWqM=
+github.com/bitnami-labs/sealed-secrets v0.26.1/go.mod h1:K1dzHruRZ97e0s2efg4D9vyerqbY9XtXGS3Wk+Ux+LQ=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
@@ -127,8 +127,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
-github.com/bytedance/sonic v1.10.2 h1:GQebETVBxYB7JGWJtLBi07OVzWwt+8dWA00gEVW2ZFE=
-github.com/bytedance/sonic v1.10.2/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/bytedance/sonic v1.11.3 h1:jRN+yEjakWh8aK5FzrciUHG8OFXK+4/KrAX/ysEtHAA=
+github.com/bytedance/sonic v1.11.3/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
@@ -150,24 +150,25 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
-github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
-github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw=
-github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE=
+github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
+github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
+github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA=
+github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
+github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
-github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo=
-github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4=
+github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
+github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
@@ -184,16 +185,16 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
-github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
-github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I=
+github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
-github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
-github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
-github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/docker v26.0.0+incompatible h1:Ng2qi+gdKADUa/VM+6b6YaY2nlZhk/lVJiKR/2bMudU=
+github.com/docker/docker v26.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
+github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
@@ -204,18 +205,16 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
+github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
-github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
-github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
-github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
+github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
@@ -257,8 +256,10 @@ github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0 h1:XBPz8KeTUbi
 github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0/go.mod h1:rGg8aLOxsDU5LgK8kiSJUzXaTPmwYZQYCj4+ouohMuM=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
-github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
+github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -269,22 +270,20 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
-github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.17.0 h1:SmVVlfAOtlZncTxRuinDPomC2DkXJ4E5T9gDA0AIH74=
-github.com/go-playground/validator/v10 v10.17.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4=
+github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -292,12 +291,6 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=
-github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs=
-github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=
-github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY=
-github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=
-github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
@@ -305,8 +298,8 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -324,8 +317,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
@@ -361,8 +354,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
-github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
+github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -374,8 +367,8 @@ github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pw
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
@@ -402,12 +395,12 @@ github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
 github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I=
 github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
-github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=
+github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -435,8 +428,6 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=
-github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -444,8 +435,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
 github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
-github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1 h1:iTRFxf3UDQw9vMqs128iCuCKA99u0lptLzp6ceDYfHc=
 github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1/go.mod h1:FJ7V83X5BIqrkPpy2Lmlu2zoDpUnQfVfGpMeRbI0hQ4=
 github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c h1:RJRccOHbOwGaxy2TF8tsixgUMEiWyoXhdHGvH5Gojrg=
@@ -454,7 +445,6 @@ github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgSh
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -467,8 +457,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
-github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -478,12 +468,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
-github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
-github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
-github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
-github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -511,6 +495,8 @@ github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQ
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
@@ -528,33 +514,31 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.21.0 h1:niqSS6yl3PQZJrqh7pKs/zinl4HebGe8urXEfpvlpYY=
-github.com/ohler55/ojg v1.21.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
-github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/ohler55/ojg v1.21.4 h1:2iWyz/xExx0XySVIxR9kWFxIdsLNrpWLrKuAcs5aOZU=
+github.com/ohler55/ojg v1.21.4/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
+github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM=
+github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
-github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA=
-github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss=
+github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8=
 github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
-github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo=
+github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -579,26 +563,26 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
+github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
-github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ=
+github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
+github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
-github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=
-github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is=
+github.com/rubenv/sql-migrate v1.6.1 h1:bo6/sjsan9HaXAsNxYP/jCEDUGibHp8JmOBw7NTGRos=
+github.com/rubenv/sql-migrate v1.6.1/go.mod h1:tPzespupJS0jacLfhbwto/UjSX+8h2FdWB7ar+QlHa0=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
@@ -616,8 +600,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
-github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
+github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
@@ -646,7 +630,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
@@ -689,32 +672,31 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
-go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
-go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
-go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
-go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
-go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
-go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4=
-go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
+go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.starlark.net v0.0.0-20240314022150-ee8ed142361c h1:roAjH18hZcwI4hHStHbkXjF5b7UUyZ/0SG3hXNN1SjA=
+go.starlark.net v0.0.0-20240314022150-ee8ed142361c/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.6.0 h1:S0JTfE48HbRj80+4tbvZDYsJ3tGv6BUU3XxyZ7CirAc=
-golang.org/x/arch v0.6.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc=
+golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -722,11 +704,12 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -734,8 +717,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -754,6 +737,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -791,6 +775,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -798,6 +784,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -809,6 +797,7 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
@@ -823,16 +812,16 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
+golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.160.0 h1:SEspjXHVqE1m5a1fRy8JFB+5jSu+V0GEDKDghF3ttO4=
-google.golang.org/api v0.160.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw=
+google.golang.org/api v0.170.0 h1:zMaruDePM88zxZBG+NG8+reALO2rfLhe/JShitLyT48=
+google.golang.org/api v0.170.0/go.mod h1:/xql9M2btF85xac/VAm4PsLMTLVGUOpq4BE9R8jyNy8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -841,19 +830,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
-google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
-google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8=
-google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
+google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237 h1:PgNlNSx2Nq2/j4juYzQBG0/Zdr+WP4z5N01Vk4VYBCY=
+google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237/go.mod h1:9sVD8c25Af3p0rGs7S7LLsxWKFiJt/65LdSyqXBkX/Y=
+google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4=
+google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
-google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
+google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -865,15 +854,15 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
-google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v5 v5.7.0 h1:dGKGylPlZ/jus2g1YqhhyzfH0gPy2R8/MYUpW/OslTY=
-gopkg.in/evanphx/json-patch.v5 v5.7.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
+gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo=
+gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
@@ -893,37 +882,37 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY=
-helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg=
+helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
+helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A=
-k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0=
-k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg=
-k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8=
-k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8=
-k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU=
-k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ=
-k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ=
-k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4=
-k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk=
-k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
-k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
-k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8=
-k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM=
+k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
+k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI=
+k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc=
+k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
+k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
+k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE=
+k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs=
+k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k=
+k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM=
+k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
+k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo=
+k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
-k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
-k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI=
-k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs=
-k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
-k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
+k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us=
+k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=
 nhooyr.io/websocket v1.8.10/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
-oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
+oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
+oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=

From 662016a80d119eada5938ea23fb9d25143dfa218 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 14:35:35 +0100
Subject: [PATCH 2021/2268] feat: Use Locate function in ListMatchingFields

This works with all supported forms of JSONPath, including wildcards.
---
 pkg/utils/uo/jsonpath.go | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/pkg/utils/uo/jsonpath.go b/pkg/utils/uo/jsonpath.go
index 26d95bed5..874cc9c05 100644
--- a/pkg/utils/uo/jsonpath.go
+++ b/pkg/utils/uo/jsonpath.go
@@ -12,6 +12,21 @@ var isSimpleIdentifier = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]+$`)
 
 type KeyPath []interface{}
 
+func keyPathFromJsonPath(e jp.Expr) (KeyPath, error) {
+	ret := make(KeyPath, 0, len(e))
+	for _, f := range e {
+		switch tf := f.(type) {
+		case jp.Child:
+			ret = append(ret, string(tf))
+		case jp.Nth:
+			ret = append(ret, int(tf))
+		default:
+			return nil, fmt.Errorf("unsupported element in jsonpath: type=%s, path=%s", reflect.TypeOf(f).Name(), e.String())
+		}
+	}
+	return ret, nil
+}
+
 func (kl KeyPath) ToJsonPath() string {
 	p := ""
 	for _, k := range kl {
@@ -66,24 +81,15 @@ func NewMyJsonPathMust(p string) *MyJsonPath {
 }
 
 func (j *MyJsonPath) ListMatchingFields(o *UnstructuredObject) ([]KeyPath, error) {
-	var ret []KeyPath
-
-	o = o.Clone()
-	magic := struct{}{}
-
-	err := j.exp.Set(o.Object, magic)
-	if err != nil {
-		return nil, err
-	}
-
-	_ = o.NewIterator().IterateLeafs(func(it *ObjectIterator) error {
-		if it.Value() == magic {
-			var c []interface{}
-			c = append(c, it.KeyPath()...)
-			ret = append(ret, c)
+	l := j.exp.Locate(o.Object, 0)
+	ret := make([]KeyPath, 0, len(l))
+	for _, e := range l {
+		kp, err := keyPathFromJsonPath(e)
+		if err != nil {
+			return nil, err
 		}
-		return nil
-	})
+		ret = append(ret, kp)
+	}
 
 	return ret, nil
 }

From 8dcda2f473f57943ff5bf34191f1f177aa084faf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 21:23:53 +0100
Subject: [PATCH 2022/2268] feat: Implement conflict resolution config via
 deployment.yaml

---
 pkg/deployment/commands/validate.go  |  63 +++++-----
 pkg/deployment/deployment_project.go |   8 ++
 pkg/deployment/utils/apply_utils.go  |  17 +--
 pkg/deployment/utils/hooks_util.go   |  18 +--
 pkg/diff/managed_fields.go           | 176 +++++++++++++++++++++------
 pkg/diff/managed_fields_test.go      |   3 +-
 pkg/types/deployment.go              |  28 ++++-
 7 files changed, 231 insertions(+), 82 deletions(-)

diff --git a/pkg/deployment/commands/validate.go b/pkg/deployment/commands/validate.go
index 6916d16b2..f07815643 100644
--- a/pkg/deployment/commands/validate.go
+++ b/pkg/deployment/commands/validate.go
@@ -7,7 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 )
 
@@ -42,14 +41,12 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 	}()
 
 	var refs []k8s2.ObjectRef
-	var renderedObjects []*uo.UnstructuredObject
 	discriminator := cmd.discriminator
 
 	for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
 		for _, o := range d.Objects {
 			ref := o.GetK8sRef()
 			refs = append(refs, ref)
-			renderedObjects = append(renderedObjects, o)
 		}
 	}
 	if discriminator == "" {
@@ -63,41 +60,43 @@ func (cmd *ValidateCommand) Run(ctx context.Context) *result.ValidateResult {
 	}
 
 	ad := utils2.NewApplyDeploymentsUtil(ctx, cmd.dew, cmd.ru, cmd.targetCtx.SharedContext.K, &utils2.ApplyUtilOptions{})
-	for _, o := range renderedObjects {
-		if o.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
-			if cmd.ru.GetRemoteObject(o.GetK8sRef()) != nil {
-				cmd.dew.AddError(o.GetK8sRef(), fmt.Errorf("object is marked for deletion but still exists on the target cluster"))
-			}
-			continue
-		}
-
-		au := ad.NewApplyUtil(ctx, nil)
-		h := utils2.NewHooksUtil(au)
-		if hook := h.GetHook(o); hook != nil {
-			if !hook.IsPersistent() {
-				// the hook is not expected to exist after deployment
+	for _, d := range cmd.targetCtx.DeploymentCollection.Deployments {
+		for _, o := range d.Objects {
+			if o.GetK8sAnnotationBoolNoError("kluctl.io/delete", false) {
+				if cmd.ru.GetRemoteObject(o.GetK8sRef()) != nil {
+					cmd.dew.AddError(o.GetK8sRef(), fmt.Errorf("object is marked for deletion but still exists on the target cluster"))
+				}
 				continue
 			}
-			if hook.IsOnlyDelete() || hook.IsOnlyRollback() {
-				// the hook is not expected to be executed
-				continue
+
+			au := ad.NewApplyUtil(ctx, nil)
+			h := utils2.NewHooksUtil(au)
+			if hook := h.GetHook(d, o); hook != nil {
+				if !hook.IsPersistent() {
+					// the hook is not expected to exist after deployment
+					continue
+				}
+				if hook.IsOnlyDelete() || hook.IsOnlyRollback() {
+					// the hook is not expected to be executed
+					continue
+				}
 			}
-		}
 
-		ref := o.GetK8sRef()
+			ref := o.GetK8sRef()
 
-		remoteObject := cmd.ru.GetRemoteObject(ref)
-		if remoteObject == nil {
-			ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
-			continue
-		}
-		r := validation.ValidateObject(ctx, cmd.targetCtx.SharedContext.K, remoteObject, true, false)
-		if !r.Ready {
-			ret.Ready = false
+			remoteObject := cmd.ru.GetRemoteObject(ref)
+			if remoteObject == nil {
+				ret.Errors = append(ret.Errors, result.DeploymentError{Ref: ref, Message: "object not found"})
+				continue
+			}
+			r := validation.ValidateObject(ctx, cmd.targetCtx.SharedContext.K, remoteObject, true, false)
+			if !r.Ready {
+				ret.Ready = false
+			}
+			ret.Errors = append(ret.Errors, r.Errors...)
+			ret.Warnings = append(ret.Warnings, r.Warnings...)
+			ret.Results = append(ret.Results, r.Results...)
 		}
-		ret.Errors = append(ret.Errors, r.Errors...)
-		ret.Warnings = append(ret.Warnings, r.Warnings...)
-		ret.Results = append(ret.Results, r.Results...)
 	}
 
 	return ret
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index c7f124caa..2635c9d78 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -403,3 +403,11 @@ func (p *DeploymentProject) GetIgnoreForDiffs(ignoreTags, ignoreLabels, ignoreAn
 	}
 	return ret
 }
+
+func (p *DeploymentProject) GetConflictResolutionConfigs() []types.ConflictResolutionConfig {
+	var ret []types.ConflictResolutionConfig
+	for _, e := range p.getParents() {
+		ret = append(ret, e.p.Config.ConflictResolution...)
+	}
+	return ret
+}
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 2ee3a8522..9d67b088f 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -296,7 +296,7 @@ func (a *ApplyUtil) retryApplyWithReplace(x *uo.UnstructuredObject, hook bool, r
 	a.handleResult(r, hook)
 }
 
-func (a *ApplyUtil) retryApplyWithConflicts(x *uo.UnstructuredObject, hook bool, remoteObject *uo.UnstructuredObject, applyError error) {
+func (a *ApplyUtil) retryApplyWithConflicts(d *deployment.DeploymentItem, x *uo.UnstructuredObject, hook bool, remoteObject *uo.UnstructuredObject, applyError error) {
 	ref := x.GetK8sRef()
 
 	if remoteObject == nil {
@@ -312,7 +312,10 @@ func (a *ApplyUtil) retryApplyWithConflicts(x *uo.UnstructuredObject, hook bool,
 			return
 		}
 
-		x3, lostOwnership, err := diff.ResolveFieldManagerConflicts(x, remoteObject, statusError.ErrStatus)
+		cr := diff.ConflictResolver{
+			Configs: d.Project.GetConflictResolutionConfigs(),
+		}
+		x3, lostOwnership, err := cr.ResolveConflicts(x, remoteObject, statusError.ErrStatus)
 		if err != nil {
 			a.HandleError(ref, err)
 			return
@@ -338,7 +341,7 @@ func (a *ApplyUtil) retryApplyWithConflicts(x *uo.UnstructuredObject, hook bool,
 	}
 }
 
-func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bool) {
+func (a *ApplyUtil) ApplyObject(d *deployment.DeploymentItem, x *uo.UnstructuredObject, replaced bool, hook bool) {
 	ref := x.GetK8sRef()
 
 	x = a.k.FixObjectForPatch(x)
@@ -457,7 +460,7 @@ func (a *ApplyUtil) ApplyObject(x *uo.UnstructuredObject, replaced bool, hook bo
 	} else if meta.IsNoMatchError(err) {
 		a.HandleError(ref, err)
 	} else if errors.IsConflict(err) {
-		a.retryApplyWithConflicts(x, hook, remoteObject, err)
+		a.retryApplyWithConflicts(d, x, hook, remoteObject, err)
 	} else {
 		a.retryApplyWithReplace(x, hook, remoteObject, err)
 	}
@@ -640,7 +643,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 
 		// hooks have their own waitReadiness logic, so we must skip them here. Otherwise we'd wait for an object
 		// didn't even get deployed yet (e.g. post-deploy hooks).
-		if h.GetHook(x) == nil {
+		if h.GetHook(d, x) == nil {
 			waitReadiness := d.Config.WaitReadiness || d.WaitReadiness || x.GetK8sAnnotationBoolNoError("kluctl.io/wait-readiness", false)
 			if waitReadiness {
 				toWaitReadiness[x.GetK8sRef()] = true
@@ -657,7 +660,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 
 	var applyObjects []*uo.UnstructuredObject
 	for _, o := range d.Objects {
-		if h.GetHook(o) != nil {
+		if h.GetHook(d, o) != nil {
 			continue
 		}
 		if _, ok := toDelete[o.GetK8sRef()]; ok {
@@ -705,7 +708,7 @@ func (a *ApplyUtil) applyDeploymentItem(d *deployment.DeploymentItem) {
 
 		ref := o.GetK8sRef()
 		a.sctx.Updatef("Applying object %s (%d of %d)", ref.String(), i+1, len(applyObjects))
-		a.ApplyObject(o, false, false)
+		a.ApplyObject(d, o, false, false)
 		a.sctx.Increment()
 		if time.Now().Sub(startTime) >= 10*time.Second || (didLog && i == len(applyObjects)-1) {
 			a.sctx.InfoFallbackf("...applied %d of %d objects", i+1, len(applyObjects))
diff --git a/pkg/deployment/utils/hooks_util.go b/pkg/deployment/utils/hooks_util.go
index 80aa8aec8..4633382a6 100644
--- a/pkg/deployment/utils/hooks_util.go
+++ b/pkg/deployment/utils/hooks_util.go
@@ -36,10 +36,13 @@ type HooksUtil struct {
 }
 
 func NewHooksUtil(a *ApplyUtil) *HooksUtil {
-	return &HooksUtil{a: a}
+	return &HooksUtil{
+		a: a,
+	}
 }
 
 type hook struct {
+	di             *deployment.DeploymentItem
 	object         *uo.UnstructuredObject
 	hooks          map[string]bool
 	weight         int
@@ -50,7 +53,7 @@ type hook struct {
 
 func (u *HooksUtil) DetermineHooks(d *deployment.DeploymentItem, hooks []string) []*hook {
 	var l []*hook
-	for _, h := range u.getSortedHooksList(d.Objects) {
+	for _, h := range u.getSortedHooksList(d) {
 		for h2 := range h.hooks {
 			if utils.FindStrInSlice(hooks, h2) != -1 {
 				l = append(l, h)
@@ -100,7 +103,7 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 		ref := h.object.GetK8sRef()
 		_, replaced := h.deletePolicies["before-hook-creation"]
 		u.a.sctx.UpdateAndInfoFallbackf("Applying hook %s (%d of %d)", ref.String(), i+1, len(applyObjects))
-		u.a.ApplyObject(h.object, replaced, true)
+		u.a.ApplyObject(h.di, h.object, replaced, true)
 		u.a.sctx.Increment()
 
 		if u.a.HadError(ref) {
@@ -139,7 +142,7 @@ func (u *HooksUtil) RunHooks(hooks []*hook) {
 	}
 }
 
-func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
+func (u *HooksUtil) GetHook(di *deployment.DeploymentItem, o *uo.UnstructuredObject) *hook {
 	ref := o.GetK8sRef()
 	getSet := func(name string) map[string]bool {
 		ret := make(map[string]bool)
@@ -237,6 +240,7 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 	}
 
 	return &hook{
+		di:             di,
 		object:         o,
 		hooks:          hooks,
 		weight:         int(weight),
@@ -246,10 +250,10 @@ func (u *HooksUtil) GetHook(o *uo.UnstructuredObject) *hook {
 	}
 }
 
-func (u *HooksUtil) getSortedHooksList(objects []*uo.UnstructuredObject) []*hook {
+func (u *HooksUtil) getSortedHooksList(d *deployment.DeploymentItem) []*hook {
 	var ret []*hook
-	for _, o := range objects {
-		h := u.GetHook(o)
+	for _, o := range d.Objects {
+		h := u.GetHook(d, o)
 		if h == nil {
 			continue
 		}
diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 8f9544996..fe571a548 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -2,6 +2,7 @@ package diff
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
@@ -26,6 +27,10 @@ var overwriteAllowedManagers = []*regexp.Regexp{
 	regexp.MustCompile("^k9s$"),
 }
 
+type ConflictResolver struct {
+	Configs []types.ConflictResolutionConfig
+}
+
 func checkListItemMatch(o interface{}, pathElement fieldpath.PathElement, index int) (bool, error) {
 	if pathElement.Key != nil {
 		m, ok := o.(map[string]interface{})
@@ -99,25 +104,139 @@ func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) (uo.Ke
 	return ret, true, nil
 }
 
-func collectFields(o *uo.UnstructuredObject, regex *regexp.Regexp) (map[string]bool, error) {
-	result := map[string]bool{}
-	for _, v := range o.GetK8sAnnotationsWithRegex(regex) {
-		j, err := uo.NewMyJsonPath(v)
+func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.UnstructuredObject) []types.ConflictResolutionConfig {
+	var ret []types.ConflictResolutionConfig
+	ret = append(ret, cr.Configs...)
+
+	forceApplyAll := local.GetK8sAnnotationBoolNoError("kluctl.io/force-apply", false)
+	ignoreConflictsAll := local.GetK8sAnnotationBoolNoError("kluctl.io/ignore-conflicts", false)
+
+	// order is important here. foce-apply actions must come before ignore actions so that the ignore actions always
+	// take precedence
+
+	if forceApplyAll {
+		ret = append(ret, types.ConflictResolutionConfig{
+			FieldPath: []string{".."}, // match all fields
+			Action:    types.ConflictResolutionForceApply,
+		})
+	}
+	for _, v := range local.GetK8sAnnotationsWithRegex(forceApplyFieldAnnotationRegex) {
+		ret = append(ret, types.ConflictResolutionConfig{
+			FieldPath: []string{v},
+			Action:    types.ConflictResolutionForceApply,
+		})
+	}
+
+	if ignoreConflictsAll {
+		ret = append(ret, types.ConflictResolutionConfig{
+			FieldPath: []string{".."}, // match all fields
+			Action:    types.ConflictResolutionIgnore,
+		})
+	}
+	for _, v := range local.GetK8sAnnotationsWithRegex(ignoreConflictsFieldAnnotationRegex) {
+		ret = append(ret, types.ConflictResolutionConfig{
+			FieldPath: []string{v},
+			Action:    types.ConflictResolutionIgnore,
+		})
+	}
+
+	return ret
+}
+
+func (cr *ConflictResolver) collectFields(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, configs []types.ConflictResolutionConfig) (map[string]types.ConflictResolutionAction, error) {
+	result := map[string]types.ConflictResolutionAction{}
+
+	checkMatch := func(v string, m *string) bool {
+		if v == "" || m == nil {
+			return true
+		}
+		return v == *m
+	}
+
+	var allFields map[string]bool
+	initAllFields := func() error {
+		if allFields != nil {
+			return nil
+		}
+		allFields = map[string]bool{}
+
+		jp := uo.NewMyJsonPathMust("..")
+		l, err := jp.ListMatchingFields(local)
 		if err != nil {
-			return nil, err
+			return err
 		}
-		fields, err := j.ListMatchingFields(o)
+		for _, x := range l {
+			allFields[x.ToJsonPath()] = true
+		}
+		l, err = jp.ListMatchingFields(local)
 		if err != nil {
-			return nil, err
+			return err
+		}
+		for _, x := range l {
+			allFields[x.ToJsonPath()] = true
+		}
+		return nil
+	}
+
+	ref := local.GetK8sRef()
+
+	for _, cfg := range configs {
+		if !checkMatch(ref.Group, cfg.Group) {
+			continue
+		}
+		if !checkMatch(ref.Kind, cfg.Kind) {
+			continue
+		}
+		if !checkMatch(ref.Namespace, cfg.Namespace) {
+			continue
 		}
-		for _, f := range fields {
-			result[f.ToJsonPath()] = true
+		if !checkMatch(ref.Name, cfg.Name) {
+			continue
+		}
+
+		for _, fp := range cfg.FieldPath {
+			jp, err := uo.NewMyJsonPath(fp)
+			if err != nil {
+				return nil, err
+			}
+
+			fields, err := jp.ListMatchingFields(local)
+			if err != nil {
+				return nil, err
+			}
+			for _, f := range fields {
+				result[f.ToJsonPath()] = cfg.Action
+			}
+
+			fields, err = jp.ListMatchingFields(remote)
+			if err != nil {
+				return nil, err
+			}
+			for _, f := range fields {
+				result[f.ToJsonPath()] = cfg.Action
+			}
+		}
+
+		for _, fp := range cfg.FieldPathRegex {
+			rx, err := regexp.Compile(fp)
+			if err != nil {
+				return nil, err
+			}
+			err = initAllFields()
+			if err != nil {
+				return nil, err
+			}
+			for f, _ := range allFields {
+				if rx.MatchString(f) {
+					result[f] = cfg.Action
+				}
+			}
 		}
 	}
 	return result, nil
 }
 
-func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, conflictStatus metav1.Status) (*uo.UnstructuredObject, []LostOwnership, error) {
+func (cr *ConflictResolver) ResolveConflicts(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, conflictStatus metav1.Status) (*uo.UnstructuredObject, []LostOwnership, error) {
 	managedFields := remote.GetK8sManagedFields()
 
 	type managersByField struct {
@@ -171,20 +290,13 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 		})
 	}
 
-	ret := local.Clone()
-
-	forceApplyAll := local.GetK8sAnnotationBoolNoError("kluctl.io/force-apply", false)
-	ignoreConflictsAll := local.GetK8sAnnotationBoolNoError("kluctl.io/ignore-conflicts", false)
-
-	forceApplyFields, err := collectFields(ret, forceApplyFieldAnnotationRegex)
-	if err != nil {
-		return nil, nil, err
-	}
-	ignoreConflictFields, err := collectFields(ret, ignoreConflictsFieldAnnotationRegex)
+	resolutionConfigs := cr.buildConflictResolutionConfigs(local)
+	resolutionFields, err := cr.collectFields(local, remote, resolutionConfigs)
 	if err != nil {
 		return nil, nil, err
 	}
 
+	ret := local.Clone()
 	var lostOwnership []LostOwnership
 	for _, cause := range conflictStatus.Details.Causes {
 		if cause.Type != metav1.CauseTypeFieldManagerConflict {
@@ -226,23 +338,19 @@ func ResolveFieldManagerConflicts(local *uo.UnstructuredObject, remote *uo.Unstr
 		}
 
 		ignoreConflict := false
-		if ignoreConflictsAll {
-			ignoreConflict = true
-		} else if _, ok := ignoreConflictFields[localKeyPath.ToJsonPath()]; ok {
-			ignoreConflict = true
-		} else if _, ok := ignoreConflictFields[remoteKeyPath.ToJsonPath()]; ok {
-			ignoreConflict = true
+		overwrite := false
+
+		action, ok := resolutionFields[localKeyPath.ToJsonPath()]
+		if !ok {
+			action, ok = resolutionFields[remoteKeyPath.ToJsonPath()]
+		}
+		if ok {
+			ignoreConflict = action == types.ConflictResolutionIgnore
+			overwrite = action == types.ConflictResolutionForceApply
 		}
 
-		overwrite := false
 		if !ignoreConflict {
-			if forceApplyAll {
-				overwrite = true
-			} else if _, ok := forceApplyFields[localKeyPath.ToJsonPath()]; ok {
-				overwrite = true
-			} else if _, ok := forceApplyFields[remoteKeyPath.ToJsonPath()]; ok {
-				overwrite = true
-			}
+			// only force-apply known user facing editors when not explicitly ignored
 			for _, mfn := range mf.managers {
 				found := false
 				for _, oa := range overwriteAllowedManagers {
diff --git a/pkg/diff/managed_fields_test.go b/pkg/diff/managed_fields_test.go
index 1cae73f91..82e0cdd51 100644
--- a/pkg/diff/managed_fields_test.go
+++ b/pkg/diff/managed_fields_test.go
@@ -219,7 +219,8 @@ func TestResolveFieldManagerConflicts(t *testing.T) {
 				}
 			}
 
-			r, l, err := ResolveFieldManagerConflicts(tc.local, tc.remote, tc.status)
+			cr := ConflictResolver{}
+			r, l, err := cr.ResolveConflicts(tc.local, tc.remote, tc.status)
 			assert.NoError(t, err)
 			assert.Equal(t, tc.result, r)
 			assert.Equal(t, tc.lost, l)
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 4e8bc0e79..86b5eb01a 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -136,6 +136,30 @@ func ValidateIgnoreForDiffItemConfig(sl validator.StructLevel) {
 	}
 }
 
+type ConflictResolutionAction string
+
+const (
+	ConflictResolutionIgnore     ConflictResolutionAction = "ignore"
+	ConflictResolutionForceApply ConflictResolutionAction = "force-apply"
+)
+
+type ConflictResolutionConfig struct {
+	FieldPath      SingleStringOrList       `json:"fieldPath,omitempty"`
+	FieldPathRegex SingleStringOrList       `json:"fieldPathRegex,omitempty"`
+	Group          *string                  `json:"group,omitempty"`
+	Kind           *string                  `json:"kind,omitempty"`
+	Name           *string                  `json:"name,omitempty"`
+	Namespace      *string                  `json:"namespace,omitempty"`
+	Action         ConflictResolutionAction `json:"action" validate:"required,oneof=ignore force-apply"`
+}
+
+func ValidateConflictResolutionConfig(sl validator.StructLevel) {
+	s := sl.Current().Interface().(ConflictResolutionConfig)
+	if len(s.FieldPath)+len(s.FieldPathRegex) == 0 {
+		sl.ReportError(s, "self", "self", "at least one of fieldPath or fieldPathRegex must be set", "")
+	}
+}
+
 type DeploymentProjectConfig struct {
 	Vars          []VarsSource         `json:"vars,omitempty"`
 	SealedSecrets *SealedSecretsConfig `json:"sealedSecrets,omitempty"`
@@ -149,7 +173,8 @@ type DeploymentProjectConfig struct {
 	OverrideNamespace *string           `json:"overrideNamespace,omitempty"`
 	Tags              []string          `json:"tags,omitempty"`
 
-	IgnoreForDiff []IgnoreForDiffItemConfig `json:"ignoreForDiff,omitempty"`
+	IgnoreForDiff      []IgnoreForDiffItemConfig  `json:"ignoreForDiff,omitempty"`
+	ConflictResolution []ConflictResolutionConfig `json:"conflictResolution,omitempty"`
 }
 
 func init() {
@@ -157,4 +182,5 @@ func init() {
 	yaml.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateWaitReadinessObjectItemConfig, WaitReadinessObjectItemConfig{})
 	yaml.Validator.RegisterStructValidation(ValidateIgnoreForDiffItemConfig, IgnoreForDiffItemConfig{})
+	yaml.Validator.RegisterStructValidation(ValidateConflictResolutionConfig, ConflictResolutionConfig{})
 }

From 7b385975e98b45112eb12482d50b0b1b617f4806 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 21:25:30 +0100
Subject: [PATCH 2023/2268] docs: Improve ignoreForDiff documentation

---
 docs/kluctl/deployments/deployment-yml.md | 49 +++++++++++++++++------
 1 file changed, 37 insertions(+), 12 deletions(-)

diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index 3df56801a..8127dedbe 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -432,23 +432,24 @@ See [tags](./tags.md) for more details.
 
 ## ignoreForDiff
 
-A list of objects and fields to ignore while performing diffs. Consider the following example:
+A list of rules used to determine which differences should be ignored in diff outputs.
+
+As an alternative, [annotations](./annotations/all-resources.md#control-diff-behavior) can be used to control
+diff behavior of individual resources.
+
+Consider the following example:
 
 ```yaml
 deployments:
   - ...
 
 ignoreForDiff:
-  - group: apps
-    kind: Deployment
-    namespace: my-namespace
+  - kind: Deployment
     name: my-deployment
     fieldPath: spec.replicas
 ```
 
-This will remove the `spec.replicas` field from every resource that matches the object.
-`group`, `kind`, `namespace` and `name` can be omitted, which results in all objects matching. `fieldPath` must be a
-valid [JSON Path](https://goessner.net/articles/JsonPath/). `fieldPath` may also be a list of JSON paths.
+This will ignore differences for the `spec.replicas` field in the `Deployment` with the name `my-deployment`.
 
 Using regex expressions instead of JSON Pathes is also supported:
 
@@ -457,12 +458,36 @@ deployments:
   - ...
 
 ignoreForDiff:
-  - group: apps
-    kind: Deployment
-    namespace: my-namespace
+  - kind: Deployment
     name: my-deployment
     fieldPathRegex: metadata.labels.my-label-.*
 ```
 
-As an alternative, [annotations](./annotations/all-resources.md#control-diff-behavior) can be used to control
-diff behavior of individual resources.
+The following properties are supported in `ignoreForDiff` items.
+
+### fieldPath
+If specified, must be a valid [JSON Path](https://goessner.net/articles/JsonPath/). Kluctl will ignore differences for
+all matching fields of all matching objects (see the other properties).
+
+Either `fieldPath` or `fieldPathRegex` must be provided.
+
+### fieldPathRegex
+If specified, must be a valid regex. Kluctl will ignore differences for all matching fields of all matching objects
+(see the other properties).
+
+Either `fieldPath` or `fieldPathRegex` must be provided.
+
+### group
+This property is optional. If specified, only objects with a matching api group will be considered. Please note that this
+field should NOT include the version of the api group.
+
+### kind
+This property is optional. If specified, only objects with a matching `kind` will be considered.
+
+### namespace
+This property is optional. If specified, only objects with a matching `namespace` will be considered.
+
+### name
+This property is optional. If specified, only objects with a matching `name` will be considered.
+
+

From fd7cdcad8650d4fe773fc20fec00bf0816cc95ba Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 21:47:30 +0100
Subject: [PATCH 2024/2268] docs: Add documentation for conflictResolution

---
 docs/kluctl/deployments/deployment-yml.md | 61 +++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index 8127dedbe..8c33fbf8d 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -490,4 +490,65 @@ This property is optional. If specified, only objects with a matching `namespace
 ### name
 This property is optional. If specified, only objects with a matching `name` will be considered.
 
+## conflictResolution
 
+A list of rules used to determine how to handle conflict resolution.
+
+As an alternative, [annotations](./annotations/all-resources.md#control-deploy-behavior) can be used to control
+conflict resolution of individual resources.
+
+Consider the following example:
+
+```yaml
+deployments:
+  - ...
+
+conflictResolution:
+  - kind: ValidatingWebhookConfiguration
+    fieldPath: webhooks.*.*
+    action: ignore
+```
+
+This will cause Kluctl to ignore conflicts on all matching fields of all `ValidatingWebhookConfiguration` objects.
+
+Using regex expressions instead of JSON Pathes is also supported:
+
+```yaml
+deployments:
+  - ...
+
+conflictResolution:
+  - kind: ValidatingWebhookConfiguration
+    fieldPathRegex: webhooks\..
+    action: ignore
+```
+
+The following properties are supported in `conflictResolution` items.
+
+### fieldPath
+If specified, must be a valid [JSON Path](https://goessner.net/articles/JsonPath/). Kluctl will ignore conflicts for
+all matching fields of all matching objects (see the other properties).
+
+Either `fieldPath` or `fieldPathRegex` must be provided.
+
+### fieldPathRegex
+If specified, must be a valid regex. Kluctl will ignore conflicts for all matching fields of all matching objects
+(see the other properties).
+
+Either `fieldPath` or `fieldPathRegex` must be provided.
+
+### action
+This field is required and must be either `ignore` or `force-apply`. 
+
+### group
+This property is optional. If specified, only objects with a matching api group will be considered. Please note that this
+field should NOT include the version of the api group.
+
+### kind
+This property is optional. If specified, only objects with a matching `kind` will be considered.
+
+### namespace
+This property is optional. If specified, only objects with a matching `namespace` will be considered.
+
+### name
+This property is optional. If specified, only objects with a matching `name` will be considered.

From 661f7dbfd58cc5473bdb2bf72f367202e4b9617c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 22:39:04 +0100
Subject: [PATCH 2025/2268] docs: Link to conflictResolution docs in annotation
 docs

---
 docs/kluctl/deployments/annotations/all-resources.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index 392603d74..7763f0e63 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -26,22 +26,30 @@ api server.
 If set to "true", the whole resource will be force-applied, meaning that all fields will be overwritten in case of
 field manager conflicts.
 
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/force-apply-field
 Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be force-applied. Matching
 fields will be overwritten in case of field manager conflicts.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/ignore-conflicts
 If set to "true", the whole all fields of the object are going to be ignored when conflicts arise.
 This effectively disables the warnings that are shown when field ownership is lost.
 
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/ignore-conflicts-field
 Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be ignored when conflicts arise.
 This effectively disables the warnings that are shown when field ownership is lost.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of this object. Readiness is defined
 the same as in [hook readiness](../../deployments/readiness.md). Waiting happens after all resources from the parent 

From 51a1ba97426f21a83925e8c3e5d31d8b47695c24 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 09:02:45 +0100
Subject: [PATCH 2026/2268] refactor: Move out managed fields gathering into
 buildManagersByField

---
 pkg/diff/managed_fields.go | 111 ++++++++++++++++++++-----------------
 1 file changed, 60 insertions(+), 51 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index fe571a548..6757e2957 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -104,6 +104,63 @@ func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) (uo.Ke
 	return ret, true, nil
 }
 
+type managersByField struct {
+	// "stupid" because the string representation of field pathes might be ambiguous as k8s does not escape dots
+	stupidPath string
+	pathes     []fieldpath.Path
+	managers   []string
+}
+
+func (cr *ConflictResolver) buildManagersByField(remote *uo.UnstructuredObject) (map[string]*managersByField, error) {
+	managedFields := remote.GetK8sManagedFields()
+
+	managersByFields := make(map[string]*managersByField)
+
+	for _, mf := range managedFields {
+		fields, ok, err := mf.GetNestedObject("fieldsV1")
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			continue
+		}
+		fieldSet, _, err := convertManagedFields(fields.Object)
+		if err != nil {
+			return nil, err
+		}
+
+		mgr, ok, err := mf.GetNestedString("manager")
+		if err != nil {
+			return nil, err
+		}
+		if !ok {
+			return nil, fmt.Errorf("manager field is missing")
+		}
+
+		fieldSet.Iterate(func(path fieldpath.Path) {
+			path = path.Copy()
+			s := path.String()
+			if _, ok := managersByFields[s]; !ok {
+				managersByFields[s] = &managersByField{stupidPath: s}
+			}
+			m, _ := managersByFields[s]
+			found := false
+			for _, p := range m.pathes {
+				if p.Equals(path) {
+					found = true
+					break
+				}
+			}
+			if !found {
+				m.pathes = append(m.pathes, path)
+			}
+			m.managers = append(m.managers, mgr)
+		})
+	}
+
+	return managersByFields, nil
+}
+
 func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.UnstructuredObject) []types.ConflictResolutionConfig {
 	var ret []types.ConflictResolutionConfig
 	ret = append(ret, cr.Configs...)
@@ -237,57 +294,9 @@ func (cr *ConflictResolver) collectFields(local *uo.UnstructuredObject, remote *
 }
 
 func (cr *ConflictResolver) ResolveConflicts(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, conflictStatus metav1.Status) (*uo.UnstructuredObject, []LostOwnership, error) {
-	managedFields := remote.GetK8sManagedFields()
-
-	type managersByField struct {
-		// "stupid" because the string representation of field pathes might be ambiguous as k8s does not escape dots
-		stupidPath string
-		pathes     []fieldpath.Path
-		managers   []string
-	}
-
-	managersByFields := make(map[string]*managersByField)
-
-	for _, mf := range managedFields {
-		fields, ok, err := mf.GetNestedObject("fieldsV1")
-		if err != nil {
-			return nil, nil, err
-		}
-		if !ok {
-			continue
-		}
-		fieldSet, _, err := convertManagedFields(fields.Object)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		mgr, ok, err := mf.GetNestedString("manager")
-		if err != nil {
-			return nil, nil, err
-		}
-		if !ok {
-			return nil, nil, fmt.Errorf("manager field is missing")
-		}
-
-		fieldSet.Iterate(func(path fieldpath.Path) {
-			path = path.Copy()
-			s := path.String()
-			if _, ok := managersByFields[s]; !ok {
-				managersByFields[s] = &managersByField{stupidPath: s}
-			}
-			m, _ := managersByFields[s]
-			found := false
-			for _, p := range m.pathes {
-				if p.Equals(path) {
-					found = true
-					break
-				}
-			}
-			if !found {
-				m.pathes = append(m.pathes, path)
-			}
-			m.managers = append(m.managers, mgr)
-		})
+	managersByFields, err := cr.buildManagersByField(remote)
+	if err != nil {
+		return nil, nil, err
 	}
 
 	resolutionConfigs := cr.buildConflictResolutionConfigs(local)

From b0ad0eac549245adfea862b5e3f2c9ea2b43d99b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 09:37:08 +0100
Subject: [PATCH 2027/2268] feat: Support conflict resolution config via
 manager names

---
 pkg/diff/managed_fields.go | 45 +++++++++++++++++++++++++++++---------
 pkg/types/deployment.go    |  5 +++--
 2 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 6757e2957..2421bfbd3 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -111,30 +111,32 @@ type managersByField struct {
 	managers   []string
 }
 
-func (cr *ConflictResolver) buildManagersByField(remote *uo.UnstructuredObject) (map[string]*managersByField, error) {
+// buildManagersByField returns a map indexed by field path and another map indexed by manager name
+func (cr *ConflictResolver) buildManagersByField(remote *uo.UnstructuredObject) (map[string]*managersByField, map[string][]*managersByField, error) {
 	managedFields := remote.GetK8sManagedFields()
 
-	managersByFields := make(map[string]*managersByField)
+	managersByFields := map[string]*managersByField{}
+	fieldsByManagers := map[string][]*managersByField{}
 
 	for _, mf := range managedFields {
 		fields, ok, err := mf.GetNestedObject("fieldsV1")
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		if !ok {
 			continue
 		}
 		fieldSet, _, err := convertManagedFields(fields.Object)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 
 		mgr, ok, err := mf.GetNestedString("manager")
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		if !ok {
-			return nil, fmt.Errorf("manager field is missing")
+			return nil, nil, fmt.Errorf("manager field is missing")
 		}
 
 		fieldSet.Iterate(func(path fieldpath.Path) {
@@ -155,10 +157,11 @@ func (cr *ConflictResolver) buildManagersByField(remote *uo.UnstructuredObject)
 				m.pathes = append(m.pathes, path)
 			}
 			m.managers = append(m.managers, mgr)
+			fieldsByManagers[mgr] = append(fieldsByManagers[mgr], m)
 		})
 	}
 
-	return managersByFields, nil
+	return managersByFields, fieldsByManagers, nil
 }
 
 func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.UnstructuredObject) []types.ConflictResolutionConfig {
@@ -200,7 +203,7 @@ func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.Unstructure
 	return ret
 }
 
-func (cr *ConflictResolver) collectFields(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, configs []types.ConflictResolutionConfig) (map[string]types.ConflictResolutionAction, error) {
+func (cr *ConflictResolver) collectFields(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, fieldsByManager map[string][]*managersByField, configs []types.ConflictResolutionConfig) (map[string]types.ConflictResolutionAction, error) {
 	result := map[string]types.ConflictResolutionAction{}
 
 	checkMatch := func(v string, m *string) bool {
@@ -289,18 +292,40 @@ func (cr *ConflictResolver) collectFields(local *uo.UnstructuredObject, remote *
 				}
 			}
 		}
+
+		for _, m := range cfg.Manager {
+			rx, err := regexp.Compile(m)
+			if err != nil {
+				return nil, err
+			}
+			for mgrName, mfs := range fieldsByManager {
+				if rx.MatchString(mgrName) {
+					for _, mf := range mfs {
+						for _, p := range mf.pathes {
+							kl, found, err := convertToKeyList(remote, p)
+							if err != nil {
+								return nil, err
+							}
+							if found {
+								result[kl.ToJsonPath()] = cfg.Action
+							}
+						}
+					}
+				}
+			}
+		}
 	}
 	return result, nil
 }
 
 func (cr *ConflictResolver) ResolveConflicts(local *uo.UnstructuredObject, remote *uo.UnstructuredObject, conflictStatus metav1.Status) (*uo.UnstructuredObject, []LostOwnership, error) {
-	managersByFields, err := cr.buildManagersByField(remote)
+	managersByFields, fieldsByManager, err := cr.buildManagersByField(remote)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	resolutionConfigs := cr.buildConflictResolutionConfigs(local)
-	resolutionFields, err := cr.collectFields(local, remote, resolutionConfigs)
+	resolutionFields, err := cr.collectFields(local, remote, fieldsByManager, resolutionConfigs)
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 86b5eb01a..e1ad819de 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -146,6 +146,7 @@ const (
 type ConflictResolutionConfig struct {
 	FieldPath      SingleStringOrList       `json:"fieldPath,omitempty"`
 	FieldPathRegex SingleStringOrList       `json:"fieldPathRegex,omitempty"`
+	Manager        SingleStringOrList       `json:"manager,omitempty"`
 	Group          *string                  `json:"group,omitempty"`
 	Kind           *string                  `json:"kind,omitempty"`
 	Name           *string                  `json:"name,omitempty"`
@@ -155,8 +156,8 @@ type ConflictResolutionConfig struct {
 
 func ValidateConflictResolutionConfig(sl validator.StructLevel) {
 	s := sl.Current().Interface().(ConflictResolutionConfig)
-	if len(s.FieldPath)+len(s.FieldPathRegex) == 0 {
-		sl.ReportError(s, "self", "self", "at least one of fieldPath or fieldPathRegex must be set", "")
+	if len(s.FieldPath)+len(s.FieldPathRegex)+len(s.Manager) == 0 {
+		sl.ReportError(s, "self", "self", "at least one of fieldPath, fieldPathRegex or manager must be set", "")
 	}
 }
 

From 8e7fa3ba1ce6ab695c0a86fc1a05b1c26e2f0853 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 09:42:20 +0100
Subject: [PATCH 2028/2268] docs: Update docs in regard to manager field in
 conflictResolution

---
 docs/kluctl/deployments/deployment-yml.md | 24 +++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index 8c33fbf8d..dd0365144 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -523,19 +523,39 @@ conflictResolution:
     action: ignore
 ```
 
+In some cases, it's easier to match fields by manager name:
+
+```yaml
+deployments:
+  - ...
+
+conflictResolution:
+  - manager: clusterrole-aggregation-controller
+    action: ignore
+  - manager: cert-manager-cainjector
+    action: ignore
+```
+
 The following properties are supported in `conflictResolution` items.
 
 ### fieldPath
 If specified, must be a valid [JSON Path](https://goessner.net/articles/JsonPath/). Kluctl will ignore conflicts for
 all matching fields of all matching objects (see the other properties).
 
-Either `fieldPath` or `fieldPathRegex` must be provided.
+Either `fieldPath`, `fieldPathRegex` or `manager` must be provided.
 
 ### fieldPathRegex
 If specified, must be a valid regex. Kluctl will ignore conflicts for all matching fields of all matching objects
 (see the other properties).
 
-Either `fieldPath` or `fieldPathRegex` must be provided.
+Either `fieldPath`, `fieldPathRegex` or `manager` must be provided.
+
+### manager
+If specified, must be a valid regex. Kluctl will ignore conflicts for all fields that currently have a matching field
+manager assigned. This is useful if a mutating webhook or controller is known to modify fields after they have been
+applied.
+
+Either `fieldPath`, `fieldPathRegex` or `manager` must be provided.
 
 ### action
 This field is required and must be either `ignore` or `force-apply`. 

From a7d9fbb7f002ce2f46173313746f81346cecbd13 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 21 Mar 2024 21:53:46 +0100
Subject: [PATCH 2029/2268] chore: Run make generate

---
 pkg/types/zz_generated.deepcopy.go | 57 ++++++++++++++++++++++++++++++
 pkg/webui/ui/src/models.ts         | 24 +++++++++++++
 2 files changed, 81 insertions(+)

diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 1770cae8d..3dd115397 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -51,6 +51,56 @@ func (in *AwsConfig) DeepCopy() *AwsConfig {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ConflictResolutionConfig) DeepCopyInto(out *ConflictResolutionConfig) {
+	*out = *in
+	if in.FieldPath != nil {
+		in, out := &in.FieldPath, &out.FieldPath
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+	if in.FieldPathRegex != nil {
+		in, out := &in.FieldPathRegex, &out.FieldPathRegex
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+	if in.Manager != nil {
+		in, out := &in.Manager, &out.Manager
+		*out = make(SingleStringOrList, len(*in))
+		copy(*out, *in)
+	}
+	if in.Group != nil {
+		in, out := &in.Group, &out.Group
+		*out = new(string)
+		**out = **in
+	}
+	if in.Kind != nil {
+		in, out := &in.Kind, &out.Kind
+		*out = new(string)
+		**out = **in
+	}
+	if in.Name != nil {
+		in, out := &in.Name, &out.Name
+		*out = new(string)
+		**out = **in
+	}
+	if in.Namespace != nil {
+		in, out := &in.Namespace, &out.Namespace
+		*out = new(string)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConflictResolutionConfig.
+func (in *ConflictResolutionConfig) DeepCopy() *ConflictResolutionConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(ConflictResolutionConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeleteObjectItemConfig) DeepCopyInto(out *DeleteObjectItemConfig) {
 	*out = *in
@@ -225,6 +275,13 @@ func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.ConflictResolution != nil {
+		in, out := &in.ConflictResolution, &out.ConflictResolution
+		*out = make([]ConflictResolutionConfig, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentProjectConfig.
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 6540147c0..ff1a0582a 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -88,6 +88,28 @@ export class ResultObject {
 	    return a;
 	}
 }
+export class ConflictResolutionConfig {
+    fieldPath?: string[];
+    fieldPathRegex?: string[];
+    manager?: string[];
+    group?: string;
+    kind?: string;
+    name?: string;
+    namespace?: string;
+    action: string;
+
+    constructor(source: any = {}) {
+        if ('string' === typeof source) source = JSON.parse(source);
+        this.fieldPath = source["fieldPath"];
+        this.fieldPathRegex = source["fieldPathRegex"];
+        this.manager = source["manager"];
+        this.group = source["group"];
+        this.kind = source["kind"];
+        this.name = source["name"];
+        this.namespace = source["namespace"];
+        this.action = source["action"];
+    }
+}
 export class IgnoreForDiffItemConfig {
     fieldPath?: string[];
     fieldPathRegex?: string[];
@@ -514,6 +536,7 @@ export class DeploymentProjectConfig {
     overrideNamespace?: string;
     tags?: string[];
     ignoreForDiff?: IgnoreForDiffItemConfig[];
+    conflictResolution?: ConflictResolutionConfig[];
 
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
@@ -526,6 +549,7 @@ export class DeploymentProjectConfig {
         this.overrideNamespace = source["overrideNamespace"];
         this.tags = source["tags"];
         this.ignoreForDiff = this.convertValues(source["ignoreForDiff"], IgnoreForDiffItemConfig);
+        this.conflictResolution = this.convertValues(source["conflictResolution"], ConflictResolutionConfig);
     }
 
 	convertValues(a: any, classs: any, asMap: boolean = false): any {

From d976cbeecbb3ff180474e181520123b9d495f2ae Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 10:10:39 +0100
Subject: [PATCH 2030/2268] refactor: Don't track stupidPath as its unused
 anyway

---
 pkg/diff/managed_fields.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index 2421bfbd3..d4a806c2c 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -105,10 +105,8 @@ func convertToKeyList(remote *uo.UnstructuredObject, path fieldpath.Path) (uo.Ke
 }
 
 type managersByField struct {
-	// "stupid" because the string representation of field pathes might be ambiguous as k8s does not escape dots
-	stupidPath string
-	pathes     []fieldpath.Path
-	managers   []string
+	pathes   []fieldpath.Path
+	managers []string
 }
 
 // buildManagersByField returns a map indexed by field path and another map indexed by manager name
@@ -337,6 +335,9 @@ func (cr *ConflictResolver) ResolveConflicts(local *uo.UnstructuredObject, remot
 			return nil, nil, fmt.Errorf("unknown type %s", cause.Type)
 		}
 
+		// TODO fields are ambiguous at this point because the apiserver serializes fieldpath.Path as a string
+		// this causes maps with keys that allow dots to be possibly ambiguous.
+		// Not sure what we should do about this.
 		mf, ok := managersByFields[cause.Field]
 		if !ok {
 			return nil, nil, fmt.Errorf("%s. Could not find matching field for path '%s'", cause.Message, cause.Field)

From 4d0ac547f2fb060595b67d1136a92f9b2bd7168d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 10:11:43 +0100
Subject: [PATCH 2031/2268] feat: Implement manager based conflict resolution
 via annotations

---
 pkg/diff/managed_fields.go      | 19 +++++++++++++++--
 pkg/diff/managed_fields_test.go | 36 +++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/pkg/diff/managed_fields.go b/pkg/diff/managed_fields.go
index d4a806c2c..ba3947ff7 100644
--- a/pkg/diff/managed_fields.go
+++ b/pkg/diff/managed_fields.go
@@ -17,7 +17,10 @@ type LostOwnership struct {
 }
 
 var forceApplyFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/force-apply-field(-\d*)?$`)
+var forceApplyManagerAnnotationRegex = regexp.MustCompile(`^kluctl.io/force-apply-manager(-\d*)?$`)
 var ignoreConflictsFieldAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-conflicts-field(-\d*)?$`)
+var ignoreConflictsManagerAnnotationRegex = regexp.MustCompile(`^kluctl.io/ignore-conflicts-manager(-\d*)?$`)
+
 var overwriteAllowedManagers = []*regexp.Regexp{
 	regexp.MustCompile("^kluctl$"),
 	regexp.MustCompile("^kluctl-.*$"),
@@ -141,7 +144,7 @@ func (cr *ConflictResolver) buildManagersByField(remote *uo.UnstructuredObject)
 			path = path.Copy()
 			s := path.String()
 			if _, ok := managersByFields[s]; !ok {
-				managersByFields[s] = &managersByField{stupidPath: s}
+				managersByFields[s] = &managersByField{}
 			}
 			m, _ := managersByFields[s]
 			found := false
@@ -169,7 +172,7 @@ func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.Unstructure
 	forceApplyAll := local.GetK8sAnnotationBoolNoError("kluctl.io/force-apply", false)
 	ignoreConflictsAll := local.GetK8sAnnotationBoolNoError("kluctl.io/ignore-conflicts", false)
 
-	// order is important here. foce-apply actions must come before ignore actions so that the ignore actions always
+	// order is important here. force-apply actions must come before ignore actions so that the ignore actions always
 	// take precedence
 
 	if forceApplyAll {
@@ -178,6 +181,12 @@ func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.Unstructure
 			Action:    types.ConflictResolutionForceApply,
 		})
 	}
+	for _, v := range local.GetK8sAnnotationsWithRegex(forceApplyManagerAnnotationRegex) {
+		ret = append(ret, types.ConflictResolutionConfig{
+			Manager: []string{v},
+			Action:  types.ConflictResolutionForceApply,
+		})
+	}
 	for _, v := range local.GetK8sAnnotationsWithRegex(forceApplyFieldAnnotationRegex) {
 		ret = append(ret, types.ConflictResolutionConfig{
 			FieldPath: []string{v},
@@ -191,6 +200,12 @@ func (cr *ConflictResolver) buildConflictResolutionConfigs(local *uo.Unstructure
 			Action:    types.ConflictResolutionIgnore,
 		})
 	}
+	for _, v := range local.GetK8sAnnotationsWithRegex(ignoreConflictsManagerAnnotationRegex) {
+		ret = append(ret, types.ConflictResolutionConfig{
+			Manager: []string{v},
+			Action:  types.ConflictResolutionIgnore,
+		})
+	}
 	for _, v := range local.GetK8sAnnotationsWithRegex(ignoreConflictsFieldAnnotationRegex) {
 		ret = append(ret, types.ConflictResolutionConfig{
 			FieldPath: []string{v},
diff --git a/pkg/diff/managed_fields_test.go b/pkg/diff/managed_fields_test.go
index 82e0cdd51..61bc7f6ed 100644
--- a/pkg/diff/managed_fields_test.go
+++ b/pkg/diff/managed_fields_test.go
@@ -137,6 +137,24 @@ func TestResolveFieldManagerConflicts(t *testing.T) {
 			lost:   buildLost("d1"),
 			anns:   buildAnnotations("kluctl.io/force-apply-field-123", "data.d3"),
 		},
+		{
+			name:   "force-apply-manager",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c2"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d3"),
+			anns:   buildAnnotations("kluctl.io/force-apply-manager", "c1"),
+		},
+		{
+			name:   "force-apply-manager-xxx",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c2x"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			lost:   buildLost("d1"),
+			anns:   buildAnnotations("kluctl.io/force-apply-manager-123", "c2.*"), // also test with a regex
+		},
 		{
 			name:   "ignore-conflicts",
 			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),
@@ -164,6 +182,24 @@ func TestResolveFieldManagerConflicts(t *testing.T) {
 			lost:   buildLost("d1"),
 			anns:   buildAnnotations("kluctl.io/ignore-conflicts-field-123", "data.d3"),
 		},
+		{
+			name:   "ignore-conflicts-manager",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c2"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d3"),
+			anns:   buildAnnotations("kluctl.io/ignore-conflicts-manager", "c1"),
+		},
+		{
+			name:   "ignore-conflicts-manager-xxx",
+			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c2x"}),
+			local:  buildConfigMap(fieldInfo{"d1", "x", "m1"}, fieldInfo{"d2", "x", "m1"}, fieldInfo{"d3", "x", "m1"}),
+			status: buildConflicts("d1", "d3"),
+			result: buildConfigMap(fieldInfo{"d2", "x", "m1"}),
+			lost:   buildLost("d1"),
+			anns:   buildAnnotations("kluctl.io/ignore-conflicts-manager-123", "c2.*"), // also test with a regex
+		},
 		{
 			name:   "force-apply-object-ignore-conflicts",
 			remote: buildConfigMap(fieldInfo{"d1", "v1", "c1"}, fieldInfo{"d2", "v2", "m1"}, fieldInfo{"d3", "v3", "c1"}),

From 5722f613cb4d9bcc92a6a0a168b397138078c937 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 22 Mar 2024 10:14:01 +0100
Subject: [PATCH 2032/2268] docs: Add docs for kluctl.io/force-apply-manager
 and kluctl.io/ignore-conflicts-manager

---
 .../deployments/annotations/all-resources.md     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index 7763f0e63..07bbbaab2 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -36,6 +36,14 @@ If more than one field needs to be specified, add `-xxx` to the annotation key,
 
 An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
+### kluctl.io/force-apply-manager
+Specifies a regex for managers that should be force-applied. Fields with matching managers will be overwritten in
+case of field manager conflicts.
+
+If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
+
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/ignore-conflicts
 If set to "true", the whole all fields of the object are going to be ignored when conflicts arise.
 This effectively disables the warnings that are shown when field ownership is lost.
@@ -50,6 +58,14 @@ If more than one field needs to be specified, add `-xxx` to the annotation key,
 
 An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
+### kluctl.io/ignore-conflicts-manager
+Specifies a regex for field managers that should be ignored when conflicts arise.
+This effectively disables the warnings that are shown when field ownership is lost.
+
+If more than one manager needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
+
+An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of this object. Readiness is defined
 the same as in [hook readiness](../../deployments/readiness.md). Waiting happens after all resources from the parent 

From 1a6187fe9341b5e18d0adb8e4e36b1832b9091c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Mar 2024 08:29:45 +0100
Subject: [PATCH 2033/2268] chore(deps): Bump the aws-sdk group with 2 updates
 (#1027)

Bumps the aws-sdk group with 2 updates: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.8 to 1.27.9
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.8...config/v1.27.9)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.8 to 1.17.9
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.8...config/v1.17.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index c4f69c667..8db0f6167 100644
--- a/go.mod
+++ b/go.mod
@@ -56,8 +56,8 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.26.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.8
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.8
+	github.com/aws/aws-sdk-go-v2/config v1.27.9
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.9
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5
@@ -119,7 +119,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
diff --git a/go.sum b/go.sum
index 4818b5457..d84be38b9 100644
--- a/go.sum
+++ b/go.sum
@@ -76,12 +76,12 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=
 github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
-github.com/aws/aws-sdk-go-v2/config v1.27.8 h1:0r8epOsiJ7YJz65MGcb8i91ehFp4kvvFe2qkq5oYeRI=
-github.com/aws/aws-sdk-go-v2/config v1.27.8/go.mod h1:XsmYKxYNuIhLsFddpNds+j9H5XKzjWDdg/SZngiwFio=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.8 h1:WUdNLXbyNbU07V/WFrSOBXqZTDgmmMNMgUFzpYOKJhw=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.8/go.mod h1:iPZzLpaBIfhyvVS/XGD3JvR1GP3YdHTqpySKDlqkfs8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4 h1:S+L2QSKhUuShih3aq9P/mkzDBiOO5tTyVg+vXREfsfg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.4/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
+github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=
+github.com/aws/aws-sdk-go-v2/config v1.27.9/go.mod h1:dK1FQfpwpql83kbD873E9vz4FyAxuJtR22wzoXn3qq0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.9/go.mod h1:446YhIdmSV0Jf/SLafGZalQo+xr2iw7/fzXGDPTU1yQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=

From 5ba2e41e5e92f967b791b6c7ab956f314bf71fe6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Mar 2024 08:30:08 +0100
Subject: [PATCH 2034/2268] chore(deps): Bump github.com/onsi/gomega from
 1.31.1 to 1.32.0 (#1030)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.32.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.31.1...v1.32.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8db0f6167..4c9a8d6b1 100644
--- a/go.mod
+++ b/go.mod
@@ -78,7 +78,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.31.1
+	github.com/onsi/gomega v1.32.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/prometheus/client_golang v1.19.0
diff --git a/go.sum b/go.sum
index d84be38b9..dfda540f5 100644
--- a/go.sum
+++ b/go.sum
@@ -523,8 +523,8 @@ github.com/ohler55/ojg v1.21.4 h1:2iWyz/xExx0XySVIxR9kWFxIdsLNrpWLrKuAcs5aOZU=
 github.com/ohler55/ojg v1.21.4/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM=
 github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
-github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
-github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
+github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
+github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=

From 5488977bbfa9f179b1ebd5158ae7c341e7bd68cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Mar 2024 12:06:11 +0100
Subject: [PATCH 2035/2268] fix: Don't crash in uo.GetNestedStringMapCopy in
 case of null strings (#1034)

---
 pkg/utils/uo/nested_fields.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/utils/uo/nested_fields.go b/pkg/utils/uo/nested_fields.go
index da3c05758..60a3337f1 100644
--- a/pkg/utils/uo/nested_fields.go
+++ b/pkg/utils/uo/nested_fields.go
@@ -250,11 +250,13 @@ func (uo *UnstructuredObject) GetNestedStringMapCopy(keys ...interface{}) (map[s
 	}
 	ret := make(map[string]string)
 	for k, v := range m {
-		s, ok := v.(string)
-		if !ok {
+		if v == nil {
+			ret[k] = ""
+		} else if s, ok := v.(string); ok {
+			ret[k] = s
+		} else {
 			return nil, false, fmt.Errorf("value at %s.%s is not a string", KeyPath(keys).ToJsonPath(), k)
 		}
-		ret[k] = s
 	}
 
 	return ret, true, nil

From 0b5d33152c8ea91c3fd1708b9d76b5a58562e4d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 26 Mar 2024 14:07:10 +0100
Subject: [PATCH 2036/2268] fix: Fix multiple crashes when there is no k8s
 client available (#1035)

---
 pkg/deployment/commands/result_utils.go | 17 +++++++++++------
 pkg/deployment/utils/apply_utils.go     |  5 +++++
 pkg/deployment/utils/delete_utils.go    |  5 +++++
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index e13bd8112..7e1ea1057 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -41,7 +41,9 @@ func newCommandResult(targetCtx *target_context.TargetContext, startTime time.Ti
 		})
 	}
 
-	r.ClusterInfo = buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
+	if targetCtx.SharedContext.K != nil {
+		r.ClusterInfo = buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
+	}
 
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
@@ -64,11 +66,13 @@ func newValidateCommandResult(targetCtx *target_context.TargetContext, startTime
 		})
 	}
 
-	clusterInfo := buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
-
 	r.TargetKey.TargetName = targetCtx.Target.Name
 	r.TargetKey.Discriminator = targetCtx.Target.Discriminator
-	r.TargetKey.ClusterId = clusterInfo.ClusterId
+
+	if targetCtx.SharedContext.K != nil {
+		clusterInfo := buildClusterInfo(targetCtx.SharedContext.K, &r.Warnings)
+		r.TargetKey.ClusterId = clusterInfo.ClusterId
+	}
 
 	return r
 }
@@ -86,8 +90,9 @@ func newDeleteCommandResult(k *k8s2.K8sCluster, startTime time.Time, inclusion *
 	r.Command.IncludeDeploymentDirs = inclusion.GetIncludes("deploymentItemDir")
 	r.Command.ExcludeDeploymentDirs = inclusion.GetExcludes("deploymentItemDir")
 
-	r.ClusterInfo = buildClusterInfo(k, &r.Warnings)
-
+	if k != nil {
+		r.ClusterInfo = buildClusterInfo(k, &r.Warnings)
+	}
 	return r
 }
 
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 9d67b088f..28163b85d 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -780,6 +780,11 @@ func (a *ApplyDeploymentsUtil) buildProgressName(d *deployment.DeploymentItem) *
 }
 
 func (a *ApplyDeploymentsUtil) ApplyDeployments(deployments []*deployment.DeploymentItem) {
+	if a.k == nil {
+		a.dew.AddError(k8s2.ObjectRef{}, fmt.Errorf("can not apply objects without a Kubernetes API client"))
+		return
+	}
+
 	var wg sync.WaitGroup
 	sem := semaphore.NewWeighted(8)
 
diff --git a/pkg/deployment/utils/delete_utils.go b/pkg/deployment/utils/delete_utils.go
index 774050581..69175b44c 100644
--- a/pkg/deployment/utils/delete_utils.go
+++ b/pkg/deployment/utils/delete_utils.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"context"
+	"fmt"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -161,6 +162,10 @@ func filterObjectsForDelete(k *k8s.K8sCluster, objects []*uo.UnstructuredObject,
 }
 
 func FindObjectsForDelete(k *k8s.K8sCluster, allClusterObjects []*uo.UnstructuredObject, inclusionHasTags bool, excludedObjects []k8s2.ObjectRef) ([]k8s2.ObjectRef, error) {
+	if k == nil {
+		return nil, fmt.Errorf("can not determine orphan objects without a Kubernetes API client")
+	}
+
 	excludedObjectsMap := make(map[k8s2.ObjectRef]bool)
 	for _, ref := range excludedObjects {
 		excludedObjectsMap[objectRefForExclusion(k, ref)] = true

From 1129da7e84d0d456d77c14554ff08032d997a5de Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 15:50:02 +0200
Subject: [PATCH 2037/2268] refactor: No need to pass authConfig to
 setupOidcProvider

---
 pkg/webui/auth.go      |  2 +-
 pkg/webui/auth_oidc.go | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkg/webui/auth.go b/pkg/webui/auth.go
index 7f4c90f6d..3258506b6 100644
--- a/pkg/webui/auth.go
+++ b/pkg/webui/auth.go
@@ -108,7 +108,7 @@ func newAuthHandler(ctx context.Context, serverClient client.Client, controllerN
 		ret.viewerPassword = x
 	}
 
-	err = ret.setupOidcProvider(ctx, authConfig)
+	err = ret.setupOidcProvider(ctx)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index 6f61423f3..de8d46622 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -22,17 +22,17 @@ type oidcTokenInfo struct {
 	User         *User
 }
 
-func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConfig) error {
-	if authConfig.OidcIssuerUrl == "" {
+func (s *authHandler) setupOidcProvider(ctx context.Context) error {
+	if s.authConfig.OidcIssuerUrl == "" {
 		return nil
 	}
 
-	clientSecret, err := s.getSecret(authConfig.OidcClientSecretName, authConfig.OidcClientSecretKey, false)
+	clientSecret, err := s.getSecret(s.authConfig.OidcClientSecretName, s.authConfig.OidcClientSecretKey, false)
 	if err != nil {
 		return err
 	}
 
-	provider, err := oidc.NewProvider(ctx, authConfig.OidcIssuerUrl)
+	provider, err := oidc.NewProvider(ctx, s.authConfig.OidcIssuerUrl)
 	if err != nil {
 		return err
 	}
@@ -44,10 +44,10 @@ func (s *authHandler) setupOidcProvider(ctx context.Context, authConfig AuthConf
 	}
 
 	s.oauth2Config = &oauth2.Config{
-		ClientID:     authConfig.OidcClientId,
+		ClientID:     s.authConfig.OidcClientId,
 		ClientSecret: clientSecret,
-		RedirectURL:  authConfig.OidcRedirectUrl,
-		Scopes:       authConfig.OidcScopes,
+		RedirectURL:  s.authConfig.OidcRedirectUrl,
+		Scopes:       s.authConfig.OidcScopes,
 		Endpoint:     provider.Endpoint(),
 	}
 

From 8e360db2c9fe29be6734e54c1041e23712f71b8a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 15:50:41 +0200
Subject: [PATCH 2038/2268] fix: Use a temporary copy of the oauth2 config
 while refreshing tokens

This is a workaround for https://github.com/golang/oauth2/issues/718
---
 pkg/webui/auth_oidc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/webui/auth_oidc.go b/pkg/webui/auth_oidc.go
index de8d46622..a8aed75e5 100644
--- a/pkg/webui/auth_oidc.go
+++ b/pkg/webui/auth_oidc.go
@@ -157,7 +157,11 @@ func (s *authHandler) oidcCallbackHandler(c *gin.Context) {
 }
 
 func (s *authHandler) oidcRefresh(c *gin.Context, session sessions.Session, tokenInfo *oidcTokenInfo) error {
-	ts := s.oauth2Config.TokenSource(c, &oauth2.Token{
+	// We must use a copy of the config to avoid poisoning the authStyleCache
+	// See https://github.com/golang/oauth2/issues/718
+	cfgCopy := *s.oauth2Config
+
+	ts := cfgCopy.TokenSource(c, &oauth2.Token{
 		RefreshToken: tokenInfo.RefreshToken,
 	})
 	newToken, err := ts.Token()

From ed6e9c64f76968aa9cc8bd543c137f8d3da57f2f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 16:47:34 +0200
Subject: [PATCH 2039/2268] fix: Remove source file in renameWithFallback

---
 pkg/oci/client/build.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 05d6247fb..7641b77df 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -162,14 +162,20 @@ func renameWithFallback(src, dst string) error {
 
 	f2, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		return err
+		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, err)
 	}
 	defer f2.Close()
 
 	_, err = io.Copy(f2, f)
 	if err != nil {
-		return err
+		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, err)
+	}
+
+	err = os.Remove(src)
+	if err != nil {
+		return fmt.Errorf("rename fallback failed: cannot delete %s", src)
 	}
+
 	return nil
 }
 

From eff2982e019b69d43236cd3d514440f92ef2b0e1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 23:58:41 +0200
Subject: [PATCH 2040/2268] fix: Allow to use helm-pull/helm-update with
 library projects

---
 cmd/kluctl/commands/cmd_helm_pull.go   | 2 +-
 cmd/kluctl/commands/cmd_helm_update.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 7b17a4b11..84da5f577 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -33,7 +33,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
+	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) && !yaml.Exists(filepath.Join(projectDir, ".kluctl-library.yaml")) {
 		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
 
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 28087cd7e..96c24dc30 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -41,7 +41,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return err
 	}
 
-	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) {
+	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) && !yaml.Exists(filepath.Join(projectDir, ".kluctl-library.yaml")) {
 		return fmt.Errorf("helm-update can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
 	}
 

From bb20af1e343d0b169073362031a329ae51eb916c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 6 Apr 2024 00:47:24 +0200
Subject: [PATCH 2041/2268] tests: No need to use targets in all helm tests

---
 e2e/gitops_helm_test.go |  2 +-
 e2e/helm_test.go        | 57 ++++++++++++++++++++++++++---------------
 2 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 016a76ab7..2c92b9cad 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -102,7 +102,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		})
 	}
 
-	key := suite.createKluctlDeployment2(p, "test", map[string]any{
+	key := suite.createKluctlDeployment2(p, "", map[string]any{
 		"namespace": p.TestSlug(),
 	}, func(kd *kluctlv1.KluctlDeployment) {
 		kd.Spec.Source = kluctlv1.ProjectSource{
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index aa07aec3a..20ef28abc 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -360,7 +360,6 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 
 	extraArgs := buildHelmTestExtraArgs(t, tc, repo)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	if tc.testAuth {
@@ -416,7 +415,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 		return
 	}
 
-	args := []string{"deploy", "--yes", "-t", "test"}
+	args := []string{"deploy", "--yes"}
 	if credsViaEnv {
 		buildHelmTestEnvVars(t, tc, p, repo)
 	} else {
@@ -487,12 +486,11 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust(t, "helm-pull")
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.1.0", v)
@@ -505,7 +503,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	p.KluctlMust(t, "helm-pull")
 	assert.NoFileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.2.0"))
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.2.0", v)
@@ -539,7 +537,6 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
@@ -660,7 +657,6 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
@@ -741,13 +737,12 @@ func TestHelmValues(t *testing.T) {
 		},
 	}
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
 	p.KluctlMust(t, "helm-pull")
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	p.KluctlMust(t, "deploy", "--yes", "-aa=a", "-ab=b")
 
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	cm2 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm2-test-chart2")
@@ -792,14 +787,13 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
 	p.AddHelmDeployment("helm4", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
 	p.KluctlMust(t, "helm-pull")
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-aa=a", "-ab=b")
+	p.KluctlMust(t, "deploy", "--yes", "-aa=a", "-ab=b")
 
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-a-test-chart1")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-b-test-chart2")
@@ -823,14 +817,13 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
 	}, "")
 
-	stdout, _ := p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes", "-t", "test")
+	stdout, _ := p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes")
 	cm1 := uo.FromStringMust(stdout)
 
 	assert.Equal(t, map[string]any{
@@ -840,7 +833,7 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 		"kubeVersion": "v1.20.0",
 	}, cm1.Object["data"])
 
-	stdout, _ = p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes", "--kubernetes-version", "1.22.1", "-t", "test")
+	stdout, _ = p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes", "--kubernetes-version", "1.22.1")
 	cm1 = uo.FromStringMust(stdout)
 
 	assert.Equal(t, map[string]any{
@@ -860,14 +853,13 @@ func TestHelmLocalChart(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", "../test-chart1", "", "", "test-helm-1", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", "test-chart2", "", "", "test-helm-2", p.TestSlug(), nil)
 
 	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalProjectDir(), "test-chart1"))
 	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalProjectDir(), "helm2/test-chart2"))
 
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-1-test-chart1")
 	assertConfigMapExists(t, k, p.TestSlug(), "test-helm-2-test-chart2")
 
@@ -894,7 +886,6 @@ func TestHelmSkipPrePull(t *testing.T) {
 	}
 	repo.Start(t)
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
 
@@ -1029,22 +1020,46 @@ func TestHelmLookup(t *testing.T) {
 		"lookupName":      lookupCm.Name,
 	}
 
-	p.UpdateTarget("test", nil)
 	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
 
 	p.KluctlMust(t, "helm-pull")
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	p.KluctlMust(t, "deploy", "--yes")
 
 	cm1 := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	assertNestedFieldEquals(t, cm1, "lookupValue", "data", "lookup")
 
-	s, _ := p.KluctlMust(t, "render", "-t", "test", "--print-all")
+	s, _ := p.KluctlMust(t, "render", "--print-all")
 	y, err := uo.FromString(s)
 	assert.NoError(t, err)
 	assertNestedFieldEquals(t, y, "lookupValue", "data", "lookup")
 
-	s, _ = p.KluctlMust(t, "render", "-t", "test", "--print-all", "--offline-kubernetes")
+	s, _ = p.KluctlMust(t, "render", "--print-all", "--offline-kubernetes")
 	y, err = uo.FromString(s)
 	assert.NoError(t, err)
 	assertNestedFieldEquals(t, y, "lookupReturnedNil", "data", "lookup")
 }
+
+func TestHelmWithTarget(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+	p.UpdateTarget("test", nil)
+
+	createNamespace(t, k, p.TestSlug())
+
+	repo := &test_utils.TestHelmRepo{
+		Charts: []test_utils.RepoChart{
+			{ChartName: "test-chart1", Version: "0.1.0"},
+		},
+	}
+	repo.Start(t)
+
+	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+
+	p.KluctlMust(t, "helm-pull")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+
+	assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
+}

From 3282059e78f96efce03d5c1c893211da7adf37a8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 6 Apr 2024 00:47:48 +0200
Subject: [PATCH 2042/2268] tests: Create empty files in UpdateYaml

---
 e2e/test-utils/test_git_server.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 5f81bd2e4..e99fd6c09 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -277,6 +277,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 
 	var o map[string]any
+	isNew := false
 	if _, err := os.Stat(fullPath); err == nil {
 		b, err := os.ReadFile(fullPath)
 		if err != nil {
@@ -288,6 +289,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 		}
 	} else {
 		o = map[string]any{}
+		isNew = true
 	}
 
 	var orig map[string]any
@@ -300,7 +302,7 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	if err != nil {
 		p.t.Fatal(err)
 	}
-	if reflect.DeepEqual(o, orig) {
+	if !isNew && reflect.DeepEqual(o, orig) {
 		return
 	}
 	p.CommitYaml(repo, pth, message, o)

From ea64bef3a09e360a458d0b931dc2fbd86c95efc3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 6 Apr 2024 00:48:23 +0200
Subject: [PATCH 2043/2268] tests: Test helm charts inside kluctl libraries

---
 e2e/gitops_helm_test.go     |  2 +-
 e2e/helm_test.go            | 88 +++++++++++++++++++++++++++++++++----
 e2e/test_project/project.go |  4 +-
 3 files changed, 84 insertions(+), 10 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 2c92b9cad..6b2b8433e 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -22,7 +22,7 @@ func TestGitOpsHelm(t *testing.T) {
 func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	g := NewWithT(suite.T())
 
-	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull, false)
+	p, repo, err := prepareHelmTestCase(suite.T(), suite.k, tc, prePull, false, noLibrary)
 	if err != nil {
 		if tc.expectedPrepareError == "" {
 			assert.Fail(suite.T(), "did not expect error")
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 20ef28abc..2f9c20237 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -330,8 +330,30 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestPro
 	}
 }
 
-func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool, useProcess bool) (*test_project.TestProject, *test_utils.TestHelmRepo, error) {
-	p := test_project.NewTestProject(t, test_project.WithUseProcess(useProcess))
+func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTestCase, prePull bool, useProcess bool, libraryMode libraryTestMode) (*test_project.TestProject, *test_utils.TestHelmRepo, error) {
+	gitServer := test_utils.NewTestGitServer(t)
+	gitSubDir := ""
+
+	if libraryMode == includeLibrary {
+		gitSubDir = "include"
+	}
+
+	p := test_project.NewTestProject(t,
+		test_project.WithUseProcess(useProcess),
+		test_project.WithBareProject(),
+		test_project.WithGitServer(gitServer),
+		test_project.WithGitSubDir(gitSubDir),
+	)
+
+	if libraryMode != noLibrary {
+		p.UpdateYaml(".kluctl-library.yaml", func(o *uo.UnstructuredObject) error {
+			return nil
+		}, "")
+	} else {
+		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {
+			return nil
+		})
+	}
 
 	createNamespace(t, k, p.TestSlug())
 
@@ -384,7 +406,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 			assert.NoError(t, err)
 			assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
 
-			p.GitServer().CommitFiles(p.GitRepoName(), []string{".helm-charts"}, true, "helm-pull")
+			p.GitServer().CommitFiles(p.GitRepoName(), []string{filepath.Join(gitSubDir, ".helm-charts")}, true, "helm-pull")
 		}
 	} else {
 		p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
@@ -393,10 +415,42 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		}, "")
 	}
 
+	if libraryMode == gitLibrary {
+		p2 := test_project.NewTestProject(t,
+			test_project.WithUseProcess(useProcess),
+			test_project.WithBareProject(),
+		)
+		p2.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"git": map[string]any{
+				"url": p.GitUrl(),
+			},
+		}))
+		return p2, repo, nil
+	} else if libraryMode == includeLibrary {
+		p2 := test_project.NewTestProject(t,
+			test_project.WithUseProcess(useProcess),
+			test_project.WithBareProject(),
+			test_project.WithGitServer(gitServer),
+			test_project.WithGitSubDir("project"),
+		)
+		p2.AddDeploymentItem("", uo.FromMap(map[string]interface{}{
+			"include": "../include",
+		}))
+		return p2, repo, nil
+	}
+
 	return p, repo, nil
 }
 
-func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool) {
+type libraryTestMode int
+
+const (
+	noLibrary = iota
+	gitLibrary
+	includeLibrary
+)
+
+func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool, libraryMode libraryTestMode) {
 	useProcess := credsViaEnv
 
 	// uncomment this if you want to debug this when credsViaEnv==true
@@ -407,7 +461,7 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool)
 	}
 
 	k := defaultCluster1
-	p, repo, err := prepareHelmTestCase(t, k, tc, prePull, useProcess)
+	p, repo, err := prepareHelmTestCase(t, k, tc, prePull, useProcess, libraryMode)
 	if err != nil {
 		if tc.expectedPrepareError == "" {
 			assert.Fail(t, "did not expect error")
@@ -445,7 +499,7 @@ func TestHelmPull(t *testing.T) {
 	for _, tc := range helmTests {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			testHelmPull(t, tc, false, false)
+			testHelmPull(t, tc, false, false, noLibrary)
 		})
 	}
 }
@@ -454,7 +508,7 @@ func TestHelmPrePull(t *testing.T) {
 	for _, tc := range helmTests {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			testHelmPull(t, tc, true, false)
+			testHelmPull(t, tc, true, false, noLibrary)
 		})
 	}
 }
@@ -463,7 +517,25 @@ func TestHelmPullCredsViaEnv(t *testing.T) {
 	for _, tc := range helmTests {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			testHelmPull(t, tc, false, true)
+			testHelmPull(t, tc, false, true, noLibrary)
+		})
+	}
+}
+
+func TestHelmInGitLibrary(t *testing.T) {
+	for _, tc := range helmTests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			testHelmPull(t, tc, true, false, gitLibrary)
+		})
+	}
+}
+
+func TestHelmInIncludeLibrary(t *testing.T) {
+	for _, tc := range helmTests {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			testHelmPull(t, tc, true, false, includeLibrary)
 		})
 	}
 }
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index d7e27fbf7..602a8d990 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -88,7 +88,9 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	if p.gitServer == nil {
 		p.gitServer = git2.NewTestGitServer(t)
 	}
-	p.gitServer.GitInit(p.gitRepoName)
+	if !utils.IsDirectory(p.gitServer.LocalWorkDir(p.gitRepoName)) {
+		p.gitServer.GitInit(p.gitRepoName)
+	}
 
 	if !p.bare {
 		p.UpdateKluctlYaml(func(o *uo.UnstructuredObject) error {

From e9acd7342aadad14a38526ded617850124a70602 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 6 Apr 2024 01:19:03 +0200
Subject: [PATCH 2044/2268] fix: Search for .helm-charts directory in all
 parent dirs

---
 pkg/deployment/deployment_item.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 74d6d0bf5..65a1246d3 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -185,13 +185,17 @@ func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
 	configPath := yaml.FixPathExt(filepath.Join(di.RenderedDir, subDir, "helm-chart.yaml"))
 
 	var helmChartsDir string
-	if di.Project.source == di.Project.getRootProject().source {
-		// deployment item is part of the root project repo, so it's allowed to be in a relative dir
-		helmChartsDir = filepath.Join(di.Project.source.dir, di.Project.getRootProject().relDir, ".helm-charts")
-	} else {
-		// deployment item is part of a git-included project, so it must be at the repo root
-		// TODO this limitation should be lifted in some way (search multiple pathes?)
-		helmChartsDir = filepath.Join(di.Project.source.dir, ".helm-charts")
+	relDir := di.RelToSourceItemDir
+	for {
+		p := filepath.Join(di.Project.source.dir, relDir, ".helm-charts")
+		if utils.IsDirectory(p) {
+			helmChartsDir = p
+			break
+		}
+		if relDir == "." {
+			break
+		}
+		relDir = filepath.Dir(relDir)
 	}
 
 	hr, err := helm.NewRelease(di.ctx.Ctx, di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmAuthProvider, di.ctx.OciAuthProvider)

From 742536fcb129fb7163acda33822135e9a0c96698 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 17:38:16 +0200
Subject: [PATCH 2045/2268] chore: Sync pkg/oci with latest flux sources

flux/pkg commit: cfa07c7328773c1c173a9e7d9d65058381e887ca
---
 cmd/kluctl/commands/cmd_oci_push.go |   2 +-
 pkg/oci/auth/aws/auth.go            |   2 +-
 pkg/oci/auth/aws/auth_test.go       |  23 ++
 pkg/oci/client/build.go             |  11 +
 pkg/oci/client/build_test.go        |   7 +-
 pkg/oci/client/diff.go              |   2 +-
 pkg/oci/client/diff_test.go         |   4 +-
 pkg/oci/client/login.go             |   2 +-
 pkg/oci/client/login_test.go        |   4 +-
 pkg/oci/client/pull.go              | 115 ++++++++-
 pkg/oci/client/pull_test.go         |   2 +-
 pkg/oci/client/push.go              | 129 ++++++++--
 pkg/oci/client/push_pull_test.go    | 365 +++++++++++++++++++++++-----
 pkg/oci/client/suite_test.go        |   6 +-
 pkg/oci/globals.go                  |  11 +-
 15 files changed, 573 insertions(+), 112 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index 7b8037dce..daa7615ca 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -130,7 +130,7 @@ func (cmd *ociPushCmd) Run(ctx context.Context) error {
 	}
 
 	ociClient := client.NewClient(opts)
-	digestURL, err := ociClient.Push(ctx, url, path, meta, ignorePatterns)
+	digestURL, err := ociClient.Push(ctx, url, path, client.WithPushIgnorePatterns(ignorePatterns), client.WithPushMetadata(meta))
 	if err != nil {
 		return fmt.Errorf("pushing artifact failed: %w", err)
 	}
diff --git a/pkg/oci/auth/aws/auth.go b/pkg/oci/auth/aws/auth.go
index 2f59fe41c..4ec01c820 100644
--- a/pkg/oci/auth/aws/auth.go
+++ b/pkg/oci/auth/aws/auth.go
@@ -34,7 +34,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
-var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr.([^/.]*)\.(amazonaws\.com[.cn]*)`)
+var registryPartRe = regexp.MustCompile(`([0-9+]*).dkr.ecr(?:-fips)?\.([^/.]*)\.(amazonaws\.com[.cn]*)`)
 
 // ParseRegistry returns the AWS account ID and region and `true` if
 // the image registry/repository is hosted in AWS's Elastic Container Registry,
diff --git a/pkg/oci/auth/aws/auth_test.go b/pkg/oci/auth/aws/auth_test.go
index 49bd416d0..7776fde53 100644
--- a/pkg/oci/auth/aws/auth_test.go
+++ b/pkg/oci/auth/aws/auth_test.go
@@ -57,6 +57,29 @@ func TestParseRegistry(t *testing.T) {
 			wantRegion:    "us-east-1",
 			wantOK:        true,
 		},
+		{
+			registry:      "https://012345678901.dkr.ecr.us-east-1.amazonaws.com/v2/part/part",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-east-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr.cn-north-1.amazonaws.com.cn/foo",
+			wantAccountID: "012345678901",
+			wantRegion:    "cn-north-1",
+			wantOK:        true,
+		},
+		{
+			registry:      "012345678901.dkr.ecr-fips.us-gov-west-1.amazonaws.com",
+			wantAccountID: "012345678901",
+			wantRegion:    "us-gov-west-1",
+			wantOK:        true,
+		},
+		// TODO: Fix: this invalid registry is allowed by the regex.
+		// {
+		// 	registry: ".dkr.ecr.error.amazonaws.com",
+		// 	wantOK:   false,
+		// },
 		{
 			registry: "gcr.io/foo/bar:baz",
 			wantOK:   false,
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 7641b77df..0eb95064f 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -32,6 +32,17 @@ import (
 // Build archives the given directory as a tarball to the given local path.
 // While archiving, any environment specific data (for example, the user and group name) is stripped from file headers.
 func (c *Client) Build(artifactPath, sourceDir string, ignorePatterns []gitignore.Pattern) (err error) {
+	return buildWithIgnorePatterns(artifactPath, sourceDir, ignorePatterns)
+}
+
+func buildWithIgnorePaths(artifactPath, sourceDir string, ignorePaths []string) (err error) {
+	absPath, _ := filepath.Abs(sourceDir)
+	domain := strings.Split(absPath, string(filepath.Separator))
+	patterns := sourceignore.ReadPatterns(strings.NewReader(strings.Join(ignorePaths, "\n")), domain)
+	return buildWithIgnorePatterns(artifactPath, sourceDir, patterns)
+}
+
+func buildWithIgnorePatterns(artifactPath, sourceDir string, ignorePatterns []gitignore.Pattern) (err error) {
 	absDir, err := filepath.Abs(sourceDir)
 	if err != nil {
 		return err
diff --git a/pkg/oci/client/build_test.go b/pkg/oci/client/build_test.go
index 439e954bd..e9aa139f6 100644
--- a/pkg/oci/client/build_test.go
+++ b/pkg/oci/client/build_test.go
@@ -19,7 +19,6 @@ package client
 import (
 	"bytes"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
 	"path/filepath"
@@ -32,7 +31,6 @@ import (
 
 func TestBuild(t *testing.T) {
 	g := NewWithT(t)
-	c := NewClient(DefaultOptions())
 
 	absPath := fmt.Sprintf("%s/deployment.yaml", t.TempDir())
 	err := copyFile(absPath, "testdata/artifact/deployment.yaml")
@@ -98,10 +96,7 @@ func TestBuild(t *testing.T) {
 			tmpDir := t.TempDir()
 			artifactPath := filepath.Join(tmpDir, "files.tar.gz")
 
-			absPath, _ := filepath.Abs(tt.path)
-			domain := strings.Split(absPath, string(filepath.Separator))
-			patterns := sourceignore.ReadPatterns(strings.NewReader(strings.Join(tt.ignorePath, "\n")), domain)
-			err := c.Build(artifactPath, tt.path, patterns)
+			err := buildWithIgnorePaths(artifactPath, tt.path, tt.ignorePath)
 			if tt.expectErr {
 				g.Expect(err).To(HaveOccurred())
 				return
diff --git a/pkg/oci/client/diff.go b/pkg/oci/client/diff.go
index 296c7e042..7e4914077 100644
--- a/pkg/oci/client/diff.go
+++ b/pkg/oci/client/diff.go
@@ -46,7 +46,7 @@ func (c *Client) Diff(ctx context.Context, url, dir string, ignorePatterns []git
 
 	tmpFile := filepath.Join(tmpBuildDir, "artifact.tgz")
 
-	if err := c.Build(tmpFile, dir, ignorePatterns); err != nil {
+	if err := buildWithIgnorePatterns(tmpFile, dir, ignorePatterns); err != nil {
 		return fmt.Errorf("building artifact failed: %w", err)
 	}
 
diff --git a/pkg/oci/client/diff_test.go b/pkg/oci/client/diff_test.go
index 3f71dba66..f39a26774 100644
--- a/pkg/oci/client/diff_test.go
+++ b/pkg/oci/client/diff_test.go
@@ -41,7 +41,7 @@ func TestClient_Diff(t *testing.T) {
 	}
 
 	testDir := "testdata/artifact"
-	_, err := c.Push(ctx, url, testDir, metadata, nil)
+	_, err := c.Push(ctx, url, testDir, WithPushMetadata(metadata))
 	g.Expect(err).ToNot(HaveOccurred())
 
 	err = c.Diff(ctx, url, testDir, nil)
@@ -56,7 +56,7 @@ func TestClient_Diff(t *testing.T) {
 	newTag := "v0.0.2"
 	url = fmt.Sprintf("%s/%s:%s", dockerReg, repo, newTag)
 
-	_, err = c.Push(ctx, url, tmpBuildDir, metadata, nil)
+	_, err = c.Push(ctx, url, tmpBuildDir, WithPushMetadata(metadata))
 	g.Expect(err).ToNot(HaveOccurred())
 
 	err = c.Diff(ctx, url, testDir, nil)
diff --git a/pkg/oci/client/login.go b/pkg/oci/client/login.go
index ab8b0e366..63122a12b 100644
--- a/pkg/oci/client/login.go
+++ b/pkg/oci/client/login.go
@@ -81,7 +81,7 @@ func (c *Client) LoginWithProvider(ctx context.Context, url string, provider oci
 	case oci.ProviderAzure:
 		authenticator, err = azure.NewClient().Login(ctx, true, url, ref)
 	default:
-		return errors.New(fmt.Sprintf("unsupported provider"))
+		return errors.New("unsupported provider")
 	}
 
 	if err != nil {
diff --git a/pkg/oci/client/login_test.go b/pkg/oci/client/login_test.go
index bb6e9d52e..73219209c 100644
--- a/pkg/oci/client/login_test.go
+++ b/pkg/oci/client/login_test.go
@@ -19,7 +19,7 @@ package client
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"testing"
@@ -68,7 +68,7 @@ func Test_Login(t *testing.T) {
 			transportFunc := mockTransport{
 				response: &http.Response{
 					StatusCode: http.StatusOK,
-					Body:       ioutil.NopCloser(strings.NewReader(`{}`)),
+					Body:       io.NopCloser(strings.NewReader(`{}`)),
 				},
 			}
 
diff --git a/pkg/oci/client/pull.go b/pkg/oci/client/pull.go
index 09753748e..e19845708 100644
--- a/pkg/oci/client/pull.go
+++ b/pkg/oci/client/pull.go
@@ -17,17 +17,59 @@ limitations under the License.
 package client
 
 import (
+	"bufio"
+	"bytes"
 	"context"
 	"fmt"
+	"io"
+	"os"
 
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/name"
+	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
 
 	"github.com/kluctl/kluctl/v2/pkg/tar"
 )
 
-// Pull downloads an artifact from an OCI repository and extracts the content to the given directory.
-func (c *Client) Pull(ctx context.Context, url, outDir string) (*Metadata, error) {
+var (
+	// gzipMagicHeader are bytes found at the start of gzip files
+	// https://github.com/google/go-containerregistry/blob/a54d64203cffcbf94146e04069aae4a97f228ee2/internal/gzip/zip.go#L28
+	gzipMagicHeader = []byte{'\x1f', '\x8b'}
+)
+
+// PullOptions contains options for pulling a layer.
+type PullOptions struct {
+	layerIndex int
+	layerType  LayerType
+}
+
+// PullOption is a function for configuring PullOptions.
+type PullOption func(o *PullOptions)
+
+// WithPullLayerType sets the layer type of the layer that is being pulled.
+func WithPullLayerType(l LayerType) PullOption {
+	return func(o *PullOptions) {
+		o.layerType = l
+	}
+}
+
+// WithPullLayerIndex set the index of the layer to be pulled.
+func WithPullLayerIndex(i int) PullOption {
+	return func(o *PullOptions) {
+		o.layerIndex = i
+	}
+}
+
+// Pull downloads an artifact from an OCI repository and extracts the content.
+// It untar or copies the content to the given outPath depending on the layerType.
+// If no layer type is given, it tries to determine the right type by checking compressed content of the layer.
+func (c *Client) Pull(ctx context.Context, url, outPath string, opts ...PullOption) (*Metadata, error) {
+	o := &PullOptions{
+		layerIndex: 0,
+	}
+	for _, opt := range opts {
+		opt(o)
+	}
 	ref, err := name.ParseReference(url)
 	if err != nil {
 		return nil, fmt.Errorf("invalid URL: %w", err)
@@ -61,14 +103,73 @@ func (c *Client) Pull(ctx context.Context, url, outDir string) (*Metadata, error
 		return nil, fmt.Errorf("no layers found in artifact")
 	}
 
-	blob, err := layers[0].Compressed()
+	if len(layers) < o.layerIndex+1 {
+		return nil, fmt.Errorf("index '%d' out of bound for '%d' layers in artifact", o.layerIndex, len(layers))
+	}
+
+	err = extractLayer(layers[o.layerIndex], outPath, o.layerType)
 	if err != nil {
-		return nil, fmt.Errorf("extracting first layer failed: %w", err)
+		return nil, err
 	}
+	return meta, nil
+}
 
-	if err = tar.Untar(blob, outDir, tar.WithMaxUntarSize(-1), tar.WithSkipSymlinks()); err != nil {
-		return nil, fmt.Errorf("failed to untar first layer: %w", err)
+// extractLayer extracts the Layer to the path
+func extractLayer(layer gcrv1.Layer, path string, layerType LayerType) error {
+	var blob io.Reader
+	blob, err := layer.Compressed()
+	if err != nil {
+		return fmt.Errorf("extracting layer failed: %w", err)
 	}
 
-	return meta, nil
+	actualLayerType := layerType
+	if actualLayerType == "" {
+		bufReader := bufio.NewReader(blob)
+		if ok, _ := isGzipBlob(bufReader); ok {
+			actualLayerType = LayerTypeTarball
+		} else {
+			actualLayerType = LayerTypeStatic
+		}
+		// the bufio.Reader has read the bytes from the io.Reader
+		// and should be used instead
+		blob = bufReader
+	}
+
+	return extractLayerType(path, blob, actualLayerType)
+}
+
+// extractLayerType extracts the contents of a io.Reader to the given path.
+// If the LayerType is LayerTypeTarball, it will untar to a directory,
+// If the LayerType is LayerTypeStatic, it will copy to a file.
+func extractLayerType(path string, blob io.Reader, layerType LayerType) error {
+	switch layerType {
+	case LayerTypeTarball:
+		return tar.Untar(blob, path, tar.WithMaxUntarSize(-1), tar.WithSkipSymlinks())
+	case LayerTypeStatic:
+		f, err := os.Create(path)
+		if err != nil {
+			return err
+		}
+
+		_, err = io.Copy(f, blob)
+		if err != nil {
+			return fmt.Errorf("error copying layer content: %s", err)
+		}
+		return nil
+	default:
+		return fmt.Errorf("unsupported layer type: '%s'", layerType)
+	}
+}
+
+// isGzipBlob reads the first two bytes from a bufio.Reader and
+// checks that they are equal to the expected gzip file headers.
+func isGzipBlob(buf *bufio.Reader) (bool, error) {
+	b, err := buf.Peek(len(gzipMagicHeader))
+	if err != nil {
+		if err == io.EOF {
+			return false, nil
+		}
+		return false, err
+	}
+	return bytes.Equal(b, gzipMagicHeader), nil
 }
diff --git a/pkg/oci/client/pull_test.go b/pkg/oci/client/pull_test.go
index d28c08585..9c66fedd3 100644
--- a/pkg/oci/client/pull_test.go
+++ b/pkg/oci/client/pull_test.go
@@ -43,7 +43,7 @@ func Test_PullAnyTarball(t *testing.T) {
 	dst := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
 
 	artifact := filepath.Join(t.TempDir(), "artifact.tgz")
-	g.Expect(c.Build(artifact, testDir, nil)).To(Succeed())
+	g.Expect(buildWithIgnorePaths(artifact, testDir, nil)).To(Succeed())
 
 	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
 	img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
diff --git a/pkg/oci/client/push.go b/pkg/oci/client/push.go
index 95145a42f..a7e970669 100644
--- a/pkg/oci/client/push.go
+++ b/pkg/oci/client/push.go
@@ -29,45 +29,101 @@ import (
 	gcrv1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/static"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
 
 	"github.com/kluctl/kluctl/v2/pkg/oci"
 )
 
-// Push creates an artifact from the given directory, uploads the artifact
+// LayerType is an enumeration of the supported layer types
+// when pushing an image.
+type LayerType string
+
+const (
+	// LayerTypeTarball produces a layer that contains a gzipped archive
+	LayerTypeTarball LayerType = "tarball"
+	// LayerTypeStatic produces a layer that contains the contents of a
+	// file without any compression.
+	LayerTypeStatic LayerType = "static"
+)
+
+// PushOptions are options for configuring the Push operation.
+type PushOptions struct {
+	layerType LayerType
+	layerOpts layerOptions
+	meta      Metadata
+}
+
+// layerOptions are options for configuring a layer.
+type layerOptions struct {
+	mediaTypeExt string
+
+	ignorePatterns []gitignore.Pattern
+}
+
+// PushOption is a function for configuring PushOptions.
+type PushOption func(o *PushOptions)
+
+// WithPushLayerType set the layer type that will be used when creating
+// the image layer.
+func WithPushLayerType(l LayerType) PushOption {
+	return func(o *PushOptions) {
+		o.layerType = l
+	}
+}
+
+// WithPushMediaTypeExt configures the media type extension for the image layer.
+// This is only used when the layer type is `LayerTypeStatic`.
+// The final media type will be prefixed with `application/vnd.cncf.flux.content.v1`
+func WithPushMediaTypeExt(extension string) PushOption {
+	return func(o *PushOptions) {
+		o.layerOpts.mediaTypeExt = extension
+	}
+}
+
+// WithPushIgnoreFileName specified the ignore file name
+func WithPushIgnorePatterns(patterns []gitignore.Pattern) PushOption {
+	return func(o *PushOptions) {
+		o.layerOpts.ignorePatterns = patterns
+	}
+}
+
+// WithPushMetadata configures Metadata that will be used for image annotations.
+func WithPushMetadata(meta Metadata) PushOption {
+	return func(o *PushOptions) {
+		o.meta = meta
+	}
+}
+
+// Push creates an artifact from the given path, uploads the artifact
 // to the given OCI repository and returns the digest.
-func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata, ignorePatterns []gitignore.Pattern) (string, error) {
+func (c *Client) Push(ctx context.Context, url, sourcePath string, opts ...PushOption) (string, error) {
+	o := &PushOptions{
+		layerType: LayerTypeTarball,
+	}
+
+	for _, opt := range opts {
+		opt(o)
+	}
 	ref, err := name.ParseReference(url)
 	if err != nil {
 		return "", fmt.Errorf("invalid URL: %w", err)
 	}
 
-	tmpDir, err := os.MkdirTemp("", "oci")
+	layer, err := createLayer(sourcePath, o.layerType, o.layerOpts)
 	if err != nil {
-		return "", err
-	}
-	defer os.RemoveAll(tmpDir)
-
-	tmpFile := filepath.Join(tmpDir, "artifact.tgz")
-
-	if err := c.Build(tmpFile, sourceDir, ignorePatterns); err != nil {
-		return "", err
+		return "", fmt.Errorf("error creating layer: %w", err)
 	}
 
-	if meta.Created == "" {
+	if o.meta.Created == "" {
 		ct := time.Now().UTC()
-		meta.Created = ct.Format(time.RFC3339)
+		o.meta.Created = ct.Format(time.RFC3339)
 	}
 
 	img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
 	img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
-	img = mutate.Annotations(img, meta.ToAnnotations()).(gcrv1.Image)
-
-	layer, err := tarball.LayerFromFile(tmpFile, tarball.WithMediaType(oci.CanonicalContentMediaType))
-	if err != nil {
-		return "", fmt.Errorf("creating content layer failed: %w", err)
-	}
+	img = mutate.Annotations(img, o.meta.ToAnnotations()).(gcrv1.Image)
 
 	img, err = mutate.Append(img, mutate.Addendum{Layer: layer})
 	if err != nil {
@@ -85,3 +141,38 @@ func (c *Client) Push(ctx context.Context, url, sourceDir string, meta Metadata,
 
 	return ref.Context().Digest(digest.String()).String(), err
 }
+
+// createLayer creates a layer depending on the layerType.
+func createLayer(path string, layerType LayerType, opts layerOptions) (gcrv1.Layer, error) {
+	switch layerType {
+	case LayerTypeTarball:
+		var ociMediaType = oci.CanonicalContentMediaType
+		var tmpDir string
+		tmpDir, err := os.MkdirTemp("", "oci")
+		if err != nil {
+			return nil, err
+		}
+		defer os.RemoveAll(tmpDir)
+		tmpFile := filepath.Join(tmpDir, "artifact.tgz")
+		if err := buildWithIgnorePatterns(tmpFile, path, opts.ignorePatterns); err != nil {
+			return nil, err
+		}
+		return tarball.LayerFromFile(tmpFile, tarball.WithMediaType(ociMediaType), tarball.WithCompressedCaching)
+	case LayerTypeStatic:
+		var ociMediaType = getLayerMediaType(opts.mediaTypeExt)
+		content, err := os.ReadFile(path)
+		if err != nil {
+			return nil, fmt.Errorf("error reading file for static layer: %w", err)
+		}
+		return static.NewLayer(content, ociMediaType), nil
+	default:
+		return nil, fmt.Errorf("unsupported layer type: '%s'", layerType)
+	}
+}
+
+func getLayerMediaType(extension string) types.MediaType {
+	if extension == "" {
+		return oci.CanonicalMediaTypePrefix
+	}
+	return types.MediaType(fmt.Sprintf("%s.%s", oci.CanonicalMediaTypePrefix, extension))
+}
diff --git a/pkg/oci/client/push_pull_test.go b/pkg/oci/client/push_pull_test.go
index 1dbc3a1aa..5263588c7 100644
--- a/pkg/oci/client/push_pull_test.go
+++ b/pkg/oci/client/push_pull_test.go
@@ -17,17 +17,22 @@ limitations under the License.
 package client
 
 import (
+	"bufio"
+	"bytes"
 	"context"
 	"fmt"
 	"io/fs"
 	"os"
 	"path/filepath"
-	"runtime"
 	"strings"
 	"testing"
 	"time"
 
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/static"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
 	. "github.com/onsi/gomega"
 
@@ -35,81 +40,311 @@ import (
 )
 
 func Test_Push_Pull(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip()
-	}
-
-	g := NewWithT(t)
 	ctx := context.Background()
 	c := NewClient(DefaultOptions())
-	testDir := "testdata/artifact"
-	tag := "v0.0.1"
 	source := "github.com/fluxcd/flux2"
 	revision := "rev"
 	repo := "test-push" + randStringRunes(5)
 	ct := time.Now().UTC()
 	created := ct.Format(time.RFC3339)
 
-	url := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag)
-	metadata := Metadata{
-		Source:   source,
-		Revision: revision,
-		Created:  created,
-		Annotations: map[string]string{
-			"org.opencontainers.image.documentation": "https://my/readme.md",
-			"org.opencontainers.image.licenses":      "Apache-2.0",
+	tests := []struct {
+		name              string
+		sourcePath        string
+		tag               string
+		ignorePaths       []string
+		pushOpts          []PushOption
+		pullOpts          []PullOption
+		pushFn            func(url string, path string) error
+		testLayerType     LayerType
+		testLayerIndex    int
+		expectedNumLayers int
+		expectedPullErr   bool
+		expectedPushErr   bool
+		expectedMediaType types.MediaType
+	}{
+		{
+			name:              "push directory (default layer type)",
+			tag:               "v0.0.1",
+			sourcePath:        "testdata/artifact",
+			testLayerType:     LayerTypeTarball,
+			expectedMediaType: oci.CanonicalContentMediaType,
+		},
+		{
+			name:       "push directory (specify layer type)",
+			tag:        "v0.0.1",
+			sourcePath: "testdata/artifact",
+			pushOpts: []PushOption{
+				WithPushLayerType(LayerTypeTarball),
+			},
+			pullOpts: []PullOption{
+				WithPullLayerType(LayerTypeTarball),
+			},
+			testLayerType:     LayerTypeTarball,
+			expectedMediaType: oci.CanonicalContentMediaType,
+		},
+		{
+			name:       "push static file",
+			tag:        "v0.0.2",
+			sourcePath: "testdata/artifact/deployment.yaml",
+			pushOpts: []PushOption{
+				WithPushLayerType(LayerTypeStatic),
+				WithPushMediaTypeExt("ml"),
+			},
+			pullOpts: []PullOption{
+				WithPullLayerType(LayerTypeStatic),
+			},
+			testLayerType:     LayerTypeStatic,
+			expectedMediaType: getLayerMediaType("ml"),
+		},
+		{
+			name:       "push directory as static layer (should return error)",
+			sourcePath: "testdata/artifact",
+			pushOpts: []PushOption{
+				WithPushLayerType(LayerTypeStatic),
+			},
+			expectedPushErr: true,
+		},
+		{
+			name:       "push static file without media type extension (automatic layer detection for pull)",
+			tag:        "v0.0.2",
+			sourcePath: "testdata/artifact/deployment.yaml",
+			pushOpts: []PushOption{
+				WithPushLayerType(LayerTypeStatic),
+			},
+			testLayerType:     LayerTypeStatic,
+			expectedMediaType: oci.CanonicalMediaTypePrefix,
+		},
+		{
+			name:       "push directory and pull archive (push with LayerTypeTarball and pull with LayerTypeStatic)",
+			tag:        "v0.0.2",
+			sourcePath: "testdata/artifact",
+			pullOpts: []PullOption{
+				WithPullLayerType(LayerTypeStatic),
+			},
+			testLayerType:     LayerTypeStatic,
+			expectedMediaType: oci.CanonicalContentMediaType,
+		},
+		{
+			name:              "push static artifact (and with LayerTypeTarball PullOption - should return error)",
+			tag:               "static-flux",
+			sourcePath:        "testdata/artifact/deployment.yaml",
+			pullOpts:          []PullOption{WithPullLayerType(LayerTypeTarball)},
+			pushOpts:          []PushOption{WithPushLayerType(LayerTypeStatic)},
+			expectedPullErr:   true,
+			expectedMediaType: oci.CanonicalMediaTypePrefix,
+		},
+		{
+			name:       "two layers in image (specify index)",
+			tag:        "two-layers",
+			sourcePath: "testdata/artifact",
+			pullOpts:   []PullOption{WithPullLayerType(LayerTypeTarball), WithPullLayerIndex(1)},
+			pushFn: func(url string, path string) error {
+				artifact := filepath.Join(t.TempDir(), "artifact.tgz")
+				err := buildWithIgnorePaths(artifact, path, nil)
+				if err != nil {
+					return err
+				}
+
+				img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
+				img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
+
+				layer1 := static.NewLayer([]byte("test-byte"), oci.CanonicalMediaTypePrefix)
+
+				layer2, err := tarball.LayerFromFile(artifact, tarball.WithMediaType(oci.CanonicalContentMediaType))
+				if err != nil {
+					return err
+				}
+
+				img, err = mutate.Append(img, mutate.Addendum{Layer: layer1}, mutate.Addendum{Layer: layer2})
+				if err != nil {
+					return err
+				}
+
+				err = crane.Push(img, url, c.optionsWithContext(ctx)...)
+				if err != nil {
+					return err
+				}
+				return err
+			},
+			testLayerIndex:    1,
+			testLayerType:     LayerTypeTarball,
+			expectedNumLayers: 2,
+			expectedMediaType: oci.CanonicalContentMediaType,
+		},
+		{
+			name:       "specify wrong layer (should return error)",
+			tag:        "not-flux",
+			sourcePath: "testdata/artifact",
+			pullOpts:   []PullOption{WithPullLayerType(LayerTypeTarball), WithPullLayerIndex(1)},
+			pushFn: func(url string, path string) error {
+				artifact := filepath.Join(t.TempDir(), "artifact.tgz")
+				err := buildWithIgnorePaths(artifact, path, nil)
+				if err != nil {
+					return err
+				}
+
+				img := mutate.MediaType(empty.Image, types.OCIManifestSchema1)
+				img = mutate.ConfigMediaType(img, oci.CanonicalConfigMediaType)
+
+				layer1, err := tarball.LayerFromFile(artifact, tarball.WithMediaType(oci.CanonicalContentMediaType))
+				if err != nil {
+					return err
+				}
+
+				img, err = mutate.Append(img, mutate.Addendum{Layer: layer1})
+				if err != nil {
+					return err
+				}
+
+				dst := fmt.Sprintf("%s/%s:%s", dockerReg, repo, "not-flux")
+				err = crane.Push(img, dst, c.optionsWithContext(ctx)...)
+				if err != nil {
+					return err
+				}
+				return err
+			},
+			expectedMediaType: oci.CanonicalContentMediaType,
+			expectedPullErr:   true,
 		},
 	}
 
-	// Build and push the artifact to registry
-	_, err := c.Push(ctx, url, testDir, metadata, nil)
-	g.Expect(err).ToNot(HaveOccurred())
-
-	// Verify that the artifact and its tag is present in the registry
-	tags, err := crane.ListTags(fmt.Sprintf("%s/%s", dockerReg, repo))
-	g.Expect(err).ToNot(HaveOccurred())
-	g.Expect(len(tags)).To(BeEquivalentTo(1))
-	g.Expect(tags[0]).To(BeEquivalentTo(tag))
-
-	// Pull the artifact from registry
-	image, err := crane.Pull(fmt.Sprintf("%s/%s:%s", dockerReg, repo, tag))
-	g.Expect(err).ToNot(HaveOccurred())
-
-	// Extract the manifest from the pulled artifact
-	manifest, err := image.Manifest()
-	g.Expect(err).ToNot(HaveOccurred())
-
-	// Verify that annotations exist in manifest
-	g.Expect(manifest.Annotations[oci.CreatedAnnotation]).To(BeEquivalentTo(created))
-	g.Expect(manifest.Annotations[oci.SourceAnnotation]).To(BeEquivalentTo(source))
-	g.Expect(manifest.Annotations[oci.RevisionAnnotation]).To(BeEquivalentTo(revision))
-
-	// Verify media types
-	g.Expect(manifest.MediaType).To(Equal(types.OCIManifestSchema1))
-	g.Expect(manifest.Config.MediaType).To(BeEquivalentTo(oci.CanonicalConfigMediaType))
-	g.Expect(len(manifest.Layers)).To(BeEquivalentTo(1))
-	g.Expect(manifest.Layers[0].MediaType).To(BeEquivalentTo(oci.CanonicalContentMediaType))
-
-	tmpDir := t.TempDir()
-
-	// Pull the artifact from registry and extract its contents to tmp
-	meta, err := c.Pull(ctx, url, tmpDir)
-	g.Expect(err).ToNot(HaveOccurred())
-
-	// Verify custom annotations
-	g.Expect(meta.Annotations["org.opencontainers.image.documentation"]).To(BeEquivalentTo("https://my/readme.md"))
-	g.Expect(meta.Annotations["org.opencontainers.image.licenses"]).To(BeEquivalentTo("Apache-2.0"))
-
-	// Walk the test directory and check that all files exist in the pulled artifact
-	fsErr := filepath.Walk(testDir, func(path string, info fs.FileInfo, err error) error {
-		if !info.IsDir() {
-			tmpPath := filepath.Join(tmpDir, strings.TrimPrefix(path, testDir))
-			if _, err := os.Stat(tmpPath); err != nil && os.IsNotExist(err) {
-				return fmt.Errorf("path '%s' doesn't exist in archive", path)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			url := fmt.Sprintf("%s/%s:%s", dockerReg, repo, tt.tag)
+			metadata := Metadata{
+				Source:   source,
+				Revision: revision,
+				Created:  created,
+				Annotations: map[string]string{
+					"org.opencontainers.image.documentation": "https://my/readme.md",
+					"org.opencontainers.image.licenses":      "Apache-2.0",
+				},
+			}
+			opts := append(tt.pushOpts, WithPushMetadata(metadata))
+
+			// Build and push the artifact to registry
+			var err error
+			if tt.pushFn == nil {
+				_, err = c.Push(ctx, url, tt.sourcePath, opts...)
+			} else {
+				err = tt.pushFn(url, tt.sourcePath)
 			}
-		}
+			if tt.expectedPushErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+
+			g.Expect(err).To(Not(HaveOccurred()))
+			// Verify that the artifact and its tag is present in the registry
+			tags, err := crane.ListTags(fmt.Sprintf("%s/%s", dockerReg, repo))
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(tags).To(ContainElement(tt.tag))
+
+			// Pull the artifact from registry
+			image, err := crane.Pull(fmt.Sprintf("%s/%s:%s", dockerReg, repo, tt.tag))
+			g.Expect(err).ToNot(HaveOccurred())
 
-		return nil
-	})
-	g.Expect(fsErr).ToNot(HaveOccurred())
+			// Extract the manifest from the pulled artifact
+			manifest, err := image.Manifest()
+			g.Expect(err).ToNot(HaveOccurred())
+
+			// Verify that annotations exist in manifest
+			if len(manifest.Annotations) != 0 {
+				g.Expect(manifest.Annotations[oci.CreatedAnnotation]).To(BeEquivalentTo(created))
+				g.Expect(manifest.Annotations[oci.SourceAnnotation]).To(BeEquivalentTo(source))
+				g.Expect(manifest.Annotations[oci.RevisionAnnotation]).To(BeEquivalentTo(revision))
+			}
+
+			// Verify media types
+			g.Expect(manifest.MediaType).To(Equal(types.OCIManifestSchema1))
+			g.Expect(manifest.Config.MediaType).To(BeEquivalentTo(oci.CanonicalConfigMediaType))
+
+			numLayers := 1
+			layerIdx := 0
+			if tt.expectedNumLayers > 0 {
+				numLayers = tt.expectedNumLayers
+				layerIdx = tt.testLayerIndex
+			}
+			g.Expect(len(manifest.Layers)).To(BeEquivalentTo(numLayers))
+			g.Expect(manifest.Layers[layerIdx].MediaType).To(BeEquivalentTo(tt.expectedMediaType))
+
+			// Verify custom annotations
+			meta := MetadataFromAnnotations(manifest.Annotations)
+			if len(meta.Annotations) > 0 {
+				g.Expect(meta.Annotations["org.opencontainers.image.documentation"]).To(BeEquivalentTo("https://my/readme.md"))
+				g.Expect(meta.Annotations["org.opencontainers.image.licenses"]).To(BeEquivalentTo("Apache-2.0"))
+			}
+
+			// Pull the artifact from registry and extract its contents to tmp
+			tmpPath := filepath.Join(t.TempDir(), "artifact")
+			_, err = c.Pull(ctx, url, tmpPath, tt.pullOpts...)
+			if tt.expectedPullErr {
+				g.Expect(err).To(HaveOccurred())
+				return
+			}
+			g.Expect(err).ToNot(HaveOccurred())
+
+			switch tt.testLayerType {
+			case LayerTypeTarball:
+				// Walk the test directory and check that all files exist in the pulled artifact
+				fsErr := filepath.Walk(tt.sourcePath, func(path string, info fs.FileInfo, err error) error {
+					if !info.IsDir() {
+						tmpPath := filepath.Join(tmpPath, strings.TrimPrefix(path, tt.sourcePath))
+						if _, err := os.Stat(tmpPath); err != nil && os.IsNotExist(err) {
+							return fmt.Errorf("path '%s' doesn't exist in archive", path)
+						}
+					}
+
+					return nil
+				})
+				g.Expect(fsErr).ToNot(HaveOccurred())
+			case LayerTypeStatic:
+				got, err := os.ReadFile(tmpPath)
+				g.Expect(err).ToNot(HaveOccurred())
+
+				fileInfo, err := os.Stat(tt.sourcePath)
+				// if a directory was pushed, then the created file should be a gzipped archive
+				if fileInfo.IsDir() {
+					bufReader := bufio.NewReader(bytes.NewReader(got))
+					g.Expect(isGzipBlob(bufReader)).To(BeTrue())
+					return
+				}
+
+				expected, err := os.ReadFile(tt.sourcePath)
+				g.Expect(err).ToNot(HaveOccurred())
+
+				g.Expect(expected).To(Equal(got))
+			default:
+				t.Errorf("no layer type specified for test")
+			}
+		})
+	}
+}
+
+func Test_getLayerMediaType(t *testing.T) {
+	tests := []struct {
+		name              string
+		ext               string
+		expectedMediaType types.MediaType
+	}{
+		{
+			name:              "default oci media type",
+			expectedMediaType: oci.CanonicalMediaTypePrefix,
+		},
+		{
+			name:              "oci media type with extension",
+			ext:               "test",
+			expectedMediaType: types.MediaType(fmt.Sprintf("%s.test", oci.CanonicalMediaTypePrefix)),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			got := getLayerMediaType(tt.ext)
+			g.Expect(got).To(BeEquivalentTo(tt.expectedMediaType))
+		})
+	}
 }
diff --git a/pkg/oci/client/suite_test.go b/pkg/oci/client/suite_test.go
index ac7650101..9ef13984b 100644
--- a/pkg/oci/client/suite_test.go
+++ b/pkg/oci/client/suite_test.go
@@ -26,7 +26,6 @@ import (
 	"time"
 
 	"github.com/distribution/distribution/v3/configuration"
-	dcontext "github.com/distribution/distribution/v3/context"
 	"github.com/distribution/distribution/v3/registry"
 	_ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
 	_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
@@ -44,9 +43,8 @@ func setupRegistryServer(ctx context.Context) error {
 	config := &configuration.Configuration{}
 	config.Log.AccessLog.Disabled = true
 	config.Log.Level = "error"
-	logger := logrus.New()
-	logger.SetOutput(io.Discard)
-	dcontext.SetDefaultLogger(logrus.NewEntry(logger))
+	logrus.SetOutput(io.Discard)
+
 	port, err := freeport.GetFreePort()
 	if err != nil {
 		return fmt.Errorf("failed to get free port: %s", err)
diff --git a/pkg/oci/globals.go b/pkg/oci/globals.go
index 867815efd..9b9d53f1a 100644
--- a/pkg/oci/globals.go
+++ b/pkg/oci/globals.go
@@ -16,14 +16,21 @@ limitations under the License.
 
 package oci
 
-import "github.com/google/go-containerregistry/pkg/v1/types"
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
 
 var (
 	// CanonicalConfigMediaType is the OCI media type for the config layer.
 	CanonicalConfigMediaType types.MediaType = "application/vnd.io.kluctl.config.v1+json"
 
+	// CanonicalMediaTypePrefix is the suffix for OCI media type for the content layer.
+	CanonicalMediaTypePrefix types.MediaType = "application/vnd.io.kluctl.content.v1"
+
 	// CanonicalContentMediaType is the OCI media type for the content layer.
-	CanonicalContentMediaType types.MediaType = "application/vnd.io.kluctl.content.v1.tar+gzip"
+	CanonicalContentMediaType = types.MediaType(fmt.Sprintf("%s.tar+gzip", CanonicalMediaTypePrefix))
 
 	// UserAgent string used for OCI calls.
 	UserAgent = "kluctl/v2"

From 01c9720aaaf17c034e21549cac6abcdfce66eb86 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 23:31:58 +0200
Subject: [PATCH 2046/2268] fix: Use full implementation of RenameWithFallback

---
 pkg/oci/client/build.go                      |  34 +-
 pkg/oci/client/internal/fs/LICENSE           |  27 ++
 pkg/oci/client/internal/fs/fs.go             | 345 +++++++++++++++++++
 pkg/oci/client/internal/fs/rename.go         |  31 ++
 pkg/oci/client/internal/fs/rename_windows.go |  42 +++
 5 files changed, 447 insertions(+), 32 deletions(-)
 create mode 100644 pkg/oci/client/internal/fs/LICENSE
 create mode 100644 pkg/oci/client/internal/fs/fs.go
 create mode 100644 pkg/oci/client/internal/fs/rename.go
 create mode 100644 pkg/oci/client/internal/fs/rename_windows.go

diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 0eb95064f..ac4e57ed5 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -21,6 +21,7 @@ import (
 	"compress/gzip"
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/pkg/oci/client/internal/fs"
 	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
@@ -156,38 +157,7 @@ func buildWithIgnorePatterns(artifactPath, sourceDir string, ignorePatterns []gi
 		return err
 	}
 
-	return renameWithFallback(tmpName, artifactPath)
-}
-
-func renameWithFallback(src, dst string) error {
-	err := os.Rename(src, dst)
-	if err == nil {
-		return nil
-	}
-
-	f, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	f2, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, err)
-	}
-	defer f2.Close()
-
-	_, err = io.Copy(f2, f)
-	if err != nil {
-		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, err)
-	}
-
-	err = os.Remove(src)
-	if err != nil {
-		return fmt.Errorf("rename fallback failed: cannot delete %s", src)
-	}
-
-	return nil
+	return fs.RenameWithFallback(tmpName, artifactPath)
 }
 
 type writeCounter struct {
diff --git a/pkg/oci/client/internal/fs/LICENSE b/pkg/oci/client/internal/fs/LICENSE
new file mode 100644
index 000000000..a2dd15faf
--- /dev/null
+++ b/pkg/oci/client/internal/fs/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2014 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/oci/client/internal/fs/fs.go b/pkg/oci/client/internal/fs/fs.go
new file mode 100644
index 000000000..21cf96e69
--- /dev/null
+++ b/pkg/oci/client/internal/fs/fs.go
@@ -0,0 +1,345 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fs
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+	"syscall"
+)
+
+// RenameWithFallback attempts to rename a file or directory, but falls back to
+// copying in the event of a cross-device link error. If the fallback copy
+// succeeds, src is still removed, emulating normal rename behavior.
+func RenameWithFallback(src, dst string) error {
+	_, err := os.Stat(src)
+	if err != nil {
+		return fmt.Errorf("cannot stat %s: %w", src, err)
+	}
+
+	err = os.Rename(src, dst)
+	if err == nil {
+		return nil
+	}
+
+	return renameFallback(err, src, dst)
+}
+
+// renameByCopy attempts to rename a file or directory by copying it to the
+// destination and then removing the src thus emulating the rename behavior.
+func renameByCopy(src, dst string) error {
+	var cerr error
+	if dir, _ := IsDir(src); dir {
+		cerr = CopyDir(src, dst)
+		if cerr != nil {
+			cerr = fmt.Errorf("copying directory failed: %w", cerr)
+		}
+	} else {
+		cerr = copyFile(src, dst)
+		if cerr != nil {
+			cerr = fmt.Errorf("copying file failed: %w", cerr)
+		}
+	}
+
+	if cerr != nil {
+		return fmt.Errorf("rename fallback failed: cannot rename %s to %s: %w", src, dst, cerr)
+	}
+
+	if err := os.RemoveAll(src); err != nil {
+		return fmt.Errorf("cannot delete %s: %w", src, err)
+	}
+
+	return nil
+}
+
+var (
+	errSrcNotDir = errors.New("source is not a directory")
+	errDstExist  = errors.New("destination already exists")
+)
+
+// CopyDir recursively copies a directory tree, attempting to preserve permissions.
+// Source directory must exist, destination directory must *not* exist.
+func CopyDir(src, dst string) error {
+	src = filepath.Clean(src)
+	dst = filepath.Clean(dst)
+
+	// We use os.Lstat() here to ensure we don't fall in a loop where a symlink
+	// actually links to a one of its parent directories.
+	fi, err := os.Lstat(src)
+	if err != nil {
+		return err
+	}
+	if !fi.IsDir() {
+		return errSrcNotDir
+	}
+
+	_, err = os.Stat(dst)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+	if err == nil {
+		return errDstExist
+	}
+
+	if err = os.MkdirAll(dst, fi.Mode()); err != nil {
+		return fmt.Errorf("cannot mkdir %s: %w", dst, err)
+	}
+
+	entries, err := os.ReadDir(src)
+	if err != nil {
+		return fmt.Errorf("cannot read directory %s: %w", dst, err)
+	}
+
+	for _, entry := range entries {
+		srcPath := filepath.Join(src, entry.Name())
+		dstPath := filepath.Join(dst, entry.Name())
+
+		if entry.IsDir() {
+			if err = CopyDir(srcPath, dstPath); err != nil {
+				return fmt.Errorf("copying directory failed: %w", err)
+			}
+		} else {
+			// This will include symlinks, which is what we want when
+			// copying things.
+			if err = copyFile(srcPath, dstPath); err != nil {
+				return fmt.Errorf("copying file failed: %w", err)
+			}
+		}
+	}
+
+	return nil
+}
+
+// copyFile copies the contents of the file named src to the file named
+// by dst. The file will be created if it does not already exist. If the
+// destination file exists, all its contents will be replaced by the contents
+// of the source file. The file mode will be copied from the source.
+func copyFile(src, dst string) (err error) {
+	if sym, err := IsSymlink(src); err != nil {
+		return fmt.Errorf("symlink check failed: %w", err)
+	} else if sym {
+		if err := cloneSymlink(src, dst); err != nil {
+			if runtime.GOOS == "windows" {
+				// If cloning the symlink fails on Windows because the user
+				// does not have the required privileges, ignore the error and
+				// fall back to copying the file contents.
+				//
+				// ERROR_PRIVILEGE_NOT_HELD is 1314 (0x522):
+				// https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
+				if lerr, ok := err.(*os.LinkError); ok && lerr.Err != syscall.Errno(1314) {
+					return err
+				}
+			} else {
+				return err
+			}
+		} else {
+			return nil
+		}
+	}
+
+	in, err := os.Open(src)
+	if err != nil {
+		return
+	}
+	defer in.Close()
+
+	out, err := os.Create(dst)
+	if err != nil {
+		return
+	}
+
+	if _, err = io.Copy(out, in); err != nil {
+		out.Close()
+		return
+	}
+
+	// Check for write errors on Close
+	if err = out.Close(); err != nil {
+		return
+	}
+
+	si, err := os.Stat(src)
+	if err != nil {
+		return
+	}
+
+	// Temporary fix for Go < 1.9
+	//
+	// See: https://github.com/golang/dep/issues/774
+	// and https://github.com/golang/go/issues/20829
+	if runtime.GOOS == "windows" {
+		dst = fixLongPath(dst)
+	}
+	err = os.Chmod(dst, si.Mode())
+
+	return
+}
+
+// cloneSymlink will create a new symlink that points to the resolved path of sl.
+// If sl is a relative symlink, dst will also be a relative symlink.
+func cloneSymlink(sl, dst string) error {
+	resolved, err := os.Readlink(sl)
+	if err != nil {
+		return err
+	}
+
+	return os.Symlink(resolved, dst)
+}
+
+// IsDir determines is the path given is a directory or not.
+func IsDir(name string) (bool, error) {
+	fi, err := os.Stat(name)
+	if err != nil {
+		return false, err
+	}
+	if !fi.IsDir() {
+		return false, fmt.Errorf("%q is not a directory", name)
+	}
+	return true, nil
+}
+
+// IsSymlink determines if the given path is a symbolic link.
+func IsSymlink(path string) (bool, error) {
+	l, err := os.Lstat(path)
+	if err != nil {
+		return false, err
+	}
+
+	return l.Mode()&os.ModeSymlink == os.ModeSymlink, nil
+}
+
+// fixLongPath returns the extended-length (\\?\-prefixed) form of
+// path when needed, in order to avoid the default 260 character file
+// path limit imposed by Windows. If path is not easily converted to
+// the extended-length form (for example, if path is a relative path
+// or contains .. elements), or is short enough, fixLongPath returns
+// path unmodified.
+//
+// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath
+func fixLongPath(path string) string {
+	// Do nothing (and don't allocate) if the path is "short".
+	// Empirically (at least on the Windows Server 2013 builder),
+	// the kernel is arbitrarily okay with < 248 bytes. That
+	// matches what the docs above say:
+	// "When using an API to create a directory, the specified
+	// path cannot be so long that you cannot append an 8.3 file
+	// name (that is, the directory name cannot exceed MAX_PATH
+	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
+	//
+	// The MSDN docs appear to say that a normal path that is 248 bytes long
+	// will work; empirically the path must be less then 248 bytes long.
+	if len(path) < 248 {
+		// Don't fix. (This is how Go 1.7 and earlier worked,
+		// not automatically generating the \\?\ form)
+		return path
+	}
+
+	// The extended form begins with \\?\, as in
+	// \\?\c:\windows\foo.txt or \\?\UNC\server\share\foo.txt.
+	// The extended form disables evaluation of . and .. path
+	// elements and disables the interpretation of / as equivalent
+	// to \. The conversion here rewrites / to \ and elides
+	// . elements as well as trailing or duplicate separators. For
+	// simplicity it avoids the conversion entirely for relative
+	// paths or paths containing .. elements. For now,
+	// \\server\share paths are not converted to
+	// \\?\UNC\server\share paths because the rules for doing so
+	// are less well-specified.
+	if len(path) >= 2 && path[:2] == `\\` {
+		// Don't canonicalize UNC paths.
+		return path
+	}
+	if !isAbs(path) {
+		// Relative path
+		return path
+	}
+
+	const prefix = `\\?`
+
+	pathbuf := make([]byte, len(prefix)+len(path)+len(`\`))
+	copy(pathbuf, prefix)
+	n := len(path)
+	r, w := 0, len(prefix)
+	for r < n {
+		switch {
+		case os.IsPathSeparator(path[r]):
+			// empty block
+			r++
+		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
+			// /./
+			r++
+		case r+1 < n && path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
+			// /../ is currently unhandled
+			return path
+		default:
+			pathbuf[w] = '\\'
+			w++
+			for ; r < n && !os.IsPathSeparator(path[r]); r++ {
+				pathbuf[w] = path[r]
+				w++
+			}
+		}
+	}
+	// A drive's root directory needs a trailing \
+	if w == len(`\\?\c:`) {
+		pathbuf[w] = '\\'
+		w++
+	}
+	return string(pathbuf[:w])
+}
+
+func isAbs(path string) (b bool) {
+	v := volumeName(path)
+	if v == "" {
+		return false
+	}
+	path = path[len(v):]
+	if path == "" {
+		return false
+	}
+	return os.IsPathSeparator(path[0])
+}
+
+func volumeName(path string) (v string) {
+	if len(path) < 2 {
+		return ""
+	}
+	// with drive letter
+	c := path[0]
+	if path[1] == ':' &&
+		('0' <= c && c <= '9' || 'a' <= c && c <= 'z' ||
+			'A' <= c && c <= 'Z') {
+		return path[:2]
+	}
+	// is it UNC
+	if l := len(path); l >= 5 && os.IsPathSeparator(path[0]) && os.IsPathSeparator(path[1]) &&
+		!os.IsPathSeparator(path[2]) && path[2] != '.' {
+		// first, leading `\\` and next shouldn't be `\`. its server name.
+		for n := 3; n < l-1; n++ {
+			// second, next '\' shouldn't be repeated.
+			if os.IsPathSeparator(path[n]) {
+				n++
+				// third, following something characters. its share name.
+				if !os.IsPathSeparator(path[n]) {
+					if path[n] == '.' {
+						break
+					}
+					for ; n < l; n++ {
+						if os.IsPathSeparator(path[n]) {
+							break
+						}
+					}
+					return path[:n]
+				}
+				break
+			}
+		}
+	}
+	return ""
+}
diff --git a/pkg/oci/client/internal/fs/rename.go b/pkg/oci/client/internal/fs/rename.go
new file mode 100644
index 000000000..bad1f4778
--- /dev/null
+++ b/pkg/oci/client/internal/fs/rename.go
@@ -0,0 +1,31 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !windows
+// +build !windows
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+)
+
+// renameFallback attempts to determine the appropriate fallback to failed rename
+// operation depending on the resulting error.
+func renameFallback(err error, src, dst string) error {
+	// Rename may fail if src and dst are on different devices; fall back to
+	// copy if we detect that case. syscall.EXDEV is the common name for the
+	// cross device link error which has varying output text across different
+	// operating systems.
+	terr, ok := err.(*os.LinkError)
+	if !ok {
+		return err
+	} else if terr.Err != syscall.EXDEV {
+		return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
+	}
+
+	return renameByCopy(src, dst)
+}
diff --git a/pkg/oci/client/internal/fs/rename_windows.go b/pkg/oci/client/internal/fs/rename_windows.go
new file mode 100644
index 000000000..fa9a0b4d9
--- /dev/null
+++ b/pkg/oci/client/internal/fs/rename_windows.go
@@ -0,0 +1,42 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build windows
+// +build windows
+
+package fs
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+)
+
+// renameFallback attempts to determine the appropriate fallback to failed rename
+// operation depending on the resulting error.
+func renameFallback(err error, src, dst string) error {
+	// Rename may fail if src and dst are on different devices; fall back to
+	// copy if we detect that case. syscall.EXDEV is the common name for the
+	// cross device link error which has varying output text across different
+	// operating systems.
+	terr, ok := err.(*os.LinkError)
+	if !ok {
+		return err
+	}
+
+	if terr.Err != syscall.EXDEV {
+		// In windows it can drop down to an operating system call that
+		// returns an operating system error with a different number and
+		// message. Checking for that as a fall back.
+		noerr, ok := terr.Err.(syscall.Errno)
+
+		// 0x11 (ERROR_NOT_SAME_DEVICE) is the windows error.
+		// See https://msdn.microsoft.com/en-us/library/cc231199.aspx
+		if ok && noerr != 0x11 {
+			return fmt.Errorf("link error: cannot rename %s to %s: %w", src, dst, terr)
+		}
+	}
+
+	return renameByCopy(src, dst)
+}

From 8d10a0d9f3d57ed57c42b79b35222abfa81bdf5c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 7 Apr 2024 23:34:05 +0200
Subject: [PATCH 2047/2268] tests: Skip Test_Push_Pull on windows

---
 pkg/oci/client/push_pull_test.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/oci/client/push_pull_test.go b/pkg/oci/client/push_pull_test.go
index 5263588c7..5a30c7143 100644
--- a/pkg/oci/client/push_pull_test.go
+++ b/pkg/oci/client/push_pull_test.go
@@ -24,6 +24,7 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@@ -40,6 +41,10 @@ import (
 )
 
 func Test_Push_Pull(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip()
+	}
+
 	ctx := context.Background()
 	c := NewClient(DefaultOptions())
 	source := "github.com/fluxcd/flux2"

From 105c3a278506a2e1d19212934b6358b9f1454b06 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 10:58:49 +0200
Subject: [PATCH 2048/2268] chore(deps): Bump github.com/gin-contrib/sessions
 from 0.0.5 to 1.0.0 (#1031)

Bumps [github.com/gin-contrib/sessions](https://github.com/gin-contrib/sessions) from 0.0.5 to 1.0.0.
- [Release notes](https://github.com/gin-contrib/sessions/releases)
- [Changelog](https://github.com/gin-contrib/sessions/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/gin-contrib/sessions/compare/v0.0.5...v1.0.0)

---
updated-dependencies:
- dependency-name: github.com/gin-contrib/sessions
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 4c9a8d6b1..8008ddbb4 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/docker/cli v26.0.0+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
-	github.com/gin-contrib/sessions v0.0.5
+	github.com/gin-contrib/sessions v1.0.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
diff --git a/go.sum b/go.sum
index dfda540f5..497eacbaa 100644
--- a/go.sum
+++ b/go.sum
@@ -236,8 +236,8 @@ github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/Fl
 github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
 github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
-github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
-github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
+github.com/gin-contrib/sessions v1.0.0 h1:r5GLta4Oy5xo9rAwMHx8B4wLpeRGHMdz9NafzJAdP8Y=
+github.com/gin-contrib/sessions v1.0.0/go.mod h1:DN0f4bvpqMQElDdi+gNGScrP2QEI04IErRyMFyorUOI=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
@@ -476,8 +476,8 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI=
+github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=

From fb87f54820c107eeb634ac435306793e3a4431bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 10:59:03 +0200
Subject: [PATCH 2049/2268] chore(deps): Bump github.com/aws/smithy-go from
 1.20.1 to 1.20.2 (#1041)

Bumps [github.com/aws/smithy-go](https://github.com/aws/smithy-go) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.20.1...v1.20.2)

---
updated-dependencies:
- dependency-name: github.com/aws/smithy-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8008ddbb4..e423d8b14 100644
--- a/go.mod
+++ b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5
-	github.com/aws/smithy-go v1.20.1
+	github.com/aws/smithy-go v1.20.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
diff --git a/go.sum b/go.sum
index 497eacbaa..9764969a9 100644
--- a/go.sum
+++ b/go.sum
@@ -104,8 +104,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1A
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3/go.mod h1:b+qdhjnxj8GSR6t5YfphOffeoQSQ1KmpoVVuBn+PWxs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0=
-github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
-github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 8f0dded91c6dbd930c6d72eba77cb3e8c655d276 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 10:59:14 +0200
Subject: [PATCH 2050/2268] chore(deps): Bump the azure-sdk group with 1 update
 (#1045)

Bumps the azure-sdk group with 1 update: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.10.0...sdk/azcore/v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e423d8b14..52ad06705 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 require (
 	cloud.google.com/go/secretmanager v1.12.0
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/aws/aws-sdk-go-v2 v1.26.0
diff --git a/go.sum b/go.sum
index 9764969a9..f8a7781d8 100644
--- a/go.sum
+++ b/go.sum
@@ -17,8 +17,8 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 h1:n1DH8TPV4qqPTje2RcUBYwtrTWlabVp4n46+74X2pn4=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0/go.mod h1:HDcZnuGbiyppErN6lB+idp4CKhjbc8gwjto6OPpyggM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=

From fa22de562190d420003af80660253115e1aec07d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Apr 2024 11:01:00 +0200
Subject: [PATCH 2051/2268] chore(deps): Bump the aws-sdk group with 6 updates
 (#1050)

Bumps the aws-sdk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.26.0` | `1.26.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.9` | `1.27.11` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.9` | `1.17.11` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.27.3` | `1.27.4` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.28.4` | `1.28.6` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.5` | `1.28.6` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.26.0 to 1.26.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.26.0...v1.26.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.9 to 1.27.11
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.9...config/v1.27.11)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.9 to 1.17.11
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/config/v1.17.11/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.17.9...config/v1.17.11)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.27.3 to 1.27.4
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.3...config/v1.27.4)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.28.4 to 1.28.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/efs/v1.28.4...service/emr/v1.28.6)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.5 to 1.28.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/emr/v1.28.5...service/emr/v1.28.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 26 +++++++++++++-------------
 go.sum | 52 ++++++++++++++++++++++++++--------------------------
 2 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/go.mod b/go.mod
index 52ad06705..44381877c 100644
--- a/go.mod
+++ b/go.mod
@@ -55,12 +55,12 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.26.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.9
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.9
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.11
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
 	github.com/aws/smithy-go v1.20.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/dimchansky/utfbom v1.1.1
@@ -119,15 +119,15 @@ require (
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index f8a7781d8..81bce6a30 100644
--- a/go.sum
+++ b/go.sum
@@ -74,36 +74,36 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=
-github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
-github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=
-github.com/aws/aws-sdk-go-v2/config v1.27.9/go.mod h1:dK1FQfpwpql83kbD873E9vz4FyAxuJtR22wzoXn3qq0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.9/go.mod h1:446YhIdmSV0Jf/SLafGZalQo+xr2iw7/fzXGDPTU1yQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4/go.mod h1:WjpDrhWisWOIoS9n3nk67A3Ll1vfULJ9Kq6h29HTD48=
+github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
+github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
+github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3 h1:gfgt0D8MGL3gHrJPEv4rcWptA4Nz7uYn25ls8lLiANw=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.3/go.mod h1:O5Fvd41s5KfDG093xLM7FhGiH6EmhmEli5D5MQH3TWw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 h1:Qr9W21mzWT3RhfYn9iAux7CeRIdbnTAqmiOlASqQgZI=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4/go.mod h1:if7ybzzjOmDB8pat9FE35AHTY6ZxlYSy3YviSmFZv8c=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
 github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU=
 github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4 h1:5GYToReUFSGP6/zqvG3fv8qNqeetyfsSiPHduHShjAc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.4/go.mod h1:slgOMs1CQu8UVgwoFqEvCi71L4HVoZgM0r8MtcNP6Mc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.3/go.mod h1:5HFu51Elk+4oRBZVxmHrSds5jFXmFj8C3w7DVF2gnrs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3/go.mod h1:b+qdhjnxj8GSR6t5YfphOffeoQSQ1KmpoVVuBn+PWxs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6 h1:TIOEjw0i2yyhmhRry3Oeu9YtiiHWISZ6j/irS1W3gX4=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6/go.mod h1:3Ba++UwWd154xtP4FRX5pUK3Gt4up5sDHCve6kVfE+g=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 8b0631c10925dca3f764179c165cee6c74ea0443 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Apr 2024 11:03:32 +0200
Subject: [PATCH 2052/2268] chore: Join the two require blocks in go.mod

---
 go.mod | 85 ++++++++++++++++++++++++++++------------------------------
 1 file changed, 41 insertions(+), 44 deletions(-)

diff --git a/go.mod b/go.mod
index 44381877c..4e4a1be89 100644
--- a/go.mod
+++ b/go.mod
@@ -3,17 +3,45 @@ module github.com/kluctl/kluctl/v2
 go 1.22
 
 require (
+	cloud.google.com/go/secretmanager v1.12.0
+	filippo.io/age v1.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
+	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.11
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
+	github.com/aws/smithy-go v1.20.2
 	github.com/bitnami-labs/sealed-secrets v0.26.1
+	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.4
+	github.com/dimchansky/utfbom v1.1.1
+	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
+	github.com/docker/cli v26.0.0+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
+	github.com/evanphx/json-patch/v5 v5.9.0
+	github.com/getsops/sops/v3 v3.8.1
+	github.com/gin-contrib/sessions v1.0.0
+	github.com/gin-gonic/gin v1.9.1
+	github.com/go-errors/errors v1.5.1
+	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
+	github.com/go-logr/logr v1.4.1
 	github.com/go-playground/validator/v10 v10.19.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.19.1
+	github.com/google/gops v0.3.28
+	github.com/google/uuid v1.6.0
+	github.com/googleapis/gax-go/v2 v2.12.3
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/vault/api v1.12.2
 	github.com/hexops/gotextdiff v1.0.3
+	github.com/huandu/xstrings v1.4.0
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
@@ -24,75 +52,44 @@ require (
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.21.4
+	github.com/onsi/gomega v1.32.0
+	github.com/otiai10/copy v1.14.0
+	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
+	github.com/prometheus/client_golang v1.19.0
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.12.0
+	github.com/sergi/go-diff v1.3.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.9.0
+	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.21.0
 	golang.org/x/net v0.22.0
+	golang.org/x/oauth2 v0.18.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/sys v0.18.0
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0
+	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
+	google.golang.org/grpc v1.62.1
+	google.golang.org/protobuf v1.33.0
+	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.14.3
 	k8s.io/api v0.29.3
 	k8s.io/apiextensions-apiserver v0.29.3
 	k8s.io/apimachinery v0.29.3
 	k8s.io/client-go v0.29.3
 	k8s.io/klog/v2 v2.120.1
-	sigs.k8s.io/kustomize/kyaml v0.16.0
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
-)
-
-require (
-	cloud.google.com/go/secretmanager v1.12.0
-	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/aws/aws-sdk-go-v2 v1.26.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.11
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
-	github.com/aws/smithy-go v1.20.2
-	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/dimchansky/utfbom v1.1.1
-	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
-	github.com/docker/cli v26.0.0+incompatible
-	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/getsops/sops/v3 v3.8.1
-	github.com/gin-contrib/sessions v1.0.0
-	github.com/gin-gonic/gin v1.9.1
-	github.com/go-errors/errors v1.5.1
-	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
-	github.com/go-logr/logr v1.4.1
-	github.com/google/gops v0.3.28
-	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.12.3
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/huandu/xstrings v1.4.0
-	github.com/onsi/gomega v1.32.0
-	github.com/otiai10/copy v1.14.0
-	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
-	github.com/prometheus/client_golang v1.19.0
-	github.com/sergi/go-diff v1.3.1
-	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	golang.org/x/oauth2 v0.18.0
-	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
-	google.golang.org/grpc v1.62.1
-	google.golang.org/protobuf v1.33.0
-	gotest.tools v2.2.0+incompatible
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.17.2
 	sigs.k8s.io/kustomize/api v0.16.0
+	sigs.k8s.io/kustomize/kyaml v0.16.0
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 	sigs.k8s.io/yaml v1.4.0
 )
 

From 3c7dd5fdf9ce497d1eef7392eac720886be28f70 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Apr 2024 23:40:57 +0200
Subject: [PATCH 2053/2268] fix: Switch to forked go-git to include fix for
 unknown index extensions

---
 go.mod | 13 ++++++++-----
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/go.mod b/go.mod
index 4e4a1be89..87a821416 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 	github.com/prometheus/client_golang v1.19.0
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.12.0
-	github.com/sergi/go-diff v1.3.1
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
@@ -67,12 +67,12 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.21.0
-	golang.org/x/net v0.22.0
+	golang.org/x/crypto v0.22.0
+	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.18.0
 	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.18.0
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/sys v0.19.0
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0
 	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
 	google.golang.org/grpc v1.62.1
@@ -303,3 +303,6 @@ require (
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
+
+// Includes https://github.com/go-git/go-git/pull/1066
+replace github.com/go-git/go-git/v5 => github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e
diff --git a/go.sum b/go.sum
index 81bce6a30..e91dba379 100644
--- a/go.sum
+++ b/go.sum
@@ -150,6 +150,8 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e h1:Ndzse040hv7/1o+TPbLdPilHpKJzIDy9J5fbJp4rMGI=
+github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
@@ -242,8 +244,8 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
-github.com/gliderlabs/ssh v0.3.6 h1:ZzjlDa05TcFRICb3anf/dSPN3ewz1Zx6CMLPWgkm3b8=
-github.com/gliderlabs/ssh v0.3.6/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
+github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@@ -252,8 +254,6 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0 h1:XBPz8KeTUbi7DKytfs8o0ScmK26udHu5lIQuq4jsu34=
-github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0/go.mod h1:rGg8aLOxsDU5LgK8kiSJUzXaTPmwYZQYCj4+ouohMuM=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
@@ -591,8 +591,8 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
-github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -705,8 +705,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
@@ -738,8 +738,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
 golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
@@ -777,8 +777,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -786,8 +786,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From 5c2ab16f86680218fa5fa008351f25e0df336d26 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Apr 2024 11:36:51 +0200
Subject: [PATCH 2054/2268] chore: Fix goreleaser deprecations (#1052)

---
 .goreleaser.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 692de5238..0a7678ee9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -35,14 +35,14 @@ archives:
     format: tar.gz
     files:
       - none*
-    strip_parent_binary_folder: true
+    strip_binary_directory: true
   - name_template: "{{ .Binary }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     id: windows
     builds: [windows]
     format: zip
     files:
       - none*
-    strip_parent_binary_folder: true
+    strip_binary_directory: true
 source:
   enabled: true
   name_template: '{{ .ProjectName }}_v{{ .Version }}_source_code'
@@ -122,7 +122,7 @@ brews:
       owner: kluctl
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
-    folder: Formula
+    directory: Formula
     homepage: "https://kluctl.io/"
     description: "kluctl"
     install: |

From f150488bc57884be5b4a0002140e26b56f03ae77 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 09:09:41 +0200
Subject: [PATCH 2055/2268] chore(deps): Bump sigs.k8s.io/kustomize/api from
 0.16.0 to 0.17.1 (#1054)

Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.16.0 to 0.17.1.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.16.0...api/v0.17.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  7 ++++---
 go.sum | 14 ++++++++------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 87a821416..53a673334 100644
--- a/go.mod
+++ b/go.mod
@@ -87,8 +87,8 @@ require (
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.17.2
-	sigs.k8s.io/kustomize/api v0.16.0
-	sigs.k8s.io/kustomize/kyaml v0.16.0
+	sigs.k8s.io/kustomize/api v0.17.1
+	sigs.k8s.io/kustomize/kyaml v0.17.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 	sigs.k8s.io/yaml v1.4.0
 )
@@ -127,6 +127,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
 	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
 	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
@@ -288,7 +289,7 @@ require (
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index e91dba379..4150304aa 100644
--- a/go.sum
+++ b/go.sum
@@ -116,6 +116,8 @@ github.com/bitnami-labs/sealed-secrets v0.26.1 h1:2s57Rjp9dWuKb89NGz7CU7a+7iUT8E
 github.com/bitnami-labs/sealed-secrets v0.26.1/go.mod h1:K1dzHruRZ97e0s2efg4D9vyerqbY9XtXGS3Wk+Ux+LQ=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
@@ -861,8 +863,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo=
-gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
@@ -920,10 +922,10 @@ sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeG
 sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g=
-sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c=
-sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0=
-sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4=
+sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=
+sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA=
+sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c=
+sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

From 1ca81cbb75a05340fe7ca1bc7b113e424da4e225 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 09:59:13 +0200
Subject: [PATCH 2056/2268] chore(deps): Bump the golang-x group with 2 updates
 (#1053)

Bumps the golang-x group with 2 updates: [golang.org/x/oauth2](https://github.com/golang/oauth2) and [golang.org/x/sync](https://github.com/golang/sync).


Updates `golang.org/x/oauth2` from 0.18.0 to 0.19.0
- [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0)

Updates `golang.org/x/sync` from 0.6.0 to 0.7.0
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 53a673334..f6a6e74c9 100644
--- a/go.mod
+++ b/go.mod
@@ -69,8 +69,8 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.22.0
 	golang.org/x/net v0.24.0
-	golang.org/x/oauth2 v0.18.0
-	golang.org/x/sync v0.6.0
+	golang.org/x/oauth2 v0.19.0
+	golang.org/x/sync v0.7.0
 	golang.org/x/sys v0.19.0
 	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0
diff --git a/go.sum b/go.sum
index 4150304aa..dd0364979 100644
--- a/go.sum
+++ b/go.sum
@@ -743,8 +743,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
-golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
+golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -753,8 +753,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From d6e30add70fc8bbbfabf2cfb12f8990b6d9e859b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 09:59:40 +0200
Subject: [PATCH 2057/2268] chore(deps): Bump sigs.k8s.io/controller-runtime
 from 0.17.2 to 0.17.3 (#1055)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.2 to 0.17.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.2...v0.17.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f6a6e74c9..92369ddf1 100644
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
 	k8s.io/klog/v2 v2.120.1
 	nhooyr.io/websocket v1.8.10
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.17.2
+	sigs.k8s.io/controller-runtime v0.17.3
 	sigs.k8s.io/kustomize/api v0.17.1
 	sigs.k8s.io/kustomize/kyaml v0.17.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
diff --git a/go.sum b/go.sum
index dd0364979..85e247087 100644
--- a/go.sum
+++ b/go.sum
@@ -918,8 +918,8 @@ oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0=
-sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s=
+sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk=
+sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=

From 6f4fc7b571ec60294f18a773374e92c4aaba4ce2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 10:00:57 +0200
Subject: [PATCH 2058/2268] chore(deps): Bump nhooyr.io/websocket from 1.8.10
 to 1.8.11 (#1056)

Bumps [nhooyr.io/websocket](https://github.com/nhooyr/websocket) from 1.8.10 to 1.8.11.
- [Release notes](https://github.com/nhooyr/websocket/releases)
- [Commits](https://github.com/nhooyr/websocket/compare/v1.8.10...v1.8.11)

---
updated-dependencies:
- dependency-name: nhooyr.io/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 92369ddf1..47c5e2b53 100644
--- a/go.mod
+++ b/go.mod
@@ -84,7 +84,7 @@ require (
 	k8s.io/apimachinery v0.29.3
 	k8s.io/client-go v0.29.3
 	k8s.io/klog/v2 v2.120.1
-	nhooyr.io/websocket v1.8.10
+	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.17.3
 	sigs.k8s.io/kustomize/api v0.17.1
diff --git a/go.sum b/go.sum
index 85e247087..7d19cbe9f 100644
--- a/go.sum
+++ b/go.sum
@@ -910,8 +910,8 @@ k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us=
 k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-nhooyr.io/websocket v1.8.10 h1:mv4p+MnGrLDcPlBoWsvPP7XCzTYMXP9F9eIGoKbgx7Q=
-nhooyr.io/websocket v1.8.10/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
+nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
+nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
 oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=

From 8229006ae8d38c3c772982b424ba3e87806de94f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Apr 2024 10:01:33 +0200
Subject: [PATCH 2059/2268] chore(deps): Bump
 github.com/bitnami-labs/sealed-secrets (#1057)

Bumps [github.com/bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) from 0.26.1 to 0.26.2.
- [Release notes](https://github.com/bitnami-labs/sealed-secrets/releases)
- [Changelog](https://github.com/bitnami-labs/sealed-secrets/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/bitnami-labs/sealed-secrets/compare/v0.26.1...v0.26.2)

---
updated-dependencies:
- dependency-name: github.com/bitnami-labs/sealed-secrets
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 20 ++++++++++----------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 47c5e2b53..a2ad6c07d 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
 	github.com/aws/smithy-go v1.20.2
-	github.com/bitnami-labs/sealed-secrets v0.26.1
+	github.com/bitnami-labs/sealed-secrets v0.26.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dimchansky/utfbom v1.1.1
@@ -242,8 +242,8 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.0 // indirect
-	github.com/prometheus/common v0.50.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.52.2 // indirect
 	github.com/prometheus/procfs v0.13.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.6.1 // indirect
@@ -298,7 +298,7 @@ require (
 	k8s.io/apiserver v0.29.3 // indirect
 	k8s.io/cli-runtime v0.29.3 // indirect
 	k8s.io/component-base v0.29.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 // indirect
 	k8s.io/kubectl v0.29.3 // indirect
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
 	oras.land/oras-go v1.2.5 // indirect
diff --git a/go.sum b/go.sum
index 7d19cbe9f..660f475c9 100644
--- a/go.sum
+++ b/go.sum
@@ -112,8 +112,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/sealed-secrets v0.26.1 h1:2s57Rjp9dWuKb89NGz7CU7a+7iUT8ENYLhlhZPmYWqM=
-github.com/bitnami-labs/sealed-secrets v0.26.1/go.mod h1:K1dzHruRZ97e0s2efg4D9vyerqbY9XtXGS3Wk+Ux+LQ=
+github.com/bitnami-labs/sealed-secrets v0.26.2 h1:zXVYOFTkoKMoTUCJQEPr3CmPLM+cV9Ulgb7xXAbHUWA=
+github.com/bitnami-labs/sealed-secrets v0.26.2/go.mod h1:N10NsoQpofFxIaStWNLSJuY6M1VE6YCOI5OO9LT75p0=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
@@ -523,8 +523,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.21.4 h1:2iWyz/xExx0XySVIxR9kWFxIdsLNrpWLrKuAcs5aOZU=
 github.com/ohler55/ojg v1.21.4/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM=
-github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
+github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
 github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -565,12 +565,12 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
-github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ=
-github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ=
+github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck=
+github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -904,8 +904,8 @@ k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo=
 k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 h1:w6nThEmGo9zcL+xH1Tu6pjxJ3K1jXFW+V0u4peqN8ks=
+k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
 k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us=
 k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=

From cc782a1833a396f23a549531aa042ff9ea0e265a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 10:15:55 +0200
Subject: [PATCH 2060/2268] chore: Update go-git to latest master (#1058)

Master now includes the fix for unknown index extensions.
---
 go.mod | 5 +----
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index a2ad6c07d..fa74f2530 100644
--- a/go.mod
+++ b/go.mod
@@ -30,7 +30,7 @@ require (
 	github.com/gin-contrib/sessions v1.0.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-errors/errors v1.5.1
-	github.com/go-git/go-git/v5 v5.11.1-0.20240110114741-f7c30f52dca0
+	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.1
 	github.com/go-playground/validator/v10 v10.19.0
 	github.com/gobwas/glob v0.2.3
@@ -304,6 +304,3 @@ require (
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
-
-// Includes https://github.com/go-git/go-git/pull/1066
-replace github.com/go-git/go-git/v5 => github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e
diff --git a/go.sum b/go.sum
index 660f475c9..def3e3003 100644
--- a/go.sum
+++ b/go.sum
@@ -152,8 +152,6 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e h1:Ndzse040hv7/1o+TPbLdPilHpKJzIDy9J5fbJp4rMGI=
-github.com/codablock/go-git/v5 v5.0.0-20240405213533-d3aec576098e/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
@@ -256,6 +254,8 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
+github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwRqmw8b41MArUGFsGTnl24+/S40I0yrhKs=
+github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=

From c5a5127ed7cacd1b9a2e842a3ede49b768ced319 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 10:16:51 +0200
Subject: [PATCH 2061/2268] build: Preparing release v2.24.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 9d274164b..9a1f11eaa 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.5
+        tag: v2.24.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 58f5b49e0..70bdab73e 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.23.5
+        tag: v2.24.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index e0d0900c9..54e2f25ce 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.5
+        tag: v2.24.0
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.23.5
+            kluctl_version: v2.24.0
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.23.5
+        tag: v2.24.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 627bea5a9..78a75eaf8 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.23.5
+         tag: v2.24.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 3fc8d74c7..f5fa85e24 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.5
+    default: v2.24.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index f70f7fa05..c06e37260 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.23.5") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.24.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index a2eea9580..86c2ae9e2 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.23.5
+    default: v2.24.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 98d07985c..df97fdf28 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.23.5") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.24.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 1de2372f079437664eaf9463da16b328ab763dbd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 11:31:10 +0200
Subject: [PATCH 2062/2268] docs: Fix simple grammer error (#1059)

---
 docs/kluctl/deployments/annotations/all-resources.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/kluctl/deployments/annotations/all-resources.md b/docs/kluctl/deployments/annotations/all-resources.md
index 07bbbaab2..168c97b03 100644
--- a/docs/kluctl/deployments/annotations/all-resources.md
+++ b/docs/kluctl/deployments/annotations/all-resources.md
@@ -26,7 +26,7 @@ api server.
 If set to "true", the whole resource will be force-applied, meaning that all fields will be overwritten in case of
 field manager conflicts.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/force-apply-field
 Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be force-applied. Matching
@@ -34,7 +34,7 @@ fields will be overwritten in case of field manager conflicts.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/force-apply-manager
 Specifies a regex for managers that should be force-applied. Fields with matching managers will be overwritten in
@@ -42,13 +42,13 @@ case of field manager conflicts.
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/ignore-conflicts
 If set to "true", the whole all fields of the object are going to be ignored when conflicts arise.
 This effectively disables the warnings that are shown when field ownership is lost.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/ignore-conflicts-field
 Specifies a [JSON Path](https://goessner.net/articles/JsonPath/) for fields that should be ignored when conflicts arise.
@@ -56,7 +56,7 @@ This effectively disables the warnings that are shown when field ownership is lo
 
 If more than one field needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/ignore-conflicts-manager
 Specifies a regex for field managers that should be ignored when conflicts arise.
@@ -64,7 +64,7 @@ This effectively disables the warnings that are shown when field ownership is lo
 
 If more than one manager needs to be specified, add `-xxx` to the annotation key, where `xxx` is an arbitrary number.
 
-An alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
+As an alternative, conflict resolution can be controlled via [conflictResolution](../deployment-yml.md#conflictresolution).
 
 ### kluctl.io/wait-readiness
 If set to `true`, kluctl will wait for readiness of this object. Readiness is defined

From ce9511704eea952647f7de94eb4ee81fbe65aece Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 14:31:13 +0200
Subject: [PATCH 2063/2268] refactor: Rename GetPulledChart to
 GetPrePulledChart

---
 pkg/helm/chart.go        | 4 ++--
 pkg/helm/helm_release.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 819ffb62a..83b21d79f 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -373,7 +373,7 @@ func (c *Chart) PullInProject(ctx context.Context, baseDir string, version strin
 	}
 	defer lock.Close()
 
-	pc, err := c.GetPulledChart(baseDir, version)
+	pc, err := c.GetPrePulledChart(baseDir, version)
 	if err != nil {
 		return nil, err
 	}
@@ -391,7 +391,7 @@ func (c *Chart) PullInProject(ctx context.Context, baseDir string, version strin
 	return pc, nil
 }
 
-func (c *Chart) GetPulledChart(baseDir string, version string) (*PulledChart, error) {
+func (c *Chart) GetPrePulledChart(baseDir string, version string) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 805e69dfc..403241159 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -122,7 +122,7 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
 	}
 
-	pc, err := hr.Chart.GetPulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
+	pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
 	if err != nil {
 		return nil, err
 	}

From 3ddc589ace06065c12ff455dfb7771f78be0c84f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 14:15:51 +0200
Subject: [PATCH 2064/2268] fix: Error out when no .helm-charts dir was
 found/provided

---
 pkg/helm/chart.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 83b21d79f..821a39d2e 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -112,6 +112,10 @@ func (c *Chart) GetLocalChartVersion() (string, error) {
 }
 
 func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, error) {
+	if baseDir == "" {
+		return "", fmt.Errorf("can't determine pulled chart dir. No base dir for charts found")
+	}
+
 	u, err := url.Parse(c.repo)
 	if err != nil {
 		return "", err

From f8d8557159892eb847cd19aeffdf5f15fce00d25 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 14:32:26 +0200
Subject: [PATCH 2065/2268] fix: Don't try to find pre-pulled chart when
 skipPrePull is true

---
 pkg/helm/helm_release.go | 42 ++++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 403241159..caf78e001 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -122,37 +122,41 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
 	}
 
-	pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
-	if err != nil {
-		return nil, err
-	}
+	if !hr.Config.SkipPrePull {
+		pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
+		if err != nil {
+			return nil, err
+		}
 
-	needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
-	if err != nil {
-		return nil, err
-	}
-	if needsPull {
-		if !hr.Config.SkipPrePull {
-			//goland:noinspection ALL
-			return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
-				"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+		needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
+		if err != nil {
+			return nil, err
 		}
-		if versionChanged {
-			return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-				"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
+
+		if needsPull {
+			if versionChanged {
+				return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+					"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
+			} else {
+				//goland:noinspection ALL
+				return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
+					"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+			}
 		}
 
+		return pc, nil
+	} else {
 		s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
 		defer s.Failed()
 
-		pc, err = hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
+		pc, err := hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
 		if err != nil {
 			return nil, err
 		}
 		s.Success()
-	}
 
-	return pc, nil
+		return pc, nil
+	}
 }
 
 func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter *decryptor.Decryptor) error {

From ec035c301e25d6df76713e2440e88639e1bc9549 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 16:13:39 +0200
Subject: [PATCH 2066/2268] fix: Fix error message in helm-pull/helm-update
 (#1060)

It should also indicate the user that a kluctl library needs a
.kluctl-library.yaml.
---
 cmd/kluctl/commands/cmd_helm_pull.go   | 2 +-
 cmd/kluctl/commands/cmd_helm_update.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 84da5f577..b127e1e17 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -34,7 +34,7 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	}
 
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) && !yaml.Exists(filepath.Join(projectDir, ".kluctl-library.yaml")) {
-		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
+		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml or .kluctl-library.yaml file")
 	}
 
 	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 96c24dc30..62782b96c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -42,7 +42,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) && !yaml.Exists(filepath.Join(projectDir, ".kluctl-library.yaml")) {
-		return fmt.Errorf("helm-update can only be used on the root of a Kluctl project that must have a .kluctl.yaml file")
+		return fmt.Errorf("helm-update can only be used on the root of a Kluctl project that must have a .kluctl.yaml or .kluctl-library.yaml file")
 	}
 
 	gitRootPath, err := git2.DetectGitRepositoryRoot(projectDir)

From 13276545dc2b0075e19bd5f8429ad651a11509cd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 10 Apr 2024 16:43:56 +0200
Subject: [PATCH 2067/2268] build: Preparing release v2.24.1

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 6 +++---
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 9a1f11eaa..ddf7af101 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.24.0
+        tag: v2.24.1
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 70bdab73e..ddeddee7f 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.24.0
+        tag: v2.24.1
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 54e2f25ce..183f0793d 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.24.0
+        tag: v2.24.1
 ```
 
 ## Login
@@ -65,7 +65,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.24.0
+            kluctl_version: v2.24.1
 ```
 
 ### Passing arguments
@@ -78,7 +78,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.24.0
+        tag: v2.24.1
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 78a75eaf8..a69f56fe1 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.24.0
+         tag: v2.24.1
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index f5fa85e24..58ebd3fc4 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.24.0
+    default: v2.24.1
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index c06e37260..0a4aab117 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.24.0") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.24.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 86c2ae9e2..7bc44776a 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.24.0
+    default: v2.24.1
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index df97fdf28..547807d6f 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.24.0") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.24.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From e777ee1b34ed7a6f3d6d71647e4c9e45dfbfeeba Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 19 Apr 2024 17:31:46 +0200
Subject: [PATCH 2068/2268] fix: Upgrade go-jinja2 and generate files.json for
 embedded manifests (#1068)

---
 go.mod                            |  6 ++---
 go.sum                            | 12 ++++-----
 install/controller/files.json     | 45 +++++++++++++++++++++++++++++++
 internal/generate-install/main.go | 12 +++++++++
 internal/generate.go              |  3 +++
 5 files changed, 69 insertions(+), 9 deletions(-)
 create mode 100644 install/controller/files.json
 create mode 100644 internal/generate-install/main.go
 create mode 100644 internal/generate.go

diff --git a/go.mod b/go.mod
index fa74f2530..4330148c2 100644
--- a/go.mod
+++ b/go.mod
@@ -45,8 +45,8 @@ require (
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c
+	github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3
+	github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
@@ -211,7 +211,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.7 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
diff --git a/go.sum b/go.sum
index def3e3003..eddd5ac81 100644
--- a/go.sum
+++ b/go.sum
@@ -434,15 +434,15 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
-github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
 github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1 h1:iTRFxf3UDQw9vMqs128iCuCKA99u0lptLzp6ceDYfHc=
-github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-1/go.mod h1:FJ7V83X5BIqrkPpy2Lmlu2zoDpUnQfVfGpMeRbI0hQ4=
-github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c h1:RJRccOHbOwGaxy2TF8tsixgUMEiWyoXhdHGvH5Gojrg=
-github.com/kluctl/go-jinja2 v0.0.0-20240321095105-c4279600dc1c/go.mod h1:GkpC2+7HUb0iE8BFOmBii3iYWEJmdh9+qr1XhL3zXF8=
+github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3 h1:56NfVBKvtvcD39YnmD6Ihht4/84OhmJljWfCiT6mgXk=
+github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3/go.mod h1:MTNQT2OXzVfB37O67CsQ612RXInR6Jw7kXkpt3R5mdE=
+github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae h1:WrYpwr+30how7x0sxi2YNQiEG1ghVLOaEVaZQodhll4=
+github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae/go.mod h1:NzeSsm0BVgUKjIro2HMwx8vWO/ew6ccqyGDfOwX0OXE=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
diff --git a/install/controller/files.json b/install/controller/files.json
new file mode 100644
index 000000000..813f0b41d
--- /dev/null
+++ b/install/controller/files.json
@@ -0,0 +1,45 @@
+{
+  "contentHash": "7072345526051e1b24003d701ebcac1fb9361b76752c5085f41ae3d94d1d7748",
+  "files": [
+    {
+      "name": ".kluctl-library.yaml",
+      "size": 464,
+      "perm": 420
+    },
+    {
+      "name": "controller",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "controller/crd.yaml",
+      "size": 42735,
+      "perm": 420
+    },
+    {
+      "name": "controller/kustomization.yaml",
+      "size": 2278,
+      "perm": 420
+    },
+    {
+      "name": "controller/manager.yaml",
+      "size": 2303,
+      "perm": 420
+    },
+    {
+      "name": "controller/rbac.yaml",
+      "size": 3452,
+      "perm": 420
+    },
+    {
+      "name": "deployment.yaml",
+      "size": 35,
+      "perm": 420
+    },
+    {
+      "name": "embed.go",
+      "size": 74,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/internal/generate-install/main.go b/internal/generate-install/main.go
new file mode 100644
index 000000000..a969d77d9
--- /dev/null
+++ b/internal/generate-install/main.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"github.com/kluctl/go-embed-python/embed_util"
+)
+
+func main() {
+	err := embed_util.BuildAndWriteFilesList("../install/controller")
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/internal/generate.go b/internal/generate.go
new file mode 100644
index 000000000..652e2d5b4
--- /dev/null
+++ b/internal/generate.go
@@ -0,0 +1,3 @@
+package internal
+
+//go:generate go run ./generate-install

From 03eae9624b1016c92a95b196a2ee8d114c05bb0e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 24 May 2024 10:03:05 +0200
Subject: [PATCH 2069/2268] fix: Don't swallow errors when accepting websockets
 (#1073)

---
 pkg/webui/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webui/utils.go b/pkg/webui/utils.go
index 12e1c8741..33d724757 100644
--- a/pkg/webui/utils.go
+++ b/pkg/webui/utils.go
@@ -20,7 +20,7 @@ func acceptWebsocket(ctx *gin.Context) (*websocket.Conn, error) {
 
 	conn, err := websocket.Accept(ctx.Writer, ctx.Request, acceptOptions)
 	if err != nil {
-		return nil, nil
+		return nil, err
 	}
 
 	return conn, err

From 0a2602c3fff5bdc17bd2ea0f5d8d4f743dde93f3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 31 May 2024 15:37:47 +0200
Subject: [PATCH 2070/2268] docs: Add links to GitOps recipe

---
 docs/gitops/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index 70140205f..3b73f3bdb 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -17,6 +17,9 @@ The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDepl
 custom resource. This resource allows to define a Kluctl deployment that should be constantly reconciled (re-deployed)
 whenever the deployment changes.
 
+It is suggested to read through the [GitOps Recipe](https://kluctl.io/docs/recipes/gitops/) to get a basic
+understanding of how to use it.
+
 ## Motivation and Philosophy
 
 Kluctl tries its best to implement all its features via [Kluctl projects](../kluctl/kluctl-project/README.md), meaning that
@@ -35,7 +38,8 @@ documentation of [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#spec-fiel
 Kluctl GitOps deployments can be controlled via the Kluctl CLI interface, e.g. with
 `kluctl gitops deploy --namespace my-ns --name my-deployment`, which will trigger a deployment and wait for it to finish.
 
-See [commands](../kluctl/commands/README.md) for more details.
+See [commands](../kluctl/commands/README.md) and the
+[GitOps recipe](https://kluctl.io/docs/recipes/gitops/#gitops-commands) for more details.
 
 ## Kluctl Webui
 

From 70744dd5a3c805a505a9738574d40370a603687e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 31 May 2024 15:38:09 +0200
Subject: [PATCH 2071/2268] docs: Small typo fix

---
 docs/kluctl/deployments/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/kluctl/deployments/README.md b/docs/kluctl/deployments/README.md
index 579908c1b..56f7d7532 100644
--- a/docs/kluctl/deployments/README.md
+++ b/docs/kluctl/deployments/README.md
@@ -22,7 +22,7 @@ description: >
 9. [Tags](./tags.md)
 10. [Annotations](./annotations)
 
-A deployment project is collection of deployment items and sub-deployments. Deployment items are usually
+A deployment project is a collection of deployment items and sub-deployments. Deployment items are usually
 [Kustomize](./kustomize.md) deployments, but can also integrate [Helm Charts](./helm.md).
 
 ## Basic structure

From 26f901dbd1d95cfdf106480a318a37e1c813e181 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 31 May 2024 15:40:39 +0200
Subject: [PATCH 2072/2268] docs: Unify shell snippets

---
 docs/kluctl/get-started.md  | 28 ++++++++++++++--------------
 docs/kluctl/installation.md | 12 ++++++------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/docs/kluctl/get-started.md b/docs/kluctl/get-started.md
index 4a55f0464..41e90f361 100644
--- a/docs/kluctl/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -68,8 +68,8 @@ Then try to modify something inside the Kustomize deployment and retry the `kluc
 For more advanced examples, check out the Kluctl example projects.
 Clone the example project found at https://github.com/kluctl/kluctl-examples
 
-```sh
-git clone https://github.com/kluctl/kluctl-examples.git
+```shell
+$ git clone https://github.com/kluctl/kluctl-examples.git
 ```
 
 ## Choose one of the examples
@@ -77,16 +77,16 @@ git clone https://github.com/kluctl/kluctl-examples.git
 You can choose whatever example you like from the cloned repository. We will however continue this guide by referring
 to the `simple-helm` example found in that repository. Change the current directory:
 
-```sh
-cd kluctl-examples/simple-helm
+```shell
+$ cd kluctl-examples/simple-helm
 ```
 
 ## Create your local cluster
 
 Create a local cluster with [kind](https://kind.sigs.k8s.io):
 
-```sh
-kind create cluster
+```shell
+$ kind create cluster
 ```
 
 This will update your kubeconfig to contain a context with the name `kind-kind`. By default, all examples will use
@@ -96,15 +96,15 @@ the currently active context.
 
 Now run the following command to deploy the example:
 
-```sh
-kluctl deploy -t simple-helm
+```shell
+$ kluctl deploy -t simple-helm
 ```
 
 Kluctl will perform a diff first and then ask for your confirmation to deploy it. In this case, you should only see
 some objects being newly deployed.
 
-```sh
-kubectl -n simple-helm get pod
+```shell
+$ kubectl -n simple-helm get pod
 ```
 
 ## Change something and re-deploy
@@ -112,15 +112,15 @@ kubectl -n simple-helm get pod
 Now change something inside the deployment project. You could for example add `replicaCount: 2` to `deployment/nginx/helm-values.yml`.
 After you have saved your changes, run the deploy command again:
 
-```sh
-kluctl deploy -t simple-helm
+```shell
+$ kluctl deploy -t simple-helm
 ```
 
 This time it should show your modifications in the diff. Confirm that you want to perform the deployment and then verify
 it:
 
-```sh
-kubectl -n simple-helm get pod
+```shell
+$ kubectl -n simple-helm get pod
 ```
 
 You should need 2 instances of the nginx POD running now.
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index ddeddee7f..94aeba363 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -24,16 +24,16 @@ the binaries can be downloaded form GitHub
 
 With [Homebrew](https://brew.sh) for macOS and Linux:
 
-```sh
-brew install kluctl/tap/kluctl
+```shell
+$ brew install kluctl/tap/kluctl
 ```
 
 ### Installation with Bash
 
 With [Bash](https://www.gnu.org/software/bash/) for macOS and Linux:
 
-```sh
-curl -s https://kluctl.io/install.sh | bash
+```shell
+$ curl -s https://kluctl.io/install.sh | bash
 ```
 
 The install script does the following:
@@ -78,8 +78,8 @@ choco install kluctl
 <!-- TODO uncomment this when completion is implemented
 To configure your shell to load `kluctl` [bash completions](./cmd/kluctl_completion_bash.md) add to your profile:
 
-```sh
-. <(kluctl completion bash)
+```shell
+$ . <(kluctl completion bash)
 ```
 
 [`zsh`](./cmd/kluctl_completion_zsh.md), [`fish`](./cmd/kluctl_completion_fish.md),

From 211f22243925562356b11c5f7eef9be8f6cb2d59 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 31 May 2024 16:42:52 +0200
Subject: [PATCH 2073/2268] docs: Fix kluctldeployment.md yaml code blocks
 (#1083)

---
 docs/gitops/spec/v1beta1/kluctldeployment.md | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index e1ef685f5..98793e171 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -159,7 +159,7 @@ see [poke-images](../../../kluctl/commands/poke-images.md) for details on the co
 field to `poke-images`.
 
 Example:
-```
+```yaml
 apiVersion: gitops.kluctl.io/v1beta1
 kind: KluctlDeployment
 metadata:
@@ -228,7 +228,7 @@ The above example is equivalent to calling `kluctl deploy -t prod -a arg1=value1
 `spec.images` specifies a list of fixed images to be used by
 [`image.get_image(...)`](../../../kluctl/deployments/images.md#imagesget_image). Example:
 
-```
+```yaml
 apiVersion: gitops.kluctl.io/v1beta1
 kind: KluctlDeployment
 metadata:
@@ -393,6 +393,7 @@ matching.
 Example:
 
 ```yaml
+...
 spec:
   source:
     git:
@@ -403,6 +404,7 @@ spec:
         path: my-org/*
         secretRef:
           name: my-git-secrets
+...
 ```
 
 Each entry has the following fields:
@@ -494,6 +496,7 @@ matching.
 Example:
 
 ```yaml
+...
 spec:
   source:
     git:
@@ -504,6 +507,7 @@ spec:
         path: some-path/*
         secretRef:
           name: my-helm-secrets
+...
 ```
 
 Each entry has the following fields:
@@ -570,6 +574,7 @@ matching. This also includes OCI registry usages via the [Helm integration](../.
 Example:
 
 ```yaml
+...
 spec:
   source:
     git:
@@ -580,6 +585,7 @@ spec:
         repository: my-org/*
         secretRef:
           name: my-oci-secrets
+...
 ```
 
 Each entry has the following fields:
@@ -660,7 +666,7 @@ mirrors how the [Secrets Decryption configuration](https://fluxcd.io/flux/compon
 of the Flux Kustomize Controller. To configure it in the `KluctlDeployment`, simply set the `decryption` field in the
 spec:
 
-```
+```yaml
 apiVersion: gitops.kluctl.io/v1beta1
 kind: KluctlDeployment
 metadata:
@@ -731,6 +737,7 @@ When the controller completes a deployments, it reports the result in the `statu
 A successful reconciliation sets the ready condition to `true`.
 
 ```yaml
+...
 status:
   conditions:
   - lastTransitionTime: "2022-07-07T11:48:14Z"
@@ -755,6 +762,7 @@ kubectl wait kluctldeployment/backend --for=condition=ready
 A failed reconciliation sets the ready condition to `false`:
 
 ```yaml
+...
 status:
   conditions:
   - lastTransitionTime: "2022-05-04T10:18:11Z"

From 0c7675024fab1a6d69de2b823934eeb9618e10a2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 31 May 2024 16:49:33 +0200
Subject: [PATCH 2074/2268] docs: Unify more places in regard to shell snippets

---
 docs/gitops/spec/v1beta1/kluctldeployment.md | 8 ++++----
 docs/kluctl/installation.md                  | 8 ++++----
 docs/kluctl/templating/variable-sources.md   | 8 ++++----
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 98793e171..8ea4e0ac1 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -321,19 +321,19 @@ by using the [`kluctl gitops`](../../../kluctl/commands/README.md) sub-commands.
 On-demand reconciliation example:
 
 ```bash
-kluctl gitops deploy --namespace my-namespace --name my-deployment
+$ kluctl gitops deploy --namespace my-namespace --name my-deployment
 ```
 
 You can also perform manual requests while temporarily overriding deployment configurations, e.g.:
 
 ```bash
-kluctl gitops deploy --namespace my-namespace --name my-deployment --force-apply
+$ kluctl gitops deploy --namespace my-namespace --name my-deployment --force-apply
 ```
 
 Local source overrides are also possible, allowing you to test changes before pushing them:
 
 ```bash
-kluctl gitops diff --namespace my-namespace --name my-deployment --local-git-override=github.com/exaple-org/example-project=/local/path/to/modified/repo
+$ kluctl gitops diff --namespace my-namespace --name my-deployment --local-git-override=github.com/exaple-org/example-project=/local/path/to/modified/repo
 ```
 
 When `--namespace` and `--name` are omitted, the CLI will try to auto-detect the deployment on the current cluster
@@ -756,7 +756,7 @@ status:
 You can wait for the controller to complete a reconciliation with:
 
 ```bash
-kubectl wait kluctldeployment/backend --for=condition=ready
+$ kubectl wait kluctldeployment/backend --for=condition=ready
 ```
 
 A failed reconciliation sets the ready condition to `false`:
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 94aeba363..201f5804e 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -47,20 +47,20 @@ The install script does the following:
 Clone the repository:
 
 ```bash
-git clone https://github.com/kluctl/kluctl
-cd kluctl
+$ git clone https://github.com/kluctl/kluctl
+$ cd kluctl
 ```
 
 Build the `kluctl` binary (requires go >= 1.19):
 
 ```bash
-make build
+$ make build
 ```
 
 Run the binary:
 
 ```bash
-./bin/kluctl -h
+$ ./bin/kluctl -h
 ```
 
 
diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 2f3b0d4b1..090f1e465 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -511,10 +511,10 @@ vars:
 SDK [azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) supports `az login`
 or Environment Variables
 ```bash
-  export AZURE_CLIENT_ID="__CLIENT_ID__"
-  export AZURE_CLIENT_SECRET="__CLIENT_SECRET__"
-  export AZURE_TENANT_ID="__TENANT_ID__"
-  export AZURE_SUBSCRIPTION_ID="__SUBSCRIPTION_ID__"
+$ export AZURE_CLIENT_ID="__CLIENT_ID__"
+$ export AZURE_CLIENT_SECRET="__CLIENT_SECRET__"
+$ export AZURE_TENANT_ID="__TENANT_ID__"
+$ export AZURE_SUBSCRIPTION_ID="__SUBSCRIPTION_ID__"
 ```
 
 ### vault

From eaa664dd03bc8a392d65e716ce51be233e628947 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sun, 9 Jun 2024 19:55:40 +0200
Subject: [PATCH 2075/2268] Create FUNDING.yml (#1088)

---
 .github/FUNDING.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .github/FUNDING.yml

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 000000000..15944daa0
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: kluctl

From bbddddcb20269b32f7c1b76a40afb46c790288d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Jun 2024 09:48:09 +0200
Subject: [PATCH 2076/2268] chore: Update wolfi image to latest one

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 196677e84..9318712c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
-# use `docker buildx imagetools inspect  cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
-ARG WOLFI_DIGEST=sha256:5bab300be31cd472c6f45ba7c059415b0bdeb0a49b32ecc12060394d642fd192
+# use `docker buildx imagetools inspect cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
+ARG WOLFI_DIGEST=sha256:3eff851ab805966c768d2a8107545a96218426cee1e5cc805865505edbe6ce92
 FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 
 # See https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope

From bfe0a472cc2207ab004ccafc2ff1d18c7cbb3ad4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 11 Jun 2024 09:48:32 +0200
Subject: [PATCH 2077/2268] fix: Add gpg and gpg-agent to docker image

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9318712c5..4e8728821 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,8 @@ FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
 ARG TARGETPLATFORM
 
 # We need git for kustomize to support overlays from git
-RUN apk update && apk add git tzdata
+# gpg is needed for SOPS
+RUN apk update && apk add git tzdata gpg gpg-agent
 
 # Ensure helm is not trying to access /
 ENV HELM_CACHE_HOME=/tmp/helm-cache

From b386c557fcd0d0194bb459be294352d74cf7bc1e Mon Sep 17 00:00:00 2001
From: rzsita <46534804+rzsita@users.noreply.github.com>
Date: Tue, 11 Jun 2024 23:28:39 +0100
Subject: [PATCH 2078/2268] docs: adjust OCI based repo example (#1092)

chartName can not be specified when repo is a OCI url
---
 docs/kluctl/deployments/helm.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/kluctl/deployments/helm.md b/docs/kluctl/deployments/helm.md
index 067b51ff6..1057bb42a 100644
--- a/docs/kluctl/deployments/helm.md
+++ b/docs/kluctl/deployments/helm.md
@@ -94,7 +94,6 @@ OCI based repositories are also supported, for example:
 ```yaml
 helmChart:
   repo: oci://r.myreg.io/mycharts/pepper
-  chartName: pepper
   chartVersion: 1.2.3
   releaseName: pepper
   namespace: pepper

From 8851f7ce9c0b98675471e27e2685844362e564d6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 10:00:22 +0200
Subject: [PATCH 2079/2268] docs: Fix a few relative links so that they are
 properly interpreted by sync-docs

---
 docs/gitops/README.md                 | 14 +++++++-------
 docs/gitops/metrics/v1beta1/README.md |  2 +-
 docs/gitops/spec/v1beta1/README.md    | 12 ++++++------
 docs/kluctl/get-started.md            |  2 +-
 docs/webui/README.md                  |  2 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/docs/gitops/README.md b/docs/gitops/README.md
index 3b73f3bdb..a3aa71116 100644
--- a/docs/gitops/README.md
+++ b/docs/gitops/README.md
@@ -13,7 +13,7 @@ weight: 20
 GitOps in Kluctl is implemented through the Kluctl Controller, which must be [installed](./installation.md)
 to your target cluster.
 
-The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#kluctldeployment)
+The Kluctl Controller is a Kubernetes operator which implements the [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#kluctldeployment)
 custom resource. This resource allows to define a Kluctl deployment that should be constantly reconciled (re-deployed)
 whenever the deployment changes.
 
@@ -31,7 +31,7 @@ functionality and options as offered by the CLI, but through a custom resource i
 
 As an example, arguments passed via `-a arg=value` can be passed to the custom resource via the `spec.args` field.
 The same applies to options like `--dry-run`, which equals to `spec.dryRun: true` in the custom resource. Check the
-documentation of [`KluctlDeployment`](spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
+documentation of [`KluctlDeployment`](./spec/v1beta1/kluctldeployment.md#spec-fields) for more such options.
 
 ## GitOps Commands
 
@@ -60,20 +60,20 @@ The reconciliation process consists of multiple steps which are constantly repea
 - **validate** the deployment status via [kluctl validate](../kluctl/commands/validate.md)
 - **drift-detection** is performed to allow the [Kluctl Webui](../webui/README.md) to show drift.
 
-Reconciliation is performed on a configurable [interval](spec/v1beta1/kluctldeployment.md#interval). A single
+Reconciliation is performed on a configurable [interval](./spec/v1beta1/kluctldeployment.md#interval). A single
 reconciliation iteration will first clone and prepare the project. Only when the rendered resources indicate a change
 (by using a hash internally), the controller will initiate a deployment. After the deployment, the controller will
-also perform pruning (only if [prune: true](spec/v1beta1/kluctldeployment.md#prune) is set).
+also perform pruning (only if [prune: true](./spec/v1beta1/kluctldeployment.md#prune) is set).
 
 When the `KluctlDeployment` is removed from the cluster, the controller cal also delete all resources belonging to
-that deployment. This will only happen if [delete: true](spec/v1beta1/kluctldeployment.md#delete) is set.
+that deployment. This will only happen if [delete: true](./spec/v1beta1/kluctldeployment.md#delete) is set.
 
 Deletion and pruning is based on the [discriminator](../kluctl/kluctl-project/README.md#discriminator) of the given target.
 
-A `KluctlDeployment` can be [suspended](spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
+A `KluctlDeployment` can be [suspended](./spec/v1beta1/kluctldeployment.md#suspend). While suspended, the controller
 will skip reconciliation, including deletion and pruning.
 
-The API design of the controller can be found at [kluctldeployment.gitops.kluctl.io/v1beta1](spec/v1beta1/README.md).
+The API design of the controller can be found at [kluctldeployment.gitops.kluctl.io/v1beta1](./spec/v1beta1/README.md).
 
 ## Example
 
diff --git a/docs/gitops/metrics/v1beta1/README.md b/docs/gitops/metrics/v1beta1/README.md
index d13eb0dc2..a9d0a3e03 100644
--- a/docs/gitops/metrics/v1beta1/README.md
+++ b/docs/gitops/metrics/v1beta1/README.md
@@ -16,4 +16,4 @@ controller is based on [controller-runtime](https://github.com/kubernetes-sigs/c
 the [default metrics](https://book.kubebuilder.io/reference/metrics-reference.html) as well as the
 following controller-specific custom metrics are exported:
 
-- [kluctldeployment_controller](kluctldeployment_controller.md)
+- [kluctldeployment_controller](./kluctldeployment_controller.md)
diff --git a/docs/gitops/spec/v1beta1/README.md b/docs/gitops/spec/v1beta1/README.md
index b945ad685..2a48a5a86 100644
--- a/docs/gitops/spec/v1beta1/README.md
+++ b/docs/gitops/spec/v1beta1/README.md
@@ -15,10 +15,10 @@ of Kluctl Deployments.
 
 ## Specification
 
-- [KluctlDeployment CRD](kluctldeployment.md)
-    + [Spec fields](kluctldeployment.md#spec-fields)
-    + [Reconciliation](kluctldeployment.md#reconciliation)
-    + [Kubeconfigs and RBAC](kluctldeployment.md#kubeconfigs-and-rbac)
+- [KluctlDeployment CRD](./kluctldeployment.md)
+    + [Spec fields](./kluctldeployment.md#spec-fields)
+    + [Reconciliation](./kluctldeployment.md#reconciliation)
+    + [Kubeconfigs and RBAC](./kluctldeployment.md#kubeconfigs-and-rbac)
     + [Credentilas](kluctldeployment.md#credentials)
-    + [Secrets Decryption](kluctldeployment.md#secrets-decryption)
-    + [Status](kluctldeployment.md#status)
+    + [Secrets Decryption](./kluctldeployment.md#secrets-decryption)
+    + [Status](./kluctldeployment.md#status)
diff --git a/docs/kluctl/get-started.md b/docs/kluctl/get-started.md
index 41e90f361..3c381e32e 100644
--- a/docs/kluctl/get-started.md
+++ b/docs/kluctl/get-started.md
@@ -47,7 +47,7 @@ for a given cluster.
 
 ## Install Kluctl
 
-The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](installation.md)
+The `kluctl` command-line interface (CLI) is required to perform deployments. Read the [installation instructions](./installation.md)
 to figure out how to install it.
 
 ## Use Kluctl with a plain Kustomize deployment
diff --git a/docs/webui/README.md b/docs/webui/README.md
index bc2c491c3..c66b671da 100644
--- a/docs/webui/README.md
+++ b/docs/webui/README.md
@@ -12,7 +12,7 @@ weight: 30
 
 The Kluctl Webui is a powerful UI which allows you to monitor and control your Kluctl GitOps deployments.
 
-You can [run it locally](./running-locally.md) or [install](installation.md) it to your Kubernetes cluster.
+You can [run it locally](./running-locally.md) or [install](./installation.md) it to your Kubernetes cluster.
 
 ## State of the Webui
 

From 77057f0aa3c69c637103cb7eb158a624c8805fe9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 10:00:46 +0200
Subject: [PATCH 2080/2268] docs: Update links to getsops/sops

---
 docs/kluctl/deployments/sops.md            | 2 +-
 docs/kluctl/templating/variable-sources.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/kluctl/deployments/sops.md b/docs/kluctl/deployments/sops.md
index 1b29dcf0e..52398060e 100644
--- a/docs/kluctl/deployments/sops.md
+++ b/docs/kluctl/deployments/sops.md
@@ -11,7 +11,7 @@ description: >
 
 # SOPS Integration
 
-Kluctl integrates natively with [SOPS](https://github.com/mozilla/sops). Kluctl is able to decrypt all resources
+Kluctl integrates natively with [SOPS](https://github.com/getsops/sops). Kluctl is able to decrypt all resources
 referenced by [Kustomize](./kustomize.md) deployment items (including [simple deployments](./deployment-yml.md#simple-deployments)).
 In addition, Kluctl will also decrypt all variable sources of the types [file](../templating/variable-sources.md#file)
 and [git](../templating/variable-sources.md#git).
diff --git a/docs/kluctl/templating/variable-sources.md b/docs/kluctl/templating/variable-sources.md
index 090f1e465..7a77645fb 100644
--- a/docs/kluctl/templating/variable-sources.md
+++ b/docs/kluctl/templating/variable-sources.md
@@ -95,7 +95,7 @@ vars:
 
 After which all included deployments and sub-deployments can use the jinja2 variables from `vars1.yaml`.
 
-Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
+Kluctl also supports variable files encrypted with [SOPS](https://github.com/getsops/sops). See the
 [sops integration](../deployments/sops.md) integration for more details.
 
 ### values
@@ -156,7 +156,7 @@ vars:
 
 The ref field has the same format at found in [Git includes](../deployments/deployment-yml.md#git-includes)
 
-Kluctl also supports variable files encrypted with [SOPS](https://github.com/mozilla/sops). See the
+Kluctl also supports variable files encrypted with [SOPS](https://github.com/getsops/sops). See the
 [sops integration](../deployments/sops.md) integration for more details.
 
 ### gitFiles

From 91e2e1251e105a49d2d91a55284480427685e9b7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 10:04:47 +0200
Subject: [PATCH 2081/2268] docs: Use link to kluctl.io for webui introduction
 blog post

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c385a6894..70a4824c7 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Controller, which then allows you to use `KluctlDeployment` custom resources to
 Kluctl also offers a [Webui](https://kluctl.io/docs/webui/) that allows you to visualise and control your Kluctl
 deployments. It works for deployments performed by the CLI and for deployments performed via GitOps.
 
-[Here](https://medium.com/kluctl/introducing-the-kluctl-webui-bcd3ea4b264d) is an introduction to the Webui together
+[Here](https://kluctl.io/blog/2023/09/12/introducing-the-kluctl-webui/) is an introduction to the Webui together
 with a tutorial.
 
 ## Where do I start?

From 4203de2ae0622c5ad16889b8ac57e657acd477f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:17:27 +0200
Subject: [PATCH 2082/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.21.4 to 1.22.0 (#1071)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.21.4 to 1.22.0.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.21.4...v1.22.0)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4330148c2..68b3dcc54 100644
--- a/go.mod
+++ b/go.mod
@@ -51,7 +51,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/ohler55/ojg v1.21.4
+	github.com/ohler55/ojg v1.22.0
 	github.com/onsi/gomega v1.32.0
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
diff --git a/go.sum b/go.sum
index eddd5ac81..42c16b5ee 100644
--- a/go.sum
+++ b/go.sum
@@ -521,8 +521,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.21.4 h1:2iWyz/xExx0XySVIxR9kWFxIdsLNrpWLrKuAcs5aOZU=
-github.com/ohler55/ojg v1.21.4/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
+github.com/ohler55/ojg v1.22.0 h1:McZObj3cD/Zz/ojzk5Pi5VvgQcagxmT1bVKNzhE5ihI=
+github.com/ohler55/ojg v1.22.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=

From f36342cba8ac9ed9d4f0ff5c9113046b40554630 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:17:40 +0200
Subject: [PATCH 2083/2268] chore(deps): Bump google.golang.org/grpc from
 1.62.1 to 1.64.0 (#1075)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.1 to 1.64.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.1...v1.64.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 68b3dcc54..149a7eb2f 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0
 	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
-	google.golang.org/grpc v1.62.1
+	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.33.0
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.14.3
diff --git a/go.sum b/go.sum
index 42c16b5ee..92e5ddddf 100644
--- a/go.sum
+++ b/go.sum
@@ -843,8 +843,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
-google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
+google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 8c71753b8550f71fb07a52be1e7a68c2d03253fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:17:56 +0200
Subject: [PATCH 2084/2268] chore(deps): Bump github.com/docker/cli (#1085)

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 26.0.0+incompatible to 26.1.4+incompatible.
- [Commits](https://github.com/docker/cli/compare/v26.0.0...v26.1.4)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 149a7eb2f..483beeaac 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
-	github.com/docker/cli v26.0.0+incompatible
+	github.com/docker/cli v26.1.4+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
diff --git a/go.sum b/go.sum
index 92e5ddddf..5606ad876 100644
--- a/go.sum
+++ b/go.sum
@@ -187,8 +187,8 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
-github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I=
-github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
+github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v26.0.0+incompatible h1:Ng2qi+gdKADUa/VM+6b6YaY2nlZhk/lVJiKR/2bMudU=

From 89ca9223e841abb4de58a6f37190e1a0805fe821 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 10:19:47 +0200
Subject: [PATCH 2085/2268] chore(deps): Bump docker/build-push-action from 5
 to 6 (#1098)

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/preview-run.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index e357eaa5d..3ef59882d 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -108,7 +108,7 @@ jobs:
           make build-webui
           make build-bin
       - name: Build and push Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: false

From b344ee5e1f38340f6a29992957eb89289e1ac3a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 11:17:42 +0200
Subject: [PATCH 2086/2268] chore(deps): Bump the golang-x group with 5 updates
 (#1086)

Bumps the golang-x group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.22.0` | `0.24.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.24.0` | `0.25.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.19.0` | `0.21.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.19.0` | `0.21.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.14.0` | `0.16.0` |


Updates `golang.org/x/crypto` from 0.22.0 to 0.24.0
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.24.0)

Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0)

Updates `golang.org/x/oauth2` from 0.19.0 to 0.21.0
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.21.0)

Updates `golang.org/x/sys` from 0.19.0 to 0.21.0
- [Commits](https://github.com/golang/sys/compare/v0.19.0...v0.21.0)

Updates `golang.org/x/text` from 0.14.0 to 0.16.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 19 +++++++++----------
 go.sum | 37 ++++++++++++++++++-------------------
 2 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 483beeaac..f9f9bf21c 100644
--- a/go.mod
+++ b/go.mod
@@ -67,13 +67,13 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.22.0
-	golang.org/x/net v0.24.0
-	golang.org/x/oauth2 v0.19.0
+	golang.org/x/crypto v0.24.0
+	golang.org/x/net v0.25.0
+	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sync v0.7.0
-	golang.org/x/sys v0.19.0
-	golang.org/x/term v0.19.0 // indirect
-	golang.org/x/text v0.14.0
+	golang.org/x/sys v0.21.0
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0
 	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
 	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.33.0
@@ -94,8 +94,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.25.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/iam v1.1.7 // indirect
 	cloud.google.com/go/kms v1.15.8 // indirect
 	dario.cat/mergo v1.0.0 // indirect
@@ -281,9 +280,9 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/arch v0.7.0 // indirect
 	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
-	golang.org/x/mod v0.16.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.19.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.170.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
diff --git a/go.sum b/go.sum
index 5606ad876..4d6d636e3 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
 cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
-cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU=
-cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM=
 cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA=
 cloud.google.com/go/kms v1.15.8 h1:szIeDCowID8th2i8XE4uRev5PMxQFqW+JjwYxL9h6xs=
@@ -707,8 +705,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
-golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
@@ -719,8 +717,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -740,11 +738,11 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -779,8 +777,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -788,8 +786,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q=
-golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -800,8 +798,9 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -814,8 +813,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From d8f09c20ebab00156e730690becf5a6fc7279999 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 11:18:00 +0200
Subject: [PATCH 2087/2268] chore(deps): Bump goreleaser/goreleaser-action from
 5 to 6 (#1090)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 5 to 6.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/nightly.yml | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 5dea80811..8960b5973 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -58,7 +58,7 @@ jobs:
         run: |
           cat .goreleaser.yaml | sed 's/draft: true/draft: false/g' > .goreleaser.yaml.tmp && mv .goreleaser.yaml.tmp .goreleaser.yaml
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser-pro
           version: latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e9fd145a7..18cf1e392 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-goreleaser-release-
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser-pro
           version: latest

From d40291dc7a11b1cfde744c223e5c740a5eb8ce10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 09:53:23 +0200
Subject: [PATCH 2088/2268] chore: Upgrade go-embed-jinja2 and go-embed-python

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index f9f9bf21c..5c114dacd 100644
--- a/go.mod
+++ b/go.mod
@@ -45,8 +45,8 @@ require (
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3
-	github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae
+	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
+	github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
@@ -210,7 +210,7 @@ require (
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
diff --git a/go.sum b/go.sum
index 4d6d636e3..a095b55ad 100644
--- a/go.sum
+++ b/go.sum
@@ -432,15 +432,15 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
-github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
 github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3 h1:56NfVBKvtvcD39YnmD6Ihht4/84OhmJljWfCiT6mgXk=
-github.com/kluctl/go-embed-python v0.0.0-3.11.8-20240224-3/go.mod h1:MTNQT2OXzVfB37O67CsQ612RXInR6Jw7kXkpt3R5mdE=
-github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae h1:WrYpwr+30how7x0sxi2YNQiEG1ghVLOaEVaZQodhll4=
-github.com/kluctl/go-jinja2 v0.0.0-20240419150031-a3bb154908ae/go.mod h1:NzeSsm0BVgUKjIro2HMwx8vWO/ew6ccqyGDfOwX0OXE=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a h1:/OYi0jd/q73VptK8bkz80PFzUQ9JTWm2X6nd1sjpyLo=
+github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From 97d8c2931c0f4010a03b297888712cdcff352b9e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 09:07:37 +0200
Subject: [PATCH 2089/2268] refactor: Pass global flags via context

---
 cmd/kluctl/commands/root.go | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 73f9db7a5..1d3fd0ceb 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -262,7 +262,10 @@ func Main() {
 
 	didSetupStatusHandler := false
 
-	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context, cmd *cobra.Command, flags *GlobalFlags) (context.Context, error) {
+	err := Execute(ctx, os.Args[1:], func(ctxIn context.Context) (context.Context, error) {
+		cmd := getCobraCommand(ctxIn)
+		flags := getCobraGlobalFlags(ctxIn)
+
 		err := setupGops(flags)
 		if err != nil {
 			return ctx, err
@@ -312,6 +315,7 @@ func Main() {
 }
 
 type cobraCmdContextKey struct{}
+type cobraGlobalFlagsKey struct{}
 
 func getCobraCommand(ctx context.Context) *cobra.Command {
 	v := ctx.Value(cobraCmdContextKey{})
@@ -321,7 +325,15 @@ func getCobraCommand(ctx context.Context) *cobra.Command {
 	return nil
 }
 
-func Execute(ctx context.Context, args []string, preRun func(ctx context.Context, rootCmd *cobra.Command, flags *GlobalFlags) (context.Context, error)) error {
+func getCobraGlobalFlags(ctx context.Context) *GlobalFlags {
+	v := ctx.Value(cobraGlobalFlagsKey{})
+	if x, ok := v.(*GlobalFlags); ok {
+		return x
+	}
+	panic("missing global flags")
+}
+
+func Execute(ctx context.Context, args []string, preRun func(ctx context.Context) (context.Context, error)) error {
 	root := cli{}
 	rootCmd, err := buildRootCobraCmd(&root, "kluctl",
 		"Deploy and manage complex deployments on Kubernetes",
@@ -350,8 +362,13 @@ composed of multiple smaller parts (Helm/Kustomize/...) in a manageable and unif
 			return err
 		}
 
+		ctx = context.WithValue(ctx, cobraGlobalFlagsKey{}, &root.GlobalFlags)
+		for c := cmd; c != nil; c = c.Parent() {
+			c.SetContext(ctx)
+		}
+
 		if preRun != nil {
-			ctx, err = preRun(ctx, cmd, &root.GlobalFlags)
+			ctx, err = preRun(ctx)
 			if ctx != nil {
 				for c := cmd; c != nil; c = c.Parent() {
 					c.SetContext(ctx)

From a5f1780e417eea6eb28883ce4374eae004ea8880 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 09:52:11 +0200
Subject: [PATCH 2090/2268] tests: Allow to override tmp base and cache dir per
 test

---
 e2e/test_project/kluctl_execute.go |  8 +++++--
 e2e/test_project/project.go        | 36 +++++++++++++++++++++++++++---
 pkg/utils/tmpdir.go                | 19 ++++++++++++++++
 3 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 68ca1a17a..8e61af5f1 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -32,8 +32,12 @@ func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), a
 		stderrBuf.WriteString(line + "\n")
 	})
 
-	ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
-	ctx = utils.WithCacheDir(ctx, t.TempDir())
+	if utils.GetTmpBaseDirNoDefault(ctx) == "" {
+		ctx = utils.WithTmpBaseDir(ctx, t.TempDir())
+	}
+	if utils.GetCacheDirNoDefault(ctx) == "" {
+		ctx = utils.WithCacheDir(ctx, t.TempDir())
+	}
 	ctx = commands.WithStdStreams(ctx, stdout, stderr)
 	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
 		_, _ = stderr.Write([]byte(message + "\n"))
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 602a8d990..b1bbbe008 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -26,6 +26,9 @@ import (
 type TestProject struct {
 	initialName string
 
+	tmpBaseDir string
+	cacheDir   string
+
 	extraEnv          utils.OrderedMap[string, string]
 	extraArgs         []string
 	useProcess        bool
@@ -39,6 +42,18 @@ type TestProject struct {
 
 type TestProjectOption func(p *TestProject)
 
+func WithTmpBaseDir(baseDir string) TestProjectOption {
+	return func(p *TestProject) {
+		p.tmpBaseDir = baseDir
+	}
+}
+
+func WithCacheDir(dir string) TestProjectOption {
+	return func(p *TestProject) {
+		p.cacheDir = dir
+	}
+}
+
 func WithUseProcess(useProcess bool) TestProjectOption {
 	return func(p *TestProject) {
 		p.useProcess = useProcess
@@ -85,6 +100,13 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 		o(p)
 	}
 
+	if p.tmpBaseDir == "" {
+		p.tmpBaseDir = t.TempDir()
+	}
+	if p.cacheDir == "" {
+		p.cacheDir = t.TempDir()
+	}
+
 	if p.gitServer == nil {
 		p.gitServer = git2.NewTestGitServer(t)
 	}
@@ -508,8 +530,8 @@ func (p *TestProject) KluctlProcess(t *testing.T, argsIn ...string) (string, str
 
 	// this will cause the init() function from call_kluctl_hack.go to invoke the kluctl root command and then exit
 	env = append(env, "CALL_KLUCTL=true")
-	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", t.TempDir()))
-	env = append(env, fmt.Sprintf("KLUCTL_CACHE_DIR=%s", t.TempDir()))
+	env = append(env, fmt.Sprintf("KLUCTL_BASE_TMP_DIR=%s", p.tmpBaseDir))
+	env = append(env, fmt.Sprintf("KLUCTL_CACHE_DIR=%s", p.cacheDir))
 
 	t.Logf("Runnning kluctl: %s", strings.Join(args, " "))
 
@@ -547,7 +569,15 @@ func (p *TestProject) KluctlExecute(t *testing.T, argsIn ...string) (string, str
 	}
 	args = append(args, argsIn...)
 
-	return KluctlExecute(t, context.Background(), t.Log, args...)
+	ctx := context.Background()
+	if p.tmpBaseDir != "" {
+		ctx = utils.WithTmpBaseDir(ctx, p.tmpBaseDir)
+	}
+	if p.cacheDir != "" {
+		ctx = utils.WithCacheDir(ctx, p.cacheDir)
+	}
+
+	return KluctlExecute(t, ctx, t.Log, args...)
 }
 
 func (p *TestProject) Kluctl(t *testing.T, argsIn ...string) (string, string, error) {
diff --git a/pkg/utils/tmpdir.go b/pkg/utils/tmpdir.go
index 57aadb877..9fb44649f 100644
--- a/pkg/utils/tmpdir.go
+++ b/pkg/utils/tmpdir.go
@@ -35,6 +35,15 @@ func WithCacheDir(ctx context.Context, cacheDir string) context.Context {
 	})
 }
 
+func GetTmpBaseDirNoDefault(ctx context.Context) string {
+	v := ctx.Value(tmpBaseDirKey{})
+	if v == nil {
+		return ""
+	}
+	v2 := v.(*dirValue)
+	return v2.dir
+}
+
 func GetTmpBaseDir(ctx context.Context) string {
 	v := ctx.Value(tmpBaseDirKey{})
 	if v == nil {
@@ -47,6 +56,16 @@ func GetTmpBaseDir(ctx context.Context) string {
 	return v2.dir
 }
 
+func GetCacheDirNoDefault(ctx context.Context) string {
+	v := ctx.Value(cacheDirKey{})
+	if v == nil {
+		return ""
+	} else {
+		v2 := v.(*dirValue)
+		return v2.dir
+	}
+}
+
 func GetCacheDir(ctx context.Context) string {
 	v := ctx.Value(cacheDirKey{})
 	var dir string

From e0eb1032d045b15a75afd5369f08ec83c352c58d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 09:53:02 +0200
Subject: [PATCH 2091/2268] feat: Allow to use system python via
 --use-system-python flag

---
 cmd/kluctl/commands/cmd_controller_run.go     |  3 +
 cmd/kluctl/commands/root.go                   |  2 +
 cmd/kluctl/commands/utils.go                  |  4 +-
 e2e/embedded_python_test.go                   | 67 +++++++++++++++++++
 pkg/controllers/kluctl_project.go             |  2 +-
 .../kluctldeployment_controller.go            |  1 +
 pkg/kluctl_jinja2/jinja2.go                   | 11 ++-
 pkg/vars/vars_test.go                         |  2 +-
 8 files changed, 87 insertions(+), 5 deletions(-)
 create mode 100644 e2e/embedded_python_test.go

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index c1f71372f..533934060 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -77,6 +77,8 @@ func (cmd *controllerRunCmd) initScheme() {
 func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	cmd.initScheme()
 
+	globalFlags := getCobraGlobalFlags(ctx)
+
 	metricsRecorder := metrics.NewRecorder()
 	if cmd.MetricsBindAddress != "0" {
 		metricsRecorder = metrics.NewRecorder()
@@ -176,6 +178,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		ControllerNamespace:   cmd.ControllerNamespace,
 		DefaultServiceAccount: cmd.DefaultServiceAccount,
 		DryRun:                cmd.DryRun,
+		UseSystemPython:       globalFlags.UseSystemPython,
 		RestConfig:            restConfig,
 		ApiReader:             mgr.GetAPIReader(),
 		Client:                mgr.GetClient(),
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 1d3fd0ceb..d1846eb55 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -55,6 +55,8 @@ type GlobalFlags struct {
 	CpuProfile    string `group:"global" help:"Enable CPU profiling and write the result to the given path"`
 	GopsAgent     bool   `group:"global" help:"Start gops agent in the background"`
 	GopsAgentAddr string `group:"global" help:"Specify the address:port to use for the gops agent" default:"127.0.0.1:0"`
+
+	UseSystemPython bool `group:"global" help:"Use the system Python instead of the embedded Python."`
 }
 
 type cli struct {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3b68f9377..12534ea9b 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -31,7 +31,9 @@ import (
 )
 
 func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.KubeconfigFlags, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
-	j2, err := kluctl_jinja2.NewKluctlJinja2(ctx, strictTemplates)
+	globalFlags := getCobraGlobalFlags(ctx)
+
+	j2, err := kluctl_jinja2.NewKluctlJinja2(ctx, strictTemplates, globalFlags.UseSystemPython)
 	if err != nil {
 		return err
 	}
diff --git a/e2e/embedded_python_test.go b/e2e/embedded_python_test.go
new file mode 100644
index 000000000..a0cedf7ce
--- /dev/null
+++ b/e2e/embedded_python_test.go
@@ -0,0 +1,67 @@
+package e2e
+
+import (
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestEmbeddedPython(t *testing.T) {
+	cacheDir := t.TempDir()
+
+	p := test_project.NewTestProject(t, test_project.WithCacheDir(cacheDir))
+	p.SetEnv("KLUCTL_TEST_JINJA2_CACHE", "1")
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"k": `{{ "magic" }}{{ 40 + 2 }}`,
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	stdout, _ := p.KluctlProcessMust(t, "render", "--print-all")
+	assert.Contains(t, stdout, "magic42")
+
+	des, err := os.ReadDir(filepath.Join(cacheDir, "go-embed-jinja2"))
+	assert.NoError(t, err)
+
+	found := false
+	for _, de := range des {
+		if strings.HasPrefix(de.Name(), "kluctl-python-") {
+			found = true
+		}
+	}
+	assert.Truef(t, found, "extracted python distribution not found")
+}
+
+func TestSystemPython(t *testing.T) {
+	cacheDir := t.TempDir()
+
+	p := test_project.NewTestProject(t, test_project.WithCacheDir(cacheDir))
+	p.SetEnv("KLUCTL_TEST_JINJA2_CACHE", "1")
+	p.SetEnv("KLUCTL_USE_SYSTEM_PYTHON", "1")
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"k": `{{ "magic" }}{{ 40 + 2 }}`,
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	stdout, _ := p.KluctlProcessMust(t, "render", "--print-all")
+	assert.Contains(t, stdout, "magic42")
+
+	des, err := os.ReadDir(filepath.Join(cacheDir, "go-embed-jinja2"))
+	assert.NoError(t, err)
+
+	found := false
+	for _, de := range des {
+		if strings.HasPrefix(de.Name(), "kluctl-python-") {
+			found = true
+		}
+	}
+	assert.Falsef(t, found, "extracted python distribution found even though we should have used the system distribution")
+}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index d60cf10c4..b837651b7 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -91,7 +91,7 @@ func prepareProject(ctx context.Context,
 	}()
 
 	var err error
-	pp.j2, err = kluctl_jinja2.NewKluctlJinja2(ctx, true)
+	pp.j2, err = kluctl_jinja2.NewKluctlJinja2(ctx, true, r.UseSystemPython)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 2253196e9..d61f69fd7 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -37,6 +37,7 @@ type KluctlDeploymentReconciler struct {
 	ControllerName        string
 	ControllerNamespace   string
 	DefaultServiceAccount string
+	UseSystemPython       bool
 	DryRun                bool
 
 	SshPool *ssh_pool.SshPool
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
index 672cc73fb..e54283f73 100644
--- a/pkg/kluctl_jinja2/jinja2.go
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -3,6 +3,7 @@ package kluctl_jinja2
 import (
 	"context"
 	"github.com/kluctl/go-embed-python/embed_util"
+	"github.com/kluctl/go-embed-python/python"
 	x "github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
@@ -12,10 +13,10 @@ import (
 
 const parallelism = 4
 
-func NewKluctlJinja2(ctx context.Context, strict bool) (*x.Jinja2, error) {
+func NewKluctlJinja2(ctx context.Context, strict bool, useSystemPython bool) (*x.Jinja2, error) {
 	tmpDir := filepath.Join(utils.GetCacheDir(ctx), "go-embed-jinja2")
 
-	if testing.Testing() {
+	if testing.Testing() && os.Getenv("KLUCTL_TEST_JINJA2_CACHE") != "1" {
 		// we share the cache for all tests, even though WithCacheDir is used in tests
 		// otherwise things get really slow
 		tmpDir = filepath.Join(os.TempDir(), "kluctl-tests-jinja2")
@@ -26,8 +27,14 @@ func NewKluctlJinja2(ctx context.Context, strict bool) (*x.Jinja2, error) {
 		return nil, err
 	}
 
+	var systemPython python.Python
+	if useSystemPython {
+		systemPython = python.NewPython()
+	}
+
 	return x.NewJinja2("kluctl",
 		parallelism,
+		x.WithPython(systemPython),
 		x.WithStrict(strict),
 		x.WithExtension("jinja2.ext.loopcontrols"),
 		x.WithExtension("go_jinja2.ext.kluctl"),
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index 470f1e346..8b9748d83 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -10,7 +10,7 @@ import (
 )
 
 func newJinja2Must(t *testing.T) *jinja2.Jinja2 {
-	j2, err := kluctl_jinja2.NewKluctlJinja2(context.Background(), true)
+	j2, err := kluctl_jinja2.NewKluctlJinja2(context.Background(), true, false)
 	if err != nil {
 		t.Fatal(err)
 	}

From dfaf6d8c750a105d4bd9c2bfec11092a82a0be5c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 09:54:17 +0200
Subject: [PATCH 2092/2268] chore: Run make replace-commands-help

---
 docs/kluctl/commands/common-arguments.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index a206b24f6..85340577c 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -27,6 +27,7 @@ Global arguments:
       --gops-agent-addr string   Specify the address:port to use for the gops agent (default "127.0.0.1:0")
       --no-color                 Disable colored output
       --no-update-check          Disable update check on startup
+      --use-system-python        Use the system Python instead of the embedded Python.
 
 ```
 <!-- END SECTION -->

From 1654af0abc00f5ab3a91c517cc4b2d21938734a0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 10:24:10 +0200
Subject: [PATCH 2093/2268] ci: Make sure we're using Python 3.11 on all test
 runs

---
 .github/workflows/tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 60a15c7d3..4d64cc2d3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -188,6 +188,9 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.22'
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
       - uses: actions/cache@v4
         with:
           path: |

From f128d593b6f9fc2aaea906d1b2862ee1e0c1ad33 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 11:23:31 +0200
Subject: [PATCH 2094/2268] tests: Implement KluctlCommandResult helper

---
 e2e/diff_name_test.go       | 14 ++------------
 e2e/test_project/project.go | 24 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/e2e/diff_name_test.go b/e2e/diff_name_test.go
index 724fb1b8e..f19f3d7f1 100644
--- a/e2e/diff_name_test.go
+++ b/e2e/diff_name_test.go
@@ -4,7 +4,6 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sort"
@@ -35,14 +34,9 @@ func TestDiffName(t *testing.T) {
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-1", "-a", "v=a")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-1")
 
-	resultStr, _ := p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-2", "-a", "v=b", "-oyaml")
+	r, _ := p.KluctlMustCommandResult(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-2", "-a", "v=b", "-oyaml")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
 
-	var cr result.CompactedCommandResult
-	err := yaml.ReadYamlString(resultStr, &cr)
-	assert.NoError(t, err)
-
-	r := cr.ToNonCompacted()
 	sort.Slice(r.Objects, func(i, j int) bool {
 		return r.Objects[i].Ref.String() < r.Objects[j].Ref.String()
 	})
@@ -59,12 +53,8 @@ func TestDiffName(t *testing.T) {
 		Orphan: true,
 	}, r.Objects[1].BaseObject)
 
-	resultStr, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-3", "-a", "v=c", "-oyaml")
+	r, _ = p.KluctlMustCommandResult(t, "deploy", "--yes", "-t", "test", "-a", "cm_name=cm-3", "-a", "v=c", "-oyaml")
 	assertConfigMapExists(t, k, p.TestSlug(), "cm-2")
-	err = yaml.ReadYamlString(resultStr, &cr)
-	assert.NoError(t, err)
-
-	r = cr.ToNonCompacted()
 	sort.Slice(r.Objects, func(i, j int) bool {
 		return r.Objects[i].Ref.String() < r.Objects[j].Ref.String()
 	})
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 602a8d990..7a2fd3e35 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -8,6 +8,7 @@ import (
 	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -565,3 +566,26 @@ func (p *TestProject) KluctlMust(t *testing.T, argsIn ...string) (string, string
 	}
 	return stdout, stderr
 }
+
+func (p *TestProject) KluctlCommandResult(t *testing.T, argsIn ...string) (*result.CommandResult, string, error) {
+	stdout, stderr, err := p.Kluctl(t, argsIn...)
+	if err != nil {
+		return nil, "", err
+	}
+
+	var ret result.CompactedCommandResult
+	err = yaml.ReadYamlString(stdout, &ret)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return ret.ToNonCompacted(), stderr, nil
+}
+
+func (p *TestProject) KluctlMustCommandResult(t *testing.T, argsIn ...string) (*result.CommandResult, string) {
+	ret, stderr, err := p.KluctlCommandResult(t, argsIn...)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return ret, stderr
+}

From 5ad00679fde0c41b50fe75fddae4b495280bbb3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 11:51:44 +0200
Subject: [PATCH 2095/2268] chore(deps): Bump the azure-sdk group with 2
 updates (#1087)

Bumps the azure-sdk group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) and [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.11.1 to 1.12.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.11.1...sdk/azcore/v1.12.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.1 to 1.5.2
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.1...sdk/internal/v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  8 ++++----
 go.sum | 18 ++++++++----------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 5c114dacd..9d041c1e5 100644
--- a/go.mod
+++ b/go.mod
@@ -5,8 +5,8 @@ go 1.22
 require (
 	cloud.google.com/go/secretmanager v1.12.0
 	filippo.io/age v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
@@ -68,7 +68,7 @@ require (
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.24.0
-	golang.org/x/net v0.25.0
+	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sync v0.7.0
 	golang.org/x/sys v0.21.0
@@ -99,7 +99,7 @@ require (
 	cloud.google.com/go/kms v1.15.8 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index a095b55ad..abc19b272 100644
--- a/go.sum
+++ b/go.sum
@@ -15,12 +15,12 @@ filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
 filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
@@ -183,8 +183,6 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
 github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
@@ -738,8 +736,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=

From a58135f2d5e4a3d2e9f9fb00c402a7e9a9d50eb8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 11:24:04 +0200
Subject: [PATCH 2096/2268] fix: Don't fail when the git repo has no commits

---
 e2e/git_info_test.go | 120 +++++++++++++++++++++++++++++++++++++++++++
 pkg/git/git_info.go  |  40 ++++++++-------
 2 files changed, 141 insertions(+), 19 deletions(-)
 create mode 100644 e2e/git_info_test.go

diff --git a/e2e/git_info_test.go b/e2e/git_info_test.go
new file mode 100644
index 000000000..04bf3ca26
--- /dev/null
+++ b/e2e/git_info_test.go
@@ -0,0 +1,120 @@
+package e2e
+
+import (
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/pkg/types/result"
+	copy2 "github.com/otiai10/copy"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"testing"
+)
+
+func copyProject(t *testing.T, p *test_project.TestProject) string {
+	tmp := t.TempDir()
+	err := copy2.Copy(p.LocalWorkDir(), tmp, copy2.Options{
+		Skip: func(srcinfo os.FileInfo, src, dest string) (bool, error) {
+			if srcinfo.Name() == ".git" {
+				return true, nil
+			}
+			return false, nil
+		},
+	})
+	assert.NoError(t, err)
+
+	return tmp
+}
+
+func prepareGitRepoTest(t *testing.T) (*test_project.TestProject, string) {
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+	createNamespace(t, k, p.TestSlug())
+
+	addConfigMapDeployment(p, "cm", nil, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+
+	tmp := copyProject(t, p)
+
+	return p, tmp
+}
+
+func TestNGitNoRepo(t *testing.T) {
+	t.Parallel()
+
+	p, tmp := prepareGitRepoTest(t)
+
+	// no repo at all
+	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
+	assert.Equal(t, result.GitInfo{}, r.GitInfo)
+}
+
+func TestGitNoCommit(t *testing.T) {
+	t.Parallel()
+
+	p, tmp := prepareGitRepoTest(t)
+
+	// empty repo (no commit)
+	_, err := git.PlainInit(tmp, false)
+	assert.NoError(t, err)
+	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
+	assert.Equal(t, result.GitInfo{
+		Dirty: true,
+	}, r.GitInfo)
+}
+
+func TestGitSingleCommit(t *testing.T) {
+	t.Parallel()
+
+	p, tmp := prepareGitRepoTest(t)
+
+	// empty repo (no commit)
+	gr, err := git.PlainInit(tmp, false)
+	assert.NoError(t, err)
+
+	cfg, err := gr.Config()
+	assert.NoError(t, err)
+	cfg.User.Name = "Test User"
+	cfg.User.Email = "no@mail.com"
+	cfg.Author = cfg.User
+	cfg.Committer = cfg.User
+	err = gr.SetConfig(cfg)
+	assert.NoError(t, err)
+
+	w, err := gr.Worktree()
+	assert.NoError(t, err)
+
+	_, err = w.Add(".")
+	assert.NoError(t, err)
+	c, err := w.Commit("initial", &git.CommitOptions{})
+	assert.NoError(t, err)
+
+	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
+	assert.Equal(t, result.GitInfo{
+		Ref: &types.GitRef{
+			Branch: "master",
+		},
+		Commit: c.String(),
+		Dirty:  false,
+	}, r.GitInfo)
+
+	_, err = gr.CreateRemote(&config.RemoteConfig{
+		Name: "origin",
+		URLs: []string{"https://example.com"},
+	})
+	assert.NoError(t, err)
+
+	r, _ = p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
+	assert.Equal(t, result.GitInfo{
+		Url: types.ParseGitUrlMust("https://example.com"),
+		Ref: &types.GitRef{
+			Branch: "master",
+		},
+		Commit: c.String(),
+		Dirty:  false,
+	}, r.GitInfo)
+}
diff --git a/pkg/git/git_info.go b/pkg/git/git_info.go
index 32ac0bdcd..b63795336 100644
--- a/pkg/git/git_info.go
+++ b/pkg/git/git_info.go
@@ -2,7 +2,9 @@ package git
 
 import (
 	"context"
+	"errors"
 	git2 "github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
@@ -42,11 +44,6 @@ func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (resu
 		return gitInfo, projectKey, err
 	}
 
-	head, err := g.Head()
-	if err != nil {
-		return gitInfo, projectKey, err
-	}
-
 	remotes, err := g.Remotes()
 	if err != nil {
 		return gitInfo, projectKey, err
@@ -62,27 +59,32 @@ func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (resu
 		}
 	}
 
-	var repoKey types.RepoKey
-	if originUrl != nil {
-		repoKey = originUrl.RepoKey()
-	}
-
 	gitInfo = result.GitInfo{
 		Url:    originUrl,
 		SubDir: subDir,
-		Commit: head.Hash().String(),
 		Dirty:  !s.IsClean(),
 	}
-	if head.Name().IsBranch() {
-		gitInfo.Ref = &types.GitRef{
-			Branch: head.Name().Short(),
-		}
-	} else if head.Name().IsTag() {
-		gitInfo.Ref = &types.GitRef{
-			Tag: head.Name().Short(),
+
+	head, err := g.Head()
+	if err == nil {
+		gitInfo.Commit = head.Hash().String()
+		if head.Name().IsBranch() {
+			gitInfo.Ref = &types.GitRef{
+				Branch: head.Name().Short(),
+			}
+		} else if head.Name().IsTag() {
+			gitInfo.Ref = &types.GitRef{
+				Tag: head.Name().Short(),
+			}
 		}
+	} else if !errors.Is(err, plumbing.ErrReferenceNotFound) {
+		return gitInfo, projectKey, err
+	}
+
+	if originUrl != nil {
+		projectKey.RepoKey = originUrl.RepoKey()
 	}
-	projectKey.RepoKey = repoKey
 	projectKey.SubDir = subDir
+
 	return gitInfo, projectKey, nil
 }

From 203bd891bff7d6b02a825913db9448717ab1a01e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 14:45:17 +0200
Subject: [PATCH 2097/2268] feat: Remove hidden/deprecated sealed secrets
 integration (#1102)

---
 .github/ISSUE_TEMPLATE/FEATURE.yml            |   1 -
 .gitignore                                    |   1 -
 cmd/kluctl/commands/cmd_seal.go               | 188 ------
 cmd/kluctl/commands/root.go                   |   1 -
 cmd/kluctl/commands/utils.go                  |   4 +-
 e2e/default_clusters_test.go                  |   3 -
 e2e/obfuscate_test.go                         |   6 +-
 e2e/remote_objects_permission_test.go         |   2 +-
 e2e/seal_test.go                              | 552 ------------------
 e2e/test_resources/README.md                  |   5 -
 e2e/test_resources/sealed-secrets.yaml        | 307 ----------
 e2e/utils_resources.go                        |   8 +-
 go.mod                                        |   2 +-
 go.sum                                        |   2 -
 pkg/deployment/commands/seal.go               |  48 --
 pkg/deployment/deployment_collection.go       |  24 +-
 pkg/deployment/deployment_item.go             | 134 +----
 pkg/deployment/deployment_project.go          |  13 -
 pkg/deployment/shared_context.go              |   6 +-
 pkg/kluctl_project/project.go                 |   2 -
 pkg/kluctl_project/project_load.go            |  21 -
 .../target-context/target_context.go          |  61 +-
 pkg/kluctl_project/targets.go                 |   2 +-
 pkg/kluctl_project/vars.go                    |  13 +-
 pkg/seal/bootstrap.go                         | 100 ----
 pkg/seal/fetch_cert.go                        | 118 ----
 pkg/seal/sealer.go                            | 314 ----------
 pkg/types/deployment.go                       |   7 +-
 pkg/types/kluctl_project.go                   |  24 -
 pkg/types/zz_generated.deepcopy.go            | 143 -----
 pkg/webui/shortnames.go                       |   1 -
 pkg/webui/ui/src/models.ts                    |  24 -
 32 files changed, 31 insertions(+), 2106 deletions(-)
 delete mode 100644 cmd/kluctl/commands/cmd_seal.go
 delete mode 100644 e2e/seal_test.go
 delete mode 100644 e2e/test_resources/README.md
 delete mode 100644 e2e/test_resources/sealed-secrets.yaml
 delete mode 100644 pkg/deployment/commands/seal.go
 delete mode 100644 pkg/seal/bootstrap.go
 delete mode 100644 pkg/seal/fetch_cert.go
 delete mode 100644 pkg/seal/sealer.go

diff --git a/.github/ISSUE_TEMPLATE/FEATURE.yml b/.github/ISSUE_TEMPLATE/FEATURE.yml
index 79ca1bca3..fb5835416 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE.yml
@@ -27,7 +27,6 @@ body:
         - label: "poke-images"
         - label: "prune"
         - label: "render"
-        - label: "seal"
         - label: "validate"
         - label: "version"
   - type: input
diff --git a/.gitignore b/.gitignore
index d5bba3c90..7468eec00 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,7 +5,6 @@
 
 *.kubeconfig
 .secrets.yml
-.sealed-secrets
 
 /kluctl
 /kluctl.exe
diff --git a/cmd/kluctl/commands/cmd_seal.go b/cmd/kluctl/commands/cmd_seal.go
deleted file mode 100644
index 75130ba79..000000000
--- a/cmd/kluctl/commands/cmd_seal.go
+++ /dev/null
@@ -1,188 +0,0 @@
-package commands
-
-import (
-	"context"
-	"crypto/x509"
-	"fmt"
-	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/v2/pkg/seal"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"os"
-)
-
-type sealCmd struct {
-	args.ProjectFlags
-	args.TargetFlags
-	args.HelmCredentials
-	args.RegistryCredentials
-	args.OfflineKubernetesFlags
-
-	ForceReseal bool   `group:"misc" help:"Lets kluctl ignore secret hashes found in already sealed secrets and thus forces resealing of those."`
-	CertFile    string `group:"misc" help:"Use the given certificate for sealing instead of requesting it from the sealed-secrets controller"`
-}
-
-func (cmd *sealCmd) Help() string {
-	return `Loads all secrets from the specified secrets sets from the target's sealingConfig and
-then renders the target, including all files with the '.sealme' extension. Then runs
-kubeseal on each '.sealme' file and stores secrets in the directory specified by
-'--local-sealed-secrets', using the outputPattern from your deployment project.
-
-If no '--target' is specified, sealing is performed for all targets.`
-}
-
-func (cmd *sealCmd) runCmdSealForTarget(ctx context.Context, p *kluctl_project.LoadedKluctlProject, targetName string) error {
-	s := status.Startf(ctx, "%s: Sealing for target", targetName)
-	defer s.FailedWithMessagef("%s: Sealing failed", targetName)
-
-	doFail := func(err error) error {
-		s.FailedWithMessage(fmt.Sprintf("Sealing failed: %v", err))
-		return err
-	}
-
-	ptArgs := projectTargetCommandArgs{
-		projectFlags:        cmd.ProjectFlags,
-		targetFlags:         cmd.TargetFlags,
-		helmCredentials:     cmd.HelmCredentials,
-		registryCredentials: cmd.RegistryCredentials,
-		forSeal:             true,
-		offlineKubernetes:   cmd.OfflineKubernetes,
-		kubernetesVersion:   cmd.KubernetesVersion,
-	}
-	ptArgs.targetFlags.Target = targetName
-
-	// pass forSeal=True so that .sealme files are rendered as well
-	return withProjectTargetCommandContext(ctx, ptArgs, p, func(cmdCtx *commandCtx) error {
-		err := cmdCtx.targetCtx.DeploymentCollection.RenderDeployments()
-		if err != nil {
-			return doFail(err)
-		}
-
-		cert, err := cmd.loadCert(cmdCtx)
-		if err != nil {
-			return doFail(err)
-		}
-
-		sealer, err := seal.NewSealer(cmdCtx.ctx, cert, cmd.ForceReseal)
-		if err != nil {
-			return doFail(err)
-		}
-
-		outputPattern := targetName
-		if cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets != nil && cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern != nil {
-			// the outputPattern is rendered already at this point, meaning that for example
-			// '{{ cluster.name }}/{{ target.name }}' will already be rendered to 'my-cluster/my-target'
-			outputPattern = *cmdCtx.targetCtx.DeploymentProject.Config.SealedSecrets.OutputPattern
-		}
-
-		cmd2 := commands.NewSealCommand(cmdCtx.targetCtx.DeploymentCollection, outputPattern, cmdCtx.targetCtx.SharedContext.RenderDir, cmdCtx.targetCtx.SharedContext.SealedSecretsDir)
-		err = cmd2.Run(sealer)
-
-		if err != nil {
-			return doFail(err)
-		}
-		s.Success()
-		return nil
-	})
-}
-
-func (cmd *sealCmd) loadCert(cmdCtx *commandCtx) (*x509.Certificate, error) {
-	sealingConfig := cmdCtx.targetCtx.Target.SealingConfig
-
-	var certFile string
-
-	if sealingConfig != nil && sealingConfig.CertFile != nil {
-		path, err := securejoin.SecureJoin(cmdCtx.targetCtx.KluctlProject.LoadArgs.ProjectDir, *sealingConfig.CertFile)
-		if err != nil {
-			return nil, err
-		}
-		certFile = path
-	}
-
-	if cmd.CertFile != "" {
-		if certFile != "" {
-			status.Info(cmdCtx.ctx, "Overriding certFile from target with certFile argument")
-		}
-		certFile = cmd.CertFile
-	}
-
-	if certFile != "" {
-		d, err := os.ReadFile(certFile)
-		if err != nil {
-			return nil, err
-		}
-		cert, err := seal.ParseCert(d)
-		if err != nil {
-			return nil, err
-		}
-		return cert, nil
-	} else {
-		if cmdCtx.targetCtx.SharedContext.K == nil {
-			return nil, fmt.Errorf("must specify certFile when sealing in offline mode")
-		}
-
-		secretsConfig := cmdCtx.targetCtx.KluctlProject.Config.SecretsConfig
-		var sealedSecretsConfig *types.GlobalSealedSecretsConfig
-		if secretsConfig != nil {
-			sealedSecretsConfig = secretsConfig.SealedSecrets
-		}
-
-		sealedSecretsNamespace := "kube-system"
-		sealedSecretsControllerName := "sealed-secrets-controller"
-		if sealedSecretsConfig != nil {
-			if sealedSecretsConfig.Namespace != nil {
-				sealedSecretsNamespace = *sealedSecretsConfig.Namespace
-			}
-			if sealedSecretsConfig.ControllerName != nil {
-				sealedSecretsControllerName = *sealedSecretsConfig.ControllerName
-			}
-		}
-
-		if sealedSecretsConfig == nil || sealedSecretsConfig.Bootstrap == nil || *sealedSecretsConfig.Bootstrap {
-			err := seal.BootstrapSealedSecrets(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, sealedSecretsNamespace)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		cert, err := seal.FetchCert(cmdCtx.ctx, cmdCtx.targetCtx.SharedContext.K, sealedSecretsNamespace, sealedSecretsControllerName)
-		if err != nil {
-			return nil, err
-		}
-		return cert, nil
-	}
-}
-
-func (cmd *sealCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, &cmd.HelmCredentials, &cmd.RegistryCredentials, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
-		hadError := false
-
-		noTargetMatch := true
-		for _, target := range p.Targets {
-			if cmd.Target != "" && cmd.Target != target.Name {
-				continue
-			}
-			if target.SealingConfig == nil {
-				status.Infof(ctx, "Target %s has no sealingConfig", target.Name)
-				continue
-			}
-			noTargetMatch = false
-
-			err := cmd.runCmdSealForTarget(ctx, p, target.Name)
-			if err != nil {
-				hadError = true
-				status.Error(ctx, err.Error())
-			}
-		}
-		if hadError {
-			return fmt.Errorf("sealing for at least one target failed")
-		}
-		if noTargetMatch {
-			return fmt.Errorf("no target matched the given target and/or cluster name")
-		}
-		return nil
-	})
-}
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index d1846eb55..6a4b859ba 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -72,7 +72,6 @@ type cli struct {
 	PokeImages  pokeImagesCmd  `cmd:"" help:"Replace all images in target"`
 	Prune       pruneCmd       `cmd:"" help:"Searches the target cluster for prunable objects and deletes them"`
 	Render      renderCmd      `cmd:"" help:"Renders all resources and configuration files"`
-	Seal        sealCmd        `cmd:"" help:"Seal secrets based on target's sealingConfig"`
 	Validate    validateCmd    `cmd:"" help:"Validates the already deployed deployment"`
 	Controller  controllerCmd  `cmd:"" help:"Kluctl controller sub-commands"`
 	Gitops      gitopsCmd      `cmd:"" help:"GitOps sub-commands"`
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 12534ea9b..8378c7c03 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -133,7 +133,6 @@ type projectTargetCommandArgs struct {
 	discriminator string
 
 	internalDeploy    bool
-	forSeal           bool
 	forCompletion     bool
 	offlineKubernetes bool
 	kubernetesVersion string
@@ -194,7 +193,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		OfflineK8s:         args.offlineKubernetes,
 		K8sVersion:         args.kubernetesVersion,
 		DryRun:             args.dryRunArgs == nil || args.dryRunArgs.DryRun || args.forCompletion,
-		ForSeal:            args.forSeal,
 		Images:             images,
 		Inclusion:          inclusion,
 		OciAuthProvider:    p.LoadArgs.OciAuthProvider,
@@ -239,7 +237,7 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		return err
 	}
 
-	if !args.forSeal && !args.forCompletion {
+	if !args.forCompletion {
 		err = targetCtx.DeploymentCollection.Prepare()
 		if err != nil {
 			return err
diff --git a/e2e/default_clusters_test.go b/e2e/default_clusters_test.go
index 8f77bc083..40a648cfe 100644
--- a/e2e/default_clusters_test.go
+++ b/e2e/default_clusters_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"github.com/imdario/mergo"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/e2e/test_resources"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
@@ -33,7 +32,6 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
-		test_resources.ApplyYaml(nil, "sealed-secrets.yaml", defaultCluster1)
 	}()
 	go func() {
 		defer wg.Done()
@@ -44,7 +42,6 @@ func init() {
 		if err != nil {
 			panic(err)
 		}
-		test_resources.ApplyYaml(nil, "sealed-secrets.yaml", defaultCluster2)
 	}()
 	go func() {
 		defer wg.Done()
diff --git a/e2e/obfuscate_test.go b/e2e/obfuscate_test.go
index 3b00f29a8..5c6e73e61 100644
--- a/e2e/obfuscate_test.go
+++ b/e2e/obfuscate_test.go
@@ -24,15 +24,15 @@ func TestObfuscateSecrets(t *testing.T) {
 	}, resourceOpts{
 		name:      "secret",
 		namespace: p.TestSlug(),
-	}, false)
+	})
 	addSecretDeployment(p, "secret2", nil, resourceOpts{
 		name:      "secret2",
 		namespace: p.TestSlug(),
-	}, false)
+	})
 	addSecretDeployment(p, "secret3", nil, resourceOpts{
 		name:      "secret3",
 		namespace: p.TestSlug(),
-	}, false)
+	})
 
 	stdout, _ := p.KluctlMust(t, "deploy", "--yes", "-t", "test")
 	assertSecretExists(t, k, p.TestSlug(), "secret")
diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index 8a831f4f7..a0c14b989 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -95,7 +95,7 @@ func TestRemoteObjectUtils_PermissionErrors(t *testing.T) {
 	addSecretDeployment(p, "secret", nil, resourceOpts{
 		name:      "secret",
 		namespace: p.TestSlug(),
-	}, false)
+	})
 	addConfigMapDeployment(p, "cm", nil, resourceOpts{
 		name:      "cm",
 		namespace: p.TestSlug(),
diff --git a/e2e/seal_test.go b/e2e/seal_test.go
deleted file mode 100644
index a66ca7632..000000000
--- a/e2e/seal_test.go
+++ /dev/null
@@ -1,552 +0,0 @@
-package e2e
-
-import (
-	"context"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
-	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	"github.com/kluctl/kluctl/v2/pkg/seal"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"github.com/stretchr/testify/assert"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	certUtil "k8s.io/client-go/util/cert"
-	"k8s.io/client-go/util/keyutil"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"path/filepath"
-	"testing"
-	"time"
-)
-
-type certServer struct {
-	server   http.Server
-	url      string
-	certHash string
-}
-
-var certServer1 *certServer
-var certServer2 *certServer
-
-func init() {
-	var err error
-	certServer1, err = startCertServer()
-	if err != nil {
-		panic(err)
-	}
-	certServer2, err = startCertServer()
-	if err != nil {
-		panic(err)
-	}
-}
-
-func startCertServer() (*certServer, error) {
-	key, cert, err := crypto.GeneratePrivateKeyAndCert(2048, 10*365*24*time.Hour, "tests.kluctl.io")
-	if err != nil {
-		return nil, err
-	}
-
-	certbytes := []byte{}
-	certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
-	keybytes := pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)})
-	_ = keybytes
-	l := port_tool.NewListenerWithUniquePort("127.0.0.1")
-
-	mux := http.NewServeMux()
-	mux.Handle("/v1/cert.pem", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/x-pem-file")
-		_, _ = w.Write(certbytes)
-	}))
-
-	certUrl := fmt.Sprintf("http://localhost:%d", l.Addr().(*net.TCPAddr).Port)
-
-	var cs certServer
-	cs.url = certUrl
-	cs.server.Handler = mux
-	cs.certHash, err = seal.HashPublicKey(cert)
-	if err != nil {
-		return nil, err
-	}
-
-	go func() {
-		_ = cs.server.Serve(l)
-	}()
-
-	return &cs, nil
-}
-
-func addProxyVars(p *test_project.TestProject) {
-	f := func(idx int, k *test_utils.EnvTestCluster, cs *certServer) {
-		setEnv := func(k string, v string) {
-			p.SetEnv(fmt.Sprintf(k, idx), v)
-		}
-		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_API_HOST", k.RESTConfig().Host)
-		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAMESPACE", "kube-system")
-		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_NAME", "sealed-secrets-controller")
-		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_SERVICE_PORT", "http")
-		setEnv("KLUCTL_K8S_SERVICE_PROXY_%d_LOCAL_URL", cs.url)
-	}
-	f(0, defaultCluster1, certServer1)
-	f(1, defaultCluster2, certServer2)
-}
-
-func prepareSealTest(t *testing.T, k *test_utils.EnvTestCluster, secrets map[string]string, varsSources []*uo.UnstructuredObject, proxy bool) *test_project.TestProject {
-	p := test_project.NewTestProject(t, test_project.WithUseProcess(true))
-
-	if proxy {
-		addProxyVars(p)
-	}
-
-	createNamespace(t, k, p.TestSlug())
-
-	addSecretsSet(p, "test", varsSources)
-	addSecretsSetToTarget(p, "test-target", "test")
-
-	addSecretDeployment(p, "secret-deployment", secrets, resourceOpts{name: "secret", namespace: p.TestSlug()}, true)
-
-	return p
-}
-
-func addSecretsSet(p *test_project.TestProject, name string, varsSources []*uo.UnstructuredObject) {
-	p.UpdateSecretSet(name, func(secretSet *uo.UnstructuredObject) {
-		_ = secretSet.SetNestedField(varsSources, "vars")
-	})
-}
-
-func addSecretsSetToTarget(p *test_project.TestProject, targetName string, secretSetName string) {
-	p.UpdateTarget(targetName, func(target *uo.UnstructuredObject) {
-		l, _, _ := target.GetNestedList("sealingConfig", "secretSets")
-		l = append(l, secretSetName)
-		_ = target.SetNestedField(l, "sealingConfig", "secretSets")
-	})
-}
-
-func assertSealedSecret(t *testing.T, k *test_utils.EnvTestCluster, namespace string, secretName string, expectedCertHash string, expectedSecrets map[string]string) {
-	y := k.MustGet(t, schema.GroupVersionResource{
-		Group:    "bitnami.com",
-		Version:  "v1alpha1",
-		Resource: "sealedsecrets",
-	}, namespace, secretName)
-
-	h1 := y.GetK8sAnnotation("kluctl.io/sealedsecret-cert-hash")
-	if h1 == nil {
-		t.Fatal("kluctl.io/sealedsecret-cert-hash annotation not found")
-	}
-	assert.Equal(t, expectedCertHash, *h1)
-
-	hashesStr := y.GetK8sAnnotation("kluctl.io/sealedsecret-hashes")
-	if hashesStr == nil {
-		t.Fatal("kluctl.io/sealedsecret-hashes annotation not found")
-	}
-	hashes, err := uo.FromString(*hashesStr)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expectedHashes := map[string]any{}
-	for k, v := range expectedSecrets {
-		expectedHashes[k] = seal.HashSecret(k, []byte(v), secretName, namespace, "strict")
-	}
-
-	assert.Equal(t, expectedHashes, hashes.Object)
-}
-
-func TestSeal_WithOperator(t *testing.T) {
-	t.Parallel()
-	k := defaultCluster1
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-					"s2": "v2",
-				},
-			}),
-		}, true)
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
-
-func TestSeal_WithBootstrap(t *testing.T) {
-	// this test must NOT run in parallel
-
-	k := defaultCluster1
-
-	// deleting the crd causes kluctl to not recognize the operator, so it will do a bootstrap
-	_ = k.DynamicClient.Resource(apiextensionsv1.SchemeGroupVersion.WithResource("customresourcedefinitions")).
-		Delete(context.Background(), "sealedsecrets.bitnami.com", metav1.DeleteOptions{})
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-					"s2": "v2",
-				},
-			}),
-		}, false)
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	test_resources.ApplyYaml(t, "sealed-secrets.yaml", k)
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	pkCm := k.MustGetCoreV1(t, "configmaps", "kube-system", "sealed-secrets-key-kluctl-bootstrap")
-	certBytes, ok, _ := pkCm.GetNestedString("data", "tls.crt")
-	assert.True(t, ok)
-
-	cert, err := seal.ParseCert([]byte(certBytes))
-	assert.NoError(t, err)
-
-	certHash, err := seal.HashPublicKey(cert)
-	assert.NoError(t, err)
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
-
-func TestSeal_MultipleVarSources(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-				},
-			}),
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s2": "v2",
-				},
-			}),
-		}, true)
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
-
-func TestSeal_MultipleSecretSets(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-				},
-			}),
-		}, true)
-
-	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
-		uo.FromMap(map[string]interface{}{
-			"values": map[string]interface{}{
-				"s2": "v2",
-			},
-		}),
-	})
-	addSecretsSetToTarget(p, "test-target", "test2")
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
-
-func TestSeal_MultipleTargets(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-					"s2": "v2",
-				},
-			}),
-		}, true)
-
-	addSecretsSet(p, "test2", []*uo.UnstructuredObject{
-		uo.FromMap(map[string]interface{}{
-			"values": map[string]interface{}{
-				"s1": "v3",
-				"s2": "v4",
-			},
-		}),
-	})
-	addSecretsSetToTarget(p, "test-target2", "test2")
-
-	createNamespace(t, defaultCluster2, p.TestSlug())
-	p.UpdateTarget("test-target", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultCluster1.Context, "context")
-	})
-	p.UpdateTarget("test-target2", func(target *uo.UnstructuredObject) {
-		_ = target.SetNestedField(defaultCluster2.Context, "context")
-	})
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-	p.KluctlMust(t, "seal", "-t", "test-target2")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target2/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target2")
-
-	assertSealedSecret(t, defaultCluster1, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-	assertSealedSecret(t, defaultCluster2, p.TestSlug(), "secret", certServer2.certHash, map[string]string{
-		"s1": "v3",
-		"s2": "v4",
-	})
-}
-
-func TestSeal_MultipleSecrets(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	secret1 := map[string]string{
-		"s1": "{{ secrets.s1 }}",
-	}
-	secret2 := map[string]string{
-		"s2": "{{ secrets.s2 }}",
-	}
-
-	p := prepareSealTest(t, k,
-		secret1,
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-					"s2": "v2",
-				},
-			}),
-		}, true)
-	addSecretDeployment(p, "secret-deployment2", secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}, true)
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment2/test-target/secret-secret2.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-	})
-	assertSealedSecret(t, k, p.TestSlug(), "secret2", certServer1.certHash, map[string]string{
-		"s2": "v2",
-	})
-}
-
-func TestSeal_MultipleSecretsInOneFile(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	secret1 := map[string]string{
-		"s1": "{{ secrets.s1 }}",
-	}
-	secret2 := map[string]string{
-		"s2": "{{ secrets.s2 }}",
-	}
-
-	p := prepareSealTest(t, k,
-		secret1,
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"values": map[string]interface{}{
-					"s1": "v1",
-					"s2": "v2",
-				},
-			}),
-		}, true)
-
-	secret2Text, _ := yaml.WriteYamlString(createSecretObject(secret2, resourceOpts{name: "secret2", namespace: p.TestSlug()}))
-
-	p.UpdateFile("secret-deployment/secret-secret.yml.sealme", func(f string) (string, error) {
-		f += "---\n"
-		f += secret2Text
-		return f, nil
-	}, "")
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-	})
-	assertSealedSecret(t, k, p.TestSlug(), "secret2", certServer1.certHash, map[string]string{
-		"s2": "v2",
-	})
-}
-
-func TestSeal_File(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"file": utils.Ptr("secret-values.yaml"),
-			}),
-		}, true)
-
-	p.UpdateYaml("secret-values.yaml", func(o *uo.UnstructuredObject) error {
-		*o = *uo.FromMap(map[string]interface{}{
-			"secrets": map[string]interface{}{
-				"s1": "v1",
-				"s2": "v2",
-			},
-		})
-		return nil
-	}, "")
-
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
-
-func TestSeal_Vault(t *testing.T) {
-	t.Parallel()
-
-	k := defaultCluster1
-
-	server := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
-		if request.URL.Path != "/v1/secret/data/secret" {
-			http.NotFound(writer, request)
-			return
-		}
-		o := uo.FromMap(map[string]interface{}{
-			"data": map[string]interface{}{
-				"data": map[string]interface{}{
-					"secrets": map[string]interface{}{
-						"s1": "v1",
-						"s2": "v2",
-					},
-				},
-			},
-		})
-		s, _ := yaml.WriteJsonString(o)
-		writer.Header().Set("Content-Type", "application/json")
-		_, _ = writer.Write([]byte(s))
-	}))
-
-	vaultUrl := server.URL
-
-	p := prepareSealTest(t, k,
-		map[string]string{
-			"s1": "{{ secrets.s1 }}",
-			"s2": "{{ secrets.s2 }}",
-		},
-		[]*uo.UnstructuredObject{
-			uo.FromMap(map[string]interface{}{
-				"vault": map[string]interface{}{
-					"address": vaultUrl,
-					"path":    "secret/data/secret",
-				},
-			}),
-		}, true)
-
-	p.SetEnv("VAULT_TOKEN", "root")
-	p.KluctlMust(t, "seal", "-t", "test-target")
-
-	sealedSecretsDir := p.LocalProjectDir()
-	assert.FileExists(t, filepath.Join(sealedSecretsDir, ".sealed-secrets/secret-deployment/test-target/secret-secret.yml"))
-
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test-target")
-
-	assertSealedSecret(t, k, p.TestSlug(), "secret", certServer1.certHash, map[string]string{
-		"s1": "v1",
-		"s2": "v2",
-	})
-}
diff --git a/e2e/test_resources/README.md b/e2e/test_resources/README.md
deleted file mode 100644
index 9be43ed76..000000000
--- a/e2e/test_resources/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# sealed-secrets.yaml
-```bash
-helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
-helm template sealed-secrets-controller sealed-secrets/sealed-secrets -n kube-system --include-crds --skip-tests > sealed-secrets.yaml
-```
diff --git a/e2e/test_resources/sealed-secrets.yaml b/e2e/test_resources/sealed-secrets.yaml
deleted file mode 100644
index 8e2262447..000000000
--- a/e2e/test_resources/sealed-secrets.yaml
+++ /dev/null
@@ -1,307 +0,0 @@
----
-# Source: crds/sealedsecret-crd.yaml
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: sealedsecrets.bitnami.com
-spec:
-  group: bitnami.com
-  names:
-    kind: SealedSecret
-    listKind: SealedSecretList
-    plural: sealedsecrets
-    singular: sealedsecret
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    served: true
-    storage: true
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        type: object
-        properties:
-          spec:
-            type: object
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            x-kubernetes-preserve-unknown-fields: true
-
----
-# Source: sealed-secrets/templates/service-account.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: sealed-secrets-controller
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
----
-# Source: sealed-secrets/templates/cluster-role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: secrets-unsealer
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-rules:
-  - apiGroups:
-      - bitnami.com
-    resources:
-      - sealedsecrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - bitnami.com
-    resources:
-      - sealedsecrets/status
-    verbs:
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - create
-      - update
-      - delete
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
----
-# Source: sealed-secrets/templates/cluster-role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: sealed-secrets-controller
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: secrets-unsealer
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: sealed-secrets-controller
-    namespace: kube-system
----
-# Source: sealed-secrets/templates/role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: sealed-secrets-controller-key-admin
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-rules:
-  - apiGroups:
-      - ""
-    resourceNames:
-      - sealed-secrets-key
-    resources:
-      - secrets
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - create
-      - list
----
-# Source: sealed-secrets/templates/role.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: sealed-secrets-controller-service-proxier
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-rules:
-  - apiGroups:
-      - ""
-    resourceNames:
-      - sealed-secrets-controller
-    resources:
-      - services
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-    resourceNames:
-      - 'http:sealed-secrets-controller:'
-      - 'http:sealed-secrets-controller:http'
-      - sealed-secrets-controller
-    resources:
-      - services/proxy
-    verbs:
-      - create
-      - get
----
-# Source: sealed-secrets/templates/role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: sealed-secrets-controller-key-admin
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: sealed-secrets-controller-key-admin
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: sealed-secrets-controller
-    namespace: kube-system
----
-# Source: sealed-secrets/templates/role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: sealed-secrets-controller-service-proxier
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: sealed-secrets-controller-service-proxier
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: system:authenticated
----
-# Source: sealed-secrets/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: sealed-secrets-controller
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-spec:
-  type: ClusterIP
-  ports:
-    - name: http
-      port: 8080
-      targetPort: http
-      nodePort: null
-  selector:
-    app.kubernetes.io/name: sealed-secrets
-    app.kubernetes.io/instance: sealed-secrets-controller
----
-# Source: sealed-secrets/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: sealed-secrets-controller
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: sealed-secrets
-    helm.sh/chart: sealed-secrets-2.4.0
-    app.kubernetes.io/instance: sealed-secrets-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/version: v0.18.1
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: sealed-secrets
-      app.kubernetes.io/instance: sealed-secrets-controller
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: sealed-secrets
-        app.kubernetes.io/instance: sealed-secrets-controller
-    spec:
-      securityContext:
-        fsGroup: 65534
-      serviceAccountName: sealed-secrets-controller
-      containers:
-        - name: controller
-          command:
-            - controller
-          args:
-            - --update-status
-            - --key-prefix
-            - "sealed-secrets-key"
-          image: docker.io/bitnami/sealed-secrets-controller:v0.18.1
-          imagePullPolicy: IfNotPresent
-          ports:
-            - containerPort: 8080
-              name: http
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 1
-            httpGet:
-              path: /healthz
-              port: http
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 1
-            httpGet:
-              path: /healthz
-              port: http
-          resources:
-            limits: {}
-            requests: {}
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            runAsUser: 1001
-          volumeMounts:
-            - mountPath: /tmp
-              name: tmp
-      volumes:
-        - name: tmp
-          emptyDir: {}
diff --git a/e2e/utils_resources.go b/e2e/utils_resources.go
index 63134462c..c9a9812a7 100644
--- a/e2e/utils_resources.go
+++ b/e2e/utils_resources.go
@@ -72,15 +72,11 @@ func addConfigMapDeployment(p *test_project.TestProject, dir string, data map[st
 	}
 }
 
-func addSecretDeployment(p *test_project.TestProject, dir string, data map[string]string, opts resourceOpts, sealme bool) {
-	sealmeExt := ""
-	if sealme {
-		sealmeExt = ".sealme"
-	}
+func addSecretDeployment(p *test_project.TestProject, dir string, data map[string]string, opts resourceOpts) {
 	o := createSecretObject(data, opts)
 	fname := fmt.Sprintf("secret-%s.yml", opts.name)
 	p.AddKustomizeDeployment(dir, []test_project.KustomizeResource{
-		{Name: fname, FileName: fname + sealmeExt, Content: o},
+		{Name: fname, FileName: fname, Content: o},
 	}, opts.tags)
 	if opts.when != "" {
 		p.UpdateDeploymentItems(filepath.Dir(dir), func(items []*uo.UnstructuredObject) []*uo.UnstructuredObject {
diff --git a/go.mod b/go.mod
index 9d041c1e5..93c74ba56 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
 	github.com/aws/smithy-go v1.20.2
-	github.com/bitnami-labs/sealed-secrets v0.26.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dimchansky/utfbom v1.1.1
@@ -234,6 +233,7 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/onsi/ginkgo/v2 v2.17.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
diff --git a/go.sum b/go.sum
index abc19b272..538af34a5 100644
--- a/go.sum
+++ b/go.sum
@@ -110,8 +110,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
-github.com/bitnami-labs/sealed-secrets v0.26.2 h1:zXVYOFTkoKMoTUCJQEPr3CmPLM+cV9Ulgb7xXAbHUWA=
-github.com/bitnami-labs/sealed-secrets v0.26.2/go.mod h1:N10NsoQpofFxIaStWNLSJuY6M1VE6YCOI5OO9LT75p0=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
diff --git a/pkg/deployment/commands/seal.go b/pkg/deployment/commands/seal.go
deleted file mode 100644
index bd9eccc2e..000000000
--- a/pkg/deployment/commands/seal.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package commands
-
-import (
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	"github.com/kluctl/kluctl/v2/pkg/seal"
-	"path/filepath"
-)
-
-type SealCommand struct {
-	c                *deployment.DeploymentCollection
-	outputPattern    string
-	renderDir        string
-	sealedSecretsDir string
-}
-
-func NewSealCommand(c *deployment.DeploymentCollection, outputPattern string, renderDir string, sealedSecretsDir string) *SealCommand {
-	return &SealCommand{
-		c:                c,
-		outputPattern:    outputPattern,
-		renderDir:        renderDir,
-		sealedSecretsDir: sealedSecretsDir,
-	}
-}
-
-func (cmd *SealCommand) Run(sealer *seal.Sealer) error {
-	for _, di := range cmd.c.Deployments {
-		sealedSecrets, err := di.ListSealedSecrets("")
-		if err != nil {
-			return err
-		}
-
-		for _, relPath := range sealedSecrets {
-			sealmeFile := filepath.Join(di.RenderedDir, relPath+deployment.SealmeExt)
-			targetFile, err := di.BuildSealedSecretPath(relPath)
-			if err != nil {
-				return err
-			}
-
-			err = sealer.SealFile(sealmeFile, targetFile)
-			if err != nil {
-				return fmt.Errorf("failed sealing %s: %w", filepath.Base(relPath), err)
-			}
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 77b41e966..678a74229 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -24,19 +24,17 @@ type DeploymentCollection struct {
 	Project   *DeploymentProject
 	Images    *Images
 	Inclusion *utils.Inclusion
-	forSeal   bool
 
 	Deployments []*DeploymentItem
 	mutex       sync.Mutex
 }
 
-func NewDeploymentCollection(ctx SharedContext, project *DeploymentProject, images *Images, inclusion *utils.Inclusion, forSeal bool) (*DeploymentCollection, error) {
+func NewDeploymentCollection(ctx SharedContext, project *DeploymentProject, images *Images, inclusion *utils.Inclusion) (*DeploymentCollection, error) {
 	dc := &DeploymentCollection{
 		ctx:       ctx,
 		Project:   project,
 		Images:    images,
 		Inclusion: inclusion,
-		forSeal:   forSeal,
 	}
 
 	indexes := make(map[string]int)
@@ -139,7 +137,7 @@ func (c *DeploymentCollection) RenderDeployments() error {
 	for _, d := range c.Deployments {
 		d := d
 		g.RunE(func() error {
-			return d.render(c.forSeal)
+			return d.render()
 		})
 	}
 	g.Wait()
@@ -168,20 +166,6 @@ func (c *DeploymentCollection) renderHelmCharts() error {
 	return g.ErrorOrNil()
 }
 
-func (c *DeploymentCollection) resolveSealedSecrets() error {
-	if c.forSeal {
-		return nil
-	}
-
-	for _, d := range c.Deployments {
-		err := d.resolveSealedSecrets()
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func (c *DeploymentCollection) buildKustomizeObjects() error {
 	g := utils.NewGoHelper(c.ctx.Ctx, 0)
 
@@ -353,10 +337,6 @@ func (c *DeploymentCollection) Prepare() error {
 	if err != nil {
 		return err
 	}
-	err = c.resolveSealedSecrets()
-	if err != nil {
-		return err
-	}
 	err = c.buildKustomizeObjects()
 	if err != nil {
 		return err
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 65a1246d3..d84019dd0 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -20,8 +20,6 @@ import (
 	"strings"
 )
 
-const SealmeExt = ".sealme"
-
 type DeploymentItem struct {
 	ctx SharedContext
 
@@ -115,7 +113,7 @@ func (di *DeploymentItem) getCommonAnnotations() map[string]string {
 	return a
 }
 
-func (di *DeploymentItem) render(forSeal bool) error {
+func (di *DeploymentItem) render() error {
 	if di.dir == nil {
 		return nil
 	}
@@ -151,11 +149,6 @@ func (di *DeploymentItem) render(forSeal bool) error {
 		return err
 	}
 
-	if !forSeal {
-		// .sealme files are rendered while sealing and not while deploying
-		excludePatterns = append(excludePatterns, "**.sealme")
-	}
-
 	searchDirs := di.Project.getRenderSearchDirs()
 	// also add deployment item dir to search dirs
 	searchDirs = append([]string{*di.dir}, searchDirs...)
@@ -250,129 +243,6 @@ func (di *DeploymentItem) renderHelmCharts() error {
 	return nil
 }
 
-func (di *DeploymentItem) ListSealedSecrets(subdir string) ([]string, error) {
-	var ret []string
-
-	if di.dir == nil {
-		return nil, nil
-	}
-
-	renderedDir := filepath.Join(di.RenderedDir, subdir)
-
-	// ensure we're not leaving the project
-	err := utils.CheckSubInDir(di.Project.source.dir, filepath.Join(di.RelRenderedDir, subdir))
-	if err != nil {
-		return nil, err
-	}
-
-	y, err := di.readKustomizationYaml(subdir)
-	if err != nil {
-		return nil, err
-	}
-	if y == nil {
-		y, err = di.generateKustomizationYaml(subdir)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	resources, _, err := y.GetNestedStringList("resources")
-	if err != nil {
-		return nil, err
-	}
-
-	for _, resource := range resources {
-		p := filepath.Clean(filepath.Join(renderedDir, resource))
-
-		isDir := utils.IsDirectory(p)
-		isSealedSecret := !utils.Exists(p) && utils.Exists(p+SealmeExt)
-		if !isDir && !isSealedSecret {
-			continue
-		}
-
-		relPath, err := filepath.Rel(di.RenderedDir, p)
-		if err != nil {
-			return nil, err
-		}
-
-		relPath = filepath.Clean(relPath)
-
-		// ensure we're not leaving the project
-		err = utils.CheckSubInDir(di.Project.source.dir, filepath.Join(di.RelRenderedDir, relPath))
-		if err != nil {
-			return nil, err
-		}
-
-		if isDir {
-			ret2, err := di.ListSealedSecrets(relPath)
-			if err != nil {
-				return nil, err
-			}
-			ret = append(ret, ret2...)
-		} else {
-			ret = append(ret, relPath)
-		}
-	}
-	return ret, nil
-}
-
-func (di *DeploymentItem) BuildSealedSecretPath(relPath string) (string, error) {
-	sealedSecretsDir := di.Project.getRenderedOutputPattern()
-	baseSourcePath := di.Project.ctx.SealedSecretsDir
-
-	relDir := filepath.Dir(relPath)
-	fname := filepath.Base(relPath)
-
-	// ensure we're not leaving the .sealed-secrets dir
-	sourcePath := filepath.Join(baseSourcePath, di.RelRenderedDir, relDir, sealedSecretsDir, fname)
-	err := utils.CheckInDir(baseSourcePath, sourcePath)
-	if err != nil {
-		return "", err
-	}
-	sourcePath = filepath.Clean(sourcePath)
-	return sourcePath, nil
-}
-
-func (di *DeploymentItem) resolveSealedSecrets() error {
-	if di.dir == nil {
-		return nil
-	}
-
-	sealedSecrets, err := di.ListSealedSecrets("")
-	if err != nil {
-		return err
-	}
-
-	for _, relPath := range sealedSecrets {
-		relDir := filepath.Dir(relPath)
-		if err != nil {
-			return err
-		}
-		fname := filepath.Base(relPath)
-
-		baseError := fmt.Sprintf("failed to resolve SealedSecret %s", relPath)
-
-		sourcePath, err := di.BuildSealedSecretPath(relPath)
-		if err != nil {
-			return fmt.Errorf("%s: %w", baseError, err)
-		}
-
-		targetPath := filepath.Join(di.RenderedDir, relDir, fname)
-		if !utils.IsFile(sourcePath) {
-			return fmt.Errorf("%s. %s not found. You might need to seal it first", baseError, sourcePath)
-		}
-		b, err := os.ReadFile(sourcePath)
-		if err != nil {
-			return fmt.Errorf("failed to read source secret file %s: %w", sourcePath, err)
-		}
-		err = os.WriteFile(targetPath, b, 0o600)
-		if err != nil {
-			return fmt.Errorf("failed to write target secret file %s: %w", targetPath, err)
-		}
-	}
-	return nil
-}
-
 func (di *DeploymentItem) buildInclusionEntries() []utils.InclusionEntry {
 	var values []utils.InclusionEntry
 	for _, t := range di.Tags.ListKeys() {
@@ -454,8 +324,6 @@ func (di *DeploymentItem) generateKustomizationYaml(subDir string) (*uo.Unstruct
 			}
 		} else if strings.HasSuffix(lname, ".yml") || strings.HasSuffix(lname, ".yaml") {
 			resourcePath = de.Name()
-		} else if strings.HasSuffix(lname, ".yml"+SealmeExt) || strings.HasSuffix(lname, ".yaml"+SealmeExt) {
-			resourcePath = de.Name()[:len(de.Name())-len(SealmeExt)]
 		}
 
 		if resourcePath != "" {
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 2635c9d78..00267e8ed 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -66,10 +66,6 @@ func NewDeploymentProject(ctx SharedContext, varsCtx *vars.VarsCtx, source Sourc
 		return nil, fmt.Errorf("failed to load includes for %s: %w", dir, err)
 	}
 
-	if dp.Config.SealedSecrets != nil {
-		status.Deprecation(ctx.Ctx, "sealed-secrets-config", "'sealedSecrets' is deprecated in deployment projects. Support for it will be removed in a future kluctl release.")
-	}
-
 	return dp, nil
 }
 
@@ -283,15 +279,6 @@ func (p *DeploymentProject) loadLocalInclude(source Source, incDir string, inc *
 	return newProject, nil
 }
 
-func (p *DeploymentProject) getRenderedOutputPattern() string {
-	for _, x := range p.getParents() {
-		if x.p.Config.SealedSecrets != nil && x.p.Config.SealedSecrets.OutputPattern != nil {
-			return *x.p.Config.SealedSecrets.OutputPattern
-		}
-	}
-	return p.ctx.DefaultSealedSecretsOutputPattern
-}
-
 func (p *DeploymentProject) getRootProject() *DeploymentProject {
 	if p.parentProject == nil {
 		return p
diff --git a/pkg/deployment/shared_context.go b/pkg/deployment/shared_context.go
index 730d13c7b..3e494e80d 100644
--- a/pkg/deployment/shared_context.go
+++ b/pkg/deployment/shared_context.go
@@ -21,8 +21,6 @@ type SharedContext struct {
 	HelmAuthProvider helm_auth.HelmAuthProvider
 	OciAuthProvider  auth_provider.OciAuthProvider
 
-	Discriminator                     string
-	RenderDir                         string
-	SealedSecretsDir                  string
-	DefaultSealedSecretsOutputPattern string
+	Discriminator string
+	RenderDir     string
 }
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 0d5985be3..626f89f76 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -12,8 +12,6 @@ type LoadedKluctlProject struct {
 	LoadArgs LoadKluctlProjectArgs
 	LoadTime time.Time
 
-	SealedSecretsDir string
-
 	Config  types2.KluctlProject
 	Targets []*types2.Target
 
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 50acb954e..49d6adc82 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -6,7 +6,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
@@ -61,25 +60,5 @@ func (c *LoadedKluctlProject) loadKluctlProject(ctx context.Context) error {
 		}
 	}
 
-	s := status.Start(ctx, "Loading kluctl project")
-	defer s.Failed()
-
-	c.SealedSecretsDir = filepath.Join(c.LoadArgs.ProjectDir, ".sealed-secrets")
-
-	sealedSecretsUsed := false
-	if c.Config.SecretsConfig != nil {
-		sealedSecretsUsed = true
-	}
-	for _, t := range c.Config.Targets {
-		if t.SealingConfig != nil {
-			sealedSecretsUsed = true
-		}
-	}
-	if sealedSecretsUsed {
-		status.Deprecation(ctx, "sealed-secrets", "The SealedSecrets integration is deprecated and will be completely removed in an upcoming version. Please switch to using the SOPS integration instead.")
-	}
-
-	s.Success()
-
 	return nil
 }
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index 7afa7524c..e737a5ca4 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -38,7 +38,6 @@ type TargetContextParams struct {
 	OfflineK8s         bool
 	K8sVersion         string
 	DryRun             bool
-	ForSeal            bool
 	Images             *deployment.Images
 	Inclusion          *utils.Inclusion
 	HelmAuthProvider   auth.HelmAuthProvider
@@ -94,7 +93,7 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 		}
 	}
 
-	varsCtx, err := p.BuildVars(target, params.ForSeal)
+	varsCtx, err := p.BuildVars(target)
 	if err != nil {
 		return nil, err
 	}
@@ -114,19 +113,17 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 	varsLoader := vars.NewVarsLoader(ctx, k, sopsDecryptor, p.GitRP, aws.NewClientFactory(client, target.Aws), gcp.NewClientFactory())
 
 	dctx := deployment.SharedContext{
-		Ctx:                               ctx,
-		K:                                 k,
-		K8sVersion:                        params.K8sVersion,
-		GitRP:                             p.GitRP,
-		OciRP:                             p.OciRP,
-		SopsDecrypter:                     sopsDecryptor,
-		VarsLoader:                        varsLoader,
-		HelmAuthProvider:                  params.HelmAuthProvider,
-		OciAuthProvider:                   params.OciAuthProvider,
-		Discriminator:                     target.Discriminator,
-		RenderDir:                         params.RenderOutputDir,
-		SealedSecretsDir:                  p.SealedSecretsDir,
-		DefaultSealedSecretsOutputPattern: target.Name,
+		Ctx:              ctx,
+		K:                k,
+		K8sVersion:       params.K8sVersion,
+		GitRP:            p.GitRP,
+		OciRP:            p.OciRP,
+		SopsDecrypter:    sopsDecryptor,
+		VarsLoader:       varsLoader,
+		HelmAuthProvider: params.HelmAuthProvider,
+		OciAuthProvider:  params.OciAuthProvider,
+		Discriminator:    target.Discriminator,
+		RenderDir:        params.RenderOutputDir,
 	}
 
 	targetCtx := &TargetContext{
@@ -137,20 +134,13 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 		ClusterContext: contextName,
 	}
 
-	if params.ForSeal {
-		err = targetCtx.loadSecrets(ctx, target, varsCtx, varsLoader)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	d, err := deployment.NewDeploymentProject(dctx, varsCtx, deployment.NewSource(repoRoot), relProjectDir, nil)
 	if err != nil {
 		return targetCtx, err
 	}
 	targetCtx.DeploymentProject = d
 
-	c, err := deployment.NewDeploymentCollection(dctx, d, params.Images, params.Inclusion, params.ForSeal)
+	c, err := deployment.NewDeploymentCollection(dctx, d, params.Images, params.Inclusion)
 	if err != nil {
 		return targetCtx, err
 	}
@@ -158,28 +148,3 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 
 	return targetCtx, nil
 }
-
-func (tc *TargetContext) findSecretsEntry(name string) (*types.SecretSet, error) {
-	for _, e := range tc.KluctlProject.Config.SecretsConfig.SecretSets {
-		if e.Name == name {
-			return &e, nil
-		}
-	}
-	return nil, fmt.Errorf("secret Set with name %s was not found", name)
-}
-
-func (tc *TargetContext) loadSecrets(ctx context.Context, target *types.Target, varsCtx *vars.VarsCtx, varsLoader *vars.VarsLoader) error {
-	searchDirs := []string{tc.KluctlProject.LoadArgs.ProjectDir}
-
-	for _, secretSetName := range target.SealingConfig.SecretSets {
-		secretEntry, err := tc.findSecretsEntry(secretSetName)
-		if err != nil {
-			return err
-		}
-		err = varsLoader.LoadVarsList(ctx, varsCtx, secretEntry.Vars, searchDirs, "secrets")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index c4789d16b..243b559c0 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -52,7 +52,7 @@ func (c *LoadedKluctlProject) RenderTarget(target *types.Target) error {
 
 	var retErr error
 	for i := 0; i < 10; i++ {
-		varsCtx, err := c.BuildVars(target, false)
+		varsCtx, err := c.BuildVars(target)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/kluctl_project/vars.go b/pkg/kluctl_project/vars.go
index 0d3a266f7..201a357d2 100644
--- a/pkg/kluctl_project/vars.go
+++ b/pkg/kluctl_project/vars.go
@@ -6,7 +6,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/vars"
 )
 
-func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*vars.VarsCtx, error) {
+func (p *LoadedKluctlProject) BuildVars(target *types.Target) (*vars.VarsCtx, error) {
 	varsCtx := vars.NewVarsCtx(p.J2)
 
 	targetVars, err := uo.FromStruct(target)
@@ -17,15 +17,8 @@ func (p *LoadedKluctlProject) BuildVars(target *types.Target, forSeal bool) (*va
 
 	allArgs := uo.New()
 
-	if target != nil {
-		if target.Args != nil {
-			allArgs.Merge(target.Args)
-		}
-		if forSeal {
-			if target.SealingConfig.Args != nil {
-				allArgs.Merge(target.SealingConfig.Args)
-			}
-		}
+	if target != nil && target.Args != nil {
+		allArgs.Merge(target.Args)
 	}
 	if p.LoadArgs.ExternalArgs != nil {
 		allArgs.Merge(p.LoadArgs.ExternalArgs)
diff --git a/pkg/seal/bootstrap.go b/pkg/seal/bootstrap.go
deleted file mode 100644
index 94932cafb..000000000
--- a/pkg/seal/bootstrap.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package seal
-
-import (
-	"context"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	v1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	certUtil "k8s.io/client-go/util/cert"
-	"k8s.io/client-go/util/keyutil"
-	"time"
-)
-
-const sealedSecretsKeyLabel = "sealedsecrets.bitnami.com/sealed-secrets-key"
-const secretName = "sealed-secrets-key-kluctl-bootstrap"
-const configMapName = "sealed-secrets-key-kluctl-bootstrap"
-
-func BootstrapSealedSecrets(ctx context.Context, k *k8s.K8sCluster, namespace string) error {
-	existing, _, err := k.GetSingleObject(k8s2.ObjectRef{
-		Group:   "apiextensions.k8s.io",
-		Version: "v1",
-		Kind:    "CustomResourceDefinition",
-		Name:    "sealedsecrets.bitnami.com",
-	})
-	if existing != nil {
-		// no bootstrap needed as the sealed-secrets operator seams to be installed already
-		return nil
-	}
-
-	existing, _, err = k.GetSingleObject(k8s2.ObjectRef{
-		Group:     "",
-		Version:   "v1",
-		Kind:      "ConfigMap",
-		Name:      configMapName,
-		Namespace: namespace,
-	})
-	if existing != nil {
-		// bootstrap has already been done
-		return nil
-	}
-
-	status.Info(ctx, "Bootstrapping sealed-secrets with a self-generated key")
-
-	key, cert, err := crypto.GeneratePrivateKeyAndCert(2048, 10*365*24*time.Hour, "bootstrap.kluctl.io")
-	if err != nil {
-		return err
-	}
-
-	certs := []*x509.Certificate{cert}
-	err = writeKey(k, key, certs, namespace)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func writeKey(k *k8s.K8sCluster, key *rsa.PrivateKey, certs []*x509.Certificate, namespace string) error {
-	certbytes := []byte{}
-	for _, cert := range certs {
-		certbytes = append(certbytes, pem.EncodeToMemory(&pem.Block{Type: certUtil.CertificateBlockType, Bytes: cert.Raw})...)
-	}
-	keybytes := pem.EncodeToMemory(&pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(key)})
-
-	secret := uo.New()
-	secret.SetK8sGVK(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"})
-	secret.SetK8sName(secretName)
-	secret.SetK8sNamespace(namespace)
-	secret.SetK8sLabel(sealedSecretsKeyLabel, "active")
-	secret.Object["data"] = map[string]string{
-		v1.TLSPrivateKeyKey: base64.StdEncoding.EncodeToString(keybytes),
-		v1.TLSCertKey:       base64.StdEncoding.EncodeToString(certbytes),
-	}
-	secret.Object["type"] = v1.SecretTypeTLS
-
-	configMap := uo.New()
-	configMap.SetK8sGVK(schema.GroupVersionKind{Group: "", Version: "v1", Kind: "ConfigMap"})
-	configMap.SetK8sName(configMapName)
-	configMap.SetK8sNamespace(namespace)
-	configMap.Object["data"] = map[string]string{
-		v1.TLSCertKey: string(certbytes),
-	}
-
-	_, _, err := k.ReadWrite().ApplyObject(secret, k8s.PatchOptions{})
-	if err != nil {
-		return err
-	}
-	_, _, err = k.ReadWrite().ApplyObject(configMap, k8s.PatchOptions{})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/seal/fetch_cert.go b/pkg/seal/fetch_cert.go
deleted file mode 100644
index 6916a1845..000000000
--- a/pkg/seal/fetch_cert.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package seal
-
-import (
-	"context"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"io"
-	v12 "k8s.io/api/core/v1"
-	"k8s.io/client-go/util/cert"
-)
-
-func FetchCert(ctx context.Context, k *k8s.K8sCluster, namespace string, controllerName string) (*x509.Certificate, error) {
-	certData, err := openCertFromController(k, namespace, controllerName)
-	if err != nil {
-		if controllerName == "sealed-secrets-controller" {
-			s2, err2 := openCertFromController(k, namespace, "sealed-secrets")
-			if err2 == nil {
-				status.Warning(ctx, "Looks like you have sealed-secrets controller installed with name 'sealed-secrets', which comes from a legacy kluctl version that deployed it with a non-default name. Please consider re-deploying sealed-secrets operator manually.")
-				err = nil
-				certData = s2
-			}
-		}
-
-		if err != nil {
-			status.Warning(ctx, "Failed to retrieve public certificate from sealed-secrets-controller, re-trying with bootstrap secret")
-			certData, err = openCertFromBootstrap(k, namespace)
-			if err != nil {
-				return nil, fmt.Errorf("failed to retrieve sealed secrets public key: %w", err)
-			}
-		}
-	}
-
-	return ParseCert(certData)
-}
-
-func openCertFromBootstrap(k *k8s.K8sCluster, namespace string) ([]byte, error) {
-	ref := k8s2.NewObjectRef("", "v1", "ConfigMap", configMapName, namespace)
-	cm, _, err := k.GetSingleObject(ref)
-	if err != nil {
-		return nil, err
-	}
-
-	v, ok, err := cm.GetNestedString("data", v12.TLSCertKey)
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		return nil, fmt.Errorf("%s key not found in ConfigMap %s", v12.TLSCertKey, configMapName)
-	}
-
-	return []byte(v), nil
-}
-
-func openCertFromController(k *k8s.K8sCluster, namespace, name string) ([]byte, error) {
-	portName, err := getServicePortName(k, namespace, name)
-	if err != nil {
-		return nil, err
-	}
-	r, err := k.ProxyGet("http", namespace, name, portName, "/v1/cert.pem", nil)
-	if err != nil {
-		return nil, fmt.Errorf("cannot fetch certificate: %v", err)
-	}
-	defer r.Close()
-
-	cert, err := io.ReadAll(r)
-	if err != nil {
-		return nil, err
-	}
-
-	return cert, nil
-}
-
-func getServicePortName(k *k8s.K8sCluster, namespace, serviceName string) (string, error) {
-	ref := k8s2.NewObjectRef("", "v1", "Service", serviceName, namespace)
-	service, _, err := k.GetSingleObject(ref)
-	if err != nil {
-		return "", fmt.Errorf("cannot get sealed secret service: %v", err)
-	}
-
-	n, ok, err := service.GetNestedString("spec", "ports", 0, "name")
-	if err != nil {
-		return "", err
-	}
-	if !ok {
-		return "", fmt.Errorf("spec.ports[0].name not in service object %s", serviceName)
-	}
-
-	return n, nil
-}
-
-func ParseCert(data []byte) (*x509.Certificate, error) {
-	certs, err := cert.ParseCertsPEM(data)
-	if err != nil {
-		return nil, err
-	}
-
-	// ParseCertsPem returns error if len(certs) == 0, but best to be sure...
-	if len(certs) == 0 {
-		return nil, errors.New("failed to read any certificates")
-	}
-
-	return certs[0], nil
-}
-
-func HashPublicKey(cert *x509.Certificate) (string, error) {
-	pkBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
-	if err != nil {
-		return "", err
-	}
-	h := sha256.Sum256(pkBytes)
-	return hex.EncodeToString(h[:]), nil
-}
diff --git a/pkg/seal/sealer.go b/pkg/seal/sealer.go
deleted file mode 100644
index cea58dc6c..000000000
--- a/pkg/seal/sealer.go
+++ /dev/null
@@ -1,314 +0,0 @@
-package seal
-
-import (
-	"context"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/hex"
-	"fmt"
-	"github.com/bitnami-labs/sealed-secrets/pkg/crypto"
-	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
-	"golang.org/x/crypto/scrypt"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"os"
-	"path/filepath"
-	"strconv"
-)
-
-const hashAnnotation = "kluctl.io/sealedsecret-hashes"
-const certHashAnnotation = "kluctl.io/sealedsecret-cert-hash"
-
-type Sealer struct {
-	ctx         context.Context
-	forceReseal bool
-	cert        *x509.Certificate
-	pubKey      *rsa.PublicKey
-	certHash    string
-}
-
-func NewSealer(ctx context.Context, cert *x509.Certificate, forceReseal bool) (*Sealer, error) {
-	s := &Sealer{
-		ctx:         ctx,
-		forceReseal: forceReseal,
-		cert:        cert,
-	}
-
-	pk, ok := cert.PublicKey.(*rsa.PublicKey)
-	if !ok {
-		return nil, fmt.Errorf("expected RSA public key but found %v", cert.PublicKey)
-	}
-	s.pubKey = pk
-
-	var err error
-	s.certHash, err = HashPublicKey(cert)
-	if err != nil {
-		return nil, err
-	}
-
-	return s, nil
-}
-
-func HashSecret(key string, secret []byte, secretName string, secretNamespace string, scope string) string {
-	if secretNamespace == "" {
-		secretNamespace = "*"
-	}
-	salt := fmt.Sprintf("%s-%s-%s", secretName, secretNamespace, key)
-	if scope != "strict" {
-		salt += "-" + scope
-	}
-	h, err := scrypt.Key(secret, []byte(salt), 1<<14, 8, 1, 64)
-	if err != nil {
-		panic(err)
-	}
-	return hex.EncodeToString(h)
-}
-
-func encryptionLabel(namespace string, name string, scope string) []byte {
-	var l string
-	switch scope {
-	case "cluster-wide":
-		l = ""
-	case "namespace-wide":
-		l = namespace
-	case "strict":
-		fallthrough
-	default:
-		l = fmt.Sprintf("%s/%s", namespace, name)
-	}
-	return []byte(l)
-}
-
-func (s *Sealer) encryptSecret(secret []byte, secretName string, secretNamespace string, scope string) (string, error) {
-	// todo
-	b, err := crypto.HybridEncrypt(rand.Reader, s.pubKey, secret, encryptionLabel(secretNamespace, secretName, scope))
-	if err != nil {
-		return "", err
-	}
-	return base64.StdEncoding.EncodeToString(b), nil
-}
-
-type sealedSecret struct {
-	content  *uo.UnstructuredObject
-	hashes   *uo.UnstructuredObject
-	certHash string
-}
-
-func buildSecretRef(o *uo.UnstructuredObject) string {
-	return fmt.Sprintf("%s/%s", o.GetK8sNamespace(), o.GetK8sName())
-}
-
-func (s *Sealer) loadExistingSealedSecrets(p string) (map[string]*sealedSecret, error) {
-	ret := map[string]*sealedSecret{}
-
-	if !utils.Exists(p) {
-		return ret, nil
-	}
-
-	list, err := uo.FromFileMulti(p)
-	if err != nil {
-		return nil, err
-	}
-	if len(list) != 1 {
-		err = nil
-	}
-
-	for _, x := range list {
-		var ss sealedSecret
-
-		ss.content = x
-
-		a := x.GetK8sAnnotation(hashAnnotation)
-		if a != nil {
-			ss.hashes, _ = uo.FromString(*a)
-		}
-		a = x.GetK8sAnnotation(certHashAnnotation)
-		if a != nil {
-			ss.certHash = *a
-		}
-		if ss.hashes == nil {
-			ss.hashes = uo.New()
-		}
-
-		ret[buildSecretRef(x)] = &ss
-	}
-	return ret, nil
-}
-
-func (s *Sealer) SealFile(p string, targetFile string) error {
-	err := os.MkdirAll(filepath.Dir(targetFile), 0o700)
-	if err != nil {
-		return err
-	}
-
-	existingSealedSecrets, err := s.loadExistingSealedSecrets(targetFile)
-	if err != nil {
-		return err
-	}
-
-	secrets, err := uo.FromFileMulti(p)
-	if err != nil {
-		return err
-	}
-
-	var result []any
-
-	for _, o := range secrets {
-		existing, _ := existingSealedSecrets[buildSecretRef(o)]
-		newSealedSecret, err := s.sealSecret(o, existing)
-		if err != nil {
-			return err
-		}
-		result = append(result, newSealedSecret.content)
-	}
-
-	err = yaml.WriteYamlAllFile(targetFile, result)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *Sealer) sealSecret(o *uo.UnstructuredObject, existing *sealedSecret) (*sealedSecret, error) {
-	secretName := o.ToUnstructured().GetName()
-	secretNamespace := o.ToUnstructured().GetNamespace()
-	if secretNamespace == "" {
-		secretNamespace = "default"
-	}
-	secretType, ok, err := o.GetNestedString("type")
-	if err != nil {
-		return nil, err
-	}
-	if !ok {
-		secretType = "Opaque"
-	}
-
-	var scope *string
-	x, _, _ := o.GetNestedString("metadata", "annotations", "sealedsecrets.bitnami.com/namespace-wide")
-	if b, _ := strconv.ParseBool(x); b {
-		tmp := "namespace-wide"
-		scope = &tmp
-	}
-	x, _, _ = o.GetNestedString("metadata", "annotations", "sealedsecrets.bitnami.com/cluster-wide")
-	if b, _ := strconv.ParseBool(x); b {
-		tmp := "cluster-wide"
-		scope = &tmp
-	}
-	if scope == nil {
-		x, _, _ = o.GetNestedString("metadata", "annotations", "sealedsecrets.bitnami.com/scope")
-		if x == "" {
-			x = "strict"
-		}
-		scope = &x
-	}
-
-	secrets := make(map[string][]byte)
-
-	data, ok, err := o.GetNestedObject("data")
-	if err != nil {
-		return nil, err
-	}
-	if ok {
-		for k, v := range data.Object {
-			s, ok := v.(string)
-			if !ok {
-				return nil, fmt.Errorf("%s is not a string", k)
-			}
-			secrets[k], err = base64.StdEncoding.DecodeString(s)
-			if err != nil {
-				return nil, fmt.Errorf("failed to decode base64 string for secret %s and key %s", secretName, k)
-			}
-		}
-	}
-
-	stringData, ok, err := o.GetNestedObject("stringData")
-	if err != nil {
-		return nil, err
-	}
-	if ok {
-		for k, v := range stringData.Object {
-			s, ok := v.(string)
-			if !ok {
-				return nil, fmt.Errorf("%s is not a string", k)
-			}
-			secrets[k] = []byte(s)
-		}
-	}
-
-	resultSecretHashes := make(map[string]string)
-
-	var result sealedSecret
-	result.content = uo.New()
-	result.content.SetK8sGVK(schema.GroupVersionKind{Group: "bitnami.com", Version: "v1alpha1", Kind: "SealedSecret"})
-	result.content.SetK8sName(secretName)
-	result.content.SetK8sNamespace(secretNamespace)
-	result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/scope", *scope)
-	if *scope == "namespace-wide" {
-		result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/namespace-wide", "true")
-	}
-	if *scope == "cluster-wide" {
-		result.content.SetK8sAnnotation("sealedsecrets.bitnami.com/cluster-wide", "true")
-	}
-	_ = result.content.SetNestedField(secretType, "spec", "template", "type")
-	metadata, ok, _ := o.GetNestedObject("metadata")
-	if ok {
-		result.content.SetNestedField(metadata.Object, "spec", "template", "metadata")
-	}
-
-	resealAll := false
-	if s.forceReseal {
-		resealAll = true
-		status.Infof(s.ctx, "Forcing reseal of secrets in %s", secretName)
-	} else if existing == nil || existing.certHash != s.certHash {
-		resealAll = true
-		status.Infof(s.ctx, "Cert for secret %s has changed, forcing reseal", secretName)
-	}
-
-	for k, v := range secrets {
-		hash := HashSecret(k, v, secretName, secretNamespace, *scope)
-
-		var existingHash string
-		if existing != nil {
-			existingHash, _, _ = existing.hashes.GetNestedString(k)
-		}
-
-		doEncrypt := existing == nil || resealAll
-		if !doEncrypt && hash != existingHash {
-			status.Infof(s.ctx, "Secret %s and key %s has changed, resealing", secretName, k)
-			doEncrypt = true
-		}
-
-		if !doEncrypt {
-			e, ok, _ := existing.content.GetNestedString("spec", "encryptedData", k)
-			if ok {
-				status.Tracef(s.ctx, "Secret %s and key %s is unchanged", secretName, k)
-				result.content.SetNestedField(e, "spec", "encryptedData", k)
-				resultSecretHashes[k] = hash
-				continue
-			} else {
-				status.Infof(s.ctx, "Old encrypted secret %s and key %s not found", secretName, k)
-				doEncrypt = true
-			}
-		}
-
-		e, err := s.encryptSecret(v, secretName, secretNamespace, *scope)
-		if err != nil {
-			return nil, fmt.Errorf("failed to encrypt secret %s with key %s", secretName, k)
-		}
-		result.content.SetNestedField(e, "spec", "encryptedData", k)
-		resultSecretHashes[k] = hash
-	}
-
-	resultSecretHashesStr, err := yaml.WriteYamlString(resultSecretHashes)
-	if err != nil {
-		return nil, err
-	}
-	result.content.SetK8sAnnotation(hashAnnotation, resultSecretHashesStr)
-	result.content.SetK8sAnnotation(certHashAnnotation, s.certHash)
-
-	return &result, nil
-}
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index e1ad819de..a211fe9af 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -98,10 +98,6 @@ func ValidateWaitReadinessObjectItemConfig(sl validator.StructLevel) {
 	}
 }
 
-type SealedSecretsConfig struct {
-	OutputPattern *string `json:"outputPattern,omitempty"`
-}
-
 type SingleStringOrList []string
 
 func (s *SingleStringOrList) UnmarshalJSON(b []byte) error {
@@ -162,8 +158,7 @@ func ValidateConflictResolutionConfig(sl validator.StructLevel) {
 }
 
 type DeploymentProjectConfig struct {
-	Vars          []VarsSource         `json:"vars,omitempty"`
-	SealedSecrets *SealedSecretsConfig `json:"sealedSecrets,omitempty"`
+	Vars []VarsSource `json:"vars,omitempty"`
 
 	When string `json:"when,omitempty"`
 
diff --git a/pkg/types/kluctl_project.go b/pkg/types/kluctl_project.go
index be1dce8d7..0f1be1132 100644
--- a/pkg/types/kluctl_project.go
+++ b/pkg/types/kluctl_project.go
@@ -5,12 +5,6 @@ import (
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
-type SealingConfig struct {
-	Args       *uo.UnstructuredObject `json:"args,omitempty"`
-	SecretSets []string               `json:"secretSets,omitempty"`
-	CertFile   *string                `json:"certFile,omitempty"`
-}
-
 type ServiceAccountRef struct {
 	Name      string `json:"name"`
 	Namespace string `json:"namespace"`
@@ -25,7 +19,6 @@ type Target struct {
 	Name          string                 `json:"name"`
 	Context       *string                `json:"context,omitempty"`
 	Args          *uo.UnstructuredObject `json:"args,omitempty"`
-	SealingConfig *SealingConfig         `json:"sealingConfig,omitempty"`
 	Aws           *AwsConfig             `json:"aws,omitempty"`
 	Images        []FixedImage           `json:"images,omitempty"`
 	Discriminator string                 `json:"discriminator,omitempty"`
@@ -36,26 +29,9 @@ type DeploymentArg struct {
 	Default *apiextensionsv1.JSON `json:"default,omitempty"`
 }
 
-type SecretSet struct {
-	Name string       `json:"name" validate:"required"`
-	Vars []VarsSource `json:"vars,omitempty"`
-}
-
-type GlobalSealedSecretsConfig struct {
-	Bootstrap      *bool   `json:"bootstrap,omitempty"`
-	Namespace      *string `json:"namespace,omitempty"`
-	ControllerName *string `json:"controllerName,omitempty"`
-}
-
-type SecretsConfig struct {
-	SealedSecrets *GlobalSealedSecretsConfig `json:"sealedSecrets,omitempty"`
-	SecretSets    []SecretSet                `json:"secretSets,omitempty"`
-}
-
 type KluctlProject struct {
 	Targets       []Target        `json:"targets,omitempty"`
 	Args          []DeploymentArg `json:"args,omitempty"`
-	SecretsConfig *SecretsConfig  `json:"secretsConfig,omitempty"`
 	Discriminator string          `json:"discriminator,omitempty"`
 	Aws           *AwsConfig      `json:"aws,omitempty"`
 }
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 3dd115397..5d4fd1cd6 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -232,11 +232,6 @@ func (in *DeploymentProjectConfig) DeepCopyInto(out *DeploymentProjectConfig) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.SealedSecrets != nil {
-		in, out := &in.SealedSecrets, &out.SealedSecrets
-		*out = new(SealedSecretsConfig)
-		(*in).DeepCopyInto(*out)
-	}
 	if in.Deployments != nil {
 		in, out := &in.Deployments, &out.Deployments
 		*out = make([]DeploymentItemConfig, len(*in))
@@ -492,36 +487,6 @@ func (in *GitUrl) DeepCopy() *GitUrl {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GlobalSealedSecretsConfig) DeepCopyInto(out *GlobalSealedSecretsConfig) {
-	*out = *in
-	if in.Bootstrap != nil {
-		in, out := &in.Bootstrap, &out.Bootstrap
-		*out = new(bool)
-		**out = **in
-	}
-	if in.Namespace != nil {
-		in, out := &in.Namespace, &out.Namespace
-		*out = new(string)
-		**out = **in
-	}
-	if in.ControllerName != nil {
-		in, out := &in.ControllerName, &out.ControllerName
-		*out = new(string)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalSealedSecretsConfig.
-func (in *GlobalSealedSecretsConfig) DeepCopy() *GlobalSealedSecretsConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(GlobalSealedSecretsConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmChartConfig) DeepCopyInto(out *HelmChartConfig) {
 	*out = *in
@@ -657,11 +622,6 @@ func (in *KluctlProject) DeepCopyInto(out *KluctlProject) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
-	if in.SecretsConfig != nil {
-		in, out := &in.SecretsConfig, &out.SecretsConfig
-		*out = new(SecretsConfig)
-		(*in).DeepCopyInto(*out)
-	}
 	if in.Aws != nil {
 		in, out := &in.Aws, &out.Aws
 		*out = new(AwsConfig)
@@ -754,104 +714,6 @@ func (in *RepoKey) DeepCopy() *RepoKey {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SealedSecretsConfig) DeepCopyInto(out *SealedSecretsConfig) {
-	*out = *in
-	if in.OutputPattern != nil {
-		in, out := &in.OutputPattern, &out.OutputPattern
-		*out = new(string)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretsConfig.
-func (in *SealedSecretsConfig) DeepCopy() *SealedSecretsConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(SealedSecretsConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SealingConfig) DeepCopyInto(out *SealingConfig) {
-	*out = *in
-	if in.Args != nil {
-		in, out := &in.Args, &out.Args
-		*out = (*in).DeepCopy()
-	}
-	if in.SecretSets != nil {
-		in, out := &in.SecretSets, &out.SecretSets
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.CertFile != nil {
-		in, out := &in.CertFile, &out.CertFile
-		*out = new(string)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealingConfig.
-func (in *SealingConfig) DeepCopy() *SealingConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(SealingConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SecretSet) DeepCopyInto(out *SecretSet) {
-	*out = *in
-	if in.Vars != nil {
-		in, out := &in.Vars, &out.Vars
-		*out = make([]VarsSource, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSet.
-func (in *SecretSet) DeepCopy() *SecretSet {
-	if in == nil {
-		return nil
-	}
-	out := new(SecretSet)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SecretsConfig) DeepCopyInto(out *SecretsConfig) {
-	*out = *in
-	if in.SealedSecrets != nil {
-		in, out := &in.SealedSecrets, &out.SealedSecrets
-		*out = new(GlobalSealedSecretsConfig)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.SecretSets != nil {
-		in, out := &in.SecretSets, &out.SecretSets
-		*out = make([]SecretSet, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsConfig.
-func (in *SecretsConfig) DeepCopy() *SecretsConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(SecretsConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) {
 	*out = *in
@@ -898,11 +760,6 @@ func (in *Target) DeepCopyInto(out *Target) {
 		in, out := &in.Args, &out.Args
 		*out = (*in).DeepCopy()
 	}
-	if in.SealingConfig != nil {
-		in, out := &in.SealingConfig, &out.SealingConfig
-		*out = new(SealingConfig)
-		(*in).DeepCopyInto(*out)
-	}
 	if in.Aws != nil {
 		in, out := &in.Aws, &out.Aws
 		*out = new(AwsConfig)
diff --git a/pkg/webui/shortnames.go b/pkg/webui/shortnames.go
index aee03d1b2..e21189d20 100644
--- a/pkg/webui/shortnames.go
+++ b/pkg/webui/shortnames.go
@@ -47,7 +47,6 @@ elasticsearchautoscalers                  esa                 autoscaling.k8s.el
 cronjobs                                  cj                  batch/v1                                    true         CronJob
 jobs                                                          batch/v1                                    true         Job
 beats                                     beat                beat.k8s.elastic.co/v1beta1                 true         Beat
-sealedsecrets                                                 bitnami.com/v1alpha1                        true         SealedSecret
 certificaterequests                       cr,crs              cert-manager.io/v1                          true         CertificateRequest
 certificates                              cert,certs          cert-manager.io/v1                          true         Certificate
 clusterissuers                                                cert-manager.io/v1                          false        ClusterIssuer
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index ff1a0582a..65bfdd9e2 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -302,14 +302,6 @@ export class DeploymentItemConfig {
 	    return a;
 	}
 }
-export class SealedSecretsConfig {
-    outputPattern?: string;
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-        this.outputPattern = source["outputPattern"];
-    }
-}
 export class VarSourceAzureKeyVault {
     vaultUri: string;
     secretName: string;
@@ -528,7 +520,6 @@ export class VarsSource {
 }
 export class DeploymentProjectConfig {
     vars?: VarsSource[];
-    sealedSecrets?: SealedSecretsConfig;
     when?: string;
     deployments?: DeploymentItemConfig[];
     commonLabels?: {[key: string]: string};
@@ -541,7 +532,6 @@ export class DeploymentProjectConfig {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.vars = this.convertValues(source["vars"], VarsSource);
-        this.sealedSecrets = this.convertValues(source["sealedSecrets"], SealedSecretsConfig);
         this.when = source["when"];
         this.deployments = this.convertValues(source["deployments"], DeploymentItemConfig);
         this.commonLabels = source["commonLabels"];
@@ -766,23 +756,10 @@ export class AwsConfig {
 	    return a;
 	}
 }
-export class SealingConfig {
-    args?: any;
-    secretSets?: string[];
-    certFile?: string;
-
-    constructor(source: any = {}) {
-        if ('string' === typeof source) source = JSON.parse(source);
-        this.args = source["args"];
-        this.secretSets = source["secretSets"];
-        this.certFile = source["certFile"];
-    }
-}
 export class Target {
     name: string;
     context?: string;
     args?: any;
-    sealingConfig?: SealingConfig;
     aws?: AwsConfig;
     images?: FixedImage[];
     discriminator?: string;
@@ -792,7 +769,6 @@ export class Target {
         this.name = source["name"];
         this.context = source["context"];
         this.args = source["args"];
-        this.sealingConfig = this.convertValues(source["sealingConfig"], SealingConfig);
         this.aws = this.convertValues(source["aws"], AwsConfig);
         this.images = this.convertValues(source["images"], FixedImage);
         this.discriminator = source["discriminator"];

From 9323561d2e5670f098d9479ae3f77f737accbab5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:08:21 +0200
Subject: [PATCH 2098/2268] chore: Upgrade controller-runtime to v0.18.4

---
 go.mod | 18 ++++++++++--------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/go.mod b/go.mod
index 93c74ba56..809236fc3 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.22
+go 1.22.0
+
+toolchain go1.22.4
 
 require (
 	cloud.google.com/go/secretmanager v1.12.0
@@ -78,14 +80,14 @@ require (
 	google.golang.org/protobuf v1.33.0
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.14.3
-	k8s.io/api v0.29.3
-	k8s.io/apiextensions-apiserver v0.29.3
-	k8s.io/apimachinery v0.29.3
-	k8s.io/client-go v0.29.3
+	k8s.io/api v0.30.1
+	k8s.io/apiextensions-apiserver v0.30.1
+	k8s.io/apimachinery v0.30.1
+	k8s.io/client-go v0.30.1
 	k8s.io/klog/v2 v2.120.1
 	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.35.0
-	sigs.k8s.io/controller-runtime v0.17.3
+	sigs.k8s.io/controller-runtime v0.18.4
 	sigs.k8s.io/kustomize/api v0.17.1
 	sigs.k8s.io/kustomize/kyaml v0.17.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
@@ -294,9 +296,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.29.3 // indirect
+	k8s.io/apiserver v0.30.1 // indirect
 	k8s.io/cli-runtime v0.29.3 // indirect
-	k8s.io/component-base v0.29.3 // indirect
+	k8s.io/component-base v0.30.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 // indirect
 	k8s.io/kubectl v0.29.3 // indirect
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
diff --git a/go.sum b/go.sum
index 538af34a5..00b7ec47e 100644
--- a/go.sum
+++ b/go.sum
@@ -883,20 +883,20 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
 helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
-k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
-k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI=
-k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc=
-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
-k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE=
-k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs=
+k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY=
+k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
+k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws=
+k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4=
+k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8=
+k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo=
 k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k=
 k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM=
-k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
-k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
-k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo=
-k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio=
+k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
+k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
+k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ=
+k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 h1:w6nThEmGo9zcL+xH1Tu6pjxJ3K1jXFW+V0u4peqN8ks=
@@ -913,8 +913,8 @@ oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
 sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
-sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk=
-sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY=
+sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
+sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=

From 88ca909f86024c5e32be7eec2356d8413626d620 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:09:49 +0200
Subject: [PATCH 2099/2268] chore: Upgrade kustomize dependencies

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 809236fc3..f92f6a538 100644
--- a/go.mod
+++ b/go.mod
@@ -88,8 +88,8 @@ require (
 	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.35.0
 	sigs.k8s.io/controller-runtime v0.18.4
-	sigs.k8s.io/kustomize/api v0.17.1
-	sigs.k8s.io/kustomize/kyaml v0.17.0
+	sigs.k8s.io/kustomize/api v0.17.2
+	sigs.k8s.io/kustomize/kyaml v0.17.1
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 00b7ec47e..d0694be32 100644
--- a/go.sum
+++ b/go.sum
@@ -917,10 +917,10 @@ sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHv
 sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=
-sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA=
-sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c=
-sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE=
+sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
+sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
+sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
+sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

From ded6eb234d31a4683b23cbbb7af9528f5abb5e46 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:11:48 +0200
Subject: [PATCH 2100/2268] chore: Upgrade kubernetes client libs

---
 go.mod | 18 +++++++++---------
 go.sum | 36 ++++++++++++++++++------------------
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/go.mod b/go.mod
index f92f6a538..78f4cc3ce 100644
--- a/go.mod
+++ b/go.mod
@@ -80,13 +80,13 @@ require (
 	google.golang.org/protobuf v1.33.0
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.14.3
-	k8s.io/api v0.30.1
-	k8s.io/apiextensions-apiserver v0.30.1
-	k8s.io/apimachinery v0.30.1
-	k8s.io/client-go v0.30.1
+	k8s.io/api v0.30.2
+	k8s.io/apiextensions-apiserver v0.30.2
+	k8s.io/apimachinery v0.30.2
+	k8s.io/client-go v0.30.2
 	k8s.io/klog/v2 v2.120.1
 	nhooyr.io/websocket v1.8.11
-	sigs.k8s.io/cli-utils v0.35.0
+	sigs.k8s.io/cli-utils v0.36.0
 	sigs.k8s.io/controller-runtime v0.18.4
 	sigs.k8s.io/kustomize/api v0.17.2
 	sigs.k8s.io/kustomize/kyaml v0.17.1
@@ -296,11 +296,11 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.30.1 // indirect
-	k8s.io/cli-runtime v0.29.3 // indirect
-	k8s.io/component-base v0.30.1 // indirect
+	k8s.io/apiserver v0.30.2 // indirect
+	k8s.io/cli-runtime v0.30.2 // indirect
+	k8s.io/component-base v0.30.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 // indirect
-	k8s.io/kubectl v0.29.3 // indirect
+	k8s.io/kubectl v0.30.2 // indirect
 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index d0694be32..b65b4848e 100644
--- a/go.sum
+++ b/go.sum
@@ -883,26 +883,26 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
 helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY=
-k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
-k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws=
-k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4=
-k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
-k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8=
-k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo=
-k8s.io/cli-runtime v0.29.3 h1:r68rephmmytoywkw2MyJ+CxjpasJDQY7AGc3XY2iv1k=
-k8s.io/cli-runtime v0.29.3/go.mod h1:aqVUsk86/RhaGJwDhHXH0jcdqBrgdF3bZWk4Z9D4mkM=
-k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
-k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
-k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ=
-k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI=
+k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
+k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
+k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
+k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
+k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
+k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=
+k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8=
+k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE=
+k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A=
+k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
+k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
+k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
+k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 h1:w6nThEmGo9zcL+xH1Tu6pjxJ3K1jXFW+V0u4peqN8ks=
 k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.29.3 h1:RuwyyIU42MAISRIePaa8Q7A3U74Q9P4MoJbDFz9o3us=
-k8s.io/kubectl v0.29.3/go.mod h1:yCxfY1dbwgVdEt2zkJ6d5NNLOhhWgTyrqACIoFhpdd4=
+k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
+k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
@@ -911,8 +911,8 @@ nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYm
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
 oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-sigs.k8s.io/cli-utils v0.35.0 h1:dfSJaF1W0frW74PtjwiyoB4cwdRygbHnC7qe7HF0g/Y=
-sigs.k8s.io/cli-utils v0.35.0/go.mod h1:ITitykCJxP1vaj1Cew/FZEaVJ2YsTN9Q71m02jebkoE=
+sigs.k8s.io/cli-utils v0.36.0 h1:k7GM6LmIMydtvM6Ad91XuqKk0QEVL9bVbaiX1uvWIrA=
+sigs.k8s.io/cli-utils v0.36.0/go.mod h1:uCFC3BPXB3xHFQyKkWUlTrncVDCKzbdDfqZqRTCrk24=
 sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
 sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

From 57f9eac9635a0c06e6e6e03743464ff55ae6ad95 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:15:01 +0200
Subject: [PATCH 2101/2268] chore: Upgrade kube-openapi and utils

---
 go.mod | 8 ++++----
 go.sum | 9 +++++++++
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 78f4cc3ce..903a50d96 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/ohler55/ojg v1.22.0
-	github.com/onsi/gomega v1.32.0
+	github.com/onsi/gomega v1.33.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
@@ -183,7 +183,7 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f // indirect
+	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -299,9 +299,9 @@ require (
 	k8s.io/apiserver v0.30.2 // indirect
 	k8s.io/cli-runtime v0.30.2 // indirect
 	k8s.io/component-base v0.30.2 // indirect
-	k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 // indirect
+	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	k8s.io/kubectl v0.30.2 // indirect
-	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
+	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index b65b4848e..b4cca80ab 100644
--- a/go.sum
+++ b/go.sum
@@ -340,6 +340,8 @@ github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ=
 github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -519,8 +521,11 @@ github.com/ohler55/ojg v1.22.0 h1:McZObj3cD/Zz/ojzk5Pi5VvgQcagxmT1bVKNzhE5ihI=
 github.com/ohler55/ojg v1.22.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
 github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
 github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
 github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -901,10 +906,14 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 h1:w6nThEmGo9zcL+xH1Tu6pjxJ3K1jXFW+V0u4peqN8ks=
 k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
+k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
 k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
 k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
 k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
+k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
 nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

From 9b472ef1cb103463c442057d6cbceb708cad8838 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:25:27 +0200
Subject: [PATCH 2102/2268] chore: Upgrade all sops/sealed-secrets/cloud
 related dependencies

---
 go.mod |  71 +++++++++++++-------------
 go.sum | 158 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 116 insertions(+), 113 deletions(-)

diff --git a/go.mod b/go.mod
index 903a50d96..5cdec27ba 100644
--- a/go.mod
+++ b/go.mod
@@ -5,20 +5,20 @@ go 1.22.0
 toolchain go1.22.4
 
 require (
-	cloud.google.com/go/secretmanager v1.12.0
-	filippo.io/age v1.1.1
+	cloud.google.com/go/secretmanager v1.13.1
+	filippo.io/age v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go-v2 v1.26.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.11
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
+	github.com/aws/aws-sdk-go-v2 v1.28.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.19
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.19
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.13
 	github.com/aws/smithy-go v1.20.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.4
@@ -32,13 +32,13 @@ require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
-	github.com/go-logr/logr v1.4.1
+	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.19.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.19.1
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.12.3
+	github.com/googleapis/gax-go/v2 v2.12.4
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/vault/api v1.12.2
 	github.com/hexops/gotextdiff v1.0.3
@@ -57,7 +57,7 @@ require (
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/client_golang v1.19.1
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.12.0
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
@@ -75,9 +75,9 @@ require (
 	golang.org/x/sys v0.21.0
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0
-	google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237
+	google.golang.org/genproto v0.0.0-20240528184218-531527333157
 	google.golang.org/grpc v1.64.0
-	google.golang.org/protobuf v1.33.0
+	google.golang.org/protobuf v1.34.1
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.14.3
 	k8s.io/api v0.30.2
@@ -95,15 +95,19 @@ require (
 )
 
 require (
+	cloud.google.com/go v0.115.0 // indirect
+	cloud.google.com/go/auth v0.5.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
-	cloud.google.com/go/iam v1.1.7 // indirect
-	cloud.google.com/go/kms v1.15.8 // indirect
+	cloud.google.com/go/iam v1.1.8 // indirect
+	cloud.google.com/go/kms v1.17.1 // indirect
+	cloud.google.com/go/longrunning v0.5.7 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
@@ -116,15 +120,15 @@ require (
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -134,7 +138,7 @@ require (
 	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
 	github.com/bytedance/sonic v1.11.3 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
@@ -183,7 +187,6 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -235,7 +238,7 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/onsi/ginkgo/v2 v2.17.1 // indirect
+	github.com/onsi/ginkgo/v2 v2.17.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
@@ -244,8 +247,8 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.52.2 // indirect
-	github.com/prometheus/procfs v0.13.0 // indirect
+	github.com/prometheus/common v0.53.0 // indirect
+	github.com/prometheus/procfs v0.15.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.6.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -282,14 +285,14 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/arch v0.7.0 // indirect
 	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.170.0 // indirect
+	google.golang.org/api v0.183.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index b4cca80ab..4114c6b68 100644
--- a/go.sum
+++ b/go.sum
@@ -1,24 +1,32 @@
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
-cloud.google.com/go v0.112.1/go.mod h1:+Vbu+Y1UU+I1rjmzeMOb/8RfkKJK2Gyxi1X6jJCZLo4=
+cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14=
+cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU=
+cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw=
+cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s=
+cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
-cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM=
-cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA=
-cloud.google.com/go/kms v1.15.8 h1:szIeDCowID8th2i8XE4uRev5PMxQFqW+JjwYxL9h6xs=
-cloud.google.com/go/kms v1.15.8/go.mod h1:WoUHcDjD9pluCg7pNds131awnH429QGvRM3N/4MyoVs=
-cloud.google.com/go/secretmanager v1.12.0 h1:e5pIo/QEgiFiHPVJPxM5jbtUr4O/u5h2zLHYtkFQr24=
-cloud.google.com/go/secretmanager v1.12.0/go.mod h1:Y1Gne3Ag+fZ2TDTiJc8ZJCMFbi7k1rYT4Rw30GXfvlk=
+cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=
+cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE=
+cloud.google.com/go/kms v1.17.1 h1:5k0wXqkxL+YcXd4viQzTqCgzzVKKxzgrK+rCZJytEQs=
+cloud.google.com/go/kms v1.17.1/go.mod h1:DCMnCF/apA6fZk5Cj4XsD979OyHAqFasPuA5Sd0kGlQ=
+cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=
+cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng=
+cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4=
+cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
-filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
+filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
@@ -27,8 +35,8 @@ github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGlu
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 h1:9fXQS/0TtQmKXp8SureKouF+idbQvp7cPUxykiohnBs=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1/go.mod h1:f+OaoSg0VQYPMqB0Jp2D54j1VHzITYcJaCNwV+k00ts=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
@@ -72,36 +80,36 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
-github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
-github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
+github.com/aws/aws-sdk-go-v2 v1.28.0 h1:ne6ftNhY0lUvlazMUQF15FF6NH80wKmPRFG7g2q6TCw=
+github.com/aws/aws-sdk-go-v2 v1.28.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.19 h1:+DBS8gJP6VsxYkZ6UEV0/VsRM2rYpbQCYsosW9RRmeQ=
+github.com/aws/aws-sdk-go-v2/config v1.27.19/go.mod h1:KzZcioJWzy9oV+oS5CobYXlDtU9+eW7bPG1g7gizTW4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.19 h1:R18G7nBBGLby51CFEqUBFF2IVl7LUdCtYj6iosUwh/0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.19/go.mod h1:xr9kUMnaLTB866HItT6pg58JgiBP77fSQLBwIa//zk8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 h1:vVOuhRyslJ6T/HteG71ZWCTas1q2w6f0NKsNbkXHs/A=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6/go.mod h1:jimWaqLiT0sJGLh51dKCLLtExRYPtMU7MpxuCgtbkxg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10 h1:LZIUb8sQG2cb89QaVFtMSnER10gyKkqU1k3hP3g9das=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10/go.mod h1:BRIqay//vnIOCZjoXWSLffL2uzbtxEmnSlfbvVh7Z/4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10 h1:HY7CXLA0GiQUo3WYxOP7WYkLcwvRX4cLPf5joUcrQGk=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10/go.mod h1:kfRBSxRa+I+VyON7el3wLZdrO91oxUxEwdAaWgFqN90=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 h1:Qr9W21mzWT3RhfYn9iAux7CeRIdbnTAqmiOlASqQgZI=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4/go.mod h1:if7ybzzjOmDB8pat9FE35AHTY6ZxlYSy3YviSmFZv8c=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6 h1:CnQNpQv+WGl5aECyAXrJ4w+Qccz2aC/uXg2OjxiPl30=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6/go.mod h1:1FKdZMR/Tfx40IKjdLDRlFz/UKlff8CKQuC7mhlTAMM=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
-github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU=
-github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6 h1:TIOEjw0i2yyhmhRry3Oeu9YtiiHWISZ6j/irS1W3gX4=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.6/go.mod h1:3Ba++UwWd154xtP4FRX5pUK3Gt4up5sDHCve6kVfE+g=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12 h1:kO2J7WMroF/OTHN9WTcUtMjPhJ7ZoNxx0dwv6UCXQgY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12/go.mod h1:mrNxrjYvXaSjZe5fkKaWgDnOQ6BExLn/7Ru9OpRsMPY=
+github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 h1:x0xMBhU7bgnMhwVMLk2EXdGsuyN1tyN0Wr58D8sKtgY=
+github.com/aws/aws-sdk-go-v2/service/kms v1.33.1/go.mod h1:XZKD0yH6t3f2W+H+eUil6qcm/s9LGfGV9js34TaSbyI=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1 h1:2CTrhkwgDn3i2dZ4+XdBV2IsIOzlL1wfGR91rkBRKc0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1/go.mod h1:Xj68AaxI/MYvsVDZZk+O4IJ96+vLtBWr1mC4yBqzoRg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.12 h1:FsYii6U+2k8ynYBo+pywlCBY9HNAFRh+iICRHbn+Qyw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.12/go.mod h1:j9Rps+Lcs2A0tYypWsNBeJOjgsIYUf1Styppo9Es0Wo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6 h1:lEE+xEcq3lh9bk362tgErP1+n689q5ERdmTwmF1XT3M=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6/go.mod h1:2tR0x1DCL5IgnVZ1NQNFDNg5/XL/kiQgWI5l7I/N5Js=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.13 h1:TSzmuUeruVJ4XWYp3bYzKCXue70ECpJWmbP3UfEvhYY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.13/go.mod h1:FppRtFjBA9mSWTj2cIAWCP66+bbBPMuPpBfWRXC5Yi0=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -132,8 +140,8 @@ github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4r
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
@@ -260,8 +268,8 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
@@ -284,7 +292,8 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -338,8 +347,6 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
-github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f h1:pDhu5sgp8yJlEF/g6osliIIpF9K4F5jvkULXa4daRDQ=
-github.com/google/pprof v0.0.0-20230821062121-407c9e7a662f/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
@@ -352,8 +359,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
-github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
+github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
+github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -519,11 +526,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.22.0 h1:McZObj3cD/Zz/ojzk5Pi5VvgQcagxmT1bVKNzhE5ihI=
 github.com/ohler55/ojg v1.22.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
-github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
 github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
-github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk=
-github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg=
+github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -559,8 +563,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
-github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -568,13 +572,13 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck=
-github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q=
+github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
+github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
-github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
+github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek=
+github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -681,8 +685,8 @@ go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
 go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
 go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
 go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
-go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
+go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
+go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
 go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.starlark.net v0.0.0-20240314022150-ee8ed142361c h1:roAjH18hZcwI4hHStHbkXjF5b7UUyZ/0SG3hXNN1SjA=
@@ -718,8 +722,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -814,16 +818,16 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.170.0 h1:zMaruDePM88zxZBG+NG8+reALO2rfLhe/JShitLyT48=
-google.golang.org/api v0.170.0/go.mod h1:/xql9M2btF85xac/VAm4PsLMTLVGUOpq4BE9R8jyNy8=
+google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE=
+google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -832,12 +836,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237 h1:PgNlNSx2Nq2/j4juYzQBG0/Zdr+WP4z5N01Vk4VYBCY=
-google.golang.org/genproto v0.0.0-20240318140521-94a12d6c2237/go.mod h1:9sVD8c25Af3p0rGs7S7LLsxWKFiJt/65LdSyqXBkX/Y=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE=
+google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -856,8 +860,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -904,14 +908,10 @@ k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
 k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99 h1:w6nThEmGo9zcL+xH1Tu6pjxJ3K1jXFW+V0u4peqN8ks=
-k8s.io/kube-openapi v0.0.0-20240403164606-bc84c2ddaf99/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
 k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
 k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
-k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
-k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=

From 8e3ccd479ee575097277b876ae29a3f05c18c73d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:36:25 +0200
Subject: [PATCH 2103/2268] chore: Upgrade ditribution dependency

---
 go.mod | 34 +++++++++++++++++----------
 go.sum | 74 +++++++++++++++++++++++++++++++++++++++-------------------
 2 files changed, 72 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index 5cdec27ba..8992aaed0 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
+	github.com/distribution/distribution/v3 v3.0.0-alpha.1
 	github.com/docker/cli v26.1.4+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
@@ -118,7 +118,6 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.12.0 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
-	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10 // indirect
@@ -133,11 +132,9 @@ require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
-	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
-	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
-	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
 	github.com/bytedance/sonic v1.11.3 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
@@ -146,15 +143,16 @@ require (
 	github.com/containerd/containerd v1.7.14 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/docker v26.0.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.1 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
@@ -182,7 +180,6 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
@@ -199,6 +196,7 @@ require (
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
@@ -206,7 +204,8 @@ require (
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
-	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -238,7 +237,6 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/onsi/ginkgo/v2 v2.17.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
@@ -249,6 +247,9 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.53.0 // indirect
 	github.com/prometheus/procfs v0.15.0 // indirect
+	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
+	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
+	github.com/redis/go-redis/v9 v9.1.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.6.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -271,15 +272,24 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
-	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
-	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.24.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.starlark.net v0.0.0-20240314022150-ee8ed142361c // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
diff --git a/go.sum b/go.sum
index 4114c6b68..2583f1041 100644
--- a/go.sum
+++ b/go.sum
@@ -68,8 +68,6 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEV
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
 github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
-github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -116,20 +114,17 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
-github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
-github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
-github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
-github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
+github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
+github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0=
+github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
+github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
+github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
@@ -140,6 +135,7 @@ github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4r
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
@@ -171,6 +167,8 @@ github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G
 github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
 github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
 github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
@@ -183,10 +181,12 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
-github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
+github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiUFud7aeJCIQcgzugtwjyJo=
+github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
@@ -300,12 +300,15 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -324,8 +327,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
-github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
@@ -380,6 +381,8 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -400,8 +403,10 @@ github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
 github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I=
 github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
-github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
-github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
+github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
+github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=
@@ -495,8 +500,6 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f h1:2+myh5ml7lgEU/51gbeLHfKGNfgEQQIWrlbdaOsidbQ=
-github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
@@ -581,6 +584,13 @@ github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI
 github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
+github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
+github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
+github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
+github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY=
+github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -669,26 +679,42 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=
-github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
-github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
-github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
+go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
 go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
 go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w=
+go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
 go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
 go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
 go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
 go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
+go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0=
+go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q=
 go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 go.starlark.net v0.0.0-20240314022150-ee8ed142361c h1:roAjH18hZcwI4hHStHbkXjF5b7UUyZ/0SG3hXNN1SjA=
 go.starlark.net v0.0.0-20240314022150-ee8ed142361c/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=

From 5197ea8ef527b8451810c935a08bcd31afccc70b Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 12:41:44 +0200
Subject: [PATCH 2104/2268] chore: Upgrade cli related dependencies

---
 go.mod |  8 ++++----
 go.sum | 17 ++++++++---------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/go.mod b/go.mod
index 8992aaed0..793af27aa 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.2
-	github.com/go-playground/validator/v10 v10.19.0
+	github.com/go-playground/validator/v10 v10.22.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.19.1
 	github.com/google/gops v0.3.28
@@ -62,9 +62,9 @@ require (
 	github.com/rogpeppe/go-internal v1.12.0
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.18.2
+	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3
@@ -239,7 +239,7 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
diff --git a/go.sum b/go.sum
index 2583f1041..cc2bc6b60 100644
--- a/go.sum
+++ b/go.sum
@@ -170,7 +170,6 @@ github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlS
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
@@ -286,8 +285,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4=
-github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -545,8 +544,8 @@ github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo=
-github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -624,12 +623,12 @@ github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNo
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
 github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
-github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
-github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
+github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
+github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=

From f71c7fe52b0abee41d842f0343da3236167badc3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 13:59:11 +0200
Subject: [PATCH 2105/2268] chore: Upgrade docker dependencies

---
 go.mod | 4 ++--
 go.sum | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 793af27aa..76fa18855 100644
--- a/go.mod
+++ b/go.mod
@@ -148,8 +148,8 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/docker v26.0.0+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.8.1 // indirect
+	github.com/docker/docker v27.0.0+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
diff --git a/go.sum b/go.sum
index cc2bc6b60..89ac9b078 100644
--- a/go.sum
+++ b/go.sum
@@ -194,8 +194,12 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v26.0.0+incompatible h1:Ng2qi+gdKADUa/VM+6b6YaY2nlZhk/lVJiKR/2bMudU=
 github.com/docker/docker v26.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.0.0+incompatible h1:JRugTYuelmWlW0M3jakcIadDx2HUoUO6+Tf2C5jVfwA=
+github.com/docker/docker v27.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
 github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
+github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=

From 19f230b916f6bbf97c7cfd8037620e528a22d189 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 14:02:45 +0200
Subject: [PATCH 2106/2268] chore: Upgrade helm to v3.15.2

---
 go.mod | 2 +-
 go.sum | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 76fa18855..8613561b9 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.34.1
 	gotest.tools v2.2.0+incompatible
-	helm.sh/helm/v3 v3.14.3
+	helm.sh/helm/v3 v3.15.2
 	k8s.io/api v0.30.2
 	k8s.io/apiextensions-apiserver v0.30.2
 	k8s.io/apimachinery v0.30.2
diff --git a/go.sum b/go.sum
index 89ac9b078..59af645a7 100644
--- a/go.sum
+++ b/go.sum
@@ -192,12 +192,8 @@ github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwen
 github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v26.0.0+incompatible h1:Ng2qi+gdKADUa/VM+6b6YaY2nlZhk/lVJiKR/2bMudU=
-github.com/docker/docker v26.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v27.0.0+incompatible h1:JRugTYuelmWlW0M3jakcIadDx2HUoUO6+Tf2C5jVfwA=
 github.com/docker/docker v27.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
-github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -917,8 +913,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
-helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
+helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw=
+helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=

From 1702a5bab1094574f22c526848cfe4d1b5e276ab Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 14:05:15 +0200
Subject: [PATCH 2107/2268] chore: Upgrade all remaining dependencies

---
 go.mod |  97 +++++++++++++------------
 go.sum | 218 +++++++++++++++++++++++++++------------------------------
 2 files changed, 150 insertions(+), 165 deletions(-)

diff --git a/go.mod b/go.mod
index 8613561b9..224fe4d20 100644
--- a/go.mod
+++ b/go.mod
@@ -21,28 +21,28 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.13
 	github.com/aws/smithy-go v1.20.2
 	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/cyphar/filepath-securejoin v0.2.4
+	github.com/cyphar/filepath-securejoin v0.2.5
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-alpha.1
 	github.com/docker/cli v26.1.4+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
-	github.com/gin-contrib/sessions v1.0.0
-	github.com/gin-gonic/gin v1.9.1
+	github.com/gin-contrib/sessions v1.0.1
+	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.22.0
 	github.com/gobwas/glob v0.2.3
-	github.com/google/go-containerregistry v0.19.1
+	github.com/google/go-containerregistry v0.19.2
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
 	github.com/googleapis/gax-go/v2 v2.12.4
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/vault/api v1.12.2
+	github.com/hashicorp/vault/api v1.14.0
 	github.com/hexops/gotextdiff v1.0.3
-	github.com/huandu/xstrings v1.4.0
+	github.com/huandu/xstrings v1.5.0
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
@@ -75,16 +75,16 @@ require (
 	golang.org/x/sys v0.21.0
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0
-	google.golang.org/genproto v0.0.0-20240528184218-531527333157
+	google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4
 	google.golang.org/grpc v1.64.0
-	google.golang.org/protobuf v1.34.1
+	google.golang.org/protobuf v1.34.2
 	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.15.2
 	k8s.io/api v0.30.2
 	k8s.io/apiextensions-apiserver v0.30.2
 	k8s.io/apimachinery v0.30.2
 	k8s.io/client-go v0.30.2
-	k8s.io/klog/v2 v2.120.1
+	k8s.io/klog/v2 v2.130.0
 	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.36.0
 	sigs.k8s.io/controller-runtime v0.18.4
@@ -110,13 +110,13 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
-	github.com/BurntSushi/toml v1.3.2 // indirect
+	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.12.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/Microsoft/hcsshim v0.12.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 // indirect
@@ -132,42 +132,43 @@ require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
-	github.com/bytedance/sonic v1.11.3 // indirect
+	github.com/bytedance/sonic v1.11.8 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
-	github.com/chenzhuoyu/iasm v0.9.1 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/containerd/containerd v1.7.14 // indirect
+	github.com/chai2010/gettext-go v1.0.3 // indirect
+	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/containerd/containerd v1.7.18 // indirect
+	github.com/containerd/errdefs v0.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/distribution/reference v0.5.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v27.0.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.16.0 // indirect
+	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
-	github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a // indirect
+	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
@@ -175,7 +176,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -191,15 +192,15 @@ require (
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.2.2 // indirect
-	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/gorilla/sessions v1.3.0 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
@@ -210,11 +211,11 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jmoiron/sqlx v1.3.5 // indirect
+	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -245,8 +246,8 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.53.0 // indirect
-	github.com/prometheus/procfs v0.15.0 // indirect
+	github.com/prometheus/common v0.54.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/v9 v9.1.0 // indirect
@@ -254,9 +255,9 @@ require (
 	github.com/rubenv/sql-migrate v1.6.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
@@ -265,7 +266,7 @@ require (
 	github.com/tkrajina/go-reflector v0.5.6 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	github.com/urfave/cli v1.22.14 // indirect
+	github.com/urfave/cli v1.22.15 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -274,9 +275,9 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
+	go.opentelemetry.io/otel v1.27.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
@@ -285,24 +286,22 @@ require (
 	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.27.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.24.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.27.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.starlark.net v0.0.0-20240314022150-ee8ed142361c // indirect
+	go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/arch v0.7.0 // indirect
-	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.183.0 // indirect
+	google.golang.org/api v0.184.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 59af645a7..4df25a880 100644
--- a/go.sum
+++ b/go.sum
@@ -21,6 +21,8 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
 filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
@@ -44,8 +46,9 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzS
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
+github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
@@ -60,10 +63,10 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.12.0 h1:rbICA+XZFwrBef2Odk++0LjFvClNCJGRK+fsrP254Ts=
-github.com/Microsoft/hcsshim v0.12.0/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/Rr4=
+github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
@@ -126,10 +129,10 @@ github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbA
 github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
 github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
-github.com/bytedance/sonic v1.11.3 h1:jRN+yEjakWh8aK5FzrciUHG8OFXK+4/KrAX/ysEtHAA=
-github.com/bytedance/sonic v1.11.3/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/bytedance/sonic v1.11.8 h1:Zw/j1KfiS+OYTi9lyB3bb0CFxPJVkM17k1wyDG32LRA=
+github.com/bytedance/sonic v1.11.8/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
@@ -138,25 +141,22 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
-github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
-github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
-github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
-github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
-github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
-github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
-github.com/chenzhuoyu/iasm v0.9.1 h1:tUHQJXo3NhBqw6s33wkGn9SP3bvrWLdlVIJ3hQBL7P0=
-github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
+github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
+github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
+github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA=
-github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg=
+github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao=
+github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
@@ -169,13 +169,12 @@ github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoE
 github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
-github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
+github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -186,8 +185,8 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiUFud7aeJCIQcgzugtwjyJo=
 github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
-github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
-github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
 github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
@@ -208,8 +207,8 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
-github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
-github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
+github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -222,8 +221,8 @@ github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
@@ -233,18 +232,18 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
-github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:qc+7TV35Pq/FlgqECyS5ywq8cSN9j1fwZg6uyZ7G0B0=
-github.com/getsops/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
+github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
+github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
+github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
+github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
 github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
-github.com/gin-contrib/sessions v1.0.0 h1:r5GLta4Oy5xo9rAwMHx8B4wLpeRGHMdz9NafzJAdP8Y=
-github.com/gin-contrib/sessions v1.0.0/go.mod h1:DN0f4bvpqMQElDdi+gNGScrP2QEI04IErRyMFyorUOI=
+github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
+github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
-github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
 github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
@@ -259,10 +258,8 @@ github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwR
 github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
-github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
-github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
-github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
+github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -287,8 +284,8 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
 github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
-github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
@@ -297,8 +294,8 @@ github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -340,8 +337,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY=
-github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
+github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w=
+github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -369,11 +366,11 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
-github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
+github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
-github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
 github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
@@ -387,13 +384,12 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
-github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc=
@@ -408,13 +404,13 @@ github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvH
 github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=
-github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
+github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
+github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
-github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
+github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
@@ -428,8 +424,8 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
-github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -444,8 +440,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
 github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
-github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
+github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
 github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a h1:/OYi0jd/q73VptK8bkz80PFzUQ9JTWm2X6nd1sjpyLo=
@@ -468,7 +464,6 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
@@ -484,9 +479,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI=
-github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
@@ -574,13 +568,13 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE=
-github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U=
+github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8=
+github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek=
-github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
 github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
@@ -601,15 +595,15 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
-github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk=
+github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
-github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
+github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -658,8 +652,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
-github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
+github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
+github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
@@ -682,12 +676,12 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0=
+go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
+go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
@@ -704,18 +698,18 @@ go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgY
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
-go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
-go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
+go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
 go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
 go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
 go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0=
 go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q=
-go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
-go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
+go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
 go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.starlark.net v0.0.0-20240314022150-ee8ed142361c h1:roAjH18hZcwI4hHStHbkXjF5b7UUyZ/0SG3hXNN1SjA=
-go.starlark.net v0.0.0-20240314022150-ee8ed142361c/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
+go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
+go.starlark.net v0.0.0-20240520160348-046347dcd104/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -723,8 +717,8 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc=
-golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
+golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -734,12 +728,11 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
-golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -767,7 +760,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -805,8 +797,6 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -814,8 +804,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
 golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -827,8 +815,6 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
@@ -851,8 +837,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE=
-google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ=
+google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg=
+google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -861,12 +847,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE=
-google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU=
+google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -885,8 +871,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -931,8 +917,8 @@ k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
 k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
 k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
 k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM=
+k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
 k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=

From 42f6a4126b6a4800582abe2c98bad0cbb6ffccca Mon Sep 17 00:00:00 2001
From: sidpalas <1320389+sidpalas@users.noreply.github.com>
Date: Tue, 18 Jun 2024 08:54:41 -0400
Subject: [PATCH 2108/2268] docs: clarify hook annotation docs (#1103)

* chore: clarify hook annotation docs

* chore: fix typo
---
 docs/kluctl/deployments/annotations/hooks.md | 2 +-
 docs/kluctl/deployments/hooks.md             | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/kluctl/deployments/annotations/hooks.md b/docs/kluctl/deployments/annotations/hooks.md
index f9d5bc73d..a250f2676 100644
--- a/docs/kluctl/deployments/annotations/hooks.md
+++ b/docs/kluctl/deployments/annotations/hooks.md
@@ -20,7 +20,7 @@ Declares a resource to be a hook, which is deployed/executed as described in [ho
 annotation determines when the hook is deployed/executed.
 
 ### kluctl.io/hook-weight
-Specifies a weight for the hook, used to determine deployment/execution order.
+Specifies a weight for the hook, used to determine deployment/execution order. For resources with the same `kluctl.io/hook` annotation, hooks are executed in ascending order based on hook-weight.
 
 ### kluctl.io/hook-delete-policy
 Defines when to delete the hook resource.
diff --git a/docs/kluctl/deployments/hooks.md b/docs/kluctl/deployments/hooks.md
index 34567de06..39167d212 100644
--- a/docs/kluctl/deployments/hooks.md
+++ b/docs/kluctl/deployments/hooks.md
@@ -51,3 +51,7 @@ After each deployment/execution of the hooks that belong to a deployment stage (
 waits for the hook resources to become "ready". Readiness is defined [here](./readiness.md).
 
 It is possible to disable waiting for hook readiness by setting the annotation `kluctl.io/hook-wait` to "false".
+
+## Hook Annotations
+
+More control over hook behavior can be configured using additional annotations as described in [annotations/hooks](./annotations/hooks.md)
\ No newline at end of file

From eb29daac6f030d8e0c51e5034a6830465ec4d67c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 14:52:06 +0200
Subject: [PATCH 2109/2268] chore: Upgrade opentelemetry dependencies

---
 go.mod |  8 ++++----
 go.sum | 18 ++++++++----------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 224fe4d20..6650d9de0 100644
--- a/go.mod
+++ b/go.mod
@@ -197,7 +197,7 @@ require (
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
@@ -287,10 +287,10 @@ require (
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.24.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.27.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.27.0 // indirect
 	go.opentelemetry.io/otel/trace v1.27.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
diff --git a/go.sum b/go.sum
index 4df25a880..6d19da341 100644
--- a/go.sum
+++ b/go.sum
@@ -303,8 +303,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
-github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -377,8 +375,8 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -700,14 +698,14 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYf
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
 go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
 go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
-go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
-go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
-go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0=
-go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q=
+go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI=
+go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A=
+go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
+go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
 go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
 go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
-go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
-go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
 go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
 go.starlark.net v0.0.0-20240520160348-046347dcd104/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=

From 481fff61735a73589b186a947698761dd12e7de2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 14:32:10 +0200
Subject: [PATCH 2110/2268] fix: Sync sops code with flux/kustomize-controller

---
 pkg/sops/aws_config.go                       |  24 --
 pkg/sops/awskms/credentials.go               |  39 ++++
 pkg/sops/awskms/credentials_test.go          |  42 ++++
 pkg/sops/{azure_config.go => azkv/config.go} |  61 +++---
 pkg/sops/azkv/config_test.go                 | 217 +++++++++++++++++++
 pkg/sops/azkv/credentials.go                 | 103 +++++++++
 pkg/sops/decryptor/decryptor_test.go         |  13 +-
 pkg/sops/key_server_from_secret.go           |  18 +-
 pkg/sops/keyservice/keyservice.go            |  20 +-
 pkg/sops/keyservice/options.go               |  24 +-
 pkg/sops/keyservice/server.go                | 125 +++++++----
 pkg/sops/keyservice/server_test.go           |  71 +++---
 pkg/sops/keyservice/utils_test.go            |  29 ++-
 13 files changed, 603 insertions(+), 183 deletions(-)
 delete mode 100644 pkg/sops/aws_config.go
 create mode 100644 pkg/sops/awskms/credentials.go
 create mode 100644 pkg/sops/awskms/credentials_test.go
 rename pkg/sops/{azure_config.go => azkv/config.go} (77%)
 create mode 100644 pkg/sops/azkv/config_test.go
 create mode 100644 pkg/sops/azkv/credentials.go

diff --git a/pkg/sops/aws_config.go b/pkg/sops/aws_config.go
deleted file mode 100644
index 66d58ea79..000000000
--- a/pkg/sops/aws_config.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package sops
-
-import (
-	"fmt"
-	"github.com/aws/aws-sdk-go-v2/credentials"
-	"github.com/getsops/sops/v3/kms"
-	"sigs.k8s.io/yaml"
-)
-
-// LoadCredsProviderFromYaml parses the given YAML returns a CredsProvider object
-// which contains the credentials provider used for authenticating towards AWS KMS.
-func LoadCredsProviderFromYaml(b []byte) (*kms.CredentialsProvider, error) {
-	credInfo := struct {
-		AccessKeyID     string `json:"aws_access_key_id"`
-		SecretAccessKey string `json:"aws_secret_access_key"`
-		SessionToken    string `json:"aws_session_token"`
-	}{}
-	if err := yaml.Unmarshal(b, &credInfo); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal AWS credentials file: %w", err)
-	}
-	cp := kms.NewCredentialsProvider(credentials.NewStaticCredentialsProvider(credInfo.AccessKeyID, credInfo.SecretAccessKey, credInfo.SessionToken))
-
-	return cp, nil
-}
diff --git a/pkg/sops/awskms/credentials.go b/pkg/sops/awskms/credentials.go
new file mode 100644
index 000000000..d95bd5af1
--- /dev/null
+++ b/pkg/sops/awskms/credentials.go
@@ -0,0 +1,39 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package awskms
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"sigs.k8s.io/yaml"
+)
+
+// LoadStaticCredentialsFromYAML parses the given YAML and returns a
+// credentials.StaticCredentialsProvider that can be used to authenticate with
+// AWS, or an error if the YAML could not be parsed.
+func LoadStaticCredentialsFromYAML(b []byte) (credentials.StaticCredentialsProvider, error) {
+	d := struct {
+		AccessKeyID     string `json:"aws_access_key_id"`
+		SecretAccessKey string `json:"aws_secret_access_key"`
+		SessionToken    string `json:"aws_session_token"`
+	}{}
+	if err := yaml.Unmarshal(b, &d); err != nil {
+		return credentials.StaticCredentialsProvider{}, fmt.Errorf("failed to unmarshal AWS credentials file: %w", err)
+	}
+	return credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, d.SessionToken), nil
+}
diff --git a/pkg/sops/awskms/credentials_test.go b/pkg/sops/awskms/credentials_test.go
new file mode 100644
index 000000000..6f5d1cc9f
--- /dev/null
+++ b/pkg/sops/awskms/credentials_test.go
@@ -0,0 +1,42 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package awskms
+
+import (
+	"context"
+	"testing"
+
+	. "github.com/onsi/gomega"
+)
+
+func TestLoadStaticCredentialsFromYAML(t *testing.T) {
+	g := NewWithT(t)
+	credsYaml := []byte(`
+aws_access_key_id: test-id
+aws_secret_access_key: test-secret
+aws_session_token: test-token
+`)
+	credsProvider, err := LoadStaticCredentialsFromYAML(credsYaml)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	creds, err := credsProvider.Retrieve(context.TODO())
+	g.Expect(err).ToNot(HaveOccurred())
+
+	g.Expect(creds.AccessKeyID).To(Equal("test-id"))
+	g.Expect(creds.SecretAccessKey).To(Equal("test-secret"))
+	g.Expect(creds.SessionToken).To(Equal("test-token"))
+}
diff --git a/pkg/sops/azure_config.go b/pkg/sops/azkv/config.go
similarity index 77%
rename from pkg/sops/azure_config.go
rename to pkg/sops/azkv/config.go
index 0b654b7b0..2de7fd889 100644
--- a/pkg/sops/azure_config.go
+++ b/pkg/sops/azkv/config.go
@@ -1,22 +1,32 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
 
-package sops
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azkv
 
 import (
 	"bytes"
 	"encoding/binary"
 	"fmt"
-	"github.com/dimchansky/utfbom"
-	"io/ioutil"
+	"io"
 	"unicode/utf16"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/dimchansky/utfbom"
 	"sigs.k8s.io/yaml"
 )
 
@@ -55,7 +65,7 @@ type AZConfig struct {
 	Password string `json:"password,omitempty"`
 }
 
-// TokenFromAADConfig attempts to construct a Token using the AADConfig values.
+// TokenCredentialFromAADConfig attempts to construct a Token using the AADConfig values.
 // It detects credentials in the following order:
 //
 //   - azidentity.ClientSecretCredential when `tenantId`, `clientId` and
@@ -69,53 +79,40 @@ type AZConfig struct {
 //
 // If no set of credentials is found or the azcore.TokenCredential can not be
 // created, an error is returned.
-func TokenFromAADConfig(c AADConfig) (_ azcore.TokenCredential, err error) {
-	var token azcore.TokenCredential
+func TokenCredentialFromAADConfig(c AADConfig) (token azcore.TokenCredential, err error) {
 	if c.TenantID != "" && c.ClientID != "" {
 		if c.ClientSecret != "" {
-			if token, err = azidentity.NewClientSecretCredential(c.TenantID, c.ClientID, c.ClientSecret, &azidentity.ClientSecretCredentialOptions{
+			return azidentity.NewClientSecretCredential(c.TenantID, c.ClientID, c.ClientSecret, &azidentity.ClientSecretCredentialOptions{
 				ClientOptions: azcore.ClientOptions{
 					Cloud: c.GetCloudConfig(),
 				},
-			}); err != nil {
-				return
-			}
-			return token, nil
+			})
 		}
 		if c.ClientCertificate != "" {
 			certs, pk, err := azidentity.ParseCertificates([]byte(c.ClientCertificate), []byte(c.ClientCertificatePassword))
 			if err != nil {
 				return nil, err
 			}
-			if token, err = azidentity.NewClientCertificateCredential(c.TenantID, c.ClientID, certs, pk, &azidentity.ClientCertificateCredentialOptions{
+			return azidentity.NewClientCertificateCredential(c.TenantID, c.ClientID, certs, pk, &azidentity.ClientCertificateCredentialOptions{
 				SendCertificateChain: c.ClientCertificateSendChain,
 				ClientOptions: azcore.ClientOptions{
 					Cloud: c.GetCloudConfig(),
 				},
-			}); err != nil {
-				return nil, err
-			}
-			return token, nil
+			})
 		}
 	}
 
 	switch {
 	case c.Tenant != "" && c.AppID != "" && c.Password != "":
-		if token, err = azidentity.NewClientSecretCredential(c.Tenant, c.AppID, c.Password, &azidentity.ClientSecretCredentialOptions{
+		return azidentity.NewClientSecretCredential(c.Tenant, c.AppID, c.Password, &azidentity.ClientSecretCredentialOptions{
 			ClientOptions: azcore.ClientOptions{
 				Cloud: c.GetCloudConfig(),
 			},
-		}); err != nil {
-			return
-		}
-		return token, nil
+		})
 	case c.ClientID != "":
-		if token, err = azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
+		return azidentity.NewManagedIdentityCredential(&azidentity.ManagedIdentityCredentialOptions{
 			ID: azidentity.ClientID(c.ClientID),
-		}); err != nil {
-			return
-		}
-		return token, nil
+		})
 	default:
 		return nil, fmt.Errorf("invalid data: requires a '%s' field, a combination of '%s', '%s' and '%s', or '%s', '%s' and '%s'",
 			"clientId", "tenantId", "clientId", "clientSecret", "tenantId", "clientId", "clientCertificate")
@@ -152,5 +149,5 @@ func decode(b []byte) ([]byte, error) {
 		}
 		return []byte(string(utf16.Decode(u16))), nil
 	}
-	return ioutil.ReadAll(reader)
+	return io.ReadAll(reader)
 }
diff --git a/pkg/sops/azkv/config_test.go b/pkg/sops/azkv/config_test.go
new file mode 100644
index 000000000..54153ea8d
--- /dev/null
+++ b/pkg/sops/azkv/config_test.go
@@ -0,0 +1,217 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azkv
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"math/big"
+	"testing"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	. "github.com/onsi/gomega"
+)
+
+func TestLoadAADConfigFromBytes(t *testing.T) {
+	tests := []struct {
+		name    string
+		b       []byte
+		want    AADConfig
+		wantErr bool
+	}{
+		{
+			name: "Service Principal with Secret",
+			b: []byte(`tenantId: "some-tenant-id"
+clientId: "some-client-id"
+clientSecret: "some-client-secret"`),
+			want: AADConfig{
+				TenantID:     "some-tenant-id",
+				ClientID:     "some-client-id",
+				ClientSecret: "some-client-secret",
+			},
+		},
+		{
+			name: "Service Principal with Certificate",
+			b: []byte(`tenantId: "some-tenant-id"
+clientId: "some-client-id"
+clientCertificate: "some-client-certificate"`),
+			want: AADConfig{
+				TenantID:          "some-tenant-id",
+				ClientID:          "some-client-id",
+				ClientCertificate: "some-client-certificate",
+			},
+		},
+		{
+			name: "Managed Identity with Client ID",
+			b:    []byte(`clientId: "some-client-id"`),
+			want: AADConfig{
+				ClientID: "some-client-id",
+			},
+		},
+		{
+			name: "Service Principal with Secret from az CLI",
+			b:    []byte(`{"appId": "some-app-id", "tenant": "some-tenant", "password": "some-password"}`),
+			want: AADConfig{
+				AZConfig: AZConfig{
+					AppID:    "some-app-id",
+					Tenant:   "some-tenant",
+					Password: "some-password",
+				},
+			},
+		},
+		{
+			name: "Authority host",
+			b:    []byte(`{"authorityHost": "https://example.com"}`),
+			want: AADConfig{
+				AuthorityHost: "https://example.com",
+			},
+		},
+		{
+			name:    "invalid",
+			b:       []byte("some string"),
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			got := AADConfig{}
+			err := LoadAADConfigFromBytes(tt.b, &got)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(got).To(Equal(tt.want))
+				return
+			}
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(got).To(Equal(tt.want))
+		})
+	}
+}
+
+func TestTokenFromAADConfig(t *testing.T) {
+	tlsMock := validTLS(t)
+
+	tests := []struct {
+		name    string
+		config  AADConfig
+		want    azcore.TokenCredential
+		wantErr bool
+	}{
+		{
+			name: "Service Principal with Secret",
+			config: AADConfig{
+				TenantID:     "some-tenant-id",
+				ClientID:     "some-client-id",
+				ClientSecret: "some-client-secret",
+			},
+			want: &azidentity.ClientSecretCredential{},
+		},
+		{
+			name: "Service Principal with Certificate",
+			config: AADConfig{
+				TenantID:          "some-tenant-id",
+				ClientID:          "some-client-id",
+				ClientCertificate: string(tlsMock),
+			},
+			want: &azidentity.ClientCertificateCredential{},
+		},
+		{
+			name: "Service Principal with az CLI format",
+			config: AADConfig{
+				AZConfig: AZConfig{
+					AppID:    "some-app-id",
+					Tenant:   "some-tenant",
+					Password: "some-password",
+				},
+			},
+			want: &azidentity.ClientSecretCredential{},
+		},
+		{
+			name: "Managed Identity with Client ID",
+			config: AADConfig{
+				ClientID: "some-client-id",
+			},
+			want: &azidentity.ManagedIdentityCredential{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			got, err := TokenCredentialFromAADConfig(tt.config)
+			if tt.wantErr {
+				g.Expect(err).To(HaveOccurred())
+				g.Expect(got).To(BeNil())
+				return
+			}
+
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(got).ToNot(BeNil())
+			g.Expect(got).To(BeAssignableToTypeOf(tt.want))
+		})
+	}
+}
+
+func TestAADConfig_GetCloudConfig(t *testing.T) {
+	g := NewWithT(t)
+
+	g.Expect((AADConfig{}).GetCloudConfig()).To(Equal(cloud.AzurePublic))
+	g.Expect((AADConfig{AuthorityHost: "https://example.com"}).GetCloudConfig()).To(Equal(cloud.Configuration{
+		ActiveDirectoryAuthorityHost: "https://example.com",
+		Services:                     map[cloud.ServiceName]cloud.ServiceConfiguration{},
+	}))
+}
+
+func validTLS(t *testing.T) []byte {
+	key, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		t.Fatal("Private key cannot be created.", err.Error())
+	}
+
+	out := bytes.NewBuffer(nil)
+
+	var privateKey = &pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(key),
+	}
+	if err = pem.Encode(out, privateKey); err != nil {
+		t.Fatal("Private key cannot be PEM encoded.", err.Error())
+	}
+
+	certTemplate := x509.Certificate{
+		SerialNumber: big.NewInt(1337),
+	}
+	cert, err := x509.CreateCertificate(rand.Reader, &certTemplate, &certTemplate, &key.PublicKey, key)
+	if err != nil {
+		t.Fatal("Certificate cannot be created.", err.Error())
+	}
+	var certificate = &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: cert,
+	}
+	if err = pem.Encode(out, certificate); err != nil {
+		t.Fatal("Certificate cannot be PEM encoded.", err.Error())
+	}
+
+	return out.Bytes()
+}
diff --git a/pkg/sops/azkv/credentials.go b/pkg/sops/azkv/credentials.go
new file mode 100644
index 000000000..5db2af108
--- /dev/null
+++ b/pkg/sops/azkv/credentials.go
@@ -0,0 +1,103 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package azkv
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+)
+
+// DefaultTokenCredential is a modification of azidentity.NewDefaultAzureCredential,
+// specifically adapted to not shell out to the Azure CLI.
+//
+// It attempts to return an azcore.TokenCredential based on the following order:
+//
+//   - azidentity.NewEnvironmentCredential if environment variables AZURE_CLIENT_ID,
+//     AZURE_CLIENT_ID is set with either one of the following: (AZURE_CLIENT_SECRET)
+//     or (AZURE_CLIENT_CERTIFICATE_PATH and AZURE_CLIENT_CERTIFICATE_PATH) or
+//     (AZURE_USERNAME, AZURE_PASSWORD)
+//   - azidentity.WorkloadIdentityCredential if environment variable configuration
+//     (AZURE_AUTHORITY_HOST, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE, AZURE_TENANT_ID)
+//     is set by the Azure workload identity webhook.
+//   - azidentity.ManagedIdentityCredential if only AZURE_CLIENT_ID env variable is set.
+func DefaultTokenCredential() (azcore.TokenCredential, error) {
+	var (
+		azureClientID           = "AZURE_CLIENT_ID"
+		azureFederatedTokenFile = "AZURE_FEDERATED_TOKEN_FILE"
+		azureAuthorityHost      = "AZURE_AUTHORITY_HOST"
+		azureTenantID           = "AZURE_TENANT_ID"
+	)
+
+	var errorMessages []string
+	options := &azidentity.DefaultAzureCredentialOptions{}
+
+	envCred, err := azidentity.NewEnvironmentCredential(&azidentity.EnvironmentCredentialOptions{
+		ClientOptions: options.ClientOptions, DisableInstanceDiscovery: options.DisableInstanceDiscovery},
+	)
+	if err == nil {
+		return envCred, nil
+	} else {
+		errorMessages = append(errorMessages, "EnvironmentCredential: "+err.Error())
+	}
+
+	// workload identity requires values for AZURE_AUTHORITY_HOST, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE, AZURE_TENANT_ID
+	haveWorkloadConfig := false
+	clientID, haveClientID := os.LookupEnv(azureClientID)
+	if haveClientID {
+		if file, ok := os.LookupEnv(azureFederatedTokenFile); ok {
+			if _, ok := os.LookupEnv(azureAuthorityHost); ok {
+				if tenantID, ok := os.LookupEnv(azureTenantID); ok {
+					haveWorkloadConfig = true
+					workloadCred, err := azidentity.NewWorkloadIdentityCredential(&azidentity.WorkloadIdentityCredentialOptions{
+						ClientID:                 clientID,
+						TenantID:                 tenantID,
+						TokenFilePath:            file,
+						ClientOptions:            options.ClientOptions,
+						DisableInstanceDiscovery: options.DisableInstanceDiscovery,
+					})
+					if err == nil {
+						return workloadCred, nil
+					} else {
+						errorMessages = append(errorMessages, "Workload Identity"+": "+err.Error())
+					}
+				}
+			}
+		}
+	}
+	if !haveWorkloadConfig {
+		err := errors.New("missing environment variables for workload identity. Check webhook and pod configuration")
+		errorMessages = append(errorMessages, fmt.Sprintf("Workload Identity: %s", err))
+	}
+
+	o := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions}
+	if haveClientID {
+		o.ID = azidentity.ClientID(clientID)
+	}
+	miCred, err := azidentity.NewManagedIdentityCredential(o)
+	if err == nil {
+		return miCred, nil
+	} else {
+		errorMessages = append(errorMessages, "ManagedIdentity"+": "+err.Error())
+	}
+
+	return nil, errors.New(strings.Join(errorMessages, "\n"))
+}
diff --git a/pkg/sops/decryptor/decryptor_test.go b/pkg/sops/decryptor/decryptor_test.go
index 113c7dd20..acf7de350 100644
--- a/pkg/sops/decryptor/decryptor_test.go
+++ b/pkg/sops/decryptor/decryptor_test.go
@@ -194,12 +194,12 @@ func TestDecryptor_SopsDecryptWithFormat(t *testing.T) {
 
 func TestDecryptor_DecryptResource(t *testing.T) {
 	var (
-		resourceFactory = provider.NewDefaultDepProvider().GetResourceFactory()
-		emptyResource   = resourceFactory.FromMap(map[string]interface{}{})
+		resourceFactory  = provider.NewDefaultDepProvider().GetResourceFactory()
+		emptyResource, _ = resourceFactory.FromMap(map[string]interface{}{})
 	)
 
 	newSecretResource := func(namespace, name string, data map[string]interface{}) *resource.Resource {
-		return resourceFactory.FromMap(map[string]interface{}{
+		ret, _ := resourceFactory.FromMap(map[string]interface{}{
 			"apiVersion": "v1",
 			"kind":       "Secret",
 			"metadata": map[string]interface{}{
@@ -208,6 +208,7 @@ func TestDecryptor_DecryptResource(t *testing.T) {
 			},
 			"data": data,
 		})
+		return ret
 	}
 
 	t.Run("SOPS-encrypted Secret resource", func(t *testing.T) {
@@ -330,7 +331,7 @@ func TestDecryptor_DecryptResource(t *testing.T) {
 		}, plainData, formats.Json, formats.Yaml)
 		g.Expect(err).ToNot(HaveOccurred())
 
-		secret := resourceFactory.FromMap(map[string]interface{}{
+		secret, _ := resourceFactory.FromMap(map[string]interface{}{
 			"apiVersion": "v1",
 			"kind":       "Secret",
 			"metadata": map[string]interface{}{
@@ -1118,12 +1119,12 @@ func TestDecryptor_isSOPSEncryptedResource(t *testing.T) {
 	g := NewWithT(t)
 
 	resourceFactory := provider.NewDefaultDepProvider().GetResourceFactory()
-	encrypted := resourceFactory.FromMap(map[string]interface{}{
+	encrypted, _ := resourceFactory.FromMap(map[string]interface{}{
 		"sops": map[string]string{
 			"mac": "some mac value",
 		},
 	})
-	empty := resourceFactory.FromMap(map[string]interface{}{})
+	empty, _ := resourceFactory.FromMap(map[string]interface{}{})
 
 	g.Expect(isSOPSEncryptedResource(encrypted)).To(BeTrue())
 	g.Expect(isSOPSEncryptedResource(empty)).To(BeFalse())
diff --git a/pkg/sops/key_server_from_secret.go b/pkg/sops/key_server_from_secret.go
index c176f2f1b..79adca619 100644
--- a/pkg/sops/key_server_from_secret.go
+++ b/pkg/sops/key_server_from_secret.go
@@ -4,11 +4,15 @@ import (
 	"bytes"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/getsops/sops/v3/age"
 	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/kms"
+	"github.com/kluctl/kluctl/v2/pkg/sops/awskms"
+	azkv2 "github.com/kluctl/kluctl/v2/pkg/sops/azkv"
+
 	"github.com/getsops/sops/v3/hcvault"
 	"github.com/getsops/sops/v3/keyservice"
-	"github.com/getsops/sops/v3/kms"
 	"github.com/getsops/sops/v3/pgp"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	corev1 "k8s.io/api/core/v1"
@@ -42,7 +46,7 @@ func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, op
 
 	var ageIdentities age.ParsedIdentities
 	var vaultToken hcvault.Token
-	var awsCredsProvider *kms.CredentialsProvider
+	var awsCredsProvider credentials.StaticCredentialsProvider
 	var azureToken azcore.TokenCredential
 	var gcpCredsJSON []byte
 
@@ -67,18 +71,18 @@ func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, op
 			}
 		case filepath.Ext(DecryptionAWSKmsFile):
 			if name == DecryptionAWSKmsFile {
-				if awsCredsProvider, err = LoadCredsProviderFromYaml(value); err != nil {
+				if awsCredsProvider, err = awskms.LoadStaticCredentialsFromYAML(value); err != nil {
 					return nil, fmt.Errorf("failed to import data from decryption Secret '%s': %w", name, err)
 				}
 			}
 		case filepath.Ext(DecryptionAzureAuthFile):
 			// Make sure we have the absolute name
 			if name == DecryptionAzureAuthFile {
-				conf := AADConfig{}
-				if err = LoadAADConfigFromBytes(value, &conf); err != nil {
+				conf := azkv2.AADConfig{}
+				if err = azkv2.LoadAADConfigFromBytes(value, &conf); err != nil {
 					return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
 				}
-				if azureToken, err = TokenFromAADConfig(conf); err != nil {
+				if azureToken, err = azkv2.TokenCredentialFromAADConfig(conf); err != nil {
 					return nil, fmt.Errorf("failed to import '%s' data from decryption Secret: %w", name, err)
 				}
 			}
@@ -99,7 +103,7 @@ func BuildSopsKeyServerFromSecret(secret *corev1.Secret, gnuPGHomeDir string, op
 	if azureToken != nil {
 		serverOpts = append(serverOpts, intkeyservice.WithAzureToken{Token: azkv.NewTokenCredential(azureToken)})
 	}
-	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: awsCredsProvider})
+	serverOpts = append(serverOpts, intkeyservice.WithAWSKeys{CredsProvider: kms.NewCredentialsProvider(awsCredsProvider)})
 	server := intkeyservice.NewServer(serverOpts...)
 
 	return keyservice.NewCustomLocalClient(server), nil
diff --git a/pkg/sops/keyservice/keyservice.go b/pkg/sops/keyservice/keyservice.go
index f9aab5767..408789159 100644
--- a/pkg/sops/keyservice/keyservice.go
+++ b/pkg/sops/keyservice/keyservice.go
@@ -1,8 +1,18 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 
 package keyservice
 
diff --git a/pkg/sops/keyservice/options.go b/pkg/sops/keyservice/options.go
index 545b9aea1..99ac411c7 100644
--- a/pkg/sops/keyservice/options.go
+++ b/pkg/sops/keyservice/options.go
@@ -1,8 +1,18 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 
 package keyservice
 
@@ -13,7 +23,7 @@ import (
 	"github.com/getsops/sops/v3/gcpkms"
 	"github.com/getsops/sops/v3/hcvault"
 	"github.com/getsops/sops/v3/keyservice"
-	"github.com/getsops/sops/v3/kms"
+	awskms "github.com/getsops/sops/v3/kms"
 	"github.com/getsops/sops/v3/pgp"
 )
 
@@ -49,7 +59,7 @@ func (o WithAgeIdentities) ApplyToServer(s *Server) {
 
 // WithAWSKeys configures the AWS credentials on the Server
 type WithAWSKeys struct {
-	CredsProvider *kms.CredentialsProvider
+	CredsProvider *awskms.CredentialsProvider
 }
 
 // ApplyToServer applies this configuration to the given Server.
diff --git a/pkg/sops/keyservice/server.go b/pkg/sops/keyservice/server.go
index d8463b1dc..e0ba6da08 100644
--- a/pkg/sops/keyservice/server.go
+++ b/pkg/sops/keyservice/server.go
@@ -1,22 +1,35 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 
 package keyservice
 
 import (
 	"fmt"
+
 	"github.com/getsops/sops/v3/age"
 	"github.com/getsops/sops/v3/azkv"
 	"github.com/getsops/sops/v3/gcpkms"
 	"github.com/getsops/sops/v3/hcvault"
 	"github.com/getsops/sops/v3/keyservice"
-	"github.com/getsops/sops/v3/kms"
+	awskms "github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/logging"
 	"github.com/getsops/sops/v3/pgp"
-
 	"golang.org/x/net/context"
+
+	intazkv "github.com/kluctl/kluctl/v2/pkg/sops/azkv"
 )
 
 // Server is a key service server that uses SOPS MasterKeys to fulfill
@@ -49,7 +62,7 @@ type Server struct {
 	// awsCredsProvider is the Credentials object used for Encrypt and Decrypt
 	// operations of AWS KMS requests.
 	// When nil, the request will be handled by defaultServer.
-	awsCredsProvider *kms.CredentialsProvider
+	awsCredsProvider *awskms.CredentialsProvider
 
 	// gcpCredsJSON is the JSON credentials used for Decrypt and Encrypt
 	// operations of GCP KMS requests. When nil, a default client with
@@ -70,11 +83,17 @@ func NewServer(options ...ServerOption) keyservice.KeyServiceServer {
 	for _, opt := range options {
 		opt.ApplyToServer(s)
 	}
+
 	if s.defaultServer == nil {
 		s.defaultServer = &keyservice.Server{
 			Prompt: false,
 		}
 	}
+
+	// Effectively disable any logging from the key services.
+	// 0 equals to panic level, which should never be reached.
+	logging.SetLevel(0)
+
 	return s
 }
 
@@ -118,15 +137,13 @@ func (ks Server) Encrypt(ctx context.Context, req *keyservice.EncryptRequest) (*
 			Ciphertext: cipherText,
 		}, nil
 	case *keyservice.Key_AzureKeyvaultKey:
-		if ks.azureToken != nil {
-			ciphertext, err := ks.encryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Plaintext)
-			if err != nil {
-				return nil, err
-			}
-			return &keyservice.EncryptResponse{
-				Ciphertext: ciphertext,
-			}, nil
+		ciphertext, err := ks.encryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Plaintext)
+		if err != nil {
+			return nil, err
 		}
+		return &keyservice.EncryptResponse{
+			Ciphertext: ciphertext,
+		}, nil
 	case *keyservice.Key_GcpKmsKey:
 		ciphertext, err := ks.encryptWithGCPKMS(k.GcpKmsKey, req.Plaintext)
 		if err != nil {
@@ -182,15 +199,13 @@ func (ks Server) Decrypt(ctx context.Context, req *keyservice.DecryptRequest) (*
 			Plaintext: plaintext,
 		}, nil
 	case *keyservice.Key_AzureKeyvaultKey:
-		if ks.azureToken != nil {
-			plaintext, err := ks.decryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Ciphertext)
-			if err != nil {
-				return nil, err
-			}
-			return &keyservice.DecryptResponse{
-				Plaintext: plaintext,
-			}, nil
+		plaintext, err := ks.decryptWithAzureKeyVault(k.AzureKeyvaultKey, req.Ciphertext)
+		if err != nil {
+			return nil, err
 		}
+		return &keyservice.DecryptResponse{
+			Plaintext: plaintext,
+		}, nil
 	case *keyservice.Key_GcpKmsKey:
 		plaintext, err := ks.decryptWithGCPKMS(k.GcpKmsKey, req.Ciphertext)
 		if err != nil {
@@ -208,6 +223,7 @@ func (ks Server) Decrypt(ctx context.Context, req *keyservice.DecryptRequest) (*
 
 func (ks *Server) encryptWithPgp(key *keyservice.PgpKey, plaintext []byte) ([]byte, error) {
 	pgpKey := pgp.NewMasterKeyFromFingerprint(key.Fingerprint)
+	pgp.DisableOpenPGP{}.ApplyToMasterKey(pgpKey)
 	if ks.gnuPGHome != "" {
 		ks.gnuPGHome.ApplyToMasterKey(pgpKey)
 	}
@@ -220,6 +236,7 @@ func (ks *Server) encryptWithPgp(key *keyservice.PgpKey, plaintext []byte) ([]by
 
 func (ks *Server) decryptWithPgp(key *keyservice.PgpKey, ciphertext []byte) ([]byte, error) {
 	pgpKey := pgp.NewMasterKeyFromFingerprint(key.Fingerprint)
+	pgp.DisableOpenPGP{}.ApplyToMasterKey(pgpKey)
 	if ks.gnuPGHome != "" {
 		ks.gnuPGHome.ApplyToMasterKey(pgpKey)
 	}
@@ -278,16 +295,7 @@ func (ks *Server) decryptWithHCVault(key *keyservice.VaultKey, ciphertext []byte
 }
 
 func (ks *Server) encryptWithAWSKMS(key *keyservice.KmsKey, plaintext []byte) ([]byte, error) {
-	context := make(map[string]*string)
-	for key, val := range key.Context {
-		val := val
-		context[key] = &val
-	}
-	awsKey := kms.MasterKey{
-		Arn:               key.Arn,
-		Role:              key.Role,
-		EncryptionContext: context,
-	}
+	awsKey := kmsKeyToMasterKey(key)
 	if ks.awsCredsProvider != nil {
 		ks.awsCredsProvider.ApplyToMasterKey(&awsKey)
 	}
@@ -298,18 +306,8 @@ func (ks *Server) encryptWithAWSKMS(key *keyservice.KmsKey, plaintext []byte) ([
 }
 
 func (ks *Server) decryptWithAWSKMS(key *keyservice.KmsKey, cipherText []byte) ([]byte, error) {
-	context := make(map[string]*string)
-	for key, val := range key.Context {
-		val := val
-		context[key] = &val
-	}
-	awsKey := kms.MasterKey{
-		Arn:               key.Arn,
-		Role:              key.Role,
-		EncryptionContext: context,
-	}
+	awsKey := kmsKeyToMasterKey(key)
 	awsKey.EncryptedKey = string(cipherText)
-
 	if ks.awsCredsProvider != nil {
 		ks.awsCredsProvider.ApplyToMasterKey(&awsKey)
 	}
@@ -322,7 +320,17 @@ func (ks *Server) encryptWithAzureKeyVault(key *keyservice.AzureKeyVaultKey, pla
 		Name:     key.Name,
 		Version:  key.Version,
 	}
-	ks.azureToken.ApplyToMasterKey(&azureKey)
+	if ks.azureToken == nil {
+		// Ensure we use the default token credential if none is provided
+		// _without_ shelling out to `az`.
+		defaultToken, err := intazkv.DefaultTokenCredential()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get Azure token credential to encrypt data: %w", err)
+		}
+		azkv.NewTokenCredential(defaultToken).ApplyToMasterKey(&azureKey)
+	} else {
+		ks.azureToken.ApplyToMasterKey(&azureKey)
+	}
 	if err := azureKey.Encrypt(plaintext); err != nil {
 		return nil, err
 	}
@@ -335,7 +343,17 @@ func (ks *Server) decryptWithAzureKeyVault(key *keyservice.AzureKeyVaultKey, cip
 		Name:     key.Name,
 		Version:  key.Version,
 	}
-	ks.azureToken.ApplyToMasterKey(&azureKey)
+	if ks.azureToken == nil {
+		// Ensure we use the default token credential if none is provided
+		// _without_ shelling out to `az`.
+		defaultToken, err := intazkv.DefaultTokenCredential()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get Azure token credential to decrypt data: %w", err)
+		}
+		azkv.NewTokenCredential(defaultToken).ApplyToMasterKey(&azureKey)
+	} else {
+		ks.azureToken.ApplyToMasterKey(&azureKey)
+	}
 	azureKey.EncryptedKey = string(ciphertext)
 	plaintext, err := azureKey.Decrypt()
 	return plaintext, err
@@ -361,3 +379,16 @@ func (ks *Server) decryptWithGCPKMS(key *keyservice.GcpKmsKey, ciphertext []byte
 	plaintext, err := gcpKey.Decrypt()
 	return plaintext, err
 }
+
+func kmsKeyToMasterKey(key *keyservice.KmsKey) awskms.MasterKey {
+	ctx := make(map[string]*string)
+	for k, v := range key.Context {
+		value := v
+		ctx[k] = &value
+	}
+	return awskms.MasterKey{
+		Arn:               key.Arn,
+		Role:              key.Role,
+		EncryptionContext: ctx,
+	}
+}
diff --git a/pkg/sops/keyservice/server_test.go b/pkg/sops/keyservice/server_test.go
index 3d13f8186..c0f1e3f8f 100644
--- a/pkg/sops/keyservice/server_test.go
+++ b/pkg/sops/keyservice/server_test.go
@@ -1,26 +1,36 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 
 package keyservice
 
 import (
 	"fmt"
-	"github.com/getsops/sops/v3/age"
-	"github.com/getsops/sops/v3/azkv"
-	"github.com/getsops/sops/v3/gcpkms"
-	"github.com/getsops/sops/v3/hcvault"
-	"github.com/getsops/sops/v3/kms"
-	"github.com/getsops/sops/v3/pgp"
 	"os"
 	"runtime"
 	"testing"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/getsops/sops/v3/age"
+	"github.com/getsops/sops/v3/azkv"
+	"github.com/getsops/sops/v3/gcpkms"
+	"github.com/getsops/sops/v3/hcvault"
 	"github.com/getsops/sops/v3/keyservice"
+	awskms "github.com/getsops/sops/v3/kms"
+	"github.com/getsops/sops/v3/pgp"
 	. "github.com/onsi/gomega"
 	"golang.org/x/net/context"
 )
@@ -139,6 +149,7 @@ func TestServer_EncryptDecrypt_HCVault_Fallback(t *testing.T) {
 		Ciphertext: []byte("some ciphertext"),
 	}
 	_, err = s.Decrypt(context.TODO(), decReq)
+	g.Expect(err).To(HaveOccurred())
 	g.Expect(fallback.decryptReqs).To(HaveLen(1))
 	g.Expect(fallback.decryptReqs).To(ContainElement(decReq))
 	g.Expect(fallback.encryptReqs).To(HaveLen(0))
@@ -147,10 +158,10 @@ func TestServer_EncryptDecrypt_HCVault_Fallback(t *testing.T) {
 func TestServer_EncryptDecrypt_awskms(t *testing.T) {
 	g := NewWithT(t)
 	s := NewServer(WithAWSKeys{
-		CredsProvider: kms.NewCredentialsProvider(credentials.StaticCredentialsProvider{}),
+		CredsProvider: awskms.NewCredentialsProvider(credentials.StaticCredentialsProvider{}),
 	})
 
-	key := KeyFromMasterKey(kms.NewMasterKeyFromArn("arn:aws:kms:us-west-2:107501996527:key/612d5f0p-p1l3-45e6-aca6-a5b005693a48", nil, ""))
+	key := KeyFromMasterKey(awskms.NewMasterKeyFromArn("arn:aws:kms:us-west-2:107501996527:key/612d5f0p-p1l3-45e6-aca6-a5b005693a48", nil, ""))
 	_, err := s.Encrypt(context.TODO(), &keyservice.EncryptRequest{
 		Key: &key,
 	})
@@ -186,36 +197,6 @@ func TestServer_EncryptDecrypt_azkv(t *testing.T) {
 
 }
 
-func TestServer_EncryptDecrypt_azkv_Fallback(t *testing.T) {
-	g := NewWithT(t)
-
-	fallback := NewMockKeyServer()
-	s := NewServer(WithDefaultServer{Server: fallback})
-
-	key := KeyFromMasterKey(azkv.NewMasterKey("", "", ""))
-	encReq := &keyservice.EncryptRequest{
-		Key:       &key,
-		Plaintext: []byte("some data key"),
-	}
-	_, err := s.Encrypt(context.TODO(), encReq)
-	g.Expect(err).To(HaveOccurred())
-	g.Expect(fallback.encryptReqs).To(HaveLen(1))
-	g.Expect(fallback.encryptReqs).To(ContainElement(encReq))
-	g.Expect(fallback.decryptReqs).To(HaveLen(0))
-
-	fallback = NewMockKeyServer()
-	s = NewServer(WithDefaultServer{Server: fallback})
-
-	decReq := &keyservice.DecryptRequest{
-		Key:        &key,
-		Ciphertext: []byte("some ciphertext"),
-	}
-	_, err = s.Decrypt(context.TODO(), decReq)
-	g.Expect(fallback.decryptReqs).To(HaveLen(1))
-	g.Expect(fallback.decryptReqs).To(ContainElement(decReq))
-	g.Expect(fallback.encryptReqs).To(HaveLen(0))
-}
-
 func TestServer_EncryptDecrypt_gcpkms(t *testing.T) {
 	g := NewWithT(t)
 
@@ -230,13 +211,13 @@ func TestServer_EncryptDecrypt_gcpkms(t *testing.T) {
 		Key: &key,
 	})
 	g.Expect(err).To(HaveOccurred())
-	g.Expect(err.Error()).To(ContainSubstring("failed to encrypt sops data key with GCP KMS"))
+	g.Expect(err.Error()).To(ContainSubstring("cannot create GCP KMS service"))
 
 	_, err = s.Decrypt(context.TODO(), &keyservice.DecryptRequest{
 		Key: &key,
 	})
 	g.Expect(err).To(HaveOccurred())
-	g.Expect(err.Error()).To(ContainSubstring("failed to decrypt sops data key with GCP KMS"))
+	g.Expect(err.Error()).To(ContainSubstring("cannot create GCP KMS service"))
 
 }
 
diff --git a/pkg/sops/keyservice/utils_test.go b/pkg/sops/keyservice/utils_test.go
index 8c9da3ba2..a4f963f7a 100644
--- a/pkg/sops/keyservice/utils_test.go
+++ b/pkg/sops/keyservice/utils_test.go
@@ -1,23 +1,32 @@
-// Copyright (C) 2022 The Flux authors
-//
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 
 package keyservice
 
 import (
 	"context"
 	"fmt"
-	"github.com/getsops/sops/v3/kms"
-
-	"github.com/getsops/sops/v3/keys"
-	"github.com/getsops/sops/v3/keyservice"
 
 	"github.com/getsops/sops/v3/age"
 	"github.com/getsops/sops/v3/azkv"
 	"github.com/getsops/sops/v3/gcpkms"
 	"github.com/getsops/sops/v3/hcvault"
+	"github.com/getsops/sops/v3/keys"
+	"github.com/getsops/sops/v3/keyservice"
+	awskms "github.com/getsops/sops/v3/kms"
 	"github.com/getsops/sops/v3/pgp"
 )
 
@@ -43,7 +52,7 @@ func KeyFromMasterKey(k keys.MasterKey) keyservice.Key {
 				},
 			},
 		}
-	case *kms.MasterKey:
+	case *awskms.MasterKey:
 		return keyservice.Key{
 			KeyType: &keyservice.Key_KmsKey{
 				KmsKey: &keyservice.KmsKey{

From cb8fb656af4f72f1e708cca96c27baff0f09b9fb Mon Sep 17 00:00:00 2001
From: Marcel Frehe <43266827+devMarci@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:58:27 +0200
Subject: [PATCH 2111/2268] feat: show current version of helm chart if a new
 version is available (#1070)

* feat: show current version of helm chart if a new version is available

Signed-off-by: Marcel Frehe <frehe.marcel@gmail.com>

* Update e2e/helm_test.go

Co-authored-by: Alexander Block <ablock84@gmail.com>

* Update cmd/kluctl/commands/cmd_helm_update.go

Co-authored-by: Alexander Block <ablock84@gmail.com>

* Apply suggestions from code review

---------

Signed-off-by: Marcel Frehe <frehe.marcel@gmail.com>
Co-authored-by: Marcel Frehe <frehe.marcel@gmail.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 e2e/helm_test.go                       | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 62782b96c..27b08852a 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -175,7 +175,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			continue
 		}
 
-		status.Infof(ctx, "%s: Chart %s has new version %s available", relDir, hr.Chart.GetChartName(), latestVersion)
+		status.Infof(ctx, "%s: Chart %s (old version %s) has new version %s available", relDir, hr.Chart.GetChartName(), hr.Config.HelmChartConfig2.ChartVersion, latestVersion)
 
 		if !cmd.Upgrade {
 			continue
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 2f9c20237..6abf74a1e 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -637,8 +637,8 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	}
 
 	_, stderr := p.KluctlMust(t, args...)
-	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.2.0 available")
-	assert.Contains(t, stderr, "helm2: Chart test-chart2 has new version 0.3.0 available")
+	assert.Contains(t, stderr, "helm1: Chart test-chart1 (old version 0.1.0) has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm2: Chart test-chart2 (old version 0.1.0) has new version 0.3.0 available")
 	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
 
 	if upgrade {
@@ -749,9 +749,9 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 	args := []string{"helm-update", "--upgrade"}
 
 	_, stderr := p.KluctlMust(t, args...)
-	assert.Contains(t, stderr, "helm1: Chart test-chart1 has new version 0.1.1 available")
-	assert.Contains(t, stderr, "helm2: Chart test-chart1 has new version 0.2.0 available")
-	assert.Contains(t, stderr, "helm3: Chart test-chart1 has new version 1.2.1 available")
+	assert.Contains(t, stderr, "helm1: Chart test-chart1 (old version 0.1.0) has new version 0.1.1 available")
+	assert.Contains(t, stderr, "helm2: Chart test-chart1 (old version 0.1.0) has new version 0.2.0 available")
+	assert.Contains(t, stderr, "helm3: Chart test-chart1 (old version 0.1.0) has new version 1.2.1 available")
 
 	c1 := p.GetYaml("helm1/helm-chart.yaml")
 	c2 := p.GetYaml("helm2/helm-chart.yaml")

From 4449d704d7387078d77de66b23d8194d1c3e015a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 17:31:07 +0200
Subject: [PATCH 2112/2268] feat: Support running the webui under different
 path prefixes (#1105)

---
 cmd/kluctl/commands/cmd_webui_run.go   |  7 ++++---
 docs/kluctl/commands/webui-run.md      |  3 +++
 docs/webui/installation.md             | 17 +++++++++++++++
 pkg/webui/server.go                    | 29 +++++++++++++++-----------
 pkg/webui/ui/src/components/Router.tsx |  5 +++--
 5 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index 0d78272dd..e14b719bb 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -14,8 +14,9 @@ import (
 )
 
 type webuiRunCmd struct {
-	Host string `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to 'localhost' when run locally and to all hosts when run in-cluster."`
-	Port int    `group:"misc" help:"Port to bind to." default:"8080"`
+	Host       string `group:"misc" help:"Host to bind to. Pass an empty string to bind to all addresses. Defaults to 'localhost' when run locally and to all hosts when run in-cluster."`
+	Port       int    `group:"misc" help:"Port to bind to." default:"8080"`
+	PathPrefix string `group:"misc" help:"Specify the prefix of the path to serve the webui on. This is required when using a reverse proxy, ingress or gateway that serves the webui on another path than /." default:"/"`
 
 	Kubeconfig  args.ExistingFileType `group:"misc" help:"Overrides the kubeconfig to use."`
 	Context     []string              `group:"misc" help:"List of kubernetes contexts to use."`
@@ -154,7 +155,7 @@ func (cmd *webuiRunCmd) Run(ctx context.Context) error {
 	collector := results.NewResultsCollector(ctx, stores)
 	collector.Start()
 
-	server, err := webui.NewCommandResultsServer(ctx, collector, configs, cmd.ControllerNamespace, inClusterConfig, inClusterClient, authConfig, cmd.OnlyApi)
+	server, err := webui.NewCommandResultsServer(ctx, collector, configs, cmd.ControllerNamespace, inClusterConfig, inClusterClient, authConfig, cmd.PathPrefix, cmd.OnlyApi)
 	if err != nil {
 		return err
 	}
diff --git a/docs/kluctl/commands/webui-run.md b/docs/kluctl/commands/webui-run.md
index d5ab64140..a3dc0dd15 100644
--- a/docs/kluctl/commands/webui-run.md
+++ b/docs/kluctl/commands/webui-run.md
@@ -33,6 +33,9 @@ Misc arguments:
       --in-cluster-context string     The context to use fo in-cluster functionality.
       --kubeconfig existingfile       Overrides the kubeconfig to use.
       --only-api                      Only serve API without the actual UI.
+      --path-prefix string            Specify the prefix of the path to serve the webui on. This is required when
+                                      using a reverse proxy, ingress or gateway that serves the webui on another
+                                      path than /. (default "/")
       --port int                      Port to bind to. (default 8080)
 
 ```
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 183f0793d..03498fc6f 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -51,6 +51,23 @@ For an example of an OIDC provider configurations, see [Azure AD Integration](./
 
 ## Customization
 
+### Serving under a different path
+
+By default, the webui is served under the `/`path. To change the path, pass the `--prefix-path` argument to the webui:
+
+```yaml
+deployments:
+  - git:
+      url: https://github.com/kluctl/kluctl.git
+      subDir: install/webui
+      ref:
+        tag: v2.24.1
+    vars:
+      - values:
+          webui_args:
+            - --path-prefix=/my-custom-prefix
+```
+
 ### Overriding the version
 
 The image version of the Webui can be overriden with the `kluctl_version` arg:
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 9a8286c5d..905f9a367 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -47,7 +47,8 @@ type CommandResultsServer struct {
 	auth   *authHandler
 	events *eventsHandler
 
-	onlyApi bool
+	pathPrefix string
+	onlyApi    bool
 }
 
 func NewCommandResultsServer(
@@ -58,6 +59,7 @@ func NewCommandResultsServer(
 	serverConfig *rest.Config,
 	serverClient client.Client,
 	authConfig AuthConfig,
+	pathPrefix string,
 	onlyApi bool) (*CommandResultsServer, error) {
 
 	ret := &CommandResultsServer{
@@ -67,6 +69,7 @@ func NewCommandResultsServer(
 			ctx: ctx,
 		},
 		serverClient: serverClient,
+		pathPrefix:   pathPrefix,
 		onlyApi:      onlyApi,
 	}
 
@@ -104,11 +107,20 @@ func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) erro
 		gin.SetMode(gin.ReleaseMode)
 	}
 
-	router := gin.New()
-	router.Use(gin.LoggerWithConfig(gin.LoggerConfig{
+	engine := gin.New()
+	engine.Use(gin.LoggerWithConfig(gin.LoggerConfig{
 		SkipPaths: []string{"/healthz", "/readyz"},
 	}))
-	router.Use(gin.Recovery())
+	engine.Use(gin.Recovery())
+
+	engine.GET("/healthz", func(c *gin.Context) {
+		c.Status(http.StatusOK)
+	})
+	engine.GET("/readyz", func(c *gin.Context) {
+		c.Status(http.StatusOK)
+	})
+
+	router := engine.Group(s.pathPrefix)
 
 	err = s.auth.setupRoutes(router)
 	if err != nil {
@@ -122,13 +134,6 @@ func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) erro
 		}
 	}
 
-	router.GET("/healthz", func(c *gin.Context) {
-		c.Status(http.StatusOK)
-	})
-	router.GET("/readyz", func(c *gin.Context) {
-		c.Status(http.StatusOK)
-	})
-
 	api := router.Group("/api", s.auth.authHandler)
 	api.GET("/getShortNames", s.getShortNames)
 	api.GET("/getCommandResult", s.getCommandResult)
@@ -160,7 +165,7 @@ func (s *CommandResultsServer) Run(host string, port int, openBrowser bool) erro
 		BaseContext: func(listener net.Listener) context.Context {
 			return s.ctx
 		},
-		Handler: router.Handler(),
+		Handler: engine.Handler(),
 	}
 
 	if host != "" {
diff --git a/pkg/webui/ui/src/components/Router.tsx b/pkg/webui/ui/src/components/Router.tsx
index 73e809dea..8dee7d784 100644
--- a/pkg/webui/ui/src/components/Router.tsx
+++ b/pkg/webui/ui/src/components/Router.tsx
@@ -7,6 +7,7 @@ import { TargetsView } from "./target-view/TargetsView";
 import { CommandResultSummary } from "../models";
 import { buildTargetPath, ProjectSummary, TargetSummary } from "../project-summaries";
 import { Loading } from "./Loading";
+import { rootPath } from "../api";
 
 function ErrorPage() {
     const error = useRouteError() as any;
@@ -109,14 +110,14 @@ function RedirectToTarget(props: {}) {
     useEffect(() => {
         if (timedout) {
             console.log("timed out waiting for results/projects")
-            window.location.replace("/#/targets")
+            window.location.replace(rootPath + "/#/targets")
             return
         }
         if (!redirectPath) {
             return
         }
 
-        window.location.replace("/#" + redirectPath)
+        window.location.replace(rootPath + "/#" + redirectPath)
     }, [redirectPath, timedout]);
 
     return <Loading/>

From c6619d4c80678080017b836790b14a83d0fe97b6 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 19:42:46 +0200
Subject: [PATCH 2113/2268] fix: Generate and render no-name target in
 loadTargets, same as other targets

This fixes many potential issues with defaulting and rendering of
templated config. For example, the default aws config was not copied
into the no-name target.
---
 pkg/kluctl_project/project.go                   |  2 ++
 .../target-context/target_context.go            | 17 +++--------------
 pkg/kluctl_project/targets.go                   | 17 +++++++++++++++--
 3 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index 626f89f76..ea256d7c9 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -15,6 +15,8 @@ type LoadedKluctlProject struct {
 	Config  types2.KluctlProject
 	Targets []*types2.Target
 
+	NoNameTarget *types2.Target
+
 	J2    *jinja2.Jinja2
 	GitRP *repocache.GitRepoCache
 	OciRP *repocache.OciRepoCache
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index e737a5ca4..4fa1c24e6 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -56,7 +56,6 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 	}
 
 	var target *types.Target
-	needRender := false
 	if params.TargetName != "" {
 		t, err := p.FindTarget(params.TargetName)
 		if err != nil {
@@ -67,32 +66,22 @@ func NewTargetContext(ctx context.Context, p *kluctl_project.LoadedKluctlProject
 		if len(p.Targets) != 0 {
 			status.Deprecation(ctx, "no-target", "Warning, tried to use Kluctl without explicitly specifying a target, while the Kluctl project contains target definitions. This was allowed in older version of Kluctl, but is forbidden since v2.23.0. If mixing deployments with and without targets was actually intended, please switch to creating and using a dedicated target that serves as a replacement for no-target deployments.")
 			return nil, fmt.Errorf("a target must be explicitly selected when targets are defined in the Kluctl project")
+		} else if p.NoNameTarget == nil {
+			return nil, fmt.Errorf("missing no-name target, which is unexpected")
 		}
-		target = &types.Target{
-			Discriminator: p.Config.Discriminator,
-		}
-		needRender = true
+		target = &*p.NoNameTarget
 	}
 	if params.TargetNameOverride != "" {
 		target.Name = params.TargetNameOverride
 	}
 	if params.Discriminator != "" {
 		target.Discriminator = params.Discriminator
-		needRender = true
 	}
 
 	params.Images.PrependFixedImages(target.Images)
 
 	target.Context = &contextName
 
-	if needRender {
-		// we must render the target after handling overrides
-		err = p.RenderTarget(target)
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	varsCtx, err := p.BuildVars(target)
 	if err != nil {
 		return nil, err
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 243b559c0..0c0c8eae5 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -15,6 +15,19 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 	targetNames := make(map[string]bool)
 	c.Targets = nil
 
+	if len(c.Config.Targets) == 0 {
+		target, err := c.buildTarget(&types.Target{})
+		if err != nil {
+			return err
+		}
+		err = c.renderTarget(target)
+		if err != nil {
+			return err
+		}
+		c.NoNameTarget = target
+		return nil
+	}
+
 	for i, configTarget := range c.Config.Targets {
 		if configTarget.Name == "" {
 			status.Errorf(ctx, "Target at index %d has no name", i)
@@ -27,7 +40,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 			continue
 		}
 
-		err = c.RenderTarget(target)
+		err = c.renderTarget(target)
 		if err != nil {
 			status.Warningf(ctx, "Failed to load target %s: %v", target.Name, err)
 			continue
@@ -46,7 +59,7 @@ func (c *LoadedKluctlProject) loadTargets(ctx context.Context) error {
 	return nil
 }
 
-func (c *LoadedKluctlProject) RenderTarget(target *types.Target) error {
+func (c *LoadedKluctlProject) renderTarget(target *types.Target) error {
 	// Try rendering the target multiple times, until all values can be rendered successfully. This allows the target
 	// to reference itself in complex ways. We'll also try loading the cluster vars in each iteration.
 

From 11f0207e20ce0c85d03e1bc6226e573ec5e4a069 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 18 Jun 2024 20:10:34 +0200
Subject: [PATCH 2114/2268] tests: Stop testing for templated --discriminator
 flag

---
 e2e/discriminator_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/e2e/discriminator_test.go b/e2e/discriminator_test.go
index 5a098c989..e530a8b7e 100644
--- a/e2e/discriminator_test.go
+++ b/e2e/discriminator_test.go
@@ -61,7 +61,7 @@ func TestDiscriminatorArgWithoutTarget(t *testing.T) {
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
 
-	p.KluctlMust(t, "deploy", "--yes", "--discriminator", "test-discriminator-{{ args.a }}", "-a", "a=x")
+	p.KluctlMust(t, "deploy", "--yes", "--discriminator", "test-discriminator-x")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertNestedFieldEquals(t, cm, "test-discriminator-x", "metadata", "labels", "kluctl.io/discriminator")
 
@@ -98,7 +98,7 @@ func TestDiscriminatorArgWithTarget(t *testing.T) {
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertNestedFieldEquals(t, cm, "test-discriminator", "metadata", "labels", "kluctl.io/discriminator")
 
-	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--discriminator", "test-discriminator-{{ target.name }}-{{ args.a }}", "-a", "a=x")
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--discriminator", "test-discriminator-test-x", "-a", "a=x")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "cm1")
 	assertNestedFieldEquals(t, cm, "test-discriminator-test-x", "metadata", "labels", "kluctl.io/discriminator")
 

From d41cf72fc22581a14f503efa0362daf452188d98 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 10:38:46 +0200
Subject: [PATCH 2115/2268] feat: Upgrade go-jinja2 to include load_base64

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6650d9de0..ccce525cb 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a
+	github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
diff --git a/go.sum b/go.sum
index 6d19da341..06ec5ead0 100644
--- a/go.sum
+++ b/go.sum
@@ -442,8 +442,8 @@ github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS
 github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
-github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a h1:/OYi0jd/q73VptK8bkz80PFzUQ9JTWm2X6nd1sjpyLo=
-github.com/kluctl/go-jinja2 v0.0.0-20240617153335-f1b2e420d13a/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
+github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb h1:ibPMOncAbKZqREllxULOLtC+7i4vfCK7hZvZbuER0iM=
+github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From 5794e200dde6f990be21a73424a1701abd94bbe7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 10:38:55 +0200
Subject: [PATCH 2116/2268] docs: Update docs with load_base64 function

---
 docs/kluctl/templating/functions.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/docs/kluctl/templating/functions.md b/docs/kluctl/templating/functions.md
index 82f5dc8fe..c7af65827 100644
--- a/docs/kluctl/templating/functions.md
+++ b/docs/kluctl/templating/functions.md
@@ -46,6 +46,35 @@ data:
 
 `digest_len` is an optional parameter that allows to limit the length of the returned hex digest.
 
+### load_base64(file, width)
+Loads the given file into memory and returns the base64 representation of the binary data.
+The width parameter is optional and causes `load_base64` to wrap the base64 string into a multiline string.
+
+The filename given to `load_base64` is treated the same as in `load_template`.
+
+This function is useful if you need to include binary data in your deployment. For example:
+
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-secret
+data:
+  binarySecret: "{{ load_base64("secret.bin") }}"
+```
+
+To use wrapped base64, use:
+
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-secret
+data:
+  binarySecret: |
+    "{{ load_base64("large-secret.bin") | indent(4) }}"
+```
+
 ### get_var(field_path, default)
 Convenience method to navigate through the current context variables via a
 [JSON Path](https://goessner.net/articles/JsonPath/). Let's assume you currently have these variables defined

From d56247f7d6d459ddd748ef8b482fcd487f4e75fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jun 2024 11:05:42 +0200
Subject: [PATCH 2117/2268] chore(deps): Bump github.com/googleapis/gax-go/v2
 from 2.12.4 to 2.12.5 (#1111)

Bumps [github.com/googleapis/gax-go/v2](https://github.com/googleapis/gax-go) from 2.12.4 to 2.12.5.
- [Release notes](https://github.com/googleapis/gax-go/releases)
- [Commits](https://github.com/googleapis/gax-go/compare/v2.12.4...v2.12.5)

---
updated-dependencies:
- dependency-name: github.com/googleapis/gax-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ccce525cb..42187ab10 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/google/go-containerregistry v0.19.2
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.12.4
+	github.com/googleapis/gax-go/v2 v2.12.5
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/hexops/gotextdiff v1.0.3
diff --git a/go.sum b/go.sum
index 06ec5ead0..6bf9c668e 100644
--- a/go.sum
+++ b/go.sum
@@ -354,8 +354,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
-github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
+github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
+github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=

From 5f14b0c66836835f44b0a01360615b865e6ee0f0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Jun 2024 11:05:51 +0200
Subject: [PATCH 2118/2268] chore(deps): Bump the aws-sdk group with 6 updates
 (#1109)

Bumps the aws-sdk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.28.0` | `1.29.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.19` | `1.27.20` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.19` | `1.17.20` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.28.6` | `1.29.0` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.30.1` | `1.31.0` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.28.13` | `1.29.0` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.28.0 to 1.29.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.28.0...v1.29.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.19 to 1.27.20
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.19...config/v1.27.20)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.19 to 1.17.20
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.19...credentials/v1.17.20)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.28.6 to 1.29.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iam/v1.28.6...v1.29.0)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.30.1 to 1.31.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.31.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.30.1...service/s3/v1.31.0)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.28.13 to 1.29.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/fsx/v1.28.13...v1.29.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 24 ++++++++++++------------
 go.sum | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index 42187ab10..6704d0be0 100644
--- a/go.mod
+++ b/go.mod
@@ -13,12 +13,12 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/aws/aws-sdk-go-v2 v1.28.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.19
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.19
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.13
+	github.com/aws/aws-sdk-go-v2 v1.29.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.20
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0
 	github.com/aws/smithy-go v1.20.2
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.5
@@ -119,15 +119,15 @@ require (
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
diff --git a/go.sum b/go.sum
index 6bf9c668e..542c8c856 100644
--- a/go.sum
+++ b/go.sum
@@ -81,36 +81,36 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.28.0 h1:ne6ftNhY0lUvlazMUQF15FF6NH80wKmPRFG7g2q6TCw=
-github.com/aws/aws-sdk-go-v2 v1.28.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.19 h1:+DBS8gJP6VsxYkZ6UEV0/VsRM2rYpbQCYsosW9RRmeQ=
-github.com/aws/aws-sdk-go-v2/config v1.27.19/go.mod h1:KzZcioJWzy9oV+oS5CobYXlDtU9+eW7bPG1g7gizTW4=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.19 h1:R18G7nBBGLby51CFEqUBFF2IVl7LUdCtYj6iosUwh/0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.19/go.mod h1:xr9kUMnaLTB866HItT6pg58JgiBP77fSQLBwIa//zk8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6 h1:vVOuhRyslJ6T/HteG71ZWCTas1q2w6f0NKsNbkXHs/A=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.6/go.mod h1:jimWaqLiT0sJGLh51dKCLLtExRYPtMU7MpxuCgtbkxg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10 h1:LZIUb8sQG2cb89QaVFtMSnER10gyKkqU1k3hP3g9das=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.10/go.mod h1:BRIqay//vnIOCZjoXWSLffL2uzbtxEmnSlfbvVh7Z/4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10 h1:HY7CXLA0GiQUo3WYxOP7WYkLcwvRX4cLPf5joUcrQGk=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.10/go.mod h1:kfRBSxRa+I+VyON7el3wLZdrO91oxUxEwdAaWgFqN90=
+github.com/aws/aws-sdk-go-v2 v1.29.0 h1:uMlEecEwgp2gs6CsM6ugquNHr6mg0LHylPBR8u5Ojac=
+github.com/aws/aws-sdk-go-v2 v1.29.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.20 h1:oQSn/KNUMV54X0FBEDQQ2ymNfcKyMT81ar8gyvMzzqs=
+github.com/aws/aws-sdk-go-v2/config v1.27.20/go.mod h1:IbEMotJrWc3Bh7++HXZDlviHZP7kHrkHU3PNl9e17po=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.20 h1:VYTCplAeOeBv5InTtrmF61OIwD4aHKryg3KZ6hf7dsI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.20/go.mod h1:ktubcFYvbN8++72jVM9IJoQH6Q2TP+Z7r2VbV1AaESU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 h1:54QUEXjkE1SlxHmRA3gBXA52j/ZSAgdOfAFGv1NsPCY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7/go.mod h1:bQRjJsdSMzmo/qbtGeBtPbIMp1IgQ+9R9jYJLm12uJA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 h1:ltkhl3I9ddcRR3Dsy+7bOFFq546O8OYsfNEXVIyuOSE=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11/go.mod h1:H4D8JoCFNJwnT7U5U8iwgG24n71Fx2I/ZP/18eYFr9g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80z/yZIJX+e0jnNxjMLVyfpSXM0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6 h1:CnQNpQv+WGl5aECyAXrJ4w+Qccz2aC/uXg2OjxiPl30=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.28.6/go.mod h1:1FKdZMR/Tfx40IKjdLDRlFz/UKlff8CKQuC7mhlTAMM=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0 h1:5eON4rBQMHFTX7thxv4EQpRrombmiMsv3+wCEPewk+c=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0/go.mod h1:2BLsspQpxT8gg3dM6G5CZGXhrE/EpX8PeL2lsZ0zDKc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12 h1:kO2J7WMroF/OTHN9WTcUtMjPhJ7ZoNxx0dwv6UCXQgY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.12/go.mod h1:mrNxrjYvXaSjZe5fkKaWgDnOQ6BExLn/7Ru9OpRsMPY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 h1:x0xMBhU7bgnMhwVMLk2EXdGsuyN1tyN0Wr58D8sKtgY=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1/go.mod h1:XZKD0yH6t3f2W+H+eUil6qcm/s9LGfGV9js34TaSbyI=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1 h1:2CTrhkwgDn3i2dZ4+XdBV2IsIOzlL1wfGR91rkBRKc0=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.30.1/go.mod h1:Xj68AaxI/MYvsVDZZk+O4IJ96+vLtBWr1mC4yBqzoRg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.12 h1:FsYii6U+2k8ynYBo+pywlCBY9HNAFRh+iICRHbn+Qyw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.12/go.mod h1:j9Rps+Lcs2A0tYypWsNBeJOjgsIYUf1Styppo9Es0Wo=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6 h1:lEE+xEcq3lh9bk362tgErP1+n689q5ERdmTwmF1XT3M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.6/go.mod h1:2tR0x1DCL5IgnVZ1NQNFDNg5/XL/kiQgWI5l7I/N5Js=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.13 h1:TSzmuUeruVJ4XWYp3bYzKCXue70ECpJWmbP3UfEvhYY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.13/go.mod h1:FppRtFjBA9mSWTj2cIAWCP66+bbBPMuPpBfWRXC5Yi0=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0 h1:ZyB15ar3Z+zYlFbg0p9cRwu8MjanG70q+wR8/QI/Ehw=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0/go.mod h1:hLeitfWsmqj2EFJWsXyz4GSpqG/aqrHXSd4lCH0q07U=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0/go.mod h1:B3G77bQDCmhp0RV0P/J9Kd4/qsymdWVhzTe3btAtywE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 h1:dqW4XRwPE/poWSqVntpeXLHzpPK6AOfKmL9QWDYl9aw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.0/go.mod h1:j8+hrxlmLR8ZQo6ytTAls/JFrt5bVisuS6PD8gw2VBw=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

From 5f584f08c6d0e3aeb49ea891deecc752b38c0cc4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 11:55:27 +0200
Subject: [PATCH 2119/2268] fix: Ignore warnings happening while discovering
 orphan objects

---
 pkg/deployment/utils/remote_objects_utils.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index f655a2a3b..d97d7008b 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -80,11 +80,9 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 		}
 		g.Run(func() {
 			l, apiWarnings, err := k.ListObjects(gvk, "", labels)
-			u.dew.AddApiWarnings(k8s2.ObjectRef{
-				Group:   gvk.Group,
-				Version: gvk.Version,
-				Kind:    gvk.Kind,
-			}, apiWarnings)
+			for _, w := range apiWarnings {
+				status.Tracef(u.ctx, "API warning while getting %s by discriminator: code=%d, agent=%s, text=%s", gvk.String(), w.Code, w.Agent, w.Text)
+			}
 			mutex.Lock()
 			defer mutex.Unlock()
 			if err != nil {

From f0b8f58798ebd2c1b4c8b91df9ac8e6490cdbebe Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 11:56:43 +0200
Subject: [PATCH 2120/2268] fix: Add List suffix to Kind when listing

This is required because unstructuredClient will then trim the suffix,
causing issues when a Kind already contains the suffix List (e.g.
ManagedPrefixList from crossplane)
---
 pkg/k8s/k8s_cluster.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index a5fe8daf4..b60e14e3c 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -128,12 +128,14 @@ func (k *K8sCluster) doList(l client.ObjectList, namespace string, labels map[st
 }
 func (k *K8sCluster) ListObjects(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	var l unstructured.UnstructuredList
+	gvk.Kind += "List"
 	l.SetGroupVersionKind(gvk)
 	return k.doList(&l, namespace, labels)
 }
 
 func (k *K8sCluster) ListMetadata(gvk schema.GroupVersionKind, namespace string, labels map[string]string) ([]*uo.UnstructuredObject, []ApiWarning, error) {
 	var l v1.PartialObjectMetadataList
+	gvk.Kind += "List"
 	l.SetGroupVersionKind(gvk)
 	return k.doList(&l, namespace, labels)
 }

From 4cbfa04b95a9a5df2c2fb0deb38f9f7f20eeb96f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 12:38:09 +0200
Subject: [PATCH 2121/2268] fix: Also ignore batch.kubernetes.io/controller-uid
 labels in diffs (#1114)

In addition to the already ignored but deprecated non-prefixed
controller-uid labels.
---
 pkg/diff/normalize.go      | 6 +++++-
 pkg/diff/normalize_test.go | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/diff/normalize.go b/pkg/diff/normalize.go
index c04908772..ef989d8a0 100644
--- a/pkg/diff/normalize.go
+++ b/pkg/diff/normalize.go
@@ -109,10 +109,14 @@ func normalizeMetadata(o *uo.UnstructuredObject) {
 }
 
 func normalizeMisc(o *uo.UnstructuredObject) {
-	// These are random values found in Jobs
+	// See https://kubernetes.io/docs/reference/labels-annotations-taints/#controller-uid
 	_ = o.RemoveNestedField("spec", "template", "metadata", "labels", "controller-uid")
 	_ = o.RemoveNestedField("spec", "selector", "matchLabels", "controller-uid")
 
+	// See https://kubernetes.io/docs/reference/labels-annotations-taints/#batchkubernetesio-controller-uid
+	_ = o.RemoveNestedField("spec", "template", "metadata", "labels", "batch.kubernetes.io/controller-uid")
+	_ = o.RemoveNestedField("spec", "selector", "matchLabels", "batch.kubernetes.io/controller-uid")
+
 	_ = o.RemoveNestedField("status")
 }
 
diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
index 2fc6368f1..5b6e79ec7 100644
--- a/pkg/diff/normalize_test.go
+++ b/pkg/diff/normalize_test.go
@@ -78,6 +78,8 @@ func TestNormalizeMisc(t *testing.T) {
 	testCases := []testCase{
 		{remote: buildObject(`{"spec": {"template": {"metadata": {"labels": {"controller-uid": "test", "good": "keep"}}}}, "selector": {"controller-uid": "test", "good": "keep"}}`), local: buildObject(), result: buildResultObject(`{"metadata":{"annotations":{},"labels":{}},"selector":{"controller-uid":"test","good":"keep"},"spec":{"template":{"metadata":{"labels":{"good":"keep"}}}}}`)},
 		{remote: buildObject(`{"status": {"test": "test"}}`), local: buildObject(), result: buildResultObject()},
+		{remote: buildObject(`{"spec": {"template": {"metadata": {"labels": {"batch.kubernetes.io/controller-uid": "test", "good": "keep"}}}}, "selector": {"batch.kubernetes.io/controller-uid": "test", "good": "keep"}}`), local: buildObject(), result: buildResultObject(`{"metadata":{"annotations":{},"labels":{}},"selector":{"batch.kubernetes.io/controller-uid":"test","good":"keep"},"spec":{"template":{"metadata":{"labels":{"good":"keep"}}}}}`)},
+		{remote: buildObject(`{"status": {"test": "test"}}`), local: buildObject(), result: buildResultObject()},
 	}
 	runTests(t, testCases)
 }

From 0cbe04f28483cb8a490a0fc65b3e84deec950498 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 13:47:56 +0200
Subject: [PATCH 2122/2268] build: Preparing release v2.25.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 8 ++++----
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index ddf7af101..87d0ada42 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.24.1
+        tag: v2.25.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 201f5804e..0af087e6e 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.24.1
+        tag: v2.25.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 03498fc6f..6e7df4d6d 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.24.1
+        tag: v2.25.0
 ```
 
 ## Login
@@ -61,7 +61,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.24.1
+        tag: v2.25.0
     vars:
       - values:
           webui_args:
@@ -82,7 +82,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.24.1
+            kluctl_version: v2.25.0
 ```
 
 ### Passing arguments
@@ -95,7 +95,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.24.1
+        tag: v2.25.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index a69f56fe1..84814e459 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.24.1
+         tag: v2.25.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 58ebd3fc4..620b21071 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.24.1
+    default: v2.25.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 0a4aab117..a2ef06fa5 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.24.1") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.25.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 7bc44776a..7af32d8b5 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.24.1
+    default: v2.25.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 547807d6f..1207395d8 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.24.1") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.25.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From cca00d13596af10db752d5e9014bdce0d6b43c17 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 13:55:29 +0200
Subject: [PATCH 2123/2268] chore: Fix .goreleaser.yaml version (#1115)

---
 .goreleaser.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 0a7678ee9..c319382a0 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,3 +1,5 @@
+version: 2
+
 before:
   hooks:
     - make build-webui

From ff6fca3e94dea57765242ac523d0d8156cc1a819 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 19 Jun 2024 14:31:46 +0200
Subject: [PATCH 2124/2268] fix: Also re-run generate-install in
 prepare-release.sh (#1116)

* fix: Also re-run generate-install in prepare-release.sh

* fix: Re-run generate-install
---
 hack/prepare-release.sh       | 5 +++++
 install/controller/files.json | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hack/prepare-release.sh b/hack/prepare-release.sh
index 89e2250b3..9c9fb6110 100755
--- a/hack/prepare-release.sh
+++ b/hack/prepare-release.sh
@@ -38,7 +38,12 @@ FILES="$FILES docs/webui/oidc-azure-ad.md"
 for f in $FILES; do
   cat $f | sed "s/$VERSION_REGEX_SED/$VERSION/g" > $f.tmp
   mv $f.tmp $f
+done
+
+(cd internal && go run ./generate-install)
+FILES="$FILES install/controller/files.json"
 
+for f in $FILES; do
   git add $f
 done
 
diff --git a/install/controller/files.json b/install/controller/files.json
index 813f0b41d..a0f547e92 100644
--- a/install/controller/files.json
+++ b/install/controller/files.json
@@ -1,5 +1,5 @@
 {
-  "contentHash": "7072345526051e1b24003d701ebcac1fb9361b76752c5085f41ae3d94d1d7748",
+  "contentHash": "559b740d1815dceb4ef08e5ab89f05bb37dc6ce3f3e37df81800c0ac70f3d79e",
   "files": [
     {
       "name": ".kluctl-library.yaml",

From af96ac7e1434a1fa8850b1f963d2afae3e558be2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jul 2024 14:45:18 +0200
Subject: [PATCH 2125/2268] refactor: Add support for results to go_helper

---
 pkg/utils/go_helper.go | 73 +++++++++++++++++++++++++++++++++---------
 1 file changed, 57 insertions(+), 16 deletions(-)

diff --git a/pkg/utils/go_helper.go b/pkg/utils/go_helper.go
index eb10fc9fc..1fde1370a 100644
--- a/pkg/utils/go_helper.go
+++ b/pkg/utils/go_helper.go
@@ -5,18 +5,28 @@ import (
 	"github.com/hashicorp/go-multierror"
 	"golang.org/x/sync/semaphore"
 	"sync"
+	"sync/atomic"
 )
 
-type goHelper struct {
+type goHelper[T any] struct {
 	ctx   context.Context
 	sem   *semaphore.Weighted
 	wg    sync.WaitGroup
 	mutex sync.Mutex
-	errs  *multierror.Error
+
+	next atomic.Int32
+	res  []goHelperResult[T]
+	merr *multierror.Error
+}
+
+type goHelperResult[T any] struct {
+	finished bool
+	result   T
+	err      error
 }
 
-func NewGoHelper(ctx context.Context, max int) *goHelper {
-	g := &goHelper{
+func NewGoHelperR[T any](ctx context.Context, max int) *goHelper[T] {
+	g := &goHelper[T]{
 		ctx: ctx,
 	}
 	if max > 0 {
@@ -25,46 +35,77 @@ func NewGoHelper(ctx context.Context, max int) *goHelper {
 	return g
 }
 
-func (g *goHelper) addError(err error) {
+func NewGoHelper(ctx context.Context, max int) *goHelper[any] {
+	return NewGoHelperR[any](ctx, max)
+}
+
+func (g *goHelper[T]) addResult(idx int, r T, err error) {
 	g.mutex.Lock()
 	defer g.mutex.Unlock()
-	g.errs = multierror.Append(g.errs, err)
+	for len(g.res) <= idx {
+		g.res = append(g.res, goHelperResult[T]{})
+	}
+	g.res[idx] = goHelperResult[T]{
+		finished: true,
+		result:   r,
+		err:      err,
+	}
+	if err != nil {
+		g.merr = multierror.Append(g.merr, err)
+	}
+}
+
+func (g *goHelper[T]) RunE(fn func() error) {
+	g.RunRE(func() (T, error) {
+		err := fn()
+		var x T
+		return x, err
+	})
 }
 
-func (g *goHelper) RunE(fn func() error) {
+func (g *goHelper[T]) RunRE(fn func() (T, error)) {
+	idx := int(g.next.Add(1) - 1)
+
 	g.wg.Add(1)
 	go func() {
 		defer g.wg.Done()
 		if g.sem != nil {
 			err := g.sem.Acquire(g.ctx, 1)
 			if err != nil {
-				g.addError(err)
+				var r T
+				g.addResult(idx, r, err)
 				return
 			}
 		}
 		if g.sem != nil {
 			defer g.sem.Release(1)
 		}
-		err := fn()
-		if err != nil {
-			g.addError(err)
-		}
+		r, err := fn()
+		g.addResult(idx, r, err)
 	}()
 }
 
-func (g *goHelper) Run(fn func()) {
+func (g *goHelper[T]) Run(fn func()) {
 	g.RunE(func() error {
 		fn()
 		return nil
 	})
 }
 
-func (g *goHelper) Wait() {
+func (g *goHelper[T]) Wait() {
 	g.wg.Wait()
 }
 
-func (g *goHelper) ErrorOrNil() error {
-	return g.errs.ErrorOrNil()
+func (g *goHelper[T]) ErrorOrNil() error {
+	return g.merr.ErrorOrNil()
+}
+
+func (g *goHelper[T]) Results() []T {
+	ret := make([]T, len(g.res))
+	for i, r := range g.res {
+		ret[i] = r.result
+	}
+	return ret
 }
 
 func RunParallelE(ctx context.Context, fs ...func() error) error {

From 98f9ffd66a9a406e9119b4ba140a2f30015da193 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 5 Jul 2024 11:53:00 +0200
Subject: [PATCH 2126/2268] fix: Implement better detection of late CRD
 deployments

Using UnsafeGuessKindToResource easily fails to guess the correct plural
resource name to check existence for. An example is istios Gateway
resource, which is guessed as "gatewaies"...

We will now instead hold a cache of CRDs managed on group level. We can
use it then to figure out if a CRD for a given GroupKind appeared
in-between.
---
 pkg/deployment/utils/apply_utils.go | 39 +++++++-------
 pkg/k8s/crd_cache.go                | 80 +++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+), 19 deletions(-)
 create mode 100644 pkg/k8s/crd_cache.go

diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 28163b85d..52b2086ef 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -57,6 +57,8 @@ type ApplyUtil struct {
 	allNamespaces *sync.Map
 	allCRDs       *sync.Map
 
+	crdCache *k8s.CrdCache
+
 	ru   *RemoteObjectUtils
 	k    *k8s.K8sCluster
 	o    *ApplyUtilOptions
@@ -79,6 +81,8 @@ type ApplyDeploymentsUtil struct {
 	allNamespaces sync.Map
 	allCRDs       sync.Map
 
+	crdCache k8s.CrdCache
+
 	resultsMutex sync.Mutex
 	results      []*ApplyUtil
 }
@@ -110,6 +114,7 @@ func (ad *ApplyDeploymentsUtil) NewApplyUtil(ctx context.Context, statusCtx *sta
 		abortSignal:        &ad.abortSignal,
 		allNamespaces:      &ad.allNamespaces,
 		allCRDs:            &ad.allCRDs,
+		crdCache:           &ad.crdCache,
 		ru:                 ad.ru,
 		k:                  ad.k,
 		o:                  ad.o,
@@ -425,26 +430,22 @@ func (a *ApplyUtil) ApplyObject(d *deployment.DeploymentItem, x *uo.Unstructured
 				return
 			}
 		} else {
-			// let's do a metadata lookup for the guessed CRD and check if it appeared in the meantime. If yes,
-			// invalidate discovery cache and retry. This case happens when the current deployment applied some
-			// form of controller that then applies CRDs in the background, missed by Kluctl due to the discovery cache.
-			plural, _ := meta.UnsafeGuessKindToResource(ref.GroupVersionKind())
-			crdName := plural.Resource + "." + plural.Group
-			crdRef := k8s2.NewObjectRef("apiextensions.k8s.io", "v1", "CustomResourceDefinition", crdName, "")
-
-			_, _, tmpErr := a.k.GetSingleObjectMetadata(crdRef)
-			if tmpErr == nil {
-				// CRD might be so fresh that it is not accepted/ready yet, so lets wait for readiness
-				if !a.WaitReadiness(crdRef, 5*time.Second) {
-					a.HandleError(ref, err)
-					return
-				}
-				status.Tracef(a.ctx, "resource unknown, and CRD %s is available, retrying with invalidated caches", crdName)
-				// retry with invalidated discovery
-				a.k.ResetMapper()
-				r, apiWarnings, err = a.k.ApplyObject(x, options)
+			c, tmpErr := a.k.ToClient()
+			if tmpErr != nil {
+				status.Errorf(a.ctx, "Unexpectadly failed to create k8s client: %s", tmpErr.Error())
+				a.HandleError(ref, err)
+				return
+			}
+			tmpErr = a.crdCache.UpdateForGroup(a.ctx, c, ref.Group)
+			if tmpErr != nil {
+				status.Tracef(a.ctx, "failed figure out if CRD appeared, so we can't retry with invalidated discovery: %s", tmpErr.Error())
 			} else {
-				status.Tracef(a.ctx, "resource unknown, and CRD %s not available", crdName)
+				if crd := a.crdCache.GetCRDByGK(ref.GroupKind()); crd != nil {
+					status.Tracef(a.ctx, "resource unknown, and CRD %s is available now, retrying with invalidated caches", crd.Name)
+					// retry with invalidated discovery
+					a.k.ResetMapper()
+					r, apiWarnings, err = a.k.ApplyObject(x, options)
+				}
 			}
 		}
 	}
diff --git a/pkg/k8s/crd_cache.go b/pkg/k8s/crd_cache.go
new file mode 100644
index 000000000..01e176710
--- /dev/null
+++ b/pkg/k8s/crd_cache.go
@@ -0,0 +1,80 @@
+package k8s
+
+import (
+	"context"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strings"
+	"sync"
+)
+
+type CrdCache struct {
+	mutex  sync.Mutex
+	crdMap map[string]*v1.CustomResourceDefinition
+	gkMap  map[schema.GroupKind]*v1.CustomResourceDefinition
+}
+
+func (cc *CrdCache) UpdateForGroup(ctx context.Context, c client.Client, group string) error {
+	crdGvk := schema.GroupVersionKind{Group: "apiextensions.k8s.io", Version: "v1", Kind: "CustomResourceDefinition"}
+	var l v12.PartialObjectMetadataList
+	l.SetGroupVersionKind(crdGvk)
+
+	err := c.List(ctx, &l)
+	if err != nil {
+		return err
+	}
+
+	cc.mutex.Lock()
+	defer cc.mutex.Unlock()
+
+	if cc.crdMap == nil {
+		cc.crdMap = map[string]*v1.CustomResourceDefinition{}
+		cc.gkMap = map[schema.GroupKind]*v1.CustomResourceDefinition{}
+	}
+
+	g := utils.NewGoHelperR[*v1.CustomResourceDefinition](ctx, 8)
+	for _, crdm := range l.Items {
+		s := strings.SplitN(crdm.Name, ".", 2)
+		if s[1] != group {
+			continue
+		}
+
+		oldCrdm, ok := cc.crdMap[crdm.Name]
+		if !ok || oldCrdm.ResourceVersion != crdm.ResourceVersion {
+			g.RunRE(func() (*v1.CustomResourceDefinition, error) {
+				var crd v1.CustomResourceDefinition
+				err := c.Get(ctx, client.ObjectKeyFromObject(&crdm), &crd)
+				if err != nil {
+					return nil, err
+				}
+				return &crd, nil
+			})
+		}
+	}
+
+	g.Wait()
+	if err := g.ErrorOrNil(); err != nil {
+		return err
+	}
+
+	for _, crd := range g.Results() {
+		cc.crdMap[crd.Name] = crd
+
+		gk := schema.GroupKind{Group: crd.Spec.Group, Kind: crd.Spec.Names.Kind}
+		cc.gkMap[gk] = crd
+	}
+
+	return nil
+}
+
+func (cc *CrdCache) GetCRDByGK(gk schema.GroupKind) *v1.CustomResourceDefinition {
+	cc.mutex.Lock()
+	defer cc.mutex.Unlock()
+	if cc.crdMap == nil {
+		return nil
+	}
+	return cc.gkMap[gk]
+}

From 4719eadc0a8ca830283eeadad6cc5bf3530ce160 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 10:11:38 +0200
Subject: [PATCH 2127/2268] refactor: Move git package into libs

---
 cmd/kluctl/commands/cmd_controller_run.go             | 2 +-
 cmd/kluctl/commands/cmd_gitops.go                     | 2 +-
 cmd/kluctl/commands/cmd_helm_update.go                | 2 +-
 cmd/kluctl/commands/cmd_oci_push.go                   | 2 +-
 cmd/kluctl/commands/utils.go                          | 8 ++++----
 lib/README.md                                         | 2 ++
 {pkg => lib}/git/auth/auth_provider.go                | 2 +-
 {pkg => lib}/git/auth/env_auth_provider.go            | 2 +-
 {pkg => lib}/git/auth/git_credentials_file.go         | 2 +-
 {pkg => lib}/git/auth/goph/hosts.go                   | 0
 {pkg => lib}/git/auth/hash.go                         | 0
 {pkg => lib}/git/auth/list_auth_provider.go           | 2 +-
 {pkg => lib}/git/auth/ssh_auth_provider.go            | 2 +-
 {pkg => lib}/git/auth/ssh_known_hosts.go              | 4 ++--
 {pkg => lib}/git/auth/utils.go                        | 0
 {pkg => lib}/git/git_info.go                          | 0
 {pkg => lib}/git/list_refs.go                         | 4 ++--
 {pkg => lib}/git/messages/message_callbacks.go        | 0
 {pkg => lib}/git/mirrored_repo.go                     | 6 +++---
 {pkg => lib}/git/poor_mans_clone.go                   | 0
 {pkg => lib}/git/ssh-pool/hostport.go                 | 0
 {pkg => lib}/git/ssh-pool/ssh_pool.go                 | 2 +-
 {pkg => lib}/git/utils.go                             | 0
 pkg/controllers/kluctl_project.go                     | 2 +-
 pkg/controllers/kluctldeployment_controller.go        | 2 +-
 pkg/controllers/kluctldeployment_controller_source.go | 4 ++--
 pkg/deployment/commands/result_utils.go               | 2 +-
 pkg/repocache/git_cache.go                            | 6 +++---
 pkg/repocache/oci_cache.go                            | 2 +-
 pkg/sourceoverride/proxyclient_cli.go                 | 2 +-
 pkg/vars/vars_loader_test.go                          | 4 ++--
 31 files changed, 35 insertions(+), 33 deletions(-)
 create mode 100644 lib/README.md
 rename {pkg => lib}/git/auth/auth_provider.go (97%)
 rename {pkg => lib}/git/auth/env_auth_provider.go (98%)
 rename {pkg => lib}/git/auth/git_credentials_file.go (98%)
 rename {pkg => lib}/git/auth/goph/hosts.go (100%)
 rename {pkg => lib}/git/auth/hash.go (100%)
 rename {pkg => lib}/git/auth/list_auth_provider.go (98%)
 rename {pkg => lib}/git/auth/ssh_auth_provider.go (99%)
 rename {pkg => lib}/git/auth/ssh_known_hosts.go (96%)
 rename {pkg => lib}/git/auth/utils.go (100%)
 rename {pkg => lib}/git/git_info.go (100%)
 rename {pkg => lib}/git/list_refs.go (95%)
 rename {pkg => lib}/git/messages/message_callbacks.go (100%)
 rename {pkg => lib}/git/mirrored_repo.go (98%)
 rename {pkg => lib}/git/poor_mans_clone.go (100%)
 rename {pkg => lib}/git/ssh-pool/hostport.go (100%)
 rename {pkg => lib}/git/ssh-pool/ssh_pool.go (98%)
 rename {pkg => lib}/git/utils.go (100%)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 533934060..62fe698cf 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
 	log "github.com/sirupsen/logrus"
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 6bc9c43b7..f5be1f3a3 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -7,8 +7,8 @@ import (
 	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/results"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 27b08852a..305ee2c5f 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/index"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	git2 "github.com/kluctl/kluctl/v2/pkg/git"
+	git2 "github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index daa7615ca..879707ebc 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/yaml"
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 8378c7c03..02a6212f8 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"github.com/google/uuid"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/git/auth"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
-	"github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
diff --git a/lib/README.md b/lib/README.md
new file mode 100644
index 000000000..103ecfe27
--- /dev/null
+++ b/lib/README.md
@@ -0,0 +1,2 @@
+This directory contains go modules that are used by Kluctl itself and some of the sub-projects of Kluctl (like template controller).
+These liberary were introduced to reduce the amount of dependencies the sub-projects pull-in from Kluctl.
\ No newline at end of file
diff --git a/pkg/git/auth/auth_provider.go b/lib/git/auth/auth_provider.go
similarity index 97%
rename from pkg/git/auth/auth_provider.go
rename to lib/git/auth/auth_provider.go
index 0cd0611d0..2745809bc 100644
--- a/pkg/git/auth/auth_provider.go
+++ b/lib/git/auth/auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"golang.org/x/crypto/ssh"
 )
diff --git a/pkg/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
similarity index 98%
rename from pkg/git/auth/env_auth_provider.go
rename to lib/git/auth/env_auth_provider.go
index 5d11f6a13..0bb3add9d 100644
--- a/pkg/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/git/auth/git_credentials_file.go b/lib/git/auth/git_credentials_file.go
similarity index 98%
rename from pkg/git/auth/git_credentials_file.go
rename to lib/git/auth/git_credentials_file.go
index ac3c2283d..56aa9737d 100644
--- a/pkg/git/auth/git_credentials_file.go
+++ b/lib/git/auth/git_credentials_file.go
@@ -4,7 +4,7 @@ import (
 	"bufio"
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
 	"os"
diff --git a/pkg/git/auth/goph/hosts.go b/lib/git/auth/goph/hosts.go
similarity index 100%
rename from pkg/git/auth/goph/hosts.go
rename to lib/git/auth/goph/hosts.go
diff --git a/pkg/git/auth/hash.go b/lib/git/auth/hash.go
similarity index 100%
rename from pkg/git/auth/hash.go
rename to lib/git/auth/hash.go
diff --git a/pkg/git/auth/list_auth_provider.go b/lib/git/auth/list_auth_provider.go
similarity index 98%
rename from pkg/git/auth/list_auth_provider.go
rename to lib/git/auth/list_auth_provider.go
index 10d55b00a..80a8c90b8 100644
--- a/pkg/git/auth/list_auth_provider.go
+++ b/lib/git/auth/list_auth_provider.go
@@ -5,7 +5,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strings"
 )
diff --git a/pkg/git/auth/ssh_auth_provider.go b/lib/git/auth/ssh_auth_provider.go
similarity index 99%
rename from pkg/git/auth/ssh_auth_provider.go
rename to lib/git/auth/ssh_auth_provider.go
index de94a58cc..6ec556038 100644
--- a/pkg/git/auth/ssh_auth_provider.go
+++ b/lib/git/auth/ssh_auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"encoding/binary"
 	"fmt"
 	"github.com/kevinburke/ssh_config"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
diff --git a/pkg/git/auth/ssh_known_hosts.go b/lib/git/auth/ssh_known_hosts.go
similarity index 96%
rename from pkg/git/auth/ssh_known_hosts.go
rename to lib/git/auth/ssh_known_hosts.go
index 4543bad6c..ea6dfc545 100644
--- a/pkg/git/auth/ssh_known_hosts.go
+++ b/lib/git/auth/ssh_known_hosts.go
@@ -3,8 +3,8 @@ package auth
 import (
 	"errors"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth/goph"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/auth/goph"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/knownhosts"
 	"net"
diff --git a/pkg/git/auth/utils.go b/lib/git/auth/utils.go
similarity index 100%
rename from pkg/git/auth/utils.go
rename to lib/git/auth/utils.go
diff --git a/pkg/git/git_info.go b/lib/git/git_info.go
similarity index 100%
rename from pkg/git/git_info.go
rename to lib/git/git_info.go
diff --git a/pkg/git/list_refs.go b/lib/git/list_refs.go
similarity index 95%
rename from pkg/git/list_refs.go
rename to lib/git/list_refs.go
index d5a199fc5..7992936b8 100644
--- a/pkg/git/list_refs.go
+++ b/lib/git/list_refs.go
@@ -9,8 +9,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
 	"github.com/go-git/go-git/v5/storage/memory"
-	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strconv"
 )
diff --git a/pkg/git/messages/message_callbacks.go b/lib/git/messages/message_callbacks.go
similarity index 100%
rename from pkg/git/messages/message_callbacks.go
rename to lib/git/messages/message_callbacks.go
diff --git a/pkg/git/mirrored_repo.go b/lib/git/mirrored_repo.go
similarity index 98%
rename from pkg/git/mirrored_repo.go
rename to lib/git/mirrored_repo.go
index 59d05c9d4..0ad57ebb2 100644
--- a/pkg/git/mirrored_repo.go
+++ b/lib/git/mirrored_repo.go
@@ -11,9 +11,9 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp/capability"
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	auth2 "github.com/kluctl/kluctl/v2/pkg/git/auth"
-	_ "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
+	_ "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/git/poor_mans_clone.go b/lib/git/poor_mans_clone.go
similarity index 100%
rename from pkg/git/poor_mans_clone.go
rename to lib/git/poor_mans_clone.go
diff --git a/pkg/git/ssh-pool/hostport.go b/lib/git/ssh-pool/hostport.go
similarity index 100%
rename from pkg/git/ssh-pool/hostport.go
rename to lib/git/ssh-pool/hostport.go
diff --git a/pkg/git/ssh-pool/ssh_pool.go b/lib/git/ssh-pool/ssh_pool.go
similarity index 98%
rename from pkg/git/ssh-pool/ssh_pool.go
rename to lib/git/ssh-pool/ssh_pool.go
index 010fec57a..bcbc50409 100644
--- a/pkg/git/ssh-pool/ssh_pool.go
+++ b/lib/git/ssh-pool/ssh_pool.go
@@ -6,7 +6,7 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
+	"github.com/kluctl/kluctl/v2/lib/git/auth"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/net/proxy"
 	"sync"
diff --git a/pkg/git/utils.go b/lib/git/utils.go
similarity index 100%
rename from pkg/git/utils.go
rename to lib/git/utils.go
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index b837651b7..6e985bd82 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -7,9 +7,9 @@ import (
 	"github.com/getsops/sops/v3/kms"
 	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index d61f69fd7..720fc3a2f 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 39a29543a..4206d6c4f 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"github.com/gobwas/glob"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	"github.com/kluctl/kluctl/v2/pkg/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/auth"
+	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index 7e1ea1057..c2bf2c98f 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -1,8 +1,8 @@
 package commands
 
 import (
+	"github.com/kluctl/kluctl/v2/lib/git"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
-	"github.com/kluctl/kluctl/v2/pkg/git"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 6b360f0da..e9e7167ff 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -14,9 +14,9 @@ import (
 	"sync"
 	"time"
 
-	"github.com/kluctl/kluctl/v2/pkg/git"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index ca35aa5fc..2713a2b12 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/crane"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 9f07ae639..4c14d0f82 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -11,7 +11,7 @@ import (
 	"errors"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/pkg/git"
+	"github.com/kluctl/kluctl/v2/lib/git"
 	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 8fa78212b..14edbeb4f 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -21,8 +21,8 @@ import (
 	"github.com/getsops/sops/v3/age"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/pkg/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/pkg/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/types"

From 08515f715b97bdfd561a5521409f80d78c5aa0f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 10:24:10 +0200
Subject: [PATCH 2128/2268] refactor: Move yaml package into libs

---
 api/v1beta1/kluctldeployment_types.go            |  2 +-
 cmd/kluctl/args/images.go                        |  2 +-
 cmd/kluctl/commands/cmd_gitops.go                |  2 +-
 cmd/kluctl/commands/cmd_helm_pull.go             |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go           |  2 +-
 cmd/kluctl/commands/cmd_oci_push.go              |  2 +-
 cmd/kluctl/commands/cmd_render.go                |  2 +-
 cmd/kluctl/commands/command_result.go            |  2 +-
 cmd/kluctl/commands/root.go                      |  2 +-
 e2e/gitops_suite_test.go                         |  2 +-
 e2e/oci_include_test.go                          |  2 +-
 e2e/render_test.go                               |  2 +-
 e2e/source_override_test.go                      |  2 +-
 e2e/test-utils/helm_repo_utils.go                |  2 +-
 e2e/test_project/project.go                      |  2 +-
 e2e/test_resources/resources.go                  |  2 +-
 e2e/validate_test.go                             |  2 +-
 {pkg => lib}/yaml/validator.go                   |  0
 {pkg => lib}/yaml/yaml.go                        | 11 +++++++----
 {pkg => lib}/yaml/yaml_test.go                   |  0
 pkg/controllers/kluctldeployment_controller.go   |  2 +-
 .../kluctldeployment_controller_reconcile.go     |  2 +-
 pkg/deployment/deployment_collection.go          |  2 +-
 pkg/deployment/deployment_item.go                |  2 +-
 pkg/deployment/deployment_project.go             |  2 +-
 pkg/deployment/images.go                         |  2 +-
 pkg/deployment/utils/apply_utils.go              |  2 +-
 pkg/diff/diff.go                                 |  2 +-
 pkg/diff/normalize_test.go                       |  2 +-
 pkg/helm/chart.go                                |  2 +-
 pkg/helm/helm_release.go                         |  2 +-
 pkg/helm/pulled_chart.go                         |  2 +-
 pkg/kluctl_project/external_args.go              |  2 +-
 pkg/kluctl_project/project_load.go               |  2 +-
 pkg/results/result-store-secrets.go              |  2 +-
 pkg/types/deployment.go                          | 16 ++++++++--------
 pkg/types/git_project.go                         | 12 ++++++------
 pkg/types/git_url.go                             |  2 +-
 pkg/types/helm_chart.go                          |  2 +-
 pkg/types/oci_project.go                         |  2 +-
 pkg/types/result/compact.go                      |  2 +-
 pkg/types/target_config.go                       |  2 +-
 pkg/types/vars_source.go                         |  2 +-
 pkg/types/yaml_url.go                            |  2 +-
 pkg/utils/uo/uo.go                               |  2 +-
 pkg/vars/vars.go                                 |  2 +-
 pkg/vars/vars_loader.go                          |  2 +-
 pkg/vars/vars_loader_git_files.go                |  2 +-
 pkg/vars/vars_loader_git_files_test.go           |  2 +-
 pkg/vars/vars_loader_http.go                     |  2 +-
 pkg/webui/events.go                              |  2 +-
 pkg/webui/server.go                              |  2 +-
 pkg/webui/staticbuilder.go                       |  2 +-
 53 files changed, 69 insertions(+), 66 deletions(-)
 rename {pkg => lib}/yaml/validator.go (100%)
 rename {pkg => lib}/yaml/yaml.go (96%)
 rename {pkg => lib}/yaml/yaml_test.go (100%)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 5a8843a23..936cf724b 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -17,9 +17,9 @@ limitations under the License.
 package v1beta1
 
 import (
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"time"
diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 18377a117..7a5c44b07 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -2,8 +2,8 @@ package args
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"strings"
 )
 
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index f5be1f3a3..567b3af87 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
@@ -18,7 +19,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	flag "github.com/spf13/pflag"
 	v12 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index b127e1e17..2d8274769 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"os"
 	"path/filepath"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 305ee2c5f..fcf603923 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -7,13 +7,13 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/format/index"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"os"
 	"path/filepath"
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index 879707ebc..f104b51bc 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -6,9 +6,9 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
 	"path/filepath"
 	"strings"
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 7f113925d..bcdba1c3a 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/ioutil"
 	"os"
 )
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index dd629ec3b..5e875c771 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -5,12 +5,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"os"
 	"strings"
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 6a4b859ba..6bbd09e3e 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	go_container_logs "github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/gops/agent"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	flag "github.com/spf13/pflag"
 	"io"
@@ -37,7 +38,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/version"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/mattn/go-colorable"
 	"github.com/mattn/go-isatty"
 	"github.com/spf13/cobra"
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 5ad0fc5a0..1810dd7dd 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -9,11 +9,11 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 87faf2821..2e2d3b18f 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -6,8 +6,8 @@ import (
 	"github.com/docker/cli/cli/config/types"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"os"
 	"path/filepath"
diff --git a/e2e/render_test.go b/e2e/render_test.go
index c397f464d..56e9c4c6b 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -2,8 +2,8 @@ package e2e
 
 import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index 033c7d879..f9c7acb17 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -4,9 +4,9 @@ import (
 	"fmt"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"path/filepath"
 	"strings"
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 08ea1f25c..3ce3d8126 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -2,8 +2,8 @@ package test_utils
 
 import (
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/cli/values"
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 25a966a35..7e2d87ee7 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -7,11 +7,11 @@ import (
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
 	registry2 "helm.sh/helm/v3/pkg/registry"
 	"net/url"
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index ab5f7e305..548261ed3 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"embed"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index db7191638..85f292c34 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -6,8 +6,8 @@ import (
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/yaml/validator.go b/lib/yaml/validator.go
similarity index 100%
rename from pkg/yaml/validator.go
rename to lib/yaml/validator.go
diff --git a/pkg/yaml/yaml.go b/lib/yaml/yaml.go
similarity index 96%
rename from pkg/yaml/yaml.go
rename to lib/yaml/yaml.go
index 47c250feb..6f22194f7 100644
--- a/pkg/yaml/yaml.go
+++ b/lib/yaml/yaml.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"golang.org/x/text/encoding/unicode"
 	"golang.org/x/text/transform"
 	"io"
@@ -213,9 +212,10 @@ func FixNameExt(dir string, name string) string {
 }
 
 func FixPathExt(p string) string {
-	if utils.Exists(p) {
+	if _, err := os.Stat(p); err == nil {
 		return p
 	}
+
 	var p2 string
 	if strings.HasSuffix(p, ".yml") {
 		p2 = p[:len(p)-4] + ".yaml"
@@ -225,7 +225,7 @@ func FixPathExt(p string) string {
 		return p
 	}
 
-	if utils.Exists(p2) {
+	if _, err := os.Stat(p2); err == nil {
 		return p2
 	}
 	return p
@@ -233,5 +233,8 @@ func FixPathExt(p string) string {
 
 func Exists(p string) bool {
 	p = FixPathExt(p)
-	return utils.Exists(p)
+	if _, err := os.Stat(p); err == nil {
+		return true
+	}
+	return false
 }
diff --git a/pkg/yaml/yaml_test.go b/lib/yaml/yaml_test.go
similarity index 100%
rename from pkg/yaml/yaml_test.go
rename to lib/yaml/yaml_test.go
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 720fc3a2f..3cfc63ed4 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -7,13 +7,13 @@ import (
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/rest"
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 25802d0b6..796da9bb7 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -7,10 +7,10 @@ import (
 	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"reflect"
 	ctrl "sigs.k8s.io/controller-runtime"
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 678a74229..6384cd96e 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
@@ -12,7 +13,6 @@ import (
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"path/filepath"
 	"sync"
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index d84019dd0..45d6a4f4e 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,6 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -12,7 +13,6 @@ import (
 	securefs "github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/kustomize/filesys"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"os"
 	"path"
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 00267e8ed..6c967a950 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,13 +3,13 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"path/filepath"
 	"strings"
 )
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index a38c282e1..a402927e9 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -5,12 +5,12 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"regexp"
 	"sort"
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 52b2086ef..8e1078bd7 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -13,7 +14,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"golang.org/x/sync/semaphore"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 0d9accd67..8cae9cdf8 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -5,9 +5,9 @@ import (
 	"github.com/hexops/gotextdiff"
 	"github.com/hexops/gotextdiff/myers"
 	"github.com/hexops/gotextdiff/span"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	diff2 "github.com/r3labs/diff/v2"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"reflect"
diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
index 5b6e79ec7..0451cd554 100644
--- a/pkg/diff/normalize_test.go
+++ b/pkg/diff/normalize_test.go
@@ -2,10 +2,10 @@ package diff
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 821a39d2e..d0222c576 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -5,12 +5,12 @@ import (
 	"fmt"
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"helm.sh/helm/v3/pkg/action"
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index caf78e001..09fadd65b 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
@@ -18,7 +19,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/pkg/errors"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/chart"
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index d8c65a963..1031a6a6b 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -1,9 +1,9 @@
 package helm
 
 import (
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
 	"path/filepath"
 	"time"
diff --git a/pkg/kluctl_project/external_args.go b/pkg/kluctl_project/external_args.go
index 7a570927c..5d98b38d1 100644
--- a/pkg/kluctl_project/external_args.go
+++ b/pkg/kluctl_project/external_args.go
@@ -2,9 +2,9 @@ package kluctl_project
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"os"
 	"regexp"
 	"strings"
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 49d6adc82..6d0364dea 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,13 +2,13 @@ package kluctl_project
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api"
 	"path/filepath"
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index b470cc108..4f3557806 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -5,11 +5,11 @@ import (
 	"context"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index a211fe9af..0b4546328 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -2,9 +2,9 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	yaml2 "github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type DeploymentItemConfig struct {
@@ -102,14 +102,14 @@ type SingleStringOrList []string
 
 func (s *SingleStringOrList) UnmarshalJSON(b []byte) error {
 	var single string
-	if err := yaml.ReadYamlBytes(b, &single); err == nil {
+	if err := yaml2.ReadYamlBytes(b, &single); err == nil {
 		// it's a single project
 		*s = []string{single}
 		return nil
 	}
 	// try as array
 	var arr []string
-	if err := yaml.ReadYamlBytes(b, &arr); err != nil {
+	if err := yaml2.ReadYamlBytes(b, &arr); err != nil {
 		return err
 	}
 	*s = arr
@@ -174,9 +174,9 @@ type DeploymentProjectConfig struct {
 }
 
 func init() {
-	yaml.Validator.RegisterStructValidation(ValidateDeploymentItemConfig, DeploymentItemConfig{})
-	yaml.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
-	yaml.Validator.RegisterStructValidation(ValidateWaitReadinessObjectItemConfig, WaitReadinessObjectItemConfig{})
-	yaml.Validator.RegisterStructValidation(ValidateIgnoreForDiffItemConfig, IgnoreForDiffItemConfig{})
-	yaml.Validator.RegisterStructValidation(ValidateConflictResolutionConfig, ConflictResolutionConfig{})
+	yaml2.Validator.RegisterStructValidation(ValidateDeploymentItemConfig, DeploymentItemConfig{})
+	yaml2.Validator.RegisterStructValidation(ValidateDeleteObjectItemConfig, DeleteObjectItemConfig{})
+	yaml2.Validator.RegisterStructValidation(ValidateWaitReadinessObjectItemConfig, WaitReadinessObjectItemConfig{})
+	yaml2.Validator.RegisterStructValidation(ValidateIgnoreForDiffItemConfig, IgnoreForDiffItemConfig{})
+	yaml2.Validator.RegisterStructValidation(ValidateConflictResolutionConfig, ConflictResolutionConfig{})
 }
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 07678bef4..2087df3b7 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -3,11 +3,11 @@ package types
 import (
 	"encoding/json"
 	"fmt"
+	yaml2 "github.com/kluctl/kluctl/v2/lib/yaml"
 	"regexp"
 	"strings"
 
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 // gitDirPatternNeg defines forbidden characters on git directory path/subDir
@@ -20,12 +20,12 @@ type GitProject struct {
 }
 
 func (gp *GitProject) UnmarshalJSON(b []byte) error {
-	if err := yaml.ReadYamlBytes(b, &gp.Url); err == nil {
+	if err := yaml2.ReadYamlBytes(b, &gp.Url); err == nil {
 		// it's a simple string
 		return nil
 	}
 	type raw GitProject
-	return yaml.ReadYamlBytes(b, (*raw)(gp))
+	return yaml2.ReadYamlBytes(b, (*raw)(gp))
 }
 
 type GitRef struct {
@@ -47,13 +47,13 @@ type GitRef struct {
 }
 
 func (ref *GitRef) UnmarshalJSON(b []byte) error {
-	if err := yaml.ReadYamlBytes(b, &ref.Ref); err == nil {
+	if err := yaml2.ReadYamlBytes(b, &ref.Ref); err == nil {
 		// it's a simple string
 		return nil
 	}
 	ref.Ref = ""
 	type raw GitRef
-	err := yaml.ReadYamlBytes(b, (*raw)(ref))
+	err := yaml2.ReadYamlBytes(b, (*raw)(ref))
 	if err != nil {
 		return err
 	}
@@ -134,5 +134,5 @@ func ValidateGitProject(sl validator.StructLevel) {
 }
 
 func init() {
-	yaml.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
+	yaml2.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
 }
diff --git a/pkg/types/git_url.go b/pkg/types/git_url.go
index ba9784a7e..9fe592f55 100644
--- a/pkg/types/git_url.go
+++ b/pkg/types/git_url.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"net/url"
 	"path"
 	"regexp"
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index fe1260358..1b51da714 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
diff --git a/pkg/types/oci_project.go b/pkg/types/oci_project.go
index 05f82b8ca..23b54a4fc 100644
--- a/pkg/types/oci_project.go
+++ b/pkg/types/oci_project.go
@@ -3,7 +3,7 @@ package types
 import (
 	"fmt"
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 )
 
 type OciProject struct {
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
index 730e91bb7..808411242 100644
--- a/pkg/types/result/compact.go
+++ b/pkg/types/result/compact.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/sergi/go-diff/diffmatchpatch"
 	"strings"
 	"sync"
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index 43ca4a809..eebdd4868 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type FixedImage struct {
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 3b31e4d59..3a1859599 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/runtime"
 	"reflect"
 )
diff --git a/pkg/types/yaml_url.go b/pkg/types/yaml_url.go
index 0f7ffda06..b5e3f14fb 100644
--- a/pkg/types/yaml_url.go
+++ b/pkg/types/yaml_url.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"encoding/json"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"net/url"
 )
 
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 170b81f4f..5bd249745 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/jinzhu/copier"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"reflect"
 )
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index 826233fb5..9889b54fe 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -2,9 +2,9 @@ package vars
 
 import (
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 )
 
 type VarsCtx struct {
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index ebe46244c..48e8b277b 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,6 +8,7 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/azure"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
@@ -21,7 +22,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/vault"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
diff --git a/pkg/vars/vars_loader_git_files.go b/pkg/vars/vars_loader_git_files.go
index 18d947432..672817c55 100644
--- a/pkg/vars/vars_loader_git_files.go
+++ b/pkg/vars/vars_loader_git_files.go
@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/runtime"
 	"os"
diff --git a/pkg/vars/vars_loader_git_files_test.go b/pkg/vars/vars_loader_git_files_test.go
index c8aa27259..7d838fab3 100644
--- a/pkg/vars/vars_loader_git_files_test.go
+++ b/pkg/vars/vars_loader_git_files_test.go
@@ -6,12 +6,12 @@ import (
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/runtime"
 	"strings"
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 30fae03f8..4d02931c3 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"github.com/Azure/go-ntlmssp"
 	"github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io"
 	"net/http"
 	"strings"
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index d8ae9f0dc..c6d8ed0ea 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -5,11 +5,11 @@ import (
 	"container/list"
 	"context"
 	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"net/http"
 	"nhooyr.io/websocket"
 	"sync"
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 905f9a367..71da1ca5d 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/gin-gonic/gin"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -12,7 +13,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	"io/fs"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index d2da3f45a..f0df6cab0 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -3,11 +3,11 @@ package webui
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/yaml"
 	cp "github.com/otiai10/copy"
 	"os"
 	"path/filepath"

From 6be012915a2cfc03f1d7368f503aeaebea3ef03d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 10:50:03 +0200
Subject: [PATCH 2129/2268] refactor: Move status package into lib

---
 api/v1beta1/kluctldeployment_types.go         |  2 +-
 cmd/kluctl/args/helm_credentials.go           |  2 +-
 cmd/kluctl/args/overrides.go                  |  2 +-
 cmd/kluctl/commands/cmd_deploy.go             |  2 +-
 cmd/kluctl/commands/cmd_gitops.go             |  3 +-
 cmd/kluctl/commands/cmd_gitops_diff.go        |  2 +-
 .../commands/cmd_gitops_suspend_resume.go     |  2 +-
 cmd/kluctl/commands/cmd_gitops_validate.go    |  2 +-
 cmd/kluctl/commands/cmd_helm_pull.go          |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go        |  3 +-
 cmd/kluctl/commands/cmd_oci_push.go           |  3 +-
 cmd/kluctl/commands/cmd_render.go             |  2 +-
 cmd/kluctl/commands/cmd_validate.go           |  2 +-
 cmd/kluctl/commands/cmd_version.go            |  2 +-
 cmd/kluctl/commands/cmd_webui_build.go        |  2 +-
 cmd/kluctl/commands/cmd_webui_run.go          |  2 +-
 cmd/kluctl/commands/command_result.go         |  2 +-
 cmd/kluctl/commands/completion.go             |  2 +-
 cmd/kluctl/commands/root.go                   | 28 +++++++++----------
 cmd/kluctl/commands/utils.go                  |  2 +-
 e2e/test_project/kluctl_execute.go            | 10 +++----
 lib/git/auth/env_auth_provider.go             |  2 +-
 lib/git/mirrored_repo.go                      |  2 +-
 lib/git/utils.go                              |  2 +-
 {pkg => lib}/status/multiline/clear_lines.go  |  0
 .../status/multiline/clear_lines_posix.go     |  0
 .../status/multiline/clear_lines_windows.go   |  0
 {pkg => lib}/status/multiline/multiline.go    |  0
 {pkg => lib}/status/multiline/spinner.go      |  0
 {pkg => lib}/status/noop.go                   |  0
 {pkg => lib}/status/simple_status_handler.go  |  0
 {pkg => lib}/status/status.go                 |  0
 {pkg => lib}/status/status_handler.go         | 10 +++----
 {pkg => lib}/status/utils.go                  |  0
 pkg/clouds/aws/aws_config.go                  |  2 +-
 pkg/clouds/aws/aws_config_test.go             |  6 ++--
 .../kluctldeployment_controller.go            |  5 ++--
 .../kluctldeployment_controller_source.go     |  2 +-
 pkg/deployment/commands/deploy.go             |  2 +-
 pkg/deployment/commands/diff.go               |  2 +-
 pkg/deployment/deployment_collection.go       |  2 +-
 pkg/deployment/deployment_project.go          |  2 +-
 pkg/deployment/images.go                      |  2 +-
 pkg/deployment/utils/apply_utils.go           |  2 +-
 pkg/deployment/utils/remote_objects_utils.go  |  2 +-
 pkg/helm/auth/env_auth_provider.go            |  2 +-
 pkg/helm/auth/list_auth_provider.go           |  2 +-
 pkg/helm/chart.go                             |  2 +-
 pkg/helm/helm_release.go                      |  2 +-
 pkg/k8s/k8s_cluster.go                        |  2 +-
 pkg/kluctl_project/k8s.go                     |  2 +-
 pkg/kluctl_project/load.go                    |  2 +-
 .../target-context/target_context.go          |  2 +-
 pkg/kluctl_project/targets.go                 |  2 +-
 .../docker_config_auth_provider.go            |  2 +-
 pkg/oci/auth_provider/env_auth_provider.go    |  2 +-
 pkg/oci/auth_provider/list_auth_provider.go   |  2 +-
 pkg/prompts/prompts.go                        |  2 +-
 pkg/prompts/provider.go                       |  2 +-
 pkg/repocache/git_cache.go                    |  2 +-
 pkg/repocache/oci_cache.go                    |  2 +-
 pkg/results/result-store-secrets.go           |  2 +-
 pkg/sourceoverride/proxyclient_cli.go         |  2 +-
 pkg/vars/vars_loader.go                       |  2 +-
 pkg/webui/events.go                           |  2 +-
 pkg/webui/server.go                           |  2 +-
 pkg/webui/staticbuilder.go                    |  2 +-
 67 files changed, 82 insertions(+), 86 deletions(-)
 rename {pkg => lib}/status/multiline/clear_lines.go (100%)
 rename {pkg => lib}/status/multiline/clear_lines_posix.go (100%)
 rename {pkg => lib}/status/multiline/clear_lines_windows.go (100%)
 rename {pkg => lib}/status/multiline/multiline.go (100%)
 rename {pkg => lib}/status/multiline/spinner.go (100%)
 rename {pkg => lib}/status/noop.go (100%)
 rename {pkg => lib}/status/simple_status_handler.go (100%)
 rename {pkg => lib}/status/status.go (100%)
 rename {pkg => lib}/status/status_handler.go (95%)
 rename {pkg => lib}/status/utils.go (100%)

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 936cf724b..103859436 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -17,7 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
-	"github.com/kluctl/kluctl/lib/yaml"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index d9d470833..b93790be1 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"strings"
diff --git a/cmd/kluctl/args/overrides.go b/cmd/kluctl/args/overrides.go
index cee013b74..29c796d67 100644
--- a/cmd/kluctl/args/overrides.go
+++ b/cmd/kluctl/args/overrides.go
@@ -3,8 +3,8 @@ package args
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strings"
 )
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 2ea8ea23d..18b708755 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 567b3af87..ac9a0292a 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,13 +8,12 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
index 89b9d9854..d72ee2959 100644
--- a/cmd/kluctl/commands/cmd_gitops_diff.go
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index 56729f1df..a3b9ef8c9 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 8c57cdb2c..8ef196498 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 2d8274769..90f7b0106 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/fs"
 	"os"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index fcf603923..d8be16c1b 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -7,12 +7,11 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/format/index"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/fs"
 	"os"
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index f104b51bc..b59027cc7 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -6,9 +6,8 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"os"
 	"path/filepath"
 	"strings"
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index bcdba1c3a..5371712ae 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 6bd61e384..4d6ae1d87 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"time"
 )
 
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index 3328a0203..7f6a9409f 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -2,7 +2,7 @@ package commands
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 )
 
diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
index 5efb5e8bf..fffc0cf62 100644
--- a/cmd/kluctl/commands/cmd_webui_build.go
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index e14b719bb..c7a57ce07 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 5e875c771..20f535d4b 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -5,9 +5,9 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index d0e508129..4309893f8 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 6bbd09e3e..b7de7c501 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	go_container_logs "github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/gops/agent"
+	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	flag "github.com/spf13/pflag"
@@ -34,7 +35,6 @@ import (
 	"time"
 
 	"github.com/Masterminds/semver/v3"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/version"
@@ -102,18 +102,18 @@ var origStderr = os.Stderr
 var isTerminal = isatty.IsTerminal(os.Stderr.Fd())
 
 func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool) context.Context {
-	var sh status.StatusHandler
+	var sh status2.StatusHandler
 	var pp prompts.PromptProvider
 	if !debug && isTerminal {
-		sh = status.NewMultiLineStatusHandler(ctx, origStderr, isTerminal && !noColor, false)
+		sh = status2.NewMultiLineStatusHandler(ctx, origStderr, isTerminal && !noColor, false)
 		pp = &prompts.StatusAndStdinPromptProvider{}
 	} else {
-		sh = status.NewSimpleStatusHandler(func(level status.Level, message string) {
+		sh = status2.NewSimpleStatusHandler(func(level status2.Level, message string) {
 			_, _ = fmt.Fprintf(origStderr, "%s\n", message)
 		}, debug)
 		pp = &prompts.SimplePromptProvider{Out: origStderr}
 	}
-	ctx = status.NewContext(ctx, sh)
+	ctx = status2.NewContext(ctx, sh)
 	ctx = prompts.NewContext(ctx, pp)
 
 	return ctx
@@ -121,19 +121,19 @@ func initStatusHandlerAndPrompts(ctx context.Context, debug bool, noColor bool)
 
 func redirectLogsAndStderr(ctx context.Context) {
 	f := func(line string) {
-		status.Info(ctx, line)
+		status2.Info(ctx, line)
 	}
 
-	lr1 := status.NewLineRedirector(f)
-	lr2 := status.NewLineRedirector(f)
+	lr1 := status2.NewLineRedirector(f)
+	lr2 := status2.NewLineRedirector(f)
 
 	klog.LogToStderr(false)
 	klog.SetOutput(lr1)
 	log.SetOutput(lr2)
 	ctrl.SetLogger(klog.NewKlogr())
 
-	go_container_logs.Warn.SetOutput(status.NewLineRedirector(func(line string) {
-		status.Warning(ctx, line)
+	go_container_logs.Warn.SetOutput(status2.NewLineRedirector(func(line string) {
+		status2.Warning(ctx, line)
 	}))
 
 	pr, pw, err := os.Pipe()
@@ -142,7 +142,7 @@ func redirectLogsAndStderr(ctx context.Context) {
 	}
 
 	go func() {
-		x := status.NewLineRedirector(f)
+		x := status2.NewLineRedirector(f)
 		_, _ = io.Copy(x, pr)
 	}()
 
@@ -200,7 +200,7 @@ func checkNewVersion(ctx context.Context) {
 	versionCheckState.LastVersionCheck = time.Now()
 	_ = yaml.WriteYamlFile(versionCheckPath, &versionCheckState)
 
-	s := status.Start(ctx, "Checking for new kluctl version")
+	s := status2.Start(ctx, "Checking for new kluctl version")
 	defer s.Failed()
 
 	r, err := http.Get(latestReleaseUrl)
@@ -299,13 +299,13 @@ func Main() {
 
 	if err != nil {
 		if didSetupStatusHandler {
-			status.Error(ctx, err.Error())
+			status2.Error(ctx, err.Error())
 		} else {
 			_, _ = fmt.Fprintf(os.Stderr, "%s\n", err.Error())
 		}
 	}
 
-	sh := status.FromContext(ctx)
+	sh := status2.FromContext(ctx)
 	if sh != nil {
 		sh.Stop()
 	}
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 02a6212f8..3f63ca5d3 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/lib/git/auth"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -19,7 +20,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 8e61af5f1..2a2ef6c15 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"strings"
 	"sync"
@@ -19,13 +19,13 @@ func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), a
 	stdoutBuf := bytes.NewBuffer(nil)
 	stderrBuf := bytes.NewBuffer(nil)
 
-	stdout := status.NewLineRedirector(func(line string) {
+	stdout := status2.NewLineRedirector(func(line string) {
 		m.Lock()
 		defer m.Unlock()
 		logFn(line)
 		stdoutBuf.WriteString(line + "\n")
 	})
-	stderr := status.NewLineRedirector(func(line string) {
+	stderr := status2.NewLineRedirector(func(line string) {
 		m.Lock()
 		defer m.Unlock()
 		logFn(line)
@@ -39,7 +39,7 @@ func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), a
 		ctx = utils.WithCacheDir(ctx, t.TempDir())
 	}
 	ctx = commands.WithStdStreams(ctx, stdout, stderr)
-	sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
+	sh := status2.NewSimpleStatusHandler(func(level status2.Level, message string) {
 		_, _ = stderr.Write([]byte(message + "\n"))
 	}, true)
 	defer func() {
@@ -47,7 +47,7 @@ func KluctlExecute(t *testing.T, ctx context.Context, logFn func(args ...any), a
 			sh.Stop()
 		}
 	}()
-	ctx = status.NewContext(ctx, sh)
+	ctx = status2.NewContext(ctx, sh)
 	err := commands.Execute(ctx, args, nil)
 	sh.Stop()
 	sh = nil
diff --git a/lib/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
index 0bb3add9d..d99b85f62 100644
--- a/lib/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
diff --git a/lib/git/mirrored_repo.go b/lib/git/mirrored_repo.go
index 0ad57ebb2..8a72b8d19 100644
--- a/lib/git/mirrored_repo.go
+++ b/lib/git/mirrored_repo.go
@@ -14,7 +14,7 @@ import (
 	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
 	_ "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
diff --git a/lib/git/utils.go b/lib/git/utils.go
index 88e4e0d18..2eebc90cc 100644
--- a/lib/git/utils.go
+++ b/lib/git/utils.go
@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"os/exec"
diff --git a/pkg/status/multiline/clear_lines.go b/lib/status/multiline/clear_lines.go
similarity index 100%
rename from pkg/status/multiline/clear_lines.go
rename to lib/status/multiline/clear_lines.go
diff --git a/pkg/status/multiline/clear_lines_posix.go b/lib/status/multiline/clear_lines_posix.go
similarity index 100%
rename from pkg/status/multiline/clear_lines_posix.go
rename to lib/status/multiline/clear_lines_posix.go
diff --git a/pkg/status/multiline/clear_lines_windows.go b/lib/status/multiline/clear_lines_windows.go
similarity index 100%
rename from pkg/status/multiline/clear_lines_windows.go
rename to lib/status/multiline/clear_lines_windows.go
diff --git a/pkg/status/multiline/multiline.go b/lib/status/multiline/multiline.go
similarity index 100%
rename from pkg/status/multiline/multiline.go
rename to lib/status/multiline/multiline.go
diff --git a/pkg/status/multiline/spinner.go b/lib/status/multiline/spinner.go
similarity index 100%
rename from pkg/status/multiline/spinner.go
rename to lib/status/multiline/spinner.go
diff --git a/pkg/status/noop.go b/lib/status/noop.go
similarity index 100%
rename from pkg/status/noop.go
rename to lib/status/noop.go
diff --git a/pkg/status/simple_status_handler.go b/lib/status/simple_status_handler.go
similarity index 100%
rename from pkg/status/simple_status_handler.go
rename to lib/status/simple_status_handler.go
diff --git a/pkg/status/status.go b/lib/status/status.go
similarity index 100%
rename from pkg/status/status.go
rename to lib/status/status.go
diff --git a/pkg/status/status_handler.go b/lib/status/status_handler.go
similarity index 95%
rename from pkg/status/status_handler.go
rename to lib/status/status_handler.go
index 405bb1788..04964a9ce 100644
--- a/pkg/status/status_handler.go
+++ b/lib/status/status_handler.go
@@ -3,7 +3,7 @@ package status
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/status/multiline"
+	multiline2 "github.com/kluctl/kluctl/v2/lib/status/multiline"
 	"io"
 	"sync"
 )
@@ -14,12 +14,12 @@ type MultiLineStatusHandler struct {
 	enableColor bool
 	trace       bool
 
-	ml *multiline.MultiLinePrinter
+	ml *multiline2.MultiLinePrinter
 }
 
 type statusLine struct {
 	slh *MultiLineStatusHandler
-	l   *multiline.Line
+	l   *multiline2.Line
 
 	current int
 	total   int
@@ -56,7 +56,7 @@ func (s *MultiLineStatusHandler) SetTrace(trace bool) {
 }
 
 func (s *MultiLineStatusHandler) start() {
-	s.ml = &multiline.MultiLinePrinter{}
+	s.ml = &multiline2.MultiLinePrinter{}
 	s.ml.Start(s.out)
 }
 
@@ -148,7 +148,7 @@ func (sl *statusLine) lineFunc() string {
 		return fmt.Sprintf("%s %s", sl.barOverride, sl.message)
 	}
 
-	s := multiline.Spinner()
+	s := multiline2.Spinner()
 	return fmt.Sprintf("%s %s", s, sl.message)
 }
 
diff --git a/pkg/status/utils.go b/lib/status/utils.go
similarity index 100%
rename from pkg/status/utils.go
rename to lib/status/utils.go
diff --git a/pkg/clouds/aws/aws_config.go b/pkg/clouds/aws/aws_config.go
index 7bad34f82..0d68d1bfe 100644
--- a/pkg/clouds/aws/aws_config.go
+++ b/pkg/clouds/aws/aws_config.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
diff --git a/pkg/clouds/aws/aws_config_test.go b/pkg/clouds/aws/aws_config_test.go
index 807f4f9a7..878902a00 100644
--- a/pkg/clouds/aws/aws_config_test.go
+++ b/pkg/clouds/aws/aws_config_test.go
@@ -8,7 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
 	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
@@ -154,10 +154,10 @@ func TestAwsConfig(t *testing.T) {
 			}
 
 			var sls []string
-			sh := status.NewSimpleStatusHandler(func(level status.Level, message string) {
+			sh := status2.NewSimpleStatusHandler(func(level status2.Level, message string) {
 				sls = append(sls, message)
 			}, false)
-			ctx := status.NewContext(context.Background(), sh)
+			ctx := status2.NewContext(context.Background(), sh)
 
 			cfg, err := LoadAwsConfigHelper(ctx, c, &awsConfig, argProfile)
 			assert.NoError(t, err)
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 3cfc63ed4..e565c276c 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -7,10 +7,9 @@ import (
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
@@ -67,7 +66,7 @@ func (r *KluctlDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req
 
 	log := ctrl.LoggerFrom(ctx)
 
-	ctx = status.NewContext(ctx, status.NewSimpleStatusHandler(func(level status.Level, message string) {
+	ctx = status2.NewContext(ctx, status2.NewSimpleStatusHandler(func(level status2.Level, message string) {
 		log.Info(message)
 	}, false))
 
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 4206d6c4f..7eb90982f 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -10,11 +10,11 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/lib/git/auth"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"net/url"
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 4b3cbb4b2..543dfa1e8 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"time"
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index ac816dea2..9b5f05dea 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index 6384cd96e..db1374c22 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -5,10 +5,10 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 6c967a950..f4ddc5c1c 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,9 +3,9 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index a402927e9..5fc9b7aa4 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -5,9 +5,9 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index 8e1078bd7..a0f4fddb4 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index d97d7008b..924d07701 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -3,8 +3,8 @@ package utils
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index 4de31983c..41a33e61e 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
diff --git a/pkg/helm/auth/list_auth_provider.go b/pkg/helm/auth/list_auth_provider.go
index d7b860f35..95b0791cd 100644
--- a/pkg/helm/auth/list_auth_provider.go
+++ b/pkg/helm/auth/list_auth_provider.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"context"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index d0222c576..8eb2d7efa 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	cp "github.com/otiai10/copy"
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 09fadd65b..a9f283125 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
@@ -15,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index b60e14e3c..5eabac02b 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -3,6 +3,7 @@ package k8s
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"io"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -15,7 +16,6 @@ import (
 
 	"github.com/Masterminds/semver/v3"
 
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/kluctl_project/k8s.go b/pkg/kluctl_project/k8s.go
index 98833db49..df54831de 100644
--- a/pkg/kluctl_project/k8s.go
+++ b/pkg/kluctl_project/k8s.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 552fb99f8..7e8b50b91 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"time"
 )
 
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index 4fa1c24e6..7af98e79e 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -3,6 +3,7 @@ package target_context
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
@@ -10,7 +11,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/vars"
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 0c0c8eae5..5878aca07 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"sort"
diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
index 2d01029f9..64efc4093 100644
--- a/pkg/oci/auth_provider/docker_config_auth_provider.go
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"github.com/gobwas/glob/match"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"strings"
 )
 
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index b0350c212..1aceb542c 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"github.com/gobwas/glob"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"sync"
diff --git a/pkg/oci/auth_provider/list_auth_provider.go b/pkg/oci/auth_provider/list_auth_provider.go
index 54a2bc746..5b5e01217 100644
--- a/pkg/oci/auth_provider/list_auth_provider.go
+++ b/pkg/oci/auth_provider/list_auth_provider.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"strings"
 )
 
diff --git a/pkg/prompts/prompts.go b/pkg/prompts/prompts.go
index d28c7da0a..f707a65ca 100644
--- a/pkg/prompts/prompts.go
+++ b/pkg/prompts/prompts.go
@@ -3,7 +3,7 @@ package prompts
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"strings"
 )
diff --git a/pkg/prompts/provider.go b/pkg/prompts/provider.go
index 87934a34b..c63a5b042 100644
--- a/pkg/prompts/provider.go
+++ b/pkg/prompts/provider.go
@@ -3,7 +3,7 @@ package prompts
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/status"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"os"
 	"strings"
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index e9e7167ff..1d559035e 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
@@ -17,7 +18,6 @@ import (
 	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/lib/git/auth"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
 )
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 2713a2b12..3efc67122 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -6,10 +6,10 @@ import (
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 4f3557806..034f24294 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -5,9 +5,9 @@ import (
 	"context"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 4c14d0f82..51fefeccd 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -12,8 +12,8 @@ import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 48e8b277b..99be53ce5 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,6 +8,7 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/azure"
@@ -16,7 +17,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index c6d8ed0ea..1fcec0032 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -5,9 +5,9 @@ import (
 	"container/list"
 	"context"
 	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"net/http"
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 71da1ca5d..8f645f00f 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"github.com/gin-gonic/gin"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index f0df6cab0..daff249c3 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -3,9 +3,9 @@ package webui
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/status"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"

From e8ebfdef2885d3719f14754865b64ce55411c964 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:13:23 +0200
Subject: [PATCH 2130/2268] refactor: Fix yaml imports

---
 cmd/kluctl/commands/cmd_gitops.go              | 1 +
 cmd/kluctl/commands/cmd_helm_update.go         | 1 +
 cmd/kluctl/commands/cmd_oci_push.go            | 1 +
 pkg/controllers/kluctldeployment_controller.go | 1 +
 4 files changed, 4 insertions(+)

diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index ac9a0292a..688170ba6 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index d8be16c1b..69d2304da 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	git2 "github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index b59027cc7..75fde0087 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -7,6 +7,7 @@ import (
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
 	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
 	"path/filepath"
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index e565c276c..417b8f8e4 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -8,6 +8,7 @@ import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	status2 "github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"

From 98632ad5964791d15e0e765e312a7e04526ed7ce Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:44:01 +0200
Subject: [PATCH 2131/2268] refactor: Move multiple git types into lib/git

---
 api/v1beta1/kluctldeployment_types.go         |  7 +-
 api/v1beta1/zz_generated.deepcopy.go          |  5 +-
 cmd/kluctl/args/overrides.go                  |  2 +-
 cmd/kluctl/commands/cmd_gitops.go             |  2 +-
 lib/git/auth/auth_provider.go                 |  2 +-
 lib/git/auth/env_auth_provider.go             |  2 +-
 lib/git/auth/git_credentials_file.go          |  2 +-
 lib/git/auth/list_auth_provider.go            |  2 +-
 lib/git/auth/ssh_auth_provider.go             |  2 +-
 lib/git/{git_info.go => build_git_info.go}    |  8 +-
 lib/git/list_refs.go                          |  2 +-
 lib/git/mirrored_repo.go                      |  5 +-
 lib/git/types/doc.go                          | 19 ++++
 lib/git/types/git_info.go                     |  9 ++
 lib/git/types/git_ref.go                      | 91 +++++++++++++++++
 {pkg => lib/git}/types/git_url.go             |  0
 lib/git/types/zz_generated.deepcopy.go        | 87 ++++++++++++++++
 lib/git/utils.go                              | 34 ++++++-
 pkg/controllers/kluctl_project.go             |  4 +-
 .../kluctldeployment_controller_status.go     |  8 +-
 pkg/repocache/git_cache.go                    |  2 +-
 pkg/repocache/oci_cache.go                    |  7 +-
 pkg/sourceoverride/chained.go                 |  2 +-
 pkg/sourceoverride/manager.go                 |  2 +-
 pkg/sourceoverride/proxyclient_cli.go         |  2 +-
 pkg/sourceoverride/proxyclient_controller.go  |  2 +-
 pkg/sourceoverride/sourceoverride.pb.go       |  2 +-
 pkg/sourceoverride/sourceoverride_grpc.pb.go  |  2 +-
 pkg/types/git_project.go                      | 99 ++-----------------
 pkg/types/git_project_test.go                 | 11 ++-
 pkg/types/result/command_result.go            | 15 +--
 pkg/types/result/command_result_summary.go    |  3 +-
 pkg/types/result/zz_generated.deepcopy.go     | 24 -----
 pkg/types/vars_source.go                      | 15 +--
 pkg/types/zz_generated.deepcopy.go            | 47 +--------
 pkg/utils/watchdog.go                         | 38 -------
 pkg/vars/vars_loader_git_files.go             | 11 ++-
 pkg/vars/vars_loader_git_files_test.go        | 69 ++++++-------
 pkg/webui/events.go                           |  2 +-
 pkg/webui/generate-ts/main.go                 |  7 +-
 40 files changed, 355 insertions(+), 300 deletions(-)
 rename lib/git/{git_info.go => build_git_info.go} (92%)
 create mode 100644 lib/git/types/doc.go
 create mode 100644 lib/git/types/git_info.go
 create mode 100644 lib/git/types/git_ref.go
 rename {pkg => lib/git}/types/git_url.go (100%)
 create mode 100644 lib/git/types/zz_generated.deepcopy.go
 delete mode 100644 pkg/utils/watchdog.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 103859436..96e8343f3 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -268,7 +269,7 @@ type ProjectSource struct {
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.
 	// +optional
-	Ref *types.GitRef `json:"ref,omitempty"`
+	Ref *gittypes.GitRef `json:"ref,omitempty"`
 
 	// Path specifies the sub-directory to be used as project directory
 	// DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.
@@ -297,7 +298,7 @@ type ProjectSourceGit struct {
 
 	// Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.
 	// +optional
-	Ref *types.GitRef `json:"ref,omitempty"`
+	Ref *gittypes.GitRef `json:"ref,omitempty"`
 
 	// Path specifies the sub-directory to be used as project directory
 	// +optional
@@ -321,7 +322,7 @@ type ProjectSourceOci struct {
 
 type SourceOverride struct {
 	// +required
-	RepoKey types.RepoKey `json:"repoKey"`
+	RepoKey gittypes.RepoKey `json:"repoKey"`
 	// +required
 	Url string `json:"url"`
 	// +optional
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 0f0bfafbf..52151fc37 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -21,6 +21,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -500,7 +501,7 @@ func (in *ProjectSource) DeepCopyInto(out *ProjectSource) {
 	}
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(types.GitRef)
+		*out = new(gittypes.GitRef)
 		**out = **in
 	}
 	if in.SecretRef != nil {
@@ -530,7 +531,7 @@ func (in *ProjectSourceGit) DeepCopyInto(out *ProjectSourceGit) {
 	*out = *in
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(types.GitRef)
+		*out = new(gittypes.GitRef)
 		**out = **in
 	}
 }
diff --git a/cmd/kluctl/args/overrides.go b/cmd/kluctl/args/overrides.go
index 29c796d67..0d4b3e21e 100644
--- a/cmd/kluctl/args/overrides.go
+++ b/cmd/kluctl/args/overrides.go
@@ -3,9 +3,9 @@ package args
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strings"
 )
 
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 688170ba6..02d55838e 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
@@ -15,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/lib/git/auth/auth_provider.go b/lib/git/auth/auth_provider.go
index 2745809bc..0826871a4 100644
--- a/lib/git/auth/auth_provider.go
+++ b/lib/git/auth/auth_provider.go
@@ -7,7 +7,7 @@ import (
 	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"golang.org/x/crypto/ssh"
 )
 
diff --git a/lib/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
index d99b85f62..112b93d27 100644
--- a/lib/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"sync"
diff --git a/lib/git/auth/git_credentials_file.go b/lib/git/auth/git_credentials_file.go
index 56aa9737d..56f33085a 100644
--- a/lib/git/auth/git_credentials_file.go
+++ b/lib/git/auth/git_credentials_file.go
@@ -5,7 +5,7 @@ import (
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"net/url"
 	"os"
 	"path/filepath"
diff --git a/lib/git/auth/list_auth_provider.go b/lib/git/auth/list_auth_provider.go
index 80a8c90b8..9c20d2069 100644
--- a/lib/git/auth/list_auth_provider.go
+++ b/lib/git/auth/list_auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"strings"
 )
 
diff --git a/lib/git/auth/ssh_auth_provider.go b/lib/git/auth/ssh_auth_provider.go
index 6ec556038..b47fb60c8 100644
--- a/lib/git/auth/ssh_auth_provider.go
+++ b/lib/git/auth/ssh_auth_provider.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"github.com/kevinburke/ssh_config"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
diff --git a/lib/git/git_info.go b/lib/git/build_git_info.go
similarity index 92%
rename from lib/git/git_info.go
rename to lib/git/build_git_info.go
index b63795336..c20a61d6e 100644
--- a/lib/git/git_info.go
+++ b/lib/git/build_git_info.go
@@ -5,14 +5,14 @@ import (
 	"errors"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
 	"path/filepath"
 )
 
-func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (result.GitInfo, result.ProjectKey, error) {
-	var gitInfo result.GitInfo
+func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (types.GitInfo, result.ProjectKey, error) {
+	var gitInfo types.GitInfo
 	var projectKey result.ProjectKey
 	if repoRoot == "" {
 		return gitInfo, projectKey, nil
@@ -59,7 +59,7 @@ func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (resu
 		}
 	}
 
-	gitInfo = result.GitInfo{
+	gitInfo = types.GitInfo{
 		Url:    originUrl,
 		SubDir: subDir,
 		Dirty:  !s.IsClean(),
diff --git a/lib/git/list_refs.go b/lib/git/list_refs.go
index 7992936b8..1b6d731d5 100644
--- a/lib/git/list_refs.go
+++ b/lib/git/list_refs.go
@@ -11,7 +11,7 @@ import (
 	"github.com/go-git/go-git/v5/storage/memory"
 	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"strconv"
 )
 
diff --git a/lib/git/mirrored_repo.go b/lib/git/mirrored_repo.go
index 8a72b8d19..9c96dfdb4 100644
--- a/lib/git/mirrored_repo.go
+++ b/lib/git/mirrored_repo.go
@@ -14,9 +14,8 @@ import (
 	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
 	_ "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
 	"path/filepath"
@@ -275,7 +274,7 @@ func (g *MirroredGitRepo) update(repoDir string) error {
 		// go-git does not respect the context deadline in some situations, especially after errors occur internally.
 		// This leads to hanging fetches, which can easily deadlock the whole kluctl process. The only way to handle
 		// this currently is to panic when the deadline is exceeded too much.
-		err = utils.RunWithDeadlineAndPanic(g.ctx, 5*time.Second, func() error {
+		err = RunWithDeadlineAndPanic(g.ctx, 5*time.Second, func() error {
 			return remote.FetchContext(g.ctx, &git.FetchOptions{
 				Auth:     auth.AuthMethod,
 				CABundle: auth.CABundle,
diff --git a/lib/git/types/doc.go b/lib/git/types/doc.go
new file mode 100644
index 000000000..b4756cc8a
--- /dev/null
+++ b/lib/git/types/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package types contains types used in Kluctl projects
+// +kubebuilder:object:generate=true
+package types
diff --git a/lib/git/types/git_info.go b/lib/git/types/git_info.go
new file mode 100644
index 000000000..624dea028
--- /dev/null
+++ b/lib/git/types/git_info.go
@@ -0,0 +1,9 @@
+package types
+
+type GitInfo struct {
+	Url    *GitUrl `json:"url"`
+	Ref    *GitRef `json:"ref"`
+	SubDir string  `json:"subDir"`
+	Commit string  `json:"commit"`
+	Dirty  bool    `json:"dirty"`
+}
diff --git a/lib/git/types/git_ref.go b/lib/git/types/git_ref.go
new file mode 100644
index 000000000..6b76b1e21
--- /dev/null
+++ b/lib/git/types/git_ref.go
@@ -0,0 +1,91 @@
+package types
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"strings"
+)
+
+type GitRef struct {
+	// Branch to use.
+	// +optional
+	Branch string `json:"branch,omitempty"`
+
+	// Tag to use.
+	// +optional
+	Tag string `json:"tag,omitempty"`
+
+	// Ref is only used to keep compatibility to the old string based ref field in GitProject
+	// You are not allowed to use it directly
+	Ref string `json:"-"`
+
+	// Commit SHA to use.
+	// +optional
+	Commit string `json:"commit,omitempty"`
+}
+
+func (ref *GitRef) UnmarshalJSON(b []byte) error {
+	if err := yaml.ReadYamlBytes(b, &ref.Ref); err == nil {
+		// it's a simple string
+		return nil
+	}
+	ref.Ref = ""
+	type raw GitRef
+	err := yaml.ReadYamlBytes(b, (*raw)(ref))
+	if err != nil {
+		return err
+	}
+
+	cnt := 0
+	if ref.Tag != "" {
+		cnt++
+	}
+	if ref.Branch != "" {
+		cnt++
+	}
+	if ref.Commit != "" {
+		cnt++
+	}
+	if cnt == 0 {
+		return fmt.Errorf("either branch, tag or commit must be set")
+	}
+	if cnt != 1 {
+		return fmt.Errorf("only one of the ref fields can be set")
+	}
+	return nil
+}
+
+func (ref GitRef) MarshalJSON() ([]byte, error) {
+	if ref.Ref != "" {
+		return json.Marshal(ref.Ref)
+	}
+
+	type raw GitRef
+	return json.Marshal((*raw)(&ref))
+}
+
+func (ref *GitRef) String() string {
+	if ref == nil {
+		return ""
+	}
+	if ref.Tag != "" {
+		return fmt.Sprintf("refs/tags/%s", ref.Tag)
+	} else if ref.Branch != "" {
+		return fmt.Sprintf("refs/heads/%s", ref.Branch)
+	} else if ref.Ref != "" {
+		return ref.Ref
+	} else {
+		return ""
+	}
+}
+
+func ParseGitRef(s string) (GitRef, error) {
+	if strings.HasPrefix(s, "refs/heads/") {
+		return GitRef{Branch: strings.SplitN(s, "/", 3)[2]}, nil
+	} else if strings.HasPrefix(s, "refs/tags/") {
+		return GitRef{Tag: strings.SplitN(s, "/", 3)[2]}, nil
+	} else {
+		return GitRef{}, fmt.Errorf("can't parse %s as GitRef", s)
+	}
+}
diff --git a/pkg/types/git_url.go b/lib/git/types/git_url.go
similarity index 100%
rename from pkg/types/git_url.go
rename to lib/git/types/git_url.go
diff --git a/lib/git/types/zz_generated.deepcopy.go b/lib/git/types/zz_generated.deepcopy.go
new file mode 100644
index 000000000..5d12441fa
--- /dev/null
+++ b/lib/git/types/zz_generated.deepcopy.go
@@ -0,0 +1,87 @@
+//go:build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package types
+
+import ()
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitInfo) DeepCopyInto(out *GitInfo) {
+	*out = *in
+	if in.Url != nil {
+		in, out := &in.Url, &out.Url
+		*out = (*in).DeepCopy()
+	}
+	if in.Ref != nil {
+		in, out := &in.Ref, &out.Ref
+		*out = new(GitRef)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitInfo.
+func (in *GitInfo) DeepCopy() *GitInfo {
+	if in == nil {
+		return nil
+	}
+	out := new(GitInfo)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GitRef) DeepCopyInto(out *GitRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRef.
+func (in *GitRef) DeepCopy() *GitRef {
+	if in == nil {
+		return nil
+	}
+	out := new(GitRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitUrl.
+func (in *GitUrl) DeepCopy() *GitUrl {
+	if in == nil {
+		return nil
+	}
+	out := new(GitUrl)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RepoKey) DeepCopyInto(out *RepoKey) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepoKey.
+func (in *RepoKey) DeepCopy() *RepoKey {
+	if in == nil {
+		return nil
+	}
+	out := new(RepoKey)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/lib/git/utils.go b/lib/git/utils.go
index 2eebc90cc..a42bec0c3 100644
--- a/lib/git/utils.go
+++ b/lib/git/utils.go
@@ -5,15 +5,18 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"github.com/go-errors/errors"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"sync/atomic"
+	"time"
 )
 
 type CheckoutInfo struct {
@@ -124,3 +127,32 @@ func LoadGitignore(p string) ([]gitignore.Pattern, error) {
 	ignorePatterns = append(ignorePatterns, sourceignore.ReadPatterns(strings.NewReader(".git"), domain)...)
 	return ignorePatterns, nil
 }
+
+func RunWithDeadlineAndPanic(ctx context.Context, extraDeadline time.Duration, f func() error) error {
+	deadline, hasDeadline := ctx.Deadline()
+
+	if !hasDeadline {
+		return f()
+	}
+
+	var finished atomic.Bool
+
+	wait := deadline.Sub(time.Now()) + extraDeadline
+	if wait < 0 {
+		return ctx.Err()
+	}
+
+	deadlineErr := errors.New(fmt.Errorf("deadline exceeded while calling function"))
+
+	t := time.AfterFunc(wait, func() {
+		if !finished.Load() {
+			panic(deadlineErr.ErrorStack())
+		}
+	})
+	defer t.Stop()
+
+	err := f()
+	finished.Store(true)
+
+	return err
+}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index 6e985bd82..bc50d3097 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -8,6 +8,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
@@ -19,7 +20,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/prometheus/client_golang/prometheus"
@@ -688,7 +688,7 @@ func (pt *preparedTarget) addCommandResultInfo(ctx context.Context, cmdResult *r
 	}
 
 	// the ref is not properly set by addGitInfo due to the way the repo cache checks out by commit
-	if pt.pp.co.CheckedOutRef != (types2.GitRef{}) {
+	if pt.pp.co.CheckedOutRef != (gittypes.GitRef{}) {
 		cmdResult.GitInfo.Ref = &pt.pp.co.CheckedOutRef
 	}
 
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 4ef67fe6e..cfc4c93c9 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -6,9 +6,9 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	types2 "github.com/kluctl/kluctl/v2/lib/git/types"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -79,7 +79,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 
 	var newProjectKey result.ProjectKey
 	if obj.Spec.Source.Git != nil {
-		repoKey, err := types.NewRepoKeyFromGitUrl(obj.Spec.Source.Git.URL)
+		repoKey, err := types2.NewRepoKeyFromGitUrl(obj.Spec.Source.Git.URL)
 		if err != nil {
 			return err
 		}
@@ -88,7 +88,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 			SubDir:  path.Clean(obj.Spec.Source.Git.Path),
 		}
 	} else if obj.Spec.Source.Oci != nil {
-		repoKey, err := types.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
+		repoKey, err := types2.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
 		if err != nil {
 			return err
 		}
@@ -97,7 +97,7 @@ func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *k
 			SubDir:  path.Clean(obj.Spec.Source.Oci.Path),
 		}
 	} else if obj.Spec.Source.URL != nil {
-		repoKey, err := types.NewRepoKeyFromGitUrl(*obj.Spec.Source.URL)
+		repoKey, err := types2.NewRepoKeyFromGitUrl(*obj.Spec.Source.URL)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 1d559035e..65c81d410 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"os"
 	"path"
 	"path/filepath"
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 3efc67122..199e736b0 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	types2 "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
@@ -28,7 +29,7 @@ type OciRepoCache struct {
 
 	ociAuthProvider auth_provider.OciAuthProvider
 
-	repos      map[types.RepoKey]*OciCacheEntry
+	repos      map[types2.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides sourceoverride.Resolver
@@ -53,7 +54,7 @@ func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthP
 		ctx:             ctx,
 		updateInterval:  updateInterval,
 		ociAuthProvider: ociAuthProvider,
-		repos:           map[types.RepoKey]*OciCacheEntry{},
+		repos:           map[types2.RepoKey]*OciCacheEntry{},
 		repoOverrides:   repoOverrides,
 	}
 }
@@ -80,7 +81,7 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 		return nil, fmt.Errorf("unsupported scheme %s, must be oci://", urlN.Scheme)
 	}
 
-	repoKey := types.NewRepoKey("oci", urlN.Host, urlN.Path)
+	repoKey := types2.NewRepoKey("oci", urlN.Host, urlN.Path)
 
 	var overridePath string
 	if rp.repoOverrides != nil {
diff --git a/pkg/sourceoverride/chained.go b/pkg/sourceoverride/chained.go
index 5d4564b43..afa9be118 100644
--- a/pkg/sourceoverride/chained.go
+++ b/pkg/sourceoverride/chained.go
@@ -2,7 +2,7 @@ package sourceoverride
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 )
 
 type ChainedResolver struct {
diff --git a/pkg/sourceoverride/manager.go b/pkg/sourceoverride/manager.go
index 6572d20fe..977da2d2b 100644
--- a/pkg/sourceoverride/manager.go
+++ b/pkg/sourceoverride/manager.go
@@ -3,7 +3,7 @@ package sourceoverride
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/types"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path"
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index 51fefeccd..d2cfe7fd7 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -12,9 +12,9 @@ import (
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index c894cf1f3..b8717c126 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"context"
 	"errors"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/tar"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
index 6375f3b9f..8cfd4e918 100644
--- a/pkg/sourceoverride/sourceoverride.pb.go
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.31.0
-// 	protoc        v4.24.4
+// 	protoc        v5.27.1
 // source: sourceoverride.proto
 
 package sourceoverride
diff --git a/pkg/sourceoverride/sourceoverride_grpc.pb.go b/pkg/sourceoverride/sourceoverride_grpc.pb.go
index b61ffdab8..eac3fccc4 100644
--- a/pkg/sourceoverride/sourceoverride_grpc.pb.go
+++ b/pkg/sourceoverride/sourceoverride_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.3.0
-// - protoc             v4.24.4
+// - protoc             v5.27.1
 // source: sourceoverride.proto
 
 package sourceoverride
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index 2087df3b7..fbe0acbd2 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -1,9 +1,9 @@
 package types
 
 import (
-	"encoding/json"
 	"fmt"
-	yaml2 "github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"regexp"
 	"strings"
 
@@ -14,101 +14,18 @@ import (
 var gitDirPatternNeg = regexp.MustCompile(`[\\\/:\*?"<>|[:cntrl:]\0^]`)
 
 type GitProject struct {
-	Url    GitUrl  `json:"url" validate:"required"`
-	Ref    *GitRef `json:"ref,omitempty"`
-	SubDir string  `json:"subDir,omitempty"`
+	Url    types.GitUrl  `json:"url" validate:"required"`
+	Ref    *types.GitRef `json:"ref,omitempty"`
+	SubDir string        `json:"subDir,omitempty"`
 }
 
 func (gp *GitProject) UnmarshalJSON(b []byte) error {
-	if err := yaml2.ReadYamlBytes(b, &gp.Url); err == nil {
+	if err := yaml.ReadYamlBytes(b, &gp.Url); err == nil {
 		// it's a simple string
 		return nil
 	}
 	type raw GitProject
-	return yaml2.ReadYamlBytes(b, (*raw)(gp))
-}
-
-type GitRef struct {
-	// Branch to use.
-	// +optional
-	Branch string `json:"branch,omitempty"`
-
-	// Tag to use.
-	// +optional
-	Tag string `json:"tag,omitempty"`
-
-	// Ref is only used to keep compatibility to the old string based ref field in GitProject
-	// You are not allowed to use it directly
-	Ref string `json:"-"`
-
-	// Commit SHA to use.
-	// +optional
-	Commit string `json:"commit,omitempty"`
-}
-
-func (ref *GitRef) UnmarshalJSON(b []byte) error {
-	if err := yaml2.ReadYamlBytes(b, &ref.Ref); err == nil {
-		// it's a simple string
-		return nil
-	}
-	ref.Ref = ""
-	type raw GitRef
-	err := yaml2.ReadYamlBytes(b, (*raw)(ref))
-	if err != nil {
-		return err
-	}
-
-	cnt := 0
-	if ref.Tag != "" {
-		cnt++
-	}
-	if ref.Branch != "" {
-		cnt++
-	}
-	if ref.Commit != "" {
-		cnt++
-	}
-	if cnt == 0 {
-		return fmt.Errorf("either branch, tag or commit must be set")
-	}
-	if cnt != 1 {
-		return fmt.Errorf("only one of the ref fields can be set")
-	}
-	return nil
-}
-
-func (ref GitRef) MarshalJSON() ([]byte, error) {
-	if ref.Ref != "" {
-		return json.Marshal(ref.Ref)
-	}
-
-	type raw GitRef
-	return json.Marshal((*raw)(&ref))
-}
-
-func (ref *GitRef) String() string {
-	if ref == nil {
-		return ""
-	}
-	if ref.Tag != "" {
-		return fmt.Sprintf("refs/tags/%s", ref.Tag)
-	} else if ref.Branch != "" {
-		return fmt.Sprintf("refs/heads/%s", ref.Branch)
-	} else if ref.Ref != "" {
-		return ref.Ref
-	} else {
-		return ""
-	}
-}
-
-func ParseGitRef(s string) (GitRef, error) {
-	if strings.HasPrefix(s, "refs/heads/") {
-		return GitRef{Branch: strings.SplitN(s, "/", 3)[2]}, nil
-	} else if strings.HasPrefix(s, "refs/tags/") {
-		return GitRef{Tag: strings.SplitN(s, "/", 3)[2]}, nil
-	} else {
-		return GitRef{}, fmt.Errorf("can't parse %s as GitRef", s)
-	}
+	return yaml.ReadYamlBytes(b, (*raw)(gp))
 }
 
 // invalidDirName evaluate directory name against forbidden characters
@@ -134,5 +51,5 @@ func ValidateGitProject(sl validator.StructLevel) {
 }
 
 func init() {
-	yaml2.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
+	yaml.Validator.RegisterStructValidation(ValidateGitProject, GitProject{})
 }
diff --git a/pkg/types/git_project_test.go b/pkg/types/git_project_test.go
index 04dc83e67..b628348ef 100644
--- a/pkg/types/git_project_test.go
+++ b/pkg/types/git_project_test.go
@@ -2,12 +2,13 @@ package types
 
 import (
 	"encoding/json"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
 func TestMarshaGitRefString(t *testing.T) {
-	var ref GitRef
+	var ref types.GitRef
 	err := json.Unmarshal([]byte(`"as_string"`), &ref)
 	assert.NoError(t, err)
 	assert.Equal(t, "as_string", ref.Ref)
@@ -19,14 +20,14 @@ func TestMarshaGitRefString(t *testing.T) {
 
 func TestMarshalGitRef(t *testing.T) {
 	s := `{"branch": "branch1"}`
-	var ref GitRef
+	var ref types.GitRef
 	err := json.Unmarshal([]byte(s), &ref)
 	assert.NoError(t, err)
 	assert.Equal(t, "branch1", ref.Branch)
 	assert.Empty(t, ref.Tag)
 
 	s = `{"tag": "tag1"}`
-	ref = GitRef{}
+	ref = types.GitRef{}
 	err = json.Unmarshal([]byte(s), &ref)
 	assert.NoError(t, err)
 	assert.Equal(t, "tag1", ref.Tag)
@@ -34,9 +35,9 @@ func TestMarshalGitRef(t *testing.T) {
 }
 
 func TestMarshalGitRefErrors(t *testing.T) {
-	err := json.Unmarshal([]byte(`{"branch": "branch1", "tag": "tag1"}`), &GitRef{})
+	err := json.Unmarshal([]byte(`{"branch": "branch1", "tag": "tag1"}`), &types.GitRef{})
 	assert.EqualError(t, err, "only one of the ref fields can be set")
 
-	err = json.Unmarshal([]byte(`{}`), &GitRef{})
+	err = json.Unmarshal([]byte(`{}`), &types.GitRef{})
 	assert.EqualError(t, err, "either branch, tag or commit must be set")
 }
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index b8f1e103b..079cef7d4 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -1,6 +1,7 @@
 package result
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -40,8 +41,8 @@ const (
 )
 
 type ProjectKey struct {
-	RepoKey types.RepoKey `json:"repoKey,omitempty"`
-	SubDir  string        `json:"subDir,omitempty"`
+	RepoKey gittypes.RepoKey `json:"repoKey,omitempty"`
+	SubDir  string           `json:"subDir,omitempty"`
 }
 
 func (k ProjectKey) Less(o ProjectKey) bool {
@@ -95,14 +96,6 @@ type CommandInfo struct {
 	ExcludeDeploymentDirs []string               `json:"excludeDeploymentDirs,omitempty"`
 }
 
-type GitInfo struct {
-	Url    *types.GitUrl `json:"url"`
-	Ref    *types.GitRef `json:"ref"`
-	SubDir string        `json:"subDir"`
-	Commit string        `json:"commit"`
-	Dirty  bool          `json:"dirty"`
-}
-
 type ClusterInfo struct {
 	ClusterId string `json:"clusterId"`
 }
@@ -134,7 +127,7 @@ type CommandResult struct {
 	Command          CommandInfo                    `json:"command,omitempty"`
 	KluctlDeployment *KluctlDeploymentInfo          `json:"kluctlDeployment,omitempty"`
 	OverridesPatch   *uo.UnstructuredObject         `json:"overridesPatch,omitempty"`
-	GitInfo          GitInfo                        `json:"gitInfo,omitempty"`
+	GitInfo          gittypes.GitInfo               `json:"gitInfo,omitempty"`
 	ClusterInfo      ClusterInfo                    `json:"clusterInfo"`
 	Deployment       *types.DeploymentProjectConfig `json:"deployment,omitempty"`
 
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index eac4165d1..42cf37d18 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -1,6 +1,7 @@
 package result
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
@@ -12,7 +13,7 @@ type CommandResultSummary struct {
 	Target           types.Target          `json:"target"`
 	Command          CommandInfo           `json:"commandInfo"`
 	KluctlDeployment *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
-	GitInfo          GitInfo               `json:"gitInfo,omitempty"`
+	GitInfo          gittypes.GitInfo      `json:"gitInfo,omitempty"`
 	ClusterInfo      ClusterInfo           `json:"clusterInfo,omitempty"`
 
 	RenderedObjectsHash string `json:"renderedObjectsHash,omitempty"`
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 7bdb4ae83..4534905c6 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -387,30 +387,6 @@ func (in *DriftedObject) DeepCopy() *DriftedObject {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitInfo) DeepCopyInto(out *GitInfo) {
-	*out = *in
-	if in.Url != nil {
-		in, out := &in.Url, &out.Url
-		*out = (*in).DeepCopy()
-	}
-	if in.Ref != nil {
-		in, out := &in.Ref, &out.Ref
-		*out = new(types.GitRef)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitInfo.
-func (in *GitInfo) DeepCopy() *GitInfo {
-	if in == nil {
-		return nil
-	}
-	out := new(GitInfo)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KluctlDeploymentInfo) DeepCopyInto(out *KluctlDeploymentInfo) {
 	*out = *in
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 3a1859599..20cbe7b38 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -9,14 +10,14 @@ import (
 )
 
 type VarsSourceGit struct {
-	Url  GitUrl  `json:"url" validate:"required"`
-	Ref  *GitRef `json:"ref,omitempty"`
-	Path string  `json:"path" validate:"required"`
+	Url  types.GitUrl  `json:"url" validate:"required"`
+	Ref  *types.GitRef `json:"ref,omitempty"`
+	Path string        `json:"path" validate:"required"`
 }
 
 type VarsSourceGitFiles struct {
-	Url GitUrl  `json:"url" validate:"required"`
-	Ref *GitRef `json:"ref,omitempty"`
+	Url types.GitUrl  `json:"url" validate:"required"`
+	Ref *types.GitRef `json:"ref,omitempty"`
 
 	Files []GitFile `json:"files,omitempty"`
 }
@@ -37,8 +38,8 @@ type GitFileMatch struct {
 }
 
 type GitFilesRefMatch struct {
-	Ref    GitRef `json:"ref"`
-	RefStr string `json:"refStr"`
+	Ref    types.GitRef `json:"ref"`
+	RefStr string       `json:"refStr"`
 
 	Files       []GitFileMatch          `json:"files"`
 	FilesByPath map[string]GitFileMatch `json:"filesByPath"`
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 5d4fd1cd6..bf6526e20 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -21,6 +21,7 @@ limitations under the License.
 package types
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -447,7 +448,7 @@ func (in *GitProject) DeepCopyInto(out *GitProject) {
 	in.Url.DeepCopyInto(&out.Url)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(GitRef)
+		*out = new(gittypes.GitRef)
 		**out = **in
 	}
 }
@@ -462,31 +463,6 @@ func (in *GitProject) DeepCopy() *GitProject {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GitRef) DeepCopyInto(out *GitRef) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRef.
-func (in *GitRef) DeepCopy() *GitRef {
-	if in == nil {
-		return nil
-	}
-	out := new(GitRef)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitUrl.
-func (in *GitUrl) DeepCopy() *GitUrl {
-	if in == nil {
-		return nil
-	}
-	out := new(GitUrl)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmChartConfig) DeepCopyInto(out *HelmChartConfig) {
 	*out = *in
@@ -699,21 +675,6 @@ func (in *OciRef) DeepCopy() *OciRef {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RepoKey) DeepCopyInto(out *RepoKey) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepoKey.
-func (in *RepoKey) DeepCopy() *RepoKey {
-	if in == nil {
-		return nil
-	}
-	out := new(RepoKey)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) {
 	*out = *in
@@ -986,7 +947,7 @@ func (in *VarsSourceGit) DeepCopyInto(out *VarsSourceGit) {
 	in.Url.DeepCopyInto(&out.Url)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(GitRef)
+		*out = new(gittypes.GitRef)
 		**out = **in
 	}
 }
@@ -1007,7 +968,7 @@ func (in *VarsSourceGitFiles) DeepCopyInto(out *VarsSourceGitFiles) {
 	in.Url.DeepCopyInto(&out.Url)
 	if in.Ref != nil {
 		in, out := &in.Ref, &out.Ref
-		*out = new(GitRef)
+		*out = new(gittypes.GitRef)
 		**out = **in
 	}
 	if in.Files != nil {
diff --git a/pkg/utils/watchdog.go b/pkg/utils/watchdog.go
deleted file mode 100644
index 63ce71e7b..000000000
--- a/pkg/utils/watchdog.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package utils
-
-import (
-	"context"
-	"fmt"
-	"github.com/go-errors/errors"
-	"sync/atomic"
-	"time"
-)
-
-func RunWithDeadlineAndPanic(ctx context.Context, extraDeadline time.Duration, f func() error) error {
-	deadline, hasDeadline := ctx.Deadline()
-
-	if !hasDeadline {
-		return f()
-	}
-
-	var finished atomic.Bool
-
-	wait := deadline.Sub(time.Now()) + extraDeadline
-	if wait < 0 {
-		return ctx.Err()
-	}
-
-	deadlineErr := errors.New(fmt.Errorf("deadline exceeded while calling function"))
-
-	t := time.AfterFunc(wait, func() {
-		if !finished.Load() {
-			panic(deadlineErr.ErrorStack())
-		}
-	})
-	defer t.Stop()
-
-	err := f()
-	finished.Store(true)
-
-	return err
-}
diff --git a/pkg/vars/vars_loader_git_files.go b/pkg/vars/vars_loader_git_files.go
index 672817c55..134fc49de 100644
--- a/pkg/vars/vars_loader_git_files.go
+++ b/pkg/vars/vars_loader_git_files.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/gobwas/glob"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
@@ -52,7 +53,7 @@ func (v *VarsLoader) loadGitFiles(ctx context.Context, varsCtx *VarsCtx, gitFile
 
 	results := make([]*uo.UnstructuredObject, 0, len(matchingRefs))
 	for ref, hash := range matchingRefs {
-		dir, _, err := ge.GetClonedDir(&types.GitRef{
+		dir, _, err := ge.GetClonedDir(&gittypes.GitRef{
 			Commit: hash,
 		})
 		if err != nil {
@@ -171,9 +172,9 @@ func (v *VarsLoader) loadGitFiles(ctx context.Context, varsCtx *VarsCtx, gitFile
 	return results, sensible, nil
 }
 
-func (v *VarsLoader) filterGitRefs(ref *types.GitRef, ge *repocache.GitCacheEntry) (map[types.GitRef]string, error) {
+func (v *VarsLoader) filterGitRefs(ref *gittypes.GitRef, ge *repocache.GitCacheEntry) (map[gittypes.GitRef]string, error) {
 	var err error
-	matchingRefs := map[types.GitRef]string{}
+	matchingRefs := map[gittypes.GitRef]string{}
 
 	ri := ge.GetRepoInfo()
 
@@ -191,7 +192,7 @@ func (v *VarsLoader) filterGitRefs(ref *types.GitRef, ge *repocache.GitCacheEntr
 		found := false
 		for name, hash := range ri.RemoteRefs {
 			if hash == ref.Commit {
-				ref2, err := types.ParseGitRef(name)
+				ref2, err := gittypes.ParseGitRef(name)
 				if err != nil {
 					return nil, err
 				}
@@ -223,7 +224,7 @@ func (v *VarsLoader) filterGitRefs(ref *types.GitRef, ge *repocache.GitCacheEntr
 
 	for name, hash := range ri.RemoteRefs {
 		if regex.MatchString(name) {
-			ref2, err := types.ParseGitRef(name)
+			ref2, err := gittypes.ParseGitRef(name)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/vars/vars_loader_git_files_test.go b/pkg/vars/vars_loader_git_files_test.go
index 7d838fab3..94885fc7e 100644
--- a/pkg/vars/vars_loader_git_files_test.go
+++ b/pkg/vars/vars_loader_git_files_test.go
@@ -6,6 +6,7 @@ import (
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
@@ -205,7 +206,7 @@ test1:
 
 	// master branch, single file
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
@@ -221,7 +222,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "master",
 				},
 				Files: []types.GitFileMatch{
@@ -238,7 +239,7 @@ test1:
 
 	// master branch, multiple files
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
@@ -254,7 +255,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "master",
 				},
 				Files: []types.GitFileMatch{
@@ -277,7 +278,7 @@ test1:
 
 	// master branch, multiple files in subdirs
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
@@ -293,7 +294,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "master",
 				},
 				Files: []types.GitFileMatch{
@@ -316,11 +317,11 @@ test1:
 
 	// b1+b2 branches, no files
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "b.*",
 				},
 			},
@@ -330,13 +331,13 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFileMatch{},
 			},
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b2",
 				},
 				Files: []types.GitFileMatch{},
@@ -346,11 +347,11 @@ test1:
 
 	// b1 branch, multiple files
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFile{
@@ -365,7 +366,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFileMatch{
@@ -388,11 +389,11 @@ test1:
 
 	// b1+b2 branch, single file
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "b.*",
 				},
 				Files: []types.GitFile{
@@ -407,7 +408,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFileMatch{
@@ -420,7 +421,7 @@ test1:
 				},
 			},
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b2",
 				},
 				Files: []types.GitFileMatch{
@@ -437,11 +438,11 @@ test1:
 
 	// b1+b2 branch, multiple files
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "b.*",
 				},
 				Files: []types.GitFile{
@@ -456,7 +457,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFileMatch{
@@ -475,7 +476,7 @@ test1:
 				},
 			},
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b2",
 				},
 				Files: []types.GitFileMatch{
@@ -498,11 +499,11 @@ test1:
 
 	// b1+b2+c1 branch but with multiple file patterns and parsed yaml
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "b.*",
 				},
 				Files: []types.GitFile{
@@ -521,7 +522,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b1",
 				},
 				Files: []types.GitFileMatch{
@@ -541,7 +542,7 @@ test1:
 				},
 			},
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "b2",
 				},
 				Files: []types.GitFileMatch{
@@ -565,11 +566,11 @@ test1:
 
 	// c1 branch multidoc.yaml
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFile{
@@ -586,7 +587,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFileMatch{
@@ -604,11 +605,11 @@ test1:
 
 	// c1 branch rendered.yaml
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFile{
@@ -626,7 +627,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFileMatch{
@@ -645,11 +646,11 @@ test1:
 
 	// c1 branch sops.yaml
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			GitFiles: &types.VarsSourceGitFiles{
 				Url: *url,
-				Ref: &types.GitRef{
+				Ref: &gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFile{
@@ -665,7 +666,7 @@ test1:
 
 		assertResults(vc, "my.target", []types.GitFilesRefMatch{
 			{
-				Ref: types.GitRef{
+				Ref: gittypes.GitRef{
 					Branch: "c1",
 				},
 				Files: []types.GitFileMatch{
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 1fcec0032..49d9ea2ea 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -5,10 +5,10 @@ import (
 	"container/list"
 	"context"
 	"github.com/gin-gonic/gin"
+	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"net/http"
 	"nhooyr.io/websocket"
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index cd467188c..e195054d1 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -23,9 +24,9 @@ func main() {
 		Add(uo.UnstructuredObject{}).
 		Add(webui.ProjectTargetKey{}).
 		Add(webui.AuthInfo{}).
-		ManageType(types.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
-		ManageType(types.GitRef{}, typescriptify.TypeOptions{TSType: "GitRef", TSTransform: "new GitRef(__VALUE__)"}).
-		ManageType(types.RepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(gittypes.GitUrl{}, typescriptify.TypeOptions{TSType: "string"}).
+		ManageType(gittypes.GitRef{}, typescriptify.TypeOptions{TSType: "GitRef", TSTransform: "new GitRef(__VALUE__)"}).
+		ManageType(gittypes.RepoKey{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(types.YamlUrl{}, typescriptify.TypeOptions{TSType: "string"}).
 		ManageType(uo.UnstructuredObject{}, typescriptify.TypeOptions{TSType: "any"}).
 		ManageType(metav1.Time{}, typescriptify.TypeOptions{TSType: "string"}).

From 870efd60d4fd2b6dfcdf12b8b4991c722610d011 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:44:17 +0200
Subject: [PATCH 2132/2268] chore: Remove objecthandlers from shortnames.go

---
 pkg/webui/shortnames.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/webui/shortnames.go b/pkg/webui/shortnames.go
index e21189d20..83fcd4c90 100644
--- a/pkg/webui/shortnames.go
+++ b/pkg/webui/shortnames.go
@@ -158,7 +158,6 @@ gitlabcomments                                                templates.kluctl.i
 gitprojectors                                                 templates.kluctl.io/v1alpha1                true         GitProjector
 listgithubpullrequests                                        templates.kluctl.io/v1alpha1                true         ListGithubPullRequests
 listgitlabmergerequests                                       templates.kluctl.io/v1alpha1                true         ListGitlabMergeRequests
-objecthandlers                                                templates.kluctl.io/v1alpha1                true         ObjectHandler
 objecttemplates                                               templates.kluctl.io/v1alpha1                true         ObjectTemplate
 texttemplates                                                 templates.kluctl.io/v1alpha1                true         TextTemplate
 backuprepositories                                            velero.io/v1                                true         BackupRepository

From f02532bbfdce762ee7df8de7a60e2eb596bd2416 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:53:04 +0200
Subject: [PATCH 2133/2268] refactor: Move ProjectKey into lib/git

---
 api/v1beta1/kluctldeployment_types.go         |   2 +-
 api/v1beta1/zz_generated.deepcopy.go          |   2 +-
 cmd/kluctl/commands/cmd_gitops.go             |  15 +-
 lib/git/build_git_info.go                     |   5 +-
 lib/git/types/git_url.go                      | 133 ---------------
 lib/git/types/repo_key.go                     | 157 ++++++++++++++++++
 lib/git/types/zz_generated.deepcopy.go        |  16 ++
 .../kluctldeployment_controller_status.go     |  16 +-
 pkg/repocache/oci_cache.go                    |  11 +-
 pkg/results/result-store-secrets.go           |   7 +-
 pkg/results/result-store.go                   |   5 +-
 pkg/types/result/command_result.go            |  17 +-
 pkg/types/result/command_result_summary.go    |   2 +-
 pkg/types/result/drift_detection_result.go    |   3 +-
 pkg/types/result/validate_result.go           |   5 +-
 pkg/types/result/zz_generated.deepcopy.go     |  16 --
 pkg/webui/events.go                           |   7 +-
 pkg/webui/server.go                           |   5 +-
 18 files changed, 217 insertions(+), 207 deletions(-)
 create mode 100644 lib/git/types/repo_key.go

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index 96e8343f3..b05b5faf1 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -504,7 +504,7 @@ type KluctlDeploymentStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
 	// +optional
-	ProjectKey *result.ProjectKey `json:"projectKey,omitempty"`
+	ProjectKey *gittypes.ProjectKey `json:"projectKey,omitempty"`
 
 	// +optional
 	TargetKey *result.TargetKey `json:"targetKey,omitempty"`
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 52151fc37..83eb86eb6 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -270,7 +270,7 @@ func (in *KluctlDeploymentStatus) DeepCopyInto(out *KluctlDeploymentStatus) {
 	}
 	if in.ProjectKey != nil {
 		in, out := &in.ProjectKey, &out.ProjectKey
-		*out = new(result.ProjectKey)
+		*out = new(gittypes.ProjectKey)
 		**out = **in
 	}
 	if in.TargetKey != nil {
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 02d55838e..128128484 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -8,7 +8,7 @@ import (
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
@@ -16,7 +16,6 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	flag "github.com/spf13/pflag"
@@ -58,8 +57,8 @@ type gitopsCmdHelper struct {
 	noArgsReact noArgsReact
 
 	projectGitRoot string
-	projectGitInfo *result.GitInfo
-	projectKey     *result.ProjectKey
+	projectGitInfo *gittypes.GitInfo
+	projectKey     *gittypes.ProjectKey
 
 	kds []v1beta1.KluctlDeployment
 
@@ -232,7 +231,7 @@ func (g *gitopsCmdHelper) collectLocalProjectInfo(ctx context.Context) error {
 		return err
 	}
 
-	if projectKey.RepoKey == (types.RepoKey{}) {
+	if projectKey.RepoKey == (gittypes.RepoKey{}) {
 		return fmt.Errorf("failed to determine repo key")
 	}
 
@@ -278,11 +277,11 @@ func (g *gitopsCmdHelper) autoDetectDeployment(ctx context.Context) error {
 			u = *kd.Spec.Source.URL
 			subDir = kd.Spec.Source.Path
 		}
-		var repoKey types.RepoKey
+		var repoKey gittypes.RepoKey
 		if isGit {
-			repoKey, err = types.NewRepoKeyFromGitUrl(u)
+			repoKey, err = gittypes.NewRepoKeyFromGitUrl(u)
 		} else {
-			repoKey, err = types.NewRepoKeyFromUrl(u)
+			repoKey, err = gittypes.NewRepoKeyFromUrl(u)
 		}
 		if err != nil {
 			status.Warningf(ctx, "Failed to determine repo key for KluctlDeployment %s/%s with source url %s: %s", kd.Namespace, kd.Name, u, err.Error())
diff --git a/lib/git/build_git_info.go b/lib/git/build_git_info.go
index c20a61d6e..bc28988fa 100644
--- a/lib/git/build_git_info.go
+++ b/lib/git/build_git_info.go
@@ -6,14 +6,13 @@ import (
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"os"
 	"path/filepath"
 )
 
-func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (types.GitInfo, result.ProjectKey, error) {
+func BuildGitInfo(ctx context.Context, repoRoot string, projectDir string) (types.GitInfo, types.ProjectKey, error) {
 	var gitInfo types.GitInfo
-	var projectKey result.ProjectKey
+	var projectKey types.ProjectKey
 	if repoRoot == "" {
 		return gitInfo, projectKey, nil
 	}
diff --git a/lib/git/types/git_url.go b/lib/git/types/git_url.go
index 9fe592f55..ceff689db 100644
--- a/lib/git/types/git_url.go
+++ b/lib/git/types/git_url.go
@@ -7,8 +7,6 @@ import (
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"net/url"
 	"path"
-	"regexp"
-	"strconv"
 	"strings"
 )
 
@@ -140,134 +138,3 @@ func (u *GitUrl) RepoKey() RepoKey {
 	u2 := u.Normalize()
 	return NewRepoKey("git", u2.Host, u2.Path)
 }
-
-// +kubebuilder:validation:Type=string
-type RepoKey struct {
-	Type string `json:"-"`
-	Host string `json:"-"`
-	Path string `json:"-"`
-}
-
-func NewRepoKey(type_ string, host string, path string) RepoKey {
-	path = strings.TrimSuffix(path, "/")
-	path = strings.TrimPrefix(path, "/")
-	return RepoKey{
-		Type: type_,
-		Host: host,
-		Path: path,
-	}
-}
-
-func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
-	u, err := url.Parse(urlIn)
-	if err != nil {
-		return RepoKey{}, err
-	}
-	t := "git"
-	if u.Scheme == "oci" {
-		t = "oci"
-	}
-	p := u.Path
-	if t == "git" {
-		p = strings.TrimSuffix(p, ".git")
-	}
-	return NewRepoKey(t, u.Host, p), nil
-}
-
-func NewRepoKeyFromGitUrl(urlIn string) (RepoKey, error) {
-	u, err := ParseGitUrl(urlIn)
-	if err != nil {
-		return RepoKey{}, err
-	}
-	return NewRepoKeyFromUrl(u.String())
-}
-
-var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
-var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
-
-func ParseRepoKey(s string, defaultType string) (RepoKey, error) {
-	if s == "" {
-		return RepoKey{}, nil
-	}
-
-	var t string
-	if strings.HasPrefix(s, "git://") {
-		t = "git"
-		s = strings.TrimPrefix(s, "git://")
-	} else if strings.HasPrefix(s, "oci://") {
-		t = "oci"
-		s = strings.TrimPrefix(s, "oci://")
-	} else {
-		t = defaultType
-	}
-
-	s2 := strings.SplitN(s, "/", 2)
-	if len(s2) != 2 {
-		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
-	}
-
-	var host, port string
-	if strings.Contains(s2[0], ":") {
-		s3 := strings.SplitN(s2[0], ":", 2)
-		host = s3[0]
-		port = s3[1]
-	} else {
-		host = s2[0]
-	}
-
-	if !hostNameRegex.MatchString(host) && !ipRegex.MatchString(host) {
-		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
-	}
-
-	if port != "" {
-		if _, err := strconv.ParseInt(port, 10, 32); err != nil {
-			return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
-		}
-	}
-
-	return RepoKey{
-		Type: t,
-		Host: s2[0],
-		Path: s2[1],
-	}, nil
-}
-
-func (u RepoKey) String() string {
-	if u.Host == "" && u.Path == "" {
-		return ""
-	}
-	t := u.Type
-	if t == "" {
-		t = "git"
-	}
-	return fmt.Sprintf("%s://%s/%s", t, u.Host, u.Path)
-}
-
-func (u *RepoKey) UnmarshalJSON(b []byte) error {
-	var s string
-	err := yaml.ReadYamlBytes(b, &s)
-	if err != nil {
-		return err
-	}
-	if s == "" {
-		u.Type = ""
-		u.Host = ""
-		u.Path = ""
-		return nil
-	}
-	x, err := ParseRepoKey(s, "git")
-	if err != nil {
-		return err
-	}
-	*u = x
-	return nil
-}
-
-func (u RepoKey) MarshalJSON() ([]byte, error) {
-	b, err := json.Marshal(u.String())
-	if err != nil {
-		return nil, err
-	}
-
-	return b, err
-}
diff --git a/lib/git/types/repo_key.go b/lib/git/types/repo_key.go
new file mode 100644
index 000000000..572e26975
--- /dev/null
+++ b/lib/git/types/repo_key.go
@@ -0,0 +1,157 @@
+package types
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"net/url"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+// +kubebuilder:validation:Type=string
+type RepoKey struct {
+	Type string `json:"-"`
+	Host string `json:"-"`
+	Path string `json:"-"`
+}
+
+func NewRepoKey(type_ string, host string, path string) RepoKey {
+	path = strings.TrimSuffix(path, "/")
+	path = strings.TrimPrefix(path, "/")
+	return RepoKey{
+		Type: type_,
+		Host: host,
+		Path: path,
+	}
+}
+
+func NewRepoKeyFromUrl(urlIn string) (RepoKey, error) {
+	u, err := url.Parse(urlIn)
+	if err != nil {
+		return RepoKey{}, err
+	}
+	t := "git"
+	if u.Scheme == "oci" {
+		t = "oci"
+	}
+	p := u.Path
+	if t == "git" {
+		p = strings.TrimSuffix(p, ".git")
+	}
+	return NewRepoKey(t, u.Host, p), nil
+}
+
+func NewRepoKeyFromGitUrl(urlIn string) (RepoKey, error) {
+	u, err := ParseGitUrl(urlIn)
+	if err != nil {
+		return RepoKey{}, err
+	}
+	return NewRepoKeyFromUrl(u.String())
+}
+
+var hostNameRegex = regexp.MustCompile(`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$`)
+var ipRegex = regexp.MustCompile(`^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$`)
+
+func ParseRepoKey(s string, defaultType string) (RepoKey, error) {
+	if s == "" {
+		return RepoKey{}, nil
+	}
+
+	var t string
+	if strings.HasPrefix(s, "git://") {
+		t = "git"
+		s = strings.TrimPrefix(s, "git://")
+	} else if strings.HasPrefix(s, "oci://") {
+		t = "oci"
+		s = strings.TrimPrefix(s, "oci://")
+	} else {
+		t = defaultType
+	}
+
+	s2 := strings.SplitN(s, "/", 2)
+	if len(s2) != 2 {
+		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+	}
+
+	var host, port string
+	if strings.Contains(s2[0], ":") {
+		s3 := strings.SplitN(s2[0], ":", 2)
+		host = s3[0]
+		port = s3[1]
+	} else {
+		host = s2[0]
+	}
+
+	if !hostNameRegex.MatchString(host) && !ipRegex.MatchString(host) {
+		return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+	}
+
+	if port != "" {
+		if _, err := strconv.ParseInt(port, 10, 32); err != nil {
+			return RepoKey{}, fmt.Errorf("invalid repo key: %s", s)
+		}
+	}
+
+	return RepoKey{
+		Type: t,
+		Host: s2[0],
+		Path: s2[1],
+	}, nil
+}
+
+func (u RepoKey) String() string {
+	if u.Host == "" && u.Path == "" {
+		return ""
+	}
+	t := u.Type
+	if t == "" {
+		t = "git"
+	}
+	return fmt.Sprintf("%s://%s/%s", t, u.Host, u.Path)
+}
+
+func (u *RepoKey) UnmarshalJSON(b []byte) error {
+	var s string
+	err := yaml.ReadYamlBytes(b, &s)
+	if err != nil {
+		return err
+	}
+	if s == "" {
+		u.Type = ""
+		u.Host = ""
+		u.Path = ""
+		return nil
+	}
+	x, err := ParseRepoKey(s, "git")
+	if err != nil {
+		return err
+	}
+	*u = x
+	return nil
+}
+
+func (u RepoKey) MarshalJSON() ([]byte, error) {
+	b, err := json.Marshal(u.String())
+	if err != nil {
+		return nil, err
+	}
+
+	return b, err
+}
+
+type ProjectKey struct {
+	RepoKey RepoKey `json:"repoKey,omitempty"`
+	SubDir  string  `json:"subDir,omitempty"`
+}
+
+func (k ProjectKey) Less(o ProjectKey) bool {
+	if k.RepoKey != o.RepoKey {
+		return k.RepoKey.String() < o.RepoKey.String()
+	}
+	if k.SubDir != o.SubDir {
+		return k.SubDir < o.SubDir
+	}
+	return false
+}
diff --git a/lib/git/types/zz_generated.deepcopy.go b/lib/git/types/zz_generated.deepcopy.go
index 5d12441fa..cbb469c75 100644
--- a/lib/git/types/zz_generated.deepcopy.go
+++ b/lib/git/types/zz_generated.deepcopy.go
@@ -71,6 +71,22 @@ func (in *GitUrl) DeepCopy() *GitUrl {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
+	*out = *in
+	out.RepoKey = in.RepoKey
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
+func (in *ProjectKey) DeepCopy() *ProjectKey {
+	if in == nil {
+		return nil
+	}
+	out := new(ProjectKey)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RepoKey) DeepCopyInto(out *RepoKey) {
 	*out = *in
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index cfc4c93c9..cd4987678 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	types2 "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
@@ -77,31 +77,31 @@ func (r *KluctlDeploymentReconciler) patchProgressingCondition(ctx context.Conte
 func (r *KluctlDeploymentReconciler) patchProjectKey(ctx context.Context, obj *kluctlv1.KluctlDeployment) error {
 	key := client.ObjectKeyFromObject(obj)
 
-	var newProjectKey result.ProjectKey
+	var newProjectKey gittypes.ProjectKey
 	if obj.Spec.Source.Git != nil {
-		repoKey, err := types2.NewRepoKeyFromGitUrl(obj.Spec.Source.Git.URL)
+		repoKey, err := gittypes.NewRepoKeyFromGitUrl(obj.Spec.Source.Git.URL)
 		if err != nil {
 			return err
 		}
-		newProjectKey = result.ProjectKey{
+		newProjectKey = gittypes.ProjectKey{
 			RepoKey: repoKey,
 			SubDir:  path.Clean(obj.Spec.Source.Git.Path),
 		}
 	} else if obj.Spec.Source.Oci != nil {
-		repoKey, err := types2.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
+		repoKey, err := gittypes.NewRepoKeyFromUrl(obj.Spec.Source.Oci.URL)
 		if err != nil {
 			return err
 		}
-		newProjectKey = result.ProjectKey{
+		newProjectKey = gittypes.ProjectKey{
 			RepoKey: repoKey,
 			SubDir:  path.Clean(obj.Spec.Source.Oci.Path),
 		}
 	} else if obj.Spec.Source.URL != nil {
-		repoKey, err := types2.NewRepoKeyFromGitUrl(*obj.Spec.Source.URL)
+		repoKey, err := gittypes.NewRepoKeyFromGitUrl(*obj.Spec.Source.URL)
 		if err != nil {
 			return err
 		}
-		newProjectKey = result.ProjectKey{
+		newProjectKey = gittypes.ProjectKey{
 			RepoKey: repoKey,
 			SubDir:  path.Clean(obj.Spec.Source.Path),
 		}
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index 199e736b0..f2258d343 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -6,13 +6,12 @@ import (
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/kluctl/kluctl/v2/lib/git"
-	types2 "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
 	"net/url"
@@ -29,7 +28,7 @@ type OciRepoCache struct {
 
 	ociAuthProvider auth_provider.OciAuthProvider
 
-	repos      map[types2.RepoKey]*OciCacheEntry
+	repos      map[gittypes.RepoKey]*OciCacheEntry
 	reposMutex sync.Mutex
 
 	repoOverrides sourceoverride.Resolver
@@ -54,7 +53,7 @@ func NewOciRepoCache(ctx context.Context, ociAuthProvider auth_provider.OciAuthP
 		ctx:             ctx,
 		updateInterval:  updateInterval,
 		ociAuthProvider: ociAuthProvider,
-		repos:           map[types2.RepoKey]*OciCacheEntry{},
+		repos:           map[gittypes.RepoKey]*OciCacheEntry{},
 		repoOverrides:   repoOverrides,
 	}
 }
@@ -81,7 +80,7 @@ func (rp *OciRepoCache) GetEntry(urlIn string) (*OciCacheEntry, error) {
 		return nil, fmt.Errorf("unsupported scheme %s, must be oci://", urlN.Scheme)
 	}
 
-	repoKey := types2.NewRepoKey("oci", urlN.Host, urlN.Path)
+	repoKey := gittypes.NewRepoKey("oci", urlN.Host, urlN.Path)
 
 	var overridePath string
 	if rp.repoOverrides != nil {
@@ -192,7 +191,7 @@ func (e *OciCacheEntry) GetExtractedDir(ref *types.OciRef) (string, git.Checkout
 	cd.dir = ociDir
 
 	if a, ok := md.Annotations["io.kluctl.image.git_info"]; ok {
-		var gitInfo result.GitInfo
+		var gitInfo gittypes.GitInfo
 		err = json.Unmarshal([]byte(a), &gitInfo)
 		if err != nil {
 			return ociDir, git.CheckoutInfo{}, err
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 034f24294..5844d1ed7 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
@@ -87,7 +88,7 @@ func NewResultStoreSecrets(ctx context.Context, config *rest.Config, client_ cli
 
 var invalidChars = regexp.MustCompile(`[^a-zA-Z0-9-]`)
 
-func (s *ResultStoreSecrets) buildName(prefix string, id string, projectKey result.ProjectKey) string {
+func (s *ResultStoreSecrets) buildName(prefix string, id string, projectKey gittypes.ProjectKey) string {
 	name := ""
 
 	if projectKey.RepoKey.Path != "" {
@@ -307,7 +308,7 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 	return nil
 }
 
-func (s *ResultStoreSecrets) cleanupOldCommandResults(project result.ProjectKey, target result.TargetKey) error {
+func (s *ResultStoreSecrets) cleanupOldCommandResults(project gittypes.ProjectKey, target result.TargetKey) error {
 	if !s.allowWrite {
 		return fmt.Errorf("result store is read-only")
 	}
@@ -427,7 +428,7 @@ func (s *ResultStoreSecrets) StartCleanupOrphans() error {
 	return nil
 }
 
-func (s *ResultStoreSecrets) cleanupValidateResults(project result.ProjectKey, target result.TargetKey) error {
+func (s *ResultStoreSecrets) cleanupValidateResults(project gittypes.ProjectKey, target result.TargetKey) error {
 	results, err := s.ListValidateResultSummaries(ListResultSummariesOptions{
 		ProjectFilter: &project,
 	})
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index 460977707..fae5c2003 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -3,11 +3,12 @@ package results
 import (
 	"context"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
 type ListResultSummariesOptions struct {
-	ProjectFilter *result.ProjectKey `json:"projectFilter,omitempty"`
+	ProjectFilter *gittypes.ProjectKey `json:"projectFilter,omitempty"`
 }
 
 type GetCommandResultOptions struct {
@@ -53,7 +54,7 @@ type ResultStore interface {
 	GetKluctlDeployment(clusterId string, name string, namespace string) (*kluctlv1.KluctlDeployment, error)
 }
 
-func FilterProject(x result.ProjectKey, filter *result.ProjectKey) bool {
+func FilterProject(x gittypes.ProjectKey, filter *gittypes.ProjectKey) bool {
 	if filter != nil {
 		if filter.RepoKey.String() != "" && x.RepoKey != filter.RepoKey {
 			return false
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index 079cef7d4..b04178555 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -40,21 +40,6 @@ const (
 	CommandInititiator_KluctlDeployment                  = "KluctlDeployment"
 )
 
-type ProjectKey struct {
-	RepoKey gittypes.RepoKey `json:"repoKey,omitempty"`
-	SubDir  string           `json:"subDir,omitempty"`
-}
-
-func (k ProjectKey) Less(o ProjectKey) bool {
-	if k.RepoKey != o.RepoKey {
-		return k.RepoKey.String() < o.RepoKey.String()
-	}
-	if k.SubDir != o.SubDir {
-		return k.SubDir < o.SubDir
-	}
-	return false
-}
-
 type TargetKey struct {
 	TargetName    string `json:"targetName,omitempty"`
 	ClusterId     string `json:"clusterId"`
@@ -121,7 +106,7 @@ type ResultObject struct {
 type CommandResult struct {
 	Id               string                         `json:"id"`
 	ReconcileId      string                         `json:"reconcileId"`
-	ProjectKey       ProjectKey                     `json:"projectKey"`
+	ProjectKey       gittypes.ProjectKey            `json:"projectKey"`
 	TargetKey        TargetKey                      `json:"targetKey"`
 	Target           types.Target                   `json:"target"`
 	Command          CommandInfo                    `json:"command,omitempty"`
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index 42cf37d18..dd711fe87 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -8,7 +8,7 @@ import (
 type CommandResultSummary struct {
 	Id               string                `json:"id"`
 	ReconcileId      string                `json:"reconcileId"`
-	ProjectKey       ProjectKey            `json:"projectKey"`
+	ProjectKey       gittypes.ProjectKey   `json:"projectKey"`
 	TargetKey        TargetKey             `json:"targetKey"`
 	Target           types.Target          `json:"target"`
 	Command          CommandInfo           `json:"commandInfo"`
diff --git a/pkg/types/result/drift_detection_result.go b/pkg/types/result/drift_detection_result.go
index 28668cd08..73c5b1c30 100644
--- a/pkg/types/result/drift_detection_result.go
+++ b/pkg/types/result/drift_detection_result.go
@@ -2,6 +2,7 @@ package result
 
 import (
 	"fmt"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -14,7 +15,7 @@ type DriftedObject struct {
 type DriftDetectionResult struct {
 	Id                  string                `json:"id"`
 	ReconcileId         string                `json:"reconcileId"`
-	ProjectKey          ProjectKey            `json:"projectKey"`
+	ProjectKey          gittypes.ProjectKey   `json:"projectKey"`
 	TargetKey           TargetKey             `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
 	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index 1fea58346..0cdb423e3 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -1,6 +1,7 @@
 package result
 
 import (
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -15,7 +16,7 @@ type ValidateResultEntry struct {
 type ValidateResult struct {
 	Id                  string                 `json:"id"`
 	ReconcileId         string                 `json:"reconcileId"`
-	ProjectKey          ProjectKey             `json:"projectKey"`
+	ProjectKey          gittypes.ProjectKey    `json:"projectKey"`
 	TargetKey           TargetKey              `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo  `json:"kluctlDeployment,omitempty"`
 	OverridesPatch      *uo.UnstructuredObject `json:"overridesPatch,omitempty"`
@@ -31,7 +32,7 @@ type ValidateResult struct {
 type ValidateResultSummary struct {
 	Id                  string                `json:"id"`
 	ReconcileId         string                `json:"reconcileId"`
-	ProjectKey          ProjectKey            `json:"projectKey"`
+	ProjectKey          gittypes.ProjectKey   `json:"projectKey"`
 	TargetKey           TargetKey             `json:"targetKey"`
 	KluctlDeployment    *KluctlDeploymentInfo `json:"kluctlDeployment,omitempty"`
 	RenderedObjectsHash string                `json:"renderedObjectsHash,omitempty"`
diff --git a/pkg/types/result/zz_generated.deepcopy.go b/pkg/types/result/zz_generated.deepcopy.go
index 4534905c6..3989d3739 100644
--- a/pkg/types/result/zz_generated.deepcopy.go
+++ b/pkg/types/result/zz_generated.deepcopy.go
@@ -402,22 +402,6 @@ func (in *KluctlDeploymentInfo) DeepCopy() *KluctlDeploymentInfo {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectKey) DeepCopyInto(out *ProjectKey) {
-	*out = *in
-	out.RepoKey = in.RepoKey
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectKey.
-func (in *ProjectKey) DeepCopy() *ProjectKey {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectKey)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ResultObject) DeepCopyInto(out *ResultObject) {
 	*out = *in
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 49d9ea2ea..00323d206 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -9,7 +9,6 @@ import (
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"net/http"
 	"nhooyr.io/websocket"
 	"sync"
@@ -243,9 +242,9 @@ func (h *eventsHandler) handler(c *gin.Context) {
 		return
 	}
 
-	var filter *result.ProjectKey
+	var filter *types.ProjectKey
 	if args.FilterProject != "" {
-		filter = &result.ProjectKey{
+		filter = &types.ProjectKey{
 			RepoKey: repoKey,
 			SubDir:  args.FilterSubDir,
 		}
@@ -267,7 +266,7 @@ func (h *eventsHandler) handler(c *gin.Context) {
 	}
 }
 
-func (h *eventsHandler) wsHandle(c *websocket.Conn, filter *result.ProjectKey) error {
+func (h *eventsHandler) wsHandle(c *websocket.Conn, filter *types.ProjectKey) error {
 	ctx := c.CloseRead(h.server.ctx)
 
 	getNewEvents := func(seq int64) ([]string, int64) {
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 8f645f00f..32624f3f7 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/gin-gonic/gin"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
@@ -29,8 +30,8 @@ import (
 const webuiManager = "kluctl-webui"
 
 type ProjectTargetKey struct {
-	Project result.ProjectKey `json:"project"`
-	Target  result.TargetKey  `json:"target"`
+	Project gittypes.ProjectKey `json:"project"`
+	Target  result.TargetKey    `json:"target"`
 }
 
 type CommandResultsServer struct {

From c0080facd81d5774f0a25be116dae065f5509f7f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:56:35 +0200
Subject: [PATCH 2134/2268] refactor: Move sourceignore package into lib/git

---
 cmd/kluctl/commands/cmd_oci_push.go                    | 2 +-
 {pkg/oci => lib/git}/sourceignore/sourceignore.go      | 0
 {pkg/oci => lib/git}/sourceignore/sourceignore_test.go | 0
 lib/git/utils.go                                       | 2 +-
 pkg/oci/client/build.go                                | 2 +-
 5 files changed, 3 insertions(+), 3 deletions(-)
 rename {pkg/oci => lib/git}/sourceignore/sourceignore.go (100%)
 rename {pkg/oci => lib/git}/sourceignore/sourceignore_test.go (100%)

diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index 75fde0087..a815f3ae2 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
@@ -16,7 +17,6 @@ import (
 
 	reg "github.com/google/go-containerregistry/pkg/name"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
-	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 )
 
 var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Split(sourceignore.ExcludeExt, ",")...)
diff --git a/pkg/oci/sourceignore/sourceignore.go b/lib/git/sourceignore/sourceignore.go
similarity index 100%
rename from pkg/oci/sourceignore/sourceignore.go
rename to lib/git/sourceignore/sourceignore.go
diff --git a/pkg/oci/sourceignore/sourceignore_test.go b/lib/git/sourceignore/sourceignore_test.go
similarity index 100%
rename from pkg/oci/sourceignore/sourceignore_test.go
rename to lib/git/sourceignore/sourceignore_test.go
diff --git a/lib/git/utils.go b/lib/git/utils.go
index a42bec0c3..640b3ddcd 100644
--- a/lib/git/utils.go
+++ b/lib/git/utils.go
@@ -8,9 +8,9 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
 	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"os"
 	"os/exec"
 	"path/filepath"
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index ac4e57ed5..032d73207 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -21,8 +21,8 @@ import (
 	"compress/gzip"
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client/internal/fs"
-	"github.com/kluctl/kluctl/v2/pkg/oci/sourceignore"
 	"io"
 	"os"
 	"path/filepath"

From 03907806316860e06772a1a808df97b917768338 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:58:15 +0200
Subject: [PATCH 2135/2268] refactor: Move env utils into lib/envutils

---
 cmd/kluctl/commands/cobra_utils.go         | 4 ++--
 {pkg/utils => lib/envutils}/env.go         | 2 +-
 {pkg/utils => lib/envutils}/env_test.go    | 2 +-
 lib/git/auth/env_auth_provider.go          | 4 ++--
 pkg/helm/auth/env_auth_provider.go         | 5 +++--
 pkg/k8s/k8s_cluster.go                     | 4 ++--
 pkg/oci/auth_provider/env_auth_provider.go | 5 +++--
 7 files changed, 14 insertions(+), 12 deletions(-)
 rename {pkg/utils => lib/envutils}/env.go (99%)
 rename {pkg/utils => lib/envutils}/env_test.go (98%)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 394a2c582..577c49aa8 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/lib/envutils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/term"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -289,7 +289,7 @@ func copyViperValuesToCobraFlags(flags *pflag.FlagSet) error {
 		envName = strings.ToUpper(envName)
 		envName = fmt.Sprintf("KLUCTL_%s", envName)
 
-		for _, v := range utils.ParseEnvConfigList(envName) {
+		for _, v := range envutils.ParseEnvConfigList(envName) {
 			a = append(a, v)
 		}
 
diff --git a/pkg/utils/env.go b/lib/envutils/env.go
similarity index 99%
rename from pkg/utils/env.go
rename to lib/envutils/env.go
index 8c90fcba5..7cbd0132d 100644
--- a/pkg/utils/env.go
+++ b/lib/envutils/env.go
@@ -1,4 +1,4 @@
-package utils
+package envutils
 
 import (
 	"fmt"
diff --git a/pkg/utils/env_test.go b/lib/envutils/env_test.go
similarity index 98%
rename from pkg/utils/env_test.go
rename to lib/envutils/env_test.go
index cf1d2ccf1..427b07c61 100644
--- a/pkg/utils/env_test.go
+++ b/lib/envutils/env_test.go
@@ -1,4 +1,4 @@
-package utils
+package envutils
 
 import (
 	"github.com/stretchr/testify/assert"
diff --git a/lib/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
index 112b93d27..dc1e41786 100644
--- a/lib/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/lib/envutils"
 	"github.com/kluctl/kluctl/v2/lib/git/messages"
 	"github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"sync"
 )
@@ -38,7 +38,7 @@ func (a *GitEnvAuthProvider) buildList(ctx context.Context) error {
 func (a *GitEnvAuthProvider) doBuildList(ctx context.Context) error {
 	a.list = &ListAuthProvider{}
 
-	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range envutils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
 		e := AuthEntry{
 			Host:     m["HOST"],
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index 41a33e61e..afaeed3ce 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/v2/lib/envutils"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
@@ -21,7 +22,7 @@ type HelmEnvAuthProvider struct {
 }
 
 func (a *HelmEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
-	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
+	defaultInsecure, err := envutils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
 	if err != nil {
 		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE_SKIP_TLS_VERIFY: %s", a.Prefix, err)
 		return false
@@ -47,7 +48,7 @@ func (a *HelmEnvAuthProvider) doBuildList(ctx context.Context) error {
 
 	defaultInsecure := a.isDefaultInsecureSkipTlsVerify(ctx)
 
-	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range envutils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
 		host := m["HOST"]
 		cid := m["CREDENTIALS_ID"]
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 5eabac02b..8916726b8 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -3,6 +3,7 @@ package k8s
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/v2/lib/envutils"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"io"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -17,7 +18,6 @@ import (
 	"github.com/Masterminds/semver/v3"
 
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -391,7 +391,7 @@ func (k *K8sCluster) UpdateObject(o *uo.UnstructuredObject, options UpdateOption
 
 // envtestProxyGet checks the environment variables KLUCTL_K8S_SERVICE_PROXY_XXX to enable testing of proxy requests with envtest
 func (k *K8sCluster) envtestProxyGet(scheme, namespace, name, port, path string, params map[string]string) (io.ReadCloser, error) {
-	for _, s := range utils.ParseEnvConfigSets("KLUCTL_K8S_SERVICE_PROXY") {
+	for _, s := range envutils.ParseEnvConfigSets("KLUCTL_K8S_SERVICE_PROXY") {
 		m := s.Map
 		envApiHost := strings.TrimSuffix(m["API_HOST"], "/")
 		envNamespace := m["SERVICE_NAMESPACE"]
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index 1aceb542c..bd6386b08 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -6,6 +6,7 @@ import (
 	"github.com/gobwas/glob"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/kluctl/kluctl/v2/lib/envutils"
 	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
@@ -21,7 +22,7 @@ type OciEnvAuthProvider struct {
 }
 
 func (a *OciEnvAuthProvider) isDefaultInsecureSkipTlsVerify(ctx context.Context) bool {
-	defaultInsecure, err := utils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
+	defaultInsecure, err := envutils.ParseEnvBool(fmt.Sprintf("%s_DEFAULT_INSECURE_SKIP_TLS_VERIFY", a.Prefix), false)
 	if err != nil {
 		status.Warningf(ctx, "Failed to parse %s_DEFAULT_INSECURE_SKIP_TLS_VERIFY: %s", a.Prefix, err)
 		return false
@@ -47,7 +48,7 @@ func (a *OciEnvAuthProvider) doBuildList(ctx context.Context) error {
 
 	defaultInsecureSkipTlsVerify := a.isDefaultInsecureSkipTlsVerify(ctx)
 
-	for _, s := range utils.ParseEnvConfigSets(a.Prefix) {
+	for _, s := range envutils.ParseEnvConfigSets(a.Prefix) {
 		m := s.Map
 		host := m["HOST"]
 		repo := m["REPOSITORY"]

From e0016fd843704dc980def90a4b4bd7573e012f62 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 11:59:59 +0200
Subject: [PATCH 2136/2268] refactor: Move once_by_key.go into lib/status

---
 {pkg/utils => lib/status}/once_by_key.go | 2 +-
 lib/status/status.go                     | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)
 rename {pkg/utils => lib/status}/once_by_key.go (92%)

diff --git a/pkg/utils/once_by_key.go b/lib/status/once_by_key.go
similarity index 92%
rename from pkg/utils/once_by_key.go
rename to lib/status/once_by_key.go
index 9ea31cfdf..118f52302 100644
--- a/pkg/utils/once_by_key.go
+++ b/lib/status/once_by_key.go
@@ -1,4 +1,4 @@
-package utils
+package status
 
 import "sync"
 
diff --git a/lib/status/status.go b/lib/status/status.go
index aaa45a32e..4991464f4 100644
--- a/lib/status/status.go
+++ b/lib/status/status.go
@@ -3,7 +3,6 @@ package status
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
 
 // StatusContext is used to report user-facing status/progress
@@ -60,8 +59,8 @@ type StatusHandler interface {
 type contextKey struct{}
 type contextValue struct {
 	slh             StatusHandler
-	warningOnce     utils.OnceByKey
-	deprecationOnce utils.OnceByKey
+	warningOnce     OnceByKey
+	deprecationOnce OnceByKey
 }
 
 var noopContextValue = contextValue{

From ca83e687396b6e756ccd9ad8c622131904caaece Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 12:01:03 +0200
Subject: [PATCH 2137/2268] refactor: Move term package to lib/term

---
 cmd/kluctl/commands/cobra_utils.go           | 2 +-
 lib/status/multiline/multiline.go            | 2 +-
 {pkg/utils => lib}/term/read_line.go         | 0
 {pkg/utils => lib}/term/term_size.go         | 0
 {pkg/utils => lib}/term/term_size_unix.go    | 0
 {pkg/utils => lib}/term/term_size_windows.go | 0
 {pkg/utils => lib}/term/term_unix.go         | 0
 {pkg/utils => lib}/term/term_unix_bsd.go     | 0
 {pkg/utils => lib}/term/term_unix_other.go   | 0
 {pkg/utils => lib}/term/term_windows.go      | 0
 pkg/prompts/provider.go                      | 2 +-
 pkg/utils/prettytable.go                     | 2 +-
 12 files changed, 4 insertions(+), 4 deletions(-)
 rename {pkg/utils => lib}/term/read_line.go (100%)
 rename {pkg/utils => lib}/term/term_size.go (100%)
 rename {pkg/utils => lib}/term/term_size_unix.go (100%)
 rename {pkg/utils => lib}/term/term_size_windows.go (100%)
 rename {pkg/utils => lib}/term/term_unix.go (100%)
 rename {pkg/utils => lib}/term/term_unix_bsd.go (100%)
 rename {pkg/utils => lib}/term/term_unix_other.go (100%)
 rename {pkg/utils => lib}/term/term_windows.go (100%)

diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index 577c49aa8..de825ee64 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/term"
+	"github.com/kluctl/kluctl/v2/lib/term"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
diff --git a/lib/status/multiline/multiline.go b/lib/status/multiline/multiline.go
index 8d1153b9e..9f2951753 100644
--- a/lib/status/multiline/multiline.go
+++ b/lib/status/multiline/multiline.go
@@ -3,7 +3,7 @@ package multiline
 import (
 	"fmt"
 	"github.com/acarl005/stripansi"
-	"github.com/kluctl/kluctl/v2/pkg/utils/term"
+	"github.com/kluctl/kluctl/v2/lib/term"
 	"github.com/mattn/go-runewidth"
 	"io"
 	"strings"
diff --git a/pkg/utils/term/read_line.go b/lib/term/read_line.go
similarity index 100%
rename from pkg/utils/term/read_line.go
rename to lib/term/read_line.go
diff --git a/pkg/utils/term/term_size.go b/lib/term/term_size.go
similarity index 100%
rename from pkg/utils/term/term_size.go
rename to lib/term/term_size.go
diff --git a/pkg/utils/term/term_size_unix.go b/lib/term/term_size_unix.go
similarity index 100%
rename from pkg/utils/term/term_size_unix.go
rename to lib/term/term_size_unix.go
diff --git a/pkg/utils/term/term_size_windows.go b/lib/term/term_size_windows.go
similarity index 100%
rename from pkg/utils/term/term_size_windows.go
rename to lib/term/term_size_windows.go
diff --git a/pkg/utils/term/term_unix.go b/lib/term/term_unix.go
similarity index 100%
rename from pkg/utils/term/term_unix.go
rename to lib/term/term_unix.go
diff --git a/pkg/utils/term/term_unix_bsd.go b/lib/term/term_unix_bsd.go
similarity index 100%
rename from pkg/utils/term/term_unix_bsd.go
rename to lib/term/term_unix_bsd.go
diff --git a/pkg/utils/term/term_unix_other.go b/lib/term/term_unix_other.go
similarity index 100%
rename from pkg/utils/term/term_unix_other.go
rename to lib/term/term_unix_other.go
diff --git a/pkg/utils/term/term_windows.go b/lib/term/term_windows.go
similarity index 100%
rename from pkg/utils/term/term_windows.go
rename to lib/term/term_windows.go
diff --git a/pkg/prompts/provider.go b/pkg/prompts/provider.go
index c63a5b042..e7049db66 100644
--- a/pkg/prompts/provider.go
+++ b/pkg/prompts/provider.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/pkg/utils/term"
+	"github.com/kluctl/kluctl/v2/lib/term"
 	"os"
 	"strings"
 	"syscall"
diff --git a/pkg/utils/prettytable.go b/pkg/utils/prettytable.go
index 88db41614..cc6b1bc18 100644
--- a/pkg/utils/prettytable.go
+++ b/pkg/utils/prettytable.go
@@ -2,7 +2,7 @@ package utils
 
 import (
 	"bytes"
-	"github.com/kluctl/kluctl/v2/pkg/utils/term"
+	"github.com/kluctl/kluctl/v2/lib/term"
 	"sort"
 	"strings"
 )

From e21db30994aaa4fc61e99d3b1830f67f0ba44a62 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 12:05:10 +0200
Subject: [PATCH 2138/2268] refactor: Make lib an actual module

---
 api/v1beta1/kluctldeployment_types.go         |   4 +-
 api/v1beta1/zz_generated.deepcopy.go          |   2 +-
 cmd/kluctl/args/helm_credentials.go           |   2 +-
 cmd/kluctl/args/images.go                     |   2 +-
 cmd/kluctl/args/overrides.go                  |   4 +-
 cmd/kluctl/commands/cmd_controller_run.go     |   2 +-
 cmd/kluctl/commands/cmd_deploy.go             |   2 +-
 cmd/kluctl/commands/cmd_gitops.go             |   8 +-
 cmd/kluctl/commands/cmd_gitops_diff.go        |   2 +-
 .../commands/cmd_gitops_suspend_resume.go     |   2 +-
 cmd/kluctl/commands/cmd_gitops_validate.go    |   2 +-
 cmd/kluctl/commands/cmd_helm_pull.go          |   4 +-
 cmd/kluctl/commands/cmd_helm_update.go        |   6 +-
 cmd/kluctl/commands/cmd_oci_push.go           |   8 +-
 cmd/kluctl/commands/cmd_render.go             |   4 +-
 cmd/kluctl/commands/cmd_validate.go           |   2 +-
 cmd/kluctl/commands/cmd_version.go            |   2 +-
 cmd/kluctl/commands/cmd_webui_build.go        |   2 +-
 cmd/kluctl/commands/cmd_webui_run.go          |   2 +-
 cmd/kluctl/commands/cobra_utils.go            |   4 +-
 cmd/kluctl/commands/command_result.go         |   4 +-
 cmd/kluctl/commands/completion.go             |   2 +-
 cmd/kluctl/commands/root.go                   |   4 +-
 cmd/kluctl/commands/utils.go                  |  10 +-
 e2e/gitops_suite_test.go                      |   2 +-
 e2e/oci_include_test.go                       |   2 +-
 e2e/render_test.go                            |   2 +-
 e2e/source_override_test.go                   |   2 +-
 e2e/test-utils/helm_repo_utils.go             |   2 +-
 e2e/test_project/kluctl_execute.go            |   2 +-
 e2e/test_project/project.go                   |   2 +-
 e2e/test_resources/resources.go               |   2 +-
 e2e/validate_test.go                          |   2 +-
 go.mod                                        |  28 +--
 go.sum                                        |  16 +-
 lib/git/auth/auth_provider.go                 |   4 +-
 lib/git/auth/env_auth_provider.go             |   8 +-
 lib/git/auth/git_credentials_file.go          |   4 +-
 lib/git/auth/list_auth_provider.go            |   4 +-
 lib/git/auth/ssh_auth_provider.go             |   4 +-
 lib/git/auth/ssh_known_hosts.go               |   4 +-
 lib/git/build_git_info.go                     |   2 +-
 lib/git/list_refs.go                          |   6 +-
 lib/git/mirrored_repo.go                      |  10 +-
 lib/git/ssh-pool/ssh_pool.go                  |   2 +-
 lib/git/types/git_ref.go                      |   2 +-
 lib/git/types/git_url.go                      |   2 +-
 lib/git/types/repo_key.go                     |   2 +-
 lib/git/utils.go                              |   6 +-
 lib/go.mod                                    |  60 ++++++
 lib/go.sum                                    | 190 ++++++++++++++++++
 lib/status/multiline/multiline.go             |   2 +-
 lib/status/status_handler.go                  |   2 +-
 pkg/clouds/aws/aws_config.go                  |   2 +-
 pkg/clouds/aws/aws_config_test.go             |   2 +-
 pkg/controllers/kluctl_project.go             |   4 +-
 .../kluctldeployment_controller.go            |   6 +-
 .../kluctldeployment_controller_reconcile.go  |   2 +-
 .../kluctldeployment_controller_source.go     |   6 +-
 .../kluctldeployment_controller_status.go     |   2 +-
 pkg/deployment/commands/deploy.go             |   2 +-
 pkg/deployment/commands/diff.go               |   2 +-
 pkg/deployment/commands/result_utils.go       |   2 +-
 pkg/deployment/deployment_collection.go       |   4 +-
 pkg/deployment/deployment_item.go             |   2 +-
 pkg/deployment/deployment_project.go          |   4 +-
 pkg/deployment/images.go                      |   4 +-
 pkg/deployment/utils/apply_utils.go           |   4 +-
 pkg/deployment/utils/remote_objects_utils.go  |   2 +-
 pkg/diff/diff.go                              |   2 +-
 pkg/diff/normalize_test.go                    |   2 +-
 pkg/helm/auth/env_auth_provider.go            |   4 +-
 pkg/helm/auth/list_auth_provider.go           |   2 +-
 pkg/helm/chart.go                             |   4 +-
 pkg/helm/helm_release.go                      |   4 +-
 pkg/helm/pulled_chart.go                      |   2 +-
 pkg/k8s/k8s_cluster.go                        |   4 +-
 pkg/kluctl_project/external_args.go           |   2 +-
 pkg/kluctl_project/k8s.go                     |   2 +-
 pkg/kluctl_project/load.go                    |   2 +-
 pkg/kluctl_project/project_load.go            |   2 +-
 .../target-context/target_context.go          |   2 +-
 pkg/kluctl_project/targets.go                 |   2 +-
 .../docker_config_auth_provider.go            |   2 +-
 pkg/oci/auth_provider/env_auth_provider.go    |   4 +-
 pkg/oci/auth_provider/list_auth_provider.go   |   2 +-
 pkg/oci/client/build.go                       |   2 +-
 pkg/prompts/prompts.go                        |   2 +-
 pkg/prompts/provider.go                       |   4 +-
 pkg/repocache/git_cache.go                    |  10 +-
 pkg/repocache/oci_cache.go                    |   6 +-
 pkg/results/result-store-secrets.go           |   6 +-
 pkg/results/result-store.go                   |   2 +-
 pkg/sourceoverride/chained.go                 |   2 +-
 pkg/sourceoverride/manager.go                 |   2 +-
 pkg/sourceoverride/proxyclient_cli.go         |   6 +-
 pkg/sourceoverride/proxyclient_controller.go  |   2 +-
 pkg/types/deployment.go                       |   2 +-
 pkg/types/git_project.go                      |   4 +-
 pkg/types/git_project_test.go                 |   2 +-
 pkg/types/helm_chart.go                       |   2 +-
 pkg/types/oci_project.go                      |   2 +-
 pkg/types/result/command_result.go            |   2 +-
 pkg/types/result/command_result_summary.go    |   2 +-
 pkg/types/result/compact.go                   |   2 +-
 pkg/types/result/drift_detection_result.go    |   2 +-
 pkg/types/result/validate_result.go           |   2 +-
 pkg/types/target_config.go                    |   2 +-
 pkg/types/vars_source.go                      |   4 +-
 pkg/types/yaml_url.go                         |   2 +-
 pkg/types/zz_generated.deepcopy.go            |   2 +-
 pkg/utils/prettytable.go                      |   2 +-
 pkg/utils/uo/uo.go                            |   2 +-
 pkg/vars/vars.go                              |   2 +-
 pkg/vars/vars_loader.go                       |   4 +-
 pkg/vars/vars_loader_git_files.go             |   4 +-
 pkg/vars/vars_loader_git_files_test.go        |   4 +-
 pkg/vars/vars_loader_http.go                  |   2 +-
 pkg/vars/vars_loader_test.go                  |   4 +-
 pkg/webui/events.go                           |   6 +-
 pkg/webui/generate-ts/main.go                 |   2 +-
 pkg/webui/server.go                           |   6 +-
 pkg/webui/staticbuilder.go                    |   4 +-
 123 files changed, 462 insertions(+), 212 deletions(-)
 create mode 100644 lib/go.mod
 create mode 100644 lib/go.sum

diff --git a/api/v1beta1/kluctldeployment_types.go b/api/v1beta1/kluctldeployment_types.go
index b05b5faf1..f71baaf53 100644
--- a/api/v1beta1/kluctldeployment_types.go
+++ b/api/v1beta1/kluctldeployment_types.go
@@ -17,8 +17,8 @@ limitations under the License.
 package v1beta1
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index 83eb86eb6..c96524e19 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -21,7 +21,7 @@ limitations under the License.
 package v1beta1
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/cmd/kluctl/args/helm_credentials.go b/cmd/kluctl/args/helm_credentials.go
index b93790be1..58bd54429 100644
--- a/cmd/kluctl/args/helm_credentials.go
+++ b/cmd/kluctl/args/helm_credentials.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
diff --git a/cmd/kluctl/args/images.go b/cmd/kluctl/args/images.go
index 7a5c44b07..287d5f84c 100644
--- a/cmd/kluctl/args/images.go
+++ b/cmd/kluctl/args/images.go
@@ -2,7 +2,7 @@ package args
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"strings"
 )
diff --git a/cmd/kluctl/args/overrides.go b/cmd/kluctl/args/overrides.go
index 0d4b3e21e..52e0f18ee 100644
--- a/cmd/kluctl/args/overrides.go
+++ b/cmd/kluctl/args/overrides.go
@@ -3,8 +3,8 @@ package args
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"strings"
 )
diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 62fe698cf..3c312fbd3 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"context"
 	"fmt"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/controllers"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/metrics"
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 18b708755..cb9eeaaa0 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/cmd/kluctl/commands/cmd_gitops.go b/cmd/kluctl/commands/cmd_gitops.go
index 128128484..a40015a37 100644
--- a/cmd/kluctl/commands/cmd_gitops.go
+++ b/cmd/kluctl/commands/cmd_gitops.go
@@ -5,12 +5,12 @@ import (
 	"context"
 	"fmt"
 	json_patch "github.com/evanphx/json-patch/v5"
+	"github.com/kluctl/kluctl/lib/git"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
diff --git a/cmd/kluctl/commands/cmd_gitops_diff.go b/cmd/kluctl/commands/cmd_gitops_diff.go
index d72ee2959..c785baa57 100644
--- a/cmd/kluctl/commands/cmd_gitops_diff.go
+++ b/cmd/kluctl/commands/cmd_gitops_diff.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
diff --git a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
index a3b9ef8c9..a2aba64a6 100644
--- a/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
+++ b/cmd/kluctl/commands/cmd_gitops_suspend_resume.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_gitops_validate.go b/cmd/kluctl/commands/cmd_gitops_validate.go
index 8ef196498..ccc069a1f 100644
--- a/cmd/kluctl/commands/cmd_gitops_validate.go
+++ b/cmd/kluctl/commands/cmd_gitops_validate.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 90f7b0106..59d261480 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -3,9 +3,9 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 69d2304da..bb2ab690f 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/index"
+	git2 "github.com/kluctl/kluctl/lib/git"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	git2 "github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
diff --git a/cmd/kluctl/commands/cmd_oci_push.go b/cmd/kluctl/commands/cmd_oci_push.go
index a815f3ae2..bcc989bb7 100644
--- a/cmd/kluctl/commands/cmd_oci_push.go
+++ b/cmd/kluctl/commands/cmd_oci_push.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/git"
+	"github.com/kluctl/kluctl/lib/git/sourceignore"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
 	"path/filepath"
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 5371712ae..e6489cea6 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"io/ioutil"
 	"os"
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 4d6ae1d87..085946064 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/commands"
 	"time"
 )
diff --git a/cmd/kluctl/commands/cmd_version.go b/cmd/kluctl/commands/cmd_version.go
index 7f6a9409f..c8f3edf60 100644
--- a/cmd/kluctl/commands/cmd_version.go
+++ b/cmd/kluctl/commands/cmd_version.go
@@ -2,7 +2,7 @@ package commands
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/version"
 )
 
diff --git a/cmd/kluctl/commands/cmd_webui_build.go b/cmd/kluctl/commands/cmd_webui_build.go
index fffc0cf62..d45714b60 100644
--- a/cmd/kluctl/commands/cmd_webui_build.go
+++ b/cmd/kluctl/commands/cmd_webui_build.go
@@ -3,7 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"time"
diff --git a/cmd/kluctl/commands/cmd_webui_run.go b/cmd/kluctl/commands/cmd_webui_run.go
index c7a57ce07..0c6da2981 100644
--- a/cmd/kluctl/commands/cmd_webui_run.go
+++ b/cmd/kluctl/commands/cmd_webui_run.go
@@ -3,8 +3,8 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/webui"
 	"k8s.io/client-go/rest"
diff --git a/cmd/kluctl/commands/cobra_utils.go b/cmd/kluctl/commands/cobra_utils.go
index de825ee64..a09ec2f3c 100644
--- a/cmd/kluctl/commands/cobra_utils.go
+++ b/cmd/kluctl/commands/cobra_utils.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/lib/term"
+	"github.com/kluctl/kluctl/lib/envutils"
+	"github.com/kluctl/kluctl/lib/term"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index 20f535d4b..b93c2cb67 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 4309893f8..306c60e95 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -2,9 +2,9 @@ package commands
 
 import (
 	"context"
+	"github.com/kluctl/kluctl/lib/status"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/spf13/cobra"
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index b7de7c501..759b4f538 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -20,8 +20,8 @@ import (
 	"fmt"
 	go_container_logs "github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/gops/agent"
-	status2 "github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	status2 "github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	flag "github.com/spf13/pflag"
 	"io"
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 3f63ca5d3..93daf7d67 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"fmt"
 	"github.com/google/uuid"
+	"github.com/kluctl/kluctl/lib/git"
+	"github.com/kluctl/kluctl/lib/git/auth"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/git/auth"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 1810dd7dd..6f820a5bb 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -5,11 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/huandu/xstrings"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index 2e2d3b18f..b4592c4e0 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/config/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"os"
diff --git a/e2e/render_test.go b/e2e/render_test.go
index 56e9c4c6b..c2c37afcd 100644
--- a/e2e/render_test.go
+++ b/e2e/render_test.go
@@ -1,8 +1,8 @@
 package e2e
 
 import (
+	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"testing"
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index f9c7acb17..fff5def4f 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -2,9 +2,9 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
diff --git a/e2e/test-utils/helm_repo_utils.go b/e2e/test-utils/helm_repo_utils.go
index 3ce3d8126..e88aecbc1 100644
--- a/e2e/test-utils/helm_repo_utils.go
+++ b/e2e/test-utils/helm_repo_utils.go
@@ -1,8 +1,8 @@
 package test_utils
 
 import (
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/test-helm-chart"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/cli"
diff --git a/e2e/test_project/kluctl_execute.go b/e2e/test_project/kluctl_execute.go
index 2a2ef6c15..602d62893 100644
--- a/e2e/test_project/kluctl_execute.go
+++ b/e2e/test_project/kluctl_execute.go
@@ -3,8 +3,8 @@ package test_project
 import (
 	"bytes"
 	"context"
+	status2 "github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/commands"
-	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"strings"
 	"sync"
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 7e2d87ee7..5416ee581 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -6,8 +6,8 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
+	"github.com/kluctl/kluctl/lib/yaml"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/e2e/test_resources/resources.go b/e2e/test_resources/resources.go
index 548261ed3..c660c5439 100644
--- a/e2e/test_resources/resources.go
+++ b/e2e/test_resources/resources.go
@@ -3,8 +3,8 @@ package test_resources
 import (
 	"context"
 	"embed"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/kluctl/kluctl/v2/pkg/validation"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 85f292c34..472eeac6b 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -3,10 +3,10 @@ package e2e
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/e2e/test_resources"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
diff --git a/go.mod b/go.mod
index 6704d0be0..8c5b9be59 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.22.0
+go 1.22.4
 
-toolchain go1.22.4
+replace github.com/kluctl/kluctl/lib => ./lib
 
 require (
 	cloud.google.com/go/secretmanager v1.13.1
@@ -12,7 +12,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
-	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/aws/aws-sdk-go-v2 v1.29.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.20
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
@@ -30,7 +30,7 @@ require (
 	github.com/getsops/sops/v3 v3.8.1
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
-	github.com/go-errors/errors v1.5.1
+	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.22.0
@@ -45,13 +45,14 @@ require (
 	github.com/huandu/xstrings v1.5.0
 	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
-	github.com/kevinburke/ssh_config v1.2.0
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
 	github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb
+	github.com/kluctl/kluctl/lib v0.0.0-20240708100510-73c5efc22b9a
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-runewidth v0.0.15
-	github.com/mitchellh/reflectwalk v1.0.2
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/ohler55/ojg v1.22.0
 	github.com/onsi/gomega v1.33.1
 	github.com/otiai10/copy v1.14.0
@@ -67,18 +68,17 @@ require (
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
-	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.24.0
-	golang.org/x/net v0.26.0
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/net v0.27.0
 	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sync v0.7.0
-	golang.org/x/sys v0.21.0
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0
+	golang.org/x/sys v0.22.0
+	golang.org/x/term v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4
 	google.golang.org/grpc v1.64.0
 	google.golang.org/protobuf v1.34.2
-	gotest.tools v2.2.0+incompatible
 	helm.sh/helm/v3 v3.15.2
 	k8s.io/api v0.30.2
 	k8s.io/apiextensions-apiserver v0.30.2
diff --git a/go.sum b/go.sum
index 542c8c856..cb45fccac 100644
--- a/go.sum
+++ b/go.sum
@@ -726,8 +726,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
@@ -758,8 +758,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -795,15 +795,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
-golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
diff --git a/lib/git/auth/auth_provider.go b/lib/git/auth/auth_provider.go
index 0826871a4..dc376943b 100644
--- a/lib/git/auth/auth_provider.go
+++ b/lib/git/auth/auth_provider.go
@@ -6,8 +6,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	ssh2 "github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"golang.org/x/crypto/ssh"
 )
 
diff --git a/lib/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
index dc1e41786..2b0f34199 100644
--- a/lib/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/envutils"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"os"
 	"sync"
 )
diff --git a/lib/git/auth/git_credentials_file.go b/lib/git/auth/git_credentials_file.go
index 56f33085a..3a5180f5b 100644
--- a/lib/git/auth/git_credentials_file.go
+++ b/lib/git/auth/git_credentials_file.go
@@ -4,8 +4,8 @@ import (
 	"bufio"
 	"context"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"net/url"
 	"os"
 	"path/filepath"
diff --git a/lib/git/auth/list_auth_provider.go b/lib/git/auth/list_auth_provider.go
index 9c20d2069..40706131e 100644
--- a/lib/git/auth/list_auth_provider.go
+++ b/lib/git/auth/list_auth_provider.go
@@ -5,8 +5,8 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"strings"
 )
 
diff --git a/lib/git/auth/ssh_auth_provider.go b/lib/git/auth/ssh_auth_provider.go
index b47fb60c8..7e5465db5 100644
--- a/lib/git/auth/ssh_auth_provider.go
+++ b/lib/git/auth/ssh_auth_provider.go
@@ -6,8 +6,8 @@ import (
 	"encoding/binary"
 	"fmt"
 	"github.com/kevinburke/ssh_config"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/types"
 	sshagent "github.com/xanzy/ssh-agent"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
diff --git a/lib/git/auth/ssh_known_hosts.go b/lib/git/auth/ssh_known_hosts.go
index ea6dfc545..9428a56f4 100644
--- a/lib/git/auth/ssh_known_hosts.go
+++ b/lib/git/auth/ssh_known_hosts.go
@@ -3,8 +3,8 @@ package auth
 import (
 	"errors"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/git/auth/goph"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/git/auth/goph"
+	"github.com/kluctl/kluctl/lib/git/messages"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/knownhosts"
 	"net"
diff --git a/lib/git/build_git_info.go b/lib/git/build_git_info.go
index bc28988fa..af04695b5 100644
--- a/lib/git/build_git_info.go
+++ b/lib/git/build_git_info.go
@@ -5,7 +5,7 @@ import (
 	"errors"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"os"
 	"path/filepath"
 )
diff --git a/lib/git/list_refs.go b/lib/git/list_refs.go
index 1b6d731d5..dd9674757 100644
--- a/lib/git/list_refs.go
+++ b/lib/git/list_refs.go
@@ -9,9 +9,9 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
 	"github.com/go-git/go-git/v5/storage/memory"
-	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	auth2 "github.com/kluctl/kluctl/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"strconv"
 )
 
diff --git a/lib/git/mirrored_repo.go b/lib/git/mirrored_repo.go
index 9c96dfdb4..b55df5569 100644
--- a/lib/git/mirrored_repo.go
+++ b/lib/git/mirrored_repo.go
@@ -11,11 +11,11 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp/capability"
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	auth2 "github.com/kluctl/kluctl/v2/lib/git/auth"
-	_ "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	auth2 "github.com/kluctl/kluctl/lib/git/auth"
+	_ "github.com/kluctl/kluctl/lib/git/ssh-pool"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/rogpeppe/go-internal/lockedfile"
 	"os"
 	"path/filepath"
diff --git a/lib/git/ssh-pool/ssh_pool.go b/lib/git/ssh-pool/ssh_pool.go
index bcbc50409..27e54279a 100644
--- a/lib/git/ssh-pool/ssh_pool.go
+++ b/lib/git/ssh-pool/ssh_pool.go
@@ -6,7 +6,7 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/git/auth"
+	"github.com/kluctl/kluctl/lib/git/auth"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/net/proxy"
 	"sync"
diff --git a/lib/git/types/git_ref.go b/lib/git/types/git_ref.go
index 6b76b1e21..e091645b0 100644
--- a/lib/git/types/git_ref.go
+++ b/lib/git/types/git_ref.go
@@ -3,7 +3,7 @@ package types
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"strings"
 )
 
diff --git a/lib/git/types/git_url.go b/lib/git/types/git_url.go
index ceff689db..e4bcd48e9 100644
--- a/lib/git/types/git_url.go
+++ b/lib/git/types/git_url.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/transport"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"net/url"
 	"path"
 	"strings"
diff --git a/lib/git/types/repo_key.go b/lib/git/types/repo_key.go
index 572e26975..e2a2d92e5 100644
--- a/lib/git/types/repo_key.go
+++ b/lib/git/types/repo_key.go
@@ -3,7 +3,7 @@ package types
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"net/url"
 	"regexp"
 	"strconv"
diff --git a/lib/git/utils.go b/lib/git/utils.go
index 640b3ddcd..00a13cbdf 100644
--- a/lib/git/utils.go
+++ b/lib/git/utils.go
@@ -8,9 +8,9 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
-	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/git/sourceignore"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"os"
 	"os/exec"
 	"path/filepath"
diff --git a/lib/go.mod b/lib/go.mod
new file mode 100644
index 000000000..c942b1a02
--- /dev/null
+++ b/lib/go.mod
@@ -0,0 +1,60 @@
+module github.com/kluctl/kluctl/lib
+
+go 1.22.4
+
+require (
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
+	github.com/go-errors/errors v1.5.1
+	github.com/go-git/go-git/v5 v5.12.0
+	github.com/go-playground/validator/v10 v10.22.0
+	github.com/gobwas/glob v0.2.3
+	github.com/hashicorp/go-multierror v1.1.1
+	github.com/kevinburke/ssh_config v1.2.0
+	github.com/mattn/go-isatty v0.0.20
+	github.com/mattn/go-runewidth v0.0.15
+	github.com/mitchellh/reflectwalk v1.0.2
+	github.com/otiai10/copy v1.14.0
+	github.com/rogpeppe/go-internal v1.12.0
+	github.com/stretchr/testify v1.9.0
+	github.com/xanzy/ssh-agent v0.3.3
+	golang.org/x/crypto v0.25.0
+	golang.org/x/net v0.27.0
+	golang.org/x/sys v0.22.0
+	golang.org/x/text v0.16.0
+	gotest.tools v2.2.0+incompatible
+	k8s.io/apimachinery v0.30.2
+	k8s.io/client-go v0.30.2
+	sigs.k8s.io/yaml v1.4.0
+)
+
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+)
diff --git a/lib/go.sum b/lib/go.sum
new file mode 100644
index 000000000..3fbf1ddd2
--- /dev/null
+++ b/lib/go.sum
@@ -0,0 +1,190 @@
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
+github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
+github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
+github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
+github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
+github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
+github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
+github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
+github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
+github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
+github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
+github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
+github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
+github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
+github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
+github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
+k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
+k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/lib/status/multiline/multiline.go b/lib/status/multiline/multiline.go
index 9f2951753..07d069688 100644
--- a/lib/status/multiline/multiline.go
+++ b/lib/status/multiline/multiline.go
@@ -3,7 +3,7 @@ package multiline
 import (
 	"fmt"
 	"github.com/acarl005/stripansi"
-	"github.com/kluctl/kluctl/v2/lib/term"
+	"github.com/kluctl/kluctl/lib/term"
 	"github.com/mattn/go-runewidth"
 	"io"
 	"strings"
diff --git a/lib/status/status_handler.go b/lib/status/status_handler.go
index 04964a9ce..c3e2297a6 100644
--- a/lib/status/status_handler.go
+++ b/lib/status/status_handler.go
@@ -3,7 +3,7 @@ package status
 import (
 	"context"
 	"fmt"
-	multiline2 "github.com/kluctl/kluctl/v2/lib/status/multiline"
+	multiline2 "github.com/kluctl/kluctl/lib/status/multiline"
 	"io"
 	"sync"
 )
diff --git a/pkg/clouds/aws/aws_config.go b/pkg/clouds/aws/aws_config.go
index 0d68d1bfe..0f47ae11e 100644
--- a/pkg/clouds/aws/aws_config.go
+++ b/pkg/clouds/aws/aws_config.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
diff --git a/pkg/clouds/aws/aws_config_test.go b/pkg/clouds/aws/aws_config_test.go
index 878902a00..393828e8f 100644
--- a/pkg/clouds/aws/aws_config_test.go
+++ b/pkg/clouds/aws/aws_config_test.go
@@ -7,8 +7,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds"
 	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	status2 "github.com/kluctl/kluctl/lib/status"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	status2 "github.com/kluctl/kluctl/v2/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index bc50d3097..fc4a1a6c4 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -7,8 +7,8 @@ import (
 	"github.com/getsops/sops/v3/kms"
 	"github.com/google/uuid"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 417b8f8e4..5667f5255 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -5,10 +5,10 @@ import (
 	"errors"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
+	status2 "github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
-	status2 "github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index 796da9bb7..e904cff74 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	json_patch "github.com/evanphx/json-patch/v5"
 	"github.com/hashicorp/go-multierror"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/controllers/kluctldeployment_controller_source.go b/pkg/controllers/kluctldeployment_controller_source.go
index 7eb90982f..20378917a 100644
--- a/pkg/controllers/kluctldeployment_controller_source.go
+++ b/pkg/controllers/kluctldeployment_controller_source.go
@@ -7,10 +7,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/gobwas/glob"
+	"github.com/kluctl/kluctl/lib/git/auth"
+	"github.com/kluctl/kluctl/lib/git/messages"
+	"github.com/kluctl/kluctl/lib/status"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/lib/git/auth"
-	"github.com/kluctl/kluctl/v2/lib/git/messages"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index cd4987678..b6299dac5 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -5,8 +5,8 @@ import (
 	errors2 "errors"
 	"fmt"
 	"github.com/hashicorp/go-multierror"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
diff --git a/pkg/deployment/commands/deploy.go b/pkg/deployment/commands/deploy.go
index 543dfa1e8..776f93033 100644
--- a/pkg/deployment/commands/deploy.go
+++ b/pkg/deployment/commands/deploy.go
@@ -2,7 +2,7 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/deployment/commands/diff.go b/pkg/deployment/commands/diff.go
index 9b5f05dea..aed9a4b33 100644
--- a/pkg/deployment/commands/diff.go
+++ b/pkg/deployment/commands/diff.go
@@ -2,7 +2,7 @@ package commands
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/deployment/commands/result_utils.go b/pkg/deployment/commands/result_utils.go
index c2bf2c98f..b10ae7257 100644
--- a/pkg/deployment/commands/result_utils.go
+++ b/pkg/deployment/commands/result_utils.go
@@ -1,7 +1,7 @@
 package commands
 
 import (
-	"github.com/kluctl/kluctl/v2/lib/git"
+	"github.com/kluctl/kluctl/lib/git"
 	utils2 "github.com/kluctl/kluctl/v2/pkg/deployment/utils"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
diff --git a/pkg/deployment/deployment_collection.go b/pkg/deployment/deployment_collection.go
index db1374c22..9d8f35a71 100644
--- a/pkg/deployment/deployment_collection.go
+++ b/pkg/deployment/deployment_collection.go
@@ -5,8 +5,8 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index 45d6a4f4e..b6e55a196 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -3,7 +3,7 @@ package deployment
 import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index f4ddc5c1c..6b4c4ef83 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -3,8 +3,8 @@ package deployment
 import (
 	"fmt"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/deployment/images.go b/pkg/deployment/images.go
index 5fc9b7aa4..a18c01e4d 100644
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@@ -5,8 +5,8 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/deployment/utils/apply_utils.go b/pkg/deployment/utils/apply_utils.go
index a0f4fddb4..b60aec7ca 100644
--- a/pkg/deployment/utils/apply_utils.go
+++ b/pkg/deployment/utils/apply_utils.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	errors2 "errors"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
 	"github.com/kluctl/kluctl/v2/pkg/diff"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index 924d07701..bb1099cdc 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -3,7 +3,7 @@ package utils
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	k8s2 "github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 8cae9cdf8..a4dd9c821 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -5,7 +5,7 @@ import (
 	"github.com/hexops/gotextdiff"
 	"github.com/hexops/gotextdiff/myers"
 	"github.com/hexops/gotextdiff/span"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	diff2 "github.com/r3labs/diff/v2"
diff --git a/pkg/diff/normalize_test.go b/pkg/diff/normalize_test.go
index 0451cd554..336674f7b 100644
--- a/pkg/diff/normalize_test.go
+++ b/pkg/diff/normalize_test.go
@@ -2,7 +2,7 @@ package diff
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/helm/auth/env_auth_provider.go b/pkg/helm/auth/env_auth_provider.go
index afaeed3ce..443624b6f 100644
--- a/pkg/helm/auth/env_auth_provider.go
+++ b/pkg/helm/auth/env_auth_provider.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/envutils"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
diff --git a/pkg/helm/auth/list_auth_provider.go b/pkg/helm/auth/list_auth_provider.go
index 95b0791cd..1716fd0dd 100644
--- a/pkg/helm/auth/list_auth_provider.go
+++ b/pkg/helm/auth/list_auth_provider.go
@@ -3,7 +3,7 @@ package auth
 import (
 	"context"
 	"github.com/gobwas/glob"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/repo"
 	"net/url"
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 8eb2d7efa..eb41a88fe 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index a9f283125..30555e14d 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,8 +3,8 @@ package helm
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index 1031a6a6b..f80d06147 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -1,7 +1,7 @@
 package helm
 
 import (
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
diff --git a/pkg/k8s/k8s_cluster.go b/pkg/k8s/k8s_cluster.go
index 8916726b8..3592286d4 100644
--- a/pkg/k8s/k8s_cluster.go
+++ b/pkg/k8s/k8s_cluster.go
@@ -3,8 +3,8 @@ package k8s
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/envutils"
+	"github.com/kluctl/kluctl/lib/status"
 	"io"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
diff --git a/pkg/kluctl_project/external_args.go b/pkg/kluctl_project/external_args.go
index 5d98b38d1..b6bbebb2c 100644
--- a/pkg/kluctl_project/external_args.go
+++ b/pkg/kluctl_project/external_args.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"os"
diff --git a/pkg/kluctl_project/k8s.go b/pkg/kluctl_project/k8s.go
index df54831de..aba1fdc9f 100644
--- a/pkg/kluctl_project/k8s.go
+++ b/pkg/kluctl_project/k8s.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/tools/clientcmd/api"
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 7e8b50b91..8f8ce36ba 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -3,7 +3,7 @@ package kluctl_project
 import (
 	"context"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"time"
 )
 
diff --git a/pkg/kluctl_project/project_load.go b/pkg/kluctl_project/project_load.go
index 6d0364dea..5d880a07a 100644
--- a/pkg/kluctl_project/project_load.go
+++ b/pkg/kluctl_project/project_load.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
diff --git a/pkg/kluctl_project/target-context/target_context.go b/pkg/kluctl_project/target-context/target_context.go
index 7af98e79e..ffaed552c 100644
--- a/pkg/kluctl_project/target-context/target_context.go
+++ b/pkg/kluctl_project/target-context/target_context.go
@@ -3,7 +3,7 @@ package target_context
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/deployment"
diff --git a/pkg/kluctl_project/targets.go b/pkg/kluctl_project/targets.go
index 5878aca07..7ce064a6c 100644
--- a/pkg/kluctl_project/targets.go
+++ b/pkg/kluctl_project/targets.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"sort"
diff --git a/pkg/oci/auth_provider/docker_config_auth_provider.go b/pkg/oci/auth_provider/docker_config_auth_provider.go
index 64efc4093..ce1c8bce4 100644
--- a/pkg/oci/auth_provider/docker_config_auth_provider.go
+++ b/pkg/oci/auth_provider/docker_config_auth_provider.go
@@ -6,7 +6,7 @@ import (
 	"github.com/gobwas/glob/match"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"strings"
 )
 
diff --git a/pkg/oci/auth_provider/env_auth_provider.go b/pkg/oci/auth_provider/env_auth_provider.go
index bd6386b08..105a1517c 100644
--- a/pkg/oci/auth_provider/env_auth_provider.go
+++ b/pkg/oci/auth_provider/env_auth_provider.go
@@ -6,8 +6,8 @@ import (
 	"github.com/gobwas/glob"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/lib/envutils"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/envutils"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"sync"
diff --git a/pkg/oci/auth_provider/list_auth_provider.go b/pkg/oci/auth_provider/list_auth_provider.go
index 5b5e01217..fcc1fce1d 100644
--- a/pkg/oci/auth_provider/list_auth_provider.go
+++ b/pkg/oci/auth_provider/list_auth_provider.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"strings"
 )
 
diff --git a/pkg/oci/client/build.go b/pkg/oci/client/build.go
index 032d73207..55f72fa9a 100644
--- a/pkg/oci/client/build.go
+++ b/pkg/oci/client/build.go
@@ -21,7 +21,7 @@ import (
 	"compress/gzip"
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
-	"github.com/kluctl/kluctl/v2/lib/git/sourceignore"
+	"github.com/kluctl/kluctl/lib/git/sourceignore"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client/internal/fs"
 	"io"
 	"os"
diff --git a/pkg/prompts/prompts.go b/pkg/prompts/prompts.go
index f707a65ca..8359440d8 100644
--- a/pkg/prompts/prompts.go
+++ b/pkg/prompts/prompts.go
@@ -3,7 +3,7 @@ package prompts
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"strings"
 )
diff --git a/pkg/prompts/provider.go b/pkg/prompts/provider.go
index e7049db66..d93e6ebd3 100644
--- a/pkg/prompts/provider.go
+++ b/pkg/prompts/provider.go
@@ -3,8 +3,8 @@ package prompts
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/term"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/term"
 	"os"
 	"strings"
 	"syscall"
diff --git a/pkg/repocache/git_cache.go b/pkg/repocache/git_cache.go
index 65c81d410..371199b8f 100644
--- a/pkg/repocache/git_cache.go
+++ b/pkg/repocache/git_cache.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/object"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
 	"os"
 	"path"
@@ -15,9 +15,9 @@ import (
 	"sync"
 	"time"
 
-	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/lib/git"
+	"github.com/kluctl/kluctl/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	cp "github.com/otiai10/copy"
 )
diff --git a/pkg/repocache/oci_cache.go b/pkg/repocache/oci_cache.go
index f2258d343..45c845d74 100644
--- a/pkg/repocache/oci_cache.go
+++ b/pkg/repocache/oci_cache.go
@@ -5,9 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/google/go-containerregistry/pkg/crane"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
+	"github.com/kluctl/kluctl/lib/git"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/sourceoverride"
diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 5844d1ed7..80f45eade 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -4,10 +4,10 @@ import (
 	"compress/gzip"
 	"context"
 	"fmt"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
diff --git a/pkg/results/result-store.go b/pkg/results/result-store.go
index fae5c2003..5fa75d8d6 100644
--- a/pkg/results/result-store.go
+++ b/pkg/results/result-store.go
@@ -2,8 +2,8 @@ package results
 
 import (
 	"context"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 )
 
diff --git a/pkg/sourceoverride/chained.go b/pkg/sourceoverride/chained.go
index afa9be118..edc6bea7f 100644
--- a/pkg/sourceoverride/chained.go
+++ b/pkg/sourceoverride/chained.go
@@ -2,7 +2,7 @@ package sourceoverride
 
 import (
 	"context"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/types"
 )
 
 type ChainedResolver struct {
diff --git a/pkg/sourceoverride/manager.go b/pkg/sourceoverride/manager.go
index 977da2d2b..a0ac03dfd 100644
--- a/pkg/sourceoverride/manager.go
+++ b/pkg/sourceoverride/manager.go
@@ -3,7 +3,7 @@ package sourceoverride
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path"
diff --git a/pkg/sourceoverride/proxyclient_cli.go b/pkg/sourceoverride/proxyclient_cli.go
index d2cfe7fd7..b71675383 100644
--- a/pkg/sourceoverride/proxyclient_cli.go
+++ b/pkg/sourceoverride/proxyclient_cli.go
@@ -10,10 +10,10 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/git"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	"github.com/kluctl/kluctl/v2/lib/git"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
 	oci_client "github.com/kluctl/kluctl/v2/pkg/oci/client"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
diff --git a/pkg/sourceoverride/proxyclient_controller.go b/pkg/sourceoverride/proxyclient_controller.go
index b8717c126..ac37456dd 100644
--- a/pkg/sourceoverride/proxyclient_controller.go
+++ b/pkg/sourceoverride/proxyclient_controller.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"errors"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/tar"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"google.golang.org/grpc"
diff --git a/pkg/types/deployment.go b/pkg/types/deployment.go
index 0b4546328..318c4a52e 100644
--- a/pkg/types/deployment.go
+++ b/pkg/types/deployment.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	yaml2 "github.com/kluctl/kluctl/v2/lib/yaml"
+	yaml2 "github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
diff --git a/pkg/types/git_project.go b/pkg/types/git_project.go
index fbe0acbd2..6d6bc78e2 100644
--- a/pkg/types/git_project.go
+++ b/pkg/types/git_project.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"regexp"
 	"strings"
 
diff --git a/pkg/types/git_project_test.go b/pkg/types/git_project_test.go
index b628348ef..a4684bd43 100644
--- a/pkg/types/git_project_test.go
+++ b/pkg/types/git_project_test.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"encoding/json"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 1b51da714..100655290 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
diff --git a/pkg/types/oci_project.go b/pkg/types/oci_project.go
index 23b54a4fc..cf52aa615 100644
--- a/pkg/types/oci_project.go
+++ b/pkg/types/oci_project.go
@@ -3,7 +3,7 @@ package types
 import (
 	"fmt"
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 )
 
 type OciProject struct {
diff --git a/pkg/types/result/command_result.go b/pkg/types/result/command_result.go
index b04178555..93e402194 100644
--- a/pkg/types/result/command_result.go
+++ b/pkg/types/result/command_result.go
@@ -1,7 +1,7 @@
 package result
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/types/result/command_result_summary.go b/pkg/types/result/command_result_summary.go
index dd711fe87..1978cd3bb 100644
--- a/pkg/types/result/command_result_summary.go
+++ b/pkg/types/result/command_result_summary.go
@@ -1,7 +1,7 @@
 package result
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 )
 
diff --git a/pkg/types/result/compact.go b/pkg/types/result/compact.go
index 808411242..b54025971 100644
--- a/pkg/types/result/compact.go
+++ b/pkg/types/result/compact.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/sergi/go-diff/diffmatchpatch"
diff --git a/pkg/types/result/drift_detection_result.go b/pkg/types/result/drift_detection_result.go
index 73c5b1c30..23054dcee 100644
--- a/pkg/types/result/drift_detection_result.go
+++ b/pkg/types/result/drift_detection_result.go
@@ -2,7 +2,7 @@ package result
 
 import (
 	"fmt"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
diff --git a/pkg/types/result/validate_result.go b/pkg/types/result/validate_result.go
index 0cdb423e3..90fb33a4f 100644
--- a/pkg/types/result/validate_result.go
+++ b/pkg/types/result/validate_result.go
@@ -1,7 +1,7 @@
 package result
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/types/target_config.go b/pkg/types/target_config.go
index eebdd4868..7ec053893 100644
--- a/pkg/types/target_config.go
+++ b/pkg/types/target_config.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 )
 
diff --git a/pkg/types/vars_source.go b/pkg/types/vars_source.go
index 20cbe7b38..fac48cc75 100644
--- a/pkg/types/vars_source.go
+++ b/pkg/types/vars_source.go
@@ -2,8 +2,8 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"k8s.io/apimachinery/pkg/runtime"
 	"reflect"
diff --git a/pkg/types/yaml_url.go b/pkg/types/yaml_url.go
index b5e3f14fb..4b9fd7b60 100644
--- a/pkg/types/yaml_url.go
+++ b/pkg/types/yaml_url.go
@@ -2,7 +2,7 @@ package types
 
 import (
 	"encoding/json"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"net/url"
 )
 
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index bf6526e20..70cd30294 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -21,7 +21,7 @@ limitations under the License.
 package types
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime"
diff --git a/pkg/utils/prettytable.go b/pkg/utils/prettytable.go
index cc6b1bc18..347b3af00 100644
--- a/pkg/utils/prettytable.go
+++ b/pkg/utils/prettytable.go
@@ -2,7 +2,7 @@ package utils
 
 import (
 	"bytes"
-	"github.com/kluctl/kluctl/v2/lib/term"
+	"github.com/kluctl/kluctl/lib/term"
 	"sort"
 	"strings"
 )
diff --git a/pkg/utils/uo/uo.go b/pkg/utils/uo/uo.go
index 5bd249745..f2689d722 100644
--- a/pkg/utils/uo/uo.go
+++ b/pkg/utils/uo/uo.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/jinzhu/copier"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"reflect"
 )
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index 9889b54fe..fee33c87d 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -2,7 +2,7 @@ package vars
 
 import (
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index 99be53ce5..de739c7f1 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -8,8 +8,8 @@ import (
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/kluctl/go-jinja2"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/azure"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
diff --git a/pkg/vars/vars_loader_git_files.go b/pkg/vars/vars_loader_git_files.go
index 134fc49de..c389c06f4 100644
--- a/pkg/vars/vars_loader_git_files.go
+++ b/pkg/vars/vars_loader_git_files.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
 	"github.com/gobwas/glob"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/types"
diff --git a/pkg/vars/vars_loader_git_files_test.go b/pkg/vars/vars_loader_git_files_test.go
index 94885fc7e..a46e7f80e 100644
--- a/pkg/vars/vars_loader_git_files_test.go
+++ b/pkg/vars/vars_loader_git_files_test.go
@@ -5,9 +5,9 @@ import (
 	"github.com/getsops/sops/v3/age"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
 	"github.com/kluctl/kluctl/v2/pkg/types"
diff --git a/pkg/vars/vars_loader_http.go b/pkg/vars/vars_loader_http.go
index 4d02931c3..c7c79fc05 100644
--- a/pkg/vars/vars_loader_http.go
+++ b/pkg/vars/vars_loader_http.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/Azure/go-ntlmssp"
 	"github.com/docker/distribution/registry/client/auth/challenge"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index 14edbeb4f..fc6bfda62 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -21,8 +21,8 @@ import (
 	"github.com/getsops/sops/v3/age"
 	git2 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
-	"github.com/kluctl/kluctl/v2/lib/git/auth"
-	ssh_pool "github.com/kluctl/kluctl/v2/lib/git/ssh-pool"
+	"github.com/kluctl/kluctl/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/types"
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 00323d206..12fae5bc6 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -5,9 +5,9 @@ import (
 	"container/list"
 	"context"
 	"github.com/gin-gonic/gin"
-	"github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"net/http"
 	"nhooyr.io/websocket"
diff --git a/pkg/webui/generate-ts/main.go b/pkg/webui/generate-ts/main.go
index e195054d1..bdf6d6463 100644
--- a/pkg/webui/generate-ts/main.go
+++ b/pkg/webui/generate-ts/main.go
@@ -1,7 +1,7 @@
 package main
 
 import (
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/webui/server.go b/pkg/webui/server.go
index 32624f3f7..33c5b73b6 100644
--- a/pkg/webui/server.go
+++ b/pkg/webui/server.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/gin-gonic/gin"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
-	gittypes "github.com/kluctl/kluctl/v2/lib/git/types"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
diff --git a/pkg/webui/staticbuilder.go b/pkg/webui/staticbuilder.go
index daff249c3..826769ef0 100644
--- a/pkg/webui/staticbuilder.go
+++ b/pkg/webui/staticbuilder.go
@@ -3,8 +3,8 @@ package webui
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/v2/lib/status"
-	"github.com/kluctl/kluctl/v2/lib/yaml"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"

From 27041771a97a739b22e59585f1fdc9128e687597 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 12:17:05 +0200
Subject: [PATCH 2139/2268] tests: Fix tests

---
 e2e/git_info_test.go               | 17 ++++++++---------
 e2e/gitops_errors_test.go          |  6 +++---
 e2e/gitops_source_override_test.go |  8 ++++----
 e2e/results_test.go                |  6 +++---
 e2e/source_override_test.go        |  8 ++++----
 e2e/test_project/project.go        |  4 ++--
 pkg/types/validators_test.go       |  3 ++-
 pkg/vars/vars_loader_test.go       |  9 +++++----
 8 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/e2e/git_info_test.go b/e2e/git_info_test.go
index 04bf3ca26..9889241a0 100644
--- a/e2e/git_info_test.go
+++ b/e2e/git_info_test.go
@@ -3,9 +3,8 @@ package e2e
 import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/pkg/types"
-	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	copy2 "github.com/otiai10/copy"
 	"github.com/stretchr/testify/assert"
 	"os"
@@ -50,7 +49,7 @@ func TestNGitNoRepo(t *testing.T) {
 
 	// no repo at all
 	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
-	assert.Equal(t, result.GitInfo{}, r.GitInfo)
+	assert.Equal(t, gittypes.GitInfo{}, r.GitInfo)
 }
 
 func TestGitNoCommit(t *testing.T) {
@@ -62,7 +61,7 @@ func TestGitNoCommit(t *testing.T) {
 	_, err := git.PlainInit(tmp, false)
 	assert.NoError(t, err)
 	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
-	assert.Equal(t, result.GitInfo{
+	assert.Equal(t, gittypes.GitInfo{
 		Dirty: true,
 	}, r.GitInfo)
 }
@@ -94,8 +93,8 @@ func TestGitSingleCommit(t *testing.T) {
 	assert.NoError(t, err)
 
 	r, _ := p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
-	assert.Equal(t, result.GitInfo{
-		Ref: &types.GitRef{
+	assert.Equal(t, gittypes.GitInfo{
+		Ref: &gittypes.GitRef{
 			Branch: "master",
 		},
 		Commit: c.String(),
@@ -109,9 +108,9 @@ func TestGitSingleCommit(t *testing.T) {
 	assert.NoError(t, err)
 
 	r, _ = p.KluctlMustCommandResult(t, "deploy", "--project-dir", tmp, "--yes", "-oyaml")
-	assert.Equal(t, result.GitInfo{
-		Url: types.ParseGitUrlMust("https://example.com"),
-		Ref: &types.GitRef{
+	assert.Equal(t, gittypes.GitInfo{
+		Url: gittypes.ParseGitUrlMust("https://example.com"),
+		Ref: &gittypes.GitRef{
 			Branch: "master",
 		},
 		Commit: c.String(),
diff --git a/e2e/gitops_errors_test.go b/e2e/gitops_errors_test.go
index b12bd2234..e8bb0615a 100644
--- a/e2e/gitops_errors_test.go
+++ b/e2e/gitops_errors_test.go
@@ -1,9 +1,9 @@
 package e2e
 
 import (
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/k8s"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
@@ -195,10 +195,10 @@ data:
 		suite.waitForCommit(key, getHeadRevision(suite.T(), p))
 	})
 	suite.Run("non existing git branch", func() {
-		var backup *types.GitRef
+		var backup *gittypes.GitRef
 		suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
 			backup = kd.Spec.Source.Git.Ref
-			kd.Spec.Source.Git.Ref = &types.GitRef{
+			kd.Spec.Source.Git.Ref = &gittypes.GitRef{
 				Branch: "invalid",
 			}
 		})
diff --git a/e2e/gitops_source_override_test.go b/e2e/gitops_source_override_test.go
index 3e45fe9f9..1f9b0df81 100644
--- a/e2e/gitops_source_override_test.go
+++ b/e2e/gitops_source_override_test.go
@@ -2,9 +2,9 @@ package e2e
 
 import (
 	"fmt"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -60,8 +60,8 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 	})
 
 	suite.Run("deploy with overridden git source", func() {
-		u1, _ := types.ParseGitUrl(pt.ip1.GitUrl())
-		u2, _ := types.ParseGitUrl(pt.ip2.GitUrl())
+		u1, _ := gittypes.ParseGitUrl(pt.ip1.GitUrl())
+		u2, _ := gittypes.ParseGitUrl(pt.ip2.GitUrl())
 		k1 := u1.RepoKey().String()
 		k2 := u2.RepoKey().String()
 
@@ -79,7 +79,7 @@ func (suite *GitOpsLocalSourceOverrideSuite) TestLocalGitOverrides() {
 	})
 
 	suite.Run("deploy with overridden git group source", func() {
-		u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
+		u1, _ := gittypes.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
 		k1 := u1.RepoKey().String()
 
 		suite.assertOverridesDidNotHappen(key, &pt)
diff --git a/e2e/results_test.go b/e2e/results_test.go
index 422adde7f..22eae892b 100644
--- a/e2e/results_test.go
+++ b/e2e/results_test.go
@@ -2,9 +2,9 @@ package e2e
 
 import (
 	"context"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/results"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
@@ -53,8 +53,8 @@ func TestWriteResult(t *testing.T) {
 	assert.NoError(t, err)
 
 	opts := results.ListResultSummariesOptions{
-		ProjectFilter: &result.ProjectKey{
-			RepoKey: types.ParseGitUrlMust(p.GitUrl()).RepoKey(),
+		ProjectFilter: &gittypes.ProjectKey{
+			RepoKey: gittypes.ParseGitUrlMust(p.GitUrl()).RepoKey(),
 		},
 	}
 
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index fff5def4f..590b43ea1 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -2,10 +2,10 @@ package e2e
 
 import (
 	"fmt"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"
 	"path/filepath"
@@ -111,8 +111,8 @@ func TestLocalGitOverride(t *testing.T) {
 	k := defaultCluster1
 	pt := prepareLocalSourceOverrideTest(t, k, nil, false)
 
-	u1, _ := types.ParseGitUrl(pt.ip1.GitUrl())
-	u2, _ := types.ParseGitUrl(pt.ip2.GitUrl())
+	u1, _ := gittypes.ParseGitUrl(pt.ip1.GitUrl())
+	u2, _ := gittypes.ParseGitUrl(pt.ip2.GitUrl())
 	k1 := u1.RepoKey().String()
 	k2 := u2.RepoKey().String()
 
@@ -133,7 +133,7 @@ func TestGitGroup(t *testing.T) {
 	gs := test_utils.NewTestGitServer(t)
 	pt := prepareLocalSourceOverrideTest(t, k, gs, false)
 
-	u1, _ := types.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
+	u1, _ := gittypes.ParseGitUrl(pt.p.GitServer().GitUrl() + "/repos")
 	k1 := u1.RepoKey().String()
 
 	pt.p.KluctlMust(t, "deploy", "--yes", "-t", "test",
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 5416ee581..ad7c33e5f 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -6,9 +6,9 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/huandu/xstrings"
 	"github.com/jinzhu/copier"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
 	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
-	"github.com/kluctl/kluctl/v2/pkg/types"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
@@ -479,7 +479,7 @@ func (p *TestProject) GitUrl() string {
 }
 
 func (p *TestProject) GitUrlPath() string {
-	u, err := types.ParseGitUrl(p.GitUrl())
+	u, err := gittypes.ParseGitUrl(p.GitUrl())
 	if err != nil {
 		panic(err)
 	}
diff --git a/pkg/types/validators_test.go b/pkg/types/validators_test.go
index 0e8d37157..c8ccdda5c 100644
--- a/pkg/types/validators_test.go
+++ b/pkg/types/validators_test.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"fmt"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"testing"
@@ -27,7 +28,7 @@ func TestValidateGitProjectSubDir(t *testing.T) {
 	validate.RegisterStructValidation(ValidateGitProject, GitProject{})
 
 	for _, item := range subDirItems {
-		u := ParseGitUrlMust("http://example.com/test")
+		u := gittypes.ParseGitUrlMust("http://example.com/test")
 		gp := GitProject{Url: *u, SubDir: item.have}
 		err := validate.Struct(gp)
 		if item.want {
diff --git a/pkg/vars/vars_loader_test.go b/pkg/vars/vars_loader_test.go
index fc6bfda62..aa81d9e88 100644
--- a/pkg/vars/vars_loader_test.go
+++ b/pkg/vars/vars_loader_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/huandu/xstrings"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/gcp"
@@ -279,7 +280,7 @@ func (s *VarsLoaderTestSuite) TestGit() {
 	}, "")
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
@@ -293,7 +294,7 @@ func (s *VarsLoaderTestSuite) TestGit() {
 	})
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		b := true
 		err := vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			IgnoreMissing: &b,
@@ -330,12 +331,12 @@ func (s *VarsLoaderTestSuite) TestGitBranch() {
 	assert.NoError(s.T(), err)
 
 	s.testVarsLoader(func(vl *VarsLoader, vc *VarsCtx, aws *aws.FakeAwsClientFactory, gcp *gcp.FakeClientFactory) {
-		url, _ := types.ParseGitUrl(gs.GitRepoUrl("repo"))
+		url, _ := gittypes.ParseGitUrl(gs.GitRepoUrl("repo"))
 		err = vl.LoadVars(context.TODO(), vc, &types.VarsSource{
 			Git: &types.VarsSourceGit{
 				Url:  *url,
 				Path: "test.yaml",
-				Ref:  &types.GitRef{Branch: "testbranch"},
+				Ref:  &gittypes.GitRef{Branch: "testbranch"},
 			},
 		}, nil, "")
 		assert.NoError(s.T(), err)

From d1cdf5e1bcaa1b3f20bde838ad0e238cfde8ae0f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 12:25:41 +0200
Subject: [PATCH 2140/2268] ci: Update protobuf to 27.1

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 4d64cc2d3..2fbc726ef 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -36,7 +36,7 @@ jobs:
       - name: Install some tools
         run: |
           PB_REL="https://github.com/protocolbuffers/protobuf/releases"
-          PB_VER="24.4"
+          PB_VER="27.1"
           curl -LO $PB_REL/download/v$PB_VER/protoc-$PB_VER-linux-x86_64.zip
           sudo unzip protoc-$PB_VER-linux-x86_64.zip -d /usr/local
           rm protoc-$PB_VER-linux-x86_64.zip

From 448be2de7b1a788d90843ade4ab8c50cbf001526 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 8 Jul 2024 13:05:44 +0200
Subject: [PATCH 2141/2268] chore: Run make api-docs

---
 docs/gitops/api/kluctl-controller.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/gitops/api/kluctl-controller.md b/docs/gitops/api/kluctl-controller.md
index 621984567..b162b22ec 100644
--- a/docs/gitops/api/kluctl-controller.md
+++ b/docs/gitops/api/kluctl-controller.md
@@ -1242,7 +1242,7 @@ string
 <td>
 <code>projectKey</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types/result.ProjectKey
+github.com/kluctl/kluctl/lib/git/types.ProjectKey
 </em>
 </td>
 <td>
@@ -1943,7 +1943,7 @@ DEPRECATED this field is deprecated and will be removed in the next API version
 <td>
 <code>ref</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitRef
+github.com/kluctl/kluctl/lib/git/types.GitRef
 </em>
 </td>
 <td>
@@ -2034,7 +2034,7 @@ use spec.credentials.git to specify those.</p>
 <td>
 <code>ref</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.GitRef
+github.com/kluctl/kluctl/lib/git/types.GitRef
 </em>
 </td>
 <td>
@@ -2213,7 +2213,7 @@ string
 <td>
 <code>repoKey</code><br>
 <em>
-github.com/kluctl/kluctl/v2/pkg/types.RepoKey
+github.com/kluctl/kluctl/lib/git/types.RepoKey
 </em>
 </td>
 <td>

From 37a5d003bd8caf89d53ba373aaadab3d8e9721d5 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 9 Jul 2024 00:03:20 +0200
Subject: [PATCH 2142/2268] chore: Update go-jinja2 to latest main (#1135)

This updates all internal Python dependencies.
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8c5b9be59..5778b5f1f 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb
+	github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f
 	github.com/kluctl/kluctl/lib v0.0.0-20240708100510-73c5efc22b9a
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index cb45fccac..abf229888 100644
--- a/go.sum
+++ b/go.sum
@@ -442,8 +442,8 @@ github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS
 github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
 github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
-github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb h1:ibPMOncAbKZqREllxULOLtC+7i4vfCK7hZvZbuER0iM=
-github.com/kluctl/go-jinja2 v0.0.0-20240619083358-c137395943eb/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
+github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f h1:DXcOryOSs9LG2xd7LlllWOL8fPA8i4OTXJzHOPtz6hA=
+github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=

From f14aa022260932c74d6638d2fa9c351bd4237925 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 18 Jul 2024 10:40:22 +0200
Subject: [PATCH 2143/2268] chore: Reduce required go version to 1.22.0 (#1141)

---
 go.mod     | 2 +-
 lib/go.mod | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 5778b5f1f..42a9bfee4 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.22.4
+go 1.22.0
 
 replace github.com/kluctl/kluctl/lib => ./lib
 
diff --git a/lib/go.mod b/lib/go.mod
index c942b1a02..d09b65263 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -1,6 +1,6 @@
 module github.com/kluctl/kluctl/lib
 
-go 1.22.4
+go 1.22.0
 
 require (
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d

From d084360efd97f1aa12555240aa2816b33b029cf0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Sat, 20 Jul 2024 07:51:52 +0200
Subject: [PATCH 2144/2268] build: Preparing release v2.25.1

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 8 ++++----
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/controller/files.json                    | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 9 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 87d0ada42..0d8b3f694 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.25.0
+        tag: v2.25.1
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 0af087e6e..22c4ab618 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.25.0
+        tag: v2.25.1
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 6e7df4d6d..68a67b3f6 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.0
+        tag: v2.25.1
 ```
 
 ## Login
@@ -61,7 +61,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.0
+        tag: v2.25.1
     vars:
       - values:
           webui_args:
@@ -82,7 +82,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.25.0
+            kluctl_version: v2.25.1
 ```
 
 ### Passing arguments
@@ -95,7 +95,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.0
+        tag: v2.25.1
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 84814e459..843212059 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.25.0
+         tag: v2.25.1
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 620b21071..90e987e2d 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.25.0
+    default: v2.25.1
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index a2ef06fa5..1b01973d9 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.25.0") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.25.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/controller/files.json b/install/controller/files.json
index a0f547e92..a33427ebd 100644
--- a/install/controller/files.json
+++ b/install/controller/files.json
@@ -1,5 +1,5 @@
 {
-  "contentHash": "559b740d1815dceb4ef08e5ab89f05bb37dc6ce3f3e37df81800c0ac70f3d79e",
+  "contentHash": "6addace030e764b304a624c725ea3f002320caa5cc8b62fc1c6394ab9221ff89",
   "files": [
     {
       "name": ".kluctl-library.yaml",
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 7af32d8b5..395b54dd1 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.25.0
+    default: v2.25.1
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 1207395d8..2704b5cff 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.25.0") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.25.1") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 907ce1044230ee54e903ce513ff66cd0b9e417e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 24 Jul 2024 08:54:23 +0200
Subject: [PATCH 2145/2268] ci: Stop using intermediate WOLFI_IMAGE arg (#1147)

This prevented dependabot from updating wolfi-base images.
---
 Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4e8728821..1f389f5ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
 # use `docker buildx imagetools inspect cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
-ARG WOLFI_DIGEST=sha256:3eff851ab805966c768d2a8107545a96218426cee1e5cc805865505edbe6ce92
-FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@$WOLFI_DIGEST
+FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@sha256:3eff851ab805966c768d2a8107545a96218426cee1e5cc805865505edbe6ce92
 
 # See https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 ARG TARGETPLATFORM

From 854556e72f2a9d5b1275fc5ca280e8b3eb5651e0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 25 Jul 2024 08:31:13 +0200
Subject: [PATCH 2146/2268] ci: Add docker package-ecosystem to dependabot
 config (#1149)

---
 .github/dependabot.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index dd0ca4403..f51789778 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,6 +1,10 @@
 version: 2
 
 updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

From 39ea6ee546e98a22f5c2ecf6a05dda74784eb1f1 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Tue, 23 Jul 2024 14:18:25 +0200
Subject: [PATCH 2147/2268] feat: support git info in helm chart and pass
 through caches

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go   | 38 ++++++++++++++++---------
 cmd/kluctl/commands/cmd_helm_update.go | 39 +++++++++++++++++---------
 pkg/deployment/deployment_item.go      |  2 +-
 pkg/helm/chart.go                      | 38 +++++++++++++++----------
 pkg/helm/helm_release.go               | 15 +++++-----
 pkg/types/helm_chart.go                | 26 +++++++++--------
 pkg/types/zz_generated.deepcopy.go     |  1 +
 pkg/webui/ui/src/models.ts             | 20 +++++++++++++
 8 files changed, 117 insertions(+), 62 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 59d261480..754761f88 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -3,16 +3,21 @@ package commands
 import (
 	"context"
 	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"time"
+
+	gitauth "github.com/kluctl/kluctl/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
-	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
-	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	ociauth "github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/fs"
-	"os"
-	"path/filepath"
 )
 
 type helmPullCmd struct {
@@ -36,9 +41,10 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	if !yaml.Exists(filepath.Join(projectDir, ".kluctl.yaml")) && !yaml.Exists(filepath.Join(projectDir, ".kluctl-library.yaml")) {
 		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml or .kluctl-library.yaml file")
 	}
-
-	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
-	helmAuthProvider := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	sshPool := &ssh_pool.SshPool{}
+	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", nil)
+	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
 	} else {
@@ -50,16 +56,22 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		ociAuthProvider.RegisterAuthProvider(x, false)
 	}
 
-	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, false, true)
+	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuthProvider, nil, time.Second*60)
+	defer gitRp.Clear()
+
+	ociRp := repocache.NewOciRepoCache(ctx, ociAuthProvider, nil, time.Second*60)
+	defer ociRp.Clear()
+
+	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp, false, true)
 	return err
 }
 
-func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider, dryRun bool, force bool) (int, error) {
+func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache, dryRun bool, force bool) (int, error) {
 	actions := 0
 
 	baseChartsDir := filepath.Join(projectDir, ".helm-charts")
 
-	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider)
+	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp)
 	if err != nil {
 		return actions, err
 	}
@@ -140,7 +152,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helm_au
 	return actions, nil
 }
 
-func loadHelmReleases(ctx context.Context, projectDir string, baseChartsDir string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider) ([]*helm.Release, []*helm.Chart, error) {
+func loadHelmReleases(ctx context.Context, projectDir string, baseChartsDir string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) ([]*helm.Release, []*helm.Chart, error) {
 	var releases []*helm.Release
 	chartsMap := make(map[string]*helm.Chart)
 	err := filepath.WalkDir(projectDir, func(p string, d fs.DirEntry, err error) error {
@@ -154,7 +166,7 @@ func loadHelmReleases(ctx context.Context, projectDir string, baseChartsDir stri
 			return err
 		}
 
-		hr, err := helm.NewRelease(ctx, projectDir, relDir, p, baseChartsDir, helmAuthProvider, ociAuthProvider)
+		hr, err := helm.NewRelease(ctx, projectDir, relDir, p, baseChartsDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index bb2ab690f..c242d187d 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -3,21 +3,26 @@ package commands
 import (
 	"context"
 	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/index"
 	git2 "github.com/kluctl/kluctl/lib/git"
+	gitauth "github.com/kluctl/kluctl/lib/git/auth"
+	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/helm"
-	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
-	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	ociauth "github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"github.com/kluctl/kluctl/v2/pkg/prompts"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"io/fs"
-	"os"
-	"path/filepath"
-	"strings"
 )
 
 type helmUpdateCmd struct {
@@ -49,9 +54,10 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-
-	ociAuthProvider := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
-	helmAuthProvider := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	sshPool := &ssh_pool.SshPool{}
+	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", nil)
+	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
+	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
 	} else {
@@ -62,7 +68,12 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	} else {
 		ociAuthProvider.RegisterAuthProvider(x, false)
 	}
+	gitRp := repocache.NewGitRepoCache(ctx, sshPool, gitAuthProvider, nil, time.Second*60)
+	defer gitRp.Clear()
+
+	ociRp := repocache.NewOciRepoCache(ctx, ociAuthProvider, nil, time.Second*60)
 
+	defer ociRp.Clear()
 	if cmd.Commit {
 		gitStatus, err := git2.GetWorktreeStatus(ctx, gitRootPath)
 		if err != nil {
@@ -84,13 +95,13 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 	g := utils.NewGoHelper(ctx, 8)
 
-	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider)
+	releases, charts, err := loadHelmReleases(ctx, projectDir, baseChartsDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp)
 	if err != nil {
 		return err
 	}
 
 	if cmd.Commit {
-		actions, err := doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, true, false)
+		actions, err := doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp, true, false)
 		if err != nil {
 			return err
 		}
@@ -205,7 +216,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	for k, hrs := range upgrades {
-		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion, helmAuthProvider, ociAuthProvider)
+		err = cmd.pullAndCommit(ctx, projectDir, baseChartsDir, gitRootPath, hrs, k.oldVersion, helmAuthProvider, ociAuthProvider, gitRp, ociRp)
 		if err != nil {
 			return err
 		}
@@ -235,7 +246,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider *auth_provider.OciAuthProviders) error {
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider *oci_auth.OciAuthProviders, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) error {
 	chart := hrs[0].Chart
 	newVersion := hrs[0].Config.ChartVersion
 
@@ -280,7 +291,7 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 		}
 	}
 
-	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, false, false)
+	_, err = doHelmPull(ctx, projectDir, helmAuthProvider, ociAuthProvider, gitRp, ociRp, false, false)
 	if err != nil {
 		return doError(err)
 	}
diff --git a/pkg/deployment/deployment_item.go b/pkg/deployment/deployment_item.go
index b6e55a196..b432ce045 100644
--- a/pkg/deployment/deployment_item.go
+++ b/pkg/deployment/deployment_item.go
@@ -191,7 +191,7 @@ func (di *DeploymentItem) newHelmRelease(subDir string) (*helm.Release, error) {
 		relDir = filepath.Dir(relDir)
 	}
 
-	hr, err := helm.NewRelease(di.ctx.Ctx, di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmAuthProvider, di.ctx.OciAuthProvider)
+	hr, err := helm.NewRelease(di.ctx.Ctx, di.Project.source.dir, filepath.Join(di.RelToSourceItemDir, subDir), configPath, helmChartsDir, di.ctx.HelmAuthProvider, di.ctx.OciAuthProvider, di.ctx.GitRP, di.ctx.OciRP)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index eb41a88fe..46ed3e27c 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -3,12 +3,21 @@ package helm
 import (
 	"context"
 	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
-	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
-	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
+	ociauth "github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	cp "github.com/otiai10/copy"
@@ -18,34 +27,33 @@ import (
 	"helm.sh/helm/v3/pkg/getter"
 	"helm.sh/helm/v3/pkg/registry"
 	"helm.sh/helm/v3/pkg/repo"
-	"net/url"
-	"os"
-	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
 )
 
 type Chart struct {
-	repo      string
-	localPath string
-	chartName string
-
-	helmAuthProvider auth.HelmAuthProvider
-	ociAuthProvider  auth_provider.OciAuthProvider
+	repo             string
+	localPath        string
+	chartName        string
+	git              types.GitInfo
+	helmAuthProvider helmauth.HelmAuthProvider
+	ociAuthProvider  ociauth.OciAuthProvider
+	gitRp            *repocache.GitRepoCache
+	ociRp            *repocache.OciRepoCache
 
 	credentialsId string
 
 	versions []string
 }
 
-func NewChart(repo string, localPath string, chartName string, helmAuthProvider auth.HelmAuthProvider, credentialsId string, ociAuthProvider auth_provider.OciAuthProvider) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, git types.GitInfo, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
 	hc := &Chart{
 		repo:             repo,
+		git:              git,
 		localPath:        localPath,
 		helmAuthProvider: helmAuthProvider,
 		credentialsId:    credentialsId,
 		ociAuthProvider:  ociAuthProvider,
+		gitRp:            gitRp,
+		ociRp:            ociRp,
 	}
 
 	if localPath == "" && repo == "" {
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 30555e14d..d256bf9f3 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -3,17 +3,19 @@ package helm
 import (
 	"context"
 	"fmt"
-	"github.com/kluctl/kluctl/lib/status"
-	"github.com/kluctl/kluctl/lib/yaml"
-	"github.com/kluctl/kluctl/v2/pkg/helm/auth"
-	"github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
 	"os"
 	"path/filepath"
 	"strings"
 
 	"github.com/Masterminds/semver/v3"
 	securejoin "github.com/cyphar/filepath-securejoin"
+	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/status"
+	"github.com/kluctl/kluctl/lib/yaml"
+	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
+	ociauth "github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/sops"
 	"github.com/kluctl/kluctl/v2/pkg/sops/decryptor"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -40,13 +42,12 @@ type Release struct {
 	baseChartsDir string
 }
 
-func NewRelease(ctx context.Context, projectRoot string, relDirInProject string, configFile string, baseChartsDir string, helmAuthProvider auth.HelmAuthProvider, ociAuthProvider auth_provider.OciAuthProvider) (*Release, error) {
+func NewRelease(ctx context.Context, projectRoot string, relDirInProject string, configFile string, baseChartsDir string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Release, error) {
 	var config types.HelmChartConfig
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
 		return nil, err
 	}
-
 	if config.ChartVersion != "" {
 		_, err = semver.NewVersion(config.ChartVersion)
 		if err != nil {
@@ -77,7 +78,7 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 	if credentialsId != "" {
 		status.Deprecation(ctx, "helm-release-credentials-id", "'credentialsId' in helm-chart.yaml is deprecated and support for it will be removed in a future version of Kluctl.")
 	}
-	chart, err := NewChart(config.Repo, localPath, config.ChartName, helmAuthProvider, credentialsId, ociAuthProvider)
+	chart, err := NewChart(config.Repo, localPath, config.ChartName, config.Git, helmAuthProvider, credentialsId, ociAuthProvider, gitRp, ociRp)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 100655290..1c0f3abac 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -2,23 +2,25 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
 type HelmChartConfig2 struct {
-	Repo              string  `json:"repo,omitempty"`
-	Path              string  `json:"path,omitempty"`
-	CredentialsId     *string `json:"credentialsId,omitempty"`
-	ChartName         string  `json:"chartName,omitempty"`
-	ChartVersion      string  `json:"chartVersion,omitempty"`
-	UpdateConstraints *string `json:"updateConstraints,omitempty"`
-	ReleaseName       string  `json:"releaseName" validate:"required"`
-	Namespace         *string `json:"namespace,omitempty"`
-	Output            *string `json:"output,omitempty"`
-	SkipCRDs          bool    `json:"skipCRDs,omitempty"`
-	SkipUpdate        bool    `json:"skipUpdate,omitempty"`
-	SkipPrePull       bool    `json:"skipPrePull,omitempty"`
+	Repo              string        `json:"repo,omitempty"`
+	Git               types.GitInfo `json:"git,omitempty" validate:"required"`
+	Path              string        `json:"path,omitempty"`
+	CredentialsId     *string       `json:"credentialsId,omitempty"`
+	ChartName         string        `json:"chartName,omitempty"`
+	ChartVersion      string        `json:"chartVersion,omitempty"`
+	UpdateConstraints *string       `json:"updateConstraints,omitempty"`
+	ReleaseName       string        `json:"releaseName" validate:"required"`
+	Namespace         *string       `json:"namespace,omitempty"`
+	Output            *string       `json:"output,omitempty"`
+	SkipCRDs          bool          `json:"skipCRDs,omitempty"`
+	SkipUpdate        bool          `json:"skipUpdate,omitempty"`
+	SkipPrePull       bool          `json:"skipPrePull,omitempty"`
 }
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 70cd30294..dc645d9b4 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -482,6 +482,7 @@ func (in *HelmChartConfig) DeepCopy() *HelmChartConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmChartConfig2) DeepCopyInto(out *HelmChartConfig2) {
 	*out = *in
+	in.Git.DeepCopyInto(&out.Git)
 	if in.CredentialsId != nil {
 		in, out := &in.CredentialsId, &out.CredentialsId
 		*out = new(string)
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 65bfdd9e2..9331cd2e6 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -130,6 +130,7 @@ export class IgnoreForDiffItemConfig {
 }
 export class HelmChartConfig {
     repo?: string;
+    git?: GitInfo;
     path?: string;
     credentialsId?: string;
     chartName?: string;
@@ -145,6 +146,7 @@ export class HelmChartConfig {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.repo = source["repo"];
+        this.git = this.convertValues(source["git"], GitInfo);
         this.path = source["path"];
         this.credentialsId = source["credentialsId"];
         this.chartName = source["chartName"];
@@ -157,6 +159,24 @@ export class HelmChartConfig {
         this.skipUpdate = source["skipUpdate"];
         this.skipPrePull = source["skipPrePull"];
     }
+
+	convertValues(a: any, classs: any, asMap: boolean = false): any {
+	    if (!a) {
+	        return a;
+	    }
+	    if (a.slice) {
+	        return (a as any[]).map(elem => this.convertValues(elem, classs));
+	    } else if ("object" === typeof a) {
+	        if (asMap) {
+	            for (const key of Object.keys(a)) {
+	                a[key] = new classs(a[key]);
+	            }
+	            return a;
+	        }
+	        return new classs(a);
+	    }
+	    return a;
+	}
 }
 export class WaitReadinessObjectItemConfig {
     group?: string;

From f0f4fc87ec722cc0e19f44066edae25144b3318b Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Tue, 23 Jul 2024 14:26:33 +0200
Subject: [PATCH 2148/2268] feat(helm): add check if chart source is a registry
 or a repository

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 46ed3e27c..05490e767 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -104,6 +104,14 @@ func (c *Chart) IsLocalChart() bool {
 	return c.localPath != ""
 }
 
+func (c *Chart) IsRegistryChart() bool {
+	return c.repo != ""
+}
+
+func (c *Chart) IsRepositoryChart() bool {
+	return c.git != types.GitInfo{}
+}
+
 func (c *Chart) GetLocalChartVersion() (string, error) {
 	chartYaml, err := uo.FromFile(yaml.FixPathExt(filepath.Join(c.localPath, "Chart.yaml")))
 	if err != nil {

From c920cab1f5e924824112b8b1680f01670c8a474a Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Tue, 23 Jul 2024 14:31:26 +0200
Subject: [PATCH 2149/2268] refactor: versioned and unversioned directory for
 helm chart dir

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go   |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 pkg/helm/chart.go                      | 90 +++++++++++++++++++++++---
 3 files changed, 83 insertions(+), 11 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 754761f88..9fe9ad977 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -92,7 +92,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 			}
 		}
 
-		chartsDir, err := chart.BuildPulledChartDir(baseChartsDir, "")
+		chartsDir, err := chart.BuildPulledChartDir(baseChartsDir)
 		if err != nil {
 			return actions, err
 		}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index c242d187d..995489722 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -163,7 +163,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	upgrades := map[helmUpgradeKey][]*helm.Release{}
 
 	for _, hr := range releases {
-		cd, err := hr.Chart.BuildPulledChartDir(baseChartsDir, "")
+		cd, err := hr.Chart.BuildPulledChartDir(baseChartsDir)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 05490e767..728199848 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -127,11 +127,7 @@ func (c *Chart) GetLocalChartVersion() (string, error) {
 	return x, nil
 }
 
-func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, error) {
-	if baseDir == "" {
-		return "", fmt.Errorf("can't determine pulled chart dir. No base dir for charts found")
-	}
-
+func (c *Chart) BuildRegistryPulledChartDir(baseDir string) (string, error) {
 	u, err := url.Parse(c.repo)
 	if err != nil {
 		return "", err
@@ -165,12 +161,89 @@ func (c *Chart) BuildPulledChartDir(baseDir string, version string) (string, err
 		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
 		filepath.FromSlash(strings.ToLower(u.Path)),
 	)
-	if u.Scheme != "oci" {
+	if scheme != "oci" {
 		dir = filepath.Join(dir, c.chartName)
 	}
+	return dir, nil
+}
+
+func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version string) (string, error) {
+	dir, err := c.BuildRegistryPulledChartDir(baseDir)
+	if err != nil {
+		return "", err
+	}
 	if version != "" {
 		dir = filepath.Join(dir, version)
 	}
+	return dir, nil
+}
+
+func (c *Chart) BuildRepositoryPulledChartDir(baseDir string) (string, error) {
+	scheme := c.git.Url.Scheme
+	port := c.git.Url.NormalizePort()
+	hostname := c.git.Url.Hostname()
+	path := c.git.Url.Path
+	if port != "" {
+		scheme += "_" + port
+	}
+	dir := filepath.Join(
+		baseDir,
+		fmt.Sprintf("%s_%s", scheme, strings.ToLower(hostname)),
+		filepath.FromSlash(strings.ToLower(path)),
+	)
+	return dir, nil
+}
+
+func (c *Chart) BuildVersionedRepositoryPulledChartDir(baseDir string, version string) (string, error) {
+	dir, err := c.BuildRepositoryPulledChartDir(baseDir)
+	if err != nil {
+		return "", err
+	}
+	dir = filepath.Join(dir, version)
+	return dir, nil
+}
+
+func (c *Chart) BuildPulledChartDir(baseDir string) (string, error) {
+	var dir string
+	var err error
+	if baseDir == "" {
+		return "", fmt.Errorf("can't determine pulled chart dir. No base dir for charts found")
+	}
+	if c.IsRegistryChart() {
+		dir, err = c.BuildRegistryPulledChartDir(baseDir)
+		if err != nil {
+			return "", err
+		}
+	} else if c.IsRepositoryChart() {
+		dir, err = c.BuildRepositoryPulledChartDir(baseDir)
+		if err != nil {
+			return "", err
+		}
+	}
+	err = utils.CheckInDir(baseDir, dir)
+	if err != nil {
+		return "", err
+	}
+	return dir, nil
+}
+
+func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version string) (string, error) {
+	var dir string
+	var err error
+	if baseDir == "" {
+		return "", fmt.Errorf("can't determine pulled chart dir. No base dir for charts found")
+	}
+	if c.IsRegistryChart() {
+		dir, err = c.BuildVersionedRegistryPulledChartDir(baseDir, version)
+		if err != nil {
+			return "", err
+		}
+	} else if c.IsRepositoryChart() {
+		dir, err = c.BuildVersionedRepositoryPulledChartDir(baseDir, version)
+		if err != nil {
+			return "", err
+		}
+	}
 	err = utils.CheckInDir(baseDir, dir)
 	if err != nil {
 		return "", err
@@ -342,7 +415,7 @@ func (c *Chart) Pull(ctx context.Context, pc *PulledChart) error {
 
 func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart, *lockedfile.File, error) {
 	baseDir := filepath.Join(utils.GetCacheDir(ctx), "helm-charts")
-	cacheDir, err := c.BuildPulledChartDir(baseDir, version)
+	cacheDir, err := c.BuildVersionedPulledChartDir(baseDir, version)
 	_ = os.MkdirAll(cacheDir, 0o755)
 
 	lock, err := lockedfile.Create(cacheDir + ".lock")
@@ -415,8 +488,7 @@ func (c *Chart) GetPrePulledChart(baseDir string, version string) (*PulledChart,
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
-
-	chartDir, err := c.BuildPulledChartDir(baseDir, version)
+	chartDir, err := c.BuildVersionedPulledChartDir(baseDir, version)
 	if err != nil {
 		return nil, err
 	}

From de97a90ae25239613d19d96e6f01d41fccc3dcc8 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Tue, 23 Jul 2024 14:33:33 +0200
Subject: [PATCH 2150/2268] feat: support pull of helm charts from git
 repository

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go |  12 +-
 pkg/helm/chart.go                    | 170 +++++++++++++++++++++------
 pkg/helm/helm_release.go             | 117 +++++++++++-------
 pkg/helm/pulled_chart.go             |  81 +++++++++----
 pkg/types/helm_chart.go              |  58 ++++++++-
 5 files changed, 334 insertions(+), 104 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 9fe9ad977..550f10fa5 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -81,14 +81,22 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 	for _, chart := range charts {
 		chart := chart
 		statusPrefix := chart.GetChartName()
-
 		versionsToPull := map[string]bool{}
 		for _, hr := range releases {
 			if hr.Config.SkipPrePull {
 				continue
 			}
 			if hr.Chart == chart {
-				versionsToPull[hr.Config.ChartVersion] = true
+				if hr.Chart.IsRegistryChart() {
+					versionsToPull[hr.Config.ChartVersion] = true
+				}
+				if hr.Chart.IsRepositoryChart() {
+					ref, _, err := hr.Config.GetGitRef()
+					if err != nil {
+						return actions, err
+					}
+					versionsToPull[ref] = true
+				}
 			}
 		}
 
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 728199848..bffcc1862 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -2,6 +2,7 @@ package helm
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"net/url"
 	"os"
@@ -56,8 +57,8 @@ func NewChart(repo string, localPath string, chartName string, git types.GitInfo
 		ociRp:            ociRp,
 	}
 
-	if localPath == "" && repo == "" {
-		return nil, fmt.Errorf("repo and localPath are missing")
+	if localPath == "" && repo == "" && git == (types.GitInfo{}) {
+		return nil, fmt.Errorf("repo, localPath and git are missing")
 	}
 
 	if hc.IsLocalChart() {
@@ -83,6 +84,17 @@ func NewChart(repo string, localPath string, chartName string, git types.GitInfo
 			return nil, fmt.Errorf("invalid oci chart url: %s", repo)
 		}
 		hc.chartName = chartName
+	} else if hc.IsRepositoryChart() {
+		if chartName != "" {
+			return nil, fmt.Errorf("chartName can't be specified when using git repos")
+		}
+		s := strings.Split(hc.git.Url.String(), "/")
+		chartName := strings.Join(s[len(s)-2:len(s)], "-")
+		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
+			return nil, fmt.Errorf("invalid git url: %s", hc.git.Url.String())
+		}
+		hc.chartName = chartName
+
 	} else if chartName == "" {
 		return nil, fmt.Errorf("chartName is missing")
 	} else {
@@ -112,6 +124,22 @@ func (c *Chart) IsRepositoryChart() bool {
 	return c.git != types.GitInfo{}
 }
 
+func (c *Chart) HasGitBranchDefined() bool {
+	return c.IsRepositoryChart() && c.git.Ref.Branch != ""
+}
+
+func (c *Chart) HasGitTagDefined() bool {
+	return c.IsRepositoryChart() && c.git.Ref.Tag != ""
+}
+
+func (c *Chart) GetGitBranch() string {
+	return c.git.Ref.Branch
+}
+
+func (c *Chart) GetGitTag() string {
+	return c.git.Ref.Branch
+}
+
 func (c *Chart) GetLocalChartVersion() (string, error) {
 	chartYaml, err := uo.FromFile(yaml.FixPathExt(filepath.Join(c.localPath, "Chart.yaml")))
 	if err != nil {
@@ -155,13 +183,12 @@ func (c *Chart) BuildRegistryPulledChartDir(baseDir string) (string, error) {
 	if port != "" {
 		scheme += "_" + port
 	}
-
 	dir := filepath.Join(
 		baseDir,
 		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
 		filepath.FromSlash(strings.ToLower(u.Path)),
 	)
-	if scheme != "oci" {
+	if u.Scheme != "oci" {
 		dir = filepath.Join(dir, c.chartName)
 	}
 	return dir, nil
@@ -248,7 +275,6 @@ func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version string) (st
 	if err != nil {
 		return "", err
 	}
-
 	return dir, nil
 }
 
@@ -295,32 +321,21 @@ func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings
 	return registryClient, cleanup, nil
 }
 
-func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
-	if c.IsLocalChart() {
-		return nil, fmt.Errorf("can not pull local charts")
-	}
-
+func (c *Chart) PullFromRegistry(ctx context.Context, version string, tmpPullDir string, chartDir string) error {
 	u, err := url.Parse(c.repo)
 	if err != nil {
-		return nil, err
-	}
-
-	tmpPullDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pull-")
-	if err != nil {
-		return nil, err
+		return err
 	}
-	defer os.RemoveAll(tmpPullDir)
-
 	settings := cli.New()
 	registryClient, cleanup, err := c.newRegistryClient(ctx, settings)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	defer cleanup()
 
 	cfg, err := buildHelmConfig(nil, registryClient)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	a := action.NewPullWithOpts(action.WithConfig(cfg))
@@ -331,14 +346,14 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 
 	if c.credentialsId != "" {
 		if registry.IsOCI(c.repo) {
-			return nil, fmt.Errorf("OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments")
+			return fmt.Errorf("OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments")
 		}
 	}
 
 	if !registry.IsOCI(c.repo) {
 		helmCreds, cf, err := c.helmAuthProvider.FindAuthEntry(ctx, *u, c.credentialsId)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		defer cf()
 
@@ -364,25 +379,86 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		status.Infof(ctx, "Message from Helm:\n%s", out)
 	}
 	if err != nil {
-		return nil, err
-	}
-
-	chartDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pulled-")
-	if err != nil {
-		return nil, err
+		return err
 	}
-
 	// move chart
 	des, err := os.ReadDir(filepath.Join(tmpPullDir, c.chartName))
 	if err != nil {
-		return nil, err
+		return err
 	}
 	for _, de := range des {
 		err = os.Rename(filepath.Join(tmpPullDir, c.chartName, de.Name()), filepath.Join(chartDir, de.Name()))
 		if err != nil {
-			return nil, err
+			return err
 		}
 	}
+	return nil
+}
+
+func (c *Chart) PullFromRepository(ctx context.Context, chartDir string) error {
+	m, err := c.gitRp.GetEntry(c.git.Url.String())
+	if err != nil {
+		return err
+	}
+	err = m.Update()
+	if err != nil {
+		return err
+	}
+	cd, gitInfo, err := m.GetClonedDir(c.git.Ref)
+	if err != nil {
+		return err
+	}
+	des, err := os.ReadDir(filepath.Join(cd, c.git.SubDir))
+	if err != nil {
+		return err
+	}
+
+	for _, de := range des {
+		err = os.Rename(filepath.Join(cd, c.git.SubDir, de.Name()), filepath.Join(chartDir, de.Name()))
+		if err != nil {
+			return err
+		}
+	}
+	if err != nil {
+		return err
+	}
+
+	out, err := json.Marshal(gitInfo)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(filepath.Join(chartDir, ".git-info"), out, 0o755)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
+	if c.IsLocalChart() {
+		return nil, fmt.Errorf("can not pull local charts")
+	}
+
+	tmpPullDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pull-")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmpPullDir)
+
+	chartDir, err := os.MkdirTemp(utils.GetTmpBaseDir(ctx), c.chartName+"-pulled-")
+	if err != nil {
+		return nil, err
+	}
+	if c.IsRegistryChart() {
+		err = c.PullFromRegistry(ctx, version, tmpPullDir, chartDir)
+	} else if c.IsRepositoryChart() {
+		err = c.PullFromRepository(ctx, chartDir)
+	} else {
+		return nil, fmt.Errorf("unknown type of helm chart source")
+	}
+	if err != nil {
+		return nil, err
+	}
 
 	return NewPulledChart(c, version, chartDir, true), nil
 }
@@ -499,11 +575,17 @@ func (c *Chart) QueryVersions(ctx context.Context) error {
 	if c.IsLocalChart() {
 		return fmt.Errorf("can not query versions for local charts")
 	}
-
-	if registry.IsOCI(c.repo) {
-		return c.queryVersionsOci(ctx)
+	if c.IsRegistryChart() {
+		if registry.IsOCI(c.repo) {
+			return c.queryVersionsOci(ctx)
+		} else {
+			return c.queryVersionsHelmRepo(ctx)
+		}
 	}
-	return c.queryVersionsHelmRepo(ctx)
+	if c.IsRepositoryChart() {
+		return c.queryVersionsGitRepo(ctx)
+	}
+	return fmt.Errorf("chart type is not supported! Please use a local, registry or repository chart.")
 }
 
 func (c *Chart) queryVersionsOci(ctx context.Context) error {
@@ -532,6 +614,16 @@ func (c *Chart) queryVersionsOci(ctx context.Context) error {
 	return nil
 }
 
+func (c *Chart) queryVersionsGitRepo(ctx context.Context) error {
+	if c.HasGitBranchDefined() {
+		return nil
+	}
+	if c.HasGitTagDefined() {
+		return nil
+	}
+	return fmt.Errorf("neither branch nor tag is specified")
+}
+
 func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
 	settings := cli.New()
 
@@ -589,10 +681,12 @@ func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
 }
 
 func (c *Chart) GetLatestVersion(constraints *string) (string, error) {
-	if len(c.versions) == 0 {
-		return "", fmt.Errorf("no versions found or queried")
+	if c.IsRegistryChart() && len(c.versions) == 0 {
+		return "", fmt.Errorf("no versions found or queried: %s", c.GetChartName())
+	}
+	if c.IsRepositoryChart() && c.HasGitBranchDefined() {
+		return "", nil
 	}
-
 	var err error
 	var updateConstraints *semver.Constraints
 	if constraints != nil {
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index d256bf9f3..75b2f2a8c 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -9,7 +9,6 @@ import (
 
 	"github.com/Masterminds/semver/v3"
 	securejoin "github.com/cyphar/filepath-securejoin"
-	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
@@ -44,6 +43,7 @@ type Release struct {
 
 func NewRelease(ctx context.Context, projectRoot string, relDirInProject string, configFile string, baseChartsDir string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Release, error) {
 	var config types.HelmChartConfig
+	var localPath string
 	err := yaml.ReadYamlFile(configFile, &config)
 	if err != nil {
 		return nil, err
@@ -55,30 +55,23 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 		}
 	}
 
-	localPath := ""
-	if config.Path != "" {
-		if filepath.IsAbs(config.Path) {
-			return nil, fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
-		}
-		localPath = filepath.Join(projectRoot, relDirInProject, config.Path)
-		localPath, err = filepath.Abs(localPath)
+	if config.IsLocalChart() {
+		err := config.ErrWhenLocalPathInvalid()
 		if err != nil {
 			return nil, err
 		}
-		err = utils.CheckInDir(projectRoot, localPath)
+		localPath, err = config.GetAbsoluteLocalPath(projectRoot, relDirInProject)
 		if err != nil {
 			return nil, err
 		}
 	}
-
-	credentialsId := ""
+	credentialsIdValue := ""
 	if config.CredentialsId != nil {
-		credentialsId = *config.CredentialsId
-	}
-	if credentialsId != "" {
 		status.Deprecation(ctx, "helm-release-credentials-id", "'credentialsId' in helm-chart.yaml is deprecated and support for it will be removed in a future version of Kluctl.")
+		credentialsIdValue = *config.CredentialsId
 	}
-	chart, err := NewChart(config.Repo, localPath, config.ChartName, config.Git, helmAuthProvider, credentialsId, ociAuthProvider, gitRp, ociRp)
+
+	chart, err := NewChart(config.Repo, localPath, config.ChartName, config.Git, helmAuthProvider, credentialsIdValue, ociAuthProvider, gitRp, ociRp)
 	if err != nil {
 		return nil, err
 	}
@@ -122,42 +115,82 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		}
 		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
 	}
+	if hr.Chart.IsRegistryChart() {
+		if !hr.Config.SkipPrePull {
+			pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
+			if err != nil {
+				return nil, err
+			}
 
-	if !hr.Config.SkipPrePull {
-		pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
-		if err != nil {
-			return nil, err
-		}
+			needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
+			if err != nil {
+				return nil, err
+			}
 
-		needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
-		if err != nil {
-			return nil, err
-		}
+			if needsPull {
+				if versionChanged {
+					return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+						"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
+				} else {
+					//goland:noinspection ALL
+					return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
+						"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+				}
+			}
+
+			return pc, nil
+		} else {
+			s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
+			defer s.Failed()
 
-		if needsPull {
-			if versionChanged {
-				return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-					"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
-			} else {
-				//goland:noinspection ALL
-				return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
-					"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+			pc, err := hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
+			if err != nil {
+				return nil, err
 			}
+			s.Success()
+
+			return pc, nil
 		}
+	}
+	if hr.Chart.IsRepositoryChart() {
+		var pc *PulledChart
+		var err error
+		ref, _, err := hr.Config.GetGitRef()
+		if !hr.Config.SkipPrePull {
+			pc, err = hr.Chart.GetPrePulledChart(hr.baseChartsDir, ref)
+			if err != nil {
+				return nil, err
+			}
+			needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
+			if err != nil {
+				return nil, err
+			}
 
-		return pc, nil
-	} else {
-		s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
-		defer s.Failed()
+			if needsPull {
+				if versionChanged {
+					return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+						"Desired ref is %s while pre-pulled ref is %s", hr.Chart.GetChartName(), ref, prePulledVersion)
+				} else {
+					//goland:noinspection ALL
+					return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
+						"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
+				}
+			}
+			return pc, nil
+		} else {
+			s := status.Startf(ctx, "Pulling Helm Chart %s with branch, tag or commit %s", hr.Chart.GetChartName(), ref)
+			defer s.Failed()
 
-		pc, err := hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
-		if err != nil {
-			return nil, err
-		}
-		s.Success()
+			pc, err := hr.Chart.PullCached(ctx, ref)
+			if err != nil {
+				return nil, err
+			}
+			s.Success()
 
-		return pc, nil
+			return pc, nil
+		}
 	}
+	return nil, fmt.Errorf("Unkown source of Helm Chart. Please set either path, repo or git.")
 }
 
 func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter *decryptor.Decryptor) error {
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index f80d06147..7a38f536d 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -1,12 +1,15 @@
 package helm
 
 import (
-	"github.com/kluctl/kluctl/lib/yaml"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
-	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"bytes"
+	"encoding/json"
 	"os"
 	"path/filepath"
 	"time"
+
+	"github.com/kluctl/kluctl/lib/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 )
 
 type PulledChart struct {
@@ -37,29 +40,67 @@ func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
 	if !utils.IsDirectory(pc.dir) {
 		return true, false, "", nil
 	}
+	if pc.chart.IsRegistryChart() {
+		chartYamlPath := yaml.FixPathExt(filepath.Join(pc.dir, "Chart.yaml"))
+		st, err := os.Stat(chartYamlPath)
+		if err != nil {
+			if os.IsNotExist(err) {
+				return true, false, "", nil
+			}
+			return false, false, "", err
+		}
 
-	chartYamlPath := yaml.FixPathExt(filepath.Join(pc.dir, "Chart.yaml"))
-	st, err := os.Stat(chartYamlPath)
-	if err != nil {
-		if os.IsNotExist(err) {
+		if pc.isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
+			// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
 			return true, false, "", nil
 		}
-		return false, false, "", err
-	}
 
-	if pc.isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
-		// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
-		return true, false, "", nil
-	}
+		chartYaml, err := uo.FromFile(chartYamlPath)
+		if err != nil {
+			return false, false, "", err
+		}
+
+		version, _, _ := chartYaml.GetNestedString("version")
 
-	chartYaml, err := uo.FromFile(chartYamlPath)
-	if err != nil {
-		return false, false, "", err
+		if version != pc.version {
+			return true, true, version, nil
+		}
 	}
 
-	version, _, _ := chartYaml.GetNestedString("version")
-	if version != pc.version {
-		return true, true, version, nil
+	if pc.chart.IsRepositoryChart() {
+		// Update git cache and check if git-info differs
+		// If something is missing, re-pull
+		m, err := pc.chart.gitRp.GetEntry(pc.chart.git.Url.String())
+		if err != nil {
+			return true, false, "", err
+		}
+		err = m.Update()
+		if err != nil {
+			return true, false, "", err
+		}
+		_, gitInfo, err := m.GetClonedDir(pc.chart.git.Ref)
+		if err != nil {
+			return true, false, "", err
+		}
+		gif, err := os.ReadFile(filepath.Join(pc.dir, ".git-info"))
+		if err != nil {
+			return true, false, "", nil
+		}
+		out, err := json.Marshal(gitInfo)
+		if err != nil {
+			return true, false, "", nil
+
+		}
+		if err != nil {
+			return true, false, "", err
+		}
+		if bytes.Equal(out, gif) {
+			return false, false, "", nil
+		} else {
+			return true, true, gitInfo.CheckedOutCommit, nil
+		}
+
 	}
-	return false, false, version, nil
+
+	return false, false, "", nil
 }
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 1c0f3abac..11505839d 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,9 +1,13 @@
 package types
 
 import (
+	"fmt"
+	"path/filepath"
+
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
@@ -25,8 +29,8 @@ type HelmChartConfig2 struct {
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
 	c := sl.Current().Interface().(HelmChartConfig2)
-	if c.Repo == "" && c.Path == "" {
-		sl.ReportError("self", "repo", "repo", "either repo or path must be specified", "")
+	if c.Repo == "" && c.Path == "" && c.Git == (types.GitInfo{}) {
+		sl.ReportError("self", "repo", "repo", "either repo, path or git must be specified", "")
 	} else if c.Repo != "" && c.Path != "" {
 		sl.ReportError("self", "repo", "repo", "only one of repo and path can be specified", "")
 	} else if c.Repo != "" {
@@ -59,6 +63,56 @@ type HelmChartConfig struct {
 	HelmChartConfig2 `json:"helmChart" validate:"required"`
 }
 
+func (c *HelmChartConfig2) IsLocalChart() bool {
+	return c.Path != ""
+}
+func (c *HelmChartConfig2) ErrWhenLocalPathInvalid() error {
+	if filepath.IsAbs(c.Path) {
+		return fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
+	}
+	return nil
+}
+
+func (c *HelmChartConfig2) GetAbsoluteLocalPath(projectRoot string, relDirInProject string) (string, error) {
+	localPath := ""
+	localPath = filepath.Join(projectRoot, relDirInProject, c.Path)
+	localPath, err := filepath.Abs(localPath)
+	if err != nil {
+		return "", err
+	}
+	err = utils.CheckInDir(projectRoot, localPath)
+	if err != nil {
+		return "", err
+	}
+	return localPath, nil
+}
+
+func (c *HelmChartConfig2) IsOciRegistryChart() bool {
+	return c.Repo != "" && registry.IsOCI(c.Repo)
+}
+
+func (c *HelmChartConfig2) IsHelmRegistryChart() bool {
+	return c.Repo != "" && !registry.IsOCI(c.Repo)
+}
+
+func (c *HelmChartConfig2) IsGitRepositoryChart() bool {
+	return c.Git != (types.GitInfo{})
+}
+
+func (c *HelmChartConfig2) GetGitRef() (string, string, error) {
+	if c.Git.Ref.Branch != "" {
+		return c.Git.Ref.Branch, "branch", nil
+	}
+	if c.Git.Ref.Tag != "" {
+		return c.Git.Ref.Tag, "tag", nil
+	}
+
+	if c.Git.Ref.Commit != "" {
+		return c.Git.Ref.Commit, "commit", nil
+	}
+	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
+}
+
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateHelmChartConfig2, HelmChartConfig2{})
 }

From 294c3241a805551a72514324f90ec2f588740350 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Thu, 25 Jul 2024 15:59:19 +0200
Subject: [PATCH 2151/2268] refactor(commands): move unused chart cleanup in
 separate function

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go | 45 ++++++++++++++++------------
 1 file changed, 26 insertions(+), 19 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 550f10fa5..39aed7064 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -66,6 +66,30 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	return err
 }
 
+func cleanupUnusedCharts(ctx context.Context, versionsToPull map[string]bool, dryRun bool, chartsDir string) (int, error) {
+	actions := 0
+	des, err := os.ReadDir(chartsDir)
+	if err != nil && !os.IsNotExist(err) {
+		return actions, err
+	}
+	for _, de := range des {
+		if !de.IsDir() {
+			continue
+		}
+		if _, ok := versionsToPull[de.Name()]; !ok {
+			actions++
+			if !dryRun {
+				status.Infof(ctx, "Removing unused Chart with version or ref %s", de.Name())
+				err = os.RemoveAll(filepath.Join(chartsDir, de.Name()))
+				if err != nil {
+					return actions, err
+				}
+			}
+		}
+	}
+	return actions, nil
+}
+
 func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache, dryRun bool, force bool) (int, error) {
 	actions := 0
 
@@ -104,25 +128,8 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 		if err != nil {
 			return actions, err
 		}
-		des, err := os.ReadDir(chartsDir)
-		if err != nil && !os.IsNotExist(err) {
-			return actions, err
-		}
-		for _, de := range des {
-			if !de.IsDir() {
-				continue
-			}
-			if _, ok := versionsToPull[de.Name()]; !ok {
-				actions++
-				if !dryRun {
-					status.Infof(ctx, "Removing unused Chart with version %s", de.Name())
-					err = os.RemoveAll(filepath.Join(chartsDir, de.Name()))
-					if err != nil {
-						return actions, err
-					}
-				}
-			}
-		}
+		cleanupActions, err := cleanupUnusedCharts(ctx, versionsToPull, dryRun, chartsDir)
+		actions += cleanupActions
 
 		for version, _ := range versionsToPull {
 			version := version

From 45bad6b3a15112c9a754094709d63c6f6465ef32 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Thu, 25 Jul 2024 16:04:37 +0200
Subject: [PATCH 2152/2268] refactor(helm): move check if version is semantic
 to separate function

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/helm_release.go | 7 -------
 pkg/helm/utils.go        | 9 +++++++++
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 75b2f2a8c..106a487d2 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/Masterminds/semver/v3"
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
@@ -48,12 +47,6 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 	if err != nil {
 		return nil, err
 	}
-	if config.ChartVersion != "" {
-		_, err = semver.NewVersion(config.ChartVersion)
-		if err != nil {
-			return nil, fmt.Errorf("invalid chart version '%s': %w", config.ChartVersion, err)
-		}
-	}
 
 	if config.IsLocalChart() {
 		err := config.ErrWhenLocalPathInvalid()
diff --git a/pkg/helm/utils.go b/pkg/helm/utils.go
index 6a9f71280..0787b5172 100644
--- a/pkg/helm/utils.go
+++ b/pkg/helm/utils.go
@@ -1,6 +1,7 @@
 package helm
 
 import (
+	"github.com/Masterminds/semver/v3"
 	"github.com/kluctl/kluctl/v2/pkg/k8s"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/registry"
@@ -12,3 +13,11 @@ func buildHelmConfig(k *k8s.K8sCluster, registryClient *registry.Client) (*actio
 		RegistryClient:   registryClient,
 	}, nil
 }
+
+func IsSemantic(version string) bool {
+	_, err := semver.NewVersion(version)
+	if err != nil {
+		return false
+	}
+	return true
+}

From 1d47e7bbbbbce76555bff2bcf24eea3ae391953a Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 26 Jul 2024 14:52:11 +0200
Subject: [PATCH 2153/2268] feat(helm_chart): add meta check if chart is a
 registry chart

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/types/helm_chart.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 11505839d..f39ccfab7 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -87,6 +87,10 @@ func (c *HelmChartConfig2) GetAbsoluteLocalPath(projectRoot string, relDirInProj
 	return localPath, nil
 }
 
+func (c *HelmChartConfig2) IsRegistryChart() bool {
+	return c.IsOciRegistryChart() || c.IsHelmRegistryChart()
+}
+
 func (c *HelmChartConfig2) IsOciRegistryChart() bool {
 	return c.Repo != "" && registry.IsOCI(c.Repo)
 }

From 8f0f3db3f834073bf81f65ddfc4e8ffbca14d0bc Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 26 Jul 2024 14:52:46 +0200
Subject: [PATCH 2154/2268] feat(helm_chart): add getter for either chart
 version or git ref

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/types/helm_chart.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index f39ccfab7..a034c86b6 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -117,6 +117,20 @@ func (c *HelmChartConfig2) GetGitRef() (string, string, error) {
 	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
 }
 
+func (c *HelmChartConfig2) GetAbstractVersion() (string, error) {
+	if c.IsRegistryChart() {
+		return c.ChartVersion, nil
+	}
+	if c.IsGitRepositoryChart() {
+		ref, _, err := c.GetGitRef()
+		if err != nil {
+			return "", err
+		}
+		return ref, nil
+	}
+	return "", fmt.Errorf("neither chart version nor tag, commit or branch are defined")
+}
+
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateHelmChartConfig2, HelmChartConfig2{})
 }

From 44cff65b49be4a3447059f0a8f3a9ba07f3e9f07 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 26 Jul 2024 14:53:27 +0200
Subject: [PATCH 2155/2268] feat: support helm-update for git repository charts

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_update.go | 38 ++++++++++++++---
 pkg/helm/chart.go                      | 59 +++++++++++++++++---------
 2 files changed, 70 insertions(+), 27 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 995489722..efe9ad180 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -137,13 +137,32 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			if hr.Chart != chart {
 				continue
 			}
-			versionsToPull[hr.Config.ChartVersion] = true
+			if hr.Config.IsRegistryChart() {
+				versionsToPull[hr.Config.ChartVersion] = true
+			}
+			if hr.Config.IsGitRepositoryChart() {
+				ref, _, err := hr.Config.GetGitRef()
+				if err != nil {
+					return err
+				}
+				versionsToPull[ref] = true
+			}
 		}
 
 		for version, _ := range versionsToPull {
-			version := version
+			var out string
+			if chart.IsRegistryChart() {
+				out = fmt.Sprintf("%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
+			}
+			if chart.IsRepositoryChart() {
+				ref, _, err := chart.GetGitRef()
+				if err != nil {
+					return err
+				}
+				out = fmt.Sprintf("%s: Downloading Chart with branch, tag or commit %s into cache", chart.GetChartName(), ref)
+			}
 			g.RunE(func() error {
-				s := status.Startf(ctx, "%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
+				s := status.Startf(ctx, out)
 				defer s.Failed()
 				_, err := chart.PullCached(ctx, version)
 				if err != nil {
@@ -177,7 +196,12 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		if hr.Config.ChartVersion == latestVersion {
+		currentVersion, err := hr.Config.GetAbstractVersion()
+		if err != nil {
+			return err
+		}
+
+		if currentVersion == latestVersion {
 			continue
 		}
 
@@ -186,7 +210,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			continue
 		}
 
-		status.Infof(ctx, "%s: Chart %s (old version %s) has new version %s available", relDir, hr.Chart.GetChartName(), hr.Config.HelmChartConfig2.ChartVersion, latestVersion)
+		status.Infof(ctx, "%s: Chart %s (old version %s) has new version %s available", relDir, hr.Chart.GetChartName(), currentVersion, latestVersion)
 
 		if !cmd.Upgrade {
 			continue
@@ -199,7 +223,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			}
 		}
 
-		oldVersion := hr.Config.ChartVersion
+		oldVersion := currentVersion
 		hr.Config.ChartVersion = latestVersion
 		err = hr.Save()
 		if err != nil {
@@ -246,7 +270,7 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helm_auth.HelmAuthProvider, ociAuthProvider *oci_auth.OciAuthProviders, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) error {
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider *ociauth.OciAuthProviders, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) error {
 	chart := hrs[0].Chart
 	newVersion := hrs[0].Config.ChartVersion
 
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index bffcc1862..fbacc736b 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -124,20 +124,18 @@ func (c *Chart) IsRepositoryChart() bool {
 	return c.git != types.GitInfo{}
 }
 
-func (c *Chart) HasGitBranchDefined() bool {
-	return c.IsRepositoryChart() && c.git.Ref.Branch != ""
-}
-
-func (c *Chart) HasGitTagDefined() bool {
-	return c.IsRepositoryChart() && c.git.Ref.Tag != ""
-}
-
-func (c *Chart) GetGitBranch() string {
-	return c.git.Ref.Branch
-}
+func (c *Chart) GetGitRef() (string, string, error) {
+	if c.git.Ref.Branch != "" {
+		return c.git.Ref.Branch, "branch", nil
+	}
+	if c.git.Ref.Tag != "" {
+		return c.git.Ref.Tag, "tag", nil
+	}
 
-func (c *Chart) GetGitTag() string {
-	return c.git.Ref.Branch
+	if c.git.Ref.Commit != "" {
+		return c.git.Ref.Commit, "commit", nil
+	}
+	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
 }
 
 func (c *Chart) GetLocalChartVersion() (string, error) {
@@ -615,13 +613,37 @@ func (c *Chart) queryVersionsOci(ctx context.Context) error {
 }
 
 func (c *Chart) queryVersionsGitRepo(ctx context.Context) error {
-	if c.HasGitBranchDefined() {
+	ref, refType, err := c.GetGitRef()
+	if err != nil {
+		return err
+	}
+	if refType == "branch" {
 		return nil
 	}
-	if c.HasGitTagDefined() {
+	if refType == "commit" {
+		// Could be implemented at some point
 		return nil
 	}
-	return fmt.Errorf("neither branch nor tag is specified")
+	if refType == "tag" {
+		if IsSemantic(ref) {
+			m, err := c.gitRp.GetEntry(c.git.Url.String())
+			if err != nil {
+				return err
+			}
+			m.Update()
+			refs := m.GetRepoInfo().RemoteRefs
+			var semanticTags []string
+			for ref, _ := range refs {
+				after, found := strings.CutPrefix(ref, "refs/tags/")
+				if found {
+					semanticTags = append(semanticTags, after)
+				}
+			}
+			c.versions = semanticTags
+			return nil
+		}
+	}
+	return nil
 }
 
 func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
@@ -681,12 +703,9 @@ func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
 }
 
 func (c *Chart) GetLatestVersion(constraints *string) (string, error) {
-	if c.IsRegistryChart() && len(c.versions) == 0 {
+	if len(c.versions) == 0 {
 		return "", fmt.Errorf("no versions found or queried: %s", c.GetChartName())
 	}
-	if c.IsRepositoryChart() && c.HasGitBranchDefined() {
-		return "", nil
-	}
 	var err error
 	var updateConstraints *semver.Constraints
 	if constraints != nil {

From 2d08b16b0322735d58d9f00e11fd845cd68457e8 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 26 Jul 2024 14:58:42 +0200
Subject: [PATCH 2156/2268] docs(helm): add description how to specify git
 repository charts

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 docs/kluctl/deployments/helm.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/kluctl/deployments/helm.md b/docs/kluctl/deployments/helm.md
index 1057bb42a..794878f24 100644
--- a/docs/kluctl/deployments/helm.md
+++ b/docs/kluctl/deployments/helm.md
@@ -111,6 +111,23 @@ The name of the chart that can be found in the repository.
 ### chartVersion
 The version of the chart. Must be a valid semantic version.
 
+### git
+Instead of using `repo` for OCI/Helm registries or `path` for local charts, you can also pull Charts from Git repositories. You have to set the `url` as well as the `branch`, `tag` or `commit`. If the chart itself is in a sub directory, you can also specify a `subDir`:
+
+```yaml
+helmChart:
+ git:
+  url: https://github.com/mycharts/salt
+  ref:
+   branch: main
+   #tag: v1.0.0 -- branch, tag and commit are mutually exclusive
+   #commit: 015244630b53eb69d77858e5587641b741e91706 -- branch, tag and commit are mutually exclusive
+  subDir: charts/path/to/chart
+ releaseName: salt
+ namespace: salt
+```
+In order to be able to use the `helm-update` command, the branch or tag has to be semantic. If this is not the case, the update is skipped.
+
 ### updateConstraints
 Specifies version constraints to be used when running [helm-update](../commands/helm-update.md). See
 [Checking Version Constraints](https://github.com/Masterminds/semver#checking-version-constraints) for details on the

From 1fe42be380fd7fdc6cacaba055a404e7e5b7e8ab Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 26 Jul 2024 16:14:10 +0200
Subject: [PATCH 2157/2268] tests(helm_test): modify existings tests to support
 git helm repos

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 e2e/helm_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 6abf74a1e..4d2c9a841 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -979,7 +979,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		return nil
 	}, "")
 	_, stderr = p.KluctlMust(t, args...)
-	assert.Contains(t, stderr, "Removing unused Chart with version 0.1.0")
+	assert.Contains(t, stderr, "Removing unused Chart with version or ref 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))

From c741483657d0ee9bc1ebf88b49d927dc406e0ee5 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Mon, 29 Jul 2024 16:16:26 +0200
Subject: [PATCH 2158/2268] feat(commands): add message callbacks for git auth
 provider

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go   | 10 +++++++++-
 cmd/kluctl/commands/cmd_helm_update.go |  9 ++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 39aed7064..a79f57e05 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	gitauth "github.com/kluctl/kluctl/lib/git/auth"
+	"github.com/kluctl/kluctl/lib/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
@@ -16,6 +17,7 @@ import (
 	"github.com/kluctl/kluctl/v2/pkg/helm"
 	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
 	ociauth "github.com/kluctl/kluctl/v2/pkg/oci/auth_provider"
+	"github.com/kluctl/kluctl/v2/pkg/prompts"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 )
@@ -42,7 +44,13 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 		return fmt.Errorf("helm-pull can only be used on the root of a Kluctl project that must have a .kluctl.yaml or .kluctl-library.yaml file")
 	}
 	sshPool := &ssh_pool.SshPool{}
-	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", nil)
+	messageCallbacks := &messages.MessageCallbacks{
+		WarningFn:            func(s string) { status.Warning(ctx, s) },
+		TraceFn:              func(s string) { status.Trace(ctx, s) },
+		AskForPasswordFn:     func(s string) (string, error) { return prompts.AskForPassword(ctx, s) },
+		AskForConfirmationFn: func(s string) bool { return prompts.AskForConfirmation(ctx, s) },
+	}
+	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index efe9ad180..e23cf3ade 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -13,6 +13,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/format/index"
 	git2 "github.com/kluctl/kluctl/lib/git"
 	gitauth "github.com/kluctl/kluctl/lib/git/auth"
+	"github.com/kluctl/kluctl/lib/git/messages"
 	ssh_pool "github.com/kluctl/kluctl/lib/git/ssh-pool"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
@@ -55,7 +56,13 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		return err
 	}
 	sshPool := &ssh_pool.SshPool{}
-	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", nil)
+	messageCallbacks := &messages.MessageCallbacks{
+		WarningFn:            func(s string) { status.Warning(ctx, s) },
+		TraceFn:              func(s string) { status.Trace(ctx, s) },
+		AskForPasswordFn:     func(s string) (string, error) { return prompts.AskForPassword(ctx, s) },
+		AskForConfirmationFn: func(s string) bool { return prompts.AskForConfirmation(ctx, s) },
+	}
+	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {

From 55ce039e2817069c340cc9f75e005e1946b4473d Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 08:41:29 +0200
Subject: [PATCH 2159/2268] fix(types): pass GitInfo as a pointer

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go                  | 8 ++++----
 pkg/helm/pulled_chart.go           | 4 ----
 pkg/types/helm_chart.go            | 6 +++---
 pkg/types/zz_generated.deepcopy.go | 6 +++++-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index fbacc736b..e996d13e8 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -34,7 +34,7 @@ type Chart struct {
 	repo             string
 	localPath        string
 	chartName        string
-	git              types.GitInfo
+	git              *types.GitInfo
 	helmAuthProvider helmauth.HelmAuthProvider
 	ociAuthProvider  ociauth.OciAuthProvider
 	gitRp            *repocache.GitRepoCache
@@ -45,7 +45,7 @@ type Chart struct {
 	versions []string
 }
 
-func NewChart(repo string, localPath string, chartName string, git types.GitInfo, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, git *types.GitInfo, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
 	hc := &Chart{
 		repo:             repo,
 		git:              git,
@@ -57,7 +57,7 @@ func NewChart(repo string, localPath string, chartName string, git types.GitInfo
 		ociRp:            ociRp,
 	}
 
-	if localPath == "" && repo == "" && git == (types.GitInfo{}) {
+	if localPath == "" && repo == "" && git == nil {
 		return nil, fmt.Errorf("repo, localPath and git are missing")
 	}
 
@@ -121,7 +121,7 @@ func (c *Chart) IsRegistryChart() bool {
 }
 
 func (c *Chart) IsRepositoryChart() bool {
-	return c.git != types.GitInfo{}
+	return c.git != nil
 }
 
 func (c *Chart) GetGitRef() (string, string, error) {
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index 7a38f536d..c8307d8db 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -87,10 +87,6 @@ func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
 			return true, false, "", nil
 		}
 		out, err := json.Marshal(gitInfo)
-		if err != nil {
-			return true, false, "", nil
-
-		}
 		if err != nil {
 			return true, false, "", err
 		}
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index a034c86b6..69e213322 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -13,7 +13,7 @@ import (
 
 type HelmChartConfig2 struct {
 	Repo              string        `json:"repo,omitempty"`
-	Git               types.GitInfo `json:"git,omitempty" validate:"required"`
+	Git               *types.GitInfo `json:"git,omitempty"`
 	Path              string        `json:"path,omitempty"`
 	CredentialsId     *string       `json:"credentialsId,omitempty"`
 	ChartName         string        `json:"chartName,omitempty"`
@@ -29,7 +29,7 @@ type HelmChartConfig2 struct {
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
 	c := sl.Current().Interface().(HelmChartConfig2)
-	if c.Repo == "" && c.Path == "" && c.Git == (types.GitInfo{}) {
+	if c.Repo == "" && c.Path == "" && c.Git == nil {
 		sl.ReportError("self", "repo", "repo", "either repo, path or git must be specified", "")
 	} else if c.Repo != "" && c.Path != "" {
 		sl.ReportError("self", "repo", "repo", "only one of repo and path can be specified", "")
@@ -100,7 +100,7 @@ func (c *HelmChartConfig2) IsHelmRegistryChart() bool {
 }
 
 func (c *HelmChartConfig2) IsGitRepositoryChart() bool {
-	return c.Git != (types.GitInfo{})
+	return c.Git != nil
 }
 
 func (c *HelmChartConfig2) GetGitRef() (string, string, error) {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index dc645d9b4..81db7ed56 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -482,7 +482,11 @@ func (in *HelmChartConfig) DeepCopy() *HelmChartConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HelmChartConfig2) DeepCopyInto(out *HelmChartConfig2) {
 	*out = *in
-	in.Git.DeepCopyInto(&out.Git)
+	if in.Git != nil {
+		in, out := &in.Git, &out.Git
+		*out = new(gittypes.GitInfo)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.CredentialsId != nil {
 		in, out := &in.CredentialsId, &out.CredentialsId
 		*out = new(string)

From 9f04e7dc2df6fecde40bc7aaf813b164b082754c Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 09:50:30 +0200
Subject: [PATCH 2160/2268] refactor(helm): rename to make clear that it's a
 git repository chart

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go   |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go |  2 +-
 pkg/helm/chart.go                      | 22 +++++++++++-----------
 pkg/helm/helm_release.go               |  3 ++-
 pkg/helm/pulled_chart.go               |  2 +-
 5 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index a79f57e05..2f59ace0d 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -122,7 +122,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 				if hr.Chart.IsRegistryChart() {
 					versionsToPull[hr.Config.ChartVersion] = true
 				}
-				if hr.Chart.IsRepositoryChart() {
+				if hr.Chart.IsGitRepositoryChart() {
 					ref, _, err := hr.Config.GetGitRef()
 					if err != nil {
 						return actions, err
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index e23cf3ade..b68321444 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -161,7 +161,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			if chart.IsRegistryChart() {
 				out = fmt.Sprintf("%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
 			}
-			if chart.IsRepositoryChart() {
+			if chart.IsGitRepositoryChart() {
 				ref, _, err := chart.GetGitRef()
 				if err != nil {
 					return err
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index e996d13e8..d88f9547f 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -84,7 +84,7 @@ func NewChart(repo string, localPath string, chartName string, git *types.GitInf
 			return nil, fmt.Errorf("invalid oci chart url: %s", repo)
 		}
 		hc.chartName = chartName
-	} else if hc.IsRepositoryChart() {
+	} else if hc.IsGitRepositoryChart() {
 		if chartName != "" {
 			return nil, fmt.Errorf("chartName can't be specified when using git repos")
 		}
@@ -120,7 +120,7 @@ func (c *Chart) IsRegistryChart() bool {
 	return c.repo != ""
 }
 
-func (c *Chart) IsRepositoryChart() bool {
+func (c *Chart) IsGitRepositoryChart() bool {
 	return c.git != nil
 }
 
@@ -203,7 +203,7 @@ func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version str
 	return dir, nil
 }
 
-func (c *Chart) BuildRepositoryPulledChartDir(baseDir string) (string, error) {
+func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error) {
 	scheme := c.git.Url.Scheme
 	port := c.git.Url.NormalizePort()
 	hostname := c.git.Url.Hostname()
@@ -220,7 +220,7 @@ func (c *Chart) BuildRepositoryPulledChartDir(baseDir string) (string, error) {
 }
 
 func (c *Chart) BuildVersionedRepositoryPulledChartDir(baseDir string, version string) (string, error) {
-	dir, err := c.BuildRepositoryPulledChartDir(baseDir)
+	dir, err := c.BuildGitRepositoryPulledChartDir(baseDir)
 	if err != nil {
 		return "", err
 	}
@@ -239,8 +239,8 @@ func (c *Chart) BuildPulledChartDir(baseDir string) (string, error) {
 		if err != nil {
 			return "", err
 		}
-	} else if c.IsRepositoryChart() {
-		dir, err = c.BuildRepositoryPulledChartDir(baseDir)
+	} else if c.IsGitRepositoryChart() {
+		dir, err = c.BuildGitRepositoryPulledChartDir(baseDir)
 		if err != nil {
 			return "", err
 		}
@@ -263,7 +263,7 @@ func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version string) (st
 		if err != nil {
 			return "", err
 		}
-	} else if c.IsRepositoryChart() {
+	} else if c.IsGitRepositoryChart() {
 		dir, err = c.BuildVersionedRepositoryPulledChartDir(baseDir, version)
 		if err != nil {
 			return "", err
@@ -393,7 +393,7 @@ func (c *Chart) PullFromRegistry(ctx context.Context, version string, tmpPullDir
 	return nil
 }
 
-func (c *Chart) PullFromRepository(ctx context.Context, chartDir string) error {
+func (c *Chart) PullFromGitRepository(ctx context.Context, chartDir string) error {
 	m, err := c.gitRp.GetEntry(c.git.Url.String())
 	if err != nil {
 		return err
@@ -449,8 +449,8 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 	}
 	if c.IsRegistryChart() {
 		err = c.PullFromRegistry(ctx, version, tmpPullDir, chartDir)
-	} else if c.IsRepositoryChart() {
-		err = c.PullFromRepository(ctx, chartDir)
+	} else if c.IsGitRepositoryChart() {
+		err = c.PullFromGitRepository(ctx, chartDir)
 	} else {
 		return nil, fmt.Errorf("unknown type of helm chart source")
 	}
@@ -580,7 +580,7 @@ func (c *Chart) QueryVersions(ctx context.Context) error {
 			return c.queryVersionsHelmRepo(ctx)
 		}
 	}
-	if c.IsRepositoryChart() {
+	if c.IsGitRepositoryChart() {
 		return c.queryVersionsGitRepo(ctx)
 	}
 	return fmt.Errorf("chart type is not supported! Please use a local, registry or repository chart.")
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 106a487d2..78ad994e8 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -145,10 +145,11 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 			return pc, nil
 		}
 	}
-	if hr.Chart.IsRepositoryChart() {
+	if hr.Chart.IsGitRepositoryChart() {
 		var pc *PulledChart
 		var err error
 		ref, _, err := hr.Config.GetGitRef()
+
 		if !hr.Config.SkipPrePull {
 			pc, err = hr.Chart.GetPrePulledChart(hr.baseChartsDir, ref)
 			if err != nil {
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index c8307d8db..b809a778b 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -67,7 +67,7 @@ func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
 		}
 	}
 
-	if pc.chart.IsRepositoryChart() {
+	if pc.chart.IsGitRepositoryChart() {
 		// Update git cache and check if git-info differs
 		// If something is missing, re-pull
 		m, err := pc.chart.gitRp.GetEntry(pc.chart.git.Url.String())

From fe3f622aa7317f0aba8688b05119f97d876dc466 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 09:56:14 +0200
Subject: [PATCH 2161/2268] refactor(helm): change to private functions

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index d88f9547f..44fc259ae 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -319,7 +319,7 @@ func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings
 	return registryClient, cleanup, nil
 }
 
-func (c *Chart) PullFromRegistry(ctx context.Context, version string, tmpPullDir string, chartDir string) error {
+func (c *Chart) pullFromRegistry(ctx context.Context, version string, tmpPullDir string, chartDir string) error {
 	u, err := url.Parse(c.repo)
 	if err != nil {
 		return err
@@ -393,7 +393,7 @@ func (c *Chart) PullFromRegistry(ctx context.Context, version string, tmpPullDir
 	return nil
 }
 
-func (c *Chart) PullFromGitRepository(ctx context.Context, chartDir string) error {
+func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) error {
 	m, err := c.gitRp.GetEntry(c.git.Url.String())
 	if err != nil {
 		return err
@@ -448,9 +448,9 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 		return nil, err
 	}
 	if c.IsRegistryChart() {
-		err = c.PullFromRegistry(ctx, version, tmpPullDir, chartDir)
+		err = c.pullFromRegistry(ctx, version, tmpPullDir, chartDir)
 	} else if c.IsGitRepositoryChart() {
-		err = c.PullFromGitRepository(ctx, chartDir)
+		err = c.pullFromGitRepository(ctx, chartDir)
 	} else {
 		return nil, fmt.Errorf("unknown type of helm chart source")
 	}

From 32ae1a445b409df191fdc0720f89806cdb8d2e14 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 11:36:29 +0200
Subject: [PATCH 2162/2268] feat(helm): add subdir as part of the folder
 structure when pulled from git repositories

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 44fc259ae..5b1555f28 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -208,6 +208,7 @@ func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error)
 	port := c.git.Url.NormalizePort()
 	hostname := c.git.Url.Hostname()
 	path := c.git.Url.Path
+	subDir := c.git.SubDir
 	if port != "" {
 		scheme += "_" + port
 	}
@@ -215,6 +216,7 @@ func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error)
 		baseDir,
 		fmt.Sprintf("%s_%s", scheme, strings.ToLower(hostname)),
 		filepath.FromSlash(strings.ToLower(path)),
+		filepath.FromSlash(strings.ToLower(subDir)),
 	)
 	return dir, nil
 }

From 4f2ed17f44a38faa035ab3cf7bbee03a290b0a74 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 11:42:10 +0200
Subject: [PATCH 2163/2268] fix(helm): if subDir is available use this for the
 chart name instead of the Url

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 5b1555f28..2fd46801c 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -88,8 +88,12 @@ func NewChart(repo string, localPath string, chartName string, git *types.GitInf
 		if chartName != "" {
 			return nil, fmt.Errorf("chartName can't be specified when using git repos")
 		}
+		// Use the subDir if possible otherwise use the URL
 		s := strings.Split(hc.git.Url.String(), "/")
-		chartName := strings.Join(s[len(s)-2:len(s)], "-")
+		if hc.git.SubDir != "" {
+		 s = strings.Split(hc.git.SubDir, "/")
+		}
+		chartName := strings.Join(s[len(s)-1:len(s)], "-")
 		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
 			return nil, fmt.Errorf("invalid git url: %s", hc.git.Url.String())
 		}

From e9790d16f92aeb9eb57dc22123b354e0dab1d5ad Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 11:54:48 +0200
Subject: [PATCH 2164/2268] refactor(helm): rename to pathPrefix to prevent
 misconceptions

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 2fd46801c..ef82763fd 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -163,19 +163,19 @@ func (c *Chart) BuildRegistryPulledChartDir(baseDir string) (string, error) {
 		return "", err
 	}
 
-	scheme := ""
+	pathPrefix := ""
 	port := ""
 	switch {
 	case u.Scheme == "oci":
-		scheme = "oci"
+		pathPrefix = "oci"
 		port = u.Port()
 	case u.Scheme == "http":
-		scheme = "http"
+		pathPrefix = "http"
 		if u.Port() != "80" {
 			port = u.Port()
 		}
 	case u.Scheme == "https":
-		scheme = "https"
+		pathPrefix = "https"
 		if u.Port() != "443" {
 			port = u.Port()
 		}
@@ -183,11 +183,11 @@ func (c *Chart) BuildRegistryPulledChartDir(baseDir string) (string, error) {
 		return "", fmt.Errorf("unsupported scheme in %s", u.String())
 	}
 	if port != "" {
-		scheme += "_" + port
+		pathPrefix += "_" + port
 	}
 	dir := filepath.Join(
 		baseDir,
-		fmt.Sprintf("%s_%s", scheme, strings.ToLower(u.Hostname())),
+		fmt.Sprintf("%s_%s", pathPrefix, strings.ToLower(u.Hostname())),
 		filepath.FromSlash(strings.ToLower(u.Path)),
 	)
 	if u.Scheme != "oci" {
@@ -208,17 +208,17 @@ func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version str
 }
 
 func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error) {
-	scheme := c.git.Url.Scheme
+	pathPrefix := c.git.Url.Scheme
 	port := c.git.Url.NormalizePort()
 	hostname := c.git.Url.Hostname()
 	path := c.git.Url.Path
 	subDir := c.git.SubDir
 	if port != "" {
-		scheme += "_" + port
+		pathPrefix += "_" + port
 	}
 	dir := filepath.Join(
 		baseDir,
-		fmt.Sprintf("%s_%s", scheme, strings.ToLower(hostname)),
+		fmt.Sprintf("%s_%s", pathPrefix, strings.ToLower(hostname)),
 		filepath.FromSlash(strings.ToLower(path)),
 		filepath.FromSlash(strings.ToLower(subDir)),
 	)

From 42cc05bbfa4f0bdd3c98ce1c7e1b49fcd6ac4060 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 13:10:52 +0200
Subject: [PATCH 2165/2268] perf(helm): remove update where it's not necessary

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go        | 2 --
 pkg/helm/pulled_chart.go | 4 ----
 2 files changed, 6 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index ef82763fd..5225f005b 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -404,7 +404,6 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 	if err != nil {
 		return err
 	}
-	err = m.Update()
 	if err != nil {
 		return err
 	}
@@ -636,7 +635,6 @@ func (c *Chart) queryVersionsGitRepo(ctx context.Context) error {
 			if err != nil {
 				return err
 			}
-			m.Update()
 			refs := m.GetRepoInfo().RemoteRefs
 			var semanticTags []string
 			for ref, _ := range refs {
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index b809a778b..1869f7a1f 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -74,10 +74,6 @@ func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
 		if err != nil {
 			return true, false, "", err
 		}
-		err = m.Update()
-		if err != nil {
-			return true, false, "", err
-		}
 		_, gitInfo, err := m.GetClonedDir(pc.chart.git.Ref)
 		if err != nil {
 			return true, false, "", err

From f454881df68f4015a4c0b66a8aa7084f51fe1e25 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 13:16:01 +0200
Subject: [PATCH 2166/2268] fix(helm): copy files instead of moving them

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 5225f005b..c0a0524f1 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -411,17 +411,7 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 	if err != nil {
 		return err
 	}
-	des, err := os.ReadDir(filepath.Join(cd, c.git.SubDir))
-	if err != nil {
-		return err
-	}
-
-	for _, de := range des {
-		err = os.Rename(filepath.Join(cd, c.git.SubDir, de.Name()), filepath.Join(chartDir, de.Name()))
-		if err != nil {
-			return err
-		}
-	}
+    err = cp.Copy(filepath.Join(cd, c.git.SubDir), chartDir)
 	if err != nil {
 		return err
 	}

From 8fd4ff2749f6c27bd6dc1ee7d3124ef3a0f1b990 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 13:31:48 +0200
Subject: [PATCH 2167/2268] fix(helm): write yaml file instead of json

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/chart.go        | 7 +------
 pkg/helm/pulled_chart.go | 5 ++---
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index c0a0524f1..119d60b8b 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -2,7 +2,6 @@ package helm
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/url"
 	"os"
@@ -416,11 +415,7 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 		return err
 	}
 
-	out, err := json.Marshal(gitInfo)
-	if err != nil {
-		return err
-	}
-	err = os.WriteFile(filepath.Join(chartDir, ".git-info"), out, 0o755)
+	err = yaml.WriteYamlFile(filepath.Join(chartDir, ".git-info.yaml"), gitInfo)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index 1869f7a1f..b887f7e58 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -2,7 +2,6 @@ package helm
 
 import (
 	"bytes"
-	"encoding/json"
 	"os"
 	"path/filepath"
 	"time"
@@ -78,11 +77,11 @@ func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
 		if err != nil {
 			return true, false, "", err
 		}
-		gif, err := os.ReadFile(filepath.Join(pc.dir, ".git-info"))
+		gif, err := os.ReadFile(filepath.Join(pc.dir, ".git-info.yaml"))
 		if err != nil {
 			return true, false, "", nil
 		}
-		out, err := json.Marshal(gitInfo)
+		out, err := yaml.WriteYamlBytes(gitInfo)
 		if err != nil {
 			return true, false, "", err
 		}

From 9c6f860657bd583869af3c34f6b7be33b915f08a Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 13:33:26 +0200
Subject: [PATCH 2168/2268] fix(helm): check for error

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 pkg/helm/helm_release.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 78ad994e8..21929b23f 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -149,7 +149,9 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 		var pc *PulledChart
 		var err error
 		ref, _, err := hr.Config.GetGitRef()
-
+		if err != nil {
+			return nil, err
+		}
 		if !hr.Config.SkipPrePull {
 			pc, err = hr.Chart.GetPrePulledChart(hr.baseChartsDir, ref)
 			if err != nil {

From 0023b9bf24e2099ec0effbedfa59b5c6dd3a203e Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 13:37:08 +0200
Subject: [PATCH 2169/2268] refactor(commands): use GetAbstractVersion to
 simplify code

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_update.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index b68321444..3a1c784d6 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -144,16 +144,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			if hr.Chart != chart {
 				continue
 			}
-			if hr.Config.IsRegistryChart() {
-				versionsToPull[hr.Config.ChartVersion] = true
-			}
-			if hr.Config.IsGitRepositoryChart() {
-				ref, _, err := hr.Config.GetGitRef()
+				version, err := hr.Config.GetAbstractVersion()
 				if err != nil {
 					return err
 				}
-				versionsToPull[ref] = true
-			}
+				versionsToPull[version] = true
 		}
 
 		for version, _ := range versionsToPull {

From 3fb82f7cc45d48b8dd7e9b0691977f1e05549b11 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 14:50:00 +0200
Subject: [PATCH 2170/2268] refactor(helm): move helper functions from type to
 chart and release

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 cmd/kluctl/commands/cmd_helm_pull.go   |  2 +-
 cmd/kluctl/commands/cmd_helm_update.go |  4 +-
 pkg/helm/chart.go                      | 43 ++++++++++++---
 pkg/helm/helm_release.go               | 46 ++++++++++++++--
 pkg/types/helm_chart.go                | 72 --------------------------
 5 files changed, 80 insertions(+), 87 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 2f59ace0d..c1df57d6c 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -123,7 +123,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 					versionsToPull[hr.Config.ChartVersion] = true
 				}
 				if hr.Chart.IsGitRepositoryChart() {
-					ref, _, err := hr.Config.GetGitRef()
+					ref, _, err := hr.Chart.GetGitRef()
 					if err != nil {
 						return actions, err
 					}
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 3a1c784d6..cdef4b0b6 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -144,7 +144,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			if hr.Chart != chart {
 				continue
 			}
-				version, err := hr.Config.GetAbstractVersion()
+				version, err := hr.GetAbstractVersion()
 				if err != nil {
 					return err
 				}
@@ -198,7 +198,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		currentVersion, err := hr.Config.GetAbstractVersion()
+		currentVersion, err := hr.GetAbstractVersion()
 		if err != nil {
 			return err
 		}
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 119d60b8b..c7eb5f480 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -106,21 +106,40 @@ func NewChart(repo string, localPath string, chartName string, git *types.GitInf
 
 	return hc, nil
 }
+func (c *Chart) IsLocalChart() bool {
+	return c.localPath != ""
+}
+func (c *Chart) ErrWhenLocalPathInvalid() error {
+	if filepath.IsAbs(c.localPath) {
+		return fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
+	}
+	return nil
+}
 
-func (c *Chart) GetRepo() string {
-	return c.repo
+func (c *Chart) GetAbsoluteLocalPath(projectRoot string, relDirInProject string) (string, error) {
+	localPath := ""
+	localPath = filepath.Join(projectRoot, relDirInProject, c.localPath)
+	localPath, err := filepath.Abs(localPath)
+	if err != nil {
+		return "", err
+	}
+	err = utils.CheckInDir(projectRoot, localPath)
+	if err != nil {
+		return "", err
+	}
+	return localPath, nil
 }
 
-func (c *Chart) GetLocalPath() string {
-	return c.localPath
+func (c *Chart) IsRegistryChart() bool {
+	return c.IsOciRegistryChart() || c.IsHelmRegistryChart()
 }
 
-func (c *Chart) IsLocalChart() bool {
-	return c.localPath != ""
+func (c *Chart) IsOciRegistryChart() bool {
+	return c.repo != "" && registry.IsOCI(c.repo)
 }
 
-func (c *Chart) IsRegistryChart() bool {
-	return c.repo != ""
+func (c *Chart) IsHelmRegistryChart() bool {
+	return c.repo != "" && !registry.IsOCI(c.repo)
 }
 
 func (c *Chart) IsGitRepositoryChart() bool {
@@ -141,6 +160,14 @@ func (c *Chart) GetGitRef() (string, string, error) {
 	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
 }
 
+func (c *Chart) GetRepo() string {
+	return c.repo
+}
+
+func (c *Chart) GetLocalPath() string {
+	return c.localPath
+}
+
 func (c *Chart) GetLocalChartVersion() (string, error) {
 	chartYaml, err := uo.FromFile(yaml.FixPathExt(filepath.Join(c.localPath, "Chart.yaml")))
 	if err != nil {
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index 21929b23f..b7bc72133 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -48,12 +48,12 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 		return nil, err
 	}
 
-	if config.IsLocalChart() {
-		err := config.ErrWhenLocalPathInvalid()
+	if isLocalChart(config) {
+		err := errWhenLocalPathInvalid(config)
 		if err != nil {
 			return nil, err
 		}
-		localPath, err = config.GetAbsoluteLocalPath(projectRoot, relDirInProject)
+		localPath, err = getAbsoluteLocalPath(projectRoot, relDirInProject, config)
 		if err != nil {
 			return nil, err
 		}
@@ -79,6 +79,20 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 	return hr, nil
 }
 
+func (hr *Release) GetAbstractVersion() (string, error) {
+	if hr.Chart.IsRegistryChart() {
+		return hr.Config.ChartVersion, nil
+	}
+	if hr.Chart.IsGitRepositoryChart() {
+		ref, _, err := hr.Chart.GetGitRef()
+		if err != nil {
+			return "", err
+		}
+		return ref, nil
+	}
+	return "", fmt.Errorf("neither chart version nor tag, commit or branch are defined")
+}
+
 func (hr *Release) GetOutputPath() string {
 	output := "helm-rendered.yaml"
 	if hr.Config.Output != nil {
@@ -148,7 +162,7 @@ func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 	if hr.Chart.IsGitRepositoryChart() {
 		var pc *PulledChart
 		var err error
-		ref, _, err := hr.Config.GetGitRef()
+		ref, _, err := hr.Chart.GetGitRef()
 		if err != nil {
 			return nil, err
 		}
@@ -393,3 +407,27 @@ func isTestHook(h *release.Hook) bool {
 	}
 	return false
 }
+
+func isLocalChart(config types.HelmChartConfig) bool {
+	return config.Path != ""
+}
+func errWhenLocalPathInvalid(config types.HelmChartConfig) error {
+	if filepath.IsAbs(config.Path) {
+		return fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
+	}
+	return nil
+}
+
+func getAbsoluteLocalPath(projectRoot string, relDirInProject string, config types.HelmChartConfig) (string, error) {
+	localPath := ""
+	localPath = filepath.Join(projectRoot, relDirInProject, config.Path)
+	localPath, err := filepath.Abs(localPath)
+	if err != nil {
+		return "", err
+	}
+	err = utils.CheckInDir(projectRoot, localPath)
+	if err != nil {
+		return "", err
+	}
+	return localPath, nil
+}
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index 69e213322..bc4a1052c 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -1,13 +1,9 @@
 package types
 
 import (
-	"fmt"
-	"path/filepath"
-
 	"github.com/go-playground/validator/v10"
 	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
-	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
@@ -63,74 +59,6 @@ type HelmChartConfig struct {
 	HelmChartConfig2 `json:"helmChart" validate:"required"`
 }
 
-func (c *HelmChartConfig2) IsLocalChart() bool {
-	return c.Path != ""
-}
-func (c *HelmChartConfig2) ErrWhenLocalPathInvalid() error {
-	if filepath.IsAbs(c.Path) {
-		return fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
-	}
-	return nil
-}
-
-func (c *HelmChartConfig2) GetAbsoluteLocalPath(projectRoot string, relDirInProject string) (string, error) {
-	localPath := ""
-	localPath = filepath.Join(projectRoot, relDirInProject, c.Path)
-	localPath, err := filepath.Abs(localPath)
-	if err != nil {
-		return "", err
-	}
-	err = utils.CheckInDir(projectRoot, localPath)
-	if err != nil {
-		return "", err
-	}
-	return localPath, nil
-}
-
-func (c *HelmChartConfig2) IsRegistryChart() bool {
-	return c.IsOciRegistryChart() || c.IsHelmRegistryChart()
-}
-
-func (c *HelmChartConfig2) IsOciRegistryChart() bool {
-	return c.Repo != "" && registry.IsOCI(c.Repo)
-}
-
-func (c *HelmChartConfig2) IsHelmRegistryChart() bool {
-	return c.Repo != "" && !registry.IsOCI(c.Repo)
-}
-
-func (c *HelmChartConfig2) IsGitRepositoryChart() bool {
-	return c.Git != nil
-}
-
-func (c *HelmChartConfig2) GetGitRef() (string, string, error) {
-	if c.Git.Ref.Branch != "" {
-		return c.Git.Ref.Branch, "branch", nil
-	}
-	if c.Git.Ref.Tag != "" {
-		return c.Git.Ref.Tag, "tag", nil
-	}
-
-	if c.Git.Ref.Commit != "" {
-		return c.Git.Ref.Commit, "commit", nil
-	}
-	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
-}
-
-func (c *HelmChartConfig2) GetAbstractVersion() (string, error) {
-	if c.IsRegistryChart() {
-		return c.ChartVersion, nil
-	}
-	if c.IsGitRepositoryChart() {
-		ref, _, err := c.GetGitRef()
-		if err != nil {
-			return "", err
-		}
-		return ref, nil
-	}
-	return "", fmt.Errorf("neither chart version nor tag, commit or branch are defined")
-}
-
 func init() {
 	yaml.Validator.RegisterStructValidation(ValidateHelmChartConfig2, HelmChartConfig2{})
 }

From 865cbb8a4feec5595200678890a8f81d14fdbe31 Mon Sep 17 00:00:00 2001
From: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
Date: Fri, 16 Aug 2024 14:55:44 +0200
Subject: [PATCH 2171/2268] docs(helm): add explanation when this is helpful

Signed-off-by: Aljoscha Poertner <aljoscha.poertner@hellmann.com>
---
 docs/kluctl/deployments/helm.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/kluctl/deployments/helm.md b/docs/kluctl/deployments/helm.md
index 794878f24..3b190002e 100644
--- a/docs/kluctl/deployments/helm.md
+++ b/docs/kluctl/deployments/helm.md
@@ -112,7 +112,9 @@ The name of the chart that can be found in the repository.
 The version of the chart. Must be a valid semantic version.
 
 ### git
-Instead of using `repo` for OCI/Helm registries or `path` for local charts, you can also pull Charts from Git repositories. You have to set the `url` as well as the `branch`, `tag` or `commit`. If the chart itself is in a sub directory, you can also specify a `subDir`:
+Instead of using `repo` for OCI/Helm registries or `path` for local charts, you can also pull Charts from Git repositories.
+This is helpful in cases where you don't want to publish a chart to a registry or as page, e.g. because of the overhead or other internal restrictions.
+You have to set the `url` as well as the `branch`, `tag` or `commit`. If the chart itself is in a sub directory, you can also specify a `subDir`:
 
 ```yaml
 helmChart:

From 96e6197bbaf6ec862eab62993ab483386be975bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 10:11:55 +0200
Subject: [PATCH 2172/2268] chore(deps): Bump the azure-sdk group across 1
 directory with 2 updates (#1155)

Bumps the azure-sdk group with 1 update in the / directory: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.12.0 to 1.14.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.12.0...sdk/azcore/v1.14.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.6.0...sdk/azcore/v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 42a9bfee4..67cd2a3a1 100644
--- a/go.mod
+++ b/go.mod
@@ -7,8 +7,8 @@ replace github.com/kluctl/kluctl/lib => ./lib
 require (
 	cloud.google.com/go/secretmanager v1.13.1
 	filippo.io/age v1.2.0
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
@@ -104,7 +104,7 @@ require (
 	cloud.google.com/go/longrunning v0.5.7 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
diff --git a/go.sum b/go.sum
index abf229888..be293f9c9 100644
--- a/go.sum
+++ b/go.sum
@@ -25,12 +25,12 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=

From 8fead1117ed1ae82c3a1b957766697839e88bcf6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 10:12:21 +0200
Subject: [PATCH 2173/2268] chore(deps): Bump chainguard/wolfi-base from
 `3eff851` to `3490ac4` (#1158)

Bumps chainguard/wolfi-base from `3eff851` to `3490ac4`.

---
updated-dependencies:
- dependency-name: chainguard/wolfi-base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1f389f5ac..7504e1ded 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # We must use a glibc based distro due to embedded python not supporting musl libc for aarch64 (only amd64+musl is supported)
 # see https://github.com/indygreg/python-build-standalone/issues/87
 # use `docker buildx imagetools inspect cgr.dev/chainguard/wolfi-base:latest` to find latest sha256 of multiarch image
-FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@sha256:3eff851ab805966c768d2a8107545a96218426cee1e5cc805865505edbe6ce92
+FROM --platform=$TARGETPLATFORM cgr.dev/chainguard/wolfi-base@sha256:3490ac41510e17846b30c9ebfc4a323dfdecbd9a35e7b0e4e745a8f496a18f25
 
 # See https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 ARG TARGETPLATFORM

From 11497987a6e85de2c82ceb556376a5752539542d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 10:12:36 +0200
Subject: [PATCH 2174/2268] chore(deps): Bump cloud.google.com/go/secretmanager
 (#1177)

Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.13.1 to 1.14.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/asset/v1.13.1...dlp/v1.14.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  60 ++++++++++++++---------------
 go.sum | 120 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 90 insertions(+), 90 deletions(-)

diff --git a/go.mod b/go.mod
index 67cd2a3a1..10e4a7818 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.22.0
 replace github.com/kluctl/kluctl/lib => ./lib
 
 require (
-	cloud.google.com/go/secretmanager v1.13.1
+	cloud.google.com/go/secretmanager v1.14.1
 	filippo.io/age v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
@@ -38,7 +38,7 @@ require (
 	github.com/google/go-containerregistry v0.19.2
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.12.5
+	github.com/googleapis/gax-go/v2 v2.13.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/hexops/gotextdiff v1.0.3
@@ -69,15 +69,15 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/net v0.27.0
-	golang.org/x/oauth2 v0.21.0
-	golang.org/x/sync v0.7.0
-	golang.org/x/sys v0.22.0
-	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4
-	google.golang.org/grpc v1.64.0
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/net v0.28.0
+	golang.org/x/oauth2 v0.22.0
+	golang.org/x/sync v0.8.0
+	golang.org/x/sys v0.24.0
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1
+	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
 	helm.sh/helm/v3 v3.15.2
 	k8s.io/api v0.30.2
@@ -95,13 +95,13 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.115.0 // indirect
-	cloud.google.com/go/auth v0.5.1 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
-	cloud.google.com/go/iam v1.1.8 // indirect
-	cloud.google.com/go/kms v1.17.1 // indirect
-	cloud.google.com/go/longrunning v0.5.7 // indirect
+	cloud.google.com/go v0.115.1 // indirect
+	cloud.google.com/go/auth v0.9.3 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cloud.google.com/go/iam v1.2.0 // indirect
+	cloud.google.com/go/kms v1.19.0 // indirect
+	cloud.google.com/go/longrunning v0.6.0 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
@@ -185,9 +185,9 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
@@ -275,9 +275,9 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
-	go.opentelemetry.io/otel v1.27.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
@@ -286,22 +286,22 @@ require (
 	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.27.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/trace v1.27.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
-	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.184.0 // indirect
+	google.golang.org/api v0.196.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index be293f9c9..b59d4dd81 100644
--- a/go.sum
+++ b/go.sum
@@ -1,22 +1,22 @@
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14=
-cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU=
-cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw=
-cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s=
-cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
-cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
-cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
-cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
-cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=
-cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE=
-cloud.google.com/go/kms v1.17.1 h1:5k0wXqkxL+YcXd4viQzTqCgzzVKKxzgrK+rCZJytEQs=
-cloud.google.com/go/kms v1.17.1/go.mod h1:DCMnCF/apA6fZk5Cj4XsD979OyHAqFasPuA5Sd0kGlQ=
-cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=
-cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng=
-cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4=
-cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4=
+cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ=
+cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc=
+cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U=
+cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk=
+cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
+cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
+cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
+cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
+cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8=
+cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q=
+cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU=
+cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM=
+cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI=
+cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts=
+cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM=
+cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
@@ -344,18 +344,18 @@ github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
-github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
-github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
+github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
-github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
+github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0=
+github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
+github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
+github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
@@ -674,12 +674,12 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0=
-go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
-go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
@@ -696,14 +696,14 @@ go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgY
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
-go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
-go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
-go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI=
-go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo=
+go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok=
 go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
 go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
-go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
-go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
 go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
@@ -726,8 +726,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
@@ -758,11 +758,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -771,8 +771,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -795,15 +795,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -813,10 +813,10 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -835,8 +835,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg=
-google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA=
+google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg=
+google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -845,19 +845,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU=
-google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU=
+google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4=
+google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
+google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 026d578f6b9988fde7da4515fb5b41802343bb07 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 10:13:02 +0200
Subject: [PATCH 2175/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.22.0 to 1.24.1 (#1178)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.22.0 to 1.24.1.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.22.0...v1.24.1)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 10e4a7818..8ae5a856c 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/ohler55/ojg v1.22.0
+	github.com/ohler55/ojg v1.24.1
 	github.com/onsi/gomega v1.33.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
diff --git a/go.sum b/go.sum
index b59d4dd81..9ea0b6dc8 100644
--- a/go.sum
+++ b/go.sum
@@ -518,8 +518,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.22.0 h1:McZObj3cD/Zz/ojzk5Pi5VvgQcagxmT1bVKNzhE5ihI=
-github.com/ohler55/ojg v1.22.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
+github.com/ohler55/ojg v1.24.1 h1:PaVLelrNgT5/0ppPaUtey54tOVp245z33fkhL2jljjY=
+github.com/ohler55/ojg v1.24.1/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
 github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=

From c0a430a662e68177bc49a640c6e7252a22cf9f24 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 10:13:10 +0200
Subject: [PATCH 2176/2268] docs: Fix git+ssh url examples (#1182)

---
 docs/kluctl/deployments/deployment-yml.md | 8 ++++----
 docs/kluctl/kluctl-libraries/README.md    | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/kluctl/deployments/deployment-yml.md b/docs/kluctl/deployments/deployment-yml.md
index dd0365144..a7459655a 100644
--- a/docs/kluctl/deployments/deployment-yml.md
+++ b/docs/kluctl/deployments/deployment-yml.md
@@ -21,7 +21,7 @@ deployments:
 - path: my-app
 - include: monitoring
 - git:
-    url: git@github.com/example/example.git
+    url: git@github.com:example/example.git
 - oci:
     url: oci://ghcr.io/kluctl/kluctl-examples/simple
 
@@ -96,17 +96,17 @@ For library projects, [args](#args) is the preferred way to pass configuration.
 Simple example:
 ```yaml
 deployments:
-- git: git@github.com/example/example.git
+- git: git@github.com:example/example.git
 ```
 
-This will clone the git repository at `git@github.com/example/example.git`, checkout the default branch and include it
+This will clone the git repository at `git@github.com:example/example.git`, checkout the default branch and include it
 into the current project.
 
 Advanced Example:
 ```yaml
 deployments:
 - git:
-    url: git@github.com/example/example.git
+    url: git@github.com:example/example.git
     ref:
       branch: my-branch
     subDir: some/sub/dir
diff --git a/docs/kluctl/kluctl-libraries/README.md b/docs/kluctl/kluctl-libraries/README.md
index 015e15d89..9d2b79f5a 100644
--- a/docs/kluctl/kluctl-libraries/README.md
+++ b/docs/kluctl/kluctl-libraries/README.md
@@ -28,7 +28,7 @@ Consider the following root `deployment.yaml` inside your root project:
 ```yaml
 deployments:
   - git:
-      url: git@github.com/example/example-library.git
+      url: git@github.com:example/example-library.git
     args:
       arg1: value1
 ```

From d28eff2ae00ef7f60d031c2a178c26af770c02b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 10:13:26 +0200
Subject: [PATCH 2177/2268] chore(deps): Bump github.com/docker/cli (#1184)

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 26.1.4+incompatible to 27.3.1+incompatible.
- [Commits](https://github.com/docker/cli/compare/v26.1.4...v27.3.1)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 3 ++-
 go.sum | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8ae5a856c..c23fb3d52 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.5
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-alpha.1
-	github.com/docker/cli v26.1.4+incompatible
+	github.com/docker/cli v27.3.1+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.8.1
@@ -176,6 +176,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.2.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
diff --git a/go.sum b/go.sum
index 9ea0b6dc8..aa9b4db8a 100644
--- a/go.sum
+++ b/go.sum
@@ -187,8 +187,8 @@ github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiU
 github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
-github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ=
+github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v27.0.0+incompatible h1:JRugTYuelmWlW0M3jakcIadDx2HUoUO6+Tf2C5jVfwA=
@@ -292,6 +292,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-viper/mapstructure/v2 v2.2.0 h1:zGE1Kaz78LVwzU0kOfZuqwKKiG1gLkHTZ/cZioHp9po=
+github.com/go-viper/mapstructure/v2 v2.2.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=

From e262959bd0906cfbc73ca282f01798f82ac0fc2a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 07:49:06 +0200
Subject: [PATCH 2178/2268] fix: Forbid more then one of repo/path/git

---
 pkg/types/helm_chart.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index bc4a1052c..c6ff04e9a 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -25,10 +25,20 @@ type HelmChartConfig2 struct {
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
 	c := sl.Current().Interface().(HelmChartConfig2)
-	if c.Repo == "" && c.Path == "" && c.Git == nil {
+	cnt := 0
+	if c.Repo != "" {
+		cnt++
+	}
+	if c.Path != "" {
+		cnt++
+	}
+	if c.Git != nil {
+		cnt++
+	}
+	if cnt == 0 {
 		sl.ReportError("self", "repo", "repo", "either repo, path or git must be specified", "")
-	} else if c.Repo != "" && c.Path != "" {
-		sl.ReportError("self", "repo", "repo", "only one of repo and path can be specified", "")
+	} else if cnt > 1 {
+		sl.ReportError("self", "repo", "repo", "only one of repo, path and git can be specified", "")
 	} else if c.Repo != "" {
 		if c.ChartVersion == "" {
 			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion must be specified when repo is specified", "")

From e349bf7ca61ba6bd194a7c0fabf2ffb65b0cb4f2 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 07:51:20 +0200
Subject: [PATCH 2179/2268] fix: Use GitProject instead of GitInfo

GitInfo is the result of gathering git infos while GitProject is
specified by the user.
---
 lib/git/types/git_info.go          |  1 +
 pkg/helm/chart.go                  | 10 +++++-----
 pkg/types/helm_chart.go            | 27 +++++++++++++--------------
 pkg/types/zz_generated.deepcopy.go |  2 +-
 pkg/webui/ui/src/models.ts         |  4 ++--
 5 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/lib/git/types/git_info.go b/lib/git/types/git_info.go
index 624dea028..af4d2a0ee 100644
--- a/lib/git/types/git_info.go
+++ b/lib/git/types/git_info.go
@@ -1,5 +1,6 @@
 package types
 
+// GitInfo represents the result of BuildGitInfo, which gathers all info from a local cloned git repository
 type GitInfo struct {
 	Url    *GitUrl `json:"url"`
 	Ref    *GitRef `json:"ref"`
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index c7eb5f480..d18a76be6 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -12,7 +13,6 @@ import (
 
 	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-containerregistry/pkg/crane"
-	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	helmauth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
@@ -33,7 +33,7 @@ type Chart struct {
 	repo             string
 	localPath        string
 	chartName        string
-	git              *types.GitInfo
+	git              *types2.GitProject
 	helmAuthProvider helmauth.HelmAuthProvider
 	ociAuthProvider  ociauth.OciAuthProvider
 	gitRp            *repocache.GitRepoCache
@@ -44,7 +44,7 @@ type Chart struct {
 	versions []string
 }
 
-func NewChart(repo string, localPath string, chartName string, git *types.GitInfo, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
+func NewChart(repo string, localPath string, chartName string, git *types2.GitProject, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
 	hc := &Chart{
 		repo:             repo,
 		git:              git,
@@ -90,7 +90,7 @@ func NewChart(repo string, localPath string, chartName string, git *types.GitInf
 		// Use the subDir if possible otherwise use the URL
 		s := strings.Split(hc.git.Url.String(), "/")
 		if hc.git.SubDir != "" {
-		 s = strings.Split(hc.git.SubDir, "/")
+			s = strings.Split(hc.git.SubDir, "/")
 		}
 		chartName := strings.Join(s[len(s)-1:len(s)], "-")
 		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
@@ -437,7 +437,7 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 	if err != nil {
 		return err
 	}
-    err = cp.Copy(filepath.Join(cd, c.git.SubDir), chartDir)
+	err = cp.Copy(filepath.Join(cd, c.git.SubDir), chartDir)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index c6ff04e9a..da856ccfd 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -2,25 +2,24 @@ package types
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"helm.sh/helm/v3/pkg/registry"
 )
 
 type HelmChartConfig2 struct {
-	Repo              string        `json:"repo,omitempty"`
-	Git               *types.GitInfo `json:"git,omitempty"`
-	Path              string        `json:"path,omitempty"`
-	CredentialsId     *string       `json:"credentialsId,omitempty"`
-	ChartName         string        `json:"chartName,omitempty"`
-	ChartVersion      string        `json:"chartVersion,omitempty"`
-	UpdateConstraints *string       `json:"updateConstraints,omitempty"`
-	ReleaseName       string        `json:"releaseName" validate:"required"`
-	Namespace         *string       `json:"namespace,omitempty"`
-	Output            *string       `json:"output,omitempty"`
-	SkipCRDs          bool          `json:"skipCRDs,omitempty"`
-	SkipUpdate        bool          `json:"skipUpdate,omitempty"`
-	SkipPrePull       bool          `json:"skipPrePull,omitempty"`
+	Repo              string      `json:"repo,omitempty"`
+	Git               *GitProject `json:"git,omitempty"`
+	Path              string      `json:"path,omitempty"`
+	CredentialsId     *string     `json:"credentialsId,omitempty"`
+	ChartName         string      `json:"chartName,omitempty"`
+	ChartVersion      string      `json:"chartVersion,omitempty"`
+	UpdateConstraints *string     `json:"updateConstraints,omitempty"`
+	ReleaseName       string      `json:"releaseName" validate:"required"`
+	Namespace         *string     `json:"namespace,omitempty"`
+	Output            *string     `json:"output,omitempty"`
+	SkipCRDs          bool        `json:"skipCRDs,omitempty"`
+	SkipUpdate        bool        `json:"skipUpdate,omitempty"`
+	SkipPrePull       bool        `json:"skipPrePull,omitempty"`
 }
 
 func ValidateHelmChartConfig2(sl validator.StructLevel) {
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 81db7ed56..4a9fab3fd 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -484,7 +484,7 @@ func (in *HelmChartConfig2) DeepCopyInto(out *HelmChartConfig2) {
 	*out = *in
 	if in.Git != nil {
 		in, out := &in.Git, &out.Git
-		*out = new(gittypes.GitInfo)
+		*out = new(GitProject)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.CredentialsId != nil {
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index 9331cd2e6..f04ef6647 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -130,7 +130,7 @@ export class IgnoreForDiffItemConfig {
 }
 export class HelmChartConfig {
     repo?: string;
-    git?: GitInfo;
+    git?: GitProject;
     path?: string;
     credentialsId?: string;
     chartName?: string;
@@ -146,7 +146,7 @@ export class HelmChartConfig {
     constructor(source: any = {}) {
         if ('string' === typeof source) source = JSON.parse(source);
         this.repo = source["repo"];
-        this.git = this.convertValues(source["git"], GitInfo);
+        this.git = this.convertValues(source["git"], GitProject);
         this.path = source["path"];
         this.credentialsId = source["credentialsId"];
         this.chartName = source["chartName"];

From c868f01af3ff25b53eb3b6610b106b22e0fee9d9 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 08:09:21 +0200
Subject: [PATCH 2180/2268] fix: Use path.Base instead of string splitting to
 figure out chart name

---
 pkg/helm/chart.go | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index d18a76be6..17d5cabf3 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -6,6 +6,7 @@ import (
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"regexp"
 	"sort"
@@ -88,16 +89,17 @@ func NewChart(repo string, localPath string, chartName string, git *types2.GitPr
 			return nil, fmt.Errorf("chartName can't be specified when using git repos")
 		}
 		// Use the subDir if possible otherwise use the URL
-		s := strings.Split(hc.git.Url.String(), "/")
 		if hc.git.SubDir != "" {
-			s = strings.Split(hc.git.SubDir, "/")
-		}
-		chartName := strings.Join(s[len(s)-1:len(s)], "-")
-		if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, chartName); !m {
-			return nil, fmt.Errorf("invalid git url: %s", hc.git.Url.String())
+			hc.chartName = path.Base(hc.git.SubDir)
+			if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, hc.chartName); !m {
+				return nil, fmt.Errorf("invalid git subDir: %s", hc.git.SubDir)
+			}
+		} else {
+			hc.chartName = path.Base(hc.git.Url.Normalize().Path)
+			if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, hc.chartName); !m {
+				return nil, fmt.Errorf("invalid git url: %s", hc.git.Url.String())
+			}
 		}
-		hc.chartName = chartName
-
 	} else if chartName == "" {
 		return nil, fmt.Errorf("chartName is missing")
 	} else {
@@ -430,9 +432,6 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 	if err != nil {
 		return err
 	}
-	if err != nil {
-		return err
-	}
 	cd, gitInfo, err := m.GetClonedDir(c.git.Ref)
 	if err != nil {
 		return err

From 09945bc6d0d561eac1264d9ed0e60506421fdfa4 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 08:13:05 +0200
Subject: [PATCH 2181/2268] fix: Use normalized git url in
 BuildGitRepositoryPulledChartDir

---
 pkg/helm/chart.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 17d5cabf3..3fc7b9101 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -236,13 +236,13 @@ func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version str
 }
 
 func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error) {
-	pathPrefix := c.git.Url.Scheme
-	port := c.git.Url.NormalizePort()
-	hostname := c.git.Url.Hostname()
-	path := c.git.Url.Path
+	u := c.git.Url.Normalize()
+	pathPrefix := u.Scheme
+	hostname := u.Hostname()
+	path := u.Path
 	subDir := c.git.SubDir
-	if port != "" {
-		pathPrefix += "_" + port
+	if u.Port() != "" {
+		pathPrefix += "_" + u.Port()
 	}
 	dir := filepath.Join(
 		baseDir,

From 17a51c7c2e6c2d72bf2e02a53d2ef76c883ecadb Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 08:19:05 +0200
Subject: [PATCH 2182/2268] chore: Run gofmt

---
 cmd/kluctl/commands/cmd_helm_update.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index cdef4b0b6..94b0b5420 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -144,11 +144,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 			if hr.Chart != chart {
 				continue
 			}
-				version, err := hr.GetAbstractVersion()
-				if err != nil {
-					return err
-				}
-				versionsToPull[version] = true
+			version, err := hr.GetAbstractVersion()
+			if err != nil {
+				return err
+			}
+			versionsToPull[version] = true
 		}
 
 		for version, _ := range versionsToPull {

From af37af640d5b72ad79b1cfa597c1c52f3048478f Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 08:25:44 +0200
Subject: [PATCH 2183/2268] refactor: Remove unused functions

The localPath inside Chart is assumed to be absolute already
---
 pkg/helm/chart.go | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 3fc7b9101..9e5f150fe 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -111,26 +111,6 @@ func NewChart(repo string, localPath string, chartName string, git *types2.GitPr
 func (c *Chart) IsLocalChart() bool {
 	return c.localPath != ""
 }
-func (c *Chart) ErrWhenLocalPathInvalid() error {
-	if filepath.IsAbs(c.localPath) {
-		return fmt.Errorf("absolute path is not allowed in helm-chart.yaml")
-	}
-	return nil
-}
-
-func (c *Chart) GetAbsoluteLocalPath(projectRoot string, relDirInProject string) (string, error) {
-	localPath := ""
-	localPath = filepath.Join(projectRoot, relDirInProject, c.localPath)
-	localPath, err := filepath.Abs(localPath)
-	if err != nil {
-		return "", err
-	}
-	err = utils.CheckInDir(projectRoot, localPath)
-	if err != nil {
-		return "", err
-	}
-	return localPath, nil
-}
 
 func (c *Chart) IsRegistryChart() bool {
 	return c.IsOciRegistryChart() || c.IsHelmRegistryChart()

From 6d334be5b82e1d5d28b2495c08f0c0696d4eaa6a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 08:28:14 +0200
Subject: [PATCH 2184/2268] Fix indention in helm.md

---
 docs/kluctl/deployments/helm.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/kluctl/deployments/helm.md b/docs/kluctl/deployments/helm.md
index 3b190002e..c4d9c8f82 100644
--- a/docs/kluctl/deployments/helm.md
+++ b/docs/kluctl/deployments/helm.md
@@ -118,15 +118,15 @@ You have to set the `url` as well as the `branch`, `tag` or `commit`. If the cha
 
 ```yaml
 helmChart:
- git:
-  url: https://github.com/mycharts/salt
-  ref:
-   branch: main
-   #tag: v1.0.0 -- branch, tag and commit are mutually exclusive
-   #commit: 015244630b53eb69d77858e5587641b741e91706 -- branch, tag and commit are mutually exclusive
-  subDir: charts/path/to/chart
- releaseName: salt
- namespace: salt
+  git:
+    url: https://github.com/mycharts/salt
+    ref:
+      branch: main
+      #tag: v1.0.0 -- branch, tag and commit are mutually exclusive
+      #commit: 015244630b53eb69d77858e5587641b741e91706 -- branch, tag and commit are mutually exclusive
+    subDir: charts/path/to/chart
+  releaseName: salt
+  namespace: salt
 ```
 In order to be able to use the `helm-update` command, the branch or tag has to be semantic. If this is not the case, the update is skipped.
 

From 25b884dc668feebad01fb000fbcb656fed81dffc Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 10:33:16 +0200
Subject: [PATCH 2185/2268] tests: Introduce enum to differentiate helm repo
 type

---
 e2e/gitops_helm_test.go          |  21 ++---
 e2e/gitops_misc_test.go          |   5 +-
 e2e/gitops_oci_include_test.go   |   8 +-
 e2e/helm_test.go                 | 137 +++++++++++++++----------------
 e2e/oci_include_test.go          |  12 +--
 e2e/source_override_test.go      |   2 +-
 e2e/test-utils/helm_test_repo.go |  50 +++++++----
 7 files changed, 118 insertions(+), 117 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index 6b2b8433e..b52ad9e67 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
@@ -44,22 +45,22 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 		})
 	} else if tc.argCredsHost != "" {
 		host := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
-		if tc.oci {
+		if tc.helmType == test_utils.TestHelmRepo_Oci {
 			m := map[string]string{
 				"username": tc.argUsername,
 				"password": tc.argPassword,
 			}
-			if !repo.TLSEnabled {
+			if !repo.HttpServer.TLSEnabled {
 				m["plainHttp"] = "true"
 			}
 			if tc.argPassCA {
-				m["ca"] = string(repo.ServerCAs)
+				m["ca"] = string(repo.HttpServer.ServerCAs)
 			}
 			if tc.argPassClientCert {
-				m["cert"] = string(repo.ClientCert)
+				m["cert"] = string(repo.HttpServer.ClientCert)
 			}
 			if tc.argPassClientCert {
-				m["key"] = string(repo.ClientKey)
+				m["key"] = string(repo.HttpServer.ClientKey)
 			}
 			name := suite.createGitopsSecret(m)
 			projectCreds.Oci = append(projectCreds.Oci, kluctlv1.ProjectCredentialsOci{
@@ -67,19 +68,19 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 				Repository: tc.argCredsPath,
 				SecretRef:  kluctlv1.LocalObjectReference{Name: name},
 			})
-		} else {
+		} else if tc.helmType == test_utils.TestHelmRepo_Helm {
 			m := map[string]string{
 				"username": tc.argUsername,
 				"password": tc.argPassword,
 			}
 			if tc.argPassCA {
-				m["ca"] = string(repo.ServerCAs)
+				m["ca"] = string(repo.HttpServer.ServerCAs)
 			}
 			if tc.argPassClientCert {
-				m["cert"] = string(repo.ClientCert)
+				m["cert"] = string(repo.HttpServer.ClientCert)
 			}
 			if tc.argPassClientCert {
-				m["key"] = string(repo.ClientKey)
+				m["key"] = string(repo.HttpServer.ClientKey)
 			}
 			name := suite.createGitopsSecret(m)
 			projectCreds.Helm = append(projectCreds.Helm, kluctlv1.ProjectCredentialsHelm{
@@ -91,7 +92,7 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 	}
 
 	// add a fallback secret that enables plainHttp in case we have no matching creds
-	if tc.oci && !repo.TLSEnabled {
+	if tc.helmType == test_utils.TestHelmRepo_Oci && !repo.HttpServer.TLSEnabled {
 		m := map[string]string{
 			"plainHttp": "true",
 		}
diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
index dc190435c..eb83044b4 100644
--- a/e2e/gitops_misc_test.go
+++ b/e2e/gitops_misc_test.go
@@ -63,10 +63,7 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 		namespace: p.TestSlug(),
 	})
 
-	repo := &test_utils.TestHelmRepo{
-		TestHttpServer: test_utils.TestHttpServer{},
-		Oci:            true,
-	}
+	repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", "", "", false, false)
 	repo.Start(suite.T())
 
 	repoUrl := repo.URL.String() + "/org/repo"
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index 8b9183609..f74f8be6d 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -32,13 +32,7 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	ip3 := prepareIncludeProject(suite.T(), "include3", "", nil)
 
 	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
-		repo := &test_utils.TestHelmRepo{
-			TestHttpServer: test_utils.TestHttpServer{
-				Username: user,
-				Password: pass,
-			},
-			Oci: true,
-		}
+		repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", user, pass, false, false)
 		repo.Start(suite.T())
 		return repo
 	}
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index 4d2c9a841..de9e80f06 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -23,7 +23,7 @@ import (
 type helmTestCase struct {
 	path              string
 	name              string
-	oci               bool
+	helmType          test_utils.TestHelmRepoType
 	testAuth          bool
 	testTLS           bool
 	testTLSClientCert bool
@@ -44,7 +44,7 @@ type helmTestCase struct {
 
 var helmTests = []helmTestCase{
 	{name: "helm-no-creds"},
-	{name: "oci-no-creds", oci: true},
+	{name: "oci-no-creds", helmType: test_utils.TestHelmRepo_Oci},
 
 	// tls tests
 	{
@@ -75,19 +75,19 @@ var helmTests = []helmTestCase{
 	},
 
 	{
-		name: "oci-tls-missing-ca", oci: true, testTLS: true,
+		name: "oci-tls-missing-ca", helmType: test_utils.TestHelmRepo_Oci, testTLS: true,
 		argPassCA:            false,
 		argCredsHost:         "<host>",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "failed to verify certificate",
 	},
 	{
-		name: "oci-tls-valid-ca", oci: true, testTLS: true,
+		name: "oci-tls-valid-ca", helmType: test_utils.TestHelmRepo_Oci, testTLS: true,
 		argPassCA:    true,
 		argCredsHost: "<host>",
 	},
 	{
-		name: "oci-tls-missing-cert", oci: true, testTLS: true, testTLSClientCert: true,
+		name: "oci-tls-missing-cert", helmType: test_utils.TestHelmRepo_Oci, testTLS: true, testTLSClientCert: true,
 		argPassCA:            true,
 		argPassClientCert:    false,
 		argCredsHost:         "<host>",
@@ -95,7 +95,7 @@ var helmTests = []helmTestCase{
 		expectedPrepareError: "certificate required",
 	},
 	{
-		name: "oci-tls-valid-cert", oci: true, testTLS: true, testTLSClientCert: true,
+		name: "oci-tls-valid-cert", helmType: test_utils.TestHelmRepo_Oci, testTLS: true, testTLSClientCert: true,
 		argPassCA:         true,
 		argPassClientCert: true,
 		argCredsHost:      "<host>",
@@ -103,22 +103,22 @@ var helmTests = []helmTestCase{
 
 	// deprecated helm credentials flags
 	{
-		name: "dep-helm-creds-missing", oci: false, testAuth: true, credsId: "test-creds",
+		name: "dep-helm-creds-missing", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, credsId: "test-creds",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "dep-helm-creds-invalid", oci: false, testAuth: true, credsId: "test-creds",
+		name: "dep-helm-creds-invalid", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, credsId: "test-creds",
 		argCredsId: "test-creds", argUsername: "test-user", argPassword: "invalid",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "dep-helm-creds-valid", oci: false, testAuth: true, credsId: "test-creds",
+		name: "dep-helm-creds-valid", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, credsId: "test-creds",
 		argCredsId: "test-creds", argUsername: "test-user", argPassword: "secret-password",
 	},
 	{
-		name: "dep-oci-creds-fail", oci: true, testAuth: true, credsId: "test-creds",
+		name: "dep-oci-creds-fail", helmType: test_utils.TestHelmRepo_Oci, testAuth: true, credsId: "test-creds",
 		argCredsId: "test-creds", argUsername: "test-user", argPassword: "secret-password",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "OCI charts can currently only be authenticated via registry login and environment variables but not via cli arguments",
@@ -126,69 +126,69 @@ var helmTests = []helmTestCase{
 
 	// new helm credentials flags
 	{
-		name: "helm-creds-missing", oci: false, testAuth: true,
+		name: "helm-creds-missing", helmType: test_utils.TestHelmRepo_Helm, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "helm-creds-invalid", oci: false, testAuth: true,
+		name: "helm-creds-invalid", helmType: test_utils.TestHelmRepo_Helm, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "helm-creds-valid", oci: false, testAuth: true,
+		name: "helm-creds-valid", helmType: test_utils.TestHelmRepo_Helm, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "secret-password",
 	},
 	{
-		name: "helm-creds-missing-path", oci: false, testAuth: true, path: "path1",
+		name: "helm-creds-missing-path", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path2", argUsername: "test-user", argPassword: "secret-password",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "helm-creds-invalid-path", oci: false, testAuth: true, path: "path1",
+		name: "helm-creds-invalid-path", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "invalid",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "helm-creds-valid-path", oci: false, testAuth: true, path: "path1",
+		name: "helm-creds-valid-path", helmType: test_utils.TestHelmRepo_Helm, testAuth: true, path: "path1",
 		argCredsHost: "<host>", argCredsPath: "path1", argUsername: "test-user", argPassword: "secret-password",
 	},
 
 	// oci creds
 	{
-		name: "oci-creds-missing", oci: true, testAuth: true,
+		name: "oci-creds-missing", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "no basic auth credentials",
 	},
 	{
-		name: "oci-creds-invalid", oci: true, testAuth: true,
+		name: "oci-creds-invalid", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "oci-creds-valid", oci: true, testAuth: true,
+		name: "oci-creds-valid", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argUsername: "test-user", argPassword: "secret-password",
 	},
 	{
-		name: "oci-creds-missing-path", oci: true, testAuth: true,
+		name: "oci-creds-missing-path", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart2", argUsername: "test-user", argPassword: "secret-password",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "no basic auth credentials",
 	},
 	{
-		name: "oci-creds-invalid-path", oci: true, testAuth: true,
+		name: "oci-creds-invalid-path", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "invalid",
 		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
 		expectedPrepareError: "401 Unauthorized",
 	},
 	{
-		name: "oci-creds-valid-path", oci: true, testAuth: true,
+		name: "oci-creds-valid-path", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "secret-password",
 	},
 }
@@ -202,7 +202,7 @@ func newTmpFile(t *testing.T, b []byte) string {
 
 func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.TestHelmRepo) []string {
 	var ret []string
-	if tc.oci {
+	if tc.helmType == test_utils.TestHelmRepo_Oci {
 		if tc.argCredsHost != "" {
 			r := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
 			if tc.argCredsPath != "" {
@@ -214,11 +214,11 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 			} else {
 				ret = append(ret, fmt.Sprintf("--registry-creds=%s=%s:%s", r, tc.argUsername, tc.argPassword))
 			}
-			if !repo.TLSEnabled {
+			if !repo.HttpServer.TLSEnabled {
 				ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", r))
 			}
 		}
-		if !repo.TLSEnabled {
+		if !repo.HttpServer.TLSEnabled {
 			r := repo.URL.Host
 			if tc.argCredsPath != "" {
 				r += "/" + tc.argCredsPath
@@ -227,14 +227,14 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 		}
 		if tc.testTLS {
 			if tc.argPassCA {
-				ret = append(ret, fmt.Sprintf("--registry-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ServerCAs)))
+				ret = append(ret, fmt.Sprintf("--registry-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ServerCAs)))
 			}
 			if tc.argPassClientCert {
-				ret = append(ret, fmt.Sprintf("--registry-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientCert)))
-				ret = append(ret, fmt.Sprintf("--registry-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientKey)))
+				ret = append(ret, fmt.Sprintf("--registry-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ClientCert)))
+				ret = append(ret, fmt.Sprintf("--registry-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ClientKey)))
 			}
 		}
-	} else {
+	} else if tc.helmType == test_utils.TestHelmRepo_Helm {
 		if tc.argCredsId != "" {
 			ret = append(ret, fmt.Sprintf("--helm-username=%s:%s", tc.argCredsId, tc.argUsername))
 			ret = append(ret, fmt.Sprintf("--helm-password=%s:%s", tc.argCredsId, tc.argPassword))
@@ -252,16 +252,16 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 		}
 		if tc.testTLS {
 			if tc.argPassCA {
-				ret = append(ret, fmt.Sprintf("--helm-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ServerCAs)))
+				ret = append(ret, fmt.Sprintf("--helm-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ServerCAs)))
 			}
 			if tc.argPassClientCert {
-				ret = append(ret, fmt.Sprintf("--helm-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientCert)))
-				ret = append(ret, fmt.Sprintf("--helm-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.ClientKey)))
+				ret = append(ret, fmt.Sprintf("--helm-cert-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ClientCert)))
+				ret = append(ret, fmt.Sprintf("--helm-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ClientKey)))
 			}
 		}
 	}
 	// add a fallback that enables plain_http in case we have no matching creds
-	if tc.oci && !repo.TLSEnabled {
+	if tc.helmType == test_utils.TestHelmRepo_Oci && !repo.HttpServer.TLSEnabled {
 		ret = append(ret, fmt.Sprintf("--registry-plain-http=%s", repo.URL.Host))
 	}
 	return ret
@@ -276,7 +276,7 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestPro
 		}
 	}
 
-	if tc.oci {
+	if tc.helmType == test_utils.TestHelmRepo_Oci {
 		if tc.argCredsHost != "" {
 			setEnv("KLUCTL_REGISTRY_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
 		}
@@ -289,17 +289,17 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestPro
 		if tc.argPassword != "" {
 			setEnv("KLUCTL_REGISTRY_PASSWORD", tc.argPassword)
 		}
-		if !repo.TLSEnabled {
+		if !repo.HttpServer.TLSEnabled {
 			setEnv("KLUCTL_REGISTRY_PLAIN_HTTP", "true")
 		}
 		if tc.argPassCA {
-			setEnv("KLUCTL_REGISTRY_CA_FILE", newTmpFile(t, repo.ServerCAs))
+			setEnv("KLUCTL_REGISTRY_CA_FILE", newTmpFile(t, repo.HttpServer.ServerCAs))
 		}
 		if tc.argPassClientCert {
-			setEnv("KLUCTL_REGISTRY_CERT_FILE", newTmpFile(t, repo.ClientCert))
-			setEnv("KLUCTL_REGISTRY_KEY_FILE", newTmpFile(t, repo.ClientKey))
+			setEnv("KLUCTL_REGISTRY_CERT_FILE", newTmpFile(t, repo.HttpServer.ClientCert))
+			setEnv("KLUCTL_REGISTRY_KEY_FILE", newTmpFile(t, repo.HttpServer.ClientKey))
 		}
-	} else {
+	} else if tc.helmType == test_utils.TestHelmRepo_Helm {
 		if tc.argCredsId != "" {
 			setEnv("KLUCTL_HELM_CREDENTIALS_ID", tc.argCredsId)
 		}
@@ -316,15 +316,15 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestPro
 			setEnv("KLUCTL_HELM_PASSWORD", tc.argPassword)
 		}
 		if tc.argPassCA {
-			setEnv("KLUCTL_HELM_CA_FILE", newTmpFile(t, repo.ServerCAs))
+			setEnv("KLUCTL_HELM_CA_FILE", newTmpFile(t, repo.HttpServer.ServerCAs))
 		}
 		if tc.argPassClientCert {
-			setEnv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.ClientCert))
-			setEnv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.ClientKey))
+			setEnv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.HttpServer.ClientCert))
+			setEnv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.HttpServer.ClientKey))
 		}
 	}
 	// add a fallback that enables plain_http in case we have no matching creds
-	if tc.oci && !repo.TLSEnabled {
+	if tc.helmType == test_utils.TestHelmRepo_Oci && !repo.HttpServer.TLSEnabled {
 		setEnv("KLUCTL_REGISTRY_1_HOST", repo.URL.Host)
 		setEnv("KLUCTL_REGISTRY_1_PLAIN_HTTP", "true")
 	}
@@ -364,20 +364,13 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		password = "secret-password"
 	}
 
-	repo := &test_utils.TestHelmRepo{
-		TestHttpServer: test_utils.TestHttpServer{
-			Username:               user,
-			Password:               password,
-			NoLoopbackProxyEnabled: true,
-			TLSEnabled:             tc.testTLS,
-			TLSClientCertEnabled:   tc.testTLSClientCert,
-		},
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-		},
-		Oci:  tc.oci,
-		Path: tc.path,
+	var repo *test_utils.TestHelmRepo
+	if tc.helmType == test_utils.TestHelmRepo_Helm || tc.helmType == test_utils.TestHelmRepo_Oci {
+		repo = test_utils.NewHelmTestRepoHttp(tc.helmType, tc.path, user, password, tc.testTLS, tc.testTLSClientCert)
 	}
+	repo.Charts = append(repo.Charts,
+		test_utils.RepoChart{ChartName: "test-chart1", Version: "0.1.0"},
+	)
 	repo.Start(t)
 
 	extraArgs := buildHelmTestExtraArgs(t, tc, repo)
@@ -540,7 +533,7 @@ func TestHelmInIncludeLibrary(t *testing.T) {
 	}
 }
 
-func testHelmManualUpgrade(t *testing.T, oci bool) {
+func testHelmManualUpgrade(t *testing.T, helmType test_utils.TestHelmRepoType) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -550,7 +543,7 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 	createNamespace(t, k, p.TestSlug())
 
 	repo := &test_utils.TestHelmRepo{
-		Oci: oci,
+		Type: helmType,
 		Charts: []test_utils.RepoChart{
 			{ChartName: "test-chart1", Version: "0.1.0"},
 			{ChartName: "test-chart1", Version: "0.2.0"},
@@ -582,14 +575,14 @@ func testHelmManualUpgrade(t *testing.T, oci bool) {
 }
 
 func TestHelmManualUpgrade(t *testing.T) {
-	testHelmManualUpgrade(t, false)
+	testHelmManualUpgrade(t, test_utils.TestHelmRepo_Helm)
 }
 
 func TestHelmManualUpgradeOci(t *testing.T) {
-	testHelmManualUpgrade(t, true)
+	testHelmManualUpgrade(t, test_utils.TestHelmRepo_Oci)
 }
 
-func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
+func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade bool, commit bool) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -599,7 +592,7 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 	createNamespace(t, k, p.TestSlug())
 
 	repo := &test_utils.TestHelmRepo{
-		Oci: oci,
+		Type: helmType,
 		Charts: []test_utils.RepoChart{
 			{ChartName: "test-chart1", Version: "0.1.0"},
 			{ChartName: "test-chart1", Version: "0.2.0"},
@@ -684,30 +677,30 @@ func testHelmUpdate(t *testing.T, oci bool, upgrade bool, commit bool) {
 }
 
 func TestHelmUpdate(t *testing.T) {
-	testHelmUpdate(t, false, false, false)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Helm, false, false)
 }
 
 func TestHelmUpdateOci(t *testing.T) {
-	testHelmUpdate(t, true, false, false)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, false, false)
 }
 
 func TestHelmUpdateAndUpgrade(t *testing.T) {
-	testHelmUpdate(t, false, true, false)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Helm, true, false)
 }
 
 func TestHelmUpdateAndUpgradeOci(t *testing.T) {
-	testHelmUpdate(t, true, true, false)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, true, false)
 }
 
 func TestHelmUpdateAndUpgradeAndCommit(t *testing.T) {
-	testHelmUpdate(t, false, true, true)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Helm, true, true)
 }
 
 func TestHelmUpdateAndUpgradeAndCommitOci(t *testing.T) {
-	testHelmUpdate(t, true, true, true)
+	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, true, true)
 }
 
-func testHelmUpdateConstraints(t *testing.T, oci bool) {
+func testHelmUpdateConstraints(t *testing.T, helmType test_utils.TestHelmRepoType) {
 	t.Parallel()
 
 	k := defaultCluster1
@@ -717,7 +710,7 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 	createNamespace(t, k, p.TestSlug())
 
 	repo := &test_utils.TestHelmRepo{
-		Oci: oci,
+		Type: helmType,
 		Charts: []test_utils.RepoChart{
 			{ChartName: "test-chart1", Version: "0.1.0"},
 			{ChartName: "test-chart1", Version: "0.1.1"},
@@ -766,11 +759,11 @@ func testHelmUpdateConstraints(t *testing.T, oci bool) {
 }
 
 func TestHelmUpdateConstraints(t *testing.T) {
-	testHelmUpdateConstraints(t, false)
+	testHelmUpdateConstraints(t, test_utils.TestHelmRepo_Helm)
 }
 
 func TestHelmUpdateConstraintsOci(t *testing.T) {
-	testHelmUpdateConstraints(t, true)
+	testHelmUpdateConstraints(t, test_utils.TestHelmRepo_Oci)
 }
 
 func TestHelmValues(t *testing.T) {
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index b4592c4e0..a5d6ea408 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -23,7 +23,7 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 
 	repo := &test_utils.TestHelmRepo{
-		Oci: true,
+		Type: test_utils.TestHelmRepo_Oci,
 	}
 	repo.Start(t)
 
@@ -64,13 +64,7 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	ip3 := prepareIncludeProject(t, "include3", "", nil)
 
 	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
-		repo := &test_utils.TestHelmRepo{
-			TestHttpServer: test_utils.TestHttpServer{
-				Username: user,
-				Password: pass,
-			},
-			Oci: true,
-		}
+		repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", user, pass, false, false)
 		repo.Start(t)
 		return repo
 	}
@@ -170,7 +164,7 @@ func TestOciIncludeTagsAndDigests(t *testing.T) {
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 
 	repo := test_utils.TestHelmRepo{
-		Oci: true,
+		Type: test_utils.TestHelmRepo_Oci,
 	}
 	repo.Start(t)
 
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index 590b43ea1..bbc1f8fd7 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -37,7 +37,7 @@ func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster,
 	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
 
 	repo := &test_utils.TestHelmRepo{
-		Oci: true,
+		Type: test_utils.TestHelmRepo_Oci,
 	}
 	if oci {
 		repo.Start(t)
diff --git a/e2e/test-utils/helm_test_repo.go b/e2e/test-utils/helm_test_repo.go
index 1683503d6..f092690e7 100644
--- a/e2e/test-utils/helm_test_repo.go
+++ b/e2e/test-utils/helm_test_repo.go
@@ -16,10 +16,18 @@ import (
 	"testing"
 )
 
+type TestHelmRepoType int
+
+const (
+	TestHelmRepo_Helm TestHelmRepoType = iota
+	TestHelmRepo_Oci
+	TestHelmRepo_Git
+)
+
 type TestHelmRepo struct {
-	TestHttpServer
+	HttpServer TestHttpServer
 
-	Oci bool
+	Type TestHelmRepoType
 
 	Path   string
 	Charts []RepoChart
@@ -32,8 +40,22 @@ type RepoChart struct {
 	Version   string
 }
 
+func NewHelmTestRepoHttp(helmType TestHelmRepoType, path string, username string, password string, tlsEnabled bool, tlsClientCertEnabled bool) *TestHelmRepo {
+	return &TestHelmRepo{
+		HttpServer: TestHttpServer{
+			Username:               username,
+			Password:               password,
+			NoLoopbackProxyEnabled: true,
+			TLSEnabled:             tlsEnabled,
+			TLSClientCertEnabled:   tlsClientCertEnabled,
+		},
+		Type: helmType,
+		Path: path,
+	}
+}
+
 func (s *TestHelmRepo) Start(t *testing.T) {
-	if s.Oci {
+	if s.Type == TestHelmRepo_Oci {
 		s.startOciRepo(t)
 	} else {
 		s.startHelmRepo(t)
@@ -49,9 +71,9 @@ func (s *TestHelmRepo) startHelmRepo(t *testing.T) {
 	}
 
 	fs := http.FileServer(http.FS(os.DirFS(tmpDir)))
-	s.TestHttpServer.Start(t, fs)
+	s.HttpServer.Start(t, fs)
 
-	i, err := repo.IndexDirectory(tmpDir, s.Server.URL)
+	i, err := repo.IndexDirectory(tmpDir, s.HttpServer.Server.URL)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -67,19 +89,19 @@ func (s *TestHelmRepo) startHelmRepo(t *testing.T) {
 		path = "/" + path
 	}
 
-	u, _ := url.Parse(s.Server.URL + path)
+	u, _ := url.Parse(s.HttpServer.Server.URL + path)
 	s.URL = *u
 }
 
 func (s *TestHelmRepo) buildOciRegistryClient(t *testing.T) *registry2.Client {
 	var opts []registry2.ClientOption
-	if !s.TLSEnabled {
+	if !s.HttpServer.TLSEnabled {
 		opts = append(opts, registry2.ClientOptPlainHTTP())
 	}
 
-	opts = append(opts, registry2.ClientOptHTTPClient(s.Server.Client()))
+	opts = append(opts, registry2.ClientOptHTTPClient(s.HttpServer.Server.Client()))
 
-	if s.Password != "" {
+	if s.HttpServer.Password != "" {
 		tmpConfigFile := filepath.Join(t.TempDir(), "config.json")
 		opts = append(opts, registry2.ClientOptCredentialsFile(tmpConfigFile))
 	}
@@ -89,10 +111,10 @@ func (s *TestHelmRepo) buildOciRegistryClient(t *testing.T) *registry2.Client {
 		t.Fatal(err)
 	}
 
-	if s.Password != "" {
+	if s.HttpServer.Password != "" {
 		var loginOpts []registry2.LoginOption
-		loginOpts = append(loginOpts, registry2.LoginOptBasicAuth(s.Username, s.Password))
-		if !s.TLSEnabled {
+		loginOpts = append(loginOpts, registry2.LoginOptBasicAuth(s.HttpServer.Username, s.HttpServer.Password))
+		if !s.HttpServer.TLSEnabled {
 			loginOpts = append(loginOpts, registry2.LoginOptInsecure(true))
 		}
 		err = registryClient.Login(s.URL.Host, loginOpts...)
@@ -108,9 +130,9 @@ func (s *TestHelmRepo) startOciRepo(t *testing.T) {
 
 	ociRegistry := registry.New()
 
-	s.TestHttpServer.Start(t, http.HandlerFunc(ociRegistry.ServeHTTP))
+	s.HttpServer.Start(t, http.HandlerFunc(ociRegistry.ServeHTTP))
 
-	u, _ := url.Parse(s.Server.URL)
+	u, _ := url.Parse(s.HttpServer.Server.URL)
 	s.URL = *u
 	s.URL.Scheme = "oci"
 

From 980a4cc5388a13b9556af35a8e7c6fcdd37dc23a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 17:08:30 +0200
Subject: [PATCH 2186/2268] feat: Allow to pass git credentials via CLI

---
 cmd/kluctl/args/git_credentials.go      | 112 ++++++++++++++++++++++++
 cmd/kluctl/commands/cmd_delete.go       |   2 +
 cmd/kluctl/commands/cmd_deploy.go       |   2 +
 cmd/kluctl/commands/cmd_diff.go         |   2 +
 cmd/kluctl/commands/cmd_helm_pull.go    |   6 ++
 cmd/kluctl/commands/cmd_helm_update.go  |   6 ++
 cmd/kluctl/commands/cmd_list_images.go  |   2 +
 cmd/kluctl/commands/cmd_list_targets.go |   2 +-
 cmd/kluctl/commands/cmd_poke_images.go  |   2 +
 cmd/kluctl/commands/cmd_prune.go        |   2 +
 cmd/kluctl/commands/cmd_render.go       |   2 +
 cmd/kluctl/commands/cmd_validate.go     |   2 +
 cmd/kluctl/commands/completion.go       |   2 +-
 cmd/kluctl/commands/root.go             |   1 +
 cmd/kluctl/commands/utils.go            |  15 +++-
 15 files changed, 156 insertions(+), 4 deletions(-)
 create mode 100644 cmd/kluctl/args/git_credentials.go

diff --git a/cmd/kluctl/args/git_credentials.go b/cmd/kluctl/args/git_credentials.go
new file mode 100644
index 000000000..fd59fe006
--- /dev/null
+++ b/cmd/kluctl/args/git_credentials.go
@@ -0,0 +1,112 @@
+package args
+
+import (
+	"context"
+	"fmt"
+	"github.com/gobwas/glob"
+	git_auth "github.com/kluctl/kluctl/lib/git/auth"
+	"github.com/kluctl/kluctl/v2/pkg/utils"
+	"os"
+	"strings"
+)
+
+type GitCredentials struct {
+	GitUsername          []string `group:"git" skipenv:"true" help:"Specify username to use for Git basic authentication. Must be in the form --git-username=<host>/<path>=<username>."`
+	GitPassword          []string `group:"git" skipenv:"true" help:"Specify password to use for Git basic authentication. Must be in the form --git-password=<host>/<path>=<password>."`
+	GitSshKeyFile        []string `group:"git" skipenv:"true" help:"Specify SSH key to use for Git authentication. Must be in the form --git-ssh-key-file=<host>/<path>=<filePath>."`
+	GitSshKnownHostsFile []string `group:"git" skipenv:"true" help:"Specify known_hosts file to use for Git authentication. Must be in the form --git-ssh-known-hosts-file=<host>/<path>=<filePath>."`
+	GitCAFile            []string `group:"git" skipenv:"true" help:"Specify CA bundle to use for https verification. Must be in the form --git-ca-file=<registry>/<repo>=<filePath>."`
+}
+
+func (c *GitCredentials) BuildAuthProvider(ctx context.Context) (git_auth.GitAuthProvider, error) {
+	la := &git_auth.ListAuthProvider{}
+	if c == nil {
+		return la, nil
+	}
+
+	var byHostPath utils.OrderedMap[string, *git_auth.AuthEntry]
+
+	getEntry := func(s string, expectValue bool) (*git_auth.AuthEntry, string, error) {
+		x := strings.SplitN(s, "=", 2)
+		if expectValue && len(x) != 2 {
+			return nil, "", fmt.Errorf("expected value")
+		}
+		k := x[0]
+		e, ok := byHostPath.Get(k)
+		if !ok {
+			x := strings.SplitN(k, "/", 2)
+			e = &git_auth.AuthEntry{}
+			if len(x) == 2 {
+				e.Host = x[0]
+				g, err := glob.Compile(x[1], '/')
+				if err != nil {
+					return nil, "", err
+				}
+				e.PathStr = x[1]
+				e.PathGlob = g
+			} else {
+				e.Host = x[0]
+			}
+			byHostPath.Set(k, e)
+		}
+
+		if len(x) == 1 {
+			return e, "", nil
+		}
+		return e, x[1], nil
+	}
+
+	for _, s := range c.GitUsername {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		e.Username = v
+	}
+	for _, s := range c.GitPassword {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		e.Password = v
+	}
+	for _, s := range c.GitSshKeyFile {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.SshKey = b
+	}
+	for _, s := range c.GitSshKnownHostsFile {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.KnownHosts = b
+	}
+	for _, s := range c.GitCAFile {
+		e, v, err := getEntry(s, true)
+		if err != nil {
+			return nil, err
+		}
+		b, err := os.ReadFile(v)
+		if err != nil {
+			return nil, err
+		}
+		e.CABundle = b
+	}
+
+	for _, e := range byHostPath.ListValues() {
+		la.AddEntry(*e)
+	}
+
+	return la, nil
+}
diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index e7b4b444a..5b41b5999 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -16,6 +16,7 @@ type deleteCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.YesFlags
@@ -45,6 +46,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index cb9eeaaa0..8c868cc38 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -17,6 +17,7 @@ type deployCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.YesFlags
@@ -56,6 +57,7 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 3a2c04d5a..53a13f4a7 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -14,6 +14,7 @@ type diffCmd struct {
 	args.ArgsFlags
 	args.InclusionFlags
 	args.ImageFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.ForceApplyFlags
@@ -40,6 +41,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index c1df57d6c..225824fe6 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -24,6 +24,7 @@ import (
 
 type helmPullCmd struct {
 	args.ProjectDir
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 }
@@ -53,6 +54,11 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := cmd.GitCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		gitAuthProvider.RegisterAuthProvider(x, false)
+	}
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
 	} else {
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 94b0b5420..9b61e8dca 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -28,6 +28,7 @@ import (
 
 type helmUpdateCmd struct {
 	args.ProjectDir
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 
@@ -65,6 +66,11 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	gitAuthProvider := gitauth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuthProvider := ociauth.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 	helmAuthProvider := helmauth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := cmd.GitCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		gitAuthProvider.RegisterAuthProvider(x, false)
+	}
 	if x, err := cmd.HelmCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
 	} else {
diff --git a/cmd/kluctl/commands/cmd_list_images.go b/cmd/kluctl/commands/cmd_list_images.go
index 99e0053ae..325c5700f 100644
--- a/cmd/kluctl/commands/cmd_list_images.go
+++ b/cmd/kluctl/commands/cmd_list_images.go
@@ -13,6 +13,7 @@ type listImagesCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.OutputFlags
@@ -37,6 +38,7 @@ func (cmd *listImagesCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 19a73a203..aa2beafe1 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -17,7 +17,7 @@ func (cmd *listTargetsCmd) Help() string {
 }
 
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
-	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
 		for _, t := range p.Targets {
 			result = append(result, t)
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 5ac81676d..96d7351d6 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -15,6 +15,7 @@ type pokeImagesCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.YesFlags
@@ -38,6 +39,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index e165d7cf1..732d0570c 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -15,6 +15,7 @@ type pruneCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.YesFlags
@@ -42,6 +43,7 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		dryRunArgs:           &cmd.DryRunFlags,
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index e6489cea6..8036642f0 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -17,6 +17,7 @@ type renderCmd struct {
 	args.ArgsFlags
 	args.ImageFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.RenderOutputDirFlags
@@ -48,6 +49,7 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 		argsFlags:            cmd.ArgsFlags,
 		imageFlags:           cmd.ImageFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 085946064..315f3694a 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -15,6 +15,7 @@ type validateCmd struct {
 	args.TargetFlags
 	args.ArgsFlags
 	args.InclusionFlags
+	args.GitCredentials
 	args.HelmCredentials
 	args.RegistryCredentials
 	args.OutputFlags
@@ -38,6 +39,7 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 		targetFlags:          cmd.TargetFlags,
 		argsFlags:            cmd.ArgsFlags,
 		inclusionFlags:       cmd.InclusionFlags,
+		gitCredentials:       cmd.GitCredentials,
 		helmCredentials:      cmd.HelmCredentials,
 		registryCredentials:  cmd.RegistryCredentials,
 		renderOutputDirFlags: cmd.RenderOutputDirFlags,
diff --git a/cmd/kluctl/commands/completion.go b/cmd/kluctl/commands/completion.go
index 306c60e95..b6cca1405 100644
--- a/cmd/kluctl/commands/completion.go
+++ b/cmd/kluctl/commands/completion.go
@@ -69,7 +69,7 @@ func RegisterFlagCompletionFuncs(cmdStruct interface{}, ccmd *cobra.Command) err
 func withProjectForCompletion(ctx context.Context, projectArgs *args.ProjectFlags, argsFlags *args.ArgsFlags, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	// let's not update git caches too often
 	projectArgs.GitCacheUpdateInterval = time.Second * 60
-	return withKluctlProjectFromArgs(ctx, nil, *projectArgs, argsFlags, nil, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, nil, *projectArgs, argsFlags, nil, nil, nil, false, false, true, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return cb(ctx, p)
 	})
 }
diff --git a/cmd/kluctl/commands/root.go b/cmd/kluctl/commands/root.go
index 759b4f538..9462aaa2c 100644
--- a/cmd/kluctl/commands/root.go
+++ b/cmd/kluctl/commands/root.go
@@ -91,6 +91,7 @@ var flagGroups = []groupInfo{
 	{group: "results", title: "Command Results:", description: "Configure how command results are stored."},
 	{group: "logs", title: "Log arguments:", description: "Configure logging."},
 	{group: "override", title: "GitOps overrides:", description: "Override settings for GitOps deployments."},
+	{group: "git", title: "Git arguments:", description: "Configure Git authentication."},
 	{group: "helm", title: "Helm arguments:", description: "Configure Helm authentication."},
 	{group: "registry", title: "Registry arguments:", description: "Configure OCI registry authentication."},
 	{group: "auth", title: "Auth arguments:", description: "Configure authentication."},
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index 93daf7d67..a2a9d0ef0 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -30,7 +30,12 @@ import (
 	client2 "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.KubeconfigFlags, projectFlags args.ProjectFlags, argsFlags *args.ArgsFlags, helmCredentials *args.HelmCredentials, registryCredentials *args.RegistryCredentials, internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
+func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.KubeconfigFlags, projectFlags args.ProjectFlags,
+	argsFlags *args.ArgsFlags,
+	gitCredentials *args.GitCredentials,
+	helmCredentials *args.HelmCredentials,
+	registryCredentials *args.RegistryCredentials,
+	internalDeploy bool, strictTemplates bool, forCompletion bool, cb func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error) error {
 	globalFlags := getCobraGlobalFlags(ctx)
 
 	j2, err := kluctl_jinja2.NewKluctlJinja2(ctx, strictTemplates, globalFlags.UseSystemPython)
@@ -75,6 +80,11 @@ func withKluctlProjectFromArgs(ctx context.Context, kubeconfigFlags *args.Kubeco
 	gitAuth := auth.NewDefaultAuthProviders("KLUCTL_GIT", messageCallbacks)
 	ociAuth := auth_provider.NewDefaultAuthProviders("KLUCTL_REGISTRY")
 	helmAuth := helm_auth.NewDefaultAuthProviders("KLUCTL_HELM")
+	if x, err := gitCredentials.BuildAuthProvider(ctx); err != nil {
+		return err
+	} else {
+		gitAuth.RegisterAuthProvider(x, false)
+	}
 	if x, err := helmCredentials.BuildAuthProvider(ctx); err != nil {
 		return err
 	} else {
@@ -124,6 +134,7 @@ type projectTargetCommandArgs struct {
 	argsFlags            args.ArgsFlags
 	imageFlags           args.ImageFlags
 	inclusionFlags       args.InclusionFlags
+	gitCredentials       args.GitCredentials
 	helmCredentials      args.HelmCredentials
 	registryCredentials  args.RegistryCredentials
 	dryRunArgs           *args.DryRunFlags
@@ -148,7 +159,7 @@ type commandCtx struct {
 }
 
 func withProjectCommandContext(ctx context.Context, args projectTargetCommandArgs, cb func(cmdCtx *commandCtx) error) error {
-	return withKluctlProjectFromArgs(ctx, &args.kubeconfigFlags, args.projectFlags, &args.argsFlags, &args.helmCredentials, &args.registryCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
+	return withKluctlProjectFromArgs(ctx, &args.kubeconfigFlags, args.projectFlags, &args.argsFlags, &args.gitCredentials, &args.helmCredentials, &args.registryCredentials, args.internalDeploy, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		return withProjectTargetCommandContext(ctx, args, p, cb)
 	})
 }

From 1ba9d9c1f7e0d72b650568dfd3c8eb0444dbd3d3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 17:15:19 +0200
Subject: [PATCH 2187/2268] refactor: Introduce ChartVersion to hold git and
 non-git versions

---
 cmd/kluctl/commands/cmd_helm_pull.go   |  42 ++++---
 cmd/kluctl/commands/cmd_helm_update.go |  66 +++++-----
 pkg/helm/chart.go                      | 166 ++++++++++++-------------
 pkg/helm/chart_version.go              |  44 +++++++
 pkg/helm/helm_release.go               | 122 +++++++-----------
 pkg/helm/pulled_chart.go               |  46 ++++---
 pkg/types/helm_chart.go                |  13 +-
 7 files changed, 264 insertions(+), 235 deletions(-)
 create mode 100644 pkg/helm/chart_version.go

diff --git a/cmd/kluctl/commands/cmd_helm_pull.go b/cmd/kluctl/commands/cmd_helm_pull.go
index 225824fe6..056271651 100644
--- a/cmd/kluctl/commands/cmd_helm_pull.go
+++ b/cmd/kluctl/commands/cmd_helm_pull.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/git/types"
 	"io/fs"
 	"os"
 	"path/filepath"
@@ -80,7 +81,11 @@ func (cmd *helmPullCmd) Run(ctx context.Context) error {
 	return err
 }
 
-func cleanupUnusedCharts(ctx context.Context, versionsToPull map[string]bool, dryRun bool, chartsDir string) (int, error) {
+func cleanupUnusedCharts(ctx context.Context, versionsToPull map[string]helm.ChartVersion, dryRun bool, chartsDir string, isGitHelmChart bool) (int, error) {
+	if isGitHelmChart {
+		chartsDir = filepath.Join(chartsDir, "refs", "tags")
+	}
+
 	actions := 0
 	des, err := os.ReadDir(chartsDir)
 	if err != nil && !os.IsNotExist(err) {
@@ -90,10 +95,18 @@ func cleanupUnusedCharts(ctx context.Context, versionsToPull map[string]bool, dr
 		if !de.IsDir() {
 			continue
 		}
-		if _, ok := versionsToPull[de.Name()]; !ok {
+		var testVersion helm.ChartVersion
+		if isGitHelmChart {
+			testVersion.GitRef = &types.GitRef{
+				Tag: de.Name(),
+			}
+		} else {
+			testVersion.Version = utils.Ptr(de.Name())
+		}
+		if _, ok := versionsToPull[testVersion.String()]; !ok {
 			actions++
 			if !dryRun {
-				status.Infof(ctx, "Removing unused Chart with version or ref %s", de.Name())
+				status.Infof(ctx, "Removing unused Chart with version %s", testVersion.String())
 				err = os.RemoveAll(filepath.Join(chartsDir, de.Name()))
 				if err != nil {
 					return actions, err
@@ -117,24 +130,21 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 	g := utils.NewGoHelper(ctx, 8)
 
 	for _, chart := range charts {
-		chart := chart
 		statusPrefix := chart.GetChartName()
-		versionsToPull := map[string]bool{}
+		versionsToPull := map[string]helm.ChartVersion{}
 		for _, hr := range releases {
 			if hr.Config.SkipPrePull {
 				continue
 			}
 			if hr.Chart == chart {
+				var v helm.ChartVersion
 				if hr.Chart.IsRegistryChart() {
-					versionsToPull[hr.Config.ChartVersion] = true
+					v.Version = hr.Config.ChartVersion
 				}
 				if hr.Chart.IsGitRepositoryChart() {
-					ref, _, err := hr.Chart.GetGitRef()
-					if err != nil {
-						return actions, err
-					}
-					versionsToPull[ref] = true
+					v.GitRef = hr.Config.Git.Ref
 				}
+				versionsToPull[v.String()] = v
 			}
 		}
 
@@ -142,13 +152,11 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 		if err != nil {
 			return actions, err
 		}
-		cleanupActions, err := cleanupUnusedCharts(ctx, versionsToPull, dryRun, chartsDir)
+		cleanupActions, err := cleanupUnusedCharts(ctx, versionsToPull, dryRun, chartsDir, chart.IsGitRepositoryChart())
 		actions += cleanupActions
 
-		for version, _ := range versionsToPull {
-			version := version
-
-			if yaml.Exists(filepath.Join(chartsDir, version, "Chart.yaml")) && !force {
+		for _, version := range versionsToPull {
+			if yaml.Exists(filepath.Join(chartsDir, version.String(), "Chart.yaml")) && !force {
 				continue
 			}
 
@@ -158,7 +166,7 @@ func doHelmPull(ctx context.Context, projectDir string, helmAuthProvider helmaut
 				continue
 			}
 			g.RunE(func() error {
-				s := status.Startf(ctx, "%s: Pulling Chart with version %s", statusPrefix, version)
+				s := status.Startf(ctx, "%s: Pulling Chart with version %s", statusPrefix, version.String())
 				defer s.Failed()
 
 				_, err := chart.PullInProject(ctx, baseChartsDir, version)
diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index 9b61e8dca..a3ec3ccdf 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -124,10 +124,10 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	for _, chart := range charts {
-		chart := chart
 		g.RunE(func() error {
 			s := status.Startf(ctx, "%s: Querying versions", chart.GetChartName())
 			defer s.Failed()
+			chart.GetLocalChartVersion()
 			err := chart.QueryVersions(ctx)
 			if err != nil {
 				s.FailedWithMessagef("%s: %s", chart.GetChartName(), err.Error())
@@ -143,31 +143,22 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 	}
 
 	for _, chart := range charts {
-		chart := chart
-
-		versionsToPull := map[string]bool{}
+		versionsToPull := map[string]helm.ChartVersion{}
 		for _, hr := range releases {
 			if hr.Chart != chart {
 				continue
 			}
-			version, err := hr.GetAbstractVersion()
-			if err != nil {
-				return err
-			}
-			versionsToPull[version] = true
+			version := hr.GetAbstractVersion()
+			versionsToPull[version.String()] = version
 		}
 
-		for version, _ := range versionsToPull {
+		for _, version := range versionsToPull {
 			var out string
 			if chart.IsRegistryChart() {
-				out = fmt.Sprintf("%s: Downloading Chart with version %s into cache", chart.GetChartName(), version)
+				out = fmt.Sprintf("%s: Downloading Chart with version %s into cache", chart.GetChartName(), version.String())
 			}
 			if chart.IsGitRepositoryChart() {
-				ref, _, err := chart.GetGitRef()
-				if err != nil {
-					return err
-				}
-				out = fmt.Sprintf("%s: Downloading Chart with branch, tag or commit %s into cache", chart.GetChartName(), ref)
+				out = fmt.Sprintf("%s: Downloading Chart with branch, tag or commit %s into cache", chart.GetChartName(), version.String())
 			}
 			g.RunE(func() error {
 				s := status.Startf(ctx, out)
@@ -204,21 +195,19 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 		if err != nil {
 			return err
 		}
-		currentVersion, err := hr.GetAbstractVersion()
-		if err != nil {
-			return err
-		}
+		currentVersion := hr.GetAbstractVersion()
 
 		if currentVersion == latestVersion {
 			continue
 		}
 
 		if hr.Config.SkipUpdate {
-			status.Infof(ctx, "%s: Skipped update to version %s", relDir, latestVersion)
+			status.Infof(ctx, "%s: Skipped update to version %s", relDir, latestVersion.String())
 			continue
 		}
 
-		status.Infof(ctx, "%s: Chart %s (old version %s) has new version %s available", relDir, hr.Chart.GetChartName(), currentVersion, latestVersion)
+		status.Infof(ctx, "%s: Chart %s (old version %s) has new version %s available",
+			relDir, hr.Chart.GetChartName(), currentVersion.String(), latestVersion.String())
 
 		if !cmd.Upgrade {
 			continue
@@ -226,18 +215,30 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 
 		if cmd.Interactive {
 			if !prompts.AskForConfirmation(ctx, fmt.Sprintf("%s: Do you want to upgrade Chart %s to version %s?",
-				relDir, hr.Chart.GetChartName(), latestVersion)) {
+				relDir, hr.Chart.GetChartName(), latestVersion.String())) {
 				continue
 			}
 		}
 
 		oldVersion := currentVersion
-		hr.Config.ChartVersion = latestVersion
+		if hr.Chart.IsGitRepositoryChart() {
+			if hr.Config.Git.Ref.Tag == "" {
+				return fmt.Errorf("unexpected error, tag of git chart is empty")
+			}
+			// git object is shared by multiple releases
+			hr.Config.Git, err = utils.DeepClone(hr.Config.Git)
+			if err != nil {
+				return err
+			}
+			hr.Config.Git.Ref = latestVersion.GitRef
+		} else {
+			hr.Config.ChartVersion = latestVersion.Version
+		}
 		err = hr.Save()
 		if err != nil {
 			return err
 		}
-		status.Infof(ctx, "%s: Updated Chart version to %s", relDir, latestVersion)
+		status.Infof(ctx, "%s: Updated Chart version to %s", relDir, latestVersion.String())
 
 		k := helmUpgradeKey{
 			chartDir:   cd,
@@ -278,11 +279,12 @@ func (cmd *helmUpdateCmd) collectFiles(root string, dir string, m map[string]os.
 	return err
 }
 
-func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion string, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider *ociauth.OciAuthProviders, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) error {
+func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string, baseChartsDir string, gitRootPath string, hrs []*helm.Release, oldVersion helm.ChartVersion, helmAuthProvider helmauth.HelmAuthProvider, ociAuthProvider *ociauth.OciAuthProviders, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) error {
 	chart := hrs[0].Chart
-	newVersion := hrs[0].Config.ChartVersion
 
-	s := status.Startf(ctx, "Upgrading Chart %s from version %s to %s", chart.GetChartName(), oldVersion, newVersion)
+	newVersion := hrs[0].GetAbstractVersion()
+
+	s := status.Startf(ctx, "Upgrading Chart %s from version %s to %s", chart.GetChartName(), oldVersion.String(), newVersion.String())
 	defer s.Failed()
 
 	doError := func(err error) error {
@@ -365,13 +367,13 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 			}
 		}
 
-		commitMsg := fmt.Sprintf("Updated helm chart %s from version %s to version %s", chart.GetChartName(), oldVersion, newVersion)
+		commitMsg := fmt.Sprintf("Updated helm chart %s from version %s to version %s", chart.GetChartName(), oldVersion.String(), newVersion.String())
 		_, err = wt.Commit(commitMsg, &git.CommitOptions{})
 		if err != nil {
 			return doError(fmt.Errorf("failed to commit: %w", err))
 		}
 
-		s.UpdateAndInfoFallbackf("Committed helm chart %s with version %s", chart.GetChartName(), newVersion)
+		s.UpdateAndInfoFallbackf("Committed helm chart %s with version %s", chart.GetChartName(), newVersion.String())
 	}
 	s.Success()
 
@@ -380,6 +382,6 @@ func (cmd *helmUpdateCmd) pullAndCommit(ctx context.Context, projectDir string,
 
 type helmUpgradeKey struct {
 	chartDir   string
-	oldVersion string
-	newVersion string
+	oldVersion helm.ChartVersion
+	newVersion helm.ChartVersion
 }
diff --git a/pkg/helm/chart.go b/pkg/helm/chart.go
index 9e5f150fe..ea6491a25 100644
--- a/pkg/helm/chart.go
+++ b/pkg/helm/chart.go
@@ -3,6 +3,7 @@ package helm
 import (
 	"context"
 	"fmt"
+	"github.com/kluctl/kluctl/lib/git/types"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"net/url"
 	"os"
@@ -34,7 +35,8 @@ type Chart struct {
 	repo             string
 	localPath        string
 	chartName        string
-	git              *types2.GitProject
+	gitUrl           *types.GitUrl
+	gitSubDir        string
 	helmAuthProvider helmauth.HelmAuthProvider
 	ociAuthProvider  ociauth.OciAuthProvider
 	gitRp            *repocache.GitRepoCache
@@ -42,13 +44,12 @@ type Chart struct {
 
 	credentialsId string
 
-	versions []string
+	versions []ChartVersion
 }
 
 func NewChart(repo string, localPath string, chartName string, git *types2.GitProject, helmAuthProvider helmauth.HelmAuthProvider, credentialsId string, ociAuthProvider ociauth.OciAuthProvider, gitRp *repocache.GitRepoCache, ociRp *repocache.OciRepoCache) (*Chart, error) {
 	hc := &Chart{
 		repo:             repo,
-		git:              git,
 		localPath:        localPath,
 		helmAuthProvider: helmAuthProvider,
 		credentialsId:    credentialsId,
@@ -84,20 +85,23 @@ func NewChart(repo string, localPath string, chartName string, git *types2.GitPr
 			return nil, fmt.Errorf("invalid oci chart url: %s", repo)
 		}
 		hc.chartName = chartName
-	} else if hc.IsGitRepositoryChart() {
+	} else if git != nil {
+		hc.gitUrl = &git.Url
+		hc.gitSubDir = git.SubDir
+
 		if chartName != "" {
 			return nil, fmt.Errorf("chartName can't be specified when using git repos")
 		}
 		// Use the subDir if possible otherwise use the URL
-		if hc.git.SubDir != "" {
-			hc.chartName = path.Base(hc.git.SubDir)
+		if git.SubDir != "" {
+			hc.chartName = path.Base(git.SubDir)
 			if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, hc.chartName); !m {
-				return nil, fmt.Errorf("invalid git subDir: %s", hc.git.SubDir)
+				return nil, fmt.Errorf("invalid git subDir: %s", git.SubDir)
 			}
 		} else {
-			hc.chartName = path.Base(hc.git.Url.Normalize().Path)
+			hc.chartName = path.Base(git.Url.Normalize().Path)
 			if m, _ := regexp.MatchString(`[a-zA-Z_-]+`, hc.chartName); !m {
-				return nil, fmt.Errorf("invalid git url: %s", hc.git.Url.String())
+				return nil, fmt.Errorf("invalid git url: %s", git.Url.String())
 			}
 		}
 	} else if chartName == "" {
@@ -125,21 +129,7 @@ func (c *Chart) IsHelmRegistryChart() bool {
 }
 
 func (c *Chart) IsGitRepositoryChart() bool {
-	return c.git != nil
-}
-
-func (c *Chart) GetGitRef() (string, string, error) {
-	if c.git.Ref.Branch != "" {
-		return c.git.Ref.Branch, "branch", nil
-	}
-	if c.git.Ref.Tag != "" {
-		return c.git.Ref.Tag, "tag", nil
-	}
-
-	if c.git.Ref.Commit != "" {
-		return c.git.Ref.Commit, "commit", nil
-	}
-	return "", "", fmt.Errorf("neither branch, tag nor commit defined")
+	return c.gitUrl != nil
 }
 
 func (c *Chart) GetRepo() string {
@@ -204,41 +194,40 @@ func (c *Chart) BuildRegistryPulledChartDir(baseDir string) (string, error) {
 	return dir, nil
 }
 
-func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version string) (string, error) {
+func (c *Chart) BuildVersionedRegistryPulledChartDir(baseDir string, version ChartVersion) (string, error) {
 	dir, err := c.BuildRegistryPulledChartDir(baseDir)
 	if err != nil {
 		return "", err
 	}
-	if version != "" {
-		dir = filepath.Join(dir, version)
+	if version.Version != nil {
+		dir = filepath.Join(dir, *version.Version)
 	}
 	return dir, nil
 }
 
 func (c *Chart) BuildGitRepositoryPulledChartDir(baseDir string) (string, error) {
-	u := c.git.Url.Normalize()
-	pathPrefix := u.Scheme
+	u := c.gitUrl.Normalize()
+	pathPrefix := "git_" + u.Scheme
 	hostname := u.Hostname()
-	path := u.Path
-	subDir := c.git.SubDir
 	if u.Port() != "" {
 		pathPrefix += "_" + u.Port()
 	}
 	dir := filepath.Join(
 		baseDir,
 		fmt.Sprintf("%s_%s", pathPrefix, strings.ToLower(hostname)),
-		filepath.FromSlash(strings.ToLower(path)),
-		filepath.FromSlash(strings.ToLower(subDir)),
+		filepath.FromSlash(strings.ToLower(u.Path)),
+		filepath.FromSlash(strings.ToLower(c.gitSubDir)),
 	)
 	return dir, nil
 }
 
-func (c *Chart) BuildVersionedRepositoryPulledChartDir(baseDir string, version string) (string, error) {
+func (c *Chart) BuildVersionedGitRepositoryPulledChartDir(baseDir string, version ChartVersion) (string, error) {
 	dir, err := c.BuildGitRepositoryPulledChartDir(baseDir)
 	if err != nil {
 		return "", err
 	}
-	dir = filepath.Join(dir, version)
+	gitVersion := version.String()
+	dir = filepath.Join(dir, filepath.FromSlash(gitVersion))
 	return dir, nil
 }
 
@@ -266,7 +255,7 @@ func (c *Chart) BuildPulledChartDir(baseDir string) (string, error) {
 	return dir, nil
 }
 
-func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version string) (string, error) {
+func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version ChartVersion) (string, error) {
 	var dir string
 	var err error
 	if baseDir == "" {
@@ -278,7 +267,7 @@ func (c *Chart) BuildVersionedPulledChartDir(baseDir string, version string) (st
 			return "", err
 		}
 	} else if c.IsGitRepositoryChart() {
-		dir, err = c.BuildVersionedRepositoryPulledChartDir(baseDir, version)
+		dir, err = c.BuildVersionedGitRepositoryPulledChartDir(baseDir, version)
 		if err != nil {
 			return "", err
 		}
@@ -333,7 +322,7 @@ func (c *Chart) newRegistryClient(ctx context.Context, settings *cli.EnvSettings
 	return registryClient, cleanup, nil
 }
 
-func (c *Chart) pullFromRegistry(ctx context.Context, version string, tmpPullDir string, chartDir string) error {
+func (c *Chart) pullFromRegistry(ctx context.Context, version ChartVersion, tmpPullDir string, chartDir string) error {
 	u, err := url.Parse(c.repo)
 	if err != nil {
 		return err
@@ -354,7 +343,9 @@ func (c *Chart) pullFromRegistry(ctx context.Context, version string, tmpPullDir
 	a.Settings = settings
 	a.Untar = true
 	a.DestDir = tmpPullDir
-	a.Version = version
+	if version.Version != nil {
+		a.Version = *version.Version
+	}
 
 	if c.credentialsId != "" {
 		if registry.IsOCI(c.repo) {
@@ -407,16 +398,16 @@ func (c *Chart) pullFromRegistry(ctx context.Context, version string, tmpPullDir
 	return nil
 }
 
-func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) error {
-	m, err := c.gitRp.GetEntry(c.git.Url.String())
+func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string, version ChartVersion) error {
+	m, err := c.gitRp.GetEntry(c.gitUrl.String())
 	if err != nil {
 		return err
 	}
-	cd, gitInfo, err := m.GetClonedDir(c.git.Ref)
+	cd, gitInfo, err := m.GetClonedDir(version.GitRef)
 	if err != nil {
 		return err
 	}
-	err = cp.Copy(filepath.Join(cd, c.git.SubDir), chartDir)
+	err = cp.Copy(filepath.Join(cd, c.gitSubDir), chartDir)
 	if err != nil {
 		return err
 	}
@@ -428,7 +419,7 @@ func (c *Chart) pullFromGitRepository(ctx context.Context, chartDir string) erro
 	return nil
 }
 
-func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, error) {
+func (c *Chart) PullToTmp(ctx context.Context, version ChartVersion) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
@@ -446,7 +437,7 @@ func (c *Chart) PullToTmp(ctx context.Context, version string) (*PulledChart, er
 	if c.IsRegistryChart() {
 		err = c.pullFromRegistry(ctx, version, tmpPullDir, chartDir)
 	} else if c.IsGitRepositoryChart() {
-		err = c.pullFromGitRepository(ctx, chartDir)
+		err = c.pullFromGitRepository(ctx, chartDir, version)
 	} else {
 		return nil, fmt.Errorf("unknown type of helm chart source")
 	}
@@ -483,7 +474,7 @@ func (c *Chart) Pull(ctx context.Context, pc *PulledChart) error {
 	return nil
 }
 
-func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart, *lockedfile.File, error) {
+func (c *Chart) doPullCached(ctx context.Context, version ChartVersion) (*PulledChart, *lockedfile.File, error) {
 	baseDir := filepath.Join(utils.GetCacheDir(ctx), "helm-charts")
 	cacheDir, err := c.BuildVersionedPulledChartDir(baseDir, version)
 	_ = os.MkdirAll(cacheDir, 0o755)
@@ -512,7 +503,7 @@ func (c *Chart) doPullCached(ctx context.Context, version string) (*PulledChart,
 	return cached, lock, nil
 }
 
-func (c *Chart) PullCached(ctx context.Context, version string) (*PulledChart, error) {
+func (c *Chart) PullCached(ctx context.Context, version ChartVersion) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
@@ -525,7 +516,7 @@ func (c *Chart) PullCached(ctx context.Context, version string) (*PulledChart, e
 	return pc, nil
 }
 
-func (c *Chart) PullInProject(ctx context.Context, baseDir string, version string) (*PulledChart, error) {
+func (c *Chart) PullInProject(ctx context.Context, baseDir string, version ChartVersion) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
@@ -554,7 +545,7 @@ func (c *Chart) PullInProject(ctx context.Context, baseDir string, version strin
 	return pc, nil
 }
 
-func (c *Chart) GetPrePulledChart(baseDir string, version string) (*PulledChart, error) {
+func (c *Chart) GetPrePulledChart(baseDir string, version ChartVersion) (*PulledChart, error) {
 	if c.IsLocalChart() {
 		return nil, fmt.Errorf("can not pull local charts")
 	}
@@ -603,41 +594,34 @@ func (c *Chart) queryVersionsOci(ctx context.Context) error {
 		return err
 	}
 
-	c.versions = tags
+	c.versions = make([]ChartVersion, 0, len(tags))
+	for _, tag := range tags {
+		c.versions = append(c.versions, ChartVersion{
+			Version: &tag,
+		})
+	}
 
 	return nil
 }
 
 func (c *Chart) queryVersionsGitRepo(ctx context.Context) error {
-	ref, refType, err := c.GetGitRef()
+	m, err := c.gitRp.GetEntry(c.gitUrl.String())
 	if err != nil {
 		return err
 	}
-	if refType == "branch" {
-		return nil
-	}
-	if refType == "commit" {
-		// Could be implemented at some point
-		return nil
-	}
-	if refType == "tag" {
-		if IsSemantic(ref) {
-			m, err := c.gitRp.GetEntry(c.git.Url.String())
-			if err != nil {
-				return err
-			}
-			refs := m.GetRepoInfo().RemoteRefs
-			var semanticTags []string
-			for ref, _ := range refs {
-				after, found := strings.CutPrefix(ref, "refs/tags/")
-				if found {
-					semanticTags = append(semanticTags, after)
-				}
-			}
-			c.versions = semanticTags
-			return nil
+	refs := m.GetRepoInfo().RemoteRefs
+
+	c.versions = make([]ChartVersion, 0, len(refs))
+	for ref, _ := range refs {
+		pref, err := types.ParseGitRef(ref)
+		if err != nil {
+			continue
+		}
+		if pref.Tag != "" {
+			c.versions = append(c.versions, ChartVersion{GitRef: &pref})
 		}
 	}
+
 	return nil
 }
 
@@ -689,31 +673,35 @@ func (c *Chart) queryVersionsHelmRepo(ctx context.Context) error {
 		return fmt.Errorf("helm chart %s not found in Repo index", c.chartName)
 	}
 
-	c.versions = make([]string, 0, indexEntry.Len())
+	c.versions = make([]ChartVersion, 0, indexEntry.Len())
 	for _, x := range indexEntry {
-		c.versions = append(c.versions, x.Version)
+		c.versions = append(c.versions, ChartVersion{
+			Version: &x.Version,
+		})
 	}
 
 	return nil
 }
 
-func (c *Chart) GetLatestVersion(constraints *string) (string, error) {
+func (c *Chart) GetLatestVersion(constraints *string) (ChartVersion, error) {
+	var nullVersion ChartVersion
+
 	if len(c.versions) == 0 {
-		return "", fmt.Errorf("no versions found or queried: %s", c.GetChartName())
+		return nullVersion, fmt.Errorf("no versions found or queried: %s", c.GetChartName())
 	}
 	var err error
 	var updateConstraints *semver.Constraints
 	if constraints != nil {
 		updateConstraints, err = semver.NewConstraint(*constraints)
 		if err != nil {
-			return "", fmt.Errorf("invalid constraints '%s': %w", *constraints, err)
+			return nullVersion, fmt.Errorf("invalid constraints '%s': %w", *constraints, err)
 		}
 	}
 
-	var versions semver.Collection
+	var versions []ChartVersion
 	for _, x := range c.versions {
-		v, err := semver.NewVersion(x)
-		if err != nil {
+		v := x.Semver()
+		if v == nil {
 			continue
 		}
 
@@ -725,17 +713,21 @@ func (c *Chart) GetLatestVersion(constraints *string) (string, error) {
 		} else if !updateConstraints.Check(v) {
 			continue
 		}
-		versions = append(versions, v)
+		versions = append(versions, x)
 	}
 	if len(versions) == 0 {
 		if constraints == nil {
-			return "", fmt.Errorf("no version found")
+			return nullVersion, fmt.Errorf("no version found")
 		} else {
-			return "", fmt.Errorf("no version found that satisfies constraints '%s'", *constraints)
+			return nullVersion, fmt.Errorf("no version found that satisfies constraints '%s'", *constraints)
 		}
 	}
 
-	sort.Stable(versions)
-	latestVersion := versions[len(versions)-1].Original()
+	sort.SliceStable(versions, func(i, j int) bool {
+		a := versions[i].Semver()
+		b := versions[j].Semver()
+		return a.LessThan(b)
+	})
+	latestVersion := versions[len(versions)-1]
 	return latestVersion, nil
 }
diff --git a/pkg/helm/chart_version.go b/pkg/helm/chart_version.go
new file mode 100644
index 000000000..99449fea6
--- /dev/null
+++ b/pkg/helm/chart_version.go
@@ -0,0 +1,44 @@
+package helm
+
+import (
+	"github.com/Masterminds/semver/v3"
+	"github.com/kluctl/kluctl/lib/git/types"
+)
+
+type ChartVersion struct {
+	Version *string
+	GitRef  *types.GitRef
+}
+
+func (v ChartVersion) String() string {
+	if v.Version != nil {
+		return *v.Version
+	}
+	if v.GitRef != nil {
+		s := v.GitRef.String()
+		if s == "" {
+			return "HEAD"
+		}
+		return s
+	}
+	return "unknown"
+}
+
+func (v ChartVersion) Semver() *semver.Version {
+	var s string
+	if v.Version != nil {
+		s = *v.Version
+	} else if v.GitRef != nil {
+		if v.GitRef.Tag != "" {
+			s = v.GitRef.Tag
+		}
+	}
+	if s == "" {
+		return nil
+	}
+	x, err := semver.NewVersion(s)
+	if err != nil {
+		return nil
+	}
+	return x
+}
diff --git a/pkg/helm/helm_release.go b/pkg/helm/helm_release.go
index b7bc72133..c523f52c8 100644
--- a/pkg/helm/helm_release.go
+++ b/pkg/helm/helm_release.go
@@ -79,18 +79,17 @@ func NewRelease(ctx context.Context, projectRoot string, relDirInProject string,
 	return hr, nil
 }
 
-func (hr *Release) GetAbstractVersion() (string, error) {
+func (hr *Release) GetAbstractVersion() ChartVersion {
 	if hr.Chart.IsRegistryChart() {
-		return hr.Config.ChartVersion, nil
-	}
-	if hr.Chart.IsGitRepositoryChart() {
-		ref, _, err := hr.Chart.GetGitRef()
-		if err != nil {
-			return "", err
+		return ChartVersion{
+			Version: hr.Config.ChartVersion,
+		}
+	} else if hr.Chart.IsGitRepositoryChart() {
+		return ChartVersion{
+			GitRef: hr.Config.Git.Ref,
 		}
-		return ref, nil
 	}
-	return "", fmt.Errorf("neither chart version nor tag, commit or branch are defined")
+	panic("neither chart version nor tag, commit or branch are defined")
 }
 
 func (hr *Release) GetOutputPath() string {
@@ -116,91 +115,60 @@ func (hr *Release) Render(ctx context.Context, k *k8s.K8sCluster, k8sVersion str
 
 func (hr *Release) getPulledChart(ctx context.Context) (*PulledChart, error) {
 	if hr.Chart.IsLocalChart() {
-		version, err := hr.Chart.GetLocalChartVersion()
+		localChartVersion, err := hr.Chart.GetLocalChartVersion()
+		version := ChartVersion{
+			Version: &localChartVersion,
+		}
 		if err != nil {
 			return nil, err
 		}
 		return NewPulledChart(hr.Chart, version, hr.Chart.GetLocalPath(), false), nil
 	}
-	if hr.Chart.IsRegistryChart() {
-		if !hr.Config.SkipPrePull {
-			pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, hr.Config.ChartVersion)
-			if err != nil {
-				return nil, err
-			}
-
-			needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
-			if err != nil {
-				return nil, err
-			}
-
-			if needsPull {
-				if versionChanged {
-					return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-						"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), hr.Config.ChartVersion, prePulledVersion)
-				} else {
-					//goland:noinspection ALL
-					return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
-						"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
-				}
-			}
-
-			return pc, nil
-		} else {
-			s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.Config.ChartVersion)
-			defer s.Failed()
 
-			pc, err := hr.Chart.PullCached(ctx, hr.Config.ChartVersion)
-			if err != nil {
-				return nil, err
-			}
-			s.Success()
+	var version ChartVersion
+	if hr.Chart.IsGitRepositoryChart() {
+		version.GitRef = hr.Config.Git.Ref
+	} else if hr.Chart.IsRegistryChart() {
+		version.Version = hr.Config.ChartVersion
+	} else {
+		return nil, fmt.Errorf("unkown source of Helm Chart. Please set either path, repo or git")
+	}
 
-			return pc, nil
+	if !hr.Config.SkipPrePull {
+		pc, err := hr.Chart.GetPrePulledChart(hr.baseChartsDir, version)
+		if err != nil {
+			return nil, err
 		}
-	}
-	if hr.Chart.IsGitRepositoryChart() {
-		var pc *PulledChart
-		var err error
-		ref, _, err := hr.Chart.GetGitRef()
+
+		needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
 		if err != nil {
 			return nil, err
 		}
-		if !hr.Config.SkipPrePull {
-			pc, err = hr.Chart.GetPrePulledChart(hr.baseChartsDir, ref)
-			if err != nil {
-				return nil, err
-			}
-			needsPull, versionChanged, prePulledVersion, err := pc.CheckNeedsPull()
-			if err != nil {
-				return nil, err
-			}
 
-			if needsPull {
-				if versionChanged {
-					return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
-						"Desired ref is %s while pre-pulled ref is %s", hr.Chart.GetChartName(), ref, prePulledVersion)
-				} else {
-					//goland:noinspection ALL
-					return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
-						"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
-				}
+		if needsPull {
+			if versionChanged {
+				return nil, fmt.Errorf("pre-pulled Helm Chart %s need to be pulled (call 'kluctl helm-pull'). "+
+					"Desired version is %s while pre-pulled version is %s", hr.Chart.GetChartName(), version.String(), prePulledVersion.String())
+			} else {
+				//goland:noinspection ALL
+				return nil, fmt.Errorf("Helm Chart %s has not been pre-pulled, which is not allowed when skipPrePull is not enabled. "+
+					"Run 'kluctl helm-pull' to pre-pull all Helm Charts", hr.Chart.GetChartName())
 			}
-			return pc, nil
-		} else {
-			s := status.Startf(ctx, "Pulling Helm Chart %s with branch, tag or commit %s", hr.Chart.GetChartName(), ref)
-			defer s.Failed()
+		}
 
-			pc, err := hr.Chart.PullCached(ctx, ref)
-			if err != nil {
-				return nil, err
-			}
-			s.Success()
+		return pc, nil
+	} else {
+		s := status.Startf(ctx, "Pulling Helm Chart %s with version %s", hr.Chart.GetChartName(), hr.GetAbstractVersion().String())
+		defer s.Failed()
 
-			return pc, nil
+		pc, err := hr.Chart.PullCached(ctx, version)
+		if err != nil {
+			return nil, err
 		}
+		s.Success()
+
+		return pc, nil
 	}
-	return nil, fmt.Errorf("Unkown source of Helm Chart. Please set either path, repo or git.")
 }
 
 func (hr *Release) doRender(ctx context.Context, k *k8s.K8sCluster, k8sVersion string, sopsDecrypter *decryptor.Decryptor) error {
diff --git a/pkg/helm/pulled_chart.go b/pkg/helm/pulled_chart.go
index b887f7e58..3ea44a251 100644
--- a/pkg/helm/pulled_chart.go
+++ b/pkg/helm/pulled_chart.go
@@ -13,12 +13,12 @@ import (
 
 type PulledChart struct {
 	chart   *Chart
-	version string
+	version ChartVersion
 	dir     string
 	isTmp   bool
 }
 
-func NewPulledChart(chart *Chart, version string, dir string, isTmp bool) *PulledChart {
+func NewPulledChart(chart *Chart, version ChartVersion, dir string, isTmp bool) *PulledChart {
 	pc := &PulledChart{
 		chart:   chart,
 		version: version,
@@ -35,63 +35,71 @@ func (pc *PulledChart) CheckExists() bool {
 	return true
 }
 
-func (pc *PulledChart) CheckNeedsPull() (bool, bool, string, error) {
+func (pc *PulledChart) CheckNeedsPull() (bool, bool, ChartVersion, error) {
+	var nullVersion ChartVersion
+
 	if !utils.IsDirectory(pc.dir) {
-		return true, false, "", nil
+		return true, false, nullVersion, nil
 	}
 	if pc.chart.IsRegistryChart() {
 		chartYamlPath := yaml.FixPathExt(filepath.Join(pc.dir, "Chart.yaml"))
 		st, err := os.Stat(chartYamlPath)
 		if err != nil {
 			if os.IsNotExist(err) {
-				return true, false, "", nil
+				return true, false, nullVersion, nil
 			}
-			return false, false, "", err
+			return false, false, nullVersion, err
 		}
 
 		if pc.isTmp && time.Now().Sub(st.ModTime()) >= time.Hour*24 {
 			// MacOS will delete tmp files after 3 days, so lets be safe and re-pull every day
-			return true, false, "", nil
+			return true, false, nullVersion, nil
 		}
 
 		chartYaml, err := uo.FromFile(chartYamlPath)
 		if err != nil {
-			return false, false, "", err
+			return false, false, nullVersion, err
 		}
 
 		version, _, _ := chartYaml.GetNestedString("version")
+		newVersion := ChartVersion{
+			Version: &version,
+		}
 
-		if version != pc.version {
-			return true, true, version, nil
+		if newVersion.String() != pc.version.String() {
+			return true, true, newVersion, nil
 		}
 	}
 
 	if pc.chart.IsGitRepositoryChart() {
 		// Update git cache and check if git-info differs
 		// If something is missing, re-pull
-		m, err := pc.chart.gitRp.GetEntry(pc.chart.git.Url.String())
+		m, err := pc.chart.gitRp.GetEntry(pc.chart.gitUrl.String())
 		if err != nil {
-			return true, false, "", err
+			return true, false, nullVersion, err
 		}
-		_, gitInfo, err := m.GetClonedDir(pc.chart.git.Ref)
+		_, gitInfo, err := m.GetClonedDir(pc.version.GitRef)
 		if err != nil {
-			return true, false, "", err
+			return true, false, nullVersion, err
 		}
 		gif, err := os.ReadFile(filepath.Join(pc.dir, ".git-info.yaml"))
 		if err != nil {
-			return true, false, "", nil
+			return true, false, nullVersion, nil
 		}
 		out, err := yaml.WriteYamlBytes(gitInfo)
 		if err != nil {
-			return true, false, "", err
+			return true, false, nullVersion, err
 		}
 		if bytes.Equal(out, gif) {
-			return false, false, "", nil
+			return false, false, nullVersion, nil
 		} else {
-			return true, true, gitInfo.CheckedOutCommit, nil
+			newVersion := ChartVersion{
+				GitRef: &gitInfo.CheckedOutRef,
+			}
+			return true, true, newVersion, nil
 		}
 
 	}
 
-	return false, false, "", nil
+	return false, false, nullVersion, nil
 }
diff --git a/pkg/types/helm_chart.go b/pkg/types/helm_chart.go
index da856ccfd..7a015cf80 100644
--- a/pkg/types/helm_chart.go
+++ b/pkg/types/helm_chart.go
@@ -12,7 +12,7 @@ type HelmChartConfig2 struct {
 	Path              string      `json:"path,omitempty"`
 	CredentialsId     *string     `json:"credentialsId,omitempty"`
 	ChartName         string      `json:"chartName,omitempty"`
-	ChartVersion      string      `json:"chartVersion,omitempty"`
+	ChartVersion      *string     `json:"chartVersion,omitempty"`
 	UpdateConstraints *string     `json:"updateConstraints,omitempty"`
 	ReleaseName       string      `json:"releaseName" validate:"required"`
 	Namespace         *string     `json:"namespace,omitempty"`
@@ -39,7 +39,7 @@ func ValidateHelmChartConfig2(sl validator.StructLevel) {
 	} else if cnt > 1 {
 		sl.ReportError("self", "repo", "repo", "only one of repo, path and git can be specified", "")
 	} else if c.Repo != "" {
-		if c.ChartVersion == "" {
+		if c.ChartVersion == nil || *c.ChartVersion == "" {
 			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion must be specified when repo is specified", "")
 		}
 		if registry.IsOCI(c.Repo) {
@@ -55,12 +55,19 @@ func ValidateHelmChartConfig2(sl validator.StructLevel) {
 		if c.ChartName != "" {
 			sl.ReportError("self", "chartName", "chartName", "chartName can not be specified for local Helm charts", "")
 		}
-		if c.ChartVersion != "" {
+		if c.ChartVersion != nil {
 			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion can not be specified for local Helm charts", "")
 		}
 		if c.UpdateConstraints != nil {
 			sl.ReportError("self", "updateConstraints", "updateConstraints", "updateConstraints can not be specified for local Helm charts", "")
 		}
+	} else if c.Git != nil {
+		if c.ChartName != "" {
+			sl.ReportError("self", "chartName", "chartName", "chartName can not be specified for git Helm charts", "")
+		}
+		if c.ChartVersion != nil {
+			sl.ReportError("self", "chartVersion", "chartVersion", "chartVersion can not be specified for git Helm charts", "")
+		}
 	}
 }
 

From cb6d9717a9bfe293c8cccd9849833e313ebc3f45 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 17:20:08 +0200
Subject: [PATCH 2188/2268] tests: Implement git helm tests

---
 e2e/gitops_helm_test.go           |  11 +
 e2e/gitops_misc_test.go           |   2 +-
 e2e/gitops_oci_include_test.go    |   4 +-
 e2e/helm_test.go                  | 350 ++++++++++++++++++++----------
 e2e/oci_include_test.go           |   8 +-
 e2e/sops_test.go                  |  10 +-
 e2e/source_override_test.go       |   4 +-
 e2e/test-utils/helm_test_repo.go  |  61 +++++-
 e2e/test-utils/test_git_server.go |   6 +-
 e2e/test_project/project.go       |  55 ++---
 10 files changed, 341 insertions(+), 170 deletions(-)

diff --git a/e2e/gitops_helm_test.go b/e2e/gitops_helm_test.go
index b52ad9e67..567baf431 100644
--- a/e2e/gitops_helm_test.go
+++ b/e2e/gitops_helm_test.go
@@ -88,6 +88,17 @@ func (suite *GitOpsHelmSuite) testHelmPull(tc helmTestCase, prePull bool) {
 				Path:      tc.argCredsPath,
 				SecretRef: kluctlv1.LocalObjectReference{Name: name},
 			})
+		} else if tc.helmType == test_utils.TestHelmRepo_Git {
+			m := map[string]string{
+				"username": tc.argUsername,
+				"password": tc.argPassword,
+			}
+			name := suite.createGitopsSecret(m)
+			projectCreds.Git = append(projectCreds.Git, kluctlv1.ProjectCredentialsGit{
+				Host:      host,
+				Path:      tc.argCredsPath,
+				SecretRef: kluctlv1.LocalObjectReference{Name: name},
+			})
 		}
 	}
 
diff --git a/e2e/gitops_misc_test.go b/e2e/gitops_misc_test.go
index eb83044b4..0c6328e6d 100644
--- a/e2e/gitops_misc_test.go
+++ b/e2e/gitops_misc_test.go
@@ -63,7 +63,7 @@ func (suite *GitOpsMiscSuite) TestOciSourceWithPath() {
 		namespace: p.TestSlug(),
 	})
 
-	repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", "", "", false, false)
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", nil)
 	repo.Start(suite.T())
 
 	repoUrl := repo.URL.String() + "/org/repo"
diff --git a/e2e/gitops_oci_include_test.go b/e2e/gitops_oci_include_test.go
index f74f8be6d..2631c5bfd 100644
--- a/e2e/gitops_oci_include_test.go
+++ b/e2e/gitops_oci_include_test.go
@@ -32,7 +32,9 @@ func (suite *GitOpsOciIncludeSuite) TestGitOpsOciIncludeCredentials() {
 	ip3 := prepareIncludeProject(suite.T(), "include3", "", nil)
 
 	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
-		repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", user, pass, false, false)
+		repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", nil)
+		repo.HttpServer.Username = user
+		repo.HttpServer.Password = pass
 		repo.Start(suite.T())
 		return repo
 	}
diff --git a/e2e/helm_test.go b/e2e/helm_test.go
index de9e80f06..49add5530 100644
--- a/e2e/helm_test.go
+++ b/e2e/helm_test.go
@@ -12,7 +12,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"math/rand"
-	"net/url"
 	"os"
 	"path/filepath"
 	"sort"
@@ -45,6 +44,7 @@ type helmTestCase struct {
 var helmTests = []helmTestCase{
 	{name: "helm-no-creds"},
 	{name: "oci-no-creds", helmType: test_utils.TestHelmRepo_Oci},
+	{name: "git-no-creds", helmType: test_utils.TestHelmRepo_Git},
 
 	// tls tests
 	{
@@ -191,6 +191,40 @@ var helmTests = []helmTestCase{
 		name: "oci-creds-valid-path", helmType: test_utils.TestHelmRepo_Oci, testAuth: true,
 		argCredsHost: "<host>", argCredsPath: "test-chart1", argUsername: "test-user", argPassword: "secret-password",
 	},
+
+	// git creds
+	{
+		name: "git-creds-missing", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>-invalid", argUsername: "test-user", argPassword: "secret-password",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "authentication required",
+	},
+	{
+		name: "git-creds-invalid", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "invalid",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "authentication required",
+	},
+	{
+		name: "git-creds-valid", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>", argUsername: "test-user", argPassword: "secret-password",
+	},
+	{
+		name: "git-creds-missing-path", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "*/helm-repo2", argUsername: "test-user", argPassword: "secret-password",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "authentication required",
+	},
+	{
+		name: "git-creds-invalid-path", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "*/helm-repo", argUsername: "test-user", argPassword: "invalid",
+		expectedReadyError:   "prepare failed with 1 errors. Check status.lastPrepareError for details",
+		expectedPrepareError: "authentication required",
+	},
+	{
+		name: "git-creds-valid-path", helmType: test_utils.TestHelmRepo_Git, testAuth: true,
+		argCredsHost: "<host>", argCredsPath: "*/helm-repo", argUsername: "test-user", argPassword: "secret-password",
+	},
 }
 
 func newTmpFile(t *testing.T, b []byte) string {
@@ -259,6 +293,18 @@ func buildHelmTestExtraArgs(t *testing.T, tc helmTestCase, repo *test_utils.Test
 				ret = append(ret, fmt.Sprintf("--helm-key-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ClientKey)))
 			}
 		}
+	} else if tc.helmType == test_utils.TestHelmRepo_Git {
+		if tc.argCredsHost != "" {
+			r := strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host)
+			if tc.argCredsPath != "" {
+				r += "/" + tc.argCredsPath
+			}
+			ret = append(ret, fmt.Sprintf("--git-username=%s=%s", r, tc.argUsername))
+			ret = append(ret, fmt.Sprintf("--git-password=%s=%s", r, tc.argPassword))
+		}
+		if tc.argPassCA {
+			ret = append(ret, fmt.Sprintf("--git-ca-file=%s=%s", repo.URL.Host, newTmpFile(t, repo.HttpServer.ServerCAs)))
+		}
 	}
 	// add a fallback that enables plain_http in case we have no matching creds
 	if tc.helmType == test_utils.TestHelmRepo_Oci && !repo.HttpServer.TLSEnabled {
@@ -322,6 +368,19 @@ func buildHelmTestEnvVars(t *testing.T, tc helmTestCase, p *test_project.TestPro
 			setEnv("KLUCTL_HELM_CERT_FILE", newTmpFile(t, repo.HttpServer.ClientCert))
 			setEnv("KLUCTL_HELM_KEY_FILE", newTmpFile(t, repo.HttpServer.ClientKey))
 		}
+	} else if tc.helmType == test_utils.TestHelmRepo_Git {
+		if tc.argCredsHost != "" {
+			setEnv("KLUCTL_GIT_HOST", strings.ReplaceAll(tc.argCredsHost, "<host>", repo.URL.Host))
+		}
+		if tc.argCredsPath != "" {
+			setEnv("KLUCTL_GIT_PATH", tc.argCredsPath)
+		}
+		if tc.argUsername != "" {
+			setEnv("KLUCTL_GIT_USERNAME", tc.argUsername)
+		}
+		if tc.argPassword != "" {
+			setEnv("KLUCTL_GIT_PASSWORD", tc.argPassword)
+		}
 	}
 	// add a fallback that enables plain_http in case we have no matching creds
 	if tc.helmType == test_utils.TestHelmRepo_Oci && !repo.HttpServer.TLSEnabled {
@@ -364,18 +423,27 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 		password = "secret-password"
 	}
 
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+	}
+
 	var repo *test_utils.TestHelmRepo
 	if tc.helmType == test_utils.TestHelmRepo_Helm || tc.helmType == test_utils.TestHelmRepo_Oci {
-		repo = test_utils.NewHelmTestRepoHttp(tc.helmType, tc.path, user, password, tc.testTLS, tc.testTLSClientCert)
+		repo = test_utils.NewHelmTestRepo(tc.helmType, tc.path, charts)
+		repo.HttpServer.Username = user
+		repo.HttpServer.Password = password
+		repo.HttpServer.TLSEnabled = tc.testTLS
+		repo.HttpServer.TLSClientCertEnabled = tc.testTLSClientCert
+		repo.HttpServer.NoLoopbackProxyEnabled = true
+	} else if tc.helmType == test_utils.TestHelmRepo_Git {
+		repo = test_utils.NewHelmTestRepoGit(t, tc.path, charts, user, password)
 	}
-	repo.Charts = append(repo.Charts,
-		test_utils.RepoChart{ChartName: "test-chart1", Version: "0.1.0"},
-	)
+
 	repo.Start(t)
 
 	extraArgs := buildHelmTestExtraArgs(t, tc, repo)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	if tc.testAuth {
 		if tc.credsId != "" {
@@ -397,7 +465,7 @@ func prepareHelmTestCase(t *testing.T, k *test_utils.EnvTestCluster, tc helmTest
 			return p, repo, err
 		} else {
 			assert.NoError(t, err)
-			assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
+			assert.FileExists(t, getChartFile(t, p, repo, "test-chart1", "0.1.0"))
 
 			p.GitServer().CommitFiles(p.GitRepoName(), []string{filepath.Join(gitSubDir, ".helm-charts")}, true, "helm-pull")
 		}
@@ -471,6 +539,9 @@ func testHelmPull(t *testing.T, tc helmTestCase, prePull bool, credsViaEnv bool,
 
 	_, stderr, err := p.Kluctl(t, args...)
 	pullMessage := "Pulling Helm Chart test-chart1 with version 0.1.0"
+	if tc.helmType == test_utils.TestHelmRepo_Git {
+		pullMessage = "Pulling Helm Chart test-chart1 with version refs/tags/0.1.0"
+	}
 	if prePull {
 		assert.NotContains(t, stderr, pullMessage)
 	} else {
@@ -542,32 +613,41 @@ func testHelmManualUpgrade(t *testing.T, helmType test_utils.TestHelmRepoType) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Type: helmType,
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart1", Version: "0.2.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
+	}
+
+	var repo *test_utils.TestHelmRepo
+	switch helmType {
+	case test_utils.TestHelmRepo_Helm, test_utils.TestHelmRepo_Oci:
+		repo = test_utils.NewHelmTestRepo(helmType, "", charts)
+	case test_utils.TestHelmRepo_Git:
+		repo = test_utils.NewHelmTestRepoGit(t, "", charts, "", "")
 	}
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust(t, "helm-pull")
-	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo, "test-chart1", "0.1.0"))
 	p.KluctlMust(t, "deploy", "--yes")
 	cm := assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ := cm.GetNestedString("data", "version")
 	assert.Equal(t, "0.1.0", v)
 
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
-		_ = o.SetNestedField("0.2.0", "helmChart", "chartVersion")
+		if helmType == test_utils.TestHelmRepo_Git {
+			_ = o.SetNestedField("0.2.0", "helmChart", "git", "ref", "tag")
+		} else {
+			_ = o.SetNestedField("0.2.0", "helmChart", "chartVersion")
+		}
 		return nil
 	}, "")
 
 	p.KluctlMust(t, "helm-pull")
-	assert.NoFileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
-	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.2.0"))
+	assert.NoFileExists(t, getChartFile(t, p, repo, "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo, "test-chart1", "0.2.0"))
 	p.KluctlMust(t, "deploy", "--yes")
 	cm = assertConfigMapExists(t, k, p.TestSlug(), "test-helm1-test-chart1")
 	v, _, _ = cm.GetNestedString("data", "version")
@@ -582,6 +662,10 @@ func TestHelmManualUpgradeOci(t *testing.T) {
 	testHelmManualUpgrade(t, test_utils.TestHelmRepo_Oci)
 }
 
+func TestHelmManualUpgradeGit(t *testing.T) {
+	testHelmManualUpgrade(t, test_utils.TestHelmRepo_Git)
+}
+
 func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade bool, commit bool) {
 	t.Parallel()
 
@@ -591,20 +675,29 @@ func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Type: helmType,
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart1", Version: "0.2.0"},
-			{ChartName: "test-chart2", Version: "0.1.0"},
-			{ChartName: "test-chart2", Version: "0.3.0"},
-		},
+	charts1 := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
 	}
-	repo.Start(t)
+	charts2 := []test_utils.RepoChart{
+		{ChartName: "test-chart2", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.3.0"},
+	}
+	var repo1, repo2 *test_utils.TestHelmRepo
+	switch helmType {
+	case test_utils.TestHelmRepo_Helm, test_utils.TestHelmRepo_Oci:
+		repo1 = test_utils.NewHelmTestRepo(helmType, "", charts1)
+		repo2 = test_utils.NewHelmTestRepo(helmType, "", charts2)
+	case test_utils.TestHelmRepo_Git:
+		repo1 = test_utils.NewHelmTestRepoGit(t, "", charts1, "", "")
+		repo2 = test_utils.NewHelmTestRepoGit(t, "", charts2, "", "")
+	}
+	repo1.Start(t)
+	repo2.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo1, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo2, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo1, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm3/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipUpdate")
@@ -612,8 +705,8 @@ func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade
 	}, "")
 
 	p.KluctlMust(t, "helm-pull")
-	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart1", "0.1.0"))
-	assert.FileExists(t, getChartFile(t, p, repo.URL.String(), "test-chart2", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo1, "test-chart1", "0.1.0"))
+	assert.FileExists(t, getChartFile(t, p, repo2, "test-chart2", "0.1.0"))
 
 	if commit {
 		wt, _ := p.GetGitRepo().Worktree()
@@ -629,22 +722,27 @@ func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade
 		args = append(args, "--commit")
 	}
 
+	versionPrefix := ""
+	if helmType == test_utils.TestHelmRepo_Git {
+		versionPrefix = "refs/tags/"
+	}
+
 	_, stderr := p.KluctlMust(t, args...)
-	assert.Contains(t, stderr, "helm1: Chart test-chart1 (old version 0.1.0) has new version 0.2.0 available")
-	assert.Contains(t, stderr, "helm2: Chart test-chart2 (old version 0.1.0) has new version 0.3.0 available")
-	assert.Contains(t, stderr, "helm3: Skipped update to version 0.2.0")
+	assert.Contains(t, stderr, fmt.Sprintf("helm1: Chart test-chart1 (old version %s0.1.0) has new version %s0.2.0 available", versionPrefix, versionPrefix))
+	assert.Contains(t, stderr, fmt.Sprintf("helm2: Chart test-chart2 (old version %s0.1.0) has new version %s0.3.0 available", versionPrefix, versionPrefix))
+	assert.Contains(t, stderr, fmt.Sprintf("helm3: Skipped update to version %s0.2.0", versionPrefix))
 
 	if upgrade {
-		assert.Contains(t, stderr, "Upgrading Chart test-chart1 from version 0.1.0 to 0.2.0")
-		assert.Contains(t, stderr, "Upgrading Chart test-chart2 from version 0.1.0 to 0.3.0")
+		assert.Contains(t, stderr, fmt.Sprintf("Upgrading Chart test-chart1 from version %s0.1.0 to %s0.2.0", versionPrefix, versionPrefix))
+		assert.Contains(t, stderr, fmt.Sprintf("Upgrading Chart test-chart2 from version %s0.1.0 to %s0.3.0", versionPrefix, versionPrefix))
 	}
 	if commit {
-		assert.Contains(t, stderr, "Committed helm chart test-chart1 with version 0.2.0")
-		assert.Contains(t, stderr, "Committed helm chart test-chart2 with version 0.3.0")
+		assert.Contains(t, stderr, fmt.Sprintf("Committed helm chart test-chart1 with version %s0.2.0", versionPrefix))
+		assert.Contains(t, stderr, fmt.Sprintf("Committed helm chart test-chart2 with version %s0.3.0", versionPrefix))
 	}
 
-	pulledVersions1 := listChartVersions(t, p, repo.URL.String(), "test-chart1")
-	pulledVersions2 := listChartVersions(t, p, repo.URL.String(), "test-chart2")
+	pulledVersions1 := listChartVersions(t, p, repo1, "test-chart1")
+	pulledVersions2 := listChartVersions(t, p, repo2, "test-chart2")
 
 	if upgrade {
 		assert.Equal(t, []string{"0.1.0", "0.2.0"}, pulledVersions1)
@@ -671,8 +769,8 @@ func testHelmUpdate(t *testing.T, helmType test_utils.TestHelmRepoType, upgrade
 			return commitList[i].Message < commitList[j].Message
 		})
 
-		assert.Equal(t, "Updated helm chart test-chart1 from version 0.1.0 to version 0.2.0", commitList[0].Message)
-		assert.Equal(t, "Updated helm chart test-chart2 from version 0.1.0 to version 0.3.0", commitList[1].Message)
+		assert.Equal(t, fmt.Sprintf("Updated helm chart test-chart1 from version %s0.1.0 to version %s0.2.0", versionPrefix, versionPrefix), commitList[0].Message)
+		assert.Equal(t, fmt.Sprintf("Updated helm chart test-chart2 from version %s0.1.0 to version %s0.3.0", versionPrefix, versionPrefix), commitList[1].Message)
 	}
 }
 
@@ -684,6 +782,10 @@ func TestHelmUpdateOci(t *testing.T) {
 	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, false, false)
 }
 
+func TestHelmUpdateGit(t *testing.T) {
+	testHelmUpdate(t, test_utils.TestHelmRepo_Git, false, false)
+}
+
 func TestHelmUpdateAndUpgrade(t *testing.T) {
 	testHelmUpdate(t, test_utils.TestHelmRepo_Helm, true, false)
 }
@@ -692,6 +794,10 @@ func TestHelmUpdateAndUpgradeOci(t *testing.T) {
 	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, true, false)
 }
 
+func TestHelmUpdateAndUpgradeGit(t *testing.T) {
+	testHelmUpdate(t, test_utils.TestHelmRepo_Git, true, false)
+}
+
 func TestHelmUpdateAndUpgradeAndCommit(t *testing.T) {
 	testHelmUpdate(t, test_utils.TestHelmRepo_Helm, true, true)
 }
@@ -700,6 +806,10 @@ func TestHelmUpdateAndUpgradeAndCommitOci(t *testing.T) {
 	testHelmUpdate(t, test_utils.TestHelmRepo_Oci, true, true)
 }
 
+func TestHelmUpdateAndUpgradeAndCommitGit(t *testing.T) {
+	testHelmUpdate(t, test_utils.TestHelmRepo_Git, true, true)
+}
+
 func testHelmUpdateConstraints(t *testing.T, helmType test_utils.TestHelmRepoType) {
 	t.Parallel()
 
@@ -709,22 +819,20 @@ func testHelmUpdateConstraints(t *testing.T, helmType test_utils.TestHelmRepoTyp
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Type: helmType,
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart1", Version: "0.1.1"},
-			{ChartName: "test-chart1", Version: "0.2.0"},
-			{ChartName: "test-chart1", Version: "1.1.0"},
-			{ChartName: "test-chart1", Version: "1.1.1"},
-			{ChartName: "test-chart1", Version: "1.2.1"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.1.1"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
+		{ChartName: "test-chart1", Version: "1.1.0"},
+		{ChartName: "test-chart1", Version: "1.1.1"},
+		{ChartName: "test-chart1", Version: "1.2.1"},
 	}
+	repo := test_utils.NewHelmTestRepo(helmType, "", charts)
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo, "test-chart1", "0.1.0", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField("~0.1.0", "helmChart", "updateConstraints")
@@ -775,12 +883,11 @@ func TestHelmValues(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart2", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
 	values1 := map[string]any{
@@ -802,9 +909,9 @@ func TestHelmValues(t *testing.T) {
 		},
 	}
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
-	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
-	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	p.AddHelmDeployment("helm2", repo, "test-chart2", "0.1.0", "test-helm2", p.TestSlug(), values2)
+	p.AddHelmDeployment("helm3", repo, "test-chart1", "0.1.0", "test-helm3", p.TestSlug(), values3)
 
 	p.KluctlMust(t, "helm-pull")
 	p.KluctlMust(t, "deploy", "--yes", "-aa=a", "-ab=b")
@@ -844,18 +951,17 @@ func TestHelmTemplateChartYaml(t *testing.T) {
 	createNamespace(t, k, p.TestSlug()+"-a")
 	createNamespace(t, k, p.TestSlug()+"-b")
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart2", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart2", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm3", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
-	p.AddHelmDeployment("helm4", repo.URL.String(), "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm-{{ args.a }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo, "test-chart2", "0.1.0", "test-helm-{{ args.b }}", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm3", repo, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.a }}", nil)
+	p.AddHelmDeployment("helm4", repo, "test-chart1", "0.1.0", "test-helm-ns", p.TestSlug()+"-{{ args.b }}", nil)
 
 	p.KluctlMust(t, "helm-pull")
 	p.KluctlMust(t, "deploy", "--yes", "-aa=a", "-ab=b")
@@ -875,14 +981,13 @@ func TestHelmRenderOfflineKubernetes(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
@@ -918,8 +1023,8 @@ func TestHelmLocalChart(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	p.AddHelmDeployment("helm1", "../test-chart1", "", "", "test-helm-1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", "test-chart2", "", "", "test-helm-2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", test_utils.NewHelmTestRepoLocal("../test-chart1"), "", "", "test-helm-1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", test_utils.NewHelmTestRepoLocal("test-chart2"), "", "", "test-helm-2", p.TestSlug(), nil)
 
 	test_utils.CreateHelmDir(t, "test-chart1", "0.1.0", filepath.Join(p.LocalProjectDir(), "test-chart1"))
 	test_utils.CreateHelmDir(t, "test-chart2", "0.1.0", filepath.Join(p.LocalProjectDir(), "helm2/test-chart2"))
@@ -942,17 +1047,16 @@ func TestHelmSkipPrePull(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-			{ChartName: "test-chart1", Version: "0.1.1"},
-			{ChartName: "test-chart1", Version: "0.2.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
+		{ChartName: "test-chart1", Version: "0.1.1"},
+		{ChartName: "test-chart1", Version: "0.2.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
-	p.AddHelmDeployment("helm2", repo.URL.String(), "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm2", repo, "test-chart1", "0.1.1", "test-helm2", p.TestSlug(), nil)
 
 	p.UpdateYaml("helm2/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
@@ -960,7 +1064,6 @@ func TestHelmSkipPrePull(t *testing.T) {
 	}, "")
 
 	args := []string{"helm-pull"}
-
 	_, stderr := p.KluctlMust(t, args...)
 	assert.Contains(t, stderr, "Pulling Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
@@ -972,7 +1075,7 @@ func TestHelmSkipPrePull(t *testing.T) {
 		return nil
 	}, "")
 	_, stderr = p.KluctlMust(t, args...)
-	assert.Contains(t, stderr, "Removing unused Chart with version or ref 0.1.0")
+	assert.Contains(t, stderr, "Removing unused Chart with version 0.1.0")
 	assert.NotContains(t, stderr, "version 0.1.1")
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.0", repo.URL.Port())))
 	assert.NoDirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.1.1", repo.URL.Port())))
@@ -1018,35 +1121,50 @@ func TestHelmSkipPrePull(t *testing.T) {
 	assert.DirExists(t, filepath.Join(p.LocalProjectDir(), fmt.Sprintf(".helm-charts/http_%s_127.0.0.1/test-chart1/0.2.0", repo.URL.Port())))
 }
 
-func getChartDir(t *testing.T, p *test_project.TestProject, url2 string, chartName string, chartVersion string) string {
-	u, err := url.Parse(url2)
-	if err != nil {
-		t.Fatal(err)
-	}
+func getChartDir(t *testing.T, p *test_project.TestProject, repo *test_utils.TestHelmRepo, chartName string, chartVersion string) string {
 	var dir string
-	if u.Scheme == "oci" {
-		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), chartName)
-	} else {
-		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", u.Scheme, u.Port(), u.Hostname()), u.Path, chartName)
+
+	switch repo.Type {
+	case test_utils.TestHelmRepo_Helm:
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", repo.URL.Scheme, repo.URL.Port(), repo.URL.Hostname()), repo.URL.Path, chartName)
+	case test_utils.TestHelmRepo_Oci:
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("%s_%s_%s", repo.URL.Scheme, repo.URL.Port(), repo.URL.Hostname()), chartName)
+	case test_utils.TestHelmRepo_Git:
+		dir = filepath.Join(p.LocalProjectDir(), ".helm-charts", fmt.Sprintf("git_%s_%s_%s", repo.URL.Scheme, repo.URL.Port(), repo.URL.Hostname()), repo.URL.Path, chartName)
 	}
+
 	if chartVersion != "" {
+		if repo.Type == test_utils.TestHelmRepo_Git {
+			dir = filepath.Join(dir, "refs", "tags")
+		}
 		dir = filepath.Join(dir, chartVersion)
 	}
 	return dir
 }
 
-func getChartFile(t *testing.T, p *test_project.TestProject, url2 string, chartName string, chartVersion string) string {
-	return filepath.Join(getChartDir(t, p, url2, chartName, chartVersion), "Chart.yaml")
+func getChartFile(t *testing.T, p *test_project.TestProject, repo *test_utils.TestHelmRepo, chartName string, chartVersion string) string {
+	return filepath.Join(getChartDir(t, p, repo, chartName, chartVersion), "Chart.yaml")
 }
 
-func listChartVersions(t *testing.T, p *test_project.TestProject, url2 string, chartName string) []string {
-	des, err := os.ReadDir(getChartDir(t, p, url2, chartName, ""))
-	assert.NoError(t, err)
-
+func listChartVersions(t *testing.T, p *test_project.TestProject, repo *test_utils.TestHelmRepo, chartName string) []string {
 	var versions []string
-	for _, de := range des {
-		versions = append(versions, de.Name())
+	if repo.Type == test_utils.TestHelmRepo_Git {
+		dir := filepath.Join(getChartDir(t, p, repo, chartName, ""), "refs", "tags")
+		des, err := os.ReadDir(dir)
+		assert.NoError(t, err)
+
+		for _, de := range des {
+			versions = append(versions, de.Name())
+		}
+	} else {
+		des, err := os.ReadDir(getChartDir(t, p, repo, chartName, ""))
+		assert.NoError(t, err)
+
+		for _, de := range des {
+			versions = append(versions, de.Name())
+		}
 	}
+
 	sort.Strings(versions)
 	return versions
 }
@@ -1072,11 +1190,10 @@ func TestHelmLookup(t *testing.T) {
 	err := k.Client.Create(context.Background(), &lookupCm)
 	assert.NoError(t, err)
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
 	values1 := map[string]any{
@@ -1085,7 +1202,7 @@ func TestHelmLookup(t *testing.T) {
 		"lookupName":      lookupCm.Name,
 	}
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1)
 
 	p.KluctlMust(t, "helm-pull")
 	p.KluctlMust(t, "deploy", "--yes")
@@ -1114,14 +1231,13 @@ func TestHelmWithTarget(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Helm, "", charts)
 	repo.Start(t)
 
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), nil)
 
 	p.KluctlMust(t, "helm-pull")
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
diff --git a/e2e/oci_include_test.go b/e2e/oci_include_test.go
index a5d6ea408..0b738e02d 100644
--- a/e2e/oci_include_test.go
+++ b/e2e/oci_include_test.go
@@ -22,9 +22,7 @@ func TestOciIncludeMultipleRepos(t *testing.T) {
 	ip1 := prepareIncludeProject(t, "include1", "", nil)
 	ip2 := prepareIncludeProject(t, "include2", "subDir", nil)
 
-	repo := &test_utils.TestHelmRepo{
-		Type: test_utils.TestHelmRepo_Oci,
-	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", nil)
 	repo.Start(t)
 
 	repo1 := repo.URL.String() + "/org1/repo1"
@@ -64,7 +62,9 @@ func TestOciIncludeWithCreds(t *testing.T) {
 	ip3 := prepareIncludeProject(t, "include3", "", nil)
 
 	createRepo := func(user, pass string) *test_utils.TestHelmRepo {
-		repo := test_utils.NewHelmTestRepoHttp(test_utils.TestHelmRepo_Oci, "", user, pass, false, false)
+		repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", nil)
+		repo.HttpServer.Username = user
+		repo.HttpServer.Password = pass
 		repo.Start(t)
 		return repo
 	}
diff --git a/e2e/sops_test.go b/e2e/sops_test.go
index c19626ebd..7855d0636 100644
--- a/e2e/sops_test.go
+++ b/e2e/sops_test.go
@@ -98,11 +98,11 @@ func TestSopsHelmValues(t *testing.T) {
 
 	createNamespace(t, k, p.TestSlug())
 
-	repo := &test_utils.TestHelmRepo{
-		Charts: []test_utils.RepoChart{
-			{ChartName: "test-chart1", Version: "0.1.0"},
-		},
+	charts := []test_utils.RepoChart{
+		{ChartName: "test-chart1", Version: "0.1.0"},
 	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", charts)
+
 	repo.Start(t)
 
 	valuesBytes, err := sops_test_resources.TestResources.ReadFile("helm-values.yaml")
@@ -111,7 +111,7 @@ func TestSopsHelmValues(t *testing.T) {
 	assert.NoError(t, err)
 
 	p.UpdateTarget("test", nil)
-	p.AddHelmDeployment("helm1", repo.URL.String(), "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
+	p.AddHelmDeployment("helm1", repo, "test-chart1", "0.1.0", "test-helm1", p.TestSlug(), values1.Object)
 	p.UpdateYaml("helm1/helm-chart.yaml", func(o *uo.UnstructuredObject) error {
 		_ = o.SetNestedField(true, "helmChart", "skipPrePull")
 		return nil
diff --git a/e2e/source_override_test.go b/e2e/source_override_test.go
index bbc1f8fd7..a1171fd5c 100644
--- a/e2e/source_override_test.go
+++ b/e2e/source_override_test.go
@@ -36,9 +36,7 @@ func prepareLocalSourceOverrideTest(t *testing.T, k *test_utils.EnvTestCluster,
 
 	p.UpdateTarget("test", func(target *uo.UnstructuredObject) {})
 
-	repo := &test_utils.TestHelmRepo{
-		Type: test_utils.TestHelmRepo_Oci,
-	}
+	repo := test_utils.NewHelmTestRepo(test_utils.TestHelmRepo_Oci, "", nil)
 	if oci {
 		repo.Start(t)
 	}
diff --git a/e2e/test-utils/helm_test_repo.go b/e2e/test-utils/helm_test_repo.go
index f092690e7..0f71e9562 100644
--- a/e2e/test-utils/helm_test_repo.go
+++ b/e2e/test-utils/helm_test_repo.go
@@ -1,7 +1,10 @@
 package test_utils
 
 import (
+	"fmt"
+	"github.com/go-git/go-git/v5"
 	"github.com/google/go-containerregistry/pkg/registry"
+	"github.com/kluctl/kluctl/lib/git/types"
 	cp "github.com/otiai10/copy"
 	"helm.sh/helm/v3/pkg/cli"
 	"helm.sh/helm/v3/pkg/pusher"
@@ -22,10 +25,12 @@ const (
 	TestHelmRepo_Helm TestHelmRepoType = iota
 	TestHelmRepo_Oci
 	TestHelmRepo_Git
+	TestHelmRepo_Local
 )
 
 type TestHelmRepo struct {
 	HttpServer TestHttpServer
+	GitServer  *TestGitServer
 
 	Type TestHelmRepoType
 
@@ -40,25 +45,35 @@ type RepoChart struct {
 	Version   string
 }
 
-func NewHelmTestRepoHttp(helmType TestHelmRepoType, path string, username string, password string, tlsEnabled bool, tlsClientCertEnabled bool) *TestHelmRepo {
+func NewHelmTestRepo(helmType TestHelmRepoType, path string, charts []RepoChart) *TestHelmRepo {
 	return &TestHelmRepo{
-		HttpServer: TestHttpServer{
-			Username:               username,
-			Password:               password,
-			NoLoopbackProxyEnabled: true,
-			TLSEnabled:             tlsEnabled,
-			TLSClientCertEnabled:   tlsClientCertEnabled,
-		},
-		Type: helmType,
+		Type:   helmType,
+		Path:   path,
+		Charts: charts,
+	}
+}
+
+func NewHelmTestRepoGit(t *testing.T, path string, charts []RepoChart, username string, password string) *TestHelmRepo {
+	r := NewHelmTestRepo(TestHelmRepo_Git, path, charts)
+	r.GitServer = NewTestGitServer(t, WithTestGitServerAuth(username, password))
+	return r
+}
+
+func NewHelmTestRepoLocal(path string) *TestHelmRepo {
+	return &TestHelmRepo{
+		Type: TestHelmRepo_Local,
 		Path: path,
 	}
 }
 
 func (s *TestHelmRepo) Start(t *testing.T) {
-	if s.Type == TestHelmRepo_Oci {
-		s.startOciRepo(t)
-	} else {
+	switch s.Type {
+	case TestHelmRepo_Helm:
 		s.startHelmRepo(t)
+	case TestHelmRepo_Oci:
+		s.startOciRepo(t)
+	case TestHelmRepo_Git:
+		s.startGitRepo(t)
 	}
 }
 
@@ -161,3 +176,25 @@ func (s *TestHelmRepo) startOciRepo(t *testing.T) {
 		registryClient.Logout(s.URL.Host)
 	}
 }
+
+func (s *TestHelmRepo) startGitRepo(t *testing.T) {
+	s.GitServer.GitInit("helm-repo")
+
+	for _, c := range s.Charts {
+		dir := s.GitServer.LocalWorkDir("helm-repo")
+		dir = filepath.Join(dir, s.Path, c.ChartName)
+		_ = os.MkdirAll(dir, 0700)
+		CreateHelmDir(t, c.ChartName, c.Version, dir)
+		msg := fmt.Sprintf("chart %s version %s", c.ChartName, c.Version)
+		hash := s.GitServer.CommitFiles("helm-repo", []string{c.ChartName}, false, msg)
+		_, err := s.GitServer.GetGitRepo("helm-repo").CreateTag(c.Version, hash, &git.CreateTagOptions{
+			Message: msg,
+		})
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	u := types.ParseGitUrlMust(s.GitServer.GitRepoUrl("helm-repo"))
+	s.URL = u.URL
+}
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index e99fd6c09..8a9297eff 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	config2 "github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/huandu/xstrings"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils/http-server"
 	port_tool "github.com/kluctl/kluctl/v2/e2e/test-utils/port-tool"
@@ -195,7 +196,7 @@ func (p *TestGitServer) GitInit(repo string) {
 	}
 }
 
-func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message string) {
+func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message string) plumbing.Hash {
 	r, err := git.PlainOpen(p.LocalWorkDir(repo))
 	if err != nil {
 		p.t.Fatal(err)
@@ -210,12 +211,13 @@ func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message
 			p.t.Fatal(err)
 		}
 	}
-	_, err = wt.Commit(message, &git.CommitOptions{
+	hash, err := wt.Commit(message, &git.CommitOptions{
 		All: all,
 	})
 	if err != nil {
 		p.t.Fatal(err)
 	}
+	return hash
 }
 
 func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o map[string]any) {
diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index ad7c33e5f..2b7c90963 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -8,13 +8,11 @@ import (
 	"github.com/jinzhu/copier"
 	gittypes "github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/yaml"
-	git2 "github.com/kluctl/kluctl/v2/e2e/test-utils"
+	test_utils "github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	cp "github.com/otiai10/copy"
-	registry2 "helm.sh/helm/v3/pkg/registry"
-	"net/url"
 	"os"
 	"os/exec"
 	"path"
@@ -36,7 +34,7 @@ type TestProject struct {
 	skipProjectDirArg bool
 	bare              bool
 
-	gitServer   *git2.TestGitServer
+	gitServer   *test_utils.TestGitServer
 	gitRepoName string
 	gitSubDir   string
 }
@@ -61,7 +59,7 @@ func WithUseProcess(useProcess bool) TestProjectOption {
 	}
 }
 
-func WithGitServer(s *git2.TestGitServer) TestProjectOption {
+func WithGitServer(s *test_utils.TestGitServer) TestProjectOption {
 	return func(p *TestProject) {
 		p.gitServer = s
 	}
@@ -109,7 +107,7 @@ func NewTestProject(t *testing.T, opts ...TestProjectOption) *TestProject {
 	}
 
 	if p.gitServer == nil {
-		p.gitServer = git2.NewTestGitServer(t)
+		p.gitServer = test_utils.NewTestGitServer(t)
 	}
 	if !utils.IsDirectory(p.gitServer.LocalWorkDir(p.gitRepoName)) {
 		p.gitServer.GitInit(p.gitRepoName)
@@ -135,7 +133,7 @@ func (p *TestProject) IsUseProcess() bool {
 	return p.useProcess
 }
 
-func (p *TestProject) GitServer() *git2.TestGitServer {
+func (p *TestProject) GitServer() *test_utils.TestGitServer {
 	return p.gitServer
 }
 
@@ -358,14 +356,30 @@ func (p *TestProject) AddKustomizeDeployment(dir string, resources []KustomizeRe
 	})
 }
 
-func (p *TestProject) AddHelmDeployment(dir string, repoUrl string, chartName, version string, releaseName string, namespace string, values map[string]any) {
-	localPath := ""
-	if u, err := url.Parse(repoUrl); err != nil || u.Host == "" {
-		localPath = repoUrl
-		repoUrl = ""
-	} else if registry2.IsOCI(repoUrl) {
-		repoUrl += "/" + chartName
-		chartName = ""
+func (p *TestProject) AddHelmDeployment(dir string, repo *test_utils.TestHelmRepo, chartName, version string, releaseName string, namespace string, values map[string]any) {
+	helmChartDef := map[string]any{
+		"releaseName": releaseName,
+		"namespace":   namespace,
+	}
+
+	switch repo.Type {
+	case test_utils.TestHelmRepo_Helm:
+		helmChartDef["repo"] = repo.URL.String()
+		helmChartDef["chartName"] = chartName
+		helmChartDef["chartVersion"] = version
+	case test_utils.TestHelmRepo_Oci:
+		helmChartDef["repo"] = repo.URL.String() + "/" + chartName
+		helmChartDef["chartVersion"] = version
+	case test_utils.TestHelmRepo_Local:
+		helmChartDef["path"] = repo.Path
+	case test_utils.TestHelmRepo_Git:
+		helmChartDef["git"] = map[string]any{
+			"url": repo.URL.String(),
+			"ref": map[string]any{
+				"tag": version,
+			},
+			"subDir": chartName,
+		}
 	}
 
 	p.AddKustomizeDeployment(dir, []KustomizeResource{
@@ -374,17 +388,8 @@ func (p *TestProject) AddHelmDeployment(dir string, repoUrl string, chartName, v
 
 	p.UpdateYaml(filepath.Join(dir, "helm-chart.yaml"), func(o *uo.UnstructuredObject) error {
 		*o = *uo.FromMap(map[string]interface{}{
-			"helmChart": map[string]any{
-				"repo":         repoUrl,
-				"path":         localPath,
-				"chartVersion": version,
-				"releaseName":  releaseName,
-				"namespace":    namespace,
-			},
+			"helmChart": helmChartDef,
 		})
-		if chartName != "" {
-			_ = o.SetNestedField(chartName, "helmChart", "chartName")
-		}
 		return nil
 	}, "")
 

From f525a68620969e56629d85f50f7a8b0b5a839ded Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 2 Oct 2024 17:27:30 +0200
Subject: [PATCH 2189/2268] chore: Update docs and run make generate

---
 docs/kluctl/commands/common-arguments.md | 23 +++++++++++++++++++++++
 pkg/types/zz_generated.deepcopy.go       |  5 +++++
 2 files changed, 28 insertions(+)

diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index 85340577c..92e13ef7e 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -151,6 +151,29 @@ Command Results:
 ```
 <!-- END SECTION -->
 
+## Git arguments
+
+These arguments mainly control authentication to Git repositories.
+
+<!-- BEGIN SECTION "deploy" "Git arguments" true -->
+```
+Git arguments:
+  Configure Git authentication.
+
+      --git-ca-file stringArray                Specify CA bundle to use for https verification. Must be in the
+                                               form --git-ca-file=<registry>/<repo>=<filePath>.
+      --git-password stringArray               Specify password to use for Git basic authentication. Must be in
+                                               the form --git-password=<host>/<path>=<password>.
+      --git-ssh-key-file stringArray           Specify SSH key to use for Git authentication. Must be in the form
+                                               --git-ssh-key-file=<host>/<path>=<filePath>.
+      --git-ssh-known-hosts-file stringArray   Specify known_hosts file to use for Git authentication. Must be in
+                                               the form --git-ssh-known-hosts-file=<host>/<path>=<filePath>.
+      --git-username stringArray               Specify username to use for Git basic authentication. Must be in
+                                               the form --git-username=<host>/<path>=<username>.
+
+```
+<!-- END SECTION -->
+
 ## Helm arguments
 
 These arguments mainly control authentication to Helm repositories.
diff --git a/pkg/types/zz_generated.deepcopy.go b/pkg/types/zz_generated.deepcopy.go
index 4a9fab3fd..0ccf3ceca 100644
--- a/pkg/types/zz_generated.deepcopy.go
+++ b/pkg/types/zz_generated.deepcopy.go
@@ -492,6 +492,11 @@ func (in *HelmChartConfig2) DeepCopyInto(out *HelmChartConfig2) {
 		*out = new(string)
 		**out = **in
 	}
+	if in.ChartVersion != nil {
+		in, out := &in.ChartVersion, &out.ChartVersion
+		*out = new(string)
+		**out = **in
+	}
 	if in.UpdateConstraints != nil {
 		in, out := &in.UpdateConstraints, &out.UpdateConstraints
 		*out = new(string)

From 9f911409ea764c16583b96af048256eb2a66f04f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 17:28:06 +0200
Subject: [PATCH 2190/2268] chore(deps): Bump the aws-sdk group across 1
 directory with 6 updates (#1188)

Bumps the aws-sdk group with 4 updates in the / directory: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.29.0 to 1.31.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.29.0...v1.31.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.20 to 1.27.39
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.20...config/v1.27.39)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.20 to 1.17.37
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.20...credentials/v1.17.37)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.29.0 to 1.35.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/iot/v1.35.3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.29.0...service/iot/v1.35.3)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.31.0 to 1.33.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.31.0...service/fms/v1.33.3)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.29.0 to 1.31.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.29.0...service/s3/v1.31.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 30 ++++++++++++++---------------
 go.sum | 60 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/go.mod b/go.mod
index c23fb3d52..c9880cfc4 100644
--- a/go.mod
+++ b/go.mod
@@ -13,13 +13,13 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/aws/aws-sdk-go-v2 v1.29.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.20
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0
-	github.com/aws/smithy-go v1.20.2
+	github.com/aws/aws-sdk-go-v2 v1.31.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.39
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.37
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.3
+	github.com/aws/smithy-go v1.21.0
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.2.5
 	github.com/dimchansky/utfbom v1.1.1
@@ -119,15 +119,15 @@ require (
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
diff --git a/go.sum b/go.sum
index aa9b4db8a..990e952e7 100644
--- a/go.sum
+++ b/go.sum
@@ -81,38 +81,38 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.29.0 h1:uMlEecEwgp2gs6CsM6ugquNHr6mg0LHylPBR8u5Ojac=
-github.com/aws/aws-sdk-go-v2 v1.29.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.20 h1:oQSn/KNUMV54X0FBEDQQ2ymNfcKyMT81ar8gyvMzzqs=
-github.com/aws/aws-sdk-go-v2/config v1.27.20/go.mod h1:IbEMotJrWc3Bh7++HXZDlviHZP7kHrkHU3PNl9e17po=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20 h1:VYTCplAeOeBv5InTtrmF61OIwD4aHKryg3KZ6hf7dsI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20/go.mod h1:ktubcFYvbN8++72jVM9IJoQH6Q2TP+Z7r2VbV1AaESU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 h1:54QUEXjkE1SlxHmRA3gBXA52j/ZSAgdOfAFGv1NsPCY=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7/go.mod h1:bQRjJsdSMzmo/qbtGeBtPbIMp1IgQ+9R9jYJLm12uJA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 h1:ltkhl3I9ddcRR3Dsy+7bOFFq546O8OYsfNEXVIyuOSE=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11/go.mod h1:H4D8JoCFNJwnT7U5U8iwgG24n71Fx2I/ZP/18eYFr9g=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80z/yZIJX+e0jnNxjMLVyfpSXM0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0 h1:5eON4rBQMHFTX7thxv4EQpRrombmiMsv3+wCEPewk+c=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.29.0/go.mod h1:2BLsspQpxT8gg3dM6G5CZGXhrE/EpX8PeL2lsZ0zDKc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
+github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
+github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
+github.com/aws/aws-sdk-go-v2/config v1.27.39 h1:FCylu78eTGzW1ynHcongXK9YHtoXD5AiiUqq3YfJYjU=
+github.com/aws/aws-sdk-go-v2/config v1.27.39/go.mod h1:wczj2hbyskP4LjMKBEZwPRO1shXY+GsQleab+ZXT2ik=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.37 h1:G2aOH01yW8X373JK419THj5QVqu9vKEwxSEsGxihoW0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.37/go.mod h1:0ecCjlb7htYCptRD45lXJ6aJDQac6D2NlKGpZqyTG6A=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3 h1:8/vARxqd0Pn2Gqhp+8PxxTm3HttUMR1i1vBBj7MNFfc=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3/go.mod h1:oRaGEExKI6Pqcow+Tt7wpJf73/Srcj/CUJv5Eb9QFhg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 h1:x0xMBhU7bgnMhwVMLk2EXdGsuyN1tyN0Wr58D8sKtgY=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1/go.mod h1:XZKD0yH6t3f2W+H+eUil6qcm/s9LGfGV9js34TaSbyI=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0 h1:ZyB15ar3Z+zYlFbg0p9cRwu8MjanG70q+wR8/QI/Ehw=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.0/go.mod h1:hLeitfWsmqj2EFJWsXyz4GSpqG/aqrHXSd4lCH0q07U=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0/go.mod h1:B3G77bQDCmhp0RV0P/J9Kd4/qsymdWVhzTe3btAtywE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 h1:dqW4XRwPE/poWSqVntpeXLHzpPK6AOfKmL9QWDYl9aw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0/go.mod h1:j8+hrxlmLR8ZQo6ytTAls/JFrt5bVisuS6PD8gw2VBw=
-github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
-github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3 h1:W2M3kQSuN1+FXgV2wMv1JMWPxw/37wBN87QHYDuTV0Y=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3/go.mod h1:WyLS5qwXHtjKAONYZq/4ewdd+hcVsa3LBu77Ow5uj3k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 h1:rs4JCczF805+FDv2tRhZ1NU0RB2H6ryAvsWPanAr72Y=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.3/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 h1:S7EPdMVZod8BGKQQPTBK+FcX9g7bKR7c4+HxWqHP7Vg=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.3 h1:VzudTFrDCIDakXtemR7l6Qzt2+JYsVqo2MxBPt5k8T8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.3/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
+github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
+github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 355d6f3d66b033b2b08e4c6c48dacac53ece0294 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 13:32:49 +0200
Subject: [PATCH 2191/2268] chore(deps): Bump the golang-x group with 3 updates
 (#1190)

Bumps the golang-x group with 3 updates: [golang.org/x/net](https://github.com/golang/net), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/net` from 0.28.0 to 0.29.0
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.29.0)

Updates `golang.org/x/oauth2` from 0.22.0 to 0.23.0
- [Commits](https://github.com/golang/oauth2/compare/v0.22.0...v0.23.0)

Updates `golang.org/x/sys` from 0.24.0 to 0.25.0
- [Commits](https://github.com/golang/sys/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index c9880cfc4..c8c3601f5 100644
--- a/go.mod
+++ b/go.mod
@@ -69,13 +69,13 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/net v0.28.0
-	golang.org/x/oauth2 v0.22.0
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/net v0.29.0
+	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0
-	golang.org/x/sys v0.24.0
-	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/sys v0.25.0
+	golang.org/x/term v0.24.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
diff --git a/go.sum b/go.sum
index 990e952e7..5d96b418e 100644
--- a/go.sum
+++ b/go.sum
@@ -728,8 +728,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
@@ -760,11 +760,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -797,15 +797,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -815,8 +815,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
 golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

From 68d76d6f5a1a83174b84877fac3d36bf885ff885 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 13:33:01 +0200
Subject: [PATCH 2192/2268] chore(deps): Bump
 github.com/go-playground/validator/v10 (#1192)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.22.0 to 10.22.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.22.0...v10.22.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c8c3601f5..2e1b84e53 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.2
-	github.com/go-playground/validator/v10 v10.22.0
+	github.com/go-playground/validator/v10 v10.22.1
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.19.2
 	github.com/google/gops v0.3.28
diff --git a/go.sum b/go.sum
index 5d96b418e..8b609acf9 100644
--- a/go.sum
+++ b/go.sum
@@ -282,8 +282,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=

From e7bab3d9634017fb54b093d95bb10aaf8a0d860e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 13:33:37 +0200
Subject: [PATCH 2193/2268] chore(deps): Bump
 github.com/cyphar/filepath-securejoin (#1193)

Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.5 to 0.3.3.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.3)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2e1b84e53..520b20c59 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.31.3
 	github.com/aws/smithy-go v1.21.0
 	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/cyphar/filepath-securejoin v0.2.5
+	github.com/cyphar/filepath-securejoin v0.3.3
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-alpha.1
 	github.com/docker/cli v27.3.1+incompatible
diff --git a/go.sum b/go.sum
index 8b609acf9..d2b6b6385 100644
--- a/go.sum
+++ b/go.sum
@@ -173,8 +173,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lV
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
-github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cyphar/filepath-securejoin v0.3.3 h1:lofZkCEVFIBe0KcdQOzFs8Soy9oaHOWl4gGtPI+gCFc=
+github.com/cyphar/filepath-securejoin v0.3.3/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=

From 772d472f62933efc86a2810c5532871204e96cbc Mon Sep 17 00:00:00 2001
From: Marcel Frehe <43266827+mfrehe@users.noreply.github.com>
Date: Fri, 4 Oct 2024 13:34:05 +0200
Subject: [PATCH 2194/2268] feat(list-targets): add a flag which allows to
 filter the output to show only target names (#1124)

* feat(list-targets): add a flag which allows to filter the output to show target names only

* fix: Output target names as new-line seprated string

---------

Co-authored-by: Marcel Frehe <frehe.marcel@gmail.com>
Co-authored-by: Alexander Block <ablock84@gmail.com>
---
 cmd/kluctl/commands/cmd_list_targets.go | 17 +++++++++++++++++
 cmd/kluctl/commands/command_result.go   | 24 ++++++++++++++----------
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index aa2beafe1..560e10081 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -2,6 +2,8 @@ package commands
 
 import (
 	"context"
+	"strings"
+
 	"github.com/kluctl/kluctl/v2/cmd/kluctl/args"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project"
 	"github.com/kluctl/kluctl/v2/pkg/types"
@@ -10,6 +12,8 @@ import (
 type listTargetsCmd struct {
 	args.ProjectFlags
 	args.OutputFlags
+
+	OnlyNames bool `group:"list-targets" help:"If provided --only-names will only output "`
 }
 
 func (cmd *listTargetsCmd) Help() string {
@@ -19,9 +23,22 @@ func (cmd *listTargetsCmd) Help() string {
 func (cmd *listTargetsCmd) Run(ctx context.Context) error {
 	return withKluctlProjectFromArgs(ctx, nil, cmd.ProjectFlags, nil, nil, nil, nil, false, true, false, func(ctx context.Context, p *kluctl_project.LoadedKluctlProject) error {
 		var result []*types.Target
+
 		for _, t := range p.Targets {
 			result = append(result, t)
 		}
+
+		if cmd.OnlyNames {
+			var targetNames []string
+			for _, target := range result {
+				targetNames = append(targetNames, target.Name)
+			}
+			targetNamesStr := strings.Join(targetNames, "\n")
+			if targetNamesStr != "" {
+				targetNamesStr += "\n"
+			}
+			return outputResult2(ctx, cmd.Output, targetNamesStr)
+		}
 		return outputYamlResult(ctx, cmd.Output, result, false)
 	})
 }
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index b93c2cb67..d94c3cb99 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -294,9 +294,6 @@ func outputValidateResult2(ctx context.Context, output []string, vr *result.Vali
 func outputYamlResult(ctx context.Context, output []string, result interface{}, multiDoc bool) error {
 	status.Flush(ctx)
 
-	if len(output) == 0 {
-		output = []string{"-"}
-	}
 	var s string
 	if multiDoc {
 		l, ok := result.([]interface{})
@@ -315,13 +312,7 @@ func outputYamlResult(ctx context.Context, output []string, result interface{},
 		}
 		s = x
 	}
-	for _, path := range output {
-		err := outputResult(ctx, &path, s)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+	return outputResult2(ctx, output, s)
 }
 
 func outputResult(ctx context.Context, f *string, result string) error {
@@ -341,3 +332,16 @@ func outputResult(ctx context.Context, f *string, result string) error {
 	_, err := w.Write([]byte(result))
 	return err
 }
+
+func outputResult2(ctx context.Context, output []string, result string) error {
+	if len(output) == 0 {
+		output = []string{"-"}
+	}
+	for _, o := range output {
+		err := outputResult(ctx, &o, result)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

From b1884a0a8ce69a4da55fc29819abe64d6afbf2dd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 4 Oct 2024 14:45:12 +0200
Subject: [PATCH 2195/2268] fix: Don't set WarningHandler in k8sClients

This is not needed anymore.
---
 pkg/k8s/client.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go
index 3d69983f4..ccf89f027 100644
--- a/pkg/k8s/client.go
+++ b/pkg/k8s/client.go
@@ -68,10 +68,6 @@ func (kc *k8sClients) newClientEntry() (*parallelClientEntry, error) {
 	p.client, err = client.New(p.config, client.Options{
 		HTTPClient: p.httpClient,
 		Mapper:     kc.k.mapper,
-		WarningHandler: client.WarningHandlerOptions{
-			// we're handling warnings on our own, so don't let controller-runtime interfere
-			SuppressWarnings: true,
-		},
 	})
 	if err != nil {
 		return nil, err

From 265b073bcf8a431b8dba0bc5995392f3d0d87733 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 4 Oct 2024 14:45:52 +0200
Subject: [PATCH 2196/2268] chore: Upgrade controller-runtime to 0.19.0

---
 go.mod | 30 +++++++++++++------------
 go.sum | 69 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 52 insertions(+), 47 deletions(-)

diff --git a/go.mod b/go.mod
index 520b20c59..962506c32 100644
--- a/go.mod
+++ b/go.mod
@@ -80,14 +80,14 @@ require (
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
 	helm.sh/helm/v3 v3.15.2
-	k8s.io/api v0.30.2
-	k8s.io/apiextensions-apiserver v0.30.2
-	k8s.io/apimachinery v0.30.2
-	k8s.io/client-go v0.30.2
-	k8s.io/klog/v2 v2.130.0
+	k8s.io/api v0.31.0
+	k8s.io/apiextensions-apiserver v0.31.0
+	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	k8s.io/klog/v2 v2.130.1
 	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.36.0
-	sigs.k8s.io/controller-runtime v0.18.4
+	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/kustomize/api v0.17.2
 	sigs.k8s.io/kustomize/kyaml v0.17.1
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
@@ -135,7 +135,7 @@ require (
 	github.com/bytedance/sonic v1.11.8 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
-	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
 	github.com/cloudflare/circl v1.3.9 // indirect
@@ -162,6 +162,7 @@ require (
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
 	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
@@ -232,7 +233,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/spdystream v0.4.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -247,7 +248,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.54.0 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
@@ -270,6 +271,7 @@ require (
 	github.com/urfave/cli v1.22.15 // indirect
 	github.com/vbatts/tar-split v0.11.5 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
@@ -281,8 +283,8 @@ require (
 	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
@@ -309,12 +311,12 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.30.2 // indirect
+	k8s.io/apiserver v0.31.0 // indirect
 	k8s.io/cli-runtime v0.30.2 // indirect
-	k8s.io/component-base v0.30.2 // indirect
+	k8s.io/component-base v0.31.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	k8s.io/kubectl v0.30.2 // indirect
-	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index d2b6b6385..3adc7fd47 100644
--- a/go.sum
+++ b/go.sum
@@ -135,8 +135,8 @@ github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3z
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -232,6 +232,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
@@ -344,8 +346,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
-github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
-github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
+github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
 github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
 github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -368,7 +370,6 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
 github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
@@ -500,8 +501,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
+github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
+github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
@@ -522,8 +523,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.24.1 h1:PaVLelrNgT5/0ppPaUtey54tOVp245z33fkhL2jljjY=
 github.com/ohler55/ojg v1.24.1/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
-github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -568,8 +569,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8=
-github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -658,6 +659,8 @@ github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinC
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -686,10 +689,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
 go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w=
@@ -903,28 +906,28 @@ helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw=
 helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
-k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
-k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
-k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
-k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
-k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=
-k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8=
+k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
+k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
+k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
+k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
+k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
+k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
+k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
 k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE=
 k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A=
-k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
-k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
-k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
-k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
-k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM=
-k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
+k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
+k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
+k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
 k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
 k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
-k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
-k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
 nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
@@ -933,8 +936,8 @@ oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 sigs.k8s.io/cli-utils v0.36.0 h1:k7GM6LmIMydtvM6Ad91XuqKk0QEVL9bVbaiX1uvWIrA=
 sigs.k8s.io/cli-utils v0.36.0/go.mod h1:uCFC3BPXB3xHFQyKkWUlTrncVDCKzbdDfqZqRTCrk24=
-sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
-sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
+sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
+sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=

From 88f3ba975c7a9db030d948a0017a8fc8aa963001 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 4 Oct 2024 21:12:21 +0200
Subject: [PATCH 2197/2268] tests: Use unique controller name in tests

---
 cmd/kluctl/commands/cmd_controller_run.go            | 7 +++----
 docs/kluctl/commands/controller-run.md               | 2 ++
 e2e/gitops_suite_test.go                             | 1 +
 pkg/controllers/kluctldeployment_controller_setup.go | 1 +
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_controller_run.go b/cmd/kluctl/commands/cmd_controller_run.go
index 3c312fbd3..d5c5e34bd 100644
--- a/cmd/kluctl/commands/cmd_controller_run.go
+++ b/cmd/kluctl/commands/cmd_controller_run.go
@@ -34,14 +34,13 @@ var (
 	setupLog = ctrl.Log.WithName("setup")
 )
 
-const controllerName = "kluctl-controller"
-
 type controllerRunCmd struct {
 	scheme *runtime.Scheme
 
 	Kubeconfig string `group:"misc" help:"Override the kubeconfig to use."`
 	Context    string `group:"misc" help:"Override the context to use."`
 
+	ControllerName      string `group:"misc" help:"The controller name used for metrics and logs." default:"kluctl-controller"`
 	ControllerNamespace string `group:"misc" help:"The namespace where the controller runs in." default:"kluctl-system"`
 	Namespace           string `group:"misc" help:"Specify the namespace to watch. If omitted, all namespaces are watched."`
 
@@ -156,7 +155,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 		os.Exit(1)
 	}
 
-	eventRecorder := mgr.GetEventRecorderFor(controllerName)
+	eventRecorder := mgr.GetEventRecorderFor(cmd.ControllerName)
 
 	sshPool := &ssh_pool.SshPool{}
 
@@ -174,7 +173,7 @@ func (cmd *controllerRunCmd) Run(ctx context.Context) error {
 	}
 
 	r := controllers.KluctlDeploymentReconciler{
-		ControllerName:        controllerName,
+		ControllerName:        cmd.ControllerName,
 		ControllerNamespace:   cmd.ControllerNamespace,
 		DefaultServiceAccount: cmd.DefaultServiceAccount,
 		DryRun:                cmd.DryRun,
diff --git a/docs/kluctl/commands/controller-run.md b/docs/kluctl/commands/controller-run.md
index 0e22e8e24..9f49c4a4e 100644
--- a/docs/kluctl/commands/controller-run.md
+++ b/docs/kluctl/commands/controller-run.md
@@ -29,6 +29,8 @@ Misc arguments:
       --concurrency int                       Configures how many KluctlDeployments can be be reconciled
                                               concurrently. (default 4)
       --context string                        Override the context to use.
+      --controller-name string                The controller name used for metrics and logs. (default
+                                              "kluctl-controller")
       --controller-namespace string           The namespace where the controller runs in. (default "kluctl-system")
       --default-service-account string        Default service account used for impersonation.
       --dry-run                               Run all deployments in dryRun=true mode.
diff --git a/e2e/gitops_suite_test.go b/e2e/gitops_suite_test.go
index 6f820a5bb..dff784b77 100644
--- a/e2e/gitops_suite_test.go
+++ b/e2e/gitops_suite_test.go
@@ -104,6 +104,7 @@ func (suite *GitopsTestSuite) startController() {
 		suite.gitopsNamespace,
 		"--command-result-namespace",
 		suite.gitopsNamespace + "-results",
+		"--controller-name", fmt.Sprintf("kluctl-controller-%s", suite.gitopsNamespace),
 		"--controller-namespace",
 		controllerNamespace,
 		"--metrics-bind-address=0",
diff --git a/pkg/controllers/kluctldeployment_controller_setup.go b/pkg/controllers/kluctldeployment_controller_setup.go
index 38891f65a..5fbbfec36 100644
--- a/pkg/controllers/kluctldeployment_controller_setup.go
+++ b/pkg/controllers/kluctldeployment_controller_setup.go
@@ -16,6 +16,7 @@ func (r *KluctlDeploymentReconciler) SetupWithManager(ctx context.Context, mgr c
 	r.resourceVersionsMap = map[client.ObjectKey]map[k8s.ObjectRef]string{}
 
 	return ctrl.NewControllerManagedBy(mgr).
+		Named(r.ControllerName).
 		WithOptions(controller.Options{
 			MaxConcurrentReconciles: opts.Concurrency,
 		}).

From cfdfbf163226fa9652cbb179189586a3b4034abd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 21:51:50 +0200
Subject: [PATCH 2198/2268] chore(deps): Bump helm.sh/helm/v3 from 3.15.2 to
 3.16.1 (#1191)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.15.2 to 3.16.1.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.15.2...v3.16.1)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 17 ++++++++---------
 go.sum | 50 ++++++++++++++++++++------------------------------
 2 files changed, 28 insertions(+), 39 deletions(-)

diff --git a/go.mod b/go.mod
index 962506c32..e54323c43 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/Masterminds/semver/v3 v3.2.1
+	github.com/Masterminds/semver/v3 v3.3.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/aws/aws-sdk-go-v2 v1.31.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.39
@@ -79,7 +79,7 @@ require (
 	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
-	helm.sh/helm/v3 v3.15.2
+	helm.sh/helm/v3 v3.16.1
 	k8s.io/api v0.31.0
 	k8s.io/apiextensions-apiserver v0.31.0
 	k8s.io/apimachinery v0.31.0
@@ -102,7 +102,7 @@ require (
 	cloud.google.com/go/iam v1.2.0 // indirect
 	cloud.google.com/go/kms v1.19.0 // indirect
 	cloud.google.com/go/longrunning v0.6.0 // indirect
-	dario.cat/mergo v1.0.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
@@ -113,7 +113,7 @@ require (
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
@@ -226,7 +226,6 @@ require (
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/miekg/dns v1.1.55 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -254,7 +253,7 @@ require (
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/v9 v9.1.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/rubenv/sql-migrate v1.6.1 // indirect
+	github.com/rubenv/sql-migrate v1.7.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.6.0 // indirect
@@ -263,7 +262,7 @@ require (
 	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.6 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
@@ -312,10 +311,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.31.0 // indirect
-	k8s.io/cli-runtime v0.30.2 // indirect
+	k8s.io/cli-runtime v0.31.0 // indirect
 	k8s.io/component-base v0.31.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
-	k8s.io/kubectl v0.30.2 // indirect
+	k8s.io/kubectl v0.31.0 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index 3adc7fd47..e9d55ea2a 100644
--- a/go.sum
+++ b/go.sum
@@ -17,8 +17,8 @@ cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkB
 cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts=
 cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM=
 cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U=
-dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
-dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
+dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
 filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
@@ -55,11 +55,10 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
-github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
-github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
+github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
+github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
+github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
@@ -226,8 +225,8 @@ github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLg
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
-github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4=
+github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
+github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
@@ -352,7 +351,6 @@ github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
 github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -409,10 +407,8 @@ github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K
 github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -483,9 +479,8 @@ github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
-github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
-github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
+github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@@ -494,7 +489,6 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
@@ -590,8 +584,8 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rubenv/sql-migrate v1.6.1 h1:bo6/sjsan9HaXAsNxYP/jCEDUGibHp8JmOBw7NTGRos=
-github.com/rubenv/sql-migrate v1.6.1/go.mod h1:tPzespupJS0jacLfhbwto/UjSX+8h2FdWB7ar+QlHa0=
+github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
+github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
@@ -602,7 +596,6 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
-github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -615,9 +608,8 @@ github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9yS
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
+github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -728,7 +720,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
@@ -892,7 +883,6 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -902,8 +892,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw=
-helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ=
+helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c=
+helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
@@ -914,8 +904,8 @@ k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
 k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
 k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
-k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE=
-k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A=
+k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
+k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
 k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
 k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
 k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
@@ -924,8 +914,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
-k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
-k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
+k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
+k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=

From 25835e54e120683f701d17f9c4fc4bd9df21dd62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 22:22:05 +0200
Subject: [PATCH 2199/2268] chore(deps): Bump the k8s-io group across 1
 directory with 4 updates (#1195)

Bumps the k8s-io group with 2 updates in the / directory: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver).


Updates `k8s.io/api` from 0.31.0 to 0.31.1
- [Commits](https://github.com/kubernetes/api/compare/v0.31.0...v0.31.1)

Updates `k8s.io/apiextensions-apiserver` from 0.31.0 to 0.31.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.31.0...v0.31.1)

Updates `k8s.io/apimachinery` from 0.31.0 to 0.31.1
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.31.0...v0.31.1)

Updates `k8s.io/client-go` from 0.31.0 to 0.31.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.31.0...v0.31.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 24 ++++++++++++------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index e54323c43..c247ed8d8 100644
--- a/go.mod
+++ b/go.mod
@@ -80,10 +80,10 @@ require (
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
 	helm.sh/helm/v3 v3.16.1
-	k8s.io/api v0.31.0
-	k8s.io/apiextensions-apiserver v0.31.0
-	k8s.io/apimachinery v0.31.0
-	k8s.io/client-go v0.31.0
+	k8s.io/api v0.31.1
+	k8s.io/apiextensions-apiserver v0.31.1
+	k8s.io/apimachinery v0.31.1
+	k8s.io/client-go v0.31.1
 	k8s.io/klog/v2 v2.130.1
 	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.36.0
@@ -310,9 +310,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.31.0 // indirect
+	k8s.io/apiserver v0.31.1 // indirect
 	k8s.io/cli-runtime v0.31.0 // indirect
-	k8s.io/component-base v0.31.0 // indirect
+	k8s.io/component-base v0.31.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	k8s.io/kubectl v0.31.0 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
diff --git a/go.sum b/go.sum
index e9d55ea2a..872453467 100644
--- a/go.sum
+++ b/go.sum
@@ -896,20 +896,20 @@ helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c=
 helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
-k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
-k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk=
-k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk=
-k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
-k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY=
-k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
+k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
+k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
+k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
+k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
+k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
 k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
 k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
-k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
-k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
-k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs=
-k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
+k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=
+k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=

From bf20eeda3b06c1a5392041cb1dd5c15accfda8ec Mon Sep 17 00:00:00 2001
From: Daniel Kaiser <31596973+dankaiser1808@users.noreply.github.com>
Date: Mon, 2 Dec 2024 10:32:37 +0100
Subject: [PATCH 2200/2268] fix(deployment): apply RuntimeDefault seccomp
 profile in webui deployment (#1221)

---
 install/webui/webui/deployment.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install/webui/webui/deployment.yaml b/install/webui/webui/deployment.yaml
index 489e35c5f..278e52786 100644
--- a/install/webui/webui/deployment.yaml
+++ b/install/webui/webui/deployment.yaml
@@ -63,5 +63,7 @@ spec:
             - ALL
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: kluctl-webui
       terminationGracePeriodSeconds: 10

From a5153ca285cb68f8cee25a70307661b2ea9cdff1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 10:34:12 +0100
Subject: [PATCH 2201/2268] chore(deps): Bump the golang-x group across 1
 directory with 4 updates (#1214)

Bumps the golang-x group with 2 updates in the / directory: [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/net` from 0.29.0 to 0.31.0
- [Commits](https://github.com/golang/net/compare/v0.29.0...v0.31.0)

Updates `golang.org/x/oauth2` from 0.23.0 to 0.24.0
- [Commits](https://github.com/golang/oauth2/compare/v0.23.0...v0.24.0)

Updates `golang.org/x/sync` from 0.8.0 to 0.9.0
- [Commits](https://github.com/golang/sync/compare/v0.8.0...v0.9.0)

Updates `golang.org/x/sys` from 0.25.0 to 0.27.0
- [Commits](https://github.com/golang/sys/compare/v0.25.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 14 +++++++-------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index c247ed8d8..119ab1347 100644
--- a/go.mod
+++ b/go.mod
@@ -69,13 +69,13 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/tkrajina/typescriptify-golang-structs v0.1.11
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
-	golang.org/x/net v0.29.0
-	golang.org/x/oauth2 v0.23.0
-	golang.org/x/sync v0.8.0
-	golang.org/x/sys v0.25.0
-	golang.org/x/term v0.24.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/net v0.31.0
+	golang.org/x/oauth2 v0.24.0
+	golang.org/x/sync v0.9.0
+	golang.org/x/sys v0.27.0
+	golang.org/x/term v0.26.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1
 	google.golang.org/grpc v1.66.0
 	google.golang.org/protobuf v1.34.2
diff --git a/go.sum b/go.sum
index 872453467..3e232f45b 100644
--- a/go.sum
+++ b/go.sum
@@ -722,8 +722,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
@@ -754,11 +754,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
-golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -767,8 +767,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -791,15 +791,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -809,8 +809,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
 golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

From 967386d9443b2cfcbb5e934a6eb2684851713b67 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 10:42:17 +0100
Subject: [PATCH 2202/2268] chore: Switch to coder/websocket library

---
 go.mod                   | 2 +-
 go.sum                   | 4 ++--
 pkg/webui/events.go      | 2 +-
 pkg/webui/server_logs.go | 2 +-
 pkg/webui/utils.go       | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 119ab1347..ad735c863 100644
--- a/go.mod
+++ b/go.mod
@@ -20,6 +20,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3
 	github.com/aws/aws-sdk-go-v2/service/sts v1.31.3
 	github.com/aws/smithy-go v1.21.0
+	github.com/coder/websocket v1.8.12
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.3.3
 	github.com/dimchansky/utfbom v1.1.1
@@ -85,7 +86,6 @@ require (
 	k8s.io/apimachinery v0.31.1
 	k8s.io/client-go v0.31.1
 	k8s.io/klog/v2 v2.130.1
-	nhooyr.io/websocket v1.8.11
 	sigs.k8s.io/cli-utils v0.36.0
 	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/kustomize/api v0.17.2
diff --git a/go.sum b/go.sum
index 3e232f45b..e54f649d1 100644
--- a/go.sum
+++ b/go.sum
@@ -151,6 +151,8 @@ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJ
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
+github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
@@ -918,8 +920,6 @@ k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
 k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-nhooyr.io/websocket v1.8.11 h1:f/qXNc2/3DpoSZkHt1DQu6rj4zGC8JmkkLkWss0MgN0=
-nhooyr.io/websocket v1.8.11/go.mod h1:rN9OFWIUwuxg4fR5tELlYC04bXYowCP9GX47ivo2l+c=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
 oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
diff --git a/pkg/webui/events.go b/pkg/webui/events.go
index 12fae5bc6..af86a6578 100644
--- a/pkg/webui/events.go
+++ b/pkg/webui/events.go
@@ -4,13 +4,13 @@ import (
 	"bytes"
 	"container/list"
 	"context"
+	"github.com/coder/websocket"
 	"github.com/gin-gonic/gin"
 	"github.com/kluctl/kluctl/lib/git/types"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/results"
 	"net/http"
-	"nhooyr.io/websocket"
 	"sync"
 	"time"
 )
diff --git a/pkg/webui/server_logs.go b/pkg/webui/server_logs.go
index b1f6e22d4..f7ee2eb88 100644
--- a/pkg/webui/server_logs.go
+++ b/pkg/webui/server_logs.go
@@ -3,10 +3,10 @@ package webui
 import (
 	"context"
 	"encoding/json"
+	"github.com/coder/websocket"
 	"github.com/gin-gonic/gin"
 	"github.com/kluctl/kluctl/v2/pkg/controllers/logs"
 	"net/http"
-	"nhooyr.io/websocket"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
 )
diff --git a/pkg/webui/utils.go b/pkg/webui/utils.go
index 33d724757..f5048f26c 100644
--- a/pkg/webui/utils.go
+++ b/pkg/webui/utils.go
@@ -1,8 +1,8 @@
 package webui
 
 import (
+	"github.com/coder/websocket"
 	"github.com/gin-gonic/gin"
-	"nhooyr.io/websocket"
 	"strings"
 )
 

From f509b42d8e778eb7d5f50f9e3348539e84a60910 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 10:55:15 +0100
Subject: [PATCH 2203/2268] chore: Run go get -u ./... and go mod tidy for
 ipfs-exchange-info

---
 internal/ipfs-exchange-info/go.mod | 149 +++++-----
 internal/ipfs-exchange-info/go.sum | 433 +++++++++++++++--------------
 2 files changed, 313 insertions(+), 269 deletions(-)

diff --git a/internal/ipfs-exchange-info/go.mod b/internal/ipfs-exchange-info/go.mod
index 19b9a3b4b..18e011155 100644
--- a/internal/ipfs-exchange-info/go.mod
+++ b/internal/ipfs-exchange-info/go.mod
@@ -1,119 +1,136 @@
 module github.com/kluctl/kluctl/hack/ipfs-exchange-info
 
-go 1.20
+go 1.22.0
+
+toolchain go1.23.0
 
 require (
-	filippo.io/age v1.1.1
-	github.com/libp2p/go-libp2p v0.27.6
-	github.com/libp2p/go-libp2p-kad-dht v0.24.1
+	filippo.io/age v1.2.0
+	github.com/libp2p/go-libp2p v0.37.2
+	github.com/libp2p/go-libp2p-kad-dht v0.28.1
 	github.com/sirupsen/logrus v1.9.3
 )
 
 require (
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/elastic/gosigar v0.14.2 // indirect
-	github.com/flynn/noise v1.0.0 // indirect
+	github.com/elastic/gosigar v0.14.3 // indirect
+	github.com/flynn/noise v1.1.0 // indirect
 	github.com/francoispqt/gojay v1.2.13 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
-	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/huin/goupnp v1.2.0 // indirect
-	github.com/ipfs/boxo v0.10.1 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/huin/goupnp v1.3.0 // indirect
+	github.com/ipfs/boxo v0.24.3 // indirect
 	github.com/ipfs/go-cid v0.4.1 // indirect
 	github.com/ipfs/go-datastore v0.6.0 // indirect
-	github.com/ipfs/go-ipfs-util v0.0.3 // indirect
-	github.com/ipfs/go-log v1.0.5 // indirect
 	github.com/ipfs/go-log/v2 v2.5.1 // indirect
-	github.com/ipld/go-ipld-prime v0.20.0 // indirect
+	github.com/ipld/go-ipld-prime v0.21.0 // indirect
 	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
 	github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect
 	github.com/jbenet/goprocess v0.1.4 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/koron/go-ssdp v0.0.4 // indirect
 	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
 	github.com/libp2p/go-cidranger v1.1.0 // indirect
-	github.com/libp2p/go-flow-metrics v0.1.0 // indirect
-	github.com/libp2p/go-libp2p-asn-util v0.3.0 // indirect
-	github.com/libp2p/go-libp2p-kbucket v0.6.3 // indirect
+	github.com/libp2p/go-flow-metrics v0.2.0 // indirect
+	github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect
+	github.com/libp2p/go-libp2p-kbucket v0.6.4 // indirect
 	github.com/libp2p/go-libp2p-record v0.2.0 // indirect
+	github.com/libp2p/go-libp2p-routing-helpers v0.7.4 // indirect
 	github.com/libp2p/go-msgio v0.3.0 // indirect
-	github.com/libp2p/go-nat v0.1.0 // indirect
-	github.com/libp2p/go-netroute v0.2.1 // indirect
-	github.com/libp2p/go-reuseport v0.3.0 // indirect
-	github.com/libp2p/go-yamux/v4 v4.0.0 // indirect
+	github.com/libp2p/go-nat v0.2.0 // indirect
+	github.com/libp2p/go-netroute v0.2.2 // indirect
+	github.com/libp2p/go-reuseport v0.4.0 // indirect
+	github.com/libp2p/go-yamux/v4 v4.0.1 // indirect
 	github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/miekg/dns v1.1.54 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/miekg/dns v1.1.62 // indirect
 	github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect
 	github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect
 	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/multiformats/go-base32 v0.1.0 // indirect
 	github.com/multiformats/go-base36 v0.2.0 // indirect
-	github.com/multiformats/go-multiaddr v0.9.0 // indirect
-	github.com/multiformats/go-multiaddr-dns v0.3.1 // indirect
+	github.com/multiformats/go-multiaddr v0.14.0 // indirect
+	github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect
 	github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect
 	github.com/multiformats/go-multibase v0.2.0 // indirect
 	github.com/multiformats/go-multicodec v0.9.0 // indirect
 	github.com/multiformats/go-multihash v0.2.3 // indirect
-	github.com/multiformats/go-multistream v0.4.1 // indirect
+	github.com/multiformats/go-multistream v0.6.0 // indirect
 	github.com/multiformats/go-varint v0.0.7 // indirect
-	github.com/onsi/ginkgo/v2 v2.9.7 // indirect
-	github.com/opencontainers/runtime-spec v1.0.2 // indirect
-	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/ginkgo/v2 v2.22.0 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
 	github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
+	github.com/pion/datachannel v1.5.9 // indirect
+	github.com/pion/dtls/v2 v2.2.12 // indirect
+	github.com/pion/ice/v2 v2.3.37 // indirect
+	github.com/pion/interceptor v0.1.37 // indirect
+	github.com/pion/logging v0.2.2 // indirect
+	github.com/pion/mdns v0.0.12 // indirect
+	github.com/pion/randutil v0.1.0 // indirect
+	github.com/pion/rtcp v1.2.14 // indirect
+	github.com/pion/rtp v1.8.9 // indirect
+	github.com/pion/sctp v1.8.34 // indirect
+	github.com/pion/sdp/v3 v3.0.9 // indirect
+	github.com/pion/srtp/v2 v2.0.20 // indirect
+	github.com/pion/stun v0.6.1 // indirect
+	github.com/pion/transport/v2 v2.2.10 // indirect
+	github.com/pion/turn/v2 v2.1.6 // indirect
+	github.com/pion/webrtc/v3 v3.3.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/polydawn/refmt v0.89.0 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
-	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
-	github.com/quic-go/quic-go v0.33.0 // indirect
-	github.com/quic-go/webtransport-go v0.5.3 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.60.1 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/quic-go/quic-go v0.48.2 // indirect
+	github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 // indirect
 	github.com/raulk/go-watchdog v1.3.0 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 // indirect
+	github.com/wlynxg/anet v0.0.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/dig v1.17.0 // indirect
-	go.uber.org/fx v1.19.3 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/otel/metric v1.32.0 // indirect
+	go.opentelemetry.io/otel/trace v1.32.0 // indirect
+	go.uber.org/dig v1.18.0 // indirect
+	go.uber.org/fx v1.23.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/crypto v0.10.0 // indirect
-	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
-	golang.org/x/tools v0.9.1 // indirect
-	gonum.org/v1/gonum v0.13.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
-	lukechampine.com/blake3 v1.2.1 // indirect
-	nhooyr.io/websocket v1.8.7 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/mod v0.22.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	golang.org/x/tools v0.27.0 // indirect
+	gonum.org/v1/gonum v0.15.1 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/blake3 v1.3.0 // indirect
 )
diff --git a/internal/ipfs-exchange-info/go.sum b/internal/ipfs-exchange-info/go.sum
index d17de4f1a..c7653c00d 100644
--- a/internal/ipfs-exchange-info/go.sum
+++ b/internal/ipfs-exchange-info/go.sum
@@ -1,3 +1,5 @@
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@@ -6,8 +8,8 @@ dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl
 dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
-filippo.io/age v1.1.1 h1:pIpO7l151hCnQ4BdyBujnGP2YlUo0uj6sAVNHGBvXHg=
-filippo.io/age v1.1.1/go.mod h1:l03SrzDUrBkdBx8+IILdnn2KZysqQdbEBUQ4p3sqEQE=
+filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
+filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
@@ -21,8 +23,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -41,54 +43,39 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR6AkioZ1ySsx5yxlDQZ8stG2b88gTPxgJU=
 github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U=
 github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/elastic/gosigar v0.12.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
-github.com/elastic/gosigar v0.14.2 h1:Dg80n8cr90OZ7x+bAax/QjoW/XqTI11RmA79ZwIm9/4=
-github.com/elastic/gosigar v0.14.2/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
+github.com/elastic/gosigar v0.14.3 h1:xwkKwPia+hSfg9GqrCUKYdId102m9qTJIIr7egmK/uo=
+github.com/elastic/gosigar v0.14.3/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/flynn/noise v1.0.0 h1:DlTHqmzmvcEiKj+4RYo/imoswx/4r6iBlCMfVtrMXpQ=
-github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
+github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg=
+github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
 github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
-github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
-github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
-github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
-github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo=
-github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
@@ -100,16 +87,13 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@@ -117,9 +101,6 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -128,28 +109,27 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec=
+github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c h1:7lF+Vz0LqiRidnzC1Oq86fpX1q/iEv2KJdrCtttYjT4=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -157,14 +137,14 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/huin/goupnp v1.0.0/go.mod h1:n9v9KO1tAxYH82qOn+UTIFQDmx5n1Zxd/ClZDMX7Bnc=
-github.com/huin/goupnp v1.2.0 h1:uOKW26NG1hsSSbXIZ1IR7XP9Gjd1U8pnLaCMgntmkmY=
-github.com/huin/goupnp v1.2.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
-github.com/huin/goutil v0.0.0-20170803182201-1ca381bf3150/go.mod h1:PpLOETDnJ0o3iZrZfqZzyLl6l7F3c6L1oWn7OICBi6o=
-github.com/ipfs/boxo v0.10.1 h1:q0ZhbyN6iNZLipd6txt1xotCiP/icfvdAQ4YpUi+cL4=
-github.com/ipfs/boxo v0.10.1/go.mod h1:1qgKq45mPRCxf4ZPoJV2lnXxyxucigILMJOrQrVivv8=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc=
+github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8=
+github.com/ipfs/boxo v0.24.3 h1:gldDPOWdM3Rz0v5LkVLtZu7A7gFNvAlWcmxhCqlHR3c=
+github.com/ipfs/boxo v0.24.3/go.mod h1:h0DRzOY1IBFDHp6KNvrJLMFdSXTYID0Zf+q7X05JsNg=
+github.com/ipfs/go-block-format v0.2.0 h1:ZqrkxBA2ICbDRbK8KJs/u0O3dlp6gmAuuXUJNiW1Ycs=
+github.com/ipfs/go-block-format v0.2.0/go.mod h1:+jpL11nFx5A/SPpsoBn6Bzkra/zaArfSmsknbPMYgzM=
 github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s=
 github.com/ipfs/go-cid v0.4.1/go.mod h1:uQHwDeX4c6CtyrFwdqyhpNcxVewur1M7l7fNU7LKwZk=
 github.com/ipfs/go-datastore v0.6.0 h1:JKyz+Gvz1QEZw0LsX1IBn+JFCJQH4SJVFtM4uWU0Myk=
@@ -173,13 +153,12 @@ github.com/ipfs/go-detect-race v0.0.1 h1:qX/xay2W3E4Q1U7d9lNs1sU9nvguX0a7319XbyQ
 github.com/ipfs/go-detect-race v0.0.1/go.mod h1:8BNT7shDZPo99Q74BpGMK+4D8Mn4j46UU0LZ723meps=
 github.com/ipfs/go-ipfs-util v0.0.3 h1:2RFdGez6bu2ZlZdI+rWfIdbQb1KudQp3VGwPtdNCmE0=
 github.com/ipfs/go-ipfs-util v0.0.3/go.mod h1:LHzG1a0Ig4G+iZ26UUOMjHd+lfM84LZCrn17xAKWBvs=
-github.com/ipfs/go-log v1.0.5 h1:2dOuUCB1Z7uoczMWgAyDck5JLb72zHzrMnGnCNNbvY8=
-github.com/ipfs/go-log v1.0.5/go.mod h1:j0b8ZoR+7+R99LD9jZ6+AJsrzkPbSXbZfGakb5JPtIo=
-github.com/ipfs/go-log/v2 v2.1.3/go.mod h1:/8d0SH3Su5Ooc31QlL1WysJhvyOTDCjcCZ9Axpmri6g=
 github.com/ipfs/go-log/v2 v2.5.1 h1:1XdUzF7048prq4aBjDQQ4SL5RxftpRGdXhNRwKSAlcY=
 github.com/ipfs/go-log/v2 v2.5.1/go.mod h1:prSpmC1Gpllc9UYWxDiZDreBYw7zp4Iqp1kOLU9U5UI=
-github.com/ipld/go-ipld-prime v0.20.0 h1:Ud3VwE9ClxpO2LkCYP7vWPc0Fo+dYdYzgxUJZ3uRG4g=
-github.com/ipld/go-ipld-prime v0.20.0/go.mod h1:PzqZ/ZR981eKbgdr3y2DJYeD/8bgMawdGVlJDE8kK+M=
+github.com/ipfs/go-test v0.0.4 h1:DKT66T6GBB6PsDFLoO56QZPrOmzJkqU1FZH5C9ySkew=
+github.com/ipfs/go-test v0.0.4/go.mod h1:qhIM1EluEfElKKM6fnWxGn822/z9knUGM1+I/OAQNKI=
+github.com/ipld/go-ipld-prime v0.21.0 h1:n4JmcpOlPDIxBcY037SVfpd1G+Sj1nKZah0m6QH9C2E=
+github.com/ipld/go-ipld-prime v0.21.0/go.mod h1:3RLqy//ERg/y5oShXXdx5YIp50cFGOanyMctpPjsvxQ=
 github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=
 github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
 github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA=
@@ -189,75 +168,68 @@ github.com/jbenet/goprocess v0.1.4 h1:DRGOFReOMqqDNXwW70QkacFW0YN9QnwLV0Vqk+3oU0
 github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
-github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
-github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/koron/go-ssdp v0.0.0-20191105050749-2e1c40ed0b5d/go.mod h1:5Ky9EC2xfoUKUor0Hjgi2BJhCSXJfMOFlmyYrVKGQMk=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/koron/go-ssdp v0.0.4 h1:1IDwrghSKYM7yLf7XCzbByg2sJ/JcNOZRXS2jczTwz0=
 github.com/koron/go-ssdp v0.0.4/go.mod h1:oDXq+E5IL5q0U8uSBcoAXzTzInwy5lEgC91HoKtbmZk=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/libp2p/go-buffer-pool v0.1.0 h1:oK4mSFcQz7cTQIfqbe4MIj9gLW+mnanjyFtc6cdF0Y8=
 github.com/libp2p/go-buffer-pool v0.1.0/go.mod h1:N+vh8gMqimBzdKkSMVuydVDq+UV5QTWy5HSiZacSbPg=
 github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38yPW7c=
 github.com/libp2p/go-cidranger v1.1.0/go.mod h1:KWZTfSr+r9qEo9OkI9/SIEeAtw+NNoU0dXIXt15Okic=
-github.com/libp2p/go-flow-metrics v0.1.0 h1:0iPhMI8PskQwzh57jB9WxIuIOQ0r+15PChFGkx3Q3WM=
-github.com/libp2p/go-flow-metrics v0.1.0/go.mod h1:4Xi8MX8wj5aWNDAZttg6UPmc0ZrnFNsMtpsYUClFtro=
-github.com/libp2p/go-libp2p v0.27.6 h1:KmGU5kskCaaerm53heqzfGOlrW2z8icZ+fnyqgrZs38=
-github.com/libp2p/go-libp2p v0.27.6/go.mod h1:oMfQGTb9CHnrOuSM6yMmyK2lXz3qIhnkn2+oK3B1Y2g=
-github.com/libp2p/go-libp2p-asn-util v0.3.0 h1:gMDcMyYiZKkocGXDQ5nsUQyquC9+H+iLEQHwOCZ7s8s=
-github.com/libp2p/go-libp2p-asn-util v0.3.0/go.mod h1:B1mcOrKUE35Xq/ASTmQ4tN3LNzVVaMNmq2NACuqyB9w=
-github.com/libp2p/go-libp2p-kad-dht v0.24.1 h1:XH9vIWqc6e+w6z2Nvt9R5EhkBNnOQl7tyxxM6soejwo=
-github.com/libp2p/go-libp2p-kad-dht v0.24.1/go.mod h1:1meiUvgOxfSPBx1pracS4VyYwmusorvv+TVRI3mXaJI=
-github.com/libp2p/go-libp2p-kbucket v0.6.3 h1:p507271wWzpy2f1XxPzCQG9NiN6R6lHL9GiSErbQQo0=
-github.com/libp2p/go-libp2p-kbucket v0.6.3/go.mod h1:RCseT7AH6eJWxxk2ol03xtP9pEHetYSPXOaJnOiD8i0=
+github.com/libp2p/go-flow-metrics v0.2.0 h1:EIZzjmeOE6c8Dav0sNv35vhZxATIXWZg6j/C08XmmDw=
+github.com/libp2p/go-flow-metrics v0.2.0/go.mod h1:st3qqfu8+pMfh+9Mzqb2GTiwrAGjIPszEjZmtksN8Jc=
+github.com/libp2p/go-libp2p v0.37.2 h1:Irh+n9aDPTLt9wJYwtlHu6AhMUipbC1cGoJtOiBqI9c=
+github.com/libp2p/go-libp2p v0.37.2/go.mod h1:M8CRRywYkqC6xKHdZ45hmqVckBj5z4mRLIMLWReypz8=
+github.com/libp2p/go-libp2p-asn-util v0.4.1 h1:xqL7++IKD9TBFMgnLPZR6/6iYhawHKHl950SO9L6n94=
+github.com/libp2p/go-libp2p-asn-util v0.4.1/go.mod h1:d/NI6XZ9qxw67b4e+NgpQexCIiFYJjErASrYW4PFDN8=
+github.com/libp2p/go-libp2p-kad-dht v0.28.1 h1:DVTfzG8Ybn88g9RycIq47evWCRss5f0Wm8iWtpwyHso=
+github.com/libp2p/go-libp2p-kad-dht v0.28.1/go.mod h1:0wHURlSFdAC42+wF7GEmpLoARw8JuS8do2guCtc/Y/w=
+github.com/libp2p/go-libp2p-kbucket v0.6.4 h1:OjfiYxU42TKQSB8t8WYd8MKhYhMJeO2If+NiuKfb6iQ=
+github.com/libp2p/go-libp2p-kbucket v0.6.4/go.mod h1:jp6w82sczYaBsAypt5ayACcRJi0lgsba7o4TzJKEfWA=
 github.com/libp2p/go-libp2p-record v0.2.0 h1:oiNUOCWno2BFuxt3my4i1frNrt7PerzB3queqa1NkQ0=
 github.com/libp2p/go-libp2p-record v0.2.0/go.mod h1:I+3zMkvvg5m2OcSdoL0KPljyJyvNDFGKX7QdlpYUcwk=
+github.com/libp2p/go-libp2p-routing-helpers v0.7.4 h1:6LqS1Bzn5CfDJ4tzvP9uwh42IB7TJLNFJA6dEeGBv84=
+github.com/libp2p/go-libp2p-routing-helpers v0.7.4/go.mod h1:we5WDj9tbolBXOuF1hGOkR+r7Uh1408tQbAKaT5n1LE=
 github.com/libp2p/go-libp2p-testing v0.12.0 h1:EPvBb4kKMWO29qP4mZGyhVzUyR25dvfUIK5WDu6iPUA=
+github.com/libp2p/go-libp2p-testing v0.12.0/go.mod h1:KcGDRXyN7sQCllucn1cOOS+Dmm7ujhfEyXQL5lvkcPg=
 github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0=
 github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM=
-github.com/libp2p/go-nat v0.1.0 h1:MfVsH6DLcpa04Xr+p8hmVRG4juse0s3J8HyNWYHffXg=
-github.com/libp2p/go-nat v0.1.0/go.mod h1:X7teVkwRHNInVNWQiO/tAiAVRwSr5zoRz4YSTC3uRBM=
-github.com/libp2p/go-netroute v0.1.2/go.mod h1:jZLDV+1PE8y5XxBySEBgbuVAXbhtuHSdmLPL2n9MKbk=
-github.com/libp2p/go-netroute v0.2.1 h1:V8kVrpD8GK0Riv15/7VN6RbUQ3URNZVosw7H2v9tksU=
-github.com/libp2p/go-netroute v0.2.1/go.mod h1:hraioZr0fhBjG0ZRXJJ6Zj2IVEVNx6tDTFQfSmcq7mQ=
-github.com/libp2p/go-reuseport v0.3.0 h1:iiZslO5byUYZEg9iCwJGf5h+sf1Agmqx2V2FDjPyvUw=
-github.com/libp2p/go-reuseport v0.3.0/go.mod h1:laea40AimhtfEqysZ71UpYj4S+R9VpH8PgqLo7L+SwI=
-github.com/libp2p/go-sockaddr v0.0.2/go.mod h1:syPvOmNs24S3dFVGJA1/mrqdeijPxLV2Le3BRLKd68k=
-github.com/libp2p/go-yamux/v4 v4.0.0 h1:+Y80dV2Yx/kv7Y7JKu0LECyVdMXm1VUoko+VQ9rBfZQ=
-github.com/libp2p/go-yamux/v4 v4.0.0/go.mod h1:NWjl8ZTLOGlozrXSOZ/HlfG++39iKNnM5wwmtQP1YB4=
+github.com/libp2p/go-nat v0.2.0 h1:Tyz+bUFAYqGyJ/ppPPymMGbIgNRH+WqC5QrT5fKrrGk=
+github.com/libp2p/go-nat v0.2.0/go.mod h1:3MJr+GRpRkyT65EpVPBstXLvOlAPzUVlG6Pwg9ohLJk=
+github.com/libp2p/go-netroute v0.2.2 h1:Dejd8cQ47Qx2kRABg6lPwknU7+nBnFRpko45/fFPuZ8=
+github.com/libp2p/go-netroute v0.2.2/go.mod h1:Rntq6jUAH0l9Gg17w5bFGhcC9a+vk4KNXs6s7IljKYE=
+github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s=
+github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU=
+github.com/libp2p/go-yamux/v4 v4.0.1 h1:FfDR4S1wj6Bw2Pqbc8Uz7pCxeRBPbwsBbEdfwiCypkQ=
+github.com/libp2p/go-yamux/v4 v4.0.1/go.mod h1:NWjl8ZTLOGlozrXSOZ/HlfG++39iKNnM5wwmtQP1YB4=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk=
 github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
-github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
-github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
 github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c h1:bzE/A84HN25pxAuk9Eej1Kz9OUelF97nAc82bDquQI8=
 github.com/mikioh/tcp v0.0.0-20190314235350-803a9b46060c/go.mod h1:0SQS9kMwD2VsyFEB++InYyBJroV/FRmBgcydeSUcJms=
 github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b h1:z78hV3sbSMAUoyUMM0I83AUIT6Hu17AWfgjzIbtrYFc=
@@ -268,12 +240,8 @@ github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8Rv
 github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
 github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
 github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
 github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
 github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
@@ -282,11 +250,10 @@ github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYg
 github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=
 github.com/multiformats/go-base36 v0.2.0/go.mod h1:qvnKE++v+2MWCfePClUEjE78Z7P2a1UV0xHgWc0hkp4=
 github.com/multiformats/go-multiaddr v0.1.1/go.mod h1:aMKBKNEYmzmDmxfX88/vz+J5IU55txyt0p4aiWVohjo=
-github.com/multiformats/go-multiaddr v0.2.0/go.mod h1:0nO36NvPpyV4QzvTLi/lafl2y95ncPj0vFwVF6k6wJ4=
-github.com/multiformats/go-multiaddr v0.9.0 h1:3h4V1LHIk5w4hJHekMKWALPXErDfz/sggzwC/NcqbDQ=
-github.com/multiformats/go-multiaddr v0.9.0/go.mod h1:mI67Lb1EeTOYb8GQfL/7wpIZwc46ElrvzhYnoJOmTT0=
-github.com/multiformats/go-multiaddr-dns v0.3.1 h1:QgQgR+LQVt3NPTjbrLLpsaT2ufAA2y0Mkk+QRVJbW3A=
-github.com/multiformats/go-multiaddr-dns v0.3.1/go.mod h1:G/245BRQ6FJGmryJCrOuTdB37AMA5AMOVuO6NY3JwTk=
+github.com/multiformats/go-multiaddr v0.14.0 h1:bfrHrJhrRuh/NXH5mCnemjpbGjzRw/b+tJFOD41g2tU=
+github.com/multiformats/go-multiaddr v0.14.0/go.mod h1:6EkVAxtznq2yC3QT5CM1UTAwG0GTP3EWAIcjHuzQ+r4=
+github.com/multiformats/go-multiaddr-dns v0.4.1 h1:whi/uCLbDS3mSEUMb1MsoT4uzUeZB0N32yzufqS0i5M=
+github.com/multiformats/go-multiaddr-dns v0.4.1/go.mod h1:7hfthtB4E4pQwirrz+J0CcDUfbWzTqEzVyYKKIKpgkc=
 github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/eQsuaL3/CWe167E=
 github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo=
 github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g=
@@ -296,23 +263,66 @@ github.com/multiformats/go-multicodec v0.9.0/go.mod h1:L3QTQvMIaVBkXOXXtVmYE+LI1
 github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew=
 github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U=
 github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM=
-github.com/multiformats/go-multistream v0.4.1 h1:rFy0Iiyn3YT0asivDUIR05leAdwZq3de4741sbiSdfo=
-github.com/multiformats/go-multistream v0.4.1/go.mod h1:Mz5eykRVAjJWckE2U78c6xqdtyNUEhKSM0Lwar2p77Q=
-github.com/multiformats/go-varint v0.0.1/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE=
+github.com/multiformats/go-multistream v0.6.0 h1:ZaHKbsL404720283o4c/IHQXiS6gb8qAN5EIJ4PN5EA=
+github.com/multiformats/go-multistream v0.6.0/go.mod h1:MOyoG5otO24cHIg8kf9QW2/NozURlkP/rvi2FQJyCPg=
 github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8=
 github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
-github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss=
-github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0=
-github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
-github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
+github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
+github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
+github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
-github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
+github.com/pion/datachannel v1.5.9 h1:LpIWAOYPyDrXtU+BW7X0Yt/vGtYxtXQ8ql7dFfYUVZA=
+github.com/pion/datachannel v1.5.9/go.mod h1:kDUuk4CU4Uxp82NH4LQZbISULkX/HtzKa4P7ldf9izE=
+github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
+github.com/pion/dtls/v2 v2.2.12 h1:KP7H5/c1EiVAAKUmXyCzPiQe5+bCJrpOeKg/L05dunk=
+github.com/pion/dtls/v2 v2.2.12/go.mod h1:d9SYc9fch0CqK90mRk1dC7AkzzpwJj6u2GU3u+9pqFE=
+github.com/pion/ice/v2 v2.3.37 h1:ObIdaNDu1rCo7hObhs34YSBcO7fjslJMZV0ux+uZWh0=
+github.com/pion/ice/v2 v2.3.37/go.mod h1:mBF7lnigdqgtB+YHkaY/Y6s6tsyRyo4u4rPGRuOjUBQ=
+github.com/pion/interceptor v0.1.37 h1:aRA8Zpab/wE7/c0O3fh1PqY0AJI3fCSEM5lRWJVorwI=
+github.com/pion/interceptor v0.1.37/go.mod h1:JzxbJ4umVTlZAf+/utHzNesY8tmRkM2lVmkS82TTj8Y=
+github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/mdns v0.0.12 h1:CiMYlY+O0azojWDmxdNr7ADGrnZ+V6Ilfner+6mSVK8=
+github.com/pion/mdns v0.0.12/go.mod h1:VExJjv8to/6Wqm1FXK+Ii/Z9tsVk/F5sD/N70cnYFbk=
+github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA=
+github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8=
+github.com/pion/rtcp v1.2.12/go.mod h1:sn6qjxvnwyAkkPzPULIbVqSKI5Dv54Rv7VG0kNxh9L4=
+github.com/pion/rtcp v1.2.14 h1:KCkGV3vJ+4DAJmvP0vaQShsb0xkRfWkO540Gy102KyE=
+github.com/pion/rtcp v1.2.14/go.mod h1:sn6qjxvnwyAkkPzPULIbVqSKI5Dv54Rv7VG0kNxh9L4=
+github.com/pion/rtp v1.8.3/go.mod h1:pBGHaFt/yW7bf1jjWAoUjpSNoDnw98KTMg+jWWvziqU=
+github.com/pion/rtp v1.8.9 h1:E2HX740TZKaqdcPmf4pw6ZZuG8u5RlMMt+l3dxeu6Wk=
+github.com/pion/rtp v1.8.9/go.mod h1:pBGHaFt/yW7bf1jjWAoUjpSNoDnw98KTMg+jWWvziqU=
+github.com/pion/sctp v1.8.34 h1:rCuD3m53i0oGxCSp7FLQKvqVx0Nf5AUAHhMRXTTQjBc=
+github.com/pion/sctp v1.8.34/go.mod h1:yWkCClkXlzVW7BXfI2PjrUGBwUI0CjXJBkhLt+sdo4U=
+github.com/pion/sdp/v3 v3.0.9 h1:pX++dCHoHUwq43kuwf3PyJfHlwIj4hXA7Vrifiq0IJY=
+github.com/pion/sdp/v3 v3.0.9/go.mod h1:B5xmvENq5IXJimIO4zfp6LAe1fD9N+kFv+V/1lOdz8M=
+github.com/pion/srtp/v2 v2.0.20 h1:HNNny4s+OUmG280ETrCdgFndp4ufx3/uy85EawYEhTk=
+github.com/pion/srtp/v2 v2.0.20/go.mod h1:0KJQjA99A6/a0DOVTu1PhDSw0CXF2jTkqOoMg3ODqdA=
+github.com/pion/stun v0.6.1 h1:8lp6YejULeHBF8NmV8e2787BogQhduZugh5PdhDyyN4=
+github.com/pion/stun v0.6.1/go.mod h1:/hO7APkX4hZKu/D0f2lHzNyvdkTGtIy3NDmLR7kSz/8=
+github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
+github.com/pion/transport/v2 v2.2.3/go.mod h1:q2U/tf9FEfnSBGSW6w5Qp5PFWRLRj3NjLhCCgpRK4p0=
+github.com/pion/transport/v2 v2.2.4/go.mod h1:q2U/tf9FEfnSBGSW6w5Qp5PFWRLRj3NjLhCCgpRK4p0=
+github.com/pion/transport/v2 v2.2.10 h1:ucLBLE8nuxiHfvkFKnkDQRYWYfp8ejf4YBOPfaQpw6Q=
+github.com/pion/transport/v2 v2.2.10/go.mod h1:sq1kSLWs+cHW9E+2fJP95QudkzbK7wscs8yYgQToO5E=
+github.com/pion/transport/v3 v3.0.1/go.mod h1:UY7kiITrlMv7/IKgd5eTUcaahZx5oUN3l9SzK5f5xE0=
+github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0=
+github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo=
+github.com/pion/turn/v2 v2.1.3/go.mod h1:huEpByKKHix2/b9kmTAM3YoX6MKP+/D//0ClgUYR2fY=
+github.com/pion/turn/v2 v2.1.6 h1:Xr2niVsiPTB0FPtt+yAWKFUkU1eotQbGgpTIld4x1Gc=
+github.com/pion/turn/v2 v2.1.6/go.mod h1:huEpByKKHix2/b9kmTAM3YoX6MKP+/D//0ClgUYR2fY=
+github.com/pion/webrtc/v3 v3.3.4 h1:v2heQVnXTSqNRXcaFQVOhIOYkLMxOu1iJG8uy1djvkk=
+github.com/pion/webrtc/v3 v3.3.4/go.mod h1:liNa+E1iwyzyXqNUwvoMRNQ10x8h8FOeJKL8RkIbamE=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -321,32 +331,28 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/polydawn/refmt v0.89.0 h1:ADJTApkvkeBZsN0tBTx8QjpD9JkmxbKp0cxfr9qszm4=
 github.com/polydawn/refmt v0.89.0/go.mod h1:/zvteZs/GwLtCgZ4BL6CBsk9IKIlexP43ObX9AxTqTw=
 github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
+github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
-github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
-github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
-github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA=
-github.com/quic-go/webtransport-go v0.5.3 h1:5XMlzemqB4qmOlgIus5zB45AcZ2kCgCy2EptUrfOPWU=
-github.com/quic-go/webtransport-go v0.5.3/go.mod h1:OhmmgJIzTTqXK5xvtuX0oBpLV2GkLWNDA+UeTGJXErU=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
+github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs=
+github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66 h1:4WFk6u3sOT6pLa1kQ50ZVdm8BQFgJNA117cepZxtLIg=
+github.com/quic-go/webtransport-go v0.8.1-0.20241018022711-4ac2c9250e66/go.mod h1:Vp72IJajgeOL6ddqrAhmp7IM9zbTcgkQxD/YdxrVwMw=
 github.com/raulk/go-watchdog v1.3.0 h1:oUmdlHxdkXRJlwfG0O9omj8ukerm8MEQavSiDTEtBsk=
 github.com/raulk/go-watchdog v1.3.0/go.mod h1:fIvOnLbF0b0ZwkB9YU4mOW9Did//4vPZtDqv66NfsMU=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
@@ -387,20 +393,20 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
-github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
@@ -409,70 +415,74 @@ github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0 h1:GDDkbFiaK8jsSD
 github.com/warpfork/go-wish v0.0.0-20220906213052-39a1cc7a02d0/go.mod h1:x6AKhvSSexNrVSrViXSHUEbICjmGXhtgABaHIySUSGw=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1 h1:EKhdznlJHPMoKr0XTrX+IlJs1LH3lyx2nfr1dOlZ79k=
 github.com/whyrusleeping/go-keyspace v0.0.0-20160322163242-5b898ac5add1/go.mod h1:8UvriyWtv5Q5EOgjHaSseUEdkQfvwFv1I/In/O2M9gc=
+github.com/wlynxg/anet v0.0.3/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
+github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
+github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
-go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
-go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
-go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
-go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
-go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
-go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/dig v1.17.0 h1:5Chju+tUvcC+N7N6EV08BJz41UZuO3BmHcN4A287ZLI=
-go.uber.org/dig v1.17.0/go.mod h1:rTxpf7l5I0eBTlE6/9RL+lDybC7WFwY2QH55ZSjy1mU=
-go.uber.org/fx v1.19.3 h1:YqMRE4+2IepTYCMOvXqQpRa+QAVdiSTnsHU4XNWBceA=
-go.uber.org/fx v1.19.3/go.mod h1:w2HrQg26ql9fLK7hlBiZ6JsRUKV+Lj/atT1KCjT8YhM=
+go.uber.org/dig v1.18.0 h1:imUL1UiY0Mg4bqbFfsRQO5G4CGRBec/ZujWTvSVp3pw=
+go.uber.org/dig v1.18.0/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE=
+go.uber.org/fx v1.23.0 h1:lIr/gYWQGfTwGcSXWXu4vP5Ws6iqnNEIY+F/aFzCKTg=
+go.uber.org/fx v1.23.0/go.mod h1:o/D9n+2mLP6v1EG+qsdT1O8wKopYAsqZasju97SDFCU=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200602180216-279210d13fed/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
-golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -487,8 +497,14 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -502,42 +518,59 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -547,23 +580,21 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
-golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.13.0 h1:a0T3bh+7fhRyqeNbiC3qVHYmkiQgit3wnNan/2c0HMM=
-gonum.org/v1/gonum v0.13.0/go.mod h1:/WPYRckkfWrhWefxyYTfrTtQR0KH4iyHNuzxqXAKyAU=
+gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0=
+gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o=
 google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
@@ -595,20 +626,19 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
@@ -618,10 +648,7 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI=
-lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
-nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
-nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0=
+lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE=
+lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=
 sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=

From e04e9a52fb2a39b528f0a6e5622c7f7fc1abc6e9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 11:51:27 +0100
Subject: [PATCH 2204/2268] chore(deps): Bump the aws-sdk group across 1
 directory with 6 updates (#1223)

Bumps the aws-sdk group with 4 updates in the / directory: [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2), [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) and [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2` from 1.31.0 to 1.32.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.31.0...v1.32.6)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.39 to 1.28.6
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.39...config/v1.28.6)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.37 to 1.17.47
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.37...credentials/v1.17.47)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.35.3 to 1.36.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/fms/v1.35.3...service/ecr/v1.36.7)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.33.3 to 1.34.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ivs/v1.33.3...service/sqs/v1.34.7)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.31.3 to 1.33.2
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.31.3...service/sfn/v1.33.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 28 ++++++++++++++--------------
 go.sum | 56 ++++++++++++++++++++++++++++----------------------------
 2 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index ad735c863..5dae00e62 100644
--- a/go.mod
+++ b/go.mod
@@ -13,13 +13,13 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.3.0
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/aws/aws-sdk-go-v2 v1.31.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.39
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.37
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3
-	github.com/aws/aws-sdk-go-v2/service/sts v1.31.3
-	github.com/aws/smithy-go v1.21.0
+	github.com/aws/aws-sdk-go-v2 v1.32.6
+	github.com/aws/aws-sdk-go-v2/config v1.28.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2
+	github.com/aws/smithy-go v1.22.1
 	github.com/coder/websocket v1.8.12
 	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/cyphar/filepath-securejoin v0.3.3
@@ -119,15 +119,15 @@ require (
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
diff --git a/go.sum b/go.sum
index e54f649d1..855b6aa77 100644
--- a/go.sum
+++ b/go.sum
@@ -80,38 +80,38 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
-github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
-github.com/aws/aws-sdk-go-v2/config v1.27.39 h1:FCylu78eTGzW1ynHcongXK9YHtoXD5AiiUqq3YfJYjU=
-github.com/aws/aws-sdk-go-v2/config v1.27.39/go.mod h1:wczj2hbyskP4LjMKBEZwPRO1shXY+GsQleab+ZXT2ik=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.37 h1:G2aOH01yW8X373JK419THj5QVqu9vKEwxSEsGxihoW0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.37/go.mod h1:0ecCjlb7htYCptRD45lXJ6aJDQac6D2NlKGpZqyTG6A=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc=
+github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
+github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
+github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3 h1:8/vARxqd0Pn2Gqhp+8PxxTm3HttUMR1i1vBBj7MNFfc=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.35.3/go.mod h1:oRaGEExKI6Pqcow+Tt7wpJf73/Srcj/CUJv5Eb9QFhg=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7 h1:R+5XKIJga2K9Dkj0/iQ6fD/MBGo02oxGGFTc512lK/Q=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7/go.mod h1:fDPQV/6ONOQOjvtKhtypIy1wcGLcKYtoK/lvZ9fyDGQ=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 h1:x0xMBhU7bgnMhwVMLk2EXdGsuyN1tyN0Wr58D8sKtgY=
 github.com/aws/aws-sdk-go-v2/service/kms v1.33.1/go.mod h1:XZKD0yH6t3f2W+H+eUil6qcm/s9LGfGV9js34TaSbyI=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3 h1:W2M3kQSuN1+FXgV2wMv1JMWPxw/37wBN87QHYDuTV0Y=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.33.3/go.mod h1:WyLS5qwXHtjKAONYZq/4ewdd+hcVsa3LBu77Ow5uj3k=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 h1:rs4JCczF805+FDv2tRhZ1NU0RB2H6ryAvsWPanAr72Y=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.3/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 h1:S7EPdMVZod8BGKQQPTBK+FcX9g7bKR7c4+HxWqHP7Vg=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.3 h1:VzudTFrDCIDakXtemR7l6Qzt2+JYsVqo2MxBPt5k8T8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.3/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
-github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
-github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7 h1:Nyfbgei75bohfmZNxgN27i528dGYVzqWJGlAO6lzXy8=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7/go.mod h1:FG4p/DciRxPgjA+BEOlwRHN0iA8hX2h9g5buSy3cTDA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8=
+github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
+github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

From 79765a755dc754873c389f47a1a79d0064d178e9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 09:36:44 +0000
Subject: [PATCH 2205/2268] chore(deps): Bump github.com/getsops/sops/v3 from
 3.8.1 to 3.9.1

Bumps [github.com/getsops/sops/v3](https://github.com/getsops/sops) from 3.8.1 to 3.9.1.
- [Release notes](https://github.com/getsops/sops/releases)
- [Changelog](https://github.com/getsops/sops/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/getsops/sops/compare/v3.8.1...v3.9.1)

---
updated-dependencies:
- dependency-name: github.com/getsops/sops/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod |  60 ++++++++++++-----------
 go.sum | 151 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 106 insertions(+), 105 deletions(-)

diff --git a/go.mod b/go.mod
index 5dae00e62..2c05e450d 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/docker/cli v27.3.1+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/getsops/sops/v3 v3.8.1
+	github.com/getsops/sops/v3 v3.9.1
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1 // indirect
@@ -41,7 +41,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/googleapis/gax-go/v2 v2.13.0
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/vault/api v1.14.0
+	github.com/hashicorp/vault/api v1.15.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/huandu/xstrings v1.5.0
 	github.com/imdario/mergo v0.3.16
@@ -77,8 +77,8 @@ require (
 	golang.org/x/sys v0.27.0
 	golang.org/x/term v0.26.0 // indirect
 	golang.org/x/text v0.20.0 // indirect
-	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1
-	google.golang.org/grpc v1.66.0
+	google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f
+	google.golang.org/grpc v1.67.1
 	google.golang.org/protobuf v1.34.2
 	helm.sh/helm/v3 v3.16.1
 	k8s.io/api v0.31.1
@@ -96,12 +96,13 @@ require (
 
 require (
 	cloud.google.com/go v0.115.1 // indirect
-	cloud.google.com/go/auth v0.9.3 // indirect
+	cloud.google.com/go/auth v0.9.7 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
-	cloud.google.com/go/compute/metadata v0.5.0 // indirect
-	cloud.google.com/go/iam v1.2.0 // indirect
-	cloud.google.com/go/kms v1.19.0 // indirect
-	cloud.google.com/go/longrunning v0.6.0 // indirect
+	cloud.google.com/go/compute/metadata v0.5.2 // indirect
+	cloud.google.com/go/iam v1.2.1 // indirect
+	cloud.google.com/go/kms v1.20.0 // indirect
+	cloud.google.com/go/longrunning v0.6.1 // indirect
+	cloud.google.com/go/storage v1.43.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
@@ -117,15 +118,21 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
-	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -134,11 +141,10 @@ require (
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
 	github.com/bytedance/sonic v1.11.8 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
-	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
-	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/cloudflare/circl v1.4.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/containerd/containerd v1.7.18 // indirect
@@ -146,11 +152,11 @@ require (
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v27.0.0+incompatible // indirect
+	github.com/docker/docker v27.3.1+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -169,7 +175,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
@@ -177,7 +183,6 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
@@ -189,7 +194,7 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
@@ -206,7 +211,7 @@ require (
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.7 // indirect
 	github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -230,7 +235,6 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.4.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
@@ -277,9 +281,9 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect
+	go.opentelemetry.io/otel v1.30.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
@@ -288,10 +292,10 @@ require (
 	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.30.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.30.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
@@ -300,10 +304,10 @@ require (
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.196.0 // indirect
+	google.golang.org/api v0.199.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 855b6aa77..803f2cb1b 100644
--- a/go.sum
+++ b/go.sum
@@ -3,20 +3,22 @@ c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZ
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ=
 cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc=
-cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U=
-cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk=
+cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA=
+cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM=
 cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
 cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
-cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
-cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
-cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8=
-cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q=
-cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU=
-cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM=
-cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI=
-cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts=
+cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
+cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU=
+cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g=
+cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY=
+cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM=
+cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc=
+cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0=
 cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM=
 cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U=
+cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs=
+cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
@@ -68,8 +70,8 @@ github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/
 github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
-github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton h1:ZGewsAoeSirbUS5cO8L0FMQA+iSop9xR1nmFYifDBPo=
+github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -82,26 +84,38 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
 github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 h1:xDAuZTn4IMm8o1LnBZvmrL8JA1io4o3YWNXgohbf20g=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5/go.mod h1:wYSv6iDS621sEFLfKvpPE2ugjTuGlAG7iROg0hLOkfc=
 github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
 github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25 h1:HkpHeZMM39sGtMHVYG1buAg93vhj5d7F81y6G0OAbGc=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25/go.mod h1:j3Vz04ZjaWA6kygOsZRpmWe4CyGqfqq2u3unDTU0QGA=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 h1:OWYvKL53l1rbsUmW7bQyJVsYU/Ii3bbAAQIIFNbM0Tk=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18/go.mod h1:CUx0G1v3wG6l01tUB+j7Y8kclA8NSqK4ef0YG79a4cg=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7 h1:R+5XKIJga2K9Dkj0/iQ6fD/MBGo02oxGGFTc512lK/Q=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7/go.mod h1:fDPQV/6ONOQOjvtKhtypIy1wcGLcKYtoK/lvZ9fyDGQ=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 h1:rTWjG6AvWekO2B1LHeM3ktU7MqyX9rzWQ7hgzneZW7E=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20/go.mod h1:RGW2DDpVc8hu6Y6yG8G5CHVmVOAn1oV8rNKOHRJyswg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
-github.com/aws/aws-sdk-go-v2/service/kms v1.33.1 h1:x0xMBhU7bgnMhwVMLk2EXdGsuyN1tyN0Wr58D8sKtgY=
-github.com/aws/aws-sdk-go-v2/service/kms v1.33.1/go.mod h1:XZKD0yH6t3f2W+H+eUil6qcm/s9LGfGV9js34TaSbyI=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 h1:eb+tFOIl9ZsUe2259/BKPeniKuz4/02zZFH/i4Nf8Rg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18/go.mod h1:GVCC2IJNJTmdlyEsSmofEy7EfJncP7DNnXDzRjJ5Keg=
+github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 h1:iHi6lC6LfW6SNvB2bixmlOW3WMyWFrHZCWX+P+CCxMk=
+github.com/aws/aws-sdk-go-v2/service/kms v1.36.3/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 h1:3zt8qqznMuAZWDTDpcwv9Xr11M/lVj2FsRR7oYBt0OA=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3/go.mod h1:NLTqRLe3pUNu3nTEHI6XlHLKYmc8fbHUdMxAB6+s41Q=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7 h1:Nyfbgei75bohfmZNxgN27i528dGYVzqWJGlAO6lzXy8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7/go.mod h1:FG4p/DciRxPgjA+BEOlwRHN0iA8hX2h9g5buSy3cTDA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
@@ -127,13 +141,10 @@ github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0=
 github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
 github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.11.8 h1:Zw/j1KfiS+OYTi9lyB3bb0CFxPJVkM17k1wyDG32LRA=
 github.com/bytedance/sonic v1.11.8/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
 github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
-github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -143,9 +154,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
 github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
-github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
+github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY=
+github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
 github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
@@ -158,8 +168,8 @@ github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKk
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
 github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao=
 github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4=
-github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
-github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
+github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
 github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
@@ -170,8 +180,9 @@ github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoE
 github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyphar/filepath-securejoin v0.3.3 h1:lofZkCEVFIBe0KcdQOzFs8Soy9oaHOWl4gGtPI+gCFc=
@@ -192,8 +203,8 @@ github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPD
 github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.0.0+incompatible h1:JRugTYuelmWlW0M3jakcIadDx2HUoUO6+Tf2C5jVfwA=
-github.com/docker/docker v27.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI=
+github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -239,8 +250,8 @@ github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
-github.com/getsops/sops/v3 v3.8.1 h1:3A6KZEHAolxfXtlgRjncCotTGRiNaQFhSDOB2CUCojY=
-github.com/getsops/sops/v3 v3.8.1/go.mod h1:qyVOmSwvNRUzspJ7X/mh/J8HmDV81OQ5PgDoGSmvvHM=
+github.com/getsops/sops/v3 v3.9.1 h1:wXsqzEsUPVQPcxsvjpwpqqD3DVRe9UZKJ7LSf5rzuLA=
+github.com/getsops/sops/v3 v3.9.1/go.mod h1:k3XzAfcvMI1Rfyw2tky0/RakHrdbVcUrtCGTYsmkMY8=
 github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
 github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -261,8 +272,8 @@ github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwR
 github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
-github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -295,8 +306,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-viper/mapstructure/v2 v2.2.0 h1:zGE1Kaz78LVwzU0kOfZuqwKKiG1gLkHTZ/cZioHp9po=
-github.com/go-viper/mapstructure/v2 v2.2.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
+github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
@@ -347,6 +358,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
+github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
+github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
 github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
 github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
 github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
@@ -356,8 +369,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0=
-github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
 github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
 github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
@@ -397,16 +410,16 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSY
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I=
-github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
+github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw=
+github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
 github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
 github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
 github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
-github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
+github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
+github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
@@ -527,10 +540,10 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss=
-github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8=
-github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
-github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
+github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w=
+github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA=
+github.com/ory/dockertest/v3 v3.11.0 h1:OiHcxKAvSDUwsEVh2BjxQQc/5EHz9n0va9awCtNGuyA=
+github.com/ory/dockertest/v3 v3.11.0/go.mod h1:VIPxS1gwT9NpPOrfD3rACs8Y9Z7yhzO4SB194iUDnUI=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
@@ -673,12 +686,12 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
-go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
-go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI=
+go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts=
+go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
@@ -695,14 +708,14 @@ go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgY
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
-go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
-go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w=
+go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ=
 go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo=
 go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok=
 go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
 go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
-go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
-go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
+go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc=
+go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
 go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
@@ -722,8 +735,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
 golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -735,7 +746,6 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -753,9 +763,6 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
 golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -768,7 +775,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
 golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -789,17 +795,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
 golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
 golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -808,9 +809,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
 golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
@@ -824,7 +822,6 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
 golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -833,8 +830,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg=
-google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE=
+google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs=
+google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
@@ -843,19 +840,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU=
-google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4=
-google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI=
+google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM=
+google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA=
+google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c=
-google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 074cc487780d524a40249324aafbb5438d9a338a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 11:47:33 +0100
Subject: [PATCH 2206/2268] chore: Sync decryptor.go with upstream
 kustomize-controller version

---
 pkg/sops/decryptor/decryptor.go | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/pkg/sops/decryptor/decryptor.go b/pkg/sops/decryptor/decryptor.go
index 2ef161eb9..afb233481 100644
--- a/pkg/sops/decryptor/decryptor.go
+++ b/pkg/sops/decryptor/decryptor.go
@@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	intkeyservice "github.com/kluctl/kluctl/v2/pkg/sops/keyservice"
 	"io/fs"
 	"os"
 	"path/filepath"
@@ -34,6 +35,7 @@ import (
 	"github.com/getsops/sops/v3/age"
 	"github.com/getsops/sops/v3/cmd/sops/common"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
+	"github.com/getsops/sops/v3/config"
 	"github.com/getsops/sops/v3/keys"
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/pgp"
@@ -150,7 +152,7 @@ func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat
 		}
 	}()
 
-	store := common.StoreForFormat(inputFormat)
+	store := common.StoreForFormat(inputFormat, config.NewStoresConfig())
 
 	tree, err := store.LoadEncryptedFile(data)
 	if err != nil {
@@ -164,7 +166,14 @@ func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat
 		})
 	}
 
-	metadataKey, err := tree.Metadata.GetDataKeyWithKeyServices(d.keyServices)
+	for _, group := range tree.Metadata.KeyGroups {
+		// Sort MasterKeys in the group so offline ones are tried first
+		sort.SliceStable(group, func(i, j int) bool {
+			return intkeyservice.IsOfflineMethod(group[i]) && !intkeyservice.IsOfflineMethod(group[j])
+		})
+	}
+
+	metadataKey, err := tree.Metadata.GetDataKeyWithKeyServices(d.keyServices, sops.DefaultDecryptionOrder)
 	if err != nil {
 		return nil, sopsUserErr("cannot get sops data key", err)
 	}
@@ -197,7 +206,7 @@ func (d *Decryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat
 		}
 	}
 
-	outputStore := common.StoreForFormat(outputFormat)
+	outputStore := common.StoreForFormat(outputFormat, config.NewStoresConfig())
 	out, err := outputStore.EmitPlainFile(tree.Branches)
 	if err != nil {
 		return nil, sopsUserErr(fmt.Sprintf("failed to emit encrypted %s file as decrypted %s",
@@ -384,7 +393,7 @@ func (d *Decryptor) sopsDecryptFile(path string, inputFormat, outputFormat forma
 // and then encrypt the file data with the retrieved data key.
 // It returns the encrypted bytes in the provided output format, or an error.
 func (d *Decryptor) sopsEncryptWithFormat(metadata sops.Metadata, data []byte, inputFormat, outputFormat formats.Format) ([]byte, error) {
-	store := common.StoreForFormat(inputFormat)
+	store := common.StoreForFormat(inputFormat, config.NewStoresConfig())
 
 	branches, err := store.LoadPlainFile(data)
 	if err != nil {
@@ -411,7 +420,7 @@ func (d *Decryptor) sopsEncryptWithFormat(metadata sops.Metadata, data []byte, i
 		return nil, sopsUserErr("cannot encrypt sops data tree", err)
 	}
 
-	outStore := common.StoreForFormat(outputFormat)
+	outStore := common.StoreForFormat(outputFormat, config.NewStoresConfig())
 	out, err := outStore.EmitEncryptedFile(tree)
 	if err != nil {
 		return nil, sopsUserErr("failed to emit sops encrypted file", err)
@@ -539,9 +548,13 @@ func recurseKustomizationFiles(root, path string, visit visitKustomization, visi
 		return err
 	}
 
+	// Components may contain resources as well, ...
+	// ...so we have to process both .resources and .components values
+	resources := append(kus.Resources, kus.Components...)
+
 	// Recurse over other resources in Kustomization,
 	// repeating the above logic per item
-	for _, res := range kus.Resources {
+	for _, res := range resources {
 		if !filepath.IsAbs(res) {
 			res = filepath.Join(path, res)
 		}

From 6211205758c177cdd8adadd4782c18cb4c1f99c4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 10:35:53 +0000
Subject: [PATCH 2207/2268] chore(deps): Bump google.golang.org/grpc from
 1.66.0 to 1.68.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.0 to 1.68.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.66.0...v1.68.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 3 ++-
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2c05e450d..c0c6e1502 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
 module github.com/kluctl/kluctl/v2
 
 go 1.22.0
+toolchain go1.22.9
 
 replace github.com/kluctl/kluctl/lib => ./lib
 
@@ -78,7 +79,7 @@ require (
 	golang.org/x/term v0.26.0 // indirect
 	golang.org/x/text v0.20.0 // indirect
 	google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f
-	google.golang.org/grpc v1.67.1
+	google.golang.org/grpc v1.68.0
 	google.golang.org/protobuf v1.34.2
 	helm.sh/helm/v3 v3.16.1
 	k8s.io/api v0.31.1
diff --git a/go.sum b/go.sum
index 803f2cb1b..74eead5fc 100644
--- a/go.sum
+++ b/go.sum
@@ -851,8 +851,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 56621f91815cea153fd00b51c0b617dbbcc52847 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 11:50:56 +0100
Subject: [PATCH 2208/2268] ci: Run go mod tidy check earlier

---
 .github/workflows/tests.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2fbc726ef..0c12b26d8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -46,6 +46,15 @@ jobs:
       - name: Check links on changed files
         run: |
           make markdown-link-check
+      - name: Verify go.mod and go.sum are clean
+        run: |
+          go mod tidy
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "go mod tidy must be invoked and the result committed"
+            git status
+            git diff
+            exit 1
+          fi
       - name: Verify commands help is up-to-date
         run: |
           make replace-commands-help
@@ -82,15 +91,6 @@ jobs:
             git diff
             exit 1
           fi
-      - name: Verify go.mod and go.sum are clean
-        run: |
-          go mod tidy
-          if [ ! -z "$(git status --porcelain)" ]; then
-            echo "go mod tidy must be invoked and the result committed"
-            git status
-            git diff
-            exit 1
-          fi
 
   check-npm-build:
     runs-on: ubuntu-latest

From 78e2a5e323229f795c6eaa9696efed10c5c929fa Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 11:54:04 +0100
Subject: [PATCH 2209/2268] chore: Increase go version in go.mod to 1.22.7

---
 go.mod | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index c0c6e1502..0e7438044 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.22.0
+go 1.22.7
+
 toolchain go1.22.9
 
 replace github.com/kluctl/kluctl/lib => ./lib

From 1143e1412882261cc37f1e137e772716c07e5aff Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 16:29:34 +0100
Subject: [PATCH 2210/2268] docs: Add missing spec.timeout to
 kluctldeployment.md (#1225)

---
 docs/gitops/spec/v1beta1/kluctldeployment.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/gitops/spec/v1beta1/kluctldeployment.md b/docs/gitops/spec/v1beta1/kluctldeployment.md
index 8ea4e0ac1..7a2d74110 100644
--- a/docs/gitops/spec/v1beta1/kluctldeployment.md
+++ b/docs/gitops/spec/v1beta1/kluctldeployment.md
@@ -135,6 +135,13 @@ See [Reconciliation](#reconciliation).
 If set, the controller will periodically force a deployment, even if the rendered manifests have not changed. 
 See [Reconciliation](#reconciliation) for more details.
 
+### timeout
+The maximum time granted for the all the work needed to perform in a reconciliation. If `timeout` is not specified,
+then the value of `deployInterval` is used as the default value, but only if it is set. If `deployInterval` is not set,
+then the value of `interval` is used as default.
+
+When a reconciliation takes longer then the determined timeout value, then the reconciliation is aborted with an error.
+
 ### suspend
 See [Reconciliation](#reconciliation).
 

From bad02b39e6e04550bd04f23d0f51018c15f22eb7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 16:31:04 +0100
Subject: [PATCH 2211/2268] fix: Only use timeout restricted context for actual
 work, not the things around (#1224)

For example, we should not have the timeout active when writing the
command result, which must also be possible when the timeout hit while
deploying.
---
 cmd/kluctl/commands/cmd_delete.go      |  2 +-
 cmd/kluctl/commands/cmd_deploy.go      | 20 ++++++++++----------
 cmd/kluctl/commands/cmd_diff.go        |  2 +-
 cmd/kluctl/commands/cmd_poke_images.go |  2 +-
 cmd/kluctl/commands/cmd_prune.go       |  8 ++++----
 cmd/kluctl/commands/cmd_render.go      |  4 ++--
 cmd/kluctl/commands/cmd_validate.go    | 10 +++++-----
 cmd/kluctl/commands/command_result.go  | 20 ++++++++++----------
 cmd/kluctl/commands/utils.go           |  2 --
 9 files changed, 34 insertions(+), 36 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_delete.go b/cmd/kluctl/commands/cmd_delete.go
index 5b41b5999..463c84a71 100644
--- a/cmd/kluctl/commands/cmd_delete.go
+++ b/cmd/kluctl/commands/cmd_delete.go
@@ -60,7 +60,7 @@ func (cmd *deleteCmd) Run(ctx context.Context) error {
 			return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
 		})
 
-		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+		err := outputCommandResult(ctx, cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_deploy.go b/cmd/kluctl/commands/cmd_deploy.go
index 8c868cc38..f0cbc20ef 100644
--- a/cmd/kluctl/commands/cmd_deploy.go
+++ b/cmd/kluctl/commands/cmd_deploy.go
@@ -67,13 +67,13 @@ func (cmd *deployCmd) Run(ctx context.Context) error {
 		discriminator:        cmd.Discriminator,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdDeploy(cmdCtx)
+		return cmd.runCmdDeploy(ctx, cmdCtx)
 	})
 }
 
-func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
-	status.Trace(cmdCtx.ctx, "enter runCmdDeploy")
-	defer status.Trace(cmdCtx.ctx, "leave runCmdDeploy")
+func (cmd *deployCmd) runCmdDeploy(ctx context.Context, cmdCtx *commandCtx) error {
+	status.Trace(ctx, "enter runCmdDeploy")
+	defer status.Trace(ctx, "leave runCmdDeploy")
 
 	cmd2 := commands.NewDeployCommand(cmdCtx.targetCtx)
 	cmd2.ForceApply = cmd.ForceApply
@@ -86,14 +86,14 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	cmd2.WaitPrune = !cmd.NoWait
 
 	cb := func(diffResult *result.CommandResult) error {
-		return cmd.diffResultCb(cmdCtx, diffResult)
+		return cmd.diffResultCb(ctx, cmdCtx, diffResult)
 	}
 	if cmd.Yes || cmd.DryRun {
 		cb = nil
 	}
 
 	result := cmd2.Run(cb)
-	err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+	err := outputCommandResult(ctx, cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}
@@ -103,11 +103,11 @@ func (cmd *deployCmd) runCmdDeploy(cmdCtx *commandCtx) error {
 	return nil
 }
 
-func (cmd *deployCmd) diffResultCb(ctx *commandCtx, diffResult *result.CommandResult) error {
+func (cmd *deployCmd) diffResultCb(ctx context.Context, cmdCtx *commandCtx, diffResult *result.CommandResult) error {
 	flags := cmd.OutputFormatFlags
 	flags.OutputFormat = nil // use default output format
 
-	err := outputCommandResult(ctx, flags, diffResult, false)
+	err := outputCommandResult(ctx, cmdCtx, flags, diffResult, false)
 	if err != nil {
 		return err
 	}
@@ -115,11 +115,11 @@ func (cmd *deployCmd) diffResultCb(ctx *commandCtx, diffResult *result.CommandRe
 		return nil
 	}
 	if len(diffResult.Errors) != 0 {
-		if !prompts.AskForConfirmation(ctx.ctx, "The diff resulted in errors, do you still want to proceed?") {
+		if !prompts.AskForConfirmation(ctx, "The diff resulted in errors, do you still want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	} else {
-		if !prompts.AskForConfirmation(ctx.ctx, "The diff succeeded, do you want to proceed?") {
+		if !prompts.AskForConfirmation(ctx, "The diff succeeded, do you want to proceed?") {
 			return fmt.Errorf("aborted")
 		}
 	}
diff --git a/cmd/kluctl/commands/cmd_diff.go b/cmd/kluctl/commands/cmd_diff.go
index 53a13f4a7..c2c2d0096 100644
--- a/cmd/kluctl/commands/cmd_diff.go
+++ b/cmd/kluctl/commands/cmd_diff.go
@@ -57,7 +57,7 @@ func (cmd *diffCmd) Run(ctx context.Context) error {
 		cmd2.IgnoreAnnotations = cmd.IgnoreAnnotations
 		cmd2.IgnoreKluctlMetadata = cmd.IgnoreKluctlMetadata
 		result := cmd2.Run()
-		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, false)
+		err := outputCommandResult(ctx, cmdCtx, cmd.OutputFormatFlags, result, false)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_poke_images.go b/cmd/kluctl/commands/cmd_poke_images.go
index 96d7351d6..5ce9eb5d2 100644
--- a/cmd/kluctl/commands/cmd_poke_images.go
+++ b/cmd/kluctl/commands/cmd_poke_images.go
@@ -56,7 +56,7 @@ func (cmd *pokeImagesCmd) Run(ctx context.Context) error {
 		cmd2 := commands.NewPokeImagesCommand(cmdCtx.targetCtx)
 
 		result := cmd2.Run()
-		err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+		err := outputCommandResult(ctx, cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/kluctl/commands/cmd_prune.go b/cmd/kluctl/commands/cmd_prune.go
index 732d0570c..ac35825e9 100644
--- a/cmd/kluctl/commands/cmd_prune.go
+++ b/cmd/kluctl/commands/cmd_prune.go
@@ -52,16 +52,16 @@ func (cmd *pruneCmd) Run(ctx context.Context) error {
 		discriminator:        cmd.Discriminator,
 	}
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
-		return cmd.runCmdPrune(cmdCtx)
+		return cmd.runCmdPrune(ctx, cmdCtx)
 	})
 }
 
-func (cmd *pruneCmd) runCmdPrune(cmdCtx *commandCtx) error {
+func (cmd *pruneCmd) runCmdPrune(ctx context.Context, cmdCtx *commandCtx) error {
 	cmd2 := commands.NewPruneCommand(cmdCtx.targetCtx.Target.Discriminator, cmdCtx.targetCtx, true)
 	result := cmd2.Run(func(refs []k8s2.ObjectRef) error {
-		return confirmDeletion(cmdCtx.ctx, refs, cmd.DryRun, cmd.Yes)
+		return confirmDeletion(ctx, refs, cmd.DryRun, cmd.Yes)
 	})
-	err := outputCommandResult(cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
+	err := outputCommandResult(ctx, cmdCtx, cmd.OutputFormatFlags, result, !cmd.DryRun || cmd.ForceWriteCommandResult)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/kluctl/commands/cmd_render.go b/cmd/kluctl/commands/cmd_render.go
index 8036642f0..5dbc57ff3 100644
--- a/cmd/kluctl/commands/cmd_render.go
+++ b/cmd/kluctl/commands/cmd_render.go
@@ -67,10 +67,10 @@ func (cmd *renderCmd) Run(ctx context.Context) error {
 			if isTmp {
 				defer os.RemoveAll(cmd.RenderOutputDir)
 			}
-			status.Flush(cmdCtx.ctx)
+			status.Flush(ctx)
 			return yaml.WriteYamlAllStream(getStdout(ctx), all)
 		} else {
-			status.Infof(cmdCtx.ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
+			status.Infof(ctx, "Rendered into %s", cmdCtx.targetCtx.SharedContext.RenderDir)
 		}
 		return nil
 	})
diff --git a/cmd/kluctl/commands/cmd_validate.go b/cmd/kluctl/commands/cmd_validate.go
index 315f3694a..dfb7351ee 100644
--- a/cmd/kluctl/commands/cmd_validate.go
+++ b/cmd/kluctl/commands/cmd_validate.go
@@ -47,23 +47,23 @@ func (cmd *validateCmd) Run(ctx context.Context) error {
 
 	return withProjectCommandContext(ctx, ptArgs, func(cmdCtx *commandCtx) error {
 		cmd2 := commands.NewValidateCommand("", cmdCtx.targetCtx)
-		return cmd.doValidate(cmdCtx, cmd2)
+		return cmd.doValidate(ctx, cmdCtx, cmd2)
 	})
 }
 
-func (cmd *validateCmd) doValidate(ctx *commandCtx, cmd2 *commands.ValidateCommand) error {
+func (cmd *validateCmd) doValidate(ctx context.Context, cmdCtx *commandCtx, cmd2 *commands.ValidateCommand) error {
 	startTime := time.Now()
 	for true {
-		result := cmd2.Run(ctx.ctx)
+		result := cmd2.Run(ctx)
 		failed := len(result.Errors) != 0 || (cmd.WarningsAsErrors && len(result.Warnings) != 0)
 
-		err := outputValidateResult(ctx, cmd.Output, result)
+		err := outputValidateResult(ctx, cmdCtx, cmd.Output, result)
 		if err != nil {
 			return err
 		}
 
 		if !failed {
-			status.Info(ctx.ctx, "Validation succeeded")
+			status.Info(ctx, "Validation succeeded")
 			return nil
 		}
 
diff --git a/cmd/kluctl/commands/command_result.go b/cmd/kluctl/commands/command_result.go
index d94c3cb99..debd70dc4 100644
--- a/cmd/kluctl/commands/command_result.go
+++ b/cmd/kluctl/commands/command_result.go
@@ -221,8 +221,8 @@ func outputHelper(ctx context.Context, output []string, cb func(format string) (
 	return nil
 }
 
-func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
-	cr.Id = ctx.resultId
+func outputCommandResult(ctx context.Context, cmdCtx *commandCtx, flags args.OutputFormatFlags, cr *result.CommandResult, writeToResultStore bool) error {
+	cr.Id = cmdCtx.resultId
 	cr.Command.Initiator = result.CommandInititiator_CommandLine
 
 	if !flags.NoObfuscate {
@@ -234,8 +234,8 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 	}
 
 	var resultStoreErr error
-	if writeToResultStore && ctx.resultStore != nil {
-		s := status.Start(ctx.ctx, "Writing command result")
+	if writeToResultStore && cmdCtx.resultStore != nil {
+		s := status.Start(ctx, "Writing command result")
 		defer s.Failed()
 
 		didWarn := false
@@ -244,11 +244,11 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 			cr.Warnings = append(cr.Warnings, result.DeploymentError{
 				Message: warning,
 			})
-			status.Warning(ctx.ctx, warning)
+			status.Warning(ctx, warning)
 			didWarn = true
 		}
 
-		resultStoreErr = ctx.resultStore.WriteCommandResult(cr)
+		resultStoreErr = cmdCtx.resultStore.WriteCommandResult(cr)
 		if resultStoreErr != nil {
 			s.FailedWithMessagef("Failed to write result to result store: %s", resultStoreErr.Error())
 		} else {
@@ -259,7 +259,7 @@ func outputCommandResult(ctx *commandCtx, flags args.OutputFormatFlags, cr *resu
 			}
 		}
 	}
-	err := outputCommandResult2(ctx.ctx, flags, cr)
+	err := outputCommandResult2(ctx, flags, cr)
 	if err == nil && resultStoreErr != nil {
 		return resultStoreErr
 	}
@@ -275,10 +275,10 @@ func outputCommandResult2(ctx context.Context, flags args.OutputFormatFlags, cr
 	return err
 }
 
-func outputValidateResult(ctx *commandCtx, output []string, vr *result.ValidateResult) error {
-	vr.Id = ctx.resultId
+func outputValidateResult(ctx context.Context, cmdCtx *commandCtx, output []string, vr *result.ValidateResult) error {
+	vr.Id = cmdCtx.resultId
 
-	return outputValidateResult2(ctx.ctx, output, vr)
+	return outputValidateResult2(ctx, output, vr)
 }
 
 func outputValidateResult2(ctx context.Context, output []string, vr *result.ValidateResult) error {
diff --git a/cmd/kluctl/commands/utils.go b/cmd/kluctl/commands/utils.go
index a2a9d0ef0..0576759d1 100644
--- a/cmd/kluctl/commands/utils.go
+++ b/cmd/kluctl/commands/utils.go
@@ -150,7 +150,6 @@ type projectTargetCommandArgs struct {
 }
 
 type commandCtx struct {
-	ctx       context.Context
 	targetCtx *target_context.TargetContext
 	images    *deployment.Images
 
@@ -255,7 +254,6 @@ func withProjectTargetCommandContext(ctx context.Context, args projectTargetComm
 		}
 	}
 	cmdCtx := &commandCtx{
-		ctx:         ctx,
 		targetCtx:   targetCtx,
 		images:      images,
 		resultId:    commandResultId,

From 7070e65953b7b2b1c5e43257ab2d1a0e71bcbf0c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 10 Dec 2024 21:51:15 +0100
Subject: [PATCH 2212/2268] ci: Switch to macos-13 in CI (#1236)

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0c12b26d8..2121ad07c 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -167,7 +167,7 @@ jobs:
             run_e2e_non_gitops: false
             run_e2e_gitops: true
             name: ubuntu-gitops
-          - os: macos-12
+          - os: macos-13
             run_unit_tests: true
             # only run e2e tests on branches
             run_e2e_non_gitops: ${{ github.event_name != 'pull_request' }}

From 10087a720a9993a159036210ab121bf7b6bbaf51 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 20:30:00 +0100
Subject: [PATCH 2213/2268] feat: Implement per-namespace list in
 RemoteObjectUtils in case of permission errors

This will allow orphan object detection to work in many cases even if
permissions are limited to just single namespaces.
---
 pkg/deployment/utils/remote_objects_utils.go | 52 ++++++++++++++------
 1 file changed, 38 insertions(+), 14 deletions(-)

diff --git a/pkg/deployment/utils/remote_objects_utils.go b/pkg/deployment/utils/remote_objects_utils.go
index bb1099cdc..4c6e7d47d 100644
--- a/pkg/deployment/utils/remote_objects_utils.go
+++ b/pkg/deployment/utils/remote_objects_utils.go
@@ -33,7 +33,7 @@ func NewRemoteObjectsUtil(ctx context.Context, dew *DeploymentErrorsAndWarnings)
 	}
 }
 
-func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminator *string, onlyUsedGKs map[schema.GroupKind]bool) error {
+func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminator *string, usedNamespaces map[string]bool, onlyUsedGKs map[schema.GroupKind]bool) error {
 	var mutex sync.Mutex
 	if discriminator == nil {
 		return nil
@@ -85,24 +85,36 @@ func (u *RemoteObjectUtils) getAllByDiscriminator(k *k8s.K8sCluster, discriminat
 			}
 			mutex.Lock()
 			defer mutex.Unlock()
-			if err != nil {
-				if errors2.IsNotFound(err) {
-					return
-				}
+			if errors2.IsNotFound(err) {
+				// ignore this error
+				return
+			} else if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
 				errCount += 1
-				if errors2.IsForbidden(err) || errors2.IsUnauthorized(err) {
-					permissionErrCount += 1
-					return
+				permissionErrCount += 1
+
+				// fall back to ListObjects per namespace
+				for ns, _ := range usedNamespaces {
+					l2, _, err2 := k.ListObjects(gvk, ns, labels)
+					if err2 == nil && len(l2) != 0 {
+						u.dew.AddWarning(k8s2.ObjectRef{}, fmt.Errorf("listing objects by discriminator on global level failed due to permission errors, so Kluctl reverted to listing on namespace level. "+
+							"This is not realiable and might end up missing detection for some orphan object"))
+						for _, o := range l2 {
+							u.remoteObjects[o.GetK8sRef()] = o
+						}
+					}
 				}
+			} else if err != nil {
+				errCount += 1
 				u.dew.AddWarning(k8s2.ObjectRef{
 					Group:   gvk.Group,
 					Version: gvk.Version,
 					Kind:    gvk.Kind,
 				}, err)
-				return
-			}
-			for _, o := range l {
-				u.remoteObjects[o.GetK8sRef()] = o
+			} else {
+				// no error
+				for _, o := range l {
+					u.remoteObjects[o.GetK8sRef()] = o
+				}
 			}
 		})
 	}
@@ -189,8 +201,20 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator
 		return nil
 	}
 
-	var usedGKs map[schema.GroupKind]bool
+	usedNamespaces := map[string]bool{}
+	nsKind := schema.GroupKind{
+		Group: "",
+		Kind:  "Namespace",
+	}
+	for _, ref := range refs {
+		if ref.GroupKind() == nsKind {
+			usedNamespaces[ref.Name] = true
+		} else if ref.Namespace != "" {
+			usedNamespaces[ref.Namespace] = true
+		}
+	}
 
+	var usedGKs map[schema.GroupKind]bool
 	if onlyUsedGKs {
 		usedGKs = map[schema.GroupKind]bool{}
 		for _, ref := range refs {
@@ -198,7 +222,7 @@ func (u *RemoteObjectUtils) UpdateRemoteObjects(k *k8s.K8sCluster, discriminator
 		}
 	}
 
-	err := u.getAllByDiscriminator(k, discriminator, usedGKs)
+	err := u.getAllByDiscriminator(k, discriminator, usedNamespaces, usedGKs)
 	if err != nil {
 		return err
 	}

From 9b86b15cd9cf10250882c3009d60268c16a89209 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 2 Dec 2024 20:28:53 +0100
Subject: [PATCH 2214/2268] test: Add test to ensure that orphan object
 detection works with limited permissions

---
 e2e/remote_objects_permission_test.go | 63 +++++++++++++++++++++++++--
 1 file changed, 60 insertions(+), 3 deletions(-)

diff --git a/e2e/remote_objects_permission_test.go b/e2e/remote_objects_permission_test.go
index a0c14b989..fab8d61a2 100644
--- a/e2e/remote_objects_permission_test.go
+++ b/e2e/remote_objects_permission_test.go
@@ -14,6 +14,8 @@ import (
 func buildSingleNamespaceRbac(username string, namespace string, globalResources []schema.GroupResource, resources []schema.GroupResource) []*uo.UnstructuredObject {
 	var ret []*uo.UnstructuredObject
 
+	verbs := []string{"create", "update", "patch", "get", "list", "watch", "delete"}
+
 	var clusterRole v1.ClusterRole
 	clusterRole.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("ClusterRole"))
 	clusterRole.Name = username
@@ -21,13 +23,13 @@ func buildSingleNamespaceRbac(username string, namespace string, globalResources
 		APIGroups:     []string{""},
 		Resources:     []string{"namespaces"},
 		ResourceNames: []string{namespace},
-		Verbs:         []string{"create", "update", "patch", "get", "list", "watch"},
+		Verbs:         verbs,
 	})
 	for _, r := range globalResources {
 		clusterRole.Rules = append(clusterRole.Rules, v1.PolicyRule{
 			APIGroups: []string{r.Group},
 			Resources: []string{r.Resource},
-			Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
+			Verbs:     verbs,
 		})
 	}
 	ret = append(ret, uo.FromStructMust(clusterRole))
@@ -40,7 +42,7 @@ func buildSingleNamespaceRbac(username string, namespace string, globalResources
 		role.Rules = append(role.Rules, v1.PolicyRule{
 			APIGroups: []string{r.Group},
 			Resources: []string{r.Resource},
-			Verbs:     []string{"create", "update", "patch", "get", "list", "watch"},
+			Verbs:     verbs,
 		})
 	}
 	ret = append(ret, uo.FromStructMust(role))
@@ -245,3 +247,58 @@ func TestOnlyOneNamespacePermissions(t *testing.T) {
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assert.Contains(t, stderr, "Not enough permissions to write to the result store.")
 }
+
+func TestOnlyOneNamespacePrune(t *testing.T) {
+	t.Parallel()
+
+	k := defaultCluster1
+
+	p := test_project.NewTestProject(t)
+
+	username := p.TestSlug()
+	au, err := k.AddUser(envtest.User{Name: username}, nil)
+	assert.NoError(t, err)
+
+	createNamespace(t, k, p.TestSlug())
+
+	rbac := buildSingleNamespaceRbac(username, p.TestSlug(), nil, []schema.GroupResource{{Group: "", Resource: "configmaps"}})
+	for _, x := range rbac {
+		k.MustApply(t, x)
+	}
+
+	kc, err := au.KubeConfig()
+	assert.NoError(t, err)
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm1", nil, resourceOpts{
+		name:      "cm1",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm2", nil, resourceOpts{
+		name:      "cm2",
+		namespace: p.TestSlug(),
+	})
+	addConfigMapDeployment(p, "cm3", nil, resourceOpts{
+		name:      "cm3",
+		namespace: p.TestSlug(),
+	})
+	p.KluctlMust(t, "deploy", "--yes", "-t", "test")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm1")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
+	assertConfigMapExists(t, k, p.TestSlug(), "cm3")
+
+	// first, with admin privileges
+	p.DeleteKustomizeDeployment("cm2")
+	stdout, _ := p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--prune")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm2")
+	assert.NotContains(t, stdout, "listing objects by discriminator on global level failed due to permission errors, so Kluctl reverted to listing on namespace level")
+
+	// now with single namespace privileges
+	p.AddExtraArgs("--kubeconfig", getKubeconfigTmpFile(t, kc))
+	p.DeleteKustomizeDeployment("cm3")
+	stdout, _ = p.KluctlMust(t, "deploy", "--yes", "-t", "test", "--prune")
+	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
+
+	assert.Contains(t, stdout, "listing objects by discriminator on global level failed due to permission errors, so Kluctl reverted to listing on namespace level")
+}

From 7696a7ee2a098b2c52f290f72d5d68b767a09729 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 21:52:59 +0100
Subject: [PATCH 2215/2268] chore(deps): Bump helm.sh/helm/v3 from 3.16.1 to
 3.16.3 (#1231)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.16.1 to 3.16.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.16.1...v3.16.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 13 +++++++------
 go.sum | 28 ++++++++++++++++------------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index 0e7438044..a11363db3 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/aws/smithy-go v1.22.1
 	github.com/coder/websocket v1.8.12
 	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/cyphar/filepath-securejoin v0.3.3
+	github.com/cyphar/filepath-securejoin v0.3.4
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0-alpha.1
 	github.com/docker/cli v27.3.1+incompatible
@@ -82,7 +82,7 @@ require (
 	google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f
 	google.golang.org/grpc v1.68.0
 	google.golang.org/protobuf v1.34.2
-	helm.sh/helm/v3 v3.16.1
+	helm.sh/helm/v3 v3.16.3
 	k8s.io/api v0.31.1
 	k8s.io/apiextensions-apiserver v0.31.1
 	k8s.io/apimachinery v0.31.1
@@ -149,9 +149,10 @@ require (
 	github.com/cloudflare/circl v1.4.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/containerd/containerd v1.7.18 // indirect
-	github.com/containerd/errdefs v0.1.0 // indirect
+	github.com/containerd/containerd v1.7.23 // indirect
+	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
@@ -317,10 +318,10 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.31.1 // indirect
-	k8s.io/cli-runtime v0.31.0 // indirect
+	k8s.io/cli-runtime v0.31.1 // indirect
 	k8s.io/component-base v0.31.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
-	k8s.io/kubectl v0.31.0 // indirect
+	k8s.io/kubectl v0.31.1 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index 74eead5fc..a687a8dba 100644
--- a/go.sum
+++ b/go.sum
@@ -166,14 +166,16 @@ github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3C
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao=
-github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4=
+github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
+github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
 github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
 github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
-github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
+github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
+github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
 github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
@@ -185,8 +187,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.3.3 h1:lofZkCEVFIBe0KcdQOzFs8Soy9oaHOWl4gGtPI+gCFc=
-github.com/cyphar/filepath-securejoin v0.3.3/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
+github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8=
+github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -514,6 +516,8 @@ github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8
 github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
 github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -891,8 +895,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c=
-helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps=
+helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY=
+helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
@@ -903,8 +907,8 @@ k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
 k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
 k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
-k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
-k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
+k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk=
+k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U=
 k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
 k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
 k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=
@@ -913,8 +917,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
-k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
-k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
+k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24=
+k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

From 8f73d6d969475229bb3dc2c70a9803b82978a5b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 21:53:14 +0100
Subject: [PATCH 2216/2268] chore(deps): Bump
 sigs.k8s.io/structured-merge-diff/v4 (#1230)

Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases)
- [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.4.1...v4.4.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/structured-merge-diff/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a11363db3..a154b44fe 100644
--- a/go.mod
+++ b/go.mod
@@ -92,7 +92,7 @@ require (
 	sigs.k8s.io/controller-runtime v0.19.0
 	sigs.k8s.io/kustomize/api v0.17.2
 	sigs.k8s.io/kustomize/kyaml v0.17.1
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.3
 	sigs.k8s.io/yaml v1.4.0
 )
 
diff --git a/go.sum b/go.sum
index a687a8dba..d84385a13 100644
--- a/go.sum
+++ b/go.sum
@@ -935,7 +935,7 @@ sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g
 sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
 sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
 sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From 9f4104307c1017dedbd2b4a9ed3a851a5b776e58 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 21:53:23 +0100
Subject: [PATCH 2217/2268] chore(deps): Bump
 github.com/google/go-containerregistry (#1229)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a154b44fe..e7b0f5b5c 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.22.1
 	github.com/gobwas/glob v0.2.3
-	github.com/google/go-containerregistry v0.19.2
+	github.com/google/go-containerregistry v0.20.2
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
 	github.com/googleapis/gax-go/v2 v2.13.0
diff --git a/go.sum b/go.sum
index d84385a13..cf7295eb7 100644
--- a/go.sum
+++ b/go.sum
@@ -353,8 +353,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w=
-github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
+github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo=
+github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

From 7752388148230b01860af617b45e7fa81dcd6043 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Dec 2024 21:53:32 +0100
Subject: [PATCH 2218/2268] chore(deps): Bump the azure-sdk group with 2
 updates (#1228)

Bumps the azure-sdk group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) and [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.14.0 to 1.16.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.14.0...sdk/azcore/v1.16.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.7.0 to 1.8.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.7.0...sdk/azcore/v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 25 ++++++++++++++++---------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index e7b0f5b5c..0cdbeb99a 100644
--- a/go.mod
+++ b/go.mod
@@ -9,8 +9,8 @@ replace github.com/kluctl/kluctl/lib => ./lib
 require (
 	cloud.google.com/go/secretmanager v1.14.1
 	filippo.io/age v1.2.0
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.3.0
@@ -258,7 +258,7 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
-	github.com/redis/go-redis/v9 v9.1.0 // indirect
+	github.com/redis/go-redis/v9 v9.6.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.7.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
diff --git a/go.sum b/go.sum
index cf7295eb7..b941775ee 100644
--- a/go.sum
+++ b/go.sum
@@ -27,10 +27,12 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
@@ -45,6 +47,8 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
+github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -137,10 +141,11 @@ github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2y
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
 github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
-github.com/bsm/ginkgo/v2 v2.9.5 h1:rtVBYPs3+TC5iLUVOis1B9tjLTup7Cj5IfzosKtvTJ0=
-github.com/bsm/ginkgo/v2 v2.9.5/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
-github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
+github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
+github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bytedance/sonic v1.11.8 h1:Zw/j1KfiS+OYTi9lyB3bb0CFxPJVkM17k1wyDG32LRA=
 github.com/bytedance/sonic v1.11.8/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
 github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
@@ -449,6 +454,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
+github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
@@ -596,8 +603,8 @@ github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJu
 github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
 github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
 github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
-github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY=
-github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c=
+github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
+github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=

From ac4f98ca358fed803c832f3dadef90414058e8f7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Dec 2024 10:27:29 +0100
Subject: [PATCH 2219/2268] fix: Kill gpg-agent after work is done with the
 temporary gpg home (#1234)

---
 e2e/gitops_sops_test.go                       | 183 ++++++++++++++++++
 pkg/controllers/kluctl_project.go             |  32 ++-
 .../kluctldeployment_controller.go            |   2 +-
 .../kluctldeployment_controller_reconcile.go  |   2 +-
 pkg/utils/process/process.go                  |   6 +
 pkg/utils/process/process_posix.go            |  43 +++-
 pkg/utils/process/process_windows.go          |  13 +-
 pkg/vars/sops_test_resources/.sops.yaml       |   2 +
 pkg/vars/sops_test_resources/README.md        |  13 +-
 pkg/vars/sops_test_resources/private.gpg      |  81 ++++++++
 pkg/vars/sops_test_resources/public.gpg       |  41 ++++
 pkg/vars/sops_test_resources/test-gpg.yaml    |  31 +++
 12 files changed, 430 insertions(+), 19 deletions(-)
 create mode 100644 e2e/gitops_sops_test.go
 create mode 100644 pkg/utils/process/process.go
 create mode 100644 pkg/vars/sops_test_resources/private.gpg
 create mode 100644 pkg/vars/sops_test_resources/public.gpg
 create mode 100644 pkg/vars/sops_test_resources/test-gpg.yaml

diff --git a/e2e/gitops_sops_test.go b/e2e/gitops_sops_test.go
new file mode 100644
index 000000000..b565ddc5b
--- /dev/null
+++ b/e2e/gitops_sops_test.go
@@ -0,0 +1,183 @@
+package e2e
+
+import (
+	"context"
+	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
+	"github.com/kluctl/kluctl/v2/e2e/test_project"
+	"github.com/kluctl/kluctl/v2/pkg/utils/process"
+	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
+	"github.com/kluctl/kluctl/v2/pkg/vars/sops_test_resources"
+	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/suite"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"strings"
+	"testing"
+)
+
+type GitOpsSopsSuite struct {
+	GitopsTestSuite
+}
+
+func TestGitOpsSops(t *testing.T) {
+	suite.Run(t, new(GitOpsSopsSuite))
+}
+
+func (suite *GitOpsSopsSuite) TestEncryptedVars() {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"v1": "{{ test1.test2 }}",
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]map[string]any{
+			{
+				"file": "encrypted-vars.yaml",
+			},
+		}, "vars")
+		return nil
+	})
+
+	p.UpdateFile("encrypted-vars.yaml", func(f string) (string, error) {
+		b, _ := sops_test_resources.TestResources.ReadFile("test.yaml")
+		return string(b), nil
+	}, "")
+
+	key := suite.createKluctlDeployment(p, "test", nil)
+
+	suite.Run("deployment with missing sops key fails", func() {
+		kd := suite.waitForCommit(key, getHeadRevision(suite.T(), p))
+		readinessCondition := suite.getReadiness(kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
+
+		g.Expect(kd.Status.ReconcileRequestResult.CommandError).To(ContainSubstring("cannot get sops data key"))
+		assertConfigMapNotExists(suite.T(), suite.k, p.TestSlug(), "cm")
+	})
+
+	sopsKey, _ := sops_test_resources.TestResources.ReadFile("test-key.txt")
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "sops-secrets-age",
+			Namespace: key.Namespace,
+		},
+		Data: map[string][]byte{
+			"identity.agekey": sopsKey,
+		},
+	}
+	err := suite.k.Client.Create(context.Background(), &secret)
+	g.Expect(err).To(Succeed())
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Decryption = &kluctlv1.Decryption{
+			Provider: "sops",
+			SecretRef: &kluctlv1.LocalObjectReference{
+				Name: secret.Name,
+			},
+		}
+	})
+
+	suite.Run("deployment with existing sops key", func() {
+		kd := suite.waitForReconcile(key)
+		readinessCondition := suite.getReadiness(kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
+
+		cm := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm")
+		assertNestedFieldEquals(suite.T(), cm, map[string]any{
+			"v1": "42",
+		}, "data")
+	})
+}
+
+func (suite *GitOpsSopsSuite) TestGpgAgentKilled() {
+	g := NewWithT(suite.T())
+
+	p := test_project.NewTestProject(suite.T())
+	createNamespace(suite.T(), suite.k, p.TestSlug())
+
+	p.UpdateTarget("test", nil)
+
+	addConfigMapDeployment(p, "cm", map[string]string{
+		"v1": "{{ test1.test2 }}",
+	}, resourceOpts{
+		name:      "cm",
+		namespace: p.TestSlug(),
+	})
+	p.UpdateDeploymentYaml("", func(o *uo.UnstructuredObject) error {
+		_ = o.SetNestedField([]map[string]any{
+			{
+				"file": "encrypted-vars.yaml",
+			},
+		}, "vars")
+		return nil
+	})
+
+	p.UpdateFile("encrypted-vars.yaml", func(f string) (string, error) {
+		b, _ := sops_test_resources.TestResources.ReadFile("test-gpg.yaml")
+		return string(b), nil
+	}, "")
+
+	countGpgAgents := func() int {
+		pss, err := process.ListProcesses(context.Background())
+		g.Expect(err).To(Succeed())
+		count := 0
+		for _, ps := range pss {
+			if strings.Index(ps.Command, "gpg-agent") != 1 && strings.Index(ps.Command, "--homedir") != -1 {
+				count++
+			}
+		}
+		return count
+	}
+
+	gpgAgentCount := countGpgAgents()
+
+	key := suite.createKluctlDeployment(p, "test", nil)
+
+	gpgKey, _ := sops_test_resources.TestResources.ReadFile("private.gpg")
+	secret := corev1.Secret{
+		ObjectMeta: v1.ObjectMeta{
+			Name:      "sops-secrets-gpg",
+			Namespace: key.Namespace,
+		},
+		Data: map[string][]byte{
+			"identity.asc": gpgKey,
+		},
+	}
+	err := suite.k.Client.Create(context.Background(), &secret)
+	g.Expect(err).To(Succeed())
+
+	suite.updateKluctlDeployment(key, func(kd *kluctlv1.KluctlDeployment) {
+		kd.Spec.Decryption = &kluctlv1.Decryption{
+			Provider: "sops",
+			SecretRef: &kluctlv1.LocalObjectReference{
+				Name: secret.Name,
+			},
+		}
+	})
+
+	suite.Run("deployment with existing sops key", func() {
+		kd := suite.waitForReconcile(key)
+		readinessCondition := suite.getReadiness(kd)
+		g.Expect(readinessCondition).ToNot(BeNil())
+		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionTrue))
+
+		cm := assertConfigMapExists(suite.T(), suite.k, p.TestSlug(), "cm")
+		assertNestedFieldEquals(suite.T(), cm, map[string]any{
+			"v1": "43",
+		}, "data")
+	})
+
+	suite.Run("verify gpg-agents got killed", func() {
+		newGpgAgentCount := countGpgAgents()
+		g.Expect(gpgAgentCount).To(Equal(newGpgAgentCount))
+	})
+}
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index fc4a1a6c4..c398f2eea 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -26,7 +26,7 @@ import (
 	"helm.sh/helm/v3/pkg/repo"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"os"
-	"path/filepath"
+	"os/exec"
 	"strings"
 	"time"
 
@@ -61,6 +61,7 @@ type preparedProject struct {
 
 	co         git.CheckoutInfo
 	tmpDir     string
+	gnuPGHome  string
 	repoDir    string
 	projectDir string
 
@@ -87,7 +88,7 @@ func prepareProject(ctx context.Context,
 		if !cleanup {
 			return
 		}
-		pp.cleanup()
+		pp.cleanup(ctx)
 	}()
 
 	var err error
@@ -102,6 +103,12 @@ func prepareProject(ctx context.Context,
 		return pp, fmt.Errorf("failed to create temp dir for kluctl project: %w", err)
 	}
 
+	// the GPG home must be as short as possible as otherwise socket names for gpg-agent will get too long
+	pp.gnuPGHome, err = os.MkdirTemp("", "gpg-")
+	if err != nil {
+		return pp, fmt.Errorf("failed to create gnuPG homedir for kluctl project: %w", err)
+	}
+
 	pp.soClients, err = r.buildSourceOverridesClients(ctx, obj)
 	if err != nil {
 		return nil, err
@@ -196,7 +203,12 @@ func prepareProject(ctx context.Context,
 	return pp, nil
 }
 
-func (pp *preparedProject) cleanup() {
+func (pp *preparedProject) cleanup(ctx context.Context) {
+	if pp.gnuPGHome != "" {
+		pp.cleanupGpgAgent(ctx)
+		_ = os.RemoveAll(pp.gnuPGHome)
+	}
+
 	if pp.tmpDir != "" {
 		_ = os.RemoveAll(pp.tmpDir)
 	}
@@ -213,6 +225,12 @@ func (pp *preparedProject) cleanup() {
 	}
 }
 
+// sops might spawn gpg-agent instances bound to gnuPGHome, which must be killed when we're done with the project
+func (pp *preparedProject) cleanupGpgAgent(ctx context.Context) {
+	cmd := exec.CommandContext(ctx, "gpgconf", "--homedir", pp.gnuPGHome, "--kill", "gpg-agent")
+	_ = cmd.Run()
+}
+
 func (pp *preparedProject) newTarget() *preparedTarget {
 	pt := preparedTarget{
 		pp: pp,
@@ -535,13 +553,7 @@ func (pp *preparedProject) addSecretBasedKeyServers(ctx context.Context, d *decr
 		return fmt.Errorf("cannot get decryption Secret '%s': %w", secretName, err)
 	}
 
-	gnuPGHome := filepath.Join(pp.tmpDir, "sops-gnupghome")
-	err := os.MkdirAll(gnuPGHome, 0o700)
-	if err != nil {
-		return err
-	}
-
-	ks, err := sops.BuildSopsKeyServerFromSecret(&secret, gnuPGHome)
+	ks, err := sops.BuildSopsKeyServerFromSecret(&secret, pp.gnuPGHome)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 5667f5255..711cc2bd3 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -451,7 +451,7 @@ func (r *KluctlDeploymentReconciler) doFinalize(ctx context.Context, obj *kluctl
 	if err != nil {
 		return
 	}
-	defer pp.cleanup()
+	defer pp.cleanup(ctx)
 
 	pt := pp.newTarget()
 
diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index e904cff74..cccd5267e 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -199,7 +199,7 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 	pp, pt, targetContext, err := r.prepareProjectAndTarget(timeoutCtx, obj)
 	if pp != nil {
 		obj.Status.ObservedCommit = pp.co.CheckedOutCommit
-		defer pp.cleanup()
+		defer pp.cleanup(ctx)
 	}
 	if err != nil {
 		return doError("", err)
diff --git a/pkg/utils/process/process.go b/pkg/utils/process/process.go
new file mode 100644
index 000000000..d489b9e9d
--- /dev/null
+++ b/pkg/utils/process/process.go
@@ -0,0 +1,6 @@
+package process
+
+type Process struct {
+	Pid     int
+	Command string
+}
diff --git a/pkg/utils/process/process_posix.go b/pkg/utils/process/process_posix.go
index a5e09baf5..64d44000b 100644
--- a/pkg/utils/process/process_posix.go
+++ b/pkg/utils/process/process_posix.go
@@ -3,8 +3,13 @@
 package process
 
 import (
+	"bytes"
+	"context"
 	"golang.org/x/sys/unix"
 	"os"
+	"os/exec"
+	"strconv"
+	"strings"
 )
 
 var ProcAttrWithProcessGroup = &unix.SysProcAttr{Setpgid: true}
@@ -30,6 +35,40 @@ func TerminateProcess(pid int, signal os.Signal) error {
 }
 
 // kills the process with pid pid, as well as its children.
-func KillProcess(process *os.Process) error {
-	return unix.Kill(-1*process.Pid, unix.SIGKILL)
+func KillProcess(pid int) error {
+	return unix.Kill(pid, unix.SIGKILL)
+}
+
+func ListProcesses(ctx context.Context) ([]Process, error) {
+	bin, err := exec.LookPath("ps")
+	if err != nil {
+		return nil, err
+	}
+
+	args := []string{"-ax", "-o", "pid,command"}
+
+	cmd := exec.CommandContext(ctx, bin, args...)
+
+	buf := bytes.NewBuffer(nil)
+	cmd.Stdout = buf
+	err = cmd.Run()
+	if err != nil {
+		return nil, err
+	}
+
+	lines := strings.Split(buf.String(), "\n")
+	ret := make([]Process, 0, len(lines))
+	for _, l := range lines {
+		l = strings.TrimSpace(l)
+		s := strings.SplitN(l, " ", 2)
+		pid, err := strconv.ParseInt(s[0], 10, 32)
+		if err != nil {
+			continue
+		}
+		ret = append(ret, Process{
+			Pid:     int(pid),
+			Command: s[1],
+		})
+	}
+	return ret, nil
 }
diff --git a/pkg/utils/process/process_windows.go b/pkg/utils/process/process_windows.go
index e0ef9e9e0..fe5cc0be1 100644
--- a/pkg/utils/process/process_windows.go
+++ b/pkg/utils/process/process_windows.go
@@ -3,6 +3,8 @@
 package process
 
 import (
+	"context"
+	"fmt"
 	"os"
 	"syscall"
 
@@ -55,6 +57,13 @@ func TerminateProcess(pid int, _ os.Signal) error {
 	return nil
 }
 
-func KillProcess(process *os.Process) error {
-	return process.Kill()
+func KillProcess(pid int) error {
+	ps := os.Process{
+		Pid: pid,
+	}
+	return ps.Kill()
+}
+
+func ListProcesses(ctx context.Context) ([]Process, error) {
+	return nil, fmt.Errorf("not implemented on windows")
 }
diff --git a/pkg/vars/sops_test_resources/.sops.yaml b/pkg/vars/sops_test_resources/.sops.yaml
index 73232ad66..ea23f926c 100644
--- a/pkg/vars/sops_test_resources/.sops.yaml
+++ b/pkg/vars/sops_test_resources/.sops.yaml
@@ -1,2 +1,4 @@
 creation_rules:
+  - path_regex: test-gpg.yaml
+    pgp: B59DAF469E8C948138901A649732075EA221A7EA
   - age: age1q69g6x9jcz7lgnrgdxemystmhec4e8cxlzz45x0tt6t7dddp2ppsnkdxe7
diff --git a/pkg/vars/sops_test_resources/README.md b/pkg/vars/sops_test_resources/README.md
index 6a5cfbd52..5441c9d3d 100644
--- a/pkg/vars/sops_test_resources/README.md
+++ b/pkg/vars/sops_test_resources/README.md
@@ -1,6 +1,13 @@
 To edit the test.yaml file, run:
 ```sh
-SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test.yaml
-SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops test-configmap.yaml
-SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt sops helm-values.yaml
+export SOPS_AGE_KEY_FILE=$(pwd)/test-key.txt
+sops test.yaml
+sops test-configmap.yaml
+sops helm-values.yaml
+```
+
+To edit the test-gpg.yaml file, run:
+```sh
+gpg --import private.gpg
+sops test-gpg.yaml
 ```
diff --git a/pkg/vars/sops_test_resources/private.gpg b/pkg/vars/sops_test_resources/private.gpg
new file mode 100644
index 000000000..f3ca23e77
--- /dev/null
+++ b/pkg/vars/sops_test_resources/private.gpg
@@ -0,0 +1,81 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQVYBGJGqrsBDAC7OxFP6Z2E+AkVZpQySjLFAeYJWdnadx0GOHnckOOFkQvVJauz
+9KibgzLUkO9h0oIoP7dLyPEiRPhKgmbrktyCDfysvNeKCgI5XemJCJqCmwA/vWwp
+GnVltcgsVVjVZ3vvD8VMfhKF77pkmMDj7mnCPw9x39R8SVpe2K9RO0QLk/Dt+o8t
+MO+sXTz4ba4aMdjJvMoaoQKw6RXAouZa4H09i6tiAgXrRLxQDxJ58sGg/ZCWa5G4
+aI6PdObY41fzQlcobtifCbktbICVb1Ms1s0iZWttFmr0oTSkJTv3FPWhf6n126w4
+LEkF9d6YW+/0H9cqXa4GMfxXg4XBmJNJfYkLDVUlbp3xi+I+Lg1Sit6QlqkW93EW
+etpYPK1KmDcW3IA6ausYnkyrcQbt1m5/hh9KJoQb6He/RytXEBxp90+v9y7THZGr
+2U49ZEHQg6DAIj4j1p9NAGgqjKr9am6yk2pvpK3ZWmHQ6CZfCiBrEPCvdmEhrx4U
+lj6wyd00YJknpDkAEQEAAQAL/iU3C+1g55TvAks1LP7D/cxn4LP6HpHMfEHoxtwf
+FoJNftcamkL2Pe9PSDK1Lke44nMimwnewoNHxzx0KAXqFpdpNVCWZpdC/wctEgbR
+ZXjRW17QBWg0IKKbW9LoEfS1EY7GiTZ3lrH1oQxuymRj1rSr+SNu1Jrxr5tLoalZ
+SOCuQsTiuUPHxtPxYnWUw3bkco1Cz780QscsRU0ZdAUbOvmZQfMEqO2HJ5EYNdl0
+daVM0Uj8z6Wibre4CkyQ/8HT7Qy+Z7fgGzcSfwSzqqVJ5GtJimHK8CfX3HnHovHm
+o7MtZGnr9fiug8m3XN8b1zM/ADXbVMXAmQY+QsI44bQPMxocLij3/HL5/oJvXGJ8
+rBc5xFbzvclteD2MPTHx7hpZP+ys84LpieMw9Fojk9/k1tfNNJEESVp1OTI42YFA
+bmQ52Qgehn6skcs1oAygsSjaoCkhFMnhHVNtOnoSUG+2O7xpaT6cSNV4ySo/0stQ
+85RrEu0skjzChI0D1Tb4o2qI2wYAyUQtUxwN46uqfo/NpzzBHujpizdQ9VJxfof5
+2xCrLZ2AzLAhhpiqUiNTu7PPC+fXh3T1ru4pOg6JZYc6Ok0R3Huu16S51wpK66LE
+xgSkzGRET1kZFYg4G99g7jgmhhOyKOeh7J1LL5raOETX7hoPfO9M99tmRSVBuHFr
+48e0SQpb/mf6yYEr5ndsX3uvONo+86rerWDigZhOyvIYY8OyMzof0h7UP1jOg0uG
+JGj80rQDdqb48mTZW+d4ZC+1EstzBgDuJcG+Z/ufe2cymUwZUS6gpWuFddhab09a
+ZeS4ojlg40Jv8LcBtX29tuFSk228YWWa10u7KOzVSc9MIIVYyfTNhUXyKr+tyAFg
+jwVXWqKsDo53uwWClCwB7cvmep0sArR2hx/JdO2zAOrc0Myhx0XhwFdvV3lnNzZr
+8hbXcwLtT/HGJVl3ivmiXyfWo2MZDlY7mAw5+84WaBqcmKe0+ugRFIOhvO9GR5cU
+NysXNfEur7qRuEKqFU6BPePg8olc/qMF/3undrcOcPfyME1VG1mKkBJDFek15VxZ
+URiLhKyQtDSR1BJKeicGiVPVVeLoqyQvslXihm3c7EPPnz+Q8fQiR4sUWbh2BgPv
+Ckv0CP5a4RqiuV9B9pXqew2voJtRB1fU95JWIV08CLlcqLVArZFlxvUAVmQDF64Z
+EW+2dvXr42+KwBWIteyblvlirVztknqoO3gyk3AvYe16uX9K1Mu+7xLUByg6Rv83
+duS2YUjm6xj/ogYD6wU0zUXQ5Lx0JhKzA+jktBVGbHV4IDxzb3BzQGZsdXhjZC5p
+bz6JAc4EEwEIADgWIQS1na9GnoyUgTiQGmSXMgdeoiGn6gUCYkaquwIbAwULCQgH
+AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCXMgdeoiGn6ppqDACakBksOfI9xkcV2J4o
+KkElDPzPMVlWeuulegHbS8R6srEJDxdR4jUpFVIlDp88xwMurpAZkwJdxzWLWj8N
+GuW5Z0s3WuM1h17BYE/ZKGc4pBf7/A2OzDhS8IrqNuE7kNfupPgorVwbuNs5C8ho
+w6MP7yqrxVOkWRcz1lx29FJIes+I46P+H/5rAv+4fiGWLj33wHhHpxTo4JWViYyl
+8S3aKN0yrpNqzU/b/cQoEydsNks8cuHBh4QMjH+1sh3s0ery2Z5VPBBccxGe94Sp
+vbh1fkhe2LIZKdfrh47WVPJVyUaUJC/JzCcINCNpGjpOxAIM8NxfUIF2k+SlgREN
+TQztXAnHYWHcTSP8ojbN8vODka6LMgEtOo0WB/H7/NvBDuc09izP1HwdNM2dTkPu
+plbmEdg9NkFgp+H8QgAxHGWVN22gzYaxJVO9PFrpF2D83Zch4zAYt/wYEWC/SK9A
+cdbevVdetFPCCV5dSJCWq+e9llnJaxR4bDbTf3EQW7aulg2dBVgEYkaquwEMAMQV
+snEOeBV1iX6hCiMWwgjnyS+ggIZN2F15NgM76VMLYMyOt7Y3nkBAFCZgEA9IymrC
+UiPSk+YzDtebWgprqAgNgqovSl2c1xuacjuHgpG7DQiV20sb752BMMDDEUY05YyQ
+a5NmCUqJIB2F0mxtIqbUpPgdHLSidgRX/5VjugKSlkD+JqURIpW6lmAaJ5RgbWbX
+Puuy8yFsHtd75jp5fQFDSMxSG30ZBQAky+4vw8zTxbOLdXS3FrZr6YvLfmAMafoG
+aZKAKEOxAZCp152JxUm6yvgXGIlgDDPLHyt5tpWwi98vw633NVE3MkKwic0HuSHE
+PXemwZJi3z4yaBsofv7HCo9KtGx4I+t/cqEk8qri3dPqsEkiWKfN3FdzKndgd894
+GtFlO22y9/8pcjpeG3ErTq4rTmo3lkLnxbGxgENDoPEcJ8Q/xu+ZAdjqs5kRnivQ
+57Qk0KCRU8HrzBDBWs13Sac8qbgR+Hvyq29UQJOQo0phKVOfb6oqym9ZsB8q7wAR
+AQABAAv/VMgu2exQJrMl6o8V03slFXWmywWCXM+u1CezH23ZojMCvR+eNlbRAWXT
+cI5Lk1g9UTDJFD0Z/sgnzDibE3Nd+XFiBFSjOlu0tHYwmyWp4nn2ljY5Vb3z+m2g
+F1CgmPMJJ6BQKzDMpqIotSsmAwSjHXBHDhKEVWQDVDh6RW0TwcYA2oQpUGjaw9Oj
+7lSQtXqGAxfhWEcNEe/uW+xx7OmXj6K4iMOdqBbXzyqZ1FhpuBf+3PVZKUh6tRBu
+sCeh8kSbEOh4xpPFcs17EAcZfXTfdo9vtqjQkRUASuEzctR/91qI3c7IPMFilSHo
+HdVQLyUiJTuY0k/00Je1QtPgh7lZtffkq6Bd11I53cfD+44l7g7Lcc2zFzuHjpyp
+F+SDBs3tD8uKqbam8Hnop49/BRe1mgNdzobUEem39zKNSXWqUFemr15sAW2J4SKM
+m657y0hdpGDE/QlD0ruE6sFFa8zk+92UElnzgyLl69YO139Sbjm+jSZfMVxm+nO6
+vrW16U75BgDIIH6PgZshXxMO1LzWxMP+d+6MWKpgeWYes/tkI6bfmM+LBh5/zzd2
+lV+9Zae/YJYMn30BrpWfE1uVcWVxlAilHYM92wtH8CjXIYkLhez5uTQQ7UKcLqyS
+3nmO+u5ADqwPeaygS+gTTWhRFX0F5dTYhXFQABiK94lfyMJ8tzmjAuwWxPINLL0m
+IdilK8crZayDarDBe2amiP/gG6W7zzIV8DvJn2ZZtlraFxTV8+mqq9Lh0cKJHT6/
+1/Lt90eubhcGAPrUTKv/jvMEZWlsw1HNzPfP+VyAtebmgDY0o2Rkpikaie/bsnAR
+umPuRdGNMct5UAG8WLrgO/RIFb0dsJy1CA+zvZdluAHFaq89ikwFrvcvegc0325w
+Iom8xiH0C9pLPiPcyFoFedQ3ZRaQB4oLhhikNDvD2ANA9HIY+k7dpfXP8LWY5jSs
+UM3NdXC8RIdBW7DllfDNjWi/xaAyBDxcXRBPuWjIYWlLcHjmqablB/xdmZgIEJoU
+VMPCRf7JAl3I6QX9Htkv4ocJyzRDxmhTuFdc7YOc3zmTqwx7/q+kuJDGROA1VeFT
+HCtWrSF7Ax5WNIIRRFH1AEk8j//2yoycVCWKNMXV0d8xeHblyGVX+Huhq8rsokNU
+MFbDY4wFDTzTK8F8fCa6Z0Q1nts6HOf5ZXv2xYMjyh93gJKF2/NhobX7noDMe/oR
+CUzbd6Ogg3JLqnlrfIhR/Kh3yk+w/FhGRiQsV1rIqx4FrWvA3CTkr2zHTAH/gQvt
+1CKrnh3iKiqJ9uV26yiJAbYEGAEIACAWIQS1na9GnoyUgTiQGmSXMgdeoiGn6gUC
+YkaquwIbDAAKCRCXMgdeoiGn6jSVDACYkZWrhX/TM6bBVCGvhzl3EmwHqMuMT/Qx
+N5Sc5QVawRD36+L/yuFYzK+MK9s9p5Z/9VmTsO/KQxcaPiuYub5vsJ38AxsaSiPE
+VCtXY1QH0R3AYMh7tCGW+qhyf8IZyynkiOIZmo8PdrSwRnBCWGPvHYqJEr7c5LJD
+0RYZFwR+ujPhr5mavERVziF2EfUor33la5vpax+CD+XLeMQaWorGegFN6wEpoGoQ
+1rP10xtM+txU7/w0fkYHaEzvQfnRN4QVNg/EgQx7U+HyklAM36tGYgj2CRF5qm+K
+Whv+ipymfmAngrjNMqcM15uXi1MF3UGFG7QkbKUBqpeK9UfG4lnZKHcSwhffcgL6
+clz1mGfriCEJvw9CfvlLm7RDM2m/MRxFr2yNQgpIJFoXgDVCthBCuH1dIMvhgCYA
+frIIYzTK2ZKLJlTv3O8SCTf1Zhjru2f3z85YAqOXmQUGYKrQZL2T9NE2mQnXL0n+
+sgS+XwT2h+fdCBJHJYmboxXpxC02xHY=
+=G8JF
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/pkg/vars/sops_test_resources/public.gpg b/pkg/vars/sops_test_resources/public.gpg
new file mode 100644
index 000000000..c59ba01a6
--- /dev/null
+++ b/pkg/vars/sops_test_resources/public.gpg
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGJGqrsBDAC7OxFP6Z2E+AkVZpQySjLFAeYJWdnadx0GOHnckOOFkQvVJauz
+9KibgzLUkO9h0oIoP7dLyPEiRPhKgmbrktyCDfysvNeKCgI5XemJCJqCmwA/vWwp
+GnVltcgsVVjVZ3vvD8VMfhKF77pkmMDj7mnCPw9x39R8SVpe2K9RO0QLk/Dt+o8t
+MO+sXTz4ba4aMdjJvMoaoQKw6RXAouZa4H09i6tiAgXrRLxQDxJ58sGg/ZCWa5G4
+aI6PdObY41fzQlcobtifCbktbICVb1Ms1s0iZWttFmr0oTSkJTv3FPWhf6n126w4
+LEkF9d6YW+/0H9cqXa4GMfxXg4XBmJNJfYkLDVUlbp3xi+I+Lg1Sit6QlqkW93EW
+etpYPK1KmDcW3IA6ausYnkyrcQbt1m5/hh9KJoQb6He/RytXEBxp90+v9y7THZGr
+2U49ZEHQg6DAIj4j1p9NAGgqjKr9am6yk2pvpK3ZWmHQ6CZfCiBrEPCvdmEhrx4U
+lj6wyd00YJknpDkAEQEAAbQVRmx1eCA8c29wc0BmbHV4Y2QuaW8+iQHOBBMBCAA4
+FiEEtZ2vRp6MlIE4kBpklzIHXqIhp+oFAmJGqrsCGwMFCwkIBwIGFQoJCAsCBBYC
+AwECHgECF4AACgkQlzIHXqIhp+qaagwAmpAZLDnyPcZHFdieKCpBJQz8zzFZVnrr
+pXoB20vEerKxCQ8XUeI1KRVSJQ6fPMcDLq6QGZMCXcc1i1o/DRrluWdLN1rjNYde
+wWBP2ShnOKQX+/wNjsw4UvCK6jbhO5DX7qT4KK1cG7jbOQvIaMOjD+8qq8VTpFkX
+M9ZcdvRSSHrPiOOj/h/+awL/uH4hli4998B4R6cU6OCVlYmMpfEt2ijdMq6Tas1P
+2/3EKBMnbDZLPHLhwYeEDIx/tbId7NHq8tmeVTwQXHMRnveEqb24dX5IXtiyGSnX
+64eO1lTyVclGlCQvycwnCDQjaRo6TsQCDPDcX1CBdpPkpYERDU0M7VwJx2Fh3E0j
+/KI2zfLzg5GuizIBLTqNFgfx+/zbwQ7nNPYsz9R8HTTNnU5D7qZW5hHYPTZBYKfh
+/EIAMRxllTdtoM2GsSVTvTxa6Rdg/N2XIeMwGLf8GBFgv0ivQHHW3r1XXrRTwgle
+XUiQlqvnvZZZyWsUeGw2039xEFu2rpYNuQGNBGJGqrsBDADEFbJxDngVdYl+oQoj
+FsII58kvoICGTdhdeTYDO+lTC2DMjre2N55AQBQmYBAPSMpqwlIj0pPmMw7Xm1oK
+a6gIDYKqL0pdnNcbmnI7h4KRuw0IldtLG++dgTDAwxFGNOWMkGuTZglKiSAdhdJs
+bSKm1KT4HRy0onYEV/+VY7oCkpZA/ialESKVupZgGieUYG1m1z7rsvMhbB7Xe+Y6
+eX0BQ0jMUht9GQUAJMvuL8PM08Wzi3V0txa2a+mLy35gDGn6BmmSgChDsQGQqded
+icVJusr4FxiJYAwzyx8rebaVsIvfL8Ot9zVRNzJCsInNB7khxD13psGSYt8+Mmgb
+KH7+xwqPSrRseCPrf3KhJPKq4t3T6rBJIlinzdxXcyp3YHfPeBrRZTttsvf/KXI6
+XhtxK06uK05qN5ZC58WxsYBDQ6DxHCfEP8bvmQHY6rOZEZ4r0Oe0JNCgkVPB68wQ
+wVrNd0mnPKm4Efh78qtvVECTkKNKYSlTn2+qKspvWbAfKu8AEQEAAYkBtgQYAQgA
+IBYhBLWdr0aejJSBOJAaZJcyB16iIafqBQJiRqq7AhsMAAoJEJcyB16iIafqNJUM
+AJiRlauFf9MzpsFUIa+HOXcSbAeoy4xP9DE3lJzlBVrBEPfr4v/K4VjMr4wr2z2n
+ln/1WZOw78pDFxo+K5i5vm+wnfwDGxpKI8RUK1djVAfRHcBgyHu0IZb6qHJ/whnL
+KeSI4hmajw92tLBGcEJYY+8diokSvtzkskPRFhkXBH66M+GvmZq8RFXOIXYR9Siv
+feVrm+lrH4IP5ct4xBpaisZ6AU3rASmgahDWs/XTG0z63FTv/DR+RgdoTO9B+dE3
+hBU2D8SBDHtT4fKSUAzfq0ZiCPYJEXmqb4paG/6KnKZ+YCeCuM0ypwzXm5eLUwXd
+QYUbtCRspQGql4r1R8biWdkodxLCF99yAvpyXPWYZ+uIIQm/D0J++UubtEMzab8x
+HEWvbI1CCkgkWheANUK2EEK4fV0gy+GAJgB+sghjNMrZkosmVO/c7xIJN/VmGOu7
+Z/fPzlgCo5eZBQZgqtBkvZP00TaZCdcvSf6yBL5fBPaH590IEkcliZujFenELTbE
+dg==
+=05GI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/pkg/vars/sops_test_resources/test-gpg.yaml b/pkg/vars/sops_test_resources/test-gpg.yaml
new file mode 100644
index 000000000..c4e9e6acf
--- /dev/null
+++ b/pkg/vars/sops_test_resources/test-gpg.yaml
@@ -0,0 +1,31 @@
+test1:
+    test2: ENC[AES256_GCM,data:6sg=,iv:caoAiEIJWEhmb5gL3VfeJ9doS9+B98a7HgFnKataRz0=,tag:TLEBC/hA4b9UISPC4JPvdQ==,type:int]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-12-10T14:22:30Z"
+    mac: ENC[AES256_GCM,data:PVvbdirkxtTGMUWi7NNzYzMjNM3c54XwH/tv0XCeUmOts0CT5D+INwPuinEv1KVoouV0IO7WEN7Z7QxdTPi1eK1gMSgayS5/lPv6ibiGBZVJxfCgtCTO98P0YcOxuJ7GMstC4ut++KrSoktZ25Ct5WW3rfwCUZjPVXmqcQNjCxM=,iv:v+PUz+/QyDXhLL2dOYWhmoahS8ViirDqgTfP2ECNfv8=,tag:IssNRYa9idvyA4SbPStgVg==,type:str]
+    pgp:
+        - created_at: "2024-12-10T14:21:36Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA8h5P8ph4XWPAQv9HlSSyfE8zEbFuhwZd3rGNHef03ZHQFRPy88sbdOV3ESw
+            PuF00LCjOApejOOBtGkKtyYmfdemmjj/0/2E3M4uDKAP6F6EIiTb5MLCUSKefiB5
+            w9i0U8EPmbAmEVOArknssPCAMWNtudmmxjcaOAM2BUO5TVX8J+9c4Hvjjif+i59b
+            VNlYQBY/pYVR1DE+shCgL71rW+QN6EuykIQg6V/QMQWznOCZug03MBR7z/Avz19S
+            Xyt3gWygoLr7DWcOWKCF45C0OxtbAtIS4mZXTpSM0/6SOJADUeW/JM6sdDu2GQqb
+            MvP3/M4//E54PX91yW3LTc99j2832MWd7PHTkz0FaRzlqBxaqnlFpSC6RLOIiiBW
+            QNptErq/zcGDOQvl0x7q9iTMZhXBRZWoRGImTx/yp9ZP4P5ZMVS358Q5RUqs8zXK
+            aT40ncctp1ydLPCpowHWJ0EUsLl628jFYp3lK9W78V5AOJFevLS3E5JcIZ6Q8dYl
+            x7pNmiWf9vwZ5gkbuaSy0lEBdI0CIeluBQTRe7gJmvM2QDoQFL07fyb89fM3nZc+
+            6ZvRqHAofV+5FO7pCMj74da4k89xsSax+Lja9ndwnb+4C5sqKIYVnuIcFTmFgVBU
+            ie4=
+            =6nMk
+            -----END PGP MESSAGE-----
+          fp: B59DAF469E8C948138901A649732075EA221A7EA
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

From b1e72c630f182fdfb340704ec15d8f1528223351 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Dec 2024 10:27:44 +0100
Subject: [PATCH 2220/2268] fix: Do not allow . and .. as default tags (#1235)

---
 pkg/deployment/deployment_project.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/deployment/deployment_project.go b/pkg/deployment/deployment_project.go
index 6b4c4ef83..204447695 100644
--- a/pkg/deployment/deployment_project.go
+++ b/pkg/deployment/deployment_project.go
@@ -128,10 +128,14 @@ func (p *DeploymentProject) processConfig() error {
 		if len(item.Tags) != 0 {
 			continue
 		}
+		defaultTag := ""
 		if item.Path != nil {
-			item.Tags = []string{filepath.Base(*item.Path)}
+			defaultTag = filepath.Base(*item.Path)
 		} else if item.Include != nil {
-			item.Tags = []string{filepath.Base(*item.Include)}
+			defaultTag = filepath.Base(*item.Include)
+		}
+		if defaultTag != "" && defaultTag != "." && defaultTag != ".." {
+			item.Tags = []string{defaultTag}
 		}
 	}
 

From 0040b94148ed3006efa3f861af20efdb9fa87f45 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Dec 2024 11:10:58 +0100
Subject: [PATCH 2221/2268] tests: Fix detection of gpg-agents while testing
 sops+gitops (#1243)

---
 e2e/gitops_sops_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/gitops_sops_test.go b/e2e/gitops_sops_test.go
index b565ddc5b..3aa4ff2ba 100644
--- a/e2e/gitops_sops_test.go
+++ b/e2e/gitops_sops_test.go
@@ -131,7 +131,7 @@ func (suite *GitOpsSopsSuite) TestGpgAgentKilled() {
 		g.Expect(err).To(Succeed())
 		count := 0
 		for _, ps := range pss {
-			if strings.Index(ps.Command, "gpg-agent") != 1 && strings.Index(ps.Command, "--homedir") != -1 {
+			if strings.Index(ps.Command, "gpg-agent") != -1 && strings.Index(ps.Command, "--homedir") != -1 {
 				count++
 			}
 		}

From de7ec4de595750c2a1266cdc969a15b24c62123e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Dec 2024 11:13:30 +0100
Subject: [PATCH 2222/2268] chore: Update all go dependencies

---
 e2e/default_clusters_test.go |   2 +-
 go.mod                       | 235 +++++++--------
 go.sum                       | 544 ++++++++++++++++-------------------
 pkg/clouds/azure/keyvault.go |   2 +-
 4 files changed, 376 insertions(+), 407 deletions(-)

diff --git a/e2e/default_clusters_test.go b/e2e/default_clusters_test.go
index 40a648cfe..53ad6bff7 100644
--- a/e2e/default_clusters_test.go
+++ b/e2e/default_clusters_test.go
@@ -1,8 +1,8 @@
 package e2e
 
 import (
+	"dario.cat/mergo"
 	"fmt"
-	"github.com/imdario/mergo"
 	"github.com/kluctl/kluctl/v2/e2e/test-utils"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/tools/clientcmd"
diff --git a/go.mod b/go.mod
index 0cdbeb99a..f7fce648c 100644
--- a/go.mod
+++ b/go.mod
@@ -7,13 +7,14 @@ toolchain go1.22.9
 replace github.com/kluctl/kluctl/lib => ./lib
 
 require (
-	cloud.google.com/go/secretmanager v1.14.1
+	cloud.google.com/go/secretmanager v1.14.2
+	dario.cat/mergo v1.0.1
 	filippo.io/age v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/Masterminds/semver/v3 v3.3.0
+	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/aws/aws-sdk-go-v2 v1.32.6
 	github.com/aws/aws-sdk-go-v2/config v1.28.6
@@ -23,160 +24,166 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2
 	github.com/aws/smithy-go v1.22.1
 	github.com/coder/websocket v1.8.12
-	github.com/coreos/go-oidc/v3 v3.10.0
-	github.com/cyphar/filepath-securejoin v0.3.4
+	github.com/coreos/go-oidc/v3 v3.11.0
+	github.com/cyphar/filepath-securejoin v0.3.6
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/distribution/distribution/v3 v3.0.0-alpha.1
-	github.com/docker/cli v27.3.1+incompatible
+	github.com/distribution/distribution/v3 v3.0.0-beta.1
+	github.com/docker/cli v27.4.0+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/getsops/sops/v3 v3.9.1
+	github.com/getsops/sops/v3 v3.9.2
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
 	github.com/go-logr/logr v1.4.2
-	github.com/go-playground/validator/v10 v10.22.1
+	github.com/go-playground/validator/v10 v10.23.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.20.2
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.13.0
+	github.com/googleapis/gax-go/v2 v2.14.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/vault/api v1.15.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/huandu/xstrings v1.5.0
-	github.com/imdario/mergo v0.3.16
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
+	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
 	github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f
-	github.com/kluctl/kluctl/lib v0.0.0-20240708100510-73c5efc22b9a
+	github.com/kluctl/kluctl/lib v0.0.0-20241216101058-0040b94148ed
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/ohler55/ojg v1.24.1
-	github.com/onsi/gomega v1.33.1
+	github.com/ohler55/ojg v1.25.0
+	github.com/onsi/gomega v1.35.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.19.1
+	github.com/prometheus/client_golang v1.20.5
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.12.0
+	github.com/rogpeppe/go-internal v1.13.1
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.19.0
-	github.com/stretchr/testify v1.9.0
-	github.com/tkrajina/typescriptify-golang-structs v0.1.11
+	github.com/stretchr/testify v1.10.0
+	github.com/tkrajina/typescriptify-golang-structs v0.2.0
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.29.0 // indirect
-	golang.org/x/net v0.31.0
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
-	golang.org/x/sync v0.9.0
-	golang.org/x/sys v0.27.0
-	golang.org/x/term v0.26.0 // indirect
-	golang.org/x/text v0.20.0 // indirect
-	google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f
-	google.golang.org/grpc v1.68.0
-	google.golang.org/protobuf v1.34.2
-	helm.sh/helm/v3 v3.16.3
-	k8s.io/api v0.31.1
-	k8s.io/apiextensions-apiserver v0.31.1
-	k8s.io/apimachinery v0.31.1
-	k8s.io/client-go v0.31.1
+	golang.org/x/sync v0.10.0
+	golang.org/x/sys v0.28.0
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484
+	google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96
+	google.golang.org/protobuf v1.36.0
+	helm.sh/helm/v3 v3.16.4
+	k8s.io/api v0.31.4
+	k8s.io/apiextensions-apiserver v0.31.4
+	k8s.io/apimachinery v0.31.4
+	k8s.io/client-go v0.31.4
 	k8s.io/klog/v2 v2.130.1
-	sigs.k8s.io/cli-utils v0.36.0
-	sigs.k8s.io/controller-runtime v0.19.0
-	sigs.k8s.io/kustomize/api v0.17.2
-	sigs.k8s.io/kustomize/kyaml v0.17.1
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.3
+	sigs.k8s.io/cli-utils v0.37.2
+	sigs.k8s.io/controller-runtime v0.19.3
+	sigs.k8s.io/kustomize/api v0.18.0
+	sigs.k8s.io/kustomize/kyaml v0.18.1
+	sigs.k8s.io/structured-merge-diff/v4 v4.5.0
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cloud.google.com/go v0.115.1 // indirect
-	cloud.google.com/go/auth v0.9.7 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
-	cloud.google.com/go/compute/metadata v0.5.2 // indirect
-	cloud.google.com/go/iam v1.2.1 // indirect
-	cloud.google.com/go/kms v1.20.0 // indirect
-	cloud.google.com/go/longrunning v0.6.1 // indirect
-	cloud.google.com/go/storage v1.43.0 // indirect
-	dario.cat/mergo v1.0.1 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	cel.dev/expr v0.19.1 // indirect
+	cloud.google.com/go v0.117.0 // indirect
+	cloud.google.com/go/auth v0.13.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/iam v1.3.0 // indirect
+	cloud.google.com/go/kms v1.20.2 // indirect
+	cloud.google.com/go/longrunning v0.6.3 // indirect
+	cloud.google.com/go/monitoring v1.22.0 // indirect
+	cloud.google.com/go/storage v1.48.0 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
-	github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton // indirect
+	github.com/ProtonMail/go-crypto v1.1.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
-	github.com/bytedance/sonic v1.11.8 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/bytedance/sonic v1.12.6 // indirect
+	github.com/bytedance/sonic/loader v0.2.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
-	github.com/cloudflare/circl v1.4.0 // indirect
+	github.com/cloudflare/circl v1.5.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/containerd/containerd v1.7.23 // indirect
-	github.com/containerd/errdefs v0.3.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57 // indirect
+	github.com/containerd/containerd v1.7.24 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v27.3.1+incompatible // indirect
+	github.com/docker/docker v27.4.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.2 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.17.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.6.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -186,20 +193,20 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/btree v1.1.2 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
-	github.com/gorilla/handlers v1.5.1 // indirect
+	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.3.0 // indirect
@@ -218,28 +225,29 @@ require (
 	github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/spdystream v0.4.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -248,81 +256,82 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/common v0.61.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/v9 v9.6.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/rubenv/sql-migrate v1.7.0 // indirect
+	github.com/rubenv/sql-migrate v1.7.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/tkrajina/go-reflector v0.5.6 // indirect
+	github.com/tkrajina/go-reflector v0.5.8 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	github.com/urfave/cli v1.22.15 // indirect
-	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/urfave/cli v1.22.16 // indirect
+	github.com/vbatts/tar-split v0.11.6 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect
-	go.opentelemetry.io/otel v1.30.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
+	go.opentelemetry.io/otel v1.33.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.30.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/trace v1.30.0 // indirect
+	go.opentelemetry.io/otel/metric v1.33.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect
+	go.opentelemetry.io/otel/trace v1.33.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
-	go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
-	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/arch v0.12.0 // indirect
+	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect
+	golang.org/x/time v0.8.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.199.0 // indirect
+	google.golang.org/api v0.212.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.31.1 // indirect
-	k8s.io/cli-runtime v0.31.1 // indirect
-	k8s.io/component-base v0.31.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
-	k8s.io/kubectl v0.31.1 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	oras.land/oras-go v1.2.5 // indirect
+	k8s.io/apiserver v0.31.4 // indirect
+	k8s.io/cli-runtime v0.31.4 // indirect
+	k8s.io/component-base v0.31.4 // indirect
+	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	k8s.io/kubectl v0.31.4 // indirect
+	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	oras.land/oras-go v1.2.6 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 )
diff --git a/go.sum b/go.sum
index b941775ee..c628e2892 100644
--- a/go.sum
+++ b/go.sum
@@ -1,32 +1,39 @@
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ=
-cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc=
-cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA=
-cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM=
-cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
-cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
-cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
-cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
-cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU=
-cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g=
-cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY=
-cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM=
-cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc=
-cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0=
-cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM=
-cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U=
-cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs=
-cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0=
+cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4=
+cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s=
+cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc=
+cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs=
+cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q=
+cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
+cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
+cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
+cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
+cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU=
+cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY=
+cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0=
+cloud.google.com/go/kms v1.20.2/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc=
+cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk=
+cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM=
+cloud.google.com/go/longrunning v0.6.3 h1:A2q2vuyXysRcwzqDpMMLSI6mb6o39miS52UEG/Rd2ng=
+cloud.google.com/go/longrunning v0.6.3/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI=
+cloud.google.com/go/monitoring v1.22.0 h1:mQ0040B7dpuRq1+4YiQD43M2vW9HgoVxY98xhqGT+YI=
+cloud.google.com/go/monitoring v1.22.0/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU=
+cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8=
+cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw=
+cloud.google.com/go/storage v1.48.0 h1:FhBDHACbVtdPx7S/AbcKujPWiHvfO6F8OXGgCEbB2+o=
+cloud.google.com/go/storage v1.48.0/go.mod h1:aFoDYNMAjv67lp+xcuZqjUKv/ctmplzQ3wJgodA7b+M=
+cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI=
+cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
 filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
@@ -35,34 +42,38 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvUL
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 h1:xnO4sFyG8UH2fElBkcqLTOZsAajvKfnSlgBBW8dXYjw=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0/go.mod h1:XD3DIOOVgBCO03OleB1fHjgktVRFxlT++KwKgIOewdM=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=
-github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 h1:9fXQS/0TtQmKXp8SureKouF+idbQvp7cPUxykiohnBs=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1/go.mod h1:f+OaoSg0VQYPMqB0Jp2D54j1VHzITYcJaCNwV+k00ts=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0/go.mod h1:Wjo+24QJVhhl/L7jy6w9yzFF2yDOf3cKECAa8ecf9vE=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 h1:WLUIpeyv04H0RCcQHaA4TNoyrQ39Ox7V+re+iaqzTe0=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0/go.mod h1:hd8hTTIY3VmUVPRHNH7GVCHO3SHgXkJKZHReby/bnUQ=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 h1:o90wcURuxekmXrtxmYWTyNla0+ZEHhud6DI1ZTxd1vI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0/go.mod h1:6fTWu4m3jocfUZLYF5KsZC1TUfRvEjs7lM4crme/irw=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
-github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
+github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=
@@ -74,8 +85,8 @@ github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/
 github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton h1:ZGewsAoeSirbUS5cO8L0FMQA+iSop9xR1nmFYifDBPo=
-github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
+github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -88,38 +99,38 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
 github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 h1:xDAuZTn4IMm8o1LnBZvmrL8JA1io4o3YWNXgohbf20g=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5/go.mod h1:wYSv6iDS621sEFLfKvpPE2ugjTuGlAG7iROg0hLOkfc=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
 github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
 github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25 h1:HkpHeZMM39sGtMHVYG1buAg93vhj5d7F81y6G0OAbGc=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.25/go.mod h1:j3Vz04ZjaWA6kygOsZRpmWe4CyGqfqq2u3unDTU0QGA=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 h1:iLdpkYZ4cXIQMO7ud+cqMWR1xK5ESbt1rvN77tRi1BY=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43/go.mod h1:OgbsKPAswXDd5kxnR4vZov69p3oYjbvUyIRBAAV0y9o=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 h1:OWYvKL53l1rbsUmW7bQyJVsYU/Ii3bbAAQIIFNbM0Tk=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18/go.mod h1:CUx0G1v3wG6l01tUB+j7Y8kclA8NSqK4ef0YG79a4cg=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 h1:r67ps7oHCYnflpgDy2LZU0MAQtQbYIOqNNnqGO6xQkE=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25/go.mod h1:GrGY+Q4fIokYLtjCVB/aFfCVL6hhGUFl8inD18fDalE=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7 h1:R+5XKIJga2K9Dkj0/iQ6fD/MBGo02oxGGFTc512lK/Q=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7/go.mod h1:fDPQV/6ONOQOjvtKhtypIy1wcGLcKYtoK/lvZ9fyDGQ=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 h1:rTWjG6AvWekO2B1LHeM3ktU7MqyX9rzWQ7hgzneZW7E=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20/go.mod h1:RGW2DDpVc8hu6Y6yG8G5CHVmVOAn1oV8rNKOHRJyswg=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 h1:HCpPsWqmYQieU7SS6E9HXfdAMSud0pteVXieJmcpIRI=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6/go.mod h1:ngUiVRCco++u+soRRVBIvBZxSMMvOVMXA4PJ36JLfSw=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 h1:eb+tFOIl9ZsUe2259/BKPeniKuz4/02zZFH/i4Nf8Rg=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18/go.mod h1:GVCC2IJNJTmdlyEsSmofEy7EfJncP7DNnXDzRjJ5Keg=
-github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 h1:iHi6lC6LfW6SNvB2bixmlOW3WMyWFrHZCWX+P+CCxMk=
-github.com/aws/aws-sdk-go-v2/service/kms v1.36.3/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 h1:3zt8qqznMuAZWDTDpcwv9Xr11M/lVj2FsRR7oYBt0OA=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3/go.mod h1:NLTqRLe3pUNu3nTEHI6XlHLKYmc8fbHUdMxAB6+s41Q=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 h1:BbGDtTi0T1DYlmjBiCr/le3wzhA37O8QTC5/Ab8+EXk=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6/go.mod h1:hLMJt7Q8ePgViKupeymbqI0la+t9/iYFBjxQCFwuAwI=
+github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 h1:dZmNIRtPUvtvUIIDVNpvtnJQ8N8Iqm7SQAxf18htZYw=
+github.com/aws/aws-sdk-go-v2/service/kms v1.37.7/go.mod h1:vj8PlfJH9mnGeIzd6uMLPi5VgiqzGG7AZoe1kf1uTXM=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7 h1:Nyfbgei75bohfmZNxgN27i528dGYVzqWJGlAO6lzXy8=
 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7/go.mod h1:FG4p/DciRxPgjA+BEOlwRHN0iA8hX2h9g5buSy3cTDA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
@@ -146,54 +157,57 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bytedance/sonic v1.11.8 h1:Zw/j1KfiS+OYTi9lyB3bb0CFxPJVkM17k1wyDG32LRA=
-github.com/bytedance/sonic v1.11.8/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
-github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic v1.12.6 h1:/isNmCUF2x3Sh8RAp/4mh4ZGkcFAX/hLrzrK3AvpRzk=
+github.com/bytedance/sonic v1.12.6/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E=
+github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
+github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
 github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY=
-github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
+github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
+github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57 h1:put7Je9ZyxbHtwr7IqGrW4LLVUupJQ2gbsDshKISSgU=
+github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
 github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
 github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
-github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
+github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA=
+github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
 github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
 github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
-github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
 github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
-github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
-github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
-github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
-github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac=
+github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
+github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
+github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
+github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8=
-github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
+github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -202,16 +216,16 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiUFud7aeJCIQcgzugtwjyJo=
-github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY=
+github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic=
+github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ=
-github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc=
+github.com/docker/cli v27.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI=
-github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.4.0+incompatible h1:I9z7sQ5qyzO0BfAb9IMOawRkAGxhYsidKiTMcm0DU+A=
+github.com/docker/docker v27.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -230,35 +244,34 @@ github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtz
 github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE=
+github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw=
+github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
+github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
 github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
 github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
-github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
 github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
-github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
+github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
+github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
-github.com/getsops/sops/v3 v3.9.1 h1:wXsqzEsUPVQPcxsvjpwpqqD3DVRe9UZKJ7LSf5rzuLA=
-github.com/getsops/sops/v3 v3.9.1/go.mod h1:k3XzAfcvMI1Rfyw2tky0/RakHrdbVcUrtCGTYsmkMY8=
+github.com/getsops/sops/v3 v3.9.2 h1:Cuuahc/UGu7W3+NXd+mrl+2oXGxxj/jIPsw6Ah2CbxA=
+github.com/getsops/sops/v3 v3.9.2/go.mod h1:J8CMEdmPWT8gxFaNmPBSrc5NFd4uNndf8aFQwhD/ZR8=
 github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
 github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -271,8 +284,8 @@ github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8b
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
-github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
+github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
+github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwRqmw8b41MArUGFsGTnl24+/S40I0yrhKs=
@@ -303,12 +316,11 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
-github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
+github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
@@ -317,43 +329,28 @@ github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIx
 github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
+github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
@@ -367,23 +364,22 @@ github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
 github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM=
-github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
+github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
 github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
-github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
-github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
+github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
+github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
-github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
-github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
+github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
+github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
@@ -458,13 +454,13 @@ github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKu
 github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2 h1:JcYhVgX7jFN8QcoBxx8/kLxUyeUzE/JnGf5ntulNPPM=
+github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
 github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f h1:DXcOryOSs9LG2xd7LlllWOL8fPA8i4OTXJzHOPtz6hA=
 github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
@@ -489,17 +485,17 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
+github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -519,8 +515,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
-github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
@@ -541,12 +537,12 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.24.1 h1:PaVLelrNgT5/0ppPaUtey54tOVp245z33fkhL2jljjY=
-github.com/ohler55/ojg v1.24.1/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
-github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
-github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
-github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/ohler55/ojg v1.25.0 h1:sDwc4u4zex65Uz5Nm7O1QwDKTT+YRcpeZQTy1pffRkw=
+github.com/ohler55/ojg v1.25.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
+github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
+github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -559,8 +555,8 @@ github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -572,6 +568,8 @@ github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjL
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -580,17 +578,16 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
-github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
-github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
+github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ=
+github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -608,10 +605,10 @@ github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJ
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
-github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
+github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
@@ -628,8 +625,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
-github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
@@ -658,23 +655,24 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tkrajina/go-reflector v0.5.5/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
-github.com/tkrajina/go-reflector v0.5.6 h1:hKQ0gyocG7vgMD2M3dRlYN6WBBOmdoOzJ6njQSepKdE=
-github.com/tkrajina/go-reflector v0.5.6/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
-github.com/tkrajina/typescriptify-golang-structs v0.1.11 h1:zEIVczF/iWgs4eTY7NQqbBe23OVlFVk9sWLX/FDYi4Q=
-github.com/tkrajina/typescriptify-golang-structs v0.1.11/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
+github.com/tkrajina/go-reflector v0.5.8 h1:yPADHrwmUbMq4RGEyaOUpz2H90sRsETNVpjzo3DLVQQ=
+github.com/tkrajina/go-reflector v0.5.8/go.mod h1:ECbqLgccecY5kPmPmXg1MrHW585yMcDkVl6IvJe64T4=
+github.com/tkrajina/typescriptify-golang-structs v0.2.0 h1:ZedWk82egydDspGTryAatbX0/1NZDQbdiZLoCbOk4f8=
+github.com/tkrajina/typescriptify-golang-structs v0.2.0/go.mod h1:sjU00nti/PMEOZb07KljFlR+lJ+RotsC0GBQMv9EKls=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM=
-github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0=
-github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
-github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
+github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
+github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs=
+github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -695,14 +693,18 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4=
+go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
 go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI=
-go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts=
-go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
+go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
+go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
@@ -715,80 +717,65 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkE
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
 go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w=
 go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
-go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w=
-go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ=
-go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo=
-go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok=
-go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
-go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
-go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc=
-go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o=
+go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
+go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
+go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
+go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
+go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU=
+go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q=
+go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
+go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
-go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
-go.starlark.net v0.0.0-20240520160348-046347dcd104/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
-golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
+golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
-golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
+golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
-golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
-golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -806,77 +793,53 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
-golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
-golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
-golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
+golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs=
-google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg=
+google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI=
-google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
-google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484 h1:a/U5otbGrI6mYIO598WriFB1172i6Ktr6FGcatZD3Yw=
+google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484/go.mod h1:Gmd/M/W9fEyf6VSu/mWLnl+9Be51B9CLdxdsKokYq7Y=
+google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484 h1:ChAdCYNQFDk5fYvFZMywKLIijG7TC2m1C2CMEu11G3o=
+google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484/go.mod h1:KRUmxRI4JmbpAm8gcZM4Jsffi859fo5LQjILwuqj9z8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA=
+google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96 h1:BKPMqkDBseC6O6UiJQSibhqWnQgYtiApbOsxXYIGsPA=
+google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
+google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -902,47 +865,44 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY=
-helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
-k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
-k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
-k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
-k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
-k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
-k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
-k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk=
-k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U=
-k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
-k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
-k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=
-k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w=
+helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0=
+helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA=
+k8s.io/api v0.31.4 h1:I2QNzitPVsPeLQvexMEsj945QumYraqv9m74isPDKhM=
+k8s.io/api v0.31.4/go.mod h1:d+7vgXLvmcdT1BCo79VEgJxHHryww3V5np2OYTr6jdw=
+k8s.io/apiextensions-apiserver v0.31.4 h1:FxbqzSvy92Ca9DIs5jqot883G0Ln/PGXfm/07t39LS0=
+k8s.io/apiextensions-apiserver v0.31.4/go.mod h1:hIW9YU8UsqZqIWGG99/gsdIU0Ar45Qd3A12QOe/rvpg=
+k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM=
+k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.4 h1:JbtnTaXVYEAYIHJil6Wd74Wif9sd8jVcBw84kwEmp7o=
+k8s.io/apiserver v0.31.4/go.mod h1:JJjoTjZ9PTMLdIFq7mmcJy2B9xLN3HeAUebW6xZyIP0=
+k8s.io/cli-runtime v0.31.4 h1:iczCWiyXaotW+hyF5cWP8RnEYBCzZfJUF6otJ2m9mw0=
+k8s.io/cli-runtime v0.31.4/go.mod h1:0/pRzAH7qc0hWx40ut1R4jLqiy2w/KnbqdaAI2eFG8U=
+k8s.io/client-go v0.31.4 h1:t4QEXt4jgHIkKKlx06+W3+1JOwAFU/2OPiOo7H92eRQ=
+k8s.io/client-go v0.31.4/go.mod h1:kvuMro4sFYIa8sulL5Gi5GFqUPvfH2O/dXuKstbaaeg=
+k8s.io/component-base v0.31.4 h1:wCquJh4ul9O8nNBSB8N/o8+gbfu3BVQkVw9jAUY/Qtw=
+k8s.io/component-base v0.31.4/go.mod h1:G4dgtf5BccwiDT9DdejK0qM6zTK0jwDGEKnCmb9+u/s=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
-k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
-k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24=
-k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
-k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
+k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
+k8s.io/kubectl v0.31.4 h1:c8Af8xd1VjyoKyWMW0xHv2+tYxEjne8s6OOziMmaD10=
+k8s.io/kubectl v0.31.4/go.mod h1:0E0rpXg40Q57wRE6LB9su+4tmwx1IzZrmIEvhQPk0i4=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
-oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
-oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-sigs.k8s.io/cli-utils v0.36.0 h1:k7GM6LmIMydtvM6Ad91XuqKk0QEVL9bVbaiX1uvWIrA=
-sigs.k8s.io/cli-utils v0.36.0/go.mod h1:uCFC3BPXB3xHFQyKkWUlTrncVDCKzbdDfqZqRTCrk24=
-sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
-sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
+oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk=
+oras.land/oras-go v1.2.6/go.mod h1:OVPc1PegSEe/K8YiLfosrlqlqTN9PUyFvOw5Y9gwrT8=
+sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg=
+sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco=
+sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
+sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
-sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
-sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
-sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
+sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
+sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=
+sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
+sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/pkg/clouds/azure/keyvault.go b/pkg/clouds/azure/keyvault.go
index 8d7c38ab4..6f8f062fa 100644
--- a/pkg/clouds/azure/keyvault.go
+++ b/pkg/clouds/azure/keyvault.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
-	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets"
 )
 
 func GetAzureKeyVaultSecret(ctx context.Context, vaultUri string, secretName string) (string, error) {

From 13ed400ab782ecb7f04409d42a57dc902582bb84 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Mon, 16 Dec 2024 11:18:02 +0100
Subject: [PATCH 2223/2268] chore: Update protobuf tools and run make generate

---
 .github/workflows/tests.yml                  |   6 +-
 pkg/sourceoverride/sourceoverride.pb.go      | 126 ++++---------------
 pkg/sourceoverride/sourceoverride_grpc.pb.go |  91 +++++---------
 pkg/webui/ui/src/models.ts                   |  42 +++----
 4 files changed, 84 insertions(+), 181 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 2121ad07c..0cc6e9dc6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -36,13 +36,13 @@ jobs:
       - name: Install some tools
         run: |
           PB_REL="https://github.com/protocolbuffers/protobuf/releases"
-          PB_VER="27.1"
+          PB_VER="29.1"
           curl -LO $PB_REL/download/v$PB_VER/protoc-$PB_VER-linux-x86_64.zip
           sudo unzip protoc-$PB_VER-linux-x86_64.zip -d /usr/local
           rm protoc-$PB_VER-linux-x86_64.zip
 
-          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.31.0
-          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.3.0
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.35.2
+          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.5.1
       - name: Check links on changed files
         run: |
           make markdown-link-check
diff --git a/pkg/sourceoverride/sourceoverride.pb.go b/pkg/sourceoverride/sourceoverride.pb.go
index 8cfd4e918..8cee9e7ad 100644
--- a/pkg/sourceoverride/sourceoverride.pb.go
+++ b/pkg/sourceoverride/sourceoverride.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
-// 	protoc        v5.27.1
+// 	protoc-gen-go v1.35.2
+// 	protoc        v5.29.1
 // source: sourceoverride.proto
 
 package sourceoverride
@@ -31,11 +31,9 @@ type ProxyResponse struct {
 
 func (x *ProxyResponse) Reset() {
 	*x = ProxyResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sourceoverride_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_sourceoverride_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ProxyResponse) String() string {
@@ -46,7 +44,7 @@ func (*ProxyResponse) ProtoMessage() {}
 
 func (x *ProxyResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -86,11 +84,9 @@ type ProxyRequest struct {
 
 func (x *ProxyRequest) Reset() {
 	*x = ProxyRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sourceoverride_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_sourceoverride_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ProxyRequest) String() string {
@@ -101,7 +97,7 @@ func (*ProxyRequest) ProtoMessage() {}
 
 func (x *ProxyRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -145,11 +141,9 @@ type AuthMsg struct {
 
 func (x *AuthMsg) Reset() {
 	*x = AuthMsg{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sourceoverride_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_sourceoverride_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *AuthMsg) String() string {
@@ -160,7 +154,7 @@ func (*AuthMsg) ProtoMessage() {}
 
 func (x *AuthMsg) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -227,11 +221,9 @@ type ResolveOverrideRequest struct {
 
 func (x *ResolveOverrideRequest) Reset() {
 	*x = ResolveOverrideRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sourceoverride_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_sourceoverride_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ResolveOverrideRequest) String() string {
@@ -242,7 +234,7 @@ func (*ResolveOverrideRequest) ProtoMessage() {}
 
 func (x *ResolveOverrideRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -275,11 +267,9 @@ type ResolveOverrideResponse struct {
 
 func (x *ResolveOverrideResponse) Reset() {
 	*x = ResolveOverrideResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sourceoverride_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_sourceoverride_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ResolveOverrideResponse) String() string {
@@ -290,7 +280,7 @@ func (*ResolveOverrideResponse) ProtoMessage() {}
 
 func (x *ResolveOverrideResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_sourceoverride_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -402,7 +392,7 @@ func file_sourceoverride_proto_rawDescGZIP() []byte {
 }
 
 var file_sourceoverride_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
-var file_sourceoverride_proto_goTypes = []interface{}{
+var file_sourceoverride_proto_goTypes = []any{
 	(*ProxyResponse)(nil),           // 0: sourceoverride.ProxyResponse
 	(*ProxyRequest)(nil),            // 1: sourceoverride.ProxyRequest
 	(*AuthMsg)(nil),                 // 2: sourceoverride.AuthMsg
@@ -430,72 +420,10 @@ func file_sourceoverride_proto_init() {
 	if File_sourceoverride_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_sourceoverride_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sourceoverride_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sourceoverride_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthMsg); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sourceoverride_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResolveOverrideRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sourceoverride_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ResolveOverrideResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_sourceoverride_proto_msgTypes[0].OneofWrappers = []interface{}{}
-	file_sourceoverride_proto_msgTypes[1].OneofWrappers = []interface{}{}
-	file_sourceoverride_proto_msgTypes[2].OneofWrappers = []interface{}{}
-	file_sourceoverride_proto_msgTypes[4].OneofWrappers = []interface{}{}
+	file_sourceoverride_proto_msgTypes[0].OneofWrappers = []any{}
+	file_sourceoverride_proto_msgTypes[1].OneofWrappers = []any{}
+	file_sourceoverride_proto_msgTypes[2].OneofWrappers = []any{}
+	file_sourceoverride_proto_msgTypes[4].OneofWrappers = []any{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/pkg/sourceoverride/sourceoverride_grpc.pb.go b/pkg/sourceoverride/sourceoverride_grpc.pb.go
index eac3fccc4..58ca51f36 100644
--- a/pkg/sourceoverride/sourceoverride_grpc.pb.go
+++ b/pkg/sourceoverride/sourceoverride_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.3.0
-// - protoc             v5.27.1
+// - protoc-gen-go-grpc v1.5.1
+// - protoc             v5.29.1
 // source: sourceoverride.proto
 
 package sourceoverride
@@ -15,8 +15,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
 
 const (
 	Proxy_ProxyStream_FullMethodName     = "/sourceoverride.Proxy/ProxyStream"
@@ -27,7 +27,7 @@ const (
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type ProxyClient interface {
-	ProxyStream(ctx context.Context, opts ...grpc.CallOption) (Proxy_ProxyStreamClient, error)
+	ProxyStream(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[ProxyResponse, ProxyRequest], error)
 	ResolveOverride(ctx context.Context, in *ProxyRequest, opts ...grpc.CallOption) (*ResolveOverrideResponse, error)
 }
 
@@ -39,40 +39,23 @@ func NewProxyClient(cc grpc.ClientConnInterface) ProxyClient {
 	return &proxyClient{cc}
 }
 
-func (c *proxyClient) ProxyStream(ctx context.Context, opts ...grpc.CallOption) (Proxy_ProxyStreamClient, error) {
-	stream, err := c.cc.NewStream(ctx, &Proxy_ServiceDesc.Streams[0], Proxy_ProxyStream_FullMethodName, opts...)
+func (c *proxyClient) ProxyStream(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[ProxyResponse, ProxyRequest], error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	stream, err := c.cc.NewStream(ctx, &Proxy_ServiceDesc.Streams[0], Proxy_ProxyStream_FullMethodName, cOpts...)
 	if err != nil {
 		return nil, err
 	}
-	x := &proxyProxyStreamClient{stream}
+	x := &grpc.GenericClientStream[ProxyResponse, ProxyRequest]{ClientStream: stream}
 	return x, nil
 }
 
-type Proxy_ProxyStreamClient interface {
-	Send(*ProxyResponse) error
-	Recv() (*ProxyRequest, error)
-	grpc.ClientStream
-}
-
-type proxyProxyStreamClient struct {
-	grpc.ClientStream
-}
-
-func (x *proxyProxyStreamClient) Send(m *ProxyResponse) error {
-	return x.ClientStream.SendMsg(m)
-}
-
-func (x *proxyProxyStreamClient) Recv() (*ProxyRequest, error) {
-	m := new(ProxyRequest)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
+// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
+type Proxy_ProxyStreamClient = grpc.BidiStreamingClient[ProxyResponse, ProxyRequest]
 
 func (c *proxyClient) ResolveOverride(ctx context.Context, in *ProxyRequest, opts ...grpc.CallOption) (*ResolveOverrideResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(ResolveOverrideResponse)
-	err := c.cc.Invoke(ctx, Proxy_ResolveOverride_FullMethodName, in, out, opts...)
+	err := c.cc.Invoke(ctx, Proxy_ResolveOverride_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -81,24 +64,28 @@ func (c *proxyClient) ResolveOverride(ctx context.Context, in *ProxyRequest, opt
 
 // ProxyServer is the server API for Proxy service.
 // All implementations must embed UnimplementedProxyServer
-// for forward compatibility
+// for forward compatibility.
 type ProxyServer interface {
-	ProxyStream(Proxy_ProxyStreamServer) error
+	ProxyStream(grpc.BidiStreamingServer[ProxyResponse, ProxyRequest]) error
 	ResolveOverride(context.Context, *ProxyRequest) (*ResolveOverrideResponse, error)
 	mustEmbedUnimplementedProxyServer()
 }
 
-// UnimplementedProxyServer must be embedded to have forward compatible implementations.
-type UnimplementedProxyServer struct {
-}
+// UnimplementedProxyServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedProxyServer struct{}
 
-func (UnimplementedProxyServer) ProxyStream(Proxy_ProxyStreamServer) error {
+func (UnimplementedProxyServer) ProxyStream(grpc.BidiStreamingServer[ProxyResponse, ProxyRequest]) error {
 	return status.Errorf(codes.Unimplemented, "method ProxyStream not implemented")
 }
 func (UnimplementedProxyServer) ResolveOverride(context.Context, *ProxyRequest) (*ResolveOverrideResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResolveOverride not implemented")
 }
 func (UnimplementedProxyServer) mustEmbedUnimplementedProxyServer() {}
+func (UnimplementedProxyServer) testEmbeddedByValue()               {}
 
 // UnsafeProxyServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to ProxyServer will
@@ -108,34 +95,22 @@ type UnsafeProxyServer interface {
 }
 
 func RegisterProxyServer(s grpc.ServiceRegistrar, srv ProxyServer) {
+	// If the following call pancis, it indicates UnimplementedProxyServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
 	s.RegisterService(&Proxy_ServiceDesc, srv)
 }
 
 func _Proxy_ProxyStream_Handler(srv interface{}, stream grpc.ServerStream) error {
-	return srv.(ProxyServer).ProxyStream(&proxyProxyStreamServer{stream})
-}
-
-type Proxy_ProxyStreamServer interface {
-	Send(*ProxyRequest) error
-	Recv() (*ProxyResponse, error)
-	grpc.ServerStream
-}
-
-type proxyProxyStreamServer struct {
-	grpc.ServerStream
+	return srv.(ProxyServer).ProxyStream(&grpc.GenericServerStream[ProxyResponse, ProxyRequest]{ServerStream: stream})
 }
 
-func (x *proxyProxyStreamServer) Send(m *ProxyRequest) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func (x *proxyProxyStreamServer) Recv() (*ProxyResponse, error) {
-	m := new(ProxyResponse)
-	if err := x.ServerStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
+// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
+type Proxy_ProxyStreamServer = grpc.BidiStreamingServer[ProxyResponse, ProxyRequest]
 
 func _Proxy_ResolveOverride_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ProxyRequest)
diff --git a/pkg/webui/ui/src/models.ts b/pkg/webui/ui/src/models.ts
index f04ef6647..4e65a31a4 100644
--- a/pkg/webui/ui/src/models.ts
+++ b/pkg/webui/ui/src/models.ts
@@ -16,7 +16,7 @@ export class DeploymentError {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -74,7 +74,7 @@ export class ResultObject {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -164,7 +164,7 @@ export class HelmChartConfig {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -232,7 +232,7 @@ export class OciProject {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -308,7 +308,7 @@ export class DeploymentItemConfig {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -448,7 +448,7 @@ export class VarsSourceGitFiles {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -524,7 +524,7 @@ export class VarsSource {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -566,7 +566,7 @@ export class DeploymentProjectConfig {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -664,7 +664,7 @@ export class CommandInfo {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -724,7 +724,7 @@ export class FixedImage {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -762,7 +762,7 @@ export class AwsConfig {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -798,7 +798,7 @@ export class Target {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -876,7 +876,7 @@ export class CommandResult {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -942,7 +942,7 @@ export class CommandResultSummary {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -972,7 +972,7 @@ export class ValidateResultEntry {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1022,7 +1022,7 @@ export class ValidateResult {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1070,7 +1070,7 @@ export class ValidateResultSummary {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1108,7 +1108,7 @@ export class DriftedObject {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1154,7 +1154,7 @@ export class DriftDetectionResult {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1182,7 +1182,7 @@ export class ChangedObject {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {
@@ -1230,7 +1230,7 @@ export class ProjectTargetKey {
 	    if (!a) {
 	        return a;
 	    }
-	    if (a.slice) {
+	    if (Array.isArray(a)) {
 	        return (a as any[]).map(elem => this.convertValues(elem, classs));
 	    } else if ("object" === typeof a) {
 	        if (asMap) {

From 59d95db11423b1ab8e0d9f9d73642d20c28c71ec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Dec 2024 10:57:07 +0100
Subject: [PATCH 2224/2268] chore(deps): Bump
 github.com/distribution/distribution/v3 (#1239)

Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-rc.1.
- [Release notes](https://github.com/distribution/distribution/releases)
- [Commits](https://github.com/distribution/distribution/compare/v3.0.0-alpha.1...v3.0.0-rc.1)

---
updated-dependencies:
- dependency-name: github.com/distribution/distribution/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 25 +++++++++++++++----------
 go.sum | 50 ++++++++++++++++++++++++++++++--------------------
 2 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index f7fce648c..c6bf76685 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cyphar/filepath-securejoin v0.3.6
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/distribution/distribution/v3 v3.0.0-beta.1
+	github.com/distribution/distribution/v3 v3.0.0-rc.1
 	github.com/docker/cli v27.4.0+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
@@ -214,7 +214,7 @@ require (
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
@@ -292,21 +292,26 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/bridges/prometheus v0.54.0 // indirect
 	go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect
-	go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect
+	go.opentelemetry.io/contrib/exporters/autoexport v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
 	go.opentelemetry.io/otel v1.33.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect
-	go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.51.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0 // indirect
+	go.opentelemetry.io/otel/log v0.5.0 // indirect
 	go.opentelemetry.io/otel/metric v1.33.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
+	go.opentelemetry.io/otel/sdk/log v0.5.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect
 	go.opentelemetry.io/otel/trace v1.33.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
diff --git a/go.sum b/go.sum
index c628e2892..fb0b0c7d3 100644
--- a/go.sum
+++ b/go.sum
@@ -216,8 +216,8 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic=
-github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs=
+github.com/distribution/distribution/v3 v3.0.0-rc.1 h1:6M4ewmPBUhF7wtQ8URLOQ1W/PQuVKiD1u8ymwLDUGqQ=
+github.com/distribution/distribution/v3 v3.0.0-rc.1/go.mod h1:tFjaPDeHCrLg28e4feBIy27cP+qmrc/mvkl6MFIfVi4=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc=
@@ -394,8 +394,8 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -695,36 +695,46 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/bridges/prometheus v0.54.0 h1:WWL67oxtknNVMb70lJXxXruf8UyK/a9hmIE1XO3Uedg=
+go.opentelemetry.io/contrib/bridges/prometheus v0.54.0/go.mod h1:LqNcnXmyULp8ertk4hUTVtSUvKXj4h1Mx7gUCSSr/q0=
 go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4=
 go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI=
-go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw=
-go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU=
+go.opentelemetry.io/contrib/exporters/autoexport v0.54.0 h1:dTmcmVm4J54IRPGm5oVjLci1uYat4UDea84E2tyBaAk=
+go.opentelemetry.io/contrib/exporters/autoexport v0.54.0/go.mod h1:zPp5Fwpq2Hc7xMtVttg6GhZMcfTESjVbY9ONw2o/Dc4=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
 go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
 go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
-go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w=
-go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0 h1:4d++HQ+Ihdl+53zSjtsCUFDmNMju2FC9qFkUlTxPLqo=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0/go.mod h1:mQX5dTO3Mh5ZF7bPKDkt5c/7C41u/SiDr9XgTpzXXn8=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0 h1:k6fQVDQexDE+3jG2SfCQjnHS7OamcP73YMoxEVq5B6k=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0/go.mod h1:t4BrYLHU450Zo9fnydWlIuswB1bm7rM8havDpWOJeDo=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0 h1:xvhQxJ/C9+RTnAj5DpTg7LSM1vbbMTiXt7e9hsfqHNw=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0/go.mod h1:Fcvs2Bz1jkDM+Wf5/ozBGmi3tQ/c9zPKLnsipnfhGAo=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 h1:dIIDULZJpgdiHz5tXrTgKIMLkus6jEFa7x5SOKcyR7E=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0/go.mod h1:jlRVBe7+Z1wyxFSUs48L6OBQZ5JwH2Hg/Vbl+t9rAgI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 h1:nSiV3s7wiCam610XcLbYOmMfJxB9gO4uK3Xgv5gmTgg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0/go.mod h1:hKn/e/Nmd19/x1gvIHwtOwVWM+VhuITSWip3JUDghj0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 h1:JAv0Jwtl01UFiyWZEMiJZBiTlv5A50zNs8lsthXqIio=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0/go.mod h1:QNKLmUEAq2QUbPQUfvw4fmv0bgbK7UlOSFCnXyfvSNc=
+go.opentelemetry.io/otel/exporters/prometheus v0.51.0 h1:G7uexXb/K3T+T9fNLCCKncweEtNEBMTO+46hKX5EdKw=
+go.opentelemetry.io/otel/exporters/prometheus v0.51.0/go.mod h1:v0mFe5Kk7woIh938mrZBJBmENYquyA0IICrlYm4Y0t4=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0 h1:ThVXnEsdwNcxdBO+r96ci1xbF+PgNjwlk457VNuJODo=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0/go.mod h1:rHWcSmC4q2h3gje/yOq6sAOaq8+UHxN/Ru3BbmDXOfY=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
 go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0 h1:X3ZjNp36/WlkSYx0ul2jw4PtbNEDDeLskw3VPsrpYM0=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0/go.mod h1:2uL/xnOXh0CHOBFCWXz5u1A4GXLiW+0IQIzVbeOEQ0U=
+go.opentelemetry.io/otel/log v0.5.0 h1:x1Pr6Y3gnXgl1iFBwtGy1W/mnzENoK0w0ZoaeOI3i30=
+go.opentelemetry.io/otel/log v0.5.0/go.mod h1:NU/ozXeGuOR5/mjCRXYbTC00NFJ3NYuraV/7O78F0rE=
 go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
 go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
 go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
 go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
+go.opentelemetry.io/otel/sdk/log v0.5.0 h1:A+9lSjlZGxkQOr7QSBJcuyyYBw79CufQ69saiJLey7o=
+go.opentelemetry.io/otel/sdk/log v0.5.0/go.mod h1:zjxIW7sw1IHolZL2KlSAtrUi8JHttoeiQy43Yl3WuVQ=
 go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU=
 go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q=
 go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=

From b1332c9ee84ffe5d3f0eff832264c916a3ba503d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 13:17:37 +0100
Subject: [PATCH 2225/2268] tests: Only count gpg-agents of temporary gpg homes
 (#1245)

* tests: Only count gpg-agents of temporary gpg homes

* tests: Protect some envtest uses via mutex
---
 e2e/gitops_sops_test.go           |  9 ++++++++-
 e2e/test-utils/envtest_cluster.go | 13 +++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/e2e/gitops_sops_test.go b/e2e/gitops_sops_test.go
index 3aa4ff2ba..e584ceb3e 100644
--- a/e2e/gitops_sops_test.go
+++ b/e2e/gitops_sops_test.go
@@ -2,6 +2,7 @@ package e2e
 
 import (
 	"context"
+	"fmt"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	"github.com/kluctl/kluctl/v2/e2e/test_project"
 	"github.com/kluctl/kluctl/v2/pkg/utils/process"
@@ -11,6 +12,8 @@ import (
 	"github.com/stretchr/testify/suite"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"path"
 	"strings"
 	"testing"
 )
@@ -130,8 +133,12 @@ func (suite *GitOpsSopsSuite) TestGpgAgentKilled() {
 		pss, err := process.ListProcesses(context.Background())
 		g.Expect(err).To(Succeed())
 		count := 0
+		suite.T().Logf("counting gpg-agents")
 		for _, ps := range pss {
-			if strings.Index(ps.Command, "gpg-agent") != -1 && strings.Index(ps.Command, "--homedir") != -1 {
+			homeDirPrefix := path.Join(os.TempDir(), "gpg-")
+			homeDirArg := fmt.Sprintf("--homedir %s", homeDirPrefix)
+			if strings.Index(ps.Command, "gpg-agent") != -1 && strings.Index(ps.Command, homeDirArg) != -1 {
+				suite.T().Logf("gpg-agent: pid=%d, cmd=%s", ps.Pid, ps.Command)
 				count++
 			}
 		}
diff --git a/e2e/test-utils/envtest_cluster.go b/e2e/test-utils/envtest_cluster.go
index d3dcfe700..c960d2f0b 100644
--- a/e2e/test-utils/envtest_cluster.go
+++ b/e2e/test-utils/envtest_cluster.go
@@ -27,8 +27,9 @@ import (
 type EnvTestCluster struct {
 	CRDDirectoryPaths []string
 
-	env     envtest.Environment
-	started bool
+	env      envtest.Environment
+	envMutex sync.Mutex
+	started  bool
 
 	user       *envtest.AuthenticatedUser
 	Kubeconfig []byte
@@ -58,6 +59,9 @@ func CreateEnvTestCluster(context string) *EnvTestCluster {
 }
 
 func (k *EnvTestCluster) Start() error {
+	k.envMutex.Lock()
+	defer k.envMutex.Unlock()
+
 	k.env.CRDDirectoryPaths = k.CRDDirectoryPaths
 
 	_, err := k.env.Start()
@@ -123,6 +127,9 @@ func (k *EnvTestCluster) Start() error {
 }
 
 func (c *EnvTestCluster) Stop() {
+	c.envMutex.Lock()
+	defer c.envMutex.Unlock()
+
 	if c.started {
 		_ = c.env.Stop()
 		c.started = false
@@ -134,6 +141,8 @@ func (c *EnvTestCluster) Stop() {
 }
 
 func (c *EnvTestCluster) AddUser(user envtest.User, baseConfig *rest.Config) (*envtest.AuthenticatedUser, error) {
+	c.envMutex.Lock()
+	defer c.envMutex.Unlock()
 	return c.env.AddUser(user, baseConfig)
 }
 

From 40ffb39869e2325dabdf77432ccf330b97096710 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 14:14:43 +0100
Subject: [PATCH 2226/2268] ci: Add lib to dependabot

---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f51789778..9c5eb1995 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -26,3 +26,11 @@ updates:
       azure-sdk:
         patterns:
           - "*azure-sdk*"
+  - package-ecosystem: "gomod"
+    directory: "/lib"
+    schedule:
+      interval: "daily"
+    groups:
+      all:
+        patterns:
+          - "*"

From 587aa7c3e057352e6b6c439fcfd0b1f044fb3600 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 14:15:19 +0100
Subject: [PATCH 2227/2268] chore: Add go-jinja2 back into kluctl source, but
 under lib/go-jinja2

---
 lib/go-jinja2/.github/dependabot.yml          |   11 +
 lib/go-jinja2/.github/workflows/tests.yml     |   58 +
 lib/go-jinja2/.gitignore                      |    2 +
 lib/go-jinja2/LICENSE                         |  202 +
 lib/go-jinja2/README.md                       |   37 +
 lib/go-jinja2/example/main.go                 |   25 +
 lib/go-jinja2/go.mod                          |   29 +
 lib/go-jinja2/go.sum                          |   52 +
 .../MarkupSafe-2.1.5.dist-info/INSTALLER      |    1 +
 .../MarkupSafe-2.1.5.dist-info/LICENSE.rst    |   28 +
 .../MarkupSafe-2.1.5.dist-info/METADATA       |   93 +
 .../MarkupSafe-2.1.5.dist-info/RECORD         |   15 +
 .../MarkupSafe-2.1.5.dist-info/REQUESTED      |    0
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |    5 +
 .../MarkupSafe-2.1.5.dist-info/top_level.txt  |    1 +
 .../PyYAML-6.0.1.dist-info/INSTALLER          |    1 +
 .../PyYAML-6.0.1.dist-info/LICENSE            |   20 +
 .../PyYAML-6.0.1.dist-info/METADATA           |   46 +
 .../PyYAML-6.0.1.dist-info/RECORD             |   44 +
 .../PyYAML-6.0.1.dist-info/REQUESTED          |    0
 .../darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL |    5 +
 .../PyYAML-6.0.1.dist-info/top_level.txt      |    2 +
 .../data/darwin-amd64/_yaml/__init__.py       |   33 +
 .../data/darwin-amd64/bin/jsonpath_ng         |    8 +
 .../internal/data/darwin-amd64/bin/slugify    |    8 +
 .../click-8.1.7.dist-info/INSTALLER           |    1 +
 .../click-8.1.7.dist-info/LICENSE.rst         |   28 +
 .../click-8.1.7.dist-info/METADATA            |  103 +
 .../darwin-amd64/click-8.1.7.dist-info/RECORD |   40 +
 .../click-8.1.7.dist-info/REQUESTED           |    0
 .../darwin-amd64/click-8.1.7.dist-info/WHEEL  |    5 +
 .../click-8.1.7.dist-info/top_level.txt       |    1 +
 .../data/darwin-amd64/click/__init__.py       |   73 +
 .../data/darwin-amd64/click/_compat.py        |  623 +++
 .../data/darwin-amd64/click/_termui_impl.py   |  739 ++++
 .../data/darwin-amd64/click/_textwrap.py      |   49 +
 .../data/darwin-amd64/click/_winconsole.py    |  279 ++
 .../internal/data/darwin-amd64/click/core.py  | 3042 ++++++++++++++
 .../data/darwin-amd64/click/decorators.py     |  561 +++
 .../data/darwin-amd64/click/exceptions.py     |  288 ++
 .../data/darwin-amd64/click/formatting.py     |  301 ++
 .../data/darwin-amd64/click/globals.py        |   68 +
 .../data/darwin-amd64/click/parser.py         |  529 +++
 .../internal/data/darwin-amd64/click/py.typed |    0
 .../darwin-amd64/click/shell_completion.py    |  596 +++
 .../data/darwin-amd64/click/termui.py         |  784 ++++
 .../data/darwin-amd64/click/testing.py        |  479 +++
 .../internal/data/darwin-amd64/click/types.py | 1089 +++++
 .../internal/data/darwin-amd64/click/utils.py |  624 +++
 .../internal/data/darwin-amd64/files.json     |  888 +++++
 .../jinja2-3.1.4.dist-info/INSTALLER          |    1 +
 .../jinja2-3.1.4.dist-info/LICENSE.txt        |   28 +
 .../jinja2-3.1.4.dist-info/METADATA           |   76 +
 .../jinja2-3.1.4.dist-info/RECORD             |   58 +
 .../jinja2-3.1.4.dist-info/REQUESTED          |    0
 .../darwin-amd64/jinja2-3.1.4.dist-info/WHEEL |    4 +
 .../jinja2-3.1.4.dist-info/entry_points.txt   |    3 +
 .../data/darwin-amd64/jinja2/__init__.py      |   38 +
 .../data/darwin-amd64/jinja2/_identifier.py   |    6 +
 .../data/darwin-amd64/jinja2/async_utils.py   |   84 +
 .../data/darwin-amd64/jinja2/bccache.py       |  408 ++
 .../data/darwin-amd64/jinja2/compiler.py      | 1960 +++++++++
 .../data/darwin-amd64/jinja2/constants.py     |   20 +
 .../data/darwin-amd64/jinja2/debug.py         |  191 +
 .../data/darwin-amd64/jinja2/defaults.py      |   48 +
 .../data/darwin-amd64/jinja2/environment.py   | 1675 ++++++++
 .../data/darwin-amd64/jinja2/exceptions.py    |  166 +
 .../internal/data/darwin-amd64/jinja2/ext.py  |  870 ++++
 .../data/darwin-amd64/jinja2/filters.py       | 1866 +++++++++
 .../data/darwin-amd64/jinja2/idtracking.py    |  318 ++
 .../data/darwin-amd64/jinja2/lexer.py         |  868 ++++
 .../data/darwin-amd64/jinja2/loaders.py       |  667 ++++
 .../internal/data/darwin-amd64/jinja2/meta.py |  112 +
 .../data/darwin-amd64/jinja2/nativetypes.py   |  130 +
 .../data/darwin-amd64/jinja2/nodes.py         | 1206 ++++++
 .../data/darwin-amd64/jinja2/optimizer.py     |   48 +
 .../data/darwin-amd64/jinja2/parser.py        | 1041 +++++
 .../data/darwin-amd64/jinja2/py.typed         |    0
 .../data/darwin-amd64/jinja2/runtime.py       | 1056 +++++
 .../data/darwin-amd64/jinja2/sandbox.py       |  429 ++
 .../data/darwin-amd64/jinja2/tests.py         |  256 ++
 .../data/darwin-amd64/jinja2/utils.py         |  755 ++++
 .../data/darwin-amd64/jinja2/visitor.py       |   92 +
 .../jsonpath_ng-1.6.1.dist-info/INSTALLER     |    1 +
 .../jsonpath_ng-1.6.1.dist-info/LICENSE       |  202 +
 .../jsonpath_ng-1.6.1.dist-info/METADATA      |  379 ++
 .../jsonpath_ng-1.6.1.dist-info/RECORD        |   35 +
 .../jsonpath_ng-1.6.1.dist-info/REQUESTED     |    0
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |    5 +
 .../entry_points.txt                          |    2 +
 .../jsonpath_ng-1.6.1.dist-info/top_level.txt |    1 +
 .../data/darwin-amd64/jsonpath_ng/__init__.py |    6 +
 .../darwin-amd64/jsonpath_ng/bin/__init__.py  |    0
 .../darwin-amd64/jsonpath_ng/bin/jsonpath.py  |   68 +
 .../darwin-amd64/jsonpath_ng/exceptions.py    |   10 +
 .../darwin-amd64/jsonpath_ng/ext/__init__.py  |   15 +
 .../jsonpath_ng/ext/arithmetic.py             |   72 +
 .../darwin-amd64/jsonpath_ng/ext/filter.py    |  140 +
 .../darwin-amd64/jsonpath_ng/ext/iterable.py  |  118 +
 .../darwin-amd64/jsonpath_ng/ext/parser.py    |  174 +
 .../darwin-amd64/jsonpath_ng/ext/string.py    |  117 +
 .../data/darwin-amd64/jsonpath_ng/jsonpath.py |  815 ++++
 .../data/darwin-amd64/jsonpath_ng/lexer.py    |  171 +
 .../data/darwin-amd64/jsonpath_ng/parser.py   |  199 +
 .../data/darwin-amd64/markupsafe/__init__.py  |  332 ++
 .../data/darwin-amd64/markupsafe/_native.py   |   63 +
 .../data/darwin-amd64/markupsafe/_speedups.c  |  320 ++
 .../_speedups.cpython-311-darwin.so.gz        |  Bin 0 -> 3830 bytes
 .../darwin-amd64/markupsafe/_speedups.pyi     |    9 +
 .../data/darwin-amd64/markupsafe/py.typed     |    0
 .../ply-3.11.dist-info/DESCRIPTION.rst        |   12 +
 .../darwin-amd64/ply-3.11.dist-info/INSTALLER |    1 +
 .../darwin-amd64/ply-3.11.dist-info/METADATA  |   25 +
 .../darwin-amd64/ply-3.11.dist-info/RECORD    |   19 +
 .../darwin-amd64/ply-3.11.dist-info/WHEEL     |    6 +
 .../ply-3.11.dist-info/metadata.json          |    1 +
 .../ply-3.11.dist-info/top_level.txt          |    1 +
 .../data/darwin-amd64/ply/__init__.py         |    5 +
 .../internal/data/darwin-amd64/ply/cpp.py     |  914 +++++
 .../internal/data/darwin-amd64/ply/ctokens.py |  127 +
 .../internal/data/darwin-amd64/ply/lex.py     | 1098 ++++++
 .../internal/data/darwin-amd64/ply/yacc.py    | 3502 +++++++++++++++++
 .../internal/data/darwin-amd64/ply/ygen.py    |   69 +
 .../python_slugify-8.0.4.dist-info/INSTALLER  |    1 +
 .../python_slugify-8.0.4.dist-info/LICENSE    |   21 +
 .../python_slugify-8.0.4.dist-info/METADATA   |  246 ++
 .../python_slugify-8.0.4.dist-info/RECORD     |   20 +
 .../python_slugify-8.0.4.dist-info/REQUESTED  |    0
 .../python_slugify-8.0.4.dist-info/WHEEL      |    6 +
 .../entry_points.txt                          |    2 +
 .../top_level.txt                             |    1 +
 .../data/darwin-amd64/slugify/__init__.py     |   10 +
 .../data/darwin-amd64/slugify/__main__.py     |   98 +
 .../data/darwin-amd64/slugify/__version__.py  |    8 +
 .../data/darwin-amd64/slugify/py.typed        |    0
 .../data/darwin-amd64/slugify/slugify.py      |  197 +
 .../data/darwin-amd64/slugify/special.py      |   47 +
 .../DESCRIPTION.rst                           |   46 +
 .../text_unidecode-1.3.dist-info/INSTALLER    |    1 +
 .../text_unidecode-1.3.dist-info/LICENSE.txt  |  134 +
 .../text_unidecode-1.3.dist-info/METADATA     |   73 +
 .../text_unidecode-1.3.dist-info/RECORD       |   11 +
 .../text_unidecode-1.3.dist-info/WHEEL        |    6 +
 .../metadata.json                             |    1 +
 .../top_level.txt                             |    1 +
 .../darwin-amd64/text_unidecode/__init__.py   |   21 +
 .../darwin-amd64/text_unidecode/data.bin.gz   |  Bin 0 -> 70243 bytes
 .../data/darwin-amd64/yaml/__init__.py        |  390 ++
 .../yaml/_yaml.cpython-311-darwin.so.gz       |  Bin 0 -> 144485 bytes
 .../data/darwin-amd64/yaml/composer.py        |  139 +
 .../data/darwin-amd64/yaml/constructor.py     |  748 ++++
 .../internal/data/darwin-amd64/yaml/cyaml.py  |  101 +
 .../internal/data/darwin-amd64/yaml/dumper.py |   62 +
 .../data/darwin-amd64/yaml/emitter.py         | 1137 ++++++
 .../internal/data/darwin-amd64/yaml/error.py  |   75 +
 .../internal/data/darwin-amd64/yaml/events.py |   86 +
 .../internal/data/darwin-amd64/yaml/loader.py |   63 +
 .../internal/data/darwin-amd64/yaml/nodes.py  |   49 +
 .../internal/data/darwin-amd64/yaml/parser.py |  589 +++
 .../internal/data/darwin-amd64/yaml/reader.py |  185 +
 .../data/darwin-amd64/yaml/representer.py     |  389 ++
 .../data/darwin-amd64/yaml/resolver.py        |  227 ++
 .../data/darwin-amd64/yaml/scanner.py         | 1435 +++++++
 .../data/darwin-amd64/yaml/serializer.py      |  111 +
 .../internal/data/darwin-amd64/yaml/tokens.py |  104 +
 .../MarkupSafe-2.1.5.dist-info/INSTALLER      |    1 +
 .../MarkupSafe-2.1.5.dist-info/LICENSE.rst    |   28 +
 .../MarkupSafe-2.1.5.dist-info/METADATA       |   93 +
 .../MarkupSafe-2.1.5.dist-info/RECORD         |   15 +
 .../MarkupSafe-2.1.5.dist-info/REQUESTED      |    0
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |    5 +
 .../MarkupSafe-2.1.5.dist-info/top_level.txt  |    1 +
 .../PyYAML-6.0.1.dist-info/INSTALLER          |    1 +
 .../PyYAML-6.0.1.dist-info/LICENSE            |   20 +
 .../PyYAML-6.0.1.dist-info/METADATA           |   46 +
 .../PyYAML-6.0.1.dist-info/RECORD             |   44 +
 .../PyYAML-6.0.1.dist-info/REQUESTED          |    0
 .../darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL |    5 +
 .../PyYAML-6.0.1.dist-info/top_level.txt      |    2 +
 .../data/darwin-arm64/_yaml/__init__.py       |   33 +
 .../data/darwin-arm64/bin/jsonpath_ng         |    8 +
 .../internal/data/darwin-arm64/bin/slugify    |    8 +
 .../click-8.1.7.dist-info/INSTALLER           |    1 +
 .../click-8.1.7.dist-info/LICENSE.rst         |   28 +
 .../click-8.1.7.dist-info/METADATA            |  103 +
 .../darwin-arm64/click-8.1.7.dist-info/RECORD |   40 +
 .../click-8.1.7.dist-info/REQUESTED           |    0
 .../darwin-arm64/click-8.1.7.dist-info/WHEEL  |    5 +
 .../click-8.1.7.dist-info/top_level.txt       |    1 +
 .../data/darwin-arm64/click/__init__.py       |   73 +
 .../data/darwin-arm64/click/_compat.py        |  623 +++
 .../data/darwin-arm64/click/_termui_impl.py   |  739 ++++
 .../data/darwin-arm64/click/_textwrap.py      |   49 +
 .../data/darwin-arm64/click/_winconsole.py    |  279 ++
 .../internal/data/darwin-arm64/click/core.py  | 3042 ++++++++++++++
 .../data/darwin-arm64/click/decorators.py     |  561 +++
 .../data/darwin-arm64/click/exceptions.py     |  288 ++
 .../data/darwin-arm64/click/formatting.py     |  301 ++
 .../data/darwin-arm64/click/globals.py        |   68 +
 .../data/darwin-arm64/click/parser.py         |  529 +++
 .../internal/data/darwin-arm64/click/py.typed |    0
 .../darwin-arm64/click/shell_completion.py    |  596 +++
 .../data/darwin-arm64/click/termui.py         |  784 ++++
 .../data/darwin-arm64/click/testing.py        |  479 +++
 .../internal/data/darwin-arm64/click/types.py | 1089 +++++
 .../internal/data/darwin-arm64/click/utils.py |  624 +++
 .../internal/data/darwin-arm64/files.json     |  888 +++++
 .../jinja2-3.1.4.dist-info/INSTALLER          |    1 +
 .../jinja2-3.1.4.dist-info/LICENSE.txt        |   28 +
 .../jinja2-3.1.4.dist-info/METADATA           |   76 +
 .../jinja2-3.1.4.dist-info/RECORD             |   58 +
 .../jinja2-3.1.4.dist-info/REQUESTED          |    0
 .../darwin-arm64/jinja2-3.1.4.dist-info/WHEEL |    4 +
 .../jinja2-3.1.4.dist-info/entry_points.txt   |    3 +
 .../data/darwin-arm64/jinja2/__init__.py      |   38 +
 .../data/darwin-arm64/jinja2/_identifier.py   |    6 +
 .../data/darwin-arm64/jinja2/async_utils.py   |   84 +
 .../data/darwin-arm64/jinja2/bccache.py       |  408 ++
 .../data/darwin-arm64/jinja2/compiler.py      | 1960 +++++++++
 .../data/darwin-arm64/jinja2/constants.py     |   20 +
 .../data/darwin-arm64/jinja2/debug.py         |  191 +
 .../data/darwin-arm64/jinja2/defaults.py      |   48 +
 .../data/darwin-arm64/jinja2/environment.py   | 1675 ++++++++
 .../data/darwin-arm64/jinja2/exceptions.py    |  166 +
 .../internal/data/darwin-arm64/jinja2/ext.py  |  870 ++++
 .../data/darwin-arm64/jinja2/filters.py       | 1866 +++++++++
 .../data/darwin-arm64/jinja2/idtracking.py    |  318 ++
 .../data/darwin-arm64/jinja2/lexer.py         |  868 ++++
 .../data/darwin-arm64/jinja2/loaders.py       |  667 ++++
 .../internal/data/darwin-arm64/jinja2/meta.py |  112 +
 .../data/darwin-arm64/jinja2/nativetypes.py   |  130 +
 .../data/darwin-arm64/jinja2/nodes.py         | 1206 ++++++
 .../data/darwin-arm64/jinja2/optimizer.py     |   48 +
 .../data/darwin-arm64/jinja2/parser.py        | 1041 +++++
 .../data/darwin-arm64/jinja2/py.typed         |    0
 .../data/darwin-arm64/jinja2/runtime.py       | 1056 +++++
 .../data/darwin-arm64/jinja2/sandbox.py       |  429 ++
 .../data/darwin-arm64/jinja2/tests.py         |  256 ++
 .../data/darwin-arm64/jinja2/utils.py         |  755 ++++
 .../data/darwin-arm64/jinja2/visitor.py       |   92 +
 .../jsonpath_ng-1.6.1.dist-info/INSTALLER     |    1 +
 .../jsonpath_ng-1.6.1.dist-info/LICENSE       |  202 +
 .../jsonpath_ng-1.6.1.dist-info/METADATA      |  379 ++
 .../jsonpath_ng-1.6.1.dist-info/RECORD        |   35 +
 .../jsonpath_ng-1.6.1.dist-info/REQUESTED     |    0
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |    5 +
 .../entry_points.txt                          |    2 +
 .../jsonpath_ng-1.6.1.dist-info/top_level.txt |    1 +
 .../data/darwin-arm64/jsonpath_ng/__init__.py |    6 +
 .../darwin-arm64/jsonpath_ng/bin/__init__.py  |    0
 .../darwin-arm64/jsonpath_ng/bin/jsonpath.py  |   68 +
 .../darwin-arm64/jsonpath_ng/exceptions.py    |   10 +
 .../darwin-arm64/jsonpath_ng/ext/__init__.py  |   15 +
 .../jsonpath_ng/ext/arithmetic.py             |   72 +
 .../darwin-arm64/jsonpath_ng/ext/filter.py    |  140 +
 .../darwin-arm64/jsonpath_ng/ext/iterable.py  |  118 +
 .../darwin-arm64/jsonpath_ng/ext/parser.py    |  174 +
 .../darwin-arm64/jsonpath_ng/ext/string.py    |  117 +
 .../data/darwin-arm64/jsonpath_ng/jsonpath.py |  815 ++++
 .../data/darwin-arm64/jsonpath_ng/lexer.py    |  171 +
 .../data/darwin-arm64/jsonpath_ng/parser.py   |  199 +
 .../data/darwin-arm64/markupsafe/__init__.py  |  332 ++
 .../data/darwin-arm64/markupsafe/_native.py   |   63 +
 .../data/darwin-arm64/markupsafe/_speedups.c  |  320 ++
 .../_speedups.cpython-311-darwin.so.gz        |  Bin 0 -> 8041 bytes
 .../darwin-arm64/markupsafe/_speedups.pyi     |    9 +
 .../data/darwin-arm64/markupsafe/py.typed     |    0
 .../ply-3.11.dist-info/DESCRIPTION.rst        |   12 +
 .../darwin-arm64/ply-3.11.dist-info/INSTALLER |    1 +
 .../darwin-arm64/ply-3.11.dist-info/METADATA  |   25 +
 .../darwin-arm64/ply-3.11.dist-info/RECORD    |   19 +
 .../darwin-arm64/ply-3.11.dist-info/WHEEL     |    6 +
 .../ply-3.11.dist-info/metadata.json          |    1 +
 .../ply-3.11.dist-info/top_level.txt          |    1 +
 .../data/darwin-arm64/ply/__init__.py         |    5 +
 .../internal/data/darwin-arm64/ply/cpp.py     |  914 +++++
 .../internal/data/darwin-arm64/ply/ctokens.py |  127 +
 .../internal/data/darwin-arm64/ply/lex.py     | 1098 ++++++
 .../internal/data/darwin-arm64/ply/yacc.py    | 3502 +++++++++++++++++
 .../internal/data/darwin-arm64/ply/ygen.py    |   69 +
 .../python_slugify-8.0.4.dist-info/INSTALLER  |    1 +
 .../python_slugify-8.0.4.dist-info/LICENSE    |   21 +
 .../python_slugify-8.0.4.dist-info/METADATA   |  246 ++
 .../python_slugify-8.0.4.dist-info/RECORD     |   20 +
 .../python_slugify-8.0.4.dist-info/REQUESTED  |    0
 .../python_slugify-8.0.4.dist-info/WHEEL      |    6 +
 .../entry_points.txt                          |    2 +
 .../top_level.txt                             |    1 +
 .../data/darwin-arm64/slugify/__init__.py     |   10 +
 .../data/darwin-arm64/slugify/__main__.py     |   98 +
 .../data/darwin-arm64/slugify/__version__.py  |    8 +
 .../data/darwin-arm64/slugify/py.typed        |    0
 .../data/darwin-arm64/slugify/slugify.py      |  197 +
 .../data/darwin-arm64/slugify/special.py      |   47 +
 .../DESCRIPTION.rst                           |   46 +
 .../text_unidecode-1.3.dist-info/INSTALLER    |    1 +
 .../text_unidecode-1.3.dist-info/LICENSE.txt  |  134 +
 .../text_unidecode-1.3.dist-info/METADATA     |   73 +
 .../text_unidecode-1.3.dist-info/RECORD       |   11 +
 .../text_unidecode-1.3.dist-info/WHEEL        |    6 +
 .../metadata.json                             |    1 +
 .../top_level.txt                             |    1 +
 .../darwin-arm64/text_unidecode/__init__.py   |   21 +
 .../darwin-arm64/text_unidecode/data.bin.gz   |  Bin 0 -> 70243 bytes
 .../data/darwin-arm64/yaml/__init__.py        |  390 ++
 .../yaml/_yaml.cpython-311-darwin.so.gz       |  Bin 0 -> 125900 bytes
 .../data/darwin-arm64/yaml/composer.py        |  139 +
 .../data/darwin-arm64/yaml/constructor.py     |  748 ++++
 .../internal/data/darwin-arm64/yaml/cyaml.py  |  101 +
 .../internal/data/darwin-arm64/yaml/dumper.py |   62 +
 .../data/darwin-arm64/yaml/emitter.py         | 1137 ++++++
 .../internal/data/darwin-arm64/yaml/error.py  |   75 +
 .../internal/data/darwin-arm64/yaml/events.py |   86 +
 .../internal/data/darwin-arm64/yaml/loader.py |   63 +
 .../internal/data/darwin-arm64/yaml/nodes.py  |   49 +
 .../internal/data/darwin-arm64/yaml/parser.py |  589 +++
 .../internal/data/darwin-arm64/yaml/reader.py |  185 +
 .../data/darwin-arm64/yaml/representer.py     |  389 ++
 .../data/darwin-arm64/yaml/resolver.py        |  227 ++
 .../data/darwin-arm64/yaml/scanner.py         | 1435 +++++++
 .../data/darwin-arm64/yaml/serializer.py      |  111 +
 .../internal/data/darwin-arm64/yaml/tokens.py |  104 +
 .../internal/data/embed_darwin_amd64.go       |   11 +
 .../internal/data/embed_darwin_arm64.go       |   11 +
 .../internal/data/embed_linux_amd64.go        |   11 +
 .../internal/data/embed_linux_arm64.go        |   11 +
 .../internal/data/embed_windows_amd64.go      |   11 +
 .../MarkupSafe-2.1.5.dist-info/INSTALLER      |    1 +
 .../MarkupSafe-2.1.5.dist-info/LICENSE.rst    |   28 +
 .../MarkupSafe-2.1.5.dist-info/METADATA       |   93 +
 .../MarkupSafe-2.1.5.dist-info/RECORD         |   15 +
 .../MarkupSafe-2.1.5.dist-info/REQUESTED      |    0
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |    6 +
 .../MarkupSafe-2.1.5.dist-info/top_level.txt  |    1 +
 .../PyYAML-6.0.1.dist-info/INSTALLER          |    1 +
 .../PyYAML-6.0.1.dist-info/LICENSE            |   20 +
 .../PyYAML-6.0.1.dist-info/METADATA           |   46 +
 .../linux-amd64/PyYAML-6.0.1.dist-info/RECORD |   44 +
 .../PyYAML-6.0.1.dist-info/REQUESTED          |    0
 .../linux-amd64/PyYAML-6.0.1.dist-info/WHEEL  |    6 +
 .../PyYAML-6.0.1.dist-info/top_level.txt      |    2 +
 .../data/linux-amd64/_yaml/__init__.py        |   33 +
 .../internal/data/linux-amd64/bin/jsonpath_ng |    8 +
 .../internal/data/linux-amd64/bin/slugify     |    8 +
 .../click-8.1.7.dist-info/INSTALLER           |    1 +
 .../click-8.1.7.dist-info/LICENSE.rst         |   28 +
 .../click-8.1.7.dist-info/METADATA            |  103 +
 .../linux-amd64/click-8.1.7.dist-info/RECORD  |   40 +
 .../click-8.1.7.dist-info/REQUESTED           |    0
 .../linux-amd64/click-8.1.7.dist-info/WHEEL   |    5 +
 .../click-8.1.7.dist-info/top_level.txt       |    1 +
 .../data/linux-amd64/click/__init__.py        |   73 +
 .../data/linux-amd64/click/_compat.py         |  623 +++
 .../data/linux-amd64/click/_termui_impl.py    |  739 ++++
 .../data/linux-amd64/click/_textwrap.py       |   49 +
 .../data/linux-amd64/click/_winconsole.py     |  279 ++
 .../internal/data/linux-amd64/click/core.py   | 3042 ++++++++++++++
 .../data/linux-amd64/click/decorators.py      |  561 +++
 .../data/linux-amd64/click/exceptions.py      |  288 ++
 .../data/linux-amd64/click/formatting.py      |  301 ++
 .../data/linux-amd64/click/globals.py         |   68 +
 .../internal/data/linux-amd64/click/parser.py |  529 +++
 .../internal/data/linux-amd64/click/py.typed  |    0
 .../linux-amd64/click/shell_completion.py     |  596 +++
 .../internal/data/linux-amd64/click/termui.py |  784 ++++
 .../data/linux-amd64/click/testing.py         |  479 +++
 .../internal/data/linux-amd64/click/types.py  | 1089 +++++
 .../internal/data/linux-amd64/click/utils.py  |  624 +++
 .../internal/data/linux-amd64/files.json      |  888 +++++
 .../jinja2-3.1.4.dist-info/INSTALLER          |    1 +
 .../jinja2-3.1.4.dist-info/LICENSE.txt        |   28 +
 .../jinja2-3.1.4.dist-info/METADATA           |   76 +
 .../linux-amd64/jinja2-3.1.4.dist-info/RECORD |   58 +
 .../jinja2-3.1.4.dist-info/REQUESTED          |    0
 .../linux-amd64/jinja2-3.1.4.dist-info/WHEEL  |    4 +
 .../jinja2-3.1.4.dist-info/entry_points.txt   |    3 +
 .../data/linux-amd64/jinja2/__init__.py       |   38 +
 .../data/linux-amd64/jinja2/_identifier.py    |    6 +
 .../data/linux-amd64/jinja2/async_utils.py    |   84 +
 .../data/linux-amd64/jinja2/bccache.py        |  408 ++
 .../data/linux-amd64/jinja2/compiler.py       | 1960 +++++++++
 .../data/linux-amd64/jinja2/constants.py      |   20 +
 .../internal/data/linux-amd64/jinja2/debug.py |  191 +
 .../data/linux-amd64/jinja2/defaults.py       |   48 +
 .../data/linux-amd64/jinja2/environment.py    | 1675 ++++++++
 .../data/linux-amd64/jinja2/exceptions.py     |  166 +
 .../internal/data/linux-amd64/jinja2/ext.py   |  870 ++++
 .../data/linux-amd64/jinja2/filters.py        | 1866 +++++++++
 .../data/linux-amd64/jinja2/idtracking.py     |  318 ++
 .../internal/data/linux-amd64/jinja2/lexer.py |  868 ++++
 .../data/linux-amd64/jinja2/loaders.py        |  667 ++++
 .../internal/data/linux-amd64/jinja2/meta.py  |  112 +
 .../data/linux-amd64/jinja2/nativetypes.py    |  130 +
 .../internal/data/linux-amd64/jinja2/nodes.py | 1206 ++++++
 .../data/linux-amd64/jinja2/optimizer.py      |   48 +
 .../data/linux-amd64/jinja2/parser.py         | 1041 +++++
 .../internal/data/linux-amd64/jinja2/py.typed |    0
 .../data/linux-amd64/jinja2/runtime.py        | 1056 +++++
 .../data/linux-amd64/jinja2/sandbox.py        |  429 ++
 .../internal/data/linux-amd64/jinja2/tests.py |  256 ++
 .../internal/data/linux-amd64/jinja2/utils.py |  755 ++++
 .../data/linux-amd64/jinja2/visitor.py        |   92 +
 .../jsonpath_ng-1.6.1.dist-info/INSTALLER     |    1 +
 .../jsonpath_ng-1.6.1.dist-info/LICENSE       |  202 +
 .../jsonpath_ng-1.6.1.dist-info/METADATA      |  379 ++
 .../jsonpath_ng-1.6.1.dist-info/RECORD        |   35 +
 .../jsonpath_ng-1.6.1.dist-info/REQUESTED     |    0
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |    5 +
 .../entry_points.txt                          |    2 +
 .../jsonpath_ng-1.6.1.dist-info/top_level.txt |    1 +
 .../data/linux-amd64/jsonpath_ng/__init__.py  |    6 +
 .../linux-amd64/jsonpath_ng/bin/__init__.py   |    0
 .../linux-amd64/jsonpath_ng/bin/jsonpath.py   |   68 +
 .../linux-amd64/jsonpath_ng/exceptions.py     |   10 +
 .../linux-amd64/jsonpath_ng/ext/__init__.py   |   15 +
 .../linux-amd64/jsonpath_ng/ext/arithmetic.py |   72 +
 .../linux-amd64/jsonpath_ng/ext/filter.py     |  140 +
 .../linux-amd64/jsonpath_ng/ext/iterable.py   |  118 +
 .../linux-amd64/jsonpath_ng/ext/parser.py     |  174 +
 .../linux-amd64/jsonpath_ng/ext/string.py     |  117 +
 .../data/linux-amd64/jsonpath_ng/jsonpath.py  |  815 ++++
 .../data/linux-amd64/jsonpath_ng/lexer.py     |  171 +
 .../data/linux-amd64/jsonpath_ng/parser.py    |  199 +
 .../data/linux-amd64/markupsafe/__init__.py   |  332 ++
 .../data/linux-amd64/markupsafe/_native.py    |   63 +
 .../data/linux-amd64/markupsafe/_speedups.c   |  320 ++
 ...peedups.cpython-311-x86_64-linux-gnu.so.gz |  Bin 0 -> 18030 bytes
 .../data/linux-amd64/markupsafe/_speedups.pyi |    9 +
 .../data/linux-amd64/markupsafe/py.typed      |    0
 .../ply-3.11.dist-info/DESCRIPTION.rst        |   12 +
 .../linux-amd64/ply-3.11.dist-info/INSTALLER  |    1 +
 .../linux-amd64/ply-3.11.dist-info/METADATA   |   25 +
 .../linux-amd64/ply-3.11.dist-info/RECORD     |   19 +
 .../data/linux-amd64/ply-3.11.dist-info/WHEEL |    6 +
 .../ply-3.11.dist-info/metadata.json          |    1 +
 .../ply-3.11.dist-info/top_level.txt          |    1 +
 .../internal/data/linux-amd64/ply/__init__.py |    5 +
 .../internal/data/linux-amd64/ply/cpp.py      |  914 +++++
 .../internal/data/linux-amd64/ply/ctokens.py  |  127 +
 .../internal/data/linux-amd64/ply/lex.py      | 1098 ++++++
 .../internal/data/linux-amd64/ply/yacc.py     | 3502 +++++++++++++++++
 .../internal/data/linux-amd64/ply/ygen.py     |   69 +
 .../python_slugify-8.0.4.dist-info/INSTALLER  |    1 +
 .../python_slugify-8.0.4.dist-info/LICENSE    |   21 +
 .../python_slugify-8.0.4.dist-info/METADATA   |  246 ++
 .../python_slugify-8.0.4.dist-info/RECORD     |   20 +
 .../python_slugify-8.0.4.dist-info/REQUESTED  |    0
 .../python_slugify-8.0.4.dist-info/WHEEL      |    6 +
 .../entry_points.txt                          |    2 +
 .../top_level.txt                             |    1 +
 .../data/linux-amd64/slugify/__init__.py      |   10 +
 .../data/linux-amd64/slugify/__main__.py      |   98 +
 .../data/linux-amd64/slugify/__version__.py   |    8 +
 .../data/linux-amd64/slugify/py.typed         |    0
 .../data/linux-amd64/slugify/slugify.py       |  197 +
 .../data/linux-amd64/slugify/special.py       |   47 +
 .../DESCRIPTION.rst                           |   46 +
 .../text_unidecode-1.3.dist-info/INSTALLER    |    1 +
 .../text_unidecode-1.3.dist-info/LICENSE.txt  |  134 +
 .../text_unidecode-1.3.dist-info/METADATA     |   73 +
 .../text_unidecode-1.3.dist-info/RECORD       |   11 +
 .../text_unidecode-1.3.dist-info/WHEEL        |    6 +
 .../metadata.json                             |    1 +
 .../top_level.txt                             |    1 +
 .../linux-amd64/text_unidecode/__init__.py    |   21 +
 .../linux-amd64/text_unidecode/data.bin.gz    |  Bin 0 -> 70243 bytes
 .../data/linux-amd64/yaml/__init__.py         |  390 ++
 .../_yaml.cpython-311-x86_64-linux-gnu.so.gz  |  Bin 0 -> 718197 bytes
 .../data/linux-amd64/yaml/composer.py         |  139 +
 .../data/linux-amd64/yaml/constructor.py      |  748 ++++
 .../internal/data/linux-amd64/yaml/cyaml.py   |  101 +
 .../internal/data/linux-amd64/yaml/dumper.py  |   62 +
 .../internal/data/linux-amd64/yaml/emitter.py | 1137 ++++++
 .../internal/data/linux-amd64/yaml/error.py   |   75 +
 .../internal/data/linux-amd64/yaml/events.py  |   86 +
 .../internal/data/linux-amd64/yaml/loader.py  |   63 +
 .../internal/data/linux-amd64/yaml/nodes.py   |   49 +
 .../internal/data/linux-amd64/yaml/parser.py  |  589 +++
 .../internal/data/linux-amd64/yaml/reader.py  |  185 +
 .../data/linux-amd64/yaml/representer.py      |  389 ++
 .../data/linux-amd64/yaml/resolver.py         |  227 ++
 .../internal/data/linux-amd64/yaml/scanner.py | 1435 +++++++
 .../data/linux-amd64/yaml/serializer.py       |  111 +
 .../internal/data/linux-amd64/yaml/tokens.py  |  104 +
 .../MarkupSafe-2.1.5.dist-info/INSTALLER      |    1 +
 .../MarkupSafe-2.1.5.dist-info/LICENSE.rst    |   28 +
 .../MarkupSafe-2.1.5.dist-info/METADATA       |   93 +
 .../MarkupSafe-2.1.5.dist-info/RECORD         |   15 +
 .../MarkupSafe-2.1.5.dist-info/REQUESTED      |    0
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |    6 +
 .../MarkupSafe-2.1.5.dist-info/top_level.txt  |    1 +
 .../PyYAML-6.0.1.dist-info/INSTALLER          |    1 +
 .../PyYAML-6.0.1.dist-info/LICENSE            |   20 +
 .../PyYAML-6.0.1.dist-info/METADATA           |   46 +
 .../linux-arm64/PyYAML-6.0.1.dist-info/RECORD |   44 +
 .../PyYAML-6.0.1.dist-info/REQUESTED          |    0
 .../linux-arm64/PyYAML-6.0.1.dist-info/WHEEL  |    6 +
 .../PyYAML-6.0.1.dist-info/top_level.txt      |    2 +
 .../data/linux-arm64/_yaml/__init__.py        |   33 +
 .../internal/data/linux-arm64/bin/jsonpath_ng |    8 +
 .../internal/data/linux-arm64/bin/slugify     |    8 +
 .../click-8.1.7.dist-info/INSTALLER           |    1 +
 .../click-8.1.7.dist-info/LICENSE.rst         |   28 +
 .../click-8.1.7.dist-info/METADATA            |  103 +
 .../linux-arm64/click-8.1.7.dist-info/RECORD  |   40 +
 .../click-8.1.7.dist-info/REQUESTED           |    0
 .../linux-arm64/click-8.1.7.dist-info/WHEEL   |    5 +
 .../click-8.1.7.dist-info/top_level.txt       |    1 +
 .../data/linux-arm64/click/__init__.py        |   73 +
 .../data/linux-arm64/click/_compat.py         |  623 +++
 .../data/linux-arm64/click/_termui_impl.py    |  739 ++++
 .../data/linux-arm64/click/_textwrap.py       |   49 +
 .../data/linux-arm64/click/_winconsole.py     |  279 ++
 .../internal/data/linux-arm64/click/core.py   | 3042 ++++++++++++++
 .../data/linux-arm64/click/decorators.py      |  561 +++
 .../data/linux-arm64/click/exceptions.py      |  288 ++
 .../data/linux-arm64/click/formatting.py      |  301 ++
 .../data/linux-arm64/click/globals.py         |   68 +
 .../internal/data/linux-arm64/click/parser.py |  529 +++
 .../internal/data/linux-arm64/click/py.typed  |    0
 .../linux-arm64/click/shell_completion.py     |  596 +++
 .../internal/data/linux-arm64/click/termui.py |  784 ++++
 .../data/linux-arm64/click/testing.py         |  479 +++
 .../internal/data/linux-arm64/click/types.py  | 1089 +++++
 .../internal/data/linux-arm64/click/utils.py  |  624 +++
 .../internal/data/linux-arm64/files.json      |  888 +++++
 .../jinja2-3.1.4.dist-info/INSTALLER          |    1 +
 .../jinja2-3.1.4.dist-info/LICENSE.txt        |   28 +
 .../jinja2-3.1.4.dist-info/METADATA           |   76 +
 .../linux-arm64/jinja2-3.1.4.dist-info/RECORD |   58 +
 .../jinja2-3.1.4.dist-info/REQUESTED          |    0
 .../linux-arm64/jinja2-3.1.4.dist-info/WHEEL  |    4 +
 .../jinja2-3.1.4.dist-info/entry_points.txt   |    3 +
 .../data/linux-arm64/jinja2/__init__.py       |   38 +
 .../data/linux-arm64/jinja2/_identifier.py    |    6 +
 .../data/linux-arm64/jinja2/async_utils.py    |   84 +
 .../data/linux-arm64/jinja2/bccache.py        |  408 ++
 .../data/linux-arm64/jinja2/compiler.py       | 1960 +++++++++
 .../data/linux-arm64/jinja2/constants.py      |   20 +
 .../internal/data/linux-arm64/jinja2/debug.py |  191 +
 .../data/linux-arm64/jinja2/defaults.py       |   48 +
 .../data/linux-arm64/jinja2/environment.py    | 1675 ++++++++
 .../data/linux-arm64/jinja2/exceptions.py     |  166 +
 .../internal/data/linux-arm64/jinja2/ext.py   |  870 ++++
 .../data/linux-arm64/jinja2/filters.py        | 1866 +++++++++
 .../data/linux-arm64/jinja2/idtracking.py     |  318 ++
 .../internal/data/linux-arm64/jinja2/lexer.py |  868 ++++
 .../data/linux-arm64/jinja2/loaders.py        |  667 ++++
 .../internal/data/linux-arm64/jinja2/meta.py  |  112 +
 .../data/linux-arm64/jinja2/nativetypes.py    |  130 +
 .../internal/data/linux-arm64/jinja2/nodes.py | 1206 ++++++
 .../data/linux-arm64/jinja2/optimizer.py      |   48 +
 .../data/linux-arm64/jinja2/parser.py         | 1041 +++++
 .../internal/data/linux-arm64/jinja2/py.typed |    0
 .../data/linux-arm64/jinja2/runtime.py        | 1056 +++++
 .../data/linux-arm64/jinja2/sandbox.py        |  429 ++
 .../internal/data/linux-arm64/jinja2/tests.py |  256 ++
 .../internal/data/linux-arm64/jinja2/utils.py |  755 ++++
 .../data/linux-arm64/jinja2/visitor.py        |   92 +
 .../jsonpath_ng-1.6.1.dist-info/INSTALLER     |    1 +
 .../jsonpath_ng-1.6.1.dist-info/LICENSE       |  202 +
 .../jsonpath_ng-1.6.1.dist-info/METADATA      |  379 ++
 .../jsonpath_ng-1.6.1.dist-info/RECORD        |   35 +
 .../jsonpath_ng-1.6.1.dist-info/REQUESTED     |    0
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |    5 +
 .../entry_points.txt                          |    2 +
 .../jsonpath_ng-1.6.1.dist-info/top_level.txt |    1 +
 .../data/linux-arm64/jsonpath_ng/__init__.py  |    6 +
 .../linux-arm64/jsonpath_ng/bin/__init__.py   |    0
 .../linux-arm64/jsonpath_ng/bin/jsonpath.py   |   68 +
 .../linux-arm64/jsonpath_ng/exceptions.py     |   10 +
 .../linux-arm64/jsonpath_ng/ext/__init__.py   |   15 +
 .../linux-arm64/jsonpath_ng/ext/arithmetic.py |   72 +
 .../linux-arm64/jsonpath_ng/ext/filter.py     |  140 +
 .../linux-arm64/jsonpath_ng/ext/iterable.py   |  118 +
 .../linux-arm64/jsonpath_ng/ext/parser.py     |  174 +
 .../linux-arm64/jsonpath_ng/ext/string.py     |  117 +
 .../data/linux-arm64/jsonpath_ng/jsonpath.py  |  815 ++++
 .../data/linux-arm64/jsonpath_ng/lexer.py     |  171 +
 .../data/linux-arm64/jsonpath_ng/parser.py    |  199 +
 .../data/linux-arm64/markupsafe/__init__.py   |  332 ++
 .../data/linux-arm64/markupsafe/_native.py    |   63 +
 .../data/linux-arm64/markupsafe/_speedups.c   |  320 ++
 ...eedups.cpython-311-aarch64-linux-gnu.so.gz |  Bin 0 -> 18869 bytes
 .../data/linux-arm64/markupsafe/_speedups.pyi |    9 +
 .../data/linux-arm64/markupsafe/py.typed      |    0
 .../ply-3.11.dist-info/DESCRIPTION.rst        |   12 +
 .../linux-arm64/ply-3.11.dist-info/INSTALLER  |    1 +
 .../linux-arm64/ply-3.11.dist-info/METADATA   |   25 +
 .../linux-arm64/ply-3.11.dist-info/RECORD     |   19 +
 .../data/linux-arm64/ply-3.11.dist-info/WHEEL |    6 +
 .../ply-3.11.dist-info/metadata.json          |    1 +
 .../ply-3.11.dist-info/top_level.txt          |    1 +
 .../internal/data/linux-arm64/ply/__init__.py |    5 +
 .../internal/data/linux-arm64/ply/cpp.py      |  914 +++++
 .../internal/data/linux-arm64/ply/ctokens.py  |  127 +
 .../internal/data/linux-arm64/ply/lex.py      | 1098 ++++++
 .../internal/data/linux-arm64/ply/yacc.py     | 3502 +++++++++++++++++
 .../internal/data/linux-arm64/ply/ygen.py     |   69 +
 .../python_slugify-8.0.4.dist-info/INSTALLER  |    1 +
 .../python_slugify-8.0.4.dist-info/LICENSE    |   21 +
 .../python_slugify-8.0.4.dist-info/METADATA   |  246 ++
 .../python_slugify-8.0.4.dist-info/RECORD     |   20 +
 .../python_slugify-8.0.4.dist-info/REQUESTED  |    0
 .../python_slugify-8.0.4.dist-info/WHEEL      |    6 +
 .../entry_points.txt                          |    2 +
 .../top_level.txt                             |    1 +
 .../data/linux-arm64/slugify/__init__.py      |   10 +
 .../data/linux-arm64/slugify/__main__.py      |   98 +
 .../data/linux-arm64/slugify/__version__.py   |    8 +
 .../data/linux-arm64/slugify/py.typed         |    0
 .../data/linux-arm64/slugify/slugify.py       |  197 +
 .../data/linux-arm64/slugify/special.py       |   47 +
 .../DESCRIPTION.rst                           |   46 +
 .../text_unidecode-1.3.dist-info/INSTALLER    |    1 +
 .../text_unidecode-1.3.dist-info/LICENSE.txt  |  134 +
 .../text_unidecode-1.3.dist-info/METADATA     |   73 +
 .../text_unidecode-1.3.dist-info/RECORD       |   11 +
 .../text_unidecode-1.3.dist-info/WHEEL        |    6 +
 .../metadata.json                             |    1 +
 .../top_level.txt                             |    1 +
 .../linux-arm64/text_unidecode/__init__.py    |   21 +
 .../linux-arm64/text_unidecode/data.bin.gz    |  Bin 0 -> 70243 bytes
 .../data/linux-arm64/yaml/__init__.py         |  390 ++
 .../_yaml.cpython-311-aarch64-linux-gnu.so.gz |  Bin 0 -> 694195 bytes
 .../data/linux-arm64/yaml/composer.py         |  139 +
 .../data/linux-arm64/yaml/constructor.py      |  748 ++++
 .../internal/data/linux-arm64/yaml/cyaml.py   |  101 +
 .../internal/data/linux-arm64/yaml/dumper.py  |   62 +
 .../internal/data/linux-arm64/yaml/emitter.py | 1137 ++++++
 .../internal/data/linux-arm64/yaml/error.py   |   75 +
 .../internal/data/linux-arm64/yaml/events.py  |   86 +
 .../internal/data/linux-arm64/yaml/loader.py  |   63 +
 .../internal/data/linux-arm64/yaml/nodes.py   |   49 +
 .../internal/data/linux-arm64/yaml/parser.py  |  589 +++
 .../internal/data/linux-arm64/yaml/reader.py  |  185 +
 .../data/linux-arm64/yaml/representer.py      |  389 ++
 .../data/linux-arm64/yaml/resolver.py         |  227 ++
 .../internal/data/linux-arm64/yaml/scanner.py | 1435 +++++++
 .../data/linux-arm64/yaml/serializer.py       |  111 +
 .../internal/data/linux-arm64/yaml/tokens.py  |  104 +
 .../MarkupSafe-2.1.5.dist-info/INSTALLER      |    1 +
 .../MarkupSafe-2.1.5.dist-info/LICENSE.rst    |   28 +
 .../MarkupSafe-2.1.5.dist-info/METADATA       |   93 +
 .../MarkupSafe-2.1.5.dist-info/RECORD         |   15 +
 .../MarkupSafe-2.1.5.dist-info/REQUESTED      |    0
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |    5 +
 .../MarkupSafe-2.1.5.dist-info/top_level.txt  |    1 +
 .../PyYAML-6.0.1.dist-info/INSTALLER          |    1 +
 .../PyYAML-6.0.1.dist-info/LICENSE            |   20 +
 .../PyYAML-6.0.1.dist-info/METADATA           |   46 +
 .../PyYAML-6.0.1.dist-info/RECORD             |   44 +
 .../PyYAML-6.0.1.dist-info/REQUESTED          |    0
 .../PyYAML-6.0.1.dist-info/WHEEL              |    5 +
 .../PyYAML-6.0.1.dist-info/top_level.txt      |    2 +
 .../data/windows-amd64/_yaml/__init__.py      |   33 +
 .../data/windows-amd64/bin/jsonpath_ng        |    8 +
 .../internal/data/windows-amd64/bin/slugify   |    8 +
 .../click-8.1.7.dist-info/INSTALLER           |    1 +
 .../click-8.1.7.dist-info/LICENSE.rst         |   28 +
 .../click-8.1.7.dist-info/METADATA            |  103 +
 .../click-8.1.7.dist-info/RECORD              |   40 +
 .../click-8.1.7.dist-info/REQUESTED           |    0
 .../windows-amd64/click-8.1.7.dist-info/WHEEL |    5 +
 .../click-8.1.7.dist-info/top_level.txt       |    1 +
 .../data/windows-amd64/click/__init__.py      |   73 +
 .../data/windows-amd64/click/_compat.py       |  623 +++
 .../data/windows-amd64/click/_termui_impl.py  |  739 ++++
 .../data/windows-amd64/click/_textwrap.py     |   49 +
 .../data/windows-amd64/click/_winconsole.py   |  279 ++
 .../internal/data/windows-amd64/click/core.py | 3042 ++++++++++++++
 .../data/windows-amd64/click/decorators.py    |  561 +++
 .../data/windows-amd64/click/exceptions.py    |  288 ++
 .../data/windows-amd64/click/formatting.py    |  301 ++
 .../data/windows-amd64/click/globals.py       |   68 +
 .../data/windows-amd64/click/parser.py        |  529 +++
 .../data/windows-amd64/click/py.typed         |    0
 .../windows-amd64/click/shell_completion.py   |  596 +++
 .../data/windows-amd64/click/termui.py        |  784 ++++
 .../data/windows-amd64/click/testing.py       |  479 +++
 .../data/windows-amd64/click/types.py         | 1089 +++++
 .../data/windows-amd64/click/utils.py         |  624 +++
 .../internal/data/windows-amd64/files.json    |  888 +++++
 .../jinja2-3.1.4.dist-info/INSTALLER          |    1 +
 .../jinja2-3.1.4.dist-info/LICENSE.txt        |   28 +
 .../jinja2-3.1.4.dist-info/METADATA           |   76 +
 .../jinja2-3.1.4.dist-info/RECORD             |   58 +
 .../jinja2-3.1.4.dist-info/REQUESTED          |    0
 .../jinja2-3.1.4.dist-info/WHEEL              |    4 +
 .../jinja2-3.1.4.dist-info/entry_points.txt   |    3 +
 .../data/windows-amd64/jinja2/__init__.py     |   38 +
 .../data/windows-amd64/jinja2/_identifier.py  |    6 +
 .../data/windows-amd64/jinja2/async_utils.py  |   84 +
 .../data/windows-amd64/jinja2/bccache.py      |  408 ++
 .../data/windows-amd64/jinja2/compiler.py     | 1960 +++++++++
 .../data/windows-amd64/jinja2/constants.py    |   20 +
 .../data/windows-amd64/jinja2/debug.py        |  191 +
 .../data/windows-amd64/jinja2/defaults.py     |   48 +
 .../data/windows-amd64/jinja2/environment.py  | 1675 ++++++++
 .../data/windows-amd64/jinja2/exceptions.py   |  166 +
 .../internal/data/windows-amd64/jinja2/ext.py |  870 ++++
 .../data/windows-amd64/jinja2/filters.py      | 1866 +++++++++
 .../data/windows-amd64/jinja2/idtracking.py   |  318 ++
 .../data/windows-amd64/jinja2/lexer.py        |  868 ++++
 .../data/windows-amd64/jinja2/loaders.py      |  667 ++++
 .../data/windows-amd64/jinja2/meta.py         |  112 +
 .../data/windows-amd64/jinja2/nativetypes.py  |  130 +
 .../data/windows-amd64/jinja2/nodes.py        | 1206 ++++++
 .../data/windows-amd64/jinja2/optimizer.py    |   48 +
 .../data/windows-amd64/jinja2/parser.py       | 1041 +++++
 .../data/windows-amd64/jinja2/py.typed        |    0
 .../data/windows-amd64/jinja2/runtime.py      | 1056 +++++
 .../data/windows-amd64/jinja2/sandbox.py      |  429 ++
 .../data/windows-amd64/jinja2/tests.py        |  256 ++
 .../data/windows-amd64/jinja2/utils.py        |  755 ++++
 .../data/windows-amd64/jinja2/visitor.py      |   92 +
 .../jsonpath_ng-1.6.1.dist-info/INSTALLER     |    1 +
 .../jsonpath_ng-1.6.1.dist-info/LICENSE       |  202 +
 .../jsonpath_ng-1.6.1.dist-info/METADATA      |  379 ++
 .../jsonpath_ng-1.6.1.dist-info/RECORD        |   35 +
 .../jsonpath_ng-1.6.1.dist-info/REQUESTED     |    0
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |    5 +
 .../entry_points.txt                          |    2 +
 .../jsonpath_ng-1.6.1.dist-info/top_level.txt |    1 +
 .../windows-amd64/jsonpath_ng/__init__.py     |    6 +
 .../windows-amd64/jsonpath_ng/bin/__init__.py |    0
 .../windows-amd64/jsonpath_ng/bin/jsonpath.py |   68 +
 .../windows-amd64/jsonpath_ng/exceptions.py   |   10 +
 .../windows-amd64/jsonpath_ng/ext/__init__.py |   15 +
 .../jsonpath_ng/ext/arithmetic.py             |   72 +
 .../windows-amd64/jsonpath_ng/ext/filter.py   |  140 +
 .../windows-amd64/jsonpath_ng/ext/iterable.py |  118 +
 .../windows-amd64/jsonpath_ng/ext/parser.py   |  174 +
 .../windows-amd64/jsonpath_ng/ext/string.py   |  117 +
 .../windows-amd64/jsonpath_ng/jsonpath.py     |  815 ++++
 .../data/windows-amd64/jsonpath_ng/lexer.py   |  171 +
 .../data/windows-amd64/jsonpath_ng/parser.py  |  199 +
 .../data/windows-amd64/markupsafe/__init__.py |  332 ++
 .../data/windows-amd64/markupsafe/_native.py  |   63 +
 .../data/windows-amd64/markupsafe/_speedups.c |  320 ++
 .../_speedups.cp311-win_amd64.pyd.gz          |  Bin 0 -> 7240 bytes
 .../windows-amd64/markupsafe/_speedups.pyi    |    9 +
 .../data/windows-amd64/markupsafe/py.typed    |    0
 .../ply-3.11.dist-info/DESCRIPTION.rst        |   12 +
 .../ply-3.11.dist-info/INSTALLER              |    1 +
 .../windows-amd64/ply-3.11.dist-info/METADATA |   25 +
 .../windows-amd64/ply-3.11.dist-info/RECORD   |   19 +
 .../windows-amd64/ply-3.11.dist-info/WHEEL    |    6 +
 .../ply-3.11.dist-info/metadata.json          |    1 +
 .../ply-3.11.dist-info/top_level.txt          |    1 +
 .../data/windows-amd64/ply/__init__.py        |    5 +
 .../internal/data/windows-amd64/ply/cpp.py    |  914 +++++
 .../data/windows-amd64/ply/ctokens.py         |  127 +
 .../internal/data/windows-amd64/ply/lex.py    | 1098 ++++++
 .../internal/data/windows-amd64/ply/yacc.py   | 3502 +++++++++++++++++
 .../internal/data/windows-amd64/ply/ygen.py   |   69 +
 .../python_slugify-8.0.4.dist-info/INSTALLER  |    1 +
 .../python_slugify-8.0.4.dist-info/LICENSE    |   21 +
 .../python_slugify-8.0.4.dist-info/METADATA   |  246 ++
 .../python_slugify-8.0.4.dist-info/RECORD     |   20 +
 .../python_slugify-8.0.4.dist-info/REQUESTED  |    0
 .../python_slugify-8.0.4.dist-info/WHEEL      |    6 +
 .../entry_points.txt                          |    2 +
 .../top_level.txt                             |    1 +
 .../data/windows-amd64/slugify/__init__.py    |   10 +
 .../data/windows-amd64/slugify/__main__.py    |   98 +
 .../data/windows-amd64/slugify/__version__.py |    8 +
 .../data/windows-amd64/slugify/py.typed       |    0
 .../data/windows-amd64/slugify/slugify.py     |  197 +
 .../data/windows-amd64/slugify/special.py     |   47 +
 .../DESCRIPTION.rst                           |   46 +
 .../text_unidecode-1.3.dist-info/INSTALLER    |    1 +
 .../text_unidecode-1.3.dist-info/LICENSE.txt  |  134 +
 .../text_unidecode-1.3.dist-info/METADATA     |   73 +
 .../text_unidecode-1.3.dist-info/RECORD       |   11 +
 .../text_unidecode-1.3.dist-info/WHEEL        |    6 +
 .../metadata.json                             |    1 +
 .../top_level.txt                             |    1 +
 .../windows-amd64/text_unidecode/__init__.py  |   21 +
 .../windows-amd64/text_unidecode/data.bin.gz  |  Bin 0 -> 70243 bytes
 .../data/windows-amd64/yaml/__init__.py       |  390 ++
 .../yaml/_yaml.cp311-win_amd64.pyd.gz         |  Bin 0 -> 101282 bytes
 .../data/windows-amd64/yaml/composer.py       |  139 +
 .../data/windows-amd64/yaml/constructor.py    |  748 ++++
 .../internal/data/windows-amd64/yaml/cyaml.py |  101 +
 .../data/windows-amd64/yaml/dumper.py         |   62 +
 .../data/windows-amd64/yaml/emitter.py        | 1137 ++++++
 .../internal/data/windows-amd64/yaml/error.py |   75 +
 .../data/windows-amd64/yaml/events.py         |   86 +
 .../data/windows-amd64/yaml/loader.py         |   63 +
 .../internal/data/windows-amd64/yaml/nodes.py |   49 +
 .../data/windows-amd64/yaml/parser.py         |  589 +++
 .../data/windows-amd64/yaml/reader.py         |  185 +
 .../data/windows-amd64/yaml/representer.py    |  389 ++
 .../data/windows-amd64/yaml/resolver.py       |  227 ++
 .../data/windows-amd64/yaml/scanner.py        | 1435 +++++++
 .../data/windows-amd64/yaml/serializer.py     |  111 +
 .../data/windows-amd64/yaml/tokens.py         |  104 +
 lib/go-jinja2/internal/dummy.go               |    3 +
 lib/go-jinja2/internal/generate/main.go       |   12 +
 lib/go-jinja2/internal/requirements.txt       |    6 +
 lib/go-jinja2/jinja2.go                       |  334 ++
 lib/go-jinja2/jinja2_ext_test.go              |   97 +
 lib/go-jinja2/jinja2_external_python_test.go  |   54 +
 lib/go-jinja2/jinja2_ignore.go                |  107 +
 lib/go-jinja2/jinja2_ignore_test.go           |  164 +
 lib/go-jinja2/jinja2_renderer.go              |  274 ++
 lib/go-jinja2/jinja2_test.go                  |  541 +++
 lib/go-jinja2/opts.go                         |  150 +
 lib/go-jinja2/python_src/embed.go             |    8 +
 .../python_src/go_jinja2/__init__.py          |    0
 .../python_src/go_jinja2/ext/__init__.py      |    5 +
 .../python_src/go_jinja2/ext/dict_utils.py    |   64 +
 .../go_jinja2/ext/jsonpath_utils.py           |  100 +
 .../python_src/go_jinja2/ext/kluctl_ext.py    |  155 +
 .../python_src/go_jinja2/ext/time_ext.py      |   79 +
 .../python_src/go_jinja2/ext/yaml_utils.py    |   49 +
 .../python_src/go_jinja2/jinja2_renderer.py   |   97 +
 .../python_src/go_jinja2/jinja2_utils.py      |  147 +
 lib/go-jinja2/python_src/main.py              |   48 +
 lib/go-jinja2/render_struct.go                |  182 +
 821 files changed, 212426 insertions(+)
 create mode 100644 lib/go-jinja2/.github/dependabot.yml
 create mode 100644 lib/go-jinja2/.github/workflows/tests.yml
 create mode 100644 lib/go-jinja2/.gitignore
 create mode 100644 lib/go-jinja2/LICENSE
 create mode 100644 lib/go-jinja2/README.md
 create mode 100644 lib/go-jinja2/example/main.go
 create mode 100644 lib/go-jinja2/go.mod
 create mode 100644 lib/go-jinja2/go.sum
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/_yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/bin/jsonpath_ng
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/bin/slugify
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/_compat.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/_termui_impl.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/_textwrap.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/_winconsole.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/core.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/decorators.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/formatting.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/globals.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/shell_completion.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/termui.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/testing.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/types.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/click/utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/files.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/_identifier.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/async_utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/bccache.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/compiler.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/constants.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/debug.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/defaults.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/environment.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/ext.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/filters.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/idtracking.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/loaders.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/meta.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/nativetypes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/optimizer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/runtime.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/sandbox.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/tests.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jinja2/visitor.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/arithmetic.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/filter.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.cpython-311-darwin.so.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/markupsafe/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/cpp.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/ctokens.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/lex.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/yacc.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/ply/ygen.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/__main__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/__version__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/slugify.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/slugify/special.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/data.bin.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/_yaml.cpython-311-darwin.so.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/composer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/constructor.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/cyaml.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/dumper.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/emitter.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/error.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/events.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/loader.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/reader.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/representer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/resolver.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/scanner.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/serializer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/yaml/tokens.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/_yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/bin/jsonpath_ng
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/bin/slugify
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/_compat.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/_termui_impl.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/_textwrap.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/_winconsole.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/core.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/decorators.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/formatting.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/globals.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/shell_completion.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/termui.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/testing.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/types.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/click/utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/files.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/_identifier.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/async_utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/bccache.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/compiler.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/constants.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/debug.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/defaults.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/environment.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/ext.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/filters.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/idtracking.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/loaders.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/meta.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/nativetypes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/optimizer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/runtime.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/sandbox.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/tests.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/utils.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jinja2/visitor.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/arithmetic.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/filter.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.cpython-311-darwin.so.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/markupsafe/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/cpp.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/ctokens.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/lex.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/yacc.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/ply/ygen.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/__main__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/__version__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/py.typed
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/slugify.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/slugify/special.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/data.bin.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/_yaml.cpython-311-darwin.so.gz
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/composer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/constructor.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/cyaml.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/dumper.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/emitter.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/error.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/events.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/loader.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/parser.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/reader.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/representer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/resolver.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/scanner.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/serializer.py
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/yaml/tokens.py
 create mode 100644 lib/go-jinja2/internal/data/embed_darwin_amd64.go
 create mode 100644 lib/go-jinja2/internal/data/embed_darwin_arm64.go
 create mode 100644 lib/go-jinja2/internal/data/embed_linux_amd64.go
 create mode 100644 lib/go-jinja2/internal/data/embed_linux_arm64.go
 create mode 100644 lib/go-jinja2/internal/data/embed_windows_amd64.go
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/_yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/bin/jsonpath_ng
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/bin/slugify
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/_compat.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/_termui_impl.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/_textwrap.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/_winconsole.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/core.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/decorators.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/formatting.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/globals.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/shell_completion.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/termui.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/testing.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/types.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/click/utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/files.json
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/_identifier.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/async_utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/bccache.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/compiler.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/constants.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/debug.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/defaults.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/environment.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/ext.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/filters.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/idtracking.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/loaders.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/meta.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/nativetypes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/optimizer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/runtime.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/sandbox.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/tests.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jinja2/visitor.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/arithmetic.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/filter.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/markupsafe/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/cpp.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/ctokens.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/lex.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/yacc.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/ply/ygen.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/__main__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/__version__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/slugify.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/slugify/special.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/text_unidecode/data.bin.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/_yaml.cpython-311-x86_64-linux-gnu.so.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/composer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/constructor.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/cyaml.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/dumper.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/emitter.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/error.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/events.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/loader.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/reader.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/representer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/resolver.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/scanner.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/serializer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/yaml/tokens.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/_yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/bin/jsonpath_ng
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/bin/slugify
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/_compat.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/_termui_impl.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/_textwrap.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/_winconsole.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/core.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/decorators.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/formatting.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/globals.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/shell_completion.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/termui.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/testing.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/types.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/click/utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/files.json
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/_identifier.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/async_utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/bccache.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/compiler.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/constants.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/debug.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/defaults.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/environment.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/ext.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/filters.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/idtracking.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/loaders.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/meta.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/nativetypes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/optimizer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/runtime.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/sandbox.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/tests.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/utils.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jinja2/visitor.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/arithmetic.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/filter.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/markupsafe/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/cpp.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/ctokens.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/lex.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/yacc.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/ply/ygen.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/__main__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/__version__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/py.typed
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/slugify.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/slugify/special.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/text_unidecode/data.bin.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/_yaml.cpython-311-aarch64-linux-gnu.so.gz
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/composer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/constructor.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/cyaml.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/dumper.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/emitter.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/error.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/events.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/loader.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/parser.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/reader.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/representer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/resolver.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/scanner.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/serializer.py
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/yaml/tokens.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/_yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/bin/jsonpath_ng
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/bin/slugify
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/LICENSE.rst
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/_compat.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/_termui_impl.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/_textwrap.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/_winconsole.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/core.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/decorators.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/formatting.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/globals.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/parser.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/py.typed
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/shell_completion.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/termui.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/testing.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/types.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/click/utils.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/files.json
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/_identifier.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/async_utils.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/bccache.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/compiler.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/constants.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/debug.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/defaults.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/environment.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/ext.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/filters.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/idtracking.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/loaders.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/meta.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/nativetypes.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/optimizer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/parser.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/py.typed
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/runtime.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/sandbox.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/tests.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/utils.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jinja2/visitor.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/exceptions.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/arithmetic.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/filter.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.cp311-win_amd64.pyd.gz
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/markupsafe/py.typed
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/cpp.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/ctokens.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/lex.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/yacc.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/ply/ygen.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/LICENSE
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/REQUESTED
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/__main__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/__version__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/py.typed
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/slugify.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/slugify/special.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/INSTALLER
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/RECORD
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/metadata.json
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/top_level.txt
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/text_unidecode/data.bin.gz
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/_yaml.cp311-win_amd64.pyd.gz
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/composer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/constructor.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/cyaml.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/dumper.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/emitter.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/error.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/events.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/loader.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/nodes.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/parser.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/reader.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/representer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/resolver.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/scanner.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/serializer.py
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/yaml/tokens.py
 create mode 100644 lib/go-jinja2/internal/dummy.go
 create mode 100644 lib/go-jinja2/internal/generate/main.go
 create mode 100644 lib/go-jinja2/internal/requirements.txt
 create mode 100644 lib/go-jinja2/jinja2.go
 create mode 100644 lib/go-jinja2/jinja2_ext_test.go
 create mode 100644 lib/go-jinja2/jinja2_external_python_test.go
 create mode 100644 lib/go-jinja2/jinja2_ignore.go
 create mode 100644 lib/go-jinja2/jinja2_ignore_test.go
 create mode 100644 lib/go-jinja2/jinja2_renderer.go
 create mode 100644 lib/go-jinja2/jinja2_test.go
 create mode 100644 lib/go-jinja2/opts.go
 create mode 100644 lib/go-jinja2/python_src/embed.go
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/__init__.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/__init__.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/dict_utils.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/jsonpath_utils.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/kluctl_ext.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/time_ext.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/ext/yaml_utils.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/jinja2_renderer.py
 create mode 100644 lib/go-jinja2/python_src/go_jinja2/jinja2_utils.py
 create mode 100644 lib/go-jinja2/python_src/main.py
 create mode 100644 lib/go-jinja2/render_struct.go

diff --git a/lib/go-jinja2/.github/dependabot.yml b/lib/go-jinja2/.github/dependabot.yml
new file mode 100644
index 000000000..4143be270
--- /dev/null
+++ b/lib/go-jinja2/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/lib/go-jinja2/.github/workflows/tests.yml b/lib/go-jinja2/.github/workflows/tests.yml
new file mode 100644
index 000000000..dc4a9afe0
--- /dev/null
+++ b/lib/go-jinja2/.github/workflows/tests.yml
@@ -0,0 +1,58 @@
+name: tests
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  tests:
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-22.04
+            binary-suffix: linux-amd64
+          - os: macos-12
+            binary-suffix: darwin-amd64
+          - os: windows-2019
+            binary-suffix: windows-amd64
+        os: [ubuntu-22.04, macos-12, windows-2019]
+      fail-fast: false
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.19
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: ${{ runner.os }}-go-embed-python-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-embed-python-
+      - name: Go generate
+        if: runner.os != 'Windows'
+        shell: bash
+        run: |
+          go generate ./...
+      - name: Verify nothing changed
+        if: runner.os != 'Windows'
+        shell: bash
+        run: |
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "working directory not clean:"
+            git status
+            git diff
+            exit 1
+          fi
+      - name: Run unit tests
+        shell: bash
+        run: |
+          go test ./...
diff --git a/lib/go-jinja2/.gitignore b/lib/go-jinja2/.gitignore
new file mode 100644
index 000000000..99ec4282e
--- /dev/null
+++ b/lib/go-jinja2/.gitignore
@@ -0,0 +1,2 @@
+*.pyc
+.idea
diff --git a/lib/go-jinja2/LICENSE b/lib/go-jinja2/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/README.md b/lib/go-jinja2/README.md
new file mode 100644
index 000000000..8c7bd4c59
--- /dev/null
+++ b/lib/go-jinja2/README.md
@@ -0,0 +1,37 @@
+# Embedded Jinja2 Renderer
+
+This library provides an embedded Jinja2 renderer, based on https://github.com/kluctl/go-embed-python. It works
+by spawning one (or multiple) Jinaj2 renderer processes which communicate with your Go application via stdin/stdout.
+
+Whenever something needs to be rendered, it is sent to the renderer, which will then process it. The result is returned
+to the caller.
+
+Here is an example:
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/kluctl/go-jinja2"
+)
+
+func main() {
+	j2, err := jinja2.NewJinja2("example", 1,
+		jinja2.WithGlobal("test_var1", 1),
+		jinja2.WithGlobal("test_var2", map[string]any{"test": 2}))
+	if err != nil {
+		panic(err)
+	}
+	defer j2.Close()
+
+	template := "{{ test_var1 }}"
+
+	s, err := j2.RenderString(template)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("template: %s\nresult: %s", template, s)
+}
+```
diff --git a/lib/go-jinja2/example/main.go b/lib/go-jinja2/example/main.go
new file mode 100644
index 000000000..b62196951
--- /dev/null
+++ b/lib/go-jinja2/example/main.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"fmt"
+	"github.com/kluctl/go-jinja2"
+)
+
+func main() {
+	j2, err := jinja2.NewJinja2("example", 1,
+		jinja2.WithGlobal("test_var1", 1),
+		jinja2.WithGlobal("test_var2", map[string]any{"test": 2}))
+	if err != nil {
+		panic(err)
+	}
+	defer j2.Close()
+
+	template := "{{ test_var1 }}"
+
+	s, err := j2.RenderString(template)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("template: %s\nresult: %s", template, s)
+}
diff --git a/lib/go-jinja2/go.mod b/lib/go-jinja2/go.mod
new file mode 100644
index 000000000..516274742
--- /dev/null
+++ b/lib/go-jinja2/go.mod
@@ -0,0 +1,29 @@
+module github.com/kluctl/go-jinja2
+
+go 1.19
+
+require (
+	github.com/Masterminds/semver/v3 v3.2.1
+	github.com/go-git/go-git/v5 v5.12.0
+	github.com/gobwas/glob v0.2.3
+	github.com/hashicorp/go-multierror v1.1.1
+	github.com/jinzhu/copier v0.4.0
+	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
+	github.com/stretchr/testify v1.9.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/lib/go-jinja2/go.sum b/lib/go-jinja2/go.sum
new file mode 100644
index 000000000..ce740ce6e
--- /dev/null
+++ b/lib/go-jinja2/go.sum
@@ -0,0 +1,52 @@
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
+github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
+github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
new file mode 100644
index 000000000..9d227a0cc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
new file mode 100644
index 000000000..dfe37d52d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
@@ -0,0 +1,93 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 2.1.5
+Summary: Safely add untrusted strings to HTML/XML markup.
+Home-page: https://palletsprojects.com/p/markupsafe/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/markupsafe/
+Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+MarkupSafe
+==========
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    pip install -U MarkupSafe
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+Examples
+--------
+
+.. code-block:: pycon
+
+    >>> from markupsafe import Markup, escape
+
+    >>> # escape replaces special characters and wraps in Markup
+    >>> escape("<script>alert(document.cookie);</script>")
+    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+    >>> # wrap in Markup to mark text "safe" and prevent escaping
+    >>> Markup("<strong>Hello</strong>")
+    Markup('<strong>hello</strong>')
+
+    >>> escape(Markup("<strong>Hello</strong>"))
+    Markup('<strong>hello</strong>')
+
+    >>> # Markup is a str subclass
+    >>> # methods and operators escape their arguments
+    >>> template = Markup("Hello <em>{name}</em>")
+    >>> template.format(name='"World"')
+    Markup('Hello <em>&#34;World&#34;</em>')
+
+
+Donate
+------
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://markupsafe.palletsprojects.com/
+-   Changes: https://markupsafe.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/MarkupSafe/
+-   Source Code: https://github.com/pallets/markupsafe/
+-   Issue Tracker: https://github.com/pallets/markupsafe/issues/
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
new file mode 100644
index 000000000..3ef30fccc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
+MarkupSafe-2.1.5.dist-info/RECORD,,
+MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-2.1.5.dist-info/WHEEL,sha256=2rnFQKN1y4ODxAzmbuA5Z6aEng-PoJTYpqGpnJDGdxw,111
+MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
+markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
+markupsafe/_speedups.cpython-311-darwin.so,sha256=dLtLNhRcybjKGMYMx94fHSTTAPgtYoW9L06TV79sZMs,35272
+markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
new file mode 100644
index 000000000..a88b33b1b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.42.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-macosx_10_9_x86_64
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
new file mode 100644
index 000000000..75bf72925
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
@@ -0,0 +1 @@
+markupsafe
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE
new file mode 100644
index 000000000..2f1b8e15e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ingy döt Net
+Copyright (c) 2006-2016 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA
new file mode 100644
index 000000000..c8905983e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.1
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.6
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD
new file mode 100644
index 000000000..88258ef4b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD
@@ -0,0 +1,44 @@
+PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
+PyYAML-6.0.1.dist-info/RECORD,,
+PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.1.dist-info/WHEEL,sha256=zATDCBMA0NrnUw5OGrN7taAN4ImJV7kn5PkKRuCgN5Q,111
+PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+_yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
+_yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__pycache__/composer.cpython-311.pyc,,
+yaml/__pycache__/constructor.cpython-311.pyc,,
+yaml/__pycache__/cyaml.cpython-311.pyc,,
+yaml/__pycache__/dumper.cpython-311.pyc,,
+yaml/__pycache__/emitter.cpython-311.pyc,,
+yaml/__pycache__/error.cpython-311.pyc,,
+yaml/__pycache__/events.cpython-311.pyc,,
+yaml/__pycache__/loader.cpython-311.pyc,,
+yaml/__pycache__/nodes.cpython-311.pyc,,
+yaml/__pycache__/parser.cpython-311.pyc,,
+yaml/__pycache__/reader.cpython-311.pyc,,
+yaml/__pycache__/representer.cpython-311.pyc,,
+yaml/__pycache__/resolver.cpython-311.pyc,,
+yaml/__pycache__/scanner.cpython-311.pyc,,
+yaml/__pycache__/serializer.cpython-311.pyc,,
+yaml/__pycache__/tokens.cpython-311.pyc,,
+yaml/_yaml.cpython-311-darwin.so,sha256=9rqdpMeZVNxWDZ56UEFXdbczGQdHw8YHXxJkbZSz9_M,429464
+yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
+yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
+yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
+yaml/dumper.py,sha256=PLctZlYwZLp7XmeUdwRuv4nYOZ2UBnDIUy8-lKfLF-o,2837
+yaml/emitter.py,sha256=jghtaU7eFwg31bG0B7RZea_29Adi9CKmXq_QjgQpCkQ,43006
+yaml/error.py,sha256=Ah9z-toHJUbE9j-M8YpxgSRM5CgLCcwVzJgLLRF2Fxo,2533
+yaml/events.py,sha256=50_TksgQiE4up-lKo_V-nBy-tAIxkIPQxY5qDhKCeHw,2445
+yaml/loader.py,sha256=UVa-zIqmkFSCIYq_PgSGm4NSJttHY2Rf_zQ4_b1fHN0,2061
+yaml/nodes.py,sha256=gPKNj8pKCdh2d4gr3gIYINnPOaOxGhJAUiYhGRnPE84,1440
+yaml/parser.py,sha256=ilWp5vvgoHFGzvOZDItFoGjD6D42nhlZrZyjAwa0oJo,25495
+yaml/reader.py,sha256=0dmzirOiDG4Xo41RnuQS7K9rkY3xjHiVasfDMNTqCNw,6794
+yaml/representer.py,sha256=IuWP-cAW9sHKEnS0gCqSa894k1Bg4cgTxaDwIcbRQ-Y,14190
+yaml/resolver.py,sha256=9L-VYfm4mWHxUD1Vg4X7rjDRK_7VZd6b92wzq7Y2IKY,9004
+yaml/scanner.py,sha256=YEM3iLZSaQwXcQRg2l2R4MdT0zGP2F9eHkKGKnHyWQY,51279
+yaml/serializer.py,sha256=ChuFgmhU01hj4xgI8GaKv6vfM2Bujwa9i7d2FAHj7cA,4165
+yaml/tokens.py,sha256=lTQIzSVw8Mg9wv459-TjiOQe6wVziqaRlqX2_89rp54,2573
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL
new file mode 100644
index 000000000..b77285b61
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.40.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-macosx_10_9_x86_64
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt
new file mode 100644
index 000000000..e6475e911
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt
@@ -0,0 +1,2 @@
+_yaml
+yaml
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/_yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/_yaml/__init__.py
new file mode 100644
index 000000000..7baa8c4b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/_yaml/__init__.py
@@ -0,0 +1,33 @@
+# This is a stub package designed to roughly emulate the _yaml
+# extension module, which previously existed as a standalone module
+# and has been moved into the `yaml` package namespace.
+# It does not perfectly mimic its old counterpart, but should get
+# close enough for anyone who's relying on it even when they shouldn't.
+import yaml
+
+# in some circumstances, the yaml module we imoprted may be from a different version, so we need
+# to tread carefully when poking at it here (it may not have the attributes we expect)
+if not getattr(yaml, '__with_libyaml__', False):
+    from sys import version_info
+
+    exc = ModuleNotFoundError if version_info >= (3, 6) else ImportError
+    raise exc("No module named '_yaml'")
+else:
+    from yaml._yaml import *
+    import warnings
+    warnings.warn(
+        'The _yaml extension module is now located at yaml._yaml'
+        ' and its location is subject to change.  To use the'
+        ' LibYAML-based parser and emitter, import from `yaml`:'
+        ' `from yaml import CLoader as Loader, CDumper as Dumper`.',
+        DeprecationWarning
+    )
+    del warnings
+    # Don't `del yaml` here because yaml is actually an existing
+    # namespace member of _yaml.
+
+__name__ = '_yaml'
+# If the module is top-level (i.e. not a part of any specific package)
+# then the attribute should be set to ''.
+# https://docs.python.org/3.8/library/types.html
+__package__ = ''
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/bin/jsonpath_ng b/lib/go-jinja2/internal/data/darwin-amd64/bin/jsonpath_ng
new file mode 100644
index 000000000..28a424903
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/bin/jsonpath_ng
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-darwin-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from jsonpath_ng.bin.jsonpath import entry_point
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(entry_point())
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/bin/slugify b/lib/go-jinja2/internal/data/darwin-amd64/bin/slugify
new file mode 100644
index 000000000..bc16b756e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/bin/slugify
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-darwin-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from slugify.__main__ import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/LICENSE.rst
new file mode 100644
index 000000000..d12a84918
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2014 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/METADATA
new file mode 100644
index 000000000..7a6bbb24b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/METADATA
@@ -0,0 +1,103 @@
+Metadata-Version: 2.1
+Name: click
+Version: 8.1.7
+Summary: Composable command line interface toolkit
+Home-page: https://palletsprojects.com/p/click/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://click.palletsprojects.com/
+Project-URL: Changes, https://click.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/click/
+Project-URL: Issue Tracker, https://github.com/pallets/click/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+Requires-Dist: colorama ; platform_system == "Windows"
+Requires-Dist: importlib-metadata ; python_version < "3.8"
+
+\$ click\_
+==========
+
+Click is a Python package for creating beautiful command line interfaces
+in a composable way with as little code as necessary. It's the "Command
+Line Interface Creation Kit". It's highly configurable but comes with
+sensible defaults out of the box.
+
+It aims to make the process of writing command line tools quick and fun
+while also preventing any frustration caused by the inability to
+implement an intended CLI API.
+
+Click in three points:
+
+-   Arbitrary nesting of commands
+-   Automatic help page generation
+-   Supports lazy loading of subcommands at runtime
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    $ pip install -U click
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+.. code-block:: python
+
+    import click
+
+    @click.command()
+    @click.option("--count", default=1, help="Number of greetings.")
+    @click.option("--name", prompt="Your name", help="The person to greet.")
+    def hello(count, name):
+        """Simple program that greets NAME for a total of COUNT times."""
+        for _ in range(count):
+            click.echo(f"Hello, {name}!")
+
+    if __name__ == '__main__':
+        hello()
+
+.. code-block:: text
+
+    $ python hello.py --count=3
+    Your name: Click
+    Hello, Click!
+    Hello, Click!
+    Hello, Click!
+
+
+Donate
+------
+
+The Pallets organization develops and supports Click and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, `please
+donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://click.palletsprojects.com/
+-   Changes: https://click.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/click/
+-   Source Code: https://github.com/pallets/click
+-   Issue Tracker: https://github.com/pallets/click/issues
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/RECORD
new file mode 100644
index 000000000..dcffbf004
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/RECORD
@@ -0,0 +1,40 @@
+click-8.1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+click-8.1.7.dist-info/LICENSE.rst,sha256=morRBqOU6FO_4h9C9OctWSgZoigF2ZG18ydQKSkrZY0,1475
+click-8.1.7.dist-info/METADATA,sha256=qIMevCxGA9yEmJOM_4WHuUJCwWpsIEVbCPOhs45YPN4,3014
+click-8.1.7.dist-info/RECORD,,
+click-8.1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click-8.1.7.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+click-8.1.7.dist-info/top_level.txt,sha256=J1ZQogalYS4pphY_lPECoNMfw0HzTSrZglC4Yfwo4xA,6
+click/__init__.py,sha256=YDDbjm406dTOA0V8bTtdGnhN7zj5j-_dFRewZF_pLvw,3138
+click/__pycache__/__init__.cpython-311.pyc,,
+click/__pycache__/_compat.cpython-311.pyc,,
+click/__pycache__/_termui_impl.cpython-311.pyc,,
+click/__pycache__/_textwrap.cpython-311.pyc,,
+click/__pycache__/_winconsole.cpython-311.pyc,,
+click/__pycache__/core.cpython-311.pyc,,
+click/__pycache__/decorators.cpython-311.pyc,,
+click/__pycache__/exceptions.cpython-311.pyc,,
+click/__pycache__/formatting.cpython-311.pyc,,
+click/__pycache__/globals.cpython-311.pyc,,
+click/__pycache__/parser.cpython-311.pyc,,
+click/__pycache__/shell_completion.cpython-311.pyc,,
+click/__pycache__/termui.cpython-311.pyc,,
+click/__pycache__/testing.cpython-311.pyc,,
+click/__pycache__/types.cpython-311.pyc,,
+click/__pycache__/utils.cpython-311.pyc,,
+click/_compat.py,sha256=5318agQpbt4kroKsbqDOYpTSWzL_YCZVUQiTT04yXmc,18744
+click/_termui_impl.py,sha256=3dFYv4445Nw-rFvZOTBMBPYwB1bxnmNk9Du6Dm_oBSU,24069
+click/_textwrap.py,sha256=10fQ64OcBUMuK7mFvh8363_uoOxPlRItZBmKzRJDgoY,1353
+click/_winconsole.py,sha256=5ju3jQkcZD0W27WEMGqmEP4y_crUVzPCqsX_FYb7BO0,7860
+click/core.py,sha256=j6oEWtGgGna8JarD6WxhXmNnxLnfRjwXglbBc-8jr7U,114086
+click/decorators.py,sha256=-ZlbGYgV-oI8jr_oH4RpuL1PFS-5QmeuEAsLDAYgxtw,18719
+click/exceptions.py,sha256=fyROO-47HWFDjt2qupo7A3J32VlpM-ovJnfowu92K3s,9273
+click/formatting.py,sha256=Frf0-5W33-loyY_i9qrwXR8-STnW3m5gvyxLVUdyxyk,9706
+click/globals.py,sha256=TP-qM88STzc7f127h35TD_v920FgfOD2EwzqA0oE8XU,1961
+click/parser.py,sha256=LKyYQE9ZLj5KgIDXkrcTHQRXIggfoivX14_UVIn56YA,19067
+click/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click/shell_completion.py,sha256=Ty3VM_ts0sQhj6u7eFTiLwHPoTgcXTGEAUg2OpLqYKw,18460
+click/termui.py,sha256=H7Q8FpmPelhJ2ovOhfCRhjMtCpNyjFXryAMLZODqsdc,28324
+click/testing.py,sha256=1Qd4kS5bucn1hsNIRryd0WtTMuCpkA93grkWxT8POsU,16084
+click/types.py,sha256=TZvz3hKvBztf-Hpa2enOmP4eznSPLzijjig5b_0XMxE,36391
+click/utils.py,sha256=1476UduUNY6UePGU4m18uzVHLt1sKM2PP3yWsQhbItM,20298
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/WHEEL
new file mode 100644
index 000000000..2c08da084
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/top_level.txt
new file mode 100644
index 000000000..dca9a9096
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click-8.1.7.dist-info/top_level.txt
@@ -0,0 +1 @@
+click
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/click/__init__.py
new file mode 100644
index 000000000..9a1dab048
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/__init__.py
@@ -0,0 +1,73 @@
+"""
+Click is a simple Python module inspired by the stdlib optparse to make
+writing command line scripts fun. Unlike other modules, it's based
+around a simple API that does not come with too much magic and is
+composable.
+"""
+from .core import Argument as Argument
+from .core import BaseCommand as BaseCommand
+from .core import Command as Command
+from .core import CommandCollection as CommandCollection
+from .core import Context as Context
+from .core import Group as Group
+from .core import MultiCommand as MultiCommand
+from .core import Option as Option
+from .core import Parameter as Parameter
+from .decorators import argument as argument
+from .decorators import command as command
+from .decorators import confirmation_option as confirmation_option
+from .decorators import group as group
+from .decorators import help_option as help_option
+from .decorators import make_pass_decorator as make_pass_decorator
+from .decorators import option as option
+from .decorators import pass_context as pass_context
+from .decorators import pass_obj as pass_obj
+from .decorators import password_option as password_option
+from .decorators import version_option as version_option
+from .exceptions import Abort as Abort
+from .exceptions import BadArgumentUsage as BadArgumentUsage
+from .exceptions import BadOptionUsage as BadOptionUsage
+from .exceptions import BadParameter as BadParameter
+from .exceptions import ClickException as ClickException
+from .exceptions import FileError as FileError
+from .exceptions import MissingParameter as MissingParameter
+from .exceptions import NoSuchOption as NoSuchOption
+from .exceptions import UsageError as UsageError
+from .formatting import HelpFormatter as HelpFormatter
+from .formatting import wrap_text as wrap_text
+from .globals import get_current_context as get_current_context
+from .parser import OptionParser as OptionParser
+from .termui import clear as clear
+from .termui import confirm as confirm
+from .termui import echo_via_pager as echo_via_pager
+from .termui import edit as edit
+from .termui import getchar as getchar
+from .termui import launch as launch
+from .termui import pause as pause
+from .termui import progressbar as progressbar
+from .termui import prompt as prompt
+from .termui import secho as secho
+from .termui import style as style
+from .termui import unstyle as unstyle
+from .types import BOOL as BOOL
+from .types import Choice as Choice
+from .types import DateTime as DateTime
+from .types import File as File
+from .types import FLOAT as FLOAT
+from .types import FloatRange as FloatRange
+from .types import INT as INT
+from .types import IntRange as IntRange
+from .types import ParamType as ParamType
+from .types import Path as Path
+from .types import STRING as STRING
+from .types import Tuple as Tuple
+from .types import UNPROCESSED as UNPROCESSED
+from .types import UUID as UUID
+from .utils import echo as echo
+from .utils import format_filename as format_filename
+from .utils import get_app_dir as get_app_dir
+from .utils import get_binary_stream as get_binary_stream
+from .utils import get_text_stream as get_text_stream
+from .utils import open_file as open_file
+
+__version__ = "8.1.7"
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/_compat.py b/lib/go-jinja2/internal/data/darwin-amd64/click/_compat.py
new file mode 100644
index 000000000..23f886659
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/_compat.py
@@ -0,0 +1,623 @@
+import codecs
+import io
+import os
+import re
+import sys
+import typing as t
+from weakref import WeakKeyDictionary
+
+CYGWIN = sys.platform.startswith("cygwin")
+WIN = sys.platform.startswith("win")
+auto_wrap_for_ansi: t.Optional[t.Callable[[t.TextIO], t.TextIO]] = None
+_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
+
+
+def _make_text_stream(
+    stream: t.BinaryIO,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if encoding is None:
+        encoding = get_best_encoding(stream)
+    if errors is None:
+        errors = "replace"
+    return _NonClosingTextIOWrapper(
+        stream,
+        encoding,
+        errors,
+        line_buffering=True,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def is_ascii_encoding(encoding: str) -> bool:
+    """Checks if a given encoding is ascii."""
+    try:
+        return codecs.lookup(encoding).name == "ascii"
+    except LookupError:
+        return False
+
+
+def get_best_encoding(stream: t.IO[t.Any]) -> str:
+    """Returns the default stream encoding if not found."""
+    rv = getattr(stream, "encoding", None) or sys.getdefaultencoding()
+    if is_ascii_encoding(rv):
+        return "utf-8"
+    return rv
+
+
+class _NonClosingTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        encoding: t.Optional[str],
+        errors: t.Optional[str],
+        force_readable: bool = False,
+        force_writable: bool = False,
+        **extra: t.Any,
+    ) -> None:
+        self._stream = stream = t.cast(
+            t.BinaryIO, _FixupStream(stream, force_readable, force_writable)
+        )
+        super().__init__(stream, encoding, errors, **extra)
+
+    def __del__(self) -> None:
+        try:
+            self.detach()
+        except Exception:
+            pass
+
+    def isatty(self) -> bool:
+        # https://bitbucket.org/pypy/pypy/issue/1803
+        return self._stream.isatty()
+
+
+class _FixupStream:
+    """The new io interface needs more from streams than streams
+    traditionally implement.  As such, this fix-up code is necessary in
+    some circumstances.
+
+    The forcing of readable and writable flags are there because some tools
+    put badly patched objects on sys (one such offender are certain version
+    of jupyter notebook).
+    """
+
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        force_readable: bool = False,
+        force_writable: bool = False,
+    ):
+        self._stream = stream
+        self._force_readable = force_readable
+        self._force_writable = force_writable
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._stream, name)
+
+    def read1(self, size: int) -> bytes:
+        f = getattr(self._stream, "read1", None)
+
+        if f is not None:
+            return t.cast(bytes, f(size))
+
+        return self._stream.read(size)
+
+    def readable(self) -> bool:
+        if self._force_readable:
+            return True
+        x = getattr(self._stream, "readable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.read(0)
+        except Exception:
+            return False
+        return True
+
+    def writable(self) -> bool:
+        if self._force_writable:
+            return True
+        x = getattr(self._stream, "writable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.write("")  # type: ignore
+        except Exception:
+            try:
+                self._stream.write(b"")
+            except Exception:
+                return False
+        return True
+
+    def seekable(self) -> bool:
+        x = getattr(self._stream, "seekable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.seek(self._stream.tell())
+        except Exception:
+            return False
+        return True
+
+
+def _is_binary_reader(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        return isinstance(stream.read(0), bytes)
+    except Exception:
+        return default
+        # This happens in some cases where the stream was already
+        # closed.  In this case, we assume the default.
+
+
+def _is_binary_writer(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        stream.write(b"")
+    except Exception:
+        try:
+            stream.write("")
+            return False
+        except Exception:
+            pass
+        return default
+    return True
+
+
+def _find_binary_reader(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_reader(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_reader(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _find_binary_writer(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_writer(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_writer(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _stream_is_misconfigured(stream: t.TextIO) -> bool:
+    """A stream is misconfigured if its encoding is ASCII."""
+    # If the stream does not have an encoding set, we assume it's set
+    # to ASCII.  This appears to happen in certain unittest
+    # environments.  It's not quite clear what the correct behavior is
+    # but this at least will force Click to recover somehow.
+    return is_ascii_encoding(getattr(stream, "encoding", None) or "ascii")
+
+
+def _is_compat_stream_attr(stream: t.TextIO, attr: str, value: t.Optional[str]) -> bool:
+    """A stream attribute is compatible if it is equal to the
+    desired value or the desired value is unset and the attribute
+    has a value.
+    """
+    stream_value = getattr(stream, attr, None)
+    return stream_value == value or (value is None and stream_value is not None)
+
+
+def _is_compatible_text_stream(
+    stream: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> bool:
+    """Check if a stream's encoding and errors attributes are
+    compatible with the desired values.
+    """
+    return _is_compat_stream_attr(
+        stream, "encoding", encoding
+    ) and _is_compat_stream_attr(stream, "errors", errors)
+
+
+def _force_correct_text_stream(
+    text_stream: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    is_binary: t.Callable[[t.IO[t.Any], bool], bool],
+    find_binary: t.Callable[[t.IO[t.Any]], t.Optional[t.BinaryIO]],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if is_binary(text_stream, False):
+        binary_reader = t.cast(t.BinaryIO, text_stream)
+    else:
+        text_stream = t.cast(t.TextIO, text_stream)
+        # If the stream looks compatible, and won't default to a
+        # misconfigured ascii encoding, return it as-is.
+        if _is_compatible_text_stream(text_stream, encoding, errors) and not (
+            encoding is None and _stream_is_misconfigured(text_stream)
+        ):
+            return text_stream
+
+        # Otherwise, get the underlying binary reader.
+        possible_binary_reader = find_binary(text_stream)
+
+        # If that's not possible, silently use the original reader
+        # and get mojibake instead of exceptions.
+        if possible_binary_reader is None:
+            return text_stream
+
+        binary_reader = possible_binary_reader
+
+    # Default errors to replace instead of strict in order to get
+    # something that works.
+    if errors is None:
+        errors = "replace"
+
+    # Wrap the binary stream in a text stream with the correct
+    # encoding parameters.
+    return _make_text_stream(
+        binary_reader,
+        encoding,
+        errors,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def _force_correct_text_reader(
+    text_reader: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_reader,
+        encoding,
+        errors,
+        _is_binary_reader,
+        _find_binary_reader,
+        force_readable=force_readable,
+    )
+
+
+def _force_correct_text_writer(
+    text_writer: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_writable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_writer,
+        encoding,
+        errors,
+        _is_binary_writer,
+        _find_binary_writer,
+        force_writable=force_writable,
+    )
+
+
+def get_binary_stdin() -> t.BinaryIO:
+    reader = _find_binary_reader(sys.stdin)
+    if reader is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdin.")
+    return reader
+
+
+def get_binary_stdout() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stdout)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdout.")
+    return writer
+
+
+def get_binary_stderr() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stderr)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stderr.")
+    return writer
+
+
+def get_text_stdin(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdin, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_reader(sys.stdin, encoding, errors, force_readable=True)
+
+
+def get_text_stdout(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdout, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stdout, encoding, errors, force_writable=True)
+
+
+def get_text_stderr(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stderr, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stderr, encoding, errors, force_writable=True)
+
+
+def _wrap_io_open(
+    file: t.Union[str, "os.PathLike[str]", int],
+    mode: str,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+) -> t.IO[t.Any]:
+    """Handles not passing ``encoding`` and ``errors`` in binary mode."""
+    if "b" in mode:
+        return open(file, mode)
+
+    return open(file, mode, encoding=encoding, errors=errors)
+
+
+def open_stream(
+    filename: "t.Union[str, os.PathLike[str]]",
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    atomic: bool = False,
+) -> t.Tuple[t.IO[t.Any], bool]:
+    binary = "b" in mode
+    filename = os.fspath(filename)
+
+    # Standard streams first. These are simple because they ignore the
+    # atomic flag. Use fsdecode to handle Path("-").
+    if os.fsdecode(filename) == "-":
+        if any(m in mode for m in ["w", "a", "x"]):
+            if binary:
+                return get_binary_stdout(), False
+            return get_text_stdout(encoding=encoding, errors=errors), False
+        if binary:
+            return get_binary_stdin(), False
+        return get_text_stdin(encoding=encoding, errors=errors), False
+
+    # Non-atomic writes directly go out through the regular open functions.
+    if not atomic:
+        return _wrap_io_open(filename, mode, encoding, errors), True
+
+    # Some usability stuff for atomic writes
+    if "a" in mode:
+        raise ValueError(
+            "Appending to an existing file is not supported, because that"
+            " would involve an expensive `copy`-operation to a temporary"
+            " file. Open the file in normal `w`-mode and copy explicitly"
+            " if that's what you're after."
+        )
+    if "x" in mode:
+        raise ValueError("Use the `overwrite`-parameter instead.")
+    if "w" not in mode:
+        raise ValueError("Atomic writes only make sense with `w`-mode.")
+
+    # Atomic writes are more complicated.  They work by opening a file
+    # as a proxy in the same folder and then using the fdopen
+    # functionality to wrap it in a Python file.  Then we wrap it in an
+    # atomic file that moves the file over on close.
+    import errno
+    import random
+
+    try:
+        perm: t.Optional[int] = os.stat(filename).st_mode
+    except OSError:
+        perm = None
+
+    flags = os.O_RDWR | os.O_CREAT | os.O_EXCL
+
+    if binary:
+        flags |= getattr(os, "O_BINARY", 0)
+
+    while True:
+        tmp_filename = os.path.join(
+            os.path.dirname(filename),
+            f".__atomic-write{random.randrange(1 << 32):08x}",
+        )
+        try:
+            fd = os.open(tmp_filename, flags, 0o666 if perm is None else perm)
+            break
+        except OSError as e:
+            if e.errno == errno.EEXIST or (
+                os.name == "nt"
+                and e.errno == errno.EACCES
+                and os.path.isdir(e.filename)
+                and os.access(e.filename, os.W_OK)
+            ):
+                continue
+            raise
+
+    if perm is not None:
+        os.chmod(tmp_filename, perm)  # in case perm includes bits in umask
+
+    f = _wrap_io_open(fd, mode, encoding, errors)
+    af = _AtomicFile(f, tmp_filename, os.path.realpath(filename))
+    return t.cast(t.IO[t.Any], af), True
+
+
+class _AtomicFile:
+    def __init__(self, f: t.IO[t.Any], tmp_filename: str, real_filename: str) -> None:
+        self._f = f
+        self._tmp_filename = tmp_filename
+        self._real_filename = real_filename
+        self.closed = False
+
+    @property
+    def name(self) -> str:
+        return self._real_filename
+
+    def close(self, delete: bool = False) -> None:
+        if self.closed:
+            return
+        self._f.close()
+        os.replace(self._tmp_filename, self._real_filename)
+        self.closed = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._f, name)
+
+    def __enter__(self) -> "_AtomicFile":
+        return self
+
+    def __exit__(self, exc_type: t.Optional[t.Type[BaseException]], *_: t.Any) -> None:
+        self.close(delete=exc_type is not None)
+
+    def __repr__(self) -> str:
+        return repr(self._f)
+
+
+def strip_ansi(value: str) -> str:
+    return _ansi_re.sub("", value)
+
+
+def _is_jupyter_kernel_output(stream: t.IO[t.Any]) -> bool:
+    while isinstance(stream, (_FixupStream, _NonClosingTextIOWrapper)):
+        stream = stream._stream
+
+    return stream.__class__.__module__.startswith("ipykernel.")
+
+
+def should_strip_ansi(
+    stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+) -> bool:
+    if color is None:
+        if stream is None:
+            stream = sys.stdin
+        return not isatty(stream) and not _is_jupyter_kernel_output(stream)
+    return not color
+
+
+# On Windows, wrap the output streams with colorama to support ANSI
+# color codes.
+# NOTE: double check is needed so mypy does not analyze this on Linux
+if sys.platform.startswith("win") and WIN:
+    from ._winconsole import _get_windows_console_stream
+
+    def _get_argv_encoding() -> str:
+        import locale
+
+        return locale.getpreferredencoding()
+
+    _ansi_stream_wrappers: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def auto_wrap_for_ansi(  # noqa: F811
+        stream: t.TextIO, color: t.Optional[bool] = None
+    ) -> t.TextIO:
+        """Support ANSI color and style codes on Windows by wrapping a
+        stream with colorama.
+        """
+        try:
+            cached = _ansi_stream_wrappers.get(stream)
+        except Exception:
+            cached = None
+
+        if cached is not None:
+            return cached
+
+        import colorama
+
+        strip = should_strip_ansi(stream, color)
+        ansi_wrapper = colorama.AnsiToWin32(stream, strip=strip)
+        rv = t.cast(t.TextIO, ansi_wrapper.stream)
+        _write = rv.write
+
+        def _safe_write(s):
+            try:
+                return _write(s)
+            except BaseException:
+                ansi_wrapper.reset_all()
+                raise
+
+        rv.write = _safe_write
+
+        try:
+            _ansi_stream_wrappers[stream] = rv
+        except Exception:
+            pass
+
+        return rv
+
+else:
+
+    def _get_argv_encoding() -> str:
+        return getattr(sys.stdin, "encoding", None) or sys.getfilesystemencoding()
+
+    def _get_windows_console_stream(
+        f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+    ) -> t.Optional[t.TextIO]:
+        return None
+
+
+def term_len(x: str) -> int:
+    return len(strip_ansi(x))
+
+
+def isatty(stream: t.IO[t.Any]) -> bool:
+    try:
+        return stream.isatty()
+    except Exception:
+        return False
+
+
+def _make_cached_stream_func(
+    src_func: t.Callable[[], t.Optional[t.TextIO]],
+    wrapper_func: t.Callable[[], t.TextIO],
+) -> t.Callable[[], t.Optional[t.TextIO]]:
+    cache: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def func() -> t.Optional[t.TextIO]:
+        stream = src_func()
+
+        if stream is None:
+            return None
+
+        try:
+            rv = cache.get(stream)
+        except Exception:
+            rv = None
+        if rv is not None:
+            return rv
+        rv = wrapper_func()
+        try:
+            cache[stream] = rv
+        except Exception:
+            pass
+        return rv
+
+    return func
+
+
+_default_text_stdin = _make_cached_stream_func(lambda: sys.stdin, get_text_stdin)
+_default_text_stdout = _make_cached_stream_func(lambda: sys.stdout, get_text_stdout)
+_default_text_stderr = _make_cached_stream_func(lambda: sys.stderr, get_text_stderr)
+
+
+binary_streams: t.Mapping[str, t.Callable[[], t.BinaryIO]] = {
+    "stdin": get_binary_stdin,
+    "stdout": get_binary_stdout,
+    "stderr": get_binary_stderr,
+}
+
+text_streams: t.Mapping[
+    str, t.Callable[[t.Optional[str], t.Optional[str]], t.TextIO]
+] = {
+    "stdin": get_text_stdin,
+    "stdout": get_text_stdout,
+    "stderr": get_text_stderr,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/_termui_impl.py b/lib/go-jinja2/internal/data/darwin-amd64/click/_termui_impl.py
new file mode 100644
index 000000000..f74465775
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/_termui_impl.py
@@ -0,0 +1,739 @@
+"""
+This module contains implementations for the termui module. To keep the
+import time of Click down, some infrequently used functionality is
+placed in this module and only imported as needed.
+"""
+import contextlib
+import math
+import os
+import sys
+import time
+import typing as t
+from gettext import gettext as _
+from io import StringIO
+from types import TracebackType
+
+from ._compat import _default_text_stdout
+from ._compat import CYGWIN
+from ._compat import get_best_encoding
+from ._compat import isatty
+from ._compat import open_stream
+from ._compat import strip_ansi
+from ._compat import term_len
+from ._compat import WIN
+from .exceptions import ClickException
+from .utils import echo
+
+V = t.TypeVar("V")
+
+if os.name == "nt":
+    BEFORE_BAR = "\r"
+    AFTER_BAR = "\n"
+else:
+    BEFORE_BAR = "\r\033[?25l"
+    AFTER_BAR = "\033[?25h\n"
+
+
+class ProgressBar(t.Generic[V]):
+    def __init__(
+        self,
+        iterable: t.Optional[t.Iterable[V]],
+        length: t.Optional[int] = None,
+        fill_char: str = "#",
+        empty_char: str = " ",
+        bar_template: str = "%(bar)s",
+        info_sep: str = "  ",
+        show_eta: bool = True,
+        show_percent: t.Optional[bool] = None,
+        show_pos: bool = False,
+        item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+        label: t.Optional[str] = None,
+        file: t.Optional[t.TextIO] = None,
+        color: t.Optional[bool] = None,
+        update_min_steps: int = 1,
+        width: int = 30,
+    ) -> None:
+        self.fill_char = fill_char
+        self.empty_char = empty_char
+        self.bar_template = bar_template
+        self.info_sep = info_sep
+        self.show_eta = show_eta
+        self.show_percent = show_percent
+        self.show_pos = show_pos
+        self.item_show_func = item_show_func
+        self.label: str = label or ""
+
+        if file is None:
+            file = _default_text_stdout()
+
+            # There are no standard streams attached to write to. For example,
+            # pythonw on Windows.
+            if file is None:
+                file = StringIO()
+
+        self.file = file
+        self.color = color
+        self.update_min_steps = update_min_steps
+        self._completed_intervals = 0
+        self.width: int = width
+        self.autowidth: bool = width == 0
+
+        if length is None:
+            from operator import length_hint
+
+            length = length_hint(iterable, -1)
+
+            if length == -1:
+                length = None
+        if iterable is None:
+            if length is None:
+                raise TypeError("iterable or length is required")
+            iterable = t.cast(t.Iterable[V], range(length))
+        self.iter: t.Iterable[V] = iter(iterable)
+        self.length = length
+        self.pos = 0
+        self.avg: t.List[float] = []
+        self.last_eta: float
+        self.start: float
+        self.start = self.last_eta = time.time()
+        self.eta_known: bool = False
+        self.finished: bool = False
+        self.max_width: t.Optional[int] = None
+        self.entered: bool = False
+        self.current_item: t.Optional[V] = None
+        self.is_hidden: bool = not isatty(self.file)
+        self._last_line: t.Optional[str] = None
+
+    def __enter__(self) -> "ProgressBar[V]":
+        self.entered = True
+        self.render_progress()
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.render_finish()
+
+    def __iter__(self) -> t.Iterator[V]:
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+        self.render_progress()
+        return self.generator()
+
+    def __next__(self) -> V:
+        # Iteration is defined in terms of a generator function,
+        # returned by iter(self); use that to define next(). This works
+        # because `self.iter` is an iterable consumed by that generator,
+        # so it is re-entry safe. Calling `next(self.generator())`
+        # twice works and does "what you want".
+        return next(iter(self))
+
+    def render_finish(self) -> None:
+        if self.is_hidden:
+            return
+        self.file.write(AFTER_BAR)
+        self.file.flush()
+
+    @property
+    def pct(self) -> float:
+        if self.finished:
+            return 1.0
+        return min(self.pos / (float(self.length or 1) or 1), 1.0)
+
+    @property
+    def time_per_iteration(self) -> float:
+        if not self.avg:
+            return 0.0
+        return sum(self.avg) / float(len(self.avg))
+
+    @property
+    def eta(self) -> float:
+        if self.length is not None and not self.finished:
+            return self.time_per_iteration * (self.length - self.pos)
+        return 0.0
+
+    def format_eta(self) -> str:
+        if self.eta_known:
+            t = int(self.eta)
+            seconds = t % 60
+            t //= 60
+            minutes = t % 60
+            t //= 60
+            hours = t % 24
+            t //= 24
+            if t > 0:
+                return f"{t}d {hours:02}:{minutes:02}:{seconds:02}"
+            else:
+                return f"{hours:02}:{minutes:02}:{seconds:02}"
+        return ""
+
+    def format_pos(self) -> str:
+        pos = str(self.pos)
+        if self.length is not None:
+            pos += f"/{self.length}"
+        return pos
+
+    def format_pct(self) -> str:
+        return f"{int(self.pct * 100): 4}%"[1:]
+
+    def format_bar(self) -> str:
+        if self.length is not None:
+            bar_length = int(self.pct * self.width)
+            bar = self.fill_char * bar_length
+            bar += self.empty_char * (self.width - bar_length)
+        elif self.finished:
+            bar = self.fill_char * self.width
+        else:
+            chars = list(self.empty_char * (self.width or 1))
+            if self.time_per_iteration != 0:
+                chars[
+                    int(
+                        (math.cos(self.pos * self.time_per_iteration) / 2.0 + 0.5)
+                        * self.width
+                    )
+                ] = self.fill_char
+            bar = "".join(chars)
+        return bar
+
+    def format_progress_line(self) -> str:
+        show_percent = self.show_percent
+
+        info_bits = []
+        if self.length is not None and show_percent is None:
+            show_percent = not self.show_pos
+
+        if self.show_pos:
+            info_bits.append(self.format_pos())
+        if show_percent:
+            info_bits.append(self.format_pct())
+        if self.show_eta and self.eta_known and not self.finished:
+            info_bits.append(self.format_eta())
+        if self.item_show_func is not None:
+            item_info = self.item_show_func(self.current_item)
+            if item_info is not None:
+                info_bits.append(item_info)
+
+        return (
+            self.bar_template
+            % {
+                "label": self.label,
+                "bar": self.format_bar(),
+                "info": self.info_sep.join(info_bits),
+            }
+        ).rstrip()
+
+    def render_progress(self) -> None:
+        import shutil
+
+        if self.is_hidden:
+            # Only output the label as it changes if the output is not a
+            # TTY. Use file=stderr if you expect to be piping stdout.
+            if self._last_line != self.label:
+                self._last_line = self.label
+                echo(self.label, file=self.file, color=self.color)
+
+            return
+
+        buf = []
+        # Update width in case the terminal has been resized
+        if self.autowidth:
+            old_width = self.width
+            self.width = 0
+            clutter_length = term_len(self.format_progress_line())
+            new_width = max(0, shutil.get_terminal_size().columns - clutter_length)
+            if new_width < old_width:
+                buf.append(BEFORE_BAR)
+                buf.append(" " * self.max_width)  # type: ignore
+                self.max_width = new_width
+            self.width = new_width
+
+        clear_width = self.width
+        if self.max_width is not None:
+            clear_width = self.max_width
+
+        buf.append(BEFORE_BAR)
+        line = self.format_progress_line()
+        line_len = term_len(line)
+        if self.max_width is None or self.max_width < line_len:
+            self.max_width = line_len
+
+        buf.append(line)
+        buf.append(" " * (clear_width - line_len))
+        line = "".join(buf)
+        # Render the line only if it changed.
+
+        if line != self._last_line:
+            self._last_line = line
+            echo(line, file=self.file, color=self.color, nl=False)
+            self.file.flush()
+
+    def make_step(self, n_steps: int) -> None:
+        self.pos += n_steps
+        if self.length is not None and self.pos >= self.length:
+            self.finished = True
+
+        if (time.time() - self.last_eta) < 1.0:
+            return
+
+        self.last_eta = time.time()
+
+        # self.avg is a rolling list of length <= 7 of steps where steps are
+        # defined as time elapsed divided by the total progress through
+        # self.length.
+        if self.pos:
+            step = (time.time() - self.start) / self.pos
+        else:
+            step = time.time() - self.start
+
+        self.avg = self.avg[-6:] + [step]
+
+        self.eta_known = self.length is not None
+
+    def update(self, n_steps: int, current_item: t.Optional[V] = None) -> None:
+        """Update the progress bar by advancing a specified number of
+        steps, and optionally set the ``current_item`` for this new
+        position.
+
+        :param n_steps: Number of steps to advance.
+        :param current_item: Optional item to set as ``current_item``
+            for the updated position.
+
+        .. versionchanged:: 8.0
+            Added the ``current_item`` optional parameter.
+
+        .. versionchanged:: 8.0
+            Only render when the number of steps meets the
+            ``update_min_steps`` threshold.
+        """
+        if current_item is not None:
+            self.current_item = current_item
+
+        self._completed_intervals += n_steps
+
+        if self._completed_intervals >= self.update_min_steps:
+            self.make_step(self._completed_intervals)
+            self.render_progress()
+            self._completed_intervals = 0
+
+    def finish(self) -> None:
+        self.eta_known = False
+        self.current_item = None
+        self.finished = True
+
+    def generator(self) -> t.Iterator[V]:
+        """Return a generator which yields the items added to the bar
+        during construction, and updates the progress bar *after* the
+        yielded block returns.
+        """
+        # WARNING: the iterator interface for `ProgressBar` relies on
+        # this and only works because this is a simple generator which
+        # doesn't create or manage additional state. If this function
+        # changes, the impact should be evaluated both against
+        # `iter(bar)` and `next(bar)`. `next()` in particular may call
+        # `self.generator()` repeatedly, and this must remain safe in
+        # order for that interface to work.
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+
+        if self.is_hidden:
+            yield from self.iter
+        else:
+            for rv in self.iter:
+                self.current_item = rv
+
+                # This allows show_item_func to be updated before the
+                # item is processed. Only trigger at the beginning of
+                # the update interval.
+                if self._completed_intervals == 0:
+                    self.render_progress()
+
+                yield rv
+                self.update(1)
+
+            self.finish()
+            self.render_progress()
+
+
+def pager(generator: t.Iterable[str], color: t.Optional[bool] = None) -> None:
+    """Decide what method to use for paging through text."""
+    stdout = _default_text_stdout()
+
+    # There are no standard streams attached to write to. For example,
+    # pythonw on Windows.
+    if stdout is None:
+        stdout = StringIO()
+
+    if not isatty(sys.stdin) or not isatty(stdout):
+        return _nullpager(stdout, generator, color)
+    pager_cmd = (os.environ.get("PAGER", None) or "").strip()
+    if pager_cmd:
+        if WIN:
+            return _tempfilepager(generator, pager_cmd, color)
+        return _pipepager(generator, pager_cmd, color)
+    if os.environ.get("TERM") in ("dumb", "emacs"):
+        return _nullpager(stdout, generator, color)
+    if WIN or sys.platform.startswith("os2"):
+        return _tempfilepager(generator, "more <", color)
+    if hasattr(os, "system") and os.system("(less) 2>/dev/null") == 0:
+        return _pipepager(generator, "less", color)
+
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    os.close(fd)
+    try:
+        if hasattr(os, "system") and os.system(f'more "{filename}"') == 0:
+            return _pipepager(generator, "more", color)
+        return _nullpager(stdout, generator, color)
+    finally:
+        os.unlink(filename)
+
+
+def _pipepager(generator: t.Iterable[str], cmd: str, color: t.Optional[bool]) -> None:
+    """Page through text by feeding it to another program.  Invoking a
+    pager through this might support colors.
+    """
+    import subprocess
+
+    env = dict(os.environ)
+
+    # If we're piping to less we might support colors under the
+    # condition that
+    cmd_detail = cmd.rsplit("/", 1)[-1].split()
+    if color is None and cmd_detail[0] == "less":
+        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_detail[1:])}"
+        if not less_flags:
+            env["LESS"] = "-R"
+            color = True
+        elif "r" in less_flags or "R" in less_flags:
+            color = True
+
+    c = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, env=env)
+    stdin = t.cast(t.BinaryIO, c.stdin)
+    encoding = get_best_encoding(stdin)
+    try:
+        for text in generator:
+            if not color:
+                text = strip_ansi(text)
+
+            stdin.write(text.encode(encoding, "replace"))
+    except (OSError, KeyboardInterrupt):
+        pass
+    else:
+        stdin.close()
+
+    # Less doesn't respect ^C, but catches it for its own UI purposes (aborting
+    # search or other commands inside less).
+    #
+    # That means when the user hits ^C, the parent process (click) terminates,
+    # but less is still alive, paging the output and messing up the terminal.
+    #
+    # If the user wants to make the pager exit on ^C, they should set
+    # `LESS='-K'`. It's not our decision to make.
+    while True:
+        try:
+            c.wait()
+        except KeyboardInterrupt:
+            pass
+        else:
+            break
+
+
+def _tempfilepager(
+    generator: t.Iterable[str], cmd: str, color: t.Optional[bool]
+) -> None:
+    """Page through text by invoking a program on a temporary file."""
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    # TODO: This never terminates if the passed generator never terminates.
+    text = "".join(generator)
+    if not color:
+        text = strip_ansi(text)
+    encoding = get_best_encoding(sys.stdout)
+    with open_stream(filename, "wb")[0] as f:
+        f.write(text.encode(encoding))
+    try:
+        os.system(f'{cmd} "{filename}"')
+    finally:
+        os.close(fd)
+        os.unlink(filename)
+
+
+def _nullpager(
+    stream: t.TextIO, generator: t.Iterable[str], color: t.Optional[bool]
+) -> None:
+    """Simply print unformatted text.  This is the ultimate fallback."""
+    for text in generator:
+        if not color:
+            text = strip_ansi(text)
+        stream.write(text)
+
+
+class Editor:
+    def __init__(
+        self,
+        editor: t.Optional[str] = None,
+        env: t.Optional[t.Mapping[str, str]] = None,
+        require_save: bool = True,
+        extension: str = ".txt",
+    ) -> None:
+        self.editor = editor
+        self.env = env
+        self.require_save = require_save
+        self.extension = extension
+
+    def get_editor(self) -> str:
+        if self.editor is not None:
+            return self.editor
+        for key in "VISUAL", "EDITOR":
+            rv = os.environ.get(key)
+            if rv:
+                return rv
+        if WIN:
+            return "notepad"
+        for editor in "sensible-editor", "vim", "nano":
+            if os.system(f"which {editor} >/dev/null 2>&1") == 0:
+                return editor
+        return "vi"
+
+    def edit_file(self, filename: str) -> None:
+        import subprocess
+
+        editor = self.get_editor()
+        environ: t.Optional[t.Dict[str, str]] = None
+
+        if self.env:
+            environ = os.environ.copy()
+            environ.update(self.env)
+
+        try:
+            c = subprocess.Popen(f'{editor} "{filename}"', env=environ, shell=True)
+            exit_code = c.wait()
+            if exit_code != 0:
+                raise ClickException(
+                    _("{editor}: Editing failed").format(editor=editor)
+                )
+        except OSError as e:
+            raise ClickException(
+                _("{editor}: Editing failed: {e}").format(editor=editor, e=e)
+            ) from e
+
+    def edit(self, text: t.Optional[t.AnyStr]) -> t.Optional[t.AnyStr]:
+        import tempfile
+
+        if not text:
+            data = b""
+        elif isinstance(text, (bytes, bytearray)):
+            data = text
+        else:
+            if text and not text.endswith("\n"):
+                text += "\n"
+
+            if WIN:
+                data = text.replace("\n", "\r\n").encode("utf-8-sig")
+            else:
+                data = text.encode("utf-8")
+
+        fd, name = tempfile.mkstemp(prefix="editor-", suffix=self.extension)
+        f: t.BinaryIO
+
+        try:
+            with os.fdopen(fd, "wb") as f:
+                f.write(data)
+
+            # If the filesystem resolution is 1 second, like Mac OS
+            # 10.12 Extended, or 2 seconds, like FAT32, and the editor
+            # closes very fast, require_save can fail. Set the modified
+            # time to be 2 seconds in the past to work around this.
+            os.utime(name, (os.path.getatime(name), os.path.getmtime(name) - 2))
+            # Depending on the resolution, the exact value might not be
+            # recorded, so get the new recorded value.
+            timestamp = os.path.getmtime(name)
+
+            self.edit_file(name)
+
+            if self.require_save and os.path.getmtime(name) == timestamp:
+                return None
+
+            with open(name, "rb") as f:
+                rv = f.read()
+
+            if isinstance(text, (bytes, bytearray)):
+                return rv
+
+            return rv.decode("utf-8-sig").replace("\r\n", "\n")  # type: ignore
+        finally:
+            os.unlink(name)
+
+
+def open_url(url: str, wait: bool = False, locate: bool = False) -> int:
+    import subprocess
+
+    def _unquote_file(url: str) -> str:
+        from urllib.parse import unquote
+
+        if url.startswith("file://"):
+            url = unquote(url[7:])
+
+        return url
+
+    if sys.platform == "darwin":
+        args = ["open"]
+        if wait:
+            args.append("-W")
+        if locate:
+            args.append("-R")
+        args.append(_unquote_file(url))
+        null = open("/dev/null", "w")
+        try:
+            return subprocess.Popen(args, stderr=null).wait()
+        finally:
+            null.close()
+    elif WIN:
+        if locate:
+            url = _unquote_file(url.replace('"', ""))
+            args = f'explorer /select,"{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "/WAIT" if wait else ""
+            args = f'start {wait_str} "" "{url}"'
+        return os.system(args)
+    elif CYGWIN:
+        if locate:
+            url = os.path.dirname(_unquote_file(url).replace('"', ""))
+            args = f'cygstart "{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "-w" if wait else ""
+            args = f'cygstart {wait_str} "{url}"'
+        return os.system(args)
+
+    try:
+        if locate:
+            url = os.path.dirname(_unquote_file(url)) or "."
+        else:
+            url = _unquote_file(url)
+        c = subprocess.Popen(["xdg-open", url])
+        if wait:
+            return c.wait()
+        return 0
+    except OSError:
+        if url.startswith(("http://", "https://")) and not locate and not wait:
+            import webbrowser
+
+            webbrowser.open(url)
+            return 0
+        return 1
+
+
+def _translate_ch_to_exc(ch: str) -> t.Optional[BaseException]:
+    if ch == "\x03":
+        raise KeyboardInterrupt()
+
+    if ch == "\x04" and not WIN:  # Unix-like, Ctrl+D
+        raise EOFError()
+
+    if ch == "\x1a" and WIN:  # Windows, Ctrl+Z
+        raise EOFError()
+
+    return None
+
+
+if WIN:
+    import msvcrt
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        yield -1
+
+    def getchar(echo: bool) -> str:
+        # The function `getch` will return a bytes object corresponding to
+        # the pressed character. Since Windows 10 build 1803, it will also
+        # return \x00 when called a second time after pressing a regular key.
+        #
+        # `getwch` does not share this probably-bugged behavior. Moreover, it
+        # returns a Unicode object by default, which is what we want.
+        #
+        # Either of these functions will return \x00 or \xe0 to indicate
+        # a special key, and you need to call the same function again to get
+        # the "rest" of the code. The fun part is that \u00e0 is
+        # "latin small letter a with grave", so if you type that on a French
+        # keyboard, you _also_ get a \xe0.
+        # E.g., consider the Up arrow. This returns \xe0 and then \x48. The
+        # resulting Unicode string reads as "a with grave" + "capital H".
+        # This is indistinguishable from when the user actually types
+        # "a with grave" and then "capital H".
+        #
+        # When \xe0 is returned, we assume it's part of a special-key sequence
+        # and call `getwch` again, but that means that when the user types
+        # the \u00e0 character, `getchar` doesn't return until a second
+        # character is typed.
+        # The alternative is returning immediately, but that would mess up
+        # cross-platform handling of arrow keys and others that start with
+        # \xe0. Another option is using `getch`, but then we can't reliably
+        # read non-ASCII characters, because return values of `getch` are
+        # limited to the current 8-bit codepage.
+        #
+        # Anyway, Click doesn't claim to do this Right(tm), and using `getwch`
+        # is doing the right thing in more situations than with `getch`.
+        func: t.Callable[[], str]
+
+        if echo:
+            func = msvcrt.getwche  # type: ignore
+        else:
+            func = msvcrt.getwch  # type: ignore
+
+        rv = func()
+
+        if rv in ("\x00", "\xe0"):
+            # \x00 and \xe0 are control characters that indicate special key,
+            # see above.
+            rv += func()
+
+        _translate_ch_to_exc(rv)
+        return rv
+
+else:
+    import tty
+    import termios
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        f: t.Optional[t.TextIO]
+        fd: int
+
+        if not isatty(sys.stdin):
+            f = open("/dev/tty")
+            fd = f.fileno()
+        else:
+            fd = sys.stdin.fileno()
+            f = None
+
+        try:
+            old_settings = termios.tcgetattr(fd)
+
+            try:
+                tty.setraw(fd)
+                yield fd
+            finally:
+                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                sys.stdout.flush()
+
+                if f is not None:
+                    f.close()
+        except termios.error:
+            pass
+
+    def getchar(echo: bool) -> str:
+        with raw_terminal() as fd:
+            ch = os.read(fd, 32).decode(get_best_encoding(sys.stdin), "replace")
+
+            if echo and isatty(sys.stdout):
+                sys.stdout.write(ch)
+
+            _translate_ch_to_exc(ch)
+            return ch
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/_textwrap.py b/lib/go-jinja2/internal/data/darwin-amd64/click/_textwrap.py
new file mode 100644
index 000000000..b47dcbd42
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/_textwrap.py
@@ -0,0 +1,49 @@
+import textwrap
+import typing as t
+from contextlib import contextmanager
+
+
+class TextWrapper(textwrap.TextWrapper):
+    def _handle_long_word(
+        self,
+        reversed_chunks: t.List[str],
+        cur_line: t.List[str],
+        cur_len: int,
+        width: int,
+    ) -> None:
+        space_left = max(width - cur_len, 1)
+
+        if self.break_long_words:
+            last = reversed_chunks[-1]
+            cut = last[:space_left]
+            res = last[space_left:]
+            cur_line.append(cut)
+            reversed_chunks[-1] = res
+        elif not cur_line:
+            cur_line.append(reversed_chunks.pop())
+
+    @contextmanager
+    def extra_indent(self, indent: str) -> t.Iterator[None]:
+        old_initial_indent = self.initial_indent
+        old_subsequent_indent = self.subsequent_indent
+        self.initial_indent += indent
+        self.subsequent_indent += indent
+
+        try:
+            yield
+        finally:
+            self.initial_indent = old_initial_indent
+            self.subsequent_indent = old_subsequent_indent
+
+    def indent_only(self, text: str) -> str:
+        rv = []
+
+        for idx, line in enumerate(text.splitlines()):
+            indent = self.initial_indent
+
+            if idx > 0:
+                indent = self.subsequent_indent
+
+            rv.append(f"{indent}{line}")
+
+        return "\n".join(rv)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/_winconsole.py b/lib/go-jinja2/internal/data/darwin-amd64/click/_winconsole.py
new file mode 100644
index 000000000..6b20df315
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/_winconsole.py
@@ -0,0 +1,279 @@
+# This module is based on the excellent work by Adam Bartoš who
+# provided a lot of what went into the implementation here in
+# the discussion to issue1602 in the Python bug tracker.
+#
+# There are some general differences in regards to how this works
+# compared to the original patches as we do not need to patch
+# the entire interpreter but just work in our little world of
+# echo and prompt.
+import io
+import sys
+import time
+import typing as t
+from ctypes import byref
+from ctypes import c_char
+from ctypes import c_char_p
+from ctypes import c_int
+from ctypes import c_ssize_t
+from ctypes import c_ulong
+from ctypes import c_void_p
+from ctypes import POINTER
+from ctypes import py_object
+from ctypes import Structure
+from ctypes.wintypes import DWORD
+from ctypes.wintypes import HANDLE
+from ctypes.wintypes import LPCWSTR
+from ctypes.wintypes import LPWSTR
+
+from ._compat import _NonClosingTextIOWrapper
+
+assert sys.platform == "win32"
+import msvcrt  # noqa: E402
+from ctypes import windll  # noqa: E402
+from ctypes import WINFUNCTYPE  # noqa: E402
+
+c_ssize_p = POINTER(c_ssize_t)
+
+kernel32 = windll.kernel32
+GetStdHandle = kernel32.GetStdHandle
+ReadConsoleW = kernel32.ReadConsoleW
+WriteConsoleW = kernel32.WriteConsoleW
+GetConsoleMode = kernel32.GetConsoleMode
+GetLastError = kernel32.GetLastError
+GetCommandLineW = WINFUNCTYPE(LPWSTR)(("GetCommandLineW", windll.kernel32))
+CommandLineToArgvW = WINFUNCTYPE(POINTER(LPWSTR), LPCWSTR, POINTER(c_int))(
+    ("CommandLineToArgvW", windll.shell32)
+)
+LocalFree = WINFUNCTYPE(c_void_p, c_void_p)(("LocalFree", windll.kernel32))
+
+STDIN_HANDLE = GetStdHandle(-10)
+STDOUT_HANDLE = GetStdHandle(-11)
+STDERR_HANDLE = GetStdHandle(-12)
+
+PyBUF_SIMPLE = 0
+PyBUF_WRITABLE = 1
+
+ERROR_SUCCESS = 0
+ERROR_NOT_ENOUGH_MEMORY = 8
+ERROR_OPERATION_ABORTED = 995
+
+STDIN_FILENO = 0
+STDOUT_FILENO = 1
+STDERR_FILENO = 2
+
+EOF = b"\x1a"
+MAX_BYTES_WRITTEN = 32767
+
+try:
+    from ctypes import pythonapi
+except ImportError:
+    # On PyPy we cannot get buffers so our ability to operate here is
+    # severely limited.
+    get_buffer = None
+else:
+
+    class Py_buffer(Structure):
+        _fields_ = [
+            ("buf", c_void_p),
+            ("obj", py_object),
+            ("len", c_ssize_t),
+            ("itemsize", c_ssize_t),
+            ("readonly", c_int),
+            ("ndim", c_int),
+            ("format", c_char_p),
+            ("shape", c_ssize_p),
+            ("strides", c_ssize_p),
+            ("suboffsets", c_ssize_p),
+            ("internal", c_void_p),
+        ]
+
+    PyObject_GetBuffer = pythonapi.PyObject_GetBuffer
+    PyBuffer_Release = pythonapi.PyBuffer_Release
+
+    def get_buffer(obj, writable=False):
+        buf = Py_buffer()
+        flags = PyBUF_WRITABLE if writable else PyBUF_SIMPLE
+        PyObject_GetBuffer(py_object(obj), byref(buf), flags)
+
+        try:
+            buffer_type = c_char * buf.len
+            return buffer_type.from_address(buf.buf)
+        finally:
+            PyBuffer_Release(byref(buf))
+
+
+class _WindowsConsoleRawIOBase(io.RawIOBase):
+    def __init__(self, handle):
+        self.handle = handle
+
+    def isatty(self):
+        super().isatty()
+        return True
+
+
+class _WindowsConsoleReader(_WindowsConsoleRawIOBase):
+    def readable(self):
+        return True
+
+    def readinto(self, b):
+        bytes_to_be_read = len(b)
+        if not bytes_to_be_read:
+            return 0
+        elif bytes_to_be_read % 2:
+            raise ValueError(
+                "cannot read odd number of bytes from UTF-16-LE encoded console"
+            )
+
+        buffer = get_buffer(b, writable=True)
+        code_units_to_be_read = bytes_to_be_read // 2
+        code_units_read = c_ulong()
+
+        rv = ReadConsoleW(
+            HANDLE(self.handle),
+            buffer,
+            code_units_to_be_read,
+            byref(code_units_read),
+            None,
+        )
+        if GetLastError() == ERROR_OPERATION_ABORTED:
+            # wait for KeyboardInterrupt
+            time.sleep(0.1)
+        if not rv:
+            raise OSError(f"Windows error: {GetLastError()}")
+
+        if buffer[0] == EOF:
+            return 0
+        return 2 * code_units_read.value
+
+
+class _WindowsConsoleWriter(_WindowsConsoleRawIOBase):
+    def writable(self):
+        return True
+
+    @staticmethod
+    def _get_error_message(errno):
+        if errno == ERROR_SUCCESS:
+            return "ERROR_SUCCESS"
+        elif errno == ERROR_NOT_ENOUGH_MEMORY:
+            return "ERROR_NOT_ENOUGH_MEMORY"
+        return f"Windows error {errno}"
+
+    def write(self, b):
+        bytes_to_be_written = len(b)
+        buf = get_buffer(b)
+        code_units_to_be_written = min(bytes_to_be_written, MAX_BYTES_WRITTEN) // 2
+        code_units_written = c_ulong()
+
+        WriteConsoleW(
+            HANDLE(self.handle),
+            buf,
+            code_units_to_be_written,
+            byref(code_units_written),
+            None,
+        )
+        bytes_written = 2 * code_units_written.value
+
+        if bytes_written == 0 and bytes_to_be_written > 0:
+            raise OSError(self._get_error_message(GetLastError()))
+        return bytes_written
+
+
+class ConsoleStream:
+    def __init__(self, text_stream: t.TextIO, byte_stream: t.BinaryIO) -> None:
+        self._text_stream = text_stream
+        self.buffer = byte_stream
+
+    @property
+    def name(self) -> str:
+        return self.buffer.name
+
+    def write(self, x: t.AnyStr) -> int:
+        if isinstance(x, str):
+            return self._text_stream.write(x)
+        try:
+            self.flush()
+        except Exception:
+            pass
+        return self.buffer.write(x)
+
+    def writelines(self, lines: t.Iterable[t.AnyStr]) -> None:
+        for line in lines:
+            self.write(line)
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._text_stream, name)
+
+    def isatty(self) -> bool:
+        return self.buffer.isatty()
+
+    def __repr__(self):
+        return f"<ConsoleStream name={self.name!r} encoding={self.encoding!r}>"
+
+
+def _get_text_stdin(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedReader(_WindowsConsoleReader(STDIN_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stdout(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDOUT_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stderr(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDERR_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+_stream_factories: t.Mapping[int, t.Callable[[t.BinaryIO], t.TextIO]] = {
+    0: _get_text_stdin,
+    1: _get_text_stdout,
+    2: _get_text_stderr,
+}
+
+
+def _is_console(f: t.TextIO) -> bool:
+    if not hasattr(f, "fileno"):
+        return False
+
+    try:
+        fileno = f.fileno()
+    except (OSError, io.UnsupportedOperation):
+        return False
+
+    handle = msvcrt.get_osfhandle(fileno)
+    return bool(GetConsoleMode(handle, byref(DWORD())))
+
+
+def _get_windows_console_stream(
+    f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> t.Optional[t.TextIO]:
+    if (
+        get_buffer is not None
+        and encoding in {"utf-16-le", None}
+        and errors in {"strict", None}
+        and _is_console(f)
+    ):
+        func = _stream_factories.get(f.fileno())
+        if func is not None:
+            b = getattr(f, "buffer", None)
+
+            if b is None:
+                return None
+
+            return func(b)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/core.py b/lib/go-jinja2/internal/data/darwin-amd64/click/core.py
new file mode 100644
index 000000000..cc65e896b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/core.py
@@ -0,0 +1,3042 @@
+import enum
+import errno
+import inspect
+import os
+import sys
+import typing as t
+from collections import abc
+from contextlib import contextmanager
+from contextlib import ExitStack
+from functools import update_wrapper
+from gettext import gettext as _
+from gettext import ngettext
+from itertools import repeat
+from types import TracebackType
+
+from . import types
+from .exceptions import Abort
+from .exceptions import BadParameter
+from .exceptions import ClickException
+from .exceptions import Exit
+from .exceptions import MissingParameter
+from .exceptions import UsageError
+from .formatting import HelpFormatter
+from .formatting import join_options
+from .globals import pop_context
+from .globals import push_context
+from .parser import _flag_needs_value
+from .parser import OptionParser
+from .parser import split_opt
+from .termui import confirm
+from .termui import prompt
+from .termui import style
+from .utils import _detect_program_name
+from .utils import _expand_args
+from .utils import echo
+from .utils import make_default_short_help
+from .utils import make_str
+from .utils import PacifyFlushWrapper
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .shell_completion import CompletionItem
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+V = t.TypeVar("V")
+
+
+def _complete_visible_commands(
+    ctx: "Context", incomplete: str
+) -> t.Iterator[t.Tuple[str, "Command"]]:
+    """List all the subcommands of a group that start with the
+    incomplete value and aren't hidden.
+
+    :param ctx: Invocation context for the group.
+    :param incomplete: Value being completed. May be empty.
+    """
+    multi = t.cast(MultiCommand, ctx.command)
+
+    for name in multi.list_commands(ctx):
+        if name.startswith(incomplete):
+            command = multi.get_command(ctx, name)
+
+            if command is not None and not command.hidden:
+                yield name, command
+
+
+def _check_multicommand(
+    base_command: "MultiCommand", cmd_name: str, cmd: "Command", register: bool = False
+) -> None:
+    if not base_command.chain or not isinstance(cmd, MultiCommand):
+        return
+    if register:
+        hint = (
+            "It is not possible to add multi commands as children to"
+            " another multi command that is in chain mode."
+        )
+    else:
+        hint = (
+            "Found a multi command as subcommand to a multi command"
+            " that is in chain mode. This is not supported."
+        )
+    raise RuntimeError(
+        f"{hint}. Command {base_command.name!r} is set to chain and"
+        f" {cmd_name!r} was added as a subcommand but it in itself is a"
+        f" multi command. ({cmd_name!r} is a {type(cmd).__name__}"
+        f" within a chained {type(base_command).__name__} named"
+        f" {base_command.name!r})."
+    )
+
+
+def batch(iterable: t.Iterable[V], batch_size: int) -> t.List[t.Tuple[V, ...]]:
+    return list(zip(*repeat(iter(iterable), batch_size)))
+
+
+@contextmanager
+def augment_usage_errors(
+    ctx: "Context", param: t.Optional["Parameter"] = None
+) -> t.Iterator[None]:
+    """Context manager that attaches extra information to exceptions."""
+    try:
+        yield
+    except BadParameter as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        if param is not None and e.param is None:
+            e.param = param
+        raise
+    except UsageError as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        raise
+
+
+def iter_params_for_processing(
+    invocation_order: t.Sequence["Parameter"],
+    declaration_order: t.Sequence["Parameter"],
+) -> t.List["Parameter"]:
+    """Given a sequence of parameters in the order as should be considered
+    for processing and an iterable of parameters that exist, this returns
+    a list in the correct order as they should be processed.
+    """
+
+    def sort_key(item: "Parameter") -> t.Tuple[bool, float]:
+        try:
+            idx: float = invocation_order.index(item)
+        except ValueError:
+            idx = float("inf")
+
+        return not item.is_eager, idx
+
+    return sorted(declaration_order, key=sort_key)
+
+
+class ParameterSource(enum.Enum):
+    """This is an :class:`~enum.Enum` that indicates the source of a
+    parameter's value.
+
+    Use :meth:`click.Context.get_parameter_source` to get the
+    source for a parameter by name.
+
+    .. versionchanged:: 8.0
+        Use :class:`~enum.Enum` and drop the ``validate`` method.
+
+    .. versionchanged:: 8.0
+        Added the ``PROMPT`` value.
+    """
+
+    COMMANDLINE = enum.auto()
+    """The value was provided by the command line args."""
+    ENVIRONMENT = enum.auto()
+    """The value was provided with an environment variable."""
+    DEFAULT = enum.auto()
+    """Used the default specified by the parameter."""
+    DEFAULT_MAP = enum.auto()
+    """Used a default provided by :attr:`Context.default_map`."""
+    PROMPT = enum.auto()
+    """Used a prompt to confirm a default or provide a value."""
+
+
+class Context:
+    """The context is a special internal object that holds state relevant
+    for the script execution at every single level.  It's normally invisible
+    to commands unless they opt-in to getting access to it.
+
+    The context is useful as it can pass internal objects around and can
+    control special execution features such as reading data from
+    environment variables.
+
+    A context can be used as context manager in which case it will call
+    :meth:`close` on teardown.
+
+    :param command: the command class for this context.
+    :param parent: the parent context.
+    :param info_name: the info name for this invocation.  Generally this
+                      is the most descriptive name for the script or
+                      command.  For the toplevel script it is usually
+                      the name of the script, for commands below it it's
+                      the name of the script.
+    :param obj: an arbitrary object of user data.
+    :param auto_envvar_prefix: the prefix to use for automatic environment
+                               variables.  If this is `None` then reading
+                               from environment variables is disabled.  This
+                               does not affect manually set environment
+                               variables which are always read.
+    :param default_map: a dictionary (like object) with default values
+                        for parameters.
+    :param terminal_width: the width of the terminal.  The default is
+                           inherit from parent context.  If no context
+                           defines the terminal width then auto
+                           detection will be applied.
+    :param max_content_width: the maximum width for content rendered by
+                              Click (this currently only affects help
+                              pages).  This defaults to 80 characters if
+                              not overridden.  In other words: even if the
+                              terminal is larger than that, Click will not
+                              format things wider than 80 characters by
+                              default.  In addition to that, formatters might
+                              add some safety mapping on the right.
+    :param resilient_parsing: if this flag is enabled then Click will
+                              parse without any interactivity or callback
+                              invocation.  Default values will also be
+                              ignored.  This is useful for implementing
+                              things such as completion support.
+    :param allow_extra_args: if this is set to `True` then extra arguments
+                             at the end will not raise an error and will be
+                             kept on the context.  The default is to inherit
+                             from the command.
+    :param allow_interspersed_args: if this is set to `False` then options
+                                    and arguments cannot be mixed.  The
+                                    default is to inherit from the command.
+    :param ignore_unknown_options: instructs click to ignore options it does
+                                   not know and keeps them for later
+                                   processing.
+    :param help_option_names: optionally a list of strings that define how
+                              the default help parameter is named.  The
+                              default is ``['--help']``.
+    :param token_normalize_func: an optional function that is used to
+                                 normalize tokens (options, choices,
+                                 etc.).  This for instance can be used to
+                                 implement case insensitive behavior.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are used in texts that Click prints which is by
+                  default not the case.  This for instance would affect
+                  help output.
+    :param show_default: Show the default value for commands. If this
+        value is not set, it defaults to the value from the parent
+        context. ``Command.show_default`` overrides this default for the
+        specific command.
+
+    .. versionchanged:: 8.1
+        The ``show_default`` parameter is overridden by
+        ``Command.show_default``, instead of the other way around.
+
+    .. versionchanged:: 8.0
+        The ``show_default`` parameter defaults to the value from the
+        parent context.
+
+    .. versionchanged:: 7.1
+       Added the ``show_default`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color``, ``ignore_unknown_options``, and
+        ``max_content_width`` parameters.
+
+    .. versionchanged:: 3.0
+        Added the ``allow_extra_args`` and ``allow_interspersed_args``
+        parameters.
+
+    .. versionchanged:: 2.0
+        Added the ``resilient_parsing``, ``help_option_names``, and
+        ``token_normalize_func`` parameters.
+    """
+
+    #: The formatter class to create with :meth:`make_formatter`.
+    #:
+    #: .. versionadded:: 8.0
+    formatter_class: t.Type["HelpFormatter"] = HelpFormatter
+
+    def __init__(
+        self,
+        command: "Command",
+        parent: t.Optional["Context"] = None,
+        info_name: t.Optional[str] = None,
+        obj: t.Optional[t.Any] = None,
+        auto_envvar_prefix: t.Optional[str] = None,
+        default_map: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        terminal_width: t.Optional[int] = None,
+        max_content_width: t.Optional[int] = None,
+        resilient_parsing: bool = False,
+        allow_extra_args: t.Optional[bool] = None,
+        allow_interspersed_args: t.Optional[bool] = None,
+        ignore_unknown_options: t.Optional[bool] = None,
+        help_option_names: t.Optional[t.List[str]] = None,
+        token_normalize_func: t.Optional[t.Callable[[str], str]] = None,
+        color: t.Optional[bool] = None,
+        show_default: t.Optional[bool] = None,
+    ) -> None:
+        #: the parent context or `None` if none exists.
+        self.parent = parent
+        #: the :class:`Command` for this context.
+        self.command = command
+        #: the descriptive information name
+        self.info_name = info_name
+        #: Map of parameter names to their parsed values. Parameters
+        #: with ``expose_value=False`` are not stored.
+        self.params: t.Dict[str, t.Any] = {}
+        #: the leftover arguments.
+        self.args: t.List[str] = []
+        #: protected arguments.  These are arguments that are prepended
+        #: to `args` when certain parsing scenarios are encountered but
+        #: must be never propagated to another arguments.  This is used
+        #: to implement nested parsing.
+        self.protected_args: t.List[str] = []
+        #: the collected prefixes of the command's options.
+        self._opt_prefixes: t.Set[str] = set(parent._opt_prefixes) if parent else set()
+
+        if obj is None and parent is not None:
+            obj = parent.obj
+
+        #: the user object stored.
+        self.obj: t.Any = obj
+        self._meta: t.Dict[str, t.Any] = getattr(parent, "meta", {})
+
+        #: A dictionary (-like object) with defaults for parameters.
+        if (
+            default_map is None
+            and info_name is not None
+            and parent is not None
+            and parent.default_map is not None
+        ):
+            default_map = parent.default_map.get(info_name)
+
+        self.default_map: t.Optional[t.MutableMapping[str, t.Any]] = default_map
+
+        #: This flag indicates if a subcommand is going to be executed. A
+        #: group callback can use this information to figure out if it's
+        #: being executed directly or because the execution flow passes
+        #: onwards to a subcommand. By default it's None, but it can be
+        #: the name of the subcommand to execute.
+        #:
+        #: If chaining is enabled this will be set to ``'*'`` in case
+        #: any commands are executed.  It is however not possible to
+        #: figure out which ones.  If you require this knowledge you
+        #: should use a :func:`result_callback`.
+        self.invoked_subcommand: t.Optional[str] = None
+
+        if terminal_width is None and parent is not None:
+            terminal_width = parent.terminal_width
+
+        #: The width of the terminal (None is autodetection).
+        self.terminal_width: t.Optional[int] = terminal_width
+
+        if max_content_width is None and parent is not None:
+            max_content_width = parent.max_content_width
+
+        #: The maximum width of formatted content (None implies a sensible
+        #: default which is 80 for most things).
+        self.max_content_width: t.Optional[int] = max_content_width
+
+        if allow_extra_args is None:
+            allow_extra_args = command.allow_extra_args
+
+        #: Indicates if the context allows extra args or if it should
+        #: fail on parsing.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_extra_args = allow_extra_args
+
+        if allow_interspersed_args is None:
+            allow_interspersed_args = command.allow_interspersed_args
+
+        #: Indicates if the context allows mixing of arguments and
+        #: options or not.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_interspersed_args: bool = allow_interspersed_args
+
+        if ignore_unknown_options is None:
+            ignore_unknown_options = command.ignore_unknown_options
+
+        #: Instructs click to ignore options that a command does not
+        #: understand and will store it on the context for later
+        #: processing.  This is primarily useful for situations where you
+        #: want to call into external programs.  Generally this pattern is
+        #: strongly discouraged because it's not possibly to losslessly
+        #: forward all arguments.
+        #:
+        #: .. versionadded:: 4.0
+        self.ignore_unknown_options: bool = ignore_unknown_options
+
+        if help_option_names is None:
+            if parent is not None:
+                help_option_names = parent.help_option_names
+            else:
+                help_option_names = ["--help"]
+
+        #: The names for the help options.
+        self.help_option_names: t.List[str] = help_option_names
+
+        if token_normalize_func is None and parent is not None:
+            token_normalize_func = parent.token_normalize_func
+
+        #: An optional normalization function for tokens.  This is
+        #: options, choices, commands etc.
+        self.token_normalize_func: t.Optional[
+            t.Callable[[str], str]
+        ] = token_normalize_func
+
+        #: Indicates if resilient parsing is enabled.  In that case Click
+        #: will do its best to not cause any failures and default values
+        #: will be ignored. Useful for completion.
+        self.resilient_parsing: bool = resilient_parsing
+
+        # If there is no envvar prefix yet, but the parent has one and
+        # the command on this level has a name, we can expand the envvar
+        # prefix automatically.
+        if auto_envvar_prefix is None:
+            if (
+                parent is not None
+                and parent.auto_envvar_prefix is not None
+                and self.info_name is not None
+            ):
+                auto_envvar_prefix = (
+                    f"{parent.auto_envvar_prefix}_{self.info_name.upper()}"
+                )
+        else:
+            auto_envvar_prefix = auto_envvar_prefix.upper()
+
+        if auto_envvar_prefix is not None:
+            auto_envvar_prefix = auto_envvar_prefix.replace("-", "_")
+
+        self.auto_envvar_prefix: t.Optional[str] = auto_envvar_prefix
+
+        if color is None and parent is not None:
+            color = parent.color
+
+        #: Controls if styling output is wanted or not.
+        self.color: t.Optional[bool] = color
+
+        if show_default is None and parent is not None:
+            show_default = parent.show_default
+
+        #: Show option default values when formatting help text.
+        self.show_default: t.Optional[bool] = show_default
+
+        self._close_callbacks: t.List[t.Callable[[], t.Any]] = []
+        self._depth = 0
+        self._parameter_source: t.Dict[str, ParameterSource] = {}
+        self._exit_stack = ExitStack()
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire CLI
+        structure.
+
+        .. code-block:: python
+
+            with Context(cli) as ctx:
+                info = ctx.to_info_dict()
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "command": self.command.to_info_dict(self),
+            "info_name": self.info_name,
+            "allow_extra_args": self.allow_extra_args,
+            "allow_interspersed_args": self.allow_interspersed_args,
+            "ignore_unknown_options": self.ignore_unknown_options,
+            "auto_envvar_prefix": self.auto_envvar_prefix,
+        }
+
+    def __enter__(self) -> "Context":
+        self._depth += 1
+        push_context(self)
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self._depth -= 1
+        if self._depth == 0:
+            self.close()
+        pop_context()
+
+    @contextmanager
+    def scope(self, cleanup: bool = True) -> t.Iterator["Context"]:
+        """This helper method can be used with the context object to promote
+        it to the current thread local (see :func:`get_current_context`).
+        The default behavior of this is to invoke the cleanup functions which
+        can be disabled by setting `cleanup` to `False`.  The cleanup
+        functions are typically used for things such as closing file handles.
+
+        If the cleanup is intended the context object can also be directly
+        used as a context manager.
+
+        Example usage::
+
+            with ctx.scope():
+                assert get_current_context() is ctx
+
+        This is equivalent::
+
+            with ctx:
+                assert get_current_context() is ctx
+
+        .. versionadded:: 5.0
+
+        :param cleanup: controls if the cleanup functions should be run or
+                        not.  The default is to run these functions.  In
+                        some situations the context only wants to be
+                        temporarily pushed in which case this can be disabled.
+                        Nested pushes automatically defer the cleanup.
+        """
+        if not cleanup:
+            self._depth += 1
+        try:
+            with self as rv:
+                yield rv
+        finally:
+            if not cleanup:
+                self._depth -= 1
+
+    @property
+    def meta(self) -> t.Dict[str, t.Any]:
+        """This is a dictionary which is shared with all the contexts
+        that are nested.  It exists so that click utilities can store some
+        state here if they need to.  It is however the responsibility of
+        that code to manage this dictionary well.
+
+        The keys are supposed to be unique dotted strings.  For instance
+        module paths are a good choice for it.  What is stored in there is
+        irrelevant for the operation of click.  However what is important is
+        that code that places data here adheres to the general semantics of
+        the system.
+
+        Example usage::
+
+            LANG_KEY = f'{__name__}.lang'
+
+            def set_language(value):
+                ctx = get_current_context()
+                ctx.meta[LANG_KEY] = value
+
+            def get_language():
+                return get_current_context().meta.get(LANG_KEY, 'en_US')
+
+        .. versionadded:: 5.0
+        """
+        return self._meta
+
+    def make_formatter(self) -> HelpFormatter:
+        """Creates the :class:`~click.HelpFormatter` for the help and
+        usage output.
+
+        To quickly customize the formatter class used without overriding
+        this method, set the :attr:`formatter_class` attribute.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`formatter_class` attribute.
+        """
+        return self.formatter_class(
+            width=self.terminal_width, max_width=self.max_content_width
+        )
+
+    def with_resource(self, context_manager: t.ContextManager[V]) -> V:
+        """Register a resource as if it were used in a ``with``
+        statement. The resource will be cleaned up when the context is
+        popped.
+
+        Uses :meth:`contextlib.ExitStack.enter_context`. It calls the
+        resource's ``__enter__()`` method and returns the result. When
+        the context is popped, it closes the stack, which calls the
+        resource's ``__exit__()`` method.
+
+        To register a cleanup function for something that isn't a
+        context manager, use :meth:`call_on_close`. Or use something
+        from :mod:`contextlib` to turn it into a context manager first.
+
+        .. code-block:: python
+
+            @click.group()
+            @click.option("--name")
+            @click.pass_context
+            def cli(ctx):
+                ctx.obj = ctx.with_resource(connect_db(name))
+
+        :param context_manager: The context manager to enter.
+        :return: Whatever ``context_manager.__enter__()`` returns.
+
+        .. versionadded:: 8.0
+        """
+        return self._exit_stack.enter_context(context_manager)
+
+    def call_on_close(self, f: t.Callable[..., t.Any]) -> t.Callable[..., t.Any]:
+        """Register a function to be called when the context tears down.
+
+        This can be used to close resources opened during the script
+        execution. Resources that support Python's context manager
+        protocol which would be used in a ``with`` statement should be
+        registered with :meth:`with_resource` instead.
+
+        :param f: The function to execute on teardown.
+        """
+        return self._exit_stack.callback(f)
+
+    def close(self) -> None:
+        """Invoke all close callbacks registered with
+        :meth:`call_on_close`, and exit all context managers entered
+        with :meth:`with_resource`.
+        """
+        self._exit_stack.close()
+        # In case the context is reused, create a new exit stack.
+        self._exit_stack = ExitStack()
+
+    @property
+    def command_path(self) -> str:
+        """The computed command path.  This is used for the ``usage``
+        information on the help page.  It's automatically created by
+        combining the info names of the chain of contexts to the root.
+        """
+        rv = ""
+        if self.info_name is not None:
+            rv = self.info_name
+        if self.parent is not None:
+            parent_command_path = [self.parent.command_path]
+
+            if isinstance(self.parent.command, Command):
+                for param in self.parent.command.get_params(self):
+                    parent_command_path.extend(param.get_usage_pieces(self))
+
+            rv = f"{' '.join(parent_command_path)} {rv}"
+        return rv.lstrip()
+
+    def find_root(self) -> "Context":
+        """Finds the outermost context."""
+        node = self
+        while node.parent is not None:
+            node = node.parent
+        return node
+
+    def find_object(self, object_type: t.Type[V]) -> t.Optional[V]:
+        """Finds the closest object of a given type."""
+        node: t.Optional["Context"] = self
+
+        while node is not None:
+            if isinstance(node.obj, object_type):
+                return node.obj
+
+            node = node.parent
+
+        return None
+
+    def ensure_object(self, object_type: t.Type[V]) -> V:
+        """Like :meth:`find_object` but sets the innermost object to a
+        new instance of `object_type` if it does not exist.
+        """
+        rv = self.find_object(object_type)
+        if rv is None:
+            self.obj = rv = object_type()
+        return rv
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[False]" = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def lookup_default(self, name: str, call: bool = True) -> t.Optional[t.Any]:
+        """Get the default for a parameter from :attr:`default_map`.
+
+        :param name: Name of the parameter.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        if self.default_map is not None:
+            value = self.default_map.get(name)
+
+            if call and callable(value):
+                return value()
+
+            return value
+
+        return None
+
+    def fail(self, message: str) -> "te.NoReturn":
+        """Aborts the execution of the program with a specific error
+        message.
+
+        :param message: the error message to fail with.
+        """
+        raise UsageError(message, self)
+
+    def abort(self) -> "te.NoReturn":
+        """Aborts the script."""
+        raise Abort()
+
+    def exit(self, code: int = 0) -> "te.NoReturn":
+        """Exits the application with a given exit code."""
+        raise Exit(code)
+
+    def get_usage(self) -> str:
+        """Helper method to get formatted usage string for the current
+        context and command.
+        """
+        return self.command.get_usage(self)
+
+    def get_help(self) -> str:
+        """Helper method to get formatted help page for the current
+        context and command.
+        """
+        return self.command.get_help(self)
+
+    def _make_sub_context(self, command: "Command") -> "Context":
+        """Create a new context of the same type as this context, but
+        for a new command.
+
+        :meta private:
+        """
+        return type(self)(command, info_name=command.name, parent=self)
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "t.Callable[..., V]",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> V:
+        ...
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "Command",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        ...
+
+    def invoke(
+        __self,  # noqa: B902
+        __callback: t.Union["Command", "t.Callable[..., V]"],
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Union[t.Any, V]:
+        """Invokes a command callback in exactly the way it expects.  There
+        are two ways to invoke this method:
+
+        1.  the first argument can be a callback and all other arguments and
+            keyword arguments are forwarded directly to the function.
+        2.  the first argument is a click command object.  In that case all
+            arguments are forwarded as well but proper click parameters
+            (options and click arguments) must be keyword arguments and Click
+            will fill in defaults.
+
+        Note that before Click 3.2 keyword arguments were not properly filled
+        in against the intention of this code and no context was created.  For
+        more information about this change and why it was done in a bugfix
+        release see :ref:`upgrade-to-3.2`.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if :meth:`forward` is called at multiple levels.
+        """
+        if isinstance(__callback, Command):
+            other_cmd = __callback
+
+            if other_cmd.callback is None:
+                raise TypeError(
+                    "The given command does not have a callback that can be invoked."
+                )
+            else:
+                __callback = t.cast("t.Callable[..., V]", other_cmd.callback)
+
+            ctx = __self._make_sub_context(other_cmd)
+
+            for param in other_cmd.params:
+                if param.name not in kwargs and param.expose_value:
+                    kwargs[param.name] = param.type_cast_value(  # type: ignore
+                        ctx, param.get_default(ctx)
+                    )
+
+            # Track all kwargs as params, so that forward() will pass
+            # them on in subsequent calls.
+            ctx.params.update(kwargs)
+        else:
+            ctx = __self
+
+        with augment_usage_errors(__self):
+            with ctx:
+                return __callback(*args, **kwargs)
+
+    def forward(
+        __self, __cmd: "Command", *args: t.Any, **kwargs: t.Any  # noqa: B902
+    ) -> t.Any:
+        """Similar to :meth:`invoke` but fills in default keyword
+        arguments from the current context if the other command expects
+        it.  This cannot invoke callbacks directly, only other commands.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if ``forward`` is called at multiple levels.
+        """
+        # Can only forward to other commands, not direct callbacks.
+        if not isinstance(__cmd, Command):
+            raise TypeError("Callback is not a command.")
+
+        for param in __self.params:
+            if param not in kwargs:
+                kwargs[param] = __self.params[param]
+
+        return __self.invoke(__cmd, *args, **kwargs)
+
+    def set_parameter_source(self, name: str, source: ParameterSource) -> None:
+        """Set the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        :param name: The name of the parameter.
+        :param source: A member of :class:`~click.core.ParameterSource`.
+        """
+        self._parameter_source[name] = source
+
+    def get_parameter_source(self, name: str) -> t.Optional[ParameterSource]:
+        """Get the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        This can be useful for determining when a user specified a value
+        on the command line that is the same as the default value. It
+        will be :attr:`~click.core.ParameterSource.DEFAULT` only if the
+        value was actually taken from the default.
+
+        :param name: The name of the parameter.
+        :rtype: ParameterSource
+
+        .. versionchanged:: 8.0
+            Returns ``None`` if the parameter was not provided from any
+            source.
+        """
+        return self._parameter_source.get(name)
+
+
+class BaseCommand:
+    """The base command implements the minimal API contract of commands.
+    Most code will never use this as it does not implement a lot of useful
+    functionality but it can act as the direct subclass of alternative
+    parsing methods that do not depend on the Click parser.
+
+    For instance, this can be used to bridge Click and other systems like
+    argparse or docopt.
+
+    Because base commands do not implement a lot of the API that other
+    parts of Click take for granted, they are not supported for all
+    operations.  For instance, they cannot be used with the decorators
+    usually and they have no built-in callback system.
+
+    .. versionchanged:: 2.0
+       Added the `context_settings` parameter.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    """
+
+    #: The context class to create with :meth:`make_context`.
+    #:
+    #: .. versionadded:: 8.0
+    context_class: t.Type[Context] = Context
+    #: the default for the :attr:`Context.allow_extra_args` flag.
+    allow_extra_args = False
+    #: the default for the :attr:`Context.allow_interspersed_args` flag.
+    allow_interspersed_args = True
+    #: the default for the :attr:`Context.ignore_unknown_options` flag.
+    ignore_unknown_options = False
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> None:
+        #: the name the command thinks it has.  Upon registering a command
+        #: on a :class:`Group` the group will default the command name
+        #: with this information.  You should instead use the
+        #: :class:`Context`\'s :attr:`~Context.info_name` attribute.
+        self.name = name
+
+        if context_settings is None:
+            context_settings = {}
+
+        #: an optional dictionary with defaults passed to the context.
+        self.context_settings: t.MutableMapping[str, t.Any] = context_settings
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire structure
+        below this command.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        :param ctx: A :class:`Context` representing this command.
+
+        .. versionadded:: 8.0
+        """
+        return {"name": self.name}
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def get_usage(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get usage")
+
+    def get_help(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get help")
+
+    def make_context(
+        self,
+        info_name: t.Optional[str],
+        args: t.List[str],
+        parent: t.Optional[Context] = None,
+        **extra: t.Any,
+    ) -> Context:
+        """This function when given an info name and arguments will kick
+        off the parsing and create a new :class:`Context`.  It does not
+        invoke the actual command callback though.
+
+        To quickly customize the context class used without overriding
+        this method, set the :attr:`context_class` attribute.
+
+        :param info_name: the info name for this invocation.  Generally this
+                          is the most descriptive name for the script or
+                          command.  For the toplevel script it's usually
+                          the name of the script, for commands below it's
+                          the name of the command.
+        :param args: the arguments to parse as list of strings.
+        :param parent: the parent context if available.
+        :param extra: extra keyword arguments forwarded to the context
+                      constructor.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`context_class` attribute.
+        """
+        for key, value in self.context_settings.items():
+            if key not in extra:
+                extra[key] = value
+
+        ctx = self.context_class(
+            self, info_name=info_name, parent=parent, **extra  # type: ignore
+        )
+
+        with ctx.scope(cleanup=False):
+            self.parse_args(ctx, args)
+        return ctx
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        """Given a context and a list of arguments this creates the parser
+        and parses the arguments, then modifies the context as necessary.
+        This is automatically invoked by :meth:`make_context`.
+        """
+        raise NotImplementedError("Base commands do not know how to parse arguments.")
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the command.  The default
+        implementation is raising a not implemented error.
+        """
+        raise NotImplementedError("Base commands are not invocable by default")
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of chained multi-commands.
+
+        Any command could be part of a chained multi-command, so sibling
+        commands are valid at any point during command completion. Other
+        command classes will return more completions.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        while ctx.parent is not None:
+            ctx = ctx.parent
+
+            if isinstance(ctx.command, MultiCommand) and ctx.command.chain:
+                results.extend(
+                    CompletionItem(name, help=command.get_short_help_str())
+                    for name, command in _complete_visible_commands(ctx, incomplete)
+                    if name not in ctx.protected_args
+                )
+
+        return results
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: "te.Literal[True]" = True,
+        **extra: t.Any,
+    ) -> "te.NoReturn":
+        ...
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = ...,
+        **extra: t.Any,
+    ) -> t.Any:
+        ...
+
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = True,
+        windows_expand_args: bool = True,
+        **extra: t.Any,
+    ) -> t.Any:
+        """This is the way to invoke a script with all the bells and
+        whistles as a command line application.  This will always terminate
+        the application after a call.  If this is not wanted, ``SystemExit``
+        needs to be caught.
+
+        This method is also available by directly calling the instance of
+        a :class:`Command`.
+
+        :param args: the arguments that should be used for parsing.  If not
+                     provided, ``sys.argv[1:]`` is used.
+        :param prog_name: the program name that should be used.  By default
+                          the program name is constructed by taking the file
+                          name from ``sys.argv[0]``.
+        :param complete_var: the environment variable that controls the
+                             bash completion support.  The default is
+                             ``"_<prog_name>_COMPLETE"`` with prog_name in
+                             uppercase.
+        :param standalone_mode: the default behavior is to invoke the script
+                                in standalone mode.  Click will then
+                                handle exceptions and convert them into
+                                error messages and the function will never
+                                return but shut down the interpreter.  If
+                                this is set to `False` they will be
+                                propagated to the caller and the return
+                                value of this function is the return value
+                                of :meth:`invoke`.
+        :param windows_expand_args: Expand glob patterns, user dir, and
+            env vars in command line args on Windows.
+        :param extra: extra keyword arguments are forwarded to the context
+                      constructor.  See :class:`Context` for more information.
+
+        .. versionchanged:: 8.0.1
+            Added the ``windows_expand_args`` parameter to allow
+            disabling command line arg expansion on Windows.
+
+        .. versionchanged:: 8.0
+            When taking arguments from ``sys.argv`` on Windows, glob
+            patterns, user dir, and env vars are expanded.
+
+        .. versionchanged:: 3.0
+           Added the ``standalone_mode`` parameter.
+        """
+        if args is None:
+            args = sys.argv[1:]
+
+            if os.name == "nt" and windows_expand_args:
+                args = _expand_args(args)
+        else:
+            args = list(args)
+
+        if prog_name is None:
+            prog_name = _detect_program_name()
+
+        # Process shell completion requests and exit early.
+        self._main_shell_completion(extra, prog_name, complete_var)
+
+        try:
+            try:
+                with self.make_context(prog_name, args, **extra) as ctx:
+                    rv = self.invoke(ctx)
+                    if not standalone_mode:
+                        return rv
+                    # it's not safe to `ctx.exit(rv)` here!
+                    # note that `rv` may actually contain data like "1" which
+                    # has obvious effects
+                    # more subtle case: `rv=[None, None]` can come out of
+                    # chained commands which all returned `None` -- so it's not
+                    # even always obvious that `rv` indicates success/failure
+                    # by its truthiness/falsiness
+                    ctx.exit()
+            except (EOFError, KeyboardInterrupt) as e:
+                echo(file=sys.stderr)
+                raise Abort() from e
+            except ClickException as e:
+                if not standalone_mode:
+                    raise
+                e.show()
+                sys.exit(e.exit_code)
+            except OSError as e:
+                if e.errno == errno.EPIPE:
+                    sys.stdout = t.cast(t.TextIO, PacifyFlushWrapper(sys.stdout))
+                    sys.stderr = t.cast(t.TextIO, PacifyFlushWrapper(sys.stderr))
+                    sys.exit(1)
+                else:
+                    raise
+        except Exit as e:
+            if standalone_mode:
+                sys.exit(e.exit_code)
+            else:
+                # in non-standalone mode, return the exit code
+                # note that this is only reached if `self.invoke` above raises
+                # an Exit explicitly -- thus bypassing the check there which
+                # would return its result
+                # the results of non-standalone execution may therefore be
+                # somewhat ambiguous: if there are codepaths which lead to
+                # `ctx.exit(1)` and to `return 1`, the caller won't be able to
+                # tell the difference between the two
+                return e.exit_code
+        except Abort:
+            if not standalone_mode:
+                raise
+            echo(_("Aborted!"), file=sys.stderr)
+            sys.exit(1)
+
+    def _main_shell_completion(
+        self,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: t.Optional[str] = None,
+    ) -> None:
+        """Check if the shell is asking for tab completion, process
+        that, then exit early. Called from :meth:`main` before the
+        program is invoked.
+
+        :param prog_name: Name of the executable in the shell.
+        :param complete_var: Name of the environment variable that holds
+            the completion instruction. Defaults to
+            ``_{PROG_NAME}_COMPLETE``.
+
+        .. versionchanged:: 8.2.0
+            Dots (``.``) in ``prog_name`` are replaced with underscores (``_``).
+        """
+        if complete_var is None:
+            complete_name = prog_name.replace("-", "_").replace(".", "_")
+            complete_var = f"_{complete_name}_COMPLETE".upper()
+
+        instruction = os.environ.get(complete_var)
+
+        if not instruction:
+            return
+
+        from .shell_completion import shell_complete
+
+        rv = shell_complete(self, ctx_args, prog_name, complete_var, instruction)
+        sys.exit(rv)
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Alias for :meth:`main`."""
+        return self.main(*args, **kwargs)
+
+
+class Command(BaseCommand):
+    """Commands are the basic building block of command line interfaces in
+    Click.  A basic command handles command line parsing and might dispatch
+    more parsing to commands nested below it.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    :param callback: the callback to invoke.  This is optional.
+    :param params: the parameters to register with this command.  This can
+                   be either :class:`Option` or :class:`Argument` objects.
+    :param help: the help string to use for this command.
+    :param epilog: like the help string but it's printed at the end of the
+                   help page after everything else.
+    :param short_help: the short help to use for this command.  This is
+                       shown on the command listing of the parent command.
+    :param add_help_option: by default each command registers a ``--help``
+                            option.  This can be disabled by this parameter.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is disabled by default.
+                            If enabled this will add ``--help`` as argument
+                            if no arguments are passed
+    :param hidden: hide this command from help outputs.
+
+    :param deprecated: issues a message indicating that
+                             the command is deprecated.
+
+    .. versionchanged:: 8.1
+        ``help``, ``epilog``, and ``short_help`` are stored unprocessed,
+        all formatting is done when outputting help text, not at init,
+        and is done even if not using the ``@command`` decorator.
+
+    .. versionchanged:: 8.0
+        Added a ``repr`` showing the command name.
+
+    .. versionchanged:: 7.1
+        Added the ``no_args_is_help`` parameter.
+
+    .. versionchanged:: 2.0
+        Added the ``context_settings`` parameter.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        callback: t.Optional[t.Callable[..., t.Any]] = None,
+        params: t.Optional[t.List["Parameter"]] = None,
+        help: t.Optional[str] = None,
+        epilog: t.Optional[str] = None,
+        short_help: t.Optional[str] = None,
+        options_metavar: t.Optional[str] = "[OPTIONS]",
+        add_help_option: bool = True,
+        no_args_is_help: bool = False,
+        hidden: bool = False,
+        deprecated: bool = False,
+    ) -> None:
+        super().__init__(name, context_settings)
+        #: the callback to execute when the command fires.  This might be
+        #: `None` in which case nothing happens.
+        self.callback = callback
+        #: the list of parameters for this command in the order they
+        #: should show up in the help page and execute.  Eager parameters
+        #: will automatically be handled before non eager ones.
+        self.params: t.List["Parameter"] = params or []
+        self.help = help
+        self.epilog = epilog
+        self.options_metavar = options_metavar
+        self.short_help = short_help
+        self.add_help_option = add_help_option
+        self.no_args_is_help = no_args_is_help
+        self.hidden = hidden
+        self.deprecated = deprecated
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        info_dict.update(
+            params=[param.to_info_dict() for param in self.get_params(ctx)],
+            help=self.help,
+            epilog=self.epilog,
+            short_help=self.short_help,
+            hidden=self.hidden,
+            deprecated=self.deprecated,
+        )
+        return info_dict
+
+    def get_usage(self, ctx: Context) -> str:
+        """Formats the usage line into a string and returns it.
+
+        Calls :meth:`format_usage` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_usage(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_params(self, ctx: Context) -> t.List["Parameter"]:
+        rv = self.params
+        help_option = self.get_help_option(ctx)
+
+        if help_option is not None:
+            rv = [*rv, help_option]
+
+        return rv
+
+    def format_usage(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the usage line into the formatter.
+
+        This is a low-level method called by :meth:`get_usage`.
+        """
+        pieces = self.collect_usage_pieces(ctx)
+        formatter.write_usage(ctx.command_path, " ".join(pieces))
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        """Returns all the pieces that go into the usage line and returns
+        it as a list of strings.
+        """
+        rv = [self.options_metavar] if self.options_metavar else []
+
+        for param in self.get_params(ctx):
+            rv.extend(param.get_usage_pieces(ctx))
+
+        return rv
+
+    def get_help_option_names(self, ctx: Context) -> t.List[str]:
+        """Returns the names for the help option."""
+        all_names = set(ctx.help_option_names)
+        for param in self.params:
+            all_names.difference_update(param.opts)
+            all_names.difference_update(param.secondary_opts)
+        return list(all_names)
+
+    def get_help_option(self, ctx: Context) -> t.Optional["Option"]:
+        """Returns the help option object."""
+        help_options = self.get_help_option_names(ctx)
+
+        if not help_options or not self.add_help_option:
+            return None
+
+        def show_help(ctx: Context, param: "Parameter", value: str) -> None:
+            if value and not ctx.resilient_parsing:
+                echo(ctx.get_help(), color=ctx.color)
+                ctx.exit()
+
+        return Option(
+            help_options,
+            is_flag=True,
+            is_eager=True,
+            expose_value=False,
+            callback=show_help,
+            help=_("Show this message and exit."),
+        )
+
+    def make_parser(self, ctx: Context) -> OptionParser:
+        """Creates the underlying option parser for this command."""
+        parser = OptionParser(ctx)
+        for param in self.get_params(ctx):
+            param.add_to_parser(parser, ctx)
+        return parser
+
+    def get_help(self, ctx: Context) -> str:
+        """Formats the help into a string and returns it.
+
+        Calls :meth:`format_help` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_help(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_short_help_str(self, limit: int = 45) -> str:
+        """Gets short help for the command or makes it by shortening the
+        long help string.
+        """
+        if self.short_help:
+            text = inspect.cleandoc(self.short_help)
+        elif self.help:
+            text = make_default_short_help(self.help, limit)
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        return text.strip()
+
+    def format_help(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help into the formatter if it exists.
+
+        This is a low-level method called by :meth:`get_help`.
+
+        This calls the following methods:
+
+        -   :meth:`format_usage`
+        -   :meth:`format_help_text`
+        -   :meth:`format_options`
+        -   :meth:`format_epilog`
+        """
+        self.format_usage(ctx, formatter)
+        self.format_help_text(ctx, formatter)
+        self.format_options(ctx, formatter)
+        self.format_epilog(ctx, formatter)
+
+    def format_help_text(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help text to the formatter if it exists."""
+        if self.help is not None:
+            # truncate the help text to the first form feed
+            text = inspect.cleandoc(self.help).partition("\f")[0]
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        if text:
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(text)
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes all the options into the formatter if they exist."""
+        opts = []
+        for param in self.get_params(ctx):
+            rv = param.get_help_record(ctx)
+            if rv is not None:
+                opts.append(rv)
+
+        if opts:
+            with formatter.section(_("Options")):
+                formatter.write_dl(opts)
+
+    def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the epilog into the formatter if it exists."""
+        if self.epilog:
+            epilog = inspect.cleandoc(self.epilog)
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(epilog)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        parser = self.make_parser(ctx)
+        opts, args, param_order = parser.parse_args(args=args)
+
+        for param in iter_params_for_processing(param_order, self.get_params(ctx)):
+            value, args = param.handle_parse_result(ctx, opts, args)
+
+        if args and not ctx.allow_extra_args and not ctx.resilient_parsing:
+            ctx.fail(
+                ngettext(
+                    "Got unexpected extra argument ({args})",
+                    "Got unexpected extra arguments ({args})",
+                    len(args),
+                ).format(args=" ".join(map(str, args)))
+            )
+
+        ctx.args = args
+        ctx._opt_prefixes.update(parser._opt_prefixes)
+        return args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the attached callback (if it exists)
+        in the right way.
+        """
+        if self.deprecated:
+            message = _(
+                "DeprecationWarning: The command {name!r} is deprecated."
+            ).format(name=self.name)
+            echo(style(message, fg="red"), err=True)
+
+        if self.callback is not None:
+            return ctx.invoke(self.callback, **ctx.params)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options and chained multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        if incomplete and not incomplete[0].isalnum():
+            for param in self.get_params(ctx):
+                if (
+                    not isinstance(param, Option)
+                    or param.hidden
+                    or (
+                        not param.multiple
+                        and ctx.get_parameter_source(param.name)  # type: ignore
+                        is ParameterSource.COMMANDLINE
+                    )
+                ):
+                    continue
+
+                results.extend(
+                    CompletionItem(name, help=param.help)
+                    for name in [*param.opts, *param.secondary_opts]
+                    if name.startswith(incomplete)
+                )
+
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class MultiCommand(Command):
+    """A multi command is the basic implementation of a command that
+    dispatches to subcommands.  The most common version is the
+    :class:`Group`.
+
+    :param invoke_without_command: this controls how the multi command itself
+                                   is invoked.  By default it's only invoked
+                                   if a subcommand is provided.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is enabled by default if
+                            `invoke_without_command` is disabled or disabled
+                            if it's enabled.  If enabled this will add
+                            ``--help`` as argument if no arguments are
+                            passed.
+    :param subcommand_metavar: the string that is used in the documentation
+                               to indicate the subcommand place.
+    :param chain: if this is set to `True` chaining of multiple subcommands
+                  is enabled.  This restricts the form of commands in that
+                  they cannot have optional arguments but it allows
+                  multiple commands to be chained together.
+    :param result_callback: The result callback to attach to this multi
+        command. This can be set or changed later with the
+        :meth:`result_callback` decorator.
+    :param attrs: Other command arguments described in :class:`Command`.
+    """
+
+    allow_extra_args = True
+    allow_interspersed_args = False
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        invoke_without_command: bool = False,
+        no_args_is_help: t.Optional[bool] = None,
+        subcommand_metavar: t.Optional[str] = None,
+        chain: bool = False,
+        result_callback: t.Optional[t.Callable[..., t.Any]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if no_args_is_help is None:
+            no_args_is_help = not invoke_without_command
+
+        self.no_args_is_help = no_args_is_help
+        self.invoke_without_command = invoke_without_command
+
+        if subcommand_metavar is None:
+            if chain:
+                subcommand_metavar = "COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]..."
+            else:
+                subcommand_metavar = "COMMAND [ARGS]..."
+
+        self.subcommand_metavar = subcommand_metavar
+        self.chain = chain
+        # The result callback that is stored. This can be set or
+        # overridden with the :func:`result_callback` decorator.
+        self._result_callback = result_callback
+
+        if self.chain:
+            for param in self.params:
+                if isinstance(param, Argument) and not param.required:
+                    raise RuntimeError(
+                        "Multi commands in chain mode cannot have"
+                        " optional arguments."
+                    )
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        commands = {}
+
+        for name in self.list_commands(ctx):
+            command = self.get_command(ctx, name)
+
+            if command is None:
+                continue
+
+            sub_ctx = ctx._make_sub_context(command)
+
+            with sub_ctx.scope(cleanup=False):
+                commands[name] = command.to_info_dict(sub_ctx)
+
+        info_dict.update(commands=commands, chain=self.chain)
+        return info_dict
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        rv = super().collect_usage_pieces(ctx)
+        rv.append(self.subcommand_metavar)
+        return rv
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        super().format_options(ctx, formatter)
+        self.format_commands(ctx, formatter)
+
+    def result_callback(self, replace: bool = False) -> t.Callable[[F], F]:
+        """Adds a result callback to the command.  By default if a
+        result callback is already registered this will chain them but
+        this can be disabled with the `replace` parameter.  The result
+        callback is invoked with the return value of the subcommand
+        (or the list of return values from all subcommands if chaining
+        is enabled) as well as the parameters as they would be passed
+        to the main callback.
+
+        Example::
+
+            @click.group()
+            @click.option('-i', '--input', default=23)
+            def cli(input):
+                return 42
+
+            @cli.result_callback()
+            def process_result(result, input):
+                return result + input
+
+        :param replace: if set to `True` an already existing result
+                        callback will be removed.
+
+        .. versionchanged:: 8.0
+            Renamed from ``resultcallback``.
+
+        .. versionadded:: 3.0
+        """
+
+        def decorator(f: F) -> F:
+            old_callback = self._result_callback
+
+            if old_callback is None or replace:
+                self._result_callback = f
+                return f
+
+            def function(__value, *args, **kwargs):  # type: ignore
+                inner = old_callback(__value, *args, **kwargs)
+                return f(inner, *args, **kwargs)
+
+            self._result_callback = rv = update_wrapper(t.cast(F, function), f)
+            return rv
+
+        return decorator
+
+    def format_commands(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Extra format methods for multi methods that adds all the commands
+        after the options.
+        """
+        commands = []
+        for subcommand in self.list_commands(ctx):
+            cmd = self.get_command(ctx, subcommand)
+            # What is this, the tool lied about a command.  Ignore it
+            if cmd is None:
+                continue
+            if cmd.hidden:
+                continue
+
+            commands.append((subcommand, cmd))
+
+        # allow for 3 times the default spacing
+        if len(commands):
+            limit = formatter.width - 6 - max(len(cmd[0]) for cmd in commands)
+
+            rows = []
+            for subcommand, cmd in commands:
+                help = cmd.get_short_help_str(limit)
+                rows.append((subcommand, help))
+
+            if rows:
+                with formatter.section(_("Commands")):
+                    formatter.write_dl(rows)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        rest = super().parse_args(ctx, args)
+
+        if self.chain:
+            ctx.protected_args = rest
+            ctx.args = []
+        elif rest:
+            ctx.protected_args, ctx.args = rest[:1], rest[1:]
+
+        return ctx.args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        def _process_result(value: t.Any) -> t.Any:
+            if self._result_callback is not None:
+                value = ctx.invoke(self._result_callback, value, **ctx.params)
+            return value
+
+        if not ctx.protected_args:
+            if self.invoke_without_command:
+                # No subcommand was invoked, so the result callback is
+                # invoked with the group return value for regular
+                # groups, or an empty list for chained groups.
+                with ctx:
+                    rv = super().invoke(ctx)
+                    return _process_result([] if self.chain else rv)
+            ctx.fail(_("Missing command."))
+
+        # Fetch args back out
+        args = [*ctx.protected_args, *ctx.args]
+        ctx.args = []
+        ctx.protected_args = []
+
+        # If we're not in chain mode, we only allow the invocation of a
+        # single command but we also inform the current context about the
+        # name of the command to invoke.
+        if not self.chain:
+            # Make sure the context is entered so we do not clean up
+            # resources until the result processor has worked.
+            with ctx:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                ctx.invoked_subcommand = cmd_name
+                super().invoke(ctx)
+                sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
+                with sub_ctx:
+                    return _process_result(sub_ctx.command.invoke(sub_ctx))
+
+        # In chain mode we create the contexts step by step, but after the
+        # base command has been invoked.  Because at that point we do not
+        # know the subcommands yet, the invoked subcommand attribute is
+        # set to ``*`` to inform the command that subcommands are executed
+        # but nothing else.
+        with ctx:
+            ctx.invoked_subcommand = "*" if args else None
+            super().invoke(ctx)
+
+            # Otherwise we make every single context and invoke them in a
+            # chain.  In that case the return value to the result processor
+            # is the list of all invoked subcommand's results.
+            contexts = []
+            while args:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                sub_ctx = cmd.make_context(
+                    cmd_name,
+                    args,
+                    parent=ctx,
+                    allow_extra_args=True,
+                    allow_interspersed_args=False,
+                )
+                contexts.append(sub_ctx)
+                args, sub_ctx.args = sub_ctx.args, []
+
+            rv = []
+            for sub_ctx in contexts:
+                with sub_ctx:
+                    rv.append(sub_ctx.command.invoke(sub_ctx))
+            return _process_result(rv)
+
+    def resolve_command(
+        self, ctx: Context, args: t.List[str]
+    ) -> t.Tuple[t.Optional[str], t.Optional[Command], t.List[str]]:
+        cmd_name = make_str(args[0])
+        original_cmd_name = cmd_name
+
+        # Get the command
+        cmd = self.get_command(ctx, cmd_name)
+
+        # If we can't find the command but there is a normalization
+        # function available, we try with that one.
+        if cmd is None and ctx.token_normalize_func is not None:
+            cmd_name = ctx.token_normalize_func(cmd_name)
+            cmd = self.get_command(ctx, cmd_name)
+
+        # If we don't find the command we want to show an error message
+        # to the user that it was not provided.  However, there is
+        # something else we should do: if the first argument looks like
+        # an option we want to kick off parsing again for arguments to
+        # resolve things like --help which now should go to the main
+        # place.
+        if cmd is None and not ctx.resilient_parsing:
+            if split_opt(cmd_name)[0]:
+                self.parse_args(ctx, ctx.args)
+            ctx.fail(_("No such command {name!r}.").format(name=original_cmd_name))
+        return cmd_name if cmd else None, cmd, args[1:]
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        """Given a context and a command name, this returns a
+        :class:`Command` object if it exists or returns `None`.
+        """
+        raise NotImplementedError
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        """Returns a list of subcommand names in the order they should
+        appear.
+        """
+        return []
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options, subcommands, and chained
+        multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results = [
+            CompletionItem(name, help=command.get_short_help_str())
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class Group(MultiCommand):
+    """A group allows a command to have subcommands attached. This is
+    the most common way to implement nesting in Click.
+
+    :param name: The name of the group command.
+    :param commands: A dict mapping names to :class:`Command` objects.
+        Can also be a list of :class:`Command`, which will use
+        :attr:`Command.name` to create the dict.
+    :param attrs: Other command arguments described in
+        :class:`MultiCommand`, :class:`Command`, and
+        :class:`BaseCommand`.
+
+    .. versionchanged:: 8.0
+        The ``commands`` argument can be a list of command objects.
+    """
+
+    #: If set, this is used by the group's :meth:`command` decorator
+    #: as the default :class:`Command` class. This is useful to make all
+    #: subcommands use a custom command class.
+    #:
+    #: .. versionadded:: 8.0
+    command_class: t.Optional[t.Type[Command]] = None
+
+    #: If set, this is used by the group's :meth:`group` decorator
+    #: as the default :class:`Group` class. This is useful to make all
+    #: subgroups use a custom group class.
+    #:
+    #: If set to the special value :class:`type` (literally
+    #: ``group_class = type``), this group's class will be used as the
+    #: default class. This makes a custom group class continue to make
+    #: custom groups.
+    #:
+    #: .. versionadded:: 8.0
+    group_class: t.Optional[t.Union[t.Type["Group"], t.Type[type]]] = None
+    # Literal[type] isn't valid, so use Type[type]
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        commands: t.Optional[
+            t.Union[t.MutableMapping[str, Command], t.Sequence[Command]]
+        ] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if commands is None:
+            commands = {}
+        elif isinstance(commands, abc.Sequence):
+            commands = {c.name: c for c in commands if c.name is not None}
+
+        #: The registered subcommands by their exported names.
+        self.commands: t.MutableMapping[str, Command] = commands
+
+    def add_command(self, cmd: Command, name: t.Optional[str] = None) -> None:
+        """Registers another :class:`Command` with this group.  If the name
+        is not provided, the name of the command is used.
+        """
+        name = name or cmd.name
+        if name is None:
+            raise TypeError("Command has no name.")
+        _check_multicommand(self, name, cmd, register=True)
+        self.commands[name] = cmd
+
+    @t.overload
+    def command(self, __func: t.Callable[..., t.Any]) -> Command:
+        ...
+
+    @t.overload
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], Command]:
+        ...
+
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], Command], Command]:
+        """A shortcut decorator for declaring and attaching a command to
+        the group. This takes the same arguments as :func:`command` and
+        immediately registers the created command with this group by
+        calling :meth:`add_command`.
+
+        To customize the command class used, set the
+        :attr:`command_class` attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`command_class` attribute.
+        """
+        from .decorators import command
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'command(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.command_class and kwargs.get("cls") is None:
+            kwargs["cls"] = self.command_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> Command:
+            cmd: Command = command(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    @t.overload
+    def group(self, __func: t.Callable[..., t.Any]) -> "Group":
+        ...
+
+    @t.overload
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], "Group"]:
+        ...
+
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], "Group"], "Group"]:
+        """A shortcut decorator for declaring and attaching a group to
+        the group. This takes the same arguments as :func:`group` and
+        immediately registers the created group with this group by
+        calling :meth:`add_command`.
+
+        To customize the group class used, set the :attr:`group_class`
+        attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`group_class` attribute.
+        """
+        from .decorators import group
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'group(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.group_class is not None and kwargs.get("cls") is None:
+            if self.group_class is type:
+                kwargs["cls"] = type(self)
+            else:
+                kwargs["cls"] = self.group_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> "Group":
+            cmd: Group = group(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        return self.commands.get(cmd_name)
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        return sorted(self.commands)
+
+
+class CommandCollection(MultiCommand):
+    """A command collection is a multi command that merges multiple multi
+    commands together into one.  This is a straightforward implementation
+    that accepts a list of different multi commands as sources and
+    provides all the commands for each of them.
+
+    See :class:`MultiCommand` and :class:`Command` for the description of
+    ``name`` and ``attrs``.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        sources: t.Optional[t.List[MultiCommand]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+        #: The list of registered multi commands.
+        self.sources: t.List[MultiCommand] = sources or []
+
+    def add_source(self, multi_cmd: MultiCommand) -> None:
+        """Adds a new multi command to the chain dispatcher."""
+        self.sources.append(multi_cmd)
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        for source in self.sources:
+            rv = source.get_command(ctx, cmd_name)
+
+            if rv is not None:
+                if self.chain:
+                    _check_multicommand(self, cmd_name, rv)
+
+                return rv
+
+        return None
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        rv: t.Set[str] = set()
+
+        for source in self.sources:
+            rv.update(source.list_commands(ctx))
+
+        return sorted(rv)
+
+
+def _check_iter(value: t.Any) -> t.Iterator[t.Any]:
+    """Check if the value is iterable but not a string. Raises a type
+    error, or return an iterator over the value.
+    """
+    if isinstance(value, str):
+        raise TypeError
+
+    return iter(value)
+
+
+class Parameter:
+    r"""A parameter to a command comes in two versions: they are either
+    :class:`Option`\s or :class:`Argument`\s.  Other subclasses are currently
+    not supported by design as some of the internals for parsing are
+    intentionally not finalized.
+
+    Some settings are supported by both options and arguments.
+
+    :param param_decls: the parameter declarations for this option or
+                        argument.  This is a list of flags or argument
+                        names.
+    :param type: the type that should be used.  Either a :class:`ParamType`
+                 or a Python type.  The latter is converted into the former
+                 automatically if supported.
+    :param required: controls if this is optional or not.
+    :param default: the default value if omitted.  This can also be a callable,
+                    in which case it's invoked when the default is needed
+                    without any arguments.
+    :param callback: A function to further process or validate the value
+        after type conversion. It is called as ``f(ctx, param, value)``
+        and must return the value. It is called for all sources,
+        including prompts.
+    :param nargs: the number of arguments to match.  If not ``1`` the return
+                  value is a tuple instead of single value.  The default for
+                  nargs is ``1`` (except if the type is a tuple, then it's
+                  the arity of the tuple). If ``nargs=-1``, all remaining
+                  parameters are collected.
+    :param metavar: how the value is represented in the help page.
+    :param expose_value: if this is `True` then the value is passed onwards
+                         to the command callback and stored on the context,
+                         otherwise it's skipped.
+    :param is_eager: eager values are processed before non eager ones.  This
+                     should not be set for arguments or it will inverse the
+                     order of processing.
+    :param envvar: a string or list of strings that are environment variables
+                   that should be checked.
+    :param shell_complete: A function that returns custom shell
+        completions. Used instead of the param's type completion if
+        given. Takes ``ctx, param, incomplete`` and must return a list
+        of :class:`~click.shell_completion.CompletionItem` or a list of
+        strings.
+
+    .. versionchanged:: 8.0
+        ``process_value`` validates required parameters and bounded
+        ``nargs``, and invokes the parameter callback before returning
+        the value. This allows the callback to validate prompts.
+        ``full_process_value`` is removed.
+
+    .. versionchanged:: 8.0
+        ``autocompletion`` is renamed to ``shell_complete`` and has new
+        semantics described above. The old name is deprecated and will
+        be removed in 8.1, until then it will be wrapped to match the
+        new requirements.
+
+    .. versionchanged:: 8.0
+        For ``multiple=True, nargs>1``, the default must be a list of
+        tuples.
+
+    .. versionchanged:: 8.0
+        Setting a default is no longer required for ``nargs>1``, it will
+        default to ``None``. ``multiple=True`` or ``nargs=-1`` will
+        default to ``()``.
+
+    .. versionchanged:: 7.1
+        Empty environment variables are ignored rather than taking the
+        empty string value. This makes it possible for scripts to clear
+        variables if they can't unset them.
+
+    .. versionchanged:: 2.0
+        Changed signature for parameter callback to also be passed the
+        parameter. The old callback format will still work, but it will
+        raise a warning to give you a chance to migrate the code easier.
+    """
+
+    param_type_name = "parameter"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        required: bool = False,
+        default: t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]] = None,
+        callback: t.Optional[t.Callable[[Context, "Parameter", t.Any], t.Any]] = None,
+        nargs: t.Optional[int] = None,
+        multiple: bool = False,
+        metavar: t.Optional[str] = None,
+        expose_value: bool = True,
+        is_eager: bool = False,
+        envvar: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        shell_complete: t.Optional[
+            t.Callable[
+                [Context, "Parameter", str],
+                t.Union[t.List["CompletionItem"], t.List[str]],
+            ]
+        ] = None,
+    ) -> None:
+        self.name: t.Optional[str]
+        self.opts: t.List[str]
+        self.secondary_opts: t.List[str]
+        self.name, self.opts, self.secondary_opts = self._parse_decls(
+            param_decls or (), expose_value
+        )
+        self.type: types.ParamType = types.convert_type(type, default)
+
+        # Default nargs to what the type tells us if we have that
+        # information available.
+        if nargs is None:
+            if self.type.is_composite:
+                nargs = self.type.arity
+            else:
+                nargs = 1
+
+        self.required = required
+        self.callback = callback
+        self.nargs = nargs
+        self.multiple = multiple
+        self.expose_value = expose_value
+        self.default = default
+        self.is_eager = is_eager
+        self.metavar = metavar
+        self.envvar = envvar
+        self._custom_shell_complete = shell_complete
+
+        if __debug__:
+            if self.type.is_composite and nargs != self.type.arity:
+                raise ValueError(
+                    f"'nargs' must be {self.type.arity} (or None) for"
+                    f" type {self.type!r}, but it was {nargs}."
+                )
+
+            # Skip no default or callable default.
+            check_default = default if not callable(default) else None
+
+            if check_default is not None:
+                if multiple:
+                    try:
+                        # Only check the first value against nargs.
+                        check_default = next(_check_iter(check_default), None)
+                    except TypeError:
+                        raise ValueError(
+                            "'default' must be a list when 'multiple' is true."
+                        ) from None
+
+                # Can be None for multiple with empty default.
+                if nargs != 1 and check_default is not None:
+                    try:
+                        _check_iter(check_default)
+                    except TypeError:
+                        if multiple:
+                            message = (
+                                "'default' must be a list of lists when 'multiple' is"
+                                " true and 'nargs' != 1."
+                            )
+                        else:
+                            message = "'default' must be a list when 'nargs' != 1."
+
+                        raise ValueError(message) from None
+
+                    if nargs > 1 and len(check_default) != nargs:
+                        subject = "item length" if multiple else "length"
+                        raise ValueError(
+                            f"'default' {subject} must match nargs={nargs}."
+                        )
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "name": self.name,
+            "param_type_name": self.param_type_name,
+            "opts": self.opts,
+            "secondary_opts": self.secondary_opts,
+            "type": self.type.to_info_dict(),
+            "required": self.required,
+            "nargs": self.nargs,
+            "multiple": self.multiple,
+            "default": self.default,
+            "envvar": self.envvar,
+        }
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        raise NotImplementedError()
+
+    @property
+    def human_readable_name(self) -> str:
+        """Returns the human readable name of this parameter.  This is the
+        same as the name for options, but the metavar for arguments.
+        """
+        return self.name  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+
+        metavar = self.type.get_metavar(self)
+
+        if metavar is None:
+            metavar = self.type.name.upper()
+
+        if self.nargs != 1:
+            metavar += "..."
+
+        return metavar
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        """Get the default for the parameter. Tries
+        :meth:`Context.lookup_default` first, then the local default.
+
+        :param ctx: Current context.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0.2
+            Type casting is no longer performed when getting a default.
+
+        .. versionchanged:: 8.0.1
+            Type casting can fail in resilient parsing mode. Invalid
+            defaults will not prevent showing help text.
+
+        .. versionchanged:: 8.0
+            Looks at ``ctx.default_map`` first.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        value = ctx.lookup_default(self.name, call=False)  # type: ignore
+
+        if value is None:
+            value = self.default
+
+        if call and callable(value):
+            value = value()
+
+        return value
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        raise NotImplementedError()
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value = opts.get(self.name)  # type: ignore
+        source = ParameterSource.COMMANDLINE
+
+        if value is None:
+            value = self.value_from_envvar(ctx)
+            source = ParameterSource.ENVIRONMENT
+
+        if value is None:
+            value = ctx.lookup_default(self.name)  # type: ignore
+            source = ParameterSource.DEFAULT_MAP
+
+        if value is None:
+            value = self.get_default(ctx)
+            source = ParameterSource.DEFAULT
+
+        return value, source
+
+    def type_cast_value(self, ctx: Context, value: t.Any) -> t.Any:
+        """Convert and validate a value against the option's
+        :attr:`type`, :attr:`multiple`, and :attr:`nargs`.
+        """
+        if value is None:
+            return () if self.multiple or self.nargs == -1 else None
+
+        def check_iter(value: t.Any) -> t.Iterator[t.Any]:
+            try:
+                return _check_iter(value)
+            except TypeError:
+                # This should only happen when passing in args manually,
+                # the parser should construct an iterable when parsing
+                # the command line.
+                raise BadParameter(
+                    _("Value must be an iterable."), ctx=ctx, param=self
+                ) from None
+
+        if self.nargs == 1 or self.type.is_composite:
+
+            def convert(value: t.Any) -> t.Any:
+                return self.type(value, param=self, ctx=ctx)
+
+        elif self.nargs == -1:
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                return tuple(self.type(x, self, ctx) for x in check_iter(value))
+
+        else:  # nargs > 1
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                value = tuple(check_iter(value))
+
+                if len(value) != self.nargs:
+                    raise BadParameter(
+                        ngettext(
+                            "Takes {nargs} values but 1 was given.",
+                            "Takes {nargs} values but {len} were given.",
+                            len(value),
+                        ).format(nargs=self.nargs, len=len(value)),
+                        ctx=ctx,
+                        param=self,
+                    )
+
+                return tuple(self.type(x, self, ctx) for x in value)
+
+        if self.multiple:
+            return tuple(convert(x) for x in check_iter(value))
+
+        return convert(value)
+
+    def value_is_missing(self, value: t.Any) -> bool:
+        if value is None:
+            return True
+
+        if (self.nargs != 1 or self.multiple) and value == ():
+            return True
+
+        return False
+
+    def process_value(self, ctx: Context, value: t.Any) -> t.Any:
+        value = self.type_cast_value(ctx, value)
+
+        if self.required and self.value_is_missing(value):
+            raise MissingParameter(ctx=ctx, param=self)
+
+        if self.callback is not None:
+            value = self.callback(ctx, self, value)
+
+        return value
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        if self.envvar is None:
+            return None
+
+        if isinstance(self.envvar, str):
+            rv = os.environ.get(self.envvar)
+
+            if rv:
+                return rv
+        else:
+            for envvar in self.envvar:
+                rv = os.environ.get(envvar)
+
+                if rv:
+                    return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is not None and self.nargs != 1:
+            rv = self.type.split_envvar_value(rv)
+
+        return rv
+
+    def handle_parse_result(
+        self, ctx: Context, opts: t.Mapping[str, t.Any], args: t.List[str]
+    ) -> t.Tuple[t.Any, t.List[str]]:
+        with augment_usage_errors(ctx, param=self):
+            value, source = self.consume_value(ctx, opts)
+            ctx.set_parameter_source(self.name, source)  # type: ignore
+
+            try:
+                value = self.process_value(ctx, value)
+            except Exception:
+                if not ctx.resilient_parsing:
+                    raise
+
+                value = None
+
+        if self.expose_value:
+            ctx.params[self.name] = value  # type: ignore
+
+        return value, args
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        pass
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return []
+
+    def get_error_hint(self, ctx: Context) -> str:
+        """Get a stringified version of the param for use in error messages to
+        indicate which param caused the error.
+        """
+        hint_list = self.opts or [self.human_readable_name]
+        return " / ".join(f"'{x}'" for x in hint_list)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. If a
+        ``shell_complete`` function was given during init, it is used.
+        Otherwise, the :attr:`type`
+        :meth:`~click.types.ParamType.shell_complete` function is used.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        if self._custom_shell_complete is not None:
+            results = self._custom_shell_complete(ctx, self, incomplete)
+
+            if results and isinstance(results[0], str):
+                from click.shell_completion import CompletionItem
+
+                results = [CompletionItem(c) for c in results]
+
+            return t.cast(t.List["CompletionItem"], results)
+
+        return self.type.shell_complete(ctx, self, incomplete)
+
+
+class Option(Parameter):
+    """Options are usually optional values on the command line and
+    have some extra features that arguments don't have.
+
+    All other parameters are passed onwards to the parameter constructor.
+
+    :param show_default: Show the default value for this option in its
+        help text. Values are not shown by default, unless
+        :attr:`Context.show_default` is ``True``. If this value is a
+        string, it shows that string in parentheses instead of the
+        actual value. This is particularly useful for dynamic options.
+        For single option boolean flags, the default remains hidden if
+        its value is ``False``.
+    :param show_envvar: Controls if an environment variable should be
+        shown on the help page. Normally, environment variables are not
+        shown.
+    :param prompt: If set to ``True`` or a non empty string then the
+        user will be prompted for input. If set to ``True`` the prompt
+        will be the option name capitalized.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value if it was prompted for. Can be set to a string instead of
+        ``True`` to customize the message.
+    :param prompt_required: If set to ``False``, the user will be
+        prompted for input only when the option was specified as a flag
+        without a value.
+    :param hide_input: If this is ``True`` then the input on the prompt
+        will be hidden from the user. This is useful for password input.
+    :param is_flag: forces this option to act as a flag.  The default is
+                    auto detection.
+    :param flag_value: which value should be used for this flag if it's
+                       enabled.  This is set to a boolean automatically if
+                       the option string contains a slash to mark two options.
+    :param multiple: if this is set to `True` then the argument is accepted
+                     multiple times and recorded.  This is similar to ``nargs``
+                     in how it works but supports arbitrary number of
+                     arguments.
+    :param count: this flag makes an option increment an integer.
+    :param allow_from_autoenv: if this is enabled then the value of this
+                               parameter will be pulled from an environment
+                               variable in case a prefix is defined on the
+                               context.
+    :param help: the help string.
+    :param hidden: hide this option from help outputs.
+    :param attrs: Other command arguments described in :class:`Parameter`.
+
+    .. versionchanged:: 8.1.0
+        Help text indentation is cleaned here instead of only in the
+        ``@option`` decorator.
+
+    .. versionchanged:: 8.1.0
+        The ``show_default`` parameter overrides
+        ``Context.show_default``.
+
+    .. versionchanged:: 8.1.0
+        The default of a single option boolean flag is not shown if the
+        default value is ``False``.
+
+    .. versionchanged:: 8.0.1
+        ``type`` is detected from ``flag_value`` if given.
+    """
+
+    param_type_name = "option"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        show_default: t.Union[bool, str, None] = None,
+        prompt: t.Union[bool, str] = False,
+        confirmation_prompt: t.Union[bool, str] = False,
+        prompt_required: bool = True,
+        hide_input: bool = False,
+        is_flag: t.Optional[bool] = None,
+        flag_value: t.Optional[t.Any] = None,
+        multiple: bool = False,
+        count: bool = False,
+        allow_from_autoenv: bool = True,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        help: t.Optional[str] = None,
+        hidden: bool = False,
+        show_choices: bool = True,
+        show_envvar: bool = False,
+        **attrs: t.Any,
+    ) -> None:
+        if help:
+            help = inspect.cleandoc(help)
+
+        default_is_missing = "default" not in attrs
+        super().__init__(param_decls, type=type, multiple=multiple, **attrs)
+
+        if prompt is True:
+            if self.name is None:
+                raise TypeError("'name' is required with 'prompt=True'.")
+
+            prompt_text: t.Optional[str] = self.name.replace("_", " ").capitalize()
+        elif prompt is False:
+            prompt_text = None
+        else:
+            prompt_text = prompt
+
+        self.prompt = prompt_text
+        self.confirmation_prompt = confirmation_prompt
+        self.prompt_required = prompt_required
+        self.hide_input = hide_input
+        self.hidden = hidden
+
+        # If prompt is enabled but not required, then the option can be
+        # used as a flag to indicate using prompt or flag_value.
+        self._flag_needs_value = self.prompt is not None and not self.prompt_required
+
+        if is_flag is None:
+            if flag_value is not None:
+                # Implicitly a flag because flag_value was set.
+                is_flag = True
+            elif self._flag_needs_value:
+                # Not a flag, but when used as a flag it shows a prompt.
+                is_flag = False
+            else:
+                # Implicitly a flag because flag options were given.
+                is_flag = bool(self.secondary_opts)
+        elif is_flag is False and not self._flag_needs_value:
+            # Not a flag, and prompt is not enabled, can be used as a
+            # flag if flag_value is set.
+            self._flag_needs_value = flag_value is not None
+
+        self.default: t.Union[t.Any, t.Callable[[], t.Any]]
+
+        if is_flag and default_is_missing and not self.required:
+            if multiple:
+                self.default = ()
+            else:
+                self.default = False
+
+        if flag_value is None:
+            flag_value = not self.default
+
+        self.type: types.ParamType
+        if is_flag and type is None:
+            # Re-guess the type from the flag value instead of the
+            # default.
+            self.type = types.convert_type(None, flag_value)
+
+        self.is_flag: bool = is_flag
+        self.is_bool_flag: bool = is_flag and isinstance(self.type, types.BoolParamType)
+        self.flag_value: t.Any = flag_value
+
+        # Counting
+        self.count = count
+        if count:
+            if type is None:
+                self.type = types.IntRange(min=0)
+            if default_is_missing:
+                self.default = 0
+
+        self.allow_from_autoenv = allow_from_autoenv
+        self.help = help
+        self.show_default = show_default
+        self.show_choices = show_choices
+        self.show_envvar = show_envvar
+
+        if __debug__:
+            if self.nargs == -1:
+                raise TypeError("nargs=-1 is not supported for options.")
+
+            if self.prompt and self.is_flag and not self.is_bool_flag:
+                raise TypeError("'prompt' is not valid for non-boolean flag.")
+
+            if not self.is_bool_flag and self.secondary_opts:
+                raise TypeError("Secondary flag is not valid for non-boolean flag.")
+
+            if self.is_bool_flag and self.hide_input and self.prompt is not None:
+                raise TypeError(
+                    "'prompt' with 'hide_input' is not valid for boolean flag."
+                )
+
+            if self.count:
+                if self.multiple:
+                    raise TypeError("'count' is not valid with 'multiple'.")
+
+                if self.is_flag:
+                    raise TypeError("'count' is not valid with 'is_flag'.")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            help=self.help,
+            prompt=self.prompt,
+            is_flag=self.is_flag,
+            flag_value=self.flag_value,
+            count=self.count,
+            hidden=self.hidden,
+        )
+        return info_dict
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        opts = []
+        secondary_opts = []
+        name = None
+        possible_names = []
+
+        for decl in decls:
+            if decl.isidentifier():
+                if name is not None:
+                    raise TypeError(f"Name '{name}' defined twice")
+                name = decl
+            else:
+                split_char = ";" if decl[:1] == "/" else "/"
+                if split_char in decl:
+                    first, second = decl.split(split_char, 1)
+                    first = first.rstrip()
+                    if first:
+                        possible_names.append(split_opt(first))
+                        opts.append(first)
+                    second = second.lstrip()
+                    if second:
+                        secondary_opts.append(second.lstrip())
+                    if first == second:
+                        raise ValueError(
+                            f"Boolean option {decl!r} cannot use the"
+                            " same flag for true/false."
+                        )
+                else:
+                    possible_names.append(split_opt(decl))
+                    opts.append(decl)
+
+        if name is None and possible_names:
+            possible_names.sort(key=lambda x: -len(x[0]))  # group long options first
+            name = possible_names[0][1].replace("-", "_").lower()
+            if not name.isidentifier():
+                name = None
+
+        if name is None:
+            if not expose_value:
+                return None, opts, secondary_opts
+            raise TypeError("Could not determine name for option")
+
+        if not opts and not secondary_opts:
+            raise TypeError(
+                f"No options defined but a name was passed ({name})."
+                " Did you mean to declare an argument instead? Did"
+                f" you mean to pass '--{name}'?"
+            )
+
+        return name, opts, secondary_opts
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        if self.multiple:
+            action = "append"
+        elif self.count:
+            action = "count"
+        else:
+            action = "store"
+
+        if self.is_flag:
+            action = f"{action}_const"
+
+            if self.is_bool_flag and self.secondary_opts:
+                parser.add_option(
+                    obj=self, opts=self.opts, dest=self.name, action=action, const=True
+                )
+                parser.add_option(
+                    obj=self,
+                    opts=self.secondary_opts,
+                    dest=self.name,
+                    action=action,
+                    const=False,
+                )
+            else:
+                parser.add_option(
+                    obj=self,
+                    opts=self.opts,
+                    dest=self.name,
+                    action=action,
+                    const=self.flag_value,
+                )
+        else:
+            parser.add_option(
+                obj=self,
+                opts=self.opts,
+                dest=self.name,
+                action=action,
+                nargs=self.nargs,
+            )
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        if self.hidden:
+            return None
+
+        any_prefix_is_slash = False
+
+        def _write_opts(opts: t.Sequence[str]) -> str:
+            nonlocal any_prefix_is_slash
+
+            rv, any_slashes = join_options(opts)
+
+            if any_slashes:
+                any_prefix_is_slash = True
+
+            if not self.is_flag and not self.count:
+                rv += f" {self.make_metavar()}"
+
+            return rv
+
+        rv = [_write_opts(self.opts)]
+
+        if self.secondary_opts:
+            rv.append(_write_opts(self.secondary_opts))
+
+        help = self.help or ""
+        extra = []
+
+        if self.show_envvar:
+            envvar = self.envvar
+
+            if envvar is None:
+                if (
+                    self.allow_from_autoenv
+                    and ctx.auto_envvar_prefix is not None
+                    and self.name is not None
+                ):
+                    envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+
+            if envvar is not None:
+                var_str = (
+                    envvar
+                    if isinstance(envvar, str)
+                    else ", ".join(str(d) for d in envvar)
+                )
+                extra.append(_("env var: {var}").format(var=var_str))
+
+        # Temporarily enable resilient parsing to avoid type casting
+        # failing for the default. Might be possible to extend this to
+        # help formatting in general.
+        resilient = ctx.resilient_parsing
+        ctx.resilient_parsing = True
+
+        try:
+            default_value = self.get_default(ctx, call=False)
+        finally:
+            ctx.resilient_parsing = resilient
+
+        show_default = False
+        show_default_is_str = False
+
+        if self.show_default is not None:
+            if isinstance(self.show_default, str):
+                show_default_is_str = show_default = True
+            else:
+                show_default = self.show_default
+        elif ctx.show_default is not None:
+            show_default = ctx.show_default
+
+        if show_default_is_str or (show_default and (default_value is not None)):
+            if show_default_is_str:
+                default_string = f"({self.show_default})"
+            elif isinstance(default_value, (list, tuple)):
+                default_string = ", ".join(str(d) for d in default_value)
+            elif inspect.isfunction(default_value):
+                default_string = _("(dynamic)")
+            elif self.is_bool_flag and self.secondary_opts:
+                # For boolean flags that have distinct True/False opts,
+                # use the opt without prefix instead of the value.
+                default_string = split_opt(
+                    (self.opts if self.default else self.secondary_opts)[0]
+                )[1]
+            elif self.is_bool_flag and not self.secondary_opts and not default_value:
+                default_string = ""
+            else:
+                default_string = str(default_value)
+
+            if default_string:
+                extra.append(_("default: {default}").format(default=default_string))
+
+        if (
+            isinstance(self.type, types._NumberRangeBase)
+            # skip count with default range type
+            and not (self.count and self.type.min == 0 and self.type.max is None)
+        ):
+            range_str = self.type._describe_range()
+
+            if range_str:
+                extra.append(range_str)
+
+        if self.required:
+            extra.append(_("required"))
+
+        if extra:
+            extra_str = "; ".join(extra)
+            help = f"{help}  [{extra_str}]" if help else f"[{extra_str}]"
+
+        return ("; " if any_prefix_is_slash else " / ").join(rv), help
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        # If we're a non boolean flag our default is more complex because
+        # we need to look at all flags in the same group to figure out
+        # if we're the default one in which case we return the flag
+        # value as default.
+        if self.is_flag and not self.is_bool_flag:
+            for param in ctx.command.params:
+                if param.name == self.name and param.default:
+                    return t.cast(Option, param).flag_value
+
+            return None
+
+        return super().get_default(ctx, call=call)
+
+    def prompt_for_value(self, ctx: Context) -> t.Any:
+        """This is an alternative flow that can be activated in the full
+        value processing if a value does not exist.  It will prompt the
+        user until a valid value exists and then returns the processed
+        value as result.
+        """
+        assert self.prompt is not None
+
+        # Calculate the default before prompting anything to be stable.
+        default = self.get_default(ctx)
+
+        # If this is a prompt for a flag we need to handle this
+        # differently.
+        if self.is_bool_flag:
+            return confirm(self.prompt, default)
+
+        return prompt(
+            self.prompt,
+            default=default,
+            type=self.type,
+            hide_input=self.hide_input,
+            show_choices=self.show_choices,
+            confirmation_prompt=self.confirmation_prompt,
+            value_proc=lambda x: self.process_value(ctx, x),
+        )
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        rv = super().resolve_envvar_value(ctx)
+
+        if rv is not None:
+            return rv
+
+        if (
+            self.allow_from_autoenv
+            and ctx.auto_envvar_prefix is not None
+            and self.name is not None
+        ):
+            envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+            rv = os.environ.get(envvar)
+
+            if rv:
+                return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is None:
+            return None
+
+        value_depth = (self.nargs != 1) + bool(self.multiple)
+
+        if value_depth > 0:
+            rv = self.type.split_envvar_value(rv)
+
+            if self.multiple and self.nargs != 1:
+                rv = batch(rv, self.nargs)
+
+        return rv
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, "Parameter"]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value, source = super().consume_value(ctx, opts)
+
+        # The parser will emit a sentinel value if the option can be
+        # given as a flag without a value. This is different from None
+        # to distinguish from the flag not being given at all.
+        if value is _flag_needs_value:
+            if self.prompt is not None and not ctx.resilient_parsing:
+                value = self.prompt_for_value(ctx)
+                source = ParameterSource.PROMPT
+            else:
+                value = self.flag_value
+                source = ParameterSource.COMMANDLINE
+
+        elif (
+            self.multiple
+            and value is not None
+            and any(v is _flag_needs_value for v in value)
+        ):
+            value = [self.flag_value if v is _flag_needs_value else v for v in value]
+            source = ParameterSource.COMMANDLINE
+
+        # The value wasn't set, or used the param's default, prompt if
+        # prompting is enabled.
+        elif (
+            source in {None, ParameterSource.DEFAULT}
+            and self.prompt is not None
+            and (self.required or self.prompt_required)
+            and not ctx.resilient_parsing
+        ):
+            value = self.prompt_for_value(ctx)
+            source = ParameterSource.PROMPT
+
+        return value, source
+
+
+class Argument(Parameter):
+    """Arguments are positional parameters to a command.  They generally
+    provide fewer features than options but can have infinite ``nargs``
+    and are required by default.
+
+    All parameters are passed onwards to the constructor of :class:`Parameter`.
+    """
+
+    param_type_name = "argument"
+
+    def __init__(
+        self,
+        param_decls: t.Sequence[str],
+        required: t.Optional[bool] = None,
+        **attrs: t.Any,
+    ) -> None:
+        if required is None:
+            if attrs.get("default") is not None:
+                required = False
+            else:
+                required = attrs.get("nargs", 1) > 0
+
+        if "multiple" in attrs:
+            raise TypeError("__init__() got an unexpected keyword argument 'multiple'.")
+
+        super().__init__(param_decls, required=required, **attrs)
+
+        if __debug__:
+            if self.default is not None and self.nargs == -1:
+                raise TypeError("'default' is not supported for nargs=-1.")
+
+    @property
+    def human_readable_name(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        return self.name.upper()  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        var = self.type.get_metavar(self)
+        if not var:
+            var = self.name.upper()  # type: ignore
+        if not self.required:
+            var = f"[{var}]"
+        if self.nargs != 1:
+            var += "..."
+        return var
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        if not decls:
+            if not expose_value:
+                return None, [], []
+            raise TypeError("Could not determine name for argument")
+        if len(decls) == 1:
+            name = arg = decls[0]
+            name = name.replace("-", "_").lower()
+        else:
+            raise TypeError(
+                "Arguments take exactly one parameter declaration, got"
+                f" {len(decls)}."
+            )
+        return name, [arg], []
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return [self.make_metavar()]
+
+    def get_error_hint(self, ctx: Context) -> str:
+        return f"'{self.make_metavar()}'"
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        parser.add_argument(dest=self.name, nargs=self.nargs, obj=self)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/decorators.py b/lib/go-jinja2/internal/data/darwin-amd64/click/decorators.py
new file mode 100644
index 000000000..d9bba9502
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/decorators.py
@@ -0,0 +1,561 @@
+import inspect
+import types
+import typing as t
+from functools import update_wrapper
+from gettext import gettext as _
+
+from .core import Argument
+from .core import Command
+from .core import Context
+from .core import Group
+from .core import Option
+from .core import Parameter
+from .globals import get_current_context
+from .utils import echo
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+T = t.TypeVar("T")
+_AnyCallable = t.Callable[..., t.Any]
+FC = t.TypeVar("FC", bound=t.Union[_AnyCallable, Command])
+
+
+def pass_context(f: "t.Callable[te.Concatenate[Context, P], R]") -> "t.Callable[P, R]":
+    """Marks a callback as wanting to receive the current context
+    object as first argument.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context(), *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def pass_obj(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+    """Similar to :func:`pass_context`, but only pass the object on the
+    context onwards (:attr:`Context.obj`).  This is useful if that object
+    represents the state of a nested system.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context().obj, *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def make_pass_decorator(
+    object_type: t.Type[T], ensure: bool = False
+) -> t.Callable[["t.Callable[te.Concatenate[T, P], R]"], "t.Callable[P, R]"]:
+    """Given an object type this creates a decorator that will work
+    similar to :func:`pass_obj` but instead of passing the object of the
+    current context, it will find the innermost context of type
+    :func:`object_type`.
+
+    This generates a decorator that works roughly like this::
+
+        from functools import update_wrapper
+
+        def decorator(f):
+            @pass_context
+            def new_func(ctx, *args, **kwargs):
+                obj = ctx.find_object(object_type)
+                return ctx.invoke(f, obj, *args, **kwargs)
+            return update_wrapper(new_func, f)
+        return decorator
+
+    :param object_type: the type of the object to pass.
+    :param ensure: if set to `True`, a new object will be created and
+                   remembered on the context if it's not there yet.
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[T, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+            ctx = get_current_context()
+
+            obj: t.Optional[T]
+            if ensure:
+                obj = ctx.ensure_object(object_type)
+            else:
+                obj = ctx.find_object(object_type)
+
+            if obj is None:
+                raise RuntimeError(
+                    "Managed to invoke callback without a context"
+                    f" object of type {object_type.__name__!r}"
+                    " existing."
+                )
+
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    return decorator  # type: ignore[return-value]
+
+
+def pass_meta_key(
+    key: str, *, doc_description: t.Optional[str] = None
+) -> "t.Callable[[t.Callable[te.Concatenate[t.Any, P], R]], t.Callable[P, R]]":
+    """Create a decorator that passes a key from
+    :attr:`click.Context.meta` as the first argument to the decorated
+    function.
+
+    :param key: Key in ``Context.meta`` to pass.
+    :param doc_description: Description of the object being passed,
+        inserted into the decorator's docstring. Defaults to "the 'key'
+        key from Context.meta".
+
+    .. versionadded:: 8.0
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> R:
+            ctx = get_current_context()
+            obj = ctx.meta[key]
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    if doc_description is None:
+        doc_description = f"the {key!r} key from :attr:`click.Context.meta`"
+
+    decorator.__doc__ = (
+        f"Decorator that passes {doc_description} as the first argument"
+        " to the decorated function."
+    )
+    return decorator  # type: ignore[return-value]
+
+
+CmdType = t.TypeVar("CmdType", bound=Command)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def command(name: _AnyCallable) -> Command:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @command(namearg, CommandCls, ...) or @command(namearg, cls=CommandCls, ...)
+@t.overload
+def command(
+    name: t.Optional[str],
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @command(cls=CommandCls, ...)
+@t.overload
+def command(
+    name: None = None,
+    *,
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def command(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Command]:
+    ...
+
+
+def command(
+    name: t.Union[t.Optional[str], _AnyCallable] = None,
+    cls: t.Optional[t.Type[CmdType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Command, t.Callable[[_AnyCallable], t.Union[Command, CmdType]]]:
+    r"""Creates a new :class:`Command` and uses the decorated function as
+    callback.  This will also automatically attach all decorated
+    :func:`option`\s and :func:`argument`\s as parameters to the command.
+
+    The name of the command defaults to the name of the function with
+    underscores replaced by dashes.  If you want to change that, you can
+    pass the intended name as the first argument.
+
+    All keyword arguments are forwarded to the underlying command class.
+    For the ``params`` argument, any decorated params are appended to
+    the end of the list.
+
+    Once decorated the function turns into a :class:`Command` instance
+    that can be invoked as a command line utility or be attached to a
+    command :class:`Group`.
+
+    :param name: the name of the command.  This defaults to the function
+                 name with underscores replaced by dashes.
+    :param cls: the command class to instantiate.  This defaults to
+                :class:`Command`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+
+    .. versionchanged:: 8.1
+        The ``params`` argument can be used. Decorated params are
+        appended to the end of the list.
+    """
+
+    func: t.Optional[t.Callable[[_AnyCallable], t.Any]] = None
+
+    if callable(name):
+        func = name
+        name = None
+        assert cls is None, "Use 'command(cls=cls)(callable)' to specify a class."
+        assert not attrs, "Use 'command(**kwargs)(callable)' to provide arguments."
+
+    if cls is None:
+        cls = t.cast(t.Type[CmdType], Command)
+
+    def decorator(f: _AnyCallable) -> CmdType:
+        if isinstance(f, Command):
+            raise TypeError("Attempted to convert a callback into a command twice.")
+
+        attr_params = attrs.pop("params", None)
+        params = attr_params if attr_params is not None else []
+
+        try:
+            decorator_params = f.__click_params__  # type: ignore
+        except AttributeError:
+            pass
+        else:
+            del f.__click_params__  # type: ignore
+            params.extend(reversed(decorator_params))
+
+        if attrs.get("help") is None:
+            attrs["help"] = f.__doc__
+
+        if t.TYPE_CHECKING:
+            assert cls is not None
+            assert not callable(name)
+
+        cmd = cls(
+            name=name or f.__name__.lower().replace("_", "-"),
+            callback=f,
+            params=params,
+            **attrs,
+        )
+        cmd.__doc__ = f.__doc__
+        return cmd
+
+    if func is not None:
+        return decorator(func)
+
+    return decorator
+
+
+GrpType = t.TypeVar("GrpType", bound=Group)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def group(name: _AnyCallable) -> Group:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @group(namearg, GroupCls, ...) or @group(namearg, cls=GroupCls, ...)
+@t.overload
+def group(
+    name: t.Optional[str],
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @group(cmd=GroupCls, ...)
+@t.overload
+def group(
+    name: None = None,
+    *,
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def group(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Group]:
+    ...
+
+
+def group(
+    name: t.Union[str, _AnyCallable, None] = None,
+    cls: t.Optional[t.Type[GrpType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Group, t.Callable[[_AnyCallable], t.Union[Group, GrpType]]]:
+    """Creates a new :class:`Group` with a function as callback.  This
+    works otherwise the same as :func:`command` just that the `cls`
+    parameter is set to :class:`Group`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+    """
+    if cls is None:
+        cls = t.cast(t.Type[GrpType], Group)
+
+    if callable(name):
+        return command(cls=cls, **attrs)(name)
+
+    return command(name, cls, **attrs)
+
+
+def _param_memo(f: t.Callable[..., t.Any], param: Parameter) -> None:
+    if isinstance(f, Command):
+        f.params.append(param)
+    else:
+        if not hasattr(f, "__click_params__"):
+            f.__click_params__ = []  # type: ignore
+
+        f.__click_params__.append(param)  # type: ignore
+
+
+def argument(
+    *param_decls: str, cls: t.Optional[t.Type[Argument]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an argument to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Argument`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Argument` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default argument class, refer to :class:`Argument` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the argument class to instantiate.  This defaults to
+                :class:`Argument`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Argument
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def option(
+    *param_decls: str, cls: t.Optional[t.Type[Option]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an option to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Option`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Option` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default option class, refer to :class:`Option` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the option class to instantiate.  This defaults to
+                :class:`Option`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Option
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def confirmation_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--yes`` option which shows a prompt before continuing if
+    not passed. If the prompt is declined, the program will exit.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--yes"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value:
+            ctx.abort()
+
+    if not param_decls:
+        param_decls = ("--yes",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("callback", callback)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("prompt", "Do you want to continue?")
+    kwargs.setdefault("help", "Confirm the action without prompting.")
+    return option(*param_decls, **kwargs)
+
+
+def password_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--password`` option which prompts for a password, hiding
+    input and asking to enter the value again for confirmation.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--password"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+    if not param_decls:
+        param_decls = ("--password",)
+
+    kwargs.setdefault("prompt", True)
+    kwargs.setdefault("confirmation_prompt", True)
+    kwargs.setdefault("hide_input", True)
+    return option(*param_decls, **kwargs)
+
+
+def version_option(
+    version: t.Optional[str] = None,
+    *param_decls: str,
+    package_name: t.Optional[str] = None,
+    prog_name: t.Optional[str] = None,
+    message: t.Optional[str] = None,
+    **kwargs: t.Any,
+) -> t.Callable[[FC], FC]:
+    """Add a ``--version`` option which immediately prints the version
+    number and exits the program.
+
+    If ``version`` is not provided, Click will try to detect it using
+    :func:`importlib.metadata.version` to get the version for the
+    ``package_name``. On Python < 3.8, the ``importlib_metadata``
+    backport must be installed.
+
+    If ``package_name`` is not provided, Click will try to detect it by
+    inspecting the stack frames. This will be used to detect the
+    version, so it must match the name of the installed package.
+
+    :param version: The version number to show. If not provided, Click
+        will try to detect it.
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--version"``.
+    :param package_name: The package name to detect the version from. If
+        not provided, Click will try to detect it.
+    :param prog_name: The name of the CLI to show in the message. If not
+        provided, it will be detected from the command.
+    :param message: The message to show. The values ``%(prog)s``,
+        ``%(package)s``, and ``%(version)s`` are available. Defaults to
+        ``"%(prog)s, version %(version)s"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    :raise RuntimeError: ``version`` could not be detected.
+
+    .. versionchanged:: 8.0
+        Add the ``package_name`` parameter, and the ``%(package)s``
+        value for messages.
+
+    .. versionchanged:: 8.0
+        Use :mod:`importlib.metadata` instead of ``pkg_resources``. The
+        version is detected based on the package name, not the entry
+        point name. The Python package name must match the installed
+        package name, or be passed with ``package_name=``.
+    """
+    if message is None:
+        message = _("%(prog)s, version %(version)s")
+
+    if version is None and package_name is None:
+        frame = inspect.currentframe()
+        f_back = frame.f_back if frame is not None else None
+        f_globals = f_back.f_globals if f_back is not None else None
+        # break reference cycle
+        # https://docs.python.org/3/library/inspect.html#the-interpreter-stack
+        del frame
+
+        if f_globals is not None:
+            package_name = f_globals.get("__name__")
+
+            if package_name == "__main__":
+                package_name = f_globals.get("__package__")
+
+            if package_name:
+                package_name = package_name.partition(".")[0]
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        nonlocal prog_name
+        nonlocal version
+
+        if prog_name is None:
+            prog_name = ctx.find_root().info_name
+
+        if version is None and package_name is not None:
+            metadata: t.Optional[types.ModuleType]
+
+            try:
+                from importlib import metadata  # type: ignore
+            except ImportError:
+                # Python < 3.8
+                import importlib_metadata as metadata  # type: ignore
+
+            try:
+                version = metadata.version(package_name)  # type: ignore
+            except metadata.PackageNotFoundError:  # type: ignore
+                raise RuntimeError(
+                    f"{package_name!r} is not installed. Try passing"
+                    " 'package_name' instead."
+                ) from None
+
+        if version is None:
+            raise RuntimeError(
+                f"Could not determine the version for {package_name!r} automatically."
+            )
+
+        echo(
+            message % {"prog": prog_name, "package": package_name, "version": version},
+            color=ctx.color,
+        )
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--version",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show the version and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
+
+
+def help_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--help`` option which immediately prints the help page
+    and exits the program.
+
+    This is usually unnecessary, as the ``--help`` option is added to
+    each command automatically unless ``add_help_option=False`` is
+    passed.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--help"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        echo(ctx.get_help(), color=ctx.color)
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--help",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show this message and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/exceptions.py b/lib/go-jinja2/internal/data/darwin-amd64/click/exceptions.py
new file mode 100644
index 000000000..fe68a3613
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/exceptions.py
@@ -0,0 +1,288 @@
+import typing as t
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import get_text_stderr
+from .utils import echo
+from .utils import format_filename
+
+if t.TYPE_CHECKING:
+    from .core import Command
+    from .core import Context
+    from .core import Parameter
+
+
+def _join_param_hints(
+    param_hint: t.Optional[t.Union[t.Sequence[str], str]]
+) -> t.Optional[str]:
+    if param_hint is not None and not isinstance(param_hint, str):
+        return " / ".join(repr(x) for x in param_hint)
+
+    return param_hint
+
+
+class ClickException(Exception):
+    """An exception that Click can handle and show to the user."""
+
+    #: The exit code for this exception.
+    exit_code = 1
+
+    def __init__(self, message: str) -> None:
+        super().__init__(message)
+        self.message = message
+
+    def format_message(self) -> str:
+        return self.message
+
+    def __str__(self) -> str:
+        return self.message
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+
+        echo(_("Error: {message}").format(message=self.format_message()), file=file)
+
+
+class UsageError(ClickException):
+    """An internal exception that signals a usage error.  This typically
+    aborts any further handling.
+
+    :param message: the error message to display.
+    :param ctx: optionally the context that caused this error.  Click will
+                fill in the context automatically in some situations.
+    """
+
+    exit_code = 2
+
+    def __init__(self, message: str, ctx: t.Optional["Context"] = None) -> None:
+        super().__init__(message)
+        self.ctx = ctx
+        self.cmd: t.Optional["Command"] = self.ctx.command if self.ctx else None
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+        color = None
+        hint = ""
+        if (
+            self.ctx is not None
+            and self.ctx.command.get_help_option(self.ctx) is not None
+        ):
+            hint = _("Try '{command} {option}' for help.").format(
+                command=self.ctx.command_path, option=self.ctx.help_option_names[0]
+            )
+            hint = f"{hint}\n"
+        if self.ctx is not None:
+            color = self.ctx.color
+            echo(f"{self.ctx.get_usage()}\n{hint}", file=file, color=color)
+        echo(
+            _("Error: {message}").format(message=self.format_message()),
+            file=file,
+            color=color,
+        )
+
+
+class BadParameter(UsageError):
+    """An exception that formats out a standardized error message for a
+    bad parameter.  This is useful when thrown from a callback or type as
+    Click will attach contextual information to it (for instance, which
+    parameter it is).
+
+    .. versionadded:: 2.0
+
+    :param param: the parameter object that caused this error.  This can
+                  be left out, and Click will attach this info itself
+                  if possible.
+    :param param_hint: a string that shows up as parameter name.  This
+                       can be used as alternative to `param` in cases
+                       where custom validation should happen.  If it is
+                       a string it's used as such, if it's a list then
+                       each item is quoted and separated.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message, ctx)
+        self.param = param
+        self.param_hint = param_hint
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            return _("Invalid value: {message}").format(message=self.message)
+
+        return _("Invalid value for {param_hint}: {message}").format(
+            param_hint=_join_param_hints(param_hint), message=self.message
+        )
+
+
+class MissingParameter(BadParameter):
+    """Raised if click required an option or argument but it was not
+    provided when invoking the script.
+
+    .. versionadded:: 4.0
+
+    :param param_type: a string that indicates the type of the parameter.
+                       The default is to inherit the parameter type from
+                       the given `param`.  Valid values are ``'parameter'``,
+                       ``'option'`` or ``'argument'``.
+    """
+
+    def __init__(
+        self,
+        message: t.Optional[str] = None,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+        param_type: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message or "", ctx, param, param_hint)
+        self.param_type = param_type
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint: t.Optional[str] = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            param_hint = None
+
+        param_hint = _join_param_hints(param_hint)
+        param_hint = f" {param_hint}" if param_hint else ""
+
+        param_type = self.param_type
+        if param_type is None and self.param is not None:
+            param_type = self.param.param_type_name
+
+        msg = self.message
+        if self.param is not None:
+            msg_extra = self.param.type.get_missing_message(self.param)
+            if msg_extra:
+                if msg:
+                    msg += f". {msg_extra}"
+                else:
+                    msg = msg_extra
+
+        msg = f" {msg}" if msg else ""
+
+        # Translate param_type for known types.
+        if param_type == "argument":
+            missing = _("Missing argument")
+        elif param_type == "option":
+            missing = _("Missing option")
+        elif param_type == "parameter":
+            missing = _("Missing parameter")
+        else:
+            missing = _("Missing {param_type}").format(param_type=param_type)
+
+        return f"{missing}{param_hint}.{msg}"
+
+    def __str__(self) -> str:
+        if not self.message:
+            param_name = self.param.name if self.param else None
+            return _("Missing parameter: {param_name}").format(param_name=param_name)
+        else:
+            return self.message
+
+
+class NoSuchOption(UsageError):
+    """Raised if click attempted to handle an option that does not
+    exist.
+
+    .. versionadded:: 4.0
+    """
+
+    def __init__(
+        self,
+        option_name: str,
+        message: t.Optional[str] = None,
+        possibilities: t.Optional[t.Sequence[str]] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> None:
+        if message is None:
+            message = _("No such option: {name}").format(name=option_name)
+
+        super().__init__(message, ctx)
+        self.option_name = option_name
+        self.possibilities = possibilities
+
+    def format_message(self) -> str:
+        if not self.possibilities:
+            return self.message
+
+        possibility_str = ", ".join(sorted(self.possibilities))
+        suggest = ngettext(
+            "Did you mean {possibility}?",
+            "(Possible options: {possibilities})",
+            len(self.possibilities),
+        ).format(possibility=possibility_str, possibilities=possibility_str)
+        return f"{self.message} {suggest}"
+
+
+class BadOptionUsage(UsageError):
+    """Raised if an option is generally supplied but the use of the option
+    was incorrect.  This is for instance raised if the number of arguments
+    for an option is not correct.
+
+    .. versionadded:: 4.0
+
+    :param option_name: the name of the option being used incorrectly.
+    """
+
+    def __init__(
+        self, option_name: str, message: str, ctx: t.Optional["Context"] = None
+    ) -> None:
+        super().__init__(message, ctx)
+        self.option_name = option_name
+
+
+class BadArgumentUsage(UsageError):
+    """Raised if an argument is generally supplied but the use of the argument
+    was incorrect.  This is for instance raised if the number of values
+    for an argument is not correct.
+
+    .. versionadded:: 6.0
+    """
+
+
+class FileError(ClickException):
+    """Raised if a file cannot be opened."""
+
+    def __init__(self, filename: str, hint: t.Optional[str] = None) -> None:
+        if hint is None:
+            hint = _("unknown error")
+
+        super().__init__(hint)
+        self.ui_filename: str = format_filename(filename)
+        self.filename = filename
+
+    def format_message(self) -> str:
+        return _("Could not open file {filename!r}: {message}").format(
+            filename=self.ui_filename, message=self.message
+        )
+
+
+class Abort(RuntimeError):
+    """An internal signalling exception that signals Click to abort."""
+
+
+class Exit(RuntimeError):
+    """An exception that indicates that the application should exit with some
+    status code.
+
+    :param code: the status code to exit with.
+    """
+
+    __slots__ = ("exit_code",)
+
+    def __init__(self, code: int = 0) -> None:
+        self.exit_code: int = code
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/formatting.py b/lib/go-jinja2/internal/data/darwin-amd64/click/formatting.py
new file mode 100644
index 000000000..ddd2a2f82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/formatting.py
@@ -0,0 +1,301 @@
+import typing as t
+from contextlib import contextmanager
+from gettext import gettext as _
+
+from ._compat import term_len
+from .parser import split_opt
+
+# Can force a width.  This is used by the test system
+FORCED_WIDTH: t.Optional[int] = None
+
+
+def measure_table(rows: t.Iterable[t.Tuple[str, str]]) -> t.Tuple[int, ...]:
+    widths: t.Dict[int, int] = {}
+
+    for row in rows:
+        for idx, col in enumerate(row):
+            widths[idx] = max(widths.get(idx, 0), term_len(col))
+
+    return tuple(y for x, y in sorted(widths.items()))
+
+
+def iter_rows(
+    rows: t.Iterable[t.Tuple[str, str]], col_count: int
+) -> t.Iterator[t.Tuple[str, ...]]:
+    for row in rows:
+        yield row + ("",) * (col_count - len(row))
+
+
+def wrap_text(
+    text: str,
+    width: int = 78,
+    initial_indent: str = "",
+    subsequent_indent: str = "",
+    preserve_paragraphs: bool = False,
+) -> str:
+    """A helper function that intelligently wraps text.  By default, it
+    assumes that it operates on a single paragraph of text but if the
+    `preserve_paragraphs` parameter is provided it will intelligently
+    handle paragraphs (defined by two empty lines).
+
+    If paragraphs are handled, a paragraph can be prefixed with an empty
+    line containing the ``\\b`` character (``\\x08``) to indicate that
+    no rewrapping should happen in that block.
+
+    :param text: the text that should be rewrapped.
+    :param width: the maximum width for the text.
+    :param initial_indent: the initial indent that should be placed on the
+                           first line as a string.
+    :param subsequent_indent: the indent string that should be placed on
+                              each consecutive line.
+    :param preserve_paragraphs: if this flag is set then the wrapping will
+                                intelligently handle paragraphs.
+    """
+    from ._textwrap import TextWrapper
+
+    text = text.expandtabs()
+    wrapper = TextWrapper(
+        width,
+        initial_indent=initial_indent,
+        subsequent_indent=subsequent_indent,
+        replace_whitespace=False,
+    )
+    if not preserve_paragraphs:
+        return wrapper.fill(text)
+
+    p: t.List[t.Tuple[int, bool, str]] = []
+    buf: t.List[str] = []
+    indent = None
+
+    def _flush_par() -> None:
+        if not buf:
+            return
+        if buf[0].strip() == "\b":
+            p.append((indent or 0, True, "\n".join(buf[1:])))
+        else:
+            p.append((indent or 0, False, " ".join(buf)))
+        del buf[:]
+
+    for line in text.splitlines():
+        if not line:
+            _flush_par()
+            indent = None
+        else:
+            if indent is None:
+                orig_len = term_len(line)
+                line = line.lstrip()
+                indent = orig_len - term_len(line)
+            buf.append(line)
+    _flush_par()
+
+    rv = []
+    for indent, raw, text in p:
+        with wrapper.extra_indent(" " * indent):
+            if raw:
+                rv.append(wrapper.indent_only(text))
+            else:
+                rv.append(wrapper.fill(text))
+
+    return "\n\n".join(rv)
+
+
+class HelpFormatter:
+    """This class helps with formatting text-based help pages.  It's
+    usually just needed for very special internal cases, but it's also
+    exposed so that developers can write their own fancy outputs.
+
+    At present, it always writes into memory.
+
+    :param indent_increment: the additional increment for each level.
+    :param width: the width for the text.  This defaults to the terminal
+                  width clamped to a maximum of 78.
+    """
+
+    def __init__(
+        self,
+        indent_increment: int = 2,
+        width: t.Optional[int] = None,
+        max_width: t.Optional[int] = None,
+    ) -> None:
+        import shutil
+
+        self.indent_increment = indent_increment
+        if max_width is None:
+            max_width = 80
+        if width is None:
+            width = FORCED_WIDTH
+            if width is None:
+                width = max(min(shutil.get_terminal_size().columns, max_width) - 2, 50)
+        self.width = width
+        self.current_indent = 0
+        self.buffer: t.List[str] = []
+
+    def write(self, string: str) -> None:
+        """Writes a unicode string into the internal buffer."""
+        self.buffer.append(string)
+
+    def indent(self) -> None:
+        """Increases the indentation."""
+        self.current_indent += self.indent_increment
+
+    def dedent(self) -> None:
+        """Decreases the indentation."""
+        self.current_indent -= self.indent_increment
+
+    def write_usage(
+        self, prog: str, args: str = "", prefix: t.Optional[str] = None
+    ) -> None:
+        """Writes a usage line into the buffer.
+
+        :param prog: the program name.
+        :param args: whitespace separated list of arguments.
+        :param prefix: The prefix for the first line. Defaults to
+            ``"Usage: "``.
+        """
+        if prefix is None:
+            prefix = f"{_('Usage:')} "
+
+        usage_prefix = f"{prefix:>{self.current_indent}}{prog} "
+        text_width = self.width - self.current_indent
+
+        if text_width >= (term_len(usage_prefix) + 20):
+            # The arguments will fit to the right of the prefix.
+            indent = " " * term_len(usage_prefix)
+            self.write(
+                wrap_text(
+                    args,
+                    text_width,
+                    initial_indent=usage_prefix,
+                    subsequent_indent=indent,
+                )
+            )
+        else:
+            # The prefix is too long, put the arguments on the next line.
+            self.write(usage_prefix)
+            self.write("\n")
+            indent = " " * (max(self.current_indent, term_len(prefix)) + 4)
+            self.write(
+                wrap_text(
+                    args, text_width, initial_indent=indent, subsequent_indent=indent
+                )
+            )
+
+        self.write("\n")
+
+    def write_heading(self, heading: str) -> None:
+        """Writes a heading into the buffer."""
+        self.write(f"{'':>{self.current_indent}}{heading}:\n")
+
+    def write_paragraph(self) -> None:
+        """Writes a paragraph into the buffer."""
+        if self.buffer:
+            self.write("\n")
+
+    def write_text(self, text: str) -> None:
+        """Writes re-indented text into the buffer.  This rewraps and
+        preserves paragraphs.
+        """
+        indent = " " * self.current_indent
+        self.write(
+            wrap_text(
+                text,
+                self.width,
+                initial_indent=indent,
+                subsequent_indent=indent,
+                preserve_paragraphs=True,
+            )
+        )
+        self.write("\n")
+
+    def write_dl(
+        self,
+        rows: t.Sequence[t.Tuple[str, str]],
+        col_max: int = 30,
+        col_spacing: int = 2,
+    ) -> None:
+        """Writes a definition list into the buffer.  This is how options
+        and commands are usually formatted.
+
+        :param rows: a list of two item tuples for the terms and values.
+        :param col_max: the maximum width of the first column.
+        :param col_spacing: the number of spaces between the first and
+                            second column.
+        """
+        rows = list(rows)
+        widths = measure_table(rows)
+        if len(widths) != 2:
+            raise TypeError("Expected two columns for definition list")
+
+        first_col = min(widths[0], col_max) + col_spacing
+
+        for first, second in iter_rows(rows, len(widths)):
+            self.write(f"{'':>{self.current_indent}}{first}")
+            if not second:
+                self.write("\n")
+                continue
+            if term_len(first) <= first_col - col_spacing:
+                self.write(" " * (first_col - term_len(first)))
+            else:
+                self.write("\n")
+                self.write(" " * (first_col + self.current_indent))
+
+            text_width = max(self.width - first_col - 2, 10)
+            wrapped_text = wrap_text(second, text_width, preserve_paragraphs=True)
+            lines = wrapped_text.splitlines()
+
+            if lines:
+                self.write(f"{lines[0]}\n")
+
+                for line in lines[1:]:
+                    self.write(f"{'':>{first_col + self.current_indent}}{line}\n")
+            else:
+                self.write("\n")
+
+    @contextmanager
+    def section(self, name: str) -> t.Iterator[None]:
+        """Helpful context manager that writes a paragraph, a heading,
+        and the indents.
+
+        :param name: the section name that is written as heading.
+        """
+        self.write_paragraph()
+        self.write_heading(name)
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    @contextmanager
+    def indentation(self) -> t.Iterator[None]:
+        """A context manager that increases the indentation."""
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    def getvalue(self) -> str:
+        """Returns the buffer contents."""
+        return "".join(self.buffer)
+
+
+def join_options(options: t.Sequence[str]) -> t.Tuple[str, bool]:
+    """Given a list of option strings this joins them in the most appropriate
+    way and returns them in the form ``(formatted_string,
+    any_prefix_is_slash)`` where the second item in the tuple is a flag that
+    indicates if any of the option prefixes was a slash.
+    """
+    rv = []
+    any_prefix_is_slash = False
+
+    for opt in options:
+        prefix = split_opt(opt)[0]
+
+        if prefix == "/":
+            any_prefix_is_slash = True
+
+        rv.append((len(prefix), opt))
+
+    rv.sort(key=lambda x: x[0])
+    return ", ".join(x[1] for x in rv), any_prefix_is_slash
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/globals.py b/lib/go-jinja2/internal/data/darwin-amd64/click/globals.py
new file mode 100644
index 000000000..480058f10
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/globals.py
@@ -0,0 +1,68 @@
+import typing as t
+from threading import local
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+
+_local = local()
+
+
+@t.overload
+def get_current_context(silent: "te.Literal[False]" = False) -> "Context":
+    ...
+
+
+@t.overload
+def get_current_context(silent: bool = ...) -> t.Optional["Context"]:
+    ...
+
+
+def get_current_context(silent: bool = False) -> t.Optional["Context"]:
+    """Returns the current click context.  This can be used as a way to
+    access the current context object from anywhere.  This is a more implicit
+    alternative to the :func:`pass_context` decorator.  This function is
+    primarily useful for helpers such as :func:`echo` which might be
+    interested in changing its behavior based on the current context.
+
+    To push the current context, :meth:`Context.scope` can be used.
+
+    .. versionadded:: 5.0
+
+    :param silent: if set to `True` the return value is `None` if no context
+                   is available.  The default behavior is to raise a
+                   :exc:`RuntimeError`.
+    """
+    try:
+        return t.cast("Context", _local.stack[-1])
+    except (AttributeError, IndexError) as e:
+        if not silent:
+            raise RuntimeError("There is no active click context.") from e
+
+    return None
+
+
+def push_context(ctx: "Context") -> None:
+    """Pushes a new context to the current stack."""
+    _local.__dict__.setdefault("stack", []).append(ctx)
+
+
+def pop_context() -> None:
+    """Removes the top level from the stack."""
+    _local.stack.pop()
+
+
+def resolve_color_default(color: t.Optional[bool] = None) -> t.Optional[bool]:
+    """Internal helper to get the default value of the color flag.  If a
+    value is passed it's returned unchanged, otherwise it's looked up from
+    the current context.
+    """
+    if color is not None:
+        return color
+
+    ctx = get_current_context(silent=True)
+
+    if ctx is not None:
+        return ctx.color
+
+    return None
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/click/parser.py
new file mode 100644
index 000000000..5fa7adfac
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/parser.py
@@ -0,0 +1,529 @@
+"""
+This module started out as largely a copy paste from the stdlib's
+optparse module with the features removed that we do not need from
+optparse because we implement them in Click on a higher level (for
+instance type handling, help formatting and a lot more).
+
+The plan is to remove more and more from here over time.
+
+The reason this is a different module and not optparse from the stdlib
+is that there are differences in 2.x and 3.x about the error messages
+generated and optparse in the stdlib uses gettext for no good reason
+and might cause us issues.
+
+Click uses parts of optparse written by Gregory P. Ward and maintained
+by the Python Software Foundation. This is limited to code in parser.py.
+
+Copyright 2001-2006 Gregory P. Ward. All rights reserved.
+Copyright 2002-2006 Python Software Foundation. All rights reserved.
+"""
+# This code uses parts of optparse written by Gregory P. Ward and
+# maintained by the Python Software Foundation.
+# Copyright 2001-2006 Gregory P. Ward
+# Copyright 2002-2006 Python Software Foundation
+import typing as t
+from collections import deque
+from gettext import gettext as _
+from gettext import ngettext
+
+from .exceptions import BadArgumentUsage
+from .exceptions import BadOptionUsage
+from .exceptions import NoSuchOption
+from .exceptions import UsageError
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Argument as CoreArgument
+    from .core import Context
+    from .core import Option as CoreOption
+    from .core import Parameter as CoreParameter
+
+V = t.TypeVar("V")
+
+# Sentinel value that indicates an option was passed as a flag without a
+# value but is not a flag option. Option.consume_value uses this to
+# prompt or use the flag_value.
+_flag_needs_value = object()
+
+
+def _unpack_args(
+    args: t.Sequence[str], nargs_spec: t.Sequence[int]
+) -> t.Tuple[t.Sequence[t.Union[str, t.Sequence[t.Optional[str]], None]], t.List[str]]:
+    """Given an iterable of arguments and an iterable of nargs specifications,
+    it returns a tuple with all the unpacked arguments at the first index
+    and all remaining arguments as the second.
+
+    The nargs specification is the number of arguments that should be consumed
+    or `-1` to indicate that this position should eat up all the remainders.
+
+    Missing items are filled with `None`.
+    """
+    args = deque(args)
+    nargs_spec = deque(nargs_spec)
+    rv: t.List[t.Union[str, t.Tuple[t.Optional[str], ...], None]] = []
+    spos: t.Optional[int] = None
+
+    def _fetch(c: "te.Deque[V]") -> t.Optional[V]:
+        try:
+            if spos is None:
+                return c.popleft()
+            else:
+                return c.pop()
+        except IndexError:
+            return None
+
+    while nargs_spec:
+        nargs = _fetch(nargs_spec)
+
+        if nargs is None:
+            continue
+
+        if nargs == 1:
+            rv.append(_fetch(args))
+        elif nargs > 1:
+            x = [_fetch(args) for _ in range(nargs)]
+
+            # If we're reversed, we're pulling in the arguments in reverse,
+            # so we need to turn them around.
+            if spos is not None:
+                x.reverse()
+
+            rv.append(tuple(x))
+        elif nargs < 0:
+            if spos is not None:
+                raise TypeError("Cannot have two nargs < 0")
+
+            spos = len(rv)
+            rv.append(None)
+
+    # spos is the position of the wildcard (star).  If it's not `None`,
+    # we fill it with the remainder.
+    if spos is not None:
+        rv[spos] = tuple(args)
+        args = []
+        rv[spos + 1 :] = reversed(rv[spos + 1 :])
+
+    return tuple(rv), list(args)
+
+
+def split_opt(opt: str) -> t.Tuple[str, str]:
+    first = opt[:1]
+    if first.isalnum():
+        return "", opt
+    if opt[1:2] == first:
+        return opt[:2], opt[2:]
+    return first, opt[1:]
+
+
+def normalize_opt(opt: str, ctx: t.Optional["Context"]) -> str:
+    if ctx is None or ctx.token_normalize_func is None:
+        return opt
+    prefix, opt = split_opt(opt)
+    return f"{prefix}{ctx.token_normalize_func(opt)}"
+
+
+def split_arg_string(string: str) -> t.List[str]:
+    """Split an argument string as with :func:`shlex.split`, but don't
+    fail if the string is incomplete. Ignores a missing closing quote or
+    incomplete escape sequence and uses the partial token as-is.
+
+    .. code-block:: python
+
+        split_arg_string("example 'my file")
+        ["example", "my file"]
+
+        split_arg_string("example my\\")
+        ["example", "my"]
+
+    :param string: String to split.
+    """
+    import shlex
+
+    lex = shlex.shlex(string, posix=True)
+    lex.whitespace_split = True
+    lex.commenters = ""
+    out = []
+
+    try:
+        for token in lex:
+            out.append(token)
+    except ValueError:
+        # Raised when end-of-string is reached in an invalid state. Use
+        # the partial token as-is. The quote or escape character is in
+        # lex.state, not lex.token.
+        out.append(lex.token)
+
+    return out
+
+
+class Option:
+    def __init__(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ):
+        self._short_opts = []
+        self._long_opts = []
+        self.prefixes: t.Set[str] = set()
+
+        for opt in opts:
+            prefix, value = split_opt(opt)
+            if not prefix:
+                raise ValueError(f"Invalid start character for option ({opt})")
+            self.prefixes.add(prefix[0])
+            if len(prefix) == 1 and len(value) == 1:
+                self._short_opts.append(opt)
+            else:
+                self._long_opts.append(opt)
+                self.prefixes.add(prefix)
+
+        if action is None:
+            action = "store"
+
+        self.dest = dest
+        self.action = action
+        self.nargs = nargs
+        self.const = const
+        self.obj = obj
+
+    @property
+    def takes_value(self) -> bool:
+        return self.action in ("store", "append")
+
+    def process(self, value: t.Any, state: "ParsingState") -> None:
+        if self.action == "store":
+            state.opts[self.dest] = value  # type: ignore
+        elif self.action == "store_const":
+            state.opts[self.dest] = self.const  # type: ignore
+        elif self.action == "append":
+            state.opts.setdefault(self.dest, []).append(value)  # type: ignore
+        elif self.action == "append_const":
+            state.opts.setdefault(self.dest, []).append(self.const)  # type: ignore
+        elif self.action == "count":
+            state.opts[self.dest] = state.opts.get(self.dest, 0) + 1  # type: ignore
+        else:
+            raise ValueError(f"unknown action '{self.action}'")
+        state.order.append(self.obj)
+
+
+class Argument:
+    def __init__(self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1):
+        self.dest = dest
+        self.nargs = nargs
+        self.obj = obj
+
+    def process(
+        self,
+        value: t.Union[t.Optional[str], t.Sequence[t.Optional[str]]],
+        state: "ParsingState",
+    ) -> None:
+        if self.nargs > 1:
+            assert value is not None
+            holes = sum(1 for x in value if x is None)
+            if holes == len(value):
+                value = None
+            elif holes != 0:
+                raise BadArgumentUsage(
+                    _("Argument {name!r} takes {nargs} values.").format(
+                        name=self.dest, nargs=self.nargs
+                    )
+                )
+
+        if self.nargs == -1 and self.obj.envvar is not None and value == ():
+            # Replace empty tuple with None so that a value from the
+            # environment may be tried.
+            value = None
+
+        state.opts[self.dest] = value  # type: ignore
+        state.order.append(self.obj)
+
+
+class ParsingState:
+    def __init__(self, rargs: t.List[str]) -> None:
+        self.opts: t.Dict[str, t.Any] = {}
+        self.largs: t.List[str] = []
+        self.rargs = rargs
+        self.order: t.List["CoreParameter"] = []
+
+
+class OptionParser:
+    """The option parser is an internal class that is ultimately used to
+    parse options and arguments.  It's modelled after optparse and brings
+    a similar but vastly simplified API.  It should generally not be used
+    directly as the high level Click classes wrap it for you.
+
+    It's not nearly as extensible as optparse or argparse as it does not
+    implement features that are implemented on a higher level (such as
+    types or defaults).
+
+    :param ctx: optionally the :class:`~click.Context` where this parser
+                should go with.
+    """
+
+    def __init__(self, ctx: t.Optional["Context"] = None) -> None:
+        #: The :class:`~click.Context` for this parser.  This might be
+        #: `None` for some advanced use cases.
+        self.ctx = ctx
+        #: This controls how the parser deals with interspersed arguments.
+        #: If this is set to `False`, the parser will stop on the first
+        #: non-option.  Click uses this to implement nested subcommands
+        #: safely.
+        self.allow_interspersed_args: bool = True
+        #: This tells the parser how to deal with unknown options.  By
+        #: default it will error out (which is sensible), but there is a
+        #: second mode where it will ignore it and continue processing
+        #: after shifting all the unknown options into the resulting args.
+        self.ignore_unknown_options: bool = False
+
+        if ctx is not None:
+            self.allow_interspersed_args = ctx.allow_interspersed_args
+            self.ignore_unknown_options = ctx.ignore_unknown_options
+
+        self._short_opt: t.Dict[str, Option] = {}
+        self._long_opt: t.Dict[str, Option] = {}
+        self._opt_prefixes = {"-", "--"}
+        self._args: t.List[Argument] = []
+
+    def add_option(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ) -> None:
+        """Adds a new option named `dest` to the parser.  The destination
+        is not inferred (unlike with optparse) and needs to be explicitly
+        provided.  Action can be any of ``store``, ``store_const``,
+        ``append``, ``append_const`` or ``count``.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        opts = [normalize_opt(opt, self.ctx) for opt in opts]
+        option = Option(obj, opts, dest, action=action, nargs=nargs, const=const)
+        self._opt_prefixes.update(option.prefixes)
+        for opt in option._short_opts:
+            self._short_opt[opt] = option
+        for opt in option._long_opts:
+            self._long_opt[opt] = option
+
+    def add_argument(
+        self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1
+    ) -> None:
+        """Adds a positional argument named `dest` to the parser.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        self._args.append(Argument(obj, dest=dest, nargs=nargs))
+
+    def parse_args(
+        self, args: t.List[str]
+    ) -> t.Tuple[t.Dict[str, t.Any], t.List[str], t.List["CoreParameter"]]:
+        """Parses positional arguments and returns ``(values, args, order)``
+        for the parsed options and arguments as well as the leftover
+        arguments if there are any.  The order is a list of objects as they
+        appear on the command line.  If arguments appear multiple times they
+        will be memorized multiple times as well.
+        """
+        state = ParsingState(args)
+        try:
+            self._process_args_for_options(state)
+            self._process_args_for_args(state)
+        except UsageError:
+            if self.ctx is None or not self.ctx.resilient_parsing:
+                raise
+        return state.opts, state.largs, state.order
+
+    def _process_args_for_args(self, state: ParsingState) -> None:
+        pargs, args = _unpack_args(
+            state.largs + state.rargs, [x.nargs for x in self._args]
+        )
+
+        for idx, arg in enumerate(self._args):
+            arg.process(pargs[idx], state)
+
+        state.largs = args
+        state.rargs = []
+
+    def _process_args_for_options(self, state: ParsingState) -> None:
+        while state.rargs:
+            arg = state.rargs.pop(0)
+            arglen = len(arg)
+            # Double dashes always handled explicitly regardless of what
+            # prefixes are valid.
+            if arg == "--":
+                return
+            elif arg[:1] in self._opt_prefixes and arglen > 1:
+                self._process_opts(arg, state)
+            elif self.allow_interspersed_args:
+                state.largs.append(arg)
+            else:
+                state.rargs.insert(0, arg)
+                return
+
+        # Say this is the original argument list:
+        # [arg0, arg1, ..., arg(i-1), arg(i), arg(i+1), ..., arg(N-1)]
+        #                            ^
+        # (we are about to process arg(i)).
+        #
+        # Then rargs is [arg(i), ..., arg(N-1)] and largs is a *subset* of
+        # [arg0, ..., arg(i-1)] (any options and their arguments will have
+        # been removed from largs).
+        #
+        # The while loop will usually consume 1 or more arguments per pass.
+        # If it consumes 1 (eg. arg is an option that takes no arguments),
+        # then after _process_arg() is done the situation is:
+        #
+        #   largs = subset of [arg0, ..., arg(i)]
+        #   rargs = [arg(i+1), ..., arg(N-1)]
+        #
+        # If allow_interspersed_args is false, largs will always be
+        # *empty* -- still a subset of [arg0, ..., arg(i-1)], but
+        # not a very interesting subset!
+
+    def _match_long_opt(
+        self, opt: str, explicit_value: t.Optional[str], state: ParsingState
+    ) -> None:
+        if opt not in self._long_opt:
+            from difflib import get_close_matches
+
+            possibilities = get_close_matches(opt, self._long_opt)
+            raise NoSuchOption(opt, possibilities=possibilities, ctx=self.ctx)
+
+        option = self._long_opt[opt]
+        if option.takes_value:
+            # At this point it's safe to modify rargs by injecting the
+            # explicit value, because no exception is raised in this
+            # branch.  This means that the inserted value will be fully
+            # consumed.
+            if explicit_value is not None:
+                state.rargs.insert(0, explicit_value)
+
+            value = self._get_value_from_state(opt, option, state)
+
+        elif explicit_value is not None:
+            raise BadOptionUsage(
+                opt, _("Option {name!r} does not take a value.").format(name=opt)
+            )
+
+        else:
+            value = None
+
+        option.process(value, state)
+
+    def _match_short_opt(self, arg: str, state: ParsingState) -> None:
+        stop = False
+        i = 1
+        prefix = arg[0]
+        unknown_options = []
+
+        for ch in arg[1:]:
+            opt = normalize_opt(f"{prefix}{ch}", self.ctx)
+            option = self._short_opt.get(opt)
+            i += 1
+
+            if not option:
+                if self.ignore_unknown_options:
+                    unknown_options.append(ch)
+                    continue
+                raise NoSuchOption(opt, ctx=self.ctx)
+            if option.takes_value:
+                # Any characters left in arg?  Pretend they're the
+                # next arg, and stop consuming characters of arg.
+                if i < len(arg):
+                    state.rargs.insert(0, arg[i:])
+                    stop = True
+
+                value = self._get_value_from_state(opt, option, state)
+
+            else:
+                value = None
+
+            option.process(value, state)
+
+            if stop:
+                break
+
+        # If we got any unknown options we recombine the string of the
+        # remaining options and re-attach the prefix, then report that
+        # to the state as new larg.  This way there is basic combinatorics
+        # that can be achieved while still ignoring unknown arguments.
+        if self.ignore_unknown_options and unknown_options:
+            state.largs.append(f"{prefix}{''.join(unknown_options)}")
+
+    def _get_value_from_state(
+        self, option_name: str, option: Option, state: ParsingState
+    ) -> t.Any:
+        nargs = option.nargs
+
+        if len(state.rargs) < nargs:
+            if option.obj._flag_needs_value:
+                # Option allows omitting the value.
+                value = _flag_needs_value
+            else:
+                raise BadOptionUsage(
+                    option_name,
+                    ngettext(
+                        "Option {name!r} requires an argument.",
+                        "Option {name!r} requires {nargs} arguments.",
+                        nargs,
+                    ).format(name=option_name, nargs=nargs),
+                )
+        elif nargs == 1:
+            next_rarg = state.rargs[0]
+
+            if (
+                option.obj._flag_needs_value
+                and isinstance(next_rarg, str)
+                and next_rarg[:1] in self._opt_prefixes
+                and len(next_rarg) > 1
+            ):
+                # The next arg looks like the start of an option, don't
+                # use it as the value if omitting the value is allowed.
+                value = _flag_needs_value
+            else:
+                value = state.rargs.pop(0)
+        else:
+            value = tuple(state.rargs[:nargs])
+            del state.rargs[:nargs]
+
+        return value
+
+    def _process_opts(self, arg: str, state: ParsingState) -> None:
+        explicit_value = None
+        # Long option handling happens in two parts.  The first part is
+        # supporting explicitly attached values.  In any case, we will try
+        # to long match the option first.
+        if "=" in arg:
+            long_opt, explicit_value = arg.split("=", 1)
+        else:
+            long_opt = arg
+        norm_long_opt = normalize_opt(long_opt, self.ctx)
+
+        # At this point we will match the (assumed) long option through
+        # the long option matching code.  Note that this allows options
+        # like "-foo" to be matched as long options.
+        try:
+            self._match_long_opt(norm_long_opt, explicit_value, state)
+        except NoSuchOption:
+            # At this point the long option matching failed, and we need
+            # to try with short options.  However there is a special rule
+            # which says, that if we have a two character options prefix
+            # (applies to "--foo" for instance), we do not dispatch to the
+            # short option code and will instead raise the no option
+            # error.
+            if arg[:2] not in self._opt_prefixes:
+                self._match_short_opt(arg, state)
+                return
+
+            if not self.ignore_unknown_options:
+                raise
+
+            state.largs.append(arg)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/py.typed b/lib/go-jinja2/internal/data/darwin-amd64/click/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/shell_completion.py b/lib/go-jinja2/internal/data/darwin-amd64/click/shell_completion.py
new file mode 100644
index 000000000..dc9e00b9b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/shell_completion.py
@@ -0,0 +1,596 @@
+import os
+import re
+import typing as t
+from gettext import gettext as _
+
+from .core import Argument
+from .core import BaseCommand
+from .core import Context
+from .core import MultiCommand
+from .core import Option
+from .core import Parameter
+from .core import ParameterSource
+from .parser import split_arg_string
+from .utils import echo
+
+
+def shell_complete(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    complete_var: str,
+    instruction: str,
+) -> int:
+    """Perform shell completion for the given CLI program.
+
+    :param cli: Command being called.
+    :param ctx_args: Extra arguments to pass to
+        ``cli.make_context``.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+    :param instruction: Value of ``complete_var`` with the completion
+        instruction and shell, in the form ``instruction_shell``.
+    :return: Status code to exit with.
+    """
+    shell, _, instruction = instruction.partition("_")
+    comp_cls = get_completion_class(shell)
+
+    if comp_cls is None:
+        return 1
+
+    comp = comp_cls(cli, ctx_args, prog_name, complete_var)
+
+    if instruction == "source":
+        echo(comp.source())
+        return 0
+
+    if instruction == "complete":
+        echo(comp.complete())
+        return 0
+
+    return 1
+
+
+class CompletionItem:
+    """Represents a completion value and metadata about the value. The
+    default metadata is ``type`` to indicate special shell handling,
+    and ``help`` if a shell supports showing a help string next to the
+    value.
+
+    Arbitrary parameters can be passed when creating the object, and
+    accessed using ``item.attr``. If an attribute wasn't passed,
+    accessing it returns ``None``.
+
+    :param value: The completion suggestion.
+    :param type: Tells the shell script to provide special completion
+        support for the type. Click uses ``"dir"`` and ``"file"``.
+    :param help: String shown next to the value if supported.
+    :param kwargs: Arbitrary metadata. The built-in implementations
+        don't use this, but custom type completions paired with custom
+        shell support could use it.
+    """
+
+    __slots__ = ("value", "type", "help", "_info")
+
+    def __init__(
+        self,
+        value: t.Any,
+        type: str = "plain",
+        help: t.Optional[str] = None,
+        **kwargs: t.Any,
+    ) -> None:
+        self.value: t.Any = value
+        self.type: str = type
+        self.help: t.Optional[str] = help
+        self._info = kwargs
+
+    def __getattr__(self, name: str) -> t.Any:
+        return self._info.get(name)
+
+
+# Only Bash >= 4.4 has the nosort option.
+_SOURCE_BASH = """\
+%(complete_func)s() {
+    local IFS=$'\\n'
+    local response
+
+    response=$(env COMP_WORDS="${COMP_WORDS[*]}" COMP_CWORD=$COMP_CWORD \
+%(complete_var)s=bash_complete $1)
+
+    for completion in $response; do
+        IFS=',' read type value <<< "$completion"
+
+        if [[ $type == 'dir' ]]; then
+            COMPREPLY=()
+            compopt -o dirnames
+        elif [[ $type == 'file' ]]; then
+            COMPREPLY=()
+            compopt -o default
+        elif [[ $type == 'plain' ]]; then
+            COMPREPLY+=($value)
+        fi
+    done
+
+    return 0
+}
+
+%(complete_func)s_setup() {
+    complete -o nosort -F %(complete_func)s %(prog_name)s
+}
+
+%(complete_func)s_setup;
+"""
+
+_SOURCE_ZSH = """\
+#compdef %(prog_name)s
+
+%(complete_func)s() {
+    local -a completions
+    local -a completions_with_descriptions
+    local -a response
+    (( ! $+commands[%(prog_name)s] )) && return 1
+
+    response=("${(@f)$(env COMP_WORDS="${words[*]}" COMP_CWORD=$((CURRENT-1)) \
+%(complete_var)s=zsh_complete %(prog_name)s)}")
+
+    for type key descr in ${response}; do
+        if [[ "$type" == "plain" ]]; then
+            if [[ "$descr" == "_" ]]; then
+                completions+=("$key")
+            else
+                completions_with_descriptions+=("$key":"$descr")
+            fi
+        elif [[ "$type" == "dir" ]]; then
+            _path_files -/
+        elif [[ "$type" == "file" ]]; then
+            _path_files -f
+        fi
+    done
+
+    if [ -n "$completions_with_descriptions" ]; then
+        _describe -V unsorted completions_with_descriptions -U
+    fi
+
+    if [ -n "$completions" ]; then
+        compadd -U -V unsorted -a completions
+    fi
+}
+
+if [[ $zsh_eval_context[-1] == loadautofunc ]]; then
+    # autoload from fpath, call function directly
+    %(complete_func)s "$@"
+else
+    # eval/source/. command, register function for later
+    compdef %(complete_func)s %(prog_name)s
+fi
+"""
+
+_SOURCE_FISH = """\
+function %(complete_func)s;
+    set -l response (env %(complete_var)s=fish_complete COMP_WORDS=(commandline -cp) \
+COMP_CWORD=(commandline -t) %(prog_name)s);
+
+    for completion in $response;
+        set -l metadata (string split "," $completion);
+
+        if test $metadata[1] = "dir";
+            __fish_complete_directories $metadata[2];
+        else if test $metadata[1] = "file";
+            __fish_complete_path $metadata[2];
+        else if test $metadata[1] = "plain";
+            echo $metadata[2];
+        end;
+    end;
+end;
+
+complete --no-files --command %(prog_name)s --arguments \
+"(%(complete_func)s)";
+"""
+
+
+class ShellComplete:
+    """Base class for providing shell completion support. A subclass for
+    a given shell will override attributes and methods to implement the
+    completion instructions (``source`` and ``complete``).
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+
+    .. versionadded:: 8.0
+    """
+
+    name: t.ClassVar[str]
+    """Name to register the shell as with :func:`add_completion_class`.
+    This is used in completion instructions (``{name}_source`` and
+    ``{name}_complete``).
+    """
+
+    source_template: t.ClassVar[str]
+    """Completion script template formatted by :meth:`source`. This must
+    be provided by subclasses.
+    """
+
+    def __init__(
+        self,
+        cli: BaseCommand,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: str,
+    ) -> None:
+        self.cli = cli
+        self.ctx_args = ctx_args
+        self.prog_name = prog_name
+        self.complete_var = complete_var
+
+    @property
+    def func_name(self) -> str:
+        """The name of the shell function defined by the completion
+        script.
+        """
+        safe_name = re.sub(r"\W*", "", self.prog_name.replace("-", "_"), flags=re.ASCII)
+        return f"_{safe_name}_completion"
+
+    def source_vars(self) -> t.Dict[str, t.Any]:
+        """Vars for formatting :attr:`source_template`.
+
+        By default this provides ``complete_func``, ``complete_var``,
+        and ``prog_name``.
+        """
+        return {
+            "complete_func": self.func_name,
+            "complete_var": self.complete_var,
+            "prog_name": self.prog_name,
+        }
+
+    def source(self) -> str:
+        """Produce the shell script that defines the completion
+        function. By default this ``%``-style formats
+        :attr:`source_template` with the dict returned by
+        :meth:`source_vars`.
+        """
+        return self.source_template % self.source_vars()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        """Use the env vars defined by the shell script to return a
+        tuple of ``args, incomplete``. This must be implemented by
+        subclasses.
+        """
+        raise NotImplementedError
+
+    def get_completions(
+        self, args: t.List[str], incomplete: str
+    ) -> t.List[CompletionItem]:
+        """Determine the context and last complete command or parameter
+        from the complete args. Call that object's ``shell_complete``
+        method to get the completions for the incomplete value.
+
+        :param args: List of complete args before the incomplete value.
+        :param incomplete: Value being completed. May be empty.
+        """
+        ctx = _resolve_context(self.cli, self.ctx_args, self.prog_name, args)
+        obj, incomplete = _resolve_incomplete(ctx, args, incomplete)
+        return obj.shell_complete(ctx, incomplete)
+
+    def format_completion(self, item: CompletionItem) -> str:
+        """Format a completion item into the form recognized by the
+        shell script. This must be implemented by subclasses.
+
+        :param item: Completion item to format.
+        """
+        raise NotImplementedError
+
+    def complete(self) -> str:
+        """Produce the completion data to send back to the shell.
+
+        By default this calls :meth:`get_completion_args`, gets the
+        completions, then calls :meth:`format_completion` for each
+        completion.
+        """
+        args, incomplete = self.get_completion_args()
+        completions = self.get_completions(args, incomplete)
+        out = [self.format_completion(item) for item in completions]
+        return "\n".join(out)
+
+
+class BashComplete(ShellComplete):
+    """Shell completion for Bash."""
+
+    name = "bash"
+    source_template = _SOURCE_BASH
+
+    @staticmethod
+    def _check_version() -> None:
+        import subprocess
+
+        output = subprocess.run(
+            ["bash", "-c", 'echo "${BASH_VERSION}"'], stdout=subprocess.PIPE
+        )
+        match = re.search(r"^(\d+)\.(\d+)\.\d+", output.stdout.decode())
+
+        if match is not None:
+            major, minor = match.groups()
+
+            if major < "4" or major == "4" and minor < "4":
+                echo(
+                    _(
+                        "Shell completion is not supported for Bash"
+                        " versions older than 4.4."
+                    ),
+                    err=True,
+                )
+        else:
+            echo(
+                _("Couldn't detect Bash version, shell completion is not supported."),
+                err=True,
+            )
+
+    def source(self) -> str:
+        self._check_version()
+        return super().source()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type},{item.value}"
+
+
+class ZshComplete(ShellComplete):
+    """Shell completion for Zsh."""
+
+    name = "zsh"
+    source_template = _SOURCE_ZSH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type}\n{item.value}\n{item.help if item.help else '_'}"
+
+
+class FishComplete(ShellComplete):
+    """Shell completion for Fish."""
+
+    name = "fish"
+    source_template = _SOURCE_FISH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        incomplete = os.environ["COMP_CWORD"]
+        args = cwords[1:]
+
+        # Fish stores the partial word in both COMP_WORDS and
+        # COMP_CWORD, remove it from complete args.
+        if incomplete and args and args[-1] == incomplete:
+            args.pop()
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        if item.help:
+            return f"{item.type},{item.value}\t{item.help}"
+
+        return f"{item.type},{item.value}"
+
+
+ShellCompleteType = t.TypeVar("ShellCompleteType", bound=t.Type[ShellComplete])
+
+
+_available_shells: t.Dict[str, t.Type[ShellComplete]] = {
+    "bash": BashComplete,
+    "fish": FishComplete,
+    "zsh": ZshComplete,
+}
+
+
+def add_completion_class(
+    cls: ShellCompleteType, name: t.Optional[str] = None
+) -> ShellCompleteType:
+    """Register a :class:`ShellComplete` subclass under the given name.
+    The name will be provided by the completion instruction environment
+    variable during completion.
+
+    :param cls: The completion class that will handle completion for the
+        shell.
+    :param name: Name to register the class under. Defaults to the
+        class's ``name`` attribute.
+    """
+    if name is None:
+        name = cls.name
+
+    _available_shells[name] = cls
+
+    return cls
+
+
+def get_completion_class(shell: str) -> t.Optional[t.Type[ShellComplete]]:
+    """Look up a registered :class:`ShellComplete` subclass by the name
+    provided by the completion instruction environment variable. If the
+    name isn't registered, returns ``None``.
+
+    :param shell: Name the class is registered under.
+    """
+    return _available_shells.get(shell)
+
+
+def _is_incomplete_argument(ctx: Context, param: Parameter) -> bool:
+    """Determine if the given parameter is an argument that can still
+    accept values.
+
+    :param ctx: Invocation context for the command represented by the
+        parsed complete args.
+    :param param: Argument object being checked.
+    """
+    if not isinstance(param, Argument):
+        return False
+
+    assert param.name is not None
+    # Will be None if expose_value is False.
+    value = ctx.params.get(param.name)
+    return (
+        param.nargs == -1
+        or ctx.get_parameter_source(param.name) is not ParameterSource.COMMANDLINE
+        or (
+            param.nargs > 1
+            and isinstance(value, (tuple, list))
+            and len(value) < param.nargs
+        )
+    )
+
+
+def _start_of_option(ctx: Context, value: str) -> bool:
+    """Check if the value looks like the start of an option."""
+    if not value:
+        return False
+
+    c = value[0]
+    return c in ctx._opt_prefixes
+
+
+def _is_incomplete_option(ctx: Context, args: t.List[str], param: Parameter) -> bool:
+    """Determine if the given parameter is an option that needs a value.
+
+    :param args: List of complete args before the incomplete value.
+    :param param: Option object being checked.
+    """
+    if not isinstance(param, Option):
+        return False
+
+    if param.is_flag or param.count:
+        return False
+
+    last_option = None
+
+    for index, arg in enumerate(reversed(args)):
+        if index + 1 > param.nargs:
+            break
+
+        if _start_of_option(ctx, arg):
+            last_option = arg
+
+    return last_option is not None and last_option in param.opts
+
+
+def _resolve_context(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    args: t.List[str],
+) -> Context:
+    """Produce the context hierarchy starting with the command and
+    traversing the complete arguments. This only follows the commands,
+    it doesn't trigger input prompts or callbacks.
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param args: List of complete args before the incomplete value.
+    """
+    ctx_args["resilient_parsing"] = True
+    ctx = cli.make_context(prog_name, args.copy(), **ctx_args)
+    args = ctx.protected_args + ctx.args
+
+    while args:
+        command = ctx.command
+
+        if isinstance(command, MultiCommand):
+            if not command.chain:
+                name, cmd, args = command.resolve_command(ctx, args)
+
+                if cmd is None:
+                    return ctx
+
+                ctx = cmd.make_context(name, args, parent=ctx, resilient_parsing=True)
+                args = ctx.protected_args + ctx.args
+            else:
+                sub_ctx = ctx
+
+                while args:
+                    name, cmd, args = command.resolve_command(ctx, args)
+
+                    if cmd is None:
+                        return ctx
+
+                    sub_ctx = cmd.make_context(
+                        name,
+                        args,
+                        parent=ctx,
+                        allow_extra_args=True,
+                        allow_interspersed_args=False,
+                        resilient_parsing=True,
+                    )
+                    args = sub_ctx.args
+
+                ctx = sub_ctx
+                args = [*sub_ctx.protected_args, *sub_ctx.args]
+        else:
+            break
+
+    return ctx
+
+
+def _resolve_incomplete(
+    ctx: Context, args: t.List[str], incomplete: str
+) -> t.Tuple[t.Union[BaseCommand, Parameter], str]:
+    """Find the Click object that will handle the completion of the
+    incomplete value. Return the object and the incomplete value.
+
+    :param ctx: Invocation context for the command represented by
+        the parsed complete args.
+    :param args: List of complete args before the incomplete value.
+    :param incomplete: Value being completed. May be empty.
+    """
+    # Different shells treat an "=" between a long option name and
+    # value differently. Might keep the value joined, return the "="
+    # as a separate item, or return the split name and value. Always
+    # split and discard the "=" to make completion easier.
+    if incomplete == "=":
+        incomplete = ""
+    elif "=" in incomplete and _start_of_option(ctx, incomplete):
+        name, _, incomplete = incomplete.partition("=")
+        args.append(name)
+
+    # The "--" marker tells Click to stop treating values as options
+    # even if they start with the option character. If it hasn't been
+    # given and the incomplete arg looks like an option, the current
+    # command will provide option name completions.
+    if "--" not in args and _start_of_option(ctx, incomplete):
+        return ctx.command, incomplete
+
+    params = ctx.command.get_params(ctx)
+
+    # If the last complete arg is an option name with an incomplete
+    # value, the option will provide value completions.
+    for param in params:
+        if _is_incomplete_option(ctx, args, param):
+            return param, incomplete
+
+    # It's not an option name or value. The first argument without a
+    # parsed value will provide value completions.
+    for param in params:
+        if _is_incomplete_argument(ctx, param):
+            return param, incomplete
+
+    # There were no unparsed arguments, the command may be a group that
+    # will provide command name completions.
+    return ctx.command, incomplete
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/termui.py b/lib/go-jinja2/internal/data/darwin-amd64/click/termui.py
new file mode 100644
index 000000000..db7a4b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/termui.py
@@ -0,0 +1,784 @@
+import inspect
+import io
+import itertools
+import sys
+import typing as t
+from gettext import gettext as _
+
+from ._compat import isatty
+from ._compat import strip_ansi
+from .exceptions import Abort
+from .exceptions import UsageError
+from .globals import resolve_color_default
+from .types import Choice
+from .types import convert_type
+from .types import ParamType
+from .utils import echo
+from .utils import LazyFile
+
+if t.TYPE_CHECKING:
+    from ._termui_impl import ProgressBar
+
+V = t.TypeVar("V")
+
+# The prompt functions to use.  The doc tools currently override these
+# functions to customize how they work.
+visible_prompt_func: t.Callable[[str], str] = input
+
+_ansi_colors = {
+    "black": 30,
+    "red": 31,
+    "green": 32,
+    "yellow": 33,
+    "blue": 34,
+    "magenta": 35,
+    "cyan": 36,
+    "white": 37,
+    "reset": 39,
+    "bright_black": 90,
+    "bright_red": 91,
+    "bright_green": 92,
+    "bright_yellow": 93,
+    "bright_blue": 94,
+    "bright_magenta": 95,
+    "bright_cyan": 96,
+    "bright_white": 97,
+}
+_ansi_reset_all = "\033[0m"
+
+
+def hidden_prompt_func(prompt: str) -> str:
+    import getpass
+
+    return getpass.getpass(prompt)
+
+
+def _build_prompt(
+    text: str,
+    suffix: str,
+    show_default: bool = False,
+    default: t.Optional[t.Any] = None,
+    show_choices: bool = True,
+    type: t.Optional[ParamType] = None,
+) -> str:
+    prompt = text
+    if type is not None and show_choices and isinstance(type, Choice):
+        prompt += f" ({', '.join(map(str, type.choices))})"
+    if default is not None and show_default:
+        prompt = f"{prompt} [{_format_default(default)}]"
+    return f"{prompt}{suffix}"
+
+
+def _format_default(default: t.Any) -> t.Any:
+    if isinstance(default, (io.IOBase, LazyFile)) and hasattr(default, "name"):
+        return default.name
+
+    return default
+
+
+def prompt(
+    text: str,
+    default: t.Optional[t.Any] = None,
+    hide_input: bool = False,
+    confirmation_prompt: t.Union[bool, str] = False,
+    type: t.Optional[t.Union[ParamType, t.Any]] = None,
+    value_proc: t.Optional[t.Callable[[str], t.Any]] = None,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+    show_choices: bool = True,
+) -> t.Any:
+    """Prompts a user for input.  This is a convenience function that can
+    be used to prompt a user for input later.
+
+    If the user aborts the input by sending an interrupt signal, this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the text to show for the prompt.
+    :param default: the default value to use if no input happens.  If this
+                    is not given it will prompt until it's aborted.
+    :param hide_input: if this is set to true then the input value will
+                       be hidden.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value. Can be set to a string instead of ``True`` to customize
+        the message.
+    :param type: the type to use to check the value against.
+    :param value_proc: if this parameter is provided it's a function that
+                       is invoked instead of the type conversion to
+                       convert a value.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    :param show_choices: Show or hide choices if the passed type is a Choice.
+                         For example if type is a Choice of either day or week,
+                         show_choices is true and text is "Group by" then the
+                         prompt will be "Group by (day, week): ".
+
+    .. versionadded:: 8.0
+        ``confirmation_prompt`` can be a custom string.
+
+    .. versionadded:: 7.0
+        Added the ``show_choices`` parameter.
+
+    .. versionadded:: 6.0
+        Added unicode support for cmd.exe on Windows.
+
+    .. versionadded:: 4.0
+        Added the `err` parameter.
+
+    """
+
+    def prompt_func(text: str) -> str:
+        f = hidden_prompt_func if hide_input else visible_prompt_func
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(text.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            return f(" ")
+        except (KeyboardInterrupt, EOFError):
+            # getpass doesn't print a newline if the user aborts input with ^C.
+            # Allegedly this behavior is inherited from getpass(3).
+            # A doc bug has been filed at https://bugs.python.org/issue24711
+            if hide_input:
+                echo(None, err=err)
+            raise Abort() from None
+
+    if value_proc is None:
+        value_proc = convert_type(type, default)
+
+    prompt = _build_prompt(
+        text, prompt_suffix, show_default, default, show_choices, type
+    )
+
+    if confirmation_prompt:
+        if confirmation_prompt is True:
+            confirmation_prompt = _("Repeat for confirmation")
+
+        confirmation_prompt = _build_prompt(confirmation_prompt, prompt_suffix)
+
+    while True:
+        while True:
+            value = prompt_func(prompt)
+            if value:
+                break
+            elif default is not None:
+                value = default
+                break
+        try:
+            result = value_proc(value)
+        except UsageError as e:
+            if hide_input:
+                echo(_("Error: The value you entered was invalid."), err=err)
+            else:
+                echo(_("Error: {e.message}").format(e=e), err=err)  # noqa: B306
+            continue
+        if not confirmation_prompt:
+            return result
+        while True:
+            value2 = prompt_func(confirmation_prompt)
+            is_empty = not value and not value2
+            if value2 or is_empty:
+                break
+        if value == value2:
+            return result
+        echo(_("Error: The two entered values do not match."), err=err)
+
+
+def confirm(
+    text: str,
+    default: t.Optional[bool] = False,
+    abort: bool = False,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+) -> bool:
+    """Prompts for confirmation (yes/no question).
+
+    If the user aborts the input by sending a interrupt signal this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the question to ask.
+    :param default: The default value to use when no input is given. If
+        ``None``, repeat until input is given.
+    :param abort: if this is set to `True` a negative answer aborts the
+                  exception by raising :exc:`Abort`.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+
+    .. versionchanged:: 8.0
+        Repeat until input is given if ``default`` is ``None``.
+
+    .. versionadded:: 4.0
+        Added the ``err`` parameter.
+    """
+    prompt = _build_prompt(
+        text,
+        prompt_suffix,
+        show_default,
+        "y/n" if default is None else ("Y/n" if default else "y/N"),
+    )
+
+    while True:
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(prompt.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            value = visible_prompt_func(" ").lower().strip()
+        except (KeyboardInterrupt, EOFError):
+            raise Abort() from None
+        if value in ("y", "yes"):
+            rv = True
+        elif value in ("n", "no"):
+            rv = False
+        elif default is not None and value == "":
+            rv = default
+        else:
+            echo(_("Error: invalid input"), err=err)
+            continue
+        break
+    if abort and not rv:
+        raise Abort()
+    return rv
+
+
+def echo_via_pager(
+    text_or_generator: t.Union[t.Iterable[str], t.Callable[[], t.Iterable[str]], str],
+    color: t.Optional[bool] = None,
+) -> None:
+    """This function takes a text and shows it via an environment specific
+    pager on stdout.
+
+    .. versionchanged:: 3.0
+       Added the `color` flag.
+
+    :param text_or_generator: the text to page, or alternatively, a
+                              generator emitting the text to page.
+    :param color: controls if the pager supports ANSI colors or not.  The
+                  default is autodetection.
+    """
+    color = resolve_color_default(color)
+
+    if inspect.isgeneratorfunction(text_or_generator):
+        i = t.cast(t.Callable[[], t.Iterable[str]], text_or_generator)()
+    elif isinstance(text_or_generator, str):
+        i = [text_or_generator]
+    else:
+        i = iter(t.cast(t.Iterable[str], text_or_generator))
+
+    # convert every element of i to a text type if necessary
+    text_generator = (el if isinstance(el, str) else str(el) for el in i)
+
+    from ._termui_impl import pager
+
+    return pager(itertools.chain(text_generator, "\n"), color)
+
+
+def progressbar(
+    iterable: t.Optional[t.Iterable[V]] = None,
+    length: t.Optional[int] = None,
+    label: t.Optional[str] = None,
+    show_eta: bool = True,
+    show_percent: t.Optional[bool] = None,
+    show_pos: bool = False,
+    item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+    fill_char: str = "#",
+    empty_char: str = "-",
+    bar_template: str = "%(label)s  [%(bar)s]  %(info)s",
+    info_sep: str = "  ",
+    width: int = 36,
+    file: t.Optional[t.TextIO] = None,
+    color: t.Optional[bool] = None,
+    update_min_steps: int = 1,
+) -> "ProgressBar[V]":
+    """This function creates an iterable context manager that can be used
+    to iterate over something while showing a progress bar.  It will
+    either iterate over the `iterable` or `length` items (that are counted
+    up).  While iteration happens, this function will print a rendered
+    progress bar to the given `file` (defaults to stdout) and will attempt
+    to calculate remaining time and more.  By default, this progress bar
+    will not be rendered if the file is not a terminal.
+
+    The context manager creates the progress bar.  When the context
+    manager is entered the progress bar is already created.  With every
+    iteration over the progress bar, the iterable passed to the bar is
+    advanced and the bar is updated.  When the context manager exits,
+    a newline is printed and the progress bar is finalized on screen.
+
+    Note: The progress bar is currently designed for use cases where the
+    total progress can be expected to take at least several seconds.
+    Because of this, the ProgressBar class object won't display
+    progress that is considered too fast, and progress where the time
+    between steps is less than a second.
+
+    No printing must happen or the progress bar will be unintentionally
+    destroyed.
+
+    Example usage::
+
+        with progressbar(items) as bar:
+            for item in bar:
+                do_something_with(item)
+
+    Alternatively, if no iterable is specified, one can manually update the
+    progress bar through the `update()` method instead of directly
+    iterating over the progress bar.  The update method accepts the number
+    of steps to increment the bar with::
+
+        with progressbar(length=chunks.total_bytes) as bar:
+            for chunk in chunks:
+                process_chunk(chunk)
+                bar.update(chunks.bytes)
+
+    The ``update()`` method also takes an optional value specifying the
+    ``current_item`` at the new position. This is useful when used
+    together with ``item_show_func`` to customize the output for each
+    manual step::
+
+        with click.progressbar(
+            length=total_size,
+            label='Unzipping archive',
+            item_show_func=lambda a: a.filename
+        ) as bar:
+            for archive in zip_file:
+                archive.extract()
+                bar.update(archive.size, archive)
+
+    :param iterable: an iterable to iterate over.  If not provided the length
+                     is required.
+    :param length: the number of items to iterate over.  By default the
+                   progressbar will attempt to ask the iterator about its
+                   length, which might or might not work.  If an iterable is
+                   also provided this parameter can be used to override the
+                   length.  If an iterable is not provided the progress bar
+                   will iterate over a range of that length.
+    :param label: the label to show next to the progress bar.
+    :param show_eta: enables or disables the estimated time display.  This is
+                     automatically disabled if the length cannot be
+                     determined.
+    :param show_percent: enables or disables the percentage display.  The
+                         default is `True` if the iterable has a length or
+                         `False` if not.
+    :param show_pos: enables or disables the absolute position display.  The
+                     default is `False`.
+    :param item_show_func: A function called with the current item which
+        can return a string to show next to the progress bar. If the
+        function returns ``None`` nothing is shown. The current item can
+        be ``None``, such as when entering and exiting the bar.
+    :param fill_char: the character to use to show the filled part of the
+                      progress bar.
+    :param empty_char: the character to use to show the non-filled part of
+                       the progress bar.
+    :param bar_template: the format string to use as template for the bar.
+                         The parameters in it are ``label`` for the label,
+                         ``bar`` for the progress bar and ``info`` for the
+                         info section.
+    :param info_sep: the separator between multiple info items (eta etc.)
+    :param width: the width of the progress bar in characters, 0 means full
+                  terminal width
+    :param file: The file to write to. If this is not a terminal then
+        only the label is printed.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are included anywhere in the progress bar output
+                  which is not the case by default.
+    :param update_min_steps: Render only when this many updates have
+        completed. This allows tuning for very fast iterators.
+
+    .. versionchanged:: 8.0
+        Output is shown even if execution time is less than 0.5 seconds.
+
+    .. versionchanged:: 8.0
+        ``item_show_func`` shows the current item, not the previous one.
+
+    .. versionchanged:: 8.0
+        Labels are echoed if the output is not a TTY. Reverts a change
+        in 7.0 that removed all output.
+
+    .. versionadded:: 8.0
+       Added the ``update_min_steps`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter. Added the ``update`` method to
+        the object.
+
+    .. versionadded:: 2.0
+    """
+    from ._termui_impl import ProgressBar
+
+    color = resolve_color_default(color)
+    return ProgressBar(
+        iterable=iterable,
+        length=length,
+        show_eta=show_eta,
+        show_percent=show_percent,
+        show_pos=show_pos,
+        item_show_func=item_show_func,
+        fill_char=fill_char,
+        empty_char=empty_char,
+        bar_template=bar_template,
+        info_sep=info_sep,
+        file=file,
+        label=label,
+        width=width,
+        color=color,
+        update_min_steps=update_min_steps,
+    )
+
+
+def clear() -> None:
+    """Clears the terminal screen.  This will have the effect of clearing
+    the whole visible space of the terminal and moving the cursor to the
+    top left.  This does not do anything if not connected to a terminal.
+
+    .. versionadded:: 2.0
+    """
+    if not isatty(sys.stdout):
+        return
+
+    # ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
+    echo("\033[2J\033[1;1H", nl=False)
+
+
+def _interpret_color(
+    color: t.Union[int, t.Tuple[int, int, int], str], offset: int = 0
+) -> str:
+    if isinstance(color, int):
+        return f"{38 + offset};5;{color:d}"
+
+    if isinstance(color, (tuple, list)):
+        r, g, b = color
+        return f"{38 + offset};2;{r:d};{g:d};{b:d}"
+
+    return str(_ansi_colors[color] + offset)
+
+
+def style(
+    text: t.Any,
+    fg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bold: t.Optional[bool] = None,
+    dim: t.Optional[bool] = None,
+    underline: t.Optional[bool] = None,
+    overline: t.Optional[bool] = None,
+    italic: t.Optional[bool] = None,
+    blink: t.Optional[bool] = None,
+    reverse: t.Optional[bool] = None,
+    strikethrough: t.Optional[bool] = None,
+    reset: bool = True,
+) -> str:
+    """Styles a text with ANSI styles and returns the new string.  By
+    default the styling is self contained which means that at the end
+    of the string a reset code is issued.  This can be prevented by
+    passing ``reset=False``.
+
+    Examples::
+
+        click.echo(click.style('Hello World!', fg='green'))
+        click.echo(click.style('ATTENTION!', blink=True))
+        click.echo(click.style('Some things', reverse=True, fg='cyan'))
+        click.echo(click.style('More colors', fg=(255, 12, 128), bg=117))
+
+    Supported color names:
+
+    * ``black`` (might be a gray)
+    * ``red``
+    * ``green``
+    * ``yellow`` (might be an orange)
+    * ``blue``
+    * ``magenta``
+    * ``cyan``
+    * ``white`` (might be light gray)
+    * ``bright_black``
+    * ``bright_red``
+    * ``bright_green``
+    * ``bright_yellow``
+    * ``bright_blue``
+    * ``bright_magenta``
+    * ``bright_cyan``
+    * ``bright_white``
+    * ``reset`` (reset the color code only)
+
+    If the terminal supports it, color may also be specified as:
+
+    -   An integer in the interval [0, 255]. The terminal must support
+        8-bit/256-color mode.
+    -   An RGB tuple of three integers in [0, 255]. The terminal must
+        support 24-bit/true-color mode.
+
+    See https://en.wikipedia.org/wiki/ANSI_color and
+    https://gist.github.com/XVilka/8346728 for more information.
+
+    :param text: the string to style with ansi codes.
+    :param fg: if provided this will become the foreground color.
+    :param bg: if provided this will become the background color.
+    :param bold: if provided this will enable or disable bold mode.
+    :param dim: if provided this will enable or disable dim mode.  This is
+                badly supported.
+    :param underline: if provided this will enable or disable underline.
+    :param overline: if provided this will enable or disable overline.
+    :param italic: if provided this will enable or disable italic.
+    :param blink: if provided this will enable or disable blinking.
+    :param reverse: if provided this will enable or disable inverse
+                    rendering (foreground becomes background and the
+                    other way round).
+    :param strikethrough: if provided this will enable or disable
+        striking through text.
+    :param reset: by default a reset-all code is added at the end of the
+                  string which means that styles do not carry over.  This
+                  can be disabled to compose styles.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string.
+
+    .. versionchanged:: 8.0
+       Added support for 256 and RGB color codes.
+
+    .. versionchanged:: 8.0
+        Added the ``strikethrough``, ``italic``, and ``overline``
+        parameters.
+
+    .. versionchanged:: 7.0
+        Added support for bright colors.
+
+    .. versionadded:: 2.0
+    """
+    if not isinstance(text, str):
+        text = str(text)
+
+    bits = []
+
+    if fg:
+        try:
+            bits.append(f"\033[{_interpret_color(fg)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {fg!r}") from None
+
+    if bg:
+        try:
+            bits.append(f"\033[{_interpret_color(bg, 10)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {bg!r}") from None
+
+    if bold is not None:
+        bits.append(f"\033[{1 if bold else 22}m")
+    if dim is not None:
+        bits.append(f"\033[{2 if dim else 22}m")
+    if underline is not None:
+        bits.append(f"\033[{4 if underline else 24}m")
+    if overline is not None:
+        bits.append(f"\033[{53 if overline else 55}m")
+    if italic is not None:
+        bits.append(f"\033[{3 if italic else 23}m")
+    if blink is not None:
+        bits.append(f"\033[{5 if blink else 25}m")
+    if reverse is not None:
+        bits.append(f"\033[{7 if reverse else 27}m")
+    if strikethrough is not None:
+        bits.append(f"\033[{9 if strikethrough else 29}m")
+    bits.append(text)
+    if reset:
+        bits.append(_ansi_reset_all)
+    return "".join(bits)
+
+
+def unstyle(text: str) -> str:
+    """Removes ANSI styling information from a string.  Usually it's not
+    necessary to use this function as Click's echo function will
+    automatically remove styling if necessary.
+
+    .. versionadded:: 2.0
+
+    :param text: the text to remove style information from.
+    """
+    return strip_ansi(text)
+
+
+def secho(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.AnyStr]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+    **styles: t.Any,
+) -> None:
+    """This function combines :func:`echo` and :func:`style` into one
+    call.  As such the following two calls are the same::
+
+        click.secho('Hello World!', fg='green')
+        click.echo(click.style('Hello World!', fg='green'))
+
+    All keyword arguments are forwarded to the underlying functions
+    depending on which one they go with.
+
+    Non-string types will be converted to :class:`str`. However,
+    :class:`bytes` are passed directly to :meth:`echo` without applying
+    style. If you want to style bytes that represent text, call
+    :meth:`bytes.decode` first.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string. Bytes are
+        passed through without style applied.
+
+    .. versionadded:: 2.0
+    """
+    if message is not None and not isinstance(message, (bytes, bytearray)):
+        message = style(message, **styles)
+
+    return echo(message, file=file, nl=nl, err=err, color=color)
+
+
+def edit(
+    text: t.Optional[t.AnyStr] = None,
+    editor: t.Optional[str] = None,
+    env: t.Optional[t.Mapping[str, str]] = None,
+    require_save: bool = True,
+    extension: str = ".txt",
+    filename: t.Optional[str] = None,
+) -> t.Optional[t.AnyStr]:
+    r"""Edits the given text in the defined editor.  If an editor is given
+    (should be the full path to the executable but the regular operating
+    system search path is used for finding the executable) it overrides
+    the detected editor.  Optionally, some environment variables can be
+    used.  If the editor is closed without changes, `None` is returned.  In
+    case a file is edited directly the return value is always `None` and
+    `require_save` and `extension` are ignored.
+
+    If the editor cannot be opened a :exc:`UsageError` is raised.
+
+    Note for Windows: to simplify cross-platform usage, the newlines are
+    automatically converted from POSIX to Windows and vice versa.  As such,
+    the message here will have ``\n`` as newline markers.
+
+    :param text: the text to edit.
+    :param editor: optionally the editor to use.  Defaults to automatic
+                   detection.
+    :param env: environment variables to forward to the editor.
+    :param require_save: if this is true, then not saving in the editor
+                         will make the return value become `None`.
+    :param extension: the extension to tell the editor about.  This defaults
+                      to `.txt` but changing this might change syntax
+                      highlighting.
+    :param filename: if provided it will edit this file instead of the
+                     provided text contents.  It will not use a temporary
+                     file as an indirection in that case.
+    """
+    from ._termui_impl import Editor
+
+    ed = Editor(editor=editor, env=env, require_save=require_save, extension=extension)
+
+    if filename is None:
+        return ed.edit(text)
+
+    ed.edit_file(filename)
+    return None
+
+
+def launch(url: str, wait: bool = False, locate: bool = False) -> int:
+    """This function launches the given URL (or filename) in the default
+    viewer application for this file type.  If this is an executable, it
+    might launch the executable in a new session.  The return value is
+    the exit code of the launched application.  Usually, ``0`` indicates
+    success.
+
+    Examples::
+
+        click.launch('https://click.palletsprojects.com/')
+        click.launch('/my/downloaded/file', locate=True)
+
+    .. versionadded:: 2.0
+
+    :param url: URL or filename of the thing to launch.
+    :param wait: Wait for the program to exit before returning. This
+        only works if the launched program blocks. In particular,
+        ``xdg-open`` on Linux does not block.
+    :param locate: if this is set to `True` then instead of launching the
+                   application associated with the URL it will attempt to
+                   launch a file manager with the file located.  This
+                   might have weird effects if the URL does not point to
+                   the filesystem.
+    """
+    from ._termui_impl import open_url
+
+    return open_url(url, wait=wait, locate=locate)
+
+
+# If this is provided, getchar() calls into this instead.  This is used
+# for unittesting purposes.
+_getchar: t.Optional[t.Callable[[bool], str]] = None
+
+
+def getchar(echo: bool = False) -> str:
+    """Fetches a single character from the terminal and returns it.  This
+    will always return a unicode character and under certain rare
+    circumstances this might return more than one character.  The
+    situations which more than one character is returned is when for
+    whatever reason multiple characters end up in the terminal buffer or
+    standard input was not actually a terminal.
+
+    Note that this will always read from the terminal, even if something
+    is piped into the standard input.
+
+    Note for Windows: in rare cases when typing non-ASCII characters, this
+    function might wait for a second character and then return both at once.
+    This is because certain Unicode characters look like special-key markers.
+
+    .. versionadded:: 2.0
+
+    :param echo: if set to `True`, the character read will also show up on
+                 the terminal.  The default is to not show it.
+    """
+    global _getchar
+
+    if _getchar is None:
+        from ._termui_impl import getchar as f
+
+        _getchar = f
+
+    return _getchar(echo)
+
+
+def raw_terminal() -> t.ContextManager[int]:
+    from ._termui_impl import raw_terminal as f
+
+    return f()
+
+
+def pause(info: t.Optional[str] = None, err: bool = False) -> None:
+    """This command stops execution and waits for the user to press any
+    key to continue.  This is similar to the Windows batch "pause"
+    command.  If the program is not run through a terminal, this command
+    will instead do nothing.
+
+    .. versionadded:: 2.0
+
+    .. versionadded:: 4.0
+       Added the `err` parameter.
+
+    :param info: The message to print before pausing. Defaults to
+        ``"Press any key to continue..."``.
+    :param err: if set to message goes to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    """
+    if not isatty(sys.stdin) or not isatty(sys.stdout):
+        return
+
+    if info is None:
+        info = _("Press any key to continue...")
+
+    try:
+        if info:
+            echo(info, nl=False, err=err)
+        try:
+            getchar()
+        except (KeyboardInterrupt, EOFError):
+            pass
+    finally:
+        if info:
+            echo(err=err)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/testing.py b/lib/go-jinja2/internal/data/darwin-amd64/click/testing.py
new file mode 100644
index 000000000..e0df0d2a6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/testing.py
@@ -0,0 +1,479 @@
+import contextlib
+import io
+import os
+import shlex
+import shutil
+import sys
+import tempfile
+import typing as t
+from types import TracebackType
+
+from . import formatting
+from . import termui
+from . import utils
+from ._compat import _find_binary_reader
+
+if t.TYPE_CHECKING:
+    from .core import BaseCommand
+
+
+class EchoingStdin:
+    def __init__(self, input: t.BinaryIO, output: t.BinaryIO) -> None:
+        self._input = input
+        self._output = output
+        self._paused = False
+
+    def __getattr__(self, x: str) -> t.Any:
+        return getattr(self._input, x)
+
+    def _echo(self, rv: bytes) -> bytes:
+        if not self._paused:
+            self._output.write(rv)
+
+        return rv
+
+    def read(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read(n))
+
+    def read1(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read1(n))  # type: ignore
+
+    def readline(self, n: int = -1) -> bytes:
+        return self._echo(self._input.readline(n))
+
+    def readlines(self) -> t.List[bytes]:
+        return [self._echo(x) for x in self._input.readlines()]
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._echo(x) for x in self._input)
+
+    def __repr__(self) -> str:
+        return repr(self._input)
+
+
+@contextlib.contextmanager
+def _pause_echo(stream: t.Optional[EchoingStdin]) -> t.Iterator[None]:
+    if stream is None:
+        yield
+    else:
+        stream._paused = True
+        yield
+        stream._paused = False
+
+
+class _NamedTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self, buffer: t.BinaryIO, name: str, mode: str, **kwargs: t.Any
+    ) -> None:
+        super().__init__(buffer, **kwargs)
+        self._name = name
+        self._mode = mode
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def mode(self) -> str:
+        return self._mode
+
+
+def make_input_stream(
+    input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]], charset: str
+) -> t.BinaryIO:
+    # Is already an input stream.
+    if hasattr(input, "read"):
+        rv = _find_binary_reader(t.cast(t.IO[t.Any], input))
+
+        if rv is not None:
+            return rv
+
+        raise TypeError("Could not find binary reader for input stream.")
+
+    if input is None:
+        input = b""
+    elif isinstance(input, str):
+        input = input.encode(charset)
+
+    return io.BytesIO(input)
+
+
+class Result:
+    """Holds the captured result of an invoked CLI script."""
+
+    def __init__(
+        self,
+        runner: "CliRunner",
+        stdout_bytes: bytes,
+        stderr_bytes: t.Optional[bytes],
+        return_value: t.Any,
+        exit_code: int,
+        exception: t.Optional[BaseException],
+        exc_info: t.Optional[
+            t.Tuple[t.Type[BaseException], BaseException, TracebackType]
+        ] = None,
+    ):
+        #: The runner that created the result
+        self.runner = runner
+        #: The standard output as bytes.
+        self.stdout_bytes = stdout_bytes
+        #: The standard error as bytes, or None if not available
+        self.stderr_bytes = stderr_bytes
+        #: The value returned from the invoked command.
+        #:
+        #: .. versionadded:: 8.0
+        self.return_value = return_value
+        #: The exit code as integer.
+        self.exit_code = exit_code
+        #: The exception that happened if one did.
+        self.exception = exception
+        #: The traceback
+        self.exc_info = exc_info
+
+    @property
+    def output(self) -> str:
+        """The (standard) output as unicode string."""
+        return self.stdout
+
+    @property
+    def stdout(self) -> str:
+        """The standard output as unicode string."""
+        return self.stdout_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    @property
+    def stderr(self) -> str:
+        """The standard error as unicode string."""
+        if self.stderr_bytes is None:
+            raise ValueError("stderr not separately captured")
+        return self.stderr_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    def __repr__(self) -> str:
+        exc_str = repr(self.exception) if self.exception else "okay"
+        return f"<{type(self).__name__} {exc_str}>"
+
+
+class CliRunner:
+    """The CLI runner provides functionality to invoke a Click command line
+    script for unittesting purposes in a isolated environment.  This only
+    works in single-threaded systems without any concurrency as it changes the
+    global interpreter state.
+
+    :param charset: the character set for the input and output data.
+    :param env: a dictionary with environment variables for overriding.
+    :param echo_stdin: if this is set to `True`, then reading from stdin writes
+                       to stdout.  This is useful for showing examples in
+                       some circumstances.  Note that regular prompts
+                       will automatically echo the input.
+    :param mix_stderr: if this is set to `False`, then stdout and stderr are
+                       preserved as independent streams.  This is useful for
+                       Unix-philosophy apps that have predictable stdout and
+                       noisy stderr, such that each may be measured
+                       independently
+    """
+
+    def __init__(
+        self,
+        charset: str = "utf-8",
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        echo_stdin: bool = False,
+        mix_stderr: bool = True,
+    ) -> None:
+        self.charset = charset
+        self.env: t.Mapping[str, t.Optional[str]] = env or {}
+        self.echo_stdin = echo_stdin
+        self.mix_stderr = mix_stderr
+
+    def get_default_prog_name(self, cli: "BaseCommand") -> str:
+        """Given a command object it will return the default program name
+        for it.  The default is the `name` attribute or ``"root"`` if not
+        set.
+        """
+        return cli.name or "root"
+
+    def make_env(
+        self, overrides: t.Optional[t.Mapping[str, t.Optional[str]]] = None
+    ) -> t.Mapping[str, t.Optional[str]]:
+        """Returns the environment overrides for invoking a script."""
+        rv = dict(self.env)
+        if overrides:
+            rv.update(overrides)
+        return rv
+
+    @contextlib.contextmanager
+    def isolation(
+        self,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        color: bool = False,
+    ) -> t.Iterator[t.Tuple[io.BytesIO, t.Optional[io.BytesIO]]]:
+        """A context manager that sets up the isolation for invoking of a
+        command line tool.  This sets up stdin with the given input data
+        and `os.environ` with the overrides from the given dictionary.
+        This also rebinds some internals in Click to be mocked (like the
+        prompt functionality).
+
+        This is automatically done in the :meth:`invoke` method.
+
+        :param input: the input stream to put into sys.stdin.
+        :param env: the environment overrides as dictionary.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            ``stderr`` is opened with ``errors="backslashreplace"``
+            instead of the default ``"strict"``.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+        """
+        bytes_input = make_input_stream(input, self.charset)
+        echo_input = None
+
+        old_stdin = sys.stdin
+        old_stdout = sys.stdout
+        old_stderr = sys.stderr
+        old_forced_width = formatting.FORCED_WIDTH
+        formatting.FORCED_WIDTH = 80
+
+        env = self.make_env(env)
+
+        bytes_output = io.BytesIO()
+
+        if self.echo_stdin:
+            bytes_input = echo_input = t.cast(
+                t.BinaryIO, EchoingStdin(bytes_input, bytes_output)
+            )
+
+        sys.stdin = text_input = _NamedTextIOWrapper(
+            bytes_input, encoding=self.charset, name="<stdin>", mode="r"
+        )
+
+        if self.echo_stdin:
+            # Force unbuffered reads, otherwise TextIOWrapper reads a
+            # large chunk which is echoed early.
+            text_input._CHUNK_SIZE = 1  # type: ignore
+
+        sys.stdout = _NamedTextIOWrapper(
+            bytes_output, encoding=self.charset, name="<stdout>", mode="w"
+        )
+
+        bytes_error = None
+        if self.mix_stderr:
+            sys.stderr = sys.stdout
+        else:
+            bytes_error = io.BytesIO()
+            sys.stderr = _NamedTextIOWrapper(
+                bytes_error,
+                encoding=self.charset,
+                name="<stderr>",
+                mode="w",
+                errors="backslashreplace",
+            )
+
+        @_pause_echo(echo_input)  # type: ignore
+        def visible_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(prompt or "")
+            val = text_input.readline().rstrip("\r\n")
+            sys.stdout.write(f"{val}\n")
+            sys.stdout.flush()
+            return val
+
+        @_pause_echo(echo_input)  # type: ignore
+        def hidden_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(f"{prompt or ''}\n")
+            sys.stdout.flush()
+            return text_input.readline().rstrip("\r\n")
+
+        @_pause_echo(echo_input)  # type: ignore
+        def _getchar(echo: bool) -> str:
+            char = sys.stdin.read(1)
+
+            if echo:
+                sys.stdout.write(char)
+
+            sys.stdout.flush()
+            return char
+
+        default_color = color
+
+        def should_strip_ansi(
+            stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+        ) -> bool:
+            if color is None:
+                return not default_color
+            return not color
+
+        old_visible_prompt_func = termui.visible_prompt_func
+        old_hidden_prompt_func = termui.hidden_prompt_func
+        old__getchar_func = termui._getchar
+        old_should_strip_ansi = utils.should_strip_ansi  # type: ignore
+        termui.visible_prompt_func = visible_input
+        termui.hidden_prompt_func = hidden_input
+        termui._getchar = _getchar
+        utils.should_strip_ansi = should_strip_ansi  # type: ignore
+
+        old_env = {}
+        try:
+            for key, value in env.items():
+                old_env[key] = os.environ.get(key)
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            yield (bytes_output, bytes_error)
+        finally:
+            for key, value in old_env.items():
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            sys.stdout = old_stdout
+            sys.stderr = old_stderr
+            sys.stdin = old_stdin
+            termui.visible_prompt_func = old_visible_prompt_func
+            termui.hidden_prompt_func = old_hidden_prompt_func
+            termui._getchar = old__getchar_func
+            utils.should_strip_ansi = old_should_strip_ansi  # type: ignore
+            formatting.FORCED_WIDTH = old_forced_width
+
+    def invoke(
+        self,
+        cli: "BaseCommand",
+        args: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        catch_exceptions: bool = True,
+        color: bool = False,
+        **extra: t.Any,
+    ) -> Result:
+        """Invokes a command in an isolated environment.  The arguments are
+        forwarded directly to the command line script, the `extra` keyword
+        arguments are passed to the :meth:`~clickpkg.Command.main` function of
+        the command.
+
+        This returns a :class:`Result` object.
+
+        :param cli: the command to invoke
+        :param args: the arguments to invoke. It may be given as an iterable
+                     or a string. When given as string it will be interpreted
+                     as a Unix shell command. More details at
+                     :func:`shlex.split`.
+        :param input: the input data for `sys.stdin`.
+        :param env: the environment overrides.
+        :param catch_exceptions: Whether to catch any other exceptions than
+                                 ``SystemExit``.
+        :param extra: the keyword arguments to pass to :meth:`main`.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            The result object has the ``return_value`` attribute with
+            the value returned from the invoked command.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+
+        .. versionchanged:: 3.0
+            Added the ``catch_exceptions`` parameter.
+
+        .. versionchanged:: 3.0
+            The result object has the ``exc_info`` attribute with the
+            traceback if available.
+        """
+        exc_info = None
+        with self.isolation(input=input, env=env, color=color) as outstreams:
+            return_value = None
+            exception: t.Optional[BaseException] = None
+            exit_code = 0
+
+            if isinstance(args, str):
+                args = shlex.split(args)
+
+            try:
+                prog_name = extra.pop("prog_name")
+            except KeyError:
+                prog_name = self.get_default_prog_name(cli)
+
+            try:
+                return_value = cli.main(args=args or (), prog_name=prog_name, **extra)
+            except SystemExit as e:
+                exc_info = sys.exc_info()
+                e_code = t.cast(t.Optional[t.Union[int, t.Any]], e.code)
+
+                if e_code is None:
+                    e_code = 0
+
+                if e_code != 0:
+                    exception = e
+
+                if not isinstance(e_code, int):
+                    sys.stdout.write(str(e_code))
+                    sys.stdout.write("\n")
+                    e_code = 1
+
+                exit_code = e_code
+
+            except Exception as e:
+                if not catch_exceptions:
+                    raise
+                exception = e
+                exit_code = 1
+                exc_info = sys.exc_info()
+            finally:
+                sys.stdout.flush()
+                stdout = outstreams[0].getvalue()
+                if self.mix_stderr:
+                    stderr = None
+                else:
+                    stderr = outstreams[1].getvalue()  # type: ignore
+
+        return Result(
+            runner=self,
+            stdout_bytes=stdout,
+            stderr_bytes=stderr,
+            return_value=return_value,
+            exit_code=exit_code,
+            exception=exception,
+            exc_info=exc_info,  # type: ignore
+        )
+
+    @contextlib.contextmanager
+    def isolated_filesystem(
+        self, temp_dir: t.Optional[t.Union[str, "os.PathLike[str]"]] = None
+    ) -> t.Iterator[str]:
+        """A context manager that creates a temporary directory and
+        changes the current working directory to it. This isolates tests
+        that affect the contents of the CWD to prevent them from
+        interfering with each other.
+
+        :param temp_dir: Create the temporary directory under this
+            directory. If given, the created directory is not removed
+            when exiting.
+
+        .. versionchanged:: 8.0
+            Added the ``temp_dir`` parameter.
+        """
+        cwd = os.getcwd()
+        dt = tempfile.mkdtemp(dir=temp_dir)
+        os.chdir(dt)
+
+        try:
+            yield dt
+        finally:
+            os.chdir(cwd)
+
+            if temp_dir is None:
+                try:
+                    shutil.rmtree(dt)
+                except OSError:  # noqa: B014
+                    pass
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/types.py b/lib/go-jinja2/internal/data/darwin-amd64/click/types.py
new file mode 100644
index 000000000..2b1d1797f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/types.py
@@ -0,0 +1,1089 @@
+import os
+import stat
+import sys
+import typing as t
+from datetime import datetime
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import _get_argv_encoding
+from ._compat import open_stream
+from .exceptions import BadParameter
+from .utils import format_filename
+from .utils import LazyFile
+from .utils import safecall
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+    from .core import Parameter
+    from .shell_completion import CompletionItem
+
+
+class ParamType:
+    """Represents the type of a parameter. Validates and converts values
+    from the command line or Python into the correct type.
+
+    To implement a custom type, subclass and implement at least the
+    following:
+
+    -   The :attr:`name` class attribute must be set.
+    -   Calling an instance of the type with ``None`` must return
+        ``None``. This is already implemented by default.
+    -   :meth:`convert` must convert string values to the correct type.
+    -   :meth:`convert` must accept values that are already the correct
+        type.
+    -   It must be able to convert a value if the ``ctx`` and ``param``
+        arguments are ``None``. This can occur when converting prompt
+        input.
+    """
+
+    is_composite: t.ClassVar[bool] = False
+    arity: t.ClassVar[int] = 1
+
+    #: the descriptive name of this type
+    name: str
+
+    #: if a list of this type is expected and the value is pulled from a
+    #: string environment variable, this is what splits it up.  `None`
+    #: means any whitespace.  For all parameters the general rule is that
+    #: whitespace splits them up.  The exception are paths and files which
+    #: are split by ``os.path.pathsep`` by default (":" on Unix and ";" on
+    #: Windows).
+    envvar_list_splitter: t.ClassVar[t.Optional[str]] = None
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        # The class name without the "ParamType" suffix.
+        param_type = type(self).__name__.partition("ParamType")[0]
+        param_type = param_type.partition("ParameterType")[0]
+
+        # Custom subclasses might not remember to set a name.
+        if hasattr(self, "name"):
+            name = self.name
+        else:
+            name = param_type
+
+        return {"param_type": param_type, "name": name}
+
+    def __call__(
+        self,
+        value: t.Any,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> t.Any:
+        if value is not None:
+            return self.convert(value, param, ctx)
+
+    def get_metavar(self, param: "Parameter") -> t.Optional[str]:
+        """Returns the metavar default for this param if it provides one."""
+
+    def get_missing_message(self, param: "Parameter") -> t.Optional[str]:
+        """Optionally might return extra information about a missing
+        parameter.
+
+        .. versionadded:: 2.0
+        """
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        """Convert the value to the correct type. This is not called if
+        the value is ``None`` (the missing value).
+
+        This must accept string values from the command line, as well as
+        values that are already the correct type. It may also convert
+        other compatible types.
+
+        The ``param`` and ``ctx`` arguments may be ``None`` in certain
+        situations, such as when converting prompt input.
+
+        If the value cannot be converted, call :meth:`fail` with a
+        descriptive message.
+
+        :param value: The value to convert.
+        :param param: The parameter that is using this type to convert
+            its value. May be ``None``.
+        :param ctx: The current context that arrived at this value. May
+            be ``None``.
+        """
+        return value
+
+    def split_envvar_value(self, rv: str) -> t.Sequence[str]:
+        """Given a value from an environment variable this splits it up
+        into small chunks depending on the defined envvar list splitter.
+
+        If the splitter is set to `None`, which means that whitespace splits,
+        then leading and trailing whitespace is ignored.  Otherwise, leading
+        and trailing splitters usually lead to empty items being included.
+        """
+        return (rv or "").split(self.envvar_list_splitter)
+
+    def fail(
+        self,
+        message: str,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> "t.NoReturn":
+        """Helper method to fail with an invalid value message."""
+        raise BadParameter(message, ctx=ctx, param=param)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a list of
+        :class:`~click.shell_completion.CompletionItem` objects for the
+        incomplete value. Most types do not provide completions, but
+        some do, and this allows custom types to provide custom
+        completions as well.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        return []
+
+
+class CompositeParamType(ParamType):
+    is_composite = True
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        raise NotImplementedError()
+
+
+class FuncParamType(ParamType):
+    def __init__(self, func: t.Callable[[t.Any], t.Any]) -> None:
+        self.name: str = func.__name__
+        self.func = func
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["func"] = self.func
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self.func(value)
+        except ValueError:
+            try:
+                value = str(value)
+            except UnicodeError:
+                value = value.decode("utf-8", "replace")
+
+            self.fail(value, param, ctx)
+
+
+class UnprocessedParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        return value
+
+    def __repr__(self) -> str:
+        return "UNPROCESSED"
+
+
+class StringParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, bytes):
+            enc = _get_argv_encoding()
+            try:
+                value = value.decode(enc)
+            except UnicodeError:
+                fs_enc = sys.getfilesystemencoding()
+                if fs_enc != enc:
+                    try:
+                        value = value.decode(fs_enc)
+                    except UnicodeError:
+                        value = value.decode("utf-8", "replace")
+                else:
+                    value = value.decode("utf-8", "replace")
+            return value
+        return str(value)
+
+    def __repr__(self) -> str:
+        return "STRING"
+
+
+class Choice(ParamType):
+    """The choice type allows a value to be checked against a fixed set
+    of supported values. All of these values have to be strings.
+
+    You should only pass a list or tuple of choices. Other iterables
+    (like generators) may lead to surprising results.
+
+    The resulting value will always be one of the originally passed choices
+    regardless of ``case_sensitive`` or any ``ctx.token_normalize_func``
+    being specified.
+
+    See :ref:`choice-opts` for an example.
+
+    :param case_sensitive: Set to false to make choices case
+        insensitive. Defaults to true.
+    """
+
+    name = "choice"
+
+    def __init__(self, choices: t.Sequence[str], case_sensitive: bool = True) -> None:
+        self.choices = choices
+        self.case_sensitive = case_sensitive
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["choices"] = self.choices
+        info_dict["case_sensitive"] = self.case_sensitive
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        choices_str = "|".join(self.choices)
+
+        # Use curly braces to indicate a required argument.
+        if param.required and param.param_type_name == "argument":
+            return f"{{{choices_str}}}"
+
+        # Use square braces to indicate an option or optional argument.
+        return f"[{choices_str}]"
+
+    def get_missing_message(self, param: "Parameter") -> str:
+        return _("Choose from:\n\t{choices}").format(choices=",\n\t".join(self.choices))
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        # Match through normalization and case sensitivity
+        # first do token_normalize_func, then lowercase
+        # preserve original `value` to produce an accurate message in
+        # `self.fail`
+        normed_value = value
+        normed_choices = {choice: choice for choice in self.choices}
+
+        if ctx is not None and ctx.token_normalize_func is not None:
+            normed_value = ctx.token_normalize_func(value)
+            normed_choices = {
+                ctx.token_normalize_func(normed_choice): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if not self.case_sensitive:
+            normed_value = normed_value.casefold()
+            normed_choices = {
+                normed_choice.casefold(): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if normed_value in normed_choices:
+            return normed_choices[normed_value]
+
+        choices_str = ", ".join(map(repr, self.choices))
+        self.fail(
+            ngettext(
+                "{value!r} is not {choice}.",
+                "{value!r} is not one of {choices}.",
+                len(self.choices),
+            ).format(value=value, choice=choices_str, choices=choices_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return f"Choice({list(self.choices)})"
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Complete choices that start with the incomplete value.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        str_choices = map(str, self.choices)
+
+        if self.case_sensitive:
+            matched = (c for c in str_choices if c.startswith(incomplete))
+        else:
+            incomplete = incomplete.lower()
+            matched = (c for c in str_choices if c.lower().startswith(incomplete))
+
+        return [CompletionItem(c) for c in matched]
+
+
+class DateTime(ParamType):
+    """The DateTime type converts date strings into `datetime` objects.
+
+    The format strings which are checked are configurable, but default to some
+    common (non-timezone aware) ISO 8601 formats.
+
+    When specifying *DateTime* formats, you should only pass a list or a tuple.
+    Other iterables, like generators, may lead to surprising results.
+
+    The format strings are processed using ``datetime.strptime``, and this
+    consequently defines the format strings which are allowed.
+
+    Parsing is tried using each format, in order, and the first format which
+    parses successfully is used.
+
+    :param formats: A list or tuple of date format strings, in the order in
+                    which they should be tried. Defaults to
+                    ``'%Y-%m-%d'``, ``'%Y-%m-%dT%H:%M:%S'``,
+                    ``'%Y-%m-%d %H:%M:%S'``.
+    """
+
+    name = "datetime"
+
+    def __init__(self, formats: t.Optional[t.Sequence[str]] = None):
+        self.formats: t.Sequence[str] = formats or [
+            "%Y-%m-%d",
+            "%Y-%m-%dT%H:%M:%S",
+            "%Y-%m-%d %H:%M:%S",
+        ]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["formats"] = self.formats
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        return f"[{'|'.join(self.formats)}]"
+
+    def _try_to_convert_date(self, value: t.Any, format: str) -> t.Optional[datetime]:
+        try:
+            return datetime.strptime(value, format)
+        except ValueError:
+            return None
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, datetime):
+            return value
+
+        for format in self.formats:
+            converted = self._try_to_convert_date(value, format)
+
+            if converted is not None:
+                return converted
+
+        formats_str = ", ".join(map(repr, self.formats))
+        self.fail(
+            ngettext(
+                "{value!r} does not match the format {format}.",
+                "{value!r} does not match the formats {formats}.",
+                len(self.formats),
+            ).format(value=value, format=formats_str, formats=formats_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return "DateTime"
+
+
+class _NumberParamTypeBase(ParamType):
+    _number_class: t.ClassVar[t.Type[t.Any]]
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self._number_class(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid {number_type}.").format(
+                    value=value, number_type=self.name
+                ),
+                param,
+                ctx,
+            )
+
+
+class _NumberRangeBase(_NumberParamTypeBase):
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        self.min = min
+        self.max = max
+        self.min_open = min_open
+        self.max_open = max_open
+        self.clamp = clamp
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            min=self.min,
+            max=self.max,
+            min_open=self.min_open,
+            max_open=self.max_open,
+            clamp=self.clamp,
+        )
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import operator
+
+        rv = super().convert(value, param, ctx)
+        lt_min: bool = self.min is not None and (
+            operator.le if self.min_open else operator.lt
+        )(rv, self.min)
+        gt_max: bool = self.max is not None and (
+            operator.ge if self.max_open else operator.gt
+        )(rv, self.max)
+
+        if self.clamp:
+            if lt_min:
+                return self._clamp(self.min, 1, self.min_open)  # type: ignore
+
+            if gt_max:
+                return self._clamp(self.max, -1, self.max_open)  # type: ignore
+
+        if lt_min or gt_max:
+            self.fail(
+                _("{value} is not in the range {range}.").format(
+                    value=rv, range=self._describe_range()
+                ),
+                param,
+                ctx,
+            )
+
+        return rv
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        """Find the valid value to clamp to bound in the given
+        direction.
+
+        :param bound: The boundary value.
+        :param dir: 1 or -1 indicating the direction to move.
+        :param open: If true, the range does not include the bound.
+        """
+        raise NotImplementedError
+
+    def _describe_range(self) -> str:
+        """Describe the range for use in help text."""
+        if self.min is None:
+            op = "<" if self.max_open else "<="
+            return f"x{op}{self.max}"
+
+        if self.max is None:
+            op = ">" if self.min_open else ">="
+            return f"x{op}{self.min}"
+
+        lop = "<" if self.min_open else "<="
+        rop = "<" if self.max_open else "<="
+        return f"{self.min}{lop}x{rop}{self.max}"
+
+    def __repr__(self) -> str:
+        clamp = " clamped" if self.clamp else ""
+        return f"<{type(self).__name__} {self._describe_range()}{clamp}>"
+
+
+class IntParamType(_NumberParamTypeBase):
+    name = "integer"
+    _number_class = int
+
+    def __repr__(self) -> str:
+        return "INT"
+
+
+class IntRange(_NumberRangeBase, IntParamType):
+    """Restrict an :data:`click.INT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "integer range"
+
+    def _clamp(  # type: ignore
+        self, bound: int, dir: "te.Literal[1, -1]", open: bool
+    ) -> int:
+        if not open:
+            return bound
+
+        return bound + dir
+
+
+class FloatParamType(_NumberParamTypeBase):
+    name = "float"
+    _number_class = float
+
+    def __repr__(self) -> str:
+        return "FLOAT"
+
+
+class FloatRange(_NumberRangeBase, FloatParamType):
+    """Restrict a :data:`click.FLOAT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing. This is not supported if either
+    boundary is marked ``open``.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "float range"
+
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        super().__init__(
+            min=min, max=max, min_open=min_open, max_open=max_open, clamp=clamp
+        )
+
+        if (min_open or max_open) and clamp:
+            raise TypeError("Clamping is not supported for open bounds.")
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        if not open:
+            return bound
+
+        # Could use Python 3.9's math.nextafter here, but clamping an
+        # open float range doesn't seem to be particularly useful. It's
+        # left up to the user to write a callback to do it if needed.
+        raise RuntimeError("Clamping is not supported for open bounds.")
+
+
+class BoolParamType(ParamType):
+    name = "boolean"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if value in {False, True}:
+            return bool(value)
+
+        norm = value.strip().lower()
+
+        if norm in {"1", "true", "t", "yes", "y", "on"}:
+            return True
+
+        if norm in {"0", "false", "f", "no", "n", "off"}:
+            return False
+
+        self.fail(
+            _("{value!r} is not a valid boolean.").format(value=value), param, ctx
+        )
+
+    def __repr__(self) -> str:
+        return "BOOL"
+
+
+class UUIDParameterType(ParamType):
+    name = "uuid"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import uuid
+
+        if isinstance(value, uuid.UUID):
+            return value
+
+        value = value.strip()
+
+        try:
+            return uuid.UUID(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid UUID.").format(value=value), param, ctx
+            )
+
+    def __repr__(self) -> str:
+        return "UUID"
+
+
+class File(ParamType):
+    """Declares a parameter to be a file for reading or writing.  The file
+    is automatically closed once the context tears down (after the command
+    finished working).
+
+    Files can be opened for reading or writing.  The special value ``-``
+    indicates stdin or stdout depending on the mode.
+
+    By default, the file is opened for reading text data, but it can also be
+    opened in binary mode or for writing.  The encoding parameter can be used
+    to force a specific encoding.
+
+    The `lazy` flag controls if the file should be opened immediately or upon
+    first IO. The default is to be non-lazy for standard input and output
+    streams as well as files opened for reading, `lazy` otherwise. When opening a
+    file lazily for reading, it is still opened temporarily for validation, but
+    will not be held open until first IO. lazy is mainly useful when opening
+    for writing to avoid creating the file until it is needed.
+
+    Starting with Click 2.0, files can also be opened atomically in which
+    case all writes go into a separate file in the same folder and upon
+    completion the file will be moved over to the original location.  This
+    is useful if a file regularly read by other users is modified.
+
+    See :ref:`file-args` for more information.
+    """
+
+    name = "filename"
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        lazy: t.Optional[bool] = None,
+        atomic: bool = False,
+    ) -> None:
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.lazy = lazy
+        self.atomic = atomic
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(mode=self.mode, encoding=self.encoding)
+        return info_dict
+
+    def resolve_lazy_flag(self, value: "t.Union[str, os.PathLike[str]]") -> bool:
+        if self.lazy is not None:
+            return self.lazy
+        if os.fspath(value) == "-":
+            return False
+        elif "w" in self.mode:
+            return True
+        return False
+
+    def convert(
+        self,
+        value: t.Union[str, "os.PathLike[str]", t.IO[t.Any]],
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> t.IO[t.Any]:
+        if _is_file_like(value):
+            return value
+
+        value = t.cast("t.Union[str, os.PathLike[str]]", value)
+
+        try:
+            lazy = self.resolve_lazy_flag(value)
+
+            if lazy:
+                lf = LazyFile(
+                    value, self.mode, self.encoding, self.errors, atomic=self.atomic
+                )
+
+                if ctx is not None:
+                    ctx.call_on_close(lf.close_intelligently)
+
+                return t.cast(t.IO[t.Any], lf)
+
+            f, should_close = open_stream(
+                value, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+
+            # If a context is provided, we automatically close the file
+            # at the end of the context execution (or flush out).  If a
+            # context does not exist, it's the caller's responsibility to
+            # properly close the file.  This for instance happens when the
+            # type is used with prompts.
+            if ctx is not None:
+                if should_close:
+                    ctx.call_on_close(safecall(f.close))
+                else:
+                    ctx.call_on_close(safecall(f.flush))
+
+            return f
+        except OSError as e:  # noqa: B014
+            self.fail(f"'{format_filename(value)}': {e.strerror}", param, ctx)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide file path completions.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        return [CompletionItem(incomplete, type="file")]
+
+
+def _is_file_like(value: t.Any) -> "te.TypeGuard[t.IO[t.Any]]":
+    return hasattr(value, "read") or hasattr(value, "write")
+
+
+class Path(ParamType):
+    """The ``Path`` type is similar to the :class:`File` type, but
+    returns the filename instead of an open file. Various checks can be
+    enabled to validate the type of file and permissions.
+
+    :param exists: The file or directory needs to exist for the value to
+        be valid. If this is not set to ``True``, and the file does not
+        exist, then all further checks are silently skipped.
+    :param file_okay: Allow a file as a value.
+    :param dir_okay: Allow a directory as a value.
+    :param readable: if true, a readable check is performed.
+    :param writable: if true, a writable check is performed.
+    :param executable: if true, an executable check is performed.
+    :param resolve_path: Make the value absolute and resolve any
+        symlinks. A ``~`` is not expanded, as this is supposed to be
+        done by the shell only.
+    :param allow_dash: Allow a single dash as a value, which indicates
+        a standard stream (but does not open it). Use
+        :func:`~click.open_file` to handle opening this value.
+    :param path_type: Convert the incoming path value to this type. If
+        ``None``, keep Python's default, which is ``str``. Useful to
+        convert to :class:`pathlib.Path`.
+
+    .. versionchanged:: 8.1
+        Added the ``executable`` parameter.
+
+    .. versionchanged:: 8.0
+        Allow passing ``path_type=pathlib.Path``.
+
+    .. versionchanged:: 6.0
+        Added the ``allow_dash`` parameter.
+    """
+
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        exists: bool = False,
+        file_okay: bool = True,
+        dir_okay: bool = True,
+        writable: bool = False,
+        readable: bool = True,
+        resolve_path: bool = False,
+        allow_dash: bool = False,
+        path_type: t.Optional[t.Type[t.Any]] = None,
+        executable: bool = False,
+    ):
+        self.exists = exists
+        self.file_okay = file_okay
+        self.dir_okay = dir_okay
+        self.readable = readable
+        self.writable = writable
+        self.executable = executable
+        self.resolve_path = resolve_path
+        self.allow_dash = allow_dash
+        self.type = path_type
+
+        if self.file_okay and not self.dir_okay:
+            self.name: str = _("file")
+        elif self.dir_okay and not self.file_okay:
+            self.name = _("directory")
+        else:
+            self.name = _("path")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            exists=self.exists,
+            file_okay=self.file_okay,
+            dir_okay=self.dir_okay,
+            writable=self.writable,
+            readable=self.readable,
+            allow_dash=self.allow_dash,
+        )
+        return info_dict
+
+    def coerce_path_result(
+        self, value: "t.Union[str, os.PathLike[str]]"
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        if self.type is not None and not isinstance(value, self.type):
+            if self.type is str:
+                return os.fsdecode(value)
+            elif self.type is bytes:
+                return os.fsencode(value)
+            else:
+                return t.cast("os.PathLike[str]", self.type(value))
+
+        return value
+
+    def convert(
+        self,
+        value: "t.Union[str, os.PathLike[str]]",
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        rv = value
+
+        is_dash = self.file_okay and self.allow_dash and rv in (b"-", "-")
+
+        if not is_dash:
+            if self.resolve_path:
+                # os.path.realpath doesn't resolve symlinks on Windows
+                # until Python 3.8. Use pathlib for now.
+                import pathlib
+
+                rv = os.fsdecode(pathlib.Path(rv).resolve())
+
+            try:
+                st = os.stat(rv)
+            except OSError:
+                if not self.exists:
+                    return self.coerce_path_result(rv)
+                self.fail(
+                    _("{name} {filename!r} does not exist.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if not self.file_okay and stat.S_ISREG(st.st_mode):
+                self.fail(
+                    _("{name} {filename!r} is a file.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+            if not self.dir_okay and stat.S_ISDIR(st.st_mode):
+                self.fail(
+                    _("{name} '{filename}' is a directory.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.readable and not os.access(rv, os.R_OK):
+                self.fail(
+                    _("{name} {filename!r} is not readable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.writable and not os.access(rv, os.W_OK):
+                self.fail(
+                    _("{name} {filename!r} is not writable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.executable and not os.access(value, os.X_OK):
+                self.fail(
+                    _("{name} {filename!r} is not executable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+        return self.coerce_path_result(rv)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide path completions for only
+        directories or any paths.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        type = "dir" if self.dir_okay and not self.file_okay else "file"
+        return [CompletionItem(incomplete, type=type)]
+
+
+class Tuple(CompositeParamType):
+    """The default behavior of Click is to apply a type on a value directly.
+    This works well in most cases, except for when `nargs` is set to a fixed
+    count and different types should be used for different items.  In this
+    case the :class:`Tuple` type can be used.  This type can only be used
+    if `nargs` is set to a fixed number.
+
+    For more information see :ref:`tuple-type`.
+
+    This can be selected by using a Python tuple literal as a type.
+
+    :param types: a list of types that should be used for the tuple items.
+    """
+
+    def __init__(self, types: t.Sequence[t.Union[t.Type[t.Any], ParamType]]) -> None:
+        self.types: t.Sequence[ParamType] = [convert_type(ty) for ty in types]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["types"] = [t.to_info_dict() for t in self.types]
+        return info_dict
+
+    @property
+    def name(self) -> str:  # type: ignore
+        return f"<{' '.join(ty.name for ty in self.types)}>"
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        return len(self.types)
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        len_type = len(self.types)
+        len_value = len(value)
+
+        if len_value != len_type:
+            self.fail(
+                ngettext(
+                    "{len_type} values are required, but {len_value} was given.",
+                    "{len_type} values are required, but {len_value} were given.",
+                    len_value,
+                ).format(len_type=len_type, len_value=len_value),
+                param=param,
+                ctx=ctx,
+            )
+
+        return tuple(ty(x, param, ctx) for ty, x in zip(self.types, value))
+
+
+def convert_type(ty: t.Optional[t.Any], default: t.Optional[t.Any] = None) -> ParamType:
+    """Find the most appropriate :class:`ParamType` for the given Python
+    type. If the type isn't provided, it can be inferred from a default
+    value.
+    """
+    guessed_type = False
+
+    if ty is None and default is not None:
+        if isinstance(default, (tuple, list)):
+            # If the default is empty, ty will remain None and will
+            # return STRING.
+            if default:
+                item = default[0]
+
+                # A tuple of tuples needs to detect the inner types.
+                # Can't call convert recursively because that would
+                # incorrectly unwind the tuple to a single type.
+                if isinstance(item, (tuple, list)):
+                    ty = tuple(map(type, item))
+                else:
+                    ty = type(item)
+        else:
+            ty = type(default)
+
+        guessed_type = True
+
+    if isinstance(ty, tuple):
+        return Tuple(ty)
+
+    if isinstance(ty, ParamType):
+        return ty
+
+    if ty is str or ty is None:
+        return STRING
+
+    if ty is int:
+        return INT
+
+    if ty is float:
+        return FLOAT
+
+    if ty is bool:
+        return BOOL
+
+    if guessed_type:
+        return STRING
+
+    if __debug__:
+        try:
+            if issubclass(ty, ParamType):
+                raise AssertionError(
+                    f"Attempted to use an uninstantiated parameter type ({ty})."
+                )
+        except TypeError:
+            # ty is an instance (correct), so issubclass fails.
+            pass
+
+    return FuncParamType(ty)
+
+
+#: A dummy parameter type that just does nothing.  From a user's
+#: perspective this appears to just be the same as `STRING` but
+#: internally no string conversion takes place if the input was bytes.
+#: This is usually useful when working with file paths as they can
+#: appear in bytes and unicode.
+#:
+#: For path related uses the :class:`Path` type is a better choice but
+#: there are situations where an unprocessed type is useful which is why
+#: it is is provided.
+#:
+#: .. versionadded:: 4.0
+UNPROCESSED = UnprocessedParamType()
+
+#: A unicode string parameter type which is the implicit default.  This
+#: can also be selected by using ``str`` as type.
+STRING = StringParamType()
+
+#: An integer parameter.  This can also be selected by using ``int`` as
+#: type.
+INT = IntParamType()
+
+#: A floating point value parameter.  This can also be selected by using
+#: ``float`` as type.
+FLOAT = FloatParamType()
+
+#: A boolean parameter.  This is the default for boolean flags.  This can
+#: also be selected by using ``bool`` as a type.
+BOOL = BoolParamType()
+
+#: A UUID parameter.
+UUID = UUIDParameterType()
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/click/utils.py b/lib/go-jinja2/internal/data/darwin-amd64/click/utils.py
new file mode 100644
index 000000000..d536434f0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/click/utils.py
@@ -0,0 +1,624 @@
+import os
+import re
+import sys
+import typing as t
+from functools import update_wrapper
+from types import ModuleType
+from types import TracebackType
+
+from ._compat import _default_text_stderr
+from ._compat import _default_text_stdout
+from ._compat import _find_binary_writer
+from ._compat import auto_wrap_for_ansi
+from ._compat import binary_streams
+from ._compat import open_stream
+from ._compat import should_strip_ansi
+from ._compat import strip_ansi
+from ._compat import text_streams
+from ._compat import WIN
+from .globals import resolve_color_default
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+
+
+def _posixify(name: str) -> str:
+    return "-".join(name.split()).lower()
+
+
+def safecall(func: "t.Callable[P, R]") -> "t.Callable[P, t.Optional[R]]":
+    """Wraps a function so that it swallows exceptions."""
+
+    def wrapper(*args: "P.args", **kwargs: "P.kwargs") -> t.Optional[R]:
+        try:
+            return func(*args, **kwargs)
+        except Exception:
+            pass
+        return None
+
+    return update_wrapper(wrapper, func)
+
+
+def make_str(value: t.Any) -> str:
+    """Converts a value into a valid string."""
+    if isinstance(value, bytes):
+        try:
+            return value.decode(sys.getfilesystemencoding())
+        except UnicodeError:
+            return value.decode("utf-8", "replace")
+    return str(value)
+
+
+def make_default_short_help(help: str, max_length: int = 45) -> str:
+    """Returns a condensed version of help string."""
+    # Consider only the first paragraph.
+    paragraph_end = help.find("\n\n")
+
+    if paragraph_end != -1:
+        help = help[:paragraph_end]
+
+    # Collapse newlines, tabs, and spaces.
+    words = help.split()
+
+    if not words:
+        return ""
+
+    # The first paragraph started with a "no rewrap" marker, ignore it.
+    if words[0] == "\b":
+        words = words[1:]
+
+    total_length = 0
+    last_index = len(words) - 1
+
+    for i, word in enumerate(words):
+        total_length += len(word) + (i > 0)
+
+        if total_length > max_length:  # too long, truncate
+            break
+
+        if word[-1] == ".":  # sentence end, truncate without "..."
+            return " ".join(words[: i + 1])
+
+        if total_length == max_length and i != last_index:
+            break  # not at sentence end, truncate with "..."
+    else:
+        return " ".join(words)  # no truncation needed
+
+    # Account for the length of the suffix.
+    total_length += len("...")
+
+    # remove words until the length is short enough
+    while i > 0:
+        total_length -= len(words[i]) + (i > 0)
+
+        if total_length <= max_length:
+            break
+
+        i -= 1
+
+    return " ".join(words[:i]) + "..."
+
+
+class LazyFile:
+    """A lazy file works like a regular file but it does not fully open
+    the file but it does perform some basic checks early to see if the
+    filename parameter does make sense.  This is useful for safely opening
+    files for writing.
+    """
+
+    def __init__(
+        self,
+        filename: t.Union[str, "os.PathLike[str]"],
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        atomic: bool = False,
+    ):
+        self.name: str = os.fspath(filename)
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.atomic = atomic
+        self._f: t.Optional[t.IO[t.Any]]
+        self.should_close: bool
+
+        if self.name == "-":
+            self._f, self.should_close = open_stream(filename, mode, encoding, errors)
+        else:
+            if "r" in mode:
+                # Open and close the file in case we're opening it for
+                # reading so that we can catch at least some errors in
+                # some cases early.
+                open(filename, mode).close()
+            self._f = None
+            self.should_close = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self.open(), name)
+
+    def __repr__(self) -> str:
+        if self._f is not None:
+            return repr(self._f)
+        return f"<unopened file '{format_filename(self.name)}' {self.mode}>"
+
+    def open(self) -> t.IO[t.Any]:
+        """Opens the file if it's not yet open.  This call might fail with
+        a :exc:`FileError`.  Not handling this error will produce an error
+        that Click shows.
+        """
+        if self._f is not None:
+            return self._f
+        try:
+            rv, self.should_close = open_stream(
+                self.name, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+        except OSError as e:  # noqa: E402
+            from .exceptions import FileError
+
+            raise FileError(self.name, hint=e.strerror) from e
+        self._f = rv
+        return rv
+
+    def close(self) -> None:
+        """Closes the underlying file, no matter what."""
+        if self._f is not None:
+            self._f.close()
+
+    def close_intelligently(self) -> None:
+        """This function only closes the file if it was opened by the lazy
+        file wrapper.  For instance this will never close stdin.
+        """
+        if self.should_close:
+            self.close()
+
+    def __enter__(self) -> "LazyFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.close_intelligently()
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        self.open()
+        return iter(self._f)  # type: ignore
+
+
+class KeepOpenFile:
+    def __init__(self, file: t.IO[t.Any]) -> None:
+        self._file: t.IO[t.Any] = file
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._file, name)
+
+    def __enter__(self) -> "KeepOpenFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        pass
+
+    def __repr__(self) -> str:
+        return repr(self._file)
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        return iter(self._file)
+
+
+def echo(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.Any]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+) -> None:
+    """Print a message and newline to stdout or a file. This should be
+    used instead of :func:`print` because it provides better support
+    for different data, files, and environments.
+
+    Compared to :func:`print`, this does the following:
+
+    -   Ensures that the output encoding is not misconfigured on Linux.
+    -   Supports Unicode in the Windows console.
+    -   Supports writing to binary outputs, and supports writing bytes
+        to text outputs.
+    -   Supports colors and styles on Windows.
+    -   Removes ANSI color and style codes if the output does not look
+        like an interactive terminal.
+    -   Always flushes the output.
+
+    :param message: The string or bytes to output. Other objects are
+        converted to strings.
+    :param file: The file to write to. Defaults to ``stdout``.
+    :param err: Write to ``stderr`` instead of ``stdout``.
+    :param nl: Print a newline after the message. Enabled by default.
+    :param color: Force showing or hiding colors and other styles. By
+        default Click will remove color if the output does not look like
+        an interactive terminal.
+
+    .. versionchanged:: 6.0
+        Support Unicode output on the Windows console. Click does not
+        modify ``sys.stdout``, so ``sys.stdout.write()`` and ``print()``
+        will still not support Unicode.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter.
+
+    .. versionadded:: 3.0
+        Added the ``err`` parameter.
+
+    .. versionchanged:: 2.0
+        Support colors on Windows if colorama is installed.
+    """
+    if file is None:
+        if err:
+            file = _default_text_stderr()
+        else:
+            file = _default_text_stdout()
+
+        # There are no standard streams attached to write to. For example,
+        # pythonw on Windows.
+        if file is None:
+            return
+
+    # Convert non bytes/text into the native string type.
+    if message is not None and not isinstance(message, (str, bytes, bytearray)):
+        out: t.Optional[t.Union[str, bytes]] = str(message)
+    else:
+        out = message
+
+    if nl:
+        out = out or ""
+        if isinstance(out, str):
+            out += "\n"
+        else:
+            out += b"\n"
+
+    if not out:
+        file.flush()
+        return
+
+    # If there is a message and the value looks like bytes, we manually
+    # need to find the binary stream and write the message in there.
+    # This is done separately so that most stream types will work as you
+    # would expect. Eg: you can write to StringIO for other cases.
+    if isinstance(out, (bytes, bytearray)):
+        binary_file = _find_binary_writer(file)
+
+        if binary_file is not None:
+            file.flush()
+            binary_file.write(out)
+            binary_file.flush()
+            return
+
+    # ANSI style code support. For no message or bytes, nothing happens.
+    # When outputting to a file instead of a terminal, strip codes.
+    else:
+        color = resolve_color_default(color)
+
+        if should_strip_ansi(file, color):
+            out = strip_ansi(out)
+        elif WIN:
+            if auto_wrap_for_ansi is not None:
+                file = auto_wrap_for_ansi(file)  # type: ignore
+            elif not color:
+                out = strip_ansi(out)
+
+    file.write(out)  # type: ignore
+    file.flush()
+
+
+def get_binary_stream(name: "te.Literal['stdin', 'stdout', 'stderr']") -> t.BinaryIO:
+    """Returns a system stream for byte processing.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    """
+    opener = binary_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener()
+
+
+def get_text_stream(
+    name: "te.Literal['stdin', 'stdout', 'stderr']",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+) -> t.TextIO:
+    """Returns a system stream for text processing.  This usually returns
+    a wrapped stream around a binary stream returned from
+    :func:`get_binary_stream` but it also can take shortcuts for already
+    correctly configured streams.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    :param encoding: overrides the detected default encoding.
+    :param errors: overrides the default error mode.
+    """
+    opener = text_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener(encoding, errors)
+
+
+def open_file(
+    filename: str,
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    lazy: bool = False,
+    atomic: bool = False,
+) -> t.IO[t.Any]:
+    """Open a file, with extra behavior to handle ``'-'`` to indicate
+    a standard stream, lazy open on write, and atomic write. Similar to
+    the behavior of the :class:`~click.File` param type.
+
+    If ``'-'`` is given to open ``stdout`` or ``stdin``, the stream is
+    wrapped so that using it in a context manager will not close it.
+    This makes it possible to use the function without accidentally
+    closing a standard stream:
+
+    .. code-block:: python
+
+        with open_file(filename) as f:
+            ...
+
+    :param filename: The name of the file to open, or ``'-'`` for
+        ``stdin``/``stdout``.
+    :param mode: The mode in which to open the file.
+    :param encoding: The encoding to decode or encode a file opened in
+        text mode.
+    :param errors: The error handling mode.
+    :param lazy: Wait to open the file until it is accessed. For read
+        mode, the file is temporarily opened to raise access errors
+        early, then closed until it is read again.
+    :param atomic: Write to a temporary file and replace the given file
+        on close.
+
+    .. versionadded:: 3.0
+    """
+    if lazy:
+        return t.cast(
+            t.IO[t.Any], LazyFile(filename, mode, encoding, errors, atomic=atomic)
+        )
+
+    f, should_close = open_stream(filename, mode, encoding, errors, atomic=atomic)
+
+    if not should_close:
+        f = t.cast(t.IO[t.Any], KeepOpenFile(f))
+
+    return f
+
+
+def format_filename(
+    filename: "t.Union[str, bytes, os.PathLike[str], os.PathLike[bytes]]",
+    shorten: bool = False,
+) -> str:
+    """Format a filename as a string for display. Ensures the filename can be
+    displayed by replacing any invalid bytes or surrogate escapes in the name
+    with the replacement character ``�``.
+
+    Invalid bytes or surrogate escapes will raise an error when written to a
+    stream with ``errors="strict". This will typically happen with ``stdout``
+    when the locale is something like ``en_GB.UTF-8``.
+
+    Many scenarios *are* safe to write surrogates though, due to PEP 538 and
+    PEP 540, including:
+
+    -   Writing to ``stderr``, which uses ``errors="backslashreplace"``.
+    -   The system has ``LANG=C.UTF-8``, ``C``, or ``POSIX``. Python opens
+        stdout and stderr with ``errors="surrogateescape"``.
+    -   None of ``LANG/LC_*`` are set. Python assumes ``LANG=C.UTF-8``.
+    -   Python is started in UTF-8 mode  with  ``PYTHONUTF8=1`` or ``-X utf8``.
+        Python opens stdout and stderr with ``errors="surrogateescape"``.
+
+    :param filename: formats a filename for UI display.  This will also convert
+                     the filename into unicode without failing.
+    :param shorten: this optionally shortens the filename to strip of the
+                    path that leads up to it.
+    """
+    if shorten:
+        filename = os.path.basename(filename)
+    else:
+        filename = os.fspath(filename)
+
+    if isinstance(filename, bytes):
+        filename = filename.decode(sys.getfilesystemencoding(), "replace")
+    else:
+        filename = filename.encode("utf-8", "surrogateescape").decode(
+            "utf-8", "replace"
+        )
+
+    return filename
+
+
+def get_app_dir(app_name: str, roaming: bool = True, force_posix: bool = False) -> str:
+    r"""Returns the config folder for the application.  The default behavior
+    is to return whatever is most appropriate for the operating system.
+
+    To give you an idea, for an app called ``"Foo Bar"``, something like
+    the following folders could be returned:
+
+    Mac OS X:
+      ``~/Library/Application Support/Foo Bar``
+    Mac OS X (POSIX):
+      ``~/.foo-bar``
+    Unix:
+      ``~/.config/foo-bar``
+    Unix (POSIX):
+      ``~/.foo-bar``
+    Windows (roaming):
+      ``C:\Users\<user>\AppData\Roaming\Foo Bar``
+    Windows (not roaming):
+      ``C:\Users\<user>\AppData\Local\Foo Bar``
+
+    .. versionadded:: 2.0
+
+    :param app_name: the application name.  This should be properly capitalized
+                     and can contain whitespace.
+    :param roaming: controls if the folder should be roaming or not on Windows.
+                    Has no effect otherwise.
+    :param force_posix: if this is set to `True` then on any POSIX system the
+                        folder will be stored in the home folder with a leading
+                        dot instead of the XDG config home or darwin's
+                        application support folder.
+    """
+    if WIN:
+        key = "APPDATA" if roaming else "LOCALAPPDATA"
+        folder = os.environ.get(key)
+        if folder is None:
+            folder = os.path.expanduser("~")
+        return os.path.join(folder, app_name)
+    if force_posix:
+        return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))
+    if sys.platform == "darwin":
+        return os.path.join(
+            os.path.expanduser("~/Library/Application Support"), app_name
+        )
+    return os.path.join(
+        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),
+        _posixify(app_name),
+    )
+
+
+class PacifyFlushWrapper:
+    """This wrapper is used to catch and suppress BrokenPipeErrors resulting
+    from ``.flush()`` being called on broken pipe during the shutdown/final-GC
+    of the Python interpreter. Notably ``.flush()`` is always called on
+    ``sys.stdout`` and ``sys.stderr``. So as to have minimal impact on any
+    other cleanup code, and the case where the underlying file is not a broken
+    pipe, all calls and attributes are proxied.
+    """
+
+    def __init__(self, wrapped: t.IO[t.Any]) -> None:
+        self.wrapped = wrapped
+
+    def flush(self) -> None:
+        try:
+            self.wrapped.flush()
+        except OSError as e:
+            import errno
+
+            if e.errno != errno.EPIPE:
+                raise
+
+    def __getattr__(self, attr: str) -> t.Any:
+        return getattr(self.wrapped, attr)
+
+
+def _detect_program_name(
+    path: t.Optional[str] = None, _main: t.Optional[ModuleType] = None
+) -> str:
+    """Determine the command used to run the program, for use in help
+    text. If a file or entry point was executed, the file name is
+    returned. If ``python -m`` was used to execute a module or package,
+    ``python -m name`` is returned.
+
+    This doesn't try to be too precise, the goal is to give a concise
+    name for help text. Files are only shown as their name without the
+    path. ``python`` is only shown for modules, and the full path to
+    ``sys.executable`` is not shown.
+
+    :param path: The Python file being executed. Python puts this in
+        ``sys.argv[0]``, which is used by default.
+    :param _main: The ``__main__`` module. This should only be passed
+        during internal testing.
+
+    .. versionadded:: 8.0
+        Based on command args detection in the Werkzeug reloader.
+
+    :meta private:
+    """
+    if _main is None:
+        _main = sys.modules["__main__"]
+
+    if not path:
+        path = sys.argv[0]
+
+    # The value of __package__ indicates how Python was called. It may
+    # not exist if a setuptools script is installed as an egg. It may be
+    # set incorrectly for entry points created with pip on Windows.
+    # It is set to "" inside a Shiv or PEX zipapp.
+    if getattr(_main, "__package__", None) in {None, ""} or (
+        os.name == "nt"
+        and _main.__package__ == ""
+        and not os.path.exists(path)
+        and os.path.exists(f"{path}.exe")
+    ):
+        # Executed a file, like "python app.py".
+        return os.path.basename(path)
+
+    # Executed a module, like "python -m example".
+    # Rewritten by Python from "-m script" to "/path/to/script.py".
+    # Need to look at main module to determine how it was executed.
+    py_module = t.cast(str, _main.__package__)
+    name = os.path.splitext(os.path.basename(path))[0]
+
+    # A submodule like "example.cli".
+    if name != "__main__":
+        py_module = f"{py_module}.{name}"
+
+    return f"python -m {py_module.lstrip('.')}"
+
+
+def _expand_args(
+    args: t.Iterable[str],
+    *,
+    user: bool = True,
+    env: bool = True,
+    glob_recursive: bool = True,
+) -> t.List[str]:
+    """Simulate Unix shell expansion with Python functions.
+
+    See :func:`glob.glob`, :func:`os.path.expanduser`, and
+    :func:`os.path.expandvars`.
+
+    This is intended for use on Windows, where the shell does not do any
+    expansion. It may not exactly match what a Unix shell would do.
+
+    :param args: List of command line arguments to expand.
+    :param user: Expand user home directory.
+    :param env: Expand environment variables.
+    :param glob_recursive: ``**`` matches directories recursively.
+
+    .. versionchanged:: 8.1
+        Invalid glob patterns are treated as empty expansions rather
+        than raising an error.
+
+    .. versionadded:: 8.0
+
+    :meta private:
+    """
+    from glob import glob
+
+    out = []
+
+    for arg in args:
+        if user:
+            arg = os.path.expanduser(arg)
+
+        if env:
+            arg = os.path.expandvars(arg)
+
+        try:
+            matches = glob(arg, recursive=glob_recursive)
+        except re.error:
+            matches = []
+
+        if not matches:
+            out.append(arg)
+        else:
+            out.extend(matches)
+
+    return out
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/files.json b/lib/go-jinja2/internal/data/darwin-amd64/files.json
new file mode 100644
index 000000000..0b2e283b2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/files.json
@@ -0,0 +1,888 @@
+{
+  "contentHash": "d6fc8f26c0da5462509c87d32316bba4e8766aec5635673b2cd5cb73f0be68a2",
+  "files": [
+    {
+      "name": "MarkupSafe-2.1.5.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
+      "size": 3003,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
+      "size": 1190,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
+      "size": 111,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "size": 1101,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/METADATA",
+      "size": 2058,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "size": 2773,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "size": 111,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "_yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "_yaml/__init__.py",
+      "size": 1402,
+      "perm": 420
+    },
+    {
+      "name": "bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "bin/jsonpath_ng",
+      "size": 261,
+      "perm": 493
+    },
+    {
+      "name": "bin/slugify",
+      "size": 239,
+      "perm": 493
+    },
+    {
+      "name": "click",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/METADATA",
+      "size": 3014,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/RECORD",
+      "size": 2582,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/top_level.txt",
+      "size": 6,
+      "perm": 420
+    },
+    {
+      "name": "click/__init__.py",
+      "size": 3138,
+      "perm": 420
+    },
+    {
+      "name": "click/_compat.py",
+      "size": 18744,
+      "perm": 420
+    },
+    {
+      "name": "click/_termui_impl.py",
+      "size": 24069,
+      "perm": 420
+    },
+    {
+      "name": "click/_textwrap.py",
+      "size": 1353,
+      "perm": 420
+    },
+    {
+      "name": "click/_winconsole.py",
+      "size": 7860,
+      "perm": 420
+    },
+    {
+      "name": "click/core.py",
+      "size": 114086,
+      "perm": 420
+    },
+    {
+      "name": "click/decorators.py",
+      "size": 18719,
+      "perm": 420
+    },
+    {
+      "name": "click/exceptions.py",
+      "size": 9273,
+      "perm": 420
+    },
+    {
+      "name": "click/formatting.py",
+      "size": 9706,
+      "perm": 420
+    },
+    {
+      "name": "click/globals.py",
+      "size": 1961,
+      "perm": 420
+    },
+    {
+      "name": "click/parser.py",
+      "size": 19067,
+      "perm": 420
+    },
+    {
+      "name": "click/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click/shell_completion.py",
+      "size": 18460,
+      "perm": 420
+    },
+    {
+      "name": "click/termui.py",
+      "size": 28324,
+      "perm": 420
+    },
+    {
+      "name": "click/testing.py",
+      "size": 16084,
+      "perm": 420
+    },
+    {
+      "name": "click/types.py",
+      "size": 36391,
+      "perm": 420
+    },
+    {
+      "name": "click/utils.py",
+      "size": 20298,
+      "perm": 420
+    },
+    {
+      "name": "jinja2",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/LICENSE.txt",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/METADATA",
+      "size": 2640,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/RECORD",
+      "size": 3697,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/WHEEL",
+      "size": 81,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/entry_points.txt",
+      "size": 58,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/__init__.py",
+      "size": 1928,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/_identifier.py",
+      "size": 1958,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/async_utils.py",
+      "size": 2477,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/bccache.py",
+      "size": 14061,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/compiler.py",
+      "size": 72271,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/constants.py",
+      "size": 1433,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/debug.py",
+      "size": 6299,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/defaults.py",
+      "size": 1267,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/environment.py",
+      "size": 61538,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/exceptions.py",
+      "size": 5071,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/ext.py",
+      "size": 31877,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/filters.py",
+      "size": 54611,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/idtracking.py",
+      "size": 10704,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/lexer.py",
+      "size": 29754,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/loaders.py",
+      "size": 23167,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/meta.py",
+      "size": 4397,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nativetypes.py",
+      "size": 4210,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nodes.py",
+      "size": 34579,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/optimizer.py",
+      "size": 1651,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/parser.py",
+      "size": 39890,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/runtime.py",
+      "size": 33435,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/sandbox.py",
+      "size": 14616,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/tests.py",
+      "size": 5926,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/utils.py",
+      "size": 23952,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/visitor.py",
+      "size": 3557,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "size": 11358,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
+      "size": 18072,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "size": 2549,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
+      "size": 69,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "size": 12,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/__init__.py",
+      "size": 116,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/bin/__init__.py",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin/jsonpath.py",
+      "size": 2057,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/exceptions.py",
+      "size": 146,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/ext/__init__.py",
+      "size": 605,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/arithmetic.py",
+      "size": 2381,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/filter.py",
+      "size": 4312,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/iterable.py",
+      "size": 3680,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/parser.py",
+      "size": 5351,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/string.py",
+      "size": 3261,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/jsonpath.py",
+      "size": 26402,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/lexer.py",
+      "size": 5231,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/parser.py",
+      "size": 5883,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "markupsafe/__init__.py",
+      "size": 10958,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_native.py",
+      "size": 1713,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.c",
+      "size": 7083,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.cpython-311-darwin.so",
+      "size": 35272,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "markupsafe/_speedups.pyi",
+      "size": 229,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "ply",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info/DESCRIPTION.rst",
+      "size": 519,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/METADATA",
+      "size": 844,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/RECORD",
+      "size": 1211,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/metadata.json",
+      "size": 515,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/top_level.txt",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply/__init__.py",
+      "size": 103,
+      "perm": 420
+    },
+    {
+      "name": "ply/cpp.py",
+      "size": 33639,
+      "perm": 420
+    },
+    {
+      "name": "ply/ctokens.py",
+      "size": 3155,
+      "perm": 420
+    },
+    {
+      "name": "ply/lex.py",
+      "size": 42905,
+      "perm": 420
+    },
+    {
+      "name": "ply/yacc.py",
+      "size": 137736,
+      "perm": 420
+    },
+    {
+      "name": "ply/ygen.py",
+      "size": 2246,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/LICENSE",
+      "size": 1103,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/METADATA",
+      "size": 8469,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/RECORD",
+      "size": 1489,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/entry_points.txt",
+      "size": 50,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/top_level.txt",
+      "size": 8,
+      "perm": 420
+    },
+    {
+      "name": "slugify",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "slugify/__init__.py",
+      "size": 346,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__main__.py",
+      "size": 3961,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__version__.py",
+      "size": 325,
+      "perm": 420
+    },
+    {
+      "name": "slugify/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "slugify/slugify.py",
+      "size": 6180,
+      "perm": 420
+    },
+    {
+      "name": "slugify/special.py",
+      "size": 1222,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/DESCRIPTION.rst",
+      "size": 1199,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/LICENSE.txt",
+      "size": 6535,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/METADATA",
+      "size": 2422,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/RECORD",
+      "size": 937,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/metadata.json",
+      "size": 1299,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/top_level.txt",
+      "size": 15,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/__init__.py",
+      "size": 484,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/data.bin",
+      "size": 311077,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "yaml/__init__.py",
+      "size": 12311,
+      "perm": 420
+    },
+    {
+      "name": "yaml/_yaml.cpython-311-darwin.so",
+      "size": 429464,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "yaml/composer.py",
+      "size": 4883,
+      "perm": 420
+    },
+    {
+      "name": "yaml/constructor.py",
+      "size": 28639,
+      "perm": 420
+    },
+    {
+      "name": "yaml/cyaml.py",
+      "size": 3851,
+      "perm": 420
+    },
+    {
+      "name": "yaml/dumper.py",
+      "size": 2837,
+      "perm": 420
+    },
+    {
+      "name": "yaml/emitter.py",
+      "size": 43006,
+      "perm": 420
+    },
+    {
+      "name": "yaml/error.py",
+      "size": 2533,
+      "perm": 420
+    },
+    {
+      "name": "yaml/events.py",
+      "size": 2445,
+      "perm": 420
+    },
+    {
+      "name": "yaml/loader.py",
+      "size": 2061,
+      "perm": 420
+    },
+    {
+      "name": "yaml/nodes.py",
+      "size": 1440,
+      "perm": 420
+    },
+    {
+      "name": "yaml/parser.py",
+      "size": 25495,
+      "perm": 420
+    },
+    {
+      "name": "yaml/reader.py",
+      "size": 6794,
+      "perm": 420
+    },
+    {
+      "name": "yaml/representer.py",
+      "size": 14190,
+      "perm": 420
+    },
+    {
+      "name": "yaml/resolver.py",
+      "size": 9004,
+      "perm": 420
+    },
+    {
+      "name": "yaml/scanner.py",
+      "size": 51279,
+      "perm": 420
+    },
+    {
+      "name": "yaml/serializer.py",
+      "size": 4165,
+      "perm": 420
+    },
+    {
+      "name": "yaml/tokens.py",
+      "size": 2573,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
new file mode 100644
index 000000000..c37cae49e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
@@ -0,0 +1,28 @@
+Copyright 2007 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/METADATA
new file mode 100644
index 000000000..265cc32e1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/METADATA
@@ -0,0 +1,76 @@
+Metadata-Version: 2.1
+Name: Jinja2
+Version: 3.1.4
+Summary: A very fast and expressive template engine.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Dist: MarkupSafe>=2.0
+Requires-Dist: Babel>=2.7 ; extra == "i18n"
+Project-URL: Changes, https://jinja.palletsprojects.com/changes/
+Project-URL: Chat, https://discord.gg/pallets
+Project-URL: Documentation, https://jinja.palletsprojects.com/
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Source, https://github.com/pallets/jinja/
+Provides-Extra: i18n
+
+# Jinja
+
+Jinja is a fast, expressive, extensible templating engine. Special
+placeholders in the template allow writing code similar to Python
+syntax. Then the template is passed data to render the final document.
+
+It includes:
+
+-   Template inheritance and inclusion.
+-   Define and import macros within templates.
+-   HTML templates can use autoescaping to prevent XSS from untrusted
+    user input.
+-   A sandboxed environment can safely render untrusted templates.
+-   AsyncIO support for generating templates and calling async
+    functions.
+-   I18N support with Babel.
+-   Templates are compiled to optimized Python code just-in-time and
+    cached, or can be compiled ahead-of-time.
+-   Exceptions point to the correct line in templates to make debugging
+    easier.
+-   Extensible filters, tests, functions, and even syntax.
+
+Jinja's philosophy is that while application logic belongs in Python if
+possible, it shouldn't make the template designer's job difficult by
+restricting functionality too much.
+
+
+## In A Nutshell
+
+.. code-block:: jinja
+
+    {% extends "base.html" %}
+    {% block title %}Members{% endblock %}
+    {% block content %}
+      <ul>
+      {% for user in users %}
+        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+      {% endfor %}
+      </ul>
+    {% endblock %}
+
+
+## Donate
+
+The Pallets organization develops and supports Jinja and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, [please
+donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/RECORD
new file mode 100644
index 000000000..e9bdca35c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/RECORD
@@ -0,0 +1,58 @@
+jinja2-3.1.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2-3.1.4.dist-info/LICENSE.txt,sha256=O0nc7kEF6ze6wQ-vG-JgQI_oXSUrjp3y4JefweCUQ3s,1475
+jinja2-3.1.4.dist-info/METADATA,sha256=R_brzpPQVBvpGcsm-WbrtgotO7suQ1D0F-qkhTzeEfY,2640
+jinja2-3.1.4.dist-info/RECORD,,
+jinja2-3.1.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2-3.1.4.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+jinja2-3.1.4.dist-info/entry_points.txt,sha256=OL85gYU1eD8cuPlikifFngXpeBjaxl6rIJ8KkC_3r-I,58
+jinja2/__init__.py,sha256=wIl45IM20KGw-kfr7jJhaBxxX5g4-kihlBYjxopX7Pw,1928
+jinja2/__pycache__/__init__.cpython-311.pyc,,
+jinja2/__pycache__/_identifier.cpython-311.pyc,,
+jinja2/__pycache__/async_utils.cpython-311.pyc,,
+jinja2/__pycache__/bccache.cpython-311.pyc,,
+jinja2/__pycache__/compiler.cpython-311.pyc,,
+jinja2/__pycache__/constants.cpython-311.pyc,,
+jinja2/__pycache__/debug.cpython-311.pyc,,
+jinja2/__pycache__/defaults.cpython-311.pyc,,
+jinja2/__pycache__/environment.cpython-311.pyc,,
+jinja2/__pycache__/exceptions.cpython-311.pyc,,
+jinja2/__pycache__/ext.cpython-311.pyc,,
+jinja2/__pycache__/filters.cpython-311.pyc,,
+jinja2/__pycache__/idtracking.cpython-311.pyc,,
+jinja2/__pycache__/lexer.cpython-311.pyc,,
+jinja2/__pycache__/loaders.cpython-311.pyc,,
+jinja2/__pycache__/meta.cpython-311.pyc,,
+jinja2/__pycache__/nativetypes.cpython-311.pyc,,
+jinja2/__pycache__/nodes.cpython-311.pyc,,
+jinja2/__pycache__/optimizer.cpython-311.pyc,,
+jinja2/__pycache__/parser.cpython-311.pyc,,
+jinja2/__pycache__/runtime.cpython-311.pyc,,
+jinja2/__pycache__/sandbox.cpython-311.pyc,,
+jinja2/__pycache__/tests.cpython-311.pyc,,
+jinja2/__pycache__/utils.cpython-311.pyc,,
+jinja2/__pycache__/visitor.cpython-311.pyc,,
+jinja2/_identifier.py,sha256=_zYctNKzRqlk_murTNlzrju1FFJL7Va_Ijqqd7ii2lU,1958
+jinja2/async_utils.py,sha256=JXKWCAXmTx0iZB4-hAsF50vgjxw_RJTjiLOlGGTBso0,2477
+jinja2/bccache.py,sha256=gh0qs9rulnXo0PhX5jTJy2UHzI8wFnQ63o_vw7nhzRg,14061
+jinja2/compiler.py,sha256=dpV-n6_iQUP4uSwlXwGUavJmwjvXdyxKzJ-AonFjPBk,72271
+jinja2/constants.py,sha256=GMoFydBF_kdpaRKPoM5cl5MviquVRLVyZtfp5-16jg0,1433
+jinja2/debug.py,sha256=iWJ432RadxJNnaMOPrjIDInz50UEgni3_HKuFXi2vuQ,6299
+jinja2/defaults.py,sha256=boBcSw78h-lp20YbaXSJsqkAI2uN_mD_TtCydpeq5wU,1267
+jinja2/environment.py,sha256=xhFkmxO0CESA76Ki5tz4XWq9yzGu-t0p93JCCVBVNps,61538
+jinja2/exceptions.py,sha256=ioHeHrWwCWNaXX1inHmHVblvc4haO7AXsjCp3GfWvx0,5071
+jinja2/ext.py,sha256=igsBH7c6C0byHaOtMbE-ugpt4GjLGgR-ywskyXtKgq8,31877
+jinja2/filters.py,sha256=bKeqjFjjz88TkHVLSyyMIEB75CzAN6b3Airgx0phJDg,54611
+jinja2/idtracking.py,sha256=GfNmadir4oDALVxzn3DL9YInhJDr69ebXeA2ygfuCGA,10704
+jinja2/lexer.py,sha256=xnWWXhPndHFsoqzpc5VTjheDE9JuKk9MUo9DZkrM8Os,29754
+jinja2/loaders.py,sha256=ru0GIWHo5KiHJi7_MoI_LvGDoBBvP6rd0hiC1ReaTwk,23167
+jinja2/meta.py,sha256=OTDPkaFvU2Hgvx-6akz7154F8BIWaRmvJcBFvwopHww,4397
+jinja2/nativetypes.py,sha256=7GIGALVJgdyL80oZJdQUaUfwSt5q2lSSZbXt0dNf_M4,4210
+jinja2/nodes.py,sha256=m1Duzcr6qhZI8JQ6VyJgUNinjAf5bQzijSmDnMsvUx8,34579
+jinja2/optimizer.py,sha256=rJnCRlQ7pZsEEmMhsQDgC_pKyDHxP5TPS6zVPGsgcu8,1651
+jinja2/parser.py,sha256=DV1iF1FR2Rsaj_5zl8rmx7j6Bj4S8iLHoYsvJ0bfEis,39890
+jinja2/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2/runtime.py,sha256=POXT3tKNKJRENx2CymwUsOOXH2JwGPjW702njB5__cQ,33435
+jinja2/sandbox.py,sha256=TJjBNS9qRJ2ZgBMWdAgRBpyDLOHea2kT-2mk4PrjYx0,14616
+jinja2/tests.py,sha256=VLsBhVFnWg-PxSBz1MhRnNWgP1ovXk3neO1FLQMeC9Q,5926
+jinja2/utils.py,sha256=nV7IpWLvRCMyHW1irBAK8CIPAnOFfkb2ukggDBjbBEY,23952
+jinja2/visitor.py,sha256=EcnL1PIwf_4RVCOMxsRNuR8AXHbS1qfAdMOE2ngKJz4,3557
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/WHEEL
new file mode 100644
index 000000000..3b5e64b5e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/WHEEL
@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: flit 3.9.0
+Root-Is-Purelib: true
+Tag: py3-none-any
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..abc3eae3b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2-3.1.4.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[babel.extractors]
+jinja2=jinja2.ext:babel_extract[i18n]
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/__init__.py
new file mode 100644
index 000000000..2f0b5b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/__init__.py
@@ -0,0 +1,38 @@
+"""Jinja is a template engine written in pure Python. It provides a
+non-XML syntax that supports inline expressions and an optional
+sandboxed environment.
+"""
+
+from .bccache import BytecodeCache as BytecodeCache
+from .bccache import FileSystemBytecodeCache as FileSystemBytecodeCache
+from .bccache import MemcachedBytecodeCache as MemcachedBytecodeCache
+from .environment import Environment as Environment
+from .environment import Template as Template
+from .exceptions import TemplateAssertionError as TemplateAssertionError
+from .exceptions import TemplateError as TemplateError
+from .exceptions import TemplateNotFound as TemplateNotFound
+from .exceptions import TemplateRuntimeError as TemplateRuntimeError
+from .exceptions import TemplatesNotFound as TemplatesNotFound
+from .exceptions import TemplateSyntaxError as TemplateSyntaxError
+from .exceptions import UndefinedError as UndefinedError
+from .loaders import BaseLoader as BaseLoader
+from .loaders import ChoiceLoader as ChoiceLoader
+from .loaders import DictLoader as DictLoader
+from .loaders import FileSystemLoader as FileSystemLoader
+from .loaders import FunctionLoader as FunctionLoader
+from .loaders import ModuleLoader as ModuleLoader
+from .loaders import PackageLoader as PackageLoader
+from .loaders import PrefixLoader as PrefixLoader
+from .runtime import ChainableUndefined as ChainableUndefined
+from .runtime import DebugUndefined as DebugUndefined
+from .runtime import make_logging_undefined as make_logging_undefined
+from .runtime import StrictUndefined as StrictUndefined
+from .runtime import Undefined as Undefined
+from .utils import clear_caches as clear_caches
+from .utils import is_undefined as is_undefined
+from .utils import pass_context as pass_context
+from .utils import pass_environment as pass_environment
+from .utils import pass_eval_context as pass_eval_context
+from .utils import select_autoescape as select_autoescape
+
+__version__ = "3.1.4"
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/_identifier.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/_identifier.py
new file mode 100644
index 000000000..928c1503c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/_identifier.py
@@ -0,0 +1,6 @@
+import re
+
+# generated by scripts/generate_identifier_pattern.py
+pattern = re.compile(
+    r"[\w·̀-ͯ·҃-֑҇-ׇֽֿׁׂׅׄؐ-ًؚ-ٰٟۖ-ۜ۟-۪ۤۧۨ-ܑۭܰ-݊ަ-ް߫-߽߳ࠖ-࠙ࠛ-ࠣࠥ-ࠧࠩ-࡙࠭-࡛࣓-ࣣ࣡-ःऺ-़ा-ॏ॑-ॗॢॣঁ-ঃ়া-ৄেৈো-্ৗৢৣ৾ਁ-ਃ਼ਾ-ੂੇੈੋ-੍ੑੰੱੵઁ-ઃ઼ા-ૅે-ૉો-્ૢૣૺ-૿ଁ-ଃ଼ା-ୄେୈୋ-୍ୖୗୢୣஂா-ூெ-ைொ-்ௗఀ-ఄా-ౄె-ైొ-్ౕౖౢౣಁ-ಃ಼ಾ-ೄೆ-ೈೊ-್ೕೖೢೣഀ-ഃ഻഼ാ-ൄെ-ൈൊ-്ൗൢൣංඃ්ා-ුූෘ-ෟෲෳัิ-ฺ็-๎ັິ-ູົຼ່-ໍ༹༘༙༵༷༾༿ཱ-྄྆྇ྍ-ྗྙ-ྼ࿆ါ-ှၖ-ၙၞ-ၠၢ-ၤၧ-ၭၱ-ၴႂ-ႍႏႚ-ႝ፝-፟ᜒ-᜔ᜲ-᜴ᝒᝓᝲᝳ឴-៓៝᠋-᠍ᢅᢆᢩᤠ-ᤫᤰ-᤻ᨗ-ᨛᩕ-ᩞ᩠-᩿᩼᪰-᪽ᬀ-ᬄ᬴-᭄᭫-᭳ᮀ-ᮂᮡ-ᮭ᯦-᯳ᰤ-᰷᳐-᳔᳒-᳨᳭ᳲ-᳴᳷-᳹᷀-᷹᷻-᷿‿⁀⁔⃐-⃥⃜⃡-⃰℘℮⳯-⵿⳱ⷠ-〪ⷿ-゙゚〯꙯ꙴ-꙽ꚞꚟ꛰꛱ꠂ꠆ꠋꠣ-ꠧꢀꢁꢴ-ꣅ꣠-꣱ꣿꤦ-꤭ꥇ-꥓ꦀ-ꦃ꦳-꧀ꧥꨩ-ꨶꩃꩌꩍꩻ-ꩽꪰꪲ-ꪴꪷꪸꪾ꪿꫁ꫫ-ꫯꫵ꫶ꯣ-ꯪ꯬꯭ﬞ︀-️︠-︯︳︴﹍-﹏＿𐇽𐋠𐍶-𐍺𐨁-𐨃𐨅𐨆𐨌-𐨏𐨸-𐨿𐨺𐫦𐫥𐴤-𐽆𐴧-𐽐𑀀-𑀂𑀸-𑁆𑁿-𑂂𑂰-𑂺𑄀-𑄂𑄧-𑄴𑅅𑅆𑅳𑆀-𑆂𑆳-𑇀𑇉-𑇌𑈬-𑈷𑈾𑋟-𑋪𑌀-𑌃𑌻𑌼𑌾-𑍄𑍇𑍈𑍋-𑍍𑍗𑍢𑍣𑍦-𑍬𑍰-𑍴𑐵-𑑆𑑞𑒰-𑓃𑖯-𑖵𑖸-𑗀𑗜𑗝𑘰-𑙀𑚫-𑚷𑜝-𑜫𑠬-𑠺𑨁-𑨊𑨳-𑨹𑨻-𑨾𑩇𑩑-𑩛𑪊-𑪙𑰯-𑰶𑰸-𑰿𑲒-𑲧𑲩-𑲶𑴱-𑴶𑴺𑴼𑴽𑴿-𑵅𑵇𑶊-𑶎𑶐𑶑𑶓-𑶗𑻳-𑻶𖫰-𖫴𖬰-𖬶𖽑-𖽾𖾏-𖾒𛲝𛲞𝅥-𝅩𝅭-𝅲𝅻-𝆂𝆅-𝆋𝆪-𝆭𝉂-𝉄𝨀-𝨶𝨻-𝩬𝩵𝪄𝪛-𝪟𝪡-𝪯𞀀-𞀆𞀈-𞀘𞀛-𞀡𞀣𞀤𞀦-𞣐𞀪-𞣖𞥄-𞥊󠄀-󠇯]+"  # noqa: B950
+)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/async_utils.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/async_utils.py
new file mode 100644
index 000000000..e65219e49
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/async_utils.py
@@ -0,0 +1,84 @@
+import inspect
+import typing as t
+from functools import WRAPPER_ASSIGNMENTS
+from functools import wraps
+
+from .utils import _PassArg
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+
+
+def async_variant(normal_func):  # type: ignore
+    def decorator(async_func):  # type: ignore
+        pass_arg = _PassArg.from_obj(normal_func)
+        need_eval_context = pass_arg is None
+
+        if pass_arg is _PassArg.environment:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].is_async)
+
+        else:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].environment.is_async)
+
+        # Take the doc and annotations from the sync function, but the
+        # name from the async function. Pallets-Sphinx-Themes
+        # build_function_directive expects __wrapped__ to point to the
+        # sync function.
+        async_func_attrs = ("__module__", "__name__", "__qualname__")
+        normal_func_attrs = tuple(set(WRAPPER_ASSIGNMENTS).difference(async_func_attrs))
+
+        @wraps(normal_func, assigned=normal_func_attrs)
+        @wraps(async_func, assigned=async_func_attrs, updated=())
+        def wrapper(*args, **kwargs):  # type: ignore
+            b = is_async(args)
+
+            if need_eval_context:
+                args = args[1:]
+
+            if b:
+                return async_func(*args, **kwargs)
+
+            return normal_func(*args, **kwargs)
+
+        if need_eval_context:
+            wrapper = pass_eval_context(wrapper)
+
+        wrapper.jinja_async_variant = True  # type: ignore[attr-defined]
+        return wrapper
+
+    return decorator
+
+
+_common_primitives = {int, float, bool, str, list, dict, tuple, type(None)}
+
+
+async def auto_await(value: t.Union[t.Awaitable["V"], "V"]) -> "V":
+    # Avoid a costly call to isawaitable
+    if type(value) in _common_primitives:
+        return t.cast("V", value)
+
+    if inspect.isawaitable(value):
+        return await t.cast("t.Awaitable[V]", value)
+
+    return t.cast("V", value)
+
+
+async def auto_aiter(
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> "t.AsyncIterator[V]":
+    if hasattr(iterable, "__aiter__"):
+        async for item in t.cast("t.AsyncIterable[V]", iterable):
+            yield item
+    else:
+        for item in iterable:
+            yield item
+
+
+async def auto_to_list(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> t.List["V"]:
+    return [x async for x in auto_aiter(value)]
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/bccache.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/bccache.py
new file mode 100644
index 000000000..ada8b099f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/bccache.py
@@ -0,0 +1,408 @@
+"""The optional bytecode cache system. This is useful if you have very
+complex template situations and the compilation of all those templates
+slows down your application too much.
+
+Situations where this is useful are often forking web applications that
+are initialized on the first request.
+"""
+
+import errno
+import fnmatch
+import marshal
+import os
+import pickle
+import stat
+import sys
+import tempfile
+import typing as t
+from hashlib import sha1
+from io import BytesIO
+from types import CodeType
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class _MemcachedClient(te.Protocol):
+        def get(self, key: str) -> bytes: ...
+
+        def set(
+            self, key: str, value: bytes, timeout: t.Optional[int] = None
+        ) -> None: ...
+
+
+bc_version = 5
+# Magic bytes to identify Jinja bytecode cache files. Contains the
+# Python major and minor version to avoid loading incompatible bytecode
+# if a project upgrades its Python version.
+bc_magic = (
+    b"j2"
+    + pickle.dumps(bc_version, 2)
+    + pickle.dumps((sys.version_info[0] << 24) | sys.version_info[1], 2)
+)
+
+
+class Bucket:
+    """Buckets are used to store the bytecode for one template.  It's created
+    and initialized by the bytecode cache and passed to the loading functions.
+
+    The buckets get an internal checksum from the cache assigned and use this
+    to automatically reject outdated cache material.  Individual bytecode
+    cache subclasses don't have to care about cache invalidation.
+    """
+
+    def __init__(self, environment: "Environment", key: str, checksum: str) -> None:
+        self.environment = environment
+        self.key = key
+        self.checksum = checksum
+        self.reset()
+
+    def reset(self) -> None:
+        """Resets the bucket (unloads the bytecode)."""
+        self.code: t.Optional[CodeType] = None
+
+    def load_bytecode(self, f: t.BinaryIO) -> None:
+        """Loads bytecode from a file or file like object."""
+        # make sure the magic header is correct
+        magic = f.read(len(bc_magic))
+        if magic != bc_magic:
+            self.reset()
+            return
+        # the source code of the file changed, we need to reload
+        checksum = pickle.load(f)
+        if self.checksum != checksum:
+            self.reset()
+            return
+        # if marshal_load fails then we need to reload
+        try:
+            self.code = marshal.load(f)
+        except (EOFError, ValueError, TypeError):
+            self.reset()
+            return
+
+    def write_bytecode(self, f: t.IO[bytes]) -> None:
+        """Dump the bytecode into the file or file like object passed."""
+        if self.code is None:
+            raise TypeError("can't write empty bucket")
+        f.write(bc_magic)
+        pickle.dump(self.checksum, f, 2)
+        marshal.dump(self.code, f)
+
+    def bytecode_from_string(self, string: bytes) -> None:
+        """Load bytecode from bytes."""
+        self.load_bytecode(BytesIO(string))
+
+    def bytecode_to_string(self) -> bytes:
+        """Return the bytecode as bytes."""
+        out = BytesIO()
+        self.write_bytecode(out)
+        return out.getvalue()
+
+
+class BytecodeCache:
+    """To implement your own bytecode cache you have to subclass this class
+    and override :meth:`load_bytecode` and :meth:`dump_bytecode`.  Both of
+    these methods are passed a :class:`~jinja2.bccache.Bucket`.
+
+    A very basic bytecode cache that saves the bytecode on the file system::
+
+        from os import path
+
+        class MyCache(BytecodeCache):
+
+            def __init__(self, directory):
+                self.directory = directory
+
+            def load_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                if path.exists(filename):
+                    with open(filename, 'rb') as f:
+                        bucket.load_bytecode(f)
+
+            def dump_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                with open(filename, 'wb') as f:
+                    bucket.write_bytecode(f)
+
+    A more advanced version of a filesystem based bytecode cache is part of
+    Jinja.
+    """
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to load bytecode into a
+        bucket.  If they are not able to find code in the cache for the
+        bucket, it must not do anything.
+        """
+        raise NotImplementedError()
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to write the bytecode
+        from a bucket back to the cache.  If it unable to do so it must not
+        fail silently but raise an exception.
+        """
+        raise NotImplementedError()
+
+    def clear(self) -> None:
+        """Clears the cache.  This method is not used by Jinja but should be
+        implemented to allow applications to clear the bytecode cache used
+        by a particular environment.
+        """
+
+    def get_cache_key(
+        self, name: str, filename: t.Optional[t.Union[str]] = None
+    ) -> str:
+        """Returns the unique hash key for this template name."""
+        hash = sha1(name.encode("utf-8"))
+
+        if filename is not None:
+            hash.update(f"|{filename}".encode())
+
+        return hash.hexdigest()
+
+    def get_source_checksum(self, source: str) -> str:
+        """Returns a checksum for the source."""
+        return sha1(source.encode("utf-8")).hexdigest()
+
+    def get_bucket(
+        self,
+        environment: "Environment",
+        name: str,
+        filename: t.Optional[str],
+        source: str,
+    ) -> Bucket:
+        """Return a cache bucket for the given template.  All arguments are
+        mandatory but filename may be `None`.
+        """
+        key = self.get_cache_key(name, filename)
+        checksum = self.get_source_checksum(source)
+        bucket = Bucket(environment, key, checksum)
+        self.load_bytecode(bucket)
+        return bucket
+
+    def set_bucket(self, bucket: Bucket) -> None:
+        """Put the bucket into the cache."""
+        self.dump_bytecode(bucket)
+
+
+class FileSystemBytecodeCache(BytecodeCache):
+    """A bytecode cache that stores bytecode on the filesystem.  It accepts
+    two arguments: The directory where the cache items are stored and a
+    pattern string that is used to build the filename.
+
+    If no directory is specified a default cache directory is selected.  On
+    Windows the user's temp directory is used, on UNIX systems a directory
+    is created for the user in the system temp directory.
+
+    The pattern can be used to have multiple separate caches operate on the
+    same directory.  The default pattern is ``'__jinja2_%s.cache'``.  ``%s``
+    is replaced with the cache key.
+
+    >>> bcc = FileSystemBytecodeCache('/tmp/jinja_cache', '%s.cache')
+
+    This bytecode cache supports clearing of the cache using the clear method.
+    """
+
+    def __init__(
+        self, directory: t.Optional[str] = None, pattern: str = "__jinja2_%s.cache"
+    ) -> None:
+        if directory is None:
+            directory = self._get_default_cache_dir()
+        self.directory = directory
+        self.pattern = pattern
+
+    def _get_default_cache_dir(self) -> str:
+        def _unsafe_dir() -> "te.NoReturn":
+            raise RuntimeError(
+                "Cannot determine safe temp directory.  You "
+                "need to explicitly provide one."
+            )
+
+        tmpdir = tempfile.gettempdir()
+
+        # On windows the temporary directory is used specific unless
+        # explicitly forced otherwise.  We can just use that.
+        if os.name == "nt":
+            return tmpdir
+        if not hasattr(os, "getuid"):
+            _unsafe_dir()
+
+        dirname = f"_jinja2-cache-{os.getuid()}"
+        actual_dir = os.path.join(tmpdir, dirname)
+
+        try:
+            os.mkdir(actual_dir, stat.S_IRWXU)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+        try:
+            os.chmod(actual_dir, stat.S_IRWXU)
+            actual_dir_stat = os.lstat(actual_dir)
+            if (
+                actual_dir_stat.st_uid != os.getuid()
+                or not stat.S_ISDIR(actual_dir_stat.st_mode)
+                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+            ):
+                _unsafe_dir()
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+
+        actual_dir_stat = os.lstat(actual_dir)
+        if (
+            actual_dir_stat.st_uid != os.getuid()
+            or not stat.S_ISDIR(actual_dir_stat.st_mode)
+            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+        ):
+            _unsafe_dir()
+
+        return actual_dir
+
+    def _get_cache_filename(self, bucket: Bucket) -> str:
+        return os.path.join(self.directory, self.pattern % (bucket.key,))
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        filename = self._get_cache_filename(bucket)
+
+        # Don't test for existence before opening the file, since the
+        # file could disappear after the test before the open.
+        try:
+            f = open(filename, "rb")
+        except (FileNotFoundError, IsADirectoryError, PermissionError):
+            # PermissionError can occur on Windows when an operation is
+            # in progress, such as calling clear().
+            return
+
+        with f:
+            bucket.load_bytecode(f)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        # Write to a temporary file, then rename to the real name after
+        # writing. This avoids another process reading the file before
+        # it is fully written.
+        name = self._get_cache_filename(bucket)
+        f = tempfile.NamedTemporaryFile(
+            mode="wb",
+            dir=os.path.dirname(name),
+            prefix=os.path.basename(name),
+            suffix=".tmp",
+            delete=False,
+        )
+
+        def remove_silent() -> None:
+            try:
+                os.remove(f.name)
+            except OSError:
+                # Another process may have called clear(). On Windows,
+                # another program may be holding the file open.
+                pass
+
+        try:
+            with f:
+                bucket.write_bytecode(f)
+        except BaseException:
+            remove_silent()
+            raise
+
+        try:
+            os.replace(f.name, name)
+        except OSError:
+            # Another process may have called clear(). On Windows,
+            # another program may be holding the file open.
+            remove_silent()
+        except BaseException:
+            remove_silent()
+            raise
+
+    def clear(self) -> None:
+        # imported lazily here because google app-engine doesn't support
+        # write access on the file system and the function does not exist
+        # normally.
+        from os import remove
+
+        files = fnmatch.filter(os.listdir(self.directory), self.pattern % ("*",))
+        for filename in files:
+            try:
+                remove(os.path.join(self.directory, filename))
+            except OSError:
+                pass
+
+
+class MemcachedBytecodeCache(BytecodeCache):
+    """This class implements a bytecode cache that uses a memcache cache for
+    storing the information.  It does not enforce a specific memcache library
+    (tummy's memcache or cmemcache) but will accept any class that provides
+    the minimal interface required.
+
+    Libraries compatible with this class:
+
+    -   `cachelib <https://github.com/pallets/cachelib>`_
+    -   `python-memcached <https://pypi.org/project/python-memcached/>`_
+
+    (Unfortunately the django cache interface is not compatible because it
+    does not support storing binary data, only text. You can however pass
+    the underlying cache client to the bytecode cache which is available
+    as `django.core.cache.cache._client`.)
+
+    The minimal interface for the client passed to the constructor is this:
+
+    .. class:: MinimalClientInterface
+
+        .. method:: set(key, value[, timeout])
+
+            Stores the bytecode in the cache.  `value` is a string and
+            `timeout` the timeout of the key.  If timeout is not provided
+            a default timeout or no timeout should be assumed, if it's
+            provided it's an integer with the number of seconds the cache
+            item should exist.
+
+        .. method:: get(key)
+
+            Returns the value for the cache key.  If the item does not
+            exist in the cache the return value must be `None`.
+
+    The other arguments to the constructor are the prefix for all keys that
+    is added before the actual cache key and the timeout for the bytecode in
+    the cache system.  We recommend a high (or no) timeout.
+
+    This bytecode cache does not support clearing of used items in the cache.
+    The clear method is a no-operation function.
+
+    .. versionadded:: 2.7
+       Added support for ignoring memcache errors through the
+       `ignore_memcache_errors` parameter.
+    """
+
+    def __init__(
+        self,
+        client: "_MemcachedClient",
+        prefix: str = "jinja2/bytecode/",
+        timeout: t.Optional[int] = None,
+        ignore_memcache_errors: bool = True,
+    ):
+        self.client = client
+        self.prefix = prefix
+        self.timeout = timeout
+        self.ignore_memcache_errors = ignore_memcache_errors
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        try:
+            code = self.client.get(self.prefix + bucket.key)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
+        else:
+            bucket.bytecode_from_string(code)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        key = self.prefix + bucket.key
+        value = bucket.bytecode_to_string()
+
+        try:
+            if self.timeout is not None:
+                self.client.set(key, value, self.timeout)
+            else:
+                self.client.set(key, value)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/compiler.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/compiler.py
new file mode 100644
index 000000000..274071750
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/compiler.py
@@ -0,0 +1,1960 @@
+"""Compiles nodes from the parser into Python code."""
+
+import typing as t
+from contextlib import contextmanager
+from functools import update_wrapper
+from io import StringIO
+from itertools import chain
+from keyword import iskeyword as is_python_keyword
+
+from markupsafe import escape
+from markupsafe import Markup
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .idtracking import Symbols
+from .idtracking import VAR_LOAD_ALIAS
+from .idtracking import VAR_LOAD_PARAMETER
+from .idtracking import VAR_LOAD_RESOLVE
+from .idtracking import VAR_LOAD_UNDEFINED
+from .nodes import EvalContext
+from .optimizer import Optimizer
+from .utils import _PassArg
+from .utils import concat
+from .visitor import NodeVisitor
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+operators = {
+    "eq": "==",
+    "ne": "!=",
+    "gt": ">",
+    "gteq": ">=",
+    "lt": "<",
+    "lteq": "<=",
+    "in": "in",
+    "notin": "not in",
+}
+
+
+def optimizeconst(f: F) -> F:
+    def new_func(
+        self: "CodeGenerator", node: nodes.Expr, frame: "Frame", **kwargs: t.Any
+    ) -> t.Any:
+        # Only optimize if the frame is not volatile
+        if self.optimizer is not None and not frame.eval_ctx.volatile:
+            new_node = self.optimizer.visit(node, frame.eval_ctx)
+
+            if new_node != node:
+                return self.visit(new_node, frame)
+
+        return f(self, node, frame, **kwargs)
+
+    return update_wrapper(t.cast(F, new_func), f)
+
+
+def _make_binop(op: str) -> t.Callable[["CodeGenerator", nodes.BinExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.BinExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_binops  # type: ignore
+        ):
+            self.write(f"environment.call_binop(context, {op!r}, ")
+            self.visit(node.left, frame)
+            self.write(", ")
+            self.visit(node.right, frame)
+        else:
+            self.write("(")
+            self.visit(node.left, frame)
+            self.write(f" {op} ")
+            self.visit(node.right, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def _make_unop(
+    op: str,
+) -> t.Callable[["CodeGenerator", nodes.UnaryExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.UnaryExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_unops  # type: ignore
+        ):
+            self.write(f"environment.call_unop(context, {op!r}, ")
+            self.visit(node.node, frame)
+        else:
+            self.write("(" + op)
+            self.visit(node.node, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def generate(
+    node: nodes.Template,
+    environment: "Environment",
+    name: t.Optional[str],
+    filename: t.Optional[str],
+    stream: t.Optional[t.TextIO] = None,
+    defer_init: bool = False,
+    optimized: bool = True,
+) -> t.Optional[str]:
+    """Generate the python source for a node tree."""
+    if not isinstance(node, nodes.Template):
+        raise TypeError("Can't compile non template nodes")
+
+    generator = environment.code_generator_class(
+        environment, name, filename, stream, defer_init, optimized
+    )
+    generator.visit(node)
+
+    if stream is None:
+        return generator.stream.getvalue()  # type: ignore
+
+    return None
+
+
+def has_safe_repr(value: t.Any) -> bool:
+    """Does the node have a safe representation?"""
+    if value is None or value is NotImplemented or value is Ellipsis:
+        return True
+
+    if type(value) in {bool, int, float, complex, range, str, Markup}:
+        return True
+
+    if type(value) in {tuple, list, set, frozenset}:
+        return all(has_safe_repr(v) for v in value)
+
+    if type(value) is dict:  # noqa E721
+        return all(has_safe_repr(k) and has_safe_repr(v) for k, v in value.items())
+
+    return False
+
+
+def find_undeclared(
+    nodes: t.Iterable[nodes.Node], names: t.Iterable[str]
+) -> t.Set[str]:
+    """Check if the names passed are accessed undeclared.  The return value
+    is a set of all the undeclared names from the sequence of names found.
+    """
+    visitor = UndeclaredNameVisitor(names)
+    try:
+        for node in nodes:
+            visitor.visit(node)
+    except VisitorExit:
+        pass
+    return visitor.undeclared
+
+
+class MacroRef:
+    def __init__(self, node: t.Union[nodes.Macro, nodes.CallBlock]) -> None:
+        self.node = node
+        self.accesses_caller = False
+        self.accesses_kwargs = False
+        self.accesses_varargs = False
+
+
+class Frame:
+    """Holds compile time information for us."""
+
+    def __init__(
+        self,
+        eval_ctx: EvalContext,
+        parent: t.Optional["Frame"] = None,
+        level: t.Optional[int] = None,
+    ) -> None:
+        self.eval_ctx = eval_ctx
+
+        # the parent of this frame
+        self.parent = parent
+
+        if parent is None:
+            self.symbols = Symbols(level=level)
+
+            # in some dynamic inheritance situations the compiler needs to add
+            # write tests around output statements.
+            self.require_output_check = False
+
+            # inside some tags we are using a buffer rather than yield statements.
+            # this for example affects {% filter %} or {% macro %}.  If a frame
+            # is buffered this variable points to the name of the list used as
+            # buffer.
+            self.buffer: t.Optional[str] = None
+
+            # the name of the block we're in, otherwise None.
+            self.block: t.Optional[str] = None
+
+        else:
+            self.symbols = Symbols(parent.symbols, level=level)
+            self.require_output_check = parent.require_output_check
+            self.buffer = parent.buffer
+            self.block = parent.block
+
+        # a toplevel frame is the root + soft frames such as if conditions.
+        self.toplevel = False
+
+        # the root frame is basically just the outermost frame, so no if
+        # conditions.  This information is used to optimize inheritance
+        # situations.
+        self.rootlevel = False
+
+        # variables set inside of loops and blocks should not affect outer frames,
+        # but they still needs to be kept track of as part of the active context.
+        self.loop_frame = False
+        self.block_frame = False
+
+        # track whether the frame is being used in an if-statement or conditional
+        # expression as it determines which errors should be raised during runtime
+        # or compile time.
+        self.soft_frame = False
+
+    def copy(self) -> "Frame":
+        """Create a copy of the current one."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.symbols = self.symbols.copy()
+        return rv
+
+    def inner(self, isolated: bool = False) -> "Frame":
+        """Return an inner frame."""
+        if isolated:
+            return Frame(self.eval_ctx, level=self.symbols.level + 1)
+        return Frame(self.eval_ctx, self)
+
+    def soft(self) -> "Frame":
+        """Return a soft frame.  A soft frame may not be modified as
+        standalone thing as it shares the resources with the frame it
+        was created of, but it's not a rootlevel frame any longer.
+
+        This is only used to implement if-statements and conditional
+        expressions.
+        """
+        rv = self.copy()
+        rv.rootlevel = False
+        rv.soft_frame = True
+        return rv
+
+    __copy__ = copy
+
+
+class VisitorExit(RuntimeError):
+    """Exception used by the `UndeclaredNameVisitor` to signal a stop."""
+
+
+class DependencyFinderVisitor(NodeVisitor):
+    """A visitor that collects filter and test calls."""
+
+    def __init__(self) -> None:
+        self.filters: t.Set[str] = set()
+        self.tests: t.Set[str] = set()
+
+    def visit_Filter(self, node: nodes.Filter) -> None:
+        self.generic_visit(node)
+        self.filters.add(node.name)
+
+    def visit_Test(self, node: nodes.Test) -> None:
+        self.generic_visit(node)
+        self.tests.add(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting at blocks."""
+
+
+class UndeclaredNameVisitor(NodeVisitor):
+    """A visitor that checks if a name is accessed without being
+    declared.  This is different from the frame visitor as it will
+    not stop at closure frames.
+    """
+
+    def __init__(self, names: t.Iterable[str]) -> None:
+        self.names = set(names)
+        self.undeclared: t.Set[str] = set()
+
+    def visit_Name(self, node: nodes.Name) -> None:
+        if node.ctx == "load" and node.name in self.names:
+            self.undeclared.add(node.name)
+            if self.undeclared == self.names:
+                raise VisitorExit()
+        else:
+            self.names.discard(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting a blocks."""
+
+
+class CompilerExit(Exception):
+    """Raised if the compiler encountered a situation where it just
+    doesn't make sense to further process the code.  Any block that
+    raises such an exception is not further processed.
+    """
+
+
+class CodeGenerator(NodeVisitor):
+    def __init__(
+        self,
+        environment: "Environment",
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        stream: t.Optional[t.TextIO] = None,
+        defer_init: bool = False,
+        optimized: bool = True,
+    ) -> None:
+        if stream is None:
+            stream = StringIO()
+        self.environment = environment
+        self.name = name
+        self.filename = filename
+        self.stream = stream
+        self.created_block_context = False
+        self.defer_init = defer_init
+        self.optimizer: t.Optional[Optimizer] = None
+
+        if optimized:
+            self.optimizer = Optimizer(environment)
+
+        # aliases for imports
+        self.import_aliases: t.Dict[str, str] = {}
+
+        # a registry for all blocks.  Because blocks are moved out
+        # into the global python scope they are registered here
+        self.blocks: t.Dict[str, nodes.Block] = {}
+
+        # the number of extends statements so far
+        self.extends_so_far = 0
+
+        # some templates have a rootlevel extends.  In this case we
+        # can safely assume that we're a child template and do some
+        # more optimizations.
+        self.has_known_extends = False
+
+        # the current line number
+        self.code_lineno = 1
+
+        # registry of all filters and tests (global, not block local)
+        self.tests: t.Dict[str, str] = {}
+        self.filters: t.Dict[str, str] = {}
+
+        # the debug information
+        self.debug_info: t.List[t.Tuple[int, int]] = []
+        self._write_debug_info: t.Optional[int] = None
+
+        # the number of new lines before the next write()
+        self._new_lines = 0
+
+        # the line number of the last written statement
+        self._last_line = 0
+
+        # true if nothing was written so far.
+        self._first_write = True
+
+        # used by the `temporary_identifier` method to get new
+        # unique, temporary identifier
+        self._last_identifier = 0
+
+        # the current indentation
+        self._indentation = 0
+
+        # Tracks toplevel assignments
+        self._assign_stack: t.List[t.Set[str]] = []
+
+        # Tracks parameter definition blocks
+        self._param_def_block: t.List[t.Set[str]] = []
+
+        # Tracks the current context.
+        self._context_reference_stack = ["context"]
+
+    @property
+    def optimized(self) -> bool:
+        return self.optimizer is not None
+
+    # -- Various compilation helpers
+
+    def fail(self, msg: str, lineno: int) -> "te.NoReturn":
+        """Fail with a :exc:`TemplateAssertionError`."""
+        raise TemplateAssertionError(msg, lineno, self.name, self.filename)
+
+    def temporary_identifier(self) -> str:
+        """Get a new unique identifier."""
+        self._last_identifier += 1
+        return f"t_{self._last_identifier}"
+
+    def buffer(self, frame: Frame) -> None:
+        """Enable buffering for the frame from that point onwards."""
+        frame.buffer = self.temporary_identifier()
+        self.writeline(f"{frame.buffer} = []")
+
+    def return_buffer_contents(
+        self, frame: Frame, force_unescaped: bool = False
+    ) -> None:
+        """Return the buffer contents of the frame."""
+        if not force_unescaped:
+            if frame.eval_ctx.volatile:
+                self.writeline("if context.eval_ctx.autoescape:")
+                self.indent()
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                self.outdent()
+                self.writeline("else:")
+                self.indent()
+                self.writeline(f"return concat({frame.buffer})")
+                self.outdent()
+                return
+            elif frame.eval_ctx.autoescape:
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                return
+        self.writeline(f"return concat({frame.buffer})")
+
+    def indent(self) -> None:
+        """Indent by one."""
+        self._indentation += 1
+
+    def outdent(self, step: int = 1) -> None:
+        """Outdent by step."""
+        self._indentation -= step
+
+    def start_write(self, frame: Frame, node: t.Optional[nodes.Node] = None) -> None:
+        """Yield or write into the frame buffer."""
+        if frame.buffer is None:
+            self.writeline("yield ", node)
+        else:
+            self.writeline(f"{frame.buffer}.append(", node)
+
+    def end_write(self, frame: Frame) -> None:
+        """End the writing process started by `start_write`."""
+        if frame.buffer is not None:
+            self.write(")")
+
+    def simple_write(
+        self, s: str, frame: Frame, node: t.Optional[nodes.Node] = None
+    ) -> None:
+        """Simple shortcut for start_write + write + end_write."""
+        self.start_write(frame, node)
+        self.write(s)
+        self.end_write(frame)
+
+    def blockvisit(self, nodes: t.Iterable[nodes.Node], frame: Frame) -> None:
+        """Visit a list of nodes as block in a frame.  If the current frame
+        is no buffer a dummy ``if 0: yield None`` is written automatically.
+        """
+        try:
+            self.writeline("pass")
+            for node in nodes:
+                self.visit(node, frame)
+        except CompilerExit:
+            pass
+
+    def write(self, x: str) -> None:
+        """Write a string into the output stream."""
+        if self._new_lines:
+            if not self._first_write:
+                self.stream.write("\n" * self._new_lines)
+                self.code_lineno += self._new_lines
+                if self._write_debug_info is not None:
+                    self.debug_info.append((self._write_debug_info, self.code_lineno))
+                    self._write_debug_info = None
+            self._first_write = False
+            self.stream.write("    " * self._indentation)
+            self._new_lines = 0
+        self.stream.write(x)
+
+    def writeline(
+        self, x: str, node: t.Optional[nodes.Node] = None, extra: int = 0
+    ) -> None:
+        """Combination of newline and write."""
+        self.newline(node, extra)
+        self.write(x)
+
+    def newline(self, node: t.Optional[nodes.Node] = None, extra: int = 0) -> None:
+        """Add one or more newlines before the next write."""
+        self._new_lines = max(self._new_lines, 1 + extra)
+        if node is not None and node.lineno != self._last_line:
+            self._write_debug_info = node.lineno
+            self._last_line = node.lineno
+
+    def signature(
+        self,
+        node: t.Union[nodes.Call, nodes.Filter, nodes.Test],
+        frame: Frame,
+        extra_kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> None:
+        """Writes a function call to the stream for the current node.
+        A leading comma is added automatically.  The extra keyword
+        arguments may not include python keywords otherwise a syntax
+        error could occur.  The extra keyword arguments should be given
+        as python dict.
+        """
+        # if any of the given keyword arguments is a python keyword
+        # we have to make sure that no invalid call is created.
+        kwarg_workaround = any(
+            is_python_keyword(t.cast(str, k))
+            for k in chain((x.key for x in node.kwargs), extra_kwargs or ())
+        )
+
+        for arg in node.args:
+            self.write(", ")
+            self.visit(arg, frame)
+
+        if not kwarg_workaround:
+            for kwarg in node.kwargs:
+                self.write(", ")
+                self.visit(kwarg, frame)
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f", {key}={value}")
+        if node.dyn_args:
+            self.write(", *")
+            self.visit(node.dyn_args, frame)
+
+        if kwarg_workaround:
+            if node.dyn_kwargs is not None:
+                self.write(", **dict({")
+            else:
+                self.write(", **{")
+            for kwarg in node.kwargs:
+                self.write(f"{kwarg.key!r}: ")
+                self.visit(kwarg.value, frame)
+                self.write(", ")
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f"{key!r}: {value}, ")
+            if node.dyn_kwargs is not None:
+                self.write("}, **")
+                self.visit(node.dyn_kwargs, frame)
+                self.write(")")
+            else:
+                self.write("}")
+
+        elif node.dyn_kwargs is not None:
+            self.write(", **")
+            self.visit(node.dyn_kwargs, frame)
+
+    def pull_dependencies(self, nodes: t.Iterable[nodes.Node]) -> None:
+        """Find all filter and test names used in the template and
+        assign them to variables in the compiled namespace. Checking
+        that the names are registered with the environment is done when
+        compiling the Filter and Test nodes. If the node is in an If or
+        CondExpr node, the check is done at runtime instead.
+
+        .. versionchanged:: 3.0
+            Filters and tests in If and CondExpr nodes are checked at
+            runtime instead of compile time.
+        """
+        visitor = DependencyFinderVisitor()
+
+        for node in nodes:
+            visitor.visit(node)
+
+        for id_map, names, dependency in (
+            (self.filters, visitor.filters, "filters"),
+            (
+                self.tests,
+                visitor.tests,
+                "tests",
+            ),
+        ):
+            for name in sorted(names):
+                if name not in id_map:
+                    id_map[name] = self.temporary_identifier()
+
+                # add check during runtime that dependencies used inside of executed
+                # blocks are defined, as this step may be skipped during compile time
+                self.writeline("try:")
+                self.indent()
+                self.writeline(f"{id_map[name]} = environment.{dependency}[{name!r}]")
+                self.outdent()
+                self.writeline("except KeyError:")
+                self.indent()
+                self.writeline("@internalcode")
+                self.writeline(f"def {id_map[name]}(*unused):")
+                self.indent()
+                self.writeline(
+                    f'raise TemplateRuntimeError("No {dependency[:-1]}'
+                    f' named {name!r} found.")'
+                )
+                self.outdent()
+                self.outdent()
+
+    def enter_frame(self, frame: Frame) -> None:
+        undefs = []
+        for target, (action, param) in frame.symbols.loads.items():
+            if action == VAR_LOAD_PARAMETER:
+                pass
+            elif action == VAR_LOAD_RESOLVE:
+                self.writeline(f"{target} = {self.get_resolve_func()}({param!r})")
+            elif action == VAR_LOAD_ALIAS:
+                self.writeline(f"{target} = {param}")
+            elif action == VAR_LOAD_UNDEFINED:
+                undefs.append(target)
+            else:
+                raise NotImplementedError("unknown load instruction")
+        if undefs:
+            self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def leave_frame(self, frame: Frame, with_python_scope: bool = False) -> None:
+        if not with_python_scope:
+            undefs = []
+            for target in frame.symbols.loads:
+                undefs.append(target)
+            if undefs:
+                self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def choose_async(self, async_value: str = "async ", sync_value: str = "") -> str:
+        return async_value if self.environment.is_async else sync_value
+
+    def func(self, name: str) -> str:
+        return f"{self.choose_async()}def {name}"
+
+    def macro_body(
+        self, node: t.Union[nodes.Macro, nodes.CallBlock], frame: Frame
+    ) -> t.Tuple[Frame, MacroRef]:
+        """Dump the function def of a macro or call block."""
+        frame = frame.inner()
+        frame.symbols.analyze_node(node)
+        macro_ref = MacroRef(node)
+
+        explicit_caller = None
+        skip_special_params = set()
+        args = []
+
+        for idx, arg in enumerate(node.args):
+            if arg.name == "caller":
+                explicit_caller = idx
+            if arg.name in ("kwargs", "varargs"):
+                skip_special_params.add(arg.name)
+            args.append(frame.symbols.ref(arg.name))
+
+        undeclared = find_undeclared(node.body, ("caller", "kwargs", "varargs"))
+
+        if "caller" in undeclared:
+            # In older Jinja versions there was a bug that allowed caller
+            # to retain the special behavior even if it was mentioned in
+            # the argument list.  However thankfully this was only really
+            # working if it was the last argument.  So we are explicitly
+            # checking this now and error out if it is anywhere else in
+            # the argument list.
+            if explicit_caller is not None:
+                try:
+                    node.defaults[explicit_caller - len(node.args)]
+                except IndexError:
+                    self.fail(
+                        "When defining macros or call blocks the "
+                        'special "caller" argument must be omitted '
+                        "or be given a default.",
+                        node.lineno,
+                    )
+            else:
+                args.append(frame.symbols.declare_parameter("caller"))
+            macro_ref.accesses_caller = True
+        if "kwargs" in undeclared and "kwargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("kwargs"))
+            macro_ref.accesses_kwargs = True
+        if "varargs" in undeclared and "varargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("varargs"))
+            macro_ref.accesses_varargs = True
+
+        # macros are delayed, they never require output checks
+        frame.require_output_check = False
+        frame.symbols.analyze_node(node)
+        self.writeline(f"{self.func('macro')}({', '.join(args)}):", node)
+        self.indent()
+
+        self.buffer(frame)
+        self.enter_frame(frame)
+
+        self.push_parameter_definitions(frame)
+        for idx, arg in enumerate(node.args):
+            ref = frame.symbols.ref(arg.name)
+            self.writeline(f"if {ref} is missing:")
+            self.indent()
+            try:
+                default = node.defaults[idx - len(node.args)]
+            except IndexError:
+                self.writeline(
+                    f'{ref} = undefined("parameter {arg.name!r} was not provided",'
+                    f" name={arg.name!r})"
+                )
+            else:
+                self.writeline(f"{ref} = ")
+                self.visit(default, frame)
+            self.mark_parameter_stored(ref)
+            self.outdent()
+        self.pop_parameter_definitions()
+
+        self.blockvisit(node.body, frame)
+        self.return_buffer_contents(frame, force_unescaped=True)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        return frame, macro_ref
+
+    def macro_def(self, macro_ref: MacroRef, frame: Frame) -> None:
+        """Dump the macro definition for the def created by macro_body."""
+        arg_tuple = ", ".join(repr(x.name) for x in macro_ref.node.args)
+        name = getattr(macro_ref.node, "name", None)
+        if len(macro_ref.node.args) == 1:
+            arg_tuple += ","
+        self.write(
+            f"Macro(environment, macro, {name!r}, ({arg_tuple}),"
+            f" {macro_ref.accesses_kwargs!r}, {macro_ref.accesses_varargs!r},"
+            f" {macro_ref.accesses_caller!r}, context.eval_ctx.autoescape)"
+        )
+
+    def position(self, node: nodes.Node) -> str:
+        """Return a human readable position for the node."""
+        rv = f"line {node.lineno}"
+        if self.name is not None:
+            rv = f"{rv} in {self.name!r}"
+        return rv
+
+    def dump_local_context(self, frame: Frame) -> str:
+        items_kv = ", ".join(
+            f"{name!r}: {target}"
+            for name, target in frame.symbols.dump_stores().items()
+        )
+        return f"{{{items_kv}}}"
+
+    def write_commons(self) -> None:
+        """Writes a common preamble that is used by root and block functions.
+        Primarily this sets up common local helpers and enforces a generator
+        through a dead branch.
+        """
+        self.writeline("resolve = context.resolve_or_missing")
+        self.writeline("undefined = environment.undefined")
+        self.writeline("concat = environment.concat")
+        # always use the standard Undefined class for the implicit else of
+        # conditional expressions
+        self.writeline("cond_expr_undefined = Undefined")
+        self.writeline("if 0: yield None")
+
+    def push_parameter_definitions(self, frame: Frame) -> None:
+        """Pushes all parameter targets from the given frame into a local
+        stack that permits tracking of yet to be assigned parameters.  In
+        particular this enables the optimization from `visit_Name` to skip
+        undefined expressions for parameters in macros as macros can reference
+        otherwise unbound parameters.
+        """
+        self._param_def_block.append(frame.symbols.dump_param_targets())
+
+    def pop_parameter_definitions(self) -> None:
+        """Pops the current parameter definitions set."""
+        self._param_def_block.pop()
+
+    def mark_parameter_stored(self, target: str) -> None:
+        """Marks a parameter in the current parameter definitions as stored.
+        This will skip the enforced undefined checks.
+        """
+        if self._param_def_block:
+            self._param_def_block[-1].discard(target)
+
+    def push_context_reference(self, target: str) -> None:
+        self._context_reference_stack.append(target)
+
+    def pop_context_reference(self) -> None:
+        self._context_reference_stack.pop()
+
+    def get_context_ref(self) -> str:
+        return self._context_reference_stack[-1]
+
+    def get_resolve_func(self) -> str:
+        target = self._context_reference_stack[-1]
+        if target == "context":
+            return "resolve"
+        return f"{target}.resolve"
+
+    def derive_context(self, frame: Frame) -> str:
+        return f"{self.get_context_ref()}.derived({self.dump_local_context(frame)})"
+
+    def parameter_is_undeclared(self, target: str) -> bool:
+        """Checks if a given target is an undeclared parameter."""
+        if not self._param_def_block:
+            return False
+        return target in self._param_def_block[-1]
+
+    def push_assign_tracking(self) -> None:
+        """Pushes a new layer for assignment tracking."""
+        self._assign_stack.append(set())
+
+    def pop_assign_tracking(self, frame: Frame) -> None:
+        """Pops the topmost level for assignment tracking and updates the
+        context variables if necessary.
+        """
+        vars = self._assign_stack.pop()
+        if (
+            not frame.block_frame
+            and not frame.loop_frame
+            and not frame.toplevel
+            or not vars
+        ):
+            return
+        public_names = [x for x in vars if x[:1] != "_"]
+        if len(vars) == 1:
+            name = next(iter(vars))
+            ref = frame.symbols.ref(name)
+            if frame.loop_frame:
+                self.writeline(f"_loop_vars[{name!r}] = {ref}")
+                return
+            if frame.block_frame:
+                self.writeline(f"_block_vars[{name!r}] = {ref}")
+                return
+            self.writeline(f"context.vars[{name!r}] = {ref}")
+        else:
+            if frame.loop_frame:
+                self.writeline("_loop_vars.update({")
+            elif frame.block_frame:
+                self.writeline("_block_vars.update({")
+            else:
+                self.writeline("context.vars.update({")
+            for idx, name in enumerate(vars):
+                if idx:
+                    self.write(", ")
+                ref = frame.symbols.ref(name)
+                self.write(f"{name!r}: {ref}")
+            self.write("})")
+        if not frame.block_frame and not frame.loop_frame and public_names:
+            if len(public_names) == 1:
+                self.writeline(f"context.exported_vars.add({public_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, public_names))
+                self.writeline(f"context.exported_vars.update(({names_str}))")
+
+    # -- Statement Visitors
+
+    def visit_Template(
+        self, node: nodes.Template, frame: t.Optional[Frame] = None
+    ) -> None:
+        assert frame is None, "no root frame allowed"
+        eval_ctx = EvalContext(self.environment, self.name)
+
+        from .runtime import async_exported
+        from .runtime import exported
+
+        if self.environment.is_async:
+            exported_names = sorted(exported + async_exported)
+        else:
+            exported_names = sorted(exported)
+
+        self.writeline("from jinja2.runtime import " + ", ".join(exported_names))
+
+        # if we want a deferred initialization we cannot move the
+        # environment into a local name
+        envenv = "" if self.defer_init else ", environment=environment"
+
+        # do we have an extends tag at all?  If not, we can save some
+        # overhead by just not processing any inheritance code.
+        have_extends = node.find(nodes.Extends) is not None
+
+        # find all blocks
+        for block in node.find_all(nodes.Block):
+            if block.name in self.blocks:
+                self.fail(f"block {block.name!r} defined twice", block.lineno)
+            self.blocks[block.name] = block
+
+        # find all imports and import them
+        for import_ in node.find_all(nodes.ImportedName):
+            if import_.importname not in self.import_aliases:
+                imp = import_.importname
+                self.import_aliases[imp] = alias = self.temporary_identifier()
+                if "." in imp:
+                    module, obj = imp.rsplit(".", 1)
+                    self.writeline(f"from {module} import {obj} as {alias}")
+                else:
+                    self.writeline(f"import {imp} as {alias}")
+
+        # add the load name
+        self.writeline(f"name = {self.name!r}")
+
+        # generate the root render function.
+        self.writeline(
+            f"{self.func('root')}(context, missing=missing{envenv}):", extra=1
+        )
+        self.indent()
+        self.write_commons()
+
+        # process the root
+        frame = Frame(eval_ctx)
+        if "self" in find_undeclared(node.body, ("self",)):
+            ref = frame.symbols.declare_parameter("self")
+            self.writeline(f"{ref} = TemplateReference(context)")
+        frame.symbols.analyze_node(node)
+        frame.toplevel = frame.rootlevel = True
+        frame.require_output_check = have_extends and not self.has_known_extends
+        if have_extends:
+            self.writeline("parent_template = None")
+        self.enter_frame(frame)
+        self.pull_dependencies(node.body)
+        self.blockvisit(node.body, frame)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        # make sure that the parent root is called.
+        if have_extends:
+            if not self.has_known_extends:
+                self.indent()
+                self.writeline("if parent_template is not None:")
+            self.indent()
+            if not self.environment.is_async:
+                self.writeline("yield from parent_template.root_render_func(context)")
+            else:
+                self.writeline(
+                    "async for event in parent_template.root_render_func(context):"
+                )
+                self.indent()
+                self.writeline("yield event")
+                self.outdent()
+            self.outdent(1 + (not self.has_known_extends))
+
+        # at this point we now have the blocks collected and can visit them too.
+        for name, block in self.blocks.items():
+            self.writeline(
+                f"{self.func('block_' + name)}(context, missing=missing{envenv}):",
+                block,
+                1,
+            )
+            self.indent()
+            self.write_commons()
+            # It's important that we do not make this frame a child of the
+            # toplevel template.  This would cause a variety of
+            # interesting issues with identifier tracking.
+            block_frame = Frame(eval_ctx)
+            block_frame.block_frame = True
+            undeclared = find_undeclared(block.body, ("self", "super"))
+            if "self" in undeclared:
+                ref = block_frame.symbols.declare_parameter("self")
+                self.writeline(f"{ref} = TemplateReference(context)")
+            if "super" in undeclared:
+                ref = block_frame.symbols.declare_parameter("super")
+                self.writeline(f"{ref} = context.super({name!r}, block_{name})")
+            block_frame.symbols.analyze_node(block)
+            block_frame.block = name
+            self.writeline("_block_vars = {}")
+            self.enter_frame(block_frame)
+            self.pull_dependencies(block.body)
+            self.blockvisit(block.body, block_frame)
+            self.leave_frame(block_frame, with_python_scope=True)
+            self.outdent()
+
+        blocks_kv_str = ", ".join(f"{x!r}: block_{x}" for x in self.blocks)
+        self.writeline(f"blocks = {{{blocks_kv_str}}}", extra=1)
+        debug_kv_str = "&".join(f"{k}={v}" for k, v in self.debug_info)
+        self.writeline(f"debug_info = {debug_kv_str!r}")
+
+    def visit_Block(self, node: nodes.Block, frame: Frame) -> None:
+        """Call a block and register it for the template."""
+        level = 0
+        if frame.toplevel:
+            # if we know that we are a child template, there is no need to
+            # check if we are one
+            if self.has_known_extends:
+                return
+            if self.extends_so_far > 0:
+                self.writeline("if parent_template is None:")
+                self.indent()
+                level += 1
+
+        if node.scoped:
+            context = self.derive_context(frame)
+        else:
+            context = self.get_context_ref()
+
+        if node.required:
+            self.writeline(f"if len(context.blocks[{node.name!r}]) <= 1:", node)
+            self.indent()
+            self.writeline(
+                f'raise TemplateRuntimeError("Required block {node.name!r} not found")',
+                node,
+            )
+            self.outdent()
+
+        if not self.environment.is_async and frame.buffer is None:
+            self.writeline(
+                f"yield from context.blocks[{node.name!r}][0]({context})", node
+            )
+        else:
+            self.writeline(
+                f"{self.choose_async()}for event in"
+                f" context.blocks[{node.name!r}][0]({context}):",
+                node,
+            )
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        self.outdent(level)
+
+    def visit_Extends(self, node: nodes.Extends, frame: Frame) -> None:
+        """Calls the extender."""
+        if not frame.toplevel:
+            self.fail("cannot use extend from a non top-level scope", node.lineno)
+
+        # if the number of extends statements in general is zero so
+        # far, we don't have to add a check if something extended
+        # the template before this one.
+        if self.extends_so_far > 0:
+            # if we have a known extends we just add a template runtime
+            # error into the generated code.  We could catch that at compile
+            # time too, but i welcome it not to confuse users by throwing the
+            # same error at different times just "because we can".
+            if not self.has_known_extends:
+                self.writeline("if parent_template is not None:")
+                self.indent()
+            self.writeline('raise TemplateRuntimeError("extended multiple times")')
+
+            # if we have a known extends already we don't need that code here
+            # as we know that the template execution will end here.
+            if self.has_known_extends:
+                raise CompilerExit()
+            else:
+                self.outdent()
+
+        self.writeline("parent_template = environment.get_template(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        self.writeline("for name, parent_block in parent_template.blocks.items():")
+        self.indent()
+        self.writeline("context.blocks.setdefault(name, []).append(parent_block)")
+        self.outdent()
+
+        # if this extends statement was in the root level we can take
+        # advantage of that information and simplify the generated code
+        # in the top level from this point onwards
+        if frame.rootlevel:
+            self.has_known_extends = True
+
+        # and now we have one more
+        self.extends_so_far += 1
+
+    def visit_Include(self, node: nodes.Include, frame: Frame) -> None:
+        """Handles includes."""
+        if node.ignore_missing:
+            self.writeline("try:")
+            self.indent()
+
+        func_name = "get_or_select_template"
+        if isinstance(node.template, nodes.Const):
+            if isinstance(node.template.value, str):
+                func_name = "get_template"
+            elif isinstance(node.template.value, (tuple, list)):
+                func_name = "select_template"
+        elif isinstance(node.template, (nodes.Tuple, nodes.List)):
+            func_name = "select_template"
+
+        self.writeline(f"template = environment.{func_name}(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        if node.ignore_missing:
+            self.outdent()
+            self.writeline("except TemplateNotFound:")
+            self.indent()
+            self.writeline("pass")
+            self.outdent()
+            self.writeline("else:")
+            self.indent()
+
+        skip_event_yield = False
+        if node.with_context:
+            self.writeline(
+                f"{self.choose_async()}for event in template.root_render_func("
+                "template.new_context(context.get_all(), True,"
+                f" {self.dump_local_context(frame)})):"
+            )
+        elif self.environment.is_async:
+            self.writeline(
+                "for event in (await template._get_default_module_async())"
+                "._body_stream:"
+            )
+        else:
+            self.writeline("yield from template._get_default_module()._body_stream")
+            skip_event_yield = True
+
+        if not skip_event_yield:
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        if node.ignore_missing:
+            self.outdent()
+
+    def _import_common(
+        self, node: t.Union[nodes.Import, nodes.FromImport], frame: Frame
+    ) -> None:
+        self.write(f"{self.choose_async('await ')}environment.get_template(")
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r}).")
+
+        if node.with_context:
+            f_name = f"make_module{self.choose_async('_async')}"
+            self.write(
+                f"{f_name}(context.get_all(), True, {self.dump_local_context(frame)})"
+            )
+        else:
+            self.write(f"_get_default_module{self.choose_async('_async')}(context)")
+
+    def visit_Import(self, node: nodes.Import, frame: Frame) -> None:
+        """Visit regular imports."""
+        self.writeline(f"{frame.symbols.ref(node.target)} = ", node)
+        if frame.toplevel:
+            self.write(f"context.vars[{node.target!r}] = ")
+
+        self._import_common(node, frame)
+
+        if frame.toplevel and not node.target.startswith("_"):
+            self.writeline(f"context.exported_vars.discard({node.target!r})")
+
+    def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
+        """Visit named imports."""
+        self.newline(node)
+        self.write("included_template = ")
+        self._import_common(node, frame)
+        var_names = []
+        discarded_names = []
+        for name in node.names:
+            if isinstance(name, tuple):
+                name, alias = name
+            else:
+                alias = name
+            self.writeline(
+                f"{frame.symbols.ref(alias)} ="
+                f" getattr(included_template, {name!r}, missing)"
+            )
+            self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
+            self.indent()
+            message = (
+                "the template {included_template.__name__!r}"
+                f" (imported on {self.position(node)})"
+                f" does not export the requested name {name!r}"
+            )
+            self.writeline(
+                f"{frame.symbols.ref(alias)} = undefined(f{message!r}, name={name!r})"
+            )
+            self.outdent()
+            if frame.toplevel:
+                var_names.append(alias)
+                if not alias.startswith("_"):
+                    discarded_names.append(alias)
+
+        if var_names:
+            if len(var_names) == 1:
+                name = var_names[0]
+                self.writeline(f"context.vars[{name!r}] = {frame.symbols.ref(name)}")
+            else:
+                names_kv = ", ".join(
+                    f"{name!r}: {frame.symbols.ref(name)}" for name in var_names
+                )
+                self.writeline(f"context.vars.update({{{names_kv}}})")
+        if discarded_names:
+            if len(discarded_names) == 1:
+                self.writeline(f"context.exported_vars.discard({discarded_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, discarded_names))
+                self.writeline(
+                    f"context.exported_vars.difference_update(({names_str}))"
+                )
+
+    def visit_For(self, node: nodes.For, frame: Frame) -> None:
+        loop_frame = frame.inner()
+        loop_frame.loop_frame = True
+        test_frame = frame.inner()
+        else_frame = frame.inner()
+
+        # try to figure out if we have an extended loop.  An extended loop
+        # is necessary if the loop is in recursive mode if the special loop
+        # variable is accessed in the body if the body is a scoped block.
+        extended_loop = (
+            node.recursive
+            or "loop"
+            in find_undeclared(node.iter_child_nodes(only=("body",)), ("loop",))
+            or any(block.scoped for block in node.find_all(nodes.Block))
+        )
+
+        loop_ref = None
+        if extended_loop:
+            loop_ref = loop_frame.symbols.declare_parameter("loop")
+
+        loop_frame.symbols.analyze_node(node, for_branch="body")
+        if node.else_:
+            else_frame.symbols.analyze_node(node, for_branch="else")
+
+        if node.test:
+            loop_filter_func = self.temporary_identifier()
+            test_frame.symbols.analyze_node(node, for_branch="test")
+            self.writeline(f"{self.func(loop_filter_func)}(fiter):", node.test)
+            self.indent()
+            self.enter_frame(test_frame)
+            self.writeline(self.choose_async("async for ", "for "))
+            self.visit(node.target, loop_frame)
+            self.write(" in ")
+            self.write(self.choose_async("auto_aiter(fiter)", "fiter"))
+            self.write(":")
+            self.indent()
+            self.writeline("if ", node.test)
+            self.visit(node.test, test_frame)
+            self.write(":")
+            self.indent()
+            self.writeline("yield ")
+            self.visit(node.target, loop_frame)
+            self.outdent(3)
+            self.leave_frame(test_frame, with_python_scope=True)
+
+        # if we don't have an recursive loop we have to find the shadowed
+        # variables at that point.  Because loops can be nested but the loop
+        # variable is a special one we have to enforce aliasing for it.
+        if node.recursive:
+            self.writeline(
+                f"{self.func('loop')}(reciter, loop_render_func, depth=0):", node
+            )
+            self.indent()
+            self.buffer(loop_frame)
+
+            # Use the same buffer for the else frame
+            else_frame.buffer = loop_frame.buffer
+
+        # make sure the loop variable is a special one and raise a template
+        # assertion error if a loop tries to write to loop
+        if extended_loop:
+            self.writeline(f"{loop_ref} = missing")
+
+        for name in node.find_all(nodes.Name):
+            if name.ctx == "store" and name.name == "loop":
+                self.fail(
+                    "Can't assign to special loop variable in for-loop target",
+                    name.lineno,
+                )
+
+        if node.else_:
+            iteration_indicator = self.temporary_identifier()
+            self.writeline(f"{iteration_indicator} = 1")
+
+        self.writeline(self.choose_async("async for ", "for "), node)
+        self.visit(node.target, loop_frame)
+        if extended_loop:
+            self.write(f", {loop_ref} in {self.choose_async('Async')}LoopContext(")
+        else:
+            self.write(" in ")
+
+        if node.test:
+            self.write(f"{loop_filter_func}(")
+        if node.recursive:
+            self.write("reciter")
+        else:
+            if self.environment.is_async and not extended_loop:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async and not extended_loop:
+                self.write(")")
+        if node.test:
+            self.write(")")
+
+        if node.recursive:
+            self.write(", undefined, loop_render_func, depth):")
+        else:
+            self.write(", undefined):" if extended_loop else ":")
+
+        self.indent()
+        self.enter_frame(loop_frame)
+
+        self.writeline("_loop_vars = {}")
+        self.blockvisit(node.body, loop_frame)
+        if node.else_:
+            self.writeline(f"{iteration_indicator} = 0")
+        self.outdent()
+        self.leave_frame(
+            loop_frame, with_python_scope=node.recursive and not node.else_
+        )
+
+        if node.else_:
+            self.writeline(f"if {iteration_indicator}:")
+            self.indent()
+            self.enter_frame(else_frame)
+            self.blockvisit(node.else_, else_frame)
+            self.leave_frame(else_frame)
+            self.outdent()
+
+        # if the node was recursive we have to return the buffer contents
+        # and start the iteration code
+        if node.recursive:
+            self.return_buffer_contents(loop_frame)
+            self.outdent()
+            self.start_write(frame, node)
+            self.write(f"{self.choose_async('await ')}loop(")
+            if self.environment.is_async:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async:
+                self.write(")")
+            self.write(", loop)")
+            self.end_write(frame)
+
+        # at the end of the iteration, clear any assignments made in the
+        # loop from the top level
+        if self._assign_stack:
+            self._assign_stack[-1].difference_update(loop_frame.symbols.stores)
+
+    def visit_If(self, node: nodes.If, frame: Frame) -> None:
+        if_frame = frame.soft()
+        self.writeline("if ", node)
+        self.visit(node.test, if_frame)
+        self.write(":")
+        self.indent()
+        self.blockvisit(node.body, if_frame)
+        self.outdent()
+        for elif_ in node.elif_:
+            self.writeline("elif ", elif_)
+            self.visit(elif_.test, if_frame)
+            self.write(":")
+            self.indent()
+            self.blockvisit(elif_.body, if_frame)
+            self.outdent()
+        if node.else_:
+            self.writeline("else:")
+            self.indent()
+            self.blockvisit(node.else_, if_frame)
+            self.outdent()
+
+    def visit_Macro(self, node: nodes.Macro, frame: Frame) -> None:
+        macro_frame, macro_ref = self.macro_body(node, frame)
+        self.newline()
+        if frame.toplevel:
+            if not node.name.startswith("_"):
+                self.write(f"context.exported_vars.add({node.name!r})")
+            self.writeline(f"context.vars[{node.name!r}] = ")
+        self.write(f"{frame.symbols.ref(node.name)} = ")
+        self.macro_def(macro_ref, macro_frame)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, frame: Frame) -> None:
+        call_frame, macro_ref = self.macro_body(node, frame)
+        self.writeline("caller = ")
+        self.macro_def(macro_ref, call_frame)
+        self.start_write(frame, node)
+        self.visit_Call(node.call, frame, forward_caller=True)
+        self.end_write(frame)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, frame: Frame) -> None:
+        filter_frame = frame.inner()
+        filter_frame.symbols.analyze_node(node)
+        self.enter_frame(filter_frame)
+        self.buffer(filter_frame)
+        self.blockvisit(node.body, filter_frame)
+        self.start_write(frame, node)
+        self.visit_Filter(node.filter, filter_frame)
+        self.end_write(frame)
+        self.leave_frame(filter_frame)
+
+    def visit_With(self, node: nodes.With, frame: Frame) -> None:
+        with_frame = frame.inner()
+        with_frame.symbols.analyze_node(node)
+        self.enter_frame(with_frame)
+        for target, expr in zip(node.targets, node.values):
+            self.newline()
+            self.visit(target, with_frame)
+            self.write(" = ")
+            self.visit(expr, frame)
+        self.blockvisit(node.body, with_frame)
+        self.leave_frame(with_frame)
+
+    def visit_ExprStmt(self, node: nodes.ExprStmt, frame: Frame) -> None:
+        self.newline(node)
+        self.visit(node.node, frame)
+
+    class _FinalizeInfo(t.NamedTuple):
+        const: t.Optional[t.Callable[..., str]]
+        src: t.Optional[str]
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        """The default finalize function if the environment isn't
+        configured with one. Or, if the environment has one, this is
+        called on that function's output for constants.
+        """
+        return str(value)
+
+    _finalize: t.Optional[_FinalizeInfo] = None
+
+    def _make_finalize(self) -> _FinalizeInfo:
+        """Build the finalize function to be used on constants and at
+        runtime. Cached so it's only created once for all output nodes.
+
+        Returns a ``namedtuple`` with the following attributes:
+
+        ``const``
+            A function to finalize constant data at compile time.
+
+        ``src``
+            Source code to output around nodes to be evaluated at
+            runtime.
+        """
+        if self._finalize is not None:
+            return self._finalize
+
+        finalize: t.Optional[t.Callable[..., t.Any]]
+        finalize = default = self._default_finalize
+        src = None
+
+        if self.environment.finalize:
+            src = "environment.finalize("
+            env_finalize = self.environment.finalize
+            pass_arg = {
+                _PassArg.context: "context",
+                _PassArg.eval_context: "context.eval_ctx",
+                _PassArg.environment: "environment",
+            }.get(
+                _PassArg.from_obj(env_finalize)  # type: ignore
+            )
+            finalize = None
+
+            if pass_arg is None:
+
+                def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                    return default(env_finalize(value))
+
+            else:
+                src = f"{src}{pass_arg}, "
+
+                if pass_arg == "environment":
+
+                    def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                        return default(env_finalize(self.environment, value))
+
+        self._finalize = self._FinalizeInfo(finalize, src)
+        return self._finalize
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        """Given a group of constant values converted from ``Output``
+        child nodes, produce a string to write to the template module
+        source.
+        """
+        return repr(concat(group))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> str:
+        """Try to optimize a child of an ``Output`` node by trying to
+        convert it to constant, finalized data at compile time.
+
+        If :exc:`Impossible` is raised, the node is not constant and
+        will be evaluated at runtime. Any other exception will also be
+        evaluated at runtime for easier debugging.
+        """
+        const = node.as_const(frame.eval_ctx)
+
+        if frame.eval_ctx.autoescape:
+            const = escape(const)
+
+        # Template data doesn't go through finalize.
+        if isinstance(node, nodes.TemplateData):
+            return str(const)
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code before visiting a child of an
+        ``Output`` node.
+        """
+        if frame.eval_ctx.volatile:
+            self.write("(escape if context.eval_ctx.autoescape else str)(")
+        elif frame.eval_ctx.autoescape:
+            self.write("escape(")
+        else:
+            self.write("str(")
+
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code after visiting a child of an
+        ``Output`` node.
+        """
+        self.write(")")
+
+        if finalize.src is not None:
+            self.write(")")
+
+    def visit_Output(self, node: nodes.Output, frame: Frame) -> None:
+        # If an extends is active, don't render outside a block.
+        if frame.require_output_check:
+            # A top-level extends is known to exist at compile time.
+            if self.has_known_extends:
+                return
+
+            self.writeline("if parent_template is None:")
+            self.indent()
+
+        finalize = self._make_finalize()
+        body: t.List[t.Union[t.List[t.Any], nodes.Expr]] = []
+
+        # Evaluate constants at compile time if possible. Each item in
+        # body will be either a list of static data or a node to be
+        # evaluated at runtime.
+        for child in node.nodes:
+            try:
+                if not (
+                    # If the finalize function requires runtime context,
+                    # constants can't be evaluated at compile time.
+                    finalize.const
+                    # Unless it's basic template data that won't be
+                    # finalized anyway.
+                    or isinstance(child, nodes.TemplateData)
+                ):
+                    raise nodes.Impossible()
+
+                const = self._output_child_to_const(child, frame, finalize)
+            except (nodes.Impossible, Exception):
+                # The node was not constant and needs to be evaluated at
+                # runtime. Or another error was raised, which is easier
+                # to debug at runtime.
+                body.append(child)
+                continue
+
+            if body and isinstance(body[-1], list):
+                body[-1].append(const)
+            else:
+                body.append([const])
+
+        if frame.buffer is not None:
+            if len(body) == 1:
+                self.writeline(f"{frame.buffer}.append(")
+            else:
+                self.writeline(f"{frame.buffer}.extend((")
+
+            self.indent()
+
+        for item in body:
+            if isinstance(item, list):
+                # A group of constant data to join and output.
+                val = self._output_const_repr(item)
+
+                if frame.buffer is None:
+                    self.writeline("yield " + val)
+                else:
+                    self.writeline(val + ",")
+            else:
+                if frame.buffer is None:
+                    self.writeline("yield ", item)
+                else:
+                    self.newline(item)
+
+                # A node to be evaluated at runtime.
+                self._output_child_pre(item, frame, finalize)
+                self.visit(item, frame)
+                self._output_child_post(item, frame, finalize)
+
+                if frame.buffer is not None:
+                    self.write(",")
+
+        if frame.buffer is not None:
+            self.outdent()
+            self.writeline(")" if len(body) == 1 else "))")
+
+        if frame.require_output_check:
+            self.outdent()
+
+    def visit_Assign(self, node: nodes.Assign, frame: Frame) -> None:
+        self.push_assign_tracking()
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = ")
+        self.visit(node.node, frame)
+        self.pop_assign_tracking(frame)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, frame: Frame) -> None:
+        self.push_assign_tracking()
+        block_frame = frame.inner()
+        # This is a special case.  Since a set block always captures we
+        # will disable output checks.  This way one can use set blocks
+        # toplevel even in extended templates.
+        block_frame.require_output_check = False
+        block_frame.symbols.analyze_node(node)
+        self.enter_frame(block_frame)
+        self.buffer(block_frame)
+        self.blockvisit(node.body, block_frame)
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = (Markup if context.eval_ctx.autoescape else identity)(")
+        if node.filter is not None:
+            self.visit_Filter(node.filter, block_frame)
+        else:
+            self.write(f"concat({block_frame.buffer})")
+        self.write(")")
+        self.pop_assign_tracking(frame)
+        self.leave_frame(block_frame)
+
+    # -- Expression Visitors
+
+    def visit_Name(self, node: nodes.Name, frame: Frame) -> None:
+        if node.ctx == "store" and (
+            frame.toplevel or frame.loop_frame or frame.block_frame
+        ):
+            if self._assign_stack:
+                self._assign_stack[-1].add(node.name)
+        ref = frame.symbols.ref(node.name)
+
+        # If we are looking up a variable we might have to deal with the
+        # case where it's undefined.  We can skip that case if the load
+        # instruction indicates a parameter which are always defined.
+        if node.ctx == "load":
+            load = frame.symbols.find_load(ref)
+            if not (
+                load is not None
+                and load[0] == VAR_LOAD_PARAMETER
+                and not self.parameter_is_undeclared(ref)
+            ):
+                self.write(
+                    f"(undefined(name={node.name!r}) if {ref} is missing else {ref})"
+                )
+                return
+
+        self.write(ref)
+
+    def visit_NSRef(self, node: nodes.NSRef, frame: Frame) -> None:
+        # NSRefs can only be used to store values; since they use the normal
+        # `foo.bar` notation they will be parsed as a normal attribute access
+        # when used anywhere but in a `set` context
+        ref = frame.symbols.ref(node.name)
+        self.writeline(f"if not isinstance({ref}, Namespace):")
+        self.indent()
+        self.writeline(
+            "raise TemplateRuntimeError"
+            '("cannot assign attribute on non-namespace object")'
+        )
+        self.outdent()
+        self.writeline(f"{ref}[{node.attr!r}]")
+
+    def visit_Const(self, node: nodes.Const, frame: Frame) -> None:
+        val = node.as_const(frame.eval_ctx)
+        if isinstance(val, float):
+            self.write(str(val))
+        else:
+            self.write(repr(val))
+
+    def visit_TemplateData(self, node: nodes.TemplateData, frame: Frame) -> None:
+        try:
+            self.write(repr(node.as_const(frame.eval_ctx)))
+        except nodes.Impossible:
+            self.write(
+                f"(Markup if context.eval_ctx.autoescape else identity)({node.data!r})"
+            )
+
+    def visit_Tuple(self, node: nodes.Tuple, frame: Frame) -> None:
+        self.write("(")
+        idx = -1
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write(",)" if idx == 0 else ")")
+
+    def visit_List(self, node: nodes.List, frame: Frame) -> None:
+        self.write("[")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write("]")
+
+    def visit_Dict(self, node: nodes.Dict, frame: Frame) -> None:
+        self.write("{")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item.key, frame)
+            self.write(": ")
+            self.visit(item.value, frame)
+        self.write("}")
+
+    visit_Add = _make_binop("+")
+    visit_Sub = _make_binop("-")
+    visit_Mul = _make_binop("*")
+    visit_Div = _make_binop("/")
+    visit_FloorDiv = _make_binop("//")
+    visit_Pow = _make_binop("**")
+    visit_Mod = _make_binop("%")
+    visit_And = _make_binop("and")
+    visit_Or = _make_binop("or")
+    visit_Pos = _make_unop("+")
+    visit_Neg = _make_unop("-")
+    visit_Not = _make_unop("not ")
+
+    @optimizeconst
+    def visit_Concat(self, node: nodes.Concat, frame: Frame) -> None:
+        if frame.eval_ctx.volatile:
+            func_name = "(markup_join if context.eval_ctx.volatile else str_join)"
+        elif frame.eval_ctx.autoescape:
+            func_name = "markup_join"
+        else:
+            func_name = "str_join"
+        self.write(f"{func_name}((")
+        for arg in node.nodes:
+            self.visit(arg, frame)
+            self.write(", ")
+        self.write("))")
+
+    @optimizeconst
+    def visit_Compare(self, node: nodes.Compare, frame: Frame) -> None:
+        self.write("(")
+        self.visit(node.expr, frame)
+        for op in node.ops:
+            self.visit(op, frame)
+        self.write(")")
+
+    def visit_Operand(self, node: nodes.Operand, frame: Frame) -> None:
+        self.write(f" {operators[node.op]} ")
+        self.visit(node.expr, frame)
+
+    @optimizeconst
+    def visit_Getattr(self, node: nodes.Getattr, frame: Frame) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        self.write("environment.getattr(")
+        self.visit(node.node, frame)
+        self.write(f", {node.attr!r})")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Getitem(self, node: nodes.Getitem, frame: Frame) -> None:
+        # slices bypass the environment getitem method.
+        if isinstance(node.arg, nodes.Slice):
+            self.visit(node.node, frame)
+            self.write("[")
+            self.visit(node.arg, frame)
+            self.write("]")
+        else:
+            if self.environment.is_async:
+                self.write("(await auto_await(")
+
+            self.write("environment.getitem(")
+            self.visit(node.node, frame)
+            self.write(", ")
+            self.visit(node.arg, frame)
+            self.write(")")
+
+            if self.environment.is_async:
+                self.write("))")
+
+    def visit_Slice(self, node: nodes.Slice, frame: Frame) -> None:
+        if node.start is not None:
+            self.visit(node.start, frame)
+        self.write(":")
+        if node.stop is not None:
+            self.visit(node.stop, frame)
+        if node.step is not None:
+            self.write(":")
+            self.visit(node.step, frame)
+
+    @contextmanager
+    def _filter_test_common(
+        self, node: t.Union[nodes.Filter, nodes.Test], frame: Frame, is_filter: bool
+    ) -> t.Iterator[None]:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        if is_filter:
+            self.write(f"{self.filters[node.name]}(")
+            func = self.environment.filters.get(node.name)
+        else:
+            self.write(f"{self.tests[node.name]}(")
+            func = self.environment.tests.get(node.name)
+
+        # When inside an If or CondExpr frame, allow the filter to be
+        # undefined at compile time and only raise an error if it's
+        # actually called at runtime. See pull_dependencies.
+        if func is None and not frame.soft_frame:
+            type_name = "filter" if is_filter else "test"
+            self.fail(f"No {type_name} named {node.name!r}.", node.lineno)
+
+        pass_arg = {
+            _PassArg.context: "context",
+            _PassArg.eval_context: "context.eval_ctx",
+            _PassArg.environment: "environment",
+        }.get(
+            _PassArg.from_obj(func)  # type: ignore
+        )
+
+        if pass_arg is not None:
+            self.write(f"{pass_arg}, ")
+
+        # Back to the visitor function to handle visiting the target of
+        # the filter or test.
+        yield
+
+        self.signature(node, frame)
+        self.write(")")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Filter(self, node: nodes.Filter, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, True):
+            # if the filter node is None we are inside a filter block
+            # and want to write to the current buffer
+            if node.node is not None:
+                self.visit(node.node, frame)
+            elif frame.eval_ctx.volatile:
+                self.write(
+                    f"(Markup(concat({frame.buffer}))"
+                    f" if context.eval_ctx.autoescape else concat({frame.buffer}))"
+                )
+            elif frame.eval_ctx.autoescape:
+                self.write(f"Markup(concat({frame.buffer}))")
+            else:
+                self.write(f"concat({frame.buffer})")
+
+    @optimizeconst
+    def visit_Test(self, node: nodes.Test, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, False):
+            self.visit(node.node, frame)
+
+    @optimizeconst
+    def visit_CondExpr(self, node: nodes.CondExpr, frame: Frame) -> None:
+        frame = frame.soft()
+
+        def write_expr2() -> None:
+            if node.expr2 is not None:
+                self.visit(node.expr2, frame)
+                return
+
+            self.write(
+                f'cond_expr_undefined("the inline if-expression on'
+                f" {self.position(node)} evaluated to false and no else"
+                f' section was defined.")'
+            )
+
+        self.write("(")
+        self.visit(node.expr1, frame)
+        self.write(" if ")
+        self.visit(node.test, frame)
+        self.write(" else ")
+        write_expr2()
+        self.write(")")
+
+    @optimizeconst
+    def visit_Call(
+        self, node: nodes.Call, frame: Frame, forward_caller: bool = False
+    ) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+        if self.environment.sandboxed:
+            self.write("environment.call(context, ")
+        else:
+            self.write("context.call(")
+        self.visit(node.node, frame)
+        extra_kwargs = {"caller": "caller"} if forward_caller else None
+        loop_kwargs = {"_loop_vars": "_loop_vars"} if frame.loop_frame else {}
+        block_kwargs = {"_block_vars": "_block_vars"} if frame.block_frame else {}
+        if extra_kwargs:
+            extra_kwargs.update(loop_kwargs, **block_kwargs)
+        elif loop_kwargs or block_kwargs:
+            extra_kwargs = dict(loop_kwargs, **block_kwargs)
+        self.signature(node, frame, extra_kwargs)
+        self.write(")")
+        if self.environment.is_async:
+            self.write("))")
+
+    def visit_Keyword(self, node: nodes.Keyword, frame: Frame) -> None:
+        self.write(node.key + "=")
+        self.visit(node.value, frame)
+
+    # -- Unused nodes for extensions
+
+    def visit_MarkSafe(self, node: nodes.MarkSafe, frame: Frame) -> None:
+        self.write("Markup(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_MarkSafeIfAutoescape(
+        self, node: nodes.MarkSafeIfAutoescape, frame: Frame
+    ) -> None:
+        self.write("(Markup if context.eval_ctx.autoescape else identity)(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_EnvironmentAttribute(
+        self, node: nodes.EnvironmentAttribute, frame: Frame
+    ) -> None:
+        self.write("environment." + node.name)
+
+    def visit_ExtensionAttribute(
+        self, node: nodes.ExtensionAttribute, frame: Frame
+    ) -> None:
+        self.write(f"environment.extensions[{node.identifier!r}].{node.name}")
+
+    def visit_ImportedName(self, node: nodes.ImportedName, frame: Frame) -> None:
+        self.write(self.import_aliases[node.importname])
+
+    def visit_InternalName(self, node: nodes.InternalName, frame: Frame) -> None:
+        self.write(node.name)
+
+    def visit_ContextReference(
+        self, node: nodes.ContextReference, frame: Frame
+    ) -> None:
+        self.write("context")
+
+    def visit_DerivedContextReference(
+        self, node: nodes.DerivedContextReference, frame: Frame
+    ) -> None:
+        self.write(self.derive_context(frame))
+
+    def visit_Continue(self, node: nodes.Continue, frame: Frame) -> None:
+        self.writeline("continue", node)
+
+    def visit_Break(self, node: nodes.Break, frame: Frame) -> None:
+        self.writeline("break", node)
+
+    def visit_Scope(self, node: nodes.Scope, frame: Frame) -> None:
+        scope_frame = frame.inner()
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, frame: Frame) -> None:
+        ctx = self.temporary_identifier()
+        self.writeline(f"{ctx} = {self.derive_context(frame)}")
+        self.writeline(f"{ctx}.vars = ")
+        self.visit(node.context, frame)
+        self.push_context_reference(ctx)
+
+        scope_frame = frame.inner(isolated=True)
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+        self.pop_context_reference()
+
+    def visit_EvalContextModifier(
+        self, node: nodes.EvalContextModifier, frame: Frame
+    ) -> None:
+        for keyword in node.options:
+            self.writeline(f"context.eval_ctx.{keyword.key} = ")
+            self.visit(keyword.value, frame)
+            try:
+                val = keyword.value.as_const(frame.eval_ctx)
+            except nodes.Impossible:
+                frame.eval_ctx.volatile = True
+            else:
+                setattr(frame.eval_ctx, keyword.key, val)
+
+    def visit_ScopedEvalContextModifier(
+        self, node: nodes.ScopedEvalContextModifier, frame: Frame
+    ) -> None:
+        old_ctx_name = self.temporary_identifier()
+        saved_ctx = frame.eval_ctx.save()
+        self.writeline(f"{old_ctx_name} = context.eval_ctx.save()")
+        self.visit_EvalContextModifier(node, frame)
+        for child in node.body:
+            self.visit(child, frame)
+        frame.eval_ctx.revert(saved_ctx)
+        self.writeline(f"context.eval_ctx.revert({old_ctx_name})")
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/constants.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/constants.py
new file mode 100644
index 000000000..41a1c23b0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/constants.py
@@ -0,0 +1,20 @@
+#: list of lorem ipsum words used by the lipsum() helper function
+LOREM_IPSUM_WORDS = """\
+a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at
+auctor augue bibendum blandit class commodo condimentum congue consectetuer
+consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus
+diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend
+elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames
+faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac
+hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum
+justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem
+luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie
+mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non
+nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque
+penatibus per pharetra phasellus placerat platea porta porttitor posuere
+potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus
+ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit
+sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor
+tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices
+ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus
+viverra volutpat vulputate"""
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/debug.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/debug.py
new file mode 100644
index 000000000..7ed7e9297
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/debug.py
@@ -0,0 +1,191 @@
+import sys
+import typing as t
+from types import CodeType
+from types import TracebackType
+
+from .exceptions import TemplateSyntaxError
+from .utils import internal_code
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    from .runtime import Context
+
+
+def rewrite_traceback_stack(source: t.Optional[str] = None) -> BaseException:
+    """Rewrite the current exception to replace any tracebacks from
+    within compiled template code with tracebacks that look like they
+    came from the template source.
+
+    This must be called within an ``except`` block.
+
+    :param source: For ``TemplateSyntaxError``, the original source if
+        known.
+    :return: The original exception with the rewritten traceback.
+    """
+    _, exc_value, tb = sys.exc_info()
+    exc_value = t.cast(BaseException, exc_value)
+    tb = t.cast(TracebackType, tb)
+
+    if isinstance(exc_value, TemplateSyntaxError) and not exc_value.translated:
+        exc_value.translated = True
+        exc_value.source = source
+        # Remove the old traceback, otherwise the frames from the
+        # compiler still show up.
+        exc_value.with_traceback(None)
+        # Outside of runtime, so the frame isn't executing template
+        # code, but it still needs to point at the template.
+        tb = fake_traceback(
+            exc_value, None, exc_value.filename or "<unknown>", exc_value.lineno
+        )
+    else:
+        # Skip the frame for the render function.
+        tb = tb.tb_next
+
+    stack = []
+
+    # Build the stack of traceback object, replacing any in template
+    # code with the source file and line information.
+    while tb is not None:
+        # Skip frames decorated with @internalcode. These are internal
+        # calls that aren't useful in template debugging output.
+        if tb.tb_frame.f_code in internal_code:
+            tb = tb.tb_next
+            continue
+
+        template = tb.tb_frame.f_globals.get("__jinja_template__")
+
+        if template is not None:
+            lineno = template.get_corresponding_lineno(tb.tb_lineno)
+            fake_tb = fake_traceback(exc_value, tb, template.filename, lineno)
+            stack.append(fake_tb)
+        else:
+            stack.append(tb)
+
+        tb = tb.tb_next
+
+    tb_next = None
+
+    # Assign tb_next in reverse to avoid circular references.
+    for tb in reversed(stack):
+        tb.tb_next = tb_next
+        tb_next = tb
+
+    return exc_value.with_traceback(tb_next)
+
+
+def fake_traceback(  # type: ignore
+    exc_value: BaseException, tb: t.Optional[TracebackType], filename: str, lineno: int
+) -> TracebackType:
+    """Produce a new traceback object that looks like it came from the
+    template source instead of the compiled code. The filename, line
+    number, and location name will point to the template, and the local
+    variables will be the current template context.
+
+    :param exc_value: The original exception to be re-raised to create
+        the new traceback.
+    :param tb: The original traceback to get the local variables and
+        code info from.
+    :param filename: The template filename.
+    :param lineno: The line number in the template source.
+    """
+    if tb is not None:
+        # Replace the real locals with the context that would be
+        # available at that point in the template.
+        locals = get_template_locals(tb.tb_frame.f_locals)
+        locals.pop("__jinja_exception__", None)
+    else:
+        locals = {}
+
+    globals = {
+        "__name__": filename,
+        "__file__": filename,
+        "__jinja_exception__": exc_value,
+    }
+    # Raise an exception at the correct line number.
+    code: CodeType = compile(
+        "\n" * (lineno - 1) + "raise __jinja_exception__", filename, "exec"
+    )
+
+    # Build a new code object that points to the template file and
+    # replaces the location with a block name.
+    location = "template"
+
+    if tb is not None:
+        function = tb.tb_frame.f_code.co_name
+
+        if function == "root":
+            location = "top-level template code"
+        elif function.startswith("block_"):
+            location = f"block {function[6:]!r}"
+
+    if sys.version_info >= (3, 8):
+        code = code.replace(co_name=location)
+    else:
+        code = CodeType(
+            code.co_argcount,
+            code.co_kwonlyargcount,
+            code.co_nlocals,
+            code.co_stacksize,
+            code.co_flags,
+            code.co_code,
+            code.co_consts,
+            code.co_names,
+            code.co_varnames,
+            code.co_filename,
+            location,
+            code.co_firstlineno,
+            code.co_lnotab,
+            code.co_freevars,
+            code.co_cellvars,
+        )
+
+    # Execute the new code, which is guaranteed to raise, and return
+    # the new traceback without this frame.
+    try:
+        exec(code, globals, locals)
+    except BaseException:
+        return sys.exc_info()[2].tb_next  # type: ignore
+
+
+def get_template_locals(real_locals: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    """Based on the runtime locals, get the context that would be
+    available at that point in the template.
+    """
+    # Start with the current template context.
+    ctx: "t.Optional[Context]" = real_locals.get("context")
+
+    if ctx is not None:
+        data: t.Dict[str, t.Any] = ctx.get_all().copy()
+    else:
+        data = {}
+
+    # Might be in a derived context that only sets local variables
+    # rather than pushing a context. Local variables follow the scheme
+    # l_depth_name. Find the highest-depth local that has a value for
+    # each name.
+    local_overrides: t.Dict[str, t.Tuple[int, t.Any]] = {}
+
+    for name, value in real_locals.items():
+        if not name.startswith("l_") or value is missing:
+            # Not a template variable, or no longer relevant.
+            continue
+
+        try:
+            _, depth_str, name = name.split("_", 2)
+            depth = int(depth_str)
+        except ValueError:
+            continue
+
+        cur_depth = local_overrides.get(name, (-1,))[0]
+
+        if cur_depth < depth:
+            local_overrides[name] = (depth, value)
+
+    # Modify the context with any derived context.
+    for name, (_, value) in local_overrides.items():
+        if value is missing:
+            data.pop(name, None)
+        else:
+            data[name] = value
+
+    return data
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/defaults.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/defaults.py
new file mode 100644
index 000000000..638cad3d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/defaults.py
@@ -0,0 +1,48 @@
+import typing as t
+
+from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
+from .tests import TESTS as DEFAULT_TESTS  # noqa: F401
+from .utils import Cycler
+from .utils import generate_lorem_ipsum
+from .utils import Joiner
+from .utils import Namespace
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+# defaults for the parser / lexer
+BLOCK_START_STRING = "{%"
+BLOCK_END_STRING = "%}"
+VARIABLE_START_STRING = "{{"
+VARIABLE_END_STRING = "}}"
+COMMENT_START_STRING = "{#"
+COMMENT_END_STRING = "#}"
+LINE_STATEMENT_PREFIX: t.Optional[str] = None
+LINE_COMMENT_PREFIX: t.Optional[str] = None
+TRIM_BLOCKS = False
+LSTRIP_BLOCKS = False
+NEWLINE_SEQUENCE: "te.Literal['\\n', '\\r\\n', '\\r']" = "\n"
+KEEP_TRAILING_NEWLINE = False
+
+# default filters, tests and namespace
+
+DEFAULT_NAMESPACE = {
+    "range": range,
+    "dict": dict,
+    "lipsum": generate_lorem_ipsum,
+    "cycler": Cycler,
+    "joiner": Joiner,
+    "namespace": Namespace,
+}
+
+# default policies
+DEFAULT_POLICIES: t.Dict[str, t.Any] = {
+    "compiler.ascii_str": True,
+    "urlize.rel": "noopener",
+    "urlize.target": None,
+    "urlize.extra_schemes": None,
+    "truncate.leeway": 5,
+    "json.dumps_function": None,
+    "json.dumps_kwargs": {"sort_keys": True},
+    "ext.i18n.trimmed": False,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/environment.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/environment.py
new file mode 100644
index 000000000..1d3be0bed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/environment.py
@@ -0,0 +1,1675 @@
+"""Classes for managing templates and their runtime and compile time
+options.
+"""
+
+import os
+import typing
+import typing as t
+import weakref
+from collections import ChainMap
+from functools import lru_cache
+from functools import partial
+from functools import reduce
+from types import CodeType
+
+from markupsafe import Markup
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import generate
+from .defaults import BLOCK_END_STRING
+from .defaults import BLOCK_START_STRING
+from .defaults import COMMENT_END_STRING
+from .defaults import COMMENT_START_STRING
+from .defaults import DEFAULT_FILTERS  # type: ignore[attr-defined]
+from .defaults import DEFAULT_NAMESPACE
+from .defaults import DEFAULT_POLICIES
+from .defaults import DEFAULT_TESTS  # type: ignore[attr-defined]
+from .defaults import KEEP_TRAILING_NEWLINE
+from .defaults import LINE_COMMENT_PREFIX
+from .defaults import LINE_STATEMENT_PREFIX
+from .defaults import LSTRIP_BLOCKS
+from .defaults import NEWLINE_SEQUENCE
+from .defaults import TRIM_BLOCKS
+from .defaults import VARIABLE_END_STRING
+from .defaults import VARIABLE_START_STRING
+from .exceptions import TemplateNotFound
+from .exceptions import TemplateRuntimeError
+from .exceptions import TemplatesNotFound
+from .exceptions import TemplateSyntaxError
+from .exceptions import UndefinedError
+from .lexer import get_lexer
+from .lexer import Lexer
+from .lexer import TokenStream
+from .nodes import EvalContext
+from .parser import Parser
+from .runtime import Context
+from .runtime import new_context
+from .runtime import Undefined
+from .utils import _PassArg
+from .utils import concat
+from .utils import consume
+from .utils import import_string
+from .utils import internalcode
+from .utils import LRUCache
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .bccache import BytecodeCache
+    from .ext import Extension
+    from .loaders import BaseLoader
+
+_env_bound = t.TypeVar("_env_bound", bound="Environment")
+
+
+# for direct template usage we have up to ten living environments
+@lru_cache(maxsize=10)
+def get_spontaneous_environment(cls: t.Type[_env_bound], *args: t.Any) -> _env_bound:
+    """Return a new spontaneous environment. A spontaneous environment
+    is used for templates created directly rather than through an
+    existing environment.
+
+    :param cls: Environment class to create.
+    :param args: Positional arguments passed to environment.
+    """
+    env = cls(*args)
+    env.shared = True
+    return env
+
+
+def create_cache(
+    size: int,
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Return the cache class for the given size."""
+    if size == 0:
+        return None
+
+    if size < 0:
+        return {}
+
+    return LRUCache(size)  # type: ignore
+
+
+def copy_cache(
+    cache: t.Optional[t.MutableMapping[t.Any, t.Any]],
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Create an empty copy of the given cache."""
+    if cache is None:
+        return None
+
+    if type(cache) is dict:  # noqa E721
+        return {}
+
+    return LRUCache(cache.capacity)  # type: ignore
+
+
+def load_extensions(
+    environment: "Environment",
+    extensions: t.Sequence[t.Union[str, t.Type["Extension"]]],
+) -> t.Dict[str, "Extension"]:
+    """Load the extensions from the list and bind it to the environment.
+    Returns a dict of instantiated extensions.
+    """
+    result = {}
+
+    for extension in extensions:
+        if isinstance(extension, str):
+            extension = t.cast(t.Type["Extension"], import_string(extension))
+
+        result[extension.identifier] = extension(environment)
+
+    return result
+
+
+def _environment_config_check(environment: "Environment") -> "Environment":
+    """Perform a sanity check on the environment."""
+    assert issubclass(
+        environment.undefined, Undefined
+    ), "'undefined' must be a subclass of 'jinja2.Undefined'."
+    assert (
+        environment.block_start_string
+        != environment.variable_start_string
+        != environment.comment_start_string
+    ), "block, variable and comment start strings must be different."
+    assert environment.newline_sequence in {
+        "\r",
+        "\r\n",
+        "\n",
+    }, "'newline_sequence' must be one of '\\n', '\\r\\n', or '\\r'."
+    return environment
+
+
+class Environment:
+    r"""The core component of Jinja is the `Environment`.  It contains
+    important shared variables like configuration, filters, tests,
+    globals and others.  Instances of this class may be modified if
+    they are not shared and if no template was loaded so far.
+    Modifications on environments after the first template was loaded
+    will lead to surprising effects and undefined behavior.
+
+    Here are the possible initialization parameters:
+
+        `block_start_string`
+            The string marking the beginning of a block.  Defaults to ``'{%'``.
+
+        `block_end_string`
+            The string marking the end of a block.  Defaults to ``'%}'``.
+
+        `variable_start_string`
+            The string marking the beginning of a print statement.
+            Defaults to ``'{{'``.
+
+        `variable_end_string`
+            The string marking the end of a print statement.  Defaults to
+            ``'}}'``.
+
+        `comment_start_string`
+            The string marking the beginning of a comment.  Defaults to ``'{#'``.
+
+        `comment_end_string`
+            The string marking the end of a comment.  Defaults to ``'#}'``.
+
+        `line_statement_prefix`
+            If given and a string, this will be used as prefix for line based
+            statements.  See also :ref:`line-statements`.
+
+        `line_comment_prefix`
+            If given and a string, this will be used as prefix for line based
+            comments.  See also :ref:`line-statements`.
+
+            .. versionadded:: 2.2
+
+        `trim_blocks`
+            If this is set to ``True`` the first newline after a block is
+            removed (block, not variable tag!).  Defaults to `False`.
+
+        `lstrip_blocks`
+            If this is set to ``True`` leading spaces and tabs are stripped
+            from the start of a line to a block.  Defaults to `False`.
+
+        `newline_sequence`
+            The sequence that starts a newline.  Must be one of ``'\r'``,
+            ``'\n'`` or ``'\r\n'``.  The default is ``'\n'`` which is a
+            useful default for Linux and OS X systems as well as web
+            applications.
+
+        `keep_trailing_newline`
+            Preserve the trailing newline when rendering templates.
+            The default is ``False``, which causes a single newline,
+            if present, to be stripped from the end of the template.
+
+            .. versionadded:: 2.7
+
+        `extensions`
+            List of Jinja extensions to use.  This can either be import paths
+            as strings or extension classes.  For more information have a
+            look at :ref:`the extensions documentation <jinja-extensions>`.
+
+        `optimized`
+            should the optimizer be enabled?  Default is ``True``.
+
+        `undefined`
+            :class:`Undefined` or a subclass of it that is used to represent
+            undefined values in the template.
+
+        `finalize`
+            A callable that can be used to process the result of a variable
+            expression before it is output.  For example one can convert
+            ``None`` implicitly into an empty string here.
+
+        `autoescape`
+            If set to ``True`` the XML/HTML autoescaping feature is enabled by
+            default.  For more details about autoescaping see
+            :class:`~markupsafe.Markup`.  As of Jinja 2.4 this can also
+            be a callable that is passed the template name and has to
+            return ``True`` or ``False`` depending on autoescape should be
+            enabled by default.
+
+            .. versionchanged:: 2.4
+               `autoescape` can now be a function
+
+        `loader`
+            The template loader for this environment.
+
+        `cache_size`
+            The size of the cache.  Per default this is ``400`` which means
+            that if more than 400 templates are loaded the loader will clean
+            out the least recently used template.  If the cache size is set to
+            ``0`` templates are recompiled all the time, if the cache size is
+            ``-1`` the cache will not be cleaned.
+
+            .. versionchanged:: 2.8
+               The cache size was increased to 400 from a low 50.
+
+        `auto_reload`
+            Some loaders load templates from locations where the template
+            sources may change (ie: file system or database).  If
+            ``auto_reload`` is set to ``True`` (default) every time a template is
+            requested the loader checks if the source changed and if yes, it
+            will reload the template.  For higher performance it's possible to
+            disable that.
+
+        `bytecode_cache`
+            If set to a bytecode cache object, this object will provide a
+            cache for the internal Jinja bytecode so that templates don't
+            have to be parsed if they were not changed.
+
+            See :ref:`bytecode-cache` for more information.
+
+        `enable_async`
+            If set to true this enables async template execution which
+            allows using async functions and generators.
+    """
+
+    #: if this environment is sandboxed.  Modifying this variable won't make
+    #: the environment sandboxed though.  For a real sandboxed environment
+    #: have a look at jinja2.sandbox.  This flag alone controls the code
+    #: generation by the compiler.
+    sandboxed = False
+
+    #: True if the environment is just an overlay
+    overlayed = False
+
+    #: the environment this environment is linked to if it is an overlay
+    linked_to: t.Optional["Environment"] = None
+
+    #: shared environments have this set to `True`.  A shared environment
+    #: must not be modified
+    shared = False
+
+    #: the class that is used for code generation.  See
+    #: :class:`~jinja2.compiler.CodeGenerator` for more information.
+    code_generator_class: t.Type["CodeGenerator"] = CodeGenerator
+
+    concat = "".join
+
+    #: the context class that is used for templates.  See
+    #: :class:`~jinja2.runtime.Context` for more information.
+    context_class: t.Type[Context] = Context
+
+    template_class: t.Type["Template"]
+
+    def __init__(
+        self,
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        loader: t.Optional["BaseLoader"] = None,
+        cache_size: int = 400,
+        auto_reload: bool = True,
+        bytecode_cache: t.Optional["BytecodeCache"] = None,
+        enable_async: bool = False,
+    ):
+        # !!Important notice!!
+        #   The constructor accepts quite a few arguments that should be
+        #   passed by keyword rather than position.  However it's important to
+        #   not change the order of arguments because it's used at least
+        #   internally in those cases:
+        #       -   spontaneous environments (i18n extension and Template)
+        #       -   unittests
+        #   If parameter changes are required only add parameters at the end
+        #   and don't change the arguments (or the defaults!) of the arguments
+        #   existing already.
+
+        # lexer / parser information
+        self.block_start_string = block_start_string
+        self.block_end_string = block_end_string
+        self.variable_start_string = variable_start_string
+        self.variable_end_string = variable_end_string
+        self.comment_start_string = comment_start_string
+        self.comment_end_string = comment_end_string
+        self.line_statement_prefix = line_statement_prefix
+        self.line_comment_prefix = line_comment_prefix
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
+        self.newline_sequence = newline_sequence
+        self.keep_trailing_newline = keep_trailing_newline
+
+        # runtime information
+        self.undefined: t.Type[Undefined] = undefined
+        self.optimized = optimized
+        self.finalize = finalize
+        self.autoescape = autoescape
+
+        # defaults
+        self.filters = DEFAULT_FILTERS.copy()
+        self.tests = DEFAULT_TESTS.copy()
+        self.globals = DEFAULT_NAMESPACE.copy()
+
+        # set the loader provided
+        self.loader = loader
+        self.cache = create_cache(cache_size)
+        self.bytecode_cache = bytecode_cache
+        self.auto_reload = auto_reload
+
+        # configurable policies
+        self.policies = DEFAULT_POLICIES.copy()
+
+        # load extensions
+        self.extensions = load_extensions(self, extensions)
+
+        self.is_async = enable_async
+        _environment_config_check(self)
+
+    def add_extension(self, extension: t.Union[str, t.Type["Extension"]]) -> None:
+        """Adds an extension after the environment was created.
+
+        .. versionadded:: 2.5
+        """
+        self.extensions.update(load_extensions(self, [extension]))
+
+    def extend(self, **attributes: t.Any) -> None:
+        """Add the items to the instance of the environment if they do not exist
+        yet.  This is used by :ref:`extensions <writing-extensions>` to register
+        callbacks and configuration values without breaking inheritance.
+        """
+        for key, value in attributes.items():
+            if not hasattr(self, key):
+                setattr(self, key, value)
+
+    def overlay(
+        self,
+        block_start_string: str = missing,
+        block_end_string: str = missing,
+        variable_start_string: str = missing,
+        variable_end_string: str = missing,
+        comment_start_string: str = missing,
+        comment_end_string: str = missing,
+        line_statement_prefix: t.Optional[str] = missing,
+        line_comment_prefix: t.Optional[str] = missing,
+        trim_blocks: bool = missing,
+        lstrip_blocks: bool = missing,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = missing,
+        keep_trailing_newline: bool = missing,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = missing,
+        optimized: bool = missing,
+        undefined: t.Type[Undefined] = missing,
+        finalize: t.Optional[t.Callable[..., t.Any]] = missing,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = missing,
+        loader: t.Optional["BaseLoader"] = missing,
+        cache_size: int = missing,
+        auto_reload: bool = missing,
+        bytecode_cache: t.Optional["BytecodeCache"] = missing,
+        enable_async: bool = False,
+    ) -> "Environment":
+        """Create a new overlay environment that shares all the data with the
+        current environment except for cache and the overridden attributes.
+        Extensions cannot be removed for an overlayed environment.  An overlayed
+        environment automatically gets all the extensions of the environment it
+        is linked to plus optional extra extensions.
+
+        Creating overlays should happen after the initial environment was set
+        up completely.  Not all attributes are truly linked, some are just
+        copied over so modifications on the original environment may not shine
+        through.
+
+        .. versionchanged:: 3.1.2
+            Added the ``newline_sequence``,, ``keep_trailing_newline``,
+            and ``enable_async`` parameters to match ``__init__``.
+        """
+        args = dict(locals())
+        del args["self"], args["cache_size"], args["extensions"], args["enable_async"]
+
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.overlayed = True
+        rv.linked_to = self
+
+        for key, value in args.items():
+            if value is not missing:
+                setattr(rv, key, value)
+
+        if cache_size is not missing:
+            rv.cache = create_cache(cache_size)
+        else:
+            rv.cache = copy_cache(self.cache)
+
+        rv.extensions = {}
+        for key, value in self.extensions.items():
+            rv.extensions[key] = value.bind(rv)
+        if extensions is not missing:
+            rv.extensions.update(load_extensions(rv, extensions))
+
+        if enable_async is not missing:
+            rv.is_async = enable_async
+
+        return _environment_config_check(rv)
+
+    @property
+    def lexer(self) -> Lexer:
+        """The lexer for this environment."""
+        return get_lexer(self)
+
+    def iter_extensions(self) -> t.Iterator["Extension"]:
+        """Iterates over the extensions by priority."""
+        return iter(sorted(self.extensions.values(), key=lambda x: x.priority))
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Get an item or attribute of an object but prefer the item."""
+        try:
+            return obj[argument]
+        except (AttributeError, TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        return getattr(obj, attr)
+                    except AttributeError:
+                        pass
+            return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Any:
+        """Get an item or attribute of an object but prefer the attribute.
+        Unlike :meth:`getitem` the attribute *must* be a string.
+        """
+        try:
+            return getattr(obj, attribute)
+        except AttributeError:
+            pass
+        try:
+            return obj[attribute]
+        except (TypeError, LookupError, AttributeError):
+            return self.undefined(obj=obj, name=attribute)
+
+    def _filter_test_common(
+        self,
+        name: t.Union[str, Undefined],
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]],
+        kwargs: t.Optional[t.Mapping[str, t.Any]],
+        context: t.Optional[Context],
+        eval_ctx: t.Optional[EvalContext],
+        is_filter: bool,
+    ) -> t.Any:
+        if is_filter:
+            env_map = self.filters
+            type_name = "filter"
+        else:
+            env_map = self.tests
+            type_name = "test"
+
+        func = env_map.get(name)  # type: ignore
+
+        if func is None:
+            msg = f"No {type_name} named {name!r}."
+
+            if isinstance(name, Undefined):
+                try:
+                    name._fail_with_undefined_error()
+                except Exception as e:
+                    msg = f"{msg} ({e}; did you forget to quote the callable name?)"
+
+            raise TemplateRuntimeError(msg)
+
+        args = [value, *(args if args is not None else ())]
+        kwargs = kwargs if kwargs is not None else {}
+        pass_arg = _PassArg.from_obj(func)
+
+        if pass_arg is _PassArg.context:
+            if context is None:
+                raise TemplateRuntimeError(
+                    f"Attempted to invoke a context {type_name} without context."
+                )
+
+            args.insert(0, context)
+        elif pass_arg is _PassArg.eval_context:
+            if eval_ctx is None:
+                if context is not None:
+                    eval_ctx = context.eval_ctx
+                else:
+                    eval_ctx = EvalContext(self)
+
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, self)
+
+        return func(*args, **kwargs)
+
+    def call_filter(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a filter on a value the same way the compiler does.
+
+        This might return a coroutine if the filter is running from an
+        environment in async mode and the filter supports async
+        execution. It's your responsibility to await this if needed.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, True
+        )
+
+    def call_test(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a test on a value the same way the compiler does.
+
+        This might return a coroutine if the test is running from an
+        environment in async mode and the test supports async execution.
+        It's your responsibility to await this if needed.
+
+        .. versionchanged:: 3.0
+            Tests support ``@pass_context``, etc. decorators. Added
+            the ``context`` and ``eval_ctx`` parameters.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, False
+        )
+
+    @internalcode
+    def parse(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> nodes.Template:
+        """Parse the sourcecode and return the abstract syntax tree.  This
+        tree of nodes is used by the compiler to convert the template into
+        executable source- or bytecode.  This is useful for debugging or to
+        extract information from templates.
+
+        If you are :ref:`developing Jinja extensions <writing-extensions>`
+        this gives you a good overview of the node tree generated.
+        """
+        try:
+            return self._parse(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def _parse(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str]
+    ) -> nodes.Template:
+        """Internal parsing function used by `parse` and `compile`."""
+        return Parser(self, source, name, filename).parse()
+
+    def lex(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """Lex the given sourcecode and return a generator that yields
+        tokens as tuples in the form ``(lineno, token_type, value)``.
+        This can be useful for :ref:`extension development <writing-extensions>`
+        and debugging templates.
+
+        This does not perform preprocessing.  If you want the preprocessing
+        of the extensions to be applied you have to filter source through
+        the :meth:`preprocess` method.
+        """
+        source = str(source)
+        try:
+            return self.lexer.tokeniter(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def preprocess(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> str:
+        """Preprocesses the source with all extensions.  This is automatically
+        called for all parsing and compiling methods but *not* for :meth:`lex`
+        because there you usually only want the actual source tokenized.
+        """
+        return reduce(
+            lambda s, e: e.preprocess(s, name, filename),
+            self.iter_extensions(),
+            str(source),
+        )
+
+    def _tokenize(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Called by the parser to do the preprocessing and filtering
+        for all the extensions.  Returns a :class:`~jinja2.lexer.TokenStream`.
+        """
+        source = self.preprocess(source, name, filename)
+        stream = self.lexer.tokenize(source, name, filename, state)
+
+        for ext in self.iter_extensions():
+            stream = ext.filter_stream(stream)  # type: ignore
+
+            if not isinstance(stream, TokenStream):
+                stream = TokenStream(stream, name, filename)
+
+        return stream
+
+    def _generate(
+        self,
+        source: nodes.Template,
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        defer_init: bool = False,
+    ) -> str:
+        """Internal hook that can be overridden to hook a different generate
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return generate(  # type: ignore
+            source,
+            self,
+            name,
+            filename,
+            defer_init=defer_init,
+            optimized=self.optimized,
+        )
+
+    def _compile(self, source: str, filename: str) -> CodeType:
+        """Internal hook that can be overridden to hook a different compile
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return compile(source, filename, "exec")
+
+    @typing.overload
+    def compile(  # type: ignore
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[False]" = False,
+        defer_init: bool = False,
+    ) -> CodeType: ...
+
+    @typing.overload
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[True]" = ...,
+        defer_init: bool = False,
+    ) -> str: ...
+
+    @internalcode
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: bool = False,
+        defer_init: bool = False,
+    ) -> t.Union[str, CodeType]:
+        """Compile a node or template source code.  The `name` parameter is
+        the load name of the template after it was joined using
+        :meth:`join_path` if necessary, not the filename on the file system.
+        the `filename` parameter is the estimated filename of the template on
+        the file system.  If the template came from a database or memory this
+        can be omitted.
+
+        The return value of this method is a python code object.  If the `raw`
+        parameter is `True` the return value will be a string with python
+        code equivalent to the bytecode returned otherwise.  This method is
+        mainly used internally.
+
+        `defer_init` is use internally to aid the module code generator.  This
+        causes the generated code to be able to import without the global
+        environment variable to be set.
+
+        .. versionadded:: 2.4
+           `defer_init` parameter added.
+        """
+        source_hint = None
+        try:
+            if isinstance(source, str):
+                source_hint = source
+                source = self._parse(source, name, filename)
+            source = self._generate(source, name, filename, defer_init=defer_init)
+            if raw:
+                return source
+            if filename is None:
+                filename = "<template>"
+            return self._compile(source, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source_hint)
+
+    def compile_expression(
+        self, source: str, undefined_to_none: bool = True
+    ) -> "TemplateExpression":
+        """A handy helper method that returns a callable that accepts keyword
+        arguments that appear as variables in the expression.  If called it
+        returns the result of the expression.
+
+        This is useful if applications want to use the same rules as Jinja
+        in template "configuration files" or similar situations.
+
+        Example usage:
+
+        >>> env = Environment()
+        >>> expr = env.compile_expression('foo == 42')
+        >>> expr(foo=23)
+        False
+        >>> expr(foo=42)
+        True
+
+        Per default the return value is converted to `None` if the
+        expression returns an undefined value.  This can be changed
+        by setting `undefined_to_none` to `False`.
+
+        >>> env.compile_expression('var')() is None
+        True
+        >>> env.compile_expression('var', undefined_to_none=False)()
+        Undefined
+
+        .. versionadded:: 2.1
+        """
+        parser = Parser(self, source, state="variable")
+        try:
+            expr = parser.parse_expression()
+            if not parser.stream.eos:
+                raise TemplateSyntaxError(
+                    "chunk after expression", parser.stream.current.lineno, None, None
+                )
+            expr.set_environment(self)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+        body = [nodes.Assign(nodes.Name("result", "store"), expr, lineno=1)]
+        template = self.from_string(nodes.Template(body, lineno=1))
+        return TemplateExpression(template, undefined_to_none)
+
+    def compile_templates(
+        self,
+        target: t.Union[str, "os.PathLike[str]"],
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+        zip: t.Optional[str] = "deflated",
+        log_function: t.Optional[t.Callable[[str], None]] = None,
+        ignore_errors: bool = True,
+    ) -> None:
+        """Finds all the templates the loader can find, compiles them
+        and stores them in `target`.  If `zip` is `None`, instead of in a
+        zipfile, the templates will be stored in a directory.
+        By default a deflate zip algorithm is used. To switch to
+        the stored algorithm, `zip` can be set to ``'stored'``.
+
+        `extensions` and `filter_func` are passed to :meth:`list_templates`.
+        Each template returned will be compiled to the target folder or
+        zipfile.
+
+        By default template compilation errors are ignored.  In case a
+        log function is provided, errors are logged.  If you want template
+        syntax errors to abort the compilation you can set `ignore_errors`
+        to `False` and you will get an exception on syntax errors.
+
+        .. versionadded:: 2.4
+        """
+        from .loaders import ModuleLoader
+
+        if log_function is None:
+
+            def log_function(x: str) -> None:
+                pass
+
+        assert log_function is not None
+        assert self.loader is not None, "No loader configured."
+
+        def write_file(filename: str, data: str) -> None:
+            if zip:
+                info = ZipInfo(filename)
+                info.external_attr = 0o755 << 16
+                zip_file.writestr(info, data)
+            else:
+                with open(os.path.join(target, filename), "wb") as f:
+                    f.write(data.encode("utf8"))
+
+        if zip is not None:
+            from zipfile import ZIP_DEFLATED
+            from zipfile import ZIP_STORED
+            from zipfile import ZipFile
+            from zipfile import ZipInfo
+
+            zip_file = ZipFile(
+                target, "w", dict(deflated=ZIP_DEFLATED, stored=ZIP_STORED)[zip]
+            )
+            log_function(f"Compiling into Zip archive {target!r}")
+        else:
+            if not os.path.isdir(target):
+                os.makedirs(target)
+            log_function(f"Compiling into folder {target!r}")
+
+        try:
+            for name in self.list_templates(extensions, filter_func):
+                source, filename, _ = self.loader.get_source(self, name)
+                try:
+                    code = self.compile(source, name, filename, True, True)
+                except TemplateSyntaxError as e:
+                    if not ignore_errors:
+                        raise
+                    log_function(f'Could not compile "{name}": {e}')
+                    continue
+
+                filename = ModuleLoader.get_module_filename(name)
+
+                write_file(filename, code)
+                log_function(f'Compiled "{name}" as {filename}')
+        finally:
+            if zip:
+                zip_file.close()
+
+        log_function("Finished compiling templates")
+
+    def list_templates(
+        self,
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+    ) -> t.List[str]:
+        """Returns a list of templates for this environment.  This requires
+        that the loader supports the loader's
+        :meth:`~BaseLoader.list_templates` method.
+
+        If there are other files in the template folder besides the
+        actual templates, the returned list can be filtered.  There are two
+        ways: either `extensions` is set to a list of file extensions for
+        templates, or a `filter_func` can be provided which is a callable that
+        is passed a template name and should return `True` if it should end up
+        in the result list.
+
+        If the loader does not support that, a :exc:`TypeError` is raised.
+
+        .. versionadded:: 2.4
+        """
+        assert self.loader is not None, "No loader configured."
+        names = self.loader.list_templates()
+
+        if extensions is not None:
+            if filter_func is not None:
+                raise TypeError(
+                    "either extensions or filter_func can be passed, but not both"
+                )
+
+            def filter_func(x: str) -> bool:
+                return "." in x and x.rsplit(".", 1)[1] in extensions
+
+        if filter_func is not None:
+            names = [name for name in names if filter_func(name)]
+
+        return names
+
+    def handle_exception(self, source: t.Optional[str] = None) -> "te.NoReturn":
+        """Exception handling helper.  This is used internally to either raise
+        rewritten exceptions or return a rendered traceback for the template.
+        """
+        from .debug import rewrite_traceback_stack
+
+        raise rewrite_traceback_stack(source=source)
+
+    def join_path(self, template: str, parent: str) -> str:
+        """Join a template with the parent.  By default all the lookups are
+        relative to the loader root so this method returns the `template`
+        parameter unchanged, but if the paths should be relative to the
+        parent template, this function can be used to calculate the real
+        template name.
+
+        Subclasses may override this method and implement template path
+        joining here.
+        """
+        return template
+
+    @internalcode
+    def _load_template(
+        self, name: str, globals: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> "Template":
+        if self.loader is None:
+            raise TypeError("no loader for this environment specified")
+        cache_key = (weakref.ref(self.loader), name)
+        if self.cache is not None:
+            template = self.cache.get(cache_key)
+            if template is not None and (
+                not self.auto_reload or template.is_up_to_date
+            ):
+                # template.globals is a ChainMap, modifying it will only
+                # affect the template, not the environment globals.
+                if globals:
+                    template.globals.update(globals)
+
+                return template
+
+        template = self.loader.load(self, name, self.make_globals(globals))
+
+        if self.cache is not None:
+            self.cache[cache_key] = template
+        return template
+
+    @internalcode
+    def get_template(
+        self,
+        name: t.Union[str, "Template"],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Load a template by name with :attr:`loader` and return a
+        :class:`Template`. If the template does not exist a
+        :exc:`TemplateNotFound` exception is raised.
+
+        :param name: Name of the template to load. When loading
+            templates from the filesystem, "/" is used as the path
+            separator, even on Windows.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.4
+            If ``name`` is a :class:`Template` object it is returned
+            unchanged.
+        """
+        if isinstance(name, Template):
+            return name
+        if parent is not None:
+            name = self.join_path(name, parent)
+
+        return self._load_template(name, globals)
+
+    @internalcode
+    def select_template(
+        self,
+        names: t.Iterable[t.Union[str, "Template"]],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Like :meth:`get_template`, but tries loading multiple names.
+        If none of the names can be loaded a :exc:`TemplatesNotFound`
+        exception is raised.
+
+        :param names: List of template names to try loading in order.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.11
+            If ``names`` is :class:`Undefined`, an :exc:`UndefinedError`
+            is raised instead. If no templates were found and ``names``
+            contains :class:`Undefined`, the message is more helpful.
+
+        .. versionchanged:: 2.4
+            If ``names`` contains a :class:`Template` object it is
+            returned unchanged.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(names, Undefined):
+            names._fail_with_undefined_error()
+
+        if not names:
+            raise TemplatesNotFound(
+                message="Tried to select from an empty list of templates."
+            )
+
+        for name in names:
+            if isinstance(name, Template):
+                return name
+            if parent is not None:
+                name = self.join_path(name, parent)
+            try:
+                return self._load_template(name, globals)
+            except (TemplateNotFound, UndefinedError):
+                pass
+        raise TemplatesNotFound(names)  # type: ignore
+
+    @internalcode
+    def get_or_select_template(
+        self,
+        template_name_or_list: t.Union[
+            str, "Template", t.List[t.Union[str, "Template"]]
+        ],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Use :meth:`select_template` if an iterable of template names
+        is given, or :meth:`get_template` if one name is given.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(template_name_or_list, (str, Undefined)):
+            return self.get_template(template_name_or_list, parent, globals)
+        elif isinstance(template_name_or_list, Template):
+            return template_name_or_list
+        return self.select_template(template_name_or_list, parent, globals)
+
+    def from_string(
+        self,
+        source: t.Union[str, nodes.Template],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        template_class: t.Optional[t.Type["Template"]] = None,
+    ) -> "Template":
+        """Load a template from a source string without using
+        :attr:`loader`.
+
+        :param source: Jinja source to compile into a template.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+        :param template_class: Return an instance of this
+            :class:`Template` class.
+        """
+        gs = self.make_globals(globals)
+        cls = template_class or self.template_class
+        return cls.from_code(self, self.compile(source), gs, None)
+
+    def make_globals(
+        self, d: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> t.MutableMapping[str, t.Any]:
+        """Make the globals map for a template. Any given template
+        globals overlay the environment :attr:`globals`.
+
+        Returns a :class:`collections.ChainMap`. This allows any changes
+        to a template's globals to only affect that template, while
+        changes to the environment's globals are still reflected.
+        However, avoid modifying any globals after a template is loaded.
+
+        :param d: Dict of template-specific globals.
+
+        .. versionchanged:: 3.0
+            Use :class:`collections.ChainMap` to always prevent mutating
+            environment globals.
+        """
+        if d is None:
+            d = {}
+
+        return ChainMap(d, self.globals)
+
+
+class Template:
+    """A compiled template that can be rendered.
+
+    Use the methods on :class:`Environment` to create or load templates.
+    The environment is used to configure how templates are compiled and
+    behave.
+
+    It is also possible to create a template object directly. This is
+    not usually recommended. The constructor takes most of the same
+    arguments as :class:`Environment`. All templates created with the
+    same environment arguments share the same ephemeral ``Environment``
+    instance behind the scenes.
+
+    A template object should be considered immutable. Modifications on
+    the object are not supported.
+    """
+
+    #: Type of environment to create when creating a template directly
+    #: rather than through an existing environment.
+    environment_class: t.Type[Environment] = Environment
+
+    environment: Environment
+    globals: t.MutableMapping[str, t.Any]
+    name: t.Optional[str]
+    filename: t.Optional[str]
+    blocks: t.Dict[str, t.Callable[[Context], t.Iterator[str]]]
+    root_render_func: t.Callable[[Context], t.Iterator[str]]
+    _module: t.Optional["TemplateModule"]
+    _debug_info: str
+    _uptodate: t.Optional[t.Callable[[], bool]]
+
+    def __new__(
+        cls,
+        source: t.Union[str, nodes.Template],
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        enable_async: bool = False,
+    ) -> t.Any:  # it returns a `Template`, but this breaks the sphinx build...
+        env = get_spontaneous_environment(
+            cls.environment_class,  # type: ignore
+            block_start_string,
+            block_end_string,
+            variable_start_string,
+            variable_end_string,
+            comment_start_string,
+            comment_end_string,
+            line_statement_prefix,
+            line_comment_prefix,
+            trim_blocks,
+            lstrip_blocks,
+            newline_sequence,
+            keep_trailing_newline,
+            frozenset(extensions),
+            optimized,
+            undefined,  # type: ignore
+            finalize,
+            autoescape,
+            None,
+            0,
+            False,
+            None,
+            enable_async,
+        )
+        return env.from_string(source, template_class=cls)
+
+    @classmethod
+    def from_code(
+        cls,
+        environment: Environment,
+        code: CodeType,
+        globals: t.MutableMapping[str, t.Any],
+        uptodate: t.Optional[t.Callable[[], bool]] = None,
+    ) -> "Template":
+        """Creates a template object from compiled code and the globals.  This
+        is used by the loaders and environment to create a template object.
+        """
+        namespace = {"environment": environment, "__file__": code.co_filename}
+        exec(code, namespace)
+        rv = cls._from_namespace(environment, namespace, globals)
+        rv._uptodate = uptodate
+        return rv
+
+    @classmethod
+    def from_module_dict(
+        cls,
+        environment: Environment,
+        module_dict: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        """Creates a template object from a module.  This is used by the
+        module loader to create a template object.
+
+        .. versionadded:: 2.4
+        """
+        return cls._from_namespace(environment, module_dict, globals)
+
+    @classmethod
+    def _from_namespace(
+        cls,
+        environment: Environment,
+        namespace: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        t: "Template" = object.__new__(cls)
+        t.environment = environment
+        t.globals = globals
+        t.name = namespace["name"]
+        t.filename = namespace["__file__"]
+        t.blocks = namespace["blocks"]
+
+        # render function and module
+        t.root_render_func = namespace["root"]
+        t._module = None
+
+        # debug and loader helpers
+        t._debug_info = namespace["debug_info"]
+        t._uptodate = None
+
+        # store the reference
+        namespace["environment"] = environment
+        namespace["__jinja_template__"] = t
+
+        return t
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This method accepts the same arguments as the `dict` constructor:
+        A dict, a dict subclass or some keyword arguments.  If no arguments
+        are given the context will be empty.  These two calls do the same::
+
+            template.render(knights='that say nih')
+            template.render({'knights': 'that say nih'})
+
+        This will return the rendered template as a string.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            close = False
+
+            try:
+                loop = asyncio.get_running_loop()
+            except RuntimeError:
+                loop = asyncio.new_event_loop()
+                close = True
+
+            try:
+                return loop.run_until_complete(self.render_async(*args, **kwargs))
+            finally:
+                if close:
+                    loop.close()
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(self.root_render_func(ctx))  # type: ignore
+        except Exception:
+            self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This works similar to :meth:`render` but returns a coroutine
+        that when awaited returns the entire rendered template string.  This
+        requires the async feature to be enabled.
+
+        Example usage::
+
+            await template.render_async(knights='that say nih; asynchronously')
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    def stream(self, *args: t.Any, **kwargs: t.Any) -> "TemplateStream":
+        """Works exactly like :meth:`generate` but returns a
+        :class:`TemplateStream`.
+        """
+        return TemplateStream(self.generate(*args, **kwargs))
+
+    def generate(self, *args: t.Any, **kwargs: t.Any) -> t.Iterator[str]:
+        """For very large templates it can be useful to not render the whole
+        template at once but evaluate each statement after another and yield
+        piece for piece.  This method basically does exactly that and returns
+        a generator that yields one item after another as strings.
+
+        It accepts the same arguments as :meth:`render`.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            async def to_list() -> t.List[str]:
+                return [x async for x in self.generate_async(*args, **kwargs)]
+
+            yield from asyncio.run(to_list())
+            return
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            yield from self.root_render_func(ctx)
+        except Exception:
+            yield self.environment.handle_exception()
+
+    async def generate_async(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.AsyncIterator[str]:
+        """An async version of :meth:`generate`.  Works very similarly but
+        returns an async iterator instead.
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            async for event in self.root_render_func(ctx):  # type: ignore
+                yield event
+        except Exception:
+            yield self.environment.handle_exception()
+
+    def new_context(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> Context:
+        """Create a new :class:`Context` for this template.  The vars
+        provided will be passed to the template.  Per default the globals
+        are added to the context.  If shared is set to `True` the data
+        is passed as is to the context without adding the globals.
+
+        `locals` can be a dict of local variables for internal usage.
+        """
+        return new_context(
+            self.environment, self.name, self.blocks, vars, shared, self.globals, locals
+        )
+
+    def make_module(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """This method works like the :attr:`module` attribute when called
+        without arguments but it will evaluate the template on every call
+        rather than caching it.  It's also possible to provide
+        a dict which is then used as context.  The arguments are the same
+        as for the :meth:`new_context` method.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(self, ctx)
+
+    async def make_module_async(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """As template module creation can invoke template code for
+        asynchronous executions this method must be used instead of the
+        normal :meth:`make_module` one.  Likewise the module attribute
+        becomes unavailable in async mode.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(
+            self,
+            ctx,
+            [x async for x in self.root_render_func(ctx)],  # type: ignore
+        )
+
+    @internalcode
+    def _get_default_module(self, ctx: t.Optional[Context] = None) -> "TemplateModule":
+        """If a context is passed in, this means that the template was
+        imported. Imported templates have access to the current
+        template's globals by default, but they can only be accessed via
+        the context during runtime.
+
+        If there are new globals, we need to create a new module because
+        the cached module is already rendered and will not have access
+        to globals from the current context. This new module is not
+        cached because the template can be imported elsewhere, and it
+        should have access to only the current template's globals.
+        """
+        if self.environment.is_async:
+            raise RuntimeError("Module is not available in async mode.")
+
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return self.make_module({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = self.make_module()
+
+        return self._module
+
+    async def _get_default_module_async(
+        self, ctx: t.Optional[Context] = None
+    ) -> "TemplateModule":
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return await self.make_module_async({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = await self.make_module_async()
+
+        return self._module
+
+    @property
+    def module(self) -> "TemplateModule":
+        """The template as module.  This is used for imports in the
+        template runtime but is also useful if one wants to access
+        exported template variables from the Python layer:
+
+        >>> t = Template('{% macro foo() %}42{% endmacro %}23')
+        >>> str(t.module)
+        '23'
+        >>> t.module.foo() == u'42'
+        True
+
+        This attribute is not available if async mode is enabled.
+        """
+        return self._get_default_module()
+
+    def get_corresponding_lineno(self, lineno: int) -> int:
+        """Return the source line number of a line number in the
+        generated bytecode as they are not in sync.
+        """
+        for template_line, code_line in reversed(self.debug_info):
+            if code_line <= lineno:
+                return template_line
+        return 1
+
+    @property
+    def is_up_to_date(self) -> bool:
+        """If this variable is `False` there is a newer version available."""
+        if self._uptodate is None:
+            return True
+        return self._uptodate()
+
+    @property
+    def debug_info(self) -> t.List[t.Tuple[int, int]]:
+        """The debug info mapping."""
+        if self._debug_info:
+            return [
+                tuple(map(int, x.split("=")))  # type: ignore
+                for x in self._debug_info.split("&")
+            ]
+
+        return []
+
+    def __repr__(self) -> str:
+        if self.name is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateModule:
+    """Represents an imported template.  All the exported names of the
+    template are available as attributes on this object.  Additionally
+    converting it into a string renders the contents.
+    """
+
+    def __init__(
+        self,
+        template: Template,
+        context: Context,
+        body_stream: t.Optional[t.Iterable[str]] = None,
+    ) -> None:
+        if body_stream is None:
+            if context.environment.is_async:
+                raise RuntimeError(
+                    "Async mode requires a body stream to be passed to"
+                    " a template module. Use the async methods of the"
+                    " API you are using."
+                )
+
+            body_stream = list(template.root_render_func(context))
+
+        self._body_stream = body_stream
+        self.__dict__.update(context.get_exported())
+        self.__name__ = template.name
+
+    def __html__(self) -> Markup:
+        return Markup(concat(self._body_stream))
+
+    def __str__(self) -> str:
+        return concat(self._body_stream)
+
+    def __repr__(self) -> str:
+        if self.__name__ is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.__name__)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateExpression:
+    """The :meth:`jinja2.Environment.compile_expression` method returns an
+    instance of this object.  It encapsulates the expression-like access
+    to the template with an expression it wraps.
+    """
+
+    def __init__(self, template: Template, undefined_to_none: bool) -> None:
+        self._template = template
+        self._undefined_to_none = undefined_to_none
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Optional[t.Any]:
+        context = self._template.new_context(dict(*args, **kwargs))
+        consume(self._template.root_render_func(context))
+        rv = context.vars["result"]
+        if self._undefined_to_none and isinstance(rv, Undefined):
+            rv = None
+        return rv
+
+
+class TemplateStream:
+    """A template stream works pretty much like an ordinary python generator
+    but it can buffer multiple items to reduce the number of total iterations.
+    Per default the output is unbuffered which means that for every unbuffered
+    instruction in the template one string is yielded.
+
+    If buffering is enabled with a buffer size of 5, five items are combined
+    into a new string.  This is mainly useful if you are streaming
+    big templates to a client via WSGI which flushes after each iteration.
+    """
+
+    def __init__(self, gen: t.Iterator[str]) -> None:
+        self._gen = gen
+        self.disable_buffering()
+
+    def dump(
+        self,
+        fp: t.Union[str, t.IO[bytes]],
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+    ) -> None:
+        """Dump the complete stream into a file or file-like object.
+        Per default strings are written, if you want to encode
+        before writing specify an `encoding`.
+
+        Example usage::
+
+            Template('Hello {{ name }}!').stream(name='foo').dump('hello.html')
+        """
+        close = False
+
+        if isinstance(fp, str):
+            if encoding is None:
+                encoding = "utf-8"
+
+            real_fp: t.IO[bytes] = open(fp, "wb")
+            close = True
+        else:
+            real_fp = fp
+
+        try:
+            if encoding is not None:
+                iterable = (x.encode(encoding, errors) for x in self)  # type: ignore
+            else:
+                iterable = self  # type: ignore
+
+            if hasattr(real_fp, "writelines"):
+                real_fp.writelines(iterable)
+            else:
+                for item in iterable:
+                    real_fp.write(item)
+        finally:
+            if close:
+                real_fp.close()
+
+    def disable_buffering(self) -> None:
+        """Disable the output buffering."""
+        self._next = partial(next, self._gen)
+        self.buffered = False
+
+    def _buffered_generator(self, size: int) -> t.Iterator[str]:
+        buf: t.List[str] = []
+        c_size = 0
+        push = buf.append
+
+        while True:
+            try:
+                while c_size < size:
+                    c = next(self._gen)
+                    push(c)
+                    if c:
+                        c_size += 1
+            except StopIteration:
+                if not c_size:
+                    return
+            yield concat(buf)
+            del buf[:]
+            c_size = 0
+
+    def enable_buffering(self, size: int = 5) -> None:
+        """Enable buffering.  Buffer `size` items before yielding them."""
+        if size <= 1:
+            raise ValueError("buffer size too small")
+
+        self.buffered = True
+        self._next = partial(next, self._buffered_generator(size))
+
+    def __iter__(self) -> "TemplateStream":
+        return self
+
+    def __next__(self) -> str:
+        return self._next()  # type: ignore
+
+
+# hook in default template class.  if anyone reads this comment: ignore that
+# it's possible to use custom templates ;-)
+Environment.template_class = Template
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/exceptions.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/exceptions.py
new file mode 100644
index 000000000..082ebe8f2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/exceptions.py
@@ -0,0 +1,166 @@
+import typing as t
+
+if t.TYPE_CHECKING:
+    from .runtime import Undefined
+
+
+class TemplateError(Exception):
+    """Baseclass for all template errors."""
+
+    def __init__(self, message: t.Optional[str] = None) -> None:
+        super().__init__(message)
+
+    @property
+    def message(self) -> t.Optional[str]:
+        return self.args[0] if self.args else None
+
+
+class TemplateNotFound(IOError, LookupError, TemplateError):
+    """Raised if a template does not exist.
+
+    .. versionchanged:: 2.11
+        If the given name is :class:`Undefined` and no message was
+        provided, an :exc:`UndefinedError` is raised.
+    """
+
+    # Silence the Python warning about message being deprecated since
+    # it's not valid here.
+    message: t.Optional[str] = None
+
+    def __init__(
+        self,
+        name: t.Optional[t.Union[str, "Undefined"]],
+        message: t.Optional[str] = None,
+    ) -> None:
+        IOError.__init__(self, name)
+
+        if message is None:
+            from .runtime import Undefined
+
+            if isinstance(name, Undefined):
+                name._fail_with_undefined_error()
+
+            message = name
+
+        self.message = message
+        self.name = name
+        self.templates = [name]
+
+    def __str__(self) -> str:
+        return str(self.message)
+
+
+class TemplatesNotFound(TemplateNotFound):
+    """Like :class:`TemplateNotFound` but raised if multiple templates
+    are selected.  This is a subclass of :class:`TemplateNotFound`
+    exception, so just catching the base exception will catch both.
+
+    .. versionchanged:: 2.11
+        If a name in the list of names is :class:`Undefined`, a message
+        about it being undefined is shown rather than the empty string.
+
+    .. versionadded:: 2.2
+    """
+
+    def __init__(
+        self,
+        names: t.Sequence[t.Union[str, "Undefined"]] = (),
+        message: t.Optional[str] = None,
+    ) -> None:
+        if message is None:
+            from .runtime import Undefined
+
+            parts = []
+
+            for name in names:
+                if isinstance(name, Undefined):
+                    parts.append(name._undefined_message)
+                else:
+                    parts.append(name)
+
+            parts_str = ", ".join(map(str, parts))
+            message = f"none of the templates given were found: {parts_str}"
+
+        super().__init__(names[-1] if names else None, message)
+        self.templates = list(names)
+
+
+class TemplateSyntaxError(TemplateError):
+    """Raised to tell the user that there is a problem with the template."""
+
+    def __init__(
+        self,
+        message: str,
+        lineno: int,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message)
+        self.lineno = lineno
+        self.name = name
+        self.filename = filename
+        self.source: t.Optional[str] = None
+
+        # this is set to True if the debug.translate_syntax_error
+        # function translated the syntax error into a new traceback
+        self.translated = False
+
+    def __str__(self) -> str:
+        # for translated errors we only return the message
+        if self.translated:
+            return t.cast(str, self.message)
+
+        # otherwise attach some stuff
+        location = f"line {self.lineno}"
+        name = self.filename or self.name
+        if name:
+            location = f'File "{name}", {location}'
+        lines = [t.cast(str, self.message), "  " + location]
+
+        # if the source is set, add the line to the output
+        if self.source is not None:
+            try:
+                line = self.source.splitlines()[self.lineno - 1]
+            except IndexError:
+                pass
+            else:
+                lines.append("    " + line.strip())
+
+        return "\n".join(lines)
+
+    def __reduce__(self):  # type: ignore
+        # https://bugs.python.org/issue1692335 Exceptions that take
+        # multiple required arguments have problems with pickling.
+        # Without this, raises TypeError: __init__() missing 1 required
+        # positional argument: 'lineno'
+        return self.__class__, (self.message, self.lineno, self.name, self.filename)
+
+
+class TemplateAssertionError(TemplateSyntaxError):
+    """Like a template syntax error, but covers cases where something in the
+    template caused an error at compile time that wasn't necessarily caused
+    by a syntax error.  However it's a direct subclass of
+    :exc:`TemplateSyntaxError` and has the same attributes.
+    """
+
+
+class TemplateRuntimeError(TemplateError):
+    """A generic runtime error in the template engine.  Under some situations
+    Jinja may raise this exception.
+    """
+
+
+class UndefinedError(TemplateRuntimeError):
+    """Raised if a template tries to operate on :class:`Undefined`."""
+
+
+class SecurityError(TemplateRuntimeError):
+    """Raised if a template tries to do something insecure if the
+    sandbox is enabled.
+    """
+
+
+class FilterArgumentError(TemplateRuntimeError):
+    """This error is raised if a filter was called with inappropriate
+    arguments
+    """
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/ext.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/ext.py
new file mode 100644
index 000000000..8d0810cd4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/ext.py
@@ -0,0 +1,870 @@
+"""Extension API for adding custom tags and behavior."""
+
+import pprint
+import re
+import typing as t
+
+from markupsafe import Markup
+
+from . import defaults
+from . import nodes
+from .environment import Environment
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .runtime import concat  # type: ignore
+from .runtime import Context
+from .runtime import Undefined
+from .utils import import_string
+from .utils import pass_context
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .lexer import Token
+    from .lexer import TokenStream
+    from .parser import Parser
+
+    class _TranslationsBasic(te.Protocol):
+        def gettext(self, message: str) -> str: ...
+
+        def ngettext(self, singular: str, plural: str, n: int) -> str:
+            pass
+
+    class _TranslationsContext(_TranslationsBasic):
+        def pgettext(self, context: str, message: str) -> str: ...
+
+        def npgettext(
+            self, context: str, singular: str, plural: str, n: int
+        ) -> str: ...
+
+    _SupportedTranslations = t.Union[_TranslationsBasic, _TranslationsContext]
+
+
+# I18N functions available in Jinja templates. If the I18N library
+# provides ugettext, it will be assigned to gettext.
+GETTEXT_FUNCTIONS: t.Tuple[str, ...] = (
+    "_",
+    "gettext",
+    "ngettext",
+    "pgettext",
+    "npgettext",
+)
+_ws_re = re.compile(r"\s*\n\s*")
+
+
+class Extension:
+    """Extensions can be used to add extra functionality to the Jinja template
+    system at the parser level.  Custom extensions are bound to an environment
+    but may not store environment specific data on `self`.  The reason for
+    this is that an extension can be bound to another environment (for
+    overlays) by creating a copy and reassigning the `environment` attribute.
+
+    As extensions are created by the environment they cannot accept any
+    arguments for configuration.  One may want to work around that by using
+    a factory function, but that is not possible as extensions are identified
+    by their import name.  The correct way to configure the extension is
+    storing the configuration values on the environment.  Because this way the
+    environment ends up acting as central configuration storage the
+    attributes may clash which is why extensions have to ensure that the names
+    they choose for configuration are not too generic.  ``prefix`` for example
+    is a terrible name, ``fragment_cache_prefix`` on the other hand is a good
+    name as includes the name of the extension (fragment cache).
+    """
+
+    identifier: t.ClassVar[str]
+
+    def __init_subclass__(cls) -> None:
+        cls.identifier = f"{cls.__module__}.{cls.__name__}"
+
+    #: if this extension parses this is the list of tags it's listening to.
+    tags: t.Set[str] = set()
+
+    #: the priority of that extension.  This is especially useful for
+    #: extensions that preprocess values.  A lower value means higher
+    #: priority.
+    #:
+    #: .. versionadded:: 2.4
+    priority = 100
+
+    def __init__(self, environment: Environment) -> None:
+        self.environment = environment
+
+    def bind(self, environment: Environment) -> "Extension":
+        """Create a copy of this extension bound to another environment."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.environment = environment
+        return rv
+
+    def preprocess(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str] = None
+    ) -> str:
+        """This method is called before the actual lexing and can be used to
+        preprocess the source.  The `filename` is optional.  The return value
+        must be the preprocessed source.
+        """
+        return source
+
+    def filter_stream(
+        self, stream: "TokenStream"
+    ) -> t.Union["TokenStream", t.Iterable["Token"]]:
+        """It's passed a :class:`~jinja2.lexer.TokenStream` that can be used
+        to filter tokens returned.  This method has to return an iterable of
+        :class:`~jinja2.lexer.Token`\\s, but it doesn't have to return a
+        :class:`~jinja2.lexer.TokenStream`.
+        """
+        return stream
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """If any of the :attr:`tags` matched this method is called with the
+        parser as first argument.  The token the parser stream is pointing at
+        is the name token that matched.  This method has to return one or a
+        list of multiple nodes.
+        """
+        raise NotImplementedError()
+
+    def attr(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> nodes.ExtensionAttribute:
+        """Return an attribute node for the current extension.  This is useful
+        to pass constants on extensions to generated template code.
+
+        ::
+
+            self.attr('_my_attribute', lineno=lineno)
+        """
+        return nodes.ExtensionAttribute(self.identifier, name, lineno=lineno)
+
+    def call_method(
+        self,
+        name: str,
+        args: t.Optional[t.List[nodes.Expr]] = None,
+        kwargs: t.Optional[t.List[nodes.Keyword]] = None,
+        dyn_args: t.Optional[nodes.Expr] = None,
+        dyn_kwargs: t.Optional[nodes.Expr] = None,
+        lineno: t.Optional[int] = None,
+    ) -> nodes.Call:
+        """Call a method of the extension.  This is a shortcut for
+        :meth:`attr` + :class:`jinja2.nodes.Call`.
+        """
+        if args is None:
+            args = []
+        if kwargs is None:
+            kwargs = []
+        return nodes.Call(
+            self.attr(name, lineno=lineno),
+            args,
+            kwargs,
+            dyn_args,
+            dyn_kwargs,
+            lineno=lineno,
+        )
+
+
+@pass_context
+def _gettext_alias(
+    __context: Context, *args: t.Any, **kwargs: t.Any
+) -> t.Union[t.Any, Undefined]:
+    return __context.call(__context.resolve("gettext"), *args, **kwargs)
+
+
+def _make_new_gettext(func: t.Callable[[str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def gettext(__context: Context, __string: str, **variables: t.Any) -> str:
+        rv = __context.call(func, __string)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, even if there are no
+        # variables. This makes translation strings more consistent
+        # and predictable. This requires escaping
+        return rv % variables  # type: ignore
+
+    return gettext
+
+
+def _make_new_ngettext(func: t.Callable[[str, str, int], str]) -> t.Callable[..., str]:
+    @pass_context
+    def ngettext(
+        __context: Context,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __singular, __plural, __num)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return ngettext
+
+
+def _make_new_pgettext(func: t.Callable[[str, str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def pgettext(
+        __context: Context, __string_ctx: str, __string: str, **variables: t.Any
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        rv = __context.call(func, __string_ctx, __string)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return pgettext
+
+
+def _make_new_npgettext(
+    func: t.Callable[[str, str, str, int], str],
+) -> t.Callable[..., str]:
+    @pass_context
+    def npgettext(
+        __context: Context,
+        __string_ctx: str,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __string_ctx, __singular, __plural, __num)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return npgettext
+
+
+class InternationalizationExtension(Extension):
+    """This extension adds gettext support to Jinja."""
+
+    tags = {"trans"}
+
+    # TODO: the i18n extension is currently reevaluating values in a few
+    # situations.  Take this example:
+    #   {% trans count=something() %}{{ count }} foo{% pluralize
+    #     %}{{ count }} fooss{% endtrans %}
+    # something is called twice here.  One time for the gettext value and
+    # the other time for the n-parameter of the ngettext function.
+
+    def __init__(self, environment: Environment) -> None:
+        super().__init__(environment)
+        environment.globals["_"] = _gettext_alias
+        environment.extend(
+            install_gettext_translations=self._install,
+            install_null_translations=self._install_null,
+            install_gettext_callables=self._install_callables,
+            uninstall_gettext_translations=self._uninstall,
+            extract_translations=self._extract,
+            newstyle_gettext=False,
+        )
+
+    def _install(
+        self, translations: "_SupportedTranslations", newstyle: t.Optional[bool] = None
+    ) -> None:
+        # ugettext and ungettext are preferred in case the I18N library
+        # is providing compatibility with older Python versions.
+        gettext = getattr(translations, "ugettext", None)
+        if gettext is None:
+            gettext = translations.gettext
+        ngettext = getattr(translations, "ungettext", None)
+        if ngettext is None:
+            ngettext = translations.ngettext
+
+        pgettext = getattr(translations, "pgettext", None)
+        npgettext = getattr(translations, "npgettext", None)
+        self._install_callables(
+            gettext, ngettext, newstyle=newstyle, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _install_null(self, newstyle: t.Optional[bool] = None) -> None:
+        import gettext
+
+        translations = gettext.NullTranslations()
+
+        if hasattr(translations, "pgettext"):
+            # Python < 3.8
+            pgettext = translations.pgettext
+        else:
+
+            def pgettext(c: str, s: str) -> str:  # type: ignore[misc]
+                return s
+
+        if hasattr(translations, "npgettext"):
+            npgettext = translations.npgettext
+        else:
+
+            def npgettext(c: str, s: str, p: str, n: int) -> str:  # type: ignore[misc]
+                return s if n == 1 else p
+
+        self._install_callables(
+            gettext=translations.gettext,
+            ngettext=translations.ngettext,
+            newstyle=newstyle,
+            pgettext=pgettext,
+            npgettext=npgettext,
+        )
+
+    def _install_callables(
+        self,
+        gettext: t.Callable[[str], str],
+        ngettext: t.Callable[[str, str, int], str],
+        newstyle: t.Optional[bool] = None,
+        pgettext: t.Optional[t.Callable[[str, str], str]] = None,
+        npgettext: t.Optional[t.Callable[[str, str, str, int], str]] = None,
+    ) -> None:
+        if newstyle is not None:
+            self.environment.newstyle_gettext = newstyle  # type: ignore
+        if self.environment.newstyle_gettext:  # type: ignore
+            gettext = _make_new_gettext(gettext)
+            ngettext = _make_new_ngettext(ngettext)
+
+            if pgettext is not None:
+                pgettext = _make_new_pgettext(pgettext)
+
+            if npgettext is not None:
+                npgettext = _make_new_npgettext(npgettext)
+
+        self.environment.globals.update(
+            gettext=gettext, ngettext=ngettext, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _uninstall(self, translations: "_SupportedTranslations") -> None:
+        for key in ("gettext", "ngettext", "pgettext", "npgettext"):
+            self.environment.globals.pop(key, None)
+
+    def _extract(
+        self,
+        source: t.Union[str, nodes.Template],
+        gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    ) -> t.Iterator[
+        t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+    ]:
+        if isinstance(source, str):
+            source = self.environment.parse(source)
+        return extract_from_ast(source, gettext_functions)
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a translatable tag."""
+        lineno = next(parser.stream).lineno
+
+        context = None
+        context_token = parser.stream.next_if("string")
+
+        if context_token is not None:
+            context = context_token.value
+
+        # find all the variables referenced.  Additionally a variable can be
+        # defined in the body of the trans block too, but this is checked at
+        # a later state.
+        plural_expr: t.Optional[nodes.Expr] = None
+        plural_expr_assignment: t.Optional[nodes.Assign] = None
+        num_called_num = False
+        variables: t.Dict[str, nodes.Expr] = {}
+        trimmed = None
+        while parser.stream.current.type != "block_end":
+            if variables:
+                parser.stream.expect("comma")
+
+            # skip colon for python compatibility
+            if parser.stream.skip_if("colon"):
+                break
+
+            token = parser.stream.expect("name")
+            if token.value in variables:
+                parser.fail(
+                    f"translatable variable {token.value!r} defined twice.",
+                    token.lineno,
+                    exc=TemplateAssertionError,
+                )
+
+            # expressions
+            if parser.stream.current.type == "assign":
+                next(parser.stream)
+                variables[token.value] = var = parser.parse_expression()
+            elif trimmed is None and token.value in ("trimmed", "notrimmed"):
+                trimmed = token.value == "trimmed"
+                continue
+            else:
+                variables[token.value] = var = nodes.Name(token.value, "load")
+
+            if plural_expr is None:
+                if isinstance(var, nodes.Call):
+                    plural_expr = nodes.Name("_trans", "load")
+                    variables[token.value] = plural_expr
+                    plural_expr_assignment = nodes.Assign(
+                        nodes.Name("_trans", "store"), var
+                    )
+                else:
+                    plural_expr = var
+                num_called_num = token.value == "num"
+
+        parser.stream.expect("block_end")
+
+        plural = None
+        have_plural = False
+        referenced = set()
+
+        # now parse until endtrans or pluralize
+        singular_names, singular = self._parse_block(parser, True)
+        if singular_names:
+            referenced.update(singular_names)
+            if plural_expr is None:
+                plural_expr = nodes.Name(singular_names[0], "load")
+                num_called_num = singular_names[0] == "num"
+
+        # if we have a pluralize block, we parse that too
+        if parser.stream.current.test("name:pluralize"):
+            have_plural = True
+            next(parser.stream)
+            if parser.stream.current.type != "block_end":
+                token = parser.stream.expect("name")
+                if token.value not in variables:
+                    parser.fail(
+                        f"unknown variable {token.value!r} for pluralization",
+                        token.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                plural_expr = variables[token.value]
+                num_called_num = token.value == "num"
+            parser.stream.expect("block_end")
+            plural_names, plural = self._parse_block(parser, False)
+            next(parser.stream)
+            referenced.update(plural_names)
+        else:
+            next(parser.stream)
+
+        # register free names as simple name expressions
+        for name in referenced:
+            if name not in variables:
+                variables[name] = nodes.Name(name, "load")
+
+        if not have_plural:
+            plural_expr = None
+        elif plural_expr is None:
+            parser.fail("pluralize without variables", lineno)
+
+        if trimmed is None:
+            trimmed = self.environment.policies["ext.i18n.trimmed"]
+        if trimmed:
+            singular = self._trim_whitespace(singular)
+            if plural:
+                plural = self._trim_whitespace(plural)
+
+        node = self._make_node(
+            singular,
+            plural,
+            context,
+            variables,
+            plural_expr,
+            bool(referenced),
+            num_called_num and have_plural,
+        )
+        node.set_lineno(lineno)
+        if plural_expr_assignment is not None:
+            return [plural_expr_assignment, node]
+        else:
+            return node
+
+    def _trim_whitespace(self, string: str, _ws_re: t.Pattern[str] = _ws_re) -> str:
+        return _ws_re.sub(" ", string.strip())
+
+    def _parse_block(
+        self, parser: "Parser", allow_pluralize: bool
+    ) -> t.Tuple[t.List[str], str]:
+        """Parse until the next block tag with a given name."""
+        referenced = []
+        buf = []
+
+        while True:
+            if parser.stream.current.type == "data":
+                buf.append(parser.stream.current.value.replace("%", "%%"))
+                next(parser.stream)
+            elif parser.stream.current.type == "variable_begin":
+                next(parser.stream)
+                name = parser.stream.expect("name").value
+                referenced.append(name)
+                buf.append(f"%({name})s")
+                parser.stream.expect("variable_end")
+            elif parser.stream.current.type == "block_begin":
+                next(parser.stream)
+                block_name = (
+                    parser.stream.current.value
+                    if parser.stream.current.type == "name"
+                    else None
+                )
+                if block_name == "endtrans":
+                    break
+                elif block_name == "pluralize":
+                    if allow_pluralize:
+                        break
+                    parser.fail(
+                        "a translatable section can have only one pluralize section"
+                    )
+                elif block_name == "trans":
+                    parser.fail(
+                        "trans blocks can't be nested; did you mean `endtrans`?"
+                    )
+                parser.fail(
+                    f"control structures in translatable sections are not allowed; "
+                    f"saw `{block_name}`"
+                )
+            elif parser.stream.eos:
+                parser.fail("unclosed translation block")
+            else:
+                raise RuntimeError("internal parser error")
+
+        return referenced, concat(buf)
+
+    def _make_node(
+        self,
+        singular: str,
+        plural: t.Optional[str],
+        context: t.Optional[str],
+        variables: t.Dict[str, nodes.Expr],
+        plural_expr: t.Optional[nodes.Expr],
+        vars_referenced: bool,
+        num_called_num: bool,
+    ) -> nodes.Output:
+        """Generates a useful node from the data provided."""
+        newstyle = self.environment.newstyle_gettext  # type: ignore
+        node: nodes.Expr
+
+        # no variables referenced?  no need to escape for old style
+        # gettext invocations only if there are vars.
+        if not vars_referenced and not newstyle:
+            singular = singular.replace("%%", "%")
+            if plural:
+                plural = plural.replace("%%", "%")
+
+        func_name = "gettext"
+        func_args: t.List[nodes.Expr] = [nodes.Const(singular)]
+
+        if context is not None:
+            func_args.insert(0, nodes.Const(context))
+            func_name = f"p{func_name}"
+
+        if plural_expr is not None:
+            func_name = f"n{func_name}"
+            func_args.extend((nodes.Const(plural), plural_expr))
+
+        node = nodes.Call(nodes.Name(func_name, "load"), func_args, [], None, None)
+
+        # in case newstyle gettext is used, the method is powerful
+        # enough to handle the variable expansion and autoescape
+        # handling itself
+        if newstyle:
+            for key, value in variables.items():
+                # the function adds that later anyways in case num was
+                # called num, so just skip it.
+                if num_called_num and key == "num":
+                    continue
+                node.kwargs.append(nodes.Keyword(key, value))
+
+        # otherwise do that here
+        else:
+            # mark the return value as safe if we are in an
+            # environment with autoescaping turned on
+            node = nodes.MarkSafeIfAutoescape(node)
+            if variables:
+                node = nodes.Mod(
+                    node,
+                    nodes.Dict(
+                        [
+                            nodes.Pair(nodes.Const(key), value)
+                            for key, value in variables.items()
+                        ]
+                    ),
+                )
+        return nodes.Output([node])
+
+
+class ExprStmtExtension(Extension):
+    """Adds a `do` tag to Jinja that works like the print statement just
+    that it doesn't print the return value.
+    """
+
+    tags = {"do"}
+
+    def parse(self, parser: "Parser") -> nodes.ExprStmt:
+        node = nodes.ExprStmt(lineno=next(parser.stream).lineno)
+        node.node = parser.parse_tuple()
+        return node
+
+
+class LoopControlExtension(Extension):
+    """Adds break and continue to the template engine."""
+
+    tags = {"break", "continue"}
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Break, nodes.Continue]:
+        token = next(parser.stream)
+        if token.value == "break":
+            return nodes.Break(lineno=token.lineno)
+        return nodes.Continue(lineno=token.lineno)
+
+
+class DebugExtension(Extension):
+    """A ``{% debug %}`` tag that dumps the available variables,
+    filters, and tests.
+
+    .. code-block:: html+jinja
+
+        <pre>{% debug %}</pre>
+
+    .. code-block:: text
+
+        {'context': {'cycler': <class 'jinja2.utils.Cycler'>,
+                     ...,
+                     'namespace': <class 'jinja2.utils.Namespace'>},
+         'filters': ['abs', 'attr', 'batch', 'capitalize', 'center', 'count', 'd',
+                     ..., 'urlencode', 'urlize', 'wordcount', 'wordwrap', 'xmlattr'],
+         'tests': ['!=', '<', '<=', '==', '>', '>=', 'callable', 'defined',
+                   ..., 'odd', 'sameas', 'sequence', 'string', 'undefined', 'upper']}
+
+    .. versionadded:: 2.11.0
+    """
+
+    tags = {"debug"}
+
+    def parse(self, parser: "Parser") -> nodes.Output:
+        lineno = parser.stream.expect("name:debug").lineno
+        context = nodes.ContextReference()
+        result = self.call_method("_render", [context], lineno=lineno)
+        return nodes.Output([result], lineno=lineno)
+
+    def _render(self, context: Context) -> str:
+        result = {
+            "context": context.get_all(),
+            "filters": sorted(self.environment.filters.keys()),
+            "tests": sorted(self.environment.tests.keys()),
+        }
+
+        # Set the depth since the intent is to show the top few names.
+        return pprint.pformat(result, depth=3, compact=True)
+
+
+def extract_from_ast(
+    ast: nodes.Template,
+    gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    babel_style: bool = True,
+) -> t.Iterator[
+    t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+]:
+    """Extract localizable strings from the given template node.  Per
+    default this function returns matches in babel style that means non string
+    parameters as well as keyword arguments are returned as `None`.  This
+    allows Babel to figure out what you really meant if you are using
+    gettext functions that allow keyword arguments for placeholder expansion.
+    If you don't want that behavior set the `babel_style` parameter to `False`
+    which causes only strings to be returned and parameters are always stored
+    in tuples.  As a consequence invalid gettext calls (calls without a single
+    string parameter or string parameters after non-string parameters) are
+    skipped.
+
+    This example explains the behavior:
+
+    >>> from jinja2 import Environment
+    >>> env = Environment()
+    >>> node = env.parse('{{ (_("foo"), _(), ngettext("foo", "bar", 42)) }}')
+    >>> list(extract_from_ast(node))
+    [(1, '_', 'foo'), (1, '_', ()), (1, 'ngettext', ('foo', 'bar', None))]
+    >>> list(extract_from_ast(node, babel_style=False))
+    [(1, '_', ('foo',)), (1, 'ngettext', ('foo', 'bar'))]
+
+    For every string found this function yields a ``(lineno, function,
+    message)`` tuple, where:
+
+    * ``lineno`` is the number of the line on which the string was found,
+    * ``function`` is the name of the ``gettext`` function used (if the
+      string was extracted from embedded Python code), and
+    *   ``message`` is the string, or a tuple of strings for functions
+         with multiple string arguments.
+
+    This extraction function operates on the AST and is because of that unable
+    to extract any comments.  For comment support you have to use the babel
+    extraction interface or extract comments yourself.
+    """
+    out: t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]
+
+    for node in ast.find_all(nodes.Call):
+        if (
+            not isinstance(node.node, nodes.Name)
+            or node.node.name not in gettext_functions
+        ):
+            continue
+
+        strings: t.List[t.Optional[str]] = []
+
+        for arg in node.args:
+            if isinstance(arg, nodes.Const) and isinstance(arg.value, str):
+                strings.append(arg.value)
+            else:
+                strings.append(None)
+
+        for _ in node.kwargs:
+            strings.append(None)
+        if node.dyn_args is not None:
+            strings.append(None)
+        if node.dyn_kwargs is not None:
+            strings.append(None)
+
+        if not babel_style:
+            out = tuple(x for x in strings if x is not None)
+
+            if not out:
+                continue
+        else:
+            if len(strings) == 1:
+                out = strings[0]
+            else:
+                out = tuple(strings)
+
+        yield node.lineno, node.node.name, out
+
+
+class _CommentFinder:
+    """Helper class to find comments in a token stream.  Can only
+    find comments for gettext calls forwards.  Once the comment
+    from line 4 is found, a comment for line 1 will not return a
+    usable value.
+    """
+
+    def __init__(
+        self, tokens: t.Sequence[t.Tuple[int, str, str]], comment_tags: t.Sequence[str]
+    ) -> None:
+        self.tokens = tokens
+        self.comment_tags = comment_tags
+        self.offset = 0
+        self.last_lineno = 0
+
+    def find_backwards(self, offset: int) -> t.List[str]:
+        try:
+            for _, token_type, token_value in reversed(
+                self.tokens[self.offset : offset]
+            ):
+                if token_type in ("comment", "linecomment"):
+                    try:
+                        prefix, comment = token_value.split(None, 1)
+                    except ValueError:
+                        continue
+                    if prefix in self.comment_tags:
+                        return [comment.rstrip()]
+            return []
+        finally:
+            self.offset = offset
+
+    def find_comments(self, lineno: int) -> t.List[str]:
+        if not self.comment_tags or self.last_lineno > lineno:
+            return []
+        for idx, (token_lineno, _, _) in enumerate(self.tokens[self.offset :]):
+            if token_lineno > lineno:
+                return self.find_backwards(self.offset + idx)
+        return self.find_backwards(len(self.tokens))
+
+
+def babel_extract(
+    fileobj: t.BinaryIO,
+    keywords: t.Sequence[str],
+    comment_tags: t.Sequence[str],
+    options: t.Dict[str, t.Any],
+) -> t.Iterator[
+    t.Tuple[
+        int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]], t.List[str]
+    ]
+]:
+    """Babel extraction method for Jinja templates.
+
+    .. versionchanged:: 2.3
+       Basic support for translation comments was added.  If `comment_tags`
+       is now set to a list of keywords for extraction, the extractor will
+       try to find the best preceding comment that begins with one of the
+       keywords.  For best results, make sure to not have more than one
+       gettext call in one line of code and the matching comment in the
+       same line or the line before.
+
+    .. versionchanged:: 2.5.1
+       The `newstyle_gettext` flag can be set to `True` to enable newstyle
+       gettext calls.
+
+    .. versionchanged:: 2.7
+       A `silent` option can now be provided.  If set to `False` template
+       syntax errors are propagated instead of being ignored.
+
+    :param fileobj: the file-like object the messages should be extracted from
+    :param keywords: a list of keywords (i.e. function names) that should be
+                     recognized as translation functions
+    :param comment_tags: a list of translator tags to search for and include
+                         in the results.
+    :param options: a dictionary of additional options (optional)
+    :return: an iterator over ``(lineno, funcname, message, comments)`` tuples.
+             (comments will be empty currently)
+    """
+    extensions: t.Dict[t.Type[Extension], None] = {}
+
+    for extension_name in options.get("extensions", "").split(","):
+        extension_name = extension_name.strip()
+
+        if not extension_name:
+            continue
+
+        extensions[import_string(extension_name)] = None
+
+    if InternationalizationExtension not in extensions:
+        extensions[InternationalizationExtension] = None
+
+    def getbool(options: t.Mapping[str, str], key: str, default: bool = False) -> bool:
+        return options.get(key, str(default)).lower() in {"1", "on", "yes", "true"}
+
+    silent = getbool(options, "silent", True)
+    environment = Environment(
+        options.get("block_start_string", defaults.BLOCK_START_STRING),
+        options.get("block_end_string", defaults.BLOCK_END_STRING),
+        options.get("variable_start_string", defaults.VARIABLE_START_STRING),
+        options.get("variable_end_string", defaults.VARIABLE_END_STRING),
+        options.get("comment_start_string", defaults.COMMENT_START_STRING),
+        options.get("comment_end_string", defaults.COMMENT_END_STRING),
+        options.get("line_statement_prefix") or defaults.LINE_STATEMENT_PREFIX,
+        options.get("line_comment_prefix") or defaults.LINE_COMMENT_PREFIX,
+        getbool(options, "trim_blocks", defaults.TRIM_BLOCKS),
+        getbool(options, "lstrip_blocks", defaults.LSTRIP_BLOCKS),
+        defaults.NEWLINE_SEQUENCE,
+        getbool(options, "keep_trailing_newline", defaults.KEEP_TRAILING_NEWLINE),
+        tuple(extensions),
+        cache_size=0,
+        auto_reload=False,
+    )
+
+    if getbool(options, "trimmed"):
+        environment.policies["ext.i18n.trimmed"] = True
+    if getbool(options, "newstyle_gettext"):
+        environment.newstyle_gettext = True  # type: ignore
+
+    source = fileobj.read().decode(options.get("encoding", "utf-8"))
+    try:
+        node = environment.parse(source)
+        tokens = list(environment.lex(environment.preprocess(source)))
+    except TemplateSyntaxError:
+        if not silent:
+            raise
+        # skip templates with syntax errors
+        return
+
+    finder = _CommentFinder(tokens, comment_tags)
+    for lineno, func, message in extract_from_ast(node, keywords):
+        yield lineno, func, message, finder.find_comments(lineno)
+
+
+#: nicer import names
+i18n = InternationalizationExtension
+do = ExprStmtExtension
+loopcontrols = LoopControlExtension
+debug = DebugExtension
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/filters.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/filters.py
new file mode 100644
index 000000000..acd11976e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/filters.py
@@ -0,0 +1,1866 @@
+"""Built-in template filters used with the ``|`` operator."""
+
+import math
+import random
+import re
+import typing
+import typing as t
+from collections import abc
+from itertools import chain
+from itertools import groupby
+
+from markupsafe import escape
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import async_variant
+from .async_utils import auto_aiter
+from .async_utils import auto_await
+from .async_utils import auto_to_list
+from .exceptions import FilterArgumentError
+from .runtime import Undefined
+from .utils import htmlsafe_json_dumps
+from .utils import pass_context
+from .utils import pass_environment
+from .utils import pass_eval_context
+from .utils import pformat
+from .utils import url_quote
+from .utils import urlize
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+    from .nodes import EvalContext
+    from .runtime import Context
+    from .sandbox import SandboxedEnvironment  # noqa: F401
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+K = t.TypeVar("K")
+V = t.TypeVar("V")
+
+
+def ignore_case(value: V) -> V:
+    """For use as a postprocessor for :func:`make_attrgetter`. Converts strings
+    to lowercase and returns other types as-is."""
+    if isinstance(value, str):
+        return t.cast(V, value.lower())
+
+    return value
+
+
+def make_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+    default: t.Optional[t.Any] = None,
+) -> t.Callable[[t.Any], t.Any]:
+    """Returns a callable that looks up the given attribute from a
+    passed object with the rules of the environment.  Dots are allowed
+    to access attributes of attributes.  Integer parts in paths are
+    looked up as integers.
+    """
+    parts = _prepare_attribute_parts(attribute)
+
+    def attrgetter(item: t.Any) -> t.Any:
+        for part in parts:
+            item = environment.getitem(item, part)
+
+            if default is not None and isinstance(item, Undefined):
+                item = default
+
+        if postprocess is not None:
+            item = postprocess(item)
+
+        return item
+
+    return attrgetter
+
+
+def make_multi_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+) -> t.Callable[[t.Any], t.List[t.Any]]:
+    """Returns a callable that looks up the given comma separated
+    attributes from a passed object with the rules of the environment.
+    Dots are allowed to access attributes of each attribute.  Integer
+    parts in paths are looked up as integers.
+
+    The value returned by the returned callable is a list of extracted
+    attribute values.
+
+    Examples of attribute: "attr1,attr2", "attr1.inner1.0,attr2.inner2.0", etc.
+    """
+    if isinstance(attribute, str):
+        split: t.Sequence[t.Union[str, int, None]] = attribute.split(",")
+    else:
+        split = [attribute]
+
+    parts = [_prepare_attribute_parts(item) for item in split]
+
+    def attrgetter(item: t.Any) -> t.List[t.Any]:
+        items = [None] * len(parts)
+
+        for i, attribute_part in enumerate(parts):
+            item_i = item
+
+            for part in attribute_part:
+                item_i = environment.getitem(item_i, part)
+
+            if postprocess is not None:
+                item_i = postprocess(item_i)
+
+            items[i] = item_i
+
+        return items
+
+    return attrgetter
+
+
+def _prepare_attribute_parts(
+    attr: t.Optional[t.Union[str, int]],
+) -> t.List[t.Union[str, int]]:
+    if attr is None:
+        return []
+
+    if isinstance(attr, str):
+        return [int(x) if x.isdigit() else x for x in attr.split(".")]
+
+    return [attr]
+
+
+def do_forceescape(value: "t.Union[str, HasHTML]") -> Markup:
+    """Enforce HTML escaping.  This will probably double escape variables."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return escape(str(value))
+
+
+def do_urlencode(
+    value: t.Union[str, t.Mapping[str, t.Any], t.Iterable[t.Tuple[str, t.Any]]],
+) -> str:
+    """Quote data for use in a URL path or query using UTF-8.
+
+    Basic wrapper around :func:`urllib.parse.quote` when given a
+    string, or :func:`urllib.parse.urlencode` for a dict or iterable.
+
+    :param value: Data to quote. A string will be quoted directly. A
+        dict or iterable of ``(key, value)`` pairs will be joined as a
+        query string.
+
+    When given a string, "/" is not quoted. HTTP servers treat "/" and
+    "%2F" equivalently in paths. If you need quoted slashes, use the
+    ``|replace("/", "%2F")`` filter.
+
+    .. versionadded:: 2.7
+    """
+    if isinstance(value, str) or not isinstance(value, abc.Iterable):
+        return url_quote(value)
+
+    if isinstance(value, dict):
+        items: t.Iterable[t.Tuple[str, t.Any]] = value.items()
+    else:
+        items = value  # type: ignore
+
+    return "&".join(
+        f"{url_quote(k, for_qs=True)}={url_quote(v, for_qs=True)}" for k, v in items
+    )
+
+
+@pass_eval_context
+def do_replace(
+    eval_ctx: "EvalContext", s: str, old: str, new: str, count: t.Optional[int] = None
+) -> str:
+    """Return a copy of the value with all occurrences of a substring
+    replaced with a new one. The first argument is the substring
+    that should be replaced, the second is the replacement string.
+    If the optional third argument ``count`` is given, only the first
+    ``count`` occurrences are replaced:
+
+    .. sourcecode:: jinja
+
+        {{ "Hello World"|replace("Hello", "Goodbye") }}
+            -> Goodbye World
+
+        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
+            -> d'oh, d'oh, aaargh
+    """
+    if count is None:
+        count = -1
+
+    if not eval_ctx.autoescape:
+        return str(s).replace(str(old), str(new), count)
+
+    if (
+        hasattr(old, "__html__")
+        or hasattr(new, "__html__")
+        and not hasattr(s, "__html__")
+    ):
+        s = escape(s)
+    else:
+        s = soft_str(s)
+
+    return s.replace(soft_str(old), soft_str(new), count)
+
+
+def do_upper(s: str) -> str:
+    """Convert a value to uppercase."""
+    return soft_str(s).upper()
+
+
+def do_lower(s: str) -> str:
+    """Convert a value to lowercase."""
+    return soft_str(s).lower()
+
+
+def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K, V]]:
+    """Return an iterator over the ``(key, value)`` items of a mapping.
+
+    ``x|items`` is the same as ``x.items()``, except if ``x`` is
+    undefined an empty iterator is returned.
+
+    This filter is useful if you expect the template to be rendered with
+    an implementation of Jinja in another programming language that does
+    not have a ``.items()`` method on its mapping type.
+
+    .. code-block:: html+jinja
+
+        <dl>
+        {% for key, value in my_dict|items %}
+            <dt>{{ key }}
+            <dd>{{ value }}
+        {% endfor %}
+        </dl>
+
+    .. versionadded:: 3.1
+    """
+    if isinstance(value, Undefined):
+        return
+
+    if not isinstance(value, abc.Mapping):
+        raise TypeError("Can only get item pairs from a mapping.")
+
+    yield from value.items()
+
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+
+
+@pass_eval_context
+def do_xmlattr(
+    eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
+) -> str:
+    """Create an SGML/XML attribute string based on the items in a dict.
+
+    **Values** that are neither ``none`` nor ``undefined`` are automatically
+    escaped, safely allowing untrusted user input.
+
+    User input should not be used as **keys** to this filter. If any key
+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+    sign, this fails with a ``ValueError``. Regardless of this, user input
+    should never be used as keys to this filter, or must be separately validated
+    first.
+
+    .. sourcecode:: html+jinja
+
+        <ul{{ {'class': 'my_list', 'missing': none,
+                'id': 'list-%d'|format(variable)}|xmlattr }}>
+        ...
+        </ul>
+
+    Results in something like this:
+
+    .. sourcecode:: html
+
+        <ul class="my_list" id="list-42">
+        ...
+        </ul>
+
+    As you can see it automatically prepends a space in front of the item
+    if the filter returned something unless the second parameter is false.
+
+    .. versionchanged:: 3.1.4
+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+        are not allowed.
+
+    .. versionchanged:: 3.1.3
+        Keys with spaces are not allowed.
+    """
+    items = []
+
+    for key, value in d.items():
+        if value is None or isinstance(value, Undefined):
+            continue
+
+        if _attr_key_re.search(key) is not None:
+            raise ValueError(f"Invalid character in attribute name: {key!r}")
+
+        items.append(f'{escape(key)}="{escape(value)}"')
+
+    rv = " ".join(items)
+
+    if autospace and rv:
+        rv = " " + rv
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_capitalize(s: str) -> str:
+    """Capitalize a value. The first character will be uppercase, all others
+    lowercase.
+    """
+    return soft_str(s).capitalize()
+
+
+_word_beginning_split_re = re.compile(r"([-\s({\[<]+)")
+
+
+def do_title(s: str) -> str:
+    """Return a titlecased version of the value. I.e. words will start with
+    uppercase letters, all remaining characters are lowercase.
+    """
+    return "".join(
+        [
+            item[0].upper() + item[1:].lower()
+            for item in _word_beginning_split_re.split(soft_str(s))
+            if item
+        ]
+    )
+
+
+def do_dictsort(
+    value: t.Mapping[K, V],
+    case_sensitive: bool = False,
+    by: 'te.Literal["key", "value"]' = "key",
+    reverse: bool = False,
+) -> t.List[t.Tuple[K, V]]:
+    """Sort a dict and yield (key, value) pairs. Python dicts may not
+    be in the order you want to display them in, so sort them first.
+
+    .. sourcecode:: jinja
+
+        {% for key, value in mydict|dictsort %}
+            sort the dict by key, case insensitive
+
+        {% for key, value in mydict|dictsort(reverse=true) %}
+            sort the dict by key, case insensitive, reverse order
+
+        {% for key, value in mydict|dictsort(true) %}
+            sort the dict by key, case sensitive
+
+        {% for key, value in mydict|dictsort(false, 'value') %}
+            sort the dict by value, case insensitive
+    """
+    if by == "key":
+        pos = 0
+    elif by == "value":
+        pos = 1
+    else:
+        raise FilterArgumentError('You can only sort by either "key" or "value"')
+
+    def sort_func(item: t.Tuple[t.Any, t.Any]) -> t.Any:
+        value = item[pos]
+
+        if not case_sensitive:
+            value = ignore_case(value)
+
+        return value
+
+    return sorted(value.items(), key=sort_func, reverse=reverse)
+
+
+@pass_environment
+def do_sort(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    reverse: bool = False,
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.List[V]":
+    """Sort an iterable using Python's :func:`sorted`.
+
+    .. sourcecode:: jinja
+
+        {% for city in cities|sort %}
+            ...
+        {% endfor %}
+
+    :param reverse: Sort descending instead of ascending.
+    :param case_sensitive: When sorting strings, sort upper and lower
+        case separately.
+    :param attribute: When sorting objects or dicts, an attribute or
+        key to sort by. Can use dot notation like ``"address.city"``.
+        Can be a list of attributes like ``"age,name"``.
+
+    The sort is stable, it does not change the relative order of
+    elements that compare equal. This makes it is possible to chain
+    sorts on different attributes and ordering.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="name")
+            |sort(reverse=true, attribute="age") %}
+            ...
+        {% endfor %}
+
+    As a shortcut to chaining when the direction is the same for all
+    attributes, pass a comma separate list of attributes.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="age,name") %}
+            ...
+        {% endfor %}
+
+    .. versionchanged:: 2.11.0
+        The ``attribute`` parameter can be a comma separated list of
+        attributes, e.g. ``"age,name"``.
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added.
+    """
+    key_func = make_multi_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return sorted(value, key=key_func, reverse=reverse)
+
+
+@pass_environment
+def do_unique(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Iterator[V]":
+    """Returns a list of unique items from the given iterable.
+
+    .. sourcecode:: jinja
+
+        {{ ['foo', 'bar', 'foobar', 'FooBar']|unique|list }}
+            -> ['foo', 'bar', 'foobar']
+
+    The unique items are yielded in the same order as their first occurrence in
+    the iterable passed to the filter.
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Filter objects with unique values for this attribute.
+    """
+    getter = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    seen = set()
+
+    for item in value:
+        key = getter(item)
+
+        if key not in seen:
+            seen.add(key)
+            yield item
+
+
+def _min_or_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    func: "t.Callable[..., V]",
+    case_sensitive: bool,
+    attribute: t.Optional[t.Union[str, int]],
+) -> "t.Union[V, Undefined]":
+    it = iter(value)
+
+    try:
+        first = next(it)
+    except StopIteration:
+        return environment.undefined("No aggregated item, sequence was empty.")
+
+    key_func = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return func(chain([first], it), key=key_func)
+
+
+@pass_environment
+def do_min(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the smallest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|min }}
+            -> 1
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the min value of this attribute.
+    """
+    return _min_or_max(environment, value, min, case_sensitive, attribute)
+
+
+@pass_environment
+def do_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the largest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|max }}
+            -> 3
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the max value of this attribute.
+    """
+    return _min_or_max(environment, value, max, case_sensitive, attribute)
+
+
+def do_default(
+    value: V,
+    default_value: V = "",  # type: ignore
+    boolean: bool = False,
+) -> V:
+    """If the value is undefined it will return the passed default value,
+    otherwise the value of the variable:
+
+    .. sourcecode:: jinja
+
+        {{ my_variable|default('my_variable is not defined') }}
+
+    This will output the value of ``my_variable`` if the variable was
+    defined, otherwise ``'my_variable is not defined'``. If you want
+    to use default with variables that evaluate to false you have to
+    set the second parameter to `true`:
+
+    .. sourcecode:: jinja
+
+        {{ ''|default('the string was empty', true) }}
+
+    .. versionchanged:: 2.11
+       It's now possible to configure the :class:`~jinja2.Environment` with
+       :class:`~jinja2.ChainableUndefined` to make the `default` filter work
+       on nested elements and attributes that may contain undefined values
+       in the chain without getting an :exc:`~jinja2.UndefinedError`.
+    """
+    if isinstance(value, Undefined) or (boolean and not value):
+        return default_value
+
+    return value
+
+
+@pass_eval_context
+def sync_do_join(
+    eval_ctx: "EvalContext",
+    value: t.Iterable[t.Any],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    """Return a string which is the concatenation of the strings in the
+    sequence. The separator between elements is an empty string per
+    default, you can define it with the optional parameter:
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|join('|') }}
+            -> 1|2|3
+
+        {{ [1, 2, 3]|join }}
+            -> 123
+
+    It is also possible to join certain attributes of an object:
+
+    .. sourcecode:: jinja
+
+        {{ users|join(', ', attribute='username') }}
+
+    .. versionadded:: 2.6
+       The `attribute` parameter was added.
+    """
+    if attribute is not None:
+        value = map(make_attrgetter(eval_ctx.environment, attribute), value)
+
+    # no automatic escaping?  joining is a lot easier then
+    if not eval_ctx.autoescape:
+        return str(d).join(map(str, value))
+
+    # if the delimiter doesn't have an html representation we check
+    # if any of the items has.  If yes we do a coercion to Markup
+    if not hasattr(d, "__html__"):
+        value = list(value)
+        do_escape = False
+
+        for idx, item in enumerate(value):
+            if hasattr(item, "__html__"):
+                do_escape = True
+            else:
+                value[idx] = str(item)
+
+        if do_escape:
+            d = escape(d)
+        else:
+            d = str(d)
+
+        return d.join(value)
+
+    # no html involved, to normal joining
+    return soft_str(d).join(map(soft_str, value))
+
+
+@async_variant(sync_do_join)  # type: ignore
+async def do_join(
+    eval_ctx: "EvalContext",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    return sync_do_join(eval_ctx, await auto_to_list(value), d, attribute)
+
+
+def do_center(value: str, width: int = 80) -> str:
+    """Centers the value in a field of a given width."""
+    return soft_str(value).center(width)
+
+
+@pass_environment
+def sync_do_first(
+    environment: "Environment", seq: "t.Iterable[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the first item of a sequence."""
+    try:
+        return next(iter(seq))
+    except StopIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@async_variant(sync_do_first)  # type: ignore
+async def do_first(
+    environment: "Environment", seq: "t.Union[t.AsyncIterable[V], t.Iterable[V]]"
+) -> "t.Union[V, Undefined]":
+    try:
+        return await auto_aiter(seq).__anext__()
+    except StopAsyncIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@pass_environment
+def do_last(
+    environment: "Environment", seq: "t.Reversible[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the last item of a sequence.
+
+    Note: Does not work with generators. You may want to explicitly
+    convert it to a list:
+
+    .. sourcecode:: jinja
+
+        {{ data | selectattr('name', '==', 'Jinja') | list | last }}
+    """
+    try:
+        return next(iter(reversed(seq)))
+    except StopIteration:
+        return environment.undefined("No last item, sequence was empty.")
+
+
+# No async do_last, it may not be safe in async mode.
+
+
+@pass_context
+def do_random(context: "Context", seq: "t.Sequence[V]") -> "t.Union[V, Undefined]":
+    """Return a random item from the sequence."""
+    try:
+        return random.choice(seq)
+    except IndexError:
+        return context.environment.undefined("No random item, sequence was empty.")
+
+
+def do_filesizeformat(value: t.Union[str, float, int], binary: bool = False) -> str:
+    """Format the value like a 'human-readable' file size (i.e. 13 kB,
+    4.1 MB, 102 Bytes, etc).  Per default decimal prefixes are used (Mega,
+    Giga, etc.), if the second parameter is set to `True` the binary
+    prefixes are used (Mebi, Gibi).
+    """
+    bytes = float(value)
+    base = 1024 if binary else 1000
+    prefixes = [
+        ("KiB" if binary else "kB"),
+        ("MiB" if binary else "MB"),
+        ("GiB" if binary else "GB"),
+        ("TiB" if binary else "TB"),
+        ("PiB" if binary else "PB"),
+        ("EiB" if binary else "EB"),
+        ("ZiB" if binary else "ZB"),
+        ("YiB" if binary else "YB"),
+    ]
+
+    if bytes == 1:
+        return "1 Byte"
+    elif bytes < base:
+        return f"{int(bytes)} Bytes"
+    else:
+        for i, prefix in enumerate(prefixes):
+            unit = base ** (i + 2)
+
+            if bytes < unit:
+                return f"{base * bytes / unit:.1f} {prefix}"
+
+        return f"{base * bytes / unit:.1f} {prefix}"
+
+
+def do_pprint(value: t.Any) -> str:
+    """Pretty print a variable. Useful for debugging."""
+    return pformat(value)
+
+
+_uri_scheme_re = re.compile(r"^([\w.+-]{2,}:(/){0,2})$")
+
+
+@pass_eval_context
+def do_urlize(
+    eval_ctx: "EvalContext",
+    value: str,
+    trim_url_limit: t.Optional[int] = None,
+    nofollow: bool = False,
+    target: t.Optional[str] = None,
+    rel: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param value: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param nofollow: Add the ``rel=nofollow`` attribute to links.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior. Defaults to
+        ``env.policies["urlize.extra_schemes"]``, which defaults to no
+        extra schemes.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+
+    .. versionchanged:: 2.8
+       The ``target`` parameter was added.
+    """
+    policies = eval_ctx.environment.policies
+    rel_parts = set((rel or "").split())
+
+    if nofollow:
+        rel_parts.add("nofollow")
+
+    rel_parts.update((policies["urlize.rel"] or "").split())
+    rel = " ".join(sorted(rel_parts)) or None
+
+    if target is None:
+        target = policies["urlize.target"]
+
+    if extra_schemes is None:
+        extra_schemes = policies["urlize.extra_schemes"] or ()
+
+    for scheme in extra_schemes:
+        if _uri_scheme_re.fullmatch(scheme) is None:
+            raise FilterArgumentError(f"{scheme!r} is not a valid URI scheme prefix.")
+
+    rv = urlize(
+        value,
+        trim_url_limit=trim_url_limit,
+        rel=rel,
+        target=target,
+        extra_schemes=extra_schemes,
+    )
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_indent(
+    s: str, width: t.Union[int, str] = 4, first: bool = False, blank: bool = False
+) -> str:
+    """Return a copy of the string with each line indented by 4 spaces. The
+    first line and blank lines are not indented by default.
+
+    :param width: Number of spaces, or a string, to indent by.
+    :param first: Don't skip indenting the first line.
+    :param blank: Don't skip indenting empty lines.
+
+    .. versionchanged:: 3.0
+        ``width`` can be a string.
+
+    .. versionchanged:: 2.10
+        Blank lines are not indented by default.
+
+        Rename the ``indentfirst`` argument to ``first``.
+    """
+    if isinstance(width, str):
+        indention = width
+    else:
+        indention = " " * width
+
+    newline = "\n"
+
+    if isinstance(s, Markup):
+        indention = Markup(indention)
+        newline = Markup(newline)
+
+    s += newline  # this quirk is necessary for splitlines method
+
+    if blank:
+        rv = (newline + indention).join(s.splitlines())
+    else:
+        lines = s.splitlines()
+        rv = lines.pop(0)
+
+        if lines:
+            rv += newline + newline.join(
+                indention + line if line else line for line in lines
+            )
+
+    if first:
+        rv = indention + rv
+
+    return rv
+
+
+@pass_environment
+def do_truncate(
+    env: "Environment",
+    s: str,
+    length: int = 255,
+    killwords: bool = False,
+    end: str = "...",
+    leeway: t.Optional[int] = None,
+) -> str:
+    """Return a truncated copy of the string. The length is specified
+    with the first parameter which defaults to ``255``. If the second
+    parameter is ``true`` the filter will cut the text at length. Otherwise
+    it will discard the last word. If the text was in fact
+    truncated it will append an ellipsis sign (``"..."``). If you want a
+    different ellipsis sign than ``"..."`` you can specify it using the
+    third parameter. Strings that only exceed the length by the tolerance
+    margin given in the fourth parameter will not be truncated.
+
+    .. sourcecode:: jinja
+
+        {{ "foo bar baz qux"|truncate(9) }}
+            -> "foo..."
+        {{ "foo bar baz qux"|truncate(9, True) }}
+            -> "foo ba..."
+        {{ "foo bar baz qux"|truncate(11) }}
+            -> "foo bar baz qux"
+        {{ "foo bar baz qux"|truncate(11, False, '...', 0) }}
+            -> "foo bar..."
+
+    The default leeway on newer Jinja versions is 5 and was 0 before but
+    can be reconfigured globally.
+    """
+    if leeway is None:
+        leeway = env.policies["truncate.leeway"]
+
+    assert length >= len(end), f"expected length >= {len(end)}, got {length}"
+    assert leeway >= 0, f"expected leeway >= 0, got {leeway}"
+
+    if len(s) <= length + leeway:
+        return s
+
+    if killwords:
+        return s[: length - len(end)] + end
+
+    result = s[: length - len(end)].rsplit(" ", 1)[0]
+    return result + end
+
+
+@pass_environment
+def do_wordwrap(
+    environment: "Environment",
+    s: str,
+    width: int = 79,
+    break_long_words: bool = True,
+    wrapstring: t.Optional[str] = None,
+    break_on_hyphens: bool = True,
+) -> str:
+    """Wrap a string to the given width. Existing newlines are treated
+    as paragraphs to be wrapped separately.
+
+    :param s: Original text to wrap.
+    :param width: Maximum length of wrapped lines.
+    :param break_long_words: If a word is longer than ``width``, break
+        it across lines.
+    :param break_on_hyphens: If a word contains hyphens, it may be split
+        across lines.
+    :param wrapstring: String to join each wrapped line. Defaults to
+        :attr:`Environment.newline_sequence`.
+
+    .. versionchanged:: 2.11
+        Existing newlines are treated as paragraphs wrapped separately.
+
+    .. versionchanged:: 2.11
+        Added the ``break_on_hyphens`` parameter.
+
+    .. versionchanged:: 2.7
+        Added the ``wrapstring`` parameter.
+    """
+    import textwrap
+
+    if wrapstring is None:
+        wrapstring = environment.newline_sequence
+
+    # textwrap.wrap doesn't consider existing newlines when wrapping.
+    # If the string has a newline before width, wrap will still insert
+    # a newline at width, resulting in a short line. Instead, split and
+    # wrap each paragraph individually.
+    return wrapstring.join(
+        [
+            wrapstring.join(
+                textwrap.wrap(
+                    line,
+                    width=width,
+                    expand_tabs=False,
+                    replace_whitespace=False,
+                    break_long_words=break_long_words,
+                    break_on_hyphens=break_on_hyphens,
+                )
+            )
+            for line in s.splitlines()
+        ]
+    )
+
+
+_word_re = re.compile(r"\w+")
+
+
+def do_wordcount(s: str) -> int:
+    """Count the words in that string."""
+    return len(_word_re.findall(soft_str(s)))
+
+
+def do_int(value: t.Any, default: int = 0, base: int = 10) -> int:
+    """Convert the value into an integer. If the
+    conversion doesn't work it will return ``0``. You can
+    override this default using the first parameter. You
+    can also override the default base (10) in the second
+    parameter, which handles input with prefixes such as
+    0b, 0o and 0x for bases 2, 8 and 16 respectively.
+    The base is ignored for decimal numbers and non-string values.
+    """
+    try:
+        if isinstance(value, str):
+            return int(value, base)
+
+        return int(value)
+    except (TypeError, ValueError):
+        # this quirk is necessary so that "42.23"|int gives 42.
+        try:
+            return int(float(value))
+        except (TypeError, ValueError):
+            return default
+
+
+def do_float(value: t.Any, default: float = 0.0) -> float:
+    """Convert the value into a floating point number. If the
+    conversion doesn't work it will return ``0.0``. You can
+    override this default using the first parameter.
+    """
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def do_format(value: str, *args: t.Any, **kwargs: t.Any) -> str:
+    """Apply the given values to a `printf-style`_ format string, like
+    ``string % values``.
+
+    .. sourcecode:: jinja
+
+        {{ "%s, %s!"|format(greeting, name) }}
+        Hello, World!
+
+    In most cases it should be more convenient and efficient to use the
+    ``%`` operator or :meth:`str.format`.
+
+    .. code-block:: text
+
+        {{ "%s, %s!" % (greeting, name) }}
+        {{ "{}, {}!".format(greeting, name) }}
+
+    .. _printf-style: https://docs.python.org/library/stdtypes.html
+        #printf-style-string-formatting
+    """
+    if args and kwargs:
+        raise FilterArgumentError(
+            "can't handle positional and keyword arguments at the same time"
+        )
+
+    return soft_str(value) % (kwargs or args)
+
+
+def do_trim(value: str, chars: t.Optional[str] = None) -> str:
+    """Strip leading and trailing characters, by default whitespace."""
+    return soft_str(value).strip(chars)
+
+
+def do_striptags(value: "t.Union[str, HasHTML]") -> str:
+    """Strip SGML/XML tags and replace adjacent whitespace by one space."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return Markup(str(value)).striptags()
+
+
+def sync_do_slice(
+    value: "t.Collection[V]", slices: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """Slice an iterator and return a list of lists containing
+    those items. Useful if you want to create a div containing
+    three ul tags that represent columns:
+
+    .. sourcecode:: html+jinja
+
+        <div class="columnwrapper">
+          {%- for column in items|slice(3) %}
+            <ul class="column-{{ loop.index }}">
+            {%- for item in column %}
+              <li>{{ item }}</li>
+            {%- endfor %}
+            </ul>
+          {%- endfor %}
+        </div>
+
+    If you pass it a second argument it's used to fill missing
+    values on the last iteration.
+    """
+    seq = list(value)
+    length = len(seq)
+    items_per_slice = length // slices
+    slices_with_extra = length % slices
+    offset = 0
+
+    for slice_number in range(slices):
+        start = offset + slice_number * items_per_slice
+
+        if slice_number < slices_with_extra:
+            offset += 1
+
+        end = offset + (slice_number + 1) * items_per_slice
+        tmp = seq[start:end]
+
+        if fill_with is not None and slice_number >= slices_with_extra:
+            tmp.append(fill_with)
+
+        yield tmp
+
+
+@async_variant(sync_do_slice)  # type: ignore
+async def do_slice(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    slices: int,
+    fill_with: t.Optional[t.Any] = None,
+) -> "t.Iterator[t.List[V]]":
+    return sync_do_slice(await auto_to_list(value), slices, fill_with)
+
+
+def do_batch(
+    value: "t.Iterable[V]", linecount: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """
+    A filter that batches items. It works pretty much like `slice`
+    just the other way round. It returns a list of lists with the
+    given number of items. If you provide a second parameter this
+    is used to fill up missing items. See this example:
+
+    .. sourcecode:: html+jinja
+
+        <table>
+        {%- for row in items|batch(3, '&nbsp;') %}
+          <tr>
+          {%- for column in row %}
+            <td>{{ column }}</td>
+          {%- endfor %}
+          </tr>
+        {%- endfor %}
+        </table>
+    """
+    tmp: "t.List[V]" = []
+
+    for item in value:
+        if len(tmp) == linecount:
+            yield tmp
+            tmp = []
+
+        tmp.append(item)
+
+    if tmp:
+        if fill_with is not None and len(tmp) < linecount:
+            tmp += [fill_with] * (linecount - len(tmp))
+
+        yield tmp
+
+
+def do_round(
+    value: float,
+    precision: int = 0,
+    method: 'te.Literal["common", "ceil", "floor"]' = "common",
+) -> float:
+    """Round the number to a given precision. The first
+    parameter specifies the precision (default is ``0``), the
+    second the rounding method:
+
+    - ``'common'`` rounds either up or down
+    - ``'ceil'`` always rounds up
+    - ``'floor'`` always rounds down
+
+    If you don't specify a method ``'common'`` is used.
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round }}
+            -> 43.0
+        {{ 42.55|round(1, 'floor') }}
+            -> 42.5
+
+    Note that even if rounded to 0 precision, a float is returned.  If
+    you need a real integer, pipe it through `int`:
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round|int }}
+            -> 43
+    """
+    if method not in {"common", "ceil", "floor"}:
+        raise FilterArgumentError("method must be common, ceil or floor")
+
+    if method == "common":
+        return round(value, precision)
+
+    func = getattr(math, method)
+    return t.cast(float, func(value * (10**precision)) / (10**precision))
+
+
+class _GroupTuple(t.NamedTuple):
+    grouper: t.Any
+    list: t.List[t.Any]
+
+    # Use the regular tuple repr to hide this subclass if users print
+    # out the value during debugging.
+    def __repr__(self) -> str:
+        return tuple.__repr__(self)
+
+    def __str__(self) -> str:
+        return tuple.__str__(self)
+
+
+@pass_environment
+def sync_do_groupby(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    """Group a sequence of objects by an attribute using Python's
+    :func:`itertools.groupby`. The attribute can use dot notation for
+    nested access, like ``"address.city"``. Unlike Python's ``groupby``,
+    the values are sorted first so only one group is returned for each
+    unique value.
+
+    For example, a list of ``User`` objects with a ``city`` attribute
+    can be rendered in groups. In this example, ``grouper`` refers to
+    the ``city`` value of the group.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for city, items in users|groupby("city") %}
+          <li>{{ city }}
+            <ul>{% for user in items %}
+              <li>{{ user.name }}
+            {% endfor %}</ul>
+          </li>
+        {% endfor %}</ul>
+
+    ``groupby`` yields namedtuples of ``(grouper, list)``, which
+    can be used instead of the tuple unpacking above. ``grouper`` is the
+    value of the attribute, and ``list`` is the items with that value.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for group in users|groupby("city") %}
+          <li>{{ group.grouper }}: {{ group.list|join(", ") }}
+        {% endfor %}</ul>
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        <ul>{% for city, items in users|groupby("city", default="NY") %}
+          <li>{{ city }}: {{ items|map(attribute="name")|join(", ") }}</li>
+        {% endfor %}</ul>
+
+    Like the :func:`~jinja-filters.sort` filter, sorting and grouping is
+    case-insensitive by default. The ``key`` for each group will have
+    the case of the first item in that group of values. For example, if
+    a list of users has cities ``["CA", "NY", "ca"]``, the "CA" group
+    will have two values. This can be disabled by passing
+    ``case_sensitive=True``.
+
+    .. versionchanged:: 3.1
+        Added the ``case_sensitive`` parameter. Sorting and grouping is
+        case-insensitive by default, matching other filters that do
+        comparisons.
+
+    .. versionchanged:: 3.0
+        Added the ``default`` parameter.
+
+    .. versionchanged:: 2.6
+        The attribute supports dot notation for nested access.
+    """
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, list(values))
+        for key, values in groupby(sorted(value, key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@async_variant(sync_do_groupby)  # type: ignore
+async def do_groupby(
+    environment: "Environment",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, await auto_to_list(values))
+        for key, values in groupby(sorted(await auto_to_list(value), key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@pass_environment
+def sync_do_sum(
+    environment: "Environment",
+    iterable: "t.Iterable[V]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    """Returns the sum of a sequence of numbers plus the value of parameter
+    'start' (which defaults to 0).  When the sequence is empty it returns
+    start.
+
+    It is also possible to sum up only certain attributes:
+
+    .. sourcecode:: jinja
+
+        Total: {{ items|sum(attribute='price') }}
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added to allow summing up over
+       attributes.  Also the ``start`` parameter was moved on to the right.
+    """
+    if attribute is not None:
+        iterable = map(make_attrgetter(environment, attribute), iterable)
+
+    return sum(iterable, start)  # type: ignore[no-any-return, call-overload]
+
+
+@async_variant(sync_do_sum)  # type: ignore
+async def do_sum(
+    environment: "Environment",
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    rv = start
+
+    if attribute is not None:
+        func = make_attrgetter(environment, attribute)
+    else:
+
+        def func(x: V) -> V:
+            return x
+
+    async for item in auto_aiter(iterable):
+        rv += func(item)
+
+    return rv
+
+
+def sync_do_list(value: "t.Iterable[V]") -> "t.List[V]":
+    """Convert the value into a list.  If it was a string the returned list
+    will be a list of characters.
+    """
+    return list(value)
+
+
+@async_variant(sync_do_list)  # type: ignore
+async def do_list(value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]") -> "t.List[V]":
+    return await auto_to_list(value)
+
+
+def do_mark_safe(value: str) -> Markup:
+    """Mark the value as safe which means that in an environment with automatic
+    escaping enabled this variable will not be escaped.
+    """
+    return Markup(value)
+
+
+def do_mark_unsafe(value: str) -> str:
+    """Mark a value as unsafe.  This is the reverse operation for :func:`safe`."""
+    return str(value)
+
+
+@typing.overload
+def do_reverse(value: str) -> str: ...
+
+
+@typing.overload
+def do_reverse(value: "t.Iterable[V]") -> "t.Iterable[V]": ...
+
+
+def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]]:
+    """Reverse the object or return an iterator that iterates over it the other
+    way round.
+    """
+    if isinstance(value, str):
+        return value[::-1]
+
+    try:
+        return reversed(value)  # type: ignore
+    except TypeError:
+        try:
+            rv = list(value)
+            rv.reverse()
+            return rv
+        except TypeError as e:
+            raise FilterArgumentError("argument must be iterable") from e
+
+
+@pass_environment
+def do_attr(
+    environment: "Environment", obj: t.Any, name: str
+) -> t.Union[Undefined, t.Any]:
+    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+    ``foo.bar`` just that always an attribute is returned and items are not
+    looked up.
+
+    See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+    """
+    try:
+        name = str(name)
+    except UnicodeError:
+        pass
+    else:
+        try:
+            value = getattr(obj, name)
+        except AttributeError:
+            pass
+        else:
+            if environment.sandboxed:
+                environment = t.cast("SandboxedEnvironment", environment)
+
+                if not environment.is_safe_attribute(obj, name, value):
+                    return environment.unsafe_undefined(obj, name)
+
+            return value
+
+    return environment.undefined(obj=obj, name=name)
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@pass_context
+def sync_do_map(
+    context: "Context", value: t.Iterable[t.Any], *args: t.Any, **kwargs: t.Any
+) -> t.Iterable[t.Any]:
+    """Applies a filter on a sequence of objects or looks up an attribute.
+    This is useful when dealing with lists of objects but you are really
+    only interested in a certain value of it.
+
+    The basic usage is mapping on an attribute.  Imagine you have a list
+    of users but you are only interested in a list of usernames:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ users|map(attribute='username')|join(', ') }}
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        {{ users|map(attribute="username", default="Anonymous")|join(", ") }}
+
+    Alternatively you can let it invoke a filter by passing the name of the
+    filter and the arguments afterwards.  A good example would be applying a
+    text conversion filter on a sequence:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ titles|map('lower')|join(', ') }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u.username for u in users)
+        (getattr(u, "username", "Anonymous") for u in users)
+        (do_lower(x) for x in titles)
+
+    .. versionchanged:: 2.11.0
+        Added the ``default`` parameter.
+
+    .. versionadded:: 2.7
+    """
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        for item in value:
+            yield func(item)
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@async_variant(sync_do_map)  # type: ignore
+async def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.AsyncIterable[t.Any]:
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        async for item in auto_aiter(value):
+            yield await auto_await(func(item))
+
+
+@pass_context
+def sync_do_select(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and only selecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|select("odd") }}
+        {{ numbers|select("odd") }}
+        {{ numbers|select("divisibleby", 3) }}
+        {{ numbers|select("lessthan", 42) }}
+        {{ strings|select("equalto", "mystring") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if test_odd(n))
+        (n for n in numbers if test_divisibleby(n, 3))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@async_variant(sync_do_select)  # type: ignore
+async def do_select(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@pass_context
+def sync_do_reject(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and rejecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|reject("odd") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if not test_odd(n))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@async_variant(sync_do_reject)  # type: ignore
+async def do_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@pass_context
+def sync_do_selectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and only selecting the objects with the
+    test succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ users|selectattr("is_active") }}
+        {{ users|selectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if user.is_active)
+        (u for user in users if test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@async_variant(sync_do_selectattr)  # type: ignore
+async def do_selectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@pass_context
+def sync_do_rejectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and rejecting the objects with the test
+    succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    .. sourcecode:: jinja
+
+        {{ users|rejectattr("is_active") }}
+        {{ users|rejectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if not user.is_active)
+        (u for user in users if not test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@async_variant(sync_do_rejectattr)  # type: ignore
+async def do_rejectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@pass_eval_context
+def do_tojson(
+    eval_ctx: "EvalContext", value: t.Any, indent: t.Optional[int] = None
+) -> Markup:
+    """Serialize an object to a string of JSON, and mark it safe to
+    render in HTML. This filter is only for use in HTML documents.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param value: The object to serialize to JSON.
+    :param indent: The ``indent`` parameter passed to ``dumps``, for
+        pretty-printing the value.
+
+    .. versionadded:: 2.9
+    """
+    policies = eval_ctx.environment.policies
+    dumps = policies["json.dumps_function"]
+    kwargs = policies["json.dumps_kwargs"]
+
+    if indent is not None:
+        kwargs = kwargs.copy()
+        kwargs["indent"] = indent
+
+    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
+
+
+def prepare_map(
+    context: "Context", args: t.Tuple[t.Any, ...], kwargs: t.Dict[str, t.Any]
+) -> t.Callable[[t.Any], t.Any]:
+    if not args and "attribute" in kwargs:
+        attribute = kwargs.pop("attribute")
+        default = kwargs.pop("default", None)
+
+        if kwargs:
+            raise FilterArgumentError(
+                f"Unexpected keyword argument {next(iter(kwargs))!r}"
+            )
+
+        func = make_attrgetter(context.environment, attribute, default=default)
+    else:
+        try:
+            name = args[0]
+            args = args[1:]
+        except LookupError:
+            raise FilterArgumentError("map requires a filter argument") from None
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_filter(
+                name, item, args, kwargs, context=context
+            )
+
+    return func
+
+
+def prepare_select_or_reject(
+    context: "Context",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> t.Callable[[t.Any], t.Any]:
+    if lookup_attr:
+        try:
+            attr = args[0]
+        except LookupError:
+            raise FilterArgumentError("Missing parameter for attribute name") from None
+
+        transfunc = make_attrgetter(context.environment, attr)
+        off = 1
+    else:
+        off = 0
+
+        def transfunc(x: V) -> V:
+            return x
+
+    try:
+        name = args[off]
+        args = args[1 + off :]
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_test(name, item, args, kwargs)
+
+    except LookupError:
+        func = bool  # type: ignore
+
+    return lambda item: modfunc(func(transfunc(item)))
+
+
+def select_or_reject(
+    context: "Context",
+    value: "t.Iterable[V]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.Iterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        for item in value:
+            if func(item):
+                yield item
+
+
+async def async_select_or_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.AsyncIterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        async for item in auto_aiter(value):
+            if func(item):
+                yield item
+
+
+FILTERS = {
+    "abs": abs,
+    "attr": do_attr,
+    "batch": do_batch,
+    "capitalize": do_capitalize,
+    "center": do_center,
+    "count": len,
+    "d": do_default,
+    "default": do_default,
+    "dictsort": do_dictsort,
+    "e": escape,
+    "escape": escape,
+    "filesizeformat": do_filesizeformat,
+    "first": do_first,
+    "float": do_float,
+    "forceescape": do_forceescape,
+    "format": do_format,
+    "groupby": do_groupby,
+    "indent": do_indent,
+    "int": do_int,
+    "join": do_join,
+    "last": do_last,
+    "length": len,
+    "list": do_list,
+    "lower": do_lower,
+    "items": do_items,
+    "map": do_map,
+    "min": do_min,
+    "max": do_max,
+    "pprint": do_pprint,
+    "random": do_random,
+    "reject": do_reject,
+    "rejectattr": do_rejectattr,
+    "replace": do_replace,
+    "reverse": do_reverse,
+    "round": do_round,
+    "safe": do_mark_safe,
+    "select": do_select,
+    "selectattr": do_selectattr,
+    "slice": do_slice,
+    "sort": do_sort,
+    "string": soft_str,
+    "striptags": do_striptags,
+    "sum": do_sum,
+    "title": do_title,
+    "trim": do_trim,
+    "truncate": do_truncate,
+    "unique": do_unique,
+    "upper": do_upper,
+    "urlencode": do_urlencode,
+    "urlize": do_urlize,
+    "wordcount": do_wordcount,
+    "wordwrap": do_wordwrap,
+    "xmlattr": do_xmlattr,
+    "tojson": do_tojson,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/idtracking.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/idtracking.py
new file mode 100644
index 000000000..995ebaa0c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/idtracking.py
@@ -0,0 +1,318 @@
+import typing as t
+
+from . import nodes
+from .visitor import NodeVisitor
+
+VAR_LOAD_PARAMETER = "param"
+VAR_LOAD_RESOLVE = "resolve"
+VAR_LOAD_ALIAS = "alias"
+VAR_LOAD_UNDEFINED = "undefined"
+
+
+def find_symbols(
+    nodes: t.Iterable[nodes.Node], parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    visitor = FrameSymbolVisitor(sym)
+    for node in nodes:
+        visitor.visit(node)
+    return sym
+
+
+def symbols_for_node(
+    node: nodes.Node, parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    sym.analyze_node(node)
+    return sym
+
+
+class Symbols:
+    def __init__(
+        self, parent: t.Optional["Symbols"] = None, level: t.Optional[int] = None
+    ) -> None:
+        if level is None:
+            if parent is None:
+                level = 0
+            else:
+                level = parent.level + 1
+
+        self.level: int = level
+        self.parent = parent
+        self.refs: t.Dict[str, str] = {}
+        self.loads: t.Dict[str, t.Any] = {}
+        self.stores: t.Set[str] = set()
+
+    def analyze_node(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        visitor = RootVisitor(self)
+        visitor.visit(node, **kwargs)
+
+    def _define_ref(
+        self, name: str, load: t.Optional[t.Tuple[str, t.Optional[str]]] = None
+    ) -> str:
+        ident = f"l_{self.level}_{name}"
+        self.refs[name] = ident
+        if load is not None:
+            self.loads[ident] = load
+        return ident
+
+    def find_load(self, target: str) -> t.Optional[t.Any]:
+        if target in self.loads:
+            return self.loads[target]
+
+        if self.parent is not None:
+            return self.parent.find_load(target)
+
+        return None
+
+    def find_ref(self, name: str) -> t.Optional[str]:
+        if name in self.refs:
+            return self.refs[name]
+
+        if self.parent is not None:
+            return self.parent.find_ref(name)
+
+        return None
+
+    def ref(self, name: str) -> str:
+        rv = self.find_ref(name)
+        if rv is None:
+            raise AssertionError(
+                "Tried to resolve a name to a reference that was"
+                f" unknown to the frame ({name!r})"
+            )
+        return rv
+
+    def copy(self) -> "Symbols":
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.refs = self.refs.copy()
+        rv.loads = self.loads.copy()
+        rv.stores = self.stores.copy()
+        return rv
+
+    def store(self, name: str) -> None:
+        self.stores.add(name)
+
+        # If we have not see the name referenced yet, we need to figure
+        # out what to set it to.
+        if name not in self.refs:
+            # If there is a parent scope we check if the name has a
+            # reference there.  If it does it means we might have to alias
+            # to a variable there.
+            if self.parent is not None:
+                outer_ref = self.parent.find_ref(name)
+                if outer_ref is not None:
+                    self._define_ref(name, load=(VAR_LOAD_ALIAS, outer_ref))
+                    return
+
+            # Otherwise we can just set it to undefined.
+            self._define_ref(name, load=(VAR_LOAD_UNDEFINED, None))
+
+    def declare_parameter(self, name: str) -> str:
+        self.stores.add(name)
+        return self._define_ref(name, load=(VAR_LOAD_PARAMETER, None))
+
+    def load(self, name: str) -> None:
+        if self.find_ref(name) is None:
+            self._define_ref(name, load=(VAR_LOAD_RESOLVE, name))
+
+    def branch_update(self, branch_symbols: t.Sequence["Symbols"]) -> None:
+        stores: t.Dict[str, int] = {}
+        for branch in branch_symbols:
+            for target in branch.stores:
+                if target in self.stores:
+                    continue
+                stores[target] = stores.get(target, 0) + 1
+
+        for sym in branch_symbols:
+            self.refs.update(sym.refs)
+            self.loads.update(sym.loads)
+            self.stores.update(sym.stores)
+
+        for name, branch_count in stores.items():
+            if branch_count == len(branch_symbols):
+                continue
+
+            target = self.find_ref(name)  # type: ignore
+            assert target is not None, "should not happen"
+
+            if self.parent is not None:
+                outer_target = self.parent.find_ref(name)
+                if outer_target is not None:
+                    self.loads[target] = (VAR_LOAD_ALIAS, outer_target)
+                    continue
+            self.loads[target] = (VAR_LOAD_RESOLVE, name)
+
+    def dump_stores(self) -> t.Dict[str, str]:
+        rv: t.Dict[str, str] = {}
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for name in sorted(node.stores):
+                if name not in rv:
+                    rv[name] = self.find_ref(name)  # type: ignore
+
+            node = node.parent
+
+        return rv
+
+    def dump_param_targets(self) -> t.Set[str]:
+        rv = set()
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for target, (instr, _) in self.loads.items():
+                if instr == VAR_LOAD_PARAMETER:
+                    rv.add(target)
+
+            node = node.parent
+
+        return rv
+
+
+class RootVisitor(NodeVisitor):
+    def __init__(self, symbols: "Symbols") -> None:
+        self.sym_visitor = FrameSymbolVisitor(symbols)
+
+    def _simple_visit(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes():
+            self.sym_visitor.visit(child)
+
+    visit_Template = _simple_visit
+    visit_Block = _simple_visit
+    visit_Macro = _simple_visit
+    visit_FilterBlock = _simple_visit
+    visit_Scope = _simple_visit
+    visit_If = _simple_visit
+    visit_ScopedEvalContextModifier = _simple_visit
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes(exclude=("call",)):
+            self.sym_visitor.visit(child)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_For(
+        self, node: nodes.For, for_branch: str = "body", **kwargs: t.Any
+    ) -> None:
+        if for_branch == "body":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            branch = node.body
+        elif for_branch == "else":
+            branch = node.else_
+        elif for_branch == "test":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            if node.test is not None:
+                self.sym_visitor.visit(node.test)
+            return
+        else:
+            raise RuntimeError("Unknown for branch")
+
+        if branch:
+            for item in branch:
+                self.sym_visitor.visit(item)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.targets:
+            self.sym_visitor.visit(target)
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def generic_visit(self, node: nodes.Node, *args: t.Any, **kwargs: t.Any) -> None:
+        raise NotImplementedError(f"Cannot find symbols for {type(node).__name__!r}")
+
+
+class FrameSymbolVisitor(NodeVisitor):
+    """A visitor for `Frame.inspect`."""
+
+    def __init__(self, symbols: "Symbols") -> None:
+        self.symbols = symbols
+
+    def visit_Name(
+        self, node: nodes.Name, store_as_param: bool = False, **kwargs: t.Any
+    ) -> None:
+        """All assignments to names go through this function."""
+        if store_as_param or node.ctx == "param":
+            self.symbols.declare_parameter(node.name)
+        elif node.ctx == "store":
+            self.symbols.store(node.name)
+        elif node.ctx == "load":
+            self.symbols.load(node.name)
+
+    def visit_NSRef(self, node: nodes.NSRef, **kwargs: t.Any) -> None:
+        self.symbols.load(node.name)
+
+    def visit_If(self, node: nodes.If, **kwargs: t.Any) -> None:
+        self.visit(node.test, **kwargs)
+        original_symbols = self.symbols
+
+        def inner_visit(nodes: t.Iterable[nodes.Node]) -> "Symbols":
+            self.symbols = rv = original_symbols.copy()
+
+            for subnode in nodes:
+                self.visit(subnode, **kwargs)
+
+            self.symbols = original_symbols
+            return rv
+
+        body_symbols = inner_visit(node.body)
+        elif_symbols = inner_visit(node.elif_)
+        else_symbols = inner_visit(node.else_ or ())
+        self.symbols.branch_update([body_symbols, elif_symbols, else_symbols])
+
+    def visit_Macro(self, node: nodes.Macro, **kwargs: t.Any) -> None:
+        self.symbols.store(node.name)
+
+    def visit_Import(self, node: nodes.Import, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+        self.symbols.store(node.target)
+
+    def visit_FromImport(self, node: nodes.FromImport, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+
+        for name in node.names:
+            if isinstance(name, tuple):
+                self.symbols.store(name[1])
+            else:
+                self.symbols.store(name)
+
+    def visit_Assign(self, node: nodes.Assign, **kwargs: t.Any) -> None:
+        """Visit assignments in the correct order."""
+        self.visit(node.node, **kwargs)
+        self.visit(node.target, **kwargs)
+
+    def visit_For(self, node: nodes.For, **kwargs: t.Any) -> None:
+        """Visiting stops at for blocks.  However the block sequence
+        is visited as part of the outer scope.
+        """
+        self.visit(node.iter, **kwargs)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        self.visit(node.call, **kwargs)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, **kwargs: t.Any) -> None:
+        self.visit(node.filter, **kwargs)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.values:
+            self.visit(target)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        """Stop visiting at block assigns."""
+        self.visit(node.target, **kwargs)
+
+    def visit_Scope(self, node: nodes.Scope, **kwargs: t.Any) -> None:
+        """Stop visiting at scopes."""
+
+    def visit_Block(self, node: nodes.Block, **kwargs: t.Any) -> None:
+        """Stop visiting at blocks."""
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        """Do not visit into overlay scopes."""
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/lexer.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/lexer.py
new file mode 100644
index 000000000..62b0471a3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/lexer.py
@@ -0,0 +1,868 @@
+"""Implements a Jinja / Python combination lexer. The ``Lexer`` class
+is used to do some preprocessing. It filters out invalid operators like
+the bitshift operators we don't allow in templates. It separates
+template code and python code in expressions.
+"""
+
+import re
+import typing as t
+from ast import literal_eval
+from collections import deque
+from sys import intern
+
+from ._identifier import pattern as name_re
+from .exceptions import TemplateSyntaxError
+from .utils import LRUCache
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+# cache for the lexers. Exists in order to be able to have multiple
+# environments with the same lexer
+_lexer_cache: t.MutableMapping[t.Tuple, "Lexer"] = LRUCache(50)  # type: ignore
+
+# static regular expressions
+whitespace_re = re.compile(r"\s+")
+newline_re = re.compile(r"(\r\n|\r|\n)")
+string_re = re.compile(
+    r"('([^'\\]*(?:\\.[^'\\]*)*)'" r'|"([^"\\]*(?:\\.[^"\\]*)*)")', re.S
+)
+integer_re = re.compile(
+    r"""
+    (
+        0b(_?[0-1])+ # binary
+    |
+        0o(_?[0-7])+ # octal
+    |
+        0x(_?[\da-f])+ # hex
+    |
+        [1-9](_?\d)* # decimal
+    |
+        0(_?0)* # decimal zero
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+float_re = re.compile(
+    r"""
+    (?<!\.)  # doesn't start with a .
+    (\d+_)*\d+  # digits, possibly _ separated
+    (
+        (\.(\d+_)*\d+)?  # optional fractional part
+        e[+\-]?(\d+_)*\d+  # exponent part
+    |
+        \.(\d+_)*\d+  # required fractional part
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+
+# internal the tokens and keep references to them
+TOKEN_ADD = intern("add")
+TOKEN_ASSIGN = intern("assign")
+TOKEN_COLON = intern("colon")
+TOKEN_COMMA = intern("comma")
+TOKEN_DIV = intern("div")
+TOKEN_DOT = intern("dot")
+TOKEN_EQ = intern("eq")
+TOKEN_FLOORDIV = intern("floordiv")
+TOKEN_GT = intern("gt")
+TOKEN_GTEQ = intern("gteq")
+TOKEN_LBRACE = intern("lbrace")
+TOKEN_LBRACKET = intern("lbracket")
+TOKEN_LPAREN = intern("lparen")
+TOKEN_LT = intern("lt")
+TOKEN_LTEQ = intern("lteq")
+TOKEN_MOD = intern("mod")
+TOKEN_MUL = intern("mul")
+TOKEN_NE = intern("ne")
+TOKEN_PIPE = intern("pipe")
+TOKEN_POW = intern("pow")
+TOKEN_RBRACE = intern("rbrace")
+TOKEN_RBRACKET = intern("rbracket")
+TOKEN_RPAREN = intern("rparen")
+TOKEN_SEMICOLON = intern("semicolon")
+TOKEN_SUB = intern("sub")
+TOKEN_TILDE = intern("tilde")
+TOKEN_WHITESPACE = intern("whitespace")
+TOKEN_FLOAT = intern("float")
+TOKEN_INTEGER = intern("integer")
+TOKEN_NAME = intern("name")
+TOKEN_STRING = intern("string")
+TOKEN_OPERATOR = intern("operator")
+TOKEN_BLOCK_BEGIN = intern("block_begin")
+TOKEN_BLOCK_END = intern("block_end")
+TOKEN_VARIABLE_BEGIN = intern("variable_begin")
+TOKEN_VARIABLE_END = intern("variable_end")
+TOKEN_RAW_BEGIN = intern("raw_begin")
+TOKEN_RAW_END = intern("raw_end")
+TOKEN_COMMENT_BEGIN = intern("comment_begin")
+TOKEN_COMMENT_END = intern("comment_end")
+TOKEN_COMMENT = intern("comment")
+TOKEN_LINESTATEMENT_BEGIN = intern("linestatement_begin")
+TOKEN_LINESTATEMENT_END = intern("linestatement_end")
+TOKEN_LINECOMMENT_BEGIN = intern("linecomment_begin")
+TOKEN_LINECOMMENT_END = intern("linecomment_end")
+TOKEN_LINECOMMENT = intern("linecomment")
+TOKEN_DATA = intern("data")
+TOKEN_INITIAL = intern("initial")
+TOKEN_EOF = intern("eof")
+
+# bind operators to token types
+operators = {
+    "+": TOKEN_ADD,
+    "-": TOKEN_SUB,
+    "/": TOKEN_DIV,
+    "//": TOKEN_FLOORDIV,
+    "*": TOKEN_MUL,
+    "%": TOKEN_MOD,
+    "**": TOKEN_POW,
+    "~": TOKEN_TILDE,
+    "[": TOKEN_LBRACKET,
+    "]": TOKEN_RBRACKET,
+    "(": TOKEN_LPAREN,
+    ")": TOKEN_RPAREN,
+    "{": TOKEN_LBRACE,
+    "}": TOKEN_RBRACE,
+    "==": TOKEN_EQ,
+    "!=": TOKEN_NE,
+    ">": TOKEN_GT,
+    ">=": TOKEN_GTEQ,
+    "<": TOKEN_LT,
+    "<=": TOKEN_LTEQ,
+    "=": TOKEN_ASSIGN,
+    ".": TOKEN_DOT,
+    ":": TOKEN_COLON,
+    "|": TOKEN_PIPE,
+    ",": TOKEN_COMMA,
+    ";": TOKEN_SEMICOLON,
+}
+
+reverse_operators = {v: k for k, v in operators.items()}
+assert len(operators) == len(reverse_operators), "operators dropped"
+operator_re = re.compile(
+    f"({'|'.join(re.escape(x) for x in sorted(operators, key=lambda x: -len(x)))})"
+)
+
+ignored_tokens = frozenset(
+    [
+        TOKEN_COMMENT_BEGIN,
+        TOKEN_COMMENT,
+        TOKEN_COMMENT_END,
+        TOKEN_WHITESPACE,
+        TOKEN_LINECOMMENT_BEGIN,
+        TOKEN_LINECOMMENT_END,
+        TOKEN_LINECOMMENT,
+    ]
+)
+ignore_if_empty = frozenset(
+    [TOKEN_WHITESPACE, TOKEN_DATA, TOKEN_COMMENT, TOKEN_LINECOMMENT]
+)
+
+
+def _describe_token_type(token_type: str) -> str:
+    if token_type in reverse_operators:
+        return reverse_operators[token_type]
+
+    return {
+        TOKEN_COMMENT_BEGIN: "begin of comment",
+        TOKEN_COMMENT_END: "end of comment",
+        TOKEN_COMMENT: "comment",
+        TOKEN_LINECOMMENT: "comment",
+        TOKEN_BLOCK_BEGIN: "begin of statement block",
+        TOKEN_BLOCK_END: "end of statement block",
+        TOKEN_VARIABLE_BEGIN: "begin of print statement",
+        TOKEN_VARIABLE_END: "end of print statement",
+        TOKEN_LINESTATEMENT_BEGIN: "begin of line statement",
+        TOKEN_LINESTATEMENT_END: "end of line statement",
+        TOKEN_DATA: "template data / text",
+        TOKEN_EOF: "end of template",
+    }.get(token_type, token_type)
+
+
+def describe_token(token: "Token") -> str:
+    """Returns a description of the token."""
+    if token.type == TOKEN_NAME:
+        return token.value
+
+    return _describe_token_type(token.type)
+
+
+def describe_token_expr(expr: str) -> str:
+    """Like `describe_token` but for token expressions."""
+    if ":" in expr:
+        type, value = expr.split(":", 1)
+
+        if type == TOKEN_NAME:
+            return value
+    else:
+        type = expr
+
+    return _describe_token_type(type)
+
+
+def count_newlines(value: str) -> int:
+    """Count the number of newline characters in the string.  This is
+    useful for extensions that filter a stream.
+    """
+    return len(newline_re.findall(value))
+
+
+def compile_rules(environment: "Environment") -> t.List[t.Tuple[str, str]]:
+    """Compiles all the rules from the environment into a list of rules."""
+    e = re.escape
+    rules = [
+        (
+            len(environment.comment_start_string),
+            TOKEN_COMMENT_BEGIN,
+            e(environment.comment_start_string),
+        ),
+        (
+            len(environment.block_start_string),
+            TOKEN_BLOCK_BEGIN,
+            e(environment.block_start_string),
+        ),
+        (
+            len(environment.variable_start_string),
+            TOKEN_VARIABLE_BEGIN,
+            e(environment.variable_start_string),
+        ),
+    ]
+
+    if environment.line_statement_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_statement_prefix),
+                TOKEN_LINESTATEMENT_BEGIN,
+                r"^[ \t\v]*" + e(environment.line_statement_prefix),
+            )
+        )
+    if environment.line_comment_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_comment_prefix),
+                TOKEN_LINECOMMENT_BEGIN,
+                r"(?:^|(?<=\S))[^\S\r\n]*" + e(environment.line_comment_prefix),
+            )
+        )
+
+    return [x[1:] for x in sorted(rules, reverse=True)]
+
+
+class Failure:
+    """Class that raises a `TemplateSyntaxError` if called.
+    Used by the `Lexer` to specify known errors.
+    """
+
+    def __init__(
+        self, message: str, cls: t.Type[TemplateSyntaxError] = TemplateSyntaxError
+    ) -> None:
+        self.message = message
+        self.error_class = cls
+
+    def __call__(self, lineno: int, filename: str) -> "te.NoReturn":
+        raise self.error_class(self.message, lineno, filename)
+
+
+class Token(t.NamedTuple):
+    lineno: int
+    type: str
+    value: str
+
+    def __str__(self) -> str:
+        return describe_token(self)
+
+    def test(self, expr: str) -> bool:
+        """Test a token against a token expression.  This can either be a
+        token type or ``'token_type:token_value'``.  This can only test
+        against string values and types.
+        """
+        # here we do a regular string equality check as test_any is usually
+        # passed an iterable of not interned strings.
+        if self.type == expr:
+            return True
+
+        if ":" in expr:
+            return expr.split(":", 1) == [self.type, self.value]
+
+        return False
+
+    def test_any(self, *iterable: str) -> bool:
+        """Test against multiple token expressions."""
+        return any(self.test(expr) for expr in iterable)
+
+
+class TokenStreamIterator:
+    """The iterator for tokenstreams.  Iterate over the stream
+    until the eof token is reached.
+    """
+
+    def __init__(self, stream: "TokenStream") -> None:
+        self.stream = stream
+
+    def __iter__(self) -> "TokenStreamIterator":
+        return self
+
+    def __next__(self) -> Token:
+        token = self.stream.current
+
+        if token.type is TOKEN_EOF:
+            self.stream.close()
+            raise StopIteration
+
+        next(self.stream)
+        return token
+
+
+class TokenStream:
+    """A token stream is an iterable that yields :class:`Token`\\s.  The
+    parser however does not iterate over it but calls :meth:`next` to go
+    one token ahead.  The current active token is stored as :attr:`current`.
+    """
+
+    def __init__(
+        self,
+        generator: t.Iterable[Token],
+        name: t.Optional[str],
+        filename: t.Optional[str],
+    ):
+        self._iter = iter(generator)
+        self._pushed: "te.Deque[Token]" = deque()
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.current = Token(1, TOKEN_INITIAL, "")
+        next(self)
+
+    def __iter__(self) -> TokenStreamIterator:
+        return TokenStreamIterator(self)
+
+    def __bool__(self) -> bool:
+        return bool(self._pushed) or self.current.type is not TOKEN_EOF
+
+    @property
+    def eos(self) -> bool:
+        """Are we at the end of the stream?"""
+        return not self
+
+    def push(self, token: Token) -> None:
+        """Push a token back to the stream."""
+        self._pushed.append(token)
+
+    def look(self) -> Token:
+        """Look at the next token."""
+        old_token = next(self)
+        result = self.current
+        self.push(result)
+        self.current = old_token
+        return result
+
+    def skip(self, n: int = 1) -> None:
+        """Got n tokens ahead."""
+        for _ in range(n):
+            next(self)
+
+    def next_if(self, expr: str) -> t.Optional[Token]:
+        """Perform the token test and return the token if it matched.
+        Otherwise the return value is `None`.
+        """
+        if self.current.test(expr):
+            return next(self)
+
+        return None
+
+    def skip_if(self, expr: str) -> bool:
+        """Like :meth:`next_if` but only returns `True` or `False`."""
+        return self.next_if(expr) is not None
+
+    def __next__(self) -> Token:
+        """Go one token ahead and return the old one.
+
+        Use the built-in :func:`next` instead of calling this directly.
+        """
+        rv = self.current
+
+        if self._pushed:
+            self.current = self._pushed.popleft()
+        elif self.current.type is not TOKEN_EOF:
+            try:
+                self.current = next(self._iter)
+            except StopIteration:
+                self.close()
+
+        return rv
+
+    def close(self) -> None:
+        """Close the stream."""
+        self.current = Token(self.current.lineno, TOKEN_EOF, "")
+        self._iter = iter(())
+        self.closed = True
+
+    def expect(self, expr: str) -> Token:
+        """Expect a given token type and return it.  This accepts the same
+        argument as :meth:`jinja2.lexer.Token.test`.
+        """
+        if not self.current.test(expr):
+            expr = describe_token_expr(expr)
+
+            if self.current.type is TOKEN_EOF:
+                raise TemplateSyntaxError(
+                    f"unexpected end of template, expected {expr!r}.",
+                    self.current.lineno,
+                    self.name,
+                    self.filename,
+                )
+
+            raise TemplateSyntaxError(
+                f"expected token {expr!r}, got {describe_token(self.current)!r}",
+                self.current.lineno,
+                self.name,
+                self.filename,
+            )
+
+        return next(self)
+
+
+def get_lexer(environment: "Environment") -> "Lexer":
+    """Return a lexer which is probably cached."""
+    key = (
+        environment.block_start_string,
+        environment.block_end_string,
+        environment.variable_start_string,
+        environment.variable_end_string,
+        environment.comment_start_string,
+        environment.comment_end_string,
+        environment.line_statement_prefix,
+        environment.line_comment_prefix,
+        environment.trim_blocks,
+        environment.lstrip_blocks,
+        environment.newline_sequence,
+        environment.keep_trailing_newline,
+    )
+    lexer = _lexer_cache.get(key)
+
+    if lexer is None:
+        _lexer_cache[key] = lexer = Lexer(environment)
+
+    return lexer
+
+
+class OptionalLStrip(tuple):  # type: ignore[type-arg]
+    """A special tuple for marking a point in the state that can have
+    lstrip applied.
+    """
+
+    __slots__ = ()
+
+    # Even though it looks like a no-op, creating instances fails
+    # without this.
+    def __new__(cls, *members, **kwargs):  # type: ignore
+        return super().__new__(cls, members)
+
+
+class _Rule(t.NamedTuple):
+    pattern: t.Pattern[str]
+    tokens: t.Union[str, t.Tuple[str, ...], t.Tuple[Failure]]
+    command: t.Optional[str]
+
+
+class Lexer:
+    """Class that implements a lexer for a given environment. Automatically
+    created by the environment class, usually you don't have to do that.
+
+    Note that the lexer is not automatically bound to an environment.
+    Multiple environments can share the same lexer.
+    """
+
+    def __init__(self, environment: "Environment") -> None:
+        # shortcuts
+        e = re.escape
+
+        def c(x: str) -> t.Pattern[str]:
+            return re.compile(x, re.M | re.S)
+
+        # lexing rules for tags
+        tag_rules: t.List[_Rule] = [
+            _Rule(whitespace_re, TOKEN_WHITESPACE, None),
+            _Rule(float_re, TOKEN_FLOAT, None),
+            _Rule(integer_re, TOKEN_INTEGER, None),
+            _Rule(name_re, TOKEN_NAME, None),
+            _Rule(string_re, TOKEN_STRING, None),
+            _Rule(operator_re, TOKEN_OPERATOR, None),
+        ]
+
+        # assemble the root lexing rule. because "|" is ungreedy
+        # we have to sort by length so that the lexer continues working
+        # as expected when we have parsing rules like <% for block and
+        # <%= for variables. (if someone wants asp like syntax)
+        # variables are just part of the rules if variable processing
+        # is required.
+        root_tag_rules = compile_rules(environment)
+
+        block_start_re = e(environment.block_start_string)
+        block_end_re = e(environment.block_end_string)
+        comment_end_re = e(environment.comment_end_string)
+        variable_end_re = e(environment.variable_end_string)
+
+        # block suffix if trimming is enabled
+        block_suffix_re = "\\n?" if environment.trim_blocks else ""
+
+        self.lstrip_blocks = environment.lstrip_blocks
+
+        self.newline_sequence = environment.newline_sequence
+        self.keep_trailing_newline = environment.keep_trailing_newline
+
+        root_raw_re = (
+            rf"(?P<raw_begin>{block_start_re}(\-|\+|)\s*raw\s*"
+            rf"(?:\-{block_end_re}\s*|{block_end_re}))"
+        )
+        root_parts_re = "|".join(
+            [root_raw_re] + [rf"(?P<{n}>{r}(\-|\+|))" for n, r in root_tag_rules]
+        )
+
+        # global lexing rules
+        self.rules: t.Dict[str, t.List[_Rule]] = {
+            "root": [
+                # directives
+                _Rule(
+                    c(rf"(.*?)(?:{root_parts_re})"),
+                    OptionalLStrip(TOKEN_DATA, "#bygroup"),  # type: ignore
+                    "#bygroup",
+                ),
+                # data
+                _Rule(c(".+"), TOKEN_DATA, None),
+            ],
+            # comments
+            TOKEN_COMMENT_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:\+{comment_end_re}|\-{comment_end_re}\s*"
+                        rf"|{comment_end_re}{block_suffix_re}))"
+                    ),
+                    (TOKEN_COMMENT, TOKEN_COMMENT_END),
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of comment tag"),), None),
+            ],
+            # blocks
+            TOKEN_BLOCK_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re})"
+                    ),
+                    TOKEN_BLOCK_END,
+                    "#pop",
+                ),
+            ]
+            + tag_rules,
+            # variables
+            TOKEN_VARIABLE_BEGIN: [
+                _Rule(
+                    c(rf"\-{variable_end_re}\s*|{variable_end_re}"),
+                    TOKEN_VARIABLE_END,
+                    "#pop",
+                )
+            ]
+            + tag_rules,
+            # raw block
+            TOKEN_RAW_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:{block_start_re}(\-|\+|))\s*endraw\s*"
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re}))"
+                    ),
+                    OptionalLStrip(TOKEN_DATA, TOKEN_RAW_END),  # type: ignore
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of raw directive"),), None),
+            ],
+            # line statements
+            TOKEN_LINESTATEMENT_BEGIN: [
+                _Rule(c(r"\s*(\n|$)"), TOKEN_LINESTATEMENT_END, "#pop")
+            ]
+            + tag_rules,
+            # line comments
+            TOKEN_LINECOMMENT_BEGIN: [
+                _Rule(
+                    c(r"(.*?)()(?=\n|$)"),
+                    (TOKEN_LINECOMMENT, TOKEN_LINECOMMENT_END),
+                    "#pop",
+                )
+            ],
+        }
+
+    def _normalize_newlines(self, value: str) -> str:
+        """Replace all newlines with the configured sequence in strings
+        and template data.
+        """
+        return newline_re.sub(self.newline_sequence, value)
+
+    def tokenize(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Calls tokeniter + tokenize and wraps it in a token stream."""
+        stream = self.tokeniter(source, name, filename, state)
+        return TokenStream(self.wrap(stream, name, filename), name, filename)
+
+    def wrap(
+        self,
+        stream: t.Iterable[t.Tuple[int, str, str]],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[Token]:
+        """This is called with the stream as returned by `tokenize` and wraps
+        every token in a :class:`Token` and converts the value.
+        """
+        for lineno, token, value_str in stream:
+            if token in ignored_tokens:
+                continue
+
+            value: t.Any = value_str
+
+            if token == TOKEN_LINESTATEMENT_BEGIN:
+                token = TOKEN_BLOCK_BEGIN
+            elif token == TOKEN_LINESTATEMENT_END:
+                token = TOKEN_BLOCK_END
+            # we are not interested in those tokens in the parser
+            elif token in (TOKEN_RAW_BEGIN, TOKEN_RAW_END):
+                continue
+            elif token == TOKEN_DATA:
+                value = self._normalize_newlines(value_str)
+            elif token == "keyword":
+                token = value_str
+            elif token == TOKEN_NAME:
+                value = value_str
+
+                if not value.isidentifier():
+                    raise TemplateSyntaxError(
+                        "Invalid character in identifier", lineno, name, filename
+                    )
+            elif token == TOKEN_STRING:
+                # try to unescape string
+                try:
+                    value = (
+                        self._normalize_newlines(value_str[1:-1])
+                        .encode("ascii", "backslashreplace")
+                        .decode("unicode-escape")
+                    )
+                except Exception as e:
+                    msg = str(e).split(":")[-1].strip()
+                    raise TemplateSyntaxError(msg, lineno, name, filename) from e
+            elif token == TOKEN_INTEGER:
+                value = int(value_str.replace("_", ""), 0)
+            elif token == TOKEN_FLOAT:
+                # remove all "_" first to support more Python versions
+                value = literal_eval(value_str.replace("_", ""))
+            elif token == TOKEN_OPERATOR:
+                token = operators[value_str]
+
+            yield Token(lineno, token, value)
+
+    def tokeniter(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """This method tokenizes the text and returns the tokens in a
+        generator. Use this method if you just want to tokenize a template.
+
+        .. versionchanged:: 3.0
+            Only ``\\n``, ``\\r\\n`` and ``\\r`` are treated as line
+            breaks.
+        """
+        lines = newline_re.split(source)[::2]
+
+        if not self.keep_trailing_newline and lines[-1] == "":
+            del lines[-1]
+
+        source = "\n".join(lines)
+        pos = 0
+        lineno = 1
+        stack = ["root"]
+
+        if state is not None and state != "root":
+            assert state in ("variable", "block"), "invalid state"
+            stack.append(state + "_begin")
+
+        statetokens = self.rules[stack[-1]]
+        source_length = len(source)
+        balancing_stack: t.List[str] = []
+        newlines_stripped = 0
+        line_starting = True
+
+        while True:
+            # tokenizer loop
+            for regex, tokens, new_state in statetokens:
+                m = regex.match(source, pos)
+
+                # if no match we try again with the next rule
+                if m is None:
+                    continue
+
+                # we only match blocks and variables if braces / parentheses
+                # are balanced. continue parsing with the lower rule which
+                # is the operator rule. do this only if the end tags look
+                # like operators
+                if balancing_stack and tokens in (
+                    TOKEN_VARIABLE_END,
+                    TOKEN_BLOCK_END,
+                    TOKEN_LINESTATEMENT_END,
+                ):
+                    continue
+
+                # tuples support more options
+                if isinstance(tokens, tuple):
+                    groups: t.Sequence[str] = m.groups()
+
+                    if isinstance(tokens, OptionalLStrip):
+                        # Rule supports lstrip. Match will look like
+                        # text, block type, whitespace control, type, control, ...
+                        text = groups[0]
+                        # Skipping the text and first type, every other group is the
+                        # whitespace control for each type. One of the groups will be
+                        # -, +, or empty string instead of None.
+                        strip_sign = next(g for g in groups[2::2] if g is not None)
+
+                        if strip_sign == "-":
+                            # Strip all whitespace between the text and the tag.
+                            stripped = text.rstrip()
+                            newlines_stripped = text[len(stripped) :].count("\n")
+                            groups = [stripped, *groups[1:]]
+                        elif (
+                            # Not marked for preserving whitespace.
+                            strip_sign != "+"
+                            # lstrip is enabled.
+                            and self.lstrip_blocks
+                            # Not a variable expression.
+                            and not m.groupdict().get(TOKEN_VARIABLE_BEGIN)
+                        ):
+                            # The start of text between the last newline and the tag.
+                            l_pos = text.rfind("\n") + 1
+
+                            if l_pos > 0 or line_starting:
+                                # If there's only whitespace between the newline and the
+                                # tag, strip it.
+                                if whitespace_re.fullmatch(text, l_pos):
+                                    groups = [text[:l_pos], *groups[1:]]
+
+                    for idx, token in enumerate(tokens):
+                        # failure group
+                        if token.__class__ is Failure:
+                            raise token(lineno, filename)
+                        # bygroup is a bit more complex, in that case we
+                        # yield for the current token the first named
+                        # group that matched
+                        elif token == "#bygroup":
+                            for key, value in m.groupdict().items():
+                                if value is not None:
+                                    yield lineno, key, value
+                                    lineno += value.count("\n")
+                                    break
+                            else:
+                                raise RuntimeError(
+                                    f"{regex!r} wanted to resolve the token dynamically"
+                                    " but no group matched"
+                                )
+                        # normal group
+                        else:
+                            data = groups[idx]
+
+                            if data or token not in ignore_if_empty:
+                                yield lineno, token, data
+
+                            lineno += data.count("\n") + newlines_stripped
+                            newlines_stripped = 0
+
+                # strings as token just are yielded as it.
+                else:
+                    data = m.group()
+
+                    # update brace/parentheses balance
+                    if tokens == TOKEN_OPERATOR:
+                        if data == "{":
+                            balancing_stack.append("}")
+                        elif data == "(":
+                            balancing_stack.append(")")
+                        elif data == "[":
+                            balancing_stack.append("]")
+                        elif data in ("}", ")", "]"):
+                            if not balancing_stack:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}'", lineno, name, filename
+                                )
+
+                            expected_op = balancing_stack.pop()
+
+                            if expected_op != data:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}', expected '{expected_op}'",
+                                    lineno,
+                                    name,
+                                    filename,
+                                )
+
+                    # yield items
+                    if data or tokens not in ignore_if_empty:
+                        yield lineno, tokens, data
+
+                    lineno += data.count("\n")
+
+                line_starting = m.group()[-1:] == "\n"
+                # fetch new position into new variable so that we can check
+                # if there is a internal parsing error which would result
+                # in an infinite loop
+                pos2 = m.end()
+
+                # handle state changes
+                if new_state is not None:
+                    # remove the uppermost state
+                    if new_state == "#pop":
+                        stack.pop()
+                    # resolve the new state by group checking
+                    elif new_state == "#bygroup":
+                        for key, value in m.groupdict().items():
+                            if value is not None:
+                                stack.append(key)
+                                break
+                        else:
+                            raise RuntimeError(
+                                f"{regex!r} wanted to resolve the new state dynamically"
+                                f" but no group matched"
+                            )
+                    # direct state name given
+                    else:
+                        stack.append(new_state)
+
+                    statetokens = self.rules[stack[-1]]
+                # we are still at the same position and no stack change.
+                # this means a loop without break condition, avoid that and
+                # raise error
+                elif pos2 == pos:
+                    raise RuntimeError(
+                        f"{regex!r} yielded empty string without stack change"
+                    )
+
+                # publish new function and start again
+                pos = pos2
+                break
+            # if loop terminated without break we haven't found a single match
+            # either we are at the end of the file or we have a problem
+            else:
+                # end of text
+                if pos >= source_length:
+                    return
+
+                # something went wrong
+                raise TemplateSyntaxError(
+                    f"unexpected char {source[pos]!r} at {pos}", lineno, name, filename
+                )
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/loaders.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/loaders.py
new file mode 100644
index 000000000..9eaf647ba
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/loaders.py
@@ -0,0 +1,667 @@
+"""API and implementations for loading templates from different data
+sources.
+"""
+
+import importlib.util
+import os
+import posixpath
+import sys
+import typing as t
+import weakref
+import zipimport
+from collections import abc
+from hashlib import sha1
+from importlib import import_module
+from types import ModuleType
+
+from .exceptions import TemplateNotFound
+from .utils import internalcode
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+    from .environment import Template
+
+
+def split_template_path(template: str) -> t.List[str]:
+    """Split a path into segments and perform a sanity check.  If it detects
+    '..' in the path it will raise a `TemplateNotFound` error.
+    """
+    pieces = []
+    for piece in template.split("/"):
+        if (
+            os.path.sep in piece
+            or (os.path.altsep and os.path.altsep in piece)
+            or piece == os.path.pardir
+        ):
+            raise TemplateNotFound(template)
+        elif piece and piece != ".":
+            pieces.append(piece)
+    return pieces
+
+
+class BaseLoader:
+    """Baseclass for all loaders.  Subclass this and override `get_source` to
+    implement a custom loading mechanism.  The environment provides a
+    `get_template` method that calls the loader's `load` method to get the
+    :class:`Template` object.
+
+    A very basic example for a loader that looks up templates on the file
+    system could look like this::
+
+        from jinja2 import BaseLoader, TemplateNotFound
+        from os.path import join, exists, getmtime
+
+        class MyLoader(BaseLoader):
+
+            def __init__(self, path):
+                self.path = path
+
+            def get_source(self, environment, template):
+                path = join(self.path, template)
+                if not exists(path):
+                    raise TemplateNotFound(template)
+                mtime = getmtime(path)
+                with open(path) as f:
+                    source = f.read()
+                return source, path, lambda: mtime == getmtime(path)
+    """
+
+    #: if set to `False` it indicates that the loader cannot provide access
+    #: to the source of templates.
+    #:
+    #: .. versionadded:: 2.4
+    has_source_access = True
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        """Get the template source, filename and reload helper for a template.
+        It's passed the environment and template name and has to return a
+        tuple in the form ``(source, filename, uptodate)`` or raise a
+        `TemplateNotFound` error if it can't locate the template.
+
+        The source part of the returned tuple must be the source of the
+        template as a string. The filename should be the name of the
+        file on the filesystem if it was loaded from there, otherwise
+        ``None``. The filename is used by Python for the tracebacks
+        if no loader extension is used.
+
+        The last item in the tuple is the `uptodate` function.  If auto
+        reloading is enabled it's always called to check if the template
+        changed.  No arguments are passed so the function must store the
+        old state somewhere (for example in a closure).  If it returns `False`
+        the template will be reloaded.
+        """
+        if not self.has_source_access:
+            raise RuntimeError(
+                f"{type(self).__name__} cannot provide access to the source"
+            )
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        """Iterates over all templates.  If the loader does not support that
+        it should raise a :exc:`TypeError` which is the default behavior.
+        """
+        raise TypeError("this loader cannot iterate over all templates")
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Loads a template.  This method looks up the template in the cache
+        or loads one by calling :meth:`get_source`.  Subclasses should not
+        override this method as loaders working on collections of other
+        loaders (such as :class:`PrefixLoader` or :class:`ChoiceLoader`)
+        will not call this method but `get_source` directly.
+        """
+        code = None
+        if globals is None:
+            globals = {}
+
+        # first we try to get the source for this template together
+        # with the filename and the uptodate function.
+        source, filename, uptodate = self.get_source(environment, name)
+
+        # try to load the code from the bytecode cache if there is a
+        # bytecode cache configured.
+        bcc = environment.bytecode_cache
+        if bcc is not None:
+            bucket = bcc.get_bucket(environment, name, filename, source)
+            code = bucket.code
+
+        # if we don't have code so far (not cached, no longer up to
+        # date) etc. we compile the template
+        if code is None:
+            code = environment.compile(source, name, filename)
+
+        # if the bytecode cache is available and the bucket doesn't
+        # have a code so far, we give the bucket the new code and put
+        # it back to the bytecode cache.
+        if bcc is not None and bucket.code is None:
+            bucket.code = code
+            bcc.set_bucket(bucket)
+
+        return environment.template_class.from_code(
+            environment, code, globals, uptodate
+        )
+
+
+class FileSystemLoader(BaseLoader):
+    """Load templates from a directory in the file system.
+
+    The path can be relative or absolute. Relative paths are relative to
+    the current working directory.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader("templates")
+
+    A list of paths can be given. The directories will be searched in
+    order, stopping at the first matching template.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader(["/override/templates", "/default/templates"])
+
+    :param searchpath: A path, or list of paths, to the directory that
+        contains the templates.
+    :param encoding: Use this encoding to read the text from template
+        files.
+    :param followlinks: Follow symbolic links in the path.
+
+    .. versionchanged:: 2.8
+        Added the ``followlinks`` parameter.
+    """
+
+    def __init__(
+        self,
+        searchpath: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+        encoding: str = "utf-8",
+        followlinks: bool = False,
+    ) -> None:
+        if not isinstance(searchpath, abc.Iterable) or isinstance(searchpath, str):
+            searchpath = [searchpath]
+
+        self.searchpath = [os.fspath(p) for p in searchpath]
+        self.encoding = encoding
+        self.followlinks = followlinks
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Callable[[], bool]]:
+        pieces = split_template_path(template)
+
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+
+            if os.path.isfile(filename):
+                break
+        else:
+            raise TemplateNotFound(template)
+
+        with open(filename, encoding=self.encoding) as f:
+            contents = f.read()
+
+        mtime = os.path.getmtime(filename)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(filename) == mtime
+            except OSError:
+                return False
+
+        # Use normpath to convert Windows altsep to sep.
+        return contents, os.path.normpath(filename), uptodate
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for searchpath in self.searchpath:
+            walk_dir = os.walk(searchpath, followlinks=self.followlinks)
+            for dirpath, _, filenames in walk_dir:
+                for filename in filenames:
+                    template = (
+                        os.path.join(dirpath, filename)[len(searchpath) :]
+                        .strip(os.path.sep)
+                        .replace(os.path.sep, "/")
+                    )
+                    if template[:2] == "./":
+                        template = template[2:]
+                    if template not in found:
+                        found.add(template)
+        return sorted(found)
+
+
+class PackageLoader(BaseLoader):
+    """Load templates from a directory in a Python package.
+
+    :param package_name: Import name of the package that contains the
+        template directory.
+    :param package_path: Directory within the imported package that
+        contains the templates.
+    :param encoding: Encoding of template files.
+
+    The following example looks up templates in the ``pages`` directory
+    within the ``project.ui`` package.
+
+    .. code-block:: python
+
+        loader = PackageLoader("project.ui", "pages")
+
+    Only packages installed as directories (standard pip behavior) or
+    zip/egg files (less common) are supported. The Python API for
+    introspecting data in packages is too limited to support other
+    installation methods the way this loader requires.
+
+    There is limited support for :pep:`420` namespace packages. The
+    template directory is assumed to only be in one namespace
+    contributor. Zip files contributing to a namespace are not
+    supported.
+
+    .. versionchanged:: 3.0
+        No longer uses ``setuptools`` as a dependency.
+
+    .. versionchanged:: 3.0
+        Limited PEP 420 namespace package support.
+    """
+
+    def __init__(
+        self,
+        package_name: str,
+        package_path: "str" = "templates",
+        encoding: str = "utf-8",
+    ) -> None:
+        package_path = os.path.normpath(package_path).rstrip(os.path.sep)
+
+        # normpath preserves ".", which isn't valid in zip paths.
+        if package_path == os.path.curdir:
+            package_path = ""
+        elif package_path[:2] == os.path.curdir + os.path.sep:
+            package_path = package_path[2:]
+
+        self.package_path = package_path
+        self.package_name = package_name
+        self.encoding = encoding
+
+        # Make sure the package exists. This also makes namespace
+        # packages work, otherwise get_loader returns None.
+        import_module(package_name)
+        spec = importlib.util.find_spec(package_name)
+        assert spec is not None, "An import spec was not found for the package."
+        loader = spec.loader
+        assert loader is not None, "A loader was not found for the package."
+        self._loader = loader
+        self._archive = None
+        template_root = None
+
+        if isinstance(loader, zipimport.zipimporter):
+            self._archive = loader.archive
+            pkgdir = next(iter(spec.submodule_search_locations))  # type: ignore
+            template_root = os.path.join(pkgdir, package_path).rstrip(os.path.sep)
+        else:
+            roots: t.List[str] = []
+
+            # One element for regular packages, multiple for namespace
+            # packages, or None for single module file.
+            if spec.submodule_search_locations:
+                roots.extend(spec.submodule_search_locations)
+            # A single module file, use the parent directory instead.
+            elif spec.origin is not None:
+                roots.append(os.path.dirname(spec.origin))
+
+            for root in roots:
+                root = os.path.join(root, package_path)
+
+                if os.path.isdir(root):
+                    template_root = root
+                    break
+
+        if template_root is None:
+            raise ValueError(
+                f"The {package_name!r} package was not installed in a"
+                " way that PackageLoader understands."
+            )
+
+        self._template_root = template_root
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Optional[t.Callable[[], bool]]]:
+        # Use posixpath even on Windows to avoid "drive:" or UNC
+        # segments breaking out of the search directory. Use normpath to
+        # convert Windows altsep to sep.
+        p = os.path.normpath(
+            posixpath.join(self._template_root, *split_template_path(template))
+        )
+        up_to_date: t.Optional[t.Callable[[], bool]]
+
+        if self._archive is None:
+            # Package is a directory.
+            if not os.path.isfile(p):
+                raise TemplateNotFound(template)
+
+            with open(p, "rb") as f:
+                source = f.read()
+
+            mtime = os.path.getmtime(p)
+
+            def up_to_date() -> bool:
+                return os.path.isfile(p) and os.path.getmtime(p) == mtime
+
+        else:
+            # Package is a zip file.
+            try:
+                source = self._loader.get_data(p)  # type: ignore
+            except OSError as e:
+                raise TemplateNotFound(template) from e
+
+            # Could use the zip's mtime for all template mtimes, but
+            # would need to safely reload the module if it's out of
+            # date, so just report it as always current.
+            up_to_date = None
+
+        return source.decode(self.encoding), p, up_to_date
+
+    def list_templates(self) -> t.List[str]:
+        results: t.List[str] = []
+
+        if self._archive is None:
+            # Package is a directory.
+            offset = len(self._template_root)
+
+            for dirpath, _, filenames in os.walk(self._template_root):
+                dirpath = dirpath[offset:].lstrip(os.path.sep)
+                results.extend(
+                    os.path.join(dirpath, name).replace(os.path.sep, "/")
+                    for name in filenames
+                )
+        else:
+            if not hasattr(self._loader, "_files"):
+                raise TypeError(
+                    "This zip import does not have the required"
+                    " metadata to list templates."
+                )
+
+            # Package is a zip file.
+            prefix = (
+                self._template_root[len(self._archive) :].lstrip(os.path.sep)
+                + os.path.sep
+            )
+            offset = len(prefix)
+
+            for name in self._loader._files.keys():
+                # Find names under the templates directory that aren't directories.
+                if name.startswith(prefix) and name[-1] != os.path.sep:
+                    results.append(name[offset:].replace(os.path.sep, "/"))
+
+        results.sort()
+        return results
+
+
+class DictLoader(BaseLoader):
+    """Loads a template from a Python dict mapping template names to
+    template source.  This loader is useful for unittesting:
+
+    >>> loader = DictLoader({'index.html': 'source here'})
+
+    Because auto reloading is rarely useful this is disabled per default.
+    """
+
+    def __init__(self, mapping: t.Mapping[str, str]) -> None:
+        self.mapping = mapping
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, None, t.Callable[[], bool]]:
+        if template in self.mapping:
+            source = self.mapping[template]
+            return source, None, lambda: source == self.mapping.get(template)
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        return sorted(self.mapping)
+
+
+class FunctionLoader(BaseLoader):
+    """A loader that is passed a function which does the loading.  The
+    function receives the name of the template and has to return either
+    a string with the template source, a tuple in the form ``(source,
+    filename, uptodatefunc)`` or `None` if the template does not exist.
+
+    >>> def load_template(name):
+    ...     if name == 'index.html':
+    ...         return '...'
+    ...
+    >>> loader = FunctionLoader(load_template)
+
+    The `uptodatefunc` is a function that is called if autoreload is enabled
+    and has to return `True` if the template is still up to date.  For more
+    details have a look at :meth:`BaseLoader.get_source` which has the same
+    return value.
+    """
+
+    def __init__(
+        self,
+        load_func: t.Callable[
+            [str],
+            t.Optional[
+                t.Union[
+                    str, t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]
+                ]
+            ],
+        ],
+    ) -> None:
+        self.load_func = load_func
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        rv = self.load_func(template)
+
+        if rv is None:
+            raise TemplateNotFound(template)
+
+        if isinstance(rv, str):
+            return rv, None, None
+
+        return rv
+
+
+class PrefixLoader(BaseLoader):
+    """A loader that is passed a dict of loaders where each loader is bound
+    to a prefix.  The prefix is delimited from the template by a slash per
+    default, which can be changed by setting the `delimiter` argument to
+    something else::
+
+        loader = PrefixLoader({
+            'app1':     PackageLoader('mypackage.app1'),
+            'app2':     PackageLoader('mypackage.app2')
+        })
+
+    By loading ``'app1/index.html'`` the file from the app1 package is loaded,
+    by loading ``'app2/index.html'`` the file from the second.
+    """
+
+    def __init__(
+        self, mapping: t.Mapping[str, BaseLoader], delimiter: str = "/"
+    ) -> None:
+        self.mapping = mapping
+        self.delimiter = delimiter
+
+    def get_loader(self, template: str) -> t.Tuple[BaseLoader, str]:
+        try:
+            prefix, name = template.split(self.delimiter, 1)
+            loader = self.mapping[prefix]
+        except (ValueError, KeyError) as e:
+            raise TemplateNotFound(template) from e
+        return loader, name
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        loader, name = self.get_loader(template)
+        try:
+            return loader.get_source(environment, name)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(template) from e
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        loader, local_name = self.get_loader(name)
+        try:
+            return loader.load(environment, local_name, globals)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(name) from e
+
+    def list_templates(self) -> t.List[str]:
+        result = []
+        for prefix, loader in self.mapping.items():
+            for template in loader.list_templates():
+                result.append(prefix + self.delimiter + template)
+        return result
+
+
+class ChoiceLoader(BaseLoader):
+    """This loader works like the `PrefixLoader` just that no prefix is
+    specified.  If a template could not be found by one loader the next one
+    is tried.
+
+    >>> loader = ChoiceLoader([
+    ...     FileSystemLoader('/path/to/user/templates'),
+    ...     FileSystemLoader('/path/to/system/templates')
+    ... ])
+
+    This is useful if you want to allow users to override builtin templates
+    from a different location.
+    """
+
+    def __init__(self, loaders: t.Sequence[BaseLoader]) -> None:
+        self.loaders = loaders
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        for loader in self.loaders:
+            try:
+                return loader.get_source(environment, template)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(template)
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        for loader in self.loaders:
+            try:
+                return loader.load(environment, name, globals)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(name)
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for loader in self.loaders:
+            found.update(loader.list_templates())
+        return sorted(found)
+
+
+class _TemplateModule(ModuleType):
+    """Like a normal module but with support for weak references"""
+
+
+class ModuleLoader(BaseLoader):
+    """This loader loads templates from precompiled templates.
+
+    Example usage:
+
+    >>> loader = ChoiceLoader([
+    ...     ModuleLoader('/path/to/compiled/templates'),
+    ...     FileSystemLoader('/path/to/templates')
+    ... ])
+
+    Templates can be precompiled with :meth:`Environment.compile_templates`.
+    """
+
+    has_source_access = False
+
+    def __init__(
+        self,
+        path: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+    ) -> None:
+        package_name = f"_jinja2_module_templates_{id(self):x}"
+
+        # create a fake module that looks for the templates in the
+        # path given.
+        mod = _TemplateModule(package_name)
+
+        if not isinstance(path, abc.Iterable) or isinstance(path, str):
+            path = [path]
+
+        mod.__path__ = [os.fspath(p) for p in path]
+
+        sys.modules[package_name] = weakref.proxy(
+            mod, lambda x: sys.modules.pop(package_name, None)
+        )
+
+        # the only strong reference, the sys.modules entry is weak
+        # so that the garbage collector can remove it once the
+        # loader that created it goes out of business.
+        self.module = mod
+        self.package_name = package_name
+
+    @staticmethod
+    def get_template_key(name: str) -> str:
+        return "tmpl_" + sha1(name.encode("utf-8")).hexdigest()
+
+    @staticmethod
+    def get_module_filename(name: str) -> str:
+        return ModuleLoader.get_template_key(name) + ".py"
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        key = self.get_template_key(name)
+        module = f"{self.package_name}.{key}"
+        mod = getattr(self.module, module, None)
+
+        if mod is None:
+            try:
+                mod = __import__(module, None, None, ["root"])
+            except ImportError as e:
+                raise TemplateNotFound(name) from e
+
+            # remove the entry from sys.modules, we only want the attribute
+            # on the module object we have stored on the loader.
+            sys.modules.pop(module, None)
+
+        if globals is None:
+            globals = {}
+
+        return environment.template_class.from_module_dict(
+            environment, mod.__dict__, globals
+        )
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/meta.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/meta.py
new file mode 100644
index 000000000..298499e26
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/meta.py
@@ -0,0 +1,112 @@
+"""Functions that expose information about templates that might be
+interesting for introspection.
+"""
+
+import typing as t
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+class TrackingCodeGenerator(CodeGenerator):
+    """We abuse the code generator for introspection."""
+
+    def __init__(self, environment: "Environment") -> None:
+        super().__init__(environment, "<introspection>", "<introspection>")
+        self.undeclared_identifiers: t.Set[str] = set()
+
+    def write(self, x: str) -> None:
+        """Don't write."""
+
+    def enter_frame(self, frame: Frame) -> None:
+        """Remember all undeclared identifiers."""
+        super().enter_frame(frame)
+
+        for _, (action, param) in frame.symbols.loads.items():
+            if action == "resolve" and param not in self.environment.globals:
+                self.undeclared_identifiers.add(param)
+
+
+def find_undeclared_variables(ast: nodes.Template) -> t.Set[str]:
+    """Returns a set of all variables in the AST that will be looked up from
+    the context at runtime.  Because at compile time it's not known which
+    variables will be used depending on the path the execution takes at
+    runtime, all variables are returned.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% set foo = 42 %}{{ bar + foo }}')
+    >>> meta.find_undeclared_variables(ast) == {'bar'}
+    True
+
+    .. admonition:: Implementation
+
+       Internally the code generator is used for finding undeclared variables.
+       This is good to know because the code generator might raise a
+       :exc:`TemplateAssertionError` during compilation and as a matter of
+       fact this function can currently raise that exception as well.
+    """
+    codegen = TrackingCodeGenerator(ast.environment)  # type: ignore
+    codegen.visit(ast)
+    return codegen.undeclared_identifiers
+
+
+_ref_types = (nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include)
+_RefType = t.Union[nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include]
+
+
+def find_referenced_templates(ast: nodes.Template) -> t.Iterator[t.Optional[str]]:
+    """Finds all the referenced templates from the AST.  This will return an
+    iterator over all the hardcoded template extensions, inclusions and
+    imports.  If dynamic inheritance or inclusion is used, `None` will be
+    yielded.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% extends "layout.html" %}{% include helper %}')
+    >>> list(meta.find_referenced_templates(ast))
+    ['layout.html', None]
+
+    This function is useful for dependency tracking.  For example if you want
+    to rebuild parts of the website after a layout template has changed.
+    """
+    template_name: t.Any
+
+    for node in ast.find_all(_ref_types):
+        template: nodes.Expr = node.template  # type: ignore
+
+        if not isinstance(template, nodes.Const):
+            # a tuple with some non consts in there
+            if isinstance(template, (nodes.Tuple, nodes.List)):
+                for template_name in template.items:
+                    # something const, only yield the strings and ignore
+                    # non-string consts that really just make no sense
+                    if isinstance(template_name, nodes.Const):
+                        if isinstance(template_name.value, str):
+                            yield template_name.value
+                    # something dynamic in there
+                    else:
+                        yield None
+            # something dynamic we don't know about here
+            else:
+                yield None
+            continue
+        # constant is a basestring, direct template name
+        if isinstance(template.value, str):
+            yield template.value
+        # a tuple or list (latter *should* not happen) made of consts,
+        # yield the consts that are strings.  We could warn here for
+        # non string values
+        elif isinstance(node, nodes.Include) and isinstance(
+            template.value, (tuple, list)
+        ):
+            for template_name in template.value:
+                if isinstance(template_name, str):
+                    yield template_name
+        # something else we don't care about, we could warn here
+        else:
+            yield None
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nativetypes.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nativetypes.py
new file mode 100644
index 000000000..71db8cc31
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nativetypes.py
@@ -0,0 +1,130 @@
+import typing as t
+from ast import literal_eval
+from ast import parse
+from itertools import chain
+from itertools import islice
+from types import GeneratorType
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+from .compiler import has_safe_repr
+from .environment import Environment
+from .environment import Template
+
+
+def native_concat(values: t.Iterable[t.Any]) -> t.Optional[t.Any]:
+    """Return a native Python type from the list of compiled nodes. If
+    the result is a single node, its value is returned. Otherwise, the
+    nodes are concatenated as strings. If the result can be parsed with
+    :func:`ast.literal_eval`, the parsed value is returned. Otherwise,
+    the string is returned.
+
+    :param values: Iterable of outputs to concatenate.
+    """
+    head = list(islice(values, 2))
+
+    if not head:
+        return None
+
+    if len(head) == 1:
+        raw = head[0]
+        if not isinstance(raw, str):
+            return raw
+    else:
+        if isinstance(values, GeneratorType):
+            values = chain(head, values)
+        raw = "".join([str(v) for v in values])
+
+    try:
+        return literal_eval(
+            # In Python 3.10+ ast.literal_eval removes leading spaces/tabs
+            # from the given string. For backwards compatibility we need to
+            # parse the string ourselves without removing leading spaces/tabs.
+            parse(raw, mode="eval")
+        )
+    except (ValueError, SyntaxError, MemoryError):
+        return raw
+
+
+class NativeCodeGenerator(CodeGenerator):
+    """A code generator which renders Python types by not adding
+    ``str()`` around output nodes.
+    """
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        return value
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        return repr("".join([str(v) for v in group]))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> t.Any:
+        const = node.as_const(frame.eval_ctx)
+
+        if not has_safe_repr(const):
+            raise nodes.Impossible()
+
+        if isinstance(node, nodes.TemplateData):
+            return const
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(")")
+
+
+class NativeEnvironment(Environment):
+    """An environment that renders templates to native Python types."""
+
+    code_generator_class = NativeCodeGenerator
+    concat = staticmethod(native_concat)  # type: ignore
+
+
+class NativeTemplate(Template):
+    environment_class = NativeEnvironment
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Render the template to produce a native Python type. If the
+        result is a single node, its value is returned. Otherwise, the
+        nodes are concatenated as strings. If the result can be parsed
+        with :func:`ast.literal_eval`, the parsed value is returned.
+        Otherwise, the string is returned.
+        """
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                self.root_render_func(ctx)
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+
+NativeEnvironment.template_class = NativeTemplate
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nodes.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nodes.py
new file mode 100644
index 000000000..2f93b90ec
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/nodes.py
@@ -0,0 +1,1206 @@
+"""AST nodes generated by the parser for the compiler. Also provides
+some node tree helper functions used by the parser and compiler in order
+to normalize nodes.
+"""
+
+import inspect
+import operator
+import typing as t
+from collections import deque
+
+from markupsafe import Markup
+
+from .utils import _PassArg
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_NodeBound = t.TypeVar("_NodeBound", bound="Node")
+
+_binop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "*": operator.mul,
+    "/": operator.truediv,
+    "//": operator.floordiv,
+    "**": operator.pow,
+    "%": operator.mod,
+    "+": operator.add,
+    "-": operator.sub,
+}
+
+_uaop_to_func: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+    "not": operator.not_,
+    "+": operator.pos,
+    "-": operator.neg,
+}
+
+_cmpop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "eq": operator.eq,
+    "ne": operator.ne,
+    "gt": operator.gt,
+    "gteq": operator.ge,
+    "lt": operator.lt,
+    "lteq": operator.le,
+    "in": lambda a, b: a in b,
+    "notin": lambda a, b: a not in b,
+}
+
+
+class Impossible(Exception):
+    """Raised if the node could not perform a requested action."""
+
+
+class NodeType(type):
+    """A metaclass for nodes that handles the field and attribute
+    inheritance.  fields and attributes from the parent class are
+    automatically forwarded to the child."""
+
+    def __new__(mcs, name, bases, d):  # type: ignore
+        for attr in "fields", "attributes":
+            storage: t.List[t.Tuple[str, ...]] = []
+            storage.extend(getattr(bases[0] if bases else object, attr, ()))
+            storage.extend(d.get(attr, ()))
+            assert len(bases) <= 1, "multiple inheritance not allowed"
+            assert len(storage) == len(set(storage)), "layout conflict"
+            d[attr] = tuple(storage)
+        d.setdefault("abstract", False)
+        return type.__new__(mcs, name, bases, d)
+
+
+class EvalContext:
+    """Holds evaluation time information.  Custom attributes can be attached
+    to it in extensions.
+    """
+
+    def __init__(
+        self, environment: "Environment", template_name: t.Optional[str] = None
+    ) -> None:
+        self.environment = environment
+        if callable(environment.autoescape):
+            self.autoescape = environment.autoescape(template_name)
+        else:
+            self.autoescape = environment.autoescape
+        self.volatile = False
+
+    def save(self) -> t.Mapping[str, t.Any]:
+        return self.__dict__.copy()
+
+    def revert(self, old: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.clear()
+        self.__dict__.update(old)
+
+
+def get_eval_context(node: "Node", ctx: t.Optional[EvalContext]) -> EvalContext:
+    if ctx is None:
+        if node.environment is None:
+            raise RuntimeError(
+                "if no eval context is passed, the node must have an"
+                " attached environment."
+            )
+        return EvalContext(node.environment)
+    return ctx
+
+
+class Node(metaclass=NodeType):
+    """Baseclass for all Jinja nodes.  There are a number of nodes available
+    of different types.  There are four major types:
+
+    -   :class:`Stmt`: statements
+    -   :class:`Expr`: expressions
+    -   :class:`Helper`: helper nodes
+    -   :class:`Template`: the outermost wrapper node
+
+    All nodes have fields and attributes.  Fields may be other nodes, lists,
+    or arbitrary values.  Fields are passed to the constructor as regular
+    positional arguments, attributes as keyword arguments.  Each node has
+    two attributes: `lineno` (the line number of the node) and `environment`.
+    The `environment` attribute is set at the end of the parsing process for
+    all nodes automatically.
+    """
+
+    fields: t.Tuple[str, ...] = ()
+    attributes: t.Tuple[str, ...] = ("lineno", "environment")
+    abstract = True
+
+    lineno: int
+    environment: t.Optional["Environment"]
+
+    def __init__(self, *fields: t.Any, **attributes: t.Any) -> None:
+        if self.abstract:
+            raise TypeError("abstract nodes are not instantiable")
+        if fields:
+            if len(fields) != len(self.fields):
+                if not self.fields:
+                    raise TypeError(f"{type(self).__name__!r} takes 0 arguments")
+                raise TypeError(
+                    f"{type(self).__name__!r} takes 0 or {len(self.fields)}"
+                    f" argument{'s' if len(self.fields) != 1 else ''}"
+                )
+            for name, arg in zip(self.fields, fields):
+                setattr(self, name, arg)
+        for attr in self.attributes:
+            setattr(self, attr, attributes.pop(attr, None))
+        if attributes:
+            raise TypeError(f"unknown attribute {next(iter(attributes))!r}")
+
+    def iter_fields(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator[t.Tuple[str, t.Any]]:
+        """This method iterates over all fields that are defined and yields
+        ``(key, value)`` tuples.  Per default all fields are returned, but
+        it's possible to limit that to some fields by providing the `only`
+        parameter or to exclude some using the `exclude` parameter.  Both
+        should be sets or tuples of field names.
+        """
+        for name in self.fields:
+            if (
+                (exclude is None and only is None)
+                or (exclude is not None and name not in exclude)
+                or (only is not None and name in only)
+            ):
+                try:
+                    yield name, getattr(self, name)
+                except AttributeError:
+                    pass
+
+    def iter_child_nodes(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator["Node"]:
+        """Iterates over all direct child nodes of the node.  This iterates
+        over all fields and yields the values of they are nodes.  If the value
+        of a field is a list all the nodes in that list are returned.
+        """
+        for _, item in self.iter_fields(exclude, only):
+            if isinstance(item, list):
+                for n in item:
+                    if isinstance(n, Node):
+                        yield n
+            elif isinstance(item, Node):
+                yield item
+
+    def find(self, node_type: t.Type[_NodeBound]) -> t.Optional[_NodeBound]:
+        """Find the first node of a given type.  If no such node exists the
+        return value is `None`.
+        """
+        for result in self.find_all(node_type):
+            return result
+
+        return None
+
+    def find_all(
+        self, node_type: t.Union[t.Type[_NodeBound], t.Tuple[t.Type[_NodeBound], ...]]
+    ) -> t.Iterator[_NodeBound]:
+        """Find all the nodes of a given type.  If the type is a tuple,
+        the check is performed for any of the tuple items.
+        """
+        for child in self.iter_child_nodes():
+            if isinstance(child, node_type):
+                yield child  # type: ignore
+            yield from child.find_all(node_type)
+
+    def set_ctx(self, ctx: str) -> "Node":
+        """Reset the context of a node and all child nodes.  Per default the
+        parser will all generate nodes that have a 'load' context as it's the
+        most common one.  This method is used in the parser to set assignment
+        targets and other nodes to a store context.
+        """
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "ctx" in node.fields:
+                node.ctx = ctx  # type: ignore
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_lineno(self, lineno: int, override: bool = False) -> "Node":
+        """Set the line numbers of the node and children."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "lineno" in node.attributes:
+                if node.lineno is None or override:
+                    node.lineno = lineno
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_environment(self, environment: "Environment") -> "Node":
+        """Set the environment for all nodes."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            node.environment = environment
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def __eq__(self, other: t.Any) -> bool:
+        if type(self) is not type(other):
+            return NotImplemented
+
+        return tuple(self.iter_fields()) == tuple(other.iter_fields())
+
+    __hash__ = object.__hash__
+
+    def __repr__(self) -> str:
+        args_str = ", ".join(f"{a}={getattr(self, a, None)!r}" for a in self.fields)
+        return f"{type(self).__name__}({args_str})"
+
+    def dump(self) -> str:
+        def _dump(node: t.Union[Node, t.Any]) -> None:
+            if not isinstance(node, Node):
+                buf.append(repr(node))
+                return
+
+            buf.append(f"nodes.{type(node).__name__}(")
+            if not node.fields:
+                buf.append(")")
+                return
+            for idx, field in enumerate(node.fields):
+                if idx:
+                    buf.append(", ")
+                value = getattr(node, field)
+                if isinstance(value, list):
+                    buf.append("[")
+                    for idx, item in enumerate(value):
+                        if idx:
+                            buf.append(", ")
+                        _dump(item)
+                    buf.append("]")
+                else:
+                    _dump(value)
+            buf.append(")")
+
+        buf: t.List[str] = []
+        _dump(self)
+        return "".join(buf)
+
+
+class Stmt(Node):
+    """Base node for all statements."""
+
+    abstract = True
+
+
+class Helper(Node):
+    """Nodes that exist in a specific context only."""
+
+    abstract = True
+
+
+class Template(Node):
+    """Node that represents a template.  This must be the outermost node that
+    is passed to the compiler.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class Output(Stmt):
+    """A node that holds multiple expressions which are then printed out.
+    This is used both for the `print` statement and the regular template data.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List["Expr"]
+
+
+class Extends(Stmt):
+    """Represents an extends statement."""
+
+    fields = ("template",)
+    template: "Expr"
+
+
+class For(Stmt):
+    """The for loop.  `target` is the target for the iteration (usually a
+    :class:`Name` or :class:`Tuple`), `iter` the iterable.  `body` is a list
+    of nodes that are used as loop-body, and `else_` a list of nodes for the
+    `else` block.  If no else node exists it has to be an empty list.
+
+    For filtered nodes an expression can be stored as `test`, otherwise `None`.
+    """
+
+    fields = ("target", "iter", "body", "else_", "test", "recursive")
+    target: Node
+    iter: Node
+    body: t.List[Node]
+    else_: t.List[Node]
+    test: t.Optional[Node]
+    recursive: bool
+
+
+class If(Stmt):
+    """If `test` is true, `body` is rendered, else `else_`."""
+
+    fields = ("test", "body", "elif_", "else_")
+    test: Node
+    body: t.List[Node]
+    elif_: t.List["If"]
+    else_: t.List[Node]
+
+
+class Macro(Stmt):
+    """A macro definition.  `name` is the name of the macro, `args` a list of
+    arguments and `defaults` a list of defaults if there are any.  `body` is
+    a list of nodes for the macro body.
+    """
+
+    fields = ("name", "args", "defaults", "body")
+    name: str
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class CallBlock(Stmt):
+    """Like a macro without a name but a call instead.  `call` is called with
+    the unnamed macro as `caller` argument this node holds.
+    """
+
+    fields = ("call", "args", "defaults", "body")
+    call: "Call"
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class FilterBlock(Stmt):
+    """Node for filter sections."""
+
+    fields = ("body", "filter")
+    body: t.List[Node]
+    filter: "Filter"
+
+
+class With(Stmt):
+    """Specific node for with statements.  In older versions of Jinja the
+    with statement was implemented on the base of the `Scope` node instead.
+
+    .. versionadded:: 2.9.3
+    """
+
+    fields = ("targets", "values", "body")
+    targets: t.List["Expr"]
+    values: t.List["Expr"]
+    body: t.List[Node]
+
+
+class Block(Stmt):
+    """A node that represents a block.
+
+    .. versionchanged:: 3.0.0
+        the `required` field was added.
+    """
+
+    fields = ("name", "body", "scoped", "required")
+    name: str
+    body: t.List[Node]
+    scoped: bool
+    required: bool
+
+
+class Include(Stmt):
+    """A node that represents the include tag."""
+
+    fields = ("template", "with_context", "ignore_missing")
+    template: "Expr"
+    with_context: bool
+    ignore_missing: bool
+
+
+class Import(Stmt):
+    """A node that represents the import tag."""
+
+    fields = ("template", "target", "with_context")
+    template: "Expr"
+    target: str
+    with_context: bool
+
+
+class FromImport(Stmt):
+    """A node that represents the from import tag.  It's important to not
+    pass unsafe names to the name attribute.  The compiler translates the
+    attribute lookups directly into getattr calls and does *not* use the
+    subscript callback of the interface.  As exported variables may not
+    start with double underscores (which the parser asserts) this is not a
+    problem for regular Jinja code, but if this node is used in an extension
+    extra care must be taken.
+
+    The list of names may contain tuples if aliases are wanted.
+    """
+
+    fields = ("template", "names", "with_context")
+    template: "Expr"
+    names: t.List[t.Union[str, t.Tuple[str, str]]]
+    with_context: bool
+
+
+class ExprStmt(Stmt):
+    """A statement that evaluates an expression and discards the result."""
+
+    fields = ("node",)
+    node: Node
+
+
+class Assign(Stmt):
+    """Assigns an expression to a target."""
+
+    fields = ("target", "node")
+    target: "Expr"
+    node: Node
+
+
+class AssignBlock(Stmt):
+    """Assigns a block to a target."""
+
+    fields = ("target", "filter", "body")
+    target: "Expr"
+    filter: t.Optional["Filter"]
+    body: t.List[Node]
+
+
+class Expr(Node):
+    """Baseclass for all expressions."""
+
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        """Return the value of the expression as constant or raise
+        :exc:`Impossible` if this was not possible.
+
+        An :class:`EvalContext` can be provided, if none is given
+        a default context is created which requires the nodes to have
+        an attached environment.
+
+        .. versionchanged:: 2.4
+           the `eval_ctx` parameter was added.
+        """
+        raise Impossible()
+
+    def can_assign(self) -> bool:
+        """Check if it's possible to assign something to this node."""
+        return False
+
+
+class BinExpr(Expr):
+    """Baseclass for all binary expressions."""
+
+    fields = ("left", "right")
+    left: Expr
+    right: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_binops  # type: ignore
+        ):
+            raise Impossible()
+        f = _binop_to_func[self.operator]
+        try:
+            return f(self.left.as_const(eval_ctx), self.right.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class UnaryExpr(Expr):
+    """Baseclass for all unary expressions."""
+
+    fields = ("node",)
+    node: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_unops  # type: ignore
+        ):
+            raise Impossible()
+        f = _uaop_to_func[self.operator]
+        try:
+            return f(self.node.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Name(Expr):
+    """Looks up a name or stores a value in a name.
+    The `ctx` of the node can be one of the following values:
+
+    -   `store`: store a value in the name
+    -   `load`: load that name
+    -   `param`: like `store` but if the name was defined as function parameter.
+    """
+
+    fields = ("name", "ctx")
+    name: str
+    ctx: str
+
+    def can_assign(self) -> bool:
+        return self.name not in {"true", "false", "none", "True", "False", "None"}
+
+
+class NSRef(Expr):
+    """Reference to a namespace value assignment"""
+
+    fields = ("name", "attr")
+    name: str
+    attr: str
+
+    def can_assign(self) -> bool:
+        # We don't need any special checks here; NSRef assignments have a
+        # runtime check to ensure the target is a namespace object which will
+        # have been checked already as it is created using a normal assignment
+        # which goes through a `Name` node.
+        return True
+
+
+class Literal(Expr):
+    """Baseclass for literals."""
+
+    abstract = True
+
+
+class Const(Literal):
+    """All constant values.  The parser will return this node for simple
+    constants such as ``42`` or ``"foo"`` but it can be used to store more
+    complex values such as lists too.  Only constants with a safe
+    representation (objects where ``eval(repr(x)) == x`` is true).
+    """
+
+    fields = ("value",)
+    value: t.Any
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        return self.value
+
+    @classmethod
+    def from_untrusted(
+        cls,
+        value: t.Any,
+        lineno: t.Optional[int] = None,
+        environment: "t.Optional[Environment]" = None,
+    ) -> "Const":
+        """Return a const object if the value is representable as
+        constant value in the generated code, otherwise it will raise
+        an `Impossible` exception.
+        """
+        from .compiler import has_safe_repr
+
+        if not has_safe_repr(value):
+            raise Impossible()
+        return cls(value, lineno=lineno, environment=environment)
+
+
+class TemplateData(Literal):
+    """A constant template string."""
+
+    fields = ("data",)
+    data: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        if eval_ctx.autoescape:
+            return Markup(self.data)
+        return self.data
+
+
+class Tuple(Literal):
+    """For loop unpacking and some other things like multiple arguments
+    for subscripts.  Like for :class:`Name` `ctx` specifies if the tuple
+    is used for loading the names or storing.
+    """
+
+    fields = ("items", "ctx")
+    items: t.List[Expr]
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[t.Any, ...]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return tuple(x.as_const(eval_ctx) for x in self.items)
+
+    def can_assign(self) -> bool:
+        for item in self.items:
+            if not item.can_assign():
+                return False
+        return True
+
+
+class List(Literal):
+    """Any list literal such as ``[1, 2, 3]``"""
+
+    fields = ("items",)
+    items: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.List[t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return [x.as_const(eval_ctx) for x in self.items]
+
+
+class Dict(Literal):
+    """Any dict literal such as ``{1: 2, 3: 4}``.  The items must be a list of
+    :class:`Pair` nodes.
+    """
+
+    fields = ("items",)
+    items: t.List["Pair"]
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Dict[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return dict(x.as_const(eval_ctx) for x in self.items)
+
+
+class Pair(Helper):
+    """A key, value pair for dicts."""
+
+    fields = ("key", "value")
+    key: Expr
+    value: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Tuple[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key.as_const(eval_ctx), self.value.as_const(eval_ctx)
+
+
+class Keyword(Helper):
+    """A key, value pair for keyword arguments where key is a string."""
+
+    fields = ("key", "value")
+    key: str
+    value: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[str, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key, self.value.as_const(eval_ctx)
+
+
+class CondExpr(Expr):
+    """A conditional expression (inline if expression).  (``{{
+    foo if bar else baz }}``)
+    """
+
+    fields = ("test", "expr1", "expr2")
+    test: Expr
+    expr1: Expr
+    expr2: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if self.test.as_const(eval_ctx):
+            return self.expr1.as_const(eval_ctx)
+
+        # if we evaluate to an undefined object, we better do that at runtime
+        if self.expr2 is None:
+            raise Impossible()
+
+        return self.expr2.as_const(eval_ctx)
+
+
+def args_as_const(
+    node: t.Union["_FilterTestCommon", "Call"], eval_ctx: t.Optional[EvalContext]
+) -> t.Tuple[t.List[t.Any], t.Dict[t.Any, t.Any]]:
+    args = [x.as_const(eval_ctx) for x in node.args]
+    kwargs = dict(x.as_const(eval_ctx) for x in node.kwargs)
+
+    if node.dyn_args is not None:
+        try:
+            args.extend(node.dyn_args.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    if node.dyn_kwargs is not None:
+        try:
+            kwargs.update(node.dyn_kwargs.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    return args, kwargs
+
+
+class _FilterTestCommon(Expr):
+    fields = ("node", "name", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    name: str
+    args: t.List[Expr]
+    kwargs: t.List[Pair]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+    abstract = True
+    _is_filter = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        if eval_ctx.volatile:
+            raise Impossible()
+
+        if self._is_filter:
+            env_map = eval_ctx.environment.filters
+        else:
+            env_map = eval_ctx.environment.tests
+
+        func = env_map.get(self.name)
+        pass_arg = _PassArg.from_obj(func)  # type: ignore
+
+        if func is None or pass_arg is _PassArg.context:
+            raise Impossible()
+
+        if eval_ctx.environment.is_async and (
+            getattr(func, "jinja_async_variant", False) is True
+            or inspect.iscoroutinefunction(func)
+        ):
+            raise Impossible()
+
+        args, kwargs = args_as_const(self, eval_ctx)
+        args.insert(0, self.node.as_const(eval_ctx))
+
+        if pass_arg is _PassArg.eval_context:
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, eval_ctx.environment)
+
+        try:
+            return func(*args, **kwargs)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Filter(_FilterTestCommon):
+    """Apply a filter to an expression. ``name`` is the name of the
+    filter, the other fields are the same as :class:`Call`.
+
+    If ``node`` is ``None``, the filter is being used in a filter block
+    and is applied to the content of the block.
+    """
+
+    node: t.Optional[Expr]  # type: ignore
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.node is None:
+            raise Impossible()
+
+        return super().as_const(eval_ctx=eval_ctx)
+
+
+class Test(_FilterTestCommon):
+    """Apply a test to an expression. ``name`` is the name of the test,
+    the other field are the same as :class:`Call`.
+
+    .. versionchanged:: 3.0
+        ``as_const`` shares the same logic for filters and tests. Tests
+        check for volatile, async, and ``@pass_context`` etc.
+        decorators.
+    """
+
+    _is_filter = False
+
+
+class Call(Expr):
+    """Calls an expression.  `args` is a list of arguments, `kwargs` a list
+    of keyword arguments (list of :class:`Keyword` nodes), and `dyn_args`
+    and `dyn_kwargs` has to be either `None` or a node that is used as
+    node for dynamic positional (``*args``) or keyword (``**kwargs``)
+    arguments.
+    """
+
+    fields = ("node", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    args: t.List[Expr]
+    kwargs: t.List[Keyword]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+
+
+class Getitem(Expr):
+    """Get an attribute or item from an expression and prefer the item."""
+
+    fields = ("node", "arg", "ctx")
+    node: Expr
+    arg: Expr
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getitem(
+                self.node.as_const(eval_ctx), self.arg.as_const(eval_ctx)
+            )
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Getattr(Expr):
+    """Get an attribute or item from an expression that is a ascii-only
+    bytestring and prefer the attribute.
+    """
+
+    fields = ("node", "attr", "ctx")
+    node: Expr
+    attr: str
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getattr(self.node.as_const(eval_ctx), self.attr)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Slice(Expr):
+    """Represents a slice object.  This must only be used as argument for
+    :class:`Subscript`.
+    """
+
+    fields = ("start", "stop", "step")
+    start: t.Optional[Expr]
+    stop: t.Optional[Expr]
+    step: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> slice:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        def const(obj: t.Optional[Expr]) -> t.Optional[t.Any]:
+            if obj is None:
+                return None
+            return obj.as_const(eval_ctx)
+
+        return slice(const(self.start), const(self.stop), const(self.step))
+
+
+class Concat(Expr):
+    """Concatenates the list of expressions provided after converting
+    them to strings.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return "".join(str(x.as_const(eval_ctx)) for x in self.nodes)
+
+
+class Compare(Expr):
+    """Compares an expression with some other expressions.  `ops` must be a
+    list of :class:`Operand`\\s.
+    """
+
+    fields = ("expr", "ops")
+    expr: Expr
+    ops: t.List["Operand"]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        result = value = self.expr.as_const(eval_ctx)
+
+        try:
+            for op in self.ops:
+                new_value = op.expr.as_const(eval_ctx)
+                result = _cmpop_to_func[op.op](value, new_value)
+
+                if not result:
+                    return False
+
+                value = new_value
+        except Exception as e:
+            raise Impossible() from e
+
+        return result
+
+
+class Operand(Helper):
+    """Holds an operator and an expression."""
+
+    fields = ("op", "expr")
+    op: str
+    expr: Expr
+
+
+class Mul(BinExpr):
+    """Multiplies the left with the right node."""
+
+    operator = "*"
+
+
+class Div(BinExpr):
+    """Divides the left by the right node."""
+
+    operator = "/"
+
+
+class FloorDiv(BinExpr):
+    """Divides the left by the right node and converts the
+    result into an integer by truncating.
+    """
+
+    operator = "//"
+
+
+class Add(BinExpr):
+    """Add the left to the right node."""
+
+    operator = "+"
+
+
+class Sub(BinExpr):
+    """Subtract the right from the left node."""
+
+    operator = "-"
+
+
+class Mod(BinExpr):
+    """Left modulo right."""
+
+    operator = "%"
+
+
+class Pow(BinExpr):
+    """Left to the power of right."""
+
+    operator = "**"
+
+
+class And(BinExpr):
+    """Short circuited AND."""
+
+    operator = "and"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) and self.right.as_const(eval_ctx)
+
+
+class Or(BinExpr):
+    """Short circuited OR."""
+
+    operator = "or"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) or self.right.as_const(eval_ctx)
+
+
+class Not(UnaryExpr):
+    """Negate the expression."""
+
+    operator = "not"
+
+
+class Neg(UnaryExpr):
+    """Make the expression negative."""
+
+    operator = "-"
+
+
+class Pos(UnaryExpr):
+    """Make the expression positive (noop for most expressions)"""
+
+    operator = "+"
+
+
+# Helpers for extensions
+
+
+class EnvironmentAttribute(Expr):
+    """Loads an attribute from the environment object.  This is useful for
+    extensions that want to call a callback stored on the environment.
+    """
+
+    fields = ("name",)
+    name: str
+
+
+class ExtensionAttribute(Expr):
+    """Returns the attribute of an extension bound to the environment.
+    The identifier is the identifier of the :class:`Extension`.
+
+    This node is usually constructed by calling the
+    :meth:`~jinja2.ext.Extension.attr` method on an extension.
+    """
+
+    fields = ("identifier", "name")
+    identifier: str
+    name: str
+
+
+class ImportedName(Expr):
+    """If created with an import name the import name is returned on node
+    access.  For example ``ImportedName('cgi.escape')`` returns the `escape`
+    function from the cgi module on evaluation.  Imports are optimized by the
+    compiler so there is no need to assign them to local variables.
+    """
+
+    fields = ("importname",)
+    importname: str
+
+
+class InternalName(Expr):
+    """An internal name in the compiler.  You cannot create these nodes
+    yourself but the parser provides a
+    :meth:`~jinja2.parser.Parser.free_identifier` method that creates
+    a new identifier for you.  This identifier is not available from the
+    template and is not treated specially by the compiler.
+    """
+
+    fields = ("name",)
+    name: str
+
+    def __init__(self) -> None:
+        raise TypeError(
+            "Can't create internal names.  Use the "
+            "`free_identifier` method on a parser."
+        )
+
+
+class MarkSafe(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`)."""
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> Markup:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return Markup(self.expr.as_const(eval_ctx))
+
+
+class MarkSafeIfAutoescape(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`) but
+    only if autoescaping is active.
+
+    .. versionadded:: 2.5
+    """
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Union[Markup, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        expr = self.expr.as_const(eval_ctx)
+        if eval_ctx.autoescape:
+            return Markup(expr)
+        return expr
+
+
+class ContextReference(Expr):
+    """Returns the current template context.  It can be used like a
+    :class:`Name` node, with a ``'load'`` ctx and will return the
+    current :class:`~jinja2.runtime.Context` object.
+
+    Here an example that assigns the current template name to a
+    variable named `foo`::
+
+        Assign(Name('foo', ctx='store'),
+               Getattr(ContextReference(), 'name'))
+
+    This is basically equivalent to using the
+    :func:`~jinja2.pass_context` decorator when using the high-level
+    API, which causes a reference to the context to be passed as the
+    first argument to a function.
+    """
+
+
+class DerivedContextReference(Expr):
+    """Return the current template context including locals. Behaves
+    exactly like :class:`ContextReference`, but includes local
+    variables, such as from a ``for`` loop.
+
+    .. versionadded:: 2.11
+    """
+
+
+class Continue(Stmt):
+    """Continue a loop."""
+
+
+class Break(Stmt):
+    """Break a loop."""
+
+
+class Scope(Stmt):
+    """An artificial scope."""
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class OverlayScope(Stmt):
+    """An overlay scope for extensions.  This is a largely unoptimized scope
+    that however can be used to introduce completely arbitrary variables into
+    a sub scope from a dictionary or dictionary like object.  The `context`
+    field has to evaluate to a dictionary object.
+
+    Example usage::
+
+        OverlayScope(context=self.call_method('get_context'),
+                     body=[...])
+
+    .. versionadded:: 2.10
+    """
+
+    fields = ("context", "body")
+    context: Expr
+    body: t.List[Node]
+
+
+class EvalContextModifier(Stmt):
+    """Modifies the eval context.  For each option that should be modified,
+    a :class:`Keyword` has to be added to the :attr:`options` list.
+
+    Example to change the `autoescape` setting::
+
+        EvalContextModifier(options=[Keyword('autoescape', Const(True))])
+    """
+
+    fields = ("options",)
+    options: t.List[Keyword]
+
+
+class ScopedEvalContextModifier(EvalContextModifier):
+    """Modifies the eval context and reverts it later.  Works exactly like
+    :class:`EvalContextModifier` but will only modify the
+    :class:`~jinja2.nodes.EvalContext` for nodes in the :attr:`body`.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+# make sure nobody creates custom nodes
+def _failing_new(*args: t.Any, **kwargs: t.Any) -> "te.NoReturn":
+    raise TypeError("can't create custom node types")
+
+
+NodeType.__new__ = staticmethod(_failing_new)  # type: ignore
+del _failing_new
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/optimizer.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/optimizer.py
new file mode 100644
index 000000000..32d1c717b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/optimizer.py
@@ -0,0 +1,48 @@
+"""The optimizer tries to constant fold expressions and modify the AST
+in place so that it should be faster to evaluate.
+
+Because the AST does not contain all the scoping information and the
+compiler has to find that out, we cannot do all the optimizations we
+want. For example, loop unrolling doesn't work because unrolled loops
+would have a different scope. The solution would be a second syntax tree
+that stored the scoping rules.
+"""
+
+import typing as t
+
+from . import nodes
+from .visitor import NodeTransformer
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def optimize(node: nodes.Node, environment: "Environment") -> nodes.Node:
+    """The context hint can be used to perform an static optimization
+    based on the context given."""
+    optimizer = Optimizer(environment)
+    return t.cast(nodes.Node, optimizer.visit(node))
+
+
+class Optimizer(NodeTransformer):
+    def __init__(self, environment: "t.Optional[Environment]") -> None:
+        self.environment = environment
+
+    def generic_visit(
+        self, node: nodes.Node, *args: t.Any, **kwargs: t.Any
+    ) -> nodes.Node:
+        node = super().generic_visit(node, *args, **kwargs)
+
+        # Do constant folding. Some other nodes besides Expr have
+        # as_const, but folding them causes errors later on.
+        if isinstance(node, nodes.Expr):
+            try:
+                return nodes.Const.from_untrusted(
+                    node.as_const(args[0] if args else None),
+                    lineno=node.lineno,
+                    environment=self.environment,
+                )
+            except nodes.Impossible:
+                pass
+
+        return node
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/parser.py
new file mode 100644
index 000000000..0ec997fb4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/parser.py
@@ -0,0 +1,1041 @@
+"""Parse tokens from the lexer into nodes for the compiler."""
+
+import typing
+import typing as t
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .lexer import describe_token
+from .lexer import describe_token_expr
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_ImportInclude = t.TypeVar("_ImportInclude", nodes.Import, nodes.Include)
+_MacroCall = t.TypeVar("_MacroCall", nodes.Macro, nodes.CallBlock)
+
+_statement_keywords = frozenset(
+    [
+        "for",
+        "if",
+        "block",
+        "extends",
+        "print",
+        "macro",
+        "include",
+        "from",
+        "import",
+        "set",
+        "with",
+        "autoescape",
+    ]
+)
+_compare_operators = frozenset(["eq", "ne", "lt", "lteq", "gt", "gteq"])
+
+_math_nodes: t.Dict[str, t.Type[nodes.Expr]] = {
+    "add": nodes.Add,
+    "sub": nodes.Sub,
+    "mul": nodes.Mul,
+    "div": nodes.Div,
+    "floordiv": nodes.FloorDiv,
+    "mod": nodes.Mod,
+}
+
+
+class Parser:
+    """This is the central parsing class Jinja uses.  It's passed to
+    extensions and can be used to parse expressions or statements.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> None:
+        self.environment = environment
+        self.stream = environment._tokenize(source, name, filename, state)
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.extensions: t.Dict[
+            str, t.Callable[["Parser"], t.Union[nodes.Node, t.List[nodes.Node]]]
+        ] = {}
+        for extension in environment.iter_extensions():
+            for tag in extension.tags:
+                self.extensions[tag] = extension.parse
+        self._last_identifier = 0
+        self._tag_stack: t.List[str] = []
+        self._end_token_stack: t.List[t.Tuple[str, ...]] = []
+
+    def fail(
+        self,
+        msg: str,
+        lineno: t.Optional[int] = None,
+        exc: t.Type[TemplateSyntaxError] = TemplateSyntaxError,
+    ) -> "te.NoReturn":
+        """Convenience method that raises `exc` with the message, passed
+        line number or last line number as well as the current name and
+        filename.
+        """
+        if lineno is None:
+            lineno = self.stream.current.lineno
+        raise exc(msg, lineno, self.name, self.filename)
+
+    def _fail_ut_eof(
+        self,
+        name: t.Optional[str],
+        end_token_stack: t.List[t.Tuple[str, ...]],
+        lineno: t.Optional[int],
+    ) -> "te.NoReturn":
+        expected: t.Set[str] = set()
+        for exprs in end_token_stack:
+            expected.update(map(describe_token_expr, exprs))
+        if end_token_stack:
+            currently_looking: t.Optional[str] = " or ".join(
+                map(repr, map(describe_token_expr, end_token_stack[-1]))
+            )
+        else:
+            currently_looking = None
+
+        if name is None:
+            message = ["Unexpected end of template."]
+        else:
+            message = [f"Encountered unknown tag {name!r}."]
+
+        if currently_looking:
+            if name is not None and name in expected:
+                message.append(
+                    "You probably made a nesting mistake. Jinja is expecting this tag,"
+                    f" but currently looking for {currently_looking}."
+                )
+            else:
+                message.append(
+                    f"Jinja was looking for the following tags: {currently_looking}."
+                )
+
+        if self._tag_stack:
+            message.append(
+                "The innermost block that needs to be closed is"
+                f" {self._tag_stack[-1]!r}."
+            )
+
+        self.fail(" ".join(message), lineno)
+
+    def fail_unknown_tag(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> "te.NoReturn":
+        """Called if the parser encounters an unknown tag.  Tries to fail
+        with a human readable error message that could help to identify
+        the problem.
+        """
+        self._fail_ut_eof(name, self._end_token_stack, lineno)
+
+    def fail_eof(
+        self,
+        end_tokens: t.Optional[t.Tuple[str, ...]] = None,
+        lineno: t.Optional[int] = None,
+    ) -> "te.NoReturn":
+        """Like fail_unknown_tag but for end of template situations."""
+        stack = list(self._end_token_stack)
+        if end_tokens is not None:
+            stack.append(end_tokens)
+        self._fail_ut_eof(None, stack, lineno)
+
+    def is_tuple_end(
+        self, extra_end_rules: t.Optional[t.Tuple[str, ...]] = None
+    ) -> bool:
+        """Are we at the end of a tuple?"""
+        if self.stream.current.type in ("variable_end", "block_end", "rparen"):
+            return True
+        elif extra_end_rules is not None:
+            return self.stream.current.test_any(extra_end_rules)  # type: ignore
+        return False
+
+    def free_identifier(self, lineno: t.Optional[int] = None) -> nodes.InternalName:
+        """Return a new free identifier as :class:`~jinja2.nodes.InternalName`."""
+        self._last_identifier += 1
+        rv = object.__new__(nodes.InternalName)
+        nodes.Node.__init__(rv, f"fi{self._last_identifier}", lineno=lineno)
+        return rv
+
+    def parse_statement(self) -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a single statement."""
+        token = self.stream.current
+        if token.type != "name":
+            self.fail("tag name expected", token.lineno)
+        self._tag_stack.append(token.value)
+        pop_tag = True
+        try:
+            if token.value in _statement_keywords:
+                f = getattr(self, f"parse_{self.stream.current.value}")
+                return f()  # type: ignore
+            if token.value == "call":
+                return self.parse_call_block()
+            if token.value == "filter":
+                return self.parse_filter_block()
+            ext = self.extensions.get(token.value)
+            if ext is not None:
+                return ext(self)
+
+            # did not work out, remove the token we pushed by accident
+            # from the stack so that the unknown tag fail function can
+            # produce a proper error message.
+            self._tag_stack.pop()
+            pop_tag = False
+            self.fail_unknown_tag(token.value, token.lineno)
+        finally:
+            if pop_tag:
+                self._tag_stack.pop()
+
+    def parse_statements(
+        self, end_tokens: t.Tuple[str, ...], drop_needle: bool = False
+    ) -> t.List[nodes.Node]:
+        """Parse multiple statements into a list until one of the end tokens
+        is reached.  This is used to parse the body of statements as it also
+        parses template data if appropriate.  The parser checks first if the
+        current token is a colon and skips it if there is one.  Then it checks
+        for the block end and parses until if one of the `end_tokens` is
+        reached.  Per default the active token in the stream at the end of
+        the call is the matched end token.  If this is not wanted `drop_needle`
+        can be set to `True` and the end token is removed.
+        """
+        # the first token may be a colon for python compatibility
+        self.stream.skip_if("colon")
+
+        # in the future it would be possible to add whole code sections
+        # by adding some sort of end of statement token and parsing those here.
+        self.stream.expect("block_end")
+        result = self.subparse(end_tokens)
+
+        # we reached the end of the template too early, the subparser
+        # does not check for this, so we do that now
+        if self.stream.current.type == "eof":
+            self.fail_eof(end_tokens)
+
+        if drop_needle:
+            next(self.stream)
+        return result
+
+    def parse_set(self) -> t.Union[nodes.Assign, nodes.AssignBlock]:
+        """Parse an assign statement."""
+        lineno = next(self.stream).lineno
+        target = self.parse_assign_target(with_namespace=True)
+        if self.stream.skip_if("assign"):
+            expr = self.parse_tuple()
+            return nodes.Assign(target, expr, lineno=lineno)
+        filter_node = self.parse_filter(None)
+        body = self.parse_statements(("name:endset",), drop_needle=True)
+        return nodes.AssignBlock(target, filter_node, body, lineno=lineno)
+
+    def parse_for(self) -> nodes.For:
+        """Parse a for loop."""
+        lineno = self.stream.expect("name:for").lineno
+        target = self.parse_assign_target(extra_end_rules=("name:in",))
+        self.stream.expect("name:in")
+        iter = self.parse_tuple(
+            with_condexpr=False, extra_end_rules=("name:recursive",)
+        )
+        test = None
+        if self.stream.skip_if("name:if"):
+            test = self.parse_expression()
+        recursive = self.stream.skip_if("name:recursive")
+        body = self.parse_statements(("name:endfor", "name:else"))
+        if next(self.stream).value == "endfor":
+            else_ = []
+        else:
+            else_ = self.parse_statements(("name:endfor",), drop_needle=True)
+        return nodes.For(target, iter, body, else_, test, recursive, lineno=lineno)
+
+    def parse_if(self) -> nodes.If:
+        """Parse an if construct."""
+        node = result = nodes.If(lineno=self.stream.expect("name:if").lineno)
+        while True:
+            node.test = self.parse_tuple(with_condexpr=False)
+            node.body = self.parse_statements(("name:elif", "name:else", "name:endif"))
+            node.elif_ = []
+            node.else_ = []
+            token = next(self.stream)
+            if token.test("name:elif"):
+                node = nodes.If(lineno=self.stream.current.lineno)
+                result.elif_.append(node)
+                continue
+            elif token.test("name:else"):
+                result.else_ = self.parse_statements(("name:endif",), drop_needle=True)
+            break
+        return result
+
+    def parse_with(self) -> nodes.With:
+        node = nodes.With(lineno=next(self.stream).lineno)
+        targets: t.List[nodes.Expr] = []
+        values: t.List[nodes.Expr] = []
+        while self.stream.current.type != "block_end":
+            if targets:
+                self.stream.expect("comma")
+            target = self.parse_assign_target()
+            target.set_ctx("param")
+            targets.append(target)
+            self.stream.expect("assign")
+            values.append(self.parse_expression())
+        node.targets = targets
+        node.values = values
+        node.body = self.parse_statements(("name:endwith",), drop_needle=True)
+        return node
+
+    def parse_autoescape(self) -> nodes.Scope:
+        node = nodes.ScopedEvalContextModifier(lineno=next(self.stream).lineno)
+        node.options = [nodes.Keyword("autoescape", self.parse_expression())]
+        node.body = self.parse_statements(("name:endautoescape",), drop_needle=True)
+        return nodes.Scope([node])
+
+    def parse_block(self) -> nodes.Block:
+        node = nodes.Block(lineno=next(self.stream).lineno)
+        node.name = self.stream.expect("name").value
+        node.scoped = self.stream.skip_if("name:scoped")
+        node.required = self.stream.skip_if("name:required")
+
+        # common problem people encounter when switching from django
+        # to jinja.  we do not support hyphens in block names, so let's
+        # raise a nicer error message in that case.
+        if self.stream.current.type == "sub":
+            self.fail(
+                "Block names in Jinja have to be valid Python identifiers and may not"
+                " contain hyphens, use an underscore instead."
+            )
+
+        node.body = self.parse_statements(("name:endblock",), drop_needle=True)
+
+        # enforce that required blocks only contain whitespace or comments
+        # by asserting that the body, if not empty, is just TemplateData nodes
+        # with whitespace data
+        if node.required:
+            for body_node in node.body:
+                if not isinstance(body_node, nodes.Output) or any(
+                    not isinstance(output_node, nodes.TemplateData)
+                    or not output_node.data.isspace()
+                    for output_node in body_node.nodes
+                ):
+                    self.fail("Required blocks can only contain comments or whitespace")
+
+        self.stream.skip_if("name:" + node.name)
+        return node
+
+    def parse_extends(self) -> nodes.Extends:
+        node = nodes.Extends(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        return node
+
+    def parse_import_context(
+        self, node: _ImportInclude, default: bool
+    ) -> _ImportInclude:
+        if self.stream.current.test_any(
+            "name:with", "name:without"
+        ) and self.stream.look().test("name:context"):
+            node.with_context = next(self.stream).value == "with"
+            self.stream.skip()
+        else:
+            node.with_context = default
+        return node
+
+    def parse_include(self) -> nodes.Include:
+        node = nodes.Include(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        if self.stream.current.test("name:ignore") and self.stream.look().test(
+            "name:missing"
+        ):
+            node.ignore_missing = True
+            self.stream.skip(2)
+        else:
+            node.ignore_missing = False
+        return self.parse_import_context(node, True)
+
+    def parse_import(self) -> nodes.Import:
+        node = nodes.Import(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:as")
+        node.target = self.parse_assign_target(name_only=True).name
+        return self.parse_import_context(node, False)
+
+    def parse_from(self) -> nodes.FromImport:
+        node = nodes.FromImport(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:import")
+        node.names = []
+
+        def parse_context() -> bool:
+            if self.stream.current.value in {
+                "with",
+                "without",
+            } and self.stream.look().test("name:context"):
+                node.with_context = next(self.stream).value == "with"
+                self.stream.skip()
+                return True
+            return False
+
+        while True:
+            if node.names:
+                self.stream.expect("comma")
+            if self.stream.current.type == "name":
+                if parse_context():
+                    break
+                target = self.parse_assign_target(name_only=True)
+                if target.name.startswith("_"):
+                    self.fail(
+                        "names starting with an underline can not be imported",
+                        target.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                if self.stream.skip_if("name:as"):
+                    alias = self.parse_assign_target(name_only=True)
+                    node.names.append((target.name, alias.name))
+                else:
+                    node.names.append(target.name)
+                if parse_context() or self.stream.current.type != "comma":
+                    break
+            else:
+                self.stream.expect("name")
+        if not hasattr(node, "with_context"):
+            node.with_context = False
+        return node
+
+    def parse_signature(self, node: _MacroCall) -> None:
+        args = node.args = []
+        defaults = node.defaults = []
+        self.stream.expect("lparen")
+        while self.stream.current.type != "rparen":
+            if args:
+                self.stream.expect("comma")
+            arg = self.parse_assign_target(name_only=True)
+            arg.set_ctx("param")
+            if self.stream.skip_if("assign"):
+                defaults.append(self.parse_expression())
+            elif defaults:
+                self.fail("non-default argument follows default argument")
+            args.append(arg)
+        self.stream.expect("rparen")
+
+    def parse_call_block(self) -> nodes.CallBlock:
+        node = nodes.CallBlock(lineno=next(self.stream).lineno)
+        if self.stream.current.type == "lparen":
+            self.parse_signature(node)
+        else:
+            node.args = []
+            node.defaults = []
+
+        call_node = self.parse_expression()
+        if not isinstance(call_node, nodes.Call):
+            self.fail("expected call", node.lineno)
+        node.call = call_node
+        node.body = self.parse_statements(("name:endcall",), drop_needle=True)
+        return node
+
+    def parse_filter_block(self) -> nodes.FilterBlock:
+        node = nodes.FilterBlock(lineno=next(self.stream).lineno)
+        node.filter = self.parse_filter(None, start_inline=True)  # type: ignore
+        node.body = self.parse_statements(("name:endfilter",), drop_needle=True)
+        return node
+
+    def parse_macro(self) -> nodes.Macro:
+        node = nodes.Macro(lineno=next(self.stream).lineno)
+        node.name = self.parse_assign_target(name_only=True).name
+        self.parse_signature(node)
+        node.body = self.parse_statements(("name:endmacro",), drop_needle=True)
+        return node
+
+    def parse_print(self) -> nodes.Output:
+        node = nodes.Output(lineno=next(self.stream).lineno)
+        node.nodes = []
+        while self.stream.current.type != "block_end":
+            if node.nodes:
+                self.stream.expect("comma")
+            node.nodes.append(self.parse_expression())
+        return node
+
+    @typing.overload
+    def parse_assign_target(
+        self, with_tuple: bool = ..., name_only: "te.Literal[True]" = ...
+    ) -> nodes.Name: ...
+
+    @typing.overload
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]: ...
+
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]:
+        """Parse an assignment target.  As Jinja allows assignments to
+        tuples, this function can parse all allowed assignment targets.  Per
+        default assignments to tuples are parsed, that can be disable however
+        by setting `with_tuple` to `False`.  If only assignments to names are
+        wanted `name_only` can be set to `True`.  The `extra_end_rules`
+        parameter is forwarded to the tuple parsing function.  If
+        `with_namespace` is enabled, a namespace assignment may be parsed.
+        """
+        target: nodes.Expr
+
+        if with_namespace and self.stream.look().type == "dot":
+            token = self.stream.expect("name")
+            next(self.stream)  # dot
+            attr = self.stream.expect("name")
+            target = nodes.NSRef(token.value, attr.value, lineno=token.lineno)
+        elif name_only:
+            token = self.stream.expect("name")
+            target = nodes.Name(token.value, "store", lineno=token.lineno)
+        else:
+            if with_tuple:
+                target = self.parse_tuple(
+                    simplified=True, extra_end_rules=extra_end_rules
+                )
+            else:
+                target = self.parse_primary()
+
+            target.set_ctx("store")
+
+        if not target.can_assign():
+            self.fail(
+                f"can't assign to {type(target).__name__.lower()!r}", target.lineno
+            )
+
+        return target  # type: ignore
+
+    def parse_expression(self, with_condexpr: bool = True) -> nodes.Expr:
+        """Parse an expression.  Per default all expressions are parsed, if
+        the optional `with_condexpr` parameter is set to `False` conditional
+        expressions are not parsed.
+        """
+        if with_condexpr:
+            return self.parse_condexpr()
+        return self.parse_or()
+
+    def parse_condexpr(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr1 = self.parse_or()
+        expr3: t.Optional[nodes.Expr]
+
+        while self.stream.skip_if("name:if"):
+            expr2 = self.parse_or()
+            if self.stream.skip_if("name:else"):
+                expr3 = self.parse_condexpr()
+            else:
+                expr3 = None
+            expr1 = nodes.CondExpr(expr2, expr1, expr3, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return expr1
+
+    def parse_or(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_and()
+        while self.stream.skip_if("name:or"):
+            right = self.parse_and()
+            left = nodes.Or(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_and(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_not()
+        while self.stream.skip_if("name:and"):
+            right = self.parse_not()
+            left = nodes.And(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_not(self) -> nodes.Expr:
+        if self.stream.current.test("name:not"):
+            lineno = next(self.stream).lineno
+            return nodes.Not(self.parse_not(), lineno=lineno)
+        return self.parse_compare()
+
+    def parse_compare(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr = self.parse_math1()
+        ops = []
+        while True:
+            token_type = self.stream.current.type
+            if token_type in _compare_operators:
+                next(self.stream)
+                ops.append(nodes.Operand(token_type, self.parse_math1()))
+            elif self.stream.skip_if("name:in"):
+                ops.append(nodes.Operand("in", self.parse_math1()))
+            elif self.stream.current.test("name:not") and self.stream.look().test(
+                "name:in"
+            ):
+                self.stream.skip(2)
+                ops.append(nodes.Operand("notin", self.parse_math1()))
+            else:
+                break
+            lineno = self.stream.current.lineno
+        if not ops:
+            return expr
+        return nodes.Compare(expr, ops, lineno=lineno)
+
+    def parse_math1(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_concat()
+        while self.stream.current.type in ("add", "sub"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_concat()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_concat(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args = [self.parse_math2()]
+        while self.stream.current.type == "tilde":
+            next(self.stream)
+            args.append(self.parse_math2())
+        if len(args) == 1:
+            return args[0]
+        return nodes.Concat(args, lineno=lineno)
+
+    def parse_math2(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_pow()
+        while self.stream.current.type in ("mul", "div", "floordiv", "mod"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_pow()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_pow(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_unary()
+        while self.stream.current.type == "pow":
+            next(self.stream)
+            right = self.parse_unary()
+            left = nodes.Pow(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_unary(self, with_filter: bool = True) -> nodes.Expr:
+        token_type = self.stream.current.type
+        lineno = self.stream.current.lineno
+        node: nodes.Expr
+
+        if token_type == "sub":
+            next(self.stream)
+            node = nodes.Neg(self.parse_unary(False), lineno=lineno)
+        elif token_type == "add":
+            next(self.stream)
+            node = nodes.Pos(self.parse_unary(False), lineno=lineno)
+        else:
+            node = self.parse_primary()
+        node = self.parse_postfix(node)
+        if with_filter:
+            node = self.parse_filter_expr(node)
+        return node
+
+    def parse_primary(self) -> nodes.Expr:
+        token = self.stream.current
+        node: nodes.Expr
+        if token.type == "name":
+            if token.value in ("true", "false", "True", "False"):
+                node = nodes.Const(token.value in ("true", "True"), lineno=token.lineno)
+            elif token.value in ("none", "None"):
+                node = nodes.Const(None, lineno=token.lineno)
+            else:
+                node = nodes.Name(token.value, "load", lineno=token.lineno)
+            next(self.stream)
+        elif token.type == "string":
+            next(self.stream)
+            buf = [token.value]
+            lineno = token.lineno
+            while self.stream.current.type == "string":
+                buf.append(self.stream.current.value)
+                next(self.stream)
+            node = nodes.Const("".join(buf), lineno=lineno)
+        elif token.type in ("integer", "float"):
+            next(self.stream)
+            node = nodes.Const(token.value, lineno=token.lineno)
+        elif token.type == "lparen":
+            next(self.stream)
+            node = self.parse_tuple(explicit_parentheses=True)
+            self.stream.expect("rparen")
+        elif token.type == "lbracket":
+            node = self.parse_list()
+        elif token.type == "lbrace":
+            node = self.parse_dict()
+        else:
+            self.fail(f"unexpected {describe_token(token)!r}", token.lineno)
+        return node
+
+    def parse_tuple(
+        self,
+        simplified: bool = False,
+        with_condexpr: bool = True,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        explicit_parentheses: bool = False,
+    ) -> t.Union[nodes.Tuple, nodes.Expr]:
+        """Works like `parse_expression` but if multiple expressions are
+        delimited by a comma a :class:`~jinja2.nodes.Tuple` node is created.
+        This method could also return a regular expression instead of a tuple
+        if no commas where found.
+
+        The default parsing mode is a full tuple.  If `simplified` is `True`
+        only names and literals are parsed.  The `no_condexpr` parameter is
+        forwarded to :meth:`parse_expression`.
+
+        Because tuples do not require delimiters and may end in a bogus comma
+        an extra hint is needed that marks the end of a tuple.  For example
+        for loops support tuples between `for` and `in`.  In that case the
+        `extra_end_rules` is set to ``['name:in']``.
+
+        `explicit_parentheses` is true if the parsing was triggered by an
+        expression in parentheses.  This is used to figure out if an empty
+        tuple is a valid expression or not.
+        """
+        lineno = self.stream.current.lineno
+        if simplified:
+            parse = self.parse_primary
+        elif with_condexpr:
+            parse = self.parse_expression
+        else:
+
+            def parse() -> nodes.Expr:
+                return self.parse_expression(with_condexpr=False)
+
+        args: t.List[nodes.Expr] = []
+        is_tuple = False
+
+        while True:
+            if args:
+                self.stream.expect("comma")
+            if self.is_tuple_end(extra_end_rules):
+                break
+            args.append(parse())
+            if self.stream.current.type == "comma":
+                is_tuple = True
+            else:
+                break
+            lineno = self.stream.current.lineno
+
+        if not is_tuple:
+            if args:
+                return args[0]
+
+            # if we don't have explicit parentheses, an empty tuple is
+            # not a valid expression.  This would mean nothing (literally
+            # nothing) in the spot of an expression would be an empty
+            # tuple.
+            if not explicit_parentheses:
+                self.fail(
+                    "Expected an expression,"
+                    f" got {describe_token(self.stream.current)!r}"
+                )
+
+        return nodes.Tuple(args, "load", lineno=lineno)
+
+    def parse_list(self) -> nodes.List:
+        token = self.stream.expect("lbracket")
+        items: t.List[nodes.Expr] = []
+        while self.stream.current.type != "rbracket":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbracket":
+                break
+            items.append(self.parse_expression())
+        self.stream.expect("rbracket")
+        return nodes.List(items, lineno=token.lineno)
+
+    def parse_dict(self) -> nodes.Dict:
+        token = self.stream.expect("lbrace")
+        items: t.List[nodes.Pair] = []
+        while self.stream.current.type != "rbrace":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbrace":
+                break
+            key = self.parse_expression()
+            self.stream.expect("colon")
+            value = self.parse_expression()
+            items.append(nodes.Pair(key, value, lineno=key.lineno))
+        self.stream.expect("rbrace")
+        return nodes.Dict(items, lineno=token.lineno)
+
+    def parse_postfix(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "dot" or token_type == "lbracket":
+                node = self.parse_subscript(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_filter_expr(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "pipe":
+                node = self.parse_filter(node)  # type: ignore
+            elif token_type == "name" and self.stream.current.value == "is":
+                node = self.parse_test(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_subscript(
+        self, node: nodes.Expr
+    ) -> t.Union[nodes.Getattr, nodes.Getitem]:
+        token = next(self.stream)
+        arg: nodes.Expr
+
+        if token.type == "dot":
+            attr_token = self.stream.current
+            next(self.stream)
+            if attr_token.type == "name":
+                return nodes.Getattr(
+                    node, attr_token.value, "load", lineno=token.lineno
+                )
+            elif attr_token.type != "integer":
+                self.fail("expected name or number", attr_token.lineno)
+            arg = nodes.Const(attr_token.value, lineno=attr_token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        if token.type == "lbracket":
+            args: t.List[nodes.Expr] = []
+            while self.stream.current.type != "rbracket":
+                if args:
+                    self.stream.expect("comma")
+                args.append(self.parse_subscribed())
+            self.stream.expect("rbracket")
+            if len(args) == 1:
+                arg = args[0]
+            else:
+                arg = nodes.Tuple(args, "load", lineno=token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        self.fail("expected subscript expression", token.lineno)
+
+    def parse_subscribed(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args: t.List[t.Optional[nodes.Expr]]
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            args = [None]
+        else:
+            node = self.parse_expression()
+            if self.stream.current.type != "colon":
+                return node
+            next(self.stream)
+            args = [node]
+
+        if self.stream.current.type == "colon":
+            args.append(None)
+        elif self.stream.current.type not in ("rbracket", "comma"):
+            args.append(self.parse_expression())
+        else:
+            args.append(None)
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            if self.stream.current.type not in ("rbracket", "comma"):
+                args.append(self.parse_expression())
+            else:
+                args.append(None)
+        else:
+            args.append(None)
+
+        return nodes.Slice(lineno=lineno, *args)  # noqa: B026
+
+    def parse_call_args(
+        self,
+    ) -> t.Tuple[
+        t.List[nodes.Expr],
+        t.List[nodes.Keyword],
+        t.Optional[nodes.Expr],
+        t.Optional[nodes.Expr],
+    ]:
+        token = self.stream.expect("lparen")
+        args = []
+        kwargs = []
+        dyn_args = None
+        dyn_kwargs = None
+        require_comma = False
+
+        def ensure(expr: bool) -> None:
+            if not expr:
+                self.fail("invalid syntax for function call expression", token.lineno)
+
+        while self.stream.current.type != "rparen":
+            if require_comma:
+                self.stream.expect("comma")
+
+                # support for trailing comma
+                if self.stream.current.type == "rparen":
+                    break
+
+            if self.stream.current.type == "mul":
+                ensure(dyn_args is None and dyn_kwargs is None)
+                next(self.stream)
+                dyn_args = self.parse_expression()
+            elif self.stream.current.type == "pow":
+                ensure(dyn_kwargs is None)
+                next(self.stream)
+                dyn_kwargs = self.parse_expression()
+            else:
+                if (
+                    self.stream.current.type == "name"
+                    and self.stream.look().type == "assign"
+                ):
+                    # Parsing a kwarg
+                    ensure(dyn_kwargs is None)
+                    key = self.stream.current.value
+                    self.stream.skip(2)
+                    value = self.parse_expression()
+                    kwargs.append(nodes.Keyword(key, value, lineno=value.lineno))
+                else:
+                    # Parsing an arg
+                    ensure(dyn_args is None and dyn_kwargs is None and not kwargs)
+                    args.append(self.parse_expression())
+
+            require_comma = True
+
+        self.stream.expect("rparen")
+        return args, kwargs, dyn_args, dyn_kwargs
+
+    def parse_call(self, node: nodes.Expr) -> nodes.Call:
+        # The lparen will be expected in parse_call_args, but the lineno
+        # needs to be recorded before the stream is advanced.
+        token = self.stream.current
+        args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        return nodes.Call(node, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno)
+
+    def parse_filter(
+        self, node: t.Optional[nodes.Expr], start_inline: bool = False
+    ) -> t.Optional[nodes.Expr]:
+        while self.stream.current.type == "pipe" or start_inline:
+            if not start_inline:
+                next(self.stream)
+            token = self.stream.expect("name")
+            name = token.value
+            while self.stream.current.type == "dot":
+                next(self.stream)
+                name += "." + self.stream.expect("name").value
+            if self.stream.current.type == "lparen":
+                args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+            else:
+                args = []
+                kwargs = []
+                dyn_args = dyn_kwargs = None
+            node = nodes.Filter(
+                node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+            )
+            start_inline = False
+        return node
+
+    def parse_test(self, node: nodes.Expr) -> nodes.Expr:
+        token = next(self.stream)
+        if self.stream.current.test("name:not"):
+            next(self.stream)
+            negated = True
+        else:
+            negated = False
+        name = self.stream.expect("name").value
+        while self.stream.current.type == "dot":
+            next(self.stream)
+            name += "." + self.stream.expect("name").value
+        dyn_args = dyn_kwargs = None
+        kwargs: t.List[nodes.Keyword] = []
+        if self.stream.current.type == "lparen":
+            args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        elif self.stream.current.type in {
+            "name",
+            "string",
+            "integer",
+            "float",
+            "lparen",
+            "lbracket",
+            "lbrace",
+        } and not self.stream.current.test_any("name:else", "name:or", "name:and"):
+            if self.stream.current.test("name:is"):
+                self.fail("You cannot chain multiple tests with is")
+            arg_node = self.parse_primary()
+            arg_node = self.parse_postfix(arg_node)
+            args = [arg_node]
+        else:
+            args = []
+        node = nodes.Test(
+            node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+        )
+        if negated:
+            node = nodes.Not(node, lineno=token.lineno)
+        return node
+
+    def subparse(
+        self, end_tokens: t.Optional[t.Tuple[str, ...]] = None
+    ) -> t.List[nodes.Node]:
+        body: t.List[nodes.Node] = []
+        data_buffer: t.List[nodes.Node] = []
+        add_data = data_buffer.append
+
+        if end_tokens is not None:
+            self._end_token_stack.append(end_tokens)
+
+        def flush_data() -> None:
+            if data_buffer:
+                lineno = data_buffer[0].lineno
+                body.append(nodes.Output(data_buffer[:], lineno=lineno))
+                del data_buffer[:]
+
+        try:
+            while self.stream:
+                token = self.stream.current
+                if token.type == "data":
+                    if token.value:
+                        add_data(nodes.TemplateData(token.value, lineno=token.lineno))
+                    next(self.stream)
+                elif token.type == "variable_begin":
+                    next(self.stream)
+                    add_data(self.parse_tuple(with_condexpr=True))
+                    self.stream.expect("variable_end")
+                elif token.type == "block_begin":
+                    flush_data()
+                    next(self.stream)
+                    if end_tokens is not None and self.stream.current.test_any(
+                        *end_tokens
+                    ):
+                        return body
+                    rv = self.parse_statement()
+                    if isinstance(rv, list):
+                        body.extend(rv)
+                    else:
+                        body.append(rv)
+                    self.stream.expect("block_end")
+                else:
+                    raise AssertionError("internal parsing error")
+
+            flush_data()
+        finally:
+            if end_tokens is not None:
+                self._end_token_stack.pop()
+        return body
+
+    def parse(self) -> nodes.Template:
+        """Parse the whole template into a `Template` node."""
+        result = nodes.Template(self.subparse(), lineno=1)
+        result.set_environment(self.environment)
+        return result
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/py.typed b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/runtime.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/runtime.py
new file mode 100644
index 000000000..4325c8deb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/runtime.py
@@ -0,0 +1,1056 @@
+"""The runtime functions and state used by compiled templates."""
+
+import functools
+import sys
+import typing as t
+from collections import abc
+from itertools import chain
+
+from markupsafe import escape  # noqa: F401
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import auto_aiter
+from .async_utils import auto_await  # noqa: F401
+from .exceptions import TemplateNotFound  # noqa: F401
+from .exceptions import TemplateRuntimeError  # noqa: F401
+from .exceptions import UndefinedError
+from .nodes import EvalContext
+from .utils import _PassArg
+from .utils import concat
+from .utils import internalcode
+from .utils import missing
+from .utils import Namespace  # noqa: F401
+from .utils import object_type_repr
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+if t.TYPE_CHECKING:
+    import logging
+
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class LoopRenderFunc(te.Protocol):
+        def __call__(
+            self,
+            reciter: t.Iterable[V],
+            loop_render_func: "LoopRenderFunc",
+            depth: int = 0,
+        ) -> str: ...
+
+
+# these variables are exported to the template runtime
+exported = [
+    "LoopContext",
+    "TemplateReference",
+    "Macro",
+    "Markup",
+    "TemplateRuntimeError",
+    "missing",
+    "escape",
+    "markup_join",
+    "str_join",
+    "identity",
+    "TemplateNotFound",
+    "Namespace",
+    "Undefined",
+    "internalcode",
+]
+async_exported = [
+    "AsyncLoopContext",
+    "auto_aiter",
+    "auto_await",
+]
+
+
+def identity(x: V) -> V:
+    """Returns its argument. Useful for certain things in the
+    environment.
+    """
+    return x
+
+
+def markup_join(seq: t.Iterable[t.Any]) -> str:
+    """Concatenation that escapes if necessary and converts to string."""
+    buf = []
+    iterator = map(soft_str, seq)
+    for arg in iterator:
+        buf.append(arg)
+        if hasattr(arg, "__html__"):
+            return Markup("").join(chain(buf, iterator))
+    return concat(buf)
+
+
+def str_join(seq: t.Iterable[t.Any]) -> str:
+    """Simple args to string conversion and concatenation."""
+    return concat(map(str, seq))
+
+
+def new_context(
+    environment: "Environment",
+    template_name: t.Optional[str],
+    blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+    vars: t.Optional[t.Dict[str, t.Any]] = None,
+    shared: bool = False,
+    globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    locals: t.Optional[t.Mapping[str, t.Any]] = None,
+) -> "Context":
+    """Internal helper for context creation."""
+    if vars is None:
+        vars = {}
+    if shared:
+        parent = vars
+    else:
+        parent = dict(globals or (), **vars)
+    if locals:
+        # if the parent is shared a copy should be created because
+        # we don't want to modify the dict passed
+        if shared:
+            parent = dict(parent)
+        for key, value in locals.items():
+            if value is not missing:
+                parent[key] = value
+    return environment.context_class(
+        environment, parent, template_name, blocks, globals=globals
+    )
+
+
+class TemplateReference:
+    """The `self` in templates."""
+
+    def __init__(self, context: "Context") -> None:
+        self.__context = context
+
+    def __getitem__(self, name: str) -> t.Any:
+        blocks = self.__context.blocks[name]
+        return BlockReference(name, self.__context, blocks, 0)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.__context.name!r}>"
+
+
+def _dict_method_all(dict_method: F) -> F:
+    @functools.wraps(dict_method)
+    def f_all(self: "Context") -> t.Any:
+        return dict_method(self.get_all())
+
+    return t.cast(F, f_all)
+
+
+@abc.Mapping.register
+class Context:
+    """The template context holds the variables of a template.  It stores the
+    values passed to the template and also the names the template exports.
+    Creating instances is neither supported nor useful as it's created
+    automatically at various stages of the template evaluation and should not
+    be created by hand.
+
+    The context is immutable.  Modifications on :attr:`parent` **must not**
+    happen and modifications on :attr:`vars` are allowed from generated
+    template code only.  Template filters and global functions marked as
+    :func:`pass_context` get the active context passed as first argument
+    and are allowed to access the context read-only.
+
+    The template context supports read only dict operations (`get`,
+    `keys`, `values`, `items`, `iterkeys`, `itervalues`, `iteritems`,
+    `__getitem__`, `__contains__`).  Additionally there is a :meth:`resolve`
+    method that doesn't fail with a `KeyError` but returns an
+    :class:`Undefined` object for missing variables.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        parent: t.Dict[str, t.Any],
+        name: t.Optional[str],
+        blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ):
+        self.parent = parent
+        self.vars: t.Dict[str, t.Any] = {}
+        self.environment: "Environment" = environment
+        self.eval_ctx = EvalContext(self.environment, name)
+        self.exported_vars: t.Set[str] = set()
+        self.name = name
+        self.globals_keys = set() if globals is None else set(globals)
+
+        # create the initial mapping of blocks.  Whenever template inheritance
+        # takes place the runtime will update this mapping with the new blocks
+        # from the template.
+        self.blocks = {k: [v] for k, v in blocks.items()}
+
+    def super(
+        self, name: str, current: t.Callable[["Context"], t.Iterator[str]]
+    ) -> t.Union["BlockReference", "Undefined"]:
+        """Render a parent block."""
+        try:
+            blocks = self.blocks[name]
+            index = blocks.index(current) + 1
+            blocks[index]
+        except LookupError:
+            return self.environment.undefined(
+                f"there is no parent block called {name!r}.", name="super"
+            )
+        return BlockReference(name, self, blocks, index)
+
+    def get(self, key: str, default: t.Any = None) -> t.Any:
+        """Look up a variable by name, or return a default if the key is
+        not found.
+
+        :param key: The variable name to look up.
+        :param default: The value to return if the key is not found.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def resolve(self, key: str) -> t.Union[t.Any, "Undefined"]:
+        """Look up a variable by name, or return an :class:`Undefined`
+        object if the key is not found.
+
+        If you need to add custom behavior, override
+        :meth:`resolve_or_missing`, not this method. The various lookup
+        functions use that method, not this one.
+
+        :param key: The variable name to look up.
+        """
+        rv = self.resolve_or_missing(key)
+
+        if rv is missing:
+            return self.environment.undefined(name=key)
+
+        return rv
+
+    def resolve_or_missing(self, key: str) -> t.Any:
+        """Look up a variable by name, or return a ``missing`` sentinel
+        if the key is not found.
+
+        Override this method to add custom lookup behavior.
+        :meth:`resolve`, :meth:`get`, and :meth:`__getitem__` use this
+        method. Don't call this method directly.
+
+        :param key: The variable name to look up.
+        """
+        if key in self.vars:
+            return self.vars[key]
+
+        if key in self.parent:
+            return self.parent[key]
+
+        return missing
+
+    def get_exported(self) -> t.Dict[str, t.Any]:
+        """Get a new dict with the exported variables."""
+        return {k: self.vars[k] for k in self.exported_vars}
+
+    def get_all(self) -> t.Dict[str, t.Any]:
+        """Return the complete context as dict including the exported
+        variables.  For optimizations reasons this might not return an
+        actual copy so be careful with using it.
+        """
+        if not self.vars:
+            return self.parent
+        if not self.parent:
+            return self.vars
+        return dict(self.parent, **self.vars)
+
+    @internalcode
+    def call(
+        __self,
+        __obj: t.Callable[..., t.Any],
+        *args: t.Any,
+        **kwargs: t.Any,  # noqa: B902
+    ) -> t.Union[t.Any, "Undefined"]:
+        """Call the callable with the arguments and keyword arguments
+        provided but inject the active context or environment as first
+        argument if the callable has :func:`pass_context` or
+        :func:`pass_environment`.
+        """
+        if __debug__:
+            __traceback_hide__ = True  # noqa
+
+        # Allow callable classes to take a context
+        if (
+            hasattr(__obj, "__call__")  # noqa: B004
+            and _PassArg.from_obj(__obj.__call__) is not None
+        ):
+            __obj = __obj.__call__
+
+        pass_arg = _PassArg.from_obj(__obj)
+
+        if pass_arg is _PassArg.context:
+            # the active context should have access to variables set in
+            # loops and blocks without mutating the context itself
+            if kwargs.get("_loop_vars"):
+                __self = __self.derived(kwargs["_loop_vars"])
+            if kwargs.get("_block_vars"):
+                __self = __self.derived(kwargs["_block_vars"])
+            args = (__self,) + args
+        elif pass_arg is _PassArg.eval_context:
+            args = (__self.eval_ctx,) + args
+        elif pass_arg is _PassArg.environment:
+            args = (__self.environment,) + args
+
+        kwargs.pop("_block_vars", None)
+        kwargs.pop("_loop_vars", None)
+
+        try:
+            return __obj(*args, **kwargs)
+        except StopIteration:
+            return __self.environment.undefined(
+                "value was undefined because a callable raised a"
+                " StopIteration exception"
+            )
+
+    def derived(self, locals: t.Optional[t.Dict[str, t.Any]] = None) -> "Context":
+        """Internal helper function to create a derived context.  This is
+        used in situations where the system needs a new context in the same
+        template that is independent.
+        """
+        context = new_context(
+            self.environment, self.name, {}, self.get_all(), True, None, locals
+        )
+        context.eval_ctx = self.eval_ctx
+        context.blocks.update((k, list(v)) for k, v in self.blocks.items())
+        return context
+
+    keys = _dict_method_all(dict.keys)
+    values = _dict_method_all(dict.values)
+    items = _dict_method_all(dict.items)
+
+    def __contains__(self, name: str) -> bool:
+        return name in self.vars or name in self.parent
+
+    def __getitem__(self, key: str) -> t.Any:
+        """Look up a variable by name with ``[]`` syntax, or raise a
+        ``KeyError`` if the key is not found.
+        """
+        item = self.resolve_or_missing(key)
+
+        if item is missing:
+            raise KeyError(key)
+
+        return item
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.get_all()!r} of {self.name!r}>"
+
+
+class BlockReference:
+    """One block on a template reference."""
+
+    def __init__(
+        self,
+        name: str,
+        context: "Context",
+        stack: t.List[t.Callable[["Context"], t.Iterator[str]]],
+        depth: int,
+    ) -> None:
+        self.name = name
+        self._context = context
+        self._stack = stack
+        self._depth = depth
+
+    @property
+    def super(self) -> t.Union["BlockReference", "Undefined"]:
+        """Super the block."""
+        if self._depth + 1 >= len(self._stack):
+            return self._context.environment.undefined(
+                f"there is no parent block called {self.name!r}.", name="super"
+            )
+        return BlockReference(self.name, self._context, self._stack, self._depth + 1)
+
+    @internalcode
+    async def _async_call(self) -> str:
+        rv = concat(
+            [x async for x in self._stack[self._depth](self._context)]  # type: ignore
+        )
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+    @internalcode
+    def __call__(self) -> str:
+        if self._context.environment.is_async:
+            return self._async_call()  # type: ignore
+
+        rv = concat(self._stack[self._depth](self._context))
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+
+class LoopContext:
+    """A wrapper iterable for dynamic ``for`` loops, with information
+    about the loop and iteration.
+    """
+
+    #: Current iteration of the loop, starting at 0.
+    index0 = -1
+
+    _length: t.Optional[int] = None
+    _after: t.Any = missing
+    _current: t.Any = missing
+    _before: t.Any = missing
+    _last_changed_value: t.Any = missing
+
+    def __init__(
+        self,
+        iterable: t.Iterable[V],
+        undefined: t.Type["Undefined"],
+        recurse: t.Optional["LoopRenderFunc"] = None,
+        depth0: int = 0,
+    ) -> None:
+        """
+        :param iterable: Iterable to wrap.
+        :param undefined: :class:`Undefined` class to use for next and
+            previous items.
+        :param recurse: The function to render the loop body when the
+            loop is marked recursive.
+        :param depth0: Incremented when looping recursively.
+        """
+        self._iterable = iterable
+        self._iterator = self._to_iterator(iterable)
+        self._undefined = undefined
+        self._recurse = recurse
+        #: How many levels deep a recursive loop currently is, starting at 0.
+        self.depth0 = depth0
+
+    @staticmethod
+    def _to_iterator(iterable: t.Iterable[V]) -> t.Iterator[V]:
+        return iter(iterable)
+
+    @property
+    def length(self) -> int:
+        """Length of the iterable.
+
+        If the iterable is a generator or otherwise does not have a
+        size, it is eagerly evaluated to get a size.
+        """
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = list(self._iterator)
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    def __len__(self) -> int:
+        return self.length
+
+    @property
+    def depth(self) -> int:
+        """How many levels deep a recursive loop currently is, starting at 1."""
+        return self.depth0 + 1
+
+    @property
+    def index(self) -> int:
+        """Current iteration of the loop, starting at 1."""
+        return self.index0 + 1
+
+    @property
+    def revindex0(self) -> int:
+        """Number of iterations from the end of the loop, ending at 0.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index
+
+    @property
+    def revindex(self) -> int:
+        """Number of iterations from the end of the loop, ending at 1.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index0
+
+    @property
+    def first(self) -> bool:
+        """Whether this is the first iteration of the loop."""
+        return self.index0 == 0
+
+    def _peek_next(self) -> t.Any:
+        """Return the next element in the iterable, or :data:`missing`
+        if the iterable is exhausted. Only peeks one item ahead, caching
+        the result in :attr:`_last` for use in subsequent checks. The
+        cache is reset when :meth:`__next__` is called.
+        """
+        if self._after is not missing:
+            return self._after
+
+        self._after = next(self._iterator, missing)
+        return self._after
+
+    @property
+    def last(self) -> bool:
+        """Whether this is the last iteration of the loop.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`groupby` filter avoids that issue.
+        """
+        return self._peek_next() is missing
+
+    @property
+    def previtem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the previous iteration. Undefined during the
+        first iteration.
+        """
+        if self.first:
+            return self._undefined("there is no previous item")
+
+        return self._before
+
+    @property
+    def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the next iteration. Undefined during the last
+        iteration.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`jinja-filters.groupby` filter avoids that issue.
+        """
+        rv = self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def cycle(self, *args: V) -> V:
+        """Return a value from the given args, cycling through based on
+        the current :attr:`index0`.
+
+        :param args: One or more values to cycle through.
+        """
+        if not args:
+            raise TypeError("no items for cycling given")
+
+        return args[self.index0 % len(args)]
+
+    def changed(self, *value: t.Any) -> bool:
+        """Return ``True`` if previously called with a different value
+        (including when called for the first time).
+
+        :param value: One or more values to compare to the last call.
+        """
+        if self._last_changed_value != value:
+            self._last_changed_value = value
+            return True
+
+        return False
+
+    def __iter__(self) -> "LoopContext":
+        return self
+
+    def __next__(self) -> t.Tuple[t.Any, "LoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = next(self._iterator)
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+    @internalcode
+    def __call__(self, iterable: t.Iterable[V]) -> str:
+        """When iterating over nested data, render the body of the loop
+        recursively with the given inner iterable data.
+
+        The loop must have the ``recursive`` marker for this to work.
+        """
+        if self._recurse is None:
+            raise TypeError(
+                "The loop must have the 'recursive' marker to be called recursively."
+            )
+
+        return self._recurse(iterable, self._recurse, depth=self.depth)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.index}/{self.length}>"
+
+
+class AsyncLoopContext(LoopContext):
+    _iterator: t.AsyncIterator[t.Any]  # type: ignore
+
+    @staticmethod
+    def _to_iterator(  # type: ignore
+        iterable: t.Union[t.Iterable[V], t.AsyncIterable[V]],
+    ) -> t.AsyncIterator[V]:
+        return auto_aiter(iterable)
+
+    @property
+    async def length(self) -> int:  # type: ignore
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = [x async for x in self._iterator]
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    @property
+    async def revindex0(self) -> int:  # type: ignore
+        return await self.length - self.index
+
+    @property
+    async def revindex(self) -> int:  # type: ignore
+        return await self.length - self.index0
+
+    async def _peek_next(self) -> t.Any:
+        if self._after is not missing:
+            return self._after
+
+        try:
+            self._after = await self._iterator.__anext__()
+        except StopAsyncIteration:
+            self._after = missing
+
+        return self._after
+
+    @property
+    async def last(self) -> bool:  # type: ignore
+        return await self._peek_next() is missing
+
+    @property
+    async def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        rv = await self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def __aiter__(self) -> "AsyncLoopContext":
+        return self
+
+    async def __anext__(self) -> t.Tuple[t.Any, "AsyncLoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = await self._iterator.__anext__()
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+
+class Macro:
+    """Wraps a macro function."""
+
+    def __init__(
+        self,
+        environment: "Environment",
+        func: t.Callable[..., str],
+        name: str,
+        arguments: t.List[str],
+        catch_kwargs: bool,
+        catch_varargs: bool,
+        caller: bool,
+        default_autoescape: t.Optional[bool] = None,
+    ):
+        self._environment = environment
+        self._func = func
+        self._argument_count = len(arguments)
+        self.name = name
+        self.arguments = arguments
+        self.catch_kwargs = catch_kwargs
+        self.catch_varargs = catch_varargs
+        self.caller = caller
+        self.explicit_caller = "caller" in arguments
+
+        if default_autoescape is None:
+            if callable(environment.autoescape):
+                default_autoescape = environment.autoescape(None)
+            else:
+                default_autoescape = environment.autoescape
+
+        self._default_autoescape = default_autoescape
+
+    @internalcode
+    @pass_eval_context
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> str:
+        # This requires a bit of explanation,  In the past we used to
+        # decide largely based on compile-time information if a macro is
+        # safe or unsafe.  While there was a volatile mode it was largely
+        # unused for deciding on escaping.  This turns out to be
+        # problematic for macros because whether a macro is safe depends not
+        # on the escape mode when it was defined, but rather when it was used.
+        #
+        # Because however we export macros from the module system and
+        # there are historic callers that do not pass an eval context (and
+        # will continue to not pass one), we need to perform an instance
+        # check here.
+        #
+        # This is considered safe because an eval context is not a valid
+        # argument to callables otherwise anyway.  Worst case here is
+        # that if no eval context is passed we fall back to the compile
+        # time autoescape flag.
+        if args and isinstance(args[0], EvalContext):
+            autoescape = args[0].autoescape
+            args = args[1:]
+        else:
+            autoescape = self._default_autoescape
+
+        # try to consume the positional arguments
+        arguments = list(args[: self._argument_count])
+        off = len(arguments)
+
+        # For information why this is necessary refer to the handling
+        # of caller in the `macro_body` handler in the compiler.
+        found_caller = False
+
+        # if the number of arguments consumed is not the number of
+        # arguments expected we start filling in keyword arguments
+        # and defaults.
+        if off != self._argument_count:
+            for name in self.arguments[len(arguments) :]:
+                try:
+                    value = kwargs.pop(name)
+                except KeyError:
+                    value = missing
+                if name == "caller":
+                    found_caller = True
+                arguments.append(value)
+        else:
+            found_caller = self.explicit_caller
+
+        # it's important that the order of these arguments does not change
+        # if not also changed in the compiler's `function_scoping` method.
+        # the order is caller, keyword arguments, positional arguments!
+        if self.caller and not found_caller:
+            caller = kwargs.pop("caller", None)
+            if caller is None:
+                caller = self._environment.undefined("No caller defined", name="caller")
+            arguments.append(caller)
+
+        if self.catch_kwargs:
+            arguments.append(kwargs)
+        elif kwargs:
+            if "caller" in kwargs:
+                raise TypeError(
+                    f"macro {self.name!r} was invoked with two values for the special"
+                    " caller argument. This is most likely a bug."
+                )
+            raise TypeError(
+                f"macro {self.name!r} takes no keyword argument {next(iter(kwargs))!r}"
+            )
+        if self.catch_varargs:
+            arguments.append(args[self._argument_count :])
+        elif len(args) > self._argument_count:
+            raise TypeError(
+                f"macro {self.name!r} takes not more than"
+                f" {len(self.arguments)} argument(s)"
+            )
+
+        return self._invoke(arguments, autoescape)
+
+    async def _async_invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        rv = await self._func(*arguments)  # type: ignore
+
+        if autoescape:
+            return Markup(rv)
+
+        return rv  # type: ignore
+
+    def _invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        if self._environment.is_async:
+            return self._async_invoke(arguments, autoescape)  # type: ignore
+
+        rv = self._func(*arguments)
+
+        if autoescape:
+            rv = Markup(rv)
+
+        return rv
+
+    def __repr__(self) -> str:
+        name = "anonymous" if self.name is None else repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class Undefined:
+    """The default undefined type.  This undefined type can be printed and
+    iterated over, but every other access will raise an :exc:`UndefinedError`:
+
+    >>> foo = Undefined(name='foo')
+    >>> str(foo)
+    ''
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = (
+        "_undefined_hint",
+        "_undefined_obj",
+        "_undefined_name",
+        "_undefined_exception",
+    )
+
+    def __init__(
+        self,
+        hint: t.Optional[str] = None,
+        obj: t.Any = missing,
+        name: t.Optional[str] = None,
+        exc: t.Type[TemplateRuntimeError] = UndefinedError,
+    ) -> None:
+        self._undefined_hint = hint
+        self._undefined_obj = obj
+        self._undefined_name = name
+        self._undefined_exception = exc
+
+    @property
+    def _undefined_message(self) -> str:
+        """Build a message about the undefined value based on how it was
+        accessed.
+        """
+        if self._undefined_hint:
+            return self._undefined_hint
+
+        if self._undefined_obj is missing:
+            return f"{self._undefined_name!r} is undefined"
+
+        if not isinstance(self._undefined_name, str):
+            return (
+                f"{object_type_repr(self._undefined_obj)} has no"
+                f" element {self._undefined_name!r}"
+            )
+
+        return (
+            f"{object_type_repr(self._undefined_obj)!r} has no"
+            f" attribute {self._undefined_name!r}"
+        )
+
+    @internalcode
+    def _fail_with_undefined_error(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> "te.NoReturn":
+        """Raise an :exc:`UndefinedError` when operations are performed
+        on the undefined value.
+        """
+        raise self._undefined_exception(self._undefined_message)
+
+    @internalcode
+    def __getattr__(self, name: str) -> t.Any:
+        if name[:2] == "__":
+            raise AttributeError(name)
+
+        return self._fail_with_undefined_error()
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _fail_with_undefined_error
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _fail_with_undefined_error
+    __truediv__ = __rtruediv__ = _fail_with_undefined_error
+    __floordiv__ = __rfloordiv__ = _fail_with_undefined_error
+    __mod__ = __rmod__ = _fail_with_undefined_error
+    __pos__ = __neg__ = _fail_with_undefined_error
+    __call__ = __getitem__ = _fail_with_undefined_error
+    __lt__ = __le__ = __gt__ = __ge__ = _fail_with_undefined_error
+    __int__ = __float__ = __complex__ = _fail_with_undefined_error
+    __pow__ = __rpow__ = _fail_with_undefined_error
+
+    def __eq__(self, other: t.Any) -> bool:
+        return type(self) is type(other)
+
+    def __ne__(self, other: t.Any) -> bool:
+        return not self.__eq__(other)
+
+    def __hash__(self) -> int:
+        return id(type(self))
+
+    def __str__(self) -> str:
+        return ""
+
+    def __len__(self) -> int:
+        return 0
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        yield from ()
+
+    async def __aiter__(self) -> t.AsyncIterator[t.Any]:
+        for _ in ():
+            yield
+
+    def __bool__(self) -> bool:
+        return False
+
+    def __repr__(self) -> str:
+        return "Undefined"
+
+
+def make_logging_undefined(
+    logger: t.Optional["logging.Logger"] = None, base: t.Type[Undefined] = Undefined
+) -> t.Type[Undefined]:
+    """Given a logger object this returns a new undefined class that will
+    log certain failures.  It will log iterations and printing.  If no
+    logger is given a default logger is created.
+
+    Example::
+
+        logger = logging.getLogger(__name__)
+        LoggingUndefined = make_logging_undefined(
+            logger=logger,
+            base=Undefined
+        )
+
+    .. versionadded:: 2.8
+
+    :param logger: the logger to use.  If not provided, a default logger
+                   is created.
+    :param base: the base class to add logging functionality to.  This
+                 defaults to :class:`Undefined`.
+    """
+    if logger is None:
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.addHandler(logging.StreamHandler(sys.stderr))
+
+    def _log_message(undef: Undefined) -> None:
+        logger.warning("Template variable warning: %s", undef._undefined_message)
+
+    class LoggingUndefined(base):  # type: ignore
+        __slots__ = ()
+
+        def _fail_with_undefined_error(  # type: ignore
+            self, *args: t.Any, **kwargs: t.Any
+        ) -> "te.NoReturn":
+            try:
+                super()._fail_with_undefined_error(*args, **kwargs)
+            except self._undefined_exception as e:
+                logger.error("Template variable error: %s", e)  # type: ignore
+                raise e
+
+        def __str__(self) -> str:
+            _log_message(self)
+            return super().__str__()  # type: ignore
+
+        def __iter__(self) -> t.Iterator[t.Any]:
+            _log_message(self)
+            return super().__iter__()  # type: ignore
+
+        def __bool__(self) -> bool:
+            _log_message(self)
+            return super().__bool__()  # type: ignore
+
+    return LoggingUndefined
+
+
+class ChainableUndefined(Undefined):
+    """An undefined that is chainable, where both ``__getattr__`` and
+    ``__getitem__`` return itself rather than raising an
+    :exc:`UndefinedError`.
+
+    >>> foo = ChainableUndefined(name='foo')
+    >>> str(foo.bar['baz'])
+    ''
+    >>> foo.bar['baz'] + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+
+    .. versionadded:: 2.11.0
+    """
+
+    __slots__ = ()
+
+    def __html__(self) -> str:
+        return str(self)
+
+    def __getattr__(self, _: str) -> "ChainableUndefined":
+        return self
+
+    __getitem__ = __getattr__  # type: ignore
+
+
+class DebugUndefined(Undefined):
+    """An undefined that returns the debug info when printed.
+
+    >>> foo = DebugUndefined(name='foo')
+    >>> str(foo)
+    '{{ foo }}'
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+
+    def __str__(self) -> str:
+        if self._undefined_hint:
+            message = f"undefined value printed: {self._undefined_hint}"
+
+        elif self._undefined_obj is missing:
+            message = self._undefined_name  # type: ignore
+
+        else:
+            message = (
+                f"no such element: {object_type_repr(self._undefined_obj)}"
+                f"[{self._undefined_name!r}]"
+            )
+
+        return f"{{{{ {message} }}}}"
+
+
+class StrictUndefined(Undefined):
+    """An undefined that barks on print and iteration as well as boolean
+    tests and all kinds of comparisons.  In other words: you can do nothing
+    with it except checking if it's defined using the `defined` test.
+
+    >>> foo = StrictUndefined(name='foo')
+    >>> str(foo)
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> not foo
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+    __iter__ = __str__ = __len__ = Undefined._fail_with_undefined_error
+    __eq__ = __ne__ = __bool__ = __hash__ = Undefined._fail_with_undefined_error
+    __contains__ = Undefined._fail_with_undefined_error
+
+
+# Remove slots attributes, after the metaclass is applied they are
+# unneeded and contain wrong data for subclasses.
+del (
+    Undefined.__slots__,
+    ChainableUndefined.__slots__,
+    DebugUndefined.__slots__,
+    StrictUndefined.__slots__,
+)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/sandbox.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/sandbox.py
new file mode 100644
index 000000000..0b4fc12d3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/sandbox.py
@@ -0,0 +1,429 @@
+"""A sandbox layer that ensures unsafe operations cannot be performed.
+Useful when the template itself comes from an untrusted source.
+"""
+
+import operator
+import types
+import typing as t
+from collections import abc
+from collections import deque
+from string import Formatter
+
+from _string import formatter_field_name_split  # type: ignore
+from markupsafe import EscapeFormatter
+from markupsafe import Markup
+
+from .environment import Environment
+from .exceptions import SecurityError
+from .runtime import Context
+from .runtime import Undefined
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+#: maximum number of items a range may produce
+MAX_RANGE = 100000
+
+#: Unsafe function attributes.
+UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
+
+#: Unsafe method attributes. Function attributes are unsafe for methods too.
+UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
+
+#: unsafe generator attributes.
+UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
+
+#: unsafe attributes on coroutines
+UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
+
+#: unsafe attributes on async generators
+UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
+
+_mutable_spec: t.Tuple[t.Tuple[t.Type[t.Any], t.FrozenSet[str]], ...] = (
+    (
+        abc.MutableSet,
+        frozenset(
+            [
+                "add",
+                "clear",
+                "difference_update",
+                "discard",
+                "pop",
+                "remove",
+                "symmetric_difference_update",
+                "update",
+            ]
+        ),
+    ),
+    (
+        abc.MutableMapping,
+        frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
+    ),
+    (
+        abc.MutableSequence,
+        frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
+    ),
+    (
+        deque,
+        frozenset(
+            [
+                "append",
+                "appendleft",
+                "clear",
+                "extend",
+                "extendleft",
+                "pop",
+                "popleft",
+                "remove",
+                "rotate",
+            ]
+        ),
+    ),
+)
+
+
+def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
+    if not isinstance(
+        callable, (types.MethodType, types.BuiltinMethodType)
+    ) or callable.__name__ not in ("format", "format_map"):
+        return None
+
+    obj = callable.__self__
+
+    if isinstance(obj, str):
+        return obj
+
+    return None
+
+
+def safe_range(*args: int) -> range:
+    """A range that can't generate ranges with a length of more than
+    MAX_RANGE items.
+    """
+    rng = range(*args)
+
+    if len(rng) > MAX_RANGE:
+        raise OverflowError(
+            "Range too big. The sandbox blocks ranges larger than"
+            f" MAX_RANGE ({MAX_RANGE})."
+        )
+
+    return rng
+
+
+def unsafe(f: F) -> F:
+    """Marks a function or method as unsafe.
+
+    .. code-block: python
+
+        @unsafe
+        def delete(self):
+            pass
+    """
+    f.unsafe_callable = True  # type: ignore
+    return f
+
+
+def is_internal_attribute(obj: t.Any, attr: str) -> bool:
+    """Test if the attribute given is an internal python attribute.  For
+    example this function returns `True` for the `func_code` attribute of
+    python objects.  This is useful if the environment method
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
+
+    >>> from jinja2.sandbox import is_internal_attribute
+    >>> is_internal_attribute(str, "mro")
+    True
+    >>> is_internal_attribute(str, "upper")
+    False
+    """
+    if isinstance(obj, types.FunctionType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES:
+            return True
+    elif isinstance(obj, types.MethodType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
+            return True
+    elif isinstance(obj, type):
+        if attr == "mro":
+            return True
+    elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
+        return True
+    elif isinstance(obj, types.GeneratorType):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+            return True
+    elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
+        if attr in UNSAFE_COROUTINE_ATTRIBUTES:
+            return True
+    elif hasattr(types, "AsyncGeneratorType") and isinstance(
+        obj, types.AsyncGeneratorType
+    ):
+        if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
+            return True
+    return attr.startswith("__")
+
+
+def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
+    """This function checks if an attribute on a builtin mutable object
+    (list, dict, set or deque) or the corresponding ABCs would modify it
+    if called.
+
+    >>> modifies_known_mutable({}, "clear")
+    True
+    >>> modifies_known_mutable({}, "keys")
+    False
+    >>> modifies_known_mutable([], "append")
+    True
+    >>> modifies_known_mutable([], "index")
+    False
+
+    If called with an unsupported object, ``False`` is returned.
+
+    >>> modifies_known_mutable("foo", "upper")
+    False
+    """
+    for typespec, unsafe in _mutable_spec:
+        if isinstance(obj, typespec):
+            return attr in unsafe
+    return False
+
+
+class SandboxedEnvironment(Environment):
+    """The sandboxed environment.  It works like the regular environment but
+    tells the compiler to generate sandboxed code.  Additionally subclasses of
+    this environment may override the methods that tell the runtime what
+    attributes or functions are safe to access.
+
+    If the template tries to access insecure code a :exc:`SecurityError` is
+    raised.  However also other exceptions may occur during the rendering so
+    the caller has to ensure that all exceptions are caught.
+    """
+
+    sandboxed = True
+
+    #: default callback table for the binary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`binop_table`
+    default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+        "+": operator.add,
+        "-": operator.sub,
+        "*": operator.mul,
+        "/": operator.truediv,
+        "//": operator.floordiv,
+        "**": operator.pow,
+        "%": operator.mod,
+    }
+
+    #: default callback table for the unary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`unop_table`
+    default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+        "+": operator.pos,
+        "-": operator.neg,
+    }
+
+    #: a set of binary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_binop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`binop_table`.
+    #:
+    #: The following binary operators are interceptable:
+    #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_binops: t.FrozenSet[str] = frozenset()
+
+    #: a set of unary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_unop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`unop_table`.
+    #:
+    #: The following unary operators are interceptable: ``+``, ``-``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_unops: t.FrozenSet[str] = frozenset()
+
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
+        super().__init__(*args, **kwargs)
+        self.globals["range"] = safe_range
+        self.binop_table = self.default_binop_table.copy()
+        self.unop_table = self.default_unop_table.copy()
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        """The sandboxed environment will call this method to check if the
+        attribute of an object is safe to access.  Per default all attributes
+        starting with an underscore are considered private as well as the
+        special attributes of internal python objects as returned by the
+        :func:`is_internal_attribute` function.
+        """
+        return not (attr.startswith("_") or is_internal_attribute(obj, attr))
+
+    def is_safe_callable(self, obj: t.Any) -> bool:
+        """Check if an object is safely callable. By default callables
+        are considered safe unless decorated with :func:`unsafe`.
+
+        This also recognizes the Django convention of setting
+        ``func.alters_data = True``.
+        """
+        return not (
+            getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
+        )
+
+    def call_binop(
+        self, context: Context, operator: str, left: t.Any, right: t.Any
+    ) -> t.Any:
+        """For intercepted binary operator calls (:meth:`intercepted_binops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.binop_table[operator](left, right)
+
+    def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
+        """For intercepted unary operator calls (:meth:`intercepted_unops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.unop_table[operator](arg)
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code."""
+        try:
+            return obj[argument]
+        except (TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        value = getattr(obj, attr)
+                    except AttributeError:
+                        pass
+                    else:
+                        if self.is_safe_attribute(obj, argument, value):
+                            return value
+                        return self.unsafe_undefined(obj, argument)
+        return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code and prefer the
+        attribute.  The attribute passed *must* be a bytestring.
+        """
+        try:
+            value = getattr(obj, attribute)
+        except AttributeError:
+            try:
+                return obj[attribute]
+            except (TypeError, LookupError):
+                pass
+        else:
+            if self.is_safe_attribute(obj, attribute, value):
+                return value
+            return self.unsafe_undefined(obj, attribute)
+        return self.undefined(obj=obj, name=attribute)
+
+    def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
+        """Return an undefined object for unsafe attributes."""
+        return self.undefined(
+            f"access to attribute {attribute!r} of"
+            f" {type(obj).__name__!r} object is unsafe.",
+            name=attribute,
+            obj=obj,
+            exc=SecurityError,
+        )
+
+    def format_string(
+        self,
+        s: str,
+        args: t.Tuple[t.Any, ...],
+        kwargs: t.Dict[str, t.Any],
+        format_func: t.Optional[t.Callable[..., t.Any]] = None,
+    ) -> str:
+        """If a format call is detected, then this is routed through this
+        method so that our safety sandbox can be used for it.
+        """
+        formatter: SandboxedFormatter
+        if isinstance(s, Markup):
+            formatter = SandboxedEscapeFormatter(self, escape=s.escape)
+        else:
+            formatter = SandboxedFormatter(self)
+
+        if format_func is not None and format_func.__name__ == "format_map":
+            if len(args) != 1 or kwargs:
+                raise TypeError(
+                    "format_map() takes exactly one argument"
+                    f" {len(args) + (kwargs is not None)} given"
+                )
+
+            kwargs = args[0]
+            args = ()
+
+        rv = formatter.vformat(s, args, kwargs)
+        return type(s)(rv)
+
+    def call(
+        __self,  # noqa: B902
+        __context: Context,
+        __obj: t.Any,
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        """Call an object from sandboxed code."""
+        fmt = inspect_format_method(__obj)
+        if fmt is not None:
+            return __self.format_string(fmt, args, kwargs, __obj)
+
+        # the double prefixes are to avoid double keyword argument
+        # errors when proxying the call.
+        if not __self.is_safe_callable(__obj):
+            raise SecurityError(f"{__obj!r} is not safely callable")
+        return __context.call(__obj, *args, **kwargs)
+
+
+class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+    """Works exactly like the regular `SandboxedEnvironment` but does not
+    permit modifications on the builtin mutable objects `list`, `set`, and
+    `dict` by using the :func:`modifies_known_mutable` function.
+    """
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        if not super().is_safe_attribute(obj, attr, value):
+            return False
+
+        return not modifies_known_mutable(obj, attr)
+
+
+class SandboxedFormatter(Formatter):
+    def __init__(self, env: Environment, **kwargs: t.Any) -> None:
+        self._env = env
+        super().__init__(**kwargs)
+
+    def get_field(
+        self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, str]:
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+
+class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/tests.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/tests.py
new file mode 100644
index 000000000..1a59e3703
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/tests.py
@@ -0,0 +1,256 @@
+"""Built-in template tests used with the ``is`` operator."""
+
+import operator
+import typing as t
+from collections import abc
+from numbers import Number
+
+from .runtime import Undefined
+from .utils import pass_environment
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def test_odd(value: int) -> bool:
+    """Return true if the variable is odd."""
+    return value % 2 == 1
+
+
+def test_even(value: int) -> bool:
+    """Return true if the variable is even."""
+    return value % 2 == 0
+
+
+def test_divisibleby(value: int, num: int) -> bool:
+    """Check if a variable is divisible by a number."""
+    return value % num == 0
+
+
+def test_defined(value: t.Any) -> bool:
+    """Return true if the variable is defined:
+
+    .. sourcecode:: jinja
+
+        {% if variable is defined %}
+            value of variable: {{ variable }}
+        {% else %}
+            variable is not defined
+        {% endif %}
+
+    See the :func:`default` filter for a simple way to set undefined
+    variables.
+    """
+    return not isinstance(value, Undefined)
+
+
+def test_undefined(value: t.Any) -> bool:
+    """Like :func:`defined` but the other way round."""
+    return isinstance(value, Undefined)
+
+
+@pass_environment
+def test_filter(env: "Environment", value: str) -> bool:
+    """Check if a filter exists by name. Useful if a filter may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'markdown' is filter %}
+            {{ value | markdown }}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.filters
+
+
+@pass_environment
+def test_test(env: "Environment", value: str) -> bool:
+    """Check if a test exists by name. Useful if a test may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'loud' is test %}
+            {% if value is loud %}
+                {{ value|upper }}
+            {% else %}
+                {{ value|lower }}
+            {% endif %}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.tests
+
+
+def test_none(value: t.Any) -> bool:
+    """Return true if the variable is none."""
+    return value is None
+
+
+def test_boolean(value: t.Any) -> bool:
+    """Return true if the object is a boolean value.
+
+    .. versionadded:: 2.11
+    """
+    return value is True or value is False
+
+
+def test_false(value: t.Any) -> bool:
+    """Return true if the object is False.
+
+    .. versionadded:: 2.11
+    """
+    return value is False
+
+
+def test_true(value: t.Any) -> bool:
+    """Return true if the object is True.
+
+    .. versionadded:: 2.11
+    """
+    return value is True
+
+
+# NOTE: The existing 'number' test matches booleans and floats
+def test_integer(value: t.Any) -> bool:
+    """Return true if the object is an integer.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, int) and value is not True and value is not False
+
+
+# NOTE: The existing 'number' test matches booleans and integers
+def test_float(value: t.Any) -> bool:
+    """Return true if the object is a float.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, float)
+
+
+def test_lower(value: str) -> bool:
+    """Return true if the variable is lowercased."""
+    return str(value).islower()
+
+
+def test_upper(value: str) -> bool:
+    """Return true if the variable is uppercased."""
+    return str(value).isupper()
+
+
+def test_string(value: t.Any) -> bool:
+    """Return true if the object is a string."""
+    return isinstance(value, str)
+
+
+def test_mapping(value: t.Any) -> bool:
+    """Return true if the object is a mapping (dict etc.).
+
+    .. versionadded:: 2.6
+    """
+    return isinstance(value, abc.Mapping)
+
+
+def test_number(value: t.Any) -> bool:
+    """Return true if the variable is a number."""
+    return isinstance(value, Number)
+
+
+def test_sequence(value: t.Any) -> bool:
+    """Return true if the variable is a sequence. Sequences are variables
+    that are iterable.
+    """
+    try:
+        len(value)
+        value.__getitem__  # noqa B018
+    except Exception:
+        return False
+
+    return True
+
+
+def test_sameas(value: t.Any, other: t.Any) -> bool:
+    """Check if an object points to the same memory address than another
+    object:
+
+    .. sourcecode:: jinja
+
+        {% if foo.attribute is sameas false %}
+            the foo attribute really is the `False` singleton
+        {% endif %}
+    """
+    return value is other
+
+
+def test_iterable(value: t.Any) -> bool:
+    """Check if it's possible to iterate over an object."""
+    try:
+        iter(value)
+    except TypeError:
+        return False
+
+    return True
+
+
+def test_escaped(value: t.Any) -> bool:
+    """Check if the value is escaped."""
+    return hasattr(value, "__html__")
+
+
+def test_in(value: t.Any, seq: t.Container[t.Any]) -> bool:
+    """Check if value is in seq.
+
+    .. versionadded:: 2.10
+    """
+    return value in seq
+
+
+TESTS = {
+    "odd": test_odd,
+    "even": test_even,
+    "divisibleby": test_divisibleby,
+    "defined": test_defined,
+    "undefined": test_undefined,
+    "filter": test_filter,
+    "test": test_test,
+    "none": test_none,
+    "boolean": test_boolean,
+    "false": test_false,
+    "true": test_true,
+    "integer": test_integer,
+    "float": test_float,
+    "lower": test_lower,
+    "upper": test_upper,
+    "string": test_string,
+    "mapping": test_mapping,
+    "number": test_number,
+    "sequence": test_sequence,
+    "iterable": test_iterable,
+    "callable": callable,
+    "sameas": test_sameas,
+    "escaped": test_escaped,
+    "in": test_in,
+    "==": operator.eq,
+    "eq": operator.eq,
+    "equalto": operator.eq,
+    "!=": operator.ne,
+    "ne": operator.ne,
+    ">": operator.gt,
+    "gt": operator.gt,
+    "greaterthan": operator.gt,
+    "ge": operator.ge,
+    ">=": operator.ge,
+    "<": operator.lt,
+    "lt": operator.lt,
+    "lessthan": operator.lt,
+    "<=": operator.le,
+    "le": operator.le,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/utils.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/utils.py
new file mode 100644
index 000000000..7fb76935a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/utils.py
@@ -0,0 +1,755 @@
+import enum
+import json
+import os
+import re
+import typing as t
+from collections import abc
+from collections import deque
+from random import choice
+from random import randrange
+from threading import Lock
+from types import CodeType
+from urllib.parse import quote_from_bytes
+
+import markupsafe
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+# special singleton representing missing values for the runtime
+missing: t.Any = type("MissingType", (), {"__repr__": lambda x: "missing"})()
+
+internal_code: t.MutableSet[CodeType] = set()
+
+concat = "".join
+
+
+def pass_context(f: F) -> F:
+    """Pass the :class:`~jinja2.runtime.Context` as the first argument
+    to the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``Context.eval_context`` is needed, use
+    :func:`pass_eval_context`. If only ``Context.environment`` is
+    needed, use :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``contextfunction`` and ``contextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.context  # type: ignore
+    return f
+
+
+def pass_eval_context(f: F) -> F:
+    """Pass the :class:`~jinja2.nodes.EvalContext` as the first argument
+    to the decorated function when called while rendering a template.
+    See :ref:`eval-context`.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``EvalContext.environment`` is needed, use
+    :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``evalcontextfunction`` and ``evalcontextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.eval_context  # type: ignore
+    return f
+
+
+def pass_environment(f: F) -> F:
+    """Pass the :class:`~jinja2.Environment` as the first argument to
+    the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    .. versionadded:: 3.0.0
+        Replaces ``environmentfunction`` and ``environmentfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.environment  # type: ignore
+    return f
+
+
+class _PassArg(enum.Enum):
+    context = enum.auto()
+    eval_context = enum.auto()
+    environment = enum.auto()
+
+    @classmethod
+    def from_obj(cls, obj: F) -> t.Optional["_PassArg"]:
+        if hasattr(obj, "jinja_pass_arg"):
+            return obj.jinja_pass_arg  # type: ignore
+
+        return None
+
+
+def internalcode(f: F) -> F:
+    """Marks the function as internally used"""
+    internal_code.add(f.__code__)
+    return f
+
+
+def is_undefined(obj: t.Any) -> bool:
+    """Check if the object passed is undefined.  This does nothing more than
+    performing an instance check against :class:`Undefined` but looks nicer.
+    This can be used for custom filters or tests that want to react to
+    undefined variables.  For example a custom default filter can look like
+    this::
+
+        def default(var, default=''):
+            if is_undefined(var):
+                return default
+            return var
+    """
+    from .runtime import Undefined
+
+    return isinstance(obj, Undefined)
+
+
+def consume(iterable: t.Iterable[t.Any]) -> None:
+    """Consumes an iterable without doing anything with it."""
+    for _ in iterable:
+        pass
+
+
+def clear_caches() -> None:
+    """Jinja keeps internal caches for environments and lexers.  These are
+    used so that Jinja doesn't have to recreate environments and lexers all
+    the time.  Normally you don't have to care about that but if you are
+    measuring memory consumption you may want to clean the caches.
+    """
+    from .environment import get_spontaneous_environment
+    from .lexer import _lexer_cache
+
+    get_spontaneous_environment.cache_clear()
+    _lexer_cache.clear()
+
+
+def import_string(import_name: str, silent: bool = False) -> t.Any:
+    """Imports an object based on a string.  This is useful if you want to
+    use import paths as endpoints or something similar.  An import path can
+    be specified either in dotted notation (``xml.sax.saxutils.escape``)
+    or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+    If the `silent` is True the return value will be `None` if the import
+    fails.
+
+    :return: imported object
+    """
+    try:
+        if ":" in import_name:
+            module, obj = import_name.split(":", 1)
+        elif "." in import_name:
+            module, _, obj = import_name.rpartition(".")
+        else:
+            return __import__(import_name)
+        return getattr(__import__(module, None, None, [obj]), obj)
+    except (ImportError, AttributeError):
+        if not silent:
+            raise
+
+
+def open_if_exists(filename: str, mode: str = "rb") -> t.Optional[t.IO[t.Any]]:
+    """Returns a file descriptor for the filename if that file exists,
+    otherwise ``None``.
+    """
+    if not os.path.isfile(filename):
+        return None
+
+    return open(filename, mode)
+
+
+def object_type_repr(obj: t.Any) -> str:
+    """Returns the name of the object's type.  For some recognized
+    singletons the name of the object is returned instead. (For
+    example for `None` and `Ellipsis`).
+    """
+    if obj is None:
+        return "None"
+    elif obj is Ellipsis:
+        return "Ellipsis"
+
+    cls = type(obj)
+
+    if cls.__module__ == "builtins":
+        return f"{cls.__name__} object"
+
+    return f"{cls.__module__}.{cls.__name__} object"
+
+
+def pformat(obj: t.Any) -> str:
+    """Format an object using :func:`pprint.pformat`."""
+    from pprint import pformat
+
+    return pformat(obj)
+
+
+_http_re = re.compile(
+    r"""
+    ^
+    (
+        (https?://|www\.)  # scheme or www
+        (([\w%-]+\.)+)?  # subdomain
+        (
+            [a-z]{2,63}  # basic tld
+        |
+            xn--[\w%]{2,59}  # idna tld
+        )
+    |
+        ([\w%-]{2,63}\.)+  # basic domain
+        (com|net|int|edu|gov|org|info|mil)  # basic tld
+    |
+        (https?://)  # scheme
+        (
+            (([\d]{1,3})(\.[\d]{1,3}){3})  # IPv4
+        |
+            (\[([\da-f]{0,4}:){2}([\da-f]{0,4}:?){1,6}])  # IPv6
+        )
+    )
+    (?::[\d]{1,5})?  # port
+    (?:[/?#]\S*)?  # path, query, and fragment
+    $
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+_email_re = re.compile(r"^\S+@\w[\w.-]*\.\w+$")
+
+
+def urlize(
+    text: str,
+    trim_url_limit: t.Optional[int] = None,
+    rel: t.Optional[str] = None,
+    target: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param text: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+    """
+    if trim_url_limit is not None:
+
+        def trim_url(x: str) -> str:
+            if len(x) > trim_url_limit:
+                return f"{x[:trim_url_limit]}..."
+
+            return x
+
+    else:
+
+        def trim_url(x: str) -> str:
+            return x
+
+    words = re.split(r"(\s+)", str(markupsafe.escape(text)))
+    rel_attr = f' rel="{markupsafe.escape(rel)}"' if rel else ""
+    target_attr = f' target="{markupsafe.escape(target)}"' if target else ""
+
+    for i, word in enumerate(words):
+        head, middle, tail = "", word, ""
+        match = re.match(r"^([(<]|&lt;)+", middle)
+
+        if match:
+            head = match.group()
+            middle = middle[match.end() :]
+
+        # Unlike lead, which is anchored to the start of the string,
+        # need to check that the string ends with any of the characters
+        # before trying to match all of them, to avoid backtracking.
+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
+
+            if match:
+                tail = match.group()
+                middle = middle[: match.start()]
+
+        # Prefer balancing parentheses in URLs instead of ignoring a
+        # trailing character.
+        for start_char, end_char in ("(", ")"), ("<", ">"), ("&lt;", "&gt;"):
+            start_count = middle.count(start_char)
+
+            if start_count <= middle.count(end_char):
+                # Balanced, or lighter on the left
+                continue
+
+            # Move as many as possible from the tail to balance
+            for _ in range(min(start_count, tail.count(end_char))):
+                end_index = tail.index(end_char) + len(end_char)
+                # Move anything in the tail before the end char too
+                middle += tail[:end_index]
+                tail = tail[end_index:]
+
+        if _http_re.match(middle):
+            if middle.startswith("https://") or middle.startswith("http://"):
+                middle = (
+                    f'<a href="{middle}"{rel_attr}{target_attr}>{trim_url(middle)}</a>'
+                )
+            else:
+                middle = (
+                    f'<a href="https://{middle}"{rel_attr}{target_attr}>'
+                    f"{trim_url(middle)}</a>"
+                )
+
+        elif middle.startswith("mailto:") and _email_re.match(middle[7:]):
+            middle = f'<a href="{middle}">{middle[7:]}</a>'
+
+        elif (
+            "@" in middle
+            and not middle.startswith("www.")
+            and ":" not in middle
+            and _email_re.match(middle)
+        ):
+            middle = f'<a href="mailto:{middle}">{middle}</a>'
+
+        elif extra_schemes is not None:
+            for scheme in extra_schemes:
+                if middle != scheme and middle.startswith(scheme):
+                    middle = f'<a href="{middle}"{rel_attr}{target_attr}>{middle}</a>'
+
+        words[i] = f"{head}{middle}{tail}"
+
+    return "".join(words)
+
+
+def generate_lorem_ipsum(
+    n: int = 5, html: bool = True, min: int = 20, max: int = 100
+) -> str:
+    """Generate some lorem ipsum for the template."""
+    from .constants import LOREM_IPSUM_WORDS
+
+    words = LOREM_IPSUM_WORDS.split()
+    result = []
+
+    for _ in range(n):
+        next_capitalized = True
+        last_comma = last_fullstop = 0
+        word = None
+        last = None
+        p = []
+
+        # each paragraph contains out of 20 to 100 words.
+        for idx, _ in enumerate(range(randrange(min, max))):
+            while True:
+                word = choice(words)
+                if word != last:
+                    last = word
+                    break
+            if next_capitalized:
+                word = word.capitalize()
+                next_capitalized = False
+            # add commas
+            if idx - randrange(3, 8) > last_comma:
+                last_comma = idx
+                last_fullstop += 2
+                word += ","
+            # add end of sentences
+            if idx - randrange(10, 20) > last_fullstop:
+                last_comma = last_fullstop = idx
+                word += "."
+                next_capitalized = True
+            p.append(word)
+
+        # ensure that the paragraph ends with a dot.
+        p_str = " ".join(p)
+
+        if p_str.endswith(","):
+            p_str = p_str[:-1] + "."
+        elif not p_str.endswith("."):
+            p_str += "."
+
+        result.append(p_str)
+
+    if not html:
+        return "\n\n".join(result)
+    return markupsafe.Markup(
+        "\n".join(f"<p>{markupsafe.escape(x)}</p>" for x in result)
+    )
+
+
+def url_quote(obj: t.Any, charset: str = "utf-8", for_qs: bool = False) -> str:
+    """Quote a string for use in a URL using the given charset.
+
+    :param obj: String or bytes to quote. Other types are converted to
+        string then encoded to bytes using the given charset.
+    :param charset: Encode text to bytes using this charset.
+    :param for_qs: Quote "/" and use "+" for spaces.
+    """
+    if not isinstance(obj, bytes):
+        if not isinstance(obj, str):
+            obj = str(obj)
+
+        obj = obj.encode(charset)
+
+    safe = b"" if for_qs else b"/"
+    rv = quote_from_bytes(obj, safe)
+
+    if for_qs:
+        rv = rv.replace("%20", "+")
+
+    return rv
+
+
+@abc.MutableMapping.register
+class LRUCache:
+    """A simple LRU Cache implementation."""
+
+    # this is fast for small capacities (something below 1000) but doesn't
+    # scale.  But as long as it's only used as storage for templates this
+    # won't do any harm.
+
+    def __init__(self, capacity: int) -> None:
+        self.capacity = capacity
+        self._mapping: t.Dict[t.Any, t.Any] = {}
+        self._queue: "te.Deque[t.Any]" = deque()
+        self._postinit()
+
+    def _postinit(self) -> None:
+        # alias all queue methods for faster lookup
+        self._popleft = self._queue.popleft
+        self._pop = self._queue.pop
+        self._remove = self._queue.remove
+        self._wlock = Lock()
+        self._append = self._queue.append
+
+    def __getstate__(self) -> t.Mapping[str, t.Any]:
+        return {
+            "capacity": self.capacity,
+            "_mapping": self._mapping,
+            "_queue": self._queue,
+        }
+
+    def __setstate__(self, d: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.update(d)
+        self._postinit()
+
+    def __getnewargs__(self) -> t.Tuple[t.Any, ...]:
+        return (self.capacity,)
+
+    def copy(self) -> "LRUCache":
+        """Return a shallow copy of the instance."""
+        rv = self.__class__(self.capacity)
+        rv._mapping.update(self._mapping)
+        rv._queue.extend(self._queue)
+        return rv
+
+    def get(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Return an item from the cache dict or `default`"""
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def setdefault(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Set `default` if the key is not in the cache otherwise
+        leave unchanged. Return the value of this key.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            self[key] = default
+            return default
+
+    def clear(self) -> None:
+        """Clear the cache."""
+        with self._wlock:
+            self._mapping.clear()
+            self._queue.clear()
+
+    def __contains__(self, key: t.Any) -> bool:
+        """Check if a key exists in this cache."""
+        return key in self._mapping
+
+    def __len__(self) -> int:
+        """Return the current size of the cache."""
+        return len(self._mapping)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self._mapping!r}>"
+
+    def __getitem__(self, key: t.Any) -> t.Any:
+        """Get an item from the cache. Moves the item up so that it has the
+        highest priority then.
+
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            rv = self._mapping[key]
+
+            if self._queue[-1] != key:
+                try:
+                    self._remove(key)
+                except ValueError:
+                    # if something removed the key from the container
+                    # when we read, ignore the ValueError that we would
+                    # get otherwise.
+                    pass
+
+                self._append(key)
+
+            return rv
+
+    def __setitem__(self, key: t.Any, value: t.Any) -> None:
+        """Sets the value for an item. Moves the item up so that it
+        has the highest priority then.
+        """
+        with self._wlock:
+            if key in self._mapping:
+                self._remove(key)
+            elif len(self._mapping) == self.capacity:
+                del self._mapping[self._popleft()]
+
+            self._append(key)
+            self._mapping[key] = value
+
+    def __delitem__(self, key: t.Any) -> None:
+        """Remove an item from the cache dict.
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            del self._mapping[key]
+
+            try:
+                self._remove(key)
+            except ValueError:
+                pass
+
+    def items(self) -> t.Iterable[t.Tuple[t.Any, t.Any]]:
+        """Return a list of items."""
+        result = [(key, self._mapping[key]) for key in list(self._queue)]
+        result.reverse()
+        return result
+
+    def values(self) -> t.Iterable[t.Any]:
+        """Return a list of all values."""
+        return [x[1] for x in self.items()]
+
+    def keys(self) -> t.Iterable[t.Any]:
+        """Return a list of all keys ordered by most recent usage."""
+        return list(self)
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        return reversed(tuple(self._queue))
+
+    def __reversed__(self) -> t.Iterator[t.Any]:
+        """Iterate over the keys in the cache dict, oldest items
+        coming first.
+        """
+        return iter(tuple(self._queue))
+
+    __copy__ = copy
+
+
+def select_autoescape(
+    enabled_extensions: t.Collection[str] = ("html", "htm", "xml"),
+    disabled_extensions: t.Collection[str] = (),
+    default_for_string: bool = True,
+    default: bool = False,
+) -> t.Callable[[t.Optional[str]], bool]:
+    """Intelligently sets the initial value of autoescaping based on the
+    filename of the template.  This is the recommended way to configure
+    autoescaping if you do not want to write a custom function yourself.
+
+    If you want to enable it for all templates created from strings or
+    for all templates with `.html` and `.xml` extensions::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            enabled_extensions=('html', 'xml'),
+            default_for_string=True,
+        ))
+
+    Example configuration to turn it on at all times except if the template
+    ends with `.txt`::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            disabled_extensions=('txt',),
+            default_for_string=True,
+            default=True,
+        ))
+
+    The `enabled_extensions` is an iterable of all the extensions that
+    autoescaping should be enabled for.  Likewise `disabled_extensions` is
+    a list of all templates it should be disabled for.  If a template is
+    loaded from a string then the default from `default_for_string` is used.
+    If nothing matches then the initial value of autoescaping is set to the
+    value of `default`.
+
+    For security reasons this function operates case insensitive.
+
+    .. versionadded:: 2.9
+    """
+    enabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in enabled_extensions)
+    disabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in disabled_extensions)
+
+    def autoescape(template_name: t.Optional[str]) -> bool:
+        if template_name is None:
+            return default_for_string
+        template_name = template_name.lower()
+        if template_name.endswith(enabled_patterns):
+            return True
+        if template_name.endswith(disabled_patterns):
+            return False
+        return default
+
+    return autoescape
+
+
+def htmlsafe_json_dumps(
+    obj: t.Any, dumps: t.Optional[t.Callable[..., str]] = None, **kwargs: t.Any
+) -> markupsafe.Markup:
+    """Serialize an object to a string of JSON with :func:`json.dumps`,
+    then replace HTML-unsafe characters with Unicode escapes and mark
+    the result safe with :class:`~markupsafe.Markup`.
+
+    This is available in templates as the ``|tojson`` filter.
+
+    The following characters are escaped: ``<``, ``>``, ``&``, ``'``.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param obj: The object to serialize to JSON.
+    :param dumps: The ``dumps`` function to use. Defaults to
+        ``env.policies["json.dumps_function"]``, which defaults to
+        :func:`json.dumps`.
+    :param kwargs: Extra arguments to pass to ``dumps``. Merged onto
+        ``env.policies["json.dumps_kwargs"]``.
+
+    .. versionchanged:: 3.0
+        The ``dumper`` parameter is renamed to ``dumps``.
+
+    .. versionadded:: 2.9
+    """
+    if dumps is None:
+        dumps = json.dumps
+
+    return markupsafe.Markup(
+        dumps(obj, **kwargs)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("'", "\\u0027")
+    )
+
+
+class Cycler:
+    """Cycle through values by yield them one at a time, then restarting
+    once the end is reached. Available as ``cycler`` in templates.
+
+    Similar to ``loop.cycle``, but can be used outside loops or across
+    multiple loops. For example, render a list of folders and files in a
+    list, alternating giving them "odd" and "even" classes.
+
+    .. code-block:: html+jinja
+
+        {% set row_class = cycler("odd", "even") %}
+        <ul class="browser">
+        {% for folder in folders %}
+          <li class="folder {{ row_class.next() }}">{{ folder }}
+        {% endfor %}
+        {% for file in files %}
+          <li class="file {{ row_class.next() }}">{{ file }}
+        {% endfor %}
+        </ul>
+
+    :param items: Each positional argument will be yielded in the order
+        given for each cycle.
+
+    .. versionadded:: 2.1
+    """
+
+    def __init__(self, *items: t.Any) -> None:
+        if not items:
+            raise RuntimeError("at least one item has to be provided")
+        self.items = items
+        self.pos = 0
+
+    def reset(self) -> None:
+        """Resets the current item to the first item."""
+        self.pos = 0
+
+    @property
+    def current(self) -> t.Any:
+        """Return the current item. Equivalent to the item that will be
+        returned next time :meth:`next` is called.
+        """
+        return self.items[self.pos]
+
+    def next(self) -> t.Any:
+        """Return the current item, then advance :attr:`current` to the
+        next item.
+        """
+        rv = self.current
+        self.pos = (self.pos + 1) % len(self.items)
+        return rv
+
+    __next__ = next
+
+
+class Joiner:
+    """A joining helper for templates."""
+
+    def __init__(self, sep: str = ", ") -> None:
+        self.sep = sep
+        self.used = False
+
+    def __call__(self) -> str:
+        if not self.used:
+            self.used = True
+            return ""
+        return self.sep
+
+
+class Namespace:
+    """A namespace object that can hold arbitrary attributes.  It may be
+    initialized from a dictionary or with keyword arguments."""
+
+    def __init__(*args: t.Any, **kwargs: t.Any) -> None:  # noqa: B902
+        self, args = args[0], args[1:]
+        self.__attrs = dict(*args, **kwargs)
+
+    def __getattribute__(self, name: str) -> t.Any:
+        # __class__ is needed for the awaitable check in async mode
+        if name in {"_Namespace__attrs", "__class__"}:
+            return object.__getattribute__(self, name)
+        try:
+            return self.__attrs[name]
+        except KeyError:
+            raise AttributeError(name) from None
+
+    def __setitem__(self, name: str, value: t.Any) -> None:
+        self.__attrs[name] = value
+
+    def __repr__(self) -> str:
+        return f"<Namespace {self.__attrs!r}>"
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jinja2/visitor.py b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/visitor.py
new file mode 100644
index 000000000..7b8e18060
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jinja2/visitor.py
@@ -0,0 +1,92 @@
+"""API for traversing the AST nodes. Implemented by the compiler and
+meta introspection.
+"""
+
+import typing as t
+
+from .nodes import Node
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class VisitCallable(te.Protocol):
+        def __call__(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any: ...
+
+
+class NodeVisitor:
+    """Walks the abstract syntax tree and call visitor functions for every
+    node found.  The visitor functions may return values which will be
+    forwarded by the `visit` method.
+
+    Per default the visitor functions for the nodes are ``'visit_'`` +
+    class name of the node.  So a `TryFinally` node visit function would
+    be `visit_TryFinally`.  This behavior can be changed by overriding
+    the `get_visitor` function.  If no visitor function exists for a node
+    (return value `None`) the `generic_visit` visitor is used instead.
+    """
+
+    def get_visitor(self, node: Node) -> "t.Optional[VisitCallable]":
+        """Return the visitor function for this node or `None` if no visitor
+        exists for this node.  In that case the generic visit function is
+        used instead.
+        """
+        return getattr(self, f"visit_{type(node).__name__}", None)
+
+    def visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Visit a node."""
+        f = self.get_visitor(node)
+
+        if f is not None:
+            return f(node, *args, **kwargs)
+
+        return self.generic_visit(node, *args, **kwargs)
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Called if no explicit visitor function exists for a node."""
+        for child_node in node.iter_child_nodes():
+            self.visit(child_node, *args, **kwargs)
+
+
+class NodeTransformer(NodeVisitor):
+    """Walks the abstract syntax tree and allows modifications of nodes.
+
+    The `NodeTransformer` will walk the AST and use the return value of the
+    visitor functions to replace or remove the old node.  If the return
+    value of the visitor function is `None` the node will be removed
+    from the previous location otherwise it's replaced with the return
+    value.  The return value may be the original node in which case no
+    replacement takes place.
+    """
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> Node:
+        for field, old_value in node.iter_fields():
+            if isinstance(old_value, list):
+                new_values = []
+                for value in old_value:
+                    if isinstance(value, Node):
+                        value = self.visit(value, *args, **kwargs)
+                        if value is None:
+                            continue
+                        elif not isinstance(value, Node):
+                            new_values.extend(value)
+                            continue
+                    new_values.append(value)
+                old_value[:] = new_values
+            elif isinstance(old_value, Node):
+                new_node = self.visit(old_value, *args, **kwargs)
+                if new_node is None:
+                    delattr(node, field)
+                else:
+                    setattr(node, field, new_node)
+        return node
+
+    def visit_list(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.List[Node]:
+        """As transformers may return lists in some places this method
+        can be used to enforce a list as return value.
+        """
+        rv = self.visit(node, *args, **kwargs)
+
+        if not isinstance(rv, list):
+            return [rv]
+
+        return rv
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
new file mode 100644
index 000000000..86be119bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
@@ -0,0 +1,379 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.6.1
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+License-File: LICENSE
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.7 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++-------------------------------------+------------------------------------------------------------------------------------+
+| Syntax                              | Meaning                                                                            |
++=====================================+====================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
++-------------------------------------+------------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
new file mode 100644
index 000000000..38ffaaa74
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
@@ -0,0 +1,35 @@
+../../bin/jsonpath_ng,sha256=tJPq7KMofc3ePZi4qwjutVB0uh2l8XT9xdKguQSjUks,261
+jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
+jsonpath_ng-1.6.1.dist-info/RECORD,,
+jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
+jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
+jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/__pycache__/lexer.cpython-311.pyc,,
+jsonpath_ng/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/bin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng/bin/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/bin/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/bin/jsonpath.py,sha256=C4PCWjxSRskALh_Z7ILOFpvHNjP5HLBmRnxbzrbgg98,2057
+jsonpath_ng/exceptions.py,sha256=WbmwVjhCtpqp0enN3Sd4ymlZGP8ZZUkvT9uq7PXiEq4,146
+jsonpath_ng/ext/__init__.py,sha256=oxAHiz1-xcRsDX_KGDCiBh6LGP2zHZKzvI3QxrFTh6E,605
+jsonpath_ng/ext/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/arithmetic.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/filter.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/iterable.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
+jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
+jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
+jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
+jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
+jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
+jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
+jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
+jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
new file mode 100644
index 000000000..57e3d840d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.38.4)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
new file mode 100644
index 000000000..e1985ff19
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
new file mode 100644
index 000000000..30b75c567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
@@ -0,0 +1 @@
+jsonpath_ng
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
new file mode 100644
index 000000000..ed6553b2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
@@ -0,0 +1,6 @@
+from .jsonpath import *  # noqa
+from .parser import parse  # noqa
+
+
+# Current package version
+__version__ = '1.6.1'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/jsonpath.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/jsonpath.py
new file mode 100644
index 000000000..386f87c59
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/bin/jsonpath.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# encoding: utf-8
+# Copyright © 2012 Felix Richter <wtfpl@syntax-fehler.de>
+# This work is free. You can redistribute it and/or modify it under the
+# terms of the Do What The Fuck You Want To Public License, Version 2,
+# as published by Sam Hocevar. See the COPYING file for more details.
+
+# Standard Library imports
+import json
+import sys
+import glob
+import argparse
+
+# JsonPath-RW imports
+from jsonpath_ng import parse
+
+def find_matches_for_file(expr, f):
+    return expr.find(json.load(f))
+
+def print_matches(matches):
+    print('\n'.join(['{0}'.format(match.value) for match in matches]))
+
+
+def main(*argv):
+    parser = argparse.ArgumentParser(
+        description='Search JSON files (or stdin) according to a JSONPath expression.',
+        formatter_class=argparse.RawTextHelpFormatter,
+        epilog="""
+        Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw)
+
+        atomics:
+            $              - root object
+            `this`         - current object
+
+        operators:
+            path1.path2    - same as xpath /
+            path1|path2    - union
+            path1..path2   - somewhere in between
+
+        fields:
+            fieldname       - field with name
+            *               - any field
+            [_start_?:_end_?] - array slice
+            [*]             - any array index
+    """)
+
+
+
+    parser.add_argument('expression', help='A JSONPath expression.')
+    parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)')
+
+    args = parser.parse_args(argv[1:])
+
+    expr = parse(args.expression)
+    glob_patterns = args.files
+
+    if len(glob_patterns) == 0:
+        # stdin mode
+        print_matches(find_matches_for_file(expr, sys.stdin))
+    else:
+        # file paths mode
+        for pattern in glob_patterns:
+            for filename in glob.glob(pattern):
+                with open(filename) as f:
+                    print_matches(find_matches_for_file(expr, f))
+
+def entry_point():
+    main(*sys.argv)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/exceptions.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/exceptions.py
new file mode 100644
index 000000000..a592d83cb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/exceptions.py
@@ -0,0 +1,10 @@
+class JSONPathError(Exception):
+    pass
+
+
+class JsonPathLexerError(JSONPathError):
+    pass
+
+
+class JsonPathParserError(JSONPathError):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/__init__.py
new file mode 100644
index 000000000..1e5c325fc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .parser import parse  # noqa
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/arithmetic.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/arithmetic.py
new file mode 100644
index 000000000..0ba9e0ca8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/arithmetic.py
@@ -0,0 +1,72 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+from .. import JSONPath, DatumInContext
+
+
+OPERATOR_MAP = {
+    '+': operator.add,
+    '-': operator.sub,
+    '*': operator.mul,
+    '/': operator.truediv,
+}
+
+
+class Operation(JSONPath):
+    def __init__(self, left, op, right):
+        self.left = left
+        self.op = OPERATOR_MAP[op]
+        self.right = right
+
+    def find(self, datum):
+        result = []
+        if (isinstance(self.left, JSONPath)
+                and isinstance(self.right, JSONPath)):
+            left = self.left.find(datum)
+            right = self.right.find(datum)
+            if left and right and len(left) == len(right):
+                for l, r in zip(left, right):
+                    try:
+                        result.append(self.op(l.value, r.value))
+                    except TypeError:
+                        return []
+            else:
+                return []
+        elif isinstance(self.left, JSONPath):
+            left = self.left.find(datum)
+            for l in left:
+                try:
+                    result.append(self.op(l.value, self.right))
+                except TypeError:
+                    return []
+        elif isinstance(self.right, JSONPath):
+            right = self.right.find(datum)
+            for r in right:
+                try:
+                    result.append(self.op(self.left, r.value))
+                except TypeError:
+                    return []
+        else:
+            try:
+                result.append(self.op(self.left, self.right))
+            except TypeError:
+                return []
+        return [DatumInContext.wrap(r) for r in result]
+
+    def __repr__(self):
+        return '%s(%r%s%r)' % (self.__class__.__name__, self.left, self.op,
+                               self.right)
+
+    def __str__(self):
+        return '%s%s%s' % (self.left, self.op, self.right)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/filter.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/filter.py
new file mode 100644
index 000000000..e0bd48a4f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/filter.py
@@ -0,0 +1,140 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+import re
+
+from .. import JSONPath, DatumInContext, Index
+
+
+OPERATOR_MAP = {
+    '!=': operator.ne,
+    '==': operator.eq,
+    '=': operator.eq,
+    '<=': operator.le,
+    '<': operator.lt,
+    '>=': operator.ge,
+    '>': operator.gt,
+    '=~': lambda a, b: True if isinstance(a, str) and re.search(b, a) else False,
+}
+
+
+class Filter(JSONPath):
+    """The JSONQuery filter"""
+
+    def __init__(self, expressions):
+        self.expressions = expressions
+
+    def find(self, datum):
+        if not self.expressions:
+            return datum
+
+        datum = DatumInContext.wrap(datum)
+
+        if isinstance(datum.value, dict):
+            datum.value = list(datum.value.values())
+
+        if not isinstance(datum.value, list):
+            return []
+
+        return [DatumInContext(datum.value[i], path=Index(i), context=datum)
+                for i in range(0, len(datum.value))
+                if (len(self.expressions) ==
+                    len(list(filter(lambda x: x.find(datum.value[i]),
+                                    self.expressions))))]
+
+    def filter(self, fn, data):
+        # NOTE: We reverse the order just to make sure the indexes are preserved upon
+        #  removal.
+        for datum in reversed(self.find(data)):
+            index_obj = datum.path
+            if isinstance(data, dict):
+                index_obj.index = list(data)[index_obj.index]
+            index_obj.filter(fn, data)
+        return data
+
+    def update(self, data, val):
+        if type(data) is list:
+            for index, item in enumerate(data):
+                shouldUpdate = len(self.expressions) == len(list(filter(lambda x: x.find(item), self.expressions)))
+                if shouldUpdate:
+                    if hasattr(val, '__call__'):
+                        val.__call__(data[index], data, index)
+                    else:
+                        data[index] = val
+        return data
+    
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+    def __eq__(self, other):
+        return (isinstance(other, Filter)
+                and self.expressions == other.expressions)
+
+
+class Expression(JSONPath):
+    """The JSONQuery expression"""
+
+    def __init__(self, target, op, value):
+        self.target = target
+        self.op = op
+        self.value = value
+
+    def find(self, datum):
+        datum = self.target.find(DatumInContext.wrap(datum))
+
+        if not datum:
+            return []
+        if self.op is None:
+            return datum
+
+        found = []
+        for data in datum:
+            value = data.value
+            if isinstance(self.value, int):
+                try:
+                    value = int(value)
+                except ValueError:
+                    continue
+            elif isinstance(self.value, bool):
+                try:
+                    value = bool(value)
+                except ValueError:
+                    continue
+
+            if OPERATOR_MAP[self.op](value, self.value):
+                found.append(data)
+
+        return found
+
+    def __eq__(self, other):
+        return (isinstance(other, Expression) and
+                self.target == other.target and
+                self.op == other.op and
+                self.value == other.value)
+
+    def __repr__(self):
+        if self.op is None:
+            return '%s(%r)' % (self.__class__.__name__, self.target)
+        else:
+            return '%s(%r %s %r)' % (self.__class__.__name__,
+                                     self.target, self.op, self.value)
+
+    def __str__(self):
+        if self.op is None:
+            return '%s' % self.target
+        else:
+            return '%s %s %s' % (self.target, self.op, self.value)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
new file mode 100644
index 000000000..40ae1eb5b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
@@ -0,0 +1,118 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+from .. import This, DatumInContext, JSONPath
+
+
+class SortedThis(This):
+    """The JSONPath referring to the sorted version of the current object.
+
+    Concrete syntax is '`sorted`' or [\\field,/field].
+    """
+    def __init__(self, expressions=None):
+        self.expressions = expressions
+
+    def _compare(self, left, right):
+        left = DatumInContext.wrap(left)
+        right = DatumInContext.wrap(right)
+
+        for expr in self.expressions:
+            field, reverse = expr
+            l_datum = field.find(left)
+            r_datum = field.find(right)
+            if (not l_datum or not r_datum or
+                    len(l_datum) > 1 or len(r_datum) > 1 or
+                    l_datum[0].value == r_datum[0].value):
+                # NOTE(sileht): should we do something if the expression
+                # match multiple fields, for now ignore them
+                continue
+            elif l_datum[0].value < r_datum[0].value:
+                return 1 if reverse else -1
+            else:
+                return -1 if reverse else 1
+        return 0
+
+    def find(self, datum):
+        """Return sorted value of This if list or dict."""
+        if isinstance(datum.value, dict) and self.expressions:
+            return datum
+
+        if isinstance(datum.value, dict) or isinstance(datum.value, list):
+            key = (functools.cmp_to_key(self._compare)
+                   if self.expressions else None)
+            return [DatumInContext.wrap(
+                [value for value in sorted(datum.value, key=key)])]
+        return datum
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+
+class Len(JSONPath):
+    """The JSONPath referring to the len of the current object.
+
+    Concrete syntax is '`len`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = len(datum.value)
+        except TypeError:
+            return []
+        else:
+            return [DatumInContext(value,
+                                               context=None,
+                                               path=Len())]
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __str__(self):
+        return '`len`'
+
+    def __repr__(self):
+        return 'Len()'
+
+
+class Keys(JSONPath):
+    """The JSONPath referring to the keys of the current object.
+    Concrete syntax is '`keys`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = list(datum.value.keys())
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value[i],
+                                               context=None,
+                                               path=Keys()) for i in range (0, len(datum.value))]
+
+    def __eq__(self, other):
+        return isinstance(other, Keys)
+
+    def __str__(self):
+        return '`keys`'
+
+    def __repr__(self):
+        return 'Keys()'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
new file mode 100644
index 000000000..756b72c69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
@@ -0,0 +1,174 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .. import lexer
+from .. import parser
+from .. import Fields, This, Child
+
+from . import arithmetic as _arithmetic
+from . import filter as _filter
+from . import iterable as _iterable
+from . import string as _string
+
+
+class ExtendedJsonPathLexer(lexer.JsonPathLexer):
+    """Custom LALR-lexer for JsonPath"""
+    literals = lexer.JsonPathLexer.literals + ['?', '@', '+', '*', '/', '-']
+    tokens = (['BOOL'] +
+              parser.JsonPathLexer.tokens +
+              ['FILTER_OP', 'SORT_DIRECTION', 'FLOAT'])
+
+    t_FILTER_OP = r'=~|==?|<=|>=|!=|<|>'
+
+    def t_BOOL(self, t):
+        r'true|false'
+        t.value = True if t.value == 'true' else False
+        return t
+
+    def t_SORT_DIRECTION(self, t):
+        r',?\s*(/|\\)'
+        t.value = t.value[-1]
+        return t
+
+    def t_ID(self, t):
+        r'@?[a-zA-Z_][a-zA-Z0-9_@\-]*'
+        # NOTE(sileht): This fixes the ID expression to be
+        # able to use @ for `This` like any json query
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_FLOAT(self, t):
+        r'-?\d+\.\d+'
+        t.value = float(t.value)
+        return t
+
+
+class ExtentedJsonPathParser(parser.JsonPathParser):
+    """Custom LALR-parser for JsonPath"""
+
+    tokens = ExtendedJsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        lexer_class = lexer_class or ExtendedJsonPathLexer
+        super(ExtentedJsonPathParser, self).__init__(debug, lexer_class)
+
+    def p_jsonpath_operator_jsonpath(self, p):
+        """jsonpath : NUMBER operator NUMBER
+                    | FLOAT operator FLOAT
+                    | ID operator ID
+                    | NUMBER operator jsonpath
+                    | FLOAT operator jsonpath
+                    | jsonpath operator NUMBER
+                    | jsonpath operator FLOAT
+                    | jsonpath operator jsonpath
+        """
+
+        # NOTE(sileht): If we have choice between a field or a string we
+        # always choice string, because field can be full qualified
+        # like $.foo == foo and where string can't.
+        for i in [1, 3]:
+            if (isinstance(p[i], Fields) and len(p[i].fields) == 1):  # noqa
+                p[i] = p[i].fields[0]
+
+        p[0] = _arithmetic.Operation(p[1], p[2], p[3])
+
+    def p_operator(self, p):
+        """operator : '+'
+                    | '-'
+                    | '*'
+                    | '/'
+        """
+        p[0] = p[1]
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'len':
+            p[0] = _iterable.Len()
+        elif p[1] == 'keys':
+            p[0] = _iterable.Keys()
+        elif p[1] == 'sorted':
+            p[0] = _iterable.SortedThis()
+        elif p[1].startswith("split("):
+            p[0] = _string.Split(p[1])
+        elif p[1].startswith("sub("):
+            p[0] = _string.Sub(p[1])
+        elif p[1].startswith("str("):
+            p[0] = _string.Str(p[1])
+        else:
+            super(ExtentedJsonPathParser, self).p_jsonpath_named_operator(p)
+
+    def p_expression(self, p):
+        """expression : jsonpath
+                      | jsonpath FILTER_OP ID
+                      | jsonpath FILTER_OP FLOAT
+                      | jsonpath FILTER_OP NUMBER
+                      | jsonpath FILTER_OP BOOL
+        """
+        if len(p) == 2:
+            left, op, right = p[1], None, None
+        else:
+            __, left, op, right = p
+        p[0] = _filter.Expression(left, op, right)
+
+    def p_expressions_expression(self, p):
+        "expressions : expression"
+        p[0] = [p[1]]
+
+    def p_expressions_and(self, p):
+        "expressions : expressions '&' expressions"
+        # TODO(sileht): implements '|'
+        p[0] = p[1] + p[3]
+
+    def p_expressions_parens(self, p):
+        "expressions : '(' expressions ')'"
+        p[0] = p[2]
+
+    def p_filter(self, p):
+        "filter : '?' expressions "
+        p[0] = _filter.Filter(p[2])
+
+    def p_jsonpath_filter(self, p):
+        "jsonpath : jsonpath '[' filter ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_sort(self, p):
+        "sort : SORT_DIRECTION jsonpath"
+        p[0] = (p[2], p[1] != "/")
+
+    def p_sorts_sort(self, p):
+        "sorts : sort"
+        p[0] = [p[1]]
+
+    def p_sorts_comma(self, p):
+        "sorts : sorts sorts"
+        p[0] = p[1] + p[2]
+
+    def p_jsonpath_sort(self, p):
+        "jsonpath : jsonpath '[' sorts ']'"
+        sort = _iterable.SortedThis(p[3])
+        p[0] = Child(p[1], sort)
+
+    def p_jsonpath_this(self, p):
+        "jsonpath : '@'"
+        p[0] = This()
+
+    precedence = [
+        ('left', '+', '-'),
+        ('left', '*', '/'),
+    ] + parser.JsonPathParser.precedence + [
+        ('nonassoc', 'ID'),
+    ]
+
+
+def parse(path, debug=False):
+    return ExtentedJsonPathParser(debug=debug).parse(path)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
new file mode 100644
index 000000000..1cd27632d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
@@ -0,0 +1,117 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import re
+from .. import DatumInContext, This
+
+
+SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
+SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+STR = re.compile(r"str\(\)")
+
+
+class DefintionInvalid(Exception):
+    pass
+
+
+class Sub(This):
+    """Regex substituor
+
+    Concrete syntax is '`sub(/regex/, repl)`'
+    """
+
+    def __init__(self, method=None):
+        m = SUB.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.expr = m.group(1).strip()
+        self.repl = m.group(2).strip()
+        self.regex = re.compile(self.expr)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = self.regex.sub(self.repl, datum.value)
+        if value == datum.value:
+            return []
+        else:
+            return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Sub) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`sub(/%s/, %s)`' % (self.expr, self.repl)
+
+
+class Split(This):
+    """String splitter
+
+    Concrete syntax is '`split(char, segment, max_split)`'
+    """
+
+    def __init__(self, method=None):
+        m = SPLIT.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.char = m.group(1)
+        self.segment = int(m.group(2))
+        self.max_split = int(m.group(3))
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = datum.value.split(self.char, self.max_split)[self.segment]
+        except Exception:
+            return []
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Split) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`%s`' % self.method
+
+
+class Str(This):
+    """String converter
+
+    Concrete syntax is '`str()`'
+    """
+
+    def __init__(self, method=None):
+        m = STR.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = str(datum.value)
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Str) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`str()`'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
new file mode 100644
index 000000000..19e5a9eb3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
@@ -0,0 +1,815 @@
+import logging
+from itertools import *  # noqa
+from jsonpath_ng.lexer import JsonPathLexer
+
+# Get logger name
+logger = logging.getLogger(__name__)
+
+# Turn on/off the automatic creation of id attributes
+# ... could be a kwarg pervasively but uses are rare and simple today
+auto_id_field = None
+
+NOT_SET = object()
+LIST_KEY = object()
+
+
+class JSONPath:
+    """
+    The base class for JSONPath abstract syntax; those
+    methods stubbed here are the interface to supported
+    JSONPath semantics.
+    """
+
+    def find(self, data):
+        """
+        All `JSONPath` types support `find()`, which returns an iterable of `DatumInContext`s.
+        They keep track of the path followed to the current location, so if the calling code
+        has some opinion about that, it can be passed in here as a starting point.
+        """
+        raise NotImplementedError()
+
+    def find_or_create(self, data):
+        return self.find(data)
+
+    def update(self, data, val):
+        """
+        Returns `data` with the specified path replaced by `val`. Only updates
+        if the specified path exists.
+        """
+
+        raise NotImplementedError()
+
+    def update_or_create(self, data, val):
+        return self.update(data, val)
+
+    def filter(self, fn, data):
+        """
+        Returns `data` with the specified path filtering nodes according
+        the filter evaluation result returned by the filter function.
+
+        Arguments:
+            fn (function): unary function that accepts one argument
+                and returns bool.
+            data (dict|list|tuple): JSON object to filter.
+        """
+
+        raise NotImplementedError()
+
+    def child(self, child):
+        """
+        Equivalent to Child(self, next) but with some canonicalization
+        """
+        if isinstance(self, This) or isinstance(self, Root):
+            return child
+        elif isinstance(child, This):
+            return self
+        elif isinstance(child, Root):
+            return child
+        else:
+            return Child(self, child)
+
+    def make_datum(self, value):
+        if isinstance(value, DatumInContext):
+            return value
+        else:
+            return DatumInContext(value, path=Root(), context=None)
+
+
+class DatumInContext:
+    """
+    Represents a datum along a path from a context.
+
+    Essentially a zipper but with a structure represented by JsonPath,
+    and where the context is more of a parent pointer than a proper
+    representation of the context.
+
+    For quick-and-dirty work, this proxies any non-special attributes
+    to the underlying datum, but the actual datum can (and usually should)
+    be retrieved via the `value` attribute.
+
+    To place `datum` within another, use `datum.in_context(context=..., path=...)`
+    which extends the path. If the datum already has a context, it places the entire
+    context within that passed in, so an object can be built from the inside
+    out.
+    """
+    @classmethod
+    def wrap(cls, data):
+        if isinstance(data, cls):
+            return data
+        else:
+            return cls(data)
+
+    def __init__(self, value, path=None, context=None):
+        self.value = value
+        self.path = path or This()
+        self.context = None if context is None else DatumInContext.wrap(context)
+
+    def in_context(self, context, path):
+        context = DatumInContext.wrap(context)
+
+        if self.context:
+            return DatumInContext(value=self.value, path=self.path, context=context.in_context(path=path, context=context))
+        else:
+            return DatumInContext(value=self.value, path=path, context=context)
+
+    @property
+    def full_path(self):
+        return self.path if self.context is None else self.context.full_path.child(self.path)
+
+    @property
+    def id_pseudopath(self):
+        """
+        Looks like a path, but with ids stuck in when available
+        """
+        try:
+            pseudopath = Fields(str(self.value[auto_id_field]))
+        except (TypeError, AttributeError, KeyError): # This may not be all the interesting exceptions
+            pseudopath = self.path
+
+        if self.context:
+            return self.context.id_pseudopath.child(pseudopath)
+        else:
+            return pseudopath
+
+    def __repr__(self):
+        return '%s(value=%r, path=%r, context=%r)' % (self.__class__.__name__, self.value, self.path, self.context)
+
+    def __eq__(self, other):
+        return isinstance(other, DatumInContext) and other.value == self.value and other.path == self.path and self.context == other.context
+
+
+class AutoIdForDatum(DatumInContext):
+    """
+    This behaves like a DatumInContext, but the value is
+    always the path leading up to it, not including the "id",
+    and with any "id" fields along the way replacing the prior
+    segment of the path
+
+    For example, it will make "foo.bar.id" return a datum
+    that behaves like DatumInContext(value="foo.bar", path="foo.bar.id").
+
+    This is disabled by default; it can be turned on by
+    settings the `auto_id_field` global to a value other
+    than `None`.
+    """
+
+    def __init__(self, datum, id_field=None):
+        """
+        Invariant is that datum.path is the path from context to datum. The auto id
+        will either be the id in the datum (if present) or the id of the context
+        followed by the path to the datum.
+
+        The path to this datum is always the path to the context, the path to the
+        datum, and then the auto id field.
+        """
+        self.datum = datum
+        self.id_field = id_field or auto_id_field
+
+    @property
+    def value(self):
+        return str(self.datum.id_pseudopath)
+
+    @property
+    def path(self):
+        return self.id_field
+
+    @property
+    def context(self):
+        return self.datum
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.datum)
+
+    def in_context(self, context, path):
+        return AutoIdForDatum(self.datum.in_context(context=context, path=path))
+
+    def __eq__(self, other):
+        return isinstance(other, AutoIdForDatum) and other.datum == self.datum and self.id_field == other.id_field
+
+
+class Root(JSONPath):
+    """
+    The JSONPath referring to the "root" object. Concrete syntax is '$'.
+    The root is the topmost datum without any context attached.
+    """
+
+    def find(self, data):
+        if not isinstance(data, DatumInContext):
+            return [DatumInContext(data, path=Root(), context=None)]
+        else:
+            if data.context is None:
+                return [DatumInContext(data.value, context=None, path=Root())]
+            else:
+                return Root().find(data.context)
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '$'
+
+    def __repr__(self):
+        return 'Root()'
+
+    def __eq__(self, other):
+        return isinstance(other, Root)
+
+    def __hash__(self):
+        return hash('$')
+
+
+class This(JSONPath):
+    """
+    The JSONPath referring to the current datum. Concrete syntax is '@'.
+    """
+
+    def find(self, datum):
+        return [DatumInContext.wrap(datum)]
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '`this`'
+
+    def __repr__(self):
+        return 'This()'
+
+    def __eq__(self, other):
+        return isinstance(other, This)
+
+    def __hash__(self):
+        return hash('this')
+
+
+class Child(JSONPath):
+    """
+    JSONPath that first matches the left, then the right.
+    Concrete syntax is <left> '.' <right>
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        """
+        Extra special case: auto ids do not have children,
+        so cut it off right now rather than auto id the auto id
+        """
+
+        return [submatch
+                for subdata in self.left.find(datum)
+                if not isinstance(subdata, AutoIdForDatum)
+                for submatch in self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.left.find(data):
+            self.right.update(datum.value, val)
+        return data
+
+    def find_or_create(self, datum):
+        datum = DatumInContext.wrap(datum)
+        submatches = []
+        for subdata in self.left.find_or_create(datum):
+            if isinstance(subdata, AutoIdForDatum):
+                # Extra special case: auto ids do not have children,
+                # so cut it off right now rather than auto id the auto id
+                continue
+            for submatch in self.right.find_or_create(subdata):
+                submatches.append(submatch)
+        return submatches
+
+    def update_or_create(self, data, val):
+        for datum in self.left.find_or_create(data):
+            self.right.update_or_create(datum.value, val)
+        return _clean_list_keys(data)
+
+    def filter(self, fn, data):
+        for datum in self.left.find(data):
+            self.right.filter(fn, datum.value)
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Child) and self.left == other.left and self.right == other.right
+
+    def __str__(self):
+        return '%s.%s' % (self.left, self.right)
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Parent(JSONPath):
+    """
+    JSONPath that matches the parent node of the current match.
+    Will crash if no such parent exists.
+    Available via named operator `parent`.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        return [datum.context]
+
+    def __eq__(self, other):
+        return isinstance(other, Parent)
+
+    def __str__(self):
+        return '`parent`'
+
+    def __repr__(self):
+        return 'Parent()'
+
+    def __hash__(self):
+        return hash('parent')
+
+
+class Where(JSONPath):
+    """
+    JSONPath that first matches the left, and then
+    filters for only those nodes that have
+    a match on the right.
+
+    WARNING: Subject to change. May want to have "contains"
+    or some other better word for it.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data) if self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        for datum in self.find(data):
+            datum.path.filter(fn, datum.value)
+        return data
+
+    def __str__(self):
+        return '%s where %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Where) and other.left == self.left and other.right == self.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Descendants(JSONPath):
+    """
+    JSONPath that matches first the left expression then any descendant
+    of it which matches the right expression.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        # <left> .. <right> ==> <left> . (<right> | *..<right> | [*]..<right>)
+        #
+        # With with a wonky caveat that since Slice() has funky coercions
+        # we cannot just delegate to that equivalence or we'll hit an
+        # infinite loop. So right here we implement the coercion-free version.
+
+        # Get all left matches into a list
+        left_matches = self.left.find(datum)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def match_recursively(datum):
+            right_matches = self.right.find(datum)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(datum.value, list):
+                recursive_matches = [submatch
+                                     for i in range(0, len(datum.value))
+                                     for submatch in match_recursively(DatumInContext(datum.value[i], context=datum, path=Index(i)))]
+
+            elif isinstance(datum.value, dict):
+                recursive_matches = [submatch
+                                     for field in datum.value.keys()
+                                     for submatch in match_recursively(DatumInContext(datum.value[field], context=datum, path=Fields(field)))]
+
+            else:
+                recursive_matches = []
+
+            return right_matches + list(recursive_matches)
+
+        # TODO: repeatable iterator instead of list?
+        return [submatch
+                for left_match in left_matches
+                for submatch in match_recursively(left_match)]
+
+    def is_singular(self):
+        return False
+
+    def update(self, data, val):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def update_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.update(data, val)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    update_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    update_recursively(data[field])
+
+        for submatch in left_matches:
+            update_recursively(submatch.value)
+
+        return data
+
+    def filter(self, fn, data):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def filter_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.filter(fn, data)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    filter_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    filter_recursively(data[field])
+
+        for submatch in left_matches:
+            filter_recursively(submatch.value)
+
+        return data
+
+    def __str__(self):
+        return '%s..%s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Descendants) and self.left == other.left and self.right == other.right
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Union(JSONPath):
+    """
+    JSONPath that returns the union of the results of each match.
+    This is pretty shoddily implemented for now. The nicest semantics
+    in case of mismatched bits (list vs atomic) is to put
+    them all in a list, but I haven't done that yet.
+
+    WARNING: Any appearance of this being the _concatenation_ is
+    coincidence. It may even be a bug! (or laziness)
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        return self.left.find(data) + self.right.find(data)
+
+    def __eq__(self, other):
+        return isinstance(other, Union) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Intersect(JSONPath):
+    """
+    JSONPath for bits that match *both* patterns.
+
+    This can be accomplished a couple of ways. The most
+    efficient is to actually build the intersected
+    AST as in building a state machine for matching the
+    intersection of regular languages. The next
+    idea is to build a filtered data and match against
+    that.
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        raise NotImplementedError()
+
+    def __eq__(self, other):
+        return isinstance(other, Intersect) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Fields(JSONPath):
+    """
+    JSONPath referring to some field of the current object.
+    Concrete syntax ix comma-separated field names.
+
+    WARNING: If '*' is any of the field names, then they will
+    all be returned.
+    """
+
+    def __init__(self, *fields):
+        self.fields = fields
+
+    @staticmethod
+    def get_field_datum(datum, field, create):
+        if field == auto_id_field:
+            return AutoIdForDatum(datum)
+        try:
+            field_value = datum.value.get(field, NOT_SET)
+            if field_value is NOT_SET:
+                if create:
+                    datum.value[field] = field_value = {}
+                else:
+                    return None
+            return DatumInContext(field_value, path=Fields(field), context=datum)
+        except (TypeError, AttributeError):
+            return None
+
+    def reified_fields(self, datum):
+        if '*' not in self.fields:
+            return self.fields
+        else:
+            try:
+                fields = tuple(datum.value.keys())
+                return fields if auto_id_field is None else fields + (auto_id_field,)
+            except AttributeError:
+                return ()
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        field_data = [self.get_field_datum(datum, field, create)
+                      for field in self.reified_fields(datum)]
+        return [fd for fd in field_data if fd is not None]
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field not in data and create:
+                    data[field] = {}
+                if field in data:
+                    if hasattr(val, '__call__'):
+                        data[field] = val(data[field], data, field)
+                    else:
+                        data[field] = val
+        return data
+
+    def filter(self, fn, data):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field in data:
+                    if fn(data[field]):
+                        data.pop(field)
+        return data
+
+    def __str__(self):
+        # If any JsonPathLexer.literals are included in field name need quotes
+        # This avoids unnecessary quotes to keep strings short.
+        # Test each field whether it contains a literal and only then add quotes
+        # The test loops over all literals, could possibly optimize to short circuit if one found
+        fields_as_str = ("'" + str(f) + "'" if any([l in f for l in JsonPathLexer.literals]) else
+                         str(f) for f in self.fields)
+        return ','.join(fields_as_str)
+
+
+    def __repr__(self):
+        return '%s(%s)' % (self.__class__.__name__, ','.join(map(repr, self.fields)))
+
+    def __eq__(self, other):
+        return isinstance(other, Fields) and tuple(self.fields) == tuple(other.fields)
+
+    def __hash__(self):
+        return hash(tuple(self.fields))
+
+
+class Index(JSONPath):
+    """
+    JSONPath that matches indices of the current datum, or none if not large enough.
+    Concrete syntax is brackets.
+
+    WARNING: If the datum is None or not long enough, it will not crash but will not match anything.
+    NOTE: For the concrete syntax of `[*]`, the abstract syntax is a Slice() with no parameters (equiv to `[:]`
+    """
+
+    def __init__(self, index):
+        self.index = index
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        if create:
+            if datum.value == {}:
+                datum.value = _create_list_key(datum.value)
+            self._pad_value(datum.value)
+        if datum.value and len(datum.value) > self.index:
+            return [DatumInContext(datum.value[self.index], path=self, context=datum)]
+        else:
+            return []
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if create:
+            if data == {}:
+                data = _create_list_key(data)
+            self._pad_value(data)
+        if hasattr(val, '__call__'):
+            data[self.index] = val.__call__(data[self.index], data, self.index)
+        elif len(data) > self.index:
+            data[self.index] = val
+        return data
+
+    def filter(self, fn, data):
+        if fn(data[self.index]):
+            data.pop(self.index)  # relies on mutation :(
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Index) and self.index == other.index
+
+    def __str__(self):
+        return '[%i]' % self.index
+
+    def __repr__(self):
+        return '%s(index=%r)' % (self.__class__.__name__, self.index)
+
+    def _pad_value(self, value):
+        if len(value) <= self.index:
+            pad = self.index - len(value) + 1
+            value += [{} for __ in range(pad)]
+
+    def __hash__(self):
+        return hash(self.index)
+
+
+class Slice(JSONPath):
+    """
+    JSONPath matching a slice of an array.
+
+    Because of a mismatch between JSON and XML when schema-unaware,
+    this always returns an iterable; if the incoming data
+    was not a list, then it returns a one element list _containing_ that
+    data.
+
+    Consider these two docs, and their schema-unaware translation to JSON:
+
+    <a><b>hello</b></a> ==> {"a": {"b": "hello"}}
+    <a><b>hello</b><b>goodbye</b></a> ==> {"a": {"b": ["hello", "goodbye"]}}
+
+    If there were a schema, it would be known that "b" should always be an
+    array (unless the schema were wonky, but that is too much to fix here)
+    so when querying with JSON if the one writing the JSON knows that it
+    should be an array, they can write a slice operator and it will coerce
+    a non-array value to an array.
+
+    This may be a bit unfortunate because it would be nice to always have
+    an iterator, but dictionaries and other objects may also be iterable,
+    so this is the compromise.
+    """
+    def __init__(self, start=None, end=None, step=None):
+        self.start = start
+        self.end = end
+        self.step = step
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+
+        # Used for catching null value instead of empty list in path
+        if not datum.value:
+            return []
+        # Here's the hack. If it is a dictionary or some kind of constant,
+        # put it in a single-element list
+        if (isinstance(datum.value, dict) or isinstance(datum.value, int) or isinstance(datum.value, str)):
+            return self.find(DatumInContext([datum.value], path=datum.path, context=datum.context))
+
+        # Some iterators do not support slicing but we can still
+        # at least work for '*'
+        if self.start is None and self.end is None and self.step is None:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))]
+        else:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))[self.start:self.end:self.step]]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        while True:
+            length = len(data)
+            for datum in self.find(data):
+                data = datum.path.filter(fn, data)
+                if len(data) < length:
+                    break
+
+            if length == len(data):
+                break
+        return data
+
+    def __str__(self):
+        if self.start is None and self.end is None and self.step is None:
+            return '[*]'
+        else:
+            return '[%s%s%s]' % (self.start or '',
+                                   ':%d'%self.end if self.end else '',
+                                   ':%d'%self.step if self.step else '')
+
+    def __repr__(self):
+        return '%s(start=%r,end=%r,step=%r)' % (self.__class__.__name__, self.start, self.end, self.step)
+
+    def __eq__(self, other):
+        return isinstance(other, Slice) and other.start == self.start and self.end == other.end and other.step == self.step
+
+    def __hash__(self):
+        return hash((self.start, self.end, self.step))
+
+
+def _create_list_key(dict_):
+    """
+    Adds a list to a dictionary by reference and returns the list.
+
+    See `_clean_list_keys()`
+    """
+    dict_[LIST_KEY] = new_list = [{}]
+    return new_list
+
+
+def _clean_list_keys(struct_):
+    """
+    Replace {LIST_KEY: ['foo', 'bar']} with ['foo', 'bar'].
+
+    >>> _clean_list_keys({LIST_KEY: ['foo', 'bar']})
+    ['foo', 'bar']
+
+    """
+    if(isinstance(struct_, list)):
+        for ind, value in enumerate(struct_):
+            struct_[ind] = _clean_list_keys(value)
+    elif(isinstance(struct_, dict)):
+        if(LIST_KEY in struct_):
+            return _clean_list_keys(struct_[LIST_KEY])
+        else:
+            for key, value in struct_.items():
+                struct_[key] = _clean_list_keys(value)
+    return struct_
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
new file mode 100644
index 000000000..b2ad5ee6d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
@@ -0,0 +1,171 @@
+import sys
+import logging
+
+import ply.lex
+
+from jsonpath_ng.exceptions import JsonPathLexerError
+
+logger = logging.getLogger(__name__)
+
+
+class JsonPathLexer:
+    '''
+    A Lexical analyzer for JsonPath.
+    '''
+
+    def __init__(self, debug=False):
+        self.debug = debug
+        if self.__doc__ is None:
+            raise JsonPathLexerError('Docstrings have been removed! By design of PLY, jsonpath-rw requires docstrings. You must not use PYTHONOPTIMIZE=2 or python -OO.')
+
+    def tokenize(self, string):
+        '''
+        Maps a string to an iterator over tokens. In other words: [char] -> [token]
+        '''
+
+        new_lexer = ply.lex.lex(module=self, debug=self.debug, errorlog=logger)
+        new_lexer.latest_newline = 0
+        new_lexer.string_value = None
+        new_lexer.input(string)
+
+        while True:
+            t = new_lexer.token()
+            if t is None:
+                break
+            t.col = t.lexpos - new_lexer.latest_newline
+            yield t
+
+        if new_lexer.string_value is not None:
+            raise JsonPathLexerError('Unexpected EOF in string literal or identifier')
+
+    # ============== PLY Lexer specification ==================
+    #
+    # This probably should be private but:
+    #   - the parser requires access to `tokens` (perhaps they should be defined in a third, shared dependency)
+    #   - things like `literals` might be a legitimate part of the public interface.
+    #
+    # Anyhow, it is pythonic to give some rope to hang oneself with :-)
+
+    literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
+
+    reserved_words = { 'where': 'WHERE' }
+
+    tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
+
+    states = [ ('singlequote', 'exclusive'),
+               ('doublequote', 'exclusive'),
+               ('backquote', 'exclusive') ]
+
+    # Normal lexing, rather easy
+    t_DOUBLEDOT = r'\.\.'
+    t_ignore = ' \t'
+
+    def t_ID(self, t):
+        r'[a-zA-Z_@][a-zA-Z0-9_@\-]*'
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_NUMBER(self, t):
+        r'-?\d+'
+        t.value = int(t.value)
+        return t
+
+
+    # Single-quoted strings
+    t_singlequote_ignore = ''
+    def t_singlequote(self, t):
+        r"'"
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('singlequote')
+
+    def t_singlequote_content(self, t):
+        r"[^'\\]+"
+        t.lexer.string_value += t.value
+
+    def t_singlequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_singlequote_end(self, t):
+        r"'"
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_singlequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing singlequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Double-quoted strings
+    t_doublequote_ignore = ''
+    def t_doublequote(self, t):
+        r'"'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('doublequote')
+
+    def t_doublequote_content(self, t):
+        r'[^"\\]+'
+        t.lexer.string_value += t.value
+
+    def t_doublequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_doublequote_end(self, t):
+        r'"'
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_doublequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing doublequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Back-quoted "magic" operators
+    t_backquote_ignore = ''
+    def t_backquote(self, t):
+        r'`'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('backquote')
+
+    def t_backquote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_backquote_content(self, t):
+        r"[^`\\]+"
+        t.lexer.string_value += t.value
+
+    def t_backquote_end(self, t):
+        r'`'
+        t.value = t.lexer.string_value
+        t.type = 'NAMED_OPERATOR'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_backquote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing backquoted operator: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Counting lines, handling errors
+    def t_newline(self, t):
+        r'\n'
+        t.lexer.lineno += 1
+        t.lexer.latest_newline = t.lexpos
+
+    def t_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    lexer = JsonPathLexer(debug=True)
+    for token in lexer.tokenize(sys.stdin.read()):
+        print('%-20s%s' % (token.value, token.type))
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
new file mode 100644
index 000000000..87e353ebf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
@@ -0,0 +1,199 @@
+import logging
+import sys
+import os.path
+
+import ply.yacc
+
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.jsonpath import *
+from jsonpath_ng.lexer import JsonPathLexer
+
+logger = logging.getLogger(__name__)
+
+
+def parse(string):
+    return JsonPathParser().parse(string)
+
+
+class JsonPathParser:
+    '''
+    An LALR-parser for JsonPath
+    '''
+
+    tokens = JsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        if self.__doc__ is None:
+            raise JsonPathParserError(
+                'Docstrings have been removed! By design of PLY, '
+                'jsonpath-rw requires docstrings. You must not use '
+                'PYTHONOPTIMIZE=2 or python -OO.'
+            )
+
+        self.debug = debug
+        self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+
+        # Since PLY has some crufty aspects and dumps files, we try to keep them local
+        # However, we need to derive the name of the output Python file :-/
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+
+        # And we regenerate the parse table every time;
+        # it doesn't actually take that long!
+        new_parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule = parsing_table_module,
+                                   outputdir = output_directory,
+                                   write_tables=0,
+                                   start = start_symbol,
+                                   errorlog = logger)
+
+        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+    # ===================== PLY Parser specification =====================
+
+    precedence = [
+        ('left', ','),
+        ('left', 'DOUBLEDOT'),
+        ('left', '.'),
+        ('left', '|'),
+        ('left', '&'),
+        ('left', 'WHERE'),
+    ]
+
+    def p_error(self, t):
+        if t is None:
+            raise JsonPathParserError('Parse error near the end of string!')
+        raise JsonPathParserError('Parse error at %s:%s near token %s (%s)'
+                                  % (t.lineno, t.col, t.value, t.type))
+
+    def p_jsonpath_binop(self, p):
+        """jsonpath : jsonpath '.' jsonpath
+                    | jsonpath DOUBLEDOT jsonpath
+                    | jsonpath WHERE jsonpath
+                    | jsonpath '|' jsonpath
+                    | jsonpath '&' jsonpath"""
+        op = p[2]
+
+        if op == '.':
+            p[0] = Child(p[1], p[3])
+        elif op == '..':
+            p[0] = Descendants(p[1], p[3])
+        elif op == 'where':
+            p[0] = Where(p[1], p[3])
+        elif op == '|':
+            p[0] = Union(p[1], p[3])
+        elif op == '&':
+            p[0] = Intersect(p[1], p[3])
+
+    def p_jsonpath_fields(self, p):
+        "jsonpath : fields_or_any"
+        p[0] = Fields(*p[1])
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'this':
+            p[0] = This()
+        elif p[1] == 'parent':
+            p[0] = Parent()
+        else:
+            raise JsonPathParserError('Unknown named operator `%s` at %s:%s'
+                                      % (p[1], p.lineno(1), p.lexpos(1)))
+
+    def p_jsonpath_root(self, p):
+        "jsonpath : '$'"
+        p[0] = Root()
+
+    def p_jsonpath_idx(self, p):
+        "jsonpath : '[' idx ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_slice(self, p):
+        "jsonpath : '[' slice ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_fieldbrackets(self, p):
+        "jsonpath : '[' fields ']'"
+        p[0] = Fields(*p[2])
+
+    def p_jsonpath_child_fieldbrackets(self, p):
+        "jsonpath : jsonpath '[' fields ']'"
+        p[0] = Child(p[1], Fields(*p[3]))
+
+    def p_jsonpath_child_idxbrackets(self, p):
+        "jsonpath : jsonpath '[' idx ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_child_slicebrackets(self, p):
+        "jsonpath : jsonpath '[' slice ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_parens(self, p):
+        "jsonpath : '(' jsonpath ')'"
+        p[0] = p[2]
+
+    # Because fields in brackets cannot be '*' - that is reserved for array indices
+    def p_fields_or_any(self, p):
+        """fields_or_any : fields
+                         | '*'    """
+        if p[1] == '*':
+            p[0] = ['*']
+        else:
+            p[0] = p[1]
+
+    def p_fields_id(self, p):
+        "fields : ID"
+        p[0] = [p[1]]
+
+    def p_fields_comma(self, p):
+        "fields : fields ',' fields"
+        p[0] = p[1] + p[3]
+
+    def p_idx(self, p):
+        "idx : NUMBER"
+        p[0] = Index(p[1])
+
+    def p_slice_any(self, p):
+        "slice : '*'"
+        p[0] = Slice()
+
+    def p_slice(self, p): # Currently does not support `step`
+        """slice : maybe_int ':' maybe_int
+                 | maybe_int ':' maybe_int ':' maybe_int """
+        p[0] = Slice(*p[1::2])
+
+    def p_maybe_int(self, p):
+        """maybe_int : NUMBER
+                     | empty"""
+        p[0] = p[1]
+
+    def p_empty(self, p):
+        'empty :'
+        p[0] = None
+
+class IteratorToTokenStream:
+    def __init__(self, iterator):
+        self.iterator = iterator
+
+    def token(self):
+        try:
+            return next(self.iterator)
+        except StopIteration:
+            return None
+
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    parser = JsonPathParser(debug=True)
+    print(parser.parse(sys.stdin.read()))
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
new file mode 100644
index 000000000..b40f24c66
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
@@ -0,0 +1,332 @@
+import functools
+import string
+import sys
+import typing as t
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+    _P = te.ParamSpec("_P")
+
+
+__version__ = "2.1.5"
+
+
+def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
+    @functools.wraps(func)
+    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
+        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
+        _escape_argspec(kwargs, kwargs.items(), self.escape)
+        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+
+    return wrapped  # type: ignore[return-value]
+
+
+class Markup(str):
+    """A string that is ready to be safely inserted into an HTML or XML
+    document, either because it was escaped or because it was marked
+    safe.
+
+    Passing an object to the constructor converts it to text and wraps
+    it to mark it safe without escaping. To escape the text, use the
+    :meth:`escape` class method instead.
+
+    >>> Markup("Hello, <em>World</em>!")
+    Markup('Hello, <em>World</em>!')
+    >>> Markup(42)
+    Markup('42')
+    >>> Markup.escape("Hello, <em>World</em>!")
+    Markup('Hello &lt;em&gt;World&lt;/em&gt;!')
+
+    This implements the ``__html__()`` interface that some frameworks
+    use. Passing an object that implements ``__html__()`` will wrap the
+    output of that method, marking it safe.
+
+    >>> class Foo:
+    ...     def __html__(self):
+    ...         return '<a href="/foo">foo</a>'
+    ...
+    >>> Markup(Foo())
+    Markup('<a href="/foo">foo</a>')
+
+    This is a subclass of :class:`str`. It has the same methods, but
+    escapes their arguments and returns a ``Markup`` instance.
+
+    >>> Markup("<em>%s</em>") % ("foo & bar",)
+    Markup('<em>foo &amp; bar</em>')
+    >>> Markup("<em>Hello</em> ") + "<foo>"
+    Markup('<em>Hello</em> &lt;foo&gt;')
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
+    ) -> "te.Self":
+        if hasattr(base, "__html__"):
+            base = base.__html__()
+
+        if encoding is None:
+            return super().__new__(cls, base)
+
+        return super().__new__(cls, base, encoding, errors)
+
+    def __html__(self) -> "te.Self":
+        return self
+
+    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.__class__(super().__add__(self.escape(other)))
+
+        return NotImplemented
+
+    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.escape(other).__add__(self)
+
+        return NotImplemented
+
+    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
+        if isinstance(num, int):
+            return self.__class__(super().__mul__(num))
+
+        return NotImplemented
+
+    __rmul__ = __mul__
+
+    def __mod__(self, arg: t.Any) -> "te.Self":
+        if isinstance(arg, tuple):
+            # a tuple of arguments, each wrapped
+            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
+        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            # a mapping of arguments, wrapped
+            arg = _MarkupEscapeHelper(arg, self.escape)
+        else:
+            # a single argument, wrapped with the helper and a tuple
+            arg = (_MarkupEscapeHelper(arg, self.escape),)
+
+        return self.__class__(super().__mod__(arg))
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({super().__repr__()})"
+
+    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
+        return self.__class__(super().join(map(self.escape, seq)))
+
+    join.__doc__ = str.join.__doc__
+
+    def split(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().split(sep, maxsplit)]
+
+    split.__doc__ = str.split.__doc__
+
+    def rsplit(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
+
+    rsplit.__doc__ = str.rsplit.__doc__
+
+    def splitlines(  # type: ignore[override]
+        self, keepends: bool = False
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().splitlines(keepends)]
+
+    splitlines.__doc__ = str.splitlines.__doc__
+
+    def unescape(self) -> str:
+        """Convert escaped markup back into a text string. This replaces
+        HTML entities with the characters they represent.
+
+        >>> Markup("Main &raquo; <em>About</em>").unescape()
+        'Main » <em>About</em>'
+        """
+        from html import unescape
+
+        return unescape(str(self))
+
+    def striptags(self) -> str:
+        """:meth:`unescape` the markup, remove tags, and normalize
+        whitespace to single spaces.
+
+        >>> Markup("Main &raquo;\t<em>About</em>").striptags()
+        'Main » About'
+        """
+        value = str(self)
+
+        # Look for comments then tags separately. Otherwise, a comment that
+        # contains a tag would end early, leaving some of the comment behind.
+
+        while True:
+            # keep finding comment start marks
+            start = value.find("<!--")
+
+            if start == -1:
+                break
+
+            # find a comment end mark beyond the start, otherwise stop
+            end = value.find("-->", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 3:]}"
+
+        # remove tags using the same method
+        while True:
+            start = value.find("<")
+
+            if start == -1:
+                break
+
+            end = value.find(">", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 1:]}"
+
+        # collapse spaces
+        value = " ".join(value.split())
+        return self.__class__(value).unescape()
+
+    @classmethod
+    def escape(cls, s: t.Any) -> "te.Self":
+        """Escape a string. Calls :func:`escape` and ensures that for
+        subclasses the correct type is returned.
+        """
+        rv = escape(s)
+
+        if rv.__class__ is not cls:
+            return cls(rv)
+
+        return rv  # type: ignore[return-value]
+
+    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
+    capitalize = _simple_escaping_wrapper(str.capitalize)
+    title = _simple_escaping_wrapper(str.title)
+    lower = _simple_escaping_wrapper(str.lower)
+    upper = _simple_escaping_wrapper(str.upper)
+    replace = _simple_escaping_wrapper(str.replace)
+    ljust = _simple_escaping_wrapper(str.ljust)
+    rjust = _simple_escaping_wrapper(str.rjust)
+    lstrip = _simple_escaping_wrapper(str.lstrip)
+    rstrip = _simple_escaping_wrapper(str.rstrip)
+    center = _simple_escaping_wrapper(str.center)
+    strip = _simple_escaping_wrapper(str.strip)
+    translate = _simple_escaping_wrapper(str.translate)
+    expandtabs = _simple_escaping_wrapper(str.expandtabs)
+    swapcase = _simple_escaping_wrapper(str.swapcase)
+    zfill = _simple_escaping_wrapper(str.zfill)
+    casefold = _simple_escaping_wrapper(str.casefold)
+
+    if sys.version_info >= (3, 9):
+        removeprefix = _simple_escaping_wrapper(str.removeprefix)
+        removesuffix = _simple_escaping_wrapper(str.removesuffix)
+
+    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().partition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().rpartition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, args, kwargs))
+
+    def format_map(  # type: ignore[override]
+        self, map: t.Mapping[str, t.Any]
+    ) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, (), map))
+
+    def __html_format__(self, format_spec: str) -> "te.Self":
+        if format_spec:
+            raise ValueError("Unsupported format specification for Markup.")
+
+        return self
+
+
+class EscapeFormatter(string.Formatter):
+    __slots__ = ("escape",)
+
+    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.escape = escape
+        super().__init__()
+
+    def format_field(self, value: t.Any, format_spec: str) -> str:
+        if hasattr(value, "__html_format__"):
+            rv = value.__html_format__(format_spec)
+        elif hasattr(value, "__html__"):
+            if format_spec:
+                raise ValueError(
+                    f"Format specifier {format_spec} given, but {type(value)} does not"
+                    " define __html_format__. A class that defines __html__ must define"
+                    " __html_format__ to work with format specifiers."
+                )
+            rv = value.__html__()
+        else:
+            # We need to make sure the format spec is str here as
+            # otherwise the wrong callback methods are invoked.
+            rv = string.Formatter.format_field(self, value, str(format_spec))
+        return str(self.escape(rv))
+
+
+_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
+
+
+def _escape_argspec(
+    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
+) -> _ListOrDict:
+    """Helper for various string-wrapped functions."""
+    for key, value in iterable:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            obj[key] = escape(value)
+
+    return obj
+
+
+class _MarkupEscapeHelper:
+    """Helper for :meth:`Markup.__mod__`."""
+
+    __slots__ = ("obj", "escape")
+
+    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.obj = obj
+        self.escape = escape
+
+    def __getitem__(self, item: t.Any) -> "te.Self":
+        return self.__class__(self.obj[item], self.escape)
+
+    def __str__(self) -> str:
+        return str(self.escape(self.obj))
+
+    def __repr__(self) -> str:
+        return str(self.escape(repr(self.obj)))
+
+    def __int__(self) -> int:
+        return int(self.obj)
+
+    def __float__(self) -> float:
+        return float(self.obj)
+
+
+# circular import
+try:
+    from ._speedups import escape as escape
+    from ._speedups import escape_silent as escape_silent
+    from ._speedups import soft_str as soft_str
+except ImportError:
+    from ._native import escape as escape
+    from ._native import escape_silent as escape_silent  # noqa: F401
+    from ._native import soft_str as soft_str  # noqa: F401
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
new file mode 100644
index 000000000..8117b2716
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
@@ -0,0 +1,63 @@
+import typing as t
+
+from . import Markup
+
+
+def escape(s: t.Any) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(
+        str(s)
+        .replace("&", "&amp;")
+        .replace(">", "&gt;")
+        .replace("<", "&lt;")
+        .replace("'", "&#39;")
+        .replace('"', "&#34;")
+    )
+
+
+def escape_silent(s: t.Optional[t.Any]) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
+
+    return escape(s)
+
+
+def soft_str(s: t.Any) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
+
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
+
+    return s
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
new file mode 100644
index 000000000..3c463fb82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
@@ -0,0 +1,320 @@
+#include <Python.h>
+
+static PyObject* markup;
+
+static int
+init_constants(void)
+{
+	PyObject *module;
+
+	/* import markup type so that we can mark the return value */
+	module = PyImport_ImportModule("markupsafe");
+	if (!module)
+		return 0;
+	markup = PyObject_GetAttrString(module, "Markup");
+	Py_DECREF(module);
+
+	return 1;
+}
+
+#define GET_DELTA(inp, inp_end, delta) \
+	while (inp < inp_end) { \
+		switch (*inp++) { \
+		case '"': \
+		case '\'': \
+		case '&': \
+			delta += 4; \
+			break; \
+		case '<': \
+		case '>': \
+			delta += 3; \
+			break; \
+		} \
+	}
+
+#define DO_ESCAPE(inp, inp_end, outp) \
+	{ \
+		Py_ssize_t ncopy = 0; \
+		while (inp < inp_end) { \
+			switch (*inp) { \
+			case '"': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '4'; \
+				*outp++ = ';'; \
+				break; \
+			case '\'': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '9'; \
+				*outp++ = ';'; \
+				break; \
+			case '&': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'a'; \
+				*outp++ = 'm'; \
+				*outp++ = 'p'; \
+				*outp++ = ';'; \
+				break; \
+			case '<': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'l'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			case '>': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'g'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			default: \
+				ncopy++; \
+			} \
+			inp++; \
+		} \
+		memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+	}
+
+static PyObject*
+escape_unicode_kind1(PyUnicodeObject *in)
+{
+	Py_UCS1 *inp = PyUnicode_1BYTE_DATA(in);
+	Py_UCS1 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS1 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta,
+						PyUnicode_IS_ASCII(in) ? 127 : 255);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_1BYTE_DATA(in);
+	outp = PyUnicode_1BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode_kind2(PyUnicodeObject *in)
+{
+	Py_UCS2 *inp = PyUnicode_2BYTE_DATA(in);
+	Py_UCS2 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS2 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 65535);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_2BYTE_DATA(in);
+	outp = PyUnicode_2BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+
+static PyObject*
+escape_unicode_kind4(PyUnicodeObject *in)
+{
+	Py_UCS4 *inp = PyUnicode_4BYTE_DATA(in);
+	Py_UCS4 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS4 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 1114111);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_4BYTE_DATA(in);
+	outp = PyUnicode_4BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode(PyUnicodeObject *in)
+{
+	if (PyUnicode_READY(in))
+		return NULL;
+
+	switch (PyUnicode_KIND(in)) {
+	case PyUnicode_1BYTE_KIND:
+		return escape_unicode_kind1(in);
+	case PyUnicode_2BYTE_KIND:
+		return escape_unicode_kind2(in);
+	case PyUnicode_4BYTE_KIND:
+		return escape_unicode_kind4(in);
+	}
+	assert(0);  /* shouldn't happen */
+	return NULL;
+}
+
+static PyObject*
+escape(PyObject *self, PyObject *text)
+{
+	static PyObject *id_html;
+	PyObject *s = NULL, *rv = NULL, *html;
+
+	if (id_html == NULL) {
+		id_html = PyUnicode_InternFromString("__html__");
+		if (id_html == NULL) {
+			return NULL;
+		}
+	}
+
+	/* we don't have to escape integers, bools or floats */
+	if (PyLong_CheckExact(text) ||
+		PyFloat_CheckExact(text) || PyBool_Check(text) ||
+		text == Py_None)
+		return PyObject_CallFunctionObjArgs(markup, text, NULL);
+
+	/* if the object has an __html__ method that performs the escaping */
+	html = PyObject_GetAttr(text ,id_html);
+	if (html) {
+		s = PyObject_CallObject(html, NULL);
+		Py_DECREF(html);
+		if (s == NULL) {
+			return NULL;
+		}
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
+		return rv;
+	}
+
+	/* otherwise make the object unicode if it isn't, then escape */
+	PyErr_Clear();
+	if (!PyUnicode_Check(text)) {
+		PyObject *unicode = PyObject_Str(text);
+		if (!unicode)
+			return NULL;
+		s = escape_unicode((PyUnicodeObject*)unicode);
+		Py_DECREF(unicode);
+	}
+	else
+		s = escape_unicode((PyUnicodeObject*)text);
+
+	/* convert the unicode string into a markup object. */
+	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+	Py_DECREF(s);
+	return rv;
+}
+
+
+static PyObject*
+escape_silent(PyObject *self, PyObject *text)
+{
+	if (text != Py_None)
+		return escape(self, text);
+	return PyObject_CallFunctionObjArgs(markup, NULL);
+}
+
+
+static PyObject*
+soft_str(PyObject *self, PyObject *s)
+{
+	if (!PyUnicode_Check(s))
+		return PyObject_Str(s);
+	Py_INCREF(s);
+	return s;
+}
+
+
+static PyMethodDef module_methods[] = {
+	{
+		"escape",
+		(PyCFunction)escape,
+		METH_O,
+		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
+		" the string with HTML-safe sequences. Use this if you need to display"
+		" text that might contain such characters in HTML.\n\n"
+		"If the object has an ``__html__`` method, it is called and the"
+		" return value is assumed to already be safe for HTML.\n\n"
+		":param s: An object to be converted to a string and escaped.\n"
+		":return: A :class:`Markup` string with the escaped text.\n"
+	},
+	{
+		"escape_silent",
+		(PyCFunction)escape_silent,
+		METH_O,
+		"Like :func:`escape` but treats ``None`` as the empty string."
+		" Useful with optional values, as otherwise you get the string"
+		" ``'None'`` when the value is ``None``.\n\n"
+		">>> escape(None)\n"
+		"Markup('None')\n"
+		">>> escape_silent(None)\n"
+		"Markup('')\n"
+	},
+	{
+		"soft_str",
+		(PyCFunction)soft_str,
+		METH_O,
+		"Convert an object to a string if it isn't already. This preserves"
+		" a :class:`Markup` string rather than converting it back to a basic"
+		" string, so it will still be marked as safe and won't be escaped"
+		" again.\n\n"
+		">>> value = escape(\"<User 1>\")\n"
+		">>> value\n"
+		"Markup('&lt;User 1&gt;')\n"
+		">>> escape(str(value))\n"
+		"Markup('&amp;lt;User 1&amp;gt;')\n"
+		">>> escape(soft_str(value))\n"
+		"Markup('&lt;User 1&gt;')\n"
+	},
+	{NULL, NULL, 0, NULL}  /* Sentinel */
+};
+
+static struct PyModuleDef module_definition = {
+	PyModuleDef_HEAD_INIT,
+	"markupsafe._speedups",
+	NULL,
+	-1,
+	module_methods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit__speedups(void)
+{
+	if (!init_constants())
+		return NULL;
+
+	return PyModule_Create(&module_definition);
+}
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.cpython-311-darwin.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..98dac3cf4941c62d239335529d257e636b275c04
GIT binary patch
literal 3830
zcmbu7<y+H_`^Ddgiik3U7)VHqQUXJ1kWw1y8X(e=gE7hxO2-EQ87L`??(S}+OF(MC
zq(f?MY+wBke%JMTJvjGuo%7&64-RY84d5SFNW11pH>T+T(*Dl@8Okq7Ar7f}-Be&T
z_L($lQv06>>R0=c{`am7bn`#;D{4yGw{$&kZVD?_&+C^S7&!F}LFcAv=4qsWug`Nk
zOQg+nDu91@=&0s(j4_0Mu#A4X?o#TIl652DjVpGqb$YLa6RU#bKsJvK@8jPupU?U&
zA1u_>+MfL!lErUL#{kjv00Ahc1cbc+nB^)A7+WJ-!Buo9SeG*fIQ{lopO<U&fzroq
z>qF|=QZlDU#PobJCd)v!U-?FzeBoxMvl(TRj$zDFnDX=c$On#uqgOhE;oFSF-tabA
z_+h$JtYB$>YU}>R5)V<CsTnjwG1><)*BD6Hx!BoZ#~e=|i%As`Y&HrKzpm&Wf2a&?
z<JqsAM}?f5S^Fc>nnx^U$yX~58F#GHX4Fa>liUaHm1*Sl(MF8^+HNEgsF!x`V0>Ll
zQ?NPNvxhZALbpX!h&R5ewHJD?6w(S`6Wm%!BZ^&VzYQVY3l=DrZRLq*J7*@;%nsC}
z&8=I1e{k{q^}MgISjX_~p9tkp&@F1kU5GHIkY}~c!r~Nj;ziZ2E;-&+@xTtC7GED=
z0J;HxJQz@!*>Szn{?Qsh@IGUqK#WkirD0MW*yv*?Zvq(&%Fs<LUz-boE<yx>sncX`
zJQ``AZF9%UW(1t3SM0%Kw;uqg?`};`><}4?D(_0L*$vcjoT%xk%tXe%*<aP@sIB&&
zLEY7fjCH&4JF?hVW2gG0!!lM_vBS;(Bas%SOo}*f6&39YY(^>hBW7nn4o2lGI4GFC
zmfqGv4QwQ<#;xxA|NO`gJi<aM-zOrAP9TfMyFTCUu6zWw7<tT)R#rU>$>r=j-q7)E
zR*(*pJ3-O0nFNY_?ei%*kr%a;w0<}F<aq6IM2@12v;Y=Bdo_^N%ei&<%C8$<&O}P?
z{TJq6EV{a(Q(luzD0>B5oi?#&B5u1x$6NVW?NJ+zi9lKbMfkc!^tu>hqmXFbS80<J
z#gFOE&tDS#f9VUiA1YW8-Ec>~Qn1}`V+R)LI7z^M7>?nki@*r3d9Ej`3WjXW40li$
z3z>qn9U?blCJeX9+#ZUZD077?@r1i%VO<%?vT-&{HJ(q-Q2*Y5jgg`xoh_Ft%;~lp
z9nY2BTH`9Q-CCI{nS7_wuvzk752%ydyrzY;v#>$Rfny%_t8O@bS-I)X!Do+mEmBmZ
z2a%rj{xfkqRYCH&b0_jZ^NhoeLvZOhiJAuC;&vAE&Gd+~b)N!dYKeUT4GiiGS(GE5
zPI77OclIvYWDs$SHgQYwO~d6d(`I0GLrFj~`sTNMj~kP_iy5fgU6t_{NQ|31Ry_w}
zF;_-}0Et5^Y8h$xIFmG)Vi<u7B!^Qmdd=jl((|4M3f)!MZ5J>0(i+Fg<2qpZm|I``
zCdlvbo-u^rL{=A-1bxZ0cK9?ez5B1Q$~O!_#p>e7ZZK?s7<Q}Mm}x<Cnp%=!-UKLU
zMq#<;(uk!ZW6;(NlxTXaB&j-YeNA?d|3Z5ovs6G*-i=6}^1kc0Mlmn>sBXQaxk2-m
zlP|69Pw;6iDP)(Isonbeg`h|~mq@#kNPFD)*N&0*A!OmgYJy;8jzl7i+$Y$U0k%Q=
zr@>Afz7INzrUGRjV^Hk|6OpuXTRF}UGwY;^l1d|SB;&>s@oK<H*MB;zj<Y;0f{$bW
zR;Z3k3t$@MM#f6x7!vWu2YUD4Xf>mqJ0+5ODd7u%+z08S$jvU8rB<vEdd3xH@<6>L
zl(7Me?QcQ*UmyA*t9`qx{k0emLue3W&^^KEFpH3q)nItKKlUPbK%78U-kV`+$<Azd
z!hN>R{bW_Pr@&x2qMV1Q@3)|S@xXp$>|8M=cTBj{ffe5!mAAZr!gpA6wT#SjGVbl#
zASvuh*>8n@9$FTArYv}WAVX00<JMXbJkeBf^o$LD7`EE^zL=HyF+rx#-+`Y&G7Jpx
z3C0OIeW`*;vt$d~%iQkTQ^3WsH*lT2vq)qnAcQ=5Cyq90BEPn-^HxCv{US{>u2*Se
zb#|N(zfDfa%K5#tX2?#eO#Mes1aC`C&Rqk}>6$Vk)<4%$hYDmZW(&^ijHf?Az^JgW
z<S*#p{Cb=@2#CbTvTfpfKTgN8)-pYtCDTifT^|wdj{5V{V_qnF`a1LHj!=of<9G-}
z#>wI9DVd&&34iM@qzAdpq01&>&*#0eQK9K_Jrt$3L9zm<Y3f|c{`}z<n1e~K7|dO3
zT9sRRCO+OKDztUb>5~$@{+Y438Q}&^x6@kfR$m$ZFsDnEU*E8h^3`Pa{O;_P95(W#
z`<&0_5_~6yHA;xzW3xQv#H&=v!h^3$c*^G%82FA`zv9v0O{Yu=LhdzZmUdz17EJ*m
za3c+WZA%}Zx37r%Jw9`u?Zc7UX5_m_KGwGGwB){1`twqdS`^<Hipo&*Q1dd-1P@(X
z+WV0JUB>OB3+T?)UvSC@QRtxGn&rF0>-N-N+C3({{AAUrt!2nksB`%a;-a#Fi1~Ft
zG@P@g=(vG#e4*C<H4o+_N#*Z=CY=I!QlFK>iEp+fH{s{4rxHYui}F)d+q#anfH&Yv
z!@}9KC!y|#s?N)K?i%rDqov?b-yWgIu{+CU;9gq8ziz;4;WXR=5{)hjeY#Ws+VD1p
z@}GT4?qJdA2<~;36a&C@HK_B2?|9AMEJ6o+o0rtTTNj!SAP4wizdWA<v4fUPY~p5}
zs||zhGt0+81#tCC0rVZTvJjV*qb#~LvcN?>g(TBJuDjf&M}>xVOwkLSlA&wg42}Yc
z4}`o#&~E+qN9bCKz{7m^1#RYbe-F^-X1f*ok{D({h!T)6T28WpdK_H=a>yPkT$qws
z(gU9L7e9@(v{?siMXg?ZU`y~kxr*TDh>UorOs*3}#c+3@UgXmqdU0u9kE5K-o9^a%
z5COV{yHR`VZz^1hwrWys7jJk3NA<Ww^wcN5n>Wq~^3dg#9>}W5vVTC`<FFQA{HRZf
zznyu?Eikb+m%HA9YiJ-Fwc`0vEvGt~Qytcb(8HeOWWu(l-oD1JMHW->rc72I<-qiK
zf1I$|+lQ;8;**ZTdg@2GuEpGcD?o?A<)nW`$k1UXveWhMNj4;o<cbOiy!?a`3X9#-
z(-|!kKF@z>qr^ui%KxRdm-A)eBTjUKd%Q^A)2w{>*hqBdO$W`L_0CFW6T@;_vv^io
z{WL`R{orrL4w_dPB}!0fW~iNLwP3VYZ}D-r<8hdZ%Dds}tBfym5&T>cmDJ-?9PG2=
z@kyApr)u{wy;Tx<McJ8{&f8Ba!BOtPwm4P06Nh^peBFu$mF&C>(z*S?Z*AlkBKT>f
zc?)%UHAII*dACRY^uGB%=MCfQ)!<SpI(foSjk(Uq=<DY<Kx5)&;S>THr5kFTX5)c*
z6hP|40@3Qfn$bmLt~PYZb*V>5xAM4){|tU_G_MDqg&LYD(?WCt^roI$wfGlZN#}=p
zSDMRB=8eQq9jO#Q#{_?lydRSG6>Yhtr~2u+M&G%6d>4owYMfeQ=Jq|0Mk@Wtk?rFv
zHm-zWBZi#{5l^*qc@4b=?F0T2{Ug=Khkiq!Ftd6Z`zE61&QEJhiwe42he``?ZyGGb
zPnC+nDai5e!fkfW?D(Xr)Bg_Eyc1gTV*M3bzxa1GQTmU)4Pf4lAw#6U4eU@ZV=5Gp
z?V|+?b^%=kBoS(bq#)gKNXXHDh4;&m)|~g5AYOCGVBcF#I1`^pXWNUDbi!O_hqNr8
zwlv9)fr%TN&t4JC9%Ap#Ew2yeAl2fgJ+e%2ViOj#YQ!g7pDdQuNHa?E{|_o;Y8MyZ
zBarB)lO9Nfs1##sSzR1!N~@_3=lgdO9Gw9wgx~dcZ8<j@r)`dPl+w+taPbcBjpBQB
z%)j?~p_V6-QJ?S4fVSiE)<5KT65`>LzcUMuFF!rX7XqoArI^QiD(iSHIff=G8r-WW
zAEhyoS}uzW7FY_x$NxZ<`AA$_7JNBDEM}V3jr2db=(6&9-6g@{!W`9|t)MyX8s%#=
z`@N!j<`-+tdp9IYEN9w;&Jerx8FQkpI~UvWU1NHEpSHrBA_EmC(a;{=Me(kaREDai
z1Nx8MqICW-H!jF@{^R6|#c!tY2l$()_lX$wTn*9X&hu>btsjnoqE=r?+g;2B=e01W
z|D-sy>80Sf)qbjeDixyep>9+V#n~JH?YP@HdWQ(!d{Ee?K)SlR2cu2zBzR3PCy}^U
zNna0d0h~->&!tBHo}B{)`cVYH-F#~i)^)D9Ak%Jyg<3vh3EZP5q9`n9tVqcMEDNp_
zfv6Bx_}l_<kDwP$qUtcg%b;h7!9z<USc>kYO=mpZ&_7RVrN6Du=|>!a34b@a#k@@8
zZ}O$t32QxbFi0^@ilny;`?jRixo}E+GAy}$DY`maR7U|AskGLaNEkZfz6;2#tTmYv
z@}uG!5Ys)QO&59Q1YUYlWfXF<2f4d;sm@RGp<muzJE*=$y7hBo?Qg3zPLTX-Z?jZM
zCOgeNvcQ%(dhvvtf};k&1v^kp)-D75BG3l7m-`|Md^o1wt<|`OdWro`o$c9{zMOBu
zrQ$EPnf+T@n&7joGw=823k+SyA%0c(G&|RcBB;NVI4-J8+Az{W++%?5ZHZ-jUdah(
zcSPdX&H|&YO6ngIfpxLqDh=|24?Z4uu7Vu13$INV^F=wjsp_y&8h|)ppHdmUE6ZPR
z%Ms|kh0`@&MPv$~MS`mD7*>CC&N`D*Sr`xS!?iRmtfe?e7xX(fy<qdMcNDdW>8UOC
zU<w|es(+k6*>PF;AKlSd^-4Gcw~*EORn|ND{JH%mZiWwOZlc%g6E(u+okVSuy~_0;
m;)aqpCnL0k?{h+nx^UA}Ab>;x03;IGKPfY&;p>k8fd2ugp`vjB

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
new file mode 100644
index 000000000..f673240f6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
@@ -0,0 +1,9 @@
+from typing import Any
+from typing import Optional
+
+from . import Markup
+
+def escape(s: Any) -> Markup: ...
+def escape_silent(s: Optional[Any]) -> Markup: ...
+def soft_str(s: Any) -> str: ...
+def soft_unicode(s: Any) -> str: ...
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/py.typed b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..5e826bdf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/METADATA
new file mode 100644
index 000000000..25ed5ab69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/METADATA
@@ -0,0 +1,25 @@
+Metadata-Version: 2.0
+Name: ply
+Version: 3.11
+Summary: Python Lex & Yacc
+Home-page: http://www.dabeaz.com/ply/
+Author: David Beazley
+Author-email: dave@dabeaz.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 2
+
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/RECORD
new file mode 100644
index 000000000..b4f331424
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/RECORD
@@ -0,0 +1,19 @@
+ply-3.11.dist-info/DESCRIPTION.rst,sha256=nnBY1Nj_GhIsOFck7R2yGHobQVosxi2CPQkHgeSZ0Hg,519
+ply-3.11.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+ply-3.11.dist-info/METADATA,sha256=pYZ9p1TsWGQ8Kxp9yEJVyvs25PkR5h3gIDuTOCsvJGg,844
+ply-3.11.dist-info/RECORD,,
+ply-3.11.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+ply-3.11.dist-info/metadata.json,sha256=s7M7va9E25_7TRpzHfNCfN73Ieiy5iKogF0PzXtMxMI,515
+ply-3.11.dist-info/top_level.txt,sha256=gDYBHRQ7Vy0tY0AjXyJtadvU2LDaOsHqhhV70AGsisc,4
+ply/__init__.py,sha256=sx6iBIF__WKIeU0iw2WSoSqBhclHF5EhBTc0wDigTV8,103
+ply/__pycache__/__init__.cpython-311.pyc,,
+ply/__pycache__/cpp.cpython-311.pyc,,
+ply/__pycache__/ctokens.cpython-311.pyc,,
+ply/__pycache__/lex.cpython-311.pyc,,
+ply/__pycache__/yacc.cpython-311.pyc,,
+ply/__pycache__/ygen.cpython-311.pyc,,
+ply/cpp.py,sha256=KTg13R5SKeicwZm7bIPL44KcQBRcHsmeEGOwIBVvLko,33639
+ply/ctokens.py,sha256=GmyWYDY9nl6F1WJQ9rmcQFgh1FnADFlnp_TBjTcEsqU,3155
+ply/lex.py,sha256=babRISnIAfzHo7WqLYF2qGCSaH0btM8d3ztgHaK3SA0,42905
+ply/yacc.py,sha256=EF043rIHrXJYG6jcb15TI2SLwdCoNOQZXCN_1M3-I4k,137736
+ply/ygen.py,sha256=TRnkZgx5BBB43Qspu2J4gVtpeBut8xrTEZoLbNN0b6M,2246
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/metadata.json b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/metadata.json
new file mode 100644
index 000000000..9f472a327
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Programming Language :: Python :: 3", "Programming Language :: Python :: 2"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "dave@dabeaz.com", "name": "David Beazley", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "http://www.dabeaz.com/ply/"}}}, "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "ply", "summary": "Python Lex & Yacc", "version": "3.11"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/top_level.txt
new file mode 100644
index 000000000..90412f068
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply-3.11.dist-info/top_level.txt
@@ -0,0 +1 @@
+ply
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/__init__.py
new file mode 100644
index 000000000..23707c635
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/__init__.py
@@ -0,0 +1,5 @@
+# PLY package
+# Author: David Beazley (dave@dabeaz.com)
+
+__version__ = '3.11'
+__all__ = ['lex','yacc']
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/cpp.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/cpp.py
new file mode 100644
index 000000000..2422916c9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/cpp.py
@@ -0,0 +1,914 @@
+# -----------------------------------------------------------------------------
+# cpp.py
+#
+# Author:  David Beazley (http://www.dabeaz.com)
+# Copyright (C) 2007
+# All rights reserved
+#
+# This module implements an ANSI-C style lexical preprocessor for PLY.
+# -----------------------------------------------------------------------------
+from __future__ import generators
+
+import sys
+
+# Some Python 3 compatibility shims
+if sys.version_info.major < 3:
+    STRING_TYPES = (str, unicode)
+else:
+    STRING_TYPES = str
+    xrange = range
+
+# -----------------------------------------------------------------------------
+# Default preprocessor lexer definitions.   These tokens are enough to get
+# a basic preprocessor working.   Other modules may import these if they want
+# -----------------------------------------------------------------------------
+
+tokens = (
+   'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'
+)
+
+literals = "+-*/%|&~^<>=!?()[]{}.,;:\\\'\""
+
+# Whitespace
+def t_CPP_WS(t):
+    r'\s+'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+t_CPP_POUND = r'\#'
+t_CPP_DPOUND = r'\#\#'
+
+# Identifier
+t_CPP_ID = r'[A-Za-z_][\w_]*'
+
+# Integer literal
+def CPP_INTEGER(t):
+    r'(((((0x)|(0X))[0-9a-fA-F]+)|(\d+))([uU][lL]|[lL][uU]|[uU]|[lL])?)'
+    return t
+
+t_CPP_INTEGER = CPP_INTEGER
+
+# Floating literal
+t_CPP_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+def t_CPP_STRING(t):
+    r'\"([^\\\n]|(\\(.|\n)))*?\"'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Character constant 'c' or L'c'
+def t_CPP_CHAR(t):
+    r'(L)?\'([^\\\n]|(\\(.|\n)))*?\''
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Comment
+def t_CPP_COMMENT1(t):
+    r'(/\*(.|\n)*?\*/)'
+    ncr = t.value.count("\n")
+    t.lexer.lineno += ncr
+    # replace with one space or a number of '\n'
+    t.type = 'CPP_WS'; t.value = '\n' * ncr if ncr else ' '
+    return t
+
+# Line comment
+def t_CPP_COMMENT2(t):
+    r'(//.*?(\n|$))'
+    # replace with '/n'
+    t.type = 'CPP_WS'; t.value = '\n'
+    return t
+
+def t_error(t):
+    t.type = t.value[0]
+    t.value = t.value[0]
+    t.lexer.skip(1)
+    return t
+
+import re
+import copy
+import time
+import os.path
+
+# -----------------------------------------------------------------------------
+# trigraph()
+#
+# Given an input string, this function replaces all trigraph sequences.
+# The following mapping is used:
+#
+#     ??=    #
+#     ??/    \
+#     ??'    ^
+#     ??(    [
+#     ??)    ]
+#     ??!    |
+#     ??<    {
+#     ??>    }
+#     ??-    ~
+# -----------------------------------------------------------------------------
+
+_trigraph_pat = re.compile(r'''\?\?[=/\'\(\)\!<>\-]''')
+_trigraph_rep = {
+    '=':'#',
+    '/':'\\',
+    "'":'^',
+    '(':'[',
+    ')':']',
+    '!':'|',
+    '<':'{',
+    '>':'}',
+    '-':'~'
+}
+
+def trigraph(input):
+    return _trigraph_pat.sub(lambda g: _trigraph_rep[g.group()[-1]],input)
+
+# ------------------------------------------------------------------
+# Macro object
+#
+# This object holds information about preprocessor macros
+#
+#    .name      - Macro name (string)
+#    .value     - Macro value (a list of tokens)
+#    .arglist   - List of argument names
+#    .variadic  - Boolean indicating whether or not variadic macro
+#    .vararg    - Name of the variadic parameter
+#
+# When a macro is created, the macro replacement token sequence is
+# pre-scanned and used to create patch lists that are later used
+# during macro expansion
+# ------------------------------------------------------------------
+
+class Macro(object):
+    def __init__(self,name,value,arglist=None,variadic=False):
+        self.name = name
+        self.value = value
+        self.arglist = arglist
+        self.variadic = variadic
+        if variadic:
+            self.vararg = arglist[-1]
+        self.source = None
+
+# ------------------------------------------------------------------
+# Preprocessor object
+#
+# Object representing a preprocessor.  Contains macro definitions,
+# include directories, and other information
+# ------------------------------------------------------------------
+
+class Preprocessor(object):
+    def __init__(self,lexer=None):
+        if lexer is None:
+            lexer = lex.lexer
+        self.lexer = lexer
+        self.macros = { }
+        self.path = []
+        self.temp_path = []
+
+        # Probe the lexer for selected tokens
+        self.lexprobe()
+
+        tm = time.localtime()
+        self.define("__DATE__ \"%s\"" % time.strftime("%b %d %Y",tm))
+        self.define("__TIME__ \"%s\"" % time.strftime("%H:%M:%S",tm))
+        self.parser = None
+
+    # -----------------------------------------------------------------------------
+    # tokenize()
+    #
+    # Utility function. Given a string of text, tokenize into a list of tokens
+    # -----------------------------------------------------------------------------
+
+    def tokenize(self,text):
+        tokens = []
+        self.lexer.input(text)
+        while True:
+            tok = self.lexer.token()
+            if not tok: break
+            tokens.append(tok)
+        return tokens
+
+    # ---------------------------------------------------------------------
+    # error()
+    #
+    # Report a preprocessor error/warning of some kind
+    # ----------------------------------------------------------------------
+
+    def error(self,file,line,msg):
+        print("%s:%d %s" % (file,line,msg))
+
+    # ----------------------------------------------------------------------
+    # lexprobe()
+    #
+    # This method probes the preprocessor lexer object to discover
+    # the token types of symbols that are important to the preprocessor.
+    # If this works right, the preprocessor will simply "work"
+    # with any suitable lexer regardless of how tokens have been named.
+    # ----------------------------------------------------------------------
+
+    def lexprobe(self):
+
+        # Determine the token type for identifiers
+        self.lexer.input("identifier")
+        tok = self.lexer.token()
+        if not tok or tok.value != "identifier":
+            print("Couldn't determine identifier type")
+        else:
+            self.t_ID = tok.type
+
+        # Determine the token type for integers
+        self.lexer.input("12345")
+        tok = self.lexer.token()
+        if not tok or int(tok.value) != 12345:
+            print("Couldn't determine integer type")
+        else:
+            self.t_INTEGER = tok.type
+            self.t_INTEGER_TYPE = type(tok.value)
+
+        # Determine the token type for strings enclosed in double quotes
+        self.lexer.input("\"filename\"")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\"filename\"":
+            print("Couldn't determine string type")
+        else:
+            self.t_STRING = tok.type
+
+        # Determine the token type for whitespace--if any
+        self.lexer.input("  ")
+        tok = self.lexer.token()
+        if not tok or tok.value != "  ":
+            self.t_SPACE = None
+        else:
+            self.t_SPACE = tok.type
+
+        # Determine the token type for newlines
+        self.lexer.input("\n")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\n":
+            self.t_NEWLINE = None
+            print("Couldn't determine token for newlines")
+        else:
+            self.t_NEWLINE = tok.type
+
+        self.t_WS = (self.t_SPACE, self.t_NEWLINE)
+
+        # Check for other characters used by the preprocessor
+        chars = [ '<','>','#','##','\\','(',')',',','.']
+        for c in chars:
+            self.lexer.input(c)
+            tok = self.lexer.token()
+            if not tok or tok.value != c:
+                print("Unable to lex '%s' required for preprocessor" % c)
+
+    # ----------------------------------------------------------------------
+    # add_path()
+    #
+    # Adds a search path to the preprocessor.
+    # ----------------------------------------------------------------------
+
+    def add_path(self,path):
+        self.path.append(path)
+
+    # ----------------------------------------------------------------------
+    # group_lines()
+    #
+    # Given an input string, this function splits it into lines.  Trailing whitespace
+    # is removed.   Any line ending with \ is grouped with the next line.  This
+    # function forms the lowest level of the preprocessor---grouping into text into
+    # a line-by-line format.
+    # ----------------------------------------------------------------------
+
+    def group_lines(self,input):
+        lex = self.lexer.clone()
+        lines = [x.rstrip() for x in input.splitlines()]
+        for i in xrange(len(lines)):
+            j = i+1
+            while lines[i].endswith('\\') and (j < len(lines)):
+                lines[i] = lines[i][:-1]+lines[j]
+                lines[j] = ""
+                j += 1
+
+        input = "\n".join(lines)
+        lex.input(input)
+        lex.lineno = 1
+
+        current_line = []
+        while True:
+            tok = lex.token()
+            if not tok:
+                break
+            current_line.append(tok)
+            if tok.type in self.t_WS and '\n' in tok.value:
+                yield current_line
+                current_line = []
+
+        if current_line:
+            yield current_line
+
+    # ----------------------------------------------------------------------
+    # tokenstrip()
+    #
+    # Remove leading/trailing whitespace tokens from a token list
+    # ----------------------------------------------------------------------
+
+    def tokenstrip(self,tokens):
+        i = 0
+        while i < len(tokens) and tokens[i].type in self.t_WS:
+            i += 1
+        del tokens[:i]
+        i = len(tokens)-1
+        while i >= 0 and tokens[i].type in self.t_WS:
+            i -= 1
+        del tokens[i+1:]
+        return tokens
+
+
+    # ----------------------------------------------------------------------
+    # collect_args()
+    #
+    # Collects comma separated arguments from a list of tokens.   The arguments
+    # must be enclosed in parenthesis.  Returns a tuple (tokencount,args,positions)
+    # where tokencount is the number of tokens consumed, args is a list of arguments,
+    # and positions is a list of integers containing the starting index of each
+    # argument.  Each argument is represented by a list of tokens.
+    #
+    # When collecting arguments, leading and trailing whitespace is removed
+    # from each argument.
+    #
+    # This function properly handles nested parenthesis and commas---these do not
+    # define new arguments.
+    # ----------------------------------------------------------------------
+
+    def collect_args(self,tokenlist):
+        args = []
+        positions = []
+        current_arg = []
+        nesting = 1
+        tokenlen = len(tokenlist)
+
+        # Search for the opening '('.
+        i = 0
+        while (i < tokenlen) and (tokenlist[i].type in self.t_WS):
+            i += 1
+
+        if (i < tokenlen) and (tokenlist[i].value == '('):
+            positions.append(i+1)
+        else:
+            self.error(self.source,tokenlist[0].lineno,"Missing '(' in macro arguments")
+            return 0, [], []
+
+        i += 1
+
+        while i < tokenlen:
+            t = tokenlist[i]
+            if t.value == '(':
+                current_arg.append(t)
+                nesting += 1
+            elif t.value == ')':
+                nesting -= 1
+                if nesting == 0:
+                    if current_arg:
+                        args.append(self.tokenstrip(current_arg))
+                        positions.append(i)
+                    return i+1,args,positions
+                current_arg.append(t)
+            elif t.value == ',' and nesting == 1:
+                args.append(self.tokenstrip(current_arg))
+                positions.append(i+1)
+                current_arg = []
+            else:
+                current_arg.append(t)
+            i += 1
+
+        # Missing end argument
+        self.error(self.source,tokenlist[-1].lineno,"Missing ')' in macro arguments")
+        return 0, [],[]
+
+    # ----------------------------------------------------------------------
+    # macro_prescan()
+    #
+    # Examine the macro value (token sequence) and identify patch points
+    # This is used to speed up macro expansion later on---we'll know
+    # right away where to apply patches to the value to form the expansion
+    # ----------------------------------------------------------------------
+
+    def macro_prescan(self,macro):
+        macro.patch     = []             # Standard macro arguments
+        macro.str_patch = []             # String conversion expansion
+        macro.var_comma_patch = []       # Variadic macro comma patch
+        i = 0
+        while i < len(macro.value):
+            if macro.value[i].type == self.t_ID and macro.value[i].value in macro.arglist:
+                argnum = macro.arglist.index(macro.value[i].value)
+                # Conversion of argument to a string
+                if i > 0 and macro.value[i-1].value == '#':
+                    macro.value[i] = copy.copy(macro.value[i])
+                    macro.value[i].type = self.t_STRING
+                    del macro.value[i-1]
+                    macro.str_patch.append((argnum,i-1))
+                    continue
+                # Concatenation
+                elif (i > 0 and macro.value[i-1].value == '##'):
+                    macro.patch.append(('c',argnum,i-1))
+                    del macro.value[i-1]
+                    i -= 1
+                    continue
+                elif ((i+1) < len(macro.value) and macro.value[i+1].value == '##'):
+                    macro.patch.append(('c',argnum,i))
+                    del macro.value[i + 1]
+                    continue
+                # Standard expansion
+                else:
+                    macro.patch.append(('e',argnum,i))
+            elif macro.value[i].value == '##':
+                if macro.variadic and (i > 0) and (macro.value[i-1].value == ',') and \
+                        ((i+1) < len(macro.value)) and (macro.value[i+1].type == self.t_ID) and \
+                        (macro.value[i+1].value == macro.vararg):
+                    macro.var_comma_patch.append(i-1)
+            i += 1
+        macro.patch.sort(key=lambda x: x[2],reverse=True)
+
+    # ----------------------------------------------------------------------
+    # macro_expand_args()
+    #
+    # Given a Macro and list of arguments (each a token list), this method
+    # returns an expanded version of a macro.  The return value is a token sequence
+    # representing the replacement macro tokens
+    # ----------------------------------------------------------------------
+
+    def macro_expand_args(self,macro,args):
+        # Make a copy of the macro token sequence
+        rep = [copy.copy(_x) for _x in macro.value]
+
+        # Make string expansion patches.  These do not alter the length of the replacement sequence
+
+        str_expansion = {}
+        for argnum, i in macro.str_patch:
+            if argnum not in str_expansion:
+                str_expansion[argnum] = ('"%s"' % "".join([x.value for x in args[argnum]])).replace("\\","\\\\")
+            rep[i] = copy.copy(rep[i])
+            rep[i].value = str_expansion[argnum]
+
+        # Make the variadic macro comma patch.  If the variadic macro argument is empty, we get rid
+        comma_patch = False
+        if macro.variadic and not args[-1]:
+            for i in macro.var_comma_patch:
+                rep[i] = None
+                comma_patch = True
+
+        # Make all other patches.   The order of these matters.  It is assumed that the patch list
+        # has been sorted in reverse order of patch location since replacements will cause the
+        # size of the replacement sequence to expand from the patch point.
+
+        expanded = { }
+        for ptype, argnum, i in macro.patch:
+            # Concatenation.   Argument is left unexpanded
+            if ptype == 'c':
+                rep[i:i+1] = args[argnum]
+            # Normal expansion.  Argument is macro expanded first
+            elif ptype == 'e':
+                if argnum not in expanded:
+                    expanded[argnum] = self.expand_macros(args[argnum])
+                rep[i:i+1] = expanded[argnum]
+
+        # Get rid of removed comma if necessary
+        if comma_patch:
+            rep = [_i for _i in rep if _i]
+
+        return rep
+
+
+    # ----------------------------------------------------------------------
+    # expand_macros()
+    #
+    # Given a list of tokens, this function performs macro expansion.
+    # The expanded argument is a dictionary that contains macros already
+    # expanded.  This is used to prevent infinite recursion.
+    # ----------------------------------------------------------------------
+
+    def expand_macros(self,tokens,expanded=None):
+        if expanded is None:
+            expanded = {}
+        i = 0
+        while i < len(tokens):
+            t = tokens[i]
+            if t.type == self.t_ID:
+                if t.value in self.macros and t.value not in expanded:
+                    # Yes, we found a macro match
+                    expanded[t.value] = True
+
+                    m = self.macros[t.value]
+                    if not m.arglist:
+                        # A simple macro
+                        ex = self.expand_macros([copy.copy(_x) for _x in m.value],expanded)
+                        for e in ex:
+                            e.lineno = t.lineno
+                        tokens[i:i+1] = ex
+                        i += len(ex)
+                    else:
+                        # A macro with arguments
+                        j = i + 1
+                        while j < len(tokens) and tokens[j].type in self.t_WS:
+                            j += 1
+                        if j < len(tokens) and tokens[j].value == '(':
+                            tokcount,args,positions = self.collect_args(tokens[j:])
+                            if not m.variadic and len(args) !=  len(m.arglist):
+                                self.error(self.source,t.lineno,"Macro %s requires %d arguments" % (t.value,len(m.arglist)))
+                                i = j + tokcount
+                            elif m.variadic and len(args) < len(m.arglist)-1:
+                                if len(m.arglist) > 2:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d arguments" % (t.value, len(m.arglist)-1))
+                                else:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d argument" % (t.value, len(m.arglist)-1))
+                                i = j + tokcount
+                            else:
+                                if m.variadic:
+                                    if len(args) == len(m.arglist)-1:
+                                        args.append([])
+                                    else:
+                                        args[len(m.arglist)-1] = tokens[j+positions[len(m.arglist)-1]:j+tokcount-1]
+                                        del args[len(m.arglist):]
+
+                                # Get macro replacement text
+                                rep = self.macro_expand_args(m,args)
+                                rep = self.expand_macros(rep,expanded)
+                                for r in rep:
+                                    r.lineno = t.lineno
+                                tokens[i:j+tokcount] = rep
+                                i += len(rep)
+                        else:
+                            # This is not a macro. It is just a word which
+                            # equals to name of the macro. Hence, go to the
+                            # next token.
+                            i += 1
+
+                    del expanded[t.value]
+                    continue
+                elif t.value == '__LINE__':
+                    t.type = self.t_INTEGER
+                    t.value = self.t_INTEGER_TYPE(t.lineno)
+
+            i += 1
+        return tokens
+
+    # ----------------------------------------------------------------------
+    # evalexpr()
+    #
+    # Evaluate an expression token sequence for the purposes of evaluating
+    # integral expressions.
+    # ----------------------------------------------------------------------
+
+    def evalexpr(self,tokens):
+        # tokens = tokenize(line)
+        # Search for defined macros
+        i = 0
+        while i < len(tokens):
+            if tokens[i].type == self.t_ID and tokens[i].value == 'defined':
+                j = i + 1
+                needparen = False
+                result = "0L"
+                while j < len(tokens):
+                    if tokens[j].type in self.t_WS:
+                        j += 1
+                        continue
+                    elif tokens[j].type == self.t_ID:
+                        if tokens[j].value in self.macros:
+                            result = "1L"
+                        else:
+                            result = "0L"
+                        if not needparen: break
+                    elif tokens[j].value == '(':
+                        needparen = True
+                    elif tokens[j].value == ')':
+                        break
+                    else:
+                        self.error(self.source,tokens[i].lineno,"Malformed defined()")
+                    j += 1
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE(result)
+                del tokens[i+1:j+1]
+            i += 1
+        tokens = self.expand_macros(tokens)
+        for i,t in enumerate(tokens):
+            if t.type == self.t_ID:
+                tokens[i] = copy.copy(t)
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE("0L")
+            elif t.type == self.t_INTEGER:
+                tokens[i] = copy.copy(t)
+                # Strip off any trailing suffixes
+                tokens[i].value = str(tokens[i].value)
+                while tokens[i].value[-1] not in "0123456789abcdefABCDEF":
+                    tokens[i].value = tokens[i].value[:-1]
+
+        expr = "".join([str(x.value) for x in tokens])
+        expr = expr.replace("&&"," and ")
+        expr = expr.replace("||"," or ")
+        expr = expr.replace("!"," not ")
+        try:
+            result = eval(expr)
+        except Exception:
+            self.error(self.source,tokens[0].lineno,"Couldn't evaluate expression")
+            result = 0
+        return result
+
+    # ----------------------------------------------------------------------
+    # parsegen()
+    #
+    # Parse an input string/
+    # ----------------------------------------------------------------------
+    def parsegen(self,input,source=None):
+
+        # Replace trigraph sequences
+        t = trigraph(input)
+        lines = self.group_lines(t)
+
+        if not source:
+            source = ""
+
+        self.define("__FILE__ \"%s\"" % source)
+
+        self.source = source
+        chunk = []
+        enable = True
+        iftrigger = False
+        ifstack = []
+
+        for x in lines:
+            for i,tok in enumerate(x):
+                if tok.type not in self.t_WS: break
+            if tok.value == '#':
+                # Preprocessor directive
+
+                # insert necessary whitespace instead of eaten tokens
+                for tok in x:
+                    if tok.type in self.t_WS and '\n' in tok.value:
+                        chunk.append(tok)
+
+                dirtokens = self.tokenstrip(x[i+1:])
+                if dirtokens:
+                    name = dirtokens[0].value
+                    args = self.tokenstrip(dirtokens[1:])
+                else:
+                    name = ""
+                    args = []
+
+                if name == 'define':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.define(args)
+                elif name == 'include':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        oldfile = self.macros['__FILE__']
+                        for tok in self.include(args):
+                            yield tok
+                        self.macros['__FILE__'] = oldfile
+                        self.source = source
+                elif name == 'undef':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.undef(args)
+                elif name == 'ifdef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if not args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'ifndef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'if':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        result = self.evalexpr(args)
+                        if not result:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'elif':
+                    if ifstack:
+                        if ifstack[-1][0]:     # We only pay attention if outer "if" allows this
+                            if enable:         # If already true, we flip enable False
+                                enable = False
+                            elif not iftrigger:   # If False, but not triggered yet, we'll check expression
+                                result = self.evalexpr(args)
+                                if result:
+                                    enable  = True
+                                    iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #elif")
+
+                elif name == 'else':
+                    if ifstack:
+                        if ifstack[-1][0]:
+                            if enable:
+                                enable = False
+                            elif not iftrigger:
+                                enable = True
+                                iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #else")
+
+                elif name == 'endif':
+                    if ifstack:
+                        enable,iftrigger = ifstack.pop()
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #endif")
+                else:
+                    # Unknown preprocessor directive
+                    pass
+
+            else:
+                # Normal text
+                if enable:
+                    chunk.extend(x)
+
+        for tok in self.expand_macros(chunk):
+            yield tok
+        chunk = []
+
+    # ----------------------------------------------------------------------
+    # include()
+    #
+    # Implementation of file-inclusion
+    # ----------------------------------------------------------------------
+
+    def include(self,tokens):
+        # Try to extract the filename and then process an include file
+        if not tokens:
+            return
+        if tokens:
+            if tokens[0].value != '<' and tokens[0].type != self.t_STRING:
+                tokens = self.expand_macros(tokens)
+
+            if tokens[0].value == '<':
+                # Include <...>
+                i = 1
+                while i < len(tokens):
+                    if tokens[i].value == '>':
+                        break
+                    i += 1
+                else:
+                    print("Malformed #include <...>")
+                    return
+                filename = "".join([x.value for x in tokens[1:i]])
+                path = self.path + [""] + self.temp_path
+            elif tokens[0].type == self.t_STRING:
+                filename = tokens[0].value[1:-1]
+                path = self.temp_path + [""] + self.path
+            else:
+                print("Malformed #include statement")
+                return
+        for p in path:
+            iname = os.path.join(p,filename)
+            try:
+                data = open(iname,"r").read()
+                dname = os.path.dirname(iname)
+                if dname:
+                    self.temp_path.insert(0,dname)
+                for tok in self.parsegen(data,filename):
+                    yield tok
+                if dname:
+                    del self.temp_path[0]
+                break
+            except IOError:
+                pass
+        else:
+            print("Couldn't find '%s'" % filename)
+
+    # ----------------------------------------------------------------------
+    # define()
+    #
+    # Define a new macro
+    # ----------------------------------------------------------------------
+
+    def define(self,tokens):
+        if isinstance(tokens,STRING_TYPES):
+            tokens = self.tokenize(tokens)
+
+        linetok = tokens
+        try:
+            name = linetok[0]
+            if len(linetok) > 1:
+                mtype = linetok[1]
+            else:
+                mtype = None
+            if not mtype:
+                m = Macro(name.value,[])
+                self.macros[name.value] = m
+            elif mtype.type in self.t_WS:
+                # A normal macro
+                m = Macro(name.value,self.tokenstrip(linetok[2:]))
+                self.macros[name.value] = m
+            elif mtype.value == '(':
+                # A macro with arguments
+                tokcount, args, positions = self.collect_args(linetok[1:])
+                variadic = False
+                for a in args:
+                    if variadic:
+                        print("No more arguments may follow a variadic argument")
+                        break
+                    astr = "".join([str(_i.value) for _i in a])
+                    if astr == "...":
+                        variadic = True
+                        a[0].type = self.t_ID
+                        a[0].value = '__VA_ARGS__'
+                        variadic = True
+                        del a[1:]
+                        continue
+                    elif astr[-3:] == "..." and a[0].type == self.t_ID:
+                        variadic = True
+                        del a[1:]
+                        # If, for some reason, "." is part of the identifier, strip off the name for the purposes
+                        # of macro expansion
+                        if a[0].value[-3:] == '...':
+                            a[0].value = a[0].value[:-3]
+                        continue
+                    if len(a) > 1 or a[0].type != self.t_ID:
+                        print("Invalid macro argument")
+                        break
+                else:
+                    mvalue = self.tokenstrip(linetok[1+tokcount:])
+                    i = 0
+                    while i < len(mvalue):
+                        if i+1 < len(mvalue):
+                            if mvalue[i].type in self.t_WS and mvalue[i+1].value == '##':
+                                del mvalue[i]
+                                continue
+                            elif mvalue[i].value == '##' and mvalue[i+1].type in self.t_WS:
+                                del mvalue[i+1]
+                        i += 1
+                    m = Macro(name.value,mvalue,[x[0].value for x in args],variadic)
+                    self.macro_prescan(m)
+                    self.macros[name.value] = m
+            else:
+                print("Bad macro definition")
+        except LookupError:
+            print("Bad macro definition")
+
+    # ----------------------------------------------------------------------
+    # undef()
+    #
+    # Undefine a macro
+    # ----------------------------------------------------------------------
+
+    def undef(self,tokens):
+        id = tokens[0].value
+        try:
+            del self.macros[id]
+        except LookupError:
+            pass
+
+    # ----------------------------------------------------------------------
+    # parse()
+    #
+    # Parse input text.
+    # ----------------------------------------------------------------------
+    def parse(self,input,source=None,ignore={}):
+        self.ignore = ignore
+        self.parser = self.parsegen(input,source)
+
+    # ----------------------------------------------------------------------
+    # token()
+    #
+    # Method to return individual tokens
+    # ----------------------------------------------------------------------
+    def token(self):
+        try:
+            while True:
+                tok = next(self.parser)
+                if tok.type not in self.ignore: return tok
+        except StopIteration:
+            self.parser = None
+            return None
+
+if __name__ == '__main__':
+    import ply.lex as lex
+    lexer = lex.lex()
+
+    # Run a preprocessor
+    import sys
+    f = open(sys.argv[1])
+    input = f.read()
+
+    p = Preprocessor(lexer)
+    p.parse(input,sys.argv[1])
+    while True:
+        tok = p.token()
+        if not tok: break
+        print(p.source, tok)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/ctokens.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/ctokens.py
new file mode 100644
index 000000000..b265e59ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/ctokens.py
@@ -0,0 +1,127 @@
+# ----------------------------------------------------------------------
+# ctokens.py
+#
+# Token specifications for symbols in ANSI C and C++.  This file is
+# meant to be used as a library in other tokenizers.
+# ----------------------------------------------------------------------
+
+# Reserved words
+
+tokens = [
+    # Literals (identifier, integer constant, float constant, string constant, char const)
+    'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',
+
+    # Operators (+,-,*,/,%,|,&,~,^,<<,>>, ||, &&, !, <, <=, >, >=, ==, !=)
+    'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',
+    'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',
+    'LOR', 'LAND', 'LNOT',
+    'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',
+
+    # Assignment (=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^=, |=)
+    'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',
+    'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',
+
+    # Increment/decrement (++,--)
+    'INCREMENT', 'DECREMENT',
+
+    # Structure dereference (->)
+    'ARROW',
+
+    # Ternary operator (?)
+    'TERNARY',
+
+    # Delimeters ( ) [ ] { } , . ; :
+    'LPAREN', 'RPAREN',
+    'LBRACKET', 'RBRACKET',
+    'LBRACE', 'RBRACE',
+    'COMMA', 'PERIOD', 'SEMI', 'COLON',
+
+    # Ellipsis (...)
+    'ELLIPSIS',
+]
+
+# Operators
+t_PLUS             = r'\+'
+t_MINUS            = r'-'
+t_TIMES            = r'\*'
+t_DIVIDE           = r'/'
+t_MODULO           = r'%'
+t_OR               = r'\|'
+t_AND              = r'&'
+t_NOT              = r'~'
+t_XOR              = r'\^'
+t_LSHIFT           = r'<<'
+t_RSHIFT           = r'>>'
+t_LOR              = r'\|\|'
+t_LAND             = r'&&'
+t_LNOT             = r'!'
+t_LT               = r'<'
+t_GT               = r'>'
+t_LE               = r'<='
+t_GE               = r'>='
+t_EQ               = r'=='
+t_NE               = r'!='
+
+# Assignment operators
+
+t_EQUALS           = r'='
+t_TIMESEQUAL       = r'\*='
+t_DIVEQUAL         = r'/='
+t_MODEQUAL         = r'%='
+t_PLUSEQUAL        = r'\+='
+t_MINUSEQUAL       = r'-='
+t_LSHIFTEQUAL      = r'<<='
+t_RSHIFTEQUAL      = r'>>='
+t_ANDEQUAL         = r'&='
+t_OREQUAL          = r'\|='
+t_XOREQUAL         = r'\^='
+
+# Increment/decrement
+t_INCREMENT        = r'\+\+'
+t_DECREMENT        = r'--'
+
+# ->
+t_ARROW            = r'->'
+
+# ?
+t_TERNARY          = r'\?'
+
+# Delimeters
+t_LPAREN           = r'\('
+t_RPAREN           = r'\)'
+t_LBRACKET         = r'\['
+t_RBRACKET         = r'\]'
+t_LBRACE           = r'\{'
+t_RBRACE           = r'\}'
+t_COMMA            = r','
+t_PERIOD           = r'\.'
+t_SEMI             = r';'
+t_COLON            = r':'
+t_ELLIPSIS         = r'\.\.\.'
+
+# Identifiers
+t_ID = r'[A-Za-z_][A-Za-z0-9_]*'
+
+# Integer literal
+t_INTEGER = r'\d+([uU]|[lL]|[uU][lL]|[lL][uU])?'
+
+# Floating literal
+t_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+t_STRING = r'\"([^\\\n]|(\\.))*?\"'
+
+# Character constant 'c' or L'c'
+t_CHARACTER = r'(L)?\'([^\\\n]|(\\.))*?\''
+
+# Comment (C-Style)
+def t_COMMENT(t):
+    r'/\*(.|\n)*?\*/'
+    t.lexer.lineno += t.value.count('\n')
+    return t
+
+# Comment (C++-Style)
+def t_CPPCOMMENT(t):
+    r'//.*\n'
+    t.lexer.lineno += 1
+    return t
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/lex.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/lex.py
new file mode 100644
index 000000000..f95bcdbf1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/lex.py
@@ -0,0 +1,1098 @@
+# -----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+import re
+import sys
+import types
+import copy
+import os
+import inspect
+
+# This tuple contains known string types
+try:
+    # Python 2.6
+    StringTypes = (types.StringType, types.UnicodeType)
+except AttributeError:
+    # Python 3.0
+    StringTypes = (str, bytes)
+
+# This regular expression is used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+    def __init__(self, message, s):
+        self.args = (message,)
+        self.text = s
+
+
+# Token class.  This class is used to represent the tokens produced.
+class LexToken(object):
+    def __str__(self):
+        return 'LexToken(%s,%r,%d,%d)' % (self.type, self.value, self.lineno, self.lexpos)
+
+    def __repr__(self):
+        return str(self)
+
+
+# This object is a stand-in for a logging object created by the
+# logging module.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def critical(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    info = critical
+    debug = critical
+
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+
+# -----------------------------------------------------------------------------
+#                        === Lexing Engine ===
+#
+# The following Lexer class implements the lexer runtime.   There are only
+# a few public methods and attributes:
+#
+#    input()          -  Store a new string in the lexer
+#    token()          -  Get the next token
+#    clone()          -  Clone the lexer
+#
+#    lineno           -  Current line number
+#    lexpos           -  Current position in the input string
+# -----------------------------------------------------------------------------
+
+class Lexer:
+    def __init__(self):
+        self.lexre = None             # Master regular expression. This is a list of
+                                      # tuples (re, findex) where re is a compiled
+                                      # regular expression and findex is a list
+                                      # mapping regex group numbers to rules
+        self.lexretext = None         # Current regular expression strings
+        self.lexstatere = {}          # Dictionary mapping lexer states to master regexs
+        self.lexstateretext = {}      # Dictionary mapping lexer states to regex strings
+        self.lexstaterenames = {}     # Dictionary mapping lexer states to symbol names
+        self.lexstate = 'INITIAL'     # Current lexer state
+        self.lexstatestack = []       # Stack of lexer states
+        self.lexstateinfo = None      # State information
+        self.lexstateignore = {}      # Dictionary of ignored characters for each state
+        self.lexstateerrorf = {}      # Dictionary of error functions for each state
+        self.lexstateeoff = {}        # Dictionary of eof functions for each state
+        self.lexreflags = 0           # Optional re compile flags
+        self.lexdata = None           # Actual input data (as a string)
+        self.lexpos = 0               # Current position in input text
+        self.lexlen = 0               # Length of the input text
+        self.lexerrorf = None         # Error rule (if any)
+        self.lexeoff = None           # EOF rule (if any)
+        self.lextokens = None         # List of valid tokens
+        self.lexignore = ''           # Ignored characters
+        self.lexliterals = ''         # Literal characters that can be passed through
+        self.lexmodule = None         # Module
+        self.lineno = 1               # Current line number
+        self.lexoptimize = False      # Optimized mode
+
+    def clone(self, object=None):
+        c = copy.copy(self)
+
+        # If the object parameter has been supplied, it means we are attaching the
+        # lexer to a new object.  In this case, we have to rebind all methods in
+        # the lexstatere and lexstateerrorf tables.
+
+        if object:
+            newtab = {}
+            for key, ritem in self.lexstatere.items():
+                newre = []
+                for cre, findex in ritem:
+                    newfindex = []
+                    for f in findex:
+                        if not f or not f[0]:
+                            newfindex.append(f)
+                            continue
+                        newfindex.append((getattr(object, f[0].__name__), f[1]))
+                newre.append((cre, newfindex))
+                newtab[key] = newre
+            c.lexstatere = newtab
+            c.lexstateerrorf = {}
+            for key, ef in self.lexstateerrorf.items():
+                c.lexstateerrorf[key] = getattr(object, ef.__name__)
+            c.lexmodule = object
+        return c
+
+    # ------------------------------------------------------------
+    # writetab() - Write lexer information to a table file
+    # ------------------------------------------------------------
+    def writetab(self, lextab, outputdir=''):
+        if isinstance(lextab, types.ModuleType):
+            raise IOError("Won't overwrite existing lextab module")
+        basetabmodule = lextab.split('.')[-1]
+        filename = os.path.join(outputdir, basetabmodule) + '.py'
+        with open(filename, 'w') as tf:
+            tf.write('# %s.py. This file automatically created by PLY (version %s). Don\'t edit!\n' % (basetabmodule, __version__))
+            tf.write('_tabversion   = %s\n' % repr(__tabversion__))
+            tf.write('_lextokens    = set(%s)\n' % repr(tuple(sorted(self.lextokens))))
+            tf.write('_lexreflags   = %s\n' % repr(int(self.lexreflags)))
+            tf.write('_lexliterals  = %s\n' % repr(self.lexliterals))
+            tf.write('_lexstateinfo = %s\n' % repr(self.lexstateinfo))
+
+            # Rewrite the lexstatere table, replacing function objects with function names
+            tabre = {}
+            for statename, lre in self.lexstatere.items():
+                titem = []
+                for (pat, func), retext, renames in zip(lre, self.lexstateretext[statename], self.lexstaterenames[statename]):
+                    titem.append((retext, _funcs_to_names(func, renames)))
+                tabre[statename] = titem
+
+            tf.write('_lexstatere   = %s\n' % repr(tabre))
+            tf.write('_lexstateignore = %s\n' % repr(self.lexstateignore))
+
+            taberr = {}
+            for statename, ef in self.lexstateerrorf.items():
+                taberr[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateerrorf = %s\n' % repr(taberr))
+
+            tabeof = {}
+            for statename, ef in self.lexstateeoff.items():
+                tabeof[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateeoff = %s\n' % repr(tabeof))
+
+    # ------------------------------------------------------------
+    # readtab() - Read lexer information from a tab file
+    # ------------------------------------------------------------
+    def readtab(self, tabfile, fdict):
+        if isinstance(tabfile, types.ModuleType):
+            lextab = tabfile
+        else:
+            exec('import %s' % tabfile)
+            lextab = sys.modules[tabfile]
+
+        if getattr(lextab, '_tabversion', '0.0') != __tabversion__:
+            raise ImportError('Inconsistent PLY version')
+
+        self.lextokens      = lextab._lextokens
+        self.lexreflags     = lextab._lexreflags
+        self.lexliterals    = lextab._lexliterals
+        self.lextokens_all  = self.lextokens | set(self.lexliterals)
+        self.lexstateinfo   = lextab._lexstateinfo
+        self.lexstateignore = lextab._lexstateignore
+        self.lexstatere     = {}
+        self.lexstateretext = {}
+        for statename, lre in lextab._lexstatere.items():
+            titem = []
+            txtitem = []
+            for pat, func_name in lre:
+                titem.append((re.compile(pat, lextab._lexreflags), _names_to_funcs(func_name, fdict)))
+
+            self.lexstatere[statename] = titem
+            self.lexstateretext[statename] = txtitem
+
+        self.lexstateerrorf = {}
+        for statename, ef in lextab._lexstateerrorf.items():
+            self.lexstateerrorf[statename] = fdict[ef]
+
+        self.lexstateeoff = {}
+        for statename, ef in lextab._lexstateeoff.items():
+            self.lexstateeoff[statename] = fdict[ef]
+
+        self.begin('INITIAL')
+
+    # ------------------------------------------------------------
+    # input() - Push a new string into the lexer
+    # ------------------------------------------------------------
+    def input(self, s):
+        # Pull off the first character to see if s looks like a string
+        c = s[:1]
+        if not isinstance(c, StringTypes):
+            raise ValueError('Expected a string')
+        self.lexdata = s
+        self.lexpos = 0
+        self.lexlen = len(s)
+
+    # ------------------------------------------------------------
+    # begin() - Changes the lexing state
+    # ------------------------------------------------------------
+    def begin(self, state):
+        if state not in self.lexstatere:
+            raise ValueError('Undefined state')
+        self.lexre = self.lexstatere[state]
+        self.lexretext = self.lexstateretext[state]
+        self.lexignore = self.lexstateignore.get(state, '')
+        self.lexerrorf = self.lexstateerrorf.get(state, None)
+        self.lexeoff = self.lexstateeoff.get(state, None)
+        self.lexstate = state
+
+    # ------------------------------------------------------------
+    # push_state() - Changes the lexing state and saves old on stack
+    # ------------------------------------------------------------
+    def push_state(self, state):
+        self.lexstatestack.append(self.lexstate)
+        self.begin(state)
+
+    # ------------------------------------------------------------
+    # pop_state() - Restores the previous state
+    # ------------------------------------------------------------
+    def pop_state(self):
+        self.begin(self.lexstatestack.pop())
+
+    # ------------------------------------------------------------
+    # current_state() - Returns the current lexing state
+    # ------------------------------------------------------------
+    def current_state(self):
+        return self.lexstate
+
+    # ------------------------------------------------------------
+    # skip() - Skip ahead n characters
+    # ------------------------------------------------------------
+    def skip(self, n):
+        self.lexpos += n
+
+    # ------------------------------------------------------------
+    # opttoken() - Return the next token from the Lexer
+    #
+    # Note: This function has been carefully implemented to be as fast
+    # as possible.  Don't make changes unless you really know what
+    # you are doing
+    # ------------------------------------------------------------
+    def token(self):
+        # Make local copies of frequently referenced attributes
+        lexpos    = self.lexpos
+        lexlen    = self.lexlen
+        lexignore = self.lexignore
+        lexdata   = self.lexdata
+
+        while lexpos < lexlen:
+            # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+            if lexdata[lexpos] in lexignore:
+                lexpos += 1
+                continue
+
+            # Look for a regular expression match
+            for lexre, lexindexfunc in self.lexre:
+                m = lexre.match(lexdata, lexpos)
+                if not m:
+                    continue
+
+                # Create a token for return
+                tok = LexToken()
+                tok.value = m.group()
+                tok.lineno = self.lineno
+                tok.lexpos = lexpos
+
+                i = m.lastindex
+                func, tok.type = lexindexfunc[i]
+
+                if not func:
+                    # If no token type was set, it's an ignored token
+                    if tok.type:
+                        self.lexpos = m.end()
+                        return tok
+                    else:
+                        lexpos = m.end()
+                        break
+
+                lexpos = m.end()
+
+                # If token is processed by a function, call it
+
+                tok.lexer = self      # Set additional attributes useful in token rules
+                self.lexmatch = m
+                self.lexpos = lexpos
+
+                newtok = func(tok)
+
+                # Every function must return a token, if nothing, we just move to next token
+                if not newtok:
+                    lexpos    = self.lexpos         # This is here in case user has updated lexpos.
+                    lexignore = self.lexignore      # This is here in case there was a state change
+                    break
+
+                # Verify type of the token.  If not in the token map, raise an error
+                if not self.lexoptimize:
+                    if newtok.type not in self.lextokens_all:
+                        raise LexError("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+                            func.__code__.co_filename, func.__code__.co_firstlineno,
+                            func.__name__, newtok.type), lexdata[lexpos:])
+
+                return newtok
+            else:
+                # No match, see if in literals
+                if lexdata[lexpos] in self.lexliterals:
+                    tok = LexToken()
+                    tok.value = lexdata[lexpos]
+                    tok.lineno = self.lineno
+                    tok.type = tok.value
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos + 1
+                    return tok
+
+                # No match. Call t_error() if defined.
+                if self.lexerrorf:
+                    tok = LexToken()
+                    tok.value = self.lexdata[lexpos:]
+                    tok.lineno = self.lineno
+                    tok.type = 'error'
+                    tok.lexer = self
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos
+                    newtok = self.lexerrorf(tok)
+                    if lexpos == self.lexpos:
+                        # Error method didn't change text position at all. This is an error.
+                        raise LexError("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+                    lexpos = self.lexpos
+                    if not newtok:
+                        continue
+                    return newtok
+
+                self.lexpos = lexpos
+                raise LexError("Illegal character '%s' at index %d" % (lexdata[lexpos], lexpos), lexdata[lexpos:])
+
+        if self.lexeoff:
+            tok = LexToken()
+            tok.type = 'eof'
+            tok.value = ''
+            tok.lineno = self.lineno
+            tok.lexpos = lexpos
+            tok.lexer = self
+            self.lexpos = lexpos
+            newtok = self.lexeoff(tok)
+            return newtok
+
+        self.lexpos = lexpos + 1
+        if self.lexdata is None:
+            raise RuntimeError('No input string given with input()')
+        return None
+
+    # Iterator interface
+    def __iter__(self):
+        return self
+
+    def next(self):
+        t = self.token()
+        if t is None:
+            raise StopIteration
+        return t
+
+    __next__ = next
+
+# -----------------------------------------------------------------------------
+#                           ==== Lex Builder ===
+#
+# The functions and classes below are used to collect lexing information
+# and build a Lexer object from it.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _get_regex(func)
+#
+# Returns the regular expression assigned to a function either as a doc string
+# or as a .regex attribute attached by the @TOKEN decorator.
+# -----------------------------------------------------------------------------
+def _get_regex(func):
+    return getattr(func, 'regex', func.__doc__)
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+def _funcs_to_names(funclist, namelist):
+    result = []
+    for f, name in zip(funclist, namelist):
+        if f and f[0]:
+            result.append((name, f[1]))
+        else:
+            result.append(f)
+    return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+def _names_to_funcs(namelist, fdict):
+    result = []
+    for n in namelist:
+        if n and n[0]:
+            result.append((fdict[n[0]], n[1]))
+        else:
+            result.append(n)
+    return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression.  Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+def _form_master_re(relist, reflags, ldict, toknames):
+    if not relist:
+        return []
+    regex = '|'.join(relist)
+    try:
+        lexre = re.compile(regex, reflags)
+
+        # Build the index to function map for the matching engine
+        lexindexfunc = [None] * (max(lexre.groupindex.values()) + 1)
+        lexindexnames = lexindexfunc[:]
+
+        for f, i in lexre.groupindex.items():
+            handle = ldict.get(f, None)
+            if type(handle) in (types.FunctionType, types.MethodType):
+                lexindexfunc[i] = (handle, toknames[f])
+                lexindexnames[i] = f
+            elif handle is not None:
+                lexindexnames[i] = f
+                if f.find('ignore_') > 0:
+                    lexindexfunc[i] = (None, None)
+                else:
+                    lexindexfunc[i] = (None, toknames[f])
+
+        return [(lexre, lexindexfunc)], [regex], [lexindexnames]
+    except Exception:
+        m = int(len(relist)/2)
+        if m == 0:
+            m = 1
+        llist, lre, lnames = _form_master_re(relist[:m], reflags, ldict, toknames)
+        rlist, rre, rnames = _form_master_re(relist[m:], reflags, ldict, toknames)
+        return (llist+rlist), (lre+rre), (lnames+rnames)
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token.  For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+def _statetoken(s, names):
+    parts = s.split('_')
+    for i, part in enumerate(parts[1:], 1):
+        if part not in names and part != 'ANY':
+            break
+
+    if i > 1:
+        states = tuple(parts[1:i])
+    else:
+        states = ('INITIAL',)
+
+    if 'ANY' in states:
+        states = tuple(names)
+
+    tokenname = '_'.join(parts[i:])
+    return (states, tokenname)
+
+
+# -----------------------------------------------------------------------------
+# LexerReflect()
+#
+# This class represents information needed to build a lexer as extracted from a
+# user's input file.
+# -----------------------------------------------------------------------------
+class LexerReflect(object):
+    def __init__(self, ldict, log=None, reflags=0):
+        self.ldict      = ldict
+        self.error_func = None
+        self.tokens     = []
+        self.reflags    = reflags
+        self.stateinfo  = {'INITIAL': 'inclusive'}
+        self.modules    = set()
+        self.error      = False
+        self.log        = PlyLogger(sys.stderr) if log is None else log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_tokens()
+        self.get_literals()
+        self.get_states()
+        self.get_rules()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_tokens()
+        self.validate_literals()
+        self.validate_rules()
+        return self.error
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.ldict.get('tokens', None)
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = tokens
+
+    # Validate the tokens
+    def validate_tokens(self):
+        terminals = {}
+        for n in self.tokens:
+            if not _is_identifier.match(n):
+                self.log.error("Bad token name '%s'", n)
+                self.error = True
+            if n in terminals:
+                self.log.warning("Token '%s' multiply defined", n)
+            terminals[n] = 1
+
+    # Get the literals specifier
+    def get_literals(self):
+        self.literals = self.ldict.get('literals', '')
+        if not self.literals:
+            self.literals = ''
+
+    # Validate literals
+    def validate_literals(self):
+        try:
+            for c in self.literals:
+                if not isinstance(c, StringTypes) or len(c) > 1:
+                    self.log.error('Invalid literal %s. Must be a single character', repr(c))
+                    self.error = True
+
+        except TypeError:
+            self.log.error('Invalid literals specification. literals must be a sequence of characters')
+            self.error = True
+
+    def get_states(self):
+        self.states = self.ldict.get('states', None)
+        # Build statemap
+        if self.states:
+            if not isinstance(self.states, (tuple, list)):
+                self.log.error('states must be defined as a tuple or list')
+                self.error = True
+            else:
+                for s in self.states:
+                    if not isinstance(s, tuple) or len(s) != 2:
+                        self.log.error("Invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')", repr(s))
+                        self.error = True
+                        continue
+                    name, statetype = s
+                    if not isinstance(name, StringTypes):
+                        self.log.error('State name %s must be a string', repr(name))
+                        self.error = True
+                        continue
+                    if not (statetype == 'inclusive' or statetype == 'exclusive'):
+                        self.log.error("State type for state %s must be 'inclusive' or 'exclusive'", name)
+                        self.error = True
+                        continue
+                    if name in self.stateinfo:
+                        self.log.error("State '%s' already defined", name)
+                        self.error = True
+                        continue
+                    self.stateinfo[name] = statetype
+
+    # Get all of the symbols with a t_ prefix and sort them into various
+    # categories (functions, strings, error functions, and ignore characters)
+
+    def get_rules(self):
+        tsymbols = [f for f in self.ldict if f[:2] == 't_']
+
+        # Now build up a list of functions and a list of strings
+        self.toknames = {}        # Mapping of symbols to token names
+        self.funcsym  = {}        # Symbols defined as functions
+        self.strsym   = {}        # Symbols defined as strings
+        self.ignore   = {}        # Ignore strings by state
+        self.errorf   = {}        # Error functions by state
+        self.eoff     = {}        # EOF functions by state
+
+        for s in self.stateinfo:
+            self.funcsym[s] = []
+            self.strsym[s] = []
+
+        if len(tsymbols) == 0:
+            self.log.error('No rules of the form t_rulename are defined')
+            self.error = True
+            return
+
+        for f in tsymbols:
+            t = self.ldict[f]
+            states, tokname = _statetoken(f, self.stateinfo)
+            self.toknames[f] = tokname
+
+            if hasattr(t, '__call__'):
+                if tokname == 'error':
+                    for s in states:
+                        self.errorf[s] = t
+                elif tokname == 'eof':
+                    for s in states:
+                        self.eoff[s] = t
+                elif tokname == 'ignore':
+                    line = t.__code__.co_firstlineno
+                    file = t.__code__.co_filename
+                    self.log.error("%s:%d: Rule '%s' must be defined as a string", file, line, t.__name__)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.funcsym[s].append((f, t))
+            elif isinstance(t, StringTypes):
+                if tokname == 'ignore':
+                    for s in states:
+                        self.ignore[s] = t
+                    if '\\' in t:
+                        self.log.warning("%s contains a literal backslash '\\'", f)
+
+                elif tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", f)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.strsym[s].append((f, t))
+            else:
+                self.log.error('%s not defined as a function or string', f)
+                self.error = True
+
+        # Sort the functions by line number
+        for f in self.funcsym.values():
+            f.sort(key=lambda x: x[1].__code__.co_firstlineno)
+
+        # Sort the strings by regular expression length
+        for s in self.strsym.values():
+            s.sort(key=lambda x: len(x[1]), reverse=True)
+
+    # Validate all of the t_rules collected
+    def validate_rules(self):
+        for state in self.stateinfo:
+            # Validate all rules defined by functions
+
+            for fname, f in self.funcsym[state]:
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                tokname = self.toknames[fname]
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if not _get_regex(f):
+                    self.log.error("%s:%d: No regular expression defined for rule '%s'", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (fname, _get_regex(f)), self.reflags)
+                    if c.match(''):
+                        self.log.error("%s:%d: Regular expression for rule '%s' matches empty string", file, line, f.__name__)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("%s:%d: Invalid regular expression for rule '%s'. %s", file, line, f.__name__, e)
+                    if '#' in _get_regex(f):
+                        self.log.error("%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'", file, line, f.__name__)
+                    self.error = True
+
+            # Validate all rules defined by strings
+            for name, r in self.strsym[state]:
+                tokname = self.toknames[name]
+                if tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", name)
+                    self.error = True
+                    continue
+
+                if tokname not in self.tokens and tokname.find('ignore_') < 0:
+                    self.log.error("Rule '%s' defined for an unspecified token %s", name, tokname)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (name, r), self.reflags)
+                    if (c.match('')):
+                        self.log.error("Regular expression for rule '%s' matches empty string", name)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("Invalid regular expression for rule '%s'. %s", name, e)
+                    if '#' in r:
+                        self.log.error("Make sure '#' in rule '%s' is escaped with '\\#'", name)
+                    self.error = True
+
+            if not self.funcsym[state] and not self.strsym[state]:
+                self.log.error("No rules defined for state '%s'", state)
+                self.error = True
+
+            # Validate the error function
+            efunc = self.errorf.get(state, None)
+            if efunc:
+                f = efunc
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+
+        for module in self.modules:
+            self.validate_module(module)
+
+    # -----------------------------------------------------------------------------
+    # validate_module()
+    #
+    # This checks to see if there are duplicated t_rulename() functions or strings
+    # in the parser input file.  This is done using a simple regular expression
+    # match on each line in the source code of the given module.
+    # -----------------------------------------------------------------------------
+
+    def validate_module(self, module):
+        try:
+            lines, linen = inspect.getsourcelines(module)
+        except IOError:
+            return
+
+        fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+        sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+
+        counthash = {}
+        linen += 1
+        for line in lines:
+            m = fre.match(line)
+            if not m:
+                m = sre.match(line)
+            if m:
+                name = m.group(1)
+                prev = counthash.get(name)
+                if not prev:
+                    counthash[name] = linen
+                else:
+                    filename = inspect.getsourcefile(module)
+                    self.log.error('%s:%d: Rule %s redefined. Previously defined on line %d', filename, linen, name, prev)
+                    self.error = True
+            linen += 1
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None, object=None, debug=False, optimize=False, lextab='lextab',
+        reflags=int(re.VERBOSE), nowarn=False, outputdir=None, debuglog=None, errorlog=None):
+
+    if lextab is None:
+        lextab = 'lextab'
+
+    global lexer
+
+    ldict = None
+    stateinfo  = {'INITIAL': 'inclusive'}
+    lexobj = Lexer()
+    lexobj.lexoptimize = optimize
+    global token, input
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    if debug:
+        if debuglog is None:
+            debuglog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the lexer
+    if object:
+        module = object
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        ldict = dict(_items)
+        # If no __file__ attribute is available, try to obtain it from the __module__ instead
+        if '__file__' not in ldict:
+            ldict['__file__'] = sys.modules[ldict['__module__']].__file__
+    else:
+        ldict = get_caller_module_dict(2)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = ldict.get('__package__')
+    if pkg and isinstance(lextab, str):
+        if '.' not in lextab:
+            lextab = pkg + '.' + lextab
+
+    # Collect parser information from the dictionary
+    linfo = LexerReflect(ldict, log=errorlog, reflags=reflags)
+    linfo.get_all()
+    if not optimize:
+        if linfo.validate_all():
+            raise SyntaxError("Can't build lexer")
+
+    if optimize and lextab:
+        try:
+            lexobj.readtab(lextab, ldict)
+            token = lexobj.token
+            input = lexobj.input
+            lexer = lexobj
+            return lexobj
+
+        except ImportError:
+            pass
+
+    # Dump some basic debugging information
+    if debug:
+        debuglog.info('lex: tokens   = %r', linfo.tokens)
+        debuglog.info('lex: literals = %r', linfo.literals)
+        debuglog.info('lex: states   = %r', linfo.stateinfo)
+
+    # Build a dictionary of valid token names
+    lexobj.lextokens = set()
+    for n in linfo.tokens:
+        lexobj.lextokens.add(n)
+
+    # Get literals specification
+    if isinstance(linfo.literals, (list, tuple)):
+        lexobj.lexliterals = type(linfo.literals[0])().join(linfo.literals)
+    else:
+        lexobj.lexliterals = linfo.literals
+
+    lexobj.lextokens_all = lexobj.lextokens | set(lexobj.lexliterals)
+
+    # Get the stateinfo dictionary
+    stateinfo = linfo.stateinfo
+
+    regexs = {}
+    # Build the master regular expressions
+    for state in stateinfo:
+        regex_list = []
+
+        # Add rules defined by functions first
+        for fname, f in linfo.funcsym[state]:
+            regex_list.append('(?P<%s>%s)' % (fname, _get_regex(f)))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", fname, _get_regex(f), state)
+
+        # Now add all of the simple rules
+        for name, r in linfo.strsym[state]:
+            regex_list.append('(?P<%s>%s)' % (name, r))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", name, r, state)
+
+        regexs[state] = regex_list
+
+    # Build the master regular expressions
+
+    if debug:
+        debuglog.info('lex: ==== MASTER REGEXS FOLLOW ====')
+
+    for state in regexs:
+        lexre, re_text, re_names = _form_master_re(regexs[state], reflags, ldict, linfo.toknames)
+        lexobj.lexstatere[state] = lexre
+        lexobj.lexstateretext[state] = re_text
+        lexobj.lexstaterenames[state] = re_names
+        if debug:
+            for i, text in enumerate(re_text):
+                debuglog.info("lex: state '%s' : regex[%d] = '%s'", state, i, text)
+
+    # For inclusive states, we need to add the regular expressions from the INITIAL state
+    for state, stype in stateinfo.items():
+        if state != 'INITIAL' and stype == 'inclusive':
+            lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+            lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+            lexobj.lexstaterenames[state].extend(lexobj.lexstaterenames['INITIAL'])
+
+    lexobj.lexstateinfo = stateinfo
+    lexobj.lexre = lexobj.lexstatere['INITIAL']
+    lexobj.lexretext = lexobj.lexstateretext['INITIAL']
+    lexobj.lexreflags = reflags
+
+    # Set up ignore variables
+    lexobj.lexstateignore = linfo.ignore
+    lexobj.lexignore = lexobj.lexstateignore.get('INITIAL', '')
+
+    # Set up error functions
+    lexobj.lexstateerrorf = linfo.errorf
+    lexobj.lexerrorf = linfo.errorf.get('INITIAL', None)
+    if not lexobj.lexerrorf:
+        errorlog.warning('No t_error rule is defined')
+
+    # Set up eof functions
+    lexobj.lexstateeoff = linfo.eoff
+    lexobj.lexeoff = linfo.eoff.get('INITIAL', None)
+
+    # Check state information for ignore and error rules
+    for s, stype in stateinfo.items():
+        if stype == 'exclusive':
+            if s not in linfo.errorf:
+                errorlog.warning("No error rule is defined for exclusive state '%s'", s)
+            if s not in linfo.ignore and lexobj.lexignore:
+                errorlog.warning("No ignore rule is defined for exclusive state '%s'", s)
+        elif stype == 'inclusive':
+            if s not in linfo.errorf:
+                linfo.errorf[s] = linfo.errorf.get('INITIAL', None)
+            if s not in linfo.ignore:
+                linfo.ignore[s] = linfo.ignore.get('INITIAL', '')
+
+    # Create global versions of the token() and input() functions
+    token = lexobj.token
+    input = lexobj.input
+    lexer = lexobj
+
+    # If in optimize mode, we write the lextab
+    if lextab and optimize:
+        if outputdir is None:
+            # If no output directory is set, the location of the output files
+            # is determined according to the following rules:
+            #     - If lextab specifies a package, files go into that package directory
+            #     - Otherwise, files go in the same directory as the specifying module
+            if isinstance(lextab, types.ModuleType):
+                srcfile = lextab.__file__
+            else:
+                if '.' not in lextab:
+                    srcfile = ldict['__file__']
+                else:
+                    parts = lextab.split('.')
+                    pkgname = '.'.join(parts[:-1])
+                    exec('import %s' % pkgname)
+                    srcfile = getattr(sys.modules[pkgname], '__file__', '')
+            outputdir = os.path.dirname(srcfile)
+        try:
+            lexobj.writetab(lextab, outputdir)
+            if lextab in sys.modules:
+                del sys.modules[lextab]
+        except IOError as e:
+            errorlog.warning("Couldn't write lextab module %r. %s" % (lextab, e))
+
+    return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None, data=None):
+    if not data:
+        try:
+            filename = sys.argv[1]
+            f = open(filename)
+            data = f.read()
+            f.close()
+        except IndexError:
+            sys.stdout.write('Reading from standard input (type EOF to end):\n')
+            data = sys.stdin.read()
+
+    if lexer:
+        _input = lexer.input
+    else:
+        _input = input
+    _input(data)
+    if lexer:
+        _token = lexer.token
+    else:
+        _token = token
+
+    while True:
+        tok = _token()
+        if not tok:
+            break
+        sys.stdout.write('(%s,%r,%d,%d)\n' % (tok.type, tok.value, tok.lineno, tok.lexpos))
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+    def set_regex(f):
+        if hasattr(r, '__call__'):
+            f.regex = _get_regex(r)
+        else:
+            f.regex = r
+        return f
+    return set_regex
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/yacc.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/yacc.py
new file mode 100644
index 000000000..88188a1e8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/yacc.py
@@ -0,0 +1,3502 @@
+# -----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammar is specified by supplying the BNF inside
+# Python documentation strings.  The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system.  PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist).  However, most of the variables used during table
+# construction are defined in terms of global variables.  Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing.  LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book).  LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style."   Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+import re
+import types
+import sys
+import os.path
+import inspect
+import warnings
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+#-----------------------------------------------------------------------------
+#                     === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug   = True             # Debugging mode.  If set, yacc generates a
+                               # a 'parser.out' file in the current directory
+
+debug_file  = 'parser.out'     # Default name of the debugging file
+tab_module  = 'parsetab'       # Default name of the table module
+default_lr  = 'LALR'           # Default LR table generation method
+
+error_count = 3                # Number of symbols that must be shifted to leave recovery mode
+
+yaccdevel   = False            # Set to True if developing yacc.  This turns off optimized
+                               # implementations of certain functions.
+
+resultlimit = 40               # Size limit of results when running in debug mode.
+
+pickle_protocol = 0            # Protocol to use when writing pickle files
+
+# String type-checking compatibility
+if sys.version_info[0] < 3:
+    string_types = basestring
+else:
+    string_types = str
+
+MAXINT = sys.maxsize
+
+# This object is a stand-in for a logging object created by the
+# logging module.   PLY will use this by default to create things
+# such as the parser.out file.  If a user wants more detailed
+# information, they can create their own logging object and pass
+# it into PLY.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def debug(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    info = debug
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    critical = debug
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+# Exception raised for yacc-related errors
+class YaccError(Exception):
+    pass
+
+# Format the result message that the parser produces when running in debug mode.
+def format_result(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) > resultlimit:
+        repr_str = repr_str[:resultlimit] + ' ...'
+    result = '<%s @ 0x%x> (%s)' % (type(r).__name__, id(r), repr_str)
+    return result
+
+# Format stack entries when the parser is running in debug mode
+def format_stack_entry(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) < 16:
+        return repr_str
+    else:
+        return '<%s @ 0x%x>' % (type(r).__name__, id(r))
+
+# Panic mode error recovery support.   This feature is being reworked--much of the
+# code here is to offer a deprecation/backwards compatible transition
+
+_errok = None
+_token = None
+_restart = None
+_warnmsg = '''PLY: Don't use global functions errok(), token(), and restart() in p_error().
+Instead, invoke the methods on the associated parser instance:
+
+    def p_error(p):
+        ...
+        # Use parser.errok(), parser.token(), parser.restart()
+        ...
+
+    parser = yacc.yacc()
+'''
+
+def errok():
+    warnings.warn(_warnmsg)
+    return _errok()
+
+def restart():
+    warnings.warn(_warnmsg)
+    return _restart()
+
+def token():
+    warnings.warn(_warnmsg)
+    return _token()
+
+# Utility function to call the p_error() function with some deprecation hacks
+def call_errorfunc(errorfunc, token, parser):
+    global _errok, _token, _restart
+    _errok = parser.errok
+    _token = parser.token
+    _restart = parser.restart
+    r = errorfunc(token)
+    try:
+        del _errok, _token, _restart
+    except NameError:
+        pass
+    return r
+
+#-----------------------------------------------------------------------------
+#                        ===  LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself.  These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+#        .type       = Grammar symbol type
+#        .value      = Symbol value
+#        .lineno     = Starting line number
+#        .endlineno  = Ending line number (optional, set automatically)
+#        .lexpos     = Starting lex position
+#        .endlexpos  = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+    def __str__(self):
+        return self.type
+
+    def __repr__(self):
+        return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule.   Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined).   The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol.  The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+    def __init__(self, s, stack=None):
+        self.slice = s
+        self.stack = stack
+        self.lexer = None
+        self.parser = None
+
+    def __getitem__(self, n):
+        if isinstance(n, slice):
+            return [s.value for s in self.slice[n]]
+        elif n >= 0:
+            return self.slice[n].value
+        else:
+            return self.stack[n].value
+
+    def __setitem__(self, n, v):
+        self.slice[n].value = v
+
+    def __getslice__(self, i, j):
+        return [s.value for s in self.slice[i:j]]
+
+    def __len__(self):
+        return len(self.slice)
+
+    def lineno(self, n):
+        return getattr(self.slice[n], 'lineno', 0)
+
+    def set_lineno(self, n, lineno):
+        self.slice[n].lineno = lineno
+
+    def linespan(self, n):
+        startline = getattr(self.slice[n], 'lineno', 0)
+        endline = getattr(self.slice[n], 'endlineno', startline)
+        return startline, endline
+
+    def lexpos(self, n):
+        return getattr(self.slice[n], 'lexpos', 0)
+
+    def set_lexpos(self, n, lexpos):
+        self.slice[n].lexpos = lexpos
+
+    def lexspan(self, n):
+        startpos = getattr(self.slice[n], 'lexpos', 0)
+        endpos = getattr(self.slice[n], 'endlexpos', startpos)
+        return startpos, endpos
+
+    def error(self):
+        raise SyntaxError
+
+# -----------------------------------------------------------------------------
+#                               == LRParser ==
+#
+# The LR Parsing engine.
+# -----------------------------------------------------------------------------
+
+class LRParser:
+    def __init__(self, lrtab, errorf):
+        self.productions = lrtab.lr_productions
+        self.action = lrtab.lr_action
+        self.goto = lrtab.lr_goto
+        self.errorfunc = errorf
+        self.set_defaulted_states()
+        self.errorok = True
+
+    def errok(self):
+        self.errorok = True
+
+    def restart(self):
+        del self.statestack[:]
+        del self.symstack[:]
+        sym = YaccSymbol()
+        sym.type = '$end'
+        self.symstack.append(sym)
+        self.statestack.append(0)
+
+    # Defaulted state support.
+    # This method identifies parser states where there is only one possible reduction action.
+    # For such states, the parser can make a choose to make a rule reduction without consuming
+    # the next look-ahead token.  This delayed invocation of the tokenizer can be useful in
+    # certain kinds of advanced parsing situations where the lexer and parser interact with
+    # each other or change states (i.e., manipulation of scope, lexer states, etc.).
+    #
+    # See:  http://www.gnu.org/software/bison/manual/html_node/Default-Reductions.html#Default-Reductions
+    def set_defaulted_states(self):
+        self.defaulted_states = {}
+        for state, actions in self.action.items():
+            rules = list(actions.values())
+            if len(rules) == 1 and rules[0] < 0:
+                self.defaulted_states[state] = rules[0]
+
+    def disable_defaulted_states(self):
+        self.defaulted_states = {}
+
+    def parse(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        if debug or yaccdevel:
+            if isinstance(debug, int):
+                debug = PlyLogger(sys.stderr)
+            return self.parsedebug(input, lexer, debug, tracking, tokenfunc)
+        elif tracking:
+            return self.parseopt(input, lexer, debug, tracking, tokenfunc)
+        else:
+            return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
+
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parsedebug().
+    #
+    # This is the debugging enabled version of parse().  All changes made to the
+    # parsing engine should be made here.   Optimized versions of this function
+    # are automatically created by the ply/ygen.py script.  This script cuts out
+    # sections enclosed in markers such as this:
+    #
+    #      #--! DEBUG
+    #      statements
+    #      #--! DEBUG
+    #
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parsedebug(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parsedebug-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+        #--! DEBUG
+        debug.info('PLY: PARSE DEBUG START')
+        #--! DEBUG
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+            #--! DEBUG
+            debug.debug('')
+            debug.debug('State  : %s', state)
+            #--! DEBUG
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+                #--! DEBUG
+                debug.debug('Defaulted state %s: Reduce using %d', state, -t)
+                #--! DEBUG
+
+            #--! DEBUG
+            debug.debug('Stack  : %s',
+                        ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+            #--! DEBUG
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+                    #--! DEBUG
+                    debug.debug('Action : Shift and goto state %s', t)
+                    #--! DEBUG
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+                    #--! DEBUG
+                    if plen:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str,
+                                   '['+','.join([format_stack_entry(_v.value) for _v in symstack[-plen:]])+']',
+                                   goto[statestack[-1-plen]][pname])
+                    else:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str, [],
+                                   goto[statestack[-1]][pname])
+
+                    #--! DEBUG
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    #--! DEBUG
+                    debug.info('Done   : Returning %s', format_result(result))
+                    debug.info('PLY: PARSE DEBUG END')
+                    #--! DEBUG
+                    return result
+
+            if t is None:
+
+                #--! DEBUG
+                debug.error('Error  : %s',
+                            ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+                #--! DEBUG
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parsedebug-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt().
+    #
+    # Optimized version of parse() method.  DO NOT EDIT THIS CODE DIRECTLY!
+    # This code is automatically generated by the ply/ygen.py script. Make
+    # changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt_notrack().
+    #
+    # Optimized version of parseopt() with line number tracking removed.
+    # DO NOT EDIT THIS CODE DIRECTLY. This code is automatically generated
+    # by the ply/ygen.py script. Make changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt_notrack(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-notrack-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-notrack-end
+
+# -----------------------------------------------------------------------------
+#                          === Grammar Representation ===
+#
+# The following functions, classes, and variables are used to represent and
+# manipulate the rules that make up a grammar.
+# -----------------------------------------------------------------------------
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# A grammar rule refers to a specification such as this:
+#
+#       expr : expr PLUS term
+#
+# Here are the basic attributes defined on all productions
+#
+#       name     - Name of the production.  For example 'expr'
+#       prod     - A list of symbols on the right side ['expr','PLUS','term']
+#       prec     - Production precedence level
+#       number   - Production number.
+#       func     - Function that executes on reduce
+#       file     - File where production function is defined
+#       lineno   - Line number where production function is defined
+#
+# The following attributes are defined or optional.
+#
+#       len       - Length of the production (number of symbols on right hand side)
+#       usyms     - Set of unique symbols found in the production
+# -----------------------------------------------------------------------------
+
+class Production(object):
+    reduced = 0
+    def __init__(self, number, name, prod, precedence=('right', 0), func=None, file='', line=0):
+        self.name     = name
+        self.prod     = tuple(prod)
+        self.number   = number
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.prec     = precedence
+
+        # Internal settings used during table construction
+
+        self.len  = len(self.prod)   # Length of the production
+
+        # Create a list of unique production symbols used in the production
+        self.usyms = []
+        for s in self.prod:
+            if s not in self.usyms:
+                self.usyms.append(s)
+
+        # List of all LR items for the production
+        self.lr_items = []
+        self.lr_next = None
+
+        # Create a string representation
+        if self.prod:
+            self.str = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            self.str = '%s -> <empty>' % self.name
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'Production(' + str(self) + ')'
+
+    def __len__(self):
+        return len(self.prod)
+
+    def __nonzero__(self):
+        return 1
+
+    def __getitem__(self, index):
+        return self.prod[index]
+
+    # Return the nth lr_item from the production (or None if at the end)
+    def lr_item(self, n):
+        if n > len(self.prod):
+            return None
+        p = LRItem(self, n)
+        # Precompute the list of productions immediately following.
+        try:
+            p.lr_after = self.Prodnames[p.prod[n+1]]
+        except (IndexError, KeyError):
+            p.lr_after = []
+        try:
+            p.lr_before = p.prod[n-1]
+        except IndexError:
+            p.lr_before = None
+        return p
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+# This class serves as a minimal standin for Production objects when
+# reading table data from files.   It only contains information
+# actually used by the LR parsing engine, plus some additional
+# debugging information.
+class MiniProduction(object):
+    def __init__(self, str, name, len, func, file, line):
+        self.name     = name
+        self.len      = len
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.str      = str
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'MiniProduction(%s)' % self.str
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+
+# -----------------------------------------------------------------------------
+# class LRItem
+#
+# This class represents a specific stage of parsing a production rule.  For
+# example:
+#
+#       expr : expr . PLUS term
+#
+# In the above, the "." represents the current location of the parse.  Here
+# basic attributes:
+#
+#       name       - Name of the production.  For example 'expr'
+#       prod       - A list of symbols on the right side ['expr','.', 'PLUS','term']
+#       number     - Production number.
+#
+#       lr_next      Next LR item. Example, if we are ' expr -> expr . PLUS term'
+#                    then lr_next refers to 'expr -> expr PLUS . term'
+#       lr_index   - LR item index (location of the ".") in the prod list.
+#       lookaheads - LALR lookahead symbols for this item
+#       len        - Length of the production (number of symbols on right hand side)
+#       lr_after    - List of all productions that immediately follow
+#       lr_before   - Grammar symbol immediately before
+# -----------------------------------------------------------------------------
+
+class LRItem(object):
+    def __init__(self, p, n):
+        self.name       = p.name
+        self.prod       = list(p.prod)
+        self.number     = p.number
+        self.lr_index   = n
+        self.lookaheads = {}
+        self.prod.insert(n, '.')
+        self.prod       = tuple(self.prod)
+        self.len        = len(self.prod)
+        self.usyms      = p.usyms
+
+    def __str__(self):
+        if self.prod:
+            s = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            s = '%s -> <empty>' % self.name
+        return s
+
+    def __repr__(self):
+        return 'LRItem(' + str(self) + ')'
+
+# -----------------------------------------------------------------------------
+# rightmost_terminal()
+#
+# Return the rightmost terminal from a list of symbols.  Used in add_production()
+# -----------------------------------------------------------------------------
+def rightmost_terminal(symbols, terminals):
+    i = len(symbols) - 1
+    while i >= 0:
+        if symbols[i] in terminals:
+            return symbols[i]
+        i -= 1
+    return None
+
+# -----------------------------------------------------------------------------
+#                           === GRAMMAR CLASS ===
+#
+# The following class represents the contents of the specified grammar along
+# with various computed properties such as first sets, follow sets, LR items, etc.
+# This data is used for critical parts of the table generation process later.
+# -----------------------------------------------------------------------------
+
+class GrammarError(YaccError):
+    pass
+
+class Grammar(object):
+    def __init__(self, terminals):
+        self.Productions  = [None]  # A list of all of the productions.  The first
+                                    # entry is always reserved for the purpose of
+                                    # building an augmented grammar
+
+        self.Prodnames    = {}      # A dictionary mapping the names of nonterminals to a list of all
+                                    # productions of that nonterminal.
+
+        self.Prodmap      = {}      # A dictionary that is only used to detect duplicate
+                                    # productions.
+
+        self.Terminals    = {}      # A dictionary mapping the names of terminal symbols to a
+                                    # list of the rules where they are used.
+
+        for term in terminals:
+            self.Terminals[term] = []
+
+        self.Terminals['error'] = []
+
+        self.Nonterminals = {}      # A dictionary mapping names of nonterminals to a list
+                                    # of rule numbers where they are used.
+
+        self.First        = {}      # A dictionary of precomputed FIRST(x) symbols
+
+        self.Follow       = {}      # A dictionary of precomputed FOLLOW(x) symbols
+
+        self.Precedence   = {}      # Precedence rules for each terminal. Contains tuples of the
+                                    # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+        self.UsedPrecedence = set() # Precedence rules that were actually used by the grammer.
+                                    # This is only used to provide error checking and to generate
+                                    # a warning about unused precedence rules.
+
+        self.Start = None           # Starting symbol for the grammar
+
+
+    def __len__(self):
+        return len(self.Productions)
+
+    def __getitem__(self, index):
+        return self.Productions[index]
+
+    # -----------------------------------------------------------------------------
+    # set_precedence()
+    #
+    # Sets the precedence for a given terminal. assoc is the associativity such as
+    # 'left','right', or 'nonassoc'.  level is a numeric level.
+    #
+    # -----------------------------------------------------------------------------
+
+    def set_precedence(self, term, assoc, level):
+        assert self.Productions == [None], 'Must call set_precedence() before add_production()'
+        if term in self.Precedence:
+            raise GrammarError('Precedence already specified for terminal %r' % term)
+        if assoc not in ['left', 'right', 'nonassoc']:
+            raise GrammarError("Associativity must be one of 'left','right', or 'nonassoc'")
+        self.Precedence[term] = (assoc, level)
+
+    # -----------------------------------------------------------------------------
+    # add_production()
+    #
+    # Given an action function, this function assembles a production rule and
+    # computes its precedence level.
+    #
+    # The production rule is supplied as a list of symbols.   For example,
+    # a rule such as 'expr : expr PLUS term' has a production name of 'expr' and
+    # symbols ['expr','PLUS','term'].
+    #
+    # Precedence is determined by the precedence of the right-most non-terminal
+    # or the precedence of a terminal specified by %prec.
+    #
+    # A variety of error checks are performed to make sure production symbols
+    # are valid and that %prec is used correctly.
+    # -----------------------------------------------------------------------------
+
+    def add_production(self, prodname, syms, func=None, file='', line=0):
+
+        if prodname in self.Terminals:
+            raise GrammarError('%s:%d: Illegal rule name %r. Already defined as a token' % (file, line, prodname))
+        if prodname == 'error':
+            raise GrammarError('%s:%d: Illegal rule name %r. error is a reserved word' % (file, line, prodname))
+        if not _is_identifier.match(prodname):
+            raise GrammarError('%s:%d: Illegal rule name %r' % (file, line, prodname))
+
+        # Look for literal tokens
+        for n, s in enumerate(syms):
+            if s[0] in "'\"":
+                try:
+                    c = eval(s)
+                    if (len(c) > 1):
+                        raise GrammarError('%s:%d: Literal token %s in rule %r may only be a single character' %
+                                           (file, line, s, prodname))
+                    if c not in self.Terminals:
+                        self.Terminals[c] = []
+                    syms[n] = c
+                    continue
+                except SyntaxError:
+                    pass
+            if not _is_identifier.match(s) and s != '%prec':
+                raise GrammarError('%s:%d: Illegal name %r in rule %r' % (file, line, s, prodname))
+
+        # Determine the precedence level
+        if '%prec' in syms:
+            if syms[-1] == '%prec':
+                raise GrammarError('%s:%d: Syntax error. Nothing follows %%prec' % (file, line))
+            if syms[-2] != '%prec':
+                raise GrammarError('%s:%d: Syntax error. %%prec can only appear at the end of a grammar rule' %
+                                   (file, line))
+            precname = syms[-1]
+            prodprec = self.Precedence.get(precname)
+            if not prodprec:
+                raise GrammarError('%s:%d: Nothing known about the precedence of %r' % (file, line, precname))
+            else:
+                self.UsedPrecedence.add(precname)
+            del syms[-2:]     # Drop %prec from the rule
+        else:
+            # If no %prec, precedence is determined by the rightmost terminal symbol
+            precname = rightmost_terminal(syms, self.Terminals)
+            prodprec = self.Precedence.get(precname, ('right', 0))
+
+        # See if the rule is already in the rulemap
+        map = '%s -> %s' % (prodname, syms)
+        if map in self.Prodmap:
+            m = self.Prodmap[map]
+            raise GrammarError('%s:%d: Duplicate rule %s. ' % (file, line, m) +
+                               'Previous definition at %s:%d' % (m.file, m.line))
+
+        # From this point on, everything is valid.  Create a new Production instance
+        pnumber  = len(self.Productions)
+        if prodname not in self.Nonterminals:
+            self.Nonterminals[prodname] = []
+
+        # Add the production number to Terminals and Nonterminals
+        for t in syms:
+            if t in self.Terminals:
+                self.Terminals[t].append(pnumber)
+            else:
+                if t not in self.Nonterminals:
+                    self.Nonterminals[t] = []
+                self.Nonterminals[t].append(pnumber)
+
+        # Create a production and add it to the list of productions
+        p = Production(pnumber, prodname, syms, prodprec, func, file, line)
+        self.Productions.append(p)
+        self.Prodmap[map] = p
+
+        # Add to the global productions list
+        try:
+            self.Prodnames[prodname].append(p)
+        except KeyError:
+            self.Prodnames[prodname] = [p]
+
+    # -----------------------------------------------------------------------------
+    # set_start()
+    #
+    # Sets the starting symbol and creates the augmented grammar.  Production
+    # rule 0 is S' -> start where start is the start symbol.
+    # -----------------------------------------------------------------------------
+
+    def set_start(self, start=None):
+        if not start:
+            start = self.Productions[1].name
+        if start not in self.Nonterminals:
+            raise GrammarError('start symbol %s undefined' % start)
+        self.Productions[0] = Production(0, "S'", [start])
+        self.Nonterminals[start].append(0)
+        self.Start = start
+
+    # -----------------------------------------------------------------------------
+    # find_unreachable()
+    #
+    # Find all of the nonterminal symbols that can't be reached from the starting
+    # symbol.  Returns a list of nonterminals that can't be reached.
+    # -----------------------------------------------------------------------------
+
+    def find_unreachable(self):
+
+        # Mark all symbols that are reachable from a symbol s
+        def mark_reachable_from(s):
+            if s in reachable:
+                return
+            reachable.add(s)
+            for p in self.Prodnames.get(s, []):
+                for r in p.prod:
+                    mark_reachable_from(r)
+
+        reachable = set()
+        mark_reachable_from(self.Productions[0].prod[0])
+        return [s for s in self.Nonterminals if s not in reachable]
+
+    # -----------------------------------------------------------------------------
+    # infinite_cycles()
+    #
+    # This function looks at the various parsing rules and tries to detect
+    # infinite recursion cycles (grammar rules where there is no possible way
+    # to derive a string of only terminals).
+    # -----------------------------------------------------------------------------
+
+    def infinite_cycles(self):
+        terminates = {}
+
+        # Terminals:
+        for t in self.Terminals:
+            terminates[t] = True
+
+        terminates['$end'] = True
+
+        # Nonterminals:
+
+        # Initialize to false:
+        for n in self.Nonterminals:
+            terminates[n] = False
+
+        # Then propagate termination until no change:
+        while True:
+            some_change = False
+            for (n, pl) in self.Prodnames.items():
+                # Nonterminal n terminates iff any of its productions terminates.
+                for p in pl:
+                    # Production p terminates iff all of its rhs symbols terminate.
+                    for s in p.prod:
+                        if not terminates[s]:
+                            # The symbol s does not terminate,
+                            # so production p does not terminate.
+                            p_terminates = False
+                            break
+                    else:
+                        # didn't break from the loop,
+                        # so every symbol s terminates
+                        # so production p terminates.
+                        p_terminates = True
+
+                    if p_terminates:
+                        # symbol n terminates!
+                        if not terminates[n]:
+                            terminates[n] = True
+                            some_change = True
+                        # Don't need to consider any more productions for this n.
+                        break
+
+            if not some_change:
+                break
+
+        infinite = []
+        for (s, term) in terminates.items():
+            if not term:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    # s is used-but-not-defined, and we've already warned of that,
+                    # so it would be overkill to say that it's also non-terminating.
+                    pass
+                else:
+                    infinite.append(s)
+
+        return infinite
+
+    # -----------------------------------------------------------------------------
+    # undefined_symbols()
+    #
+    # Find all symbols that were used the grammar, but not defined as tokens or
+    # grammar rules.  Returns a list of tuples (sym, prod) where sym in the symbol
+    # and prod is the production where the symbol was used.
+    # -----------------------------------------------------------------------------
+    def undefined_symbols(self):
+        result = []
+        for p in self.Productions:
+            if not p:
+                continue
+
+            for s in p.prod:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    result.append((s, p))
+        return result
+
+    # -----------------------------------------------------------------------------
+    # unused_terminals()
+    #
+    # Find all terminals that were defined, but not used by the grammar.  Returns
+    # a list of all symbols.
+    # -----------------------------------------------------------------------------
+    def unused_terminals(self):
+        unused_tok = []
+        for s, v in self.Terminals.items():
+            if s != 'error' and not v:
+                unused_tok.append(s)
+
+        return unused_tok
+
+    # ------------------------------------------------------------------------------
+    # unused_rules()
+    #
+    # Find all grammar rules that were defined,  but not used (maybe not reachable)
+    # Returns a list of productions.
+    # ------------------------------------------------------------------------------
+
+    def unused_rules(self):
+        unused_prod = []
+        for s, v in self.Nonterminals.items():
+            if not v:
+                p = self.Prodnames[s][0]
+                unused_prod.append(p)
+        return unused_prod
+
+    # -----------------------------------------------------------------------------
+    # unused_precedence()
+    #
+    # Returns a list of tuples (term,precedence) corresponding to precedence
+    # rules that were never used by the grammar.  term is the name of the terminal
+    # on which precedence was applied and precedence is a string such as 'left' or
+    # 'right' corresponding to the type of precedence.
+    # -----------------------------------------------------------------------------
+
+    def unused_precedence(self):
+        unused = []
+        for termname in self.Precedence:
+            if not (termname in self.Terminals or termname in self.UsedPrecedence):
+                unused.append((termname, self.Precedence[termname][0]))
+
+        return unused
+
+    # -------------------------------------------------------------------------
+    # _first()
+    #
+    # Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+    #
+    # During execution of compute_first1, the result may be incomplete.
+    # Afterward (e.g., when called from compute_follow()), it will be complete.
+    # -------------------------------------------------------------------------
+    def _first(self, beta):
+
+        # We are computing First(x1,x2,x3,...,xn)
+        result = []
+        for x in beta:
+            x_produces_empty = False
+
+            # Add all the non-<empty> symbols of First[x] to the result.
+            for f in self.First[x]:
+                if f == '<empty>':
+                    x_produces_empty = True
+                else:
+                    if f not in result:
+                        result.append(f)
+
+            if x_produces_empty:
+                # We have to consider the next x in beta,
+                # i.e. stay in the loop.
+                pass
+            else:
+                # We don't have to consider any further symbols in beta.
+                break
+        else:
+            # There was no 'break' from the loop,
+            # so x_produces_empty was true for all x in beta,
+            # so beta produces empty as well.
+            result.append('<empty>')
+
+        return result
+
+    # -------------------------------------------------------------------------
+    # compute_first()
+    #
+    # Compute the value of FIRST1(X) for all symbols
+    # -------------------------------------------------------------------------
+    def compute_first(self):
+        if self.First:
+            return self.First
+
+        # Terminals:
+        for t in self.Terminals:
+            self.First[t] = [t]
+
+        self.First['$end'] = ['$end']
+
+        # Nonterminals:
+
+        # Initialize to the empty set:
+        for n in self.Nonterminals:
+            self.First[n] = []
+
+        # Then propagate symbols until no change:
+        while True:
+            some_change = False
+            for n in self.Nonterminals:
+                for p in self.Prodnames[n]:
+                    for f in self._first(p.prod):
+                        if f not in self.First[n]:
+                            self.First[n].append(f)
+                            some_change = True
+            if not some_change:
+                break
+
+        return self.First
+
+    # ---------------------------------------------------------------------
+    # compute_follow()
+    #
+    # Computes all of the follow sets for every non-terminal symbol.  The
+    # follow set is the set of all symbols that might follow a given
+    # non-terminal.  See the Dragon book, 2nd Ed. p. 189.
+    # ---------------------------------------------------------------------
+    def compute_follow(self, start=None):
+        # If already computed, return the result
+        if self.Follow:
+            return self.Follow
+
+        # If first sets not computed yet, do that first.
+        if not self.First:
+            self.compute_first()
+
+        # Add '$end' to the follow list of the start symbol
+        for k in self.Nonterminals:
+            self.Follow[k] = []
+
+        if not start:
+            start = self.Productions[1].name
+
+        self.Follow[start] = ['$end']
+
+        while True:
+            didadd = False
+            for p in self.Productions[1:]:
+                # Here is the production set
+                for i, B in enumerate(p.prod):
+                    if B in self.Nonterminals:
+                        # Okay. We got a non-terminal in a production
+                        fst = self._first(p.prod[i+1:])
+                        hasempty = False
+                        for f in fst:
+                            if f != '<empty>' and f not in self.Follow[B]:
+                                self.Follow[B].append(f)
+                                didadd = True
+                            if f == '<empty>':
+                                hasempty = True
+                        if hasempty or i == (len(p.prod)-1):
+                            # Add elements of follow(a) to follow(b)
+                            for f in self.Follow[p.name]:
+                                if f not in self.Follow[B]:
+                                    self.Follow[B].append(f)
+                                    didadd = True
+            if not didadd:
+                break
+        return self.Follow
+
+
+    # -----------------------------------------------------------------------------
+    # build_lritems()
+    #
+    # This function walks the list of productions and builds a complete set of the
+    # LR items.  The LR items are stored in two ways:  First, they are uniquely
+    # numbered and placed in the list _lritems.  Second, a linked list of LR items
+    # is built for each production.  For example:
+    #
+    #   E -> E PLUS E
+    #
+    # Creates the list
+    #
+    #  [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+    # -----------------------------------------------------------------------------
+
+    def build_lritems(self):
+        for p in self.Productions:
+            lastlri = p
+            i = 0
+            lr_items = []
+            while True:
+                if i > len(p):
+                    lri = None
+                else:
+                    lri = LRItem(p, i)
+                    # Precompute the list of productions immediately following
+                    try:
+                        lri.lr_after = self.Prodnames[lri.prod[i+1]]
+                    except (IndexError, KeyError):
+                        lri.lr_after = []
+                    try:
+                        lri.lr_before = lri.prod[i-1]
+                    except IndexError:
+                        lri.lr_before = None
+
+                lastlri.lr_next = lri
+                if not lri:
+                    break
+                lr_items.append(lri)
+                lastlri = lri
+                i += 1
+            p.lr_items = lr_items
+
+# -----------------------------------------------------------------------------
+#                            == Class LRTable ==
+#
+# This basic class represents a basic table of LR parsing information.
+# Methods for generating the tables are not defined here.  They are defined
+# in the derived class LRGeneratedTable.
+# -----------------------------------------------------------------------------
+
+class VersionError(YaccError):
+    pass
+
+class LRTable(object):
+    def __init__(self):
+        self.lr_action = None
+        self.lr_goto = None
+        self.lr_productions = None
+        self.lr_method = None
+
+    def read_table(self, module):
+        if isinstance(module, types.ModuleType):
+            parsetab = module
+        else:
+            exec('import %s' % module)
+            parsetab = sys.modules[module]
+
+        if parsetab._tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+
+        self.lr_action = parsetab._lr_action
+        self.lr_goto = parsetab._lr_goto
+
+        self.lr_productions = []
+        for p in parsetab._lr_productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        self.lr_method = parsetab._lr_method
+        return parsetab._lr_signature
+
+    def read_pickle(self, filename):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+
+        if not os.path.exists(filename):
+          raise ImportError
+
+        in_f = open(filename, 'rb')
+
+        tabversion = pickle.load(in_f)
+        if tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+        self.lr_method = pickle.load(in_f)
+        signature      = pickle.load(in_f)
+        self.lr_action = pickle.load(in_f)
+        self.lr_goto   = pickle.load(in_f)
+        productions    = pickle.load(in_f)
+
+        self.lr_productions = []
+        for p in productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        in_f.close()
+        return signature
+
+    # Bind all production function names to callable objects in pdict
+    def bind_callables(self, pdict):
+        for p in self.lr_productions:
+            p.bind(pdict)
+
+
+# -----------------------------------------------------------------------------
+#                           === LR Generator ===
+#
+# The following classes and functions are used to generate LR parsing tables on
+# a grammar.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+#     F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs:  X    - An input set
+#          R    - A relation
+#          FP   - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X, R, FP):
+    N = {}
+    for x in X:
+        N[x] = 0
+    stack = []
+    F = {}
+    for x in X:
+        if N[x] == 0:
+            traverse(x, N, stack, F, X, R, FP)
+    return F
+
+def traverse(x, N, stack, F, X, R, FP):
+    stack.append(x)
+    d = len(stack)
+    N[x] = d
+    F[x] = FP(x)             # F(X) <- F'(x)
+
+    rel = R(x)               # Get y's related to x
+    for y in rel:
+        if N[y] == 0:
+            traverse(y, N, stack, F, X, R, FP)
+        N[x] = min(N[x], N[y])
+        for a in F.get(y, []):
+            if a not in F[x]:
+                F[x].append(a)
+    if N[x] == d:
+        N[stack[-1]] = MAXINT
+        F[stack[-1]] = F[x]
+        element = stack.pop()
+        while element != x:
+            N[stack[-1]] = MAXINT
+            F[stack[-1]] = F[x]
+            element = stack.pop()
+
+class LALRError(YaccError):
+    pass
+
+# -----------------------------------------------------------------------------
+#                             == LRGeneratedTable ==
+#
+# This class implements the LR table generation algorithm.  There are no
+# public methods except for write()
+# -----------------------------------------------------------------------------
+
+class LRGeneratedTable(LRTable):
+    def __init__(self, grammar, method='LALR', log=None):
+        if method not in ['SLR', 'LALR']:
+            raise LALRError('Unsupported method %s' % method)
+
+        self.grammar = grammar
+        self.lr_method = method
+
+        # Set up the logger
+        if not log:
+            log = NullLogger()
+        self.log = log
+
+        # Internal attributes
+        self.lr_action     = {}        # Action table
+        self.lr_goto       = {}        # Goto table
+        self.lr_productions  = grammar.Productions    # Copy of grammar Production array
+        self.lr_goto_cache = {}        # Cache of computed gotos
+        self.lr0_cidhash   = {}        # Cache of closures
+
+        self._add_count    = 0         # Internal counter used to detect cycles
+
+        # Diagonistic information filled in by the table generator
+        self.sr_conflict   = 0
+        self.rr_conflict   = 0
+        self.conflicts     = []        # List of conflicts
+
+        self.sr_conflicts  = []
+        self.rr_conflicts  = []
+
+        # Build the tables
+        self.grammar.build_lritems()
+        self.grammar.compute_first()
+        self.grammar.compute_follow()
+        self.lr_parse_table()
+
+    # Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+
+    def lr0_closure(self, I):
+        self._add_count += 1
+
+        # Add everything in I to J
+        J = I[:]
+        didadd = True
+        while didadd:
+            didadd = False
+            for j in J:
+                for x in j.lr_after:
+                    if getattr(x, 'lr0_added', 0) == self._add_count:
+                        continue
+                    # Add B --> .G to J
+                    J.append(x.lr_next)
+                    x.lr0_added = self._add_count
+                    didadd = True
+
+        return J
+
+    # Compute the LR(0) goto function goto(I,X) where I is a set
+    # of LR(0) items and X is a grammar symbol.   This function is written
+    # in a way that guarantees uniqueness of the generated goto sets
+    # (i.e. the same goto set will never be returned as two different Python
+    # objects).  With uniqueness, we can later do fast set comparisons using
+    # id(obj) instead of element-wise comparison.
+
+    def lr0_goto(self, I, x):
+        # First we look for a previously cached entry
+        g = self.lr_goto_cache.get((id(I), x))
+        if g:
+            return g
+
+        # Now we generate the goto set in a way that guarantees uniqueness
+        # of the result
+
+        s = self.lr_goto_cache.get(x)
+        if not s:
+            s = {}
+            self.lr_goto_cache[x] = s
+
+        gs = []
+        for p in I:
+            n = p.lr_next
+            if n and n.lr_before == x:
+                s1 = s.get(id(n))
+                if not s1:
+                    s1 = {}
+                    s[id(n)] = s1
+                gs.append(n)
+                s = s1
+        g = s.get('$end')
+        if not g:
+            if gs:
+                g = self.lr0_closure(gs)
+                s['$end'] = g
+            else:
+                s['$end'] = gs
+        self.lr_goto_cache[(id(I), x)] = g
+        return g
+
+    # Compute the LR(0) sets of item function
+    def lr0_items(self):
+        C = [self.lr0_closure([self.grammar.Productions[0].lr_next])]
+        i = 0
+        for I in C:
+            self.lr0_cidhash[id(I)] = i
+            i += 1
+
+        # Loop over the items in C and each grammar symbols
+        i = 0
+        while i < len(C):
+            I = C[i]
+            i += 1
+
+            # Collect all of the symbols that could possibly be in the goto(I,X) sets
+            asyms = {}
+            for ii in I:
+                for s in ii.usyms:
+                    asyms[s] = None
+
+            for x in asyms:
+                g = self.lr0_goto(I, x)
+                if not g or id(g) in self.lr0_cidhash:
+                    continue
+                self.lr0_cidhash[id(g)] = len(C)
+                C.append(g)
+
+        return C
+
+    # -----------------------------------------------------------------------------
+    #                       ==== LALR(1) Parsing ====
+    #
+    # LALR(1) parsing is almost exactly the same as SLR except that instead of
+    # relying upon Follow() sets when performing reductions, a more selective
+    # lookahead set that incorporates the state of the LR(0) machine is utilized.
+    # Thus, we mainly just have to focus on calculating the lookahead sets.
+    #
+    # The method used here is due to DeRemer and Pennelo (1982).
+    #
+    # DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+    #     Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+    #     Vol. 4, No. 4, Oct. 1982, pp. 615-649
+    #
+    # Further details can also be found in:
+    #
+    #  J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+    #      McGraw-Hill Book Company, (1985).
+    #
+    # -----------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------
+    # compute_nullable_nonterminals()
+    #
+    # Creates a dictionary containing all of the non-terminals that might produce
+    # an empty production.
+    # -----------------------------------------------------------------------------
+
+    def compute_nullable_nonterminals(self):
+        nullable = set()
+        num_nullable = 0
+        while True:
+            for p in self.grammar.Productions[1:]:
+                if p.len == 0:
+                    nullable.add(p.name)
+                    continue
+                for t in p.prod:
+                    if t not in nullable:
+                        break
+                else:
+                    nullable.add(p.name)
+            if len(nullable) == num_nullable:
+                break
+            num_nullable = len(nullable)
+        return nullable
+
+    # -----------------------------------------------------------------------------
+    # find_nonterminal_trans(C)
+    #
+    # Given a set of LR(0) items, this functions finds all of the non-terminal
+    # transitions.    These are transitions in which a dot appears immediately before
+    # a non-terminal.   Returns a list of tuples of the form (state,N) where state
+    # is the state number and N is the nonterminal symbol.
+    #
+    # The input C is the set of LR(0) items.
+    # -----------------------------------------------------------------------------
+
+    def find_nonterminal_transitions(self, C):
+        trans = []
+        for stateno, state in enumerate(C):
+            for p in state:
+                if p.lr_index < p.len - 1:
+                    t = (stateno, p.prod[p.lr_index+1])
+                    if t[1] in self.grammar.Nonterminals:
+                        if t not in trans:
+                            trans.append(t)
+        return trans
+
+    # -----------------------------------------------------------------------------
+    # dr_relation()
+    #
+    # Computes the DR(p,A) relationships for non-terminal transitions.  The input
+    # is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+    #
+    # Returns a list of terminals.
+    # -----------------------------------------------------------------------------
+
+    def dr_relation(self, C, trans, nullable):
+        state, N = trans
+        terms = []
+
+        g = self.lr0_goto(C[state], N)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index+1]
+                if a in self.grammar.Terminals:
+                    if a not in terms:
+                        terms.append(a)
+
+        # This extra bit is to handle the start state
+        if state == 0 and N == self.grammar.Productions[0].prod[0]:
+            terms.append('$end')
+
+        return terms
+
+    # -----------------------------------------------------------------------------
+    # reads_relation()
+    #
+    # Computes the READS() relation (p,A) READS (t,C).
+    # -----------------------------------------------------------------------------
+
+    def reads_relation(self, C, trans, empty):
+        # Look for empty transitions
+        rel = []
+        state, N = trans
+
+        g = self.lr0_goto(C[state], N)
+        j = self.lr0_cidhash.get(id(g), -1)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index + 1]
+                if a in empty:
+                    rel.append((j, a))
+
+        return rel
+
+    # -----------------------------------------------------------------------------
+    # compute_lookback_includes()
+    #
+    # Determines the lookback and includes relations
+    #
+    # LOOKBACK:
+    #
+    # This relation is determined by running the LR(0) state machine forward.
+    # For example, starting with a production "N : . A B C", we run it forward
+    # to obtain "N : A B C ."   We then build a relationship between this final
+    # state and the starting state.   These relationships are stored in a dictionary
+    # lookdict.
+    #
+    # INCLUDES:
+    #
+    # Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+    #
+    # This relation is used to determine non-terminal transitions that occur
+    # inside of other non-terminal transition states.   (p,A) INCLUDES (p', B)
+    # if the following holds:
+    #
+    #       B -> LAT, where T -> epsilon and p' -L-> p
+    #
+    # L is essentially a prefix (which may be empty), T is a suffix that must be
+    # able to derive an empty string.  State p' must lead to state p with the string L.
+    #
+    # -----------------------------------------------------------------------------
+
+    def compute_lookback_includes(self, C, trans, nullable):
+        lookdict = {}          # Dictionary of lookback relations
+        includedict = {}       # Dictionary of include relations
+
+        # Make a dictionary of non-terminal transitions
+        dtrans = {}
+        for t in trans:
+            dtrans[t] = 1
+
+        # Loop over all transitions and compute lookbacks and includes
+        for state, N in trans:
+            lookb = []
+            includes = []
+            for p in C[state]:
+                if p.name != N:
+                    continue
+
+                # Okay, we have a name match.  We now follow the production all the way
+                # through the state machine until we get the . on the right hand side
+
+                lr_index = p.lr_index
+                j = state
+                while lr_index < p.len - 1:
+                    lr_index = lr_index + 1
+                    t = p.prod[lr_index]
+
+                    # Check to see if this symbol and state are a non-terminal transition
+                    if (j, t) in dtrans:
+                        # Yes.  Okay, there is some chance that this is an includes relation
+                        # the only way to know for certain is whether the rest of the
+                        # production derives empty
+
+                        li = lr_index + 1
+                        while li < p.len:
+                            if p.prod[li] in self.grammar.Terminals:
+                                break      # No forget it
+                            if p.prod[li] not in nullable:
+                                break
+                            li = li + 1
+                        else:
+                            # Appears to be a relation between (j,t) and (state,N)
+                            includes.append((j, t))
+
+                    g = self.lr0_goto(C[j], t)               # Go to next set
+                    j = self.lr0_cidhash.get(id(g), -1)      # Go to next state
+
+                # When we get here, j is the final state, now we have to locate the production
+                for r in C[j]:
+                    if r.name != p.name:
+                        continue
+                    if r.len != p.len:
+                        continue
+                    i = 0
+                    # This look is comparing a production ". A B C" with "A B C ."
+                    while i < r.lr_index:
+                        if r.prod[i] != p.prod[i+1]:
+                            break
+                        i = i + 1
+                    else:
+                        lookb.append((j, r))
+            for i in includes:
+                if i not in includedict:
+                    includedict[i] = []
+                includedict[i].append((state, N))
+            lookdict[(state, N)] = lookb
+
+        return lookdict, includedict
+
+    # -----------------------------------------------------------------------------
+    # compute_read_sets()
+    #
+    # Given a set of LR(0) items, this function computes the read sets.
+    #
+    # Inputs:  C        =  Set of LR(0) items
+    #          ntrans   = Set of nonterminal transitions
+    #          nullable = Set of empty transitions
+    #
+    # Returns a set containing the read sets
+    # -----------------------------------------------------------------------------
+
+    def compute_read_sets(self, C, ntrans, nullable):
+        FP = lambda x: self.dr_relation(C, x, nullable)
+        R =  lambda x: self.reads_relation(C, x, nullable)
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # compute_follow_sets()
+    #
+    # Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+    # and an include set, this function computes the follow sets
+    #
+    # Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+    #
+    # Inputs:
+    #            ntrans     = Set of nonterminal transitions
+    #            readsets   = Readset (previously computed)
+    #            inclsets   = Include sets (previously computed)
+    #
+    # Returns a set containing the follow sets
+    # -----------------------------------------------------------------------------
+
+    def compute_follow_sets(self, ntrans, readsets, inclsets):
+        FP = lambda x: readsets[x]
+        R  = lambda x: inclsets.get(x, [])
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # add_lookaheads()
+    #
+    # Attaches the lookahead symbols to grammar rules.
+    #
+    # Inputs:    lookbacks         -  Set of lookback relations
+    #            followset         -  Computed follow set
+    #
+    # This function directly attaches the lookaheads to productions contained
+    # in the lookbacks set
+    # -----------------------------------------------------------------------------
+
+    def add_lookaheads(self, lookbacks, followset):
+        for trans, lb in lookbacks.items():
+            # Loop over productions in lookback
+            for state, p in lb:
+                if state not in p.lookaheads:
+                    p.lookaheads[state] = []
+                f = followset.get(trans, [])
+                for a in f:
+                    if a not in p.lookaheads[state]:
+                        p.lookaheads[state].append(a)
+
+    # -----------------------------------------------------------------------------
+    # add_lalr_lookaheads()
+    #
+    # This function does all of the work of adding lookahead information for use
+    # with LALR parsing
+    # -----------------------------------------------------------------------------
+
+    def add_lalr_lookaheads(self, C):
+        # Determine all of the nullable nonterminals
+        nullable = self.compute_nullable_nonterminals()
+
+        # Find all non-terminal transitions
+        trans = self.find_nonterminal_transitions(C)
+
+        # Compute read sets
+        readsets = self.compute_read_sets(C, trans, nullable)
+
+        # Compute lookback/includes relations
+        lookd, included = self.compute_lookback_includes(C, trans, nullable)
+
+        # Compute LALR FOLLOW sets
+        followsets = self.compute_follow_sets(trans, readsets, included)
+
+        # Add all of the lookaheads
+        self.add_lookaheads(lookd, followsets)
+
+    # -----------------------------------------------------------------------------
+    # lr_parse_table()
+    #
+    # This function constructs the parse tables for SLR or LALR
+    # -----------------------------------------------------------------------------
+    def lr_parse_table(self):
+        Productions = self.grammar.Productions
+        Precedence  = self.grammar.Precedence
+        goto   = self.lr_goto         # Goto array
+        action = self.lr_action       # Action array
+        log    = self.log             # Logger for output
+
+        actionp = {}                  # Action production array (temporary)
+
+        log.info('Parsing method: %s', self.lr_method)
+
+        # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+        # This determines the number of states
+
+        C = self.lr0_items()
+
+        if self.lr_method == 'LALR':
+            self.add_lalr_lookaheads(C)
+
+        # Build the parser table, state by state
+        st = 0
+        for I in C:
+            # Loop over each production in I
+            actlist = []              # List of actions
+            st_action  = {}
+            st_actionp = {}
+            st_goto    = {}
+            log.info('')
+            log.info('state %d', st)
+            log.info('')
+            for p in I:
+                log.info('    (%d) %s', p.number, p)
+            log.info('')
+
+            for p in I:
+                    if p.len == p.lr_index + 1:
+                        if p.name == "S'":
+                            # Start symbol. Accept!
+                            st_action['$end'] = 0
+                            st_actionp['$end'] = p
+                        else:
+                            # We are at the end of a production.  Reduce!
+                            if self.lr_method == 'LALR':
+                                laheads = p.lookaheads[st]
+                            else:
+                                laheads = self.grammar.Follow[p.name]
+                            for a in laheads:
+                                actlist.append((a, p, 'reduce using rule %d (%s)' % (p.number, p)))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa. Have a shift/reduce or reduce/reduce conflict
+                                    if r > 0:
+                                        # Need to decide on shift or reduce here
+                                        # By default we favor shifting. Need to add
+                                        # some precedence rules here.
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from rule being reduced (p)
+                                        rprec, rlevel = Productions[p.number].prec
+
+                                        if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+                                            # We really need to reduce here.
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+                                            Productions[p.number].reduced += 1
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the shift
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                    elif r < 0:
+                                        # Reduce/reduce conflict.   In this case, we favor the rule
+                                        # that was defined first in the grammar file
+                                        oldp = Productions[-r]
+                                        pp = Productions[p.number]
+                                        if oldp.line > pp.line:
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            chosenp, rejectp = pp, oldp
+                                            Productions[p.number].reduced += 1
+                                            Productions[oldp.number].reduced -= 1
+                                        else:
+                                            chosenp, rejectp = oldp, pp
+                                        self.rr_conflicts.append((st, chosenp, rejectp))
+                                        log.info('  ! reduce/reduce conflict for %s resolved using rule %d (%s)',
+                                                 a, st_actionp[a].number, st_actionp[a])
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = -p.number
+                                    st_actionp[a] = p
+                                    Productions[p.number].reduced += 1
+                    else:
+                        i = p.lr_index
+                        a = p.prod[i+1]       # Get symbol right after the "."
+                        if a in self.grammar.Terminals:
+                            g = self.lr0_goto(I, a)
+                            j = self.lr0_cidhash.get(id(g), -1)
+                            if j >= 0:
+                                # We are in a shift state
+                                actlist.append((a, p, 'shift and go to state %d' % j))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa have a shift/reduce or shift/shift conflict
+                                    if r > 0:
+                                        if r != j:
+                                            raise LALRError('Shift/shift conflict in state %d' % st)
+                                    elif r < 0:
+                                        # Do a precedence check.
+                                        #   -  if precedence of reduce rule is higher, we reduce.
+                                        #   -  if precedence of reduce is same and left assoc, we reduce.
+                                        #   -  otherwise we shift
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from the rule that could have been reduced
+                                        rprec, rlevel = Productions[st_actionp[a].number].prec
+
+                                        if (slevel > rlevel) or ((slevel == rlevel) and (rprec == 'right')):
+                                            # We decide to shift here... highest precedence to shift
+                                            Productions[st_actionp[a].number].reduced -= 1
+                                            st_action[a] = j
+                                            st_actionp[a] = p
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the reduce
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = j
+                                    st_actionp[a] = p
+
+            # Print the actions associated with each terminal
+            _actprint = {}
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is st_actionp[a]:
+                        log.info('    %-15s %s', a, m)
+                        _actprint[(a, m)] = 1
+            log.info('')
+            # Print the actions that were not used. (debugging)
+            not_used = 0
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is not st_actionp[a]:
+                        if not (a, m) in _actprint:
+                            log.debug('  ! %-15s [ %s ]', a, m)
+                            not_used = 1
+                            _actprint[(a, m)] = 1
+            if not_used:
+                log.debug('')
+
+            # Construct the goto table for this state
+
+            nkeys = {}
+            for ii in I:
+                for s in ii.usyms:
+                    if s in self.grammar.Nonterminals:
+                        nkeys[s] = None
+            for n in nkeys:
+                g = self.lr0_goto(I, n)
+                j = self.lr0_cidhash.get(id(g), -1)
+                if j >= 0:
+                    st_goto[n] = j
+                    log.info('    %-30s shift and go to state %d', n, j)
+
+            action[st] = st_action
+            actionp[st] = st_actionp
+            goto[st] = st_goto
+            st += 1
+
+    # -----------------------------------------------------------------------------
+    # write()
+    #
+    # This function writes the LR parsing tables to a file
+    # -----------------------------------------------------------------------------
+
+    def write_table(self, tabmodule, outputdir='', signature=''):
+        if isinstance(tabmodule, types.ModuleType):
+            raise IOError("Won't overwrite existing tabmodule")
+
+        basemodulename = tabmodule.split('.')[-1]
+        filename = os.path.join(outputdir, basemodulename) + '.py'
+        try:
+            f = open(filename, 'w')
+
+            f.write('''
+# %s
+# This file is automatically generated. Do not edit.
+# pylint: disable=W,C,R
+_tabversion = %r
+
+_lr_method = %r
+
+_lr_signature = %r
+    ''' % (os.path.basename(filename), __tabversion__, self.lr_method, signature))
+
+            # Change smaller to 0 to go back to original tables
+            smaller = 1
+
+            # Factor out names to try and make smaller
+            if smaller:
+                items = {}
+
+                for s, nd in self.lr_action.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_action_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_action = {}
+for _k, _v in _lr_action_items.items():
+   for _x,_y in zip(_v[0],_v[1]):
+      if not _x in _lr_action:  _lr_action[_x] = {}
+      _lr_action[_x][_k] = _y
+del _lr_action_items
+''')
+
+            else:
+                f.write('\n_lr_action = { ')
+                for k, v in self.lr_action.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            if smaller:
+                # Factor out names to try and make smaller
+                items = {}
+
+                for s, nd in self.lr_goto.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_goto_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_goto = {}
+for _k, _v in _lr_goto_items.items():
+   for _x, _y in zip(_v[0], _v[1]):
+       if not _x in _lr_goto: _lr_goto[_x] = {}
+       _lr_goto[_x][_k] = _y
+del _lr_goto_items
+''')
+            else:
+                f.write('\n_lr_goto = { ')
+                for k, v in self.lr_goto.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            # Write production table
+            f.write('_lr_productions = [\n')
+            for p in self.lr_productions:
+                if p.func:
+                    f.write('  (%r,%r,%d,%r,%r,%d),\n' % (p.str, p.name, p.len,
+                                                          p.func, os.path.basename(p.file), p.line))
+                else:
+                    f.write('  (%r,%r,%d,None,None,None),\n' % (str(p), p.name, p.len))
+            f.write(']\n')
+            f.close()
+
+        except IOError as e:
+            raise
+
+
+    # -----------------------------------------------------------------------------
+    # pickle_table()
+    #
+    # This function pickles the LR parsing tables to a supplied file object
+    # -----------------------------------------------------------------------------
+
+    def pickle_table(self, filename, signature=''):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+        with open(filename, 'wb') as outf:
+            pickle.dump(__tabversion__, outf, pickle_protocol)
+            pickle.dump(self.lr_method, outf, pickle_protocol)
+            pickle.dump(signature, outf, pickle_protocol)
+            pickle.dump(self.lr_action, outf, pickle_protocol)
+            pickle.dump(self.lr_goto, outf, pickle_protocol)
+
+            outp = []
+            for p in self.lr_productions:
+                if p.func:
+                    outp.append((p.str, p.name, p.len, p.func, os.path.basename(p.file), p.line))
+                else:
+                    outp.append((str(p), p.name, p.len, None, None, None))
+            pickle.dump(outp, outf, pickle_protocol)
+
+# -----------------------------------------------------------------------------
+#                            === INTROSPECTION ===
+#
+# The following functions and classes are used to implement the PLY
+# introspection features followed by the yacc() function itself.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# parse_grammar()
+#
+# This takes a raw grammar rule string and parses it into production data
+# -----------------------------------------------------------------------------
+def parse_grammar(doc, file, line):
+    grammar = []
+    # Split the doc string into lines
+    pstrings = doc.splitlines()
+    lastp = None
+    dline = line
+    for ps in pstrings:
+        dline += 1
+        p = ps.split()
+        if not p:
+            continue
+        try:
+            if p[0] == '|':
+                # This is a continuation of a previous rule
+                if not lastp:
+                    raise SyntaxError("%s:%d: Misplaced '|'" % (file, dline))
+                prodname = lastp
+                syms = p[1:]
+            else:
+                prodname = p[0]
+                lastp = prodname
+                syms   = p[2:]
+                assign = p[1]
+                if assign != ':' and assign != '::=':
+                    raise SyntaxError("%s:%d: Syntax error. Expected ':'" % (file, dline))
+
+            grammar.append((file, dline, prodname, syms))
+        except SyntaxError:
+            raise
+        except Exception:
+            raise SyntaxError('%s:%d: Syntax error in rule %r' % (file, dline, ps.strip()))
+
+    return grammar
+
+# -----------------------------------------------------------------------------
+# ParserReflect()
+#
+# This class represents information extracted for building a parser including
+# start symbol, error function, tokens, precedence list, action functions,
+# etc.
+# -----------------------------------------------------------------------------
+class ParserReflect(object):
+    def __init__(self, pdict, log=None):
+        self.pdict      = pdict
+        self.start      = None
+        self.error_func = None
+        self.tokens     = None
+        self.modules    = set()
+        self.grammar    = []
+        self.error      = False
+
+        if log is None:
+            self.log = PlyLogger(sys.stderr)
+        else:
+            self.log = log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_start()
+        self.get_error_func()
+        self.get_tokens()
+        self.get_precedence()
+        self.get_pfunctions()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_start()
+        self.validate_error_func()
+        self.validate_tokens()
+        self.validate_precedence()
+        self.validate_pfunctions()
+        self.validate_modules()
+        return self.error
+
+    # Compute a signature over the grammar
+    def signature(self):
+        parts = []
+        try:
+            if self.start:
+                parts.append(self.start)
+            if self.prec:
+                parts.append(''.join([''.join(p) for p in self.prec]))
+            if self.tokens:
+                parts.append(' '.join(self.tokens))
+            for f in self.pfuncs:
+                if f[3]:
+                    parts.append(f[3])
+        except (TypeError, ValueError):
+            pass
+        return ''.join(parts)
+
+    # -----------------------------------------------------------------------------
+    # validate_modules()
+    #
+    # This method checks to see if there are duplicated p_rulename() functions
+    # in the parser module file.  Without this function, it is really easy for
+    # users to make mistakes by cutting and pasting code fragments (and it's a real
+    # bugger to try and figure out why the resulting parser doesn't work).  Therefore,
+    # we just do a little regular expression pattern matching of def statements
+    # to try and detect duplicates.
+    # -----------------------------------------------------------------------------
+
+    def validate_modules(self):
+        # Match def p_funcname(
+        fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+
+        for module in self.modules:
+            try:
+                lines, linen = inspect.getsourcelines(module)
+            except IOError:
+                continue
+
+            counthash = {}
+            for linen, line in enumerate(lines):
+                linen += 1
+                m = fre.match(line)
+                if m:
+                    name = m.group(1)
+                    prev = counthash.get(name)
+                    if not prev:
+                        counthash[name] = linen
+                    else:
+                        filename = inspect.getsourcefile(module)
+                        self.log.warning('%s:%d: Function %s redefined. Previously defined on line %d',
+                                         filename, linen, name, prev)
+
+    # Get the start symbol
+    def get_start(self):
+        self.start = self.pdict.get('start')
+
+    # Validate the start symbol
+    def validate_start(self):
+        if self.start is not None:
+            if not isinstance(self.start, string_types):
+                self.log.error("'start' must be a string")
+
+    # Look for error handler
+    def get_error_func(self):
+        self.error_func = self.pdict.get('p_error')
+
+    # Validate the error function
+    def validate_error_func(self):
+        if self.error_func:
+            if isinstance(self.error_func, types.FunctionType):
+                ismethod = 0
+            elif isinstance(self.error_func, types.MethodType):
+                ismethod = 1
+            else:
+                self.log.error("'p_error' defined, but is not a function or method")
+                self.error = True
+                return
+
+            eline = self.error_func.__code__.co_firstlineno
+            efile = self.error_func.__code__.co_filename
+            module = inspect.getmodule(self.error_func)
+            self.modules.add(module)
+
+            argcount = self.error_func.__code__.co_argcount - ismethod
+            if argcount != 1:
+                self.log.error('%s:%d: p_error() requires 1 argument', efile, eline)
+                self.error = True
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.pdict.get('tokens')
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = sorted(tokens)
+
+    # Validate the tokens
+    def validate_tokens(self):
+        # Validate the tokens.
+        if 'error' in self.tokens:
+            self.log.error("Illegal token name 'error'. Is a reserved word")
+            self.error = True
+            return
+
+        terminals = set()
+        for n in self.tokens:
+            if n in terminals:
+                self.log.warning('Token %r multiply defined', n)
+            terminals.add(n)
+
+    # Get the precedence map (if any)
+    def get_precedence(self):
+        self.prec = self.pdict.get('precedence')
+
+    # Validate and parse the precedence map
+    def validate_precedence(self):
+        preclist = []
+        if self.prec:
+            if not isinstance(self.prec, (list, tuple)):
+                self.log.error('precedence must be a list or tuple')
+                self.error = True
+                return
+            for level, p in enumerate(self.prec):
+                if not isinstance(p, (list, tuple)):
+                    self.log.error('Bad precedence table')
+                    self.error = True
+                    return
+
+                if len(p) < 2:
+                    self.log.error('Malformed precedence entry %s. Must be (assoc, term, ..., term)', p)
+                    self.error = True
+                    return
+                assoc = p[0]
+                if not isinstance(assoc, string_types):
+                    self.log.error('precedence associativity must be a string')
+                    self.error = True
+                    return
+                for term in p[1:]:
+                    if not isinstance(term, string_types):
+                        self.log.error('precedence items must be strings')
+                        self.error = True
+                        return
+                    preclist.append((term, assoc, level+1))
+        self.preclist = preclist
+
+    # Get all p_functions from the grammar
+    def get_pfunctions(self):
+        p_functions = []
+        for name, item in self.pdict.items():
+            if not name.startswith('p_') or name == 'p_error':
+                continue
+            if isinstance(item, (types.FunctionType, types.MethodType)):
+                line = getattr(item, 'co_firstlineno', item.__code__.co_firstlineno)
+                module = inspect.getmodule(item)
+                p_functions.append((line, module, name, item.__doc__))
+
+        # Sort all of the actions by line number; make sure to stringify
+        # modules to make them sortable, since `line` may not uniquely sort all
+        # p functions
+        p_functions.sort(key=lambda p_function: (
+            p_function[0],
+            str(p_function[1]),
+            p_function[2],
+            p_function[3]))
+        self.pfuncs = p_functions
+
+    # Validate all of the p_functions
+    def validate_pfunctions(self):
+        grammar = []
+        # Check for non-empty symbols
+        if len(self.pfuncs) == 0:
+            self.log.error('no rules of the form p_rulename are defined')
+            self.error = True
+            return
+
+        for line, module, name, doc in self.pfuncs:
+            file = inspect.getsourcefile(module)
+            func = self.pdict[name]
+            if isinstance(func, types.MethodType):
+                reqargs = 2
+            else:
+                reqargs = 1
+            if func.__code__.co_argcount > reqargs:
+                self.log.error('%s:%d: Rule %r has too many arguments', file, line, func.__name__)
+                self.error = True
+            elif func.__code__.co_argcount < reqargs:
+                self.log.error('%s:%d: Rule %r requires an argument', file, line, func.__name__)
+                self.error = True
+            elif not func.__doc__:
+                self.log.warning('%s:%d: No documentation string specified in function %r (ignored)',
+                                 file, line, func.__name__)
+            else:
+                try:
+                    parsed_g = parse_grammar(doc, file, line)
+                    for g in parsed_g:
+                        grammar.append((name, g))
+                except SyntaxError as e:
+                    self.log.error(str(e))
+                    self.error = True
+
+                # Looks like a valid grammar rule
+                # Mark the file in which defined.
+                self.modules.add(module)
+
+        # Secondary validation step that looks for p_ definitions that are not functions
+        # or functions that look like they might be grammar rules.
+
+        for n, v in self.pdict.items():
+            if n.startswith('p_') and isinstance(v, (types.FunctionType, types.MethodType)):
+                continue
+            if n.startswith('t_'):
+                continue
+            if n.startswith('p_') and n != 'p_error':
+                self.log.warning('%r not defined as a function', n)
+            if ((isinstance(v, types.FunctionType) and v.__code__.co_argcount == 1) or
+                   (isinstance(v, types.MethodType) and v.__func__.__code__.co_argcount == 2)):
+                if v.__doc__:
+                    try:
+                        doc = v.__doc__.split(' ')
+                        if doc[1] == ':':
+                            self.log.warning('%s:%d: Possible grammar rule %r defined without p_ prefix',
+                                             v.__code__.co_filename, v.__code__.co_firstlineno, n)
+                    except IndexError:
+                        pass
+
+        self.grammar = grammar
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build a parser
+# -----------------------------------------------------------------------------
+
+def yacc(method='LALR', debug=yaccdebug, module=None, tabmodule=tab_module, start=None,
+         check_recursion=True, optimize=False, write_tables=True, debugfile=debug_file,
+         outputdir=None, debuglog=None, errorlog=None, picklefile=None):
+
+    if tabmodule is None:
+        tabmodule = tab_module
+
+    # Reference to the parsing method of the last built parser
+    global parse
+
+    # If pickling is enabled, table files are not created
+    if picklefile:
+        write_tables = 0
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        pdict = dict(_items)
+        # If no __file__ or __package__ attributes are available, try to obtain them
+        # from the __module__ instead
+        if '__file__' not in pdict:
+            pdict['__file__'] = sys.modules[pdict['__module__']].__file__
+        if '__package__' not in pdict and '__module__' in pdict:
+            if hasattr(sys.modules[pdict['__module__']], '__package__'):
+                pdict['__package__'] = sys.modules[pdict['__module__']].__package__
+    else:
+        pdict = get_caller_module_dict(2)
+
+    if outputdir is None:
+        # If no output directory is set, the location of the output files
+        # is determined according to the following rules:
+        #     - If tabmodule specifies a package, files go into that package directory
+        #     - Otherwise, files go in the same directory as the specifying module
+        if isinstance(tabmodule, types.ModuleType):
+            srcfile = tabmodule.__file__
+        else:
+            if '.' not in tabmodule:
+                srcfile = pdict['__file__']
+            else:
+                parts = tabmodule.split('.')
+                pkgname = '.'.join(parts[:-1])
+                exec('import %s' % pkgname)
+                srcfile = getattr(sys.modules[pkgname], '__file__', '')
+        outputdir = os.path.dirname(srcfile)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = pdict.get('__package__')
+    if pkg and isinstance(tabmodule, str):
+        if '.' not in tabmodule:
+            tabmodule = pkg + '.' + tabmodule
+
+
+
+    # Set start symbol if it's specified directly using an argument
+    if start is not None:
+        pdict['start'] = start
+
+    # Collect parser information from the dictionary
+    pinfo = ParserReflect(pdict, log=errorlog)
+    pinfo.get_all()
+
+    if pinfo.error:
+        raise YaccError('Unable to build parser')
+
+    # Check signature against table files (if any)
+    signature = pinfo.signature()
+
+    # Read the tables
+    try:
+        lr = LRTable()
+        if picklefile:
+            read_signature = lr.read_pickle(picklefile)
+        else:
+            read_signature = lr.read_table(tabmodule)
+        if optimize or (read_signature == signature):
+            try:
+                lr.bind_callables(pinfo.pdict)
+                parser = LRParser(lr, pinfo.error_func)
+                parse = parser.parse
+                return parser
+            except Exception as e:
+                errorlog.warning('There was a problem loading the table file: %r', e)
+    except VersionError as e:
+        errorlog.warning(str(e))
+    except ImportError:
+        pass
+
+    if debuglog is None:
+        if debug:
+            try:
+                debuglog = PlyLogger(open(os.path.join(outputdir, debugfile), 'w'))
+            except IOError as e:
+                errorlog.warning("Couldn't open %r. %s" % (debugfile, e))
+                debuglog = NullLogger()
+        else:
+            debuglog = NullLogger()
+
+    debuglog.info('Created by PLY version %s (http://www.dabeaz.com/ply)', __version__)
+
+    errors = False
+
+    # Validate the parser information
+    if pinfo.validate_all():
+        raise YaccError('Unable to build parser')
+
+    if not pinfo.error_func:
+        errorlog.warning('no p_error() function is defined')
+
+    # Create a grammar object
+    grammar = Grammar(pinfo.tokens)
+
+    # Set precedence level for terminals
+    for term, assoc, level in pinfo.preclist:
+        try:
+            grammar.set_precedence(term, assoc, level)
+        except GrammarError as e:
+            errorlog.warning('%s', e)
+
+    # Add productions to the grammar
+    for funcname, gram in pinfo.grammar:
+        file, line, prodname, syms = gram
+        try:
+            grammar.add_production(prodname, syms, funcname, file, line)
+        except GrammarError as e:
+            errorlog.error('%s', e)
+            errors = True
+
+    # Set the grammar start symbols
+    try:
+        if start is None:
+            grammar.set_start(pinfo.start)
+        else:
+            grammar.set_start(start)
+    except GrammarError as e:
+        errorlog.error(str(e))
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Verify the grammar structure
+    undefined_symbols = grammar.undefined_symbols()
+    for sym, prod in undefined_symbols:
+        errorlog.error('%s:%d: Symbol %r used, but not defined as a token or a rule', prod.file, prod.line, sym)
+        errors = True
+
+    unused_terminals = grammar.unused_terminals()
+    if unused_terminals:
+        debuglog.info('')
+        debuglog.info('Unused terminals:')
+        debuglog.info('')
+        for term in unused_terminals:
+            errorlog.warning('Token %r defined, but not used', term)
+            debuglog.info('    %s', term)
+
+    # Print out all productions to the debug log
+    if debug:
+        debuglog.info('')
+        debuglog.info('Grammar')
+        debuglog.info('')
+        for n, p in enumerate(grammar.Productions):
+            debuglog.info('Rule %-5d %s', n, p)
+
+    # Find unused non-terminals
+    unused_rules = grammar.unused_rules()
+    for prod in unused_rules:
+        errorlog.warning('%s:%d: Rule %r defined, but not used', prod.file, prod.line, prod.name)
+
+    if len(unused_terminals) == 1:
+        errorlog.warning('There is 1 unused token')
+    if len(unused_terminals) > 1:
+        errorlog.warning('There are %d unused tokens', len(unused_terminals))
+
+    if len(unused_rules) == 1:
+        errorlog.warning('There is 1 unused rule')
+    if len(unused_rules) > 1:
+        errorlog.warning('There are %d unused rules', len(unused_rules))
+
+    if debug:
+        debuglog.info('')
+        debuglog.info('Terminals, with rules where they appear')
+        debuglog.info('')
+        terms = list(grammar.Terminals)
+        terms.sort()
+        for term in terms:
+            debuglog.info('%-20s : %s', term, ' '.join([str(s) for s in grammar.Terminals[term]]))
+
+        debuglog.info('')
+        debuglog.info('Nonterminals, with rules where they appear')
+        debuglog.info('')
+        nonterms = list(grammar.Nonterminals)
+        nonterms.sort()
+        for nonterm in nonterms:
+            debuglog.info('%-20s : %s', nonterm, ' '.join([str(s) for s in grammar.Nonterminals[nonterm]]))
+        debuglog.info('')
+
+    if check_recursion:
+        unreachable = grammar.find_unreachable()
+        for u in unreachable:
+            errorlog.warning('Symbol %r is unreachable', u)
+
+        infinite = grammar.infinite_cycles()
+        for inf in infinite:
+            errorlog.error('Infinite recursion detected for symbol %r', inf)
+            errors = True
+
+    unused_prec = grammar.unused_precedence()
+    for term, assoc in unused_prec:
+        errorlog.error('Precedence rule %r defined for unknown symbol %r', assoc, term)
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Run the LRGeneratedTable on the grammar
+    if debug:
+        errorlog.debug('Generating %s tables', method)
+
+    lr = LRGeneratedTable(grammar, method, debuglog)
+
+    if debug:
+        num_sr = len(lr.sr_conflicts)
+
+        # Report shift/reduce and reduce/reduce conflicts
+        if num_sr == 1:
+            errorlog.warning('1 shift/reduce conflict')
+        elif num_sr > 1:
+            errorlog.warning('%d shift/reduce conflicts', num_sr)
+
+        num_rr = len(lr.rr_conflicts)
+        if num_rr == 1:
+            errorlog.warning('1 reduce/reduce conflict')
+        elif num_rr > 1:
+            errorlog.warning('%d reduce/reduce conflicts', num_rr)
+
+    # Write out conflicts to the output file
+    if debug and (lr.sr_conflicts or lr.rr_conflicts):
+        debuglog.warning('')
+        debuglog.warning('Conflicts:')
+        debuglog.warning('')
+
+        for state, tok, resolution in lr.sr_conflicts:
+            debuglog.warning('shift/reduce conflict for %s in state %d resolved as %s',  tok, state, resolution)
+
+        already_reported = set()
+        for state, rule, rejected in lr.rr_conflicts:
+            if (state, id(rule), id(rejected)) in already_reported:
+                continue
+            debuglog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            debuglog.warning('rejected rule (%s) in state %d', rejected, state)
+            errorlog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            errorlog.warning('rejected rule (%s) in state %d', rejected, state)
+            already_reported.add((state, id(rule), id(rejected)))
+
+        warned_never = []
+        for state, rule, rejected in lr.rr_conflicts:
+            if not rejected.reduced and (rejected not in warned_never):
+                debuglog.warning('Rule (%s) is never reduced', rejected)
+                errorlog.warning('Rule (%s) is never reduced', rejected)
+                warned_never.append(rejected)
+
+    # Write the table file if requested
+    if write_tables:
+        try:
+            lr.write_table(tabmodule, outputdir, signature)
+            if tabmodule in sys.modules:
+                del sys.modules[tabmodule]
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (tabmodule, e))
+
+    # Write a pickled version of the tables
+    if picklefile:
+        try:
+            lr.pickle_table(picklefile, signature)
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (picklefile, e))
+
+    # Build the parser
+    lr.bind_callables(pinfo.pdict)
+    parser = LRParser(lr, pinfo.error_func)
+
+    parse = parser.parse
+    return parser
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/ply/ygen.py b/lib/go-jinja2/internal/data/darwin-amd64/ply/ygen.py
new file mode 100644
index 000000000..03b93180a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/ply/ygen.py
@@ -0,0 +1,69 @@
+# ply: ygen.py
+#
+# This is a support program that auto-generates different versions of the YACC parsing
+# function with different features removed for the purposes of performance.
+#
+# Users should edit the method LRParser.parsedebug() in yacc.py.   The source code
+# for that method is then used to create the other methods.   See the comments in
+# yacc.py for further details.
+
+import os.path
+import shutil
+
+def get_source_range(lines, tag):
+    srclines = enumerate(lines)
+    start_tag = '#--! %s-start' % tag
+    end_tag = '#--! %s-end' % tag
+
+    for start_index, line in srclines:
+        if line.strip().startswith(start_tag):
+            break
+
+    for end_index, line in srclines:
+        if line.strip().endswith(end_tag):
+            break
+
+    return (start_index + 1, end_index)
+
+def filter_section(lines, tag):
+    filtered_lines = []
+    include = True
+    tag_text = '#--! %s' % tag
+    for line in lines:
+        if line.strip().startswith(tag_text):
+            include = not include
+        elif include:
+            filtered_lines.append(line)
+    return filtered_lines
+
+def main():
+    dirname = os.path.dirname(__file__)
+    shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak'))
+    with open(os.path.join(dirname, 'yacc.py'), 'r') as f:
+        lines = f.readlines()
+
+    parse_start, parse_end = get_source_range(lines, 'parsedebug')
+    parseopt_start, parseopt_end = get_source_range(lines, 'parseopt')
+    parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack')
+
+    # Get the original source
+    orig_lines = lines[parse_start:parse_end]
+
+    # Filter the DEBUG sections out
+    parseopt_lines = filter_section(orig_lines, 'DEBUG')
+
+    # Filter the TRACKING sections out
+    parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING')
+
+    # Replace the parser source sections with updated versions
+    lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines
+    lines[parseopt_start:parseopt_end] = parseopt_lines
+
+    lines = [line.rstrip()+'\n' for line in lines]
+    with open(os.path.join(dirname, 'yacc.py'), 'w') as f:
+        f.writelines(lines)
+
+    print('Updated yacc.py')
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/LICENSE
new file mode 100644
index 000000000..82af695f5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Val Neekman @ Neekware Inc. http://neekware.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/METADATA
new file mode 100644
index 000000000..d02e1c298
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/METADATA
@@ -0,0 +1,246 @@
+Metadata-Version: 2.1
+Name: python-slugify
+Version: 8.0.4
+Summary: A Python slugify application that also handles Unicode
+Home-page: https://github.com/un33k/python-slugify
+Author: Val Neekman
+Author-email: info@neekware.com
+License: MIT
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: text-unidecode (>=1.3)
+Provides-Extra: unidecode
+Requires-Dist: Unidecode (>=1.1.1) ; extra == 'unidecode'
+
+# Python Slugify
+
+**A Python slugify application that handles unicode**.
+
+[![status-image]][status-link]
+[![version-image]][version-link]
+[![coverage-image]][coverage-link]
+
+# Overview
+
+**Best attempt** to create slugs from unicode strings while keeping it **DRY**.
+
+# Notice
+
+This module, by default installs and uses [text-unidecode](https://github.com/kmike/text-unidecode) _(GPL & Perl Artistic)_ for its decoding needs.
+
+However, there is an alternative decoding package called [Unidecode](https://github.com/avian2/unidecode) _(GPL)_. It can be installed as `python-slugify[unidecode]` for those who prefer it. `Unidecode` is believed to be more [advanced](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki#notes-on-unidecode).
+
+### `Official` Support Matrix
+
+| Python         | Slugify            |
+| -------------- | ------------------ |
+| `>= 2.7 < 3.6` | `< 5.0.0`          |
+| `>= 3.6 < 3.7` | `>= 5.0.0 < 7.0.0` |
+| `>= 3.7`       | `>= 7.0.0`         |
+
+# How to install
+
+    easy_install python-slugify |OR| easy_install python-slugify[unidecode]
+    -- OR --
+    pip install python-slugify |OR| pip install python-slugify[unidecode]
+
+# Options
+
+```python
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+  """
+  Make a slug from the given text.
+  :param text (str): initial text
+  :param entities (bool): converts html entities to unicode (foo &amp; bar -> foo-bar)
+  :param decimal (bool): converts html decimal to unicode (&#381; -> Ž -> z)
+  :param hexadecimal (bool): converts html hexadecimal to unicode (&#x17D; -> Ž -> z)
+  :param max_length (int): output string length
+  :param word_boundary (bool): truncates to end of full words (length may be shorter than max_length)
+  :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+  :param separator (str): separator between words
+  :param stopwords (iterable): words to discount
+  :param regex_pattern (str): regex pattern for disallowed characters
+  :param lowercase (bool): activate case sensitivity by setting it to False
+  :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+  :param allow_unicode (bool): allow unicode characters
+  :return (str): slugify text
+  """
+```
+
+# How to use
+
+```python
+from slugify import slugify
+
+txt = "This is a test ---"
+r = slugify(txt)
+self.assertEqual(r, "this-is-a-test")
+
+txt = '影師嗎'
+r = slugify(txt)
+self.assertEqual(r, "ying-shi-ma")
+
+txt = '影師嗎'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "影師嗎")
+
+txt = 'C\'est déjà l\'été.'
+r = slugify(txt)
+self.assertEqual(r, "c-est-deja-l-ete")
+
+txt = 'Nín hǎo. Wǒ shì zhōng guó rén'
+r = slugify(txt)
+self.assertEqual(r, "nin-hao-wo-shi-zhong-guo-ren")
+
+txt = 'Компьютер'
+r = slugify(txt)
+self.assertEqual(r, "kompiuter")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=9)
+self.assertEqual(r, "jaja-lol")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=15, word_boundary=True)
+self.assertEqual(r, "jaja-lol-a")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=20, word_boundary=True, separator=".")
+self.assertEqual(r, "jaja.lol.mememeoo.a")
+
+txt = 'one two three four five'
+r = slugify(txt, max_length=13, word_boundary=True, save_order=True)
+self.assertEqual(r, "one-two-three")
+
+txt = 'the quick brown fox jumps over the lazy dog'
+r = slugify(txt, stopwords=['the'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'the quick brown fox jumps over the lazy dog in a hurry'
+r = slugify(txt, stopwords=['the', 'in', 'a', 'hurry'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'thIs Has a stopword Stopword'
+r = slugify(txt, stopwords=['Stopword'], lowercase=False)
+self.assertEqual(r, 'thIs-Has-a-stopword')
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, regex_pattern=regex_pattern)
+self.assertEqual(r, "___this-is-a-test___")
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, separator='_', regex_pattern=regex_pattern)
+self.assertNotEqual(r, "_this_is_a_test_")
+
+txt = '10 | 20 %'
+r = slugify(txt, replacements=[['|', 'or'], ['%', 'percent']])
+self.assertEqual(r, "10-or-20-percent")
+
+txt = 'ÜBER Über German Umlaut'
+r = slugify(txt, replacements=[['Ü', 'UE'], ['ü', 'ue']])
+self.assertEqual(r, "ueber-ueber-german-umlaut")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "i-love")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True, regex_pattern=r'[^🦄]+')
+self.assertEqual(r, "🦄")
+
+```
+
+For more examples, have a look at the [test.py](test.py) file.
+
+# Command Line Options
+
+With the package, a command line tool called `slugify` is also installed.
+
+It allows convenient command line access to all the features the `slugify` function supports. Call it with `-h` for help.
+
+The command can take its input directly on the command line or from STDIN (when the `--stdin` flag is passed):
+
+```
+$ echo "Taking input from STDIN" | slugify --stdin
+taking-input-from-stdin
+```
+
+```
+$ slugify taking input from the command line
+taking-input-from-the-command-line
+```
+
+Please note that when a multi-valued option such as `--stopwords` or `--replacements` is passed, you need to use `--` as separator before you start with the input:
+
+```
+$ slugify --stopwords the in a hurry -- the quick brown fox jumps over the lazy dog in a hurry
+quick-brown-fox-jumps-over-lazy-dog
+```
+
+# Running the tests
+
+To run the tests against the current environment:
+
+    python test.py
+
+# Contribution
+
+Please read the ([wiki](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki)) page prior to raising any PRs.
+
+# License
+
+Released under a ([MIT](LICENSE)) license.
+
+### Notes on GPL dependencies
+Though the dependencies may be GPL licensed, `python-slugify` itself is not considered a derivative work and will remain under the MIT license.  
+If you wish to avoid installation of any GPL licensed packages, please note that the default dependency `text-unidecode` explicitly lets you choose to use the [Artistic License](https://opensource.org/license/artistic-perl-1-0-2/) instead. Use without concern.
+
+# Version
+
+X.Y.Z Version
+
+    `MAJOR` version -- when you make incompatible API changes,
+    `MINOR` version -- when you add functionality in a backwards-compatible manner, and
+    `PATCH` version -- when you make backwards-compatible bug fixes.
+
+[status-image]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml/badge.svg
+[status-link]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml
+[version-image]: https://img.shields.io/pypi/v/python-slugify.svg
+[version-link]: https://pypi.python.org/pypi/python-slugify
+[coverage-image]: https://coveralls.io/repos/un33k/python-slugify/badge.svg
+[coverage-link]: https://coveralls.io/r/un33k/python-slugify
+[download-image]: https://img.shields.io/pypi/dm/python-slugify.svg
+[download-link]: https://pypi.python.org/pypi/python-slugify
+
+# Sponsors
+
+[Neekware Inc.](http://neekware.com)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/RECORD
new file mode 100644
index 000000000..495523bc2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/RECORD
@@ -0,0 +1,20 @@
+../../bin/slugify,sha256=Vxn6D71_pqTplJzS2h6s2iv6uivIg4Y8dHeAjU4ypZw,239
+python_slugify-8.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+python_slugify-8.0.4.dist-info/LICENSE,sha256=MLpNxpqfTc4TLdcDk3x6k7Vz4lJGBNLV-SxQZlFMDU8,1103
+python_slugify-8.0.4.dist-info/METADATA,sha256=FI0O_4c5wefK7aGhDtE_gmVk35TFPWWsQRAv9qLC74I,8469
+python_slugify-8.0.4.dist-info/RECORD,,
+python_slugify-8.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+python_slugify-8.0.4.dist-info/WHEEL,sha256=k3vXr0c0OitO0k9eCWBlI2yTYnpb_n_I2SGzrrfY7HY,110
+python_slugify-8.0.4.dist-info/entry_points.txt,sha256=s_Bxn3Nd2lsHTQ4PFCQ2z3o3xMgzQTtPPx3UGsUnI9I,50
+python_slugify-8.0.4.dist-info/top_level.txt,sha256=D7zuR7zxISqlCxArlOOOuLsWObz1_3jgosq5XhlSpew,8
+slugify/__init__.py,sha256=Q-9bKCQv89uf3bJr_yHxMPhBWXN8YCzlxQwK_kdpefI,346
+slugify/__main__.py,sha256=1kv8A15Tg_3-lrwRSVuHoYuA8_ykvra3OhCA0xYo1cY,3961
+slugify/__pycache__/__init__.cpython-311.pyc,,
+slugify/__pycache__/__main__.cpython-311.pyc,,
+slugify/__pycache__/__version__.cpython-311.pyc,,
+slugify/__pycache__/slugify.cpython-311.pyc,,
+slugify/__pycache__/special.cpython-311.pyc,,
+slugify/__version__.py,sha256=Dh3y4MnWAjNJGbaoRm3dfiytyF-iD5d-3OCfGyl__Y8,325
+slugify/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+slugify/slugify.py,sha256=MQPsw0u2g2LU-8BBT7K0DOlGtAhIxoKHQD4fWltKllY,6180
+slugify/special.py,sha256=8bHAPGnZ-1keuW4x2WZdFXVb9LFoS7i9Jo4ty_2D8hA,1222
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/WHEEL
new file mode 100644
index 000000000..09b796edd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..3031584eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+slugify = slugify.__main__:main
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/top_level.txt
new file mode 100644
index 000000000..f4843f722
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/python_slugify-8.0.4.dist-info/top_level.txt
@@ -0,0 +1 @@
+slugify
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__init__.py
new file mode 100644
index 000000000..6d3279fb1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__init__.py
@@ -0,0 +1,10 @@
+from .special import *
+from .slugify import *
+from .__version__ import __title__
+from .__version__ import __author__
+from .__version__ import __author_email__
+from .__version__ import __description__
+from .__version__ import __url__
+from .__version__ import __license__
+from .__version__ import __copyright__
+from .__version__ import __version__
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/__main__.py b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__main__.py
new file mode 100644
index 000000000..4cc461622
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__main__.py
@@ -0,0 +1,98 @@
+from __future__ import annotations
+
+import argparse
+import sys
+from typing import Any
+
+from .slugify import slugify, DEFAULT_SEPARATOR
+
+
+def parse_args(argv: list[str]) -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Slug string")
+
+    input_group = parser.add_argument_group(description="Input")
+    input_group.add_argument("input_string", nargs='*',
+                             help='Text to slugify')
+    input_group.add_argument("--stdin", action='store_true',
+                             help="Take the text from STDIN")
+
+    parser.add_argument("--no-entities", action='store_false', dest='entities', default=True,
+                        help="Do not convert HTML entities to unicode")
+    parser.add_argument("--no-decimal", action='store_false', dest='decimal', default=True,
+                        help="Do not convert HTML decimal to unicode")
+    parser.add_argument("--no-hexadecimal", action='store_false', dest='hexadecimal', default=True,
+                        help="Do not convert HTML hexadecimal to unicode")
+    parser.add_argument("--max-length", type=int, default=0,
+                        help="Output string length, 0 for no limit")
+    parser.add_argument("--word-boundary", action='store_true', default=False,
+                        help="Truncate to complete word even if length ends up shorter than --max_length")
+    parser.add_argument("--save-order", action='store_true', default=False,
+                        help="When set and --max_length > 0 return whole words in the initial order")
+    parser.add_argument("--separator", type=str, default=DEFAULT_SEPARATOR,
+                        help="Separator between words. By default " + DEFAULT_SEPARATOR)
+    parser.add_argument("--stopwords", nargs='+',
+                        help="Words to discount")
+    parser.add_argument("--regex-pattern",
+                        help="Python regex pattern for disallowed characters")
+    parser.add_argument("--no-lowercase", action='store_false', dest='lowercase', default=True,
+                        help="Activate case sensitivity")
+    parser.add_argument("--replacements", nargs='+',
+                        help="""Additional replacement rules e.g. "|->or", "%%->percent".""")
+    parser.add_argument("--allow-unicode", action='store_true', default=False,
+                        help="Allow unicode characters")
+
+    args = parser.parse_args(argv[1:])
+
+    if args.input_string and args.stdin:
+        parser.error("Input strings and --stdin cannot work together")
+
+    if args.replacements:
+        def split_check(repl):
+            SEP = '->'
+            if SEP not in repl:
+                parser.error("Replacements must be of the form: ORIGINAL{SEP}REPLACED".format(SEP=SEP))
+            return repl.split(SEP, 1)
+        args.replacements = [split_check(repl) for repl in args.replacements]
+
+    if args.input_string:
+        args.input_string = " ".join(args.input_string)
+    elif args.stdin:
+        args.input_string = sys.stdin.read()
+
+    if not args.input_string:
+        args.input_string = ''
+
+    return args
+
+
+def slugify_params(args: argparse.Namespace) -> dict[str, Any]:
+    return dict(
+        text=args.input_string,
+        entities=args.entities,
+        decimal=args.decimal,
+        hexadecimal=args.hexadecimal,
+        max_length=args.max_length,
+        word_boundary=args.word_boundary,
+        save_order=args.save_order,
+        separator=args.separator,
+        stopwords=args.stopwords,
+        lowercase=args.lowercase,
+        replacements=args.replacements,
+        allow_unicode=args.allow_unicode
+    )
+
+
+def main(argv: list[str] | None = None):  # pragma: no cover
+    """ Run this program """
+    if argv is None:
+        argv = sys.argv
+    args = parse_args(argv)
+    params = slugify_params(args)
+    try:
+        print(slugify(**params))
+    except KeyboardInterrupt:
+        sys.exit(-1)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/__version__.py b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__version__.py
new file mode 100644
index 000000000..854038e50
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/slugify/__version__.py
@@ -0,0 +1,8 @@
+__title__ = 'python-slugify'
+__author__ = 'Val Neekman'
+__author_email__ = 'info@neekware.com'
+__description__ = 'A Python slugify application that also handles Unicode'
+__url__ = 'https://github.com/un33k/python-slugify'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2022 Val Neekman @ Neekware Inc.'
+__version__ = '8.0.4'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/py.typed b/lib/go-jinja2/internal/data/darwin-amd64/slugify/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/slugify.py b/lib/go-jinja2/internal/data/darwin-amd64/slugify/slugify.py
new file mode 100644
index 000000000..09c7e076c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/slugify/slugify.py
@@ -0,0 +1,197 @@
+from __future__ import annotations
+
+import re
+import unicodedata
+from collections.abc import Iterable
+from html.entities import name2codepoint
+
+try:
+    import unidecode
+except ImportError:
+    import text_unidecode as unidecode
+
+__all__ = ['slugify', 'smart_truncate']
+
+
+CHAR_ENTITY_PATTERN = re.compile(r'&(%s);' % '|'.join(name2codepoint))
+DECIMAL_PATTERN = re.compile(r'&#(\d+);')
+HEX_PATTERN = re.compile(r'&#x([\da-fA-F]+);')
+QUOTE_PATTERN = re.compile(r'[\']+')
+DISALLOWED_CHARS_PATTERN = re.compile(r'[^-a-zA-Z0-9]+')
+DISALLOWED_UNICODE_CHARS_PATTERN = re.compile(r'[\W_]+')
+DUPLICATE_DASH_PATTERN = re.compile(r'-{2,}')
+NUMBERS_PATTERN = re.compile(r'(?<=\d),(?=\d)')
+DEFAULT_SEPARATOR = '-'
+
+
+def smart_truncate(
+    string: str,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = " ",
+    save_order: bool = False,
+) -> str:
+    """
+    Truncate a string.
+    :param string (str): string for modification
+    :param max_length (int): output string length
+    :param word_boundary (bool):
+    :param save_order (bool): if True then word order of output string is like input string
+    :param separator (str): separator between words
+    :return:
+    """
+
+    string = string.strip(separator)
+
+    if not max_length:
+        return string
+
+    if len(string) < max_length:
+        return string
+
+    if not word_boundary:
+        return string[:max_length].strip(separator)
+
+    if separator not in string:
+        return string[:max_length]
+
+    truncated = ''
+    for word in string.split(separator):
+        if word:
+            next_len = len(truncated) + len(word)
+            if next_len < max_length:
+                truncated += '{}{}'.format(word, separator)
+            elif next_len == max_length:
+                truncated += '{}'.format(word)
+                break
+            else:
+                if save_order:
+                    break
+    if not truncated:  # pragma: no cover
+        truncated = string[:max_length]
+    return truncated.strip(separator)
+
+
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: re.Pattern[str] | str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+    """
+    Make a slug from the given text.
+    :param text (str): initial text
+    :param entities (bool): converts html entities to unicode
+    :param decimal (bool): converts html decimal to unicode
+    :param hexadecimal (bool): converts html hexadecimal to unicode
+    :param max_length (int): output string length
+    :param word_boundary (bool): truncates to complete word even if length ends up shorter than max_length
+    :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+    :param separator (str): separator between words
+    :param stopwords (iterable): words to discount
+    :param regex_pattern (str): regex pattern for disallowed characters
+    :param lowercase (bool): activate case sensitivity by setting it to False
+    :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+    :param allow_unicode (bool): allow unicode characters
+    :return (str):
+    """
+
+    # user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # ensure text is unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # replace quotes with dashes - pre-process
+    text = QUOTE_PATTERN.sub(DEFAULT_SEPARATOR, text)
+
+    # normalize text, convert to unicode if required
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+        text = unidecode.unidecode(text)
+
+    # ensure text is still in unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # character entity reference
+    if entities:
+        text = CHAR_ENTITY_PATTERN.sub(lambda m: chr(name2codepoint[m.group(1)]), text)
+
+    # decimal character reference
+    if decimal:
+        try:
+            text = DECIMAL_PATTERN.sub(lambda m: chr(int(m.group(1))), text)
+        except Exception:
+            pass
+
+    # hexadecimal character reference
+    if hexadecimal:
+        try:
+            text = HEX_PATTERN.sub(lambda m: chr(int(m.group(1), 16)), text)
+        except Exception:
+            pass
+
+    # re normalize text
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+
+    # make the text lowercase (optional)
+    if lowercase:
+        text = text.lower()
+
+    # remove generated quotes -- post-process
+    text = QUOTE_PATTERN.sub('', text)
+
+    # cleanup numbers
+    text = NUMBERS_PATTERN.sub('', text)
+
+    # replace all other unwanted characters
+    if allow_unicode:
+        pattern = regex_pattern or DISALLOWED_UNICODE_CHARS_PATTERN
+    else:
+        pattern = regex_pattern or DISALLOWED_CHARS_PATTERN
+
+    text = re.sub(pattern, DEFAULT_SEPARATOR, text)
+
+    # remove redundant
+    text = DUPLICATE_DASH_PATTERN.sub(DEFAULT_SEPARATOR, text).strip(DEFAULT_SEPARATOR)
+
+    # remove stopwords
+    if stopwords:
+        if lowercase:
+            stopwords_lower = [s.lower() for s in stopwords]
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords_lower]
+        else:
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords]
+        text = DEFAULT_SEPARATOR.join(words)
+
+    # finalize user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # smart truncate if requested
+    if max_length > 0:
+        text = smart_truncate(text, max_length, word_boundary, DEFAULT_SEPARATOR, save_order)
+
+    if separator != DEFAULT_SEPARATOR:
+        text = text.replace(DEFAULT_SEPARATOR, separator)
+
+    return text
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/slugify/special.py b/lib/go-jinja2/internal/data/darwin-amd64/slugify/special.py
new file mode 100644
index 000000000..918cb2add
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/slugify/special.py
@@ -0,0 +1,47 @@
+from __future__ import annotations
+
+
+def add_uppercase_char(char_list: list[tuple[str, str]]) -> list[tuple[str, str]]:
+    """ Given a replacement char list, this adds uppercase chars to the list """
+
+    for item in char_list:
+        char, xlate = item
+        upper_dict = char.upper(), xlate.capitalize()
+        if upper_dict not in char_list and char != upper_dict[0]:
+            char_list.insert(0, upper_dict)
+    return char_list
+
+
+# Language specific pre translations
+# Source awesome-slugify
+
+_CYRILLIC = [      # package defaults:
+    (u'ё', u'e'),    # io / yo
+    (u'я', u'ya'),   # ia
+    (u'х', u'h'),    # kh
+    (u'у', u'y'),    # u
+    (u'щ', u'sch'),  # sch
+    (u'ю', u'u'),    # iu / yu
+]
+CYRILLIC = add_uppercase_char(_CYRILLIC)
+
+_GERMAN = [        # package defaults:
+    (u'ä', u'ae'),   # a
+    (u'ö', u'oe'),   # o
+    (u'ü', u'ue'),   # u
+]
+GERMAN = add_uppercase_char(_GERMAN)
+
+_GREEK = [         # package defaults:
+    (u'χ', u'ch'),   # kh
+    (u'Ξ', u'X'),    # Ks
+    (u'ϒ', u'Y'),    # U
+    (u'υ', u'y'),    # u
+    (u'ύ', u'y'),
+    (u'ϋ', u'y'),
+    (u'ΰ', u'y'),
+]
+GREEK = add_uppercase_char(_GREEK)
+
+# Pre translations
+PRE_TRANSLATIONS = CYRILLIC + GERMAN + GREEK
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..a17ced9af
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
new file mode 100644
index 000000000..5ed2d0fda
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
@@ -0,0 +1,134 @@
+text-unidecode is a free software; you can redistribute
+it and/or modify it under the terms of either:
+
+* GPL or GPLv2+ (see https://www.gnu.org/licenses/license-list.html#GNUGPL), or
+* Artistic License - see below:
+
+
+                         The "Artistic License"
+
+                                Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+                                The End
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/METADATA
new file mode 100644
index 000000000..23bd3d45b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/METADATA
@@ -0,0 +1,73 @@
+Metadata-Version: 2.0
+Name: text-unidecode
+Version: 1.3
+Summary: The most basic Text::Unidecode port
+Home-page: https://github.com/kmike/text-unidecode/
+Author: Mikhail Korobov
+Author-email: kmike84@gmail.com
+License: Artistic License
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Artistic License
+Classifier: License :: OSI Approved :: GNU General Public License (GPL)
+Classifier: License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Linguistic
+
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/RECORD
new file mode 100644
index 000000000..c6de40859
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/RECORD
@@ -0,0 +1,11 @@
+text_unidecode-1.3.dist-info/DESCRIPTION.rst,sha256=6Fgx54K_UeXRByELmqkfLcHlbXhsvNNJdkPFT0VF0J0,1199
+text_unidecode-1.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+text_unidecode-1.3.dist-info/LICENSE.txt,sha256=OTjnU1w-TvfmNj3ptpP-O6_jxKXl9JJc1IN1CW_nr9U,6535
+text_unidecode-1.3.dist-info/METADATA,sha256=B9j-1l4-yN9P5e8mpBrXCqAQsRUnA4Izyy0hG7Jyrn4,2422
+text_unidecode-1.3.dist-info/RECORD,,
+text_unidecode-1.3.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+text_unidecode-1.3.dist-info/metadata.json,sha256=vYPs2_8Q45eS8mrUw0qzf1NeShHDuX_lpyh8S3yqg9U,1299
+text_unidecode-1.3.dist-info/top_level.txt,sha256=SQH9SRjWlLrD-XgHyQOPtDQg_DaBt3Gt6hiMSNwHbuE,15
+text_unidecode/__init__.py,sha256=_hESqlvGR_cTy0oryPuoyrVntCOIID7bHDA-y22I1ig,484
+text_unidecode/__pycache__/__init__.cpython-311.pyc,,
+text_unidecode/data.bin,sha256=eSRmbaTOCtJNS4FCszDm2OiUZc2IOTRyTNnkt9gTDwk,311077
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/metadata.json b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/metadata.json
new file mode 100644
index 000000000..3d8b506b3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Artistic License", "License :: OSI Approved :: GNU General Public License (GPL)", "License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Linguistic"], "extensions": {"python.details": {"contacts": [{"email": "kmike84@gmail.com", "name": "Mikhail Korobov", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "https://github.com/kmike/text-unidecode/"}}}, "generator": "bdist_wheel (0.29.0)", "license": "Artistic License", "metadata_version": "2.0", "name": "text-unidecode", "summary": "The most basic Text::Unidecode port", "version": "1.3"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/top_level.txt
new file mode 100644
index 000000000..2f7a53e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode-1.3.dist-info/top_level.txt
@@ -0,0 +1 @@
+text_unidecode
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/__init__.py
new file mode 100644
index 000000000..80282c74a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/__init__.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+import os
+import pkgutil
+
+_replaces = pkgutil.get_data(__name__, 'data.bin').decode('utf8').split('\x00')
+
+def unidecode(txt):
+    chars = []
+    for ch in txt:
+        codepoint = ord(ch)
+
+        if not codepoint:
+            chars.append('\x00')
+            continue
+
+        try:
+            chars.append(_replaces[codepoint-1])
+        except IndexError:
+            pass
+    return "".join(chars)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/data.bin.gz b/lib/go-jinja2/internal/data/darwin-amd64/text_unidecode/data.bin.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfae7c3bfe5368bae3efc7b8fa8ed47bd3e79a2d
GIT binary patch
literal 70243
zcmc$^Ra9KT(kP6(ySuyV;1UP~3BlciLvVL@2u_edfS>~e3qA}CZV7HPNPs|K@FCcr
zbMC``@5}uj?_OQ2tE+c+byfGOs$IPqQ?Zc#^Ps$(J|#w)OXf?Zl<%D1g!kXweGD7y
zZQJYCXftqf<{;Kg{$`?`^37Caf`-J_Dv69aH_p+eJ^1DC15_-kQ#5zlVREDYGtzdb
z<~9mlsnv5N{3Y=P=~)Gl2~|jVL3=hp%t6ng3W+Z$&svBU=wQMN#<Mx%96Ffzg8cjn
zQ4WnvctL+QM(jW%6JJoDbrFNmmjrqQmV81a<_p6!!!vRKj9@cf7s?QZa|c5P#JvJy
zK6oQ#!mz_I%10>S?2kCl#1Z&|(K{exxHz3Mdc9sOt5kxF7?itIk<@HHfdCLIa1AB<
zD-?AIM@bNh5!Qy%BIv_#cZL;)wS>Ge4u#NhTWm1UrMjb}`Jg2EP#BKY2+lGv8p#Vv
zvkk)E1SyQ%!3E){j|%X_=iMtqM&&NTmuFt87mR_#2uAq?*~7r$p_WK|M&wP?t@sC_
z4$<yF#&Um36h9a#g6wu^#48dvl#p>`dn8;c2thRvGxF$<W+=70Vi2(epE$UoC>!>T
zNVnA+3c=@yG?l`f5`?sH%lGv$#3T;2(5{ksqbAyXGlYdTEZL;|!8#3XB4}?~jzZZm
z@ILP%^``Vjp`4GCo~}esy)(niUk@k%mMYZ}%nj8BplyS=8^7Jy_Ag-o7jEf5m>WdR
zws?|QfUfmrZw&IfA?klB92Sj0(8xcM5kTG0CXMwHWyrj|J&Uo-ajACc6{^g`aJH2w
zn{C2y9)N^T7>&674M9)BeM2XEd9)WVok=ebaI~@^C;Sz-T-eLMLW{t1C9T^6T~nBG
z&VP>@MfcOG@I{`&Ep3+icG1QdGTZV4%%C=&<&x6H&-$8jP@`ZtIBYocV+8FWuXFBk
z!Ph+BiPG^KNBP}$b>PtuS(zLr<3Al~n_uBF4E9H{yF*cGoZ)|Q2z&(0grdYZL6X+t
zsZA(zFj;^KTKx)~riDK8jTQ_K@Hr+4Zy=$?-_T+x&Dw_pN0sD4n&P^6h$taRFu&Wq
zjDA>DDq(5)giMEcTcCn4e3eN#n7|7v+pXUHU9GTq$QV%%TG5MUReev1^|$2$aZOQ^
zyXv(JJRYgRX^{b%jO<b*s3305`+5-H=W!uF&Os13NdS!f_Cj?qVFwflN7)eAOiYB!
zBFLVxBQObJ#&D!TN`+p`I~Y13ss(0%K$cH1pi-iz048+7^O$-l;j{>oSNFQ_W#PCl
zPbha}y7olk>TFcQRZ&_d!x-B`8+QYJxa9+pF=2-dj6Gw_kF2a0-7k0#hj6?ymgol7
z=#n9QRj6*>fcT2WuFl1V>i&0hG2El(i`u!1*}Z;Dv~%j1TmID~@TZ)fE{!9WB39)<
z!=b*Y2JxWBFAxerABxCV)%*2Pya>$jsAr62TGd>+Ap9p@6Kkcxr1yL*LmXv70!K-_
z_4rbPHc%T<FI)6O?~5zsgRk+m46c-VgHcsUNoAl_WR|{Jbi8GBF+p!M*DiDd7%nv!
zg(EG6G?$4F<kPn_OjEDc_YmP@g_LG1Ija>_8^^jmE=1v-n#6QS5oa7k&KT65LHIr6
z<wDhm-pm`h6xn$=xX^0ol*LnbugH_-q*W2nZ%QdNIJ8i{O_8)u6uyo)_(q<oaC4zO
zBR;+2v)-~SwX53bndQJ+zZtayeGF^6J6fpH^@|5@VFvBz_9JvQL^c^Aj)S-jmUZVK
z_ug`{UT^bLkOQS>U}X>P72(Y%OOrEYXNn2mK+5I-YNo%v!0q^90r!AplvCxT@;{)y
z)p#YaPl*&|uea6d?@+WVSK?Pj8GUKFA?EO<{ek29wpWAW!{b<A+Oy3Tq9SGlWvr{E
zRd=_)n2Rt=|JfW+rh8;W-?m2Kf9lwfFq4Tvo&_1azaVi{W+kwq=WM{YKLWGg;MI?6
z9f7b*DdrO?g`y0o8m&P@-vul0Nw{k*c2|J7gfLbF*+2{?z*(B49T-e~I58YkutAq1
zWhq*kqSYPkXc56Mn_A#ao@|Hg7KB=oG`J!NqiMDRJ+cP{q2JQ9z>&^g<X^+(gV+A1
z0%DcEx%f;8?cxDx6`mQ8B5tngNEE!0y`U6~B%WE+8C;1b8RB5)Ugdn7H@mMN*AsPa
zQ6BN7955p&+MarV7srhFhA#+YJ8X;qSO_K5Ns<7vk{y~tr^A{7A*(@e%%Zk_l~g~B
z!~rMy&B!og3^%**M_z%eI6UVQ<wNsrn4)5tkxoHpx&sG<$#s#0gir$wDKg#eRIe2v
zt<4>V1nsJOipE=8BIlN<c9a0tJd5oiv9`fO^wM%lp-(w_t;xDF>G*fXV1vmM6qmw2
z3_Y(Q;eqX;293th`P32dL=G`l22U2}9i_Eu0{#g9>-ee8Zl#M;H!5}J$qlX-*bC7%
zQ#AG7`z>%$Fi~rrKx||If695MNh=|~@nDo0nCu1VP5^tCK|U@K&K-uvI2?{3laG&#
zYk^`SoDq}^hO1w`2&+WM=^XHjWwi`Mmna_wHBD8$z`ocP5`Zav9$snu)Lg%bDis>S
z3elh%NDO`90p9iEuYF{1gyNYAC0Yid7QlIwH*2EMr&;uxZE?D!hKTdZD2d~6+4f7u
zan$57Yk<+_LDa%<x9$vkHx`k!ti5o$ZCW@K|FMA%JgB$9-P^|7+xF14$(*}LM8c4q
zrt+B{N@ivw3yzY7)4#JVA?o?XB7&#p5IM{G^gSw-g+#(>w8p@pC11-<D7)PP^r0v1
zQDy(<tVWHA+BU9uWGZ@}(s#<WG!_GtKLep!wY7|WwQO(Xy!Pg-21bGg5`y)I8k5ih
zXwE$ihj_btk~!U(=ayqWCCUP?;ILUt(+12)k<oiO)bNn{9S~;jCk4m8z4IOV^C0(D
ze*;DuzrN9OpIC+C;~nQaqXsE#AGc7N2*%jn_4p+%DND#pe<JXOh=2jKmk4a{@{M#p
zX9jFO;6)4`Elo%-KQiw;<!wdGTf6eicGlP_wMP$S{<wJH+^yZ*n~RzF#%1KE)e_N}
zL=jC>@eDm0ZpR$lFCIEPVavMuWF4VdNT>tW9aU!R>)_YEuB}LQpLnX|MzABGJGz+9
zF{{bWyR~n?%XWzSq~mQ}6)govf(YWu{Z~#l58OXK-=*YVdO-nT{5FhvZTE27`;1co
zu(U!x>HEt0q{_}i)$HTBo*ji8n@8@H>d?^4v(b!)S9i~8xCbK!*QxxZMY)V4#*C#T
z>@bB;`Lic*5#m_upnwE6<ubk=<8>e?fiD|re+9Q!24_x>^dgQ6)O8{c4s7_S?04b;
z`z;5_2hm-K;V`TG^VylvON@L;%JaE}57M6oB=x6`mn|&I!WGdbINe)=5+5Gt$vhP(
zi{p;|T=yTkKH0Hq`Sx7d93Hk1(#=0AWE@KuFI~T21i_CY@6XPt)AxA)V8L}4{7+~M
zucRX2Bshp@u?vi8_RO4kB6GUByL92aUF3?bWk_Y}3&UA!e<eQfY9jHAEm>|L!`QQz
zeotzZ&gBe+Ih%4m!-M{Y$hz`-lq8k)vN$j^d(eQ6vUpW_LDY}zxv@9<Jb9Xz!143p
zm~^O{Cz|E9R{p}RE{J)QBxP!l{wd^RG&q`+`ByG|)I;NYTgR!{r`4_0Ev(FR#2*+z
z*!P3+Yo(59($!En+ASj>Iu=tGdJ)SB-ybGLoc@Eyf3Q1D+Wi8>-i+0qe?uNIRPsPE
zaE~#N&icTt{IUBNW38&RlS-`c`c!S#d&ShtYXN0Q4BR}L$<}7TN_0G|u78f3Ei7H5
z2_OIOSf;GglVcfYXsMeeI_v8F(vh*x?=l$L-_@7d7f;N9GeB?e)wA47<W9u(p8ND=
zEb6m8tBy)2zr#F~oP=+cZE*mT)BLSqD{}APoaFAvYU#@EC8<d`N~-Qq1c>z0kdQ}S
z&4|MO#1#sMP|$sb*Jiceoz#bgujk5yf6+rO-&z0jPW5{HHfWslQLNY4ROIl}BhDSg
z%iqDMUBKY`4Bah{N>Bg&X3>rK6`!)Xe`f!g#4`~4Unqi3W&^`$hIt@wM=0`kUm-6J
zk`{pQ?hB5|jJ!4f&icnybqfhV>3#vDd2Mb*+LES33ukRQ9Qvo~NvTJt2uf$5?%3X)
z3GFv{v&*zn=H<g{GH2F9Yv`q)M%FN9o1u-U&d&5Eb2j~PH)PBIq6N@jyk%!m6V^5}
z>!H7N%f2RFHsR!q($8<afxDK?wj}3pI<IC_O2oxIfB<7?iQ2-yf~(?=byj;kZ=0%H
zn4&Qg)md&+wKUuVx?V8?Nl!#tSsv+#cf*uKc8{XPB$y5-{1p*Z((Pk^wi5(=mJeVK
zxCjk`Vq_v7mLUX>PeI8KKAc18gN$BGw-h_O^w7-5a7@@h@{Dq~E+^ha7xS|~gdZuP
zJ!3EJ`oJ*#V*)B|m-|qt&mC&_1BON4=ic*Zg4NYZEjPg0)dO<bP9Xg89utBGbLdQ9
z=M%J{*55^;5H+y??c!|#C4t>BYD!GsIEc(<nG!43P@LTS;?wlLB^;pTmtbj?1T~BE
z<pT>rcCl3cKGbsq38SX&#M8|-tyUv;D5=tXA>PulQ|K|<Gy*Gb-K9eZ(iRk0DXCaa
z#%gG>SdIoJf-GTbh~x@6!3xw*;(i<`yjolo*~GlF5oqtdJIF9nkm6%OR9ubmAZ4Wp
zPh8YgBwS2fdmCGRK0ZDGUo$@0h4V$=MIu7$(dE$tR>{?jZ$Z<I=Y0%ar0V`gA;51D
z(%mNk97yLM`nx>(r`z7+)F%AIHayhB#?gk{=D@}gudy*cFFr5P@UbJ>KdK|v|IzWW
zGQK0x|FJHKf9SinkL($EE_D^qxaZL?0hbwa!)!^9URegY;kFzHTU*mc1o~_Yotz-<
zJKkXQfrd_4hE72L7?BR@gU1fJ_Sw_`TG6%KaDZCCXHisV<XO5>YE<WCP*J=nq4NsH
zHdPQQG(A>wY>3tkmL4z3ux&xRO0|l%Dz!?5O6z88Z@Xvf>jB*y3Xbx{JRBS9>G1Z1
zZI0Y`M0a6qV+5T*n}p%ZW<hQ+{;fae18ZF?0-m%%wCC3z0aaS4Q%G8vTJ|<B{Cxa;
za(pfLd|r0Az&@Y<O5|mC1?=mQ0J_-}tj1f~+pL(ab^uRo@79MlhX6yH!<$rv=D5DN
zzTcaqca|U5M?Fxlg3PZ@JAZlMPw!w94*LIR7O%ea^f~4^iA+LCNNvg9-ptiu>bS6~
z1C>H%x%y8H=O7oTV^jfw6%DFjQ+xr1)#9rz3{TWenWQ0F+q-2@QzBM(mzq1WCoW~z
zp3Y-m(#(hlT4oX(@%flis(nCg9W}Z<>JKCXOaprxSAK1NZ8_~0eC<8wixC8OL|QpS
z5bOnRv7qY4@`gb{RNX)d0X~bM?rsSoQ6XF*Um;Npr)AJID6Ls~FS^*Wx7)*p0%Dtw
zzsUD2^9*=q(2a6Vs)hQx<DizX4AuN+pH<;}|Fn{<8*T-rfcE{DBE)ZZ<;^ho!SElY
z{y!8GTG?(MfW>Hw`*JJ#YNO?5hU|s%$tu8|g=BSejKaqEWH(?l*}5k^{p>a`+8EhN
zI>-^PuZ_aWH0S_k*oTg4jND9TF**flFz>$fCf8p~kDj7MZSkDW6j6{p;`y5i=S3{F
z1VDL%5OCDev+b%-;L8yM9pF1=CgWBtXXe?k^FKKJ2bBMyAoC2F2K$yF{4c}|``Mje
zZLTj_QCt#BQvk&vE=y8FkB@{b^Wy>jB5|r8m{ln__S-Ov2RvJY51)*9p%7&uRRxdK
z<{rZ;F{zoqkAT1mldwf4Y6XVBhy;Eh(2tC|Dd`T7@L5o8lo}2C*e!sfy))!zYZE&I
za)Q~k!-1w~t9;u+s-_8CbMrSC!l-SUD-8NzT8l1<l_m)K<F7-vT|TNk4R2-J^#?9v
z*|+(Y<~??ghrf;$+!CG*L<yR0DJ6tByJpxe+HbFDW?{T0QEHj*2hrM9qcS9kZ8xRS
zJazFkyGPiGqF>fO_%43CTKp!u*eSE0&61r$ndUbo&1O<Y!y=UEz%TH_ZE8mI$E?<m
zS&fa~Hl!^SEo6f2!W!>(M_E7l2#^%^96BXkT9|w46bD!p2dJ+bVP3fvZlL^Xj_MJ#
z@x-YfyZ~jh$tHeV^%YgEZsC{Yd?PFPMwZp1AvGt=LgPZ&M_k%WzpR9L`{aLH$#(<~
zm&UNV(GZNs|Jz$RNfm8S$AMF|hyOSqWfJjjFpHUY91TEH1@Exq;8(TF;TIR@YR$x!
zB<5W;mSXQXo_}4Zd;fozhyO)94qUqNa0SQ!l4*|jkDK#HE4YzvtI1zm4EnIIz9*e+
ztEMi#jUFiAZ+dP}aKqvM^%a1e5x~Ox3Tw(&6ddrsOZZAKu~8Zavmt0=yj?bNT1JPf
z?b1hGdw=`Oh%sC51!p#iY$DrgX!UHifVCSWEza>4r6eG`KZy!inrI);+|D3@kbNYM
zpd6&k+%Z|*lv>>kTHWND`JmdxA|b{`GP(kIjZ5$a<M4Agd_D9d8%rQziCQ0+#mbIY
zu$2oh0~<dk`T&n|8qfSR%)Pa04m_Qw7>C3v*9u?&r}FK-8N=n@^%zU#-%S@t2}_a(
zh<K0vl&$sPVErB^gsuC_Z*!;-ONbXRjYDgGN;i!|@&ho8Bq!?gv)TdZM~*t`ABELV
z4AQ4dLCV0R|B!A~W5U3s^VWus;cyPejPrS#l{)p5dVzOe4$#Juze<dH#WK_f7ZP-L
zZ}k-t#G9_#BrX?{=Y7p^k<2Pr$hraZQRKtN(QIW{Xk;&oUk&`(%yh><9qiDD`e7sA
z#Oqa>lm&R?BIprGAsHg5(RrJM$?x+Dqb3#UM||QjXpG{Yf~P)X0S+W2rlN?Xi=`s)
z0<hvGhCkbKKt%WK;~$tWMypmyzK|x8{7bi8OAK8vk6bVR8;1GAJf~Z3*Fejn0BgN$
zcp2xE<(ZjdQq<ltzLx}hNOUI?1t|p;I9v|(g1@@veKdXC!eSV5vruat=}=9@HYVlg
zw9xIYh``b9M0Ey68IKE+zyAYBT=B-Po9T%sPk2DL5IlSzGs1M-<sA>Zy)UvFrp5AZ
zSGHs?I@$G_kuDOuaAdvfh>`xC0VlceZ(@G_=sDyQfnv{Ep8or7XJeT?a2BJ+Tir+z
zsG65O%YTt(0JoXJDYdT5Kz&&WvPZo9%OIj6$TwsA=WNe$S0645eEPXI24`+VADzd4
zT_?JSIryx97>rukU;y}HAu9)=Hqe@EZ4R+K?*JhUQl?oA(ZMU-^msh|!t#t;xJQy4
z75G2;(2z`!!&EVbF&%W0ruMew#7J`8l&-GnGvgI%AEray+z(IaSA*eD<l;)k)1j7C
z4UD_{C>qhoSr2yRXKFwu3D<`M=Rziz1S!Wi!+8e9OSIZ@mpIOV*HhlO=$p+fb3Uot
ztan{H-Tne{6He(^A2O1Q1U!XAZu1w(wrr-KK8!J1O^gakrIT9ukn8$teHAc*^LRdg
zv~?fCN|;ah6idG<EhV*z99yec_-0uj%^-lntYu=84t;V%8Ts+E;xj9Xc*1$}ig$#{
z4xV=`@gTbuLR4KdzscQ^*L-c#sIx8a|3n{*X;*B7q<g;sB*VAmKh~BlcGf;#2j@Bf
z-%QtN{MqWe_UQhZe^^)Bc)oEw)$1M4ulx3;QuXGXqv54B?nV%b-^pw-xS|fHDB;LG
zG#bKC`MfHP{@1P0ll}gM`;Q80Q5T`(!V~u&NZX}>(_=}~ZPmKX)$9rUQ^AbY<w(_O
z9=fb&f5vujPoS0VPVoIH`(apq|Gr7kp&It^&iRvUi}QIO-XT)KB|%xL^#00=wEb13
z^E3CIV#~)MQ>)&>tXoV3BGDb*CD`^r5)f#6he>bHa~>A9@Df7#5;?CV8*dO+fI?LZ
zztBPiQCc}+8#^#{dX)~gqbl5{MBW|5zwAU3zQj#f$&cdoGLF=igCGvHk7)Au{D3IT
zix*@-)L`u3gDf}E<y|K9oKY@CA?>BGTH$#x?tI<@N{TpQMI7;V6TYC`!DJEpxw^Zf
z44@}3sQIMfBY6bO_b321+XbK58kDNZlQNF_v(N6$7!k{Ena`->`MLasMAGM7IKdLd
zJ7e!KJpOJ!+#|)nSm~~W`C}FQjIwfNQVc!wr={c{<qc-Tf)*aOzW0ZMz=|{RP(s20
z8)wFc{zP4G*;~w2g|UcpnDf8f0NOv2HMG_mn!OsC@w7ei&mFuN1pP&^8cMB&?{at6
z!u`-#spR4pe$>u`CY3xcQM_CGqa~>{_JGpfUNC+PkQ63v<Fhw*psQXlZs1v1<lPw~
z^7lJfsK?;QcUnT?#DAv9p?quQ&pBy6?CJV1fz{ACRMG^p7jgRs@l5MJIMKO((=X8z
z0ibDl2@mkvxXZG-g9ZLe*A9q5{(BCI75{S(t%2Pu)`d^cT0VD?Uj`MXv<If#Cm;F;
zFL}4-%0mRRg&91APl6u;6)yZ=oP{P84#IXWPP*1k&<7(v^~>MqTAy28t%crQzT&?d
zJhJ1?_FQ{@uX7_9oA-iO%fB-8z)WmoLpW<g`3p#hi=deu9_9_gDgY+%BB=Q26p^iC
z66b8tcWjx4@gh>y9IfrSTR8vaeh85Vq9ox+&kO_6k%V_p{xGzcs5M%Kk#i{VCg{)`
z^BH>}#x05K3F8dp1uZ!~+yP1ckUPC|DcL4?pSXP+oVmmJgQ5S=6~iDSTww5gYQP;(
zX&JI{C>NmswT##)2ww}Des~-Zd}#Aw!gR2=&OBOn{-*2o&<8ok?3+4&XcMH(3@+cf
zbF`Kq*pG5QJt5u-0bwG-t#2Lo6bZ)11{fBaARkmEZf}x2>5rJV)^#C^zbLyipX5D$
zY#{%c-;h7Qc(7lu>I&c9yF=YRxC>t^Nay^f^?&8?H|_S=qx=r>6cu>?Urxg3R}TZH
zQ)AI|S?S?&pUrg<NdJ|EZX9`Sb%pi&jY-D;S_-OMwfV!b$@*g{!T(~7e17@gk@nk%
z|7DFT%|!bUqS{pkNB*z$Qdy{Ntu3$oPFm@*|2s8ih(_1#kJfMZ)QqtIV+6w#@qc;w
zS0wtmDbQ<`=<a9zS06I-D&ITGGrr6~LbU%oG&qZ(X6EVi{knjge4gdn|4_CD2b$f#
z7|dETqD<u>ywKu5?imI+8V5wi(oG8bXUZ~Be^yBF(kZ(gjL(EI17fU4yaJ&s|1KV$
z126}o|Ka5@>i}qptoPjpJ%UC(jEtA~eCX4^X7kw-5LHmv<mHDh?1WG??8gq_Z%0CF
z1JB?8Nm32>KdsXD8T8|bIY*&RpQleC18jPdi=umCi(-SLOrxYJxJyC{ZF};~QQa`R
z2$qpOQ5##2*4IaxAZ@xBxbo6`S(G+3Kpe7sNXc6ln#2xzV2GtH6i+LhoM0A6@|GCN
zH)I%vqIF?uiw_nhG=8TBu_eZ8v<|Ae*{H)nTaxrK!9dj_`w-3n$=lC|bA-)nKJQ5x
zm`)}{8lZ|mlv%y-5}fVBRp_$_1qX5bD)AwDvB-WE=>G4OQFSUXSqsG~)}ta&b!<@#
zk4BgQ|Ly@@hhPR$AvlS1ur*()(;<CK0$G2lls{x;Am5<BbXJPB1UCeau*(V)-P<Re
z$_C|>>DSrwfhW_?E*+*{)cK7lM?Zfy;9-^-F0OpX?*}??HK<(2ZPb47G+h@pu^vKu
z+oUJJ^Wgc%=+27VDACby3zL3}ch2^bOs7owNt%v+Sicr^u57qn2eYgUWE*zk2MrGM
zQmM5{9O;gvBBbktnbMZ||Gwa*KLR0fc7Du$Mq26?{b$kg17Wk*0{^*Blr8v&u32`s
z5B#%ppiim2-iMC@n?*bEvL*k}-vXQ5|ENXDgQ;6$0S&8`V`qE;C#$0Y#JyLmGxlA{
zTZX4Nk7Dl5ue;j=12NA|A!kehnf7;V0p+7-SF7Q~y@K{#cU-r7Hhbo*2*k2rOzQa`
zq6gBhG%wUm=}|%s^s}_^ik7|14NvJ2!CkAR{T+8|fKNJs1bj8AId~VZZ1B|%Bw`=I
zx}I$Ps{Wp`d~5I*_}AS+*!s@BdD*H2!^ymM00JT)yHwabI!Gg}Qd`}VcV9-9PjH9(
z9QHQo{_}8n2!R|oLvG8XQV<Q~Sr<96U*fb2R)L?n0k6g{?|@xNge@cpZUFD<@IymA
zRyVvx9?<3K4&#ei355wQtOC=uM`XMg_VGVpmki~_?KtD&IH1>YTw`KIB8WrI-_mc<
z3mH3g^n9DbFB~<r9kQ@m%R_H(gXU{>l}4MFQF{L=uvs~@{XJaT!iN9?x}d3Ag|vZ@
z2hh#NX^hz!P)liiktyFJiPNvk#i422X!EXb7_+Dmbendr#zKL(nOp9T0zP|-o(M$8
znmbY^#M61Nz<U6vYq<$9Z5-hO+icteHh~t0dIry1ppU=8Y+;)Ml4m4ZR{Rtf*l?s<
zp_{G%Y=hnap_|lrQzgK~BA?uJK?G{Nf4g0K0&g$q9I{|KQe@h6iqc$a3fbuWaL9c2
zDO4&|m!#!lvT>Ts%CtAS9Vl>$V%0Q#Nrw|UkQ^KAxWdqEwRW&LQvqz4;kQ_mN-%b!
z=;=<6<~`4+4ceom<$5G(4l~iI6iP)Wi|B~c3LLofKBk}$m<dKMa1u|{YPXP`V;t)m
z1?fjR8F{-nWAq}j#J)*7i600Qvh!I0y1h*nA12LA;@jin^ZMiRx~68P1(2P0^^rr-
zPbt0ihW1d($l#{P<&<zWWNQi_rNTC^jn`mQe=N!^110dTI;wvTXZ4{ks$cM5)fV;i
z3jGvvbxH}0)Ej!<L!sFk87E?t&m6&fMz{Dh*yTX8+|(5NoKCocfic$P6&BU$Pf1WF
zFvmEw#LP$NLN<LsZovS0B>F}E-nhal*#`S+)slYXvTz_EjWnSI%dtSTaIV4!_iBv)
z8*P`K*CwdKN6Wg>=exy_AMzD?-}kr!_HgBqkYMb?0-?dUsj2f@7$Bf^#%J%c7jiL=
z43_wphCEpv*hp;t7mh3Tx>an86P>#_))21zjO-#bJ{h;%{jz+!DOj8Rr7r||iqek=
zc5sP4ZLRq40|Vbyx|+~?T_912Q8^Ur%6XLio4qrGg?!Yco0LN0756*FS!cZ)LL0N_
zzi+@i=>pyCVvJ&pitYGU_-#M6Oc2z3+bmiq6yC>_-b+ypLCv0B_*(`hEfp^q3C`GZ
zI<}EGm<B<BcuoU^J5ISSER{P<I==sv!Rkf{X#1J$mY@cB7lae4`>$FfyOl2oZBrVo
zK77D=$gBY}&b2GVKgDvNDwKhqbGc6=CE}mvYJo4KWVeH*py4WRy3;pWTN?k9xB4I5
z+5f{Awszc&I~6tqY)%6ze&x5*zo!{QmFq%%0)d~hMFE8#gQ%o3tCCZH1WUW=>*DCC
z66xRfB3!oqH7MjY6u6ZE+r9yq--9BKLj+D0(Ocv@W%X`+8WO@8b?q(`A1NX_4$>H?
z9{g<R=5!B__o72g#>{bL^|~(h5TTDYZ=q{@mgV3F>CWq$pcvO-uU4-f_HAkTkk#mf
zwP@SN3X0xJ|FB22mi3fF+>47{X;geScY2k%5SRN1U<p}}aoIquJs^2c7(6#kAO<3!
zE1`dH+J7KmRhO!};Cs<^p><=ksCYqZ8Ooh|xWDM*xhIrKH%l+y?E@&qZ-+8o@7d!w
zkHl~uqcO&+&zvg$n8ZZ<aZaUw4{87Q9=_|MGeVFSa}b<7vXDu*BzzG=9Pwy}nL#0|
zH`)LV{w;PbAfK~mDZ@Ssrovp^O?wDZi|NLe^NFdeBA;aqFJ8}4Z-Cfq=Tay&W>U6m
zov~D>mB!%pLy)Od-_z2Vaker-F{SVm4vUd$qXT~uJX!$e{YH^dQ~AoTHA@Su!sb()
z=f^hc7Lb@W)$~-mWzz#wEc@E?vuSCkn4r$Ye(!B{iIDPT=a<+`g};BkAhp2#7Nvvz
zk?2>3Tnoa8ZumJpnKZ5TqZa;Rat5kg?saU?2tHtL=&Hzt{_>jScQWCzcfPYsS{Vju
z!Icikz(;RmZG`sz(!^*~#9W}y%4HxOz}75dc5}@YBtSE?*G+wXBn2TS#{2HG$;!3l
zJ?Vz*gQPIRm0@F0%cL_|i9(Y;B@8lzE;O4!3}_W-_bErddO^q02OPwuM&E?1$)_|n
zDtaUo1;f3UkGNmiPDmE(Q4VvK)sSLc{<g)G$)G{8K|d57f7B)l`HMd5P{IDLwXM)w
z{d*tHUjQDd(r&kuUE<MabzkzNkn1c0=o6$TFswwpXGt^5QOQ8g8!f=6XF-s7{jU^F
zS_CV6_q>>)oCldjo_>LijqPG}9t#Nu6hlAr{zaSQxc9~E;u$U2tmjjTj~K+GHb}(o
za|)^551>|=v8tC`-(RHYWT3{9BW{o?0y~kKu~D<?fXcp$WYR}=9xp+Iij)QX6jauk
zwxfadi&@~8#v<w#3kVBet3xPEJud&dt|&u`e?4w8cBIAMxcfb-saS1zbAwUcyIk&%
zJ|fukEkT^k*$EKRhqRalY41xcYi8H96=`hcif#JOSOfGit=$l=q!m53;3WijS_6FX
zelbZLRd8u&O1gQ1qG^JOFnS~<aFuCRnMg`-LLld!Nh2%5n=a1Pm`L*?WO!lZOA?hW
z9agCi`;Q+aAp4)XhahUmo(OtaE7nKOxL~;*%<w8@8*<2RDUcAXFNuc$9erV(&jop*
zr9MWnRPh{5U%ZT0YJgR>F-S|Bpsx{gw;FzmI;J6FpVZ@ap^6F~LoS!(>JH>zFr;%t
z{$5tK@RgQ6Ky~j4dhL{)ZO=!uf;vpOJrURC=o3g63up~Uax_blfv55}_-eZ!#SxW8
zVTt-JiA|HDowgphu~z*Ud2ndUixz*f)5emlGF)Q8k{fZRp4=Bw%ea#yDqVfUDLt$1
zenkA8*oBqr=D0XXnkaM8Riw=i3x$tGG6qjjDzAb_Q25qm3D?)makW`0;yum21gR-=
zO8$jL+&v93FR#{vsZBnPY+qh7jJ%mOYQON1s@18y8r#aXJ0ojlEVn#lII<RWxwLo3
z+F&A_j3yjK{L9g^+nUPp4VFMKIhxf@P~tZ*7JeFe#)A@dmIg9UG76J*ELBc(GLpWJ
zmb?!pCz>${$#sR4Q;Y%Z$7d!e;QIA#@|~I<TTCNf)`yRV=n#w%?r^n(FU9un*hS|Z
zKUDK^lB9@<uu>}^yIHaLX=#)BbM>?MgF(4NcwAN@d+?9m$q3VS5J-rwl<3tMA8{tq
zutU0}T&h%fL)gDe>M#Aj8Tzg(B%ZwjR9!82r`U2@wCscpfVOPR6CQc?ORD?Qfq4fu
zHu`b~JMGhqS-e&TRZ8@egeK=<mlCeYSB1$Y4`gej+I<{OQ5Q7Z>~9Qdy*%r}bmzGD
zSo>__p7O~r>C+a!ni1^^>o-@O$BBO_s>(~YQ%CdqPE$600;)_@aIC`ug!3zPlPbqr
z89_{pQLsz0rKu-hbFhHD#|mtqtO?VcG1Ewfsm5+*+wVmcD&`n<Gt0sFY%!=cbM~Vx
znvIQ)DC#qq7_AaBd3mwq#rnf4X(qacA5KjipHzK@+e|(w<*Z=N%FObH3(aGa+L`*W
z6qlk6yJs8uw=|Eug)d+m*f5e<$?GfS8FR{mxpgqI=~;D+YBwmS`T2?+=NmEG!%56=
z$4yy&(SLo-by*o#4guepaA>cYQHu_)bJ8ou*y*ov)o^mq_WaH7AuF3&oa3c-0)2T)
zxuEl^iI^;mNKR}Kg~}X;{GFwYnWWAUzQj^*n`82oXj^?CksROuZ8$%Ac=<j^0S2QH
zEjZ3U!R~_T8O9U4a<?xzY4Sl?@N~G`L0gOdg>SxyH@z1-X-wm5UX3nl@ZP+=QawH<
zx@dz;8?hmI(b&$ruHA(wt*}>qml8+><&+(LcCE8Wav-Eu&2J+XG2DIy7F?yzOGcTS
zQLU<1nm^VfW9#_lN~2V0yv(ka)fR)NFY1hLcl|*`Mvh#83QM%ogt<m}UE-LB1u&n<
z1OCKbH!S|nc+8}EO?8tz$cQz;?w3eJKd0I2;_?~`T+`}$u6ggbR9s1+4v3M1<lVeH
zbi;IOm3Ye^Im%xT7sU}}K|LpT=3!=J0^hBOBj&#BX!||EDvS}H@J<n(xS$Kt14iC5
z1u0@j4F%_li$kzJ0qV}GPtc*3|J0`I4+lxV9G4(Wr64-8<vtz$3#B)|!sM)@O=*;=
z5_EL}w?BMnw}g1d`7#X#9K%Ei-u+TH3eDjnQ!~cixp-g2wqy5&O-YG;0n0%*LFrqo
z&T4)QI~x;8iik(`%|BhB>-VP}$av(1QhRzABp|I7RHsqXz|x8DM0w<V+JH3qtuoQ|
zZ96{28#+G+*gl8`e!?bulg+BLnxa_DpCHXb%$3r~ryEc*A$DQLcZ&NhO|4(}+h@hB
zS~pC2;VYXo%Mg&!jDxz%DMWLRl8^P>cStk|-<Vv!bNn}NW>i_SrKDFm)HgDeuHd0q
z4TC&ZSJqGGg|tT4wuw8eOZ>d$qRhK!!hN-0791`0D3>agqUxM}8bOn7M7|j(310zB
zApjac1!)z)*FZY6C`MVOTKw%5vEUw6vhJl9LvCmKfpQxf8l=(wP2~74cB^Excg&_#
zyPhRvU9K-fpEg@)3hnZ9KluR?x1Yw<NQE%jY{zFln1<h!l$cb%N*)QP(!BB_bZ<XU
zBsxAyVb@op92-@qzJw`9YCBk~$@0-XDKp_iysAeQs=_oP+yd@lw!-p;*qzyi^%(cB
z38zw}KU=-)W5)ZoOow~!%=*vl5mI`~l=v3-?b--e_m5vGwBxA0m8kAvG_+wOo87xZ
z<KoPW@D}_zG|pq3>!=%2Y)hxA?0c{+s<}*-a;8Ut18lQswyB<Pr35JQ7ju)`6)BT<
z8aRF0IEkn>uB4|##q)SMizo*FMxW_5GTYbGPIr-d?6T(sg@`<>-NROa#Yt)u@k%JZ
zEhiZq%R*f-IC<ZR)u_&vcOT1lS3?fkPo^Kfk*tX5u}E`UynSY|lXNxc<N@NiDcsu4
z{J}wE6+e<)<|h&dg3!yj8in<3;O?Aij$0{uZ(j2)FR?Z#nax-4bDZ_Ss9y+TlyPEM
zKXZRXVTob;vmh$&oZ_du8<<+HZo5Q`!<%eVXUZ=W7(GIgKRwKFfkG{$<iH#wU8im~
z$Yw)8eV;qrV1J*luJf^uE1Km;D&bw)pf%?M)lN{VAJk_^&q&%21mtdRz*Vz3shRtz
znO|)Z;o9oU3YOnPR-+Cob&>KuD-0tzzI1qioclGIEV8`y#Ett@f0nJSXayAaAW-$;
z<gp`>=3wzpZuSG?ToRajfU{~R0W=%xMBQ~o;KP+a?E0O^7bRt;83JpRi2LLr?DjRF
zJ0Zv7ky@0Z*y}raF$c?f%#c_8?s3^hzn+Gc>w{iPP$%8jL3mPG4gG{RQwrZ7-*2!G
zvErpWvM<Q}Y$7Sg-g~W^+CdDiP?czjUhUQBrTcj+Bo;$p4w7V8RIM{iIA!OP<`kl#
zxvVLq>iF6Qi=o`DT%A(ok`xp6D<CIc$KnQ?|0xj{En~3&eo^(q9WTg`v!{vCq4Bh1
zSt<?ucwIC76i`T;B)aiV7S|0WF7*=`3KHM8G2Wb_mOFVIa?E(|egKH?y-kgKqwAf_
zo`uC5d_&RPO2sjn3j`AzoQOyKZQfO!B8N~_@-ur3k!u+_x%jXt@mj}>G6(+P{5Ln-
zXVYP=N!b=kvJOF1s$#=;=~0FH7J^Ac!jvS_`2x)cWLk9fP20G->gpmLGB@b^6A-4P
zFVy(`ek(n98OHd*GZU+<nhMj0zGLq_xPm_V@$P2)Aax`A$`MyUdlk~q?eO(3x!@RE
zG%ktr>XFEpO9kZ)jN=s#?r=jmhc{TLB*ul!{WVyEwey>zozkSbg)y7r#i|Nm>WrDN
zeXKDQ?IzdBbAYu5@pgcvmf$F0@mh^^v4td3oh7uv>GVVu!5C8&RjTEE$rw@-SD^^a
zYg%#UMjPVWyo>L3!NCsd=f4dfj*~S57*DF1m%j2C90p(PqHDnEQ#C(eevh}lN>8J*
z&vw_6;<OqU{lI`#pWYQYUYJw)y~Tc$5Sw4bI6Af7qwr7#N4YT<fPwttV#DDv-q6(G
zVECv|NMD>3Yo0n?%2In5Psv)AdLs}vA%Ef+q`If_ZmakWExmd+{ceTJ1o8W?byP)1
zDuzk#Vv!;@uEOml^~Mbc^nbRhCZ+*nrn#oxFz{?~5P$MB)z*6Tn{<V#bwTt{y|l~F
zUDR&5-3fhfVeX@G3vGv{iH{d`yKm)!xo5B6n-La<HvS~!Ud<+<56K7~)K}j0B&;k3
zALw%U(;{YU#O4jRZyQym?Aq5`+h!0)q`59y4Q*q@@d=KeX}1%MK+YAfuZ4Q{=H36c
z4HZ`(i#Z6D9#Z<Dt%Qr#Q0r(URcxa8nJG;@Gj1~3o9Ky6lPFvMT?v;}5my+%#n``Q
z{IM!So=>fI^OXP?NK?V98@0FPql{%H_PH-Wcl5g&OO&mSUG;J&sc<W-3qw;z+X`Yh
zvRnTf5A5+(h1at1O$#D5tDz2`cB~Fr`<-hM-o{&r3zM3>M(^<ee^T6d-JiFgAMfJo
z#x(DxDJ0DQ?DGHn3vcpMPEtPlfxPcqRqMuLHtq(sw}lJP16vO82(ZVpqo0)3^^Kgz
z;U{5wvjP=n5z+ACSJGOnNeq~Si<;|O$h?U;u~y^S)~BzdQ$eYpQ=ZP=A$|REbR3vq
zw`aSP%^vxMvP;J@C;MKCy3(6>zt+J98ZS=qd2*V2GTQYw<t&pl5?=0P6$E5-hNtvI
zY$+-()3J1+U7#hm%`TchG2yD-MU4zUPBD}jAKFX*S@erg&4p7ZN}Th%xX-M1TG9Hu
zK&Ur^gj?U)7yZsb9tK=Isz23&#^^Z)grn>yc%eFI?qorl4{|nq+{>)jM@km!WIAa8
z^d`NwY`bLA8<_n)i);;7&uB<tWnls*S8kvjuNg+;zC*!C^zZxZ=%ycUsymVZHV|RB
z-zR0hha#>ba>LiML?c51##(^}{Hh~-2|PYDxUNoEr^?#z<3l@t;!oqJ_BOuJLHUjC
z%XQIUSo@k*UzOCm>QP5Ks=i3nxvF?_$^Z7(>(@8z$KT+=Sn6(ZzI>v004BD#blIvC
z@-<dLEFbNQ9t@-G-3}~%q9nS~Pmgk4QYqKSWmJFvDH$iTIBvM+Tl&T5^Iu5gtZ{-@
z^_itO=Ph+EKnd(oJ`<x%+L&~eSF!W;LCc8hF1OrCqgf)mG#C7il(LQKHzQ~WPxmvN
zc!c}`ob4eQ2&`+hR5WQDVecKR%xTRDn;!2b`<Vcys^Db+kS=-LOr)q1ZR3G{|He7)
zb~q+2HaG5k)=21?eV=}Mb1K?%01oA%6=zYk0w{i1__)Pr-UsiS6j#0JE42QZ*v=ty
zL%R4;q^8MP1$N+6G|s5`EzvA!H|d+lF0*U24{`%Zm!08HkBlnAoNzOY`cRdi*_O?p
zP8Ly`I_VBVGhqX|78%P)%v6P904rmy>W!zYdosebak9sQ=)bM0HClYgV#eeFzXI*f
zhl|)NoeFE>pr(v>dL1YBqf4j-M;r4g{V2jP*q7}1(W*(x6<PLx?$O`+K6xKVVBngp
zEQ@?IwoRGa*oLIUO>Huo`bsgG2QhCu2Vk3+ItYVJQ0^~(1IPOAZv~1@Kf42&M^Xw;
zX)CTe8`)Ntm8|*MS&W4D61n^>W2mK{JL7~MEEg|0egZTi=wEMAH6O7q7u?}~v=L1A
z=2IU>>y6g>rdp84-m&?^v$4C4WyPHx6RB#JrM8HXVol#Sez=m<v9j*3&RPjJ^N7p=
zznKyw_$yzH&xQm1-P2O3OdEcqh4g)cVVb&*COlm`TOV@*{3<;jL##<vl59ff^{fWK
z2;bk(xJ0+)CL~0$)kCgMpEodAnT-@Xc$6Dm(JC(}#y+{(rt8`Pp!3>yDI9O6Gtoq0
zze2=_e)+0I{KwgMF6s%romt_Q5RzpRWC@#uN$wUX$?iK=P0OaM=`qb93iBWrjbbG`
zGL6Tc+0wp`bb&JjbYIzfh(CJM2&do0Aih=X-T8c|f!b7(3CE;m5Pm2tlY&*aezg;2
z%%m1&i^Jg!=poMybYJomf6d2dd8`*>kuagj&p;~z3CJOe*M6<hfQR|VgjJtpjrH$1
z19P<^81ly>xCuB0tZG(Duf|cJNKsxtHAt4BDt16CbYL*_SRjIakX|nAYb~xwl)(KZ
zG7;ZY^kb|wgfG_sjXSY%ohJ58!5^vU><l!UEFq|>bk4Ws;kqFqhhx0ppEM;GGWDJm
z?4rVj08je>RBUB8pJ)b0aLpkbRI`6A11mXQ$|9{u*e^?ox|Uv5maS7D9V9zL)~Tv3
zw%ydM&&kuLV{tZ~P#<f+8?qif_bB;yx87JXSx-Dx2Dvph*BP5F@B;|CvOmW*jd8Uq
zarMX{&7TyhxbZbqg!<$i2_r9bp)P&PXq=1RkS>?4PExG9;h>0A{>@+foS@!du}qqX
zICfZ&0kXx<Yy!1M&PeH{zgLUI{0dF1`7l`}MbantB1YXuB^6Y097md7otQ!{Z=L%u
zt?p@lajLkGbz6M-gCojICYw(sA*@{X6~wWsYMF4x#54i3H_L6L%jHJt2^oZ>zH9-8
z>JN4Ar8qjnxvD=2#gdcXF!@euHfNhwkUv=VZf56lE=eifPwkU4hGo1pOE$~>tg4s@
zW-0z-Mgg1emT3H$cl1fj5Ovv$=aL#n9bjnrSFyAlg2I7%9Z7*{3kuzx8M7C|n>Z1{
z3YViWS9ycanub`HxZhdCqpvs8T@Ag!a^<vKh+Dvilrn#&XQLe3$K77hsH*h0^Rl_!
z*CRtA51!v|60bD;rAGS|hkH>n#3zX}JUW+IUwN6La*(=IMxQF5`uGeo@#0_F<CkWr
z`{UJu$U+UW+8BGg$*Y4N6+>d)Kps1*Dc6th&56wHt_&4_OCeWmMkb9SvJ!tLzj_Br
zIqv4K*;AKjqc7RS-$*dP`5B8L5?UsF`Q5b^Qe9T6mdi1yG+aqztkR}I^qljj4lAbC
z&TIS{?0y0?AJ}6Zh4&?)8zu7^1Rh4L=3C}OdvS}tGuVmrkFvX7YZXC36(&xmuH;ci
z>eA++VD6t(zT6cLX{ubmS#AG0z4oZ$RzfV1d!KKxWWbw>mHqyUgEH*F<A8MpY>-r^
zzq!0jL?!3E7}>BukWTM#0iSHe8GYqkGav<h7xy`p*?f=V?`MT~@hYFB`?A05CgroT
zdmkAzqp=FG8I}uqE5zSaJQtvjX09DzSQ6^pjnmmoC7l^fGm7?TZyZ;Zhb#boni?Pd
zjP_|fb4w(t+{=TO@-(|3$in7Ie~F|<G#_Z!>0&D+#ZGCgu6{*r1{yVDuwuE?f0FKL
z6OVcPkoA}#O~Re&a`vV0H}NauuijaU8f;#4%Auy!OJC>wWIQ0Vfipurx>)CiOSOk!
zb~j8?z?1%*V?9j+V54;`RkI?EM<b;Ek#0(+U|a-WjQLaf(NwWJ_o842`|~whotE6j
zNP_FN1E(Oqm&2hXFSx$Q0>kVyYjFBd(HRKAi%#h9nN4JJ9UVB*bpvBh+Qua}>%Q*J
z$|*Ftu$}u<%2}l5^qFA0nuew8fS*;!r|<|g+T{7R&M0fm$;teqO4&foaOnBxaFIOC
zx>3F_5d9BAI$@{q{sGSqpTf@klr;T*a%xunJ}DlH&5ya<eFI7+fqH$auujgbGxK3?
z1~TRNME5fd^PD!n^W8XUZE&zs{!}FV`~7RI8y(MfSBm@9W>V)}d)|84Uy-Xoo?w(l
zZxH8YUM?^%Ji#*g;2~a0HQ?i=<7SuLXvP|r_4eDaCDQZ-J-jHsjU<s;L4YiGckKQ?
zRqmgdt-S=1lvnk>q!$5=>q)MYgNweut)^j&H`Ain9$M=8>T0EAoZO4|s*x8NOA|85
zcsblFbc&@fV5}RuIz`otvN1;*nt=w4meEetA%eD~9v)bUA&K4T7oG-`D|J*S!p6FI
zqtlu-vcp2wfqo|S8j4(6vyzDso_KB?9Dw$uice=Ci5RN_)o;>UgXKn}%L%eEBTZI%
z7HmBFud8T3_f|<eQ1x~+@40h$nP@%2bd*fqSa<RGIiC?^*f!@~uhLyq{cJ2iWV>b$
z;^Q@FWPbt>gEGw&I7ui2NCVs)<Rm*nCJj|S8AfKBX~gEH{SsTl&*d``8)NY&s?B%j
ztbQpUr^!d+8g}6}TxOd}Ai8dJsnhpVHoPBlOfmj!THgS$Ls|X^Z)<(K5aJo=61V?6
zQ*X=B!E=BKGd81XFJvJ~f>uxSCvi(nE?X4)!}68wA@3b}Gaz(TBhgu$KTn+QvpzUs
zC!XuEbyT)ly9W><SLC>GHQ4QHpyV7>{hr7~F;%dK<g72I`l-2dG(&h?%+RCE<?Gng
z+co6I@@X=Hv;4e%I~o2+dh4^>5Tpcd3}OdcUud3P_oQC29mG!^^Q`&gEIE+mn`cMv
z?N5mt?Fuh|k+f+{!sVUB{6C5i*DaKM3SONdU`)Bbmif~WN6V@HwtS5aB+Zo>%`O@6
zQ)I$%pN&h3-mTtU_NSguy6O!{{VI;8LGJNbJCJ&DFoawr7Q_ESLiivZm?vag^acH@
zk$(SCb+~p_TYB}IFUrbUho2z@FW7#UP0PSglYqTQ6mAk!$oCg$Uf8jIRn+_@ZM@ID
zxTQz?RMrSmQyqR@Jk7C+wIPlEX7V_Ot(9LN*K#D9@RX(dXUVP7<~+6Hy1dVbWv!>g
zHD0ZfSBA((4TApZigCWW!W4BK-#V(=A9>yNn%Sj8(wd)t03455{SqiRe|7E`zeju=
z&wPuKv^Y^qMS2UdVZHG%ab1jS)})vymU7Br5RewqQB5)M*D-ImfNp^|Kq?%e3~yeu
z^Wky3#)eqDp10cP`gr_Pe}Bg`Z=5%6O{2+m$->z{arna&ZC!4Uj-kkKni#qN0V?f;
zrAOlg1GwF#LKEp^<957L-PY~rTYkQ)B(Ivq(v_HWQhp9}_nWunx)2W0F*fySVX(Ib
zPjs}d3twi_hMC7c@hB0Og$2K;UK{EwOVA#>q8@tLx5s+56ujmn!pX{UlO7DOtVM;^
zbu+4{)-k23oexW%8%G+<u7-4ZfCB!4QMKwv%`LXzTI~v&&?F=BHhnf6gWPM^k0<=q
z^Zw$$$LTL+Xj5S6hu@FqMo}wrKKh)BUJyv*noBpB1pZ!B>>w)~^PIww*Fb`Hg^9?j
z`=$DqLwhs>S;>I4wlb%kwas8xW`FEYYBhZ=cARJ2ghqGVUlabWGbC=ZyAy#;|FEh3
z_QolQi^x_dRBbTz{r#u^<0<o)79woYn3GyNiH{&x`uO7|FWZJXKc6UD?x813W?r$T
z4D@vySq+_1&St&Wr|M5RfJCQXQVZa5m%7)YzJP40*Yd@SwpjLNgulI*KU^?<wdDBi
zTvn>lKGwtA&t%>z%Yn>;TS-o-hJiKn82!7^^H;*ZU}3TP*!fVMlVdd+Sh&>`R_q$9
zF5LgQIpz1G5SgU=MLwfb>8lx`Jaro{6LDZ$S5j6><-`X{ne=j}4Dr-)PJ8CzuS-D5
z^qimm+S^5@7-RVhapBy*%%7gKw+$`SaSW^J&FFJm)&FLYY@N%b|86mroAknZC0?Q#
zW>mPLeUlkAuX9|kF5sB^TQfuHl9FuBd&-qi=k9Y)lI~`}B<0NlwTY|0zI9fB1Qw+j
zS+C?(3nbZ}Uh2*2VnFb++$avGKzq$=rfs1$xqC|P$BLZ)4=+H_zu2!{3j9j$DB+!)
z0*#O|S9P2MnP~9TJsrJ&O!Cq&qQmd&y*>+Bmd2pk7*%`{ZfesC636CAg4`x~G;-3{
zPNsf{3}!{5YwN6ip)3}fY(W`6P24+nnP>Yk4`$aUHf0>dyh{!}k|MK`g27d-UiI7B
z=b1X&CWGQgTv3~TW$a32<eExE%{)8msZA<bm!+R09|Tr7wS%%8R-Sbr!97G&Bu>5Q
zl{adrCNr~o_t}}D=TdmEV#~BxDF#`L5l%HIV$BiU$ZM$+82ucv8Dfwp2J<O@$Vl^D
z1S|7^zIQcYRE~C_c@x4GKBgo&Dv6Q-`rUji;~*?$GiZ)K5->v+7dLVm)xw&RhNflh
zk*1g3l2zH!5Jd!XYHDt6WXTVExvR8V%!ervyt+p=GDsSy3{M;}(qR=1YO^>Auqs?A
z8;w^Ej}kQpuPfZJ6I)X9)x*1~*=mx=u$fI!OT?(A`XF?iu!Fp!)R|i{(5K8vV#tx4
z-=frMNUUiV1Ug`cgAV5<nTbmTMjy+448%tzkFYsnr^lp~*>-0|r9d_hHBtHEyjC^7
zvL2FGnF5riSwQx}C0$#UJ;OOkxQt`fCX%L3)q_mB($t}&WPqt#oli-kI%c{v%0f)r
zE^`%ZXV2M8zNW}Q9tmEj)JCj`83#$7U^Sns#Bq$%&GsoRk+QbQPmsJDf@(3wVVT^l
zd!jY!=N3OP;BvM$qlv7YRY${&W2%yWrWzC~5?DD-Szd5l$5~)WOT6<3%0gEe8TFEH
zW+QW>q?5N(!dqlhs~OYQ=FCbA+3x+!CqWd&1Dg~en(<W3=<NhpWVqC%pAF4-Mu_`a
z$Wrc!Je9JfasZcV0>rkhF33HXoIGm6@wUkINw|+*azRkVWi@4R*X)!oCD%^g+#z|U
zJ536g)P@tQ{B6r6Wk6G@h%A8QOv`B%Sw*O*fPHhF*fvE4URCMfSXC4$!580rL!Nb%
z_@|TXafgBo=#*hAL9E1#xlDGYk2@-q46^Kr>59x<8r6{3yqb`y3k=;&b^j+m@6c<q
zBSw*Zn+(KG5V!c55E9jJtC2HmQW8UhQOD&&-KvQ}t}Rxwwq2%DCysGJM`QFkMZ73A
zH0^jY(;kbvNn1>svYLnzv{S|cdJsZor<tPs#Hq8q0<*$TM?6mkNxH3@6iQN0>FiUw
zCkb@wCm)Sb7C0pFFLf0}dRgeHR$Iv@P-CFt>a|WYUQ2d3d5&ffk5h43%C&9jf|Mg7
zY~|G!BW|(;kCJz$amlJEP14b{B&w$&2?0~Ki%O=?*0?j1O09^j+Ysf;IOS*>h)+f#
zJYkFNc@<7;LIpQaO<^vHpEWLX@=}#XQ!P`?ZDTR{!ZCelN}9Mqvcyc35k`?80k)s~
z>N`$E0!~Ngm5&tXW8zsERu6s3u|_Ir;vGb-;j<ufVKDRjW+bAVXucw`Q=CZPV$Wr<
zqE?B`P^6Y|mgLH?W(|E1DP>6ttnSM4>WU@%kd?iIl*O<W67+IX8HxEyel41vo`Pz+
zBAAVnzI>7b7%P$lqLT%}Rtp(3!(>tIvty%`4wMZo#9V$HlA$YweH%7JcQkrCdrm1y
z&|)8C5i)wp#!<}#$!>(*Ax{eFQ@UoE@_9*Ory4t2oCMWaCQgx*hsj>au0&q4n;21{
zAim{T|D<w2_MF(ET%hT*7p10wZmPb5JU~RQ>59*#Ae8vn6|XMhMiKB<>?sTJmbAki
zpY(Zk)pcMhR`p#K9|X<$BU#hXOBREx!n$y)Aj6sY`w7SnBynITMW$}~0-Ol3rx*}s
zI0s5vs#5cU)awJMl{eU&6C}S!GntlKnwYYi7bI}W46VHEP`O0JF2`BU2(6ZZ+}FTs
z;ATUj+!=zrU^}DeikyS2mS?a+`^UQem5N~+#E@KXS>Z-GM1pWD$m3SBeAmo1XxQ>l
z9j&{P@{?z;?Sy(CYxeHIKOM4n@CnD$+hl9!WW?&e9yo@lV`MdU$Pg?^8in<#=B04@
zq;uDlrgftx<UVUyj0|F?n&!%8%%b-ko7K7+lG|giBPCBpZO%3eBCH3KDQx>i=1tL}
z3J575pG{>ASbT4$#QtNo`cEV}V33)ukV&f;m-3LahYiXD4RdDl0%)8qGq0}Vh3oHT
zp*fwDFjyQI6CV(i=149hQhA?xM%<K0$cVf8NIX(~COC7Pi3-C>#ZO848aC0hai(`5
zm);;A`6CWG8FGHLY7s=uIgrTvq&seE>Nr|jGF}a?QZ~!{QMKL?aln}-V=TANk!M1s
zQcjJQM$fXFq-0Dc-wL0SlVuS;z2t4(3pPbtD7V#D$K;Bn`6j-R190(<CDGhi{V|wl
zR?W61rtCRMM<}s5bOx2|+D=lo1!24UMT%9^sPe9|F*WwR8VIL1k&JXBXOiY1@dJYl
z#*Wz0F!-$`+&Id0=9`a%`)(S=HKh4gW`TTlH4#$ZXoN{nrxI1SizQZ>kz<=V7f2E%
zE{u{y;4Ir$J*Bx;6C=;CQO~t3&$nc!HY}N=4X>SI3+q9B>v8Z7bqXoXu|}dby+{vz
zq6=9(K_2`t5<D?WB}kG2hCxp=mz?O;5vg^ZbS*8+HgYMzrl|>$H1YFxvBbV%8r)E)
z`JUTyDPSVhaamc&+_NBL#2c$CY$u2#^y$TR5>)i2nXU-=A)&q^q+OHOX(_#K$c^+J
zm-(4mDV>u%aRx>uc;kiZILV6dalIp9h*}|00da`vYBW_!*H3u}jZdcRg!{;u)M@I^
zn#f>vuKZcaxXiIlUb<o^ZwqQPE@g@Fq7ZD6$|(K(G$gO74#V<^;}u5SXWeQ5q7~`K
zry^Ry2~hStBTI=^i-<zR|0hJ>BJv?3NV4)sxSg;<EynPTWQ$4}oVL>9q|KJ*J>yUn
z>$W9*(hI1rpSYPIp77#-I>{3HB#M+G-G*kH>m=`H`A#R<AX5(Ro;VzI#VwgAdecaf
ztGd{O>Zz7RB}LMTO;LSBnqGvRAv=aPwv<zC(Hzw+mn#Y>`<li@NJZ5Y@ywX-P(+vX
zvs#LE>o~OsXIZc`fk|EGp(#4vnj|o(dCfP+6&6xjh;efAZL8VyP?dID6%jS9hagH$
z{1&o`Hd+$MCjDR$e6HT9NbF4(fJvz_C|jFkp)|5I#0638Wn}Bn*=m{O3@n8heM*Sl
zO5rJujB2NXtSTpXmdaU_6=U_-C6t%+JH0%ZdMP1~oV`;(FHh;&bK7NlsfbcgIr%ub
zx-?Q!$in4L=j|JtYU*yq)L|h2>#~v#$LX9QuSO?|cuM@9^p7FsTE{qqb#ix^6k?(7
zCM~RZBpY$h9EW6`PENy~vW&4Oh_EmdBgwP}DRY1nKNv~mMniS@HMKFSFO6o~)l>n)
zR0XT8xvoi5t#t@0nsa_)Raay+WrY>1_Hin^R?lo{qpYG&Lvv$mV9;1?zRFr_t-nE1
zfSstRb&_1=Mp;<sh$RSJauPwHZt!ijmA8GKEWMF*T5QxwnaqPGYp@J8S%IygRn_OA
z)+IX396GX+LOk>m=%^7djbOGc;mXk@jK-0s;;Y)v%_ogy;H_u*mHUNB)$FX6M|OEF
zo)gu#$sMX|Zl(q1`K<&^fo!u#7Cxn>`531BJ-m*Cy03Oas;a4}44kMTlm1va&?Jvd
zG!i5C&(4C{hb9lYi#Mh!^ifC`GWkeo<tMVbsEwhPB`}sdqnS^hSsj)B#+iL{oF!ac
zW|d;SrX=$zsgh!(hRO3k9_AiesJNIUW1f^SX{#x!lhg)W!NO|>v&{QCk0z@n%+^&W
z!GRc!$64rt)YlRQtR?z_K^Eh9tg(Z%gc^b#M|qBfjJ8!WO6oKNs8z3JF@}tENV}<$
zN?J*{B9rTRLpa=#`pVPt>#&!bPlYg2y~eSYiC`xOn@Wn1bUc>WZISY-M!4gSKl3Z8
zpGc7f)ugElVg?<B?c|n{Sf(qE3rMC;GX+RRoRQgu&9YI0VgW)5Lk+5!Ze_9WCtC<N
zTOWgj=uX7I=~9TsFvBaYq$+3AlouzOT8hVMi*zHElJc_C6!~i<P1Tl0wk8ox>Znge
za5NLH6Nh4Sw>>(;5U`0!*?NS5si*v6MjaA0W9~4ITjpSK@hLmCs;;E;|7j^@g(t-3
z!j7j|&02(pdWO~8evZ1!OH2@PUPw*fewaCRw$Y&fwk8E0bAa}?PYNZ4@R|;3oK`T`
zD&sH%F1#oSZ^TNeh2Z;MVXCi*9myD@()Wp&#w2yu&?qg-l4?rr<c_A~3R$B0QBXa~
zn8Q@q*+kOf5bV`eCtvlM;b$I{36&i7q{%`Yd7F7da@qjQC)&$1VRce$wa_#%t&i0u
zQoYo&AZ+aFVoB223M+}vTqaD^5^J73**YQzTB$3T75_!6WHm*aaV!UwQ4|yWsm8mv
zQ<;^%S34I`uT+~|Ej*JTw5gMMa;sMZYkrLS?Fc1iE8nqdRVx}CY*{BX5r@u})A*W+
zRII=cQzE9i6amkJpr~T2CUQ;LKpOr=&@`Tqi=d_;EY824@>8Pr!rX`tODkzOC`>mb
zLsHMBG$<)mu{tM-Z&zP})SHQ;Jhciz6)8<v(QHgrO~<C85|cv5Zz8ouV<W4-hOji%
z^+ICIG((M47pdD+8BS8Xr=$&<C#I29bOX_x3qEe9a-@gMpPYo0*+h~=vpviwbl*3r
z&lEi;PNII<jwUh-Tj|zTNl4qQ6XF*`SSMLdYbMKdC>hmLf!r)+g=R8nja>3=vTDKN
zDutqFQ0*FGnnB7WKGGblB-^QT&QMba*Nx<h6c7Ed6>HMA8kf|{%B;zq)|AN{2*x_(
zYQq&4z#5YDBiZLG)@7=9wPp=-qlZRUE1GI$o*&48SdpaqKBe6os-Gm|(yC3#N`e>L
zO)kJm@eGv|kF%=Gvf5ZN9WMQb1edwH6abtkp=)Ky!K7@WoS~Ph%@--tHs|MbxzAOV
z;?I(AxRnZ&CPj()u;nu-j`=cXDJ|((bGvO7eII0AF~c;OPUF5Zx0GH=airP0byfBA
z;-%^f*wgiP9I_N*6VlA98iW-0$2yf&Mp`MVcBm<9TOluLK2AC7)nU+Tuw-j1;DpIQ
za48>F#ky@()5L9sWJrKjazt;2C9yI7(p_lw-nw}8)>MTrU+nuifyz|0mt>kpXF|?p
zYhDS?=w{<h0mMNxVw!mJSWC;0!YZiO%9b;$OUZunP!x?lO$oThA*<^&^pXy%q9r~k
zsE4C_STn432CcZQHbYua9B!H=ksRow)BUxD!dHvTM~MT<YzlVMta1qx^?lM2jIx|t
z6D|;7w3fL*i3A|_^?9p0h?J<zWnXV<{H)~i3R+7?4E+srOB&(L8uKimOGZ1aJS!ju
znR-zJfb245+vuCQnTuMo>$bFus-HWSTu*I9;-_9RLZ2iL7qjJ^Q%P~CW6c!Uc2baq
zuAxhaMWec=t7HEy!)22CVY%f>dzy4ZM5T!sE>ls&EYneze8(_MuqGwmvqXB=gCr64
zlJu0g`ejzfle1PJc@SQm3rcy-Qr=T_NM_uUNgjpd2I#kfsTyWoC||1Sdbb#wCVl1E
zN-#u{@T96pD|z^jGqhe0KCfIV0cM6sZeQy!arqT5;V3T4l&k8nv9RFv<R_O57gf%D
zljU3%BHgknW3*Mm({ft6Cr{*coU|KtO{_#lTdAYZxV7yxb+n|(ZHkIuAdYZejCLy3
z6eewHph4S90-bRtPAadF6~iLB)5w^IEby%1=V6^ZGY4j+`3<!K{v_2(nxq1d-H?ls
z&7^!I-<*`rK;z_UoD!DTPupvHL$CQtmRi0b31p{XxupwFPCo2w9+n!xY12|_XI0Ft
zu4i>994P#qi1l8}eR+|KPD85C!%@;UD>m-6C}BfXIkZ6W8CtqR5uZ-NI<mK6YRO#L
z7g%8dRxFIkA7iX0+kTe7d7%2tPF_1-jc>XNx5^0A1^-Qg7D$vLBbu`MI2o{OCgn|J
z6K%z95qYv5H`Q_FL~(M@sRX*^16&g|U&Wa$xLWjy!UZ5g%2GlPjMPg>Oy9t3elx9@
zEsUWGwW2=F3g<_l&Pt5;oaBScED#}gIHr<N`p_K9uW|LF8b}z77QNVlwV<=QTeQ`4
z=UI@YE-0#&atk^oFhK&%#fRh4=Ql%n0z;+_o}_ePlKiQ!3DY~`9nD!j)Y`|&k839h
zu2R;JvCCN{O)22Apw5nFY3C><0k@RyQ1XseGcQhZ+E0ZV)E#BpR$WUD>PMGikWNVw
zCA$=+U{;$Rr;}QTxxz-(ZRMI2KEJ2&A)}BoiUiGE=CXR;Bc_cbF>TTUXsP$U5ZVzd
z=0)|_2wHV+Dc@|G?aivx8ZhdKC-*v%dF#2Puo}DMVl+@n_Kb<*AU&;=#!5knBPqIM
zHPJcgw8iCq9JUKRu|%L*8!AE2H~Xzi_0N+mWv!!N3*C@}8$ol;NU`QIFBFb4m#&}H
zzqiRlXe{nR)sPXuWLm6ciK#~+&%KvIQ@Sp5mDCt3RW7zvGC0<SK9+E{M#zhHk8Mgq
zD~@6uhbFO(xfPCrNZ2VyB0yC*tfji;S%%b#<D(It!#ZrG27I<{;bxnGpg_v85^UyR
zcaq3)3PP<*L0ZXy^Gt58mYc)8xMiqdqJqJp*h*_ze4VszR^*|Y4C;y6bwlnUP1T%?
z6l`mY=8`Jhty1iXAewg2U{X;E>)8fs<~<2{<R&IiQ1Ov#7i95)1Bs(dx$gUl$E8%X
zPm+ez7YQo8s<Y}O5806t+%-)ARFhygauip^SJzohx}S1JCRBlp$f;xxC$|k%_tvtw
zwVum31xYG86MH1Vh7iV7-iM#Hm-(=;h_;l}K>f@`xRNWA#bID$F5N9lf*qHtZizxN
z`3&})EE&wZ!->NbN^6Sq*ugR{e5P6`&CM_fK8>W7n$;MH#&(SFP_cv~WoSK5K}Hpd
zY5Ad%CM%wr)USyF8EY(m?hc3CB>91PHI(*LX5cFS$r&%Nbs%mlNmtq6ARQ^Cacnc+
zj-F($9(tX!WHB12A~aHJLknw%rN~hdnB5L}n(~3kGtNt{KUIRT{?%!AD$OWA5pzk>
z=ufQhoKhzoJ>RRDc}DXnw#6HRcwtc}r#KZ|tSx5h#+(G@Sp9kid3r3vYFAM`^V~N>
zp5#e$eX@!}F;m9GR5aIxQ`4q;9<{7i_mgR_ix||_5}#^vs=B;xXJ0e#O5P$e!HcP(
z=cMQ%JG%s{(w|kIL{a`&i3L)}orDHXR1PP^Ua^`VGZla1?Cv}wU3LdONx6R}S`l-+
zl?`T+31{OJTki89J*n={XK{kXPpPk9q{Otkib-aUChI2>#ne*Yhs!*bc-srJxSf*c
zMA8s*4ixp7YWP$@Dfr}%qbUpGn8*91=RVb09A$YuatWcaWo7r|Z`q@gGm`9IbBw1*
z$Ru2(6vICAwox&mik8GhE|rNDPMDTP5N184t7|EMbFw*&k4-i2+G20<no^Xlf0`5}
zrQ7bRc+k=u4=tmyye&0m9H%VLs$o60DMdqaE$~`FU-V6qs3pZQ^)oQ*T9*O@ESp=<
zc+pLjjFVT3*8LZ!-GLVB&uzm*tXQBLqy&If%Y0tTDP2@Cuu!{OE#&!ATUj9muU<w{
z?*jq&G-SpRtrvY9wo^-x?tl%M6f>AbiH<ct>rniB$aleu6>;b_b#Im~L&}YD2@@lZ
zD76%(CAAzRwM9Jz@Q98=Xr$NZvPPDdObdb>Co<cT{4=DjRkx*<bz4D~$4R|C(8}pr
zUby2#oD_9aW}Hg(Kb$BOdnzH1HF~lyI&!VCKQt-%zvDsLQYR!|wsuNbr&-o3cDqR3
zsZG968pPDJqOa8eo_^uZ0uRlEEhn6~Q;|7^o-UPpO%KrLJn<oka$(ykZ5+1jm_5#~
zC#lXkU~<T<rkNNm=Z(~eOHH;>Pkcth=N_H(eC<?BJr(ki3}nf*pO^$4>5dVtOrHxU
zbyZ*8+Oh`{r^3ok!E4o2`nR2ApSBmjNtTiGaz%}h>@rzox2hsjw5q0{Njf@_fY{-i
z6C(BVbR6W}%rdb}QC_s5H0|FYGbcBKmcj0*Z#E@N67M~?<?5JhS%UW_PV>;EygH=H
zME{tkrc6rl{w+zcSXYe^Np0e}$le7Bj{E6GS(YY;+GNk=p`bdSj)H2ie2<e7aea2`
zpQ##LYe=)jrK=^E#SAQbK_0I)5jm@`rSYtUTX7Z|8EdJhkY!%!IMKqgY%o;TmeoX>
zbTUtw+?HzjENN$XqedJZUrRMng&c~VDHZG|{ijvMNo703T3r!Y-Dv3bq)7P&?A9C;
z9JIubzm@8LR@^d!+`iaWDlU21B+rXx@+#^VY7B34d_^lWQ*!1L70`suOo>)RW7k#x
zg|SJiK*AkT+QC-J;zH?TyqX({+cJ598G-+-e!17m8-xy`^f6G^&5_H~Vzj+JVI#qE
zOQL03d0PEh?mFC7YhqR%2#J^k9B(JAPEnkr%#7u?@>o>0(2Nls#vtS2=_EesY#WKw
zBiF-_r*q!czl^r?2M;C6ft|7_>R1zjhrAj?*JzGKweK6h9n3Ux$=7z2>aT0z5;64j
zHQ+_kCn#H4bDBqZsZq$OAR-wyY;w>PS%?fYTQ!KPSx@#iHEOj~K#9Co-)31Wa=(#A
zP#ER(I98p5mU-M@zsOjhrD_+I;2n$Ns$o-l?-VZ?$LpCIzgsDzg4`-4FHHFYh7u2<
zD&v;Z!q8guTcLBD<uI%!0I#WMz+t8WPT3dRIuAAVpa=>vgfDxNm`ogdj2f-#>hVtg
zNH()IaY{TsN#7^ulFZ<tQA;gVx^M_a*tP+so(+O-DXKO0S~pym2&L5FR+=kP)dnY~
z1NB00X*9$k%RBUpl=$8)#ZI5qrsE>^;{MLU^jujnqGG|T<s+-#FxIrIef85wfd^?t
zl3<=#ze<*Ix-F&QIqz`T0`7Xq&1sx>I&4+=c_-&@E;xy|n9Gau5Ifya@jSCQ;gB8+
zht=9<DWn*e2(WqeNHxB;Tvj=iH6L6Yz-VaXNy62~d7Z9t7DRTOWq+{ZBwAJOEO$;g
zHe0F2#)+!mXwYzGwNisz+ocHf<#vE&7QETesw!IftHoTNtm;-!SM^aM3iT~FvxY>*
zwOz{XU9%a8q;SB7A|WXckb;Xjh|K)I?7iD^B1zLN7?1M5$(VowJ_Ixp{9C}-Tx1o|
z5RxjAMnp^0(~tRSxl{kXor|$uW}VRm%1k07<Fx#+7U(`Ojzysg^TjUY$vI#1QhHjC
zoTrsVKqLNSWzMw~9>6}D@b$?vqJ`bta}p-asS2ZwCC0W!_MVYt^MlH^nbxu~IuE*-
zZ!j-z@zB&hxDq<o)?dLpz3C9IxQpplfLz>~BOmN*=W-i{ye^OpiPdQyvkKjH=k~|B
zMJ9zb(_Xi<TX)*NG{fOLWReN#oonInTjiIa-2xKO`%_S@6$?v`G@24f<TIG}Y<DsC
z2-KbZHQ3K*MUgP#gT^f`wlND#!;oB>jcr1!?CB?watkH}+tXVbSu;&t4fhY}_Xq&A
z*XClhBM&?aRQEb|D;fjbZ?kqsN9og+vf{)Ps-aPrPGNQ)H{(<DJ?l8T-hqXmG|+PO
zVL(Klx!}IuA*}1!OeT}&9F4(=B`?e$(F<`IO!K`Wm}!xAmMWLsd%0~<qxFs$!Ns{T
zC<7DY23yBvb8|&NwPvPwT|o5_bVl`=wMneG;K*>-xXb`AP_tBbaJjQf?@xE38tk4Q
z*d%I9rm>j@&d0uSY;0+q{50k}@Ra0jq?~Tr%+nmcFuLdti;9UNVkf*P?!LzSD`ViV
z{#Uyq>K+&=a4##=gVEpiqL#(LFl+2+bax*?zxVW<X_TRV=z-IbZunP|fv<0Gfu&IK
z)=<fyd@0`svS;^4$H`Os2AIX3(N(r3@Lsf_&g1#Qnw+Sfpt*~_7KHf8u#oU;zjdo1
zeRL}b_DBn`yoUYFt_7u^IWn;Kk}7C2saqq2wGhNWxZhl{0b*A+MQL88^gDjx%Z7dH
zGZuzN^qE;yN_GWJtDE$SXKel!mX!HyaprSn(bGw_b2=hqWX<pO@^=14;bsE;$FnQG
zg&mnh?gc-UO-K>3dt{LQviGGO;?_1F?Pq@L>QBxRTy=r&Jdmh1%Qbz$mfa%=$ELz&
z?3Fu<uh@scCy6+_BW9O09VDdcUwx-}L{xcKv7Ptna@DB`7~DL)Z7z(GGMn3G(EDkO
zBxEnt%ukR(^!VQ&r=s?5+x;y-skSi31!pZRI`>E~EWdc-viL?D#mnA01pb>VG`qA}
zGrA(#R(r{oFSEv|rl4=djTvNHJb7i+LzW&UFt)fqHH49lEc?MDmTgUi?Y)6aum$>Y
zAybi*ezhsU?kM7K9#yNBnE$-xYRX!o9h@x=21(6ZBxPteR&mNl;1=p(zB0|s(kX79
zhYG^PyB+Yta{nID6Q(A1uQDici?a*kmOI3#cqAthc?UUQ{G~^zub>$yZut8|<dyoU
zA3zDyJGrM?5LUgtQBO;pHjqQA!86BXWVLHqXpRNj_xEnYkwxnncS2wfMZ~^Z>O0pt
zgGeWY5ZBEGd<Jkv?GUjyx2O^`;z+|3u)p?3V=ApNa7CJV2Qz1gmwjwbMT|9h;an2C
zavzqrL)@%pEQ56HVmhC5dpmoi^}cxI?@RC53)qe=usO0nxgP}yd!CRn?IDEW%2NyE
zO6;7Ru@4F7a2iN5t9=}qLr&fucBH$&YuTJaWN`<TT)`pi3?4M$ZVCgc$_r%=Rnx5m
zjDfqLiqN|xv8zw5KjjRkwVE{x;}bB{Trg8Id^&t==<X}nUzR;64d$Q&o!Fvkk>Y-n
z1xy~(1~%=vTXLQdz8Xjk_ravTQ&-1}$4gB*GrJjC=M1=Tgy4w@Yy~?D{b(^|eFBA&
zu@U=<`Kr^F*QlqA<z8`$y_6R>|48<c;g*-MiI1aZ?h-var2ttK&s7;W$0NEv7G$({
zw$iTj`^T(X$hA|OX!o-V76r4=+z1Jrq}cWf-JRPaqMvyQ#tfG_oH$F%)-^-67FxJA
z>$ZdwL(ODhGScR-#Kb(!$bSibh5<q&)k?y97W25iWEVS7k_ro!GoyI37ZcKL5u$ic
zEV9EA_7tX4q}71$+?+6;2|9C2?^*=|$_K25FK)12xo_451a=|aQRmv1?C(@E13d&<
zX=-x`wtg8x-*iq6Of1rIU(8%O413dEhd5sqKnCNiZaFpE3$#_^4!{i55i^%$u*rCl
zk*A=k#Kl!cieX$Q%jO4s4mua=v2J&%w=oXOw_)6MGyu36v|0l90?JG+ja>aEb7b-B
zvfO$oO;sbXs;<SL)5WGUEA^%eY5Vu|KDM21K{wUz{$Td^&0QWUo^TiyAWXmoO!V_|
zm-+luFj+jnfw2hDI4+?Ys4q<kaioC*ygPS#nx_UCHCNfw7ryqE<mYwE*SPa&trkRc
z<*yGGSPjaw-}$2_t;U=uO$*NoGdJbVuQW4l3?U`e?WyGz&293Wx#mCvpU$MSz^75O
zd=%@GNb7hiPEs-PWPmP48+r~%pgoKnK@gO22B!wy2B8zo!A2vYLj_Fe&*)&xdYIq3
zW4m-e+nx5F@v&vl6{;w!1+9+q$Enzbi*mugH>bYFjj)TZvMVXSwQGOmbl4e;T4t|Y
zcbD!h+Y4M|q_6MQaPB0-`%@2oy>+fXq%uk!g2-?6=NM`9Uo8Y;IERq1=7AId@l-E4
zxYDrbYmP;RnQl{HH-!x`dkl0iFIp+Hg=gn+G71PfjM;k(H_RXkoCguNU0A(AE#%An
z@@{=Vwlr@$H^Gp;hnmL#S*jKmjyOu)RPGSPK5ovo9#}A-z9jo=L?3e|Lw8nOKQlEa
zaZoIM7m<U*RnrX?sx~TVh9=%Q>M-vpuOt6sC3yCugQKkr@}<Vr4o<?Ir6UYYXxX}-
zQ@y@~8s8g>1r5wiP<43fFpFPhG&Dp6dJL<JTw%113?g%&(g^N(4VG}-m<~qJ5wvPm
z##*SUT@<7_MO~nK`meM!1+ZO6^%cEXBZ}75#b6+kMs~)hddJ5+cE{4nh><2{Ru~pU
zlIw#h%cs4*4f0iIB@lRp3~Sp~b&)~nPTpx&q9|G*YuTA!$5p*XPEasJg8I~CCl=uM
zjDB8~mum)<S1xkb%&9#0WOs9=y+8xE1CM>&x$jD3bHD~_gEad^r=3TY@~l}N?5hD(
z;>`CxQW7Z$ehrPxLh>UUx|c@mJI$4XSoL6ZPJU@|#5-dFQlS!~jhew$V4lu3XpM#@
zGdMwnkfNa=8SM$APM##q#hq2jXgkdd+Jv3Rzyg?!oyHiatc%{u;~S;1Y;*M9#sfZY
zMu%KI4&r#HA*$NILH6HMp0@?>Z3OS*)Ewpmf9(*-gVgV?1w*!JyoL<VHIz=~1#|iw
z7L=8F=Z4Nuu=PoKA0(9K7SAzPN6H(<+BUdOb|x*g>k-$fzv}FObEJXrttXZ@Jnn20
zIPRic%9GK8iNC#r?0L3Os(il<90CkYI#5+3C@bR+57OnQ@URSQ)>e}uoG3yW*~4-&
z4OWzW*1<CMNP(Rud`vxx?xFnV(wk#{HT8%wn*vu7TF~3V!&~cNt4?`gI(8OVV>_EJ
zrs<3f**Fp5uE89qzoD#4k)U&`{5J#BFqvl1t_EkK{bgrSuw$^K@-B1Lfup#EWK(s4
z+~xQgYTbIojraKnXwPAB8X+BTqLb*N-DmG_G3_q8kTYky?+rTd5sdfxwpVWF9<?BP
zdkl6B^Di#Eu4>_Ty=Y1GR5A@4D1RBy+eJF>oli$oVQ;hr@6pw1O{dCtfeWLE)PM=!
z1ucqYMyP4fD2?{Th}JaE(m=_eIOzu5l_MBYaf5FcYYbyd2x(wqFY`V2CU9=-EUd~5
z<Xz~6{y4J+2hOy+%kePH0Rgg|*jfU;?$$(A=Uusv3f#B?=8FrvtOH5gT&!#*ijf0Q
z8{(Q-!n%Di3R$}gqrX}Pxp^@ibYSS+*+~nFuh|xdXVpCwzgh8Yk#z%x>bvy{3l_bm
zGLCJXT?B#8N6WVpZ1U(MNC{uFE^sQ~(Yvq8!yo0j_c_3MTL=GY7WwPMV{-_bEV_^v
z0$rwsuP)D$Xp|wC)+0#JmIRBPZq?O2T=v2&EnAqLC3_9r!&{HfM3&tt$iO44;R)#v
zCq&dQ%RO1{v>`Ho;pyfJm?tq9q6Ik;=tjQRiEC(XJ&;pFprcP=2B!8Mf}Mu8=|-f#
z?awS>&@8Yvhgi;G*JH<NPTQ!PIc+@zhX5L$bThdxffROQl!s5{UN+oFgkjrWgCTQf
zPyz(eO9<XS-cQz#*p7_VxVr01Gtc%&Ye<M_uNZ;iX$M2i7(0uF&3jKRaA<f^><B#n
zGKW1FzF1h7oFn~si6q9=?-{3a-2)8NKCW-3(}$g7q79x<rl-Di$F3T!n0j$N5$UnH
zK;$<|{VK|x@?yLK^XAf?n0q&YU=ecp)1ZW8@;wm!%H{6!V|Hxw<RPS*tB5TrVkT|r
zmFN7Ahp2J!4XK;HNPDCx_m)R9<jT)8tJyrzwa6>T&f@A)ZOTpP3DuI+H+1sAknS%?
z+uUrUf*AWz@H|XaAm+hl|0j<RALJ6lpN;8bjumHQdFqyI`2@D@=V<=U_VXhfTOoXT
z0I&O?ID@(qfCdwEXAX#^Z+d6g6KsHt*ZEB=6Gq9_qjsNKj-Dya^b^U?Aru-AOfqoY
zqo5InRF0unc59+*bKgNJ__S8!5iZP*F!UoC2IJivb`N+?^U^&AH`mbSL9NLE=`sub
z|FHemDTW@7Geh*)+!l#__DErmwo;ts{xfrqb~^TDG>r<V-ZAll*cBKt=rHYI&EyC-
z%~v(7_n09MV(>J?RKfJHa=B$~vI4a<`;q77n{tWmxeGQIZQbrS$pt5I+Mhy%$r!z8
z<x%fG?<wE8PLb;nj$uJb&NOf;L1FgUW6;?Jy4D`dTnimS1ASwN)x?5aj_6@N_wJxb
zfy^k`y^f8u8uBE?3^=ZLVT!n*6R`a10-4d`zGH<QFCdy<6~z5pLJ$(jz$ut5X>F~#
zi6Eqybhh;!8TJwx$@^4eaGlK|qhykVHR{N@jMV@c?#exA!Ini0z*8U5V<ghPv=DKx
z^U%)nOxGo3Z12PLwL^@>M1sUEC1{~ipPF~&gt6{dS%W5L(?K~4lu1hnIe-;E1k7#V
zImzaEF~hG5q&}HdX4BOFx;D1qO#`B`>;mjK&G6{1+~PDKyrY?dneQ>*r9n?%THl*a
z3g-jE3$1Z6$a>kU6JpRIYpD-GYY^~M;0bz&{ppS-qy&yQb7Xsx<kV<G&;wi;>^WEG
z@86#+nq!H)E$~mwVHuNDQ_I$V1ZA`fvRWOW1hfXv?%Z-SdH>!l;7-zIHKNa$9sE%R
zB8E-EBcwUi?iV6F*g1gtVT+C5On0w?0!nEo?Ajw<U>Iy3FU}pdFCGB04anVkC^Wq%
zAVr)s_YD{LaBRQ4z=&Ps8fK1pGh)`e=w`9U#3!2?DPK%2+X9J2B4gt-$L;Zs*EUbc
z=vo?6*}yW}Hm!j0%W=k}_t^+5;d5ZnfNyi#Odwds66C$~pO4sssu~JxE8r$>I%4Ob
zC6R?xRV6zM3fZ}I^-Jd@0KG5a&h6z2*1<Zx6D8D;M|-;C%GpLh%!piqZePrN^oWcb
z6DwL{7JqE!Z!mYd5)O14vDl1R&I7SRg~a%?gO^RWxy@y4<k2*~(vnpi2*@HG6Fi3v
z_RPHtC_Y7ZJ=b?1E#cWzXUr%z?gJej@;jao@;Zs?QO)Md*}b;6u5P_^Y(<r^V7yrW
zMldBe53V8S&{9fK%X6EF<IOWU)~ApRHVk{ip~eruvh?UtcP{6`U=dN4qE6r{zI@7m
zUq9OS-lAL}q0rf0WEKLc5H+X{9G5^r=&^P`lgSyB$nHJrJvm5CjRGrdVqbO;Mzy4F
zlY$<2H(To@In3&zU1jsY7TW|H-@sCLSt1bvC*C9@BMJg4Oj~~Q=+Cg5T=(rQ+c=&#
zON4uBQ8h2<ybOHqU=P(O$7~yf^>AB0t99+M`AgYg&oY87Z|DnwDC2jYOAV@6qlUD=
zc$=11U5w(HHD^h7>A4>7Lnj=K2tYGQzX}1DlHrZoX;eaQ8>NZ+JRZAa4?YsA)L-`;
znw|~obo-IFaFSgy7mJ*W;7?raIQuYD7Bq9F4InXqFk&91<LKacjQXE`j^s*CLIl=O
z!=_zA-zekft%tlSk~3x@1#3|7@)1VkVG;XNzE|h-w%7bx+n&5Y`F;z|hUm2l^etm2
zC9z<W5O%+hb7EE#A1~&Mz#yPgG*57EYKTR4)W$cy^2R5S7<+DRisxatEcyQJ%cMTh
zOinXX%!}<)!Q&=feTW9JVAI~S!HcQW&&?uhiXKCc<y7v6?0|pOVVxP-R(*kZeoN)o
z81NmKWTBKgbn-aRuW3vbNHNr!whR%JGPt@AX8cyVazy%dwTqHA3qv`9d}8EAAeRGj
zZM;zjOWP<i<E)$69QOVeM(AsJ+se^+HEuNUSC1my@c>b7ynB1h_cFS3XcXyK?Cy9J
z9-ZqmBT+qDCf24{uzeo`?xaqe7(FF7A0vK!uP%yLbfL|i8AsVfTOVDRLJ4NOf%@UO
z!SkqImIL{qlfwpOR3t8}3!(rpKrEZtJYZOgvN7z+KcTxmcN(?5!ZUW-B7Kma^QXnm
z8&nokXNP=C4fNK%0}R7Mk$8XWewGi;E;FbXUiT^x{Vqeqn~5=Pip#=j{AAerFpACI
zZq21(9ZZ>>Fude-duu;k6lGgnU9VGuA47C=Q%0L(hiZXBovXviuZE2nkLJgo`^Xxi
z!cYN#u9vKm<_p^+k$L6{(L;#U>Ds%rV3>(P`(S_2<W_mUA@+Dqn{O2wXX6!li~(DV
zK2~^X*~jy{s4iKB2Vf2n(@0?KUAp%B(l*U|^HnTeuy*d$ZL-cN=$`ap&mrjtHcE%S
z_HH3X;I{m!<rF+;3vhP?xzwH9Miz^v`}bLalH;kF3}Z2y{?v^LGs`F0K`n5Ez}+?U
zZr5NSc9w<5QZ4d!Y&N-Ji5g;4mp;>BX+{W)TeWV1M>48G^v)Earix9lw7ayrF8bkR
z?L8lV0J>!pfD+aeo)l*;hc<OFn;EjFb$M<U48vYCxPLSeLl)}{qRp*{<N&KSL}bjJ
znPE`whv_8$#>~74xmF-3d1}sXX1)rAOm1i1mOyya@|`Zv%;N<X#Y6h$ZYOzyjK?5Q
zLMV+k3|JFwt!AP8?Vf=Y0i+(r(9G^LZmzZ;Q_}Q>jp3eN_iv)VhV1TAL3MGbQxfwJ
zrQ^6-xQU&=L}sThM2W+6ZBG~lvj(<ox@MP+gn4uA4+Fo0j4VgB{{@ym1i(3;*xr)V
z_lQlxyi~C#jA<eJ9>Mi<onvXae8<H7*nMz@@YapoGdQhGpX6SU%&6FVXGKHwLeK^p
z7@$<z>kz=6oyTiY?qY}$%{b|sb0ub&;d);`cHo8E6diSYMEMM3Ft$==y95%fear5%
z`>*uZq5p6L?mGD2i|YhhQe$UqLaQz?0!u<p@4YG{ooZNavm8j%L+S&P48DSAb4+vy
zn%%;Qr}hHB!?eHj+Sdlia~xs=(Fa!aeWV!;lCcYTTr4nhrJD|0oVKCa+_ScBCGZZp
zXi+g<L*FYt1=7`Z{%JX=m=&HK!cCj2@#K5ExBhGw!z#vIh%aeIeK1pQg#IoPpMT2I
zLu@O#bsnAn*5Feh#9|r}ku?)Zh<oQPF>RPWYJ}{}nF}5Xl^}1%hmKb;H;gWNvGACz
zawH`1nSI}aGjC_Rr?8m~_-Wp}Ldc!HL&qXW-e7^*!tWB|b&Wq9xsbM8_wXG}GemTC
zZUoslwj<#E=$))_WsD{hje0k?Ko26@adzH5MDDp7#1hNU*6HQ3Uz}r=cM-gO*agTl
zKw;Xp31&&0dFI(5$ga(7;ePHcx_|2ZX5!4`k+wUK4Jyq;h|ridWJ5ylXk+GwO>ytT
z+}Yx`V8<`N@gh&!Zz+I_u#OF~FNB_x_7ujstWZe&Q;z%M3&YVtF}ko|N?TD~SAJc<
zJmr9H>jX0DDM#So94m&dWY}bmm55wDm^tLqOnkV{OC(Pd5yyfI>Uq9TgIgeQZ0i{o
zDm0bDuK%fE*jt{Vuwih|>1|UZy;uz6%`_SxyY4Mt)T*^o@=EgtOuFB>{GJL-hUNth
zl#oHS6<5qNlm=mgd<k2VxJ{V?v&>D8b5V@{&0HrI#x}8#uZcoRU2HdquN)(h-0g<@
z=8Lj<m4qlqb3&G$`=XH!3rngIItatiozo7g%{;g`kt{d^|FZl(KiCS=U4gUCm}?;k
zr-r<pPo_Hu^&O<fZQVD@T^A4Z1UQL*bRE5W-}1BbvPu#5MEel*$d&mxmD<H9J*c~9
z%s!Ehc<YNX(5+={qtnZ^%djNt%HRpv<u~Se@p<=1qZvZyactqIE6W+5ca{g}$<5GK
zZh;IZ<T#pO;*&G}1|GjPK!T3J5q>?}?6^L4(Q+B>!E4QltU=G;exz^CJ~g!z*cJRo
zmL%*fJNlqfQI-j}w>5P+x)B_Ab9cTW1A<LZPnM7Gh3AHSyU2WI+iv=7y5o3_8>nwj
zvXgFkV8TkHxg_$uAl68gZl@M~BwYQb2PeJhFSDvHQM(m5rsrmam?L6E_%C{MnTcFP
zhGcZsEtQ37VSipCz3Mcqg?s4Fc#fPU3T6lWE|4iS#lLYwBYjfo0(M4X#B-9qQV?94
zoQOIJ;eQOO)stos0b4gnn>q8XyV}d%z~VVn=Gnq*OqZ_m{Qu|~*(Q*H)8@gdE2lho
z<xC0yXA9Rk8gg0g;sG`x6Lj83*=O}O2Db2ZGx>U#*?$HhS~mH?rV*+`lVKfU(N^pC
zuH4DRKRYEO_(CR8xfW54FRqy|u^D4(Ys(n)f~L8Hy$3demfA?0$EndNDX^G?+^Y(?
zTitj*-4U;iv*|HQ57=}eM7s~(=wOsmQ4t@<NDmumqV^N~_G-55j18>>_4y@IpZ5h)
zHpdWtSrrVeatZ0cpn@`{DvNA;%z@8;>nywK+86Y17JCW*Fei=~IaPwsRDso9IPzg;
zk;8pZZ(_NBvrow6yUdudqK>J@P6?R>@XZipzbuPnAwhqAFSo9Hb6I^28|!R2elp0l
zK#0rS^|J;xf|cafwFqXvYda6cCX+oM1rERA$r<&wCKw_LKn=Th^M6FPwWS$3M&KP2
zh1+F+bE-=29P{E_<sE_&EdMtsjuh9_h38RB?-~eVv%^N;L-E*(><jjTS#vF8sf94g
zS%Zp)Q}vFJycoEfB#!pQ2$7y!px%(z3<K$3x>0&S#QV}BTr~1$2_uh=Jbpdj)D^aA
z7|21J-)=E;R*!-6NsR;j7A#M2c5NB}-V^AdUpn=9X>cR3$|NM*&EX@4cK5_`<_4x%
zsdbo}gv<(*dBv3h+;k0J#5Sz`=&w73gG$&dJ2{6Z*L94U154wk3at8p#D0@uA~e%4
z;LnTY6+Z`;`WmcKyMm-qVI3TKEa$QZmGRtJP@UxvYMe?%*1^ai<o4C2z%?!1D1e@g
z1$rNL#)BZM@`yX`tl7f(P$#sH)*<#G?p#^;oRw<tZZ7)<ZMAe>ftlk_cW?PZt#P6r
z+3)H1&6WhslxT6!KLoYd&ZAMc;8Y6%u-oEU_BIo()$vKUIP@1+-!{a!MmU#7mzg<g
z1t=+G5_cl5ux-ACBu~VmtYHIFf44s07)jE4qiJAU93TLFnm;&sM902bSOWo;gv?~M
zD+~}IG`XYx(YGJsAGT3Pa^LmN<O`cmvuK`;+gSvGB8_YbUCwD_EsOT)1<XQ1m+NBm
zu#gVb*=mXDLOIf3EId)U4f?-ZMT!6*{w`=z*Sj3Ir$BrL2?%B8taq+VBwbpJ(HMJM
zCs!VJ=1H~fppuFd&8=B><vwsyg6*6+Y8PVa1*V&p#1p!>=g4Vz*QSM>lLdy{6uF$X
z0kNp-v1yixcvA~$1Uj4f$mYdP3^Q<mnuBC!BF0aM!h<b9?Z}Flcu;ULMtT5GZWEW(
zZRP}fuuvNjhce;DXH(9I(k8~!QCxfCqYH$btD;-1$gC5{bZlcUwSV>u+Ks=eQLxp4
z_g2+1R26fTZC^P7<<<^r(Nc|PODB{tLuje{93aw?A%rgnF+I3^M<530F|$M$aq-B7
zZJ^ds(;;||#MH#?JBFUy0_c07-tR^4@r)qcm<6Py=o0{*qnLM*m3)#d({>Jz&Q4vO
z9uM0gWo&0#Lnb9OT^Xpb4>M+Uu=RoF6sDJ17-D09xrU_(#%GazJE<A%S$Wj)6N@h9
z2=w>LBij}zKe{`I^r&;Tl)%H{8)(}3KfuN;)byVBw+YmfzcJr+@V1{U300@>=T4RR
zB@z%eq9=rFN$|O=TG`$R+a%|IUc+U$a1DT<88Gr(V%w&(y*WpgkAVt;?<{*~)1u-x
zJdZ{LH?TBmkEa>ii(B-Nw1=Z)1ZFliY$+e0Tf1kjN$sy<R*<T>MQY^Ek;};QhhGqv
zD#}&O(idLb0IL2JAG4nS@y)bEEzNgntWS^74b+X?N%dy_`=dJ+C-?5}1on3dJ%88+
zHc~(got4RHIWbqLT~E_V=AFkVy?~csDP9_VcdKT}(7kTM#}*v{elm6jn0KlK)(dm9
zDn8q&F@K5-1knQuUPbL7vK%%itb>(&)1hC8B-%Z%FrWEQe~&Kc4X4kVlWf+wm$PkL
z@7#`4gVh_Cd(`-Y;L{vu<4<@(4_i6^`Ur`>({?Amuz}O(#X@*h&G6cNFBi6aX>u%A
zFGm?$NmO)pfnE1n?z!YcsdnKG1}RU@i(3iz`)xyL@zMfLU(g0yfX0<?+a4ryJxn5!
z_oA9u9=IUR>82?S0~pR=>3*n|e*jMj>@6!F)G`%WY43LvC-`j%EKQS)&7TFeVI!J#
z^Dc9CnB$%tDi3<7{MlB<FiybEE~Y;WdeATKW`1;q^QlRFtZmaZceDG>V?!2j0k6$j
zqVRU2k^2(5xAk=ON9bZk_VIb|N`;7Pgrwy96ihYcF3MuwnXyay+|;tB*P*A(i-}_g
zsIGh!#^d_ZN5)Rg=d)>c*N_t<Y&%c_GGMjrJdHnw)gkK7l0<lmCEL4i>g1XtVZ_*D
zG?~I2#1=;gEb|<EI+M;)yA1={iur7uSz9+(?jTPzDEHw=oo;G|S(R#BzHJ7{O0@W{
z-3wqLCu>u%MYBx_B;_7{Gl*}C>%%mp)HYj;R9mGOU;$1t>&GDE*bSUAY~I}dvIyc<
zwkWThWOQmy>UFck+x(kIq-pOg5W^i(={3S=>tl(=-a~IxJ{t0_8#7*VR-tn69xQz`
zG{e3oXeq7{9r4((51k@<*(Zbr%%|(V_HR85eWSj)Pr|}UjEZ$$V08miy<3tNAQ06M
zEaw8B6>#8iF}IMfrvg<16Cbpl+78susst-7|BM#+20K<p9Ai_L_Om&2Ra&=MJkYLF
z1|EZLBTw>1n54@l&0YFM!^1rf-!_-?5;!$thV&FST=u^y*Y8^O+~}#r5KWDP%oz>Q
z+(Tau<_&;a(0SyZ^w@WBhg)c$@z2Y)eB(Zi0k%AAx8039uq22?kcZ`BZF`h(G!u&3
z!d@p7JjED`)<78}C41E;TZWhve(TTBOx@UyWZz*oEE6C5M-k33@sO-7b|m923jIF9
zl0FETl#Aj*WUg-;!10q)6!6RctHrRqImB)dL*gFsxy$a4oYDZneLJJPn>MFi@??vR
zYy?WEN#|NaE$WR;-~dJn!W#O$50;;`?|Nqf%P#e8Y&tJ3j!xM+LY>jXo)#Y7xUx{Z
ztvQlCUsn0Uro8`OdziJmcd4sC!*}Qw&sn>7hwh5^;$491o8HBNoZaQg5Z&0KLOda6
zZp-RO17NQo%qZ-f7-G?J&zdWj>{WfOD~4Y6?io3wb4$g4v>bUgv3bl*E`fa<vVlMu
z14%Sfa%B*?wm2Wfj9XpvhX!Z1%_Xg;7OWSHbLN2<K%~f0anVMDt_CeRH5)vMYKr+f
zlo-M3^@L!*c%lvD*wk{@!$7gfW<*(oJj2*Pje4TP94E%LZ?ah(o{H~eAvEv4n}PKN
z6<bg{-gD?gpjB?*wo;oyy%T!eDbMr*!V%+K!2%&kcaW7FTNvxi!VV?Ip~ocVuBS~l
zs~FPPEW^#10uYrlYi=`m?u`6-0`Fh%oGExcg93ttiCy+&JC%)VYE6u7bkZW*i^cYv
zMA9UiKCBfBm;-j;cXk!IUBCzEb~Yofu&0`K)=P@D@8Y)!R}|UZ-OL-RZ{MB7!Yo9_
zC}TnK*-a?DFT<U2QLv$eb2PqbGp}9$aUA&ToG8T_IlJ12r~M8Jw)%mu+hPIk?Jywb
zo3^{S^>rWiFEXuITEeb@GqiIff9G2iq!(D0hpw7^WayYew7<JkE)ryKY}qDm54Ea-
z_~|7SlT7IjnO?ys{7t8i5#DN$QQdiRSdfOLRq|28Os4QJEG$@h;j2Q)ka~_`CmvM#
z3{>dsHVirO-Lt1C>^vJ61ZX>Fnly%K4>s1o`@6e`32ok)CJtuH3;`5~z8DR<>||>&
zAN$tLk~rbEviCeRb-?DaLuzhA5c6{%qm+%@tZ5H;GAsU|xLeQ2ti1(LT+Q|`iaR91
zf)kPe!Gj04;0}YkySuw3I1KLY1PJZ~clQAjba0uV1H8$XbIv>WzJJwwx9U~(?pnRN
zd(Yn8YyH;h-aXw^nX7gsn!&F0`fmm=s6G9&;Y2P%Vke)e+=jQ!(O7>dPtOFvV=vHr
zGSnFGY*+Wt0*lJ7XMV(*pL^%xbCl&vV#Q1IzBq2qiX|(e`OHac3%0FgPcBHO)w6#4
zEsX*b<1#@xGpWmA4T9MO))f0W(RLZ_3+jvM+69s&NwqFM#DGqZB_Y22i-H%ize?&J
z;<*L9YuLFir<Iw^13fC5er7+8_#RAVG1=VcPC(Z79=KYps56F~230SZ4<nTaMvXpf
z<O(mae?;UD$##0Pvm~4%4$mXqn5;DxmCKD*{7AEeZAd%!#GIM!cJkA*VGoR_bP+~4
zf@i!IE>$}7>6r|e&>SQjh<$vluft`z8mu29JW(hBZd!K|6}+FM9v0GWVIZuK-&#)N
zabIy`t69ici!j_o5M^Du39vprCtcRJUkX0w#npkM{UlW9g;vj2ZaN{j@SXLv#)FQ?
zLm=e&BHHO8i(%*bC+NIYuWeH-zyjY(0<C8d@0jE3kGBngiF#C!WNqMBpJ}6bg5x*U
zq;g_6%k2=<>z8pBAK#xwBZ>d&9KXbEaLpn4g&>dhDKqEifUX~M$3$<bc_xX1mcg=c
z{sy8+4*UE_)=c{IMcspzpu#S#*kCiRp2NXj+{E|h6l7-Jr-7k(Q|=d^#|lC>_yw&a
zN-{&_PeuX@+!!9LsI3VrmPmeV%{%@KhftIhiv-;(o-MAutfheR;xYsubG^Qe@0rD7
z`ayVLiA5cwEk#~0=lKzMf$<#qaaaDrukWMlX`UfHB!G3lR11edS0?1(2=x8U4?TWA
zKuNO$aL~Q=nudj&E$ibUR@R|HVY<v|y-Q1%eF@ojk<jZl7uoH}2_Y%nX&fF8!kX6Y
z?w$$(`n%ZOivePRh{@Vnsz+x-Pw9<c<?U{HoRuPdl<9cvk+EqM<9RQvP{J#61yG0I
zK1ptok-XJ#Sn;tAMXjaVFK`EBe?Xx&g{_Yz>YAkOO#8T>*I;Egy{V<YN0l~~&XG=_
z1-KD1_3SGqS-$oVZqj=hd!1K;oe~9KfP#{ZPUP91d1bb>w~db57h+(meEf~OBV4Wj
zYK?Hfi(yM*RvEEf^!z;!#Zu`rO^E#Woh>2*B$loI@g50`SjkAFTD0F^MG8a{ZTO^f
zn<RE~+UO$J<)dTtS`p7P%u`NU7UZjiBI%ji9;UK#jg4$s*Zk2&G~PI$E))ja4RiDx
zoA!sSi|v%xUaMLv*?vVvVnQ6qV^+&{-Li9%D6(AoL~#2v<7=YWp0`f$@NZ_vx0y~o
z=p1Srgz=_W9z7qRVK;bvU#5EsZHbZ3ovP}XK;O%f#{!_{IUJUC*UC%vZw243nLDPR
zeNW)1sPgzRr_R0BY40ENB5y9;nUqV~rr|*@f#T!DO>)9XPW{LZd69<v{P*)6l9w)_
zg2&&?3=jm$(rCEO4rNwzc|V>T=0TXN!zF!ZiGz4H7>NPPjKV9iu6K5o9y>{MSVikR
zxUA{LR9I><;P9}qvhVYFR!<MQ{BR)g*w+*x%JW@sh@`x8RC{N-EMDSb-U^KO5*4%#
zlg&en8R(ba`DV6;k3mS8@59eEZS}=+noF^Xe2g34*F=yIFH)6kVdf{s$ahrMkZ6xY
zZN#)y{VuV8n(+%giFt*^@O-V>?h#T&8qKN`cSV$w9HPax5c7h(kLyR$npHS0t#x(~
zBBJgI3$ahZ%Z$PmI;}$29NUZ208CMW6pkX+4@+O|clnCWMSj?QwTv;uRJpVHs`lhA
zsT`zxPT(nFPJM}chS?Y1OkHq{y0gKEIOycu{07K|t$UnQ^<G%9<agbevbh0zllOGb
zWY6yJ1LXl+x5R*?h~pE3?u25N7&0#q{|3>b^D%j>2M0NSw*y?bdyUA+$Fo>Z0~hCe
zpS8(?+f&8}0Kt`IX5u80JmX^zq=NGUJs+|zWbnn=yjhi^eeYq{WK;F9f_PjJ?wV>^
zS$GZXs5yxj-j>lEm=<edR?6?R;c#vUjZEY+6;SKIzH!UbkOt>m%lFs~-?7?J#~mwi
z(dpf(3v7xHI!UE?{Y%k$ax>Bvm?2KhIr8#|5jv}fb}7m6lkT|^LXK-UHS7aBPx_u_
zuZOvG`P@%U%)i`5ls}&`pWED{AY9l{pVH*G#K=WY23@WX7@Fwad{ggbA~s^@?l(BJ
zFa>&Kt9OCPiZI7`)52R^V)W?D&y<H%<Ht^!l8kk-CP&kCBqVxyI&@OxU7R#d>F!}@
zew0+3d0K$J^ILUiQ!Wc6W&5?dtpIxAKS3_Tn2TM4NA|i&RFKDpt&c_S5|m17Rf2kp
zI<L9mibF=l<zst@`sSW>Jhu+==~UFZRK;ligHjFQr0qkI)ltEBvBkTWbEn)_D($;w
zwdj_7R~n4p7Hv6sJwiKJE{MuHYQ8G-1ZAp%O-lzYohCh<C!2wG1s<oSD-l5VU?V}d
z>*aLSPWkOz+X+$T)%oz5b+0TD<5!`?5;=veA3UyqY(2S8GNrl`1vC1abYebF1FPnw
z1|3p}i2LMXj7Q&&<z`$>e9dk?67%KD%rf*8C)xiV1TqO7{?3YYoPf`;*Gu>5mXpul
z_^z*=B4<wAp(bTd`FtS?fpD<}lii(Bo~^NWHL|-FGU4l@&`QOKs(K@sX^B{sVas_4
zcg)qq=$*wNsdr9FDfZb2K~T-#U3#GT&Jy;OzAKvpautNCC31cnIm7fGGyF%mp=;Bp
z+gACpUt^H!)s2pZdI^)qZPja|yzrNP(^rRlYX0x9bV#Xur2?`&K1RRkljo*J=+{v2
zuKSI;5Qw$?ZQ0ZH=XuVd(xbpTv6H3`Qf)lOv)9?k@(hpa`=7N|Xe2;dfvlMgnm3Nf
zQR3rx62^;FjF6Dv^PEmnkL#NPEgOpybbRxqyefo%-^0dr&_g@JsNB$oPM@|lmtQ}l
ze0tKQ(0P#^Qg5c!L{ix|D36-vSu6%D-X3`-eOq>Xp%?hH{F&wEj`@wDwVe2rgnEnQ
z^>R@|`Ta=DJ$*t2TJOOsCmrs_5_~<BmY8N6+nHi8=-y%d9N{9v<EaTsP=m;_grxg*
zd4w6UA9P<KG+~4o?`EgO;^u&Pw$3Itv}`748)B+MO}ncUfOKp!{g$FYGQ8M*(N<Pa
z#rwPPUN<{prWBoV<Ca~tW)eRtw$*h~&${icaD1hgM_rVk^@`s>kb$y`SQfH-EthBf
zh#311H7fUMp=IG;C=S-O(9@6_54Q;A1}h(E=C_q);Q3-USAPY2H1UUsj4%$ibLP`J
zO(L8A;o$);sVQPYH*EnRvm=KW&c(76x<w7jeC3KFU;lfJ7m-}rpY!sRU5r!|;no=1
z)zL&kMGL9My{?Y&NyDu}FVH;@IjiCQJxvKaw8-2tQASBFgm#7(nbMll?ZNj*A=tls
z@AJ^Gj8mA6pHe9jP|rV3MFY&t;Ufo8g_`lRjk787^QUi2NlpogG{ez|613QgcFqtB
zpN0u)-LW~W&}=rvpFb2F*-AArYoFU`j@vGCf0%s7C6N|2Vcu-j;vb4tXV*LCY|15y
zLz!U(&-wf~QcjqMZQ_ck&ah&z{DQyfK)}b@y)>*eW*j!JAAFqBCTv>Cvm+5<ltB58
zYc^vd6d_{u1BF6<l<G}VA4X&9>sKp;1bgj)2ok@}=TAeovR-Wslnj`?gbcR0iQM7Q
z3tk=vwkEBh?5}L7Esbl~GfU*Bp8k4IRyNmpa&eoXvJ-pfCg`4O+rfE|R0Dli66p&b
zkGoXzB^q0MIy*vT@UfIgg+qNjtwZefao_-u+P-!N)wNep%Ywh}VEz;wMp&km@;%?$
ztQLXibaq#;!A(YX`*J}ozYUi<%qfXA>Qa+8Xc^m5Vz?qwi~SS%1@kw;`-zY^f5%iI
zF0=?S#>31#x?KLSEDcJ~5x<w`Dh5w8FVobP<;=R#41keYa+S2U>av_ScbpkX7U5o#
zH*wN!d+)Z(fyO-CZukkO`JELN<9w3&>?&WVWVu}Yj<tJGKgyk?sNI}be|{G!sh%>b
zfk@xWI@p%mS0T0)3NdfUnxY{BY3KU&;&^ha+4sB5)89BWc4E`{7tqMUOONSwnR{n-
zUb504#0F2UGOwOCiE<;`^6hK>K2A`>nT>JTHte8$qoZUkhzc;0sM((`wew+jxXGS!
zM&t|^Yd1Lv-^e|-0zGlOkTJbeFfs(+nUSD=<<R(S&M`4Zsr~kP{MY>=EoSa&YiLDl
ze)b0ii_oamwQ!R2HivIk&i>){HJ%Q<j!I;*SNS3BMeEO?P$Me6Wj>eGR^?@-#V!}-
zV;A>=mju;x`_D4ZJnhiPYSd@aoaj=^g-njZ;Y1{2o56H@JOS-F+;Ved_+viIRL_}D
z2@W5pobhD?CWIz<yD@E4;5C0X>8J2<)xuUm4li<!H@pVNR&E^9kuGDgNlF3s8`!&F
z(~8Y3AHeH+jMX4<;fol$>}*{K8lC9($)jEtm&+U17i(lKY-Lbzpjo=7Bz42vF2EV=
z!=>c|CAX}Ef}9OXcT!O>Nz!<)aY?kZzn~aeT7OA9I<4k5tI*9akFylto#c$^)}tJ6
zee()|HLXaRu%UYsnP23M)6%If@jD`852q4=m26!_^e)#^yUoB`HFzJLHn@RkPD@iL
z&5M0@2SIo9f;B28rCIIF(`Dh!pHxRpHUmwC5o&UQ&=9Y(h;aD}gzJ}YDS;otYXOdf
zy${D=?v$=lr<rAr$$|;_+4h&v2KNG!^xFPcQa_B9gA4Mf6g+##J?$n~3QsNLpN@ku
z$O;}`XU_!ihwU)1pL4Fo)HT|X%~z*n&q<18t2Sh05>o=fn<EakjVJW=*U81=!=}-%
zOO{5Si!l`vvgOy}Xqa>h(68#WBogW^y*P5@BMaWElA+jRw=t8N%5etQxnNx{0k8Bu
z3@5(5v4RA*GK-`<u)=R!x0I?}-6!)+lVI7FZ>)6u0!LN;Vq4J^<j#XF=1iWPkMecJ
zUat^jTkgiB3nrZI7RzF!O?(l|Zn`HxRQ<ZQbHJAmaibuO^>F3Q)Q0|MRcqomGgJkE
zXLF@-B>Q|z7Y!znt#(p#-}zX*bZ5+d?hld2?6)_Gk3eRAM*S8a`8k`QPiOg<ha>&%
zj-?%5KZCInP<{CC-XBoR|C&2rJPC3v{1Vq|r%L<Li#{Lq_<?WD;PfS0Q{dZ`#ichp
z1=a1%x(~UJ3wk%qm&NiHaFywZCI#RuhGiMpI>Y0=E)(UmnxXAL_pz&JMPi&y?ECAt
zNAY@mP8Xv{ZY6rr<T~MSd9BFsGK+xy>iJ%pdXXP#@Jb*KQl;n^QS+TeD-5?yoQFr5
z{Dsvff>A411kTCHn2#?U4;1){Duru64{J5)2sJapl6p6Ur8IS4ZkmkN2`qBbj9#)}
zmYi3U5+aBNg_$vnbyPkN7Oa~|VYl;vAU?(JW2H`pXo)n<8M2>iU8T>FWjFO#1g$bA
zF0pn|XeNX3LOtvXr>)t##4i=IDfjr6iK%<$1zt>I+}I{04w&GJv4JH{Mr1t!&sR?L
zu;XsUtT2sfqJ1|)tiNAD%=^$eyo_R?=2!?5x}<y>H$<+i2qGmyuQn0(Q9teXl<{Im
z$xj;ps+B^Y{lfo@PqQm&cKbXDiF$7RNTf&6emcSCimlER(|%}5B8Z0__<^~<T~&1;
z?@F$!F)H0Cgr8oj=_AWVHr~*0|D})owwaa4SOuz1c39fW5>)RmiqI^OE8<Ik)syRq
zqy&xOrjb*G2L}-kQu`9pnCfuj<DuQP5I4NW-jOsHHE1_DteZ1)Q!m)Ci5?Lbe*0k1
za2Cp#Xr$hD+jdhL-(w~y{~m232Hm(+H7n2OeLg?%8y?wxD7n{~`n5Bl@cYUROUG1B
zovm4jv5ke6)xak>x0JfP)~J<^GW0tCNMNCdzut(&z2%TXVV(p<=lOaSszBT9@}eDj
zV)C4bD+N?8i7%v;Zi|sE(anID9qU*)_;*3&PaG?1QroSPgEf+3vii`7QwNaFrw%sQ
zf;TC{IyD)9E&Imj3qejGSKa3*qk|-N#iL8cHlX_%fwqn1g#gAYuK6<uiVyGYU;a>j
zK(UZmUY+`4lM%!JmFRe2k6@MufuU*bT*J?W2S=wgd)z|Jm^q`sZP1VARR=hpblcT8
zGEp6~Lb)AVPt|0*cfUrcOQ=!sy|PbE&s+XQ6teTt9IV~##fX(&@5FR<FKH4>-H_86
zo|4_VhXp;3=BTCC*S2_O7+w3g>EVHz+oGyJPHI|$h>5(vl24*A&A*eG952{}Y}QBH
zF>VA{Yj;X23aUKb4GDiJyX9B1dHeIMoT&2$2W%sT70LFSA~~P6S{$EE$}>4{U&3TP
zPWm4XJmTLM(U{vh!%$E~{V|t*wg<mB?!^*aEm&r(KPwTFQ~TItiy0oiZb!!&D`Gyg
z%hcGcSU=DsO-rt6_@u4(`6#cef!jdI)_5$LRp+ry%e_~7p6M{#z1FQ?u;j?0ZHpFL
z^!V#!_}db#HR3ARcfrtvV)l$w{epKl!@PLu3w!2qUP?*c->NFaDWjznl-Wh0$J5QN
z-XIfGb|RA9XzX#}VFKs+L6I-MTj^0(8}$d_R1a=v**2E!@4D}p++~eHZU~}gVx5!+
z4Y<ZvtV<%0j-_0E)T`dY-LNTf-^OO53j#S2_*FsVumbteO%V>;&5ElD3%zj3$k_D=
z%k8|Gw2Ar3IrQ~_^<M6QzF#iBPs(}cey-f?k{eaMcH7eA?S#%<4<E5T$Ggiv*~!GJ
z_M&y=C$!f#n194T&K8&U5qubCZ!M*QpiEjteGRWP-WoZi&oP!}f<fPsp03f-<@z4A
zZOdu$&0-2a$q40Q@466dcak0?_>Q3cy|Ya2A=|xqa)>@{fB(ivja@=57i4DYcQW>9
zQdr2i&e^4ZBw$GxHFQ>!Xy8nE>Q@TE!?m?^LbV8{+~*pBFeH|ka@PSnMDw*^;hmsY
zn_q9e+?ur=)TJ&`QGz`kQfY0|3>d$ivO1!mGa?k8<cTRYl$NF;s;ojY`8VM##Oz+Z
z6h>pitP&xWJ<N&-CC9VmR-bPFOn}TQ3lfaWkbT`_+Cyk`Yw7NX2^Py{R&;EMMi5MU
zm!>xS%&T*E6GSfDOmM0Wf%N?zX-V}cxoU{akUb)^!y{~XnKFbr_Fe4hZatV@pV87K
zDLb0Egw6|v_01batheWSwwprzg5Ft17w6Qjds&>Mwhy_&E6-aOG`LuZzt!{6r)XR=
z-5MT<(1Lp_z&2eI{J%Fo?J*KEq`68`F`0x<>}((fxCI~jhH0(6&)2E_$YHwn{nVuG
zr3GgtNaIc1E>Ua)-7(|0RHB0iy|%RVan7;Sk|FNjc{kZ7%$|aNr+&ydvW>@Z&e6l7
z=PFl^Vu(w@cm*7VhmlqbKL`uBC5RE%G?z{jN2i$*4mKaT{DNQQg|ys<NOSV{(s!Qg
zp(z?-5?l;0S_ET$tRW`&jy^8b#$*0c%3n*yj6A5ZR_N=mhl{Vu@mE`VZHp815fe79
z?~Xc4R|rwOo0Ax^B5~_Be^mDgHFA*z^ZXL$YC5hIg9lhEsI#(gzNc_6neTMzRKR9S
zYa&uMQo*KbrsVfySvfX+5qUr-@dkFnqRS8dx3tdpwz2EqwuDGLW>gy@FW%w)m~ehx
zHtfho8XXvFU+<>6tdlUZwBxO=`0>46ur6fZ&M+TCJ!;=wF`GYTotsU$u=b8L_j|A>
zzQ79+0Ta-U;t6%dOSz^c9yYzSQ~&$fohXuq)^8V{mq?U0_tH(_DP{E!h6G7b89Ilc
zMW$Sq31=}|o>iWPWA3zjl*omE@pCc(A2=w+%D3&wnacYZ;m@^W+uSjTi!0&Sz`~a%
z4~Fn9@;7XVrfFL4(2i%&6Cc9Kd_kO?s%8gMsGqUUPw5EZBRiKHHK&zrC$aa8->XA%
z)<y@PYsAs}d(KUEBud!y-^HPS|0SuED@peId?&i6W}y|`^_i-52Fxwib>sqDaj}7H
z!noWcim*4y{QiCIKpVPAWCRIrGh0zT6U%U`0?l<6i}|JJ2giJ}vpG(=To;=g+^ERO
z9+HUA=z8?DR`(yU&zU1na<jOQl9v44JU)*hezFSl;{wGAu5wwO+#G+|N8BfzZwe#?
z{qsYC=h7T80;^P8FUay9CdU!5UAc3h0t1PSU6}*}<DQag9pVbKwKIL(N}Ph$n>;RP
z9HkkjgoEb0ddpcX6)~qcO*Gz)RJ5#5TFet~`#;Bta`a)^D$&d|SPFjTQ=-6+Yu7d!
zVvkT(%8^~`eebF7EG5jeKz8C6;!lj_5mbIw97Z1SvShWbShGmtUdous*M&G9ALQj-
zy5JD#v6D<Q8FQpMKb-tZ!$_Y)BZfAUw4F@D<drVS1$Iui_RF(RI_7Y{V&kq~yP)E{
zRCTa&3VEabh>s-ARgCH4dQLEuWFAD!uFr)+K3C{6)v|Rvs*=r}v)VC6Bll%zG5ts&
z#?=Hm`-EDU=4xcvUx31YIFA`~MCsP1bn<2@tYvqLT(eahQu4gQ$89w29KqHvrdES>
z@q+)l^fZ-z&$`PC{jE0Iz$y}E<#EY?bItK<@{+zF5`K;kR`!gpQ+{9hy!Wlr-_9A&
z7*EE`sITmI8&aQf9$Uj*Oako$P@BFkw-|<$B)FEGZw*#x;TKW3p?$oRb}sUj>6N=o
zoT%pI>SzD4cthP@<GPGcZm8t4>Mh`AT%Pu1I$0vnQfS;<(IXzjE64Xjy4G|5L}8ZY
zqtS$|^omFPz*ZOrhV|T=OJ-I~3cET6PSeE-PNwKSwLpQy#!n{*CKKw#F2OU8U}mgc
z<Wn1@!5Cq|#^4bXG^)hb-CgO1fbD1f`XmB34`zUyFM(sPO=2F%D!OPj-oyT-Yi!*a
z{0BmRPP_9pku?{@HZN9@p3)teatfPWzB}SiS8Ac0Qd+N7-!WZRwVA*x7v4Pv;%r5B
z7OtK2RlJr&Y^XFV(`ezpD?qGkL@p2@aM7_VY~we!$bpAL&5^5TlVU}U_jdkadmuCS
zJOhljfDRm6ynDAs(Ly`)FiUo{ThWb|-)PH<#B`Vo@!pS-81!o8Q;ng?V6A5lk+y|6
zu$ou_I!362SvDJID&ExEWPy4vmWrQ0iLdy`db0@>1WD^o&MZu9St#ct{ze^!P6s^&
zfPOq6E_z$G^lNlGTg>$IiN7n(XBt29HSnV5#=g_lKT8jHt$JlUc4P1u_b?Xh+s)yV
zH*}s;XQCHBhsYXLy(_f(<(M@RcUXs!-FO`|(io(!8_bWwm20cCmfuRSNUg0aiF;;_
z2ca?L%OF1Tq-`Qjv-ilyN57*_nw-o@nPcG0ayDFZ8MHkjd|Mz6SD6056@RN`?lE1r
zpyeB4zE}*U{;{Fh*=m%N-n1n%z7>1OnB(%rGKBR&kEVpK9mjnwXhkdG?I2TSZ|)$2
z381idgZqQXmQv_--urKHd#^Meo3T>&g}*ksNTgatihy!?X+c9zZWgD5d~^DaZj9MQ
zCP<@qF*>W<65^4upFY=k$Iohoh#T91tV+L~^AOd4d(&#>8wiKn;65G4m@h}Gtd9f2
zj&oae#<TIk=2yFp5{WC%7hg<p8&=Ulk=E`^)gaI=8PsJ}Qk=xsQ=oVhu^XB6uQlgK
zD<E8!Bs|n2wx}W~#KmU94V}+|pE}0(ZMTq3XTE0eaV02X$MQBc_Sofi=X<r|6qEq}
z3)d`24;kD++%J<kmWFcD;MEiVRtu{Ewc!4-cWXn>wJB(&how*%afRT<%nHZ0mHqX^
z{%MRM_fJKYe)}$3g4CHWwSElsk>#qYcyUR;EkXbz4n(%=$1e;+Y$L_?PR=U=?>?7k
zDjNEai=_6D_o1!i1kvmxGunv}e7&iLeoEaW@+mQITmI~Z52a`4y=haCe*2<cYtipq
ztPNgXy>4=|XHiQ36+vwY=g)1li(gXl5dP6>t9Byv4wCe6dl3rWLSuAdkWMJZ@4@#-
zs>uc9nkc3N<5c>@v9;L`&Wc?PAi6`4)O?u0#3bKi$K4gGapIzvX*zMnULJAX#W6rT
z!;QtnZCcV8`(<yeohy~JjApGshqC1SVnDwMur+2+^P7gql0aGF@i#yB&D!5Xk~;w>
zKC(3=-U{F+Q_Qv1`+c#1*KBQqcWd~l29dlgHz!>eO~_am_FG7G1fO^)UkX>Puyq!X
zGB^`i<w3tA>StTx1jGL7YH6!}{+r(%ogb7AJzl37vAZDSp7drZi4yu4l59(`-x*dM
z4K>SHay5+lbXg(Jw%{~a`0Rp%gYBgwN@{;`o1$te%8@hHQ);=9K+LJ`7+LR{>4Z}i
ztzc!;`mO`Pq(|NxI*ioIOGr4oLa6&m=c^lp1X*C`*o~4Ol)*{<DZpGon^nzcw5m+U
zio#aU*P-<tyNt+d;gmz$I$9TtIe!%eVGphmwr0pVu$A`yD#bW-Y5%j~J5z%@x|Awg
zsqsrZ^NEJGUP6m;O!G>u2e)6`-=)%MU&eBc`BGR~Ucaq$GTNsnp_=kF2@h}g-F&_2
zg{3%f5z(p(*d2AD<TuKUxynO@x;y=<T9h22r@nnKCuxe65YFko?)NJ;Vxdu0(Mzz2
zdk^n~uNgX6|FH7-D{@Heg-OQ!e4CGj>|E!%sz_ogPpEl<k{i-SlAePoBE$5ct=<AT
z;KJt$#5N#&qrJf^#vOz<(2rfxX<?i0-&_*mexvg$^4i{;n`~9^W`L&)1-pR8JPNPv
z{;6-2K?4&p*U>&0$>Xihkk5D*I}@A>JyXN(yu$nDO&YHc>$cPJERj>`nI&+q@ow0l
zHwk)5lw^=b`_1+^ys-{`_wEcdqf?HBK2eTwqJopg@qq=&6E%T!;ez8*2?1M~ZC$yl
z>Gjj@7zNIP*2MQ^S&W?6?U}_)nnIt=kJSwKb)L|)1RNn4JT<hE)|#;(r)wSFhwnVi
z6N1lO_2rhz?X>z?d>&Bpv*y@*ho%S$(!2Dqx)uFcl%)baZ}kBG6u+KgpCjF|p|?gn
z=&I_KH80j2xFsSNdbk8LiN+yhml8P`NISRtHK6kLw;ygrPQI!3%Z{(#QiMKwyXq9R
zx0MB{5)H0*TawP><7(m6&#ncQY!uMEDWZ|EL4ABs2l-*GMK!cX;xg6ucKJ<X_#H6~
zI?wV>L64*5?M^xf@EEaemL5LNIDTKg2VlH7bAME#M#^+rSfdHZ&GfUi{|Ve$LYs-l
zvy}uLan^HzT1{{sdp={MY<)6F;X5Br`t_+`xLo?cPS}BZjQHTzl6O99$am@U<i1Uj
zcMj_jUQ%UhngpLp!5f-!)x;0$V)(nUb}MA5K3+z<f<$(~rqnN*IaVEuj85eByiM<G
zB0+R7l{sXuxlamB&I}cqh>B1*_9?v!;U#S)Uj(lk57q}gc%yvml}V0|K(S?d!}I?5
zG{IERNog-Uks6C>d)S@Zl1h9^!@o|J@hd2XQZLCLvmnv^)IK-kslTPy(cJ;x*d+o<
zYn{QhS`<LiFXx_fkth&vR%JCN6WhsZb6f9aT}q?!h0Df0IlKq%!{9MyNwlE0Qan(|
zNv0}0!uidiuwh9Rh2;C(54}DOw<(jijAP^{cUX2OqVZFE2g-{ic+|laJ1#is6*v9t
zBnDbI9n#AXhqq}qtmEr)grRx8S}BRQ&Z#Sc-*{9%2~4kjH#$w{>k?mlwqozX`S$r~
zzq<YVJIRdB-4`J2no;t`X~bEQn4iP!BJ54*eHv*d9}gs2%RD9)OIizjyinshyW@uP
zS{?zXRq(gpxwU7N&n{jF3QZ&r912m!5UvbeE{-<xIl7~j-2&KZmT~*Wp2P;+WwoU<
z?P(A@xUKuuPx7q+T-vRc*L{#FCieWceXpyT*sNkctXH5KKpW=B2bLO9z6phTn;D`h
zrTc~+lC;eUuxV_M8T>1MHv*pvQhx2Gej3v$X5Rg#lR`1vI$^^(FSrqZRyzoS4v>Qx
zx)Wk(5x=!a?%f1C(1^J1b7jL`kylILSM)Xkt5Yn@xO2rJ%lQ~-$1_qQ1w&cu-k6no
zuYJZ4II#Qjqp68A7yETh!*r#Y$j37Tx2BhGkaD&6BC$!m2d)GqHjcI3?UY}rHjWq*
zFL>mU?W4B@fO|;20}m+}*WZ0!kd03n@<_|qEY&-T=g|xo>1RCc!L3)b#mPd&tw}XU
z@sFeQ*mM5)v1@sq%H$HhDH%#ytxa}1naIAt1vTf`CV9&|^OFe+VeYkEie`wNr$kfj
zO!tJ?5{9$n-aQCqGE>j<WW_+6qj?hJ<20k|xY1F-)N;8L>Nk!k6yd`4mxvMd>@9E1
z^Xv@*JBQHqUfnbTwouDTNI5m8T;X3z6L1gGZ1=NY4-&5{xum*~txD+-mB-8#_FI<L
zDI*Iu=8YfMq_@tLvGCUd++S}KK7TvV?MD1n(>H&%x|k#Hh{e-@Hon@jHL;kqRk|`4
z`HfnQ={<w{@EAF<p-LNMqd!-~gxY&_lKESM(n>b=xj3_>=V#(K#-zbn@lGp25%=(!
z?00k@IQMWlGbNeI%wk;7-1o4L`?O}lCoIFo9l6?C2@P{peyQO3S~A-egwwyfQgX)n
zrr!LCAm*xb`RAwyBnf9^GKaA3;`KY9WL<&tnS*fUC~Vt`qr8(-02L{c5bR%V8}m)7
zd^&<$)L&LlgyGp8F+@Jgf=5fP(TP#$(^o}3X@-BlF@5tBuE99;YK9FAb!8SQn2(HW
zeXCwAnZhj^H0@(CG3Vmf_c}*IW7_L8TU-4#WU_H@-bP}#K&Y7;zTIqa=Q?%#H;Ytt
zU(~zQhu6H#r>Ec&^{?qe%LnG4TLmeu$kE9j&t)Ad59lqss(raKBi?JrD1Ik{!z6m%
zglZu|<qkBre>Q|^%Cq+`x!OH<Ki59*PhC7eUKo_?s@};^16}CvGGv})s7n*4%G*m$
z8QjYGN*4o)7fTm&RRiQ7H4aq+6z&*yAuF>t&hndM8u$7zLSYjuxCxfnlr7oL>hf5E
zbUw&zwnIAkO3z%o&#Fsd%$p@hcGtn2$Gz0+JxDgQ4Xn&eIoPK#?)Ci*wO_a1+|8QC
zy}#_H!#?CuVsn!jtXl)t?V4>Za^WduU-+rZM!xTQS_5A9D|Shp1o32-<LocaIVtQv
zWlTcEb0;BndULHao3LvL^YI~Zve|}rvupM)WwP0YckV^5Ln<UYGjJ`CBuGajLu56G
zR8%`SGk7hSBt%CnBV<jCBvdCfGjuhSG)yNfBWx{<G+ZY<BYaJQBtj=5Gh!`*BvQLf
z<&l1&)}O`oTq9k`ocZ8u>?HVLEEea!qO{f<7KL<KL(~duNywoKVM6*U#kn<*x!(^l
zIQK^}&))4tb5qX6zrJGdP6AAy(pvLaczH_;S@?Jl7_2GjVM%Y^i0-1Z+e!%oPQf^w
zr^7x<aD)S-mXsV4LHhjDT^c}DF*TJ~#-&SKfvFK@ElO~=LR~R9wP=6`OZ5@tdn<AJ
zUq{hjB-KntRfuxlt>7+%REjj-dbQJ33{UA4SVQ${z-O1hCuZ=OvqAu@i#%?CPp7k+
zAf881Kymj2#3Mi<pxNfW-LJS?=f3@KGd^|c&22W<LT;EI{rE})#yB5!x@NnnA9W5)
zN~Y4ghF!Dfx<Q<eYktK6?GOhKh3D%fh{H4R>13|^k>^pibXMym<H^ndyqWT32e}Y^
z?kWm!Sc06LFg*ImKF>}mzkBj&FA{4l5xbL#NW|IA!hs}3B!WMcih0OKoHCHNxgJb{
zg(o~L{dgfuu6Y4-LQ`Pjr5)EihE+~-l58MOjG+F(W~wXGk}Hz|SbMfHYYynYr~OA%
zPHMobe#JJaH6R{6u$msYx#o`))<CfRW=a|SiYi^&W*cKBi&f_u|Gp^>)DUV4v4q-Q
zIznA9J)yqPKu9Pw@-iA4k9xn0D8wMdD8MAdEW{%4QHWKDO^989L#UCTOTeSp8c-o2
zfd98&Rf{nI6~Y3puG0oq)3av_Vv4AK1N(Dej%n}>{iD7B2k&hqW<W=gYO#p6Rs5pp
zQ2LkgO|vI97ZHOwrD_g<jU=qRSmP{=mSPAff}J>T+?K*pOg|km;{yEL-Pc^&el-DZ
zYLs<V?V<(MtGLYCfomEST@BjoCZg;|Z;DE-%V*gy-p$~3&ixZ!|3}^qv^Kz68-E1O
zKgGj4#Usak<Br{LN6{Cx4c<WUYRYFD^I)r%8Jb}2SlB)L9^zjZ@-&(>{cw_4<_&1S
zNi4HJn_t!ys-RekrI&Q`Im2Bz&Tiv|C5GI5N*xZq3M%iyits2;lo<nRZ&J$Cb?GYb
z)S|2*{;~kd8k~ha%^I*~*KA#p2~X*}g*~Z8o)ozu9`be@UUviVa<Perf@H-+g0+jS
z0Ic_l{@jop{0<a+8b6m%<KQZoofG@Fvmxp=;A-FE=ERLrp3a%LE+FhKoo-8zMZe-^
z=1#YLh(!0zqBrj(xVpQ9`@TTY0m5o9N2-?vyH;T}XTY%QABc#BmO-l^-!9{!$(L!+
zENC922wHYob@>hY{jvqx0queGLx-W`&}qm#bQ!u1-Gb~u4=#@(=R$Y;<#Iych=AD_
z&;0H%6;OPV{-eT{V4llV2zkH&cis`Zfe0-}*Oz}3nFS0H7yI=!yk8@KTTXoMj4dF&
zHLupn(08Wi_V6IDwv3<*`YRFhKBIe=1<d#K#X;hx;9?|BiuyGKSzaHK_j`Fp#9*eA
zL5LYxPI1Q`u%qaTvl)IWN>D`mQ${trydJQ`oLyF;t6W2?mSiKnIsMv?cSf@9W2vfO
z>C|b4V0$fOrFiNzOAuT?^#?L@A^D2AkSQoo(B*!7A5y71S9=Nc2SO^Rhvc3oVeeCW
zn&Ize0M<zLhc)Nd)0@iQf0$1h{xh%r?!_s=eOdl9W+xf`oV=Wm)_>L70EQfH4>H~M
z;H48-uIHm$dlBVshJSJ`q!31A`A_RWMF{ScVX6r!Y%ie%Y242gQ^K$(?+ert*5i=E
z?h;BEj{8sld2mWsEm)Zt1$iM7zmDl{7Vr@4*Vemc<8<zw_(~}O36#yU_XE|v6Cx+Q
z*q2|euVh!lNF}txGs9tv3Sfv$8loMN8L}4g52}Z(hLC>NhN1f!4BfTEGR0TJNJ>=v
z=od<#=v}kQhoP)6?NfSDlre8WP7Wcs5%5<1{rdT9+d4~EEVB(%lJ|BUGoZ+zFq>te
z_^EA1Bw!at?H20JN#4m&Qu`&l+~-;QCc~uA&vgkh<5wKV?B}`<5$S%O`6Gp}_j&=7
zLP|&i^Ef!<kJ+0!n1@~4VNZV2l(1H7fz{BtZ^@oRRr?ik*aO_sR^n`-P<d4o1qeIp
z1Lm(fy0xI_B3B@41lx!#Y<WA1x6l9xYA~0A7(^Pktfd6X-ga9iKNT3=AI;A=DRg_r
ztBfG~i6HLu8_aq@34T+PeCt+7$LWghvi7C>$2QHLDcyWhzWD??$m@2#`83m#uMN%9
zhJJE`_411x7Jo;*vYp_rJ%>Bl``GRRWeK-Cr%~7Q0bc@gDEN<Avh0D`nk;)5#(7OE
zaWbc#e*NOwIz6S5&Yb!rgA9Wd*iQeZ_w;ib=`h<kqY=YW5YpXtF4=Y#^W<F^$IW|C
z%l*U<6NCBN=N{}0KKN8B)2+cGKn|gsL!UolfmQl)tpV}*J^L4qPNg1m{cH9A{9Nnv
z+?k(}NdPQl@xt0RBr{!x`2h3KlJ+UFYrB@sPrUOa8N4-iP&t@7+iReA`|c6Pjo<nx
zZVqOJ89eyyk4`gMTH8M>GGZ&7$O}!`DHuSaNV76{Y3(hoEv)xaS`u1g%A?A|%7YxD
zGE;SK+@))GGxWzayqUl-)50(jRLe1~|HsAAFVF3qo$7ANiFNTV{)1JWvqKWJ)0=ZP
zfBl)xjT-RpYoNXZ__w=4EhMuRCa<Nsb3(fekE*jmyID{9o6rdVtK2`fF5rOs8I~;l
zqhvz=*r$L4lR~_MGuRP<lq`@l+53HW`Dd8)3pGQgPX1QSNuo^7O{M_ms!^!tq)=+)
zXygDX|4^y9sT66sX_V=?=@c2c+7y|&nUq<%Srpkhu;<mdzq{9lwJKXc>fP8lvfqR%
z@1t)qWlb$KLFmHZF3$D5^pA0p>DB^sA07SEW>(f0-i5i{GgF%w<QDY*sVEcxW3q;}
zDpT7-sr`lwX13a3ZcD670Tao|beBxQBeBDjr-wu)`$pykPBfR{_p5@KrPq&FSzY!^
z5ExDvG(+6}wv=*Ad0%s4S(~m-4dVi^(z{ThZ=rbA*{r+<u%MG$Rsc|}*sG?l*oo0T
zT4V;hx0kG)Fo5jA?tG=Bk9#NXtqt6Qzn3^zz;(KFiS!>kvghs#i_lLFY3{NJspY|S
z`^~Z>z79*@52mb^O4Zs+=mZW*+DoJ(NMq5y;jB{2TUNFd-P>v3A7z=(r(ZvER@*Oe
zJg$`LwU#_DFkAVx6+Z)~tTv0arf$+YH)e~vONf7`rV7SrYtI4LSa`4<tfcHdGVXH}
zr|8Y`OK4PEd6VQguU-*Gba{_ITM$J*;|F{Z8p!>ncu{(*3Z;AcKTSRhz0SIJEDHG=
z=Xy*}UJJ;Yt>Y^)xlurUe0-!O*euUu--I#C^HjlckmfT8x8SY2D;4NelGoiK!$D+e
znmRr9-D{Ouf>!5?QR-ZA;P9F5xs`6*IKhZ+(zx1)Zt6I2#1|vC_xFg(@Z%kgZ$Jg0
zMBA(j-XK6`NJnxg0h3OstV*}TdBlRe%yU0jvG5D1CCq;PGq-&qDfes)>_CzWI^RJL
zK{1S0q0P{<=a4Vl^tUL!0tPv)pJd9Px4*goFV&uCX<d-7+LN7|=3(byHO#ZgayHDf
z%ZfK-eb|@QYe=~daTdE1sd3yRv1m<SKT3{mE!`dtOQr;<GwZkRG~fU_TzX5D<y{mB
zCLZ|=L>I;d7T9jie6e%;EPVIbi{c-y<ZqvZ$~+5$9eS2>--ksg{L*$RE>qB@u6d;v
zdH7@D=c=Pw3$rdk4Z23?lT^UA_IYn}Atu-z5X3z}USLxeRIX*e&dhC<mic`=CUcL*
z&LwHE)#+%x#mjzHklQLR^ZT@X#sQ6;Ym!8pGy|w5-F{tx+p3JTd0sx_kjBn!d$7&P
z2Gr7Ozpl@1|BbYHIi`*BMiA^fd((0xJ(UzY^cdTo4dDg5&h8hDNyjDO&_2erliqNF
zZMFWk+Z1rS?E?GuKIy#$Ie6>WJMwbuR^-;lvfpJVExRqCmW7symVuVemd3K`vf`F(
z@BehO%9^7(k)Dgp&{XW7j`mm5YW3VroZ?lwm_*K%_<g$r{*_evRWXNI(5vlFqG4P0
zHu}sr9N#&h3w`q$mB0aTj(zLh#qZ*jtnxhcdY^u`5~`@Mhq32Dw`*H&k|JYXZkA$g
zUT%@{#hgcZGO5j+={M?b_+^Oh&vDL4XZF_Doq=+H<fQzuyh}i%d4Kg9u#$7Q>Z0aT
zV>Lx^(wZZn(Xg+5tve!kMdyps4Pp#i&vod#Db<j3J7V7qtSx1hK};E{#L^(H=GQc<
z8dcg&7)4YYEXPtME@qQ5iynOmd^L)gJXDG`rT@3F6ti<tY2sulQs$qvd7Ivm>-rX%
zRJwMkhy(~0nfR23JSj9<0n#PhtN=g>PAfoyL_kruG7|}<FJD`{{mnb_wM-g;Sx(5F
z6~)7j*RkqeonrcspclnM^4~<xe<xr$X8+0gTkKzTV8#CCB<<HJ{;dPc`B%b9_xxMD
zGF3?MP$(8U@hko}p8Ug(@iT8iL<WPgkcrXRUV4(9e~ed-Fa9gMx;!<cf7)UUlU$Oy
zs0dSb_ZLuB@GHIgM(fsGi*Xo(`u`o>;tPf_sQ*jq0d=AT48Dk6Ic=7Oe{^P^r@Ro<
zQVMFR1eMi-${Ii|&7hWcP)j$c<p-!`2-GqLYMBC&z%<8k-{D^>e+ZqwvyXwP&fM(U
z!6#=b>T1}YE#m}Zx^;2{WB;Q5N&Y*EQT)m7srT>d+Uw=UtuW#B_O22ABM9KA1GSCY
ze*%p75B-<(pBUrMBYY*G+j;WEgDoo}>KxViNqYX9Rytg8ws%01S0%eeM)zIC%Y}%_
zAB{gp9rar1b@6J@7D6g|8$bA-pB#v`f#O_?Huo8A+xASsL$GFp=GFg$a&CFQvM~i?
z4ym@prXzY@^im=S69s)ldWF^Z=Ce{{&&xq7tj|PImNFa$Q>hlru_}kpx4(3YeSyy-
zBf7m%=He_Sw{evb#>R1#3C7>!Dl?3<qh2aYRmD$v>q`Fd3|Xy%TJ|(I1v;-(UX>MS
ziuZoWBM4*oqJi`c%~*N3AWdB4YXM;x(-$557BuHq2L;RGJzoo6hp_}3AoZXHze0OQ
zBq1D~M-;{yZh|%ZA(8ciiKawvbOCV)d$<MGG*JPolu6p4a7+P77-zT*{xVTLt7YM`
zL~l$1X&Cnx2mGy%eXk-5i6lj0^T@(@zPKPApv@|m6>3WM#uku=@qO{YKS%rZYPc{>
zQaG-FB1|CI2k92=^3}n+WyzknqRXoh6_fIhOBxjnjk}}Hdc_qgs^w+#sugsN$ugI8
zzTxvq|3)Mq#7;PaDVC^A)w~3wcZiZ-VzDTQ1yurz&_>=Q8ofu94o}3QAy#0^E0U7V
zPc))NmJLtAVy4qq=_!horb;rVL6(osK;ojaSJ`?$ES;ZZObf3VoP#e&=dS`+j3z^s
zZ2SQkwg44Lf-V;KO|g_rezGAQylQX>k^*`Tt}yk^i$9uh)Ou39TMTMlXq_k?DDEt7
zEUqptF3v87efMe&EB5pGm;9*3t^v^KZoS*Grc-*D26Ql5keujtRK}_EWR+6;m<RMQ
zI`F;dAS%bjTe8!sJuCwT2tD{gbVztuG;idT(t1Aj8X@!}MbY82GnyO9&7}3R{xHE9
z#!n!A&n{=4H?EZ4%l5+zWgI`9j)UE{WNUmny_bE!0%ICKpYF42bjh0-<%}MV0V|Ao
zq;fidY88#4{B%Yi=YS2yGJYMMsp@!1p1e|K57&Sl0&IT;I#;}7nl1V1%pUGu2ZSx6
zUi45^tkO3MN?CoM2AmLfkVfc|RT)bS6=t&fcm`ZB4v=Qhi&W)k^Awb``*?fZ5RQ>n
z(7)r^(rzi-s>SL`NiWSkslUlF<VW#}zC_wXpTx_fl~T;hF%*FJiM}Q}Mc**#p^a30
zLun$2;un3Nd=*x^pEGdvU0CRcKgtvSBQca6S_-H1Do;fCM<5CUHZlno2bra?QbL}n
z$d6zQ6l`n~G5~*Bpwg>+QPF`=3=Cod3`T%%S&veDzNpwhI06nbIXyqXw+v4CRe|W|
zfk+HoWNHjKK-LFg<%9xJn1Ub>A~Rv=;&*%qOn6l&EHMy`L4wRlZwpxe(4!n*C@MJ+
zi$OskK<^8HmcgmKEE1L)h(~x!AWk2RPev!K5?>@N-J6I&LoAPx1>i3aRC!q}Dl?Fb
zK##0OUj@)D?@>u87L^@H!C*#)^)tYi4o>w|iKtv}8Uh=#8OAt%7M*ZXLW!{aKn4aE
zvK{?8po1<@^<}B3!ax=VFM%8VF<`yCM>W1wSaBc+L6E?Y9*Pg8g9E%Q6ISZYLl7kn
z!@yD_s}Kgnmx(G56d*_-$Iz3h@mB-_UX_cg3>0C=AOkTN)pY55014%ys=ct|8IZFv
z_z8UJ;naw#{^=hVzv4C(n18#ZRzc4R{30VzoS`CH{(dQ;@&hO1za1~KC3($8m<!<8
z@{bF!P&0cWgZy|GZ~g!7?NxwuDnM$Q+q`Y>=bUy#W!m0q{Np*5;okj0!lQ)Nx9K*C
zt@P<fiLGquF!XK_{FmdQ2pk1ej&pAvDVA^W^1>eWPQ>gV+jAs5!1vmhL@heV!faiO
z*j-&B8z^EyJ+6iBtS*rSgtIW~&?2^17tI9rm{V72p<AnqW&i`tsk5|*&DBNH)r8H>
zqP38X)kV^P@aAT|TFCn9BB^RUW(2lc$lB^6DQbacX1cJ`h}A`aKoK(nIW1%rb%|sk
zyqOul7O{f5L=v#qbVA^dHT>UT-FkG)Vt1h7a#qXhXH|!-x;6&`Q#$bVxXhT@?m+#e
zik4M=)pt2{?e`2!37qUKMgh3SqP$Ty1Hb}aCt!;NY#Q~2Mug1|;LkQkwH6xPSNHE8
zV{Cd+H)ENL)|8PCZfZrthW(;5!l;Z0K5HVsR38jc+cG5J&?LrE9}HH@GbDJgiHxS+
z8>D7vNPw@2jHEso2&6J3K++_JQ|}E>+cGeNXb?ly2K|Bg24*`N#J3BiZbGMivv);j
zPD@ESwB&IQ<Q{xrw^?w}lyqtm1ueP4J*fxxsom^K{a>#vmtn|l`;RTm&*cAO3oGWs
z*Mryn=e_6M*PYkx*R9vh*NxZp*R|)>=T+7f1pe*Vs9BTlwHDbZl>588!nOvx3>h6A
zU`X{{4Eo~1e9KXR8qzeHR?TKw8NE!8*d*gwjjLN3y+|L_II3CA2B-|3r-yHp`BaT7
zR~b4>AM{;@sG99_W$<(b-1pJjDh&S0;7R(BhSB9J435g+@d~&G`j#pT#>(K)iop8O
zv?{jumBGXGi1qZIRTyNI(S!6Mb)%Y9Z1|PY{q%@+s}_G`OZr6dw;7r`agZ8<A@E$o
z>{gA~PYuNYSf^ojphoPahN2I2)SzBgBX(0m&;zn+m<_9;JE<Y)0?*Z{Th!3)7IGvR
z8{o-X;}dylU#JsTvH`q`E`@<k^gjR+<yb1jg>0YALNDQVFX(<Wq>7$SasPZ!-QN$Q
z!xHy>lqOP(b9KB(u>QBFxViz(>sGb1>{hpGR=28Ew<=Y)%2g+QOn8!LwEVY&0a(ja
zY5nUfnhXPwS=Hd>fEOwREdXRDH56H3oeDu20GUn=UPjGPg&+-pOsxhl4P;d@iv%E3
zsi8=zohuV~0*J}gP$YqM%4U`TVq!HEiQh?s$S*L73D`b($_>ZIzv@K{9ty!iCB|kW
zGG!cAicffh7&HX`0+AT`e;plow{=Yaqut*Cf3@3q_m6h}w{HmZ68~tovG~6{Wda63
zUEd$=9`td8;lg3o{0z}5K!OVxC{L}cO1ub=-~@`uo5`sX&jKVkfbjCv{Ho}a010+r
zkDM8!D)A^llnodtM@?p;tLrPk)EV>7XmV7Rz~okixD$ZD0{kXxcA!Gs3P527I?0+X
zs}MH=P?&%pWvPc%i0c3djKB*SvlbQfY5)QQ@S6;EnF@M20D*p#&mHzS-fz8uSjzP8
zl4anEaRtk<6zL0-Mz@OCxXQ8Q>E9)d_7veVmm|s27beQ&6|vEjV@cCfCCUUA;Zm?N
zb96nu51o|cZMl^K9`>vKB2f-26VxTI!PW>r>Qnof;V5240l=;i{~6*S`Fi%mA2z8m
zB{%CjA)Pk(j~w9W6>kGE?ysoG+dOy=&d!9&Z(*=~=U@Cw4mn!}He&EA?Y{UsN)(#S
z_fh@g(iYA<@<*={YleYeHJI-hD?a<fM#S6RrZrM~8KyNddu^sQa(k+`ST%|%|B}99
zwgvht*tkxWcm01xSNNfz{|<0NL9hVh{Ehz-f0_Rs!w-qT{Ryy={~`WE|K<EA{(Jxb
zXW_s6zcJO#{{$FxEMlnoVK^OV<eu2P=eVwU1P8*H(?LtQh)hDL`hGYaw`7(lJkzr-
zdBA;P%qc4NF#iBt9KZh~u<cu&`UAHA^&bDfywFbxP@GS$t035C{ddv6^w75d5J<s0
z+m#pWGP_$eBps3TGzg0E$#iY{*Kl-y)CmNew|JCJeii!%CUE{gVlH`^on~TC4Nvh8
zi~ni1#QWpcr~eKww?4rFjPp1COTg&=Ex`C_|AhZ0V8<7Me3~J`?n^h`bT6o=bops+
zFmFYT5yI1Z;+>46o$@M+z$$8$I?B@i&OMVhQ}=!WI@=eQ%XP0qKiQ1fSo<8StDQ9{
zo)kXb9l?_&^|BKGuMvDKx}zM*5Yi`_5EHgfG(D{UFak{w$ndt(1RG%A-OKJ74F0gC
zx6+XQ6#iEp+@Cr<tmtG(|H}M_5oCh<iRNF?{dAqR=KaFSp?$FysM21I7bxMD+a?bx
zwpY0+)0roi37O5cpNb2a+J8B@v|GvwmR(i3Ig^{an|~Y4k?l}jk{4IXk<G&7S7Xaz
zAy3jkBd?VdUM0=G=z1vTSHh@3IAm2A%V5Rp1Fd|wTDaNq6bm0a@_)7W9Y9en+uEcV
z(hyWKL(VxT$sjrBAUS7H6cEWtB}vW-$dEyhAW2CoAUR4#I7kLX2?{ds&kTro?tSOo
z<E^^&*Q;AK)q7X(-g~cJ-|Ftw-QSu$p9VUuk<F>3f3wETrCbi!-r<=ck3CfC=^QW)
z+qUN2JoxH~XRtn^38DB)k=J9}p=S@!WNF;|(1E-;zAv|-<T2W@q~>t#v9?uDRI4@p
z^SB8aE9?gx@RN2rF=?wPL=_FJqAp(-4uUp5DTHgar#K3DL4ki#EJB5F?ZQw%>ZJEj
zMY)jhXB%sT<juWM2EpryP&fjvGe{5!BFZB!o@0jq5Rt4o5BXjO?_F6l!2CTC&`)*;
zb)vY3Az6wKqLbpj&`?y-klv&r<fXZ^l*`{`WqBh@aJ@c((O>dpIeve1!~FQpW$?W}
zG6(OA39!7t5GxRi#@l#xR4EC<M?;Zz!N<1>Pooh=yH6eeZT$Ykz<&Dnt>}|C%LiK%
zM=eL(nEhM|l3QSVCK1t|Nyq+vSXgK^)vjm%?N}1?Ra9s=y;$Ps%~yUYu?f1Wu<^#?
zjWOoaFar=#6hqf#JItCe;}DL8l%S|3tHv<X=+r@#?Kc5D7VIQfIwE+i%F--)m(s9#
zY0{&3Q*BZBa?_*uU<(9;CQlj^J=2$E)QT7lJsTJ;Jl`%qQJY}&xYCF@7v_#4jM4cT
za}n)kS(b&maOdE&TOn61AGNAGFx6j~!`wC$W7J6NT*cf&ySqvGs`CqvzYEo3=SdC`
zo~SjGYP0(IWCDA`RXzLlYmW*?Zl$OvDEPFKUj62WyWp2VSGRar_tLMBrO@%#<Z8Rt
z>gpduOL<7z7;Ch{wh(Nk)C5jOQ}xCi0&Of-Q++IUQ{%>Z0y8Y`@U#$B%L1t@PQ01z
zYRF7IEUN@wypPKY=XJiZAQ6UO$%N;kXz3@B62|gEWVEGOu6L(Z74)*)?aukq(!5VE
z>?B$1y=3ZLqTXkEV|;qdtK8Iad{VEVLw8~iDvS_~K|u}5)&9(UI-kRn?FHd{Regww
zC1+mGI+j;>6N(v4MUKG)+qSKLy7>YZDmxkxT6J4AH(M{L`W1*rg`L^UXtUkWVe^lP
zrDsS+_cv)LZL6?tQ@c4+OgWn@h<LFxOa-yCOs_Wi5J_O?gb#)|Sk_39Df5lA!=lGk
zIEsk$`QDY)&Kvu1v=UiiSA|caxawz461nls$iP0YGu`J?J=ZJry)Q`CgVBV96W{&~
zV6pv1L>2>a5_S(@S;n)iVcR6A{|Vn(`z?9XB2Gj5aZ<08M~?Q>q~6B{xY=k5TjPGt
ze@yyN<1MA%@p_zVzn1R%{PDAU`}2=qqJLwTNW|L-mKY^I`9k}>!RY9bAe8gF={Ibs
z=~2@WF%k&b4DAKThh|%Q{!MF7Ffp2Jh;&;|NN}4<C^7o0P~>)e%Q$XT66R~+c9!+r
z77nC9oL3PYxwlEgKvY0{+56J3xvi*&l=-i`dJtiy$W!FNMi%w%NrM9yS@iuO8xS9m
zth~d*x*o=11c%02cD7ot@_Zu+07)6gG1`y}-v`M7>9!PQhZFc2T$QXZt7RlEyhX~F
zBZYu;$ddJKD|t;wD?vs;j#nwcDjUNuK;~p=G`-XXF^)FI>2?K=935!Ybok0hCu#&k
zGZ)lCNB#iaj1WP6l-qA%U(Yx1cqikrrN$!PF6mK?B#tKbC|a#_j3$9oM1(BrlN1L{
zes-s5<Gi+^ZHFNKYh?5|i9qFY?P`7#r?d#w(1Pd1H=G`26z&%XuLnx+!}`jAFSi@}
zQ*7Rj6<^h1S{Hj%P<<=mgJNXA$Bpd+aQlIB?95TcR8`AicDt|BCHX0;(}AEy(#-hq
zsFu|RAbxO_KoB5ag12Y%&YnGXM4rN6_;~fRyNBb$=e_Wb(W}>8hVDyJLYg@mCEdgH
zYj(WpO16xt={9zh3z%QhDf}evc{C?vB#-qXZ&o;-_&SJV#>#$%ci<TWW@wZ;R;`|$
zk3=_Tv{rDhdZ&95i+I0oz|In#n^{=qbp6=A%<25`$ug(o$B<=C`;Xk7b-dnmo}Fn;
z4;rqgiMGysUUD=0_-@I~<m2-tH{*{fOKyfA>u=smZqjQA?Vc@|QR}AA`WSSxGf^~a
zX6OSh<JW_{J$hl>H$u6W?l@`tT=G#(|8h8U=g!9$SG{4x+KN6?u0GR>-bcjCPsf+~
zdv31iHEhT=YzQ=LFf?osHVho?xMi;gzE{JGCsbl#(x#<jfcPoib5V>iQ4CjAyhgRo
zS7ib3jfEL<K1m*Nb>HaJB~q-v9@ZpXzt}blo+)pm0DUy{5CV9scnG0+i+Tv5db4>5
zp?HJpWm{)aW{~IIPPUfc#~yoa*IBnv9By^FqX&FXeM(g~kUHS~uyiGJC93n~;?%*r
zgW-ezgYJWlgZ6{w8?*JU%`Vl5fsaY#<|5L*!AYsV21mPMlanH#IJ=~9N=sy2eyoU;
zFwaa^rB*w?Xyo3T8&gG#%2Rse#|=_j#f~S(gRoKRmr+A%I(E{l>p9(Xips4oQ=Ct?
z99)Utd6hkvtu@u22Gp9WPrs=#Rh|y7F_oXDnR3hB0#3yac<s2<^?P|dx2~S$pXR8Z
z<(}TEnq{9ZubO3^=9$EO>lNjKZqp?GJkwf~Y`SeC_Kg?wbGl~~_qVc*U}L*3G?@!+
z`qBhv(AJl6+!n9h+RzG$yIX_K3TC3)Q%g@xH>b45Id5&HIo~sBdR>cc()6M>>UvX6
zZQ!b*06TQu>vr96*+;!P)<?>DjT*BBAGL*w@4_NZar33uH0oA5+g3a=RyMwjr0p`e
z7Jv6Hfcn9$exOcYXRuReY9KX5!ay)%+)K^5$*$Hkaq6jvtK?p;gboo?)MAZRXL3!p
z__3Vo){whdU?=s68_yPSBsSH{)3GkatFp#Ae^z&jBY#$NY6~)}I#mvtRh;4(#*O#F
zc0^Zf@~_EM5WPCpHWVA<<xoSHM?tdnevG&#ys2GHTBDv}<`O>|bl%HDsGf8N+YR6y
zLLMxUgEIrT2&(h<Coto6TKvMuPpiT5Y)NjO=kj$$7n*0`uZiF%3zr^KKYN3yBHJ^$
z2OQwm0Mj8IxW}|KDi<m!S~UsCG<`a0*%#~NrCDvAK{32}-wvI>Nvt}GPc&mPJe{Iv
zQ`0Wh#!K2R)!K{4F4fA5#x7f<oT*LA-HZWf?zLNm&DFG7C7Vjou-R(c$sy`8snvsP
z?3HdyY~=O23Y%TjY;vKSvwX9?o3nKDNjGQlW=QvOExgGeKG-b{V-}T}1SFYCOfI~Q
zRrm6!vQDJP*zB@FXKXU5ieeCDoeWQ)NZgFGNmcX;wn<g+x?z(l?`3IYKK!(%D-x1)
zg(W`zvbF?7R*+tn6C%S%|3oYaXvBWjD?R-*KE5%Xn(<D-m<n$C8;j**1iPP;-gT;|
zWVh&tm*p^--)k?(QGfy3a~OSU{>D_|<#?{cl&<Nuk70vS+WRp14=fBkEf`|*lzb0*
zZFm#ARXO?I_KLM%`M@W7Ixq{c!Txw)!hGa#@6RpfHBu**uzu?^lvqNKGL%kMkFp?Z
z!qW`Bc|$<#F9~v|lSdg4enY6Wz-ghec|)AoUlQcg>i}?R+cPpS+q@wn<LnJP3NUQJ
zk?{U^6tYdboyNN)Q1gYz_zq_Ii%@+t>C!o=QZp&GPuY4E*~xVSuvNXWCi}5c`>{;>
zu_*hoyY^$w_K!wNl(iK~ipaF3*9+H+y>w$6wFI2x-xLv#X_xD=tn*h3tCQc(x;*&R
zIdQ+Jl@<F;#Glf)!URJ|_cKAr39DTYykeo&fL{dPQyG6az0$MN)H$}(xASIk?#7ni
zhTodsir<poqThnw`+Bz-LG$O62s=&$H{3w_?rbdSsK-!Dr>BckOueVGrz^^;Fk3_>
zkY_a-<y5R+LU8-A5-z5RQmIp3cM)ev_t$$cuV0t|4rj5_0<57dA)f<-z$6$ZRp~{f
z5OAF(KQTd64FM<c6fOj2KY)W*9adKaW*318vW6nY#`Ow6M0W5GD}b3r&<}O6!c7GB
zCb%T9hg`IdJ=x9@%Qb_#(xzm)+ZBy^Yr14({_BFbQyZ0L^W3z&nQ@c@8^tAYC9-9O
z%~P{GAY6_rvn_n(EAUx@Z*y%%h{R*qv1YfSYACDLsn=M*ww$a=zt3=^7;i7VO4tZo
z7<2V0WN*_^yjJP%Zsz!Vo--6tPR$P?Cjz@)61cu#=6Ml&gl^z<+VI{3xGp^P&>6hq
zhUtxlBQ04^F@xg<{2Fq-?a{n^4xR(5ciZOtj!4*!QtS+DW;WFf?-!=(Utq>`=_tG0
zx#Sal+Krv{XFg#}iY{kfii?&NHhQJG!R{z*jJhpydkE3c{;pbK&2I(K9cCIlK)%pK
zf3;6oDZuGPL|cX}wYEO{nFMgaot^+%DC=(_3wwBK4J$_#Ez8n1WgAFX65d)I&f7Tb
z;yBC)%y{|IMA&Bo&HDGfy~F+df+NL)&#)PK(wSqHL<O6n9~%=^g*^77z{(7v9J_bO
z4*Sq8Vsg$R>D&FAote(@KRRYXbf~c)Vcz+!AUbTY(dmKI!=^PJ5X<gi6MUM9qCf;M
z0#p#Za0sF!2Tz`6R<*_B#Ja%mLjF^c^M?;m!A6)H%*}8+NNk7A>ARE0HJ3S(?qJ%^
zNv9iVz9VPe03_Wxv3VK5>z>`)!?ZD*xVQe+cgN<XPt}~LQN<&%!m_{FiTzsw2d*97
z`0jV$_qE=)`A)OXjOf!x?vJ=0eafoHa?j$*`b0h+Grim+csg7p&<WvM1gae*R<SBk
z6hHaj{ITwm7}mVTBG&g*Fgsh+^t(b9U&t6v9Nd|N4oBcjX=hqTQ2>Hrh+Kf83XTp)
z7@_s^!x=t5pa_MbgTN8zXGsLgXAeJj#4aFz4i^06$4lUt0^ybc7YC7flxsa!xm!9t
zHmh9SXfRuHi#29l;&x`E$}HrgR$Y;35-?wK_AwP=NvEPm!+JQiCjaC6^e^y5sH8J5
zta}AEUbB(+85vpYze`FMu(9nkJQ%%qsA`mTI?`)P-0dzDbbJ`Fb0`Y@_p16I^}tYn
zV1-aVTy<wB2<0K4Hl(w*cCJyepQ}$lTHdMJ&mV%&KLQ50dHmWkzl_5@#&xFQip%E>
z_wU@EP&G`;mY}T;xhAiyco2s>83$^J!%C04|3#C`=GobpYxKUNV!UpnhXJ?C(vyUu
z=+$PWXb}1rZgCg9#aD;ilACy_Xu(qW<Y-}rG<F!c$h3-RkrtP@L*#qow-tk4(_$us
zDMeo{r8m6HiJ2Cr8p3Fq*!tkM)#ES?P!hf}{u_B7?J@$sH|jjPagoKB^)br~+1iq~
zBipQ=p&7Na2d8MNR5Hw5_IPHZnpzq4`LZu&^8^<#8erW%!7U$6cqO_4>?zGi@2Rz1
zrE0;*?|EbSOD`Zpg`e1wbHt<wa}3Rya~#cubJC;+a~jP}MyM@wTMY?)Ax+paODZ<`
zN-yRL$<-8fO{TId6PR0Q-tD5ulu?}@Fn37Ab01qgoVEUDC{gfm%lb%Ba=Y`GCkQ_d
z(*`w|n!pA)DIF2VV1qR&(}7PGBD;@IU3FiTRuwH$^AdZz+@yEL%?$a}7*23_EGMO@
z1QvC894D=*d}G`#mNhHb3OcqjO@7X>ZGP);etwk7LOznteU>f)J1qWO#%h)s0*|V!
z5OqtY#kam#65-h>nlwe!x+JXlwsPrO3(T^t^n^)O`Oz%S-C0$IAl3(1+LOBSgeAPC
zo2(Y$WvXn`-St&Zd)dBsx5^me_jI5b>8GTJR|gRdhZq}TyX5{KTX7nucv1ZcBo=1>
zzb-hTfA^r;u09G0NQH79g&%Vsn;v5$MIdpZm;qnl`><?V%`dfLhtRa;%-goL&gZv9
zg)X!qS>ESXBw+**Jdvs9HX-4z0fk0b$}SFG1yM%eq28x?O>ITO6X(E?@nGSaEDwZ4
zw}voA&UwhBh8RcwwF7SiDQb+qbtTV?gRpU|bZ4dYJkKtPA4n2N&7pXO7vy*?f;KeX
z3qs?ll#%cp!t;Q!@9nlt(C`zGb_7d|aw)GN=~Iwl1bb+TWlwAVZAY^RE}UL`JN%Ij
ze%^9bzL9=@{`i7o(sv*i<IJ|c?SeMP8$gj)S;769_LY1yq}w%OY6F#ppGglv0aMw)
zB7jrKRE|6|mVoT5Tx2a3er7Tv0r~Qwc?TbUDKc7|ga{?neEni0GEM<i*#c>u=~3ZY
z^*){Nqf*J5G$k=kkSDr)W9ons#WCGly%;^`F_T&Y9R1f=My~pUPPG~3^@R1b2CI>#
z;p3kb7vX*lKjqoZ1La@%HI8DwWWVXxjC}h?zoyl5z8_f>eI1<R*_9>x0es&RBMa3X
zw_XI&N8^HP<as|sb{HJ89LI;=3)Wxe=0)!SGcH$hqql;;-Aqe;)d=obs^qxmD8k-j
zX^3kgVzE@oie3a3T;gUye*zA=IsX=!2|WXBakKZI_%$o@OCmnEam}(q$Cn3HJXe!N
zd@ONaa-wtfw3Xgml@r;`0Q)N8zNEcp7AITL$y1p7_xu`qFwp`x20A5pdA<^eP69Uc
zNDFy&85}WRiF%JzxUAI@4HqO#Jzt50js)I+&wT<sB%gP;XhDVozmT`O`~8MrvzQq1
zFZnfO|Fd7?K%V9*^*ne2XhHsE3V$4EOx`}#>V#T?qvVR=B&$wtH5E4;5hrL<gFF-w
zE(od#9*DRjSXPbP4-_OXn5^uLuoT>^vP{7#bs@1uO~g?YWUoT*iVzp<eHPpSBq29+
zk$MLE?@oO3bH4_S9K!{}LiU(!+c~EKxf!@mHt0-Uf&3z3M&R|+;KqnS0q*f26WKq=
zP{!lxBI*So<)44gujxQ+uJxa;E|H!2HO{glQ-fuK{KYtZj*A!lnqlF)WaoZOdc+%k
zP(g5NL<4_WK5`0BpR8cGGASaLe-mQKh{NVcqJ&C^bDy6bf*cp&&)=ID919dCn{bfI
z3yubIll@2inovR1Nl=?zmjLQJkS?E8Un@WAFz6Z|QeT{XgfQPAtTzItkZRf~^2)}M
z-t5J<jv(L*OXE5BYnnm3ykV&{O`uiYxE>@<)H=`vuVxPthpZhbZI2YYtOco$ZEG@3
zImptsi&a*aG@%<`x8tW@^8^&ei<U%_4f5d~e2c_{nhA2?jeCp4D9cG|^;U{OmYFoo
zMk;|O9u#cTMJEd;9qz)H??{OF7yKI8|N1q5->-S~U%%!*wv+Z>zvllxzed4VEKwe}
zkNlzcFeH~}kte^C&9QONA-6$BHk=VF=1K+wrL*q`$fZAWPaMATi5vSS?XIrffOMu%
z3WzU5FoQn_O-h9#>mbtwFC*iis-i?A_acFiUO?~c?aYm<n7jL#ef1sRd9uP$Ven$^
zlW)UD-_!BNxi#~L^os3@_$)Fgir<*UB4b-G35LjbVUR4)8WIo!<kFbwWv&G=Q)1nF
zl54?CgcVLpL(PvKBhBo9kr7Odk3tr-oc-DUkTk$9dkFmiDZ2rEUsYTdZ#h`(KKk}N
zMSZ5E5|{9t+l#4Pv&H-la<vM+mpwl5pNSR;JHAJy61#JnUH7$L3x6}MT){f0^8&IP
zF}$JliScFHuKqBaqxueCF=a`|k$OqkI=6;n0E3>CWJ`cAbo21-p65p4<8l5KNVfO8
zz?$#r%PGqV%a51o`mPUu@;j!_v9%*L!tZJ2t!O2z;VtWB&FhBn7WJ}NV<{uE@L^p`
z*8~#yp=b<Z3b!#1?g}skV{!&FXkjw9(bFhhLs8tu087(ZphZc=E7Ie)(O6<&A=B_E
zVq6YJqyDV$?Eo@>kZa|UF6P(*U;Y4FG0Ne=-pGdixW?1$>ymr+YS~%4I{~{?TLA?c
zD%lAV;{LI)zho#Z`1FvzwUv0Awh@VVg0|*9dl2Ah5MdFDt_7CjB`q`pAKEObD;BgV
z7!0%zq-bL?=$>HU^T<ZyV^{^HQO%?Jl2F>+8?wAf0$z@IhAa>ik&eu(3PMFS3&M6l
zX14$oed|@q3A$n-lZ14cTjoAK4HB9k65b%Pa4T?-nim7)A#E6hB_*wjfB703va}dJ
zZnK0EcMu>)iXI8gLy80+5CpRrWPBtf?qj|q=iTx7fr*OT?D*_p^Tp-}|CmFvU4doi
zF3FJtRWcTSjjT@)B^m42BKbSX{NfI`24`||rLTl`0Q#_2GWxUlX|oO=dP$B<4jT<m
zj@*HGs=&BGW2B?v1$PzguYC>r_&IAKYiK64q4Or*66IU*xVzx5-2Ke`)E{}WXlCf@
z(LFlcBi!ZPf$kk{5g$K!4!8Ez_f?i_WlCrAT$g<=?*eq`aE@@6cLq9lI7K+cjFJ_R
z77D2HDf1~hN58`_zhsPB(_xP@@IDpNmi{a~*NBb}m2a^s!ZxNG)E)g6^ftN+)D_(c
z>LiO1AmJl&X11fZqkbn`W@(sL3ABu9BMWKihajhYPF*m_;|k@nu81&;c>#J6-2`fi
zZUi+(H-H+*ZV1ft&N<cF*4S2#8J6bi)0G2_W2(vQR`?v_Y@==Ok74v6^?WN?(92^B
zWwU0JWus$5Wm{x@RU)s4QxaWFrcJ6vswwc;NqEemq)pelIAXYh!I9b)Y)dl6+)dq0
zQbMCk$BfFn$n=USk13SNnn|`$UL7YZI+IM0RDhIUz|N^_^nNk2&SHK<4+F;l#QhyH
z*C$BDSRJR1v6+&2vHK|T`uE-2hl2i-RRs)8{v%J|T?YpT2Lp#Vhl26*n$c0pV)4hu
zVewOETV7L(`S}Cpr84@1i50SzI)izKn%TDg9e)VBj^1FXRnXYVRh!D=K+w%7cHlIj
zeEMbB5@VM&V|==*op$<LTgLQs1)mVVQ}R^>#Lia06SfWGWRCZzrCQ}^>1rNFLHWLp
zvPlxb%!0mx8`V7Sf;d?*52|@?3if5G$=Z*MPV##R_B~PywIBH~Ng|$UKd`(|&Eqfl
zFuQNZ-WthOHK&ixVFxrN7AB~X+h^^t1D+DQFUUC5!8|1vB^WWZ>{xRL?An_b6I{a+
zFDO6Up*lsPJbeUbRbAY#Rz2{X`*z{CyYgaf;LhT}ossOF4#clOaz!n$Kl3<C2rA-!
z=s5=~(N|oYFdENV5}_M+SnOLuk(}qI8<U~Mvo2Sw%cd83wGXl8SctX@oq~w7R(7`w
zPm2u*;?=}Fczy@s`q+_N*44VimC`wLWoo(Y`JF0PO4m&L>E(szJhOrw)5{0XdFBN*
z>ig*2tUFvm4KXZrJj;U1GaWh8&9|WS{>^^PcTL3Ki<ygkq!{n7>rd_X?l<Tc>L>31
z8ne;ix?`J(;7>@rjVDL1Y$@1RQcH%!>S_r<LPj;lbhe7XxAUAvqa(GrO7e}1wMW-p
zokA=yCZDWjs+;`j&v12zS~l=-2z4xVyqF<L%Vb<Gh;QKG6T<0>DQ@5q6zc0!3-uiN
zFvEXUsIOn`mFLLr3`ut8%E~fwBagJu!@)kjTh{m8REPSkZ|#6*#T11!hWqkv?Xb^^
zsR|XWbqLRjX$S$=mmf6Vfw=XK#^g5g=m~YKcbLqQlug^egTbX2xYXk_n^utt+$_Ls
z;;|C4+w6#&O{*fe_OkAG15K$VdW{s#rqyOfY<1MklGJ4`ZxsYLIsV~B){trUasT&b
zVN>u~*y!0T%;{_vrl7W?HR3nQPbJW&uyt`3rY(Bc>BlUrqkc}TLI`g&=E2K5Htvrn
z$z|_aJGoO%XRhoox4pb`)17iQ)Bfx7!b_f)LLFb14_@-L3TbTj(ZT-h&K>kQhNYRO
zLumP12le~^EYT5_4A&t<DiMv0z`-ylI5+}G26phtK@MTO#2=qy8Nx`wuRCZVors-b
zF-RZENX9>zgNg1c0p9?Bc_*3VngdBLCZ?LQ19$F17?6NW+d(teG8{;hQ8V~DJc2l*
zbr4@R6r^V7AS0VdmN7B-A%ao3rUF6C)PR^X_&I#b#l%+&aln6Kc^^ni7U{tKWZ^!L
zK7)Sf+Jgv&4DO-9YoS-v9y_4OB{F9y4%tL9>ees_<jd*P=l?aoF{9bsyuy7vRRtXP
zYMJ}0=DkTvZzQ}AmcA2|9ryMu116||7%0Kif*2UjWP0(zDA(dJ2-;{Z&|=c)7UGc}
z$X%w#OeA5@SE{5pxy+53j;7Ym7<^^pwHRhL2{TO+b!3bc#E``<@{v^$HK7he*=56L
z`XOu!grRS&Fss6hP&jf^EL7?l=B*miI4y}68FnxGJu?T9V0VN)vy3KTV<hnuSq@QE
zTz=APo8GGGu>42wQaUz&ssrb+NkN0=l@iQ%CQmUZOsX0jt~|$_33Ce(TF6AgZRfes
zE*uPIV@kWy&vT3YQI5JHQ{|N@%#UH-C}Knp-(Fef@s$y8qipKje&(l2HQo6wK4AVK
z)EbF~`brlNMVh$_R22%MQRyP63Xi7YN4vL4BV}_b{aP9ZK`yOfSX9O*{w4kxPI6OW
zEDBSxMn3{6EE>~mjnTJg*0hJ;z(S>olVp^o^Lvzo^Ho%cQ`=RL3-EQ~Sb7N@WYp|*
z>RIM(L;#Q4)jJaR2>h@l0XZ_7(nZ|5)ZLN1dF@&ex{9pKwko7L?~+7pHAr<Y6GEzr
zqgi!r^(XaOv5eC7pC{k2HBC3zPYw>Rq)v$eRF$#wVcR2fKmfIsL=!UCm-T(vT5WFt
z8rn_dQ^yE5vAh8<WXz;1Dh=j)4tZPJ&4Gp(>=<^Tq?Y<=q;~g6tx^m%H>)PXpAAmD
zdDdf%T!lX=SJh)f+|8M6%HCw+)y8f^#NXsXB;0h%>odC_krZ|=V5r?8m_Ny`AbbSH
zDaBZmqs*?%$hoa{+c=2hHIWT=HDIbtu$p7Wu0DJw#O-<JXS<i_?)#a@_vTgWxlO41
zBe6Te7eOK_oXo^2*uCM)A)X5jNRQ;~hr`#R8#PTU`=9c`z6L+i|D5k5MAXOrJ*f}I
z!0YPIQk30%JDXy%1H*iKF5=dBTW#WZ@wScp7^#*~{fqGS7bNEG4*>tAHU3>%BWtdV
zF8P?ET(MorBP`wcl47S)veI`Y4NetgW%miIrpj{0oCL1lVDpfBI!M@rRRIfiUo4g*
zDHfYER+FaEC>Hw*Vx#t*U0q7pFh9lX3}+_rv>=!XRsk?(f|%Xq^tU#Q$>}C`3F&vj
zn7Zt}PWh8g`ucqEq4~={l7WKk+a3YDh(?X1?BhkEx{UDcF9~DMv3pc2X3D`npI~=M
zAPQoH)<<hklx9@cYh^<eZKT?3Wl0odv~A176?NMvy2t7|(MXkH%9~2|`l{A$D?K7j
zBbRO~ZK7*NNVaW>0CggMqgI=A$v<xuvs4VU_f&7Mv%e6=uIPJ`YB$7Iz1`04Yf5C6
z5^i8S6jik<V6>aS?kh+1k~+%lp{=^yU-}h}c0V|c<BVHc!FoiBhV1QD_(Wocy=_)F
zMBIjz7Ce9`218Jr6*>`LrD5<J40e)Asa7jwA|%7j7OP{zU4vHhwgA8(;Rk~t^Mm2N
z#r=aX2On?j`R(|9uJ<+(eSg*b>U$A$k@v#p!taHilGpX6x}Iv7Ucn9AdYsYCM5vc=
zRa<T>4oh27Pop;P=4ecb79Xqp%c2ygd}Xadyi?+Yt}eNr{B140X33hzXq~y=;8Zy^
zEH0FXEO>+Z+}DF$0M7_p^*_|oJ|(Qt533Cs!_s9-FupVznWg`_hBlv&ro77m@PrV%
zoWuc;O}JBLXb;FDbkSF>wn`^_RW@P!hMi5{h^HHiku9#w&;}4kc(*Lg8W2Ostq-fV
z72p9Owf=b=2Zlbr;icBdBfWV8X>))d;ig`WfwURGhp?gazA4}~VQ#6#Q<R3t*LrAA
zY268Llqz0d`aR-L@($d@vre~Cbo<X(jFAPkPmIbPwAnI7x_{yQ+}zhyhjHGZ%X{7+
zUc#ti5>)^fp=Yt73V@xkOjkAEiiJ?NctYuoDyzOWPXd-aD}J$|B7mCkdr_JKfP&CN
zw^A!u9zaTHq5GfpYh1CaSVGj|ow3STiVA`<LL9LmEcXkLGH3?~ZWQFC)Akau>*T1$
z+eA|9d`P41AYduL;ITdTYy4PN^D(&OyjTYFsZ&u*u-sTG^K(*Aj3axsucd?-Mz(5i
zD+ja58MCx2$LmEFY11du7A5`kYp$_i<YO?)Nw91~auQM0u>@HLA=HT|s*xtzuM<L)
zBQ>?Tm4fNzXjxE{;uRu=wIT5^N&^Gozu?zIBK#V2r}c-U2;w62^E)T3Lmy@6=i%X%
z3OyRO)wkohl`N}T{zU^-64s}|9*22_$AgSpLn(09>}c!(oKUTOc?ZUx`M{IdrOL=x
z-1~tyv9}i%5hHQRAvMshuF4Pzf(q<a{Fxlb02IDDzZ#T>8jCC3*g6C_Js>NfgH7jG
zQ51+zGdVqO1;dKCdE5&9d4S!}HiUDUNe-T!Uj@SMqWDvh^M@b)<D~5l&h0swN2!`C
z6r*<lw_gS~nn^wSsxiJ%xU;|Z!mn{o+_d8HQz4D<sKSkxBYRV8p6ey_w;_=wG=z|V
zlE+R8OGV^*d3L(dzFHh(%E?dE`4Ig83$lL;j3R<nR)zHM3H<k|*W;s-#if5ar}Q^G
z<=;J>D&j4PD)|D<{Szns4iXH3Go_tr9d>9PLjDB`Y&beWc?hkaAI|VOgF*<74je}q
zFc*rPKl~U$dmS@BK>3OMIar93vzK7QF@;+OLL5XU)m42Qm6k@+*>e8UyJO|bg~LT3
zb?S<nM%C6SZ$~xCI%*z{Y#p2u_!^J+8U2;6uOB}u&W3Yyp?=N+0DrOkfHRKbn1J1F
zH6v45{qg8A4ValHy?J{&lijN>3~)-^Ulpoou|BWBS&jc@RZab+uh+B95bTCsZ>Nx!
z9mI1(_YTc$dpWP~!Bl@~6?LlBl=}i@tK~TtoaraXi3o4Fd>t06K=*@ajbJFk!W%AM
z2P488E?-ZYXorQT5sJenQKssq{O4G~m5)%}*-3C7LY44_bk^2>YILU<PS)uweU0>^
z<^6i^nf^~3C=8unTV~)-X5#PM&Q;9zzta*&_n?Qq{@=AnJ}Y*@-KsU87pG*?&pwW8
zJL4sBgu5R$G$#mlizG(vjk2Gel5#uq3KxHK#p!A@<)57!l6hgIPGn)+)*DE%vh%`d
zv8Wzkl+z3h@V(X>7Zdb(VNmQV_zjjGVBl#X67apY8y6E;A;k5dMQ&l-&_yILBIE20
z*2jMiSSffBfjcLI&XpVLJ=n&!I!L}c2>Vx0sORdQ=k~sc&jHx?E7*4r?7IW@{S5Z~
z1oqtmdtTL5T3000lVw$e>WYuWc54Zh$oCbI>^(6qNoJLMWQX8y>YyA3z=mZ)LtEri
z5r0Y#6DIUjI)sQn<pjZN4}{k)=oi6%XDh#xiQ=!jR;p8)>6)giF6o$@-oZacjGP05
zz=Q@a75)XJ5ODoSeqw^C8XQg-QV6(yCWr^ZF+pH<5g6DT&NuYo0K#5&W(7!aot&uy
z4Q?Wci|~wJti$j3B1RVB5hGX6R+Fxt`C8SuF-G?a%4B8V<&tg)UyK;Jl_gH`V>t<U
zhGOff`61*)V0SS=*c}Pn2G1<_%n%WE`u4Orhhv7&4a>KkV<9$&W);0Iw5hFc-pqro
z{>lu-F0$)9XWE4&L-T23c=QH&Dm>mv`2h#a503vCE(?pBeYlPGfa8=${(wW-WdUh_
zBl0o4-{UOgB>OG3Vt_mSoM6)@-yK$-i%s-b`$RNSMEgY`91J&;^Cb4C*Y&$1B;fuF
zju)<fOS9Sg=FuAQ;e8)?9MBmVsYd)SCW*uQtB!Xa689Z?%HY8`okxgZoCgQ67=tfq
zN;Zs%>AH3|)0OO&VZk`rr$G#C#YRSb@JY<`f981!wmw6S#qn?nvc4iL7;KFS&OFON
z>16b9xtIWj1w*a*gkd+3f-~Dr?*ew(dAM9mV1?k<$>%3Pv3>IsNS%m`vo~b^lc{2E
zOx<9Iio+sB&1bBsUEtI%%9PKEi!apWg}<PgMCP1$rkQx=oLHurSmvB)rkUt;mf&B{
z#L^L=HAz9u=9x7L0DU8*QxShkj|>+KA>GdeA!jJO_HC!qUliQDF<?f*T;jd>)5q?Q
zxhTKJI<H(`QCSgPVOt?z!Cv{^aeMLkK~*2Zj<Y{>#lWL;_LVaKC1TRl|2$zl2L^!&
zCS0dz7mz~0^&>gQ1W`2voG_#iaQ#f+4@6*s!0aM0sNnMja%?z&nCDgy1k(xZ#Rzo-
z!%YN!5s~qWb^M+;<|vvC+ctW>a~di2d<V8|lpM2Mre^)FfW>(vuGX<*O8ufc=4!7o
zT@2ehIt~B-QB{Qb!R16?_e+AXJ0RQ!&n)-M5D|6y&(0oyORXrKg6Bk~3r+L~AQxLI
zqW!`%)Zk|FGugTj{{K73qI5oos5$=gc+)$~I8}ycvk5f>U5QIzOrhjqA(18I(C5_0
zKKv`!Y;Q=%|2I3c^>Nuhg`ZtU1;Z8xTD6cB0ARiOB9zlZP##JwtA}oI9@c3lp>PSj
zh=6cO+s^|4JT_khJk7+3b@I>+h24eqry}PMzx~ggGFJE8Zk3`hxFs(_O6H{WxN^F`
z7q0K=-1)9+CZYG~afyM(SZ3k+8=bwmV&AP%5xu|JiTzsw|4z(XNw%)uUwVxaXW<Zf
z|Fb&=L*PtlXIdu|W}Pnz`UMIA9GzAzgx1dwXZV~!K?X+$jw1}13q{T!{xjO`C-UcD
zAx_R-0)Sx(697d4Ar3rq6px}bBHw)W=|}yHv6t)m`8tleUyG+lP1hN3KWvnn&E;o?
zuI(S4{wIQI09j%)gyZ%}zwQ9s#Lq(Aw8hPh4^1W=`b)^FOA5+LXiA+rN(x~!knTTh
zPFG9TCv|>Cy8U}q{m*(}Kd^!;AECO_6Ics^s}j+W&f3~fjUK>*<o1^Jtj=5BFZZ75
zA8|k+_-o5-A%c61lJNn_zjb@6ZZeTke9}!?23~EM?t8boB5b<Cb-Ti@CEXjQjtW1G
zx-B^j@PFCtU%ciW2>tqTkIK!z=@rFCk9(ps3%K6({})fUPZqadbrLT?k5U4J163rC
z99|N1*X_Rg)I-?Z{}pzklby9ux2r)JSQD`OZSmwQRr&D=crMV+Fi?8p*hh0Y(D#UT
z`@Lk~(AY`uHltYJjibZFh3^L|*!CwzgAecCoX@@-s3IEhx+3R<{Y6VYm4DyiHw7xF
z0kl7$#!p4^aSOrR`{9Qz_ot2)KOKJS?5W$mvK3p&>IeHI&8)_<+QP>5!?)hayG%XT
zr5|!k*X@epl^<8<a0CVmpUCN-02ZL17+xIrRvtTAE(Wc%41C*TYL|qj1gz|=m|p!*
zH}<rp56|oPj={;|0u;M_gBZ<!R`PJ?q_ETXgwz?@PzxP8#QE6czM6VW9+h$&xR={{
zQc<GYqIVlJkjOEy+xECz*)hOGGVGWG%1EUEVF}o2+K28Ra6p$24h|%fPTDgMKApH6
zOa?L>?Z{=9MnqlTV$!pR?u3V)w82VQdkL3JxP0&H^gNhcTN$7#@;p91U^+HD2}O5>
zeOKj`&dC<S)NWVYg*H{VuN6wFNtzC8n6DKcnoIiU-&lnyw)&m7@k$Nn+Sm7vTYJP3
zJGGGAZ^|cE^I675N7%|8)f5h|JC5>$Dc9n))io#&pu6r9K9Gvh$()m(&yVJgK5@7P
z*sV%7sf!GM3e;8?cU?<9et(kP0&4009(as;Ja97JQWjX}d0cg(cgS}Wx}QqZaI(Sm
zVl6dL1UiqthQ4N=ADDdXdr1C%xJ51S8wb>FcwlFI<o&mo?rR1C4A7|xf0dSm0FL96
z6G7-gwtkwqa!XQxNPbJ^vHIcOuE8+gE&2gx=-BS~@O#xjHmH<+zPZ|(dBKS=lxgh~
z^vSDl=7A56eU8`#!dnuK^L7p1LM!r5lBl#K-*M$rLCn<yMWOa<k{Ty+hg>5tNj7%h
zLtt<6UTe_^WP;A_vaK16ROFj$1ad*~)&f;q;*SFkvxg-WPq?9WhYD*{g;WJp`6nXK
z#9fV%ha-|ICn|?ZhvmC11t%O(ufvr!@8K3jn5?#kFLzrCVb8zq3&~Q>7|sgFcwAh-
zQ0rs;a)ils?PRc&kz!4?CA+!sgb((~o5W++!_eJ(lHQU5MlC(NDr@cqpR#uqRj!V}
zzO}It-`u~ur_`B#{B8hx@||vvVUKT5WKV<aA%6;gKmRhn#F`JpdML$Oy_4xB)!IwQ
z*Yr70-#~4DNF&6z;A-Ka(uQosAA27j9eKX5mmF?}KvlnI?Q0w!E4r_zJYG9c9muV7
zQu&loz^~@0QDN^}zLq@V3>l9%yFTS?tfMYcD7M>A$x=IN%vxMX=eqW=<$!99XJ_l7
zNMAPp$q+Ml;Bacd>ZgahP@ckp0smbk`$LJq;jbe8=1Jf7-ugL(86Hmv9c{f=lsv|C
y-9}&Y4iJFuSA02vq8_`Kw`3fzWjAR+zpJo7-y<O*otz-UlT_sVB!(6=r2hv{fc!B4

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
new file mode 100644
index 000000000..824936194
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
@@ -0,0 +1,390 @@
+
+from .error import *
+
+from .tokens import *
+from .events import *
+from .nodes import *
+
+from .loader import *
+from .dumper import *
+
+__version__ = '6.0.1'
+try:
+    from .cyaml import *
+    __with_libyaml__ = True
+except ImportError:
+    __with_libyaml__ = False
+
+import io
+
+#------------------------------------------------------------------------------
+# XXX "Warnings control" is now deprecated. Leaving in the API function to not
+# break code that uses it.
+#------------------------------------------------------------------------------
+def warnings(settings=None):
+    if settings is None:
+        return {}
+
+#------------------------------------------------------------------------------
+def scan(stream, Loader=Loader):
+    """
+    Scan a YAML stream and produce scanning tokens.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_token():
+            yield loader.get_token()
+    finally:
+        loader.dispose()
+
+def parse(stream, Loader=Loader):
+    """
+    Parse a YAML stream and produce parsing events.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_event():
+            yield loader.get_event()
+    finally:
+        loader.dispose()
+
+def compose(stream, Loader=Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding representation tree.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_node()
+    finally:
+        loader.dispose()
+
+def compose_all(stream, Loader=Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding representation trees.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_node():
+            yield loader.get_node()
+    finally:
+        loader.dispose()
+
+def load(stream, Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_data()
+    finally:
+        loader.dispose()
+
+def load_all(stream, Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_data():
+            yield loader.get_data()
+    finally:
+        loader.dispose()
+
+def full_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, FullLoader)
+
+def full_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, FullLoader)
+
+def safe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load(stream, SafeLoader)
+
+def safe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load_all(stream, SafeLoader)
+
+def unsafe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, UnsafeLoader)
+
+def unsafe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, UnsafeLoader)
+
+def emit(events, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None):
+    """
+    Emit YAML parsing events into a stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        stream = io.StringIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break)
+    try:
+        for event in events:
+            dumper.emit(event)
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize_all(nodes, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None):
+    """
+    Serialize a sequence of representation trees into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end)
+    try:
+        dumper.open()
+        for node in nodes:
+            dumper.serialize(node)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize(node, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a representation tree into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return serialize_all([node], stream, Dumper=Dumper, **kwds)
+
+def dump_all(documents, stream=None, Dumper=Dumper,
+        default_style=None, default_flow_style=False,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None, sort_keys=True):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, default_style=default_style,
+            default_flow_style=default_flow_style,
+            canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end, sort_keys=sort_keys)
+    try:
+        dumper.open()
+        for data in documents:
+            dumper.represent(data)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def dump(data, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=Dumper, **kwds)
+
+def safe_dump_all(documents, stream=None, **kwds):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+
+def safe_dump(data, stream=None, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+
+def add_implicit_resolver(tag, regexp, first=None,
+        Loader=None, Dumper=Dumper):
+    """
+    Add an implicit scalar detector.
+    If an implicit scalar value matches the given regexp,
+    the corresponding tag is assigned to the scalar.
+    first is a sequence of possible initial characters or None.
+    """
+    if Loader is None:
+        loader.Loader.add_implicit_resolver(tag, regexp, first)
+        loader.FullLoader.add_implicit_resolver(tag, regexp, first)
+        loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first)
+    else:
+        Loader.add_implicit_resolver(tag, regexp, first)
+    Dumper.add_implicit_resolver(tag, regexp, first)
+
+def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper):
+    """
+    Add a path based resolver for the given tag.
+    A path is a list of keys that forms a path
+    to a node in the representation tree.
+    Keys can be string values, integers, or None.
+    """
+    if Loader is None:
+        loader.Loader.add_path_resolver(tag, path, kind)
+        loader.FullLoader.add_path_resolver(tag, path, kind)
+        loader.UnsafeLoader.add_path_resolver(tag, path, kind)
+    else:
+        Loader.add_path_resolver(tag, path, kind)
+    Dumper.add_path_resolver(tag, path, kind)
+
+def add_constructor(tag, constructor, Loader=None):
+    """
+    Add a constructor for the given tag.
+    Constructor is a function that accepts a Loader instance
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_constructor(tag, constructor)
+        loader.FullLoader.add_constructor(tag, constructor)
+        loader.UnsafeLoader.add_constructor(tag, constructor)
+    else:
+        Loader.add_constructor(tag, constructor)
+
+def add_multi_constructor(tag_prefix, multi_constructor, Loader=None):
+    """
+    Add a multi-constructor for the given tag prefix.
+    Multi-constructor is called for a node if its tag starts with tag_prefix.
+    Multi-constructor accepts a Loader instance, a tag suffix,
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor)
+    else:
+        Loader.add_multi_constructor(tag_prefix, multi_constructor)
+
+def add_representer(data_type, representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Representer is a function accepting a Dumper instance
+    and an instance of the given data type
+    and producing the corresponding representation node.
+    """
+    Dumper.add_representer(data_type, representer)
+
+def add_multi_representer(data_type, multi_representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Multi-representer is a function accepting a Dumper instance
+    and an instance of the given data type or subtype
+    and producing the corresponding representation node.
+    """
+    Dumper.add_multi_representer(data_type, multi_representer)
+
+class YAMLObjectMetaclass(type):
+    """
+    The metaclass for YAMLObject.
+    """
+    def __init__(cls, name, bases, kwds):
+        super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds)
+        if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None:
+            if isinstance(cls.yaml_loader, list):
+                for loader in cls.yaml_loader:
+                    loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+            else:
+                cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+
+            cls.yaml_dumper.add_representer(cls, cls.to_yaml)
+
+class YAMLObject(metaclass=YAMLObjectMetaclass):
+    """
+    An object that can dump itself to a YAML stream
+    and load itself from a YAML stream.
+    """
+
+    __slots__ = ()  # no direct instantiation, so allow immutable subclasses
+
+    yaml_loader = [Loader, FullLoader, UnsafeLoader]
+    yaml_dumper = Dumper
+
+    yaml_tag = None
+    yaml_flow_style = None
+
+    @classmethod
+    def from_yaml(cls, loader, node):
+        """
+        Convert a representation node to a Python object.
+        """
+        return loader.construct_yaml_object(node, cls)
+
+    @classmethod
+    def to_yaml(cls, dumper, data):
+        """
+        Convert a Python object to a representation node.
+        """
+        return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
+                flow_style=cls.yaml_flow_style)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/_yaml.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-amd64/yaml/_yaml.cpython-311-darwin.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..60b429b381dcbb9fd12bb1f3a28f4c384cdbf30e
GIT binary patch
literal 144485
zcmcF~1y>wR6K)b57ALrd1ee7L?gUsILh_=EySu{@JV>y`ExQDVV8Jzz;O-jSZE<$F
zeE0r_J7><B)2FAptGk}3tEOw3ArAY+|E^b0N4Y+}WHUEUr`F!`Y+!l9cO*&UXrCEB
z7=j|YxSY|yizJ(T|M6Bwp6|2SCj)Jw+Ja9qdgx>rZ)N1v3L{s)f5>G*kocdRzTX|q
z4ZplYZJKuO{*_4lmihiB=hA;o+~;JuxwZA_{Hn)1Vjf-Y12)rlGN!j&P$CAfp_SZ+
z6-GHsf}_0gR`I(V;VI|lQ>`bwkA#G@P(eqXZ_d|kog$m_omE7wjV>3CtO8$K(Xcc=
zsM1Spgxo(USi&eU_aB7i?}%nhYyPfvCHMBXNgf&Fg?O1-q3)NikOfZyolK<PR_TPC
z`=0*rRtk6^EYvTh*242r{MNgeHV4!{+~>FPo&LN~Q#*L@zUXWULrWP@rxkME>(btg
zOl&&K$mmg>!=1c=pa?_8HCVvnb_{Eht3^S5pHJ})LVnk`^?#)j1z*f}Zw>$g#rId9
z_IdkicqujHgAxSX5-9U67eyZMw2|9X*ZDUht9rr11y7uvn`NC%7(r`$grcygI+GDp
z%XhvIf%1cgC!cl#x>UivkjtH*URCAv>6<5)5c&Q@I`QD;rwgA$o7Tn0%B8AfQxv8q
z^eki=>+Xx+e@2VGc1V|y@e>8a=2hFZy<7mHOK+yPhwuUFU%T)~;)H>^oOS;X?_I};
zoF#kK4a}sdrDID)9J%z9x)fKeOKO5g<s(Zs9J!Y7V$q*^lw@Xk+PKMVo*F`>8qk?M
zo(OZ-@-`R=xe^TYH~Ww}bt=k<;ulNaL59ofJPkj|Z_y$D-eK3Ky}7#UXpxm(mE#@)
zmWhY{a=VD|p-H3?qC_1E`^in#)P6Ow6ZE`*YC}FZFP7!wM;%$#eogW}2+m;k{+UYV
zq-Z$tvHtb{&&N}zi=@K-H%eDR8e3Mh)aZZS{B6l~{?vKyA6>>q2X10dsn(b~0-AW}
zOSMonzjC8dD&UK1rZeTesxa?2aH%4dWb>g)6@0}`i^(C^qA!%ul^gY>&C1caY$FhC
z;&%fig25kh?X+bhe39BtN=qt5r{+31nq}?j>g;&dVe>mY;^(S_TfIa*8T+6BGswRs
zMRr3Cyjs%4dU?=mTlZ+T+%#$41fCo_ET;%x7^i!P$$<|I6Fs{jps&Ly>pf_@#J-#W
ztrq``>^02Ez1rNHg!g#bxQW}D6{q8Hw3*onYJfANPII!uzTu23CnN$MYxN^4YANkr
zrp2{#KB3TEp`Bi~+;et^<a^Xbw!T*x9}y|b)?XgMol$pCRy7n?DPzSnr*I2l-Tu4B
zi}(0WU-j&@D2xG{Ni~${+d4-V5I5r74Em~Mi#cMellh)5zqwY<O0y>SmOo`R$q-{H
z#=SC0XW|rEl;`+Iqko9l_2--4DQMFv8s0zCLF<;Z;#4JhZJS*wzqjxR#Q*Z*afh))
z$*4QCTeIR+#hL8qKwFr<n+87JzC3s7Bc!bf5_S0wzh)n8xlWQvqlgV2kU(fCurp~Q
z#0e5*zJ5FKGhB6tbH6BjOvrZfm6!ZDsIiqsAif~O4jVk~kNA@oyYTt2bev^c!>FXM
zYp3-~s<RuB9Et>+>6}KDM9wJF{oG7Ea~G0gm#MO{X-K9<4;=GJJQj{|nV3k=5gqf%
zKc0(onc!nvkQ_7Ux@O)q^d$RMoCX(mg@GJFA6oDuc+=?7pF}75rX>Qr0!*?=MyJ0C
z%l!=0#AAQA&=GY;nCCqjIL+2<Pfl+~CS9H3geIDK_bXYzN$Qs!b@Z5n?(%!qG$MYH
z7az^G26OIyX}iO?)|eYU5%H!AGIqMHueANj{PLT%L+WNqxk830YwWqPQm6D&KF+Dn
zp-82>8MNFBYbg$?+Sz4IhGL<-4+Q5{EE#u|+QEDvGxM|ME>c^OFx)w{#Tb$GJ!&Ub
zb2FSU7Gmts$ki7+P4BP_FFzZ=A5&H|gyqb6I8<%6NW5)%N1Lf8TorguYUJlGd?|0^
zI9@xko@dL7wY~jD-3|NKu{f?_gyEhO3Ll6pr5I-P_9hfJ%zM8$IMy+XeV;Nv7PSz=
zDm0Ioku{RQGSsZ%;hLoCXx<gn5s~}H<5MW%-5vG)-HK~4y7&{lv}tVqO>1@+U&t5d
zGfhVCcb_u!WN(Bb1eyOWE~*6fpCY4cQ%vTnlw!P-Rnn|ADpkH26@}PGKenuBTm%pd
zplAr9Q8-|8d-AkR$kE$1r=yLSy;E}Mdg36gl-O4H?ebSfv40+Nf>gAB#st5tqG9lY
zzY~6|;LLgE+|K<yORRy17!7$K7KFwI<Kf^Xlsi%_);l_jjIfmXGRROPKoAVCdC5eD
zECJzsTeGq`NzfZJiV!#?p~rJ~@!nwwwx-C*yyTi<YO=Dqz7%kvCi-@Oa*NJQ`kqy^
z*6xCBORILCk8AlO_s<$8-&cp115(-lxq8U2GCh4{FtQ%v{i*wxHyVZO5ot!p-J@%>
z{ei~g+)!|jjt{TsVdWC|VSs2t+C!>wOJL8>NM6pC9(6~6>GpU{PN_6)`Mc#aMSv!+
zaOUfP{MQbHvHEp9!p6M9ajy^ipFv-%2H}nynT=Da_{7aco(-HF<rqz453!c79qPcS
zbXS(X3ip`9A~ugon8Y98>s>0=cPj^`R26%r7-as{cD^W}&zcs7PFu0;FK+<_GVQUq
z%vjW#|GEr+Z|dHXkR@dhxl77?n>en{5B+QFd_gXdX(RI#o9Vg3@<xCPj4ha%DY(g^
zJ^Ver`#Y;Z>9Be@RD}wnqHC@5hc~g#Yhr8Ib>(e*rqMb}HuSHze9K(v3zqlGTOQUV
z*4XuNnU90&s}?LLJHD`KXJ=L_*<p9~I)sNBZyg!biXE~YFzim&RPmQ<jS3!h+z&F@
zWT_{}YO@B$fLYX=|E>*h^=QTWP(I;EN=|F=qkjw~HxDCe>*B4Dc@1F<5lG2y%ZJ9X
zyynL&suMyx?o(`<cV$c7Om6IuTGX(pCa5Q+e(;RQ^*rX_RSS1^R*q+TAH1uvSSwl$
z80cHvkS>&uI*h@$(SB!Az!i4@);6sD5zb`qMlFtCJZh~?bEw_E{C9PcvVkh@zc9rh
z@UL87Bmr)dLWnK)*1FcxlfZD{D_#^6d3DVtK3CHTzK|j9)|sHAps*YE_X$5yc&&MO
zdVex;Sw2C-xd!#jipJL67&=LQ@=~H%^*qt&_m;z(8q!zoC7YWk-ftSc9Ubji|H2eI
zH=E$|p(UOJ^rbJYNtOVu^SH__3o%BwdNP{3#n|VV=1txfy{na^pF>x)eY1n<bZ|sl
zzRI{r*R+q59knn1Z12BxtHxO3yyQC(0tZBmuA9g=-t2x}E+4s8ny&9QdAoFY`Q}6)
z9MGD*Y2w!?Qh;`nW*s2lzhQ#C6vyy2K=#+J$qQ9{gTHb`TE*2uUuh+^iWSxMzP?gV
zI#BZYF}@cjsZ}<-0d#buOHE<Gs~{Ji4gYV51X+t875+hF<GuNTMVRj+?Dur#G;>;{
z>oH>vFGc@6;Z}zxhHGP^^g)L^(LpeSXFd}Brv-$4ce${kCQ`FIli-wZzjd8&V5pa`
zb+tFSj()RZ?AnAbE}&t4^;^TQn^#NXt#mg%ZezyHQMrFs@_~xDCJKu7S6i{SnQ!cP
z^pi_@;xnhwUN`rVy%z)NTmE6zPkznou2=?`Afvk4^HVfx0K`UXY9+fo6u!xCi-`q&
zxmWcc{uzK&oHj?Nbx0eox5XQHJZV6>axFO4`%BYm8>)996AlPb$&G(082C-M3rBSz
z>~ZZ_Ws{~%%?zp+CKOwL)6fX@^Q^O4vxbdDW>!kdTH|=BS71P&hRoK4Wn;sWs`{N1
zEmKbeRj;|1T(1fZ?Yo?1c)pY6JlPKlk>rY_y1$)huIJCv_2x>oX&`H{?t47^!UVV*
zh0}k=pyqRfj{7!Gy9Q`X_Fux?#Buv+=<QffR^s@T7O?gA6OBXPks`i{Ok8g-R#=js
zw1+2?V3W7Ak98HDL<JF5I+)tN@Y!mj2g01QQx75=6RZK&HVg!$A8Ek$ZcrvM&@Um-
z)uIwKtKqA5m9zqMD2NN(pJlcx-20fIxPnhPOc+EtJcj{b8ATVMaia4WpGDS)MA;3Q
zv0Q6|rDnma2NpOfw&DBc;W3s#?n-cnV0WNXWHaIgcy;e9kkDTMigrT<`cK^g+BrV!
z_EV%)+7@U*Ib5~M0g5E3gEhSy)*~JEBn64YlRU_}s6mZLhv@}CqL8~^6g{3g;3E!@
z2EGN<0Rx+K#B6o%H@L$LNKCuaLZI7Ey~9d6tV%lU7*7(=nDK5Hjda*TV7UC#bbB#t
z57+*0Gn1A9Gu2G9G685N_6h12Yt&yb(B(!4TsAvl7J2<M;=OhFd%N(vL#ZCY+Q^tP
zi-=Og0dxVnxE6->6{hQtnwSFjJdk~2JHVybq8I_wuK;C20^KgN#v47bgxK(XUOF&A
zObMDK2EXr&0(LwXS3p3?5nv}+oA$%A-Ml%5zlj5OE)V*FQuSWb)<D7*59ohhMDRCJ
znLm0{Ya;FJ!|j~IOGnKTZfYVjt-@6VdX3uRfM~Ac6s<q7Ab(p&%rrX90Cg{&=u#FW
zJ325g#UNBO@?So~djWf39DzUR0@LW1VoEViX83iB=$EZja1u!78a_Dn1fZk^wuhQs
zoH7p63op`*f9)N%1ZKCC1EV~lLMz;0DgN$2^YC+U>iqt5Nh8~AG!rZa*1ox(BZhy)
zoq8mPP?3WHm#-kt+U<0Xf<N+6vPRX;%$V_b)<rBhhW{1pcKr1f*u268R-F~<Nv(1S
zSLrS~39rHyD4~H+d8Kqe>WxssITyv0EVx^me71oh0?>{XJ!roeNYMcrNIHy93PN#5
zu)E+-O`=cr1L`p2S`PW3kZJ*FwKEWUsQ(o_IX-*NI$P9QfEUHCO#x1Cuj&DegC(jB
zd-SRtB1%8b={*6g*ALTy%phR#2#~`04d{sno3ya!sB_e85o$JDTnPa}{i#8Cm>%Wj
zxSMlexK~5O{xeoB!}nvg%|lM?aV|@7tZS*@Zy<L+1bX6+2F=3tpuhFw!Bwj=P=i|X
z6{NTabOQhvin>#a`n>X+gk=F;;4gYgq_+8~Pi@44bNFBWUf-G@0ZR_pb&YtCnD&0N
z6Mf;x7&Bm84fzT~dq0?*AG%<y2jvtSz8g&ku4S90XPeEMDnmsbpi3;!0Bfk-r|BSR
zVlb|_05tgy0Ed@aw;0)s34Dq>af+d}rh&X4|NNy?OA}IRhVRjZ?lF(<aYfy8EB-tS
z)ix2OpU2SasGp~fpE42ma$6sB>Nk2yY-2(sV5cLa7xW_vI3o&5Ct&Wd#<>iZWR9=S
zD@9QaPt0+FFF?SkVc_m1F+86FOy1FNcFhj3Zo#ppTNGn4Pw||aF|(ghh7wnwZ-9dE
zt?i4hT;UydqPlB(Pn7Q(BZY=5?%~fhq#z8;%Z+ku58>qQc|B+v3*|OPkJ-aT>qGk>
zH~|P<Bh`nt;0r?aP1K&9G?bGCsuxcp&N4v)S3zS2IiiuqM=P!viZg+NUc)no%`~#i
z%J`sKn3rHy0)f_-Jrb8?Kvqv^h)F}lU40m_wHul)k`udb)d9z&8{K08An-b_<<yUe
zWnsun$w-@Z6?Bt1YJ0f%ReiF3rWb5t9}Rrw+ME{Te=sX7B<`OY*L&jcLI2##<!Bpm
zS5b&#{hHis4h+n!=7;j~2tapOpf?k<=aRxIH<HP{e*o6q<s6_xTYR_$s~QxG1v<b2
zwFj`A>#IQ{Y?<RJox<;SaeEN2iQ(UI>uyLORQBO_q)v1qH7YHKw!nO4=HW~Yj$t7>
z>(~JjYsGrvoeW!Dq($od?_4f0E(n-74BVyy6)^W8j{3}^aW7+Vlse*p+*F{ogvAIY
z=7`b(aJt~6S@3Iaa1RX?xJ;OTMp`MReZ4l~t~Qx?XIF^@n(%2lci|<t;|d6cQ&556
zIB*V#N-xVkf#*7q_$x8X-{PLO*-w!7a}y*ibLe#g=$E_iBJ3>jr&?=?;ieX(!(?0s
z9oeD4IR#9C$5)VMaJV176WxQNaA#f@_#;0Qp#7y#4D{Xsis)B@a(`973Lyrw#H9m&
zTf_rl<{)6FxwelJ=H)ls%R4_z-4TR@0G<<_KIQPrHLbN0peJ=5=wL1gC7|O1Q}<DV
zseeNc^1F}rY;o!)(CZce9w)DQ5O#^cQy)uU016Du1pz|}DlI5YOivc6K|&Ngh`k>@
z@jiCI6w(T?5esETDT+_EVv5@O=Mc8Qh*dcIfSHtS6fi&>Na>%@4dU-MdY=e%IJ<Yh
zu^RyA@j+p9dQc^GLFkuRq01B;YZ#6-xl#<>ayJQFk(3#9$if08c%Hv=+#ZE8pt>G(
zn+3`NP%;BDwDo}D!m^aVPKd1Y2~wPl1unBF!LQUoS5JgJk6C6o9?R$+g8%`lXYlng
z4;$hDtmi*tJ~J~Vx-ntyxqF*F4``V>F`PS!YEBR0x4cRM57uP{dFtvS^W~vY$J}5R
zA)y|SlYRK-7{wKBfVFV|X5B3Sa-L~zV_j6a>Cx7)?DJ0)BnC-dEC<4}?SK=rz*Z12
zKpm)02@-dJo>?nF%SJ#zo3S^bQ_+apQedlQc`wye+roeKUPgU~Lv*likV7OeYN-_X
z-~|;~`rLDyO$C;6v@Q#I_OoDdH7F?yv~vV#MHSCL(b@06#0Tx^q#AxrI=n4_Jq7JX
z1ZVaF;uWC>wAR5Dn04!~)u7*Mm7tTg@cRL_T2_;12)>!cu6sL+o)Y>@;Ket?Hq}7N
z4BWbT!8xPMZcz7V&#}u8_)RwR@ScGlv}!~MTH&h(m1Kb;S)dIi#PD<>kf#ST2;@OJ
z{Pr1wU-9HD#s&nSg(Z~n0|@f2xW<HB-=OBEU+;%m0Xt*9udQ1NF4;y&;7-p%fgZZZ
zr?0@xO>S@pUw5EQ<Q+y_ivu6j_VrF(3Sg%e#~O1{tcP;=Sa=cdKTLU1(2*K7NdEt=
zw=B>>fVD-=J5XjuJaF5TzdPss7ht<9o%7LmQOvqSbjaOr#Ls=7dM`xpXpgZPWFJM+
z(?(s=bL$BW<2CFFy!%GHbC?0TO4K%|n+2A#Ko_i``~Yhchlm9fKg7>FryC*CKGo()
z0#3KE**KZW>b2y9D)N>C2|b~Hv%o^`cp#Yj|B456I^uY&p<j*zrs(5ZM4IHFu^gay
zTvB`gCE8Il`Ua~*dP6s82RD(DU3t&2U17JQvjYyPV>r8W_#G0xCva_+#QFms^Y9rt
z3pD20hm^nT0oV_jMbcUT4MD)_qRL`P$inisUM?Hpi0CjM-A?)v$xaK-PCCxcq+3Mu
zMq}`#V7CN+?_<2;3NJr2%^9<9j}1cQ@?RkzofGG@UCfZQlCVxjNL!$uG3wl3t>bai
z70**-cqBc<Q*R~6>A%>C+g~zUA546|e!La<D5}J5B*$IR(F@mDvjLIc_49?XT|RHj
zP&wQae>3HgvaptxYYY29ueUzbh&&NnA5%_Qj43_&$bA&?c7_P;WV-}o(uBj2*Z4~H
z=}(kc(f(8h)DDkt$?f>vHI2KuJztiQa-J86@h<ryof+!lt~hZjsvFCDd+PBYqq|s+
zs#kT$Uk%4J0mTs8F)dM3Bgb6mE}}Uco7m>q_X9Rx;02?UMUb>yYF?_&L`FGJ!iCrO
z)K_L~FB*$d`)$65eYSX<!U~z~k+$j0PdgvW-x!;`-BrES?UFX=&i^GPy=f_JWIThL
zfq!o)8o7}wG$PwQbmXbOX-6b;N2yr?DW3U~I_Q!4N@Gnq>db?}U8O4AH1a2_appy8
z?<?XuIw2Ell71UU$Uhf(H$q;isMk*_oF_A}P1e7w8--r`$exq5-2y%a)_;`H<3u5d
z$W0x1f_JH47bm^;=P?z&XqC4eoNc$(9|N<RZx?MC|K$cp^ttd5w15)6cwD1gyKu0S
z{)LU0Nzi=d{MQT=-Tm$1buL3CI!;Yk--BkgArmCA{u^z3U1s}}+*UO6tC%rgw8ZqN
z;#XPiU$Hp4!o)|`$6}#-4@ewsR5x1MS(lt>QWO@)X4tkXBO0MzHyX`)7l(w_Yr>;&
zG_`e^em9xBOZNH*d*2fmQ4zc`V@ry~23FTXu=pK1KJ)k)CgrtKui>z(ICYV0@%R~r
z;9InU&zl9}Vy#r3rjkAFllXU1(_zvGh_#kvo~t(Qh*Kmd!dpl;BboruBH!!m!{@<c
z($v8w0$hb-`XHD_IO+?szGY#GjADvVF~r$NV94u0pa(z)J1r-jmy4y?<+j{@w<^~m
z@uJ}(HJLpTgMPc1HFc1gk8sCg2<K1lY<`lbAash1zbs+T>Sa5Xl!W4`U0JcTRP-K$
z$jrD)&AUpG?6SR|FN4Gj)}#xH^ShJ4{!`-P=o89?(l?yy+!K&N%83C!#3U0fvMG)>
z$d0}s<0NrUgdRs?uxB83(1LJp?~*UkJv0H6K`<=-4RJepK~o>={T`aSr>Fmm2@0W!
z@gY9M1ue3YU+lgl6eX&uYzkp=IG|Y2rYK634>?It=b8v&L5N10R8cCM`h*qpE)nh}
z1CS^3Vaj)p#ITE2Ke2nWVP@R%iFFGKOFguSY&3tvoXi-hgUN|w08%X@ay6WL(rH0K
zu@fxA@N&<yGXW(P=?M2>EioqwdUfv+V4S|kWc78=ipt*?sH`bHHW9LlwWm&b-;4Ds
z@#0Eebvx$43t<f%P<tLloH=80Ry5BmfAJiic&XRL#S~-m2pAvr{fkEG8~lt|l*VVe
z_ICwK_<JjSmRRkZ5_6OjtcB7(bChbHojAyUZVHL6u883f(ffn;(AB&`X-*>F)Kdm6
z4$Y;KVk`@KdKqO1FO9qs?;C$p849;Wk$WQxx^_gcg6Zrh`4DN$30(_4L;xn@Tc}B3
zeu4>&{PpZ9K?XIGKkmK9jiY0XNlOlK5S@Ir-R_?Fm>WX+`h~w{Bz?plrIq4K*hNLV
z*!}rtlCt!3FR-tS#s5W1VUClY8!I4SN@D)aLD47=W_;v8e{@GtZLCynPD1d#D9nBT
zSxO%8{=ZH_6Dx)c|4!ln!o@!%NDI<?qev6w^}W_ncSNT*+Wm(}lcSEV;z$2{9lvXO
zI;7381y@0F_fOkDY`7C8X!nP=8tnJ>^$GMH6cYx@4toLAO!uow9QPJz_x3WpP0Gq^
zUzkd+c5i~Vt>qQ+A*f{+CBvc&UKfSap>Y~aHw4l~^gi7<RO(A%Mhoj1TjyG_-u3D1
zL<yK)-~}CiuroH*j1uB5bQNz6Uun(pN3rseEJB*vey^#R7^zVoo2O%<oR6`$(dvb$
zX8bPJct_Mvc|*;3kF_@@SyA}z-i8Gc30Se(+>6rmKpZ!}k}+uEv}OK5$T)c4nmTyt
zv%gnOS0b286$rpAr+MK|Cviqsa5F$LJ8?t3w<qMod~b>`h=>KWlPI&k_Cz>`($}gf
zGeqq<k~NW;OZAMkD+b1+mWydV6&aM8Dey`}?v3CmOP`A<kNuTJ*!!S6Ron_GEO<ug
z+)WwLNs^3bcHfwtDF?|^$6=vfAY^}?G2Uwj(Y25AD6Hw2%Db!(O)LrOP3Yq9X@{B!
z7$_&odkUK%>CDOhDKEV_BTWguxxG){Qv>b!0osLL>v`sI$syVoqD?j%3%<tA$)r{`
zv8Q$ZnV2}GEq)%;BMxTB3>w1Uml1C~YSSLN*W)kd-)p3>W}+#7y7FS;K~QS~!g;Vq
zn4rxu_jh7q=#3an=4mMOmHZP4vN`48bCL2#!J?3X@lD+K_g_+Ik!IvYa~<z&H=mq{
z-W`&|E<_f@?g?aUFc-{fU_1qL184&;k=#ZzWZabF#_yx^bPeP+tHz|NjZ77vhC}o4
z_VDYx5OD(tti)m>0d(mzidr&cGwWP~!qZ4ZUf(!ro}1?#y0Ua5=>*L(x+nQIP+=h`
zMdvPxi!O+`KmbB&R?|*UAku|q@Dk}{G(knDW1#Gk_jNDe&~`6>S{{LMrH5!q^F;8z
zTuFl!SBt}?RsRwRkV!95)B=#rC3Ce3A+T@6?P&6+h}2?J>CuU&)v!H2kr%m&&GCe>
zB5Y|Pi>1Yh=$_U|gqZIeUbZvQ`{M5X{govtR-cftDuy>fI6FITFsFzR^3q4}0`@Fk
zw%=*c1)cCAH_rI_xZ)Vt<8P^u&AJYTMNeQkLYuwZd{>0{fatyS60zj9SV0{dA=6;;
zVd`MH_ugLRi(D!RG)TL4=qfg0YA}Sz3OAUGy~WXqPSTmRh#_wB^w4WQsGZ;`H27Bn
zioc*~wXpa`(ev8%6Yg{+*_XZYiTnWP)OY^JuFUr{#nG!sKIIVC=V7fz?p0RdEHc~T
zM7v*5!!8z&#r)ZyO{4)7{e(A8vl;e5CSMzGf>UvS4@aB`dHNr9iw@01_3X!q5}NU$
z7yirMbnQ$<by2+(jMfeRMWd9t8wtLrzq>aly=RGB-6d8I@sB9pbx}lQTw)v(*HbIJ
z&(<t$17{}$@36u4hYK(%X#<jp{BAz>PN7oD5757H(%Jw{+iX=wI9Ix+O@OdjAqw54
zi=-0ay=a-XNqqzOvQ@co!1(K*r7nNqsywj4t!zehz|J)KbW?luK?tg-D)?Gh@98Ur
z(3Nhn7P6iV)old1ccF*rtv2c#gdAvNcjswZym&aw`Vs7b*!AwPEk)synybK3rC79X
z_uwkjJV-C3{Ee+<_gB{f*EF5xnUA?5)YCSY>fHsJ>T+9spxy}i*rGCqv1!dRyV780
zU3)c;d8DS=aSu}!svF?+YBNc$w2fbP%vz5CrrM34)c@su1J;$UL&3ei!@)s7W6}Mt
zz3qYWwA_{H4_Mh#gDi4JnJsO}hC1?6nGroeAsC~E`T1oU`<gM?nHs$i2u|%O@ikHu
zgEpD=-@)2)_(4+&#<8pfL6K1sdzy$9<+B`{x(z0dnJdRPBEKi{-W;s<qO!HLQd6R5
z1r2rWMe6t(oNoN=dkNgHT3se~wESg+zXBE<|G@P!Lk~o{bNs{a6F%sLsC=(NodEPg
zT))Fn_gOzsky&N;0{90M^l-h=#iDXksu>&2{gsywtp`7XIT5=&6n3R3OVWRuQN-s*
zk_oq{msKe7Y;9z228I*Qx>q#+5iZPqiCgUSq&F2V05LHG7Kkyq&y7UdWqi)izZ&Ad
zV%2Zb%g=KD;*@!R+%R3W<#v_mJPCJ8Fox@y)O{X<Q~n4!6#Fnm=0S~fFy{AirrN~V
zK-vwjEaV(R9a(itWjb&uq<6K6f4~}k|IgYOnH<H0p3O!{FyCMzb0zW|o|N!@Dq9=;
zj*=Hnk>2A`uHSXLI)xYC)A8agdiH5WyKj@g+;>>yHSrDvAlkkb(ToaGsm{<lVxH0i
zhO&qQ>4X|R>8bC*jCi_3Exo!l4f*A3;>Ou32WSg|e3nxJaXMC9WorPBtXBsVi85E6
zU&m+GI&o$g=nG5pP3dMjKjwzuM9U(p3A8y*Rp(|*L$Kv)nqyT$+uNwi*2s~~oQj{y
zp86u@lS@N3gq3sJ6U+14h-b#y8EpmLoXVzZQ?RF*s)!)!qyA@K-Sd8}uSCrQO1)bt
zr{QHNIXJ4`KK)>fA9j7C0aBmV8Cn~fk-p0i&h$EX1-oFNxpGWD{;t>TkN-W!O7}%U
zM<++wlev&FvTFZFhmpSS+Rdvn=?4sb<Z)!OGfGy~>Qu=XX{ML2o-vGe)S|DA1R-`&
zZDp|gY*2I@!JB_IhO~T^yarF*n0ik$m*K+f0u)7C`6YU*=NW}1k{|5E1hCh?7UD8p
z)Z+KwRbQ6fOG59z=yT18NQVfT9h|oO)um~TDqjnM2<HpG_-W_-XJ?f_HI4Y0hr)O-
z528NGUS;S{%t#|B%A{Lj;lWqfdeZ!I`qCo>!JJwlYnaAJdaP&b*52XPgjB^JbcUmr
z^~*n%<(td3dA=a7US5yB^!B)7tyaFe$s?`zE97MyoDX436L$n6>I<X<ZZTZ|X*kIb
z6(XQ+m0i6nPW~&KkBxe!K$x%<7JO$$r?ok*Jj6Oz80K?L8y_-vxKNLF#k&I$<gJY%
z(t0X(mD@_3JN)-jH2?DRmrom?q!R}Hk%B9sS9P35<@sY}=18upvRO?pd1Sl{JF|B|
zLx9RJuTB>^$Np&suUzKz#osd_7p!G#cNGQd>Xi|KE_pD$(a$z}c7$44qk!OE8u@o}
zTe=~*2YvY>MEVz8r#GBM_p%$a$PT+jCLeKl<0-Y~ajsDnDm&z&S<#Bfa%wPXgmsBs
zAG7eDd%+0s!xYn<qe;V{ld5bCp36^M{-#X2<XaUg|4=K)<(+zv!E3!vmDi{%70j!-
z?ZSJy@kQhIZ?Jpkl>5?8eaZP_#L~kX2PKbT2MnUzwsjVUj3YjyS{y$2Q{z)R+Rqv`
zZhkF%!*mfUjqY_aK@*Le^KnLca9XqcdHwWGx!(XGdH%EascXL9ox9jq-|n%ad_oo4
zT#gB=rU@9xE`4+q!=5(PdfDKlr9Ia;mjC0p5;v=Hu6N;PKjM=2mEf?$%->?Y6I7H*
zQ1zB9wy>8sQH=$M*;vYR1i1FGMz6CP=X^a_fi@tGInv7GYX9^{a8oCSQ#cP{(K0ey
z$8YREdCk`RNl$B6bQi!jPVyLv=f_n3s!Zyoi$3xn2)T}%e!#$|UY{@@SxTqpYybDN
z5wfuJlIo)srRCIYk~-kW8sUt~i1l|FByN%}tf9sC#VG3<&zq0$D;Prj+JjO5#a&Io
z+CED6a)6P5>hH6fA-#?sKB@dgr2n;=a=DbE6iChS;VAV?=HQ<x<<f^DdQX2;WV4wi
z5=pH}*wRcNR>r5o?}yiMuM4)Zld+I2KLl!4Wu^yM^{;wsf`09$*XccF?r-<ER63%R
z)sDLfs!-cPf!_?8-AVd8JNFlc=T%GHjSBSuq6c|`6)%2*Bby3%zW@B;`PIE;GB-pS
z#+xy-HfLaYddOL(%1X1kQ?Z6M_v8{exQxX#?`i%rTC0`I1jleZ|Do>Ztf`;vEBZFV
zuqdOAu5NK(<7LyYUK{V3Y*W&27-QYTb^Mm7bETXZo*nc$G3BFfB+=a;d)Zu)Ys?~A
z*6EgLwz1imwAu>1-w6M6Sr&M@M`p?OthWh8kiq3=8yJJ-)NqozH498t`6ETx<{0;E
z?3nK>uXC<=qRcAcHgsk71%xH`ryShg#VjqQ>PnY6Gp7c&;+c=CeifDb+cS#?mcGZn
zp1dX$>dzSc8E<6_5O^7qs7O1&<F?Me<ZB%N-xsgiJ7~d35vF_=T0-xwOM^zI2k-yF
ziMN!97dm4cvbn|2y0S3n9u@_@uZU~v<vRSAvyTyi_mRS>etOh-+pG4}KnlO=NLs11
z%{(pdEB=9bE~s>l!B_;8@pIQc^`b>L<>Jbn&8o@0EcKLTb?IhRt#sKd&BT!OTF$AK
zYKB9G>bNhmlN8z9>HS}<<cz{wV6C$0mO`On!<7rC_7RUVhSRDrZPBurYH7|xc>)E7
zxc~$kn50Jf=BZsr%jS1`*bkk93y^70o8U_Ll+MwsDeA1>RM15fo<xI>K=VB0<3)^*
z70_~OF=?a#pqh3KIzmjg%nw$xT@O!Y&5sS%oYry`$F|Sc2wL~jt8T|}desshPq1py
zyt1-pi(R2XHXFk#4RE2+kw>ycHoNa9CILLx%AE!C6a;9LaXJjFxQSXEH>RbVch~=0
zfT$te(^_&{=bhLG5^W+xSNNtmlm?i;O~~xoz1el`37gF9Aq~^CR7OVu(wC*d+bFOv
z>P~UY`jA{T4Pu~mG$-d(TT-b|JM_igyc%1+HUwAqw~5uKAaVk8%|}Iw)_wY*j(Tn_
zZ_Y2~yBX$d5WPX2BL;Q6)5cS!qPr*8BDmqNd7%)c+BI=>GcHw{XdU7+XH><e@uK>(
zUx~(oOv12}Au@zHcQ=?tS+qL8PpBfz=Qyp{z14N?+cW2H#?Gh7U3SdJ?qWKPw07u=
z^yn@Bz%iqdJFk;4ZSIvrWplb2cSKavQYwV`)eaimHf<{KO;sv|vqWo!v&3c=Z&yp_
zl&V)!2M0C%o!VLr^QDhp@gH%8HSoPaHfLwlSA4C`QQBhsNFz&q@l(A`n7pcMF^TZS
z`?w2gg-krcB}nk(xxK6t5aMhGtV3sVpTw07B3;K<K)T9Qel@6N^$hvk^HZ23Q|G}^
z051HGOS7_%#e^m?c#D@NbpVSkjj(dO&d);trb<zPpK~Yu60?&A&|h7sx8U_f=dS#9
z3)IJZf2t4?X0GGb_B%3d{IL93^OLD^ti#onBHQd-M&V<&tJ>jJT0Ndi?Zd=kd(kg1
zWxd5{+GpOV*oeBrJWXi2rOllXBWUjFJK0G)7QQduBZ?D5EGeFOV@652jKieR(PpHz
z2Jl7GetqeytViv@T>spNrRwn>3+TAdE^o2^Yn$-uf1{>SY!-~!=<>pAjzxMgy^CEU
zFRR04xgp(UGpQUjg~F;&KjtDGGNdH4(8&zqz)o!pMRWaG47I{yk+u!m<z%x;dh8uJ
zf_l|o8*abxyrHjL(U;?Luu%O$>}UNP(7)XqVC9-49UX!R=2{68^FMs2WV$%A3KzRM
z#aF0YDmi#~w;H?LNnSVIRL=fMoTy9y9ZwiNF0xoaODboOw;^BWZjyhc0RPVo_SRA-
zD1(>TAb%|fUj;=Hf6>4RAG#TJPv!j%4PN8!K52cYcUP4<xgBS7fl=7-pjQJ6#DK*s
zz+^iD#sx$K-acaf8Q@PjBOn1qFP~${=C(bfkL5&vyS#6UhQg73%|y2bZ9kQxmFd$p
zp?{61XbZ-6Z}V+CP|wgAINuPf1H+(6ohF$5z25=&{ny9#p9ELJKM9Vi*iC_G5Ai6S
z=1amzjDzNTz^-|L<9b(~pZL8;$aYQYsWIt<!TVGW7qkiF=~YDa_A^6iLvRv?#Icj*
zJ1C|Xd|VjIe$(rBVEDRti+Fz;+~vcd!ItxiF!R9gmT*N-4MwHxGxYeHMRXU4{1Hk1
z>+`#6$Y292)dgmpaw>y8=#%tB9y`Lg1_*@E)Y4Y22ppyVi^#mV3K#XAlSbw8Jgn0O
z*<add?GlC&`K|c)_vp$<S)XxI(!PW&yI^?TFVjT(*Q=$S%BiHDrkk;wny6Ta&57ug
z9dY7}@kg2stlQF1x%Vubjk=;$I{<$@mZKhP<;J(g@973bK8|laG*b@V;60tEH^1|`
zlgkXebs!G*$uVpHFqwM#*HJZ1lWA?Nb7s3Wt#VA=`IXl<2zD}Sa5*dOs|!8|0Qd<V
z^D-Ux;IT=BsDaNQ%|$Tfw24ve&OdW96Ibpk)Kir*93N7wt1Xo?O0a~nnGb7`CHdoH
z8u_rMllxD$QEH%x@SBlSZ%4I75|8Ue6Ps%(qx!mb_ffzjL_e%Lqid|3J>?wVK>?@U
z)3oMutQtr#S7up`60L#n?Q`-Ew$D|LmZUFD!{ol}g6?&(NE4lvT&(KD5ao7q<Cs2~
z%L@jO<G#s-m_2k(KqPPR?j<v;;ra<OSPg?_M1aW#t(tA2pZh%s)7YNncUeH@h0~mP
z_p@!|cZhU~k-p}H*%K~v_EAlEAcKu|*(3Jd$0w!gx*EqI>$7E=BS@$UtPN%5&ID71
z(O&yCPpx4`Fp!4somP*W)=y<d;ko?C4?|!U9oXQ#Wq)fTR!RE@lUHPWOvYos{-+R4
zUS>M>!DGX7fC+_tl;QmN^2SYQzmuaN0p|zd2RaOyYO0@hSjtmY9dLtvg6<-G%<Agz
zdNE&cu@!={Fg96*DSXftm7HpvV@tPdrz6j%QS1q&R}C6YrfwGY!5_>u-Q>0!)DVCE
zx*{CD==jBK>?tRW#TneG8f`ytfw)6hpT1iK_A>`+XDODp-Ezw2-aV`8?p;<oVpVEI
z_8&amQPoM{E#FHWJdwBO%(S^)Y1J|MCZT489h3O8vgw*tIvfUFWGA&`B)+(GpK+Zk
zbZxCw3n`7>t22Jl#3y!^$GyB@PqU#+NRJr$?f13%lYXE$dz$o}j@EATbAH81e3~r$
zGj51v9caTj+HQmLyDLrqt`&awf4vhJb8Kn(!KDnxFWDnZcR7{Q7(aB!ut(I9ne4D1
z0lLYu3`@>h*}w2I%~OBaV3r3m(5g3Ulu9hPB4|D^?O~dBmk!U%mOge<gp0BM!&h)x
ztb!-?>wJ2c=KtaYVmAsm+hqEp6KVFau@_B~I*4Jqr~LZE#v*>lHyyv0T%Bf7_;@62
z{9DO*0*uHaS1z9YOFwYj4xRl&q*>aA?Ob;1ASpmOy9c_vr`}Pdoe5wcMj2@_B!VA1
z)zz7zVP}V=LuAh60&pNzxN($CjG255lWYAGx9YZG{-Lri<ChTUbE_cLZedlcm%6?w
zu<_KAng&X^)|%KCeK=X8d`()CTp81RwX0{Jlj?SDWbr~$Ps386Q#Sug9cVM9j&BC6
z#=1PK2bA8En8>Y58OP4%B0H}W`QlZ;Ds6*lz*DPEz|#X&z*C$9=Ryi)pPsYx|GsW2
z9)30B1}WG{xd(5IRUArhsx_wKYdNwW*?g~^KD8+;rLZV94Y16-Z#M%W2_(8bg(51u
zbW9r(qmJ+KG$j*Y9YE5ex)R3dQb7o<9KMue`NCuM4zr#ba{o=os)}E_N~zH+UDG}t
zm*2WiKuTSo&m~f6Fexe>Q$!|xBY_(7#Dv~^Vobto?F|TtUR7$T$w;J|33%V;e5U=}
z_<xt@_hS-Qw~B$aNf)?ehkyqv&QAvd{L|B%HPdSWwweA!YPm88CFJ{H!=KZJwqQ+U
zpYGZfI~?^2KC1LYq`UB~dv1@-L7;$F;8%GMTdL&p3YN56Y-#?5qR5~i8%uX^zmn4V
z9C_M5i@+_9YCkg-zLhYtsrB>9a3)9EVqXJ1L)qdQf!Nhw72oiCnBW(#c&3L%Mr(4V
zIaj4%`)}H9KbnXB>t;t8{h_F4J1m&@o*$d<Wjk^H$Sz0qd*+o|?11-oU)!kK3MNNo
zrCN6p!X-b965CcHcBuux#DXuSIfr`VnIfwy-G?a3<ryn7G(jJQ;$O|7ysxyKo#1-G
zm=9Dol!}5SNk<>FhqC@jDkY<nP0IBSbW#4^HkPPBFqc5<U$9@VzfluDh=2}4M*`0y
z`LQSMtX$`y+JW$9hb!iiA5EdWaIFKEokOhDgY}J#S1Y|rJB3j@8yoH?8-uKYvY~HW
z{_#$vO=YvC%~46btpMkT%t};DNpL+xbWVRvclqbyoW|QN|E*h|{?e5(BjCfN1mG^B
zGgd#+`5!M=n$&t>Ot*aJ+IX*WRuoHC6m|X?MYQUO`s2GS9UO_}`@XZ~VTrf)^v>Ly
z^rOMUYq9LRlXuxn+aJUvo+u^SF2()XO8q{;{61aqh0GKO=8l^Bu;F#}QbM9ihUJ|J
zZh%Uc<EIuVl-z#)Xvtn$)p}t^cW+L^9ynpAuw$q2VjytTxb)lTF6=d{Z<6$^WGWI8
zgi^U=eCm><%^us0N!z5kGb;P(!wkD{heW*_h7|aHs`9(_l<I8fh!eipSNKgxA4x4S
zjU<(H9ND3dw5M+w+4Xr3dr*>Mg8O#Kt3#q1hI;`c^6De<nRk!Y#i=WQcD>0cn}>FH
z4(S)G<O!WedYez1qmT^eQl@_&;xt{@#Gi`vP>btK8GgRseoF>c`e6t5Js58HcHT~h
zf5WA}r;+e9O{7OnN+9MW+U|)@56MnVA7u?<un6@5^rQTQq(X%Hf`q@N{~_ab{_(1E
zhm1AGu}KmKVW=?C?+1sMGj_U%$F=;Ry&+awU*kfcJxu0^H=(~FyvJ@G_?}E}7sZDE
zCuI$pM7Q@&bxAQqHP4`hOLeL38%bg(f+OE%H>FsylbKW+e@2e}u}~&3Qw6f+?D~yD
zY(Fg(-2mRUBOjfYyT|!~CyjxCDpwWp`fb{5CkvaU)U8CC-hWT~{~j1#-t_JU{}$<1
z>>e3?M0?u23Dm7_AcFM?=_K}^Pf8{tKs>$Uq=6KQ?BFi~PQt+}iQ)(8GSLFZLXUpi
zsrcrM?{xu)Kgpd0>pt&ZquH(M!TiwDY?<!GBjYORV7M6n5VDTdYsM8?jL%6zkT~W;
z<;qtd+`dfj<YU3^+!WuGLU)(xKl?-djZxBtf!YfL_U3#KOkqAJ+0N=j4^CNF6G53O
zq%vvldvBY+&YeoN$ur(nDug&XaLou9p~CjLR1=!cOErm*ZW~2gdk^vN_79cWM-tEP
zS3EY@`Sc4k@;|U+4Ae=JMNek+++vY+CH;N*{tE3n;L}mlOM-P}0Eg!y6VcsJ=nM2B
zX)DN{<|r9b(%te2>y=6p&w#Y()anAyooje?SLQX{!^T#4$$^hdkQ}z%sSj-sN7D7=
z>~y8)q{AeS+o4~;L%Ir>X=?RyTf?W-HrTH+7){r4Qfl9OsAvBQ7IcLR6F02>*tGKg
zZ2tNat-JEF|H8>B1L+$&r?rcdc+x3?os9Dv0yjF(?M4^Bxx1N<OE2vV9@3X|%Hrg`
zV+^0d7@3&<TD75snewL1h4tRO-D?&;`(nz7(-Ef<^gGn>PKnXHpy$e^KxoyL7r8l@
zI)tg0elNS|63>8=k&Ik@WOq<tA6nb2F`6AaKwtC{A`*MUnDqG5Y$MG%^mnD-!HjIK
z9joJ~PX_hx;5zFdns6K1^86oQ`X!nEABlOP@lT=g?Rr!&Jka0sj^+JhBdp7EiJOO`
zFlS-APQ;IGzUj*!o<0u2UP~)znvPL@Og`FU-=ReNjt}V=WqB@9zcj+~FbZ~Y?0g>5
zDRc&7<-HyJ#ir8bg)56=rHMcM<dpJK&awF;>54J9oLvHMBiluzo1>Q>)Gpaz2$_~z
zZZ$d`Mu21Fy+aM`I&asZ28;9tNmgoQ|I&VTC9{ra$4;ue@QhsO&9OS-Gcokm5zrQc
zxH*3QFTgF*OLP|yaGYKTvg7j#D69iT8JgSAzOUUrp`y6N$ZJX^Bl(xM7|~a9Qqz!8
zBql|UEr>l~y1`z>uKsx=4cEB&!Y{@YUj>H5iGq216_PZK^m5|1)R@nI(SF}O)>1?N
zX(m^3-!V9RHGAe9ufjY?u=H*45>%dNAi;_{al+4+YrvO_Apv$`3*N&Nzy|12sFwYt
zJA30Dc=3U8At5snokSV?uXlXFTcW+6OKL7rzA$oC{YT;};Xn8txgA=+){&R!*ZStY
zPsj(P`9Z^K%p^*|E=qZkQ&m#9PYq*|lrM?j0PuE<0!@;9$YKXq!Fx<!_j6=gP7-r&
z8gGq7QEJU}W+PERcWtJL-8^n}>Q5y=UqW8>Pt_&MU8AsH?o)**;eQnFPCd_CSx+wD
zwQ-E68!Hw<OP~4$2{W~8w7V-o8yvrN*CE=lUm6=tB1_nAbRbvb=iBG?+h0HSG>3->
zeR6dYo)17ZSLyE5>0Dq|r+&+1TLGo=_<ir)du?A7uPnx_+PWP)|5n2n*7{5~_G!I$
zQ+KoXex^LjlaBM)*F!?Ekd^Hm62b3rDjL0-^U|4k1693z$DEH<!$<>&xP*a&PEm*q
zeAY;~cGH8YR%;?(!W41yiEAwjUxkiB*9Re7&n(a`#|8tfih0aex&R+k4h0wv^o2Yd
zWsI;kG#ZPNCa)*a?#>+>c%*)>*(I)E&Q1!mttbE7g4dmEYz%?QY${$=dn(`kNYb&u
zbT!J<`BQhBF3#i3jNZ>0Htz$-%t3^09(D|G<)5?KZu>xkCe8VXmU_)@v#mwd0DX<S
zHjk3Rf8uW0OI(1cf<VXmU@_giz21l8w|qo~#?l>f^nVgM*)h#~5t|NM2}i%!?gJva
znalh&oQD$zqEYl4=8V@SGLj}Sbc7U0N!Pv6#3?~qtr=ih+ImY>+c}_KyWD~9&#`8V
z=j%VnUpo1l)o0dmsMMCKSIv^rk5Wv1Ys~$e+S-HPbSI~KEpXW}4rPw?+74}o@PZz{
zfF{i-j9N2!IP%ZB|3=`u);Afnu-~VMtRJgbvhr{AsrgSi;($L-n(VDV{-sG}$dlW#
zr;}e93sEiQ6j<ZAClwAQY`?XrAjK7t-Ch?^{VG!PE96RZ<N0JGVgTi@&UnEfHT%N;
zUo`i%$MvCzk1(zR%E)W+;@8v--za+DwN)p=16xD$y!4x%&gnjCes&I{oOi#?k~v~0
zjPo&1crW-rdQDufTvb=&C??~M(9!C;`O~mV?EFPif<JC>eF7Z^Ht#v1p%(_gP&TX0
zRec(!)pWg7or`agzQ_r+`P1F_R>Y&$MCPnuwEEVGS*IQ;I#0DPjD`lX{_hu*BgxmU
zgm>z_2&PUb0aoO}Xg#@X#M|2{@u|hl`FD*ootO5<t}YSaQ>`P=Qx8_yY};$~FXdC6
z@6e;zYHuzU=yVrZM1t~zDtBL+3yP-k5@r4<nU!5ju%EA-v9%EhX0^u>28d-;H;RWG
z)x?F*P!y>O7n3v0YvI{ygW@ghZ^^RDA_TZcB0C2UAI6oU<-)O(*Fy4zs2;m;5PGhX
zTN_UvzFtENW9EtSGYXxXFM{dIz6`99@?2oO4Ex2uJ!gaSRtoa3UF4l+1o5s5k$L-b
zmg@e&ccFGH*pBI<^LK?f*7@4>4L7@GzKhMvEpdU`0M|bh);&(6OC)8)|5edOOhhlf
z4QywF4T?PfDHbw1xmNESfyQZ#t8ho&cl%27*vtW(r_F(7ZJvmqaaf8@p`RBv^H##w
z*hQox$0oH0zkKT9sE}|m$t7h~9{kyNGTD&w&0E<sOrl3MQGGOQ{?Bx`@Yh8HzIIW8
zA>;tS*d2cgODt+WJ618}(N9uPr7f;p-Tezat2&=h%Qh}xeQZe0rY6>fP%_`!yW<U!
z-x1)K%+H|A6!}!PHZ0>lmxA2Cd(%sYp`YiQwxe|t`~z5hdB@V1M(*d1C9P*WUAAYe
zkq_w%;WcM9G|s=o<u!#rIP`V&r&hX{4lH(k-M6O^6{mxUPASQ+ELhj<@*9m`#y@Ws
z1y4At=3Q{)m<U05djeHUFGy+c-6Kujx8kvnJoU_PpvpU6OHS&B44j4Da$RYUw+iVp
zV7{MP#eehms&HgqJUrJ_0UAD*A#6orSWD5Y(Uoy7n>TIO(9$IX9LOY3Sn03-uYEgy
z-(K@VjqiwNV=wzc({-A`?OgL}Yt&q{emJ6z*-DzXj&R7*3SAz}w&EWwx4T$e5>@{n
zGvwC%OT?K1`#T*3tEK<<h?W?V<wW_ZvtkqB#MF5?&<KF!UAFS#X)?)X8)}}ia)CQ9
zCS#i2W^vX0R&7<+Y@X)5JmUgRRMY#<a}$#2*>HoF4Y3b|F_YfSZ+AQfGiMq59v|`r
z&cuu58NE3QU2V?piy4qiL^l7)zXX-c#J)9A@rL7*LP6YHzu6y~Q<!=uMDK!vJzpv3
zeN;;wI4kzhYB&bv0eSx8p;%<o95_?3Gq)@f?5I+v#-5D7mrsKWWMKZ+p8BhY*$dNe
z@Xu5F^O=_^mjoHhCC?-qJ42e6X@gN=swN?xpSuvb9Pn8EKflFNiej$_EwKpM?9OE?
zI!%YX#7+=igl`mLELcsfrCr|T5#MSSZ48MiTYSbq@}ZwK{Tq43h@7&YNfX!99ZMLf
zTauKA&%`EYYe1^%O7RUB%&#wB`386Cu#vMX!)0vZSWhAfX2(+%LX4v47q!9M)46q`
zOh=d-$)lKXv8`&qA1uFTPCGRIgcXK%4otpnRX!kct_Z)LWKNt8HvOf1(80?uHO_|}
zc|u<r@bTB4PlW{UkE`b@P~bsu!2bbhK$gE}X-r|b*FP-N<8NQfR0mH(unvy-1R|#(
zRTK5*)~L8TC@A2fkD8{69#>rb?(MXd0>3HxHVA|$zX*5{ce^AIuRp5)C4R%z13nAJ
zfWskRDG0cwlMSBPY-RA7&Fz(LdZo)eWWiK5WGc4Jv+}4PY&adoi#f^=!aC5KU>a~A
zn2o<JKlpp~`@HYS!Pnr)K?%qH#+~__K;-RUD-FoeuN~ixr<CT`fidOssd&MC_M6s_
zlAWU8JqHTTo64Szq=Xf4iDDz^0*_Di<>;xrm$9oA?&z+%NG>J%-5sHPr>O#AEu?UY
zYMvKFNPOzFTH%6M8VkeQHBKM9*Eqgnzb^IZDc)p-5S&W<;1WLKdHut3cx4o`d0>dw
z+Oc5`G_Ii`gy4NOFx4(6@K6h|DQ3ZK#-1pR3-|iRZa@s_c%n2WD;#RlmM9I)iWL2c
zYs6HWEp>O0NAjKt7yXGVVBaHovtlrkp-Mk2j#auKRUmT9DR>=sWY_T*VXQ5k!nQ;W
zZ7E`kTCu-tZAr56OZj75ftS2O31&L{z<!u2aFXi~hxZEi!ixqSmWG&gShE^*_@fvh
zFt{iH9o&;u9WJo$FVR;3I=~|pJXdUmOGY~Gk-R%KC3Zfi#OZLz%aa;xOO%p!{!58<
z>}rzU7l_<=GAiL=N?cNvxEi7=q4oRaCaX$p<^8@hZ3*F0EW^oTs3vU$5Ih;EO_Snx
zC;fZyaCVZwW*2=lsXC5GD(9C4<E%*nF}Pbli9ha(h5-c_E<wX$)ae_KgDooiCkaFu
zT*wy2P1jEMqwMq;IQ<%a(|iKM?iNOfascOD+%Ki#m6`L6K(@?x60)%s3~NW?a@MGN
zt8mDeC|$-ragFPgQk+tnov^gE+LWAXce%kM{VhrZRw#vdVrd(8{)gw!Ge62jX4R5e
zt+KX)=jA@dpg(z;*`3GFoj4Z!iVqJf;CxA&e#e%lyvOJIoW3p(Ay2%sCrVG_Gg_kI
zFwJ#=E7x^UnS<`*nEPwYeKXxXGlrI|e2JFv%(8%4mQXES2UU4;(X>f1LgZG-YO`Jf
zjs0Mv^wcY*7^Ab46bHNCWvpbbvJ(!IF#KSa4d=GFXH*Bgi_%%wDP>47e%TevrY-vz
z>9mysF(mvjSie2XZzgkP;6AVtZr}YMs!uCx%y)PeD!&x_*APB4!Bvppx{l7bIS7$^
zB_Sfa&<_OjqW><UEO20k=Z^~78r2QSxJI?}QGu^fZHC`z?1<%Gr4js)Qu*!#xEVFU
zyGn>teJJ|n5e%f=RgYRO1UOxcJ$}Q0AtjSIeK`+s+<oz9{z`7n9R5n~y$J$Q`ai-;
z2XAn4^CZ0u)p$gy@lL2Td4!Fsgp;VZWN0I~39bU=w2l3~4yNRub>z9s3NW)A2g_`$
zI_2W@MYGgAT58v3Luz+inewT3&E(3TtVNf1>S0|6m633{?tPapS9ys3Dr^4MrU*pN
zdRHLIdxrWxT+!%6ueBBIg;1vGAFvdLF3J<UJ;Q;H;q3cBuqG#lF^C)-&!h(1peIX*
zC%9yX{B!~!Bxfoc3!u+w!kSiVjChfSF*cM0oKecrLe3D>hO~l@bL8*d)$63n15}~2
zRs~+^3X-@Ex=tA{mIT*DrHz2G!T5ifY21oaH<qWpgB>56pth@5qIEftM>&L}*@zm4
zLHBOqqI5<+_AYyI<afM<zmtG(^4>fR+PDXuR^K{45!me!FRDCj3=#Ot7^;&`G$*xn
zCk>dBhTKV%-QZ-wLrN3<<HPZRGRaOzqJLr-8x^Gn+dNu5;Y3~6cLkCtJ%EC6EB^f*
zwHb|NB1>U}4;vC(1^GP_{S(9SmvCyM-w|QVrM=ekejmL9ey?!9eYxKV)`Sl;zaI4h
z!k*$Ucv{8RdBdSw{0GMv5qbDK3vSmz!E#Z$z~+du)m{j0$xfeCz&`)ET>JcIDqrw3
zXFQCh)nU+RxC<U+aptl(xd$xcylNSz9=mn}TAUayPIZi<4l@3PIHPT9tIp&jE_u&*
zy;aXIz`LqpfR^C8o<Gn~0`6~L7)p%9Dl!ga@}uRQ<J6nZ_dz@y_^BkX<R_LHP88@f
zw&L6HWQ4C>{V7ZNORX9>K&c83P@<HWBT9$l>Te^XcE$QmB~`=el8T~qmK!}DuN(Oe
zwwF?tCY2XcgJ^PTQ933{yX6yTa6<I=*pTSE4k43j;vgw0Sd@Bf$gkj)Zi>=wk90&{
zHC}xgGj_vsZ(|mY#}OA)hH=!DG9I5e22R0o&8<ZO@h2Z{FFlqQo~5{O;UWwcoxZpN
zN|jEmttdb6I!v7;5P8v9fhZ#DO804}M#8D7aH{+xO64e!)X<d=zD=nT^H}X<b6lsC
zjknRm2bzc4;GyMM>{^tco=_^6A1m;t$Ud`x&Cwmd-?AMxwpq2q&+lRwhZbhVOx_MZ
z8^hbXq7+gpFB>E97K!0xwtC^<KFe^YiB-5J_b}X|?|HbETDZDn1fqOJ)Q22p*%J^P
z?v8hX^&Xt<{FGApD*W~9Q}i=V^Aj>rAaYeW^~y6m)lEBf{XK!m1Wv_0qg4KRj5>SF
z?(gzVN|mY)DdkD3$OT|K9ZKaE8c)JCqnv<~gWzOUYJ5X6d_K;X_3S35Uc<#WsoCLT
zAbF|$XKWCOm$KwRZ?XB}wxYjXSc0!0DIQLX(plOiO!Q?Yjl(x?DNE({C4z{U+FE@O
zzC4Bx=)3fbe`CP*Ew-|RY#eAKB)<a`4%6P&N!fDcPi@eK+f2eX+;E{lwp0f5L2$F*
z^Eah%$t6X(PUWxM(g02jW`p^XtiY260+E;f4eICn@%elVT;9qwO6itTVE-n>-Dmy2
zc%(-v@JP=@|MW=t@@Tc+c&7@^s?7KJr`MJ9_|XYf@U@=DKRrfH=LaWNF-%wud`mt0
zZ54IG%4eLf68#DDJyOTWL}>({v-<Pf=jW{0WL4DABQSb=Zl+{j6$Jk^Ng#5!x3G1O
zz%KERKgzOayRB8!853=q>ZP~T>4E_>(Z{AL?75D0h3>Z?%=8xW)lq8dX$;8YpB^V4
z;Rm;Kp6Q~T$q!y-dNA~%T#(SJgn0Y`#%;5Sk{B*Zy(7KSq`F?|%^1;NVJm)MtAr?Z
zX(6U=4H6~zGtTRGzkL{z=^P^ZKUa}G(hg_ZJx0BLf<WW}qk;O5yJhi4Fh-pxDpgf|
zqSYpC;z#4`%3MUgTZI^(Ha(*S67LTdQy*4v&Z$}!oQHZ|B}5!zpC#II=sB-HDq<;n
zK(*nRo~rK_Szkw8r$p(vvK+sE#No%$uRCcMpBVTFzn3v;>JgkcccvvovFJ8dovj_8
ze<KiQ+KZ8FT7U+o2FbNY3Hmf%yGR@xi2lUINp`O^Ib8Jjm?@?P*`OA?Z-w2tunRkp
z&$SV+G;F>zt$IUL%=fN9<OZYILaydbSj+GyFIMM3Jkk!i@+g+2&xWIv!%JCniVP=2
z*%ym|^Kh8wUXaTHi!;C}hgHBGwVngq@HGH_RNVlWFwy|Hy83?we5U~d{_u`K<W3_Q
z;7FGhV2hC|V5AcPzhZ!kDiNYwZ-#)Aaj@zBJ%<C1!tZvB8g)noZ1+6iu_XZb<OOYF
zCrBPTLT&#ws}ptkV3Iviniwwn6KBGOfU`Q;usc_s#mcs3J5V3la^4n*JZ=Ow_w0(8
z`y%Md=aqo#YkG(rH-g`iSFn$ERK^owavh#Z{)=pNi|BVmu_52SY|c0WfBz<`!a<d>
zc@vc}1K&7)IvnoX>_M((jQR>VVTGY5%TfQ1<f3f*3PkDI1aFA(f$4U+%WyT3X-x>u
z4cWcY$Z*kLq1PUPKn1s#Zi`a)oN%u+EhmyUg80;ZL7k-Tw+zi7VKJD+Sjx4a8Ortf
zc!9_-4`)r`X{=RKh#s!8UN`;lZmZ!qNi|=6W7dF?yE0w5qLi44Z}wAGDCO~k{f+@R
zW_Hic;yQkf-!mDNctG{Nq~>#N<(Dr(mg*6Pi=o9Z!^QA&#DBdQ4%S5lJ{u<x**%OY
z@L3}(1sV)fFNSiZut6<m7egty7|!7@lR3Qj(^u|gJ2_xsB?N4frvg@c9&pze0O+q~
zxEOj3RV)7YYX9+KXvo;o#|lIqG!!oeH@g@<fr}x9%_r5_&wl@O2Tyt)OS;m2HR<dc
z&m~;}ldf${`nw@&(uw~y>7VLg(!r4Q$|0C^K{-r%x_ZM}+4%X}^!y?4?E5#~uVywj
z-lD%4VrrlMA?n0erqYGA$w&Lxx{>XiJ{P}zGfLT~(!caPeWlNVeo|Ef{SSjx`fsZK
zNBYyXkv?RMK;%_}k^WRAr2iVKY!`ky$B~Agd2+k8q<gTWllH1fpO55851Ae!Ck(>T
z&Mcd{c%&4|(lcawDY@PtzF4<58;fBNc4!c;AYfAA{J^3Hgd|ES;T~y#)@g+<1|{Me
z5u(lwZ4XSc%b#(NZ#H^f49D7R_F_vq;gQ<!4^NcF?2i=v2{YjsPSCeM3*F;f_2t)o
z>t3r|42pDNv_NDD+5Q+`9z~j|Hj&R=&o_~=gY+gc)@5uW69<`^$jCvs62z71qRKM-
zMh!=gJ*@xV%H^(u-y#~7ut$~qMD^#|$lXPt%$~}IHZt=~RhGMz|6?1WwGjW}D1pfH
z-bDPh6%ZfSvn<DnxX{Im1RO)g`#XfBJ`|j3cS;h1Z}88RgqluVif{3Yl_DfQb@O8O
zOSO;iOB_P&x$q=}e>)!Hhp^lSGCBNP<q=-qt-`l?9=_mH?6i&WsRQ}))&C0LjKN<S
zDG)g@5aEY~Bm8#&{}X#xoQj`!a#z!met_RA8Z}{;nl$^xeM8dmnDoYQL(==+P?P>A
z{68kW{zXi>2_${|4NSTotFd|5V3Qk~8*AnpT4VJ+g9o`v1JqRdH`Xq;gr$ZV(j3De
zdxMhRNFC<%dBZ%+ag|etIdPn=AAUoB$_lZyd-y`O^v{`wAEj>X9<UHJY0h@yaHn1f
zGndB?U`wZcnNBG(1mC<=MxvEa4e%rd33&YPg^7U*>!GQpbA~Nt*$Pj8#JvS<?MS@8
zLwNjpTWTgveQ0;i*;N7`D>}Vwc&rfp5npd-)}r5$zJR@$b*9}c34%~%Q3>{*C71pF
z^%h?7L-1=(qaNp|6+a{5xr!GT09W}+hKfJZU(K|2rT<v*w`yR;w;V1I`D}lz_^zxw
z|3dAlJ}UiuPqn?j-ct=Jt-eR}trYMnP5B0|ZpZKV(I<E7&75;n8RYyfTjhLE?K#dj
zKLO77D;kDU*ZUcUQr}hluS2O=2J0Or5cy6&Hk1lPSq-Jm^;3sZIYB7K2W%)ct^y&-
zr*+k~yQCj~D8R2z3}v4ebBmh*xpO!)cc<^|YKZ+7$1eTibJ(Lk2JAfjc~OuH`Wmor
z{rh<_Ia5pxM(m`mnhJ=`Z%wJYgG8zQiEv99eq}vW!cc+8`F)uT-_)^^;Y43G>)G}A
zZ=wHU$5(O6*SKueQ4&8J=I)-(tGO<|z>9jaQ!V*h)#rF8&j;S?<qg#wY~&5C@L#JL
zZgyh8J#2_T<dQ1ilNYV{9`#YH`5%JSypUBhv_WN6ZFarlr^?(DHgdqZPIkTSPyu6}
z2VDFSJ}DUiqxu*C-z)!L0UI#Dw7~+A>-S-R(UySWDqz|{(=Xv;KKh8FVjmcEx+p#q
z<!Dbv>}?kGCp5_+O55|pMQMAYbRX9^r_7Yk_7<QiBuY2L)Reg-sk++wXmSP3YOeg3
zZsj|bR0Sv4%d6+5v+@^)(^T{i$k9GKFthi+mN1U({qIky^y&StPa|~b{jc>4O)<<l
zF?GjC;~E6NyTn$3c>S?ew+iI>wH9YXQRaw20+F}(VvFn4PH|oJ=a-wT>ZLBS2vle5
zh-%DK*AZp>P=)Za3}bmOfw*%2*Ub@Rmv(!kJz~IJdk9W~7EH&rM*bd$<uC9{gU+#+
zbt}C7lnr8P%1q+)buFY+nSd)vr-#V4UTWX;Dn3Po-o;<+a<5!(?3<3Tr`xmJ)J78W
z{6J~%2hfxs>d#Sv+_$Id7@m2}x1NMd;}Vx_?Pi2`A4AWCgJ{c!Jv9;)|7D;+<gPvO
zZWPLH+ACDy<D;Ix8^!k2??x4(jN|5)dzxB#OiyDgSE@e4*Bh<f;Q+ZX)0dg#@JP?{
zD|!9V&-`qOs7)<;zXvYZ+JZm4<sPw)_XY3#Ki0lHK8j*_ymvO61VY$w1i}#r5Cpjc
zL{V5JnBXk#atJ6Mc;oRNc)dhXiK59$#xW2)@c<D}gMvgv30DYb63!6rLoR{L5bh%h
zXa7E3)jc!2S-|(cKmWk&baz#CcXf4Db#-+d$cSHgVv$UOE}0zGQM6M!4mToTGktMr
z)iA*5DoM!~ZWdWh$>G6!BUCo%E!wa_Ps$z_Z`Y0uvxtuYZD7D;b@-Ij5LtONCRsV?
zQO2z_hFexVD~;h!%Ge+cP?8VFc+|9<!0^b&a3kpRgq>)Ihrw`vj>G+{4Z|bT^PRqS
zZ87-5U$PVo<4kio-YQwv5Az%IrNh{mdz8~w(W1}1LaD4q-nq<9D#BznvISETAeeJH
zbU<~C`^Xa4_R2?gqP-4)9TD*Qmg~p@F$L+hala|x<n(J4z{9mZV#C?qY1v=D7-|_$
z*(t>FbR1KU@;2LJ#~XVr8``ui_LKdH<FQ(@;@K0Ni{sIwee`iV(bS<Ro_EIv6VGoA
z<y4Q2vku~iL;VKv&7s^UP%K>4LO7>P*B`wM2kp-;vXhD?vKo6g`y)zLW0Mx)=*Gq@
zGPKgRie*@16g$zH!B9*ci{acS3()`dJC3eL8CB@?y@IynZZX1x#fF!XNmFZi)Xqg&
z43kIgyeW&x(mxn59=nKB@L?823^p;Qz@asG&@u%Rn(!&G41b|z_&v&K#?d$>*$+sv
zlDf{&Z5g|Fb7zFwGS-K9l++u{$>`=VCqo{y6Rm0p&dI$kgU!j&A-tbw{O07`5OYp=
zAJZJ#z9Ckb!qohAaMbErGQm!?f+1k3>)%|bG->$<c&hQDI6WV)hoHLgF&4aJ7Ic@;
zjg1AydHZ<yH|yrMRZ2po-W=Oc$M!G$*X{S)Oew3K86-@!@p%2?C<H!Oj;8STi6xe#
z(7cyYX~nEpVwgn5?Mcg5AaP>^aap=vO{unNpc$>QGtP{&xdGrTK4Mdmn)L|uWdkT|
zrU!VqOF%!5z%n|i55czEvF$7WwCzbf2EwyPPT^-&MJWpoh|#DFLUc(&VM3X#4A0VM
z5%WY#%NYnuAq#VP9p#7a(;46TpM@b+74fX3qCWdqo9^X1&$^bP{FbxJMszQB-6CY_
z!z_=S;`JS2az$3Xxv96~v07`7f@@k?D=X_gO1XA)AP;0X!<T|rxqzjznm)y<oh=zy
zLp#fbPbXz%WNvB<L`o#9=?gHV^y7g{O*>l==26bFuU_Ste!7xUZJ~#E^lA%}CvM8a
z=r@Rc^fxmCDQY0Z>HYMp5vMn25ya`uUBsbpYaz~aSL+>*fMj)B0BrW+`*$XQ2M~Zq
z0BF$C1h5_f<mQ<GCL(~gCV)Np0AO!E2k@W;z`u_&xuKxv&}TD(61nQAUx&<ov0W_)
zIwOMBa}5LvBKSxkc+G;~j&h)|V4ex!ga-g*m;hoBKobEV&jMfv0yz1r3E&q5(9Z<$
z!a@M>;zADKG@PNW*4-L3CKmEv#>Nh_@nvj$MKo>_XJU`g0l)+c_Ra`k^&A7hr9T0{
z<v%%q5f%XNA%KY%04E;6{+j@*5x^w@;9U!VxyJ!Oq-6kqK>+<s01smqMu;vfvjBLh
z0s!orYXbNe0<f6?9zqHp78G2y0Qjqd@kl#V+kUnYqR%+bzRbffdF)FLMAgLJY3Zf|
zk$n4$f#fwr^148B#e(FulK^0#h04_f0Kj7=fWkijzzT6i>h4x1fS6N^ruWbfI*ZYC
z^&EhF%mVT?1Q~9EoQoiT6(C=*fShw0034rV0_cVSihec#co2YB0Qk`Yz;lL++FT=y
z&EYnK(t4d^Bu_VOH+_FCLXwtm#ZLUhzTAnO*zt==!yGrzaGy!Thy_5yBMUeUGg=}0
zKXei97kbrk@i7ql2);O_+5^FeVHk{P1fx2A^AAv}{o8FPdhP+(f%$2EbPOSSS8&T%
zfaTpBSpS2RYAqPBJ_i99KRH($6QUmmS6(?&q%czU)mC_4NWcrN0dFURw@J1WeIvsA
z0^u!fM2J393LviY&58T-Fs0i24A`8*0F0kx+8A*ufyAARyA^Tw|4pfuz~H(526&$!
zyzY#+P$>Z3&$om(hrv5^zn$na5Z=28uc84V`m?qGcrV-%-lIn-)h07|gO32bX$Y^B
z_4j!U_Gh|4vxXwzvF7%tH?IbEGVxw*c`Ll3$0*gBFuYe$r<;g)bE64fi1mZF=$7z)
zXYfk;+lfB=7{Hr>@E&CxIxP_18@GfPQ%<S&7K2x}9N>L~@LEKJmZkq%KLBL6TY@am
zDAjIbAQxx=@@oXyzcF~}8Pvz>2XJe7i<@%mP@Ph3Yl@xdZXG~!XYsSqB6#pi5&&_=
z%^_;X8UHhg`;P-e?w5SC5g`?_AEZ$?hxA?rrP`egQd$K-%0WmcqtO-%)KvBQbplAO
zcXI@D&rquENVXGw<{3aR4iU_3z&n2fRha3R;CZcIj}UzxoaDv+3h!sQoIeB&;ruMt
za*N)Vy$9caf6I9P{UPK1_kMPgw7jyh5%Q!@IstO}U4%bxR#5l@{NUH!3-I4D;I}Z~
zM*{rOjg5#Sy(_{mfbeP8py2R{AN)xOznKBQV7P!kH;KWYYKaQk44eGts0e--s0eb^
zS6_v?L>y94GBYR@InAw9B>n|dd_GoC(aWHs9Z+$&kr7IwyAgg4OpoiO;PCtV!T%HC
zCmQf~4HNK-`ZD+pEa4tHDpS*8_*}Ju!@t_h3O`~$z~BC+fIoJa@RcBzrvb|bGd{ym
zo)yIQ0ruvb89}kl^27EGVtc{BR@>;!rF$8k-z<?3%@F?anRpHs9R8zz@XsLpFa!S2
z!t+yzSUv?T^~_KLJr7NQ4Txp?_d&7L_QP`N0ATt44S^+jsOUuxfUj82>W8C-+zIC-
zEjawbrdIf090d4D2K*xr3iw;^Veorfj>9ja4X_V}#}yqM{u_SqD-iynGyy;JL5yYt
z6t4mb+R!+>zOkcS|6F6sst0Pyzd&7mG!hhn1DZKKC_z`6SP2?>7~g+22s%GRboj7~
zQPa*mQPo2bz8yOp9~}N~e(?7q{4=Qn{-*}~4*-60v~ftO&q9lA)eKW5ZE`QDq<P;N
zD(QB}q3qc4GgnC;Zeps%&;1PmR>D-cGQJB+;B-F%TY;hL7-SH5Zm=NmP#;F%h(^Zo
znr=q|yCeKI!QnsT2Y&{_Km8x${Zj+}`v89v4glNS^qI#1{+{p60f@N=24LPaV*rjo
z4r9mB*}|fVF$aJm02@q=>w{@Q2~6=LFb7tNW1vCc*+KqdXislQ=8a-#oDkr-fyX|o
zce+lFQR-0>2YhcQZuOxUk5Z|PZ~^_NryBGpBmF6Y{tXuTM;$lq8q>L{-QLH{tZ@$1
zR)_=UTVzE-kS3MA%_hsS$rt9XhdQYKg1F;0-S8L|SlS%`Tg5NNwRMEGg@G;0(rO4|
ztJB!reO{1i;CaZ>;!VV34If-wyGDz6ON+6)poJxNPtU6DcVCaSICr<%q5<Nt#Jg3z
z!Bz9NC~!VtQ09i!z&pnRW#fK;VvUH3s)_e)ON(!?g(ZxLkNy5yH8AzFw0joYSt5D#
zA8WRVvb0FR7M2hYJ+)TQ+1hiL*=pt?X!Wv13@r*&d2<`xRF8Bp<96cRcA{Sa61M$-
zdgL!LrlP7Fu33Ll23bgnK~g?21rFzI|0c~XO^$-Wx}e&WAzVYq4zyU#M&HW3*uyN>
zqPy%wFGb5W7rQ}Ygn7ZY9x2p1;|5)sy-d1JfK9gGw*a9L+==Z`&a)Bfcs#(T@IdrU
zhCR)pHM`3=veBPIqis2o{CZP1@)q449N3_<KjA>Xx9&h4C-fVO|DzZBKfW?#Rn|<9
zRmx0}I;Wv2tH$6n{L$ZntZnpFP+42u&?;+J?*mzTc#M#>z5!x0NWB9d(#K`O7)YN?
z2+`iT!-Dyy=kDn5(bGZ0i2V|}<r+UFC{>^OQMC@05|2UEX}6$ie<GvmV2p8&?N5Rp
zdJqKuBZ#g3l%UtGd;4Mg05`<_qXoA2-QueCtAOo(bXzSCuK(nV8UM`Bkp$O5*4S%Y
zq?m6vJP@-`%uO&BqMtrBqulDPfw=QG%(h({`Ze++2#+Q7m&&aMG(=k^+Ji2X#}X}K
zZZ9m9MdrL)&=l)sSFJWQ#P%GNjJ3{JzP?eaA%d%VnmB$$(Qk=H;3BxpW-L#>SoI<)
zD9O1NaI<iK`_M8?7LseOZ82dFpmGrXm8l%`PJ{(l_PMd(8h;N9F6MjA_R;)lXjw_g
z(MMrNo-)t*g?Jp}w<ef0*?tt(LAx)3Gsk`&bRBfBZ{^Hy@s;T0e+kYk@6R=%d|VBs
z-5Gz*u<%id-sfz9>*_*1OmHIv7u@*fk}J)jJ>Sz#k_wmv(_h~RlRE*2e=85V3UoQB
z-dqq|KfpU5S18q9=*|b{%X&BVsd2WB2npB+-mQ1TeIU)D75A_c$WE?*yak9GkHkIE
zkPva%tj570%5OM#o^hE{S@GtILqN7Lh90qQij32BXAK_KK1tx6I%offhh!I}K<?GN
z0>}?hemhQ}va0_n8O+OBS>KJBBi{G|80P*@gNm{jqj*k>962LBhd6y@DAA){G!i`|
z3u!i^8{?KIEX-QM7*!7e=RbtZ;FNTV5*e*>WOYOo=5esw<P1WSmcm|FOIFi!w2s~3
zm@~(toY%kG2ZQ=6c3?siGjN$t45W-dnNa9aN96$jjJi&#E?qK@Xf4aTq?@_C)7Qfy
zJ7RLV-oM(~3gpX|mKJqOp@rp^K+S2>M_&u%0`0r5e71TxZ!qP0-RqQUZ;E=i-LT$@
z!`AJe&8L<mT17Z-#!&g<G<oC{A*f~?5|_uVp+nlNuA<8rTeJ#A_vbg1Mup<E+6!+8
z=mQQ}*E<{Fist^mwU4`qlg_$<q3D5H6QfwKI!LMZuxRvfUBBEfK~|4ALf4nT8H#9l
zS6#~x1(BxE3y(TxivA($3VlZje&5r}PPCJq@h*J?x@TG&rAt}q=FWDaH^YWuM$z}I
zXaOtIvFOBeqUb|b^c5?D3+r!owhL2F_7$exFRQNHNkQfL$B|Zfe%l&+|Ji`sILUbb
zxwHLN+EgV|0lMy_RIBP_7ixvT-#$40)_(XWApQ%_3jAO875G2wbW8lB8UA@YSpO0K
z7uNny42nO$jupSg`)}ZHY~T;QHU6ng+33pfS9P=tOV;RraQp-P@PAf>{eQ;j|Gh^4
zJKhriVTOO+cGiEy|B1E#*+KCiiLm0oi1<?t{EZF#p|{500Q%4HS9P!pD;xWTkFmxF
zr(v2O4Yw7e|LbYP|8<YQTXb9pJJIC`LbM!2GtJV?6(0vhF~kqW3Ph1@py+mwk^iK_
zExY*}V>5XhrCJo?A1}IT!*05Q(-7fD!#Sj(mO;ZDmwz`uzuivsKWY=A&A#0(d<UYN
zd(@yP3Tj(XT!%Na9X~!LP`F*9o4szoWj7V3CqKQFQtfucKf{9m(ct)p`Qd*DUz5Mh
zz+ciw;LmS=OZ>f=+H<IkQf+p7yYOfL+z@;ob;n0RX{hT*!yKex#*>1Els*>saYB1L
z(erB&qNN~?uPuFiBRKrkwXE<{HURv72K=MFMIX1dyJa8SF;=>^g;H%zJG=0v2>g{w
z@IwSY{Bsfi$|nT=Q3n2Dx5l5$<~W_<PeJ^jS^FOx|Cw+r{)U^d{|5e}cN_h`?UwjQ
zFo|)kl=c5MyU=fq{$~Zn|DhlLG{nDhq|tu^|FB!*-vs?<_)`%7IKg9g;M19}2dAN*
z9}VNT0uA>VG#t9i-ygiLt)1w{dFn{&R<7#XmSKV!_>o({v(2y{<Ca@WzFA=@d1a;L
zN8?qNAK|MlKU%J}{BRaoek`>9m|0@M^X@v!j}aRzKRRu+{P>lv#`3nN9$UGTQvJEZ
zlxkZnUso)nRR5KIU1ItAaRH@zHT(L5<?D<>O7$22rc|3``8s9=rTTpK^)1WSIx8vF
zud=VtTE1RjUxyu`RP$QCe!7ZMeH#0Er{(L3)s*U|*w<E;uUpqps`oldsTN`R`ubW*
z^$*zBi}B{y;l-5d*VxwsmapwfDAn&jMyYnKja|4U1Rr<#Fenc-47KvmK9tp$9~C?_
z^-jUZAGZn0$H>7SGby=bBc<9P3q5Q;^%0DoyDVSb>zS&~zCMgp=31!C@&%<b(_y8u
z4DJ1429;HJ2r7@Yz6q5F8I{qD%Gqs9dgM|{b%-J<YHb(BrJ$!eGpIRP+mD_X!J+6_
z{fMCFg*${T`OppML2sEbT;8|x`YXkj^>N)=Qhc0Jtu+!kL5PUY@lnS?nZX@~Ayz{F
zgHJg&GYBn6v}{8^x3Ux69YToqQEPK}N{T4e37o<^B%|TCo$N%L#~Q>{P^vv*Y0z^6
zrTQrL^*+njWH!pn*w?39*@fN3MtOj&x<1JWI?5;P0Y-Z)PW)pd1R2+Rih({EXXkc$
zfC+?_yxw9xrP};fCP6POp;TXc65izCgZ=dq0N>mI|7S-#(Msa%L?3vHnU=iX?S-fx
zKP>7^Wc9vh_4=NsRC}P6omi-TfelE`X~?IqPsN=w-)Q?FYdeayoqq<3rW!?evZ4X3
zXgL;rU=%fHMO|6Z9xQsnD6+AlhO8(R^QU=?qGKKGM7z||PV|XblwcICXGQy2(VVlC
zYFTmSNPW4GQhoF}O10N5U!TdRRNukAK5qHic@d?0-}97e{ViYbV`Kd@``XR&wJsCe
z4KGlU3h746c0&U~^e0Lv)y}mvTl-k+M=wyS?X!Fx!-W1%w}x4-At8Eg26LLF^%2(k
zB!ih{`RZCuseboG)_=>_c(!HCy2xg=^2Yl+Mg{28iz(H5T3Ua@S|4XHTUfrn%Qlgo
zm6U4Xmal_h6JcM^wJ^W7V%tS{73;s{>k0Pt^(rHYUN9#bo(aRbZ#bjtTTA=iOgR6^
zpnhoix`t73<PxRYtCp`1uuUlSGNsz1mamU7Za;O|Ixfao%wS`|tV^xErNv*2zeZi5
zRIA^@Z{c)d`&pf<ls=zRxPa1>0!m+AOlhm7ls>(X(tgV+ZL^ZnoMn_&tfq9)B1&to
zrgYAql<vx>wD$^1*Z)E3=p~dMUqESg0i_|UD4ovC%R)*^3MpM)Na^tPl-{?VQqOuy
z?_N)-nZNE;Gk;x{mXeP7>%MOuB!68N<gbgf<gd%pGFR9v`Ri_LA@bL~iuvot#S*gk
zZ1DVbkMxK9b%nRXP0Z0Lc2e*etA5@_h*oE!U;eruS-}O&UpEOG^iHu8?P#`{zixJ{
znZIrVtAFk$`Rm3S`RjUVw>9UUra_J2mSGkoaf=dPhcp)X>tyXpGjW@su_b@qccSW~
z#y7}cmlcq|?&5>N-(1M!Y3!zc7$l8dW@G68v9@-iecT*UlwanzH+MD;yuJBmbG&u}
zEo;SCuWycT4$12VYn?@JzHKa$*NxC(#K*2NB6;0Ynq7Q+DaMk#?kDjzH|AE!>p~v9
zLGrraeL<7gEsTM_UXHgDZF)1jR@SyjV7j_bn(-ukQ(vW&LRX(`;+M4Uvt}Y`U2W%t
z9gyul^2NS>*(D-h9O8FN(vrZp)JWiKCbKIEkh31;oUEoy5s9<sGD@7j4fP1oOY0Gm
zq&^WYtBy_+z;o|=M_jL*(iCpEHlM)LV`IC_NPY*zx7X==8E#-EZW(MR`b%Jl$1WR;
zPkv?;+GNEJc{Y>-vXAoisok}woANm+?he!EQQKw>W<wkjFJ}}|w-OScR)>wu+f9wH
z999(E_NA#^wdMjy%N`<O$9)E7Dl7K12)5$xYzp6!)F)!(Y}qEO(XkLeR69u>*gWHs
z&6&9)f{=_$lGAq?{58=I)|X;TFLMdhVAtz!iy<j(g87$xa8J;qF2f;tIWS>M&LBJS
zsAHyh6kemXH6v5~CY*M6Kt?97a>{%$p(sXHvw>-Dkj2B9c@&cYyxH1LwAd!df&*&Y
zl6E%X*V7-ooxdVtth1OVOmRDJ&HvxTZsu#x_gCVqS+7e)iguXQlmx1ea}tuGz8fd2
ziHqQ}RVdC|s9PNvE-U9`C9POi(jfh9n*8it+5?UGFl_F|#aI7u`Ps1{TKC50t+>pB
z1VZpW^<GiGYj=1{#iKlh`IwY-vf|B`m83XXjdcyI$pr~9CQqu7&EN)`&7JXX6me!g
z9!7{3+DP1UEXMbLFlE|VujS6{5wD$S<&7CjJ`v^a{X~p2GcJsfWF<WdGIGm`w@_Al
zYaa+QuQlSc>;H7ZELN_*6RtfXDjsdbS=c|j!8?ud5k8M{-J=}VUXI2Wqt-WK>u*(*
zSGnd<4lzQ~GQG;RWHmiY|2!1d;9cHZt--$<i8s@_iZvMG4Ymd=8`W5Yva(xNM&=ny
zak79lv#VH&`JS4SFsD)AQvAf@zZ6f^;!CkUh?3~HJ$9lWgecd@=RE-#qcTLsr~&YY
z&7-DGar(ZAFf&Gp<>|}D#8K<tMG&&;i1F|gJ-*k_OB)8Htk=ST5q9g3M({*03!-`F
z;u`T>iH-*F%$V!(H~39yAy9W<a>=Xsu9mENr#LhBh+Jo~;+-O-!|M+~7ENnv1=^6K
zS>2pK{)!Nf@@kAbBh04k_9)|uV`O#s6rLHRI1Ypa+(Y-h2(M#|-W5|rI84TjH%uwi
z2=b2aSCR4N4{T?ou&8LrWrWsV$Ov)!`2s6aM^3Q_i9-#!ORF?MP?Q9S3jJw}?#~?%
zoFP-YYePlPTXhzk`1XKcoH)8+O-_Wjaq0;OLp$>)6CJ$<SQc)_0d}HwX($eVm%)8j
z_1ze^`bM0b9lfxnooGuMa2O3CwZ)ng_4)QG>bsp}HTHzt$OF|)B!RjX0o(M+Uj9j-
zzIw|}^wqd`xZt@q7res&dq?Ajz=fUJcVCIIot}^38i|_3c;g|69r9*5GkwvPE#p9a
zPTwMkLtD*Q#Nky^<6{`#yWzgPS4mwBmuhWZW%O!H1EKcy<B0-HPtd=)ooFZOGyN<x
zw=E>Ge?>wyZA(kYp_OG(VK&$2yiwdn@P@$&JL|&+0`I&+Dk#ZDh+d6vZFhjj#auo9
zBZlBfFnAnI-}Bcf2FDmdDp@=c#vqw(plMT_nc;jGj<8|aRS%yR!F*wmE$9ebR}S$g
zPsiXec$Cx?F+9=6=oN7ubyQZ3v;Yin435R!&Fn-wSP$37p%x-7K(1wRY^uixpmCeP
z#j&$qjm5FLo}KtF3q1*6R{HvF$T#!*+cope<kZLf&rR(_8(I$(=hyg*^ob43H*=4m
zr$H>{oB8c7%s0bZp{3KO1|7yD1wvKKskxyiEnVA|ao7$y+jY1(m@%on;Aw1G*{Tko
zu0_93DLAU&tXmzG!&FO;q6cV~FNYDLzaB>T`;8uDRH3Xo^2Y&3w0cc&#CXiKlq+5*
z8`#cdg%lrk`a&VBr0pyH?L@a>h{@3Yb^<{jCcDJ-XA+gM7iSf_HrHuk6}3SCs|az*
z^Ddd}lCfU$D5<++g0PJ<vk9vFVNL7=;IrwW&4aPbH%>l9_q7USnOV*nEHl{&nPP4v
zOsQTs6h`5Z6rQ`<SlhiFZBtm+-)d_J3x_tpuDGt<mLXrs_mkISWHoJyUuqLWzl6jw
z*$+q_<vB>Nk#D5e5D9@Z)`!T-=P$ww-^qJ|kI%WbnE$Y`ooLy0aeVH(?FL)U*t&d(
z{&kx<L>@&?i(sSlZe1o=baS90*g(CAUtz2S69>~r_0!;vjc%XJm|%;n49|njQ;lo^
zUu?3k5cURVvYlx4>q35+f4`0QK3+C5pyW7x_cjKp{V=>JR^rTD)C|RS#uZyyEm?K!
zxDQjUIF{YV`HgWe%JPry6S90lV+=>xoBd9x)*zBk&&I|9vK;pNU0!9}YBmQsT=8Gc
zCPr3==em_)8w`2Rq<uH82!wc*(feY=V`8jH-(b>T#zZJ`BRkPf)dA_>0;T`IxU4x=
zQ~GbI!>8%qRyCym?mB+bKh2>P)d>_je$FR8S4?c^9!M4#?dumfMep?Uo1)SE>_mH|
z4op!#TqbiJ8f~4TzoYRTx3PR!eN9n@z!Z7Z#2)=HM@?eWel-L~c@kSaQyLk9BUDR`
zun3N_MqF?V2f^_SpCU-Q#Cid%(W5-a7Z2v9nPSOJgY)B2M(;7^hm{1KpIXgeesUYy
zi8e3-mrqs;J|q6}rFR6Mm5P>u@+CO}<%?xj5+eS|tmup3)sDz-{$uFLXZoTZ#h5Ow
zpRBqL^hG`SKyA>IE4s*P<YQ+2LS8?uzO1@_=XHO_x)2G5D!Hs=zld3fCcsTGSJc17
zghDxN(7xFbAoNDRArcWr1z6b~`m)J85ot;9w6K<C^6J#(xrI13oWr+GJz=F#-i7?X
zX@)0f<_EY-hc#gGzZOo=;Ko7ae=R;gGn$$6BdZ`k)12`B9jk#KOd;oFt181Ru{v@r
z`$14s9DI?r-O3KH?_^p`MMrqZX1!b4p>>Br+06{mXf#CY;=?prj3}v;)sgwB4S|d5
zdXy@+vPruV4hdP9!lb6<rZ$9Je0345wm+OdeUo0ywD5YsX%VbsH81gh<>uG$n(6z#
z4zH0QW<q$)M~VLvUL&R7Q{ntAWXKzsXF!z0Yvc_~gsLgi<&4#1t#2Buu^nILd9$RK
zdETsAFY~-v2gewBvrf7!ro=&)ooIiDfh=kcSKeI1Ulgo6CRbKQmO6c3HUfDRk}BTK
zz&A&DPPVHI=ybT%6|1=H#I5Z2IFrvXo=nQ1HrbiHi(y8WhZbtQ{GB-hcME10%F2j1
ziwe-%C6wi#n_}j;_rkQfp&b2TK);d=3*?NGRUf4M!hC(nN;Q*5#(o2eKvMP~)C7!m
z0a><^vIm858Rw@sFkx1Tz1tkhm4pFG^5vMCLJn2$&rr}UciM?ID%1|?=0K7+6T&V~
zS$F_?v)3>gE;I`id)`ogvFA~j@kCucLT@Df^p#gBO<L+`0h{0z5rR5J$7dlkomg-c
z9}d&k!TpHLCiwN5%?L5|F`{lPU}3yb;T9@5U$go`1la~bUjF|9@_D-@fmhcMGuN8$
zTMgR)Y>qBz>76YI;gPc3r7R%k_+tuiEJGeTeTkj5t{9oLG#UFq_zj349r!2qhyMO~
zO10IJo$xm*Cbr<S@?R2X(2$Z)iJgR(@sgGfL^^GLbkhHRpi>fP#ek%xBM_YQe+8FN
z$(FEw2SnCSr^tZM{Lgb^(1Q9RJfggX+2-HcEcwTxB<}b0;ps%7)Avj{TX>_gic&J)
zXkpM|cI|%{Cye684knc8>mas(VG!MXqs0w*=6}Ia@$Z`8wbuxDIxqqBQ1kz92!*^!
zb;!!jibN*h+{%7Pmc}*&5Qc8$qBhrNho?Q2-EgNTZHlZe10ko5$z?m<ow(z5lNF|Z
zmvcB?<%C<=C@bf+F*expvSekyN722?Q31xcH(4E(nc5Auybi3ntQ=s-A<^z8);7V~
z_N-Sqg-B^?d)RqfBTnjteV;WT0S&H0XMB}N)yC9NIU^K$e7T~otXz?mDs3Zy;2$n_
z^~I-|WbGCQ9MqC6j<SjlNlW|Shd2ozlf72as3>K6EAh*tj4Di8D#!5^A4EJbWBAF_
zY}8OuR1<yAnfIYO61Wew@+mX_)@aPXHJWdRW1HeL>=`zjSGfjpULN%iV16~W_H*W4
z#)DL1px!h=oq*@I94Ey~V4vY5S#00)Dpk7e80&D?R?xqW#x<~8NkE-mwvuqag@lnv
z!i6Ud5_BZtxFF#j(Hlm>MSW3)71V}jO;Gg_)NB*fL<BWSfGV~Q%tigR6Jn_w39^n{
zlZ*se6HZd$Y)UB8XW+@-@6VVBzrPL$dzlEQ!n<9LY2r1p6Xx)N;A?jw;3C+VW;efa
zo956Sxh}ymoBrbwA+)B~0|A=(a!V#TExNMxxbzmnv&^HM_bR7S5>D#BfYUY!DSG)h
zCPGwGvOMZjR+0!OsTQQYUU^Ld0SE7Yu~B0~c0XLtoy)i0SCGo7ZG%%;Q_AZacr*ZW
z446YtG!-9SjpC1&hSnhEP9P;M3x;^H9|>cSgb{)SzjtASQ7}J>5U+CDkBGmU2qIn-
zL_q3fe=2^v%BUEV#g^PtC#*!=jzomD!uxTzB4JEez}50GO>Tb2`A&wJ_5HwEgG2E4
zT;^@SAz=3Z_Zuv?&vdmuzLyMQ!ZqaapaFEdV<3QzaX}H@)rm_G0bi>k?Z$(u=MoCF
zIhQ1owDbsy$=hLl1qcwm03Q2{eH_-7>#xUxMjVcfu|^y|cL>nV?k3QBBK?Ds69Mg@
zmVmaN1+9L6B^$V9m?b#2>yzdhUv?SR_^`*!e2dRxzD4mmSgjaijmxTcir5>@U~<gI
zumjD5ci{CH@yImmz<x-~;n2E@4ybiRtm)g;jP!TSV+{SnivWK;grU2ZJ{lB$dvj7U
zAuWkRHGp?9fX4#xyAU{AG5YNYd@aOxyPgaVe1Bte^zmR)hFgn{b_R}h5&oBBf3K2+
z)t|I93@3tds$PhK5%u{et4$%CaL~}y-m*;G|EA068R3j!HLr5btrYnQ;*O1PDTqs}
z*#fWjDyQAb8olG+NEl}ubG3KEmG@Yye<1a0N@cyV)8d`fhE<tE@%&K>8takP|6o6*
zh50*lw2Dd-(RDvW&zgKu(cQ1jLQ9)#<<>UQt<0tU-xKE&`9<>m(8(5b6Hgj!(bHt3
z|B@lNYKuayER@+z+mY~|0$Aw{R2z%ZmZzV*NU2x3>QNJiKW6G_8I>S8nm%kuj?>S8
z<TxYVD%;r5qS=(|6Ey*5|Dz_DJ_u&(Lk5^B2<9sRra`ntt0~uy>uhK^j~m<i*l2No
z_~zSs#YNoK4Mxv?CsgZyk?-$4G(%3B4F4~_y|v{jK#uq`dJPtr)seY)o>u8r*6N)h
zBi}O2vh2U{!T{ZJ<L!0P*m#BTZK4OE^AV)8vW;~czA>2|rBct1u*eHpjg5w&bl1S)
z!KJMwhXrf}Vho+W!~5aR`xIGq)aqc|e+%W(F_+(eJICa3A7sH!!L~*2(fRQLrJC;?
zPD<vI2IPM_16|pc5WVVfpi=o(OJgCG`8#F*iG(f1R0me)mNw~}xo~~^gNx0~mn_}B
zkq`ey1}a<{<e(Dv>OY^f>VD6*HOg*y{CEq2bX%w)&bV+B$gp(~m^U3KeY?Z(4sb=S
zXUqR_SMw8MA2_W0o0_-=q=swSgF#icsr5|l!@{efn0)2wc7jhsLd4C7^QRey?u$3h
z(<=UDMRyyb>lz$guX<b=@hF!7*G8w$brj$Kzs-36-!5=X09@<a0Io-Fyc+yYciLmF
z8Q*YIfL=KR0`!w1h5)^PBnVJ>q$L9HhbR;^XsV6L)$fFqXJQ}TaN1<yeSg;!F4i-~
z;OE<7-q4|vP^Rae;s}fl?ga~y$fH4!M8=zgaWf=>Ex^bF%b@ou0PuTj03g>GO}}N9
z2aoR<0-Bx-CL%P)DK39bJO3{Nql*chYfdk<GByNb-JZM&xj8{af*xwDQti=`oYYs~
zm6ZQU24tMLfl$$|p5V|s@gx%e3;1F78;BTfssOLmH8Q#U*8=CF6inb~NdoqUy8jpP
zgPuNd%$KWg1RqTzg(c^T8yHj^q}Js(uCm~DEw<>Kz7;4Bj<y!^Ad5=eGmcW>wF)K`
zen39H|0a9nh!cSe=tdK7bV`q^uqp~{wFUCwkz0V^(s*PpthzOjJ`9eBPz#$HX=q_J
zvbZd_s5GP4yeK2Ha21|stFR7aOM@;KrDPs%EgTxAX;IUbC^KjMhHFc69p^kyHxg4C
z|CcKbCm*(ZeOnE^OWUstF;VBnYtNj5=K9U2K$|GwEv`ezKb#OGab&LEQwVjddU8e=
zVwa!1;W^z0kdi3#s)f~VCNNR3m%-lAUNYKn2safADS0AyN-lpH$J$i;R^vVXJK~=L
zN}IxfiCMV^Q?j-nXu36y>98rL4=^@G3DQ41?Be;e$q|NCp%2|1z{hXwu{a6Ga%&>2
zhGsrZXPS9>R`xp%P2%(B8@vZ*xDEC&C$1(V*YIDKVWJ{&7@+I~iQ)8(DyLK=gdG6k
z;I7}@K~?kk2*VNb;V!)2*g}YywpS!Le+C`AUOAI5qtG?g23^02M{4S{OUli?Iv#qI
zIm^<>Uu*_lHkf;fnHeA}zB*<dmRWIDAZ51#!)F=*4Xy!5d-NFRpl-GQDOkv8WC5*T
zI!bBM(%z_nJi%1I#H6Jg(DshOH-CSMwW9#BM1`I?%$jvTEzT=Ji0FH<a8_L+E8cwZ
zuoS;rpqD`XFVPt2hV=)r`mDJ02CWhbD_%`n`W({sG@~stY3WeJIT&e+xCzdO0cRoN
z?1A<7HopZ<)2h<jVgBM=ybIO@2YyFO)8)(><RLWCK8O9A4by;KD6uSQ>v^W_D5d&_
zBaA{PGFWq@@UG_OXcy~QkT)vxpx=ZvYL53@0&lt8LKpc0G9)|3HxnzQ>1l~*osUQ)
zp;8}?Ue;%g!fU4_qD38%h(76WO0`peOG1%>#i7F+_pWCBgDL^x;e1_sm1|DlL`+>$
z-c-Q;s7ms49RKHUiRe?q2+<}WntB4wc0{uvCFt_M5N2BDUZu+E>$M&*r5l*y1Sak)
zuEj8Y$S}nsrdK5M4*9^~SbhpK?J2Kv(dmoC%leHCEQ`T~#o*6AEd5VL`@76&@3)oN
z|A!^vmlGKT{!9+;mk2Wk`J&VJ4ifc26GQ$PL^b>$iMopsHMfjX?aU!bIOAYiR>55z
zS8Q;?%0mM^$f3JY|BEs7zl)Ne2l=%_l7HOTKcg_LB_Vo58P9g$QO8ViD_8YlJR`^v
zo#~zUm+KhMf&gn!xvGD(i&E{#A-;Q66j7?TET>f4a!4|+73;;6>f_nh(+4Ht#(<I*
zH~`J>3pxNvp#dHv^j|rB^EVj&qTP+fSd6<M`T2`R9h7cr6zBMlL7!HH=wVwZ)f%zh
z@I!}}Hc_g7$VexmkB@AoR4-+pP9Btqb$VXdNvYmc6T>Kc25gv`ZJ<;;dq5IaFhKgZ
z1A5=0U(m(>uEV-s%ALNCF|AB_BV+xam$*0Jtpn0OaR8umLT^<{srDQa^N1j(JrXlH
zDR=@}hp|Y?oxUHo0VN|1N{B(p>HYtZlJ#u}(ZAe`x6}9PKOYw?Hnf6L?UMr%(MvJc
zMI!@Eo-Pq>)qaWS9ZpcHjbW7@J4LDXEc>gF{gu665*i|OYYHaiSll;gw`PX~v9caR
z73jTafwuKI(Yt!L=v|(kf)8UqV>G_1Nknt9b^%u^^-4Ssy3?q-g;hQBmqhe8FqK4e
zqv%goRKkiDVUf)!`i2$#`j;dECT?zD>({XTiiV>7W32tl40MyTlxi{iB@!?o0~lXt
zo`pM}341|}`gSM2k77WHW>DG-DoSr=CZ!~t)OW(uS&rUD`|aft(X@RM(JQei&L~>U
ziZ-&Mj_{J1!(kMC$BO2&BIyF9TFyR6=$J71<*?DamfaInyquK`tv3hLnS9(p0PcFm
zqV+ao2&PGdXjk@eA@JlzX3t%KR&N-sq8K@C_W4f*0GU8$zYhB!7lZplA?L|WMDvk2
zLiAUe^mq?(gDQ}*l2ZMQnOvewT=f1Y(tZ$=_OT3Pr+q?z!M2~Yic&qKno_O7J|O~O
zQ+&3BQhf+3xV)DWanb1;yp9RNYX5++f4<=euk5GmDb;4|^%teh%P7_BiBzk(|5%Rm
zErN@4rpIXa@0EzY@X`$<5v}xjm2xg4udSn0tFzY}hH|Gbf^7zGU;gKiK*s&fAg$cP
z$F1Dydx32r%Pv!4)CC7-^yG)ugy=6bAnAK*EX{daDb)vE!KGPt;{j(Tn|?b3(rXWA
z;cwaWg<Yfc`JC^UQ#x}sr7<fg^{k}SR!C`+HIzQRmeSHyls;Tcsi%<AVMUZSFQW8l
z8KqmxDBV{^>AEsXoh>s7`%mPr7&=&1u6VMSS7V@|7V@r*$m)GjvKsw;6f>j`$jS~n
zxSQ-NO#L@l%J)S<+K$1#!qj(Ii?VbZ(f+dwNKH+H<E16zA#no)c|W^{No4rq#!KdI
zCDfyw$Lpe@7!G_74A(9>V|DmrJmNdsmB@^}?8uomJ1Ge3K*-{GY+c_s05WuJDQLhx
z<uMznc0pVA_k0QBl&>F!W}|I(qBR;osap+A*ekGoU6B(!e@8F3vO`wRyA>*{_eVkZ
zoSCyi2=QkB#KtB`oxuK=QSC^3#;q<VjFkSnxiz{X1iWExbvblgS*xwzCBgOYB_V`3
zGtXdNYVD_SHo_};luB)iWHaK$?+t^StO<MdDRyQnc5dV3FPmpn*YYT7rLr<IFZH>M
z>af(F8P%aqUkPCY3WUf$>dah32+<bcG^9OLlv27zBBWqUM?&-!wf(D3WK|VjwPR6A
zX)&w%1FQOlU)9tXv}bnlKE7I;d;A<qU5v3$t?N-ckE?4Z-n&kvHLd6^tFD*p+KKks
zE{S#E87xU{W9jjNoj5G7g~2UwXXaaBgm{&UvYNQ$9&yi-Z~HhdsvQ-}wFxB{U~Fdu
z_79hPJ9bCfiANce?@>k-JAIoRP=Ib7M<~II|2&)}!)|kDgwjRe(urgow_&G5;3tNE
zX1^tAx9^mAT7g0%e;QsxEHthm=2@;G%Ife^e#v`9oL9Nv|7g2g+2qWe-~g7)JSY*Z
z!%nv2m2T&kx4v}nz;7dJKAPe8?ZsA%+|&^sr5vnhk2)$p^(nYBGD=ocidB+PT`P4=
zMs=7oa{^&w8S3=?1RQaH6vhkF!M)td8W10o3A3e3cd}Wo=tM}xST+Ldc1XkuKW)0U
zaEAmpQ`5eI{5R~EK$iBY6|{_?)9x-xDc#G!HttMFMJsESzPw7~qLk9ztctBO99Qf2
z<IB>rnwZrm=#+QjdE(Y$`Ur<H;aY^9IDN4;nA;c_swf*FUiJAXoM8;B<5vuhZ-@TL
z%6{!YHD&`au9<AwE)lPCjCC6V)BYlS#Gi9#gwfQ|Uf;>oR9JoBnX2$A$GpBH);ld9
zGYI~-Vcyy<1zu-)9%#_yjMcp?w^>+w&vpqj=zPYS-UHB1rhP1{j>ENuj<Su}G1<`%
z9+EH}z2@2qEc6!}PIqUva*pYz;7GUhPxkGV4un+P$H4zZc{U5`^tFLAx6*y!&dKZ3
znZQH;qw=}GW^Y1?z7Wbv^BIs2I^g|@PZ01T_HAMZLiG1T3DIV4WxGFLjlS2f!gj{l
zx?pxEM$;+%Q8=<n%Xh2GyD>o-y_E}*yikyGZgqJt_WfEJ|2{iZ2++Rl`_VH0m6#h!
z2xbWK2}r-g3ZG=n5adx_jPoe3wr2}gR^)CTwe9{|jKk{0dz7ajO^{ou6OXCRpX%#T
z6DPRrz*`<Qm#tc_@1!$xQYb9hE&C**y$R!;x4r`|*~Jh<QRPw7iecF%(d}&Aj@$}o
z9J#=d+e58y(Lc|MRL5y}*UPo5hsZ&Zp6m2IABz6DdqrOOFmah0Gn?RTp$p-5g5$$)
zq=snki&5K$qsbG}q{X<^ka%UcS9xw@jGR#@xs{N3_9ISK9n0>r<1Neel3Pjs3ob@_
zm2n&K!f?RN#yVjz1e^9sL`yA$AqekC;NDMKzSDObc&O5gJ<2H|x*jd#qN@el#?0&~
z&$I7pdNJ1p9)@{6pv}8X_zn2d<;D&8yUQ4xpDb{)eW+OooDk?wUuL|USKNs)t?4G+
z>roDIrt|tL)85uUCm>vkQc71aM(oI7Y~yb$l<3Va^Ps%SgfeYisp;_k0>N+XM1*Kg
zD5+@8za*4YH0FP5hc+{-5Yu;s@Q02P3cboPnCqqxgja=IiT2tSiSUa9N;SVl$3`x-
zB@9Cora`*#US5Au^@^;rk3~#=_+Q;?gH-}9=tXXkh?<tCpJ&S@sub2F^k~avW3d->
zL5a(x#Clxd8`<aUY;YDx{!8@r&HhVnEQnoPrVklqm~ZDzEQ6(b_h!zFA3A^;ahdKH
zU%!9{h*rAQ2_k`+tn`bK)s#Y6=@$pgr}S&@QU29URvq2oQdqdG^y4|b!rjU?S?R}?
z>b|>hsapB;Roq=~+bt1o!)D;q-kor%9)kGDDkkI2%h3y<A0tbl@dAgrP|LMtn_;0o
z)Cc1}x`~Vj9&oid`uE|BbRqNy@7N1<Pfg3$HdYgJ7-XgcC%%0rgVonGWv^hcso^UU
zLw(4Bs{xlmkIlI2iuE7D*8dR)5A}lezljfSvrwKefZ|PAS#@ko#C5LhmX+jne4vxp
zF%dBT4nqV$P5^NYP*#TLvN}OU!CoBVRXZi3y|f92cmf~d=uj>O)bw1Qzsjww)dp>1
zTUn(uv)q9>;!@w^NeQSkGYhu)D(%-w9DHZyWLUT-J!*O>TO&m&rCVXcVQNZ~qLfm`
zxCMW8gt+af5IYeM?NrFwF0dN1BR{w(5p{T}cKbaLVBu9Rz!M;Yt0~nVsfKgXTy5V*
zKCF;O2;-yEi?uZyB_JqP5afFWPR6RVUp7iae+IYCC5(u#*dB;c6L~W`5R$ZXspS9C
zm;MKq&V|xtfu&z#=|U)7Y?SIB;2FmrN$mTnJ0zk_SkEMm{s|h4)@?@%-yj*+rhStx
zfe2%JR8dMPfGshO81wbKD{!dj>S7+5{=NZ@Ob2u}j!XyL1xKcX@8VoOGQ>DCWwWcl
zbcs@J|2ocgQ$aSLM9*?QM=Gl$ixW!pBtQpzgqrw_5PTp=O)18!5AZ@z;MIp>t<MIy
z`T*R-REP%9E!ZB4Qu3-gAeSiB#vzkBvREgVp>t0`Ph9VJ3hF!R5+b6tVB4Kqjrm<|
z#`|A?!M=n3qrD}dVKKA?yV!((Kt!yHvE^x5>&$a@wjoB~6tF!qX(?;U)Tenw{4$?u
z`o{RC<&^Nz{LyZy!APtaTa;3|nGsN{lX!~`rZNm3l_@R7A!%T2iF*@DSUKBi^sjN)
zwqTuDbKArkBa5L{DiYkT6C-C65}c9%_v&e~GO83e@7e2MU~sHGO0_;29xgY8sy4m^
z_z?YadAODK#;tS{@F5RP#UKWK3ygg1{Ej9owqFOVxV(eGirXM7wPQQ{kMB3rfWK0T
z^$#yosy$T9N3L8l-n~N%244NyY9QvpPDq750a6^r-U+B(BRT|Slwyf{n2Y6%^kU-l
zH3Rl?w1Vqcj8#_ewXjNFkwgmQPE0bTmvXtK54}#QHon+zFZH#=p&8c6c;l@Q44@R&
zY#SU6rxok-s{)oz#AQmsog$V_SkRRtmEg)@Tf_5wY<x#?hTrJKZLJhRVM2*VxdQlB
zRiX?u<Tvz4=n?&p<_Vol?(_q**P~nlFjp!m)mE+*vccvzCzckn>dl1)>sW)yynzo=
za;vU2?SoE<&*ryw51|(~=bD(19(ybk(sHdt^m_oFBipFbZi_^;yVpu67HbMEePSg)
z*Z@)Y%>_!e<wzYO9esgPeI3X(#~lV(whXnu*GNRa_bR2@iZ#4H$AQya7uyBxk46Gm
zEFUJ_QE*kjeR{X0M_va18%)o&#Hccyp?-0V6u7`R`|HnNq*S}QMj{qGgR3ajyIlih
zuNjac7^D^qiF}=+oJr5+<70}zN!65UbJkdf<dO4~>i;pC`0d<mMd**SCU5zZu(6U-
zJ&IBq)c-a@R?@QE%5|CRqlZ^>jyfSs#sbhq*NN|!LU}gX0?<R}i|?01EeT~G;?sh5
zi8`^SxhN9KM*e<<jY>UPk$cG*D<xT}2Wf@nz8=-}WLI=lc+}}=CmxZNk;TqTinihp
zn<Sz=um)UPzHVXY$x!w)196*MDbo6^0bhYL^MNp8C?S0HCa;l*TP=`TA5N{pF;>#2
z8~t#r1%p{x*(!e>{BGz_!3b9N=PKUIq2NR;!oEK$M&zY1K7t>bNrY2kyviuhzuiho
zd#{qth9D2Fh}qnVS0oX3D_-b-mzp`ydZUpzd!t0OL91ccJc{qk*}9;D_-+`#yM79F
z!_``k)e<I$8SZZ;-n$wGAqsrNe?rVhcJ#*064ADZuGzvs@y<(9r^T@iOD%|p+6Ce0
zs`MzMay?2~PU@ZG?`@S9I{rNyN$sS~T4j~Q9yNWs)3*TMfjrp-HmWMNVwywN%EYXW
z!p7kKs475xfWH{B1`~9^>mrUma5>NAh!>W^G5p@Cn|Q9UmT4(uT(QZj<B>~jcw_rr
zVp4XW$C-Q(JXSUHh)iE8k%TggbE?JYcnWfexK(es+&l7cwM3l0Z)>sMdt*RempC(b
z!S9h#Ze=qtIQYX-2wf~(o~O0lD<!fRU7ml*%GT_+?b;nH`S6aY#gkjnREJj?7aybS
zl2vc9Tk)*+%TyJYv0m~jsrzEwYKk8_JOinaU0<)4h}L%{umgXxaBCOtI>^EC&w(zT
zw%BFOSEBb{8CeLho~p%DE~gHHKBPYEQAg#<YOJ$b;>jI9Y%dXl`5oVULC%is9O0ka
zaalVfCCr{G2~)z{Tamy_y|NV&=e^l%R93B!NX2)u8oSPH@{?#%M^;^5S4l*hx&lnc
zd|7oo2&%LzqP3X$r6J(3@7KkS9;77>WNsUbQEx{=l|-DG{T%3x*qi;1Ln|oc<Ni8W
z&1=2BBdH-?<#}$f!A&Y<ms|0ywT}MUIHm(+KOlLPahqb;m;eKLmFLzn<1L>jese3y
z`)kaP3hw5#DRQ=}vP2@<w}miAc6>zkr>?kU7dUWk#4~_w*%oQz3c36;9Mer<0A+P#
zPHJmeP0NydC;q2WB555e?q#;qD}{WBS&g*)Y?vQsJ;s{uN{OU4=BGp+<+Aq4ay%6n
z!i>%LS5@0EPvTq8+6elou6xumOuwDZ{YXwA$UpDUmF3`S%Cn{{D#verX^gfm2Un|K
zlHcXaYdCY~EN5EP898J12>(1p8Ep+V8GljYd1((_qf{@2?KSpwv%-@`g+f+g9#%*&
zE8JsL_>NVW$SP#JA~%3t`|~l06y$U!Wbq*;<p*>HJw<;WZPLTIy1wpgJaAhVeLR0-
z!K}_f9`VhyTx>AHj*jT{(bdZz+x_()w$%3`ON-r3dv%!vZg%hvfC9R0WoH9&0tF4s
zKiZh;EdjTG#ftliQnqczFUKSd=JpR#)_c}yrn#0%grBC#q1+4(XvPr!>VPKY*xB8k
z{T}elODF@A$LQlgtgT_~zi(8Vi8j5p19ujr>8Pd8WtO1eTzzwhxiM<Jms+B)#0h<#
z|89!yD*6<qY^#gg*72I7qPKDoqV-zBCCf98KvILvd^E(s#7=8v+GL*rL2G2y(LNSD
zSTVBV7<s#$c$Cgh+>SEN*Zc~l+J?nUhHOjiN`xqZUc8FoN#~jeRe_&$n7b((H73T;
zZ7HjcKhFx)^pQ;>mQP*`X(RIWq!2>9>L|QXISqcKi`$f8xZ9y!1Z%otiA3NcW%_g`
zaXoxod=tU2+4iYPw1`zrDA7~FD2SaD2O_>(@E&vyvFHQ7#z^_qGlKH(HVVooE(#nU
z=*L@jz5!Mylxckyn``EK^xaxyvaAj-G$sq&KxY%E{w(A6L5uiAFJN7ufi-2-J4L@6
zPsEoMfjoKiutW-0bR}f5!%m2HxdY0R>CC9!xCkd5BK@lH8E)jXi&jq4mw~mK_;O40
zTH14q!G^!m)Ue^>+JOz<svW9AzKhJ_`!3(A6nxQzGs`HDiLNzGg9d%|u?N^o^TB9!
zOgt?{J7I$e_=?Myh~5Z&Bpl1PU5vX9B@iNXKyQaxY3H`U`>(;#jx#+0@RkiCZDJr@
zx?UjtWg%15{QISUdKE4eFk$mqC5+`7>sTJKJ}m7~&UzHeHl#W!IE#8F!HEZES%U`~
z31zw)QahmDq&f2a6<eWPt*Ny3f2*bc=BlR&Wfg5S=R)CtvRUpPS*zg&*<4oA3q8td
z$ThT8`wS58VY{kFIqUUNMrCSi*f@Dr%B#K<Q1u8SF|`fu*}QH!uj}%wD=WhbVZxbk
zNNs7DOwnK<rWeb~dMzR!JhyN(;+N6z+(L0+!VD?vp~)^*lI{9+H7th*4oE~z+oldL
z)lRnqCu>pxVMCvhKAkvy+00`863z2_Pl}n}T__Rl#2;*<(Z9Kb@BbQwOIhLOKO~}O
zT*f<Ad-ZWlP`>h~xw^_PQmU^<cS89I(e!=R^fT5p;VPxtJ%37u`^#6rtnG1VyZ>Rd
z7{ppU!&=;X9d7#M0>3n;lxmcH{)(;Zi+}jp;QwKumR_YaXWs=%$5v5#M-`<HS5fM`
zNa^!kM0C*eIYI1m430tb{JuXp_pC>|EJvIbbr1zRh1H4YMD@k@OJO`e#mGXmQ|F74
zGhy7~onYFj$?;4j&S8JVd6m)e?Y&BBJhN3pPH<b*6Yu}xO+Ne7*P|x>+_L70(N;8C
zFBC{b`}z-%&X05>WO0NY_227Zc*2XeiCbB#jsF9^YjC6y5-tpr=p^+!G*_2%12iqR
zLWca8e@LW8VQOd7Ds8RR{lh$goQ&3J?F2#=$Jhzc_tybi^lI~<u@N(^Zw_bv2z4E$
zuzS1SiWU~h0{mXsirb<Yk!GH5o(ef~{c#DhXGYFHE`d)(<Z1nY{Z_m=PTv<`Q;NhQ
zS@7%e_$bE7Mo>*iJjDn8Q43F70LE=n_Pcg%_wPbRO~<pdI&j1;t0Sk&YFdu0db3hP
zJj%agl9e;E;#n0VtC5{KG3<9-QpP4}fRcJ1Q@eW9JaoQPIx`zb!aR0bCK0XdcbLaB
zY#tl&d5n)FJoY1@EQ#)5M&`obC5ZL$?PUZwGh0RCshczN%@97T&dm2fGdnM<j#+S*
zZl$aec>Y4Eoup1`$ZXC_w$!>Am!z~iWHow%j$;`8GSuE8E5q}7TIA>8i;)(2xGoWG
z#P3XQX!>u!@Uk*8*O{q<vJ@GM8podv*c1+mk(HDwPG7kLQtH-<<0*Cbh6be6-KjCl
za<~W%NXmZKp*=gFFDDfpXOKzMt&C*rDA!0Mdd97I))?83*^f9`9bU|cPs$!Bxs_oX
z*>p_PIBzJPHHL|ql(8w~0VVlj&1snhaUWxH<ZRdEB@)r@oDWm;Spp$TTJovc7|Ij2
zjL887m`_j4d@!){V3}?SC5HVtCAASQxfZgTRw(yQtgT5T?Y4?OOvwwKFY(8j4m0kn
z`VEXsR_jQ)L{ejnBiiA4TBqO8${fV_7y}+<B|S&0Kinq5rg+$2cBr4zd*qag#yLqD
zYi$0tzQR+9oQz)K&dgFmi2K=VTH8E6`u!vx(E?3mH7(DhoWnRuQMejR=|&iB`9Pd}
z*NXRAR6Oi#$%YdSCEG)HjM8^|%UdqVcNM?e!>!hdmorw_Ae==V8skyoSK>n(_eIGW
zD=7Q!^tmae6`eUe$TE0LdtshLGODRF^8!Rs0T^DrDI9#3YxDCYqDR838_U5h`S3j6
zr^ya3pqGP7@?P=%BZr9I0e56O@%<Zz<xR8o;_GxrkjR~<Fmgv3(M?vP+aHqx-u7Yw
z51#i*+}5O~R3D3n)GZcCL|Z*iB8zXgqsu8h&*_`y2oeeK^E^~HSnG%|9tcnu)QPRy
zZ@f@VyuXnlgr@+qLdFfC;cRzijsi=DvDAwWKX>M<^T6$pqb+>U>cJ>xn>1KYZ9)mr
zJBOm1qu)Hv!%pA(S8xit&Xb6qdIeO+V{B)*4Q+>FK(D6f=}R4iEV&I01uX#!nJLc7
z644C3&KkDo4WVEH7E}m`;#CM<+#HMBF+p0#Zp|%|FP<$sso#f{61owxB+`yncBRm1
z3oT~u6#te~*HI_!&05w4@Rb#Hic+?vun!S-Q!~C96gI3LMaS1mm?5S&4&g_`xNB<_
zb1bUUAUFp!_jn8Z={33sK}R>O!3Lm`*-mA@NQB>>gv);-&r{GQfLSlV$r{cEzl9x6
z&|uD}eg@_!v3q^friz-2P65?1E7GvRFTwL)Z7(;$?Z9{T5~Z5_3%6@q;=RFfkwGn*
z*f48?xuvMN%7=wASy2EXhG^65{8=LU)==x-KlKt52am@`!DfD=&4271*!<c43R}@G
zL0cNbr;MBqn?O;@w($wTU2FijUHLiMm0jS07T3Z$K|8V1?*ZW|Jjl;DBsy`MwG;J!
zhOOsmHry>Os|TVjAQtRYLYY?ZGcZdY0Q?ADR>p3{b2|%u^uYQ5>4XwwzC0Tt`qwtT
z0s<>CKE--jtlsN3LbR!~xde=I+@uwt#-?7@^iEU|%UDO^86$PRDxTlfKS%2_ygMO_
zJFv1{C^PD_4;=&e-A{gWvk|hS6V68S?xG^AqUR%w+q#>l)j*qaV9D(UY4Zso`nSYS
zv}&);Mx9BB-XGD`ayO&qcFP=Kpv@%);uwS`LlsfVgX)~VU91ALf3;DwVe3|=KpbCs
zUQx<6SNA~K!{^5!GOb>c@)t7*4*^-bla&hDSK?K!Sxv$<vmsiE(QA$F{dG3K7&Kkk
z10moer=&)sqEXkQlqV@WG<CK_l9hA9z03_zR`ME_c+|A%USFjpO+PCfhJ{|`x}5Fu
z{0Wxmic+vdwHKRUtPgGzeje)B*)=`hwOGG0((_4b1Fo9kp<=#vI=4n7^1fUtFfD&c
zE~EhraB=h5&`$p-i4D)0`Idz91Jh_s(4CZ0Js#ZA+kR#I*^2RCHWN$fKbc<5N6$lz
zB|<^3AtQn9j)N7O*eTMKg0*wOv-Ewq;aNHc?}9nX`5R)scIPS8QhtP`zN{N}Dcz4(
z$zBf+Dn#x!uacd_>uX7W2?=s!k^e32jXy|4zYaHJ#uOH%Y&*=hszw&k5M+}wR=?`y
zk8FK-jZ*#9YtTI}NH*7wu%NVcwi&byLE3)UCuoxcXiNCP=rxQgvTH>TVfJW;e=wst
z8k`qb+N_pRMW}iItLB76UZYggXK|VJ12J{tAhiLWzUL|s9c2*B^ek=JEJ3-xvzk)v
z=^sqq=zgA3{SI`Y?%pe!{f9OCaF#^$?O0S`6pdg-|7Jy_8GX?|@GYj*SxWWw*D*fC
zsNI3pcCp%hDPLPCWUO0*{>oKKwe_=1s=hr(slK<`xCV&lD|Sk$Hj594FYgScdcieH
zpTAK&!+E!IRrpI9h;cj|#={nt#)H4)@=RWEEsQJCOXI;|a!3@k54Qx?`UIS|;qatF
zsayRx-d~j-3#zn7d9j<UM*g*@W>kZB3iw|jvcXrk=E;7Ya8Rc=&y|RlHVdN~?hg-q
z*6f8@V6fqd?VaKLV6btL`fWV=K9<G{&q&LP0ZiUJGD{*siv4{f=VqF|k<m6nl9s*O
zgOH@9_p*r^RTq3C2P2HfjQR2@$BQF%#q!DQ3N<5lL}A|75HzdZ%37yy02Db^MRDiI
z*1CpsWV~>W{JNVvM?T+;UPkbbz$KJtcY}K*-|0J6iwVV7V&KqsH~e_h8sHcvQXx6C
zCuT|{Df>OUwq}O7GFFQ_L%ictLp;ihG0DnhS@D!ItGoSf!wFIvmz1$tl2vd10L4=s
z1CO&B4;wo(zp9HDTe4lP=14><nt`*mqb}c=uUQ_J{c{G7(O*%QTPx1YUqVD2?(cXR
zdhV_oZjX=S{rnz1WHoZqE<QYOKz06vk{bESE<dNoQ@bRhJv#%O9v7wyr$?4E^8qk@
zQu1Zhkqqyvxt2-7cQphaPfP6Sw4+a91e#}J_>b(Ah%<9_D38I<e#fD`_B|idv!UV%
zS6LmNpBmy-Ug1y9ng{AdF>;1vb1TD&;$(GrA^Va2faF$&ZDu3?>rTVpQPd4yVK$D`
z55xqTot@B`_|wl4(Y)W|$p1??5RGBK_j^9<PljPUv@?^*N*whT@Tyi?soXoU$4(Ih
zk&_z3mIq!X+@qyVN54hS2twT1OXIoYqEve%*#^rX%A=HXpF}@lh~&b#WJQ<fg-4eu
z5xb^K)&{^HXJL!aac0^XQOagnO)1UjRoj_qw-KYVtn8Q7=*c@IB0LzAB_6lncWC~m
z1pz!pV0b)yQqb3R`%jnnbHQ`I<C8c>LceiFs7*Yo%48bTYh?BQC|Ml@zL0ylFXT?Q
z>Lut4@e)~mIL4!N;=Yjkxi7>^oIVFrRjRL>_g_8ADeci|+!@jlBoe^k^|xQAR4-;K
zi83aS%?5Zvywf<514K~T(s*!%^b`gCLJcVnzK~|3U`VLN7qWaB+q-8C<|n3^PlB-(
zD9B&5`a~LTmx8``p13NU2}6IekjPzs*)FC+X?fEmlC*R%cfdUz%7w!z%LSgVrlIKu
zuUm#&uQ1JIJx~+-IN*)!9E>ZmxI^;bOzN;Rvs<Wehx7>bdoulLfRJ9Q<tEt(fARDb
z*PGcIbNYN?gy@qnTukfENCExw@Kp@OkDJCc0r+uRYhV<6uVAr_75BY@bCtAgNKdw3
z;Cpo`aI>0;Pp?v~A4B(KUedCWP{+%3pcYBXUV>i(*{?cD%ie)sgW!-hJ<qG0v4YWO
zK-|HsfnYjqc&(?21#(S#^YxhywrhRUok8g#6tldP1aSqv#G*51@nmrxfV$y_?f|?e
zoamyBXFbBdIgBGA0An7)NCYkQWJTSglnsmUQ+K<6M8HkKd6X(<VNMD$_kAtr8?cr!
zs5w%oN2Nt68#Y33EeI+Z{e=l-{-E^(NaM!tModF9{!@GJYwl9P*WjKBhkXCRpop|2
z-ND)rKAXIxWhI~~q(IM&uIXNUWxIlyAr8NNBk{Y;DG&<_?v=&xfLh`be80@;o51WC
z{VT5Sy%3K1f1rMikbtys%av8%5OlBTr9ut;c&^C(h=BoVUr9u77H+w)-1QQrUU)Gd
z&Q^G=w;9h+r8WCTB3|V>+wjJJ&53e?$6{80WX20U2uUb2*|AVOxyjhlqnt`sN6mts
zJ;DYq3l>Q1HVAHarCbTxuc}aMzurQROFg4s3+DLuYw8q<BrV$x)6m~K4SGH<WsEbI
zzcO{a<KUs&5Z)756dRok%B9w2m_YT5Hlqb^U(wwEx7KM27ry;N`GUG7V0{|soGy?7
z1K2o~*u`xZP~buYL);6;@ndp}QZ_u)14waMh`-U|61Y6Dou!Z0y8u2P;2Xm5-4E`U
zSr1}ACiN66MYIH8a(bSgeT7o5a-k??)=;ea)eWnT0+1VK_Jn{Wzbafbx|IX^EcE7p
zZLl_>Oq=ngX%L;fL}}8pg+S%tnv#{-uON~$ZG`Cmwgsth3Y%lKk*r#>jSx-!5<NQ`
zfs;2Z?incg0swiHa=23##_WoA6&=0G1-Eh?Jo1}8$|~*RmlAhLxs_cW<r1?mLgB%u
zdzkJq$g5oNDr?!O@TV2w>8I1$vM<3$lu+qa&cNGB$7FSQ4qq{89V<q1_@Bd|Fvwot
z$+X`RDp@sIP0!<1Q+vYB*(F&SmG4$Ic$FeI)3U1EN~Nr9)gA&gdocP3#^q45Ix1gQ
z((_~m0Oc}@W5Jo!*sW~xDn+t#UTXpE_Ct%avad2(9kU^|DI3hRhHhn(M_DB+Ra*5I
zoVc^l%$x5~({ki&mva`z{}f0hSvi%g9M-Off)9~x-^Rm?DN|CNfVY-5?+dsrhp+Sb
zsPX+v@!eOLS{M9H;j&Vsjfc<a`PMMY(O=Z?H$C!2jVR0hU(|3^_4q<unYVhSw5LAf
zYx#32D0cx{T6yde)8GzXXMEcl_*S;=#d^DHO0}IFsBg<zR<A1vF4wL0Y=K?>0$f(E
z$(Nbd%QVmH+QXlN%j(ocNw}<r!lP}DVG?&)O+HJh_Q|JA0o;(#gS)IAK$q3>i;}-v
z=sI4<GhJ2>pT+p6bw>QtPa>6?N4cC(s5SjmBD#d>CaWRf-1Sm$s4tk#CL2QSWkB8g
zqd(NupBVJ=0Sdk~8$(lx@}6yHAWVjTYKr{vXGN}{qLdBKnILZl(4(BvXIupt!CF*A
z^FK8C6V4aE5JUO686d>vQLgJl(OLCuiRkpTZzZBdeIgP4sVYjf#h;k|v-i$Ys@rf|
z?`|~Mz#1HwED`-XENW~N{l<z`v!cP*DAiu(RQkR=O{qQ^-Bfz9sGY%Tf5B?sEz$u7
z-=3_StKRr3rCLJ^mAlVSs%KOgnV2g7!AR(yE0k)RCUg3#PEo3VbB$6nKM<bqWWa$r
zNoy-BSLE!4V1#BA#c0o+wUH#HNGr_2bTSQ6d^ELNGDJ>`Ts{Sj5(!!Ss2$AZU%mrj
zv~iI{v^OOPL98ehS%spQWa$kTZ;CW!F*JA^8+^M+A_ZL-pvUcmXnn9L$c@QNZd{ox
zk%|cgtyqo6m@5CN8P4Qv>F=K#tll4!Q5}}rB%|8q^nHSt13$TpmkZ!*L{{I6)1IF!
zvd!8=?wdd0r8HOFa}sw~41jn-*ALfuh<pPHtb7|d)p|P;izMRAd{w;SSg8$LKyV@K
z#mGDK2>e9E_2b_OA^ML5ZWP2^mWW4fI|Ss5e>ndf0%OzhYl&!EawL*ekassBNz0dl
zk(cK3zhJQ>hx;J5@zDA%i!k^lsbGQ848`w)9Eg!qro*7O%V%3gWwLTvTTdYGQX?j|
zC*?>M3-SFNOY$Z|VkZ@h1JH}vT+B5B7d?|qLGU`I)Jk~8hq4;G6+(bfPp_4O!Lh1i
z>KQ{%?+%Zoxq4i~5%*2JPN|kOkx$jvZ2Wc+LcHn=7%7}_ovGHZSl(SR_n)<sBz_mg
zqny+7e}lQ<u|Qi0JfNlzVeS35tx1z$ke)-%lom>);LE!SS-gaC<_vnBChW!8Jjynq
zU9j9^FGCkxdrt?^v{T<?S~f-juf#~dUsen0Fz|a3Q0&SEyeFms-jDv2NP%)U8#gT}
zn=jzLC|k0P*6pT9M7uj%B6{2F7+tVsq68fq%OumbY%~5?zD8+9W-x#D`zOYNzxnei
zRg{8f`?{<;asUZl0ag<aUw~*8vttKfLPBCKnL!ob*eXh$nPIWuZG01~4p-qRTurhv
zwU8D28bEREQ&%|K{t-*?#)P3IL{4N&V;QUN&b~j~eb+u&@#O;SNANm*M}+;{DX~(!
z!`tk!%>>XTEli-!%uKd!@7m|g{1}^Gg}ZRBwnp;;$b%Pq;xcdk?>KAow?y;zvH3=9
ze(a=Z-mn!kUnZJQZDnn~*Up>&4a&7+8aDsQXnq2lPZZ6+YHe*kI)pb*MKA6v*!)GK
z`GfJ${7KP#a(v)`F8x?S5S_#DejD$<0V1*;faoMZc-jSmcuRnI96{7V5Qk3)5aVwL
z5SK1-5X)~51aXG|F&drpJ5Yo9&HzC=1BkT(M6b?)AkM2C#3}?a6G1#~fJjXM5T6PV
zsoeuX<Z%$b$xw9}V|wiumyJ}sE31%VlySX(VCIGv$mXz;GB*RSB~r+>O0_2sfa@)5
zOAA7nd|@Jg5IpBB5kh=>oxY*WB6^xj=WYUjDu@Ea-@Chw;8x6SOdn%@Ok%1W(5`;O
z+q?&D5@#{g>Rh%Y+-gc7wY%c1)b5QV#M9gLTOr%4&e-6`9Qg4!{+I+mcJLH|%N2<v
zDQj7WO5?>2w#7zBim%d{xf^!R#Q5{DX$i#OD}?3h%v{>qihOx%LilD`y_}&5a}Xl;
zc0>TqpCCN4?~8cTA&wB^cKlCqKutm=EtQp3`eX+ZcYzVdhc&eU$0@5I8}x~=I1`@&
zNerLNiL_D}={G!4fHtwiIh@Q-{=&(uA7@Txo{i!2$L934lnBx1@kxD5;S&@KdS~L5
z(?N(3^Ycn8>y^{jTd`T_Tn~olB|H4613w<eAEyi04|G|c)>>vsL|Mg1Ol@nN^teH3
z_wDWL{A{gYsjQwhqMyT8%sstbiwY!?<os+cbjjBhb_=S_%#vVYeeJHpn^gTA*dH~E
z_vd4XWl#L&)J^*HSsQDAzWjfbJ$HN*)z)_>*(8*(p@$MkXrdHZB^nG70$G@aSp*@V
zLIgn&3y6@FPy&%;m3ia(_@1D#pxB<Vpm{19MIaPOu!brS2pwivdPzb_?)SUr+$ozZ
zKHnetWoPEzbI(2Z+*58jr!yh^Ze*|Z0`Yd0<N!l_$4mMV!JfE&ZOq6HO9j2glyw4e
z_}=Ucd1aP?{P)J|J-Vl_jX>yxE+oWcfgej5BP4KE-ujYIZ`{03i%Me3IqM_`q;_|<
zGR5A`z!cFJkSVguktz0f)|mn=g{dzwb_^pS*dwni-a6iKwq8@~+T#5aFq86%+oG|S
z*+xu`YrIY%nF*=Ni$s7BifN9t!+}nWM%Q0t5-u+Aqd>feQcIwK4FZnXh#|((<df=i
zy>v-pP)4WHQk_c6;0I>G6P0yLYlCCo8M0Z|=((pit9dVi@rQY*F&UP}ciehdhLw60
zOEEL51rVnRTpHZ0y6{7t1%*4=TV)+X0+uGgEHIW9n&Q``_|<rQ-B<r&=Sg3^^@W{2
zi1f5;EmA$%Rp#(5xQh_xvb?Z`nK>3C)>$qk_j+%wKpe|A<3#d($M+!=pFp%vaV~!u
zV8V6{3fqV}yg#C|budSD2GicPRv=QpfFrLBtSb*@oSneh$%}*S{(~BBsV|Npj=Ue+
zfryM1m00Z~7|X<zz+Z{?W!<bzzS<2G;f@~!BKF(t$oqFgqscFRVABucmK{<@=jpNa
z`fxi~xA5Q16Z9I#zh~2LZx2>tB@B>%aJ)95p@FOekewI{DwXNiEA3H7;Di{Hhauo5
z>?h1`%&n&0CTi{yZoRtDE}@dLh7CE6SVA6iLe@=(xs&+Inb1AQyZUdnxAy#<_C`;c
z`{>A<j=JSbczDUGTi$4E(Je2xB?Kl2^GVBi9L2ohL2<g2T%7r@?qeO<iXHjk1wCSK
zXKSY?=CU5Fc?QU}5<9|WLE@`{x{A_~H>HhL)J%h{$t!17Q7R>;Gy>co4F|;>0S}|_
zK`UYpX}Dvfwpn6m>HFh!Ej=KdYw4k2C?>WF(fHzaAT1brCJsy5A=I<1gRp1%VLQ$w
zdMD?zL44uH3(Vj4zuAruCsk{6bZ@V&@Qa3_NnCNdp73kg-t4?6uPlV(vF!~jVaIm@
z$&410?b>&Y6-zs?FOe8nIMU@j?vZOCB?-s}2>Tm}2<~IJ`&X8M&Tz$YDTjHLWL1(^
z=YVsw24b@0f_x#FttI(9UBQ0yc&3B2$9fa8%&oX$L?znw9n*rID2HzecmP`*{+D_a
zGRz--0#4m4ewZU+Hc9Euea|hnI^JaJ3$Vlb4=uD+;>a5)gcy;*f_{lu9r-CQ*rW;W
zKIcX<24nreh4NN`wydGOIUqQTxZuQf@m8W@|M*+h3s+QTJCA%mu)xuAAW=Vq!uFT>
zC+`U+^!ns*5%Fpa9%C{^?E)z8D+C&D6qSK7qT-Gh`)zc*QpP$0+x3oDwh&w&5tS8C
zR2dd4$^AFtj{Tq*Nx@N2><iYghKEKueDk6Sar=kHi*lH#*l)o5AyJvpl3c0nhSi-k
zyf5*u#T>iaVjv2$aq!YDSE}WU1vqCH3dKc_@zVqki@6b2)I_<jfm+}h>-{)US;q=V
za;@5Y5ga4ns5^WED5ctOF@%ID&)G{ol+BMGY=d--@G@w<N>uFgzF`7;NR-3Z8Lm4G
zi5KO;QDW}qm^w`A$eUS1srFzErNDvqo(v{%_b`9>VJ)Y|5IE}bY}4OgS3_xuue6HN
zGhu|3_<pUTbZ>t`w6Z3;P599_R-16+4YUdWxrp0@-`}8c!ySzVh7%@+_?YR3+yya$
zW68jlAcJEiB`XT<Linh|x8^z{#Y#pmEwiOjwna;(92dkJ<^0zv4eSw>#MQ^^$%*=I
zgs3EXPoh*lyB+N@R~>t7ceX&B#lCXKisCeX7m}L0#isoUsR|NLANwnn`ePTXV%Y%x
zw0-f{T&1Rj8;WN9*A|sZvUQbudmWW3Wg9B>|Gr{!tjTS`D)lmKLj*+Kv>o5eMzk9j
z8Ql)41q(Uce%<R>%2yT|mU2IU`vsGaepfsnA5lrPoe)TUGo_Z>oEy1WjZt^nfwl7b
zSIk<`GRKNaDuX=tD}i{si}Ej`{D<0J$K|)%>fkbcAsY;hSNiln44v?fted4=K1=>5
z;{y#PdG*pNz9E%ZemoR*Uj$ji|7mNG`^<j?Sd>1bE?>a$NbSn=*z0&4Ucm4;#%pu}
zJl=0>C{<-}j10Wb`0Qw?*4wwUw%)Ow)egvA0A_dQe^?u<SAn*=4}IWCNB_blYSz&T
zvt>u4N0$nj8h^?LmWrJrn`aBRSSso5ES8E0TKEw2f*}&{Sx4STn-#s|^I?TkJyXUe
z0$M38=5Z@!Y`36$OGWcR5q)yxR*J~iAxIISH@CC{dUL6Ag_vyb3)r_r?1#d`)G!P7
zHC8+8f^KIqB@1r6#P`t4HJR1Y9TAgx(~bsNEIKuF+goFXzX--f+~F^os;J0p!_N*D
zf636Pgld<y7#qeTkF%ltA&$K3ZFE_M${H?f6~Zpxnpstb$PyKprYJDe268{DP{(wY
z6=jsKcZ3t74Q#}yoy`PYRU4pLtf)K`rHv6n_Vke>A$xiu-rCd4ur?7_`33aUk@ttq
zh?c(N3)b7tc%xNI2}d0{GmFoXK$kia>4z*sBGJ`siWJ5ZBKa4@i%Q~ahw9sj=i7x~
zhD*SYD`9RY_nP>HKr;JD$-N$BKl(_?y<F_aZH(FG&BaxUd0ml?DT9~_V#FHGi1igj
zS(cJ}b^gNizK~6uW(maQJnkz`b*$JbDv8@GZpE+Jp-{|e2WuvqS99Dpt>(CWvRcRO
z;Pb(_O*L>E!EkG(<Mz^Oz|FPviUqyda|M!n!<JekFy}jWukLztEicK})8r#+|8B5S
z;bZ2yI@c?3^}F0?=|R@gsCeYj<$}SZV_P$k{B*3zppKiAYL77GkIeOEYX}7vZ+Kwf
zl9>o@e;!@1eZMl#<tLO0#LH#Ej80bZ@zL|lbGa-kiJNap<?gL4R2I2D?g1}-;I#O&
z7!TbAiE7Xa8Syi!=MJq1NnOtf<?wa4>0R%Q&PfBfMt~LKc!e)IvZ6KU1YamO3*6j>
z1)QB2#4v!khv*RdAjA?&g<p7uyiTm>X9)2NOMy>$fpJ|K#BhL^XF$9QA^I#8=J5(o
zcO}G|Au5TpEFULq(`)t($6|8;uALC#?W4;VB{9uXr#lC@s2d@U6~&Hki_`pleU{Z6
z&QhYXVij=KwKN5|C{^B<IyN<3txB*FF?UN0EKs)~#;Oml>qyFK)~MG09G;^boykSR
zeF=5_|4h^W|AdK#Rvit|u%NuYXlM`@V%{~5vx<haPx<s4{3)M)cYLZ(zenc;PruIw
z>$IE7CdKQ7Prs;7>xzcTIl-dg+x@p<+QRlBQ2e?*h=zhs1d=&fO78VB`|+@p-0Kzg
zV<c-~(`=602*hotf!lO`5)sYdAVq-g1W0&M0mDbTpv#cKpM;Phz32QL8B*FAS38@v
z54GB<^*=*tk!jiQ?+^YcFpLcUWWd`rj*DhPOwnR)$7mRuwyRtY`CRsw3;L}KeIHtq
z*P+3)AOW_c-(DaPb<k{qQ{<x2cAFGDdt8=aUcSVw>G;`v8|LE#TvvYeO`aQ|4v4rE
zh77n^D4H4qwi3ER+H0^{gVa&F?%B^!PQ3FkP_`q=+I)ei|9nnIxr!f>zAM3+oy9G0
zRp&m(<C=F%Kuvo34cxOgD<YyZQ}iR7)1O0nYGGl7s87w(&(rDKpuTHIbpzoKqk4F<
zWnC72z}AJm6`V7u*=3$J3e3XA6~(@IyRkdo1#-g0b*(_M`hGe}soMEjy?<p!J2A<a
zZu3=9Ng295<O!kWx0xoYq<n-pXJL-m#{bqgn7>>im<Z!>p%pXvjVnn>8NLhl-;S4s
zY@&I*#R~SdN7#iQ>99xFhuv>x=)P!WwK_4+86Ph8XHBia8Ohn&xs9`t_6+O-06$>G
zD@MgZDTHWUFjmxiI|buP;@oF-nl~ylXkHAOEpFohPV;{sp;Y~HhK^^s0rl5pe%`BV
z3pnrf#~(tdYk>W_)uTJ#>vs4?9HCU(iikx)c99f0G?d>vSV`Lov)!hDsFSujhm*Dd
zNPEdytX4b|8f9&9^E!k&Z+x#YDI91QROYHtW<&~OX}GQX1ID6Q!8)V=E<lO26#wA~
zgU#F^=Bskx*xcD1M0Sq87hzW;X9lsy8kF-sgycg=V5)1En*qhnZ8wMV^BMY34*cC1
zN;{;Hi;F1dL)rE)rRwpgb-Elh`gB$w%14^PP=@~=auBk*+<GWC9fBd*^u9hMQy148
zlHpGaL?ej26J}}3o4<u@3C~&R!#xdQPcvXQs1N)6Q=z-1Eo(}My7p;vp~!heAJiR2
z$=g`TjHZMXneT3A?~btA*-x9td<LG-Yws~iX0wtVn?k>yD>DbB^)vdQeD<p`C^>ND
zF7AbWd{DMjP^vy)U{Atzs5eshptvy@!n41IB-PnYw;q&dDk#;O;r!YQ6D#HR&`>^U
zcWWr!Dlop+DxLiQ$QDfF0Lee=$<Q6pR^Sb|*?*X1Ay4aMS^kSbmU(d7E^hu_PL?wV
zDOHmUsCENt+Wnj?cVQ0Shkgm!p~DHc?$GjsnBUdt(Dw`Lb?Dvc0@3zD%%a3KFdb6P
z{T#BTm)hRCr8}@CxDSSb&g!?6I6ZVHwMXoPsJ16f&h2_g=e<LwhV4&?_CXUu)IX=2
zCEq-$mpoyVOlKwE5(rUOTS{IyRDU+~Vf_3+lc3pf7kjs}30LP#Y&oeKGo2gRTQF!2
z?1OGqAD%AgCbz@)({VJ&yFV!qt?0P1?f|z*)!(1MREq=PL?Vhqd8^tQF|_1An{KRU
zipolqqSWEL?*ye<&S`!5qH}-UemxTQmkSwq=i7%1b(Pwj>u{g_#IGikj-ReG>G@KF
zNssRaCOxs6n|ZIr;%S@UVb|uA1Gv{<s-=8a8j@`e#on52?kWei@vhX_CU!n&n^gwe
z)K1me#$m9{ZpJqI7~A|j%?#4_N`*eef>E*=D|vx2!>VZ}Go&8WOCB}`zG;6#0#6i~
zFPbwx+SZs5b?P)zE>1qCS3P2sOkh=e>JH$&mWCD`*Gr!?N>A?3hb&(osbHgVUn4?_
z%;JwTGzK*WL-NNzz(TG8ArpN6dr51&|NX2$RPQvMWTy-;v--ms(-(v9gO8iWM|e?d
zG~|DN#cIf#)ie7uPx@niEGBK5z{9BM=wtcQM)`b(_2nzfAD*g{L*EzlsRj)LMuiXi
z*LB2#s1i)DWmaa_er-rdktr!6Skp}z5lxvej=igC2vUx2Gr2!ws?Plve=@kg5)z)p
zRq5%`erpwy`-}Dh_ZPzP@s#g>3d#MKTHTua=VBi0xo_&+-*&DZp|rsieQjw_sy@~G
zfg639Qg!zflj)y4pwlwaVEXa*|BtlP=E6nzlrg^nf35kgK7ZZa3i#{U83IvTKCbgu
zBcsh__oENCIHGRMfy+}k9S65W?wR(omB&mF%kO7Ac7FsRnlpkBwbf+3nI=Y=@7a9r
z%jR?0WOJHzH;Ayy81e_1AfFvYNRjz&40~6}-qo4rfhe8Irs!yKKgQB=?hxe_KuPvv
zmHvaVvUcbS?yaRy=1~(tW5CF#z!n-lLw>HMhlzC;1rh-CY6<(`?vgDO9538Q#r<!G
zFPymzRfmDi=9QRS`|)I*Ym+w{Tssmn<i(9D<J1;fhU8k;9sqYo32<%L=8#-_TgzK>
zZTKF{Z~nT@wU1}&TswM_&b5Wcis)#@wMQ;cs&;(Ll%ii61J=}__ZgjQSN&bC6&n$v
zmQDiFTQ<Oa)R4Mu4ComH{tI;NazjGY`IAf}A23YdcmvE&e+@?a7!vLtkd&0DpJ6V|
z`?>yH+R+^5Qs<`xqHdd{GkF)Ik?R9+E?sY4cP@QAiI48~<~Wzy%GSALf~Xy!-wnv0
z6y$Dw1ZWmFAVhs-qS@CY2FY$WVDueGh&CtOSaMS{paM?0-I{KUJUvh!>z-_^2ZdW#
zgt15tgLGFoA?lz<br$Jn2(~0vtpyy31&as2w=!&;!*Fk=iqaxe<#uDUwkMdaAvSqT
zi-@XY9_6;%y$vwzhG~7h@u+}N3-q<LXIKYyv+JzG_tbGpwKXRI?kvNW6Lg4kAo@ay
zB%f!{hCeFkXKNh3ekuxvwi5-S^;BWby|dYz!p9%gr*PH=V+yZ?6mfCy{K^M8wpq{=
z)_&aqaK^%<O&Pi&<lIeZ7GnM9UpsL9XSuQdGfSVe?@Z7~q(hoc@fmDHdY+|JeJaD`
zks15+v3b}SyJS{UI17tLtxAC7=a$sx_}0yU<DE|kMEx^E=lE6zgY*QB_qu|){re0~
zhz1Vi_MR_Vx!tVZ$Kdu)Glah-M7X%n?2&}1z6s`atog_EPX26kaxm-UMqr=cBqgQy
zR_N#JTkH4psix3R_cVd1=O^g>>|h|eGGsruPvHHW)|A^<K5IYC>hBr-+%(}Y`zgt*
zSueG25$5cDcf4seG&!#KGC6n$uaDiVFw;^Y$EYwRcw6mpW`(DXH@PHm*t&npjhKN}
z1G$w2Zq^YU?t_LH=@D)*Ecten1_#V>7IIx4RNk@-|M7T>z;nw7M0q91ykEnOvl>{h
zfq~z1f74(JJg7eWNGLbLG%?2OE5QZzK-D*2Z?Wm%PdWM&To%e$A`oQ_1FNiH&8Rni
zuBDK1@FO_Kq&teZ{-&&0hKd@j;tzsNpA3fAHc|G2ON;p}xD``xW5MD3>=dQiJEuV0
zwBBHftzM7lVr%0MroCK(_Hqg5;xI?B*m~%9$QE$tMuCXQDP);I9C;tXJr84#C)vL5
zp90BjDJnSygpjU;kQg9wHk5;NrE1Q@tR1wdazTg_M;;bPd2<s(XAOI){(GUm+1&)M
z?QtuN=LUkB>I)C^{nQt%Q*E}v64TRQdsD@uJEI>Kh}I6pc;tEzzop-Y6u;}5gb=@D
zf5ZD-ujt~p&(pg2?Kn;szXJ^M`z)JSt4~p?2F95aE45r_{Sspern8c{rx>3fl$4a^
z8$mK%-B@2T4Qc|C>C49iqNYEjOQwNFf8R(&o8xDpuFY}xLwsCGW0X$+&aslr1hF!e
zkxUi{(H1fbz4tg%tVSQwkxw%A-ZB{SPeH0thWww!fc(G^$QNVe@Jo{fqUMj&kr$1Y
z8xBI`H`PP_`EeZiXBr{$+F~p6CWt1381gSL<TK5ao9a_zO<8s2sNRQ9g7!A+3k*?S
z3F5c)P4f(2yakfSP%_(tb|M39)P!`M9|VIRo(bJZ(3-jS*$rs7zz}bpjJ}nJG+Kk}
z8}bN47(=}mnc24By7kbEDcS2UHfb$Xoe>*tfU$gLL;bP5voYp>o+uFY*K~a>A2E=P
z92`nTev!_{aX|wd$Am@JaWtzp8mz0xchd#(H!OfT*L9@Ft_P$ytgnysnnr;1bB_u{
zZEYYu*=RK@B+}Q$aHP*iA=1xeTah-aFEo%oJth>=x;ihpW^4eaKv}<zAcz(Qi0A=?
zXzeZ=yocZ08{ZfG7sushjbY_tg`q*C&F@isSWT(+di5>NR{hr#RXq%J#xd49egZat
z%wt*e4U_ABHXBAs@|t|(W5D=0gngWD9umRtA2E=>Rn-Bh8nW`Ckh92Hto;C&Lo6*l
zY)r~YA?s)Zswq`Rjn-%CXRPJXtg&ZD@r0Y;$Y=KDduyT+{mD`$`<<d(qDFiQ(kgE|
zbHbuW3HlB>*W8l-BRK7DS~R;Kv@8ny3&E_Z5M@7}P)MBief`56*GbUv9z3rICvcME
z7A<8O_%nQ%2M_Py!vuKvKe$7Eg0Z7K3bZ6%OzUF97`@#3aO5d)c%j%=p6Xa$Y#w%i
z<3sXkNxrDAy@p*~MT~PSJB$=xD24PrL@-{&T)4HwOoJlOoQc0ss!jTZQbfpEE+(gJ
zeF+X<SW)qLDW&S_Q3BDPrl!pOe59#9!yr<=WvlasVH<ssLP#K<e^lRnK%d{#C~+u-
zkiWGgF|hKMtrVu<dXihN(LO#3x4JQ&^|=Qu3nRuFcJMh2V?W%vO}liMSFUvKQ2+CQ
zsbt$3dmQG$hNn^p(fS^xRNXm(yRDrgiFpPiaJ!{kxS^%lqxzm+qj4mnuFW-!`@4*J
z_cP=E^edFADVB~zY@$><afnj&Hp^QVdwYjr^Ov!zZCO>pQfMM8#FVXiW`sbr2MpKa
zJS!f!%=@A}cY;#2#uIvb03fYC3zlbGVMtT$%ZOXAa^-IVi>*9Qx7ZdvR&QtGagRW>
z(acLuW9YOwWf81K__d}Z%#OXKQW|PqUi<kVrRv=tewZ)yG_<|gXuHir0#SRi*1Dah
zRBfmiY>p9N#u^1Lj1!0&#tK$n(1~_+Ae+rs_(r?7m9coKBv=-e&4p%w+86fnQq(U(
z5-rbuYoh&oBc<9SVT3?mv<NK}L5RmB$T^MDPz%YLr&>q<)BcvNxIjaE`FVeyDX=I2
z2afCcFM<7(Y8Cq_RSymqEGv=b>Ll(sAAqjbtPa`L55jNV)!Jf8wP%@?D@p><wx15w
z)s~WFG4Twgq1O5I6}jG(l&XD(^9grXcqnbHmmS2)h8rE5VF2uqrf2hmjkT06p*way
zEQF8pEbGxq8zJiR!_7?j{Nsb{<66e*{$ZT?-oyNAa6b#<Kc@>seQ}sTv=<qEkLv|{
z;nko*qu?-BFoP9rRuzhD6~ioI<Q%1;7K^kVm7%JBV5$1GQ8jq|Mf-@M_mi8W_w6~1
zk7uCw*%*PS>)is;-hxl)e5MSm?|k}lFY0Xim|?6l7gD>hk5YBATd+8ErjrNF{=N@J
zXvt?GN9ZXb#0bS~08EGG=$M|KpnH+~M1g1v_8A+#x7ZD~>;>2Lcc-K=8|DC|>Rfld
z;eTyCrCRdEP!xB%O^P2f$nl0@t1<UbTXZE<)k@K<`q(ACYD2?dW6qgY9kS|LOVx9i
z^{SDE-NyU@Eh=Qy981;dSM;h`Mpb5&YfCU^{mn%>sb70gAnGSW1)^=jc#21iPYc+m
zSJ<b0)%Eu^OPPExX7*x7u^wHI{6MMp_+F;}*Z^)|TvN>;<&;yZo@2inG1YLK{fe!i
zRNc>hxvx>Gma$)%*C|!EvR~<#oNkzb*6~pSQLBasM5{eTsruf~daY;w$lS&nO4Ypj
zA3yk!r?&me{BmyjiYVU@l?@jlF5plMdi*0C<XOw!<yPB7IitvXk0hT|GoItt>3<?|
zVJ4SQM;>LiA*`&6$#F-s1>*2^k0wMD;66^vvTVlWC)G|IxB|cvZ~sCF8BTmjq!CWs
zhgt5*M8!U34XoKTF3{tNECwiXqt|c`t$7r#Sz*jA4A9aT4itII;EqNMz{Y+D0^0ns
z4k#6_g2%Ph0d0-4#&~Hf7$77iyU3B(Nzgm%EQa&k+6lfeabbvHlA(MdBSQjYg!2?B
zFH|#97TaX_Ax^1QXS?)}<QQmPR8rn$!d~90K0G8i>HNv4pykn}Lm(Vrk*E|w)DQ@o
zSgLMzA$h|ZnAz?fzIPdNN_MICe;mtULj;2+zB3TED6!%eL-Bf4a30XSH={UgWnh$;
zY+t{C-wEEmfc17(158%|t_)lZb`eO6S}EohQ&I7hin5I-;AhxER8(ISAs&Br>@a_O
zxVy^}JZuYeb#xp^+__t9dJJkwuB0PlB>AG4yE%%Xw*X9sKlq(s=K{PF?Cs+2w<Y@?
zw-PDZ_DV`0hzjqcncu+a#V=I1OCW)dS(#?T{o$v~65fiyGEuGu;xKA|k5|z>`Q9e5
zL9|(I;)1XVF6VJ4)sFIYjB9B^5Qq3GFcgfuIy6zsk-zzcjS666xM4kOKBwkO^BFZi
z23kkrJ=jP_MERO1XP5G5y^NxAq}Q&_OB48b7sraSD+jRCXS|r3T|gW@2k^e9R8&%9
zM5SfKe1VAlMnyS%t!#w2`)zgj&qTrX>8p5s+LIG>cY3RyQ~m5bhFKLM#I2;qh`HAV
zhp&+UHyvZ$eowq4pB9w{qC)g!h4L?$7GI#=SdV<lE#DO7Kh>>+nM63{k#9;oekERt
zPVo4SXZFMx7F{Lzl)7@TKmzSd0k%w4217;`?|zJz#S^_r@;N#Z?pvI;881b-f{u)F
z%LgR+ys!9sxZ&#y)KaRQ#aQlzj1y^kfv98`>I-|#DW%%KBRN&}!05PghWW!UXfRol
z?c1`Li(Nnv1O^L)2-$-mO!HDEgXO8kj=Xz<r|tGZj8CR6)lbGBMxLNM^=lBVqj>hj
zj8$|eyorWYr_HQXIwW)SEr=pS{be9uqnKLky$>So=MpMH?w>-2qg<jsJ_ysYYwy-l
zs*ja-3S55ki&5I>T1*WkD)#MjLE)&w2ZH>_d!zv&YSKVJwipBEvU1i|hSgFU$X|OT
zoQcA%!^|9FrGX?d_j(v3jN|3rC~*I8uCCDTc~Brf2r$Q0ZGb?W+twZf5DCLk$jTW7
zX>xWEBOi|w3lr}bbww(~iPf7~<t!JK^umBt;wr%S+ePUNgnU|*Gm0&x7*OZ7K$j9%
z!3iw)=q<~EhzrhoyPGkHTmD0BnaUXUG(@&7cgw%I<v%l<i1H!0v1L~)2LiQMS>vJ{
z9f+xeIs!W@8AXzODh-lu!(q0~0|la;6bMl=ir8yyzd(qE9HMUrLn^DcsMsHP9x0f6
z-6s0&wNJp#(k5okI?_r-e`4e)=Gm&R-Oos>eOJpPQRb)qxHp`TwRa37M0-ZyqBTGD
z$9?Q=B6~a5^7bHm`z(74iBRquz|HFg)h4_ORwj#;X^*i^uY71;jMy<i-&&fs%Gg@^
z40KxD=d1Z?*@u}S)$o1}`!+l<eE+JDw-oM-w4SZ*Y~Ud(_HeJxR3DELFcIB#XR-Qf
z3gjZ=X>ZEmL~qJSIDDV7@7<7%EVNr2Szl#o1n*z5Mh00M>762w)E^HqQsgmGT!gTZ
zDK-l!O77Q5G5%eH6orr?FYZ5|b5gv{yb{`<lj0#fBz$*hEFX!mV)+<4WOR;>-}@si
z_`T9!AX;PW`!gRv-w(bM66$N=R;Y~->L&(N$qF^8KkM~T*6U-#h)HF}rGa>zLCV>8
z3BFfi_--sE`cqnu!2His1tM3Z$w$=-t7|Dl0HI9MX#X;JacwzFgAoXZhfyswWQ?}^
z2Bqr1`Uj<0o>oO^>W_z6^Zyz~NMH$qDsdH!8pbAmK{?#~($fX%DGy;Svr>z^NzDY@
zfmWu)QOniJQJ~rlNj{%S_lUmY%zm(iT%Ng0mjb`27y1h%utmL=Y@V^{RL!trvwH1C
z#wr?$-DPT2GM*;xC@Rq-XB!L4t6#;{R#<}h<~}qmAQN+tLE`YutD;n!1_PE|s^%wi
zTe4i>w&cJlNhv(6Cy2cu=w=(?2h}VFnZuV^$$&vpyCNpd*B=Sa$XF=J*~>h>vzfCI
z9nUg0VDjZOCA&xyVfUp*ZIK*owEiGiOhwDlIZpwcoBIYf`pz>`(Ot3?&(38RajVAR
z>jB}ysxY0mRY)tIWlZ$T-U4knbDcKyLq*4k*@Gz#QHiFr41!Mh7ZUUxCeo(xvJ87&
z%oia|UHM)I_(9pFYIo?#A!jjfFh5oP!{e*WZ0qKMziS|4>1LJQ2bcVLAgvalHJUIe
za*2BEJ^^EKni`?(zWT}Je!Nd0X(5uq72PwOkoCu4a~LAR1zgU`Km$n*;3B-PkHMN=
zs(SAei26+u7bSCTu<0c#_Lj5wT(-ZOhB@yZGqlF`VfxxbMiNsTC9Z;Fs3V6AH#Pby
zBtm+jcA%P@3`V>#3iPxWKC26i^kJrgkE#Roey-ygEJ+S9OGuNMGT4@6y7L1rQK~Iu
z<NCGb?QHgTGDOoa%E#G!_*S!-HK8R{Q@Zvr2$4638Tk~M1kqMh0hn(Yn;+KMywu9<
zTC*BTQ#VuvSLEhR)6@;uf<LeZL2qmKqx^hfCfZXs?m>HM4IxBT?-7VLy_U6Immtn<
zni}+><#1dZH5gyZs^z&St(npCS!Jsp%4c+2aIZ<Xix()>wp9n$#af0O*Cw-CE=#TO
zi<D~bT(e>{1TfOnn&4<TA>!4l%r%gIcguge<*TBcU8b)rbbbs>Sy;`P&IAy1wL7<k
zo33BZ5Qx<8SY|VR+4-L{1d`d*EguN<MzV`aMp+=0Ia}TC<&th_$2!qQX0tC!Mwy<Z
z`>SV|tJ1tJb57E_#3Pusstt1xy^n*l^l%$k;lL~AqJLdAIK<vkb;>am93$JZ_X}c0
z{~Gp94V2i3yjc|!`CNOpEkqK{`=%{qXyoDqx~MCZvzDBN#g<eUIp7;p@PY>=5~2-H
zgoTlqm3rW5uB^|aY;R+YTvE{nIwC1E%G}C26<1nj!Zj{$vHD#i>z*jDoJA>hEDeX~
zABlgw9RwI0mGh3gQT$p^iL)F)k7;YTq-URIM0^-uVDOMPVa%S5!Nby7pi2k_c;<3W
zO%w=ZQ1LGi)ZvM`TF8g$9RL>AgZ7z#%?uaiRLD6c@0H|*8)GpIRp!QcF=!j#E&uMw
z>)96bf88$-)srZY)D01KJUo)zmS9+EWB<NiB45<$)mG2_)xc&1=WJ@zbJ4d!SEU15
zOCPV$*M<_{eO!|dIGEeoTGxi&WncRNjYTE9*pc@!f{8>hlMFD+As|Lvm7WT&b9*b8
zv-Ub*uEI$<`(e06n9{}ovkc>_l<8pF$63LA9aRU++Nhw!L#37^Db!i4op$1d>VAC%
z{cynfS`4z-t*?ND@tvy0<5MmAf~c=~4^Vn>IY%k)5T*~^oo}8n`{i!k_MN!guzj~c
zFzvXXcvdzab5hi>y983=S_KCK+4yaNtMVy*mWNzX-_ze}tj@=P+c&4{y60UNH&&TO
zQ=9_Pvijo!%|i?!3t@Z@<Eq!Jw}L~0Ln_dqK!$xVTHdKQF_Tu^!h<Z)Z$vqx$dTuQ
z3igxW&!kLz70D#Y-U3OUy3FBAY7bWV@2hy&`Yv&LShmDR0GsUMx{d6FMqJM0mI=pv
ze^-GcZzF`~gQd8^)7eZ-iX+6M%!&o8&%=N#55-_w#4wvX7ndSR)FF3463GILQJU&s
z*d<JT-^nHG&Grz*&Eu;SmF$Ada7lhXHcdV($qTo}ii#f)kfp8h%+F&u=Mr0L?ytfy
zIqhVuSm)HuZib*-Df&~YnT7I>lTFt~c1#n`2oen;E3ykba+PJ;E^!LPEgu9BX*`Oe
zs4xP*5{2a<#cSScQB3Hb0~@RY3=j3AKD--epy^^G7@Z_<R!2B7Q%kbF{}Tdn<lSc{
zL`t^b3lF{Up)EYbLtNt$R%vJ-sDvjdrbFl^COlf$LGZ8GEGmgx^FuSp?x65UdyzTz
zfiIRa=>L#8mS*HTd?(;j^j1h)x6P4vF;34&=P4AG#QWa}%^SWr<c+gIyy3{38)t+g
z>M@P+MavG1FBZiD)1^S<s7GUf@qjNPXzDsM<yCj+a7C&=J4}7~PF;L21<1P?gZY^2
zP$(+tOBr{}k4=+RQI<AYxMLIJj*)NZ-0>UZj?;BAIYKi3ALBrn?@tnlnsX=Pj%Y5-
z83|z6jF=VA+{xu$yAE80<BI&75xQ)DA9MRlaxF4Les9hUtK%?}gkdeD-6;?$IWci6
z8|<+V&N;CUJh<_pIXv_aLm4@^w;tPhUKhQwdoX4e20f9K6zy>^K#HV(Hyn9gBaFae
z8y{zoYGIZCkQU2VjW_qMBa|9J%H72B*Xj$U>(-D0c{Ld1{K3~k^ISy7x<aV|1Ua+6
z@HX(>&#%-KN;f+|w7DnWhCsfKyr~_Lyi6)>c`Y>O*`XC@c?h9&rGp`qzL>(8Z(c`u
zf#$>49YI3HpwSQkLTN4c!3t4274%|`iMPPNAWUuCi;v)dj{NQiWQ`XUPeEq5TOJxK
z@Ab&fl*Ee43WfwvFlwJV1z9im7XfmJLM%LsT)M9#u-%k<1fn+Rg*ikQc0|!)Ng{f^
zC(Hz>@>xey4&hxB(n~O8k)+Hh_S)66Juz>sE{$6E<miv@SYH|y_td4)7n2!_R0HSP
zKY@n;KD-PM6=8-n`o4!n8m%y-(GE=T4a~SjRO}NbBQrvn#7$uaGxnXV$L%}NgQIr7
zd!4z_9XfHD*LdnN7()nKwpWxhawPwpc<uQxjH6?}@fZ&V#O#MNkSM-HJ=sGb+M(-|
zvLcCl^&%0};rp2<m)y*Xth<TU#kW1`Oa>R8i~If6`jg?d1nXqD0}?bOx?T-E8SY7_
zI~n>x1^aT4s444|x|1O-0W|c&H@JrWA;HklMX!dQ3+V~BoC^#Zp9}9#VszY{z}SB}
zCNGZagmb}2UTjPToCxpUVNQgwJNR(Dm7r%ZF2D@Na)l%>yr9njQ66(4UQ}96nZ#y*
zz-9m@3LLYy-YobR#^TAiTOa^Gb%Tcs-`xp(E-2ZBmich{c5^<o=~Q<<T)4g7d^mV}
z@O+58o%iB{g!=QL@OFJZyfcw;{X-Ej1>S&%;rOr+9`27Y=EEo5E%RYXSA9O*6%jli
zq=}aK(8(0eT_y^|3vt|k?aona)eW<#$eX!86MMT6hAZPyHi+vx69Ti~5YK*4+1>29
z!}nAbrRuTnJfRh{r}uQ%lczp<4cUJS`#kCzoL+6K&!sOPwalg7H*qe#$x0@`L}4Cd
zrKlv1`)5c8adbOmc1RSOHx}aU*+(;&d5;M2FajPt_~3+xfr3HGM{l!`QtCvAYw0PZ
zW?zBSiHl`=%94C3O}?fc+k^h{CGhWDWs-lE?lZIgep3W)bJK3zZ9dH1W)(ftjAbEv
z6y46cRT=}qu)RyUZ<?CHw@V+&V1sfX!Ma@vo1~?%X_{@>EA`yQcb%&c%>uq@S|};m
zr6c@(YY4%mukt`s++WNsvAJ`%M&UlRt5mWb7M1h@Q5hB^Dv9eSFu655$~#}|SL*Ql
zabd1dRET7|pl_en355T1H-WgP+*D_G<^1+fIOMRAi?0|+%5Y9p(u>{lZ**iV#5{>K
z&Tl_Wk)?9G2}FC8P56GL*{xZt!~EgZmNvaF2lAN>ZA{3i%S0t(sn@QG-2@_;Lo;s=
zH<~KdCf~s*J>3QO7v&j+4qrq&9H}1d>UoncC)El%bLPD?o(EJzp7H%!gZ#U{t3b33
zH7Mwx&^sNMfa=^J%hz26BOl2lY&?&((Zf$Of+i-v5?c6rT3FS=$QH)T9yVUrbeFpD
zMic6;8QtI28lg7l5%!dw<M1W5(6wDbnlgorbbo*7=09y=99CHkZF>qt|HJX3lK8_v
zc-CIIMBS4`n4{YfrR&nKTM&}E0mCm|#R!PY|AFw;&$4*L#SZN2pZIl={?(6w5;&lV
z2@DWMUHlx2j@OG$=71haU|(OsuP*&-8UpIf0i^<<aHe^l5S7Gkda*bTq*nqVUXQ3G
zw$Q(XA%LzNz_hLm07O;nCMt<nWnS#ST>Re05=*ha4`b$S`-dw(b?HXe(yJD6A}Z;H
zqP))~A5I;Yny!9cMvPF3OPix;5&c=la@>S(fMdT;(09a_Nnk)^Hb<^q++1JcHC8{g
ztMQy=2Rv+%x4&OQe!Zi!K(vk5FwLFJygOA6Eu7k$;udX-7>HwNKl~6Atp7p-t{fhG
z_^=)xvP^3(kYEwHJ3ClJ?lWQkRpbub$!Lpd<O|yAVmHeayHrj2+D204t?C=`T<)%D
z$1@SU4HXiP|087Iih>01+IGf*;IHGj&^<PeP146Y1PR?r5W6{$8a8{CE_NHa<tlY&
z0-Id5%$#xihs5d$rNLY>258zcF*iGhIDB{D!L0(fG9*S+qQ{OCh`Zm2D35%`;kye~
z-L^XX+gao0k(H%zWQFN}n+PXX!0bwf`*+?#hc5<BhK%H=R$hfuD+6QQelcEBk|f2+
zlRsOQNjfIrhD{`F*kpDVmF!Z{M>FpO!=SH9;{_7v6%;>Sl255>JTN~i>fK#uy&TtT
zT`{msSqmpD<fEbz{rOmdaA7|hvf}e1m6Ci^lCRN`v66gIlD(xKxrU87>rh!OrP>fY
zpH=`?)@7QWBgz%XlR&IWR%SsQr`Wr3eCNm?egOjaiOKfs>5L~|Ck9Ur@5n5{iF{Em
z@1^)ULbE}<8Qsx1!y?J2^pNn`@q~EfGoqZGFUl(?QA+t~mZ#!*I>+pMx?&PvtMKiL
zCq%s#hiNQ(vyW&+<uc6Y!RZx!%nlLmNczPnZ741PHc!Xh7JnS>wsh)Fh&n$`02B;h
z_b^~RYtbRG4^0nNRm-`lb!SI`XfNHQG<8Foor$-ygi(xO89BxVkR=s*zQMmP*eWb=
zZqxE%zoe}5C?*XVj9?zm$7J<69$7_jOhL=P@XCY2nXJ1W=6HD(aI}5g7=3Z`W^cg+
z#dp})SbfkQ<cCK-Q{pNMA5Hkcas0MnuHhn0wIl`4cWz^RRN^X28qEgkX6lAXc0vLj
z>laAX3p{3rr4Cr#P`m|NKBT_3G${IZ!1~<Mr!bM;%F)&nE0PQL9%H&2dynbX{y2->
z%>3A_?rz5uDc?Y-9{G&c37gt69MsL#@Ot7Lw^j7S)kOex7R3Z3<=T;0s6JSN>NVkn
zXusfbjXPe1yMoG#_3sLP1cD{S)lDF3pgpWn-@xd>zCee%_fz+@=c`hiI^fEV+r_U4
zy2?6Yv#hdr9Q*cLdw~QzYHeEvwCo}LOv4EYB&i$QnR{@ZPEuC?T`Ul8H#3}<23nW6
z%AUdx#QwL*p>1ysl=uv5+U<mBFml}NgdDJrytEEzm&qmS3u#bc304sPho+uvO^AA_
zEgXZuJtg1gCtw${#8vhU!i!)C9D%FDH3lbWKf`^(smpLrr^HpZQ-Xco9eP{G`OYh!
zf*x5l2&0X%1w(U|Yx4nKrE`Zmysb&y%e<8mS6PKb_y$s-o8?uYjpacd-$qaS5XXtI
z)ZCvfcJ6SNTk&ufYde9(5;rWyeV_#)_cJ1cB1e7-F-q(`N9t4lkDiwOjJ2`AFlUf<
zk&Jd9h1HWT#=Sh(QV8-{gpod7#U5W}<~`tRcgHO4X>#@|NRoa)lz&n01={SB<YOMW
zI!$4puIME9Fl_^EWcC5gc!$L5Z58G80tUs+Jmp{1D{VN48>~KaktF$o=qq;1dswN=
zI5;)XT4Z&h!e*m_BwqqS?W37(L9w>rMOM`*vb27YY-<tbuZX^F%og*=Co-Fhxi(N)
zf2d>Iz_GAEgv&|Y@*ZX~X(cUSjP71!?p!r(qwidOG|$+%y6+{}xk`SC?_8xFr&M*f
z2C2|X-?<tIX;4z0pBHkZCwH=rbmVau=|Lm(kv?$;&-z`AgZ+CefoS2K0KMgquOuZd
zG~jS+f(+jm$1uOOM+f|J9l+jJz(xKCh>pCrB?_k5O%$)!{wMLO<uwOM8kKDxeEYq%
zPQuAq1_@h3wz;_27dZ*VW0a~9fXu34ItfQ7;Q6<#kSEoqCIp>S!=6&fIRAFL0GV^}
z{98+bXpy*%_sl{(|28)y)cw{ib>A8cgZzmBRkA`&Y6-;49z}Gtwe^h&Q5&{01xwj6
z5ZjGCP^O_(Y=@+#*1s7cYH3UT0w}l<zO@J?7NIm^Eqw-usp4iXFq1St-bzo>T>ZR3
z=^1&Dq<Ll@Ptv@KQTpu`-1xr-vR0&&Js%<!vLkOSj|sgIrfrGC_XJY;jo~^y`ghke
zBKK&)lqX*b$k#=p&N|2SUKc~`H6^16H~mUnWo<o#Xy4qRRNc`+AX?XBOcH13m$=H>
zdkEhf3<jrlf;$v(vmr}LO7qajcZ;=TCGxGtkvud^$9&0cI_A$cN6a}c*rIlKV>oK4
zU4&b`-lYsD1Lpw@=YEa(na1PVuSY3$%T>-DYGrdhA_VScj=_=hcnlNF)K$TB*@3nc
zqo5>T<5;|X{qI({0FdO1+LY_eX65KU=mEAfP1bGN$j0!60ajmW#+6xv*8gKO9LvgU
zl&US7o0pcmW3Qh>evQ5r*K3jk2J(|ElZoGLj@yfh{q9VIiHlxfFQdPI0XIW^mvK-E
zJn~7ktSRT^jd2+NIWr_X9E&q~*&|<JMytd3C33|!QRj+hx`K*D#(1cyKrA%7m7$N^
z9F3%&!#Lx^YD(4cW&+XX9A(46zj-~DWAT3lO;kLE+C;dM7Uu^!mC}1o$X?BEY4*zD
zJB*>luMgF`v$Bh&J93P^nac63*Eg+-V3w2SM~z9C4^sk%u-M8F2BIr5cc067Rx3XO
z3y63HJ`iJy!AVv+{5wS3^=QDrO@NbmP(Cn<S*mrX!M0%4RLuN_z0Msj=W*~DSbN&T
zCJ^;Q2j}#WE$YsQ&{$~uDk)X_S$a|!0C0DX0M>404>}fWJy26A$=OBPjK+HGz+dNq
zcabu`zIPG8*ny|o2t@VAfD&xWw_UolsOw#1#c=Q91`ih)NHV;O>4+7pjGp<kF+ynk
zJn~7cI*brCgOkKJ8awtff{43S$8cpKyGUCPr-RGh8$pQnG*ep1O+XzEMO)%_M*Gpt
zV89>7S9bst(Lm2S9>$#JhKJEH2`W5?6?)e9Ftp_kLezpLmKYF60FMu`%AL2uTYG~|
z%4eGdE7q#RP`MB*_hC4H07+TndS#k2sS%@*68%1$YIVnoa`aGUgvoYM&nmaM8Jx1#
z{ya>n+OUa0w963CVFu3dV&>&Mz$Q{3i!ZJV0-R6UIPksVzJZyZlJacG34gYkC4aMT
z#$lN74bt=p|9QNw)!u4sXtl45mbDDM`9iIbBZyy0TxEYg0FgYnJ#sc!QswJXAEx}Z
z%iO^zbe3yR01|wcT)o=ZR0D?&8)D={aPLE#1{M{ly?;5V?teEZSUuj$X_uL_;oUm@
z0Aobhmdnmp-*3c6?1!d*2dDvs;lNtZ8eXPU?GBwRMmOy^u+ZF*z(V)2_Fp1|s689O
zbSS|0_cMQTc8RO(2YepDo+sCt2&qktiO?z$7dfzWsvYk=)M4qPHbT_58=032E+8&v
zvDV;_wfOA|#gzm0X4NGey;QmfLdh8?hDu`aN(WrU2((VkEwS-(`jT)#3|=j;9B8MF
z1md1T)sGu;G8fj}$~q^>M@9J;zOwmMB+qfRib<=DjRX>SO_H;7BqinTOpup$Z+&_B
zSPaO^?^*~%%>Xj5YQg2@n=y6erPzqe%jaTHUaq}cmzPir1?7-N!Yu{4PAiv_O7gK1
zS6L$_^WKPn5ptvTKQt7rO)5`|sJE`tDaIJ=+wTTYk0B^`NKjf_v~HW0xXQ*bGh-8C
zu)3~>4)XsE-qvhqC{<@RFeT@n3gDLI*sSyy+@einTz^-CVBuMU^;cni&tKJ_hO+I#
zOjD?S+W>^B=P5&|Hp>E`+FVbJ*U^EzlS^!FxkP)pf>QO1D1m4nR2Z`1Ls(b!*#FLC
z)<&EMlj<qJBBlJvkP>!)!|FG*#{3Z<-){uEXs1iqevyWReLonBeC=5<A<k-JDp1Ix
z_u#?7D;aeQLAy<tV_N<>Oa))AHLKv#RX=y3z8YytSU(QI?ot1<d%<wgQqKL|>Ks5|
zp3#f_qj<cQ|7y}|%g-{I8NrA3O7!1t&1j1uXeghhXCVZrq@>K71tQ|;tokD2Q;aUS
zJVqeueUTs{?&TulP;^}p(KV8bh;O4&MC9LTh=_X)5z#qPxFv&2@>C`sL?vTciK}eb
zNJ6xE0wF53>xu%W%ms9eo_G+Z%s6fkjZ$eiD2sf2Kb|RvCreyqpW^cb_WW=i`7t!w
zkRMuapwcER{ixMy(zZqrqGs7m9pOS9u?q`Nw3`?ALM-uUU)un*3$4P~TUv#3HuPWK
z%Shmsw`%jT;>S!>N>RG<FL9NfVfr`{LMGgYZ|03;^FdTHazf3CkX)tB4Nxk|H`Ky#
z*i$b6l4LaIM>y(ScAJkuE=46wEOC_@m)+z@htF0)saACmVjbTx6WHn1naEC(vML84
z9Czd`zyOD?CIV3dFjlL^aCTbP*kq?vy2~wZRd<K;3}vr2#>1jwFP@<ctKp&Ao#Db?
zk)AOO=coG~BqY$Y#8sxEL*48zybe@SqCcfaOW0yL*FzwRw@gW2rT#0k7QAMN6d}8E
z+;WAad^C$vyl}EzAO!9l^Ia~>?vF7=*&qcv@%^meucDHk<Cgb|@=m-0Re;-F+9Hh^
zV|*eX7)3}RI(5T1e0=i3TS>x@qYgqmTf>q6R^amF=|+4LvCgf+95^@aZ)A==UMe*A
zp&h=(M<~^vMGxXOw3-tCN{?;Rpy*b{)z4!eTH{1|koEP>oACKp_L+Avz<v+M-xt|$
zX8Eb@Y<StTv#3N*Niyyx7C($frj|A$L@gl#?syxCWZn}XZ+<nuf${z~1n-#373#EC
z;nc%sVw`$#_~r|E;^B26=$uX=2r6U&lqrczr`JDKX&1~5e@V_RcH~6~aG{Cs`yano
zAP(OKxZg4{7R2XQut)zy3?3m5@1kG-(QE>SF{n^0x)`T?9C<x#4B%mpk8(bA<lSw<
z^Lm->-MNv}dUq<b3*L<K_6#IRa*4X!CXl*iyayzis`G6yu{^%YOvpLU=x0|Sx4{ai
zHQ)azc*U5tH0TOuKO1b<=ZHSWa>a&qn_%OI`YaZ2G>l}>d9Le3zkq5MJ4xUuHEYHQ
z|F8qzRWgk95#9h*@jBcKTU0`b<qjx={SK=WL^9uRwQPbh3kwX0oRCvTlD$llybJrc
zXC!4tp{S%6XnjuNWV*Kp8<xFpxx@;2PA#Q@57qmqjac}=S6#!neAP5m9VM=^{~L`b
z4h(a5KHSV)HN_~AG1>^@VyG63ZWN@`UW_nwTFdS*t)}v&vk>(~+!1XvI>fG*8x&EI
zM?Rz7fX$VR(m)H?Q&KWYb&kQCYA`%Qsg0;F*4PMY>QaaAmq>oC!G5f-eq;8r1|U-Z
z+0EFseiv2-R$$ZWZ8bI~HA`G&x7SB1(BHf!ySLUxM8z)akP~}5%xkhoZUPiZUc)Lg
zVa&)YUqg$C?}EFWXJOwx9<_N4Q>rJ3sfpAXtTWuu&q4v$&fI(cJDWL@d`v50!fNJC
z8;XQ>k^jqP5c*22QEdj?9WC=B0yZWp$KhJ#%)50GL`4cjZFkc~w9k)Hs{VA-#D7&O
zrLYiR;wo$PKq!MHi2Lq5PO0j%)c=^(zrx-=Yk9kuz3p(4QuX1RHY5If-p`b3J5B*|
z+wanmdpbfO>Y^Jqq8(6~Eel|9(e>$HDb-%Y@Q$mD3iq)Jo*TA0CbG67U<q5c?S_fX
zU1y+skDDuab!ZHdm-q1Ya6;5Suk&GP7D;Zo$Y=3gxiP_7&<^0D=;OHV)q@SlWab{`
za+tn-7<=No2_b!?YZ2B}s8bjTJ=dvszFQOBM{0T9_CM|laVzmF#?bE^p;Z0xy3L5O
zo&6i7S|bPmYVT___j|ZN)FanyMC*b6%ulGv2eNM6Ku=2j<Qk_|%`S-Dd$y0Eb%#BO
zTKBy$Lex<V&c0oiQR;l%9Hk%6Lj#dGN-gZ6W|A>VMK>u`oqD_Fe_^!MTVY@gX!qg@
z>lpN}#X5G0cK10-)g9G*z+MLrJ0)U#$N~G#US}t7z#l-wKkn3tIJ>bvW{*|>uVcoI
zJLUyzrw>u8MqM)})b8IY)xN&~&E*))wG9)9+N;_|w2K!lwEnKzr1hLj(ETAenD>UH
zHS@c)b~ZxPZB?AkC&J0!bki7QZO0X8Wer+!8H{C~goal=ZfLLRqY2TnQHEU}$vl_A
z_W!aI!K`6tv4(N*1|xm0jzkrmo)f$qR##UCS<%|K3JZN+ud*4w{|A==p?eVXF`;=;
z&d@u|1<=vUl&Wu6a$@ZaBY)EeVa;eCVUznGtaGgFR=Y8xl3s+pflV3hw}Z@7naF*C
z2l)cRUyy>?sQ_Rzt1cac=9`YviTaldUd$E(3f_c>u=X20@m!$yDkkf`#2oa=S8YUV
zQH>||P~%GSHLi3a8byh#tlH>rs0P6+c@iT?zS~o0@P0%fs>GoGjNumkV$<K4_Gg%~
z9C(RRb?a4gBD}YeQmxZwN^d1T>Ok=`*?IjUrD~1^%KHq;YX{*J^R43$m{79WZ2pEp
zxz7US0|w>Q3ZwUbv6!##j9T{jVQs6loKp4V6<vdZIBK$)QtkaiJTArmzU2zz+=~JB
zU$GIbCGP7s?P0`!t+f$#{bd``c2@r{xLdRl;NF-uamN)?BL%ins!<&L_wO){MX=@`
zV9hnW{=YP55v0)E%Ken8YcB_p%D0VDEfubY+WQzS{#;`t>cLAkq7e)l+S2&+CHu6A
zeQI_Ss8@%Bk>8ocs=aZQ(sWTiF?u9Kz8M--38`CbnGMC<qNQ*R?OEo9bYdte3u2gu
z(_AbW9D{)c!IZv<-}>m^`dGdl#&1dbw<OEAE%0q{6hu$j5;Z=9t{TWwQ?9<mW~|r8
ze!q1IXRjBGcUEq*^+5GNGyce!(Qdg`R2IjJxg|EW-6byaUV(TdTinW`?(jjlr0c58
zMR0LK{S=F4&K2d&aNHci77mV;<SFrzyr8?Nq;!OwITh;0ODK<(FkDgyWB%OZta6k)
z_kQAy4K!g$tE?D%1}AU-B^#0C3(T_vzb<wC>kSAA3`|}B2Kyh8y8f*O%nLUB(N8Yf
zz;*2au4}9$(?FBd_5W^wdE>$7e39YoPkEVH8~*5PZ3L1gSN<@Xb?2?gkY6b9^0c7%
zETc!d<vnh>3PyS{3}r(}u1uwW`ii~X^$|2*wbTdBd?h%GVF<7rj*dBO3;_Pv(HyL#
zBp$nsdH-`_^r)M<OT6<UGKwV6=~MUHcla$ylIJAV{r1*H8*vtoPkod%Igo^iUt1|E
z_Uzjj|3j=;$GBq0?Jo9L=(ydrN>UcZh`t>TUrShPpb-w=a}YK(dzo8-dkFcW>{{hf
zX2whMjDl20%#iM^F8h(h05RYF`DXlzY&G>ZQKj?T3X6s1knBQrY%{*j0pEM--!cAe
zc9D8dGafA$zBkstpMhhdQ;Q{KMyaTH^5Mq6;#wvuSuxQ4rlRaxrsiK@<niRgCs~Y<
z<XN$joE0z14|T_d7bU9?ly4-;o7E>-ae1#KPwK;Oac3o&Ux({orzbg!wT%KN%1aXj
zhT={}7twFuEf6wnO5-BYwviqI8F0=9w*ZvH2gfl|kBwz-53`=gu2n{Kmu3KO3k@W$
z-5y1VHb@|3?GE-UiT&Eie)Wd?4JPT~HvCx~{N}MH_!kg7F85}_>E53JdPjY@>cUxI
zz)>u4`XQV`fD>=yD2{e3Lk7Yjd}T-ylgw^qNFSyY-O7;e;85M7kyhA<JC}xKHgV_D
z@XVg>Tx!o85_nux5+|pd4Hut-hKumxF2ROHC9#R6%-dL|n2C{R`S%VM<QL-iQuci?
z`|j}_cf2yKhEma=STjr@lHWdn8PfjrRd9{(n)-SRymS=_{D;FMDKiSRJ~foCEsi3j
z$W90e^j`Y|`yI}HcUt=m`^`jRpw-$h*l&UTZn(C9{l=JM(Q7(0#QKSHco)&17zWL@
z+*k!-=xmjZNdD+Ms%<2-C<0eE!p_)8V4#Q1LB*a0m6Ig7KdZbIYPHP6%7s{&!7wUs
z4cN%qeNnI$KMjjDX(<r7;s+O#bpOeyrA4s3uS919=mui4r_Af96HHBg>a2~d-4aDe
z;M-+=YbbrGhSHK6O1soj+P;?37PXW%uBB9$FO@HSN(hPZ_H<U#*ZV*$wc^Y;QHhRZ
zt;k}Gs5BL2v5zQ=Nn-A%Fi~!ru~}5?Nu3xHiK9FMaqghYlCY+CYv72fvlx6)v9Ifd
z@d<*}S-p5#xo2YCa*e1g?ykB6T%!db#NSr8k{zq|4H&jsUKLEM?0B`KUh*82+_Hg@
zQ{Ak;Jq~Y6+={CY?zIk$^~iJM-SWil9{Gtr5KI~0C%F|@68}9=R1)(aWc?cwRhjb{
zqmLu+Ww?)HjVG14P?FEnGByQ$#hHtx<gPmt1mehhgAjtLH<NWdnulXQm;jUHNwGX5
zyK-7zeu89w5H%pP5mSYk&E4{$KsM8<F9vL|8tgqQ$yCi^Px7I_WG1Q?oJI-YEB3x1
zD)t}a(G8fXp&{{oI3enI4Ho2*5^xYCrE9MQfq42&?c?nrDP807A;#NOQo1(Bha^Yd
zE?97zS}H2`u`qvA77y1WGaZAq@UBDB1-^qMph~x)jWOi3jjWB<*V;$xBj}1k>JEt&
z75k+J5F58VBwkePZ^avr-4TdQr%blMqXILc&5C#DM%pAftGlF3Ej3rWr<}Ic3pV(`
zX^{P5?v_~VLbGCj4K5m`d^t?-&wt>&vHis{eAnfwzyq=865gdbnvM1NN=H44dB{%1
zSvtk=^vH|4!^KziZjJXw2;(XKTxDo>&54(ku5Wh~h}N4zD#dLVVD2Y070CL^hJ^gU
zgqQl&!?n~|uJy!K)9QwV1R_gZW!D?RaYOih6H@seG#A`QXg0Fet_K+}O<hmGV<&j?
z(c?RtrpzcaOpkaCNa*mjwh^N7P+*-$n1>pUs9f9Fy>9cqz-VRwbxj_Ptl+y^L#f*4
zl#QgW=N#Z2Dk>?%-65B5HVL@awgscnLL_l}>khhg{{yT}?ROTdpPXd$pIW+paU(*s
z?W`Z`UT6f1A%UkvC2j%S0!TS7hHU01o3)v7*i2!Z-ppvDnL#IQ1e!qXS&M-uQrErQ
zh#*5-xa;C6My^U$#Jb6`{}kA&;pbrxCpeg`dQRT2UK+>7Pm-(Qp!(n%N;Rp5()CVg
zEDFN$rTl&lYITEJm(=x8M{89>Y3jOr7!FYc_gcMg2mU20aX!f$ox!YOC3^o*<H*UE
zkPFLR2>)DoYkNE1*)P));J*6Q($sZd0vV4pN_s^l&IvG6-W(c|lGTKV$S)Ifv&)FX
zcMviL+NZSFi5YQCC+5}THnM&-^v?mr?7F7CK(rQAZ}|sod98!+14M9nF^kb=CZkPT
zs2hPX3bX^Yl&Z=JUEVo-|GYt|b~k(b$#I+6$jJ71xpJ|nr0g0Jq8FLZ2KAsF_TasC
zdJod7^&Z@<_duJ-nrU*vMl2PNvi1q36nd&-b?rK(+C2<?sMw8F+<iQ#;wLvK4ZN)D
zUokmxWjldnjuJ71RTg_l6P4(D+oAQLh_RwSan~6zAk;I=K~Uc~W+Uq<CiyFeFVPno
z3*?8UOjf*@UQ3<D8JpD<uBN(+xrAm$i;Dg3cDg1O<r1~m3D683jF;<4V?qL-O|$B6
zLqCrclM^quW%}(g$RmBlEmJXfQ4De9&1El?30-2v+%Q|}y2koRmDl0@;yzr&tOGht
z?BmW|*d<1AEXn27;vuXbt56VzUh!qS)dkshl)Dg%?EFX__=Pi%+lWV=+a17#IhH)n
z!F4yly~V+O7zA#<4({F{a2*j`EPxAlEP0ZH>tld>g@a2E0@p(acOl#guIw0qiwAIa
z$C3#gT#^Cq1*A?4r_Q^_fI2ZyA;Pg_2Cp#CsPHeWki;v@#0p7nC9O+L>N=3Oxz*H>
z=M95jk&c(Af*4Qy)m_JySpbkMH-zw9q%X{f@30hL=$m?B#~7z1=DCGX)u!qBnNrs^
z(bfKwa5Xk@&~P42MxTL)@b*oZ9;wK>y5PtY!z_OPD@U2#v#?7{q+?0{FhV@a!Y(4{
zRUhR{h*KspRv-@FKfok>6u0Y{)!<QP^6h#IIK)Nty+>^r$GAe0udBC*8yCJa$9Uv(
z*afh_CNPWQaWKgmpyY28a4-m0kJzlL;N%gQMt`=(X@tuLK|9-9jxb)Z!1jK~td`YB
zK;?ShPTeqPES~4_EfWaQO3@%mY^}?rcAAZ-`w!U&POj7q;bRHW-V+FMQnk}zZd~}#
zDuLq&Th*rz+jNuC;d_DyqPp*hjcAX+rSAv^;!#02RSz7(m7(q?gxjqUCU6MVhiycA
z03b9S%R}R%k@IGK2&WENAUw$-e9ItA00?avg#9)`(9C+MK7@~~5T54{G8u#?0YYa6
zA)i5Dj-A@7K7=V&2)P`>T@1qW0HG&?FqT08OKVp}JqQU_2(vka3x{k(n+g!_We{4}
z*toda&jvOg%&%7c8NCwB^7c7XZDDwm|KXPU*nXheh+2ElMp8G79LsNPtM6BEp^|lz
zQZ@gejc9K$)9N1;fQmWMe6Irv<5|uBV>PE&*ogK%yv!JjvuR=AadeBS5AwcYnhn-B
zSB1?uwBq}KM<{E-`t};Yczi53IqsF@szAro4b8_A5@?dTq5W7`&)d*-ESGw%Sk3(v
zHWFy8b17pn(Vvoc5;W9^2xiyRrpc$(V<VV~(zf3Wk*{g&Xk4BB3|41TL}g-(=qu0c
zAm-i>n6-Mt=54D?j15F96JwR3?Zu6UJBST7i}GGrHWPj2Sx)v#yLP}v)HelGfqmf;
zZ;ARQ1Pz0s^#00*@pgvrCQ-2$G}i}&p0E*h#sM1<OExo)JMck0eK=;cTmDm&FT3Sh
z<oyRZWiwEg*hKlESnjICLzs=AV33)~qCaKVNgGk;AB5%K5x_1dojd4Gw_KvmI*5y+
zy)YEVeSq$;z(ALi1_tXz)oBM{=ui?J2((b&D@P=Hx||f>G7eUU9JCQr{3RV^;;-6R
zp%oSTPtEkMPh>dFF1HZ_LSEp<V1Hg;U*(IdQDSmRN;83E#)wK{-(~_)M;~Ba%1jrP
z!7+*$Q@JrJ(_OhS-Wwq)b7BKwuqFIZl;}^{$>=-}N;`c2B>J4ebE`mqUwP&%bm8=c
zSd>-A%MEI8<y4MkT1HZe@K__w93uKtX0rxjp#krM81%`xBbENi;74=#eSk7=GRkx~
zU?YKL>iGQ#yo<9uutcw=UfT~7FHoi?^Y01Ha$ua7n(EX`VD0tYZzIlf%>_#}_NR=G
z;p}7U{WcOP39_#&`w__TO^|=~@*MzC890eGH%?S?a=1Y^T$B%ip3Y1KXA)w++}2be
znI#;GcbKR|UyT6^Qi32NiOr6~EEJh4mw$E^t7G=rNMN}7^gig1_W@C{Z;sK??Rv~c
z)ak6my`mERbd1FoZ5hw3Ps|CXj@pMy4Z~s2LN|VPA`$MP_2;*!42|K7LCbjmmBq2@
zxPAKKPG&<(=lv;F#{g|X5Xkzb%pV>A@^M%#4g6`;k5^mYs{U@QzsV+$^#fV`fvo=I
z;QHOwKlk3E{#RIk39J7stDnm1cQWdW%FsU6{)o!ZB<r(veJe?lH@oFO-108BTq%~g
z%3zPE#8t}wV+aGkw@CD-mx+E)sVHX`s!RT~5$86zl>(ba8O0Cyd)5x~hu83k2L+OR
zEYRK25i?N8;f>&go&}6L;7=T-EQku^BBJ6&Gw(~n!+6P?Sp9x?Wv+EAW12*Xxf`QI
z-wy9tQ5g|c`2sf^Q^1@|^2lezepQ*{J@T30{V5pR<RLNMZt8P;S&LcW-gbez)u=zY
zHap7Lz|3!jfpvVvnf=|lTcQ9dB}wd8<^2|-&&fxm+b^>IxO4k=Ar4<xCXAZ~8M5r3
zr{7gcnOdCrq<iD3FlTw7lbXK=S^D`p>y2XW<|uc+Lzx5IN_YoR!4~^n%xn*t!WiNQ
zMfneP4Nxnq$oq$=c*;b@{&}=MEtI1+5@;zZ_BZ$|R=}S)6l}_)&SI7Bwvq3d){slZ
z+$~8KL(sV`5D*pnBm>q3up85hoyF?5-8K>^U1rKxUAQVQ6%ax`A%qO{_VN|aYfzc{
z89dx2D)yEJsIQn0Vn|7?aJLPdUGq);ZW}WdKSRP~J_aWd4~g<t=MJ^Q9viMr>Z@rj
z|Ae)T%w)GQ_yfIhqGJEBu@R!@i0&jeVW>CaA@!WQQPnU#ZOCj%uCicKw8ut5>eEUt
z2Sr7kCHl5ywh<L~6#Ef_z;%s9kBEvmoqd=m=FW>HnX|bY(5*3Z1D3)v?GT9AU$swk
zNTp)#HJjt5cXiL?TSACSSriNITL*X5A$KmN-j?c=T{hw_DWQ6(rXPqAUfISEt3n4(
z!6b;zZ^T97NG4qS9R<JKwhQ;~CKx?ezu1K&f0tPXa)~-&mqlymG5!4S-8Q1l1^HQB
zo7qXstrom}7>23J5HN4t4NA1xJPO5A?0=naNfb>|8-mt);5NaYhQ={4?@pZmlPIO?
zu$|zqz&$o42`v-o#2d^xU^2VDzBiTq$c9|m4{azAb=oda_9G2tAD)>OQrVw8Xd~*&
zP}=*nBv&~rQP2B!p&s@G>v>5@tm=!dqeZFTBl=TTGC+e7P^UUdJqdw%zgAz{fmCnj
zEDwC7m$Go-9Y}*;8t4o?m4VILVIzUxLfbnAdnVi0G=L?VWc#n|$J3IMH62`1-1Ax-
zOB{L2@P5X;DBli;??1qjLt_yS6AOCSxy`r3v3#Q>UlOZ!h#OB2a2AUVeioJCF`^@F
zqhz}v_A8w;R8)q?ic0&9fgXRWd}~peusPOhMVQ=JxgF^;0qkKW0Mx-d4DZJKJ1f&_
zr;P-*xRpqlE`z~hMsp)8%5B@KInlJ48-<$<w(Y<I4b@9!HeB9wmIr*s{toQx)H!m|
zL_c!j@ZHAGL43v#^JgCx{a#h{r(aMD%WRnL!M`9@4V%gI;@WB(A!>;i9S%{+J}fF;
zRaDY1sGqaa%Gya_?$gXxVo5IhZ8?K6a0ir_ZYeQ6xI_mmG0Re7R&a@%+o433r9@V6
ziTzk2$5J9ExI___SZXP;G`PfT+l|vAbQzoz$=wn=9#;|;m7%%3jo*`)4$t0$T2U>f
z%R-)i*q{@|JlrtLLJ0HiBbLsaZ__LtHsAKPbkckqYw6gnj#7m3_Y5>8C2?7VKqUF=
zNwB9Bd^#e#%osvR{(5?d664E^A(Z5=XN4%yugn-iN&Y%3M2XgA#t=&K*Eu0dT>Zls
zLP`F5X^0X#|1i#R{8c_;5nRX`QL%q&H;#1Z_MoIp!?PT?y>`>)@QsRMuNTBha(1c3
zY%Jja3;F+I{(qI#tb~O#|I}Efake~xr-CJckkk?%n^xFj;xI^$5@8el*`=c2TOj(=
z3svWDu=@AKJt0^BI`YdjE{w$7Nw6*){`|Ym#E1u!)QR*3ek<kQg07zY3%?ccZ$bA>
zp2u&{+td<YKA$~Oa^je9fjIIMi1?iN|HS<Xd{f01IF8SxO<UHRDoS0@ipAFoDwRcQ
zsWi~QTuiaD2v4o>L=bn-1W>ltG?eigtO`$_ilCz6jv|X-)0C|Rw}J==JS`w_V+1N-
zY3VZm&zzZileFb+-|zqX^YfAB-aE^gb7sytGjo<Z;9;(KxEUU%S%lBp{oi5{=rvB@
z;W3NAkE)fzViEmx{tlyDD&F`&q2}nQ)VqHJ=(wd{o9Ot`%ra=0LVOj=*?;MjaLZqO
z%LVmPcmQQUn!jUc{VfLh;<w>JwnUEm+bHBjA@#4{Mk2M_;26kl!$-Ct+<#xuKg`?;
zIC2ylkA54kgb0^T`kS8pC_=&Szzk&%-10sdV@$&x*6=js=sdFnqu_Hf2<aDpjnT%L
z9TBpB6^BKTp&nL*^dG)9%|2wtU~^7n75B3s{i_{9L0K6KCq}m(giTkcvl#h5?ugKa
z_MG#7Jg}J&-<$yPxt9~)nDzSamkZO6d9g59Z@L_;dDw9~kZMjK5<|Cq6E!8H(wJT$
zzAcyE)<^mOe~lxlRY|}vW6UbO{|*cpM53nRcFdJgcN1gj0cU1EzWr1d1^Dn^ZemQv
zeqO}i7IhMNl+LBg+vA9-(ov^hgQBt@a=Cbc=ZU%j#5+)NTQhg`*XGPseKV3(ZLEzi
z``m{BO*dk5PD~BgN&Xt<gm?oVXNEt<h>!e@exfo=%c5M^P?i=LMce87c5r|l0hM|S
zEMaz(exQXr*s2}EszLGYjuCO?-{8}zLO%4|5zz~Yk=7B$4&|vGku<b!xw$RWjo2ad
z+?!3*NfKc&ll(;@at6alDOv}qoo=x7u^^|`qeCAfP;l7odQ=Qd&2B$nq;K9X#PF0D
znS<+?;cvZWI~K)<#E88*m(nRB5Jf;@6Us>F?O!Ehgf_P8j8L#M2l1;O{5h9DH;Z#*
z{pAY4#S)_RdnsMmO7Yiu+f7?3rRZjhkuhWmT&Q>h%EF)O!EEZ-U%+fC;Ri6As)SRv
zL;8eMjPbQo3SxIoW$?p##`Nne#W9HFUEZ7q33<dqsI9~olrluiT9<A?`tRGsdTtgs
z+Yj%9^_*3Mk-ujrgf=Ad_59BPu%6e;^&HTz>?+ptkAkdYZfc9HGb)8W%S|R(TdveG
zl~F4-YK3Q1My>Fufpx2l;tZ?g3a`{hZ^J0~$$7>$#&+T)>WmQz-LdgwV04@{g*t59
z0S_H;G;;{0Z0reD5=E&I@Nf}s(ZQLmt@+do6}T1jv&6fo(LPuKCI|6*0mb`IVwrGu
z-Yv~+BQrdpJ&lY7pKoN${?+Atf|YebD74%O@!qZ9G-6?^mXbnz{VoSp{E~fD&|vIN
zuvMFW5+nP1dFXffR*d{a_>I4?2a4T)5~B?<oT~9gzeKbC01YFO>8Nri!e)d-+N$}t
zVRQNDuWU7@o)8n88yO2-q<^zT>{z<DSTR<<LJl@F=FjSg5bTeMW<B44<%Vw2_ZaE#
zZNVtCE$Y10uy-31Y40|aXq^W2HtgLxbp#){1;A0YL_!z9ETapiia#^Op91km$kk18
zhGE>*07Ab3*F_t~Ee#!#=Y!Udd5QnT9&VgUo1MOSN%m6k?)FVu5PjYTzB9-4KYa+%
z&H7uL#i`d2?*Z3+TK)pg@?X6lA-iWQ_8xHW@-*O8xC>I&20Ya`2kT^FoxWexaZPVw
zM(BSu5upvEFp&6C;2fRi{f?2I)~}g`a#U@o%}LLJYpZK0P_070?F1Mw>ARrxoxfw`
zFXF9?;j`k8zReNm!>hM&{W$cTe+Msc4__Ov_-F9nqxo+w(%xF`XPSw&4Dg@X?XmM1
zxw5#Fa%x!<&SROf#<)p#ci>&*@p+@g<Wj#7X#q@V4DlXtC#N3>-CztL4~`#u!6~{~
zNH!zle{V6Y$czmP@nu~jhWL00BmY%bAhcmSA7bae%`Eg*oA+4;<g4p3a`%M647173
zQ^6G9A0dhtZ|2hW4MP;0S6jZUt*|sZ{rMY4{u#VuuAu3Q`!w@C_ui5=>?vziu9xmo
zyvwlIrl=+`*KuGnRR~?g1TacbqA<5pwK4-BrN|0epi%8q9haBwp}Dy><a&Z={ccZd
z^P2y?NW-h54<rN-t2$&;u13VO8Rup+Dn;`VLb<d_&AiVxCnHyz{d1DI=Re^(D4fcF
zbkbA$oJ|;ozIJL^t~x<;aU;6~Ar#aM(<o3bMs32#sbvi`%Z2^lH(_vAA1B(qlegPr
zle{3iGc?SpWnCK4x+^c29u?KMhsyMZavXt)qvtRZLFb)XR@J$1Edj)L<#5y1!T=HS
z!<2LVOth<bA7hLKAwoR;fzZABiZXFpzA(2L6y>N}0;g|MrPKFV6`Um<bJE|^x9fi^
z1C#kGj$}|*G`n#^?%qo@>xo)}DbD#CSo?3^!D;2FGPvjqj%AGLy#rw*rn@*>z4c0j
zHtgfevAzE=pKCt|ZZQ6Pn1j=FjPxtgn;Bdcayr=fIAY-Vbh}biBFyZjnSEa?`hHyW
zz1J`LKG4iq+xAAp^ZS$*{11HhBkm6*|8rao0V3Y=3;s9Md%*QK4f1PoioY_^WP#te
z#RB*G!z^%0Bnv#w5pYxtntlg^o_!o6{kq;4WPzDFu)upn=@G{<@-yDbalTAX-W16K
zSCvT?=;(&fh7*DXp5}#*NfwyhivP`&{O`|5{`cnv_+Od9|7QLx{+IOc_+MEY{BOy(
zg8v=E$e(i^LK|RX(D|kd^FIms>a$V&FDZimMeH^f`+@(>Y|Z}$ijMz0ijjXQ?|2UH
zc=3(@9siTSTz58#|0T8He=}S1KUwY6nKt-e%KsDoS8DLTGyjhNl?wiMrZxX7ZG-=n
zM)SWj7v_Io;Rs9|JsrvaPPgKJUtN&@ef2N---iE||84j;{O=Ew|7`;vbjc3E|29PO
zzl|;U--N#)w4vAn{4at3eijabvi9r{{O<_of4%-K|1<l(R`mUk?SlV(c_IEM&qMk8
z$nyqVs^+P~kha^M?DVa!lY7GQ`yls|jnH32xlFqj=c%)}+Y!y0^9M$uc%oTv|3he+
z#`?(+u&+6ckw3)8w2+T4iTJXv7GGZDU*b~{+VCP@S(!bXSqpzO!(Ksx*WUxD@)q|+
zM6>R$!C@0Pt_(}~QaM}x&Ho&4_a6eI)A{dL1V+oZL*G{)#z^0OJ?~LA&}uzLcC8eB
z3G=~3$tU^IC{c=5z@g?1eA@{|fOgMq7S~NtU@1ktVnnD%&3cIdpSe2{Ei0i0BfSI6
ztOzVm=S?Wymyt{w3NFQ=h`={LeTiF!;@S3PTaE}DUbi6RKak3?vEdE=`$Q^W<NHd$
zM&coi^o?o2*~&M(#S2`W1|IFim-V42bD|m}{S_z^6fWf(dvmh2Uyo%TTXB8@GgsR<
zfPXu=PFf4jHckvSX7l%ZjQ7t*I?_C|UcS{VG7^<XY{d<y2S-4qLz8pq+|*n;xi`_Q
zRVO*h5>z^L0P&Pt2<1Psom!81-NTu5%tMttF#{^gG14Djk5PqV_XBC*D7?ZVVvudM
z$Ro*GVI8$aAGuz5Dijr4B6;5U^>8jQr3V<W?@TgsT~4Z0yh-A2VRR1}yljPWX0P=d
zklbcYsJ}|r1S3uSy%y8lblV9o0Ja*DrvkoNvHC~@drV-DBZdn%t4ecHl89z~=qhoR
zL4Q(d&NoT9boMvNe81W)GIi_0B(UHB<mP<SJKAVWDT)&(P_G3r((UU2Ssx2zy)Th<
zMU1qfGS8!Wtdr+ar!7(b3+d}3jl!<wrRXpEtY3r`kKO-1M6vrKO?W}Lllj-CwHSpi
zwfo<MZ|&jR4b{JMM)oV;CIW-&H120C%=}L4jo0z1nM;oc_ct=O;T=ASZ%#u94CE^u
zRqsMXw%r58ycPlH(+_|_sFOBSII7+g1%^fz2yQe#uMnT}%+JAPaO%vA38N2Q6XxnW
zq0`9u75r4VxfFE`J5roqBi){@3okX@TrR%Wf}FHpmuuzx`BjQ?j+@}RCdTw0UkEgK
z1MbU+W_>bbu>Fo@80lAwubkn}=BnW4FW{zLri)o20GlNM`v5|b9S>eCVABDLtag{S
z>5%ay4ySzOz$o4{A$NBEW&q%-FibTjuEuBsC#-*3n&{)R2F7w}qpFQa5`pCcAiL&Z
zNT6+lSq!O*g<RhlPMiJ57hHrl=hEYR`j7fT8u(!FD`{|~|61YL{d#zEI<+~K#4{&=
zTuHJ~#wFF9fWGnz+%m}6;xAfza}|CeY*Oxbr2iVqG;JX7UmcF$aFsw~#F7Yg)_tGj
zu-ONPB0TADY@?gYzraWvQ>D3g2N$1bOdlbudtVZVo6mM>lMKbEB^lllp$div4KkeA
zYLMaJXB>6MLqqkiJ~u+1h)Rz&FcusHiMwP_zSo7d@U><$rC(vBSAB+2@Fu>$(dJZ!
zDH=Rn&zSyTi$;@pqtp1tsU*VQ#;NtV^hyg?5(iz`iZ8pKAik`=yr=!2V`TRi_T%iu
z-3OMHnICt@=Yn$MInC?`49?;0XG9hK_H#Iyyk-;dg**0RaNGxb*~8t1VqqG}h=%o-
zJ~Qa)eqZz(D%H2I5*xeKM6+I|8<<$V5hH!uDvUy}wP8=>)Oz&40><~?6>X1iG_QaD
zGd{jA+Z^9-pGA!CZ~Kk$m73!_@fnP7ayg9eiJ!#yzz*GVf$@F5Dsp^Zit%waWQ;H4
zxG}yTHejS5`?SsRNqs0)rF&I+me4s>#FxL`>3b~T^tmfRH$Lg4r}alZ#VGtV>r;&M
z*|IYi<e&7`y3$}7zVIp7yxm8%F_px-%XKmFSTMLLisNQ?V(8-ZT@f!_u>^LV?f`Ej
zmT+lG2dK1fib}ic-9N=B{QxLEsZrjSjw(_CV^J$&Q^eo+wr<;AT-EwSe2#cmDNdKY
z%(V<Y{6l|$&w`g)->;{Fi&8vR>34*l%hle4EBnkIy^e9T<W>?oX1(h#xxRHJT%u_&
zh(E=PI0yE9%KxPAB6LhuFc%x~0s^WusL=Yo(Y1AC$tJ_2al^zI`3gy|A@?Ve6E#|d
zZ$He*OzVuJd>8dDIIOr*l0d#Ju?XKE5m-WooRlnThC$O>Cw;8SNq^HP?PLss1sI%d
z^rsjyGtdxZU<_-gnV(8+puo@uM2G;H6E>EEQj`kY-Ge04dhf3sv{6{P_o`Z1#3k~n
zPdFO`luBgTD*$zHNUu3lYzAT}AT~V!*&QeG2^2^xC)$|x89T|upNNvXpD(lPM0AHG
zs;_S>@oY;bbiZElNtCC}>`$<?aZR$v<Rd%HNA|C{OtNQQ<xU}5w^6@hd3zZNspAva
zwZa=MzbdSm_xhxj?78d{zKW|`%v;_$`xqN|I(UTRWuLUcDfn0tRs?O>A_9PZ2-XS3
z=6$22b~|3R=wo2(-4=mRw|)yrl^m7A+HIw<b~~XI^%ZANAFjnnzw=|xsP5`7^t=&R
zMt*fyrth+|A33|q{8-Y~Fsb_FN5Qf-Oo>6r?!UV~LherdL%)wP+90kjk8p+R6>(&t
zcjJAu2KlbT9OUy&j0K4}Q*+Xjdd>IJlL8VozsJA6$`v8~L(sU)`R_$djM@Eh{Sit(
zz=d}&yFZ~nLZJ?Jf7kw~l>}b$5f%kS3%;!3Ujci?yMevxE3a&3;@)_0Gh@Mi&5UiB
z1OvRWzi@{B+Qf`L<ioIf5acBVDmWU0teG+W@ejn|UnhYI_#S$WXx7gT8GQKmH5lpl
zeSlHuK=?e)4vq*U<D61-5U3uuULC=4w&4&)?ztqh6K}`uE|`^!6#5)S$X+m)|9lY^
z-6)$QovE33*%a^Jv5XVqsbj8-!Q#(T&s^<DM!DjB8Y84Vl}u~Ob&IDu-mZ;Err(#J
zvUrZiXVfX)yD>u9wcC;v?`q(r_mChMuWFa{;iE|3Nz$u`c1iz3!YVj@4{7(EvZ&md
zewyzl+ig;ck}yI=+eOw`!CQowc6=bG_8&<2t!G+msxfk<k<4zV_>W|g*=-O1(Uni2
z_8(wmH=K#KAcR6myobzgo2xOhD~sfp59ECN_ydfBOW}riR&V0jOtNdYWfR5m3s{im
zYST$bQGL^UtDbG7wmjRZIBGq07FTCa9d=)&tnFY|*7gr|R@QZ}E9?4)tXc=V)<5G9
z_XtTG&w1<`Oq5Tnq;azA12}T=1~??4R1QIp58#@bPHtu_WaF&!V)<q~M4sh>CI^nN
zTAQyaSEJVcN=ngU!2B>9@dPZyQx`iUJ^cXjb$W-to)}w5a3!mb@?2Vv5Go*P`$)N-
z>>hCLK<Ezr=9OaFPTWi~_PGXyx~CuLIX)@WUmKqkN{@DXDr{hk&6|D&(X7XQHm2;%
zFEP?Td=Dd#l=ApgU-&IpHoJb4zEHREZ^G{LAo#z$k5OpX1B|i7jImvevDX=6Z?>=p
zCK>14@o*8$#rd!V&w8*!QYar`Z7~>&D@98H3w-+uCZFEG)1zwV!#CG(qP;K<E=9My
zdJ^qU8}aU%`yd4B%W%~vx!xw83QRK2yK8s{We5@=pL0FWm5@{E0g~CT^q&|hivszZ
z-$w|=x^8l6ciD2iyXJQ1P0Zewq!isN;-F(SW0U)LNBVZBW?k@4j6zqX2l6-P2PeOa
zQEtX&rKm4sO!buG^gwRLPS*<~w0plxQnew*pq@Trm-hCqpVW*7r6?8-SzZy~?{ZxO
znen~b=Wa|7I5Y0ul%y0LZWcY0jB@wyp|=UG<0yZLXa#&A&WwHTQ$at3U-{4MW3Q0R
zTzj{LeQe1)5%#gys%_ZBE_nyc6f1Gq(zFssS(^5G4@&HdD6ucPM0-)9I-*2%bP4@k
zD4|D`(4$Li6D4XQO4LM`SRqOzMA*b8MBBtZ`|gEpVjq4-7~}jX<?-luq)qIW=E&P3
zW4*Srk2Me!Z6CW2w`Ct&joY%1)p1+)u{F3Y``Cp4)jqZoqOSCtdH^FQU0sP=Tb<^=
zW0KQJSMO`1MCLmtIh}NMbsHrvd&eZFldjg=C~<CuNlqtSUDHO1A6J;<bkfxcZP>@I
zUhyB;#}@ux35HsK!hMmoct4JcdIqtWl{80zlIAE;(j3c`G{-8Z)`Raeo%9_M?s8Ir
zlTKRTq?1aVbkY(howVFZC#`hSNvoW6(t0PI6d>AkVP<<COb>@L;;Cz|6h9LO(IhPU
zh3P{_lY2YqA<$#r83!F4ang4tz^`}m;LkB9eJ5L}Nvt|on>2-YqH4Jl2+duuYGcL`
zI%busIr0egj)O}N$4XVpCxqrNS2agAp<Zzp;#dL^iKsVEJeH`MyEmck1*+yqCDfZO
zUKgm^oMb{v;ry4D_J%)e2Ed=i1pfF^8DqKHoFpeLg_H=s$CLPOpmeY>f2Fa85uqQ}
zf}oM|HrMarjlE(%GS;KkZ(+L@(FF2i+l(ggNUV$|;M7V}Ap-v6v5~gHpS*>QmW90L
zdb>X%thf8#f_p%C<Lfu5r?j;@t#=_D5HZ%wto!zH{j>{*JTvRB@DMK^2ExO6uE{*{
zrZD-v5mH-oeeV>wFzQL7t!&ZOMf)&vrRdkzanUH^JKVlp9syk&3jolc^;l77fT;8H
zUZ`{GT)0kGqfSGNQ3r`Sd7{n-yv`hwne{&Z;Ubw?CH%)Ddc|@9=Swjy;H(}7^(Tn>
z5AWq8dtDIZl6VW!C;Tbw`Rp+Wx%wH^LNmC;%o?&68|J4mjIm$`5g{`(>w4pZ`|qJQ
ziPmpdoW<xx?<`v!!dq<5TZ9;CJ&4wCbwsh_XGO78UJT#`U;eydFmI}`q^?#vPJsUD
z9uE2_L7@-eVW@cU!9xZ{NDnOIXdqfCpTWw45;)&>b&w4T%kTNSjkYth?uM#YiFU@o
zL!x*X01vUe(MOgE+>Qvhwp+F)r~kh2^tUaC>Ax?$`Sn+azn)&kzrM@g=m(cdCHWI9
z?~eU?xMbxrn8f^z{<%@I#4K48F8PKi32(r5kwL)Z`E?j>8njN{AF&blO%aBVg<C44
z^C$pO$NUIHmDuA%=aMkEqgfKY-;d^OsOKLT=q$}0l;XLt<Ls0Tna$QDbAnBb{mkHc
z$NvS_BXsc;4sSJ~dkOtP|K)WfHsLRE;qZP--{6WZaBdMtOC&{b@(p)@1wZ0Q`u=r{
z{Fe<tXoD{Xq2K{w3!1juP;Q@k4<r3MUdYZ1mGDAq`HXv9VAtR_-j^B})AL`)Ejf$g
zeXoJB;L--h{Od9h+VCOY^iB6~<G(-RzaRFW;Y}~)zwh(A`0qvh_elRY{P(N;_fY@6
zy!;CO`&NG;|NS2SeWU+1Ugj14ySx8O{`(*N_oaRtFS9HLu0L<!zuy!a+y_4e8I!yf
zqtFaOPZPR_cxyq$wy*EN8LBcOKz!DR-h*<F@IT6kN}^f2{2-BH-Ma;>G+%oU^U{@s
z_DvzaetA&ilFskJmGc9yVdOu43-o#B6KLzBEf{T}5F5TzIKE)FAHwsjXbIocU$PXV
z2mwOqUcLEMc}t&z<^5^DtQbjYt(4CN{nOWh+Pw{GzX_XO@oc2-&^h5lJygw+Y!nrr
zT6Fh<(cP7zyWstBN6}Ke&KXDOoc}ZNYD&-22<h2M=KdRStN$V5C~Mwiu@z~8fIP*$
zfaIN&SW};n$YRw_t;eFBpt_`rl_d^aF0|s_5ni8C*La76669jbsrAVHADamtIS025
zopy%lruFM;iKgmLufo@CK~>jiqJ`1o*~<I>w(7s^UpAfVJuz=s@V;{}hy_*u+aP3H
zMC;dCPDlMOV(z$-33V*sFcRu*(QU`z@!H6`w<1|L^p9}e5?ME|W!(>>>c(MN_tS{F
zOJv;%E$coJRrh+M-=}2VD+zTh7j-vB)w?CCUU#EjW<;MWWuN0(_Sx`fWZj<`7IoQ@
zaNSk1E@@e}EUNBX##lE;)Lk#@rnao>iK^Rdz+BAh%Gch2>k9Ccb_94Ux!x1<i?Y!1
zC%7~GrH->YYsOoggDr*yr}_9Q(|vv}?Pkt&YGNH~BF?@slN|-dwACC7%qid~F)8X;
zViG8SIV4*%aOYTMqQbFWj?Ae|3Isnp%Xz~XTX5KU#{6I1f>7{{^L%%Y>gpKVd7iNw
z8yNetfw9jT7<;RMv6mYd(;66?-N2Zufw4y$7<-_Bv6v>to@ruiZ4+asn;5&EZ(f@j
zd#jnTpPLy=Im_5(XBlgMmNCm&#?G8!?AJ4l9X!L>w`UmJdWNymGmNb{6MbHDL3{TZ
z*tB=Q@>{TX2jw5^-9Znc3#!E*UHqvLe-c{QyWb?-;mA3BA$#}IZ~m3N`(2}m=l7}7
zvWNJ_EMR#F-hitQ@y$viKKBBB@?S8r({1{uMdIeFhr?Uz8bmbfq;E`fqp7f$^l!{T
zXv2(H5V2eM@0r4%%qc`?X(>kfgK^C)lw(-+fcfUF(tLBaAIvwe5~W`##mIk<xAIIZ
zLi$Z{k>;C!EC%z<BLDZiz|*|TS6baaP0@-Qh3%G7v;*-UOz}DajeJL+AnuWFYsN@_
zGsu|TUl1!CU^2nN!Xkpw%QFM5UngF0W>Bcx4l6?Lk>QVe6Gr+y(8{y2m0T-tg=^#P
zv~a<7yx`5Um3~%)l*IvMZ6L=t5Q#*%aP~qnt#My-&6$gL&BHfoo;sYP<kSTR3xBmc
zfW2l-`4h`9sxQI;#SMdEEaLhC!uvt&HO-MgGOY`DVCkJnw0>_kg6oI={yMlufQySV
zi>M$ks}?R2Mk&X>l2@-~R}MwU?k|Z&NCXTDJ}Z>N-5{c}{(05_rC5Nn#Ueo&+X9pr
z0Oei*N@oemRS}?+M1v9|LAl2SWiWv9Qmk<oeCTDk3vOHiQ)l!>(*~w4rkSM&LirUQ
zW1}mMr=7kv!b1664sF&4-wLPTNlsd;Pfro^eb<X}6Io|L$l<LOSBVv#M&s~IvrgP@
zu7F6>WqVm)2SUL|flKv>`x7Ho8=aEmq{s9tUY3f9^;1Yn0Ol=4ki_l=FBa(X4sB*k
zAN3+e_Of;+$^n$ifCpyHg1Qkq{$rrv-4qj<JIUJ2SZJP8>)|~c0l=#-835cE2H;`=
zKo<jmJPyFF5)QykCZeIyC2(_=b^dgl0Bo^D0-y-viES0e*5RQQMwpgyB^U*r&0KGD
zi!0YDO`ycVjjOPCF{y8Ti8pY`$$Bhvkm+Yun_<M1qHU1suPHbHF1or7MQ9_(SLklD
z?N=_`_WLhF+s}pDekHQ)XJp$CLfcuqZH|hT>GmeR2(xc4$iz;2*27g9-5;C_#z5U-
z0n=Gq|G;e-uMEVINV`MCLw#|ZfwaDF8-^>_z7Rblf*nNj?*K8fCb!-E85G(4EYbYU
zX7fM3Wi-EKVKlviA3+4VZyfxE#$UV!mBWl%Df&p>OVJ9wY&|gVXWj%H>{^GB|5pd!
zMRMl-BofS9@lKU7?t1eXFcEsVl`ob-GOk}z2?mTm+#sG4<nz%6Ui7cLXcwq8p8ssu
z$e8};!f?_Q8{b-f#i#Et5pTWxt(Ea=dto@w^Wl8MH>m3)iv4h&vEXpN;d(3LE#Z~>
zHbumDXdz!98Mz@|f`T*bYyz6>IAyTJkg$a<Z^D8lcCbXV#F{OfCAvkx&<^JWOYHD@
zm?gfCqgZ0iLctQrI>RvLT~4{OS4@`p-9ng@mgPVY`&yWkIrO}Kw7H41#9Trf!dy@<
z>lbE$PhBlo;P=l<7WfU4ED)0R0t*zUO4bQm+GK%Ftw-mY2)1+WLWAwBJ880=kAU;v
z@NuKSiT8I-w|kz)$nJmH91Qf|SMWX0$u`-}TTv_ML&0|L*lbMk)5{FDb4bG|s5kSq
zya_sZmCu8{k$h-w^96au93SwC$Nw~W#Ur0a@QS0ti6A(l8T9Qa1~J$Nw3z;eu>bx7
zBmbL25!%297<@!nBm4}5%UX7#&1L*b)H1FRR)&vkGRD|>nX!zUo{Pp`u&yb3)w(9h
z729bItk^?K#rX#ZYCi|+b-rQ)jZJdJ?rah(cJA{S1-CSb*)r{Uu`K__SBpyvua+B{
z7z_T5FE#(S0K;n>1{W`u8&NEd7rU#ujrfxh_Ydn6V2X9xWZpcqrO*u*`p^^S0e$0s
zH&)zB5UnF?{CThlSBh4)H_jQs?|fc4UvM9^g9Z2M8K9~D>L=j^_j5ZLEEa543N*3a
z_N|udt@MFme0cAf>+L=b8`<H!mFF0f$)>#P&jFejy$)#p@^iipPx5t`-_QgxrJn8#
z1Mt_w0A2|h19(sj;FEee05y65{s13<LkwW&X)%DGJ`NAy>8JseJtqdx)f~WcFo5?#
zog2a!gV<9dBnlq~(^IHCFMTQj!VK&aN4k#%-~@t?%k>b+%$gLy$TfjvW;ywfvATzf
zbKdJZz&Y<-Dm|!bOZSECoX(bE<oX-Qw07VX9wl1#6zFCLj3rxm0+qIdo7ePOh~^Rc
zD;%AkFEh@|KLFe=KgaifrPTtk-TbTf7K~8v?{L*I%Z8L97qmJgiD*e7MZTK=@9s%5
zV>|B>z3K1&!kC?I6W0h;#ghFcbchTs?WUZBYf7N+$Z=iC$8|HwwD#dYZZpSqL*%%U
z+aVFXQABm3n?tD_D2wuJoC)Z-1Ocf<dG-%j1NVeuba$1IvY#U$z0QF2srHeOe!T!7
zT?8}G%K?@+bJ8PWv@P}XiS$4WJS>5SvEpGCJPeOPNdKf*5Oq9szjVPl*uWI25C(dw
zIGT^aVE4pffk4;`6J(%n1D?zU7^#KLg?t0*gY`*2UMbL69Y*7ir5L$7kxc9FrJSCb
z?L^x$shKyx;rFenf<X;QBGkL&9Al6&k}h2(#>m$n@s#qS$dyXyFDl*57DG*XSfu1~
zJA<>@MTSG1TmoED>olemBa(4@g5te}3+arlim$jGLc@KrCxqVb;~kP1?9>Jb5wR5$
z?=Dwo;<3O$_v#}#4m9sdIM7=!?t7c{=U2&-*fhgSp%ei1GFKe&#531bM6<H5Fj6yy
zCAhA2((^=H%9mO2C4f(Fm=8V{2W1iWKY=sNm#efhSUPTkCEpn`ocy3~pAT|Dwj&03
zdosx=pWB`6tS1?jb1xT`rne^%+NE5$AP%vGQXrlr$J<^)_vl@`7?^F*Zn#uFFY<j6
z&HCj=j;p~5iq{2q7lV^k8b>s127s88lHh9Zq}8D(pu9@=I_Yu!d#?oeNy7@#bqUc%
zNyv82yEf<%_5x0NT%}ud>wM1Jsw0Zbodm$|n41r(2LK<tlXx~^LPyyI-e4wZoss}R
zlAw4e0)Ql0r6Uql&o*0&X`&Q0ahX)r6h6PnrDp*J+X&sJCl&z;WXnp?FF@4uPFe%G
za65gvL3HGLEm)7_w8@Ky6L&schWldm;MYy^3h3sI;)=*zNZxggB59r>IyeVD5WF!S
zA$#eg1fdF;_v`uQgEl&~HN05xaX5_sk!anvp8$`;%THn%v~QI#W2{w*yzSr&=2ss^
z`g28Cwp1z(DZFLvj4+GoyX<U_N-OkfMN;4_ZYP4l{Q40Co4;^PAyOXY1?jO|`n$dK
z6M|6iXCzE(>29aiufG84g%cRH^rY!3K)REIbk1Xdv{{05dpjc*v0)1Si$~g4c9+a=
z<VQk?g)0gMv)>~ly)%MPXr#ULSrc^|0CmSgx7tg8Fkc4b%O3X9h33nR@}<pQ`iuFp
zTwtDfN;&zFlL7@?*W_q0eTW9{<yGP+52yk`E9B>_m1Tmp;%FW6RTzqKdyfbJu36tW
zVk*XO|G{T`)`~v_A-s-rjOl|5C6B)c<V4o=BW)_fliNwpDX|9^R|<pI8;au5MF5)6
zhj$iW6ja)Qsm1t6s9et)P$h(+>L#GN%7AJrhw7sO3016ss`_x7P$^MR-728^Xq^Go
z9g$FFa;UiOXD@vNRFn_63b~?|E9NtVmaf9XgHlV6O~GM3XKx{B>6Jk&{nqrYZ%1h9
zWzxOpvRcOMrQ?SowDCQ8S|Hp0<ic&w5^X;aZu_Cgwx5!1&xN+VyzTd6QA>Zs{)HFT
z6YcbuU=^Iwcl#a?nN@PA&F#Rgagq2;gDTd0*Bba_FF_w-M-ZBek-hXzQ(X=IRrK(f
z=;6k;dpK#0>|ufE;rtq-hozA{Q0QTXsZR#aofXMonI1b&GW*F`Cg6vtm$~z>5mHL=
zK2r;Mi1jNu;UBAIOoSQVJ~x~SKvuhSUPLN@6SZP5a&#U>!D_(y4gld34#FnLQd9~r
zKIShzgTVp!wwK163wyOl>g-7WHF$L+xKev{$Tqc2$I`4O%(xP*z_^wyz(~Jsp0Ilx
zV3oP?O{c%!^CY`ctb$#={hpz7cO~H0#~D@%|B^NjqtNB{($xUxM|>uBw3jx()92xI
z)5b&zu0A8i{Ks5yVhWCw&xho5%vnCV@Tf!OyqBYMKw}3E#cA;l1Z)$}T6O}_7F2^P
z$X2+4rj>;HfT?-6D@D&iSwLIRTgyKS6hia%(z0O)g)TN<egZGQ83v}{Cgc&^QSlx*
z&sgxM^Ni_JXT!#v(>RT2oz|?zM!?*QeiZ8EXucJ_Ocs+e9h5oZTUr(7w@2o1ih(NW
z(7aV3=u4BK<2B2n&VDETL%+9&IILNQ5z6(slZbCk@;QOO!p;!G;^$e0znO^CZG$vA
zSoo!CAgl@fndRAdGw;hXPA%*1)e%WeoV1?hCGiqVFhX{1&29i_X|jM`|1%Zj8=*hz
z?M1f_8r{ys2tjTdjF289--?TSx>?mqBMe(k&4!q8VA%50GqU6Yvt)!}%T`gc21iAk
z<eDq6+-jngt`}-3(R?7)lAz{Ad@e7T&4~i93Ejs@bqSb|DV$7?M11sa=L#?e1^9dY
z&e_6WFe2jIZBW=c=yNkBmEwIIP+La|w{U(R8Jmhc!&wSZ`9$6hr;&AhX5S4jcED+5
z9Vgu>c@jAWi@gS|(EF|6C7*<n-|&)iYxs*Ic=0WNF#+20!He(si#y=OGI&wNU))v)
zMhCWV2i9;0yWi%e*FouBymU9{U^~3{fxlqDWcI;}-TcK#L3`na*6W#Y4*S<@S%h8{
z>SHKAdi*nC--&kTScIw*x<T*%v?O>FsHs8)`+%!p_i&-y)%aWwpHJFL8~C?D{M+_t
zFw!?Y9fsidlZ*xZ^<0)mynW>qV~}FnUOEYe@iiaDUtnAxz>A&y#ihWPY7PFU-}!VH
zYD)tze6h*#f;TrXrq7xwVY>*oVsBBUD^K$3gW$zF{-TCM13&Ghc0Qhe2q#bPr-o3v
z+JljP^GtcjM>Olh=BHTxsVo2VdoyqMUQ+<@1`UO}TdkSIytQnO6rnv&GN#X-8OGPU
zC-^q)UsjKhkH4Q_OwWp_p2~?31e*funomr%=vj>P`)6Pj{2?;Fu<)<ka|rb7@rQAn
z{*`A7G16b1iILrZdQ@BfmCwzL@UO&g8pp`BqYP!*Hxmvm>nR*uDa#}LN8i$$+Vrm+
zIU~})lJ^@b)#>!Gf8|dfn|5RzzWLKH>_1vt4dW|5)b{wg@cJ8O@bO(gx~=hjFe74o
z*DN>2cjIVdd>_w%@eLB=yJ=a3|LCUUZIAEC>5=2({f0{Q_ub*~)qiA+@8trF^mpAC
z^dHTW&XJxnu<dpAB0j7CS>F6PLiZ55N&j-XnO*cc|KiaIZJ1_7DEJ=mcwR^^b(!w<
zMe{)#32S<--#>oAt(+roiaaJSx*5xSs+m^TM_hVMsuE5^s+KR3c&+2iLvza{UU88}
z;T#V_ggNP9{edNn8A-f4<<dWMy}!CIfsi;H%|oYi)r7xv&4MPlP>4;D-t1R}y6^_C
znJzsIO&|B;dZ+1-buz+Xu)*EhW&F4sBO^dkgu~z|zK!`>0LJ0*wmg#m)D6_1Ukudm
zz7!+>XB@{*S~>lXHnH>rp+fy1uJD=lcg=8+J6hDJc^xDF+h&ats1eL#jQQvCw@(OF
z@j6j@)9V=Nj~;DeBE&+P=?^|CPd^Hq+6w)E>jF7Y8s|eBb9s+-@d#~*=X3O`qfIQd
zx6Si&xSg^Q-<;jV=iWzrV-D&iypxG@cIyv5CA8{X@Nk;5PrvIaGfTalOq_F2cgPaA
zsdS4-40cAoxrNYikPX~PC!`Y37F$H3`C$nNh3>Tb)db-Nm}vLkE`P?^{kaK|=aPL~
zt)jFfyIPaBqYFrMg&6+4*Te$t$RWDsSH3_Y>PqW;0cO4zm7XP<_1pKOJr^9Sj98XV
z?Q!9J@FN%~G{q?1#yIH+?4<5hB0D0@U(Xp(Dxr=*E}!(j=ugH=S5r8BT{%svZ)xDQ
z@K^x+RprZ~su&r%C2Pw;PT+0&OHX2ye!v@07L_Xt0x<|J_}Uu~zr;pzs#F8HIw<x+
z|1erRVzg#`d>@wKSw|!hiiwux1lNmNJ@#;u(DS#(i1f>*4z}S*j*4!5_TiQu19I25
zBGQDQ=skdF4nj)NQW5ExDMjyq&UReC$^hwOYz%PoUNJ!Hlk!tpO8_#S#8KCt_3vS%
z6#Znx@om<V7K<fIPm12|#z;h)xgSSHoB3lJY{7N)RVFfJZG2{o!8d-K2GgcX5lox0
z|G<d;yaB@Lgbp<^=`s5-?AlHN?SlDM5yI%TX_({PyFgeuI1hkn)sOpH^HMc79C1P^
za>km`X;S%syzRi9d~y;%-UtW_<!X=H<at6=Ld5H)8BtiB^t_(*G9Q0M#43oJ24`9-
z{U;pCZIyU%O>$=5aQIz}+|z=mMC2U(z*Hls^F7UCOTB%nz|*uR<P;s%%-F{J#~>8^
zNfvo`s?0q623L%}a*u)3aR{N{Lo%`xpO4PW8{F@5T6vHuH=OTc<Qh%1P94BK%*d6x
z66ES7U(Eos=f@t$$p85mV1|Xy0!g;Kg3*R{oFI2sH!)R<Pd`9B0jAP;5sf-D5cJ8D
zdc$*a!<rD44)g32eEP<Nharu3(gw5k-(~pfT~A;Xq{gBy{tHaQy~JmICkCP66FaUX
zxSSp0CD%SCn6B3Ew!K)!c4oTkiHIcrzslH4p3O|92ZJRTA^&Y-5CT;pc((;1y4f30
zXg1g-#6pbR>@l46oe1tQ^Q!5$y#$nnqq9sv^{asDc*wAO0>T8p##>y05b`_6$lTMx
zddO^Og=X&*&4#Ay=<%>%`l~SN$O6Bw0s5&&AtT5YM6=$y!ca$g6q@l*9>o#Yf-4_~
z#d5p=D0BVaG4hW#yUw;4bHV=A17jlB-!xHem8f=RF=x%ka_D(|!Ou+$F7p>PG8T-r
zMCcQjH^M!8Tlz%z$HV%>dA&=CsZS{0KO4lZnLWnU`Uc*F<jx%YbB`E)4iEkqCf^z$
zs*L}C7|H16TUe-<$;eIC9@X4R(VXgOvba--)~|a+qZ1yB2#H<@JLoNpFPw$PMWFA;
zz6HzJZOb6g_bQmfL4C%{!ql%j*u=S45iNgxa7{g98!zFjuoCi<KWfB`QM_L?Fy?=L
zjFj@km*t!%%pn(H6#SG=jn%x~Cyk74j30y0dhiNrzY+7_!YHHDthdB^q_HW)*KhlD
zSdTXXT%A@=2Umrf=@{A9$B2N^+aJa#WY5(eO|kKL^p*@q-HX@OMC}@3y5JVIKaZ@f
zJ&e)D%f$*`HW!K=ei@i9h_2}exn@K(tK+S3H0q0lf)kmbOTXz+j5c-{gHUMg<dO#(
z8N0lhu?fwLjRl9@>^A(pUHOoo(l<o-dUq$jPO~oP=}pcZ2=##6ly^SNSyRtpNo3-_
z&_x%{W~uLgLD)oJC3pVMMC7mB&)302k6;w4GBQ<GOfFf-7<->Fwv{oqnlW(dD3Skx
zJ+9AMIR~Ts&C(xMgkPzM<5aA$Si!G5%HP||1XY!sy8Phvk6;w7?+{u;ytU#&S#i|B
zU1EOl@<(7Jksqvo7^BH8+T#U&e3-+~hCQ(SeiSg&mcPA`FKmxW&#APLXoHAmA!&8Q
z*O5yY1Cl>@L-G2Hd}bvOdQN}hVN<*9uWJ3(o_$k@Z(tw2&%?mX)t<2_1n*O6ysE{)
zgD-Z7O5;>|WeOl5WQo|2O>P~pJCD#GRQe~Oxm83<S2deJTgD!xXcwG<Yym&k7*(4C
z!THkaN!n?Wu~T{B@37CgZE}f|kD@Ohg@N)KuBF22uY3rj(4{T%?a_1kl7~#~`B9?v
zQG51ReFJaN^Z9Gdfz+OHPF$x_2jX4#j8lEF!w8MZrME?aqH0}IME<@05~_tyFvj$u
z&`fL!<hkpKRqQ|}GFohTqUi$`&K6Fbv^q!nuOzFPu|e~ONx$nhNHst|Hbq8yS2cz7
z>_Bk2N)=V>%zyhj5|wr)G)BaG$)VNZ1g7+y{<5g*-Woc3L3^G&m3|A|L*jC65XrpF
z{Q#$RrUSX}x!?rKn_^6$8+j)J)3Z2E)SmH#qc%1LW{h}<6G)FIzSv<L>na_jYL~*M
zQq3HL+`Uz;ZwkrS<LW}vPU|Ng<mip#*jKedp%_A|NLrQAP&{wD)z&ioKq%BIK05Kr
zyKzDrz)w-X_d$%xP&Vg(4|2FYs|?j~rg4zy34mnsa1lVPyey%f^$4Ld6hKJ7P1IXp
z)C1=M>RBQxEf<vn@K6Gk_%^hisFZ+Zr3O(tS=3F!Pzi1&JT|_$fNY$*CqtzHMx||{
z5`iP+KsKSCY+km&f{?yalpSZ3eN~j50xgS>{GJJB%g>0?Q>EX-R6;!k;Z|XL!=Lq$
zqFjkANB96mi*nGsB;qAgMah-2<W(GHVpO8!DlEld@K%gaMGO`SnEvY|j6!kZnfQPj
zPTy*dT)rnvM5H3yCagO)3XC&Xg8u0w%s)GQ8#zMlN@AQ^G1MrQAma;I^#zl-P+ZON
zr;H8QmBe8-yOJ1Bw2cF>(bNNGQ{!4UHO_1*OEfjrY${%@7-kfkYPNQ%*;+~K)=JFQ
zPCbCzXa;asxOt`7TBRtaB*u`6Ay6tRB!Yf+6h@KpusMI>6MhxU<YwYq29sMWTZN3C
z-49@t>wDM4ui3Jy`NR0VLv)<$^Gp23rl=J;DK;r@RL#$4teWZP^Vf9|@eRvU>3sf9
z=QA?&v#Jde{aGKtNcFwZk_4*e50l`~M58y3?`W996xcWsAa8>Ls^$+<V3BA{^}SKj
z3UpQThiUN0#Fof4<*};ySHdaWe3-%+6|P>yM`~2M5T3P}HAEX%Cz?r_C{8oK1{=PK
z7=_AJ-y18<Zem+?<FA(6x1IN6GkxY}ee6h1%z}vg$6n_88=(zayeH7;sY{%374dZ%
z6RAZJZB~Nl<&FDgFGI4G#38+v#39K_;t(6})rdK46n*M`uI<gT5ifIBgm&l(^oxFB
zjBWZK{{KS$|BL)<%tzi?FXEXu4!N%<-dfl7#AodbJZacCLg!5&bjB1yXUrt{G@)as
z=5N;5-ieW(I1(fM;GGz?C9k-w`i^MhrxI=0Op>wBbqyC;X`4yL4@4QV9}Zu)5xQT0
z?{65Xc>K(eCH;U(uM%2Ac;OiET_fPTn!|TB@mW(^z?Z*S|BM6Gkps2&&M5lW?-~W+
z^J+k%-!Vm+4p!)$c;7URXtSp14HIOF;zi}OQih9;(C01{{deL0cOi7fI6}ux$lt7g
z!#n*8@ANdsM2S&8(NhLNzuleax+>5}^>kk9-jNr=7qEkNQvR(1`8UCoe-k*z9x?#L
zMZ6*Wh7dxB<QZabNOqZ}03m(2C_4_yehniXGKJ6~Q;C&-Cv?aJAy}@NfDOS1WtT-r
zMIl_coGdGdLrDK~e53$&%`il+6u?$q$dJ6y_!d#23K`yd)KeX9cpoxk(d(j|j>592
z4n@eK8f3_#BPdc9jT;{+i-rtv`korsQVPu)C-_XS@g}E7tvS8PZ>{4&ZmdFW$&FPe
z!~OX_qqQp0+EC6W<A}Dg%4}-GeQgO17-ZpQ-E8XR`~J1i7@rq8S)%oIDL<we@?-n}
zqRks1y3f3i^WVwiT8fRi5+PUIXK-<ekQR*B9LMQ=VB~F}B!d42Kr!_5`2g}|ic04P
zAl?TO@?~I(Xl+G42$(9fwVV{2=v?zxnMj$N--_8stQS@D>(K3dm?jbY9-gE4ec${D
ze*c$z$?tV@bX{8Yq-y>pra1WXUW{NN^7&SEZ=?XI9RXXy2>(w`i*sPQ*UW`Llcz3D
zDgF{BXQy8y1%ax~mE3*ty<Bsi%elMarF@E0K_&U!4d3sxshRgBxf6-^fct^a!^E>0
zUbyZcTBazMdoM@{s8y{Gx)-C+PqGzvztDhigDK$-T~_^4@sz}ibq*!+o;b4La^d_v
z#{3<c$N$OZ|McenB%2dntr$81LFf*?%kMG*BL`#bJI0vC82dY8tcQH=(K7y;m$`Zq
z&paD)-^lstjbV9XBXnL8p)-;R9h*w%9lc2f*jnUo)(_`mq-Tx5NKY8iBL6n$?|Xo`
zk4=SS_SyiFcAmt{N_J+PeyWQ;<Q_2TOeNawy$QwXflwDGJ+1c=uX{Uj@AcRi$p!ZF
z*9dr9${!Qn{LT7K4qz`1;JMtE`T_lciy!TdWK;Gmy_?G$lCcj2juic2`EjY}&y+Vd
zLdPcMZ`K=mCu4ah-A6>qn+~3NGm*PJoiQ_iv;H9e{!-NUj_Cn!t+F^kht1C4tiKyI
zf1y9$&}L6v0-S^?gSXM*0)h39Mzoe!y!=JpT8OowsM~09ktn-r1UB1KjQ)xjh>x3r
zXy*3>y6$=LVgHC$=P{n&lf^AlHK}maAh}>iDT(n);;=j=aagvJIIOplI4qefsia~U
zOvH+Kh&Pw&s8$k(4IrAMhR|U|KIh5j33Nt+p<{5OJ>S;&+U`H^-}Z0$5BiVne9(vs
z^LHbEngFE4O!&tcO`ZiI2i*dv0ec~E=bQz^yGvONvCkKmJ2QTBB_vlWMZGLW+RD_j
z1kRFg7$<L)9<?BpLnnP>*E-V#yEY=0l2}4Fhhq85+>BF%=C5+~7BaeSY?KjIIVmg`
z(m8j%NYPNG(k;O+k<2Dgl^#&W28cFhfs$xZ5(nogiG#D1#KFCl#KFl*;$R!87%UKG
zi4h1ZQ4$9aAX@HnLWdLioF|_r5G{8Vp~Dm4{Duy<5jr?Yb9_SwC&Q6M@GWtdua6uX
z8R!#lCfKoFz;=*m`2p3JlVVfpl_|N@m6D)(Dr_p<lACc#DY^q<pWFh5tG@#W9-jb*
z?Y~N0qx)ESvc65vmA;BA<i&jaSnvqqpKg|)sH}DDE@5Y>%>(v3L;vwEc|v`_^%y6~
z6ldn7^@?{QoQLKIob(9M=2Vfi22$7nM@@evzP?uw?*T&H>&??Nm;fCaWBSu~$@?fp
zgi){J!wg*tx8siVT9sCW+QBdWO{M>o`FY(}hq}Y@QGOs4)UR}6qz~i&9KIbR{W1Ql
zaSTSe8OL4SRc&@kjjG+7A_eM^F&L?yEj4@yKNI>(Xm>7O%5b(fMkM8dtB8$bu$*>q
z(ecq3X<jfc>Z~oyABneCSqRAjaI-iP4_zz26Hf(JX+6m}rxe!%X1`Z6{!lze5kfi2
z+N&K!2cABVL-%>AtFyS$;qGAf9J%^SIM5&Bpg-9?hiV*jzuj}VE{E>-9F9*9q;Izu
zp69DtSyZk#s>%;p?4Bcvy|BI-l%br;9L2HUyIrI-veO+Sd>y-{2h@x|X3VsE&Rdjc
zXEMgV#A1J~tnH%EA3R3_g$*2D_m~`dp!`Uj=kOpq{lVVu0P&P#HDiZ+FR$uuZ}&9J
zQ;Kh4jM+WsW89tWg$*noA*DD)yoz;qu@^QVgpuM&WQ>KZLNeuVP7j3Y4gUGR^2gZ!
zfj<tvz<z~zeoqoWRFMitwaJ_QjzlbBzM5WuRnoxcz|W)1HPo(|F$iMo8qdG@M~O4j
zkwO(y5{Klq+#8dMAz}nERxyGqC2<I67}bQ{PULf*e4aq)kOUE+Aje4EB($~~6(jwM
zr~$RkXD-IH+)P}}$Mlhi^{N!D#GLVNg=6xwT<xa0RXH^G8%H|hf_k!(9@o!~gzI8H
z(yN<<3GUtUy8nlfVOt{z80S6Ux|Oq$z(|vggc^ArzGPiC{%P4r(_HG3^aH`uaMSrK
z*9NzxAK=9t-V;xE0Lyx4eXBb0PcTMsFVUAZivCNHNaSm0TLoeqO3o>DVv~N=NXau_
zF`dwf=B{#Tk1cW1-}DY6F&exrwx`qu<1VNV8oHppA}&r)XgPn+C)p~M4kgBmJo#cm
zE}fhpGw;|`dS6m5eLPund}F6WQ#FUpPKWl=97%RMw0Gzl&Zu&|zq;Te|8I9f0Ay29
zz4J~isT`G+buz(7f05wU^i6GHz5?{U6ia#fBe-rdnp@>a=Tq4AB=4mAohEg18w5so
z!R(r}8*<9zg{ith1U`2S<!tb`JZaIqO}_-{L2N<&+dOg7pW;Zb1>*)U64Rq752Mg5
z-mD}2*Ie%j_Xd!peA{K`OO*e^F+YrBepoV`(5Z59+biPZ1?E@T#q!P#sPqnEyvUO;
zCgjow6I43Pra7wYbXbz+*lnl7uC)8bdZ}p<HC~@R?Ej*El<;5bM>h@oxBAilLeG(R
znDm@e-<qB`+;IVVUVev3Pe*;2o=qbzK+i8m{2$S?-Ty!6*>ULqMS8aXFX>t4_)qoS
z0#e~9G3ogV=(|$cRcT`m*d>_y?j|+kdsjkomGB-SG<SI!ibF`x&J~g+ozTr(8R;!_
z;Iv%H^hDORNvjCWuZ+}#Ly74Jf<8<5V|pNmKK2!%j+M^LIm?xze&$umKb@utNzr;}
zPB)IO9D!W=d&tgb$oEd@k!!F@(OPV%rvdQuI|!O-E@T~XnwqKTXeV5&3f1&=9HE*n
zlE)IoPE)LYUMr^ZAQ^7^QKvb}Uy+|uWUbo)>TOarRf@Xuq4bCH<<M7WL*Q9?jm${_
z#d{a1skv27dc>I)k}9h50-UCpYHH-A?+L|=pw2mc-R&3!8$j%zNDn}M7P^z~BI4jA
zh-mIrN@5%rBwV6!(ZXc~mor2P7D6v2bVLH7ciD)RyOPimNlyBBG68w9o(}D;IliJp
z`zoo90x5S&2pviQn?Pj0<lhPMeV*7cd@hyuF1K?vHTbr<aS=XDp|0jrsH6B9iWPU_
zb1L;;hC>FIm0Xj)G<2DM#So12clked{?DWQpN+%00)4c#0{zzT)(W)LnTv-DZx7Iz
zpBc^}gY5v+dw6)88gx#p`%@;4pu&qx)oxR@p*E6H;TlAIWVuR5*tBuWi8gbkQ=7R;
zG~Z!3MxKTkS7%Ry#nsN!fEDjXB%JQbxMmSjF$%2_Wq(nPqapJYRh}ZbtokMuj;xZ^
z%==Q^BTOm%q57X6Cq<lpf_;EE?@D!bGtay7)yVU%J5+Jrbzd^qiCzr7qN{^3(p`hY
z_ieo3_1@aK-HE2q8sh7cP09~jiLY;BdVplkuo0g#aXC?jmUAsTf3rSiaP;{SoM#YC
zNe_^WJ8VR8l;>~OpBjv#>^UU=nn^V4^0_U-d_zFK3WynN^0aesaJz@Iu_ACQ;{1(s
zwiU!%OMKlv8;=oD9DJ7OZxVAUe{)(Y&q~o{a-q*5lAk3A&n2l4p3@&DVTJG<D1-}7
z3r4VqOBl9Q1ZY(pTgk*a{UW28FNFs(p%qSA>(ty!ob<Gg2u4G;<@7_yP>d@aE5*6C
zh=ofXTa;87sgmgUf=~!(UI1PPs^(0wk&JSs=y~84_6aJ@NwJX%EDpo|n&6}l*_?D*
zlIB=J?a7*>lG<|=n`5P7%U!P|s(qD2dx}`g_Hkk@+X-*l239WRx;5vax(`42;DZoM
zw}HdJOX{*Y5nfU+ncIPx5laZprqk-AX~)>M%_kCv8RiqGh6;glBaBFxJh)O4NZL-Y
z^x&gR+e3U^rmA#wN`gvbQ-YnDFuhwj6m*B+c)oLgFdHNNCH~L6q0thtb^d6gS@UMM
z5jLJwI10?kR16d7N4_J0$@5Nrc=9|j)SNso)R>c}kDNT&LnYO_i_AYcG$bx?VvG-1
zM60cEd;uV)ilFt0j`boOrK6Hi2wY#HYC{uLZ3L&ZYmx|yn@xOoPEa}1uD}-1iv9+)
zCe)tfqz@(2zosfS#}|-KkJ<-_#7OpRCDGoCXpZHQ+$DnCLv3o$xJY6@scN@{sW-YU
z>fNl5atNCB<DjY9rK&dFB-n^Bz3xg-X<Trq6j*VhlKX4UnNQ>h``@EEFs(K{6E?x?
zDyCFq)F%D6+c47K%fW5yH=LdY&-}OawB8%0=b{{wo@FOn(Q|4}YkC%dePqu6IX(4)
z2zti+e?w2tkpF?6{f9)*v)d3s&r5~?Jx|a4*Yq5og^|8@a9i{gGMDpVZ>_RW+{-pP
zwVQ}G%trqpzK$v>KV)^{AZLEX#}PuFZH!F(j`*%rN%;}0-7~uzvMAnzaL}~JyGvPE
z0eq@e-BloFo!ydDEvH*D$*6R7AwCkTQfIg19NJs#>O<32ZFV;sNvr2u<idJD<Nd@J
z+m3j*N0~Qf>jMW1G!7Z=>)4Zc%9DwfNVI7+B<(c8n+Q!L+MRX$!Pg~^&^zl0wb$fo
zy;7k6kcT7nkX<0P)J!iFMw)vdM*4F8PbU9o+rX&%vS|F>Bk`95lfDWJBCiG%^4>>+
ztj7CE#wMls8Z1$`$LZ@kQY}Ab9qbv{Cr0sJ$#;C-fU+<abNp>;S@8ry$h%!x_!~lq
z?r8aSH$rHHZ(twQQ;|Ge%juIeTpQgdnPhBoB@y4?1eM0;PzxO%YcIvdHQjJ+b{`uU
z2A+`fb$SkU?B-fxn?mH9Y(t2AkPT?la;tJQ$8Oi4;l6==h^Hb+)w&XGMx7vlO1l!R
ztBL=vgbu4ywb+yqzJa|3l%snmgD}bA3o{z|>oYOZkMMswbL2nGfAt;M!v09$-!pF<
zQi|>ZSDbSyZPs4l%)-0N)kW17ii_Qam7Gl!ePLY0=Vti1;8#3}@d(*HaC3_k?{-ly
zL)GB&SJj{%Nh>Fwddr-Q(8GfMTra7M6DQ^0#X$qW_S_Y1R-F62vd&g`o;4%n8Z_B6
zpxHH)c<N(jU#YB1DE#BpMue2Ld6vS{WqdQ+ZiiCzrB&o?Kq9(csGl$%m=tHehNIyQ
z@*zgpBv|B?wd$F_j~9^^R;spk3GBe$T`p3kJ$1b^<JeO@)U>lsdRRYw8`pN{LrFTH
zmsIhVTndFl7dtbKxjU=W5AUgexj4A9m!j(snyfr=iDepJ6Hjz&FaGwpXc|W8+fD4w
zi$$om9J{-kcv%a0$*57hCGv{lQ>#Fv*9te{5yf~1Z%!2*yf6Ot_-rahp>Zwt-{pE-
zY(Uli4g>T(iB-Cm|6E`xI5enWdx5IW7hm$QN}<q#1l2Piay+#Ltmq`)f2VD;i~D@v
z9nGG4%TrF`X~xQY9dc2oZ}%{ZvS^dCxLjG=F+o{-rLFu(Lc5;|kDx|`3LDTqgj~bH
zLsnULrmz_u<dbU;Mkp8;gHTEOF0P&;55tQ0Ys|?%AiIdooC@d7f43myIX(|;=4pLU
zm`OIrDDxLW-=b$iw~@3x%G&8M%G%i$3q4<cIHBEX&+*1Wb`WOr0SiLqhuRk&LX8S4
zJj`Mc!aEDg`GgYgDg^W9J%_3b>*31ba^h*WD9<KA?^grtcHvSmh8L?5R~q7e!PS+X
z_Z+UXujehvYY6XOVg%F5*rPnV3mZk<R?l%IbP;c&&T~Azu)aoU>y64<g6VgjV}Ziv
z0;vB5hxmA$=g^>b^`7$<mqS@Q)k4pCjt2^vDDj#FA^JTpb8Ha(gO`eNU9GI08beQe
z4hIU)i&8(q$a$G|-_bwpo;r)WJq*WFKW|1qyQeP3-D!gu3yVi+Mt8fXE>`hs7U{@S
zSkE^&%KT?6$hiOJuWU#up1^VTUEwiQHxCsyb1ExEPR`BiJI#o*D{p`M<PDRR$IB-x
zQv+zS(!6Q1a%%Hr<%w@5E0Zggyg#ywYTX?R>%9QxF;3oH1XmfW7XN*p08*KMdlO@{
zQoyIozp9Bb0o086a=l}0b*Ou}eo<^qTN9pEmg^l;26ZgB(8oCbF<8|Y=`LAf*XHwa
zeum-brIE29f?OvCUvnJ|ei;2?ckr|57n@ZLxQ<<TFc4p-L1QoqE*EBvQC}{(e+)*U
zUael&jK(N*NvqdykLDXdt_lsc+3AR+;Jx8CIoAvKcoIsEkR|U*3JTX|z$^KZiT~!2
zj2*yEm1i%(k?@`}Yu{xH)(G<)fkJ{+x{&|e2Fw-shTzCQ81jUE7kWsnmir?ZH}M2w
zqM33`aPoP^TH$KQs7T1?CWU6TD)RIwj6$Pf5vnmQzGX*MpPm#N*sA)BQEef&)3K2e
zH7kZDF_Dm{g)IKPZyWb#cM0EO+CVBCI*PFS)m8_DpmBF0ny|3T1fx2o$j3VerNXnZ
zK#1IxQYdvN+RK6k?|JG{l6G4E>i}%ptjQ*69Z9PpF^1Ki__Hw}?Bpg8?dA0#bT<)S
zu1@GSHfo$V;Np93onTSg8*txR;VCc#>x}}K&~-!ubH0igiI--$u(~~g&>^;pA%GS~
zdaXE$wp}n^n$!jT0M{Ad=IcOkvbJqyB`V4qL3x;M_Y6Yr>2^<9Z}5HZ=%h?9gshFO
zd{rw>5^?MDRQdw{so1i!p-mf7Y{aJ6@{$$XxZX<QJ-wC0QOQc;?a)O<ac?uwOK~bj
z2zxRuZkxTLxY58uj5##ZXz%(y80lmB;FkFTk_m0F`%x@Hq07S<;Cr?tX*m!B7R$oJ
zAQSuzT-8Jqegc{X?g1H<t~rEm3MHELJ)2TV#!lBQo?DUYG|`?+BAKiCoO;qmv?py&
zTuU-nb7}I_kDg~@kvp#fvY>@3jQjPBN_Uq~+T?J1fmFWX>*^T*?d2tq%$NDt-ABPO
zzrxd71}+v(G^2?&IGIpKwPG7=Q_>t&6)~Vw`K*uJDQs5d^=vlL9Mxd2>a#v7J|!qN
zFbd^lB^sD|5;~+eETUvFQ(DEdodTOIMl|cKkC?k?;wgi(DEB3PVIRu$E+X?+(fK}H
z$1JOZ6;qTFi%_obJzhB1x2^{Md<t=!e9J&j^9)RhY~?$V7_8`vKK$El$UT*4F$Duo
zxu+D&#2elB7tFMjx$hOu$Q5zmAp;qy*Cv1tQndZ){#;O3gAgrj=F82M!r#;gG1?3&
z!9|`!b?Li=eCG;E`C$veRfNVUS4)VlGU;Q2)<=SNSsy+-VwANB1@+0U-gXaMOdwbL
zg8Fu@Yl5#MgbM20DPGQm?VhsHA}8ldhW=+bQe#!?m_j_|Or;%Dl(jbKr)byHgXmt*
z@oGq$R>%PU8~B?V$dFdZ0RAgHhwIX7g))<^EZRoOk6Fz5glh<mA>Qrc1|c|*MaL^H
zsJ~Y6@|`o?5$f>yweZM^MR$hc`F;h)b!cvC(e|hN7Stbh-%&6V7r0erEwL0FYA&c>
z>COrsjj%^8sNdx7SuhiO-93USTn#Du0N%D&ir$1DokV6=^L+gO-T2cPV<!1r@+9`|
zbRb`_i?qitsBbr~XF>fYSHFV#!;1HW1tC6S#e2kp&~tf~g2T<99WFS((sfO6rv;&s
zg8KHZOAG2dxe|lr7KA?A#K*39*I2}4#xpMWTV$75c6q!vbopEY@9QSs*8|YkUS#z3
zEkfuy1Hmq5uoRj49PclaV-ciJ!A#uV-Ak>A<Dbshl_wl%va;Jc_5sYF<~d+FG;>uW
z^fVA<dW*6R*377~kxM71)zZ1S)zV3By>wdm7s5g^R)yldypb_`Me%6K#DeV`8T)J#
zph}s)vzf8rv1Z1UvAdMC#d(mOb8)sfy`LaY@9h=Ed01w)(~5x~WrBL^?y35g!L#p`
z3Gk;3SU3Gyf44%Qe$q{1v5wtEd?Zz+F91{5d?KG0Nmf!JyU%3h2_NtLj53edltdH(
zu)U(VP6{6-ZA^i@B~`Uz!95)-?24^eFjdDQ^R?H;TeB-qz^BQ|Jh+;3XyBTl`j#bw
zwpW}i24mxcNmYF>*u*Fj;LkdcOLV{fkQ~gC8(}b9t`gdTR3LHXJT*Z{breiip2#gx
z60<w<F<hzG9Iq>h*{PG2C!psu%Dn6WMDy9ixQS2+^KJwv#sM%d81in|29TMGjF&6r
zQ@WH-Q<K!pbs+CL5pAlC;5}-l8$GqpGcy(`-mx(VRlr;bZ41wVJjlBSs8J^ZG1ZKK
z;>!RfVa>gqu)bFS7rtU~rvizVOoRw^f_k}bql`V^q#~sU^_9S%#S5Al3r!=wnRzNL
z<Ly+Sb_gMn(uvOO+k(nU>SA$il9$4f)kR6nj-9ML;V6(;no~mPOrmPV;7sV7*{ISo
z_&G7V(M}Ec=gd(OmpWm_F3lF{-fV=cri#shl*Bmk>?je>X^sM-Sx6>UyrV^mE0IcS
z4Ih(Uyj4(mZ7)vY#Uhl4#i@yL3KS6yhO3M{5WEOdP!CLrnQ@6fRx+DKCqxs^^peb`
zXuDFB36#C9puUIVy;vj>R=n*kAeaPgijpA=2rMhl%zen!-ZS$cQoKVr7PI%s^*7o`
zpee=z3F^f7AWxR+foYCa573zZ<;;pNS781Bm!xwz51>s@6W}lw*JR~X;EXa4Qf`&m
z5JLL2awwc_<PsctBg`U^ysw;i%58-DNVuwy{fhToFNA{s>?Jf1*Tw4pkGwa5lcKs7
z#;dw#XSqEriUf7gF%D78v<uD%;<QY|?a+-w48|ByUW{lG^Hl7XK^-ZqE}<w&Cjk=j
zjL%8PLZV5=L`M{m9#m$=br_8raRFTDdhG(D!z|GE|GVehs;-`eMe*hPf1f{_>8`r#
zx#ygF?%8e&%u0x*9QEZ4_?qM_@R9hNTuSC31Q!=-&@QSY*7>TEWCDyP(2_4?w#R1h
zGtG<&fuZ1_LJb&VNT0z)w})rQk~I#p?b8yfN9u{MipzaUrjZ3sBSA&95Udx~#k&HV
zOM&ByU{ls>!z9U^JrxcDKk!PD(zAgqJ@q)gVja{xZ_)W2=STg5%Ac}b%c*Q_BLg9Y
zfL?ILe6kp>Ipk>nkRXHLuU&YOg+52g1b?^%@q6V2Hxq1;gbTPr$|CioY)%6wW>U<F
zx~9~KH0qR7e+iH~a6q{9u)Bw`fV#N`)^OPrAhP?fglmo;>(7TG<{t;-L#ajLh~r{8
zCa@fOge+%3-s~_QdLX3V%fA{9-_a6enR$>m)SvZCvssT<fZXQ-xdg@XLX&e!i5Bd~
zfx`NyVSQ(kB@oDGmGPCy<Gkhs<_1+qufvayie*#XM3%jp^Dqv$FUPChfZK$C8;E0P
z18#Khz<}$^v-<(g=G@c!bM6;5Bg77T9pnnwkPO*o+4{58fQfTR7BI$u!kS0e6qfI%
zu*`nxDdKY9MbSc~`vRhUR>*}z*_?fn(leDT{nHSv%}?%CN}*Im$=X-RT`v}L_TE7>
zeFzs5JqppjH$sw@S9wd*Q`V9AUkfG4nlS=INR4P0j*z63iPEQkge~bRJ?lt3$|>Z;
z5vVf5A;n1OntN;TPT|Uz$f|^Mu)(A<#xKh-lOKdW8%RS&g!9+_NC<+4x(N1~MSQP0
zVT2^n32EA#&Y_!Mcpm?w<Zo#zzt$3X9duTKH>tj8hil~nNor`g@_{ZFH=-?2LVPU|
zU&X@K2&pUxA{k%+o@C{PqaCsRTOZ((zUu={qtwb%i1v-)cBUG{Y0Pj&Hoy)ei5*4U
z56LV40V>1qt<b&D%|)b;F`SyS<&b_HB+xJyu#kRkY1kMNAWi<Nc;}*T2lPDwb;l04
z%a7`tcz1y%U9ekD!gqTh#a-qd?3-iN54!wpNm`tWT4?ibk0?S7_!BbEt)%)nXnzSx
zRBiTz^x;(9k`C#kN&}=RrxM)k<B3J*>08uYJHV}fNe^^=Du1%)aoDJPpu=KyN0-0t
zLgCp@n|FGs{9;IdYz=y;;67Vj>f@_cg{ziR8a823!a5$!{2l(bWZ6R0$Gk8eAzm?+
zXn#D}eO5e{hkWa~li?bOA79~eSFuWA@%^2t3#gHMiTl-y`0B}#T&kT#ja<L`ZKHS#
zxUuAEj@ub^q;=<I&=vchtHzz8#)tuHym^r$jB^?x@t@}LZ(N|bCXY83=mK9KUm%$+
z1>A7a08)U}1nH&kmB3uv7Avb>UL^<28e}COpEwXJQ6D*xi|c>nLkOsMl=4BWE9}3|
zSC@8)jlQ}xi90<!()Of*<oVMH+Kx2GyQL+rJwj~xxK&Wy1k@A)z&U+(eq%LqTPT#g
z`Uxb>d&WD|MGYxrURjz98R60$p)>A9M)XTmKu*zV^X?pKo_hh6U!!VE4V}<Vo0B>8
z2^X8$LMOD+<{dfI9Hk`hJw=v;{?gqdHHYf7d1p>bP5~D!jX90_cM8tUoV!5q_)Y=e
zqrwHFNO5&R4k?4V^Y0bZSiJ|fzwZ>#kP6eU;n3Pa@hB59qNQDU-xUZ-`^b%6&Y?<h
z^A+2|B`3SiPg}`77o7}eNs7le_%r$5Dh|anL*_55P>iY&C*oD>5p<W9NK(MSMz9h!
zXXj9Tq%Mb+q#0w2$-Un!aTXw`KgNsN!gW{(+*PnO3%N?e<B2Vt-;j~fGd$myk@cv$
ziO-pl_~$30KJ-kn=zUiEW-;W3le1RaxEC?wev~NQ2%YguT%svI7pq-K<(F`^TVb^y
zcdd3apnzEI-;`ul`-}&~Lf<DAx_~b<To#OLJ+NGoz39|fjeF8}3aD$dsxGLom)+7&
zbREC6<KaHh+_&er7{uHX!HcZDUP&61dT$szAoZR-77CMiQQm+jyC3aiObGFr4W4i5
zI_#lhr)*DWw(Ugvf9Hr7(xELef<3Mg03o5DIw=mWpazVOb01O$!vpqnlqZT2O^9BB
z6SGegoWQO9<6vE;f5){h&zyveyNGWD7g8g)%>DL{;_VQKk;IDz^W6pR76pb5$oE&B
z>pqpg3FbbVwNI-=)(+qR-p*kpPI$D^IpGEE;~l&#xBe3+vE)+MC?qk8VFQlhtn($Q
zCEz~cfsTC;QBL3lh74}rg9l_li?0A5`W_(BldlRnP#8IoFT;UI8H`bIr=!J<&VL|o
zoc6VB+#u+|hwLw#5x9<>a0s-P>}5>p-a@o(c_5K%Bt9X{n6(AA@!ZsG*Q)$@+@Yk1
zF&DuJK<S<so2}G(CKBz=JpROMp9zx356B7{kH__Q_aup)AXnxFS(5BF#^nvzMk?2h
zmv49n<SC;+ad=7=+Wf!5N?IO9bm<(EjV{AEkRKWYhpw}T)|vx|a2C;?%*k56|2S?y
z*iSeP*01>z*ZNhB#r4Y@5L1SqDVYDZV$R<A*HsB?{P8YRRQ#-w5G3j%tIUxIG&3k-
z(8?Ba&&F=hi5y<U2<x3me<MO+&+!9^7$N;QU8YNVQN(zjm(d?M2C~IbF4Z_O$eG7y
zFI7Q?vit4vRXIZUVAHlv&mByAW9eNm;DJv+)Lbp$>Brxh96uj)26%cjxp>0|);h|O
zc9e?oM1zZ1#P3>JBJrmnDeI#Z;tt%;kC&y3l{?DWc%rS7kLcv(?}TI5!#~2i%QlRV
zBy094H;$ZNeB?OtVee7k$gscSET12JcpO<b`rm{jU4Owro<2GoNAiyqjy&FT2pq{?
zCu#s@By+CEGxDEC@G*f7D!Jp&jDeOQdH0_)iU=(cJ!5{0G@gsoCD6k*s)JyyTp*G7
zdY^L=vzmPviG{yrjQ|x=Y_wAAQDP@Ks-uJ5jHQUuy(LzJ+t`QQj2)43=x1L-IW(3Z
zdZVN8z^kDKJ&?2>PcnAQltngLl?k-s{GYbKjvxuU-41-T$MvWIA2o_c0*w)fXnEMb
z4wj?D)&{i<0hpI(Ssuz<mIthsz-llGUacOh;Ra<_Yfbm9ren1ocD3(ewLMwYlKrZE
z8>=<g)lR``jak*!xvCAK9qpq~%V^sC!bmk9j8v$J3hOLsbufksDc<ehizG=;ht#QH
zw(^nqk{n6Ww<$fRlK4N1B}w0(DnNe=Kg0cU;e~v!)H-6vgKxrA(qt<yV`p1G%8?}4
zN2QEzbPims+jA0$-(8Fz3q_y>jZewR2shF5mF_DR|4`|^AhwV+QQ4f`%=<bX_GNx@
zlO(AI+nYX=w{m7|gf#`eT|hLr9=6HW(k`4YM))ltrRzu&(o$@$l>;NVZSjdp_xDM>
z)5m|!jRma_ec0w?YZrXGoy7kIU+Q9I)=NGyDVM@`gU^`?r^$zWlBBWdB5DBsC>2FS
zdl40JJK(oO;&+Hk#uzB^0UOQLW$?%3g~BEvP1po%NzVQwu23P|lDG-*%Xk!SDbhCq
zc1=hp%Zg<Q?)0PvqS9o*AQHdr5S=w(XN}ky$Fbylf56Uu4R;4`YQSCq8BL9suueKe
zg9&V~9UJ5%l3XbooCysgQ3+Z)auCcCjpP+LkhCew*pxtkwBk_P1wfAX$quvxm`sf~
zmYQepQ6|l$lY#yhOc-!5$?3lriY~m2Rn(HH4)&|9Qi<KY=-1R>6h=88!D=EqmDEHo
zoecbK!6^fGwf%S4)v5WmUsJq|=qn&@L*2DQXn(KbKlTX4Z@Id&OGw;+_&Bs7q)8G6
zHfqk6slJ+jT_)oW`jr-NIThuU;>8L%rLH|D!=hk^RJ&xdbX_lFj?VwG7x6~hmA#Bv
zCH%bBGckIW(sLHkZti95;j>VHzp0lCVO)Tp-^*C)RADd<%9512{o#p9tvr!vGqKP_
zq6K;x<5K>jld2Rpb>Wn1($o^s60wt&+8iY|t!jB~Zk4h-t#7MR*gB$(;GORpDoJ#+
zP3mE?wuRjF;!q^@Vx=}m)3*^V*~6H%ekkXY)|)-T%PGTPm%ZR(u-YH_Atao8gzLH8
z+h;wI1OeFmYyZ_aHU+FXUK{_++545A<H^#WNw%HrrITECGL4b=%Wy}-aY}b#Y-lCO
zHpJXJR9FnCx&_QD$I@uP5zBhc%hzF7bQB!x+r4N^i=Jpb<F!4xHhB4%t2`h%X@BwB
zUSZ<_)iO);{&Vg<@ULFZyfI9e8pvOeayjDw%H4sUAjnTv19KYx8?5~!Z^k3BklY)W
z0b5A?R~{HH(JsQXgF>|PIHVj`KBArGFcz^CdopXaXTY^O`U2KZJsFm6Ji5-s*(aov
z$s%A@?U^aJ+EY&8l##)$2Bv;i15Wu?Pu7$#wx|4#ET$Yz+f%+cojv8V(|xAgo*8ia
zfHOM!0@iJ^@PU+N^nuhi9E1TC5$$8wA|p@dU#)d`O}ikLTsnC*htz`esfmy?AH`Sj
zIC<Iw2#BA`F0Q?7EL^H0+NhDKK9Ud6O?m@zN<Xtcx1Bcc5>A_1kr;677JGScu>9**
zsfemxPd`7zmnJ*Dh1h)BS~=isQ{`xe{yhx1-`n#C>rzggiWP6bibpiA-rN~|#|6^{
z8!jYti*wHVSdZJ-68M}kJaq>q=aCg>f6kai^Fb?%7nZ<Ynw)z-%E$J>n6|*ai!la(
z!O06;Mfw~tgq)B(-c_W}fkP0EwYkuJK7Z14<mYp^J^Dz`=Rf^##H%y&4u3u`$U9c&
z^X!B9H|_KKVCVD8#UPjFI_Go83+GtrafI2$dhA2TUn|ryqr&lm>#K&Jb($<$(d3a8
z{-07=vSuXRo?zFVemGCCYp_HCt~5tym#Y7UgZvcN5jzQ8KN{a+Y<Z1WxO8a0d5bY?
z!Y;-FO4k;m{q-%7P&A?~<1c)>vg$^&>t4%?Jovs{cY#wk%wPQcefK2tPCeWtVCFAm
ztQ&^})9Ji$$!^Ai{x<8Z6!5kR)Rv*r3~{|r48iiJ5jz&k!V}Wgvg*<RTGm^>CkQX7
z@PF!Cg32hDl7B+5!BNx%8wKde;^2DW=hkW)CiUPlY9I^HgZ0)<FX~dp;3o8-BuUFr
zDu~`|-H(3rC_LjybRlER(j=@jj?0Hc`_;#cEw9Q&CCs@=#;m0u3zNc~{7Y?)M&jf6
z^BX_L6%-Zcxhrn47_(;C6@yO2wfy-ccz$MVc!u$Ply<M^x#JJFqED9$j+VBf>ijiu
zVB*lRI&%(b^u6Q1aP=OP-9}$f!HI%;(XpfQKudM0Z3_Lr)BagHxc&22kWww^)^HXd
zi8m#>H2@qza(QqYV2q4uos40{=W~&+kWP-Y6Adnv=xe8VO5fj)>P8Prb*{w=u6Go9
zKzb#JIpsD5PH3ijq`oD%h7U$#(IGB#l)WGSdG%rU<E5()w;v~exOy<X^576}_$5Gm
zQU>CrESMn0RaIFqFPqy)iZ3rG#Wf|Q7~&DEaJvIyYSt;q&R;WT-J3<JUq39Ro<Cle
ztS7n|OD<xrz@{sN3*!ZH<^a~N^b{@ln*OY^>m6mwW~FEBg5gT{)zLzwdm_=MBGtn3
zs9U(CN*QAd%BZ=i3iS&$s9)fZlee$J=3kNA`h|OeXxhG*ilHWR{;wHOLGTq6=;Mo~
zb#TmIpUy0c0h3RLS26}kfc-34wGvG<6)Q0(QTa;7tbc*zia{=@mZy_3@+JNUDPxX3
zULMdS_yNG;yvI(E9V<ZcAX*0Q$5+2`y?Q~s`g)c-fqH_2DJ3pUDbHZa9VZ+@)Oa`7
z-Poi|W0I>eU#79z6J*I+DrFQ|s2z6u?^oH|IMFzoSWiffB|-*E1fHkk9_F${@NIK%
z776@$%;Cl|@=z12OuNO@fyS8aT$&IpL5#f6BT3dLvWv2$jfnaW=eR=#bCvGG*!72t
zgFC-p9NcOB;^0OO5C`YPzr{@J7IsKe<fA*pZK|)&Kr|`L5&oBF5pA#3-~ZD0xES0d
z{Z;h?;T>x4aj&W$2=7pPkK5JdZ*vkqqkCwp*y9d0ss=Hti^ZsJ@#6U+Yq!8e=6Jxs
z-J*PO84VS;dT<%4sP*6qFnW!_0CIG}v)=Q#(fYXK564YMA1_PRYX@8*hQ-1=@z0+B
zBbVE@JVTes-wEg*l>0~F(#LTkJ7p(uu_SuA(p?z6Gy@^yxWhq6Kkg93rpf()RQJ^b
zsot6657D_$tK~9j*I_)C6X^`(K+f~GC2#o_0&wF1Va)lq=c3f-2+|=9$kl%%Wjq0l
z)rqttePj?m=V%a~>aD`Bmg<pZRBxyHYV?+zQ!ls`?^1B(O}yXa$`y`LBe`@1<Ph*P
zYTOT|VShIsF#0m&8GRY@q^$6!>qZ?8NA4cQspz1Kik=g0d1ts)d>lba{`aUz={_}j
zM!bzIgGlH24?IFS77^OKc(u%Vy_6Z@&O1xuZHvxSx_8CS0T@kmMNE&kMxcTcES6fV
z*h=$}{I}9w6#bRbJuJHFE1wwA=D4Gw=Rb<re<64Q;BhoMmXH2K82$0?$mc6k1sLWW
zt;sCy)Z)Vl5#K2uocvQY4{u3%9^Qq@@#7pj%!`kJgnYIWE`2c{*g{b0zUhQZcVvZ2
zUu|uHg#b(qV_Xh3z{l8H)X5jqj-dXp!6T?gpWZ)$`X{hh*Y_!VYukL%+dOat^_L89
z1fk9P%|6EF*MIMM#v0!K_kFJYH}`+2&!^Af$Nl?Qwyi$T*wrs(+U0+5dx^0%FJ;O-
zE509iiLv_Dqwi;Cd-m_QUS_QDm18@X!+q3$;@{u=^Q(d7;XYgb$=GNAWQ@Mb*pJ#6
zYux_t`^5gu{U7S%X~U2E_pxkyWgBBRKA&lq|6Tq(W9y#JlzT&bANm4gCI4jX?N^Vk
zpYOkr{rjVK#!lFFZ0B;g&&m$``*6os1IxpGIyxB3d6}`xUuNuros3yK8T-Zi_;G*#
zvLD`d)_rZRd_Mg2rN>sl<!!mwo$93Yaa_Eg0=Y|dT)gM1wQow%?_wl-qyfX&gY{0@
zq0b7Ov_thG?NEbAJM?+Mq0$anH+h|K@)p&J-?R$^6}uYd>kS+CVd9`^vbftaZ2SXa
z4$SGYxVVxU|G?AbO0cGy7c;7>klwK=F96}2n?-!%B)wVPi6NGlR4`h~pI~66$Q(FA
z-O=S|7rNsq!{(@|VSVKq9Ee8@BxFwa*ds76PCI?(OpPZNRYFggpHOu5b?7Q9OW{a$
zM_16FxDZngu1bWOcX-04!Qag^&-GCKADAxbDQ{RuIH+5_VI2TK)h!394pW{+nsPi}
zI)>Bk%?Q}8d;#K<?Pv?UAB_|Te=QOiZ_MO0ekg4IqXe^Rm0(sabhV|X0l|KFDK$0!
zF$V07pC-+_P};u=^r(4g${TJ(R_FzQP-T$@QZ}bCTMwPc1lS8bbWK)XlM^`ZZV(~s
z<p&uHn`;4K%-BO=a|4XbR7KeOJdRuDgE%}@gsopMBK+sqqoUSuMXHPL-Gi$s#lcnO
zIH2IeiYR<c)KKkseySTHEL~UasPy^+y!hN-lL>R{F~vFtr00}EmVW+(69YUEq!2Rl
zLz9CN(XK{OcOC|$Uk~T|p0I8uCoKUvdPvB~C*R#}ozED<t6M=qf78j1f<88aE_r&5
zl%<?cUSUa6U;e>)$1+Hp+=;y7jFWBNvBRIReJF>k8-S2wr&%eugwwDcgAGKngeV|x
z$~7R>88rmbY{1Aq135sX-r)d2MI>Yc*WkI}8vI>q;uW{X>@KR$X%r!`4K`;Qc0~>(
z#^ao+0Xb8ok?J#Rs5$KW_^N>T1Xrr^0ZW3LDvrpzSY*XdiY)nE;#wSWl~qEpvg?ru
zAX`ys*xUfW&6V?z7A^-ONGH4Q#8Xem$fqVPqdMlEGa?DhQ50+-Wsyc<3ouj;YJPBA
z92;gYsx^zlCL!za61l0I#Z9wdsj4Dy3*O2$AXVU7j2Z^ow2Hs{@pCWL4P?pGM|CjA
zahT&34dUuA&NmQ@!RHaI!HqVV9vL6$Ne1skK9WiUc_1Gl)q1%Dy|OupY%bD{Tx4E`
zi`?YqBGed0$JunUBQ~5ad3qV%Sqd~V=>sV%zjHtO7&6YG59*4Tx*E3A?}_cSQEaCU
z(&qkNcD7T2w82KPo&G^SbQV8rekN&;Ves|W+M=V>W~RdrswQ5iI-ukL+byy!XU7GW
z^6x?uPWXVRSqNfZd+~hc+KWNZq;ya;Iq43dw5yH^ML0$RJFj;m#~EWY$Z<k8av)V&
zKTb229R8j(;C+6!JhtA!nE|=z{=;z5*ACA`8#9#O;O3$~0xo(@78hM@$61KY-r=Rg
znIw3r*mgN)iftD-Y9SWr$5GdKj)J2$2#(swIcf$;AtPz96~h+pTL@T?pth2*T90jn
zq?C5hLZnq(OztqhED-d?YC~WiU^P_}8JY1|BDR(g`eCZSliV#lHy3cUH0xT!=C$qi
zI_SYQL4Rl1{AnVUPfnHs>Q+V#RX7<O#xe_6Q5kdE(JVWsbwNp3|0Jw`z)^qSt=K2(
zy6pzzZA4$)-xm7=w=MQ;mn~LvY_Wp)CAcOQETwbWm&u~#|Aiubmr-yfqCJ}yicYwz
z2OUPWN7IZs*Vh|$iRABMVEkF~^!jY!hZ?ap)VRzie9MV1PsAGswN7KsMiM_CRJnCz
z>BlgvW@-+L%C7sy{Ry>aBw3Zf_+(6JDE#4q4K`;5Nd$L8$4jo(?aL5Z#<zd9b%e-Y
zhKb4smaa<&m9D?J5ZK+^jASjiS=GQn%w_kZ@S5d(fHHMQnlYt&SF}v&-V&RH%6_;o
z^&0}HX#7uJc?V<GTH$>g8|GLF-cK{8_Kc)vu960h^7AxYT-GXBOqQJHY<XH*5?fv#
za+T@GRVver&97gbW~`AN`oqh(%N<FbBmE52)}h+}qJ0n6&#|1#7a7aHtN%moryTY5
zeQ>8qM(C;qp=*K2#^=jq;{!K=mYh-{e3f-cQb?~Zb$Jj}mu6fDs!KUeo-7K1VIy9;
z18oC~t4m8lM!Xa>5_)xMxpnDqSGK%(sV$P*X>?lWlf{{9Z|9T6S+^32Jfpbft-Hy!
z<vlV?lKO0S*>QchVd(}aeK(eF%#>c2T{;Y<v2R{s&M-;R@4p^JEhQ5OSnJM{DCQ|n
z&lx!IS%7g*#osdjg8p(wycBf`D@t*nZDt`IzemiCrO4xtg}p1J=TogMHb&UGb|-HW
z9);>q-hF<=#Ic3UUzcJ+>PJd(yZ5O*6RAFTeOM2!i54n7XAo_;EJ;ECM@r8b0kWz&
zr1E{nD~F8XIR4?sbjW4Z%Ob0sVL$aN#==H$4K?Pj=fi(`2n@e^d1O^^*$dOm@I<CZ
zR@pK^AzAt`nDNS^H#@^r^B8F=2jf&#ymQeceZRU}Sf`lKdF@ws3+ogUI<F79{2iD?
zOjxJX=5}yS%n#@<q`qx_tGy+-3NsTIF04{|%3~2X1$7Gwnon-D)2%H=8k*;(p>9dC
zMj~)S>Qsqn7t4}lfg7Fv&#xHHB@T?QUXu;uc|`!@fci}Pa-Y&OQDDIpj4^*3|LVel
zV*^~dji1jVs}RE0o;1P;cuR(@RQZslBnlnxqTR{g{xW;;YYSoUZiD%PLqf8;A0*H2
z2g#BFAenW4UIwhH^&i4?epb9Ktba_F$ud8p+-O_RC)n0=zRcD_IWt^WzVVAdZm4uw
z&nH?t`s5q`8W?6rgW)>5Qt2*=-lKF6i|YJ5e#jYL+;7I^{bqd9A!l6g%$I0^j75ES
za?~%fRzn-l7_)o@Xjv}?1GXj%*s;Z_QNo~pLh6=>w}kbNQ@*hNvCHNjyE3Fsl^32S
z4CA|#kFL&M?52Ex-tvO5{;|?sxcFKKe_APt@TXqKR=zjOR(`v+6SgCVUTZ(k?07Zq
z9nVdz%lAr>b?rekrB`H|(kIXsuWcR&OZs#9Xi1ksY989r{}Yz$C)ouvW^@Tj$uXi&
z>1#v}>mNr??`ucr4+nFj&JV%q({`b@J*c(L=%|1ZFNMQ&o0cG<R(Y=;sTZ?#Jb!93
zK2x!JYC;MyJ3Lt5oqXdgNrJnD*OT}+^Ta&`Cpd^OWEIHwuu8r>Nos+B7tpnsa}#0n
zrwvB1ezHuo898DJ8)Z(gMCmSx7RB30{Hz>)*jG34O<0PZM2)%z<)R|8x>?->O_9}G
z3Z5-!C-JkqaLA!%teu*3TEn^(HiL~}GqNtZ`bW6w-3=i!bq!RnYotbO9i5O)#$L{<
zMol<~gw3E5HesJnepl3{P#aRSQsYrLpy+i9Z^Qqx7`)P5!l^{*E+nhAR26(mnmY8=
z5aMIR)>ETyO=@HozsQih<1iBjqL}Uq<G%o|!{MY3abmG=Sf>Ch8E1#pjkH-wkt}83
z=b3f<{km(K$xpAtN!^lTGah@0@wP>a`W%2~xevf!cMia@A7L6#((gQq8l_|SimLfC
z1>eg&Mzm+rE?%?lXB@nBYxwv%uYvIR-$AVDRC(cv4%1Mw%f**KplGlW11*E=Ks`Xs
zSR*y(tV?#x&n`XF>nw5M;@g40jI+ZlXUH~xxlnfT7owdd+qV#r<q{loaYBvmxgPl&
z>nS@fafKb1_`J<|>R>9MB8W6@m5M@YzK0559dctn=S3HJWoaK-oX=U29f^1o!)yqe
z1&-Lkb_~alv@RIu#+IkAMQjOzITT9qj@q|MCDwyjvrp%8>I6X6vko_|-rUDL&bZj1
z+$XH>?$3adSAGL51F-J@=w-}$NR}jH?kcsHRig<gdObDk64Z<|IE=yO3X8?0ZUQAj
zuz{Zp)LuC@32UGNJX6Wx2Qx&y3fX=Cu;NbywNA1sVTVdc!d04|me5mL1a$~4h=|s}
z>4Kuei6#+&J{UcW$_}u9aB9}g0{(Ntvs8!difU^PI`4AEmfU`gV@R+MQ-WnB6W1`t
z#d{3Wh~wYM@lv0-JYq#D#%XLU#XyZmN^QkSr<m|s$!(U**c_|u^m1i*nk<7%JEZLX
z@<H?`sc-R3*U>(G{hEx6XM(l_+i}=+4auRdH~l8`$q$6mYD{)GjnlS?zMQZ9n6cEW
z1Kfw}Iv;1$&Ax!Tu@n`~6RZ<CB(7P3n`9zXxuR64oSi}>-VIP$Rf>6iZ1`?0#RNYq
z#M#h9mroxax5xza4K!AiIvVI(K?8kLNSw%o3K|dsRnQQH<p?Xo^duKn!XT_*fEEfX
zKpFf+4K;@;qENxUj08;`3HtXVk0#f2xhs88m6JXQ&+<~AvpjkaXRa*)$6eYIY#8Wx
zk7w`pd9HJP!-&J2>wi1XiA#VAH;!;l;F)9k<^7Th{RBIyhdPt7lZH$uYqCpUI4@fr
zP=pl@uL!8>rwAw?L=mt;C<5Z8w!%H6$Hfuc|7FipoQP449$U}9<LF|I_9>sr+al&e
zI079<;&0RMKa(-0Z6~Xn&7r#5d<rIKqH0&>hK=3HvzH@JU_N^nt$@Vd%L}5TxY+hc
zF>b(QsR?%jE8P>LBbDy6V!M=D`K;J`O0DOt*xRY0O07IG_Nr3rnHXz#asVzY7a4;_
zL2i)8MEGXxuh!C${d51^G7_budZji;i!HaV8R^^?<ZS+`j>E0-Nn)7Tld*|UcHv~v
z-^n0+O>y$S$Nbj%e7=D8eM)`0zAry3gVKt8%v^DvEJ;tE4tw<JL^~73gVTw2itKEk
zxXGS~TaDOduewU`S<-ixJ)LiI)F`Ir#WK}p5DN@H1z#UIVw@B*XY#{c#E3`%(sTlP
z_n_y?_C=HQchud&^TkG<chud&^TkG<cf0&;OL|?dFClYWVMw1VQFV)l8o~8c_fd7L
z2ldhAA@!+rL_aA&nuZp}+ZJ5_;-c{DL80+<5E_MF4~mYX)SX>Hf5N^?R5<p?Pw{T7
zsys=0@)SV)ZI!Q*_(gdfn6W8J_m#2pm)FQj&rWg=;jrx4MYQ8&JF$Nm$Xs4q<~o5N
zr>pbC{YyryovK@N>Eu}Jf>W}9z4uB4_N3u9Mv$g$T=vzsId`i@Yxs{n!Yk=?bypXj
zgkv|@`RkYW6JayC?T^(v06ss+1DQ#%-s)2<qMu|9&E??O5<6X~^=Ps2kl04)DI)P{
z@MRc@Uy$oQ5&%}AyxY2<BnuupzmM?v`Y-{H8d=%0U+KA#ERFaiDFEJKRZVixpCC<J
zs5xwf&t>PyM%O}Xt=wNwytm)8Q>@$jJ^QA0UB73Nb!oq6yRv^O*+17=<NMXvlKoSI
zxPzl<^iLKSw*#9CBuTQ?_N#oQ^%v<deKuIj`xVJgEy{jSkh(tm!PipX&3-U6H9h-5
zQR=+x2g6dOfz3H^>2o4AKKtE}3_b)JWq)VT&!~=xyMW8sd<D5oB{gUC<uY?PmnjN7
z?nD5=eQD3B?}{y|SLn~4Q{NR^RPT}9mliUIj^HF97|nXBms7Px@SKVa&lxoW^jEK{
zAM6OY1Mj{Gfp-CS<lQ)RS69#uy#u{<^G@e}ys+HHy9>q>L`%q$6shdJWn@_29oEyy
z8WjoR#3C;Hg$+o>!%N2B!z|E}zr&wMjdR;y<o(S%a^x<^xm5XDw45}ZTWns{zPX(r
zvwDjbyklOqd2<{5$Xn21UiHA{KZzgDSZ5Z2Ba=@eORpa)NqX~=ol+NLOS<v8;_nQV
zB(-bttv}YAFNEul3!1Gwr8$wBaUt9=T+nO{RhoCCPHwhFD9wA|tY9vXsUB-zR-`xc
zw{WL+{}*`!y(qnCsFKZwVCv``5L{1<0$3Eo$MM35@m)fuYO|ag?}i7J-wx@Smm#%<
zMZb>=i}iJ%U}dCf>IRf{*rGPQOWm<!17Ft*VOiJn2YWW~RlN`v^^fZAF8}r=3=!!m
z+Wf93wG#MZuT1XF>tf70u8Ygp!~NT-*5*=3-L?c*bw&ZQInq>63GxkzpI?aTE27Qu
zNcIiL!>QWsSvU@KqP+eEqJBQq9}axms9R5s^Qn26O!ecbF{hEL9yx3VSVYewO}-6I
zoak%nZk(3055K1F#(6pW@Gd^F9@oUEIciKupCc{L83Qd%DO_ASWlQv@Q+5%};xfi<
zvO=_XBuQF+G3L~`+}g&=6-6(ZGK^@?V40#=fT~-)Ast1+Pz#En7_u8LO`_XC^FiAV
z#kc*Cz6ylG)E&xgvKG6OljY$WNZSpNCeM?Oe{oA6O>-%KlBH<||KiRIvyBv=@`+Qu
z-8vsm!tG(b**Y_w@#l7yb?svGY`BlJ=AYzcr+2%|t-d<b<-f7UD>=I^s+<&o?@IQT
z{H0%7r+PU(2#m9Hx|sl`XQ?@w74gk<=yED=V>`9&B>sC3YBs1UBO_L2xsPi2;(qZ}
z<^AHTPC69F<@DJe(u4d^Z>{#ieV%qcw_j!Qx!vRBbBkx?bGy~nv5j`b>~X^J(8`e{
zK8uZ#P_3ZMv4)y+)+`uJ&ANJO#u}18y;Nj9&2fkkGML?NXE0lACvCgJN!nJ^Cuv)i
zNZOVGc7s@nhJjY%NMBl4dL*fSV0G`sn?Uh1FOyR8ayz9YW=eQ;9;STYkCV&3jgx%A
zn?1=X_9S1l^@uSiP1{fUq-pzpy3Zt0ZG<Tq=3z>PzO(s4MXYOWrE;gOVtmKR)%LEv
znkY&%SP#GhK>b`gc{PX8g0rc)NodX#YQnRmHXA|ktj7UCyp1fo95jc#dX3Bp-AT{J
ziKwsC8#40nbe!kkZha)~g1rq!c%hw~?I-rCU=p->kR7xrqy{AvAzEx9c>O+MpE=`W
zNy4*x9wca6(PxUOZ(xSCH&Dr$d0sJSS8}Qp>-+(;vK`HUdUOB$k$XUVx*MFtY)|$w
zW)=4G!+G>75jm_>6j5_-D~j=T38E?3V7*cyh0Vws67PXS{~Oed)Q8PrLvmRSF2;o*
zAlKD{kC$H8z%l#!CnU-G6!WSi1~7?G^Zr^eh5aiT5Y2REG;*9itTwzi9eM<Js<0`d
z3P2r`EEM&gbVr$E2_4m~nXyuH?i$|LKQF;LLU^tRrHz5aW;}X1G=YBq6Vl1wJuc>@
z*EOW3W*xVEkk5P;xPb-w98c`_L__BN(5!I|Z*unIsQ6U7yyWigkNGNmg1R_Ihxvn9
z1L`oL&15k1vae!{k2HCjtFogdv(=mhvj$gl3cKYW|CO;@mb>kiRW7^bW>KiXMz?<I
zz;m+we?EEr2wENXFG)(R8+fPsvKcb`9V)12VCRxsLpplR*pO^bqk?@$nla2;BoyrB
zs9?v$#6ndmt}YZaCyO=EqN8OLwdcVE$h*4sIwa$4raEX+)n`3AWEiy<vo?I_#k@Rx
zh{c>7{-R3wn`a>nboW)l`-BpHKDiNqK+0g;qzp2SlCt}yK3aIrUeJy4j|a0BeBNtE
zu;2}^Ns{$QcEx92b@{oJXZg9ft8RK#lB`A9RX=?72>N`VSFAedA~_Q>Jtq%*n=$L1
z16&}K>ONuYLH5;rekR)f{TJxt@lP0g;VT^5K%bqWzma?J@1#Bb%Ur)_@cOs7-Ypg1
z|GbB>4X)?U?_un%J%=90$9>*2@td!eZ!cqC+l#-a>}9OzbH*P1oUt>y@#FsfWk0-a
zcYF%ie`-Q{XGlLt@zTpo#*$Bxb8ZpWM}z%#jxS_robgmIFA138(snMsEqxo5D{KSY
ze^oB@&7xp{G(A7f9JRUHoH9G0wzOB1Cc9=4QQP5k^%Ns<xc^+$giSybCIK_!5@@c=
z_5{4BpUcj~el9y-8^C49(f`SNLb`@7_-%OkwlnE@3-Aa9X%`f5j0sADN=LuMsWezY
ze4YR)4pvd)VqZuPa@xG%B}qzE1of$C*$caBz4Id0qGr%Xe3GbHW!D^zjTQumPZPH>
z2TMYRhEAiwa({xVPZzj$yuSXe>W5_^{ndc}Sx9GDQ4!j7mnrEP$PW8dwSMi!upVm!
ztCE_4%rH>N8|sSyEcu<A5drEwHUdDRCb)uTnPb$ymp@xBQT<<3Z3a1FnRl?%h_1%>
z--L~y<B_DWd2MUh{Aqj0d|(a6WG1rCXOK|E9p7-A2znT<bWe;HD&1G(h4NXB9^=CL
z{;>XWSl^W#G9CL$xH2OjoqLC!1TI@6?LD@y27?;WdeW{$Et_sc6n#I<nDv<?Now6j
zj%dGr0W6}ozJN~jb~aW05`nNY1j0flmiP<OpqGF{GN$|Ba50`}8}NA3PSs|VA1N1$
z1!Nzt1~Kx-4ph%@fs|-3WYY949~2J#-^3aR14Zg4C%0Z*BDrsxZRdA{O(2&t7r6j%
zj96oI5*Kciit({LrB;@rr)Tok{QP;Cvx`D!0EJqRQIm^AdLGjCS{IH$qZ3?u6q-q#
zel(Lk`Zw0wSq|_0_`&57y(OeSAJAXbV-HcimuhX%VPSoD@~yw{i9VC^2K^r)t5}b$
z;);tgZxpbK%kwy%)iqS>u~#@L0uOPF!|O4SDx@CtEtnWK>l)|RhjkX#JE=KmeeyRK
zBc+YX69!Q(5>IFjS6a9JE2JLuEEpS7pOzzL9iw`Sh(en17fA}sbqT6&aC0E4zmx2^
z0h@a+7np=EY+krOH`}|b+6i4+p2Z?c1dAAB&VEPfnM;;dV)n$)HKTqRmV4MPYRpLp
zX0d+3cxu))+LL%QfW2Ol>uNjRM)aTekBXY-<{JJ1GgKOaK^l>SSi{6X;Y?piiGG1?
zeIwdJ>N7GNs~>ZRNL}$0WHG<xEM`^?XE6^+B%bg}k~#YorN>W}KH?Q=%fRnJ@knS3
z{sXVE2A#?hLgBT3!5BAq>#D?^aG(mpSoV4m%N|t35QF~rQePAD1eISE=?4Pp(~QJl
z;QNu<<ykoTNv|02pMH#O{?_X(nNo2Y(H``OJ9utxuTs)Q3r;m>Z&rFvBTIko!QpSd
zNRlM}p=9lAM7`aEy1i<%sy(1|6)iZ;tleCtu+zxWc^)oFG%@;wt4a@1sYjB`MVrmp
zg;fg6t0GOEq^W~k{HfACkIeYAD)B*%N&hruUVt>UlcqK@{aLeSvzlmAdh$q9f=p|!
zlJ*3(_o8F<W@TqW=~kliEZO76@%q3<p+TNbnp)AsywPQ1E=LpdMwf~CM0ICZU}FyC
zl0bC)yC>r>osA=5V<pBuT%1V&i9mM0qH*7zOj?bsBpQf5CS_DNP%0blPNLDaXc~-f
zvuk*M7~W>r=uTF5cKI2O%+8|W-tWWa(5YcW=#cp>57iAE;7tA%GiuPZGk~E}!9lp6
z<$Xeb%lmNyS>ET@&os}KoopIgykQ*yf{8USn?~ZGpqFW+X{ao8&qV*hLB{l#vYk>$
zJS?8N9aBhr(m}@h>!GcaAs5B9K5M}N#*E-A)Es^DR!K?~QFHWPw@Q)`d__x8Gxr-?
zVRz5jIzWh=B0}WqAw*8Ubg=9y9KaFnqv&YCnj5Gt;~6+E^`Y2NZi;<w3heS1t97sN
z{qlilU?_{8={po8;^Jvlf~+xK?-`8Ov#xV8PEez+F*#|9y?Hm<*%4s#zT6#oX^vK(
zktAzB#P-eVVeIx^{P6F85q}5z+}_*&_mO=1*6;i5-|_i(_uW^%7!%T83SmwIbEybW
zZl@?aQa#|?M{b12`^aKBZ2s6s^*OE7ytsf15}dEk@3ViqHS%y>2k>v1wy3sgZ6CQ&
zMIW->+<RVwmiy!#h_q89z=d1hySy(z7Uw(i#L3RScGnNZ{mx!DgAEvyw9Y7@#s=PB
zWt!actUDmur}UH%?U&eH-#Bsml<Ke}=agF6@05Cazf<byfdWhFAw#3;oKNR6*Up@{
z26tvIY+APgQ<reufyx8bB)nVej2-uImI1n6yz#f$!i=vneP^N4Q%K?;gC|kp;xm<=
zEzwEfQ}jp2kNbW(b3;KXIIhfx^-_9@qN9|aVNrsY+JK%P{D%?Zwk?d0*N5Ycza)!w
z<_v~QUXwiwMp2`#HLQP}{7D5C`km|&xWGL0GjT0KJY|Qm6g%dj{4`@OH}kH8w)ibX
zp^y;)OG-$eBMmGp9c>BgM+Z3{0?W`0h<zDGG{vzDoqG`OIvfC(Jp<zME4hDvr5`S*
zt#4w38qrQ0yg}>j1B|W5eJHvxsDIs9$xp!Mx8y+OD*<xJ^IF@Txq-@87JpxBgJNV>
zYd{~K3OiXve%1_p**^8)7E)z%?G5<0fEvN}KKUE$n0esVV_e+2Uw$#*7FASZBz|Eb
zZ*L#fI!Sy|AwPzs;UF=shIdSgr<L<ANbxiuDfZHqY4d<EL8?$U9{@7W3#e12sIOY@
zqUzICykE2c7<Yp*LhU-9ERE&E)|4)Ed1VFEC(FT;*%#LLCqEH!EHfcm>Tbx30dBDQ
zlB8D1L}Pi96lj4qWjoP?cc6jVqqO%lT2A$ul=!On+Y0fwMm(QqR2Asc3IZ*6m&>-h
zz};mssJdVf{x-G3Lsm5h^m`7V$Was0;f+;<*ZNZZZ4f+C1^C0?;f8~CE8GU;o@$Pm
z>b$({sn+C4l2M>Gr`7J9h2ulUJqq6Cb0DPuf`2ta2Lk#%901mD;4J8LZFS`L?c{;$
zv6J51>`qd-HcTL+O$nwNf#2=ocLD`lwIVNe6*VXoMJssG0RR<fx%+^iAs2M`hEhUJ
zx+kRHvmW?I?Vhkv+m(Fv9LyR1;yIj%?&j}8m3Oa`B`MY}*4J}{>x+q&gB)Eez+k3N
zqargwjmS(euUfyR0P)qj;$YT#f&It&uWU#TvWW8Wec^kN2vNE(CmX&7Kb2JsC)#qz
z(EbIX$9s5dK4U>YCZ|3CuyQ)7=Q63Jb`_JQGx8+qap_{OMAkMFwK78_MSOPm$VW1}
zeJAvt-G9u-*=_P>&+ac?KD%O~jsCK;W7j&f+tQmoyTA83vm2JnXXg>KV>!<3hVt1p
zN=Gug&&Tzhohm{`-tjoI3;NNCeiHAyK<zFjOW*KH(i74$k3`l!OVsDRUt+>y(8ZF_
zzUaYrj;GcKp1wm%3Q4HC|IqI1VN9(kj(zv2;QUL`;M|^UAV+#&qHQ^9Hz8V;*BRsp
z4%tAzfnD;$%w<3BcJ9kej~pS{0%rd0h%nPSsqZ*igy3?j+z&vvbpwEi_B7ZBjsi#v
zM57hm*+44mMj(0AZW6sYWZbQQMfC1k&aEay%s;?y^B1-7=gFI(xet;rmt%7)V2nAX
z)TB8f9oTt`G>XrDtQ)>VVgLI9oaHXbbRV52;0iVV=ImuIKHZX+gF?f%H}I`{dI9H#
z0a84@gtNntKD|8XXVwqE*>LdP<Ve;GZgCP@XrC>$h8k7noYh+0`x$f5XW!uh7f#+i
z5idT!aqE%v95!z$Z}H{<qmLv=@yrUegU_Vmca8Wxj}%WUp!&2iv}IZe-uf|(ueuOc
zQr@7S1zPfe=g-~`%j{mv(*|A4yl=w7Jk@U@IW?!glWbZgNy(k702_}CJsvqrTnGt4
zR()C>;qWwnhrcb07#_+!icT&OofHhz$<S=Z2|HoxyGPvizKPiOL+Jt9F3N7(-<JH0
zvu(Y_dgF7(hIBI4-pSZoos4yMGWPxbjLqE7n9{}AX^gSeU5x#<i?Iz|jNQ`BMR~@4
z)y>%K9>%WfVQgU!V<UPQd$5<WVFwr+dw{WX4lp+4AY;7!!Sl_iAJzu+SA<oyCAi+s
zRyHA+P&Yda=9A?7t8sF}VPn7FVKCcCJnfaFp!Ob#Pv-RFH7S?W$X(}Rk+A-WzmqRo
z@~M;XzKIuM_tX%mnhn(7BT!c(P&e5?{qHjcgY~+ZhKWGU0geXNy<8l3fE4F(O0VJn
zRPlexf$;f1zEI0_6x3Vt;Pw^YO#XaU1vRFXhxF;xeo!MG%;U8RLM_wBV6EvT8OpH=
zyh0xkXwfn(RTC^#%dpg^YC`(`$WlK^o_v+ttL}c}Y1>Ks2@eOI+Lae=RJ%Or6DwwR
z{L#$}j<U{#ronqYL&_&aeA6nhk^X}Y8CtevZ)PNWcq1lG_%Yr$tpwHI)5;+<&y2KE
zGq#?Za}s=-uaCo}-odM>n_PHw(%ekqI5z-(AWM=uITvGr`d~*{#N0FxcBGTaH?Xx|
zVk(Zoki&~Gp_oW-8b~Qei7eCz)&oe(A_^c4DT_1+WC=EM*is|79ygl^Z+VuFBMi21
z^sshFk?&^+_g{*IbuwM@B>*?3Kub^(JD&Ck+UG@vNiffgc;}EFET=}@`s7behrr_m
zHG-|QvL#wc^%i%25M%M4<P0biY^D5ca>41guT@<uRa^E@y{?s3cE$dgEIA#-RXpU@
zW;wbA;XImp&-tbb`$*q--gS^a@<sjSkiI{pA8>J<-N`*yi0HapNs1T`fn!xf`-sGU
zo-0WKBO<BYBZ#(1L}Mx<NpVPD0pE?P0|7l=DmL=~Db5d&;u$qyG3Ec1gBh9s;|sOS
z5UZV^i#HgShx8dVKzu<cP{F@dK=qIjq#=FAypRzr0Go76yfm}E@lvtC@zU%SUQwD^
zVtfZqqSmuHlBC}s<qKp6OG3t+a;nd1gpNU&7GD(crXFgk-J?jHccgZYBw8gflSl#8
zBZ)rwNBLkm*2C~oI3HlN{zO2nlRRWqg2U?o8ro_i`a{B#ZFlmz?}-o!Z=Z$e1d**y
z8b!1sbe1mQa=d+y4+o@h6%{kV^jgPgSnZeNu)do;ERNkoTj}8&P^a~y40zh{O8rQy
z$mToG$>xiGsb2}~&JcrqQ|<%1=VXN4NTR(jJFrU}tA79SU2!d<r%%5VJm`^N-OMqx
z!=K<Q2LHDDS-=QNL9LU-f5q{vYdF#Bks$hy$v#gX1##tz>p6j@kf+W7<pfklRyt!|
zNMBrlqWTP9K)-rSpk>B5K7XW`H5~7|ib#Add>KmON%%6FXg7l2P~89^RO`mbWK}}n
z*10X{@5Jz)W}+?gNK(8bdKxv)d-Gv{N;}o(v?k}6;Gfe9G9U-y4?U8kd@5IyrceEC
z)@6WNaKqGgfaLpN1n%^+uu<1)y)5;GD-`-onlV3S?0_(AS(20riNvYb9`&zF*9j-n
z^_a#TLKrHaijJqoWNO6PlN(pyct+)bY~iDo;N2a2C(x2pDmH=qzd8Py0BLZ}<e)~+
z%!7XwPQ~twNhPj~N##L*Ck*(T3~tflbHWW{ZhLa#c)SYowDG90I&nN+5jlE1WB%>>
z>vYM}>#`G)4vIU&j~;hY;Xzv)d33E6eql`XIG8w`F{W;cVoIZCwJV=!V`Z?l#z)A9
zAQ}ip-FkpA8%eCY4=@I}mf6Q@4uteoUt%B2JE95leVy-O_9VrwHb&fYRT9uIDGTZg
z&kPvBF#&x>`4`^ptepoLQ@aYt>V&daE@&oN{7`&l$kDH+wYHa|W-rxSl1onlECmrp
zOAyWI$LYih@+ul5s}h|Z@hwEV1M>H!@l5{di6VzYmn=zJF*8U;T_Dybbb!zH%dJhM
zKBQmbUYkf`NWWxWL|<6I&+#Gs5+AHd%M27K^{dM$h=(%zznzJbSq#A|w-+SWF3T_v
zPP=+tYx3S@&b<)SfE*aqoKis57CBjD&(jMUX%ovp7!Z}WImv8pDWG}_)t^d!eHo_T
z@@~Q&Vy)Cz%_}8`E`tCOUVdwi7uad?z&IR5av%Sqzs@;{e>-P<tDgG1oLLa-u5O2#
zsF`d28Ehjz`7@gBg&<Mo5+uq+=tGX=Bvl!R-CgzP47)3Lv%4x6yYp`stb1H<#$(<3
ztS9rszda20zx`n&)^2^?!&qN=7VSr9YBrW~BGEcX{CBW{#C)7*ju&w>xn4;M8*4Gk
zx!Qo4kk`ObCv0wLz$+HkU_#`2anxCTBG%pJv5z`qsBU1uYq+$W>eLq?zUtBvQY^Ko
zHi=SI1q!8x>LyU#u*s9^@FJCCkFid~?c9jB=(shBS9`z`(_Kj7r-1A^oM_L={T0Cd
zyKhn5Dn`*K?~PpI=)2`ihtS(zPF<4PRTwP<F=Q{K{pW;M*hgWU(V|t26_|XQ2PpPP
z4|yT;s`5Zfo~=+5S^-XZv#9-`Mm!K&0e$+IkT~FlTBf^nY9e?3*_guK<`-07DcFT>
zpaBrpJ$V$z&;p@6ghBbL?2|pEd{7+r(8$rRy*OWj3!q^j_RUUGeI<M~YWT6k(N@}b
zlu#qk#Thr6o2Z#P_K(tF*FKc|QRKizqg077N|mRIgZ}rdo&&a{jdPOBm`kalDo7rv
zCkmTu5uz(=kvwcY(XC?<ZSQm`->7aV&aF38e<!SW+RC?udl?JpEvb8he$ja<e)RM_
zJ1mr9Ux1#UIRWdw@fFkaUuI%Iwf*V&`V2jv0rc!6+RI;#o-dl|&~s5AdhQYQTuheo
zR~h@&0f(@M4NBP89VZC;Y5D&?!Y=whny~L)J1Al6YY#=(dk;m}8M=G_h-v)i$BF!x
z1JU@fY#Ik)I$8e_lKGND_@7sx{yU4vf9oRh8>moycsP+icvM8bV>H%%S?*8d5u3(?
zUzWt5oguuIq<$oRzaa4;M0;HN|JjDL6X#+5OBVKp`#|$Ggv8I|=Pu5zEXigazN6EU
z!|BgQZT-JJ2U;N*LKSuN|9D@H2ZYS&W2}jACjQ9kI_Sb~>pb9}glJE~h>l$T5wSj>
zOWDlweaTt3k&H2G8pL)SA)Wkqq)5>qWo#x6oe+mkge9#ab5ytH{SWVE5LV$h#t2rC
z5UirzVHGPMa9Bk`u!?rUDt_^R!zvmCtKeLu9QlH44C3yg)CU9K|9E(M-B>Mj#$SM5
z%SU8{->;5d$5szYuPeN`?!&$cdi{#`nRZl)S*;#Hujd0%40F+|CLa}b>=p4jxAqYw
z<_oSSM2RP)2H}p95hX?sYH1%gT!<25kM@i(YXDJVPJ2kd%q>d5gTsmvGC=IV@%{ko
z$}C>8><jXer$itSm9wE$Av-v=FwGc5kRLHGIf-DS9}UDyjyn`D8TG*-c*zln9rq0?
zb}YMZ5V2!+pJ|;o=(J`G2ls`s{iek6#wv4s|NFD2`ho0MA^rJ~{!gm!3+ZWU<ZgRN
zvTvoe1OCk1JMObHmj>5SGxx^(#JwhF?sfQeJt+<@gN(Mx+9Bfh5)S&G%Xt4G&6V)m
zvTWa<=Ptq}S_<}sCsEDMNc;vUeLq~gr2nNB{`~$X+`ioY)<(Wb531cVSy}^n^qlCG
zYL}O2%@}_{v~ghLSzI6!t&NkrF=MEjU}~3#s9el~+<M7piUe7`3-EX*V9Y28=s_qQ
z(1SUtm^fdB^;E>Tt{`IE=nEM$${}rZfcR#Vkm8(Dh=TnftpAU{E%^@*s=7awMFx?{
z!DX=%sadCBR_Qs*lFCq=daGT;L<>$>FA3|{7lib;zK9De2kNa;#jz<HsM?F1g02DY
zt~?~zkHY#V){V0B^@o|S-{XxLzo(E#wxxuca~r97-Yvh%ikG6srClLohR+5>zJLQt
zuz$r%R^u4gbPlNewa(bH5$(NbepufT(a$WUDk$P45`PTCRTO|lWefU)+3G&M(zzj0
zwl07@ZHCJ@H^Vm0W&Ee^{Dtj5Wg7~nXY2&i%W;;eTMygLaffb)H{$2Rw(2DZup#{|
z{`>^Krh6z{a!|X68kct^A1pu%#M%N-EZUQey_)=4fgPlyP;vi|e>*jD1Ajt#oE&VA
zT|SVB!cGZp=k`I>DgH`M?%yitTO-<gvEPREPm*H`7)z~5zP|wC8?y5i=#f`K`fI=$
z4up-rtpkjBY(3;H{5)C$_X)&+eeYU;EB!Mx<@q9&AIIM1FSh4%Fl`O%EZGiUTOwL#
z^wNmNqO(HgufbGgn~Xw}<E4$9^_?6tH=;4gTm?_4{&sS9A#lAh7_94~`jD_*9@c9M
zFkX1Jt?T3j5X?vW&V~7mrOtx_YTYYR>`a%TY4IvMJ&hBK>`qS8FBw4peBL$SZa>ch
zT6fB+0IqQ249A#NtF@8%ED*(Rtq2*H(U5*wO-R3$VtS>@S4n)dhwqhg?39pk=NLNS
zQ`QdN+yIg36(N0kO-P?kt&e44uX|7J_5{f4mH=7xbi}MK^+fb{L+U<nYL=5PSlzui
zunC|bf6P16yPA^)PhhsRonbv4GOoI5S<aA<G5w~hWmC#S-pg(Z8MpGW-4vR9YYn<V
zk*29takl6mkQEUUBF2WOyH5^m;_alSLvBR9Tiw~E_o%z_gZ_`4D8FYO2fvTtwovo?
z9(6Z?<cSa#7$((866^`72W4{i)#xz5B4#8V(6<ECU0$>wsomZM5vuMu;BUkD7t(a)
za9Mr#BGUAo;hyH*Lz~~tE9_NwT~zo6f8&KWcMQ*I-UV-7R(D@i_zqQ@b7*C2>?x`?
z%Mq<3dNP&w`V*qPQF8O{Jl?`<R87dC$}O>!fYlO6szdH>O*3XLl_bXWX2@;%ddRr!
zri+&iJ%#@+5<f0zP8Q_6`2?n?ZVu~jTMclszjI8;xb<>6;nM)S%%>$_wfR;(y&`1H
zy4+sWkUs0CkUs1B)F>g9Q8V|ImB?to5Sfj8$@mSDl>8h2=ZzcO47i^^9JOy>Yvqkj
zUb>#I-Z>HTk<wNW16P!;moVQ?qlEc>@Q#;HlS}e&)94vx=li)nq_2Q#)R;Ms>U19Q
zO{*crRW-yntqRic`@F<A(?@)lmJr|f%ll;Bj~LiECvWJyax00i8ik`M2dV~Z4gX2;
z=S|}09r&|W{A>^xQuFWi_<arkz6QUq->{t1-1<@AS2JAg_C}9ay9=YIsNMOoX@LEy
zuOU96WAbo^UY@{s%B|rEowPaarJJ9b_2JX}e@gzgpA+dl|AjpDdU0WLv3&yrDXuCZ
z#Z`Qw0V7XM^r~GsWa*p3!SHkQC|6KS#JIJ9Go@#LDrDNXM)D0j<s&CckjJC4mBjxn
zLl&1&!_5U4KK;J_vhwab%2S(_-mwc_S9&H!Usigqj=pHsjdbM)51E%;@9$K*ix!SV
z{9gOqg0BV0+SXgV>Q<(8#!j#<f{gJtf7mK(og{t+SmxVFJa?od8AVjxa=qGJbZc|!
zg@|!y0SI81$(RCTls)R>aMWY7?|ZSwKSYe59CrK<jo?Cw=;Z>@%U^F0y)=%1UPjsR
z=yv;`OGny%*xmjx(f%yE{hC4AZ$0AnKP;A{i2ev*a7d4rR>*k6V3mksvR)s`3v3*)
z0Ostu)d#^@k3pFI9i?|j=&%yjcPF3w9&DtTSG2YG2wS>#sNGU*YRZ2^RnE>-84^(M
z93v6!<e@l*8Db1%s3cj{#k|~|WmxP?iNxnH#v;a@V<N_Xmhi5w=kkF5Q0YzRq7(gk
zfHdXv<Ad6DR`dd;u6<(cJ3)V2Kv^tLj0FP9V$a0rxv2_LmOJZy$c7RxtreqOCPrzk
z8p8KHsB>0q7_W0yED!TP!*2etocf+p*Dlo#U5|on+rx5d20u$VTUI_qsHZ04!#%JS
z#qwb@N{!(U^=5TvmmQ)`RwZcj4v)Vr=x>8lZa|rmU-AUrxbc7oV*kzyET1967^W1E
zd!CXc$-HSlUYVezJ>;%hk6<uUhLQMBJdy-CJ+lT?9$0>fN9isg_iW+S16X~Ehuk&U
zt_&9|P2{!T#cSx>A-Z0FQT?FH-)3L80Qu@fb`<?Z$mmN+^}fLJbI-3*(goz6yLkK4
zGwpAeMf+7sdKig6FH4ejmn=zBwvhO9yv#15{e>@sve=`<d;w*#cb%AigZ&s?5g>_P
zqilWC&L{dCJ7Dx|Ea+8Y-w!B@bJnFoRZ4mbi7&-&cM%OP%GF<_>WeZCenXBua%IZ-
zO6*jswuxyyk&ADh4JcEHJ(SV1NYNa-0<!x-Z$$e{lBCCTz`qI~dNiz{y}=*8BT8zi
zF;s06J+Bu%xAOL}cr0o?B4KVL$iv?!WEj)(Q}f(M<^ChD@+a(Ef(g6eP>qjqy_iU=
zKf$~D6Lb}wg}Dk7vB?5K9?ztoE)zKWcqRe$XnfS=Z@VxnVIgl(BCEDU<by52WpG3_
z=C-#4pO-KfdrR;kywLP__@@#7tiwN#;GY%v=V_>;zZllLQYAnH!T5Hv?93cVQl?b!
zUaCk_nlyD(8!;tZ*%iGxV9sn-x~Gz*cS16cHb_xYBS}&XC2L<K>UDfyMmMw$_!A)2
zF9wv}3j!p_|DH-#ZP6H6{Z#x7T(97>)g<^VFHy}`UVkxlW1suQBJFDPJ4*MJ3s2_#
zndgli28oRCq4Hj~GXTNc*rQU{eo-_}scXL=HdO1tXF(F&%i$AHdMA=q%~}Upy(PX4
zUR9Ie-f9wTgK-4#U!}JQRhdvCT-jyB)&)rQr+RE1mA8Z||Hqi~y8x-~(C7S4t$Uug
zzD18bjY=|HfvP4sV9q=VVALQZjGlljE_kKKvqb&2EJ@XR2bH_Rl}Qrcnaju0G$u%z
zUJk}Ps`Z$n&skPGU*AWXsQh=?y!oUmB|Via{gn(!Qab5oS9|-3`dwL)^tY|qkjEil
z&fKANUrp}%2asm(7NRY|IPwR`(m3Y<@8!7VNxYO2gXr~GYwR4-bd%@rGF8(h3rEq%
zrLW^2N6Ff~<gO)1)?0}72M=%4t64vX8{s+aRO=o6Q;Q42(BF7cFsxTe)44uupDe9_
z%E5S0Z;j|5MD!0M`oYj<yU!3=yFa3T64Bp}=$};^!8lR#J(6U^TH$iUfYN&=iQjvW
zF{}O{V^nL4osGfkS3vrlO!WG<ypjYtQZj2~-JZsLeF&mwB}sz3DtODvRcXeoWt^33
zow3sp$CO%+qQ6bFGdz;?cR8Tkk>^=Q;%^>c%t~-jW1;RXMEd|sYx>(HzLCH0;_uCw
z7b@M~AnNhpM!T^TNSDMf%gUB8zdoS!7Lt2sd&T0#HAKr@M4RQ6B!36a5L4-7X2`c4
zkZi4K2N?^-w{z}A^j~l=k*4SR=8YloI}S3|H+Kw)&lhP_`s9zXW;s#we9H&<+Ir&v
zWBS|HI9aT}XuliV-_*+(q6K!)jUD`<m$3lH5*Bc{EOxP?7gqEW68}3Q?#Cql&on&y
zh-l@2ZgK;;tC=s&cn{)X>=dd#Cu8G}3-0_cWy%=Mh_#Y<RWD<yv-vh;#9Ct~i3~C@
zg}{@z*j|OiznNw%bvdqIFur|J1W6*`&Mr}ja|t||nN0LFc-9s4cRHuxt)V{GwN^<N
zD^tpM5$%B<SeDvRn{8Yo+OK*z>Pj~J5OlHAH#<Yq7WOcfx;g0YfM@<rfxp(10NoCC
z*PfvMYJiIgEP!$Xho=w{%qg4PyH>9<r9vUvW#HB8D$SvfH69lv+WmJ~xg+26C!$&1
zj9J~?j0OE29M9rS2cTnE)68(r?uA_9veLadx=88XK(wy`!gw|lt@t2gsi>Pn1oX}$
z*khF`<w~{QNwjDhyn3D6H2}t9$%UR_ul17yu59K{679YNjI{(;2%cU@?)jVTvC3I|
zv@oFb4vTt?$kV{_<0E?j(T0(DVGm3;p!AjyZF~=7;mR(+3}enCr218T&Lh;Ukzpff
zgx`&7-7?9T^H59hdEC!l)#p3}i|p^HYLfNH(-v>tnDcZ%Uj<?>Da$?o=RyqT$6h0{
zZb;-2BiLBjJS6hF=+ICLK9|5s7#->slhwM1r05uT3H~-NzE=+ku80m3`anFpY8}}P
z2DLV)M2mRR86C@8QS3|BvhX(`?hOn2Kce6bQwG5;8{wc&&0$i$I~zm`y4b?N)Qe=I
zoe3xO>e5;*5gQpWW)x@%SO!wv9MG#vYXioLQhqKoXQ$Pkf(6Ae5MjVZdCz#Hl#fR1
zB+I%zk|ei1!NrZr7s)-JaFO{_4;*2_dfEv==0E%$$-n1Gl7+Uox%JfWLb|-ka_nnx
z>8AcRHRh~Oe)L%ybRa*3P<StfWTE~6W3pUr^P@t-Li55!IYgVEgQus*$Dk^7cn%sK
zBogoPAd@dcnRJ2|7plxYF^=(OwVccwB1zV>vi;ECk^HPklC1S|cCl{`lO(wK$SHOr
zfATY1hrgSe=lz$;Q7<(`9Q8)<1>{URFgXr@yc0r|a>bbWR_Ro|S`{Y-m}ycz4$DmP
z9vX&!+J`VK@eTk(a2|g>8<5G<eUfBtmt6B0&7ZXODb`plNg$s)#r~T=`K{y{^MiMR
zt27^Q>KhQhay*V&@wiH9cR4e|lxoS+(OB$zhe43%KgG#S^9(S#;jXdSEeHK=$^9ov
zQecxLf-yS9b&W_dGp^^SbpAcrkWRA!bY?E)7ST@ph%u{%@4Ae!#hi!4CB!X|;bXua
zRtSpW-#LOYxEwQghbh?17_gMd(Mv-{bt$DL%?(WsmsTwp%>g#n5*Zm~Oc_WqBTl%K
zZk0ai`(Q)g2b+1H>x6T+H5%=82=v*Dv(V}9BM}_Cr3^7hLJ4xKSdHhz@4J(XWdQi7
zsIg8=(=9J?xOD;C@PZf;{~6w7v4<~HmxM`6z!Ee5lQdXjPWU9vQZ1-8PhIIG{MO$|
zl7nfMn!%ssqlWfrMUql}*Mr;ngA&(+nfw89Js775D?`x#QMI1z7ioySrQUN@dA&|l
zNxkTL`kwQ2z3b_(7TZsMTfZj7Snxx}9{iB8ANDXd<RivD`84zC{j~q@-ahYokHP0y
zxA#T+{NL{1{uGKBce9(Z2f7*C+s)Xd9>!+&FgCY`u?0Ph#d{cA-NV>vy^LMZ%UHOV
zvH$30?3P}}^j^l!OAnAgoT?vQPW4`D<W4jl8@-XIc6ms=9%$N2wD&;q_n9!=ht2bv
zZ|6i5YY6jGtC{=A?T+dGA^f_Y8q*7?mWYm{2ImVz`<pCDv^iN~8_FNxN6I;?s6Ka1
z#JHo>7nyuV=@=4!8p!k7WkLT(5##ibaW&s<lkZ+8RIN{d<UXZzJkhqwl60|hM+qBG
zv~B!|u-r@4F7F*RVR;AKI%0mOR89?<Uk?{|Rc^WEeA0Bbd1rf-!ipB8^u5Z?ca-MM
zO83|WZ&xYliP6`ql=Rin4y&r~{o`<Fn2r~XtO@HMQ2h;mTXNEH&N;%ywabv-gwz%>
z2W=X}lFV%k8+B{AP-9%$g*kT7f_-2Z@|=f3u>uzCh}Ic<U9DRsMTZ2`#dk;~ehzH7
zogwv((gF$Z<hIV_>#>0|HBW33HP5^BHWZrlcU(O1uQ0CYcUx4O`*F5Y>w~8O{(Z%}
zVDvn@1rnAObIym1>eLpmU;(3Ulcdxz=jR!>p??WXCO5}$jK@U#6P&M;eG@+#ku@!{
zsC^C84iuykS&#QE5|96s^|;%9{PV2GvS`G@2piX%$@ZJ8_|9NNOG^-Fv7wO0GBmlm
zbWAizjo=z}J%A)yLCy1yUxctT=B~+x-+zkL8OhM7K9%5aFZ4TiO$M&m4Yc+`?EouL
zDq3m-8(wv3fm)j*$4;f@dB3Zbq}2Ef+Q+^Z)H;cFfh_cjT$~uF#g3ua;=(lE>z@40
zaJLjNFU^>nmR3pbIa2eyb8EA<OI0*i#_Q=HM2yoptu4G%_%MAy^)1P(#q@Ka?dyOV
z=eSECPPh87*jon?Y6Zjb_X`Jk)1M)6+&PA5w=gmE4~Dsi{(H#&cix(XgRIKyL$F-k
zLB`bE?~tO!IDY}+`QX77T+^a(lm<PF;+zryxj}1@y!6|B{hezZ=Si)D#Q%W6|4S`8
zAc`TNn$Mp|ep`%UA9}pQsdBRMx`Ym658^3v<?HZgLpyM?kCPuIQM~&LI!#K(O7L1T
z134mJuU>2z5`^PvZ6vhKFmhx`@~-^<*!vUsrmFn^13tM)p)E^_BBG*Rgt92qqM{&(
zEwqqoiyaol1=En+(hO-5lAA7wPR6v-Qqhjfh>oKj9UXL3>N1GnKtKd^949X0FpAj0
zjabpT3?g9jyv{kFliZ|Pn4k0e|DWgio4$JQdEfIn`?=@t-$SoaTA4PmP1njc76)cz
zt0UOCE_E84pQM+K%*)iq;tFhwnATJt<8l+XgxgkhtTjORJHx(<SnW+Rt(p94y(lD3
zZVz~K@hL6dpPPmL!Qxso`8Rz6%tQb_r&geYn_oO;YHjNf>8^_z2>COw+<ASXIhw<x
zxt|u`hLyxOxGg}hC#D71)x<!Wm*-j4tBoR=Y0QqIZ*=*Z%{<vVx$(!%?S#L%TK8!$
zGkOav7|7Eu(oge>o@m%o_O71h;dprM3F7mH?wo{I_A|V{k*q&i>yq~;2?bv${RjQ&
zx1aF-bgJ~<=uf$^{*?RU`qK(uV!MvY=EbW+fBFW+t>*pdiar6p?#~6Ky5s3jXYy#I
zKGFOU(e#S`bb_`&8E<<W2Ssa6?2>@$j7{yly`ER&+Kb1!5V5Y)bawQ@{PHyqC+mfu
z9O(Io^}^+v*D858%#C|fG<sc^&<%&MiOB;&{_^{_qk-=Y##Ps{(~FZP=`^z~n%V+W
zn88QhQ-zJszCAXuxq;s>IEf9!0XFZ3o&`4P166$G))CTuwW+O*y{IvMo9UO|)81#i
zmCYs9P?K$Jey2AQ=^mLx@@Fo|H8wxnn<|A%XkRq0x`PXjZ-0LDLspaLChpHUNh*>*
zm<g}%)xJgC(;JDj@9B+1bdgA8LL?Fy)f<Ui5z*L3UNAql=iW^F#O6G9zK~Zs>7&5r
z(fnD{T|2t<rIS9w{$ZLHV7u$M@->^2?XJBCzSz%q*D?Hy7rtwn)>Im>H??NBv7M<o
z*szH1Py_V=wx_a<bd>k~Ow<uZ2>$Ln+Y`%<wIaThd&ySz&NPYMGMkaDuBV;9x*zY(
zt-Q;3EKlh2xQSsluyJ?gargM%f3bEd?bG82CLegCX3O#i@vb{0+GLtu9Q{m6`#xc;
zy;SA6+vECw@%Gq7GPXxHZ;EbdQZU*axxV5b)g13)Ed12KipX-JOR|&mgXKvZlkDVT
z_qmV8cbZNdsAwNw$*vIC9`3s--QLaPsK18YBI~mkubfGDa`m+Ci~D+wr8~E8WV#*u
zmRoqAa=ViEsR4M8`Srdd>G+iW>d_B)yWJW8-aYSIdC5o9?(2@b+s<Lpt5f<!ZA>}7
zM0@VCT+s&Fp4$Gi-bjR=sXx{miS+hHB0G{@f8%}FvetjISL_}<z%B}(Kg^yDf1{qs
zo==}&-umT%x8}rNho#qyWmEV0KB6A4?d=t>!){~Fgx6sY<K7=zPva9F^VeYy5dJzW
zxBR~Ez|4KU>0XDOrhOgu!o9uhb=ZQvy^-!SW3R&w)7(k=vjcaM`p$xt%KlzuNo(ob
z#jSrUZhfb$^;>4V;=2PM&1P@Vmo^_#2L(3E{I!h=VZG;6>d<{$9h)CxmWfY<FssPJ
zzAw7(ZGQi8A%CIFFuEz&kW&`ep$oI;b(ocdKe+UrZfd*S#OK$TZ)(vM8#k1U)|CZz
zNMYLbH1oyy3X&<4Y?I0YJM`U)Vslbmd%OXYY}1zob{G=gU(kvI>{LfrG4*p}^VhwR
zNJ%TJFdV;(cL!-J8SmaEZ!>P#)*7H&dFx)n>W$4ZdO7NC$y@AB!ASV%Os$ujb`n`6
z(R|R@9H8d`zscObSI%eOrxAWzqd8b&Eb9quWqDEu@YA!BsXaH9^liNN-{g(AgN~1Z
zTbU6iy;>YNEUA|V4(ogi<8wEtyTn(IPNF`|zg6TnUjwozYj}m|Cb3}gn7fN*i9HZw
z9}ejz1-oVbzNe-pc*X-kU8^X;jcekn@hw_{(^v`Ae$=OX+oa&N#n)?VNc8{tm1VTk
ze`jhv8raJ7pIgy<$Tu_0KVZ^CJCsJd;|*Rh({+i3iM7xn{uX70t~Zum-zr{#n7-yO
zEcR~-HsqECcIm=T6GGY(_Ky*LI^`T)SzwpMCLz)89utxX`)-oT0=x9xm&bOFxyKi*
z?<Rd&V3#5F{_vf#Sz;eCuzo<qTYvQE&O2|P^9#(ch&E|{MKkz3Dbc~_kg@4~iPdiT
z8mnnbA?_EhKDVUxz~~PQTc@Au8C$%jG&DWeb7t|H(!JBKF|L}#-q;D6)(qM$X`XAw
zHOg?>C?EfgH_94`&?s5#rA-GLWZE(~OzFy62aYaj85iD3V)FwP8#lb%x-Is&e?)?~
zcr_X<KpSjZ;9oubS-0<;WWu(AqxlR9Lr1shidRS5tLrd(Y0P)U@dZlU!Wyd@^M`2t
zwC(jwZzK}Ffjx}$g~aO<2ODQZONcipzQ_C=+Y(=(7#iq0T)f3V2;pzIu@`5G13M$M
z4&(NyQ)rcYUguSQDhx8SI*;vE`N&(}fKw6hUqlnIq%|B28;boubZokaCO-2W@~Vie
zB`;-M2mi|Bx?3ApvHxRZvHyqM7kEssmyob&O(pN**@%iB9&<{K8_o@%8i_>8+k7Eb
ziM2mOBHdH_4(`n?9d%Obp`&@!59#(7&0P>u{6i#S?u|s~`gs1S_IUoa`ouJjH;y0s
zpDg|VQ)ws5OXBmJnzGhN>pj^zLRxPh$ljG&mB&`M57iM8`;Ne(<8yed88k0nGxE@r
zxW~rguxxA^olp0WtwY)IXL4EF96ZduqR2Cpz4iVV-aU_vX5Y)<LG2Z^>l6o8jo{xC
zt`fIy%35#7RZwv&n*x&W#o;ZZ32D2$uq?3E#4c6_mj$*i;zR2=9U+r~&9C6)%{SNs
z5%wOAvE<d#=2z6g#euE3iP6ly4AvQ&FJo6{TMayl!JO#T5P!Ei@CGRhY<2TML)oMp
zc!_`gm}tq*9?dsRAIDF$PaPeL(>H`=!<QSlVT5FCUU@1Z#k*L6vSNh_kBXY*Gp)(`
zr-e_^Svu)Z_-~_l)WxyXUc{!?$MV#k7?m=$idbs>W2xORijYoS;D&L8e}oyhVFEEW
z(~FE)9`3LZ60VO#BE^BN{$#b`%cV7%#omKy3ab5RbZS=Md&!qK>6PNZR`%YH@vd!w
zS0s99?+qL=_=Xn;wz9W{)SS`*x6=%(S*(4Ug6inN_d4}VnibzErZrjjnrR)ZqHSEZ
zi+xSYE}vR&zZKPAm>;c>Kc0p8QOEEK`OR6hgRz;Y%BHR2SM_CU9^`Y$-Lr?SwuW%!
z(((qsI{e3Q_6|jH+wJ1AzO3~gep!!gG__ZXji%R&^|!MLg4<Tn%oMjWU-op;U|e;^
zS?txLOU}~lC}nLA*02M^^X&b;wpFwvwU!2pakl20Yid5^8yxF~kB*G)B76rrwY)V_
z*81&%+}(U1+BlM3e5Tlq*e4ZBMiOGu?W<T*Zz`Si5ql!!3w4(^1&uAAGouGD>B`y$
z^TX$`7G3eKRU@LedR7hRwzpS}78U;@|4#55V^i)(dK#jio@2aiH6dhruCeKl_{!j6
zx|WU2Y%Cd28}yx8+_s9p-?NI{kk9qspp%WwuQKztSI~2<tWLRX+EqoKvuFcO*u_hy
z{~;1FZqU=L4rkKArZ!)Q<~WvJ6cx{CmP8_v>D!G>E%<hT=FESC&TnjH_Z2qGVv||<
z>eyRLrOhAlr^?fF`K(v08Uw+svT1WLRz0+nS>t1$K>ChFBDAgf^#eBwz@BoK^EX%c
z6vX@^HC<Wj;GJYpc!rLp-)wA}!xL2VXtd{i!wYy8n{GvuDD$1TllvNuq4*7_B(@UG
zQ}`2I;-x3u?7LJeG;WxsGX-9f!cXe>shT*ao1auQR*E|VH#T3S<MpmpCa`1*yrd6T
z=;BTVjm`HQZ^&m8YfTHeN%~{oW;(hf)=aM-VYL=GoNH`8`G;in``4&iofm6R^%QzR
zIFeovj*rVu_o@F;?r2kmUpdBJQpN>IQKouGV7)2uk|A!V6uq49iTo>ygQb%`3NL4U
zB(V<|o8KgTYoE37xoD^8JhcN@AN+Co3-3J2KW(1Z!@F+T_pA}{H3`j9<K))uf&Kh@
z5=_uJif-YblVE<%A$`6jG3ow-U3=A0ybX?v!!gIxxw>a*N*X%)KQ3vwjfGuR!_7s6
zD%#fbA^gFi{29{y*RTUad22-Tz{hrw*TxAW2x(oso84>La2g@yZAz#@_i@=8v#D%N
zX~fi8+EF^`5az(-L-W7c>j67-rnUk6O7z5xLo++5S4{of*fjGr+@+eHbCYX&u9`i4
zkg@rEW<%zXv3Vj!y!^xwkL?_t+hF?QyZF)WRf5s(b%N3EO(Nbl)R|fb(9w?OfBJUy
z96ItANc5Ux<!Czgo+YvTl#dqQ0yI5FTXcYsG#i`N(hWxv#;DWcN*}w8c2(k7bChKz
zQQKz=yNwn;MVF9oEo2;TSS7Uuc_l45#J*iHjAo-vNpHevGmvV{Oq*(?iOWd$ssCBN
z0y}i!BR@nUar^T->`jKub<t-FyDzBS8gBa`5}7Xhs@qC~14?)Er>Y6ZYnc{t<yKxD
z^Z$+NpgnjDdn7%8b>e6`7{_*%21RFWp8rE65^fvLU-CYQMmOkl9REag)5rQQh&v5B
zk;?iZ)%U-p1=h#Tf5yfxBN7|#%`H64W8X$|iu<^i^f{QO?0zTc5)P6t{wLk<Z9+)-
zG^NAX^mK0|Qa()y8Jqsl%XT*Q*6dW4cjIk$vJXpEj@HS>rd7Rsc>U%xp8e0hLH04g
z{tpM&GTm$8<-OV?)$IRH&q;E;D&E3B=VN0WYxrx9Mk3)q3_I>>_b1#PJo|X7yt_=Z
zdo=#o-6LG^LnKnsww|BKKNxo=f4^zX<hvFmITBp+DJDr8hRIou3?!sn*IluORg`JX
zEP51ZsaSJ`sbbAlMU#RRt)G{-mWIk(D}v>%3wN7Z7k3mJH;fn^IGSs0rq^+S4}Za*
zB(?4=Yt!*PBiC~#?Ii~{<9_#7kw|%4MX;<*SKd|{DsNl3yF&LZ-%oOOlIw~CMEA?1
zwA20KhQQJ5jH@m)5YoEGv}TZXSlm^Mh~Ct;xPvFL8cA6CCJ~LlFkGHPi1^g6A&U_I
z(d|Aj>(dV!S1rvVB&_r!<d;Xs%7hqizm0a)qs{EXr$kTP9jwKkW2gRo^Ux1@c)urg
z9?aq0*)$LAv$mVRHPAeKX>9tpo;toTHtlCy4jP*W7;r4=Fy8!E10mtRWYHXqqd9B(
zR-*3l)ZIKLMQ$24;SKdPxv30aoSi)M#RxqlO=wH_SpVdqkG%k!m|vz2y(GLPMd&RE
zeRrDBYS^D5v>&0bN)y@{o|z)_OoToqP3XF?Aw_5dLcjM#>d@8Uo&A!B-no&7{%xAj
zo^VTw&@BjUP7_)QUzQ^DWe7boP3W`215<<^h|nJ%Oda~V@atL0L%;q!5B*4*&~wA>
zDMGg+^wKn;%fs{7-V<R@dTZP3ixP*Z%Mi=RG_f@B`|j)!k_g{+!Y_|TB81d0GfjPi
zM-|z?qk8A_)KU40w+y7G*7oAn<)d}}@3$J8{=vS4-E3^;pW&|@Ep0V6zeUq~Lq|x{
zd&buLjzl8i9dvXSN!^8{mZeE*Veys`>>Q2gx{DJ;#et8F#R1%d-^3pF%zU*($8N-z
zwGL^?rlE@0%sy5e=+zgu?!0MCaqIgftzQ+tbx>1*FVL*yu&nqV2!GHWiA)NXx7D`O
zHVS{BCxjMKd}YWcASe!OWnc2D<JfnGe;{;7Jmmj=xN+5sgn$0M=A=IuH7|-Zy=QEB
zMI*aAD*H$)8&G<`vFQ@_8ext&DLjGom2+q&ZGYnRHLW`mDPB!awrGVITTE;W%@Nfi
zP7!Gp=x7!2N328HAiZ53>p!|*o!~$ErEfkPp*Q<3=k2AQ-CgWIdY!SU=Wry_eIdV;
zP*3Wfz^^-eql;IUjOI6dPHEi}wRUl3;KMVS6^?KldKNoHl=!)9=X1FJ`Hbdy#Au$$
ziXhD>t(7n?%y@&)Hg6doHcN!G{xk5ep4N8*`wzG73w+XFV|ZZ`H$V0Dwk|2~p;7Z$
zsIg?5v2-83n7U>1;YfrY%GX>ODO*$5+ZqaV@vCQ3pjYp?+!WY<Y|<;m#trH~UEq^T
zi;Wvr4wSZiIB?r1{c`pNKD{*OJLae7e%B2&Z2Oe?^#(q?H0K*`d+Jr+R%Td+y;1&M
zBvP*X*Q7UF_Zc@#AF}O}et}OfZ9Ph*+jXX?A>XIrN57+&@Gohv$4=E2npQ49F<Y2;
zIi}Z%Jyt7aT?CE1T6-~8K22#cHoZVktLW8h=MQ~PhVTD@p8$XT0sGLlIY>L1vFU|@
zIBLt<X7Wu<9B$rwhBs;}J?ly}V6vU>zj9K|A9Gz5eZo2GI4UDy13TN)ZlndKIh+(M
zo4VK7{N=wRk?^0S#FJ-QD&NV8k+Ej#uGgMCkL#;R);`@cW7h_=jw48>QqUR?pK>gE
zFQu&QcJ?xvZX2`V*;>)bKK)rUxv~sjMrzNZhwkOgSf0xa*lc9>9gTUV>$rW#$bmcY
zt-(3D$!=}@y^{wYluJm(nx!V~?TtEdGk2x9nR|0=PF?n7dM6nacCu~hbKY)BlJjfc
z<4NC<lOpH;#ODsnbCTu!G~|4K4$ZkMF6a3M<op~1az2SoC|XK*&MOGb`RQy%>;7zD
z4X`v;@h>`WPk1}e7?{%Em&;z!ZMyd3NCc0K2E-m4m1GE>!-D4;n^wny4~hlP%3(Lm
zYUdCV?#%8}$MKk}os@?^Lg;(v%ha}bqiNdWPGi%=Z1Ifws`Sw&yKhTl3B05;wJzR>
zD=U^lEcU<kr@Pw#|Mxk+n8-{F?GPr0UXDIy*vt-;^CkcOUjLDG>WSgUnI>1w@qa(a
z*nB@pXkK<FWBOCPc~y}>u5Ur#PB09rt0M7t=1z!2*avY<!<j>8Y(6746>qfb=0+ls
zrdNzDe)e2%mX2A+-JoZ7LHH92TZG-HVri{@m#4MAU$X9a>yx;^?8hDfH3b{;v{8OU
z;&0;>YCRuk6|_z3f40{D#Q1}WuR!D3JwNU+b8kXXXx&H0T(`z2{{0ZP|FQdO6&sBk
z$bZXI-1C?e3~&D-68XQFk-mL9d=7gM5;r8o<8ke1<!#Ew@@Yz^v1x~akX@xAw)bsj
zN#%&yov%rsPKG^?+cawZu(<X1(K>C4^XLG!+Aw;0&M(fJzMb39o4()JJVY0}&zwcw
zs~3#M-p4I)g?C7Vh@0Ra(xI#(WNcn9;jy1Y$fV%Yx!t*~Z<utui;Wuw8rCd7qcvFM
z@10R!%59SwHykn<AO6O(*VKH-clu2KN?GUkO`B=lP%hK+Y-ZHP|NT1k#qKf8j#81I
zFuO-z8*iQ?F@rn4LChcx3)-yS)pwVg`Z$au>-hs^v2(v8j!S#RacRG<@96%zE_NsV
z?>a)7Us1==SYLVv&l&ZoJlS~Hw&^*>yS8V)YTWQ@YelI0#_6)Ju~X(}QL3xB?RNg4
z_ICE5)=Xo$5wYx*@L1tTpCFaDDjUP!65LG=Y}33QQutVGz5ssB&~QT8nv&6M7or=&
zkFpUYs2xF!af<F`+5sfN@BHYF>5B6xYpWo9A6iJ_cd*suzvCAjAYKWdk#ToCuE!9D
zb-b=-v9GK5(*1}(`Al~B_{Se`3X<>`yW$uQAM=ml@NxCAKDi5*9*abpf(=G7n61`_
z?@Jiw2gdxm6>SS>Jqn}M?}%;vKT!8c#>8J8jYRmf#nR@3zOrst>7;|yb!oR!+I)x~
z2XB6hS6bs<_I2ro8RFiq_)_eb?8R60{IXrE<ft)A_VQ9$+wJ1(4!l9aCN^X*iG<I3
zFA^zf?J)&*)M#FVd;Z->r0~5+<mvY!k*vLu$eDX1k=NdjMA|-#M1CEPME>z@B=W0&
zM<RyLB9Zd1_`lZuWB*%wVsUnaBas6={9o(-vH$s+I3Ep1BKr;||3CCuByvG_B;x6g
zL^``8kuSO<kqMtiB0v8;b(nPj>(Ye#<bN3F|F8XzKA7<R$b$JMOb%{rVplV*M*~}#
zQC8EMth=YN6ZKoCF=JOfrIQY6E@)cuzG@LWNN=7ZW=J@b@xz7emGMu7J=;F-i(mFI
z53c)v>3fP}{Cf(``>_0ysHC+=^L3i|9+-XaU}}4wy}I9gNG&$C-C2omzXpVO^|4Qo
z+MZp+CB`Opa^H4m6@N?3)cV1sR}Q$?2<5BkUTz9(W^YKU*O}H#{$#4qXj=8z*Vt$_
zN5q*B)o4E0jWey8{CG6D7zyin*a5su-TKl=hgiX`U;L6NPvG-BW|O{DUY+g#KIf((
z^ulPO|NBAeIRE#uI;wlF|NHIgF#q@aeI@<|o!>WObrHLNr)GDb?{CmG`z98zzJ(Uj
zP}oxX#m>?%iD`}Ri%IX5w|*zG(Sx^32eQX%H|7=Zx+QAHqU~f;+nj7u>zq8(n#ny=
z2r*6F&W$X`+Y>WxFhxv(V5Idg{ttuxqki=Z8iro?<<ksKVAp)V;+7cw#^zOokk!J@
zp*pmC1ufPfTCD7DC(Cw?Y3g?MXVLGAj2kL>{BQXG74&~E;y;q}i_`o^wyS6PkL>qd
z#wwshRKU>gss1B0)+035i7eK!D4WDTmK!;RO{p5IijQAqEt18oy)*0Wd8|45%-1%Y
zeI?}!nOeU)uxSVkrTmUv3hXLxd-ec(MRM_OQ(J)9DrzkamQCI18^xvqZmS5HT3Z&e
zw=p-;-qLMrFAMC<E1&8Ms_&PzU7t-mtc}@>K2|n<N8SFi)|c5l!Zf|@2P%iKd8S?~
zYnx$eTfE!Ux|w$P1LqH6AKX;(Sx7?Vx&x-x08i!Ns^}L-Cq@m79KMJf7-6rL57$mE
z)85X?Yg%*38KYP|6|mKyiK7VF^eiFdfHyC}UJLXmaD6X-lk<nO2-&oc>Sv|Ue>|G$
zU+4PpXhJq!CJ}Pr#1#6MnQ-z0T>o1dKfUHT@S!oe{%)>!a{VT%A4B!erqC-~KZEO4
zs?VqTKngvNc=BMbA4K&RQT_ZBdLHrQeIuFva;l$7^`lbgdBl^S;`)z960(UNHx7I=
zIJv%;2`Asg^*2&|8P&g(LjO9~&*l1esQz-QzcYpY0j@uT>laY{WmIoXp}&>uzmS>!
zpiIc7MXax;&|k;(TeyBHjsI$@*Qd~5#r3ywy@l!(s())xa{U~xzn<$SQT=MFe>jD{
zocGTHuJ_RPdUSnvJk{^}f5;A5M-twYBrC}tr;H*iEA!Z^$jlzc7LrP#tYnWk$U4TM
zNFrn%BaZBStYaL`IludS9^Zd|k4MMjy6@|{p4Ysu*UQN{FI$6CI0M1(!x2gP1Chyc
z7VUOcXS7QChO71?G@2Ml>at{Ks*!lA;E@}7pYW(!BJ@@>Q3?bbE;SZdL(Egd{KQE&
z5mQ~+YM($iNFoQ$*3it22SdlCZae^vvqoVr6vIFMAjy!KgeIa$73%dm%9#Ma>q}5_
z-6Ia-8jT2Ym86m(uYdSvYv|i`|L14TAXHg$sMvy##Pu&C2hXfY-D|q2tqW?hOvU(p
z<JFC(2u3t1Y2BbGB%FbOvxf7atx6*<jG^9VS=;`?q5TNg%Au+2{QCKlb9l-sv?1X_
z`BCwZ!6JT^RTr8zKB#U26^)CyfJP1AgdY*4J<bgBp&vH*=kSC(P=RvNE#YS3h;$HX
z1@CSFFUGqXujZ}bxvgz=ar{Q%|HVacqFI*lv~Cfzh4>SZ0}Ex+slFq=t~7#<*WiB9
z5dZQnv>Ruer~k9Ku9TRyxrm>!hO?tl>I?juILV?RuVoM_oHhmZVjZiS@3nvjDO9}-
zmm0G&UOjmwf0Atcfv9{Lm9ai(kbmS$fK+9a6455r2Km*?_~|C%Z`N3kknDBLdY(0$
z32i%wV*y{;Qbzp8f!}CukKEX*RAu@K63XQrjup|x=q&&<ppTDo2Tq}A)IFSWDG~HA
zx*2qn<R^SsISFCw8~%DD$C`BM%V3cS$%7$W2|YN64=ruaU8fQ`z>!PZ2mbE8JTFge
zkT$pXG+vq@VnRAMmijOs^>PDr@GWudz6nY1u`i*F94Nm+%4<EIGGY-2-nc130^K-#
z3@yPcfrk^(pl$VVB~E{cc{Zf(UR`MJy6YnX$Y5T|93gMxs)?-z4i7%NN3N&jC!B>E
z&Wro)hM6CzFi9i@etis@tp-h7L4hE@s#X_-crg&@tuab3*LsG|tPOCWb&vMXS_g1n
z<(^rp;e?Bapx<#U-r>??)1^f9a9_f2YwRMv?Q5&438^yob-)%&2>&2>aMSFU;$6(W
zYFkQ?1Nh46DeYO9-Ow#H*|^E$JV9uxHzA~oM08S<4Zjc0Y#01p9{jM+6)$Wc=rqE9
z2a3@W835hF+i>}7&JWVHG1N7oR8oPIE=D>&k96Vc;z~iaf_I?WW)sQ*OdUUK{zd$j
zBi%_bQHJ*2JN)%3uN8bxX+*ya?e&qr8hgpb7ukCAdeenG6tcwiJc7Bc((9J28!Dap
zf<2le#jBnAG(CcutZaJH(RI$8Ruc9)JXVkEoSCeM+2Xt&Yfd_HRv{Bc&V7mv9(H}4
z9?fsXy&QC)R<r%-0F2S90kQP7q4mAEmt$W*Lu-sU)}ha~ZppHtHB}tz+DAK48zau|
z(1)p8D)4B2CC=~KCp@ty(y-~&=Q^>c(D1h-ooCXQ-Kza(y4A$(pXt++zO+``PJJ^T
zCpWFyf23E}IlmCcIQ2D7?(sJK{hp4kU9xHT+mjCSXwDOdI`kP#?47fU_>rDhx5VW!
z`8^$&ZuAI#A<j~_#M+?zBfZT-yLh;$E1jlcvnPGh<3nFM)uit&tL2&{dJlzn;t4fN
z-VMtBH@8}4JeFe;4q`{MyNd-rSBZ@J^Z5TRs=B^j?s8qPbmRWIuQ8W2v#B2Jc?qNK
z1K4z_JD>knz685JAq(m9$n4dt*E`gs{)+xNda#i)o#Lv8>zD7t4nE5&zeaj~mPkbM
zeXjb>CLkmE2+cK$lgOfvN49^i3M{KY#XhNVcUqs)h8dS`Xs(wRN`wr+)Q{$O6xWeJ
z>r)kN*@nb=NILSdF?wTksiZ1~O?MYPq#MsW>d)#go?peVZm9t?9hJ#Iu9sHCB0Wp0
zlFK%<*KZb9Wt1h`phm;)!mgHX(D~=wh2015yLhaBE>Zqx!z&;oU7BpeI&Q5A%QMVK
zK(3m4{(d%!WA;~3gB?6<y{-kDF5BRxBHL1rI2KvIoUW;Ld^GAW;6L*KwqIJ2gG@I>
zi;vcSL_Rh`e;-}Sui`4Jh)2#AR&A7RNUvMog|V(9Un1`xT#e;cu4;}&N)%R!o_3CU
zr=%hW9GXk2{*B^7*Dv?`8o+4QLo$%BhWJjI{Be)WNW|D!XnqyzXnh9qx-mLy)bt*#
zrOch)|5<(&5B@s`{I^%>hR^zx28?$UC+ko6h-5ZGe;IwBrKff5vVK_;#x!cG0n=Z%
z)P>2e<AwZT>M&FZD94mOtgg(R#b2+aN`2Iy&!1^f;F|I)WK!A2g>_^uGTta773o{H
zA-nDXSw?5)LK9!lpS(GXNuzsG9sB|x#+In@G`FOxZL~g_9Hhkhlpf612n|`sM<H_y
zs{UGAMyxBwAr(vAuaJF`_*`XG<}T|$qYE=LGNbZ0HO@#whK)KGfQ~}OBex5yera8E
z@ccTe_~N^BjR>EEtY5;Ut~KAOQA=9p@3DXc2U+&U?gDvJ2iX?!ap&}+=V|E1!g1$)
z1&%tinxIM<mxR8jhFcOP8NH*I>pr|wFzsGAyiq>?=8Ftu#YnS3q};)jGfUa<vHPaY
zhaLedasA1q=XZYTaC}($c6~ahTqi(*bN$7S`C<}ZhUsnyqZT!bQu=#`N^8g6Uyy_c
zH4|=kl8hVBNEn}K4d>7OcZmTduzIU20g`=%9!J0QGj4{4d%FE(%bUrc%CT{HX5wzG
zU)Qr@vQ^I@l@*sdsp}?oTdyk84A%bTKg|8gD$B;1{722!B|)usqQa^-%OTx7S+=*z
z5JO6j8=5(Cy}xMIkN?zCXMbT1b4hkB8(Z=#AKeNFe$wV9CthLjcfQacYiHk9-i_>c
zx6OZ48epDY`{i+l-aq#eGiR&pbjvt}b+O#imZ^dp{ty<H&+=EkZ6TC6$7;LsFQ(21
zm{&3+n%=t?*Ig&}hOytJ`k~UWk)}*&PC%oTVVawA(r;JO{!(vgk!Rlf18;0^t*K$p
z2bbx*-)9^U6+2)XTM4+)`_|B;`l+GJo0mBozBd^!&-^l<tY2J7GEJ$+u~m;b2JXLg
z`+PfVCWXl*Z{%5{gx?L9%hJgc{SMb3C;L_2w1N#Nb{G88cP`VcM~nF8bpJDU8WS3s
zlC9|4Hc9O64cRd2R%gfE=nD@>b-3zMH&gcUckKhiaJ~|Uv>b^QjTYngJ!L7L)S6dp
z|LbFX$}w5nwT-Aqx#LomVNq!_HvjeJR|5;D>h&5ci>ONG<P85im$PO>r#TuQ)L5Ey
z%ie2{f9CroZp(<TXxy~tP-Ifj?9?Prcznfr%vY$Qh0;NGh0A(Qum8pjB+uB$ao5sh
zOxp9T`!;Mk<Jd&Act)!V7i{`b@b_mwkvALen;u62@|y!iwba`A&OiUgEiKhP*u`Hd
zxArn~w^lWMtjw2@u>7@lm!bIfV6FU>@Q<_GUqzUxU8J|{msQ)p_7op{MP6yQbRErV
zc%|||V%^@*Il*DKeAIAbuUz8^!rb)1)qglC&(=!IbP*c`lwFe9fUSMnj6`(~vos{Z
zV^<6}c2i#lW%t&M?}19j)CR{&(0odqP4S)a7G+s4wXI-nRa{YMRJX`!cG85(r_>+f
zslRRIWv^G^6iiyCqa@bfSHN;P?m-mS+V8e}yu@dA<MuR@oBJQ{6PsuC{pDYST9ZmT
zHeKAM-9-g0<>0xSUwlrk$Tt5lD(O-*R3qhp58o9rJ?_?XccYw^*<WEz?cO$(Nay?~
zuwNzqw2KWrz3^G<<Gt#!`D@^vpY>{Fx`=+=`t1VYVlgKp{vv&!a&EPenCQNW%x4m!
z6+ZKYG2V(o>@Szv1POD__3~>!o+>?iusXT>*0f&lNv0O9P}ZfFbV{l}{UND2^+yw7
zSo6sO6H&hIC#D{IY(-N`hEB<7ciVNRV7&}IU=$J5&z-zrnttkb_Tha!q;Y!N`lIDf
z%Ws<|mrZPN+8SLhN5el~^cW3V<!#SYen_-3Oz(X1#jx_5-uu>+vUd;q3;*^OS<3bC
zkKO0BY4Iz&>Q7$~tUb@wXTxTo_bTo9DdQW#v3KEek4H^<ix0*gYdyr8n6iFp;E3RU
zT8r&fGcv@CL>1PyQ?<{m9hNO$P99l)r0f&*(0!}?S3t;i$EOUFZ$}o2w{|SqR_G)q
z?RUkTslLdk+BsHzR0hJ93*Y$eQ=u)hQygxY!D<J!4Zbh={8_k1WS9<`H{r;#);V&l
z|1s~BAOMNw4f>q_R(RD^Icx`OMH;$j88YuX0{eL{u+Hsuq10{v+bj_E+bn$UxAP7}
zim;cYO!2v_Be<>05_um#dksY-kKB;f4|;pb7T~GD((ItzC^8mM;?U=P`6f+BgwXdv
z#NJ9;SjhE%ZSok|+&E}PLgU+S(fbV7>-6T&@hVlaCr{hh35A7b|0tH{Fio7+Fo-ze
zi*iU=<YRXo>Z@=wy``NLdGPBELemKT`HTLS>iMro4<GIOjkn4s7-fXM7YD(gm37Hp
zhFTiGW3*v+9Sz+qXA|c(E4sidYGymwKJBQPRGi+bYvNHa57TcMn_u0~Ox+x~wu_#A
z_EZn^TeW27=Haq@st{lIH(JVUn*1sUS`JH<q@r}2bHUzCFDiCc1@6*umVBvxN#C_*
zP~P;TEWOAjYo@?_&Gdan-=dV`V(eDZh^&oGvypxkYVoa82wUT``3tkiM5`ITqN&-}
zuct?;Yvnf~UbawGmja_>ZX<pso>T!=;Rhn+LN@Od<>p64V0YBg6d~=VEqxlIYFATo
zdw+;tth{CK_m=`1QP;EdaNV_L@=@T|6p7`6YS*>ceFnzCmWhgxx4nj%y_7fl($3#?
zzV-)g`8P47F>Bo7EB9u(k<R&E=|#0EgSe3S3zmXj6xi1*KMiLNbntE_8Clnu0>9A7
z_zcfe2K0va3hj+`b1p5P6hW=b6$2la1#fc-6~!)JGp5PBt~syWCxTC$b~w6tw^$=~
z6MFL+B~HXq)5qC)@~=Yci@tY1bQ6uWlVVRkn8oi{zpF~}w%codb}(w6SdFyYy%=(#
z&{gbO_r02ddBn6+f<yk*)>iM%%|v6T3{z7RhrnSSK4goV+=G^fcPiIwCV0cCl3(QL
zj9rcpesOw4k9y5Qs0EE$V{V#W(ezFjR=PX#*TTDL-MM;j!AHElG|6N4M*1}YN6K;I
zVd@5Cc6raz3!&wr=}GR_-T%DDL}eq`?inOcJgMz#ey0(l?G+o=94va~ApG|aJ9U7+
zfx#<trJXF@m)+rv_4nVb;Xe1XJROtB8-esut7txU&bHp2y=zd@EGr<Jyjef8H!^#_
za`TV|br>+U==P__Mmc>*LKng@xW;quz%C~2IJ+;qD#X=8NvZCtY-nximnzGE??0B_
z@CK9!?iU1>zr3a)GMtQ8f(;}>5?X%LY8b9r#251%^aiMkzq!8OyYE^jSzq@zMf_4l
zVoFKnol?G{$3Ayz(^F>sp5vcpAao9$Sg*gpySU%m&3@TjUR_g>gnm}z0=YKok#}Iy
zXQb!b+iHAGDqzw4=aWV~UW<OYd^c^%60M~BE#5X3t=MnD&b9OPmVc9&)akr90@8l2
z?+rP<Wj5A!(tc1V#GK)8v3a*d-ZT}qR+rEhAPgT@r==>om%<0GASpePKbE|%2RrP`
zJ7;GK?S2yW6<L>VNFJK~cQAI7uf=qvWkKyv&GqqB=^uw%S4(e1JS`}Lg{Y>k80u%u
zJT-*zSy*h>$*)p}=0EyX?wshdSzc|Z{Lmq2Hf?Lx?LOYcp?OeK`cekt@1Os@imItR
z7`vg*qq4n|Mg;$d5=<FZx<I&P%5<N-)bO%L(wL3A&x@J72Wfj9kd(|^y+e`OY5N)_
z<Md4CsosiAUcU8Bi3Cm4)~S$JN({T99-e;*4-G%Bwbov*E$Dw~^4V=k{YRbielzb^
zk$0-<HKm*(ZVjb}Ld=@W3_eM-!qEp;8I`!XIAcTEJsx!m8Gp_VbaSm7cC;BgxD$DD
zO|l}bo__|G^E4^wi$p?<%jlA>Os)QvinZe2tE|HKUdK<g`-KXrxjIE!!QadSDy@`d
zgLe+fl7{47rJ!zB2OPJ`#Lh&2QW5FaOKcBh$%GE1-r=kqM_e%-sZxe_whqrHB^LSV
zI52o*p*{u8Qr>?1^2&$Br!P1-I4+KF{Va^ub~5S=jy)8(?K9tHt|4UBZ)t9*7)X(t
z1kp>gw#MpicGR?Y^Y0EJEkFN!_{Hkk=0fk_(E8R>CZ*!*AtQz&MZ#N8o?o=Psz~Fj
z^OwG?Z*5L{kB35gFU?mjX>7G}es4aQ-O1<u4^gM+m!g-WBvP%dZ5}J<W$XR8SmI#j
zzG~-aaZ?G#_aWDL>PvvBOX}9-n}LnTm4{DT9Ijq1N#k}BQ%J77#@?%-Z5cU!T<=6_
zq3ijd+*_UA?pW}pv?(Kvx@U;YDJ7{LpK(Ww8!3iH>pl0O<4WDf)1oPGIsHKs?OH66
z*Hix5;UmE)AS+3M3n6{#kgm|w?YCjnaMWMuc)x7qhsqj@m5ISs%#WsM?Ck!NgqPZm
z_>)U2ccNE$pYMKp3W2XL{iA;Xud~*#Uf;Da<qCVKA-Aym&dyEJe=4YxE#fjMHoN<@
zu2LvbU?8t2GJAisKcHz{W~}ql*qb}rDe&5L2jXYsTg^{61IWD(0YUbIxvlM%)yh=}
z0o1)J$5;Cm;#|5mzW>fQBmT7}i*Z?8w<`0itw&7BE`8qJ6WWuH(1hMwu0F3j$6_Fi
z=!>G?WOy3A8BoLZ`bVm8hG@!1<*r`?qU_2Ud?$B^AJ<(14@BQtW|X`!6Tx2eu4^HF
zR5cXg`@YXEk!SkeoipU&;`=sL_Y{xaUpC!_u*d?n1MTMFjs(^RS3@Z@cWWzn6_p_t
zVdZ`O{E{!N=5|FEdX)o2ujUKyVU)YK3|o_=rzn=|MsC<}Y`Zuw>Dx%{p9lpHAK!VF
zB9EYufuP5=@hf4wm$aM`a?H9N*l&D%;ibiCl?`Q4OZ8+F)1gT5yz}Gz^GCz-%}}LV
z!_-II8os@stbIk|SGi*^GS1F_icy8qzAI={{Om>ZB*IXIpSr$eZ_`0I1j^5K=h71y
zNv)j+m;W5MKJI=Z9m-MNXIK&he(kxLti!^kw4-4FDUp0)(yb#bt+h!XJJ~<mbSvvg
z*khz|<`%f=t1*8s1lhP9y>i6okdgxXbMWk;8cjdA2A6;Q{bxny&&Z{S{Xcat=XB#`
zGvsR89MCSe;g2iZ9PH6{O=7G{cSr3XXE$6zq|x7Qo7#TlaxrAU<*+=3xoD7Ex*GGu
zw|-{9)H!2peIJ1q(uiOiOg~w=7FzZK>UM{{MI5yg#=}Y*;2^tC8(gX8{Bf&pug!J$
z-~EBcM0>4)MposGKWAM+7b|!bFgoU;JE0I4zc1a}ce1p<EUieel+`Q2zP7KO`(fkl
zdlT2nDg!Oifv6|E^?>^$og$u4c?GzdC_|rHnYc6kQ>Q;T+bs&Xv|!aWbYamel;W5%
z;O`e%WL({=wj~GII;Ag7GY>zrg#4B&8Sc>d6P5I-E-^G_YA=YhBH5<>@X60oQ~@%Q
zlf^*0i_j^Q6y#=5ooJmXSyMBeGM`g6;kc`c<KE9dZ3r?PTY8)wcICy9YwGuBW#30$
z3REsnHhkDwx$EKjZM!41@u|hf*Lhv+OI=d2_>wEubJZ%2<G;Y=1u0sZlyT@EU^T`Q
znih5PcJ0#O=LP+5k|8UR_0$`@+60Tuzj>HqVb%JO`9elv@NUhOzcSP;bH@gLwPnAN
zK@Nlb<+Y4r0ma(*cDIWpox>ywr5rn@oBvv5JFlM4HgWqd9Q@(#DGi18VaVMxNj3rB
zYet-j8c4x6bOK%c;DaDom9*mu;=MB$wKF!gwa@traEBk(Irr7yA_7k7)U=>#KdC3~
zqwnO%L7Z#st|k`NtsWo+s4gh-{#h$eq7xB5BQd8%#pQdd2sr(>`&LC+AV;^S55p#c
zrBFj66FKnNuMhqF@rP=>YnA9V0+XU3OIj^5UYq8&^{^RJM&XcmB1f*onxa95){2|9
z*$2rta|&-wWbWNI(R+80Lv8f9r}=HwzO_gn?8e#@qY#_2!Ej)%B==2W9sFT(q1bKH
z;XwWOg|Cu@1T(adc8MBlMQ_`~8?L=kV55g!Uz?W9xMn2rX3ko>9I5t;0VcqDa<g}+
zUQ5svtrHUX{+g-9HP{N9h)#nx{<YrQ=p>E3*0)t7qS_Irf~Kgq7xr@4L|UzW?P0{Z
z&rs=FV^nXiL2s-f`QBaFW==eY3v=)Bz1132f7`yn+B<YYE7I4dKTM6*#<%udgDp9}
z9VKQKZUpNN_Zeu#4+smDZHQ=_HQBtKLhB%hLPV0EKUCa%sS%Q!R=ddbw#qT4Fc2#F
z=9S)C{aG>AqvW?$E1HQMG(zD^vfAioJwce4meF9=Th)W~YfA)};GS07tjc|Zq|FfZ
z{BmJp<m{t~V&OQegZNilA;ZL4oAtkCXs)gCv??zg4N0JF)Zg4d4YQHvpG88QrnF=q
zE$kz5U*S9|MQhq=+<C_JD|ry@+#6OkM4543bLcCapSf3Oh}^iBLmStI0b;uoPd6U#
z+s^kA=UqAYErfEM%K;XPb2gXkz=u@2BM$A_*fy*Xo;`TgN_Z;H*xaitL}|R*p1?c~
zGl$3H8qJR!a$uckVLKJd4JmUjhj6KJA@jlR5Y}-WM1UPEp`L$Z%p4PkqcX4lj_0nl
z?Ftbd7pTN^<F8htI`Fr~hppTBUf^z3I#&+<z*APb+CBRg!Z(h#ho#i>Y;c;(*@yFt
zyVpd}Z3rV~BmFOKnAH&JHY5?MFYBLE@1_3#6~X_mh72UDgsFTQq)1|cY8vF{xeSR%
z4=~Pja3EXtw@HkvFGZfq7<|sn=gGdQS~yJsvtfV<&2PkRFLEG7hT=Z)<f_SCS&}~o
z(`U%JFk?34Tr#ZENk9!gniX8#YYkJm7FR`!d^3B1`x}E7?Z24!GNi2k({#-7-=UmL
zwTzVGDe2YnN3Rm{dETkXF|P%<+`xJk^2B<&G0a%5B0uq@tD)(64Nvfe9E#BAwIAC_
zDe7>M=z+A&t~bk!yDA06Sa`(d$~_qZku_SPuowe(|FjXk9m|1Kd$-`eT5GiBH58s9
z0E>?JbX0`q6i{`f$)Q)|Rus}yp(Xt!WJ!0Sqt5(~Z*M**MU_Z*)6V3Dul3A84o+vd
z=Qq?8W)F)nsW;zv8pQj0#Oj-6sJ4p?EsYgn1_`C8Z^#3}ofqIKwP1PlU%Tk-)p3FL
za^%4hlb|Y`1}20btNtW?u=dz`<vubHU4(&i3AEFG>eG|aS8J@22!|`Y^jVm^fV|w*
zSR`>m6#exlDgtK|f7Z;3vCU62+Vo-?B8bNfu*~obtr@RcehO9644W6M;6?Vz6W5Ja
z$JLJX<Int^h7ym*?==dmhvjfT7i>=%YReL6x1-5<;U)JxRJx1n*C+Pft*9zS<QWH2
zVs&r*1pk!-Ni~#XoJVXeqeYet;SB2GFBZJQ_x8aj^@A=i+z-d^-sC~5i;k3J(dH<r
z2Pdeb(?7SW39AQsh2sgnSDv%D4soiXE%G9+<WbIKaQ{-evaqIuTkAoI47EMZ``48E
zyk&hPb@2LX`>)sAf`y@ls)XQBq4~7Sx4Sa#3I7<mxk}^o!b|+eO#To~$Dc21p}&l2
zZMuMF4WcHes)_Pd5A=^eleybi2)^YjieJ%89l!9L@wr^ljR()KBvdsE5O$x5Ki}g1
z1zHgyaN-|1bn=I<z*84v!1JlEMT!vdm3gf_EuW~Ee|k&3%_DZZ?!p!%c020=u8~J^
z_$S)6P*LJ;;C)9tv5^*;`nVW72>YBTdmS@a&_iuF`+lt&8uCfhQ`dI(=2xp=M?7BX
z<uOFISdun4{?s<>UIr5^UpQO=A^=anaMGt92KCZ~Rxu?E<mKl&uPR<n<EJfH(Q9H}
z?SC};{YFpx1%mUHVS-=$F++Z+h<cdur&D`pe27T2#AqfFk3K&`{Bf{gDfHY{rWiBG
zbq_tA84*?%EfJ`RC$`dV83sAxPyds7fi2`*>-!h)d60BKcz$&%@GR+I>(77q@Oa<j
z{0-|5?JAa^vKj;l!QdgcM}3bAt5*WL8odETE$tF4`(7htx7qBP<b#8t^Dw37b;hs<
z`B$(`r6~Uw)wIYF<HBir*ep{o)=x84`t!^uC80P8I@l!B+9|=a2K5DGRecB+tR5f1
zlCu<lK&WO!J~Svl`zKEY`^~i0lh3!BEq4tid6AdY)x<dS!UWAf=<xUV5Z~kwwRBeo
z?aV9>ctj`ck{r<=RI&g50c!B}=)QO1=@=7tmFuUgq9gpNKkf-v>qbNfJ&zmWbRN=+
z@{EYz_#n7iW$|HMF{xS?boI=`RS)iYt9SQ==PRNIKFpszTz&e<SUNkQIe#ChLan;c
z=Vny6UsXh`^7X&=WPG0LG&E-Sm*5z`50!h)<r36B_Ud`Ev1%iJFgKLHx^;~~-Iryt
zrS$s_f6<DhpwE%(qD3!mz767&GfWH=S!)ui3Pc(mC+{a$1r`<_tr?Ad&x6PB33(jZ
ziV&(>6COP`jSte9*Lht3Vk0K`l_ZomwJRZmU*_z=iD;{$YR+LdNeTD53?^X_yP&VO
zr-CE3oG5GuJXr)E$MFd}*(G)EEDWOrRC(beq?~}0-}UlP9W7PtKN8lBi-ZkUW#Ct6
zKWpMY_1O}HUe0@UI!T%dIli=DIyk?$@Tp0)w?(xXC6D@TT)5cNtGht;N~bHQJ$s(`
z(1s?b$;;@&J>l*B2G^m)Q%wE^MIXY<5)s>w(UdB<EuDC(J|9uvWFWasb&YsaYWvOd
z;#MOa(U$?vc*f|Zy^Xp+R1rDbn6s_FdE#^6@`kv+_|J=Ttx@QRRIde%BVjf0jn@rG
z+HZ(kz2CiJ;kV*QvTsm_2dAl|+=Ektu_@9du}(ODMl<wCIZL?>=g=Aso?txKiP~sh
z{AU{p|FgVEwEBms5eh#0tQzfASe^Px4sIR(Vnu6SwMyQAYjCEEV7z-p<L@BX5vltG
z)ztoyuY?uVWYDn6O?9$%G=eR`7@+bZpo9oK;o$WDyFucDtKZ-LW2%t6@*BT~g>O}V
z%aN-d&Dr8p^;&NIu>Wu-c>Cc|Q?Sss$B}$s!}QjG->Lup!@tIC_N*g=<6R~JOZ~xR
zB$t-Dg_EiI6X~S>_bJliHq>=Z;%?7H7hU`6rY8^Yo9^!Ey>$J3sPLiF;CI6?O@%_|
zL)+(}^vlh4E!k!k%K9ySPx`B0PMSZYd$bJRWv8EBwtULI(Dqq>*F?!0N1wH_8+@6)
zVZaQwecN=`yAM(GJH^JdOmFDNW}>E?_;U%Llk5iHjInvGo#BZqj?=%kY)p-%mn2q<
zm>%DFn$lN18F@LcK%O&oM)85+6B*xXYSl*dKU(&W<dEIglWw`se1hJe^yg+w+(9qt
zPSkcRBztljImzyS5dJ;>(RsN@HM!^hRI*13bJk=9K0PyIB1g7ceQGTN6_)CGzml>4
zu<7ZFw7Xol{&d(WL)_Q2C787oBXw5A=*SmZ#Mt~H{z}rsRLqyJ7yaJjja+Wk=7>T2
z8#5-pls9YmyeoSsKC_wOkhOB-=1hNDNv`;10}TvcW7)l;>G7uxzgK*Qe)ERQ^?bG|
z!D&b-oirGw_9*w|o4XOjFqftwIdfItK3lqTNaC1(w7QCx*T;KKf0<m~8?`j&Q?E(!
z<Ea1IX}Me(V3?|MnI$x5UN`-rnXWXtn+Z}&Gvs+VdfU;Y#^Tt`s_VR&x3rb)I7iLz
zeU9q&J;d-S?$4L~1>Xs_mCn=K?nzBsHRUj#Y5kt)VVdzvyF8AZb<BK%m^)R}hRFe6
zO`Gf*dW?9soOn)TRckYopUJA?#N6M=S1Tm_YI9Ss`;oZ6ELwHLY@Opl<#Pc#$F!LN
z*M>qjVR3t=9%_#pH(b~Q5XHkDoTv1%f9`#r&@rogHs3JNQ&{xXe_k1)*mhW?-+ev$
zgh|R4S)H^cPCvc!V8PwsAW^73J=F9@J$UNp_kXpu=}FJBOEem*zCX74@UXtQ|B0*5
z^QS6qTQ5G&URsedD@z@F_B!;pGo<^s^T5M|?sAT4bLwsVojQ?9QtZ6!pz%|22Rf_v
zgix3iX44<35>R6K`!c1KjB)yK!)l#>!%Xj&rawrLM9wB*eFfL_=6=z_FyV&>wyT9R
z>HZe*$Ju$8u)TZfPJA^gB`SZcE;zfV1tI8^=9P6Jk~~r4-Ot4LhaIWh!5?4x!CG_X
zWe4i4++CWV&OlUeoHq_0c;0LtxBZH}Kb2GFUH{d`qbiBBpG#r8e3w45?0orly(}0a
z=g@z@hi|*_(~kmkk3Tu@>RH29y>F-SG3hb<Kt@PA(AsVmi%&g!@75dO;qhE_`8GBT
z!{&m1)$rm+!8hlH`}t2|+!_Xr#bjk4RWI;#*R)NvfcJt$D(}4wc4KbkNjvGeDRl|^
z<w@hruBs42oyo&2p$`c^2Xcc3C;ppxKljgP?1wVT0q&)9jqv-D;&%xPG9Ewue>_;g
z4qjU}T9-4Z!7JN@<_I3HLyiXwM@8*(QyX|2(nZr1iwrXBN9F$Ye-CROF~xF(8q#uT
z56)KAR>(LMT4mgDa<mh|uqgiP4bf=stM6ZN5l{a8dFW3&TWo@bG-PXga9~x;rh4A+
zH{W|s$u2nwi~OMDL=95xNc+>|ocCXoLrnY%^1n7;x~-G@HT-U?z$I^<<gdeZ2^=5X
z3!2^ROGho;E$FAHkrwS}N_UvQm^ZC+>hd|Y$%>GRNOm`M|8u+yqE;7I7oQSGK4?S!
zjHuVbWc<<=GHzE83g1mTbe$aqNH(_rI{U9x27MQKrl>~a_Dr6}zaFxetG~F%!&~tJ
z>u<yMNBl@cwHv%`e9#f0`;CKr(IxyZM>uwsbMK{qq7T>FdWM4{@(UsHTE7-i?*Xw&
z`XXtZqU-KdBlCY64r~0QyC>~h?hR4TZ(}Z6;bW-i{!}bViF9iONFH%fT|Lo(3kLs8
zX4|6vNf1a}eWHRAshK#^N-7%H<y&|CkN1uPeJ%J3wU$l&;j7$Qw|=r=?q|Rx|2Pl6
zqKG{hxpq>{XL@lswAUv5?4>oWZ~59JqIrDDu>Y1E{uy&#-h$SvsMvsE`Izb&2D%#M
zQkT6Cvrm2AO8UO&Dk*%qS^!DRyLGWw*Yd)mA=R5lDM#EBUsHK$sOZ}|_l~bywQFYZ
zdX1P%<xmCx{*?0wn=baYNTipQs^PS*^$t&?%kCQgS+mFZsFg3%wF6oAczEsEHt$_6
zc)$3`{l|Bb+bpEif9nzKB!m2+o{eAI@(>WhM#Nu@9Rk5EarU=hLfvN}ymIpU)eSK!
z`fW$&lgRqJTslX#&nJ7+1sV>pu0qaza}k!a9Cgg?Gm>j2G1x=t*AfuqhWZpzL=8F(
zeX`1hcegW>UEismd`^4S%h~E@<0Q>6j<s*~Uc*_mGokMeH$foShyn=>`#vxK?)t&<
zW?_D#GtUc>Qu^VMM{um^iX<(YU`?<gvs2IYyJykYIWK8#sNSWP&H8X>W#{Dh=kgW7
z;NBSp2ctL8rHkzk-uC!*-4WXGyHMDccz<Y2EhDFK*loT<>~9vkTs?+(g=)9a*k^~i
zp*2fFJ+*djW3_hSOXr=w!AoVQ!N|>%mg9)JzUnlkS~Xh#2$6TwZ${Fl6^b8l;Zv#}
zaCwZM2$3dUNh=L9EG0b8As{`+;uhy_!XBXoOq*M3E1XDk%&@@@=F5-Q|15EGaxN|T
zUk-WB8-n6^7gDGXOC5lJwiRyFxtF7q8E2X>z<c>`(Z;a97Ho1Wo)1PhHB=Unb7k0{
zX>%Pd70)om^gg1j@6zZ}uW!Cs<Hl4`04$?QShSF3{ibMg5(A?W(-vO8thT%q@%o7q
zYM^?fcm3TN@^zIC|7Z8!YR1Ej*GY@71qxZ#V&2+f<r;Kg$WI(d7+3%HD*6c>)3*F~
z_`OG%+?n_24>Nvmp~BCNO5tXt0pgYd?<B8L=wtAwcz<6DOrVSnbcTztucvUl3dCQ`
z;acb_>>o}d7kqKc?|Ij~3r;yY50c!HXUeXsCq^}K={TL2dW|9JJDi<Jvsq|gSWFCO
z>%B_ja2o05rT8B!yVPq|TVKLIQCwkZUertP)n5CYsFzJv22Q<qnW2@!Oo~+8gzQ|C
zKSAxoX|D(FK0aKxP^P^`Wrb4dxO+vBYSJ$^YGPIPsz8i?4YvMARQHjk=3Fk9{2*s*
z;y#<V;p;kv?WxXYYU`7mE6~J)*_AViiMCWfPrmuANbGuN9Q*E!LQ_xoiCOeac4Op>
zUN(wmWhM@LlJFn#fxINm%Cp5Vo+idK*MB6z70C|IL=-k`iat9=*t`9TSUbO8RCl0l
zU`%%)EK4J3#|ClC3?_r?F7Nma#4)jeQmp-`$?#S?)|_SgJp6n*Z+2>Q%v@T0wEHeE
zll)-!$!#Fz*t|oFVT54(&UenYq}(zO%k%lBUFx-Skfssp+kROrRKYA}-()~8N+~=W
z%}}L&q8WDVxyg$-j;Ju}O29VVXHq}eX)~oZ5A#}r5RZxTzze<wA%Hy3h&Y~||C;tj
zwY~ZVRWep2%x;&^h3%LRO+;%3h4K67#`YXBFC-KYIvBxbf>p=-X}q4@u8KNK)2dA?
z7S3>nT~KDe5*F#lDj&;&gV2#MK2@~I*zbJjld)d|VnD8KBfA4lOR|#)Oqd7Oln{)L
z7<DrCswc1}Ks*n@KsN!!OOqXc2A~BI$GQ1@oABg)g57S;x&-1_qTcFOyShs7`FTuF
zFr_)OUoO-3d0Q4w(p$f)O^Aej-nn0JzlclL&nZbpE=m*OY%3D~P?>(H5ko%46~9hi
z*#Wa?^|9<3yUE^WUhC&qS8&nTe`gYzfBR09yl1@>SQMyELSy$e=MGooZJ7o_qxOBh
z(K^{!>cH*!R?S!v<4S6$CVU~=@A|KO$ja_qE*z9~lN9gwW$t@6mg8TlcLd+x*}h=@
zCOX?6tIqFiSx(32l&Ll?V?t}?v*O_Ji5$v6r|*1Mo7^sLj?v}zpNM;-<FZ+zl_aBi
zliv&(ELoqEXwCGaZep;e@}$LFV2&o8+onL#q?dHIQ#P?FABc?#9}9X5A7A$7YNE)N
z<2@Yf)SO%C@Z7<4^3JKxT@0GI@wG<?L1LCTpAl2hVdJfItm=KSmFX`P@x0hzM<AiV
zFv444f~D$wVD!wKgtwAB)@Wjenkx!J)6$8FQtA+1DL9*B>@0k-Z#t*u&D+FqrUWod
zy)T~eHqk1FT=-?%f8sj#a7WJ$dMpJTsh*SAF`H}s;D)NX0S&r5!Bj;N7>PZf&|%f-
z1X;P&bTM0rd5Ja;M3WH{GiT||5+q~(Bk(8uoLO{WG+}PABWI3c!7yUyytj?W=CA1F
zj=oOM9l{**j)XVenM`JX{7g<AU|;d(3{q&~J>vn6+-{;h6Ee@G3Kd!TbT(Jl8L=bg
zEgU4(#AwYj@V)hFU}SQK0SIp9U7f?>(ou9A?+G6Q!IdWyRfk}NE1FNhQRl=qTg@Wl
zRE{hWi0KF(^9fh%IYy;TgP6EB+>D*QSvb^u!T?GM2^db$UliNS=ZcJ*+3)N4)*dWl
zJ|SgG4>|mWrDSYb1PX-Ri{=yDBucT(L>7rTvCVh`3dYm9jHozXZ&CA!Q_pjZEwh2q
zafEG5R9wzBlbwC)sid8KU<;$zru#~EpT)!<RVuMfXQ0(G!D(ktngUj<HafoL;=b6~
zH{uNu2m^wk`9%IK738oO1&j_W#AU}3z(Y*zg+nfzPsG^JK?3qJBICkcImI^Rt0@^n
zf1?0c|3>FG;$B|ow*g-|u}u*a3nU;7O2v5k6ZpaFM7TEaO|^zqY?CpM267nH6CD?h
z+3)=J3hRJCpigxWh`ttx*e14$iczVh8YF6lU}w+LhzZV)o0%Q~d3Z))K2g(lUTkyB
zh6!@$0>Xt^fSjeav50MU0j*GkB+x>mK;FiWI=`uItk~Hn;4Ya@Sn>L)y4suhGk^r=
zFhT;1DmuUMl`}vB46Fd`nzWsL&jAwxA&D0-pI{}>h;7EXz&b1@s8#62HsQG-2vt{*
z#{rO_fnpx9%_p<xApz285Pkn?=ePDHcA&pUjX;>4K+GqK&aQ}U8t_pwDy30fcWkA|
z17@xc(lEB9)&W}!V?eeBL@9&s{3fx$3(CF=vYmH)#e72hF9qcAB8G-BG(ImnZswb#
zoqeA7P@Ftp%-}i3&=}*+Z&jZ_wrR&>;&M7L(QzsrzwPXgu;B;<_DINlVr9fO_V9cj
zD9phCs7LThbR4Xe8WeYc3KForO~Du%kP0$`bOo82(E*v+h9MAgN1(Uf^C(j<a2<Of
z5bS|c<`cmcpe>)7f~NUR4GBPdQZk-CWr>XAt;gBfOFm;XpU^x7O$H53^_38Kuh+y^
zq#XHrC<Y<Q06FZ^|M+W?NrFl)a-+k&^C(6x+Ljti!GCdAC3az>JG%~^x*v)_q?s~9
z0&1UjY9i1FbmkLYA=K8?E%)M|Xt5~U>?~wrsjg5$HG&`YS51xBaktVdGoP7x3p6n*
zQ=fTxvo>*gP#)zCG_!?)L$#~ICAP_I3sSsQb&m0rT;L4m$T-;gX@~e+M(36w3M9A{
zBb42J##|DGj_Lyk|Gk|(1}BTigf6k}c<xxuz1H%gakZDkaUe1qo!E}gO<dTfz<^4`
zz*!*sKRjq$W4_NR@4V1aU~D;vvy+lE<_@~j#Ai(x0qQ*FMU{N=ah5i#gDPo=IL8gn
z7}3>Eiu8upnyQ_4lLiGmvu){cuz6oF2iZAx_zFE%L?GZB)XBlmJZY<`NZfzvL1kL<
zhIIk!!j7l6g8X?RwR!)vuVfQrD`VK*i6z?P;HvlmwbK~aX!>QP-Kg$X<G|?sj_Ho?
zotWtER<mFsH~7v4Z-F2M^M3vSt|q!xUJptVkJz%1QZvUEiv+b<6c6y=t8LWG+?P3;
z9kiVkc64YGDCv5)l=34okJiy(@-goy?gRqY$9nySh=QcKPd}mN{V0DH`STInt+Zj6
z#Fm>cy8$mGX^tY@I~^jj&SlyWV@f(F=TbWyh)r}s@<9&VQ?~sq=OOzqzntTWMn{!I
zVnBNK+bOd;Ty5eHX$Ps2gAX?6ZtkeeUEZm%lS&;@^`;7%TLP{W*-6=szMl*5W)BiS
z4hF@U=R{;mt~r8P-{t!i8YFApk2ay6Wol=-LP^f~g6g@zC|c7`gzhr~J1O{#|J-+j
z#FOiPhz@+>Afg>{@7&CurxH`}woGBREtd8x%FKW1B&;Qu!!=H;x%O2)6VS=Qe1C{@
zepPo*V^$)$qQZe+iik}3mNSCqjH!u2xftk4&@@KE<^p!q?d(fP7KqG*O-^!}=Ja<a
zq3Yy{#MsFN$sOAxG6Ox?!PzI#nondAIl|7Ji8np?ictndy>=@qr*?PFV@JqNihs$}
zPO5t0HX;+XdmWLPhfTGU8k})KWDaiYAu>}XE<pANa_;bNvG6fL_QUl+m$X%#OAc=C
z2U_WjV#|Yg&>Cs}O6K6<mFLX+Lvh#4`@L|2=KYR1E<|SaIt-DSaT9<T@X{m)7vm*C
zXbGTS3{UK&prgu&OxkiVd<SMIAp430KCxx5DPZPKIG7lGBtS`|n1e51wmk<q#Qy4V
zXfJdJT~kPdKnOQq2F(=0A-2pvbq*4+Zv*^_K8)%PyK5WMt*qi|lXys*2ZrR41TAA|
z7=w9#fiW#)f9Wp+WPiT(9AqEU3YNoR^pO2QEwg+==l2c=)ek;)QeL{;<`bN)U>N!-
z0(%({a9L~yD;8C1$bPj4u<}^V&Yt!w2weSyO>9|(yNM2@27tZNrA|K41m;fj(J|d&
z0x5R(*c~&_ygmFK-<ao<!Bt8Mw4qNJC1l_83T1MzbZzzh)0hX*-O87^zz>MCofJ#A
z5hBxTUIMh){2(~iU8;yo(mgoS6o1%l^ZpfYK5z)_z?Clz9oemX!3N0Y(~B*eHnEE>
z8%%&4U)uyeT)cq(Oz2eabWn|^1U>NSg4i-wDMfPd`NtqV6i48Ao+DooNqu(qD<l;J
zVui$MKCy+iO*rH_0au7KuBf=S-{2B&vr=zo4+T>vV9P8D9nDV}_~PVh$3_PU+%Tai
zyv}bx3V@l8md>l40z1KTDsvX#28eQp0ztV=fsSHH-iz$@yCm5$IoHz>Jf}DJZw?jd
zykoN?zjF@^PA+9?k5;}dmh{f+JJ-C0g02U#1_^+BJ#f<`2kuzLz)bK0w=>CLLeb7i
zAZB0UsZ*(4N%ZIqF!#0q7#x6co0dxM40guN^>i9{*n&Hz6{|<KbMNOKg8MwW?7H(f
zp*_Yb3Ji5X3<ga99!o=8JK-kkR{Fop<C6$fq-Y1PpvsOSxPLS*EU|-Agm&J0!xtpi
zWGi#X1qha78}AG)maucm_9Ens<6A+ZnI3mTWWZ=p_U1db+40`#vEx?me04}G7s=RZ
z1)QLYcy-9N7Ns{w+wmS?3+@y;yTRY^HPN(EZ9>)*z&NhxhyZKqGwvo>p;_`FErxFU
z;u^RL>}Lbmu$}umULE&#BEZm%V%%amj5>;JjB4qa^aSIEqUk{)t?C6Lhi>kJkUlUb
zI6*38ffN6+O!2p#Q{E1if<mYG&qRV4j>9CUYzt{+qXMHvI|(M>#QS=49tU_c1+h#p
zsg5KZ(n?aDcJg$H3$`hKCG9)dJOLt&VBosW`OmH4+~8p3T|H*<z8DrlHO0RP?qLU`
zk0Rk<yh%ROIF0e5IEu8T=BLSPqTE8Ut}uc@qUb$)U&{6pXw+UNpe`MB<yg;K;CS>s
zh|0*DHArRRyeduA`Ha8dG?N&tsfof(G|J1@zd|SIJ<oa3oOa@EKM^{~!&V6lTP$!z
zBm%@t-^6}K2VD72p00f^!wrt$ze0(n#8Tu1Ndr?%$LEd>y;DJrE-A}I9>OWsqUt)U
zqxL(5Wx<hlL0o9(Qf6+YwWi}6e+h;NlLRG(Nj3^YVV1Ph2&|!_D>_)B-8*Q(FAYPc
zz-y5S$vrAh3Uu^zC(2s$g`Q*H6BuP+m0+P|^;Kic8T)i)f#c24ytGr-#*4Qtzkj!+
zdomnbg8y^SYWUsHf7klciK-jNJbRd7(s5U-ilC}EmmByVLF!$4$Uk-e-GB8!fNzZ=
zmP_ngGQEdJ5SeWoq85wc;BUVzs@j^)cn70I&1&QQ^(;Pik7xdSGPYn=BdAlbRY@Q`
zPz^sHT5fRBW+(AW?{vXV*YWXJGG5<U(qTAMHOxSbw5q+zKY#kA<sv{(5oMdI6U<lL
zZ9_B1a)q_7f!{q<)d5zRw@cXnEDJ07%iv>lj`DEAVeo)vI_xVJtU)Opu0}}4j$I~W
zK)KoRX;P}K$L(A6v0SZi|0LqAYx&R%+HNdi{DIm$Qwwj7&tmnp+y>d%_V!8k*xw6F
zrN6-UxYAqEU*;v`-+uatm3DDC;0VU+qWjb3T9neYIa$lKX_(v-&p=aS)0{=Ymp<wb
zSg$6(XwvZEHq4e^zcBa0=e4HKoo_Fbc+3pryZ@X^VvI(anTD&*m>QV+o6Q`!+h9JJ
z?b9}6{c=kN%IZx0$M(yp2-!?<-)Y-}71cj^qZk-9Dfl0>RcjRf<_3RA+q8vh(4V;8
zt(suHgCKi8hBd+g;~(hUVMvWeC6~@;;wY^R9o#oGtcqj7uP8Hbh@B{U*82?pCpT0x
z)Cexm0(b<jh0wA~m{CzayuP)84J!^K_6z(gY2Vd2#&Qz%{$bwj^Mw3l+7WK-<J#DA
zshKr`u6@hPt|yLK*)Wg@-%w~=8or-r&cL%;G9eMSbn71rVOes`OM?)Yya)c3k*q@u
z=THxh<ybhk;H6DA>ii+s&w4HTO4`3NliGkj{-Me`^#LvX`19h4vd}9zp;r%7HWuXh
z6gF`2cytL$bVqmup15Nx*h95xOGy&?25;W6l{hP_o}na_WfMmiY|fKl3WPEYf$JFC
z7fc*I9rzAcErH@XrzC8=3W(q5iGJp@a5aN4WnlL-55K^AoHo6G?<H!+;mokQm5;bs
zxgUjJ=Ei%m6NJw)`c64l^9Nl|pK)zO?Rfp#pg0)ekAr?7hH9K{z1gB|!^urVtSo24
zhg_i`yQdKwbUrBm*rr^y!SMbTAC>UB9j+zpyCroj0lg#a+Q#=tvYnc!6GvkEL)6hY
zHMS*s9;emKvOG#9R_|co_u4n4a2rRRd4DBr`%!Ja#CzC?gKl|J<BBqT^`99?^~ssN
zS0|jL<eLjUIKn1C74}cm^GN==q!wQr1ACIyF*e+6;8Y}xWv)5n6Coh+)WQdPTWI^i
zF(FcqoI0C#P|0Z)3{Mab2%m5g9u0~$5C%=ga{nFJ!(?D1-eRCZ=ZTBLHXp;FwHhxI
zgdCK2PU&$vJ}NUgUMh=6kN~n55p)>WCI*lzG*!glKUoli4a+eh!S;JzHty`C?FG2!
zJUQ_3AwEdlhdw-O|9*7sF_{(8fi)bRLy`Ox;QVu;oEaSe>ge`nbpok%2P3wPl}kPi
zjo@Dp1`S5&#%}$dKaxe2<hPO6gSN^f^P9Qwol~9#kVzQJaoa1!K9oux6ovKS1i`FG
zqG)|VOK<H8|H^wypgm3a2PNg5Y|~C-c$%*eF{~?+<NLuix%;QrME@BSlj=Vc7tO4z
zMj6%c8;Y6ujU2o6YDp?%csLVSR7aPgh^&C<=@_+zp0-gK!&NR66GN!MmRV#Os-bh#
z7R9Sez&!v2=3Frme+tz3fmrw=XDRgf1gyw%vp@-t1sL#)K==#TMGY>*@Y4Xf<I_ic
z$H8ES5xmeqHbMq~Uk5KyvOLZI$-~bBgnPGe=mZ;X@Dt7qytn{(Az)!e_JRT|H~|Ed
z5eUkHT_~+FoNy7~bYoe-&jKKnM+bO9KuGTYd_q!y4Qn9mMGah`2VyKyAYu+cz{x>e
z1q2CrNmyh#5AYcQh5^|{p-j9x57-DLyT||tCICtzCn6jW`~a+NF-D$$haRkiflM_>
zDB&rv!vtO{z(hMa56~DuZ~`I~;6f=uM7s&MP#p%q@o)xU`8KdZ3)ooz!IlPi>ImSx
z&I2wj;MxL54kMac|0_gA2!gdMfQ=y6Dh;5K4Z_F~@PUm$Alc3afX0A+H5r|(e+p2c
z05zmHfeK(Z10K1`)s(<_dR>A)*|7lNE*H56&H;r%07JYChy-AO|B$t^dM*tp<S`Tz
z|CdJ`K#(Nc<ODKs07GyF>QHho?U-J|%q;-5Q~+i}4~&vCTL(5!tiTK{AZ%HH6B_`6
zT<H)fU_;3P%|GyIpA!H$|3fBQC-+D$PQDPOidlF~#0vr*KiP&b;Hg6)WKpv1n}ARv
zCyrd=WHK(f_)=iEfS=qCX26qn4q)8hY4r;nWB_@bIN&7-Zx2^11CQXF;Jk&K@CPrD
zuhej<%#ck`_?}s+V!l&Fu#2HIP9?Adf+f1FM|G8-670KyWr5v#4LSx0GJ_3vu&Aa6
zf>=O+rbtye=mj7)WZn|k!jQErfmUNwSx-BUuF7FrH8Zee3V4ISz|1*dS_o`-0V6~a
zK!9WBNa`*bB8^G|BLN+wjwnW;mH`MX@Uv}oWEH+61=P_1QI!R-y1}BF0{B1$>=?At
z5Li^1!8QX}K>%PX@Q0`j2++4R`~U)Wd;!lNb`$I<0FgWz;DIz)*aCB^ME*adQO5r>
z48H<kP{7PA3y2~(bci%312AA@E#Nmn1`sF^bNDycKP2#u2MCGmh9TIN0}w<RfVx1U
zC$L121A7MeP<jC54hT3SAYupeNu3)YFfVce$kIGuL81g!{Zvzlw4jrEs(|+qEPyo#
z7VYFr7`I0fX;E~5svswa9T4PfqL_;LLU*ABq|P340cZifGH|2?$bhNEcM1l}L;{Hs
z&#z2V%+~^5r~W`ol5CkBz+*s|5x?qJ;p=6f07`&`0f47{fZ!)LLe~a}9vnMID>92*
zRX;#r$?;wS>g?4INHMnLpvXqe$kDTsQU90IWKc1(ujDWZpgkurRDiez_>Lq_0?X|A
zV!ml|KFM8|cODSxfIxw|5dKPn47rliKt>EDLzAm14^#(%!|l`{couTb7y!X4_leX=
zZYnUp`A*4|;vxG=UOWVvjbu%7@6iGU{sZR&=y5OLr-A~)fb}+V+Bq`8)17ox8pve|
z13F+Z^nkIVaySMg!N5rk7X<)Vuxr!G1^SE?u)ryt0E4MVl?yDKfgF?qXlDW9f7!VK
z6t1G8iL`m-DmVe*YO*y>APg=EHGx2rNS5&;N2mY@Frggz30|NQV4gdY$ZcT(w6NsF
z*aISuT(bYU0W=~w0FI&DXAn3!Uk-o|u577o++bS)z+>ouQSvUh5T%Aw0W2(8>l|Q%
zNn4W<2J-*ED99PA1}2_?*dne1xg$UjX~8b}thZAEg*Ko-KH`LzS^swu!~vV!U~me+
zMw9Ds0TBG;0D`5#8M^{-$n~xOfyjYfTTtoKJg^`aC6o`yl84Fv>+U<>nrgnaZGcEq
zkQNYBM5IaYU>>C@5UTVlz4s<9N|g@MLlco+Lhld(0i{ZlPC%r0X#tY#v-AAk^S)os
zb^d_&L&)B1tyy!=J!{rvRxYx0-x8vdK>2IX7EGwqbD+up3v2>!)}Zu^KotR6zOy_K
zl1qqp!qhwlRidC2+yeUWgjoDHG6*ws4|EPEM7kJwL4|{Wh=f5sVN!DlYzl%cksvR|
z1V*2MnrOmU2rG*P)R=;?9Vi7#TM5$u0i|zD!645iq&7KF&jIrC?7xF$0qg-q0ICXV
z;z5mx8`CTq_6!vN3;W3BQ~TF{7kxJY6zIc$13hYDM#zZtpnoVqG9)%?vg8Az>mV%Z
zF_*mduY~lROIR%&;Dy8Kn~ryUgo)$;VXbt;o_GBvuu52VYM@)S_ItP=1PQ<Zws-R}
z>v%^<NP)bdbr0|!48dEVr90>eN^sHz2g7Eaz#28d0R0>YDI&Nd4A2=g;s^jke38JP
zGUz-W!*Y?k3Qj=~^#5?e*GhvM`L{bJP$Js_W-J#lv;zsr?k(8954eJ(A|!Bd-($J_
z$@&@4X8~2*pk#y)gro640W%U1X&OiX>xBilAj!dI|E_StLZDv=!;|b2JQ4;#SQf~1
za01W-d~+b8+!LB(C|JSp+i@T`IMzCbp3H!9G@-jR@S<-|0W>GX93g3?;mL7SqM#Rm
z5JTX8Y@vo_2BV*_g}^|4d<zLqEszh?{kvn(f)|It3(x@}fe<oDt{dM4s}aZ?4*YmF
zO)xTf%X-0zr3CK?8Lj;|=os2WSo~z5HB}He`e%d$1%7t3Koe*zLHz?JNdkOX(14H~
zjIl1@5D2@~zX-7GpgY38^>50(0wVa01eY3$ka!45nqwavzZzi)f}dKZ8wpFbD+Elg
zgbmh(U_>Azp9KUB5Q9E1!NLBEzL9|bfFE?u3|f+K7L<~BEwZMv#BEg%1UE`EZ`4kq
zsV8mr+qgd<FDJS`h_!L&;;ra+P`3bMpVerwh3l95U*T%1KwuS$34a+1R2{IUUPQj#
z5Ce}C<+<;0tjj3jBEWr`_0Zv4E7+(Do+b^ShLYhg*N!&n*WlFCd?8Q?hx4Ia;?pAV
zC?K-vwdK5V4xS$S45NLga1R%~&Sjpz2-)?C|Da2^j#BH*L^DmJu7byoi&(JJ<XyN+
zhp*ut>P!th5uCVm;h7wP%fFlJO=xuc0Xk_M4h6p@xa|^T+Hu}^9Q2J0Jc3NZZ=Dih
z)E08p;EhN0(`t9|e@-#<D>iA&P*f-j6aJ6)c^6y{!`Fw868-mpcqwE;4j7~QOE|)D
zB0DJ4)ou75$y>td>C#1L2TlwON#J}s@d7yjK5L3~8j8CU17zVZ&7jwSK#6T6OK1)=
z{?8z&VLC8HjKd{%OsRlX37l9r-W}r-#Gh+o#d2yI3IwPELsUekQ1f%D)z%<aU`!s>
zb8(m%aOAVj_8zCT3^IzwI+;PQ!rgV+hn`L6k^<mTHJN~$Z27=hr=>swCLKx?s{#IP
zz_#NEO?t^!jbj<o#dko7Pob;lfPm?_Ry@&Z1eOv9r0W5pi?+=_nRYdwcX@!bRSL{`
zsGC7=!QI!k`F6y<!chnNC1;Z2RZs#Wm(k}!>}w-yJ@0XuAP_%5B*4}Tobo^A_^pGl
z_-I1kxqQ%vRVXq7n|JV1R=8?lrxT@!Gi?(`pHQ9lb-_JU;d}A^f>@u`<Mkl$i!itg
zC_r6GV)jQiM{s^V;M|<!sZPZ@;ao+~v+Eu7cqxwy4`7J{d-X^RlrXUbgCxQC)c!r9
z<L5^(ju<{d(|9y7U=1qLu&*%t!=NAqMF~=mYi2#d5yD~}KNRsS>O6Nm_fm#03|Py;
z&$IgR{s+g{W9-@5@j8AytrHFhedq?tV1Hz+L&41)cn#i1v}5Aa0niux^k^By0m7Iw
zAp*`p7rCtjvd*b4$(B&kpd7%HV8lScsDrsBloTkShhM>8x?gxe-FF2B!5Iggs)Yis
zpi>`wO&=z3Fzbl*6f6PugNP@fH-UDr7vRF_08Ic|4^V<Z0~++n#QlrBGxsWxO~8RY
zCj@rx<q(_!e*_AkIPh3+lLJ(tSn&e{!Y(;*q(@K?zyOpH-wI0LINk$v8rbB}^xA(Q
z^L4_-L4!*`04uhBj3&B-cEWX4f%YoXQp#Iva8&?TWqK9BN#N2dUtlHwLx?E}p}ZpX
z26%?qAKXNdoPt3DF8#OD=zsZ8);S9K=RH`Bz((MX2#mmKPRo|jpe55Oj4&-Is#D!A
zxTz|<o_OB^3?gaZ4R9YD;c?*-juRju!Do70><8oQ34EaFPw5ELf~LCUUP75-plX<i
z=DEvlCaPyoy3pd7Pv6d_{OgzA4(0N`z=<4U6#`tWi!h6We~WIM%7SDB!dpCfe`hSI
zJ^OjoNGCr6ch+#l7eyZBUetc-Fnxahr+nWuA{R1^2G`QBb(^6gqEjlc;t~|ps3VOs
z<emjY-s3*@*aA}@{`Q=Wq(<-O?(&eFT7Wf(TzJ%aqw?z6=hElFlwjkth)e5hU<9ZQ
zU*K8_9_PTja_1{in8j1g!}i_Pb&^y6nV@w=+@w&?86t-h%hz|Lc45kLg66(}BLnb$
z@@B|;!6!$z1mJQ2?;Tv@pX={&hhR5oQ<kTT;HwwickPlE6kMt$LwWjhy8;MBu6l`m
zRx=b0Ug}a9K#D(-1fcFO|6<X&A4>uIvgdzJFZp0?z}UBwm817y1_mo}xu0>~{rJ|W
zRq)fi4b=8GELf4ESsg)tI42`i69>_O=J>s4_LsiAVDaQc4Kp%uCe}zq>JkiX#<l;m
z3|8y-0G$L^5m1Y{IvUgpR=!%<ssONVw|mZqO#|zGXo?*;DHvO4Y79taO4-X*X5gp_
zdKG^Z2m#6{qvHUI2%;6hQvjbf&zQAe@FaKM8D1T<PrZHiG41y`EzT5igl9Yz>w>>k
z1s?Cf$$`QHs1AlTvl<t~H|sLG{QMI3<79>8xqr5w_^)`@59c0r=}^V!ll?b?P_TM8
z#aa#jKz$jpgEcloCE-y6XLvU>>$S`H?%er~pvd!9-C>|FBoqnW<^bmSoy2`A+C2aa
z!V8>n{msiu=J(s{pL?43plLkei#Nfvwhx@K2K$<URjo=^Wy%ni@Kx3Zab4`hUUwcz
zFjQh2FES9{bw&ejRPiYKsKc`t%g|ea_i>8!>lZ;6SccyPpl=AO+J>3q%NyLik*S~o
zj=a8iVAT+Hdlh(Sg*ymeO?q)D#CwQ&S#WyfFaO;ppnub>0|{js#Jm?f^8G+EO|f=)
z!t_?U4GHk^uW+zj7s^?i4!LF>@a<9hA*IcGM%3sHA(jmpv);47TZ1Qi#QaFsMzA4A
zz?DHvu{=rsvzt%+DANyZ_=tsA9NE$joxJ#0b{8qFvFJ&&UXMW9K};2EFry2GdyNf$
zMpaJrJ1^cS^oWF&#JbJv&LAd3$S&SD%cC;}*?w~n9X<7q5#>*lewL56covkqNM+qt
z)aWR~c^B$Oo_<)qV%9sAL%Oz)d%SxGj(t44f?b65VsMK5D=B+dgz%eZX1%hkZ*Oiz
zp9T`AAKJr7t+APu*3ymFtpiRCzs86K?LWY01!Nr^Y6ZK{VOfLs?_ilaqp4#5j^AMA
z!0-_vY1>}8Y9BNQqq#7eow;-Y*-M5u(43e%oe?Z_s|CRkL@2of^vxW)otr@+OUgIk
zng_ALC^n2qCyE~XtverU)VUID`WQ1AY}`qIbCDMV=`_6)P_(2-1l|4c1ZsLvwS=N>
zGdXY|YP?~3A9Jg7>Sl+@K}9f%8^h9xqA9o22x?gRxRerX`qWp!Rr$c52(EK56ueK3
z{j|iEb9>d|M(!hwWhc`Ol)-^SF!}-JdNArfhOQHR2m5ZRkBCn~uz!R);PcX}&Z1j*
z!%iErXKDvl!N@ypx(B<#`?Oe+PUX0$zhpO%cgx8d2nYlTgN$CfyaBvANXlVYwIHG*
z4T@YEC)&Q+xbMpp+(;Ufxx`Im%8s$`^uJ-s?TcJ8B-*C|hm?D(!}LHl7`X2{n)DfK
z2`eeGSCWBgZ2{xSk_K8^n+VO3pUHlOg%bh@O?V~e2@kJcYfe6A{cEi)Jy^*)Xso8S
zb&k;Nv+MLRjh{;P%PX8PwN=Xg#Od|9a3Wf`;IT-7Njc|98bXu9K?#=vY8{l?<+SXZ
z3nw@Ys!l7$k_{?2>lL)@D+(thVI^sHN)=PdvtV;X;RM*b7T9e*r&oC4gaWJthS0RJ
zSIREnJh=rc(Y04<SJK*=1P#hKPav?8DSIWbL8eGSKSFaHp-BrXDJ@LSBXZcLgOyYu
zG(}(~`mmCg!q>7|{S(PG!UYI~=DMxY3_>%mFu9D#;Xo8tvWw7^5-u2?O!mtzoOlcB
zLCE0Mwn%|D*xPfhtyqL6y{%Haw$_#tLem8tZback7(#P@BDv+I)|N3svsJiYv4Yd9
zx^RLWp_yi{WL(I3lCz}0^%uNV8%@3tf|Vo*7laEJq}nM_I4IEy7epDj1~QH&Lnf0U
z<H?YzWW>*8gFMa?O<0Lm{Sw5Zp>QIra3T|Q3$h4~1T~f1V#E}a2=rLU@oHa8%uCj;
zZCw~OYv{IAimiKZP?XJ<GWiXSGOZ#uZ8qx;@{Euv_ZFtD(<@Dc9GokRkl7CRYwfiS
zDENwuDz;+XYxRX1A6ZGHxVJlUtTC+Dk=If~&1&t^cP+Mt+=o;JmhT)R9E88XCX1Pz
zcb0MtkwUZPO)YlXG~-SKO2aD9td&$Ju?qEk4G-h)xL>J}i>QZog^TVDQFRj`lHp})
za|&-oAGB+V^498bPSN}&uQk_}!Z8k)W@vYN(g>EP&N&v?YzWo2B<5^4dAq*_%{J@2
z#clj6wi*o04a@s%97EuKxQ3ysY=l*>)@OOK{*xAMJ6Zl~tuc%U&)pU48E;E^Hm6=!
zZo`vsE2b8QAxI(3kg8NNpeFpIBpH@Sz5hd9b!f*kO@-1&hlg*><hzqdnbp+KB10h|
zVvcPI-h8W#Udk!{vX?cnu1Cb&vIhC}>)vU<T;@ETg8F!Mt@CN!j9O>yy}v#YYe}Wi
zJATr0+86btS6OPVwAuly>Kq?h(yY}V=XP;CqtG)cHY5`AMPkbJSfpWcdZQJ|U&e$p
zPnYjbaWJs%ISF@_vI<#tt}nf?>-A<Gfb|(JN9s%h{$BZ;!*5B;>}hpPttO_<%Q$>1
zmi^l9w8y+=z6RfSovRYyPve<?d#%jL&{SWnZTtC^GN0Emg+7!_{mxcp%lv_{Vtlh^
zGqE+w1`bW2>Q{!4j#NRz5dV0bC!)U7R`1j(VmBP^;zY8RWl~b-I9L2}gr9k;X6|H>
zf!im4nK+PMX(OvC?ci^XQ|02F!k^7M#T(p4Q<bnrBa3<`Ls2bVM%Y|&a(m0$r_zgY
zQ5}_|b&g`@ZNuddsfV0JDNLg)*&RbwHe0_=U;bv~9j_qmj;)+DT8DTyFYuWB&RT)Q
ze#jPEd`N187}psnuWaO6^?S5Z?%qx-K!KQdD1mu5o2#U8*P0ANTIX%4CYE?kXeYOb
z0Xp{NhF`8B!Y+DYV<GV1@{?ZC{Kd_5uR@1u*qkecfBtrb=HgA$)zxyOL}f=8D#ezq
zbO{);t6vms+~8*3&%N#JX}=C>VN#M9_p~=u$%hCWKX&JNV=*zQMjc_X%oG#eadp7@
z9~*`T$Ls!cqP7qVg|od=NzO&i+Rg-bM0NYPTv0t_JiG!aRJ64kRsGo@_K{BPy$8>_
z5BBKF!qIs}E)(}^?WR<Gdi%`S4fQLhh$>4m@Ly`%wTvevuBMk8mmocCwPLNa?EKiQ
zM6+zu!;Q<zMT}hVa)O$glC?ES!&clMsZRs#W@aE=Uc--DtwO0)Yv*rgYm_+}+le5o
z=3c7G^we}!)ClNI#d3NrFqCnpjmNg(E9z7ljf8OWF5^0LPju&G7u5b1&T=kl9~3C4
zx5Fx|*Sl_iy$g}JPszD&8kk*MEwUS~C8{?$tHQg%1zjf3H#(V`77Ae!b&+&55W1sA
zYCQazG5g5cuUI0ZuK(s9u~igLS?yqhmSb6B7KBgy@b`cUTt*=2-i-Z){m2G+{#Z@+
ztY`>L*LHlZFPo%D5mKywj{FUKW%or%Vf_MmxcMx(@7tjTh|2zV*VB)MZFhQ~8Mx@z
zE*h&9cWsCw1$Xr~I}z>+0-`P6WQvn&wSzbPJ@SV9X57f<CY`2^Z7+<v8`_}3Qpo;a
z`hkT;Wr|u2b^YGjn?ee%Zs~`_6<x-cgWj!c3#^CEZEu9RVyzEcJcfbBH%>yY*Tcu$
zoY28y-f<376yw0uv0$mkN$Flwg<T*dTK9mdNn)z1)UQXh-{kGGutkK%Ce|beG56kq
z+)ln8(h^K$m+j9}C>}m%zty1Oq&?f0JF1BF?;Kr9bq!d3?MgG0X;=4>YGo-16`|qU
zx@pi7R{u<y!q0%n=j%+oK{W(6ATW#iAS87IRVxHpS(kgp`t(zC8z!GGDGB|h#ct;-
zU&P&r$dt0fxrU={)PVTS43g|6FU8)Kw4r{TG6&hPn0wunL2Gh53xy^Wg(eejvNJhO
zYWcgPZFl&zSWkXkF`SZBbl<HxGn{`3O`e<JUPOksh0%HfJ_cWe$ES17_zQT$%cQI;
zW`yVWQdcC`T1+xL8V#(A{#ahVLcTZdL+L0}jdDCUA8`D|RqNG_tluxcT+F7m&EDMN
zX3q9WQlVUkrq!J`%=(r!4zmbrFG!l~Ao5ge4Dp}-L}y6eXlFR|MM!Xff-OX!x2bH$
zP8XS>PpMnIRS}-inV|N>4<cHD*d$I3GW4y*cmj>e%|WFCjSDqpyQ0$hMjkPGAq_49
zG>{8n?ulXkV@YS&jGO<EKsk>Lhx+`}H<YAo5=wIedW9LuCuaGRh!x&1G8BEge^0-M
zJ)LwP%lwR=tUN2ZiwGCUoNRhMWB*#vFy4<g&PZ<Dsjr<&F?Gjt?iH$kCMG)UQ$J&c
zTk!Iv%z|&-k!@RA3EWS0XkJrH&`-tMM0)O7!HfQDQEzGedXt)piPeM~Q-|zjgs0|w
z`pQP^QnpncohmZ&!s-XE7qc8OOo30<k#J5IP6|tLtQ{7SnKK#=Xfmm7wvb?H8`-cD
zwG$a%H`oxqmEu=uPF8RVQz2d%9n9zdBb<YijH74C6G-#ic`?QmWjU_-=R~1q$hK=i
z)=_V&;?yEgy6H41$;%$nrc*K*`^D221D*e9^ieQ4rD%0n<xvOh;Mdr9rm*i)G(a3=
zz+GDG*r3v&EZLa*kU_}Hq19(!T`YKg1AiUQ6P~Szy;Hk1EXirp;;e0*zyD%|=#iDb
zF6#83;$M!)Yjfla$NPiSDhq$<>fDvA2P)bBgl^Nf33^g5ibwh&UeV?0<|lgI{rR?J
zW!7WU8yhC#@CZUwF?podp?{I*SY|G+TBOm#xN@&{%GxO@^sM%W6Ls|m9kJs|NoQK5
z(>H}W^Vz&HNTLFxDsMW{{q&pr%6@Q2`80owjV{l4Z0qHT*osTQjA0_@W1)q=so#D-
z%=dQ~^1L^5-@5skPvsrSe|Cs=)O$*GBW}Gydgkjd>jp%s{?)dp%r~dY*KBNTk-4><
ze%C+q3++UE%wB|=j3C;wh(+37T_ra01Iv8~{K4NB8bm)#s&9rHS@$?v7wkQ!m5Giy
zv(wE#{_U4CQI>GL!r|lGB42IzkMhOyU?OfAG!^Ho5d|KlmiO@G7;7JjdoP7yQL-N(
zryqC>-nj|HyK%-JzD&JRZX27_JzO()x3w?rgTlV`>p?o3hjG)quI%=+GJa2HMEefD
zJE`wjsc%{Fe`F3z(+m=?O{WV>`^`k!t6aVLjn!KCiFdTtjyt)hDnkB6ow@V4x%arH
z_jn?CXWBv;q>;zEfyb(0&}3xvX`<baGs={j8MgfNgYAc-?8#axx8_wkJVR?*d{Zzh
zK{}?(6+va)BWDQ>oY-`C@D|N8Aa}>(+p$(#=ATJx?R2)8`t^^3qBnL?qlRBU{$<Qd
zu)NPIFw{@-y*B8^yH$pU;w_~CPpr>K>Y#p4uF&UlZ3eNjp;FsMbye_@24{DXUyi!$
zA`ulOhI2`XQDsH$-m=^MDqKGXtjRc}d>jBT>mGaI0cWQc=NlvDSvuXL5k4DI$4+t2
z=BuSA6YBRS^n}R;Rmo%yoj4wgSYmeP%2`6UB2&qT!&Hu0E!o-q2HuP0lU$c`VTiTs
z_Vz5&o|zSp?tY?c5h2}eI~#71e%LX$Vfs*RDCFBlB(dG+3Q?W@LPn@{5&F;jL^jHM
zdq2`ia$I_E9lCJRM47dem*(c^$#E!R91W^PZ>;hPw$gBa|Kh4{_6XM0;ocK|qCu_d
z_vR6K{u>6e=K{w*(@z|QST6iOANgdciSlNOZFG(-A@b*XB`R(VI4zd=p7+KTYPiMP
ze=js?Z16Fko%`Wie8;MN)ZHj>)|OSma_MzjS+0|~PN1Q0XVz&@zdmnmX&P)`VGCD9
z`<%Y^;yBCUTO7m3>vc(6R(+%vL&C?1lGf!a`af^7DU0gTHdM_gUzYjQ>yS?VOrQ@}
zW$@?dX~jfLQL;&jV*UT9pUg0tI1sxOyb!ByX%#WoM{3(UOSAj#F)8<iKnqDakDUIp
z;+s7Zg;5cuyd&sVsps&K3CF(43MF}ihQU$+Eur>)f8BG{Q@S?KjV}|W7p|PIe;CN-
zs8rnRy&>w=2Op`_J!CPax?Ev2jc82S7Qx>j)$V~_`}SDHA=$w?eVEcmJ>NQflt(P)
zKu#p&KG(YxX4;kYM`17`K4IBOhbXCN>lq5u+reiKALPs>21Fj>M;xq#Cq=V#7Get{
zhYw8~&L0FXCp$U6l{E6cO-f(r+LK>xY1vK#TV}84vs{*g4|`E(E!Esr;^#`$Kj}3c
zXt@4HhokHnjqn5iMUMvTWQlpkTvuw_UG{>vW#-L$*<)GGA{0Vxq6!sQAODhOlTkOg
z1buMs<f!&Tz3y)2j12tsrQ1snyweJ%g|>3$>S8ly<MtHt61O0#ws$pXC*CN#Bo9d}
zhbk-W{N(lcRo9S7J`)`yv-aR6KVlvH)&FX#eEQzwO<zr8@F#k*@nPy_Y1X&*`E5!L
z>@9BJRU%hrbX)Zr7}s#Km`smk-%wp}pW{0T@kwZUI3cO|{(&hCqtZ`@-RfTlaUV~-
zoaV(h!<^>1c2jt#5}uB_R~s?jx+``Y+5_pR{Q8QoyY+yfvUcfR+k^1g)Lq`i{(Vng
z37=%m;qG;+?3cXv2Qtr0>K)hsehAD*)yHsX*plpHo1p{;;*s;yxsV1Kq1(A;Bp0lO
zeqvWgm8;UIJKp&-=XhAkq#~X%$~hZ+6M=kh<s7sy;M8q^OoIP+n!?a5bU<wmWfy#H
zR?MH%NGTf@=~^<%-JJIEKuA~%_Sj?Ui#YRBU89TkFJD+o^tUv5{veetKghcbwk3z6
zFEi{l`%RM)U7P<Z#-ycUu5f8NDI85%^B81KQx$)D@gu%NaFP?a`BXun3S+#+&Mvdl
z|2hq8(RBA-cQq3X&cFdB{h^t!iBB}*QdsxdX^=|)^CLcm&?fz<e6Q#6>8MLyGKoY+
zX%bvLt@n4>z`ANi)G*XrIk7quYbmZZdLFU$(z3V^$}_BqeTjFI&{W|HdNB0tBm7F7
z9I;t^<CTo91o%X3OwU%r1%r$h?cey0#7I3_x{0gjBxqa911~sPLcy*4bCM-n4V~q8
z2)Hotg!$ephtM$ac{TV4;*zOjH^{i40EQ_x26|4+p_O+Yv8ZRc(UZGr!|BZfxH54+
z9uzq*<<*)wCz;iA{KQ+eft7XS5&ZU>@0}2BCfqVsUO}fzYE5Nzjn!x+v6CGwY{ls*
z4g7@gMVY?(i!&*7KcXr-{9YB+F?hStEm6#iFxcW)4s`D-pCsr%_hoxpzi9woLrfsc
zoiC;JAQGGJ@|huX`8;|Eig~Q?JLDO>`CM^E&NI27<8b(O06tMvAn`RexJ42W&y0zw
zo%j&RQ=qoSYMay(I!5olmUON-XK7g{zc}X=ZYs|3P)i0R<;S<twALl;inIH}yu<F*
zi;*8=Cd3%%k?ekqec@c>!r`ae;fY-va(O?`-F_Fu#>S>8v1L0Sj6LpCP%em6<-XWf
zGyjtgytenk{zxESv)@u(OUVCp@AG>4ZKgj^UKL;EIZMBNz57}&VQhL>DKf_Dv5qv_
zk_y|<C|!H;hwMulofZ$A!(_Dr?k?t!8oBYf6<6Et`3n0;Bc$#O#hR~uO8ekuKOa36
z6q(2uq#%6S12sQ8pht5{Bzzl)Qo`b{TYrc;9QyrU0H37C2wC9>53vXitvg6xvUA2<
zCo)ko;EBnlj|x9@0pu{zV#mMjRHdKvN|lwr=fhu>+fWwgWyVs!iVsKm%7?R=Nsosz
zFraxH7*zVi*{O;5Q$FtlGDutT7@Nn}%@eHURXaB!v@5N0zs=KY*bIE#%gN(;Bp@<0
zZ9!5}Ew|*&tug&iyYh+|k+(|T3w>9K$|haxZ%X<8{R8oL3}-f<WhhdEbX%a-a-MuV
zKT${}*7Gq<x5h1%=-!b7m|=3afKc|`HZs`vjbqCMhS=;w2%n5W;U+5kI|DxrGnZ_D
z%Dj5$_iq%xH3U1OX~cfjy=Y_k5k)k5qa=|ZVV&?=s8L*JAWqcFa`94(JCA`0Ii}y`
zXgf9jNwJEe-{*5sq=1Nts*)ZoAqApOGaN@U<*R*rS;XY1hs_b&{pgD%X`a}FxzLI4
zI4fbUKA}yP^p#6F(=Pv4iA&7T2h=&^F>)lncDw(C>QwCg8vJr8Va<-V6%_M^_r_pk
z5UhfEim&)cbM6{3q>>V4s3(*DP0u#F`dH=r4Sh!qI>Y21@b>}b^&Qv4L}?VPy3$n=
zM0ooV-X@cN9-WA1hEvKlmDy=U_n7qOh6e`YV67cPdjhad2wH^eyO3Rrw_2uO{B+Tu
zmG8InGQJ!XR!=v|w#e7;EZu%}=P8MLO5Tenw!g2G3BBGR?@%!n-x(8b#wE>K<)tui
zc`lkWtILPq%GPBhQO__(acT8mHh&L0R!@`tv-M?Bn~^Jq{z5xDugkX@s?Bv$t;B{a
z8M9?A6aJOU6?;~#L<8Ph0;R$N^J!eLV>e&5V;k`Gzr3G<`cqK<zrMTp(nnkhwncY`
zJ<}<f&gDwE&?`v9zqYH3*M@AXrSx9v6?BmAo4;v-YjfTG8-xyg0KMMA{BUaI9RV?&
z0s*o4n>r|HZ2?+q6+}MMv8&<J=At}9D)qd8m%iSyNKwL-XtGB5R71O4r~8(TcSa7L
zg23o6h1!$@nHLLQRKkSlYAlP+*A0;Vug#0~Ae+ka;ZX&nVLRmR_bHOx(~0WU&bTOO
z6>s6nf2q5DX{wUZpe$}5qpYi<+t#Sa`~CeTyiD{pGo$g(9Db59Tf07e^~{sv33WHi
zHY6<*m-n>+gq<Q!Tx9lD_cpd4-U;MRDGdv%r<DWlp#ijan9g~Mxs2mR_xs6dwQ@by
zkU!N0PV8(Jm1r;ZOEh!2M8-yxVoysnEpX)%zToZXh!X6yNHYn?ypa?L+4vvdSDL-`
z41aRv{LXbD+Bb>J8*|O$qh;ixpg(eEYy70}3M$v(y{Vs)H+G<hDiwMSVcAzpc?@#@
zqvLf6|2&F|_7=!lbvzgdMM`Xe<zu$+(uuz1dly`)Tb+-~3*W3Y4ebBUV82r8(<xi<
zb6uZK2cuqcbejivJM0bgrO)&AoTbeD9kL#8j;H0<e&BKC-_$ve@1<Wa`L53CJ1Z*E
zC~Ml>VGVKMX>FHr>7O~PgGp*ZnWsk>AgV99AAJEI`yh0$+dFlJcU*YKYL3_6Ti;_?
z>J@$k;KLlBsTVY!dzR@SpL)b9cob_?>J7&w-RhQ2;@C}R81GY1EfvP8w<jruy>MMx
zYSO7<3>xYoX?>xe@@+REtpW*~v+{S&KuMr<DQsqv;Tw63g*@HfzlLkZ)bpy!t#!64
zN~?K_-{*#MWEukKS>tBtdU&eI8c9<>&Apv@EVR+X1KwI|;xRwievY!x+Q5q@05hE|
zyu#D2epSn!zbJ|>r6fa;w&4-$W@6i&&c8wy%1K)Fsl00|r2<VH^Aci^4I%9{B>q-_
zDVp2Aign5iTG<(76oP9azI3BFU4iWMiA={k{EvzgxEb^*JjRbK3wm*2@JRY6iIg{m
z_YP!dT4cJ~p~_;)tgo^&&N$>=EAjttiW6v+g>Jj(F0ehFVpTd{ZZ*@uy(9D*36oM`
z<U;+F3O%9kq%(`mUHQoP(hg$^KD9_8-P*DHYi^u_uHg{n#2{}=b@$21gXOx~3dD>m
zCs?~ySg(soy#sr3-*BkB8EYRP-fllZk!IIPhI~mq$lM)f#OdBpoa~fbmhJMD<C5qi
zWvR}=i!EABx|!|gp$8`6zPJ0}hb*N7GjYTXsr_k8a^Tqc`J3s_HKdh)@76Z6TYkwZ
zOrxb%?fF}r8)<dFQaW`pHLl0~e&!oChE-xYvgd5Q5N6SEeORq6*_Rd;4os8fKz2rg
zvoYoFK&qw#ope8JU{!Wt&qlHAY06S<TP4Y7jZ|-?kx24oZ+n}vWZxDi{T~^t_O!go
z=^;m|{oN(sY7nsfKeN0#M~#n^>fTrg4~R%PRYOYkPD*`<J|Oi+%MZp<HXi9#F)Q@&
zC=@u8nZ|cXKJHn3Y)9n9mw&me6+f8r<YY-B#C)rZS>_+lK)SbiR+2N^4F>Ci+}1+e
zUZ(5*bd3Asl?t0ZCtM}E4>tSM_U1jK%^SBhz@ou`re6o#OKGH6o@?PNN=Lr7)ue_R
zmZbBi_)R?7^tG7iw=v3ZV-#zQWb#E+J3d%9a(bf{qyDWKcstQ4?s!MWA-qwV9CK?7
zEX@>A?c_@B<O(16Z)^5b+0c#eJ=6?f6Qki2&GwIqA?|TLV=<0<Km4lpWfRR0Cxby}
zgMMepkIQkz{@N?4J%gzQgQ+vy5~aa>0<0VHj?4u(DJCDt`-VmwV^k<lYg@aacS4V7
zPa}e=u0}eh+^H(WQrzmlzbV;8_Vw1{hQg~4Eu_VS&&%qSW`Iz)`F?;)uBUV=Hi}6)
z^8m#*I>&$d^*;Yfn%r-Raj!B#Cfx3AzWbbW4%w%*NnEJ=WtsRzBx&J2PXGT~P?~=z
z?pF3^Zq{2tgXk5Bq`K=}3Dqh$8=hB2D@i;rP^%9&#kYrhe%7y#?TW|S#LDG=BJ*b%
z5L1RGJ86^mZ64Qc5c6=FC^o>Tm0s<XsH<w6s~J)@mANK+>mDk25WZV_T)>V_3$KaV
z)MpR-cD+J`il)rFO3{jk^KGa+&*yB`3r5z)sI$Ot3Nb(GWD6)>LA)5B2$Qlj{U8!d
zWrDw?v+U79_<HvUE;O~8!iDgUVlALGQT-~w_&w4ddAh0!5x_8IlvrTkq}c=K$B8`y
Vu3xzV09OfrM##x!(_@LR{1<|3PALEY

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/composer.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/composer.py
new file mode 100644
index 000000000..6d15cb40e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/composer.py
@@ -0,0 +1,139 @@
+
+__all__ = ['Composer', 'ComposerError']
+
+from .error import MarkedYAMLError
+from .events import *
+from .nodes import *
+
+class ComposerError(MarkedYAMLError):
+    pass
+
+class Composer:
+
+    def __init__(self):
+        self.anchors = {}
+
+    def check_node(self):
+        # Drop the STREAM-START event.
+        if self.check_event(StreamStartEvent):
+            self.get_event()
+
+        # If there are more documents available?
+        return not self.check_event(StreamEndEvent)
+
+    def get_node(self):
+        # Get the root node of the next document.
+        if not self.check_event(StreamEndEvent):
+            return self.compose_document()
+
+    def get_single_node(self):
+        # Drop the STREAM-START event.
+        self.get_event()
+
+        # Compose a document if the stream is not empty.
+        document = None
+        if not self.check_event(StreamEndEvent):
+            document = self.compose_document()
+
+        # Ensure that the stream contains no more documents.
+        if not self.check_event(StreamEndEvent):
+            event = self.get_event()
+            raise ComposerError("expected a single document in the stream",
+                    document.start_mark, "but found another document",
+                    event.start_mark)
+
+        # Drop the STREAM-END event.
+        self.get_event()
+
+        return document
+
+    def compose_document(self):
+        # Drop the DOCUMENT-START event.
+        self.get_event()
+
+        # Compose the root node.
+        node = self.compose_node(None, None)
+
+        # Drop the DOCUMENT-END event.
+        self.get_event()
+
+        self.anchors = {}
+        return node
+
+    def compose_node(self, parent, index):
+        if self.check_event(AliasEvent):
+            event = self.get_event()
+            anchor = event.anchor
+            if anchor not in self.anchors:
+                raise ComposerError(None, None, "found undefined alias %r"
+                        % anchor, event.start_mark)
+            return self.anchors[anchor]
+        event = self.peek_event()
+        anchor = event.anchor
+        if anchor is not None:
+            if anchor in self.anchors:
+                raise ComposerError("found duplicate anchor %r; first occurrence"
+                        % anchor, self.anchors[anchor].start_mark,
+                        "second occurrence", event.start_mark)
+        self.descend_resolver(parent, index)
+        if self.check_event(ScalarEvent):
+            node = self.compose_scalar_node(anchor)
+        elif self.check_event(SequenceStartEvent):
+            node = self.compose_sequence_node(anchor)
+        elif self.check_event(MappingStartEvent):
+            node = self.compose_mapping_node(anchor)
+        self.ascend_resolver()
+        return node
+
+    def compose_scalar_node(self, anchor):
+        event = self.get_event()
+        tag = event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(ScalarNode, event.value, event.implicit)
+        node = ScalarNode(tag, event.value,
+                event.start_mark, event.end_mark, style=event.style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        return node
+
+    def compose_sequence_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(SequenceNode, None, start_event.implicit)
+        node = SequenceNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        index = 0
+        while not self.check_event(SequenceEndEvent):
+            node.value.append(self.compose_node(node, index))
+            index += 1
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
+    def compose_mapping_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(MappingNode, None, start_event.implicit)
+        node = MappingNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        while not self.check_event(MappingEndEvent):
+            #key_event = self.peek_event()
+            item_key = self.compose_node(node, None)
+            #if item_key in node.value:
+            #    raise ComposerError("while composing a mapping", start_event.start_mark,
+            #            "found duplicate key", key_event.start_mark)
+            item_value = self.compose_node(node, item_key)
+            #node.value[item_key] = item_value
+            node.value.append((item_key, item_value))
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/constructor.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/constructor.py
new file mode 100644
index 000000000..619acd307
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/constructor.py
@@ -0,0 +1,748 @@
+
+__all__ = [
+    'BaseConstructor',
+    'SafeConstructor',
+    'FullConstructor',
+    'UnsafeConstructor',
+    'Constructor',
+    'ConstructorError'
+]
+
+from .error import *
+from .nodes import *
+
+import collections.abc, datetime, base64, binascii, re, sys, types
+
+class ConstructorError(MarkedYAMLError):
+    pass
+
+class BaseConstructor:
+
+    yaml_constructors = {}
+    yaml_multi_constructors = {}
+
+    def __init__(self):
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.state_generators = []
+        self.deep_construct = False
+
+    def check_data(self):
+        # If there are more documents available?
+        return self.check_node()
+
+    def check_state_key(self, key):
+        """Block special attributes/methods from being set in a newly created
+        object, to prevent user-controlled methods from being called during
+        deserialization"""
+        if self.get_state_keys_blacklist_regexp().match(key):
+            raise ConstructorError(None, None,
+                "blacklisted key '%s' in instance state found" % (key,), None)
+
+    def get_data(self):
+        # Construct and return the next document.
+        if self.check_node():
+            return self.construct_document(self.get_node())
+
+    def get_single_data(self):
+        # Ensure that the stream contains a single document and construct it.
+        node = self.get_single_node()
+        if node is not None:
+            return self.construct_document(node)
+        return None
+
+    def construct_document(self, node):
+        data = self.construct_object(node)
+        while self.state_generators:
+            state_generators = self.state_generators
+            self.state_generators = []
+            for generator in state_generators:
+                for dummy in generator:
+                    pass
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.deep_construct = False
+        return data
+
+    def construct_object(self, node, deep=False):
+        if node in self.constructed_objects:
+            return self.constructed_objects[node]
+        if deep:
+            old_deep = self.deep_construct
+            self.deep_construct = True
+        if node in self.recursive_objects:
+            raise ConstructorError(None, None,
+                    "found unconstructable recursive node", node.start_mark)
+        self.recursive_objects[node] = None
+        constructor = None
+        tag_suffix = None
+        if node.tag in self.yaml_constructors:
+            constructor = self.yaml_constructors[node.tag]
+        else:
+            for tag_prefix in self.yaml_multi_constructors:
+                if tag_prefix is not None and node.tag.startswith(tag_prefix):
+                    tag_suffix = node.tag[len(tag_prefix):]
+                    constructor = self.yaml_multi_constructors[tag_prefix]
+                    break
+            else:
+                if None in self.yaml_multi_constructors:
+                    tag_suffix = node.tag
+                    constructor = self.yaml_multi_constructors[None]
+                elif None in self.yaml_constructors:
+                    constructor = self.yaml_constructors[None]
+                elif isinstance(node, ScalarNode):
+                    constructor = self.__class__.construct_scalar
+                elif isinstance(node, SequenceNode):
+                    constructor = self.__class__.construct_sequence
+                elif isinstance(node, MappingNode):
+                    constructor = self.__class__.construct_mapping
+        if tag_suffix is None:
+            data = constructor(self, node)
+        else:
+            data = constructor(self, tag_suffix, node)
+        if isinstance(data, types.GeneratorType):
+            generator = data
+            data = next(generator)
+            if self.deep_construct:
+                for dummy in generator:
+                    pass
+            else:
+                self.state_generators.append(generator)
+        self.constructed_objects[node] = data
+        del self.recursive_objects[node]
+        if deep:
+            self.deep_construct = old_deep
+        return data
+
+    def construct_scalar(self, node):
+        if not isinstance(node, ScalarNode):
+            raise ConstructorError(None, None,
+                    "expected a scalar node, but found %s" % node.id,
+                    node.start_mark)
+        return node.value
+
+    def construct_sequence(self, node, deep=False):
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError(None, None,
+                    "expected a sequence node, but found %s" % node.id,
+                    node.start_mark)
+        return [self.construct_object(child, deep=deep)
+                for child in node.value]
+
+    def construct_mapping(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        mapping = {}
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            if not isinstance(key, collections.abc.Hashable):
+                raise ConstructorError("while constructing a mapping", node.start_mark,
+                        "found unhashable key", key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
+    def construct_pairs(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        pairs = []
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            value = self.construct_object(value_node, deep=deep)
+            pairs.append((key, value))
+        return pairs
+
+    @classmethod
+    def add_constructor(cls, tag, constructor):
+        if not 'yaml_constructors' in cls.__dict__:
+            cls.yaml_constructors = cls.yaml_constructors.copy()
+        cls.yaml_constructors[tag] = constructor
+
+    @classmethod
+    def add_multi_constructor(cls, tag_prefix, multi_constructor):
+        if not 'yaml_multi_constructors' in cls.__dict__:
+            cls.yaml_multi_constructors = cls.yaml_multi_constructors.copy()
+        cls.yaml_multi_constructors[tag_prefix] = multi_constructor
+
+class SafeConstructor(BaseConstructor):
+
+    def construct_scalar(self, node):
+        if isinstance(node, MappingNode):
+            for key_node, value_node in node.value:
+                if key_node.tag == 'tag:yaml.org,2002:value':
+                    return self.construct_scalar(value_node)
+        return super().construct_scalar(node)
+
+    def flatten_mapping(self, node):
+        merge = []
+        index = 0
+        while index < len(node.value):
+            key_node, value_node = node.value[index]
+            if key_node.tag == 'tag:yaml.org,2002:merge':
+                del node.value[index]
+                if isinstance(value_node, MappingNode):
+                    self.flatten_mapping(value_node)
+                    merge.extend(value_node.value)
+                elif isinstance(value_node, SequenceNode):
+                    submerge = []
+                    for subnode in value_node.value:
+                        if not isinstance(subnode, MappingNode):
+                            raise ConstructorError("while constructing a mapping",
+                                    node.start_mark,
+                                    "expected a mapping for merging, but found %s"
+                                    % subnode.id, subnode.start_mark)
+                        self.flatten_mapping(subnode)
+                        submerge.append(subnode.value)
+                    submerge.reverse()
+                    for value in submerge:
+                        merge.extend(value)
+                else:
+                    raise ConstructorError("while constructing a mapping", node.start_mark,
+                            "expected a mapping or list of mappings for merging, but found %s"
+                            % value_node.id, value_node.start_mark)
+            elif key_node.tag == 'tag:yaml.org,2002:value':
+                key_node.tag = 'tag:yaml.org,2002:str'
+                index += 1
+            else:
+                index += 1
+        if merge:
+            node.value = merge + node.value
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, MappingNode):
+            self.flatten_mapping(node)
+        return super().construct_mapping(node, deep=deep)
+
+    def construct_yaml_null(self, node):
+        self.construct_scalar(node)
+        return None
+
+    bool_values = {
+        'yes':      True,
+        'no':       False,
+        'true':     True,
+        'false':    False,
+        'on':       True,
+        'off':      False,
+    }
+
+    def construct_yaml_bool(self, node):
+        value = self.construct_scalar(node)
+        return self.bool_values[value.lower()]
+
+    def construct_yaml_int(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '')
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '0':
+            return 0
+        elif value.startswith('0b'):
+            return sign*int(value[2:], 2)
+        elif value.startswith('0x'):
+            return sign*int(value[2:], 16)
+        elif value[0] == '0':
+            return sign*int(value, 8)
+        elif ':' in value:
+            digits = [int(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*int(value)
+
+    inf_value = 1e300
+    while inf_value != inf_value*inf_value:
+        inf_value *= inf_value
+    nan_value = -inf_value/inf_value   # Trying to make a quiet NaN (like C99).
+
+    def construct_yaml_float(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '').lower()
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '.inf':
+            return sign*self.inf_value
+        elif value == '.nan':
+            return self.nan_value
+        elif ':' in value:
+            digits = [float(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0.0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*float(value)
+
+    def construct_yaml_binary(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    timestamp_regexp = re.compile(
+            r'''^(?P<year>[0-9][0-9][0-9][0-9])
+                -(?P<month>[0-9][0-9]?)
+                -(?P<day>[0-9][0-9]?)
+                (?:(?:[Tt]|[ \t]+)
+                (?P<hour>[0-9][0-9]?)
+                :(?P<minute>[0-9][0-9])
+                :(?P<second>[0-9][0-9])
+                (?:\.(?P<fraction>[0-9]*))?
+                (?:[ \t]*(?P<tz>Z|(?P<tz_sign>[-+])(?P<tz_hour>[0-9][0-9]?)
+                (?::(?P<tz_minute>[0-9][0-9]))?))?)?$''', re.X)
+
+    def construct_yaml_timestamp(self, node):
+        value = self.construct_scalar(node)
+        match = self.timestamp_regexp.match(node.value)
+        values = match.groupdict()
+        year = int(values['year'])
+        month = int(values['month'])
+        day = int(values['day'])
+        if not values['hour']:
+            return datetime.date(year, month, day)
+        hour = int(values['hour'])
+        minute = int(values['minute'])
+        second = int(values['second'])
+        fraction = 0
+        tzinfo = None
+        if values['fraction']:
+            fraction = values['fraction'][:6]
+            while len(fraction) < 6:
+                fraction += '0'
+            fraction = int(fraction)
+        if values['tz_sign']:
+            tz_hour = int(values['tz_hour'])
+            tz_minute = int(values['tz_minute'] or 0)
+            delta = datetime.timedelta(hours=tz_hour, minutes=tz_minute)
+            if values['tz_sign'] == '-':
+                delta = -delta
+            tzinfo = datetime.timezone(delta)
+        elif values['tz']:
+            tzinfo = datetime.timezone.utc
+        return datetime.datetime(year, month, day, hour, minute, second, fraction,
+                                 tzinfo=tzinfo)
+
+    def construct_yaml_omap(self, node):
+        # Note: we do not check for duplicate keys, because it's too
+        # CPU-expensive.
+        omap = []
+        yield omap
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing an ordered map", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            omap.append((key, value))
+
+    def construct_yaml_pairs(self, node):
+        # Note: the same code as `construct_yaml_omap`.
+        pairs = []
+        yield pairs
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing pairs", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            pairs.append((key, value))
+
+    def construct_yaml_set(self, node):
+        data = set()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_yaml_seq(self, node):
+        data = []
+        yield data
+        data.extend(self.construct_sequence(node))
+
+    def construct_yaml_map(self, node):
+        data = {}
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_object(self, node, cls):
+        data = cls.__new__(cls)
+        yield data
+        if hasattr(data, '__setstate__'):
+            state = self.construct_mapping(node, deep=True)
+            data.__setstate__(state)
+        else:
+            state = self.construct_mapping(node)
+            data.__dict__.update(state)
+
+    def construct_undefined(self, node):
+        raise ConstructorError(None, None,
+                "could not determine a constructor for the tag %r" % node.tag,
+                node.start_mark)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:null',
+        SafeConstructor.construct_yaml_null)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:bool',
+        SafeConstructor.construct_yaml_bool)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:int',
+        SafeConstructor.construct_yaml_int)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:float',
+        SafeConstructor.construct_yaml_float)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:binary',
+        SafeConstructor.construct_yaml_binary)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:timestamp',
+        SafeConstructor.construct_yaml_timestamp)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:omap',
+        SafeConstructor.construct_yaml_omap)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:pairs',
+        SafeConstructor.construct_yaml_pairs)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:set',
+        SafeConstructor.construct_yaml_set)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:str',
+        SafeConstructor.construct_yaml_str)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:seq',
+        SafeConstructor.construct_yaml_seq)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:map',
+        SafeConstructor.construct_yaml_map)
+
+SafeConstructor.add_constructor(None,
+        SafeConstructor.construct_undefined)
+
+class FullConstructor(SafeConstructor):
+    # 'extend' is blacklisted because it is used by
+    # construct_python_object_apply to add `listitems` to a newly generate
+    # python instance
+    def get_state_keys_blacklist(self):
+        return ['^extend$', '^__.*__$']
+
+    def get_state_keys_blacklist_regexp(self):
+        if not hasattr(self, 'state_keys_blacklist_regexp'):
+            self.state_keys_blacklist_regexp = re.compile('(' + '|'.join(self.get_state_keys_blacklist()) + ')')
+        return self.state_keys_blacklist_regexp
+
+    def construct_python_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_unicode(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_bytes(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    def construct_python_long(self, node):
+        return self.construct_yaml_int(node)
+
+    def construct_python_complex(self, node):
+       return complex(self.construct_scalar(node))
+
+    def construct_python_tuple(self, node):
+        return tuple(self.construct_sequence(node))
+
+    def find_python_module(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if unsafe:
+            try:
+                __import__(name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python module", mark,
+                        "cannot find module %r (%s)" % (name, exc), mark)
+        if name not in sys.modules:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "module %r is not imported" % name, mark)
+        return sys.modules[name]
+
+    def find_python_name(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if '.' in name:
+            module_name, object_name = name.rsplit('.', 1)
+        else:
+            module_name = 'builtins'
+            object_name = name
+        if unsafe:
+            try:
+                __import__(module_name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python object", mark,
+                        "cannot find module %r (%s)" % (module_name, exc), mark)
+        if module_name not in sys.modules:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "module %r is not imported" % module_name, mark)
+        module = sys.modules[module_name]
+        if not hasattr(module, object_name):
+            raise ConstructorError("while constructing a Python object", mark,
+                    "cannot find %r in the module %r"
+                    % (object_name, module.__name__), mark)
+        return getattr(module, object_name)
+
+    def construct_python_name(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python name", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_name(suffix, node.start_mark)
+
+    def construct_python_module(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python module", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_module(suffix, node.start_mark)
+
+    def make_python_instance(self, suffix, node,
+            args=None, kwds=None, newobj=False, unsafe=False):
+        if not args:
+            args = []
+        if not kwds:
+            kwds = {}
+        cls = self.find_python_name(suffix, node.start_mark)
+        if not (unsafe or isinstance(cls, type)):
+            raise ConstructorError("while constructing a Python instance", node.start_mark,
+                    "expected a class, but found %r" % type(cls),
+                    node.start_mark)
+        if newobj and isinstance(cls, type):
+            return cls.__new__(cls, *args, **kwds)
+        else:
+            return cls(*args, **kwds)
+
+    def set_python_instance_state(self, instance, state, unsafe=False):
+        if hasattr(instance, '__setstate__'):
+            instance.__setstate__(state)
+        else:
+            slotstate = {}
+            if isinstance(state, tuple) and len(state) == 2:
+                state, slotstate = state
+            if hasattr(instance, '__dict__'):
+                if not unsafe and state:
+                    for key in state.keys():
+                        self.check_state_key(key)
+                instance.__dict__.update(state)
+            elif state:
+                slotstate.update(state)
+            for key, value in slotstate.items():
+                if not unsafe:
+                    self.check_state_key(key)
+                setattr(instance, key, value)
+
+    def construct_python_object(self, suffix, node):
+        # Format:
+        #   !!python/object:module.name { ... state ... }
+        instance = self.make_python_instance(suffix, node, newobj=True)
+        yield instance
+        deep = hasattr(instance, '__setstate__')
+        state = self.construct_mapping(node, deep=deep)
+        self.set_python_instance_state(instance, state)
+
+    def construct_python_object_apply(self, suffix, node, newobj=False):
+        # Format:
+        #   !!python/object/apply       # (or !!python/object/new)
+        #   args: [ ... arguments ... ]
+        #   kwds: { ... keywords ... }
+        #   state: ... state ...
+        #   listitems: [ ... listitems ... ]
+        #   dictitems: { ... dictitems ... }
+        # or short format:
+        #   !!python/object/apply [ ... arguments ... ]
+        # The difference between !!python/object/apply and !!python/object/new
+        # is how an object is created, check make_python_instance for details.
+        if isinstance(node, SequenceNode):
+            args = self.construct_sequence(node, deep=True)
+            kwds = {}
+            state = {}
+            listitems = []
+            dictitems = {}
+        else:
+            value = self.construct_mapping(node, deep=True)
+            args = value.get('args', [])
+            kwds = value.get('kwds', {})
+            state = value.get('state', {})
+            listitems = value.get('listitems', [])
+            dictitems = value.get('dictitems', {})
+        instance = self.make_python_instance(suffix, node, args, kwds, newobj)
+        if state:
+            self.set_python_instance_state(instance, state)
+        if listitems:
+            instance.extend(listitems)
+        if dictitems:
+            for key in dictitems:
+                instance[key] = dictitems[key]
+        return instance
+
+    def construct_python_object_new(self, suffix, node):
+        return self.construct_python_object_apply(suffix, node, newobj=True)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/none',
+    FullConstructor.construct_yaml_null)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bool',
+    FullConstructor.construct_yaml_bool)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/str',
+    FullConstructor.construct_python_str)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/unicode',
+    FullConstructor.construct_python_unicode)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bytes',
+    FullConstructor.construct_python_bytes)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/int',
+    FullConstructor.construct_yaml_int)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/long',
+    FullConstructor.construct_python_long)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/float',
+    FullConstructor.construct_yaml_float)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/complex',
+    FullConstructor.construct_python_complex)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/list',
+    FullConstructor.construct_yaml_seq)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/tuple',
+    FullConstructor.construct_python_tuple)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/dict',
+    FullConstructor.construct_yaml_map)
+
+FullConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/name:',
+    FullConstructor.construct_python_name)
+
+class UnsafeConstructor(FullConstructor):
+
+    def find_python_module(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_module(name, mark, unsafe=True)
+
+    def find_python_name(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_name(name, mark, unsafe=True)
+
+    def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False):
+        return super(UnsafeConstructor, self).make_python_instance(
+            suffix, node, args, kwds, newobj, unsafe=True)
+
+    def set_python_instance_state(self, instance, state):
+        return super(UnsafeConstructor, self).set_python_instance_state(
+            instance, state, unsafe=True)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/module:',
+    UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object:',
+    UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/new:',
+    UnsafeConstructor.construct_python_object_new)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/apply:',
+    UnsafeConstructor.construct_python_object_apply)
+
+# Constructor is same as UnsafeConstructor. Need to leave this in place in case
+# people have extended it directly.
+class Constructor(UnsafeConstructor):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/cyaml.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/cyaml.py
new file mode 100644
index 000000000..0c2134587
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/cyaml.py
@@ -0,0 +1,101 @@
+
+__all__ = [
+    'CBaseLoader', 'CSafeLoader', 'CFullLoader', 'CUnsafeLoader', 'CLoader',
+    'CBaseDumper', 'CSafeDumper', 'CDumper'
+]
+
+from yaml._yaml import CParser, CEmitter
+
+from .constructor import *
+
+from .serializer import *
+from .representer import *
+
+from .resolver import *
+
+class CBaseLoader(CParser, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class CSafeLoader(CParser, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CFullLoader(CParser, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CUnsafeLoader(CParser, UnsafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        UnsafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CLoader(CParser, Constructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CDumper(CEmitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/dumper.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/dumper.py
new file mode 100644
index 000000000..6aadba551
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/dumper.py
@@ -0,0 +1,62 @@
+
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+
+from .emitter import *
+from .serializer import *
+from .representer import *
+from .resolver import *
+
+class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class Dumper(Emitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/emitter.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/emitter.py
new file mode 100644
index 000000000..a664d0111
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/emitter.py
@@ -0,0 +1,1137 @@
+
+# Emitter expects events obeying the following grammar:
+# stream ::= STREAM-START document* STREAM-END
+# document ::= DOCUMENT-START node DOCUMENT-END
+# node ::= SCALAR | sequence | mapping
+# sequence ::= SEQUENCE-START node* SEQUENCE-END
+# mapping ::= MAPPING-START (node node)* MAPPING-END
+
+__all__ = ['Emitter', 'EmitterError']
+
+from .error import YAMLError
+from .events import *
+
+class EmitterError(YAMLError):
+    pass
+
+class ScalarAnalysis:
+    def __init__(self, scalar, empty, multiline,
+            allow_flow_plain, allow_block_plain,
+            allow_single_quoted, allow_double_quoted,
+            allow_block):
+        self.scalar = scalar
+        self.empty = empty
+        self.multiline = multiline
+        self.allow_flow_plain = allow_flow_plain
+        self.allow_block_plain = allow_block_plain
+        self.allow_single_quoted = allow_single_quoted
+        self.allow_double_quoted = allow_double_quoted
+        self.allow_block = allow_block
+
+class Emitter:
+
+    DEFAULT_TAG_PREFIXES = {
+        '!' : '!',
+        'tag:yaml.org,2002:' : '!!',
+    }
+
+    def __init__(self, stream, canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None):
+
+        # The stream should have the methods `write` and possibly `flush`.
+        self.stream = stream
+
+        # Encoding can be overridden by STREAM-START.
+        self.encoding = None
+
+        # Emitter is a state machine with a stack of states to handle nested
+        # structures.
+        self.states = []
+        self.state = self.expect_stream_start
+
+        # Current event and the event queue.
+        self.events = []
+        self.event = None
+
+        # The current indentation level and the stack of previous indents.
+        self.indents = []
+        self.indent = None
+
+        # Flow level.
+        self.flow_level = 0
+
+        # Contexts.
+        self.root_context = False
+        self.sequence_context = False
+        self.mapping_context = False
+        self.simple_key_context = False
+
+        # Characteristics of the last emitted character:
+        #  - current position.
+        #  - is it a whitespace?
+        #  - is it an indention character
+        #    (indentation space, '-', '?', or ':')?
+        self.line = 0
+        self.column = 0
+        self.whitespace = True
+        self.indention = True
+
+        # Whether the document requires an explicit document indicator
+        self.open_ended = False
+
+        # Formatting details.
+        self.canonical = canonical
+        self.allow_unicode = allow_unicode
+        self.best_indent = 2
+        if indent and 1 < indent < 10:
+            self.best_indent = indent
+        self.best_width = 80
+        if width and width > self.best_indent*2:
+            self.best_width = width
+        self.best_line_break = '\n'
+        if line_break in ['\r', '\n', '\r\n']:
+            self.best_line_break = line_break
+
+        # Tag prefixes.
+        self.tag_prefixes = None
+
+        # Prepared anchor and tag.
+        self.prepared_anchor = None
+        self.prepared_tag = None
+
+        # Scalar analysis and style.
+        self.analysis = None
+        self.style = None
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def emit(self, event):
+        self.events.append(event)
+        while not self.need_more_events():
+            self.event = self.events.pop(0)
+            self.state()
+            self.event = None
+
+    # In some cases, we wait for a few next events before emitting.
+
+    def need_more_events(self):
+        if not self.events:
+            return True
+        event = self.events[0]
+        if isinstance(event, DocumentStartEvent):
+            return self.need_events(1)
+        elif isinstance(event, SequenceStartEvent):
+            return self.need_events(2)
+        elif isinstance(event, MappingStartEvent):
+            return self.need_events(3)
+        else:
+            return False
+
+    def need_events(self, count):
+        level = 0
+        for event in self.events[1:]:
+            if isinstance(event, (DocumentStartEvent, CollectionStartEvent)):
+                level += 1
+            elif isinstance(event, (DocumentEndEvent, CollectionEndEvent)):
+                level -= 1
+            elif isinstance(event, StreamEndEvent):
+                level = -1
+            if level < 0:
+                return False
+        return (len(self.events) < count+1)
+
+    def increase_indent(self, flow=False, indentless=False):
+        self.indents.append(self.indent)
+        if self.indent is None:
+            if flow:
+                self.indent = self.best_indent
+            else:
+                self.indent = 0
+        elif not indentless:
+            self.indent += self.best_indent
+
+    # States.
+
+    # Stream handlers.
+
+    def expect_stream_start(self):
+        if isinstance(self.event, StreamStartEvent):
+            if self.event.encoding and not hasattr(self.stream, 'encoding'):
+                self.encoding = self.event.encoding
+            self.write_stream_start()
+            self.state = self.expect_first_document_start
+        else:
+            raise EmitterError("expected StreamStartEvent, but got %s"
+                    % self.event)
+
+    def expect_nothing(self):
+        raise EmitterError("expected nothing, but got %s" % self.event)
+
+    # Document handlers.
+
+    def expect_first_document_start(self):
+        return self.expect_document_start(first=True)
+
+    def expect_document_start(self, first=False):
+        if isinstance(self.event, DocumentStartEvent):
+            if (self.event.version or self.event.tags) and self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            if self.event.version:
+                version_text = self.prepare_version(self.event.version)
+                self.write_version_directive(version_text)
+            self.tag_prefixes = self.DEFAULT_TAG_PREFIXES.copy()
+            if self.event.tags:
+                handles = sorted(self.event.tags.keys())
+                for handle in handles:
+                    prefix = self.event.tags[handle]
+                    self.tag_prefixes[prefix] = handle
+                    handle_text = self.prepare_tag_handle(handle)
+                    prefix_text = self.prepare_tag_prefix(prefix)
+                    self.write_tag_directive(handle_text, prefix_text)
+            implicit = (first and not self.event.explicit and not self.canonical
+                    and not self.event.version and not self.event.tags
+                    and not self.check_empty_document())
+            if not implicit:
+                self.write_indent()
+                self.write_indicator('---', True)
+                if self.canonical:
+                    self.write_indent()
+            self.state = self.expect_document_root
+        elif isinstance(self.event, StreamEndEvent):
+            if self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.write_stream_end()
+            self.state = self.expect_nothing
+        else:
+            raise EmitterError("expected DocumentStartEvent, but got %s"
+                    % self.event)
+
+    def expect_document_end(self):
+        if isinstance(self.event, DocumentEndEvent):
+            self.write_indent()
+            if self.event.explicit:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.flush_stream()
+            self.state = self.expect_document_start
+        else:
+            raise EmitterError("expected DocumentEndEvent, but got %s"
+                    % self.event)
+
+    def expect_document_root(self):
+        self.states.append(self.expect_document_end)
+        self.expect_node(root=True)
+
+    # Node handlers.
+
+    def expect_node(self, root=False, sequence=False, mapping=False,
+            simple_key=False):
+        self.root_context = root
+        self.sequence_context = sequence
+        self.mapping_context = mapping
+        self.simple_key_context = simple_key
+        if isinstance(self.event, AliasEvent):
+            self.expect_alias()
+        elif isinstance(self.event, (ScalarEvent, CollectionStartEvent)):
+            self.process_anchor('&')
+            self.process_tag()
+            if isinstance(self.event, ScalarEvent):
+                self.expect_scalar()
+            elif isinstance(self.event, SequenceStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_sequence():
+                    self.expect_flow_sequence()
+                else:
+                    self.expect_block_sequence()
+            elif isinstance(self.event, MappingStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_mapping():
+                    self.expect_flow_mapping()
+                else:
+                    self.expect_block_mapping()
+        else:
+            raise EmitterError("expected NodeEvent, but got %s" % self.event)
+
+    def expect_alias(self):
+        if self.event.anchor is None:
+            raise EmitterError("anchor is not specified for alias")
+        self.process_anchor('*')
+        self.state = self.states.pop()
+
+    def expect_scalar(self):
+        self.increase_indent(flow=True)
+        self.process_scalar()
+        self.indent = self.indents.pop()
+        self.state = self.states.pop()
+
+    # Flow sequence handlers.
+
+    def expect_flow_sequence(self):
+        self.write_indicator('[', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_sequence_item
+
+    def expect_first_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    def expect_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Flow mapping handlers.
+
+    def expect_flow_mapping(self):
+        self.write_indicator('{', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_mapping_key
+
+    def expect_first_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_flow_mapping_value(self):
+        if self.canonical or self.column > self.best_width:
+            self.write_indent()
+        self.write_indicator(':', True)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Block sequence handlers.
+
+    def expect_block_sequence(self):
+        indentless = (self.mapping_context and not self.indention)
+        self.increase_indent(flow=False, indentless=indentless)
+        self.state = self.expect_first_block_sequence_item
+
+    def expect_first_block_sequence_item(self):
+        return self.expect_block_sequence_item(first=True)
+
+    def expect_block_sequence_item(self, first=False):
+        if not first and isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            self.write_indicator('-', True, indention=True)
+            self.states.append(self.expect_block_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Block mapping handlers.
+
+    def expect_block_mapping(self):
+        self.increase_indent(flow=False)
+        self.state = self.expect_first_block_mapping_key
+
+    def expect_first_block_mapping_key(self):
+        return self.expect_block_mapping_key(first=True)
+
+    def expect_block_mapping_key(self, first=False):
+        if not first and isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            if self.check_simple_key():
+                self.states.append(self.expect_block_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True, indention=True)
+                self.states.append(self.expect_block_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_block_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_block_mapping_value(self):
+        self.write_indent()
+        self.write_indicator(':', True, indention=True)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Checkers.
+
+    def check_empty_sequence(self):
+        return (isinstance(self.event, SequenceStartEvent) and self.events
+                and isinstance(self.events[0], SequenceEndEvent))
+
+    def check_empty_mapping(self):
+        return (isinstance(self.event, MappingStartEvent) and self.events
+                and isinstance(self.events[0], MappingEndEvent))
+
+    def check_empty_document(self):
+        if not isinstance(self.event, DocumentStartEvent) or not self.events:
+            return False
+        event = self.events[0]
+        return (isinstance(event, ScalarEvent) and event.anchor is None
+                and event.tag is None and event.implicit and event.value == '')
+
+    def check_simple_key(self):
+        length = 0
+        if isinstance(self.event, NodeEvent) and self.event.anchor is not None:
+            if self.prepared_anchor is None:
+                self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+            length += len(self.prepared_anchor)
+        if isinstance(self.event, (ScalarEvent, CollectionStartEvent))  \
+                and self.event.tag is not None:
+            if self.prepared_tag is None:
+                self.prepared_tag = self.prepare_tag(self.event.tag)
+            length += len(self.prepared_tag)
+        if isinstance(self.event, ScalarEvent):
+            if self.analysis is None:
+                self.analysis = self.analyze_scalar(self.event.value)
+            length += len(self.analysis.scalar)
+        return (length < 128 and (isinstance(self.event, AliasEvent)
+            or (isinstance(self.event, ScalarEvent)
+                    and not self.analysis.empty and not self.analysis.multiline)
+            or self.check_empty_sequence() or self.check_empty_mapping()))
+
+    # Anchor, Tag, and Scalar processors.
+
+    def process_anchor(self, indicator):
+        if self.event.anchor is None:
+            self.prepared_anchor = None
+            return
+        if self.prepared_anchor is None:
+            self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+        if self.prepared_anchor:
+            self.write_indicator(indicator+self.prepared_anchor, True)
+        self.prepared_anchor = None
+
+    def process_tag(self):
+        tag = self.event.tag
+        if isinstance(self.event, ScalarEvent):
+            if self.style is None:
+                self.style = self.choose_scalar_style()
+            if ((not self.canonical or tag is None) and
+                ((self.style == '' and self.event.implicit[0])
+                        or (self.style != '' and self.event.implicit[1]))):
+                self.prepared_tag = None
+                return
+            if self.event.implicit[0] and tag is None:
+                tag = '!'
+                self.prepared_tag = None
+        else:
+            if (not self.canonical or tag is None) and self.event.implicit:
+                self.prepared_tag = None
+                return
+        if tag is None:
+            raise EmitterError("tag is not specified")
+        if self.prepared_tag is None:
+            self.prepared_tag = self.prepare_tag(tag)
+        if self.prepared_tag:
+            self.write_indicator(self.prepared_tag, True)
+        self.prepared_tag = None
+
+    def choose_scalar_style(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.event.style == '"' or self.canonical:
+            return '"'
+        if not self.event.style and self.event.implicit[0]:
+            if (not (self.simple_key_context and
+                    (self.analysis.empty or self.analysis.multiline))
+                and (self.flow_level and self.analysis.allow_flow_plain
+                    or (not self.flow_level and self.analysis.allow_block_plain))):
+                return ''
+        if self.event.style and self.event.style in '|>':
+            if (not self.flow_level and not self.simple_key_context
+                    and self.analysis.allow_block):
+                return self.event.style
+        if not self.event.style or self.event.style == '\'':
+            if (self.analysis.allow_single_quoted and
+                    not (self.simple_key_context and self.analysis.multiline)):
+                return '\''
+        return '"'
+
+    def process_scalar(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.style is None:
+            self.style = self.choose_scalar_style()
+        split = (not self.simple_key_context)
+        #if self.analysis.multiline and split    \
+        #        and (not self.style or self.style in '\'\"'):
+        #    self.write_indent()
+        if self.style == '"':
+            self.write_double_quoted(self.analysis.scalar, split)
+        elif self.style == '\'':
+            self.write_single_quoted(self.analysis.scalar, split)
+        elif self.style == '>':
+            self.write_folded(self.analysis.scalar)
+        elif self.style == '|':
+            self.write_literal(self.analysis.scalar)
+        else:
+            self.write_plain(self.analysis.scalar, split)
+        self.analysis = None
+        self.style = None
+
+    # Analyzers.
+
+    def prepare_version(self, version):
+        major, minor = version
+        if major != 1:
+            raise EmitterError("unsupported YAML version: %d.%d" % (major, minor))
+        return '%d.%d' % (major, minor)
+
+    def prepare_tag_handle(self, handle):
+        if not handle:
+            raise EmitterError("tag handle must not be empty")
+        if handle[0] != '!' or handle[-1] != '!':
+            raise EmitterError("tag handle must start and end with '!': %r" % handle)
+        for ch in handle[1:-1]:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the tag handle: %r"
+                        % (ch, handle))
+        return handle
+
+    def prepare_tag_prefix(self, prefix):
+        if not prefix:
+            raise EmitterError("tag prefix must not be empty")
+        chunks = []
+        start = end = 0
+        if prefix[0] == '!':
+            end = 1
+        while end < len(prefix):
+            ch = prefix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?!:@&=+$,_.~*\'()[]':
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(prefix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ord(ch))
+        if start < end:
+            chunks.append(prefix[start:end])
+        return ''.join(chunks)
+
+    def prepare_tag(self, tag):
+        if not tag:
+            raise EmitterError("tag must not be empty")
+        if tag == '!':
+            return tag
+        handle = None
+        suffix = tag
+        prefixes = sorted(self.tag_prefixes.keys())
+        for prefix in prefixes:
+            if tag.startswith(prefix)   \
+                    and (prefix == '!' or len(prefix) < len(tag)):
+                handle = self.tag_prefixes[prefix]
+                suffix = tag[len(prefix):]
+        chunks = []
+        start = end = 0
+        while end < len(suffix):
+            ch = suffix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?:@&=+$,_.~*\'()[]'   \
+                    or (ch == '!' and handle != '!'):
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(suffix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ch)
+        if start < end:
+            chunks.append(suffix[start:end])
+        suffix_text = ''.join(chunks)
+        if handle:
+            return '%s%s' % (handle, suffix_text)
+        else:
+            return '!<%s>' % suffix_text
+
+    def prepare_anchor(self, anchor):
+        if not anchor:
+            raise EmitterError("anchor must not be empty")
+        for ch in anchor:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the anchor: %r"
+                        % (ch, anchor))
+        return anchor
+
+    def analyze_scalar(self, scalar):
+
+        # Empty scalar is a special case.
+        if not scalar:
+            return ScalarAnalysis(scalar=scalar, empty=True, multiline=False,
+                    allow_flow_plain=False, allow_block_plain=True,
+                    allow_single_quoted=True, allow_double_quoted=True,
+                    allow_block=False)
+
+        # Indicators and special characters.
+        block_indicators = False
+        flow_indicators = False
+        line_breaks = False
+        special_characters = False
+
+        # Important whitespace combinations.
+        leading_space = False
+        leading_break = False
+        trailing_space = False
+        trailing_break = False
+        break_space = False
+        space_break = False
+
+        # Check document indicators.
+        if scalar.startswith('---') or scalar.startswith('...'):
+            block_indicators = True
+            flow_indicators = True
+
+        # First character or preceded by a whitespace.
+        preceded_by_whitespace = True
+
+        # Last character or followed by a whitespace.
+        followed_by_whitespace = (len(scalar) == 1 or
+                scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # The previous character is a space.
+        previous_space = False
+
+        # The previous character is a break.
+        previous_break = False
+
+        index = 0
+        while index < len(scalar):
+            ch = scalar[index]
+
+            # Check for indicators.
+            if index == 0:
+                # Leading indicators are special characters.
+                if ch in '#,[]{}&*!|>\'\"%@`':
+                    flow_indicators = True
+                    block_indicators = True
+                if ch in '?:':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '-' and followed_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+            else:
+                # Some indicators cannot appear within a scalar as well.
+                if ch in ',?[]{}':
+                    flow_indicators = True
+                if ch == ':':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '#' and preceded_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+
+            # Check for line breaks, special, and unicode characters.
+            if ch in '\n\x85\u2028\u2029':
+                line_breaks = True
+            if not (ch == '\n' or '\x20' <= ch <= '\x7E'):
+                if (ch == '\x85' or '\xA0' <= ch <= '\uD7FF'
+                        or '\uE000' <= ch <= '\uFFFD'
+                        or '\U00010000' <= ch < '\U0010ffff') and ch != '\uFEFF':
+                    unicode_characters = True
+                    if not self.allow_unicode:
+                        special_characters = True
+                else:
+                    special_characters = True
+
+            # Detect important whitespace combinations.
+            if ch == ' ':
+                if index == 0:
+                    leading_space = True
+                if index == len(scalar)-1:
+                    trailing_space = True
+                if previous_break:
+                    break_space = True
+                previous_space = True
+                previous_break = False
+            elif ch in '\n\x85\u2028\u2029':
+                if index == 0:
+                    leading_break = True
+                if index == len(scalar)-1:
+                    trailing_break = True
+                if previous_space:
+                    space_break = True
+                previous_space = False
+                previous_break = True
+            else:
+                previous_space = False
+                previous_break = False
+
+            # Prepare for the next character.
+            index += 1
+            preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
+            followed_by_whitespace = (index+1 >= len(scalar) or
+                    scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # Let's decide what styles are allowed.
+        allow_flow_plain = True
+        allow_block_plain = True
+        allow_single_quoted = True
+        allow_double_quoted = True
+        allow_block = True
+
+        # Leading and trailing whitespaces are bad for plain scalars.
+        if (leading_space or leading_break
+                or trailing_space or trailing_break):
+            allow_flow_plain = allow_block_plain = False
+
+        # We do not permit trailing spaces for block scalars.
+        if trailing_space:
+            allow_block = False
+
+        # Spaces at the beginning of a new line are only acceptable for block
+        # scalars.
+        if break_space:
+            allow_flow_plain = allow_block_plain = allow_single_quoted = False
+
+        # Spaces followed by breaks, as well as special character are only
+        # allowed for double quoted scalars.
+        if space_break or special_characters:
+            allow_flow_plain = allow_block_plain =  \
+            allow_single_quoted = allow_block = False
+
+        # Although the plain scalar writer supports breaks, we never emit
+        # multiline plain scalars.
+        if line_breaks:
+            allow_flow_plain = allow_block_plain = False
+
+        # Flow indicators are forbidden for flow plain scalars.
+        if flow_indicators:
+            allow_flow_plain = False
+
+        # Block indicators are forbidden for block plain scalars.
+        if block_indicators:
+            allow_block_plain = False
+
+        return ScalarAnalysis(scalar=scalar,
+                empty=False, multiline=line_breaks,
+                allow_flow_plain=allow_flow_plain,
+                allow_block_plain=allow_block_plain,
+                allow_single_quoted=allow_single_quoted,
+                allow_double_quoted=allow_double_quoted,
+                allow_block=allow_block)
+
+    # Writers.
+
+    def flush_stream(self):
+        if hasattr(self.stream, 'flush'):
+            self.stream.flush()
+
+    def write_stream_start(self):
+        # Write BOM if needed.
+        if self.encoding and self.encoding.startswith('utf-16'):
+            self.stream.write('\uFEFF'.encode(self.encoding))
+
+    def write_stream_end(self):
+        self.flush_stream()
+
+    def write_indicator(self, indicator, need_whitespace,
+            whitespace=False, indention=False):
+        if self.whitespace or not need_whitespace:
+            data = indicator
+        else:
+            data = ' '+indicator
+        self.whitespace = whitespace
+        self.indention = self.indention and indention
+        self.column += len(data)
+        self.open_ended = False
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_indent(self):
+        indent = self.indent or 0
+        if not self.indention or self.column > indent   \
+                or (self.column == indent and not self.whitespace):
+            self.write_line_break()
+        if self.column < indent:
+            self.whitespace = True
+            data = ' '*(indent-self.column)
+            self.column = indent
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+
+    def write_line_break(self, data=None):
+        if data is None:
+            data = self.best_line_break
+        self.whitespace = True
+        self.indention = True
+        self.line += 1
+        self.column = 0
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_version_directive(self, version_text):
+        data = '%%YAML %s' % version_text
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    def write_tag_directive(self, handle_text, prefix_text):
+        data = '%%TAG %s %s' % (handle_text, prefix_text)
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    # Scalar streams.
+
+    def write_single_quoted(self, text, split=True):
+        self.write_indicator('\'', True)
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch is None or ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split   \
+                            and start != 0 and end != len(text):
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029' or ch == '\'':
+                    if start < end:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                        start = end
+            if ch == '\'':
+                data = '\'\''
+                self.column += 2
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                start = end + 1
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+        self.write_indicator('\'', False)
+
+    ESCAPE_REPLACEMENTS = {
+        '\0':       '0',
+        '\x07':     'a',
+        '\x08':     'b',
+        '\x09':     't',
+        '\x0A':     'n',
+        '\x0B':     'v',
+        '\x0C':     'f',
+        '\x0D':     'r',
+        '\x1B':     'e',
+        '\"':       '\"',
+        '\\':       '\\',
+        '\x85':     'N',
+        '\xA0':     '_',
+        '\u2028':   'L',
+        '\u2029':   'P',
+    }
+
+    def write_double_quoted(self, text, split=True):
+        self.write_indicator('"', True)
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if ch is None or ch in '"\\\x85\u2028\u2029\uFEFF' \
+                    or not ('\x20' <= ch <= '\x7E'
+                        or (self.allow_unicode
+                            and ('\xA0' <= ch <= '\uD7FF'
+                                or '\uE000' <= ch <= '\uFFFD'))):
+                if start < end:
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+                if ch is not None:
+                    if ch in self.ESCAPE_REPLACEMENTS:
+                        data = '\\'+self.ESCAPE_REPLACEMENTS[ch]
+                    elif ch <= '\xFF':
+                        data = '\\x%02X' % ord(ch)
+                    elif ch <= '\uFFFF':
+                        data = '\\u%04X' % ord(ch)
+                    else:
+                        data = '\\U%08X' % ord(ch)
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end+1
+            if 0 < end < len(text)-1 and (ch == ' ' or start >= end)    \
+                    and self.column+(end-start) > self.best_width and split:
+                data = text[start:end]+'\\'
+                if start < end:
+                    start = end
+                self.column += len(data)
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                self.write_indent()
+                self.whitespace = False
+                self.indention = False
+                if text[start] == ' ':
+                    data = '\\'
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+            end += 1
+        self.write_indicator('"', False)
+
+    def determine_block_hints(self, text):
+        hints = ''
+        if text:
+            if text[0] in ' \n\x85\u2028\u2029':
+                hints += str(self.best_indent)
+            if text[-1] not in '\n\x85\u2028\u2029':
+                hints += '-'
+            elif len(text) == 1 or text[-2] in '\n\x85\u2028\u2029':
+                hints += '+'
+        return hints
+
+    def write_folded(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('>'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        leading_space = True
+        spaces = False
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if not leading_space and ch is not None and ch != ' '   \
+                            and text[start] == '\n':
+                        self.write_line_break()
+                    leading_space = (ch == ' ')
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            elif spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width:
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+                spaces = (ch == ' ')
+            end += 1
+
+    def write_literal(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('|'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in '\n\x85\u2028\u2029':
+                    data = text[start:end]
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+
+    def write_plain(self, text, split=True):
+        if self.root_context:
+            self.open_ended = True
+        if not text:
+            return
+        if not self.whitespace:
+            data = ' '
+            self.column += len(data)
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+        self.whitespace = False
+        self.indention = False
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split:
+                        self.write_indent()
+                        self.whitespace = False
+                        self.indention = False
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    self.whitespace = False
+                    self.indention = False
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/error.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/error.py
new file mode 100644
index 000000000..b796b4dc5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/error.py
@@ -0,0 +1,75 @@
+
+__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
+
+class Mark:
+
+    def __init__(self, name, index, line, column, buffer, pointer):
+        self.name = name
+        self.index = index
+        self.line = line
+        self.column = column
+        self.buffer = buffer
+        self.pointer = pointer
+
+    def get_snippet(self, indent=4, max_length=75):
+        if self.buffer is None:
+            return None
+        head = ''
+        start = self.pointer
+        while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
+            start -= 1
+            if self.pointer-start > max_length/2-1:
+                head = ' ... '
+                start += 5
+                break
+        tail = ''
+        end = self.pointer
+        while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
+            end += 1
+            if end-self.pointer > max_length/2-1:
+                tail = ' ... '
+                end -= 5
+                break
+        snippet = self.buffer[start:end]
+        return ' '*indent + head + snippet + tail + '\n'  \
+                + ' '*(indent+self.pointer-start+len(head)) + '^'
+
+    def __str__(self):
+        snippet = self.get_snippet()
+        where = "  in \"%s\", line %d, column %d"   \
+                % (self.name, self.line+1, self.column+1)
+        if snippet is not None:
+            where += ":\n"+snippet
+        return where
+
+class YAMLError(Exception):
+    pass
+
+class MarkedYAMLError(YAMLError):
+
+    def __init__(self, context=None, context_mark=None,
+            problem=None, problem_mark=None, note=None):
+        self.context = context
+        self.context_mark = context_mark
+        self.problem = problem
+        self.problem_mark = problem_mark
+        self.note = note
+
+    def __str__(self):
+        lines = []
+        if self.context is not None:
+            lines.append(self.context)
+        if self.context_mark is not None  \
+            and (self.problem is None or self.problem_mark is None
+                    or self.context_mark.name != self.problem_mark.name
+                    or self.context_mark.line != self.problem_mark.line
+                    or self.context_mark.column != self.problem_mark.column):
+            lines.append(str(self.context_mark))
+        if self.problem is not None:
+            lines.append(self.problem)
+        if self.problem_mark is not None:
+            lines.append(str(self.problem_mark))
+        if self.note is not None:
+            lines.append(self.note)
+        return '\n'.join(lines)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/events.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/events.py
new file mode 100644
index 000000000..f79ad389c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/events.py
@@ -0,0 +1,86 @@
+
+# Abstract classes.
+
+class Event(object):
+    def __init__(self, start_mark=None, end_mark=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in ['anchor', 'tag', 'implicit', 'value']
+                if hasattr(self, key)]
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+class NodeEvent(Event):
+    def __init__(self, anchor, start_mark=None, end_mark=None):
+        self.anchor = anchor
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class CollectionStartEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, start_mark=None, end_mark=None,
+            flow_style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class CollectionEndEvent(Event):
+    pass
+
+# Implementations.
+
+class StreamStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None, encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndEvent(Event):
+    pass
+
+class DocumentStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None, version=None, tags=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+        self.version = version
+        self.tags = tags
+
+class DocumentEndEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+
+class AliasEvent(NodeEvent):
+    pass
+
+class ScalarEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, value,
+            start_mark=None, end_mark=None, style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class SequenceStartEvent(CollectionStartEvent):
+    pass
+
+class SequenceEndEvent(CollectionEndEvent):
+    pass
+
+class MappingStartEvent(CollectionStartEvent):
+    pass
+
+class MappingEndEvent(CollectionEndEvent):
+    pass
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/loader.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/loader.py
new file mode 100644
index 000000000..e90c11224
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/loader.py
@@ -0,0 +1,63 @@
+
+__all__ = ['BaseLoader', 'FullLoader', 'SafeLoader', 'Loader', 'UnsafeLoader']
+
+from .reader import *
+from .scanner import *
+from .parser import *
+from .composer import *
+from .constructor import *
+from .resolver import *
+
+class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class FullLoader(Reader, Scanner, Parser, Composer, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+# UnsafeLoader is the same as Loader (which is and was always unsafe on
+# untrusted input). Use of either Loader or UnsafeLoader should be rare, since
+# FullLoad should be able to load almost all YAML safely. Loader is left intact
+# to ensure backwards compatibility.
+class UnsafeLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/nodes.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/nodes.py
new file mode 100644
index 000000000..c4f070c41
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/nodes.py
@@ -0,0 +1,49 @@
+
+class Node(object):
+    def __init__(self, tag, value, start_mark, end_mark):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        value = self.value
+        #if isinstance(value, list):
+        #    if len(value) == 0:
+        #        value = '<empty>'
+        #    elif len(value) == 1:
+        #        value = '<1 item>'
+        #    else:
+        #        value = '<%d items>' % len(value)
+        #else:
+        #    if len(value) > 75:
+        #        value = repr(value[:70]+u' ... ')
+        #    else:
+        #        value = repr(value)
+        value = repr(value)
+        return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
+
+class ScalarNode(Node):
+    id = 'scalar'
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class CollectionNode(Node):
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, flow_style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class SequenceNode(CollectionNode):
+    id = 'sequence'
+
+class MappingNode(CollectionNode):
+    id = 'mapping'
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/parser.py
new file mode 100644
index 000000000..13a5995d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/parser.py
@@ -0,0 +1,589 @@
+
+# The following YAML grammar is LL(1) and is parsed by a recursive descent
+# parser.
+#
+# stream            ::= STREAM-START implicit_document? explicit_document* STREAM-END
+# implicit_document ::= block_node DOCUMENT-END*
+# explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+# block_node_or_indentless_sequence ::=
+#                       ALIAS
+#                       | properties (block_content | indentless_block_sequence)?
+#                       | block_content
+#                       | indentless_block_sequence
+# block_node        ::= ALIAS
+#                       | properties block_content?
+#                       | block_content
+# flow_node         ::= ALIAS
+#                       | properties flow_content?
+#                       | flow_content
+# properties        ::= TAG ANCHOR? | ANCHOR TAG?
+# block_content     ::= block_collection | flow_collection | SCALAR
+# flow_content      ::= flow_collection | SCALAR
+# block_collection  ::= block_sequence | block_mapping
+# flow_collection   ::= flow_sequence | flow_mapping
+# block_sequence    ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+# indentless_sequence   ::= (BLOCK-ENTRY block_node?)+
+# block_mapping     ::= BLOCK-MAPPING_START
+#                       ((KEY block_node_or_indentless_sequence?)?
+#                       (VALUE block_node_or_indentless_sequence?)?)*
+#                       BLOCK-END
+# flow_sequence     ::= FLOW-SEQUENCE-START
+#                       (flow_sequence_entry FLOW-ENTRY)*
+#                       flow_sequence_entry?
+#                       FLOW-SEQUENCE-END
+# flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+# flow_mapping      ::= FLOW-MAPPING-START
+#                       (flow_mapping_entry FLOW-ENTRY)*
+#                       flow_mapping_entry?
+#                       FLOW-MAPPING-END
+# flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+#
+# FIRST sets:
+#
+# stream: { STREAM-START }
+# explicit_document: { DIRECTIVE DOCUMENT-START }
+# implicit_document: FIRST(block_node)
+# block_node: { ALIAS TAG ANCHOR SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_node: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_content: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# flow_content: { FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# block_collection: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_sequence: { BLOCK-SEQUENCE-START }
+# block_mapping: { BLOCK-MAPPING-START }
+# block_node_or_indentless_sequence: { ALIAS ANCHOR TAG SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START BLOCK-ENTRY }
+# indentless_sequence: { ENTRY }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_sequence: { FLOW-SEQUENCE-START }
+# flow_mapping: { FLOW-MAPPING-START }
+# flow_sequence_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+# flow_mapping_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+
+__all__ = ['Parser', 'ParserError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+from .events import *
+from .scanner import *
+
+class ParserError(MarkedYAMLError):
+    pass
+
+class Parser:
+    # Since writing a recursive-descendant parser is a straightforward task, we
+    # do not give many comments here.
+
+    DEFAULT_TAGS = {
+        '!':   '!',
+        '!!':  'tag:yaml.org,2002:',
+    }
+
+    def __init__(self):
+        self.current_event = None
+        self.yaml_version = None
+        self.tag_handles = {}
+        self.states = []
+        self.marks = []
+        self.state = self.parse_stream_start
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def check_event(self, *choices):
+        # Check the type of the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        if self.current_event is not None:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.current_event, choice):
+                    return True
+        return False
+
+    def peek_event(self):
+        # Get the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        return self.current_event
+
+    def get_event(self):
+        # Get the next event and proceed further.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        value = self.current_event
+        self.current_event = None
+        return value
+
+    # stream    ::= STREAM-START implicit_document? explicit_document* STREAM-END
+    # implicit_document ::= block_node DOCUMENT-END*
+    # explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+
+    def parse_stream_start(self):
+
+        # Parse the stream start.
+        token = self.get_token()
+        event = StreamStartEvent(token.start_mark, token.end_mark,
+                encoding=token.encoding)
+
+        # Prepare the next state.
+        self.state = self.parse_implicit_document_start
+
+        return event
+
+    def parse_implicit_document_start(self):
+
+        # Parse an implicit document.
+        if not self.check_token(DirectiveToken, DocumentStartToken,
+                StreamEndToken):
+            self.tag_handles = self.DEFAULT_TAGS
+            token = self.peek_token()
+            start_mark = end_mark = token.start_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=False)
+
+            # Prepare the next state.
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_block_node
+
+            return event
+
+        else:
+            return self.parse_document_start()
+
+    def parse_document_start(self):
+
+        # Parse any extra document end indicators.
+        while self.check_token(DocumentEndToken):
+            self.get_token()
+
+        # Parse an explicit document.
+        if not self.check_token(StreamEndToken):
+            token = self.peek_token()
+            start_mark = token.start_mark
+            version, tags = self.process_directives()
+            if not self.check_token(DocumentStartToken):
+                raise ParserError(None, None,
+                        "expected '<document start>', but found %r"
+                        % self.peek_token().id,
+                        self.peek_token().start_mark)
+            token = self.get_token()
+            end_mark = token.end_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=True, version=version, tags=tags)
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_document_content
+        else:
+            # Parse the end of the stream.
+            token = self.get_token()
+            event = StreamEndEvent(token.start_mark, token.end_mark)
+            assert not self.states
+            assert not self.marks
+            self.state = None
+        return event
+
+    def parse_document_end(self):
+
+        # Parse the document end.
+        token = self.peek_token()
+        start_mark = end_mark = token.start_mark
+        explicit = False
+        if self.check_token(DocumentEndToken):
+            token = self.get_token()
+            end_mark = token.end_mark
+            explicit = True
+        event = DocumentEndEvent(start_mark, end_mark,
+                explicit=explicit)
+
+        # Prepare the next state.
+        self.state = self.parse_document_start
+
+        return event
+
+    def parse_document_content(self):
+        if self.check_token(DirectiveToken,
+                DocumentStartToken, DocumentEndToken, StreamEndToken):
+            event = self.process_empty_scalar(self.peek_token().start_mark)
+            self.state = self.states.pop()
+            return event
+        else:
+            return self.parse_block_node()
+
+    def process_directives(self):
+        self.yaml_version = None
+        self.tag_handles = {}
+        while self.check_token(DirectiveToken):
+            token = self.get_token()
+            if token.name == 'YAML':
+                if self.yaml_version is not None:
+                    raise ParserError(None, None,
+                            "found duplicate YAML directive", token.start_mark)
+                major, minor = token.value
+                if major != 1:
+                    raise ParserError(None, None,
+                            "found incompatible YAML document (version 1.* is required)",
+                            token.start_mark)
+                self.yaml_version = token.value
+            elif token.name == 'TAG':
+                handle, prefix = token.value
+                if handle in self.tag_handles:
+                    raise ParserError(None, None,
+                            "duplicate tag handle %r" % handle,
+                            token.start_mark)
+                self.tag_handles[handle] = prefix
+        if self.tag_handles:
+            value = self.yaml_version, self.tag_handles.copy()
+        else:
+            value = self.yaml_version, None
+        for key in self.DEFAULT_TAGS:
+            if key not in self.tag_handles:
+                self.tag_handles[key] = self.DEFAULT_TAGS[key]
+        return value
+
+    # block_node_or_indentless_sequence ::= ALIAS
+    #               | properties (block_content | indentless_block_sequence)?
+    #               | block_content
+    #               | indentless_block_sequence
+    # block_node    ::= ALIAS
+    #                   | properties block_content?
+    #                   | block_content
+    # flow_node     ::= ALIAS
+    #                   | properties flow_content?
+    #                   | flow_content
+    # properties    ::= TAG ANCHOR? | ANCHOR TAG?
+    # block_content     ::= block_collection | flow_collection | SCALAR
+    # flow_content      ::= flow_collection | SCALAR
+    # block_collection  ::= block_sequence | block_mapping
+    # flow_collection   ::= flow_sequence | flow_mapping
+
+    def parse_block_node(self):
+        return self.parse_node(block=True)
+
+    def parse_flow_node(self):
+        return self.parse_node()
+
+    def parse_block_node_or_indentless_sequence(self):
+        return self.parse_node(block=True, indentless_sequence=True)
+
+    def parse_node(self, block=False, indentless_sequence=False):
+        if self.check_token(AliasToken):
+            token = self.get_token()
+            event = AliasEvent(token.value, token.start_mark, token.end_mark)
+            self.state = self.states.pop()
+        else:
+            anchor = None
+            tag = None
+            start_mark = end_mark = tag_mark = None
+            if self.check_token(AnchorToken):
+                token = self.get_token()
+                start_mark = token.start_mark
+                end_mark = token.end_mark
+                anchor = token.value
+                if self.check_token(TagToken):
+                    token = self.get_token()
+                    tag_mark = token.start_mark
+                    end_mark = token.end_mark
+                    tag = token.value
+            elif self.check_token(TagToken):
+                token = self.get_token()
+                start_mark = tag_mark = token.start_mark
+                end_mark = token.end_mark
+                tag = token.value
+                if self.check_token(AnchorToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    anchor = token.value
+            if tag is not None:
+                handle, suffix = tag
+                if handle is not None:
+                    if handle not in self.tag_handles:
+                        raise ParserError("while parsing a node", start_mark,
+                                "found undefined tag handle %r" % handle,
+                                tag_mark)
+                    tag = self.tag_handles[handle]+suffix
+                else:
+                    tag = suffix
+            #if tag == '!':
+            #    raise ParserError("while parsing a node", start_mark,
+            #            "found non-specific tag '!'", tag_mark,
+            #            "Please check 'http://pyyaml.org/wiki/YAMLNonSpecificTag' and share your opinion.")
+            if start_mark is None:
+                start_mark = end_mark = self.peek_token().start_mark
+            event = None
+            implicit = (tag is None or tag == '!')
+            if indentless_sequence and self.check_token(BlockEntryToken):
+                end_mark = self.peek_token().end_mark
+                event = SequenceStartEvent(anchor, tag, implicit,
+                        start_mark, end_mark)
+                self.state = self.parse_indentless_sequence_entry
+            else:
+                if self.check_token(ScalarToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    if (token.plain and tag is None) or tag == '!':
+                        implicit = (True, False)
+                    elif tag is None:
+                        implicit = (False, True)
+                    else:
+                        implicit = (False, False)
+                    event = ScalarEvent(anchor, tag, implicit, token.value,
+                            start_mark, end_mark, style=token.style)
+                    self.state = self.states.pop()
+                elif self.check_token(FlowSequenceStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_sequence_first_entry
+                elif self.check_token(FlowMappingStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_mapping_first_key
+                elif block and self.check_token(BlockSequenceStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_sequence_first_entry
+                elif block and self.check_token(BlockMappingStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_mapping_first_key
+                elif anchor is not None or tag is not None:
+                    # Empty scalars are allowed even if a tag or an anchor is
+                    # specified.
+                    event = ScalarEvent(anchor, tag, (implicit, False), '',
+                            start_mark, end_mark)
+                    self.state = self.states.pop()
+                else:
+                    if block:
+                        node = 'block'
+                    else:
+                        node = 'flow'
+                    token = self.peek_token()
+                    raise ParserError("while parsing a %s node" % node, start_mark,
+                            "expected the node content, but found %r" % token.id,
+                            token.start_mark)
+        return event
+
+    # block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+
+    def parse_block_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_sequence_entry()
+
+    def parse_block_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken, BlockEndToken):
+                self.states.append(self.parse_block_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_block_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block collection", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    # indentless_sequence ::= (BLOCK-ENTRY block_node?)+
+
+    def parse_indentless_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken,
+                    KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_indentless_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_indentless_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        token = self.peek_token()
+        event = SequenceEndEvent(token.start_mark, token.start_mark)
+        self.state = self.states.pop()
+        return event
+
+    # block_mapping     ::= BLOCK-MAPPING_START
+    #                       ((KEY block_node_or_indentless_sequence?)?
+    #                       (VALUE block_node_or_indentless_sequence?)?)*
+    #                       BLOCK-END
+
+    def parse_block_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_mapping_key()
+
+    def parse_block_mapping_key(self):
+        if self.check_token(KeyToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_value)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_value
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block mapping", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_block_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_key)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_block_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    # flow_sequence     ::= FLOW-SEQUENCE-START
+    #                       (flow_sequence_entry FLOW-ENTRY)*
+    #                       flow_sequence_entry?
+    #                       FLOW-SEQUENCE-END
+    # flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+    #
+    # Note that while production rules for both flow_sequence_entry and
+    # flow_mapping_entry are equal, their interpretations are different.
+    # For `flow_sequence_entry`, the part `KEY flow_node? (VALUE flow_node?)?`
+    # generate an inline mapping (set syntax).
+
+    def parse_flow_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_sequence_entry(first=True)
+
+    def parse_flow_sequence_entry(self, first=False):
+        if not self.check_token(FlowSequenceEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow sequence", self.marks[-1],
+                            "expected ',' or ']', but got %r" % token.id, token.start_mark)
+            
+            if self.check_token(KeyToken):
+                token = self.peek_token()
+                event = MappingStartEvent(None, None, True,
+                        token.start_mark, token.end_mark,
+                        flow_style=True)
+                self.state = self.parse_flow_sequence_entry_mapping_key
+                return event
+            elif not self.check_token(FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_sequence_entry_mapping_key(self):
+        token = self.get_token()
+        if not self.check_token(ValueToken,
+                FlowEntryToken, FlowSequenceEndToken):
+            self.states.append(self.parse_flow_sequence_entry_mapping_value)
+            return self.parse_flow_node()
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_value
+            return self.process_empty_scalar(token.end_mark)
+
+    def parse_flow_sequence_entry_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry_mapping_end)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_sequence_entry_mapping_end
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_end
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_sequence_entry_mapping_end(self):
+        self.state = self.parse_flow_sequence_entry
+        token = self.peek_token()
+        return MappingEndEvent(token.start_mark, token.start_mark)
+
+    # flow_mapping  ::= FLOW-MAPPING-START
+    #                   (flow_mapping_entry FLOW-ENTRY)*
+    #                   flow_mapping_entry?
+    #                   FLOW-MAPPING-END
+    # flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+    def parse_flow_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_mapping_key(first=True)
+
+    def parse_flow_mapping_key(self, first=False):
+        if not self.check_token(FlowMappingEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow mapping", self.marks[-1],
+                            "expected ',' or '}', but got %r" % token.id, token.start_mark)
+            if self.check_token(KeyToken):
+                token = self.get_token()
+                if not self.check_token(ValueToken,
+                        FlowEntryToken, FlowMappingEndToken):
+                    self.states.append(self.parse_flow_mapping_value)
+                    return self.parse_flow_node()
+                else:
+                    self.state = self.parse_flow_mapping_value
+                    return self.process_empty_scalar(token.end_mark)
+            elif not self.check_token(FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_empty_value)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_key)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_mapping_empty_value(self):
+        self.state = self.parse_flow_mapping_key
+        return self.process_empty_scalar(self.peek_token().start_mark)
+
+    def process_empty_scalar(self, mark):
+        return ScalarEvent(None, None, (True, False), '', mark, mark)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/reader.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/reader.py
new file mode 100644
index 000000000..774b0219b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/reader.py
@@ -0,0 +1,185 @@
+# This module contains abstractions for the input stream. You don't have to
+# looks further, there are no pretty code.
+#
+# We define two classes here.
+#
+#   Mark(source, line, column)
+# It's just a record and its only use is producing nice error messages.
+# Parser does not use it for any other purposes.
+#
+#   Reader(source, data)
+# Reader determines the encoding of `data` and converts it to unicode.
+# Reader provides the following methods and attributes:
+#   reader.peek(length=1) - return the next `length` characters
+#   reader.forward(length=1) - move the current position to `length` characters.
+#   reader.index - the number of the current character.
+#   reader.line, stream.column - the line and the column of the current character.
+
+__all__ = ['Reader', 'ReaderError']
+
+from .error import YAMLError, Mark
+
+import codecs, re
+
+class ReaderError(YAMLError):
+
+    def __init__(self, name, position, character, encoding, reason):
+        self.name = name
+        self.character = character
+        self.position = position
+        self.encoding = encoding
+        self.reason = reason
+
+    def __str__(self):
+        if isinstance(self.character, bytes):
+            return "'%s' codec can't decode byte #x%02x: %s\n"  \
+                    "  in \"%s\", position %d"    \
+                    % (self.encoding, ord(self.character), self.reason,
+                            self.name, self.position)
+        else:
+            return "unacceptable character #x%04x: %s\n"    \
+                    "  in \"%s\", position %d"    \
+                    % (self.character, self.reason,
+                            self.name, self.position)
+
+class Reader(object):
+    # Reader:
+    # - determines the data encoding and converts it to a unicode string,
+    # - checks if characters are in allowed range,
+    # - adds '\0' to the end.
+
+    # Reader accepts
+    #  - a `bytes` object,
+    #  - a `str` object,
+    #  - a file-like object with its `read` method returning `str`,
+    #  - a file-like object with its `read` method returning `unicode`.
+
+    # Yeah, it's ugly and slow.
+
+    def __init__(self, stream):
+        self.name = None
+        self.stream = None
+        self.stream_pointer = 0
+        self.eof = True
+        self.buffer = ''
+        self.pointer = 0
+        self.raw_buffer = None
+        self.raw_decode = None
+        self.encoding = None
+        self.index = 0
+        self.line = 0
+        self.column = 0
+        if isinstance(stream, str):
+            self.name = "<unicode string>"
+            self.check_printable(stream)
+            self.buffer = stream+'\0'
+        elif isinstance(stream, bytes):
+            self.name = "<byte string>"
+            self.raw_buffer = stream
+            self.determine_encoding()
+        else:
+            self.stream = stream
+            self.name = getattr(stream, 'name', "<file>")
+            self.eof = False
+            self.raw_buffer = None
+            self.determine_encoding()
+
+    def peek(self, index=0):
+        try:
+            return self.buffer[self.pointer+index]
+        except IndexError:
+            self.update(index+1)
+            return self.buffer[self.pointer+index]
+
+    def prefix(self, length=1):
+        if self.pointer+length >= len(self.buffer):
+            self.update(length)
+        return self.buffer[self.pointer:self.pointer+length]
+
+    def forward(self, length=1):
+        if self.pointer+length+1 >= len(self.buffer):
+            self.update(length+1)
+        while length:
+            ch = self.buffer[self.pointer]
+            self.pointer += 1
+            self.index += 1
+            if ch in '\n\x85\u2028\u2029'  \
+                    or (ch == '\r' and self.buffer[self.pointer] != '\n'):
+                self.line += 1
+                self.column = 0
+            elif ch != '\uFEFF':
+                self.column += 1
+            length -= 1
+
+    def get_mark(self):
+        if self.stream is None:
+            return Mark(self.name, self.index, self.line, self.column,
+                    self.buffer, self.pointer)
+        else:
+            return Mark(self.name, self.index, self.line, self.column,
+                    None, None)
+
+    def determine_encoding(self):
+        while not self.eof and (self.raw_buffer is None or len(self.raw_buffer) < 2):
+            self.update_raw()
+        if isinstance(self.raw_buffer, bytes):
+            if self.raw_buffer.startswith(codecs.BOM_UTF16_LE):
+                self.raw_decode = codecs.utf_16_le_decode
+                self.encoding = 'utf-16-le'
+            elif self.raw_buffer.startswith(codecs.BOM_UTF16_BE):
+                self.raw_decode = codecs.utf_16_be_decode
+                self.encoding = 'utf-16-be'
+            else:
+                self.raw_decode = codecs.utf_8_decode
+                self.encoding = 'utf-8'
+        self.update(1)
+
+    NON_PRINTABLE = re.compile('[^\x09\x0A\x0D\x20-\x7E\x85\xA0-\uD7FF\uE000-\uFFFD\U00010000-\U0010ffff]')
+    def check_printable(self, data):
+        match = self.NON_PRINTABLE.search(data)
+        if match:
+            character = match.group()
+            position = self.index+(len(self.buffer)-self.pointer)+match.start()
+            raise ReaderError(self.name, position, ord(character),
+                    'unicode', "special characters are not allowed")
+
+    def update(self, length):
+        if self.raw_buffer is None:
+            return
+        self.buffer = self.buffer[self.pointer:]
+        self.pointer = 0
+        while len(self.buffer) < length:
+            if not self.eof:
+                self.update_raw()
+            if self.raw_decode is not None:
+                try:
+                    data, converted = self.raw_decode(self.raw_buffer,
+                            'strict', self.eof)
+                except UnicodeDecodeError as exc:
+                    character = self.raw_buffer[exc.start]
+                    if self.stream is not None:
+                        position = self.stream_pointer-len(self.raw_buffer)+exc.start
+                    else:
+                        position = exc.start
+                    raise ReaderError(self.name, position, character,
+                            exc.encoding, exc.reason)
+            else:
+                data = self.raw_buffer
+                converted = len(data)
+            self.check_printable(data)
+            self.buffer += data
+            self.raw_buffer = self.raw_buffer[converted:]
+            if self.eof:
+                self.buffer += '\0'
+                self.raw_buffer = None
+                break
+
+    def update_raw(self, size=4096):
+        data = self.stream.read(size)
+        if self.raw_buffer is None:
+            self.raw_buffer = data
+        else:
+            self.raw_buffer += data
+        self.stream_pointer += len(data)
+        if not data:
+            self.eof = True
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/representer.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/representer.py
new file mode 100644
index 000000000..808ca06df
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/representer.py
@@ -0,0 +1,389 @@
+
+__all__ = ['BaseRepresenter', 'SafeRepresenter', 'Representer',
+    'RepresenterError']
+
+from .error import *
+from .nodes import *
+
+import datetime, copyreg, types, base64, collections
+
+class RepresenterError(YAMLError):
+    pass
+
+class BaseRepresenter:
+
+    yaml_representers = {}
+    yaml_multi_representers = {}
+
+    def __init__(self, default_style=None, default_flow_style=False, sort_keys=True):
+        self.default_style = default_style
+        self.sort_keys = sort_keys
+        self.default_flow_style = default_flow_style
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent(self, data):
+        node = self.represent_data(data)
+        self.serialize(node)
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent_data(self, data):
+        if self.ignore_aliases(data):
+            self.alias_key = None
+        else:
+            self.alias_key = id(data)
+        if self.alias_key is not None:
+            if self.alias_key in self.represented_objects:
+                node = self.represented_objects[self.alias_key]
+                #if node is None:
+                #    raise RepresenterError("recursive objects are not allowed: %r" % data)
+                return node
+            #self.represented_objects[alias_key] = None
+            self.object_keeper.append(data)
+        data_types = type(data).__mro__
+        if data_types[0] in self.yaml_representers:
+            node = self.yaml_representers[data_types[0]](self, data)
+        else:
+            for data_type in data_types:
+                if data_type in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[data_type](self, data)
+                    break
+            else:
+                if None in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[None](self, data)
+                elif None in self.yaml_representers:
+                    node = self.yaml_representers[None](self, data)
+                else:
+                    node = ScalarNode(None, str(data))
+        #if alias_key is not None:
+        #    self.represented_objects[alias_key] = node
+        return node
+
+    @classmethod
+    def add_representer(cls, data_type, representer):
+        if not 'yaml_representers' in cls.__dict__:
+            cls.yaml_representers = cls.yaml_representers.copy()
+        cls.yaml_representers[data_type] = representer
+
+    @classmethod
+    def add_multi_representer(cls, data_type, representer):
+        if not 'yaml_multi_representers' in cls.__dict__:
+            cls.yaml_multi_representers = cls.yaml_multi_representers.copy()
+        cls.yaml_multi_representers[data_type] = representer
+
+    def represent_scalar(self, tag, value, style=None):
+        if style is None:
+            style = self.default_style
+        node = ScalarNode(tag, value, style=style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        return node
+
+    def represent_sequence(self, tag, sequence, flow_style=None):
+        value = []
+        node = SequenceNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        for item in sequence:
+            node_item = self.represent_data(item)
+            if not (isinstance(node_item, ScalarNode) and not node_item.style):
+                best_style = False
+            value.append(node_item)
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def represent_mapping(self, tag, mapping, flow_style=None):
+        value = []
+        node = MappingNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        if hasattr(mapping, 'items'):
+            mapping = list(mapping.items())
+            if self.sort_keys:
+                try:
+                    mapping = sorted(mapping)
+                except TypeError:
+                    pass
+        for item_key, item_value in mapping:
+            node_key = self.represent_data(item_key)
+            node_value = self.represent_data(item_value)
+            if not (isinstance(node_key, ScalarNode) and not node_key.style):
+                best_style = False
+            if not (isinstance(node_value, ScalarNode) and not node_value.style):
+                best_style = False
+            value.append((node_key, node_value))
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def ignore_aliases(self, data):
+        return False
+
+class SafeRepresenter(BaseRepresenter):
+
+    def ignore_aliases(self, data):
+        if data is None:
+            return True
+        if isinstance(data, tuple) and data == ():
+            return True
+        if isinstance(data, (str, bytes, bool, int, float)):
+            return True
+
+    def represent_none(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:null', 'null')
+
+    def represent_str(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:str', data)
+
+    def represent_binary(self, data):
+        if hasattr(base64, 'encodebytes'):
+            data = base64.encodebytes(data).decode('ascii')
+        else:
+            data = base64.encodestring(data).decode('ascii')
+        return self.represent_scalar('tag:yaml.org,2002:binary', data, style='|')
+
+    def represent_bool(self, data):
+        if data:
+            value = 'true'
+        else:
+            value = 'false'
+        return self.represent_scalar('tag:yaml.org,2002:bool', value)
+
+    def represent_int(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:int', str(data))
+
+    inf_value = 1e300
+    while repr(inf_value) != repr(inf_value*inf_value):
+        inf_value *= inf_value
+
+    def represent_float(self, data):
+        if data != data or (data == 0.0 and data == 1.0):
+            value = '.nan'
+        elif data == self.inf_value:
+            value = '.inf'
+        elif data == -self.inf_value:
+            value = '-.inf'
+        else:
+            value = repr(data).lower()
+            # Note that in some cases `repr(data)` represents a float number
+            # without the decimal parts.  For instance:
+            #   >>> repr(1e17)
+            #   '1e17'
+            # Unfortunately, this is not a valid float representation according
+            # to the definition of the `!!float` tag.  We fix this by adding
+            # '.0' before the 'e' symbol.
+            if '.' not in value and 'e' in value:
+                value = value.replace('e', '.0e', 1)
+        return self.represent_scalar('tag:yaml.org,2002:float', value)
+
+    def represent_list(self, data):
+        #pairs = (len(data) > 0 and isinstance(data, list))
+        #if pairs:
+        #    for item in data:
+        #        if not isinstance(item, tuple) or len(item) != 2:
+        #            pairs = False
+        #            break
+        #if not pairs:
+            return self.represent_sequence('tag:yaml.org,2002:seq', data)
+        #value = []
+        #for item_key, item_value in data:
+        #    value.append(self.represent_mapping(u'tag:yaml.org,2002:map',
+        #        [(item_key, item_value)]))
+        #return SequenceNode(u'tag:yaml.org,2002:pairs', value)
+
+    def represent_dict(self, data):
+        return self.represent_mapping('tag:yaml.org,2002:map', data)
+
+    def represent_set(self, data):
+        value = {}
+        for key in data:
+            value[key] = None
+        return self.represent_mapping('tag:yaml.org,2002:set', value)
+
+    def represent_date(self, data):
+        value = data.isoformat()
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_datetime(self, data):
+        value = data.isoformat(' ')
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_yaml_object(self, tag, data, cls, flow_style=None):
+        if hasattr(data, '__getstate__'):
+            state = data.__getstate__()
+        else:
+            state = data.__dict__.copy()
+        return self.represent_mapping(tag, state, flow_style=flow_style)
+
+    def represent_undefined(self, data):
+        raise RepresenterError("cannot represent an object", data)
+
+SafeRepresenter.add_representer(type(None),
+        SafeRepresenter.represent_none)
+
+SafeRepresenter.add_representer(str,
+        SafeRepresenter.represent_str)
+
+SafeRepresenter.add_representer(bytes,
+        SafeRepresenter.represent_binary)
+
+SafeRepresenter.add_representer(bool,
+        SafeRepresenter.represent_bool)
+
+SafeRepresenter.add_representer(int,
+        SafeRepresenter.represent_int)
+
+SafeRepresenter.add_representer(float,
+        SafeRepresenter.represent_float)
+
+SafeRepresenter.add_representer(list,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(tuple,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(dict,
+        SafeRepresenter.represent_dict)
+
+SafeRepresenter.add_representer(set,
+        SafeRepresenter.represent_set)
+
+SafeRepresenter.add_representer(datetime.date,
+        SafeRepresenter.represent_date)
+
+SafeRepresenter.add_representer(datetime.datetime,
+        SafeRepresenter.represent_datetime)
+
+SafeRepresenter.add_representer(None,
+        SafeRepresenter.represent_undefined)
+
+class Representer(SafeRepresenter):
+
+    def represent_complex(self, data):
+        if data.imag == 0.0:
+            data = '%r' % data.real
+        elif data.real == 0.0:
+            data = '%rj' % data.imag
+        elif data.imag > 0:
+            data = '%r+%rj' % (data.real, data.imag)
+        else:
+            data = '%r%rj' % (data.real, data.imag)
+        return self.represent_scalar('tag:yaml.org,2002:python/complex', data)
+
+    def represent_tuple(self, data):
+        return self.represent_sequence('tag:yaml.org,2002:python/tuple', data)
+
+    def represent_name(self, data):
+        name = '%s.%s' % (data.__module__, data.__name__)
+        return self.represent_scalar('tag:yaml.org,2002:python/name:'+name, '')
+
+    def represent_module(self, data):
+        return self.represent_scalar(
+                'tag:yaml.org,2002:python/module:'+data.__name__, '')
+
+    def represent_object(self, data):
+        # We use __reduce__ API to save the data. data.__reduce__ returns
+        # a tuple of length 2-5:
+        #   (function, args, state, listitems, dictitems)
+
+        # For reconstructing, we calls function(*args), then set its state,
+        # listitems, and dictitems if they are not None.
+
+        # A special case is when function.__name__ == '__newobj__'. In this
+        # case we create the object with args[0].__new__(*args).
+
+        # Another special case is when __reduce__ returns a string - we don't
+        # support it.
+
+        # We produce a !!python/object, !!python/object/new or
+        # !!python/object/apply node.
+
+        cls = type(data)
+        if cls in copyreg.dispatch_table:
+            reduce = copyreg.dispatch_table[cls](data)
+        elif hasattr(data, '__reduce_ex__'):
+            reduce = data.__reduce_ex__(2)
+        elif hasattr(data, '__reduce__'):
+            reduce = data.__reduce__()
+        else:
+            raise RepresenterError("cannot represent an object", data)
+        reduce = (list(reduce)+[None]*5)[:5]
+        function, args, state, listitems, dictitems = reduce
+        args = list(args)
+        if state is None:
+            state = {}
+        if listitems is not None:
+            listitems = list(listitems)
+        if dictitems is not None:
+            dictitems = dict(dictitems)
+        if function.__name__ == '__newobj__':
+            function = args[0]
+            args = args[1:]
+            tag = 'tag:yaml.org,2002:python/object/new:'
+            newobj = True
+        else:
+            tag = 'tag:yaml.org,2002:python/object/apply:'
+            newobj = False
+        function_name = '%s.%s' % (function.__module__, function.__name__)
+        if not args and not listitems and not dictitems \
+                and isinstance(state, dict) and newobj:
+            return self.represent_mapping(
+                    'tag:yaml.org,2002:python/object:'+function_name, state)
+        if not listitems and not dictitems  \
+                and isinstance(state, dict) and not state:
+            return self.represent_sequence(tag+function_name, args)
+        value = {}
+        if args:
+            value['args'] = args
+        if state or not isinstance(state, dict):
+            value['state'] = state
+        if listitems:
+            value['listitems'] = listitems
+        if dictitems:
+            value['dictitems'] = dictitems
+        return self.represent_mapping(tag+function_name, value)
+
+    def represent_ordered_dict(self, data):
+        # Provide uniform representation across different Python versions.
+        data_type = type(data)
+        tag = 'tag:yaml.org,2002:python/object/apply:%s.%s' \
+                % (data_type.__module__, data_type.__name__)
+        items = [[key, value] for key, value in data.items()]
+        return self.represent_sequence(tag, [items])
+
+Representer.add_representer(complex,
+        Representer.represent_complex)
+
+Representer.add_representer(tuple,
+        Representer.represent_tuple)
+
+Representer.add_multi_representer(type,
+        Representer.represent_name)
+
+Representer.add_representer(collections.OrderedDict,
+        Representer.represent_ordered_dict)
+
+Representer.add_representer(types.FunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.BuiltinFunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.ModuleType,
+        Representer.represent_module)
+
+Representer.add_multi_representer(object,
+        Representer.represent_object)
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/resolver.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/resolver.py
new file mode 100644
index 000000000..3522bdaaf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/resolver.py
@@ -0,0 +1,227 @@
+
+__all__ = ['BaseResolver', 'Resolver']
+
+from .error import *
+from .nodes import *
+
+import re
+
+class ResolverError(YAMLError):
+    pass
+
+class BaseResolver:
+
+    DEFAULT_SCALAR_TAG = 'tag:yaml.org,2002:str'
+    DEFAULT_SEQUENCE_TAG = 'tag:yaml.org,2002:seq'
+    DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map'
+
+    yaml_implicit_resolvers = {}
+    yaml_path_resolvers = {}
+
+    def __init__(self):
+        self.resolver_exact_paths = []
+        self.resolver_prefix_paths = []
+
+    @classmethod
+    def add_implicit_resolver(cls, tag, regexp, first):
+        if not 'yaml_implicit_resolvers' in cls.__dict__:
+            implicit_resolvers = {}
+            for key in cls.yaml_implicit_resolvers:
+                implicit_resolvers[key] = cls.yaml_implicit_resolvers[key][:]
+            cls.yaml_implicit_resolvers = implicit_resolvers
+        if first is None:
+            first = [None]
+        for ch in first:
+            cls.yaml_implicit_resolvers.setdefault(ch, []).append((tag, regexp))
+
+    @classmethod
+    def add_path_resolver(cls, tag, path, kind=None):
+        # Note: `add_path_resolver` is experimental.  The API could be changed.
+        # `new_path` is a pattern that is matched against the path from the
+        # root to the node that is being considered.  `node_path` elements are
+        # tuples `(node_check, index_check)`.  `node_check` is a node class:
+        # `ScalarNode`, `SequenceNode`, `MappingNode` or `None`.  `None`
+        # matches any kind of a node.  `index_check` could be `None`, a boolean
+        # value, a string value, or a number.  `None` and `False` match against
+        # any _value_ of sequence and mapping nodes.  `True` matches against
+        # any _key_ of a mapping node.  A string `index_check` matches against
+        # a mapping value that corresponds to a scalar key which content is
+        # equal to the `index_check` value.  An integer `index_check` matches
+        # against a sequence value with the index equal to `index_check`.
+        if not 'yaml_path_resolvers' in cls.__dict__:
+            cls.yaml_path_resolvers = cls.yaml_path_resolvers.copy()
+        new_path = []
+        for element in path:
+            if isinstance(element, (list, tuple)):
+                if len(element) == 2:
+                    node_check, index_check = element
+                elif len(element) == 1:
+                    node_check = element[0]
+                    index_check = True
+                else:
+                    raise ResolverError("Invalid path element: %s" % element)
+            else:
+                node_check = None
+                index_check = element
+            if node_check is str:
+                node_check = ScalarNode
+            elif node_check is list:
+                node_check = SequenceNode
+            elif node_check is dict:
+                node_check = MappingNode
+            elif node_check not in [ScalarNode, SequenceNode, MappingNode]  \
+                    and not isinstance(node_check, str) \
+                    and node_check is not None:
+                raise ResolverError("Invalid node checker: %s" % node_check)
+            if not isinstance(index_check, (str, int))  \
+                    and index_check is not None:
+                raise ResolverError("Invalid index checker: %s" % index_check)
+            new_path.append((node_check, index_check))
+        if kind is str:
+            kind = ScalarNode
+        elif kind is list:
+            kind = SequenceNode
+        elif kind is dict:
+            kind = MappingNode
+        elif kind not in [ScalarNode, SequenceNode, MappingNode]    \
+                and kind is not None:
+            raise ResolverError("Invalid node kind: %s" % kind)
+        cls.yaml_path_resolvers[tuple(new_path), kind] = tag
+
+    def descend_resolver(self, current_node, current_index):
+        if not self.yaml_path_resolvers:
+            return
+        exact_paths = {}
+        prefix_paths = []
+        if current_node:
+            depth = len(self.resolver_prefix_paths)
+            for path, kind in self.resolver_prefix_paths[-1]:
+                if self.check_resolver_prefix(depth, path, kind,
+                        current_node, current_index):
+                    if len(path) > depth:
+                        prefix_paths.append((path, kind))
+                    else:
+                        exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+        else:
+            for path, kind in self.yaml_path_resolvers:
+                if not path:
+                    exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+                else:
+                    prefix_paths.append((path, kind))
+        self.resolver_exact_paths.append(exact_paths)
+        self.resolver_prefix_paths.append(prefix_paths)
+
+    def ascend_resolver(self):
+        if not self.yaml_path_resolvers:
+            return
+        self.resolver_exact_paths.pop()
+        self.resolver_prefix_paths.pop()
+
+    def check_resolver_prefix(self, depth, path, kind,
+            current_node, current_index):
+        node_check, index_check = path[depth-1]
+        if isinstance(node_check, str):
+            if current_node.tag != node_check:
+                return
+        elif node_check is not None:
+            if not isinstance(current_node, node_check):
+                return
+        if index_check is True and current_index is not None:
+            return
+        if (index_check is False or index_check is None)    \
+                and current_index is None:
+            return
+        if isinstance(index_check, str):
+            if not (isinstance(current_index, ScalarNode)
+                    and index_check == current_index.value):
+                return
+        elif isinstance(index_check, int) and not isinstance(index_check, bool):
+            if index_check != current_index:
+                return
+        return True
+
+    def resolve(self, kind, value, implicit):
+        if kind is ScalarNode and implicit[0]:
+            if value == '':
+                resolvers = self.yaml_implicit_resolvers.get('', [])
+            else:
+                resolvers = self.yaml_implicit_resolvers.get(value[0], [])
+            wildcard_resolvers = self.yaml_implicit_resolvers.get(None, [])
+            for tag, regexp in resolvers + wildcard_resolvers:
+                if regexp.match(value):
+                    return tag
+            implicit = implicit[1]
+        if self.yaml_path_resolvers:
+            exact_paths = self.resolver_exact_paths[-1]
+            if kind in exact_paths:
+                return exact_paths[kind]
+            if None in exact_paths:
+                return exact_paths[None]
+        if kind is ScalarNode:
+            return self.DEFAULT_SCALAR_TAG
+        elif kind is SequenceNode:
+            return self.DEFAULT_SEQUENCE_TAG
+        elif kind is MappingNode:
+            return self.DEFAULT_MAPPING_TAG
+
+class Resolver(BaseResolver):
+    pass
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:bool',
+        re.compile(r'''^(?:yes|Yes|YES|no|No|NO
+                    |true|True|TRUE|false|False|FALSE
+                    |on|On|ON|off|Off|OFF)$''', re.X),
+        list('yYnNtTfFoO'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:float',
+        re.compile(r'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
+                    |\.[0-9][0-9_]*(?:[eE][-+][0-9]+)?
+                    |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\.[0-9_]*
+                    |[-+]?\.(?:inf|Inf|INF)
+                    |\.(?:nan|NaN|NAN))$''', re.X),
+        list('-+0123456789.'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:int',
+        re.compile(r'''^(?:[-+]?0b[0-1_]+
+                    |[-+]?0[0-7_]+
+                    |[-+]?(?:0|[1-9][0-9_]*)
+                    |[-+]?0x[0-9a-fA-F_]+
+                    |[-+]?[1-9][0-9_]*(?::[0-5]?[0-9])+)$''', re.X),
+        list('-+0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:merge',
+        re.compile(r'^(?:<<)$'),
+        ['<'])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:null',
+        re.compile(r'''^(?: ~
+                    |null|Null|NULL
+                    | )$''', re.X),
+        ['~', 'n', 'N', ''])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:timestamp',
+        re.compile(r'''^(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]
+                    |[0-9][0-9][0-9][0-9] -[0-9][0-9]? -[0-9][0-9]?
+                     (?:[Tt]|[ \t]+)[0-9][0-9]?
+                     :[0-9][0-9] :[0-9][0-9] (?:\.[0-9]*)?
+                     (?:[ \t]*(?:Z|[-+][0-9][0-9]?(?::[0-9][0-9])?))?)$''', re.X),
+        list('0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:value',
+        re.compile(r'^(?:=)$'),
+        ['='])
+
+# The following resolver is only for documentation purposes. It cannot work
+# because plain scalars cannot start with '!', '&', or '*'.
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:yaml',
+        re.compile(r'^(?:!|&|\*)$'),
+        list('!&*'))
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/scanner.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/scanner.py
new file mode 100644
index 000000000..de925b07f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/scanner.py
@@ -0,0 +1,1435 @@
+
+# Scanner produces tokens of the following types:
+# STREAM-START
+# STREAM-END
+# DIRECTIVE(name, value)
+# DOCUMENT-START
+# DOCUMENT-END
+# BLOCK-SEQUENCE-START
+# BLOCK-MAPPING-START
+# BLOCK-END
+# FLOW-SEQUENCE-START
+# FLOW-MAPPING-START
+# FLOW-SEQUENCE-END
+# FLOW-MAPPING-END
+# BLOCK-ENTRY
+# FLOW-ENTRY
+# KEY
+# VALUE
+# ALIAS(value)
+# ANCHOR(value)
+# TAG(value)
+# SCALAR(value, plain, style)
+#
+# Read comments in the Scanner code for more details.
+#
+
+__all__ = ['Scanner', 'ScannerError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+
+class ScannerError(MarkedYAMLError):
+    pass
+
+class SimpleKey:
+    # See below simple keys treatment.
+
+    def __init__(self, token_number, required, index, line, column, mark):
+        self.token_number = token_number
+        self.required = required
+        self.index = index
+        self.line = line
+        self.column = column
+        self.mark = mark
+
+class Scanner:
+
+    def __init__(self):
+        """Initialize the scanner."""
+        # It is assumed that Scanner and Reader will have a common descendant.
+        # Reader do the dirty work of checking for BOM and converting the
+        # input data to Unicode. It also adds NUL to the end.
+        #
+        # Reader supports the following methods
+        #   self.peek(i=0)       # peek the next i-th character
+        #   self.prefix(l=1)     # peek the next l characters
+        #   self.forward(l=1)    # read the next l characters and move the pointer.
+
+        # Had we reached the end of the stream?
+        self.done = False
+
+        # The number of unclosed '{' and '['. `flow_level == 0` means block
+        # context.
+        self.flow_level = 0
+
+        # List of processed tokens that are not yet emitted.
+        self.tokens = []
+
+        # Add the STREAM-START token.
+        self.fetch_stream_start()
+
+        # Number of tokens that were emitted through the `get_token` method.
+        self.tokens_taken = 0
+
+        # The current indentation level.
+        self.indent = -1
+
+        # Past indentation levels.
+        self.indents = []
+
+        # Variables related to simple keys treatment.
+
+        # A simple key is a key that is not denoted by the '?' indicator.
+        # Example of simple keys:
+        #   ---
+        #   block simple key: value
+        #   ? not a simple key:
+        #   : { flow simple key: value }
+        # We emit the KEY token before all keys, so when we find a potential
+        # simple key, we try to locate the corresponding ':' indicator.
+        # Simple keys should be limited to a single line and 1024 characters.
+
+        # Can a simple key start at the current position? A simple key may
+        # start:
+        # - at the beginning of the line, not counting indentation spaces
+        #       (in block context),
+        # - after '{', '[', ',' (in the flow context),
+        # - after '?', ':', '-' (in the block context).
+        # In the block context, this flag also signifies if a block collection
+        # may start at the current position.
+        self.allow_simple_key = True
+
+        # Keep track of possible simple keys. This is a dictionary. The key
+        # is `flow_level`; there can be no more that one possible simple key
+        # for each level. The value is a SimpleKey record:
+        #   (token_number, required, index, line, column, mark)
+        # A simple key may start with ALIAS, ANCHOR, TAG, SCALAR(flow),
+        # '[', or '{' tokens.
+        self.possible_simple_keys = {}
+
+    # Public methods.
+
+    def check_token(self, *choices):
+        # Check if the next token is one of the given types.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.tokens[0], choice):
+                    return True
+        return False
+
+    def peek_token(self):
+        # Return the next token, but do not delete if from the queue.
+        # Return None if no more tokens.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            return self.tokens[0]
+        else:
+            return None
+
+    def get_token(self):
+        # Return the next token.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            self.tokens_taken += 1
+            return self.tokens.pop(0)
+
+    # Private methods.
+
+    def need_more_tokens(self):
+        if self.done:
+            return False
+        if not self.tokens:
+            return True
+        # The current token may be a potential simple key, so we
+        # need to look further.
+        self.stale_possible_simple_keys()
+        if self.next_possible_simple_key() == self.tokens_taken:
+            return True
+
+    def fetch_more_tokens(self):
+
+        # Eat whitespaces and comments until we reach the next token.
+        self.scan_to_next_token()
+
+        # Remove obsolete possible simple keys.
+        self.stale_possible_simple_keys()
+
+        # Compare the current indentation and column. It may add some tokens
+        # and decrease the current indentation level.
+        self.unwind_indent(self.column)
+
+        # Peek the next character.
+        ch = self.peek()
+
+        # Is it the end of stream?
+        if ch == '\0':
+            return self.fetch_stream_end()
+
+        # Is it a directive?
+        if ch == '%' and self.check_directive():
+            return self.fetch_directive()
+
+        # Is it the document start?
+        if ch == '-' and self.check_document_start():
+            return self.fetch_document_start()
+
+        # Is it the document end?
+        if ch == '.' and self.check_document_end():
+            return self.fetch_document_end()
+
+        # TODO: support for BOM within a stream.
+        #if ch == '\uFEFF':
+        #    return self.fetch_bom()    <-- issue BOMToken
+
+        # Note: the order of the following checks is NOT significant.
+
+        # Is it the flow sequence start indicator?
+        if ch == '[':
+            return self.fetch_flow_sequence_start()
+
+        # Is it the flow mapping start indicator?
+        if ch == '{':
+            return self.fetch_flow_mapping_start()
+
+        # Is it the flow sequence end indicator?
+        if ch == ']':
+            return self.fetch_flow_sequence_end()
+
+        # Is it the flow mapping end indicator?
+        if ch == '}':
+            return self.fetch_flow_mapping_end()
+
+        # Is it the flow entry indicator?
+        if ch == ',':
+            return self.fetch_flow_entry()
+
+        # Is it the block entry indicator?
+        if ch == '-' and self.check_block_entry():
+            return self.fetch_block_entry()
+
+        # Is it the key indicator?
+        if ch == '?' and self.check_key():
+            return self.fetch_key()
+
+        # Is it the value indicator?
+        if ch == ':' and self.check_value():
+            return self.fetch_value()
+
+        # Is it an alias?
+        if ch == '*':
+            return self.fetch_alias()
+
+        # Is it an anchor?
+        if ch == '&':
+            return self.fetch_anchor()
+
+        # Is it a tag?
+        if ch == '!':
+            return self.fetch_tag()
+
+        # Is it a literal scalar?
+        if ch == '|' and not self.flow_level:
+            return self.fetch_literal()
+
+        # Is it a folded scalar?
+        if ch == '>' and not self.flow_level:
+            return self.fetch_folded()
+
+        # Is it a single quoted scalar?
+        if ch == '\'':
+            return self.fetch_single()
+
+        # Is it a double quoted scalar?
+        if ch == '\"':
+            return self.fetch_double()
+
+        # It must be a plain scalar then.
+        if self.check_plain():
+            return self.fetch_plain()
+
+        # No? It's an error. Let's produce a nice error message.
+        raise ScannerError("while scanning for the next token", None,
+                "found character %r that cannot start any token" % ch,
+                self.get_mark())
+
+    # Simple keys treatment.
+
+    def next_possible_simple_key(self):
+        # Return the number of the nearest possible simple key. Actually we
+        # don't need to loop through the whole dictionary. We may replace it
+        # with the following code:
+        #   if not self.possible_simple_keys:
+        #       return None
+        #   return self.possible_simple_keys[
+        #           min(self.possible_simple_keys.keys())].token_number
+        min_token_number = None
+        for level in self.possible_simple_keys:
+            key = self.possible_simple_keys[level]
+            if min_token_number is None or key.token_number < min_token_number:
+                min_token_number = key.token_number
+        return min_token_number
+
+    def stale_possible_simple_keys(self):
+        # Remove entries that are no longer possible simple keys. According to
+        # the YAML specification, simple keys
+        # - should be limited to a single line,
+        # - should be no longer than 1024 characters.
+        # Disabling this procedure will allow simple keys of any length and
+        # height (may cause problems if indentation is broken though).
+        for level in list(self.possible_simple_keys):
+            key = self.possible_simple_keys[level]
+            if key.line != self.line  \
+                    or self.index-key.index > 1024:
+                if key.required:
+                    raise ScannerError("while scanning a simple key", key.mark,
+                            "could not find expected ':'", self.get_mark())
+                del self.possible_simple_keys[level]
+
+    def save_possible_simple_key(self):
+        # The next token may start a simple key. We check if it's possible
+        # and save its position. This function is called for
+        #   ALIAS, ANCHOR, TAG, SCALAR(flow), '[', and '{'.
+
+        # Check if a simple key is required at the current position.
+        required = not self.flow_level and self.indent == self.column
+
+        # The next token might be a simple key. Let's save it's number and
+        # position.
+        if self.allow_simple_key:
+            self.remove_possible_simple_key()
+            token_number = self.tokens_taken+len(self.tokens)
+            key = SimpleKey(token_number, required,
+                    self.index, self.line, self.column, self.get_mark())
+            self.possible_simple_keys[self.flow_level] = key
+
+    def remove_possible_simple_key(self):
+        # Remove the saved possible key position at the current flow level.
+        if self.flow_level in self.possible_simple_keys:
+            key = self.possible_simple_keys[self.flow_level]
+            
+            if key.required:
+                raise ScannerError("while scanning a simple key", key.mark,
+                        "could not find expected ':'", self.get_mark())
+
+            del self.possible_simple_keys[self.flow_level]
+
+    # Indentation functions.
+
+    def unwind_indent(self, column):
+
+        ## In flow context, tokens should respect indentation.
+        ## Actually the condition should be `self.indent >= column` according to
+        ## the spec. But this condition will prohibit intuitively correct
+        ## constructions such as
+        ## key : {
+        ## }
+        #if self.flow_level and self.indent > column:
+        #    raise ScannerError(None, None,
+        #            "invalid indentation or unclosed '[' or '{'",
+        #            self.get_mark())
+
+        # In the flow context, indentation is ignored. We make the scanner less
+        # restrictive then specification requires.
+        if self.flow_level:
+            return
+
+        # In block context, we may need to issue the BLOCK-END tokens.
+        while self.indent > column:
+            mark = self.get_mark()
+            self.indent = self.indents.pop()
+            self.tokens.append(BlockEndToken(mark, mark))
+
+    def add_indent(self, column):
+        # Check if we need to increase indentation.
+        if self.indent < column:
+            self.indents.append(self.indent)
+            self.indent = column
+            return True
+        return False
+
+    # Fetchers.
+
+    def fetch_stream_start(self):
+        # We always add STREAM-START as the first token and STREAM-END as the
+        # last token.
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-START.
+        self.tokens.append(StreamStartToken(mark, mark,
+            encoding=self.encoding))
+        
+
+    def fetch_stream_end(self):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+        self.possible_simple_keys = {}
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-END.
+        self.tokens.append(StreamEndToken(mark, mark))
+
+        # The steam is finished.
+        self.done = True
+
+    def fetch_directive(self):
+        
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Scan and add DIRECTIVE.
+        self.tokens.append(self.scan_directive())
+
+    def fetch_document_start(self):
+        self.fetch_document_indicator(DocumentStartToken)
+
+    def fetch_document_end(self):
+        self.fetch_document_indicator(DocumentEndToken)
+
+    def fetch_document_indicator(self, TokenClass):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys. Note that there could not be a block collection
+        # after '---'.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Add DOCUMENT-START or DOCUMENT-END.
+        start_mark = self.get_mark()
+        self.forward(3)
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_start(self):
+        self.fetch_flow_collection_start(FlowSequenceStartToken)
+
+    def fetch_flow_mapping_start(self):
+        self.fetch_flow_collection_start(FlowMappingStartToken)
+
+    def fetch_flow_collection_start(self, TokenClass):
+
+        # '[' and '{' may start a simple key.
+        self.save_possible_simple_key()
+
+        # Increase the flow level.
+        self.flow_level += 1
+
+        # Simple keys are allowed after '[' and '{'.
+        self.allow_simple_key = True
+
+        # Add FLOW-SEQUENCE-START or FLOW-MAPPING-START.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_end(self):
+        self.fetch_flow_collection_end(FlowSequenceEndToken)
+
+    def fetch_flow_mapping_end(self):
+        self.fetch_flow_collection_end(FlowMappingEndToken)
+
+    def fetch_flow_collection_end(self, TokenClass):
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Decrease the flow level.
+        self.flow_level -= 1
+
+        # No simple keys after ']' or '}'.
+        self.allow_simple_key = False
+
+        # Add FLOW-SEQUENCE-END or FLOW-MAPPING-END.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_entry(self):
+
+        # Simple keys are allowed after ','.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add FLOW-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(FlowEntryToken(start_mark, end_mark))
+
+    def fetch_block_entry(self):
+
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a new entry?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "sequence entries are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-SEQUENCE-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockSequenceStartToken(mark, mark))
+
+        # It's an error for the block entry to occur in the flow context,
+        # but we let the parser detect this.
+        else:
+            pass
+
+        # Simple keys are allowed after '-'.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add BLOCK-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(BlockEntryToken(start_mark, end_mark))
+
+    def fetch_key(self):
+        
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a key (not necessary a simple)?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "mapping keys are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-MAPPING-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockMappingStartToken(mark, mark))
+
+        # Simple keys are allowed after '?' in the block context.
+        self.allow_simple_key = not self.flow_level
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add KEY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(KeyToken(start_mark, end_mark))
+
+    def fetch_value(self):
+
+        # Do we determine a simple key?
+        if self.flow_level in self.possible_simple_keys:
+
+            # Add KEY.
+            key = self.possible_simple_keys[self.flow_level]
+            del self.possible_simple_keys[self.flow_level]
+            self.tokens.insert(key.token_number-self.tokens_taken,
+                    KeyToken(key.mark, key.mark))
+
+            # If this key starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.
+            if not self.flow_level:
+                if self.add_indent(key.column):
+                    self.tokens.insert(key.token_number-self.tokens_taken,
+                            BlockMappingStartToken(key.mark, key.mark))
+
+            # There cannot be two simple keys one after another.
+            self.allow_simple_key = False
+
+        # It must be a part of a complex key.
+        else:
+            
+            # Block context needs additional checks.
+            # (Do we really need them? They will be caught by the parser
+            # anyway.)
+            if not self.flow_level:
+
+                # We are allowed to start a complex value if and only if
+                # we can start a simple key.
+                if not self.allow_simple_key:
+                    raise ScannerError(None, None,
+                            "mapping values are not allowed here",
+                            self.get_mark())
+
+            # If this value starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.  It will be detected as an error later by
+            # the parser.
+            if not self.flow_level:
+                if self.add_indent(self.column):
+                    mark = self.get_mark()
+                    self.tokens.append(BlockMappingStartToken(mark, mark))
+
+            # Simple keys are allowed after ':' in the block context.
+            self.allow_simple_key = not self.flow_level
+
+            # Reset possible simple key on the current level.
+            self.remove_possible_simple_key()
+
+        # Add VALUE.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(ValueToken(start_mark, end_mark))
+
+    def fetch_alias(self):
+
+        # ALIAS could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ALIAS.
+        self.allow_simple_key = False
+
+        # Scan and add ALIAS.
+        self.tokens.append(self.scan_anchor(AliasToken))
+
+    def fetch_anchor(self):
+
+        # ANCHOR could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ANCHOR.
+        self.allow_simple_key = False
+
+        # Scan and add ANCHOR.
+        self.tokens.append(self.scan_anchor(AnchorToken))
+
+    def fetch_tag(self):
+
+        # TAG could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after TAG.
+        self.allow_simple_key = False
+
+        # Scan and add TAG.
+        self.tokens.append(self.scan_tag())
+
+    def fetch_literal(self):
+        self.fetch_block_scalar(style='|')
+
+    def fetch_folded(self):
+        self.fetch_block_scalar(style='>')
+
+    def fetch_block_scalar(self, style):
+
+        # A simple key may follow a block scalar.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_block_scalar(style))
+
+    def fetch_single(self):
+        self.fetch_flow_scalar(style='\'')
+
+    def fetch_double(self):
+        self.fetch_flow_scalar(style='"')
+
+    def fetch_flow_scalar(self, style):
+
+        # A flow scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after flow scalars.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_flow_scalar(style))
+
+    def fetch_plain(self):
+
+        # A plain scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after plain scalars. But note that `scan_plain` will
+        # change this flag if the scan is finished at the beginning of the
+        # line.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR. May change `allow_simple_key`.
+        self.tokens.append(self.scan_plain())
+
+    # Checkers.
+
+    def check_directive(self):
+
+        # DIRECTIVE:        ^ '%' ...
+        # The '%' indicator is already checked.
+        if self.column == 0:
+            return True
+
+    def check_document_start(self):
+
+        # DOCUMENT-START:   ^ '---' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '---'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_document_end(self):
+
+        # DOCUMENT-END:     ^ '...' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '...'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_block_entry(self):
+
+        # BLOCK-ENTRY:      '-' (' '|'\n')
+        return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_key(self):
+
+        # KEY(flow context):    '?'
+        if self.flow_level:
+            return True
+
+        # KEY(block context):   '?' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_value(self):
+
+        # VALUE(flow context):  ':'
+        if self.flow_level:
+            return True
+
+        # VALUE(block context): ':' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_plain(self):
+
+        # A plain scalar may start with any non-space character except:
+        #   '-', '?', ':', ',', '[', ']', '{', '}',
+        #   '#', '&', '*', '!', '|', '>', '\'', '\"',
+        #   '%', '@', '`'.
+        #
+        # It may also start with
+        #   '-', '?', ':'
+        # if it is followed by a non-space character.
+        #
+        # Note that we limit the last rule to the block context (except the
+        # '-' character) because we want the flow context to be space
+        # independent.
+        ch = self.peek()
+        return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`'  \
+                or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
+                        and (ch == '-' or (not self.flow_level and ch in '?:')))
+
+    # Scanners.
+
+    def scan_to_next_token(self):
+        # We ignore spaces, line breaks and comments.
+        # If we find a line break in the block context, we set the flag
+        # `allow_simple_key` on.
+        # The byte order mark is stripped if it's the first character in the
+        # stream. We do not yet support BOM inside the stream as the
+        # specification requires. Any such mark will be considered as a part
+        # of the document.
+        #
+        # TODO: We need to make tab handling rules more sane. A good rule is
+        #   Tabs cannot precede tokens
+        #   BLOCK-SEQUENCE-START, BLOCK-MAPPING-START, BLOCK-END,
+        #   KEY(block), VALUE(block), BLOCK-ENTRY
+        # So the checking code is
+        #   if <TAB>:
+        #       self.allow_simple_keys = False
+        # We also need to add the check for `allow_simple_keys == True` to
+        # `unwind_indent` before issuing BLOCK-END.
+        # Scanners for block, flow, and plain scalars need to be modified.
+
+        if self.index == 0 and self.peek() == '\uFEFF':
+            self.forward()
+        found = False
+        while not found:
+            while self.peek() == ' ':
+                self.forward()
+            if self.peek() == '#':
+                while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                    self.forward()
+            if self.scan_line_break():
+                if not self.flow_level:
+                    self.allow_simple_key = True
+            else:
+                found = True
+
+    def scan_directive(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        self.forward()
+        name = self.scan_directive_name(start_mark)
+        value = None
+        if name == 'YAML':
+            value = self.scan_yaml_directive_value(start_mark)
+            end_mark = self.get_mark()
+        elif name == 'TAG':
+            value = self.scan_tag_directive_value(start_mark)
+            end_mark = self.get_mark()
+        else:
+            end_mark = self.get_mark()
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        self.scan_directive_ignored_line(start_mark)
+        return DirectiveToken(name, value, start_mark, end_mark)
+
+    def scan_directive_name(self, start_mark):
+        # See the specification for details.
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        return value
+
+    def scan_yaml_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        major = self.scan_yaml_directive_number(start_mark)
+        if self.peek() != '.':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or '.', but found %r" % self.peek(),
+                    self.get_mark())
+        self.forward()
+        minor = self.scan_yaml_directive_number(start_mark)
+        if self.peek() not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or ' ', but found %r" % self.peek(),
+                    self.get_mark())
+        return (major, minor)
+
+    def scan_yaml_directive_number(self, start_mark):
+        # See the specification for details.
+        ch = self.peek()
+        if not ('0' <= ch <= '9'):
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit, but found %r" % ch, self.get_mark())
+        length = 0
+        while '0' <= self.peek(length) <= '9':
+            length += 1
+        value = int(self.prefix(length))
+        self.forward(length)
+        return value
+
+    def scan_tag_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        handle = self.scan_tag_directive_handle(start_mark)
+        while self.peek() == ' ':
+            self.forward()
+        prefix = self.scan_tag_directive_prefix(start_mark)
+        return (handle, prefix)
+
+    def scan_tag_directive_handle(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_handle('directive', start_mark)
+        ch = self.peek()
+        if ch != ' ':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_tag_directive_prefix(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_uri('directive', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_directive_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a comment or a line break, but found %r"
+                        % ch, self.get_mark())
+        self.scan_line_break()
+
+    def scan_anchor(self, TokenClass):
+        # The specification does not restrict characters for anchors and
+        # aliases. This may lead to problems, for instance, the document:
+        #   [ *alias, value ]
+        # can be interpreted in two ways, as
+        #   [ "value" ]
+        # and
+        #   [ *alias , "value" ]
+        # Therefore we restrict aliases to numbers and ASCII letters.
+        start_mark = self.get_mark()
+        indicator = self.peek()
+        if indicator == '*':
+            name = 'alias'
+        else:
+            name = 'anchor'
+        self.forward()
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        end_mark = self.get_mark()
+        return TokenClass(value, start_mark, end_mark)
+
+    def scan_tag(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        ch = self.peek(1)
+        if ch == '<':
+            handle = None
+            self.forward(2)
+            suffix = self.scan_tag_uri('tag', start_mark)
+            if self.peek() != '>':
+                raise ScannerError("while parsing a tag", start_mark,
+                        "expected '>', but found %r" % self.peek(),
+                        self.get_mark())
+            self.forward()
+        elif ch in '\0 \t\r\n\x85\u2028\u2029':
+            handle = None
+            suffix = '!'
+            self.forward()
+        else:
+            length = 1
+            use_handle = False
+            while ch not in '\0 \r\n\x85\u2028\u2029':
+                if ch == '!':
+                    use_handle = True
+                    break
+                length += 1
+                ch = self.peek(length)
+            handle = '!'
+            if use_handle:
+                handle = self.scan_tag_handle('tag', start_mark)
+            else:
+                handle = '!'
+                self.forward()
+            suffix = self.scan_tag_uri('tag', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a tag", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        value = (handle, suffix)
+        end_mark = self.get_mark()
+        return TagToken(value, start_mark, end_mark)
+
+    def scan_block_scalar(self, style):
+        # See the specification for details.
+
+        if style == '>':
+            folded = True
+        else:
+            folded = False
+
+        chunks = []
+        start_mark = self.get_mark()
+
+        # Scan the header.
+        self.forward()
+        chomping, increment = self.scan_block_scalar_indicators(start_mark)
+        self.scan_block_scalar_ignored_line(start_mark)
+
+        # Determine the indentation level and go to the first non-empty line.
+        min_indent = self.indent+1
+        if min_indent < 1:
+            min_indent = 1
+        if increment is None:
+            breaks, max_indent, end_mark = self.scan_block_scalar_indentation()
+            indent = max(min_indent, max_indent)
+        else:
+            indent = min_indent+increment-1
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+        line_break = ''
+
+        # Scan the inner part of the block scalar.
+        while self.column == indent and self.peek() != '\0':
+            chunks.extend(breaks)
+            leading_non_space = self.peek() not in ' \t'
+            length = 0
+            while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
+                length += 1
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            line_break = self.scan_line_break()
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+            if self.column == indent and self.peek() != '\0':
+
+                # Unfortunately, folding rules are ambiguous.
+                #
+                # This is the folding according to the specification:
+                
+                if folded and line_break == '\n'    \
+                        and leading_non_space and self.peek() not in ' \t':
+                    if not breaks:
+                        chunks.append(' ')
+                else:
+                    chunks.append(line_break)
+                
+                # This is Clark Evans's interpretation (also in the spec
+                # examples):
+                #
+                #if folded and line_break == '\n':
+                #    if not breaks:
+                #        if self.peek() not in ' \t':
+                #            chunks.append(' ')
+                #        else:
+                #            chunks.append(line_break)
+                #else:
+                #    chunks.append(line_break)
+            else:
+                break
+
+        # Chomp the tail.
+        if chomping is not False:
+            chunks.append(line_break)
+        if chomping is True:
+            chunks.extend(breaks)
+
+        # We are done.
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    def scan_block_scalar_indicators(self, start_mark):
+        # See the specification for details.
+        chomping = None
+        increment = None
+        ch = self.peek()
+        if ch in '+-':
+            if ch == '+':
+                chomping = True
+            else:
+                chomping = False
+            self.forward()
+            ch = self.peek()
+            if ch in '0123456789':
+                increment = int(ch)
+                if increment == 0:
+                    raise ScannerError("while scanning a block scalar", start_mark,
+                            "expected indentation indicator in the range 1-9, but found 0",
+                            self.get_mark())
+                self.forward()
+        elif ch in '0123456789':
+            increment = int(ch)
+            if increment == 0:
+                raise ScannerError("while scanning a block scalar", start_mark,
+                        "expected indentation indicator in the range 1-9, but found 0",
+                        self.get_mark())
+            self.forward()
+            ch = self.peek()
+            if ch in '+-':
+                if ch == '+':
+                    chomping = True
+                else:
+                    chomping = False
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected chomping or indentation indicators, but found %r"
+                    % ch, self.get_mark())
+        return chomping, increment
+
+    def scan_block_scalar_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected a comment or a line break, but found %r" % ch,
+                    self.get_mark())
+        self.scan_line_break()
+
+    def scan_block_scalar_indentation(self):
+        # See the specification for details.
+        chunks = []
+        max_indent = 0
+        end_mark = self.get_mark()
+        while self.peek() in ' \r\n\x85\u2028\u2029':
+            if self.peek() != ' ':
+                chunks.append(self.scan_line_break())
+                end_mark = self.get_mark()
+            else:
+                self.forward()
+                if self.column > max_indent:
+                    max_indent = self.column
+        return chunks, max_indent, end_mark
+
+    def scan_block_scalar_breaks(self, indent):
+        # See the specification for details.
+        chunks = []
+        end_mark = self.get_mark()
+        while self.column < indent and self.peek() == ' ':
+            self.forward()
+        while self.peek() in '\r\n\x85\u2028\u2029':
+            chunks.append(self.scan_line_break())
+            end_mark = self.get_mark()
+            while self.column < indent and self.peek() == ' ':
+                self.forward()
+        return chunks, end_mark
+
+    def scan_flow_scalar(self, style):
+        # See the specification for details.
+        # Note that we loose indentation rules for quoted scalars. Quoted
+        # scalars don't need to adhere indentation because " and ' clearly
+        # mark the beginning and the end of them. Therefore we are less
+        # restrictive then the specification requires. We only need to check
+        # that document separators are not included in scalars.
+        if style == '"':
+            double = True
+        else:
+            double = False
+        chunks = []
+        start_mark = self.get_mark()
+        quote = self.peek()
+        self.forward()
+        chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        while self.peek() != quote:
+            chunks.extend(self.scan_flow_scalar_spaces(double, start_mark))
+            chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        self.forward()
+        end_mark = self.get_mark()
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    ESCAPE_REPLACEMENTS = {
+        '0':    '\0',
+        'a':    '\x07',
+        'b':    '\x08',
+        't':    '\x09',
+        '\t':   '\x09',
+        'n':    '\x0A',
+        'v':    '\x0B',
+        'f':    '\x0C',
+        'r':    '\x0D',
+        'e':    '\x1B',
+        ' ':    '\x20',
+        '\"':   '\"',
+        '\\':   '\\',
+        '/':    '/',
+        'N':    '\x85',
+        '_':    '\xA0',
+        'L':    '\u2028',
+        'P':    '\u2029',
+    }
+
+    ESCAPE_CODES = {
+        'x':    2,
+        'u':    4,
+        'U':    8,
+    }
+
+    def scan_flow_scalar_non_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            length = 0
+            while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
+                length += 1
+            if length:
+                chunks.append(self.prefix(length))
+                self.forward(length)
+            ch = self.peek()
+            if not double and ch == '\'' and self.peek(1) == '\'':
+                chunks.append('\'')
+                self.forward(2)
+            elif (double and ch == '\'') or (not double and ch in '\"\\'):
+                chunks.append(ch)
+                self.forward()
+            elif double and ch == '\\':
+                self.forward()
+                ch = self.peek()
+                if ch in self.ESCAPE_REPLACEMENTS:
+                    chunks.append(self.ESCAPE_REPLACEMENTS[ch])
+                    self.forward()
+                elif ch in self.ESCAPE_CODES:
+                    length = self.ESCAPE_CODES[ch]
+                    self.forward()
+                    for k in range(length):
+                        if self.peek(k) not in '0123456789ABCDEFabcdef':
+                            raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                                    "expected escape sequence of %d hexadecimal numbers, but found %r" %
+                                        (length, self.peek(k)), self.get_mark())
+                    code = int(self.prefix(length), 16)
+                    chunks.append(chr(code))
+                    self.forward(length)
+                elif ch in '\r\n\x85\u2028\u2029':
+                    self.scan_line_break()
+                    chunks.extend(self.scan_flow_scalar_breaks(double, start_mark))
+                else:
+                    raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                            "found unknown escape character %r" % ch, self.get_mark())
+            else:
+                return chunks
+
+    def scan_flow_scalar_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        length = 0
+        while self.peek(length) in ' \t':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch == '\0':
+            raise ScannerError("while scanning a quoted scalar", start_mark,
+                    "found unexpected end of stream", self.get_mark())
+        elif ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            breaks = self.scan_flow_scalar_breaks(double, start_mark)
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        else:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_flow_scalar_breaks(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            # Instead of checking indentation, we check for document
+            # separators.
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                raise ScannerError("while scanning a quoted scalar", start_mark,
+                        "found unexpected document separator", self.get_mark())
+            while self.peek() in ' \t':
+                self.forward()
+            if self.peek() in '\r\n\x85\u2028\u2029':
+                chunks.append(self.scan_line_break())
+            else:
+                return chunks
+
+    def scan_plain(self):
+        # See the specification for details.
+        # We add an additional restriction for the flow context:
+        #   plain scalars in the flow context cannot contain ',' or '?'.
+        # We also keep track of the `allow_simple_key` flag here.
+        # Indentation rules are loosed for the flow context.
+        chunks = []
+        start_mark = self.get_mark()
+        end_mark = start_mark
+        indent = self.indent+1
+        # We allow zero indentation for scalars, but then we need to check for
+        # document separators at the beginning of the line.
+        #if indent == 0:
+        #    indent = 1
+        spaces = []
+        while True:
+            length = 0
+            if self.peek() == '#':
+                break
+            while True:
+                ch = self.peek(length)
+                if ch in '\0 \t\r\n\x85\u2028\u2029'    \
+                        or (ch == ':' and
+                                self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
+                                      + (u',[]{}' if self.flow_level else u''))\
+                        or (self.flow_level and ch in ',?[]{}'):
+                    break
+                length += 1
+            if length == 0:
+                break
+            self.allow_simple_key = False
+            chunks.extend(spaces)
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            end_mark = self.get_mark()
+            spaces = self.scan_plain_spaces(indent, start_mark)
+            if not spaces or self.peek() == '#' \
+                    or (not self.flow_level and self.column < indent):
+                break
+        return ScalarToken(''.join(chunks), True, start_mark, end_mark)
+
+    def scan_plain_spaces(self, indent, start_mark):
+        # See the specification for details.
+        # The specification is really confusing about tabs in plain scalars.
+        # We just forbid them completely. Do not use tabs in YAML!
+        chunks = []
+        length = 0
+        while self.peek(length) in ' ':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            self.allow_simple_key = True
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return
+            breaks = []
+            while self.peek() in ' \r\n\x85\u2028\u2029':
+                if self.peek() == ' ':
+                    self.forward()
+                else:
+                    breaks.append(self.scan_line_break())
+                    prefix = self.prefix(3)
+                    if (prefix == '---' or prefix == '...')   \
+                            and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                        return
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        elif whitespaces:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_tag_handle(self, name, start_mark):
+        # See the specification for details.
+        # For some strange reasons, the specification does not allow '_' in
+        # tag handles. I have allowed it anyway.
+        ch = self.peek()
+        if ch != '!':
+            raise ScannerError("while scanning a %s" % name, start_mark,
+                    "expected '!', but found %r" % ch, self.get_mark())
+        length = 1
+        ch = self.peek(length)
+        if ch != ' ':
+            while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                    or ch in '-_':
+                length += 1
+                ch = self.peek(length)
+            if ch != '!':
+                self.forward(length)
+                raise ScannerError("while scanning a %s" % name, start_mark,
+                        "expected '!', but found %r" % ch, self.get_mark())
+            length += 1
+        value = self.prefix(length)
+        self.forward(length)
+        return value
+
+    def scan_tag_uri(self, name, start_mark):
+        # See the specification for details.
+        # Note: we do not check if URI is well-formed.
+        chunks = []
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-;/?:@&=+$,_.!~*\'()[]%':
+            if ch == '%':
+                chunks.append(self.prefix(length))
+                self.forward(length)
+                length = 0
+                chunks.append(self.scan_uri_escapes(name, start_mark))
+            else:
+                length += 1
+            ch = self.peek(length)
+        if length:
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            length = 0
+        if not chunks:
+            raise ScannerError("while parsing a %s" % name, start_mark,
+                    "expected URI, but found %r" % ch, self.get_mark())
+        return ''.join(chunks)
+
+    def scan_uri_escapes(self, name, start_mark):
+        # See the specification for details.
+        codes = []
+        mark = self.get_mark()
+        while self.peek() == '%':
+            self.forward()
+            for k in range(2):
+                if self.peek(k) not in '0123456789ABCDEFabcdef':
+                    raise ScannerError("while scanning a %s" % name, start_mark,
+                            "expected URI escape sequence of 2 hexadecimal numbers, but found %r"
+                            % self.peek(k), self.get_mark())
+            codes.append(int(self.prefix(2), 16))
+            self.forward(2)
+        try:
+            value = bytes(codes).decode('utf-8')
+        except UnicodeDecodeError as exc:
+            raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
+        return value
+
+    def scan_line_break(self):
+        # Transforms:
+        #   '\r\n'      :   '\n'
+        #   '\r'        :   '\n'
+        #   '\n'        :   '\n'
+        #   '\x85'      :   '\n'
+        #   '\u2028'    :   '\u2028'
+        #   '\u2029     :   '\u2029'
+        #   default     :   ''
+        ch = self.peek()
+        if ch in '\r\n\x85':
+            if self.prefix(2) == '\r\n':
+                self.forward(2)
+            else:
+                self.forward()
+            return '\n'
+        elif ch in '\u2028\u2029':
+            self.forward()
+            return ch
+        return ''
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/serializer.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/serializer.py
new file mode 100644
index 000000000..fe911e67a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/serializer.py
@@ -0,0 +1,111 @@
+
+__all__ = ['Serializer', 'SerializerError']
+
+from .error import YAMLError
+from .events import *
+from .nodes import *
+
+class SerializerError(YAMLError):
+    pass
+
+class Serializer:
+
+    ANCHOR_TEMPLATE = 'id%03d'
+
+    def __init__(self, encoding=None,
+            explicit_start=None, explicit_end=None, version=None, tags=None):
+        self.use_encoding = encoding
+        self.use_explicit_start = explicit_start
+        self.use_explicit_end = explicit_end
+        self.use_version = version
+        self.use_tags = tags
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+        self.closed = None
+
+    def open(self):
+        if self.closed is None:
+            self.emit(StreamStartEvent(encoding=self.use_encoding))
+            self.closed = False
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        else:
+            raise SerializerError("serializer is already opened")
+
+    def close(self):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif not self.closed:
+            self.emit(StreamEndEvent())
+            self.closed = True
+
+    #def __del__(self):
+    #    self.close()
+
+    def serialize(self, node):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        self.emit(DocumentStartEvent(explicit=self.use_explicit_start,
+            version=self.use_version, tags=self.use_tags))
+        self.anchor_node(node)
+        self.serialize_node(node, None, None)
+        self.emit(DocumentEndEvent(explicit=self.use_explicit_end))
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+
+    def anchor_node(self, node):
+        if node in self.anchors:
+            if self.anchors[node] is None:
+                self.anchors[node] = self.generate_anchor(node)
+        else:
+            self.anchors[node] = None
+            if isinstance(node, SequenceNode):
+                for item in node.value:
+                    self.anchor_node(item)
+            elif isinstance(node, MappingNode):
+                for key, value in node.value:
+                    self.anchor_node(key)
+                    self.anchor_node(value)
+
+    def generate_anchor(self, node):
+        self.last_anchor_id += 1
+        return self.ANCHOR_TEMPLATE % self.last_anchor_id
+
+    def serialize_node(self, node, parent, index):
+        alias = self.anchors[node]
+        if node in self.serialized_nodes:
+            self.emit(AliasEvent(alias))
+        else:
+            self.serialized_nodes[node] = True
+            self.descend_resolver(parent, index)
+            if isinstance(node, ScalarNode):
+                detected_tag = self.resolve(ScalarNode, node.value, (True, False))
+                default_tag = self.resolve(ScalarNode, node.value, (False, True))
+                implicit = (node.tag == detected_tag), (node.tag == default_tag)
+                self.emit(ScalarEvent(alias, node.tag, implicit, node.value,
+                    style=node.style))
+            elif isinstance(node, SequenceNode):
+                implicit = (node.tag
+                            == self.resolve(SequenceNode, node.value, True))
+                self.emit(SequenceStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                index = 0
+                for item in node.value:
+                    self.serialize_node(item, node, index)
+                    index += 1
+                self.emit(SequenceEndEvent())
+            elif isinstance(node, MappingNode):
+                implicit = (node.tag
+                            == self.resolve(MappingNode, node.value, True))
+                self.emit(MappingStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                for key, value in node.value:
+                    self.serialize_node(key, node, None)
+                    self.serialize_node(value, node, key)
+                self.emit(MappingEndEvent())
+            self.ascend_resolver()
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/tokens.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/tokens.py
new file mode 100644
index 000000000..4d0b48a39
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/tokens.py
@@ -0,0 +1,104 @@
+
+class Token(object):
+    def __init__(self, start_mark, end_mark):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in self.__dict__
+                if not key.endswith('_mark')]
+        attributes.sort()
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+#class BOMToken(Token):
+#    id = '<byte order mark>'
+
+class DirectiveToken(Token):
+    id = '<directive>'
+    def __init__(self, name, value, start_mark, end_mark):
+        self.name = name
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class DocumentStartToken(Token):
+    id = '<document start>'
+
+class DocumentEndToken(Token):
+    id = '<document end>'
+
+class StreamStartToken(Token):
+    id = '<stream start>'
+    def __init__(self, start_mark=None, end_mark=None,
+            encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndToken(Token):
+    id = '<stream end>'
+
+class BlockSequenceStartToken(Token):
+    id = '<block sequence start>'
+
+class BlockMappingStartToken(Token):
+    id = '<block mapping start>'
+
+class BlockEndToken(Token):
+    id = '<block end>'
+
+class FlowSequenceStartToken(Token):
+    id = '['
+
+class FlowMappingStartToken(Token):
+    id = '{'
+
+class FlowSequenceEndToken(Token):
+    id = ']'
+
+class FlowMappingEndToken(Token):
+    id = '}'
+
+class KeyToken(Token):
+    id = '?'
+
+class ValueToken(Token):
+    id = ':'
+
+class BlockEntryToken(Token):
+    id = '-'
+
+class FlowEntryToken(Token):
+    id = ','
+
+class AliasToken(Token):
+    id = '<alias>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class AnchorToken(Token):
+    id = '<anchor>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class TagToken(Token):
+    id = '<tag>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class ScalarToken(Token):
+    id = '<scalar>'
+    def __init__(self, value, plain, start_mark, end_mark, style=None):
+        self.value = value
+        self.plain = plain
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
new file mode 100644
index 000000000..9d227a0cc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
new file mode 100644
index 000000000..dfe37d52d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
@@ -0,0 +1,93 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 2.1.5
+Summary: Safely add untrusted strings to HTML/XML markup.
+Home-page: https://palletsprojects.com/p/markupsafe/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/markupsafe/
+Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+MarkupSafe
+==========
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    pip install -U MarkupSafe
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+Examples
+--------
+
+.. code-block:: pycon
+
+    >>> from markupsafe import Markup, escape
+
+    >>> # escape replaces special characters and wraps in Markup
+    >>> escape("<script>alert(document.cookie);</script>")
+    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+    >>> # wrap in Markup to mark text "safe" and prevent escaping
+    >>> Markup("<strong>Hello</strong>")
+    Markup('<strong>hello</strong>')
+
+    >>> escape(Markup("<strong>Hello</strong>"))
+    Markup('<strong>hello</strong>')
+
+    >>> # Markup is a str subclass
+    >>> # methods and operators escape their arguments
+    >>> template = Markup("Hello <em>{name}</em>")
+    >>> template.format(name='"World"')
+    Markup('Hello <em>&#34;World&#34;</em>')
+
+
+Donate
+------
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://markupsafe.palletsprojects.com/
+-   Changes: https://markupsafe.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/MarkupSafe/
+-   Source Code: https://github.com/pallets/markupsafe/
+-   Issue Tracker: https://github.com/pallets/markupsafe/issues/
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
new file mode 100644
index 000000000..1a6655059
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
+MarkupSafe-2.1.5.dist-info/RECORD,,
+MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-2.1.5.dist-info/WHEEL,sha256=Jjzc6ISFgDOOsYxK3rGIIgg_gPHXRI2MDFtRxyygFgU,115
+MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
+markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
+markupsafe/_speedups.cpython-311-darwin.so,sha256=IDqfQnyjAd2Y15LBPbXpZPSBjstu6YWSjwT5dP2LeHk,117484
+markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
new file mode 100644
index 000000000..edbb92f5d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.42.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-macosx_10_9_universal2
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
new file mode 100644
index 000000000..75bf72925
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
@@ -0,0 +1 @@
+markupsafe
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE
new file mode 100644
index 000000000..2f1b8e15e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ingy döt Net
+Copyright (c) 2006-2016 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA
new file mode 100644
index 000000000..c8905983e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.1
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.6
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD
new file mode 100644
index 000000000..b6353a4d7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD
@@ -0,0 +1,44 @@
+PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
+PyYAML-6.0.1.dist-info/RECORD,,
+PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.1.dist-info/WHEEL,sha256=GYWT1Q_60SI2bAUaGrkLwkEA5yYDmphib6XcY6K30ZQ,110
+PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+_yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
+_yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__pycache__/composer.cpython-311.pyc,,
+yaml/__pycache__/constructor.cpython-311.pyc,,
+yaml/__pycache__/cyaml.cpython-311.pyc,,
+yaml/__pycache__/dumper.cpython-311.pyc,,
+yaml/__pycache__/emitter.cpython-311.pyc,,
+yaml/__pycache__/error.cpython-311.pyc,,
+yaml/__pycache__/events.cpython-311.pyc,,
+yaml/__pycache__/loader.cpython-311.pyc,,
+yaml/__pycache__/nodes.cpython-311.pyc,,
+yaml/__pycache__/parser.cpython-311.pyc,,
+yaml/__pycache__/reader.cpython-311.pyc,,
+yaml/__pycache__/representer.cpython-311.pyc,,
+yaml/__pycache__/resolver.cpython-311.pyc,,
+yaml/__pycache__/scanner.cpython-311.pyc,,
+yaml/__pycache__/serializer.cpython-311.pyc,,
+yaml/__pycache__/tokens.cpython-311.pyc,,
+yaml/_yaml.cpython-311-darwin.so,sha256=YiF55JiadfOvw_mUH-lONNnsiMHj6C6o1SBfTCvvW54,362008
+yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
+yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
+yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
+yaml/dumper.py,sha256=PLctZlYwZLp7XmeUdwRuv4nYOZ2UBnDIUy8-lKfLF-o,2837
+yaml/emitter.py,sha256=jghtaU7eFwg31bG0B7RZea_29Adi9CKmXq_QjgQpCkQ,43006
+yaml/error.py,sha256=Ah9z-toHJUbE9j-M8YpxgSRM5CgLCcwVzJgLLRF2Fxo,2533
+yaml/events.py,sha256=50_TksgQiE4up-lKo_V-nBy-tAIxkIPQxY5qDhKCeHw,2445
+yaml/loader.py,sha256=UVa-zIqmkFSCIYq_PgSGm4NSJttHY2Rf_zQ4_b1fHN0,2061
+yaml/nodes.py,sha256=gPKNj8pKCdh2d4gr3gIYINnPOaOxGhJAUiYhGRnPE84,1440
+yaml/parser.py,sha256=ilWp5vvgoHFGzvOZDItFoGjD6D42nhlZrZyjAwa0oJo,25495
+yaml/reader.py,sha256=0dmzirOiDG4Xo41RnuQS7K9rkY3xjHiVasfDMNTqCNw,6794
+yaml/representer.py,sha256=IuWP-cAW9sHKEnS0gCqSa894k1Bg4cgTxaDwIcbRQ-Y,14190
+yaml/resolver.py,sha256=9L-VYfm4mWHxUD1Vg4X7rjDRK_7VZd6b92wzq7Y2IKY,9004
+yaml/scanner.py,sha256=YEM3iLZSaQwXcQRg2l2R4MdT0zGP2F9eHkKGKnHyWQY,51279
+yaml/serializer.py,sha256=ChuFgmhU01hj4xgI8GaKv6vfM2Bujwa9i7d2FAHj7cA,4165
+yaml/tokens.py,sha256=lTQIzSVw8Mg9wv459-TjiOQe6wVziqaRlqX2_89rp54,2573
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL
new file mode 100644
index 000000000..2a4682fa9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.40.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-macosx_11_0_arm64
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt
new file mode 100644
index 000000000..e6475e911
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt
@@ -0,0 +1,2 @@
+_yaml
+yaml
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/_yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/_yaml/__init__.py
new file mode 100644
index 000000000..7baa8c4b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/_yaml/__init__.py
@@ -0,0 +1,33 @@
+# This is a stub package designed to roughly emulate the _yaml
+# extension module, which previously existed as a standalone module
+# and has been moved into the `yaml` package namespace.
+# It does not perfectly mimic its old counterpart, but should get
+# close enough for anyone who's relying on it even when they shouldn't.
+import yaml
+
+# in some circumstances, the yaml module we imoprted may be from a different version, so we need
+# to tread carefully when poking at it here (it may not have the attributes we expect)
+if not getattr(yaml, '__with_libyaml__', False):
+    from sys import version_info
+
+    exc = ModuleNotFoundError if version_info >= (3, 6) else ImportError
+    raise exc("No module named '_yaml'")
+else:
+    from yaml._yaml import *
+    import warnings
+    warnings.warn(
+        'The _yaml extension module is now located at yaml._yaml'
+        ' and its location is subject to change.  To use the'
+        ' LibYAML-based parser and emitter, import from `yaml`:'
+        ' `from yaml import CLoader as Loader, CDumper as Dumper`.',
+        DeprecationWarning
+    )
+    del warnings
+    # Don't `del yaml` here because yaml is actually an existing
+    # namespace member of _yaml.
+
+__name__ = '_yaml'
+# If the module is top-level (i.e. not a part of any specific package)
+# then the attribute should be set to ''.
+# https://docs.python.org/3.8/library/types.html
+__package__ = ''
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/bin/jsonpath_ng b/lib/go-jinja2/internal/data/darwin-arm64/bin/jsonpath_ng
new file mode 100644
index 000000000..d5e8bc24e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/bin/jsonpath_ng
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-darwin-arm64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from jsonpath_ng.bin.jsonpath import entry_point
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(entry_point())
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/bin/slugify b/lib/go-jinja2/internal/data/darwin-arm64/bin/slugify
new file mode 100644
index 000000000..a47fe75d6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/bin/slugify
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-darwin-arm64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from slugify.__main__ import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/LICENSE.rst
new file mode 100644
index 000000000..d12a84918
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2014 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/METADATA
new file mode 100644
index 000000000..7a6bbb24b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/METADATA
@@ -0,0 +1,103 @@
+Metadata-Version: 2.1
+Name: click
+Version: 8.1.7
+Summary: Composable command line interface toolkit
+Home-page: https://palletsprojects.com/p/click/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://click.palletsprojects.com/
+Project-URL: Changes, https://click.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/click/
+Project-URL: Issue Tracker, https://github.com/pallets/click/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+Requires-Dist: colorama ; platform_system == "Windows"
+Requires-Dist: importlib-metadata ; python_version < "3.8"
+
+\$ click\_
+==========
+
+Click is a Python package for creating beautiful command line interfaces
+in a composable way with as little code as necessary. It's the "Command
+Line Interface Creation Kit". It's highly configurable but comes with
+sensible defaults out of the box.
+
+It aims to make the process of writing command line tools quick and fun
+while also preventing any frustration caused by the inability to
+implement an intended CLI API.
+
+Click in three points:
+
+-   Arbitrary nesting of commands
+-   Automatic help page generation
+-   Supports lazy loading of subcommands at runtime
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    $ pip install -U click
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+.. code-block:: python
+
+    import click
+
+    @click.command()
+    @click.option("--count", default=1, help="Number of greetings.")
+    @click.option("--name", prompt="Your name", help="The person to greet.")
+    def hello(count, name):
+        """Simple program that greets NAME for a total of COUNT times."""
+        for _ in range(count):
+            click.echo(f"Hello, {name}!")
+
+    if __name__ == '__main__':
+        hello()
+
+.. code-block:: text
+
+    $ python hello.py --count=3
+    Your name: Click
+    Hello, Click!
+    Hello, Click!
+    Hello, Click!
+
+
+Donate
+------
+
+The Pallets organization develops and supports Click and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, `please
+donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://click.palletsprojects.com/
+-   Changes: https://click.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/click/
+-   Source Code: https://github.com/pallets/click
+-   Issue Tracker: https://github.com/pallets/click/issues
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/RECORD
new file mode 100644
index 000000000..dcffbf004
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/RECORD
@@ -0,0 +1,40 @@
+click-8.1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+click-8.1.7.dist-info/LICENSE.rst,sha256=morRBqOU6FO_4h9C9OctWSgZoigF2ZG18ydQKSkrZY0,1475
+click-8.1.7.dist-info/METADATA,sha256=qIMevCxGA9yEmJOM_4WHuUJCwWpsIEVbCPOhs45YPN4,3014
+click-8.1.7.dist-info/RECORD,,
+click-8.1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click-8.1.7.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+click-8.1.7.dist-info/top_level.txt,sha256=J1ZQogalYS4pphY_lPECoNMfw0HzTSrZglC4Yfwo4xA,6
+click/__init__.py,sha256=YDDbjm406dTOA0V8bTtdGnhN7zj5j-_dFRewZF_pLvw,3138
+click/__pycache__/__init__.cpython-311.pyc,,
+click/__pycache__/_compat.cpython-311.pyc,,
+click/__pycache__/_termui_impl.cpython-311.pyc,,
+click/__pycache__/_textwrap.cpython-311.pyc,,
+click/__pycache__/_winconsole.cpython-311.pyc,,
+click/__pycache__/core.cpython-311.pyc,,
+click/__pycache__/decorators.cpython-311.pyc,,
+click/__pycache__/exceptions.cpython-311.pyc,,
+click/__pycache__/formatting.cpython-311.pyc,,
+click/__pycache__/globals.cpython-311.pyc,,
+click/__pycache__/parser.cpython-311.pyc,,
+click/__pycache__/shell_completion.cpython-311.pyc,,
+click/__pycache__/termui.cpython-311.pyc,,
+click/__pycache__/testing.cpython-311.pyc,,
+click/__pycache__/types.cpython-311.pyc,,
+click/__pycache__/utils.cpython-311.pyc,,
+click/_compat.py,sha256=5318agQpbt4kroKsbqDOYpTSWzL_YCZVUQiTT04yXmc,18744
+click/_termui_impl.py,sha256=3dFYv4445Nw-rFvZOTBMBPYwB1bxnmNk9Du6Dm_oBSU,24069
+click/_textwrap.py,sha256=10fQ64OcBUMuK7mFvh8363_uoOxPlRItZBmKzRJDgoY,1353
+click/_winconsole.py,sha256=5ju3jQkcZD0W27WEMGqmEP4y_crUVzPCqsX_FYb7BO0,7860
+click/core.py,sha256=j6oEWtGgGna8JarD6WxhXmNnxLnfRjwXglbBc-8jr7U,114086
+click/decorators.py,sha256=-ZlbGYgV-oI8jr_oH4RpuL1PFS-5QmeuEAsLDAYgxtw,18719
+click/exceptions.py,sha256=fyROO-47HWFDjt2qupo7A3J32VlpM-ovJnfowu92K3s,9273
+click/formatting.py,sha256=Frf0-5W33-loyY_i9qrwXR8-STnW3m5gvyxLVUdyxyk,9706
+click/globals.py,sha256=TP-qM88STzc7f127h35TD_v920FgfOD2EwzqA0oE8XU,1961
+click/parser.py,sha256=LKyYQE9ZLj5KgIDXkrcTHQRXIggfoivX14_UVIn56YA,19067
+click/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click/shell_completion.py,sha256=Ty3VM_ts0sQhj6u7eFTiLwHPoTgcXTGEAUg2OpLqYKw,18460
+click/termui.py,sha256=H7Q8FpmPelhJ2ovOhfCRhjMtCpNyjFXryAMLZODqsdc,28324
+click/testing.py,sha256=1Qd4kS5bucn1hsNIRryd0WtTMuCpkA93grkWxT8POsU,16084
+click/types.py,sha256=TZvz3hKvBztf-Hpa2enOmP4eznSPLzijjig5b_0XMxE,36391
+click/utils.py,sha256=1476UduUNY6UePGU4m18uzVHLt1sKM2PP3yWsQhbItM,20298
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/WHEEL
new file mode 100644
index 000000000..2c08da084
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/top_level.txt
new file mode 100644
index 000000000..dca9a9096
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click-8.1.7.dist-info/top_level.txt
@@ -0,0 +1 @@
+click
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/click/__init__.py
new file mode 100644
index 000000000..9a1dab048
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/__init__.py
@@ -0,0 +1,73 @@
+"""
+Click is a simple Python module inspired by the stdlib optparse to make
+writing command line scripts fun. Unlike other modules, it's based
+around a simple API that does not come with too much magic and is
+composable.
+"""
+from .core import Argument as Argument
+from .core import BaseCommand as BaseCommand
+from .core import Command as Command
+from .core import CommandCollection as CommandCollection
+from .core import Context as Context
+from .core import Group as Group
+from .core import MultiCommand as MultiCommand
+from .core import Option as Option
+from .core import Parameter as Parameter
+from .decorators import argument as argument
+from .decorators import command as command
+from .decorators import confirmation_option as confirmation_option
+from .decorators import group as group
+from .decorators import help_option as help_option
+from .decorators import make_pass_decorator as make_pass_decorator
+from .decorators import option as option
+from .decorators import pass_context as pass_context
+from .decorators import pass_obj as pass_obj
+from .decorators import password_option as password_option
+from .decorators import version_option as version_option
+from .exceptions import Abort as Abort
+from .exceptions import BadArgumentUsage as BadArgumentUsage
+from .exceptions import BadOptionUsage as BadOptionUsage
+from .exceptions import BadParameter as BadParameter
+from .exceptions import ClickException as ClickException
+from .exceptions import FileError as FileError
+from .exceptions import MissingParameter as MissingParameter
+from .exceptions import NoSuchOption as NoSuchOption
+from .exceptions import UsageError as UsageError
+from .formatting import HelpFormatter as HelpFormatter
+from .formatting import wrap_text as wrap_text
+from .globals import get_current_context as get_current_context
+from .parser import OptionParser as OptionParser
+from .termui import clear as clear
+from .termui import confirm as confirm
+from .termui import echo_via_pager as echo_via_pager
+from .termui import edit as edit
+from .termui import getchar as getchar
+from .termui import launch as launch
+from .termui import pause as pause
+from .termui import progressbar as progressbar
+from .termui import prompt as prompt
+from .termui import secho as secho
+from .termui import style as style
+from .termui import unstyle as unstyle
+from .types import BOOL as BOOL
+from .types import Choice as Choice
+from .types import DateTime as DateTime
+from .types import File as File
+from .types import FLOAT as FLOAT
+from .types import FloatRange as FloatRange
+from .types import INT as INT
+from .types import IntRange as IntRange
+from .types import ParamType as ParamType
+from .types import Path as Path
+from .types import STRING as STRING
+from .types import Tuple as Tuple
+from .types import UNPROCESSED as UNPROCESSED
+from .types import UUID as UUID
+from .utils import echo as echo
+from .utils import format_filename as format_filename
+from .utils import get_app_dir as get_app_dir
+from .utils import get_binary_stream as get_binary_stream
+from .utils import get_text_stream as get_text_stream
+from .utils import open_file as open_file
+
+__version__ = "8.1.7"
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/_compat.py b/lib/go-jinja2/internal/data/darwin-arm64/click/_compat.py
new file mode 100644
index 000000000..23f886659
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/_compat.py
@@ -0,0 +1,623 @@
+import codecs
+import io
+import os
+import re
+import sys
+import typing as t
+from weakref import WeakKeyDictionary
+
+CYGWIN = sys.platform.startswith("cygwin")
+WIN = sys.platform.startswith("win")
+auto_wrap_for_ansi: t.Optional[t.Callable[[t.TextIO], t.TextIO]] = None
+_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
+
+
+def _make_text_stream(
+    stream: t.BinaryIO,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if encoding is None:
+        encoding = get_best_encoding(stream)
+    if errors is None:
+        errors = "replace"
+    return _NonClosingTextIOWrapper(
+        stream,
+        encoding,
+        errors,
+        line_buffering=True,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def is_ascii_encoding(encoding: str) -> bool:
+    """Checks if a given encoding is ascii."""
+    try:
+        return codecs.lookup(encoding).name == "ascii"
+    except LookupError:
+        return False
+
+
+def get_best_encoding(stream: t.IO[t.Any]) -> str:
+    """Returns the default stream encoding if not found."""
+    rv = getattr(stream, "encoding", None) or sys.getdefaultencoding()
+    if is_ascii_encoding(rv):
+        return "utf-8"
+    return rv
+
+
+class _NonClosingTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        encoding: t.Optional[str],
+        errors: t.Optional[str],
+        force_readable: bool = False,
+        force_writable: bool = False,
+        **extra: t.Any,
+    ) -> None:
+        self._stream = stream = t.cast(
+            t.BinaryIO, _FixupStream(stream, force_readable, force_writable)
+        )
+        super().__init__(stream, encoding, errors, **extra)
+
+    def __del__(self) -> None:
+        try:
+            self.detach()
+        except Exception:
+            pass
+
+    def isatty(self) -> bool:
+        # https://bitbucket.org/pypy/pypy/issue/1803
+        return self._stream.isatty()
+
+
+class _FixupStream:
+    """The new io interface needs more from streams than streams
+    traditionally implement.  As such, this fix-up code is necessary in
+    some circumstances.
+
+    The forcing of readable and writable flags are there because some tools
+    put badly patched objects on sys (one such offender are certain version
+    of jupyter notebook).
+    """
+
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        force_readable: bool = False,
+        force_writable: bool = False,
+    ):
+        self._stream = stream
+        self._force_readable = force_readable
+        self._force_writable = force_writable
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._stream, name)
+
+    def read1(self, size: int) -> bytes:
+        f = getattr(self._stream, "read1", None)
+
+        if f is not None:
+            return t.cast(bytes, f(size))
+
+        return self._stream.read(size)
+
+    def readable(self) -> bool:
+        if self._force_readable:
+            return True
+        x = getattr(self._stream, "readable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.read(0)
+        except Exception:
+            return False
+        return True
+
+    def writable(self) -> bool:
+        if self._force_writable:
+            return True
+        x = getattr(self._stream, "writable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.write("")  # type: ignore
+        except Exception:
+            try:
+                self._stream.write(b"")
+            except Exception:
+                return False
+        return True
+
+    def seekable(self) -> bool:
+        x = getattr(self._stream, "seekable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.seek(self._stream.tell())
+        except Exception:
+            return False
+        return True
+
+
+def _is_binary_reader(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        return isinstance(stream.read(0), bytes)
+    except Exception:
+        return default
+        # This happens in some cases where the stream was already
+        # closed.  In this case, we assume the default.
+
+
+def _is_binary_writer(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        stream.write(b"")
+    except Exception:
+        try:
+            stream.write("")
+            return False
+        except Exception:
+            pass
+        return default
+    return True
+
+
+def _find_binary_reader(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_reader(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_reader(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _find_binary_writer(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_writer(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_writer(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _stream_is_misconfigured(stream: t.TextIO) -> bool:
+    """A stream is misconfigured if its encoding is ASCII."""
+    # If the stream does not have an encoding set, we assume it's set
+    # to ASCII.  This appears to happen in certain unittest
+    # environments.  It's not quite clear what the correct behavior is
+    # but this at least will force Click to recover somehow.
+    return is_ascii_encoding(getattr(stream, "encoding", None) or "ascii")
+
+
+def _is_compat_stream_attr(stream: t.TextIO, attr: str, value: t.Optional[str]) -> bool:
+    """A stream attribute is compatible if it is equal to the
+    desired value or the desired value is unset and the attribute
+    has a value.
+    """
+    stream_value = getattr(stream, attr, None)
+    return stream_value == value or (value is None and stream_value is not None)
+
+
+def _is_compatible_text_stream(
+    stream: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> bool:
+    """Check if a stream's encoding and errors attributes are
+    compatible with the desired values.
+    """
+    return _is_compat_stream_attr(
+        stream, "encoding", encoding
+    ) and _is_compat_stream_attr(stream, "errors", errors)
+
+
+def _force_correct_text_stream(
+    text_stream: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    is_binary: t.Callable[[t.IO[t.Any], bool], bool],
+    find_binary: t.Callable[[t.IO[t.Any]], t.Optional[t.BinaryIO]],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if is_binary(text_stream, False):
+        binary_reader = t.cast(t.BinaryIO, text_stream)
+    else:
+        text_stream = t.cast(t.TextIO, text_stream)
+        # If the stream looks compatible, and won't default to a
+        # misconfigured ascii encoding, return it as-is.
+        if _is_compatible_text_stream(text_stream, encoding, errors) and not (
+            encoding is None and _stream_is_misconfigured(text_stream)
+        ):
+            return text_stream
+
+        # Otherwise, get the underlying binary reader.
+        possible_binary_reader = find_binary(text_stream)
+
+        # If that's not possible, silently use the original reader
+        # and get mojibake instead of exceptions.
+        if possible_binary_reader is None:
+            return text_stream
+
+        binary_reader = possible_binary_reader
+
+    # Default errors to replace instead of strict in order to get
+    # something that works.
+    if errors is None:
+        errors = "replace"
+
+    # Wrap the binary stream in a text stream with the correct
+    # encoding parameters.
+    return _make_text_stream(
+        binary_reader,
+        encoding,
+        errors,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def _force_correct_text_reader(
+    text_reader: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_reader,
+        encoding,
+        errors,
+        _is_binary_reader,
+        _find_binary_reader,
+        force_readable=force_readable,
+    )
+
+
+def _force_correct_text_writer(
+    text_writer: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_writable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_writer,
+        encoding,
+        errors,
+        _is_binary_writer,
+        _find_binary_writer,
+        force_writable=force_writable,
+    )
+
+
+def get_binary_stdin() -> t.BinaryIO:
+    reader = _find_binary_reader(sys.stdin)
+    if reader is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdin.")
+    return reader
+
+
+def get_binary_stdout() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stdout)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdout.")
+    return writer
+
+
+def get_binary_stderr() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stderr)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stderr.")
+    return writer
+
+
+def get_text_stdin(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdin, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_reader(sys.stdin, encoding, errors, force_readable=True)
+
+
+def get_text_stdout(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdout, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stdout, encoding, errors, force_writable=True)
+
+
+def get_text_stderr(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stderr, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stderr, encoding, errors, force_writable=True)
+
+
+def _wrap_io_open(
+    file: t.Union[str, "os.PathLike[str]", int],
+    mode: str,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+) -> t.IO[t.Any]:
+    """Handles not passing ``encoding`` and ``errors`` in binary mode."""
+    if "b" in mode:
+        return open(file, mode)
+
+    return open(file, mode, encoding=encoding, errors=errors)
+
+
+def open_stream(
+    filename: "t.Union[str, os.PathLike[str]]",
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    atomic: bool = False,
+) -> t.Tuple[t.IO[t.Any], bool]:
+    binary = "b" in mode
+    filename = os.fspath(filename)
+
+    # Standard streams first. These are simple because they ignore the
+    # atomic flag. Use fsdecode to handle Path("-").
+    if os.fsdecode(filename) == "-":
+        if any(m in mode for m in ["w", "a", "x"]):
+            if binary:
+                return get_binary_stdout(), False
+            return get_text_stdout(encoding=encoding, errors=errors), False
+        if binary:
+            return get_binary_stdin(), False
+        return get_text_stdin(encoding=encoding, errors=errors), False
+
+    # Non-atomic writes directly go out through the regular open functions.
+    if not atomic:
+        return _wrap_io_open(filename, mode, encoding, errors), True
+
+    # Some usability stuff for atomic writes
+    if "a" in mode:
+        raise ValueError(
+            "Appending to an existing file is not supported, because that"
+            " would involve an expensive `copy`-operation to a temporary"
+            " file. Open the file in normal `w`-mode and copy explicitly"
+            " if that's what you're after."
+        )
+    if "x" in mode:
+        raise ValueError("Use the `overwrite`-parameter instead.")
+    if "w" not in mode:
+        raise ValueError("Atomic writes only make sense with `w`-mode.")
+
+    # Atomic writes are more complicated.  They work by opening a file
+    # as a proxy in the same folder and then using the fdopen
+    # functionality to wrap it in a Python file.  Then we wrap it in an
+    # atomic file that moves the file over on close.
+    import errno
+    import random
+
+    try:
+        perm: t.Optional[int] = os.stat(filename).st_mode
+    except OSError:
+        perm = None
+
+    flags = os.O_RDWR | os.O_CREAT | os.O_EXCL
+
+    if binary:
+        flags |= getattr(os, "O_BINARY", 0)
+
+    while True:
+        tmp_filename = os.path.join(
+            os.path.dirname(filename),
+            f".__atomic-write{random.randrange(1 << 32):08x}",
+        )
+        try:
+            fd = os.open(tmp_filename, flags, 0o666 if perm is None else perm)
+            break
+        except OSError as e:
+            if e.errno == errno.EEXIST or (
+                os.name == "nt"
+                and e.errno == errno.EACCES
+                and os.path.isdir(e.filename)
+                and os.access(e.filename, os.W_OK)
+            ):
+                continue
+            raise
+
+    if perm is not None:
+        os.chmod(tmp_filename, perm)  # in case perm includes bits in umask
+
+    f = _wrap_io_open(fd, mode, encoding, errors)
+    af = _AtomicFile(f, tmp_filename, os.path.realpath(filename))
+    return t.cast(t.IO[t.Any], af), True
+
+
+class _AtomicFile:
+    def __init__(self, f: t.IO[t.Any], tmp_filename: str, real_filename: str) -> None:
+        self._f = f
+        self._tmp_filename = tmp_filename
+        self._real_filename = real_filename
+        self.closed = False
+
+    @property
+    def name(self) -> str:
+        return self._real_filename
+
+    def close(self, delete: bool = False) -> None:
+        if self.closed:
+            return
+        self._f.close()
+        os.replace(self._tmp_filename, self._real_filename)
+        self.closed = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._f, name)
+
+    def __enter__(self) -> "_AtomicFile":
+        return self
+
+    def __exit__(self, exc_type: t.Optional[t.Type[BaseException]], *_: t.Any) -> None:
+        self.close(delete=exc_type is not None)
+
+    def __repr__(self) -> str:
+        return repr(self._f)
+
+
+def strip_ansi(value: str) -> str:
+    return _ansi_re.sub("", value)
+
+
+def _is_jupyter_kernel_output(stream: t.IO[t.Any]) -> bool:
+    while isinstance(stream, (_FixupStream, _NonClosingTextIOWrapper)):
+        stream = stream._stream
+
+    return stream.__class__.__module__.startswith("ipykernel.")
+
+
+def should_strip_ansi(
+    stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+) -> bool:
+    if color is None:
+        if stream is None:
+            stream = sys.stdin
+        return not isatty(stream) and not _is_jupyter_kernel_output(stream)
+    return not color
+
+
+# On Windows, wrap the output streams with colorama to support ANSI
+# color codes.
+# NOTE: double check is needed so mypy does not analyze this on Linux
+if sys.platform.startswith("win") and WIN:
+    from ._winconsole import _get_windows_console_stream
+
+    def _get_argv_encoding() -> str:
+        import locale
+
+        return locale.getpreferredencoding()
+
+    _ansi_stream_wrappers: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def auto_wrap_for_ansi(  # noqa: F811
+        stream: t.TextIO, color: t.Optional[bool] = None
+    ) -> t.TextIO:
+        """Support ANSI color and style codes on Windows by wrapping a
+        stream with colorama.
+        """
+        try:
+            cached = _ansi_stream_wrappers.get(stream)
+        except Exception:
+            cached = None
+
+        if cached is not None:
+            return cached
+
+        import colorama
+
+        strip = should_strip_ansi(stream, color)
+        ansi_wrapper = colorama.AnsiToWin32(stream, strip=strip)
+        rv = t.cast(t.TextIO, ansi_wrapper.stream)
+        _write = rv.write
+
+        def _safe_write(s):
+            try:
+                return _write(s)
+            except BaseException:
+                ansi_wrapper.reset_all()
+                raise
+
+        rv.write = _safe_write
+
+        try:
+            _ansi_stream_wrappers[stream] = rv
+        except Exception:
+            pass
+
+        return rv
+
+else:
+
+    def _get_argv_encoding() -> str:
+        return getattr(sys.stdin, "encoding", None) or sys.getfilesystemencoding()
+
+    def _get_windows_console_stream(
+        f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+    ) -> t.Optional[t.TextIO]:
+        return None
+
+
+def term_len(x: str) -> int:
+    return len(strip_ansi(x))
+
+
+def isatty(stream: t.IO[t.Any]) -> bool:
+    try:
+        return stream.isatty()
+    except Exception:
+        return False
+
+
+def _make_cached_stream_func(
+    src_func: t.Callable[[], t.Optional[t.TextIO]],
+    wrapper_func: t.Callable[[], t.TextIO],
+) -> t.Callable[[], t.Optional[t.TextIO]]:
+    cache: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def func() -> t.Optional[t.TextIO]:
+        stream = src_func()
+
+        if stream is None:
+            return None
+
+        try:
+            rv = cache.get(stream)
+        except Exception:
+            rv = None
+        if rv is not None:
+            return rv
+        rv = wrapper_func()
+        try:
+            cache[stream] = rv
+        except Exception:
+            pass
+        return rv
+
+    return func
+
+
+_default_text_stdin = _make_cached_stream_func(lambda: sys.stdin, get_text_stdin)
+_default_text_stdout = _make_cached_stream_func(lambda: sys.stdout, get_text_stdout)
+_default_text_stderr = _make_cached_stream_func(lambda: sys.stderr, get_text_stderr)
+
+
+binary_streams: t.Mapping[str, t.Callable[[], t.BinaryIO]] = {
+    "stdin": get_binary_stdin,
+    "stdout": get_binary_stdout,
+    "stderr": get_binary_stderr,
+}
+
+text_streams: t.Mapping[
+    str, t.Callable[[t.Optional[str], t.Optional[str]], t.TextIO]
+] = {
+    "stdin": get_text_stdin,
+    "stdout": get_text_stdout,
+    "stderr": get_text_stderr,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/_termui_impl.py b/lib/go-jinja2/internal/data/darwin-arm64/click/_termui_impl.py
new file mode 100644
index 000000000..f74465775
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/_termui_impl.py
@@ -0,0 +1,739 @@
+"""
+This module contains implementations for the termui module. To keep the
+import time of Click down, some infrequently used functionality is
+placed in this module and only imported as needed.
+"""
+import contextlib
+import math
+import os
+import sys
+import time
+import typing as t
+from gettext import gettext as _
+from io import StringIO
+from types import TracebackType
+
+from ._compat import _default_text_stdout
+from ._compat import CYGWIN
+from ._compat import get_best_encoding
+from ._compat import isatty
+from ._compat import open_stream
+from ._compat import strip_ansi
+from ._compat import term_len
+from ._compat import WIN
+from .exceptions import ClickException
+from .utils import echo
+
+V = t.TypeVar("V")
+
+if os.name == "nt":
+    BEFORE_BAR = "\r"
+    AFTER_BAR = "\n"
+else:
+    BEFORE_BAR = "\r\033[?25l"
+    AFTER_BAR = "\033[?25h\n"
+
+
+class ProgressBar(t.Generic[V]):
+    def __init__(
+        self,
+        iterable: t.Optional[t.Iterable[V]],
+        length: t.Optional[int] = None,
+        fill_char: str = "#",
+        empty_char: str = " ",
+        bar_template: str = "%(bar)s",
+        info_sep: str = "  ",
+        show_eta: bool = True,
+        show_percent: t.Optional[bool] = None,
+        show_pos: bool = False,
+        item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+        label: t.Optional[str] = None,
+        file: t.Optional[t.TextIO] = None,
+        color: t.Optional[bool] = None,
+        update_min_steps: int = 1,
+        width: int = 30,
+    ) -> None:
+        self.fill_char = fill_char
+        self.empty_char = empty_char
+        self.bar_template = bar_template
+        self.info_sep = info_sep
+        self.show_eta = show_eta
+        self.show_percent = show_percent
+        self.show_pos = show_pos
+        self.item_show_func = item_show_func
+        self.label: str = label or ""
+
+        if file is None:
+            file = _default_text_stdout()
+
+            # There are no standard streams attached to write to. For example,
+            # pythonw on Windows.
+            if file is None:
+                file = StringIO()
+
+        self.file = file
+        self.color = color
+        self.update_min_steps = update_min_steps
+        self._completed_intervals = 0
+        self.width: int = width
+        self.autowidth: bool = width == 0
+
+        if length is None:
+            from operator import length_hint
+
+            length = length_hint(iterable, -1)
+
+            if length == -1:
+                length = None
+        if iterable is None:
+            if length is None:
+                raise TypeError("iterable or length is required")
+            iterable = t.cast(t.Iterable[V], range(length))
+        self.iter: t.Iterable[V] = iter(iterable)
+        self.length = length
+        self.pos = 0
+        self.avg: t.List[float] = []
+        self.last_eta: float
+        self.start: float
+        self.start = self.last_eta = time.time()
+        self.eta_known: bool = False
+        self.finished: bool = False
+        self.max_width: t.Optional[int] = None
+        self.entered: bool = False
+        self.current_item: t.Optional[V] = None
+        self.is_hidden: bool = not isatty(self.file)
+        self._last_line: t.Optional[str] = None
+
+    def __enter__(self) -> "ProgressBar[V]":
+        self.entered = True
+        self.render_progress()
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.render_finish()
+
+    def __iter__(self) -> t.Iterator[V]:
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+        self.render_progress()
+        return self.generator()
+
+    def __next__(self) -> V:
+        # Iteration is defined in terms of a generator function,
+        # returned by iter(self); use that to define next(). This works
+        # because `self.iter` is an iterable consumed by that generator,
+        # so it is re-entry safe. Calling `next(self.generator())`
+        # twice works and does "what you want".
+        return next(iter(self))
+
+    def render_finish(self) -> None:
+        if self.is_hidden:
+            return
+        self.file.write(AFTER_BAR)
+        self.file.flush()
+
+    @property
+    def pct(self) -> float:
+        if self.finished:
+            return 1.0
+        return min(self.pos / (float(self.length or 1) or 1), 1.0)
+
+    @property
+    def time_per_iteration(self) -> float:
+        if not self.avg:
+            return 0.0
+        return sum(self.avg) / float(len(self.avg))
+
+    @property
+    def eta(self) -> float:
+        if self.length is not None and not self.finished:
+            return self.time_per_iteration * (self.length - self.pos)
+        return 0.0
+
+    def format_eta(self) -> str:
+        if self.eta_known:
+            t = int(self.eta)
+            seconds = t % 60
+            t //= 60
+            minutes = t % 60
+            t //= 60
+            hours = t % 24
+            t //= 24
+            if t > 0:
+                return f"{t}d {hours:02}:{minutes:02}:{seconds:02}"
+            else:
+                return f"{hours:02}:{minutes:02}:{seconds:02}"
+        return ""
+
+    def format_pos(self) -> str:
+        pos = str(self.pos)
+        if self.length is not None:
+            pos += f"/{self.length}"
+        return pos
+
+    def format_pct(self) -> str:
+        return f"{int(self.pct * 100): 4}%"[1:]
+
+    def format_bar(self) -> str:
+        if self.length is not None:
+            bar_length = int(self.pct * self.width)
+            bar = self.fill_char * bar_length
+            bar += self.empty_char * (self.width - bar_length)
+        elif self.finished:
+            bar = self.fill_char * self.width
+        else:
+            chars = list(self.empty_char * (self.width or 1))
+            if self.time_per_iteration != 0:
+                chars[
+                    int(
+                        (math.cos(self.pos * self.time_per_iteration) / 2.0 + 0.5)
+                        * self.width
+                    )
+                ] = self.fill_char
+            bar = "".join(chars)
+        return bar
+
+    def format_progress_line(self) -> str:
+        show_percent = self.show_percent
+
+        info_bits = []
+        if self.length is not None and show_percent is None:
+            show_percent = not self.show_pos
+
+        if self.show_pos:
+            info_bits.append(self.format_pos())
+        if show_percent:
+            info_bits.append(self.format_pct())
+        if self.show_eta and self.eta_known and not self.finished:
+            info_bits.append(self.format_eta())
+        if self.item_show_func is not None:
+            item_info = self.item_show_func(self.current_item)
+            if item_info is not None:
+                info_bits.append(item_info)
+
+        return (
+            self.bar_template
+            % {
+                "label": self.label,
+                "bar": self.format_bar(),
+                "info": self.info_sep.join(info_bits),
+            }
+        ).rstrip()
+
+    def render_progress(self) -> None:
+        import shutil
+
+        if self.is_hidden:
+            # Only output the label as it changes if the output is not a
+            # TTY. Use file=stderr if you expect to be piping stdout.
+            if self._last_line != self.label:
+                self._last_line = self.label
+                echo(self.label, file=self.file, color=self.color)
+
+            return
+
+        buf = []
+        # Update width in case the terminal has been resized
+        if self.autowidth:
+            old_width = self.width
+            self.width = 0
+            clutter_length = term_len(self.format_progress_line())
+            new_width = max(0, shutil.get_terminal_size().columns - clutter_length)
+            if new_width < old_width:
+                buf.append(BEFORE_BAR)
+                buf.append(" " * self.max_width)  # type: ignore
+                self.max_width = new_width
+            self.width = new_width
+
+        clear_width = self.width
+        if self.max_width is not None:
+            clear_width = self.max_width
+
+        buf.append(BEFORE_BAR)
+        line = self.format_progress_line()
+        line_len = term_len(line)
+        if self.max_width is None or self.max_width < line_len:
+            self.max_width = line_len
+
+        buf.append(line)
+        buf.append(" " * (clear_width - line_len))
+        line = "".join(buf)
+        # Render the line only if it changed.
+
+        if line != self._last_line:
+            self._last_line = line
+            echo(line, file=self.file, color=self.color, nl=False)
+            self.file.flush()
+
+    def make_step(self, n_steps: int) -> None:
+        self.pos += n_steps
+        if self.length is not None and self.pos >= self.length:
+            self.finished = True
+
+        if (time.time() - self.last_eta) < 1.0:
+            return
+
+        self.last_eta = time.time()
+
+        # self.avg is a rolling list of length <= 7 of steps where steps are
+        # defined as time elapsed divided by the total progress through
+        # self.length.
+        if self.pos:
+            step = (time.time() - self.start) / self.pos
+        else:
+            step = time.time() - self.start
+
+        self.avg = self.avg[-6:] + [step]
+
+        self.eta_known = self.length is not None
+
+    def update(self, n_steps: int, current_item: t.Optional[V] = None) -> None:
+        """Update the progress bar by advancing a specified number of
+        steps, and optionally set the ``current_item`` for this new
+        position.
+
+        :param n_steps: Number of steps to advance.
+        :param current_item: Optional item to set as ``current_item``
+            for the updated position.
+
+        .. versionchanged:: 8.0
+            Added the ``current_item`` optional parameter.
+
+        .. versionchanged:: 8.0
+            Only render when the number of steps meets the
+            ``update_min_steps`` threshold.
+        """
+        if current_item is not None:
+            self.current_item = current_item
+
+        self._completed_intervals += n_steps
+
+        if self._completed_intervals >= self.update_min_steps:
+            self.make_step(self._completed_intervals)
+            self.render_progress()
+            self._completed_intervals = 0
+
+    def finish(self) -> None:
+        self.eta_known = False
+        self.current_item = None
+        self.finished = True
+
+    def generator(self) -> t.Iterator[V]:
+        """Return a generator which yields the items added to the bar
+        during construction, and updates the progress bar *after* the
+        yielded block returns.
+        """
+        # WARNING: the iterator interface for `ProgressBar` relies on
+        # this and only works because this is a simple generator which
+        # doesn't create or manage additional state. If this function
+        # changes, the impact should be evaluated both against
+        # `iter(bar)` and `next(bar)`. `next()` in particular may call
+        # `self.generator()` repeatedly, and this must remain safe in
+        # order for that interface to work.
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+
+        if self.is_hidden:
+            yield from self.iter
+        else:
+            for rv in self.iter:
+                self.current_item = rv
+
+                # This allows show_item_func to be updated before the
+                # item is processed. Only trigger at the beginning of
+                # the update interval.
+                if self._completed_intervals == 0:
+                    self.render_progress()
+
+                yield rv
+                self.update(1)
+
+            self.finish()
+            self.render_progress()
+
+
+def pager(generator: t.Iterable[str], color: t.Optional[bool] = None) -> None:
+    """Decide what method to use for paging through text."""
+    stdout = _default_text_stdout()
+
+    # There are no standard streams attached to write to. For example,
+    # pythonw on Windows.
+    if stdout is None:
+        stdout = StringIO()
+
+    if not isatty(sys.stdin) or not isatty(stdout):
+        return _nullpager(stdout, generator, color)
+    pager_cmd = (os.environ.get("PAGER", None) or "").strip()
+    if pager_cmd:
+        if WIN:
+            return _tempfilepager(generator, pager_cmd, color)
+        return _pipepager(generator, pager_cmd, color)
+    if os.environ.get("TERM") in ("dumb", "emacs"):
+        return _nullpager(stdout, generator, color)
+    if WIN or sys.platform.startswith("os2"):
+        return _tempfilepager(generator, "more <", color)
+    if hasattr(os, "system") and os.system("(less) 2>/dev/null") == 0:
+        return _pipepager(generator, "less", color)
+
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    os.close(fd)
+    try:
+        if hasattr(os, "system") and os.system(f'more "{filename}"') == 0:
+            return _pipepager(generator, "more", color)
+        return _nullpager(stdout, generator, color)
+    finally:
+        os.unlink(filename)
+
+
+def _pipepager(generator: t.Iterable[str], cmd: str, color: t.Optional[bool]) -> None:
+    """Page through text by feeding it to another program.  Invoking a
+    pager through this might support colors.
+    """
+    import subprocess
+
+    env = dict(os.environ)
+
+    # If we're piping to less we might support colors under the
+    # condition that
+    cmd_detail = cmd.rsplit("/", 1)[-1].split()
+    if color is None and cmd_detail[0] == "less":
+        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_detail[1:])}"
+        if not less_flags:
+            env["LESS"] = "-R"
+            color = True
+        elif "r" in less_flags or "R" in less_flags:
+            color = True
+
+    c = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, env=env)
+    stdin = t.cast(t.BinaryIO, c.stdin)
+    encoding = get_best_encoding(stdin)
+    try:
+        for text in generator:
+            if not color:
+                text = strip_ansi(text)
+
+            stdin.write(text.encode(encoding, "replace"))
+    except (OSError, KeyboardInterrupt):
+        pass
+    else:
+        stdin.close()
+
+    # Less doesn't respect ^C, but catches it for its own UI purposes (aborting
+    # search or other commands inside less).
+    #
+    # That means when the user hits ^C, the parent process (click) terminates,
+    # but less is still alive, paging the output and messing up the terminal.
+    #
+    # If the user wants to make the pager exit on ^C, they should set
+    # `LESS='-K'`. It's not our decision to make.
+    while True:
+        try:
+            c.wait()
+        except KeyboardInterrupt:
+            pass
+        else:
+            break
+
+
+def _tempfilepager(
+    generator: t.Iterable[str], cmd: str, color: t.Optional[bool]
+) -> None:
+    """Page through text by invoking a program on a temporary file."""
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    # TODO: This never terminates if the passed generator never terminates.
+    text = "".join(generator)
+    if not color:
+        text = strip_ansi(text)
+    encoding = get_best_encoding(sys.stdout)
+    with open_stream(filename, "wb")[0] as f:
+        f.write(text.encode(encoding))
+    try:
+        os.system(f'{cmd} "{filename}"')
+    finally:
+        os.close(fd)
+        os.unlink(filename)
+
+
+def _nullpager(
+    stream: t.TextIO, generator: t.Iterable[str], color: t.Optional[bool]
+) -> None:
+    """Simply print unformatted text.  This is the ultimate fallback."""
+    for text in generator:
+        if not color:
+            text = strip_ansi(text)
+        stream.write(text)
+
+
+class Editor:
+    def __init__(
+        self,
+        editor: t.Optional[str] = None,
+        env: t.Optional[t.Mapping[str, str]] = None,
+        require_save: bool = True,
+        extension: str = ".txt",
+    ) -> None:
+        self.editor = editor
+        self.env = env
+        self.require_save = require_save
+        self.extension = extension
+
+    def get_editor(self) -> str:
+        if self.editor is not None:
+            return self.editor
+        for key in "VISUAL", "EDITOR":
+            rv = os.environ.get(key)
+            if rv:
+                return rv
+        if WIN:
+            return "notepad"
+        for editor in "sensible-editor", "vim", "nano":
+            if os.system(f"which {editor} >/dev/null 2>&1") == 0:
+                return editor
+        return "vi"
+
+    def edit_file(self, filename: str) -> None:
+        import subprocess
+
+        editor = self.get_editor()
+        environ: t.Optional[t.Dict[str, str]] = None
+
+        if self.env:
+            environ = os.environ.copy()
+            environ.update(self.env)
+
+        try:
+            c = subprocess.Popen(f'{editor} "{filename}"', env=environ, shell=True)
+            exit_code = c.wait()
+            if exit_code != 0:
+                raise ClickException(
+                    _("{editor}: Editing failed").format(editor=editor)
+                )
+        except OSError as e:
+            raise ClickException(
+                _("{editor}: Editing failed: {e}").format(editor=editor, e=e)
+            ) from e
+
+    def edit(self, text: t.Optional[t.AnyStr]) -> t.Optional[t.AnyStr]:
+        import tempfile
+
+        if not text:
+            data = b""
+        elif isinstance(text, (bytes, bytearray)):
+            data = text
+        else:
+            if text and not text.endswith("\n"):
+                text += "\n"
+
+            if WIN:
+                data = text.replace("\n", "\r\n").encode("utf-8-sig")
+            else:
+                data = text.encode("utf-8")
+
+        fd, name = tempfile.mkstemp(prefix="editor-", suffix=self.extension)
+        f: t.BinaryIO
+
+        try:
+            with os.fdopen(fd, "wb") as f:
+                f.write(data)
+
+            # If the filesystem resolution is 1 second, like Mac OS
+            # 10.12 Extended, or 2 seconds, like FAT32, and the editor
+            # closes very fast, require_save can fail. Set the modified
+            # time to be 2 seconds in the past to work around this.
+            os.utime(name, (os.path.getatime(name), os.path.getmtime(name) - 2))
+            # Depending on the resolution, the exact value might not be
+            # recorded, so get the new recorded value.
+            timestamp = os.path.getmtime(name)
+
+            self.edit_file(name)
+
+            if self.require_save and os.path.getmtime(name) == timestamp:
+                return None
+
+            with open(name, "rb") as f:
+                rv = f.read()
+
+            if isinstance(text, (bytes, bytearray)):
+                return rv
+
+            return rv.decode("utf-8-sig").replace("\r\n", "\n")  # type: ignore
+        finally:
+            os.unlink(name)
+
+
+def open_url(url: str, wait: bool = False, locate: bool = False) -> int:
+    import subprocess
+
+    def _unquote_file(url: str) -> str:
+        from urllib.parse import unquote
+
+        if url.startswith("file://"):
+            url = unquote(url[7:])
+
+        return url
+
+    if sys.platform == "darwin":
+        args = ["open"]
+        if wait:
+            args.append("-W")
+        if locate:
+            args.append("-R")
+        args.append(_unquote_file(url))
+        null = open("/dev/null", "w")
+        try:
+            return subprocess.Popen(args, stderr=null).wait()
+        finally:
+            null.close()
+    elif WIN:
+        if locate:
+            url = _unquote_file(url.replace('"', ""))
+            args = f'explorer /select,"{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "/WAIT" if wait else ""
+            args = f'start {wait_str} "" "{url}"'
+        return os.system(args)
+    elif CYGWIN:
+        if locate:
+            url = os.path.dirname(_unquote_file(url).replace('"', ""))
+            args = f'cygstart "{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "-w" if wait else ""
+            args = f'cygstart {wait_str} "{url}"'
+        return os.system(args)
+
+    try:
+        if locate:
+            url = os.path.dirname(_unquote_file(url)) or "."
+        else:
+            url = _unquote_file(url)
+        c = subprocess.Popen(["xdg-open", url])
+        if wait:
+            return c.wait()
+        return 0
+    except OSError:
+        if url.startswith(("http://", "https://")) and not locate and not wait:
+            import webbrowser
+
+            webbrowser.open(url)
+            return 0
+        return 1
+
+
+def _translate_ch_to_exc(ch: str) -> t.Optional[BaseException]:
+    if ch == "\x03":
+        raise KeyboardInterrupt()
+
+    if ch == "\x04" and not WIN:  # Unix-like, Ctrl+D
+        raise EOFError()
+
+    if ch == "\x1a" and WIN:  # Windows, Ctrl+Z
+        raise EOFError()
+
+    return None
+
+
+if WIN:
+    import msvcrt
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        yield -1
+
+    def getchar(echo: bool) -> str:
+        # The function `getch` will return a bytes object corresponding to
+        # the pressed character. Since Windows 10 build 1803, it will also
+        # return \x00 when called a second time after pressing a regular key.
+        #
+        # `getwch` does not share this probably-bugged behavior. Moreover, it
+        # returns a Unicode object by default, which is what we want.
+        #
+        # Either of these functions will return \x00 or \xe0 to indicate
+        # a special key, and you need to call the same function again to get
+        # the "rest" of the code. The fun part is that \u00e0 is
+        # "latin small letter a with grave", so if you type that on a French
+        # keyboard, you _also_ get a \xe0.
+        # E.g., consider the Up arrow. This returns \xe0 and then \x48. The
+        # resulting Unicode string reads as "a with grave" + "capital H".
+        # This is indistinguishable from when the user actually types
+        # "a with grave" and then "capital H".
+        #
+        # When \xe0 is returned, we assume it's part of a special-key sequence
+        # and call `getwch` again, but that means that when the user types
+        # the \u00e0 character, `getchar` doesn't return until a second
+        # character is typed.
+        # The alternative is returning immediately, but that would mess up
+        # cross-platform handling of arrow keys and others that start with
+        # \xe0. Another option is using `getch`, but then we can't reliably
+        # read non-ASCII characters, because return values of `getch` are
+        # limited to the current 8-bit codepage.
+        #
+        # Anyway, Click doesn't claim to do this Right(tm), and using `getwch`
+        # is doing the right thing in more situations than with `getch`.
+        func: t.Callable[[], str]
+
+        if echo:
+            func = msvcrt.getwche  # type: ignore
+        else:
+            func = msvcrt.getwch  # type: ignore
+
+        rv = func()
+
+        if rv in ("\x00", "\xe0"):
+            # \x00 and \xe0 are control characters that indicate special key,
+            # see above.
+            rv += func()
+
+        _translate_ch_to_exc(rv)
+        return rv
+
+else:
+    import tty
+    import termios
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        f: t.Optional[t.TextIO]
+        fd: int
+
+        if not isatty(sys.stdin):
+            f = open("/dev/tty")
+            fd = f.fileno()
+        else:
+            fd = sys.stdin.fileno()
+            f = None
+
+        try:
+            old_settings = termios.tcgetattr(fd)
+
+            try:
+                tty.setraw(fd)
+                yield fd
+            finally:
+                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                sys.stdout.flush()
+
+                if f is not None:
+                    f.close()
+        except termios.error:
+            pass
+
+    def getchar(echo: bool) -> str:
+        with raw_terminal() as fd:
+            ch = os.read(fd, 32).decode(get_best_encoding(sys.stdin), "replace")
+
+            if echo and isatty(sys.stdout):
+                sys.stdout.write(ch)
+
+            _translate_ch_to_exc(ch)
+            return ch
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/_textwrap.py b/lib/go-jinja2/internal/data/darwin-arm64/click/_textwrap.py
new file mode 100644
index 000000000..b47dcbd42
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/_textwrap.py
@@ -0,0 +1,49 @@
+import textwrap
+import typing as t
+from contextlib import contextmanager
+
+
+class TextWrapper(textwrap.TextWrapper):
+    def _handle_long_word(
+        self,
+        reversed_chunks: t.List[str],
+        cur_line: t.List[str],
+        cur_len: int,
+        width: int,
+    ) -> None:
+        space_left = max(width - cur_len, 1)
+
+        if self.break_long_words:
+            last = reversed_chunks[-1]
+            cut = last[:space_left]
+            res = last[space_left:]
+            cur_line.append(cut)
+            reversed_chunks[-1] = res
+        elif not cur_line:
+            cur_line.append(reversed_chunks.pop())
+
+    @contextmanager
+    def extra_indent(self, indent: str) -> t.Iterator[None]:
+        old_initial_indent = self.initial_indent
+        old_subsequent_indent = self.subsequent_indent
+        self.initial_indent += indent
+        self.subsequent_indent += indent
+
+        try:
+            yield
+        finally:
+            self.initial_indent = old_initial_indent
+            self.subsequent_indent = old_subsequent_indent
+
+    def indent_only(self, text: str) -> str:
+        rv = []
+
+        for idx, line in enumerate(text.splitlines()):
+            indent = self.initial_indent
+
+            if idx > 0:
+                indent = self.subsequent_indent
+
+            rv.append(f"{indent}{line}")
+
+        return "\n".join(rv)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/_winconsole.py b/lib/go-jinja2/internal/data/darwin-arm64/click/_winconsole.py
new file mode 100644
index 000000000..6b20df315
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/_winconsole.py
@@ -0,0 +1,279 @@
+# This module is based on the excellent work by Adam Bartoš who
+# provided a lot of what went into the implementation here in
+# the discussion to issue1602 in the Python bug tracker.
+#
+# There are some general differences in regards to how this works
+# compared to the original patches as we do not need to patch
+# the entire interpreter but just work in our little world of
+# echo and prompt.
+import io
+import sys
+import time
+import typing as t
+from ctypes import byref
+from ctypes import c_char
+from ctypes import c_char_p
+from ctypes import c_int
+from ctypes import c_ssize_t
+from ctypes import c_ulong
+from ctypes import c_void_p
+from ctypes import POINTER
+from ctypes import py_object
+from ctypes import Structure
+from ctypes.wintypes import DWORD
+from ctypes.wintypes import HANDLE
+from ctypes.wintypes import LPCWSTR
+from ctypes.wintypes import LPWSTR
+
+from ._compat import _NonClosingTextIOWrapper
+
+assert sys.platform == "win32"
+import msvcrt  # noqa: E402
+from ctypes import windll  # noqa: E402
+from ctypes import WINFUNCTYPE  # noqa: E402
+
+c_ssize_p = POINTER(c_ssize_t)
+
+kernel32 = windll.kernel32
+GetStdHandle = kernel32.GetStdHandle
+ReadConsoleW = kernel32.ReadConsoleW
+WriteConsoleW = kernel32.WriteConsoleW
+GetConsoleMode = kernel32.GetConsoleMode
+GetLastError = kernel32.GetLastError
+GetCommandLineW = WINFUNCTYPE(LPWSTR)(("GetCommandLineW", windll.kernel32))
+CommandLineToArgvW = WINFUNCTYPE(POINTER(LPWSTR), LPCWSTR, POINTER(c_int))(
+    ("CommandLineToArgvW", windll.shell32)
+)
+LocalFree = WINFUNCTYPE(c_void_p, c_void_p)(("LocalFree", windll.kernel32))
+
+STDIN_HANDLE = GetStdHandle(-10)
+STDOUT_HANDLE = GetStdHandle(-11)
+STDERR_HANDLE = GetStdHandle(-12)
+
+PyBUF_SIMPLE = 0
+PyBUF_WRITABLE = 1
+
+ERROR_SUCCESS = 0
+ERROR_NOT_ENOUGH_MEMORY = 8
+ERROR_OPERATION_ABORTED = 995
+
+STDIN_FILENO = 0
+STDOUT_FILENO = 1
+STDERR_FILENO = 2
+
+EOF = b"\x1a"
+MAX_BYTES_WRITTEN = 32767
+
+try:
+    from ctypes import pythonapi
+except ImportError:
+    # On PyPy we cannot get buffers so our ability to operate here is
+    # severely limited.
+    get_buffer = None
+else:
+
+    class Py_buffer(Structure):
+        _fields_ = [
+            ("buf", c_void_p),
+            ("obj", py_object),
+            ("len", c_ssize_t),
+            ("itemsize", c_ssize_t),
+            ("readonly", c_int),
+            ("ndim", c_int),
+            ("format", c_char_p),
+            ("shape", c_ssize_p),
+            ("strides", c_ssize_p),
+            ("suboffsets", c_ssize_p),
+            ("internal", c_void_p),
+        ]
+
+    PyObject_GetBuffer = pythonapi.PyObject_GetBuffer
+    PyBuffer_Release = pythonapi.PyBuffer_Release
+
+    def get_buffer(obj, writable=False):
+        buf = Py_buffer()
+        flags = PyBUF_WRITABLE if writable else PyBUF_SIMPLE
+        PyObject_GetBuffer(py_object(obj), byref(buf), flags)
+
+        try:
+            buffer_type = c_char * buf.len
+            return buffer_type.from_address(buf.buf)
+        finally:
+            PyBuffer_Release(byref(buf))
+
+
+class _WindowsConsoleRawIOBase(io.RawIOBase):
+    def __init__(self, handle):
+        self.handle = handle
+
+    def isatty(self):
+        super().isatty()
+        return True
+
+
+class _WindowsConsoleReader(_WindowsConsoleRawIOBase):
+    def readable(self):
+        return True
+
+    def readinto(self, b):
+        bytes_to_be_read = len(b)
+        if not bytes_to_be_read:
+            return 0
+        elif bytes_to_be_read % 2:
+            raise ValueError(
+                "cannot read odd number of bytes from UTF-16-LE encoded console"
+            )
+
+        buffer = get_buffer(b, writable=True)
+        code_units_to_be_read = bytes_to_be_read // 2
+        code_units_read = c_ulong()
+
+        rv = ReadConsoleW(
+            HANDLE(self.handle),
+            buffer,
+            code_units_to_be_read,
+            byref(code_units_read),
+            None,
+        )
+        if GetLastError() == ERROR_OPERATION_ABORTED:
+            # wait for KeyboardInterrupt
+            time.sleep(0.1)
+        if not rv:
+            raise OSError(f"Windows error: {GetLastError()}")
+
+        if buffer[0] == EOF:
+            return 0
+        return 2 * code_units_read.value
+
+
+class _WindowsConsoleWriter(_WindowsConsoleRawIOBase):
+    def writable(self):
+        return True
+
+    @staticmethod
+    def _get_error_message(errno):
+        if errno == ERROR_SUCCESS:
+            return "ERROR_SUCCESS"
+        elif errno == ERROR_NOT_ENOUGH_MEMORY:
+            return "ERROR_NOT_ENOUGH_MEMORY"
+        return f"Windows error {errno}"
+
+    def write(self, b):
+        bytes_to_be_written = len(b)
+        buf = get_buffer(b)
+        code_units_to_be_written = min(bytes_to_be_written, MAX_BYTES_WRITTEN) // 2
+        code_units_written = c_ulong()
+
+        WriteConsoleW(
+            HANDLE(self.handle),
+            buf,
+            code_units_to_be_written,
+            byref(code_units_written),
+            None,
+        )
+        bytes_written = 2 * code_units_written.value
+
+        if bytes_written == 0 and bytes_to_be_written > 0:
+            raise OSError(self._get_error_message(GetLastError()))
+        return bytes_written
+
+
+class ConsoleStream:
+    def __init__(self, text_stream: t.TextIO, byte_stream: t.BinaryIO) -> None:
+        self._text_stream = text_stream
+        self.buffer = byte_stream
+
+    @property
+    def name(self) -> str:
+        return self.buffer.name
+
+    def write(self, x: t.AnyStr) -> int:
+        if isinstance(x, str):
+            return self._text_stream.write(x)
+        try:
+            self.flush()
+        except Exception:
+            pass
+        return self.buffer.write(x)
+
+    def writelines(self, lines: t.Iterable[t.AnyStr]) -> None:
+        for line in lines:
+            self.write(line)
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._text_stream, name)
+
+    def isatty(self) -> bool:
+        return self.buffer.isatty()
+
+    def __repr__(self):
+        return f"<ConsoleStream name={self.name!r} encoding={self.encoding!r}>"
+
+
+def _get_text_stdin(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedReader(_WindowsConsoleReader(STDIN_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stdout(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDOUT_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stderr(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDERR_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+_stream_factories: t.Mapping[int, t.Callable[[t.BinaryIO], t.TextIO]] = {
+    0: _get_text_stdin,
+    1: _get_text_stdout,
+    2: _get_text_stderr,
+}
+
+
+def _is_console(f: t.TextIO) -> bool:
+    if not hasattr(f, "fileno"):
+        return False
+
+    try:
+        fileno = f.fileno()
+    except (OSError, io.UnsupportedOperation):
+        return False
+
+    handle = msvcrt.get_osfhandle(fileno)
+    return bool(GetConsoleMode(handle, byref(DWORD())))
+
+
+def _get_windows_console_stream(
+    f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> t.Optional[t.TextIO]:
+    if (
+        get_buffer is not None
+        and encoding in {"utf-16-le", None}
+        and errors in {"strict", None}
+        and _is_console(f)
+    ):
+        func = _stream_factories.get(f.fileno())
+        if func is not None:
+            b = getattr(f, "buffer", None)
+
+            if b is None:
+                return None
+
+            return func(b)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/core.py b/lib/go-jinja2/internal/data/darwin-arm64/click/core.py
new file mode 100644
index 000000000..cc65e896b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/core.py
@@ -0,0 +1,3042 @@
+import enum
+import errno
+import inspect
+import os
+import sys
+import typing as t
+from collections import abc
+from contextlib import contextmanager
+from contextlib import ExitStack
+from functools import update_wrapper
+from gettext import gettext as _
+from gettext import ngettext
+from itertools import repeat
+from types import TracebackType
+
+from . import types
+from .exceptions import Abort
+from .exceptions import BadParameter
+from .exceptions import ClickException
+from .exceptions import Exit
+from .exceptions import MissingParameter
+from .exceptions import UsageError
+from .formatting import HelpFormatter
+from .formatting import join_options
+from .globals import pop_context
+from .globals import push_context
+from .parser import _flag_needs_value
+from .parser import OptionParser
+from .parser import split_opt
+from .termui import confirm
+from .termui import prompt
+from .termui import style
+from .utils import _detect_program_name
+from .utils import _expand_args
+from .utils import echo
+from .utils import make_default_short_help
+from .utils import make_str
+from .utils import PacifyFlushWrapper
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .shell_completion import CompletionItem
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+V = t.TypeVar("V")
+
+
+def _complete_visible_commands(
+    ctx: "Context", incomplete: str
+) -> t.Iterator[t.Tuple[str, "Command"]]:
+    """List all the subcommands of a group that start with the
+    incomplete value and aren't hidden.
+
+    :param ctx: Invocation context for the group.
+    :param incomplete: Value being completed. May be empty.
+    """
+    multi = t.cast(MultiCommand, ctx.command)
+
+    for name in multi.list_commands(ctx):
+        if name.startswith(incomplete):
+            command = multi.get_command(ctx, name)
+
+            if command is not None and not command.hidden:
+                yield name, command
+
+
+def _check_multicommand(
+    base_command: "MultiCommand", cmd_name: str, cmd: "Command", register: bool = False
+) -> None:
+    if not base_command.chain or not isinstance(cmd, MultiCommand):
+        return
+    if register:
+        hint = (
+            "It is not possible to add multi commands as children to"
+            " another multi command that is in chain mode."
+        )
+    else:
+        hint = (
+            "Found a multi command as subcommand to a multi command"
+            " that is in chain mode. This is not supported."
+        )
+    raise RuntimeError(
+        f"{hint}. Command {base_command.name!r} is set to chain and"
+        f" {cmd_name!r} was added as a subcommand but it in itself is a"
+        f" multi command. ({cmd_name!r} is a {type(cmd).__name__}"
+        f" within a chained {type(base_command).__name__} named"
+        f" {base_command.name!r})."
+    )
+
+
+def batch(iterable: t.Iterable[V], batch_size: int) -> t.List[t.Tuple[V, ...]]:
+    return list(zip(*repeat(iter(iterable), batch_size)))
+
+
+@contextmanager
+def augment_usage_errors(
+    ctx: "Context", param: t.Optional["Parameter"] = None
+) -> t.Iterator[None]:
+    """Context manager that attaches extra information to exceptions."""
+    try:
+        yield
+    except BadParameter as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        if param is not None and e.param is None:
+            e.param = param
+        raise
+    except UsageError as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        raise
+
+
+def iter_params_for_processing(
+    invocation_order: t.Sequence["Parameter"],
+    declaration_order: t.Sequence["Parameter"],
+) -> t.List["Parameter"]:
+    """Given a sequence of parameters in the order as should be considered
+    for processing and an iterable of parameters that exist, this returns
+    a list in the correct order as they should be processed.
+    """
+
+    def sort_key(item: "Parameter") -> t.Tuple[bool, float]:
+        try:
+            idx: float = invocation_order.index(item)
+        except ValueError:
+            idx = float("inf")
+
+        return not item.is_eager, idx
+
+    return sorted(declaration_order, key=sort_key)
+
+
+class ParameterSource(enum.Enum):
+    """This is an :class:`~enum.Enum` that indicates the source of a
+    parameter's value.
+
+    Use :meth:`click.Context.get_parameter_source` to get the
+    source for a parameter by name.
+
+    .. versionchanged:: 8.0
+        Use :class:`~enum.Enum` and drop the ``validate`` method.
+
+    .. versionchanged:: 8.0
+        Added the ``PROMPT`` value.
+    """
+
+    COMMANDLINE = enum.auto()
+    """The value was provided by the command line args."""
+    ENVIRONMENT = enum.auto()
+    """The value was provided with an environment variable."""
+    DEFAULT = enum.auto()
+    """Used the default specified by the parameter."""
+    DEFAULT_MAP = enum.auto()
+    """Used a default provided by :attr:`Context.default_map`."""
+    PROMPT = enum.auto()
+    """Used a prompt to confirm a default or provide a value."""
+
+
+class Context:
+    """The context is a special internal object that holds state relevant
+    for the script execution at every single level.  It's normally invisible
+    to commands unless they opt-in to getting access to it.
+
+    The context is useful as it can pass internal objects around and can
+    control special execution features such as reading data from
+    environment variables.
+
+    A context can be used as context manager in which case it will call
+    :meth:`close` on teardown.
+
+    :param command: the command class for this context.
+    :param parent: the parent context.
+    :param info_name: the info name for this invocation.  Generally this
+                      is the most descriptive name for the script or
+                      command.  For the toplevel script it is usually
+                      the name of the script, for commands below it it's
+                      the name of the script.
+    :param obj: an arbitrary object of user data.
+    :param auto_envvar_prefix: the prefix to use for automatic environment
+                               variables.  If this is `None` then reading
+                               from environment variables is disabled.  This
+                               does not affect manually set environment
+                               variables which are always read.
+    :param default_map: a dictionary (like object) with default values
+                        for parameters.
+    :param terminal_width: the width of the terminal.  The default is
+                           inherit from parent context.  If no context
+                           defines the terminal width then auto
+                           detection will be applied.
+    :param max_content_width: the maximum width for content rendered by
+                              Click (this currently only affects help
+                              pages).  This defaults to 80 characters if
+                              not overridden.  In other words: even if the
+                              terminal is larger than that, Click will not
+                              format things wider than 80 characters by
+                              default.  In addition to that, formatters might
+                              add some safety mapping on the right.
+    :param resilient_parsing: if this flag is enabled then Click will
+                              parse without any interactivity or callback
+                              invocation.  Default values will also be
+                              ignored.  This is useful for implementing
+                              things such as completion support.
+    :param allow_extra_args: if this is set to `True` then extra arguments
+                             at the end will not raise an error and will be
+                             kept on the context.  The default is to inherit
+                             from the command.
+    :param allow_interspersed_args: if this is set to `False` then options
+                                    and arguments cannot be mixed.  The
+                                    default is to inherit from the command.
+    :param ignore_unknown_options: instructs click to ignore options it does
+                                   not know and keeps them for later
+                                   processing.
+    :param help_option_names: optionally a list of strings that define how
+                              the default help parameter is named.  The
+                              default is ``['--help']``.
+    :param token_normalize_func: an optional function that is used to
+                                 normalize tokens (options, choices,
+                                 etc.).  This for instance can be used to
+                                 implement case insensitive behavior.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are used in texts that Click prints which is by
+                  default not the case.  This for instance would affect
+                  help output.
+    :param show_default: Show the default value for commands. If this
+        value is not set, it defaults to the value from the parent
+        context. ``Command.show_default`` overrides this default for the
+        specific command.
+
+    .. versionchanged:: 8.1
+        The ``show_default`` parameter is overridden by
+        ``Command.show_default``, instead of the other way around.
+
+    .. versionchanged:: 8.0
+        The ``show_default`` parameter defaults to the value from the
+        parent context.
+
+    .. versionchanged:: 7.1
+       Added the ``show_default`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color``, ``ignore_unknown_options``, and
+        ``max_content_width`` parameters.
+
+    .. versionchanged:: 3.0
+        Added the ``allow_extra_args`` and ``allow_interspersed_args``
+        parameters.
+
+    .. versionchanged:: 2.0
+        Added the ``resilient_parsing``, ``help_option_names``, and
+        ``token_normalize_func`` parameters.
+    """
+
+    #: The formatter class to create with :meth:`make_formatter`.
+    #:
+    #: .. versionadded:: 8.0
+    formatter_class: t.Type["HelpFormatter"] = HelpFormatter
+
+    def __init__(
+        self,
+        command: "Command",
+        parent: t.Optional["Context"] = None,
+        info_name: t.Optional[str] = None,
+        obj: t.Optional[t.Any] = None,
+        auto_envvar_prefix: t.Optional[str] = None,
+        default_map: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        terminal_width: t.Optional[int] = None,
+        max_content_width: t.Optional[int] = None,
+        resilient_parsing: bool = False,
+        allow_extra_args: t.Optional[bool] = None,
+        allow_interspersed_args: t.Optional[bool] = None,
+        ignore_unknown_options: t.Optional[bool] = None,
+        help_option_names: t.Optional[t.List[str]] = None,
+        token_normalize_func: t.Optional[t.Callable[[str], str]] = None,
+        color: t.Optional[bool] = None,
+        show_default: t.Optional[bool] = None,
+    ) -> None:
+        #: the parent context or `None` if none exists.
+        self.parent = parent
+        #: the :class:`Command` for this context.
+        self.command = command
+        #: the descriptive information name
+        self.info_name = info_name
+        #: Map of parameter names to their parsed values. Parameters
+        #: with ``expose_value=False`` are not stored.
+        self.params: t.Dict[str, t.Any] = {}
+        #: the leftover arguments.
+        self.args: t.List[str] = []
+        #: protected arguments.  These are arguments that are prepended
+        #: to `args` when certain parsing scenarios are encountered but
+        #: must be never propagated to another arguments.  This is used
+        #: to implement nested parsing.
+        self.protected_args: t.List[str] = []
+        #: the collected prefixes of the command's options.
+        self._opt_prefixes: t.Set[str] = set(parent._opt_prefixes) if parent else set()
+
+        if obj is None and parent is not None:
+            obj = parent.obj
+
+        #: the user object stored.
+        self.obj: t.Any = obj
+        self._meta: t.Dict[str, t.Any] = getattr(parent, "meta", {})
+
+        #: A dictionary (-like object) with defaults for parameters.
+        if (
+            default_map is None
+            and info_name is not None
+            and parent is not None
+            and parent.default_map is not None
+        ):
+            default_map = parent.default_map.get(info_name)
+
+        self.default_map: t.Optional[t.MutableMapping[str, t.Any]] = default_map
+
+        #: This flag indicates if a subcommand is going to be executed. A
+        #: group callback can use this information to figure out if it's
+        #: being executed directly or because the execution flow passes
+        #: onwards to a subcommand. By default it's None, but it can be
+        #: the name of the subcommand to execute.
+        #:
+        #: If chaining is enabled this will be set to ``'*'`` in case
+        #: any commands are executed.  It is however not possible to
+        #: figure out which ones.  If you require this knowledge you
+        #: should use a :func:`result_callback`.
+        self.invoked_subcommand: t.Optional[str] = None
+
+        if terminal_width is None and parent is not None:
+            terminal_width = parent.terminal_width
+
+        #: The width of the terminal (None is autodetection).
+        self.terminal_width: t.Optional[int] = terminal_width
+
+        if max_content_width is None and parent is not None:
+            max_content_width = parent.max_content_width
+
+        #: The maximum width of formatted content (None implies a sensible
+        #: default which is 80 for most things).
+        self.max_content_width: t.Optional[int] = max_content_width
+
+        if allow_extra_args is None:
+            allow_extra_args = command.allow_extra_args
+
+        #: Indicates if the context allows extra args or if it should
+        #: fail on parsing.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_extra_args = allow_extra_args
+
+        if allow_interspersed_args is None:
+            allow_interspersed_args = command.allow_interspersed_args
+
+        #: Indicates if the context allows mixing of arguments and
+        #: options or not.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_interspersed_args: bool = allow_interspersed_args
+
+        if ignore_unknown_options is None:
+            ignore_unknown_options = command.ignore_unknown_options
+
+        #: Instructs click to ignore options that a command does not
+        #: understand and will store it on the context for later
+        #: processing.  This is primarily useful for situations where you
+        #: want to call into external programs.  Generally this pattern is
+        #: strongly discouraged because it's not possibly to losslessly
+        #: forward all arguments.
+        #:
+        #: .. versionadded:: 4.0
+        self.ignore_unknown_options: bool = ignore_unknown_options
+
+        if help_option_names is None:
+            if parent is not None:
+                help_option_names = parent.help_option_names
+            else:
+                help_option_names = ["--help"]
+
+        #: The names for the help options.
+        self.help_option_names: t.List[str] = help_option_names
+
+        if token_normalize_func is None and parent is not None:
+            token_normalize_func = parent.token_normalize_func
+
+        #: An optional normalization function for tokens.  This is
+        #: options, choices, commands etc.
+        self.token_normalize_func: t.Optional[
+            t.Callable[[str], str]
+        ] = token_normalize_func
+
+        #: Indicates if resilient parsing is enabled.  In that case Click
+        #: will do its best to not cause any failures and default values
+        #: will be ignored. Useful for completion.
+        self.resilient_parsing: bool = resilient_parsing
+
+        # If there is no envvar prefix yet, but the parent has one and
+        # the command on this level has a name, we can expand the envvar
+        # prefix automatically.
+        if auto_envvar_prefix is None:
+            if (
+                parent is not None
+                and parent.auto_envvar_prefix is not None
+                and self.info_name is not None
+            ):
+                auto_envvar_prefix = (
+                    f"{parent.auto_envvar_prefix}_{self.info_name.upper()}"
+                )
+        else:
+            auto_envvar_prefix = auto_envvar_prefix.upper()
+
+        if auto_envvar_prefix is not None:
+            auto_envvar_prefix = auto_envvar_prefix.replace("-", "_")
+
+        self.auto_envvar_prefix: t.Optional[str] = auto_envvar_prefix
+
+        if color is None and parent is not None:
+            color = parent.color
+
+        #: Controls if styling output is wanted or not.
+        self.color: t.Optional[bool] = color
+
+        if show_default is None and parent is not None:
+            show_default = parent.show_default
+
+        #: Show option default values when formatting help text.
+        self.show_default: t.Optional[bool] = show_default
+
+        self._close_callbacks: t.List[t.Callable[[], t.Any]] = []
+        self._depth = 0
+        self._parameter_source: t.Dict[str, ParameterSource] = {}
+        self._exit_stack = ExitStack()
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire CLI
+        structure.
+
+        .. code-block:: python
+
+            with Context(cli) as ctx:
+                info = ctx.to_info_dict()
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "command": self.command.to_info_dict(self),
+            "info_name": self.info_name,
+            "allow_extra_args": self.allow_extra_args,
+            "allow_interspersed_args": self.allow_interspersed_args,
+            "ignore_unknown_options": self.ignore_unknown_options,
+            "auto_envvar_prefix": self.auto_envvar_prefix,
+        }
+
+    def __enter__(self) -> "Context":
+        self._depth += 1
+        push_context(self)
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self._depth -= 1
+        if self._depth == 0:
+            self.close()
+        pop_context()
+
+    @contextmanager
+    def scope(self, cleanup: bool = True) -> t.Iterator["Context"]:
+        """This helper method can be used with the context object to promote
+        it to the current thread local (see :func:`get_current_context`).
+        The default behavior of this is to invoke the cleanup functions which
+        can be disabled by setting `cleanup` to `False`.  The cleanup
+        functions are typically used for things such as closing file handles.
+
+        If the cleanup is intended the context object can also be directly
+        used as a context manager.
+
+        Example usage::
+
+            with ctx.scope():
+                assert get_current_context() is ctx
+
+        This is equivalent::
+
+            with ctx:
+                assert get_current_context() is ctx
+
+        .. versionadded:: 5.0
+
+        :param cleanup: controls if the cleanup functions should be run or
+                        not.  The default is to run these functions.  In
+                        some situations the context only wants to be
+                        temporarily pushed in which case this can be disabled.
+                        Nested pushes automatically defer the cleanup.
+        """
+        if not cleanup:
+            self._depth += 1
+        try:
+            with self as rv:
+                yield rv
+        finally:
+            if not cleanup:
+                self._depth -= 1
+
+    @property
+    def meta(self) -> t.Dict[str, t.Any]:
+        """This is a dictionary which is shared with all the contexts
+        that are nested.  It exists so that click utilities can store some
+        state here if they need to.  It is however the responsibility of
+        that code to manage this dictionary well.
+
+        The keys are supposed to be unique dotted strings.  For instance
+        module paths are a good choice for it.  What is stored in there is
+        irrelevant for the operation of click.  However what is important is
+        that code that places data here adheres to the general semantics of
+        the system.
+
+        Example usage::
+
+            LANG_KEY = f'{__name__}.lang'
+
+            def set_language(value):
+                ctx = get_current_context()
+                ctx.meta[LANG_KEY] = value
+
+            def get_language():
+                return get_current_context().meta.get(LANG_KEY, 'en_US')
+
+        .. versionadded:: 5.0
+        """
+        return self._meta
+
+    def make_formatter(self) -> HelpFormatter:
+        """Creates the :class:`~click.HelpFormatter` for the help and
+        usage output.
+
+        To quickly customize the formatter class used without overriding
+        this method, set the :attr:`formatter_class` attribute.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`formatter_class` attribute.
+        """
+        return self.formatter_class(
+            width=self.terminal_width, max_width=self.max_content_width
+        )
+
+    def with_resource(self, context_manager: t.ContextManager[V]) -> V:
+        """Register a resource as if it were used in a ``with``
+        statement. The resource will be cleaned up when the context is
+        popped.
+
+        Uses :meth:`contextlib.ExitStack.enter_context`. It calls the
+        resource's ``__enter__()`` method and returns the result. When
+        the context is popped, it closes the stack, which calls the
+        resource's ``__exit__()`` method.
+
+        To register a cleanup function for something that isn't a
+        context manager, use :meth:`call_on_close`. Or use something
+        from :mod:`contextlib` to turn it into a context manager first.
+
+        .. code-block:: python
+
+            @click.group()
+            @click.option("--name")
+            @click.pass_context
+            def cli(ctx):
+                ctx.obj = ctx.with_resource(connect_db(name))
+
+        :param context_manager: The context manager to enter.
+        :return: Whatever ``context_manager.__enter__()`` returns.
+
+        .. versionadded:: 8.0
+        """
+        return self._exit_stack.enter_context(context_manager)
+
+    def call_on_close(self, f: t.Callable[..., t.Any]) -> t.Callable[..., t.Any]:
+        """Register a function to be called when the context tears down.
+
+        This can be used to close resources opened during the script
+        execution. Resources that support Python's context manager
+        protocol which would be used in a ``with`` statement should be
+        registered with :meth:`with_resource` instead.
+
+        :param f: The function to execute on teardown.
+        """
+        return self._exit_stack.callback(f)
+
+    def close(self) -> None:
+        """Invoke all close callbacks registered with
+        :meth:`call_on_close`, and exit all context managers entered
+        with :meth:`with_resource`.
+        """
+        self._exit_stack.close()
+        # In case the context is reused, create a new exit stack.
+        self._exit_stack = ExitStack()
+
+    @property
+    def command_path(self) -> str:
+        """The computed command path.  This is used for the ``usage``
+        information on the help page.  It's automatically created by
+        combining the info names of the chain of contexts to the root.
+        """
+        rv = ""
+        if self.info_name is not None:
+            rv = self.info_name
+        if self.parent is not None:
+            parent_command_path = [self.parent.command_path]
+
+            if isinstance(self.parent.command, Command):
+                for param in self.parent.command.get_params(self):
+                    parent_command_path.extend(param.get_usage_pieces(self))
+
+            rv = f"{' '.join(parent_command_path)} {rv}"
+        return rv.lstrip()
+
+    def find_root(self) -> "Context":
+        """Finds the outermost context."""
+        node = self
+        while node.parent is not None:
+            node = node.parent
+        return node
+
+    def find_object(self, object_type: t.Type[V]) -> t.Optional[V]:
+        """Finds the closest object of a given type."""
+        node: t.Optional["Context"] = self
+
+        while node is not None:
+            if isinstance(node.obj, object_type):
+                return node.obj
+
+            node = node.parent
+
+        return None
+
+    def ensure_object(self, object_type: t.Type[V]) -> V:
+        """Like :meth:`find_object` but sets the innermost object to a
+        new instance of `object_type` if it does not exist.
+        """
+        rv = self.find_object(object_type)
+        if rv is None:
+            self.obj = rv = object_type()
+        return rv
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[False]" = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def lookup_default(self, name: str, call: bool = True) -> t.Optional[t.Any]:
+        """Get the default for a parameter from :attr:`default_map`.
+
+        :param name: Name of the parameter.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        if self.default_map is not None:
+            value = self.default_map.get(name)
+
+            if call and callable(value):
+                return value()
+
+            return value
+
+        return None
+
+    def fail(self, message: str) -> "te.NoReturn":
+        """Aborts the execution of the program with a specific error
+        message.
+
+        :param message: the error message to fail with.
+        """
+        raise UsageError(message, self)
+
+    def abort(self) -> "te.NoReturn":
+        """Aborts the script."""
+        raise Abort()
+
+    def exit(self, code: int = 0) -> "te.NoReturn":
+        """Exits the application with a given exit code."""
+        raise Exit(code)
+
+    def get_usage(self) -> str:
+        """Helper method to get formatted usage string for the current
+        context and command.
+        """
+        return self.command.get_usage(self)
+
+    def get_help(self) -> str:
+        """Helper method to get formatted help page for the current
+        context and command.
+        """
+        return self.command.get_help(self)
+
+    def _make_sub_context(self, command: "Command") -> "Context":
+        """Create a new context of the same type as this context, but
+        for a new command.
+
+        :meta private:
+        """
+        return type(self)(command, info_name=command.name, parent=self)
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "t.Callable[..., V]",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> V:
+        ...
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "Command",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        ...
+
+    def invoke(
+        __self,  # noqa: B902
+        __callback: t.Union["Command", "t.Callable[..., V]"],
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Union[t.Any, V]:
+        """Invokes a command callback in exactly the way it expects.  There
+        are two ways to invoke this method:
+
+        1.  the first argument can be a callback and all other arguments and
+            keyword arguments are forwarded directly to the function.
+        2.  the first argument is a click command object.  In that case all
+            arguments are forwarded as well but proper click parameters
+            (options and click arguments) must be keyword arguments and Click
+            will fill in defaults.
+
+        Note that before Click 3.2 keyword arguments were not properly filled
+        in against the intention of this code and no context was created.  For
+        more information about this change and why it was done in a bugfix
+        release see :ref:`upgrade-to-3.2`.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if :meth:`forward` is called at multiple levels.
+        """
+        if isinstance(__callback, Command):
+            other_cmd = __callback
+
+            if other_cmd.callback is None:
+                raise TypeError(
+                    "The given command does not have a callback that can be invoked."
+                )
+            else:
+                __callback = t.cast("t.Callable[..., V]", other_cmd.callback)
+
+            ctx = __self._make_sub_context(other_cmd)
+
+            for param in other_cmd.params:
+                if param.name not in kwargs and param.expose_value:
+                    kwargs[param.name] = param.type_cast_value(  # type: ignore
+                        ctx, param.get_default(ctx)
+                    )
+
+            # Track all kwargs as params, so that forward() will pass
+            # them on in subsequent calls.
+            ctx.params.update(kwargs)
+        else:
+            ctx = __self
+
+        with augment_usage_errors(__self):
+            with ctx:
+                return __callback(*args, **kwargs)
+
+    def forward(
+        __self, __cmd: "Command", *args: t.Any, **kwargs: t.Any  # noqa: B902
+    ) -> t.Any:
+        """Similar to :meth:`invoke` but fills in default keyword
+        arguments from the current context if the other command expects
+        it.  This cannot invoke callbacks directly, only other commands.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if ``forward`` is called at multiple levels.
+        """
+        # Can only forward to other commands, not direct callbacks.
+        if not isinstance(__cmd, Command):
+            raise TypeError("Callback is not a command.")
+
+        for param in __self.params:
+            if param not in kwargs:
+                kwargs[param] = __self.params[param]
+
+        return __self.invoke(__cmd, *args, **kwargs)
+
+    def set_parameter_source(self, name: str, source: ParameterSource) -> None:
+        """Set the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        :param name: The name of the parameter.
+        :param source: A member of :class:`~click.core.ParameterSource`.
+        """
+        self._parameter_source[name] = source
+
+    def get_parameter_source(self, name: str) -> t.Optional[ParameterSource]:
+        """Get the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        This can be useful for determining when a user specified a value
+        on the command line that is the same as the default value. It
+        will be :attr:`~click.core.ParameterSource.DEFAULT` only if the
+        value was actually taken from the default.
+
+        :param name: The name of the parameter.
+        :rtype: ParameterSource
+
+        .. versionchanged:: 8.0
+            Returns ``None`` if the parameter was not provided from any
+            source.
+        """
+        return self._parameter_source.get(name)
+
+
+class BaseCommand:
+    """The base command implements the minimal API contract of commands.
+    Most code will never use this as it does not implement a lot of useful
+    functionality but it can act as the direct subclass of alternative
+    parsing methods that do not depend on the Click parser.
+
+    For instance, this can be used to bridge Click and other systems like
+    argparse or docopt.
+
+    Because base commands do not implement a lot of the API that other
+    parts of Click take for granted, they are not supported for all
+    operations.  For instance, they cannot be used with the decorators
+    usually and they have no built-in callback system.
+
+    .. versionchanged:: 2.0
+       Added the `context_settings` parameter.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    """
+
+    #: The context class to create with :meth:`make_context`.
+    #:
+    #: .. versionadded:: 8.0
+    context_class: t.Type[Context] = Context
+    #: the default for the :attr:`Context.allow_extra_args` flag.
+    allow_extra_args = False
+    #: the default for the :attr:`Context.allow_interspersed_args` flag.
+    allow_interspersed_args = True
+    #: the default for the :attr:`Context.ignore_unknown_options` flag.
+    ignore_unknown_options = False
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> None:
+        #: the name the command thinks it has.  Upon registering a command
+        #: on a :class:`Group` the group will default the command name
+        #: with this information.  You should instead use the
+        #: :class:`Context`\'s :attr:`~Context.info_name` attribute.
+        self.name = name
+
+        if context_settings is None:
+            context_settings = {}
+
+        #: an optional dictionary with defaults passed to the context.
+        self.context_settings: t.MutableMapping[str, t.Any] = context_settings
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire structure
+        below this command.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        :param ctx: A :class:`Context` representing this command.
+
+        .. versionadded:: 8.0
+        """
+        return {"name": self.name}
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def get_usage(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get usage")
+
+    def get_help(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get help")
+
+    def make_context(
+        self,
+        info_name: t.Optional[str],
+        args: t.List[str],
+        parent: t.Optional[Context] = None,
+        **extra: t.Any,
+    ) -> Context:
+        """This function when given an info name and arguments will kick
+        off the parsing and create a new :class:`Context`.  It does not
+        invoke the actual command callback though.
+
+        To quickly customize the context class used without overriding
+        this method, set the :attr:`context_class` attribute.
+
+        :param info_name: the info name for this invocation.  Generally this
+                          is the most descriptive name for the script or
+                          command.  For the toplevel script it's usually
+                          the name of the script, for commands below it's
+                          the name of the command.
+        :param args: the arguments to parse as list of strings.
+        :param parent: the parent context if available.
+        :param extra: extra keyword arguments forwarded to the context
+                      constructor.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`context_class` attribute.
+        """
+        for key, value in self.context_settings.items():
+            if key not in extra:
+                extra[key] = value
+
+        ctx = self.context_class(
+            self, info_name=info_name, parent=parent, **extra  # type: ignore
+        )
+
+        with ctx.scope(cleanup=False):
+            self.parse_args(ctx, args)
+        return ctx
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        """Given a context and a list of arguments this creates the parser
+        and parses the arguments, then modifies the context as necessary.
+        This is automatically invoked by :meth:`make_context`.
+        """
+        raise NotImplementedError("Base commands do not know how to parse arguments.")
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the command.  The default
+        implementation is raising a not implemented error.
+        """
+        raise NotImplementedError("Base commands are not invocable by default")
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of chained multi-commands.
+
+        Any command could be part of a chained multi-command, so sibling
+        commands are valid at any point during command completion. Other
+        command classes will return more completions.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        while ctx.parent is not None:
+            ctx = ctx.parent
+
+            if isinstance(ctx.command, MultiCommand) and ctx.command.chain:
+                results.extend(
+                    CompletionItem(name, help=command.get_short_help_str())
+                    for name, command in _complete_visible_commands(ctx, incomplete)
+                    if name not in ctx.protected_args
+                )
+
+        return results
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: "te.Literal[True]" = True,
+        **extra: t.Any,
+    ) -> "te.NoReturn":
+        ...
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = ...,
+        **extra: t.Any,
+    ) -> t.Any:
+        ...
+
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = True,
+        windows_expand_args: bool = True,
+        **extra: t.Any,
+    ) -> t.Any:
+        """This is the way to invoke a script with all the bells and
+        whistles as a command line application.  This will always terminate
+        the application after a call.  If this is not wanted, ``SystemExit``
+        needs to be caught.
+
+        This method is also available by directly calling the instance of
+        a :class:`Command`.
+
+        :param args: the arguments that should be used for parsing.  If not
+                     provided, ``sys.argv[1:]`` is used.
+        :param prog_name: the program name that should be used.  By default
+                          the program name is constructed by taking the file
+                          name from ``sys.argv[0]``.
+        :param complete_var: the environment variable that controls the
+                             bash completion support.  The default is
+                             ``"_<prog_name>_COMPLETE"`` with prog_name in
+                             uppercase.
+        :param standalone_mode: the default behavior is to invoke the script
+                                in standalone mode.  Click will then
+                                handle exceptions and convert them into
+                                error messages and the function will never
+                                return but shut down the interpreter.  If
+                                this is set to `False` they will be
+                                propagated to the caller and the return
+                                value of this function is the return value
+                                of :meth:`invoke`.
+        :param windows_expand_args: Expand glob patterns, user dir, and
+            env vars in command line args on Windows.
+        :param extra: extra keyword arguments are forwarded to the context
+                      constructor.  See :class:`Context` for more information.
+
+        .. versionchanged:: 8.0.1
+            Added the ``windows_expand_args`` parameter to allow
+            disabling command line arg expansion on Windows.
+
+        .. versionchanged:: 8.0
+            When taking arguments from ``sys.argv`` on Windows, glob
+            patterns, user dir, and env vars are expanded.
+
+        .. versionchanged:: 3.0
+           Added the ``standalone_mode`` parameter.
+        """
+        if args is None:
+            args = sys.argv[1:]
+
+            if os.name == "nt" and windows_expand_args:
+                args = _expand_args(args)
+        else:
+            args = list(args)
+
+        if prog_name is None:
+            prog_name = _detect_program_name()
+
+        # Process shell completion requests and exit early.
+        self._main_shell_completion(extra, prog_name, complete_var)
+
+        try:
+            try:
+                with self.make_context(prog_name, args, **extra) as ctx:
+                    rv = self.invoke(ctx)
+                    if not standalone_mode:
+                        return rv
+                    # it's not safe to `ctx.exit(rv)` here!
+                    # note that `rv` may actually contain data like "1" which
+                    # has obvious effects
+                    # more subtle case: `rv=[None, None]` can come out of
+                    # chained commands which all returned `None` -- so it's not
+                    # even always obvious that `rv` indicates success/failure
+                    # by its truthiness/falsiness
+                    ctx.exit()
+            except (EOFError, KeyboardInterrupt) as e:
+                echo(file=sys.stderr)
+                raise Abort() from e
+            except ClickException as e:
+                if not standalone_mode:
+                    raise
+                e.show()
+                sys.exit(e.exit_code)
+            except OSError as e:
+                if e.errno == errno.EPIPE:
+                    sys.stdout = t.cast(t.TextIO, PacifyFlushWrapper(sys.stdout))
+                    sys.stderr = t.cast(t.TextIO, PacifyFlushWrapper(sys.stderr))
+                    sys.exit(1)
+                else:
+                    raise
+        except Exit as e:
+            if standalone_mode:
+                sys.exit(e.exit_code)
+            else:
+                # in non-standalone mode, return the exit code
+                # note that this is only reached if `self.invoke` above raises
+                # an Exit explicitly -- thus bypassing the check there which
+                # would return its result
+                # the results of non-standalone execution may therefore be
+                # somewhat ambiguous: if there are codepaths which lead to
+                # `ctx.exit(1)` and to `return 1`, the caller won't be able to
+                # tell the difference between the two
+                return e.exit_code
+        except Abort:
+            if not standalone_mode:
+                raise
+            echo(_("Aborted!"), file=sys.stderr)
+            sys.exit(1)
+
+    def _main_shell_completion(
+        self,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: t.Optional[str] = None,
+    ) -> None:
+        """Check if the shell is asking for tab completion, process
+        that, then exit early. Called from :meth:`main` before the
+        program is invoked.
+
+        :param prog_name: Name of the executable in the shell.
+        :param complete_var: Name of the environment variable that holds
+            the completion instruction. Defaults to
+            ``_{PROG_NAME}_COMPLETE``.
+
+        .. versionchanged:: 8.2.0
+            Dots (``.``) in ``prog_name`` are replaced with underscores (``_``).
+        """
+        if complete_var is None:
+            complete_name = prog_name.replace("-", "_").replace(".", "_")
+            complete_var = f"_{complete_name}_COMPLETE".upper()
+
+        instruction = os.environ.get(complete_var)
+
+        if not instruction:
+            return
+
+        from .shell_completion import shell_complete
+
+        rv = shell_complete(self, ctx_args, prog_name, complete_var, instruction)
+        sys.exit(rv)
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Alias for :meth:`main`."""
+        return self.main(*args, **kwargs)
+
+
+class Command(BaseCommand):
+    """Commands are the basic building block of command line interfaces in
+    Click.  A basic command handles command line parsing and might dispatch
+    more parsing to commands nested below it.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    :param callback: the callback to invoke.  This is optional.
+    :param params: the parameters to register with this command.  This can
+                   be either :class:`Option` or :class:`Argument` objects.
+    :param help: the help string to use for this command.
+    :param epilog: like the help string but it's printed at the end of the
+                   help page after everything else.
+    :param short_help: the short help to use for this command.  This is
+                       shown on the command listing of the parent command.
+    :param add_help_option: by default each command registers a ``--help``
+                            option.  This can be disabled by this parameter.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is disabled by default.
+                            If enabled this will add ``--help`` as argument
+                            if no arguments are passed
+    :param hidden: hide this command from help outputs.
+
+    :param deprecated: issues a message indicating that
+                             the command is deprecated.
+
+    .. versionchanged:: 8.1
+        ``help``, ``epilog``, and ``short_help`` are stored unprocessed,
+        all formatting is done when outputting help text, not at init,
+        and is done even if not using the ``@command`` decorator.
+
+    .. versionchanged:: 8.0
+        Added a ``repr`` showing the command name.
+
+    .. versionchanged:: 7.1
+        Added the ``no_args_is_help`` parameter.
+
+    .. versionchanged:: 2.0
+        Added the ``context_settings`` parameter.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        callback: t.Optional[t.Callable[..., t.Any]] = None,
+        params: t.Optional[t.List["Parameter"]] = None,
+        help: t.Optional[str] = None,
+        epilog: t.Optional[str] = None,
+        short_help: t.Optional[str] = None,
+        options_metavar: t.Optional[str] = "[OPTIONS]",
+        add_help_option: bool = True,
+        no_args_is_help: bool = False,
+        hidden: bool = False,
+        deprecated: bool = False,
+    ) -> None:
+        super().__init__(name, context_settings)
+        #: the callback to execute when the command fires.  This might be
+        #: `None` in which case nothing happens.
+        self.callback = callback
+        #: the list of parameters for this command in the order they
+        #: should show up in the help page and execute.  Eager parameters
+        #: will automatically be handled before non eager ones.
+        self.params: t.List["Parameter"] = params or []
+        self.help = help
+        self.epilog = epilog
+        self.options_metavar = options_metavar
+        self.short_help = short_help
+        self.add_help_option = add_help_option
+        self.no_args_is_help = no_args_is_help
+        self.hidden = hidden
+        self.deprecated = deprecated
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        info_dict.update(
+            params=[param.to_info_dict() for param in self.get_params(ctx)],
+            help=self.help,
+            epilog=self.epilog,
+            short_help=self.short_help,
+            hidden=self.hidden,
+            deprecated=self.deprecated,
+        )
+        return info_dict
+
+    def get_usage(self, ctx: Context) -> str:
+        """Formats the usage line into a string and returns it.
+
+        Calls :meth:`format_usage` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_usage(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_params(self, ctx: Context) -> t.List["Parameter"]:
+        rv = self.params
+        help_option = self.get_help_option(ctx)
+
+        if help_option is not None:
+            rv = [*rv, help_option]
+
+        return rv
+
+    def format_usage(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the usage line into the formatter.
+
+        This is a low-level method called by :meth:`get_usage`.
+        """
+        pieces = self.collect_usage_pieces(ctx)
+        formatter.write_usage(ctx.command_path, " ".join(pieces))
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        """Returns all the pieces that go into the usage line and returns
+        it as a list of strings.
+        """
+        rv = [self.options_metavar] if self.options_metavar else []
+
+        for param in self.get_params(ctx):
+            rv.extend(param.get_usage_pieces(ctx))
+
+        return rv
+
+    def get_help_option_names(self, ctx: Context) -> t.List[str]:
+        """Returns the names for the help option."""
+        all_names = set(ctx.help_option_names)
+        for param in self.params:
+            all_names.difference_update(param.opts)
+            all_names.difference_update(param.secondary_opts)
+        return list(all_names)
+
+    def get_help_option(self, ctx: Context) -> t.Optional["Option"]:
+        """Returns the help option object."""
+        help_options = self.get_help_option_names(ctx)
+
+        if not help_options or not self.add_help_option:
+            return None
+
+        def show_help(ctx: Context, param: "Parameter", value: str) -> None:
+            if value and not ctx.resilient_parsing:
+                echo(ctx.get_help(), color=ctx.color)
+                ctx.exit()
+
+        return Option(
+            help_options,
+            is_flag=True,
+            is_eager=True,
+            expose_value=False,
+            callback=show_help,
+            help=_("Show this message and exit."),
+        )
+
+    def make_parser(self, ctx: Context) -> OptionParser:
+        """Creates the underlying option parser for this command."""
+        parser = OptionParser(ctx)
+        for param in self.get_params(ctx):
+            param.add_to_parser(parser, ctx)
+        return parser
+
+    def get_help(self, ctx: Context) -> str:
+        """Formats the help into a string and returns it.
+
+        Calls :meth:`format_help` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_help(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_short_help_str(self, limit: int = 45) -> str:
+        """Gets short help for the command or makes it by shortening the
+        long help string.
+        """
+        if self.short_help:
+            text = inspect.cleandoc(self.short_help)
+        elif self.help:
+            text = make_default_short_help(self.help, limit)
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        return text.strip()
+
+    def format_help(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help into the formatter if it exists.
+
+        This is a low-level method called by :meth:`get_help`.
+
+        This calls the following methods:
+
+        -   :meth:`format_usage`
+        -   :meth:`format_help_text`
+        -   :meth:`format_options`
+        -   :meth:`format_epilog`
+        """
+        self.format_usage(ctx, formatter)
+        self.format_help_text(ctx, formatter)
+        self.format_options(ctx, formatter)
+        self.format_epilog(ctx, formatter)
+
+    def format_help_text(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help text to the formatter if it exists."""
+        if self.help is not None:
+            # truncate the help text to the first form feed
+            text = inspect.cleandoc(self.help).partition("\f")[0]
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        if text:
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(text)
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes all the options into the formatter if they exist."""
+        opts = []
+        for param in self.get_params(ctx):
+            rv = param.get_help_record(ctx)
+            if rv is not None:
+                opts.append(rv)
+
+        if opts:
+            with formatter.section(_("Options")):
+                formatter.write_dl(opts)
+
+    def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the epilog into the formatter if it exists."""
+        if self.epilog:
+            epilog = inspect.cleandoc(self.epilog)
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(epilog)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        parser = self.make_parser(ctx)
+        opts, args, param_order = parser.parse_args(args=args)
+
+        for param in iter_params_for_processing(param_order, self.get_params(ctx)):
+            value, args = param.handle_parse_result(ctx, opts, args)
+
+        if args and not ctx.allow_extra_args and not ctx.resilient_parsing:
+            ctx.fail(
+                ngettext(
+                    "Got unexpected extra argument ({args})",
+                    "Got unexpected extra arguments ({args})",
+                    len(args),
+                ).format(args=" ".join(map(str, args)))
+            )
+
+        ctx.args = args
+        ctx._opt_prefixes.update(parser._opt_prefixes)
+        return args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the attached callback (if it exists)
+        in the right way.
+        """
+        if self.deprecated:
+            message = _(
+                "DeprecationWarning: The command {name!r} is deprecated."
+            ).format(name=self.name)
+            echo(style(message, fg="red"), err=True)
+
+        if self.callback is not None:
+            return ctx.invoke(self.callback, **ctx.params)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options and chained multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        if incomplete and not incomplete[0].isalnum():
+            for param in self.get_params(ctx):
+                if (
+                    not isinstance(param, Option)
+                    or param.hidden
+                    or (
+                        not param.multiple
+                        and ctx.get_parameter_source(param.name)  # type: ignore
+                        is ParameterSource.COMMANDLINE
+                    )
+                ):
+                    continue
+
+                results.extend(
+                    CompletionItem(name, help=param.help)
+                    for name in [*param.opts, *param.secondary_opts]
+                    if name.startswith(incomplete)
+                )
+
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class MultiCommand(Command):
+    """A multi command is the basic implementation of a command that
+    dispatches to subcommands.  The most common version is the
+    :class:`Group`.
+
+    :param invoke_without_command: this controls how the multi command itself
+                                   is invoked.  By default it's only invoked
+                                   if a subcommand is provided.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is enabled by default if
+                            `invoke_without_command` is disabled or disabled
+                            if it's enabled.  If enabled this will add
+                            ``--help`` as argument if no arguments are
+                            passed.
+    :param subcommand_metavar: the string that is used in the documentation
+                               to indicate the subcommand place.
+    :param chain: if this is set to `True` chaining of multiple subcommands
+                  is enabled.  This restricts the form of commands in that
+                  they cannot have optional arguments but it allows
+                  multiple commands to be chained together.
+    :param result_callback: The result callback to attach to this multi
+        command. This can be set or changed later with the
+        :meth:`result_callback` decorator.
+    :param attrs: Other command arguments described in :class:`Command`.
+    """
+
+    allow_extra_args = True
+    allow_interspersed_args = False
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        invoke_without_command: bool = False,
+        no_args_is_help: t.Optional[bool] = None,
+        subcommand_metavar: t.Optional[str] = None,
+        chain: bool = False,
+        result_callback: t.Optional[t.Callable[..., t.Any]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if no_args_is_help is None:
+            no_args_is_help = not invoke_without_command
+
+        self.no_args_is_help = no_args_is_help
+        self.invoke_without_command = invoke_without_command
+
+        if subcommand_metavar is None:
+            if chain:
+                subcommand_metavar = "COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]..."
+            else:
+                subcommand_metavar = "COMMAND [ARGS]..."
+
+        self.subcommand_metavar = subcommand_metavar
+        self.chain = chain
+        # The result callback that is stored. This can be set or
+        # overridden with the :func:`result_callback` decorator.
+        self._result_callback = result_callback
+
+        if self.chain:
+            for param in self.params:
+                if isinstance(param, Argument) and not param.required:
+                    raise RuntimeError(
+                        "Multi commands in chain mode cannot have"
+                        " optional arguments."
+                    )
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        commands = {}
+
+        for name in self.list_commands(ctx):
+            command = self.get_command(ctx, name)
+
+            if command is None:
+                continue
+
+            sub_ctx = ctx._make_sub_context(command)
+
+            with sub_ctx.scope(cleanup=False):
+                commands[name] = command.to_info_dict(sub_ctx)
+
+        info_dict.update(commands=commands, chain=self.chain)
+        return info_dict
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        rv = super().collect_usage_pieces(ctx)
+        rv.append(self.subcommand_metavar)
+        return rv
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        super().format_options(ctx, formatter)
+        self.format_commands(ctx, formatter)
+
+    def result_callback(self, replace: bool = False) -> t.Callable[[F], F]:
+        """Adds a result callback to the command.  By default if a
+        result callback is already registered this will chain them but
+        this can be disabled with the `replace` parameter.  The result
+        callback is invoked with the return value of the subcommand
+        (or the list of return values from all subcommands if chaining
+        is enabled) as well as the parameters as they would be passed
+        to the main callback.
+
+        Example::
+
+            @click.group()
+            @click.option('-i', '--input', default=23)
+            def cli(input):
+                return 42
+
+            @cli.result_callback()
+            def process_result(result, input):
+                return result + input
+
+        :param replace: if set to `True` an already existing result
+                        callback will be removed.
+
+        .. versionchanged:: 8.0
+            Renamed from ``resultcallback``.
+
+        .. versionadded:: 3.0
+        """
+
+        def decorator(f: F) -> F:
+            old_callback = self._result_callback
+
+            if old_callback is None or replace:
+                self._result_callback = f
+                return f
+
+            def function(__value, *args, **kwargs):  # type: ignore
+                inner = old_callback(__value, *args, **kwargs)
+                return f(inner, *args, **kwargs)
+
+            self._result_callback = rv = update_wrapper(t.cast(F, function), f)
+            return rv
+
+        return decorator
+
+    def format_commands(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Extra format methods for multi methods that adds all the commands
+        after the options.
+        """
+        commands = []
+        for subcommand in self.list_commands(ctx):
+            cmd = self.get_command(ctx, subcommand)
+            # What is this, the tool lied about a command.  Ignore it
+            if cmd is None:
+                continue
+            if cmd.hidden:
+                continue
+
+            commands.append((subcommand, cmd))
+
+        # allow for 3 times the default spacing
+        if len(commands):
+            limit = formatter.width - 6 - max(len(cmd[0]) for cmd in commands)
+
+            rows = []
+            for subcommand, cmd in commands:
+                help = cmd.get_short_help_str(limit)
+                rows.append((subcommand, help))
+
+            if rows:
+                with formatter.section(_("Commands")):
+                    formatter.write_dl(rows)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        rest = super().parse_args(ctx, args)
+
+        if self.chain:
+            ctx.protected_args = rest
+            ctx.args = []
+        elif rest:
+            ctx.protected_args, ctx.args = rest[:1], rest[1:]
+
+        return ctx.args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        def _process_result(value: t.Any) -> t.Any:
+            if self._result_callback is not None:
+                value = ctx.invoke(self._result_callback, value, **ctx.params)
+            return value
+
+        if not ctx.protected_args:
+            if self.invoke_without_command:
+                # No subcommand was invoked, so the result callback is
+                # invoked with the group return value for regular
+                # groups, or an empty list for chained groups.
+                with ctx:
+                    rv = super().invoke(ctx)
+                    return _process_result([] if self.chain else rv)
+            ctx.fail(_("Missing command."))
+
+        # Fetch args back out
+        args = [*ctx.protected_args, *ctx.args]
+        ctx.args = []
+        ctx.protected_args = []
+
+        # If we're not in chain mode, we only allow the invocation of a
+        # single command but we also inform the current context about the
+        # name of the command to invoke.
+        if not self.chain:
+            # Make sure the context is entered so we do not clean up
+            # resources until the result processor has worked.
+            with ctx:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                ctx.invoked_subcommand = cmd_name
+                super().invoke(ctx)
+                sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
+                with sub_ctx:
+                    return _process_result(sub_ctx.command.invoke(sub_ctx))
+
+        # In chain mode we create the contexts step by step, but after the
+        # base command has been invoked.  Because at that point we do not
+        # know the subcommands yet, the invoked subcommand attribute is
+        # set to ``*`` to inform the command that subcommands are executed
+        # but nothing else.
+        with ctx:
+            ctx.invoked_subcommand = "*" if args else None
+            super().invoke(ctx)
+
+            # Otherwise we make every single context and invoke them in a
+            # chain.  In that case the return value to the result processor
+            # is the list of all invoked subcommand's results.
+            contexts = []
+            while args:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                sub_ctx = cmd.make_context(
+                    cmd_name,
+                    args,
+                    parent=ctx,
+                    allow_extra_args=True,
+                    allow_interspersed_args=False,
+                )
+                contexts.append(sub_ctx)
+                args, sub_ctx.args = sub_ctx.args, []
+
+            rv = []
+            for sub_ctx in contexts:
+                with sub_ctx:
+                    rv.append(sub_ctx.command.invoke(sub_ctx))
+            return _process_result(rv)
+
+    def resolve_command(
+        self, ctx: Context, args: t.List[str]
+    ) -> t.Tuple[t.Optional[str], t.Optional[Command], t.List[str]]:
+        cmd_name = make_str(args[0])
+        original_cmd_name = cmd_name
+
+        # Get the command
+        cmd = self.get_command(ctx, cmd_name)
+
+        # If we can't find the command but there is a normalization
+        # function available, we try with that one.
+        if cmd is None and ctx.token_normalize_func is not None:
+            cmd_name = ctx.token_normalize_func(cmd_name)
+            cmd = self.get_command(ctx, cmd_name)
+
+        # If we don't find the command we want to show an error message
+        # to the user that it was not provided.  However, there is
+        # something else we should do: if the first argument looks like
+        # an option we want to kick off parsing again for arguments to
+        # resolve things like --help which now should go to the main
+        # place.
+        if cmd is None and not ctx.resilient_parsing:
+            if split_opt(cmd_name)[0]:
+                self.parse_args(ctx, ctx.args)
+            ctx.fail(_("No such command {name!r}.").format(name=original_cmd_name))
+        return cmd_name if cmd else None, cmd, args[1:]
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        """Given a context and a command name, this returns a
+        :class:`Command` object if it exists or returns `None`.
+        """
+        raise NotImplementedError
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        """Returns a list of subcommand names in the order they should
+        appear.
+        """
+        return []
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options, subcommands, and chained
+        multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results = [
+            CompletionItem(name, help=command.get_short_help_str())
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class Group(MultiCommand):
+    """A group allows a command to have subcommands attached. This is
+    the most common way to implement nesting in Click.
+
+    :param name: The name of the group command.
+    :param commands: A dict mapping names to :class:`Command` objects.
+        Can also be a list of :class:`Command`, which will use
+        :attr:`Command.name` to create the dict.
+    :param attrs: Other command arguments described in
+        :class:`MultiCommand`, :class:`Command`, and
+        :class:`BaseCommand`.
+
+    .. versionchanged:: 8.0
+        The ``commands`` argument can be a list of command objects.
+    """
+
+    #: If set, this is used by the group's :meth:`command` decorator
+    #: as the default :class:`Command` class. This is useful to make all
+    #: subcommands use a custom command class.
+    #:
+    #: .. versionadded:: 8.0
+    command_class: t.Optional[t.Type[Command]] = None
+
+    #: If set, this is used by the group's :meth:`group` decorator
+    #: as the default :class:`Group` class. This is useful to make all
+    #: subgroups use a custom group class.
+    #:
+    #: If set to the special value :class:`type` (literally
+    #: ``group_class = type``), this group's class will be used as the
+    #: default class. This makes a custom group class continue to make
+    #: custom groups.
+    #:
+    #: .. versionadded:: 8.0
+    group_class: t.Optional[t.Union[t.Type["Group"], t.Type[type]]] = None
+    # Literal[type] isn't valid, so use Type[type]
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        commands: t.Optional[
+            t.Union[t.MutableMapping[str, Command], t.Sequence[Command]]
+        ] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if commands is None:
+            commands = {}
+        elif isinstance(commands, abc.Sequence):
+            commands = {c.name: c for c in commands if c.name is not None}
+
+        #: The registered subcommands by their exported names.
+        self.commands: t.MutableMapping[str, Command] = commands
+
+    def add_command(self, cmd: Command, name: t.Optional[str] = None) -> None:
+        """Registers another :class:`Command` with this group.  If the name
+        is not provided, the name of the command is used.
+        """
+        name = name or cmd.name
+        if name is None:
+            raise TypeError("Command has no name.")
+        _check_multicommand(self, name, cmd, register=True)
+        self.commands[name] = cmd
+
+    @t.overload
+    def command(self, __func: t.Callable[..., t.Any]) -> Command:
+        ...
+
+    @t.overload
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], Command]:
+        ...
+
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], Command], Command]:
+        """A shortcut decorator for declaring and attaching a command to
+        the group. This takes the same arguments as :func:`command` and
+        immediately registers the created command with this group by
+        calling :meth:`add_command`.
+
+        To customize the command class used, set the
+        :attr:`command_class` attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`command_class` attribute.
+        """
+        from .decorators import command
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'command(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.command_class and kwargs.get("cls") is None:
+            kwargs["cls"] = self.command_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> Command:
+            cmd: Command = command(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    @t.overload
+    def group(self, __func: t.Callable[..., t.Any]) -> "Group":
+        ...
+
+    @t.overload
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], "Group"]:
+        ...
+
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], "Group"], "Group"]:
+        """A shortcut decorator for declaring and attaching a group to
+        the group. This takes the same arguments as :func:`group` and
+        immediately registers the created group with this group by
+        calling :meth:`add_command`.
+
+        To customize the group class used, set the :attr:`group_class`
+        attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`group_class` attribute.
+        """
+        from .decorators import group
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'group(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.group_class is not None and kwargs.get("cls") is None:
+            if self.group_class is type:
+                kwargs["cls"] = type(self)
+            else:
+                kwargs["cls"] = self.group_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> "Group":
+            cmd: Group = group(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        return self.commands.get(cmd_name)
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        return sorted(self.commands)
+
+
+class CommandCollection(MultiCommand):
+    """A command collection is a multi command that merges multiple multi
+    commands together into one.  This is a straightforward implementation
+    that accepts a list of different multi commands as sources and
+    provides all the commands for each of them.
+
+    See :class:`MultiCommand` and :class:`Command` for the description of
+    ``name`` and ``attrs``.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        sources: t.Optional[t.List[MultiCommand]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+        #: The list of registered multi commands.
+        self.sources: t.List[MultiCommand] = sources or []
+
+    def add_source(self, multi_cmd: MultiCommand) -> None:
+        """Adds a new multi command to the chain dispatcher."""
+        self.sources.append(multi_cmd)
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        for source in self.sources:
+            rv = source.get_command(ctx, cmd_name)
+
+            if rv is not None:
+                if self.chain:
+                    _check_multicommand(self, cmd_name, rv)
+
+                return rv
+
+        return None
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        rv: t.Set[str] = set()
+
+        for source in self.sources:
+            rv.update(source.list_commands(ctx))
+
+        return sorted(rv)
+
+
+def _check_iter(value: t.Any) -> t.Iterator[t.Any]:
+    """Check if the value is iterable but not a string. Raises a type
+    error, or return an iterator over the value.
+    """
+    if isinstance(value, str):
+        raise TypeError
+
+    return iter(value)
+
+
+class Parameter:
+    r"""A parameter to a command comes in two versions: they are either
+    :class:`Option`\s or :class:`Argument`\s.  Other subclasses are currently
+    not supported by design as some of the internals for parsing are
+    intentionally not finalized.
+
+    Some settings are supported by both options and arguments.
+
+    :param param_decls: the parameter declarations for this option or
+                        argument.  This is a list of flags or argument
+                        names.
+    :param type: the type that should be used.  Either a :class:`ParamType`
+                 or a Python type.  The latter is converted into the former
+                 automatically if supported.
+    :param required: controls if this is optional or not.
+    :param default: the default value if omitted.  This can also be a callable,
+                    in which case it's invoked when the default is needed
+                    without any arguments.
+    :param callback: A function to further process or validate the value
+        after type conversion. It is called as ``f(ctx, param, value)``
+        and must return the value. It is called for all sources,
+        including prompts.
+    :param nargs: the number of arguments to match.  If not ``1`` the return
+                  value is a tuple instead of single value.  The default for
+                  nargs is ``1`` (except if the type is a tuple, then it's
+                  the arity of the tuple). If ``nargs=-1``, all remaining
+                  parameters are collected.
+    :param metavar: how the value is represented in the help page.
+    :param expose_value: if this is `True` then the value is passed onwards
+                         to the command callback and stored on the context,
+                         otherwise it's skipped.
+    :param is_eager: eager values are processed before non eager ones.  This
+                     should not be set for arguments or it will inverse the
+                     order of processing.
+    :param envvar: a string or list of strings that are environment variables
+                   that should be checked.
+    :param shell_complete: A function that returns custom shell
+        completions. Used instead of the param's type completion if
+        given. Takes ``ctx, param, incomplete`` and must return a list
+        of :class:`~click.shell_completion.CompletionItem` or a list of
+        strings.
+
+    .. versionchanged:: 8.0
+        ``process_value`` validates required parameters and bounded
+        ``nargs``, and invokes the parameter callback before returning
+        the value. This allows the callback to validate prompts.
+        ``full_process_value`` is removed.
+
+    .. versionchanged:: 8.0
+        ``autocompletion`` is renamed to ``shell_complete`` and has new
+        semantics described above. The old name is deprecated and will
+        be removed in 8.1, until then it will be wrapped to match the
+        new requirements.
+
+    .. versionchanged:: 8.0
+        For ``multiple=True, nargs>1``, the default must be a list of
+        tuples.
+
+    .. versionchanged:: 8.0
+        Setting a default is no longer required for ``nargs>1``, it will
+        default to ``None``. ``multiple=True`` or ``nargs=-1`` will
+        default to ``()``.
+
+    .. versionchanged:: 7.1
+        Empty environment variables are ignored rather than taking the
+        empty string value. This makes it possible for scripts to clear
+        variables if they can't unset them.
+
+    .. versionchanged:: 2.0
+        Changed signature for parameter callback to also be passed the
+        parameter. The old callback format will still work, but it will
+        raise a warning to give you a chance to migrate the code easier.
+    """
+
+    param_type_name = "parameter"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        required: bool = False,
+        default: t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]] = None,
+        callback: t.Optional[t.Callable[[Context, "Parameter", t.Any], t.Any]] = None,
+        nargs: t.Optional[int] = None,
+        multiple: bool = False,
+        metavar: t.Optional[str] = None,
+        expose_value: bool = True,
+        is_eager: bool = False,
+        envvar: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        shell_complete: t.Optional[
+            t.Callable[
+                [Context, "Parameter", str],
+                t.Union[t.List["CompletionItem"], t.List[str]],
+            ]
+        ] = None,
+    ) -> None:
+        self.name: t.Optional[str]
+        self.opts: t.List[str]
+        self.secondary_opts: t.List[str]
+        self.name, self.opts, self.secondary_opts = self._parse_decls(
+            param_decls or (), expose_value
+        )
+        self.type: types.ParamType = types.convert_type(type, default)
+
+        # Default nargs to what the type tells us if we have that
+        # information available.
+        if nargs is None:
+            if self.type.is_composite:
+                nargs = self.type.arity
+            else:
+                nargs = 1
+
+        self.required = required
+        self.callback = callback
+        self.nargs = nargs
+        self.multiple = multiple
+        self.expose_value = expose_value
+        self.default = default
+        self.is_eager = is_eager
+        self.metavar = metavar
+        self.envvar = envvar
+        self._custom_shell_complete = shell_complete
+
+        if __debug__:
+            if self.type.is_composite and nargs != self.type.arity:
+                raise ValueError(
+                    f"'nargs' must be {self.type.arity} (or None) for"
+                    f" type {self.type!r}, but it was {nargs}."
+                )
+
+            # Skip no default or callable default.
+            check_default = default if not callable(default) else None
+
+            if check_default is not None:
+                if multiple:
+                    try:
+                        # Only check the first value against nargs.
+                        check_default = next(_check_iter(check_default), None)
+                    except TypeError:
+                        raise ValueError(
+                            "'default' must be a list when 'multiple' is true."
+                        ) from None
+
+                # Can be None for multiple with empty default.
+                if nargs != 1 and check_default is not None:
+                    try:
+                        _check_iter(check_default)
+                    except TypeError:
+                        if multiple:
+                            message = (
+                                "'default' must be a list of lists when 'multiple' is"
+                                " true and 'nargs' != 1."
+                            )
+                        else:
+                            message = "'default' must be a list when 'nargs' != 1."
+
+                        raise ValueError(message) from None
+
+                    if nargs > 1 and len(check_default) != nargs:
+                        subject = "item length" if multiple else "length"
+                        raise ValueError(
+                            f"'default' {subject} must match nargs={nargs}."
+                        )
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "name": self.name,
+            "param_type_name": self.param_type_name,
+            "opts": self.opts,
+            "secondary_opts": self.secondary_opts,
+            "type": self.type.to_info_dict(),
+            "required": self.required,
+            "nargs": self.nargs,
+            "multiple": self.multiple,
+            "default": self.default,
+            "envvar": self.envvar,
+        }
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        raise NotImplementedError()
+
+    @property
+    def human_readable_name(self) -> str:
+        """Returns the human readable name of this parameter.  This is the
+        same as the name for options, but the metavar for arguments.
+        """
+        return self.name  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+
+        metavar = self.type.get_metavar(self)
+
+        if metavar is None:
+            metavar = self.type.name.upper()
+
+        if self.nargs != 1:
+            metavar += "..."
+
+        return metavar
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        """Get the default for the parameter. Tries
+        :meth:`Context.lookup_default` first, then the local default.
+
+        :param ctx: Current context.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0.2
+            Type casting is no longer performed when getting a default.
+
+        .. versionchanged:: 8.0.1
+            Type casting can fail in resilient parsing mode. Invalid
+            defaults will not prevent showing help text.
+
+        .. versionchanged:: 8.0
+            Looks at ``ctx.default_map`` first.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        value = ctx.lookup_default(self.name, call=False)  # type: ignore
+
+        if value is None:
+            value = self.default
+
+        if call and callable(value):
+            value = value()
+
+        return value
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        raise NotImplementedError()
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value = opts.get(self.name)  # type: ignore
+        source = ParameterSource.COMMANDLINE
+
+        if value is None:
+            value = self.value_from_envvar(ctx)
+            source = ParameterSource.ENVIRONMENT
+
+        if value is None:
+            value = ctx.lookup_default(self.name)  # type: ignore
+            source = ParameterSource.DEFAULT_MAP
+
+        if value is None:
+            value = self.get_default(ctx)
+            source = ParameterSource.DEFAULT
+
+        return value, source
+
+    def type_cast_value(self, ctx: Context, value: t.Any) -> t.Any:
+        """Convert and validate a value against the option's
+        :attr:`type`, :attr:`multiple`, and :attr:`nargs`.
+        """
+        if value is None:
+            return () if self.multiple or self.nargs == -1 else None
+
+        def check_iter(value: t.Any) -> t.Iterator[t.Any]:
+            try:
+                return _check_iter(value)
+            except TypeError:
+                # This should only happen when passing in args manually,
+                # the parser should construct an iterable when parsing
+                # the command line.
+                raise BadParameter(
+                    _("Value must be an iterable."), ctx=ctx, param=self
+                ) from None
+
+        if self.nargs == 1 or self.type.is_composite:
+
+            def convert(value: t.Any) -> t.Any:
+                return self.type(value, param=self, ctx=ctx)
+
+        elif self.nargs == -1:
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                return tuple(self.type(x, self, ctx) for x in check_iter(value))
+
+        else:  # nargs > 1
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                value = tuple(check_iter(value))
+
+                if len(value) != self.nargs:
+                    raise BadParameter(
+                        ngettext(
+                            "Takes {nargs} values but 1 was given.",
+                            "Takes {nargs} values but {len} were given.",
+                            len(value),
+                        ).format(nargs=self.nargs, len=len(value)),
+                        ctx=ctx,
+                        param=self,
+                    )
+
+                return tuple(self.type(x, self, ctx) for x in value)
+
+        if self.multiple:
+            return tuple(convert(x) for x in check_iter(value))
+
+        return convert(value)
+
+    def value_is_missing(self, value: t.Any) -> bool:
+        if value is None:
+            return True
+
+        if (self.nargs != 1 or self.multiple) and value == ():
+            return True
+
+        return False
+
+    def process_value(self, ctx: Context, value: t.Any) -> t.Any:
+        value = self.type_cast_value(ctx, value)
+
+        if self.required and self.value_is_missing(value):
+            raise MissingParameter(ctx=ctx, param=self)
+
+        if self.callback is not None:
+            value = self.callback(ctx, self, value)
+
+        return value
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        if self.envvar is None:
+            return None
+
+        if isinstance(self.envvar, str):
+            rv = os.environ.get(self.envvar)
+
+            if rv:
+                return rv
+        else:
+            for envvar in self.envvar:
+                rv = os.environ.get(envvar)
+
+                if rv:
+                    return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is not None and self.nargs != 1:
+            rv = self.type.split_envvar_value(rv)
+
+        return rv
+
+    def handle_parse_result(
+        self, ctx: Context, opts: t.Mapping[str, t.Any], args: t.List[str]
+    ) -> t.Tuple[t.Any, t.List[str]]:
+        with augment_usage_errors(ctx, param=self):
+            value, source = self.consume_value(ctx, opts)
+            ctx.set_parameter_source(self.name, source)  # type: ignore
+
+            try:
+                value = self.process_value(ctx, value)
+            except Exception:
+                if not ctx.resilient_parsing:
+                    raise
+
+                value = None
+
+        if self.expose_value:
+            ctx.params[self.name] = value  # type: ignore
+
+        return value, args
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        pass
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return []
+
+    def get_error_hint(self, ctx: Context) -> str:
+        """Get a stringified version of the param for use in error messages to
+        indicate which param caused the error.
+        """
+        hint_list = self.opts or [self.human_readable_name]
+        return " / ".join(f"'{x}'" for x in hint_list)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. If a
+        ``shell_complete`` function was given during init, it is used.
+        Otherwise, the :attr:`type`
+        :meth:`~click.types.ParamType.shell_complete` function is used.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        if self._custom_shell_complete is not None:
+            results = self._custom_shell_complete(ctx, self, incomplete)
+
+            if results and isinstance(results[0], str):
+                from click.shell_completion import CompletionItem
+
+                results = [CompletionItem(c) for c in results]
+
+            return t.cast(t.List["CompletionItem"], results)
+
+        return self.type.shell_complete(ctx, self, incomplete)
+
+
+class Option(Parameter):
+    """Options are usually optional values on the command line and
+    have some extra features that arguments don't have.
+
+    All other parameters are passed onwards to the parameter constructor.
+
+    :param show_default: Show the default value for this option in its
+        help text. Values are not shown by default, unless
+        :attr:`Context.show_default` is ``True``. If this value is a
+        string, it shows that string in parentheses instead of the
+        actual value. This is particularly useful for dynamic options.
+        For single option boolean flags, the default remains hidden if
+        its value is ``False``.
+    :param show_envvar: Controls if an environment variable should be
+        shown on the help page. Normally, environment variables are not
+        shown.
+    :param prompt: If set to ``True`` or a non empty string then the
+        user will be prompted for input. If set to ``True`` the prompt
+        will be the option name capitalized.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value if it was prompted for. Can be set to a string instead of
+        ``True`` to customize the message.
+    :param prompt_required: If set to ``False``, the user will be
+        prompted for input only when the option was specified as a flag
+        without a value.
+    :param hide_input: If this is ``True`` then the input on the prompt
+        will be hidden from the user. This is useful for password input.
+    :param is_flag: forces this option to act as a flag.  The default is
+                    auto detection.
+    :param flag_value: which value should be used for this flag if it's
+                       enabled.  This is set to a boolean automatically if
+                       the option string contains a slash to mark two options.
+    :param multiple: if this is set to `True` then the argument is accepted
+                     multiple times and recorded.  This is similar to ``nargs``
+                     in how it works but supports arbitrary number of
+                     arguments.
+    :param count: this flag makes an option increment an integer.
+    :param allow_from_autoenv: if this is enabled then the value of this
+                               parameter will be pulled from an environment
+                               variable in case a prefix is defined on the
+                               context.
+    :param help: the help string.
+    :param hidden: hide this option from help outputs.
+    :param attrs: Other command arguments described in :class:`Parameter`.
+
+    .. versionchanged:: 8.1.0
+        Help text indentation is cleaned here instead of only in the
+        ``@option`` decorator.
+
+    .. versionchanged:: 8.1.0
+        The ``show_default`` parameter overrides
+        ``Context.show_default``.
+
+    .. versionchanged:: 8.1.0
+        The default of a single option boolean flag is not shown if the
+        default value is ``False``.
+
+    .. versionchanged:: 8.0.1
+        ``type`` is detected from ``flag_value`` if given.
+    """
+
+    param_type_name = "option"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        show_default: t.Union[bool, str, None] = None,
+        prompt: t.Union[bool, str] = False,
+        confirmation_prompt: t.Union[bool, str] = False,
+        prompt_required: bool = True,
+        hide_input: bool = False,
+        is_flag: t.Optional[bool] = None,
+        flag_value: t.Optional[t.Any] = None,
+        multiple: bool = False,
+        count: bool = False,
+        allow_from_autoenv: bool = True,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        help: t.Optional[str] = None,
+        hidden: bool = False,
+        show_choices: bool = True,
+        show_envvar: bool = False,
+        **attrs: t.Any,
+    ) -> None:
+        if help:
+            help = inspect.cleandoc(help)
+
+        default_is_missing = "default" not in attrs
+        super().__init__(param_decls, type=type, multiple=multiple, **attrs)
+
+        if prompt is True:
+            if self.name is None:
+                raise TypeError("'name' is required with 'prompt=True'.")
+
+            prompt_text: t.Optional[str] = self.name.replace("_", " ").capitalize()
+        elif prompt is False:
+            prompt_text = None
+        else:
+            prompt_text = prompt
+
+        self.prompt = prompt_text
+        self.confirmation_prompt = confirmation_prompt
+        self.prompt_required = prompt_required
+        self.hide_input = hide_input
+        self.hidden = hidden
+
+        # If prompt is enabled but not required, then the option can be
+        # used as a flag to indicate using prompt or flag_value.
+        self._flag_needs_value = self.prompt is not None and not self.prompt_required
+
+        if is_flag is None:
+            if flag_value is not None:
+                # Implicitly a flag because flag_value was set.
+                is_flag = True
+            elif self._flag_needs_value:
+                # Not a flag, but when used as a flag it shows a prompt.
+                is_flag = False
+            else:
+                # Implicitly a flag because flag options were given.
+                is_flag = bool(self.secondary_opts)
+        elif is_flag is False and not self._flag_needs_value:
+            # Not a flag, and prompt is not enabled, can be used as a
+            # flag if flag_value is set.
+            self._flag_needs_value = flag_value is not None
+
+        self.default: t.Union[t.Any, t.Callable[[], t.Any]]
+
+        if is_flag and default_is_missing and not self.required:
+            if multiple:
+                self.default = ()
+            else:
+                self.default = False
+
+        if flag_value is None:
+            flag_value = not self.default
+
+        self.type: types.ParamType
+        if is_flag and type is None:
+            # Re-guess the type from the flag value instead of the
+            # default.
+            self.type = types.convert_type(None, flag_value)
+
+        self.is_flag: bool = is_flag
+        self.is_bool_flag: bool = is_flag and isinstance(self.type, types.BoolParamType)
+        self.flag_value: t.Any = flag_value
+
+        # Counting
+        self.count = count
+        if count:
+            if type is None:
+                self.type = types.IntRange(min=0)
+            if default_is_missing:
+                self.default = 0
+
+        self.allow_from_autoenv = allow_from_autoenv
+        self.help = help
+        self.show_default = show_default
+        self.show_choices = show_choices
+        self.show_envvar = show_envvar
+
+        if __debug__:
+            if self.nargs == -1:
+                raise TypeError("nargs=-1 is not supported for options.")
+
+            if self.prompt and self.is_flag and not self.is_bool_flag:
+                raise TypeError("'prompt' is not valid for non-boolean flag.")
+
+            if not self.is_bool_flag and self.secondary_opts:
+                raise TypeError("Secondary flag is not valid for non-boolean flag.")
+
+            if self.is_bool_flag and self.hide_input and self.prompt is not None:
+                raise TypeError(
+                    "'prompt' with 'hide_input' is not valid for boolean flag."
+                )
+
+            if self.count:
+                if self.multiple:
+                    raise TypeError("'count' is not valid with 'multiple'.")
+
+                if self.is_flag:
+                    raise TypeError("'count' is not valid with 'is_flag'.")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            help=self.help,
+            prompt=self.prompt,
+            is_flag=self.is_flag,
+            flag_value=self.flag_value,
+            count=self.count,
+            hidden=self.hidden,
+        )
+        return info_dict
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        opts = []
+        secondary_opts = []
+        name = None
+        possible_names = []
+
+        for decl in decls:
+            if decl.isidentifier():
+                if name is not None:
+                    raise TypeError(f"Name '{name}' defined twice")
+                name = decl
+            else:
+                split_char = ";" if decl[:1] == "/" else "/"
+                if split_char in decl:
+                    first, second = decl.split(split_char, 1)
+                    first = first.rstrip()
+                    if first:
+                        possible_names.append(split_opt(first))
+                        opts.append(first)
+                    second = second.lstrip()
+                    if second:
+                        secondary_opts.append(second.lstrip())
+                    if first == second:
+                        raise ValueError(
+                            f"Boolean option {decl!r} cannot use the"
+                            " same flag for true/false."
+                        )
+                else:
+                    possible_names.append(split_opt(decl))
+                    opts.append(decl)
+
+        if name is None and possible_names:
+            possible_names.sort(key=lambda x: -len(x[0]))  # group long options first
+            name = possible_names[0][1].replace("-", "_").lower()
+            if not name.isidentifier():
+                name = None
+
+        if name is None:
+            if not expose_value:
+                return None, opts, secondary_opts
+            raise TypeError("Could not determine name for option")
+
+        if not opts and not secondary_opts:
+            raise TypeError(
+                f"No options defined but a name was passed ({name})."
+                " Did you mean to declare an argument instead? Did"
+                f" you mean to pass '--{name}'?"
+            )
+
+        return name, opts, secondary_opts
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        if self.multiple:
+            action = "append"
+        elif self.count:
+            action = "count"
+        else:
+            action = "store"
+
+        if self.is_flag:
+            action = f"{action}_const"
+
+            if self.is_bool_flag and self.secondary_opts:
+                parser.add_option(
+                    obj=self, opts=self.opts, dest=self.name, action=action, const=True
+                )
+                parser.add_option(
+                    obj=self,
+                    opts=self.secondary_opts,
+                    dest=self.name,
+                    action=action,
+                    const=False,
+                )
+            else:
+                parser.add_option(
+                    obj=self,
+                    opts=self.opts,
+                    dest=self.name,
+                    action=action,
+                    const=self.flag_value,
+                )
+        else:
+            parser.add_option(
+                obj=self,
+                opts=self.opts,
+                dest=self.name,
+                action=action,
+                nargs=self.nargs,
+            )
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        if self.hidden:
+            return None
+
+        any_prefix_is_slash = False
+
+        def _write_opts(opts: t.Sequence[str]) -> str:
+            nonlocal any_prefix_is_slash
+
+            rv, any_slashes = join_options(opts)
+
+            if any_slashes:
+                any_prefix_is_slash = True
+
+            if not self.is_flag and not self.count:
+                rv += f" {self.make_metavar()}"
+
+            return rv
+
+        rv = [_write_opts(self.opts)]
+
+        if self.secondary_opts:
+            rv.append(_write_opts(self.secondary_opts))
+
+        help = self.help or ""
+        extra = []
+
+        if self.show_envvar:
+            envvar = self.envvar
+
+            if envvar is None:
+                if (
+                    self.allow_from_autoenv
+                    and ctx.auto_envvar_prefix is not None
+                    and self.name is not None
+                ):
+                    envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+
+            if envvar is not None:
+                var_str = (
+                    envvar
+                    if isinstance(envvar, str)
+                    else ", ".join(str(d) for d in envvar)
+                )
+                extra.append(_("env var: {var}").format(var=var_str))
+
+        # Temporarily enable resilient parsing to avoid type casting
+        # failing for the default. Might be possible to extend this to
+        # help formatting in general.
+        resilient = ctx.resilient_parsing
+        ctx.resilient_parsing = True
+
+        try:
+            default_value = self.get_default(ctx, call=False)
+        finally:
+            ctx.resilient_parsing = resilient
+
+        show_default = False
+        show_default_is_str = False
+
+        if self.show_default is not None:
+            if isinstance(self.show_default, str):
+                show_default_is_str = show_default = True
+            else:
+                show_default = self.show_default
+        elif ctx.show_default is not None:
+            show_default = ctx.show_default
+
+        if show_default_is_str or (show_default and (default_value is not None)):
+            if show_default_is_str:
+                default_string = f"({self.show_default})"
+            elif isinstance(default_value, (list, tuple)):
+                default_string = ", ".join(str(d) for d in default_value)
+            elif inspect.isfunction(default_value):
+                default_string = _("(dynamic)")
+            elif self.is_bool_flag and self.secondary_opts:
+                # For boolean flags that have distinct True/False opts,
+                # use the opt without prefix instead of the value.
+                default_string = split_opt(
+                    (self.opts if self.default else self.secondary_opts)[0]
+                )[1]
+            elif self.is_bool_flag and not self.secondary_opts and not default_value:
+                default_string = ""
+            else:
+                default_string = str(default_value)
+
+            if default_string:
+                extra.append(_("default: {default}").format(default=default_string))
+
+        if (
+            isinstance(self.type, types._NumberRangeBase)
+            # skip count with default range type
+            and not (self.count and self.type.min == 0 and self.type.max is None)
+        ):
+            range_str = self.type._describe_range()
+
+            if range_str:
+                extra.append(range_str)
+
+        if self.required:
+            extra.append(_("required"))
+
+        if extra:
+            extra_str = "; ".join(extra)
+            help = f"{help}  [{extra_str}]" if help else f"[{extra_str}]"
+
+        return ("; " if any_prefix_is_slash else " / ").join(rv), help
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        # If we're a non boolean flag our default is more complex because
+        # we need to look at all flags in the same group to figure out
+        # if we're the default one in which case we return the flag
+        # value as default.
+        if self.is_flag and not self.is_bool_flag:
+            for param in ctx.command.params:
+                if param.name == self.name and param.default:
+                    return t.cast(Option, param).flag_value
+
+            return None
+
+        return super().get_default(ctx, call=call)
+
+    def prompt_for_value(self, ctx: Context) -> t.Any:
+        """This is an alternative flow that can be activated in the full
+        value processing if a value does not exist.  It will prompt the
+        user until a valid value exists and then returns the processed
+        value as result.
+        """
+        assert self.prompt is not None
+
+        # Calculate the default before prompting anything to be stable.
+        default = self.get_default(ctx)
+
+        # If this is a prompt for a flag we need to handle this
+        # differently.
+        if self.is_bool_flag:
+            return confirm(self.prompt, default)
+
+        return prompt(
+            self.prompt,
+            default=default,
+            type=self.type,
+            hide_input=self.hide_input,
+            show_choices=self.show_choices,
+            confirmation_prompt=self.confirmation_prompt,
+            value_proc=lambda x: self.process_value(ctx, x),
+        )
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        rv = super().resolve_envvar_value(ctx)
+
+        if rv is not None:
+            return rv
+
+        if (
+            self.allow_from_autoenv
+            and ctx.auto_envvar_prefix is not None
+            and self.name is not None
+        ):
+            envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+            rv = os.environ.get(envvar)
+
+            if rv:
+                return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is None:
+            return None
+
+        value_depth = (self.nargs != 1) + bool(self.multiple)
+
+        if value_depth > 0:
+            rv = self.type.split_envvar_value(rv)
+
+            if self.multiple and self.nargs != 1:
+                rv = batch(rv, self.nargs)
+
+        return rv
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, "Parameter"]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value, source = super().consume_value(ctx, opts)
+
+        # The parser will emit a sentinel value if the option can be
+        # given as a flag without a value. This is different from None
+        # to distinguish from the flag not being given at all.
+        if value is _flag_needs_value:
+            if self.prompt is not None and not ctx.resilient_parsing:
+                value = self.prompt_for_value(ctx)
+                source = ParameterSource.PROMPT
+            else:
+                value = self.flag_value
+                source = ParameterSource.COMMANDLINE
+
+        elif (
+            self.multiple
+            and value is not None
+            and any(v is _flag_needs_value for v in value)
+        ):
+            value = [self.flag_value if v is _flag_needs_value else v for v in value]
+            source = ParameterSource.COMMANDLINE
+
+        # The value wasn't set, or used the param's default, prompt if
+        # prompting is enabled.
+        elif (
+            source in {None, ParameterSource.DEFAULT}
+            and self.prompt is not None
+            and (self.required or self.prompt_required)
+            and not ctx.resilient_parsing
+        ):
+            value = self.prompt_for_value(ctx)
+            source = ParameterSource.PROMPT
+
+        return value, source
+
+
+class Argument(Parameter):
+    """Arguments are positional parameters to a command.  They generally
+    provide fewer features than options but can have infinite ``nargs``
+    and are required by default.
+
+    All parameters are passed onwards to the constructor of :class:`Parameter`.
+    """
+
+    param_type_name = "argument"
+
+    def __init__(
+        self,
+        param_decls: t.Sequence[str],
+        required: t.Optional[bool] = None,
+        **attrs: t.Any,
+    ) -> None:
+        if required is None:
+            if attrs.get("default") is not None:
+                required = False
+            else:
+                required = attrs.get("nargs", 1) > 0
+
+        if "multiple" in attrs:
+            raise TypeError("__init__() got an unexpected keyword argument 'multiple'.")
+
+        super().__init__(param_decls, required=required, **attrs)
+
+        if __debug__:
+            if self.default is not None and self.nargs == -1:
+                raise TypeError("'default' is not supported for nargs=-1.")
+
+    @property
+    def human_readable_name(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        return self.name.upper()  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        var = self.type.get_metavar(self)
+        if not var:
+            var = self.name.upper()  # type: ignore
+        if not self.required:
+            var = f"[{var}]"
+        if self.nargs != 1:
+            var += "..."
+        return var
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        if not decls:
+            if not expose_value:
+                return None, [], []
+            raise TypeError("Could not determine name for argument")
+        if len(decls) == 1:
+            name = arg = decls[0]
+            name = name.replace("-", "_").lower()
+        else:
+            raise TypeError(
+                "Arguments take exactly one parameter declaration, got"
+                f" {len(decls)}."
+            )
+        return name, [arg], []
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return [self.make_metavar()]
+
+    def get_error_hint(self, ctx: Context) -> str:
+        return f"'{self.make_metavar()}'"
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        parser.add_argument(dest=self.name, nargs=self.nargs, obj=self)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/decorators.py b/lib/go-jinja2/internal/data/darwin-arm64/click/decorators.py
new file mode 100644
index 000000000..d9bba9502
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/decorators.py
@@ -0,0 +1,561 @@
+import inspect
+import types
+import typing as t
+from functools import update_wrapper
+from gettext import gettext as _
+
+from .core import Argument
+from .core import Command
+from .core import Context
+from .core import Group
+from .core import Option
+from .core import Parameter
+from .globals import get_current_context
+from .utils import echo
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+T = t.TypeVar("T")
+_AnyCallable = t.Callable[..., t.Any]
+FC = t.TypeVar("FC", bound=t.Union[_AnyCallable, Command])
+
+
+def pass_context(f: "t.Callable[te.Concatenate[Context, P], R]") -> "t.Callable[P, R]":
+    """Marks a callback as wanting to receive the current context
+    object as first argument.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context(), *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def pass_obj(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+    """Similar to :func:`pass_context`, but only pass the object on the
+    context onwards (:attr:`Context.obj`).  This is useful if that object
+    represents the state of a nested system.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context().obj, *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def make_pass_decorator(
+    object_type: t.Type[T], ensure: bool = False
+) -> t.Callable[["t.Callable[te.Concatenate[T, P], R]"], "t.Callable[P, R]"]:
+    """Given an object type this creates a decorator that will work
+    similar to :func:`pass_obj` but instead of passing the object of the
+    current context, it will find the innermost context of type
+    :func:`object_type`.
+
+    This generates a decorator that works roughly like this::
+
+        from functools import update_wrapper
+
+        def decorator(f):
+            @pass_context
+            def new_func(ctx, *args, **kwargs):
+                obj = ctx.find_object(object_type)
+                return ctx.invoke(f, obj, *args, **kwargs)
+            return update_wrapper(new_func, f)
+        return decorator
+
+    :param object_type: the type of the object to pass.
+    :param ensure: if set to `True`, a new object will be created and
+                   remembered on the context if it's not there yet.
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[T, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+            ctx = get_current_context()
+
+            obj: t.Optional[T]
+            if ensure:
+                obj = ctx.ensure_object(object_type)
+            else:
+                obj = ctx.find_object(object_type)
+
+            if obj is None:
+                raise RuntimeError(
+                    "Managed to invoke callback without a context"
+                    f" object of type {object_type.__name__!r}"
+                    " existing."
+                )
+
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    return decorator  # type: ignore[return-value]
+
+
+def pass_meta_key(
+    key: str, *, doc_description: t.Optional[str] = None
+) -> "t.Callable[[t.Callable[te.Concatenate[t.Any, P], R]], t.Callable[P, R]]":
+    """Create a decorator that passes a key from
+    :attr:`click.Context.meta` as the first argument to the decorated
+    function.
+
+    :param key: Key in ``Context.meta`` to pass.
+    :param doc_description: Description of the object being passed,
+        inserted into the decorator's docstring. Defaults to "the 'key'
+        key from Context.meta".
+
+    .. versionadded:: 8.0
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> R:
+            ctx = get_current_context()
+            obj = ctx.meta[key]
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    if doc_description is None:
+        doc_description = f"the {key!r} key from :attr:`click.Context.meta`"
+
+    decorator.__doc__ = (
+        f"Decorator that passes {doc_description} as the first argument"
+        " to the decorated function."
+    )
+    return decorator  # type: ignore[return-value]
+
+
+CmdType = t.TypeVar("CmdType", bound=Command)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def command(name: _AnyCallable) -> Command:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @command(namearg, CommandCls, ...) or @command(namearg, cls=CommandCls, ...)
+@t.overload
+def command(
+    name: t.Optional[str],
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @command(cls=CommandCls, ...)
+@t.overload
+def command(
+    name: None = None,
+    *,
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def command(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Command]:
+    ...
+
+
+def command(
+    name: t.Union[t.Optional[str], _AnyCallable] = None,
+    cls: t.Optional[t.Type[CmdType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Command, t.Callable[[_AnyCallable], t.Union[Command, CmdType]]]:
+    r"""Creates a new :class:`Command` and uses the decorated function as
+    callback.  This will also automatically attach all decorated
+    :func:`option`\s and :func:`argument`\s as parameters to the command.
+
+    The name of the command defaults to the name of the function with
+    underscores replaced by dashes.  If you want to change that, you can
+    pass the intended name as the first argument.
+
+    All keyword arguments are forwarded to the underlying command class.
+    For the ``params`` argument, any decorated params are appended to
+    the end of the list.
+
+    Once decorated the function turns into a :class:`Command` instance
+    that can be invoked as a command line utility or be attached to a
+    command :class:`Group`.
+
+    :param name: the name of the command.  This defaults to the function
+                 name with underscores replaced by dashes.
+    :param cls: the command class to instantiate.  This defaults to
+                :class:`Command`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+
+    .. versionchanged:: 8.1
+        The ``params`` argument can be used. Decorated params are
+        appended to the end of the list.
+    """
+
+    func: t.Optional[t.Callable[[_AnyCallable], t.Any]] = None
+
+    if callable(name):
+        func = name
+        name = None
+        assert cls is None, "Use 'command(cls=cls)(callable)' to specify a class."
+        assert not attrs, "Use 'command(**kwargs)(callable)' to provide arguments."
+
+    if cls is None:
+        cls = t.cast(t.Type[CmdType], Command)
+
+    def decorator(f: _AnyCallable) -> CmdType:
+        if isinstance(f, Command):
+            raise TypeError("Attempted to convert a callback into a command twice.")
+
+        attr_params = attrs.pop("params", None)
+        params = attr_params if attr_params is not None else []
+
+        try:
+            decorator_params = f.__click_params__  # type: ignore
+        except AttributeError:
+            pass
+        else:
+            del f.__click_params__  # type: ignore
+            params.extend(reversed(decorator_params))
+
+        if attrs.get("help") is None:
+            attrs["help"] = f.__doc__
+
+        if t.TYPE_CHECKING:
+            assert cls is not None
+            assert not callable(name)
+
+        cmd = cls(
+            name=name or f.__name__.lower().replace("_", "-"),
+            callback=f,
+            params=params,
+            **attrs,
+        )
+        cmd.__doc__ = f.__doc__
+        return cmd
+
+    if func is not None:
+        return decorator(func)
+
+    return decorator
+
+
+GrpType = t.TypeVar("GrpType", bound=Group)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def group(name: _AnyCallable) -> Group:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @group(namearg, GroupCls, ...) or @group(namearg, cls=GroupCls, ...)
+@t.overload
+def group(
+    name: t.Optional[str],
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @group(cmd=GroupCls, ...)
+@t.overload
+def group(
+    name: None = None,
+    *,
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def group(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Group]:
+    ...
+
+
+def group(
+    name: t.Union[str, _AnyCallable, None] = None,
+    cls: t.Optional[t.Type[GrpType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Group, t.Callable[[_AnyCallable], t.Union[Group, GrpType]]]:
+    """Creates a new :class:`Group` with a function as callback.  This
+    works otherwise the same as :func:`command` just that the `cls`
+    parameter is set to :class:`Group`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+    """
+    if cls is None:
+        cls = t.cast(t.Type[GrpType], Group)
+
+    if callable(name):
+        return command(cls=cls, **attrs)(name)
+
+    return command(name, cls, **attrs)
+
+
+def _param_memo(f: t.Callable[..., t.Any], param: Parameter) -> None:
+    if isinstance(f, Command):
+        f.params.append(param)
+    else:
+        if not hasattr(f, "__click_params__"):
+            f.__click_params__ = []  # type: ignore
+
+        f.__click_params__.append(param)  # type: ignore
+
+
+def argument(
+    *param_decls: str, cls: t.Optional[t.Type[Argument]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an argument to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Argument`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Argument` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default argument class, refer to :class:`Argument` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the argument class to instantiate.  This defaults to
+                :class:`Argument`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Argument
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def option(
+    *param_decls: str, cls: t.Optional[t.Type[Option]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an option to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Option`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Option` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default option class, refer to :class:`Option` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the option class to instantiate.  This defaults to
+                :class:`Option`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Option
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def confirmation_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--yes`` option which shows a prompt before continuing if
+    not passed. If the prompt is declined, the program will exit.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--yes"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value:
+            ctx.abort()
+
+    if not param_decls:
+        param_decls = ("--yes",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("callback", callback)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("prompt", "Do you want to continue?")
+    kwargs.setdefault("help", "Confirm the action without prompting.")
+    return option(*param_decls, **kwargs)
+
+
+def password_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--password`` option which prompts for a password, hiding
+    input and asking to enter the value again for confirmation.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--password"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+    if not param_decls:
+        param_decls = ("--password",)
+
+    kwargs.setdefault("prompt", True)
+    kwargs.setdefault("confirmation_prompt", True)
+    kwargs.setdefault("hide_input", True)
+    return option(*param_decls, **kwargs)
+
+
+def version_option(
+    version: t.Optional[str] = None,
+    *param_decls: str,
+    package_name: t.Optional[str] = None,
+    prog_name: t.Optional[str] = None,
+    message: t.Optional[str] = None,
+    **kwargs: t.Any,
+) -> t.Callable[[FC], FC]:
+    """Add a ``--version`` option which immediately prints the version
+    number and exits the program.
+
+    If ``version`` is not provided, Click will try to detect it using
+    :func:`importlib.metadata.version` to get the version for the
+    ``package_name``. On Python < 3.8, the ``importlib_metadata``
+    backport must be installed.
+
+    If ``package_name`` is not provided, Click will try to detect it by
+    inspecting the stack frames. This will be used to detect the
+    version, so it must match the name of the installed package.
+
+    :param version: The version number to show. If not provided, Click
+        will try to detect it.
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--version"``.
+    :param package_name: The package name to detect the version from. If
+        not provided, Click will try to detect it.
+    :param prog_name: The name of the CLI to show in the message. If not
+        provided, it will be detected from the command.
+    :param message: The message to show. The values ``%(prog)s``,
+        ``%(package)s``, and ``%(version)s`` are available. Defaults to
+        ``"%(prog)s, version %(version)s"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    :raise RuntimeError: ``version`` could not be detected.
+
+    .. versionchanged:: 8.0
+        Add the ``package_name`` parameter, and the ``%(package)s``
+        value for messages.
+
+    .. versionchanged:: 8.0
+        Use :mod:`importlib.metadata` instead of ``pkg_resources``. The
+        version is detected based on the package name, not the entry
+        point name. The Python package name must match the installed
+        package name, or be passed with ``package_name=``.
+    """
+    if message is None:
+        message = _("%(prog)s, version %(version)s")
+
+    if version is None and package_name is None:
+        frame = inspect.currentframe()
+        f_back = frame.f_back if frame is not None else None
+        f_globals = f_back.f_globals if f_back is not None else None
+        # break reference cycle
+        # https://docs.python.org/3/library/inspect.html#the-interpreter-stack
+        del frame
+
+        if f_globals is not None:
+            package_name = f_globals.get("__name__")
+
+            if package_name == "__main__":
+                package_name = f_globals.get("__package__")
+
+            if package_name:
+                package_name = package_name.partition(".")[0]
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        nonlocal prog_name
+        nonlocal version
+
+        if prog_name is None:
+            prog_name = ctx.find_root().info_name
+
+        if version is None and package_name is not None:
+            metadata: t.Optional[types.ModuleType]
+
+            try:
+                from importlib import metadata  # type: ignore
+            except ImportError:
+                # Python < 3.8
+                import importlib_metadata as metadata  # type: ignore
+
+            try:
+                version = metadata.version(package_name)  # type: ignore
+            except metadata.PackageNotFoundError:  # type: ignore
+                raise RuntimeError(
+                    f"{package_name!r} is not installed. Try passing"
+                    " 'package_name' instead."
+                ) from None
+
+        if version is None:
+            raise RuntimeError(
+                f"Could not determine the version for {package_name!r} automatically."
+            )
+
+        echo(
+            message % {"prog": prog_name, "package": package_name, "version": version},
+            color=ctx.color,
+        )
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--version",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show the version and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
+
+
+def help_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--help`` option which immediately prints the help page
+    and exits the program.
+
+    This is usually unnecessary, as the ``--help`` option is added to
+    each command automatically unless ``add_help_option=False`` is
+    passed.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--help"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        echo(ctx.get_help(), color=ctx.color)
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--help",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show this message and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/exceptions.py b/lib/go-jinja2/internal/data/darwin-arm64/click/exceptions.py
new file mode 100644
index 000000000..fe68a3613
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/exceptions.py
@@ -0,0 +1,288 @@
+import typing as t
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import get_text_stderr
+from .utils import echo
+from .utils import format_filename
+
+if t.TYPE_CHECKING:
+    from .core import Command
+    from .core import Context
+    from .core import Parameter
+
+
+def _join_param_hints(
+    param_hint: t.Optional[t.Union[t.Sequence[str], str]]
+) -> t.Optional[str]:
+    if param_hint is not None and not isinstance(param_hint, str):
+        return " / ".join(repr(x) for x in param_hint)
+
+    return param_hint
+
+
+class ClickException(Exception):
+    """An exception that Click can handle and show to the user."""
+
+    #: The exit code for this exception.
+    exit_code = 1
+
+    def __init__(self, message: str) -> None:
+        super().__init__(message)
+        self.message = message
+
+    def format_message(self) -> str:
+        return self.message
+
+    def __str__(self) -> str:
+        return self.message
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+
+        echo(_("Error: {message}").format(message=self.format_message()), file=file)
+
+
+class UsageError(ClickException):
+    """An internal exception that signals a usage error.  This typically
+    aborts any further handling.
+
+    :param message: the error message to display.
+    :param ctx: optionally the context that caused this error.  Click will
+                fill in the context automatically in some situations.
+    """
+
+    exit_code = 2
+
+    def __init__(self, message: str, ctx: t.Optional["Context"] = None) -> None:
+        super().__init__(message)
+        self.ctx = ctx
+        self.cmd: t.Optional["Command"] = self.ctx.command if self.ctx else None
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+        color = None
+        hint = ""
+        if (
+            self.ctx is not None
+            and self.ctx.command.get_help_option(self.ctx) is not None
+        ):
+            hint = _("Try '{command} {option}' for help.").format(
+                command=self.ctx.command_path, option=self.ctx.help_option_names[0]
+            )
+            hint = f"{hint}\n"
+        if self.ctx is not None:
+            color = self.ctx.color
+            echo(f"{self.ctx.get_usage()}\n{hint}", file=file, color=color)
+        echo(
+            _("Error: {message}").format(message=self.format_message()),
+            file=file,
+            color=color,
+        )
+
+
+class BadParameter(UsageError):
+    """An exception that formats out a standardized error message for a
+    bad parameter.  This is useful when thrown from a callback or type as
+    Click will attach contextual information to it (for instance, which
+    parameter it is).
+
+    .. versionadded:: 2.0
+
+    :param param: the parameter object that caused this error.  This can
+                  be left out, and Click will attach this info itself
+                  if possible.
+    :param param_hint: a string that shows up as parameter name.  This
+                       can be used as alternative to `param` in cases
+                       where custom validation should happen.  If it is
+                       a string it's used as such, if it's a list then
+                       each item is quoted and separated.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message, ctx)
+        self.param = param
+        self.param_hint = param_hint
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            return _("Invalid value: {message}").format(message=self.message)
+
+        return _("Invalid value for {param_hint}: {message}").format(
+            param_hint=_join_param_hints(param_hint), message=self.message
+        )
+
+
+class MissingParameter(BadParameter):
+    """Raised if click required an option or argument but it was not
+    provided when invoking the script.
+
+    .. versionadded:: 4.0
+
+    :param param_type: a string that indicates the type of the parameter.
+                       The default is to inherit the parameter type from
+                       the given `param`.  Valid values are ``'parameter'``,
+                       ``'option'`` or ``'argument'``.
+    """
+
+    def __init__(
+        self,
+        message: t.Optional[str] = None,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+        param_type: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message or "", ctx, param, param_hint)
+        self.param_type = param_type
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint: t.Optional[str] = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            param_hint = None
+
+        param_hint = _join_param_hints(param_hint)
+        param_hint = f" {param_hint}" if param_hint else ""
+
+        param_type = self.param_type
+        if param_type is None and self.param is not None:
+            param_type = self.param.param_type_name
+
+        msg = self.message
+        if self.param is not None:
+            msg_extra = self.param.type.get_missing_message(self.param)
+            if msg_extra:
+                if msg:
+                    msg += f". {msg_extra}"
+                else:
+                    msg = msg_extra
+
+        msg = f" {msg}" if msg else ""
+
+        # Translate param_type for known types.
+        if param_type == "argument":
+            missing = _("Missing argument")
+        elif param_type == "option":
+            missing = _("Missing option")
+        elif param_type == "parameter":
+            missing = _("Missing parameter")
+        else:
+            missing = _("Missing {param_type}").format(param_type=param_type)
+
+        return f"{missing}{param_hint}.{msg}"
+
+    def __str__(self) -> str:
+        if not self.message:
+            param_name = self.param.name if self.param else None
+            return _("Missing parameter: {param_name}").format(param_name=param_name)
+        else:
+            return self.message
+
+
+class NoSuchOption(UsageError):
+    """Raised if click attempted to handle an option that does not
+    exist.
+
+    .. versionadded:: 4.0
+    """
+
+    def __init__(
+        self,
+        option_name: str,
+        message: t.Optional[str] = None,
+        possibilities: t.Optional[t.Sequence[str]] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> None:
+        if message is None:
+            message = _("No such option: {name}").format(name=option_name)
+
+        super().__init__(message, ctx)
+        self.option_name = option_name
+        self.possibilities = possibilities
+
+    def format_message(self) -> str:
+        if not self.possibilities:
+            return self.message
+
+        possibility_str = ", ".join(sorted(self.possibilities))
+        suggest = ngettext(
+            "Did you mean {possibility}?",
+            "(Possible options: {possibilities})",
+            len(self.possibilities),
+        ).format(possibility=possibility_str, possibilities=possibility_str)
+        return f"{self.message} {suggest}"
+
+
+class BadOptionUsage(UsageError):
+    """Raised if an option is generally supplied but the use of the option
+    was incorrect.  This is for instance raised if the number of arguments
+    for an option is not correct.
+
+    .. versionadded:: 4.0
+
+    :param option_name: the name of the option being used incorrectly.
+    """
+
+    def __init__(
+        self, option_name: str, message: str, ctx: t.Optional["Context"] = None
+    ) -> None:
+        super().__init__(message, ctx)
+        self.option_name = option_name
+
+
+class BadArgumentUsage(UsageError):
+    """Raised if an argument is generally supplied but the use of the argument
+    was incorrect.  This is for instance raised if the number of values
+    for an argument is not correct.
+
+    .. versionadded:: 6.0
+    """
+
+
+class FileError(ClickException):
+    """Raised if a file cannot be opened."""
+
+    def __init__(self, filename: str, hint: t.Optional[str] = None) -> None:
+        if hint is None:
+            hint = _("unknown error")
+
+        super().__init__(hint)
+        self.ui_filename: str = format_filename(filename)
+        self.filename = filename
+
+    def format_message(self) -> str:
+        return _("Could not open file {filename!r}: {message}").format(
+            filename=self.ui_filename, message=self.message
+        )
+
+
+class Abort(RuntimeError):
+    """An internal signalling exception that signals Click to abort."""
+
+
+class Exit(RuntimeError):
+    """An exception that indicates that the application should exit with some
+    status code.
+
+    :param code: the status code to exit with.
+    """
+
+    __slots__ = ("exit_code",)
+
+    def __init__(self, code: int = 0) -> None:
+        self.exit_code: int = code
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/formatting.py b/lib/go-jinja2/internal/data/darwin-arm64/click/formatting.py
new file mode 100644
index 000000000..ddd2a2f82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/formatting.py
@@ -0,0 +1,301 @@
+import typing as t
+from contextlib import contextmanager
+from gettext import gettext as _
+
+from ._compat import term_len
+from .parser import split_opt
+
+# Can force a width.  This is used by the test system
+FORCED_WIDTH: t.Optional[int] = None
+
+
+def measure_table(rows: t.Iterable[t.Tuple[str, str]]) -> t.Tuple[int, ...]:
+    widths: t.Dict[int, int] = {}
+
+    for row in rows:
+        for idx, col in enumerate(row):
+            widths[idx] = max(widths.get(idx, 0), term_len(col))
+
+    return tuple(y for x, y in sorted(widths.items()))
+
+
+def iter_rows(
+    rows: t.Iterable[t.Tuple[str, str]], col_count: int
+) -> t.Iterator[t.Tuple[str, ...]]:
+    for row in rows:
+        yield row + ("",) * (col_count - len(row))
+
+
+def wrap_text(
+    text: str,
+    width: int = 78,
+    initial_indent: str = "",
+    subsequent_indent: str = "",
+    preserve_paragraphs: bool = False,
+) -> str:
+    """A helper function that intelligently wraps text.  By default, it
+    assumes that it operates on a single paragraph of text but if the
+    `preserve_paragraphs` parameter is provided it will intelligently
+    handle paragraphs (defined by two empty lines).
+
+    If paragraphs are handled, a paragraph can be prefixed with an empty
+    line containing the ``\\b`` character (``\\x08``) to indicate that
+    no rewrapping should happen in that block.
+
+    :param text: the text that should be rewrapped.
+    :param width: the maximum width for the text.
+    :param initial_indent: the initial indent that should be placed on the
+                           first line as a string.
+    :param subsequent_indent: the indent string that should be placed on
+                              each consecutive line.
+    :param preserve_paragraphs: if this flag is set then the wrapping will
+                                intelligently handle paragraphs.
+    """
+    from ._textwrap import TextWrapper
+
+    text = text.expandtabs()
+    wrapper = TextWrapper(
+        width,
+        initial_indent=initial_indent,
+        subsequent_indent=subsequent_indent,
+        replace_whitespace=False,
+    )
+    if not preserve_paragraphs:
+        return wrapper.fill(text)
+
+    p: t.List[t.Tuple[int, bool, str]] = []
+    buf: t.List[str] = []
+    indent = None
+
+    def _flush_par() -> None:
+        if not buf:
+            return
+        if buf[0].strip() == "\b":
+            p.append((indent or 0, True, "\n".join(buf[1:])))
+        else:
+            p.append((indent or 0, False, " ".join(buf)))
+        del buf[:]
+
+    for line in text.splitlines():
+        if not line:
+            _flush_par()
+            indent = None
+        else:
+            if indent is None:
+                orig_len = term_len(line)
+                line = line.lstrip()
+                indent = orig_len - term_len(line)
+            buf.append(line)
+    _flush_par()
+
+    rv = []
+    for indent, raw, text in p:
+        with wrapper.extra_indent(" " * indent):
+            if raw:
+                rv.append(wrapper.indent_only(text))
+            else:
+                rv.append(wrapper.fill(text))
+
+    return "\n\n".join(rv)
+
+
+class HelpFormatter:
+    """This class helps with formatting text-based help pages.  It's
+    usually just needed for very special internal cases, but it's also
+    exposed so that developers can write their own fancy outputs.
+
+    At present, it always writes into memory.
+
+    :param indent_increment: the additional increment for each level.
+    :param width: the width for the text.  This defaults to the terminal
+                  width clamped to a maximum of 78.
+    """
+
+    def __init__(
+        self,
+        indent_increment: int = 2,
+        width: t.Optional[int] = None,
+        max_width: t.Optional[int] = None,
+    ) -> None:
+        import shutil
+
+        self.indent_increment = indent_increment
+        if max_width is None:
+            max_width = 80
+        if width is None:
+            width = FORCED_WIDTH
+            if width is None:
+                width = max(min(shutil.get_terminal_size().columns, max_width) - 2, 50)
+        self.width = width
+        self.current_indent = 0
+        self.buffer: t.List[str] = []
+
+    def write(self, string: str) -> None:
+        """Writes a unicode string into the internal buffer."""
+        self.buffer.append(string)
+
+    def indent(self) -> None:
+        """Increases the indentation."""
+        self.current_indent += self.indent_increment
+
+    def dedent(self) -> None:
+        """Decreases the indentation."""
+        self.current_indent -= self.indent_increment
+
+    def write_usage(
+        self, prog: str, args: str = "", prefix: t.Optional[str] = None
+    ) -> None:
+        """Writes a usage line into the buffer.
+
+        :param prog: the program name.
+        :param args: whitespace separated list of arguments.
+        :param prefix: The prefix for the first line. Defaults to
+            ``"Usage: "``.
+        """
+        if prefix is None:
+            prefix = f"{_('Usage:')} "
+
+        usage_prefix = f"{prefix:>{self.current_indent}}{prog} "
+        text_width = self.width - self.current_indent
+
+        if text_width >= (term_len(usage_prefix) + 20):
+            # The arguments will fit to the right of the prefix.
+            indent = " " * term_len(usage_prefix)
+            self.write(
+                wrap_text(
+                    args,
+                    text_width,
+                    initial_indent=usage_prefix,
+                    subsequent_indent=indent,
+                )
+            )
+        else:
+            # The prefix is too long, put the arguments on the next line.
+            self.write(usage_prefix)
+            self.write("\n")
+            indent = " " * (max(self.current_indent, term_len(prefix)) + 4)
+            self.write(
+                wrap_text(
+                    args, text_width, initial_indent=indent, subsequent_indent=indent
+                )
+            )
+
+        self.write("\n")
+
+    def write_heading(self, heading: str) -> None:
+        """Writes a heading into the buffer."""
+        self.write(f"{'':>{self.current_indent}}{heading}:\n")
+
+    def write_paragraph(self) -> None:
+        """Writes a paragraph into the buffer."""
+        if self.buffer:
+            self.write("\n")
+
+    def write_text(self, text: str) -> None:
+        """Writes re-indented text into the buffer.  This rewraps and
+        preserves paragraphs.
+        """
+        indent = " " * self.current_indent
+        self.write(
+            wrap_text(
+                text,
+                self.width,
+                initial_indent=indent,
+                subsequent_indent=indent,
+                preserve_paragraphs=True,
+            )
+        )
+        self.write("\n")
+
+    def write_dl(
+        self,
+        rows: t.Sequence[t.Tuple[str, str]],
+        col_max: int = 30,
+        col_spacing: int = 2,
+    ) -> None:
+        """Writes a definition list into the buffer.  This is how options
+        and commands are usually formatted.
+
+        :param rows: a list of two item tuples for the terms and values.
+        :param col_max: the maximum width of the first column.
+        :param col_spacing: the number of spaces between the first and
+                            second column.
+        """
+        rows = list(rows)
+        widths = measure_table(rows)
+        if len(widths) != 2:
+            raise TypeError("Expected two columns for definition list")
+
+        first_col = min(widths[0], col_max) + col_spacing
+
+        for first, second in iter_rows(rows, len(widths)):
+            self.write(f"{'':>{self.current_indent}}{first}")
+            if not second:
+                self.write("\n")
+                continue
+            if term_len(first) <= first_col - col_spacing:
+                self.write(" " * (first_col - term_len(first)))
+            else:
+                self.write("\n")
+                self.write(" " * (first_col + self.current_indent))
+
+            text_width = max(self.width - first_col - 2, 10)
+            wrapped_text = wrap_text(second, text_width, preserve_paragraphs=True)
+            lines = wrapped_text.splitlines()
+
+            if lines:
+                self.write(f"{lines[0]}\n")
+
+                for line in lines[1:]:
+                    self.write(f"{'':>{first_col + self.current_indent}}{line}\n")
+            else:
+                self.write("\n")
+
+    @contextmanager
+    def section(self, name: str) -> t.Iterator[None]:
+        """Helpful context manager that writes a paragraph, a heading,
+        and the indents.
+
+        :param name: the section name that is written as heading.
+        """
+        self.write_paragraph()
+        self.write_heading(name)
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    @contextmanager
+    def indentation(self) -> t.Iterator[None]:
+        """A context manager that increases the indentation."""
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    def getvalue(self) -> str:
+        """Returns the buffer contents."""
+        return "".join(self.buffer)
+
+
+def join_options(options: t.Sequence[str]) -> t.Tuple[str, bool]:
+    """Given a list of option strings this joins them in the most appropriate
+    way and returns them in the form ``(formatted_string,
+    any_prefix_is_slash)`` where the second item in the tuple is a flag that
+    indicates if any of the option prefixes was a slash.
+    """
+    rv = []
+    any_prefix_is_slash = False
+
+    for opt in options:
+        prefix = split_opt(opt)[0]
+
+        if prefix == "/":
+            any_prefix_is_slash = True
+
+        rv.append((len(prefix), opt))
+
+    rv.sort(key=lambda x: x[0])
+    return ", ".join(x[1] for x in rv), any_prefix_is_slash
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/globals.py b/lib/go-jinja2/internal/data/darwin-arm64/click/globals.py
new file mode 100644
index 000000000..480058f10
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/globals.py
@@ -0,0 +1,68 @@
+import typing as t
+from threading import local
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+
+_local = local()
+
+
+@t.overload
+def get_current_context(silent: "te.Literal[False]" = False) -> "Context":
+    ...
+
+
+@t.overload
+def get_current_context(silent: bool = ...) -> t.Optional["Context"]:
+    ...
+
+
+def get_current_context(silent: bool = False) -> t.Optional["Context"]:
+    """Returns the current click context.  This can be used as a way to
+    access the current context object from anywhere.  This is a more implicit
+    alternative to the :func:`pass_context` decorator.  This function is
+    primarily useful for helpers such as :func:`echo` which might be
+    interested in changing its behavior based on the current context.
+
+    To push the current context, :meth:`Context.scope` can be used.
+
+    .. versionadded:: 5.0
+
+    :param silent: if set to `True` the return value is `None` if no context
+                   is available.  The default behavior is to raise a
+                   :exc:`RuntimeError`.
+    """
+    try:
+        return t.cast("Context", _local.stack[-1])
+    except (AttributeError, IndexError) as e:
+        if not silent:
+            raise RuntimeError("There is no active click context.") from e
+
+    return None
+
+
+def push_context(ctx: "Context") -> None:
+    """Pushes a new context to the current stack."""
+    _local.__dict__.setdefault("stack", []).append(ctx)
+
+
+def pop_context() -> None:
+    """Removes the top level from the stack."""
+    _local.stack.pop()
+
+
+def resolve_color_default(color: t.Optional[bool] = None) -> t.Optional[bool]:
+    """Internal helper to get the default value of the color flag.  If a
+    value is passed it's returned unchanged, otherwise it's looked up from
+    the current context.
+    """
+    if color is not None:
+        return color
+
+    ctx = get_current_context(silent=True)
+
+    if ctx is not None:
+        return ctx.color
+
+    return None
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/click/parser.py
new file mode 100644
index 000000000..5fa7adfac
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/parser.py
@@ -0,0 +1,529 @@
+"""
+This module started out as largely a copy paste from the stdlib's
+optparse module with the features removed that we do not need from
+optparse because we implement them in Click on a higher level (for
+instance type handling, help formatting and a lot more).
+
+The plan is to remove more and more from here over time.
+
+The reason this is a different module and not optparse from the stdlib
+is that there are differences in 2.x and 3.x about the error messages
+generated and optparse in the stdlib uses gettext for no good reason
+and might cause us issues.
+
+Click uses parts of optparse written by Gregory P. Ward and maintained
+by the Python Software Foundation. This is limited to code in parser.py.
+
+Copyright 2001-2006 Gregory P. Ward. All rights reserved.
+Copyright 2002-2006 Python Software Foundation. All rights reserved.
+"""
+# This code uses parts of optparse written by Gregory P. Ward and
+# maintained by the Python Software Foundation.
+# Copyright 2001-2006 Gregory P. Ward
+# Copyright 2002-2006 Python Software Foundation
+import typing as t
+from collections import deque
+from gettext import gettext as _
+from gettext import ngettext
+
+from .exceptions import BadArgumentUsage
+from .exceptions import BadOptionUsage
+from .exceptions import NoSuchOption
+from .exceptions import UsageError
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Argument as CoreArgument
+    from .core import Context
+    from .core import Option as CoreOption
+    from .core import Parameter as CoreParameter
+
+V = t.TypeVar("V")
+
+# Sentinel value that indicates an option was passed as a flag without a
+# value but is not a flag option. Option.consume_value uses this to
+# prompt or use the flag_value.
+_flag_needs_value = object()
+
+
+def _unpack_args(
+    args: t.Sequence[str], nargs_spec: t.Sequence[int]
+) -> t.Tuple[t.Sequence[t.Union[str, t.Sequence[t.Optional[str]], None]], t.List[str]]:
+    """Given an iterable of arguments and an iterable of nargs specifications,
+    it returns a tuple with all the unpacked arguments at the first index
+    and all remaining arguments as the second.
+
+    The nargs specification is the number of arguments that should be consumed
+    or `-1` to indicate that this position should eat up all the remainders.
+
+    Missing items are filled with `None`.
+    """
+    args = deque(args)
+    nargs_spec = deque(nargs_spec)
+    rv: t.List[t.Union[str, t.Tuple[t.Optional[str], ...], None]] = []
+    spos: t.Optional[int] = None
+
+    def _fetch(c: "te.Deque[V]") -> t.Optional[V]:
+        try:
+            if spos is None:
+                return c.popleft()
+            else:
+                return c.pop()
+        except IndexError:
+            return None
+
+    while nargs_spec:
+        nargs = _fetch(nargs_spec)
+
+        if nargs is None:
+            continue
+
+        if nargs == 1:
+            rv.append(_fetch(args))
+        elif nargs > 1:
+            x = [_fetch(args) for _ in range(nargs)]
+
+            # If we're reversed, we're pulling in the arguments in reverse,
+            # so we need to turn them around.
+            if spos is not None:
+                x.reverse()
+
+            rv.append(tuple(x))
+        elif nargs < 0:
+            if spos is not None:
+                raise TypeError("Cannot have two nargs < 0")
+
+            spos = len(rv)
+            rv.append(None)
+
+    # spos is the position of the wildcard (star).  If it's not `None`,
+    # we fill it with the remainder.
+    if spos is not None:
+        rv[spos] = tuple(args)
+        args = []
+        rv[spos + 1 :] = reversed(rv[spos + 1 :])
+
+    return tuple(rv), list(args)
+
+
+def split_opt(opt: str) -> t.Tuple[str, str]:
+    first = opt[:1]
+    if first.isalnum():
+        return "", opt
+    if opt[1:2] == first:
+        return opt[:2], opt[2:]
+    return first, opt[1:]
+
+
+def normalize_opt(opt: str, ctx: t.Optional["Context"]) -> str:
+    if ctx is None or ctx.token_normalize_func is None:
+        return opt
+    prefix, opt = split_opt(opt)
+    return f"{prefix}{ctx.token_normalize_func(opt)}"
+
+
+def split_arg_string(string: str) -> t.List[str]:
+    """Split an argument string as with :func:`shlex.split`, but don't
+    fail if the string is incomplete. Ignores a missing closing quote or
+    incomplete escape sequence and uses the partial token as-is.
+
+    .. code-block:: python
+
+        split_arg_string("example 'my file")
+        ["example", "my file"]
+
+        split_arg_string("example my\\")
+        ["example", "my"]
+
+    :param string: String to split.
+    """
+    import shlex
+
+    lex = shlex.shlex(string, posix=True)
+    lex.whitespace_split = True
+    lex.commenters = ""
+    out = []
+
+    try:
+        for token in lex:
+            out.append(token)
+    except ValueError:
+        # Raised when end-of-string is reached in an invalid state. Use
+        # the partial token as-is. The quote or escape character is in
+        # lex.state, not lex.token.
+        out.append(lex.token)
+
+    return out
+
+
+class Option:
+    def __init__(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ):
+        self._short_opts = []
+        self._long_opts = []
+        self.prefixes: t.Set[str] = set()
+
+        for opt in opts:
+            prefix, value = split_opt(opt)
+            if not prefix:
+                raise ValueError(f"Invalid start character for option ({opt})")
+            self.prefixes.add(prefix[0])
+            if len(prefix) == 1 and len(value) == 1:
+                self._short_opts.append(opt)
+            else:
+                self._long_opts.append(opt)
+                self.prefixes.add(prefix)
+
+        if action is None:
+            action = "store"
+
+        self.dest = dest
+        self.action = action
+        self.nargs = nargs
+        self.const = const
+        self.obj = obj
+
+    @property
+    def takes_value(self) -> bool:
+        return self.action in ("store", "append")
+
+    def process(self, value: t.Any, state: "ParsingState") -> None:
+        if self.action == "store":
+            state.opts[self.dest] = value  # type: ignore
+        elif self.action == "store_const":
+            state.opts[self.dest] = self.const  # type: ignore
+        elif self.action == "append":
+            state.opts.setdefault(self.dest, []).append(value)  # type: ignore
+        elif self.action == "append_const":
+            state.opts.setdefault(self.dest, []).append(self.const)  # type: ignore
+        elif self.action == "count":
+            state.opts[self.dest] = state.opts.get(self.dest, 0) + 1  # type: ignore
+        else:
+            raise ValueError(f"unknown action '{self.action}'")
+        state.order.append(self.obj)
+
+
+class Argument:
+    def __init__(self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1):
+        self.dest = dest
+        self.nargs = nargs
+        self.obj = obj
+
+    def process(
+        self,
+        value: t.Union[t.Optional[str], t.Sequence[t.Optional[str]]],
+        state: "ParsingState",
+    ) -> None:
+        if self.nargs > 1:
+            assert value is not None
+            holes = sum(1 for x in value if x is None)
+            if holes == len(value):
+                value = None
+            elif holes != 0:
+                raise BadArgumentUsage(
+                    _("Argument {name!r} takes {nargs} values.").format(
+                        name=self.dest, nargs=self.nargs
+                    )
+                )
+
+        if self.nargs == -1 and self.obj.envvar is not None and value == ():
+            # Replace empty tuple with None so that a value from the
+            # environment may be tried.
+            value = None
+
+        state.opts[self.dest] = value  # type: ignore
+        state.order.append(self.obj)
+
+
+class ParsingState:
+    def __init__(self, rargs: t.List[str]) -> None:
+        self.opts: t.Dict[str, t.Any] = {}
+        self.largs: t.List[str] = []
+        self.rargs = rargs
+        self.order: t.List["CoreParameter"] = []
+
+
+class OptionParser:
+    """The option parser is an internal class that is ultimately used to
+    parse options and arguments.  It's modelled after optparse and brings
+    a similar but vastly simplified API.  It should generally not be used
+    directly as the high level Click classes wrap it for you.
+
+    It's not nearly as extensible as optparse or argparse as it does not
+    implement features that are implemented on a higher level (such as
+    types or defaults).
+
+    :param ctx: optionally the :class:`~click.Context` where this parser
+                should go with.
+    """
+
+    def __init__(self, ctx: t.Optional["Context"] = None) -> None:
+        #: The :class:`~click.Context` for this parser.  This might be
+        #: `None` for some advanced use cases.
+        self.ctx = ctx
+        #: This controls how the parser deals with interspersed arguments.
+        #: If this is set to `False`, the parser will stop on the first
+        #: non-option.  Click uses this to implement nested subcommands
+        #: safely.
+        self.allow_interspersed_args: bool = True
+        #: This tells the parser how to deal with unknown options.  By
+        #: default it will error out (which is sensible), but there is a
+        #: second mode where it will ignore it and continue processing
+        #: after shifting all the unknown options into the resulting args.
+        self.ignore_unknown_options: bool = False
+
+        if ctx is not None:
+            self.allow_interspersed_args = ctx.allow_interspersed_args
+            self.ignore_unknown_options = ctx.ignore_unknown_options
+
+        self._short_opt: t.Dict[str, Option] = {}
+        self._long_opt: t.Dict[str, Option] = {}
+        self._opt_prefixes = {"-", "--"}
+        self._args: t.List[Argument] = []
+
+    def add_option(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ) -> None:
+        """Adds a new option named `dest` to the parser.  The destination
+        is not inferred (unlike with optparse) and needs to be explicitly
+        provided.  Action can be any of ``store``, ``store_const``,
+        ``append``, ``append_const`` or ``count``.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        opts = [normalize_opt(opt, self.ctx) for opt in opts]
+        option = Option(obj, opts, dest, action=action, nargs=nargs, const=const)
+        self._opt_prefixes.update(option.prefixes)
+        for opt in option._short_opts:
+            self._short_opt[opt] = option
+        for opt in option._long_opts:
+            self._long_opt[opt] = option
+
+    def add_argument(
+        self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1
+    ) -> None:
+        """Adds a positional argument named `dest` to the parser.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        self._args.append(Argument(obj, dest=dest, nargs=nargs))
+
+    def parse_args(
+        self, args: t.List[str]
+    ) -> t.Tuple[t.Dict[str, t.Any], t.List[str], t.List["CoreParameter"]]:
+        """Parses positional arguments and returns ``(values, args, order)``
+        for the parsed options and arguments as well as the leftover
+        arguments if there are any.  The order is a list of objects as they
+        appear on the command line.  If arguments appear multiple times they
+        will be memorized multiple times as well.
+        """
+        state = ParsingState(args)
+        try:
+            self._process_args_for_options(state)
+            self._process_args_for_args(state)
+        except UsageError:
+            if self.ctx is None or not self.ctx.resilient_parsing:
+                raise
+        return state.opts, state.largs, state.order
+
+    def _process_args_for_args(self, state: ParsingState) -> None:
+        pargs, args = _unpack_args(
+            state.largs + state.rargs, [x.nargs for x in self._args]
+        )
+
+        for idx, arg in enumerate(self._args):
+            arg.process(pargs[idx], state)
+
+        state.largs = args
+        state.rargs = []
+
+    def _process_args_for_options(self, state: ParsingState) -> None:
+        while state.rargs:
+            arg = state.rargs.pop(0)
+            arglen = len(arg)
+            # Double dashes always handled explicitly regardless of what
+            # prefixes are valid.
+            if arg == "--":
+                return
+            elif arg[:1] in self._opt_prefixes and arglen > 1:
+                self._process_opts(arg, state)
+            elif self.allow_interspersed_args:
+                state.largs.append(arg)
+            else:
+                state.rargs.insert(0, arg)
+                return
+
+        # Say this is the original argument list:
+        # [arg0, arg1, ..., arg(i-1), arg(i), arg(i+1), ..., arg(N-1)]
+        #                            ^
+        # (we are about to process arg(i)).
+        #
+        # Then rargs is [arg(i), ..., arg(N-1)] and largs is a *subset* of
+        # [arg0, ..., arg(i-1)] (any options and their arguments will have
+        # been removed from largs).
+        #
+        # The while loop will usually consume 1 or more arguments per pass.
+        # If it consumes 1 (eg. arg is an option that takes no arguments),
+        # then after _process_arg() is done the situation is:
+        #
+        #   largs = subset of [arg0, ..., arg(i)]
+        #   rargs = [arg(i+1), ..., arg(N-1)]
+        #
+        # If allow_interspersed_args is false, largs will always be
+        # *empty* -- still a subset of [arg0, ..., arg(i-1)], but
+        # not a very interesting subset!
+
+    def _match_long_opt(
+        self, opt: str, explicit_value: t.Optional[str], state: ParsingState
+    ) -> None:
+        if opt not in self._long_opt:
+            from difflib import get_close_matches
+
+            possibilities = get_close_matches(opt, self._long_opt)
+            raise NoSuchOption(opt, possibilities=possibilities, ctx=self.ctx)
+
+        option = self._long_opt[opt]
+        if option.takes_value:
+            # At this point it's safe to modify rargs by injecting the
+            # explicit value, because no exception is raised in this
+            # branch.  This means that the inserted value will be fully
+            # consumed.
+            if explicit_value is not None:
+                state.rargs.insert(0, explicit_value)
+
+            value = self._get_value_from_state(opt, option, state)
+
+        elif explicit_value is not None:
+            raise BadOptionUsage(
+                opt, _("Option {name!r} does not take a value.").format(name=opt)
+            )
+
+        else:
+            value = None
+
+        option.process(value, state)
+
+    def _match_short_opt(self, arg: str, state: ParsingState) -> None:
+        stop = False
+        i = 1
+        prefix = arg[0]
+        unknown_options = []
+
+        for ch in arg[1:]:
+            opt = normalize_opt(f"{prefix}{ch}", self.ctx)
+            option = self._short_opt.get(opt)
+            i += 1
+
+            if not option:
+                if self.ignore_unknown_options:
+                    unknown_options.append(ch)
+                    continue
+                raise NoSuchOption(opt, ctx=self.ctx)
+            if option.takes_value:
+                # Any characters left in arg?  Pretend they're the
+                # next arg, and stop consuming characters of arg.
+                if i < len(arg):
+                    state.rargs.insert(0, arg[i:])
+                    stop = True
+
+                value = self._get_value_from_state(opt, option, state)
+
+            else:
+                value = None
+
+            option.process(value, state)
+
+            if stop:
+                break
+
+        # If we got any unknown options we recombine the string of the
+        # remaining options and re-attach the prefix, then report that
+        # to the state as new larg.  This way there is basic combinatorics
+        # that can be achieved while still ignoring unknown arguments.
+        if self.ignore_unknown_options and unknown_options:
+            state.largs.append(f"{prefix}{''.join(unknown_options)}")
+
+    def _get_value_from_state(
+        self, option_name: str, option: Option, state: ParsingState
+    ) -> t.Any:
+        nargs = option.nargs
+
+        if len(state.rargs) < nargs:
+            if option.obj._flag_needs_value:
+                # Option allows omitting the value.
+                value = _flag_needs_value
+            else:
+                raise BadOptionUsage(
+                    option_name,
+                    ngettext(
+                        "Option {name!r} requires an argument.",
+                        "Option {name!r} requires {nargs} arguments.",
+                        nargs,
+                    ).format(name=option_name, nargs=nargs),
+                )
+        elif nargs == 1:
+            next_rarg = state.rargs[0]
+
+            if (
+                option.obj._flag_needs_value
+                and isinstance(next_rarg, str)
+                and next_rarg[:1] in self._opt_prefixes
+                and len(next_rarg) > 1
+            ):
+                # The next arg looks like the start of an option, don't
+                # use it as the value if omitting the value is allowed.
+                value = _flag_needs_value
+            else:
+                value = state.rargs.pop(0)
+        else:
+            value = tuple(state.rargs[:nargs])
+            del state.rargs[:nargs]
+
+        return value
+
+    def _process_opts(self, arg: str, state: ParsingState) -> None:
+        explicit_value = None
+        # Long option handling happens in two parts.  The first part is
+        # supporting explicitly attached values.  In any case, we will try
+        # to long match the option first.
+        if "=" in arg:
+            long_opt, explicit_value = arg.split("=", 1)
+        else:
+            long_opt = arg
+        norm_long_opt = normalize_opt(long_opt, self.ctx)
+
+        # At this point we will match the (assumed) long option through
+        # the long option matching code.  Note that this allows options
+        # like "-foo" to be matched as long options.
+        try:
+            self._match_long_opt(norm_long_opt, explicit_value, state)
+        except NoSuchOption:
+            # At this point the long option matching failed, and we need
+            # to try with short options.  However there is a special rule
+            # which says, that if we have a two character options prefix
+            # (applies to "--foo" for instance), we do not dispatch to the
+            # short option code and will instead raise the no option
+            # error.
+            if arg[:2] not in self._opt_prefixes:
+                self._match_short_opt(arg, state)
+                return
+
+            if not self.ignore_unknown_options:
+                raise
+
+            state.largs.append(arg)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/py.typed b/lib/go-jinja2/internal/data/darwin-arm64/click/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/shell_completion.py b/lib/go-jinja2/internal/data/darwin-arm64/click/shell_completion.py
new file mode 100644
index 000000000..dc9e00b9b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/shell_completion.py
@@ -0,0 +1,596 @@
+import os
+import re
+import typing as t
+from gettext import gettext as _
+
+from .core import Argument
+from .core import BaseCommand
+from .core import Context
+from .core import MultiCommand
+from .core import Option
+from .core import Parameter
+from .core import ParameterSource
+from .parser import split_arg_string
+from .utils import echo
+
+
+def shell_complete(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    complete_var: str,
+    instruction: str,
+) -> int:
+    """Perform shell completion for the given CLI program.
+
+    :param cli: Command being called.
+    :param ctx_args: Extra arguments to pass to
+        ``cli.make_context``.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+    :param instruction: Value of ``complete_var`` with the completion
+        instruction and shell, in the form ``instruction_shell``.
+    :return: Status code to exit with.
+    """
+    shell, _, instruction = instruction.partition("_")
+    comp_cls = get_completion_class(shell)
+
+    if comp_cls is None:
+        return 1
+
+    comp = comp_cls(cli, ctx_args, prog_name, complete_var)
+
+    if instruction == "source":
+        echo(comp.source())
+        return 0
+
+    if instruction == "complete":
+        echo(comp.complete())
+        return 0
+
+    return 1
+
+
+class CompletionItem:
+    """Represents a completion value and metadata about the value. The
+    default metadata is ``type`` to indicate special shell handling,
+    and ``help`` if a shell supports showing a help string next to the
+    value.
+
+    Arbitrary parameters can be passed when creating the object, and
+    accessed using ``item.attr``. If an attribute wasn't passed,
+    accessing it returns ``None``.
+
+    :param value: The completion suggestion.
+    :param type: Tells the shell script to provide special completion
+        support for the type. Click uses ``"dir"`` and ``"file"``.
+    :param help: String shown next to the value if supported.
+    :param kwargs: Arbitrary metadata. The built-in implementations
+        don't use this, but custom type completions paired with custom
+        shell support could use it.
+    """
+
+    __slots__ = ("value", "type", "help", "_info")
+
+    def __init__(
+        self,
+        value: t.Any,
+        type: str = "plain",
+        help: t.Optional[str] = None,
+        **kwargs: t.Any,
+    ) -> None:
+        self.value: t.Any = value
+        self.type: str = type
+        self.help: t.Optional[str] = help
+        self._info = kwargs
+
+    def __getattr__(self, name: str) -> t.Any:
+        return self._info.get(name)
+
+
+# Only Bash >= 4.4 has the nosort option.
+_SOURCE_BASH = """\
+%(complete_func)s() {
+    local IFS=$'\\n'
+    local response
+
+    response=$(env COMP_WORDS="${COMP_WORDS[*]}" COMP_CWORD=$COMP_CWORD \
+%(complete_var)s=bash_complete $1)
+
+    for completion in $response; do
+        IFS=',' read type value <<< "$completion"
+
+        if [[ $type == 'dir' ]]; then
+            COMPREPLY=()
+            compopt -o dirnames
+        elif [[ $type == 'file' ]]; then
+            COMPREPLY=()
+            compopt -o default
+        elif [[ $type == 'plain' ]]; then
+            COMPREPLY+=($value)
+        fi
+    done
+
+    return 0
+}
+
+%(complete_func)s_setup() {
+    complete -o nosort -F %(complete_func)s %(prog_name)s
+}
+
+%(complete_func)s_setup;
+"""
+
+_SOURCE_ZSH = """\
+#compdef %(prog_name)s
+
+%(complete_func)s() {
+    local -a completions
+    local -a completions_with_descriptions
+    local -a response
+    (( ! $+commands[%(prog_name)s] )) && return 1
+
+    response=("${(@f)$(env COMP_WORDS="${words[*]}" COMP_CWORD=$((CURRENT-1)) \
+%(complete_var)s=zsh_complete %(prog_name)s)}")
+
+    for type key descr in ${response}; do
+        if [[ "$type" == "plain" ]]; then
+            if [[ "$descr" == "_" ]]; then
+                completions+=("$key")
+            else
+                completions_with_descriptions+=("$key":"$descr")
+            fi
+        elif [[ "$type" == "dir" ]]; then
+            _path_files -/
+        elif [[ "$type" == "file" ]]; then
+            _path_files -f
+        fi
+    done
+
+    if [ -n "$completions_with_descriptions" ]; then
+        _describe -V unsorted completions_with_descriptions -U
+    fi
+
+    if [ -n "$completions" ]; then
+        compadd -U -V unsorted -a completions
+    fi
+}
+
+if [[ $zsh_eval_context[-1] == loadautofunc ]]; then
+    # autoload from fpath, call function directly
+    %(complete_func)s "$@"
+else
+    # eval/source/. command, register function for later
+    compdef %(complete_func)s %(prog_name)s
+fi
+"""
+
+_SOURCE_FISH = """\
+function %(complete_func)s;
+    set -l response (env %(complete_var)s=fish_complete COMP_WORDS=(commandline -cp) \
+COMP_CWORD=(commandline -t) %(prog_name)s);
+
+    for completion in $response;
+        set -l metadata (string split "," $completion);
+
+        if test $metadata[1] = "dir";
+            __fish_complete_directories $metadata[2];
+        else if test $metadata[1] = "file";
+            __fish_complete_path $metadata[2];
+        else if test $metadata[1] = "plain";
+            echo $metadata[2];
+        end;
+    end;
+end;
+
+complete --no-files --command %(prog_name)s --arguments \
+"(%(complete_func)s)";
+"""
+
+
+class ShellComplete:
+    """Base class for providing shell completion support. A subclass for
+    a given shell will override attributes and methods to implement the
+    completion instructions (``source`` and ``complete``).
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+
+    .. versionadded:: 8.0
+    """
+
+    name: t.ClassVar[str]
+    """Name to register the shell as with :func:`add_completion_class`.
+    This is used in completion instructions (``{name}_source`` and
+    ``{name}_complete``).
+    """
+
+    source_template: t.ClassVar[str]
+    """Completion script template formatted by :meth:`source`. This must
+    be provided by subclasses.
+    """
+
+    def __init__(
+        self,
+        cli: BaseCommand,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: str,
+    ) -> None:
+        self.cli = cli
+        self.ctx_args = ctx_args
+        self.prog_name = prog_name
+        self.complete_var = complete_var
+
+    @property
+    def func_name(self) -> str:
+        """The name of the shell function defined by the completion
+        script.
+        """
+        safe_name = re.sub(r"\W*", "", self.prog_name.replace("-", "_"), flags=re.ASCII)
+        return f"_{safe_name}_completion"
+
+    def source_vars(self) -> t.Dict[str, t.Any]:
+        """Vars for formatting :attr:`source_template`.
+
+        By default this provides ``complete_func``, ``complete_var``,
+        and ``prog_name``.
+        """
+        return {
+            "complete_func": self.func_name,
+            "complete_var": self.complete_var,
+            "prog_name": self.prog_name,
+        }
+
+    def source(self) -> str:
+        """Produce the shell script that defines the completion
+        function. By default this ``%``-style formats
+        :attr:`source_template` with the dict returned by
+        :meth:`source_vars`.
+        """
+        return self.source_template % self.source_vars()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        """Use the env vars defined by the shell script to return a
+        tuple of ``args, incomplete``. This must be implemented by
+        subclasses.
+        """
+        raise NotImplementedError
+
+    def get_completions(
+        self, args: t.List[str], incomplete: str
+    ) -> t.List[CompletionItem]:
+        """Determine the context and last complete command or parameter
+        from the complete args. Call that object's ``shell_complete``
+        method to get the completions for the incomplete value.
+
+        :param args: List of complete args before the incomplete value.
+        :param incomplete: Value being completed. May be empty.
+        """
+        ctx = _resolve_context(self.cli, self.ctx_args, self.prog_name, args)
+        obj, incomplete = _resolve_incomplete(ctx, args, incomplete)
+        return obj.shell_complete(ctx, incomplete)
+
+    def format_completion(self, item: CompletionItem) -> str:
+        """Format a completion item into the form recognized by the
+        shell script. This must be implemented by subclasses.
+
+        :param item: Completion item to format.
+        """
+        raise NotImplementedError
+
+    def complete(self) -> str:
+        """Produce the completion data to send back to the shell.
+
+        By default this calls :meth:`get_completion_args`, gets the
+        completions, then calls :meth:`format_completion` for each
+        completion.
+        """
+        args, incomplete = self.get_completion_args()
+        completions = self.get_completions(args, incomplete)
+        out = [self.format_completion(item) for item in completions]
+        return "\n".join(out)
+
+
+class BashComplete(ShellComplete):
+    """Shell completion for Bash."""
+
+    name = "bash"
+    source_template = _SOURCE_BASH
+
+    @staticmethod
+    def _check_version() -> None:
+        import subprocess
+
+        output = subprocess.run(
+            ["bash", "-c", 'echo "${BASH_VERSION}"'], stdout=subprocess.PIPE
+        )
+        match = re.search(r"^(\d+)\.(\d+)\.\d+", output.stdout.decode())
+
+        if match is not None:
+            major, minor = match.groups()
+
+            if major < "4" or major == "4" and minor < "4":
+                echo(
+                    _(
+                        "Shell completion is not supported for Bash"
+                        " versions older than 4.4."
+                    ),
+                    err=True,
+                )
+        else:
+            echo(
+                _("Couldn't detect Bash version, shell completion is not supported."),
+                err=True,
+            )
+
+    def source(self) -> str:
+        self._check_version()
+        return super().source()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type},{item.value}"
+
+
+class ZshComplete(ShellComplete):
+    """Shell completion for Zsh."""
+
+    name = "zsh"
+    source_template = _SOURCE_ZSH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type}\n{item.value}\n{item.help if item.help else '_'}"
+
+
+class FishComplete(ShellComplete):
+    """Shell completion for Fish."""
+
+    name = "fish"
+    source_template = _SOURCE_FISH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        incomplete = os.environ["COMP_CWORD"]
+        args = cwords[1:]
+
+        # Fish stores the partial word in both COMP_WORDS and
+        # COMP_CWORD, remove it from complete args.
+        if incomplete and args and args[-1] == incomplete:
+            args.pop()
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        if item.help:
+            return f"{item.type},{item.value}\t{item.help}"
+
+        return f"{item.type},{item.value}"
+
+
+ShellCompleteType = t.TypeVar("ShellCompleteType", bound=t.Type[ShellComplete])
+
+
+_available_shells: t.Dict[str, t.Type[ShellComplete]] = {
+    "bash": BashComplete,
+    "fish": FishComplete,
+    "zsh": ZshComplete,
+}
+
+
+def add_completion_class(
+    cls: ShellCompleteType, name: t.Optional[str] = None
+) -> ShellCompleteType:
+    """Register a :class:`ShellComplete` subclass under the given name.
+    The name will be provided by the completion instruction environment
+    variable during completion.
+
+    :param cls: The completion class that will handle completion for the
+        shell.
+    :param name: Name to register the class under. Defaults to the
+        class's ``name`` attribute.
+    """
+    if name is None:
+        name = cls.name
+
+    _available_shells[name] = cls
+
+    return cls
+
+
+def get_completion_class(shell: str) -> t.Optional[t.Type[ShellComplete]]:
+    """Look up a registered :class:`ShellComplete` subclass by the name
+    provided by the completion instruction environment variable. If the
+    name isn't registered, returns ``None``.
+
+    :param shell: Name the class is registered under.
+    """
+    return _available_shells.get(shell)
+
+
+def _is_incomplete_argument(ctx: Context, param: Parameter) -> bool:
+    """Determine if the given parameter is an argument that can still
+    accept values.
+
+    :param ctx: Invocation context for the command represented by the
+        parsed complete args.
+    :param param: Argument object being checked.
+    """
+    if not isinstance(param, Argument):
+        return False
+
+    assert param.name is not None
+    # Will be None if expose_value is False.
+    value = ctx.params.get(param.name)
+    return (
+        param.nargs == -1
+        or ctx.get_parameter_source(param.name) is not ParameterSource.COMMANDLINE
+        or (
+            param.nargs > 1
+            and isinstance(value, (tuple, list))
+            and len(value) < param.nargs
+        )
+    )
+
+
+def _start_of_option(ctx: Context, value: str) -> bool:
+    """Check if the value looks like the start of an option."""
+    if not value:
+        return False
+
+    c = value[0]
+    return c in ctx._opt_prefixes
+
+
+def _is_incomplete_option(ctx: Context, args: t.List[str], param: Parameter) -> bool:
+    """Determine if the given parameter is an option that needs a value.
+
+    :param args: List of complete args before the incomplete value.
+    :param param: Option object being checked.
+    """
+    if not isinstance(param, Option):
+        return False
+
+    if param.is_flag or param.count:
+        return False
+
+    last_option = None
+
+    for index, arg in enumerate(reversed(args)):
+        if index + 1 > param.nargs:
+            break
+
+        if _start_of_option(ctx, arg):
+            last_option = arg
+
+    return last_option is not None and last_option in param.opts
+
+
+def _resolve_context(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    args: t.List[str],
+) -> Context:
+    """Produce the context hierarchy starting with the command and
+    traversing the complete arguments. This only follows the commands,
+    it doesn't trigger input prompts or callbacks.
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param args: List of complete args before the incomplete value.
+    """
+    ctx_args["resilient_parsing"] = True
+    ctx = cli.make_context(prog_name, args.copy(), **ctx_args)
+    args = ctx.protected_args + ctx.args
+
+    while args:
+        command = ctx.command
+
+        if isinstance(command, MultiCommand):
+            if not command.chain:
+                name, cmd, args = command.resolve_command(ctx, args)
+
+                if cmd is None:
+                    return ctx
+
+                ctx = cmd.make_context(name, args, parent=ctx, resilient_parsing=True)
+                args = ctx.protected_args + ctx.args
+            else:
+                sub_ctx = ctx
+
+                while args:
+                    name, cmd, args = command.resolve_command(ctx, args)
+
+                    if cmd is None:
+                        return ctx
+
+                    sub_ctx = cmd.make_context(
+                        name,
+                        args,
+                        parent=ctx,
+                        allow_extra_args=True,
+                        allow_interspersed_args=False,
+                        resilient_parsing=True,
+                    )
+                    args = sub_ctx.args
+
+                ctx = sub_ctx
+                args = [*sub_ctx.protected_args, *sub_ctx.args]
+        else:
+            break
+
+    return ctx
+
+
+def _resolve_incomplete(
+    ctx: Context, args: t.List[str], incomplete: str
+) -> t.Tuple[t.Union[BaseCommand, Parameter], str]:
+    """Find the Click object that will handle the completion of the
+    incomplete value. Return the object and the incomplete value.
+
+    :param ctx: Invocation context for the command represented by
+        the parsed complete args.
+    :param args: List of complete args before the incomplete value.
+    :param incomplete: Value being completed. May be empty.
+    """
+    # Different shells treat an "=" between a long option name and
+    # value differently. Might keep the value joined, return the "="
+    # as a separate item, or return the split name and value. Always
+    # split and discard the "=" to make completion easier.
+    if incomplete == "=":
+        incomplete = ""
+    elif "=" in incomplete and _start_of_option(ctx, incomplete):
+        name, _, incomplete = incomplete.partition("=")
+        args.append(name)
+
+    # The "--" marker tells Click to stop treating values as options
+    # even if they start with the option character. If it hasn't been
+    # given and the incomplete arg looks like an option, the current
+    # command will provide option name completions.
+    if "--" not in args and _start_of_option(ctx, incomplete):
+        return ctx.command, incomplete
+
+    params = ctx.command.get_params(ctx)
+
+    # If the last complete arg is an option name with an incomplete
+    # value, the option will provide value completions.
+    for param in params:
+        if _is_incomplete_option(ctx, args, param):
+            return param, incomplete
+
+    # It's not an option name or value. The first argument without a
+    # parsed value will provide value completions.
+    for param in params:
+        if _is_incomplete_argument(ctx, param):
+            return param, incomplete
+
+    # There were no unparsed arguments, the command may be a group that
+    # will provide command name completions.
+    return ctx.command, incomplete
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/termui.py b/lib/go-jinja2/internal/data/darwin-arm64/click/termui.py
new file mode 100644
index 000000000..db7a4b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/termui.py
@@ -0,0 +1,784 @@
+import inspect
+import io
+import itertools
+import sys
+import typing as t
+from gettext import gettext as _
+
+from ._compat import isatty
+from ._compat import strip_ansi
+from .exceptions import Abort
+from .exceptions import UsageError
+from .globals import resolve_color_default
+from .types import Choice
+from .types import convert_type
+from .types import ParamType
+from .utils import echo
+from .utils import LazyFile
+
+if t.TYPE_CHECKING:
+    from ._termui_impl import ProgressBar
+
+V = t.TypeVar("V")
+
+# The prompt functions to use.  The doc tools currently override these
+# functions to customize how they work.
+visible_prompt_func: t.Callable[[str], str] = input
+
+_ansi_colors = {
+    "black": 30,
+    "red": 31,
+    "green": 32,
+    "yellow": 33,
+    "blue": 34,
+    "magenta": 35,
+    "cyan": 36,
+    "white": 37,
+    "reset": 39,
+    "bright_black": 90,
+    "bright_red": 91,
+    "bright_green": 92,
+    "bright_yellow": 93,
+    "bright_blue": 94,
+    "bright_magenta": 95,
+    "bright_cyan": 96,
+    "bright_white": 97,
+}
+_ansi_reset_all = "\033[0m"
+
+
+def hidden_prompt_func(prompt: str) -> str:
+    import getpass
+
+    return getpass.getpass(prompt)
+
+
+def _build_prompt(
+    text: str,
+    suffix: str,
+    show_default: bool = False,
+    default: t.Optional[t.Any] = None,
+    show_choices: bool = True,
+    type: t.Optional[ParamType] = None,
+) -> str:
+    prompt = text
+    if type is not None and show_choices and isinstance(type, Choice):
+        prompt += f" ({', '.join(map(str, type.choices))})"
+    if default is not None and show_default:
+        prompt = f"{prompt} [{_format_default(default)}]"
+    return f"{prompt}{suffix}"
+
+
+def _format_default(default: t.Any) -> t.Any:
+    if isinstance(default, (io.IOBase, LazyFile)) and hasattr(default, "name"):
+        return default.name
+
+    return default
+
+
+def prompt(
+    text: str,
+    default: t.Optional[t.Any] = None,
+    hide_input: bool = False,
+    confirmation_prompt: t.Union[bool, str] = False,
+    type: t.Optional[t.Union[ParamType, t.Any]] = None,
+    value_proc: t.Optional[t.Callable[[str], t.Any]] = None,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+    show_choices: bool = True,
+) -> t.Any:
+    """Prompts a user for input.  This is a convenience function that can
+    be used to prompt a user for input later.
+
+    If the user aborts the input by sending an interrupt signal, this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the text to show for the prompt.
+    :param default: the default value to use if no input happens.  If this
+                    is not given it will prompt until it's aborted.
+    :param hide_input: if this is set to true then the input value will
+                       be hidden.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value. Can be set to a string instead of ``True`` to customize
+        the message.
+    :param type: the type to use to check the value against.
+    :param value_proc: if this parameter is provided it's a function that
+                       is invoked instead of the type conversion to
+                       convert a value.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    :param show_choices: Show or hide choices if the passed type is a Choice.
+                         For example if type is a Choice of either day or week,
+                         show_choices is true and text is "Group by" then the
+                         prompt will be "Group by (day, week): ".
+
+    .. versionadded:: 8.0
+        ``confirmation_prompt`` can be a custom string.
+
+    .. versionadded:: 7.0
+        Added the ``show_choices`` parameter.
+
+    .. versionadded:: 6.0
+        Added unicode support for cmd.exe on Windows.
+
+    .. versionadded:: 4.0
+        Added the `err` parameter.
+
+    """
+
+    def prompt_func(text: str) -> str:
+        f = hidden_prompt_func if hide_input else visible_prompt_func
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(text.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            return f(" ")
+        except (KeyboardInterrupt, EOFError):
+            # getpass doesn't print a newline if the user aborts input with ^C.
+            # Allegedly this behavior is inherited from getpass(3).
+            # A doc bug has been filed at https://bugs.python.org/issue24711
+            if hide_input:
+                echo(None, err=err)
+            raise Abort() from None
+
+    if value_proc is None:
+        value_proc = convert_type(type, default)
+
+    prompt = _build_prompt(
+        text, prompt_suffix, show_default, default, show_choices, type
+    )
+
+    if confirmation_prompt:
+        if confirmation_prompt is True:
+            confirmation_prompt = _("Repeat for confirmation")
+
+        confirmation_prompt = _build_prompt(confirmation_prompt, prompt_suffix)
+
+    while True:
+        while True:
+            value = prompt_func(prompt)
+            if value:
+                break
+            elif default is not None:
+                value = default
+                break
+        try:
+            result = value_proc(value)
+        except UsageError as e:
+            if hide_input:
+                echo(_("Error: The value you entered was invalid."), err=err)
+            else:
+                echo(_("Error: {e.message}").format(e=e), err=err)  # noqa: B306
+            continue
+        if not confirmation_prompt:
+            return result
+        while True:
+            value2 = prompt_func(confirmation_prompt)
+            is_empty = not value and not value2
+            if value2 or is_empty:
+                break
+        if value == value2:
+            return result
+        echo(_("Error: The two entered values do not match."), err=err)
+
+
+def confirm(
+    text: str,
+    default: t.Optional[bool] = False,
+    abort: bool = False,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+) -> bool:
+    """Prompts for confirmation (yes/no question).
+
+    If the user aborts the input by sending a interrupt signal this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the question to ask.
+    :param default: The default value to use when no input is given. If
+        ``None``, repeat until input is given.
+    :param abort: if this is set to `True` a negative answer aborts the
+                  exception by raising :exc:`Abort`.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+
+    .. versionchanged:: 8.0
+        Repeat until input is given if ``default`` is ``None``.
+
+    .. versionadded:: 4.0
+        Added the ``err`` parameter.
+    """
+    prompt = _build_prompt(
+        text,
+        prompt_suffix,
+        show_default,
+        "y/n" if default is None else ("Y/n" if default else "y/N"),
+    )
+
+    while True:
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(prompt.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            value = visible_prompt_func(" ").lower().strip()
+        except (KeyboardInterrupt, EOFError):
+            raise Abort() from None
+        if value in ("y", "yes"):
+            rv = True
+        elif value in ("n", "no"):
+            rv = False
+        elif default is not None and value == "":
+            rv = default
+        else:
+            echo(_("Error: invalid input"), err=err)
+            continue
+        break
+    if abort and not rv:
+        raise Abort()
+    return rv
+
+
+def echo_via_pager(
+    text_or_generator: t.Union[t.Iterable[str], t.Callable[[], t.Iterable[str]], str],
+    color: t.Optional[bool] = None,
+) -> None:
+    """This function takes a text and shows it via an environment specific
+    pager on stdout.
+
+    .. versionchanged:: 3.0
+       Added the `color` flag.
+
+    :param text_or_generator: the text to page, or alternatively, a
+                              generator emitting the text to page.
+    :param color: controls if the pager supports ANSI colors or not.  The
+                  default is autodetection.
+    """
+    color = resolve_color_default(color)
+
+    if inspect.isgeneratorfunction(text_or_generator):
+        i = t.cast(t.Callable[[], t.Iterable[str]], text_or_generator)()
+    elif isinstance(text_or_generator, str):
+        i = [text_or_generator]
+    else:
+        i = iter(t.cast(t.Iterable[str], text_or_generator))
+
+    # convert every element of i to a text type if necessary
+    text_generator = (el if isinstance(el, str) else str(el) for el in i)
+
+    from ._termui_impl import pager
+
+    return pager(itertools.chain(text_generator, "\n"), color)
+
+
+def progressbar(
+    iterable: t.Optional[t.Iterable[V]] = None,
+    length: t.Optional[int] = None,
+    label: t.Optional[str] = None,
+    show_eta: bool = True,
+    show_percent: t.Optional[bool] = None,
+    show_pos: bool = False,
+    item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+    fill_char: str = "#",
+    empty_char: str = "-",
+    bar_template: str = "%(label)s  [%(bar)s]  %(info)s",
+    info_sep: str = "  ",
+    width: int = 36,
+    file: t.Optional[t.TextIO] = None,
+    color: t.Optional[bool] = None,
+    update_min_steps: int = 1,
+) -> "ProgressBar[V]":
+    """This function creates an iterable context manager that can be used
+    to iterate over something while showing a progress bar.  It will
+    either iterate over the `iterable` or `length` items (that are counted
+    up).  While iteration happens, this function will print a rendered
+    progress bar to the given `file` (defaults to stdout) and will attempt
+    to calculate remaining time and more.  By default, this progress bar
+    will not be rendered if the file is not a terminal.
+
+    The context manager creates the progress bar.  When the context
+    manager is entered the progress bar is already created.  With every
+    iteration over the progress bar, the iterable passed to the bar is
+    advanced and the bar is updated.  When the context manager exits,
+    a newline is printed and the progress bar is finalized on screen.
+
+    Note: The progress bar is currently designed for use cases where the
+    total progress can be expected to take at least several seconds.
+    Because of this, the ProgressBar class object won't display
+    progress that is considered too fast, and progress where the time
+    between steps is less than a second.
+
+    No printing must happen or the progress bar will be unintentionally
+    destroyed.
+
+    Example usage::
+
+        with progressbar(items) as bar:
+            for item in bar:
+                do_something_with(item)
+
+    Alternatively, if no iterable is specified, one can manually update the
+    progress bar through the `update()` method instead of directly
+    iterating over the progress bar.  The update method accepts the number
+    of steps to increment the bar with::
+
+        with progressbar(length=chunks.total_bytes) as bar:
+            for chunk in chunks:
+                process_chunk(chunk)
+                bar.update(chunks.bytes)
+
+    The ``update()`` method also takes an optional value specifying the
+    ``current_item`` at the new position. This is useful when used
+    together with ``item_show_func`` to customize the output for each
+    manual step::
+
+        with click.progressbar(
+            length=total_size,
+            label='Unzipping archive',
+            item_show_func=lambda a: a.filename
+        ) as bar:
+            for archive in zip_file:
+                archive.extract()
+                bar.update(archive.size, archive)
+
+    :param iterable: an iterable to iterate over.  If not provided the length
+                     is required.
+    :param length: the number of items to iterate over.  By default the
+                   progressbar will attempt to ask the iterator about its
+                   length, which might or might not work.  If an iterable is
+                   also provided this parameter can be used to override the
+                   length.  If an iterable is not provided the progress bar
+                   will iterate over a range of that length.
+    :param label: the label to show next to the progress bar.
+    :param show_eta: enables or disables the estimated time display.  This is
+                     automatically disabled if the length cannot be
+                     determined.
+    :param show_percent: enables or disables the percentage display.  The
+                         default is `True` if the iterable has a length or
+                         `False` if not.
+    :param show_pos: enables or disables the absolute position display.  The
+                     default is `False`.
+    :param item_show_func: A function called with the current item which
+        can return a string to show next to the progress bar. If the
+        function returns ``None`` nothing is shown. The current item can
+        be ``None``, such as when entering and exiting the bar.
+    :param fill_char: the character to use to show the filled part of the
+                      progress bar.
+    :param empty_char: the character to use to show the non-filled part of
+                       the progress bar.
+    :param bar_template: the format string to use as template for the bar.
+                         The parameters in it are ``label`` for the label,
+                         ``bar`` for the progress bar and ``info`` for the
+                         info section.
+    :param info_sep: the separator between multiple info items (eta etc.)
+    :param width: the width of the progress bar in characters, 0 means full
+                  terminal width
+    :param file: The file to write to. If this is not a terminal then
+        only the label is printed.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are included anywhere in the progress bar output
+                  which is not the case by default.
+    :param update_min_steps: Render only when this many updates have
+        completed. This allows tuning for very fast iterators.
+
+    .. versionchanged:: 8.0
+        Output is shown even if execution time is less than 0.5 seconds.
+
+    .. versionchanged:: 8.0
+        ``item_show_func`` shows the current item, not the previous one.
+
+    .. versionchanged:: 8.0
+        Labels are echoed if the output is not a TTY. Reverts a change
+        in 7.0 that removed all output.
+
+    .. versionadded:: 8.0
+       Added the ``update_min_steps`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter. Added the ``update`` method to
+        the object.
+
+    .. versionadded:: 2.0
+    """
+    from ._termui_impl import ProgressBar
+
+    color = resolve_color_default(color)
+    return ProgressBar(
+        iterable=iterable,
+        length=length,
+        show_eta=show_eta,
+        show_percent=show_percent,
+        show_pos=show_pos,
+        item_show_func=item_show_func,
+        fill_char=fill_char,
+        empty_char=empty_char,
+        bar_template=bar_template,
+        info_sep=info_sep,
+        file=file,
+        label=label,
+        width=width,
+        color=color,
+        update_min_steps=update_min_steps,
+    )
+
+
+def clear() -> None:
+    """Clears the terminal screen.  This will have the effect of clearing
+    the whole visible space of the terminal and moving the cursor to the
+    top left.  This does not do anything if not connected to a terminal.
+
+    .. versionadded:: 2.0
+    """
+    if not isatty(sys.stdout):
+        return
+
+    # ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
+    echo("\033[2J\033[1;1H", nl=False)
+
+
+def _interpret_color(
+    color: t.Union[int, t.Tuple[int, int, int], str], offset: int = 0
+) -> str:
+    if isinstance(color, int):
+        return f"{38 + offset};5;{color:d}"
+
+    if isinstance(color, (tuple, list)):
+        r, g, b = color
+        return f"{38 + offset};2;{r:d};{g:d};{b:d}"
+
+    return str(_ansi_colors[color] + offset)
+
+
+def style(
+    text: t.Any,
+    fg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bold: t.Optional[bool] = None,
+    dim: t.Optional[bool] = None,
+    underline: t.Optional[bool] = None,
+    overline: t.Optional[bool] = None,
+    italic: t.Optional[bool] = None,
+    blink: t.Optional[bool] = None,
+    reverse: t.Optional[bool] = None,
+    strikethrough: t.Optional[bool] = None,
+    reset: bool = True,
+) -> str:
+    """Styles a text with ANSI styles and returns the new string.  By
+    default the styling is self contained which means that at the end
+    of the string a reset code is issued.  This can be prevented by
+    passing ``reset=False``.
+
+    Examples::
+
+        click.echo(click.style('Hello World!', fg='green'))
+        click.echo(click.style('ATTENTION!', blink=True))
+        click.echo(click.style('Some things', reverse=True, fg='cyan'))
+        click.echo(click.style('More colors', fg=(255, 12, 128), bg=117))
+
+    Supported color names:
+
+    * ``black`` (might be a gray)
+    * ``red``
+    * ``green``
+    * ``yellow`` (might be an orange)
+    * ``blue``
+    * ``magenta``
+    * ``cyan``
+    * ``white`` (might be light gray)
+    * ``bright_black``
+    * ``bright_red``
+    * ``bright_green``
+    * ``bright_yellow``
+    * ``bright_blue``
+    * ``bright_magenta``
+    * ``bright_cyan``
+    * ``bright_white``
+    * ``reset`` (reset the color code only)
+
+    If the terminal supports it, color may also be specified as:
+
+    -   An integer in the interval [0, 255]. The terminal must support
+        8-bit/256-color mode.
+    -   An RGB tuple of three integers in [0, 255]. The terminal must
+        support 24-bit/true-color mode.
+
+    See https://en.wikipedia.org/wiki/ANSI_color and
+    https://gist.github.com/XVilka/8346728 for more information.
+
+    :param text: the string to style with ansi codes.
+    :param fg: if provided this will become the foreground color.
+    :param bg: if provided this will become the background color.
+    :param bold: if provided this will enable or disable bold mode.
+    :param dim: if provided this will enable or disable dim mode.  This is
+                badly supported.
+    :param underline: if provided this will enable or disable underline.
+    :param overline: if provided this will enable or disable overline.
+    :param italic: if provided this will enable or disable italic.
+    :param blink: if provided this will enable or disable blinking.
+    :param reverse: if provided this will enable or disable inverse
+                    rendering (foreground becomes background and the
+                    other way round).
+    :param strikethrough: if provided this will enable or disable
+        striking through text.
+    :param reset: by default a reset-all code is added at the end of the
+                  string which means that styles do not carry over.  This
+                  can be disabled to compose styles.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string.
+
+    .. versionchanged:: 8.0
+       Added support for 256 and RGB color codes.
+
+    .. versionchanged:: 8.0
+        Added the ``strikethrough``, ``italic``, and ``overline``
+        parameters.
+
+    .. versionchanged:: 7.0
+        Added support for bright colors.
+
+    .. versionadded:: 2.0
+    """
+    if not isinstance(text, str):
+        text = str(text)
+
+    bits = []
+
+    if fg:
+        try:
+            bits.append(f"\033[{_interpret_color(fg)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {fg!r}") from None
+
+    if bg:
+        try:
+            bits.append(f"\033[{_interpret_color(bg, 10)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {bg!r}") from None
+
+    if bold is not None:
+        bits.append(f"\033[{1 if bold else 22}m")
+    if dim is not None:
+        bits.append(f"\033[{2 if dim else 22}m")
+    if underline is not None:
+        bits.append(f"\033[{4 if underline else 24}m")
+    if overline is not None:
+        bits.append(f"\033[{53 if overline else 55}m")
+    if italic is not None:
+        bits.append(f"\033[{3 if italic else 23}m")
+    if blink is not None:
+        bits.append(f"\033[{5 if blink else 25}m")
+    if reverse is not None:
+        bits.append(f"\033[{7 if reverse else 27}m")
+    if strikethrough is not None:
+        bits.append(f"\033[{9 if strikethrough else 29}m")
+    bits.append(text)
+    if reset:
+        bits.append(_ansi_reset_all)
+    return "".join(bits)
+
+
+def unstyle(text: str) -> str:
+    """Removes ANSI styling information from a string.  Usually it's not
+    necessary to use this function as Click's echo function will
+    automatically remove styling if necessary.
+
+    .. versionadded:: 2.0
+
+    :param text: the text to remove style information from.
+    """
+    return strip_ansi(text)
+
+
+def secho(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.AnyStr]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+    **styles: t.Any,
+) -> None:
+    """This function combines :func:`echo` and :func:`style` into one
+    call.  As such the following two calls are the same::
+
+        click.secho('Hello World!', fg='green')
+        click.echo(click.style('Hello World!', fg='green'))
+
+    All keyword arguments are forwarded to the underlying functions
+    depending on which one they go with.
+
+    Non-string types will be converted to :class:`str`. However,
+    :class:`bytes` are passed directly to :meth:`echo` without applying
+    style. If you want to style bytes that represent text, call
+    :meth:`bytes.decode` first.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string. Bytes are
+        passed through without style applied.
+
+    .. versionadded:: 2.0
+    """
+    if message is not None and not isinstance(message, (bytes, bytearray)):
+        message = style(message, **styles)
+
+    return echo(message, file=file, nl=nl, err=err, color=color)
+
+
+def edit(
+    text: t.Optional[t.AnyStr] = None,
+    editor: t.Optional[str] = None,
+    env: t.Optional[t.Mapping[str, str]] = None,
+    require_save: bool = True,
+    extension: str = ".txt",
+    filename: t.Optional[str] = None,
+) -> t.Optional[t.AnyStr]:
+    r"""Edits the given text in the defined editor.  If an editor is given
+    (should be the full path to the executable but the regular operating
+    system search path is used for finding the executable) it overrides
+    the detected editor.  Optionally, some environment variables can be
+    used.  If the editor is closed without changes, `None` is returned.  In
+    case a file is edited directly the return value is always `None` and
+    `require_save` and `extension` are ignored.
+
+    If the editor cannot be opened a :exc:`UsageError` is raised.
+
+    Note for Windows: to simplify cross-platform usage, the newlines are
+    automatically converted from POSIX to Windows and vice versa.  As such,
+    the message here will have ``\n`` as newline markers.
+
+    :param text: the text to edit.
+    :param editor: optionally the editor to use.  Defaults to automatic
+                   detection.
+    :param env: environment variables to forward to the editor.
+    :param require_save: if this is true, then not saving in the editor
+                         will make the return value become `None`.
+    :param extension: the extension to tell the editor about.  This defaults
+                      to `.txt` but changing this might change syntax
+                      highlighting.
+    :param filename: if provided it will edit this file instead of the
+                     provided text contents.  It will not use a temporary
+                     file as an indirection in that case.
+    """
+    from ._termui_impl import Editor
+
+    ed = Editor(editor=editor, env=env, require_save=require_save, extension=extension)
+
+    if filename is None:
+        return ed.edit(text)
+
+    ed.edit_file(filename)
+    return None
+
+
+def launch(url: str, wait: bool = False, locate: bool = False) -> int:
+    """This function launches the given URL (or filename) in the default
+    viewer application for this file type.  If this is an executable, it
+    might launch the executable in a new session.  The return value is
+    the exit code of the launched application.  Usually, ``0`` indicates
+    success.
+
+    Examples::
+
+        click.launch('https://click.palletsprojects.com/')
+        click.launch('/my/downloaded/file', locate=True)
+
+    .. versionadded:: 2.0
+
+    :param url: URL or filename of the thing to launch.
+    :param wait: Wait for the program to exit before returning. This
+        only works if the launched program blocks. In particular,
+        ``xdg-open`` on Linux does not block.
+    :param locate: if this is set to `True` then instead of launching the
+                   application associated with the URL it will attempt to
+                   launch a file manager with the file located.  This
+                   might have weird effects if the URL does not point to
+                   the filesystem.
+    """
+    from ._termui_impl import open_url
+
+    return open_url(url, wait=wait, locate=locate)
+
+
+# If this is provided, getchar() calls into this instead.  This is used
+# for unittesting purposes.
+_getchar: t.Optional[t.Callable[[bool], str]] = None
+
+
+def getchar(echo: bool = False) -> str:
+    """Fetches a single character from the terminal and returns it.  This
+    will always return a unicode character and under certain rare
+    circumstances this might return more than one character.  The
+    situations which more than one character is returned is when for
+    whatever reason multiple characters end up in the terminal buffer or
+    standard input was not actually a terminal.
+
+    Note that this will always read from the terminal, even if something
+    is piped into the standard input.
+
+    Note for Windows: in rare cases when typing non-ASCII characters, this
+    function might wait for a second character and then return both at once.
+    This is because certain Unicode characters look like special-key markers.
+
+    .. versionadded:: 2.0
+
+    :param echo: if set to `True`, the character read will also show up on
+                 the terminal.  The default is to not show it.
+    """
+    global _getchar
+
+    if _getchar is None:
+        from ._termui_impl import getchar as f
+
+        _getchar = f
+
+    return _getchar(echo)
+
+
+def raw_terminal() -> t.ContextManager[int]:
+    from ._termui_impl import raw_terminal as f
+
+    return f()
+
+
+def pause(info: t.Optional[str] = None, err: bool = False) -> None:
+    """This command stops execution and waits for the user to press any
+    key to continue.  This is similar to the Windows batch "pause"
+    command.  If the program is not run through a terminal, this command
+    will instead do nothing.
+
+    .. versionadded:: 2.0
+
+    .. versionadded:: 4.0
+       Added the `err` parameter.
+
+    :param info: The message to print before pausing. Defaults to
+        ``"Press any key to continue..."``.
+    :param err: if set to message goes to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    """
+    if not isatty(sys.stdin) or not isatty(sys.stdout):
+        return
+
+    if info is None:
+        info = _("Press any key to continue...")
+
+    try:
+        if info:
+            echo(info, nl=False, err=err)
+        try:
+            getchar()
+        except (KeyboardInterrupt, EOFError):
+            pass
+    finally:
+        if info:
+            echo(err=err)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/testing.py b/lib/go-jinja2/internal/data/darwin-arm64/click/testing.py
new file mode 100644
index 000000000..e0df0d2a6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/testing.py
@@ -0,0 +1,479 @@
+import contextlib
+import io
+import os
+import shlex
+import shutil
+import sys
+import tempfile
+import typing as t
+from types import TracebackType
+
+from . import formatting
+from . import termui
+from . import utils
+from ._compat import _find_binary_reader
+
+if t.TYPE_CHECKING:
+    from .core import BaseCommand
+
+
+class EchoingStdin:
+    def __init__(self, input: t.BinaryIO, output: t.BinaryIO) -> None:
+        self._input = input
+        self._output = output
+        self._paused = False
+
+    def __getattr__(self, x: str) -> t.Any:
+        return getattr(self._input, x)
+
+    def _echo(self, rv: bytes) -> bytes:
+        if not self._paused:
+            self._output.write(rv)
+
+        return rv
+
+    def read(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read(n))
+
+    def read1(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read1(n))  # type: ignore
+
+    def readline(self, n: int = -1) -> bytes:
+        return self._echo(self._input.readline(n))
+
+    def readlines(self) -> t.List[bytes]:
+        return [self._echo(x) for x in self._input.readlines()]
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._echo(x) for x in self._input)
+
+    def __repr__(self) -> str:
+        return repr(self._input)
+
+
+@contextlib.contextmanager
+def _pause_echo(stream: t.Optional[EchoingStdin]) -> t.Iterator[None]:
+    if stream is None:
+        yield
+    else:
+        stream._paused = True
+        yield
+        stream._paused = False
+
+
+class _NamedTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self, buffer: t.BinaryIO, name: str, mode: str, **kwargs: t.Any
+    ) -> None:
+        super().__init__(buffer, **kwargs)
+        self._name = name
+        self._mode = mode
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def mode(self) -> str:
+        return self._mode
+
+
+def make_input_stream(
+    input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]], charset: str
+) -> t.BinaryIO:
+    # Is already an input stream.
+    if hasattr(input, "read"):
+        rv = _find_binary_reader(t.cast(t.IO[t.Any], input))
+
+        if rv is not None:
+            return rv
+
+        raise TypeError("Could not find binary reader for input stream.")
+
+    if input is None:
+        input = b""
+    elif isinstance(input, str):
+        input = input.encode(charset)
+
+    return io.BytesIO(input)
+
+
+class Result:
+    """Holds the captured result of an invoked CLI script."""
+
+    def __init__(
+        self,
+        runner: "CliRunner",
+        stdout_bytes: bytes,
+        stderr_bytes: t.Optional[bytes],
+        return_value: t.Any,
+        exit_code: int,
+        exception: t.Optional[BaseException],
+        exc_info: t.Optional[
+            t.Tuple[t.Type[BaseException], BaseException, TracebackType]
+        ] = None,
+    ):
+        #: The runner that created the result
+        self.runner = runner
+        #: The standard output as bytes.
+        self.stdout_bytes = stdout_bytes
+        #: The standard error as bytes, or None if not available
+        self.stderr_bytes = stderr_bytes
+        #: The value returned from the invoked command.
+        #:
+        #: .. versionadded:: 8.0
+        self.return_value = return_value
+        #: The exit code as integer.
+        self.exit_code = exit_code
+        #: The exception that happened if one did.
+        self.exception = exception
+        #: The traceback
+        self.exc_info = exc_info
+
+    @property
+    def output(self) -> str:
+        """The (standard) output as unicode string."""
+        return self.stdout
+
+    @property
+    def stdout(self) -> str:
+        """The standard output as unicode string."""
+        return self.stdout_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    @property
+    def stderr(self) -> str:
+        """The standard error as unicode string."""
+        if self.stderr_bytes is None:
+            raise ValueError("stderr not separately captured")
+        return self.stderr_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    def __repr__(self) -> str:
+        exc_str = repr(self.exception) if self.exception else "okay"
+        return f"<{type(self).__name__} {exc_str}>"
+
+
+class CliRunner:
+    """The CLI runner provides functionality to invoke a Click command line
+    script for unittesting purposes in a isolated environment.  This only
+    works in single-threaded systems without any concurrency as it changes the
+    global interpreter state.
+
+    :param charset: the character set for the input and output data.
+    :param env: a dictionary with environment variables for overriding.
+    :param echo_stdin: if this is set to `True`, then reading from stdin writes
+                       to stdout.  This is useful for showing examples in
+                       some circumstances.  Note that regular prompts
+                       will automatically echo the input.
+    :param mix_stderr: if this is set to `False`, then stdout and stderr are
+                       preserved as independent streams.  This is useful for
+                       Unix-philosophy apps that have predictable stdout and
+                       noisy stderr, such that each may be measured
+                       independently
+    """
+
+    def __init__(
+        self,
+        charset: str = "utf-8",
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        echo_stdin: bool = False,
+        mix_stderr: bool = True,
+    ) -> None:
+        self.charset = charset
+        self.env: t.Mapping[str, t.Optional[str]] = env or {}
+        self.echo_stdin = echo_stdin
+        self.mix_stderr = mix_stderr
+
+    def get_default_prog_name(self, cli: "BaseCommand") -> str:
+        """Given a command object it will return the default program name
+        for it.  The default is the `name` attribute or ``"root"`` if not
+        set.
+        """
+        return cli.name or "root"
+
+    def make_env(
+        self, overrides: t.Optional[t.Mapping[str, t.Optional[str]]] = None
+    ) -> t.Mapping[str, t.Optional[str]]:
+        """Returns the environment overrides for invoking a script."""
+        rv = dict(self.env)
+        if overrides:
+            rv.update(overrides)
+        return rv
+
+    @contextlib.contextmanager
+    def isolation(
+        self,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        color: bool = False,
+    ) -> t.Iterator[t.Tuple[io.BytesIO, t.Optional[io.BytesIO]]]:
+        """A context manager that sets up the isolation for invoking of a
+        command line tool.  This sets up stdin with the given input data
+        and `os.environ` with the overrides from the given dictionary.
+        This also rebinds some internals in Click to be mocked (like the
+        prompt functionality).
+
+        This is automatically done in the :meth:`invoke` method.
+
+        :param input: the input stream to put into sys.stdin.
+        :param env: the environment overrides as dictionary.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            ``stderr`` is opened with ``errors="backslashreplace"``
+            instead of the default ``"strict"``.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+        """
+        bytes_input = make_input_stream(input, self.charset)
+        echo_input = None
+
+        old_stdin = sys.stdin
+        old_stdout = sys.stdout
+        old_stderr = sys.stderr
+        old_forced_width = formatting.FORCED_WIDTH
+        formatting.FORCED_WIDTH = 80
+
+        env = self.make_env(env)
+
+        bytes_output = io.BytesIO()
+
+        if self.echo_stdin:
+            bytes_input = echo_input = t.cast(
+                t.BinaryIO, EchoingStdin(bytes_input, bytes_output)
+            )
+
+        sys.stdin = text_input = _NamedTextIOWrapper(
+            bytes_input, encoding=self.charset, name="<stdin>", mode="r"
+        )
+
+        if self.echo_stdin:
+            # Force unbuffered reads, otherwise TextIOWrapper reads a
+            # large chunk which is echoed early.
+            text_input._CHUNK_SIZE = 1  # type: ignore
+
+        sys.stdout = _NamedTextIOWrapper(
+            bytes_output, encoding=self.charset, name="<stdout>", mode="w"
+        )
+
+        bytes_error = None
+        if self.mix_stderr:
+            sys.stderr = sys.stdout
+        else:
+            bytes_error = io.BytesIO()
+            sys.stderr = _NamedTextIOWrapper(
+                bytes_error,
+                encoding=self.charset,
+                name="<stderr>",
+                mode="w",
+                errors="backslashreplace",
+            )
+
+        @_pause_echo(echo_input)  # type: ignore
+        def visible_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(prompt or "")
+            val = text_input.readline().rstrip("\r\n")
+            sys.stdout.write(f"{val}\n")
+            sys.stdout.flush()
+            return val
+
+        @_pause_echo(echo_input)  # type: ignore
+        def hidden_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(f"{prompt or ''}\n")
+            sys.stdout.flush()
+            return text_input.readline().rstrip("\r\n")
+
+        @_pause_echo(echo_input)  # type: ignore
+        def _getchar(echo: bool) -> str:
+            char = sys.stdin.read(1)
+
+            if echo:
+                sys.stdout.write(char)
+
+            sys.stdout.flush()
+            return char
+
+        default_color = color
+
+        def should_strip_ansi(
+            stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+        ) -> bool:
+            if color is None:
+                return not default_color
+            return not color
+
+        old_visible_prompt_func = termui.visible_prompt_func
+        old_hidden_prompt_func = termui.hidden_prompt_func
+        old__getchar_func = termui._getchar
+        old_should_strip_ansi = utils.should_strip_ansi  # type: ignore
+        termui.visible_prompt_func = visible_input
+        termui.hidden_prompt_func = hidden_input
+        termui._getchar = _getchar
+        utils.should_strip_ansi = should_strip_ansi  # type: ignore
+
+        old_env = {}
+        try:
+            for key, value in env.items():
+                old_env[key] = os.environ.get(key)
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            yield (bytes_output, bytes_error)
+        finally:
+            for key, value in old_env.items():
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            sys.stdout = old_stdout
+            sys.stderr = old_stderr
+            sys.stdin = old_stdin
+            termui.visible_prompt_func = old_visible_prompt_func
+            termui.hidden_prompt_func = old_hidden_prompt_func
+            termui._getchar = old__getchar_func
+            utils.should_strip_ansi = old_should_strip_ansi  # type: ignore
+            formatting.FORCED_WIDTH = old_forced_width
+
+    def invoke(
+        self,
+        cli: "BaseCommand",
+        args: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        catch_exceptions: bool = True,
+        color: bool = False,
+        **extra: t.Any,
+    ) -> Result:
+        """Invokes a command in an isolated environment.  The arguments are
+        forwarded directly to the command line script, the `extra` keyword
+        arguments are passed to the :meth:`~clickpkg.Command.main` function of
+        the command.
+
+        This returns a :class:`Result` object.
+
+        :param cli: the command to invoke
+        :param args: the arguments to invoke. It may be given as an iterable
+                     or a string. When given as string it will be interpreted
+                     as a Unix shell command. More details at
+                     :func:`shlex.split`.
+        :param input: the input data for `sys.stdin`.
+        :param env: the environment overrides.
+        :param catch_exceptions: Whether to catch any other exceptions than
+                                 ``SystemExit``.
+        :param extra: the keyword arguments to pass to :meth:`main`.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            The result object has the ``return_value`` attribute with
+            the value returned from the invoked command.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+
+        .. versionchanged:: 3.0
+            Added the ``catch_exceptions`` parameter.
+
+        .. versionchanged:: 3.0
+            The result object has the ``exc_info`` attribute with the
+            traceback if available.
+        """
+        exc_info = None
+        with self.isolation(input=input, env=env, color=color) as outstreams:
+            return_value = None
+            exception: t.Optional[BaseException] = None
+            exit_code = 0
+
+            if isinstance(args, str):
+                args = shlex.split(args)
+
+            try:
+                prog_name = extra.pop("prog_name")
+            except KeyError:
+                prog_name = self.get_default_prog_name(cli)
+
+            try:
+                return_value = cli.main(args=args or (), prog_name=prog_name, **extra)
+            except SystemExit as e:
+                exc_info = sys.exc_info()
+                e_code = t.cast(t.Optional[t.Union[int, t.Any]], e.code)
+
+                if e_code is None:
+                    e_code = 0
+
+                if e_code != 0:
+                    exception = e
+
+                if not isinstance(e_code, int):
+                    sys.stdout.write(str(e_code))
+                    sys.stdout.write("\n")
+                    e_code = 1
+
+                exit_code = e_code
+
+            except Exception as e:
+                if not catch_exceptions:
+                    raise
+                exception = e
+                exit_code = 1
+                exc_info = sys.exc_info()
+            finally:
+                sys.stdout.flush()
+                stdout = outstreams[0].getvalue()
+                if self.mix_stderr:
+                    stderr = None
+                else:
+                    stderr = outstreams[1].getvalue()  # type: ignore
+
+        return Result(
+            runner=self,
+            stdout_bytes=stdout,
+            stderr_bytes=stderr,
+            return_value=return_value,
+            exit_code=exit_code,
+            exception=exception,
+            exc_info=exc_info,  # type: ignore
+        )
+
+    @contextlib.contextmanager
+    def isolated_filesystem(
+        self, temp_dir: t.Optional[t.Union[str, "os.PathLike[str]"]] = None
+    ) -> t.Iterator[str]:
+        """A context manager that creates a temporary directory and
+        changes the current working directory to it. This isolates tests
+        that affect the contents of the CWD to prevent them from
+        interfering with each other.
+
+        :param temp_dir: Create the temporary directory under this
+            directory. If given, the created directory is not removed
+            when exiting.
+
+        .. versionchanged:: 8.0
+            Added the ``temp_dir`` parameter.
+        """
+        cwd = os.getcwd()
+        dt = tempfile.mkdtemp(dir=temp_dir)
+        os.chdir(dt)
+
+        try:
+            yield dt
+        finally:
+            os.chdir(cwd)
+
+            if temp_dir is None:
+                try:
+                    shutil.rmtree(dt)
+                except OSError:  # noqa: B014
+                    pass
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/types.py b/lib/go-jinja2/internal/data/darwin-arm64/click/types.py
new file mode 100644
index 000000000..2b1d1797f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/types.py
@@ -0,0 +1,1089 @@
+import os
+import stat
+import sys
+import typing as t
+from datetime import datetime
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import _get_argv_encoding
+from ._compat import open_stream
+from .exceptions import BadParameter
+from .utils import format_filename
+from .utils import LazyFile
+from .utils import safecall
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+    from .core import Parameter
+    from .shell_completion import CompletionItem
+
+
+class ParamType:
+    """Represents the type of a parameter. Validates and converts values
+    from the command line or Python into the correct type.
+
+    To implement a custom type, subclass and implement at least the
+    following:
+
+    -   The :attr:`name` class attribute must be set.
+    -   Calling an instance of the type with ``None`` must return
+        ``None``. This is already implemented by default.
+    -   :meth:`convert` must convert string values to the correct type.
+    -   :meth:`convert` must accept values that are already the correct
+        type.
+    -   It must be able to convert a value if the ``ctx`` and ``param``
+        arguments are ``None``. This can occur when converting prompt
+        input.
+    """
+
+    is_composite: t.ClassVar[bool] = False
+    arity: t.ClassVar[int] = 1
+
+    #: the descriptive name of this type
+    name: str
+
+    #: if a list of this type is expected and the value is pulled from a
+    #: string environment variable, this is what splits it up.  `None`
+    #: means any whitespace.  For all parameters the general rule is that
+    #: whitespace splits them up.  The exception are paths and files which
+    #: are split by ``os.path.pathsep`` by default (":" on Unix and ";" on
+    #: Windows).
+    envvar_list_splitter: t.ClassVar[t.Optional[str]] = None
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        # The class name without the "ParamType" suffix.
+        param_type = type(self).__name__.partition("ParamType")[0]
+        param_type = param_type.partition("ParameterType")[0]
+
+        # Custom subclasses might not remember to set a name.
+        if hasattr(self, "name"):
+            name = self.name
+        else:
+            name = param_type
+
+        return {"param_type": param_type, "name": name}
+
+    def __call__(
+        self,
+        value: t.Any,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> t.Any:
+        if value is not None:
+            return self.convert(value, param, ctx)
+
+    def get_metavar(self, param: "Parameter") -> t.Optional[str]:
+        """Returns the metavar default for this param if it provides one."""
+
+    def get_missing_message(self, param: "Parameter") -> t.Optional[str]:
+        """Optionally might return extra information about a missing
+        parameter.
+
+        .. versionadded:: 2.0
+        """
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        """Convert the value to the correct type. This is not called if
+        the value is ``None`` (the missing value).
+
+        This must accept string values from the command line, as well as
+        values that are already the correct type. It may also convert
+        other compatible types.
+
+        The ``param`` and ``ctx`` arguments may be ``None`` in certain
+        situations, such as when converting prompt input.
+
+        If the value cannot be converted, call :meth:`fail` with a
+        descriptive message.
+
+        :param value: The value to convert.
+        :param param: The parameter that is using this type to convert
+            its value. May be ``None``.
+        :param ctx: The current context that arrived at this value. May
+            be ``None``.
+        """
+        return value
+
+    def split_envvar_value(self, rv: str) -> t.Sequence[str]:
+        """Given a value from an environment variable this splits it up
+        into small chunks depending on the defined envvar list splitter.
+
+        If the splitter is set to `None`, which means that whitespace splits,
+        then leading and trailing whitespace is ignored.  Otherwise, leading
+        and trailing splitters usually lead to empty items being included.
+        """
+        return (rv or "").split(self.envvar_list_splitter)
+
+    def fail(
+        self,
+        message: str,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> "t.NoReturn":
+        """Helper method to fail with an invalid value message."""
+        raise BadParameter(message, ctx=ctx, param=param)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a list of
+        :class:`~click.shell_completion.CompletionItem` objects for the
+        incomplete value. Most types do not provide completions, but
+        some do, and this allows custom types to provide custom
+        completions as well.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        return []
+
+
+class CompositeParamType(ParamType):
+    is_composite = True
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        raise NotImplementedError()
+
+
+class FuncParamType(ParamType):
+    def __init__(self, func: t.Callable[[t.Any], t.Any]) -> None:
+        self.name: str = func.__name__
+        self.func = func
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["func"] = self.func
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self.func(value)
+        except ValueError:
+            try:
+                value = str(value)
+            except UnicodeError:
+                value = value.decode("utf-8", "replace")
+
+            self.fail(value, param, ctx)
+
+
+class UnprocessedParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        return value
+
+    def __repr__(self) -> str:
+        return "UNPROCESSED"
+
+
+class StringParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, bytes):
+            enc = _get_argv_encoding()
+            try:
+                value = value.decode(enc)
+            except UnicodeError:
+                fs_enc = sys.getfilesystemencoding()
+                if fs_enc != enc:
+                    try:
+                        value = value.decode(fs_enc)
+                    except UnicodeError:
+                        value = value.decode("utf-8", "replace")
+                else:
+                    value = value.decode("utf-8", "replace")
+            return value
+        return str(value)
+
+    def __repr__(self) -> str:
+        return "STRING"
+
+
+class Choice(ParamType):
+    """The choice type allows a value to be checked against a fixed set
+    of supported values. All of these values have to be strings.
+
+    You should only pass a list or tuple of choices. Other iterables
+    (like generators) may lead to surprising results.
+
+    The resulting value will always be one of the originally passed choices
+    regardless of ``case_sensitive`` or any ``ctx.token_normalize_func``
+    being specified.
+
+    See :ref:`choice-opts` for an example.
+
+    :param case_sensitive: Set to false to make choices case
+        insensitive. Defaults to true.
+    """
+
+    name = "choice"
+
+    def __init__(self, choices: t.Sequence[str], case_sensitive: bool = True) -> None:
+        self.choices = choices
+        self.case_sensitive = case_sensitive
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["choices"] = self.choices
+        info_dict["case_sensitive"] = self.case_sensitive
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        choices_str = "|".join(self.choices)
+
+        # Use curly braces to indicate a required argument.
+        if param.required and param.param_type_name == "argument":
+            return f"{{{choices_str}}}"
+
+        # Use square braces to indicate an option or optional argument.
+        return f"[{choices_str}]"
+
+    def get_missing_message(self, param: "Parameter") -> str:
+        return _("Choose from:\n\t{choices}").format(choices=",\n\t".join(self.choices))
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        # Match through normalization and case sensitivity
+        # first do token_normalize_func, then lowercase
+        # preserve original `value` to produce an accurate message in
+        # `self.fail`
+        normed_value = value
+        normed_choices = {choice: choice for choice in self.choices}
+
+        if ctx is not None and ctx.token_normalize_func is not None:
+            normed_value = ctx.token_normalize_func(value)
+            normed_choices = {
+                ctx.token_normalize_func(normed_choice): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if not self.case_sensitive:
+            normed_value = normed_value.casefold()
+            normed_choices = {
+                normed_choice.casefold(): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if normed_value in normed_choices:
+            return normed_choices[normed_value]
+
+        choices_str = ", ".join(map(repr, self.choices))
+        self.fail(
+            ngettext(
+                "{value!r} is not {choice}.",
+                "{value!r} is not one of {choices}.",
+                len(self.choices),
+            ).format(value=value, choice=choices_str, choices=choices_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return f"Choice({list(self.choices)})"
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Complete choices that start with the incomplete value.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        str_choices = map(str, self.choices)
+
+        if self.case_sensitive:
+            matched = (c for c in str_choices if c.startswith(incomplete))
+        else:
+            incomplete = incomplete.lower()
+            matched = (c for c in str_choices if c.lower().startswith(incomplete))
+
+        return [CompletionItem(c) for c in matched]
+
+
+class DateTime(ParamType):
+    """The DateTime type converts date strings into `datetime` objects.
+
+    The format strings which are checked are configurable, but default to some
+    common (non-timezone aware) ISO 8601 formats.
+
+    When specifying *DateTime* formats, you should only pass a list or a tuple.
+    Other iterables, like generators, may lead to surprising results.
+
+    The format strings are processed using ``datetime.strptime``, and this
+    consequently defines the format strings which are allowed.
+
+    Parsing is tried using each format, in order, and the first format which
+    parses successfully is used.
+
+    :param formats: A list or tuple of date format strings, in the order in
+                    which they should be tried. Defaults to
+                    ``'%Y-%m-%d'``, ``'%Y-%m-%dT%H:%M:%S'``,
+                    ``'%Y-%m-%d %H:%M:%S'``.
+    """
+
+    name = "datetime"
+
+    def __init__(self, formats: t.Optional[t.Sequence[str]] = None):
+        self.formats: t.Sequence[str] = formats or [
+            "%Y-%m-%d",
+            "%Y-%m-%dT%H:%M:%S",
+            "%Y-%m-%d %H:%M:%S",
+        ]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["formats"] = self.formats
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        return f"[{'|'.join(self.formats)}]"
+
+    def _try_to_convert_date(self, value: t.Any, format: str) -> t.Optional[datetime]:
+        try:
+            return datetime.strptime(value, format)
+        except ValueError:
+            return None
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, datetime):
+            return value
+
+        for format in self.formats:
+            converted = self._try_to_convert_date(value, format)
+
+            if converted is not None:
+                return converted
+
+        formats_str = ", ".join(map(repr, self.formats))
+        self.fail(
+            ngettext(
+                "{value!r} does not match the format {format}.",
+                "{value!r} does not match the formats {formats}.",
+                len(self.formats),
+            ).format(value=value, format=formats_str, formats=formats_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return "DateTime"
+
+
+class _NumberParamTypeBase(ParamType):
+    _number_class: t.ClassVar[t.Type[t.Any]]
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self._number_class(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid {number_type}.").format(
+                    value=value, number_type=self.name
+                ),
+                param,
+                ctx,
+            )
+
+
+class _NumberRangeBase(_NumberParamTypeBase):
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        self.min = min
+        self.max = max
+        self.min_open = min_open
+        self.max_open = max_open
+        self.clamp = clamp
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            min=self.min,
+            max=self.max,
+            min_open=self.min_open,
+            max_open=self.max_open,
+            clamp=self.clamp,
+        )
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import operator
+
+        rv = super().convert(value, param, ctx)
+        lt_min: bool = self.min is not None and (
+            operator.le if self.min_open else operator.lt
+        )(rv, self.min)
+        gt_max: bool = self.max is not None and (
+            operator.ge if self.max_open else operator.gt
+        )(rv, self.max)
+
+        if self.clamp:
+            if lt_min:
+                return self._clamp(self.min, 1, self.min_open)  # type: ignore
+
+            if gt_max:
+                return self._clamp(self.max, -1, self.max_open)  # type: ignore
+
+        if lt_min or gt_max:
+            self.fail(
+                _("{value} is not in the range {range}.").format(
+                    value=rv, range=self._describe_range()
+                ),
+                param,
+                ctx,
+            )
+
+        return rv
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        """Find the valid value to clamp to bound in the given
+        direction.
+
+        :param bound: The boundary value.
+        :param dir: 1 or -1 indicating the direction to move.
+        :param open: If true, the range does not include the bound.
+        """
+        raise NotImplementedError
+
+    def _describe_range(self) -> str:
+        """Describe the range for use in help text."""
+        if self.min is None:
+            op = "<" if self.max_open else "<="
+            return f"x{op}{self.max}"
+
+        if self.max is None:
+            op = ">" if self.min_open else ">="
+            return f"x{op}{self.min}"
+
+        lop = "<" if self.min_open else "<="
+        rop = "<" if self.max_open else "<="
+        return f"{self.min}{lop}x{rop}{self.max}"
+
+    def __repr__(self) -> str:
+        clamp = " clamped" if self.clamp else ""
+        return f"<{type(self).__name__} {self._describe_range()}{clamp}>"
+
+
+class IntParamType(_NumberParamTypeBase):
+    name = "integer"
+    _number_class = int
+
+    def __repr__(self) -> str:
+        return "INT"
+
+
+class IntRange(_NumberRangeBase, IntParamType):
+    """Restrict an :data:`click.INT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "integer range"
+
+    def _clamp(  # type: ignore
+        self, bound: int, dir: "te.Literal[1, -1]", open: bool
+    ) -> int:
+        if not open:
+            return bound
+
+        return bound + dir
+
+
+class FloatParamType(_NumberParamTypeBase):
+    name = "float"
+    _number_class = float
+
+    def __repr__(self) -> str:
+        return "FLOAT"
+
+
+class FloatRange(_NumberRangeBase, FloatParamType):
+    """Restrict a :data:`click.FLOAT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing. This is not supported if either
+    boundary is marked ``open``.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "float range"
+
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        super().__init__(
+            min=min, max=max, min_open=min_open, max_open=max_open, clamp=clamp
+        )
+
+        if (min_open or max_open) and clamp:
+            raise TypeError("Clamping is not supported for open bounds.")
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        if not open:
+            return bound
+
+        # Could use Python 3.9's math.nextafter here, but clamping an
+        # open float range doesn't seem to be particularly useful. It's
+        # left up to the user to write a callback to do it if needed.
+        raise RuntimeError("Clamping is not supported for open bounds.")
+
+
+class BoolParamType(ParamType):
+    name = "boolean"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if value in {False, True}:
+            return bool(value)
+
+        norm = value.strip().lower()
+
+        if norm in {"1", "true", "t", "yes", "y", "on"}:
+            return True
+
+        if norm in {"0", "false", "f", "no", "n", "off"}:
+            return False
+
+        self.fail(
+            _("{value!r} is not a valid boolean.").format(value=value), param, ctx
+        )
+
+    def __repr__(self) -> str:
+        return "BOOL"
+
+
+class UUIDParameterType(ParamType):
+    name = "uuid"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import uuid
+
+        if isinstance(value, uuid.UUID):
+            return value
+
+        value = value.strip()
+
+        try:
+            return uuid.UUID(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid UUID.").format(value=value), param, ctx
+            )
+
+    def __repr__(self) -> str:
+        return "UUID"
+
+
+class File(ParamType):
+    """Declares a parameter to be a file for reading or writing.  The file
+    is automatically closed once the context tears down (after the command
+    finished working).
+
+    Files can be opened for reading or writing.  The special value ``-``
+    indicates stdin or stdout depending on the mode.
+
+    By default, the file is opened for reading text data, but it can also be
+    opened in binary mode or for writing.  The encoding parameter can be used
+    to force a specific encoding.
+
+    The `lazy` flag controls if the file should be opened immediately or upon
+    first IO. The default is to be non-lazy for standard input and output
+    streams as well as files opened for reading, `lazy` otherwise. When opening a
+    file lazily for reading, it is still opened temporarily for validation, but
+    will not be held open until first IO. lazy is mainly useful when opening
+    for writing to avoid creating the file until it is needed.
+
+    Starting with Click 2.0, files can also be opened atomically in which
+    case all writes go into a separate file in the same folder and upon
+    completion the file will be moved over to the original location.  This
+    is useful if a file regularly read by other users is modified.
+
+    See :ref:`file-args` for more information.
+    """
+
+    name = "filename"
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        lazy: t.Optional[bool] = None,
+        atomic: bool = False,
+    ) -> None:
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.lazy = lazy
+        self.atomic = atomic
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(mode=self.mode, encoding=self.encoding)
+        return info_dict
+
+    def resolve_lazy_flag(self, value: "t.Union[str, os.PathLike[str]]") -> bool:
+        if self.lazy is not None:
+            return self.lazy
+        if os.fspath(value) == "-":
+            return False
+        elif "w" in self.mode:
+            return True
+        return False
+
+    def convert(
+        self,
+        value: t.Union[str, "os.PathLike[str]", t.IO[t.Any]],
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> t.IO[t.Any]:
+        if _is_file_like(value):
+            return value
+
+        value = t.cast("t.Union[str, os.PathLike[str]]", value)
+
+        try:
+            lazy = self.resolve_lazy_flag(value)
+
+            if lazy:
+                lf = LazyFile(
+                    value, self.mode, self.encoding, self.errors, atomic=self.atomic
+                )
+
+                if ctx is not None:
+                    ctx.call_on_close(lf.close_intelligently)
+
+                return t.cast(t.IO[t.Any], lf)
+
+            f, should_close = open_stream(
+                value, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+
+            # If a context is provided, we automatically close the file
+            # at the end of the context execution (or flush out).  If a
+            # context does not exist, it's the caller's responsibility to
+            # properly close the file.  This for instance happens when the
+            # type is used with prompts.
+            if ctx is not None:
+                if should_close:
+                    ctx.call_on_close(safecall(f.close))
+                else:
+                    ctx.call_on_close(safecall(f.flush))
+
+            return f
+        except OSError as e:  # noqa: B014
+            self.fail(f"'{format_filename(value)}': {e.strerror}", param, ctx)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide file path completions.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        return [CompletionItem(incomplete, type="file")]
+
+
+def _is_file_like(value: t.Any) -> "te.TypeGuard[t.IO[t.Any]]":
+    return hasattr(value, "read") or hasattr(value, "write")
+
+
+class Path(ParamType):
+    """The ``Path`` type is similar to the :class:`File` type, but
+    returns the filename instead of an open file. Various checks can be
+    enabled to validate the type of file and permissions.
+
+    :param exists: The file or directory needs to exist for the value to
+        be valid. If this is not set to ``True``, and the file does not
+        exist, then all further checks are silently skipped.
+    :param file_okay: Allow a file as a value.
+    :param dir_okay: Allow a directory as a value.
+    :param readable: if true, a readable check is performed.
+    :param writable: if true, a writable check is performed.
+    :param executable: if true, an executable check is performed.
+    :param resolve_path: Make the value absolute and resolve any
+        symlinks. A ``~`` is not expanded, as this is supposed to be
+        done by the shell only.
+    :param allow_dash: Allow a single dash as a value, which indicates
+        a standard stream (but does not open it). Use
+        :func:`~click.open_file` to handle opening this value.
+    :param path_type: Convert the incoming path value to this type. If
+        ``None``, keep Python's default, which is ``str``. Useful to
+        convert to :class:`pathlib.Path`.
+
+    .. versionchanged:: 8.1
+        Added the ``executable`` parameter.
+
+    .. versionchanged:: 8.0
+        Allow passing ``path_type=pathlib.Path``.
+
+    .. versionchanged:: 6.0
+        Added the ``allow_dash`` parameter.
+    """
+
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        exists: bool = False,
+        file_okay: bool = True,
+        dir_okay: bool = True,
+        writable: bool = False,
+        readable: bool = True,
+        resolve_path: bool = False,
+        allow_dash: bool = False,
+        path_type: t.Optional[t.Type[t.Any]] = None,
+        executable: bool = False,
+    ):
+        self.exists = exists
+        self.file_okay = file_okay
+        self.dir_okay = dir_okay
+        self.readable = readable
+        self.writable = writable
+        self.executable = executable
+        self.resolve_path = resolve_path
+        self.allow_dash = allow_dash
+        self.type = path_type
+
+        if self.file_okay and not self.dir_okay:
+            self.name: str = _("file")
+        elif self.dir_okay and not self.file_okay:
+            self.name = _("directory")
+        else:
+            self.name = _("path")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            exists=self.exists,
+            file_okay=self.file_okay,
+            dir_okay=self.dir_okay,
+            writable=self.writable,
+            readable=self.readable,
+            allow_dash=self.allow_dash,
+        )
+        return info_dict
+
+    def coerce_path_result(
+        self, value: "t.Union[str, os.PathLike[str]]"
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        if self.type is not None and not isinstance(value, self.type):
+            if self.type is str:
+                return os.fsdecode(value)
+            elif self.type is bytes:
+                return os.fsencode(value)
+            else:
+                return t.cast("os.PathLike[str]", self.type(value))
+
+        return value
+
+    def convert(
+        self,
+        value: "t.Union[str, os.PathLike[str]]",
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        rv = value
+
+        is_dash = self.file_okay and self.allow_dash and rv in (b"-", "-")
+
+        if not is_dash:
+            if self.resolve_path:
+                # os.path.realpath doesn't resolve symlinks on Windows
+                # until Python 3.8. Use pathlib for now.
+                import pathlib
+
+                rv = os.fsdecode(pathlib.Path(rv).resolve())
+
+            try:
+                st = os.stat(rv)
+            except OSError:
+                if not self.exists:
+                    return self.coerce_path_result(rv)
+                self.fail(
+                    _("{name} {filename!r} does not exist.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if not self.file_okay and stat.S_ISREG(st.st_mode):
+                self.fail(
+                    _("{name} {filename!r} is a file.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+            if not self.dir_okay and stat.S_ISDIR(st.st_mode):
+                self.fail(
+                    _("{name} '{filename}' is a directory.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.readable and not os.access(rv, os.R_OK):
+                self.fail(
+                    _("{name} {filename!r} is not readable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.writable and not os.access(rv, os.W_OK):
+                self.fail(
+                    _("{name} {filename!r} is not writable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.executable and not os.access(value, os.X_OK):
+                self.fail(
+                    _("{name} {filename!r} is not executable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+        return self.coerce_path_result(rv)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide path completions for only
+        directories or any paths.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        type = "dir" if self.dir_okay and not self.file_okay else "file"
+        return [CompletionItem(incomplete, type=type)]
+
+
+class Tuple(CompositeParamType):
+    """The default behavior of Click is to apply a type on a value directly.
+    This works well in most cases, except for when `nargs` is set to a fixed
+    count and different types should be used for different items.  In this
+    case the :class:`Tuple` type can be used.  This type can only be used
+    if `nargs` is set to a fixed number.
+
+    For more information see :ref:`tuple-type`.
+
+    This can be selected by using a Python tuple literal as a type.
+
+    :param types: a list of types that should be used for the tuple items.
+    """
+
+    def __init__(self, types: t.Sequence[t.Union[t.Type[t.Any], ParamType]]) -> None:
+        self.types: t.Sequence[ParamType] = [convert_type(ty) for ty in types]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["types"] = [t.to_info_dict() for t in self.types]
+        return info_dict
+
+    @property
+    def name(self) -> str:  # type: ignore
+        return f"<{' '.join(ty.name for ty in self.types)}>"
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        return len(self.types)
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        len_type = len(self.types)
+        len_value = len(value)
+
+        if len_value != len_type:
+            self.fail(
+                ngettext(
+                    "{len_type} values are required, but {len_value} was given.",
+                    "{len_type} values are required, but {len_value} were given.",
+                    len_value,
+                ).format(len_type=len_type, len_value=len_value),
+                param=param,
+                ctx=ctx,
+            )
+
+        return tuple(ty(x, param, ctx) for ty, x in zip(self.types, value))
+
+
+def convert_type(ty: t.Optional[t.Any], default: t.Optional[t.Any] = None) -> ParamType:
+    """Find the most appropriate :class:`ParamType` for the given Python
+    type. If the type isn't provided, it can be inferred from a default
+    value.
+    """
+    guessed_type = False
+
+    if ty is None and default is not None:
+        if isinstance(default, (tuple, list)):
+            # If the default is empty, ty will remain None and will
+            # return STRING.
+            if default:
+                item = default[0]
+
+                # A tuple of tuples needs to detect the inner types.
+                # Can't call convert recursively because that would
+                # incorrectly unwind the tuple to a single type.
+                if isinstance(item, (tuple, list)):
+                    ty = tuple(map(type, item))
+                else:
+                    ty = type(item)
+        else:
+            ty = type(default)
+
+        guessed_type = True
+
+    if isinstance(ty, tuple):
+        return Tuple(ty)
+
+    if isinstance(ty, ParamType):
+        return ty
+
+    if ty is str or ty is None:
+        return STRING
+
+    if ty is int:
+        return INT
+
+    if ty is float:
+        return FLOAT
+
+    if ty is bool:
+        return BOOL
+
+    if guessed_type:
+        return STRING
+
+    if __debug__:
+        try:
+            if issubclass(ty, ParamType):
+                raise AssertionError(
+                    f"Attempted to use an uninstantiated parameter type ({ty})."
+                )
+        except TypeError:
+            # ty is an instance (correct), so issubclass fails.
+            pass
+
+    return FuncParamType(ty)
+
+
+#: A dummy parameter type that just does nothing.  From a user's
+#: perspective this appears to just be the same as `STRING` but
+#: internally no string conversion takes place if the input was bytes.
+#: This is usually useful when working with file paths as they can
+#: appear in bytes and unicode.
+#:
+#: For path related uses the :class:`Path` type is a better choice but
+#: there are situations where an unprocessed type is useful which is why
+#: it is is provided.
+#:
+#: .. versionadded:: 4.0
+UNPROCESSED = UnprocessedParamType()
+
+#: A unicode string parameter type which is the implicit default.  This
+#: can also be selected by using ``str`` as type.
+STRING = StringParamType()
+
+#: An integer parameter.  This can also be selected by using ``int`` as
+#: type.
+INT = IntParamType()
+
+#: A floating point value parameter.  This can also be selected by using
+#: ``float`` as type.
+FLOAT = FloatParamType()
+
+#: A boolean parameter.  This is the default for boolean flags.  This can
+#: also be selected by using ``bool`` as a type.
+BOOL = BoolParamType()
+
+#: A UUID parameter.
+UUID = UUIDParameterType()
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/click/utils.py b/lib/go-jinja2/internal/data/darwin-arm64/click/utils.py
new file mode 100644
index 000000000..d536434f0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/click/utils.py
@@ -0,0 +1,624 @@
+import os
+import re
+import sys
+import typing as t
+from functools import update_wrapper
+from types import ModuleType
+from types import TracebackType
+
+from ._compat import _default_text_stderr
+from ._compat import _default_text_stdout
+from ._compat import _find_binary_writer
+from ._compat import auto_wrap_for_ansi
+from ._compat import binary_streams
+from ._compat import open_stream
+from ._compat import should_strip_ansi
+from ._compat import strip_ansi
+from ._compat import text_streams
+from ._compat import WIN
+from .globals import resolve_color_default
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+
+
+def _posixify(name: str) -> str:
+    return "-".join(name.split()).lower()
+
+
+def safecall(func: "t.Callable[P, R]") -> "t.Callable[P, t.Optional[R]]":
+    """Wraps a function so that it swallows exceptions."""
+
+    def wrapper(*args: "P.args", **kwargs: "P.kwargs") -> t.Optional[R]:
+        try:
+            return func(*args, **kwargs)
+        except Exception:
+            pass
+        return None
+
+    return update_wrapper(wrapper, func)
+
+
+def make_str(value: t.Any) -> str:
+    """Converts a value into a valid string."""
+    if isinstance(value, bytes):
+        try:
+            return value.decode(sys.getfilesystemencoding())
+        except UnicodeError:
+            return value.decode("utf-8", "replace")
+    return str(value)
+
+
+def make_default_short_help(help: str, max_length: int = 45) -> str:
+    """Returns a condensed version of help string."""
+    # Consider only the first paragraph.
+    paragraph_end = help.find("\n\n")
+
+    if paragraph_end != -1:
+        help = help[:paragraph_end]
+
+    # Collapse newlines, tabs, and spaces.
+    words = help.split()
+
+    if not words:
+        return ""
+
+    # The first paragraph started with a "no rewrap" marker, ignore it.
+    if words[0] == "\b":
+        words = words[1:]
+
+    total_length = 0
+    last_index = len(words) - 1
+
+    for i, word in enumerate(words):
+        total_length += len(word) + (i > 0)
+
+        if total_length > max_length:  # too long, truncate
+            break
+
+        if word[-1] == ".":  # sentence end, truncate without "..."
+            return " ".join(words[: i + 1])
+
+        if total_length == max_length and i != last_index:
+            break  # not at sentence end, truncate with "..."
+    else:
+        return " ".join(words)  # no truncation needed
+
+    # Account for the length of the suffix.
+    total_length += len("...")
+
+    # remove words until the length is short enough
+    while i > 0:
+        total_length -= len(words[i]) + (i > 0)
+
+        if total_length <= max_length:
+            break
+
+        i -= 1
+
+    return " ".join(words[:i]) + "..."
+
+
+class LazyFile:
+    """A lazy file works like a regular file but it does not fully open
+    the file but it does perform some basic checks early to see if the
+    filename parameter does make sense.  This is useful for safely opening
+    files for writing.
+    """
+
+    def __init__(
+        self,
+        filename: t.Union[str, "os.PathLike[str]"],
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        atomic: bool = False,
+    ):
+        self.name: str = os.fspath(filename)
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.atomic = atomic
+        self._f: t.Optional[t.IO[t.Any]]
+        self.should_close: bool
+
+        if self.name == "-":
+            self._f, self.should_close = open_stream(filename, mode, encoding, errors)
+        else:
+            if "r" in mode:
+                # Open and close the file in case we're opening it for
+                # reading so that we can catch at least some errors in
+                # some cases early.
+                open(filename, mode).close()
+            self._f = None
+            self.should_close = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self.open(), name)
+
+    def __repr__(self) -> str:
+        if self._f is not None:
+            return repr(self._f)
+        return f"<unopened file '{format_filename(self.name)}' {self.mode}>"
+
+    def open(self) -> t.IO[t.Any]:
+        """Opens the file if it's not yet open.  This call might fail with
+        a :exc:`FileError`.  Not handling this error will produce an error
+        that Click shows.
+        """
+        if self._f is not None:
+            return self._f
+        try:
+            rv, self.should_close = open_stream(
+                self.name, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+        except OSError as e:  # noqa: E402
+            from .exceptions import FileError
+
+            raise FileError(self.name, hint=e.strerror) from e
+        self._f = rv
+        return rv
+
+    def close(self) -> None:
+        """Closes the underlying file, no matter what."""
+        if self._f is not None:
+            self._f.close()
+
+    def close_intelligently(self) -> None:
+        """This function only closes the file if it was opened by the lazy
+        file wrapper.  For instance this will never close stdin.
+        """
+        if self.should_close:
+            self.close()
+
+    def __enter__(self) -> "LazyFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.close_intelligently()
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        self.open()
+        return iter(self._f)  # type: ignore
+
+
+class KeepOpenFile:
+    def __init__(self, file: t.IO[t.Any]) -> None:
+        self._file: t.IO[t.Any] = file
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._file, name)
+
+    def __enter__(self) -> "KeepOpenFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        pass
+
+    def __repr__(self) -> str:
+        return repr(self._file)
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        return iter(self._file)
+
+
+def echo(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.Any]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+) -> None:
+    """Print a message and newline to stdout or a file. This should be
+    used instead of :func:`print` because it provides better support
+    for different data, files, and environments.
+
+    Compared to :func:`print`, this does the following:
+
+    -   Ensures that the output encoding is not misconfigured on Linux.
+    -   Supports Unicode in the Windows console.
+    -   Supports writing to binary outputs, and supports writing bytes
+        to text outputs.
+    -   Supports colors and styles on Windows.
+    -   Removes ANSI color and style codes if the output does not look
+        like an interactive terminal.
+    -   Always flushes the output.
+
+    :param message: The string or bytes to output. Other objects are
+        converted to strings.
+    :param file: The file to write to. Defaults to ``stdout``.
+    :param err: Write to ``stderr`` instead of ``stdout``.
+    :param nl: Print a newline after the message. Enabled by default.
+    :param color: Force showing or hiding colors and other styles. By
+        default Click will remove color if the output does not look like
+        an interactive terminal.
+
+    .. versionchanged:: 6.0
+        Support Unicode output on the Windows console. Click does not
+        modify ``sys.stdout``, so ``sys.stdout.write()`` and ``print()``
+        will still not support Unicode.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter.
+
+    .. versionadded:: 3.0
+        Added the ``err`` parameter.
+
+    .. versionchanged:: 2.0
+        Support colors on Windows if colorama is installed.
+    """
+    if file is None:
+        if err:
+            file = _default_text_stderr()
+        else:
+            file = _default_text_stdout()
+
+        # There are no standard streams attached to write to. For example,
+        # pythonw on Windows.
+        if file is None:
+            return
+
+    # Convert non bytes/text into the native string type.
+    if message is not None and not isinstance(message, (str, bytes, bytearray)):
+        out: t.Optional[t.Union[str, bytes]] = str(message)
+    else:
+        out = message
+
+    if nl:
+        out = out or ""
+        if isinstance(out, str):
+            out += "\n"
+        else:
+            out += b"\n"
+
+    if not out:
+        file.flush()
+        return
+
+    # If there is a message and the value looks like bytes, we manually
+    # need to find the binary stream and write the message in there.
+    # This is done separately so that most stream types will work as you
+    # would expect. Eg: you can write to StringIO for other cases.
+    if isinstance(out, (bytes, bytearray)):
+        binary_file = _find_binary_writer(file)
+
+        if binary_file is not None:
+            file.flush()
+            binary_file.write(out)
+            binary_file.flush()
+            return
+
+    # ANSI style code support. For no message or bytes, nothing happens.
+    # When outputting to a file instead of a terminal, strip codes.
+    else:
+        color = resolve_color_default(color)
+
+        if should_strip_ansi(file, color):
+            out = strip_ansi(out)
+        elif WIN:
+            if auto_wrap_for_ansi is not None:
+                file = auto_wrap_for_ansi(file)  # type: ignore
+            elif not color:
+                out = strip_ansi(out)
+
+    file.write(out)  # type: ignore
+    file.flush()
+
+
+def get_binary_stream(name: "te.Literal['stdin', 'stdout', 'stderr']") -> t.BinaryIO:
+    """Returns a system stream for byte processing.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    """
+    opener = binary_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener()
+
+
+def get_text_stream(
+    name: "te.Literal['stdin', 'stdout', 'stderr']",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+) -> t.TextIO:
+    """Returns a system stream for text processing.  This usually returns
+    a wrapped stream around a binary stream returned from
+    :func:`get_binary_stream` but it also can take shortcuts for already
+    correctly configured streams.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    :param encoding: overrides the detected default encoding.
+    :param errors: overrides the default error mode.
+    """
+    opener = text_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener(encoding, errors)
+
+
+def open_file(
+    filename: str,
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    lazy: bool = False,
+    atomic: bool = False,
+) -> t.IO[t.Any]:
+    """Open a file, with extra behavior to handle ``'-'`` to indicate
+    a standard stream, lazy open on write, and atomic write. Similar to
+    the behavior of the :class:`~click.File` param type.
+
+    If ``'-'`` is given to open ``stdout`` or ``stdin``, the stream is
+    wrapped so that using it in a context manager will not close it.
+    This makes it possible to use the function without accidentally
+    closing a standard stream:
+
+    .. code-block:: python
+
+        with open_file(filename) as f:
+            ...
+
+    :param filename: The name of the file to open, or ``'-'`` for
+        ``stdin``/``stdout``.
+    :param mode: The mode in which to open the file.
+    :param encoding: The encoding to decode or encode a file opened in
+        text mode.
+    :param errors: The error handling mode.
+    :param lazy: Wait to open the file until it is accessed. For read
+        mode, the file is temporarily opened to raise access errors
+        early, then closed until it is read again.
+    :param atomic: Write to a temporary file and replace the given file
+        on close.
+
+    .. versionadded:: 3.0
+    """
+    if lazy:
+        return t.cast(
+            t.IO[t.Any], LazyFile(filename, mode, encoding, errors, atomic=atomic)
+        )
+
+    f, should_close = open_stream(filename, mode, encoding, errors, atomic=atomic)
+
+    if not should_close:
+        f = t.cast(t.IO[t.Any], KeepOpenFile(f))
+
+    return f
+
+
+def format_filename(
+    filename: "t.Union[str, bytes, os.PathLike[str], os.PathLike[bytes]]",
+    shorten: bool = False,
+) -> str:
+    """Format a filename as a string for display. Ensures the filename can be
+    displayed by replacing any invalid bytes or surrogate escapes in the name
+    with the replacement character ``�``.
+
+    Invalid bytes or surrogate escapes will raise an error when written to a
+    stream with ``errors="strict". This will typically happen with ``stdout``
+    when the locale is something like ``en_GB.UTF-8``.
+
+    Many scenarios *are* safe to write surrogates though, due to PEP 538 and
+    PEP 540, including:
+
+    -   Writing to ``stderr``, which uses ``errors="backslashreplace"``.
+    -   The system has ``LANG=C.UTF-8``, ``C``, or ``POSIX``. Python opens
+        stdout and stderr with ``errors="surrogateescape"``.
+    -   None of ``LANG/LC_*`` are set. Python assumes ``LANG=C.UTF-8``.
+    -   Python is started in UTF-8 mode  with  ``PYTHONUTF8=1`` or ``-X utf8``.
+        Python opens stdout and stderr with ``errors="surrogateescape"``.
+
+    :param filename: formats a filename for UI display.  This will also convert
+                     the filename into unicode without failing.
+    :param shorten: this optionally shortens the filename to strip of the
+                    path that leads up to it.
+    """
+    if shorten:
+        filename = os.path.basename(filename)
+    else:
+        filename = os.fspath(filename)
+
+    if isinstance(filename, bytes):
+        filename = filename.decode(sys.getfilesystemencoding(), "replace")
+    else:
+        filename = filename.encode("utf-8", "surrogateescape").decode(
+            "utf-8", "replace"
+        )
+
+    return filename
+
+
+def get_app_dir(app_name: str, roaming: bool = True, force_posix: bool = False) -> str:
+    r"""Returns the config folder for the application.  The default behavior
+    is to return whatever is most appropriate for the operating system.
+
+    To give you an idea, for an app called ``"Foo Bar"``, something like
+    the following folders could be returned:
+
+    Mac OS X:
+      ``~/Library/Application Support/Foo Bar``
+    Mac OS X (POSIX):
+      ``~/.foo-bar``
+    Unix:
+      ``~/.config/foo-bar``
+    Unix (POSIX):
+      ``~/.foo-bar``
+    Windows (roaming):
+      ``C:\Users\<user>\AppData\Roaming\Foo Bar``
+    Windows (not roaming):
+      ``C:\Users\<user>\AppData\Local\Foo Bar``
+
+    .. versionadded:: 2.0
+
+    :param app_name: the application name.  This should be properly capitalized
+                     and can contain whitespace.
+    :param roaming: controls if the folder should be roaming or not on Windows.
+                    Has no effect otherwise.
+    :param force_posix: if this is set to `True` then on any POSIX system the
+                        folder will be stored in the home folder with a leading
+                        dot instead of the XDG config home or darwin's
+                        application support folder.
+    """
+    if WIN:
+        key = "APPDATA" if roaming else "LOCALAPPDATA"
+        folder = os.environ.get(key)
+        if folder is None:
+            folder = os.path.expanduser("~")
+        return os.path.join(folder, app_name)
+    if force_posix:
+        return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))
+    if sys.platform == "darwin":
+        return os.path.join(
+            os.path.expanduser("~/Library/Application Support"), app_name
+        )
+    return os.path.join(
+        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),
+        _posixify(app_name),
+    )
+
+
+class PacifyFlushWrapper:
+    """This wrapper is used to catch and suppress BrokenPipeErrors resulting
+    from ``.flush()`` being called on broken pipe during the shutdown/final-GC
+    of the Python interpreter. Notably ``.flush()`` is always called on
+    ``sys.stdout`` and ``sys.stderr``. So as to have minimal impact on any
+    other cleanup code, and the case where the underlying file is not a broken
+    pipe, all calls and attributes are proxied.
+    """
+
+    def __init__(self, wrapped: t.IO[t.Any]) -> None:
+        self.wrapped = wrapped
+
+    def flush(self) -> None:
+        try:
+            self.wrapped.flush()
+        except OSError as e:
+            import errno
+
+            if e.errno != errno.EPIPE:
+                raise
+
+    def __getattr__(self, attr: str) -> t.Any:
+        return getattr(self.wrapped, attr)
+
+
+def _detect_program_name(
+    path: t.Optional[str] = None, _main: t.Optional[ModuleType] = None
+) -> str:
+    """Determine the command used to run the program, for use in help
+    text. If a file or entry point was executed, the file name is
+    returned. If ``python -m`` was used to execute a module or package,
+    ``python -m name`` is returned.
+
+    This doesn't try to be too precise, the goal is to give a concise
+    name for help text. Files are only shown as their name without the
+    path. ``python`` is only shown for modules, and the full path to
+    ``sys.executable`` is not shown.
+
+    :param path: The Python file being executed. Python puts this in
+        ``sys.argv[0]``, which is used by default.
+    :param _main: The ``__main__`` module. This should only be passed
+        during internal testing.
+
+    .. versionadded:: 8.0
+        Based on command args detection in the Werkzeug reloader.
+
+    :meta private:
+    """
+    if _main is None:
+        _main = sys.modules["__main__"]
+
+    if not path:
+        path = sys.argv[0]
+
+    # The value of __package__ indicates how Python was called. It may
+    # not exist if a setuptools script is installed as an egg. It may be
+    # set incorrectly for entry points created with pip on Windows.
+    # It is set to "" inside a Shiv or PEX zipapp.
+    if getattr(_main, "__package__", None) in {None, ""} or (
+        os.name == "nt"
+        and _main.__package__ == ""
+        and not os.path.exists(path)
+        and os.path.exists(f"{path}.exe")
+    ):
+        # Executed a file, like "python app.py".
+        return os.path.basename(path)
+
+    # Executed a module, like "python -m example".
+    # Rewritten by Python from "-m script" to "/path/to/script.py".
+    # Need to look at main module to determine how it was executed.
+    py_module = t.cast(str, _main.__package__)
+    name = os.path.splitext(os.path.basename(path))[0]
+
+    # A submodule like "example.cli".
+    if name != "__main__":
+        py_module = f"{py_module}.{name}"
+
+    return f"python -m {py_module.lstrip('.')}"
+
+
+def _expand_args(
+    args: t.Iterable[str],
+    *,
+    user: bool = True,
+    env: bool = True,
+    glob_recursive: bool = True,
+) -> t.List[str]:
+    """Simulate Unix shell expansion with Python functions.
+
+    See :func:`glob.glob`, :func:`os.path.expanduser`, and
+    :func:`os.path.expandvars`.
+
+    This is intended for use on Windows, where the shell does not do any
+    expansion. It may not exactly match what a Unix shell would do.
+
+    :param args: List of command line arguments to expand.
+    :param user: Expand user home directory.
+    :param env: Expand environment variables.
+    :param glob_recursive: ``**`` matches directories recursively.
+
+    .. versionchanged:: 8.1
+        Invalid glob patterns are treated as empty expansions rather
+        than raising an error.
+
+    .. versionadded:: 8.0
+
+    :meta private:
+    """
+    from glob import glob
+
+    out = []
+
+    for arg in args:
+        if user:
+            arg = os.path.expanduser(arg)
+
+        if env:
+            arg = os.path.expandvars(arg)
+
+        try:
+            matches = glob(arg, recursive=glob_recursive)
+        except re.error:
+            matches = []
+
+        if not matches:
+            out.append(arg)
+        else:
+            out.extend(matches)
+
+    return out
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/files.json b/lib/go-jinja2/internal/data/darwin-arm64/files.json
new file mode 100644
index 000000000..532a10fb7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/files.json
@@ -0,0 +1,888 @@
+{
+  "contentHash": "48626c321042ac4869cc81d1f50b4d8e128dee0402cde937bac10c816fbca7cf",
+  "files": [
+    {
+      "name": "MarkupSafe-2.1.5.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
+      "size": 3003,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
+      "size": 1191,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
+      "size": 115,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "size": 1101,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/METADATA",
+      "size": 2058,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "size": 2773,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "_yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "_yaml/__init__.py",
+      "size": 1402,
+      "perm": 420
+    },
+    {
+      "name": "bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "bin/jsonpath_ng",
+      "size": 261,
+      "perm": 493
+    },
+    {
+      "name": "bin/slugify",
+      "size": 239,
+      "perm": 493
+    },
+    {
+      "name": "click",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/METADATA",
+      "size": 3014,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/RECORD",
+      "size": 2582,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/top_level.txt",
+      "size": 6,
+      "perm": 420
+    },
+    {
+      "name": "click/__init__.py",
+      "size": 3138,
+      "perm": 420
+    },
+    {
+      "name": "click/_compat.py",
+      "size": 18744,
+      "perm": 420
+    },
+    {
+      "name": "click/_termui_impl.py",
+      "size": 24069,
+      "perm": 420
+    },
+    {
+      "name": "click/_textwrap.py",
+      "size": 1353,
+      "perm": 420
+    },
+    {
+      "name": "click/_winconsole.py",
+      "size": 7860,
+      "perm": 420
+    },
+    {
+      "name": "click/core.py",
+      "size": 114086,
+      "perm": 420
+    },
+    {
+      "name": "click/decorators.py",
+      "size": 18719,
+      "perm": 420
+    },
+    {
+      "name": "click/exceptions.py",
+      "size": 9273,
+      "perm": 420
+    },
+    {
+      "name": "click/formatting.py",
+      "size": 9706,
+      "perm": 420
+    },
+    {
+      "name": "click/globals.py",
+      "size": 1961,
+      "perm": 420
+    },
+    {
+      "name": "click/parser.py",
+      "size": 19067,
+      "perm": 420
+    },
+    {
+      "name": "click/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click/shell_completion.py",
+      "size": 18460,
+      "perm": 420
+    },
+    {
+      "name": "click/termui.py",
+      "size": 28324,
+      "perm": 420
+    },
+    {
+      "name": "click/testing.py",
+      "size": 16084,
+      "perm": 420
+    },
+    {
+      "name": "click/types.py",
+      "size": 36391,
+      "perm": 420
+    },
+    {
+      "name": "click/utils.py",
+      "size": 20298,
+      "perm": 420
+    },
+    {
+      "name": "jinja2",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/LICENSE.txt",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/METADATA",
+      "size": 2640,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/RECORD",
+      "size": 3697,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/WHEEL",
+      "size": 81,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/entry_points.txt",
+      "size": 58,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/__init__.py",
+      "size": 1928,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/_identifier.py",
+      "size": 1958,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/async_utils.py",
+      "size": 2477,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/bccache.py",
+      "size": 14061,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/compiler.py",
+      "size": 72271,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/constants.py",
+      "size": 1433,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/debug.py",
+      "size": 6299,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/defaults.py",
+      "size": 1267,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/environment.py",
+      "size": 61538,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/exceptions.py",
+      "size": 5071,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/ext.py",
+      "size": 31877,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/filters.py",
+      "size": 54611,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/idtracking.py",
+      "size": 10704,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/lexer.py",
+      "size": 29754,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/loaders.py",
+      "size": 23167,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/meta.py",
+      "size": 4397,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nativetypes.py",
+      "size": 4210,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nodes.py",
+      "size": 34579,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/optimizer.py",
+      "size": 1651,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/parser.py",
+      "size": 39890,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/runtime.py",
+      "size": 33435,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/sandbox.py",
+      "size": 14616,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/tests.py",
+      "size": 5926,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/utils.py",
+      "size": 23952,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/visitor.py",
+      "size": 3557,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "size": 11358,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
+      "size": 18072,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "size": 2549,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
+      "size": 69,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "size": 12,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/__init__.py",
+      "size": 116,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/bin/__init__.py",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin/jsonpath.py",
+      "size": 2057,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/exceptions.py",
+      "size": 146,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/ext/__init__.py",
+      "size": 605,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/arithmetic.py",
+      "size": 2381,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/filter.py",
+      "size": 4312,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/iterable.py",
+      "size": 3680,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/parser.py",
+      "size": 5351,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/string.py",
+      "size": 3261,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/jsonpath.py",
+      "size": 26402,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/lexer.py",
+      "size": 5231,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/parser.py",
+      "size": 5883,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "markupsafe/__init__.py",
+      "size": 10958,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_native.py",
+      "size": 1713,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.c",
+      "size": 7083,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.cpython-311-darwin.so",
+      "size": 117484,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "markupsafe/_speedups.pyi",
+      "size": 229,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "ply",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info/DESCRIPTION.rst",
+      "size": 519,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/METADATA",
+      "size": 844,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/RECORD",
+      "size": 1211,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/metadata.json",
+      "size": 515,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/top_level.txt",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply/__init__.py",
+      "size": 103,
+      "perm": 420
+    },
+    {
+      "name": "ply/cpp.py",
+      "size": 33639,
+      "perm": 420
+    },
+    {
+      "name": "ply/ctokens.py",
+      "size": 3155,
+      "perm": 420
+    },
+    {
+      "name": "ply/lex.py",
+      "size": 42905,
+      "perm": 420
+    },
+    {
+      "name": "ply/yacc.py",
+      "size": 137736,
+      "perm": 420
+    },
+    {
+      "name": "ply/ygen.py",
+      "size": 2246,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/LICENSE",
+      "size": 1103,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/METADATA",
+      "size": 8469,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/RECORD",
+      "size": 1489,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/entry_points.txt",
+      "size": 50,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/top_level.txt",
+      "size": 8,
+      "perm": 420
+    },
+    {
+      "name": "slugify",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "slugify/__init__.py",
+      "size": 346,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__main__.py",
+      "size": 3961,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__version__.py",
+      "size": 325,
+      "perm": 420
+    },
+    {
+      "name": "slugify/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "slugify/slugify.py",
+      "size": 6180,
+      "perm": 420
+    },
+    {
+      "name": "slugify/special.py",
+      "size": 1222,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/DESCRIPTION.rst",
+      "size": 1199,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/LICENSE.txt",
+      "size": 6535,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/METADATA",
+      "size": 2422,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/RECORD",
+      "size": 937,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/metadata.json",
+      "size": 1299,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/top_level.txt",
+      "size": 15,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/__init__.py",
+      "size": 484,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/data.bin",
+      "size": 311077,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "yaml/__init__.py",
+      "size": 12311,
+      "perm": 420
+    },
+    {
+      "name": "yaml/_yaml.cpython-311-darwin.so",
+      "size": 362008,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "yaml/composer.py",
+      "size": 4883,
+      "perm": 420
+    },
+    {
+      "name": "yaml/constructor.py",
+      "size": 28639,
+      "perm": 420
+    },
+    {
+      "name": "yaml/cyaml.py",
+      "size": 3851,
+      "perm": 420
+    },
+    {
+      "name": "yaml/dumper.py",
+      "size": 2837,
+      "perm": 420
+    },
+    {
+      "name": "yaml/emitter.py",
+      "size": 43006,
+      "perm": 420
+    },
+    {
+      "name": "yaml/error.py",
+      "size": 2533,
+      "perm": 420
+    },
+    {
+      "name": "yaml/events.py",
+      "size": 2445,
+      "perm": 420
+    },
+    {
+      "name": "yaml/loader.py",
+      "size": 2061,
+      "perm": 420
+    },
+    {
+      "name": "yaml/nodes.py",
+      "size": 1440,
+      "perm": 420
+    },
+    {
+      "name": "yaml/parser.py",
+      "size": 25495,
+      "perm": 420
+    },
+    {
+      "name": "yaml/reader.py",
+      "size": 6794,
+      "perm": 420
+    },
+    {
+      "name": "yaml/representer.py",
+      "size": 14190,
+      "perm": 420
+    },
+    {
+      "name": "yaml/resolver.py",
+      "size": 9004,
+      "perm": 420
+    },
+    {
+      "name": "yaml/scanner.py",
+      "size": 51279,
+      "perm": 420
+    },
+    {
+      "name": "yaml/serializer.py",
+      "size": 4165,
+      "perm": 420
+    },
+    {
+      "name": "yaml/tokens.py",
+      "size": 2573,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
new file mode 100644
index 000000000..c37cae49e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
@@ -0,0 +1,28 @@
+Copyright 2007 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/METADATA
new file mode 100644
index 000000000..265cc32e1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/METADATA
@@ -0,0 +1,76 @@
+Metadata-Version: 2.1
+Name: Jinja2
+Version: 3.1.4
+Summary: A very fast and expressive template engine.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Dist: MarkupSafe>=2.0
+Requires-Dist: Babel>=2.7 ; extra == "i18n"
+Project-URL: Changes, https://jinja.palletsprojects.com/changes/
+Project-URL: Chat, https://discord.gg/pallets
+Project-URL: Documentation, https://jinja.palletsprojects.com/
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Source, https://github.com/pallets/jinja/
+Provides-Extra: i18n
+
+# Jinja
+
+Jinja is a fast, expressive, extensible templating engine. Special
+placeholders in the template allow writing code similar to Python
+syntax. Then the template is passed data to render the final document.
+
+It includes:
+
+-   Template inheritance and inclusion.
+-   Define and import macros within templates.
+-   HTML templates can use autoescaping to prevent XSS from untrusted
+    user input.
+-   A sandboxed environment can safely render untrusted templates.
+-   AsyncIO support for generating templates and calling async
+    functions.
+-   I18N support with Babel.
+-   Templates are compiled to optimized Python code just-in-time and
+    cached, or can be compiled ahead-of-time.
+-   Exceptions point to the correct line in templates to make debugging
+    easier.
+-   Extensible filters, tests, functions, and even syntax.
+
+Jinja's philosophy is that while application logic belongs in Python if
+possible, it shouldn't make the template designer's job difficult by
+restricting functionality too much.
+
+
+## In A Nutshell
+
+.. code-block:: jinja
+
+    {% extends "base.html" %}
+    {% block title %}Members{% endblock %}
+    {% block content %}
+      <ul>
+      {% for user in users %}
+        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+      {% endfor %}
+      </ul>
+    {% endblock %}
+
+
+## Donate
+
+The Pallets organization develops and supports Jinja and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, [please
+donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/RECORD
new file mode 100644
index 000000000..e9bdca35c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/RECORD
@@ -0,0 +1,58 @@
+jinja2-3.1.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2-3.1.4.dist-info/LICENSE.txt,sha256=O0nc7kEF6ze6wQ-vG-JgQI_oXSUrjp3y4JefweCUQ3s,1475
+jinja2-3.1.4.dist-info/METADATA,sha256=R_brzpPQVBvpGcsm-WbrtgotO7suQ1D0F-qkhTzeEfY,2640
+jinja2-3.1.4.dist-info/RECORD,,
+jinja2-3.1.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2-3.1.4.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+jinja2-3.1.4.dist-info/entry_points.txt,sha256=OL85gYU1eD8cuPlikifFngXpeBjaxl6rIJ8KkC_3r-I,58
+jinja2/__init__.py,sha256=wIl45IM20KGw-kfr7jJhaBxxX5g4-kihlBYjxopX7Pw,1928
+jinja2/__pycache__/__init__.cpython-311.pyc,,
+jinja2/__pycache__/_identifier.cpython-311.pyc,,
+jinja2/__pycache__/async_utils.cpython-311.pyc,,
+jinja2/__pycache__/bccache.cpython-311.pyc,,
+jinja2/__pycache__/compiler.cpython-311.pyc,,
+jinja2/__pycache__/constants.cpython-311.pyc,,
+jinja2/__pycache__/debug.cpython-311.pyc,,
+jinja2/__pycache__/defaults.cpython-311.pyc,,
+jinja2/__pycache__/environment.cpython-311.pyc,,
+jinja2/__pycache__/exceptions.cpython-311.pyc,,
+jinja2/__pycache__/ext.cpython-311.pyc,,
+jinja2/__pycache__/filters.cpython-311.pyc,,
+jinja2/__pycache__/idtracking.cpython-311.pyc,,
+jinja2/__pycache__/lexer.cpython-311.pyc,,
+jinja2/__pycache__/loaders.cpython-311.pyc,,
+jinja2/__pycache__/meta.cpython-311.pyc,,
+jinja2/__pycache__/nativetypes.cpython-311.pyc,,
+jinja2/__pycache__/nodes.cpython-311.pyc,,
+jinja2/__pycache__/optimizer.cpython-311.pyc,,
+jinja2/__pycache__/parser.cpython-311.pyc,,
+jinja2/__pycache__/runtime.cpython-311.pyc,,
+jinja2/__pycache__/sandbox.cpython-311.pyc,,
+jinja2/__pycache__/tests.cpython-311.pyc,,
+jinja2/__pycache__/utils.cpython-311.pyc,,
+jinja2/__pycache__/visitor.cpython-311.pyc,,
+jinja2/_identifier.py,sha256=_zYctNKzRqlk_murTNlzrju1FFJL7Va_Ijqqd7ii2lU,1958
+jinja2/async_utils.py,sha256=JXKWCAXmTx0iZB4-hAsF50vgjxw_RJTjiLOlGGTBso0,2477
+jinja2/bccache.py,sha256=gh0qs9rulnXo0PhX5jTJy2UHzI8wFnQ63o_vw7nhzRg,14061
+jinja2/compiler.py,sha256=dpV-n6_iQUP4uSwlXwGUavJmwjvXdyxKzJ-AonFjPBk,72271
+jinja2/constants.py,sha256=GMoFydBF_kdpaRKPoM5cl5MviquVRLVyZtfp5-16jg0,1433
+jinja2/debug.py,sha256=iWJ432RadxJNnaMOPrjIDInz50UEgni3_HKuFXi2vuQ,6299
+jinja2/defaults.py,sha256=boBcSw78h-lp20YbaXSJsqkAI2uN_mD_TtCydpeq5wU,1267
+jinja2/environment.py,sha256=xhFkmxO0CESA76Ki5tz4XWq9yzGu-t0p93JCCVBVNps,61538
+jinja2/exceptions.py,sha256=ioHeHrWwCWNaXX1inHmHVblvc4haO7AXsjCp3GfWvx0,5071
+jinja2/ext.py,sha256=igsBH7c6C0byHaOtMbE-ugpt4GjLGgR-ywskyXtKgq8,31877
+jinja2/filters.py,sha256=bKeqjFjjz88TkHVLSyyMIEB75CzAN6b3Airgx0phJDg,54611
+jinja2/idtracking.py,sha256=GfNmadir4oDALVxzn3DL9YInhJDr69ebXeA2ygfuCGA,10704
+jinja2/lexer.py,sha256=xnWWXhPndHFsoqzpc5VTjheDE9JuKk9MUo9DZkrM8Os,29754
+jinja2/loaders.py,sha256=ru0GIWHo5KiHJi7_MoI_LvGDoBBvP6rd0hiC1ReaTwk,23167
+jinja2/meta.py,sha256=OTDPkaFvU2Hgvx-6akz7154F8BIWaRmvJcBFvwopHww,4397
+jinja2/nativetypes.py,sha256=7GIGALVJgdyL80oZJdQUaUfwSt5q2lSSZbXt0dNf_M4,4210
+jinja2/nodes.py,sha256=m1Duzcr6qhZI8JQ6VyJgUNinjAf5bQzijSmDnMsvUx8,34579
+jinja2/optimizer.py,sha256=rJnCRlQ7pZsEEmMhsQDgC_pKyDHxP5TPS6zVPGsgcu8,1651
+jinja2/parser.py,sha256=DV1iF1FR2Rsaj_5zl8rmx7j6Bj4S8iLHoYsvJ0bfEis,39890
+jinja2/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2/runtime.py,sha256=POXT3tKNKJRENx2CymwUsOOXH2JwGPjW702njB5__cQ,33435
+jinja2/sandbox.py,sha256=TJjBNS9qRJ2ZgBMWdAgRBpyDLOHea2kT-2mk4PrjYx0,14616
+jinja2/tests.py,sha256=VLsBhVFnWg-PxSBz1MhRnNWgP1ovXk3neO1FLQMeC9Q,5926
+jinja2/utils.py,sha256=nV7IpWLvRCMyHW1irBAK8CIPAnOFfkb2ukggDBjbBEY,23952
+jinja2/visitor.py,sha256=EcnL1PIwf_4RVCOMxsRNuR8AXHbS1qfAdMOE2ngKJz4,3557
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/WHEEL
new file mode 100644
index 000000000..3b5e64b5e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/WHEEL
@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: flit 3.9.0
+Root-Is-Purelib: true
+Tag: py3-none-any
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..abc3eae3b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2-3.1.4.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[babel.extractors]
+jinja2=jinja2.ext:babel_extract[i18n]
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/__init__.py
new file mode 100644
index 000000000..2f0b5b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/__init__.py
@@ -0,0 +1,38 @@
+"""Jinja is a template engine written in pure Python. It provides a
+non-XML syntax that supports inline expressions and an optional
+sandboxed environment.
+"""
+
+from .bccache import BytecodeCache as BytecodeCache
+from .bccache import FileSystemBytecodeCache as FileSystemBytecodeCache
+from .bccache import MemcachedBytecodeCache as MemcachedBytecodeCache
+from .environment import Environment as Environment
+from .environment import Template as Template
+from .exceptions import TemplateAssertionError as TemplateAssertionError
+from .exceptions import TemplateError as TemplateError
+from .exceptions import TemplateNotFound as TemplateNotFound
+from .exceptions import TemplateRuntimeError as TemplateRuntimeError
+from .exceptions import TemplatesNotFound as TemplatesNotFound
+from .exceptions import TemplateSyntaxError as TemplateSyntaxError
+from .exceptions import UndefinedError as UndefinedError
+from .loaders import BaseLoader as BaseLoader
+from .loaders import ChoiceLoader as ChoiceLoader
+from .loaders import DictLoader as DictLoader
+from .loaders import FileSystemLoader as FileSystemLoader
+from .loaders import FunctionLoader as FunctionLoader
+from .loaders import ModuleLoader as ModuleLoader
+from .loaders import PackageLoader as PackageLoader
+from .loaders import PrefixLoader as PrefixLoader
+from .runtime import ChainableUndefined as ChainableUndefined
+from .runtime import DebugUndefined as DebugUndefined
+from .runtime import make_logging_undefined as make_logging_undefined
+from .runtime import StrictUndefined as StrictUndefined
+from .runtime import Undefined as Undefined
+from .utils import clear_caches as clear_caches
+from .utils import is_undefined as is_undefined
+from .utils import pass_context as pass_context
+from .utils import pass_environment as pass_environment
+from .utils import pass_eval_context as pass_eval_context
+from .utils import select_autoescape as select_autoescape
+
+__version__ = "3.1.4"
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/_identifier.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/_identifier.py
new file mode 100644
index 000000000..928c1503c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/_identifier.py
@@ -0,0 +1,6 @@
+import re
+
+# generated by scripts/generate_identifier_pattern.py
+pattern = re.compile(
+    r"[\w·̀-ͯ·҃-֑҇-ׇֽֿׁׂׅׄؐ-ًؚ-ٰٟۖ-ۜ۟-۪ۤۧۨ-ܑۭܰ-݊ަ-ް߫-߽߳ࠖ-࠙ࠛ-ࠣࠥ-ࠧࠩ-࡙࠭-࡛࣓-ࣣ࣡-ःऺ-़ा-ॏ॑-ॗॢॣঁ-ঃ়া-ৄেৈো-্ৗৢৣ৾ਁ-ਃ਼ਾ-ੂੇੈੋ-੍ੑੰੱੵઁ-ઃ઼ા-ૅે-ૉો-્ૢૣૺ-૿ଁ-ଃ଼ା-ୄେୈୋ-୍ୖୗୢୣஂா-ூெ-ைொ-்ௗఀ-ఄా-ౄె-ైొ-్ౕౖౢౣಁ-ಃ಼ಾ-ೄೆ-ೈೊ-್ೕೖೢೣഀ-ഃ഻഼ാ-ൄെ-ൈൊ-്ൗൢൣංඃ්ා-ුූෘ-ෟෲෳัิ-ฺ็-๎ັິ-ູົຼ່-ໍ༹༘༙༵༷༾༿ཱ-྄྆྇ྍ-ྗྙ-ྼ࿆ါ-ှၖ-ၙၞ-ၠၢ-ၤၧ-ၭၱ-ၴႂ-ႍႏႚ-ႝ፝-፟ᜒ-᜔ᜲ-᜴ᝒᝓᝲᝳ឴-៓៝᠋-᠍ᢅᢆᢩᤠ-ᤫᤰ-᤻ᨗ-ᨛᩕ-ᩞ᩠-᩿᩼᪰-᪽ᬀ-ᬄ᬴-᭄᭫-᭳ᮀ-ᮂᮡ-ᮭ᯦-᯳ᰤ-᰷᳐-᳔᳒-᳨᳭ᳲ-᳴᳷-᳹᷀-᷹᷻-᷿‿⁀⁔⃐-⃥⃜⃡-⃰℘℮⳯-⵿⳱ⷠ-〪ⷿ-゙゚〯꙯ꙴ-꙽ꚞꚟ꛰꛱ꠂ꠆ꠋꠣ-ꠧꢀꢁꢴ-ꣅ꣠-꣱ꣿꤦ-꤭ꥇ-꥓ꦀ-ꦃ꦳-꧀ꧥꨩ-ꨶꩃꩌꩍꩻ-ꩽꪰꪲ-ꪴꪷꪸꪾ꪿꫁ꫫ-ꫯꫵ꫶ꯣ-ꯪ꯬꯭ﬞ︀-️︠-︯︳︴﹍-﹏＿𐇽𐋠𐍶-𐍺𐨁-𐨃𐨅𐨆𐨌-𐨏𐨸-𐨿𐨺𐫦𐫥𐴤-𐽆𐴧-𐽐𑀀-𑀂𑀸-𑁆𑁿-𑂂𑂰-𑂺𑄀-𑄂𑄧-𑄴𑅅𑅆𑅳𑆀-𑆂𑆳-𑇀𑇉-𑇌𑈬-𑈷𑈾𑋟-𑋪𑌀-𑌃𑌻𑌼𑌾-𑍄𑍇𑍈𑍋-𑍍𑍗𑍢𑍣𑍦-𑍬𑍰-𑍴𑐵-𑑆𑑞𑒰-𑓃𑖯-𑖵𑖸-𑗀𑗜𑗝𑘰-𑙀𑚫-𑚷𑜝-𑜫𑠬-𑠺𑨁-𑨊𑨳-𑨹𑨻-𑨾𑩇𑩑-𑩛𑪊-𑪙𑰯-𑰶𑰸-𑰿𑲒-𑲧𑲩-𑲶𑴱-𑴶𑴺𑴼𑴽𑴿-𑵅𑵇𑶊-𑶎𑶐𑶑𑶓-𑶗𑻳-𑻶𖫰-𖫴𖬰-𖬶𖽑-𖽾𖾏-𖾒𛲝𛲞𝅥-𝅩𝅭-𝅲𝅻-𝆂𝆅-𝆋𝆪-𝆭𝉂-𝉄𝨀-𝨶𝨻-𝩬𝩵𝪄𝪛-𝪟𝪡-𝪯𞀀-𞀆𞀈-𞀘𞀛-𞀡𞀣𞀤𞀦-𞣐𞀪-𞣖𞥄-𞥊󠄀-󠇯]+"  # noqa: B950
+)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/async_utils.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/async_utils.py
new file mode 100644
index 000000000..e65219e49
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/async_utils.py
@@ -0,0 +1,84 @@
+import inspect
+import typing as t
+from functools import WRAPPER_ASSIGNMENTS
+from functools import wraps
+
+from .utils import _PassArg
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+
+
+def async_variant(normal_func):  # type: ignore
+    def decorator(async_func):  # type: ignore
+        pass_arg = _PassArg.from_obj(normal_func)
+        need_eval_context = pass_arg is None
+
+        if pass_arg is _PassArg.environment:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].is_async)
+
+        else:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].environment.is_async)
+
+        # Take the doc and annotations from the sync function, but the
+        # name from the async function. Pallets-Sphinx-Themes
+        # build_function_directive expects __wrapped__ to point to the
+        # sync function.
+        async_func_attrs = ("__module__", "__name__", "__qualname__")
+        normal_func_attrs = tuple(set(WRAPPER_ASSIGNMENTS).difference(async_func_attrs))
+
+        @wraps(normal_func, assigned=normal_func_attrs)
+        @wraps(async_func, assigned=async_func_attrs, updated=())
+        def wrapper(*args, **kwargs):  # type: ignore
+            b = is_async(args)
+
+            if need_eval_context:
+                args = args[1:]
+
+            if b:
+                return async_func(*args, **kwargs)
+
+            return normal_func(*args, **kwargs)
+
+        if need_eval_context:
+            wrapper = pass_eval_context(wrapper)
+
+        wrapper.jinja_async_variant = True  # type: ignore[attr-defined]
+        return wrapper
+
+    return decorator
+
+
+_common_primitives = {int, float, bool, str, list, dict, tuple, type(None)}
+
+
+async def auto_await(value: t.Union[t.Awaitable["V"], "V"]) -> "V":
+    # Avoid a costly call to isawaitable
+    if type(value) in _common_primitives:
+        return t.cast("V", value)
+
+    if inspect.isawaitable(value):
+        return await t.cast("t.Awaitable[V]", value)
+
+    return t.cast("V", value)
+
+
+async def auto_aiter(
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> "t.AsyncIterator[V]":
+    if hasattr(iterable, "__aiter__"):
+        async for item in t.cast("t.AsyncIterable[V]", iterable):
+            yield item
+    else:
+        for item in iterable:
+            yield item
+
+
+async def auto_to_list(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> t.List["V"]:
+    return [x async for x in auto_aiter(value)]
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/bccache.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/bccache.py
new file mode 100644
index 000000000..ada8b099f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/bccache.py
@@ -0,0 +1,408 @@
+"""The optional bytecode cache system. This is useful if you have very
+complex template situations and the compilation of all those templates
+slows down your application too much.
+
+Situations where this is useful are often forking web applications that
+are initialized on the first request.
+"""
+
+import errno
+import fnmatch
+import marshal
+import os
+import pickle
+import stat
+import sys
+import tempfile
+import typing as t
+from hashlib import sha1
+from io import BytesIO
+from types import CodeType
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class _MemcachedClient(te.Protocol):
+        def get(self, key: str) -> bytes: ...
+
+        def set(
+            self, key: str, value: bytes, timeout: t.Optional[int] = None
+        ) -> None: ...
+
+
+bc_version = 5
+# Magic bytes to identify Jinja bytecode cache files. Contains the
+# Python major and minor version to avoid loading incompatible bytecode
+# if a project upgrades its Python version.
+bc_magic = (
+    b"j2"
+    + pickle.dumps(bc_version, 2)
+    + pickle.dumps((sys.version_info[0] << 24) | sys.version_info[1], 2)
+)
+
+
+class Bucket:
+    """Buckets are used to store the bytecode for one template.  It's created
+    and initialized by the bytecode cache and passed to the loading functions.
+
+    The buckets get an internal checksum from the cache assigned and use this
+    to automatically reject outdated cache material.  Individual bytecode
+    cache subclasses don't have to care about cache invalidation.
+    """
+
+    def __init__(self, environment: "Environment", key: str, checksum: str) -> None:
+        self.environment = environment
+        self.key = key
+        self.checksum = checksum
+        self.reset()
+
+    def reset(self) -> None:
+        """Resets the bucket (unloads the bytecode)."""
+        self.code: t.Optional[CodeType] = None
+
+    def load_bytecode(self, f: t.BinaryIO) -> None:
+        """Loads bytecode from a file or file like object."""
+        # make sure the magic header is correct
+        magic = f.read(len(bc_magic))
+        if magic != bc_magic:
+            self.reset()
+            return
+        # the source code of the file changed, we need to reload
+        checksum = pickle.load(f)
+        if self.checksum != checksum:
+            self.reset()
+            return
+        # if marshal_load fails then we need to reload
+        try:
+            self.code = marshal.load(f)
+        except (EOFError, ValueError, TypeError):
+            self.reset()
+            return
+
+    def write_bytecode(self, f: t.IO[bytes]) -> None:
+        """Dump the bytecode into the file or file like object passed."""
+        if self.code is None:
+            raise TypeError("can't write empty bucket")
+        f.write(bc_magic)
+        pickle.dump(self.checksum, f, 2)
+        marshal.dump(self.code, f)
+
+    def bytecode_from_string(self, string: bytes) -> None:
+        """Load bytecode from bytes."""
+        self.load_bytecode(BytesIO(string))
+
+    def bytecode_to_string(self) -> bytes:
+        """Return the bytecode as bytes."""
+        out = BytesIO()
+        self.write_bytecode(out)
+        return out.getvalue()
+
+
+class BytecodeCache:
+    """To implement your own bytecode cache you have to subclass this class
+    and override :meth:`load_bytecode` and :meth:`dump_bytecode`.  Both of
+    these methods are passed a :class:`~jinja2.bccache.Bucket`.
+
+    A very basic bytecode cache that saves the bytecode on the file system::
+
+        from os import path
+
+        class MyCache(BytecodeCache):
+
+            def __init__(self, directory):
+                self.directory = directory
+
+            def load_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                if path.exists(filename):
+                    with open(filename, 'rb') as f:
+                        bucket.load_bytecode(f)
+
+            def dump_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                with open(filename, 'wb') as f:
+                    bucket.write_bytecode(f)
+
+    A more advanced version of a filesystem based bytecode cache is part of
+    Jinja.
+    """
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to load bytecode into a
+        bucket.  If they are not able to find code in the cache for the
+        bucket, it must not do anything.
+        """
+        raise NotImplementedError()
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to write the bytecode
+        from a bucket back to the cache.  If it unable to do so it must not
+        fail silently but raise an exception.
+        """
+        raise NotImplementedError()
+
+    def clear(self) -> None:
+        """Clears the cache.  This method is not used by Jinja but should be
+        implemented to allow applications to clear the bytecode cache used
+        by a particular environment.
+        """
+
+    def get_cache_key(
+        self, name: str, filename: t.Optional[t.Union[str]] = None
+    ) -> str:
+        """Returns the unique hash key for this template name."""
+        hash = sha1(name.encode("utf-8"))
+
+        if filename is not None:
+            hash.update(f"|{filename}".encode())
+
+        return hash.hexdigest()
+
+    def get_source_checksum(self, source: str) -> str:
+        """Returns a checksum for the source."""
+        return sha1(source.encode("utf-8")).hexdigest()
+
+    def get_bucket(
+        self,
+        environment: "Environment",
+        name: str,
+        filename: t.Optional[str],
+        source: str,
+    ) -> Bucket:
+        """Return a cache bucket for the given template.  All arguments are
+        mandatory but filename may be `None`.
+        """
+        key = self.get_cache_key(name, filename)
+        checksum = self.get_source_checksum(source)
+        bucket = Bucket(environment, key, checksum)
+        self.load_bytecode(bucket)
+        return bucket
+
+    def set_bucket(self, bucket: Bucket) -> None:
+        """Put the bucket into the cache."""
+        self.dump_bytecode(bucket)
+
+
+class FileSystemBytecodeCache(BytecodeCache):
+    """A bytecode cache that stores bytecode on the filesystem.  It accepts
+    two arguments: The directory where the cache items are stored and a
+    pattern string that is used to build the filename.
+
+    If no directory is specified a default cache directory is selected.  On
+    Windows the user's temp directory is used, on UNIX systems a directory
+    is created for the user in the system temp directory.
+
+    The pattern can be used to have multiple separate caches operate on the
+    same directory.  The default pattern is ``'__jinja2_%s.cache'``.  ``%s``
+    is replaced with the cache key.
+
+    >>> bcc = FileSystemBytecodeCache('/tmp/jinja_cache', '%s.cache')
+
+    This bytecode cache supports clearing of the cache using the clear method.
+    """
+
+    def __init__(
+        self, directory: t.Optional[str] = None, pattern: str = "__jinja2_%s.cache"
+    ) -> None:
+        if directory is None:
+            directory = self._get_default_cache_dir()
+        self.directory = directory
+        self.pattern = pattern
+
+    def _get_default_cache_dir(self) -> str:
+        def _unsafe_dir() -> "te.NoReturn":
+            raise RuntimeError(
+                "Cannot determine safe temp directory.  You "
+                "need to explicitly provide one."
+            )
+
+        tmpdir = tempfile.gettempdir()
+
+        # On windows the temporary directory is used specific unless
+        # explicitly forced otherwise.  We can just use that.
+        if os.name == "nt":
+            return tmpdir
+        if not hasattr(os, "getuid"):
+            _unsafe_dir()
+
+        dirname = f"_jinja2-cache-{os.getuid()}"
+        actual_dir = os.path.join(tmpdir, dirname)
+
+        try:
+            os.mkdir(actual_dir, stat.S_IRWXU)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+        try:
+            os.chmod(actual_dir, stat.S_IRWXU)
+            actual_dir_stat = os.lstat(actual_dir)
+            if (
+                actual_dir_stat.st_uid != os.getuid()
+                or not stat.S_ISDIR(actual_dir_stat.st_mode)
+                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+            ):
+                _unsafe_dir()
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+
+        actual_dir_stat = os.lstat(actual_dir)
+        if (
+            actual_dir_stat.st_uid != os.getuid()
+            or not stat.S_ISDIR(actual_dir_stat.st_mode)
+            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+        ):
+            _unsafe_dir()
+
+        return actual_dir
+
+    def _get_cache_filename(self, bucket: Bucket) -> str:
+        return os.path.join(self.directory, self.pattern % (bucket.key,))
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        filename = self._get_cache_filename(bucket)
+
+        # Don't test for existence before opening the file, since the
+        # file could disappear after the test before the open.
+        try:
+            f = open(filename, "rb")
+        except (FileNotFoundError, IsADirectoryError, PermissionError):
+            # PermissionError can occur on Windows when an operation is
+            # in progress, such as calling clear().
+            return
+
+        with f:
+            bucket.load_bytecode(f)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        # Write to a temporary file, then rename to the real name after
+        # writing. This avoids another process reading the file before
+        # it is fully written.
+        name = self._get_cache_filename(bucket)
+        f = tempfile.NamedTemporaryFile(
+            mode="wb",
+            dir=os.path.dirname(name),
+            prefix=os.path.basename(name),
+            suffix=".tmp",
+            delete=False,
+        )
+
+        def remove_silent() -> None:
+            try:
+                os.remove(f.name)
+            except OSError:
+                # Another process may have called clear(). On Windows,
+                # another program may be holding the file open.
+                pass
+
+        try:
+            with f:
+                bucket.write_bytecode(f)
+        except BaseException:
+            remove_silent()
+            raise
+
+        try:
+            os.replace(f.name, name)
+        except OSError:
+            # Another process may have called clear(). On Windows,
+            # another program may be holding the file open.
+            remove_silent()
+        except BaseException:
+            remove_silent()
+            raise
+
+    def clear(self) -> None:
+        # imported lazily here because google app-engine doesn't support
+        # write access on the file system and the function does not exist
+        # normally.
+        from os import remove
+
+        files = fnmatch.filter(os.listdir(self.directory), self.pattern % ("*",))
+        for filename in files:
+            try:
+                remove(os.path.join(self.directory, filename))
+            except OSError:
+                pass
+
+
+class MemcachedBytecodeCache(BytecodeCache):
+    """This class implements a bytecode cache that uses a memcache cache for
+    storing the information.  It does not enforce a specific memcache library
+    (tummy's memcache or cmemcache) but will accept any class that provides
+    the minimal interface required.
+
+    Libraries compatible with this class:
+
+    -   `cachelib <https://github.com/pallets/cachelib>`_
+    -   `python-memcached <https://pypi.org/project/python-memcached/>`_
+
+    (Unfortunately the django cache interface is not compatible because it
+    does not support storing binary data, only text. You can however pass
+    the underlying cache client to the bytecode cache which is available
+    as `django.core.cache.cache._client`.)
+
+    The minimal interface for the client passed to the constructor is this:
+
+    .. class:: MinimalClientInterface
+
+        .. method:: set(key, value[, timeout])
+
+            Stores the bytecode in the cache.  `value` is a string and
+            `timeout` the timeout of the key.  If timeout is not provided
+            a default timeout or no timeout should be assumed, if it's
+            provided it's an integer with the number of seconds the cache
+            item should exist.
+
+        .. method:: get(key)
+
+            Returns the value for the cache key.  If the item does not
+            exist in the cache the return value must be `None`.
+
+    The other arguments to the constructor are the prefix for all keys that
+    is added before the actual cache key and the timeout for the bytecode in
+    the cache system.  We recommend a high (or no) timeout.
+
+    This bytecode cache does not support clearing of used items in the cache.
+    The clear method is a no-operation function.
+
+    .. versionadded:: 2.7
+       Added support for ignoring memcache errors through the
+       `ignore_memcache_errors` parameter.
+    """
+
+    def __init__(
+        self,
+        client: "_MemcachedClient",
+        prefix: str = "jinja2/bytecode/",
+        timeout: t.Optional[int] = None,
+        ignore_memcache_errors: bool = True,
+    ):
+        self.client = client
+        self.prefix = prefix
+        self.timeout = timeout
+        self.ignore_memcache_errors = ignore_memcache_errors
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        try:
+            code = self.client.get(self.prefix + bucket.key)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
+        else:
+            bucket.bytecode_from_string(code)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        key = self.prefix + bucket.key
+        value = bucket.bytecode_to_string()
+
+        try:
+            if self.timeout is not None:
+                self.client.set(key, value, self.timeout)
+            else:
+                self.client.set(key, value)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/compiler.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/compiler.py
new file mode 100644
index 000000000..274071750
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/compiler.py
@@ -0,0 +1,1960 @@
+"""Compiles nodes from the parser into Python code."""
+
+import typing as t
+from contextlib import contextmanager
+from functools import update_wrapper
+from io import StringIO
+from itertools import chain
+from keyword import iskeyword as is_python_keyword
+
+from markupsafe import escape
+from markupsafe import Markup
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .idtracking import Symbols
+from .idtracking import VAR_LOAD_ALIAS
+from .idtracking import VAR_LOAD_PARAMETER
+from .idtracking import VAR_LOAD_RESOLVE
+from .idtracking import VAR_LOAD_UNDEFINED
+from .nodes import EvalContext
+from .optimizer import Optimizer
+from .utils import _PassArg
+from .utils import concat
+from .visitor import NodeVisitor
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+operators = {
+    "eq": "==",
+    "ne": "!=",
+    "gt": ">",
+    "gteq": ">=",
+    "lt": "<",
+    "lteq": "<=",
+    "in": "in",
+    "notin": "not in",
+}
+
+
+def optimizeconst(f: F) -> F:
+    def new_func(
+        self: "CodeGenerator", node: nodes.Expr, frame: "Frame", **kwargs: t.Any
+    ) -> t.Any:
+        # Only optimize if the frame is not volatile
+        if self.optimizer is not None and not frame.eval_ctx.volatile:
+            new_node = self.optimizer.visit(node, frame.eval_ctx)
+
+            if new_node != node:
+                return self.visit(new_node, frame)
+
+        return f(self, node, frame, **kwargs)
+
+    return update_wrapper(t.cast(F, new_func), f)
+
+
+def _make_binop(op: str) -> t.Callable[["CodeGenerator", nodes.BinExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.BinExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_binops  # type: ignore
+        ):
+            self.write(f"environment.call_binop(context, {op!r}, ")
+            self.visit(node.left, frame)
+            self.write(", ")
+            self.visit(node.right, frame)
+        else:
+            self.write("(")
+            self.visit(node.left, frame)
+            self.write(f" {op} ")
+            self.visit(node.right, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def _make_unop(
+    op: str,
+) -> t.Callable[["CodeGenerator", nodes.UnaryExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.UnaryExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_unops  # type: ignore
+        ):
+            self.write(f"environment.call_unop(context, {op!r}, ")
+            self.visit(node.node, frame)
+        else:
+            self.write("(" + op)
+            self.visit(node.node, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def generate(
+    node: nodes.Template,
+    environment: "Environment",
+    name: t.Optional[str],
+    filename: t.Optional[str],
+    stream: t.Optional[t.TextIO] = None,
+    defer_init: bool = False,
+    optimized: bool = True,
+) -> t.Optional[str]:
+    """Generate the python source for a node tree."""
+    if not isinstance(node, nodes.Template):
+        raise TypeError("Can't compile non template nodes")
+
+    generator = environment.code_generator_class(
+        environment, name, filename, stream, defer_init, optimized
+    )
+    generator.visit(node)
+
+    if stream is None:
+        return generator.stream.getvalue()  # type: ignore
+
+    return None
+
+
+def has_safe_repr(value: t.Any) -> bool:
+    """Does the node have a safe representation?"""
+    if value is None or value is NotImplemented or value is Ellipsis:
+        return True
+
+    if type(value) in {bool, int, float, complex, range, str, Markup}:
+        return True
+
+    if type(value) in {tuple, list, set, frozenset}:
+        return all(has_safe_repr(v) for v in value)
+
+    if type(value) is dict:  # noqa E721
+        return all(has_safe_repr(k) and has_safe_repr(v) for k, v in value.items())
+
+    return False
+
+
+def find_undeclared(
+    nodes: t.Iterable[nodes.Node], names: t.Iterable[str]
+) -> t.Set[str]:
+    """Check if the names passed are accessed undeclared.  The return value
+    is a set of all the undeclared names from the sequence of names found.
+    """
+    visitor = UndeclaredNameVisitor(names)
+    try:
+        for node in nodes:
+            visitor.visit(node)
+    except VisitorExit:
+        pass
+    return visitor.undeclared
+
+
+class MacroRef:
+    def __init__(self, node: t.Union[nodes.Macro, nodes.CallBlock]) -> None:
+        self.node = node
+        self.accesses_caller = False
+        self.accesses_kwargs = False
+        self.accesses_varargs = False
+
+
+class Frame:
+    """Holds compile time information for us."""
+
+    def __init__(
+        self,
+        eval_ctx: EvalContext,
+        parent: t.Optional["Frame"] = None,
+        level: t.Optional[int] = None,
+    ) -> None:
+        self.eval_ctx = eval_ctx
+
+        # the parent of this frame
+        self.parent = parent
+
+        if parent is None:
+            self.symbols = Symbols(level=level)
+
+            # in some dynamic inheritance situations the compiler needs to add
+            # write tests around output statements.
+            self.require_output_check = False
+
+            # inside some tags we are using a buffer rather than yield statements.
+            # this for example affects {% filter %} or {% macro %}.  If a frame
+            # is buffered this variable points to the name of the list used as
+            # buffer.
+            self.buffer: t.Optional[str] = None
+
+            # the name of the block we're in, otherwise None.
+            self.block: t.Optional[str] = None
+
+        else:
+            self.symbols = Symbols(parent.symbols, level=level)
+            self.require_output_check = parent.require_output_check
+            self.buffer = parent.buffer
+            self.block = parent.block
+
+        # a toplevel frame is the root + soft frames such as if conditions.
+        self.toplevel = False
+
+        # the root frame is basically just the outermost frame, so no if
+        # conditions.  This information is used to optimize inheritance
+        # situations.
+        self.rootlevel = False
+
+        # variables set inside of loops and blocks should not affect outer frames,
+        # but they still needs to be kept track of as part of the active context.
+        self.loop_frame = False
+        self.block_frame = False
+
+        # track whether the frame is being used in an if-statement or conditional
+        # expression as it determines which errors should be raised during runtime
+        # or compile time.
+        self.soft_frame = False
+
+    def copy(self) -> "Frame":
+        """Create a copy of the current one."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.symbols = self.symbols.copy()
+        return rv
+
+    def inner(self, isolated: bool = False) -> "Frame":
+        """Return an inner frame."""
+        if isolated:
+            return Frame(self.eval_ctx, level=self.symbols.level + 1)
+        return Frame(self.eval_ctx, self)
+
+    def soft(self) -> "Frame":
+        """Return a soft frame.  A soft frame may not be modified as
+        standalone thing as it shares the resources with the frame it
+        was created of, but it's not a rootlevel frame any longer.
+
+        This is only used to implement if-statements and conditional
+        expressions.
+        """
+        rv = self.copy()
+        rv.rootlevel = False
+        rv.soft_frame = True
+        return rv
+
+    __copy__ = copy
+
+
+class VisitorExit(RuntimeError):
+    """Exception used by the `UndeclaredNameVisitor` to signal a stop."""
+
+
+class DependencyFinderVisitor(NodeVisitor):
+    """A visitor that collects filter and test calls."""
+
+    def __init__(self) -> None:
+        self.filters: t.Set[str] = set()
+        self.tests: t.Set[str] = set()
+
+    def visit_Filter(self, node: nodes.Filter) -> None:
+        self.generic_visit(node)
+        self.filters.add(node.name)
+
+    def visit_Test(self, node: nodes.Test) -> None:
+        self.generic_visit(node)
+        self.tests.add(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting at blocks."""
+
+
+class UndeclaredNameVisitor(NodeVisitor):
+    """A visitor that checks if a name is accessed without being
+    declared.  This is different from the frame visitor as it will
+    not stop at closure frames.
+    """
+
+    def __init__(self, names: t.Iterable[str]) -> None:
+        self.names = set(names)
+        self.undeclared: t.Set[str] = set()
+
+    def visit_Name(self, node: nodes.Name) -> None:
+        if node.ctx == "load" and node.name in self.names:
+            self.undeclared.add(node.name)
+            if self.undeclared == self.names:
+                raise VisitorExit()
+        else:
+            self.names.discard(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting a blocks."""
+
+
+class CompilerExit(Exception):
+    """Raised if the compiler encountered a situation where it just
+    doesn't make sense to further process the code.  Any block that
+    raises such an exception is not further processed.
+    """
+
+
+class CodeGenerator(NodeVisitor):
+    def __init__(
+        self,
+        environment: "Environment",
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        stream: t.Optional[t.TextIO] = None,
+        defer_init: bool = False,
+        optimized: bool = True,
+    ) -> None:
+        if stream is None:
+            stream = StringIO()
+        self.environment = environment
+        self.name = name
+        self.filename = filename
+        self.stream = stream
+        self.created_block_context = False
+        self.defer_init = defer_init
+        self.optimizer: t.Optional[Optimizer] = None
+
+        if optimized:
+            self.optimizer = Optimizer(environment)
+
+        # aliases for imports
+        self.import_aliases: t.Dict[str, str] = {}
+
+        # a registry for all blocks.  Because blocks are moved out
+        # into the global python scope they are registered here
+        self.blocks: t.Dict[str, nodes.Block] = {}
+
+        # the number of extends statements so far
+        self.extends_so_far = 0
+
+        # some templates have a rootlevel extends.  In this case we
+        # can safely assume that we're a child template and do some
+        # more optimizations.
+        self.has_known_extends = False
+
+        # the current line number
+        self.code_lineno = 1
+
+        # registry of all filters and tests (global, not block local)
+        self.tests: t.Dict[str, str] = {}
+        self.filters: t.Dict[str, str] = {}
+
+        # the debug information
+        self.debug_info: t.List[t.Tuple[int, int]] = []
+        self._write_debug_info: t.Optional[int] = None
+
+        # the number of new lines before the next write()
+        self._new_lines = 0
+
+        # the line number of the last written statement
+        self._last_line = 0
+
+        # true if nothing was written so far.
+        self._first_write = True
+
+        # used by the `temporary_identifier` method to get new
+        # unique, temporary identifier
+        self._last_identifier = 0
+
+        # the current indentation
+        self._indentation = 0
+
+        # Tracks toplevel assignments
+        self._assign_stack: t.List[t.Set[str]] = []
+
+        # Tracks parameter definition blocks
+        self._param_def_block: t.List[t.Set[str]] = []
+
+        # Tracks the current context.
+        self._context_reference_stack = ["context"]
+
+    @property
+    def optimized(self) -> bool:
+        return self.optimizer is not None
+
+    # -- Various compilation helpers
+
+    def fail(self, msg: str, lineno: int) -> "te.NoReturn":
+        """Fail with a :exc:`TemplateAssertionError`."""
+        raise TemplateAssertionError(msg, lineno, self.name, self.filename)
+
+    def temporary_identifier(self) -> str:
+        """Get a new unique identifier."""
+        self._last_identifier += 1
+        return f"t_{self._last_identifier}"
+
+    def buffer(self, frame: Frame) -> None:
+        """Enable buffering for the frame from that point onwards."""
+        frame.buffer = self.temporary_identifier()
+        self.writeline(f"{frame.buffer} = []")
+
+    def return_buffer_contents(
+        self, frame: Frame, force_unescaped: bool = False
+    ) -> None:
+        """Return the buffer contents of the frame."""
+        if not force_unescaped:
+            if frame.eval_ctx.volatile:
+                self.writeline("if context.eval_ctx.autoescape:")
+                self.indent()
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                self.outdent()
+                self.writeline("else:")
+                self.indent()
+                self.writeline(f"return concat({frame.buffer})")
+                self.outdent()
+                return
+            elif frame.eval_ctx.autoescape:
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                return
+        self.writeline(f"return concat({frame.buffer})")
+
+    def indent(self) -> None:
+        """Indent by one."""
+        self._indentation += 1
+
+    def outdent(self, step: int = 1) -> None:
+        """Outdent by step."""
+        self._indentation -= step
+
+    def start_write(self, frame: Frame, node: t.Optional[nodes.Node] = None) -> None:
+        """Yield or write into the frame buffer."""
+        if frame.buffer is None:
+            self.writeline("yield ", node)
+        else:
+            self.writeline(f"{frame.buffer}.append(", node)
+
+    def end_write(self, frame: Frame) -> None:
+        """End the writing process started by `start_write`."""
+        if frame.buffer is not None:
+            self.write(")")
+
+    def simple_write(
+        self, s: str, frame: Frame, node: t.Optional[nodes.Node] = None
+    ) -> None:
+        """Simple shortcut for start_write + write + end_write."""
+        self.start_write(frame, node)
+        self.write(s)
+        self.end_write(frame)
+
+    def blockvisit(self, nodes: t.Iterable[nodes.Node], frame: Frame) -> None:
+        """Visit a list of nodes as block in a frame.  If the current frame
+        is no buffer a dummy ``if 0: yield None`` is written automatically.
+        """
+        try:
+            self.writeline("pass")
+            for node in nodes:
+                self.visit(node, frame)
+        except CompilerExit:
+            pass
+
+    def write(self, x: str) -> None:
+        """Write a string into the output stream."""
+        if self._new_lines:
+            if not self._first_write:
+                self.stream.write("\n" * self._new_lines)
+                self.code_lineno += self._new_lines
+                if self._write_debug_info is not None:
+                    self.debug_info.append((self._write_debug_info, self.code_lineno))
+                    self._write_debug_info = None
+            self._first_write = False
+            self.stream.write("    " * self._indentation)
+            self._new_lines = 0
+        self.stream.write(x)
+
+    def writeline(
+        self, x: str, node: t.Optional[nodes.Node] = None, extra: int = 0
+    ) -> None:
+        """Combination of newline and write."""
+        self.newline(node, extra)
+        self.write(x)
+
+    def newline(self, node: t.Optional[nodes.Node] = None, extra: int = 0) -> None:
+        """Add one or more newlines before the next write."""
+        self._new_lines = max(self._new_lines, 1 + extra)
+        if node is not None and node.lineno != self._last_line:
+            self._write_debug_info = node.lineno
+            self._last_line = node.lineno
+
+    def signature(
+        self,
+        node: t.Union[nodes.Call, nodes.Filter, nodes.Test],
+        frame: Frame,
+        extra_kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> None:
+        """Writes a function call to the stream for the current node.
+        A leading comma is added automatically.  The extra keyword
+        arguments may not include python keywords otherwise a syntax
+        error could occur.  The extra keyword arguments should be given
+        as python dict.
+        """
+        # if any of the given keyword arguments is a python keyword
+        # we have to make sure that no invalid call is created.
+        kwarg_workaround = any(
+            is_python_keyword(t.cast(str, k))
+            for k in chain((x.key for x in node.kwargs), extra_kwargs or ())
+        )
+
+        for arg in node.args:
+            self.write(", ")
+            self.visit(arg, frame)
+
+        if not kwarg_workaround:
+            for kwarg in node.kwargs:
+                self.write(", ")
+                self.visit(kwarg, frame)
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f", {key}={value}")
+        if node.dyn_args:
+            self.write(", *")
+            self.visit(node.dyn_args, frame)
+
+        if kwarg_workaround:
+            if node.dyn_kwargs is not None:
+                self.write(", **dict({")
+            else:
+                self.write(", **{")
+            for kwarg in node.kwargs:
+                self.write(f"{kwarg.key!r}: ")
+                self.visit(kwarg.value, frame)
+                self.write(", ")
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f"{key!r}: {value}, ")
+            if node.dyn_kwargs is not None:
+                self.write("}, **")
+                self.visit(node.dyn_kwargs, frame)
+                self.write(")")
+            else:
+                self.write("}")
+
+        elif node.dyn_kwargs is not None:
+            self.write(", **")
+            self.visit(node.dyn_kwargs, frame)
+
+    def pull_dependencies(self, nodes: t.Iterable[nodes.Node]) -> None:
+        """Find all filter and test names used in the template and
+        assign them to variables in the compiled namespace. Checking
+        that the names are registered with the environment is done when
+        compiling the Filter and Test nodes. If the node is in an If or
+        CondExpr node, the check is done at runtime instead.
+
+        .. versionchanged:: 3.0
+            Filters and tests in If and CondExpr nodes are checked at
+            runtime instead of compile time.
+        """
+        visitor = DependencyFinderVisitor()
+
+        for node in nodes:
+            visitor.visit(node)
+
+        for id_map, names, dependency in (
+            (self.filters, visitor.filters, "filters"),
+            (
+                self.tests,
+                visitor.tests,
+                "tests",
+            ),
+        ):
+            for name in sorted(names):
+                if name not in id_map:
+                    id_map[name] = self.temporary_identifier()
+
+                # add check during runtime that dependencies used inside of executed
+                # blocks are defined, as this step may be skipped during compile time
+                self.writeline("try:")
+                self.indent()
+                self.writeline(f"{id_map[name]} = environment.{dependency}[{name!r}]")
+                self.outdent()
+                self.writeline("except KeyError:")
+                self.indent()
+                self.writeline("@internalcode")
+                self.writeline(f"def {id_map[name]}(*unused):")
+                self.indent()
+                self.writeline(
+                    f'raise TemplateRuntimeError("No {dependency[:-1]}'
+                    f' named {name!r} found.")'
+                )
+                self.outdent()
+                self.outdent()
+
+    def enter_frame(self, frame: Frame) -> None:
+        undefs = []
+        for target, (action, param) in frame.symbols.loads.items():
+            if action == VAR_LOAD_PARAMETER:
+                pass
+            elif action == VAR_LOAD_RESOLVE:
+                self.writeline(f"{target} = {self.get_resolve_func()}({param!r})")
+            elif action == VAR_LOAD_ALIAS:
+                self.writeline(f"{target} = {param}")
+            elif action == VAR_LOAD_UNDEFINED:
+                undefs.append(target)
+            else:
+                raise NotImplementedError("unknown load instruction")
+        if undefs:
+            self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def leave_frame(self, frame: Frame, with_python_scope: bool = False) -> None:
+        if not with_python_scope:
+            undefs = []
+            for target in frame.symbols.loads:
+                undefs.append(target)
+            if undefs:
+                self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def choose_async(self, async_value: str = "async ", sync_value: str = "") -> str:
+        return async_value if self.environment.is_async else sync_value
+
+    def func(self, name: str) -> str:
+        return f"{self.choose_async()}def {name}"
+
+    def macro_body(
+        self, node: t.Union[nodes.Macro, nodes.CallBlock], frame: Frame
+    ) -> t.Tuple[Frame, MacroRef]:
+        """Dump the function def of a macro or call block."""
+        frame = frame.inner()
+        frame.symbols.analyze_node(node)
+        macro_ref = MacroRef(node)
+
+        explicit_caller = None
+        skip_special_params = set()
+        args = []
+
+        for idx, arg in enumerate(node.args):
+            if arg.name == "caller":
+                explicit_caller = idx
+            if arg.name in ("kwargs", "varargs"):
+                skip_special_params.add(arg.name)
+            args.append(frame.symbols.ref(arg.name))
+
+        undeclared = find_undeclared(node.body, ("caller", "kwargs", "varargs"))
+
+        if "caller" in undeclared:
+            # In older Jinja versions there was a bug that allowed caller
+            # to retain the special behavior even if it was mentioned in
+            # the argument list.  However thankfully this was only really
+            # working if it was the last argument.  So we are explicitly
+            # checking this now and error out if it is anywhere else in
+            # the argument list.
+            if explicit_caller is not None:
+                try:
+                    node.defaults[explicit_caller - len(node.args)]
+                except IndexError:
+                    self.fail(
+                        "When defining macros or call blocks the "
+                        'special "caller" argument must be omitted '
+                        "or be given a default.",
+                        node.lineno,
+                    )
+            else:
+                args.append(frame.symbols.declare_parameter("caller"))
+            macro_ref.accesses_caller = True
+        if "kwargs" in undeclared and "kwargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("kwargs"))
+            macro_ref.accesses_kwargs = True
+        if "varargs" in undeclared and "varargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("varargs"))
+            macro_ref.accesses_varargs = True
+
+        # macros are delayed, they never require output checks
+        frame.require_output_check = False
+        frame.symbols.analyze_node(node)
+        self.writeline(f"{self.func('macro')}({', '.join(args)}):", node)
+        self.indent()
+
+        self.buffer(frame)
+        self.enter_frame(frame)
+
+        self.push_parameter_definitions(frame)
+        for idx, arg in enumerate(node.args):
+            ref = frame.symbols.ref(arg.name)
+            self.writeline(f"if {ref} is missing:")
+            self.indent()
+            try:
+                default = node.defaults[idx - len(node.args)]
+            except IndexError:
+                self.writeline(
+                    f'{ref} = undefined("parameter {arg.name!r} was not provided",'
+                    f" name={arg.name!r})"
+                )
+            else:
+                self.writeline(f"{ref} = ")
+                self.visit(default, frame)
+            self.mark_parameter_stored(ref)
+            self.outdent()
+        self.pop_parameter_definitions()
+
+        self.blockvisit(node.body, frame)
+        self.return_buffer_contents(frame, force_unescaped=True)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        return frame, macro_ref
+
+    def macro_def(self, macro_ref: MacroRef, frame: Frame) -> None:
+        """Dump the macro definition for the def created by macro_body."""
+        arg_tuple = ", ".join(repr(x.name) for x in macro_ref.node.args)
+        name = getattr(macro_ref.node, "name", None)
+        if len(macro_ref.node.args) == 1:
+            arg_tuple += ","
+        self.write(
+            f"Macro(environment, macro, {name!r}, ({arg_tuple}),"
+            f" {macro_ref.accesses_kwargs!r}, {macro_ref.accesses_varargs!r},"
+            f" {macro_ref.accesses_caller!r}, context.eval_ctx.autoescape)"
+        )
+
+    def position(self, node: nodes.Node) -> str:
+        """Return a human readable position for the node."""
+        rv = f"line {node.lineno}"
+        if self.name is not None:
+            rv = f"{rv} in {self.name!r}"
+        return rv
+
+    def dump_local_context(self, frame: Frame) -> str:
+        items_kv = ", ".join(
+            f"{name!r}: {target}"
+            for name, target in frame.symbols.dump_stores().items()
+        )
+        return f"{{{items_kv}}}"
+
+    def write_commons(self) -> None:
+        """Writes a common preamble that is used by root and block functions.
+        Primarily this sets up common local helpers and enforces a generator
+        through a dead branch.
+        """
+        self.writeline("resolve = context.resolve_or_missing")
+        self.writeline("undefined = environment.undefined")
+        self.writeline("concat = environment.concat")
+        # always use the standard Undefined class for the implicit else of
+        # conditional expressions
+        self.writeline("cond_expr_undefined = Undefined")
+        self.writeline("if 0: yield None")
+
+    def push_parameter_definitions(self, frame: Frame) -> None:
+        """Pushes all parameter targets from the given frame into a local
+        stack that permits tracking of yet to be assigned parameters.  In
+        particular this enables the optimization from `visit_Name` to skip
+        undefined expressions for parameters in macros as macros can reference
+        otherwise unbound parameters.
+        """
+        self._param_def_block.append(frame.symbols.dump_param_targets())
+
+    def pop_parameter_definitions(self) -> None:
+        """Pops the current parameter definitions set."""
+        self._param_def_block.pop()
+
+    def mark_parameter_stored(self, target: str) -> None:
+        """Marks a parameter in the current parameter definitions as stored.
+        This will skip the enforced undefined checks.
+        """
+        if self._param_def_block:
+            self._param_def_block[-1].discard(target)
+
+    def push_context_reference(self, target: str) -> None:
+        self._context_reference_stack.append(target)
+
+    def pop_context_reference(self) -> None:
+        self._context_reference_stack.pop()
+
+    def get_context_ref(self) -> str:
+        return self._context_reference_stack[-1]
+
+    def get_resolve_func(self) -> str:
+        target = self._context_reference_stack[-1]
+        if target == "context":
+            return "resolve"
+        return f"{target}.resolve"
+
+    def derive_context(self, frame: Frame) -> str:
+        return f"{self.get_context_ref()}.derived({self.dump_local_context(frame)})"
+
+    def parameter_is_undeclared(self, target: str) -> bool:
+        """Checks if a given target is an undeclared parameter."""
+        if not self._param_def_block:
+            return False
+        return target in self._param_def_block[-1]
+
+    def push_assign_tracking(self) -> None:
+        """Pushes a new layer for assignment tracking."""
+        self._assign_stack.append(set())
+
+    def pop_assign_tracking(self, frame: Frame) -> None:
+        """Pops the topmost level for assignment tracking and updates the
+        context variables if necessary.
+        """
+        vars = self._assign_stack.pop()
+        if (
+            not frame.block_frame
+            and not frame.loop_frame
+            and not frame.toplevel
+            or not vars
+        ):
+            return
+        public_names = [x for x in vars if x[:1] != "_"]
+        if len(vars) == 1:
+            name = next(iter(vars))
+            ref = frame.symbols.ref(name)
+            if frame.loop_frame:
+                self.writeline(f"_loop_vars[{name!r}] = {ref}")
+                return
+            if frame.block_frame:
+                self.writeline(f"_block_vars[{name!r}] = {ref}")
+                return
+            self.writeline(f"context.vars[{name!r}] = {ref}")
+        else:
+            if frame.loop_frame:
+                self.writeline("_loop_vars.update({")
+            elif frame.block_frame:
+                self.writeline("_block_vars.update({")
+            else:
+                self.writeline("context.vars.update({")
+            for idx, name in enumerate(vars):
+                if idx:
+                    self.write(", ")
+                ref = frame.symbols.ref(name)
+                self.write(f"{name!r}: {ref}")
+            self.write("})")
+        if not frame.block_frame and not frame.loop_frame and public_names:
+            if len(public_names) == 1:
+                self.writeline(f"context.exported_vars.add({public_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, public_names))
+                self.writeline(f"context.exported_vars.update(({names_str}))")
+
+    # -- Statement Visitors
+
+    def visit_Template(
+        self, node: nodes.Template, frame: t.Optional[Frame] = None
+    ) -> None:
+        assert frame is None, "no root frame allowed"
+        eval_ctx = EvalContext(self.environment, self.name)
+
+        from .runtime import async_exported
+        from .runtime import exported
+
+        if self.environment.is_async:
+            exported_names = sorted(exported + async_exported)
+        else:
+            exported_names = sorted(exported)
+
+        self.writeline("from jinja2.runtime import " + ", ".join(exported_names))
+
+        # if we want a deferred initialization we cannot move the
+        # environment into a local name
+        envenv = "" if self.defer_init else ", environment=environment"
+
+        # do we have an extends tag at all?  If not, we can save some
+        # overhead by just not processing any inheritance code.
+        have_extends = node.find(nodes.Extends) is not None
+
+        # find all blocks
+        for block in node.find_all(nodes.Block):
+            if block.name in self.blocks:
+                self.fail(f"block {block.name!r} defined twice", block.lineno)
+            self.blocks[block.name] = block
+
+        # find all imports and import them
+        for import_ in node.find_all(nodes.ImportedName):
+            if import_.importname not in self.import_aliases:
+                imp = import_.importname
+                self.import_aliases[imp] = alias = self.temporary_identifier()
+                if "." in imp:
+                    module, obj = imp.rsplit(".", 1)
+                    self.writeline(f"from {module} import {obj} as {alias}")
+                else:
+                    self.writeline(f"import {imp} as {alias}")
+
+        # add the load name
+        self.writeline(f"name = {self.name!r}")
+
+        # generate the root render function.
+        self.writeline(
+            f"{self.func('root')}(context, missing=missing{envenv}):", extra=1
+        )
+        self.indent()
+        self.write_commons()
+
+        # process the root
+        frame = Frame(eval_ctx)
+        if "self" in find_undeclared(node.body, ("self",)):
+            ref = frame.symbols.declare_parameter("self")
+            self.writeline(f"{ref} = TemplateReference(context)")
+        frame.symbols.analyze_node(node)
+        frame.toplevel = frame.rootlevel = True
+        frame.require_output_check = have_extends and not self.has_known_extends
+        if have_extends:
+            self.writeline("parent_template = None")
+        self.enter_frame(frame)
+        self.pull_dependencies(node.body)
+        self.blockvisit(node.body, frame)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        # make sure that the parent root is called.
+        if have_extends:
+            if not self.has_known_extends:
+                self.indent()
+                self.writeline("if parent_template is not None:")
+            self.indent()
+            if not self.environment.is_async:
+                self.writeline("yield from parent_template.root_render_func(context)")
+            else:
+                self.writeline(
+                    "async for event in parent_template.root_render_func(context):"
+                )
+                self.indent()
+                self.writeline("yield event")
+                self.outdent()
+            self.outdent(1 + (not self.has_known_extends))
+
+        # at this point we now have the blocks collected and can visit them too.
+        for name, block in self.blocks.items():
+            self.writeline(
+                f"{self.func('block_' + name)}(context, missing=missing{envenv}):",
+                block,
+                1,
+            )
+            self.indent()
+            self.write_commons()
+            # It's important that we do not make this frame a child of the
+            # toplevel template.  This would cause a variety of
+            # interesting issues with identifier tracking.
+            block_frame = Frame(eval_ctx)
+            block_frame.block_frame = True
+            undeclared = find_undeclared(block.body, ("self", "super"))
+            if "self" in undeclared:
+                ref = block_frame.symbols.declare_parameter("self")
+                self.writeline(f"{ref} = TemplateReference(context)")
+            if "super" in undeclared:
+                ref = block_frame.symbols.declare_parameter("super")
+                self.writeline(f"{ref} = context.super({name!r}, block_{name})")
+            block_frame.symbols.analyze_node(block)
+            block_frame.block = name
+            self.writeline("_block_vars = {}")
+            self.enter_frame(block_frame)
+            self.pull_dependencies(block.body)
+            self.blockvisit(block.body, block_frame)
+            self.leave_frame(block_frame, with_python_scope=True)
+            self.outdent()
+
+        blocks_kv_str = ", ".join(f"{x!r}: block_{x}" for x in self.blocks)
+        self.writeline(f"blocks = {{{blocks_kv_str}}}", extra=1)
+        debug_kv_str = "&".join(f"{k}={v}" for k, v in self.debug_info)
+        self.writeline(f"debug_info = {debug_kv_str!r}")
+
+    def visit_Block(self, node: nodes.Block, frame: Frame) -> None:
+        """Call a block and register it for the template."""
+        level = 0
+        if frame.toplevel:
+            # if we know that we are a child template, there is no need to
+            # check if we are one
+            if self.has_known_extends:
+                return
+            if self.extends_so_far > 0:
+                self.writeline("if parent_template is None:")
+                self.indent()
+                level += 1
+
+        if node.scoped:
+            context = self.derive_context(frame)
+        else:
+            context = self.get_context_ref()
+
+        if node.required:
+            self.writeline(f"if len(context.blocks[{node.name!r}]) <= 1:", node)
+            self.indent()
+            self.writeline(
+                f'raise TemplateRuntimeError("Required block {node.name!r} not found")',
+                node,
+            )
+            self.outdent()
+
+        if not self.environment.is_async and frame.buffer is None:
+            self.writeline(
+                f"yield from context.blocks[{node.name!r}][0]({context})", node
+            )
+        else:
+            self.writeline(
+                f"{self.choose_async()}for event in"
+                f" context.blocks[{node.name!r}][0]({context}):",
+                node,
+            )
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        self.outdent(level)
+
+    def visit_Extends(self, node: nodes.Extends, frame: Frame) -> None:
+        """Calls the extender."""
+        if not frame.toplevel:
+            self.fail("cannot use extend from a non top-level scope", node.lineno)
+
+        # if the number of extends statements in general is zero so
+        # far, we don't have to add a check if something extended
+        # the template before this one.
+        if self.extends_so_far > 0:
+            # if we have a known extends we just add a template runtime
+            # error into the generated code.  We could catch that at compile
+            # time too, but i welcome it not to confuse users by throwing the
+            # same error at different times just "because we can".
+            if not self.has_known_extends:
+                self.writeline("if parent_template is not None:")
+                self.indent()
+            self.writeline('raise TemplateRuntimeError("extended multiple times")')
+
+            # if we have a known extends already we don't need that code here
+            # as we know that the template execution will end here.
+            if self.has_known_extends:
+                raise CompilerExit()
+            else:
+                self.outdent()
+
+        self.writeline("parent_template = environment.get_template(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        self.writeline("for name, parent_block in parent_template.blocks.items():")
+        self.indent()
+        self.writeline("context.blocks.setdefault(name, []).append(parent_block)")
+        self.outdent()
+
+        # if this extends statement was in the root level we can take
+        # advantage of that information and simplify the generated code
+        # in the top level from this point onwards
+        if frame.rootlevel:
+            self.has_known_extends = True
+
+        # and now we have one more
+        self.extends_so_far += 1
+
+    def visit_Include(self, node: nodes.Include, frame: Frame) -> None:
+        """Handles includes."""
+        if node.ignore_missing:
+            self.writeline("try:")
+            self.indent()
+
+        func_name = "get_or_select_template"
+        if isinstance(node.template, nodes.Const):
+            if isinstance(node.template.value, str):
+                func_name = "get_template"
+            elif isinstance(node.template.value, (tuple, list)):
+                func_name = "select_template"
+        elif isinstance(node.template, (nodes.Tuple, nodes.List)):
+            func_name = "select_template"
+
+        self.writeline(f"template = environment.{func_name}(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        if node.ignore_missing:
+            self.outdent()
+            self.writeline("except TemplateNotFound:")
+            self.indent()
+            self.writeline("pass")
+            self.outdent()
+            self.writeline("else:")
+            self.indent()
+
+        skip_event_yield = False
+        if node.with_context:
+            self.writeline(
+                f"{self.choose_async()}for event in template.root_render_func("
+                "template.new_context(context.get_all(), True,"
+                f" {self.dump_local_context(frame)})):"
+            )
+        elif self.environment.is_async:
+            self.writeline(
+                "for event in (await template._get_default_module_async())"
+                "._body_stream:"
+            )
+        else:
+            self.writeline("yield from template._get_default_module()._body_stream")
+            skip_event_yield = True
+
+        if not skip_event_yield:
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        if node.ignore_missing:
+            self.outdent()
+
+    def _import_common(
+        self, node: t.Union[nodes.Import, nodes.FromImport], frame: Frame
+    ) -> None:
+        self.write(f"{self.choose_async('await ')}environment.get_template(")
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r}).")
+
+        if node.with_context:
+            f_name = f"make_module{self.choose_async('_async')}"
+            self.write(
+                f"{f_name}(context.get_all(), True, {self.dump_local_context(frame)})"
+            )
+        else:
+            self.write(f"_get_default_module{self.choose_async('_async')}(context)")
+
+    def visit_Import(self, node: nodes.Import, frame: Frame) -> None:
+        """Visit regular imports."""
+        self.writeline(f"{frame.symbols.ref(node.target)} = ", node)
+        if frame.toplevel:
+            self.write(f"context.vars[{node.target!r}] = ")
+
+        self._import_common(node, frame)
+
+        if frame.toplevel and not node.target.startswith("_"):
+            self.writeline(f"context.exported_vars.discard({node.target!r})")
+
+    def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
+        """Visit named imports."""
+        self.newline(node)
+        self.write("included_template = ")
+        self._import_common(node, frame)
+        var_names = []
+        discarded_names = []
+        for name in node.names:
+            if isinstance(name, tuple):
+                name, alias = name
+            else:
+                alias = name
+            self.writeline(
+                f"{frame.symbols.ref(alias)} ="
+                f" getattr(included_template, {name!r}, missing)"
+            )
+            self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
+            self.indent()
+            message = (
+                "the template {included_template.__name__!r}"
+                f" (imported on {self.position(node)})"
+                f" does not export the requested name {name!r}"
+            )
+            self.writeline(
+                f"{frame.symbols.ref(alias)} = undefined(f{message!r}, name={name!r})"
+            )
+            self.outdent()
+            if frame.toplevel:
+                var_names.append(alias)
+                if not alias.startswith("_"):
+                    discarded_names.append(alias)
+
+        if var_names:
+            if len(var_names) == 1:
+                name = var_names[0]
+                self.writeline(f"context.vars[{name!r}] = {frame.symbols.ref(name)}")
+            else:
+                names_kv = ", ".join(
+                    f"{name!r}: {frame.symbols.ref(name)}" for name in var_names
+                )
+                self.writeline(f"context.vars.update({{{names_kv}}})")
+        if discarded_names:
+            if len(discarded_names) == 1:
+                self.writeline(f"context.exported_vars.discard({discarded_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, discarded_names))
+                self.writeline(
+                    f"context.exported_vars.difference_update(({names_str}))"
+                )
+
+    def visit_For(self, node: nodes.For, frame: Frame) -> None:
+        loop_frame = frame.inner()
+        loop_frame.loop_frame = True
+        test_frame = frame.inner()
+        else_frame = frame.inner()
+
+        # try to figure out if we have an extended loop.  An extended loop
+        # is necessary if the loop is in recursive mode if the special loop
+        # variable is accessed in the body if the body is a scoped block.
+        extended_loop = (
+            node.recursive
+            or "loop"
+            in find_undeclared(node.iter_child_nodes(only=("body",)), ("loop",))
+            or any(block.scoped for block in node.find_all(nodes.Block))
+        )
+
+        loop_ref = None
+        if extended_loop:
+            loop_ref = loop_frame.symbols.declare_parameter("loop")
+
+        loop_frame.symbols.analyze_node(node, for_branch="body")
+        if node.else_:
+            else_frame.symbols.analyze_node(node, for_branch="else")
+
+        if node.test:
+            loop_filter_func = self.temporary_identifier()
+            test_frame.symbols.analyze_node(node, for_branch="test")
+            self.writeline(f"{self.func(loop_filter_func)}(fiter):", node.test)
+            self.indent()
+            self.enter_frame(test_frame)
+            self.writeline(self.choose_async("async for ", "for "))
+            self.visit(node.target, loop_frame)
+            self.write(" in ")
+            self.write(self.choose_async("auto_aiter(fiter)", "fiter"))
+            self.write(":")
+            self.indent()
+            self.writeline("if ", node.test)
+            self.visit(node.test, test_frame)
+            self.write(":")
+            self.indent()
+            self.writeline("yield ")
+            self.visit(node.target, loop_frame)
+            self.outdent(3)
+            self.leave_frame(test_frame, with_python_scope=True)
+
+        # if we don't have an recursive loop we have to find the shadowed
+        # variables at that point.  Because loops can be nested but the loop
+        # variable is a special one we have to enforce aliasing for it.
+        if node.recursive:
+            self.writeline(
+                f"{self.func('loop')}(reciter, loop_render_func, depth=0):", node
+            )
+            self.indent()
+            self.buffer(loop_frame)
+
+            # Use the same buffer for the else frame
+            else_frame.buffer = loop_frame.buffer
+
+        # make sure the loop variable is a special one and raise a template
+        # assertion error if a loop tries to write to loop
+        if extended_loop:
+            self.writeline(f"{loop_ref} = missing")
+
+        for name in node.find_all(nodes.Name):
+            if name.ctx == "store" and name.name == "loop":
+                self.fail(
+                    "Can't assign to special loop variable in for-loop target",
+                    name.lineno,
+                )
+
+        if node.else_:
+            iteration_indicator = self.temporary_identifier()
+            self.writeline(f"{iteration_indicator} = 1")
+
+        self.writeline(self.choose_async("async for ", "for "), node)
+        self.visit(node.target, loop_frame)
+        if extended_loop:
+            self.write(f", {loop_ref} in {self.choose_async('Async')}LoopContext(")
+        else:
+            self.write(" in ")
+
+        if node.test:
+            self.write(f"{loop_filter_func}(")
+        if node.recursive:
+            self.write("reciter")
+        else:
+            if self.environment.is_async and not extended_loop:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async and not extended_loop:
+                self.write(")")
+        if node.test:
+            self.write(")")
+
+        if node.recursive:
+            self.write(", undefined, loop_render_func, depth):")
+        else:
+            self.write(", undefined):" if extended_loop else ":")
+
+        self.indent()
+        self.enter_frame(loop_frame)
+
+        self.writeline("_loop_vars = {}")
+        self.blockvisit(node.body, loop_frame)
+        if node.else_:
+            self.writeline(f"{iteration_indicator} = 0")
+        self.outdent()
+        self.leave_frame(
+            loop_frame, with_python_scope=node.recursive and not node.else_
+        )
+
+        if node.else_:
+            self.writeline(f"if {iteration_indicator}:")
+            self.indent()
+            self.enter_frame(else_frame)
+            self.blockvisit(node.else_, else_frame)
+            self.leave_frame(else_frame)
+            self.outdent()
+
+        # if the node was recursive we have to return the buffer contents
+        # and start the iteration code
+        if node.recursive:
+            self.return_buffer_contents(loop_frame)
+            self.outdent()
+            self.start_write(frame, node)
+            self.write(f"{self.choose_async('await ')}loop(")
+            if self.environment.is_async:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async:
+                self.write(")")
+            self.write(", loop)")
+            self.end_write(frame)
+
+        # at the end of the iteration, clear any assignments made in the
+        # loop from the top level
+        if self._assign_stack:
+            self._assign_stack[-1].difference_update(loop_frame.symbols.stores)
+
+    def visit_If(self, node: nodes.If, frame: Frame) -> None:
+        if_frame = frame.soft()
+        self.writeline("if ", node)
+        self.visit(node.test, if_frame)
+        self.write(":")
+        self.indent()
+        self.blockvisit(node.body, if_frame)
+        self.outdent()
+        for elif_ in node.elif_:
+            self.writeline("elif ", elif_)
+            self.visit(elif_.test, if_frame)
+            self.write(":")
+            self.indent()
+            self.blockvisit(elif_.body, if_frame)
+            self.outdent()
+        if node.else_:
+            self.writeline("else:")
+            self.indent()
+            self.blockvisit(node.else_, if_frame)
+            self.outdent()
+
+    def visit_Macro(self, node: nodes.Macro, frame: Frame) -> None:
+        macro_frame, macro_ref = self.macro_body(node, frame)
+        self.newline()
+        if frame.toplevel:
+            if not node.name.startswith("_"):
+                self.write(f"context.exported_vars.add({node.name!r})")
+            self.writeline(f"context.vars[{node.name!r}] = ")
+        self.write(f"{frame.symbols.ref(node.name)} = ")
+        self.macro_def(macro_ref, macro_frame)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, frame: Frame) -> None:
+        call_frame, macro_ref = self.macro_body(node, frame)
+        self.writeline("caller = ")
+        self.macro_def(macro_ref, call_frame)
+        self.start_write(frame, node)
+        self.visit_Call(node.call, frame, forward_caller=True)
+        self.end_write(frame)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, frame: Frame) -> None:
+        filter_frame = frame.inner()
+        filter_frame.symbols.analyze_node(node)
+        self.enter_frame(filter_frame)
+        self.buffer(filter_frame)
+        self.blockvisit(node.body, filter_frame)
+        self.start_write(frame, node)
+        self.visit_Filter(node.filter, filter_frame)
+        self.end_write(frame)
+        self.leave_frame(filter_frame)
+
+    def visit_With(self, node: nodes.With, frame: Frame) -> None:
+        with_frame = frame.inner()
+        with_frame.symbols.analyze_node(node)
+        self.enter_frame(with_frame)
+        for target, expr in zip(node.targets, node.values):
+            self.newline()
+            self.visit(target, with_frame)
+            self.write(" = ")
+            self.visit(expr, frame)
+        self.blockvisit(node.body, with_frame)
+        self.leave_frame(with_frame)
+
+    def visit_ExprStmt(self, node: nodes.ExprStmt, frame: Frame) -> None:
+        self.newline(node)
+        self.visit(node.node, frame)
+
+    class _FinalizeInfo(t.NamedTuple):
+        const: t.Optional[t.Callable[..., str]]
+        src: t.Optional[str]
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        """The default finalize function if the environment isn't
+        configured with one. Or, if the environment has one, this is
+        called on that function's output for constants.
+        """
+        return str(value)
+
+    _finalize: t.Optional[_FinalizeInfo] = None
+
+    def _make_finalize(self) -> _FinalizeInfo:
+        """Build the finalize function to be used on constants and at
+        runtime. Cached so it's only created once for all output nodes.
+
+        Returns a ``namedtuple`` with the following attributes:
+
+        ``const``
+            A function to finalize constant data at compile time.
+
+        ``src``
+            Source code to output around nodes to be evaluated at
+            runtime.
+        """
+        if self._finalize is not None:
+            return self._finalize
+
+        finalize: t.Optional[t.Callable[..., t.Any]]
+        finalize = default = self._default_finalize
+        src = None
+
+        if self.environment.finalize:
+            src = "environment.finalize("
+            env_finalize = self.environment.finalize
+            pass_arg = {
+                _PassArg.context: "context",
+                _PassArg.eval_context: "context.eval_ctx",
+                _PassArg.environment: "environment",
+            }.get(
+                _PassArg.from_obj(env_finalize)  # type: ignore
+            )
+            finalize = None
+
+            if pass_arg is None:
+
+                def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                    return default(env_finalize(value))
+
+            else:
+                src = f"{src}{pass_arg}, "
+
+                if pass_arg == "environment":
+
+                    def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                        return default(env_finalize(self.environment, value))
+
+        self._finalize = self._FinalizeInfo(finalize, src)
+        return self._finalize
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        """Given a group of constant values converted from ``Output``
+        child nodes, produce a string to write to the template module
+        source.
+        """
+        return repr(concat(group))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> str:
+        """Try to optimize a child of an ``Output`` node by trying to
+        convert it to constant, finalized data at compile time.
+
+        If :exc:`Impossible` is raised, the node is not constant and
+        will be evaluated at runtime. Any other exception will also be
+        evaluated at runtime for easier debugging.
+        """
+        const = node.as_const(frame.eval_ctx)
+
+        if frame.eval_ctx.autoescape:
+            const = escape(const)
+
+        # Template data doesn't go through finalize.
+        if isinstance(node, nodes.TemplateData):
+            return str(const)
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code before visiting a child of an
+        ``Output`` node.
+        """
+        if frame.eval_ctx.volatile:
+            self.write("(escape if context.eval_ctx.autoescape else str)(")
+        elif frame.eval_ctx.autoescape:
+            self.write("escape(")
+        else:
+            self.write("str(")
+
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code after visiting a child of an
+        ``Output`` node.
+        """
+        self.write(")")
+
+        if finalize.src is not None:
+            self.write(")")
+
+    def visit_Output(self, node: nodes.Output, frame: Frame) -> None:
+        # If an extends is active, don't render outside a block.
+        if frame.require_output_check:
+            # A top-level extends is known to exist at compile time.
+            if self.has_known_extends:
+                return
+
+            self.writeline("if parent_template is None:")
+            self.indent()
+
+        finalize = self._make_finalize()
+        body: t.List[t.Union[t.List[t.Any], nodes.Expr]] = []
+
+        # Evaluate constants at compile time if possible. Each item in
+        # body will be either a list of static data or a node to be
+        # evaluated at runtime.
+        for child in node.nodes:
+            try:
+                if not (
+                    # If the finalize function requires runtime context,
+                    # constants can't be evaluated at compile time.
+                    finalize.const
+                    # Unless it's basic template data that won't be
+                    # finalized anyway.
+                    or isinstance(child, nodes.TemplateData)
+                ):
+                    raise nodes.Impossible()
+
+                const = self._output_child_to_const(child, frame, finalize)
+            except (nodes.Impossible, Exception):
+                # The node was not constant and needs to be evaluated at
+                # runtime. Or another error was raised, which is easier
+                # to debug at runtime.
+                body.append(child)
+                continue
+
+            if body and isinstance(body[-1], list):
+                body[-1].append(const)
+            else:
+                body.append([const])
+
+        if frame.buffer is not None:
+            if len(body) == 1:
+                self.writeline(f"{frame.buffer}.append(")
+            else:
+                self.writeline(f"{frame.buffer}.extend((")
+
+            self.indent()
+
+        for item in body:
+            if isinstance(item, list):
+                # A group of constant data to join and output.
+                val = self._output_const_repr(item)
+
+                if frame.buffer is None:
+                    self.writeline("yield " + val)
+                else:
+                    self.writeline(val + ",")
+            else:
+                if frame.buffer is None:
+                    self.writeline("yield ", item)
+                else:
+                    self.newline(item)
+
+                # A node to be evaluated at runtime.
+                self._output_child_pre(item, frame, finalize)
+                self.visit(item, frame)
+                self._output_child_post(item, frame, finalize)
+
+                if frame.buffer is not None:
+                    self.write(",")
+
+        if frame.buffer is not None:
+            self.outdent()
+            self.writeline(")" if len(body) == 1 else "))")
+
+        if frame.require_output_check:
+            self.outdent()
+
+    def visit_Assign(self, node: nodes.Assign, frame: Frame) -> None:
+        self.push_assign_tracking()
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = ")
+        self.visit(node.node, frame)
+        self.pop_assign_tracking(frame)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, frame: Frame) -> None:
+        self.push_assign_tracking()
+        block_frame = frame.inner()
+        # This is a special case.  Since a set block always captures we
+        # will disable output checks.  This way one can use set blocks
+        # toplevel even in extended templates.
+        block_frame.require_output_check = False
+        block_frame.symbols.analyze_node(node)
+        self.enter_frame(block_frame)
+        self.buffer(block_frame)
+        self.blockvisit(node.body, block_frame)
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = (Markup if context.eval_ctx.autoescape else identity)(")
+        if node.filter is not None:
+            self.visit_Filter(node.filter, block_frame)
+        else:
+            self.write(f"concat({block_frame.buffer})")
+        self.write(")")
+        self.pop_assign_tracking(frame)
+        self.leave_frame(block_frame)
+
+    # -- Expression Visitors
+
+    def visit_Name(self, node: nodes.Name, frame: Frame) -> None:
+        if node.ctx == "store" and (
+            frame.toplevel or frame.loop_frame or frame.block_frame
+        ):
+            if self._assign_stack:
+                self._assign_stack[-1].add(node.name)
+        ref = frame.symbols.ref(node.name)
+
+        # If we are looking up a variable we might have to deal with the
+        # case where it's undefined.  We can skip that case if the load
+        # instruction indicates a parameter which are always defined.
+        if node.ctx == "load":
+            load = frame.symbols.find_load(ref)
+            if not (
+                load is not None
+                and load[0] == VAR_LOAD_PARAMETER
+                and not self.parameter_is_undeclared(ref)
+            ):
+                self.write(
+                    f"(undefined(name={node.name!r}) if {ref} is missing else {ref})"
+                )
+                return
+
+        self.write(ref)
+
+    def visit_NSRef(self, node: nodes.NSRef, frame: Frame) -> None:
+        # NSRefs can only be used to store values; since they use the normal
+        # `foo.bar` notation they will be parsed as a normal attribute access
+        # when used anywhere but in a `set` context
+        ref = frame.symbols.ref(node.name)
+        self.writeline(f"if not isinstance({ref}, Namespace):")
+        self.indent()
+        self.writeline(
+            "raise TemplateRuntimeError"
+            '("cannot assign attribute on non-namespace object")'
+        )
+        self.outdent()
+        self.writeline(f"{ref}[{node.attr!r}]")
+
+    def visit_Const(self, node: nodes.Const, frame: Frame) -> None:
+        val = node.as_const(frame.eval_ctx)
+        if isinstance(val, float):
+            self.write(str(val))
+        else:
+            self.write(repr(val))
+
+    def visit_TemplateData(self, node: nodes.TemplateData, frame: Frame) -> None:
+        try:
+            self.write(repr(node.as_const(frame.eval_ctx)))
+        except nodes.Impossible:
+            self.write(
+                f"(Markup if context.eval_ctx.autoescape else identity)({node.data!r})"
+            )
+
+    def visit_Tuple(self, node: nodes.Tuple, frame: Frame) -> None:
+        self.write("(")
+        idx = -1
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write(",)" if idx == 0 else ")")
+
+    def visit_List(self, node: nodes.List, frame: Frame) -> None:
+        self.write("[")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write("]")
+
+    def visit_Dict(self, node: nodes.Dict, frame: Frame) -> None:
+        self.write("{")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item.key, frame)
+            self.write(": ")
+            self.visit(item.value, frame)
+        self.write("}")
+
+    visit_Add = _make_binop("+")
+    visit_Sub = _make_binop("-")
+    visit_Mul = _make_binop("*")
+    visit_Div = _make_binop("/")
+    visit_FloorDiv = _make_binop("//")
+    visit_Pow = _make_binop("**")
+    visit_Mod = _make_binop("%")
+    visit_And = _make_binop("and")
+    visit_Or = _make_binop("or")
+    visit_Pos = _make_unop("+")
+    visit_Neg = _make_unop("-")
+    visit_Not = _make_unop("not ")
+
+    @optimizeconst
+    def visit_Concat(self, node: nodes.Concat, frame: Frame) -> None:
+        if frame.eval_ctx.volatile:
+            func_name = "(markup_join if context.eval_ctx.volatile else str_join)"
+        elif frame.eval_ctx.autoescape:
+            func_name = "markup_join"
+        else:
+            func_name = "str_join"
+        self.write(f"{func_name}((")
+        for arg in node.nodes:
+            self.visit(arg, frame)
+            self.write(", ")
+        self.write("))")
+
+    @optimizeconst
+    def visit_Compare(self, node: nodes.Compare, frame: Frame) -> None:
+        self.write("(")
+        self.visit(node.expr, frame)
+        for op in node.ops:
+            self.visit(op, frame)
+        self.write(")")
+
+    def visit_Operand(self, node: nodes.Operand, frame: Frame) -> None:
+        self.write(f" {operators[node.op]} ")
+        self.visit(node.expr, frame)
+
+    @optimizeconst
+    def visit_Getattr(self, node: nodes.Getattr, frame: Frame) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        self.write("environment.getattr(")
+        self.visit(node.node, frame)
+        self.write(f", {node.attr!r})")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Getitem(self, node: nodes.Getitem, frame: Frame) -> None:
+        # slices bypass the environment getitem method.
+        if isinstance(node.arg, nodes.Slice):
+            self.visit(node.node, frame)
+            self.write("[")
+            self.visit(node.arg, frame)
+            self.write("]")
+        else:
+            if self.environment.is_async:
+                self.write("(await auto_await(")
+
+            self.write("environment.getitem(")
+            self.visit(node.node, frame)
+            self.write(", ")
+            self.visit(node.arg, frame)
+            self.write(")")
+
+            if self.environment.is_async:
+                self.write("))")
+
+    def visit_Slice(self, node: nodes.Slice, frame: Frame) -> None:
+        if node.start is not None:
+            self.visit(node.start, frame)
+        self.write(":")
+        if node.stop is not None:
+            self.visit(node.stop, frame)
+        if node.step is not None:
+            self.write(":")
+            self.visit(node.step, frame)
+
+    @contextmanager
+    def _filter_test_common(
+        self, node: t.Union[nodes.Filter, nodes.Test], frame: Frame, is_filter: bool
+    ) -> t.Iterator[None]:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        if is_filter:
+            self.write(f"{self.filters[node.name]}(")
+            func = self.environment.filters.get(node.name)
+        else:
+            self.write(f"{self.tests[node.name]}(")
+            func = self.environment.tests.get(node.name)
+
+        # When inside an If or CondExpr frame, allow the filter to be
+        # undefined at compile time and only raise an error if it's
+        # actually called at runtime. See pull_dependencies.
+        if func is None and not frame.soft_frame:
+            type_name = "filter" if is_filter else "test"
+            self.fail(f"No {type_name} named {node.name!r}.", node.lineno)
+
+        pass_arg = {
+            _PassArg.context: "context",
+            _PassArg.eval_context: "context.eval_ctx",
+            _PassArg.environment: "environment",
+        }.get(
+            _PassArg.from_obj(func)  # type: ignore
+        )
+
+        if pass_arg is not None:
+            self.write(f"{pass_arg}, ")
+
+        # Back to the visitor function to handle visiting the target of
+        # the filter or test.
+        yield
+
+        self.signature(node, frame)
+        self.write(")")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Filter(self, node: nodes.Filter, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, True):
+            # if the filter node is None we are inside a filter block
+            # and want to write to the current buffer
+            if node.node is not None:
+                self.visit(node.node, frame)
+            elif frame.eval_ctx.volatile:
+                self.write(
+                    f"(Markup(concat({frame.buffer}))"
+                    f" if context.eval_ctx.autoescape else concat({frame.buffer}))"
+                )
+            elif frame.eval_ctx.autoescape:
+                self.write(f"Markup(concat({frame.buffer}))")
+            else:
+                self.write(f"concat({frame.buffer})")
+
+    @optimizeconst
+    def visit_Test(self, node: nodes.Test, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, False):
+            self.visit(node.node, frame)
+
+    @optimizeconst
+    def visit_CondExpr(self, node: nodes.CondExpr, frame: Frame) -> None:
+        frame = frame.soft()
+
+        def write_expr2() -> None:
+            if node.expr2 is not None:
+                self.visit(node.expr2, frame)
+                return
+
+            self.write(
+                f'cond_expr_undefined("the inline if-expression on'
+                f" {self.position(node)} evaluated to false and no else"
+                f' section was defined.")'
+            )
+
+        self.write("(")
+        self.visit(node.expr1, frame)
+        self.write(" if ")
+        self.visit(node.test, frame)
+        self.write(" else ")
+        write_expr2()
+        self.write(")")
+
+    @optimizeconst
+    def visit_Call(
+        self, node: nodes.Call, frame: Frame, forward_caller: bool = False
+    ) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+        if self.environment.sandboxed:
+            self.write("environment.call(context, ")
+        else:
+            self.write("context.call(")
+        self.visit(node.node, frame)
+        extra_kwargs = {"caller": "caller"} if forward_caller else None
+        loop_kwargs = {"_loop_vars": "_loop_vars"} if frame.loop_frame else {}
+        block_kwargs = {"_block_vars": "_block_vars"} if frame.block_frame else {}
+        if extra_kwargs:
+            extra_kwargs.update(loop_kwargs, **block_kwargs)
+        elif loop_kwargs or block_kwargs:
+            extra_kwargs = dict(loop_kwargs, **block_kwargs)
+        self.signature(node, frame, extra_kwargs)
+        self.write(")")
+        if self.environment.is_async:
+            self.write("))")
+
+    def visit_Keyword(self, node: nodes.Keyword, frame: Frame) -> None:
+        self.write(node.key + "=")
+        self.visit(node.value, frame)
+
+    # -- Unused nodes for extensions
+
+    def visit_MarkSafe(self, node: nodes.MarkSafe, frame: Frame) -> None:
+        self.write("Markup(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_MarkSafeIfAutoescape(
+        self, node: nodes.MarkSafeIfAutoescape, frame: Frame
+    ) -> None:
+        self.write("(Markup if context.eval_ctx.autoescape else identity)(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_EnvironmentAttribute(
+        self, node: nodes.EnvironmentAttribute, frame: Frame
+    ) -> None:
+        self.write("environment." + node.name)
+
+    def visit_ExtensionAttribute(
+        self, node: nodes.ExtensionAttribute, frame: Frame
+    ) -> None:
+        self.write(f"environment.extensions[{node.identifier!r}].{node.name}")
+
+    def visit_ImportedName(self, node: nodes.ImportedName, frame: Frame) -> None:
+        self.write(self.import_aliases[node.importname])
+
+    def visit_InternalName(self, node: nodes.InternalName, frame: Frame) -> None:
+        self.write(node.name)
+
+    def visit_ContextReference(
+        self, node: nodes.ContextReference, frame: Frame
+    ) -> None:
+        self.write("context")
+
+    def visit_DerivedContextReference(
+        self, node: nodes.DerivedContextReference, frame: Frame
+    ) -> None:
+        self.write(self.derive_context(frame))
+
+    def visit_Continue(self, node: nodes.Continue, frame: Frame) -> None:
+        self.writeline("continue", node)
+
+    def visit_Break(self, node: nodes.Break, frame: Frame) -> None:
+        self.writeline("break", node)
+
+    def visit_Scope(self, node: nodes.Scope, frame: Frame) -> None:
+        scope_frame = frame.inner()
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, frame: Frame) -> None:
+        ctx = self.temporary_identifier()
+        self.writeline(f"{ctx} = {self.derive_context(frame)}")
+        self.writeline(f"{ctx}.vars = ")
+        self.visit(node.context, frame)
+        self.push_context_reference(ctx)
+
+        scope_frame = frame.inner(isolated=True)
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+        self.pop_context_reference()
+
+    def visit_EvalContextModifier(
+        self, node: nodes.EvalContextModifier, frame: Frame
+    ) -> None:
+        for keyword in node.options:
+            self.writeline(f"context.eval_ctx.{keyword.key} = ")
+            self.visit(keyword.value, frame)
+            try:
+                val = keyword.value.as_const(frame.eval_ctx)
+            except nodes.Impossible:
+                frame.eval_ctx.volatile = True
+            else:
+                setattr(frame.eval_ctx, keyword.key, val)
+
+    def visit_ScopedEvalContextModifier(
+        self, node: nodes.ScopedEvalContextModifier, frame: Frame
+    ) -> None:
+        old_ctx_name = self.temporary_identifier()
+        saved_ctx = frame.eval_ctx.save()
+        self.writeline(f"{old_ctx_name} = context.eval_ctx.save()")
+        self.visit_EvalContextModifier(node, frame)
+        for child in node.body:
+            self.visit(child, frame)
+        frame.eval_ctx.revert(saved_ctx)
+        self.writeline(f"context.eval_ctx.revert({old_ctx_name})")
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/constants.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/constants.py
new file mode 100644
index 000000000..41a1c23b0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/constants.py
@@ -0,0 +1,20 @@
+#: list of lorem ipsum words used by the lipsum() helper function
+LOREM_IPSUM_WORDS = """\
+a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at
+auctor augue bibendum blandit class commodo condimentum congue consectetuer
+consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus
+diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend
+elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames
+faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac
+hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum
+justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem
+luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie
+mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non
+nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque
+penatibus per pharetra phasellus placerat platea porta porttitor posuere
+potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus
+ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit
+sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor
+tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices
+ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus
+viverra volutpat vulputate"""
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/debug.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/debug.py
new file mode 100644
index 000000000..7ed7e9297
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/debug.py
@@ -0,0 +1,191 @@
+import sys
+import typing as t
+from types import CodeType
+from types import TracebackType
+
+from .exceptions import TemplateSyntaxError
+from .utils import internal_code
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    from .runtime import Context
+
+
+def rewrite_traceback_stack(source: t.Optional[str] = None) -> BaseException:
+    """Rewrite the current exception to replace any tracebacks from
+    within compiled template code with tracebacks that look like they
+    came from the template source.
+
+    This must be called within an ``except`` block.
+
+    :param source: For ``TemplateSyntaxError``, the original source if
+        known.
+    :return: The original exception with the rewritten traceback.
+    """
+    _, exc_value, tb = sys.exc_info()
+    exc_value = t.cast(BaseException, exc_value)
+    tb = t.cast(TracebackType, tb)
+
+    if isinstance(exc_value, TemplateSyntaxError) and not exc_value.translated:
+        exc_value.translated = True
+        exc_value.source = source
+        # Remove the old traceback, otherwise the frames from the
+        # compiler still show up.
+        exc_value.with_traceback(None)
+        # Outside of runtime, so the frame isn't executing template
+        # code, but it still needs to point at the template.
+        tb = fake_traceback(
+            exc_value, None, exc_value.filename or "<unknown>", exc_value.lineno
+        )
+    else:
+        # Skip the frame for the render function.
+        tb = tb.tb_next
+
+    stack = []
+
+    # Build the stack of traceback object, replacing any in template
+    # code with the source file and line information.
+    while tb is not None:
+        # Skip frames decorated with @internalcode. These are internal
+        # calls that aren't useful in template debugging output.
+        if tb.tb_frame.f_code in internal_code:
+            tb = tb.tb_next
+            continue
+
+        template = tb.tb_frame.f_globals.get("__jinja_template__")
+
+        if template is not None:
+            lineno = template.get_corresponding_lineno(tb.tb_lineno)
+            fake_tb = fake_traceback(exc_value, tb, template.filename, lineno)
+            stack.append(fake_tb)
+        else:
+            stack.append(tb)
+
+        tb = tb.tb_next
+
+    tb_next = None
+
+    # Assign tb_next in reverse to avoid circular references.
+    for tb in reversed(stack):
+        tb.tb_next = tb_next
+        tb_next = tb
+
+    return exc_value.with_traceback(tb_next)
+
+
+def fake_traceback(  # type: ignore
+    exc_value: BaseException, tb: t.Optional[TracebackType], filename: str, lineno: int
+) -> TracebackType:
+    """Produce a new traceback object that looks like it came from the
+    template source instead of the compiled code. The filename, line
+    number, and location name will point to the template, and the local
+    variables will be the current template context.
+
+    :param exc_value: The original exception to be re-raised to create
+        the new traceback.
+    :param tb: The original traceback to get the local variables and
+        code info from.
+    :param filename: The template filename.
+    :param lineno: The line number in the template source.
+    """
+    if tb is not None:
+        # Replace the real locals with the context that would be
+        # available at that point in the template.
+        locals = get_template_locals(tb.tb_frame.f_locals)
+        locals.pop("__jinja_exception__", None)
+    else:
+        locals = {}
+
+    globals = {
+        "__name__": filename,
+        "__file__": filename,
+        "__jinja_exception__": exc_value,
+    }
+    # Raise an exception at the correct line number.
+    code: CodeType = compile(
+        "\n" * (lineno - 1) + "raise __jinja_exception__", filename, "exec"
+    )
+
+    # Build a new code object that points to the template file and
+    # replaces the location with a block name.
+    location = "template"
+
+    if tb is not None:
+        function = tb.tb_frame.f_code.co_name
+
+        if function == "root":
+            location = "top-level template code"
+        elif function.startswith("block_"):
+            location = f"block {function[6:]!r}"
+
+    if sys.version_info >= (3, 8):
+        code = code.replace(co_name=location)
+    else:
+        code = CodeType(
+            code.co_argcount,
+            code.co_kwonlyargcount,
+            code.co_nlocals,
+            code.co_stacksize,
+            code.co_flags,
+            code.co_code,
+            code.co_consts,
+            code.co_names,
+            code.co_varnames,
+            code.co_filename,
+            location,
+            code.co_firstlineno,
+            code.co_lnotab,
+            code.co_freevars,
+            code.co_cellvars,
+        )
+
+    # Execute the new code, which is guaranteed to raise, and return
+    # the new traceback without this frame.
+    try:
+        exec(code, globals, locals)
+    except BaseException:
+        return sys.exc_info()[2].tb_next  # type: ignore
+
+
+def get_template_locals(real_locals: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    """Based on the runtime locals, get the context that would be
+    available at that point in the template.
+    """
+    # Start with the current template context.
+    ctx: "t.Optional[Context]" = real_locals.get("context")
+
+    if ctx is not None:
+        data: t.Dict[str, t.Any] = ctx.get_all().copy()
+    else:
+        data = {}
+
+    # Might be in a derived context that only sets local variables
+    # rather than pushing a context. Local variables follow the scheme
+    # l_depth_name. Find the highest-depth local that has a value for
+    # each name.
+    local_overrides: t.Dict[str, t.Tuple[int, t.Any]] = {}
+
+    for name, value in real_locals.items():
+        if not name.startswith("l_") or value is missing:
+            # Not a template variable, or no longer relevant.
+            continue
+
+        try:
+            _, depth_str, name = name.split("_", 2)
+            depth = int(depth_str)
+        except ValueError:
+            continue
+
+        cur_depth = local_overrides.get(name, (-1,))[0]
+
+        if cur_depth < depth:
+            local_overrides[name] = (depth, value)
+
+    # Modify the context with any derived context.
+    for name, (_, value) in local_overrides.items():
+        if value is missing:
+            data.pop(name, None)
+        else:
+            data[name] = value
+
+    return data
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/defaults.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/defaults.py
new file mode 100644
index 000000000..638cad3d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/defaults.py
@@ -0,0 +1,48 @@
+import typing as t
+
+from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
+from .tests import TESTS as DEFAULT_TESTS  # noqa: F401
+from .utils import Cycler
+from .utils import generate_lorem_ipsum
+from .utils import Joiner
+from .utils import Namespace
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+# defaults for the parser / lexer
+BLOCK_START_STRING = "{%"
+BLOCK_END_STRING = "%}"
+VARIABLE_START_STRING = "{{"
+VARIABLE_END_STRING = "}}"
+COMMENT_START_STRING = "{#"
+COMMENT_END_STRING = "#}"
+LINE_STATEMENT_PREFIX: t.Optional[str] = None
+LINE_COMMENT_PREFIX: t.Optional[str] = None
+TRIM_BLOCKS = False
+LSTRIP_BLOCKS = False
+NEWLINE_SEQUENCE: "te.Literal['\\n', '\\r\\n', '\\r']" = "\n"
+KEEP_TRAILING_NEWLINE = False
+
+# default filters, tests and namespace
+
+DEFAULT_NAMESPACE = {
+    "range": range,
+    "dict": dict,
+    "lipsum": generate_lorem_ipsum,
+    "cycler": Cycler,
+    "joiner": Joiner,
+    "namespace": Namespace,
+}
+
+# default policies
+DEFAULT_POLICIES: t.Dict[str, t.Any] = {
+    "compiler.ascii_str": True,
+    "urlize.rel": "noopener",
+    "urlize.target": None,
+    "urlize.extra_schemes": None,
+    "truncate.leeway": 5,
+    "json.dumps_function": None,
+    "json.dumps_kwargs": {"sort_keys": True},
+    "ext.i18n.trimmed": False,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/environment.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/environment.py
new file mode 100644
index 000000000..1d3be0bed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/environment.py
@@ -0,0 +1,1675 @@
+"""Classes for managing templates and their runtime and compile time
+options.
+"""
+
+import os
+import typing
+import typing as t
+import weakref
+from collections import ChainMap
+from functools import lru_cache
+from functools import partial
+from functools import reduce
+from types import CodeType
+
+from markupsafe import Markup
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import generate
+from .defaults import BLOCK_END_STRING
+from .defaults import BLOCK_START_STRING
+from .defaults import COMMENT_END_STRING
+from .defaults import COMMENT_START_STRING
+from .defaults import DEFAULT_FILTERS  # type: ignore[attr-defined]
+from .defaults import DEFAULT_NAMESPACE
+from .defaults import DEFAULT_POLICIES
+from .defaults import DEFAULT_TESTS  # type: ignore[attr-defined]
+from .defaults import KEEP_TRAILING_NEWLINE
+from .defaults import LINE_COMMENT_PREFIX
+from .defaults import LINE_STATEMENT_PREFIX
+from .defaults import LSTRIP_BLOCKS
+from .defaults import NEWLINE_SEQUENCE
+from .defaults import TRIM_BLOCKS
+from .defaults import VARIABLE_END_STRING
+from .defaults import VARIABLE_START_STRING
+from .exceptions import TemplateNotFound
+from .exceptions import TemplateRuntimeError
+from .exceptions import TemplatesNotFound
+from .exceptions import TemplateSyntaxError
+from .exceptions import UndefinedError
+from .lexer import get_lexer
+from .lexer import Lexer
+from .lexer import TokenStream
+from .nodes import EvalContext
+from .parser import Parser
+from .runtime import Context
+from .runtime import new_context
+from .runtime import Undefined
+from .utils import _PassArg
+from .utils import concat
+from .utils import consume
+from .utils import import_string
+from .utils import internalcode
+from .utils import LRUCache
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .bccache import BytecodeCache
+    from .ext import Extension
+    from .loaders import BaseLoader
+
+_env_bound = t.TypeVar("_env_bound", bound="Environment")
+
+
+# for direct template usage we have up to ten living environments
+@lru_cache(maxsize=10)
+def get_spontaneous_environment(cls: t.Type[_env_bound], *args: t.Any) -> _env_bound:
+    """Return a new spontaneous environment. A spontaneous environment
+    is used for templates created directly rather than through an
+    existing environment.
+
+    :param cls: Environment class to create.
+    :param args: Positional arguments passed to environment.
+    """
+    env = cls(*args)
+    env.shared = True
+    return env
+
+
+def create_cache(
+    size: int,
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Return the cache class for the given size."""
+    if size == 0:
+        return None
+
+    if size < 0:
+        return {}
+
+    return LRUCache(size)  # type: ignore
+
+
+def copy_cache(
+    cache: t.Optional[t.MutableMapping[t.Any, t.Any]],
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Create an empty copy of the given cache."""
+    if cache is None:
+        return None
+
+    if type(cache) is dict:  # noqa E721
+        return {}
+
+    return LRUCache(cache.capacity)  # type: ignore
+
+
+def load_extensions(
+    environment: "Environment",
+    extensions: t.Sequence[t.Union[str, t.Type["Extension"]]],
+) -> t.Dict[str, "Extension"]:
+    """Load the extensions from the list and bind it to the environment.
+    Returns a dict of instantiated extensions.
+    """
+    result = {}
+
+    for extension in extensions:
+        if isinstance(extension, str):
+            extension = t.cast(t.Type["Extension"], import_string(extension))
+
+        result[extension.identifier] = extension(environment)
+
+    return result
+
+
+def _environment_config_check(environment: "Environment") -> "Environment":
+    """Perform a sanity check on the environment."""
+    assert issubclass(
+        environment.undefined, Undefined
+    ), "'undefined' must be a subclass of 'jinja2.Undefined'."
+    assert (
+        environment.block_start_string
+        != environment.variable_start_string
+        != environment.comment_start_string
+    ), "block, variable and comment start strings must be different."
+    assert environment.newline_sequence in {
+        "\r",
+        "\r\n",
+        "\n",
+    }, "'newline_sequence' must be one of '\\n', '\\r\\n', or '\\r'."
+    return environment
+
+
+class Environment:
+    r"""The core component of Jinja is the `Environment`.  It contains
+    important shared variables like configuration, filters, tests,
+    globals and others.  Instances of this class may be modified if
+    they are not shared and if no template was loaded so far.
+    Modifications on environments after the first template was loaded
+    will lead to surprising effects and undefined behavior.
+
+    Here are the possible initialization parameters:
+
+        `block_start_string`
+            The string marking the beginning of a block.  Defaults to ``'{%'``.
+
+        `block_end_string`
+            The string marking the end of a block.  Defaults to ``'%}'``.
+
+        `variable_start_string`
+            The string marking the beginning of a print statement.
+            Defaults to ``'{{'``.
+
+        `variable_end_string`
+            The string marking the end of a print statement.  Defaults to
+            ``'}}'``.
+
+        `comment_start_string`
+            The string marking the beginning of a comment.  Defaults to ``'{#'``.
+
+        `comment_end_string`
+            The string marking the end of a comment.  Defaults to ``'#}'``.
+
+        `line_statement_prefix`
+            If given and a string, this will be used as prefix for line based
+            statements.  See also :ref:`line-statements`.
+
+        `line_comment_prefix`
+            If given and a string, this will be used as prefix for line based
+            comments.  See also :ref:`line-statements`.
+
+            .. versionadded:: 2.2
+
+        `trim_blocks`
+            If this is set to ``True`` the first newline after a block is
+            removed (block, not variable tag!).  Defaults to `False`.
+
+        `lstrip_blocks`
+            If this is set to ``True`` leading spaces and tabs are stripped
+            from the start of a line to a block.  Defaults to `False`.
+
+        `newline_sequence`
+            The sequence that starts a newline.  Must be one of ``'\r'``,
+            ``'\n'`` or ``'\r\n'``.  The default is ``'\n'`` which is a
+            useful default for Linux and OS X systems as well as web
+            applications.
+
+        `keep_trailing_newline`
+            Preserve the trailing newline when rendering templates.
+            The default is ``False``, which causes a single newline,
+            if present, to be stripped from the end of the template.
+
+            .. versionadded:: 2.7
+
+        `extensions`
+            List of Jinja extensions to use.  This can either be import paths
+            as strings or extension classes.  For more information have a
+            look at :ref:`the extensions documentation <jinja-extensions>`.
+
+        `optimized`
+            should the optimizer be enabled?  Default is ``True``.
+
+        `undefined`
+            :class:`Undefined` or a subclass of it that is used to represent
+            undefined values in the template.
+
+        `finalize`
+            A callable that can be used to process the result of a variable
+            expression before it is output.  For example one can convert
+            ``None`` implicitly into an empty string here.
+
+        `autoescape`
+            If set to ``True`` the XML/HTML autoescaping feature is enabled by
+            default.  For more details about autoescaping see
+            :class:`~markupsafe.Markup`.  As of Jinja 2.4 this can also
+            be a callable that is passed the template name and has to
+            return ``True`` or ``False`` depending on autoescape should be
+            enabled by default.
+
+            .. versionchanged:: 2.4
+               `autoescape` can now be a function
+
+        `loader`
+            The template loader for this environment.
+
+        `cache_size`
+            The size of the cache.  Per default this is ``400`` which means
+            that if more than 400 templates are loaded the loader will clean
+            out the least recently used template.  If the cache size is set to
+            ``0`` templates are recompiled all the time, if the cache size is
+            ``-1`` the cache will not be cleaned.
+
+            .. versionchanged:: 2.8
+               The cache size was increased to 400 from a low 50.
+
+        `auto_reload`
+            Some loaders load templates from locations where the template
+            sources may change (ie: file system or database).  If
+            ``auto_reload`` is set to ``True`` (default) every time a template is
+            requested the loader checks if the source changed and if yes, it
+            will reload the template.  For higher performance it's possible to
+            disable that.
+
+        `bytecode_cache`
+            If set to a bytecode cache object, this object will provide a
+            cache for the internal Jinja bytecode so that templates don't
+            have to be parsed if they were not changed.
+
+            See :ref:`bytecode-cache` for more information.
+
+        `enable_async`
+            If set to true this enables async template execution which
+            allows using async functions and generators.
+    """
+
+    #: if this environment is sandboxed.  Modifying this variable won't make
+    #: the environment sandboxed though.  For a real sandboxed environment
+    #: have a look at jinja2.sandbox.  This flag alone controls the code
+    #: generation by the compiler.
+    sandboxed = False
+
+    #: True if the environment is just an overlay
+    overlayed = False
+
+    #: the environment this environment is linked to if it is an overlay
+    linked_to: t.Optional["Environment"] = None
+
+    #: shared environments have this set to `True`.  A shared environment
+    #: must not be modified
+    shared = False
+
+    #: the class that is used for code generation.  See
+    #: :class:`~jinja2.compiler.CodeGenerator` for more information.
+    code_generator_class: t.Type["CodeGenerator"] = CodeGenerator
+
+    concat = "".join
+
+    #: the context class that is used for templates.  See
+    #: :class:`~jinja2.runtime.Context` for more information.
+    context_class: t.Type[Context] = Context
+
+    template_class: t.Type["Template"]
+
+    def __init__(
+        self,
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        loader: t.Optional["BaseLoader"] = None,
+        cache_size: int = 400,
+        auto_reload: bool = True,
+        bytecode_cache: t.Optional["BytecodeCache"] = None,
+        enable_async: bool = False,
+    ):
+        # !!Important notice!!
+        #   The constructor accepts quite a few arguments that should be
+        #   passed by keyword rather than position.  However it's important to
+        #   not change the order of arguments because it's used at least
+        #   internally in those cases:
+        #       -   spontaneous environments (i18n extension and Template)
+        #       -   unittests
+        #   If parameter changes are required only add parameters at the end
+        #   and don't change the arguments (or the defaults!) of the arguments
+        #   existing already.
+
+        # lexer / parser information
+        self.block_start_string = block_start_string
+        self.block_end_string = block_end_string
+        self.variable_start_string = variable_start_string
+        self.variable_end_string = variable_end_string
+        self.comment_start_string = comment_start_string
+        self.comment_end_string = comment_end_string
+        self.line_statement_prefix = line_statement_prefix
+        self.line_comment_prefix = line_comment_prefix
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
+        self.newline_sequence = newline_sequence
+        self.keep_trailing_newline = keep_trailing_newline
+
+        # runtime information
+        self.undefined: t.Type[Undefined] = undefined
+        self.optimized = optimized
+        self.finalize = finalize
+        self.autoescape = autoescape
+
+        # defaults
+        self.filters = DEFAULT_FILTERS.copy()
+        self.tests = DEFAULT_TESTS.copy()
+        self.globals = DEFAULT_NAMESPACE.copy()
+
+        # set the loader provided
+        self.loader = loader
+        self.cache = create_cache(cache_size)
+        self.bytecode_cache = bytecode_cache
+        self.auto_reload = auto_reload
+
+        # configurable policies
+        self.policies = DEFAULT_POLICIES.copy()
+
+        # load extensions
+        self.extensions = load_extensions(self, extensions)
+
+        self.is_async = enable_async
+        _environment_config_check(self)
+
+    def add_extension(self, extension: t.Union[str, t.Type["Extension"]]) -> None:
+        """Adds an extension after the environment was created.
+
+        .. versionadded:: 2.5
+        """
+        self.extensions.update(load_extensions(self, [extension]))
+
+    def extend(self, **attributes: t.Any) -> None:
+        """Add the items to the instance of the environment if they do not exist
+        yet.  This is used by :ref:`extensions <writing-extensions>` to register
+        callbacks and configuration values without breaking inheritance.
+        """
+        for key, value in attributes.items():
+            if not hasattr(self, key):
+                setattr(self, key, value)
+
+    def overlay(
+        self,
+        block_start_string: str = missing,
+        block_end_string: str = missing,
+        variable_start_string: str = missing,
+        variable_end_string: str = missing,
+        comment_start_string: str = missing,
+        comment_end_string: str = missing,
+        line_statement_prefix: t.Optional[str] = missing,
+        line_comment_prefix: t.Optional[str] = missing,
+        trim_blocks: bool = missing,
+        lstrip_blocks: bool = missing,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = missing,
+        keep_trailing_newline: bool = missing,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = missing,
+        optimized: bool = missing,
+        undefined: t.Type[Undefined] = missing,
+        finalize: t.Optional[t.Callable[..., t.Any]] = missing,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = missing,
+        loader: t.Optional["BaseLoader"] = missing,
+        cache_size: int = missing,
+        auto_reload: bool = missing,
+        bytecode_cache: t.Optional["BytecodeCache"] = missing,
+        enable_async: bool = False,
+    ) -> "Environment":
+        """Create a new overlay environment that shares all the data with the
+        current environment except for cache and the overridden attributes.
+        Extensions cannot be removed for an overlayed environment.  An overlayed
+        environment automatically gets all the extensions of the environment it
+        is linked to plus optional extra extensions.
+
+        Creating overlays should happen after the initial environment was set
+        up completely.  Not all attributes are truly linked, some are just
+        copied over so modifications on the original environment may not shine
+        through.
+
+        .. versionchanged:: 3.1.2
+            Added the ``newline_sequence``,, ``keep_trailing_newline``,
+            and ``enable_async`` parameters to match ``__init__``.
+        """
+        args = dict(locals())
+        del args["self"], args["cache_size"], args["extensions"], args["enable_async"]
+
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.overlayed = True
+        rv.linked_to = self
+
+        for key, value in args.items():
+            if value is not missing:
+                setattr(rv, key, value)
+
+        if cache_size is not missing:
+            rv.cache = create_cache(cache_size)
+        else:
+            rv.cache = copy_cache(self.cache)
+
+        rv.extensions = {}
+        for key, value in self.extensions.items():
+            rv.extensions[key] = value.bind(rv)
+        if extensions is not missing:
+            rv.extensions.update(load_extensions(rv, extensions))
+
+        if enable_async is not missing:
+            rv.is_async = enable_async
+
+        return _environment_config_check(rv)
+
+    @property
+    def lexer(self) -> Lexer:
+        """The lexer for this environment."""
+        return get_lexer(self)
+
+    def iter_extensions(self) -> t.Iterator["Extension"]:
+        """Iterates over the extensions by priority."""
+        return iter(sorted(self.extensions.values(), key=lambda x: x.priority))
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Get an item or attribute of an object but prefer the item."""
+        try:
+            return obj[argument]
+        except (AttributeError, TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        return getattr(obj, attr)
+                    except AttributeError:
+                        pass
+            return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Any:
+        """Get an item or attribute of an object but prefer the attribute.
+        Unlike :meth:`getitem` the attribute *must* be a string.
+        """
+        try:
+            return getattr(obj, attribute)
+        except AttributeError:
+            pass
+        try:
+            return obj[attribute]
+        except (TypeError, LookupError, AttributeError):
+            return self.undefined(obj=obj, name=attribute)
+
+    def _filter_test_common(
+        self,
+        name: t.Union[str, Undefined],
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]],
+        kwargs: t.Optional[t.Mapping[str, t.Any]],
+        context: t.Optional[Context],
+        eval_ctx: t.Optional[EvalContext],
+        is_filter: bool,
+    ) -> t.Any:
+        if is_filter:
+            env_map = self.filters
+            type_name = "filter"
+        else:
+            env_map = self.tests
+            type_name = "test"
+
+        func = env_map.get(name)  # type: ignore
+
+        if func is None:
+            msg = f"No {type_name} named {name!r}."
+
+            if isinstance(name, Undefined):
+                try:
+                    name._fail_with_undefined_error()
+                except Exception as e:
+                    msg = f"{msg} ({e}; did you forget to quote the callable name?)"
+
+            raise TemplateRuntimeError(msg)
+
+        args = [value, *(args if args is not None else ())]
+        kwargs = kwargs if kwargs is not None else {}
+        pass_arg = _PassArg.from_obj(func)
+
+        if pass_arg is _PassArg.context:
+            if context is None:
+                raise TemplateRuntimeError(
+                    f"Attempted to invoke a context {type_name} without context."
+                )
+
+            args.insert(0, context)
+        elif pass_arg is _PassArg.eval_context:
+            if eval_ctx is None:
+                if context is not None:
+                    eval_ctx = context.eval_ctx
+                else:
+                    eval_ctx = EvalContext(self)
+
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, self)
+
+        return func(*args, **kwargs)
+
+    def call_filter(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a filter on a value the same way the compiler does.
+
+        This might return a coroutine if the filter is running from an
+        environment in async mode and the filter supports async
+        execution. It's your responsibility to await this if needed.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, True
+        )
+
+    def call_test(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a test on a value the same way the compiler does.
+
+        This might return a coroutine if the test is running from an
+        environment in async mode and the test supports async execution.
+        It's your responsibility to await this if needed.
+
+        .. versionchanged:: 3.0
+            Tests support ``@pass_context``, etc. decorators. Added
+            the ``context`` and ``eval_ctx`` parameters.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, False
+        )
+
+    @internalcode
+    def parse(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> nodes.Template:
+        """Parse the sourcecode and return the abstract syntax tree.  This
+        tree of nodes is used by the compiler to convert the template into
+        executable source- or bytecode.  This is useful for debugging or to
+        extract information from templates.
+
+        If you are :ref:`developing Jinja extensions <writing-extensions>`
+        this gives you a good overview of the node tree generated.
+        """
+        try:
+            return self._parse(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def _parse(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str]
+    ) -> nodes.Template:
+        """Internal parsing function used by `parse` and `compile`."""
+        return Parser(self, source, name, filename).parse()
+
+    def lex(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """Lex the given sourcecode and return a generator that yields
+        tokens as tuples in the form ``(lineno, token_type, value)``.
+        This can be useful for :ref:`extension development <writing-extensions>`
+        and debugging templates.
+
+        This does not perform preprocessing.  If you want the preprocessing
+        of the extensions to be applied you have to filter source through
+        the :meth:`preprocess` method.
+        """
+        source = str(source)
+        try:
+            return self.lexer.tokeniter(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def preprocess(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> str:
+        """Preprocesses the source with all extensions.  This is automatically
+        called for all parsing and compiling methods but *not* for :meth:`lex`
+        because there you usually only want the actual source tokenized.
+        """
+        return reduce(
+            lambda s, e: e.preprocess(s, name, filename),
+            self.iter_extensions(),
+            str(source),
+        )
+
+    def _tokenize(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Called by the parser to do the preprocessing and filtering
+        for all the extensions.  Returns a :class:`~jinja2.lexer.TokenStream`.
+        """
+        source = self.preprocess(source, name, filename)
+        stream = self.lexer.tokenize(source, name, filename, state)
+
+        for ext in self.iter_extensions():
+            stream = ext.filter_stream(stream)  # type: ignore
+
+            if not isinstance(stream, TokenStream):
+                stream = TokenStream(stream, name, filename)
+
+        return stream
+
+    def _generate(
+        self,
+        source: nodes.Template,
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        defer_init: bool = False,
+    ) -> str:
+        """Internal hook that can be overridden to hook a different generate
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return generate(  # type: ignore
+            source,
+            self,
+            name,
+            filename,
+            defer_init=defer_init,
+            optimized=self.optimized,
+        )
+
+    def _compile(self, source: str, filename: str) -> CodeType:
+        """Internal hook that can be overridden to hook a different compile
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return compile(source, filename, "exec")
+
+    @typing.overload
+    def compile(  # type: ignore
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[False]" = False,
+        defer_init: bool = False,
+    ) -> CodeType: ...
+
+    @typing.overload
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[True]" = ...,
+        defer_init: bool = False,
+    ) -> str: ...
+
+    @internalcode
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: bool = False,
+        defer_init: bool = False,
+    ) -> t.Union[str, CodeType]:
+        """Compile a node or template source code.  The `name` parameter is
+        the load name of the template after it was joined using
+        :meth:`join_path` if necessary, not the filename on the file system.
+        the `filename` parameter is the estimated filename of the template on
+        the file system.  If the template came from a database or memory this
+        can be omitted.
+
+        The return value of this method is a python code object.  If the `raw`
+        parameter is `True` the return value will be a string with python
+        code equivalent to the bytecode returned otherwise.  This method is
+        mainly used internally.
+
+        `defer_init` is use internally to aid the module code generator.  This
+        causes the generated code to be able to import without the global
+        environment variable to be set.
+
+        .. versionadded:: 2.4
+           `defer_init` parameter added.
+        """
+        source_hint = None
+        try:
+            if isinstance(source, str):
+                source_hint = source
+                source = self._parse(source, name, filename)
+            source = self._generate(source, name, filename, defer_init=defer_init)
+            if raw:
+                return source
+            if filename is None:
+                filename = "<template>"
+            return self._compile(source, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source_hint)
+
+    def compile_expression(
+        self, source: str, undefined_to_none: bool = True
+    ) -> "TemplateExpression":
+        """A handy helper method that returns a callable that accepts keyword
+        arguments that appear as variables in the expression.  If called it
+        returns the result of the expression.
+
+        This is useful if applications want to use the same rules as Jinja
+        in template "configuration files" or similar situations.
+
+        Example usage:
+
+        >>> env = Environment()
+        >>> expr = env.compile_expression('foo == 42')
+        >>> expr(foo=23)
+        False
+        >>> expr(foo=42)
+        True
+
+        Per default the return value is converted to `None` if the
+        expression returns an undefined value.  This can be changed
+        by setting `undefined_to_none` to `False`.
+
+        >>> env.compile_expression('var')() is None
+        True
+        >>> env.compile_expression('var', undefined_to_none=False)()
+        Undefined
+
+        .. versionadded:: 2.1
+        """
+        parser = Parser(self, source, state="variable")
+        try:
+            expr = parser.parse_expression()
+            if not parser.stream.eos:
+                raise TemplateSyntaxError(
+                    "chunk after expression", parser.stream.current.lineno, None, None
+                )
+            expr.set_environment(self)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+        body = [nodes.Assign(nodes.Name("result", "store"), expr, lineno=1)]
+        template = self.from_string(nodes.Template(body, lineno=1))
+        return TemplateExpression(template, undefined_to_none)
+
+    def compile_templates(
+        self,
+        target: t.Union[str, "os.PathLike[str]"],
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+        zip: t.Optional[str] = "deflated",
+        log_function: t.Optional[t.Callable[[str], None]] = None,
+        ignore_errors: bool = True,
+    ) -> None:
+        """Finds all the templates the loader can find, compiles them
+        and stores them in `target`.  If `zip` is `None`, instead of in a
+        zipfile, the templates will be stored in a directory.
+        By default a deflate zip algorithm is used. To switch to
+        the stored algorithm, `zip` can be set to ``'stored'``.
+
+        `extensions` and `filter_func` are passed to :meth:`list_templates`.
+        Each template returned will be compiled to the target folder or
+        zipfile.
+
+        By default template compilation errors are ignored.  In case a
+        log function is provided, errors are logged.  If you want template
+        syntax errors to abort the compilation you can set `ignore_errors`
+        to `False` and you will get an exception on syntax errors.
+
+        .. versionadded:: 2.4
+        """
+        from .loaders import ModuleLoader
+
+        if log_function is None:
+
+            def log_function(x: str) -> None:
+                pass
+
+        assert log_function is not None
+        assert self.loader is not None, "No loader configured."
+
+        def write_file(filename: str, data: str) -> None:
+            if zip:
+                info = ZipInfo(filename)
+                info.external_attr = 0o755 << 16
+                zip_file.writestr(info, data)
+            else:
+                with open(os.path.join(target, filename), "wb") as f:
+                    f.write(data.encode("utf8"))
+
+        if zip is not None:
+            from zipfile import ZIP_DEFLATED
+            from zipfile import ZIP_STORED
+            from zipfile import ZipFile
+            from zipfile import ZipInfo
+
+            zip_file = ZipFile(
+                target, "w", dict(deflated=ZIP_DEFLATED, stored=ZIP_STORED)[zip]
+            )
+            log_function(f"Compiling into Zip archive {target!r}")
+        else:
+            if not os.path.isdir(target):
+                os.makedirs(target)
+            log_function(f"Compiling into folder {target!r}")
+
+        try:
+            for name in self.list_templates(extensions, filter_func):
+                source, filename, _ = self.loader.get_source(self, name)
+                try:
+                    code = self.compile(source, name, filename, True, True)
+                except TemplateSyntaxError as e:
+                    if not ignore_errors:
+                        raise
+                    log_function(f'Could not compile "{name}": {e}')
+                    continue
+
+                filename = ModuleLoader.get_module_filename(name)
+
+                write_file(filename, code)
+                log_function(f'Compiled "{name}" as {filename}')
+        finally:
+            if zip:
+                zip_file.close()
+
+        log_function("Finished compiling templates")
+
+    def list_templates(
+        self,
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+    ) -> t.List[str]:
+        """Returns a list of templates for this environment.  This requires
+        that the loader supports the loader's
+        :meth:`~BaseLoader.list_templates` method.
+
+        If there are other files in the template folder besides the
+        actual templates, the returned list can be filtered.  There are two
+        ways: either `extensions` is set to a list of file extensions for
+        templates, or a `filter_func` can be provided which is a callable that
+        is passed a template name and should return `True` if it should end up
+        in the result list.
+
+        If the loader does not support that, a :exc:`TypeError` is raised.
+
+        .. versionadded:: 2.4
+        """
+        assert self.loader is not None, "No loader configured."
+        names = self.loader.list_templates()
+
+        if extensions is not None:
+            if filter_func is not None:
+                raise TypeError(
+                    "either extensions or filter_func can be passed, but not both"
+                )
+
+            def filter_func(x: str) -> bool:
+                return "." in x and x.rsplit(".", 1)[1] in extensions
+
+        if filter_func is not None:
+            names = [name for name in names if filter_func(name)]
+
+        return names
+
+    def handle_exception(self, source: t.Optional[str] = None) -> "te.NoReturn":
+        """Exception handling helper.  This is used internally to either raise
+        rewritten exceptions or return a rendered traceback for the template.
+        """
+        from .debug import rewrite_traceback_stack
+
+        raise rewrite_traceback_stack(source=source)
+
+    def join_path(self, template: str, parent: str) -> str:
+        """Join a template with the parent.  By default all the lookups are
+        relative to the loader root so this method returns the `template`
+        parameter unchanged, but if the paths should be relative to the
+        parent template, this function can be used to calculate the real
+        template name.
+
+        Subclasses may override this method and implement template path
+        joining here.
+        """
+        return template
+
+    @internalcode
+    def _load_template(
+        self, name: str, globals: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> "Template":
+        if self.loader is None:
+            raise TypeError("no loader for this environment specified")
+        cache_key = (weakref.ref(self.loader), name)
+        if self.cache is not None:
+            template = self.cache.get(cache_key)
+            if template is not None and (
+                not self.auto_reload or template.is_up_to_date
+            ):
+                # template.globals is a ChainMap, modifying it will only
+                # affect the template, not the environment globals.
+                if globals:
+                    template.globals.update(globals)
+
+                return template
+
+        template = self.loader.load(self, name, self.make_globals(globals))
+
+        if self.cache is not None:
+            self.cache[cache_key] = template
+        return template
+
+    @internalcode
+    def get_template(
+        self,
+        name: t.Union[str, "Template"],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Load a template by name with :attr:`loader` and return a
+        :class:`Template`. If the template does not exist a
+        :exc:`TemplateNotFound` exception is raised.
+
+        :param name: Name of the template to load. When loading
+            templates from the filesystem, "/" is used as the path
+            separator, even on Windows.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.4
+            If ``name`` is a :class:`Template` object it is returned
+            unchanged.
+        """
+        if isinstance(name, Template):
+            return name
+        if parent is not None:
+            name = self.join_path(name, parent)
+
+        return self._load_template(name, globals)
+
+    @internalcode
+    def select_template(
+        self,
+        names: t.Iterable[t.Union[str, "Template"]],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Like :meth:`get_template`, but tries loading multiple names.
+        If none of the names can be loaded a :exc:`TemplatesNotFound`
+        exception is raised.
+
+        :param names: List of template names to try loading in order.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.11
+            If ``names`` is :class:`Undefined`, an :exc:`UndefinedError`
+            is raised instead. If no templates were found and ``names``
+            contains :class:`Undefined`, the message is more helpful.
+
+        .. versionchanged:: 2.4
+            If ``names`` contains a :class:`Template` object it is
+            returned unchanged.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(names, Undefined):
+            names._fail_with_undefined_error()
+
+        if not names:
+            raise TemplatesNotFound(
+                message="Tried to select from an empty list of templates."
+            )
+
+        for name in names:
+            if isinstance(name, Template):
+                return name
+            if parent is not None:
+                name = self.join_path(name, parent)
+            try:
+                return self._load_template(name, globals)
+            except (TemplateNotFound, UndefinedError):
+                pass
+        raise TemplatesNotFound(names)  # type: ignore
+
+    @internalcode
+    def get_or_select_template(
+        self,
+        template_name_or_list: t.Union[
+            str, "Template", t.List[t.Union[str, "Template"]]
+        ],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Use :meth:`select_template` if an iterable of template names
+        is given, or :meth:`get_template` if one name is given.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(template_name_or_list, (str, Undefined)):
+            return self.get_template(template_name_or_list, parent, globals)
+        elif isinstance(template_name_or_list, Template):
+            return template_name_or_list
+        return self.select_template(template_name_or_list, parent, globals)
+
+    def from_string(
+        self,
+        source: t.Union[str, nodes.Template],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        template_class: t.Optional[t.Type["Template"]] = None,
+    ) -> "Template":
+        """Load a template from a source string without using
+        :attr:`loader`.
+
+        :param source: Jinja source to compile into a template.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+        :param template_class: Return an instance of this
+            :class:`Template` class.
+        """
+        gs = self.make_globals(globals)
+        cls = template_class or self.template_class
+        return cls.from_code(self, self.compile(source), gs, None)
+
+    def make_globals(
+        self, d: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> t.MutableMapping[str, t.Any]:
+        """Make the globals map for a template. Any given template
+        globals overlay the environment :attr:`globals`.
+
+        Returns a :class:`collections.ChainMap`. This allows any changes
+        to a template's globals to only affect that template, while
+        changes to the environment's globals are still reflected.
+        However, avoid modifying any globals after a template is loaded.
+
+        :param d: Dict of template-specific globals.
+
+        .. versionchanged:: 3.0
+            Use :class:`collections.ChainMap` to always prevent mutating
+            environment globals.
+        """
+        if d is None:
+            d = {}
+
+        return ChainMap(d, self.globals)
+
+
+class Template:
+    """A compiled template that can be rendered.
+
+    Use the methods on :class:`Environment` to create or load templates.
+    The environment is used to configure how templates are compiled and
+    behave.
+
+    It is also possible to create a template object directly. This is
+    not usually recommended. The constructor takes most of the same
+    arguments as :class:`Environment`. All templates created with the
+    same environment arguments share the same ephemeral ``Environment``
+    instance behind the scenes.
+
+    A template object should be considered immutable. Modifications on
+    the object are not supported.
+    """
+
+    #: Type of environment to create when creating a template directly
+    #: rather than through an existing environment.
+    environment_class: t.Type[Environment] = Environment
+
+    environment: Environment
+    globals: t.MutableMapping[str, t.Any]
+    name: t.Optional[str]
+    filename: t.Optional[str]
+    blocks: t.Dict[str, t.Callable[[Context], t.Iterator[str]]]
+    root_render_func: t.Callable[[Context], t.Iterator[str]]
+    _module: t.Optional["TemplateModule"]
+    _debug_info: str
+    _uptodate: t.Optional[t.Callable[[], bool]]
+
+    def __new__(
+        cls,
+        source: t.Union[str, nodes.Template],
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        enable_async: bool = False,
+    ) -> t.Any:  # it returns a `Template`, but this breaks the sphinx build...
+        env = get_spontaneous_environment(
+            cls.environment_class,  # type: ignore
+            block_start_string,
+            block_end_string,
+            variable_start_string,
+            variable_end_string,
+            comment_start_string,
+            comment_end_string,
+            line_statement_prefix,
+            line_comment_prefix,
+            trim_blocks,
+            lstrip_blocks,
+            newline_sequence,
+            keep_trailing_newline,
+            frozenset(extensions),
+            optimized,
+            undefined,  # type: ignore
+            finalize,
+            autoescape,
+            None,
+            0,
+            False,
+            None,
+            enable_async,
+        )
+        return env.from_string(source, template_class=cls)
+
+    @classmethod
+    def from_code(
+        cls,
+        environment: Environment,
+        code: CodeType,
+        globals: t.MutableMapping[str, t.Any],
+        uptodate: t.Optional[t.Callable[[], bool]] = None,
+    ) -> "Template":
+        """Creates a template object from compiled code and the globals.  This
+        is used by the loaders and environment to create a template object.
+        """
+        namespace = {"environment": environment, "__file__": code.co_filename}
+        exec(code, namespace)
+        rv = cls._from_namespace(environment, namespace, globals)
+        rv._uptodate = uptodate
+        return rv
+
+    @classmethod
+    def from_module_dict(
+        cls,
+        environment: Environment,
+        module_dict: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        """Creates a template object from a module.  This is used by the
+        module loader to create a template object.
+
+        .. versionadded:: 2.4
+        """
+        return cls._from_namespace(environment, module_dict, globals)
+
+    @classmethod
+    def _from_namespace(
+        cls,
+        environment: Environment,
+        namespace: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        t: "Template" = object.__new__(cls)
+        t.environment = environment
+        t.globals = globals
+        t.name = namespace["name"]
+        t.filename = namespace["__file__"]
+        t.blocks = namespace["blocks"]
+
+        # render function and module
+        t.root_render_func = namespace["root"]
+        t._module = None
+
+        # debug and loader helpers
+        t._debug_info = namespace["debug_info"]
+        t._uptodate = None
+
+        # store the reference
+        namespace["environment"] = environment
+        namespace["__jinja_template__"] = t
+
+        return t
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This method accepts the same arguments as the `dict` constructor:
+        A dict, a dict subclass or some keyword arguments.  If no arguments
+        are given the context will be empty.  These two calls do the same::
+
+            template.render(knights='that say nih')
+            template.render({'knights': 'that say nih'})
+
+        This will return the rendered template as a string.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            close = False
+
+            try:
+                loop = asyncio.get_running_loop()
+            except RuntimeError:
+                loop = asyncio.new_event_loop()
+                close = True
+
+            try:
+                return loop.run_until_complete(self.render_async(*args, **kwargs))
+            finally:
+                if close:
+                    loop.close()
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(self.root_render_func(ctx))  # type: ignore
+        except Exception:
+            self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This works similar to :meth:`render` but returns a coroutine
+        that when awaited returns the entire rendered template string.  This
+        requires the async feature to be enabled.
+
+        Example usage::
+
+            await template.render_async(knights='that say nih; asynchronously')
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    def stream(self, *args: t.Any, **kwargs: t.Any) -> "TemplateStream":
+        """Works exactly like :meth:`generate` but returns a
+        :class:`TemplateStream`.
+        """
+        return TemplateStream(self.generate(*args, **kwargs))
+
+    def generate(self, *args: t.Any, **kwargs: t.Any) -> t.Iterator[str]:
+        """For very large templates it can be useful to not render the whole
+        template at once but evaluate each statement after another and yield
+        piece for piece.  This method basically does exactly that and returns
+        a generator that yields one item after another as strings.
+
+        It accepts the same arguments as :meth:`render`.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            async def to_list() -> t.List[str]:
+                return [x async for x in self.generate_async(*args, **kwargs)]
+
+            yield from asyncio.run(to_list())
+            return
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            yield from self.root_render_func(ctx)
+        except Exception:
+            yield self.environment.handle_exception()
+
+    async def generate_async(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.AsyncIterator[str]:
+        """An async version of :meth:`generate`.  Works very similarly but
+        returns an async iterator instead.
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            async for event in self.root_render_func(ctx):  # type: ignore
+                yield event
+        except Exception:
+            yield self.environment.handle_exception()
+
+    def new_context(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> Context:
+        """Create a new :class:`Context` for this template.  The vars
+        provided will be passed to the template.  Per default the globals
+        are added to the context.  If shared is set to `True` the data
+        is passed as is to the context without adding the globals.
+
+        `locals` can be a dict of local variables for internal usage.
+        """
+        return new_context(
+            self.environment, self.name, self.blocks, vars, shared, self.globals, locals
+        )
+
+    def make_module(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """This method works like the :attr:`module` attribute when called
+        without arguments but it will evaluate the template on every call
+        rather than caching it.  It's also possible to provide
+        a dict which is then used as context.  The arguments are the same
+        as for the :meth:`new_context` method.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(self, ctx)
+
+    async def make_module_async(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """As template module creation can invoke template code for
+        asynchronous executions this method must be used instead of the
+        normal :meth:`make_module` one.  Likewise the module attribute
+        becomes unavailable in async mode.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(
+            self,
+            ctx,
+            [x async for x in self.root_render_func(ctx)],  # type: ignore
+        )
+
+    @internalcode
+    def _get_default_module(self, ctx: t.Optional[Context] = None) -> "TemplateModule":
+        """If a context is passed in, this means that the template was
+        imported. Imported templates have access to the current
+        template's globals by default, but they can only be accessed via
+        the context during runtime.
+
+        If there are new globals, we need to create a new module because
+        the cached module is already rendered and will not have access
+        to globals from the current context. This new module is not
+        cached because the template can be imported elsewhere, and it
+        should have access to only the current template's globals.
+        """
+        if self.environment.is_async:
+            raise RuntimeError("Module is not available in async mode.")
+
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return self.make_module({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = self.make_module()
+
+        return self._module
+
+    async def _get_default_module_async(
+        self, ctx: t.Optional[Context] = None
+    ) -> "TemplateModule":
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return await self.make_module_async({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = await self.make_module_async()
+
+        return self._module
+
+    @property
+    def module(self) -> "TemplateModule":
+        """The template as module.  This is used for imports in the
+        template runtime but is also useful if one wants to access
+        exported template variables from the Python layer:
+
+        >>> t = Template('{% macro foo() %}42{% endmacro %}23')
+        >>> str(t.module)
+        '23'
+        >>> t.module.foo() == u'42'
+        True
+
+        This attribute is not available if async mode is enabled.
+        """
+        return self._get_default_module()
+
+    def get_corresponding_lineno(self, lineno: int) -> int:
+        """Return the source line number of a line number in the
+        generated bytecode as they are not in sync.
+        """
+        for template_line, code_line in reversed(self.debug_info):
+            if code_line <= lineno:
+                return template_line
+        return 1
+
+    @property
+    def is_up_to_date(self) -> bool:
+        """If this variable is `False` there is a newer version available."""
+        if self._uptodate is None:
+            return True
+        return self._uptodate()
+
+    @property
+    def debug_info(self) -> t.List[t.Tuple[int, int]]:
+        """The debug info mapping."""
+        if self._debug_info:
+            return [
+                tuple(map(int, x.split("=")))  # type: ignore
+                for x in self._debug_info.split("&")
+            ]
+
+        return []
+
+    def __repr__(self) -> str:
+        if self.name is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateModule:
+    """Represents an imported template.  All the exported names of the
+    template are available as attributes on this object.  Additionally
+    converting it into a string renders the contents.
+    """
+
+    def __init__(
+        self,
+        template: Template,
+        context: Context,
+        body_stream: t.Optional[t.Iterable[str]] = None,
+    ) -> None:
+        if body_stream is None:
+            if context.environment.is_async:
+                raise RuntimeError(
+                    "Async mode requires a body stream to be passed to"
+                    " a template module. Use the async methods of the"
+                    " API you are using."
+                )
+
+            body_stream = list(template.root_render_func(context))
+
+        self._body_stream = body_stream
+        self.__dict__.update(context.get_exported())
+        self.__name__ = template.name
+
+    def __html__(self) -> Markup:
+        return Markup(concat(self._body_stream))
+
+    def __str__(self) -> str:
+        return concat(self._body_stream)
+
+    def __repr__(self) -> str:
+        if self.__name__ is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.__name__)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateExpression:
+    """The :meth:`jinja2.Environment.compile_expression` method returns an
+    instance of this object.  It encapsulates the expression-like access
+    to the template with an expression it wraps.
+    """
+
+    def __init__(self, template: Template, undefined_to_none: bool) -> None:
+        self._template = template
+        self._undefined_to_none = undefined_to_none
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Optional[t.Any]:
+        context = self._template.new_context(dict(*args, **kwargs))
+        consume(self._template.root_render_func(context))
+        rv = context.vars["result"]
+        if self._undefined_to_none and isinstance(rv, Undefined):
+            rv = None
+        return rv
+
+
+class TemplateStream:
+    """A template stream works pretty much like an ordinary python generator
+    but it can buffer multiple items to reduce the number of total iterations.
+    Per default the output is unbuffered which means that for every unbuffered
+    instruction in the template one string is yielded.
+
+    If buffering is enabled with a buffer size of 5, five items are combined
+    into a new string.  This is mainly useful if you are streaming
+    big templates to a client via WSGI which flushes after each iteration.
+    """
+
+    def __init__(self, gen: t.Iterator[str]) -> None:
+        self._gen = gen
+        self.disable_buffering()
+
+    def dump(
+        self,
+        fp: t.Union[str, t.IO[bytes]],
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+    ) -> None:
+        """Dump the complete stream into a file or file-like object.
+        Per default strings are written, if you want to encode
+        before writing specify an `encoding`.
+
+        Example usage::
+
+            Template('Hello {{ name }}!').stream(name='foo').dump('hello.html')
+        """
+        close = False
+
+        if isinstance(fp, str):
+            if encoding is None:
+                encoding = "utf-8"
+
+            real_fp: t.IO[bytes] = open(fp, "wb")
+            close = True
+        else:
+            real_fp = fp
+
+        try:
+            if encoding is not None:
+                iterable = (x.encode(encoding, errors) for x in self)  # type: ignore
+            else:
+                iterable = self  # type: ignore
+
+            if hasattr(real_fp, "writelines"):
+                real_fp.writelines(iterable)
+            else:
+                for item in iterable:
+                    real_fp.write(item)
+        finally:
+            if close:
+                real_fp.close()
+
+    def disable_buffering(self) -> None:
+        """Disable the output buffering."""
+        self._next = partial(next, self._gen)
+        self.buffered = False
+
+    def _buffered_generator(self, size: int) -> t.Iterator[str]:
+        buf: t.List[str] = []
+        c_size = 0
+        push = buf.append
+
+        while True:
+            try:
+                while c_size < size:
+                    c = next(self._gen)
+                    push(c)
+                    if c:
+                        c_size += 1
+            except StopIteration:
+                if not c_size:
+                    return
+            yield concat(buf)
+            del buf[:]
+            c_size = 0
+
+    def enable_buffering(self, size: int = 5) -> None:
+        """Enable buffering.  Buffer `size` items before yielding them."""
+        if size <= 1:
+            raise ValueError("buffer size too small")
+
+        self.buffered = True
+        self._next = partial(next, self._buffered_generator(size))
+
+    def __iter__(self) -> "TemplateStream":
+        return self
+
+    def __next__(self) -> str:
+        return self._next()  # type: ignore
+
+
+# hook in default template class.  if anyone reads this comment: ignore that
+# it's possible to use custom templates ;-)
+Environment.template_class = Template
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/exceptions.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/exceptions.py
new file mode 100644
index 000000000..082ebe8f2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/exceptions.py
@@ -0,0 +1,166 @@
+import typing as t
+
+if t.TYPE_CHECKING:
+    from .runtime import Undefined
+
+
+class TemplateError(Exception):
+    """Baseclass for all template errors."""
+
+    def __init__(self, message: t.Optional[str] = None) -> None:
+        super().__init__(message)
+
+    @property
+    def message(self) -> t.Optional[str]:
+        return self.args[0] if self.args else None
+
+
+class TemplateNotFound(IOError, LookupError, TemplateError):
+    """Raised if a template does not exist.
+
+    .. versionchanged:: 2.11
+        If the given name is :class:`Undefined` and no message was
+        provided, an :exc:`UndefinedError` is raised.
+    """
+
+    # Silence the Python warning about message being deprecated since
+    # it's not valid here.
+    message: t.Optional[str] = None
+
+    def __init__(
+        self,
+        name: t.Optional[t.Union[str, "Undefined"]],
+        message: t.Optional[str] = None,
+    ) -> None:
+        IOError.__init__(self, name)
+
+        if message is None:
+            from .runtime import Undefined
+
+            if isinstance(name, Undefined):
+                name._fail_with_undefined_error()
+
+            message = name
+
+        self.message = message
+        self.name = name
+        self.templates = [name]
+
+    def __str__(self) -> str:
+        return str(self.message)
+
+
+class TemplatesNotFound(TemplateNotFound):
+    """Like :class:`TemplateNotFound` but raised if multiple templates
+    are selected.  This is a subclass of :class:`TemplateNotFound`
+    exception, so just catching the base exception will catch both.
+
+    .. versionchanged:: 2.11
+        If a name in the list of names is :class:`Undefined`, a message
+        about it being undefined is shown rather than the empty string.
+
+    .. versionadded:: 2.2
+    """
+
+    def __init__(
+        self,
+        names: t.Sequence[t.Union[str, "Undefined"]] = (),
+        message: t.Optional[str] = None,
+    ) -> None:
+        if message is None:
+            from .runtime import Undefined
+
+            parts = []
+
+            for name in names:
+                if isinstance(name, Undefined):
+                    parts.append(name._undefined_message)
+                else:
+                    parts.append(name)
+
+            parts_str = ", ".join(map(str, parts))
+            message = f"none of the templates given were found: {parts_str}"
+
+        super().__init__(names[-1] if names else None, message)
+        self.templates = list(names)
+
+
+class TemplateSyntaxError(TemplateError):
+    """Raised to tell the user that there is a problem with the template."""
+
+    def __init__(
+        self,
+        message: str,
+        lineno: int,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message)
+        self.lineno = lineno
+        self.name = name
+        self.filename = filename
+        self.source: t.Optional[str] = None
+
+        # this is set to True if the debug.translate_syntax_error
+        # function translated the syntax error into a new traceback
+        self.translated = False
+
+    def __str__(self) -> str:
+        # for translated errors we only return the message
+        if self.translated:
+            return t.cast(str, self.message)
+
+        # otherwise attach some stuff
+        location = f"line {self.lineno}"
+        name = self.filename or self.name
+        if name:
+            location = f'File "{name}", {location}'
+        lines = [t.cast(str, self.message), "  " + location]
+
+        # if the source is set, add the line to the output
+        if self.source is not None:
+            try:
+                line = self.source.splitlines()[self.lineno - 1]
+            except IndexError:
+                pass
+            else:
+                lines.append("    " + line.strip())
+
+        return "\n".join(lines)
+
+    def __reduce__(self):  # type: ignore
+        # https://bugs.python.org/issue1692335 Exceptions that take
+        # multiple required arguments have problems with pickling.
+        # Without this, raises TypeError: __init__() missing 1 required
+        # positional argument: 'lineno'
+        return self.__class__, (self.message, self.lineno, self.name, self.filename)
+
+
+class TemplateAssertionError(TemplateSyntaxError):
+    """Like a template syntax error, but covers cases where something in the
+    template caused an error at compile time that wasn't necessarily caused
+    by a syntax error.  However it's a direct subclass of
+    :exc:`TemplateSyntaxError` and has the same attributes.
+    """
+
+
+class TemplateRuntimeError(TemplateError):
+    """A generic runtime error in the template engine.  Under some situations
+    Jinja may raise this exception.
+    """
+
+
+class UndefinedError(TemplateRuntimeError):
+    """Raised if a template tries to operate on :class:`Undefined`."""
+
+
+class SecurityError(TemplateRuntimeError):
+    """Raised if a template tries to do something insecure if the
+    sandbox is enabled.
+    """
+
+
+class FilterArgumentError(TemplateRuntimeError):
+    """This error is raised if a filter was called with inappropriate
+    arguments
+    """
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/ext.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/ext.py
new file mode 100644
index 000000000..8d0810cd4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/ext.py
@@ -0,0 +1,870 @@
+"""Extension API for adding custom tags and behavior."""
+
+import pprint
+import re
+import typing as t
+
+from markupsafe import Markup
+
+from . import defaults
+from . import nodes
+from .environment import Environment
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .runtime import concat  # type: ignore
+from .runtime import Context
+from .runtime import Undefined
+from .utils import import_string
+from .utils import pass_context
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .lexer import Token
+    from .lexer import TokenStream
+    from .parser import Parser
+
+    class _TranslationsBasic(te.Protocol):
+        def gettext(self, message: str) -> str: ...
+
+        def ngettext(self, singular: str, plural: str, n: int) -> str:
+            pass
+
+    class _TranslationsContext(_TranslationsBasic):
+        def pgettext(self, context: str, message: str) -> str: ...
+
+        def npgettext(
+            self, context: str, singular: str, plural: str, n: int
+        ) -> str: ...
+
+    _SupportedTranslations = t.Union[_TranslationsBasic, _TranslationsContext]
+
+
+# I18N functions available in Jinja templates. If the I18N library
+# provides ugettext, it will be assigned to gettext.
+GETTEXT_FUNCTIONS: t.Tuple[str, ...] = (
+    "_",
+    "gettext",
+    "ngettext",
+    "pgettext",
+    "npgettext",
+)
+_ws_re = re.compile(r"\s*\n\s*")
+
+
+class Extension:
+    """Extensions can be used to add extra functionality to the Jinja template
+    system at the parser level.  Custom extensions are bound to an environment
+    but may not store environment specific data on `self`.  The reason for
+    this is that an extension can be bound to another environment (for
+    overlays) by creating a copy and reassigning the `environment` attribute.
+
+    As extensions are created by the environment they cannot accept any
+    arguments for configuration.  One may want to work around that by using
+    a factory function, but that is not possible as extensions are identified
+    by their import name.  The correct way to configure the extension is
+    storing the configuration values on the environment.  Because this way the
+    environment ends up acting as central configuration storage the
+    attributes may clash which is why extensions have to ensure that the names
+    they choose for configuration are not too generic.  ``prefix`` for example
+    is a terrible name, ``fragment_cache_prefix`` on the other hand is a good
+    name as includes the name of the extension (fragment cache).
+    """
+
+    identifier: t.ClassVar[str]
+
+    def __init_subclass__(cls) -> None:
+        cls.identifier = f"{cls.__module__}.{cls.__name__}"
+
+    #: if this extension parses this is the list of tags it's listening to.
+    tags: t.Set[str] = set()
+
+    #: the priority of that extension.  This is especially useful for
+    #: extensions that preprocess values.  A lower value means higher
+    #: priority.
+    #:
+    #: .. versionadded:: 2.4
+    priority = 100
+
+    def __init__(self, environment: Environment) -> None:
+        self.environment = environment
+
+    def bind(self, environment: Environment) -> "Extension":
+        """Create a copy of this extension bound to another environment."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.environment = environment
+        return rv
+
+    def preprocess(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str] = None
+    ) -> str:
+        """This method is called before the actual lexing and can be used to
+        preprocess the source.  The `filename` is optional.  The return value
+        must be the preprocessed source.
+        """
+        return source
+
+    def filter_stream(
+        self, stream: "TokenStream"
+    ) -> t.Union["TokenStream", t.Iterable["Token"]]:
+        """It's passed a :class:`~jinja2.lexer.TokenStream` that can be used
+        to filter tokens returned.  This method has to return an iterable of
+        :class:`~jinja2.lexer.Token`\\s, but it doesn't have to return a
+        :class:`~jinja2.lexer.TokenStream`.
+        """
+        return stream
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """If any of the :attr:`tags` matched this method is called with the
+        parser as first argument.  The token the parser stream is pointing at
+        is the name token that matched.  This method has to return one or a
+        list of multiple nodes.
+        """
+        raise NotImplementedError()
+
+    def attr(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> nodes.ExtensionAttribute:
+        """Return an attribute node for the current extension.  This is useful
+        to pass constants on extensions to generated template code.
+
+        ::
+
+            self.attr('_my_attribute', lineno=lineno)
+        """
+        return nodes.ExtensionAttribute(self.identifier, name, lineno=lineno)
+
+    def call_method(
+        self,
+        name: str,
+        args: t.Optional[t.List[nodes.Expr]] = None,
+        kwargs: t.Optional[t.List[nodes.Keyword]] = None,
+        dyn_args: t.Optional[nodes.Expr] = None,
+        dyn_kwargs: t.Optional[nodes.Expr] = None,
+        lineno: t.Optional[int] = None,
+    ) -> nodes.Call:
+        """Call a method of the extension.  This is a shortcut for
+        :meth:`attr` + :class:`jinja2.nodes.Call`.
+        """
+        if args is None:
+            args = []
+        if kwargs is None:
+            kwargs = []
+        return nodes.Call(
+            self.attr(name, lineno=lineno),
+            args,
+            kwargs,
+            dyn_args,
+            dyn_kwargs,
+            lineno=lineno,
+        )
+
+
+@pass_context
+def _gettext_alias(
+    __context: Context, *args: t.Any, **kwargs: t.Any
+) -> t.Union[t.Any, Undefined]:
+    return __context.call(__context.resolve("gettext"), *args, **kwargs)
+
+
+def _make_new_gettext(func: t.Callable[[str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def gettext(__context: Context, __string: str, **variables: t.Any) -> str:
+        rv = __context.call(func, __string)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, even if there are no
+        # variables. This makes translation strings more consistent
+        # and predictable. This requires escaping
+        return rv % variables  # type: ignore
+
+    return gettext
+
+
+def _make_new_ngettext(func: t.Callable[[str, str, int], str]) -> t.Callable[..., str]:
+    @pass_context
+    def ngettext(
+        __context: Context,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __singular, __plural, __num)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return ngettext
+
+
+def _make_new_pgettext(func: t.Callable[[str, str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def pgettext(
+        __context: Context, __string_ctx: str, __string: str, **variables: t.Any
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        rv = __context.call(func, __string_ctx, __string)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return pgettext
+
+
+def _make_new_npgettext(
+    func: t.Callable[[str, str, str, int], str],
+) -> t.Callable[..., str]:
+    @pass_context
+    def npgettext(
+        __context: Context,
+        __string_ctx: str,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __string_ctx, __singular, __plural, __num)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return npgettext
+
+
+class InternationalizationExtension(Extension):
+    """This extension adds gettext support to Jinja."""
+
+    tags = {"trans"}
+
+    # TODO: the i18n extension is currently reevaluating values in a few
+    # situations.  Take this example:
+    #   {% trans count=something() %}{{ count }} foo{% pluralize
+    #     %}{{ count }} fooss{% endtrans %}
+    # something is called twice here.  One time for the gettext value and
+    # the other time for the n-parameter of the ngettext function.
+
+    def __init__(self, environment: Environment) -> None:
+        super().__init__(environment)
+        environment.globals["_"] = _gettext_alias
+        environment.extend(
+            install_gettext_translations=self._install,
+            install_null_translations=self._install_null,
+            install_gettext_callables=self._install_callables,
+            uninstall_gettext_translations=self._uninstall,
+            extract_translations=self._extract,
+            newstyle_gettext=False,
+        )
+
+    def _install(
+        self, translations: "_SupportedTranslations", newstyle: t.Optional[bool] = None
+    ) -> None:
+        # ugettext and ungettext are preferred in case the I18N library
+        # is providing compatibility with older Python versions.
+        gettext = getattr(translations, "ugettext", None)
+        if gettext is None:
+            gettext = translations.gettext
+        ngettext = getattr(translations, "ungettext", None)
+        if ngettext is None:
+            ngettext = translations.ngettext
+
+        pgettext = getattr(translations, "pgettext", None)
+        npgettext = getattr(translations, "npgettext", None)
+        self._install_callables(
+            gettext, ngettext, newstyle=newstyle, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _install_null(self, newstyle: t.Optional[bool] = None) -> None:
+        import gettext
+
+        translations = gettext.NullTranslations()
+
+        if hasattr(translations, "pgettext"):
+            # Python < 3.8
+            pgettext = translations.pgettext
+        else:
+
+            def pgettext(c: str, s: str) -> str:  # type: ignore[misc]
+                return s
+
+        if hasattr(translations, "npgettext"):
+            npgettext = translations.npgettext
+        else:
+
+            def npgettext(c: str, s: str, p: str, n: int) -> str:  # type: ignore[misc]
+                return s if n == 1 else p
+
+        self._install_callables(
+            gettext=translations.gettext,
+            ngettext=translations.ngettext,
+            newstyle=newstyle,
+            pgettext=pgettext,
+            npgettext=npgettext,
+        )
+
+    def _install_callables(
+        self,
+        gettext: t.Callable[[str], str],
+        ngettext: t.Callable[[str, str, int], str],
+        newstyle: t.Optional[bool] = None,
+        pgettext: t.Optional[t.Callable[[str, str], str]] = None,
+        npgettext: t.Optional[t.Callable[[str, str, str, int], str]] = None,
+    ) -> None:
+        if newstyle is not None:
+            self.environment.newstyle_gettext = newstyle  # type: ignore
+        if self.environment.newstyle_gettext:  # type: ignore
+            gettext = _make_new_gettext(gettext)
+            ngettext = _make_new_ngettext(ngettext)
+
+            if pgettext is not None:
+                pgettext = _make_new_pgettext(pgettext)
+
+            if npgettext is not None:
+                npgettext = _make_new_npgettext(npgettext)
+
+        self.environment.globals.update(
+            gettext=gettext, ngettext=ngettext, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _uninstall(self, translations: "_SupportedTranslations") -> None:
+        for key in ("gettext", "ngettext", "pgettext", "npgettext"):
+            self.environment.globals.pop(key, None)
+
+    def _extract(
+        self,
+        source: t.Union[str, nodes.Template],
+        gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    ) -> t.Iterator[
+        t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+    ]:
+        if isinstance(source, str):
+            source = self.environment.parse(source)
+        return extract_from_ast(source, gettext_functions)
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a translatable tag."""
+        lineno = next(parser.stream).lineno
+
+        context = None
+        context_token = parser.stream.next_if("string")
+
+        if context_token is not None:
+            context = context_token.value
+
+        # find all the variables referenced.  Additionally a variable can be
+        # defined in the body of the trans block too, but this is checked at
+        # a later state.
+        plural_expr: t.Optional[nodes.Expr] = None
+        plural_expr_assignment: t.Optional[nodes.Assign] = None
+        num_called_num = False
+        variables: t.Dict[str, nodes.Expr] = {}
+        trimmed = None
+        while parser.stream.current.type != "block_end":
+            if variables:
+                parser.stream.expect("comma")
+
+            # skip colon for python compatibility
+            if parser.stream.skip_if("colon"):
+                break
+
+            token = parser.stream.expect("name")
+            if token.value in variables:
+                parser.fail(
+                    f"translatable variable {token.value!r} defined twice.",
+                    token.lineno,
+                    exc=TemplateAssertionError,
+                )
+
+            # expressions
+            if parser.stream.current.type == "assign":
+                next(parser.stream)
+                variables[token.value] = var = parser.parse_expression()
+            elif trimmed is None and token.value in ("trimmed", "notrimmed"):
+                trimmed = token.value == "trimmed"
+                continue
+            else:
+                variables[token.value] = var = nodes.Name(token.value, "load")
+
+            if plural_expr is None:
+                if isinstance(var, nodes.Call):
+                    plural_expr = nodes.Name("_trans", "load")
+                    variables[token.value] = plural_expr
+                    plural_expr_assignment = nodes.Assign(
+                        nodes.Name("_trans", "store"), var
+                    )
+                else:
+                    plural_expr = var
+                num_called_num = token.value == "num"
+
+        parser.stream.expect("block_end")
+
+        plural = None
+        have_plural = False
+        referenced = set()
+
+        # now parse until endtrans or pluralize
+        singular_names, singular = self._parse_block(parser, True)
+        if singular_names:
+            referenced.update(singular_names)
+            if plural_expr is None:
+                plural_expr = nodes.Name(singular_names[0], "load")
+                num_called_num = singular_names[0] == "num"
+
+        # if we have a pluralize block, we parse that too
+        if parser.stream.current.test("name:pluralize"):
+            have_plural = True
+            next(parser.stream)
+            if parser.stream.current.type != "block_end":
+                token = parser.stream.expect("name")
+                if token.value not in variables:
+                    parser.fail(
+                        f"unknown variable {token.value!r} for pluralization",
+                        token.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                plural_expr = variables[token.value]
+                num_called_num = token.value == "num"
+            parser.stream.expect("block_end")
+            plural_names, plural = self._parse_block(parser, False)
+            next(parser.stream)
+            referenced.update(plural_names)
+        else:
+            next(parser.stream)
+
+        # register free names as simple name expressions
+        for name in referenced:
+            if name not in variables:
+                variables[name] = nodes.Name(name, "load")
+
+        if not have_plural:
+            plural_expr = None
+        elif plural_expr is None:
+            parser.fail("pluralize without variables", lineno)
+
+        if trimmed is None:
+            trimmed = self.environment.policies["ext.i18n.trimmed"]
+        if trimmed:
+            singular = self._trim_whitespace(singular)
+            if plural:
+                plural = self._trim_whitespace(plural)
+
+        node = self._make_node(
+            singular,
+            plural,
+            context,
+            variables,
+            plural_expr,
+            bool(referenced),
+            num_called_num and have_plural,
+        )
+        node.set_lineno(lineno)
+        if plural_expr_assignment is not None:
+            return [plural_expr_assignment, node]
+        else:
+            return node
+
+    def _trim_whitespace(self, string: str, _ws_re: t.Pattern[str] = _ws_re) -> str:
+        return _ws_re.sub(" ", string.strip())
+
+    def _parse_block(
+        self, parser: "Parser", allow_pluralize: bool
+    ) -> t.Tuple[t.List[str], str]:
+        """Parse until the next block tag with a given name."""
+        referenced = []
+        buf = []
+
+        while True:
+            if parser.stream.current.type == "data":
+                buf.append(parser.stream.current.value.replace("%", "%%"))
+                next(parser.stream)
+            elif parser.stream.current.type == "variable_begin":
+                next(parser.stream)
+                name = parser.stream.expect("name").value
+                referenced.append(name)
+                buf.append(f"%({name})s")
+                parser.stream.expect("variable_end")
+            elif parser.stream.current.type == "block_begin":
+                next(parser.stream)
+                block_name = (
+                    parser.stream.current.value
+                    if parser.stream.current.type == "name"
+                    else None
+                )
+                if block_name == "endtrans":
+                    break
+                elif block_name == "pluralize":
+                    if allow_pluralize:
+                        break
+                    parser.fail(
+                        "a translatable section can have only one pluralize section"
+                    )
+                elif block_name == "trans":
+                    parser.fail(
+                        "trans blocks can't be nested; did you mean `endtrans`?"
+                    )
+                parser.fail(
+                    f"control structures in translatable sections are not allowed; "
+                    f"saw `{block_name}`"
+                )
+            elif parser.stream.eos:
+                parser.fail("unclosed translation block")
+            else:
+                raise RuntimeError("internal parser error")
+
+        return referenced, concat(buf)
+
+    def _make_node(
+        self,
+        singular: str,
+        plural: t.Optional[str],
+        context: t.Optional[str],
+        variables: t.Dict[str, nodes.Expr],
+        plural_expr: t.Optional[nodes.Expr],
+        vars_referenced: bool,
+        num_called_num: bool,
+    ) -> nodes.Output:
+        """Generates a useful node from the data provided."""
+        newstyle = self.environment.newstyle_gettext  # type: ignore
+        node: nodes.Expr
+
+        # no variables referenced?  no need to escape for old style
+        # gettext invocations only if there are vars.
+        if not vars_referenced and not newstyle:
+            singular = singular.replace("%%", "%")
+            if plural:
+                plural = plural.replace("%%", "%")
+
+        func_name = "gettext"
+        func_args: t.List[nodes.Expr] = [nodes.Const(singular)]
+
+        if context is not None:
+            func_args.insert(0, nodes.Const(context))
+            func_name = f"p{func_name}"
+
+        if plural_expr is not None:
+            func_name = f"n{func_name}"
+            func_args.extend((nodes.Const(plural), plural_expr))
+
+        node = nodes.Call(nodes.Name(func_name, "load"), func_args, [], None, None)
+
+        # in case newstyle gettext is used, the method is powerful
+        # enough to handle the variable expansion and autoescape
+        # handling itself
+        if newstyle:
+            for key, value in variables.items():
+                # the function adds that later anyways in case num was
+                # called num, so just skip it.
+                if num_called_num and key == "num":
+                    continue
+                node.kwargs.append(nodes.Keyword(key, value))
+
+        # otherwise do that here
+        else:
+            # mark the return value as safe if we are in an
+            # environment with autoescaping turned on
+            node = nodes.MarkSafeIfAutoescape(node)
+            if variables:
+                node = nodes.Mod(
+                    node,
+                    nodes.Dict(
+                        [
+                            nodes.Pair(nodes.Const(key), value)
+                            for key, value in variables.items()
+                        ]
+                    ),
+                )
+        return nodes.Output([node])
+
+
+class ExprStmtExtension(Extension):
+    """Adds a `do` tag to Jinja that works like the print statement just
+    that it doesn't print the return value.
+    """
+
+    tags = {"do"}
+
+    def parse(self, parser: "Parser") -> nodes.ExprStmt:
+        node = nodes.ExprStmt(lineno=next(parser.stream).lineno)
+        node.node = parser.parse_tuple()
+        return node
+
+
+class LoopControlExtension(Extension):
+    """Adds break and continue to the template engine."""
+
+    tags = {"break", "continue"}
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Break, nodes.Continue]:
+        token = next(parser.stream)
+        if token.value == "break":
+            return nodes.Break(lineno=token.lineno)
+        return nodes.Continue(lineno=token.lineno)
+
+
+class DebugExtension(Extension):
+    """A ``{% debug %}`` tag that dumps the available variables,
+    filters, and tests.
+
+    .. code-block:: html+jinja
+
+        <pre>{% debug %}</pre>
+
+    .. code-block:: text
+
+        {'context': {'cycler': <class 'jinja2.utils.Cycler'>,
+                     ...,
+                     'namespace': <class 'jinja2.utils.Namespace'>},
+         'filters': ['abs', 'attr', 'batch', 'capitalize', 'center', 'count', 'd',
+                     ..., 'urlencode', 'urlize', 'wordcount', 'wordwrap', 'xmlattr'],
+         'tests': ['!=', '<', '<=', '==', '>', '>=', 'callable', 'defined',
+                   ..., 'odd', 'sameas', 'sequence', 'string', 'undefined', 'upper']}
+
+    .. versionadded:: 2.11.0
+    """
+
+    tags = {"debug"}
+
+    def parse(self, parser: "Parser") -> nodes.Output:
+        lineno = parser.stream.expect("name:debug").lineno
+        context = nodes.ContextReference()
+        result = self.call_method("_render", [context], lineno=lineno)
+        return nodes.Output([result], lineno=lineno)
+
+    def _render(self, context: Context) -> str:
+        result = {
+            "context": context.get_all(),
+            "filters": sorted(self.environment.filters.keys()),
+            "tests": sorted(self.environment.tests.keys()),
+        }
+
+        # Set the depth since the intent is to show the top few names.
+        return pprint.pformat(result, depth=3, compact=True)
+
+
+def extract_from_ast(
+    ast: nodes.Template,
+    gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    babel_style: bool = True,
+) -> t.Iterator[
+    t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+]:
+    """Extract localizable strings from the given template node.  Per
+    default this function returns matches in babel style that means non string
+    parameters as well as keyword arguments are returned as `None`.  This
+    allows Babel to figure out what you really meant if you are using
+    gettext functions that allow keyword arguments for placeholder expansion.
+    If you don't want that behavior set the `babel_style` parameter to `False`
+    which causes only strings to be returned and parameters are always stored
+    in tuples.  As a consequence invalid gettext calls (calls without a single
+    string parameter or string parameters after non-string parameters) are
+    skipped.
+
+    This example explains the behavior:
+
+    >>> from jinja2 import Environment
+    >>> env = Environment()
+    >>> node = env.parse('{{ (_("foo"), _(), ngettext("foo", "bar", 42)) }}')
+    >>> list(extract_from_ast(node))
+    [(1, '_', 'foo'), (1, '_', ()), (1, 'ngettext', ('foo', 'bar', None))]
+    >>> list(extract_from_ast(node, babel_style=False))
+    [(1, '_', ('foo',)), (1, 'ngettext', ('foo', 'bar'))]
+
+    For every string found this function yields a ``(lineno, function,
+    message)`` tuple, where:
+
+    * ``lineno`` is the number of the line on which the string was found,
+    * ``function`` is the name of the ``gettext`` function used (if the
+      string was extracted from embedded Python code), and
+    *   ``message`` is the string, or a tuple of strings for functions
+         with multiple string arguments.
+
+    This extraction function operates on the AST and is because of that unable
+    to extract any comments.  For comment support you have to use the babel
+    extraction interface or extract comments yourself.
+    """
+    out: t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]
+
+    for node in ast.find_all(nodes.Call):
+        if (
+            not isinstance(node.node, nodes.Name)
+            or node.node.name not in gettext_functions
+        ):
+            continue
+
+        strings: t.List[t.Optional[str]] = []
+
+        for arg in node.args:
+            if isinstance(arg, nodes.Const) and isinstance(arg.value, str):
+                strings.append(arg.value)
+            else:
+                strings.append(None)
+
+        for _ in node.kwargs:
+            strings.append(None)
+        if node.dyn_args is not None:
+            strings.append(None)
+        if node.dyn_kwargs is not None:
+            strings.append(None)
+
+        if not babel_style:
+            out = tuple(x for x in strings if x is not None)
+
+            if not out:
+                continue
+        else:
+            if len(strings) == 1:
+                out = strings[0]
+            else:
+                out = tuple(strings)
+
+        yield node.lineno, node.node.name, out
+
+
+class _CommentFinder:
+    """Helper class to find comments in a token stream.  Can only
+    find comments for gettext calls forwards.  Once the comment
+    from line 4 is found, a comment for line 1 will not return a
+    usable value.
+    """
+
+    def __init__(
+        self, tokens: t.Sequence[t.Tuple[int, str, str]], comment_tags: t.Sequence[str]
+    ) -> None:
+        self.tokens = tokens
+        self.comment_tags = comment_tags
+        self.offset = 0
+        self.last_lineno = 0
+
+    def find_backwards(self, offset: int) -> t.List[str]:
+        try:
+            for _, token_type, token_value in reversed(
+                self.tokens[self.offset : offset]
+            ):
+                if token_type in ("comment", "linecomment"):
+                    try:
+                        prefix, comment = token_value.split(None, 1)
+                    except ValueError:
+                        continue
+                    if prefix in self.comment_tags:
+                        return [comment.rstrip()]
+            return []
+        finally:
+            self.offset = offset
+
+    def find_comments(self, lineno: int) -> t.List[str]:
+        if not self.comment_tags or self.last_lineno > lineno:
+            return []
+        for idx, (token_lineno, _, _) in enumerate(self.tokens[self.offset :]):
+            if token_lineno > lineno:
+                return self.find_backwards(self.offset + idx)
+        return self.find_backwards(len(self.tokens))
+
+
+def babel_extract(
+    fileobj: t.BinaryIO,
+    keywords: t.Sequence[str],
+    comment_tags: t.Sequence[str],
+    options: t.Dict[str, t.Any],
+) -> t.Iterator[
+    t.Tuple[
+        int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]], t.List[str]
+    ]
+]:
+    """Babel extraction method for Jinja templates.
+
+    .. versionchanged:: 2.3
+       Basic support for translation comments was added.  If `comment_tags`
+       is now set to a list of keywords for extraction, the extractor will
+       try to find the best preceding comment that begins with one of the
+       keywords.  For best results, make sure to not have more than one
+       gettext call in one line of code and the matching comment in the
+       same line or the line before.
+
+    .. versionchanged:: 2.5.1
+       The `newstyle_gettext` flag can be set to `True` to enable newstyle
+       gettext calls.
+
+    .. versionchanged:: 2.7
+       A `silent` option can now be provided.  If set to `False` template
+       syntax errors are propagated instead of being ignored.
+
+    :param fileobj: the file-like object the messages should be extracted from
+    :param keywords: a list of keywords (i.e. function names) that should be
+                     recognized as translation functions
+    :param comment_tags: a list of translator tags to search for and include
+                         in the results.
+    :param options: a dictionary of additional options (optional)
+    :return: an iterator over ``(lineno, funcname, message, comments)`` tuples.
+             (comments will be empty currently)
+    """
+    extensions: t.Dict[t.Type[Extension], None] = {}
+
+    for extension_name in options.get("extensions", "").split(","):
+        extension_name = extension_name.strip()
+
+        if not extension_name:
+            continue
+
+        extensions[import_string(extension_name)] = None
+
+    if InternationalizationExtension not in extensions:
+        extensions[InternationalizationExtension] = None
+
+    def getbool(options: t.Mapping[str, str], key: str, default: bool = False) -> bool:
+        return options.get(key, str(default)).lower() in {"1", "on", "yes", "true"}
+
+    silent = getbool(options, "silent", True)
+    environment = Environment(
+        options.get("block_start_string", defaults.BLOCK_START_STRING),
+        options.get("block_end_string", defaults.BLOCK_END_STRING),
+        options.get("variable_start_string", defaults.VARIABLE_START_STRING),
+        options.get("variable_end_string", defaults.VARIABLE_END_STRING),
+        options.get("comment_start_string", defaults.COMMENT_START_STRING),
+        options.get("comment_end_string", defaults.COMMENT_END_STRING),
+        options.get("line_statement_prefix") or defaults.LINE_STATEMENT_PREFIX,
+        options.get("line_comment_prefix") or defaults.LINE_COMMENT_PREFIX,
+        getbool(options, "trim_blocks", defaults.TRIM_BLOCKS),
+        getbool(options, "lstrip_blocks", defaults.LSTRIP_BLOCKS),
+        defaults.NEWLINE_SEQUENCE,
+        getbool(options, "keep_trailing_newline", defaults.KEEP_TRAILING_NEWLINE),
+        tuple(extensions),
+        cache_size=0,
+        auto_reload=False,
+    )
+
+    if getbool(options, "trimmed"):
+        environment.policies["ext.i18n.trimmed"] = True
+    if getbool(options, "newstyle_gettext"):
+        environment.newstyle_gettext = True  # type: ignore
+
+    source = fileobj.read().decode(options.get("encoding", "utf-8"))
+    try:
+        node = environment.parse(source)
+        tokens = list(environment.lex(environment.preprocess(source)))
+    except TemplateSyntaxError:
+        if not silent:
+            raise
+        # skip templates with syntax errors
+        return
+
+    finder = _CommentFinder(tokens, comment_tags)
+    for lineno, func, message in extract_from_ast(node, keywords):
+        yield lineno, func, message, finder.find_comments(lineno)
+
+
+#: nicer import names
+i18n = InternationalizationExtension
+do = ExprStmtExtension
+loopcontrols = LoopControlExtension
+debug = DebugExtension
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/filters.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/filters.py
new file mode 100644
index 000000000..acd11976e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/filters.py
@@ -0,0 +1,1866 @@
+"""Built-in template filters used with the ``|`` operator."""
+
+import math
+import random
+import re
+import typing
+import typing as t
+from collections import abc
+from itertools import chain
+from itertools import groupby
+
+from markupsafe import escape
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import async_variant
+from .async_utils import auto_aiter
+from .async_utils import auto_await
+from .async_utils import auto_to_list
+from .exceptions import FilterArgumentError
+from .runtime import Undefined
+from .utils import htmlsafe_json_dumps
+from .utils import pass_context
+from .utils import pass_environment
+from .utils import pass_eval_context
+from .utils import pformat
+from .utils import url_quote
+from .utils import urlize
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+    from .nodes import EvalContext
+    from .runtime import Context
+    from .sandbox import SandboxedEnvironment  # noqa: F401
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+K = t.TypeVar("K")
+V = t.TypeVar("V")
+
+
+def ignore_case(value: V) -> V:
+    """For use as a postprocessor for :func:`make_attrgetter`. Converts strings
+    to lowercase and returns other types as-is."""
+    if isinstance(value, str):
+        return t.cast(V, value.lower())
+
+    return value
+
+
+def make_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+    default: t.Optional[t.Any] = None,
+) -> t.Callable[[t.Any], t.Any]:
+    """Returns a callable that looks up the given attribute from a
+    passed object with the rules of the environment.  Dots are allowed
+    to access attributes of attributes.  Integer parts in paths are
+    looked up as integers.
+    """
+    parts = _prepare_attribute_parts(attribute)
+
+    def attrgetter(item: t.Any) -> t.Any:
+        for part in parts:
+            item = environment.getitem(item, part)
+
+            if default is not None and isinstance(item, Undefined):
+                item = default
+
+        if postprocess is not None:
+            item = postprocess(item)
+
+        return item
+
+    return attrgetter
+
+
+def make_multi_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+) -> t.Callable[[t.Any], t.List[t.Any]]:
+    """Returns a callable that looks up the given comma separated
+    attributes from a passed object with the rules of the environment.
+    Dots are allowed to access attributes of each attribute.  Integer
+    parts in paths are looked up as integers.
+
+    The value returned by the returned callable is a list of extracted
+    attribute values.
+
+    Examples of attribute: "attr1,attr2", "attr1.inner1.0,attr2.inner2.0", etc.
+    """
+    if isinstance(attribute, str):
+        split: t.Sequence[t.Union[str, int, None]] = attribute.split(",")
+    else:
+        split = [attribute]
+
+    parts = [_prepare_attribute_parts(item) for item in split]
+
+    def attrgetter(item: t.Any) -> t.List[t.Any]:
+        items = [None] * len(parts)
+
+        for i, attribute_part in enumerate(parts):
+            item_i = item
+
+            for part in attribute_part:
+                item_i = environment.getitem(item_i, part)
+
+            if postprocess is not None:
+                item_i = postprocess(item_i)
+
+            items[i] = item_i
+
+        return items
+
+    return attrgetter
+
+
+def _prepare_attribute_parts(
+    attr: t.Optional[t.Union[str, int]],
+) -> t.List[t.Union[str, int]]:
+    if attr is None:
+        return []
+
+    if isinstance(attr, str):
+        return [int(x) if x.isdigit() else x for x in attr.split(".")]
+
+    return [attr]
+
+
+def do_forceescape(value: "t.Union[str, HasHTML]") -> Markup:
+    """Enforce HTML escaping.  This will probably double escape variables."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return escape(str(value))
+
+
+def do_urlencode(
+    value: t.Union[str, t.Mapping[str, t.Any], t.Iterable[t.Tuple[str, t.Any]]],
+) -> str:
+    """Quote data for use in a URL path or query using UTF-8.
+
+    Basic wrapper around :func:`urllib.parse.quote` when given a
+    string, or :func:`urllib.parse.urlencode` for a dict or iterable.
+
+    :param value: Data to quote. A string will be quoted directly. A
+        dict or iterable of ``(key, value)`` pairs will be joined as a
+        query string.
+
+    When given a string, "/" is not quoted. HTTP servers treat "/" and
+    "%2F" equivalently in paths. If you need quoted slashes, use the
+    ``|replace("/", "%2F")`` filter.
+
+    .. versionadded:: 2.7
+    """
+    if isinstance(value, str) or not isinstance(value, abc.Iterable):
+        return url_quote(value)
+
+    if isinstance(value, dict):
+        items: t.Iterable[t.Tuple[str, t.Any]] = value.items()
+    else:
+        items = value  # type: ignore
+
+    return "&".join(
+        f"{url_quote(k, for_qs=True)}={url_quote(v, for_qs=True)}" for k, v in items
+    )
+
+
+@pass_eval_context
+def do_replace(
+    eval_ctx: "EvalContext", s: str, old: str, new: str, count: t.Optional[int] = None
+) -> str:
+    """Return a copy of the value with all occurrences of a substring
+    replaced with a new one. The first argument is the substring
+    that should be replaced, the second is the replacement string.
+    If the optional third argument ``count`` is given, only the first
+    ``count`` occurrences are replaced:
+
+    .. sourcecode:: jinja
+
+        {{ "Hello World"|replace("Hello", "Goodbye") }}
+            -> Goodbye World
+
+        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
+            -> d'oh, d'oh, aaargh
+    """
+    if count is None:
+        count = -1
+
+    if not eval_ctx.autoescape:
+        return str(s).replace(str(old), str(new), count)
+
+    if (
+        hasattr(old, "__html__")
+        or hasattr(new, "__html__")
+        and not hasattr(s, "__html__")
+    ):
+        s = escape(s)
+    else:
+        s = soft_str(s)
+
+    return s.replace(soft_str(old), soft_str(new), count)
+
+
+def do_upper(s: str) -> str:
+    """Convert a value to uppercase."""
+    return soft_str(s).upper()
+
+
+def do_lower(s: str) -> str:
+    """Convert a value to lowercase."""
+    return soft_str(s).lower()
+
+
+def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K, V]]:
+    """Return an iterator over the ``(key, value)`` items of a mapping.
+
+    ``x|items`` is the same as ``x.items()``, except if ``x`` is
+    undefined an empty iterator is returned.
+
+    This filter is useful if you expect the template to be rendered with
+    an implementation of Jinja in another programming language that does
+    not have a ``.items()`` method on its mapping type.
+
+    .. code-block:: html+jinja
+
+        <dl>
+        {% for key, value in my_dict|items %}
+            <dt>{{ key }}
+            <dd>{{ value }}
+        {% endfor %}
+        </dl>
+
+    .. versionadded:: 3.1
+    """
+    if isinstance(value, Undefined):
+        return
+
+    if not isinstance(value, abc.Mapping):
+        raise TypeError("Can only get item pairs from a mapping.")
+
+    yield from value.items()
+
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+
+
+@pass_eval_context
+def do_xmlattr(
+    eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
+) -> str:
+    """Create an SGML/XML attribute string based on the items in a dict.
+
+    **Values** that are neither ``none`` nor ``undefined`` are automatically
+    escaped, safely allowing untrusted user input.
+
+    User input should not be used as **keys** to this filter. If any key
+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+    sign, this fails with a ``ValueError``. Regardless of this, user input
+    should never be used as keys to this filter, or must be separately validated
+    first.
+
+    .. sourcecode:: html+jinja
+
+        <ul{{ {'class': 'my_list', 'missing': none,
+                'id': 'list-%d'|format(variable)}|xmlattr }}>
+        ...
+        </ul>
+
+    Results in something like this:
+
+    .. sourcecode:: html
+
+        <ul class="my_list" id="list-42">
+        ...
+        </ul>
+
+    As you can see it automatically prepends a space in front of the item
+    if the filter returned something unless the second parameter is false.
+
+    .. versionchanged:: 3.1.4
+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+        are not allowed.
+
+    .. versionchanged:: 3.1.3
+        Keys with spaces are not allowed.
+    """
+    items = []
+
+    for key, value in d.items():
+        if value is None or isinstance(value, Undefined):
+            continue
+
+        if _attr_key_re.search(key) is not None:
+            raise ValueError(f"Invalid character in attribute name: {key!r}")
+
+        items.append(f'{escape(key)}="{escape(value)}"')
+
+    rv = " ".join(items)
+
+    if autospace and rv:
+        rv = " " + rv
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_capitalize(s: str) -> str:
+    """Capitalize a value. The first character will be uppercase, all others
+    lowercase.
+    """
+    return soft_str(s).capitalize()
+
+
+_word_beginning_split_re = re.compile(r"([-\s({\[<]+)")
+
+
+def do_title(s: str) -> str:
+    """Return a titlecased version of the value. I.e. words will start with
+    uppercase letters, all remaining characters are lowercase.
+    """
+    return "".join(
+        [
+            item[0].upper() + item[1:].lower()
+            for item in _word_beginning_split_re.split(soft_str(s))
+            if item
+        ]
+    )
+
+
+def do_dictsort(
+    value: t.Mapping[K, V],
+    case_sensitive: bool = False,
+    by: 'te.Literal["key", "value"]' = "key",
+    reverse: bool = False,
+) -> t.List[t.Tuple[K, V]]:
+    """Sort a dict and yield (key, value) pairs. Python dicts may not
+    be in the order you want to display them in, so sort them first.
+
+    .. sourcecode:: jinja
+
+        {% for key, value in mydict|dictsort %}
+            sort the dict by key, case insensitive
+
+        {% for key, value in mydict|dictsort(reverse=true) %}
+            sort the dict by key, case insensitive, reverse order
+
+        {% for key, value in mydict|dictsort(true) %}
+            sort the dict by key, case sensitive
+
+        {% for key, value in mydict|dictsort(false, 'value') %}
+            sort the dict by value, case insensitive
+    """
+    if by == "key":
+        pos = 0
+    elif by == "value":
+        pos = 1
+    else:
+        raise FilterArgumentError('You can only sort by either "key" or "value"')
+
+    def sort_func(item: t.Tuple[t.Any, t.Any]) -> t.Any:
+        value = item[pos]
+
+        if not case_sensitive:
+            value = ignore_case(value)
+
+        return value
+
+    return sorted(value.items(), key=sort_func, reverse=reverse)
+
+
+@pass_environment
+def do_sort(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    reverse: bool = False,
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.List[V]":
+    """Sort an iterable using Python's :func:`sorted`.
+
+    .. sourcecode:: jinja
+
+        {% for city in cities|sort %}
+            ...
+        {% endfor %}
+
+    :param reverse: Sort descending instead of ascending.
+    :param case_sensitive: When sorting strings, sort upper and lower
+        case separately.
+    :param attribute: When sorting objects or dicts, an attribute or
+        key to sort by. Can use dot notation like ``"address.city"``.
+        Can be a list of attributes like ``"age,name"``.
+
+    The sort is stable, it does not change the relative order of
+    elements that compare equal. This makes it is possible to chain
+    sorts on different attributes and ordering.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="name")
+            |sort(reverse=true, attribute="age") %}
+            ...
+        {% endfor %}
+
+    As a shortcut to chaining when the direction is the same for all
+    attributes, pass a comma separate list of attributes.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="age,name") %}
+            ...
+        {% endfor %}
+
+    .. versionchanged:: 2.11.0
+        The ``attribute`` parameter can be a comma separated list of
+        attributes, e.g. ``"age,name"``.
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added.
+    """
+    key_func = make_multi_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return sorted(value, key=key_func, reverse=reverse)
+
+
+@pass_environment
+def do_unique(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Iterator[V]":
+    """Returns a list of unique items from the given iterable.
+
+    .. sourcecode:: jinja
+
+        {{ ['foo', 'bar', 'foobar', 'FooBar']|unique|list }}
+            -> ['foo', 'bar', 'foobar']
+
+    The unique items are yielded in the same order as their first occurrence in
+    the iterable passed to the filter.
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Filter objects with unique values for this attribute.
+    """
+    getter = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    seen = set()
+
+    for item in value:
+        key = getter(item)
+
+        if key not in seen:
+            seen.add(key)
+            yield item
+
+
+def _min_or_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    func: "t.Callable[..., V]",
+    case_sensitive: bool,
+    attribute: t.Optional[t.Union[str, int]],
+) -> "t.Union[V, Undefined]":
+    it = iter(value)
+
+    try:
+        first = next(it)
+    except StopIteration:
+        return environment.undefined("No aggregated item, sequence was empty.")
+
+    key_func = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return func(chain([first], it), key=key_func)
+
+
+@pass_environment
+def do_min(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the smallest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|min }}
+            -> 1
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the min value of this attribute.
+    """
+    return _min_or_max(environment, value, min, case_sensitive, attribute)
+
+
+@pass_environment
+def do_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the largest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|max }}
+            -> 3
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the max value of this attribute.
+    """
+    return _min_or_max(environment, value, max, case_sensitive, attribute)
+
+
+def do_default(
+    value: V,
+    default_value: V = "",  # type: ignore
+    boolean: bool = False,
+) -> V:
+    """If the value is undefined it will return the passed default value,
+    otherwise the value of the variable:
+
+    .. sourcecode:: jinja
+
+        {{ my_variable|default('my_variable is not defined') }}
+
+    This will output the value of ``my_variable`` if the variable was
+    defined, otherwise ``'my_variable is not defined'``. If you want
+    to use default with variables that evaluate to false you have to
+    set the second parameter to `true`:
+
+    .. sourcecode:: jinja
+
+        {{ ''|default('the string was empty', true) }}
+
+    .. versionchanged:: 2.11
+       It's now possible to configure the :class:`~jinja2.Environment` with
+       :class:`~jinja2.ChainableUndefined` to make the `default` filter work
+       on nested elements and attributes that may contain undefined values
+       in the chain without getting an :exc:`~jinja2.UndefinedError`.
+    """
+    if isinstance(value, Undefined) or (boolean and not value):
+        return default_value
+
+    return value
+
+
+@pass_eval_context
+def sync_do_join(
+    eval_ctx: "EvalContext",
+    value: t.Iterable[t.Any],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    """Return a string which is the concatenation of the strings in the
+    sequence. The separator between elements is an empty string per
+    default, you can define it with the optional parameter:
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|join('|') }}
+            -> 1|2|3
+
+        {{ [1, 2, 3]|join }}
+            -> 123
+
+    It is also possible to join certain attributes of an object:
+
+    .. sourcecode:: jinja
+
+        {{ users|join(', ', attribute='username') }}
+
+    .. versionadded:: 2.6
+       The `attribute` parameter was added.
+    """
+    if attribute is not None:
+        value = map(make_attrgetter(eval_ctx.environment, attribute), value)
+
+    # no automatic escaping?  joining is a lot easier then
+    if not eval_ctx.autoescape:
+        return str(d).join(map(str, value))
+
+    # if the delimiter doesn't have an html representation we check
+    # if any of the items has.  If yes we do a coercion to Markup
+    if not hasattr(d, "__html__"):
+        value = list(value)
+        do_escape = False
+
+        for idx, item in enumerate(value):
+            if hasattr(item, "__html__"):
+                do_escape = True
+            else:
+                value[idx] = str(item)
+
+        if do_escape:
+            d = escape(d)
+        else:
+            d = str(d)
+
+        return d.join(value)
+
+    # no html involved, to normal joining
+    return soft_str(d).join(map(soft_str, value))
+
+
+@async_variant(sync_do_join)  # type: ignore
+async def do_join(
+    eval_ctx: "EvalContext",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    return sync_do_join(eval_ctx, await auto_to_list(value), d, attribute)
+
+
+def do_center(value: str, width: int = 80) -> str:
+    """Centers the value in a field of a given width."""
+    return soft_str(value).center(width)
+
+
+@pass_environment
+def sync_do_first(
+    environment: "Environment", seq: "t.Iterable[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the first item of a sequence."""
+    try:
+        return next(iter(seq))
+    except StopIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@async_variant(sync_do_first)  # type: ignore
+async def do_first(
+    environment: "Environment", seq: "t.Union[t.AsyncIterable[V], t.Iterable[V]]"
+) -> "t.Union[V, Undefined]":
+    try:
+        return await auto_aiter(seq).__anext__()
+    except StopAsyncIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@pass_environment
+def do_last(
+    environment: "Environment", seq: "t.Reversible[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the last item of a sequence.
+
+    Note: Does not work with generators. You may want to explicitly
+    convert it to a list:
+
+    .. sourcecode:: jinja
+
+        {{ data | selectattr('name', '==', 'Jinja') | list | last }}
+    """
+    try:
+        return next(iter(reversed(seq)))
+    except StopIteration:
+        return environment.undefined("No last item, sequence was empty.")
+
+
+# No async do_last, it may not be safe in async mode.
+
+
+@pass_context
+def do_random(context: "Context", seq: "t.Sequence[V]") -> "t.Union[V, Undefined]":
+    """Return a random item from the sequence."""
+    try:
+        return random.choice(seq)
+    except IndexError:
+        return context.environment.undefined("No random item, sequence was empty.")
+
+
+def do_filesizeformat(value: t.Union[str, float, int], binary: bool = False) -> str:
+    """Format the value like a 'human-readable' file size (i.e. 13 kB,
+    4.1 MB, 102 Bytes, etc).  Per default decimal prefixes are used (Mega,
+    Giga, etc.), if the second parameter is set to `True` the binary
+    prefixes are used (Mebi, Gibi).
+    """
+    bytes = float(value)
+    base = 1024 if binary else 1000
+    prefixes = [
+        ("KiB" if binary else "kB"),
+        ("MiB" if binary else "MB"),
+        ("GiB" if binary else "GB"),
+        ("TiB" if binary else "TB"),
+        ("PiB" if binary else "PB"),
+        ("EiB" if binary else "EB"),
+        ("ZiB" if binary else "ZB"),
+        ("YiB" if binary else "YB"),
+    ]
+
+    if bytes == 1:
+        return "1 Byte"
+    elif bytes < base:
+        return f"{int(bytes)} Bytes"
+    else:
+        for i, prefix in enumerate(prefixes):
+            unit = base ** (i + 2)
+
+            if bytes < unit:
+                return f"{base * bytes / unit:.1f} {prefix}"
+
+        return f"{base * bytes / unit:.1f} {prefix}"
+
+
+def do_pprint(value: t.Any) -> str:
+    """Pretty print a variable. Useful for debugging."""
+    return pformat(value)
+
+
+_uri_scheme_re = re.compile(r"^([\w.+-]{2,}:(/){0,2})$")
+
+
+@pass_eval_context
+def do_urlize(
+    eval_ctx: "EvalContext",
+    value: str,
+    trim_url_limit: t.Optional[int] = None,
+    nofollow: bool = False,
+    target: t.Optional[str] = None,
+    rel: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param value: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param nofollow: Add the ``rel=nofollow`` attribute to links.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior. Defaults to
+        ``env.policies["urlize.extra_schemes"]``, which defaults to no
+        extra schemes.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+
+    .. versionchanged:: 2.8
+       The ``target`` parameter was added.
+    """
+    policies = eval_ctx.environment.policies
+    rel_parts = set((rel or "").split())
+
+    if nofollow:
+        rel_parts.add("nofollow")
+
+    rel_parts.update((policies["urlize.rel"] or "").split())
+    rel = " ".join(sorted(rel_parts)) or None
+
+    if target is None:
+        target = policies["urlize.target"]
+
+    if extra_schemes is None:
+        extra_schemes = policies["urlize.extra_schemes"] or ()
+
+    for scheme in extra_schemes:
+        if _uri_scheme_re.fullmatch(scheme) is None:
+            raise FilterArgumentError(f"{scheme!r} is not a valid URI scheme prefix.")
+
+    rv = urlize(
+        value,
+        trim_url_limit=trim_url_limit,
+        rel=rel,
+        target=target,
+        extra_schemes=extra_schemes,
+    )
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_indent(
+    s: str, width: t.Union[int, str] = 4, first: bool = False, blank: bool = False
+) -> str:
+    """Return a copy of the string with each line indented by 4 spaces. The
+    first line and blank lines are not indented by default.
+
+    :param width: Number of spaces, or a string, to indent by.
+    :param first: Don't skip indenting the first line.
+    :param blank: Don't skip indenting empty lines.
+
+    .. versionchanged:: 3.0
+        ``width`` can be a string.
+
+    .. versionchanged:: 2.10
+        Blank lines are not indented by default.
+
+        Rename the ``indentfirst`` argument to ``first``.
+    """
+    if isinstance(width, str):
+        indention = width
+    else:
+        indention = " " * width
+
+    newline = "\n"
+
+    if isinstance(s, Markup):
+        indention = Markup(indention)
+        newline = Markup(newline)
+
+    s += newline  # this quirk is necessary for splitlines method
+
+    if blank:
+        rv = (newline + indention).join(s.splitlines())
+    else:
+        lines = s.splitlines()
+        rv = lines.pop(0)
+
+        if lines:
+            rv += newline + newline.join(
+                indention + line if line else line for line in lines
+            )
+
+    if first:
+        rv = indention + rv
+
+    return rv
+
+
+@pass_environment
+def do_truncate(
+    env: "Environment",
+    s: str,
+    length: int = 255,
+    killwords: bool = False,
+    end: str = "...",
+    leeway: t.Optional[int] = None,
+) -> str:
+    """Return a truncated copy of the string. The length is specified
+    with the first parameter which defaults to ``255``. If the second
+    parameter is ``true`` the filter will cut the text at length. Otherwise
+    it will discard the last word. If the text was in fact
+    truncated it will append an ellipsis sign (``"..."``). If you want a
+    different ellipsis sign than ``"..."`` you can specify it using the
+    third parameter. Strings that only exceed the length by the tolerance
+    margin given in the fourth parameter will not be truncated.
+
+    .. sourcecode:: jinja
+
+        {{ "foo bar baz qux"|truncate(9) }}
+            -> "foo..."
+        {{ "foo bar baz qux"|truncate(9, True) }}
+            -> "foo ba..."
+        {{ "foo bar baz qux"|truncate(11) }}
+            -> "foo bar baz qux"
+        {{ "foo bar baz qux"|truncate(11, False, '...', 0) }}
+            -> "foo bar..."
+
+    The default leeway on newer Jinja versions is 5 and was 0 before but
+    can be reconfigured globally.
+    """
+    if leeway is None:
+        leeway = env.policies["truncate.leeway"]
+
+    assert length >= len(end), f"expected length >= {len(end)}, got {length}"
+    assert leeway >= 0, f"expected leeway >= 0, got {leeway}"
+
+    if len(s) <= length + leeway:
+        return s
+
+    if killwords:
+        return s[: length - len(end)] + end
+
+    result = s[: length - len(end)].rsplit(" ", 1)[0]
+    return result + end
+
+
+@pass_environment
+def do_wordwrap(
+    environment: "Environment",
+    s: str,
+    width: int = 79,
+    break_long_words: bool = True,
+    wrapstring: t.Optional[str] = None,
+    break_on_hyphens: bool = True,
+) -> str:
+    """Wrap a string to the given width. Existing newlines are treated
+    as paragraphs to be wrapped separately.
+
+    :param s: Original text to wrap.
+    :param width: Maximum length of wrapped lines.
+    :param break_long_words: If a word is longer than ``width``, break
+        it across lines.
+    :param break_on_hyphens: If a word contains hyphens, it may be split
+        across lines.
+    :param wrapstring: String to join each wrapped line. Defaults to
+        :attr:`Environment.newline_sequence`.
+
+    .. versionchanged:: 2.11
+        Existing newlines are treated as paragraphs wrapped separately.
+
+    .. versionchanged:: 2.11
+        Added the ``break_on_hyphens`` parameter.
+
+    .. versionchanged:: 2.7
+        Added the ``wrapstring`` parameter.
+    """
+    import textwrap
+
+    if wrapstring is None:
+        wrapstring = environment.newline_sequence
+
+    # textwrap.wrap doesn't consider existing newlines when wrapping.
+    # If the string has a newline before width, wrap will still insert
+    # a newline at width, resulting in a short line. Instead, split and
+    # wrap each paragraph individually.
+    return wrapstring.join(
+        [
+            wrapstring.join(
+                textwrap.wrap(
+                    line,
+                    width=width,
+                    expand_tabs=False,
+                    replace_whitespace=False,
+                    break_long_words=break_long_words,
+                    break_on_hyphens=break_on_hyphens,
+                )
+            )
+            for line in s.splitlines()
+        ]
+    )
+
+
+_word_re = re.compile(r"\w+")
+
+
+def do_wordcount(s: str) -> int:
+    """Count the words in that string."""
+    return len(_word_re.findall(soft_str(s)))
+
+
+def do_int(value: t.Any, default: int = 0, base: int = 10) -> int:
+    """Convert the value into an integer. If the
+    conversion doesn't work it will return ``0``. You can
+    override this default using the first parameter. You
+    can also override the default base (10) in the second
+    parameter, which handles input with prefixes such as
+    0b, 0o and 0x for bases 2, 8 and 16 respectively.
+    The base is ignored for decimal numbers and non-string values.
+    """
+    try:
+        if isinstance(value, str):
+            return int(value, base)
+
+        return int(value)
+    except (TypeError, ValueError):
+        # this quirk is necessary so that "42.23"|int gives 42.
+        try:
+            return int(float(value))
+        except (TypeError, ValueError):
+            return default
+
+
+def do_float(value: t.Any, default: float = 0.0) -> float:
+    """Convert the value into a floating point number. If the
+    conversion doesn't work it will return ``0.0``. You can
+    override this default using the first parameter.
+    """
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def do_format(value: str, *args: t.Any, **kwargs: t.Any) -> str:
+    """Apply the given values to a `printf-style`_ format string, like
+    ``string % values``.
+
+    .. sourcecode:: jinja
+
+        {{ "%s, %s!"|format(greeting, name) }}
+        Hello, World!
+
+    In most cases it should be more convenient and efficient to use the
+    ``%`` operator or :meth:`str.format`.
+
+    .. code-block:: text
+
+        {{ "%s, %s!" % (greeting, name) }}
+        {{ "{}, {}!".format(greeting, name) }}
+
+    .. _printf-style: https://docs.python.org/library/stdtypes.html
+        #printf-style-string-formatting
+    """
+    if args and kwargs:
+        raise FilterArgumentError(
+            "can't handle positional and keyword arguments at the same time"
+        )
+
+    return soft_str(value) % (kwargs or args)
+
+
+def do_trim(value: str, chars: t.Optional[str] = None) -> str:
+    """Strip leading and trailing characters, by default whitespace."""
+    return soft_str(value).strip(chars)
+
+
+def do_striptags(value: "t.Union[str, HasHTML]") -> str:
+    """Strip SGML/XML tags and replace adjacent whitespace by one space."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return Markup(str(value)).striptags()
+
+
+def sync_do_slice(
+    value: "t.Collection[V]", slices: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """Slice an iterator and return a list of lists containing
+    those items. Useful if you want to create a div containing
+    three ul tags that represent columns:
+
+    .. sourcecode:: html+jinja
+
+        <div class="columnwrapper">
+          {%- for column in items|slice(3) %}
+            <ul class="column-{{ loop.index }}">
+            {%- for item in column %}
+              <li>{{ item }}</li>
+            {%- endfor %}
+            </ul>
+          {%- endfor %}
+        </div>
+
+    If you pass it a second argument it's used to fill missing
+    values on the last iteration.
+    """
+    seq = list(value)
+    length = len(seq)
+    items_per_slice = length // slices
+    slices_with_extra = length % slices
+    offset = 0
+
+    for slice_number in range(slices):
+        start = offset + slice_number * items_per_slice
+
+        if slice_number < slices_with_extra:
+            offset += 1
+
+        end = offset + (slice_number + 1) * items_per_slice
+        tmp = seq[start:end]
+
+        if fill_with is not None and slice_number >= slices_with_extra:
+            tmp.append(fill_with)
+
+        yield tmp
+
+
+@async_variant(sync_do_slice)  # type: ignore
+async def do_slice(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    slices: int,
+    fill_with: t.Optional[t.Any] = None,
+) -> "t.Iterator[t.List[V]]":
+    return sync_do_slice(await auto_to_list(value), slices, fill_with)
+
+
+def do_batch(
+    value: "t.Iterable[V]", linecount: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """
+    A filter that batches items. It works pretty much like `slice`
+    just the other way round. It returns a list of lists with the
+    given number of items. If you provide a second parameter this
+    is used to fill up missing items. See this example:
+
+    .. sourcecode:: html+jinja
+
+        <table>
+        {%- for row in items|batch(3, '&nbsp;') %}
+          <tr>
+          {%- for column in row %}
+            <td>{{ column }}</td>
+          {%- endfor %}
+          </tr>
+        {%- endfor %}
+        </table>
+    """
+    tmp: "t.List[V]" = []
+
+    for item in value:
+        if len(tmp) == linecount:
+            yield tmp
+            tmp = []
+
+        tmp.append(item)
+
+    if tmp:
+        if fill_with is not None and len(tmp) < linecount:
+            tmp += [fill_with] * (linecount - len(tmp))
+
+        yield tmp
+
+
+def do_round(
+    value: float,
+    precision: int = 0,
+    method: 'te.Literal["common", "ceil", "floor"]' = "common",
+) -> float:
+    """Round the number to a given precision. The first
+    parameter specifies the precision (default is ``0``), the
+    second the rounding method:
+
+    - ``'common'`` rounds either up or down
+    - ``'ceil'`` always rounds up
+    - ``'floor'`` always rounds down
+
+    If you don't specify a method ``'common'`` is used.
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round }}
+            -> 43.0
+        {{ 42.55|round(1, 'floor') }}
+            -> 42.5
+
+    Note that even if rounded to 0 precision, a float is returned.  If
+    you need a real integer, pipe it through `int`:
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round|int }}
+            -> 43
+    """
+    if method not in {"common", "ceil", "floor"}:
+        raise FilterArgumentError("method must be common, ceil or floor")
+
+    if method == "common":
+        return round(value, precision)
+
+    func = getattr(math, method)
+    return t.cast(float, func(value * (10**precision)) / (10**precision))
+
+
+class _GroupTuple(t.NamedTuple):
+    grouper: t.Any
+    list: t.List[t.Any]
+
+    # Use the regular tuple repr to hide this subclass if users print
+    # out the value during debugging.
+    def __repr__(self) -> str:
+        return tuple.__repr__(self)
+
+    def __str__(self) -> str:
+        return tuple.__str__(self)
+
+
+@pass_environment
+def sync_do_groupby(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    """Group a sequence of objects by an attribute using Python's
+    :func:`itertools.groupby`. The attribute can use dot notation for
+    nested access, like ``"address.city"``. Unlike Python's ``groupby``,
+    the values are sorted first so only one group is returned for each
+    unique value.
+
+    For example, a list of ``User`` objects with a ``city`` attribute
+    can be rendered in groups. In this example, ``grouper`` refers to
+    the ``city`` value of the group.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for city, items in users|groupby("city") %}
+          <li>{{ city }}
+            <ul>{% for user in items %}
+              <li>{{ user.name }}
+            {% endfor %}</ul>
+          </li>
+        {% endfor %}</ul>
+
+    ``groupby`` yields namedtuples of ``(grouper, list)``, which
+    can be used instead of the tuple unpacking above. ``grouper`` is the
+    value of the attribute, and ``list`` is the items with that value.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for group in users|groupby("city") %}
+          <li>{{ group.grouper }}: {{ group.list|join(", ") }}
+        {% endfor %}</ul>
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        <ul>{% for city, items in users|groupby("city", default="NY") %}
+          <li>{{ city }}: {{ items|map(attribute="name")|join(", ") }}</li>
+        {% endfor %}</ul>
+
+    Like the :func:`~jinja-filters.sort` filter, sorting and grouping is
+    case-insensitive by default. The ``key`` for each group will have
+    the case of the first item in that group of values. For example, if
+    a list of users has cities ``["CA", "NY", "ca"]``, the "CA" group
+    will have two values. This can be disabled by passing
+    ``case_sensitive=True``.
+
+    .. versionchanged:: 3.1
+        Added the ``case_sensitive`` parameter. Sorting and grouping is
+        case-insensitive by default, matching other filters that do
+        comparisons.
+
+    .. versionchanged:: 3.0
+        Added the ``default`` parameter.
+
+    .. versionchanged:: 2.6
+        The attribute supports dot notation for nested access.
+    """
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, list(values))
+        for key, values in groupby(sorted(value, key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@async_variant(sync_do_groupby)  # type: ignore
+async def do_groupby(
+    environment: "Environment",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, await auto_to_list(values))
+        for key, values in groupby(sorted(await auto_to_list(value), key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@pass_environment
+def sync_do_sum(
+    environment: "Environment",
+    iterable: "t.Iterable[V]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    """Returns the sum of a sequence of numbers plus the value of parameter
+    'start' (which defaults to 0).  When the sequence is empty it returns
+    start.
+
+    It is also possible to sum up only certain attributes:
+
+    .. sourcecode:: jinja
+
+        Total: {{ items|sum(attribute='price') }}
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added to allow summing up over
+       attributes.  Also the ``start`` parameter was moved on to the right.
+    """
+    if attribute is not None:
+        iterable = map(make_attrgetter(environment, attribute), iterable)
+
+    return sum(iterable, start)  # type: ignore[no-any-return, call-overload]
+
+
+@async_variant(sync_do_sum)  # type: ignore
+async def do_sum(
+    environment: "Environment",
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    rv = start
+
+    if attribute is not None:
+        func = make_attrgetter(environment, attribute)
+    else:
+
+        def func(x: V) -> V:
+            return x
+
+    async for item in auto_aiter(iterable):
+        rv += func(item)
+
+    return rv
+
+
+def sync_do_list(value: "t.Iterable[V]") -> "t.List[V]":
+    """Convert the value into a list.  If it was a string the returned list
+    will be a list of characters.
+    """
+    return list(value)
+
+
+@async_variant(sync_do_list)  # type: ignore
+async def do_list(value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]") -> "t.List[V]":
+    return await auto_to_list(value)
+
+
+def do_mark_safe(value: str) -> Markup:
+    """Mark the value as safe which means that in an environment with automatic
+    escaping enabled this variable will not be escaped.
+    """
+    return Markup(value)
+
+
+def do_mark_unsafe(value: str) -> str:
+    """Mark a value as unsafe.  This is the reverse operation for :func:`safe`."""
+    return str(value)
+
+
+@typing.overload
+def do_reverse(value: str) -> str: ...
+
+
+@typing.overload
+def do_reverse(value: "t.Iterable[V]") -> "t.Iterable[V]": ...
+
+
+def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]]:
+    """Reverse the object or return an iterator that iterates over it the other
+    way round.
+    """
+    if isinstance(value, str):
+        return value[::-1]
+
+    try:
+        return reversed(value)  # type: ignore
+    except TypeError:
+        try:
+            rv = list(value)
+            rv.reverse()
+            return rv
+        except TypeError as e:
+            raise FilterArgumentError("argument must be iterable") from e
+
+
+@pass_environment
+def do_attr(
+    environment: "Environment", obj: t.Any, name: str
+) -> t.Union[Undefined, t.Any]:
+    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+    ``foo.bar`` just that always an attribute is returned and items are not
+    looked up.
+
+    See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+    """
+    try:
+        name = str(name)
+    except UnicodeError:
+        pass
+    else:
+        try:
+            value = getattr(obj, name)
+        except AttributeError:
+            pass
+        else:
+            if environment.sandboxed:
+                environment = t.cast("SandboxedEnvironment", environment)
+
+                if not environment.is_safe_attribute(obj, name, value):
+                    return environment.unsafe_undefined(obj, name)
+
+            return value
+
+    return environment.undefined(obj=obj, name=name)
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@pass_context
+def sync_do_map(
+    context: "Context", value: t.Iterable[t.Any], *args: t.Any, **kwargs: t.Any
+) -> t.Iterable[t.Any]:
+    """Applies a filter on a sequence of objects or looks up an attribute.
+    This is useful when dealing with lists of objects but you are really
+    only interested in a certain value of it.
+
+    The basic usage is mapping on an attribute.  Imagine you have a list
+    of users but you are only interested in a list of usernames:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ users|map(attribute='username')|join(', ') }}
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        {{ users|map(attribute="username", default="Anonymous")|join(", ") }}
+
+    Alternatively you can let it invoke a filter by passing the name of the
+    filter and the arguments afterwards.  A good example would be applying a
+    text conversion filter on a sequence:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ titles|map('lower')|join(', ') }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u.username for u in users)
+        (getattr(u, "username", "Anonymous") for u in users)
+        (do_lower(x) for x in titles)
+
+    .. versionchanged:: 2.11.0
+        Added the ``default`` parameter.
+
+    .. versionadded:: 2.7
+    """
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        for item in value:
+            yield func(item)
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@async_variant(sync_do_map)  # type: ignore
+async def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.AsyncIterable[t.Any]:
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        async for item in auto_aiter(value):
+            yield await auto_await(func(item))
+
+
+@pass_context
+def sync_do_select(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and only selecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|select("odd") }}
+        {{ numbers|select("odd") }}
+        {{ numbers|select("divisibleby", 3) }}
+        {{ numbers|select("lessthan", 42) }}
+        {{ strings|select("equalto", "mystring") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if test_odd(n))
+        (n for n in numbers if test_divisibleby(n, 3))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@async_variant(sync_do_select)  # type: ignore
+async def do_select(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@pass_context
+def sync_do_reject(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and rejecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|reject("odd") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if not test_odd(n))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@async_variant(sync_do_reject)  # type: ignore
+async def do_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@pass_context
+def sync_do_selectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and only selecting the objects with the
+    test succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ users|selectattr("is_active") }}
+        {{ users|selectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if user.is_active)
+        (u for user in users if test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@async_variant(sync_do_selectattr)  # type: ignore
+async def do_selectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@pass_context
+def sync_do_rejectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and rejecting the objects with the test
+    succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    .. sourcecode:: jinja
+
+        {{ users|rejectattr("is_active") }}
+        {{ users|rejectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if not user.is_active)
+        (u for user in users if not test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@async_variant(sync_do_rejectattr)  # type: ignore
+async def do_rejectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@pass_eval_context
+def do_tojson(
+    eval_ctx: "EvalContext", value: t.Any, indent: t.Optional[int] = None
+) -> Markup:
+    """Serialize an object to a string of JSON, and mark it safe to
+    render in HTML. This filter is only for use in HTML documents.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param value: The object to serialize to JSON.
+    :param indent: The ``indent`` parameter passed to ``dumps``, for
+        pretty-printing the value.
+
+    .. versionadded:: 2.9
+    """
+    policies = eval_ctx.environment.policies
+    dumps = policies["json.dumps_function"]
+    kwargs = policies["json.dumps_kwargs"]
+
+    if indent is not None:
+        kwargs = kwargs.copy()
+        kwargs["indent"] = indent
+
+    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
+
+
+def prepare_map(
+    context: "Context", args: t.Tuple[t.Any, ...], kwargs: t.Dict[str, t.Any]
+) -> t.Callable[[t.Any], t.Any]:
+    if not args and "attribute" in kwargs:
+        attribute = kwargs.pop("attribute")
+        default = kwargs.pop("default", None)
+
+        if kwargs:
+            raise FilterArgumentError(
+                f"Unexpected keyword argument {next(iter(kwargs))!r}"
+            )
+
+        func = make_attrgetter(context.environment, attribute, default=default)
+    else:
+        try:
+            name = args[0]
+            args = args[1:]
+        except LookupError:
+            raise FilterArgumentError("map requires a filter argument") from None
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_filter(
+                name, item, args, kwargs, context=context
+            )
+
+    return func
+
+
+def prepare_select_or_reject(
+    context: "Context",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> t.Callable[[t.Any], t.Any]:
+    if lookup_attr:
+        try:
+            attr = args[0]
+        except LookupError:
+            raise FilterArgumentError("Missing parameter for attribute name") from None
+
+        transfunc = make_attrgetter(context.environment, attr)
+        off = 1
+    else:
+        off = 0
+
+        def transfunc(x: V) -> V:
+            return x
+
+    try:
+        name = args[off]
+        args = args[1 + off :]
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_test(name, item, args, kwargs)
+
+    except LookupError:
+        func = bool  # type: ignore
+
+    return lambda item: modfunc(func(transfunc(item)))
+
+
+def select_or_reject(
+    context: "Context",
+    value: "t.Iterable[V]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.Iterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        for item in value:
+            if func(item):
+                yield item
+
+
+async def async_select_or_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.AsyncIterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        async for item in auto_aiter(value):
+            if func(item):
+                yield item
+
+
+FILTERS = {
+    "abs": abs,
+    "attr": do_attr,
+    "batch": do_batch,
+    "capitalize": do_capitalize,
+    "center": do_center,
+    "count": len,
+    "d": do_default,
+    "default": do_default,
+    "dictsort": do_dictsort,
+    "e": escape,
+    "escape": escape,
+    "filesizeformat": do_filesizeformat,
+    "first": do_first,
+    "float": do_float,
+    "forceescape": do_forceescape,
+    "format": do_format,
+    "groupby": do_groupby,
+    "indent": do_indent,
+    "int": do_int,
+    "join": do_join,
+    "last": do_last,
+    "length": len,
+    "list": do_list,
+    "lower": do_lower,
+    "items": do_items,
+    "map": do_map,
+    "min": do_min,
+    "max": do_max,
+    "pprint": do_pprint,
+    "random": do_random,
+    "reject": do_reject,
+    "rejectattr": do_rejectattr,
+    "replace": do_replace,
+    "reverse": do_reverse,
+    "round": do_round,
+    "safe": do_mark_safe,
+    "select": do_select,
+    "selectattr": do_selectattr,
+    "slice": do_slice,
+    "sort": do_sort,
+    "string": soft_str,
+    "striptags": do_striptags,
+    "sum": do_sum,
+    "title": do_title,
+    "trim": do_trim,
+    "truncate": do_truncate,
+    "unique": do_unique,
+    "upper": do_upper,
+    "urlencode": do_urlencode,
+    "urlize": do_urlize,
+    "wordcount": do_wordcount,
+    "wordwrap": do_wordwrap,
+    "xmlattr": do_xmlattr,
+    "tojson": do_tojson,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/idtracking.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/idtracking.py
new file mode 100644
index 000000000..995ebaa0c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/idtracking.py
@@ -0,0 +1,318 @@
+import typing as t
+
+from . import nodes
+from .visitor import NodeVisitor
+
+VAR_LOAD_PARAMETER = "param"
+VAR_LOAD_RESOLVE = "resolve"
+VAR_LOAD_ALIAS = "alias"
+VAR_LOAD_UNDEFINED = "undefined"
+
+
+def find_symbols(
+    nodes: t.Iterable[nodes.Node], parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    visitor = FrameSymbolVisitor(sym)
+    for node in nodes:
+        visitor.visit(node)
+    return sym
+
+
+def symbols_for_node(
+    node: nodes.Node, parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    sym.analyze_node(node)
+    return sym
+
+
+class Symbols:
+    def __init__(
+        self, parent: t.Optional["Symbols"] = None, level: t.Optional[int] = None
+    ) -> None:
+        if level is None:
+            if parent is None:
+                level = 0
+            else:
+                level = parent.level + 1
+
+        self.level: int = level
+        self.parent = parent
+        self.refs: t.Dict[str, str] = {}
+        self.loads: t.Dict[str, t.Any] = {}
+        self.stores: t.Set[str] = set()
+
+    def analyze_node(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        visitor = RootVisitor(self)
+        visitor.visit(node, **kwargs)
+
+    def _define_ref(
+        self, name: str, load: t.Optional[t.Tuple[str, t.Optional[str]]] = None
+    ) -> str:
+        ident = f"l_{self.level}_{name}"
+        self.refs[name] = ident
+        if load is not None:
+            self.loads[ident] = load
+        return ident
+
+    def find_load(self, target: str) -> t.Optional[t.Any]:
+        if target in self.loads:
+            return self.loads[target]
+
+        if self.parent is not None:
+            return self.parent.find_load(target)
+
+        return None
+
+    def find_ref(self, name: str) -> t.Optional[str]:
+        if name in self.refs:
+            return self.refs[name]
+
+        if self.parent is not None:
+            return self.parent.find_ref(name)
+
+        return None
+
+    def ref(self, name: str) -> str:
+        rv = self.find_ref(name)
+        if rv is None:
+            raise AssertionError(
+                "Tried to resolve a name to a reference that was"
+                f" unknown to the frame ({name!r})"
+            )
+        return rv
+
+    def copy(self) -> "Symbols":
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.refs = self.refs.copy()
+        rv.loads = self.loads.copy()
+        rv.stores = self.stores.copy()
+        return rv
+
+    def store(self, name: str) -> None:
+        self.stores.add(name)
+
+        # If we have not see the name referenced yet, we need to figure
+        # out what to set it to.
+        if name not in self.refs:
+            # If there is a parent scope we check if the name has a
+            # reference there.  If it does it means we might have to alias
+            # to a variable there.
+            if self.parent is not None:
+                outer_ref = self.parent.find_ref(name)
+                if outer_ref is not None:
+                    self._define_ref(name, load=(VAR_LOAD_ALIAS, outer_ref))
+                    return
+
+            # Otherwise we can just set it to undefined.
+            self._define_ref(name, load=(VAR_LOAD_UNDEFINED, None))
+
+    def declare_parameter(self, name: str) -> str:
+        self.stores.add(name)
+        return self._define_ref(name, load=(VAR_LOAD_PARAMETER, None))
+
+    def load(self, name: str) -> None:
+        if self.find_ref(name) is None:
+            self._define_ref(name, load=(VAR_LOAD_RESOLVE, name))
+
+    def branch_update(self, branch_symbols: t.Sequence["Symbols"]) -> None:
+        stores: t.Dict[str, int] = {}
+        for branch in branch_symbols:
+            for target in branch.stores:
+                if target in self.stores:
+                    continue
+                stores[target] = stores.get(target, 0) + 1
+
+        for sym in branch_symbols:
+            self.refs.update(sym.refs)
+            self.loads.update(sym.loads)
+            self.stores.update(sym.stores)
+
+        for name, branch_count in stores.items():
+            if branch_count == len(branch_symbols):
+                continue
+
+            target = self.find_ref(name)  # type: ignore
+            assert target is not None, "should not happen"
+
+            if self.parent is not None:
+                outer_target = self.parent.find_ref(name)
+                if outer_target is not None:
+                    self.loads[target] = (VAR_LOAD_ALIAS, outer_target)
+                    continue
+            self.loads[target] = (VAR_LOAD_RESOLVE, name)
+
+    def dump_stores(self) -> t.Dict[str, str]:
+        rv: t.Dict[str, str] = {}
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for name in sorted(node.stores):
+                if name not in rv:
+                    rv[name] = self.find_ref(name)  # type: ignore
+
+            node = node.parent
+
+        return rv
+
+    def dump_param_targets(self) -> t.Set[str]:
+        rv = set()
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for target, (instr, _) in self.loads.items():
+                if instr == VAR_LOAD_PARAMETER:
+                    rv.add(target)
+
+            node = node.parent
+
+        return rv
+
+
+class RootVisitor(NodeVisitor):
+    def __init__(self, symbols: "Symbols") -> None:
+        self.sym_visitor = FrameSymbolVisitor(symbols)
+
+    def _simple_visit(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes():
+            self.sym_visitor.visit(child)
+
+    visit_Template = _simple_visit
+    visit_Block = _simple_visit
+    visit_Macro = _simple_visit
+    visit_FilterBlock = _simple_visit
+    visit_Scope = _simple_visit
+    visit_If = _simple_visit
+    visit_ScopedEvalContextModifier = _simple_visit
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes(exclude=("call",)):
+            self.sym_visitor.visit(child)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_For(
+        self, node: nodes.For, for_branch: str = "body", **kwargs: t.Any
+    ) -> None:
+        if for_branch == "body":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            branch = node.body
+        elif for_branch == "else":
+            branch = node.else_
+        elif for_branch == "test":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            if node.test is not None:
+                self.sym_visitor.visit(node.test)
+            return
+        else:
+            raise RuntimeError("Unknown for branch")
+
+        if branch:
+            for item in branch:
+                self.sym_visitor.visit(item)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.targets:
+            self.sym_visitor.visit(target)
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def generic_visit(self, node: nodes.Node, *args: t.Any, **kwargs: t.Any) -> None:
+        raise NotImplementedError(f"Cannot find symbols for {type(node).__name__!r}")
+
+
+class FrameSymbolVisitor(NodeVisitor):
+    """A visitor for `Frame.inspect`."""
+
+    def __init__(self, symbols: "Symbols") -> None:
+        self.symbols = symbols
+
+    def visit_Name(
+        self, node: nodes.Name, store_as_param: bool = False, **kwargs: t.Any
+    ) -> None:
+        """All assignments to names go through this function."""
+        if store_as_param or node.ctx == "param":
+            self.symbols.declare_parameter(node.name)
+        elif node.ctx == "store":
+            self.symbols.store(node.name)
+        elif node.ctx == "load":
+            self.symbols.load(node.name)
+
+    def visit_NSRef(self, node: nodes.NSRef, **kwargs: t.Any) -> None:
+        self.symbols.load(node.name)
+
+    def visit_If(self, node: nodes.If, **kwargs: t.Any) -> None:
+        self.visit(node.test, **kwargs)
+        original_symbols = self.symbols
+
+        def inner_visit(nodes: t.Iterable[nodes.Node]) -> "Symbols":
+            self.symbols = rv = original_symbols.copy()
+
+            for subnode in nodes:
+                self.visit(subnode, **kwargs)
+
+            self.symbols = original_symbols
+            return rv
+
+        body_symbols = inner_visit(node.body)
+        elif_symbols = inner_visit(node.elif_)
+        else_symbols = inner_visit(node.else_ or ())
+        self.symbols.branch_update([body_symbols, elif_symbols, else_symbols])
+
+    def visit_Macro(self, node: nodes.Macro, **kwargs: t.Any) -> None:
+        self.symbols.store(node.name)
+
+    def visit_Import(self, node: nodes.Import, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+        self.symbols.store(node.target)
+
+    def visit_FromImport(self, node: nodes.FromImport, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+
+        for name in node.names:
+            if isinstance(name, tuple):
+                self.symbols.store(name[1])
+            else:
+                self.symbols.store(name)
+
+    def visit_Assign(self, node: nodes.Assign, **kwargs: t.Any) -> None:
+        """Visit assignments in the correct order."""
+        self.visit(node.node, **kwargs)
+        self.visit(node.target, **kwargs)
+
+    def visit_For(self, node: nodes.For, **kwargs: t.Any) -> None:
+        """Visiting stops at for blocks.  However the block sequence
+        is visited as part of the outer scope.
+        """
+        self.visit(node.iter, **kwargs)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        self.visit(node.call, **kwargs)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, **kwargs: t.Any) -> None:
+        self.visit(node.filter, **kwargs)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.values:
+            self.visit(target)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        """Stop visiting at block assigns."""
+        self.visit(node.target, **kwargs)
+
+    def visit_Scope(self, node: nodes.Scope, **kwargs: t.Any) -> None:
+        """Stop visiting at scopes."""
+
+    def visit_Block(self, node: nodes.Block, **kwargs: t.Any) -> None:
+        """Stop visiting at blocks."""
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        """Do not visit into overlay scopes."""
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/lexer.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/lexer.py
new file mode 100644
index 000000000..62b0471a3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/lexer.py
@@ -0,0 +1,868 @@
+"""Implements a Jinja / Python combination lexer. The ``Lexer`` class
+is used to do some preprocessing. It filters out invalid operators like
+the bitshift operators we don't allow in templates. It separates
+template code and python code in expressions.
+"""
+
+import re
+import typing as t
+from ast import literal_eval
+from collections import deque
+from sys import intern
+
+from ._identifier import pattern as name_re
+from .exceptions import TemplateSyntaxError
+from .utils import LRUCache
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+# cache for the lexers. Exists in order to be able to have multiple
+# environments with the same lexer
+_lexer_cache: t.MutableMapping[t.Tuple, "Lexer"] = LRUCache(50)  # type: ignore
+
+# static regular expressions
+whitespace_re = re.compile(r"\s+")
+newline_re = re.compile(r"(\r\n|\r|\n)")
+string_re = re.compile(
+    r"('([^'\\]*(?:\\.[^'\\]*)*)'" r'|"([^"\\]*(?:\\.[^"\\]*)*)")', re.S
+)
+integer_re = re.compile(
+    r"""
+    (
+        0b(_?[0-1])+ # binary
+    |
+        0o(_?[0-7])+ # octal
+    |
+        0x(_?[\da-f])+ # hex
+    |
+        [1-9](_?\d)* # decimal
+    |
+        0(_?0)* # decimal zero
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+float_re = re.compile(
+    r"""
+    (?<!\.)  # doesn't start with a .
+    (\d+_)*\d+  # digits, possibly _ separated
+    (
+        (\.(\d+_)*\d+)?  # optional fractional part
+        e[+\-]?(\d+_)*\d+  # exponent part
+    |
+        \.(\d+_)*\d+  # required fractional part
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+
+# internal the tokens and keep references to them
+TOKEN_ADD = intern("add")
+TOKEN_ASSIGN = intern("assign")
+TOKEN_COLON = intern("colon")
+TOKEN_COMMA = intern("comma")
+TOKEN_DIV = intern("div")
+TOKEN_DOT = intern("dot")
+TOKEN_EQ = intern("eq")
+TOKEN_FLOORDIV = intern("floordiv")
+TOKEN_GT = intern("gt")
+TOKEN_GTEQ = intern("gteq")
+TOKEN_LBRACE = intern("lbrace")
+TOKEN_LBRACKET = intern("lbracket")
+TOKEN_LPAREN = intern("lparen")
+TOKEN_LT = intern("lt")
+TOKEN_LTEQ = intern("lteq")
+TOKEN_MOD = intern("mod")
+TOKEN_MUL = intern("mul")
+TOKEN_NE = intern("ne")
+TOKEN_PIPE = intern("pipe")
+TOKEN_POW = intern("pow")
+TOKEN_RBRACE = intern("rbrace")
+TOKEN_RBRACKET = intern("rbracket")
+TOKEN_RPAREN = intern("rparen")
+TOKEN_SEMICOLON = intern("semicolon")
+TOKEN_SUB = intern("sub")
+TOKEN_TILDE = intern("tilde")
+TOKEN_WHITESPACE = intern("whitespace")
+TOKEN_FLOAT = intern("float")
+TOKEN_INTEGER = intern("integer")
+TOKEN_NAME = intern("name")
+TOKEN_STRING = intern("string")
+TOKEN_OPERATOR = intern("operator")
+TOKEN_BLOCK_BEGIN = intern("block_begin")
+TOKEN_BLOCK_END = intern("block_end")
+TOKEN_VARIABLE_BEGIN = intern("variable_begin")
+TOKEN_VARIABLE_END = intern("variable_end")
+TOKEN_RAW_BEGIN = intern("raw_begin")
+TOKEN_RAW_END = intern("raw_end")
+TOKEN_COMMENT_BEGIN = intern("comment_begin")
+TOKEN_COMMENT_END = intern("comment_end")
+TOKEN_COMMENT = intern("comment")
+TOKEN_LINESTATEMENT_BEGIN = intern("linestatement_begin")
+TOKEN_LINESTATEMENT_END = intern("linestatement_end")
+TOKEN_LINECOMMENT_BEGIN = intern("linecomment_begin")
+TOKEN_LINECOMMENT_END = intern("linecomment_end")
+TOKEN_LINECOMMENT = intern("linecomment")
+TOKEN_DATA = intern("data")
+TOKEN_INITIAL = intern("initial")
+TOKEN_EOF = intern("eof")
+
+# bind operators to token types
+operators = {
+    "+": TOKEN_ADD,
+    "-": TOKEN_SUB,
+    "/": TOKEN_DIV,
+    "//": TOKEN_FLOORDIV,
+    "*": TOKEN_MUL,
+    "%": TOKEN_MOD,
+    "**": TOKEN_POW,
+    "~": TOKEN_TILDE,
+    "[": TOKEN_LBRACKET,
+    "]": TOKEN_RBRACKET,
+    "(": TOKEN_LPAREN,
+    ")": TOKEN_RPAREN,
+    "{": TOKEN_LBRACE,
+    "}": TOKEN_RBRACE,
+    "==": TOKEN_EQ,
+    "!=": TOKEN_NE,
+    ">": TOKEN_GT,
+    ">=": TOKEN_GTEQ,
+    "<": TOKEN_LT,
+    "<=": TOKEN_LTEQ,
+    "=": TOKEN_ASSIGN,
+    ".": TOKEN_DOT,
+    ":": TOKEN_COLON,
+    "|": TOKEN_PIPE,
+    ",": TOKEN_COMMA,
+    ";": TOKEN_SEMICOLON,
+}
+
+reverse_operators = {v: k for k, v in operators.items()}
+assert len(operators) == len(reverse_operators), "operators dropped"
+operator_re = re.compile(
+    f"({'|'.join(re.escape(x) for x in sorted(operators, key=lambda x: -len(x)))})"
+)
+
+ignored_tokens = frozenset(
+    [
+        TOKEN_COMMENT_BEGIN,
+        TOKEN_COMMENT,
+        TOKEN_COMMENT_END,
+        TOKEN_WHITESPACE,
+        TOKEN_LINECOMMENT_BEGIN,
+        TOKEN_LINECOMMENT_END,
+        TOKEN_LINECOMMENT,
+    ]
+)
+ignore_if_empty = frozenset(
+    [TOKEN_WHITESPACE, TOKEN_DATA, TOKEN_COMMENT, TOKEN_LINECOMMENT]
+)
+
+
+def _describe_token_type(token_type: str) -> str:
+    if token_type in reverse_operators:
+        return reverse_operators[token_type]
+
+    return {
+        TOKEN_COMMENT_BEGIN: "begin of comment",
+        TOKEN_COMMENT_END: "end of comment",
+        TOKEN_COMMENT: "comment",
+        TOKEN_LINECOMMENT: "comment",
+        TOKEN_BLOCK_BEGIN: "begin of statement block",
+        TOKEN_BLOCK_END: "end of statement block",
+        TOKEN_VARIABLE_BEGIN: "begin of print statement",
+        TOKEN_VARIABLE_END: "end of print statement",
+        TOKEN_LINESTATEMENT_BEGIN: "begin of line statement",
+        TOKEN_LINESTATEMENT_END: "end of line statement",
+        TOKEN_DATA: "template data / text",
+        TOKEN_EOF: "end of template",
+    }.get(token_type, token_type)
+
+
+def describe_token(token: "Token") -> str:
+    """Returns a description of the token."""
+    if token.type == TOKEN_NAME:
+        return token.value
+
+    return _describe_token_type(token.type)
+
+
+def describe_token_expr(expr: str) -> str:
+    """Like `describe_token` but for token expressions."""
+    if ":" in expr:
+        type, value = expr.split(":", 1)
+
+        if type == TOKEN_NAME:
+            return value
+    else:
+        type = expr
+
+    return _describe_token_type(type)
+
+
+def count_newlines(value: str) -> int:
+    """Count the number of newline characters in the string.  This is
+    useful for extensions that filter a stream.
+    """
+    return len(newline_re.findall(value))
+
+
+def compile_rules(environment: "Environment") -> t.List[t.Tuple[str, str]]:
+    """Compiles all the rules from the environment into a list of rules."""
+    e = re.escape
+    rules = [
+        (
+            len(environment.comment_start_string),
+            TOKEN_COMMENT_BEGIN,
+            e(environment.comment_start_string),
+        ),
+        (
+            len(environment.block_start_string),
+            TOKEN_BLOCK_BEGIN,
+            e(environment.block_start_string),
+        ),
+        (
+            len(environment.variable_start_string),
+            TOKEN_VARIABLE_BEGIN,
+            e(environment.variable_start_string),
+        ),
+    ]
+
+    if environment.line_statement_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_statement_prefix),
+                TOKEN_LINESTATEMENT_BEGIN,
+                r"^[ \t\v]*" + e(environment.line_statement_prefix),
+            )
+        )
+    if environment.line_comment_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_comment_prefix),
+                TOKEN_LINECOMMENT_BEGIN,
+                r"(?:^|(?<=\S))[^\S\r\n]*" + e(environment.line_comment_prefix),
+            )
+        )
+
+    return [x[1:] for x in sorted(rules, reverse=True)]
+
+
+class Failure:
+    """Class that raises a `TemplateSyntaxError` if called.
+    Used by the `Lexer` to specify known errors.
+    """
+
+    def __init__(
+        self, message: str, cls: t.Type[TemplateSyntaxError] = TemplateSyntaxError
+    ) -> None:
+        self.message = message
+        self.error_class = cls
+
+    def __call__(self, lineno: int, filename: str) -> "te.NoReturn":
+        raise self.error_class(self.message, lineno, filename)
+
+
+class Token(t.NamedTuple):
+    lineno: int
+    type: str
+    value: str
+
+    def __str__(self) -> str:
+        return describe_token(self)
+
+    def test(self, expr: str) -> bool:
+        """Test a token against a token expression.  This can either be a
+        token type or ``'token_type:token_value'``.  This can only test
+        against string values and types.
+        """
+        # here we do a regular string equality check as test_any is usually
+        # passed an iterable of not interned strings.
+        if self.type == expr:
+            return True
+
+        if ":" in expr:
+            return expr.split(":", 1) == [self.type, self.value]
+
+        return False
+
+    def test_any(self, *iterable: str) -> bool:
+        """Test against multiple token expressions."""
+        return any(self.test(expr) for expr in iterable)
+
+
+class TokenStreamIterator:
+    """The iterator for tokenstreams.  Iterate over the stream
+    until the eof token is reached.
+    """
+
+    def __init__(self, stream: "TokenStream") -> None:
+        self.stream = stream
+
+    def __iter__(self) -> "TokenStreamIterator":
+        return self
+
+    def __next__(self) -> Token:
+        token = self.stream.current
+
+        if token.type is TOKEN_EOF:
+            self.stream.close()
+            raise StopIteration
+
+        next(self.stream)
+        return token
+
+
+class TokenStream:
+    """A token stream is an iterable that yields :class:`Token`\\s.  The
+    parser however does not iterate over it but calls :meth:`next` to go
+    one token ahead.  The current active token is stored as :attr:`current`.
+    """
+
+    def __init__(
+        self,
+        generator: t.Iterable[Token],
+        name: t.Optional[str],
+        filename: t.Optional[str],
+    ):
+        self._iter = iter(generator)
+        self._pushed: "te.Deque[Token]" = deque()
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.current = Token(1, TOKEN_INITIAL, "")
+        next(self)
+
+    def __iter__(self) -> TokenStreamIterator:
+        return TokenStreamIterator(self)
+
+    def __bool__(self) -> bool:
+        return bool(self._pushed) or self.current.type is not TOKEN_EOF
+
+    @property
+    def eos(self) -> bool:
+        """Are we at the end of the stream?"""
+        return not self
+
+    def push(self, token: Token) -> None:
+        """Push a token back to the stream."""
+        self._pushed.append(token)
+
+    def look(self) -> Token:
+        """Look at the next token."""
+        old_token = next(self)
+        result = self.current
+        self.push(result)
+        self.current = old_token
+        return result
+
+    def skip(self, n: int = 1) -> None:
+        """Got n tokens ahead."""
+        for _ in range(n):
+            next(self)
+
+    def next_if(self, expr: str) -> t.Optional[Token]:
+        """Perform the token test and return the token if it matched.
+        Otherwise the return value is `None`.
+        """
+        if self.current.test(expr):
+            return next(self)
+
+        return None
+
+    def skip_if(self, expr: str) -> bool:
+        """Like :meth:`next_if` but only returns `True` or `False`."""
+        return self.next_if(expr) is not None
+
+    def __next__(self) -> Token:
+        """Go one token ahead and return the old one.
+
+        Use the built-in :func:`next` instead of calling this directly.
+        """
+        rv = self.current
+
+        if self._pushed:
+            self.current = self._pushed.popleft()
+        elif self.current.type is not TOKEN_EOF:
+            try:
+                self.current = next(self._iter)
+            except StopIteration:
+                self.close()
+
+        return rv
+
+    def close(self) -> None:
+        """Close the stream."""
+        self.current = Token(self.current.lineno, TOKEN_EOF, "")
+        self._iter = iter(())
+        self.closed = True
+
+    def expect(self, expr: str) -> Token:
+        """Expect a given token type and return it.  This accepts the same
+        argument as :meth:`jinja2.lexer.Token.test`.
+        """
+        if not self.current.test(expr):
+            expr = describe_token_expr(expr)
+
+            if self.current.type is TOKEN_EOF:
+                raise TemplateSyntaxError(
+                    f"unexpected end of template, expected {expr!r}.",
+                    self.current.lineno,
+                    self.name,
+                    self.filename,
+                )
+
+            raise TemplateSyntaxError(
+                f"expected token {expr!r}, got {describe_token(self.current)!r}",
+                self.current.lineno,
+                self.name,
+                self.filename,
+            )
+
+        return next(self)
+
+
+def get_lexer(environment: "Environment") -> "Lexer":
+    """Return a lexer which is probably cached."""
+    key = (
+        environment.block_start_string,
+        environment.block_end_string,
+        environment.variable_start_string,
+        environment.variable_end_string,
+        environment.comment_start_string,
+        environment.comment_end_string,
+        environment.line_statement_prefix,
+        environment.line_comment_prefix,
+        environment.trim_blocks,
+        environment.lstrip_blocks,
+        environment.newline_sequence,
+        environment.keep_trailing_newline,
+    )
+    lexer = _lexer_cache.get(key)
+
+    if lexer is None:
+        _lexer_cache[key] = lexer = Lexer(environment)
+
+    return lexer
+
+
+class OptionalLStrip(tuple):  # type: ignore[type-arg]
+    """A special tuple for marking a point in the state that can have
+    lstrip applied.
+    """
+
+    __slots__ = ()
+
+    # Even though it looks like a no-op, creating instances fails
+    # without this.
+    def __new__(cls, *members, **kwargs):  # type: ignore
+        return super().__new__(cls, members)
+
+
+class _Rule(t.NamedTuple):
+    pattern: t.Pattern[str]
+    tokens: t.Union[str, t.Tuple[str, ...], t.Tuple[Failure]]
+    command: t.Optional[str]
+
+
+class Lexer:
+    """Class that implements a lexer for a given environment. Automatically
+    created by the environment class, usually you don't have to do that.
+
+    Note that the lexer is not automatically bound to an environment.
+    Multiple environments can share the same lexer.
+    """
+
+    def __init__(self, environment: "Environment") -> None:
+        # shortcuts
+        e = re.escape
+
+        def c(x: str) -> t.Pattern[str]:
+            return re.compile(x, re.M | re.S)
+
+        # lexing rules for tags
+        tag_rules: t.List[_Rule] = [
+            _Rule(whitespace_re, TOKEN_WHITESPACE, None),
+            _Rule(float_re, TOKEN_FLOAT, None),
+            _Rule(integer_re, TOKEN_INTEGER, None),
+            _Rule(name_re, TOKEN_NAME, None),
+            _Rule(string_re, TOKEN_STRING, None),
+            _Rule(operator_re, TOKEN_OPERATOR, None),
+        ]
+
+        # assemble the root lexing rule. because "|" is ungreedy
+        # we have to sort by length so that the lexer continues working
+        # as expected when we have parsing rules like <% for block and
+        # <%= for variables. (if someone wants asp like syntax)
+        # variables are just part of the rules if variable processing
+        # is required.
+        root_tag_rules = compile_rules(environment)
+
+        block_start_re = e(environment.block_start_string)
+        block_end_re = e(environment.block_end_string)
+        comment_end_re = e(environment.comment_end_string)
+        variable_end_re = e(environment.variable_end_string)
+
+        # block suffix if trimming is enabled
+        block_suffix_re = "\\n?" if environment.trim_blocks else ""
+
+        self.lstrip_blocks = environment.lstrip_blocks
+
+        self.newline_sequence = environment.newline_sequence
+        self.keep_trailing_newline = environment.keep_trailing_newline
+
+        root_raw_re = (
+            rf"(?P<raw_begin>{block_start_re}(\-|\+|)\s*raw\s*"
+            rf"(?:\-{block_end_re}\s*|{block_end_re}))"
+        )
+        root_parts_re = "|".join(
+            [root_raw_re] + [rf"(?P<{n}>{r}(\-|\+|))" for n, r in root_tag_rules]
+        )
+
+        # global lexing rules
+        self.rules: t.Dict[str, t.List[_Rule]] = {
+            "root": [
+                # directives
+                _Rule(
+                    c(rf"(.*?)(?:{root_parts_re})"),
+                    OptionalLStrip(TOKEN_DATA, "#bygroup"),  # type: ignore
+                    "#bygroup",
+                ),
+                # data
+                _Rule(c(".+"), TOKEN_DATA, None),
+            ],
+            # comments
+            TOKEN_COMMENT_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:\+{comment_end_re}|\-{comment_end_re}\s*"
+                        rf"|{comment_end_re}{block_suffix_re}))"
+                    ),
+                    (TOKEN_COMMENT, TOKEN_COMMENT_END),
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of comment tag"),), None),
+            ],
+            # blocks
+            TOKEN_BLOCK_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re})"
+                    ),
+                    TOKEN_BLOCK_END,
+                    "#pop",
+                ),
+            ]
+            + tag_rules,
+            # variables
+            TOKEN_VARIABLE_BEGIN: [
+                _Rule(
+                    c(rf"\-{variable_end_re}\s*|{variable_end_re}"),
+                    TOKEN_VARIABLE_END,
+                    "#pop",
+                )
+            ]
+            + tag_rules,
+            # raw block
+            TOKEN_RAW_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:{block_start_re}(\-|\+|))\s*endraw\s*"
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re}))"
+                    ),
+                    OptionalLStrip(TOKEN_DATA, TOKEN_RAW_END),  # type: ignore
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of raw directive"),), None),
+            ],
+            # line statements
+            TOKEN_LINESTATEMENT_BEGIN: [
+                _Rule(c(r"\s*(\n|$)"), TOKEN_LINESTATEMENT_END, "#pop")
+            ]
+            + tag_rules,
+            # line comments
+            TOKEN_LINECOMMENT_BEGIN: [
+                _Rule(
+                    c(r"(.*?)()(?=\n|$)"),
+                    (TOKEN_LINECOMMENT, TOKEN_LINECOMMENT_END),
+                    "#pop",
+                )
+            ],
+        }
+
+    def _normalize_newlines(self, value: str) -> str:
+        """Replace all newlines with the configured sequence in strings
+        and template data.
+        """
+        return newline_re.sub(self.newline_sequence, value)
+
+    def tokenize(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Calls tokeniter + tokenize and wraps it in a token stream."""
+        stream = self.tokeniter(source, name, filename, state)
+        return TokenStream(self.wrap(stream, name, filename), name, filename)
+
+    def wrap(
+        self,
+        stream: t.Iterable[t.Tuple[int, str, str]],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[Token]:
+        """This is called with the stream as returned by `tokenize` and wraps
+        every token in a :class:`Token` and converts the value.
+        """
+        for lineno, token, value_str in stream:
+            if token in ignored_tokens:
+                continue
+
+            value: t.Any = value_str
+
+            if token == TOKEN_LINESTATEMENT_BEGIN:
+                token = TOKEN_BLOCK_BEGIN
+            elif token == TOKEN_LINESTATEMENT_END:
+                token = TOKEN_BLOCK_END
+            # we are not interested in those tokens in the parser
+            elif token in (TOKEN_RAW_BEGIN, TOKEN_RAW_END):
+                continue
+            elif token == TOKEN_DATA:
+                value = self._normalize_newlines(value_str)
+            elif token == "keyword":
+                token = value_str
+            elif token == TOKEN_NAME:
+                value = value_str
+
+                if not value.isidentifier():
+                    raise TemplateSyntaxError(
+                        "Invalid character in identifier", lineno, name, filename
+                    )
+            elif token == TOKEN_STRING:
+                # try to unescape string
+                try:
+                    value = (
+                        self._normalize_newlines(value_str[1:-1])
+                        .encode("ascii", "backslashreplace")
+                        .decode("unicode-escape")
+                    )
+                except Exception as e:
+                    msg = str(e).split(":")[-1].strip()
+                    raise TemplateSyntaxError(msg, lineno, name, filename) from e
+            elif token == TOKEN_INTEGER:
+                value = int(value_str.replace("_", ""), 0)
+            elif token == TOKEN_FLOAT:
+                # remove all "_" first to support more Python versions
+                value = literal_eval(value_str.replace("_", ""))
+            elif token == TOKEN_OPERATOR:
+                token = operators[value_str]
+
+            yield Token(lineno, token, value)
+
+    def tokeniter(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """This method tokenizes the text and returns the tokens in a
+        generator. Use this method if you just want to tokenize a template.
+
+        .. versionchanged:: 3.0
+            Only ``\\n``, ``\\r\\n`` and ``\\r`` are treated as line
+            breaks.
+        """
+        lines = newline_re.split(source)[::2]
+
+        if not self.keep_trailing_newline and lines[-1] == "":
+            del lines[-1]
+
+        source = "\n".join(lines)
+        pos = 0
+        lineno = 1
+        stack = ["root"]
+
+        if state is not None and state != "root":
+            assert state in ("variable", "block"), "invalid state"
+            stack.append(state + "_begin")
+
+        statetokens = self.rules[stack[-1]]
+        source_length = len(source)
+        balancing_stack: t.List[str] = []
+        newlines_stripped = 0
+        line_starting = True
+
+        while True:
+            # tokenizer loop
+            for regex, tokens, new_state in statetokens:
+                m = regex.match(source, pos)
+
+                # if no match we try again with the next rule
+                if m is None:
+                    continue
+
+                # we only match blocks and variables if braces / parentheses
+                # are balanced. continue parsing with the lower rule which
+                # is the operator rule. do this only if the end tags look
+                # like operators
+                if balancing_stack and tokens in (
+                    TOKEN_VARIABLE_END,
+                    TOKEN_BLOCK_END,
+                    TOKEN_LINESTATEMENT_END,
+                ):
+                    continue
+
+                # tuples support more options
+                if isinstance(tokens, tuple):
+                    groups: t.Sequence[str] = m.groups()
+
+                    if isinstance(tokens, OptionalLStrip):
+                        # Rule supports lstrip. Match will look like
+                        # text, block type, whitespace control, type, control, ...
+                        text = groups[0]
+                        # Skipping the text and first type, every other group is the
+                        # whitespace control for each type. One of the groups will be
+                        # -, +, or empty string instead of None.
+                        strip_sign = next(g for g in groups[2::2] if g is not None)
+
+                        if strip_sign == "-":
+                            # Strip all whitespace between the text and the tag.
+                            stripped = text.rstrip()
+                            newlines_stripped = text[len(stripped) :].count("\n")
+                            groups = [stripped, *groups[1:]]
+                        elif (
+                            # Not marked for preserving whitespace.
+                            strip_sign != "+"
+                            # lstrip is enabled.
+                            and self.lstrip_blocks
+                            # Not a variable expression.
+                            and not m.groupdict().get(TOKEN_VARIABLE_BEGIN)
+                        ):
+                            # The start of text between the last newline and the tag.
+                            l_pos = text.rfind("\n") + 1
+
+                            if l_pos > 0 or line_starting:
+                                # If there's only whitespace between the newline and the
+                                # tag, strip it.
+                                if whitespace_re.fullmatch(text, l_pos):
+                                    groups = [text[:l_pos], *groups[1:]]
+
+                    for idx, token in enumerate(tokens):
+                        # failure group
+                        if token.__class__ is Failure:
+                            raise token(lineno, filename)
+                        # bygroup is a bit more complex, in that case we
+                        # yield for the current token the first named
+                        # group that matched
+                        elif token == "#bygroup":
+                            for key, value in m.groupdict().items():
+                                if value is not None:
+                                    yield lineno, key, value
+                                    lineno += value.count("\n")
+                                    break
+                            else:
+                                raise RuntimeError(
+                                    f"{regex!r} wanted to resolve the token dynamically"
+                                    " but no group matched"
+                                )
+                        # normal group
+                        else:
+                            data = groups[idx]
+
+                            if data or token not in ignore_if_empty:
+                                yield lineno, token, data
+
+                            lineno += data.count("\n") + newlines_stripped
+                            newlines_stripped = 0
+
+                # strings as token just are yielded as it.
+                else:
+                    data = m.group()
+
+                    # update brace/parentheses balance
+                    if tokens == TOKEN_OPERATOR:
+                        if data == "{":
+                            balancing_stack.append("}")
+                        elif data == "(":
+                            balancing_stack.append(")")
+                        elif data == "[":
+                            balancing_stack.append("]")
+                        elif data in ("}", ")", "]"):
+                            if not balancing_stack:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}'", lineno, name, filename
+                                )
+
+                            expected_op = balancing_stack.pop()
+
+                            if expected_op != data:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}', expected '{expected_op}'",
+                                    lineno,
+                                    name,
+                                    filename,
+                                )
+
+                    # yield items
+                    if data or tokens not in ignore_if_empty:
+                        yield lineno, tokens, data
+
+                    lineno += data.count("\n")
+
+                line_starting = m.group()[-1:] == "\n"
+                # fetch new position into new variable so that we can check
+                # if there is a internal parsing error which would result
+                # in an infinite loop
+                pos2 = m.end()
+
+                # handle state changes
+                if new_state is not None:
+                    # remove the uppermost state
+                    if new_state == "#pop":
+                        stack.pop()
+                    # resolve the new state by group checking
+                    elif new_state == "#bygroup":
+                        for key, value in m.groupdict().items():
+                            if value is not None:
+                                stack.append(key)
+                                break
+                        else:
+                            raise RuntimeError(
+                                f"{regex!r} wanted to resolve the new state dynamically"
+                                f" but no group matched"
+                            )
+                    # direct state name given
+                    else:
+                        stack.append(new_state)
+
+                    statetokens = self.rules[stack[-1]]
+                # we are still at the same position and no stack change.
+                # this means a loop without break condition, avoid that and
+                # raise error
+                elif pos2 == pos:
+                    raise RuntimeError(
+                        f"{regex!r} yielded empty string without stack change"
+                    )
+
+                # publish new function and start again
+                pos = pos2
+                break
+            # if loop terminated without break we haven't found a single match
+            # either we are at the end of the file or we have a problem
+            else:
+                # end of text
+                if pos >= source_length:
+                    return
+
+                # something went wrong
+                raise TemplateSyntaxError(
+                    f"unexpected char {source[pos]!r} at {pos}", lineno, name, filename
+                )
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/loaders.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/loaders.py
new file mode 100644
index 000000000..9eaf647ba
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/loaders.py
@@ -0,0 +1,667 @@
+"""API and implementations for loading templates from different data
+sources.
+"""
+
+import importlib.util
+import os
+import posixpath
+import sys
+import typing as t
+import weakref
+import zipimport
+from collections import abc
+from hashlib import sha1
+from importlib import import_module
+from types import ModuleType
+
+from .exceptions import TemplateNotFound
+from .utils import internalcode
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+    from .environment import Template
+
+
+def split_template_path(template: str) -> t.List[str]:
+    """Split a path into segments and perform a sanity check.  If it detects
+    '..' in the path it will raise a `TemplateNotFound` error.
+    """
+    pieces = []
+    for piece in template.split("/"):
+        if (
+            os.path.sep in piece
+            or (os.path.altsep and os.path.altsep in piece)
+            or piece == os.path.pardir
+        ):
+            raise TemplateNotFound(template)
+        elif piece and piece != ".":
+            pieces.append(piece)
+    return pieces
+
+
+class BaseLoader:
+    """Baseclass for all loaders.  Subclass this and override `get_source` to
+    implement a custom loading mechanism.  The environment provides a
+    `get_template` method that calls the loader's `load` method to get the
+    :class:`Template` object.
+
+    A very basic example for a loader that looks up templates on the file
+    system could look like this::
+
+        from jinja2 import BaseLoader, TemplateNotFound
+        from os.path import join, exists, getmtime
+
+        class MyLoader(BaseLoader):
+
+            def __init__(self, path):
+                self.path = path
+
+            def get_source(self, environment, template):
+                path = join(self.path, template)
+                if not exists(path):
+                    raise TemplateNotFound(template)
+                mtime = getmtime(path)
+                with open(path) as f:
+                    source = f.read()
+                return source, path, lambda: mtime == getmtime(path)
+    """
+
+    #: if set to `False` it indicates that the loader cannot provide access
+    #: to the source of templates.
+    #:
+    #: .. versionadded:: 2.4
+    has_source_access = True
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        """Get the template source, filename and reload helper for a template.
+        It's passed the environment and template name and has to return a
+        tuple in the form ``(source, filename, uptodate)`` or raise a
+        `TemplateNotFound` error if it can't locate the template.
+
+        The source part of the returned tuple must be the source of the
+        template as a string. The filename should be the name of the
+        file on the filesystem if it was loaded from there, otherwise
+        ``None``. The filename is used by Python for the tracebacks
+        if no loader extension is used.
+
+        The last item in the tuple is the `uptodate` function.  If auto
+        reloading is enabled it's always called to check if the template
+        changed.  No arguments are passed so the function must store the
+        old state somewhere (for example in a closure).  If it returns `False`
+        the template will be reloaded.
+        """
+        if not self.has_source_access:
+            raise RuntimeError(
+                f"{type(self).__name__} cannot provide access to the source"
+            )
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        """Iterates over all templates.  If the loader does not support that
+        it should raise a :exc:`TypeError` which is the default behavior.
+        """
+        raise TypeError("this loader cannot iterate over all templates")
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Loads a template.  This method looks up the template in the cache
+        or loads one by calling :meth:`get_source`.  Subclasses should not
+        override this method as loaders working on collections of other
+        loaders (such as :class:`PrefixLoader` or :class:`ChoiceLoader`)
+        will not call this method but `get_source` directly.
+        """
+        code = None
+        if globals is None:
+            globals = {}
+
+        # first we try to get the source for this template together
+        # with the filename and the uptodate function.
+        source, filename, uptodate = self.get_source(environment, name)
+
+        # try to load the code from the bytecode cache if there is a
+        # bytecode cache configured.
+        bcc = environment.bytecode_cache
+        if bcc is not None:
+            bucket = bcc.get_bucket(environment, name, filename, source)
+            code = bucket.code
+
+        # if we don't have code so far (not cached, no longer up to
+        # date) etc. we compile the template
+        if code is None:
+            code = environment.compile(source, name, filename)
+
+        # if the bytecode cache is available and the bucket doesn't
+        # have a code so far, we give the bucket the new code and put
+        # it back to the bytecode cache.
+        if bcc is not None and bucket.code is None:
+            bucket.code = code
+            bcc.set_bucket(bucket)
+
+        return environment.template_class.from_code(
+            environment, code, globals, uptodate
+        )
+
+
+class FileSystemLoader(BaseLoader):
+    """Load templates from a directory in the file system.
+
+    The path can be relative or absolute. Relative paths are relative to
+    the current working directory.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader("templates")
+
+    A list of paths can be given. The directories will be searched in
+    order, stopping at the first matching template.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader(["/override/templates", "/default/templates"])
+
+    :param searchpath: A path, or list of paths, to the directory that
+        contains the templates.
+    :param encoding: Use this encoding to read the text from template
+        files.
+    :param followlinks: Follow symbolic links in the path.
+
+    .. versionchanged:: 2.8
+        Added the ``followlinks`` parameter.
+    """
+
+    def __init__(
+        self,
+        searchpath: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+        encoding: str = "utf-8",
+        followlinks: bool = False,
+    ) -> None:
+        if not isinstance(searchpath, abc.Iterable) or isinstance(searchpath, str):
+            searchpath = [searchpath]
+
+        self.searchpath = [os.fspath(p) for p in searchpath]
+        self.encoding = encoding
+        self.followlinks = followlinks
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Callable[[], bool]]:
+        pieces = split_template_path(template)
+
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+
+            if os.path.isfile(filename):
+                break
+        else:
+            raise TemplateNotFound(template)
+
+        with open(filename, encoding=self.encoding) as f:
+            contents = f.read()
+
+        mtime = os.path.getmtime(filename)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(filename) == mtime
+            except OSError:
+                return False
+
+        # Use normpath to convert Windows altsep to sep.
+        return contents, os.path.normpath(filename), uptodate
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for searchpath in self.searchpath:
+            walk_dir = os.walk(searchpath, followlinks=self.followlinks)
+            for dirpath, _, filenames in walk_dir:
+                for filename in filenames:
+                    template = (
+                        os.path.join(dirpath, filename)[len(searchpath) :]
+                        .strip(os.path.sep)
+                        .replace(os.path.sep, "/")
+                    )
+                    if template[:2] == "./":
+                        template = template[2:]
+                    if template not in found:
+                        found.add(template)
+        return sorted(found)
+
+
+class PackageLoader(BaseLoader):
+    """Load templates from a directory in a Python package.
+
+    :param package_name: Import name of the package that contains the
+        template directory.
+    :param package_path: Directory within the imported package that
+        contains the templates.
+    :param encoding: Encoding of template files.
+
+    The following example looks up templates in the ``pages`` directory
+    within the ``project.ui`` package.
+
+    .. code-block:: python
+
+        loader = PackageLoader("project.ui", "pages")
+
+    Only packages installed as directories (standard pip behavior) or
+    zip/egg files (less common) are supported. The Python API for
+    introspecting data in packages is too limited to support other
+    installation methods the way this loader requires.
+
+    There is limited support for :pep:`420` namespace packages. The
+    template directory is assumed to only be in one namespace
+    contributor. Zip files contributing to a namespace are not
+    supported.
+
+    .. versionchanged:: 3.0
+        No longer uses ``setuptools`` as a dependency.
+
+    .. versionchanged:: 3.0
+        Limited PEP 420 namespace package support.
+    """
+
+    def __init__(
+        self,
+        package_name: str,
+        package_path: "str" = "templates",
+        encoding: str = "utf-8",
+    ) -> None:
+        package_path = os.path.normpath(package_path).rstrip(os.path.sep)
+
+        # normpath preserves ".", which isn't valid in zip paths.
+        if package_path == os.path.curdir:
+            package_path = ""
+        elif package_path[:2] == os.path.curdir + os.path.sep:
+            package_path = package_path[2:]
+
+        self.package_path = package_path
+        self.package_name = package_name
+        self.encoding = encoding
+
+        # Make sure the package exists. This also makes namespace
+        # packages work, otherwise get_loader returns None.
+        import_module(package_name)
+        spec = importlib.util.find_spec(package_name)
+        assert spec is not None, "An import spec was not found for the package."
+        loader = spec.loader
+        assert loader is not None, "A loader was not found for the package."
+        self._loader = loader
+        self._archive = None
+        template_root = None
+
+        if isinstance(loader, zipimport.zipimporter):
+            self._archive = loader.archive
+            pkgdir = next(iter(spec.submodule_search_locations))  # type: ignore
+            template_root = os.path.join(pkgdir, package_path).rstrip(os.path.sep)
+        else:
+            roots: t.List[str] = []
+
+            # One element for regular packages, multiple for namespace
+            # packages, or None for single module file.
+            if spec.submodule_search_locations:
+                roots.extend(spec.submodule_search_locations)
+            # A single module file, use the parent directory instead.
+            elif spec.origin is not None:
+                roots.append(os.path.dirname(spec.origin))
+
+            for root in roots:
+                root = os.path.join(root, package_path)
+
+                if os.path.isdir(root):
+                    template_root = root
+                    break
+
+        if template_root is None:
+            raise ValueError(
+                f"The {package_name!r} package was not installed in a"
+                " way that PackageLoader understands."
+            )
+
+        self._template_root = template_root
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Optional[t.Callable[[], bool]]]:
+        # Use posixpath even on Windows to avoid "drive:" or UNC
+        # segments breaking out of the search directory. Use normpath to
+        # convert Windows altsep to sep.
+        p = os.path.normpath(
+            posixpath.join(self._template_root, *split_template_path(template))
+        )
+        up_to_date: t.Optional[t.Callable[[], bool]]
+
+        if self._archive is None:
+            # Package is a directory.
+            if not os.path.isfile(p):
+                raise TemplateNotFound(template)
+
+            with open(p, "rb") as f:
+                source = f.read()
+
+            mtime = os.path.getmtime(p)
+
+            def up_to_date() -> bool:
+                return os.path.isfile(p) and os.path.getmtime(p) == mtime
+
+        else:
+            # Package is a zip file.
+            try:
+                source = self._loader.get_data(p)  # type: ignore
+            except OSError as e:
+                raise TemplateNotFound(template) from e
+
+            # Could use the zip's mtime for all template mtimes, but
+            # would need to safely reload the module if it's out of
+            # date, so just report it as always current.
+            up_to_date = None
+
+        return source.decode(self.encoding), p, up_to_date
+
+    def list_templates(self) -> t.List[str]:
+        results: t.List[str] = []
+
+        if self._archive is None:
+            # Package is a directory.
+            offset = len(self._template_root)
+
+            for dirpath, _, filenames in os.walk(self._template_root):
+                dirpath = dirpath[offset:].lstrip(os.path.sep)
+                results.extend(
+                    os.path.join(dirpath, name).replace(os.path.sep, "/")
+                    for name in filenames
+                )
+        else:
+            if not hasattr(self._loader, "_files"):
+                raise TypeError(
+                    "This zip import does not have the required"
+                    " metadata to list templates."
+                )
+
+            # Package is a zip file.
+            prefix = (
+                self._template_root[len(self._archive) :].lstrip(os.path.sep)
+                + os.path.sep
+            )
+            offset = len(prefix)
+
+            for name in self._loader._files.keys():
+                # Find names under the templates directory that aren't directories.
+                if name.startswith(prefix) and name[-1] != os.path.sep:
+                    results.append(name[offset:].replace(os.path.sep, "/"))
+
+        results.sort()
+        return results
+
+
+class DictLoader(BaseLoader):
+    """Loads a template from a Python dict mapping template names to
+    template source.  This loader is useful for unittesting:
+
+    >>> loader = DictLoader({'index.html': 'source here'})
+
+    Because auto reloading is rarely useful this is disabled per default.
+    """
+
+    def __init__(self, mapping: t.Mapping[str, str]) -> None:
+        self.mapping = mapping
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, None, t.Callable[[], bool]]:
+        if template in self.mapping:
+            source = self.mapping[template]
+            return source, None, lambda: source == self.mapping.get(template)
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        return sorted(self.mapping)
+
+
+class FunctionLoader(BaseLoader):
+    """A loader that is passed a function which does the loading.  The
+    function receives the name of the template and has to return either
+    a string with the template source, a tuple in the form ``(source,
+    filename, uptodatefunc)`` or `None` if the template does not exist.
+
+    >>> def load_template(name):
+    ...     if name == 'index.html':
+    ...         return '...'
+    ...
+    >>> loader = FunctionLoader(load_template)
+
+    The `uptodatefunc` is a function that is called if autoreload is enabled
+    and has to return `True` if the template is still up to date.  For more
+    details have a look at :meth:`BaseLoader.get_source` which has the same
+    return value.
+    """
+
+    def __init__(
+        self,
+        load_func: t.Callable[
+            [str],
+            t.Optional[
+                t.Union[
+                    str, t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]
+                ]
+            ],
+        ],
+    ) -> None:
+        self.load_func = load_func
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        rv = self.load_func(template)
+
+        if rv is None:
+            raise TemplateNotFound(template)
+
+        if isinstance(rv, str):
+            return rv, None, None
+
+        return rv
+
+
+class PrefixLoader(BaseLoader):
+    """A loader that is passed a dict of loaders where each loader is bound
+    to a prefix.  The prefix is delimited from the template by a slash per
+    default, which can be changed by setting the `delimiter` argument to
+    something else::
+
+        loader = PrefixLoader({
+            'app1':     PackageLoader('mypackage.app1'),
+            'app2':     PackageLoader('mypackage.app2')
+        })
+
+    By loading ``'app1/index.html'`` the file from the app1 package is loaded,
+    by loading ``'app2/index.html'`` the file from the second.
+    """
+
+    def __init__(
+        self, mapping: t.Mapping[str, BaseLoader], delimiter: str = "/"
+    ) -> None:
+        self.mapping = mapping
+        self.delimiter = delimiter
+
+    def get_loader(self, template: str) -> t.Tuple[BaseLoader, str]:
+        try:
+            prefix, name = template.split(self.delimiter, 1)
+            loader = self.mapping[prefix]
+        except (ValueError, KeyError) as e:
+            raise TemplateNotFound(template) from e
+        return loader, name
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        loader, name = self.get_loader(template)
+        try:
+            return loader.get_source(environment, name)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(template) from e
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        loader, local_name = self.get_loader(name)
+        try:
+            return loader.load(environment, local_name, globals)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(name) from e
+
+    def list_templates(self) -> t.List[str]:
+        result = []
+        for prefix, loader in self.mapping.items():
+            for template in loader.list_templates():
+                result.append(prefix + self.delimiter + template)
+        return result
+
+
+class ChoiceLoader(BaseLoader):
+    """This loader works like the `PrefixLoader` just that no prefix is
+    specified.  If a template could not be found by one loader the next one
+    is tried.
+
+    >>> loader = ChoiceLoader([
+    ...     FileSystemLoader('/path/to/user/templates'),
+    ...     FileSystemLoader('/path/to/system/templates')
+    ... ])
+
+    This is useful if you want to allow users to override builtin templates
+    from a different location.
+    """
+
+    def __init__(self, loaders: t.Sequence[BaseLoader]) -> None:
+        self.loaders = loaders
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        for loader in self.loaders:
+            try:
+                return loader.get_source(environment, template)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(template)
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        for loader in self.loaders:
+            try:
+                return loader.load(environment, name, globals)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(name)
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for loader in self.loaders:
+            found.update(loader.list_templates())
+        return sorted(found)
+
+
+class _TemplateModule(ModuleType):
+    """Like a normal module but with support for weak references"""
+
+
+class ModuleLoader(BaseLoader):
+    """This loader loads templates from precompiled templates.
+
+    Example usage:
+
+    >>> loader = ChoiceLoader([
+    ...     ModuleLoader('/path/to/compiled/templates'),
+    ...     FileSystemLoader('/path/to/templates')
+    ... ])
+
+    Templates can be precompiled with :meth:`Environment.compile_templates`.
+    """
+
+    has_source_access = False
+
+    def __init__(
+        self,
+        path: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+    ) -> None:
+        package_name = f"_jinja2_module_templates_{id(self):x}"
+
+        # create a fake module that looks for the templates in the
+        # path given.
+        mod = _TemplateModule(package_name)
+
+        if not isinstance(path, abc.Iterable) or isinstance(path, str):
+            path = [path]
+
+        mod.__path__ = [os.fspath(p) for p in path]
+
+        sys.modules[package_name] = weakref.proxy(
+            mod, lambda x: sys.modules.pop(package_name, None)
+        )
+
+        # the only strong reference, the sys.modules entry is weak
+        # so that the garbage collector can remove it once the
+        # loader that created it goes out of business.
+        self.module = mod
+        self.package_name = package_name
+
+    @staticmethod
+    def get_template_key(name: str) -> str:
+        return "tmpl_" + sha1(name.encode("utf-8")).hexdigest()
+
+    @staticmethod
+    def get_module_filename(name: str) -> str:
+        return ModuleLoader.get_template_key(name) + ".py"
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        key = self.get_template_key(name)
+        module = f"{self.package_name}.{key}"
+        mod = getattr(self.module, module, None)
+
+        if mod is None:
+            try:
+                mod = __import__(module, None, None, ["root"])
+            except ImportError as e:
+                raise TemplateNotFound(name) from e
+
+            # remove the entry from sys.modules, we only want the attribute
+            # on the module object we have stored on the loader.
+            sys.modules.pop(module, None)
+
+        if globals is None:
+            globals = {}
+
+        return environment.template_class.from_module_dict(
+            environment, mod.__dict__, globals
+        )
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/meta.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/meta.py
new file mode 100644
index 000000000..298499e26
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/meta.py
@@ -0,0 +1,112 @@
+"""Functions that expose information about templates that might be
+interesting for introspection.
+"""
+
+import typing as t
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+class TrackingCodeGenerator(CodeGenerator):
+    """We abuse the code generator for introspection."""
+
+    def __init__(self, environment: "Environment") -> None:
+        super().__init__(environment, "<introspection>", "<introspection>")
+        self.undeclared_identifiers: t.Set[str] = set()
+
+    def write(self, x: str) -> None:
+        """Don't write."""
+
+    def enter_frame(self, frame: Frame) -> None:
+        """Remember all undeclared identifiers."""
+        super().enter_frame(frame)
+
+        for _, (action, param) in frame.symbols.loads.items():
+            if action == "resolve" and param not in self.environment.globals:
+                self.undeclared_identifiers.add(param)
+
+
+def find_undeclared_variables(ast: nodes.Template) -> t.Set[str]:
+    """Returns a set of all variables in the AST that will be looked up from
+    the context at runtime.  Because at compile time it's not known which
+    variables will be used depending on the path the execution takes at
+    runtime, all variables are returned.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% set foo = 42 %}{{ bar + foo }}')
+    >>> meta.find_undeclared_variables(ast) == {'bar'}
+    True
+
+    .. admonition:: Implementation
+
+       Internally the code generator is used for finding undeclared variables.
+       This is good to know because the code generator might raise a
+       :exc:`TemplateAssertionError` during compilation and as a matter of
+       fact this function can currently raise that exception as well.
+    """
+    codegen = TrackingCodeGenerator(ast.environment)  # type: ignore
+    codegen.visit(ast)
+    return codegen.undeclared_identifiers
+
+
+_ref_types = (nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include)
+_RefType = t.Union[nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include]
+
+
+def find_referenced_templates(ast: nodes.Template) -> t.Iterator[t.Optional[str]]:
+    """Finds all the referenced templates from the AST.  This will return an
+    iterator over all the hardcoded template extensions, inclusions and
+    imports.  If dynamic inheritance or inclusion is used, `None` will be
+    yielded.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% extends "layout.html" %}{% include helper %}')
+    >>> list(meta.find_referenced_templates(ast))
+    ['layout.html', None]
+
+    This function is useful for dependency tracking.  For example if you want
+    to rebuild parts of the website after a layout template has changed.
+    """
+    template_name: t.Any
+
+    for node in ast.find_all(_ref_types):
+        template: nodes.Expr = node.template  # type: ignore
+
+        if not isinstance(template, nodes.Const):
+            # a tuple with some non consts in there
+            if isinstance(template, (nodes.Tuple, nodes.List)):
+                for template_name in template.items:
+                    # something const, only yield the strings and ignore
+                    # non-string consts that really just make no sense
+                    if isinstance(template_name, nodes.Const):
+                        if isinstance(template_name.value, str):
+                            yield template_name.value
+                    # something dynamic in there
+                    else:
+                        yield None
+            # something dynamic we don't know about here
+            else:
+                yield None
+            continue
+        # constant is a basestring, direct template name
+        if isinstance(template.value, str):
+            yield template.value
+        # a tuple or list (latter *should* not happen) made of consts,
+        # yield the consts that are strings.  We could warn here for
+        # non string values
+        elif isinstance(node, nodes.Include) and isinstance(
+            template.value, (tuple, list)
+        ):
+            for template_name in template.value:
+                if isinstance(template_name, str):
+                    yield template_name
+        # something else we don't care about, we could warn here
+        else:
+            yield None
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nativetypes.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nativetypes.py
new file mode 100644
index 000000000..71db8cc31
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nativetypes.py
@@ -0,0 +1,130 @@
+import typing as t
+from ast import literal_eval
+from ast import parse
+from itertools import chain
+from itertools import islice
+from types import GeneratorType
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+from .compiler import has_safe_repr
+from .environment import Environment
+from .environment import Template
+
+
+def native_concat(values: t.Iterable[t.Any]) -> t.Optional[t.Any]:
+    """Return a native Python type from the list of compiled nodes. If
+    the result is a single node, its value is returned. Otherwise, the
+    nodes are concatenated as strings. If the result can be parsed with
+    :func:`ast.literal_eval`, the parsed value is returned. Otherwise,
+    the string is returned.
+
+    :param values: Iterable of outputs to concatenate.
+    """
+    head = list(islice(values, 2))
+
+    if not head:
+        return None
+
+    if len(head) == 1:
+        raw = head[0]
+        if not isinstance(raw, str):
+            return raw
+    else:
+        if isinstance(values, GeneratorType):
+            values = chain(head, values)
+        raw = "".join([str(v) for v in values])
+
+    try:
+        return literal_eval(
+            # In Python 3.10+ ast.literal_eval removes leading spaces/tabs
+            # from the given string. For backwards compatibility we need to
+            # parse the string ourselves without removing leading spaces/tabs.
+            parse(raw, mode="eval")
+        )
+    except (ValueError, SyntaxError, MemoryError):
+        return raw
+
+
+class NativeCodeGenerator(CodeGenerator):
+    """A code generator which renders Python types by not adding
+    ``str()`` around output nodes.
+    """
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        return value
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        return repr("".join([str(v) for v in group]))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> t.Any:
+        const = node.as_const(frame.eval_ctx)
+
+        if not has_safe_repr(const):
+            raise nodes.Impossible()
+
+        if isinstance(node, nodes.TemplateData):
+            return const
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(")")
+
+
+class NativeEnvironment(Environment):
+    """An environment that renders templates to native Python types."""
+
+    code_generator_class = NativeCodeGenerator
+    concat = staticmethod(native_concat)  # type: ignore
+
+
+class NativeTemplate(Template):
+    environment_class = NativeEnvironment
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Render the template to produce a native Python type. If the
+        result is a single node, its value is returned. Otherwise, the
+        nodes are concatenated as strings. If the result can be parsed
+        with :func:`ast.literal_eval`, the parsed value is returned.
+        Otherwise, the string is returned.
+        """
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                self.root_render_func(ctx)
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+
+NativeEnvironment.template_class = NativeTemplate
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nodes.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nodes.py
new file mode 100644
index 000000000..2f93b90ec
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/nodes.py
@@ -0,0 +1,1206 @@
+"""AST nodes generated by the parser for the compiler. Also provides
+some node tree helper functions used by the parser and compiler in order
+to normalize nodes.
+"""
+
+import inspect
+import operator
+import typing as t
+from collections import deque
+
+from markupsafe import Markup
+
+from .utils import _PassArg
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_NodeBound = t.TypeVar("_NodeBound", bound="Node")
+
+_binop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "*": operator.mul,
+    "/": operator.truediv,
+    "//": operator.floordiv,
+    "**": operator.pow,
+    "%": operator.mod,
+    "+": operator.add,
+    "-": operator.sub,
+}
+
+_uaop_to_func: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+    "not": operator.not_,
+    "+": operator.pos,
+    "-": operator.neg,
+}
+
+_cmpop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "eq": operator.eq,
+    "ne": operator.ne,
+    "gt": operator.gt,
+    "gteq": operator.ge,
+    "lt": operator.lt,
+    "lteq": operator.le,
+    "in": lambda a, b: a in b,
+    "notin": lambda a, b: a not in b,
+}
+
+
+class Impossible(Exception):
+    """Raised if the node could not perform a requested action."""
+
+
+class NodeType(type):
+    """A metaclass for nodes that handles the field and attribute
+    inheritance.  fields and attributes from the parent class are
+    automatically forwarded to the child."""
+
+    def __new__(mcs, name, bases, d):  # type: ignore
+        for attr in "fields", "attributes":
+            storage: t.List[t.Tuple[str, ...]] = []
+            storage.extend(getattr(bases[0] if bases else object, attr, ()))
+            storage.extend(d.get(attr, ()))
+            assert len(bases) <= 1, "multiple inheritance not allowed"
+            assert len(storage) == len(set(storage)), "layout conflict"
+            d[attr] = tuple(storage)
+        d.setdefault("abstract", False)
+        return type.__new__(mcs, name, bases, d)
+
+
+class EvalContext:
+    """Holds evaluation time information.  Custom attributes can be attached
+    to it in extensions.
+    """
+
+    def __init__(
+        self, environment: "Environment", template_name: t.Optional[str] = None
+    ) -> None:
+        self.environment = environment
+        if callable(environment.autoescape):
+            self.autoescape = environment.autoescape(template_name)
+        else:
+            self.autoescape = environment.autoescape
+        self.volatile = False
+
+    def save(self) -> t.Mapping[str, t.Any]:
+        return self.__dict__.copy()
+
+    def revert(self, old: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.clear()
+        self.__dict__.update(old)
+
+
+def get_eval_context(node: "Node", ctx: t.Optional[EvalContext]) -> EvalContext:
+    if ctx is None:
+        if node.environment is None:
+            raise RuntimeError(
+                "if no eval context is passed, the node must have an"
+                " attached environment."
+            )
+        return EvalContext(node.environment)
+    return ctx
+
+
+class Node(metaclass=NodeType):
+    """Baseclass for all Jinja nodes.  There are a number of nodes available
+    of different types.  There are four major types:
+
+    -   :class:`Stmt`: statements
+    -   :class:`Expr`: expressions
+    -   :class:`Helper`: helper nodes
+    -   :class:`Template`: the outermost wrapper node
+
+    All nodes have fields and attributes.  Fields may be other nodes, lists,
+    or arbitrary values.  Fields are passed to the constructor as regular
+    positional arguments, attributes as keyword arguments.  Each node has
+    two attributes: `lineno` (the line number of the node) and `environment`.
+    The `environment` attribute is set at the end of the parsing process for
+    all nodes automatically.
+    """
+
+    fields: t.Tuple[str, ...] = ()
+    attributes: t.Tuple[str, ...] = ("lineno", "environment")
+    abstract = True
+
+    lineno: int
+    environment: t.Optional["Environment"]
+
+    def __init__(self, *fields: t.Any, **attributes: t.Any) -> None:
+        if self.abstract:
+            raise TypeError("abstract nodes are not instantiable")
+        if fields:
+            if len(fields) != len(self.fields):
+                if not self.fields:
+                    raise TypeError(f"{type(self).__name__!r} takes 0 arguments")
+                raise TypeError(
+                    f"{type(self).__name__!r} takes 0 or {len(self.fields)}"
+                    f" argument{'s' if len(self.fields) != 1 else ''}"
+                )
+            for name, arg in zip(self.fields, fields):
+                setattr(self, name, arg)
+        for attr in self.attributes:
+            setattr(self, attr, attributes.pop(attr, None))
+        if attributes:
+            raise TypeError(f"unknown attribute {next(iter(attributes))!r}")
+
+    def iter_fields(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator[t.Tuple[str, t.Any]]:
+        """This method iterates over all fields that are defined and yields
+        ``(key, value)`` tuples.  Per default all fields are returned, but
+        it's possible to limit that to some fields by providing the `only`
+        parameter or to exclude some using the `exclude` parameter.  Both
+        should be sets or tuples of field names.
+        """
+        for name in self.fields:
+            if (
+                (exclude is None and only is None)
+                or (exclude is not None and name not in exclude)
+                or (only is not None and name in only)
+            ):
+                try:
+                    yield name, getattr(self, name)
+                except AttributeError:
+                    pass
+
+    def iter_child_nodes(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator["Node"]:
+        """Iterates over all direct child nodes of the node.  This iterates
+        over all fields and yields the values of they are nodes.  If the value
+        of a field is a list all the nodes in that list are returned.
+        """
+        for _, item in self.iter_fields(exclude, only):
+            if isinstance(item, list):
+                for n in item:
+                    if isinstance(n, Node):
+                        yield n
+            elif isinstance(item, Node):
+                yield item
+
+    def find(self, node_type: t.Type[_NodeBound]) -> t.Optional[_NodeBound]:
+        """Find the first node of a given type.  If no such node exists the
+        return value is `None`.
+        """
+        for result in self.find_all(node_type):
+            return result
+
+        return None
+
+    def find_all(
+        self, node_type: t.Union[t.Type[_NodeBound], t.Tuple[t.Type[_NodeBound], ...]]
+    ) -> t.Iterator[_NodeBound]:
+        """Find all the nodes of a given type.  If the type is a tuple,
+        the check is performed for any of the tuple items.
+        """
+        for child in self.iter_child_nodes():
+            if isinstance(child, node_type):
+                yield child  # type: ignore
+            yield from child.find_all(node_type)
+
+    def set_ctx(self, ctx: str) -> "Node":
+        """Reset the context of a node and all child nodes.  Per default the
+        parser will all generate nodes that have a 'load' context as it's the
+        most common one.  This method is used in the parser to set assignment
+        targets and other nodes to a store context.
+        """
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "ctx" in node.fields:
+                node.ctx = ctx  # type: ignore
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_lineno(self, lineno: int, override: bool = False) -> "Node":
+        """Set the line numbers of the node and children."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "lineno" in node.attributes:
+                if node.lineno is None or override:
+                    node.lineno = lineno
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_environment(self, environment: "Environment") -> "Node":
+        """Set the environment for all nodes."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            node.environment = environment
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def __eq__(self, other: t.Any) -> bool:
+        if type(self) is not type(other):
+            return NotImplemented
+
+        return tuple(self.iter_fields()) == tuple(other.iter_fields())
+
+    __hash__ = object.__hash__
+
+    def __repr__(self) -> str:
+        args_str = ", ".join(f"{a}={getattr(self, a, None)!r}" for a in self.fields)
+        return f"{type(self).__name__}({args_str})"
+
+    def dump(self) -> str:
+        def _dump(node: t.Union[Node, t.Any]) -> None:
+            if not isinstance(node, Node):
+                buf.append(repr(node))
+                return
+
+            buf.append(f"nodes.{type(node).__name__}(")
+            if not node.fields:
+                buf.append(")")
+                return
+            for idx, field in enumerate(node.fields):
+                if idx:
+                    buf.append(", ")
+                value = getattr(node, field)
+                if isinstance(value, list):
+                    buf.append("[")
+                    for idx, item in enumerate(value):
+                        if idx:
+                            buf.append(", ")
+                        _dump(item)
+                    buf.append("]")
+                else:
+                    _dump(value)
+            buf.append(")")
+
+        buf: t.List[str] = []
+        _dump(self)
+        return "".join(buf)
+
+
+class Stmt(Node):
+    """Base node for all statements."""
+
+    abstract = True
+
+
+class Helper(Node):
+    """Nodes that exist in a specific context only."""
+
+    abstract = True
+
+
+class Template(Node):
+    """Node that represents a template.  This must be the outermost node that
+    is passed to the compiler.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class Output(Stmt):
+    """A node that holds multiple expressions which are then printed out.
+    This is used both for the `print` statement and the regular template data.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List["Expr"]
+
+
+class Extends(Stmt):
+    """Represents an extends statement."""
+
+    fields = ("template",)
+    template: "Expr"
+
+
+class For(Stmt):
+    """The for loop.  `target` is the target for the iteration (usually a
+    :class:`Name` or :class:`Tuple`), `iter` the iterable.  `body` is a list
+    of nodes that are used as loop-body, and `else_` a list of nodes for the
+    `else` block.  If no else node exists it has to be an empty list.
+
+    For filtered nodes an expression can be stored as `test`, otherwise `None`.
+    """
+
+    fields = ("target", "iter", "body", "else_", "test", "recursive")
+    target: Node
+    iter: Node
+    body: t.List[Node]
+    else_: t.List[Node]
+    test: t.Optional[Node]
+    recursive: bool
+
+
+class If(Stmt):
+    """If `test` is true, `body` is rendered, else `else_`."""
+
+    fields = ("test", "body", "elif_", "else_")
+    test: Node
+    body: t.List[Node]
+    elif_: t.List["If"]
+    else_: t.List[Node]
+
+
+class Macro(Stmt):
+    """A macro definition.  `name` is the name of the macro, `args` a list of
+    arguments and `defaults` a list of defaults if there are any.  `body` is
+    a list of nodes for the macro body.
+    """
+
+    fields = ("name", "args", "defaults", "body")
+    name: str
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class CallBlock(Stmt):
+    """Like a macro without a name but a call instead.  `call` is called with
+    the unnamed macro as `caller` argument this node holds.
+    """
+
+    fields = ("call", "args", "defaults", "body")
+    call: "Call"
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class FilterBlock(Stmt):
+    """Node for filter sections."""
+
+    fields = ("body", "filter")
+    body: t.List[Node]
+    filter: "Filter"
+
+
+class With(Stmt):
+    """Specific node for with statements.  In older versions of Jinja the
+    with statement was implemented on the base of the `Scope` node instead.
+
+    .. versionadded:: 2.9.3
+    """
+
+    fields = ("targets", "values", "body")
+    targets: t.List["Expr"]
+    values: t.List["Expr"]
+    body: t.List[Node]
+
+
+class Block(Stmt):
+    """A node that represents a block.
+
+    .. versionchanged:: 3.0.0
+        the `required` field was added.
+    """
+
+    fields = ("name", "body", "scoped", "required")
+    name: str
+    body: t.List[Node]
+    scoped: bool
+    required: bool
+
+
+class Include(Stmt):
+    """A node that represents the include tag."""
+
+    fields = ("template", "with_context", "ignore_missing")
+    template: "Expr"
+    with_context: bool
+    ignore_missing: bool
+
+
+class Import(Stmt):
+    """A node that represents the import tag."""
+
+    fields = ("template", "target", "with_context")
+    template: "Expr"
+    target: str
+    with_context: bool
+
+
+class FromImport(Stmt):
+    """A node that represents the from import tag.  It's important to not
+    pass unsafe names to the name attribute.  The compiler translates the
+    attribute lookups directly into getattr calls and does *not* use the
+    subscript callback of the interface.  As exported variables may not
+    start with double underscores (which the parser asserts) this is not a
+    problem for regular Jinja code, but if this node is used in an extension
+    extra care must be taken.
+
+    The list of names may contain tuples if aliases are wanted.
+    """
+
+    fields = ("template", "names", "with_context")
+    template: "Expr"
+    names: t.List[t.Union[str, t.Tuple[str, str]]]
+    with_context: bool
+
+
+class ExprStmt(Stmt):
+    """A statement that evaluates an expression and discards the result."""
+
+    fields = ("node",)
+    node: Node
+
+
+class Assign(Stmt):
+    """Assigns an expression to a target."""
+
+    fields = ("target", "node")
+    target: "Expr"
+    node: Node
+
+
+class AssignBlock(Stmt):
+    """Assigns a block to a target."""
+
+    fields = ("target", "filter", "body")
+    target: "Expr"
+    filter: t.Optional["Filter"]
+    body: t.List[Node]
+
+
+class Expr(Node):
+    """Baseclass for all expressions."""
+
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        """Return the value of the expression as constant or raise
+        :exc:`Impossible` if this was not possible.
+
+        An :class:`EvalContext` can be provided, if none is given
+        a default context is created which requires the nodes to have
+        an attached environment.
+
+        .. versionchanged:: 2.4
+           the `eval_ctx` parameter was added.
+        """
+        raise Impossible()
+
+    def can_assign(self) -> bool:
+        """Check if it's possible to assign something to this node."""
+        return False
+
+
+class BinExpr(Expr):
+    """Baseclass for all binary expressions."""
+
+    fields = ("left", "right")
+    left: Expr
+    right: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_binops  # type: ignore
+        ):
+            raise Impossible()
+        f = _binop_to_func[self.operator]
+        try:
+            return f(self.left.as_const(eval_ctx), self.right.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class UnaryExpr(Expr):
+    """Baseclass for all unary expressions."""
+
+    fields = ("node",)
+    node: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_unops  # type: ignore
+        ):
+            raise Impossible()
+        f = _uaop_to_func[self.operator]
+        try:
+            return f(self.node.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Name(Expr):
+    """Looks up a name or stores a value in a name.
+    The `ctx` of the node can be one of the following values:
+
+    -   `store`: store a value in the name
+    -   `load`: load that name
+    -   `param`: like `store` but if the name was defined as function parameter.
+    """
+
+    fields = ("name", "ctx")
+    name: str
+    ctx: str
+
+    def can_assign(self) -> bool:
+        return self.name not in {"true", "false", "none", "True", "False", "None"}
+
+
+class NSRef(Expr):
+    """Reference to a namespace value assignment"""
+
+    fields = ("name", "attr")
+    name: str
+    attr: str
+
+    def can_assign(self) -> bool:
+        # We don't need any special checks here; NSRef assignments have a
+        # runtime check to ensure the target is a namespace object which will
+        # have been checked already as it is created using a normal assignment
+        # which goes through a `Name` node.
+        return True
+
+
+class Literal(Expr):
+    """Baseclass for literals."""
+
+    abstract = True
+
+
+class Const(Literal):
+    """All constant values.  The parser will return this node for simple
+    constants such as ``42`` or ``"foo"`` but it can be used to store more
+    complex values such as lists too.  Only constants with a safe
+    representation (objects where ``eval(repr(x)) == x`` is true).
+    """
+
+    fields = ("value",)
+    value: t.Any
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        return self.value
+
+    @classmethod
+    def from_untrusted(
+        cls,
+        value: t.Any,
+        lineno: t.Optional[int] = None,
+        environment: "t.Optional[Environment]" = None,
+    ) -> "Const":
+        """Return a const object if the value is representable as
+        constant value in the generated code, otherwise it will raise
+        an `Impossible` exception.
+        """
+        from .compiler import has_safe_repr
+
+        if not has_safe_repr(value):
+            raise Impossible()
+        return cls(value, lineno=lineno, environment=environment)
+
+
+class TemplateData(Literal):
+    """A constant template string."""
+
+    fields = ("data",)
+    data: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        if eval_ctx.autoescape:
+            return Markup(self.data)
+        return self.data
+
+
+class Tuple(Literal):
+    """For loop unpacking and some other things like multiple arguments
+    for subscripts.  Like for :class:`Name` `ctx` specifies if the tuple
+    is used for loading the names or storing.
+    """
+
+    fields = ("items", "ctx")
+    items: t.List[Expr]
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[t.Any, ...]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return tuple(x.as_const(eval_ctx) for x in self.items)
+
+    def can_assign(self) -> bool:
+        for item in self.items:
+            if not item.can_assign():
+                return False
+        return True
+
+
+class List(Literal):
+    """Any list literal such as ``[1, 2, 3]``"""
+
+    fields = ("items",)
+    items: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.List[t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return [x.as_const(eval_ctx) for x in self.items]
+
+
+class Dict(Literal):
+    """Any dict literal such as ``{1: 2, 3: 4}``.  The items must be a list of
+    :class:`Pair` nodes.
+    """
+
+    fields = ("items",)
+    items: t.List["Pair"]
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Dict[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return dict(x.as_const(eval_ctx) for x in self.items)
+
+
+class Pair(Helper):
+    """A key, value pair for dicts."""
+
+    fields = ("key", "value")
+    key: Expr
+    value: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Tuple[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key.as_const(eval_ctx), self.value.as_const(eval_ctx)
+
+
+class Keyword(Helper):
+    """A key, value pair for keyword arguments where key is a string."""
+
+    fields = ("key", "value")
+    key: str
+    value: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[str, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key, self.value.as_const(eval_ctx)
+
+
+class CondExpr(Expr):
+    """A conditional expression (inline if expression).  (``{{
+    foo if bar else baz }}``)
+    """
+
+    fields = ("test", "expr1", "expr2")
+    test: Expr
+    expr1: Expr
+    expr2: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if self.test.as_const(eval_ctx):
+            return self.expr1.as_const(eval_ctx)
+
+        # if we evaluate to an undefined object, we better do that at runtime
+        if self.expr2 is None:
+            raise Impossible()
+
+        return self.expr2.as_const(eval_ctx)
+
+
+def args_as_const(
+    node: t.Union["_FilterTestCommon", "Call"], eval_ctx: t.Optional[EvalContext]
+) -> t.Tuple[t.List[t.Any], t.Dict[t.Any, t.Any]]:
+    args = [x.as_const(eval_ctx) for x in node.args]
+    kwargs = dict(x.as_const(eval_ctx) for x in node.kwargs)
+
+    if node.dyn_args is not None:
+        try:
+            args.extend(node.dyn_args.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    if node.dyn_kwargs is not None:
+        try:
+            kwargs.update(node.dyn_kwargs.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    return args, kwargs
+
+
+class _FilterTestCommon(Expr):
+    fields = ("node", "name", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    name: str
+    args: t.List[Expr]
+    kwargs: t.List[Pair]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+    abstract = True
+    _is_filter = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        if eval_ctx.volatile:
+            raise Impossible()
+
+        if self._is_filter:
+            env_map = eval_ctx.environment.filters
+        else:
+            env_map = eval_ctx.environment.tests
+
+        func = env_map.get(self.name)
+        pass_arg = _PassArg.from_obj(func)  # type: ignore
+
+        if func is None or pass_arg is _PassArg.context:
+            raise Impossible()
+
+        if eval_ctx.environment.is_async and (
+            getattr(func, "jinja_async_variant", False) is True
+            or inspect.iscoroutinefunction(func)
+        ):
+            raise Impossible()
+
+        args, kwargs = args_as_const(self, eval_ctx)
+        args.insert(0, self.node.as_const(eval_ctx))
+
+        if pass_arg is _PassArg.eval_context:
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, eval_ctx.environment)
+
+        try:
+            return func(*args, **kwargs)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Filter(_FilterTestCommon):
+    """Apply a filter to an expression. ``name`` is the name of the
+    filter, the other fields are the same as :class:`Call`.
+
+    If ``node`` is ``None``, the filter is being used in a filter block
+    and is applied to the content of the block.
+    """
+
+    node: t.Optional[Expr]  # type: ignore
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.node is None:
+            raise Impossible()
+
+        return super().as_const(eval_ctx=eval_ctx)
+
+
+class Test(_FilterTestCommon):
+    """Apply a test to an expression. ``name`` is the name of the test,
+    the other field are the same as :class:`Call`.
+
+    .. versionchanged:: 3.0
+        ``as_const`` shares the same logic for filters and tests. Tests
+        check for volatile, async, and ``@pass_context`` etc.
+        decorators.
+    """
+
+    _is_filter = False
+
+
+class Call(Expr):
+    """Calls an expression.  `args` is a list of arguments, `kwargs` a list
+    of keyword arguments (list of :class:`Keyword` nodes), and `dyn_args`
+    and `dyn_kwargs` has to be either `None` or a node that is used as
+    node for dynamic positional (``*args``) or keyword (``**kwargs``)
+    arguments.
+    """
+
+    fields = ("node", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    args: t.List[Expr]
+    kwargs: t.List[Keyword]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+
+
+class Getitem(Expr):
+    """Get an attribute or item from an expression and prefer the item."""
+
+    fields = ("node", "arg", "ctx")
+    node: Expr
+    arg: Expr
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getitem(
+                self.node.as_const(eval_ctx), self.arg.as_const(eval_ctx)
+            )
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Getattr(Expr):
+    """Get an attribute or item from an expression that is a ascii-only
+    bytestring and prefer the attribute.
+    """
+
+    fields = ("node", "attr", "ctx")
+    node: Expr
+    attr: str
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getattr(self.node.as_const(eval_ctx), self.attr)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Slice(Expr):
+    """Represents a slice object.  This must only be used as argument for
+    :class:`Subscript`.
+    """
+
+    fields = ("start", "stop", "step")
+    start: t.Optional[Expr]
+    stop: t.Optional[Expr]
+    step: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> slice:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        def const(obj: t.Optional[Expr]) -> t.Optional[t.Any]:
+            if obj is None:
+                return None
+            return obj.as_const(eval_ctx)
+
+        return slice(const(self.start), const(self.stop), const(self.step))
+
+
+class Concat(Expr):
+    """Concatenates the list of expressions provided after converting
+    them to strings.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return "".join(str(x.as_const(eval_ctx)) for x in self.nodes)
+
+
+class Compare(Expr):
+    """Compares an expression with some other expressions.  `ops` must be a
+    list of :class:`Operand`\\s.
+    """
+
+    fields = ("expr", "ops")
+    expr: Expr
+    ops: t.List["Operand"]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        result = value = self.expr.as_const(eval_ctx)
+
+        try:
+            for op in self.ops:
+                new_value = op.expr.as_const(eval_ctx)
+                result = _cmpop_to_func[op.op](value, new_value)
+
+                if not result:
+                    return False
+
+                value = new_value
+        except Exception as e:
+            raise Impossible() from e
+
+        return result
+
+
+class Operand(Helper):
+    """Holds an operator and an expression."""
+
+    fields = ("op", "expr")
+    op: str
+    expr: Expr
+
+
+class Mul(BinExpr):
+    """Multiplies the left with the right node."""
+
+    operator = "*"
+
+
+class Div(BinExpr):
+    """Divides the left by the right node."""
+
+    operator = "/"
+
+
+class FloorDiv(BinExpr):
+    """Divides the left by the right node and converts the
+    result into an integer by truncating.
+    """
+
+    operator = "//"
+
+
+class Add(BinExpr):
+    """Add the left to the right node."""
+
+    operator = "+"
+
+
+class Sub(BinExpr):
+    """Subtract the right from the left node."""
+
+    operator = "-"
+
+
+class Mod(BinExpr):
+    """Left modulo right."""
+
+    operator = "%"
+
+
+class Pow(BinExpr):
+    """Left to the power of right."""
+
+    operator = "**"
+
+
+class And(BinExpr):
+    """Short circuited AND."""
+
+    operator = "and"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) and self.right.as_const(eval_ctx)
+
+
+class Or(BinExpr):
+    """Short circuited OR."""
+
+    operator = "or"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) or self.right.as_const(eval_ctx)
+
+
+class Not(UnaryExpr):
+    """Negate the expression."""
+
+    operator = "not"
+
+
+class Neg(UnaryExpr):
+    """Make the expression negative."""
+
+    operator = "-"
+
+
+class Pos(UnaryExpr):
+    """Make the expression positive (noop for most expressions)"""
+
+    operator = "+"
+
+
+# Helpers for extensions
+
+
+class EnvironmentAttribute(Expr):
+    """Loads an attribute from the environment object.  This is useful for
+    extensions that want to call a callback stored on the environment.
+    """
+
+    fields = ("name",)
+    name: str
+
+
+class ExtensionAttribute(Expr):
+    """Returns the attribute of an extension bound to the environment.
+    The identifier is the identifier of the :class:`Extension`.
+
+    This node is usually constructed by calling the
+    :meth:`~jinja2.ext.Extension.attr` method on an extension.
+    """
+
+    fields = ("identifier", "name")
+    identifier: str
+    name: str
+
+
+class ImportedName(Expr):
+    """If created with an import name the import name is returned on node
+    access.  For example ``ImportedName('cgi.escape')`` returns the `escape`
+    function from the cgi module on evaluation.  Imports are optimized by the
+    compiler so there is no need to assign them to local variables.
+    """
+
+    fields = ("importname",)
+    importname: str
+
+
+class InternalName(Expr):
+    """An internal name in the compiler.  You cannot create these nodes
+    yourself but the parser provides a
+    :meth:`~jinja2.parser.Parser.free_identifier` method that creates
+    a new identifier for you.  This identifier is not available from the
+    template and is not treated specially by the compiler.
+    """
+
+    fields = ("name",)
+    name: str
+
+    def __init__(self) -> None:
+        raise TypeError(
+            "Can't create internal names.  Use the "
+            "`free_identifier` method on a parser."
+        )
+
+
+class MarkSafe(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`)."""
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> Markup:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return Markup(self.expr.as_const(eval_ctx))
+
+
+class MarkSafeIfAutoescape(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`) but
+    only if autoescaping is active.
+
+    .. versionadded:: 2.5
+    """
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Union[Markup, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        expr = self.expr.as_const(eval_ctx)
+        if eval_ctx.autoescape:
+            return Markup(expr)
+        return expr
+
+
+class ContextReference(Expr):
+    """Returns the current template context.  It can be used like a
+    :class:`Name` node, with a ``'load'`` ctx and will return the
+    current :class:`~jinja2.runtime.Context` object.
+
+    Here an example that assigns the current template name to a
+    variable named `foo`::
+
+        Assign(Name('foo', ctx='store'),
+               Getattr(ContextReference(), 'name'))
+
+    This is basically equivalent to using the
+    :func:`~jinja2.pass_context` decorator when using the high-level
+    API, which causes a reference to the context to be passed as the
+    first argument to a function.
+    """
+
+
+class DerivedContextReference(Expr):
+    """Return the current template context including locals. Behaves
+    exactly like :class:`ContextReference`, but includes local
+    variables, such as from a ``for`` loop.
+
+    .. versionadded:: 2.11
+    """
+
+
+class Continue(Stmt):
+    """Continue a loop."""
+
+
+class Break(Stmt):
+    """Break a loop."""
+
+
+class Scope(Stmt):
+    """An artificial scope."""
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class OverlayScope(Stmt):
+    """An overlay scope for extensions.  This is a largely unoptimized scope
+    that however can be used to introduce completely arbitrary variables into
+    a sub scope from a dictionary or dictionary like object.  The `context`
+    field has to evaluate to a dictionary object.
+
+    Example usage::
+
+        OverlayScope(context=self.call_method('get_context'),
+                     body=[...])
+
+    .. versionadded:: 2.10
+    """
+
+    fields = ("context", "body")
+    context: Expr
+    body: t.List[Node]
+
+
+class EvalContextModifier(Stmt):
+    """Modifies the eval context.  For each option that should be modified,
+    a :class:`Keyword` has to be added to the :attr:`options` list.
+
+    Example to change the `autoescape` setting::
+
+        EvalContextModifier(options=[Keyword('autoescape', Const(True))])
+    """
+
+    fields = ("options",)
+    options: t.List[Keyword]
+
+
+class ScopedEvalContextModifier(EvalContextModifier):
+    """Modifies the eval context and reverts it later.  Works exactly like
+    :class:`EvalContextModifier` but will only modify the
+    :class:`~jinja2.nodes.EvalContext` for nodes in the :attr:`body`.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+# make sure nobody creates custom nodes
+def _failing_new(*args: t.Any, **kwargs: t.Any) -> "te.NoReturn":
+    raise TypeError("can't create custom node types")
+
+
+NodeType.__new__ = staticmethod(_failing_new)  # type: ignore
+del _failing_new
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/optimizer.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/optimizer.py
new file mode 100644
index 000000000..32d1c717b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/optimizer.py
@@ -0,0 +1,48 @@
+"""The optimizer tries to constant fold expressions and modify the AST
+in place so that it should be faster to evaluate.
+
+Because the AST does not contain all the scoping information and the
+compiler has to find that out, we cannot do all the optimizations we
+want. For example, loop unrolling doesn't work because unrolled loops
+would have a different scope. The solution would be a second syntax tree
+that stored the scoping rules.
+"""
+
+import typing as t
+
+from . import nodes
+from .visitor import NodeTransformer
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def optimize(node: nodes.Node, environment: "Environment") -> nodes.Node:
+    """The context hint can be used to perform an static optimization
+    based on the context given."""
+    optimizer = Optimizer(environment)
+    return t.cast(nodes.Node, optimizer.visit(node))
+
+
+class Optimizer(NodeTransformer):
+    def __init__(self, environment: "t.Optional[Environment]") -> None:
+        self.environment = environment
+
+    def generic_visit(
+        self, node: nodes.Node, *args: t.Any, **kwargs: t.Any
+    ) -> nodes.Node:
+        node = super().generic_visit(node, *args, **kwargs)
+
+        # Do constant folding. Some other nodes besides Expr have
+        # as_const, but folding them causes errors later on.
+        if isinstance(node, nodes.Expr):
+            try:
+                return nodes.Const.from_untrusted(
+                    node.as_const(args[0] if args else None),
+                    lineno=node.lineno,
+                    environment=self.environment,
+                )
+            except nodes.Impossible:
+                pass
+
+        return node
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/parser.py
new file mode 100644
index 000000000..0ec997fb4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/parser.py
@@ -0,0 +1,1041 @@
+"""Parse tokens from the lexer into nodes for the compiler."""
+
+import typing
+import typing as t
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .lexer import describe_token
+from .lexer import describe_token_expr
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_ImportInclude = t.TypeVar("_ImportInclude", nodes.Import, nodes.Include)
+_MacroCall = t.TypeVar("_MacroCall", nodes.Macro, nodes.CallBlock)
+
+_statement_keywords = frozenset(
+    [
+        "for",
+        "if",
+        "block",
+        "extends",
+        "print",
+        "macro",
+        "include",
+        "from",
+        "import",
+        "set",
+        "with",
+        "autoescape",
+    ]
+)
+_compare_operators = frozenset(["eq", "ne", "lt", "lteq", "gt", "gteq"])
+
+_math_nodes: t.Dict[str, t.Type[nodes.Expr]] = {
+    "add": nodes.Add,
+    "sub": nodes.Sub,
+    "mul": nodes.Mul,
+    "div": nodes.Div,
+    "floordiv": nodes.FloorDiv,
+    "mod": nodes.Mod,
+}
+
+
+class Parser:
+    """This is the central parsing class Jinja uses.  It's passed to
+    extensions and can be used to parse expressions or statements.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> None:
+        self.environment = environment
+        self.stream = environment._tokenize(source, name, filename, state)
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.extensions: t.Dict[
+            str, t.Callable[["Parser"], t.Union[nodes.Node, t.List[nodes.Node]]]
+        ] = {}
+        for extension in environment.iter_extensions():
+            for tag in extension.tags:
+                self.extensions[tag] = extension.parse
+        self._last_identifier = 0
+        self._tag_stack: t.List[str] = []
+        self._end_token_stack: t.List[t.Tuple[str, ...]] = []
+
+    def fail(
+        self,
+        msg: str,
+        lineno: t.Optional[int] = None,
+        exc: t.Type[TemplateSyntaxError] = TemplateSyntaxError,
+    ) -> "te.NoReturn":
+        """Convenience method that raises `exc` with the message, passed
+        line number or last line number as well as the current name and
+        filename.
+        """
+        if lineno is None:
+            lineno = self.stream.current.lineno
+        raise exc(msg, lineno, self.name, self.filename)
+
+    def _fail_ut_eof(
+        self,
+        name: t.Optional[str],
+        end_token_stack: t.List[t.Tuple[str, ...]],
+        lineno: t.Optional[int],
+    ) -> "te.NoReturn":
+        expected: t.Set[str] = set()
+        for exprs in end_token_stack:
+            expected.update(map(describe_token_expr, exprs))
+        if end_token_stack:
+            currently_looking: t.Optional[str] = " or ".join(
+                map(repr, map(describe_token_expr, end_token_stack[-1]))
+            )
+        else:
+            currently_looking = None
+
+        if name is None:
+            message = ["Unexpected end of template."]
+        else:
+            message = [f"Encountered unknown tag {name!r}."]
+
+        if currently_looking:
+            if name is not None and name in expected:
+                message.append(
+                    "You probably made a nesting mistake. Jinja is expecting this tag,"
+                    f" but currently looking for {currently_looking}."
+                )
+            else:
+                message.append(
+                    f"Jinja was looking for the following tags: {currently_looking}."
+                )
+
+        if self._tag_stack:
+            message.append(
+                "The innermost block that needs to be closed is"
+                f" {self._tag_stack[-1]!r}."
+            )
+
+        self.fail(" ".join(message), lineno)
+
+    def fail_unknown_tag(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> "te.NoReturn":
+        """Called if the parser encounters an unknown tag.  Tries to fail
+        with a human readable error message that could help to identify
+        the problem.
+        """
+        self._fail_ut_eof(name, self._end_token_stack, lineno)
+
+    def fail_eof(
+        self,
+        end_tokens: t.Optional[t.Tuple[str, ...]] = None,
+        lineno: t.Optional[int] = None,
+    ) -> "te.NoReturn":
+        """Like fail_unknown_tag but for end of template situations."""
+        stack = list(self._end_token_stack)
+        if end_tokens is not None:
+            stack.append(end_tokens)
+        self._fail_ut_eof(None, stack, lineno)
+
+    def is_tuple_end(
+        self, extra_end_rules: t.Optional[t.Tuple[str, ...]] = None
+    ) -> bool:
+        """Are we at the end of a tuple?"""
+        if self.stream.current.type in ("variable_end", "block_end", "rparen"):
+            return True
+        elif extra_end_rules is not None:
+            return self.stream.current.test_any(extra_end_rules)  # type: ignore
+        return False
+
+    def free_identifier(self, lineno: t.Optional[int] = None) -> nodes.InternalName:
+        """Return a new free identifier as :class:`~jinja2.nodes.InternalName`."""
+        self._last_identifier += 1
+        rv = object.__new__(nodes.InternalName)
+        nodes.Node.__init__(rv, f"fi{self._last_identifier}", lineno=lineno)
+        return rv
+
+    def parse_statement(self) -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a single statement."""
+        token = self.stream.current
+        if token.type != "name":
+            self.fail("tag name expected", token.lineno)
+        self._tag_stack.append(token.value)
+        pop_tag = True
+        try:
+            if token.value in _statement_keywords:
+                f = getattr(self, f"parse_{self.stream.current.value}")
+                return f()  # type: ignore
+            if token.value == "call":
+                return self.parse_call_block()
+            if token.value == "filter":
+                return self.parse_filter_block()
+            ext = self.extensions.get(token.value)
+            if ext is not None:
+                return ext(self)
+
+            # did not work out, remove the token we pushed by accident
+            # from the stack so that the unknown tag fail function can
+            # produce a proper error message.
+            self._tag_stack.pop()
+            pop_tag = False
+            self.fail_unknown_tag(token.value, token.lineno)
+        finally:
+            if pop_tag:
+                self._tag_stack.pop()
+
+    def parse_statements(
+        self, end_tokens: t.Tuple[str, ...], drop_needle: bool = False
+    ) -> t.List[nodes.Node]:
+        """Parse multiple statements into a list until one of the end tokens
+        is reached.  This is used to parse the body of statements as it also
+        parses template data if appropriate.  The parser checks first if the
+        current token is a colon and skips it if there is one.  Then it checks
+        for the block end and parses until if one of the `end_tokens` is
+        reached.  Per default the active token in the stream at the end of
+        the call is the matched end token.  If this is not wanted `drop_needle`
+        can be set to `True` and the end token is removed.
+        """
+        # the first token may be a colon for python compatibility
+        self.stream.skip_if("colon")
+
+        # in the future it would be possible to add whole code sections
+        # by adding some sort of end of statement token and parsing those here.
+        self.stream.expect("block_end")
+        result = self.subparse(end_tokens)
+
+        # we reached the end of the template too early, the subparser
+        # does not check for this, so we do that now
+        if self.stream.current.type == "eof":
+            self.fail_eof(end_tokens)
+
+        if drop_needle:
+            next(self.stream)
+        return result
+
+    def parse_set(self) -> t.Union[nodes.Assign, nodes.AssignBlock]:
+        """Parse an assign statement."""
+        lineno = next(self.stream).lineno
+        target = self.parse_assign_target(with_namespace=True)
+        if self.stream.skip_if("assign"):
+            expr = self.parse_tuple()
+            return nodes.Assign(target, expr, lineno=lineno)
+        filter_node = self.parse_filter(None)
+        body = self.parse_statements(("name:endset",), drop_needle=True)
+        return nodes.AssignBlock(target, filter_node, body, lineno=lineno)
+
+    def parse_for(self) -> nodes.For:
+        """Parse a for loop."""
+        lineno = self.stream.expect("name:for").lineno
+        target = self.parse_assign_target(extra_end_rules=("name:in",))
+        self.stream.expect("name:in")
+        iter = self.parse_tuple(
+            with_condexpr=False, extra_end_rules=("name:recursive",)
+        )
+        test = None
+        if self.stream.skip_if("name:if"):
+            test = self.parse_expression()
+        recursive = self.stream.skip_if("name:recursive")
+        body = self.parse_statements(("name:endfor", "name:else"))
+        if next(self.stream).value == "endfor":
+            else_ = []
+        else:
+            else_ = self.parse_statements(("name:endfor",), drop_needle=True)
+        return nodes.For(target, iter, body, else_, test, recursive, lineno=lineno)
+
+    def parse_if(self) -> nodes.If:
+        """Parse an if construct."""
+        node = result = nodes.If(lineno=self.stream.expect("name:if").lineno)
+        while True:
+            node.test = self.parse_tuple(with_condexpr=False)
+            node.body = self.parse_statements(("name:elif", "name:else", "name:endif"))
+            node.elif_ = []
+            node.else_ = []
+            token = next(self.stream)
+            if token.test("name:elif"):
+                node = nodes.If(lineno=self.stream.current.lineno)
+                result.elif_.append(node)
+                continue
+            elif token.test("name:else"):
+                result.else_ = self.parse_statements(("name:endif",), drop_needle=True)
+            break
+        return result
+
+    def parse_with(self) -> nodes.With:
+        node = nodes.With(lineno=next(self.stream).lineno)
+        targets: t.List[nodes.Expr] = []
+        values: t.List[nodes.Expr] = []
+        while self.stream.current.type != "block_end":
+            if targets:
+                self.stream.expect("comma")
+            target = self.parse_assign_target()
+            target.set_ctx("param")
+            targets.append(target)
+            self.stream.expect("assign")
+            values.append(self.parse_expression())
+        node.targets = targets
+        node.values = values
+        node.body = self.parse_statements(("name:endwith",), drop_needle=True)
+        return node
+
+    def parse_autoescape(self) -> nodes.Scope:
+        node = nodes.ScopedEvalContextModifier(lineno=next(self.stream).lineno)
+        node.options = [nodes.Keyword("autoescape", self.parse_expression())]
+        node.body = self.parse_statements(("name:endautoescape",), drop_needle=True)
+        return nodes.Scope([node])
+
+    def parse_block(self) -> nodes.Block:
+        node = nodes.Block(lineno=next(self.stream).lineno)
+        node.name = self.stream.expect("name").value
+        node.scoped = self.stream.skip_if("name:scoped")
+        node.required = self.stream.skip_if("name:required")
+
+        # common problem people encounter when switching from django
+        # to jinja.  we do not support hyphens in block names, so let's
+        # raise a nicer error message in that case.
+        if self.stream.current.type == "sub":
+            self.fail(
+                "Block names in Jinja have to be valid Python identifiers and may not"
+                " contain hyphens, use an underscore instead."
+            )
+
+        node.body = self.parse_statements(("name:endblock",), drop_needle=True)
+
+        # enforce that required blocks only contain whitespace or comments
+        # by asserting that the body, if not empty, is just TemplateData nodes
+        # with whitespace data
+        if node.required:
+            for body_node in node.body:
+                if not isinstance(body_node, nodes.Output) or any(
+                    not isinstance(output_node, nodes.TemplateData)
+                    or not output_node.data.isspace()
+                    for output_node in body_node.nodes
+                ):
+                    self.fail("Required blocks can only contain comments or whitespace")
+
+        self.stream.skip_if("name:" + node.name)
+        return node
+
+    def parse_extends(self) -> nodes.Extends:
+        node = nodes.Extends(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        return node
+
+    def parse_import_context(
+        self, node: _ImportInclude, default: bool
+    ) -> _ImportInclude:
+        if self.stream.current.test_any(
+            "name:with", "name:without"
+        ) and self.stream.look().test("name:context"):
+            node.with_context = next(self.stream).value == "with"
+            self.stream.skip()
+        else:
+            node.with_context = default
+        return node
+
+    def parse_include(self) -> nodes.Include:
+        node = nodes.Include(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        if self.stream.current.test("name:ignore") and self.stream.look().test(
+            "name:missing"
+        ):
+            node.ignore_missing = True
+            self.stream.skip(2)
+        else:
+            node.ignore_missing = False
+        return self.parse_import_context(node, True)
+
+    def parse_import(self) -> nodes.Import:
+        node = nodes.Import(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:as")
+        node.target = self.parse_assign_target(name_only=True).name
+        return self.parse_import_context(node, False)
+
+    def parse_from(self) -> nodes.FromImport:
+        node = nodes.FromImport(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:import")
+        node.names = []
+
+        def parse_context() -> bool:
+            if self.stream.current.value in {
+                "with",
+                "without",
+            } and self.stream.look().test("name:context"):
+                node.with_context = next(self.stream).value == "with"
+                self.stream.skip()
+                return True
+            return False
+
+        while True:
+            if node.names:
+                self.stream.expect("comma")
+            if self.stream.current.type == "name":
+                if parse_context():
+                    break
+                target = self.parse_assign_target(name_only=True)
+                if target.name.startswith("_"):
+                    self.fail(
+                        "names starting with an underline can not be imported",
+                        target.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                if self.stream.skip_if("name:as"):
+                    alias = self.parse_assign_target(name_only=True)
+                    node.names.append((target.name, alias.name))
+                else:
+                    node.names.append(target.name)
+                if parse_context() or self.stream.current.type != "comma":
+                    break
+            else:
+                self.stream.expect("name")
+        if not hasattr(node, "with_context"):
+            node.with_context = False
+        return node
+
+    def parse_signature(self, node: _MacroCall) -> None:
+        args = node.args = []
+        defaults = node.defaults = []
+        self.stream.expect("lparen")
+        while self.stream.current.type != "rparen":
+            if args:
+                self.stream.expect("comma")
+            arg = self.parse_assign_target(name_only=True)
+            arg.set_ctx("param")
+            if self.stream.skip_if("assign"):
+                defaults.append(self.parse_expression())
+            elif defaults:
+                self.fail("non-default argument follows default argument")
+            args.append(arg)
+        self.stream.expect("rparen")
+
+    def parse_call_block(self) -> nodes.CallBlock:
+        node = nodes.CallBlock(lineno=next(self.stream).lineno)
+        if self.stream.current.type == "lparen":
+            self.parse_signature(node)
+        else:
+            node.args = []
+            node.defaults = []
+
+        call_node = self.parse_expression()
+        if not isinstance(call_node, nodes.Call):
+            self.fail("expected call", node.lineno)
+        node.call = call_node
+        node.body = self.parse_statements(("name:endcall",), drop_needle=True)
+        return node
+
+    def parse_filter_block(self) -> nodes.FilterBlock:
+        node = nodes.FilterBlock(lineno=next(self.stream).lineno)
+        node.filter = self.parse_filter(None, start_inline=True)  # type: ignore
+        node.body = self.parse_statements(("name:endfilter",), drop_needle=True)
+        return node
+
+    def parse_macro(self) -> nodes.Macro:
+        node = nodes.Macro(lineno=next(self.stream).lineno)
+        node.name = self.parse_assign_target(name_only=True).name
+        self.parse_signature(node)
+        node.body = self.parse_statements(("name:endmacro",), drop_needle=True)
+        return node
+
+    def parse_print(self) -> nodes.Output:
+        node = nodes.Output(lineno=next(self.stream).lineno)
+        node.nodes = []
+        while self.stream.current.type != "block_end":
+            if node.nodes:
+                self.stream.expect("comma")
+            node.nodes.append(self.parse_expression())
+        return node
+
+    @typing.overload
+    def parse_assign_target(
+        self, with_tuple: bool = ..., name_only: "te.Literal[True]" = ...
+    ) -> nodes.Name: ...
+
+    @typing.overload
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]: ...
+
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]:
+        """Parse an assignment target.  As Jinja allows assignments to
+        tuples, this function can parse all allowed assignment targets.  Per
+        default assignments to tuples are parsed, that can be disable however
+        by setting `with_tuple` to `False`.  If only assignments to names are
+        wanted `name_only` can be set to `True`.  The `extra_end_rules`
+        parameter is forwarded to the tuple parsing function.  If
+        `with_namespace` is enabled, a namespace assignment may be parsed.
+        """
+        target: nodes.Expr
+
+        if with_namespace and self.stream.look().type == "dot":
+            token = self.stream.expect("name")
+            next(self.stream)  # dot
+            attr = self.stream.expect("name")
+            target = nodes.NSRef(token.value, attr.value, lineno=token.lineno)
+        elif name_only:
+            token = self.stream.expect("name")
+            target = nodes.Name(token.value, "store", lineno=token.lineno)
+        else:
+            if with_tuple:
+                target = self.parse_tuple(
+                    simplified=True, extra_end_rules=extra_end_rules
+                )
+            else:
+                target = self.parse_primary()
+
+            target.set_ctx("store")
+
+        if not target.can_assign():
+            self.fail(
+                f"can't assign to {type(target).__name__.lower()!r}", target.lineno
+            )
+
+        return target  # type: ignore
+
+    def parse_expression(self, with_condexpr: bool = True) -> nodes.Expr:
+        """Parse an expression.  Per default all expressions are parsed, if
+        the optional `with_condexpr` parameter is set to `False` conditional
+        expressions are not parsed.
+        """
+        if with_condexpr:
+            return self.parse_condexpr()
+        return self.parse_or()
+
+    def parse_condexpr(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr1 = self.parse_or()
+        expr3: t.Optional[nodes.Expr]
+
+        while self.stream.skip_if("name:if"):
+            expr2 = self.parse_or()
+            if self.stream.skip_if("name:else"):
+                expr3 = self.parse_condexpr()
+            else:
+                expr3 = None
+            expr1 = nodes.CondExpr(expr2, expr1, expr3, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return expr1
+
+    def parse_or(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_and()
+        while self.stream.skip_if("name:or"):
+            right = self.parse_and()
+            left = nodes.Or(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_and(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_not()
+        while self.stream.skip_if("name:and"):
+            right = self.parse_not()
+            left = nodes.And(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_not(self) -> nodes.Expr:
+        if self.stream.current.test("name:not"):
+            lineno = next(self.stream).lineno
+            return nodes.Not(self.parse_not(), lineno=lineno)
+        return self.parse_compare()
+
+    def parse_compare(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr = self.parse_math1()
+        ops = []
+        while True:
+            token_type = self.stream.current.type
+            if token_type in _compare_operators:
+                next(self.stream)
+                ops.append(nodes.Operand(token_type, self.parse_math1()))
+            elif self.stream.skip_if("name:in"):
+                ops.append(nodes.Operand("in", self.parse_math1()))
+            elif self.stream.current.test("name:not") and self.stream.look().test(
+                "name:in"
+            ):
+                self.stream.skip(2)
+                ops.append(nodes.Operand("notin", self.parse_math1()))
+            else:
+                break
+            lineno = self.stream.current.lineno
+        if not ops:
+            return expr
+        return nodes.Compare(expr, ops, lineno=lineno)
+
+    def parse_math1(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_concat()
+        while self.stream.current.type in ("add", "sub"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_concat()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_concat(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args = [self.parse_math2()]
+        while self.stream.current.type == "tilde":
+            next(self.stream)
+            args.append(self.parse_math2())
+        if len(args) == 1:
+            return args[0]
+        return nodes.Concat(args, lineno=lineno)
+
+    def parse_math2(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_pow()
+        while self.stream.current.type in ("mul", "div", "floordiv", "mod"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_pow()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_pow(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_unary()
+        while self.stream.current.type == "pow":
+            next(self.stream)
+            right = self.parse_unary()
+            left = nodes.Pow(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_unary(self, with_filter: bool = True) -> nodes.Expr:
+        token_type = self.stream.current.type
+        lineno = self.stream.current.lineno
+        node: nodes.Expr
+
+        if token_type == "sub":
+            next(self.stream)
+            node = nodes.Neg(self.parse_unary(False), lineno=lineno)
+        elif token_type == "add":
+            next(self.stream)
+            node = nodes.Pos(self.parse_unary(False), lineno=lineno)
+        else:
+            node = self.parse_primary()
+        node = self.parse_postfix(node)
+        if with_filter:
+            node = self.parse_filter_expr(node)
+        return node
+
+    def parse_primary(self) -> nodes.Expr:
+        token = self.stream.current
+        node: nodes.Expr
+        if token.type == "name":
+            if token.value in ("true", "false", "True", "False"):
+                node = nodes.Const(token.value in ("true", "True"), lineno=token.lineno)
+            elif token.value in ("none", "None"):
+                node = nodes.Const(None, lineno=token.lineno)
+            else:
+                node = nodes.Name(token.value, "load", lineno=token.lineno)
+            next(self.stream)
+        elif token.type == "string":
+            next(self.stream)
+            buf = [token.value]
+            lineno = token.lineno
+            while self.stream.current.type == "string":
+                buf.append(self.stream.current.value)
+                next(self.stream)
+            node = nodes.Const("".join(buf), lineno=lineno)
+        elif token.type in ("integer", "float"):
+            next(self.stream)
+            node = nodes.Const(token.value, lineno=token.lineno)
+        elif token.type == "lparen":
+            next(self.stream)
+            node = self.parse_tuple(explicit_parentheses=True)
+            self.stream.expect("rparen")
+        elif token.type == "lbracket":
+            node = self.parse_list()
+        elif token.type == "lbrace":
+            node = self.parse_dict()
+        else:
+            self.fail(f"unexpected {describe_token(token)!r}", token.lineno)
+        return node
+
+    def parse_tuple(
+        self,
+        simplified: bool = False,
+        with_condexpr: bool = True,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        explicit_parentheses: bool = False,
+    ) -> t.Union[nodes.Tuple, nodes.Expr]:
+        """Works like `parse_expression` but if multiple expressions are
+        delimited by a comma a :class:`~jinja2.nodes.Tuple` node is created.
+        This method could also return a regular expression instead of a tuple
+        if no commas where found.
+
+        The default parsing mode is a full tuple.  If `simplified` is `True`
+        only names and literals are parsed.  The `no_condexpr` parameter is
+        forwarded to :meth:`parse_expression`.
+
+        Because tuples do not require delimiters and may end in a bogus comma
+        an extra hint is needed that marks the end of a tuple.  For example
+        for loops support tuples between `for` and `in`.  In that case the
+        `extra_end_rules` is set to ``['name:in']``.
+
+        `explicit_parentheses` is true if the parsing was triggered by an
+        expression in parentheses.  This is used to figure out if an empty
+        tuple is a valid expression or not.
+        """
+        lineno = self.stream.current.lineno
+        if simplified:
+            parse = self.parse_primary
+        elif with_condexpr:
+            parse = self.parse_expression
+        else:
+
+            def parse() -> nodes.Expr:
+                return self.parse_expression(with_condexpr=False)
+
+        args: t.List[nodes.Expr] = []
+        is_tuple = False
+
+        while True:
+            if args:
+                self.stream.expect("comma")
+            if self.is_tuple_end(extra_end_rules):
+                break
+            args.append(parse())
+            if self.stream.current.type == "comma":
+                is_tuple = True
+            else:
+                break
+            lineno = self.stream.current.lineno
+
+        if not is_tuple:
+            if args:
+                return args[0]
+
+            # if we don't have explicit parentheses, an empty tuple is
+            # not a valid expression.  This would mean nothing (literally
+            # nothing) in the spot of an expression would be an empty
+            # tuple.
+            if not explicit_parentheses:
+                self.fail(
+                    "Expected an expression,"
+                    f" got {describe_token(self.stream.current)!r}"
+                )
+
+        return nodes.Tuple(args, "load", lineno=lineno)
+
+    def parse_list(self) -> nodes.List:
+        token = self.stream.expect("lbracket")
+        items: t.List[nodes.Expr] = []
+        while self.stream.current.type != "rbracket":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbracket":
+                break
+            items.append(self.parse_expression())
+        self.stream.expect("rbracket")
+        return nodes.List(items, lineno=token.lineno)
+
+    def parse_dict(self) -> nodes.Dict:
+        token = self.stream.expect("lbrace")
+        items: t.List[nodes.Pair] = []
+        while self.stream.current.type != "rbrace":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbrace":
+                break
+            key = self.parse_expression()
+            self.stream.expect("colon")
+            value = self.parse_expression()
+            items.append(nodes.Pair(key, value, lineno=key.lineno))
+        self.stream.expect("rbrace")
+        return nodes.Dict(items, lineno=token.lineno)
+
+    def parse_postfix(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "dot" or token_type == "lbracket":
+                node = self.parse_subscript(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_filter_expr(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "pipe":
+                node = self.parse_filter(node)  # type: ignore
+            elif token_type == "name" and self.stream.current.value == "is":
+                node = self.parse_test(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_subscript(
+        self, node: nodes.Expr
+    ) -> t.Union[nodes.Getattr, nodes.Getitem]:
+        token = next(self.stream)
+        arg: nodes.Expr
+
+        if token.type == "dot":
+            attr_token = self.stream.current
+            next(self.stream)
+            if attr_token.type == "name":
+                return nodes.Getattr(
+                    node, attr_token.value, "load", lineno=token.lineno
+                )
+            elif attr_token.type != "integer":
+                self.fail("expected name or number", attr_token.lineno)
+            arg = nodes.Const(attr_token.value, lineno=attr_token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        if token.type == "lbracket":
+            args: t.List[nodes.Expr] = []
+            while self.stream.current.type != "rbracket":
+                if args:
+                    self.stream.expect("comma")
+                args.append(self.parse_subscribed())
+            self.stream.expect("rbracket")
+            if len(args) == 1:
+                arg = args[0]
+            else:
+                arg = nodes.Tuple(args, "load", lineno=token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        self.fail("expected subscript expression", token.lineno)
+
+    def parse_subscribed(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args: t.List[t.Optional[nodes.Expr]]
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            args = [None]
+        else:
+            node = self.parse_expression()
+            if self.stream.current.type != "colon":
+                return node
+            next(self.stream)
+            args = [node]
+
+        if self.stream.current.type == "colon":
+            args.append(None)
+        elif self.stream.current.type not in ("rbracket", "comma"):
+            args.append(self.parse_expression())
+        else:
+            args.append(None)
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            if self.stream.current.type not in ("rbracket", "comma"):
+                args.append(self.parse_expression())
+            else:
+                args.append(None)
+        else:
+            args.append(None)
+
+        return nodes.Slice(lineno=lineno, *args)  # noqa: B026
+
+    def parse_call_args(
+        self,
+    ) -> t.Tuple[
+        t.List[nodes.Expr],
+        t.List[nodes.Keyword],
+        t.Optional[nodes.Expr],
+        t.Optional[nodes.Expr],
+    ]:
+        token = self.stream.expect("lparen")
+        args = []
+        kwargs = []
+        dyn_args = None
+        dyn_kwargs = None
+        require_comma = False
+
+        def ensure(expr: bool) -> None:
+            if not expr:
+                self.fail("invalid syntax for function call expression", token.lineno)
+
+        while self.stream.current.type != "rparen":
+            if require_comma:
+                self.stream.expect("comma")
+
+                # support for trailing comma
+                if self.stream.current.type == "rparen":
+                    break
+
+            if self.stream.current.type == "mul":
+                ensure(dyn_args is None and dyn_kwargs is None)
+                next(self.stream)
+                dyn_args = self.parse_expression()
+            elif self.stream.current.type == "pow":
+                ensure(dyn_kwargs is None)
+                next(self.stream)
+                dyn_kwargs = self.parse_expression()
+            else:
+                if (
+                    self.stream.current.type == "name"
+                    and self.stream.look().type == "assign"
+                ):
+                    # Parsing a kwarg
+                    ensure(dyn_kwargs is None)
+                    key = self.stream.current.value
+                    self.stream.skip(2)
+                    value = self.parse_expression()
+                    kwargs.append(nodes.Keyword(key, value, lineno=value.lineno))
+                else:
+                    # Parsing an arg
+                    ensure(dyn_args is None and dyn_kwargs is None and not kwargs)
+                    args.append(self.parse_expression())
+
+            require_comma = True
+
+        self.stream.expect("rparen")
+        return args, kwargs, dyn_args, dyn_kwargs
+
+    def parse_call(self, node: nodes.Expr) -> nodes.Call:
+        # The lparen will be expected in parse_call_args, but the lineno
+        # needs to be recorded before the stream is advanced.
+        token = self.stream.current
+        args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        return nodes.Call(node, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno)
+
+    def parse_filter(
+        self, node: t.Optional[nodes.Expr], start_inline: bool = False
+    ) -> t.Optional[nodes.Expr]:
+        while self.stream.current.type == "pipe" or start_inline:
+            if not start_inline:
+                next(self.stream)
+            token = self.stream.expect("name")
+            name = token.value
+            while self.stream.current.type == "dot":
+                next(self.stream)
+                name += "." + self.stream.expect("name").value
+            if self.stream.current.type == "lparen":
+                args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+            else:
+                args = []
+                kwargs = []
+                dyn_args = dyn_kwargs = None
+            node = nodes.Filter(
+                node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+            )
+            start_inline = False
+        return node
+
+    def parse_test(self, node: nodes.Expr) -> nodes.Expr:
+        token = next(self.stream)
+        if self.stream.current.test("name:not"):
+            next(self.stream)
+            negated = True
+        else:
+            negated = False
+        name = self.stream.expect("name").value
+        while self.stream.current.type == "dot":
+            next(self.stream)
+            name += "." + self.stream.expect("name").value
+        dyn_args = dyn_kwargs = None
+        kwargs: t.List[nodes.Keyword] = []
+        if self.stream.current.type == "lparen":
+            args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        elif self.stream.current.type in {
+            "name",
+            "string",
+            "integer",
+            "float",
+            "lparen",
+            "lbracket",
+            "lbrace",
+        } and not self.stream.current.test_any("name:else", "name:or", "name:and"):
+            if self.stream.current.test("name:is"):
+                self.fail("You cannot chain multiple tests with is")
+            arg_node = self.parse_primary()
+            arg_node = self.parse_postfix(arg_node)
+            args = [arg_node]
+        else:
+            args = []
+        node = nodes.Test(
+            node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+        )
+        if negated:
+            node = nodes.Not(node, lineno=token.lineno)
+        return node
+
+    def subparse(
+        self, end_tokens: t.Optional[t.Tuple[str, ...]] = None
+    ) -> t.List[nodes.Node]:
+        body: t.List[nodes.Node] = []
+        data_buffer: t.List[nodes.Node] = []
+        add_data = data_buffer.append
+
+        if end_tokens is not None:
+            self._end_token_stack.append(end_tokens)
+
+        def flush_data() -> None:
+            if data_buffer:
+                lineno = data_buffer[0].lineno
+                body.append(nodes.Output(data_buffer[:], lineno=lineno))
+                del data_buffer[:]
+
+        try:
+            while self.stream:
+                token = self.stream.current
+                if token.type == "data":
+                    if token.value:
+                        add_data(nodes.TemplateData(token.value, lineno=token.lineno))
+                    next(self.stream)
+                elif token.type == "variable_begin":
+                    next(self.stream)
+                    add_data(self.parse_tuple(with_condexpr=True))
+                    self.stream.expect("variable_end")
+                elif token.type == "block_begin":
+                    flush_data()
+                    next(self.stream)
+                    if end_tokens is not None and self.stream.current.test_any(
+                        *end_tokens
+                    ):
+                        return body
+                    rv = self.parse_statement()
+                    if isinstance(rv, list):
+                        body.extend(rv)
+                    else:
+                        body.append(rv)
+                    self.stream.expect("block_end")
+                else:
+                    raise AssertionError("internal parsing error")
+
+            flush_data()
+        finally:
+            if end_tokens is not None:
+                self._end_token_stack.pop()
+        return body
+
+    def parse(self) -> nodes.Template:
+        """Parse the whole template into a `Template` node."""
+        result = nodes.Template(self.subparse(), lineno=1)
+        result.set_environment(self.environment)
+        return result
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/py.typed b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/runtime.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/runtime.py
new file mode 100644
index 000000000..4325c8deb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/runtime.py
@@ -0,0 +1,1056 @@
+"""The runtime functions and state used by compiled templates."""
+
+import functools
+import sys
+import typing as t
+from collections import abc
+from itertools import chain
+
+from markupsafe import escape  # noqa: F401
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import auto_aiter
+from .async_utils import auto_await  # noqa: F401
+from .exceptions import TemplateNotFound  # noqa: F401
+from .exceptions import TemplateRuntimeError  # noqa: F401
+from .exceptions import UndefinedError
+from .nodes import EvalContext
+from .utils import _PassArg
+from .utils import concat
+from .utils import internalcode
+from .utils import missing
+from .utils import Namespace  # noqa: F401
+from .utils import object_type_repr
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+if t.TYPE_CHECKING:
+    import logging
+
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class LoopRenderFunc(te.Protocol):
+        def __call__(
+            self,
+            reciter: t.Iterable[V],
+            loop_render_func: "LoopRenderFunc",
+            depth: int = 0,
+        ) -> str: ...
+
+
+# these variables are exported to the template runtime
+exported = [
+    "LoopContext",
+    "TemplateReference",
+    "Macro",
+    "Markup",
+    "TemplateRuntimeError",
+    "missing",
+    "escape",
+    "markup_join",
+    "str_join",
+    "identity",
+    "TemplateNotFound",
+    "Namespace",
+    "Undefined",
+    "internalcode",
+]
+async_exported = [
+    "AsyncLoopContext",
+    "auto_aiter",
+    "auto_await",
+]
+
+
+def identity(x: V) -> V:
+    """Returns its argument. Useful for certain things in the
+    environment.
+    """
+    return x
+
+
+def markup_join(seq: t.Iterable[t.Any]) -> str:
+    """Concatenation that escapes if necessary and converts to string."""
+    buf = []
+    iterator = map(soft_str, seq)
+    for arg in iterator:
+        buf.append(arg)
+        if hasattr(arg, "__html__"):
+            return Markup("").join(chain(buf, iterator))
+    return concat(buf)
+
+
+def str_join(seq: t.Iterable[t.Any]) -> str:
+    """Simple args to string conversion and concatenation."""
+    return concat(map(str, seq))
+
+
+def new_context(
+    environment: "Environment",
+    template_name: t.Optional[str],
+    blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+    vars: t.Optional[t.Dict[str, t.Any]] = None,
+    shared: bool = False,
+    globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    locals: t.Optional[t.Mapping[str, t.Any]] = None,
+) -> "Context":
+    """Internal helper for context creation."""
+    if vars is None:
+        vars = {}
+    if shared:
+        parent = vars
+    else:
+        parent = dict(globals or (), **vars)
+    if locals:
+        # if the parent is shared a copy should be created because
+        # we don't want to modify the dict passed
+        if shared:
+            parent = dict(parent)
+        for key, value in locals.items():
+            if value is not missing:
+                parent[key] = value
+    return environment.context_class(
+        environment, parent, template_name, blocks, globals=globals
+    )
+
+
+class TemplateReference:
+    """The `self` in templates."""
+
+    def __init__(self, context: "Context") -> None:
+        self.__context = context
+
+    def __getitem__(self, name: str) -> t.Any:
+        blocks = self.__context.blocks[name]
+        return BlockReference(name, self.__context, blocks, 0)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.__context.name!r}>"
+
+
+def _dict_method_all(dict_method: F) -> F:
+    @functools.wraps(dict_method)
+    def f_all(self: "Context") -> t.Any:
+        return dict_method(self.get_all())
+
+    return t.cast(F, f_all)
+
+
+@abc.Mapping.register
+class Context:
+    """The template context holds the variables of a template.  It stores the
+    values passed to the template and also the names the template exports.
+    Creating instances is neither supported nor useful as it's created
+    automatically at various stages of the template evaluation and should not
+    be created by hand.
+
+    The context is immutable.  Modifications on :attr:`parent` **must not**
+    happen and modifications on :attr:`vars` are allowed from generated
+    template code only.  Template filters and global functions marked as
+    :func:`pass_context` get the active context passed as first argument
+    and are allowed to access the context read-only.
+
+    The template context supports read only dict operations (`get`,
+    `keys`, `values`, `items`, `iterkeys`, `itervalues`, `iteritems`,
+    `__getitem__`, `__contains__`).  Additionally there is a :meth:`resolve`
+    method that doesn't fail with a `KeyError` but returns an
+    :class:`Undefined` object for missing variables.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        parent: t.Dict[str, t.Any],
+        name: t.Optional[str],
+        blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ):
+        self.parent = parent
+        self.vars: t.Dict[str, t.Any] = {}
+        self.environment: "Environment" = environment
+        self.eval_ctx = EvalContext(self.environment, name)
+        self.exported_vars: t.Set[str] = set()
+        self.name = name
+        self.globals_keys = set() if globals is None else set(globals)
+
+        # create the initial mapping of blocks.  Whenever template inheritance
+        # takes place the runtime will update this mapping with the new blocks
+        # from the template.
+        self.blocks = {k: [v] for k, v in blocks.items()}
+
+    def super(
+        self, name: str, current: t.Callable[["Context"], t.Iterator[str]]
+    ) -> t.Union["BlockReference", "Undefined"]:
+        """Render a parent block."""
+        try:
+            blocks = self.blocks[name]
+            index = blocks.index(current) + 1
+            blocks[index]
+        except LookupError:
+            return self.environment.undefined(
+                f"there is no parent block called {name!r}.", name="super"
+            )
+        return BlockReference(name, self, blocks, index)
+
+    def get(self, key: str, default: t.Any = None) -> t.Any:
+        """Look up a variable by name, or return a default if the key is
+        not found.
+
+        :param key: The variable name to look up.
+        :param default: The value to return if the key is not found.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def resolve(self, key: str) -> t.Union[t.Any, "Undefined"]:
+        """Look up a variable by name, or return an :class:`Undefined`
+        object if the key is not found.
+
+        If you need to add custom behavior, override
+        :meth:`resolve_or_missing`, not this method. The various lookup
+        functions use that method, not this one.
+
+        :param key: The variable name to look up.
+        """
+        rv = self.resolve_or_missing(key)
+
+        if rv is missing:
+            return self.environment.undefined(name=key)
+
+        return rv
+
+    def resolve_or_missing(self, key: str) -> t.Any:
+        """Look up a variable by name, or return a ``missing`` sentinel
+        if the key is not found.
+
+        Override this method to add custom lookup behavior.
+        :meth:`resolve`, :meth:`get`, and :meth:`__getitem__` use this
+        method. Don't call this method directly.
+
+        :param key: The variable name to look up.
+        """
+        if key in self.vars:
+            return self.vars[key]
+
+        if key in self.parent:
+            return self.parent[key]
+
+        return missing
+
+    def get_exported(self) -> t.Dict[str, t.Any]:
+        """Get a new dict with the exported variables."""
+        return {k: self.vars[k] for k in self.exported_vars}
+
+    def get_all(self) -> t.Dict[str, t.Any]:
+        """Return the complete context as dict including the exported
+        variables.  For optimizations reasons this might not return an
+        actual copy so be careful with using it.
+        """
+        if not self.vars:
+            return self.parent
+        if not self.parent:
+            return self.vars
+        return dict(self.parent, **self.vars)
+
+    @internalcode
+    def call(
+        __self,
+        __obj: t.Callable[..., t.Any],
+        *args: t.Any,
+        **kwargs: t.Any,  # noqa: B902
+    ) -> t.Union[t.Any, "Undefined"]:
+        """Call the callable with the arguments and keyword arguments
+        provided but inject the active context or environment as first
+        argument if the callable has :func:`pass_context` or
+        :func:`pass_environment`.
+        """
+        if __debug__:
+            __traceback_hide__ = True  # noqa
+
+        # Allow callable classes to take a context
+        if (
+            hasattr(__obj, "__call__")  # noqa: B004
+            and _PassArg.from_obj(__obj.__call__) is not None
+        ):
+            __obj = __obj.__call__
+
+        pass_arg = _PassArg.from_obj(__obj)
+
+        if pass_arg is _PassArg.context:
+            # the active context should have access to variables set in
+            # loops and blocks without mutating the context itself
+            if kwargs.get("_loop_vars"):
+                __self = __self.derived(kwargs["_loop_vars"])
+            if kwargs.get("_block_vars"):
+                __self = __self.derived(kwargs["_block_vars"])
+            args = (__self,) + args
+        elif pass_arg is _PassArg.eval_context:
+            args = (__self.eval_ctx,) + args
+        elif pass_arg is _PassArg.environment:
+            args = (__self.environment,) + args
+
+        kwargs.pop("_block_vars", None)
+        kwargs.pop("_loop_vars", None)
+
+        try:
+            return __obj(*args, **kwargs)
+        except StopIteration:
+            return __self.environment.undefined(
+                "value was undefined because a callable raised a"
+                " StopIteration exception"
+            )
+
+    def derived(self, locals: t.Optional[t.Dict[str, t.Any]] = None) -> "Context":
+        """Internal helper function to create a derived context.  This is
+        used in situations where the system needs a new context in the same
+        template that is independent.
+        """
+        context = new_context(
+            self.environment, self.name, {}, self.get_all(), True, None, locals
+        )
+        context.eval_ctx = self.eval_ctx
+        context.blocks.update((k, list(v)) for k, v in self.blocks.items())
+        return context
+
+    keys = _dict_method_all(dict.keys)
+    values = _dict_method_all(dict.values)
+    items = _dict_method_all(dict.items)
+
+    def __contains__(self, name: str) -> bool:
+        return name in self.vars or name in self.parent
+
+    def __getitem__(self, key: str) -> t.Any:
+        """Look up a variable by name with ``[]`` syntax, or raise a
+        ``KeyError`` if the key is not found.
+        """
+        item = self.resolve_or_missing(key)
+
+        if item is missing:
+            raise KeyError(key)
+
+        return item
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.get_all()!r} of {self.name!r}>"
+
+
+class BlockReference:
+    """One block on a template reference."""
+
+    def __init__(
+        self,
+        name: str,
+        context: "Context",
+        stack: t.List[t.Callable[["Context"], t.Iterator[str]]],
+        depth: int,
+    ) -> None:
+        self.name = name
+        self._context = context
+        self._stack = stack
+        self._depth = depth
+
+    @property
+    def super(self) -> t.Union["BlockReference", "Undefined"]:
+        """Super the block."""
+        if self._depth + 1 >= len(self._stack):
+            return self._context.environment.undefined(
+                f"there is no parent block called {self.name!r}.", name="super"
+            )
+        return BlockReference(self.name, self._context, self._stack, self._depth + 1)
+
+    @internalcode
+    async def _async_call(self) -> str:
+        rv = concat(
+            [x async for x in self._stack[self._depth](self._context)]  # type: ignore
+        )
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+    @internalcode
+    def __call__(self) -> str:
+        if self._context.environment.is_async:
+            return self._async_call()  # type: ignore
+
+        rv = concat(self._stack[self._depth](self._context))
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+
+class LoopContext:
+    """A wrapper iterable for dynamic ``for`` loops, with information
+    about the loop and iteration.
+    """
+
+    #: Current iteration of the loop, starting at 0.
+    index0 = -1
+
+    _length: t.Optional[int] = None
+    _after: t.Any = missing
+    _current: t.Any = missing
+    _before: t.Any = missing
+    _last_changed_value: t.Any = missing
+
+    def __init__(
+        self,
+        iterable: t.Iterable[V],
+        undefined: t.Type["Undefined"],
+        recurse: t.Optional["LoopRenderFunc"] = None,
+        depth0: int = 0,
+    ) -> None:
+        """
+        :param iterable: Iterable to wrap.
+        :param undefined: :class:`Undefined` class to use for next and
+            previous items.
+        :param recurse: The function to render the loop body when the
+            loop is marked recursive.
+        :param depth0: Incremented when looping recursively.
+        """
+        self._iterable = iterable
+        self._iterator = self._to_iterator(iterable)
+        self._undefined = undefined
+        self._recurse = recurse
+        #: How many levels deep a recursive loop currently is, starting at 0.
+        self.depth0 = depth0
+
+    @staticmethod
+    def _to_iterator(iterable: t.Iterable[V]) -> t.Iterator[V]:
+        return iter(iterable)
+
+    @property
+    def length(self) -> int:
+        """Length of the iterable.
+
+        If the iterable is a generator or otherwise does not have a
+        size, it is eagerly evaluated to get a size.
+        """
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = list(self._iterator)
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    def __len__(self) -> int:
+        return self.length
+
+    @property
+    def depth(self) -> int:
+        """How many levels deep a recursive loop currently is, starting at 1."""
+        return self.depth0 + 1
+
+    @property
+    def index(self) -> int:
+        """Current iteration of the loop, starting at 1."""
+        return self.index0 + 1
+
+    @property
+    def revindex0(self) -> int:
+        """Number of iterations from the end of the loop, ending at 0.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index
+
+    @property
+    def revindex(self) -> int:
+        """Number of iterations from the end of the loop, ending at 1.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index0
+
+    @property
+    def first(self) -> bool:
+        """Whether this is the first iteration of the loop."""
+        return self.index0 == 0
+
+    def _peek_next(self) -> t.Any:
+        """Return the next element in the iterable, or :data:`missing`
+        if the iterable is exhausted. Only peeks one item ahead, caching
+        the result in :attr:`_last` for use in subsequent checks. The
+        cache is reset when :meth:`__next__` is called.
+        """
+        if self._after is not missing:
+            return self._after
+
+        self._after = next(self._iterator, missing)
+        return self._after
+
+    @property
+    def last(self) -> bool:
+        """Whether this is the last iteration of the loop.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`groupby` filter avoids that issue.
+        """
+        return self._peek_next() is missing
+
+    @property
+    def previtem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the previous iteration. Undefined during the
+        first iteration.
+        """
+        if self.first:
+            return self._undefined("there is no previous item")
+
+        return self._before
+
+    @property
+    def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the next iteration. Undefined during the last
+        iteration.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`jinja-filters.groupby` filter avoids that issue.
+        """
+        rv = self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def cycle(self, *args: V) -> V:
+        """Return a value from the given args, cycling through based on
+        the current :attr:`index0`.
+
+        :param args: One or more values to cycle through.
+        """
+        if not args:
+            raise TypeError("no items for cycling given")
+
+        return args[self.index0 % len(args)]
+
+    def changed(self, *value: t.Any) -> bool:
+        """Return ``True`` if previously called with a different value
+        (including when called for the first time).
+
+        :param value: One or more values to compare to the last call.
+        """
+        if self._last_changed_value != value:
+            self._last_changed_value = value
+            return True
+
+        return False
+
+    def __iter__(self) -> "LoopContext":
+        return self
+
+    def __next__(self) -> t.Tuple[t.Any, "LoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = next(self._iterator)
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+    @internalcode
+    def __call__(self, iterable: t.Iterable[V]) -> str:
+        """When iterating over nested data, render the body of the loop
+        recursively with the given inner iterable data.
+
+        The loop must have the ``recursive`` marker for this to work.
+        """
+        if self._recurse is None:
+            raise TypeError(
+                "The loop must have the 'recursive' marker to be called recursively."
+            )
+
+        return self._recurse(iterable, self._recurse, depth=self.depth)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.index}/{self.length}>"
+
+
+class AsyncLoopContext(LoopContext):
+    _iterator: t.AsyncIterator[t.Any]  # type: ignore
+
+    @staticmethod
+    def _to_iterator(  # type: ignore
+        iterable: t.Union[t.Iterable[V], t.AsyncIterable[V]],
+    ) -> t.AsyncIterator[V]:
+        return auto_aiter(iterable)
+
+    @property
+    async def length(self) -> int:  # type: ignore
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = [x async for x in self._iterator]
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    @property
+    async def revindex0(self) -> int:  # type: ignore
+        return await self.length - self.index
+
+    @property
+    async def revindex(self) -> int:  # type: ignore
+        return await self.length - self.index0
+
+    async def _peek_next(self) -> t.Any:
+        if self._after is not missing:
+            return self._after
+
+        try:
+            self._after = await self._iterator.__anext__()
+        except StopAsyncIteration:
+            self._after = missing
+
+        return self._after
+
+    @property
+    async def last(self) -> bool:  # type: ignore
+        return await self._peek_next() is missing
+
+    @property
+    async def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        rv = await self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def __aiter__(self) -> "AsyncLoopContext":
+        return self
+
+    async def __anext__(self) -> t.Tuple[t.Any, "AsyncLoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = await self._iterator.__anext__()
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+
+class Macro:
+    """Wraps a macro function."""
+
+    def __init__(
+        self,
+        environment: "Environment",
+        func: t.Callable[..., str],
+        name: str,
+        arguments: t.List[str],
+        catch_kwargs: bool,
+        catch_varargs: bool,
+        caller: bool,
+        default_autoescape: t.Optional[bool] = None,
+    ):
+        self._environment = environment
+        self._func = func
+        self._argument_count = len(arguments)
+        self.name = name
+        self.arguments = arguments
+        self.catch_kwargs = catch_kwargs
+        self.catch_varargs = catch_varargs
+        self.caller = caller
+        self.explicit_caller = "caller" in arguments
+
+        if default_autoescape is None:
+            if callable(environment.autoescape):
+                default_autoescape = environment.autoescape(None)
+            else:
+                default_autoescape = environment.autoescape
+
+        self._default_autoescape = default_autoescape
+
+    @internalcode
+    @pass_eval_context
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> str:
+        # This requires a bit of explanation,  In the past we used to
+        # decide largely based on compile-time information if a macro is
+        # safe or unsafe.  While there was a volatile mode it was largely
+        # unused for deciding on escaping.  This turns out to be
+        # problematic for macros because whether a macro is safe depends not
+        # on the escape mode when it was defined, but rather when it was used.
+        #
+        # Because however we export macros from the module system and
+        # there are historic callers that do not pass an eval context (and
+        # will continue to not pass one), we need to perform an instance
+        # check here.
+        #
+        # This is considered safe because an eval context is not a valid
+        # argument to callables otherwise anyway.  Worst case here is
+        # that if no eval context is passed we fall back to the compile
+        # time autoescape flag.
+        if args and isinstance(args[0], EvalContext):
+            autoescape = args[0].autoescape
+            args = args[1:]
+        else:
+            autoescape = self._default_autoescape
+
+        # try to consume the positional arguments
+        arguments = list(args[: self._argument_count])
+        off = len(arguments)
+
+        # For information why this is necessary refer to the handling
+        # of caller in the `macro_body` handler in the compiler.
+        found_caller = False
+
+        # if the number of arguments consumed is not the number of
+        # arguments expected we start filling in keyword arguments
+        # and defaults.
+        if off != self._argument_count:
+            for name in self.arguments[len(arguments) :]:
+                try:
+                    value = kwargs.pop(name)
+                except KeyError:
+                    value = missing
+                if name == "caller":
+                    found_caller = True
+                arguments.append(value)
+        else:
+            found_caller = self.explicit_caller
+
+        # it's important that the order of these arguments does not change
+        # if not also changed in the compiler's `function_scoping` method.
+        # the order is caller, keyword arguments, positional arguments!
+        if self.caller and not found_caller:
+            caller = kwargs.pop("caller", None)
+            if caller is None:
+                caller = self._environment.undefined("No caller defined", name="caller")
+            arguments.append(caller)
+
+        if self.catch_kwargs:
+            arguments.append(kwargs)
+        elif kwargs:
+            if "caller" in kwargs:
+                raise TypeError(
+                    f"macro {self.name!r} was invoked with two values for the special"
+                    " caller argument. This is most likely a bug."
+                )
+            raise TypeError(
+                f"macro {self.name!r} takes no keyword argument {next(iter(kwargs))!r}"
+            )
+        if self.catch_varargs:
+            arguments.append(args[self._argument_count :])
+        elif len(args) > self._argument_count:
+            raise TypeError(
+                f"macro {self.name!r} takes not more than"
+                f" {len(self.arguments)} argument(s)"
+            )
+
+        return self._invoke(arguments, autoescape)
+
+    async def _async_invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        rv = await self._func(*arguments)  # type: ignore
+
+        if autoescape:
+            return Markup(rv)
+
+        return rv  # type: ignore
+
+    def _invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        if self._environment.is_async:
+            return self._async_invoke(arguments, autoescape)  # type: ignore
+
+        rv = self._func(*arguments)
+
+        if autoescape:
+            rv = Markup(rv)
+
+        return rv
+
+    def __repr__(self) -> str:
+        name = "anonymous" if self.name is None else repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class Undefined:
+    """The default undefined type.  This undefined type can be printed and
+    iterated over, but every other access will raise an :exc:`UndefinedError`:
+
+    >>> foo = Undefined(name='foo')
+    >>> str(foo)
+    ''
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = (
+        "_undefined_hint",
+        "_undefined_obj",
+        "_undefined_name",
+        "_undefined_exception",
+    )
+
+    def __init__(
+        self,
+        hint: t.Optional[str] = None,
+        obj: t.Any = missing,
+        name: t.Optional[str] = None,
+        exc: t.Type[TemplateRuntimeError] = UndefinedError,
+    ) -> None:
+        self._undefined_hint = hint
+        self._undefined_obj = obj
+        self._undefined_name = name
+        self._undefined_exception = exc
+
+    @property
+    def _undefined_message(self) -> str:
+        """Build a message about the undefined value based on how it was
+        accessed.
+        """
+        if self._undefined_hint:
+            return self._undefined_hint
+
+        if self._undefined_obj is missing:
+            return f"{self._undefined_name!r} is undefined"
+
+        if not isinstance(self._undefined_name, str):
+            return (
+                f"{object_type_repr(self._undefined_obj)} has no"
+                f" element {self._undefined_name!r}"
+            )
+
+        return (
+            f"{object_type_repr(self._undefined_obj)!r} has no"
+            f" attribute {self._undefined_name!r}"
+        )
+
+    @internalcode
+    def _fail_with_undefined_error(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> "te.NoReturn":
+        """Raise an :exc:`UndefinedError` when operations are performed
+        on the undefined value.
+        """
+        raise self._undefined_exception(self._undefined_message)
+
+    @internalcode
+    def __getattr__(self, name: str) -> t.Any:
+        if name[:2] == "__":
+            raise AttributeError(name)
+
+        return self._fail_with_undefined_error()
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _fail_with_undefined_error
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _fail_with_undefined_error
+    __truediv__ = __rtruediv__ = _fail_with_undefined_error
+    __floordiv__ = __rfloordiv__ = _fail_with_undefined_error
+    __mod__ = __rmod__ = _fail_with_undefined_error
+    __pos__ = __neg__ = _fail_with_undefined_error
+    __call__ = __getitem__ = _fail_with_undefined_error
+    __lt__ = __le__ = __gt__ = __ge__ = _fail_with_undefined_error
+    __int__ = __float__ = __complex__ = _fail_with_undefined_error
+    __pow__ = __rpow__ = _fail_with_undefined_error
+
+    def __eq__(self, other: t.Any) -> bool:
+        return type(self) is type(other)
+
+    def __ne__(self, other: t.Any) -> bool:
+        return not self.__eq__(other)
+
+    def __hash__(self) -> int:
+        return id(type(self))
+
+    def __str__(self) -> str:
+        return ""
+
+    def __len__(self) -> int:
+        return 0
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        yield from ()
+
+    async def __aiter__(self) -> t.AsyncIterator[t.Any]:
+        for _ in ():
+            yield
+
+    def __bool__(self) -> bool:
+        return False
+
+    def __repr__(self) -> str:
+        return "Undefined"
+
+
+def make_logging_undefined(
+    logger: t.Optional["logging.Logger"] = None, base: t.Type[Undefined] = Undefined
+) -> t.Type[Undefined]:
+    """Given a logger object this returns a new undefined class that will
+    log certain failures.  It will log iterations and printing.  If no
+    logger is given a default logger is created.
+
+    Example::
+
+        logger = logging.getLogger(__name__)
+        LoggingUndefined = make_logging_undefined(
+            logger=logger,
+            base=Undefined
+        )
+
+    .. versionadded:: 2.8
+
+    :param logger: the logger to use.  If not provided, a default logger
+                   is created.
+    :param base: the base class to add logging functionality to.  This
+                 defaults to :class:`Undefined`.
+    """
+    if logger is None:
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.addHandler(logging.StreamHandler(sys.stderr))
+
+    def _log_message(undef: Undefined) -> None:
+        logger.warning("Template variable warning: %s", undef._undefined_message)
+
+    class LoggingUndefined(base):  # type: ignore
+        __slots__ = ()
+
+        def _fail_with_undefined_error(  # type: ignore
+            self, *args: t.Any, **kwargs: t.Any
+        ) -> "te.NoReturn":
+            try:
+                super()._fail_with_undefined_error(*args, **kwargs)
+            except self._undefined_exception as e:
+                logger.error("Template variable error: %s", e)  # type: ignore
+                raise e
+
+        def __str__(self) -> str:
+            _log_message(self)
+            return super().__str__()  # type: ignore
+
+        def __iter__(self) -> t.Iterator[t.Any]:
+            _log_message(self)
+            return super().__iter__()  # type: ignore
+
+        def __bool__(self) -> bool:
+            _log_message(self)
+            return super().__bool__()  # type: ignore
+
+    return LoggingUndefined
+
+
+class ChainableUndefined(Undefined):
+    """An undefined that is chainable, where both ``__getattr__`` and
+    ``__getitem__`` return itself rather than raising an
+    :exc:`UndefinedError`.
+
+    >>> foo = ChainableUndefined(name='foo')
+    >>> str(foo.bar['baz'])
+    ''
+    >>> foo.bar['baz'] + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+
+    .. versionadded:: 2.11.0
+    """
+
+    __slots__ = ()
+
+    def __html__(self) -> str:
+        return str(self)
+
+    def __getattr__(self, _: str) -> "ChainableUndefined":
+        return self
+
+    __getitem__ = __getattr__  # type: ignore
+
+
+class DebugUndefined(Undefined):
+    """An undefined that returns the debug info when printed.
+
+    >>> foo = DebugUndefined(name='foo')
+    >>> str(foo)
+    '{{ foo }}'
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+
+    def __str__(self) -> str:
+        if self._undefined_hint:
+            message = f"undefined value printed: {self._undefined_hint}"
+
+        elif self._undefined_obj is missing:
+            message = self._undefined_name  # type: ignore
+
+        else:
+            message = (
+                f"no such element: {object_type_repr(self._undefined_obj)}"
+                f"[{self._undefined_name!r}]"
+            )
+
+        return f"{{{{ {message} }}}}"
+
+
+class StrictUndefined(Undefined):
+    """An undefined that barks on print and iteration as well as boolean
+    tests and all kinds of comparisons.  In other words: you can do nothing
+    with it except checking if it's defined using the `defined` test.
+
+    >>> foo = StrictUndefined(name='foo')
+    >>> str(foo)
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> not foo
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+    __iter__ = __str__ = __len__ = Undefined._fail_with_undefined_error
+    __eq__ = __ne__ = __bool__ = __hash__ = Undefined._fail_with_undefined_error
+    __contains__ = Undefined._fail_with_undefined_error
+
+
+# Remove slots attributes, after the metaclass is applied they are
+# unneeded and contain wrong data for subclasses.
+del (
+    Undefined.__slots__,
+    ChainableUndefined.__slots__,
+    DebugUndefined.__slots__,
+    StrictUndefined.__slots__,
+)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/sandbox.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/sandbox.py
new file mode 100644
index 000000000..0b4fc12d3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/sandbox.py
@@ -0,0 +1,429 @@
+"""A sandbox layer that ensures unsafe operations cannot be performed.
+Useful when the template itself comes from an untrusted source.
+"""
+
+import operator
+import types
+import typing as t
+from collections import abc
+from collections import deque
+from string import Formatter
+
+from _string import formatter_field_name_split  # type: ignore
+from markupsafe import EscapeFormatter
+from markupsafe import Markup
+
+from .environment import Environment
+from .exceptions import SecurityError
+from .runtime import Context
+from .runtime import Undefined
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+#: maximum number of items a range may produce
+MAX_RANGE = 100000
+
+#: Unsafe function attributes.
+UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
+
+#: Unsafe method attributes. Function attributes are unsafe for methods too.
+UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
+
+#: unsafe generator attributes.
+UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
+
+#: unsafe attributes on coroutines
+UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
+
+#: unsafe attributes on async generators
+UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
+
+_mutable_spec: t.Tuple[t.Tuple[t.Type[t.Any], t.FrozenSet[str]], ...] = (
+    (
+        abc.MutableSet,
+        frozenset(
+            [
+                "add",
+                "clear",
+                "difference_update",
+                "discard",
+                "pop",
+                "remove",
+                "symmetric_difference_update",
+                "update",
+            ]
+        ),
+    ),
+    (
+        abc.MutableMapping,
+        frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
+    ),
+    (
+        abc.MutableSequence,
+        frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
+    ),
+    (
+        deque,
+        frozenset(
+            [
+                "append",
+                "appendleft",
+                "clear",
+                "extend",
+                "extendleft",
+                "pop",
+                "popleft",
+                "remove",
+                "rotate",
+            ]
+        ),
+    ),
+)
+
+
+def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
+    if not isinstance(
+        callable, (types.MethodType, types.BuiltinMethodType)
+    ) or callable.__name__ not in ("format", "format_map"):
+        return None
+
+    obj = callable.__self__
+
+    if isinstance(obj, str):
+        return obj
+
+    return None
+
+
+def safe_range(*args: int) -> range:
+    """A range that can't generate ranges with a length of more than
+    MAX_RANGE items.
+    """
+    rng = range(*args)
+
+    if len(rng) > MAX_RANGE:
+        raise OverflowError(
+            "Range too big. The sandbox blocks ranges larger than"
+            f" MAX_RANGE ({MAX_RANGE})."
+        )
+
+    return rng
+
+
+def unsafe(f: F) -> F:
+    """Marks a function or method as unsafe.
+
+    .. code-block: python
+
+        @unsafe
+        def delete(self):
+            pass
+    """
+    f.unsafe_callable = True  # type: ignore
+    return f
+
+
+def is_internal_attribute(obj: t.Any, attr: str) -> bool:
+    """Test if the attribute given is an internal python attribute.  For
+    example this function returns `True` for the `func_code` attribute of
+    python objects.  This is useful if the environment method
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
+
+    >>> from jinja2.sandbox import is_internal_attribute
+    >>> is_internal_attribute(str, "mro")
+    True
+    >>> is_internal_attribute(str, "upper")
+    False
+    """
+    if isinstance(obj, types.FunctionType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES:
+            return True
+    elif isinstance(obj, types.MethodType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
+            return True
+    elif isinstance(obj, type):
+        if attr == "mro":
+            return True
+    elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
+        return True
+    elif isinstance(obj, types.GeneratorType):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+            return True
+    elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
+        if attr in UNSAFE_COROUTINE_ATTRIBUTES:
+            return True
+    elif hasattr(types, "AsyncGeneratorType") and isinstance(
+        obj, types.AsyncGeneratorType
+    ):
+        if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
+            return True
+    return attr.startswith("__")
+
+
+def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
+    """This function checks if an attribute on a builtin mutable object
+    (list, dict, set or deque) or the corresponding ABCs would modify it
+    if called.
+
+    >>> modifies_known_mutable({}, "clear")
+    True
+    >>> modifies_known_mutable({}, "keys")
+    False
+    >>> modifies_known_mutable([], "append")
+    True
+    >>> modifies_known_mutable([], "index")
+    False
+
+    If called with an unsupported object, ``False`` is returned.
+
+    >>> modifies_known_mutable("foo", "upper")
+    False
+    """
+    for typespec, unsafe in _mutable_spec:
+        if isinstance(obj, typespec):
+            return attr in unsafe
+    return False
+
+
+class SandboxedEnvironment(Environment):
+    """The sandboxed environment.  It works like the regular environment but
+    tells the compiler to generate sandboxed code.  Additionally subclasses of
+    this environment may override the methods that tell the runtime what
+    attributes or functions are safe to access.
+
+    If the template tries to access insecure code a :exc:`SecurityError` is
+    raised.  However also other exceptions may occur during the rendering so
+    the caller has to ensure that all exceptions are caught.
+    """
+
+    sandboxed = True
+
+    #: default callback table for the binary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`binop_table`
+    default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+        "+": operator.add,
+        "-": operator.sub,
+        "*": operator.mul,
+        "/": operator.truediv,
+        "//": operator.floordiv,
+        "**": operator.pow,
+        "%": operator.mod,
+    }
+
+    #: default callback table for the unary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`unop_table`
+    default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+        "+": operator.pos,
+        "-": operator.neg,
+    }
+
+    #: a set of binary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_binop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`binop_table`.
+    #:
+    #: The following binary operators are interceptable:
+    #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_binops: t.FrozenSet[str] = frozenset()
+
+    #: a set of unary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_unop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`unop_table`.
+    #:
+    #: The following unary operators are interceptable: ``+``, ``-``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_unops: t.FrozenSet[str] = frozenset()
+
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
+        super().__init__(*args, **kwargs)
+        self.globals["range"] = safe_range
+        self.binop_table = self.default_binop_table.copy()
+        self.unop_table = self.default_unop_table.copy()
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        """The sandboxed environment will call this method to check if the
+        attribute of an object is safe to access.  Per default all attributes
+        starting with an underscore are considered private as well as the
+        special attributes of internal python objects as returned by the
+        :func:`is_internal_attribute` function.
+        """
+        return not (attr.startswith("_") or is_internal_attribute(obj, attr))
+
+    def is_safe_callable(self, obj: t.Any) -> bool:
+        """Check if an object is safely callable. By default callables
+        are considered safe unless decorated with :func:`unsafe`.
+
+        This also recognizes the Django convention of setting
+        ``func.alters_data = True``.
+        """
+        return not (
+            getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
+        )
+
+    def call_binop(
+        self, context: Context, operator: str, left: t.Any, right: t.Any
+    ) -> t.Any:
+        """For intercepted binary operator calls (:meth:`intercepted_binops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.binop_table[operator](left, right)
+
+    def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
+        """For intercepted unary operator calls (:meth:`intercepted_unops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.unop_table[operator](arg)
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code."""
+        try:
+            return obj[argument]
+        except (TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        value = getattr(obj, attr)
+                    except AttributeError:
+                        pass
+                    else:
+                        if self.is_safe_attribute(obj, argument, value):
+                            return value
+                        return self.unsafe_undefined(obj, argument)
+        return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code and prefer the
+        attribute.  The attribute passed *must* be a bytestring.
+        """
+        try:
+            value = getattr(obj, attribute)
+        except AttributeError:
+            try:
+                return obj[attribute]
+            except (TypeError, LookupError):
+                pass
+        else:
+            if self.is_safe_attribute(obj, attribute, value):
+                return value
+            return self.unsafe_undefined(obj, attribute)
+        return self.undefined(obj=obj, name=attribute)
+
+    def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
+        """Return an undefined object for unsafe attributes."""
+        return self.undefined(
+            f"access to attribute {attribute!r} of"
+            f" {type(obj).__name__!r} object is unsafe.",
+            name=attribute,
+            obj=obj,
+            exc=SecurityError,
+        )
+
+    def format_string(
+        self,
+        s: str,
+        args: t.Tuple[t.Any, ...],
+        kwargs: t.Dict[str, t.Any],
+        format_func: t.Optional[t.Callable[..., t.Any]] = None,
+    ) -> str:
+        """If a format call is detected, then this is routed through this
+        method so that our safety sandbox can be used for it.
+        """
+        formatter: SandboxedFormatter
+        if isinstance(s, Markup):
+            formatter = SandboxedEscapeFormatter(self, escape=s.escape)
+        else:
+            formatter = SandboxedFormatter(self)
+
+        if format_func is not None and format_func.__name__ == "format_map":
+            if len(args) != 1 or kwargs:
+                raise TypeError(
+                    "format_map() takes exactly one argument"
+                    f" {len(args) + (kwargs is not None)} given"
+                )
+
+            kwargs = args[0]
+            args = ()
+
+        rv = formatter.vformat(s, args, kwargs)
+        return type(s)(rv)
+
+    def call(
+        __self,  # noqa: B902
+        __context: Context,
+        __obj: t.Any,
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        """Call an object from sandboxed code."""
+        fmt = inspect_format_method(__obj)
+        if fmt is not None:
+            return __self.format_string(fmt, args, kwargs, __obj)
+
+        # the double prefixes are to avoid double keyword argument
+        # errors when proxying the call.
+        if not __self.is_safe_callable(__obj):
+            raise SecurityError(f"{__obj!r} is not safely callable")
+        return __context.call(__obj, *args, **kwargs)
+
+
+class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+    """Works exactly like the regular `SandboxedEnvironment` but does not
+    permit modifications on the builtin mutable objects `list`, `set`, and
+    `dict` by using the :func:`modifies_known_mutable` function.
+    """
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        if not super().is_safe_attribute(obj, attr, value):
+            return False
+
+        return not modifies_known_mutable(obj, attr)
+
+
+class SandboxedFormatter(Formatter):
+    def __init__(self, env: Environment, **kwargs: t.Any) -> None:
+        self._env = env
+        super().__init__(**kwargs)
+
+    def get_field(
+        self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, str]:
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+
+class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/tests.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/tests.py
new file mode 100644
index 000000000..1a59e3703
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/tests.py
@@ -0,0 +1,256 @@
+"""Built-in template tests used with the ``is`` operator."""
+
+import operator
+import typing as t
+from collections import abc
+from numbers import Number
+
+from .runtime import Undefined
+from .utils import pass_environment
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def test_odd(value: int) -> bool:
+    """Return true if the variable is odd."""
+    return value % 2 == 1
+
+
+def test_even(value: int) -> bool:
+    """Return true if the variable is even."""
+    return value % 2 == 0
+
+
+def test_divisibleby(value: int, num: int) -> bool:
+    """Check if a variable is divisible by a number."""
+    return value % num == 0
+
+
+def test_defined(value: t.Any) -> bool:
+    """Return true if the variable is defined:
+
+    .. sourcecode:: jinja
+
+        {% if variable is defined %}
+            value of variable: {{ variable }}
+        {% else %}
+            variable is not defined
+        {% endif %}
+
+    See the :func:`default` filter for a simple way to set undefined
+    variables.
+    """
+    return not isinstance(value, Undefined)
+
+
+def test_undefined(value: t.Any) -> bool:
+    """Like :func:`defined` but the other way round."""
+    return isinstance(value, Undefined)
+
+
+@pass_environment
+def test_filter(env: "Environment", value: str) -> bool:
+    """Check if a filter exists by name. Useful if a filter may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'markdown' is filter %}
+            {{ value | markdown }}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.filters
+
+
+@pass_environment
+def test_test(env: "Environment", value: str) -> bool:
+    """Check if a test exists by name. Useful if a test may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'loud' is test %}
+            {% if value is loud %}
+                {{ value|upper }}
+            {% else %}
+                {{ value|lower }}
+            {% endif %}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.tests
+
+
+def test_none(value: t.Any) -> bool:
+    """Return true if the variable is none."""
+    return value is None
+
+
+def test_boolean(value: t.Any) -> bool:
+    """Return true if the object is a boolean value.
+
+    .. versionadded:: 2.11
+    """
+    return value is True or value is False
+
+
+def test_false(value: t.Any) -> bool:
+    """Return true if the object is False.
+
+    .. versionadded:: 2.11
+    """
+    return value is False
+
+
+def test_true(value: t.Any) -> bool:
+    """Return true if the object is True.
+
+    .. versionadded:: 2.11
+    """
+    return value is True
+
+
+# NOTE: The existing 'number' test matches booleans and floats
+def test_integer(value: t.Any) -> bool:
+    """Return true if the object is an integer.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, int) and value is not True and value is not False
+
+
+# NOTE: The existing 'number' test matches booleans and integers
+def test_float(value: t.Any) -> bool:
+    """Return true if the object is a float.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, float)
+
+
+def test_lower(value: str) -> bool:
+    """Return true if the variable is lowercased."""
+    return str(value).islower()
+
+
+def test_upper(value: str) -> bool:
+    """Return true if the variable is uppercased."""
+    return str(value).isupper()
+
+
+def test_string(value: t.Any) -> bool:
+    """Return true if the object is a string."""
+    return isinstance(value, str)
+
+
+def test_mapping(value: t.Any) -> bool:
+    """Return true if the object is a mapping (dict etc.).
+
+    .. versionadded:: 2.6
+    """
+    return isinstance(value, abc.Mapping)
+
+
+def test_number(value: t.Any) -> bool:
+    """Return true if the variable is a number."""
+    return isinstance(value, Number)
+
+
+def test_sequence(value: t.Any) -> bool:
+    """Return true if the variable is a sequence. Sequences are variables
+    that are iterable.
+    """
+    try:
+        len(value)
+        value.__getitem__  # noqa B018
+    except Exception:
+        return False
+
+    return True
+
+
+def test_sameas(value: t.Any, other: t.Any) -> bool:
+    """Check if an object points to the same memory address than another
+    object:
+
+    .. sourcecode:: jinja
+
+        {% if foo.attribute is sameas false %}
+            the foo attribute really is the `False` singleton
+        {% endif %}
+    """
+    return value is other
+
+
+def test_iterable(value: t.Any) -> bool:
+    """Check if it's possible to iterate over an object."""
+    try:
+        iter(value)
+    except TypeError:
+        return False
+
+    return True
+
+
+def test_escaped(value: t.Any) -> bool:
+    """Check if the value is escaped."""
+    return hasattr(value, "__html__")
+
+
+def test_in(value: t.Any, seq: t.Container[t.Any]) -> bool:
+    """Check if value is in seq.
+
+    .. versionadded:: 2.10
+    """
+    return value in seq
+
+
+TESTS = {
+    "odd": test_odd,
+    "even": test_even,
+    "divisibleby": test_divisibleby,
+    "defined": test_defined,
+    "undefined": test_undefined,
+    "filter": test_filter,
+    "test": test_test,
+    "none": test_none,
+    "boolean": test_boolean,
+    "false": test_false,
+    "true": test_true,
+    "integer": test_integer,
+    "float": test_float,
+    "lower": test_lower,
+    "upper": test_upper,
+    "string": test_string,
+    "mapping": test_mapping,
+    "number": test_number,
+    "sequence": test_sequence,
+    "iterable": test_iterable,
+    "callable": callable,
+    "sameas": test_sameas,
+    "escaped": test_escaped,
+    "in": test_in,
+    "==": operator.eq,
+    "eq": operator.eq,
+    "equalto": operator.eq,
+    "!=": operator.ne,
+    "ne": operator.ne,
+    ">": operator.gt,
+    "gt": operator.gt,
+    "greaterthan": operator.gt,
+    "ge": operator.ge,
+    ">=": operator.ge,
+    "<": operator.lt,
+    "lt": operator.lt,
+    "lessthan": operator.lt,
+    "<=": operator.le,
+    "le": operator.le,
+}
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/utils.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/utils.py
new file mode 100644
index 000000000..7fb76935a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/utils.py
@@ -0,0 +1,755 @@
+import enum
+import json
+import os
+import re
+import typing as t
+from collections import abc
+from collections import deque
+from random import choice
+from random import randrange
+from threading import Lock
+from types import CodeType
+from urllib.parse import quote_from_bytes
+
+import markupsafe
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+# special singleton representing missing values for the runtime
+missing: t.Any = type("MissingType", (), {"__repr__": lambda x: "missing"})()
+
+internal_code: t.MutableSet[CodeType] = set()
+
+concat = "".join
+
+
+def pass_context(f: F) -> F:
+    """Pass the :class:`~jinja2.runtime.Context` as the first argument
+    to the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``Context.eval_context`` is needed, use
+    :func:`pass_eval_context`. If only ``Context.environment`` is
+    needed, use :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``contextfunction`` and ``contextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.context  # type: ignore
+    return f
+
+
+def pass_eval_context(f: F) -> F:
+    """Pass the :class:`~jinja2.nodes.EvalContext` as the first argument
+    to the decorated function when called while rendering a template.
+    See :ref:`eval-context`.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``EvalContext.environment`` is needed, use
+    :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``evalcontextfunction`` and ``evalcontextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.eval_context  # type: ignore
+    return f
+
+
+def pass_environment(f: F) -> F:
+    """Pass the :class:`~jinja2.Environment` as the first argument to
+    the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    .. versionadded:: 3.0.0
+        Replaces ``environmentfunction`` and ``environmentfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.environment  # type: ignore
+    return f
+
+
+class _PassArg(enum.Enum):
+    context = enum.auto()
+    eval_context = enum.auto()
+    environment = enum.auto()
+
+    @classmethod
+    def from_obj(cls, obj: F) -> t.Optional["_PassArg"]:
+        if hasattr(obj, "jinja_pass_arg"):
+            return obj.jinja_pass_arg  # type: ignore
+
+        return None
+
+
+def internalcode(f: F) -> F:
+    """Marks the function as internally used"""
+    internal_code.add(f.__code__)
+    return f
+
+
+def is_undefined(obj: t.Any) -> bool:
+    """Check if the object passed is undefined.  This does nothing more than
+    performing an instance check against :class:`Undefined` but looks nicer.
+    This can be used for custom filters or tests that want to react to
+    undefined variables.  For example a custom default filter can look like
+    this::
+
+        def default(var, default=''):
+            if is_undefined(var):
+                return default
+            return var
+    """
+    from .runtime import Undefined
+
+    return isinstance(obj, Undefined)
+
+
+def consume(iterable: t.Iterable[t.Any]) -> None:
+    """Consumes an iterable without doing anything with it."""
+    for _ in iterable:
+        pass
+
+
+def clear_caches() -> None:
+    """Jinja keeps internal caches for environments and lexers.  These are
+    used so that Jinja doesn't have to recreate environments and lexers all
+    the time.  Normally you don't have to care about that but if you are
+    measuring memory consumption you may want to clean the caches.
+    """
+    from .environment import get_spontaneous_environment
+    from .lexer import _lexer_cache
+
+    get_spontaneous_environment.cache_clear()
+    _lexer_cache.clear()
+
+
+def import_string(import_name: str, silent: bool = False) -> t.Any:
+    """Imports an object based on a string.  This is useful if you want to
+    use import paths as endpoints or something similar.  An import path can
+    be specified either in dotted notation (``xml.sax.saxutils.escape``)
+    or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+    If the `silent` is True the return value will be `None` if the import
+    fails.
+
+    :return: imported object
+    """
+    try:
+        if ":" in import_name:
+            module, obj = import_name.split(":", 1)
+        elif "." in import_name:
+            module, _, obj = import_name.rpartition(".")
+        else:
+            return __import__(import_name)
+        return getattr(__import__(module, None, None, [obj]), obj)
+    except (ImportError, AttributeError):
+        if not silent:
+            raise
+
+
+def open_if_exists(filename: str, mode: str = "rb") -> t.Optional[t.IO[t.Any]]:
+    """Returns a file descriptor for the filename if that file exists,
+    otherwise ``None``.
+    """
+    if not os.path.isfile(filename):
+        return None
+
+    return open(filename, mode)
+
+
+def object_type_repr(obj: t.Any) -> str:
+    """Returns the name of the object's type.  For some recognized
+    singletons the name of the object is returned instead. (For
+    example for `None` and `Ellipsis`).
+    """
+    if obj is None:
+        return "None"
+    elif obj is Ellipsis:
+        return "Ellipsis"
+
+    cls = type(obj)
+
+    if cls.__module__ == "builtins":
+        return f"{cls.__name__} object"
+
+    return f"{cls.__module__}.{cls.__name__} object"
+
+
+def pformat(obj: t.Any) -> str:
+    """Format an object using :func:`pprint.pformat`."""
+    from pprint import pformat
+
+    return pformat(obj)
+
+
+_http_re = re.compile(
+    r"""
+    ^
+    (
+        (https?://|www\.)  # scheme or www
+        (([\w%-]+\.)+)?  # subdomain
+        (
+            [a-z]{2,63}  # basic tld
+        |
+            xn--[\w%]{2,59}  # idna tld
+        )
+    |
+        ([\w%-]{2,63}\.)+  # basic domain
+        (com|net|int|edu|gov|org|info|mil)  # basic tld
+    |
+        (https?://)  # scheme
+        (
+            (([\d]{1,3})(\.[\d]{1,3}){3})  # IPv4
+        |
+            (\[([\da-f]{0,4}:){2}([\da-f]{0,4}:?){1,6}])  # IPv6
+        )
+    )
+    (?::[\d]{1,5})?  # port
+    (?:[/?#]\S*)?  # path, query, and fragment
+    $
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+_email_re = re.compile(r"^\S+@\w[\w.-]*\.\w+$")
+
+
+def urlize(
+    text: str,
+    trim_url_limit: t.Optional[int] = None,
+    rel: t.Optional[str] = None,
+    target: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param text: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+    """
+    if trim_url_limit is not None:
+
+        def trim_url(x: str) -> str:
+            if len(x) > trim_url_limit:
+                return f"{x[:trim_url_limit]}..."
+
+            return x
+
+    else:
+
+        def trim_url(x: str) -> str:
+            return x
+
+    words = re.split(r"(\s+)", str(markupsafe.escape(text)))
+    rel_attr = f' rel="{markupsafe.escape(rel)}"' if rel else ""
+    target_attr = f' target="{markupsafe.escape(target)}"' if target else ""
+
+    for i, word in enumerate(words):
+        head, middle, tail = "", word, ""
+        match = re.match(r"^([(<]|&lt;)+", middle)
+
+        if match:
+            head = match.group()
+            middle = middle[match.end() :]
+
+        # Unlike lead, which is anchored to the start of the string,
+        # need to check that the string ends with any of the characters
+        # before trying to match all of them, to avoid backtracking.
+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
+
+            if match:
+                tail = match.group()
+                middle = middle[: match.start()]
+
+        # Prefer balancing parentheses in URLs instead of ignoring a
+        # trailing character.
+        for start_char, end_char in ("(", ")"), ("<", ">"), ("&lt;", "&gt;"):
+            start_count = middle.count(start_char)
+
+            if start_count <= middle.count(end_char):
+                # Balanced, or lighter on the left
+                continue
+
+            # Move as many as possible from the tail to balance
+            for _ in range(min(start_count, tail.count(end_char))):
+                end_index = tail.index(end_char) + len(end_char)
+                # Move anything in the tail before the end char too
+                middle += tail[:end_index]
+                tail = tail[end_index:]
+
+        if _http_re.match(middle):
+            if middle.startswith("https://") or middle.startswith("http://"):
+                middle = (
+                    f'<a href="{middle}"{rel_attr}{target_attr}>{trim_url(middle)}</a>'
+                )
+            else:
+                middle = (
+                    f'<a href="https://{middle}"{rel_attr}{target_attr}>'
+                    f"{trim_url(middle)}</a>"
+                )
+
+        elif middle.startswith("mailto:") and _email_re.match(middle[7:]):
+            middle = f'<a href="{middle}">{middle[7:]}</a>'
+
+        elif (
+            "@" in middle
+            and not middle.startswith("www.")
+            and ":" not in middle
+            and _email_re.match(middle)
+        ):
+            middle = f'<a href="mailto:{middle}">{middle}</a>'
+
+        elif extra_schemes is not None:
+            for scheme in extra_schemes:
+                if middle != scheme and middle.startswith(scheme):
+                    middle = f'<a href="{middle}"{rel_attr}{target_attr}>{middle}</a>'
+
+        words[i] = f"{head}{middle}{tail}"
+
+    return "".join(words)
+
+
+def generate_lorem_ipsum(
+    n: int = 5, html: bool = True, min: int = 20, max: int = 100
+) -> str:
+    """Generate some lorem ipsum for the template."""
+    from .constants import LOREM_IPSUM_WORDS
+
+    words = LOREM_IPSUM_WORDS.split()
+    result = []
+
+    for _ in range(n):
+        next_capitalized = True
+        last_comma = last_fullstop = 0
+        word = None
+        last = None
+        p = []
+
+        # each paragraph contains out of 20 to 100 words.
+        for idx, _ in enumerate(range(randrange(min, max))):
+            while True:
+                word = choice(words)
+                if word != last:
+                    last = word
+                    break
+            if next_capitalized:
+                word = word.capitalize()
+                next_capitalized = False
+            # add commas
+            if idx - randrange(3, 8) > last_comma:
+                last_comma = idx
+                last_fullstop += 2
+                word += ","
+            # add end of sentences
+            if idx - randrange(10, 20) > last_fullstop:
+                last_comma = last_fullstop = idx
+                word += "."
+                next_capitalized = True
+            p.append(word)
+
+        # ensure that the paragraph ends with a dot.
+        p_str = " ".join(p)
+
+        if p_str.endswith(","):
+            p_str = p_str[:-1] + "."
+        elif not p_str.endswith("."):
+            p_str += "."
+
+        result.append(p_str)
+
+    if not html:
+        return "\n\n".join(result)
+    return markupsafe.Markup(
+        "\n".join(f"<p>{markupsafe.escape(x)}</p>" for x in result)
+    )
+
+
+def url_quote(obj: t.Any, charset: str = "utf-8", for_qs: bool = False) -> str:
+    """Quote a string for use in a URL using the given charset.
+
+    :param obj: String or bytes to quote. Other types are converted to
+        string then encoded to bytes using the given charset.
+    :param charset: Encode text to bytes using this charset.
+    :param for_qs: Quote "/" and use "+" for spaces.
+    """
+    if not isinstance(obj, bytes):
+        if not isinstance(obj, str):
+            obj = str(obj)
+
+        obj = obj.encode(charset)
+
+    safe = b"" if for_qs else b"/"
+    rv = quote_from_bytes(obj, safe)
+
+    if for_qs:
+        rv = rv.replace("%20", "+")
+
+    return rv
+
+
+@abc.MutableMapping.register
+class LRUCache:
+    """A simple LRU Cache implementation."""
+
+    # this is fast for small capacities (something below 1000) but doesn't
+    # scale.  But as long as it's only used as storage for templates this
+    # won't do any harm.
+
+    def __init__(self, capacity: int) -> None:
+        self.capacity = capacity
+        self._mapping: t.Dict[t.Any, t.Any] = {}
+        self._queue: "te.Deque[t.Any]" = deque()
+        self._postinit()
+
+    def _postinit(self) -> None:
+        # alias all queue methods for faster lookup
+        self._popleft = self._queue.popleft
+        self._pop = self._queue.pop
+        self._remove = self._queue.remove
+        self._wlock = Lock()
+        self._append = self._queue.append
+
+    def __getstate__(self) -> t.Mapping[str, t.Any]:
+        return {
+            "capacity": self.capacity,
+            "_mapping": self._mapping,
+            "_queue": self._queue,
+        }
+
+    def __setstate__(self, d: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.update(d)
+        self._postinit()
+
+    def __getnewargs__(self) -> t.Tuple[t.Any, ...]:
+        return (self.capacity,)
+
+    def copy(self) -> "LRUCache":
+        """Return a shallow copy of the instance."""
+        rv = self.__class__(self.capacity)
+        rv._mapping.update(self._mapping)
+        rv._queue.extend(self._queue)
+        return rv
+
+    def get(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Return an item from the cache dict or `default`"""
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def setdefault(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Set `default` if the key is not in the cache otherwise
+        leave unchanged. Return the value of this key.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            self[key] = default
+            return default
+
+    def clear(self) -> None:
+        """Clear the cache."""
+        with self._wlock:
+            self._mapping.clear()
+            self._queue.clear()
+
+    def __contains__(self, key: t.Any) -> bool:
+        """Check if a key exists in this cache."""
+        return key in self._mapping
+
+    def __len__(self) -> int:
+        """Return the current size of the cache."""
+        return len(self._mapping)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self._mapping!r}>"
+
+    def __getitem__(self, key: t.Any) -> t.Any:
+        """Get an item from the cache. Moves the item up so that it has the
+        highest priority then.
+
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            rv = self._mapping[key]
+
+            if self._queue[-1] != key:
+                try:
+                    self._remove(key)
+                except ValueError:
+                    # if something removed the key from the container
+                    # when we read, ignore the ValueError that we would
+                    # get otherwise.
+                    pass
+
+                self._append(key)
+
+            return rv
+
+    def __setitem__(self, key: t.Any, value: t.Any) -> None:
+        """Sets the value for an item. Moves the item up so that it
+        has the highest priority then.
+        """
+        with self._wlock:
+            if key in self._mapping:
+                self._remove(key)
+            elif len(self._mapping) == self.capacity:
+                del self._mapping[self._popleft()]
+
+            self._append(key)
+            self._mapping[key] = value
+
+    def __delitem__(self, key: t.Any) -> None:
+        """Remove an item from the cache dict.
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            del self._mapping[key]
+
+            try:
+                self._remove(key)
+            except ValueError:
+                pass
+
+    def items(self) -> t.Iterable[t.Tuple[t.Any, t.Any]]:
+        """Return a list of items."""
+        result = [(key, self._mapping[key]) for key in list(self._queue)]
+        result.reverse()
+        return result
+
+    def values(self) -> t.Iterable[t.Any]:
+        """Return a list of all values."""
+        return [x[1] for x in self.items()]
+
+    def keys(self) -> t.Iterable[t.Any]:
+        """Return a list of all keys ordered by most recent usage."""
+        return list(self)
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        return reversed(tuple(self._queue))
+
+    def __reversed__(self) -> t.Iterator[t.Any]:
+        """Iterate over the keys in the cache dict, oldest items
+        coming first.
+        """
+        return iter(tuple(self._queue))
+
+    __copy__ = copy
+
+
+def select_autoescape(
+    enabled_extensions: t.Collection[str] = ("html", "htm", "xml"),
+    disabled_extensions: t.Collection[str] = (),
+    default_for_string: bool = True,
+    default: bool = False,
+) -> t.Callable[[t.Optional[str]], bool]:
+    """Intelligently sets the initial value of autoescaping based on the
+    filename of the template.  This is the recommended way to configure
+    autoescaping if you do not want to write a custom function yourself.
+
+    If you want to enable it for all templates created from strings or
+    for all templates with `.html` and `.xml` extensions::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            enabled_extensions=('html', 'xml'),
+            default_for_string=True,
+        ))
+
+    Example configuration to turn it on at all times except if the template
+    ends with `.txt`::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            disabled_extensions=('txt',),
+            default_for_string=True,
+            default=True,
+        ))
+
+    The `enabled_extensions` is an iterable of all the extensions that
+    autoescaping should be enabled for.  Likewise `disabled_extensions` is
+    a list of all templates it should be disabled for.  If a template is
+    loaded from a string then the default from `default_for_string` is used.
+    If nothing matches then the initial value of autoescaping is set to the
+    value of `default`.
+
+    For security reasons this function operates case insensitive.
+
+    .. versionadded:: 2.9
+    """
+    enabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in enabled_extensions)
+    disabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in disabled_extensions)
+
+    def autoescape(template_name: t.Optional[str]) -> bool:
+        if template_name is None:
+            return default_for_string
+        template_name = template_name.lower()
+        if template_name.endswith(enabled_patterns):
+            return True
+        if template_name.endswith(disabled_patterns):
+            return False
+        return default
+
+    return autoescape
+
+
+def htmlsafe_json_dumps(
+    obj: t.Any, dumps: t.Optional[t.Callable[..., str]] = None, **kwargs: t.Any
+) -> markupsafe.Markup:
+    """Serialize an object to a string of JSON with :func:`json.dumps`,
+    then replace HTML-unsafe characters with Unicode escapes and mark
+    the result safe with :class:`~markupsafe.Markup`.
+
+    This is available in templates as the ``|tojson`` filter.
+
+    The following characters are escaped: ``<``, ``>``, ``&``, ``'``.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param obj: The object to serialize to JSON.
+    :param dumps: The ``dumps`` function to use. Defaults to
+        ``env.policies["json.dumps_function"]``, which defaults to
+        :func:`json.dumps`.
+    :param kwargs: Extra arguments to pass to ``dumps``. Merged onto
+        ``env.policies["json.dumps_kwargs"]``.
+
+    .. versionchanged:: 3.0
+        The ``dumper`` parameter is renamed to ``dumps``.
+
+    .. versionadded:: 2.9
+    """
+    if dumps is None:
+        dumps = json.dumps
+
+    return markupsafe.Markup(
+        dumps(obj, **kwargs)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("'", "\\u0027")
+    )
+
+
+class Cycler:
+    """Cycle through values by yield them one at a time, then restarting
+    once the end is reached. Available as ``cycler`` in templates.
+
+    Similar to ``loop.cycle``, but can be used outside loops or across
+    multiple loops. For example, render a list of folders and files in a
+    list, alternating giving them "odd" and "even" classes.
+
+    .. code-block:: html+jinja
+
+        {% set row_class = cycler("odd", "even") %}
+        <ul class="browser">
+        {% for folder in folders %}
+          <li class="folder {{ row_class.next() }}">{{ folder }}
+        {% endfor %}
+        {% for file in files %}
+          <li class="file {{ row_class.next() }}">{{ file }}
+        {% endfor %}
+        </ul>
+
+    :param items: Each positional argument will be yielded in the order
+        given for each cycle.
+
+    .. versionadded:: 2.1
+    """
+
+    def __init__(self, *items: t.Any) -> None:
+        if not items:
+            raise RuntimeError("at least one item has to be provided")
+        self.items = items
+        self.pos = 0
+
+    def reset(self) -> None:
+        """Resets the current item to the first item."""
+        self.pos = 0
+
+    @property
+    def current(self) -> t.Any:
+        """Return the current item. Equivalent to the item that will be
+        returned next time :meth:`next` is called.
+        """
+        return self.items[self.pos]
+
+    def next(self) -> t.Any:
+        """Return the current item, then advance :attr:`current` to the
+        next item.
+        """
+        rv = self.current
+        self.pos = (self.pos + 1) % len(self.items)
+        return rv
+
+    __next__ = next
+
+
+class Joiner:
+    """A joining helper for templates."""
+
+    def __init__(self, sep: str = ", ") -> None:
+        self.sep = sep
+        self.used = False
+
+    def __call__(self) -> str:
+        if not self.used:
+            self.used = True
+            return ""
+        return self.sep
+
+
+class Namespace:
+    """A namespace object that can hold arbitrary attributes.  It may be
+    initialized from a dictionary or with keyword arguments."""
+
+    def __init__(*args: t.Any, **kwargs: t.Any) -> None:  # noqa: B902
+        self, args = args[0], args[1:]
+        self.__attrs = dict(*args, **kwargs)
+
+    def __getattribute__(self, name: str) -> t.Any:
+        # __class__ is needed for the awaitable check in async mode
+        if name in {"_Namespace__attrs", "__class__"}:
+            return object.__getattribute__(self, name)
+        try:
+            return self.__attrs[name]
+        except KeyError:
+            raise AttributeError(name) from None
+
+    def __setitem__(self, name: str, value: t.Any) -> None:
+        self.__attrs[name] = value
+
+    def __repr__(self) -> str:
+        return f"<Namespace {self.__attrs!r}>"
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jinja2/visitor.py b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/visitor.py
new file mode 100644
index 000000000..7b8e18060
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jinja2/visitor.py
@@ -0,0 +1,92 @@
+"""API for traversing the AST nodes. Implemented by the compiler and
+meta introspection.
+"""
+
+import typing as t
+
+from .nodes import Node
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class VisitCallable(te.Protocol):
+        def __call__(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any: ...
+
+
+class NodeVisitor:
+    """Walks the abstract syntax tree and call visitor functions for every
+    node found.  The visitor functions may return values which will be
+    forwarded by the `visit` method.
+
+    Per default the visitor functions for the nodes are ``'visit_'`` +
+    class name of the node.  So a `TryFinally` node visit function would
+    be `visit_TryFinally`.  This behavior can be changed by overriding
+    the `get_visitor` function.  If no visitor function exists for a node
+    (return value `None`) the `generic_visit` visitor is used instead.
+    """
+
+    def get_visitor(self, node: Node) -> "t.Optional[VisitCallable]":
+        """Return the visitor function for this node or `None` if no visitor
+        exists for this node.  In that case the generic visit function is
+        used instead.
+        """
+        return getattr(self, f"visit_{type(node).__name__}", None)
+
+    def visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Visit a node."""
+        f = self.get_visitor(node)
+
+        if f is not None:
+            return f(node, *args, **kwargs)
+
+        return self.generic_visit(node, *args, **kwargs)
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Called if no explicit visitor function exists for a node."""
+        for child_node in node.iter_child_nodes():
+            self.visit(child_node, *args, **kwargs)
+
+
+class NodeTransformer(NodeVisitor):
+    """Walks the abstract syntax tree and allows modifications of nodes.
+
+    The `NodeTransformer` will walk the AST and use the return value of the
+    visitor functions to replace or remove the old node.  If the return
+    value of the visitor function is `None` the node will be removed
+    from the previous location otherwise it's replaced with the return
+    value.  The return value may be the original node in which case no
+    replacement takes place.
+    """
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> Node:
+        for field, old_value in node.iter_fields():
+            if isinstance(old_value, list):
+                new_values = []
+                for value in old_value:
+                    if isinstance(value, Node):
+                        value = self.visit(value, *args, **kwargs)
+                        if value is None:
+                            continue
+                        elif not isinstance(value, Node):
+                            new_values.extend(value)
+                            continue
+                    new_values.append(value)
+                old_value[:] = new_values
+            elif isinstance(old_value, Node):
+                new_node = self.visit(old_value, *args, **kwargs)
+                if new_node is None:
+                    delattr(node, field)
+                else:
+                    setattr(node, field, new_node)
+        return node
+
+    def visit_list(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.List[Node]:
+        """As transformers may return lists in some places this method
+        can be used to enforce a list as return value.
+        """
+        rv = self.visit(node, *args, **kwargs)
+
+        if not isinstance(rv, list):
+            return [rv]
+
+        return rv
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
new file mode 100644
index 000000000..86be119bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
@@ -0,0 +1,379 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.6.1
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+License-File: LICENSE
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.7 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++-------------------------------------+------------------------------------------------------------------------------------+
+| Syntax                              | Meaning                                                                            |
++=====================================+====================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
++-------------------------------------+------------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
new file mode 100644
index 000000000..19f4cbb0d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
@@ -0,0 +1,35 @@
+../../bin/jsonpath_ng,sha256=MEQkAoAy6N4XZTeRMhkvVFsdFVAzzCOXEgaf5k65IuY,261
+jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
+jsonpath_ng-1.6.1.dist-info/RECORD,,
+jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
+jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
+jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/__pycache__/lexer.cpython-311.pyc,,
+jsonpath_ng/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/bin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng/bin/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/bin/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/bin/jsonpath.py,sha256=C4PCWjxSRskALh_Z7ILOFpvHNjP5HLBmRnxbzrbgg98,2057
+jsonpath_ng/exceptions.py,sha256=WbmwVjhCtpqp0enN3Sd4ymlZGP8ZZUkvT9uq7PXiEq4,146
+jsonpath_ng/ext/__init__.py,sha256=oxAHiz1-xcRsDX_KGDCiBh6LGP2zHZKzvI3QxrFTh6E,605
+jsonpath_ng/ext/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/arithmetic.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/filter.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/iterable.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
+jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
+jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
+jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
+jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
+jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
+jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
+jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
+jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
new file mode 100644
index 000000000..57e3d840d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.38.4)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
new file mode 100644
index 000000000..e1985ff19
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
new file mode 100644
index 000000000..30b75c567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
@@ -0,0 +1 @@
+jsonpath_ng
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
new file mode 100644
index 000000000..ed6553b2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
@@ -0,0 +1,6 @@
+from .jsonpath import *  # noqa
+from .parser import parse  # noqa
+
+
+# Current package version
+__version__ = '1.6.1'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/jsonpath.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/jsonpath.py
new file mode 100644
index 000000000..386f87c59
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/bin/jsonpath.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# encoding: utf-8
+# Copyright © 2012 Felix Richter <wtfpl@syntax-fehler.de>
+# This work is free. You can redistribute it and/or modify it under the
+# terms of the Do What The Fuck You Want To Public License, Version 2,
+# as published by Sam Hocevar. See the COPYING file for more details.
+
+# Standard Library imports
+import json
+import sys
+import glob
+import argparse
+
+# JsonPath-RW imports
+from jsonpath_ng import parse
+
+def find_matches_for_file(expr, f):
+    return expr.find(json.load(f))
+
+def print_matches(matches):
+    print('\n'.join(['{0}'.format(match.value) for match in matches]))
+
+
+def main(*argv):
+    parser = argparse.ArgumentParser(
+        description='Search JSON files (or stdin) according to a JSONPath expression.',
+        formatter_class=argparse.RawTextHelpFormatter,
+        epilog="""
+        Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw)
+
+        atomics:
+            $              - root object
+            `this`         - current object
+
+        operators:
+            path1.path2    - same as xpath /
+            path1|path2    - union
+            path1..path2   - somewhere in between
+
+        fields:
+            fieldname       - field with name
+            *               - any field
+            [_start_?:_end_?] - array slice
+            [*]             - any array index
+    """)
+
+
+
+    parser.add_argument('expression', help='A JSONPath expression.')
+    parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)')
+
+    args = parser.parse_args(argv[1:])
+
+    expr = parse(args.expression)
+    glob_patterns = args.files
+
+    if len(glob_patterns) == 0:
+        # stdin mode
+        print_matches(find_matches_for_file(expr, sys.stdin))
+    else:
+        # file paths mode
+        for pattern in glob_patterns:
+            for filename in glob.glob(pattern):
+                with open(filename) as f:
+                    print_matches(find_matches_for_file(expr, f))
+
+def entry_point():
+    main(*sys.argv)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/exceptions.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/exceptions.py
new file mode 100644
index 000000000..a592d83cb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/exceptions.py
@@ -0,0 +1,10 @@
+class JSONPathError(Exception):
+    pass
+
+
+class JsonPathLexerError(JSONPathError):
+    pass
+
+
+class JsonPathParserError(JSONPathError):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/__init__.py
new file mode 100644
index 000000000..1e5c325fc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .parser import parse  # noqa
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/arithmetic.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/arithmetic.py
new file mode 100644
index 000000000..0ba9e0ca8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/arithmetic.py
@@ -0,0 +1,72 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+from .. import JSONPath, DatumInContext
+
+
+OPERATOR_MAP = {
+    '+': operator.add,
+    '-': operator.sub,
+    '*': operator.mul,
+    '/': operator.truediv,
+}
+
+
+class Operation(JSONPath):
+    def __init__(self, left, op, right):
+        self.left = left
+        self.op = OPERATOR_MAP[op]
+        self.right = right
+
+    def find(self, datum):
+        result = []
+        if (isinstance(self.left, JSONPath)
+                and isinstance(self.right, JSONPath)):
+            left = self.left.find(datum)
+            right = self.right.find(datum)
+            if left and right and len(left) == len(right):
+                for l, r in zip(left, right):
+                    try:
+                        result.append(self.op(l.value, r.value))
+                    except TypeError:
+                        return []
+            else:
+                return []
+        elif isinstance(self.left, JSONPath):
+            left = self.left.find(datum)
+            for l in left:
+                try:
+                    result.append(self.op(l.value, self.right))
+                except TypeError:
+                    return []
+        elif isinstance(self.right, JSONPath):
+            right = self.right.find(datum)
+            for r in right:
+                try:
+                    result.append(self.op(self.left, r.value))
+                except TypeError:
+                    return []
+        else:
+            try:
+                result.append(self.op(self.left, self.right))
+            except TypeError:
+                return []
+        return [DatumInContext.wrap(r) for r in result]
+
+    def __repr__(self):
+        return '%s(%r%s%r)' % (self.__class__.__name__, self.left, self.op,
+                               self.right)
+
+    def __str__(self):
+        return '%s%s%s' % (self.left, self.op, self.right)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/filter.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/filter.py
new file mode 100644
index 000000000..e0bd48a4f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/filter.py
@@ -0,0 +1,140 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+import re
+
+from .. import JSONPath, DatumInContext, Index
+
+
+OPERATOR_MAP = {
+    '!=': operator.ne,
+    '==': operator.eq,
+    '=': operator.eq,
+    '<=': operator.le,
+    '<': operator.lt,
+    '>=': operator.ge,
+    '>': operator.gt,
+    '=~': lambda a, b: True if isinstance(a, str) and re.search(b, a) else False,
+}
+
+
+class Filter(JSONPath):
+    """The JSONQuery filter"""
+
+    def __init__(self, expressions):
+        self.expressions = expressions
+
+    def find(self, datum):
+        if not self.expressions:
+            return datum
+
+        datum = DatumInContext.wrap(datum)
+
+        if isinstance(datum.value, dict):
+            datum.value = list(datum.value.values())
+
+        if not isinstance(datum.value, list):
+            return []
+
+        return [DatumInContext(datum.value[i], path=Index(i), context=datum)
+                for i in range(0, len(datum.value))
+                if (len(self.expressions) ==
+                    len(list(filter(lambda x: x.find(datum.value[i]),
+                                    self.expressions))))]
+
+    def filter(self, fn, data):
+        # NOTE: We reverse the order just to make sure the indexes are preserved upon
+        #  removal.
+        for datum in reversed(self.find(data)):
+            index_obj = datum.path
+            if isinstance(data, dict):
+                index_obj.index = list(data)[index_obj.index]
+            index_obj.filter(fn, data)
+        return data
+
+    def update(self, data, val):
+        if type(data) is list:
+            for index, item in enumerate(data):
+                shouldUpdate = len(self.expressions) == len(list(filter(lambda x: x.find(item), self.expressions)))
+                if shouldUpdate:
+                    if hasattr(val, '__call__'):
+                        val.__call__(data[index], data, index)
+                    else:
+                        data[index] = val
+        return data
+    
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+    def __eq__(self, other):
+        return (isinstance(other, Filter)
+                and self.expressions == other.expressions)
+
+
+class Expression(JSONPath):
+    """The JSONQuery expression"""
+
+    def __init__(self, target, op, value):
+        self.target = target
+        self.op = op
+        self.value = value
+
+    def find(self, datum):
+        datum = self.target.find(DatumInContext.wrap(datum))
+
+        if not datum:
+            return []
+        if self.op is None:
+            return datum
+
+        found = []
+        for data in datum:
+            value = data.value
+            if isinstance(self.value, int):
+                try:
+                    value = int(value)
+                except ValueError:
+                    continue
+            elif isinstance(self.value, bool):
+                try:
+                    value = bool(value)
+                except ValueError:
+                    continue
+
+            if OPERATOR_MAP[self.op](value, self.value):
+                found.append(data)
+
+        return found
+
+    def __eq__(self, other):
+        return (isinstance(other, Expression) and
+                self.target == other.target and
+                self.op == other.op and
+                self.value == other.value)
+
+    def __repr__(self):
+        if self.op is None:
+            return '%s(%r)' % (self.__class__.__name__, self.target)
+        else:
+            return '%s(%r %s %r)' % (self.__class__.__name__,
+                                     self.target, self.op, self.value)
+
+    def __str__(self):
+        if self.op is None:
+            return '%s' % self.target
+        else:
+            return '%s %s %s' % (self.target, self.op, self.value)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
new file mode 100644
index 000000000..40ae1eb5b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
@@ -0,0 +1,118 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+from .. import This, DatumInContext, JSONPath
+
+
+class SortedThis(This):
+    """The JSONPath referring to the sorted version of the current object.
+
+    Concrete syntax is '`sorted`' or [\\field,/field].
+    """
+    def __init__(self, expressions=None):
+        self.expressions = expressions
+
+    def _compare(self, left, right):
+        left = DatumInContext.wrap(left)
+        right = DatumInContext.wrap(right)
+
+        for expr in self.expressions:
+            field, reverse = expr
+            l_datum = field.find(left)
+            r_datum = field.find(right)
+            if (not l_datum or not r_datum or
+                    len(l_datum) > 1 or len(r_datum) > 1 or
+                    l_datum[0].value == r_datum[0].value):
+                # NOTE(sileht): should we do something if the expression
+                # match multiple fields, for now ignore them
+                continue
+            elif l_datum[0].value < r_datum[0].value:
+                return 1 if reverse else -1
+            else:
+                return -1 if reverse else 1
+        return 0
+
+    def find(self, datum):
+        """Return sorted value of This if list or dict."""
+        if isinstance(datum.value, dict) and self.expressions:
+            return datum
+
+        if isinstance(datum.value, dict) or isinstance(datum.value, list):
+            key = (functools.cmp_to_key(self._compare)
+                   if self.expressions else None)
+            return [DatumInContext.wrap(
+                [value for value in sorted(datum.value, key=key)])]
+        return datum
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+
+class Len(JSONPath):
+    """The JSONPath referring to the len of the current object.
+
+    Concrete syntax is '`len`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = len(datum.value)
+        except TypeError:
+            return []
+        else:
+            return [DatumInContext(value,
+                                               context=None,
+                                               path=Len())]
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __str__(self):
+        return '`len`'
+
+    def __repr__(self):
+        return 'Len()'
+
+
+class Keys(JSONPath):
+    """The JSONPath referring to the keys of the current object.
+    Concrete syntax is '`keys`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = list(datum.value.keys())
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value[i],
+                                               context=None,
+                                               path=Keys()) for i in range (0, len(datum.value))]
+
+    def __eq__(self, other):
+        return isinstance(other, Keys)
+
+    def __str__(self):
+        return '`keys`'
+
+    def __repr__(self):
+        return 'Keys()'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
new file mode 100644
index 000000000..756b72c69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
@@ -0,0 +1,174 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .. import lexer
+from .. import parser
+from .. import Fields, This, Child
+
+from . import arithmetic as _arithmetic
+from . import filter as _filter
+from . import iterable as _iterable
+from . import string as _string
+
+
+class ExtendedJsonPathLexer(lexer.JsonPathLexer):
+    """Custom LALR-lexer for JsonPath"""
+    literals = lexer.JsonPathLexer.literals + ['?', '@', '+', '*', '/', '-']
+    tokens = (['BOOL'] +
+              parser.JsonPathLexer.tokens +
+              ['FILTER_OP', 'SORT_DIRECTION', 'FLOAT'])
+
+    t_FILTER_OP = r'=~|==?|<=|>=|!=|<|>'
+
+    def t_BOOL(self, t):
+        r'true|false'
+        t.value = True if t.value == 'true' else False
+        return t
+
+    def t_SORT_DIRECTION(self, t):
+        r',?\s*(/|\\)'
+        t.value = t.value[-1]
+        return t
+
+    def t_ID(self, t):
+        r'@?[a-zA-Z_][a-zA-Z0-9_@\-]*'
+        # NOTE(sileht): This fixes the ID expression to be
+        # able to use @ for `This` like any json query
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_FLOAT(self, t):
+        r'-?\d+\.\d+'
+        t.value = float(t.value)
+        return t
+
+
+class ExtentedJsonPathParser(parser.JsonPathParser):
+    """Custom LALR-parser for JsonPath"""
+
+    tokens = ExtendedJsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        lexer_class = lexer_class or ExtendedJsonPathLexer
+        super(ExtentedJsonPathParser, self).__init__(debug, lexer_class)
+
+    def p_jsonpath_operator_jsonpath(self, p):
+        """jsonpath : NUMBER operator NUMBER
+                    | FLOAT operator FLOAT
+                    | ID operator ID
+                    | NUMBER operator jsonpath
+                    | FLOAT operator jsonpath
+                    | jsonpath operator NUMBER
+                    | jsonpath operator FLOAT
+                    | jsonpath operator jsonpath
+        """
+
+        # NOTE(sileht): If we have choice between a field or a string we
+        # always choice string, because field can be full qualified
+        # like $.foo == foo and where string can't.
+        for i in [1, 3]:
+            if (isinstance(p[i], Fields) and len(p[i].fields) == 1):  # noqa
+                p[i] = p[i].fields[0]
+
+        p[0] = _arithmetic.Operation(p[1], p[2], p[3])
+
+    def p_operator(self, p):
+        """operator : '+'
+                    | '-'
+                    | '*'
+                    | '/'
+        """
+        p[0] = p[1]
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'len':
+            p[0] = _iterable.Len()
+        elif p[1] == 'keys':
+            p[0] = _iterable.Keys()
+        elif p[1] == 'sorted':
+            p[0] = _iterable.SortedThis()
+        elif p[1].startswith("split("):
+            p[0] = _string.Split(p[1])
+        elif p[1].startswith("sub("):
+            p[0] = _string.Sub(p[1])
+        elif p[1].startswith("str("):
+            p[0] = _string.Str(p[1])
+        else:
+            super(ExtentedJsonPathParser, self).p_jsonpath_named_operator(p)
+
+    def p_expression(self, p):
+        """expression : jsonpath
+                      | jsonpath FILTER_OP ID
+                      | jsonpath FILTER_OP FLOAT
+                      | jsonpath FILTER_OP NUMBER
+                      | jsonpath FILTER_OP BOOL
+        """
+        if len(p) == 2:
+            left, op, right = p[1], None, None
+        else:
+            __, left, op, right = p
+        p[0] = _filter.Expression(left, op, right)
+
+    def p_expressions_expression(self, p):
+        "expressions : expression"
+        p[0] = [p[1]]
+
+    def p_expressions_and(self, p):
+        "expressions : expressions '&' expressions"
+        # TODO(sileht): implements '|'
+        p[0] = p[1] + p[3]
+
+    def p_expressions_parens(self, p):
+        "expressions : '(' expressions ')'"
+        p[0] = p[2]
+
+    def p_filter(self, p):
+        "filter : '?' expressions "
+        p[0] = _filter.Filter(p[2])
+
+    def p_jsonpath_filter(self, p):
+        "jsonpath : jsonpath '[' filter ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_sort(self, p):
+        "sort : SORT_DIRECTION jsonpath"
+        p[0] = (p[2], p[1] != "/")
+
+    def p_sorts_sort(self, p):
+        "sorts : sort"
+        p[0] = [p[1]]
+
+    def p_sorts_comma(self, p):
+        "sorts : sorts sorts"
+        p[0] = p[1] + p[2]
+
+    def p_jsonpath_sort(self, p):
+        "jsonpath : jsonpath '[' sorts ']'"
+        sort = _iterable.SortedThis(p[3])
+        p[0] = Child(p[1], sort)
+
+    def p_jsonpath_this(self, p):
+        "jsonpath : '@'"
+        p[0] = This()
+
+    precedence = [
+        ('left', '+', '-'),
+        ('left', '*', '/'),
+    ] + parser.JsonPathParser.precedence + [
+        ('nonassoc', 'ID'),
+    ]
+
+
+def parse(path, debug=False):
+    return ExtentedJsonPathParser(debug=debug).parse(path)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
new file mode 100644
index 000000000..1cd27632d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
@@ -0,0 +1,117 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import re
+from .. import DatumInContext, This
+
+
+SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
+SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+STR = re.compile(r"str\(\)")
+
+
+class DefintionInvalid(Exception):
+    pass
+
+
+class Sub(This):
+    """Regex substituor
+
+    Concrete syntax is '`sub(/regex/, repl)`'
+    """
+
+    def __init__(self, method=None):
+        m = SUB.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.expr = m.group(1).strip()
+        self.repl = m.group(2).strip()
+        self.regex = re.compile(self.expr)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = self.regex.sub(self.repl, datum.value)
+        if value == datum.value:
+            return []
+        else:
+            return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Sub) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`sub(/%s/, %s)`' % (self.expr, self.repl)
+
+
+class Split(This):
+    """String splitter
+
+    Concrete syntax is '`split(char, segment, max_split)`'
+    """
+
+    def __init__(self, method=None):
+        m = SPLIT.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.char = m.group(1)
+        self.segment = int(m.group(2))
+        self.max_split = int(m.group(3))
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = datum.value.split(self.char, self.max_split)[self.segment]
+        except Exception:
+            return []
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Split) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`%s`' % self.method
+
+
+class Str(This):
+    """String converter
+
+    Concrete syntax is '`str()`'
+    """
+
+    def __init__(self, method=None):
+        m = STR.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = str(datum.value)
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Str) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`str()`'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
new file mode 100644
index 000000000..19e5a9eb3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
@@ -0,0 +1,815 @@
+import logging
+from itertools import *  # noqa
+from jsonpath_ng.lexer import JsonPathLexer
+
+# Get logger name
+logger = logging.getLogger(__name__)
+
+# Turn on/off the automatic creation of id attributes
+# ... could be a kwarg pervasively but uses are rare and simple today
+auto_id_field = None
+
+NOT_SET = object()
+LIST_KEY = object()
+
+
+class JSONPath:
+    """
+    The base class for JSONPath abstract syntax; those
+    methods stubbed here are the interface to supported
+    JSONPath semantics.
+    """
+
+    def find(self, data):
+        """
+        All `JSONPath` types support `find()`, which returns an iterable of `DatumInContext`s.
+        They keep track of the path followed to the current location, so if the calling code
+        has some opinion about that, it can be passed in here as a starting point.
+        """
+        raise NotImplementedError()
+
+    def find_or_create(self, data):
+        return self.find(data)
+
+    def update(self, data, val):
+        """
+        Returns `data` with the specified path replaced by `val`. Only updates
+        if the specified path exists.
+        """
+
+        raise NotImplementedError()
+
+    def update_or_create(self, data, val):
+        return self.update(data, val)
+
+    def filter(self, fn, data):
+        """
+        Returns `data` with the specified path filtering nodes according
+        the filter evaluation result returned by the filter function.
+
+        Arguments:
+            fn (function): unary function that accepts one argument
+                and returns bool.
+            data (dict|list|tuple): JSON object to filter.
+        """
+
+        raise NotImplementedError()
+
+    def child(self, child):
+        """
+        Equivalent to Child(self, next) but with some canonicalization
+        """
+        if isinstance(self, This) or isinstance(self, Root):
+            return child
+        elif isinstance(child, This):
+            return self
+        elif isinstance(child, Root):
+            return child
+        else:
+            return Child(self, child)
+
+    def make_datum(self, value):
+        if isinstance(value, DatumInContext):
+            return value
+        else:
+            return DatumInContext(value, path=Root(), context=None)
+
+
+class DatumInContext:
+    """
+    Represents a datum along a path from a context.
+
+    Essentially a zipper but with a structure represented by JsonPath,
+    and where the context is more of a parent pointer than a proper
+    representation of the context.
+
+    For quick-and-dirty work, this proxies any non-special attributes
+    to the underlying datum, but the actual datum can (and usually should)
+    be retrieved via the `value` attribute.
+
+    To place `datum` within another, use `datum.in_context(context=..., path=...)`
+    which extends the path. If the datum already has a context, it places the entire
+    context within that passed in, so an object can be built from the inside
+    out.
+    """
+    @classmethod
+    def wrap(cls, data):
+        if isinstance(data, cls):
+            return data
+        else:
+            return cls(data)
+
+    def __init__(self, value, path=None, context=None):
+        self.value = value
+        self.path = path or This()
+        self.context = None if context is None else DatumInContext.wrap(context)
+
+    def in_context(self, context, path):
+        context = DatumInContext.wrap(context)
+
+        if self.context:
+            return DatumInContext(value=self.value, path=self.path, context=context.in_context(path=path, context=context))
+        else:
+            return DatumInContext(value=self.value, path=path, context=context)
+
+    @property
+    def full_path(self):
+        return self.path if self.context is None else self.context.full_path.child(self.path)
+
+    @property
+    def id_pseudopath(self):
+        """
+        Looks like a path, but with ids stuck in when available
+        """
+        try:
+            pseudopath = Fields(str(self.value[auto_id_field]))
+        except (TypeError, AttributeError, KeyError): # This may not be all the interesting exceptions
+            pseudopath = self.path
+
+        if self.context:
+            return self.context.id_pseudopath.child(pseudopath)
+        else:
+            return pseudopath
+
+    def __repr__(self):
+        return '%s(value=%r, path=%r, context=%r)' % (self.__class__.__name__, self.value, self.path, self.context)
+
+    def __eq__(self, other):
+        return isinstance(other, DatumInContext) and other.value == self.value and other.path == self.path and self.context == other.context
+
+
+class AutoIdForDatum(DatumInContext):
+    """
+    This behaves like a DatumInContext, but the value is
+    always the path leading up to it, not including the "id",
+    and with any "id" fields along the way replacing the prior
+    segment of the path
+
+    For example, it will make "foo.bar.id" return a datum
+    that behaves like DatumInContext(value="foo.bar", path="foo.bar.id").
+
+    This is disabled by default; it can be turned on by
+    settings the `auto_id_field` global to a value other
+    than `None`.
+    """
+
+    def __init__(self, datum, id_field=None):
+        """
+        Invariant is that datum.path is the path from context to datum. The auto id
+        will either be the id in the datum (if present) or the id of the context
+        followed by the path to the datum.
+
+        The path to this datum is always the path to the context, the path to the
+        datum, and then the auto id field.
+        """
+        self.datum = datum
+        self.id_field = id_field or auto_id_field
+
+    @property
+    def value(self):
+        return str(self.datum.id_pseudopath)
+
+    @property
+    def path(self):
+        return self.id_field
+
+    @property
+    def context(self):
+        return self.datum
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.datum)
+
+    def in_context(self, context, path):
+        return AutoIdForDatum(self.datum.in_context(context=context, path=path))
+
+    def __eq__(self, other):
+        return isinstance(other, AutoIdForDatum) and other.datum == self.datum and self.id_field == other.id_field
+
+
+class Root(JSONPath):
+    """
+    The JSONPath referring to the "root" object. Concrete syntax is '$'.
+    The root is the topmost datum without any context attached.
+    """
+
+    def find(self, data):
+        if not isinstance(data, DatumInContext):
+            return [DatumInContext(data, path=Root(), context=None)]
+        else:
+            if data.context is None:
+                return [DatumInContext(data.value, context=None, path=Root())]
+            else:
+                return Root().find(data.context)
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '$'
+
+    def __repr__(self):
+        return 'Root()'
+
+    def __eq__(self, other):
+        return isinstance(other, Root)
+
+    def __hash__(self):
+        return hash('$')
+
+
+class This(JSONPath):
+    """
+    The JSONPath referring to the current datum. Concrete syntax is '@'.
+    """
+
+    def find(self, datum):
+        return [DatumInContext.wrap(datum)]
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '`this`'
+
+    def __repr__(self):
+        return 'This()'
+
+    def __eq__(self, other):
+        return isinstance(other, This)
+
+    def __hash__(self):
+        return hash('this')
+
+
+class Child(JSONPath):
+    """
+    JSONPath that first matches the left, then the right.
+    Concrete syntax is <left> '.' <right>
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        """
+        Extra special case: auto ids do not have children,
+        so cut it off right now rather than auto id the auto id
+        """
+
+        return [submatch
+                for subdata in self.left.find(datum)
+                if not isinstance(subdata, AutoIdForDatum)
+                for submatch in self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.left.find(data):
+            self.right.update(datum.value, val)
+        return data
+
+    def find_or_create(self, datum):
+        datum = DatumInContext.wrap(datum)
+        submatches = []
+        for subdata in self.left.find_or_create(datum):
+            if isinstance(subdata, AutoIdForDatum):
+                # Extra special case: auto ids do not have children,
+                # so cut it off right now rather than auto id the auto id
+                continue
+            for submatch in self.right.find_or_create(subdata):
+                submatches.append(submatch)
+        return submatches
+
+    def update_or_create(self, data, val):
+        for datum in self.left.find_or_create(data):
+            self.right.update_or_create(datum.value, val)
+        return _clean_list_keys(data)
+
+    def filter(self, fn, data):
+        for datum in self.left.find(data):
+            self.right.filter(fn, datum.value)
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Child) and self.left == other.left and self.right == other.right
+
+    def __str__(self):
+        return '%s.%s' % (self.left, self.right)
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Parent(JSONPath):
+    """
+    JSONPath that matches the parent node of the current match.
+    Will crash if no such parent exists.
+    Available via named operator `parent`.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        return [datum.context]
+
+    def __eq__(self, other):
+        return isinstance(other, Parent)
+
+    def __str__(self):
+        return '`parent`'
+
+    def __repr__(self):
+        return 'Parent()'
+
+    def __hash__(self):
+        return hash('parent')
+
+
+class Where(JSONPath):
+    """
+    JSONPath that first matches the left, and then
+    filters for only those nodes that have
+    a match on the right.
+
+    WARNING: Subject to change. May want to have "contains"
+    or some other better word for it.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data) if self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        for datum in self.find(data):
+            datum.path.filter(fn, datum.value)
+        return data
+
+    def __str__(self):
+        return '%s where %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Where) and other.left == self.left and other.right == self.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Descendants(JSONPath):
+    """
+    JSONPath that matches first the left expression then any descendant
+    of it which matches the right expression.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        # <left> .. <right> ==> <left> . (<right> | *..<right> | [*]..<right>)
+        #
+        # With with a wonky caveat that since Slice() has funky coercions
+        # we cannot just delegate to that equivalence or we'll hit an
+        # infinite loop. So right here we implement the coercion-free version.
+
+        # Get all left matches into a list
+        left_matches = self.left.find(datum)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def match_recursively(datum):
+            right_matches = self.right.find(datum)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(datum.value, list):
+                recursive_matches = [submatch
+                                     for i in range(0, len(datum.value))
+                                     for submatch in match_recursively(DatumInContext(datum.value[i], context=datum, path=Index(i)))]
+
+            elif isinstance(datum.value, dict):
+                recursive_matches = [submatch
+                                     for field in datum.value.keys()
+                                     for submatch in match_recursively(DatumInContext(datum.value[field], context=datum, path=Fields(field)))]
+
+            else:
+                recursive_matches = []
+
+            return right_matches + list(recursive_matches)
+
+        # TODO: repeatable iterator instead of list?
+        return [submatch
+                for left_match in left_matches
+                for submatch in match_recursively(left_match)]
+
+    def is_singular(self):
+        return False
+
+    def update(self, data, val):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def update_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.update(data, val)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    update_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    update_recursively(data[field])
+
+        for submatch in left_matches:
+            update_recursively(submatch.value)
+
+        return data
+
+    def filter(self, fn, data):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def filter_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.filter(fn, data)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    filter_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    filter_recursively(data[field])
+
+        for submatch in left_matches:
+            filter_recursively(submatch.value)
+
+        return data
+
+    def __str__(self):
+        return '%s..%s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Descendants) and self.left == other.left and self.right == other.right
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Union(JSONPath):
+    """
+    JSONPath that returns the union of the results of each match.
+    This is pretty shoddily implemented for now. The nicest semantics
+    in case of mismatched bits (list vs atomic) is to put
+    them all in a list, but I haven't done that yet.
+
+    WARNING: Any appearance of this being the _concatenation_ is
+    coincidence. It may even be a bug! (or laziness)
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        return self.left.find(data) + self.right.find(data)
+
+    def __eq__(self, other):
+        return isinstance(other, Union) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Intersect(JSONPath):
+    """
+    JSONPath for bits that match *both* patterns.
+
+    This can be accomplished a couple of ways. The most
+    efficient is to actually build the intersected
+    AST as in building a state machine for matching the
+    intersection of regular languages. The next
+    idea is to build a filtered data and match against
+    that.
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        raise NotImplementedError()
+
+    def __eq__(self, other):
+        return isinstance(other, Intersect) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Fields(JSONPath):
+    """
+    JSONPath referring to some field of the current object.
+    Concrete syntax ix comma-separated field names.
+
+    WARNING: If '*' is any of the field names, then they will
+    all be returned.
+    """
+
+    def __init__(self, *fields):
+        self.fields = fields
+
+    @staticmethod
+    def get_field_datum(datum, field, create):
+        if field == auto_id_field:
+            return AutoIdForDatum(datum)
+        try:
+            field_value = datum.value.get(field, NOT_SET)
+            if field_value is NOT_SET:
+                if create:
+                    datum.value[field] = field_value = {}
+                else:
+                    return None
+            return DatumInContext(field_value, path=Fields(field), context=datum)
+        except (TypeError, AttributeError):
+            return None
+
+    def reified_fields(self, datum):
+        if '*' not in self.fields:
+            return self.fields
+        else:
+            try:
+                fields = tuple(datum.value.keys())
+                return fields if auto_id_field is None else fields + (auto_id_field,)
+            except AttributeError:
+                return ()
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        field_data = [self.get_field_datum(datum, field, create)
+                      for field in self.reified_fields(datum)]
+        return [fd for fd in field_data if fd is not None]
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field not in data and create:
+                    data[field] = {}
+                if field in data:
+                    if hasattr(val, '__call__'):
+                        data[field] = val(data[field], data, field)
+                    else:
+                        data[field] = val
+        return data
+
+    def filter(self, fn, data):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field in data:
+                    if fn(data[field]):
+                        data.pop(field)
+        return data
+
+    def __str__(self):
+        # If any JsonPathLexer.literals are included in field name need quotes
+        # This avoids unnecessary quotes to keep strings short.
+        # Test each field whether it contains a literal and only then add quotes
+        # The test loops over all literals, could possibly optimize to short circuit if one found
+        fields_as_str = ("'" + str(f) + "'" if any([l in f for l in JsonPathLexer.literals]) else
+                         str(f) for f in self.fields)
+        return ','.join(fields_as_str)
+
+
+    def __repr__(self):
+        return '%s(%s)' % (self.__class__.__name__, ','.join(map(repr, self.fields)))
+
+    def __eq__(self, other):
+        return isinstance(other, Fields) and tuple(self.fields) == tuple(other.fields)
+
+    def __hash__(self):
+        return hash(tuple(self.fields))
+
+
+class Index(JSONPath):
+    """
+    JSONPath that matches indices of the current datum, or none if not large enough.
+    Concrete syntax is brackets.
+
+    WARNING: If the datum is None or not long enough, it will not crash but will not match anything.
+    NOTE: For the concrete syntax of `[*]`, the abstract syntax is a Slice() with no parameters (equiv to `[:]`
+    """
+
+    def __init__(self, index):
+        self.index = index
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        if create:
+            if datum.value == {}:
+                datum.value = _create_list_key(datum.value)
+            self._pad_value(datum.value)
+        if datum.value and len(datum.value) > self.index:
+            return [DatumInContext(datum.value[self.index], path=self, context=datum)]
+        else:
+            return []
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if create:
+            if data == {}:
+                data = _create_list_key(data)
+            self._pad_value(data)
+        if hasattr(val, '__call__'):
+            data[self.index] = val.__call__(data[self.index], data, self.index)
+        elif len(data) > self.index:
+            data[self.index] = val
+        return data
+
+    def filter(self, fn, data):
+        if fn(data[self.index]):
+            data.pop(self.index)  # relies on mutation :(
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Index) and self.index == other.index
+
+    def __str__(self):
+        return '[%i]' % self.index
+
+    def __repr__(self):
+        return '%s(index=%r)' % (self.__class__.__name__, self.index)
+
+    def _pad_value(self, value):
+        if len(value) <= self.index:
+            pad = self.index - len(value) + 1
+            value += [{} for __ in range(pad)]
+
+    def __hash__(self):
+        return hash(self.index)
+
+
+class Slice(JSONPath):
+    """
+    JSONPath matching a slice of an array.
+
+    Because of a mismatch between JSON and XML when schema-unaware,
+    this always returns an iterable; if the incoming data
+    was not a list, then it returns a one element list _containing_ that
+    data.
+
+    Consider these two docs, and their schema-unaware translation to JSON:
+
+    <a><b>hello</b></a> ==> {"a": {"b": "hello"}}
+    <a><b>hello</b><b>goodbye</b></a> ==> {"a": {"b": ["hello", "goodbye"]}}
+
+    If there were a schema, it would be known that "b" should always be an
+    array (unless the schema were wonky, but that is too much to fix here)
+    so when querying with JSON if the one writing the JSON knows that it
+    should be an array, they can write a slice operator and it will coerce
+    a non-array value to an array.
+
+    This may be a bit unfortunate because it would be nice to always have
+    an iterator, but dictionaries and other objects may also be iterable,
+    so this is the compromise.
+    """
+    def __init__(self, start=None, end=None, step=None):
+        self.start = start
+        self.end = end
+        self.step = step
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+
+        # Used for catching null value instead of empty list in path
+        if not datum.value:
+            return []
+        # Here's the hack. If it is a dictionary or some kind of constant,
+        # put it in a single-element list
+        if (isinstance(datum.value, dict) or isinstance(datum.value, int) or isinstance(datum.value, str)):
+            return self.find(DatumInContext([datum.value], path=datum.path, context=datum.context))
+
+        # Some iterators do not support slicing but we can still
+        # at least work for '*'
+        if self.start is None and self.end is None and self.step is None:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))]
+        else:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))[self.start:self.end:self.step]]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        while True:
+            length = len(data)
+            for datum in self.find(data):
+                data = datum.path.filter(fn, data)
+                if len(data) < length:
+                    break
+
+            if length == len(data):
+                break
+        return data
+
+    def __str__(self):
+        if self.start is None and self.end is None and self.step is None:
+            return '[*]'
+        else:
+            return '[%s%s%s]' % (self.start or '',
+                                   ':%d'%self.end if self.end else '',
+                                   ':%d'%self.step if self.step else '')
+
+    def __repr__(self):
+        return '%s(start=%r,end=%r,step=%r)' % (self.__class__.__name__, self.start, self.end, self.step)
+
+    def __eq__(self, other):
+        return isinstance(other, Slice) and other.start == self.start and self.end == other.end and other.step == self.step
+
+    def __hash__(self):
+        return hash((self.start, self.end, self.step))
+
+
+def _create_list_key(dict_):
+    """
+    Adds a list to a dictionary by reference and returns the list.
+
+    See `_clean_list_keys()`
+    """
+    dict_[LIST_KEY] = new_list = [{}]
+    return new_list
+
+
+def _clean_list_keys(struct_):
+    """
+    Replace {LIST_KEY: ['foo', 'bar']} with ['foo', 'bar'].
+
+    >>> _clean_list_keys({LIST_KEY: ['foo', 'bar']})
+    ['foo', 'bar']
+
+    """
+    if(isinstance(struct_, list)):
+        for ind, value in enumerate(struct_):
+            struct_[ind] = _clean_list_keys(value)
+    elif(isinstance(struct_, dict)):
+        if(LIST_KEY in struct_):
+            return _clean_list_keys(struct_[LIST_KEY])
+        else:
+            for key, value in struct_.items():
+                struct_[key] = _clean_list_keys(value)
+    return struct_
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
new file mode 100644
index 000000000..b2ad5ee6d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
@@ -0,0 +1,171 @@
+import sys
+import logging
+
+import ply.lex
+
+from jsonpath_ng.exceptions import JsonPathLexerError
+
+logger = logging.getLogger(__name__)
+
+
+class JsonPathLexer:
+    '''
+    A Lexical analyzer for JsonPath.
+    '''
+
+    def __init__(self, debug=False):
+        self.debug = debug
+        if self.__doc__ is None:
+            raise JsonPathLexerError('Docstrings have been removed! By design of PLY, jsonpath-rw requires docstrings. You must not use PYTHONOPTIMIZE=2 or python -OO.')
+
+    def tokenize(self, string):
+        '''
+        Maps a string to an iterator over tokens. In other words: [char] -> [token]
+        '''
+
+        new_lexer = ply.lex.lex(module=self, debug=self.debug, errorlog=logger)
+        new_lexer.latest_newline = 0
+        new_lexer.string_value = None
+        new_lexer.input(string)
+
+        while True:
+            t = new_lexer.token()
+            if t is None:
+                break
+            t.col = t.lexpos - new_lexer.latest_newline
+            yield t
+
+        if new_lexer.string_value is not None:
+            raise JsonPathLexerError('Unexpected EOF in string literal or identifier')
+
+    # ============== PLY Lexer specification ==================
+    #
+    # This probably should be private but:
+    #   - the parser requires access to `tokens` (perhaps they should be defined in a third, shared dependency)
+    #   - things like `literals` might be a legitimate part of the public interface.
+    #
+    # Anyhow, it is pythonic to give some rope to hang oneself with :-)
+
+    literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
+
+    reserved_words = { 'where': 'WHERE' }
+
+    tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
+
+    states = [ ('singlequote', 'exclusive'),
+               ('doublequote', 'exclusive'),
+               ('backquote', 'exclusive') ]
+
+    # Normal lexing, rather easy
+    t_DOUBLEDOT = r'\.\.'
+    t_ignore = ' \t'
+
+    def t_ID(self, t):
+        r'[a-zA-Z_@][a-zA-Z0-9_@\-]*'
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_NUMBER(self, t):
+        r'-?\d+'
+        t.value = int(t.value)
+        return t
+
+
+    # Single-quoted strings
+    t_singlequote_ignore = ''
+    def t_singlequote(self, t):
+        r"'"
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('singlequote')
+
+    def t_singlequote_content(self, t):
+        r"[^'\\]+"
+        t.lexer.string_value += t.value
+
+    def t_singlequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_singlequote_end(self, t):
+        r"'"
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_singlequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing singlequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Double-quoted strings
+    t_doublequote_ignore = ''
+    def t_doublequote(self, t):
+        r'"'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('doublequote')
+
+    def t_doublequote_content(self, t):
+        r'[^"\\]+'
+        t.lexer.string_value += t.value
+
+    def t_doublequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_doublequote_end(self, t):
+        r'"'
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_doublequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing doublequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Back-quoted "magic" operators
+    t_backquote_ignore = ''
+    def t_backquote(self, t):
+        r'`'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('backquote')
+
+    def t_backquote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_backquote_content(self, t):
+        r"[^`\\]+"
+        t.lexer.string_value += t.value
+
+    def t_backquote_end(self, t):
+        r'`'
+        t.value = t.lexer.string_value
+        t.type = 'NAMED_OPERATOR'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_backquote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing backquoted operator: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Counting lines, handling errors
+    def t_newline(self, t):
+        r'\n'
+        t.lexer.lineno += 1
+        t.lexer.latest_newline = t.lexpos
+
+    def t_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    lexer = JsonPathLexer(debug=True)
+    for token in lexer.tokenize(sys.stdin.read()):
+        print('%-20s%s' % (token.value, token.type))
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
new file mode 100644
index 000000000..87e353ebf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
@@ -0,0 +1,199 @@
+import logging
+import sys
+import os.path
+
+import ply.yacc
+
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.jsonpath import *
+from jsonpath_ng.lexer import JsonPathLexer
+
+logger = logging.getLogger(__name__)
+
+
+def parse(string):
+    return JsonPathParser().parse(string)
+
+
+class JsonPathParser:
+    '''
+    An LALR-parser for JsonPath
+    '''
+
+    tokens = JsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        if self.__doc__ is None:
+            raise JsonPathParserError(
+                'Docstrings have been removed! By design of PLY, '
+                'jsonpath-rw requires docstrings. You must not use '
+                'PYTHONOPTIMIZE=2 or python -OO.'
+            )
+
+        self.debug = debug
+        self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+
+        # Since PLY has some crufty aspects and dumps files, we try to keep them local
+        # However, we need to derive the name of the output Python file :-/
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+
+        # And we regenerate the parse table every time;
+        # it doesn't actually take that long!
+        new_parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule = parsing_table_module,
+                                   outputdir = output_directory,
+                                   write_tables=0,
+                                   start = start_symbol,
+                                   errorlog = logger)
+
+        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+    # ===================== PLY Parser specification =====================
+
+    precedence = [
+        ('left', ','),
+        ('left', 'DOUBLEDOT'),
+        ('left', '.'),
+        ('left', '|'),
+        ('left', '&'),
+        ('left', 'WHERE'),
+    ]
+
+    def p_error(self, t):
+        if t is None:
+            raise JsonPathParserError('Parse error near the end of string!')
+        raise JsonPathParserError('Parse error at %s:%s near token %s (%s)'
+                                  % (t.lineno, t.col, t.value, t.type))
+
+    def p_jsonpath_binop(self, p):
+        """jsonpath : jsonpath '.' jsonpath
+                    | jsonpath DOUBLEDOT jsonpath
+                    | jsonpath WHERE jsonpath
+                    | jsonpath '|' jsonpath
+                    | jsonpath '&' jsonpath"""
+        op = p[2]
+
+        if op == '.':
+            p[0] = Child(p[1], p[3])
+        elif op == '..':
+            p[0] = Descendants(p[1], p[3])
+        elif op == 'where':
+            p[0] = Where(p[1], p[3])
+        elif op == '|':
+            p[0] = Union(p[1], p[3])
+        elif op == '&':
+            p[0] = Intersect(p[1], p[3])
+
+    def p_jsonpath_fields(self, p):
+        "jsonpath : fields_or_any"
+        p[0] = Fields(*p[1])
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'this':
+            p[0] = This()
+        elif p[1] == 'parent':
+            p[0] = Parent()
+        else:
+            raise JsonPathParserError('Unknown named operator `%s` at %s:%s'
+                                      % (p[1], p.lineno(1), p.lexpos(1)))
+
+    def p_jsonpath_root(self, p):
+        "jsonpath : '$'"
+        p[0] = Root()
+
+    def p_jsonpath_idx(self, p):
+        "jsonpath : '[' idx ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_slice(self, p):
+        "jsonpath : '[' slice ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_fieldbrackets(self, p):
+        "jsonpath : '[' fields ']'"
+        p[0] = Fields(*p[2])
+
+    def p_jsonpath_child_fieldbrackets(self, p):
+        "jsonpath : jsonpath '[' fields ']'"
+        p[0] = Child(p[1], Fields(*p[3]))
+
+    def p_jsonpath_child_idxbrackets(self, p):
+        "jsonpath : jsonpath '[' idx ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_child_slicebrackets(self, p):
+        "jsonpath : jsonpath '[' slice ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_parens(self, p):
+        "jsonpath : '(' jsonpath ')'"
+        p[0] = p[2]
+
+    # Because fields in brackets cannot be '*' - that is reserved for array indices
+    def p_fields_or_any(self, p):
+        """fields_or_any : fields
+                         | '*'    """
+        if p[1] == '*':
+            p[0] = ['*']
+        else:
+            p[0] = p[1]
+
+    def p_fields_id(self, p):
+        "fields : ID"
+        p[0] = [p[1]]
+
+    def p_fields_comma(self, p):
+        "fields : fields ',' fields"
+        p[0] = p[1] + p[3]
+
+    def p_idx(self, p):
+        "idx : NUMBER"
+        p[0] = Index(p[1])
+
+    def p_slice_any(self, p):
+        "slice : '*'"
+        p[0] = Slice()
+
+    def p_slice(self, p): # Currently does not support `step`
+        """slice : maybe_int ':' maybe_int
+                 | maybe_int ':' maybe_int ':' maybe_int """
+        p[0] = Slice(*p[1::2])
+
+    def p_maybe_int(self, p):
+        """maybe_int : NUMBER
+                     | empty"""
+        p[0] = p[1]
+
+    def p_empty(self, p):
+        'empty :'
+        p[0] = None
+
+class IteratorToTokenStream:
+    def __init__(self, iterator):
+        self.iterator = iterator
+
+    def token(self):
+        try:
+            return next(self.iterator)
+        except StopIteration:
+            return None
+
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    parser = JsonPathParser(debug=True)
+    print(parser.parse(sys.stdin.read()))
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
new file mode 100644
index 000000000..b40f24c66
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
@@ -0,0 +1,332 @@
+import functools
+import string
+import sys
+import typing as t
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+    _P = te.ParamSpec("_P")
+
+
+__version__ = "2.1.5"
+
+
+def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
+    @functools.wraps(func)
+    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
+        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
+        _escape_argspec(kwargs, kwargs.items(), self.escape)
+        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+
+    return wrapped  # type: ignore[return-value]
+
+
+class Markup(str):
+    """A string that is ready to be safely inserted into an HTML or XML
+    document, either because it was escaped or because it was marked
+    safe.
+
+    Passing an object to the constructor converts it to text and wraps
+    it to mark it safe without escaping. To escape the text, use the
+    :meth:`escape` class method instead.
+
+    >>> Markup("Hello, <em>World</em>!")
+    Markup('Hello, <em>World</em>!')
+    >>> Markup(42)
+    Markup('42')
+    >>> Markup.escape("Hello, <em>World</em>!")
+    Markup('Hello &lt;em&gt;World&lt;/em&gt;!')
+
+    This implements the ``__html__()`` interface that some frameworks
+    use. Passing an object that implements ``__html__()`` will wrap the
+    output of that method, marking it safe.
+
+    >>> class Foo:
+    ...     def __html__(self):
+    ...         return '<a href="/foo">foo</a>'
+    ...
+    >>> Markup(Foo())
+    Markup('<a href="/foo">foo</a>')
+
+    This is a subclass of :class:`str`. It has the same methods, but
+    escapes their arguments and returns a ``Markup`` instance.
+
+    >>> Markup("<em>%s</em>") % ("foo & bar",)
+    Markup('<em>foo &amp; bar</em>')
+    >>> Markup("<em>Hello</em> ") + "<foo>"
+    Markup('<em>Hello</em> &lt;foo&gt;')
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
+    ) -> "te.Self":
+        if hasattr(base, "__html__"):
+            base = base.__html__()
+
+        if encoding is None:
+            return super().__new__(cls, base)
+
+        return super().__new__(cls, base, encoding, errors)
+
+    def __html__(self) -> "te.Self":
+        return self
+
+    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.__class__(super().__add__(self.escape(other)))
+
+        return NotImplemented
+
+    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.escape(other).__add__(self)
+
+        return NotImplemented
+
+    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
+        if isinstance(num, int):
+            return self.__class__(super().__mul__(num))
+
+        return NotImplemented
+
+    __rmul__ = __mul__
+
+    def __mod__(self, arg: t.Any) -> "te.Self":
+        if isinstance(arg, tuple):
+            # a tuple of arguments, each wrapped
+            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
+        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            # a mapping of arguments, wrapped
+            arg = _MarkupEscapeHelper(arg, self.escape)
+        else:
+            # a single argument, wrapped with the helper and a tuple
+            arg = (_MarkupEscapeHelper(arg, self.escape),)
+
+        return self.__class__(super().__mod__(arg))
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({super().__repr__()})"
+
+    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
+        return self.__class__(super().join(map(self.escape, seq)))
+
+    join.__doc__ = str.join.__doc__
+
+    def split(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().split(sep, maxsplit)]
+
+    split.__doc__ = str.split.__doc__
+
+    def rsplit(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
+
+    rsplit.__doc__ = str.rsplit.__doc__
+
+    def splitlines(  # type: ignore[override]
+        self, keepends: bool = False
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().splitlines(keepends)]
+
+    splitlines.__doc__ = str.splitlines.__doc__
+
+    def unescape(self) -> str:
+        """Convert escaped markup back into a text string. This replaces
+        HTML entities with the characters they represent.
+
+        >>> Markup("Main &raquo; <em>About</em>").unescape()
+        'Main » <em>About</em>'
+        """
+        from html import unescape
+
+        return unescape(str(self))
+
+    def striptags(self) -> str:
+        """:meth:`unescape` the markup, remove tags, and normalize
+        whitespace to single spaces.
+
+        >>> Markup("Main &raquo;\t<em>About</em>").striptags()
+        'Main » About'
+        """
+        value = str(self)
+
+        # Look for comments then tags separately. Otherwise, a comment that
+        # contains a tag would end early, leaving some of the comment behind.
+
+        while True:
+            # keep finding comment start marks
+            start = value.find("<!--")
+
+            if start == -1:
+                break
+
+            # find a comment end mark beyond the start, otherwise stop
+            end = value.find("-->", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 3:]}"
+
+        # remove tags using the same method
+        while True:
+            start = value.find("<")
+
+            if start == -1:
+                break
+
+            end = value.find(">", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 1:]}"
+
+        # collapse spaces
+        value = " ".join(value.split())
+        return self.__class__(value).unescape()
+
+    @classmethod
+    def escape(cls, s: t.Any) -> "te.Self":
+        """Escape a string. Calls :func:`escape` and ensures that for
+        subclasses the correct type is returned.
+        """
+        rv = escape(s)
+
+        if rv.__class__ is not cls:
+            return cls(rv)
+
+        return rv  # type: ignore[return-value]
+
+    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
+    capitalize = _simple_escaping_wrapper(str.capitalize)
+    title = _simple_escaping_wrapper(str.title)
+    lower = _simple_escaping_wrapper(str.lower)
+    upper = _simple_escaping_wrapper(str.upper)
+    replace = _simple_escaping_wrapper(str.replace)
+    ljust = _simple_escaping_wrapper(str.ljust)
+    rjust = _simple_escaping_wrapper(str.rjust)
+    lstrip = _simple_escaping_wrapper(str.lstrip)
+    rstrip = _simple_escaping_wrapper(str.rstrip)
+    center = _simple_escaping_wrapper(str.center)
+    strip = _simple_escaping_wrapper(str.strip)
+    translate = _simple_escaping_wrapper(str.translate)
+    expandtabs = _simple_escaping_wrapper(str.expandtabs)
+    swapcase = _simple_escaping_wrapper(str.swapcase)
+    zfill = _simple_escaping_wrapper(str.zfill)
+    casefold = _simple_escaping_wrapper(str.casefold)
+
+    if sys.version_info >= (3, 9):
+        removeprefix = _simple_escaping_wrapper(str.removeprefix)
+        removesuffix = _simple_escaping_wrapper(str.removesuffix)
+
+    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().partition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().rpartition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, args, kwargs))
+
+    def format_map(  # type: ignore[override]
+        self, map: t.Mapping[str, t.Any]
+    ) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, (), map))
+
+    def __html_format__(self, format_spec: str) -> "te.Self":
+        if format_spec:
+            raise ValueError("Unsupported format specification for Markup.")
+
+        return self
+
+
+class EscapeFormatter(string.Formatter):
+    __slots__ = ("escape",)
+
+    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.escape = escape
+        super().__init__()
+
+    def format_field(self, value: t.Any, format_spec: str) -> str:
+        if hasattr(value, "__html_format__"):
+            rv = value.__html_format__(format_spec)
+        elif hasattr(value, "__html__"):
+            if format_spec:
+                raise ValueError(
+                    f"Format specifier {format_spec} given, but {type(value)} does not"
+                    " define __html_format__. A class that defines __html__ must define"
+                    " __html_format__ to work with format specifiers."
+                )
+            rv = value.__html__()
+        else:
+            # We need to make sure the format spec is str here as
+            # otherwise the wrong callback methods are invoked.
+            rv = string.Formatter.format_field(self, value, str(format_spec))
+        return str(self.escape(rv))
+
+
+_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
+
+
+def _escape_argspec(
+    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
+) -> _ListOrDict:
+    """Helper for various string-wrapped functions."""
+    for key, value in iterable:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            obj[key] = escape(value)
+
+    return obj
+
+
+class _MarkupEscapeHelper:
+    """Helper for :meth:`Markup.__mod__`."""
+
+    __slots__ = ("obj", "escape")
+
+    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.obj = obj
+        self.escape = escape
+
+    def __getitem__(self, item: t.Any) -> "te.Self":
+        return self.__class__(self.obj[item], self.escape)
+
+    def __str__(self) -> str:
+        return str(self.escape(self.obj))
+
+    def __repr__(self) -> str:
+        return str(self.escape(repr(self.obj)))
+
+    def __int__(self) -> int:
+        return int(self.obj)
+
+    def __float__(self) -> float:
+        return float(self.obj)
+
+
+# circular import
+try:
+    from ._speedups import escape as escape
+    from ._speedups import escape_silent as escape_silent
+    from ._speedups import soft_str as soft_str
+except ImportError:
+    from ._native import escape as escape
+    from ._native import escape_silent as escape_silent  # noqa: F401
+    from ._native import soft_str as soft_str  # noqa: F401
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
new file mode 100644
index 000000000..8117b2716
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
@@ -0,0 +1,63 @@
+import typing as t
+
+from . import Markup
+
+
+def escape(s: t.Any) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(
+        str(s)
+        .replace("&", "&amp;")
+        .replace(">", "&gt;")
+        .replace("<", "&lt;")
+        .replace("'", "&#39;")
+        .replace('"', "&#34;")
+    )
+
+
+def escape_silent(s: t.Optional[t.Any]) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
+
+    return escape(s)
+
+
+def soft_str(s: t.Any) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
+
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
+
+    return s
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
new file mode 100644
index 000000000..3c463fb82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
@@ -0,0 +1,320 @@
+#include <Python.h>
+
+static PyObject* markup;
+
+static int
+init_constants(void)
+{
+	PyObject *module;
+
+	/* import markup type so that we can mark the return value */
+	module = PyImport_ImportModule("markupsafe");
+	if (!module)
+		return 0;
+	markup = PyObject_GetAttrString(module, "Markup");
+	Py_DECREF(module);
+
+	return 1;
+}
+
+#define GET_DELTA(inp, inp_end, delta) \
+	while (inp < inp_end) { \
+		switch (*inp++) { \
+		case '"': \
+		case '\'': \
+		case '&': \
+			delta += 4; \
+			break; \
+		case '<': \
+		case '>': \
+			delta += 3; \
+			break; \
+		} \
+	}
+
+#define DO_ESCAPE(inp, inp_end, outp) \
+	{ \
+		Py_ssize_t ncopy = 0; \
+		while (inp < inp_end) { \
+			switch (*inp) { \
+			case '"': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '4'; \
+				*outp++ = ';'; \
+				break; \
+			case '\'': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '9'; \
+				*outp++ = ';'; \
+				break; \
+			case '&': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'a'; \
+				*outp++ = 'm'; \
+				*outp++ = 'p'; \
+				*outp++ = ';'; \
+				break; \
+			case '<': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'l'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			case '>': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'g'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			default: \
+				ncopy++; \
+			} \
+			inp++; \
+		} \
+		memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+	}
+
+static PyObject*
+escape_unicode_kind1(PyUnicodeObject *in)
+{
+	Py_UCS1 *inp = PyUnicode_1BYTE_DATA(in);
+	Py_UCS1 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS1 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta,
+						PyUnicode_IS_ASCII(in) ? 127 : 255);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_1BYTE_DATA(in);
+	outp = PyUnicode_1BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode_kind2(PyUnicodeObject *in)
+{
+	Py_UCS2 *inp = PyUnicode_2BYTE_DATA(in);
+	Py_UCS2 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS2 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 65535);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_2BYTE_DATA(in);
+	outp = PyUnicode_2BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+
+static PyObject*
+escape_unicode_kind4(PyUnicodeObject *in)
+{
+	Py_UCS4 *inp = PyUnicode_4BYTE_DATA(in);
+	Py_UCS4 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS4 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 1114111);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_4BYTE_DATA(in);
+	outp = PyUnicode_4BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode(PyUnicodeObject *in)
+{
+	if (PyUnicode_READY(in))
+		return NULL;
+
+	switch (PyUnicode_KIND(in)) {
+	case PyUnicode_1BYTE_KIND:
+		return escape_unicode_kind1(in);
+	case PyUnicode_2BYTE_KIND:
+		return escape_unicode_kind2(in);
+	case PyUnicode_4BYTE_KIND:
+		return escape_unicode_kind4(in);
+	}
+	assert(0);  /* shouldn't happen */
+	return NULL;
+}
+
+static PyObject*
+escape(PyObject *self, PyObject *text)
+{
+	static PyObject *id_html;
+	PyObject *s = NULL, *rv = NULL, *html;
+
+	if (id_html == NULL) {
+		id_html = PyUnicode_InternFromString("__html__");
+		if (id_html == NULL) {
+			return NULL;
+		}
+	}
+
+	/* we don't have to escape integers, bools or floats */
+	if (PyLong_CheckExact(text) ||
+		PyFloat_CheckExact(text) || PyBool_Check(text) ||
+		text == Py_None)
+		return PyObject_CallFunctionObjArgs(markup, text, NULL);
+
+	/* if the object has an __html__ method that performs the escaping */
+	html = PyObject_GetAttr(text ,id_html);
+	if (html) {
+		s = PyObject_CallObject(html, NULL);
+		Py_DECREF(html);
+		if (s == NULL) {
+			return NULL;
+		}
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
+		return rv;
+	}
+
+	/* otherwise make the object unicode if it isn't, then escape */
+	PyErr_Clear();
+	if (!PyUnicode_Check(text)) {
+		PyObject *unicode = PyObject_Str(text);
+		if (!unicode)
+			return NULL;
+		s = escape_unicode((PyUnicodeObject*)unicode);
+		Py_DECREF(unicode);
+	}
+	else
+		s = escape_unicode((PyUnicodeObject*)text);
+
+	/* convert the unicode string into a markup object. */
+	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+	Py_DECREF(s);
+	return rv;
+}
+
+
+static PyObject*
+escape_silent(PyObject *self, PyObject *text)
+{
+	if (text != Py_None)
+		return escape(self, text);
+	return PyObject_CallFunctionObjArgs(markup, NULL);
+}
+
+
+static PyObject*
+soft_str(PyObject *self, PyObject *s)
+{
+	if (!PyUnicode_Check(s))
+		return PyObject_Str(s);
+	Py_INCREF(s);
+	return s;
+}
+
+
+static PyMethodDef module_methods[] = {
+	{
+		"escape",
+		(PyCFunction)escape,
+		METH_O,
+		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
+		" the string with HTML-safe sequences. Use this if you need to display"
+		" text that might contain such characters in HTML.\n\n"
+		"If the object has an ``__html__`` method, it is called and the"
+		" return value is assumed to already be safe for HTML.\n\n"
+		":param s: An object to be converted to a string and escaped.\n"
+		":return: A :class:`Markup` string with the escaped text.\n"
+	},
+	{
+		"escape_silent",
+		(PyCFunction)escape_silent,
+		METH_O,
+		"Like :func:`escape` but treats ``None`` as the empty string."
+		" Useful with optional values, as otherwise you get the string"
+		" ``'None'`` when the value is ``None``.\n\n"
+		">>> escape(None)\n"
+		"Markup('None')\n"
+		">>> escape_silent(None)\n"
+		"Markup('')\n"
+	},
+	{
+		"soft_str",
+		(PyCFunction)soft_str,
+		METH_O,
+		"Convert an object to a string if it isn't already. This preserves"
+		" a :class:`Markup` string rather than converting it back to a basic"
+		" string, so it will still be marked as safe and won't be escaped"
+		" again.\n\n"
+		">>> value = escape(\"<User 1>\")\n"
+		">>> value\n"
+		"Markup('&lt;User 1&gt;')\n"
+		">>> escape(str(value))\n"
+		"Markup('&amp;lt;User 1&amp;gt;')\n"
+		">>> escape(soft_str(value))\n"
+		"Markup('&lt;User 1&gt;')\n"
+	},
+	{NULL, NULL, 0, NULL}  /* Sentinel */
+};
+
+static struct PyModuleDef module_definition = {
+	PyModuleDef_HEAD_INIT,
+	"markupsafe._speedups",
+	NULL,
+	-1,
+	module_methods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit__speedups(void)
+{
+	if (!init_constants())
+		return NULL;
+
+	return PyModule_Create(&module_definition);
+}
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.cpython-311-darwin.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..4b2e8d832d53986fbdc3eeab9af3fb20ed756168
GIT binary patch
literal 8041
zcmbW+WmMEp+c@wqBB0XJAxMg_fOJVoO9~>rbeD83@e>K97wHs1nxzGST@VD8?w0Oa
zmRf4z@xIUbzxtnZpXYw&TxaIRyqP&OXU_GxhB@W|@UM37Za;_An_;qf89|5qw11O?
zOY%_oce1RwD0{6Y(Wir%BoAnOhZ>`aV;k(_s3E-x>zHZ=-Aa>=&ThK0h)e?}fY~+G
z)p49p+~jAgO#X=872_+0+x>9%(>GkMFTOO2Mv4Z@MeAkHdf8W1jLv8|rui-A`oWhZ
z#@d#!w+lgtAfIPw389mP2xjbkz!2Yp4-f}hfka6hfRHZiQqH1x+6$E^Do1u-{=bNI
ziml%#C~!JqyExE}w@G}5W(;F0LofoLjR5&0SI4tKvUaJuYz0{_hq|W@V=}zfb_r=9
zk$&6&x>?7#y^n?Zl=t=3>r3mpz20SP_{Izv-k1q5W>@&XQvKY;VH@c$Lytlj+ng7y
z5q8<=XZb+v9a=eK_FH=;AHI^C{8GIjp#IWb<Vl*4iB_jpOj@E;r>D+?{(~C2Rbn?m
zb%c@~zo1O5HrP@%d(a2|lkU6+R1_ZK`MsM%<$eRt9CgeC56ujb+<sOmkW+0gVeRHD
z`FQR6zCRy5Y=(7yjd$QUA)1E4oGy;0ws*?k3uk$(!e9Okg+22UR(O#v27(SA`(8$q
z;VxUbW#Uq?W^HF^uoyi)Q;q%3o5e5|#O`RK&7Idf*j3YQjFSlZ=39umVV5gcVt#$^
zh^W2u8b|!6dD^}9-VmTR<phOK>kACj-PnEJi8|H02c(&@^JAs$Or`P)u-UV%%WWO=
zRm|AypCge!((R+(6?uKhB4`JNmAgu?ZLQ<)I^XiW+e%FO!uhsH_^}&XUMin{azQS`
z%Z@75romI50uQZyG0gjiDdw~8v*QmwJpB*Rd-r31RS)6nxO(k$>&Vo;4Sxy1?G4K}
z^m;Dfd+`If%X&R3DAvK!>?9=s@<Tzp>0)B<8-bd&`JnS9AbZ&^FRa}ng9xgSB+ZA+
zP{uc4k}rJn%CBA2De?jnP=l94tly%#1mUpn)5I@~ox0&YE`H1x0>Dw5So6g$-qr#@
zKWxB%AzkXST29ld!99I4nRm-uTCt%AJ1NbJyA_;f^wC$?70;6dhxneBnubMA4AcMI
z+RbdL+;Xv6@+Vj_(NmRF%i)t%A~5t*&#4aDFK@QlWLI`?+jBV%#gPlKV#}~%CWa8J
zsq9{C$5?z6@zhZyB3Zu|%kQkQ^Ub^$@9C4~esczXj<U{)#vgWE%=rR7si%@Zp^6$$
zoVRnoJu{6fB~@{MK@Ua}Z5g)onEAIGGWdO+He`lh{UoKn=iud=Anh$beYu!9yoviI
zkC%B-+P4oc5&hz15aX7Uslu0c^&T@b&Q~krMJwaO*@CMI)BaN>$!zpZ*8PyGiI)I8
zZy?8sCZ>@au5Kw_z^QJ=oGffk@TjQF9ws&a*~*@y`m<$NS$oa6c4)K?lt=}|s=I6j
znOvaX>H1-A+G@U>L9E?_Z_nW($jH9DpNJbxfR@2pGstgPeO44~<%RJAwa@T>`VK3K
zMU`*u4KbY@9}Yf?o{S6DO4W9i=rEAkIE3fnIc%Ton&@gz`XF|eLtlMA6IR1gc!!Ij
z|7<ZH9ugDDHOrjiD14YoLkEi$g)=pfpbnpaYSu!(#9J$~dvwzzo-MZ|NHOrJOtu7?
zK`_<HsN9l+8#a{8P4=<LV(<mtnHU7)(Q^T_-|5U=6c=)4Zr-_QS&(IaQmsr7`a;sb
ze|uT;Tevw|`sa1~54ter%?oXBX=df6424j60$S^>vnel9&%<0;A{{0qm-(8zlnmDU
zg{FPm+7WhO1V+~ze4s6kKmOwm=?cAYYL*$YMQICy;V>l9kJ;xZDI{fp)8`j<h694R
zoEx%jy*}#Sg;)vYE*<hM5REL$Ky-be5>3p`Rz&6fMCB5Z`ry=DEMZ{OSMA4b*Xp0E
z_7wLH<F|imfx7Q0+s+`1bLXbKUe6oKyo3)(-V9pABZAT$OCYaJHbY$C8ApC<WhqO-
zO{B8ra7*?Z5xB~9m9tHJS{{e<t`F(${x)jU7x8|&B-NVf@#W4w$1Ndpp{c3pW`Cx$
zyJOpeUbnahuCN;{mV*A%b3xG78q{Cz(`NE1c&%|!>JmLXSm=d0A_7JeL<EFdT7sMm
zooatyh`8|2r(RWmy%xXA|1sKTYo&f^LY#s)TxW=f|Bi2d0*IYcL1<zlBnQ)4HArCA
zT7aL&5LN;>J5(AX*iCQ`d5WM1d{12=`CqU7J5rB-TpU^tb@zFkp}{Jcqn$&qeo6I9
zI3B_l=OWBYcKGGD1PxM1Ii0@`N&AH#!_PcB2g(f<>o;c8#ZqrGNxVFP?(-psnyz~P
zxrZ-qcXoEYNEEP3+1}jV_?OlxHbDc>tik#8AKi=gfZHyQValg7=~{~fnvU0o1XS<!
z`esMLp%AaA^33(3Z-3X5n?aMhzR`2Y4DG5<9{AD{Dn5YWopI3A^4-o6u7B_*y7R&^
zli{&iz(B8NBi6HDhuab)GYFK(-xn^4MBC2Ji5cn5TRI>$wuwxIwjyAQ!N2}sB>|V`
zq2)F12PoPw^ciH=+Zu_Y*9)}X9UO(#0%tur<uUK7%1iEMHz$X7T?bGMKNGgnB`gQX
z*6aObH{a(jHdWNkU}xSdSa^{N3x2y&eOJve*3snvxnXt`j3w(EMVr)Wq}g0mG9skZ
z&&U<@$tweIjzN<Qj`~r`Jv)rfqdqwruywJx=Q)POi;Tg)#1Dtk)7G-~e6!MQ{8(Pz
zB~?vp+sTx3`UFqg_|88=?-XvxYV7_LEZtj69Y$#EUKLgzBwv^Ybb!RbBWJcW-q^4W
z3V8lrcw?jX>IuT}askh58pfT8n{Te~0x@@mzy#pZ-F_M9;7YWaCB)nv;{F0&9*c_W
z_N(-eD)K<hr)xN+L5&k9`cw~4s&UU6ICWzZ=icdF3zoXFi>xg@n}*IM7rxVQdZu>p
zS~n<R;*sj$Zy<IfY0guZ%}n$>IM9_u&MYQmvXL?DcEm^VL@LMBVVn|2jsS45STs;x
zkJhBddHM+O;D+4~^8s`mlX;?ZO7_*d^lQvMxGGPMt&&ePvExyAP_c_V?dEVuT_qQI
z>S3(9dXMD|Ic{cQN%oTYItI3Ka~o&(#+kZYjipb12xY#4@v@vf5^~4gknA*$UJIV5
zpN3Y6>(6B+u7?!{HkonnJgx9t@vY)XUA9qs<Y^pB7&+;$xW6jwnAh#d@@B1IB|fnm
z&#IO)(pF3J{;R1s5w>jbXZ*0Qf3_v2e9I|Eni5Mq3kEK+AIQcE$mNf&n@b8KtU5$Y
z4cC5g(~z-|KX)L?xp)pu)v-Ag6@Vs28^4`YoM23*eZwv=^SePUTOjT{9eP;L&Btx^
zMX$U`QsPeoHCyUG>5!~K2jN$eEQMl1gYw$olv#T!gC2c6)`GHkmxCK<`;COy_$yjR
z^!jMZ<B9i*P!R_rR8mvf`A5c*<1BjF>C_Q%%_PM*(875-=n|V<l37#WQ5kb?0a6TN
zwK}Jaab8IWDGz{3oTF7V2-RNO8>YnC?j{QFU0q?z)%GVtWT)w%14Vg#7C+6k!C+Tc
z-ketgjyy=AEhCq}G{aMGEz!D3j)45`IT86u$`Ual^;EHBbSY8P{NP!Nf%8tp$$OdF
z@zu|Tulrn~eV^(!OvsTgNO<x%p+nb1lc+#-&wjDy+fJO_>PS6n#d*4TMR9$$CD+F)
zA*MF=rJKGi&Wm(xYmWV(!WouG+e|tkYmptI%9$qh6w0brUnMnV>6AyFe+19g1yfR5
ztn~Fh6YoJac6%plCD#-RcS3|4#&ZsG<gd1D7KVSu<{C^vi!i?pM(UnLEh>QJQ7bv5
zT84IuPxg;+t1&|DWW~vq65R()tZNpu7U_3s2!ldYI3gmI#hAOkH9XaCyf!a2%Hi^f
zaY$Zj!uauX<J&Us7DR&7jNLr;P?7_22+J}jh!c91r;-SNX7K$W#%Tb`Gdx8zcAjl~
zWv-SLV##}3N%-F+)b}%Tl=}O9-Q%`;VzTy(ca3*_rvf9sS20-CL@)1sR<HJgmFLyF
z#C0hSx(Kd!r!NR_Jkm7#_4lkB9A2~L%ipoOSMxj;HZNJCP7R0N!v^)o_L@*Cl_aPZ
z+{0G;g^x~<#r05XzKC(Hv0!B-FPhfLtkr?37I2!W&jox7jzW7s`U;L!Y~)-IqmD;P
z&AC<TNxrojxA`GZt~lwWAFMpKD?CUW6B>C=eG+kvtroMHY)ohJ_~x3%NYeEII`Y&R
z%IdCfH5xk&2gMxdK6BI%Y*6kV8ytkv?z4Ulf6L;M+NH`){nQmZzzQQvDfmZRK)^z^
zZ@rq+hKa9k21o6mDtp}{(mGq)qh<WCEV^gH0svvgzzLCYX?946JVDC%Fwczo273yI
zLW2K<=}MlvIIsNZ3F~lwtHEv1+gth+I^cmZ)9R5m{!@q9Q05t%NIVC>7t1ZDYR?Z)
zmIGU0vbWS0DN2WyI3$KQs2|9#P%7Yp_t-ZkR5C<THnb3}^12S&rqOs8Jt&(qOj;Uh
ztaY6>d-Y>iI`wAQBmGu0v;%?M%mc$9yLqV+Jp-5G%e5Qfb4xn_S8W9bNEzS5^0Jyt
z1x5GORf-V;Zt8GCjVwY(tY_AK4U)mtGe+}#-sU$aW_}$tx6VAbPUCtEb3Oj3=_@dM
zOeGr7pb2*G)1#ZSNrvHvi3pPxdH+F<nK}n-PWS-tr9Ua<sVOzuKLkv10cRWwT;MG>
zu0}jP1a4zSUQ2@B=jjAR1x#&NU1fxz$06NbkgJC>^Rqd@PUicqjX4wJ3ELHQvmt}(
z%wywxkbA+$X^B|V=a#!k>W)gk_K7~0WaQ>gFr{{~Q|W1LDm1<&8&HWYGLv4(N3TES
z`cw4!vvC=_jgjtaDeJ!6v4PIs3Vr>DhDzziPTI?B1di$-**bJJKX*&N5g^mURPyql
zysgsgU72TBqGFq_BJOIb*U<pCRJATF+J5huA!2ZQw+4I>jhv@^v%~$TEc(qSB5ht*
z!Jp{*Vw2ahJkOoPIm?UoUT$m@SxS(p-7nJh5>`&We9xo34KvTx{vMi{p-V3!l#K{R
zlmG9?nt1oN)&KSn;mHoRm=7>~01$WqfhD(|0GA!k{f-|+lVS=0YQU2OJMeYzL%!N|
zeQbs_ID3)#=DnM;U8P4(V*Te29%)6A&M)H^X@l~V8oRwl{ZHyvAF@1uoc4uo6`S52
z)WvEJf&7zR;Z!&L<MZYcs}z5&)(0}3K?Z&M_#dTnpx_}F31TT;@T)_jet8zqj~=^d
zu_h!4OP$fyd(kU%nMrQ%l>^f%S*mIKoz@_0_x#DJf~W<2W$CX=yCu9@t@=Z}4EK>C
zCKe3S_?%CA3RLI1ld}U%<4Zjh73B{;H~waQWvXZQZ?Ad`;)SW#Zc<T-jLHnhG8UkR
z3~hRpFe+JPzxL6_m@HfP?{4~p3`^+%HZAMU^Q=Y}H&s-erO9H+jTV?QUS#S~m<?S6
zTksYsZoTp8S4$ul$Nz#0P{Hiz0<;oNi^(CY#eltGSO74h82oOObZ3j(1biTjrObaH
zd9FPgB1wOHu}45^umI%_8kz<BZp1rxFh)s41pov0zPYV`E`4w6+P?w`L}15Cmu7Yu
zSIshYQpQx9;vmL9-)epibUV7=!nz_l4vX%V@R$IpmuPHiUI?c|<>451uKGOskFV;w
z>}QPMjg7;xubo3J6aF%FG>vC`Xj@8ze0+q;qE~y;x0bJ;>K#Eu)VSGUQ5LLSfzM1O
zj*7_$DZuy;Hfa}`n#-vi<R)@{FLH4SJrOQer;}JkD)li<g)xokjUlZDQ@UGAa>P9>
zZ8jv7Ku9=1N=kT^7#Agx&PD~0qVE3jTO|%tN&b<w=3r}iL`=Y_b_;MqwfxzId!*#&
z^4chj2{RTvborYpjB{e>hmr$#V=}I`X}*g1KMW0#z?EUWMhrB<{b-2vt6zu*ToWsx
zP$djw2_15QtyIFKD5>QKxJW%`BU*L|3DvF8#E6FoTnN9!%BU@XhnM(LWR*+YD#7PD
zVYp3pRg_zaw?xw!`}u2Xe6@vjJS_RD9`3lc5a=S>jfyaw5O|~-EI}B~OY~CG#GL(n
zQkXj9o0#JedN_7A&*uQ{1ICbFUxJ8+C}S>8=<D6?O*hfB`@yRCM_X2G0ui)mL~r9R
zN%{q`f~TQap<i)N2jg?!Os~y<Ozwj4ADLR5N-y6_e<~XIV{N@<&$D1{df-!hWi|tr
zYm;7bDM`v(tCvCYx;fzQ2GeDQ1Fk=OMF#c&bS*I_GU%r+hT7d%JoxzkMC_4N9myoM
zM7z$`KR725TAu$x7=#5~h;FolBXO3vOj>UjSy5fn$E_61)#^b$zG(k8T!<eIrRgK2
z9!5y#Xdrv_j3B0!qVy%I%eJ|>4OUl$u8CNl2XxxEjJzej^ZBt{KmfebVvA)Sp7eiS
zZ9dxY(%4OGND$i!=cj=dS4G-*p~hD9PF4=|P?D)km*LjPBpR9^F=5_Nw9X|f?GfMK
zk!2t>%LKqp%#(cEI~3Hi4_#*ozIUFwkCHvrA-Qq9!}~)s6s{s}=g7a~JdxwV#G@g~
zZ%+dD;J2<iJ2LkFxW1aPuzGf<v!3Hn8<$|O8&$h0Mgs{*eCb2Xo`o`!ggD`}20N`#
zqt<FR_!*sy@8brgA>KPsv@9Rw5L)ElKw*qy8JF%Y{B+`{SNHeZJnjrgsRYyF{LDv!
zRXmr;`IG0byVqsS3r1@$)CX!lZl*UQ+!|{}Am15<VmG)^aD*>NOwb#2C6?tkR@1J(
zX=qB~1u_6AN0w%Q%eb~JE^*ynn*>yy#;#6uY#uKdMiuakdboN@5tV7bd*>#KwbBc{
zpa1lRl4#-enGC1T_TQ5b58}9>Ryh9BUsLGk&7lFZ<qNtc^hzE?JYsTyf7`~{pdq-*
zM5Qq6fP?pPH(~vxT$8q&bldn`;(dG}xi=(>-XP93=9j&Eha5Gz#7qt(OIX<yQ~X>m
zLn2%Q(1*UXt@ie@=A+^jo^}k;UZr=Dh5ZV6=9&l>ZvX7;#su?G^vn9@nWx4||5Q`+
zR8#q(Ba`t_@P@0I`SCU*E$#Ff$GdsL#2T~ib_(~IQ+phIg3{Z?%A*TsQ7kj)3g#Zs
zV?K7qG49o9(`qSjVVd|->A1b}!?iM>=G1;xmJ8=GmS-7G?pGT*5v3LkuHBr}w=i`l
zy54xd)N87T+W0%CQX9GMi6-!apGMk(hH;6YGP?V#i%IHH&f=U#dNmaIqM#4YWLodz
zd!N^$sbbp2x&!mL)H;SVh0}&LcQ2>+AG$XQ_<><*&mpr+m^aR*nD@j;j@c;oG~ao)
zck=<ABCuhL6J95UV^KlBCQb?ayKV!!>XvDztrrL2bPj|<K*o)XKi)$2&_P{V=U^e^
z(6j0CSX<smvUr$ZWS$}I*C3%9-?PKM-Jm>Mrr$&w@4nCm>|ebY9#~7;qz~Ay-9)<v
zF}VuhrlxZcX~dhHIMlf|%zy{m*L#UXr9hWEZ45GjKKNOc)LB7?kqKI4463<SIFE*^
zPPGg%o=l0(X2+D*9Xb3PBUf3W@I4NzetHk1&PK*wAIunA@(*{0z)+R7k=fxt!rod<
z9@`L=&Jh)X5C@kH`@heHOB}q#P5mv(SHmoM*mSt@o{7VRw&5<R$u2fEa6#9-cA_72
z22sZj_@rK>UUjAhB8r%b&p5-1cm@s1?v;9Vi%eC7(&y*LP9f<A#;+cSeRxnw15iRT
zrf6^|A<0uncp!9Y3x_hh(1%8@BdFeOJwsrReV7sVs95l1Dbrr&WLTjaBK<;S=%JZ;
zZM*;~Xcqv8fwG-o9r7&DJvmBX^(|O!$-wxpTZx)+|CSb5qepZ<a&>)u@a~snNue#C
zoTcT8Z9k#?^6sxkO~-vaG+qWna>$hFp+h5G!`uLM4i}-N{&YvQ4cI|#NpKeQo6SmY
zwLY;6?^OXSzOdRG2?U}SW!`y-Wf&}&0=-Lq^(8!e3GoZH^{aNpei5(FC$fR8=ekj(
zio?vKtX_--iKBM*zUA$hyy3>L15*P~2NFuTUQbIyRF00G`RzC+6F2^<pj)Z)2}|7H
zqPiwge|F}Bj}_k@^(#aEf={7kwC*zXH6MFfHkVfj!lKn*m+U5F2qLjT&sX7LnL-$y
z6iq1{sdYoCrp_hkmqn|ls>oaB#Of5U7R&WF$zPpgA4*pa(opj=rlO$|=quGX&B;DA
zjv?=t(|~L03e&UXkd0+!Z00|M_3hVvE?+CVNB%~?{ATm`qV8BlStU5O-v9XNwRC>m
ziu7ZH$=pO-{Sdvit+~ha#m}K7NfGl*$sCA03Voq>!c{(_OtBFT+KL0YRvx^J$-kpB
z@O+5T(T*%?J4EHs8jUAVJ2P`csK}?bIn<V<0<`&5k4^)#hwLw}tSr*w;&kN**nAnI
ziFzE9JA|}r{K-!G9qeoDZkGyj=UmgHBl(fF#{-)hBiven*cAV!QcL+V&z?eI-~WRZ
zItvYcR!lPzUFzX#WsxweomCQvJ7Gy&+#TI0#Q5obnKFEyJ^rStcSv{e;MG*CkaG8U
zs*!4q0#U!PkX^Ua7@cvAM;iBY(}07|(AYq3DkbvDxd|E{he@Mmo_8WeGu3>^!Yb9+
z?s6d+#mqw$J*hvli*$vdTAOXf{o6}~6&&iQ7+Ajjl4qcHAYPlSkBqowMgUE-H65V~
z58=QQklc#tx1=VijF=_6`2SSv|Np-MdP9L7%$%%3f8My~$5hnFF(YrzY1`Rly{U4)
zmGQfgG4*~6ec#Z59>!^{`RhHOJ|1Mk){+)>I3=?vrcuQ)C?w8kQ7^X=0d16Wb_Baz
z;Waeb{}*3M_vI6{bCq~3FjM{^+0IqYrOu`EMtfA5Ki#5#vwnc_@O2Eejc6M;Dq9uU
ziPCvmYaFIOj`+@J8KjYFEX+YZk{_BRHbeFBQCX@3#oRAX9o>9$9JXU>CGuT1Xo;LG
z7vHy17W#zenHJRZRvn6ptbGs#$G%r>te-Nyc^%E2>QN3Y`i~r5wb6cZ(d@<fd#(KH
z{}>m0mvlwe&8O=Za5t98usQl<+Qk;R{6(<l!~Q3VEgfa90@AI@^L!GF(RdtR<)_${
z7R$N{==f#&ty(73=(C*SJ{Fl|aR|&P&6y1PTGp{Ev(^BP$Na~S-aMy|rU(}%Qp;eR
zx-TE6uKR-Az_JE+XyMhQy_-ZYk)&wV>nyQ<BiM`VUkE<@H-aVpBG|8_HLtfBV7Xd|
z2;uH2g{1fGYzf{_B%J`pnDLc+awEqhQPxCqBei!jwMahd{3o<WW><w@&M_|l56N5p
zYM>k>IGT)P`WV~#=R3x5GnDj9*8YUqrWQLqdozAXUwG>%aex?|Lg=Gv)-f;6Lc2E+
zeVcc&gR*T*q;Ky0TyCkn>agQi&y2!Y`vY_GJp<d6qajIWRygghNc(>ry;v&E-IAq6
z1HNgx)gVK%DrVM0vTn?>ZWOX^3N&vUG;^zwe4HlmU!1T;<ep{#w?dYSCpkcg+dc`r
zCk85T!WxA6*&}QLxztT#z>ol##%b3tWCplc_8tJ!cX1vM7&T;>Yqd@*6vVG>@-|)!
zNgfvGA!%ge>|aI|=e5`6w9OVD{vI-!SChiV4oaFGOjn#rNFDs*P<4`HKM_@zCstuM
z!j+F}aQ;xHN%!Dkoe<f5Hf7U?OPo%RAG{GVkuQ}7MXA|+&n$paf5y`%`{)WCW5JW9
z_|));oa(h-DYPJ!`=L?lm$9Mr+G1gD?x4pW`YvhzPsJYp2Ni2vAHs(InCDfT6#r#c
zwKFJznp-?HP=>Ib4{u71<b~(Q1GY4oGIQW);6=}`n*<C$JL>HqbV=j&6uwfC5GZJZ
z_H+r{a>t;shq!GE9L5{|<P5%6-njF>oH|!YbJ@uWy*%H-Fo$ecp|JTP=XEvbmRtN<
zxeJ|#4uhj8|MhtO)0<-?Sf*j~pMEo+IR1ksR9YVQ4fJOBI*lf0F>vMO-Kaft(6;~d
z;<!22JpD_3wEI#h<S63G;Pxy&Yj{a4?a4(W^xEol5I)+-ahS*Kid9G7wVg3^qVGbk
zw(gG0N&9Z!<oIQVE^i@9D{jX45A~wfA`o}7b7FyaZP)G>V^d;}J7BIiQ*6aFA;m!$
plBGBXIQFzXJIbK#;xe=!fw5V-!vlc3JDh)Y!F!Jw_WN*v{{cu9zWx9J

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
new file mode 100644
index 000000000..f673240f6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
@@ -0,0 +1,9 @@
+from typing import Any
+from typing import Optional
+
+from . import Markup
+
+def escape(s: Any) -> Markup: ...
+def escape_silent(s: Optional[Any]) -> Markup: ...
+def soft_str(s: Any) -> str: ...
+def soft_unicode(s: Any) -> str: ...
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/py.typed b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..5e826bdf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/METADATA
new file mode 100644
index 000000000..25ed5ab69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/METADATA
@@ -0,0 +1,25 @@
+Metadata-Version: 2.0
+Name: ply
+Version: 3.11
+Summary: Python Lex & Yacc
+Home-page: http://www.dabeaz.com/ply/
+Author: David Beazley
+Author-email: dave@dabeaz.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 2
+
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/RECORD
new file mode 100644
index 000000000..b4f331424
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/RECORD
@@ -0,0 +1,19 @@
+ply-3.11.dist-info/DESCRIPTION.rst,sha256=nnBY1Nj_GhIsOFck7R2yGHobQVosxi2CPQkHgeSZ0Hg,519
+ply-3.11.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+ply-3.11.dist-info/METADATA,sha256=pYZ9p1TsWGQ8Kxp9yEJVyvs25PkR5h3gIDuTOCsvJGg,844
+ply-3.11.dist-info/RECORD,,
+ply-3.11.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+ply-3.11.dist-info/metadata.json,sha256=s7M7va9E25_7TRpzHfNCfN73Ieiy5iKogF0PzXtMxMI,515
+ply-3.11.dist-info/top_level.txt,sha256=gDYBHRQ7Vy0tY0AjXyJtadvU2LDaOsHqhhV70AGsisc,4
+ply/__init__.py,sha256=sx6iBIF__WKIeU0iw2WSoSqBhclHF5EhBTc0wDigTV8,103
+ply/__pycache__/__init__.cpython-311.pyc,,
+ply/__pycache__/cpp.cpython-311.pyc,,
+ply/__pycache__/ctokens.cpython-311.pyc,,
+ply/__pycache__/lex.cpython-311.pyc,,
+ply/__pycache__/yacc.cpython-311.pyc,,
+ply/__pycache__/ygen.cpython-311.pyc,,
+ply/cpp.py,sha256=KTg13R5SKeicwZm7bIPL44KcQBRcHsmeEGOwIBVvLko,33639
+ply/ctokens.py,sha256=GmyWYDY9nl6F1WJQ9rmcQFgh1FnADFlnp_TBjTcEsqU,3155
+ply/lex.py,sha256=babRISnIAfzHo7WqLYF2qGCSaH0btM8d3ztgHaK3SA0,42905
+ply/yacc.py,sha256=EF043rIHrXJYG6jcb15TI2SLwdCoNOQZXCN_1M3-I4k,137736
+ply/ygen.py,sha256=TRnkZgx5BBB43Qspu2J4gVtpeBut8xrTEZoLbNN0b6M,2246
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/metadata.json b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/metadata.json
new file mode 100644
index 000000000..9f472a327
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Programming Language :: Python :: 3", "Programming Language :: Python :: 2"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "dave@dabeaz.com", "name": "David Beazley", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "http://www.dabeaz.com/ply/"}}}, "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "ply", "summary": "Python Lex & Yacc", "version": "3.11"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/top_level.txt
new file mode 100644
index 000000000..90412f068
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply-3.11.dist-info/top_level.txt
@@ -0,0 +1 @@
+ply
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/__init__.py
new file mode 100644
index 000000000..23707c635
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/__init__.py
@@ -0,0 +1,5 @@
+# PLY package
+# Author: David Beazley (dave@dabeaz.com)
+
+__version__ = '3.11'
+__all__ = ['lex','yacc']
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/cpp.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/cpp.py
new file mode 100644
index 000000000..2422916c9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/cpp.py
@@ -0,0 +1,914 @@
+# -----------------------------------------------------------------------------
+# cpp.py
+#
+# Author:  David Beazley (http://www.dabeaz.com)
+# Copyright (C) 2007
+# All rights reserved
+#
+# This module implements an ANSI-C style lexical preprocessor for PLY.
+# -----------------------------------------------------------------------------
+from __future__ import generators
+
+import sys
+
+# Some Python 3 compatibility shims
+if sys.version_info.major < 3:
+    STRING_TYPES = (str, unicode)
+else:
+    STRING_TYPES = str
+    xrange = range
+
+# -----------------------------------------------------------------------------
+# Default preprocessor lexer definitions.   These tokens are enough to get
+# a basic preprocessor working.   Other modules may import these if they want
+# -----------------------------------------------------------------------------
+
+tokens = (
+   'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'
+)
+
+literals = "+-*/%|&~^<>=!?()[]{}.,;:\\\'\""
+
+# Whitespace
+def t_CPP_WS(t):
+    r'\s+'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+t_CPP_POUND = r'\#'
+t_CPP_DPOUND = r'\#\#'
+
+# Identifier
+t_CPP_ID = r'[A-Za-z_][\w_]*'
+
+# Integer literal
+def CPP_INTEGER(t):
+    r'(((((0x)|(0X))[0-9a-fA-F]+)|(\d+))([uU][lL]|[lL][uU]|[uU]|[lL])?)'
+    return t
+
+t_CPP_INTEGER = CPP_INTEGER
+
+# Floating literal
+t_CPP_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+def t_CPP_STRING(t):
+    r'\"([^\\\n]|(\\(.|\n)))*?\"'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Character constant 'c' or L'c'
+def t_CPP_CHAR(t):
+    r'(L)?\'([^\\\n]|(\\(.|\n)))*?\''
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Comment
+def t_CPP_COMMENT1(t):
+    r'(/\*(.|\n)*?\*/)'
+    ncr = t.value.count("\n")
+    t.lexer.lineno += ncr
+    # replace with one space or a number of '\n'
+    t.type = 'CPP_WS'; t.value = '\n' * ncr if ncr else ' '
+    return t
+
+# Line comment
+def t_CPP_COMMENT2(t):
+    r'(//.*?(\n|$))'
+    # replace with '/n'
+    t.type = 'CPP_WS'; t.value = '\n'
+    return t
+
+def t_error(t):
+    t.type = t.value[0]
+    t.value = t.value[0]
+    t.lexer.skip(1)
+    return t
+
+import re
+import copy
+import time
+import os.path
+
+# -----------------------------------------------------------------------------
+# trigraph()
+#
+# Given an input string, this function replaces all trigraph sequences.
+# The following mapping is used:
+#
+#     ??=    #
+#     ??/    \
+#     ??'    ^
+#     ??(    [
+#     ??)    ]
+#     ??!    |
+#     ??<    {
+#     ??>    }
+#     ??-    ~
+# -----------------------------------------------------------------------------
+
+_trigraph_pat = re.compile(r'''\?\?[=/\'\(\)\!<>\-]''')
+_trigraph_rep = {
+    '=':'#',
+    '/':'\\',
+    "'":'^',
+    '(':'[',
+    ')':']',
+    '!':'|',
+    '<':'{',
+    '>':'}',
+    '-':'~'
+}
+
+def trigraph(input):
+    return _trigraph_pat.sub(lambda g: _trigraph_rep[g.group()[-1]],input)
+
+# ------------------------------------------------------------------
+# Macro object
+#
+# This object holds information about preprocessor macros
+#
+#    .name      - Macro name (string)
+#    .value     - Macro value (a list of tokens)
+#    .arglist   - List of argument names
+#    .variadic  - Boolean indicating whether or not variadic macro
+#    .vararg    - Name of the variadic parameter
+#
+# When a macro is created, the macro replacement token sequence is
+# pre-scanned and used to create patch lists that are later used
+# during macro expansion
+# ------------------------------------------------------------------
+
+class Macro(object):
+    def __init__(self,name,value,arglist=None,variadic=False):
+        self.name = name
+        self.value = value
+        self.arglist = arglist
+        self.variadic = variadic
+        if variadic:
+            self.vararg = arglist[-1]
+        self.source = None
+
+# ------------------------------------------------------------------
+# Preprocessor object
+#
+# Object representing a preprocessor.  Contains macro definitions,
+# include directories, and other information
+# ------------------------------------------------------------------
+
+class Preprocessor(object):
+    def __init__(self,lexer=None):
+        if lexer is None:
+            lexer = lex.lexer
+        self.lexer = lexer
+        self.macros = { }
+        self.path = []
+        self.temp_path = []
+
+        # Probe the lexer for selected tokens
+        self.lexprobe()
+
+        tm = time.localtime()
+        self.define("__DATE__ \"%s\"" % time.strftime("%b %d %Y",tm))
+        self.define("__TIME__ \"%s\"" % time.strftime("%H:%M:%S",tm))
+        self.parser = None
+
+    # -----------------------------------------------------------------------------
+    # tokenize()
+    #
+    # Utility function. Given a string of text, tokenize into a list of tokens
+    # -----------------------------------------------------------------------------
+
+    def tokenize(self,text):
+        tokens = []
+        self.lexer.input(text)
+        while True:
+            tok = self.lexer.token()
+            if not tok: break
+            tokens.append(tok)
+        return tokens
+
+    # ---------------------------------------------------------------------
+    # error()
+    #
+    # Report a preprocessor error/warning of some kind
+    # ----------------------------------------------------------------------
+
+    def error(self,file,line,msg):
+        print("%s:%d %s" % (file,line,msg))
+
+    # ----------------------------------------------------------------------
+    # lexprobe()
+    #
+    # This method probes the preprocessor lexer object to discover
+    # the token types of symbols that are important to the preprocessor.
+    # If this works right, the preprocessor will simply "work"
+    # with any suitable lexer regardless of how tokens have been named.
+    # ----------------------------------------------------------------------
+
+    def lexprobe(self):
+
+        # Determine the token type for identifiers
+        self.lexer.input("identifier")
+        tok = self.lexer.token()
+        if not tok or tok.value != "identifier":
+            print("Couldn't determine identifier type")
+        else:
+            self.t_ID = tok.type
+
+        # Determine the token type for integers
+        self.lexer.input("12345")
+        tok = self.lexer.token()
+        if not tok or int(tok.value) != 12345:
+            print("Couldn't determine integer type")
+        else:
+            self.t_INTEGER = tok.type
+            self.t_INTEGER_TYPE = type(tok.value)
+
+        # Determine the token type for strings enclosed in double quotes
+        self.lexer.input("\"filename\"")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\"filename\"":
+            print("Couldn't determine string type")
+        else:
+            self.t_STRING = tok.type
+
+        # Determine the token type for whitespace--if any
+        self.lexer.input("  ")
+        tok = self.lexer.token()
+        if not tok or tok.value != "  ":
+            self.t_SPACE = None
+        else:
+            self.t_SPACE = tok.type
+
+        # Determine the token type for newlines
+        self.lexer.input("\n")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\n":
+            self.t_NEWLINE = None
+            print("Couldn't determine token for newlines")
+        else:
+            self.t_NEWLINE = tok.type
+
+        self.t_WS = (self.t_SPACE, self.t_NEWLINE)
+
+        # Check for other characters used by the preprocessor
+        chars = [ '<','>','#','##','\\','(',')',',','.']
+        for c in chars:
+            self.lexer.input(c)
+            tok = self.lexer.token()
+            if not tok or tok.value != c:
+                print("Unable to lex '%s' required for preprocessor" % c)
+
+    # ----------------------------------------------------------------------
+    # add_path()
+    #
+    # Adds a search path to the preprocessor.
+    # ----------------------------------------------------------------------
+
+    def add_path(self,path):
+        self.path.append(path)
+
+    # ----------------------------------------------------------------------
+    # group_lines()
+    #
+    # Given an input string, this function splits it into lines.  Trailing whitespace
+    # is removed.   Any line ending with \ is grouped with the next line.  This
+    # function forms the lowest level of the preprocessor---grouping into text into
+    # a line-by-line format.
+    # ----------------------------------------------------------------------
+
+    def group_lines(self,input):
+        lex = self.lexer.clone()
+        lines = [x.rstrip() for x in input.splitlines()]
+        for i in xrange(len(lines)):
+            j = i+1
+            while lines[i].endswith('\\') and (j < len(lines)):
+                lines[i] = lines[i][:-1]+lines[j]
+                lines[j] = ""
+                j += 1
+
+        input = "\n".join(lines)
+        lex.input(input)
+        lex.lineno = 1
+
+        current_line = []
+        while True:
+            tok = lex.token()
+            if not tok:
+                break
+            current_line.append(tok)
+            if tok.type in self.t_WS and '\n' in tok.value:
+                yield current_line
+                current_line = []
+
+        if current_line:
+            yield current_line
+
+    # ----------------------------------------------------------------------
+    # tokenstrip()
+    #
+    # Remove leading/trailing whitespace tokens from a token list
+    # ----------------------------------------------------------------------
+
+    def tokenstrip(self,tokens):
+        i = 0
+        while i < len(tokens) and tokens[i].type in self.t_WS:
+            i += 1
+        del tokens[:i]
+        i = len(tokens)-1
+        while i >= 0 and tokens[i].type in self.t_WS:
+            i -= 1
+        del tokens[i+1:]
+        return tokens
+
+
+    # ----------------------------------------------------------------------
+    # collect_args()
+    #
+    # Collects comma separated arguments from a list of tokens.   The arguments
+    # must be enclosed in parenthesis.  Returns a tuple (tokencount,args,positions)
+    # where tokencount is the number of tokens consumed, args is a list of arguments,
+    # and positions is a list of integers containing the starting index of each
+    # argument.  Each argument is represented by a list of tokens.
+    #
+    # When collecting arguments, leading and trailing whitespace is removed
+    # from each argument.
+    #
+    # This function properly handles nested parenthesis and commas---these do not
+    # define new arguments.
+    # ----------------------------------------------------------------------
+
+    def collect_args(self,tokenlist):
+        args = []
+        positions = []
+        current_arg = []
+        nesting = 1
+        tokenlen = len(tokenlist)
+
+        # Search for the opening '('.
+        i = 0
+        while (i < tokenlen) and (tokenlist[i].type in self.t_WS):
+            i += 1
+
+        if (i < tokenlen) and (tokenlist[i].value == '('):
+            positions.append(i+1)
+        else:
+            self.error(self.source,tokenlist[0].lineno,"Missing '(' in macro arguments")
+            return 0, [], []
+
+        i += 1
+
+        while i < tokenlen:
+            t = tokenlist[i]
+            if t.value == '(':
+                current_arg.append(t)
+                nesting += 1
+            elif t.value == ')':
+                nesting -= 1
+                if nesting == 0:
+                    if current_arg:
+                        args.append(self.tokenstrip(current_arg))
+                        positions.append(i)
+                    return i+1,args,positions
+                current_arg.append(t)
+            elif t.value == ',' and nesting == 1:
+                args.append(self.tokenstrip(current_arg))
+                positions.append(i+1)
+                current_arg = []
+            else:
+                current_arg.append(t)
+            i += 1
+
+        # Missing end argument
+        self.error(self.source,tokenlist[-1].lineno,"Missing ')' in macro arguments")
+        return 0, [],[]
+
+    # ----------------------------------------------------------------------
+    # macro_prescan()
+    #
+    # Examine the macro value (token sequence) and identify patch points
+    # This is used to speed up macro expansion later on---we'll know
+    # right away where to apply patches to the value to form the expansion
+    # ----------------------------------------------------------------------
+
+    def macro_prescan(self,macro):
+        macro.patch     = []             # Standard macro arguments
+        macro.str_patch = []             # String conversion expansion
+        macro.var_comma_patch = []       # Variadic macro comma patch
+        i = 0
+        while i < len(macro.value):
+            if macro.value[i].type == self.t_ID and macro.value[i].value in macro.arglist:
+                argnum = macro.arglist.index(macro.value[i].value)
+                # Conversion of argument to a string
+                if i > 0 and macro.value[i-1].value == '#':
+                    macro.value[i] = copy.copy(macro.value[i])
+                    macro.value[i].type = self.t_STRING
+                    del macro.value[i-1]
+                    macro.str_patch.append((argnum,i-1))
+                    continue
+                # Concatenation
+                elif (i > 0 and macro.value[i-1].value == '##'):
+                    macro.patch.append(('c',argnum,i-1))
+                    del macro.value[i-1]
+                    i -= 1
+                    continue
+                elif ((i+1) < len(macro.value) and macro.value[i+1].value == '##'):
+                    macro.patch.append(('c',argnum,i))
+                    del macro.value[i + 1]
+                    continue
+                # Standard expansion
+                else:
+                    macro.patch.append(('e',argnum,i))
+            elif macro.value[i].value == '##':
+                if macro.variadic and (i > 0) and (macro.value[i-1].value == ',') and \
+                        ((i+1) < len(macro.value)) and (macro.value[i+1].type == self.t_ID) and \
+                        (macro.value[i+1].value == macro.vararg):
+                    macro.var_comma_patch.append(i-1)
+            i += 1
+        macro.patch.sort(key=lambda x: x[2],reverse=True)
+
+    # ----------------------------------------------------------------------
+    # macro_expand_args()
+    #
+    # Given a Macro and list of arguments (each a token list), this method
+    # returns an expanded version of a macro.  The return value is a token sequence
+    # representing the replacement macro tokens
+    # ----------------------------------------------------------------------
+
+    def macro_expand_args(self,macro,args):
+        # Make a copy of the macro token sequence
+        rep = [copy.copy(_x) for _x in macro.value]
+
+        # Make string expansion patches.  These do not alter the length of the replacement sequence
+
+        str_expansion = {}
+        for argnum, i in macro.str_patch:
+            if argnum not in str_expansion:
+                str_expansion[argnum] = ('"%s"' % "".join([x.value for x in args[argnum]])).replace("\\","\\\\")
+            rep[i] = copy.copy(rep[i])
+            rep[i].value = str_expansion[argnum]
+
+        # Make the variadic macro comma patch.  If the variadic macro argument is empty, we get rid
+        comma_patch = False
+        if macro.variadic and not args[-1]:
+            for i in macro.var_comma_patch:
+                rep[i] = None
+                comma_patch = True
+
+        # Make all other patches.   The order of these matters.  It is assumed that the patch list
+        # has been sorted in reverse order of patch location since replacements will cause the
+        # size of the replacement sequence to expand from the patch point.
+
+        expanded = { }
+        for ptype, argnum, i in macro.patch:
+            # Concatenation.   Argument is left unexpanded
+            if ptype == 'c':
+                rep[i:i+1] = args[argnum]
+            # Normal expansion.  Argument is macro expanded first
+            elif ptype == 'e':
+                if argnum not in expanded:
+                    expanded[argnum] = self.expand_macros(args[argnum])
+                rep[i:i+1] = expanded[argnum]
+
+        # Get rid of removed comma if necessary
+        if comma_patch:
+            rep = [_i for _i in rep if _i]
+
+        return rep
+
+
+    # ----------------------------------------------------------------------
+    # expand_macros()
+    #
+    # Given a list of tokens, this function performs macro expansion.
+    # The expanded argument is a dictionary that contains macros already
+    # expanded.  This is used to prevent infinite recursion.
+    # ----------------------------------------------------------------------
+
+    def expand_macros(self,tokens,expanded=None):
+        if expanded is None:
+            expanded = {}
+        i = 0
+        while i < len(tokens):
+            t = tokens[i]
+            if t.type == self.t_ID:
+                if t.value in self.macros and t.value not in expanded:
+                    # Yes, we found a macro match
+                    expanded[t.value] = True
+
+                    m = self.macros[t.value]
+                    if not m.arglist:
+                        # A simple macro
+                        ex = self.expand_macros([copy.copy(_x) for _x in m.value],expanded)
+                        for e in ex:
+                            e.lineno = t.lineno
+                        tokens[i:i+1] = ex
+                        i += len(ex)
+                    else:
+                        # A macro with arguments
+                        j = i + 1
+                        while j < len(tokens) and tokens[j].type in self.t_WS:
+                            j += 1
+                        if j < len(tokens) and tokens[j].value == '(':
+                            tokcount,args,positions = self.collect_args(tokens[j:])
+                            if not m.variadic and len(args) !=  len(m.arglist):
+                                self.error(self.source,t.lineno,"Macro %s requires %d arguments" % (t.value,len(m.arglist)))
+                                i = j + tokcount
+                            elif m.variadic and len(args) < len(m.arglist)-1:
+                                if len(m.arglist) > 2:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d arguments" % (t.value, len(m.arglist)-1))
+                                else:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d argument" % (t.value, len(m.arglist)-1))
+                                i = j + tokcount
+                            else:
+                                if m.variadic:
+                                    if len(args) == len(m.arglist)-1:
+                                        args.append([])
+                                    else:
+                                        args[len(m.arglist)-1] = tokens[j+positions[len(m.arglist)-1]:j+tokcount-1]
+                                        del args[len(m.arglist):]
+
+                                # Get macro replacement text
+                                rep = self.macro_expand_args(m,args)
+                                rep = self.expand_macros(rep,expanded)
+                                for r in rep:
+                                    r.lineno = t.lineno
+                                tokens[i:j+tokcount] = rep
+                                i += len(rep)
+                        else:
+                            # This is not a macro. It is just a word which
+                            # equals to name of the macro. Hence, go to the
+                            # next token.
+                            i += 1
+
+                    del expanded[t.value]
+                    continue
+                elif t.value == '__LINE__':
+                    t.type = self.t_INTEGER
+                    t.value = self.t_INTEGER_TYPE(t.lineno)
+
+            i += 1
+        return tokens
+
+    # ----------------------------------------------------------------------
+    # evalexpr()
+    #
+    # Evaluate an expression token sequence for the purposes of evaluating
+    # integral expressions.
+    # ----------------------------------------------------------------------
+
+    def evalexpr(self,tokens):
+        # tokens = tokenize(line)
+        # Search for defined macros
+        i = 0
+        while i < len(tokens):
+            if tokens[i].type == self.t_ID and tokens[i].value == 'defined':
+                j = i + 1
+                needparen = False
+                result = "0L"
+                while j < len(tokens):
+                    if tokens[j].type in self.t_WS:
+                        j += 1
+                        continue
+                    elif tokens[j].type == self.t_ID:
+                        if tokens[j].value in self.macros:
+                            result = "1L"
+                        else:
+                            result = "0L"
+                        if not needparen: break
+                    elif tokens[j].value == '(':
+                        needparen = True
+                    elif tokens[j].value == ')':
+                        break
+                    else:
+                        self.error(self.source,tokens[i].lineno,"Malformed defined()")
+                    j += 1
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE(result)
+                del tokens[i+1:j+1]
+            i += 1
+        tokens = self.expand_macros(tokens)
+        for i,t in enumerate(tokens):
+            if t.type == self.t_ID:
+                tokens[i] = copy.copy(t)
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE("0L")
+            elif t.type == self.t_INTEGER:
+                tokens[i] = copy.copy(t)
+                # Strip off any trailing suffixes
+                tokens[i].value = str(tokens[i].value)
+                while tokens[i].value[-1] not in "0123456789abcdefABCDEF":
+                    tokens[i].value = tokens[i].value[:-1]
+
+        expr = "".join([str(x.value) for x in tokens])
+        expr = expr.replace("&&"," and ")
+        expr = expr.replace("||"," or ")
+        expr = expr.replace("!"," not ")
+        try:
+            result = eval(expr)
+        except Exception:
+            self.error(self.source,tokens[0].lineno,"Couldn't evaluate expression")
+            result = 0
+        return result
+
+    # ----------------------------------------------------------------------
+    # parsegen()
+    #
+    # Parse an input string/
+    # ----------------------------------------------------------------------
+    def parsegen(self,input,source=None):
+
+        # Replace trigraph sequences
+        t = trigraph(input)
+        lines = self.group_lines(t)
+
+        if not source:
+            source = ""
+
+        self.define("__FILE__ \"%s\"" % source)
+
+        self.source = source
+        chunk = []
+        enable = True
+        iftrigger = False
+        ifstack = []
+
+        for x in lines:
+            for i,tok in enumerate(x):
+                if tok.type not in self.t_WS: break
+            if tok.value == '#':
+                # Preprocessor directive
+
+                # insert necessary whitespace instead of eaten tokens
+                for tok in x:
+                    if tok.type in self.t_WS and '\n' in tok.value:
+                        chunk.append(tok)
+
+                dirtokens = self.tokenstrip(x[i+1:])
+                if dirtokens:
+                    name = dirtokens[0].value
+                    args = self.tokenstrip(dirtokens[1:])
+                else:
+                    name = ""
+                    args = []
+
+                if name == 'define':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.define(args)
+                elif name == 'include':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        oldfile = self.macros['__FILE__']
+                        for tok in self.include(args):
+                            yield tok
+                        self.macros['__FILE__'] = oldfile
+                        self.source = source
+                elif name == 'undef':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.undef(args)
+                elif name == 'ifdef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if not args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'ifndef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'if':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        result = self.evalexpr(args)
+                        if not result:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'elif':
+                    if ifstack:
+                        if ifstack[-1][0]:     # We only pay attention if outer "if" allows this
+                            if enable:         # If already true, we flip enable False
+                                enable = False
+                            elif not iftrigger:   # If False, but not triggered yet, we'll check expression
+                                result = self.evalexpr(args)
+                                if result:
+                                    enable  = True
+                                    iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #elif")
+
+                elif name == 'else':
+                    if ifstack:
+                        if ifstack[-1][0]:
+                            if enable:
+                                enable = False
+                            elif not iftrigger:
+                                enable = True
+                                iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #else")
+
+                elif name == 'endif':
+                    if ifstack:
+                        enable,iftrigger = ifstack.pop()
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #endif")
+                else:
+                    # Unknown preprocessor directive
+                    pass
+
+            else:
+                # Normal text
+                if enable:
+                    chunk.extend(x)
+
+        for tok in self.expand_macros(chunk):
+            yield tok
+        chunk = []
+
+    # ----------------------------------------------------------------------
+    # include()
+    #
+    # Implementation of file-inclusion
+    # ----------------------------------------------------------------------
+
+    def include(self,tokens):
+        # Try to extract the filename and then process an include file
+        if not tokens:
+            return
+        if tokens:
+            if tokens[0].value != '<' and tokens[0].type != self.t_STRING:
+                tokens = self.expand_macros(tokens)
+
+            if tokens[0].value == '<':
+                # Include <...>
+                i = 1
+                while i < len(tokens):
+                    if tokens[i].value == '>':
+                        break
+                    i += 1
+                else:
+                    print("Malformed #include <...>")
+                    return
+                filename = "".join([x.value for x in tokens[1:i]])
+                path = self.path + [""] + self.temp_path
+            elif tokens[0].type == self.t_STRING:
+                filename = tokens[0].value[1:-1]
+                path = self.temp_path + [""] + self.path
+            else:
+                print("Malformed #include statement")
+                return
+        for p in path:
+            iname = os.path.join(p,filename)
+            try:
+                data = open(iname,"r").read()
+                dname = os.path.dirname(iname)
+                if dname:
+                    self.temp_path.insert(0,dname)
+                for tok in self.parsegen(data,filename):
+                    yield tok
+                if dname:
+                    del self.temp_path[0]
+                break
+            except IOError:
+                pass
+        else:
+            print("Couldn't find '%s'" % filename)
+
+    # ----------------------------------------------------------------------
+    # define()
+    #
+    # Define a new macro
+    # ----------------------------------------------------------------------
+
+    def define(self,tokens):
+        if isinstance(tokens,STRING_TYPES):
+            tokens = self.tokenize(tokens)
+
+        linetok = tokens
+        try:
+            name = linetok[0]
+            if len(linetok) > 1:
+                mtype = linetok[1]
+            else:
+                mtype = None
+            if not mtype:
+                m = Macro(name.value,[])
+                self.macros[name.value] = m
+            elif mtype.type in self.t_WS:
+                # A normal macro
+                m = Macro(name.value,self.tokenstrip(linetok[2:]))
+                self.macros[name.value] = m
+            elif mtype.value == '(':
+                # A macro with arguments
+                tokcount, args, positions = self.collect_args(linetok[1:])
+                variadic = False
+                for a in args:
+                    if variadic:
+                        print("No more arguments may follow a variadic argument")
+                        break
+                    astr = "".join([str(_i.value) for _i in a])
+                    if astr == "...":
+                        variadic = True
+                        a[0].type = self.t_ID
+                        a[0].value = '__VA_ARGS__'
+                        variadic = True
+                        del a[1:]
+                        continue
+                    elif astr[-3:] == "..." and a[0].type == self.t_ID:
+                        variadic = True
+                        del a[1:]
+                        # If, for some reason, "." is part of the identifier, strip off the name for the purposes
+                        # of macro expansion
+                        if a[0].value[-3:] == '...':
+                            a[0].value = a[0].value[:-3]
+                        continue
+                    if len(a) > 1 or a[0].type != self.t_ID:
+                        print("Invalid macro argument")
+                        break
+                else:
+                    mvalue = self.tokenstrip(linetok[1+tokcount:])
+                    i = 0
+                    while i < len(mvalue):
+                        if i+1 < len(mvalue):
+                            if mvalue[i].type in self.t_WS and mvalue[i+1].value == '##':
+                                del mvalue[i]
+                                continue
+                            elif mvalue[i].value == '##' and mvalue[i+1].type in self.t_WS:
+                                del mvalue[i+1]
+                        i += 1
+                    m = Macro(name.value,mvalue,[x[0].value for x in args],variadic)
+                    self.macro_prescan(m)
+                    self.macros[name.value] = m
+            else:
+                print("Bad macro definition")
+        except LookupError:
+            print("Bad macro definition")
+
+    # ----------------------------------------------------------------------
+    # undef()
+    #
+    # Undefine a macro
+    # ----------------------------------------------------------------------
+
+    def undef(self,tokens):
+        id = tokens[0].value
+        try:
+            del self.macros[id]
+        except LookupError:
+            pass
+
+    # ----------------------------------------------------------------------
+    # parse()
+    #
+    # Parse input text.
+    # ----------------------------------------------------------------------
+    def parse(self,input,source=None,ignore={}):
+        self.ignore = ignore
+        self.parser = self.parsegen(input,source)
+
+    # ----------------------------------------------------------------------
+    # token()
+    #
+    # Method to return individual tokens
+    # ----------------------------------------------------------------------
+    def token(self):
+        try:
+            while True:
+                tok = next(self.parser)
+                if tok.type not in self.ignore: return tok
+        except StopIteration:
+            self.parser = None
+            return None
+
+if __name__ == '__main__':
+    import ply.lex as lex
+    lexer = lex.lex()
+
+    # Run a preprocessor
+    import sys
+    f = open(sys.argv[1])
+    input = f.read()
+
+    p = Preprocessor(lexer)
+    p.parse(input,sys.argv[1])
+    while True:
+        tok = p.token()
+        if not tok: break
+        print(p.source, tok)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/ctokens.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/ctokens.py
new file mode 100644
index 000000000..b265e59ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/ctokens.py
@@ -0,0 +1,127 @@
+# ----------------------------------------------------------------------
+# ctokens.py
+#
+# Token specifications for symbols in ANSI C and C++.  This file is
+# meant to be used as a library in other tokenizers.
+# ----------------------------------------------------------------------
+
+# Reserved words
+
+tokens = [
+    # Literals (identifier, integer constant, float constant, string constant, char const)
+    'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',
+
+    # Operators (+,-,*,/,%,|,&,~,^,<<,>>, ||, &&, !, <, <=, >, >=, ==, !=)
+    'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',
+    'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',
+    'LOR', 'LAND', 'LNOT',
+    'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',
+
+    # Assignment (=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^=, |=)
+    'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',
+    'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',
+
+    # Increment/decrement (++,--)
+    'INCREMENT', 'DECREMENT',
+
+    # Structure dereference (->)
+    'ARROW',
+
+    # Ternary operator (?)
+    'TERNARY',
+
+    # Delimeters ( ) [ ] { } , . ; :
+    'LPAREN', 'RPAREN',
+    'LBRACKET', 'RBRACKET',
+    'LBRACE', 'RBRACE',
+    'COMMA', 'PERIOD', 'SEMI', 'COLON',
+
+    # Ellipsis (...)
+    'ELLIPSIS',
+]
+
+# Operators
+t_PLUS             = r'\+'
+t_MINUS            = r'-'
+t_TIMES            = r'\*'
+t_DIVIDE           = r'/'
+t_MODULO           = r'%'
+t_OR               = r'\|'
+t_AND              = r'&'
+t_NOT              = r'~'
+t_XOR              = r'\^'
+t_LSHIFT           = r'<<'
+t_RSHIFT           = r'>>'
+t_LOR              = r'\|\|'
+t_LAND             = r'&&'
+t_LNOT             = r'!'
+t_LT               = r'<'
+t_GT               = r'>'
+t_LE               = r'<='
+t_GE               = r'>='
+t_EQ               = r'=='
+t_NE               = r'!='
+
+# Assignment operators
+
+t_EQUALS           = r'='
+t_TIMESEQUAL       = r'\*='
+t_DIVEQUAL         = r'/='
+t_MODEQUAL         = r'%='
+t_PLUSEQUAL        = r'\+='
+t_MINUSEQUAL       = r'-='
+t_LSHIFTEQUAL      = r'<<='
+t_RSHIFTEQUAL      = r'>>='
+t_ANDEQUAL         = r'&='
+t_OREQUAL          = r'\|='
+t_XOREQUAL         = r'\^='
+
+# Increment/decrement
+t_INCREMENT        = r'\+\+'
+t_DECREMENT        = r'--'
+
+# ->
+t_ARROW            = r'->'
+
+# ?
+t_TERNARY          = r'\?'
+
+# Delimeters
+t_LPAREN           = r'\('
+t_RPAREN           = r'\)'
+t_LBRACKET         = r'\['
+t_RBRACKET         = r'\]'
+t_LBRACE           = r'\{'
+t_RBRACE           = r'\}'
+t_COMMA            = r','
+t_PERIOD           = r'\.'
+t_SEMI             = r';'
+t_COLON            = r':'
+t_ELLIPSIS         = r'\.\.\.'
+
+# Identifiers
+t_ID = r'[A-Za-z_][A-Za-z0-9_]*'
+
+# Integer literal
+t_INTEGER = r'\d+([uU]|[lL]|[uU][lL]|[lL][uU])?'
+
+# Floating literal
+t_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+t_STRING = r'\"([^\\\n]|(\\.))*?\"'
+
+# Character constant 'c' or L'c'
+t_CHARACTER = r'(L)?\'([^\\\n]|(\\.))*?\''
+
+# Comment (C-Style)
+def t_COMMENT(t):
+    r'/\*(.|\n)*?\*/'
+    t.lexer.lineno += t.value.count('\n')
+    return t
+
+# Comment (C++-Style)
+def t_CPPCOMMENT(t):
+    r'//.*\n'
+    t.lexer.lineno += 1
+    return t
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/lex.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/lex.py
new file mode 100644
index 000000000..f95bcdbf1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/lex.py
@@ -0,0 +1,1098 @@
+# -----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+import re
+import sys
+import types
+import copy
+import os
+import inspect
+
+# This tuple contains known string types
+try:
+    # Python 2.6
+    StringTypes = (types.StringType, types.UnicodeType)
+except AttributeError:
+    # Python 3.0
+    StringTypes = (str, bytes)
+
+# This regular expression is used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+    def __init__(self, message, s):
+        self.args = (message,)
+        self.text = s
+
+
+# Token class.  This class is used to represent the tokens produced.
+class LexToken(object):
+    def __str__(self):
+        return 'LexToken(%s,%r,%d,%d)' % (self.type, self.value, self.lineno, self.lexpos)
+
+    def __repr__(self):
+        return str(self)
+
+
+# This object is a stand-in for a logging object created by the
+# logging module.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def critical(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    info = critical
+    debug = critical
+
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+
+# -----------------------------------------------------------------------------
+#                        === Lexing Engine ===
+#
+# The following Lexer class implements the lexer runtime.   There are only
+# a few public methods and attributes:
+#
+#    input()          -  Store a new string in the lexer
+#    token()          -  Get the next token
+#    clone()          -  Clone the lexer
+#
+#    lineno           -  Current line number
+#    lexpos           -  Current position in the input string
+# -----------------------------------------------------------------------------
+
+class Lexer:
+    def __init__(self):
+        self.lexre = None             # Master regular expression. This is a list of
+                                      # tuples (re, findex) where re is a compiled
+                                      # regular expression and findex is a list
+                                      # mapping regex group numbers to rules
+        self.lexretext = None         # Current regular expression strings
+        self.lexstatere = {}          # Dictionary mapping lexer states to master regexs
+        self.lexstateretext = {}      # Dictionary mapping lexer states to regex strings
+        self.lexstaterenames = {}     # Dictionary mapping lexer states to symbol names
+        self.lexstate = 'INITIAL'     # Current lexer state
+        self.lexstatestack = []       # Stack of lexer states
+        self.lexstateinfo = None      # State information
+        self.lexstateignore = {}      # Dictionary of ignored characters for each state
+        self.lexstateerrorf = {}      # Dictionary of error functions for each state
+        self.lexstateeoff = {}        # Dictionary of eof functions for each state
+        self.lexreflags = 0           # Optional re compile flags
+        self.lexdata = None           # Actual input data (as a string)
+        self.lexpos = 0               # Current position in input text
+        self.lexlen = 0               # Length of the input text
+        self.lexerrorf = None         # Error rule (if any)
+        self.lexeoff = None           # EOF rule (if any)
+        self.lextokens = None         # List of valid tokens
+        self.lexignore = ''           # Ignored characters
+        self.lexliterals = ''         # Literal characters that can be passed through
+        self.lexmodule = None         # Module
+        self.lineno = 1               # Current line number
+        self.lexoptimize = False      # Optimized mode
+
+    def clone(self, object=None):
+        c = copy.copy(self)
+
+        # If the object parameter has been supplied, it means we are attaching the
+        # lexer to a new object.  In this case, we have to rebind all methods in
+        # the lexstatere and lexstateerrorf tables.
+
+        if object:
+            newtab = {}
+            for key, ritem in self.lexstatere.items():
+                newre = []
+                for cre, findex in ritem:
+                    newfindex = []
+                    for f in findex:
+                        if not f or not f[0]:
+                            newfindex.append(f)
+                            continue
+                        newfindex.append((getattr(object, f[0].__name__), f[1]))
+                newre.append((cre, newfindex))
+                newtab[key] = newre
+            c.lexstatere = newtab
+            c.lexstateerrorf = {}
+            for key, ef in self.lexstateerrorf.items():
+                c.lexstateerrorf[key] = getattr(object, ef.__name__)
+            c.lexmodule = object
+        return c
+
+    # ------------------------------------------------------------
+    # writetab() - Write lexer information to a table file
+    # ------------------------------------------------------------
+    def writetab(self, lextab, outputdir=''):
+        if isinstance(lextab, types.ModuleType):
+            raise IOError("Won't overwrite existing lextab module")
+        basetabmodule = lextab.split('.')[-1]
+        filename = os.path.join(outputdir, basetabmodule) + '.py'
+        with open(filename, 'w') as tf:
+            tf.write('# %s.py. This file automatically created by PLY (version %s). Don\'t edit!\n' % (basetabmodule, __version__))
+            tf.write('_tabversion   = %s\n' % repr(__tabversion__))
+            tf.write('_lextokens    = set(%s)\n' % repr(tuple(sorted(self.lextokens))))
+            tf.write('_lexreflags   = %s\n' % repr(int(self.lexreflags)))
+            tf.write('_lexliterals  = %s\n' % repr(self.lexliterals))
+            tf.write('_lexstateinfo = %s\n' % repr(self.lexstateinfo))
+
+            # Rewrite the lexstatere table, replacing function objects with function names
+            tabre = {}
+            for statename, lre in self.lexstatere.items():
+                titem = []
+                for (pat, func), retext, renames in zip(lre, self.lexstateretext[statename], self.lexstaterenames[statename]):
+                    titem.append((retext, _funcs_to_names(func, renames)))
+                tabre[statename] = titem
+
+            tf.write('_lexstatere   = %s\n' % repr(tabre))
+            tf.write('_lexstateignore = %s\n' % repr(self.lexstateignore))
+
+            taberr = {}
+            for statename, ef in self.lexstateerrorf.items():
+                taberr[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateerrorf = %s\n' % repr(taberr))
+
+            tabeof = {}
+            for statename, ef in self.lexstateeoff.items():
+                tabeof[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateeoff = %s\n' % repr(tabeof))
+
+    # ------------------------------------------------------------
+    # readtab() - Read lexer information from a tab file
+    # ------------------------------------------------------------
+    def readtab(self, tabfile, fdict):
+        if isinstance(tabfile, types.ModuleType):
+            lextab = tabfile
+        else:
+            exec('import %s' % tabfile)
+            lextab = sys.modules[tabfile]
+
+        if getattr(lextab, '_tabversion', '0.0') != __tabversion__:
+            raise ImportError('Inconsistent PLY version')
+
+        self.lextokens      = lextab._lextokens
+        self.lexreflags     = lextab._lexreflags
+        self.lexliterals    = lextab._lexliterals
+        self.lextokens_all  = self.lextokens | set(self.lexliterals)
+        self.lexstateinfo   = lextab._lexstateinfo
+        self.lexstateignore = lextab._lexstateignore
+        self.lexstatere     = {}
+        self.lexstateretext = {}
+        for statename, lre in lextab._lexstatere.items():
+            titem = []
+            txtitem = []
+            for pat, func_name in lre:
+                titem.append((re.compile(pat, lextab._lexreflags), _names_to_funcs(func_name, fdict)))
+
+            self.lexstatere[statename] = titem
+            self.lexstateretext[statename] = txtitem
+
+        self.lexstateerrorf = {}
+        for statename, ef in lextab._lexstateerrorf.items():
+            self.lexstateerrorf[statename] = fdict[ef]
+
+        self.lexstateeoff = {}
+        for statename, ef in lextab._lexstateeoff.items():
+            self.lexstateeoff[statename] = fdict[ef]
+
+        self.begin('INITIAL')
+
+    # ------------------------------------------------------------
+    # input() - Push a new string into the lexer
+    # ------------------------------------------------------------
+    def input(self, s):
+        # Pull off the first character to see if s looks like a string
+        c = s[:1]
+        if not isinstance(c, StringTypes):
+            raise ValueError('Expected a string')
+        self.lexdata = s
+        self.lexpos = 0
+        self.lexlen = len(s)
+
+    # ------------------------------------------------------------
+    # begin() - Changes the lexing state
+    # ------------------------------------------------------------
+    def begin(self, state):
+        if state not in self.lexstatere:
+            raise ValueError('Undefined state')
+        self.lexre = self.lexstatere[state]
+        self.lexretext = self.lexstateretext[state]
+        self.lexignore = self.lexstateignore.get(state, '')
+        self.lexerrorf = self.lexstateerrorf.get(state, None)
+        self.lexeoff = self.lexstateeoff.get(state, None)
+        self.lexstate = state
+
+    # ------------------------------------------------------------
+    # push_state() - Changes the lexing state and saves old on stack
+    # ------------------------------------------------------------
+    def push_state(self, state):
+        self.lexstatestack.append(self.lexstate)
+        self.begin(state)
+
+    # ------------------------------------------------------------
+    # pop_state() - Restores the previous state
+    # ------------------------------------------------------------
+    def pop_state(self):
+        self.begin(self.lexstatestack.pop())
+
+    # ------------------------------------------------------------
+    # current_state() - Returns the current lexing state
+    # ------------------------------------------------------------
+    def current_state(self):
+        return self.lexstate
+
+    # ------------------------------------------------------------
+    # skip() - Skip ahead n characters
+    # ------------------------------------------------------------
+    def skip(self, n):
+        self.lexpos += n
+
+    # ------------------------------------------------------------
+    # opttoken() - Return the next token from the Lexer
+    #
+    # Note: This function has been carefully implemented to be as fast
+    # as possible.  Don't make changes unless you really know what
+    # you are doing
+    # ------------------------------------------------------------
+    def token(self):
+        # Make local copies of frequently referenced attributes
+        lexpos    = self.lexpos
+        lexlen    = self.lexlen
+        lexignore = self.lexignore
+        lexdata   = self.lexdata
+
+        while lexpos < lexlen:
+            # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+            if lexdata[lexpos] in lexignore:
+                lexpos += 1
+                continue
+
+            # Look for a regular expression match
+            for lexre, lexindexfunc in self.lexre:
+                m = lexre.match(lexdata, lexpos)
+                if not m:
+                    continue
+
+                # Create a token for return
+                tok = LexToken()
+                tok.value = m.group()
+                tok.lineno = self.lineno
+                tok.lexpos = lexpos
+
+                i = m.lastindex
+                func, tok.type = lexindexfunc[i]
+
+                if not func:
+                    # If no token type was set, it's an ignored token
+                    if tok.type:
+                        self.lexpos = m.end()
+                        return tok
+                    else:
+                        lexpos = m.end()
+                        break
+
+                lexpos = m.end()
+
+                # If token is processed by a function, call it
+
+                tok.lexer = self      # Set additional attributes useful in token rules
+                self.lexmatch = m
+                self.lexpos = lexpos
+
+                newtok = func(tok)
+
+                # Every function must return a token, if nothing, we just move to next token
+                if not newtok:
+                    lexpos    = self.lexpos         # This is here in case user has updated lexpos.
+                    lexignore = self.lexignore      # This is here in case there was a state change
+                    break
+
+                # Verify type of the token.  If not in the token map, raise an error
+                if not self.lexoptimize:
+                    if newtok.type not in self.lextokens_all:
+                        raise LexError("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+                            func.__code__.co_filename, func.__code__.co_firstlineno,
+                            func.__name__, newtok.type), lexdata[lexpos:])
+
+                return newtok
+            else:
+                # No match, see if in literals
+                if lexdata[lexpos] in self.lexliterals:
+                    tok = LexToken()
+                    tok.value = lexdata[lexpos]
+                    tok.lineno = self.lineno
+                    tok.type = tok.value
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos + 1
+                    return tok
+
+                # No match. Call t_error() if defined.
+                if self.lexerrorf:
+                    tok = LexToken()
+                    tok.value = self.lexdata[lexpos:]
+                    tok.lineno = self.lineno
+                    tok.type = 'error'
+                    tok.lexer = self
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos
+                    newtok = self.lexerrorf(tok)
+                    if lexpos == self.lexpos:
+                        # Error method didn't change text position at all. This is an error.
+                        raise LexError("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+                    lexpos = self.lexpos
+                    if not newtok:
+                        continue
+                    return newtok
+
+                self.lexpos = lexpos
+                raise LexError("Illegal character '%s' at index %d" % (lexdata[lexpos], lexpos), lexdata[lexpos:])
+
+        if self.lexeoff:
+            tok = LexToken()
+            tok.type = 'eof'
+            tok.value = ''
+            tok.lineno = self.lineno
+            tok.lexpos = lexpos
+            tok.lexer = self
+            self.lexpos = lexpos
+            newtok = self.lexeoff(tok)
+            return newtok
+
+        self.lexpos = lexpos + 1
+        if self.lexdata is None:
+            raise RuntimeError('No input string given with input()')
+        return None
+
+    # Iterator interface
+    def __iter__(self):
+        return self
+
+    def next(self):
+        t = self.token()
+        if t is None:
+            raise StopIteration
+        return t
+
+    __next__ = next
+
+# -----------------------------------------------------------------------------
+#                           ==== Lex Builder ===
+#
+# The functions and classes below are used to collect lexing information
+# and build a Lexer object from it.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _get_regex(func)
+#
+# Returns the regular expression assigned to a function either as a doc string
+# or as a .regex attribute attached by the @TOKEN decorator.
+# -----------------------------------------------------------------------------
+def _get_regex(func):
+    return getattr(func, 'regex', func.__doc__)
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+def _funcs_to_names(funclist, namelist):
+    result = []
+    for f, name in zip(funclist, namelist):
+        if f and f[0]:
+            result.append((name, f[1]))
+        else:
+            result.append(f)
+    return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+def _names_to_funcs(namelist, fdict):
+    result = []
+    for n in namelist:
+        if n and n[0]:
+            result.append((fdict[n[0]], n[1]))
+        else:
+            result.append(n)
+    return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression.  Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+def _form_master_re(relist, reflags, ldict, toknames):
+    if not relist:
+        return []
+    regex = '|'.join(relist)
+    try:
+        lexre = re.compile(regex, reflags)
+
+        # Build the index to function map for the matching engine
+        lexindexfunc = [None] * (max(lexre.groupindex.values()) + 1)
+        lexindexnames = lexindexfunc[:]
+
+        for f, i in lexre.groupindex.items():
+            handle = ldict.get(f, None)
+            if type(handle) in (types.FunctionType, types.MethodType):
+                lexindexfunc[i] = (handle, toknames[f])
+                lexindexnames[i] = f
+            elif handle is not None:
+                lexindexnames[i] = f
+                if f.find('ignore_') > 0:
+                    lexindexfunc[i] = (None, None)
+                else:
+                    lexindexfunc[i] = (None, toknames[f])
+
+        return [(lexre, lexindexfunc)], [regex], [lexindexnames]
+    except Exception:
+        m = int(len(relist)/2)
+        if m == 0:
+            m = 1
+        llist, lre, lnames = _form_master_re(relist[:m], reflags, ldict, toknames)
+        rlist, rre, rnames = _form_master_re(relist[m:], reflags, ldict, toknames)
+        return (llist+rlist), (lre+rre), (lnames+rnames)
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token.  For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+def _statetoken(s, names):
+    parts = s.split('_')
+    for i, part in enumerate(parts[1:], 1):
+        if part not in names and part != 'ANY':
+            break
+
+    if i > 1:
+        states = tuple(parts[1:i])
+    else:
+        states = ('INITIAL',)
+
+    if 'ANY' in states:
+        states = tuple(names)
+
+    tokenname = '_'.join(parts[i:])
+    return (states, tokenname)
+
+
+# -----------------------------------------------------------------------------
+# LexerReflect()
+#
+# This class represents information needed to build a lexer as extracted from a
+# user's input file.
+# -----------------------------------------------------------------------------
+class LexerReflect(object):
+    def __init__(self, ldict, log=None, reflags=0):
+        self.ldict      = ldict
+        self.error_func = None
+        self.tokens     = []
+        self.reflags    = reflags
+        self.stateinfo  = {'INITIAL': 'inclusive'}
+        self.modules    = set()
+        self.error      = False
+        self.log        = PlyLogger(sys.stderr) if log is None else log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_tokens()
+        self.get_literals()
+        self.get_states()
+        self.get_rules()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_tokens()
+        self.validate_literals()
+        self.validate_rules()
+        return self.error
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.ldict.get('tokens', None)
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = tokens
+
+    # Validate the tokens
+    def validate_tokens(self):
+        terminals = {}
+        for n in self.tokens:
+            if not _is_identifier.match(n):
+                self.log.error("Bad token name '%s'", n)
+                self.error = True
+            if n in terminals:
+                self.log.warning("Token '%s' multiply defined", n)
+            terminals[n] = 1
+
+    # Get the literals specifier
+    def get_literals(self):
+        self.literals = self.ldict.get('literals', '')
+        if not self.literals:
+            self.literals = ''
+
+    # Validate literals
+    def validate_literals(self):
+        try:
+            for c in self.literals:
+                if not isinstance(c, StringTypes) or len(c) > 1:
+                    self.log.error('Invalid literal %s. Must be a single character', repr(c))
+                    self.error = True
+
+        except TypeError:
+            self.log.error('Invalid literals specification. literals must be a sequence of characters')
+            self.error = True
+
+    def get_states(self):
+        self.states = self.ldict.get('states', None)
+        # Build statemap
+        if self.states:
+            if not isinstance(self.states, (tuple, list)):
+                self.log.error('states must be defined as a tuple or list')
+                self.error = True
+            else:
+                for s in self.states:
+                    if not isinstance(s, tuple) or len(s) != 2:
+                        self.log.error("Invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')", repr(s))
+                        self.error = True
+                        continue
+                    name, statetype = s
+                    if not isinstance(name, StringTypes):
+                        self.log.error('State name %s must be a string', repr(name))
+                        self.error = True
+                        continue
+                    if not (statetype == 'inclusive' or statetype == 'exclusive'):
+                        self.log.error("State type for state %s must be 'inclusive' or 'exclusive'", name)
+                        self.error = True
+                        continue
+                    if name in self.stateinfo:
+                        self.log.error("State '%s' already defined", name)
+                        self.error = True
+                        continue
+                    self.stateinfo[name] = statetype
+
+    # Get all of the symbols with a t_ prefix and sort them into various
+    # categories (functions, strings, error functions, and ignore characters)
+
+    def get_rules(self):
+        tsymbols = [f for f in self.ldict if f[:2] == 't_']
+
+        # Now build up a list of functions and a list of strings
+        self.toknames = {}        # Mapping of symbols to token names
+        self.funcsym  = {}        # Symbols defined as functions
+        self.strsym   = {}        # Symbols defined as strings
+        self.ignore   = {}        # Ignore strings by state
+        self.errorf   = {}        # Error functions by state
+        self.eoff     = {}        # EOF functions by state
+
+        for s in self.stateinfo:
+            self.funcsym[s] = []
+            self.strsym[s] = []
+
+        if len(tsymbols) == 0:
+            self.log.error('No rules of the form t_rulename are defined')
+            self.error = True
+            return
+
+        for f in tsymbols:
+            t = self.ldict[f]
+            states, tokname = _statetoken(f, self.stateinfo)
+            self.toknames[f] = tokname
+
+            if hasattr(t, '__call__'):
+                if tokname == 'error':
+                    for s in states:
+                        self.errorf[s] = t
+                elif tokname == 'eof':
+                    for s in states:
+                        self.eoff[s] = t
+                elif tokname == 'ignore':
+                    line = t.__code__.co_firstlineno
+                    file = t.__code__.co_filename
+                    self.log.error("%s:%d: Rule '%s' must be defined as a string", file, line, t.__name__)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.funcsym[s].append((f, t))
+            elif isinstance(t, StringTypes):
+                if tokname == 'ignore':
+                    for s in states:
+                        self.ignore[s] = t
+                    if '\\' in t:
+                        self.log.warning("%s contains a literal backslash '\\'", f)
+
+                elif tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", f)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.strsym[s].append((f, t))
+            else:
+                self.log.error('%s not defined as a function or string', f)
+                self.error = True
+
+        # Sort the functions by line number
+        for f in self.funcsym.values():
+            f.sort(key=lambda x: x[1].__code__.co_firstlineno)
+
+        # Sort the strings by regular expression length
+        for s in self.strsym.values():
+            s.sort(key=lambda x: len(x[1]), reverse=True)
+
+    # Validate all of the t_rules collected
+    def validate_rules(self):
+        for state in self.stateinfo:
+            # Validate all rules defined by functions
+
+            for fname, f in self.funcsym[state]:
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                tokname = self.toknames[fname]
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if not _get_regex(f):
+                    self.log.error("%s:%d: No regular expression defined for rule '%s'", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (fname, _get_regex(f)), self.reflags)
+                    if c.match(''):
+                        self.log.error("%s:%d: Regular expression for rule '%s' matches empty string", file, line, f.__name__)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("%s:%d: Invalid regular expression for rule '%s'. %s", file, line, f.__name__, e)
+                    if '#' in _get_regex(f):
+                        self.log.error("%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'", file, line, f.__name__)
+                    self.error = True
+
+            # Validate all rules defined by strings
+            for name, r in self.strsym[state]:
+                tokname = self.toknames[name]
+                if tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", name)
+                    self.error = True
+                    continue
+
+                if tokname not in self.tokens and tokname.find('ignore_') < 0:
+                    self.log.error("Rule '%s' defined for an unspecified token %s", name, tokname)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (name, r), self.reflags)
+                    if (c.match('')):
+                        self.log.error("Regular expression for rule '%s' matches empty string", name)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("Invalid regular expression for rule '%s'. %s", name, e)
+                    if '#' in r:
+                        self.log.error("Make sure '#' in rule '%s' is escaped with '\\#'", name)
+                    self.error = True
+
+            if not self.funcsym[state] and not self.strsym[state]:
+                self.log.error("No rules defined for state '%s'", state)
+                self.error = True
+
+            # Validate the error function
+            efunc = self.errorf.get(state, None)
+            if efunc:
+                f = efunc
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+
+        for module in self.modules:
+            self.validate_module(module)
+
+    # -----------------------------------------------------------------------------
+    # validate_module()
+    #
+    # This checks to see if there are duplicated t_rulename() functions or strings
+    # in the parser input file.  This is done using a simple regular expression
+    # match on each line in the source code of the given module.
+    # -----------------------------------------------------------------------------
+
+    def validate_module(self, module):
+        try:
+            lines, linen = inspect.getsourcelines(module)
+        except IOError:
+            return
+
+        fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+        sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+
+        counthash = {}
+        linen += 1
+        for line in lines:
+            m = fre.match(line)
+            if not m:
+                m = sre.match(line)
+            if m:
+                name = m.group(1)
+                prev = counthash.get(name)
+                if not prev:
+                    counthash[name] = linen
+                else:
+                    filename = inspect.getsourcefile(module)
+                    self.log.error('%s:%d: Rule %s redefined. Previously defined on line %d', filename, linen, name, prev)
+                    self.error = True
+            linen += 1
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None, object=None, debug=False, optimize=False, lextab='lextab',
+        reflags=int(re.VERBOSE), nowarn=False, outputdir=None, debuglog=None, errorlog=None):
+
+    if lextab is None:
+        lextab = 'lextab'
+
+    global lexer
+
+    ldict = None
+    stateinfo  = {'INITIAL': 'inclusive'}
+    lexobj = Lexer()
+    lexobj.lexoptimize = optimize
+    global token, input
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    if debug:
+        if debuglog is None:
+            debuglog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the lexer
+    if object:
+        module = object
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        ldict = dict(_items)
+        # If no __file__ attribute is available, try to obtain it from the __module__ instead
+        if '__file__' not in ldict:
+            ldict['__file__'] = sys.modules[ldict['__module__']].__file__
+    else:
+        ldict = get_caller_module_dict(2)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = ldict.get('__package__')
+    if pkg and isinstance(lextab, str):
+        if '.' not in lextab:
+            lextab = pkg + '.' + lextab
+
+    # Collect parser information from the dictionary
+    linfo = LexerReflect(ldict, log=errorlog, reflags=reflags)
+    linfo.get_all()
+    if not optimize:
+        if linfo.validate_all():
+            raise SyntaxError("Can't build lexer")
+
+    if optimize and lextab:
+        try:
+            lexobj.readtab(lextab, ldict)
+            token = lexobj.token
+            input = lexobj.input
+            lexer = lexobj
+            return lexobj
+
+        except ImportError:
+            pass
+
+    # Dump some basic debugging information
+    if debug:
+        debuglog.info('lex: tokens   = %r', linfo.tokens)
+        debuglog.info('lex: literals = %r', linfo.literals)
+        debuglog.info('lex: states   = %r', linfo.stateinfo)
+
+    # Build a dictionary of valid token names
+    lexobj.lextokens = set()
+    for n in linfo.tokens:
+        lexobj.lextokens.add(n)
+
+    # Get literals specification
+    if isinstance(linfo.literals, (list, tuple)):
+        lexobj.lexliterals = type(linfo.literals[0])().join(linfo.literals)
+    else:
+        lexobj.lexliterals = linfo.literals
+
+    lexobj.lextokens_all = lexobj.lextokens | set(lexobj.lexliterals)
+
+    # Get the stateinfo dictionary
+    stateinfo = linfo.stateinfo
+
+    regexs = {}
+    # Build the master regular expressions
+    for state in stateinfo:
+        regex_list = []
+
+        # Add rules defined by functions first
+        for fname, f in linfo.funcsym[state]:
+            regex_list.append('(?P<%s>%s)' % (fname, _get_regex(f)))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", fname, _get_regex(f), state)
+
+        # Now add all of the simple rules
+        for name, r in linfo.strsym[state]:
+            regex_list.append('(?P<%s>%s)' % (name, r))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", name, r, state)
+
+        regexs[state] = regex_list
+
+    # Build the master regular expressions
+
+    if debug:
+        debuglog.info('lex: ==== MASTER REGEXS FOLLOW ====')
+
+    for state in regexs:
+        lexre, re_text, re_names = _form_master_re(regexs[state], reflags, ldict, linfo.toknames)
+        lexobj.lexstatere[state] = lexre
+        lexobj.lexstateretext[state] = re_text
+        lexobj.lexstaterenames[state] = re_names
+        if debug:
+            for i, text in enumerate(re_text):
+                debuglog.info("lex: state '%s' : regex[%d] = '%s'", state, i, text)
+
+    # For inclusive states, we need to add the regular expressions from the INITIAL state
+    for state, stype in stateinfo.items():
+        if state != 'INITIAL' and stype == 'inclusive':
+            lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+            lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+            lexobj.lexstaterenames[state].extend(lexobj.lexstaterenames['INITIAL'])
+
+    lexobj.lexstateinfo = stateinfo
+    lexobj.lexre = lexobj.lexstatere['INITIAL']
+    lexobj.lexretext = lexobj.lexstateretext['INITIAL']
+    lexobj.lexreflags = reflags
+
+    # Set up ignore variables
+    lexobj.lexstateignore = linfo.ignore
+    lexobj.lexignore = lexobj.lexstateignore.get('INITIAL', '')
+
+    # Set up error functions
+    lexobj.lexstateerrorf = linfo.errorf
+    lexobj.lexerrorf = linfo.errorf.get('INITIAL', None)
+    if not lexobj.lexerrorf:
+        errorlog.warning('No t_error rule is defined')
+
+    # Set up eof functions
+    lexobj.lexstateeoff = linfo.eoff
+    lexobj.lexeoff = linfo.eoff.get('INITIAL', None)
+
+    # Check state information for ignore and error rules
+    for s, stype in stateinfo.items():
+        if stype == 'exclusive':
+            if s not in linfo.errorf:
+                errorlog.warning("No error rule is defined for exclusive state '%s'", s)
+            if s not in linfo.ignore and lexobj.lexignore:
+                errorlog.warning("No ignore rule is defined for exclusive state '%s'", s)
+        elif stype == 'inclusive':
+            if s not in linfo.errorf:
+                linfo.errorf[s] = linfo.errorf.get('INITIAL', None)
+            if s not in linfo.ignore:
+                linfo.ignore[s] = linfo.ignore.get('INITIAL', '')
+
+    # Create global versions of the token() and input() functions
+    token = lexobj.token
+    input = lexobj.input
+    lexer = lexobj
+
+    # If in optimize mode, we write the lextab
+    if lextab and optimize:
+        if outputdir is None:
+            # If no output directory is set, the location of the output files
+            # is determined according to the following rules:
+            #     - If lextab specifies a package, files go into that package directory
+            #     - Otherwise, files go in the same directory as the specifying module
+            if isinstance(lextab, types.ModuleType):
+                srcfile = lextab.__file__
+            else:
+                if '.' not in lextab:
+                    srcfile = ldict['__file__']
+                else:
+                    parts = lextab.split('.')
+                    pkgname = '.'.join(parts[:-1])
+                    exec('import %s' % pkgname)
+                    srcfile = getattr(sys.modules[pkgname], '__file__', '')
+            outputdir = os.path.dirname(srcfile)
+        try:
+            lexobj.writetab(lextab, outputdir)
+            if lextab in sys.modules:
+                del sys.modules[lextab]
+        except IOError as e:
+            errorlog.warning("Couldn't write lextab module %r. %s" % (lextab, e))
+
+    return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None, data=None):
+    if not data:
+        try:
+            filename = sys.argv[1]
+            f = open(filename)
+            data = f.read()
+            f.close()
+        except IndexError:
+            sys.stdout.write('Reading from standard input (type EOF to end):\n')
+            data = sys.stdin.read()
+
+    if lexer:
+        _input = lexer.input
+    else:
+        _input = input
+    _input(data)
+    if lexer:
+        _token = lexer.token
+    else:
+        _token = token
+
+    while True:
+        tok = _token()
+        if not tok:
+            break
+        sys.stdout.write('(%s,%r,%d,%d)\n' % (tok.type, tok.value, tok.lineno, tok.lexpos))
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+    def set_regex(f):
+        if hasattr(r, '__call__'):
+            f.regex = _get_regex(r)
+        else:
+            f.regex = r
+        return f
+    return set_regex
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/yacc.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/yacc.py
new file mode 100644
index 000000000..88188a1e8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/yacc.py
@@ -0,0 +1,3502 @@
+# -----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammar is specified by supplying the BNF inside
+# Python documentation strings.  The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system.  PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist).  However, most of the variables used during table
+# construction are defined in terms of global variables.  Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing.  LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book).  LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style."   Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+import re
+import types
+import sys
+import os.path
+import inspect
+import warnings
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+#-----------------------------------------------------------------------------
+#                     === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug   = True             # Debugging mode.  If set, yacc generates a
+                               # a 'parser.out' file in the current directory
+
+debug_file  = 'parser.out'     # Default name of the debugging file
+tab_module  = 'parsetab'       # Default name of the table module
+default_lr  = 'LALR'           # Default LR table generation method
+
+error_count = 3                # Number of symbols that must be shifted to leave recovery mode
+
+yaccdevel   = False            # Set to True if developing yacc.  This turns off optimized
+                               # implementations of certain functions.
+
+resultlimit = 40               # Size limit of results when running in debug mode.
+
+pickle_protocol = 0            # Protocol to use when writing pickle files
+
+# String type-checking compatibility
+if sys.version_info[0] < 3:
+    string_types = basestring
+else:
+    string_types = str
+
+MAXINT = sys.maxsize
+
+# This object is a stand-in for a logging object created by the
+# logging module.   PLY will use this by default to create things
+# such as the parser.out file.  If a user wants more detailed
+# information, they can create their own logging object and pass
+# it into PLY.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def debug(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    info = debug
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    critical = debug
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+# Exception raised for yacc-related errors
+class YaccError(Exception):
+    pass
+
+# Format the result message that the parser produces when running in debug mode.
+def format_result(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) > resultlimit:
+        repr_str = repr_str[:resultlimit] + ' ...'
+    result = '<%s @ 0x%x> (%s)' % (type(r).__name__, id(r), repr_str)
+    return result
+
+# Format stack entries when the parser is running in debug mode
+def format_stack_entry(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) < 16:
+        return repr_str
+    else:
+        return '<%s @ 0x%x>' % (type(r).__name__, id(r))
+
+# Panic mode error recovery support.   This feature is being reworked--much of the
+# code here is to offer a deprecation/backwards compatible transition
+
+_errok = None
+_token = None
+_restart = None
+_warnmsg = '''PLY: Don't use global functions errok(), token(), and restart() in p_error().
+Instead, invoke the methods on the associated parser instance:
+
+    def p_error(p):
+        ...
+        # Use parser.errok(), parser.token(), parser.restart()
+        ...
+
+    parser = yacc.yacc()
+'''
+
+def errok():
+    warnings.warn(_warnmsg)
+    return _errok()
+
+def restart():
+    warnings.warn(_warnmsg)
+    return _restart()
+
+def token():
+    warnings.warn(_warnmsg)
+    return _token()
+
+# Utility function to call the p_error() function with some deprecation hacks
+def call_errorfunc(errorfunc, token, parser):
+    global _errok, _token, _restart
+    _errok = parser.errok
+    _token = parser.token
+    _restart = parser.restart
+    r = errorfunc(token)
+    try:
+        del _errok, _token, _restart
+    except NameError:
+        pass
+    return r
+
+#-----------------------------------------------------------------------------
+#                        ===  LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself.  These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+#        .type       = Grammar symbol type
+#        .value      = Symbol value
+#        .lineno     = Starting line number
+#        .endlineno  = Ending line number (optional, set automatically)
+#        .lexpos     = Starting lex position
+#        .endlexpos  = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+    def __str__(self):
+        return self.type
+
+    def __repr__(self):
+        return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule.   Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined).   The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol.  The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+    def __init__(self, s, stack=None):
+        self.slice = s
+        self.stack = stack
+        self.lexer = None
+        self.parser = None
+
+    def __getitem__(self, n):
+        if isinstance(n, slice):
+            return [s.value for s in self.slice[n]]
+        elif n >= 0:
+            return self.slice[n].value
+        else:
+            return self.stack[n].value
+
+    def __setitem__(self, n, v):
+        self.slice[n].value = v
+
+    def __getslice__(self, i, j):
+        return [s.value for s in self.slice[i:j]]
+
+    def __len__(self):
+        return len(self.slice)
+
+    def lineno(self, n):
+        return getattr(self.slice[n], 'lineno', 0)
+
+    def set_lineno(self, n, lineno):
+        self.slice[n].lineno = lineno
+
+    def linespan(self, n):
+        startline = getattr(self.slice[n], 'lineno', 0)
+        endline = getattr(self.slice[n], 'endlineno', startline)
+        return startline, endline
+
+    def lexpos(self, n):
+        return getattr(self.slice[n], 'lexpos', 0)
+
+    def set_lexpos(self, n, lexpos):
+        self.slice[n].lexpos = lexpos
+
+    def lexspan(self, n):
+        startpos = getattr(self.slice[n], 'lexpos', 0)
+        endpos = getattr(self.slice[n], 'endlexpos', startpos)
+        return startpos, endpos
+
+    def error(self):
+        raise SyntaxError
+
+# -----------------------------------------------------------------------------
+#                               == LRParser ==
+#
+# The LR Parsing engine.
+# -----------------------------------------------------------------------------
+
+class LRParser:
+    def __init__(self, lrtab, errorf):
+        self.productions = lrtab.lr_productions
+        self.action = lrtab.lr_action
+        self.goto = lrtab.lr_goto
+        self.errorfunc = errorf
+        self.set_defaulted_states()
+        self.errorok = True
+
+    def errok(self):
+        self.errorok = True
+
+    def restart(self):
+        del self.statestack[:]
+        del self.symstack[:]
+        sym = YaccSymbol()
+        sym.type = '$end'
+        self.symstack.append(sym)
+        self.statestack.append(0)
+
+    # Defaulted state support.
+    # This method identifies parser states where there is only one possible reduction action.
+    # For such states, the parser can make a choose to make a rule reduction without consuming
+    # the next look-ahead token.  This delayed invocation of the tokenizer can be useful in
+    # certain kinds of advanced parsing situations where the lexer and parser interact with
+    # each other or change states (i.e., manipulation of scope, lexer states, etc.).
+    #
+    # See:  http://www.gnu.org/software/bison/manual/html_node/Default-Reductions.html#Default-Reductions
+    def set_defaulted_states(self):
+        self.defaulted_states = {}
+        for state, actions in self.action.items():
+            rules = list(actions.values())
+            if len(rules) == 1 and rules[0] < 0:
+                self.defaulted_states[state] = rules[0]
+
+    def disable_defaulted_states(self):
+        self.defaulted_states = {}
+
+    def parse(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        if debug or yaccdevel:
+            if isinstance(debug, int):
+                debug = PlyLogger(sys.stderr)
+            return self.parsedebug(input, lexer, debug, tracking, tokenfunc)
+        elif tracking:
+            return self.parseopt(input, lexer, debug, tracking, tokenfunc)
+        else:
+            return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
+
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parsedebug().
+    #
+    # This is the debugging enabled version of parse().  All changes made to the
+    # parsing engine should be made here.   Optimized versions of this function
+    # are automatically created by the ply/ygen.py script.  This script cuts out
+    # sections enclosed in markers such as this:
+    #
+    #      #--! DEBUG
+    #      statements
+    #      #--! DEBUG
+    #
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parsedebug(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parsedebug-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+        #--! DEBUG
+        debug.info('PLY: PARSE DEBUG START')
+        #--! DEBUG
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+            #--! DEBUG
+            debug.debug('')
+            debug.debug('State  : %s', state)
+            #--! DEBUG
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+                #--! DEBUG
+                debug.debug('Defaulted state %s: Reduce using %d', state, -t)
+                #--! DEBUG
+
+            #--! DEBUG
+            debug.debug('Stack  : %s',
+                        ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+            #--! DEBUG
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+                    #--! DEBUG
+                    debug.debug('Action : Shift and goto state %s', t)
+                    #--! DEBUG
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+                    #--! DEBUG
+                    if plen:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str,
+                                   '['+','.join([format_stack_entry(_v.value) for _v in symstack[-plen:]])+']',
+                                   goto[statestack[-1-plen]][pname])
+                    else:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str, [],
+                                   goto[statestack[-1]][pname])
+
+                    #--! DEBUG
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    #--! DEBUG
+                    debug.info('Done   : Returning %s', format_result(result))
+                    debug.info('PLY: PARSE DEBUG END')
+                    #--! DEBUG
+                    return result
+
+            if t is None:
+
+                #--! DEBUG
+                debug.error('Error  : %s',
+                            ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+                #--! DEBUG
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parsedebug-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt().
+    #
+    # Optimized version of parse() method.  DO NOT EDIT THIS CODE DIRECTLY!
+    # This code is automatically generated by the ply/ygen.py script. Make
+    # changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt_notrack().
+    #
+    # Optimized version of parseopt() with line number tracking removed.
+    # DO NOT EDIT THIS CODE DIRECTLY. This code is automatically generated
+    # by the ply/ygen.py script. Make changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt_notrack(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-notrack-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-notrack-end
+
+# -----------------------------------------------------------------------------
+#                          === Grammar Representation ===
+#
+# The following functions, classes, and variables are used to represent and
+# manipulate the rules that make up a grammar.
+# -----------------------------------------------------------------------------
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# A grammar rule refers to a specification such as this:
+#
+#       expr : expr PLUS term
+#
+# Here are the basic attributes defined on all productions
+#
+#       name     - Name of the production.  For example 'expr'
+#       prod     - A list of symbols on the right side ['expr','PLUS','term']
+#       prec     - Production precedence level
+#       number   - Production number.
+#       func     - Function that executes on reduce
+#       file     - File where production function is defined
+#       lineno   - Line number where production function is defined
+#
+# The following attributes are defined or optional.
+#
+#       len       - Length of the production (number of symbols on right hand side)
+#       usyms     - Set of unique symbols found in the production
+# -----------------------------------------------------------------------------
+
+class Production(object):
+    reduced = 0
+    def __init__(self, number, name, prod, precedence=('right', 0), func=None, file='', line=0):
+        self.name     = name
+        self.prod     = tuple(prod)
+        self.number   = number
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.prec     = precedence
+
+        # Internal settings used during table construction
+
+        self.len  = len(self.prod)   # Length of the production
+
+        # Create a list of unique production symbols used in the production
+        self.usyms = []
+        for s in self.prod:
+            if s not in self.usyms:
+                self.usyms.append(s)
+
+        # List of all LR items for the production
+        self.lr_items = []
+        self.lr_next = None
+
+        # Create a string representation
+        if self.prod:
+            self.str = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            self.str = '%s -> <empty>' % self.name
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'Production(' + str(self) + ')'
+
+    def __len__(self):
+        return len(self.prod)
+
+    def __nonzero__(self):
+        return 1
+
+    def __getitem__(self, index):
+        return self.prod[index]
+
+    # Return the nth lr_item from the production (or None if at the end)
+    def lr_item(self, n):
+        if n > len(self.prod):
+            return None
+        p = LRItem(self, n)
+        # Precompute the list of productions immediately following.
+        try:
+            p.lr_after = self.Prodnames[p.prod[n+1]]
+        except (IndexError, KeyError):
+            p.lr_after = []
+        try:
+            p.lr_before = p.prod[n-1]
+        except IndexError:
+            p.lr_before = None
+        return p
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+# This class serves as a minimal standin for Production objects when
+# reading table data from files.   It only contains information
+# actually used by the LR parsing engine, plus some additional
+# debugging information.
+class MiniProduction(object):
+    def __init__(self, str, name, len, func, file, line):
+        self.name     = name
+        self.len      = len
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.str      = str
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'MiniProduction(%s)' % self.str
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+
+# -----------------------------------------------------------------------------
+# class LRItem
+#
+# This class represents a specific stage of parsing a production rule.  For
+# example:
+#
+#       expr : expr . PLUS term
+#
+# In the above, the "." represents the current location of the parse.  Here
+# basic attributes:
+#
+#       name       - Name of the production.  For example 'expr'
+#       prod       - A list of symbols on the right side ['expr','.', 'PLUS','term']
+#       number     - Production number.
+#
+#       lr_next      Next LR item. Example, if we are ' expr -> expr . PLUS term'
+#                    then lr_next refers to 'expr -> expr PLUS . term'
+#       lr_index   - LR item index (location of the ".") in the prod list.
+#       lookaheads - LALR lookahead symbols for this item
+#       len        - Length of the production (number of symbols on right hand side)
+#       lr_after    - List of all productions that immediately follow
+#       lr_before   - Grammar symbol immediately before
+# -----------------------------------------------------------------------------
+
+class LRItem(object):
+    def __init__(self, p, n):
+        self.name       = p.name
+        self.prod       = list(p.prod)
+        self.number     = p.number
+        self.lr_index   = n
+        self.lookaheads = {}
+        self.prod.insert(n, '.')
+        self.prod       = tuple(self.prod)
+        self.len        = len(self.prod)
+        self.usyms      = p.usyms
+
+    def __str__(self):
+        if self.prod:
+            s = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            s = '%s -> <empty>' % self.name
+        return s
+
+    def __repr__(self):
+        return 'LRItem(' + str(self) + ')'
+
+# -----------------------------------------------------------------------------
+# rightmost_terminal()
+#
+# Return the rightmost terminal from a list of symbols.  Used in add_production()
+# -----------------------------------------------------------------------------
+def rightmost_terminal(symbols, terminals):
+    i = len(symbols) - 1
+    while i >= 0:
+        if symbols[i] in terminals:
+            return symbols[i]
+        i -= 1
+    return None
+
+# -----------------------------------------------------------------------------
+#                           === GRAMMAR CLASS ===
+#
+# The following class represents the contents of the specified grammar along
+# with various computed properties such as first sets, follow sets, LR items, etc.
+# This data is used for critical parts of the table generation process later.
+# -----------------------------------------------------------------------------
+
+class GrammarError(YaccError):
+    pass
+
+class Grammar(object):
+    def __init__(self, terminals):
+        self.Productions  = [None]  # A list of all of the productions.  The first
+                                    # entry is always reserved for the purpose of
+                                    # building an augmented grammar
+
+        self.Prodnames    = {}      # A dictionary mapping the names of nonterminals to a list of all
+                                    # productions of that nonterminal.
+
+        self.Prodmap      = {}      # A dictionary that is only used to detect duplicate
+                                    # productions.
+
+        self.Terminals    = {}      # A dictionary mapping the names of terminal symbols to a
+                                    # list of the rules where they are used.
+
+        for term in terminals:
+            self.Terminals[term] = []
+
+        self.Terminals['error'] = []
+
+        self.Nonterminals = {}      # A dictionary mapping names of nonterminals to a list
+                                    # of rule numbers where they are used.
+
+        self.First        = {}      # A dictionary of precomputed FIRST(x) symbols
+
+        self.Follow       = {}      # A dictionary of precomputed FOLLOW(x) symbols
+
+        self.Precedence   = {}      # Precedence rules for each terminal. Contains tuples of the
+                                    # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+        self.UsedPrecedence = set() # Precedence rules that were actually used by the grammer.
+                                    # This is only used to provide error checking and to generate
+                                    # a warning about unused precedence rules.
+
+        self.Start = None           # Starting symbol for the grammar
+
+
+    def __len__(self):
+        return len(self.Productions)
+
+    def __getitem__(self, index):
+        return self.Productions[index]
+
+    # -----------------------------------------------------------------------------
+    # set_precedence()
+    #
+    # Sets the precedence for a given terminal. assoc is the associativity such as
+    # 'left','right', or 'nonassoc'.  level is a numeric level.
+    #
+    # -----------------------------------------------------------------------------
+
+    def set_precedence(self, term, assoc, level):
+        assert self.Productions == [None], 'Must call set_precedence() before add_production()'
+        if term in self.Precedence:
+            raise GrammarError('Precedence already specified for terminal %r' % term)
+        if assoc not in ['left', 'right', 'nonassoc']:
+            raise GrammarError("Associativity must be one of 'left','right', or 'nonassoc'")
+        self.Precedence[term] = (assoc, level)
+
+    # -----------------------------------------------------------------------------
+    # add_production()
+    #
+    # Given an action function, this function assembles a production rule and
+    # computes its precedence level.
+    #
+    # The production rule is supplied as a list of symbols.   For example,
+    # a rule such as 'expr : expr PLUS term' has a production name of 'expr' and
+    # symbols ['expr','PLUS','term'].
+    #
+    # Precedence is determined by the precedence of the right-most non-terminal
+    # or the precedence of a terminal specified by %prec.
+    #
+    # A variety of error checks are performed to make sure production symbols
+    # are valid and that %prec is used correctly.
+    # -----------------------------------------------------------------------------
+
+    def add_production(self, prodname, syms, func=None, file='', line=0):
+
+        if prodname in self.Terminals:
+            raise GrammarError('%s:%d: Illegal rule name %r. Already defined as a token' % (file, line, prodname))
+        if prodname == 'error':
+            raise GrammarError('%s:%d: Illegal rule name %r. error is a reserved word' % (file, line, prodname))
+        if not _is_identifier.match(prodname):
+            raise GrammarError('%s:%d: Illegal rule name %r' % (file, line, prodname))
+
+        # Look for literal tokens
+        for n, s in enumerate(syms):
+            if s[0] in "'\"":
+                try:
+                    c = eval(s)
+                    if (len(c) > 1):
+                        raise GrammarError('%s:%d: Literal token %s in rule %r may only be a single character' %
+                                           (file, line, s, prodname))
+                    if c not in self.Terminals:
+                        self.Terminals[c] = []
+                    syms[n] = c
+                    continue
+                except SyntaxError:
+                    pass
+            if not _is_identifier.match(s) and s != '%prec':
+                raise GrammarError('%s:%d: Illegal name %r in rule %r' % (file, line, s, prodname))
+
+        # Determine the precedence level
+        if '%prec' in syms:
+            if syms[-1] == '%prec':
+                raise GrammarError('%s:%d: Syntax error. Nothing follows %%prec' % (file, line))
+            if syms[-2] != '%prec':
+                raise GrammarError('%s:%d: Syntax error. %%prec can only appear at the end of a grammar rule' %
+                                   (file, line))
+            precname = syms[-1]
+            prodprec = self.Precedence.get(precname)
+            if not prodprec:
+                raise GrammarError('%s:%d: Nothing known about the precedence of %r' % (file, line, precname))
+            else:
+                self.UsedPrecedence.add(precname)
+            del syms[-2:]     # Drop %prec from the rule
+        else:
+            # If no %prec, precedence is determined by the rightmost terminal symbol
+            precname = rightmost_terminal(syms, self.Terminals)
+            prodprec = self.Precedence.get(precname, ('right', 0))
+
+        # See if the rule is already in the rulemap
+        map = '%s -> %s' % (prodname, syms)
+        if map in self.Prodmap:
+            m = self.Prodmap[map]
+            raise GrammarError('%s:%d: Duplicate rule %s. ' % (file, line, m) +
+                               'Previous definition at %s:%d' % (m.file, m.line))
+
+        # From this point on, everything is valid.  Create a new Production instance
+        pnumber  = len(self.Productions)
+        if prodname not in self.Nonterminals:
+            self.Nonterminals[prodname] = []
+
+        # Add the production number to Terminals and Nonterminals
+        for t in syms:
+            if t in self.Terminals:
+                self.Terminals[t].append(pnumber)
+            else:
+                if t not in self.Nonterminals:
+                    self.Nonterminals[t] = []
+                self.Nonterminals[t].append(pnumber)
+
+        # Create a production and add it to the list of productions
+        p = Production(pnumber, prodname, syms, prodprec, func, file, line)
+        self.Productions.append(p)
+        self.Prodmap[map] = p
+
+        # Add to the global productions list
+        try:
+            self.Prodnames[prodname].append(p)
+        except KeyError:
+            self.Prodnames[prodname] = [p]
+
+    # -----------------------------------------------------------------------------
+    # set_start()
+    #
+    # Sets the starting symbol and creates the augmented grammar.  Production
+    # rule 0 is S' -> start where start is the start symbol.
+    # -----------------------------------------------------------------------------
+
+    def set_start(self, start=None):
+        if not start:
+            start = self.Productions[1].name
+        if start not in self.Nonterminals:
+            raise GrammarError('start symbol %s undefined' % start)
+        self.Productions[0] = Production(0, "S'", [start])
+        self.Nonterminals[start].append(0)
+        self.Start = start
+
+    # -----------------------------------------------------------------------------
+    # find_unreachable()
+    #
+    # Find all of the nonterminal symbols that can't be reached from the starting
+    # symbol.  Returns a list of nonterminals that can't be reached.
+    # -----------------------------------------------------------------------------
+
+    def find_unreachable(self):
+
+        # Mark all symbols that are reachable from a symbol s
+        def mark_reachable_from(s):
+            if s in reachable:
+                return
+            reachable.add(s)
+            for p in self.Prodnames.get(s, []):
+                for r in p.prod:
+                    mark_reachable_from(r)
+
+        reachable = set()
+        mark_reachable_from(self.Productions[0].prod[0])
+        return [s for s in self.Nonterminals if s not in reachable]
+
+    # -----------------------------------------------------------------------------
+    # infinite_cycles()
+    #
+    # This function looks at the various parsing rules and tries to detect
+    # infinite recursion cycles (grammar rules where there is no possible way
+    # to derive a string of only terminals).
+    # -----------------------------------------------------------------------------
+
+    def infinite_cycles(self):
+        terminates = {}
+
+        # Terminals:
+        for t in self.Terminals:
+            terminates[t] = True
+
+        terminates['$end'] = True
+
+        # Nonterminals:
+
+        # Initialize to false:
+        for n in self.Nonterminals:
+            terminates[n] = False
+
+        # Then propagate termination until no change:
+        while True:
+            some_change = False
+            for (n, pl) in self.Prodnames.items():
+                # Nonterminal n terminates iff any of its productions terminates.
+                for p in pl:
+                    # Production p terminates iff all of its rhs symbols terminate.
+                    for s in p.prod:
+                        if not terminates[s]:
+                            # The symbol s does not terminate,
+                            # so production p does not terminate.
+                            p_terminates = False
+                            break
+                    else:
+                        # didn't break from the loop,
+                        # so every symbol s terminates
+                        # so production p terminates.
+                        p_terminates = True
+
+                    if p_terminates:
+                        # symbol n terminates!
+                        if not terminates[n]:
+                            terminates[n] = True
+                            some_change = True
+                        # Don't need to consider any more productions for this n.
+                        break
+
+            if not some_change:
+                break
+
+        infinite = []
+        for (s, term) in terminates.items():
+            if not term:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    # s is used-but-not-defined, and we've already warned of that,
+                    # so it would be overkill to say that it's also non-terminating.
+                    pass
+                else:
+                    infinite.append(s)
+
+        return infinite
+
+    # -----------------------------------------------------------------------------
+    # undefined_symbols()
+    #
+    # Find all symbols that were used the grammar, but not defined as tokens or
+    # grammar rules.  Returns a list of tuples (sym, prod) where sym in the symbol
+    # and prod is the production where the symbol was used.
+    # -----------------------------------------------------------------------------
+    def undefined_symbols(self):
+        result = []
+        for p in self.Productions:
+            if not p:
+                continue
+
+            for s in p.prod:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    result.append((s, p))
+        return result
+
+    # -----------------------------------------------------------------------------
+    # unused_terminals()
+    #
+    # Find all terminals that were defined, but not used by the grammar.  Returns
+    # a list of all symbols.
+    # -----------------------------------------------------------------------------
+    def unused_terminals(self):
+        unused_tok = []
+        for s, v in self.Terminals.items():
+            if s != 'error' and not v:
+                unused_tok.append(s)
+
+        return unused_tok
+
+    # ------------------------------------------------------------------------------
+    # unused_rules()
+    #
+    # Find all grammar rules that were defined,  but not used (maybe not reachable)
+    # Returns a list of productions.
+    # ------------------------------------------------------------------------------
+
+    def unused_rules(self):
+        unused_prod = []
+        for s, v in self.Nonterminals.items():
+            if not v:
+                p = self.Prodnames[s][0]
+                unused_prod.append(p)
+        return unused_prod
+
+    # -----------------------------------------------------------------------------
+    # unused_precedence()
+    #
+    # Returns a list of tuples (term,precedence) corresponding to precedence
+    # rules that were never used by the grammar.  term is the name of the terminal
+    # on which precedence was applied and precedence is a string such as 'left' or
+    # 'right' corresponding to the type of precedence.
+    # -----------------------------------------------------------------------------
+
+    def unused_precedence(self):
+        unused = []
+        for termname in self.Precedence:
+            if not (termname in self.Terminals or termname in self.UsedPrecedence):
+                unused.append((termname, self.Precedence[termname][0]))
+
+        return unused
+
+    # -------------------------------------------------------------------------
+    # _first()
+    #
+    # Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+    #
+    # During execution of compute_first1, the result may be incomplete.
+    # Afterward (e.g., when called from compute_follow()), it will be complete.
+    # -------------------------------------------------------------------------
+    def _first(self, beta):
+
+        # We are computing First(x1,x2,x3,...,xn)
+        result = []
+        for x in beta:
+            x_produces_empty = False
+
+            # Add all the non-<empty> symbols of First[x] to the result.
+            for f in self.First[x]:
+                if f == '<empty>':
+                    x_produces_empty = True
+                else:
+                    if f not in result:
+                        result.append(f)
+
+            if x_produces_empty:
+                # We have to consider the next x in beta,
+                # i.e. stay in the loop.
+                pass
+            else:
+                # We don't have to consider any further symbols in beta.
+                break
+        else:
+            # There was no 'break' from the loop,
+            # so x_produces_empty was true for all x in beta,
+            # so beta produces empty as well.
+            result.append('<empty>')
+
+        return result
+
+    # -------------------------------------------------------------------------
+    # compute_first()
+    #
+    # Compute the value of FIRST1(X) for all symbols
+    # -------------------------------------------------------------------------
+    def compute_first(self):
+        if self.First:
+            return self.First
+
+        # Terminals:
+        for t in self.Terminals:
+            self.First[t] = [t]
+
+        self.First['$end'] = ['$end']
+
+        # Nonterminals:
+
+        # Initialize to the empty set:
+        for n in self.Nonterminals:
+            self.First[n] = []
+
+        # Then propagate symbols until no change:
+        while True:
+            some_change = False
+            for n in self.Nonterminals:
+                for p in self.Prodnames[n]:
+                    for f in self._first(p.prod):
+                        if f not in self.First[n]:
+                            self.First[n].append(f)
+                            some_change = True
+            if not some_change:
+                break
+
+        return self.First
+
+    # ---------------------------------------------------------------------
+    # compute_follow()
+    #
+    # Computes all of the follow sets for every non-terminal symbol.  The
+    # follow set is the set of all symbols that might follow a given
+    # non-terminal.  See the Dragon book, 2nd Ed. p. 189.
+    # ---------------------------------------------------------------------
+    def compute_follow(self, start=None):
+        # If already computed, return the result
+        if self.Follow:
+            return self.Follow
+
+        # If first sets not computed yet, do that first.
+        if not self.First:
+            self.compute_first()
+
+        # Add '$end' to the follow list of the start symbol
+        for k in self.Nonterminals:
+            self.Follow[k] = []
+
+        if not start:
+            start = self.Productions[1].name
+
+        self.Follow[start] = ['$end']
+
+        while True:
+            didadd = False
+            for p in self.Productions[1:]:
+                # Here is the production set
+                for i, B in enumerate(p.prod):
+                    if B in self.Nonterminals:
+                        # Okay. We got a non-terminal in a production
+                        fst = self._first(p.prod[i+1:])
+                        hasempty = False
+                        for f in fst:
+                            if f != '<empty>' and f not in self.Follow[B]:
+                                self.Follow[B].append(f)
+                                didadd = True
+                            if f == '<empty>':
+                                hasempty = True
+                        if hasempty or i == (len(p.prod)-1):
+                            # Add elements of follow(a) to follow(b)
+                            for f in self.Follow[p.name]:
+                                if f not in self.Follow[B]:
+                                    self.Follow[B].append(f)
+                                    didadd = True
+            if not didadd:
+                break
+        return self.Follow
+
+
+    # -----------------------------------------------------------------------------
+    # build_lritems()
+    #
+    # This function walks the list of productions and builds a complete set of the
+    # LR items.  The LR items are stored in two ways:  First, they are uniquely
+    # numbered and placed in the list _lritems.  Second, a linked list of LR items
+    # is built for each production.  For example:
+    #
+    #   E -> E PLUS E
+    #
+    # Creates the list
+    #
+    #  [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+    # -----------------------------------------------------------------------------
+
+    def build_lritems(self):
+        for p in self.Productions:
+            lastlri = p
+            i = 0
+            lr_items = []
+            while True:
+                if i > len(p):
+                    lri = None
+                else:
+                    lri = LRItem(p, i)
+                    # Precompute the list of productions immediately following
+                    try:
+                        lri.lr_after = self.Prodnames[lri.prod[i+1]]
+                    except (IndexError, KeyError):
+                        lri.lr_after = []
+                    try:
+                        lri.lr_before = lri.prod[i-1]
+                    except IndexError:
+                        lri.lr_before = None
+
+                lastlri.lr_next = lri
+                if not lri:
+                    break
+                lr_items.append(lri)
+                lastlri = lri
+                i += 1
+            p.lr_items = lr_items
+
+# -----------------------------------------------------------------------------
+#                            == Class LRTable ==
+#
+# This basic class represents a basic table of LR parsing information.
+# Methods for generating the tables are not defined here.  They are defined
+# in the derived class LRGeneratedTable.
+# -----------------------------------------------------------------------------
+
+class VersionError(YaccError):
+    pass
+
+class LRTable(object):
+    def __init__(self):
+        self.lr_action = None
+        self.lr_goto = None
+        self.lr_productions = None
+        self.lr_method = None
+
+    def read_table(self, module):
+        if isinstance(module, types.ModuleType):
+            parsetab = module
+        else:
+            exec('import %s' % module)
+            parsetab = sys.modules[module]
+
+        if parsetab._tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+
+        self.lr_action = parsetab._lr_action
+        self.lr_goto = parsetab._lr_goto
+
+        self.lr_productions = []
+        for p in parsetab._lr_productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        self.lr_method = parsetab._lr_method
+        return parsetab._lr_signature
+
+    def read_pickle(self, filename):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+
+        if not os.path.exists(filename):
+          raise ImportError
+
+        in_f = open(filename, 'rb')
+
+        tabversion = pickle.load(in_f)
+        if tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+        self.lr_method = pickle.load(in_f)
+        signature      = pickle.load(in_f)
+        self.lr_action = pickle.load(in_f)
+        self.lr_goto   = pickle.load(in_f)
+        productions    = pickle.load(in_f)
+
+        self.lr_productions = []
+        for p in productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        in_f.close()
+        return signature
+
+    # Bind all production function names to callable objects in pdict
+    def bind_callables(self, pdict):
+        for p in self.lr_productions:
+            p.bind(pdict)
+
+
+# -----------------------------------------------------------------------------
+#                           === LR Generator ===
+#
+# The following classes and functions are used to generate LR parsing tables on
+# a grammar.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+#     F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs:  X    - An input set
+#          R    - A relation
+#          FP   - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X, R, FP):
+    N = {}
+    for x in X:
+        N[x] = 0
+    stack = []
+    F = {}
+    for x in X:
+        if N[x] == 0:
+            traverse(x, N, stack, F, X, R, FP)
+    return F
+
+def traverse(x, N, stack, F, X, R, FP):
+    stack.append(x)
+    d = len(stack)
+    N[x] = d
+    F[x] = FP(x)             # F(X) <- F'(x)
+
+    rel = R(x)               # Get y's related to x
+    for y in rel:
+        if N[y] == 0:
+            traverse(y, N, stack, F, X, R, FP)
+        N[x] = min(N[x], N[y])
+        for a in F.get(y, []):
+            if a not in F[x]:
+                F[x].append(a)
+    if N[x] == d:
+        N[stack[-1]] = MAXINT
+        F[stack[-1]] = F[x]
+        element = stack.pop()
+        while element != x:
+            N[stack[-1]] = MAXINT
+            F[stack[-1]] = F[x]
+            element = stack.pop()
+
+class LALRError(YaccError):
+    pass
+
+# -----------------------------------------------------------------------------
+#                             == LRGeneratedTable ==
+#
+# This class implements the LR table generation algorithm.  There are no
+# public methods except for write()
+# -----------------------------------------------------------------------------
+
+class LRGeneratedTable(LRTable):
+    def __init__(self, grammar, method='LALR', log=None):
+        if method not in ['SLR', 'LALR']:
+            raise LALRError('Unsupported method %s' % method)
+
+        self.grammar = grammar
+        self.lr_method = method
+
+        # Set up the logger
+        if not log:
+            log = NullLogger()
+        self.log = log
+
+        # Internal attributes
+        self.lr_action     = {}        # Action table
+        self.lr_goto       = {}        # Goto table
+        self.lr_productions  = grammar.Productions    # Copy of grammar Production array
+        self.lr_goto_cache = {}        # Cache of computed gotos
+        self.lr0_cidhash   = {}        # Cache of closures
+
+        self._add_count    = 0         # Internal counter used to detect cycles
+
+        # Diagonistic information filled in by the table generator
+        self.sr_conflict   = 0
+        self.rr_conflict   = 0
+        self.conflicts     = []        # List of conflicts
+
+        self.sr_conflicts  = []
+        self.rr_conflicts  = []
+
+        # Build the tables
+        self.grammar.build_lritems()
+        self.grammar.compute_first()
+        self.grammar.compute_follow()
+        self.lr_parse_table()
+
+    # Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+
+    def lr0_closure(self, I):
+        self._add_count += 1
+
+        # Add everything in I to J
+        J = I[:]
+        didadd = True
+        while didadd:
+            didadd = False
+            for j in J:
+                for x in j.lr_after:
+                    if getattr(x, 'lr0_added', 0) == self._add_count:
+                        continue
+                    # Add B --> .G to J
+                    J.append(x.lr_next)
+                    x.lr0_added = self._add_count
+                    didadd = True
+
+        return J
+
+    # Compute the LR(0) goto function goto(I,X) where I is a set
+    # of LR(0) items and X is a grammar symbol.   This function is written
+    # in a way that guarantees uniqueness of the generated goto sets
+    # (i.e. the same goto set will never be returned as two different Python
+    # objects).  With uniqueness, we can later do fast set comparisons using
+    # id(obj) instead of element-wise comparison.
+
+    def lr0_goto(self, I, x):
+        # First we look for a previously cached entry
+        g = self.lr_goto_cache.get((id(I), x))
+        if g:
+            return g
+
+        # Now we generate the goto set in a way that guarantees uniqueness
+        # of the result
+
+        s = self.lr_goto_cache.get(x)
+        if not s:
+            s = {}
+            self.lr_goto_cache[x] = s
+
+        gs = []
+        for p in I:
+            n = p.lr_next
+            if n and n.lr_before == x:
+                s1 = s.get(id(n))
+                if not s1:
+                    s1 = {}
+                    s[id(n)] = s1
+                gs.append(n)
+                s = s1
+        g = s.get('$end')
+        if not g:
+            if gs:
+                g = self.lr0_closure(gs)
+                s['$end'] = g
+            else:
+                s['$end'] = gs
+        self.lr_goto_cache[(id(I), x)] = g
+        return g
+
+    # Compute the LR(0) sets of item function
+    def lr0_items(self):
+        C = [self.lr0_closure([self.grammar.Productions[0].lr_next])]
+        i = 0
+        for I in C:
+            self.lr0_cidhash[id(I)] = i
+            i += 1
+
+        # Loop over the items in C and each grammar symbols
+        i = 0
+        while i < len(C):
+            I = C[i]
+            i += 1
+
+            # Collect all of the symbols that could possibly be in the goto(I,X) sets
+            asyms = {}
+            for ii in I:
+                for s in ii.usyms:
+                    asyms[s] = None
+
+            for x in asyms:
+                g = self.lr0_goto(I, x)
+                if not g or id(g) in self.lr0_cidhash:
+                    continue
+                self.lr0_cidhash[id(g)] = len(C)
+                C.append(g)
+
+        return C
+
+    # -----------------------------------------------------------------------------
+    #                       ==== LALR(1) Parsing ====
+    #
+    # LALR(1) parsing is almost exactly the same as SLR except that instead of
+    # relying upon Follow() sets when performing reductions, a more selective
+    # lookahead set that incorporates the state of the LR(0) machine is utilized.
+    # Thus, we mainly just have to focus on calculating the lookahead sets.
+    #
+    # The method used here is due to DeRemer and Pennelo (1982).
+    #
+    # DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+    #     Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+    #     Vol. 4, No. 4, Oct. 1982, pp. 615-649
+    #
+    # Further details can also be found in:
+    #
+    #  J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+    #      McGraw-Hill Book Company, (1985).
+    #
+    # -----------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------
+    # compute_nullable_nonterminals()
+    #
+    # Creates a dictionary containing all of the non-terminals that might produce
+    # an empty production.
+    # -----------------------------------------------------------------------------
+
+    def compute_nullable_nonterminals(self):
+        nullable = set()
+        num_nullable = 0
+        while True:
+            for p in self.grammar.Productions[1:]:
+                if p.len == 0:
+                    nullable.add(p.name)
+                    continue
+                for t in p.prod:
+                    if t not in nullable:
+                        break
+                else:
+                    nullable.add(p.name)
+            if len(nullable) == num_nullable:
+                break
+            num_nullable = len(nullable)
+        return nullable
+
+    # -----------------------------------------------------------------------------
+    # find_nonterminal_trans(C)
+    #
+    # Given a set of LR(0) items, this functions finds all of the non-terminal
+    # transitions.    These are transitions in which a dot appears immediately before
+    # a non-terminal.   Returns a list of tuples of the form (state,N) where state
+    # is the state number and N is the nonterminal symbol.
+    #
+    # The input C is the set of LR(0) items.
+    # -----------------------------------------------------------------------------
+
+    def find_nonterminal_transitions(self, C):
+        trans = []
+        for stateno, state in enumerate(C):
+            for p in state:
+                if p.lr_index < p.len - 1:
+                    t = (stateno, p.prod[p.lr_index+1])
+                    if t[1] in self.grammar.Nonterminals:
+                        if t not in trans:
+                            trans.append(t)
+        return trans
+
+    # -----------------------------------------------------------------------------
+    # dr_relation()
+    #
+    # Computes the DR(p,A) relationships for non-terminal transitions.  The input
+    # is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+    #
+    # Returns a list of terminals.
+    # -----------------------------------------------------------------------------
+
+    def dr_relation(self, C, trans, nullable):
+        state, N = trans
+        terms = []
+
+        g = self.lr0_goto(C[state], N)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index+1]
+                if a in self.grammar.Terminals:
+                    if a not in terms:
+                        terms.append(a)
+
+        # This extra bit is to handle the start state
+        if state == 0 and N == self.grammar.Productions[0].prod[0]:
+            terms.append('$end')
+
+        return terms
+
+    # -----------------------------------------------------------------------------
+    # reads_relation()
+    #
+    # Computes the READS() relation (p,A) READS (t,C).
+    # -----------------------------------------------------------------------------
+
+    def reads_relation(self, C, trans, empty):
+        # Look for empty transitions
+        rel = []
+        state, N = trans
+
+        g = self.lr0_goto(C[state], N)
+        j = self.lr0_cidhash.get(id(g), -1)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index + 1]
+                if a in empty:
+                    rel.append((j, a))
+
+        return rel
+
+    # -----------------------------------------------------------------------------
+    # compute_lookback_includes()
+    #
+    # Determines the lookback and includes relations
+    #
+    # LOOKBACK:
+    #
+    # This relation is determined by running the LR(0) state machine forward.
+    # For example, starting with a production "N : . A B C", we run it forward
+    # to obtain "N : A B C ."   We then build a relationship between this final
+    # state and the starting state.   These relationships are stored in a dictionary
+    # lookdict.
+    #
+    # INCLUDES:
+    #
+    # Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+    #
+    # This relation is used to determine non-terminal transitions that occur
+    # inside of other non-terminal transition states.   (p,A) INCLUDES (p', B)
+    # if the following holds:
+    #
+    #       B -> LAT, where T -> epsilon and p' -L-> p
+    #
+    # L is essentially a prefix (which may be empty), T is a suffix that must be
+    # able to derive an empty string.  State p' must lead to state p with the string L.
+    #
+    # -----------------------------------------------------------------------------
+
+    def compute_lookback_includes(self, C, trans, nullable):
+        lookdict = {}          # Dictionary of lookback relations
+        includedict = {}       # Dictionary of include relations
+
+        # Make a dictionary of non-terminal transitions
+        dtrans = {}
+        for t in trans:
+            dtrans[t] = 1
+
+        # Loop over all transitions and compute lookbacks and includes
+        for state, N in trans:
+            lookb = []
+            includes = []
+            for p in C[state]:
+                if p.name != N:
+                    continue
+
+                # Okay, we have a name match.  We now follow the production all the way
+                # through the state machine until we get the . on the right hand side
+
+                lr_index = p.lr_index
+                j = state
+                while lr_index < p.len - 1:
+                    lr_index = lr_index + 1
+                    t = p.prod[lr_index]
+
+                    # Check to see if this symbol and state are a non-terminal transition
+                    if (j, t) in dtrans:
+                        # Yes.  Okay, there is some chance that this is an includes relation
+                        # the only way to know for certain is whether the rest of the
+                        # production derives empty
+
+                        li = lr_index + 1
+                        while li < p.len:
+                            if p.prod[li] in self.grammar.Terminals:
+                                break      # No forget it
+                            if p.prod[li] not in nullable:
+                                break
+                            li = li + 1
+                        else:
+                            # Appears to be a relation between (j,t) and (state,N)
+                            includes.append((j, t))
+
+                    g = self.lr0_goto(C[j], t)               # Go to next set
+                    j = self.lr0_cidhash.get(id(g), -1)      # Go to next state
+
+                # When we get here, j is the final state, now we have to locate the production
+                for r in C[j]:
+                    if r.name != p.name:
+                        continue
+                    if r.len != p.len:
+                        continue
+                    i = 0
+                    # This look is comparing a production ". A B C" with "A B C ."
+                    while i < r.lr_index:
+                        if r.prod[i] != p.prod[i+1]:
+                            break
+                        i = i + 1
+                    else:
+                        lookb.append((j, r))
+            for i in includes:
+                if i not in includedict:
+                    includedict[i] = []
+                includedict[i].append((state, N))
+            lookdict[(state, N)] = lookb
+
+        return lookdict, includedict
+
+    # -----------------------------------------------------------------------------
+    # compute_read_sets()
+    #
+    # Given a set of LR(0) items, this function computes the read sets.
+    #
+    # Inputs:  C        =  Set of LR(0) items
+    #          ntrans   = Set of nonterminal transitions
+    #          nullable = Set of empty transitions
+    #
+    # Returns a set containing the read sets
+    # -----------------------------------------------------------------------------
+
+    def compute_read_sets(self, C, ntrans, nullable):
+        FP = lambda x: self.dr_relation(C, x, nullable)
+        R =  lambda x: self.reads_relation(C, x, nullable)
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # compute_follow_sets()
+    #
+    # Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+    # and an include set, this function computes the follow sets
+    #
+    # Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+    #
+    # Inputs:
+    #            ntrans     = Set of nonterminal transitions
+    #            readsets   = Readset (previously computed)
+    #            inclsets   = Include sets (previously computed)
+    #
+    # Returns a set containing the follow sets
+    # -----------------------------------------------------------------------------
+
+    def compute_follow_sets(self, ntrans, readsets, inclsets):
+        FP = lambda x: readsets[x]
+        R  = lambda x: inclsets.get(x, [])
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # add_lookaheads()
+    #
+    # Attaches the lookahead symbols to grammar rules.
+    #
+    # Inputs:    lookbacks         -  Set of lookback relations
+    #            followset         -  Computed follow set
+    #
+    # This function directly attaches the lookaheads to productions contained
+    # in the lookbacks set
+    # -----------------------------------------------------------------------------
+
+    def add_lookaheads(self, lookbacks, followset):
+        for trans, lb in lookbacks.items():
+            # Loop over productions in lookback
+            for state, p in lb:
+                if state not in p.lookaheads:
+                    p.lookaheads[state] = []
+                f = followset.get(trans, [])
+                for a in f:
+                    if a not in p.lookaheads[state]:
+                        p.lookaheads[state].append(a)
+
+    # -----------------------------------------------------------------------------
+    # add_lalr_lookaheads()
+    #
+    # This function does all of the work of adding lookahead information for use
+    # with LALR parsing
+    # -----------------------------------------------------------------------------
+
+    def add_lalr_lookaheads(self, C):
+        # Determine all of the nullable nonterminals
+        nullable = self.compute_nullable_nonterminals()
+
+        # Find all non-terminal transitions
+        trans = self.find_nonterminal_transitions(C)
+
+        # Compute read sets
+        readsets = self.compute_read_sets(C, trans, nullable)
+
+        # Compute lookback/includes relations
+        lookd, included = self.compute_lookback_includes(C, trans, nullable)
+
+        # Compute LALR FOLLOW sets
+        followsets = self.compute_follow_sets(trans, readsets, included)
+
+        # Add all of the lookaheads
+        self.add_lookaheads(lookd, followsets)
+
+    # -----------------------------------------------------------------------------
+    # lr_parse_table()
+    #
+    # This function constructs the parse tables for SLR or LALR
+    # -----------------------------------------------------------------------------
+    def lr_parse_table(self):
+        Productions = self.grammar.Productions
+        Precedence  = self.grammar.Precedence
+        goto   = self.lr_goto         # Goto array
+        action = self.lr_action       # Action array
+        log    = self.log             # Logger for output
+
+        actionp = {}                  # Action production array (temporary)
+
+        log.info('Parsing method: %s', self.lr_method)
+
+        # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+        # This determines the number of states
+
+        C = self.lr0_items()
+
+        if self.lr_method == 'LALR':
+            self.add_lalr_lookaheads(C)
+
+        # Build the parser table, state by state
+        st = 0
+        for I in C:
+            # Loop over each production in I
+            actlist = []              # List of actions
+            st_action  = {}
+            st_actionp = {}
+            st_goto    = {}
+            log.info('')
+            log.info('state %d', st)
+            log.info('')
+            for p in I:
+                log.info('    (%d) %s', p.number, p)
+            log.info('')
+
+            for p in I:
+                    if p.len == p.lr_index + 1:
+                        if p.name == "S'":
+                            # Start symbol. Accept!
+                            st_action['$end'] = 0
+                            st_actionp['$end'] = p
+                        else:
+                            # We are at the end of a production.  Reduce!
+                            if self.lr_method == 'LALR':
+                                laheads = p.lookaheads[st]
+                            else:
+                                laheads = self.grammar.Follow[p.name]
+                            for a in laheads:
+                                actlist.append((a, p, 'reduce using rule %d (%s)' % (p.number, p)))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa. Have a shift/reduce or reduce/reduce conflict
+                                    if r > 0:
+                                        # Need to decide on shift or reduce here
+                                        # By default we favor shifting. Need to add
+                                        # some precedence rules here.
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from rule being reduced (p)
+                                        rprec, rlevel = Productions[p.number].prec
+
+                                        if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+                                            # We really need to reduce here.
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+                                            Productions[p.number].reduced += 1
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the shift
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                    elif r < 0:
+                                        # Reduce/reduce conflict.   In this case, we favor the rule
+                                        # that was defined first in the grammar file
+                                        oldp = Productions[-r]
+                                        pp = Productions[p.number]
+                                        if oldp.line > pp.line:
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            chosenp, rejectp = pp, oldp
+                                            Productions[p.number].reduced += 1
+                                            Productions[oldp.number].reduced -= 1
+                                        else:
+                                            chosenp, rejectp = oldp, pp
+                                        self.rr_conflicts.append((st, chosenp, rejectp))
+                                        log.info('  ! reduce/reduce conflict for %s resolved using rule %d (%s)',
+                                                 a, st_actionp[a].number, st_actionp[a])
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = -p.number
+                                    st_actionp[a] = p
+                                    Productions[p.number].reduced += 1
+                    else:
+                        i = p.lr_index
+                        a = p.prod[i+1]       # Get symbol right after the "."
+                        if a in self.grammar.Terminals:
+                            g = self.lr0_goto(I, a)
+                            j = self.lr0_cidhash.get(id(g), -1)
+                            if j >= 0:
+                                # We are in a shift state
+                                actlist.append((a, p, 'shift and go to state %d' % j))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa have a shift/reduce or shift/shift conflict
+                                    if r > 0:
+                                        if r != j:
+                                            raise LALRError('Shift/shift conflict in state %d' % st)
+                                    elif r < 0:
+                                        # Do a precedence check.
+                                        #   -  if precedence of reduce rule is higher, we reduce.
+                                        #   -  if precedence of reduce is same and left assoc, we reduce.
+                                        #   -  otherwise we shift
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from the rule that could have been reduced
+                                        rprec, rlevel = Productions[st_actionp[a].number].prec
+
+                                        if (slevel > rlevel) or ((slevel == rlevel) and (rprec == 'right')):
+                                            # We decide to shift here... highest precedence to shift
+                                            Productions[st_actionp[a].number].reduced -= 1
+                                            st_action[a] = j
+                                            st_actionp[a] = p
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the reduce
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = j
+                                    st_actionp[a] = p
+
+            # Print the actions associated with each terminal
+            _actprint = {}
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is st_actionp[a]:
+                        log.info('    %-15s %s', a, m)
+                        _actprint[(a, m)] = 1
+            log.info('')
+            # Print the actions that were not used. (debugging)
+            not_used = 0
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is not st_actionp[a]:
+                        if not (a, m) in _actprint:
+                            log.debug('  ! %-15s [ %s ]', a, m)
+                            not_used = 1
+                            _actprint[(a, m)] = 1
+            if not_used:
+                log.debug('')
+
+            # Construct the goto table for this state
+
+            nkeys = {}
+            for ii in I:
+                for s in ii.usyms:
+                    if s in self.grammar.Nonterminals:
+                        nkeys[s] = None
+            for n in nkeys:
+                g = self.lr0_goto(I, n)
+                j = self.lr0_cidhash.get(id(g), -1)
+                if j >= 0:
+                    st_goto[n] = j
+                    log.info('    %-30s shift and go to state %d', n, j)
+
+            action[st] = st_action
+            actionp[st] = st_actionp
+            goto[st] = st_goto
+            st += 1
+
+    # -----------------------------------------------------------------------------
+    # write()
+    #
+    # This function writes the LR parsing tables to a file
+    # -----------------------------------------------------------------------------
+
+    def write_table(self, tabmodule, outputdir='', signature=''):
+        if isinstance(tabmodule, types.ModuleType):
+            raise IOError("Won't overwrite existing tabmodule")
+
+        basemodulename = tabmodule.split('.')[-1]
+        filename = os.path.join(outputdir, basemodulename) + '.py'
+        try:
+            f = open(filename, 'w')
+
+            f.write('''
+# %s
+# This file is automatically generated. Do not edit.
+# pylint: disable=W,C,R
+_tabversion = %r
+
+_lr_method = %r
+
+_lr_signature = %r
+    ''' % (os.path.basename(filename), __tabversion__, self.lr_method, signature))
+
+            # Change smaller to 0 to go back to original tables
+            smaller = 1
+
+            # Factor out names to try and make smaller
+            if smaller:
+                items = {}
+
+                for s, nd in self.lr_action.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_action_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_action = {}
+for _k, _v in _lr_action_items.items():
+   for _x,_y in zip(_v[0],_v[1]):
+      if not _x in _lr_action:  _lr_action[_x] = {}
+      _lr_action[_x][_k] = _y
+del _lr_action_items
+''')
+
+            else:
+                f.write('\n_lr_action = { ')
+                for k, v in self.lr_action.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            if smaller:
+                # Factor out names to try and make smaller
+                items = {}
+
+                for s, nd in self.lr_goto.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_goto_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_goto = {}
+for _k, _v in _lr_goto_items.items():
+   for _x, _y in zip(_v[0], _v[1]):
+       if not _x in _lr_goto: _lr_goto[_x] = {}
+       _lr_goto[_x][_k] = _y
+del _lr_goto_items
+''')
+            else:
+                f.write('\n_lr_goto = { ')
+                for k, v in self.lr_goto.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            # Write production table
+            f.write('_lr_productions = [\n')
+            for p in self.lr_productions:
+                if p.func:
+                    f.write('  (%r,%r,%d,%r,%r,%d),\n' % (p.str, p.name, p.len,
+                                                          p.func, os.path.basename(p.file), p.line))
+                else:
+                    f.write('  (%r,%r,%d,None,None,None),\n' % (str(p), p.name, p.len))
+            f.write(']\n')
+            f.close()
+
+        except IOError as e:
+            raise
+
+
+    # -----------------------------------------------------------------------------
+    # pickle_table()
+    #
+    # This function pickles the LR parsing tables to a supplied file object
+    # -----------------------------------------------------------------------------
+
+    def pickle_table(self, filename, signature=''):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+        with open(filename, 'wb') as outf:
+            pickle.dump(__tabversion__, outf, pickle_protocol)
+            pickle.dump(self.lr_method, outf, pickle_protocol)
+            pickle.dump(signature, outf, pickle_protocol)
+            pickle.dump(self.lr_action, outf, pickle_protocol)
+            pickle.dump(self.lr_goto, outf, pickle_protocol)
+
+            outp = []
+            for p in self.lr_productions:
+                if p.func:
+                    outp.append((p.str, p.name, p.len, p.func, os.path.basename(p.file), p.line))
+                else:
+                    outp.append((str(p), p.name, p.len, None, None, None))
+            pickle.dump(outp, outf, pickle_protocol)
+
+# -----------------------------------------------------------------------------
+#                            === INTROSPECTION ===
+#
+# The following functions and classes are used to implement the PLY
+# introspection features followed by the yacc() function itself.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# parse_grammar()
+#
+# This takes a raw grammar rule string and parses it into production data
+# -----------------------------------------------------------------------------
+def parse_grammar(doc, file, line):
+    grammar = []
+    # Split the doc string into lines
+    pstrings = doc.splitlines()
+    lastp = None
+    dline = line
+    for ps in pstrings:
+        dline += 1
+        p = ps.split()
+        if not p:
+            continue
+        try:
+            if p[0] == '|':
+                # This is a continuation of a previous rule
+                if not lastp:
+                    raise SyntaxError("%s:%d: Misplaced '|'" % (file, dline))
+                prodname = lastp
+                syms = p[1:]
+            else:
+                prodname = p[0]
+                lastp = prodname
+                syms   = p[2:]
+                assign = p[1]
+                if assign != ':' and assign != '::=':
+                    raise SyntaxError("%s:%d: Syntax error. Expected ':'" % (file, dline))
+
+            grammar.append((file, dline, prodname, syms))
+        except SyntaxError:
+            raise
+        except Exception:
+            raise SyntaxError('%s:%d: Syntax error in rule %r' % (file, dline, ps.strip()))
+
+    return grammar
+
+# -----------------------------------------------------------------------------
+# ParserReflect()
+#
+# This class represents information extracted for building a parser including
+# start symbol, error function, tokens, precedence list, action functions,
+# etc.
+# -----------------------------------------------------------------------------
+class ParserReflect(object):
+    def __init__(self, pdict, log=None):
+        self.pdict      = pdict
+        self.start      = None
+        self.error_func = None
+        self.tokens     = None
+        self.modules    = set()
+        self.grammar    = []
+        self.error      = False
+
+        if log is None:
+            self.log = PlyLogger(sys.stderr)
+        else:
+            self.log = log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_start()
+        self.get_error_func()
+        self.get_tokens()
+        self.get_precedence()
+        self.get_pfunctions()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_start()
+        self.validate_error_func()
+        self.validate_tokens()
+        self.validate_precedence()
+        self.validate_pfunctions()
+        self.validate_modules()
+        return self.error
+
+    # Compute a signature over the grammar
+    def signature(self):
+        parts = []
+        try:
+            if self.start:
+                parts.append(self.start)
+            if self.prec:
+                parts.append(''.join([''.join(p) for p in self.prec]))
+            if self.tokens:
+                parts.append(' '.join(self.tokens))
+            for f in self.pfuncs:
+                if f[3]:
+                    parts.append(f[3])
+        except (TypeError, ValueError):
+            pass
+        return ''.join(parts)
+
+    # -----------------------------------------------------------------------------
+    # validate_modules()
+    #
+    # This method checks to see if there are duplicated p_rulename() functions
+    # in the parser module file.  Without this function, it is really easy for
+    # users to make mistakes by cutting and pasting code fragments (and it's a real
+    # bugger to try and figure out why the resulting parser doesn't work).  Therefore,
+    # we just do a little regular expression pattern matching of def statements
+    # to try and detect duplicates.
+    # -----------------------------------------------------------------------------
+
+    def validate_modules(self):
+        # Match def p_funcname(
+        fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+
+        for module in self.modules:
+            try:
+                lines, linen = inspect.getsourcelines(module)
+            except IOError:
+                continue
+
+            counthash = {}
+            for linen, line in enumerate(lines):
+                linen += 1
+                m = fre.match(line)
+                if m:
+                    name = m.group(1)
+                    prev = counthash.get(name)
+                    if not prev:
+                        counthash[name] = linen
+                    else:
+                        filename = inspect.getsourcefile(module)
+                        self.log.warning('%s:%d: Function %s redefined. Previously defined on line %d',
+                                         filename, linen, name, prev)
+
+    # Get the start symbol
+    def get_start(self):
+        self.start = self.pdict.get('start')
+
+    # Validate the start symbol
+    def validate_start(self):
+        if self.start is not None:
+            if not isinstance(self.start, string_types):
+                self.log.error("'start' must be a string")
+
+    # Look for error handler
+    def get_error_func(self):
+        self.error_func = self.pdict.get('p_error')
+
+    # Validate the error function
+    def validate_error_func(self):
+        if self.error_func:
+            if isinstance(self.error_func, types.FunctionType):
+                ismethod = 0
+            elif isinstance(self.error_func, types.MethodType):
+                ismethod = 1
+            else:
+                self.log.error("'p_error' defined, but is not a function or method")
+                self.error = True
+                return
+
+            eline = self.error_func.__code__.co_firstlineno
+            efile = self.error_func.__code__.co_filename
+            module = inspect.getmodule(self.error_func)
+            self.modules.add(module)
+
+            argcount = self.error_func.__code__.co_argcount - ismethod
+            if argcount != 1:
+                self.log.error('%s:%d: p_error() requires 1 argument', efile, eline)
+                self.error = True
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.pdict.get('tokens')
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = sorted(tokens)
+
+    # Validate the tokens
+    def validate_tokens(self):
+        # Validate the tokens.
+        if 'error' in self.tokens:
+            self.log.error("Illegal token name 'error'. Is a reserved word")
+            self.error = True
+            return
+
+        terminals = set()
+        for n in self.tokens:
+            if n in terminals:
+                self.log.warning('Token %r multiply defined', n)
+            terminals.add(n)
+
+    # Get the precedence map (if any)
+    def get_precedence(self):
+        self.prec = self.pdict.get('precedence')
+
+    # Validate and parse the precedence map
+    def validate_precedence(self):
+        preclist = []
+        if self.prec:
+            if not isinstance(self.prec, (list, tuple)):
+                self.log.error('precedence must be a list or tuple')
+                self.error = True
+                return
+            for level, p in enumerate(self.prec):
+                if not isinstance(p, (list, tuple)):
+                    self.log.error('Bad precedence table')
+                    self.error = True
+                    return
+
+                if len(p) < 2:
+                    self.log.error('Malformed precedence entry %s. Must be (assoc, term, ..., term)', p)
+                    self.error = True
+                    return
+                assoc = p[0]
+                if not isinstance(assoc, string_types):
+                    self.log.error('precedence associativity must be a string')
+                    self.error = True
+                    return
+                for term in p[1:]:
+                    if not isinstance(term, string_types):
+                        self.log.error('precedence items must be strings')
+                        self.error = True
+                        return
+                    preclist.append((term, assoc, level+1))
+        self.preclist = preclist
+
+    # Get all p_functions from the grammar
+    def get_pfunctions(self):
+        p_functions = []
+        for name, item in self.pdict.items():
+            if not name.startswith('p_') or name == 'p_error':
+                continue
+            if isinstance(item, (types.FunctionType, types.MethodType)):
+                line = getattr(item, 'co_firstlineno', item.__code__.co_firstlineno)
+                module = inspect.getmodule(item)
+                p_functions.append((line, module, name, item.__doc__))
+
+        # Sort all of the actions by line number; make sure to stringify
+        # modules to make them sortable, since `line` may not uniquely sort all
+        # p functions
+        p_functions.sort(key=lambda p_function: (
+            p_function[0],
+            str(p_function[1]),
+            p_function[2],
+            p_function[3]))
+        self.pfuncs = p_functions
+
+    # Validate all of the p_functions
+    def validate_pfunctions(self):
+        grammar = []
+        # Check for non-empty symbols
+        if len(self.pfuncs) == 0:
+            self.log.error('no rules of the form p_rulename are defined')
+            self.error = True
+            return
+
+        for line, module, name, doc in self.pfuncs:
+            file = inspect.getsourcefile(module)
+            func = self.pdict[name]
+            if isinstance(func, types.MethodType):
+                reqargs = 2
+            else:
+                reqargs = 1
+            if func.__code__.co_argcount > reqargs:
+                self.log.error('%s:%d: Rule %r has too many arguments', file, line, func.__name__)
+                self.error = True
+            elif func.__code__.co_argcount < reqargs:
+                self.log.error('%s:%d: Rule %r requires an argument', file, line, func.__name__)
+                self.error = True
+            elif not func.__doc__:
+                self.log.warning('%s:%d: No documentation string specified in function %r (ignored)',
+                                 file, line, func.__name__)
+            else:
+                try:
+                    parsed_g = parse_grammar(doc, file, line)
+                    for g in parsed_g:
+                        grammar.append((name, g))
+                except SyntaxError as e:
+                    self.log.error(str(e))
+                    self.error = True
+
+                # Looks like a valid grammar rule
+                # Mark the file in which defined.
+                self.modules.add(module)
+
+        # Secondary validation step that looks for p_ definitions that are not functions
+        # or functions that look like they might be grammar rules.
+
+        for n, v in self.pdict.items():
+            if n.startswith('p_') and isinstance(v, (types.FunctionType, types.MethodType)):
+                continue
+            if n.startswith('t_'):
+                continue
+            if n.startswith('p_') and n != 'p_error':
+                self.log.warning('%r not defined as a function', n)
+            if ((isinstance(v, types.FunctionType) and v.__code__.co_argcount == 1) or
+                   (isinstance(v, types.MethodType) and v.__func__.__code__.co_argcount == 2)):
+                if v.__doc__:
+                    try:
+                        doc = v.__doc__.split(' ')
+                        if doc[1] == ':':
+                            self.log.warning('%s:%d: Possible grammar rule %r defined without p_ prefix',
+                                             v.__code__.co_filename, v.__code__.co_firstlineno, n)
+                    except IndexError:
+                        pass
+
+        self.grammar = grammar
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build a parser
+# -----------------------------------------------------------------------------
+
+def yacc(method='LALR', debug=yaccdebug, module=None, tabmodule=tab_module, start=None,
+         check_recursion=True, optimize=False, write_tables=True, debugfile=debug_file,
+         outputdir=None, debuglog=None, errorlog=None, picklefile=None):
+
+    if tabmodule is None:
+        tabmodule = tab_module
+
+    # Reference to the parsing method of the last built parser
+    global parse
+
+    # If pickling is enabled, table files are not created
+    if picklefile:
+        write_tables = 0
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        pdict = dict(_items)
+        # If no __file__ or __package__ attributes are available, try to obtain them
+        # from the __module__ instead
+        if '__file__' not in pdict:
+            pdict['__file__'] = sys.modules[pdict['__module__']].__file__
+        if '__package__' not in pdict and '__module__' in pdict:
+            if hasattr(sys.modules[pdict['__module__']], '__package__'):
+                pdict['__package__'] = sys.modules[pdict['__module__']].__package__
+    else:
+        pdict = get_caller_module_dict(2)
+
+    if outputdir is None:
+        # If no output directory is set, the location of the output files
+        # is determined according to the following rules:
+        #     - If tabmodule specifies a package, files go into that package directory
+        #     - Otherwise, files go in the same directory as the specifying module
+        if isinstance(tabmodule, types.ModuleType):
+            srcfile = tabmodule.__file__
+        else:
+            if '.' not in tabmodule:
+                srcfile = pdict['__file__']
+            else:
+                parts = tabmodule.split('.')
+                pkgname = '.'.join(parts[:-1])
+                exec('import %s' % pkgname)
+                srcfile = getattr(sys.modules[pkgname], '__file__', '')
+        outputdir = os.path.dirname(srcfile)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = pdict.get('__package__')
+    if pkg and isinstance(tabmodule, str):
+        if '.' not in tabmodule:
+            tabmodule = pkg + '.' + tabmodule
+
+
+
+    # Set start symbol if it's specified directly using an argument
+    if start is not None:
+        pdict['start'] = start
+
+    # Collect parser information from the dictionary
+    pinfo = ParserReflect(pdict, log=errorlog)
+    pinfo.get_all()
+
+    if pinfo.error:
+        raise YaccError('Unable to build parser')
+
+    # Check signature against table files (if any)
+    signature = pinfo.signature()
+
+    # Read the tables
+    try:
+        lr = LRTable()
+        if picklefile:
+            read_signature = lr.read_pickle(picklefile)
+        else:
+            read_signature = lr.read_table(tabmodule)
+        if optimize or (read_signature == signature):
+            try:
+                lr.bind_callables(pinfo.pdict)
+                parser = LRParser(lr, pinfo.error_func)
+                parse = parser.parse
+                return parser
+            except Exception as e:
+                errorlog.warning('There was a problem loading the table file: %r', e)
+    except VersionError as e:
+        errorlog.warning(str(e))
+    except ImportError:
+        pass
+
+    if debuglog is None:
+        if debug:
+            try:
+                debuglog = PlyLogger(open(os.path.join(outputdir, debugfile), 'w'))
+            except IOError as e:
+                errorlog.warning("Couldn't open %r. %s" % (debugfile, e))
+                debuglog = NullLogger()
+        else:
+            debuglog = NullLogger()
+
+    debuglog.info('Created by PLY version %s (http://www.dabeaz.com/ply)', __version__)
+
+    errors = False
+
+    # Validate the parser information
+    if pinfo.validate_all():
+        raise YaccError('Unable to build parser')
+
+    if not pinfo.error_func:
+        errorlog.warning('no p_error() function is defined')
+
+    # Create a grammar object
+    grammar = Grammar(pinfo.tokens)
+
+    # Set precedence level for terminals
+    for term, assoc, level in pinfo.preclist:
+        try:
+            grammar.set_precedence(term, assoc, level)
+        except GrammarError as e:
+            errorlog.warning('%s', e)
+
+    # Add productions to the grammar
+    for funcname, gram in pinfo.grammar:
+        file, line, prodname, syms = gram
+        try:
+            grammar.add_production(prodname, syms, funcname, file, line)
+        except GrammarError as e:
+            errorlog.error('%s', e)
+            errors = True
+
+    # Set the grammar start symbols
+    try:
+        if start is None:
+            grammar.set_start(pinfo.start)
+        else:
+            grammar.set_start(start)
+    except GrammarError as e:
+        errorlog.error(str(e))
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Verify the grammar structure
+    undefined_symbols = grammar.undefined_symbols()
+    for sym, prod in undefined_symbols:
+        errorlog.error('%s:%d: Symbol %r used, but not defined as a token or a rule', prod.file, prod.line, sym)
+        errors = True
+
+    unused_terminals = grammar.unused_terminals()
+    if unused_terminals:
+        debuglog.info('')
+        debuglog.info('Unused terminals:')
+        debuglog.info('')
+        for term in unused_terminals:
+            errorlog.warning('Token %r defined, but not used', term)
+            debuglog.info('    %s', term)
+
+    # Print out all productions to the debug log
+    if debug:
+        debuglog.info('')
+        debuglog.info('Grammar')
+        debuglog.info('')
+        for n, p in enumerate(grammar.Productions):
+            debuglog.info('Rule %-5d %s', n, p)
+
+    # Find unused non-terminals
+    unused_rules = grammar.unused_rules()
+    for prod in unused_rules:
+        errorlog.warning('%s:%d: Rule %r defined, but not used', prod.file, prod.line, prod.name)
+
+    if len(unused_terminals) == 1:
+        errorlog.warning('There is 1 unused token')
+    if len(unused_terminals) > 1:
+        errorlog.warning('There are %d unused tokens', len(unused_terminals))
+
+    if len(unused_rules) == 1:
+        errorlog.warning('There is 1 unused rule')
+    if len(unused_rules) > 1:
+        errorlog.warning('There are %d unused rules', len(unused_rules))
+
+    if debug:
+        debuglog.info('')
+        debuglog.info('Terminals, with rules where they appear')
+        debuglog.info('')
+        terms = list(grammar.Terminals)
+        terms.sort()
+        for term in terms:
+            debuglog.info('%-20s : %s', term, ' '.join([str(s) for s in grammar.Terminals[term]]))
+
+        debuglog.info('')
+        debuglog.info('Nonterminals, with rules where they appear')
+        debuglog.info('')
+        nonterms = list(grammar.Nonterminals)
+        nonterms.sort()
+        for nonterm in nonterms:
+            debuglog.info('%-20s : %s', nonterm, ' '.join([str(s) for s in grammar.Nonterminals[nonterm]]))
+        debuglog.info('')
+
+    if check_recursion:
+        unreachable = grammar.find_unreachable()
+        for u in unreachable:
+            errorlog.warning('Symbol %r is unreachable', u)
+
+        infinite = grammar.infinite_cycles()
+        for inf in infinite:
+            errorlog.error('Infinite recursion detected for symbol %r', inf)
+            errors = True
+
+    unused_prec = grammar.unused_precedence()
+    for term, assoc in unused_prec:
+        errorlog.error('Precedence rule %r defined for unknown symbol %r', assoc, term)
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Run the LRGeneratedTable on the grammar
+    if debug:
+        errorlog.debug('Generating %s tables', method)
+
+    lr = LRGeneratedTable(grammar, method, debuglog)
+
+    if debug:
+        num_sr = len(lr.sr_conflicts)
+
+        # Report shift/reduce and reduce/reduce conflicts
+        if num_sr == 1:
+            errorlog.warning('1 shift/reduce conflict')
+        elif num_sr > 1:
+            errorlog.warning('%d shift/reduce conflicts', num_sr)
+
+        num_rr = len(lr.rr_conflicts)
+        if num_rr == 1:
+            errorlog.warning('1 reduce/reduce conflict')
+        elif num_rr > 1:
+            errorlog.warning('%d reduce/reduce conflicts', num_rr)
+
+    # Write out conflicts to the output file
+    if debug and (lr.sr_conflicts or lr.rr_conflicts):
+        debuglog.warning('')
+        debuglog.warning('Conflicts:')
+        debuglog.warning('')
+
+        for state, tok, resolution in lr.sr_conflicts:
+            debuglog.warning('shift/reduce conflict for %s in state %d resolved as %s',  tok, state, resolution)
+
+        already_reported = set()
+        for state, rule, rejected in lr.rr_conflicts:
+            if (state, id(rule), id(rejected)) in already_reported:
+                continue
+            debuglog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            debuglog.warning('rejected rule (%s) in state %d', rejected, state)
+            errorlog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            errorlog.warning('rejected rule (%s) in state %d', rejected, state)
+            already_reported.add((state, id(rule), id(rejected)))
+
+        warned_never = []
+        for state, rule, rejected in lr.rr_conflicts:
+            if not rejected.reduced and (rejected not in warned_never):
+                debuglog.warning('Rule (%s) is never reduced', rejected)
+                errorlog.warning('Rule (%s) is never reduced', rejected)
+                warned_never.append(rejected)
+
+    # Write the table file if requested
+    if write_tables:
+        try:
+            lr.write_table(tabmodule, outputdir, signature)
+            if tabmodule in sys.modules:
+                del sys.modules[tabmodule]
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (tabmodule, e))
+
+    # Write a pickled version of the tables
+    if picklefile:
+        try:
+            lr.pickle_table(picklefile, signature)
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (picklefile, e))
+
+    # Build the parser
+    lr.bind_callables(pinfo.pdict)
+    parser = LRParser(lr, pinfo.error_func)
+
+    parse = parser.parse
+    return parser
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/ply/ygen.py b/lib/go-jinja2/internal/data/darwin-arm64/ply/ygen.py
new file mode 100644
index 000000000..03b93180a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/ply/ygen.py
@@ -0,0 +1,69 @@
+# ply: ygen.py
+#
+# This is a support program that auto-generates different versions of the YACC parsing
+# function with different features removed for the purposes of performance.
+#
+# Users should edit the method LRParser.parsedebug() in yacc.py.   The source code
+# for that method is then used to create the other methods.   See the comments in
+# yacc.py for further details.
+
+import os.path
+import shutil
+
+def get_source_range(lines, tag):
+    srclines = enumerate(lines)
+    start_tag = '#--! %s-start' % tag
+    end_tag = '#--! %s-end' % tag
+
+    for start_index, line in srclines:
+        if line.strip().startswith(start_tag):
+            break
+
+    for end_index, line in srclines:
+        if line.strip().endswith(end_tag):
+            break
+
+    return (start_index + 1, end_index)
+
+def filter_section(lines, tag):
+    filtered_lines = []
+    include = True
+    tag_text = '#--! %s' % tag
+    for line in lines:
+        if line.strip().startswith(tag_text):
+            include = not include
+        elif include:
+            filtered_lines.append(line)
+    return filtered_lines
+
+def main():
+    dirname = os.path.dirname(__file__)
+    shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak'))
+    with open(os.path.join(dirname, 'yacc.py'), 'r') as f:
+        lines = f.readlines()
+
+    parse_start, parse_end = get_source_range(lines, 'parsedebug')
+    parseopt_start, parseopt_end = get_source_range(lines, 'parseopt')
+    parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack')
+
+    # Get the original source
+    orig_lines = lines[parse_start:parse_end]
+
+    # Filter the DEBUG sections out
+    parseopt_lines = filter_section(orig_lines, 'DEBUG')
+
+    # Filter the TRACKING sections out
+    parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING')
+
+    # Replace the parser source sections with updated versions
+    lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines
+    lines[parseopt_start:parseopt_end] = parseopt_lines
+
+    lines = [line.rstrip()+'\n' for line in lines]
+    with open(os.path.join(dirname, 'yacc.py'), 'w') as f:
+        f.writelines(lines)
+
+    print('Updated yacc.py')
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/LICENSE
new file mode 100644
index 000000000..82af695f5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Val Neekman @ Neekware Inc. http://neekware.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/METADATA
new file mode 100644
index 000000000..d02e1c298
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/METADATA
@@ -0,0 +1,246 @@
+Metadata-Version: 2.1
+Name: python-slugify
+Version: 8.0.4
+Summary: A Python slugify application that also handles Unicode
+Home-page: https://github.com/un33k/python-slugify
+Author: Val Neekman
+Author-email: info@neekware.com
+License: MIT
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: text-unidecode (>=1.3)
+Provides-Extra: unidecode
+Requires-Dist: Unidecode (>=1.1.1) ; extra == 'unidecode'
+
+# Python Slugify
+
+**A Python slugify application that handles unicode**.
+
+[![status-image]][status-link]
+[![version-image]][version-link]
+[![coverage-image]][coverage-link]
+
+# Overview
+
+**Best attempt** to create slugs from unicode strings while keeping it **DRY**.
+
+# Notice
+
+This module, by default installs and uses [text-unidecode](https://github.com/kmike/text-unidecode) _(GPL & Perl Artistic)_ for its decoding needs.
+
+However, there is an alternative decoding package called [Unidecode](https://github.com/avian2/unidecode) _(GPL)_. It can be installed as `python-slugify[unidecode]` for those who prefer it. `Unidecode` is believed to be more [advanced](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki#notes-on-unidecode).
+
+### `Official` Support Matrix
+
+| Python         | Slugify            |
+| -------------- | ------------------ |
+| `>= 2.7 < 3.6` | `< 5.0.0`          |
+| `>= 3.6 < 3.7` | `>= 5.0.0 < 7.0.0` |
+| `>= 3.7`       | `>= 7.0.0`         |
+
+# How to install
+
+    easy_install python-slugify |OR| easy_install python-slugify[unidecode]
+    -- OR --
+    pip install python-slugify |OR| pip install python-slugify[unidecode]
+
+# Options
+
+```python
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+  """
+  Make a slug from the given text.
+  :param text (str): initial text
+  :param entities (bool): converts html entities to unicode (foo &amp; bar -> foo-bar)
+  :param decimal (bool): converts html decimal to unicode (&#381; -> Ž -> z)
+  :param hexadecimal (bool): converts html hexadecimal to unicode (&#x17D; -> Ž -> z)
+  :param max_length (int): output string length
+  :param word_boundary (bool): truncates to end of full words (length may be shorter than max_length)
+  :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+  :param separator (str): separator between words
+  :param stopwords (iterable): words to discount
+  :param regex_pattern (str): regex pattern for disallowed characters
+  :param lowercase (bool): activate case sensitivity by setting it to False
+  :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+  :param allow_unicode (bool): allow unicode characters
+  :return (str): slugify text
+  """
+```
+
+# How to use
+
+```python
+from slugify import slugify
+
+txt = "This is a test ---"
+r = slugify(txt)
+self.assertEqual(r, "this-is-a-test")
+
+txt = '影師嗎'
+r = slugify(txt)
+self.assertEqual(r, "ying-shi-ma")
+
+txt = '影師嗎'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "影師嗎")
+
+txt = 'C\'est déjà l\'été.'
+r = slugify(txt)
+self.assertEqual(r, "c-est-deja-l-ete")
+
+txt = 'Nín hǎo. Wǒ shì zhōng guó rén'
+r = slugify(txt)
+self.assertEqual(r, "nin-hao-wo-shi-zhong-guo-ren")
+
+txt = 'Компьютер'
+r = slugify(txt)
+self.assertEqual(r, "kompiuter")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=9)
+self.assertEqual(r, "jaja-lol")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=15, word_boundary=True)
+self.assertEqual(r, "jaja-lol-a")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=20, word_boundary=True, separator=".")
+self.assertEqual(r, "jaja.lol.mememeoo.a")
+
+txt = 'one two three four five'
+r = slugify(txt, max_length=13, word_boundary=True, save_order=True)
+self.assertEqual(r, "one-two-three")
+
+txt = 'the quick brown fox jumps over the lazy dog'
+r = slugify(txt, stopwords=['the'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'the quick brown fox jumps over the lazy dog in a hurry'
+r = slugify(txt, stopwords=['the', 'in', 'a', 'hurry'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'thIs Has a stopword Stopword'
+r = slugify(txt, stopwords=['Stopword'], lowercase=False)
+self.assertEqual(r, 'thIs-Has-a-stopword')
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, regex_pattern=regex_pattern)
+self.assertEqual(r, "___this-is-a-test___")
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, separator='_', regex_pattern=regex_pattern)
+self.assertNotEqual(r, "_this_is_a_test_")
+
+txt = '10 | 20 %'
+r = slugify(txt, replacements=[['|', 'or'], ['%', 'percent']])
+self.assertEqual(r, "10-or-20-percent")
+
+txt = 'ÜBER Über German Umlaut'
+r = slugify(txt, replacements=[['Ü', 'UE'], ['ü', 'ue']])
+self.assertEqual(r, "ueber-ueber-german-umlaut")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "i-love")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True, regex_pattern=r'[^🦄]+')
+self.assertEqual(r, "🦄")
+
+```
+
+For more examples, have a look at the [test.py](test.py) file.
+
+# Command Line Options
+
+With the package, a command line tool called `slugify` is also installed.
+
+It allows convenient command line access to all the features the `slugify` function supports. Call it with `-h` for help.
+
+The command can take its input directly on the command line or from STDIN (when the `--stdin` flag is passed):
+
+```
+$ echo "Taking input from STDIN" | slugify --stdin
+taking-input-from-stdin
+```
+
+```
+$ slugify taking input from the command line
+taking-input-from-the-command-line
+```
+
+Please note that when a multi-valued option such as `--stopwords` or `--replacements` is passed, you need to use `--` as separator before you start with the input:
+
+```
+$ slugify --stopwords the in a hurry -- the quick brown fox jumps over the lazy dog in a hurry
+quick-brown-fox-jumps-over-lazy-dog
+```
+
+# Running the tests
+
+To run the tests against the current environment:
+
+    python test.py
+
+# Contribution
+
+Please read the ([wiki](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki)) page prior to raising any PRs.
+
+# License
+
+Released under a ([MIT](LICENSE)) license.
+
+### Notes on GPL dependencies
+Though the dependencies may be GPL licensed, `python-slugify` itself is not considered a derivative work and will remain under the MIT license.  
+If you wish to avoid installation of any GPL licensed packages, please note that the default dependency `text-unidecode` explicitly lets you choose to use the [Artistic License](https://opensource.org/license/artistic-perl-1-0-2/) instead. Use without concern.
+
+# Version
+
+X.Y.Z Version
+
+    `MAJOR` version -- when you make incompatible API changes,
+    `MINOR` version -- when you add functionality in a backwards-compatible manner, and
+    `PATCH` version -- when you make backwards-compatible bug fixes.
+
+[status-image]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml/badge.svg
+[status-link]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml
+[version-image]: https://img.shields.io/pypi/v/python-slugify.svg
+[version-link]: https://pypi.python.org/pypi/python-slugify
+[coverage-image]: https://coveralls.io/repos/un33k/python-slugify/badge.svg
+[coverage-link]: https://coveralls.io/r/un33k/python-slugify
+[download-image]: https://img.shields.io/pypi/dm/python-slugify.svg
+[download-link]: https://pypi.python.org/pypi/python-slugify
+
+# Sponsors
+
+[Neekware Inc.](http://neekware.com)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/RECORD
new file mode 100644
index 000000000..9618e65ea
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/RECORD
@@ -0,0 +1,20 @@
+../../bin/slugify,sha256=nzrcg8WwjCICCNMhE5dZj7mK3KbZgDIvghs55X0S3o8,239
+python_slugify-8.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+python_slugify-8.0.4.dist-info/LICENSE,sha256=MLpNxpqfTc4TLdcDk3x6k7Vz4lJGBNLV-SxQZlFMDU8,1103
+python_slugify-8.0.4.dist-info/METADATA,sha256=FI0O_4c5wefK7aGhDtE_gmVk35TFPWWsQRAv9qLC74I,8469
+python_slugify-8.0.4.dist-info/RECORD,,
+python_slugify-8.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+python_slugify-8.0.4.dist-info/WHEEL,sha256=k3vXr0c0OitO0k9eCWBlI2yTYnpb_n_I2SGzrrfY7HY,110
+python_slugify-8.0.4.dist-info/entry_points.txt,sha256=s_Bxn3Nd2lsHTQ4PFCQ2z3o3xMgzQTtPPx3UGsUnI9I,50
+python_slugify-8.0.4.dist-info/top_level.txt,sha256=D7zuR7zxISqlCxArlOOOuLsWObz1_3jgosq5XhlSpew,8
+slugify/__init__.py,sha256=Q-9bKCQv89uf3bJr_yHxMPhBWXN8YCzlxQwK_kdpefI,346
+slugify/__main__.py,sha256=1kv8A15Tg_3-lrwRSVuHoYuA8_ykvra3OhCA0xYo1cY,3961
+slugify/__pycache__/__init__.cpython-311.pyc,,
+slugify/__pycache__/__main__.cpython-311.pyc,,
+slugify/__pycache__/__version__.cpython-311.pyc,,
+slugify/__pycache__/slugify.cpython-311.pyc,,
+slugify/__pycache__/special.cpython-311.pyc,,
+slugify/__version__.py,sha256=Dh3y4MnWAjNJGbaoRm3dfiytyF-iD5d-3OCfGyl__Y8,325
+slugify/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+slugify/slugify.py,sha256=MQPsw0u2g2LU-8BBT7K0DOlGtAhIxoKHQD4fWltKllY,6180
+slugify/special.py,sha256=8bHAPGnZ-1keuW4x2WZdFXVb9LFoS7i9Jo4ty_2D8hA,1222
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/WHEEL
new file mode 100644
index 000000000..09b796edd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..3031584eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+slugify = slugify.__main__:main
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/top_level.txt
new file mode 100644
index 000000000..f4843f722
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/python_slugify-8.0.4.dist-info/top_level.txt
@@ -0,0 +1 @@
+slugify
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__init__.py
new file mode 100644
index 000000000..6d3279fb1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__init__.py
@@ -0,0 +1,10 @@
+from .special import *
+from .slugify import *
+from .__version__ import __title__
+from .__version__ import __author__
+from .__version__ import __author_email__
+from .__version__ import __description__
+from .__version__ import __url__
+from .__version__ import __license__
+from .__version__ import __copyright__
+from .__version__ import __version__
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/__main__.py b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__main__.py
new file mode 100644
index 000000000..4cc461622
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__main__.py
@@ -0,0 +1,98 @@
+from __future__ import annotations
+
+import argparse
+import sys
+from typing import Any
+
+from .slugify import slugify, DEFAULT_SEPARATOR
+
+
+def parse_args(argv: list[str]) -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Slug string")
+
+    input_group = parser.add_argument_group(description="Input")
+    input_group.add_argument("input_string", nargs='*',
+                             help='Text to slugify')
+    input_group.add_argument("--stdin", action='store_true',
+                             help="Take the text from STDIN")
+
+    parser.add_argument("--no-entities", action='store_false', dest='entities', default=True,
+                        help="Do not convert HTML entities to unicode")
+    parser.add_argument("--no-decimal", action='store_false', dest='decimal', default=True,
+                        help="Do not convert HTML decimal to unicode")
+    parser.add_argument("--no-hexadecimal", action='store_false', dest='hexadecimal', default=True,
+                        help="Do not convert HTML hexadecimal to unicode")
+    parser.add_argument("--max-length", type=int, default=0,
+                        help="Output string length, 0 for no limit")
+    parser.add_argument("--word-boundary", action='store_true', default=False,
+                        help="Truncate to complete word even if length ends up shorter than --max_length")
+    parser.add_argument("--save-order", action='store_true', default=False,
+                        help="When set and --max_length > 0 return whole words in the initial order")
+    parser.add_argument("--separator", type=str, default=DEFAULT_SEPARATOR,
+                        help="Separator between words. By default " + DEFAULT_SEPARATOR)
+    parser.add_argument("--stopwords", nargs='+',
+                        help="Words to discount")
+    parser.add_argument("--regex-pattern",
+                        help="Python regex pattern for disallowed characters")
+    parser.add_argument("--no-lowercase", action='store_false', dest='lowercase', default=True,
+                        help="Activate case sensitivity")
+    parser.add_argument("--replacements", nargs='+',
+                        help="""Additional replacement rules e.g. "|->or", "%%->percent".""")
+    parser.add_argument("--allow-unicode", action='store_true', default=False,
+                        help="Allow unicode characters")
+
+    args = parser.parse_args(argv[1:])
+
+    if args.input_string and args.stdin:
+        parser.error("Input strings and --stdin cannot work together")
+
+    if args.replacements:
+        def split_check(repl):
+            SEP = '->'
+            if SEP not in repl:
+                parser.error("Replacements must be of the form: ORIGINAL{SEP}REPLACED".format(SEP=SEP))
+            return repl.split(SEP, 1)
+        args.replacements = [split_check(repl) for repl in args.replacements]
+
+    if args.input_string:
+        args.input_string = " ".join(args.input_string)
+    elif args.stdin:
+        args.input_string = sys.stdin.read()
+
+    if not args.input_string:
+        args.input_string = ''
+
+    return args
+
+
+def slugify_params(args: argparse.Namespace) -> dict[str, Any]:
+    return dict(
+        text=args.input_string,
+        entities=args.entities,
+        decimal=args.decimal,
+        hexadecimal=args.hexadecimal,
+        max_length=args.max_length,
+        word_boundary=args.word_boundary,
+        save_order=args.save_order,
+        separator=args.separator,
+        stopwords=args.stopwords,
+        lowercase=args.lowercase,
+        replacements=args.replacements,
+        allow_unicode=args.allow_unicode
+    )
+
+
+def main(argv: list[str] | None = None):  # pragma: no cover
+    """ Run this program """
+    if argv is None:
+        argv = sys.argv
+    args = parse_args(argv)
+    params = slugify_params(args)
+    try:
+        print(slugify(**params))
+    except KeyboardInterrupt:
+        sys.exit(-1)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/__version__.py b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__version__.py
new file mode 100644
index 000000000..854038e50
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/slugify/__version__.py
@@ -0,0 +1,8 @@
+__title__ = 'python-slugify'
+__author__ = 'Val Neekman'
+__author_email__ = 'info@neekware.com'
+__description__ = 'A Python slugify application that also handles Unicode'
+__url__ = 'https://github.com/un33k/python-slugify'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2022 Val Neekman @ Neekware Inc.'
+__version__ = '8.0.4'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/py.typed b/lib/go-jinja2/internal/data/darwin-arm64/slugify/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/slugify.py b/lib/go-jinja2/internal/data/darwin-arm64/slugify/slugify.py
new file mode 100644
index 000000000..09c7e076c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/slugify/slugify.py
@@ -0,0 +1,197 @@
+from __future__ import annotations
+
+import re
+import unicodedata
+from collections.abc import Iterable
+from html.entities import name2codepoint
+
+try:
+    import unidecode
+except ImportError:
+    import text_unidecode as unidecode
+
+__all__ = ['slugify', 'smart_truncate']
+
+
+CHAR_ENTITY_PATTERN = re.compile(r'&(%s);' % '|'.join(name2codepoint))
+DECIMAL_PATTERN = re.compile(r'&#(\d+);')
+HEX_PATTERN = re.compile(r'&#x([\da-fA-F]+);')
+QUOTE_PATTERN = re.compile(r'[\']+')
+DISALLOWED_CHARS_PATTERN = re.compile(r'[^-a-zA-Z0-9]+')
+DISALLOWED_UNICODE_CHARS_PATTERN = re.compile(r'[\W_]+')
+DUPLICATE_DASH_PATTERN = re.compile(r'-{2,}')
+NUMBERS_PATTERN = re.compile(r'(?<=\d),(?=\d)')
+DEFAULT_SEPARATOR = '-'
+
+
+def smart_truncate(
+    string: str,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = " ",
+    save_order: bool = False,
+) -> str:
+    """
+    Truncate a string.
+    :param string (str): string for modification
+    :param max_length (int): output string length
+    :param word_boundary (bool):
+    :param save_order (bool): if True then word order of output string is like input string
+    :param separator (str): separator between words
+    :return:
+    """
+
+    string = string.strip(separator)
+
+    if not max_length:
+        return string
+
+    if len(string) < max_length:
+        return string
+
+    if not word_boundary:
+        return string[:max_length].strip(separator)
+
+    if separator not in string:
+        return string[:max_length]
+
+    truncated = ''
+    for word in string.split(separator):
+        if word:
+            next_len = len(truncated) + len(word)
+            if next_len < max_length:
+                truncated += '{}{}'.format(word, separator)
+            elif next_len == max_length:
+                truncated += '{}'.format(word)
+                break
+            else:
+                if save_order:
+                    break
+    if not truncated:  # pragma: no cover
+        truncated = string[:max_length]
+    return truncated.strip(separator)
+
+
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: re.Pattern[str] | str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+    """
+    Make a slug from the given text.
+    :param text (str): initial text
+    :param entities (bool): converts html entities to unicode
+    :param decimal (bool): converts html decimal to unicode
+    :param hexadecimal (bool): converts html hexadecimal to unicode
+    :param max_length (int): output string length
+    :param word_boundary (bool): truncates to complete word even if length ends up shorter than max_length
+    :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+    :param separator (str): separator between words
+    :param stopwords (iterable): words to discount
+    :param regex_pattern (str): regex pattern for disallowed characters
+    :param lowercase (bool): activate case sensitivity by setting it to False
+    :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+    :param allow_unicode (bool): allow unicode characters
+    :return (str):
+    """
+
+    # user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # ensure text is unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # replace quotes with dashes - pre-process
+    text = QUOTE_PATTERN.sub(DEFAULT_SEPARATOR, text)
+
+    # normalize text, convert to unicode if required
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+        text = unidecode.unidecode(text)
+
+    # ensure text is still in unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # character entity reference
+    if entities:
+        text = CHAR_ENTITY_PATTERN.sub(lambda m: chr(name2codepoint[m.group(1)]), text)
+
+    # decimal character reference
+    if decimal:
+        try:
+            text = DECIMAL_PATTERN.sub(lambda m: chr(int(m.group(1))), text)
+        except Exception:
+            pass
+
+    # hexadecimal character reference
+    if hexadecimal:
+        try:
+            text = HEX_PATTERN.sub(lambda m: chr(int(m.group(1), 16)), text)
+        except Exception:
+            pass
+
+    # re normalize text
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+
+    # make the text lowercase (optional)
+    if lowercase:
+        text = text.lower()
+
+    # remove generated quotes -- post-process
+    text = QUOTE_PATTERN.sub('', text)
+
+    # cleanup numbers
+    text = NUMBERS_PATTERN.sub('', text)
+
+    # replace all other unwanted characters
+    if allow_unicode:
+        pattern = regex_pattern or DISALLOWED_UNICODE_CHARS_PATTERN
+    else:
+        pattern = regex_pattern or DISALLOWED_CHARS_PATTERN
+
+    text = re.sub(pattern, DEFAULT_SEPARATOR, text)
+
+    # remove redundant
+    text = DUPLICATE_DASH_PATTERN.sub(DEFAULT_SEPARATOR, text).strip(DEFAULT_SEPARATOR)
+
+    # remove stopwords
+    if stopwords:
+        if lowercase:
+            stopwords_lower = [s.lower() for s in stopwords]
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords_lower]
+        else:
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords]
+        text = DEFAULT_SEPARATOR.join(words)
+
+    # finalize user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # smart truncate if requested
+    if max_length > 0:
+        text = smart_truncate(text, max_length, word_boundary, DEFAULT_SEPARATOR, save_order)
+
+    if separator != DEFAULT_SEPARATOR:
+        text = text.replace(DEFAULT_SEPARATOR, separator)
+
+    return text
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/slugify/special.py b/lib/go-jinja2/internal/data/darwin-arm64/slugify/special.py
new file mode 100644
index 000000000..918cb2add
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/slugify/special.py
@@ -0,0 +1,47 @@
+from __future__ import annotations
+
+
+def add_uppercase_char(char_list: list[tuple[str, str]]) -> list[tuple[str, str]]:
+    """ Given a replacement char list, this adds uppercase chars to the list """
+
+    for item in char_list:
+        char, xlate = item
+        upper_dict = char.upper(), xlate.capitalize()
+        if upper_dict not in char_list and char != upper_dict[0]:
+            char_list.insert(0, upper_dict)
+    return char_list
+
+
+# Language specific pre translations
+# Source awesome-slugify
+
+_CYRILLIC = [      # package defaults:
+    (u'ё', u'e'),    # io / yo
+    (u'я', u'ya'),   # ia
+    (u'х', u'h'),    # kh
+    (u'у', u'y'),    # u
+    (u'щ', u'sch'),  # sch
+    (u'ю', u'u'),    # iu / yu
+]
+CYRILLIC = add_uppercase_char(_CYRILLIC)
+
+_GERMAN = [        # package defaults:
+    (u'ä', u'ae'),   # a
+    (u'ö', u'oe'),   # o
+    (u'ü', u'ue'),   # u
+]
+GERMAN = add_uppercase_char(_GERMAN)
+
+_GREEK = [         # package defaults:
+    (u'χ', u'ch'),   # kh
+    (u'Ξ', u'X'),    # Ks
+    (u'ϒ', u'Y'),    # U
+    (u'υ', u'y'),    # u
+    (u'ύ', u'y'),
+    (u'ϋ', u'y'),
+    (u'ΰ', u'y'),
+]
+GREEK = add_uppercase_char(_GREEK)
+
+# Pre translations
+PRE_TRANSLATIONS = CYRILLIC + GERMAN + GREEK
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..a17ced9af
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
new file mode 100644
index 000000000..5ed2d0fda
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
@@ -0,0 +1,134 @@
+text-unidecode is a free software; you can redistribute
+it and/or modify it under the terms of either:
+
+* GPL or GPLv2+ (see https://www.gnu.org/licenses/license-list.html#GNUGPL), or
+* Artistic License - see below:
+
+
+                         The "Artistic License"
+
+                                Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+                                The End
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/METADATA
new file mode 100644
index 000000000..23bd3d45b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/METADATA
@@ -0,0 +1,73 @@
+Metadata-Version: 2.0
+Name: text-unidecode
+Version: 1.3
+Summary: The most basic Text::Unidecode port
+Home-page: https://github.com/kmike/text-unidecode/
+Author: Mikhail Korobov
+Author-email: kmike84@gmail.com
+License: Artistic License
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Artistic License
+Classifier: License :: OSI Approved :: GNU General Public License (GPL)
+Classifier: License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Linguistic
+
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/RECORD
new file mode 100644
index 000000000..c6de40859
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/RECORD
@@ -0,0 +1,11 @@
+text_unidecode-1.3.dist-info/DESCRIPTION.rst,sha256=6Fgx54K_UeXRByELmqkfLcHlbXhsvNNJdkPFT0VF0J0,1199
+text_unidecode-1.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+text_unidecode-1.3.dist-info/LICENSE.txt,sha256=OTjnU1w-TvfmNj3ptpP-O6_jxKXl9JJc1IN1CW_nr9U,6535
+text_unidecode-1.3.dist-info/METADATA,sha256=B9j-1l4-yN9P5e8mpBrXCqAQsRUnA4Izyy0hG7Jyrn4,2422
+text_unidecode-1.3.dist-info/RECORD,,
+text_unidecode-1.3.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+text_unidecode-1.3.dist-info/metadata.json,sha256=vYPs2_8Q45eS8mrUw0qzf1NeShHDuX_lpyh8S3yqg9U,1299
+text_unidecode-1.3.dist-info/top_level.txt,sha256=SQH9SRjWlLrD-XgHyQOPtDQg_DaBt3Gt6hiMSNwHbuE,15
+text_unidecode/__init__.py,sha256=_hESqlvGR_cTy0oryPuoyrVntCOIID7bHDA-y22I1ig,484
+text_unidecode/__pycache__/__init__.cpython-311.pyc,,
+text_unidecode/data.bin,sha256=eSRmbaTOCtJNS4FCszDm2OiUZc2IOTRyTNnkt9gTDwk,311077
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/metadata.json b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/metadata.json
new file mode 100644
index 000000000..3d8b506b3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Artistic License", "License :: OSI Approved :: GNU General Public License (GPL)", "License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Linguistic"], "extensions": {"python.details": {"contacts": [{"email": "kmike84@gmail.com", "name": "Mikhail Korobov", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "https://github.com/kmike/text-unidecode/"}}}, "generator": "bdist_wheel (0.29.0)", "license": "Artistic License", "metadata_version": "2.0", "name": "text-unidecode", "summary": "The most basic Text::Unidecode port", "version": "1.3"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/top_level.txt
new file mode 100644
index 000000000..2f7a53e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode-1.3.dist-info/top_level.txt
@@ -0,0 +1 @@
+text_unidecode
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/__init__.py
new file mode 100644
index 000000000..80282c74a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/__init__.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+import os
+import pkgutil
+
+_replaces = pkgutil.get_data(__name__, 'data.bin').decode('utf8').split('\x00')
+
+def unidecode(txt):
+    chars = []
+    for ch in txt:
+        codepoint = ord(ch)
+
+        if not codepoint:
+            chars.append('\x00')
+            continue
+
+        try:
+            chars.append(_replaces[codepoint-1])
+        except IndexError:
+            pass
+    return "".join(chars)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/data.bin.gz b/lib/go-jinja2/internal/data/darwin-arm64/text_unidecode/data.bin.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfae7c3bfe5368bae3efc7b8fa8ed47bd3e79a2d
GIT binary patch
literal 70243
zcmc$^Ra9KT(kP6(ySuyV;1UP~3BlciLvVL@2u_edfS>~e3qA}CZV7HPNPs|K@FCcr
zbMC``@5}uj?_OQ2tE+c+byfGOs$IPqQ?Zc#^Ps$(J|#w)OXf?Zl<%D1g!kXweGD7y
zZQJYCXftqf<{;Kg{$`?`^37Caf`-J_Dv69aH_p+eJ^1DC15_-kQ#5zlVREDYGtzdb
z<~9mlsnv5N{3Y=P=~)Gl2~|jVL3=hp%t6ng3W+Z$&svBU=wQMN#<Mx%96Ffzg8cjn
zQ4WnvctL+QM(jW%6JJoDbrFNmmjrqQmV81a<_p6!!!vRKj9@cf7s?QZa|c5P#JvJy
zK6oQ#!mz_I%10>S?2kCl#1Z&|(K{exxHz3Mdc9sOt5kxF7?itIk<@HHfdCLIa1AB<
zD-?AIM@bNh5!Qy%BIv_#cZL;)wS>Ge4u#NhTWm1UrMjb}`Jg2EP#BKY2+lGv8p#Vv
zvkk)E1SyQ%!3E){j|%X_=iMtqM&&NTmuFt87mR_#2uAq?*~7r$p_WK|M&wP?t@sC_
z4$<yF#&Um36h9a#g6wu^#48dvl#p>`dn8;c2thRvGxF$<W+=70Vi2(epE$UoC>!>T
zNVnA+3c=@yG?l`f5`?sH%lGv$#3T;2(5{ksqbAyXGlYdTEZL;|!8#3XB4}?~jzZZm
z@ILP%^``Vjp`4GCo~}esy)(niUk@k%mMYZ}%nj8BplyS=8^7Jy_Ag-o7jEf5m>WdR
zws?|QfUfmrZw&IfA?klB92Sj0(8xcM5kTG0CXMwHWyrj|J&Uo-ajACc6{^g`aJH2w
zn{C2y9)N^T7>&674M9)BeM2XEd9)WVok=ebaI~@^C;Sz-T-eLMLW{t1C9T^6T~nBG
z&VP>@MfcOG@I{`&Ep3+icG1QdGTZV4%%C=&<&x6H&-$8jP@`ZtIBYocV+8FWuXFBk
z!Ph+BiPG^KNBP}$b>PtuS(zLr<3Al~n_uBF4E9H{yF*cGoZ)|Q2z&(0grdYZL6X+t
zsZA(zFj;^KTKx)~riDK8jTQ_K@Hr+4Zy=$?-_T+x&Dw_pN0sD4n&P^6h$taRFu&Wq
zjDA>DDq(5)giMEcTcCn4e3eN#n7|7v+pXUHU9GTq$QV%%TG5MUReev1^|$2$aZOQ^
zyXv(JJRYgRX^{b%jO<b*s3305`+5-H=W!uF&Os13NdS!f_Cj?qVFwflN7)eAOiYB!
zBFLVxBQObJ#&D!TN`+p`I~Y13ss(0%K$cH1pi-iz048+7^O$-l;j{>oSNFQ_W#PCl
zPbha}y7olk>TFcQRZ&_d!x-B`8+QYJxa9+pF=2-dj6Gw_kF2a0-7k0#hj6?ymgol7
z=#n9QRj6*>fcT2WuFl1V>i&0hG2El(i`u!1*}Z;Dv~%j1TmID~@TZ)fE{!9WB39)<
z!=b*Y2JxWBFAxerABxCV)%*2Pya>$jsAr62TGd>+Ap9p@6Kkcxr1yL*LmXv70!K-_
z_4rbPHc%T<FI)6O?~5zsgRk+m46c-VgHcsUNoAl_WR|{Jbi8GBF+p!M*DiDd7%nv!
zg(EG6G?$4F<kPn_OjEDc_YmP@g_LG1Ija>_8^^jmE=1v-n#6QS5oa7k&KT65LHIr6
z<wDhm-pm`h6xn$=xX^0ol*LnbugH_-q*W2nZ%QdNIJ8i{O_8)u6uyo)_(q<oaC4zO
zBR;+2v)-~SwX53bndQJ+zZtayeGF^6J6fpH^@|5@VFvBz_9JvQL^c^Aj)S-jmUZVK
z_ug`{UT^bLkOQS>U}X>P72(Y%OOrEYXNn2mK+5I-YNo%v!0q^90r!AplvCxT@;{)y
z)p#YaPl*&|uea6d?@+WVSK?Pj8GUKFA?EO<{ek29wpWAW!{b<A+Oy3Tq9SGlWvr{E
zRd=_)n2Rt=|JfW+rh8;W-?m2Kf9lwfFq4Tvo&_1azaVi{W+kwq=WM{YKLWGg;MI?6
z9f7b*DdrO?g`y0o8m&P@-vul0Nw{k*c2|J7gfLbF*+2{?z*(B49T-e~I58YkutAq1
zWhq*kqSYPkXc56Mn_A#ao@|Hg7KB=oG`J!NqiMDRJ+cP{q2JQ9z>&^g<X^+(gV+A1
z0%DcEx%f;8?cxDx6`mQ8B5tngNEE!0y`U6~B%WE+8C;1b8RB5)Ugdn7H@mMN*AsPa
zQ6BN7955p&+MarV7srhFhA#+YJ8X;qSO_K5Ns<7vk{y~tr^A{7A*(@e%%Zk_l~g~B
z!~rMy&B!og3^%**M_z%eI6UVQ<wNsrn4)5tkxoHpx&sG<$#s#0gir$wDKg#eRIe2v
zt<4>V1nsJOipE=8BIlN<c9a0tJd5oiv9`fO^wM%lp-(w_t;xDF>G*fXV1vmM6qmw2
z3_Y(Q;eqX;293th`P32dL=G`l22U2}9i_Eu0{#g9>-ee8Zl#M;H!5}J$qlX-*bC7%
zQ#AG7`z>%$Fi~rrKx||If695MNh=|~@nDo0nCu1VP5^tCK|U@K&K-uvI2?{3laG&#
zYk^`SoDq}^hO1w`2&+WM=^XHjWwi`Mmna_wHBD8$z`ocP5`Zav9$snu)Lg%bDis>S
z3elh%NDO`90p9iEuYF{1gyNYAC0Yid7QlIwH*2EMr&;uxZE?D!hKTdZD2d~6+4f7u
zan$57Yk<+_LDa%<x9$vkHx`k!ti5o$ZCW@K|FMA%JgB$9-P^|7+xF14$(*}LM8c4q
zrt+B{N@ivw3yzY7)4#JVA?o?XB7&#p5IM{G^gSw-g+#(>w8p@pC11-<D7)PP^r0v1
zQDy(<tVWHA+BU9uWGZ@}(s#<WG!_GtKLep!wY7|WwQO(Xy!Pg-21bGg5`y)I8k5ih
zXwE$ihj_btk~!U(=ayqWCCUP?;ILUt(+12)k<oiO)bNn{9S~;jCk4m8z4IOV^C0(D
ze*;DuzrN9OpIC+C;~nQaqXsE#AGc7N2*%jn_4p+%DND#pe<JXOh=2jKmk4a{@{M#p
zX9jFO;6)4`Elo%-KQiw;<!wdGTf6eicGlP_wMP$S{<wJH+^yZ*n~RzF#%1KE)e_N}
zL=jC>@eDm0ZpR$lFCIEPVavMuWF4VdNT>tW9aU!R>)_YEuB}LQpLnX|MzABGJGz+9
zF{{bWyR~n?%XWzSq~mQ}6)govf(YWu{Z~#l58OXK-=*YVdO-nT{5FhvZTE27`;1co
zu(U!x>HEt0q{_}i)$HTBo*ji8n@8@H>d?^4v(b!)S9i~8xCbK!*QxxZMY)V4#*C#T
z>@bB;`Lic*5#m_upnwE6<ubk=<8>e?fiD|re+9Q!24_x>^dgQ6)O8{c4s7_S?04b;
z`z;5_2hm-K;V`TG^VylvON@L;%JaE}57M6oB=x6`mn|&I!WGdbINe)=5+5Gt$vhP(
zi{p;|T=yTkKH0Hq`Sx7d93Hk1(#=0AWE@KuFI~T21i_CY@6XPt)AxA)V8L}4{7+~M
zucRX2Bshp@u?vi8_RO4kB6GUByL92aUF3?bWk_Y}3&UA!e<eQfY9jHAEm>|L!`QQz
zeotzZ&gBe+Ih%4m!-M{Y$hz`-lq8k)vN$j^d(eQ6vUpW_LDY}zxv@9<Jb9Xz!143p
zm~^O{Cz|E9R{p}RE{J)QBxP!l{wd^RG&q`+`ByG|)I;NYTgR!{r`4_0Ev(FR#2*+z
z*!P3+Yo(59($!En+ASj>Iu=tGdJ)SB-ybGLoc@Eyf3Q1D+Wi8>-i+0qe?uNIRPsPE
zaE~#N&icTt{IUBNW38&RlS-`c`c!S#d&ShtYXN0Q4BR}L$<}7TN_0G|u78f3Ei7H5
z2_OIOSf;GglVcfYXsMeeI_v8F(vh*x?=l$L-_@7d7f;N9GeB?e)wA47<W9u(p8ND=
zEb6m8tBy)2zr#F~oP=+cZE*mT)BLSqD{}APoaFAvYU#@EC8<d`N~-Qq1c>z0kdQ}S
z&4|MO#1#sMP|$sb*Jiceoz#bgujk5yf6+rO-&z0jPW5{HHfWslQLNY4ROIl}BhDSg
z%iqDMUBKY`4Bah{N>Bg&X3>rK6`!)Xe`f!g#4`~4Unqi3W&^`$hIt@wM=0`kUm-6J
zk`{pQ?hB5|jJ!4f&icnybqfhV>3#vDd2Mb*+LES33ukRQ9Qvo~NvTJt2uf$5?%3X)
z3GFv{v&*zn=H<g{GH2F9Yv`q)M%FN9o1u-U&d&5Eb2j~PH)PBIq6N@jyk%!m6V^5}
z>!H7N%f2RFHsR!q($8<afxDK?wj}3pI<IC_O2oxIfB<7?iQ2-yf~(?=byj;kZ=0%H
zn4&Qg)md&+wKUuVx?V8?Nl!#tSsv+#cf*uKc8{XPB$y5-{1p*Z((Pk^wi5(=mJeVK
zxCjk`Vq_v7mLUX>PeI8KKAc18gN$BGw-h_O^w7-5a7@@h@{Dq~E+^ha7xS|~gdZuP
zJ!3EJ`oJ*#V*)B|m-|qt&mC&_1BON4=ic*Zg4NYZEjPg0)dO<bP9Xg89utBGbLdQ9
z=M%J{*55^;5H+y??c!|#C4t>BYD!GsIEc(<nG!43P@LTS;?wlLB^;pTmtbj?1T~BE
z<pT>rcCl3cKGbsq38SX&#M8|-tyUv;D5=tXA>PulQ|K|<Gy*Gb-K9eZ(iRk0DXCaa
z#%gG>SdIoJf-GTbh~x@6!3xw*;(i<`yjolo*~GlF5oqtdJIF9nkm6%OR9ubmAZ4Wp
zPh8YgBwS2fdmCGRK0ZDGUo$@0h4V$=MIu7$(dE$tR>{?jZ$Z<I=Y0%ar0V`gA;51D
z(%mNk97yLM`nx>(r`z7+)F%AIHayhB#?gk{=D@}gudy*cFFr5P@UbJ>KdK|v|IzWW
zGQK0x|FJHKf9SinkL($EE_D^qxaZL?0hbwa!)!^9URegY;kFzHTU*mc1o~_Yotz-<
zJKkXQfrd_4hE72L7?BR@gU1fJ_Sw_`TG6%KaDZCCXHisV<XO5>YE<WCP*J=nq4NsH
zHdPQQG(A>wY>3tkmL4z3ux&xRO0|l%Dz!?5O6z88Z@Xvf>jB*y3Xbx{JRBS9>G1Z1
zZI0Y`M0a6qV+5T*n}p%ZW<hQ+{;fae18ZF?0-m%%wCC3z0aaS4Q%G8vTJ|<B{Cxa;
za(pfLd|r0Az&@Y<O5|mC1?=mQ0J_-}tj1f~+pL(ab^uRo@79MlhX6yH!<$rv=D5DN
zzTcaqca|U5M?Fxlg3PZ@JAZlMPw!w94*LIR7O%ea^f~4^iA+LCNNvg9-ptiu>bS6~
z1C>H%x%y8H=O7oTV^jfw6%DFjQ+xr1)#9rz3{TWenWQ0F+q-2@QzBM(mzq1WCoW~z
zp3Y-m(#(hlT4oX(@%flis(nCg9W}Z<>JKCXOaprxSAK1NZ8_~0eC<8wixC8OL|QpS
z5bOnRv7qY4@`gb{RNX)d0X~bM?rsSoQ6XF*Um;Npr)AJID6Ls~FS^*Wx7)*p0%Dtw
zzsUD2^9*=q(2a6Vs)hQx<DizX4AuN+pH<;}|Fn{<8*T-rfcE{DBE)ZZ<;^ho!SElY
z{y!8GTG?(MfW>Hw`*JJ#YNO?5hU|s%$tu8|g=BSejKaqEWH(?l*}5k^{p>a`+8EhN
zI>-^PuZ_aWH0S_k*oTg4jND9TF**flFz>$fCf8p~kDj7MZSkDW6j6{p;`y5i=S3{F
z1VDL%5OCDev+b%-;L8yM9pF1=CgWBtXXe?k^FKKJ2bBMyAoC2F2K$yF{4c}|``Mje
zZLTj_QCt#BQvk&vE=y8FkB@{b^Wy>jB5|r8m{ln__S-Ov2RvJY51)*9p%7&uRRxdK
z<{rZ;F{zoqkAT1mldwf4Y6XVBhy;Eh(2tC|Dd`T7@L5o8lo}2C*e!sfy))!zYZE&I
za)Q~k!-1w~t9;u+s-_8CbMrSC!l-SUD-8NzT8l1<l_m)K<F7-vT|TNk4R2-J^#?9v
z*|+(Y<~??ghrf;$+!CG*L<yR0DJ6tByJpxe+HbFDW?{T0QEHj*2hrM9qcS9kZ8xRS
zJazFkyGPiGqF>fO_%43CTKp!u*eSE0&61r$ndUbo&1O<Y!y=UEz%TH_ZE8mI$E?<m
zS&fa~Hl!^SEo6f2!W!>(M_E7l2#^%^96BXkT9|w46bD!p2dJ+bVP3fvZlL^Xj_MJ#
z@x-YfyZ~jh$tHeV^%YgEZsC{Yd?PFPMwZp1AvGt=LgPZ&M_k%WzpR9L`{aLH$#(<~
zm&UNV(GZNs|Jz$RNfm8S$AMF|hyOSqWfJjjFpHUY91TEH1@Exq;8(TF;TIR@YR$x!
zB<5W;mSXQXo_}4Zd;fozhyO)94qUqNa0SQ!l4*|jkDK#HE4YzvtI1zm4EnIIz9*e+
ztEMi#jUFiAZ+dP}aKqvM^%a1e5x~Ox3Tw(&6ddrsOZZAKu~8Zavmt0=yj?bNT1JPf
z?b1hGdw=`Oh%sC51!p#iY$DrgX!UHifVCSWEza>4r6eG`KZy!inrI);+|D3@kbNYM
zpd6&k+%Z|*lv>>kTHWND`JmdxA|b{`GP(kIjZ5$a<M4Agd_D9d8%rQziCQ0+#mbIY
zu$2oh0~<dk`T&n|8qfSR%)Pa04m_Qw7>C3v*9u?&r}FK-8N=n@^%zU#-%S@t2}_a(
zh<K0vl&$sPVErB^gsuC_Z*!;-ONbXRjYDgGN;i!|@&ho8Bq!?gv)TdZM~*t`ABELV
z4AQ4dLCV0R|B!A~W5U3s^VWus;cyPejPrS#l{)p5dVzOe4$#Juze<dH#WK_f7ZP-L
zZ}k-t#G9_#BrX?{=Y7p^k<2Pr$hraZQRKtN(QIW{Xk;&oUk&`(%yh><9qiDD`e7sA
z#Oqa>lm&R?BIprGAsHg5(RrJM$?x+Dqb3#UM||QjXpG{Yf~P)X0S+W2rlN?Xi=`s)
z0<hvGhCkbKKt%WK;~$tWMypmyzK|x8{7bi8OAK8vk6bVR8;1GAJf~Z3*Fejn0BgN$
zcp2xE<(ZjdQq<ltzLx}hNOUI?1t|p;I9v|(g1@@veKdXC!eSV5vruat=}=9@HYVlg
zw9xIYh``b9M0Ey68IKE+zyAYBT=B-Po9T%sPk2DL5IlSzGs1M-<sA>Zy)UvFrp5AZ
zSGHs?I@$G_kuDOuaAdvfh>`xC0VlceZ(@G_=sDyQfnv{Ep8or7XJeT?a2BJ+Tir+z
zsG65O%YTt(0JoXJDYdT5Kz&&WvPZo9%OIj6$TwsA=WNe$S0645eEPXI24`+VADzd4
zT_?JSIryx97>rukU;y}HAu9)=Hqe@EZ4R+K?*JhUQl?oA(ZMU-^msh|!t#t;xJQy4
z75G2;(2z`!!&EVbF&%W0ruMew#7J`8l&-GnGvgI%AEray+z(IaSA*eD<l;)k)1j7C
z4UD_{C>qhoSr2yRXKFwu3D<`M=Rziz1S!Wi!+8e9OSIZ@mpIOV*HhlO=$p+fb3Uot
ztan{H-Tne{6He(^A2O1Q1U!XAZu1w(wrr-KK8!J1O^gakrIT9ukn8$teHAc*^LRdg
zv~?fCN|;ah6idG<EhV*z99yec_-0uj%^-lntYu=84t;V%8Ts+E;xj9Xc*1$}ig$#{
z4xV=`@gTbuLR4KdzscQ^*L-c#sIx8a|3n{*X;*B7q<g;sB*VAmKh~BlcGf;#2j@Bf
z-%QtN{MqWe_UQhZe^^)Bc)oEw)$1M4ulx3;QuXGXqv54B?nV%b-^pw-xS|fHDB;LG
zG#bKC`MfHP{@1P0ll}gM`;Q80Q5T`(!V~u&NZX}>(_=}~ZPmKX)$9rUQ^AbY<w(_O
z9=fb&f5vujPoS0VPVoIH`(apq|Gr7kp&It^&iRvUi}QIO-XT)KB|%xL^#00=wEb13
z^E3CIV#~)MQ>)&>tXoV3BGDb*CD`^r5)f#6he>bHa~>A9@Df7#5;?CV8*dO+fI?LZ
zztBPiQCc}+8#^#{dX)~gqbl5{MBW|5zwAU3zQj#f$&cdoGLF=igCGvHk7)Au{D3IT
zix*@-)L`u3gDf}E<y|K9oKY@CA?>BGTH$#x?tI<@N{TpQMI7;V6TYC`!DJEpxw^Zf
z44@}3sQIMfBY6bO_b321+XbK58kDNZlQNF_v(N6$7!k{Ena`->`MLasMAGM7IKdLd
zJ7e!KJpOJ!+#|)nSm~~W`C}FQjIwfNQVc!wr={c{<qc-Tf)*aOzW0ZMz=|{RP(s20
z8)wFc{zP4G*;~w2g|UcpnDf8f0NOv2HMG_mn!OsC@w7ei&mFuN1pP&^8cMB&?{at6
z!u`-#spR4pe$>u`CY3xcQM_CGqa~>{_JGpfUNC+PkQ63v<Fhw*psQXlZs1v1<lPw~
z^7lJfsK?;QcUnT?#DAv9p?quQ&pBy6?CJV1fz{ACRMG^p7jgRs@l5MJIMKO((=X8z
z0ibDl2@mkvxXZG-g9ZLe*A9q5{(BCI75{S(t%2Pu)`d^cT0VD?Uj`MXv<If#Cm;F;
zFL}4-%0mRRg&91APl6u;6)yZ=oP{P84#IXWPP*1k&<7(v^~>MqTAy28t%crQzT&?d
zJhJ1?_FQ{@uX7_9oA-iO%fB-8z)WmoLpW<g`3p#hi=deu9_9_gDgY+%BB=Q26p^iC
z66b8tcWjx4@gh>y9IfrSTR8vaeh85Vq9ox+&kO_6k%V_p{xGzcs5M%Kk#i{VCg{)`
z^BH>}#x05K3F8dp1uZ!~+yP1ckUPC|DcL4?pSXP+oVmmJgQ5S=6~iDSTww5gYQP;(
zX&JI{C>NmswT##)2ww}Des~-Zd}#Aw!gR2=&OBOn{-*2o&<8ok?3+4&XcMH(3@+cf
zbF`Kq*pG5QJt5u-0bwG-t#2Lo6bZ)11{fBaARkmEZf}x2>5rJV)^#C^zbLyipX5D$
zY#{%c-;h7Qc(7lu>I&c9yF=YRxC>t^Nay^f^?&8?H|_S=qx=r>6cu>?Urxg3R}TZH
zQ)AI|S?S?&pUrg<NdJ|EZX9`Sb%pi&jY-D;S_-OMwfV!b$@*g{!T(~7e17@gk@nk%
z|7DFT%|!bUqS{pkNB*z$Qdy{Ntu3$oPFm@*|2s8ih(_1#kJfMZ)QqtIV+6w#@qc;w
zS0wtmDbQ<`=<a9zS06I-D&ITGGrr6~LbU%oG&qZ(X6EVi{knjge4gdn|4_CD2b$f#
z7|dETqD<u>ywKu5?imI+8V5wi(oG8bXUZ~Be^yBF(kZ(gjL(EI17fU4yaJ&s|1KV$
z126}o|Ka5@>i}qptoPjpJ%UC(jEtA~eCX4^X7kw-5LHmv<mHDh?1WG??8gq_Z%0CF
z1JB?8Nm32>KdsXD8T8|bIY*&RpQleC18jPdi=umCi(-SLOrxYJxJyC{ZF};~QQa`R
z2$qpOQ5##2*4IaxAZ@xBxbo6`S(G+3Kpe7sNXc6ln#2xzV2GtH6i+LhoM0A6@|GCN
zH)I%vqIF?uiw_nhG=8TBu_eZ8v<|Ae*{H)nTaxrK!9dj_`w-3n$=lC|bA-)nKJQ5x
zm`)}{8lZ|mlv%y-5}fVBRp_$_1qX5bD)AwDvB-WE=>G4OQFSUXSqsG~)}ta&b!<@#
zk4BgQ|Ly@@hhPR$AvlS1ur*()(;<CK0$G2lls{x;Am5<BbXJPB1UCeau*(V)-P<Re
z$_C|>>DSrwfhW_?E*+*{)cK7lM?Zfy;9-^-F0OpX?*}??HK<(2ZPb47G+h@pu^vKu
z+oUJJ^Wgc%=+27VDACby3zL3}ch2^bOs7owNt%v+Sicr^u57qn2eYgUWE*zk2MrGM
zQmM5{9O;gvBBbktnbMZ||Gwa*KLR0fc7Du$Mq26?{b$kg17Wk*0{^*Blr8v&u32`s
z5B#%ppiim2-iMC@n?*bEvL*k}-vXQ5|ENXDgQ;6$0S&8`V`qE;C#$0Y#JyLmGxlA{
zTZX4Nk7Dl5ue;j=12NA|A!kehnf7;V0p+7-SF7Q~y@K{#cU-r7Hhbo*2*k2rOzQa`
zq6gBhG%wUm=}|%s^s}_^ik7|14NvJ2!CkAR{T+8|fKNJs1bj8AId~VZZ1B|%Bw`=I
zx}I$Ps{Wp`d~5I*_}AS+*!s@BdD*H2!^ymM00JT)yHwabI!Gg}Qd`}VcV9-9PjH9(
z9QHQo{_}8n2!R|oLvG8XQV<Q~Sr<96U*fb2R)L?n0k6g{?|@xNge@cpZUFD<@IymA
zRyVvx9?<3K4&#ei355wQtOC=uM`XMg_VGVpmki~_?KtD&IH1>YTw`KIB8WrI-_mc<
z3mH3g^n9DbFB~<r9kQ@m%R_H(gXU{>l}4MFQF{L=uvs~@{XJaT!iN9?x}d3Ag|vZ@
z2hh#NX^hz!P)liiktyFJiPNvk#i422X!EXb7_+Dmbendr#zKL(nOp9T0zP|-o(M$8
znmbY^#M61Nz<U6vYq<$9Z5-hO+icteHh~t0dIry1ppU=8Y+;)Ml4m4ZR{Rtf*l?s<
zp_{G%Y=hnap_|lrQzgK~BA?uJK?G{Nf4g0K0&g$q9I{|KQe@h6iqc$a3fbuWaL9c2
zDO4&|m!#!lvT>Ts%CtAS9Vl>$V%0Q#Nrw|UkQ^KAxWdqEwRW&LQvqz4;kQ_mN-%b!
z=;=<6<~`4+4ceom<$5G(4l~iI6iP)Wi|B~c3LLofKBk}$m<dKMa1u|{YPXP`V;t)m
z1?fjR8F{-nWAq}j#J)*7i600Qvh!I0y1h*nA12LA;@jin^ZMiRx~68P1(2P0^^rr-
zPbt0ihW1d($l#{P<&<zWWNQi_rNTC^jn`mQe=N!^110dTI;wvTXZ4{ks$cM5)fV;i
z3jGvvbxH}0)Ej!<L!sFk87E?t&m6&fMz{Dh*yTX8+|(5NoKCocfic$P6&BU$Pf1WF
zFvmEw#LP$NLN<LsZovS0B>F}E-nhal*#`S+)slYXvTz_EjWnSI%dtSTaIV4!_iBv)
z8*P`K*CwdKN6Wg>=exy_AMzD?-}kr!_HgBqkYMb?0-?dUsj2f@7$Bf^#%J%c7jiL=
z43_wphCEpv*hp;t7mh3Tx>an86P>#_))21zjO-#bJ{h;%{jz+!DOj8Rr7r||iqek=
zc5sP4ZLRq40|Vbyx|+~?T_912Q8^Ur%6XLio4qrGg?!Yco0LN0756*FS!cZ)LL0N_
zzi+@i=>pyCVvJ&pitYGU_-#M6Oc2z3+bmiq6yC>_-b+ypLCv0B_*(`hEfp^q3C`GZ
zI<}EGm<B<BcuoU^J5ISSER{P<I==sv!Rkf{X#1J$mY@cB7lae4`>$FfyOl2oZBrVo
zK77D=$gBY}&b2GVKgDvNDwKhqbGc6=CE}mvYJo4KWVeH*py4WRy3;pWTN?k9xB4I5
z+5f{Awszc&I~6tqY)%6ze&x5*zo!{QmFq%%0)d~hMFE8#gQ%o3tCCZH1WUW=>*DCC
z66xRfB3!oqH7MjY6u6ZE+r9yq--9BKLj+D0(Ocv@W%X`+8WO@8b?q(`A1NX_4$>H?
z9{g<R=5!B__o72g#>{bL^|~(h5TTDYZ=q{@mgV3F>CWq$pcvO-uU4-f_HAkTkk#mf
zwP@SN3X0xJ|FB22mi3fF+>47{X;geScY2k%5SRN1U<p}}aoIquJs^2c7(6#kAO<3!
zE1`dH+J7KmRhO!};Cs<^p><=ksCYqZ8Ooh|xWDM*xhIrKH%l+y?E@&qZ-+8o@7d!w
zkHl~uqcO&+&zvg$n8ZZ<aZaUw4{87Q9=_|MGeVFSa}b<7vXDu*BzzG=9Pwy}nL#0|
zH`)LV{w;PbAfK~mDZ@Ssrovp^O?wDZi|NLe^NFdeBA;aqFJ8}4Z-Cfq=Tay&W>U6m
zov~D>mB!%pLy)Od-_z2Vaker-F{SVm4vUd$qXT~uJX!$e{YH^dQ~AoTHA@Su!sb()
z=f^hc7Lb@W)$~-mWzz#wEc@E?vuSCkn4r$Ye(!B{iIDPT=a<+`g};BkAhp2#7Nvvz
zk?2>3Tnoa8ZumJpnKZ5TqZa;Rat5kg?saU?2tHtL=&Hzt{_>jScQWCzcfPYsS{Vju
z!Icikz(;RmZG`sz(!^*~#9W}y%4HxOz}75dc5}@YBtSE?*G+wXBn2TS#{2HG$;!3l
zJ?Vz*gQPIRm0@F0%cL_|i9(Y;B@8lzE;O4!3}_W-_bErddO^q02OPwuM&E?1$)_|n
zDtaUo1;f3UkGNmiPDmE(Q4VvK)sSLc{<g)G$)G{8K|d57f7B)l`HMd5P{IDLwXM)w
z{d*tHUjQDd(r&kuUE<MabzkzNkn1c0=o6$TFswwpXGt^5QOQ8g8!f=6XF-s7{jU^F
zS_CV6_q>>)oCldjo_>LijqPG}9t#Nu6hlAr{zaSQxc9~E;u$U2tmjjTj~K+GHb}(o
za|)^551>|=v8tC`-(RHYWT3{9BW{o?0y~kKu~D<?fXcp$WYR}=9xp+Iij)QX6jauk
zwxfadi&@~8#v<w#3kVBet3xPEJud&dt|&u`e?4w8cBIAMxcfb-saS1zbAwUcyIk&%
zJ|fukEkT^k*$EKRhqRalY41xcYi8H96=`hcif#JOSOfGit=$l=q!m53;3WijS_6FX
zelbZLRd8u&O1gQ1qG^JOFnS~<aFuCRnMg`-LLld!Nh2%5n=a1Pm`L*?WO!lZOA?hW
z9agCi`;Q+aAp4)XhahUmo(OtaE7nKOxL~;*%<w8@8*<2RDUcAXFNuc$9erV(&jop*
zr9MWnRPh{5U%ZT0YJgR>F-S|Bpsx{gw;FzmI;J6FpVZ@ap^6F~LoS!(>JH>zFr;%t
z{$5tK@RgQ6Ky~j4dhL{)ZO=!uf;vpOJrURC=o3g63up~Uax_blfv55}_-eZ!#SxW8
zVTt-JiA|HDowgphu~z*Ud2ndUixz*f)5emlGF)Q8k{fZRp4=Bw%ea#yDqVfUDLt$1
zenkA8*oBqr=D0XXnkaM8Riw=i3x$tGG6qjjDzAb_Q25qm3D?)makW`0;yum21gR-=
zO8$jL+&v93FR#{vsZBnPY+qh7jJ%mOYQON1s@18y8r#aXJ0ojlEVn#lII<RWxwLo3
z+F&A_j3yjK{L9g^+nUPp4VFMKIhxf@P~tZ*7JeFe#)A@dmIg9UG76J*ELBc(GLpWJ
zmb?!pCz>${$#sR4Q;Y%Z$7d!e;QIA#@|~I<TTCNf)`yRV=n#w%?r^n(FU9un*hS|Z
zKUDK^lB9@<uu>}^yIHaLX=#)BbM>?MgF(4NcwAN@d+?9m$q3VS5J-rwl<3tMA8{tq
zutU0}T&h%fL)gDe>M#Aj8Tzg(B%ZwjR9!82r`U2@wCscpfVOPR6CQc?ORD?Qfq4fu
zHu`b~JMGhqS-e&TRZ8@egeK=<mlCeYSB1$Y4`gej+I<{OQ5Q7Z>~9Qdy*%r}bmzGD
zSo>__p7O~r>C+a!ni1^^>o-@O$BBO_s>(~YQ%CdqPE$600;)_@aIC`ug!3zPlPbqr
z89_{pQLsz0rKu-hbFhHD#|mtqtO?VcG1Ewfsm5+*+wVmcD&`n<Gt0sFY%!=cbM~Vx
znvIQ)DC#qq7_AaBd3mwq#rnf4X(qacA5KjipHzK@+e|(w<*Z=N%FObH3(aGa+L`*W
z6qlk6yJs8uw=|Eug)d+m*f5e<$?GfS8FR{mxpgqI=~;D+YBwmS`T2?+=NmEG!%56=
z$4yy&(SLo-by*o#4guepaA>cYQHu_)bJ8ou*y*ov)o^mq_WaH7AuF3&oa3c-0)2T)
zxuEl^iI^;mNKR}Kg~}X;{GFwYnWWAUzQj^*n`82oXj^?CksROuZ8$%Ac=<j^0S2QH
zEjZ3U!R~_T8O9U4a<?xzY4Sl?@N~G`L0gOdg>SxyH@z1-X-wm5UX3nl@ZP+=QawH<
zx@dz;8?hmI(b&$ruHA(wt*}>qml8+><&+(LcCE8Wav-Eu&2J+XG2DIy7F?yzOGcTS
zQLU<1nm^VfW9#_lN~2V0yv(ka)fR)NFY1hLcl|*`Mvh#83QM%ogt<m}UE-LB1u&n<
z1OCKbH!S|nc+8}EO?8tz$cQz;?w3eJKd0I2;_?~`T+`}$u6ggbR9s1+4v3M1<lVeH
zbi;IOm3Ye^Im%xT7sU}}K|LpT=3!=J0^hBOBj&#BX!||EDvS}H@J<n(xS$Kt14iC5
z1u0@j4F%_li$kzJ0qV}GPtc*3|J0`I4+lxV9G4(Wr64-8<vtz$3#B)|!sM)@O=*;=
z5_EL}w?BMnw}g1d`7#X#9K%Ei-u+TH3eDjnQ!~cixp-g2wqy5&O-YG;0n0%*LFrqo
z&T4)QI~x;8iik(`%|BhB>-VP}$av(1QhRzABp|I7RHsqXz|x8DM0w<V+JH3qtuoQ|
zZ96{28#+G+*gl8`e!?bulg+BLnxa_DpCHXb%$3r~ryEc*A$DQLcZ&NhO|4(}+h@hB
zS~pC2;VYXo%Mg&!jDxz%DMWLRl8^P>cStk|-<Vv!bNn}NW>i_SrKDFm)HgDeuHd0q
z4TC&ZSJqGGg|tT4wuw8eOZ>d$qRhK!!hN-0791`0D3>agqUxM}8bOn7M7|j(310zB
zApjac1!)z)*FZY6C`MVOTKw%5vEUw6vhJl9LvCmKfpQxf8l=(wP2~74cB^Excg&_#
zyPhRvU9K-fpEg@)3hnZ9KluR?x1Yw<NQE%jY{zFln1<h!l$cb%N*)QP(!BB_bZ<XU
zBsxAyVb@op92-@qzJw`9YCBk~$@0-XDKp_iysAeQs=_oP+yd@lw!-p;*qzyi^%(cB
z38zw}KU=-)W5)ZoOow~!%=*vl5mI`~l=v3-?b--e_m5vGwBxA0m8kAvG_+wOo87xZ
z<KoPW@D}_zG|pq3>!=%2Y)hxA?0c{+s<}*-a;8Ut18lQswyB<Pr35JQ7ju)`6)BT<
z8aRF0IEkn>uB4|##q)SMizo*FMxW_5GTYbGPIr-d?6T(sg@`<>-NROa#Yt)u@k%JZ
zEhiZq%R*f-IC<ZR)u_&vcOT1lS3?fkPo^Kfk*tX5u}E`UynSY|lXNxc<N@NiDcsu4
z{J}wE6+e<)<|h&dg3!yj8in<3;O?Aij$0{uZ(j2)FR?Z#nax-4bDZ_Ss9y+TlyPEM
zKXZRXVTob;vmh$&oZ_du8<<+HZo5Q`!<%eVXUZ=W7(GIgKRwKFfkG{$<iH#wU8im~
z$Yw)8eV;qrV1J*luJf^uE1Km;D&bw)pf%?M)lN{VAJk_^&q&%21mtdRz*Vz3shRtz
znO|)Z;o9oU3YOnPR-+Cob&>KuD-0tzzI1qioclGIEV8`y#Ett@f0nJSXayAaAW-$;
z<gp`>=3wzpZuSG?ToRajfU{~R0W=%xMBQ~o;KP+a?E0O^7bRt;83JpRi2LLr?DjRF
zJ0Zv7ky@0Z*y}raF$c?f%#c_8?s3^hzn+Gc>w{iPP$%8jL3mPG4gG{RQwrZ7-*2!G
zvErpWvM<Q}Y$7Sg-g~W^+CdDiP?czjUhUQBrTcj+Bo;$p4w7V8RIM{iIA!OP<`kl#
zxvVLq>iF6Qi=o`DT%A(ok`xp6D<CIc$KnQ?|0xj{En~3&eo^(q9WTg`v!{vCq4Bh1
zSt<?ucwIC76i`T;B)aiV7S|0WF7*=`3KHM8G2Wb_mOFVIa?E(|egKH?y-kgKqwAf_
zo`uC5d_&RPO2sjn3j`AzoQOyKZQfO!B8N~_@-ur3k!u+_x%jXt@mj}>G6(+P{5Ln-
zXVYP=N!b=kvJOF1s$#=;=~0FH7J^Ac!jvS_`2x)cWLk9fP20G->gpmLGB@b^6A-4P
zFVy(`ek(n98OHd*GZU+<nhMj0zGLq_xPm_V@$P2)Aax`A$`MyUdlk~q?eO(3x!@RE
zG%ktr>XFEpO9kZ)jN=s#?r=jmhc{TLB*ul!{WVyEwey>zozkSbg)y7r#i|Nm>WrDN
zeXKDQ?IzdBbAYu5@pgcvmf$F0@mh^^v4td3oh7uv>GVVu!5C8&RjTEE$rw@-SD^^a
zYg%#UMjPVWyo>L3!NCsd=f4dfj*~S57*DF1m%j2C90p(PqHDnEQ#C(eevh}lN>8J*
z&vw_6;<OqU{lI`#pWYQYUYJw)y~Tc$5Sw4bI6Af7qwr7#N4YT<fPwttV#DDv-q6(G
zVECv|NMD>3Yo0n?%2In5Psv)AdLs}vA%Ef+q`If_ZmakWExmd+{ceTJ1o8W?byP)1
zDuzk#Vv!;@uEOml^~Mbc^nbRhCZ+*nrn#oxFz{?~5P$MB)z*6Tn{<V#bwTt{y|l~F
zUDR&5-3fhfVeX@G3vGv{iH{d`yKm)!xo5B6n-La<HvS~!Ud<+<56K7~)K}j0B&;k3
zALw%U(;{YU#O4jRZyQym?Aq5`+h!0)q`59y4Q*q@@d=KeX}1%MK+YAfuZ4Q{=H36c
z4HZ`(i#Z6D9#Z<Dt%Qr#Q0r(URcxa8nJG;@Gj1~3o9Ky6lPFvMT?v;}5my+%#n``Q
z{IM!So=>fI^OXP?NK?V98@0FPql{%H_PH-Wcl5g&OO&mSUG;J&sc<W-3qw;z+X`Yh
zvRnTf5A5+(h1at1O$#D5tDz2`cB~Fr`<-hM-o{&r3zM3>M(^<ee^T6d-JiFgAMfJo
z#x(DxDJ0DQ?DGHn3vcpMPEtPlfxPcqRqMuLHtq(sw}lJP16vO82(ZVpqo0)3^^Kgz
z;U{5wvjP=n5z+ACSJGOnNeq~Si<;|O$h?U;u~y^S)~BzdQ$eYpQ=ZP=A$|REbR3vq
zw`aSP%^vxMvP;J@C;MKCy3(6>zt+J98ZS=qd2*V2GTQYw<t&pl5?=0P6$E5-hNtvI
zY$+-()3J1+U7#hm%`TchG2yD-MU4zUPBD}jAKFX*S@erg&4p7ZN}Th%xX-M1TG9Hu
zK&Ur^gj?U)7yZsb9tK=Isz23&#^^Z)grn>yc%eFI?qorl4{|nq+{>)jM@km!WIAa8
z^d`NwY`bLA8<_n)i);;7&uB<tWnls*S8kvjuNg+;zC*!C^zZxZ=%ycUsymVZHV|RB
z-zR0hha#>ba>LiML?c51##(^}{Hh~-2|PYDxUNoEr^?#z<3l@t;!oqJ_BOuJLHUjC
z%XQIUSo@k*UzOCm>QP5Ks=i3nxvF?_$^Z7(>(@8z$KT+=Sn6(ZzI>v004BD#blIvC
z@-<dLEFbNQ9t@-G-3}~%q9nS~Pmgk4QYqKSWmJFvDH$iTIBvM+Tl&T5^Iu5gtZ{-@
z^_itO=Ph+EKnd(oJ`<x%+L&~eSF!W;LCc8hF1OrCqgf)mG#C7il(LQKHzQ~WPxmvN
zc!c}`ob4eQ2&`+hR5WQDVecKR%xTRDn;!2b`<Vcys^Db+kS=-LOr)q1ZR3G{|He7)
zb~q+2HaG5k)=21?eV=}Mb1K?%01oA%6=zYk0w{i1__)Pr-UsiS6j#0JE42QZ*v=ty
zL%R4;q^8MP1$N+6G|s5`EzvA!H|d+lF0*U24{`%Zm!08HkBlnAoNzOY`cRdi*_O?p
zP8Ly`I_VBVGhqX|78%P)%v6P904rmy>W!zYdosebak9sQ=)bM0HClYgV#eeFzXI*f
zhl|)NoeFE>pr(v>dL1YBqf4j-M;r4g{V2jP*q7}1(W*(x6<PLx?$O`+K6xKVVBngp
zEQ@?IwoRGa*oLIUO>Huo`bsgG2QhCu2Vk3+ItYVJQ0^~(1IPOAZv~1@Kf42&M^Xw;
zX)CTe8`)Ntm8|*MS&W4D61n^>W2mK{JL7~MEEg|0egZTi=wEMAH6O7q7u?}~v=L1A
z=2IU>>y6g>rdp84-m&?^v$4C4WyPHx6RB#JrM8HXVol#Sez=m<v9j*3&RPjJ^N7p=
zznKyw_$yzH&xQm1-P2O3OdEcqh4g)cVVb&*COlm`TOV@*{3<;jL##<vl59ff^{fWK
z2;bk(xJ0+)CL~0$)kCgMpEodAnT-@Xc$6Dm(JC(}#y+{(rt8`Pp!3>yDI9O6Gtoq0
zze2=_e)+0I{KwgMF6s%romt_Q5RzpRWC@#uN$wUX$?iK=P0OaM=`qb93iBWrjbbG`
zGL6Tc+0wp`bb&JjbYIzfh(CJM2&do0Aih=X-T8c|f!b7(3CE;m5Pm2tlY&*aezg;2
z%%m1&i^Jg!=poMybYJomf6d2dd8`*>kuagj&p;~z3CJOe*M6<hfQR|VgjJtpjrH$1
z19P<^81ly>xCuB0tZG(Duf|cJNKsxtHAt4BDt16CbYL*_SRjIakX|nAYb~xwl)(KZ
zG7;ZY^kb|wgfG_sjXSY%ohJ58!5^vU><l!UEFq|>bk4Ws;kqFqhhx0ppEM;GGWDJm
z?4rVj08je>RBUB8pJ)b0aLpkbRI`6A11mXQ$|9{u*e^?ox|Uv5maS7D9V9zL)~Tv3
zw%ydM&&kuLV{tZ~P#<f+8?qif_bB;yx87JXSx-Dx2Dvph*BP5F@B;|CvOmW*jd8Uq
zarMX{&7TyhxbZbqg!<$i2_r9bp)P&PXq=1RkS>?4PExG9;h>0A{>@+foS@!du}qqX
zICfZ&0kXx<Yy!1M&PeH{zgLUI{0dF1`7l`}MbantB1YXuB^6Y097md7otQ!{Z=L%u
zt?p@lajLkGbz6M-gCojICYw(sA*@{X6~wWsYMF4x#54i3H_L6L%jHJt2^oZ>zH9-8
z>JN4Ar8qjnxvD=2#gdcXF!@euHfNhwkUv=VZf56lE=eifPwkU4hGo1pOE$~>tg4s@
zW-0z-Mgg1emT3H$cl1fj5Ovv$=aL#n9bjnrSFyAlg2I7%9Z7*{3kuzx8M7C|n>Z1{
z3YViWS9ycanub`HxZhdCqpvs8T@Ag!a^<vKh+Dvilrn#&XQLe3$K77hsH*h0^Rl_!
z*CRtA51!v|60bD;rAGS|hkH>n#3zX}JUW+IUwN6La*(=IMxQF5`uGeo@#0_F<CkWr
z`{UJu$U+UW+8BGg$*Y4N6+>d)Kps1*Dc6th&56wHt_&4_OCeWmMkb9SvJ!tLzj_Br
zIqv4K*;AKjqc7RS-$*dP`5B8L5?UsF`Q5b^Qe9T6mdi1yG+aqztkR}I^qljj4lAbC
z&TIS{?0y0?AJ}6Zh4&?)8zu7^1Rh4L=3C}OdvS}tGuVmrkFvX7YZXC36(&xmuH;ci
z>eA++VD6t(zT6cLX{ubmS#AG0z4oZ$RzfV1d!KKxWWbw>mHqyUgEH*F<A8MpY>-r^
zzq!0jL?!3E7}>BukWTM#0iSHe8GYqkGav<h7xy`p*?f=V?`MT~@hYFB`?A05CgroT
zdmkAzqp=FG8I}uqE5zSaJQtvjX09DzSQ6^pjnmmoC7l^fGm7?TZyZ;Zhb#boni?Pd
zjP_|fb4w(t+{=TO@-(|3$in7Ie~F|<G#_Z!>0&D+#ZGCgu6{*r1{yVDuwuE?f0FKL
z6OVcPkoA}#O~Re&a`vV0H}NauuijaU8f;#4%Auy!OJC>wWIQ0Vfipurx>)CiOSOk!
zb~j8?z?1%*V?9j+V54;`RkI?EM<b;Ek#0(+U|a-WjQLaf(NwWJ_o842`|~whotE6j
zNP_FN1E(Oqm&2hXFSx$Q0>kVyYjFBd(HRKAi%#h9nN4JJ9UVB*bpvBh+Qua}>%Q*J
z$|*Ftu$}u<%2}l5^qFA0nuew8fS*;!r|<|g+T{7R&M0fm$;teqO4&foaOnBxaFIOC
zx>3F_5d9BAI$@{q{sGSqpTf@klr;T*a%xunJ}DlH&5ya<eFI7+fqH$auujgbGxK3?
z1~TRNME5fd^PD!n^W8XUZE&zs{!}FV`~7RI8y(MfSBm@9W>V)}d)|84Uy-Xoo?w(l
zZxH8YUM?^%Ji#*g;2~a0HQ?i=<7SuLXvP|r_4eDaCDQZ-J-jHsjU<s;L4YiGckKQ?
zRqmgdt-S=1lvnk>q!$5=>q)MYgNweut)^j&H`Ain9$M=8>T0EAoZO4|s*x8NOA|85
zcsblFbc&@fV5}RuIz`otvN1;*nt=w4meEetA%eD~9v)bUA&K4T7oG-`D|J*S!p6FI
zqtlu-vcp2wfqo|S8j4(6vyzDso_KB?9Dw$uice=Ci5RN_)o;>UgXKn}%L%eEBTZI%
z7HmBFud8T3_f|<eQ1x~+@40h$nP@%2bd*fqSa<RGIiC?^*f!@~uhLyq{cJ2iWV>b$
z;^Q@FWPbt>gEGw&I7ui2NCVs)<Rm*nCJj|S8AfKBX~gEH{SsTl&*d``8)NY&s?B%j
ztbQpUr^!d+8g}6}TxOd}Ai8dJsnhpVHoPBlOfmj!THgS$Ls|X^Z)<(K5aJo=61V?6
zQ*X=B!E=BKGd81XFJvJ~f>uxSCvi(nE?X4)!}68wA@3b}Gaz(TBhgu$KTn+QvpzUs
zC!XuEbyT)ly9W><SLC>GHQ4QHpyV7>{hr7~F;%dK<g72I`l-2dG(&h?%+RCE<?Gng
z+co6I@@X=Hv;4e%I~o2+dh4^>5Tpcd3}OdcUud3P_oQC29mG!^^Q`&gEIE+mn`cMv
z?N5mt?Fuh|k+f+{!sVUB{6C5i*DaKM3SONdU`)Bbmif~WN6V@HwtS5aB+Zo>%`O@6
zQ)I$%pN&h3-mTtU_NSguy6O!{{VI;8LGJNbJCJ&DFoawr7Q_ESLiivZm?vag^acH@
zk$(SCb+~p_TYB}IFUrbUho2z@FW7#UP0PSglYqTQ6mAk!$oCg$Uf8jIRn+_@ZM@ID
zxTQz?RMrSmQyqR@Jk7C+wIPlEX7V_Ot(9LN*K#D9@RX(dXUVP7<~+6Hy1dVbWv!>g
zHD0ZfSBA((4TApZigCWW!W4BK-#V(=A9>yNn%Sj8(wd)t03455{SqiRe|7E`zeju=
z&wPuKv^Y^qMS2UdVZHG%ab1jS)})vymU7Br5RewqQB5)M*D-ImfNp^|Kq?%e3~yeu
z^Wky3#)eqDp10cP`gr_Pe}Bg`Z=5%6O{2+m$->z{arna&ZC!4Uj-kkKni#qN0V?f;
zrAOlg1GwF#LKEp^<957L-PY~rTYkQ)B(Ivq(v_HWQhp9}_nWunx)2W0F*fySVX(Ib
zPjs}d3twi_hMC7c@hB0Og$2K;UK{EwOVA#>q8@tLx5s+56ujmn!pX{UlO7DOtVM;^
zbu+4{)-k23oexW%8%G+<u7-4ZfCB!4QMKwv%`LXzTI~v&&?F=BHhnf6gWPM^k0<=q
z^Zw$$$LTL+Xj5S6hu@FqMo}wrKKh)BUJyv*noBpB1pZ!B>>w)~^PIww*Fb`Hg^9?j
z`=$DqLwhs>S;>I4wlb%kwas8xW`FEYYBhZ=cARJ2ghqGVUlabWGbC=ZyAy#;|FEh3
z_QolQi^x_dRBbTz{r#u^<0<o)79woYn3GyNiH{&x`uO7|FWZJXKc6UD?x813W?r$T
z4D@vySq+_1&St&Wr|M5RfJCQXQVZa5m%7)YzJP40*Yd@SwpjLNgulI*KU^?<wdDBi
zTvn>lKGwtA&t%>z%Yn>;TS-o-hJiKn82!7^^H;*ZU}3TP*!fVMlVdd+Sh&>`R_q$9
zF5LgQIpz1G5SgU=MLwfb>8lx`Jaro{6LDZ$S5j6><-`X{ne=j}4Dr-)PJ8CzuS-D5
z^qimm+S^5@7-RVhapBy*%%7gKw+$`SaSW^J&FFJm)&FLYY@N%b|86mroAknZC0?Q#
zW>mPLeUlkAuX9|kF5sB^TQfuHl9FuBd&-qi=k9Y)lI~`}B<0NlwTY|0zI9fB1Qw+j
zS+C?(3nbZ}Uh2*2VnFb++$avGKzq$=rfs1$xqC|P$BLZ)4=+H_zu2!{3j9j$DB+!)
z0*#O|S9P2MnP~9TJsrJ&O!Cq&qQmd&y*>+Bmd2pk7*%`{ZfesC636CAg4`x~G;-3{
zPNsf{3}!{5YwN6ip)3}fY(W`6P24+nnP>Yk4`$aUHf0>dyh{!}k|MK`g27d-UiI7B
z=b1X&CWGQgTv3~TW$a32<eExE%{)8msZA<bm!+R09|Tr7wS%%8R-Sbr!97G&Bu>5Q
zl{adrCNr~o_t}}D=TdmEV#~BxDF#`L5l%HIV$BiU$ZM$+82ucv8Dfwp2J<O@$Vl^D
z1S|7^zIQcYRE~C_c@x4GKBgo&Dv6Q-`rUji;~*?$GiZ)K5->v+7dLVm)xw&RhNflh
zk*1g3l2zH!5Jd!XYHDt6WXTVExvR8V%!ervyt+p=GDsSy3{M;}(qR=1YO^>Auqs?A
z8;w^Ej}kQpuPfZJ6I)X9)x*1~*=mx=u$fI!OT?(A`XF?iu!Fp!)R|i{(5K8vV#tx4
z-=frMNUUiV1Ug`cgAV5<nTbmTMjy+448%tzkFYsnr^lp~*>-0|r9d_hHBtHEyjC^7
zvL2FGnF5riSwQx}C0$#UJ;OOkxQt`fCX%L3)q_mB($t}&WPqt#oli-kI%c{v%0f)r
zE^`%ZXV2M8zNW}Q9tmEj)JCj`83#$7U^Sns#Bq$%&GsoRk+QbQPmsJDf@(3wVVT^l
zd!jY!=N3OP;BvM$qlv7YRY${&W2%yWrWzC~5?DD-Szd5l$5~)WOT6<3%0gEe8TFEH
zW+QW>q?5N(!dqlhs~OYQ=FCbA+3x+!CqWd&1Dg~en(<W3=<NhpWVqC%pAF4-Mu_`a
z$Wrc!Je9JfasZcV0>rkhF33HXoIGm6@wUkINw|+*azRkVWi@4R*X)!oCD%^g+#z|U
zJ536g)P@tQ{B6r6Wk6G@h%A8QOv`B%Sw*O*fPHhF*fvE4URCMfSXC4$!580rL!Nb%
z_@|TXafgBo=#*hAL9E1#xlDGYk2@-q46^Kr>59x<8r6{3yqb`y3k=;&b^j+m@6c<q
zBSw*Zn+(KG5V!c55E9jJtC2HmQW8UhQOD&&-KvQ}t}Rxwwq2%DCysGJM`QFkMZ73A
zH0^jY(;kbvNn1>svYLnzv{S|cdJsZor<tPs#Hq8q0<*$TM?6mkNxH3@6iQN0>FiUw
zCkb@wCm)Sb7C0pFFLf0}dRgeHR$Iv@P-CFt>a|WYUQ2d3d5&ffk5h43%C&9jf|Mg7
zY~|G!BW|(;kCJz$amlJEP14b{B&w$&2?0~Ki%O=?*0?j1O09^j+Ysf;IOS*>h)+f#
zJYkFNc@<7;LIpQaO<^vHpEWLX@=}#XQ!P`?ZDTR{!ZCelN}9Mqvcyc35k`?80k)s~
z>N`$E0!~Ngm5&tXW8zsERu6s3u|_Ir;vGb-;j<ufVKDRjW+bAVXucw`Q=CZPV$Wr<
zqE?B`P^6Y|mgLH?W(|E1DP>6ttnSM4>WU@%kd?iIl*O<W67+IX8HxEyel41vo`Pz+
zBAAVnzI>7b7%P$lqLT%}Rtp(3!(>tIvty%`4wMZo#9V$HlA$YweH%7JcQkrCdrm1y
z&|)8C5i)wp#!<}#$!>(*Ax{eFQ@UoE@_9*Ory4t2oCMWaCQgx*hsj>au0&q4n;21{
zAim{T|D<w2_MF(ET%hT*7p10wZmPb5JU~RQ>59*#Ae8vn6|XMhMiKB<>?sTJmbAki
zpY(Zk)pcMhR`p#K9|X<$BU#hXOBREx!n$y)Aj6sY`w7SnBynITMW$}~0-Ol3rx*}s
zI0s5vs#5cU)awJMl{eU&6C}S!GntlKnwYYi7bI}W46VHEP`O0JF2`BU2(6ZZ+}FTs
z;ATUj+!=zrU^}DeikyS2mS?a+`^UQem5N~+#E@KXS>Z-GM1pWD$m3SBeAmo1XxQ>l
z9j&{P@{?z;?Sy(CYxeHIKOM4n@CnD$+hl9!WW?&e9yo@lV`MdU$Pg?^8in<#=B04@
zq;uDlrgftx<UVUyj0|F?n&!%8%%b-ko7K7+lG|giBPCBpZO%3eBCH3KDQx>i=1tL}
z3J575pG{>ASbT4$#QtNo`cEV}V33)ukV&f;m-3LahYiXD4RdDl0%)8qGq0}Vh3oHT
zp*fwDFjyQI6CV(i=149hQhA?xM%<K0$cVf8NIX(~COC7Pi3-C>#ZO848aC0hai(`5
zm);;A`6CWG8FGHLY7s=uIgrTvq&seE>Nr|jGF}a?QZ~!{QMKL?aln}-V=TANk!M1s
zQcjJQM$fXFq-0Dc-wL0SlVuS;z2t4(3pPbtD7V#D$K;Bn`6j-R190(<CDGhi{V|wl
zR?W61rtCRMM<}s5bOx2|+D=lo1!24UMT%9^sPe9|F*WwR8VIL1k&JXBXOiY1@dJYl
z#*Wz0F!-$`+&Id0=9`a%`)(S=HKh4gW`TTlH4#$ZXoN{nrxI1SizQZ>kz<=V7f2E%
zE{u{y;4Ir$J*Bx;6C=;CQO~t3&$nc!HY}N=4X>SI3+q9B>v8Z7bqXoXu|}dby+{vz
zq6=9(K_2`t5<D?WB}kG2hCxp=mz?O;5vg^ZbS*8+HgYMzrl|>$H1YFxvBbV%8r)E)
z`JUTyDPSVhaamc&+_NBL#2c$CY$u2#^y$TR5>)i2nXU-=A)&q^q+OHOX(_#K$c^+J
zm-(4mDV>u%aRx>uc;kiZILV6dalIp9h*}|00da`vYBW_!*H3u}jZdcRg!{;u)M@I^
zn#f>vuKZcaxXiIlUb<o^ZwqQPE@g@Fq7ZD6$|(K(G$gO74#V<^;}u5SXWeQ5q7~`K
zry^Ry2~hStBTI=^i-<zR|0hJ>BJv?3NV4)sxSg;<EynPTWQ$4}oVL>9q|KJ*J>yUn
z>$W9*(hI1rpSYPIp77#-I>{3HB#M+G-G*kH>m=`H`A#R<AX5(Ro;VzI#VwgAdecaf
ztGd{O>Zz7RB}LMTO;LSBnqGvRAv=aPwv<zC(Hzw+mn#Y>`<li@NJZ5Y@ywX-P(+vX
zvs#LE>o~OsXIZc`fk|EGp(#4vnj|o(dCfP+6&6xjh;efAZL8VyP?dID6%jS9hagH$
z{1&o`Hd+$MCjDR$e6HT9NbF4(fJvz_C|jFkp)|5I#0638Wn}Bn*=m{O3@n8heM*Sl
zO5rJujB2NXtSTpXmdaU_6=U_-C6t%+JH0%ZdMP1~oV`;(FHh;&bK7NlsfbcgIr%ub
zx-?Q!$in4L=j|JtYU*yq)L|h2>#~v#$LX9QuSO?|cuM@9^p7FsTE{qqb#ix^6k?(7
zCM~RZBpY$h9EW6`PENy~vW&4Oh_EmdBgwP}DRY1nKNv~mMniS@HMKFSFO6o~)l>n)
zR0XT8xvoi5t#t@0nsa_)Raay+WrY>1_Hin^R?lo{qpYG&Lvv$mV9;1?zRFr_t-nE1
zfSstRb&_1=Mp;<sh$RSJauPwHZt!ijmA8GKEWMF*T5QxwnaqPGYp@J8S%IygRn_OA
z)+IX396GX+LOk>m=%^7djbOGc;mXk@jK-0s;;Y)v%_ogy;H_u*mHUNB)$FX6M|OEF
zo)gu#$sMX|Zl(q1`K<&^fo!u#7Cxn>`531BJ-m*Cy03Oas;a4}44kMTlm1va&?Jvd
zG!i5C&(4C{hb9lYi#Mh!^ifC`GWkeo<tMVbsEwhPB`}sdqnS^hSsj)B#+iL{oF!ac
zW|d;SrX=$zsgh!(hRO3k9_AiesJNIUW1f^SX{#x!lhg)W!NO|>v&{QCk0z@n%+^&W
z!GRc!$64rt)YlRQtR?z_K^Eh9tg(Z%gc^b#M|qBfjJ8!WO6oKNs8z3JF@}tENV}<$
zN?J*{B9rTRLpa=#`pVPt>#&!bPlYg2y~eSYiC`xOn@Wn1bUc>WZISY-M!4gSKl3Z8
zpGc7f)ugElVg?<B?c|n{Sf(qE3rMC;GX+RRoRQgu&9YI0VgW)5Lk+5!Ze_9WCtC<N
zTOWgj=uX7I=~9TsFvBaYq$+3AlouzOT8hVMi*zHElJc_C6!~i<P1Tl0wk8ox>Znge
za5NLH6Nh4Sw>>(;5U`0!*?NS5si*v6MjaA0W9~4ITjpSK@hLmCs;;E;|7j^@g(t-3
z!j7j|&02(pdWO~8evZ1!OH2@PUPw*fewaCRw$Y&fwk8E0bAa}?PYNZ4@R|;3oK`T`
zD&sH%F1#oSZ^TNeh2Z;MVXCi*9myD@()Wp&#w2yu&?qg-l4?rr<c_A~3R$B0QBXa~
zn8Q@q*+kOf5bV`eCtvlM;b$I{36&i7q{%`Yd7F7da@qjQC)&$1VRce$wa_#%t&i0u
zQoYo&AZ+aFVoB223M+}vTqaD^5^J73**YQzTB$3T75_!6WHm*aaV!UwQ4|yWsm8mv
zQ<;^%S34I`uT+~|Ej*JTw5gMMa;sMZYkrLS?Fc1iE8nqdRVx}CY*{BX5r@u})A*W+
zRII=cQzE9i6amkJpr~T2CUQ;LKpOr=&@`Tqi=d_;EY824@>8Pr!rX`tODkzOC`>mb
zLsHMBG$<)mu{tM-Z&zP})SHQ;Jhciz6)8<v(QHgrO~<C85|cv5Zz8ouV<W4-hOji%
z^+ICIG((M47pdD+8BS8Xr=$&<C#I29bOX_x3qEe9a-@gMpPYo0*+h~=vpviwbl*3r
z&lEi;PNII<jwUh-Tj|zTNl4qQ6XF*`SSMLdYbMKdC>hmLf!r)+g=R8nja>3=vTDKN
zDutqFQ0*FGnnB7WKGGblB-^QT&QMba*Nx<h6c7Ed6>HMA8kf|{%B;zq)|AN{2*x_(
zYQq&4z#5YDBiZLG)@7=9wPp=-qlZRUE1GI$o*&48SdpaqKBe6os-Gm|(yC3#N`e>L
zO)kJm@eGv|kF%=Gvf5ZN9WMQb1edwH6abtkp=)Ky!K7@WoS~Ph%@--tHs|MbxzAOV
z;?I(AxRnZ&CPj()u;nu-j`=cXDJ|((bGvO7eII0AF~c;OPUF5Zx0GH=airP0byfBA
z;-%^f*wgiP9I_N*6VlA98iW-0$2yf&Mp`MVcBm<9TOluLK2AC7)nU+Tuw-j1;DpIQ
za48>F#ky@()5L9sWJrKjazt;2C9yI7(p_lw-nw}8)>MTrU+nuifyz|0mt>kpXF|?p
zYhDS?=w{<h0mMNxVw!mJSWC;0!YZiO%9b;$OUZunP!x?lO$oThA*<^&^pXy%q9r~k
zsE4C_STn432CcZQHbYua9B!H=ksRow)BUxD!dHvTM~MT<YzlVMta1qx^?lM2jIx|t
z6D|;7w3fL*i3A|_^?9p0h?J<zWnXV<{H)~i3R+7?4E+srOB&(L8uKimOGZ1aJS!ju
znR-zJfb245+vuCQnTuMo>$bFus-HWSTu*I9;-_9RLZ2iL7qjJ^Q%P~CW6c!Uc2baq
zuAxhaMWec=t7HEy!)22CVY%f>dzy4ZM5T!sE>ls&EYneze8(_MuqGwmvqXB=gCr64
zlJu0g`ejzfle1PJc@SQm3rcy-Qr=T_NM_uUNgjpd2I#kfsTyWoC||1Sdbb#wCVl1E
zN-#u{@T96pD|z^jGqhe0KCfIV0cM6sZeQy!arqT5;V3T4l&k8nv9RFv<R_O57gf%D
zljU3%BHgknW3*Mm({ft6Cr{*coU|KtO{_#lTdAYZxV7yxb+n|(ZHkIuAdYZejCLy3
z6eewHph4S90-bRtPAadF6~iLB)5w^IEby%1=V6^ZGY4j+`3<!K{v_2(nxq1d-H?ls
z&7^!I-<*`rK;z_UoD!DTPupvHL$CQtmRi0b31p{XxupwFPCo2w9+n!xY12|_XI0Ft
zu4i>994P#qi1l8}eR+|KPD85C!%@;UD>m-6C}BfXIkZ6W8CtqR5uZ-NI<mK6YRO#L
z7g%8dRxFIkA7iX0+kTe7d7%2tPF_1-jc>XNx5^0A1^-Qg7D$vLBbu`MI2o{OCgn|J
z6K%z95qYv5H`Q_FL~(M@sRX*^16&g|U&Wa$xLWjy!UZ5g%2GlPjMPg>Oy9t3elx9@
zEsUWGwW2=F3g<_l&Pt5;oaBScED#}gIHr<N`p_K9uW|LF8b}z77QNVlwV<=QTeQ`4
z=UI@YE-0#&atk^oFhK&%#fRh4=Ql%n0z;+_o}_ePlKiQ!3DY~`9nD!j)Y`|&k839h
zu2R;JvCCN{O)22Apw5nFY3C><0k@RyQ1XseGcQhZ+E0ZV)E#BpR$WUD>PMGikWNVw
zCA$=+U{;$Rr;}QTxxz-(ZRMI2KEJ2&A)}BoiUiGE=CXR;Bc_cbF>TTUXsP$U5ZVzd
z=0)|_2wHV+Dc@|G?aivx8ZhdKC-*v%dF#2Puo}DMVl+@n_Kb<*AU&;=#!5knBPqIM
zHPJcgw8iCq9JUKRu|%L*8!AE2H~Xzi_0N+mWv!!N3*C@}8$ol;NU`QIFBFb4m#&}H
zzqiRlXe{nR)sPXuWLm6ciK#~+&%KvIQ@Sp5mDCt3RW7zvGC0<SK9+E{M#zhHk8Mgq
zD~@6uhbFO(xfPCrNZ2VyB0yC*tfji;S%%b#<D(It!#ZrG27I<{;bxnGpg_v85^UyR
zcaq3)3PP<*L0ZXy^Gt58mYc)8xMiqdqJqJp*h*_ze4VszR^*|Y4C;y6bwlnUP1T%?
z6l`mY=8`Jhty1iXAewg2U{X;E>)8fs<~<2{<R&IiQ1Ov#7i95)1Bs(dx$gUl$E8%X
zPm+ez7YQo8s<Y}O5806t+%-)ARFhygauip^SJzohx}S1JCRBlp$f;xxC$|k%_tvtw
zwVum31xYG86MH1Vh7iV7-iM#Hm-(=;h_;l}K>f@`xRNWA#bID$F5N9lf*qHtZizxN
z`3&})EE&wZ!->NbN^6Sq*ugR{e5P6`&CM_fK8>W7n$;MH#&(SFP_cv~WoSK5K}Hpd
zY5Ad%CM%wr)USyF8EY(m?hc3CB>91PHI(*LX5cFS$r&%Nbs%mlNmtq6ARQ^Cacnc+
zj-F($9(tX!WHB12A~aHJLknw%rN~hdnB5L}n(~3kGtNt{KUIRT{?%!AD$OWA5pzk>
z=ufQhoKhzoJ>RRDc}DXnw#6HRcwtc}r#KZ|tSx5h#+(G@Sp9kid3r3vYFAM`^V~N>
zp5#e$eX@!}F;m9GR5aIxQ`4q;9<{7i_mgR_ix||_5}#^vs=B;xXJ0e#O5P$e!HcP(
z=cMQ%JG%s{(w|kIL{a`&i3L)}orDHXR1PP^Ua^`VGZla1?Cv}wU3LdONx6R}S`l-+
zl?`T+31{OJTki89J*n={XK{kXPpPk9q{Otkib-aUChI2>#ne*Yhs!*bc-srJxSf*c
zMA8s*4ixp7YWP$@Dfr}%qbUpGn8*91=RVb09A$YuatWcaWo7r|Z`q@gGm`9IbBw1*
z$Ru2(6vICAwox&mik8GhE|rNDPMDTP5N184t7|EMbFw*&k4-i2+G20<no^Xlf0`5}
zrQ7bRc+k=u4=tmyye&0m9H%VLs$o60DMdqaE$~`FU-V6qs3pZQ^)oQ*T9*O@ESp=<
zc+pLjjFVT3*8LZ!-GLVB&uzm*tXQBLqy&If%Y0tTDP2@Cuu!{OE#&!ATUj9muU<w{
z?*jq&G-SpRtrvY9wo^-x?tl%M6f>AbiH<ct>rniB$aleu6>;b_b#Im~L&}YD2@@lZ
zD76%(CAAzRwM9Jz@Q98=Xr$NZvPPDdObdb>Co<cT{4=DjRkx*<bz4D~$4R|C(8}pr
zUby2#oD_9aW}Hg(Kb$BOdnzH1HF~lyI&!VCKQt-%zvDsLQYR!|wsuNbr&-o3cDqR3
zsZG968pPDJqOa8eo_^uZ0uRlEEhn6~Q;|7^o-UPpO%KrLJn<oka$(ykZ5+1jm_5#~
zC#lXkU~<T<rkNNm=Z(~eOHH;>Pkcth=N_H(eC<?BJr(ki3}nf*pO^$4>5dVtOrHxU
zbyZ*8+Oh`{r^3ok!E4o2`nR2ApSBmjNtTiGaz%}h>@rzox2hsjw5q0{Njf@_fY{-i
z6C(BVbR6W}%rdb}QC_s5H0|FYGbcBKmcj0*Z#E@N67M~?<?5JhS%UW_PV>;EygH=H
zME{tkrc6rl{w+zcSXYe^Np0e}$le7Bj{E6GS(YY;+GNk=p`bdSj)H2ie2<e7aea2`
zpQ##LYe=)jrK=^E#SAQbK_0I)5jm@`rSYtUTX7Z|8EdJhkY!%!IMKqgY%o;TmeoX>
zbTUtw+?HzjENN$XqedJZUrRMng&c~VDHZG|{ijvMNo703T3r!Y-Dv3bq)7P&?A9C;
z9JIubzm@8LR@^d!+`iaWDlU21B+rXx@+#^VY7B34d_^lWQ*!1L70`suOo>)RW7k#x
zg|SJiK*AkT+QC-J;zH?TyqX({+cJ598G-+-e!17m8-xy`^f6G^&5_H~Vzj+JVI#qE
zOQL03d0PEh?mFC7YhqR%2#J^k9B(JAPEnkr%#7u?@>o>0(2Nls#vtS2=_EesY#WKw
zBiF-_r*q!czl^r?2M;C6ft|7_>R1zjhrAj?*JzGKweK6h9n3Ux$=7z2>aT0z5;64j
zHQ+_kCn#H4bDBqZsZq$OAR-wyY;w>PS%?fYTQ!KPSx@#iHEOj~K#9Co-)31Wa=(#A
zP#ER(I98p5mU-M@zsOjhrD_+I;2n$Ns$o-l?-VZ?$LpCIzgsDzg4`-4FHHFYh7u2<
zD&v;Z!q8guTcLBD<uI%!0I#WMz+t8WPT3dRIuAAVpa=>vgfDxNm`ogdj2f-#>hVtg
zNH()IaY{TsN#7^ulFZ<tQA;gVx^M_a*tP+so(+O-DXKO0S~pym2&L5FR+=kP)dnY~
z1NB00X*9$k%RBUpl=$8)#ZI5qrsE>^;{MLU^jujnqGG|T<s+-#FxIrIef85wfd^?t
zl3<=#ze<*Ix-F&QIqz`T0`7Xq&1sx>I&4+=c_-&@E;xy|n9Gau5Ifya@jSCQ;gB8+
zht=9<DWn*e2(WqeNHxB;Tvj=iH6L6Yz-VaXNy62~d7Z9t7DRTOWq+{ZBwAJOEO$;g
zHe0F2#)+!mXwYzGwNisz+ocHf<#vE&7QETesw!IftHoTNtm;-!SM^aM3iT~FvxY>*
zwOz{XU9%a8q;SB7A|WXckb;Xjh|K)I?7iD^B1zLN7?1M5$(VowJ_Ixp{9C}-Tx1o|
z5RxjAMnp^0(~tRSxl{kXor|$uW}VRm%1k07<Fx#+7U(`Ojzysg^TjUY$vI#1QhHjC
zoTrsVKqLNSWzMw~9>6}D@b$?vqJ`bta}p-asS2ZwCC0W!_MVYt^MlH^nbxu~IuE*-
zZ!j-z@zB&hxDq<o)?dLpz3C9IxQpplfLz>~BOmN*=W-i{ye^OpiPdQyvkKjH=k~|B
zMJ9zb(_Xi<TX)*NG{fOLWReN#oonInTjiIa-2xKO`%_S@6$?v`G@24f<TIG}Y<DsC
z2-KbZHQ3K*MUgP#gT^f`wlND#!;oB>jcr1!?CB?watkH}+tXVbSu;&t4fhY}_Xq&A
z*XClhBM&?aRQEb|D;fjbZ?kqsN9og+vf{)Ps-aPrPGNQ)H{(<DJ?l8T-hqXmG|+PO
zVL(Klx!}IuA*}1!OeT}&9F4(=B`?e$(F<`IO!K`Wm}!xAmMWLsd%0~<qxFs$!Ns{T
zC<7DY23yBvb8|&NwPvPwT|o5_bVl`=wMneG;K*>-xXb`AP_tBbaJjQf?@xE38tk4Q
z*d%I9rm>j@&d0uSY;0+q{50k}@Ra0jq?~Tr%+nmcFuLdti;9UNVkf*P?!LzSD`ViV
z{#Uyq>K+&=a4##=gVEpiqL#(LFl+2+bax*?zxVW<X_TRV=z-IbZunP|fv<0Gfu&IK
z)=<fyd@0`svS;^4$H`Os2AIX3(N(r3@Lsf_&g1#Qnw+Sfpt*~_7KHf8u#oU;zjdo1
zeRL}b_DBn`yoUYFt_7u^IWn;Kk}7C2saqq2wGhNWxZhl{0b*A+MQL88^gDjx%Z7dH
zGZuzN^qE;yN_GWJtDE$SXKel!mX!HyaprSn(bGw_b2=hqWX<pO@^=14;bsE;$FnQG
zg&mnh?gc-UO-K>3dt{LQviGGO;?_1F?Pq@L>QBxRTy=r&Jdmh1%Qbz$mfa%=$ELz&
z?3Fu<uh@scCy6+_BW9O09VDdcUwx-}L{xcKv7Ptna@DB`7~DL)Z7z(GGMn3G(EDkO
zBxEnt%ukR(^!VQ&r=s?5+x;y-skSi31!pZRI`>E~EWdc-viL?D#mnA01pb>VG`qA}
zGrA(#R(r{oFSEv|rl4=djTvNHJb7i+LzW&UFt)fqHH49lEc?MDmTgUi?Y)6aum$>Y
zAybi*ezhsU?kM7K9#yNBnE$-xYRX!o9h@x=21(6ZBxPteR&mNl;1=p(zB0|s(kX79
zhYG^PyB+Yta{nID6Q(A1uQDici?a*kmOI3#cqAthc?UUQ{G~^zub>$yZut8|<dyoU
zA3zDyJGrM?5LUgtQBO;pHjqQA!86BXWVLHqXpRNj_xEnYkwxnncS2wfMZ~^Z>O0pt
zgGeWY5ZBEGd<Jkv?GUjyx2O^`;z+|3u)p?3V=ApNa7CJV2Qz1gmwjwbMT|9h;an2C
zavzqrL)@%pEQ56HVmhC5dpmoi^}cxI?@RC53)qe=usO0nxgP}yd!CRn?IDEW%2NyE
zO6;7Ru@4F7a2iN5t9=}qLr&fucBH$&YuTJaWN`<TT)`pi3?4M$ZVCgc$_r%=Rnx5m
zjDfqLiqN|xv8zw5KjjRkwVE{x;}bB{Trg8Id^&t==<X}nUzR;64d$Q&o!Fvkk>Y-n
z1xy~(1~%=vTXLQdz8Xjk_ravTQ&-1}$4gB*GrJjC=M1=Tgy4w@Yy~?D{b(^|eFBA&
zu@U=<`Kr^F*QlqA<z8`$y_6R>|48<c;g*-MiI1aZ?h-var2ttK&s7;W$0NEv7G$({
zw$iTj`^T(X$hA|OX!o-V76r4=+z1Jrq}cWf-JRPaqMvyQ#tfG_oH$F%)-^-67FxJA
z>$ZdwL(ODhGScR-#Kb(!$bSibh5<q&)k?y97W25iWEVS7k_ro!GoyI37ZcKL5u$ic
zEV9EA_7tX4q}71$+?+6;2|9C2?^*=|$_K25FK)12xo_451a=|aQRmv1?C(@E13d&<
zX=-x`wtg8x-*iq6Of1rIU(8%O413dEhd5sqKnCNiZaFpE3$#_^4!{i55i^%$u*rCl
zk*A=k#Kl!cieX$Q%jO4s4mua=v2J&%w=oXOw_)6MGyu36v|0l90?JG+ja>aEb7b-B
zvfO$oO;sbXs;<SL)5WGUEA^%eY5Vu|KDM21K{wUz{$Td^&0QWUo^TiyAWXmoO!V_|
zm-+luFj+jnfw2hDI4+?Ys4q<kaioC*ygPS#nx_UCHCNfw7ryqE<mYwE*SPa&trkRc
z<*yGGSPjaw-}$2_t;U=uO$*NoGdJbVuQW4l3?U`e?WyGz&293Wx#mCvpU$MSz^75O
zd=%@GNb7hiPEs-PWPmP48+r~%pgoKnK@gO22B!wy2B8zo!A2vYLj_Fe&*)&xdYIq3
zW4m-e+nx5F@v&vl6{;w!1+9+q$Enzbi*mugH>bYFjj)TZvMVXSwQGOmbl4e;T4t|Y
zcbD!h+Y4M|q_6MQaPB0-`%@2oy>+fXq%uk!g2-?6=NM`9Uo8Y;IERq1=7AId@l-E4
zxYDrbYmP;RnQl{HH-!x`dkl0iFIp+Hg=gn+G71PfjM;k(H_RXkoCguNU0A(AE#%An
z@@{=Vwlr@$H^Gp;hnmL#S*jKmjyOu)RPGSPK5ovo9#}A-z9jo=L?3e|Lw8nOKQlEa
zaZoIM7m<U*RnrX?sx~TVh9=%Q>M-vpuOt6sC3yCugQKkr@}<Vr4o<?Ir6UYYXxX}-
zQ@y@~8s8g>1r5wiP<43fFpFPhG&Dp6dJL<JTw%113?g%&(g^N(4VG}-m<~qJ5wvPm
z##*SUT@<7_MO~nK`meM!1+ZO6^%cEXBZ}75#b6+kMs~)hddJ5+cE{4nh><2{Ru~pU
zlIw#h%cs4*4f0iIB@lRp3~Sp~b&)~nPTpx&q9|G*YuTA!$5p*XPEasJg8I~CCl=uM
zjDB8~mum)<S1xkb%&9#0WOs9=y+8xE1CM>&x$jD3bHD~_gEad^r=3TY@~l}N?5hD(
z;>`CxQW7Z$ehrPxLh>UUx|c@mJI$4XSoL6ZPJU@|#5-dFQlS!~jhew$V4lu3XpM#@
zGdMwnkfNa=8SM$APM##q#hq2jXgkdd+Jv3Rzyg?!oyHiatc%{u;~S;1Y;*M9#sfZY
zMu%KI4&r#HA*$NILH6HMp0@?>Z3OS*)Ewpmf9(*-gVgV?1w*!JyoL<VHIz=~1#|iw
z7L=8F=Z4Nuu=PoKA0(9K7SAzPN6H(<+BUdOb|x*g>k-$fzv}FObEJXrttXZ@Jnn20
zIPRic%9GK8iNC#r?0L3Os(il<90CkYI#5+3C@bR+57OnQ@URSQ)>e}uoG3yW*~4-&
z4OWzW*1<CMNP(Rud`vxx?xFnV(wk#{HT8%wn*vu7TF~3V!&~cNt4?`gI(8OVV>_EJ
zrs<3f**Fp5uE89qzoD#4k)U&`{5J#BFqvl1t_EkK{bgrSuw$^K@-B1Lfup#EWK(s4
z+~xQgYTbIojraKnXwPAB8X+BTqLb*N-DmG_G3_q8kTYky?+rTd5sdfxwpVWF9<?BP
zdkl6B^Di#Eu4>_Ty=Y1GR5A@4D1RBy+eJF>oli$oVQ;hr@6pw1O{dCtfeWLE)PM=!
z1ucqYMyP4fD2?{Th}JaE(m=_eIOzu5l_MBYaf5FcYYbyd2x(wqFY`V2CU9=-EUd~5
z<Xz~6{y4J+2hOy+%kePH0Rgg|*jfU;?$$(A=Uusv3f#B?=8FrvtOH5gT&!#*ijf0Q
z8{(Q-!n%Di3R$}gqrX}Pxp^@ibYSS+*+~nFuh|xdXVpCwzgh8Yk#z%x>bvy{3l_bm
zGLCJXT?B#8N6WVpZ1U(MNC{uFE^sQ~(Yvq8!yo0j_c_3MTL=GY7WwPMV{-_bEV_^v
z0$rwsuP)D$Xp|wC)+0#JmIRBPZq?O2T=v2&EnAqLC3_9r!&{HfM3&tt$iO44;R)#v
zCq&dQ%RO1{v>`Ho;pyfJm?tq9q6Ik;=tjQRiEC(XJ&;pFprcP=2B!8Mf}Mu8=|-f#
z?awS>&@8Yvhgi;G*JH<NPTQ!PIc+@zhX5L$bThdxffROQl!s5{UN+oFgkjrWgCTQf
zPyz(eO9<XS-cQz#*p7_VxVr01Gtc%&Ye<M_uNZ;iX$M2i7(0uF&3jKRaA<f^><B#n
zGKW1FzF1h7oFn~si6q9=?-{3a-2)8NKCW-3(}$g7q79x<rl-Di$F3T!n0j$N5$UnH
zK;$<|{VK|x@?yLK^XAf?n0q&YU=ecp)1ZW8@;wm!%H{6!V|Hxw<RPS*tB5TrVkT|r
zmFN7Ahp2J!4XK;HNPDCx_m)R9<jT)8tJyrzwa6>T&f@A)ZOTpP3DuI+H+1sAknS%?
z+uUrUf*AWz@H|XaAm+hl|0j<RALJ6lpN;8bjumHQdFqyI`2@D@=V<=U_VXhfTOoXT
z0I&O?ID@(qfCdwEXAX#^Z+d6g6KsHt*ZEB=6Gq9_qjsNKj-Dya^b^U?Aru-AOfqoY
zqo5InRF0unc59+*bKgNJ__S8!5iZP*F!UoC2IJivb`N+?^U^&AH`mbSL9NLE=`sub
z|FHemDTW@7Geh*)+!l#__DErmwo;ts{xfrqb~^TDG>r<V-ZAll*cBKt=rHYI&EyC-
z%~v(7_n09MV(>J?RKfJHa=B$~vI4a<`;q77n{tWmxeGQIZQbrS$pt5I+Mhy%$r!z8
z<x%fG?<wE8PLb;nj$uJb&NOf;L1FgUW6;?Jy4D`dTnimS1ASwN)x?5aj_6@N_wJxb
zfy^k`y^f8u8uBE?3^=ZLVT!n*6R`a10-4d`zGH<QFCdy<6~z5pLJ$(jz$ut5X>F~#
zi6Eqybhh;!8TJwx$@^4eaGlK|qhykVHR{N@jMV@c?#exA!Ini0z*8U5V<ghPv=DKx
z^U%)nOxGo3Z12PLwL^@>M1sUEC1{~ipPF~&gt6{dS%W5L(?K~4lu1hnIe-;E1k7#V
zImzaEF~hG5q&}HdX4BOFx;D1qO#`B`>;mjK&G6{1+~PDKyrY?dneQ>*r9n?%THl*a
z3g-jE3$1Z6$a>kU6JpRIYpD-GYY^~M;0bz&{ppS-qy&yQb7Xsx<kV<G&;wi;>^WEG
z@86#+nq!H)E$~mwVHuNDQ_I$V1ZA`fvRWOW1hfXv?%Z-SdH>!l;7-zIHKNa$9sE%R
zB8E-EBcwUi?iV6F*g1gtVT+C5On0w?0!nEo?Ajw<U>Iy3FU}pdFCGB04anVkC^Wq%
zAVr)s_YD{LaBRQ4z=&Ps8fK1pGh)`e=w`9U#3!2?DPK%2+X9J2B4gt-$L;Zs*EUbc
z=vo?6*}yW}Hm!j0%W=k}_t^+5;d5ZnfNyi#Odwds66C$~pO4sssu~JxE8r$>I%4Ob
zC6R?xRV6zM3fZ}I^-Jd@0KG5a&h6z2*1<Zx6D8D;M|-;C%GpLh%!piqZePrN^oWcb
z6DwL{7JqE!Z!mYd5)O14vDl1R&I7SRg~a%?gO^RWxy@y4<k2*~(vnpi2*@HG6Fi3v
z_RPHtC_Y7ZJ=b?1E#cWzXUr%z?gJej@;jao@;Zs?QO)Md*}b;6u5P_^Y(<r^V7yrW
zMldBe53V8S&{9fK%X6EF<IOWU)~ApRHVk{ip~eruvh?UtcP{6`U=dN4qE6r{zI@7m
zUq9OS-lAL}q0rf0WEKLc5H+X{9G5^r=&^P`lgSyB$nHJrJvm5CjRGrdVqbO;Mzy4F
zlY$<2H(To@In3&zU1jsY7TW|H-@sCLSt1bvC*C9@BMJg4Oj~~Q=+Cg5T=(rQ+c=&#
zON4uBQ8h2<ybOHqU=P(O$7~yf^>AB0t99+M`AgYg&oY87Z|DnwDC2jYOAV@6qlUD=
zc$=11U5w(HHD^h7>A4>7Lnj=K2tYGQzX}1DlHrZoX;eaQ8>NZ+JRZAa4?YsA)L-`;
znw|~obo-IFaFSgy7mJ*W;7?raIQuYD7Bq9F4InXqFk&91<LKacjQXE`j^s*CLIl=O
z!=_zA-zekft%tlSk~3x@1#3|7@)1VkVG;XNzE|h-w%7bx+n&5Y`F;z|hUm2l^etm2
zC9z<W5O%+hb7EE#A1~&Mz#yPgG*57EYKTR4)W$cy^2R5S7<+DRisxatEcyQJ%cMTh
zOinXX%!}<)!Q&=feTW9JVAI~S!HcQW&&?uhiXKCc<y7v6?0|pOVVxP-R(*kZeoN)o
z81NmKWTBKgbn-aRuW3vbNHNr!whR%JGPt@AX8cyVazy%dwTqHA3qv`9d}8EAAeRGj
zZM;zjOWP<i<E)$69QOVeM(AsJ+se^+HEuNUSC1my@c>b7ynB1h_cFS3XcXyK?Cy9J
z9-ZqmBT+qDCf24{uzeo`?xaqe7(FF7A0vK!uP%yLbfL|i8AsVfTOVDRLJ4NOf%@UO
z!SkqImIL{qlfwpOR3t8}3!(rpKrEZtJYZOgvN7z+KcTxmcN(?5!ZUW-B7Kma^QXnm
z8&nokXNP=C4fNK%0}R7Mk$8XWewGi;E;FbXUiT^x{Vqeqn~5=Pip#=j{AAerFpACI
zZq21(9ZZ>>Fude-duu;k6lGgnU9VGuA47C=Q%0L(hiZXBovXviuZE2nkLJgo`^Xxi
z!cYN#u9vKm<_p^+k$L6{(L;#U>Ds%rV3>(P`(S_2<W_mUA@+Dqn{O2wXX6!li~(DV
zK2~^X*~jy{s4iKB2Vf2n(@0?KUAp%B(l*U|^HnTeuy*d$ZL-cN=$`ap&mrjtHcE%S
z_HH3X;I{m!<rF+;3vhP?xzwH9Miz^v`}bLalH;kF3}Z2y{?v^LGs`F0K`n5Ez}+?U
zZr5NSc9w<5QZ4d!Y&N-Ji5g;4mp;>BX+{W)TeWV1M>48G^v)Earix9lw7ayrF8bkR
z?L8lV0J>!pfD+aeo)l*;hc<OFn;EjFb$M<U48vYCxPLSeLl)}{qRp*{<N&KSL}bjJ
znPE`whv_8$#>~74xmF-3d1}sXX1)rAOm1i1mOyya@|`Zv%;N<X#Y6h$ZYOzyjK?5Q
zLMV+k3|JFwt!AP8?Vf=Y0i+(r(9G^LZmzZ;Q_}Q>jp3eN_iv)VhV1TAL3MGbQxfwJ
zrQ^6-xQU&=L}sThM2W+6ZBG~lvj(<ox@MP+gn4uA4+Fo0j4VgB{{@ym1i(3;*xr)V
z_lQlxyi~C#jA<eJ9>Mi<onvXae8<H7*nMz@@YapoGdQhGpX6SU%&6FVXGKHwLeK^p
z7@$<z>kz=6oyTiY?qY}$%{b|sb0ub&;d);`cHo8E6diSYMEMM3Ft$==y95%fear5%
z`>*uZq5p6L?mGD2i|YhhQe$UqLaQz?0!u<p@4YG{ooZNavm8j%L+S&P48DSAb4+vy
zn%%;Qr}hHB!?eHj+Sdlia~xs=(Fa!aeWV!;lCcYTTr4nhrJD|0oVKCa+_ScBCGZZp
zXi+g<L*FYt1=7`Z{%JX=m=&HK!cCj2@#K5ExBhGw!z#vIh%aeIeK1pQg#IoPpMT2I
zLu@O#bsnAn*5Feh#9|r}ku?)Zh<oQPF>RPWYJ}{}nF}5Xl^}1%hmKb;H;gWNvGACz
zawH`1nSI}aGjC_Rr?8m~_-Wp}Ldc!HL&qXW-e7^*!tWB|b&Wq9xsbM8_wXG}GemTC
zZUoslwj<#E=$))_WsD{hje0k?Ko26@adzH5MDDp7#1hNU*6HQ3Uz}r=cM-gO*agTl
zKw;Xp31&&0dFI(5$ga(7;ePHcx_|2ZX5!4`k+wUK4Jyq;h|ridWJ5ylXk+GwO>ytT
z+}Yx`V8<`N@gh&!Zz+I_u#OF~FNB_x_7ujstWZe&Q;z%M3&YVtF}ko|N?TD~SAJc<
zJmr9H>jX0DDM#So94m&dWY}bmm55wDm^tLqOnkV{OC(Pd5yyfI>Uq9TgIgeQZ0i{o
zDm0bDuK%fE*jt{Vuwih|>1|UZy;uz6%`_SxyY4Mt)T*^o@=EgtOuFB>{GJL-hUNth
zl#oHS6<5qNlm=mgd<k2VxJ{V?v&>D8b5V@{&0HrI#x}8#uZcoRU2HdquN)(h-0g<@
z=8Lj<m4qlqb3&G$`=XH!3rngIItatiozo7g%{;g`kt{d^|FZl(KiCS=U4gUCm}?;k
zr-r<pPo_Hu^&O<fZQVD@T^A4Z1UQL*bRE5W-}1BbvPu#5MEel*$d&mxmD<H9J*c~9
z%s!Ehc<YNX(5+={qtnZ^%djNt%HRpv<u~Se@p<=1qZvZyactqIE6W+5ca{g}$<5GK
zZh;IZ<T#pO;*&G}1|GjPK!T3J5q>?}?6^L4(Q+B>!E4QltU=G;exz^CJ~g!z*cJRo
zmL%*fJNlqfQI-j}w>5P+x)B_Ab9cTW1A<LZPnM7Gh3AHSyU2WI+iv=7y5o3_8>nwj
zvXgFkV8TkHxg_$uAl68gZl@M~BwYQb2PeJhFSDvHQM(m5rsrmam?L6E_%C{MnTcFP
zhGcZsEtQ37VSipCz3Mcqg?s4Fc#fPU3T6lWE|4iS#lLYwBYjfo0(M4X#B-9qQV?94
zoQOIJ;eQOO)stos0b4gnn>q8XyV}d%z~VVn=Gnq*OqZ_m{Qu|~*(Q*H)8@gdE2lho
z<xC0yXA9Rk8gg0g;sG`x6Lj83*=O}O2Db2ZGx>U#*?$HhS~mH?rV*+`lVKfU(N^pC
zuH4DRKRYEO_(CR8xfW54FRqy|u^D4(Ys(n)f~L8Hy$3demfA?0$EndNDX^G?+^Y(?
zTitj*-4U;iv*|HQ57=}eM7s~(=wOsmQ4t@<NDmumqV^N~_G-55j18>>_4y@IpZ5h)
zHpdWtSrrVeatZ0cpn@`{DvNA;%z@8;>nywK+86Y17JCW*Fei=~IaPwsRDso9IPzg;
zk;8pZZ(_NBvrow6yUdudqK>J@P6?R>@XZipzbuPnAwhqAFSo9Hb6I^28|!R2elp0l
zK#0rS^|J;xf|cafwFqXvYda6cCX+oM1rERA$r<&wCKw_LKn=Th^M6FPwWS$3M&KP2
zh1+F+bE-=29P{E_<sE_&EdMtsjuh9_h38RB?-~eVv%^N;L-E*(><jjTS#vF8sf94g
zS%Zp)Q}vFJycoEfB#!pQ2$7y!px%(z3<K$3x>0&S#QV}BTr~1$2_uh=Jbpdj)D^aA
z7|21J-)=E;R*!-6NsR;j7A#M2c5NB}-V^AdUpn=9X>cR3$|NM*&EX@4cK5_`<_4x%
zsdbo}gv<(*dBv3h+;k0J#5Sz`=&w73gG$&dJ2{6Z*L94U154wk3at8p#D0@uA~e%4
z;LnTY6+Z`;`WmcKyMm-qVI3TKEa$QZmGRtJP@UxvYMe?%*1^ai<o4C2z%?!1D1e@g
z1$rNL#)BZM@`yX`tl7f(P$#sH)*<#G?p#^;oRw<tZZ7)<ZMAe>ftlk_cW?PZt#P6r
z+3)H1&6WhslxT6!KLoYd&ZAMc;8Y6%u-oEU_BIo()$vKUIP@1+-!{a!MmU#7mzg<g
z1t=+G5_cl5ux-ACBu~VmtYHIFf44s07)jE4qiJAU93TLFnm;&sM902bSOWo;gv?~M
zD+~}IG`XYx(YGJsAGT3Pa^LmN<O`cmvuK`;+gSvGB8_YbUCwD_EsOT)1<XQ1m+NBm
zu#gVb*=mXDLOIf3EId)U4f?-ZMT!6*{w`=z*Sj3Ir$BrL2?%B8taq+VBwbpJ(HMJM
zCs!VJ=1H~fppuFd&8=B><vwsyg6*6+Y8PVa1*V&p#1p!>=g4Vz*QSM>lLdy{6uF$X
z0kNp-v1yixcvA~$1Uj4f$mYdP3^Q<mnuBC!BF0aM!h<b9?Z}Flcu;ULMtT5GZWEW(
zZRP}fuuvNjhce;DXH(9I(k8~!QCxfCqYH$btD;-1$gC5{bZlcUwSV>u+Ks=eQLxp4
z_g2+1R26fTZC^P7<<<^r(Nc|PODB{tLuje{93aw?A%rgnF+I3^M<530F|$M$aq-B7
zZJ^ds(;;||#MH#?JBFUy0_c07-tR^4@r)qcm<6Py=o0{*qnLM*m3)#d({>Jz&Q4vO
z9uM0gWo&0#Lnb9OT^Xpb4>M+Uu=RoF6sDJ17-D09xrU_(#%GazJE<A%S$Wj)6N@h9
z2=w>LBij}zKe{`I^r&;Tl)%H{8)(}3KfuN;)byVBw+YmfzcJr+@V1{U300@>=T4RR
zB@z%eq9=rFN$|O=TG`$R+a%|IUc+U$a1DT<88Gr(V%w&(y*WpgkAVt;?<{*~)1u-x
zJdZ{LH?TBmkEa>ii(B-Nw1=Z)1ZFliY$+e0Tf1kjN$sy<R*<T>MQY^Ek;};QhhGqv
zD#}&O(idLb0IL2JAG4nS@y)bEEzNgntWS^74b+X?N%dy_`=dJ+C-?5}1on3dJ%88+
zHc~(got4RHIWbqLT~E_V=AFkVy?~csDP9_VcdKT}(7kTM#}*v{elm6jn0KlK)(dm9
zDn8q&F@K5-1knQuUPbL7vK%%itb>(&)1hC8B-%Z%FrWEQe~&Kc4X4kVlWf+wm$PkL
z@7#`4gVh_Cd(`-Y;L{vu<4<@(4_i6^`Ur`>({?Amuz}O(#X@*h&G6cNFBi6aX>u%A
zFGm?$NmO)pfnE1n?z!YcsdnKG1}RU@i(3iz`)xyL@zMfLU(g0yfX0<?+a4ryJxn5!
z_oA9u9=IUR>82?S0~pR=>3*n|e*jMj>@6!F)G`%WY43LvC-`j%EKQS)&7TFeVI!J#
z^Dc9CnB$%tDi3<7{MlB<FiybEE~Y;WdeATKW`1;q^QlRFtZmaZceDG>V?!2j0k6$j
zqVRU2k^2(5xAk=ON9bZk_VIb|N`;7Pgrwy96ihYcF3MuwnXyay+|;tB*P*A(i-}_g
zsIGh!#^d_ZN5)Rg=d)>c*N_t<Y&%c_GGMjrJdHnw)gkK7l0<lmCEL4i>g1XtVZ_*D
zG?~I2#1=;gEb|<EI+M;)yA1={iur7uSz9+(?jTPzDEHw=oo;G|S(R#BzHJ7{O0@W{
z-3wqLCu>u%MYBx_B;_7{Gl*}C>%%mp)HYj;R9mGOU;$1t>&GDE*bSUAY~I}dvIyc<
zwkWThWOQmy>UFck+x(kIq-pOg5W^i(={3S=>tl(=-a~IxJ{t0_8#7*VR-tn69xQz`
zG{e3oXeq7{9r4((51k@<*(Zbr%%|(V_HR85eWSj)Pr|}UjEZ$$V08miy<3tNAQ06M
zEaw8B6>#8iF}IMfrvg<16Cbpl+78susst-7|BM#+20K<p9Ai_L_Om&2Ra&=MJkYLF
z1|EZLBTw>1n54@l&0YFM!^1rf-!_-?5;!$thV&FST=u^y*Y8^O+~}#r5KWDP%oz>Q
z+(Tau<_&;a(0SyZ^w@WBhg)c$@z2Y)eB(Zi0k%AAx8039uq22?kcZ`BZF`h(G!u&3
z!d@p7JjED`)<78}C41E;TZWhve(TTBOx@UyWZz*oEE6C5M-k33@sO-7b|m923jIF9
zl0FETl#Aj*WUg-;!10q)6!6RctHrRqImB)dL*gFsxy$a4oYDZneLJJPn>MFi@??vR
zYy?WEN#|NaE$WR;-~dJn!W#O$50;;`?|Nqf%P#e8Y&tJ3j!xM+LY>jXo)#Y7xUx{Z
ztvQlCUsn0Uro8`OdziJmcd4sC!*}Qw&sn>7hwh5^;$491o8HBNoZaQg5Z&0KLOda6
zZp-RO17NQo%qZ-f7-G?J&zdWj>{WfOD~4Y6?io3wb4$g4v>bUgv3bl*E`fa<vVlMu
z14%Sfa%B*?wm2Wfj9XpvhX!Z1%_Xg;7OWSHbLN2<K%~f0anVMDt_CeRH5)vMYKr+f
zlo-M3^@L!*c%lvD*wk{@!$7gfW<*(oJj2*Pje4TP94E%LZ?ah(o{H~eAvEv4n}PKN
z6<bg{-gD?gpjB?*wo;oyy%T!eDbMr*!V%+K!2%&kcaW7FTNvxi!VV?Ip~ocVuBS~l
zs~FPPEW^#10uYrlYi=`m?u`6-0`Fh%oGExcg93ttiCy+&JC%)VYE6u7bkZW*i^cYv
zMA9UiKCBfBm;-j;cXk!IUBCzEb~Yofu&0`K)=P@D@8Y)!R}|UZ-OL-RZ{MB7!Yo9_
zC}TnK*-a?DFT<U2QLv$eb2PqbGp}9$aUA&ToG8T_IlJ12r~M8Jw)%mu+hPIk?Jywb
zo3^{S^>rWiFEXuITEeb@GqiIff9G2iq!(D0hpw7^WayYew7<JkE)ryKY}qDm54Ea-
z_~|7SlT7IjnO?ys{7t8i5#DN$QQdiRSdfOLRq|28Os4QJEG$@h;j2Q)ka~_`CmvM#
z3{>dsHVirO-Lt1C>^vJ61ZX>Fnly%K4>s1o`@6e`32ok)CJtuH3;`5~z8DR<>||>&
zAN$tLk~rbEviCeRb-?DaLuzhA5c6{%qm+%@tZ5H;GAsU|xLeQ2ti1(LT+Q|`iaR91
zf)kPe!Gj04;0}YkySuw3I1KLY1PJZ~clQAjba0uV1H8$XbIv>WzJJwwx9U~(?pnRN
zd(Yn8YyH;h-aXw^nX7gsn!&F0`fmm=s6G9&;Y2P%Vke)e+=jQ!(O7>dPtOFvV=vHr
zGSnFGY*+Wt0*lJ7XMV(*pL^%xbCl&vV#Q1IzBq2qiX|(e`OHac3%0FgPcBHO)w6#4
zEsX*b<1#@xGpWmA4T9MO))f0W(RLZ_3+jvM+69s&NwqFM#DGqZB_Y22i-H%ize?&J
z;<*L9YuLFir<Iw^13fC5er7+8_#RAVG1=VcPC(Z79=KYps56F~230SZ4<nTaMvXpf
z<O(mae?;UD$##0Pvm~4%4$mXqn5;DxmCKD*{7AEeZAd%!#GIM!cJkA*VGoR_bP+~4
zf@i!IE>$}7>6r|e&>SQjh<$vluft`z8mu29JW(hBZd!K|6}+FM9v0GWVIZuK-&#)N
zabIy`t69ici!j_o5M^Du39vprCtcRJUkX0w#npkM{UlW9g;vj2ZaN{j@SXLv#)FQ?
zLm=e&BHHO8i(%*bC+NIYuWeH-zyjY(0<C8d@0jE3kGBngiF#C!WNqMBpJ}6bg5x*U
zq;g_6%k2=<>z8pBAK#xwBZ>d&9KXbEaLpn4g&>dhDKqEifUX~M$3$<bc_xX1mcg=c
z{sy8+4*UE_)=c{IMcspzpu#S#*kCiRp2NXj+{E|h6l7-Jr-7k(Q|=d^#|lC>_yw&a
zN-{&_PeuX@+!!9LsI3VrmPmeV%{%@KhftIhiv-;(o-MAutfheR;xYsubG^Qe@0rD7
z`ayVLiA5cwEk#~0=lKzMf$<#qaaaDrukWMlX`UfHB!G3lR11edS0?1(2=x8U4?TWA
zKuNO$aL~Q=nudj&E$ibUR@R|HVY<v|y-Q1%eF@ojk<jZl7uoH}2_Y%nX&fF8!kX6Y
z?w$$(`n%ZOivePRh{@Vnsz+x-Pw9<c<?U{HoRuPdl<9cvk+EqM<9RQvP{J#61yG0I
zK1ptok-XJ#Sn;tAMXjaVFK`EBe?Xx&g{_Yz>YAkOO#8T>*I;Egy{V<YN0l~~&XG=_
z1-KD1_3SGqS-$oVZqj=hd!1K;oe~9KfP#{ZPUP91d1bb>w~db57h+(meEf~OBV4Wj
zYK?Hfi(yM*RvEEf^!z;!#Zu`rO^E#Woh>2*B$loI@g50`SjkAFTD0F^MG8a{ZTO^f
zn<RE~+UO$J<)dTtS`p7P%u`NU7UZjiBI%ji9;UK#jg4$s*Zk2&G~PI$E))ja4RiDx
zoA!sSi|v%xUaMLv*?vVvVnQ6qV^+&{-Li9%D6(AoL~#2v<7=YWp0`f$@NZ_vx0y~o
z=p1Srgz=_W9z7qRVK;bvU#5EsZHbZ3ovP}XK;O%f#{!_{IUJUC*UC%vZw243nLDPR
zeNW)1sPgzRr_R0BY40ENB5y9;nUqV~rr|*@f#T!DO>)9XPW{LZd69<v{P*)6l9w)_
zg2&&?3=jm$(rCEO4rNwzc|V>T=0TXN!zF!ZiGz4H7>NPPjKV9iu6K5o9y>{MSVikR
zxUA{LR9I><;P9}qvhVYFR!<MQ{BR)g*w+*x%JW@sh@`x8RC{N-EMDSb-U^KO5*4%#
zlg&en8R(ba`DV6;k3mS8@59eEZS}=+noF^Xe2g34*F=yIFH)6kVdf{s$ahrMkZ6xY
zZN#)y{VuV8n(+%giFt*^@O-V>?h#T&8qKN`cSV$w9HPax5c7h(kLyR$npHS0t#x(~
zBBJgI3$ahZ%Z$PmI;}$29NUZ208CMW6pkX+4@+O|clnCWMSj?QwTv;uRJpVHs`lhA
zsT`zxPT(nFPJM}chS?Y1OkHq{y0gKEIOycu{07K|t$UnQ^<G%9<agbevbh0zllOGb
zWY6yJ1LXl+x5R*?h~pE3?u25N7&0#q{|3>b^D%j>2M0NSw*y?bdyUA+$Fo>Z0~hCe
zpS8(?+f&8}0Kt`IX5u80JmX^zq=NGUJs+|zWbnn=yjhi^eeYq{WK;F9f_PjJ?wV>^
zS$GZXs5yxj-j>lEm=<edR?6?R;c#vUjZEY+6;SKIzH!UbkOt>m%lFs~-?7?J#~mwi
z(dpf(3v7xHI!UE?{Y%k$ax>Bvm?2KhIr8#|5jv}fb}7m6lkT|^LXK-UHS7aBPx_u_
zuZOvG`P@%U%)i`5ls}&`pWED{AY9l{pVH*G#K=WY23@WX7@Fwad{ggbA~s^@?l(BJ
zFa>&Kt9OCPiZI7`)52R^V)W?D&y<H%<Ht^!l8kk-CP&kCBqVxyI&@OxU7R#d>F!}@
zew0+3d0K$J^ILUiQ!Wc6W&5?dtpIxAKS3_Tn2TM4NA|i&RFKDpt&c_S5|m17Rf2kp
zI<L9mibF=l<zst@`sSW>Jhu+==~UFZRK;ligHjFQr0qkI)ltEBvBkTWbEn)_D($;w
zwdj_7R~n4p7Hv6sJwiKJE{MuHYQ8G-1ZAp%O-lzYohCh<C!2wG1s<oSD-l5VU?V}d
z>*aLSPWkOz+X+$T)%oz5b+0TD<5!`?5;=veA3UyqY(2S8GNrl`1vC1abYebF1FPnw
z1|3p}i2LMXj7Q&&<z`$>e9dk?67%KD%rf*8C)xiV1TqO7{?3YYoPf`;*Gu>5mXpul
z_^z*=B4<wAp(bTd`FtS?fpD<}lii(Bo~^NWHL|-FGU4l@&`QOKs(K@sX^B{sVas_4
zcg)qq=$*wNsdr9FDfZb2K~T-#U3#GT&Jy;OzAKvpautNCC31cnIm7fGGyF%mp=;Bp
z+gACpUt^H!)s2pZdI^)qZPja|yzrNP(^rRlYX0x9bV#Xur2?`&K1RRkljo*J=+{v2
zuKSI;5Qw$?ZQ0ZH=XuVd(xbpTv6H3`Qf)lOv)9?k@(hpa`=7N|Xe2;dfvlMgnm3Nf
zQR3rx62^;FjF6Dv^PEmnkL#NPEgOpybbRxqyefo%-^0dr&_g@JsNB$oPM@|lmtQ}l
ze0tKQ(0P#^Qg5c!L{ix|D36-vSu6%D-X3`-eOq>Xp%?hH{F&wEj`@wDwVe2rgnEnQ
z^>R@|`Ta=DJ$*t2TJOOsCmrs_5_~<BmY8N6+nHi8=-y%d9N{9v<EaTsP=m;_grxg*
zd4w6UA9P<KG+~4o?`EgO;^u&Pw$3Itv}`748)B+MO}ncUfOKp!{g$FYGQ8M*(N<Pa
z#rwPPUN<{prWBoV<Ca~tW)eRtw$*h~&${icaD1hgM_rVk^@`s>kb$y`SQfH-EthBf
zh#311H7fUMp=IG;C=S-O(9@6_54Q;A1}h(E=C_q);Q3-USAPY2H1UUsj4%$ibLP`J
zO(L8A;o$);sVQPYH*EnRvm=KW&c(76x<w7jeC3KFU;lfJ7m-}rpY!sRU5r!|;no=1
z)zL&kMGL9My{?Y&NyDu}FVH;@IjiCQJxvKaw8-2tQASBFgm#7(nbMll?ZNj*A=tls
z@AJ^Gj8mA6pHe9jP|rV3MFY&t;Ufo8g_`lRjk787^QUi2NlpogG{ez|613QgcFqtB
zpN0u)-LW~W&}=rvpFb2F*-AArYoFU`j@vGCf0%s7C6N|2Vcu-j;vb4tXV*LCY|15y
zLz!U(&-wf~QcjqMZQ_ck&ah&z{DQyfK)}b@y)>*eW*j!JAAFqBCTv>Cvm+5<ltB58
zYc^vd6d_{u1BF6<l<G}VA4X&9>sKp;1bgj)2ok@}=TAeovR-Wslnj`?gbcR0iQM7Q
z3tk=vwkEBh?5}L7Esbl~GfU*Bp8k4IRyNmpa&eoXvJ-pfCg`4O+rfE|R0Dli66p&b
zkGoXzB^q0MIy*vT@UfIgg+qNjtwZefao_-u+P-!N)wNep%Ywh}VEz;wMp&km@;%?$
ztQLXibaq#;!A(YX`*J}ozYUi<%qfXA>Qa+8Xc^m5Vz?qwi~SS%1@kw;`-zY^f5%iI
zF0=?S#>31#x?KLSEDcJ~5x<w`Dh5w8FVobP<;=R#41keYa+S2U>av_ScbpkX7U5o#
zH*wN!d+)Z(fyO-CZukkO`JELN<9w3&>?&WVWVu}Yj<tJGKgyk?sNI}be|{G!sh%>b
zfk@xWI@p%mS0T0)3NdfUnxY{BY3KU&;&^ha+4sB5)89BWc4E`{7tqMUOONSwnR{n-
zUb504#0F2UGOwOCiE<;`^6hK>K2A`>nT>JTHte8$qoZUkhzc;0sM((`wew+jxXGS!
zM&t|^Yd1Lv-^e|-0zGlOkTJbeFfs(+nUSD=<<R(S&M`4Zsr~kP{MY>=EoSa&YiLDl
ze)b0ii_oamwQ!R2HivIk&i>){HJ%Q<j!I;*SNS3BMeEO?P$Me6Wj>eGR^?@-#V!}-
zV;A>=mju;x`_D4ZJnhiPYSd@aoaj=^g-njZ;Y1{2o56H@JOS-F+;Ved_+viIRL_}D
z2@W5pobhD?CWIz<yD@E4;5C0X>8J2<)xuUm4li<!H@pVNR&E^9kuGDgNlF3s8`!&F
z(~8Y3AHeH+jMX4<;fol$>}*{K8lC9($)jEtm&+U17i(lKY-Lbzpjo=7Bz42vF2EV=
z!=>c|CAX}Ef}9OXcT!O>Nz!<)aY?kZzn~aeT7OA9I<4k5tI*9akFylto#c$^)}tJ6
zee()|HLXaRu%UYsnP23M)6%If@jD`852q4=m26!_^e)#^yUoB`HFzJLHn@RkPD@iL
z&5M0@2SIo9f;B28rCIIF(`Dh!pHxRpHUmwC5o&UQ&=9Y(h;aD}gzJ}YDS;otYXOdf
zy${D=?v$=lr<rAr$$|;_+4h&v2KNG!^xFPcQa_B9gA4Mf6g+##J?$n~3QsNLpN@ku
z$O;}`XU_!ihwU)1pL4Fo)HT|X%~z*n&q<18t2Sh05>o=fn<EakjVJW=*U81=!=}-%
zOO{5Si!l`vvgOy}Xqa>h(68#WBogW^y*P5@BMaWElA+jRw=t8N%5etQxnNx{0k8Bu
z3@5(5v4RA*GK-`<u)=R!x0I?}-6!)+lVI7FZ>)6u0!LN;Vq4J^<j#XF=1iWPkMecJ
zUat^jTkgiB3nrZI7RzF!O?(l|Zn`HxRQ<ZQbHJAmaibuO^>F3Q)Q0|MRcqomGgJkE
zXLF@-B>Q|z7Y!znt#(p#-}zX*bZ5+d?hld2?6)_Gk3eRAM*S8a`8k`QPiOg<ha>&%
zj-?%5KZCInP<{CC-XBoR|C&2rJPC3v{1Vq|r%L<Li#{Lq_<?WD;PfS0Q{dZ`#ichp
z1=a1%x(~UJ3wk%qm&NiHaFywZCI#RuhGiMpI>Y0=E)(UmnxXAL_pz&JMPi&y?ECAt
zNAY@mP8Xv{ZY6rr<T~MSd9BFsGK+xy>iJ%pdXXP#@Jb*KQl;n^QS+TeD-5?yoQFr5
z{Dsvff>A411kTCHn2#?U4;1){Duru64{J5)2sJapl6p6Ur8IS4ZkmkN2`qBbj9#)}
zmYi3U5+aBNg_$vnbyPkN7Oa~|VYl;vAU?(JW2H`pXo)n<8M2>iU8T>FWjFO#1g$bA
zF0pn|XeNX3LOtvXr>)t##4i=IDfjr6iK%<$1zt>I+}I{04w&GJv4JH{Mr1t!&sR?L
zu;XsUtT2sfqJ1|)tiNAD%=^$eyo_R?=2!?5x}<y>H$<+i2qGmyuQn0(Q9teXl<{Im
z$xj;ps+B^Y{lfo@PqQm&cKbXDiF$7RNTf&6emcSCimlER(|%}5B8Z0__<^~<T~&1;
z?@F$!F)H0Cgr8oj=_AWVHr~*0|D})owwaa4SOuz1c39fW5>)RmiqI^OE8<Ik)syRq
zqy&xOrjb*G2L}-kQu`9pnCfuj<DuQP5I4NW-jOsHHE1_DteZ1)Q!m)Ci5?Lbe*0k1
za2Cp#Xr$hD+jdhL-(w~y{~m232Hm(+H7n2OeLg?%8y?wxD7n{~`n5Bl@cYUROUG1B
zovm4jv5ke6)xak>x0JfP)~J<^GW0tCNMNCdzut(&z2%TXVV(p<=lOaSszBT9@}eDj
zV)C4bD+N?8i7%v;Zi|sE(anID9qU*)_;*3&PaG?1QroSPgEf+3vii`7QwNaFrw%sQ
zf;TC{IyD)9E&Imj3qejGSKa3*qk|-N#iL8cHlX_%fwqn1g#gAYuK6<uiVyGYU;a>j
zK(UZmUY+`4lM%!JmFRe2k6@MufuU*bT*J?W2S=wgd)z|Jm^q`sZP1VARR=hpblcT8
zGEp6~Lb)AVPt|0*cfUrcOQ=!sy|PbE&s+XQ6teTt9IV~##fX(&@5FR<FKH4>-H_86
zo|4_VhXp;3=BTCC*S2_O7+w3g>EVHz+oGyJPHI|$h>5(vl24*A&A*eG952{}Y}QBH
zF>VA{Yj;X23aUKb4GDiJyX9B1dHeIMoT&2$2W%sT70LFSA~~P6S{$EE$}>4{U&3TP
zPWm4XJmTLM(U{vh!%$E~{V|t*wg<mB?!^*aEm&r(KPwTFQ~TItiy0oiZb!!&D`Gyg
z%hcGcSU=DsO-rt6_@u4(`6#cef!jdI)_5$LRp+ry%e_~7p6M{#z1FQ?u;j?0ZHpFL
z^!V#!_}db#HR3ARcfrtvV)l$w{epKl!@PLu3w!2qUP?*c->NFaDWjznl-Wh0$J5QN
z-XIfGb|RA9XzX#}VFKs+L6I-MTj^0(8}$d_R1a=v**2E!@4D}p++~eHZU~}gVx5!+
z4Y<ZvtV<%0j-_0E)T`dY-LNTf-^OO53j#S2_*FsVumbteO%V>;&5ElD3%zj3$k_D=
z%k8|Gw2Ar3IrQ~_^<M6QzF#iBPs(}cey-f?k{eaMcH7eA?S#%<4<E5T$Ggiv*~!GJ
z_M&y=C$!f#n194T&K8&U5qubCZ!M*QpiEjteGRWP-WoZi&oP!}f<fPsp03f-<@z4A
zZOdu$&0-2a$q40Q@466dcak0?_>Q3cy|Ya2A=|xqa)>@{fB(ivja@=57i4DYcQW>9
zQdr2i&e^4ZBw$GxHFQ>!Xy8nE>Q@TE!?m?^LbV8{+~*pBFeH|ka@PSnMDw*^;hmsY
zn_q9e+?ur=)TJ&`QGz`kQfY0|3>d$ivO1!mGa?k8<cTRYl$NF;s;ojY`8VM##Oz+Z
z6h>pitP&xWJ<N&-CC9VmR-bPFOn}TQ3lfaWkbT`_+Cyk`Yw7NX2^Py{R&;EMMi5MU
zm!>xS%&T*E6GSfDOmM0Wf%N?zX-V}cxoU{akUb)^!y{~XnKFbr_Fe4hZatV@pV87K
zDLb0Egw6|v_01batheWSwwprzg5Ft17w6Qjds&>Mwhy_&E6-aOG`LuZzt!{6r)XR=
z-5MT<(1Lp_z&2eI{J%Fo?J*KEq`68`F`0x<>}((fxCI~jhH0(6&)2E_$YHwn{nVuG
zr3GgtNaIc1E>Ua)-7(|0RHB0iy|%RVan7;Sk|FNjc{kZ7%$|aNr+&ydvW>@Z&e6l7
z=PFl^Vu(w@cm*7VhmlqbKL`uBC5RE%G?z{jN2i$*4mKaT{DNQQg|ys<NOSV{(s!Qg
zp(z?-5?l;0S_ET$tRW`&jy^8b#$*0c%3n*yj6A5ZR_N=mhl{Vu@mE`VZHp815fe79
z?~Xc4R|rwOo0Ax^B5~_Be^mDgHFA*z^ZXL$YC5hIg9lhEsI#(gzNc_6neTMzRKR9S
zYa&uMQo*KbrsVfySvfX+5qUr-@dkFnqRS8dx3tdpwz2EqwuDGLW>gy@FW%w)m~ehx
zHtfho8XXvFU+<>6tdlUZwBxO=`0>46ur6fZ&M+TCJ!;=wF`GYTotsU$u=b8L_j|A>
zzQ79+0Ta-U;t6%dOSz^c9yYzSQ~&$fohXuq)^8V{mq?U0_tH(_DP{E!h6G7b89Ilc
zMW$Sq31=}|o>iWPWA3zjl*omE@pCc(A2=w+%D3&wnacYZ;m@^W+uSjTi!0&Sz`~a%
z4~Fn9@;7XVrfFL4(2i%&6Cc9Kd_kO?s%8gMsGqUUPw5EZBRiKHHK&zrC$aa8->XA%
z)<y@PYsAs}d(KUEBud!y-^HPS|0SuED@peId?&i6W}y|`^_i-52Fxwib>sqDaj}7H
z!noWcim*4y{QiCIKpVPAWCRIrGh0zT6U%U`0?l<6i}|JJ2giJ}vpG(=To;=g+^ERO
z9+HUA=z8?DR`(yU&zU1na<jOQl9v44JU)*hezFSl;{wGAu5wwO+#G+|N8BfzZwe#?
z{qsYC=h7T80;^P8FUay9CdU!5UAc3h0t1PSU6}*}<DQag9pVbKwKIL(N}Ph$n>;RP
z9HkkjgoEb0ddpcX6)~qcO*Gz)RJ5#5TFet~`#;Bta`a)^D$&d|SPFjTQ=-6+Yu7d!
zVvkT(%8^~`eebF7EG5jeKz8C6;!lj_5mbIw97Z1SvShWbShGmtUdous*M&G9ALQj-
zy5JD#v6D<Q8FQpMKb-tZ!$_Y)BZfAUw4F@D<drVS1$Iui_RF(RI_7Y{V&kq~yP)E{
zRCTa&3VEabh>s-ARgCH4dQLEuWFAD!uFr)+K3C{6)v|Rvs*=r}v)VC6Bll%zG5ts&
z#?=Hm`-EDU=4xcvUx31YIFA`~MCsP1bn<2@tYvqLT(eahQu4gQ$89w29KqHvrdES>
z@q+)l^fZ-z&$`PC{jE0Iz$y}E<#EY?bItK<@{+zF5`K;kR`!gpQ+{9hy!Wlr-_9A&
z7*EE`sITmI8&aQf9$Uj*Oako$P@BFkw-|<$B)FEGZw*#x;TKW3p?$oRb}sUj>6N=o
zoT%pI>SzD4cthP@<GPGcZm8t4>Mh`AT%Pu1I$0vnQfS;<(IXzjE64Xjy4G|5L}8ZY
zqtS$|^omFPz*ZOrhV|T=OJ-I~3cET6PSeE-PNwKSwLpQy#!n{*CKKw#F2OU8U}mgc
z<Wn1@!5Cq|#^4bXG^)hb-CgO1fbD1f`XmB34`zUyFM(sPO=2F%D!OPj-oyT-Yi!*a
z{0BmRPP_9pku?{@HZN9@p3)teatfPWzB}SiS8Ac0Qd+N7-!WZRwVA*x7v4Pv;%r5B
z7OtK2RlJr&Y^XFV(`ezpD?qGkL@p2@aM7_VY~we!$bpAL&5^5TlVU}U_jdkadmuCS
zJOhljfDRm6ynDAs(Ly`)FiUo{ThWb|-)PH<#B`Vo@!pS-81!o8Q;ng?V6A5lk+y|6
zu$ou_I!362SvDJID&ExEWPy4vmWrQ0iLdy`db0@>1WD^o&MZu9St#ct{ze^!P6s^&
zfPOq6E_z$G^lNlGTg>$IiN7n(XBt29HSnV5#=g_lKT8jHt$JlUc4P1u_b?Xh+s)yV
zH*}s;XQCHBhsYXLy(_f(<(M@RcUXs!-FO`|(io(!8_bWwm20cCmfuRSNUg0aiF;;_
z2ca?L%OF1Tq-`Qjv-ilyN57*_nw-o@nPcG0ayDFZ8MHkjd|Mz6SD6056@RN`?lE1r
zpyeB4zE}*U{;{Fh*=m%N-n1n%z7>1OnB(%rGKBR&kEVpK9mjnwXhkdG?I2TSZ|)$2
z381idgZqQXmQv_--urKHd#^Meo3T>&g}*ksNTgatihy!?X+c9zZWgD5d~^DaZj9MQ
zCP<@qF*>W<65^4upFY=k$Iohoh#T91tV+L~^AOd4d(&#>8wiKn;65G4m@h}Gtd9f2
zj&oae#<TIk=2yFp5{WC%7hg<p8&=Ulk=E`^)gaI=8PsJ}Qk=xsQ=oVhu^XB6uQlgK
zD<E8!Bs|n2wx}W~#KmU94V}+|pE}0(ZMTq3XTE0eaV02X$MQBc_Sofi=X<r|6qEq}
z3)d`24;kD++%J<kmWFcD;MEiVRtu{Ewc!4-cWXn>wJB(&how*%afRT<%nHZ0mHqX^
z{%MRM_fJKYe)}$3g4CHWwSElsk>#qYcyUR;EkXbz4n(%=$1e;+Y$L_?PR=U=?>?7k
zDjNEai=_6D_o1!i1kvmxGunv}e7&iLeoEaW@+mQITmI~Z52a`4y=haCe*2<cYtipq
ztPNgXy>4=|XHiQ36+vwY=g)1li(gXl5dP6>t9Byv4wCe6dl3rWLSuAdkWMJZ@4@#-
zs>uc9nkc3N<5c>@v9;L`&Wc?PAi6`4)O?u0#3bKi$K4gGapIzvX*zMnULJAX#W6rT
z!;QtnZCcV8`(<yeohy~JjApGshqC1SVnDwMur+2+^P7gql0aGF@i#yB&D!5Xk~;w>
zKC(3=-U{F+Q_Qv1`+c#1*KBQqcWd~l29dlgHz!>eO~_am_FG7G1fO^)UkX>Puyq!X
zGB^`i<w3tA>StTx1jGL7YH6!}{+r(%ogb7AJzl37vAZDSp7drZi4yu4l59(`-x*dM
z4K>SHay5+lbXg(Jw%{~a`0Rp%gYBgwN@{;`o1$te%8@hHQ);=9K+LJ`7+LR{>4Z}i
ztzc!;`mO`Pq(|NxI*ioIOGr4oLa6&m=c^lp1X*C`*o~4Ol)*{<DZpGon^nzcw5m+U
zio#aU*P-<tyNt+d;gmz$I$9TtIe!%eVGphmwr0pVu$A`yD#bW-Y5%j~J5z%@x|Awg
zsqsrZ^NEJGUP6m;O!G>u2e)6`-=)%MU&eBc`BGR~Ucaq$GTNsnp_=kF2@h}g-F&_2
zg{3%f5z(p(*d2AD<TuKUxynO@x;y=<T9h22r@nnKCuxe65YFko?)NJ;Vxdu0(Mzz2
zdk^n~uNgX6|FH7-D{@Heg-OQ!e4CGj>|E!%sz_ogPpEl<k{i-SlAePoBE$5ct=<AT
z;KJt$#5N#&qrJf^#vOz<(2rfxX<?i0-&_*mexvg$^4i{;n`~9^W`L&)1-pR8JPNPv
z{;6-2K?4&p*U>&0$>Xihkk5D*I}@A>JyXN(yu$nDO&YHc>$cPJERj>`nI&+q@ow0l
zHwk)5lw^=b`_1+^ys-{`_wEcdqf?HBK2eTwqJopg@qq=&6E%T!;ez8*2?1M~ZC$yl
z>Gjj@7zNIP*2MQ^S&W?6?U}_)nnIt=kJSwKb)L|)1RNn4JT<hE)|#;(r)wSFhwnVi
z6N1lO_2rhz?X>z?d>&Bpv*y@*ho%S$(!2Dqx)uFcl%)baZ}kBG6u+KgpCjF|p|?gn
z=&I_KH80j2xFsSNdbk8LiN+yhml8P`NISRtHK6kLw;ygrPQI!3%Z{(#QiMKwyXq9R
zx0MB{5)H0*TawP><7(m6&#ncQY!uMEDWZ|EL4ABs2l-*GMK!cX;xg6ucKJ<X_#H6~
zI?wV>L64*5?M^xf@EEaemL5LNIDTKg2VlH7bAME#M#^+rSfdHZ&GfUi{|Ve$LYs-l
zvy}uLan^HzT1{{sdp={MY<)6F;X5Br`t_+`xLo?cPS}BZjQHTzl6O99$am@U<i1Uj
zcMj_jUQ%UhngpLp!5f-!)x;0$V)(nUb}MA5K3+z<f<$(~rqnN*IaVEuj85eByiM<G
zB0+R7l{sXuxlamB&I}cqh>B1*_9?v!;U#S)Uj(lk57q}gc%yvml}V0|K(S?d!}I?5
zG{IERNog-Uks6C>d)S@Zl1h9^!@o|J@hd2XQZLCLvmnv^)IK-kslTPy(cJ;x*d+o<
zYn{QhS`<LiFXx_fkth&vR%JCN6WhsZb6f9aT}q?!h0Df0IlKq%!{9MyNwlE0Qan(|
zNv0}0!uidiuwh9Rh2;C(54}DOw<(jijAP^{cUX2OqVZFE2g-{ic+|laJ1#is6*v9t
zBnDbI9n#AXhqq}qtmEr)grRx8S}BRQ&Z#Sc-*{9%2~4kjH#$w{>k?mlwqozX`S$r~
zzq<YVJIRdB-4`J2no;t`X~bEQn4iP!BJ54*eHv*d9}gs2%RD9)OIizjyinshyW@uP
zS{?zXRq(gpxwU7N&n{jF3QZ&r912m!5UvbeE{-<xIl7~j-2&KZmT~*Wp2P;+WwoU<
z?P(A@xUKuuPx7q+T-vRc*L{#FCieWceXpyT*sNkctXH5KKpW=B2bLO9z6phTn;D`h
zrTc~+lC;eUuxV_M8T>1MHv*pvQhx2Gej3v$X5Rg#lR`1vI$^^(FSrqZRyzoS4v>Qx
zx)Wk(5x=!a?%f1C(1^J1b7jL`kylILSM)Xkt5Yn@xO2rJ%lQ~-$1_qQ1w&cu-k6no
zuYJZ4II#Qjqp68A7yETh!*r#Y$j37Tx2BhGkaD&6BC$!m2d)GqHjcI3?UY}rHjWq*
zFL>mU?W4B@fO|;20}m+}*WZ0!kd03n@<_|qEY&-T=g|xo>1RCc!L3)b#mPd&tw}XU
z@sFeQ*mM5)v1@sq%H$HhDH%#ytxa}1naIAt1vTf`CV9&|^OFe+VeYkEie`wNr$kfj
zO!tJ?5{9$n-aQCqGE>j<WW_+6qj?hJ<20k|xY1F-)N;8L>Nk!k6yd`4mxvMd>@9E1
z^Xv@*JBQHqUfnbTwouDTNI5m8T;X3z6L1gGZ1=NY4-&5{xum*~txD+-mB-8#_FI<L
zDI*Iu=8YfMq_@tLvGCUd++S}KK7TvV?MD1n(>H&%x|k#Hh{e-@Hon@jHL;kqRk|`4
z`HfnQ={<w{@EAF<p-LNMqd!-~gxY&_lKESM(n>b=xj3_>=V#(K#-zbn@lGp25%=(!
z?00k@IQMWlGbNeI%wk;7-1o4L`?O}lCoIFo9l6?C2@P{peyQO3S~A-egwwyfQgX)n
zrr!LCAm*xb`RAwyBnf9^GKaA3;`KY9WL<&tnS*fUC~Vt`qr8(-02L{c5bR%V8}m)7
zd^&<$)L&LlgyGp8F+@Jgf=5fP(TP#$(^o}3X@-BlF@5tBuE99;YK9FAb!8SQn2(HW
zeXCwAnZhj^H0@(CG3Vmf_c}*IW7_L8TU-4#WU_H@-bP}#K&Y7;zTIqa=Q?%#H;Ytt
zU(~zQhu6H#r>Ec&^{?qe%LnG4TLmeu$kE9j&t)Ad59lqss(raKBi?JrD1Ik{!z6m%
zglZu|<qkBre>Q|^%Cq+`x!OH<Ki59*PhC7eUKo_?s@};^16}CvGGv})s7n*4%G*m$
z8QjYGN*4o)7fTm&RRiQ7H4aq+6z&*yAuF>t&hndM8u$7zLSYjuxCxfnlr7oL>hf5E
zbUw&zwnIAkO3z%o&#Fsd%$p@hcGtn2$Gz0+JxDgQ4Xn&eIoPK#?)Ci*wO_a1+|8QC
zy}#_H!#?CuVsn!jtXl)t?V4>Za^WduU-+rZM!xTQS_5A9D|Shp1o32-<LocaIVtQv
zWlTcEb0;BndULHao3LvL^YI~Zve|}rvupM)WwP0YckV^5Ln<UYGjJ`CBuGajLu56G
zR8%`SGk7hSBt%CnBV<jCBvdCfGjuhSG)yNfBWx{<G+ZY<BYaJQBtj=5Gh!`*BvQLf
z<&l1&)}O`oTq9k`ocZ8u>?HVLEEea!qO{f<7KL<KL(~duNywoKVM6*U#kn<*x!(^l
zIQK^}&))4tb5qX6zrJGdP6AAy(pvLaczH_;S@?Jl7_2GjVM%Y^i0-1Z+e!%oPQf^w
zr^7x<aD)S-mXsV4LHhjDT^c}DF*TJ~#-&SKfvFK@ElO~=LR~R9wP=6`OZ5@tdn<AJ
zUq{hjB-KntRfuxlt>7+%REjj-dbQJ33{UA4SVQ${z-O1hCuZ=OvqAu@i#%?CPp7k+
zAf881Kymj2#3Mi<pxNfW-LJS?=f3@KGd^|c&22W<LT;EI{rE})#yB5!x@NnnA9W5)
zN~Y4ghF!Dfx<Q<eYktK6?GOhKh3D%fh{H4R>13|^k>^pibXMym<H^ndyqWT32e}Y^
z?kWm!Sc06LFg*ImKF>}mzkBj&FA{4l5xbL#NW|IA!hs}3B!WMcih0OKoHCHNxgJb{
zg(o~L{dgfuu6Y4-LQ`Pjr5)EihE+~-l58MOjG+F(W~wXGk}Hz|SbMfHYYynYr~OA%
zPHMobe#JJaH6R{6u$msYx#o`))<CfRW=a|SiYi^&W*cKBi&f_u|Gp^>)DUV4v4q-Q
zIznA9J)yqPKu9Pw@-iA4k9xn0D8wMdD8MAdEW{%4QHWKDO^989L#UCTOTeSp8c-o2
zfd98&Rf{nI6~Y3puG0oq)3av_Vv4AK1N(Dej%n}>{iD7B2k&hqW<W=gYO#p6Rs5pp
zQ2LkgO|vI97ZHOwrD_g<jU=qRSmP{=mSPAff}J>T+?K*pOg|km;{yEL-Pc^&el-DZ
zYLs<V?V<(MtGLYCfomEST@BjoCZg;|Z;DE-%V*gy-p$~3&ixZ!|3}^qv^Kz68-E1O
zKgGj4#Usak<Br{LN6{Cx4c<WUYRYFD^I)r%8Jb}2SlB)L9^zjZ@-&(>{cw_4<_&1S
zNi4HJn_t!ys-RekrI&Q`Im2Bz&Tiv|C5GI5N*xZq3M%iyits2;lo<nRZ&J$Cb?GYb
z)S|2*{;~kd8k~ha%^I*~*KA#p2~X*}g*~Z8o)ozu9`be@UUviVa<Perf@H-+g0+jS
z0Ic_l{@jop{0<a+8b6m%<KQZoofG@Fvmxp=;A-FE=ERLrp3a%LE+FhKoo-8zMZe-^
z=1#YLh(!0zqBrj(xVpQ9`@TTY0m5o9N2-?vyH;T}XTY%QABc#BmO-l^-!9{!$(L!+
zENC922wHYob@>hY{jvqx0queGLx-W`&}qm#bQ!u1-Gb~u4=#@(=R$Y;<#Iych=AD_
z&;0H%6;OPV{-eT{V4llV2zkH&cis`Zfe0-}*Oz}3nFS0H7yI=!yk8@KTTXoMj4dF&
zHLupn(08Wi_V6IDwv3<*`YRFhKBIe=1<d#K#X;hx;9?|BiuyGKSzaHK_j`Fp#9*eA
zL5LYxPI1Q`u%qaTvl)IWN>D`mQ${trydJQ`oLyF;t6W2?mSiKnIsMv?cSf@9W2vfO
z>C|b4V0$fOrFiNzOAuT?^#?L@A^D2AkSQoo(B*!7A5y71S9=Nc2SO^Rhvc3oVeeCW
zn&Ize0M<zLhc)Nd)0@iQf0$1h{xh%r?!_s=eOdl9W+xf`oV=Wm)_>L70EQfH4>H~M
z;H48-uIHm$dlBVshJSJ`q!31A`A_RWMF{ScVX6r!Y%ie%Y242gQ^K$(?+ert*5i=E
z?h;BEj{8sld2mWsEm)Zt1$iM7zmDl{7Vr@4*Vemc<8<zw_(~}O36#yU_XE|v6Cx+Q
z*q2|euVh!lNF}txGs9tv3Sfv$8loMN8L}4g52}Z(hLC>NhN1f!4BfTEGR0TJNJ>=v
z=od<#=v}kQhoP)6?NfSDlre8WP7Wcs5%5<1{rdT9+d4~EEVB(%lJ|BUGoZ+zFq>te
z_^EA1Bw!at?H20JN#4m&Qu`&l+~-;QCc~uA&vgkh<5wKV?B}`<5$S%O`6Gp}_j&=7
zLP|&i^Ef!<kJ+0!n1@~4VNZV2l(1H7fz{BtZ^@oRRr?ik*aO_sR^n`-P<d4o1qeIp
z1Lm(fy0xI_B3B@41lx!#Y<WA1x6l9xYA~0A7(^Pktfd6X-ga9iKNT3=AI;A=DRg_r
ztBfG~i6HLu8_aq@34T+PeCt+7$LWghvi7C>$2QHLDcyWhzWD??$m@2#`83m#uMN%9
zhJJE`_411x7Jo;*vYp_rJ%>Bl``GRRWeK-Cr%~7Q0bc@gDEN<Avh0D`nk;)5#(7OE
zaWbc#e*NOwIz6S5&Yb!rgA9Wd*iQeZ_w;ib=`h<kqY=YW5YpXtF4=Y#^W<F^$IW|C
z%l*U<6NCBN=N{}0KKN8B)2+cGKn|gsL!UolfmQl)tpV}*J^L4qPNg1m{cH9A{9Nnv
z+?k(}NdPQl@xt0RBr{!x`2h3KlJ+UFYrB@sPrUOa8N4-iP&t@7+iReA`|c6Pjo<nx
zZVqOJ89eyyk4`gMTH8M>GGZ&7$O}!`DHuSaNV76{Y3(hoEv)xaS`u1g%A?A|%7YxD
zGE;SK+@))GGxWzayqUl-)50(jRLe1~|HsAAFVF3qo$7ANiFNTV{)1JWvqKWJ)0=ZP
zfBl)xjT-RpYoNXZ__w=4EhMuRCa<Nsb3(fekE*jmyID{9o6rdVtK2`fF5rOs8I~;l
zqhvz=*r$L4lR~_MGuRP<lq`@l+53HW`Dd8)3pGQgPX1QSNuo^7O{M_ms!^!tq)=+)
zXygDX|4^y9sT66sX_V=?=@c2c+7y|&nUq<%Srpkhu;<mdzq{9lwJKXc>fP8lvfqR%
z@1t)qWlb$KLFmHZF3$D5^pA0p>DB^sA07SEW>(f0-i5i{GgF%w<QDY*sVEcxW3q;}
zDpT7-sr`lwX13a3ZcD670Tao|beBxQBeBDjr-wu)`$pykPBfR{_p5@KrPq&FSzY!^
z5ExDvG(+6}wv=*Ad0%s4S(~m-4dVi^(z{ThZ=rbA*{r+<u%MG$Rsc|}*sG?l*oo0T
zT4V;hx0kG)Fo5jA?tG=Bk9#NXtqt6Qzn3^zz;(KFiS!>kvghs#i_lLFY3{NJspY|S
z`^~Z>z79*@52mb^O4Zs+=mZW*+DoJ(NMq5y;jB{2TUNFd-P>v3A7z=(r(ZvER@*Oe
zJg$`LwU#_DFkAVx6+Z)~tTv0arf$+YH)e~vONf7`rV7SrYtI4LSa`4<tfcHdGVXH}
zr|8Y`OK4PEd6VQguU-*Gba{_ITM$J*;|F{Z8p!>ncu{(*3Z;AcKTSRhz0SIJEDHG=
z=Xy*}UJJ;Yt>Y^)xlurUe0-!O*euUu--I#C^HjlckmfT8x8SY2D;4NelGoiK!$D+e
znmRr9-D{Ouf>!5?QR-ZA;P9F5xs`6*IKhZ+(zx1)Zt6I2#1|vC_xFg(@Z%kgZ$Jg0
zMBA(j-XK6`NJnxg0h3OstV*}TdBlRe%yU0jvG5D1CCq;PGq-&qDfes)>_CzWI^RJL
zK{1S0q0P{<=a4Vl^tUL!0tPv)pJd9Px4*goFV&uCX<d-7+LN7|=3(byHO#ZgayHDf
z%ZfK-eb|@QYe=~daTdE1sd3yRv1m<SKT3{mE!`dtOQr;<GwZkRG~fU_TzX5D<y{mB
zCLZ|=L>I;d7T9jie6e%;EPVIbi{c-y<ZqvZ$~+5$9eS2>--ksg{L*$RE>qB@u6d;v
zdH7@D=c=Pw3$rdk4Z23?lT^UA_IYn}Atu-z5X3z}USLxeRIX*e&dhC<mic`=CUcL*
z&LwHE)#+%x#mjzHklQLR^ZT@X#sQ6;Ym!8pGy|w5-F{tx+p3JTd0sx_kjBn!d$7&P
z2Gr7Ozpl@1|BbYHIi`*BMiA^fd((0xJ(UzY^cdTo4dDg5&h8hDNyjDO&_2erliqNF
zZMFWk+Z1rS?E?GuKIy#$Ie6>WJMwbuR^-;lvfpJVExRqCmW7symVuVemd3K`vf`F(
z@BehO%9^7(k)Dgp&{XW7j`mm5YW3VroZ?lwm_*K%_<g$r{*_evRWXNI(5vlFqG4P0
zHu}sr9N#&h3w`q$mB0aTj(zLh#qZ*jtnxhcdY^u`5~`@Mhq32Dw`*H&k|JYXZkA$g
zUT%@{#hgcZGO5j+={M?b_+^Oh&vDL4XZF_Doq=+H<fQzuyh}i%d4Kg9u#$7Q>Z0aT
zV>Lx^(wZZn(Xg+5tve!kMdyps4Pp#i&vod#Db<j3J7V7qtSx1hK};E{#L^(H=GQc<
z8dcg&7)4YYEXPtME@qQ5iynOmd^L)gJXDG`rT@3F6ti<tY2sulQs$qvd7Ivm>-rX%
zRJwMkhy(~0nfR23JSj9<0n#PhtN=g>PAfoyL_kruG7|}<FJD`{{mnb_wM-g;Sx(5F
z6~)7j*RkqeonrcspclnM^4~<xe<xr$X8+0gTkKzTV8#CCB<<HJ{;dPc`B%b9_xxMD
zGF3?MP$(8U@hko}p8Ug(@iT8iL<WPgkcrXRUV4(9e~ed-Fa9gMx;!<cf7)UUlU$Oy
zs0dSb_ZLuB@GHIgM(fsGi*Xo(`u`o>;tPf_sQ*jq0d=AT48Dk6Ic=7Oe{^P^r@Ro<
zQVMFR1eMi-${Ii|&7hWcP)j$c<p-!`2-GqLYMBC&z%<8k-{D^>e+ZqwvyXwP&fM(U
z!6#=b>T1}YE#m}Zx^;2{WB;Q5N&Y*EQT)m7srT>d+Uw=UtuW#B_O22ABM9KA1GSCY
ze*%p75B-<(pBUrMBYY*G+j;WEgDoo}>KxViNqYX9Rytg8ws%01S0%eeM)zIC%Y}%_
zAB{gp9rar1b@6J@7D6g|8$bA-pB#v`f#O_?Huo8A+xASsL$GFp=GFg$a&CFQvM~i?
z4ym@prXzY@^im=S69s)ldWF^Z=Ce{{&&xq7tj|PImNFa$Q>hlru_}kpx4(3YeSyy-
zBf7m%=He_Sw{evb#>R1#3C7>!Dl?3<qh2aYRmD$v>q`Fd3|Xy%TJ|(I1v;-(UX>MS
ziuZoWBM4*oqJi`c%~*N3AWdB4YXM;x(-$557BuHq2L;RGJzoo6hp_}3AoZXHze0OQ
zBq1D~M-;{yZh|%ZA(8ciiKawvbOCV)d$<MGG*JPolu6p4a7+P77-zT*{xVTLt7YM`
zL~l$1X&Cnx2mGy%eXk-5i6lj0^T@(@zPKPApv@|m6>3WM#uku=@qO{YKS%rZYPc{>
zQaG-FB1|CI2k92=^3}n+WyzknqRXoh6_fIhOBxjnjk}}Hdc_qgs^w+#sugsN$ugI8
zzTxvq|3)Mq#7;PaDVC^A)w~3wcZiZ-VzDTQ1yurz&_>=Q8ofu94o}3QAy#0^E0U7V
zPc))NmJLtAVy4qq=_!horb;rVL6(osK;ojaSJ`?$ES;ZZObf3VoP#e&=dS`+j3z^s
zZ2SQkwg44Lf-V;KO|g_rezGAQylQX>k^*`Tt}yk^i$9uh)Ou39TMTMlXq_k?DDEt7
zEUqptF3v87efMe&EB5pGm;9*3t^v^KZoS*Grc-*D26Ql5keujtRK}_EWR+6;m<RMQ
zI`F;dAS%bjTe8!sJuCwT2tD{gbVztuG;idT(t1Aj8X@!}MbY82GnyO9&7}3R{xHE9
z#!n!A&n{=4H?EZ4%l5+zWgI`9j)UE{WNUmny_bE!0%ICKpYF42bjh0-<%}MV0V|Ao
zq;fidY88#4{B%Yi=YS2yGJYMMsp@!1p1e|K57&Sl0&IT;I#;}7nl1V1%pUGu2ZSx6
zUi45^tkO3MN?CoM2AmLfkVfc|RT)bS6=t&fcm`ZB4v=Qhi&W)k^Awb``*?fZ5RQ>n
z(7)r^(rzi-s>SL`NiWSkslUlF<VW#}zC_wXpTx_fl~T;hF%*FJiM}Q}Mc**#p^a30
zLun$2;un3Nd=*x^pEGdvU0CRcKgtvSBQca6S_-H1Do;fCM<5CUHZlno2bra?QbL}n
z$d6zQ6l`n~G5~*Bpwg>+QPF`=3=Cod3`T%%S&veDzNpwhI06nbIXyqXw+v4CRe|W|
zfk+HoWNHjKK-LFg<%9xJn1Ub>A~Rv=;&*%qOn6l&EHMy`L4wRlZwpxe(4!n*C@MJ+
zi$OskK<^8HmcgmKEE1L)h(~x!AWk2RPev!K5?>@N-J6I&LoAPx1>i3aRC!q}Dl?Fb
zK##0OUj@)D?@>u87L^@H!C*#)^)tYi4o>w|iKtv}8Uh=#8OAt%7M*ZXLW!{aKn4aE
zvK{?8po1<@^<}B3!ax=VFM%8VF<`yCM>W1wSaBc+L6E?Y9*Pg8g9E%Q6ISZYLl7kn
z!@yD_s}Kgnmx(G56d*_-$Iz3h@mB-_UX_cg3>0C=AOkTN)pY55014%ys=ct|8IZFv
z_z8UJ;naw#{^=hVzv4C(n18#ZRzc4R{30VzoS`CH{(dQ;@&hO1za1~KC3($8m<!<8
z@{bF!P&0cWgZy|GZ~g!7?NxwuDnM$Q+q`Y>=bUy#W!m0q{Np*5;okj0!lQ)Nx9K*C
zt@P<fiLGquF!XK_{FmdQ2pk1ej&pAvDVA^W^1>eWPQ>gV+jAs5!1vmhL@heV!faiO
z*j-&B8z^EyJ+6iBtS*rSgtIW~&?2^17tI9rm{V72p<AnqW&i`tsk5|*&DBNH)r8H>
zqP38X)kV^P@aAT|TFCn9BB^RUW(2lc$lB^6DQbacX1cJ`h}A`aKoK(nIW1%rb%|sk
zyqOul7O{f5L=v#qbVA^dHT>UT-FkG)Vt1h7a#qXhXH|!-x;6&`Q#$bVxXhT@?m+#e
zik4M=)pt2{?e`2!37qUKMgh3SqP$Ty1Hb}aCt!;NY#Q~2Mug1|;LkQkwH6xPSNHE8
zV{Cd+H)ENL)|8PCZfZrthW(;5!l;Z0K5HVsR38jc+cG5J&?LrE9}HH@GbDJgiHxS+
z8>D7vNPw@2jHEso2&6J3K++_JQ|}E>+cGeNXb?ly2K|Bg24*`N#J3BiZbGMivv);j
zPD@ESwB&IQ<Q{xrw^?w}lyqtm1ueP4J*fxxsom^K{a>#vmtn|l`;RTm&*cAO3oGWs
z*Mryn=e_6M*PYkx*R9vh*NxZp*R|)>=T+7f1pe*Vs9BTlwHDbZl>588!nOvx3>h6A
zU`X{{4Eo~1e9KXR8qzeHR?TKw8NE!8*d*gwjjLN3y+|L_II3CA2B-|3r-yHp`BaT7
zR~b4>AM{;@sG99_W$<(b-1pJjDh&S0;7R(BhSB9J435g+@d~&G`j#pT#>(K)iop8O
zv?{jumBGXGi1qZIRTyNI(S!6Mb)%Y9Z1|PY{q%@+s}_G`OZr6dw;7r`agZ8<A@E$o
z>{gA~PYuNYSf^ojphoPahN2I2)SzBgBX(0m&;zn+m<_9;JE<Y)0?*Z{Th!3)7IGvR
z8{o-X;}dylU#JsTvH`q`E`@<k^gjR+<yb1jg>0YALNDQVFX(<Wq>7$SasPZ!-QN$Q
z!xHy>lqOP(b9KB(u>QBFxViz(>sGb1>{hpGR=28Ew<=Y)%2g+QOn8!LwEVY&0a(ja
zY5nUfnhXPwS=Hd>fEOwREdXRDH56H3oeDu20GUn=UPjGPg&+-pOsxhl4P;d@iv%E3
zsi8=zohuV~0*J}gP$YqM%4U`TVq!HEiQh?s$S*L73D`b($_>ZIzv@K{9ty!iCB|kW
zGG!cAicffh7&HX`0+AT`e;plow{=Yaqut*Cf3@3q_m6h}w{HmZ68~tovG~6{Wda63
zUEd$=9`td8;lg3o{0z}5K!OVxC{L}cO1ub=-~@`uo5`sX&jKVkfbjCv{Ho}a010+r
zkDM8!D)A^llnodtM@?p;tLrPk)EV>7XmV7Rz~okixD$ZD0{kXxcA!Gs3P527I?0+X
zs}MH=P?&%pWvPc%i0c3djKB*SvlbQfY5)QQ@S6;EnF@M20D*p#&mHzS-fz8uSjzP8
zl4anEaRtk<6zL0-Mz@OCxXQ8Q>E9)d_7veVmm|s27beQ&6|vEjV@cCfCCUUA;Zm?N
zb96nu51o|cZMl^K9`>vKB2f-26VxTI!PW>r>Qnof;V5240l=;i{~6*S`Fi%mA2z8m
zB{%CjA)Pk(j~w9W6>kGE?ysoG+dOy=&d!9&Z(*=~=U@Cw4mn!}He&EA?Y{UsN)(#S
z_fh@g(iYA<@<*={YleYeHJI-hD?a<fM#S6RrZrM~8KyNddu^sQa(k+`ST%|%|B}99
zwgvht*tkxWcm01xSNNfz{|<0NL9hVh{Ehz-f0_Rs!w-qT{Ryy={~`WE|K<EA{(Jxb
zXW_s6zcJO#{{$FxEMlnoVK^OV<eu2P=eVwU1P8*H(?LtQh)hDL`hGYaw`7(lJkzr-
zdBA;P%qc4NF#iBt9KZh~u<cu&`UAHA^&bDfywFbxP@GS$t035C{ddv6^w75d5J<s0
z+m#pWGP_$eBps3TGzg0E$#iY{*Kl-y)CmNew|JCJeii!%CUE{gVlH`^on~TC4Nvh8
zi~ni1#QWpcr~eKww?4rFjPp1COTg&=Ex`C_|AhZ0V8<7Me3~J`?n^h`bT6o=bops+
zFmFYT5yI1Z;+>46o$@M+z$$8$I?B@i&OMVhQ}=!WI@=eQ%XP0qKiQ1fSo<8StDQ9{
zo)kXb9l?_&^|BKGuMvDKx}zM*5Yi`_5EHgfG(D{UFak{w$ndt(1RG%A-OKJ74F0gC
zx6+XQ6#iEp+@Cr<tmtG(|H}M_5oCh<iRNF?{dAqR=KaFSp?$FysM21I7bxMD+a?bx
zwpY0+)0roi37O5cpNb2a+J8B@v|GvwmR(i3Ig^{an|~Y4k?l}jk{4IXk<G&7S7Xaz
zAy3jkBd?VdUM0=G=z1vTSHh@3IAm2A%V5Rp1Fd|wTDaNq6bm0a@_)7W9Y9en+uEcV
z(hyWKL(VxT$sjrBAUS7H6cEWtB}vW-$dEyhAW2CoAUR4#I7kLX2?{ds&kTro?tSOo
z<E^^&*Q;AK)q7X(-g~cJ-|Ftw-QSu$p9VUuk<F>3f3wETrCbi!-r<=ck3CfC=^QW)
z+qUN2JoxH~XRtn^38DB)k=J9}p=S@!WNF;|(1E-;zAv|-<T2W@q~>t#v9?uDRI4@p
z^SB8aE9?gx@RN2rF=?wPL=_FJqAp(-4uUp5DTHgar#K3DL4ki#EJB5F?ZQw%>ZJEj
zMY)jhXB%sT<juWM2EpryP&fjvGe{5!BFZB!o@0jq5Rt4o5BXjO?_F6l!2CTC&`)*;
zb)vY3Az6wKqLbpj&`?y-klv&r<fXZ^l*`{`WqBh@aJ@c((O>dpIeve1!~FQpW$?W}
zG6(OA39!7t5GxRi#@l#xR4EC<M?;Zz!N<1>Pooh=yH6eeZT$Ykz<&Dnt>}|C%LiK%
zM=eL(nEhM|l3QSVCK1t|Nyq+vSXgK^)vjm%?N}1?Ra9s=y;$Ps%~yUYu?f1Wu<^#?
zjWOoaFar=#6hqf#JItCe;}DL8l%S|3tHv<X=+r@#?Kc5D7VIQfIwE+i%F--)m(s9#
zY0{&3Q*BZBa?_*uU<(9;CQlj^J=2$E)QT7lJsTJ;Jl`%qQJY}&xYCF@7v_#4jM4cT
za}n)kS(b&maOdE&TOn61AGNAGFx6j~!`wC$W7J6NT*cf&ySqvGs`CqvzYEo3=SdC`
zo~SjGYP0(IWCDA`RXzLlYmW*?Zl$OvDEPFKUj62WyWp2VSGRar_tLMBrO@%#<Z8Rt
z>gpduOL<7z7;Ch{wh(Nk)C5jOQ}xCi0&Of-Q++IUQ{%>Z0y8Y`@U#$B%L1t@PQ01z
zYRF7IEUN@wypPKY=XJiZAQ6UO$%N;kXz3@B62|gEWVEGOu6L(Z74)*)?aukq(!5VE
z>?B$1y=3ZLqTXkEV|;qdtK8Iad{VEVLw8~iDvS_~K|u}5)&9(UI-kRn?FHd{Regww
zC1+mGI+j;>6N(v4MUKG)+qSKLy7>YZDmxkxT6J4AH(M{L`W1*rg`L^UXtUkWVe^lP
zrDsS+_cv)LZL6?tQ@c4+OgWn@h<LFxOa-yCOs_Wi5J_O?gb#)|Sk_39Df5lA!=lGk
zIEsk$`QDY)&Kvu1v=UiiSA|caxawz461nls$iP0YGu`J?J=ZJry)Q`CgVBV96W{&~
zV6pv1L>2>a5_S(@S;n)iVcR6A{|Vn(`z?9XB2Gj5aZ<08M~?Q>q~6B{xY=k5TjPGt
ze@yyN<1MA%@p_zVzn1R%{PDAU`}2=qqJLwTNW|L-mKY^I`9k}>!RY9bAe8gF={Ibs
z=~2@WF%k&b4DAKThh|%Q{!MF7Ffp2Jh;&;|NN}4<C^7o0P~>)e%Q$XT66R~+c9!+r
z77nC9oL3PYxwlEgKvY0{+56J3xvi*&l=-i`dJtiy$W!FNMi%w%NrM9yS@iuO8xS9m
zth~d*x*o=11c%02cD7ot@_Zu+07)6gG1`y}-v`M7>9!PQhZFc2T$QXZt7RlEyhX~F
zBZYu;$ddJKD|t;wD?vs;j#nwcDjUNuK;~p=G`-XXF^)FI>2?K=935!Ybok0hCu#&k
zGZ)lCNB#iaj1WP6l-qA%U(Yx1cqikrrN$!PF6mK?B#tKbC|a#_j3$9oM1(BrlN1L{
zes-s5<Gi+^ZHFNKYh?5|i9qFY?P`7#r?d#w(1Pd1H=G`26z&%XuLnx+!}`jAFSi@}
zQ*7Rj6<^h1S{Hj%P<<=mgJNXA$Bpd+aQlIB?95TcR8`AicDt|BCHX0;(}AEy(#-hq
zsFu|RAbxO_KoB5ag12Y%&YnGXM4rN6_;~fRyNBb$=e_Wb(W}>8hVDyJLYg@mCEdgH
zYj(WpO16xt={9zh3z%QhDf}evc{C?vB#-qXZ&o;-_&SJV#>#$%ci<TWW@wZ;R;`|$
zk3=_Tv{rDhdZ&95i+I0oz|In#n^{=qbp6=A%<25`$ug(o$B<=C`;Xk7b-dnmo}Fn;
z4;rqgiMGysUUD=0_-@I~<m2-tH{*{fOKyfA>u=smZqjQA?Vc@|QR}AA`WSSxGf^~a
zX6OSh<JW_{J$hl>H$u6W?l@`tT=G#(|8h8U=g!9$SG{4x+KN6?u0GR>-bcjCPsf+~
zdv31iHEhT=YzQ=LFf?osHVho?xMi;gzE{JGCsbl#(x#<jfcPoib5V>iQ4CjAyhgRo
zS7ib3jfEL<K1m*Nb>HaJB~q-v9@ZpXzt}blo+)pm0DUy{5CV9scnG0+i+Tv5db4>5
zp?HJpWm{)aW{~IIPPUfc#~yoa*IBnv9By^FqX&FXeM(g~kUHS~uyiGJC93n~;?%*r
zgW-ezgYJWlgZ6{w8?*JU%`Vl5fsaY#<|5L*!AYsV21mPMlanH#IJ=~9N=sy2eyoU;
zFwaa^rB*w?Xyo3T8&gG#%2Rse#|=_j#f~S(gRoKRmr+A%I(E{l>p9(Xips4oQ=Ct?
z99)Utd6hkvtu@u22Gp9WPrs=#Rh|y7F_oXDnR3hB0#3yac<s2<^?P|dx2~S$pXR8Z
z<(}TEnq{9ZubO3^=9$EO>lNjKZqp?GJkwf~Y`SeC_Kg?wbGl~~_qVc*U}L*3G?@!+
z`qBhv(AJl6+!n9h+RzG$yIX_K3TC3)Q%g@xH>b45Id5&HIo~sBdR>cc()6M>>UvX6
zZQ!b*06TQu>vr96*+;!P)<?>DjT*BBAGL*w@4_NZar33uH0oA5+g3a=RyMwjr0p`e
z7Jv6Hfcn9$exOcYXRuReY9KX5!ay)%+)K^5$*$Hkaq6jvtK?p;gboo?)MAZRXL3!p
z__3Vo){whdU?=s68_yPSBsSH{)3GkatFp#Ae^z&jBY#$NY6~)}I#mvtRh;4(#*O#F
zc0^Zf@~_EM5WPCpHWVA<<xoSHM?tdnevG&#ys2GHTBDv}<`O>|bl%HDsGf8N+YR6y
zLLMxUgEIrT2&(h<Coto6TKvMuPpiT5Y)NjO=kj$$7n*0`uZiF%3zr^KKYN3yBHJ^$
z2OQwm0Mj8IxW}|KDi<m!S~UsCG<`a0*%#~NrCDvAK{32}-wvI>Nvt}GPc&mPJe{Iv
zQ`0Wh#!K2R)!K{4F4fA5#x7f<oT*LA-HZWf?zLNm&DFG7C7Vjou-R(c$sy`8snvsP
z?3HdyY~=O23Y%TjY;vKSvwX9?o3nKDNjGQlW=QvOExgGeKG-b{V-}T}1SFYCOfI~Q
zRrm6!vQDJP*zB@FXKXU5ieeCDoeWQ)NZgFGNmcX;wn<g+x?z(l?`3IYKK!(%D-x1)
zg(W`zvbF?7R*+tn6C%S%|3oYaXvBWjD?R-*KE5%Xn(<D-m<n$C8;j**1iPP;-gT;|
zWVh&tm*p^--)k?(QGfy3a~OSU{>D_|<#?{cl&<Nuk70vS+WRp14=fBkEf`|*lzb0*
zZFm#ARXO?I_KLM%`M@W7Ixq{c!Txw)!hGa#@6RpfHBu**uzu?^lvqNKGL%kMkFp?Z
z!qW`Bc|$<#F9~v|lSdg4enY6Wz-ghec|)AoUlQcg>i}?R+cPpS+q@wn<LnJP3NUQJ
zk?{U^6tYdboyNN)Q1gYz_zq_Ii%@+t>C!o=QZp&GPuY4E*~xVSuvNXWCi}5c`>{;>
zu_*hoyY^$w_K!wNl(iK~ipaF3*9+H+y>w$6wFI2x-xLv#X_xD=tn*h3tCQc(x;*&R
zIdQ+Jl@<F;#Glf)!URJ|_cKAr39DTYykeo&fL{dPQyG6az0$MN)H$}(xASIk?#7ni
zhTodsir<poqThnw`+Bz-LG$O62s=&$H{3w_?rbdSsK-!Dr>BckOueVGrz^^;Fk3_>
zkY_a-<y5R+LU8-A5-z5RQmIp3cM)ev_t$$cuV0t|4rj5_0<57dA)f<-z$6$ZRp~{f
z5OAF(KQTd64FM<c6fOj2KY)W*9adKaW*318vW6nY#`Ow6M0W5GD}b3r&<}O6!c7GB
zCb%T9hg`IdJ=x9@%Qb_#(xzm)+ZBy^Yr14({_BFbQyZ0L^W3z&nQ@c@8^tAYC9-9O
z%~P{GAY6_rvn_n(EAUx@Z*y%%h{R*qv1YfSYACDLsn=M*ww$a=zt3=^7;i7VO4tZo
z7<2V0WN*_^yjJP%Zsz!Vo--6tPR$P?Cjz@)61cu#=6Ml&gl^z<+VI{3xGp^P&>6hq
zhUtxlBQ04^F@xg<{2Fq-?a{n^4xR(5ciZOtj!4*!QtS+DW;WFf?-!=(Utq>`=_tG0
zx#Sal+Krv{XFg#}iY{kfii?&NHhQJG!R{z*jJhpydkE3c{;pbK&2I(K9cCIlK)%pK
zf3;6oDZuGPL|cX}wYEO{nFMgaot^+%DC=(_3wwBK4J$_#Ez8n1WgAFX65d)I&f7Tb
z;yBC)%y{|IMA&Bo&HDGfy~F+df+NL)&#)PK(wSqHL<O6n9~%=^g*^77z{(7v9J_bO
z4*Sq8Vsg$R>D&FAote(@KRRYXbf~c)Vcz+!AUbTY(dmKI!=^PJ5X<gi6MUM9qCf;M
z0#p#Za0sF!2Tz`6R<*_B#Ja%mLjF^c^M?;m!A6)H%*}8+NNk7A>ARE0HJ3S(?qJ%^
zNv9iVz9VPe03_Wxv3VK5>z>`)!?ZD*xVQe+cgN<XPt}~LQN<&%!m_{FiTzsw2d*97
z`0jV$_qE=)`A)OXjOf!x?vJ=0eafoHa?j$*`b0h+Grim+csg7p&<WvM1gae*R<SBk
z6hHaj{ITwm7}mVTBG&g*Fgsh+^t(b9U&t6v9Nd|N4oBcjX=hqTQ2>Hrh+Kf83XTp)
z7@_s^!x=t5pa_MbgTN8zXGsLgXAeJj#4aFz4i^06$4lUt0^ybc7YC7flxsa!xm!9t
zHmh9SXfRuHi#29l;&x`E$}HrgR$Y;35-?wK_AwP=NvEPm!+JQiCjaC6^e^y5sH8J5
zta}AEUbB(+85vpYze`FMu(9nkJQ%%qsA`mTI?`)P-0dzDbbJ`Fb0`Y@_p16I^}tYn
zV1-aVTy<wB2<0K4Hl(w*cCJyepQ}$lTHdMJ&mV%&KLQ50dHmWkzl_5@#&xFQip%E>
z_wU@EP&G`;mY}T;xhAiyco2s>83$^J!%C04|3#C`=GobpYxKUNV!UpnhXJ?C(vyUu
z=+$PWXb}1rZgCg9#aD;ilACy_Xu(qW<Y-}rG<F!c$h3-RkrtP@L*#qow-tk4(_$us
zDMeo{r8m6HiJ2Cr8p3Fq*!tkM)#ES?P!hf}{u_B7?J@$sH|jjPagoKB^)br~+1iq~
zBipQ=p&7Na2d8MNR5Hw5_IPHZnpzq4`LZu&^8^<#8erW%!7U$6cqO_4>?zGi@2Rz1
zrE0;*?|EbSOD`Zpg`e1wbHt<wa}3Rya~#cubJC;+a~jP}MyM@wTMY?)Ax+paODZ<`
zN-yRL$<-8fO{TId6PR0Q-tD5ulu?}@Fn37Ab01qgoVEUDC{gfm%lb%Ba=Y`GCkQ_d
z(*`w|n!pA)DIF2VV1qR&(}7PGBD;@IU3FiTRuwH$^AdZz+@yEL%?$a}7*23_EGMO@
z1QvC894D=*d}G`#mNhHb3OcqjO@7X>ZGP);etwk7LOznteU>f)J1qWO#%h)s0*|V!
z5OqtY#kam#65-h>nlwe!x+JXlwsPrO3(T^t^n^)O`Oz%S-C0$IAl3(1+LOBSgeAPC
zo2(Y$WvXn`-St&Zd)dBsx5^me_jI5b>8GTJR|gRdhZq}TyX5{KTX7nucv1ZcBo=1>
zzb-hTfA^r;u09G0NQH79g&%Vsn;v5$MIdpZm;qnl`><?V%`dfLhtRa;%-goL&gZv9
zg)X!qS>ESXBw+**Jdvs9HX-4z0fk0b$}SFG1yM%eq28x?O>ITO6X(E?@nGSaEDwZ4
zw}voA&UwhBh8RcwwF7SiDQb+qbtTV?gRpU|bZ4dYJkKtPA4n2N&7pXO7vy*?f;KeX
z3qs?ll#%cp!t;Q!@9nlt(C`zGb_7d|aw)GN=~Iwl1bb+TWlwAVZAY^RE}UL`JN%Ij
ze%^9bzL9=@{`i7o(sv*i<IJ|c?SeMP8$gj)S;769_LY1yq}w%OY6F#ppGglv0aMw)
zB7jrKRE|6|mVoT5Tx2a3er7Tv0r~Qwc?TbUDKc7|ga{?neEni0GEM<i*#c>u=~3ZY
z^*){Nqf*J5G$k=kkSDr)W9ons#WCGly%;^`F_T&Y9R1f=My~pUPPG~3^@R1b2CI>#
z;p3kb7vX*lKjqoZ1La@%HI8DwWWVXxjC}h?zoyl5z8_f>eI1<R*_9>x0es&RBMa3X
zw_XI&N8^HP<as|sb{HJ89LI;=3)Wxe=0)!SGcH$hqql;;-Aqe;)d=obs^qxmD8k-j
zX^3kgVzE@oie3a3T;gUye*zA=IsX=!2|WXBakKZI_%$o@OCmnEam}(q$Cn3HJXe!N
zd@ONaa-wtfw3Xgml@r;`0Q)N8zNEcp7AITL$y1p7_xu`qFwp`x20A5pdA<^eP69Uc
zNDFy&85}WRiF%JzxUAI@4HqO#Jzt50js)I+&wT<sB%gP;XhDVozmT`O`~8MrvzQq1
zFZnfO|Fd7?K%V9*^*ne2XhHsE3V$4EOx`}#>V#T?qvVR=B&$wtH5E4;5hrL<gFF-w
zE(od#9*DRjSXPbP4-_OXn5^uLuoT>^vP{7#bs@1uO~g?YWUoT*iVzp<eHPpSBq29+
zk$MLE?@oO3bH4_S9K!{}LiU(!+c~EKxf!@mHt0-Uf&3z3M&R|+;KqnS0q*f26WKq=
zP{!lxBI*So<)44gujxQ+uJxa;E|H!2HO{glQ-fuK{KYtZj*A!lnqlF)WaoZOdc+%k
zP(g5NL<4_WK5`0BpR8cGGASaLe-mQKh{NVcqJ&C^bDy6bf*cp&&)=ID919dCn{bfI
z3yubIll@2inovR1Nl=?zmjLQJkS?E8Un@WAFz6Z|QeT{XgfQPAtTzItkZRf~^2)}M
z-t5J<jv(L*OXE5BYnnm3ykV&{O`uiYxE>@<)H=`vuVxPthpZhbZI2YYtOco$ZEG@3
zImptsi&a*aG@%<`x8tW@^8^&ei<U%_4f5d~e2c_{nhA2?jeCp4D9cG|^;U{OmYFoo
zMk;|O9u#cTMJEd;9qz)H??{OF7yKI8|N1q5->-S~U%%!*wv+Z>zvllxzed4VEKwe}
zkNlzcFeH~}kte^C&9QONA-6$BHk=VF=1K+wrL*q`$fZAWPaMATi5vSS?XIrffOMu%
z3WzU5FoQn_O-h9#>mbtwFC*iis-i?A_acFiUO?~c?aYm<n7jL#ef1sRd9uP$Ven$^
zlW)UD-_!BNxi#~L^os3@_$)Fgir<*UB4b-G35LjbVUR4)8WIo!<kFbwWv&G=Q)1nF
zl54?CgcVLpL(PvKBhBo9kr7Odk3tr-oc-DUkTk$9dkFmiDZ2rEUsYTdZ#h`(KKk}N
zMSZ5E5|{9t+l#4Pv&H-la<vM+mpwl5pNSR;JHAJy61#JnUH7$L3x6}MT){f0^8&IP
zF}$JliScFHuKqBaqxueCF=a`|k$OqkI=6;n0E3>CWJ`cAbo21-p65p4<8l5KNVfO8
zz?$#r%PGqV%a51o`mPUu@;j!_v9%*L!tZJ2t!O2z;VtWB&FhBn7WJ}NV<{uE@L^p`
z*8~#yp=b<Z3b!#1?g}skV{!&FXkjw9(bFhhLs8tu087(ZphZc=E7Ie)(O6<&A=B_E
zVq6YJqyDV$?Eo@>kZa|UF6P(*U;Y4FG0Ne=-pGdixW?1$>ymr+YS~%4I{~{?TLA?c
zD%lAV;{LI)zho#Z`1FvzwUv0Awh@VVg0|*9dl2Ah5MdFDt_7CjB`q`pAKEObD;BgV
z7!0%zq-bL?=$>HU^T<ZyV^{^HQO%?Jl2F>+8?wAf0$z@IhAa>ik&eu(3PMFS3&M6l
zX14$oed|@q3A$n-lZ14cTjoAK4HB9k65b%Pa4T?-nim7)A#E6hB_*wjfB703va}dJ
zZnK0EcMu>)iXI8gLy80+5CpRrWPBtf?qj|q=iTx7fr*OT?D*_p^Tp-}|CmFvU4doi
zF3FJtRWcTSjjT@)B^m42BKbSX{NfI`24`||rLTl`0Q#_2GWxUlX|oO=dP$B<4jT<m
zj@*HGs=&BGW2B?v1$PzguYC>r_&IAKYiK64q4Or*66IU*xVzx5-2Ke`)E{}WXlCf@
z(LFlcBi!ZPf$kk{5g$K!4!8Ez_f?i_WlCrAT$g<=?*eq`aE@@6cLq9lI7K+cjFJ_R
z77D2HDf1~hN58`_zhsPB(_xP@@IDpNmi{a~*NBb}m2a^s!ZxNG)E)g6^ftN+)D_(c
z>LiO1AmJl&X11fZqkbn`W@(sL3ABu9BMWKihajhYPF*m_;|k@nu81&;c>#J6-2`fi
zZUi+(H-H+*ZV1ft&N<cF*4S2#8J6bi)0G2_W2(vQR`?v_Y@==Ok74v6^?WN?(92^B
zWwU0JWus$5Wm{x@RU)s4QxaWFrcJ6vswwc;NqEemq)pelIAXYh!I9b)Y)dl6+)dq0
zQbMCk$BfFn$n=USk13SNnn|`$UL7YZI+IM0RDhIUz|N^_^nNk2&SHK<4+F;l#QhyH
z*C$BDSRJR1v6+&2vHK|T`uE-2hl2i-RRs)8{v%J|T?YpT2Lp#Vhl26*n$c0pV)4hu
zVewOETV7L(`S}Cpr84@1i50SzI)izKn%TDg9e)VBj^1FXRnXYVRh!D=K+w%7cHlIj
zeEMbB5@VM&V|==*op$<LTgLQs1)mVVQ}R^>#Lia06SfWGWRCZzrCQ}^>1rNFLHWLp
zvPlxb%!0mx8`V7Sf;d?*52|@?3if5G$=Z*MPV##R_B~PywIBH~Ng|$UKd`(|&Eqfl
zFuQNZ-WthOHK&ixVFxrN7AB~X+h^^t1D+DQFUUC5!8|1vB^WWZ>{xRL?An_b6I{a+
zFDO6Up*lsPJbeUbRbAY#Rz2{X`*z{CyYgaf;LhT}ossOF4#clOaz!n$Kl3<C2rA-!
z=s5=~(N|oYFdENV5}_M+SnOLuk(}qI8<U~Mvo2Sw%cd83wGXl8SctX@oq~w7R(7`w
zPm2u*;?=}Fczy@s`q+_N*44VimC`wLWoo(Y`JF0PO4m&L>E(szJhOrw)5{0XdFBN*
z>ig*2tUFvm4KXZrJj;U1GaWh8&9|WS{>^^PcTL3Ki<ygkq!{n7>rd_X?l<Tc>L>31
z8ne;ix?`J(;7>@rjVDL1Y$@1RQcH%!>S_r<LPj;lbhe7XxAUAvqa(GrO7e}1wMW-p
zokA=yCZDWjs+;`j&v12zS~l=-2z4xVyqF<L%Vb<Gh;QKG6T<0>DQ@5q6zc0!3-uiN
zFvEXUsIOn`mFLLr3`ut8%E~fwBagJu!@)kjTh{m8REPSkZ|#6*#T11!hWqkv?Xb^^
zsR|XWbqLRjX$S$=mmf6Vfw=XK#^g5g=m~YKcbLqQlug^egTbX2xYXk_n^utt+$_Ls
z;;|C4+w6#&O{*fe_OkAG15K$VdW{s#rqyOfY<1MklGJ4`ZxsYLIsV~B){trUasT&b
zVN>u~*y!0T%;{_vrl7W?HR3nQPbJW&uyt`3rY(Bc>BlUrqkc}TLI`g&=E2K5Htvrn
z$z|_aJGoO%XRhoox4pb`)17iQ)Bfx7!b_f)LLFb14_@-L3TbTj(ZT-h&K>kQhNYRO
zLumP12le~^EYT5_4A&t<DiMv0z`-ylI5+}G26phtK@MTO#2=qy8Nx`wuRCZVors-b
zF-RZENX9>zgNg1c0p9?Bc_*3VngdBLCZ?LQ19$F17?6NW+d(teG8{;hQ8V~DJc2l*
zbr4@R6r^V7AS0VdmN7B-A%ao3rUF6C)PR^X_&I#b#l%+&aln6Kc^^ni7U{tKWZ^!L
zK7)Sf+Jgv&4DO-9YoS-v9y_4OB{F9y4%tL9>ees_<jd*P=l?aoF{9bsyuy7vRRtXP
zYMJ}0=DkTvZzQ}AmcA2|9ryMu116||7%0Kif*2UjWP0(zDA(dJ2-;{Z&|=c)7UGc}
z$X%w#OeA5@SE{5pxy+53j;7Ym7<^^pwHRhL2{TO+b!3bc#E``<@{v^$HK7he*=56L
z`XOu!grRS&Fss6hP&jf^EL7?l=B*miI4y}68FnxGJu?T9V0VN)vy3KTV<hnuSq@QE
zTz=APo8GGGu>42wQaUz&ssrb+NkN0=l@iQ%CQmUZOsX0jt~|$_33Ce(TF6AgZRfes
zE*uPIV@kWy&vT3YQI5JHQ{|N@%#UH-C}Knp-(Fef@s$y8qipKje&(l2HQo6wK4AVK
z)EbF~`brlNMVh$_R22%MQRyP63Xi7YN4vL4BV}_b{aP9ZK`yOfSX9O*{w4kxPI6OW
zEDBSxMn3{6EE>~mjnTJg*0hJ;z(S>olVp^o^Lvzo^Ho%cQ`=RL3-EQ~Sb7N@WYp|*
z>RIM(L;#Q4)jJaR2>h@l0XZ_7(nZ|5)ZLN1dF@&ex{9pKwko7L?~+7pHAr<Y6GEzr
zqgi!r^(XaOv5eC7pC{k2HBC3zPYw>Rq)v$eRF$#wVcR2fKmfIsL=!UCm-T(vT5WFt
z8rn_dQ^yE5vAh8<WXz;1Dh=j)4tZPJ&4Gp(>=<^Tq?Y<=q;~g6tx^m%H>)PXpAAmD
zdDdf%T!lX=SJh)f+|8M6%HCw+)y8f^#NXsXB;0h%>odC_krZ|=V5r?8m_Ny`AbbSH
zDaBZmqs*?%$hoa{+c=2hHIWT=HDIbtu$p7Wu0DJw#O-<JXS<i_?)#a@_vTgWxlO41
zBe6Te7eOK_oXo^2*uCM)A)X5jNRQ;~hr`#R8#PTU`=9c`z6L+i|D5k5MAXOrJ*f}I
z!0YPIQk30%JDXy%1H*iKF5=dBTW#WZ@wScp7^#*~{fqGS7bNEG4*>tAHU3>%BWtdV
zF8P?ET(MorBP`wcl47S)veI`Y4NetgW%miIrpj{0oCL1lVDpfBI!M@rRRIfiUo4g*
zDHfYER+FaEC>Hw*Vx#t*U0q7pFh9lX3}+_rv>=!XRsk?(f|%Xq^tU#Q$>}C`3F&vj
zn7Zt}PWh8g`ucqEq4~={l7WKk+a3YDh(?X1?BhkEx{UDcF9~DMv3pc2X3D`npI~=M
zAPQoH)<<hklx9@cYh^<eZKT?3Wl0odv~A176?NMvy2t7|(MXkH%9~2|`l{A$D?K7j
zBbRO~ZK7*NNVaW>0CggMqgI=A$v<xuvs4VU_f&7Mv%e6=uIPJ`YB$7Iz1`04Yf5C6
z5^i8S6jik<V6>aS?kh+1k~+%lp{=^yU-}h}c0V|c<BVHc!FoiBhV1QD_(Wocy=_)F
zMBIjz7Ce9`218Jr6*>`LrD5<J40e)Asa7jwA|%7j7OP{zU4vHhwgA8(;Rk~t^Mm2N
z#r=aX2On?j`R(|9uJ<+(eSg*b>U$A$k@v#p!taHilGpX6x}Iv7Ucn9AdYsYCM5vc=
zRa<T>4oh27Pop;P=4ecb79Xqp%c2ygd}Xadyi?+Yt}eNr{B140X33hzXq~y=;8Zy^
zEH0FXEO>+Z+}DF$0M7_p^*_|oJ|(Qt533Cs!_s9-FupVznWg`_hBlv&ro77m@PrV%
zoWuc;O}JBLXb;FDbkSF>wn`^_RW@P!hMi5{h^HHiku9#w&;}4kc(*Lg8W2Ostq-fV
z72p9Owf=b=2Zlbr;icBdBfWV8X>))d;ig`WfwURGhp?gazA4}~VQ#6#Q<R3t*LrAA
zY268Llqz0d`aR-L@($d@vre~Cbo<X(jFAPkPmIbPwAnI7x_{yQ+}zhyhjHGZ%X{7+
zUc#ti5>)^fp=Yt73V@xkOjkAEiiJ?NctYuoDyzOWPXd-aD}J$|B7mCkdr_JKfP&CN
zw^A!u9zaTHq5GfpYh1CaSVGj|ow3STiVA`<LL9LmEcXkLGH3?~ZWQFC)Akau>*T1$
z+eA|9d`P41AYduL;ITdTYy4PN^D(&OyjTYFsZ&u*u-sTG^K(*Aj3axsucd?-Mz(5i
zD+ja58MCx2$LmEFY11du7A5`kYp$_i<YO?)Nw91~auQM0u>@HLA=HT|s*xtzuM<L)
zBQ>?Tm4fNzXjxE{;uRu=wIT5^N&^Gozu?zIBK#V2r}c-U2;w62^E)T3Lmy@6=i%X%
z3OyRO)wkohl`N}T{zU^-64s}|9*22_$AgSpLn(09>}c!(oKUTOc?ZUx`M{IdrOL=x
z-1~tyv9}i%5hHQRAvMshuF4Pzf(q<a{Fxlb02IDDzZ#T>8jCC3*g6C_Js>NfgH7jG
zQ51+zGdVqO1;dKCdE5&9d4S!}HiUDUNe-T!Uj@SMqWDvh^M@b)<D~5l&h0swN2!`C
z6r*<lw_gS~nn^wSsxiJ%xU;|Z!mn{o+_d8HQz4D<sKSkxBYRV8p6ey_w;_=wG=z|V
zlE+R8OGV^*d3L(dzFHh(%E?dE`4Ig83$lL;j3R<nR)zHM3H<k|*W;s-#if5ar}Q^G
z<=;J>D&j4PD)|D<{Szns4iXH3Go_tr9d>9PLjDB`Y&beWc?hkaAI|VOgF*<74je}q
zFc*rPKl~U$dmS@BK>3OMIar93vzK7QF@;+OLL5XU)m42Qm6k@+*>e8UyJO|bg~LT3
zb?S<nM%C6SZ$~xCI%*z{Y#p2u_!^J+8U2;6uOB}u&W3Yyp?=N+0DrOkfHRKbn1J1F
zH6v45{qg8A4ValHy?J{&lijN>3~)-^Ulpoou|BWBS&jc@RZab+uh+B95bTCsZ>Nx!
z9mI1(_YTc$dpWP~!Bl@~6?LlBl=}i@tK~TtoaraXi3o4Fd>t06K=*@ajbJFk!W%AM
z2P488E?-ZYXorQT5sJenQKssq{O4G~m5)%}*-3C7LY44_bk^2>YILU<PS)uweU0>^
z<^6i^nf^~3C=8unTV~)-X5#PM&Q;9zzta*&_n?Qq{@=AnJ}Y*@-KsU87pG*?&pwW8
zJL4sBgu5R$G$#mlizG(vjk2Gel5#uq3KxHK#p!A@<)57!l6hgIPGn)+)*DE%vh%`d
zv8Wzkl+z3h@V(X>7Zdb(VNmQV_zjjGVBl#X67apY8y6E;A;k5dMQ&l-&_yILBIE20
z*2jMiSSffBfjcLI&XpVLJ=n&!I!L}c2>Vx0sORdQ=k~sc&jHx?E7*4r?7IW@{S5Z~
z1oqtmdtTL5T3000lVw$e>WYuWc54Zh$oCbI>^(6qNoJLMWQX8y>YyA3z=mZ)LtEri
z5r0Y#6DIUjI)sQn<pjZN4}{k)=oi6%XDh#xiQ=!jR;p8)>6)giF6o$@-oZacjGP05
zz=Q@a75)XJ5ODoSeqw^C8XQg-QV6(yCWr^ZF+pH<5g6DT&NuYo0K#5&W(7!aot&uy
z4Q?Wci|~wJti$j3B1RVB5hGX6R+Fxt`C8SuF-G?a%4B8V<&tg)UyK;Jl_gH`V>t<U
zhGOff`61*)V0SS=*c}Pn2G1<_%n%WE`u4Orhhv7&4a>KkV<9$&W);0Iw5hFc-pqro
z{>lu-F0$)9XWE4&L-T23c=QH&Dm>mv`2h#a503vCE(?pBeYlPGfa8=${(wW-WdUh_
zBl0o4-{UOgB>OG3Vt_mSoM6)@-yK$-i%s-b`$RNSMEgY`91J&;^Cb4C*Y&$1B;fuF
zju)<fOS9Sg=FuAQ;e8)?9MBmVsYd)SCW*uQtB!Xa689Z?%HY8`okxgZoCgQ67=tfq
zN;Zs%>AH3|)0OO&VZk`rr$G#C#YRSb@JY<`f981!wmw6S#qn?nvc4iL7;KFS&OFON
z>16b9xtIWj1w*a*gkd+3f-~Dr?*ew(dAM9mV1?k<$>%3Pv3>IsNS%m`vo~b^lc{2E
zOx<9Iio+sB&1bBsUEtI%%9PKEi!apWg}<PgMCP1$rkQx=oLHurSmvB)rkUt;mf&B{
z#L^L=HAz9u=9x7L0DU8*QxShkj|>+KA>GdeA!jJO_HC!qUliQDF<?f*T;jd>)5q?Q
zxhTKJI<H(`QCSgPVOt?z!Cv{^aeMLkK~*2Zj<Y{>#lWL;_LVaKC1TRl|2$zl2L^!&
zCS0dz7mz~0^&>gQ1W`2voG_#iaQ#f+4@6*s!0aM0sNnMja%?z&nCDgy1k(xZ#Rzo-
z!%YN!5s~qWb^M+;<|vvC+ctW>a~di2d<V8|lpM2Mre^)FfW>(vuGX<*O8ufc=4!7o
zT@2ehIt~B-QB{Qb!R16?_e+AXJ0RQ!&n)-M5D|6y&(0oyORXrKg6Bk~3r+L~AQxLI
zqW!`%)Zk|FGugTj{{K73qI5oos5$=gc+)$~I8}ycvk5f>U5QIzOrhjqA(18I(C5_0
zKKv`!Y;Q=%|2I3c^>Nuhg`ZtU1;Z8xTD6cB0ARiOB9zlZP##JwtA}oI9@c3lp>PSj
zh=6cO+s^|4JT_khJk7+3b@I>+h24eqry}PMzx~ggGFJE8Zk3`hxFs(_O6H{WxN^F`
z7q0K=-1)9+CZYG~afyM(SZ3k+8=bwmV&AP%5xu|JiTzsw|4z(XNw%)uUwVxaXW<Zf
z|Fb&=L*PtlXIdu|W}Pnz`UMIA9GzAzgx1dwXZV~!K?X+$jw1}13q{T!{xjO`C-UcD
zAx_R-0)Sx(697d4Ar3rq6px}bBHw)W=|}yHv6t)m`8tleUyG+lP1hN3KWvnn&E;o?
zuI(S4{wIQI09j%)gyZ%}zwQ9s#Lq(Aw8hPh4^1W=`b)^FOA5+LXiA+rN(x~!knTTh
zPFG9TCv|>Cy8U}q{m*(}Kd^!;AECO_6Ics^s}j+W&f3~fjUK>*<o1^Jtj=5BFZZ75
zA8|k+_-o5-A%c61lJNn_zjb@6ZZeTke9}!?23~EM?t8boB5b<Cb-Ti@CEXjQjtW1G
zx-B^j@PFCtU%ciW2>tqTkIK!z=@rFCk9(ps3%K6({})fUPZqadbrLT?k5U4J163rC
z99|N1*X_Rg)I-?Z{}pzklby9ux2r)JSQD`OZSmwQRr&D=crMV+Fi?8p*hh0Y(D#UT
z`@Lk~(AY`uHltYJjibZFh3^L|*!CwzgAecCoX@@-s3IEhx+3R<{Y6VYm4DyiHw7xF
z0kl7$#!p4^aSOrR`{9Qz_ot2)KOKJS?5W$mvK3p&>IeHI&8)_<+QP>5!?)hayG%XT
zr5|!k*X@epl^<8<a0CVmpUCN-02ZL17+xIrRvtTAE(Wc%41C*TYL|qj1gz|=m|p!*
zH}<rp56|oPj={;|0u;M_gBZ<!R`PJ?q_ETXgwz?@PzxP8#QE6czM6VW9+h$&xR={{
zQc<GYqIVlJkjOEy+xECz*)hOGGVGWG%1EUEVF}o2+K28Ra6p$24h|%fPTDgMKApH6
zOa?L>?Z{=9MnqlTV$!pR?u3V)w82VQdkL3JxP0&H^gNhcTN$7#@;p91U^+HD2}O5>
zeOKj`&dC<S)NWVYg*H{VuN6wFNtzC8n6DKcnoIiU-&lnyw)&m7@k$Nn+Sm7vTYJP3
zJGGGAZ^|cE^I675N7%|8)f5h|JC5>$Dc9n))io#&pu6r9K9Gvh$()m(&yVJgK5@7P
z*sV%7sf!GM3e;8?cU?<9et(kP0&4009(as;Ja97JQWjX}d0cg(cgS}Wx}QqZaI(Sm
zVl6dL1UiqthQ4N=ADDdXdr1C%xJ51S8wb>FcwlFI<o&mo?rR1C4A7|xf0dSm0FL96
z6G7-gwtkwqa!XQxNPbJ^vHIcOuE8+gE&2gx=-BS~@O#xjHmH<+zPZ|(dBKS=lxgh~
z^vSDl=7A56eU8`#!dnuK^L7p1LM!r5lBl#K-*M$rLCn<yMWOa<k{Ty+hg>5tNj7%h
zLtt<6UTe_^WP;A_vaK16ROFj$1ad*~)&f;q;*SFkvxg-WPq?9WhYD*{g;WJp`6nXK
z#9fV%ha-|ICn|?ZhvmC11t%O(ufvr!@8K3jn5?#kFLzrCVb8zq3&~Q>7|sgFcwAh-
zQ0rs;a)ils?PRc&kz!4?CA+!sgb((~o5W++!_eJ(lHQU5MlC(NDr@cqpR#uqRj!V}
zzO}It-`u~ur_`B#{B8hx@||vvVUKT5WKV<aA%6;gKmRhn#F`JpdML$Oy_4xB)!IwQ
z*Yr70-#~4DNF&6z;A-Ka(uQosAA27j9eKX5mmF?}KvlnI?Q0w!E4r_zJYG9c9muV7
zQu&loz^~@0QDN^}zLq@V3>l9%yFTS?tfMYcD7M>A$x=IN%vxMX=eqW=<$!99XJ_l7
zNMAPp$q+Ml;Bacd>ZgahP@ckp0smbk`$LJq;jbe8=1Jf7-ugL(86Hmv9c{f=lsv|C
y-9}&Y4iJFuSA02vq8_`Kw`3fzWjAR+zpJo7-y<O*otz-UlT_sVB!(6=r2hv{fc!B4

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
new file mode 100644
index 000000000..824936194
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
@@ -0,0 +1,390 @@
+
+from .error import *
+
+from .tokens import *
+from .events import *
+from .nodes import *
+
+from .loader import *
+from .dumper import *
+
+__version__ = '6.0.1'
+try:
+    from .cyaml import *
+    __with_libyaml__ = True
+except ImportError:
+    __with_libyaml__ = False
+
+import io
+
+#------------------------------------------------------------------------------
+# XXX "Warnings control" is now deprecated. Leaving in the API function to not
+# break code that uses it.
+#------------------------------------------------------------------------------
+def warnings(settings=None):
+    if settings is None:
+        return {}
+
+#------------------------------------------------------------------------------
+def scan(stream, Loader=Loader):
+    """
+    Scan a YAML stream and produce scanning tokens.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_token():
+            yield loader.get_token()
+    finally:
+        loader.dispose()
+
+def parse(stream, Loader=Loader):
+    """
+    Parse a YAML stream and produce parsing events.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_event():
+            yield loader.get_event()
+    finally:
+        loader.dispose()
+
+def compose(stream, Loader=Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding representation tree.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_node()
+    finally:
+        loader.dispose()
+
+def compose_all(stream, Loader=Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding representation trees.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_node():
+            yield loader.get_node()
+    finally:
+        loader.dispose()
+
+def load(stream, Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_data()
+    finally:
+        loader.dispose()
+
+def load_all(stream, Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_data():
+            yield loader.get_data()
+    finally:
+        loader.dispose()
+
+def full_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, FullLoader)
+
+def full_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, FullLoader)
+
+def safe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load(stream, SafeLoader)
+
+def safe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load_all(stream, SafeLoader)
+
+def unsafe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, UnsafeLoader)
+
+def unsafe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, UnsafeLoader)
+
+def emit(events, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None):
+    """
+    Emit YAML parsing events into a stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        stream = io.StringIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break)
+    try:
+        for event in events:
+            dumper.emit(event)
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize_all(nodes, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None):
+    """
+    Serialize a sequence of representation trees into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end)
+    try:
+        dumper.open()
+        for node in nodes:
+            dumper.serialize(node)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize(node, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a representation tree into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return serialize_all([node], stream, Dumper=Dumper, **kwds)
+
+def dump_all(documents, stream=None, Dumper=Dumper,
+        default_style=None, default_flow_style=False,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None, sort_keys=True):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, default_style=default_style,
+            default_flow_style=default_flow_style,
+            canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end, sort_keys=sort_keys)
+    try:
+        dumper.open()
+        for data in documents:
+            dumper.represent(data)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def dump(data, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=Dumper, **kwds)
+
+def safe_dump_all(documents, stream=None, **kwds):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+
+def safe_dump(data, stream=None, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+
+def add_implicit_resolver(tag, regexp, first=None,
+        Loader=None, Dumper=Dumper):
+    """
+    Add an implicit scalar detector.
+    If an implicit scalar value matches the given regexp,
+    the corresponding tag is assigned to the scalar.
+    first is a sequence of possible initial characters or None.
+    """
+    if Loader is None:
+        loader.Loader.add_implicit_resolver(tag, regexp, first)
+        loader.FullLoader.add_implicit_resolver(tag, regexp, first)
+        loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first)
+    else:
+        Loader.add_implicit_resolver(tag, regexp, first)
+    Dumper.add_implicit_resolver(tag, regexp, first)
+
+def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper):
+    """
+    Add a path based resolver for the given tag.
+    A path is a list of keys that forms a path
+    to a node in the representation tree.
+    Keys can be string values, integers, or None.
+    """
+    if Loader is None:
+        loader.Loader.add_path_resolver(tag, path, kind)
+        loader.FullLoader.add_path_resolver(tag, path, kind)
+        loader.UnsafeLoader.add_path_resolver(tag, path, kind)
+    else:
+        Loader.add_path_resolver(tag, path, kind)
+    Dumper.add_path_resolver(tag, path, kind)
+
+def add_constructor(tag, constructor, Loader=None):
+    """
+    Add a constructor for the given tag.
+    Constructor is a function that accepts a Loader instance
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_constructor(tag, constructor)
+        loader.FullLoader.add_constructor(tag, constructor)
+        loader.UnsafeLoader.add_constructor(tag, constructor)
+    else:
+        Loader.add_constructor(tag, constructor)
+
+def add_multi_constructor(tag_prefix, multi_constructor, Loader=None):
+    """
+    Add a multi-constructor for the given tag prefix.
+    Multi-constructor is called for a node if its tag starts with tag_prefix.
+    Multi-constructor accepts a Loader instance, a tag suffix,
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor)
+    else:
+        Loader.add_multi_constructor(tag_prefix, multi_constructor)
+
+def add_representer(data_type, representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Representer is a function accepting a Dumper instance
+    and an instance of the given data type
+    and producing the corresponding representation node.
+    """
+    Dumper.add_representer(data_type, representer)
+
+def add_multi_representer(data_type, multi_representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Multi-representer is a function accepting a Dumper instance
+    and an instance of the given data type or subtype
+    and producing the corresponding representation node.
+    """
+    Dumper.add_multi_representer(data_type, multi_representer)
+
+class YAMLObjectMetaclass(type):
+    """
+    The metaclass for YAMLObject.
+    """
+    def __init__(cls, name, bases, kwds):
+        super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds)
+        if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None:
+            if isinstance(cls.yaml_loader, list):
+                for loader in cls.yaml_loader:
+                    loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+            else:
+                cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+
+            cls.yaml_dumper.add_representer(cls, cls.to_yaml)
+
+class YAMLObject(metaclass=YAMLObjectMetaclass):
+    """
+    An object that can dump itself to a YAML stream
+    and load itself from a YAML stream.
+    """
+
+    __slots__ = ()  # no direct instantiation, so allow immutable subclasses
+
+    yaml_loader = [Loader, FullLoader, UnsafeLoader]
+    yaml_dumper = Dumper
+
+    yaml_tag = None
+    yaml_flow_style = None
+
+    @classmethod
+    def from_yaml(cls, loader, node):
+        """
+        Convert a representation node to a Python object.
+        """
+        return loader.construct_yaml_object(node, cls)
+
+    @classmethod
+    def to_yaml(cls, dumper, data):
+        """
+        Convert a Python object to a representation node.
+        """
+        return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
+                flow_style=cls.yaml_flow_style)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/_yaml.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-arm64/yaml/_yaml.cpython-311-darwin.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..bbff99c9918f1dda98c7252ee461b471933b9b79
GIT binary patch
literal 125900
zcmbSy1y>tgv^GvDUR(kcEhV^Hfub$e;_mJ)#f!TZDG(@H++B;iLvZ)t4hiJrz2E%>
zH)~DSoRdAzo~^U@oD=HkHwgcIkl-iT-d+Ui(EIaY9{ZUQ3rR`cTtvdR4nS7alyK%;
zLc)YuBV;y0@09H@IcfY~)=tbZy5@vwvKUW)6<5uXGze7|QUN2h4h3&MN$XiN13qNj
z3kh2O9(GgNyS-;})z{;3-OqyhcHa9fWGHxKKk~ZaBOoIfAqL(dB#_}=&?nFl1@Iv%
zWbU^w?4bnHO<dGvyhImU7AvxJ?rd!jsXtwP>WYDF1Te2$EfMMitDXhymshvZ9djt^
z+FKh6vJ_l*>l#HcS<mzSUKJ6oIZr-&iWq$}7>q3tnV@`J^?0@z>vVK*9(!8TQXFA9
zCw!ztuZg#wwHRadH(K!HHcbKFU^Ab0fTnZid*@2q(a(LX7X08KK1ipqB}K}CpzKwf
zLgHi*-*Na(0h`{$p`PVg{dWSUUE%!g;Mso6=dqc9=99QB7`G*f?EGwV`x^OHLxI5h
zne8m@^xkRF-sKU(vE?1RfIL|Pr6N-C&Tfq0j?S_3<c+oK!G;g?#HVP@5GFo$b!JJI
z({TH>`!-@5c7L;d^ka=S=bT!41d>kpIMxVotUK@Uyz{FW*<tEyuz6m7Fw*(u30-Z$
zYx6IxZ`WLwov5)-34cx?VLJ$`A*k%~xY6SE@K*O^Ja$d<Dk`M3*A_*5c)4j6Ld&hB
z$7!{a07V3AzC$$dX2WSs$1o+agBA)LrXWm-O=DF;5v$AjXMoAu!(HzYss%nRD?jxT
zIflsuUmwj)jL!oUgW0Hj=Y?OwbG-JaaXoNQ5M(hW-yviYzGPZ8^v}gN(%p7Hui)tr
zSGGNFkYqTYl~H9uyVdW<S^@CU9I>W{IG-v?@4c>r4Q_}>QWZbzL2{w<#ara5H2;Cs
zheH{$u8Rn=ugRM|&Rfk+dID^eBypI7p*#P#VZgl><S>29=>7nJtUFuJ-Vuu$(`1}C
z?Bjq45p6;oA=kPPb;XjZc5=BlrO{ESUa<i%$8+=+QzB2`V`Y6X>y8{9(wkmG#bP@6
zG;`_?dmQ_YXNXuGG*55Y_pcZfJ?tJVbnjGwk`SekWydM0ortk}fN1xt%MJSgvzE_r
zof8j`EiTmmvuctP52AhXD;WX@@&}0ky2;Fhp&C@koGo;65`0T(9$0<iK1r5Os}B67
z=H}GMiOMJ?iKvFB$ZJo@*V%rui-a3KvJxWWKdYir_2*SQqRzzz#evO#nJxRX902pR
zKTKH53xF0%P0$AONc)tA2hxb*3Pr(Rb#&(L-M3$9%x}{H`Wjy-%*Tb%wrfL*vX*_?
z8V=`u38f;?F`$?^b?wV*zYtRisL-+)?n`wxYwbJR;(kW(ek?Rk`z?-!mIWPG4E8}@
z6he-#w{D5r?&H%N6u%kd#Xdtb!i2WPJou0|j(=X5%cprF>Zgh;CXxFM`4E9aV75n%
zT9Z^nB&s~a2tZ9VrGbRy)12j67fvSDJIhJ{QHEOYK12{BP{jTci`H?IyE8Z5K<*-e
z`#Jpk;Mm)jxIXYx&vCXsb`Q~G8PPo0TlxA#X`P#!{f<vj{*I4$u^pR0*k_Ve?h>SH
z##UCWW8OKnW^OFd;`?1k)so<Zt;;q>uP-p=AAJr2cjS^t(46g4w$$kNbh3wNzb{6@
zo`h26KKQ-)+THm(9o@n%#Ibc7f9y~%hWrToS~pt$s51`f*lmZ!838>tYd6cw4#J4H
zTrYR^aDC5s_~(93G9<Y&Fgh({?}epuCp0vR3Tlo9y1sSL?auH2VpNCF#ZT3piXjq(
zT)l@Fub{<$GTIguruETSMaD3Fr}3xiBYxON!EfJfw!<vcy0eb31j@!mgba`+)B0Q`
zi`Ba+*{HJof@Hy(Jq4j@Jz4#XP6miZbs9Yd_^%@oZUG1nnEUmbF_BW?H<D@eNv?4M
zDl$x2%BmXpm=ig?;MX{mMIF0Lw<6o<nVPvPa4<r$e7FDawu^8-g=-V0oos-#DT0#_
zd);phLEkJF#*&2C<d(Bx?2c9F_r3_c2&WjsSN)@xJ<_=tf5}?QN|c*ta3T0RDsN6t
zP)qC<jS4<+3z47Qe+u#;F#BLq(4AVj#W#k~bw5pQy_|*8;>1XY$}c-}rg|-!PJ@1C
zRuCS*;AhW;S=)Htd+D<+i}#*vw;K>+hL~i5n1IQY{9-a6Pg9h>ncTgD;c~Gt4Zcu%
zXG>k`&io}o!V|kX%dXb-D#};I;9cBCiOa;y<63V{|5ugsJkaWtc1O#fjF>`0B5{rH
zVh(>pgUUb8))#HbO4y+rv7EF_jiwt<UQkQaZ<FfQPDRgN3i1c`A$5VB38g3lG$~PQ
zhWvC1IB1gLf@BUR1(ISvNvQ}JxhL|Zlt5786mvcn|ML6M5L5mWBeOGN85e~3kvUf%
z(j`}Jx=XNFd~+lS9px70FN33GUeH~t(#Luua#8T(1&>a+h)d-ndGF1qdy(pIqHs|<
z5+&mTCn)^ibRi`TrfuJw{PtgBKMynL4_1GgZd%CnJWIt-eu23?;P=r4!YkSah8W7)
zW@_k{z>l(cn3h9=qc{ZAU@<Ng924q6=UQ_h(}ALKfezmi`d9?=Dxu6<kN9NBc}!=~
zS64*@!&z>nO2a%B%hDpsv3X&o$^a$Jxc%SVYBIkwr|9&GdsZ@>R_AMIOcm31gf@nU
z{!x%Ix6rl7WOiZ|pQ8v0BqpXV>lTZ}&khDrW_8OwGFQyz3>>}L-Sm?AdNwBnfaYEB
zCIs_yB;CP$eP0w40Q?*(*t0?#lvyut=!7dR3wHY!j_RDACTWBR$X2rBX3vqAI8zgo
zgzJ@Ze$KAZ2w#y}TSFI)lAWG*UP(A+W?bVmj!b(W$(Eb}bbE$#LIG?_hDfzLIx?l4
z9|ArobzztdTD{BZS8Z#%fD^rb@A_WsBgYGDPOIAh!L?lcphR*DnHjG6dQ&^Cjo--?
zkc^;H*uankn+{yf_l2HLSU^VSiDH<)jOn0*B{4a^3)jF`|NX_ArqG@<M!^SmnUSXY
zeYx%<+(1go3AsV7i;7jLk>80!-qBC7sg}1pyL13?10<0rL9&m>Pk|)ymZE{Ovf2yx
z1fx$cgSDR+Q2Tlgw#_EzW9UZ;u+|Al4So*{H#_3i!kqMS2xP@~(Yai<I83VgCw}!Q
zi7_ruxMgRXE>4U(yKLdfyvvLLY*px;C#`4QXGkf%cr)yXzHn~cBgA_c`!L5)QkK_v
z8l{NX9?O|1_l826K3i6iulR5);aG607%|s0ZM}&I)f^F2A04uUXekZAyM!9s%E-Ip
z517dmjxj{gd;I*43oSBkbm{h*M&v-XbTlq$qk_SQmaAfZHt5r?8Cj|$@5HoO*xBSe
z3ELOWfR7^m^zqNQ&rpqI5lGj~`4OYHMwi#sJ%G{sQvB&2n0)d~7X<UG`T}B@?K(&|
zV{v>RAZC>WeUX5J9Fr{9j2QyNERrf>Z_eK(>v{S3E+xx~-`u3Smc9^d@$Ej(QZDqi
ztl~QmtO|x>#y2o--m_JqCU%9~fUOx9vokrq4qPwL+0{;JV$uR!??VPxK`u)8fz-Cw
z3-}@dduA5Xa^3}UC$6&MZZ|2eYF!G0PqzuKKufFV^ytxYtfBdjvXx&N4YK53Iv40C
zZNBDFGI}p`vC{^`^ABGz4vP_|<-9-8T7SY^uiEZy-wwcF=aKQUocsA^?M+pxdt=-$
z<@o9eHEoi(l#L(17Wt?VITIKU1P%|@J@8t11exq6Wluy+kf*sL7RgnVDlyYc56tWc
z=6@bK4++X#-#E*PEAakf5>1Ose0+>ceZ&Vb>8WFy7$Gq8>lvUipBp~-dhT4IQ6u7~
z?Rg2bmRC08JoB30(wggQVA6V)IBR#r1zH{ThOQ*s(w2AJO6{pDcuk1i+lQA~AP_Vt
z^&i-7xHLy?4{O;TO@@F$UgiC^2!|UkeklM5KA!XXDiMw*^SG`M!a+mm^|sJ8GU=DL
zGg@!^PVR;|%iuSYM>G+kWCJ2y;Gb5*ockpKz3G-u6bF-aU8xspo&GN(nd+eLA(oPO
zed48@ljLLEj9~!=ky|<DuOvUOb~}AvMA%D39zzZuX(IlanSzQrl_jv??WDb8>>#np
zj?w@FfdJ5o8i*|9V4o&pYCWBa`g$y8E5{O0DS?a)yB>SI#!`Q#lkz%t6ZuCf@~j4G
z2`N^_lM3%oXF|RfAsnC07rULD#R01zgN~GCy`tPiLOH$0N&`SK7rWRo`&($_*F0$R
zmr)mU)MzzRW@E0jZ}RqztU&KZxWT7R^AwN8^gXJDI~aYNO9TZkTXZ6OLR89Fpxcj=
zDm`^)91*^*$?qp^#_E8-i#2X1^Kmp^XprF|<Xgj(c;h>yMq}4#dnLZ~J*H%Y<H*4=
z-XK-)bw-gMV?5E=0g-5qNuOzv7UaJHR4&aL<QH=j(HAMlUJs-qb!u=C(k<qhOTvN8
zjMA%edJ)uc2`rfL7&rcPdECCXg!l1*fZnk7w1_q113iCua&+FZTL=?rFq7`><jEW5
zUvW%$!NpA@bwL+5LRcmjmZl)Lu{ws|;bd~puJOIRnuGb~%;bL|m}um6=^y0d+j#sW
zQY+bqxGetJi;dMrSHmumBjQX4fbQWE^>c?$NFyq)#l7kqX!6-{45Y#4VB;Q@E5}$v
zH((Gc5b@WZZqL;`E)6jipT(tVYOhci7A-KiNLbIcZslT>Cfg8=tPU1lJGWkRDc?B3
zzBB-wECs^pfb#wboL)oe{ju6ghp^Ausp}_B^G*L$icK*Fj54IPU5c$>d8QbBMj55G
zbF+7F<cJ_Y&SfzR!HR2nVtaTppt2=+<w8Dnf?az67|c8x<r`~=27z%crWeMK<l&{h
z!cW(YrWdkU7`x^_f7ZTobZbs>HL268b-(^?XG)w}%R#_%O%9OfK$GvqO<`c>AG<oZ
zr$IBRri3F($%k8|QZ0p;?+Jw4no|Jxgou@~QrE=rQjffU3tGlGOk|jjsg%?%VvH`I
zOJEHcX@_dhxB~@47#?-PZTF`5v|QYPf}8^ZBPxO_y<BR8Ts#90Rkb&?z@B@Wo-@)N
zF^i*oQ?jpvY4|wck+KydvQkqrn=uy>^CM2ZUYCZrJsZ>1O!d^VH_;FuJOHPbLmx2M
z4X8PLY5upj!NrRLs0q=k<g*z517r{+Pu&tq-5LO9d>ow**_%0+xal)G3e%Q3)C!xu
zWEkDj5zNE>UlQk(LXW^O^N=|65YEw(bLLUf9+xX&Jb+J(w*L#2)ab2HD!!X<%gmNe
z#tPc#8^CA;={5ZP=)t8Wj6riSiNf@ys&<zk)qNxAF!En5c^%=QmdnvY(vedI<vf~v
zWgG)IeNS<uHm@nnJSEONg>&@!<0wzh71rITfoUoe$0!zH^n+06&8xo~yyAa&9hs)K
zF=Nh3_PSKW?dh1N>Z+x-VT=-<q>%!XIYv*cQdc2|4>RMhG8DxM#{7@>y)n-KRT`7M
zs?T(6M$_CoqWWgQzl77`C{COBQ0wZIy#JNF5j)k^9S9!Kf~%&EOpvG62&L9=F2FZR
zAOSrpaMlPADUhkN7ZRW!6I-}5+W%?=$Vx;_O)Dvd?O5%-uu!MlT(w@6Y0G-LdGN@U
zh%tsQW**(Z>XqwQt=d5v#o>cX;;SKiDg38vP)w_V#XyEg^3+SA)XM=N`(I!cL8@hq
zp-Ht!q;~47PlDpuF<v=D+CP}LPq6RAYM=c9HaL@~Mhc}y4gi}<f#>+CC5!CPSZzED
zZ^KvkqlX>=Jr<@0o$IayA8iNB{~ywpZ}u`O&7|%)7>{0$ek=ILNt@-DF4V;Mf3tw=
z^2q%RCGVt6ZoON%0}5>Uwb)jHHclC6G4Pj5Na5R~1=9~QP`JigSMDjC0uO+0QV(~O
zsJDx>D9Msq2`~*~*&xegz?H6Z`j0HN5gztNzKHvG|5nWOi+ZYl{j+Imm1%vzm`c7a
z_hbDtJn>b@f_(Dcot5LegI4gA!ri7f@<(R+nHiM%&t<@knY(!H&dBK(&QasF<(V%l
z@JK987YRG!QM0vW7nhhjWo;V>Ezq6+Xd#vVKT$^ER?tD<#_MVNo)izJs`v`L1`DjG
zN#XB&4BL*Wfh%jf1jJPDwz%2)YsNeW{3--h-~0oLk=B_RrOviCp66YU_L5cpX10IW
zW6U;m;IfD;2C{UD1*Fby{DqQ)6mH=~#N~31vTp=h8OxH_?gm^3^r~EAXB+zay#OiH
zQwtJ}Q@@V6^raUf)wxAj3>R`Xx)`ni)lpk73%k?%CAEvrMFUc~e)TJ9fqH?mvD%;>
z;L!kZxQ$DXWyOj;m074uA<`KhU#sTu%5+67)gWZgV(coJQ~s01k?9y$Q!B5$*GYgf
zw?V7hP9e*yVMJPVc}!#C2Jy?D%S3|TDCbDheAbV-i}!YM6S0AABy5d<2QyNo!R+X!
zH=~y+=F){0C+t(P&#0Ws@b@EJKdX6sv1$97JugS!<FV%FX@7LgI}NZ8vrS;(lP{TI
z_r>a(qs%*n%f}iP9m2R6WT2YbmBpvjb+C8&&(yS&z87^|d7wwF7v2aM;W#%n!53}n
zty(4WwA-`yc%p{Eq*ME&Oph1d%BpUiU%7|xN8aPHzc!!~1mA=aD7clyHDK^(q^}6o
z^AiLKg0L}O?}hygNt(NKcABG!8>j5+AX(6B-;ssUGkH5Nnz>cWK|=&m!WEN^I)x7{
z`-(9IMN}aZ$U)A&CLFo82k0Q|zV@vL0NTm5P8hE@F)z&b$AQDv!EA<VK{>b!tp--f
z>4JtFfR>!5%xcKffRR&mHZwk-wzZ2Nv)30Dw<*%J$@tpo53dg(6*pPybl#6C?An7w
zhs*3Z(oh$z(Z5m=PdP}}nC@psnXtDQimwp$cW(P5+N%@#>^&ou_8j59wc=I^_$E$q
z`G}5MZ}9yD6%&PiP3FN7i3(c@W#ykNs#*Sl0U8yy9LmZ~I7<E3?<Wm*wT|3(Yd(KC
z(h8BcN-ZTSv*kcd0I2)J(f|pUf%)DiEl)~n0i1OP@2F+zt6e1;@5=Aj?f*usc_z^p
zamH1D5f0aFqa_`D<ehx0;UIe*vU3VZV&djZ3U2}J9+m8ShyQY=CdRvKaU(Eh{r4mS
z%mqF@az1JQR`@hI_(PQKb?D8}o1ar*q&t8q=a%FeixnTI{jYKRJ>pv7hr3`0#4nHZ
zto?oY)a6EXV$3uYqWp_}`H~vdL?W!YCQ{Ev+tZ&|7RebCC$AMmbQ-n9+sciE?|37$
zZ(yU0Q~*L0HG9-dFFL`dkv=-8E7EerwKDwyPP&)c#m~S6?SK0P2jtEf>~9Y-Sr!X0
z>e+ztI8jJfy8kTl4;)Oq%?ufHmCKD-sFWeSSARFv5jz}FDeA<<pNaa}*2N)xS5`|9
zq^Bw(JBIkTRvWjwFqO^khSD{{M+fSQ3lvB{u+uJ^1N)qJVKiZ~WKkwf)061ce(`|@
z-R`xnwQZtI;99;7*Tr}slkW0s3;R6_e2E|>svHlE9V936dGL`nOg;~AYLk2k#zehI
z%3Gvh+s^|HSGG|X=-9(Mg9kiS!A@Abn-5f<P5z$HL@;2Y&T;&ns{w6I592kOUo)c*
zd;UQZmVEiw9_X~Jcarm6&9i(>7pYZxkefG(X&tk_#@k<rbgQNfRn4qh^)`@G`6ve;
zbcBpCS%EH54#fX<*(C=^Rus{Z_inWI+HXM(nU&dW#VzIpyw+cEqHjfU#h!%m{S>|&
ze3O>spr1@AJad7??E+x|N>(sevaKT@JgI#QMBd%0bgoM)j6Ln5E$!QoKqsAdcauiT
zXxm<H7y5|2T6x||RC8DKKag?z_r3Lc>rR*v8OSeECZe};^2y<PU%iw72%PuKh(x%#
zJ1LQ}{NF)j<e-6Kl#p4R?biF^Q~o$vkE%c<AyC725fX3FYt!qP*$YY_(YFPnME_w+
z#7xlml@pKddvg}}ryh-&?CJ_p1d}f%fqni3V=atS=HD7enRVYg$Vb1*Cqi6pep`6A
z^Xea+fy9tSP@IYFxjWEm{O*mpe39Kh{r3UR=W<;(Bq%)KzzR2i9*S>`rO5b=L>@hN
zH;8!mw|UPwk+Q$!QPe!+s*Q8PuFtU^otH%<#Or`Yu6G6Q-KWQri0=U_vES_g9UxiV
zI#H>mPGRxI2mSY5>G)*SZ$U&;yfXf}c;ov^N{h!H(u*I3-!)P=FX?~DU{Mq?dHuOK
z#h%st`sB?kZmA_I&lFPQwwn(6>cA)BZ>@2xyiunnRXdjpcKs=*fRX)0qAPiQ+MU(f
z15`7<tCjp|J4*99HQOg#7Grr)ggn;J6m8S(?`PLYKSF9n6_=U;@5PjCeGSAd3A!1V
ztpH9wPz7;Wg1n_T%Bk9=c2H==(*Czb=m!diS*Vco03_HPX*t7avuQAY>F3HJ%+fC;
z))-?Y@tMZLJ$ENHQkKCSiClWgp}_9n=_@b=EH99cF;LM)781CUNuP`BZg(zQQ|JX?
zs8~A7w-ZdkZaNC<8*1-mdux?}sC(37#Rsb0tB9<=wPJKVzP}GXte^Unv-f>Z1yNsW
zNrjoBOLTY8`dSK6G!voG@6wHu``T*hBjWgM4Uue(`{j?-SJ)yu@ui=_pZ#_9%wE(k
zY6IWK!ZhBE@8{Y{tAwzoRgy&A2WyQ@z2xlSU)KiS@e}Z!%sLs?{)by;Ks=?m2uhN<
z;k`cGJU}A<V@gqJZaUi@$D~s?USKy5E!pr0foUJi=<ElL8sL93r0Z&N_Z!v_>h$|d
zw&71_*LxrQ0rcK{!rVIr8Wp%+V0W&{cjB3~@DLTq#SyMh*)=>y2PH?;cC)+u?k|7;
z17tVO7hKyRx8$@cOfjpoUxRK)Fg5Ij+$H+wn!=nVK$E-kIlj989Q}JKlR2BYx7yY3
zKns;dlX=IL&;D6_5AKNb{lTmd`g!nJ{?96udZtgm?ZN&P8?D{|<tB?vnI#8}=SI<8
z_7~9#^E3MZNpV}O#jiPYj}^b;97lO~bQ7vim(jO74dpUeoPD72flsQ9TcsO~VK4#v
zbqb^>9xA&D0yV?c^#zPWUcd^APNVc%$G7F*rxqg~k;hH;@4K|p7HSPXXtCuoVJ$|1
zW*%c}=R5MqHgND8HSdBJonlh7gI88u5Qi->blZ=cDqdYew?R)lzAw1q;X?(ogX1rx
z-+xRqsrL9~!cb&zNH5l;9{rbO5A@Tk_$thwtL;Jq9XK{eeRaT^8s9s)ur~~PG$Te|
zf>N~OS61I5s;hKnLl4`_gkFso%Ywr5?%GfJ)zMaE5cP|8AZ2@y?xBRSA=vhUZ}Nv6
zsYj;`8vo>lT9Cj)W1t<Hue(s^Ch<s<RBu!4h52?ZZW34WYZka_3?x?VOk+08{rHL+
z3}?yh^QyjGL8sL$dO(hkkL(+}j-p=CQ@HM~cn_x=k6LTYS>OlBqGqD1S;j4F7yFU3
z&XAFDkqTOELi9@eDb=G(6U1yCbw+jiUMd6c(sgYUi@_!Yr-p04U)+(Wx3#b%w%Jtn
za|Ni>JLz&Ee~BMUi8Cc%jeD+-XwMmZ8o*0K{E50k`lwDS8e&B?IQ|~KHXfzFtOTK$
z%r{p@`XO7~zoNtX#KEQaTDb%fBmX7VEY-2YdAwIIZYVc>JA!)iI=k2E0az735R13k
z7qg8ZcAO7PZwO7vpdO?v(h~>H=jE674<t|*S9~OyBCx1_ZbFlKS+ZgsLCr&zzjjjn
z{G$7tsLhqG!cin1$AM_-REYI$gASI7*^sf>S;>OVO|DMX-#<EbSdY;xvpNf+qrOP3
z>vEWDi-hF`&-avy@Mp4V6CLab=)#QiYwm9OgorwU$LcZnjddX$CQvcWl&i<RSOg9{
z#LsK^tD{i=W=bR!^*#K-qJO<Q>_6?^0gy(ftfv*r`rpWeeUBL<8<P<F&N`z0-}Q}A
z^{MVN|8P;vIA=cdqhnO&UzchBe*6`0HQj*Lx2^7$HSpYzj`SnOrbcR>7Vm1O{vY+*
z4}|EAXS_5*sZzFynqTX^USF&*g~M826|46J5)F;kM|xso(}{Mp;nC5X9O6h!6bx=*
zlx%30{0~7sr=X#{?1UQAO7&H>?Ml&AhfkKR7SDA*t(>jcBO2omo8zF-@hChoHk>l^
zCiX+|v-^I)TwZ4*s0VulNJU>yM7o|-=GyB@^5w*$A9VYvg8hvB?#-ckHt}e^4j~8E
z>evwFhEBAYGCu2%Qk`<_$Lu|8R!H?vWz=21na^DYI+6#DY~!#~^}PO3ABmLpKi3GW
zhQ1$jXSt?nmFBlc|1;&2nmF!Y(CM!Z8X?d^e}A%6^sJ9H=*#<n4U7KHb5<S0Rl~VA
zhm6_8N)^Q1q+}LcT$a^rm4!N#>+%f`T)U21poLlo-9{C0x|sT@is)b>H$V4$3qN(4
z`k@WXylZSB%kJm?uZUmNqQCxvM89(6tt9;BLAl7d)9j@}LJ}Q8{BE2ei}cFVR^z0<
zYWivWWjio1X{S3Z!#AbmVl-jn(MD(V$7!yic%)DVP^ZI!n`_K`x0|lwwp3{Thceqa
zel~I05zHjU!vFi%`ojna{mf%%hAe|W;`kpOkxH9O?^nH|RlS?~LTpF!%JVY`i9=pL
z<!^Mx5LosFY+G8Wi1Fg@rY+*BMI<q|I&0^fM+$?8^7E4%Oe;)^ivFSwa#msvE}+?N
z;6H=K0~wveyPrS(g}O-pWEfsZMFV`q33L8jV{*rT)WkgeTG~HfN?i6|(mi)Y^c(wW
z52nHsb<o#)rDU<D8pM9zMK;M!Jj=-&Bs<!PKUF8BBr*EPLl@jV1Z!W&%9-Iy%4<wi
ze-H00riBdsWJlqN=S}xKz5@lb9KmR1xx2j5t!m70Bea#L{u6SH1W9OGs@`f@vLWG>
zXX7y@;#%*|(+p7>p|5VvH3?SEKlir=LSbIdTfjf2Hc0U}{!F>fJZv`iQ_WgLSC*HF
zw>!1$s3~Q$wjml-g)vy8uLf>ffDi>Yf9Oyy?k{%pcP_N>=ghR?w7`vk68{g=7Q?rH
zvuw6B8y<lF<<r*@J7!~z02}e~_BLmpbW5qU!4RBf!NgzZ0q{LINcN5zB_(%<$5t?n
zo2z|%C{DXVaMVh#U7YvEm-uRBUwWYg9sKqXH~F8Acac(b{1Gg#>6K-&6@C+X-*$_e
ze-Jdf0jV|E<}$FfpXtA1p<PK_ETfw^erMbHHAKGFzed}3YeLsuxe3X+vTaK^bjldf
zo+q)nIfLsmCluCSM+Z^$DGXdl&$}&M%%6t%$%Ms|krlnlX`J8uVb1#UeYT++c#PeF
zPDkwwZQ6q$pz0iekM~Wvv|l}i<>C8(ajE|H(4JtC?*wi7`Y#(B)q9;AwFXka)wx*N
zVuOORRmK7bSGnnK_c)r*J`bAE-_ygLgs!c)p&v~~!GRVOed7CSYyQLNZZL)Em>kp)
zpJ@lYZ0^H{NN5-~lF*OePVkn@2@<jYD#B81q}E=PMkdc-QZ2l3ef}IL>O$|IbdoRG
zLT8ZrRb5iDMoyQl-G$ZrZ)c)y82rA3SC(tU+AC};^tp&=tLl%f&o}o+4^sx*pA_g<
z!DndS+cV;RU5bpX(dT+H-+vw1e4zQyY?&x?gD8!hZ4xK|PsTle&H0b~yHzvJy7jBP
zF<9uAdab<oZX+EjE~Z^X8-&_}RI9YPKL(6&t=riqI_lxk;F|!`H=aEXc=vm=&YU1w
z23-_2sTS%2EJVZq!c7z7Pym?^;(*s8>*j-pOK?W3&ce29Shcg>s@v<Ap136|bGJ)&
z!utJeIE4bL_#02VZn^30kYl$!S^kRd$Kq4nFY)!~_#tgSNFo|34oOKT^G9qDZ}V3L
zQ~pd*yyj+aUDTUT$c^@G;#kMctaBUBY85X;SB`@6#{nhB{Ce>AA)z{>wm^_s9<)JP
z$6kqp3pOznx4N(#!*d885nKbk_d8=acMEA7#Oq-_L7Eo)9p`x|V$z6tm?qQnx>e@7
z?dreexXhO8Lsl)?hACx0a<G>ICHY<K<Tccl?E-fsxy@wXb=;)29WfV1<&hcmt4M|N
z(DiD|;9%K~XPffCDT>;}o|T5W!vC2@jW=oc))F=?Wh0Rf1loVJ@KzYC4XjqP((23y
zCWT2;5^EDst+LW&#_gG~V%jFX|3@$E@<Jv5xVZp)XRcjptR1<sMTN+~VFU@*cDqh+
z5yJKU+ItmU30OFtIScx2CdW4nDqpzWwGz&f=j}c%@iH=FwW`AZhD}=ED^a1H`aShC
zwmi0jE-%t@_~;@AZB?dW>g=O=XIP>3;5N9nAk%D!W0<2my>Q+)x2rP8mw(r=FF|nF
zX#V^>6b5~gUhqYQqTX=frLyn<Z<{+#NT%K*=rUMn7nm}?2jXClN{>$i9a!b5ld;k=
zc6(S}Z+&gALi?-$2sCH*W#47*q_4Hm_4p>v{b4jCyMBWW_Ys}p;_qc{;2CnYXt=hU
z?T$+;-;29tNTDrv<geE3xm5PurrU_}NF1tn->9UT(jfKif{bL9uVO0DoTGDJX%;z%
z1n}=tOYhjQRA9zU!%(QOUu4ALNY!hN1bw*<IlZ6neLM5Kk$NRx%G^4KrWWi|zJzfy
zW}L4rljLI`TOU>UH12jJz&{>i;?6T&7z{Z=-f1%}brB@od4H$s)}AbSu+eTi$5_Ux
z*jjvlKn$YwyW=k1SjT)kV7#ze_xwEPlO~EV;m2oEoT_*^{^yb0^QYBpRu?qIM0r3*
zv~V`+3_~>6h8MVdK3l%nA3fY^fp_uu$_H`H_iIg^u*9yL&y=(q?vqCYi0<=C$#|4#
znW@g`b-5@G=HZiSREIx$1gNm}(UojCUJV}i_A$p^<HY@88SDn`{9FmhH^?Npa<tJn
z+1RnwJgn4Ls_c;I@bDc9sMM}GUqhr#f$Y1TC)uJ;*@}MHJr7W-aa=+)*^+IA;!-Er
z`jml*Ltxw!%y;abfusp;uDg>%4M)cfO(8J$9MzMYGlc0HnWmyr8nB02RW{X?=IiA7
z8A4*!T*IXMu1?*L)9m*F*Mj{oLKfT-^#T0Jwv#8h;B`fC_{-4h`zB6S5l=5S^oV}O
z)=zz|yV*!jof0)-*54ewd9&fOE-g!L@T)qx7KYn`RbkJ-56mTI>?D&Co|snh!6rHO
z-yGI)RL+!i94-)B;kV8Ot0Q7^E&OK)HGeWvq6dGEbRa#|OVlWHerU2GVZL|OVH1l#
z%kd>;PJ4_^5w=5*(6*FoY2L8B!#uo2>;E*8yP8L?a;96aH%O;um?N`6P_Qar-C6vl
zr5SfZ^g}Ka1tFA3=2ld0#7|~^i?j6HhujY$*K%6ZiCv(#%AZR4Zt4WB-+_PTo<ikJ
zL_Pdn>3IO}6BXSapFMibma+=lna{^AqN$Wuni~p)Vy%l`2y(H&9r>bjGW5-Rp}*NO
zW8yj12P&;?VJ8TjLxFRBKOL_<TF;`9nTI^?=4<tP&U4|3ikJFGB2gRo{^;#)zfm`6
zh+%7pb{?De%YhqhGbk@SPlCanuIpEf#@bzgzRzg2oy$0RovW{F`qV4K(Caj$hl=``
zry)liDL-liXcJ=hh49<vHB{}kOX!|##vRY3MTe!ufOlq5#_QIu%k{8GjCEH`;JRyh
z$qC`;)3J7PRit?j`PO2ujxXqqb}^aPp9xW!33(Le2fmbfwx6|h+_@*-V>?uIB&KbQ
z31;O0swOtt^B{n5R~rkgL-xtw2NZTz8GI=P9n+lEj~aIANfZx=5Aw(9GbL`D3~7i9
zKM6u;oRPX(Kfmxqd!Zyd0&68)EQX(=X`j@o8TNWy0piEfW_!<RvP0qM>B+q*ovFj`
z#<?z^PRh6Yz{-n=+n!M-0cIREiK8wqlhFd+hdA2=XB;e+Gnazrx*8LL`48g=jiskF
zCT*ePQ2}Efc+q3i?tKB71`3{lWgHWd&F`$jGd=~#OeC96H5``yFc#HGu8UzZG=qfk
z1of1FY&{1w>yt1HqO=U-2?n450h2ysOq~nSZ2DYVQ-6@_AF};bdn8L?%4mefON+xB
zip*W%e~tG5i{-VBV8jD`g*HerCx_*#u>6egKEoH1(<3Gk)4h-WrUZVY8FOu7Z<r?_
zl2HWQ^hoh+wJt;tBAx!^rX4;Q$Vw29|7SxMP0pWRIx>yB1@AZ=tTzm)D{3Zx&#TFH
z1*=*jEv-|*mc8V9%7JF;_KKMBGx4?fO?xv59F1g7U-0Wvd)zKRy@n(D^fcn6VfDFC
z_y#KUxpAS3ZaVmV7oD@4aKz=7AiaYa^A_ZO3ZmK6yNBoZ%brH5=Cg+Ji#yi_e!=So
zv5(~z>D=THZ_|xxP_b4tuI-PXs0VLKt>4YxJbNA9VA|dSEZMJEEt7hF-<c-q@c2!&
z(=$7JdNgMlE>3K@)c^KCqhipBn1r2orZi5NwXC3T)}Ku{OxITfBE2EQ4*FcAkhK;p
z0ael>)xDi~Hv4#96Nyr2a66RhB_>U^{F||Ha}-w5_1X@Z6XT}=*4s}LtcuIo%rV@(
zpwIgkyrKJhU<K21CeU}nVvO#v*$O~K&o>seU5>!pla!`EexVBiTjznW_3=<BjtJN^
zXrs-ULO&Q$P97?Oszeb6WkQJDf3B-6oUDOTZQ$f_v$cwqntcgKiCc;M=lFB%-*Z@Y
zGV&DHBzAz|2a;}Y5+!*)rOcpNA=2WtT0oyG=GCi?2E8aSE3f$!+ZKE*_N^SRPre(N
zr!d2wX*Rv<T__^-l4<7w(TBDT7eh9oQJvj%EXYJ9#DA-ihy0~$(o6vXe)R(?JY~ZM
zb4|k|PA-PrFl%#h3vy>_lS}LkobB)^6L{Gt4GRKa%SEpZ?S&ItiyhxsAVgRZx_Yr#
zYAr9>7_{h05fQ3!CCn_r*Rt``-VF;a;fI2p?V~8sDlz4XIF{D?GVTi>)xeGD!34JM
zb465tNAe4w*`N(u9*a${Xx;^SJM>G!K(iZNzG^_948rhG*Hz=<rOWHxD=r4qvo}`T
z=#Xqg+S806BsJzRT9<U@uZU9)1g6N&UTGz0hRn|NJfp>Vk45a1;)x4gxm7lKvrysA
z`UQ}Ybf0&aQ9Ndo$>!5mkQUB2)>Zvri3lxDvGdhm=EK`cp#>QK8;tpC`?v<8`$AK-
z@|Kn(!MwoF^c|BAVLRjT%w#KepHW20_oU2)D+*!Rcj7Nrwhulo+E1|JuDy2l4^aTH
z#QIxWP*q@_+%LL%_tR}3SC$ApxnVXGs^_>-Az6qJt;s=Q1&z=I^AgL;uLZFr@R<*l
zD<8{}Xx>Ee1F<9Ow5!Ij0jHjAS(zg~8$2c{TUf8Ry9i3vyO;C5*0yRIq<k$JGMe`5
zB<b&UNvB{ljFAD#D$K<FyS~l&vG|vr@;fH(S22;A!e_sF!7kir4!E3G`9E$s?^YP-
zp~iJVYMy0W^iRL_xOlOURS6QvX-SUq;Z1Hf_9b{rvSt#4lI_>O?t59f@8HemhM4;7
z^5JcKBNV=i=Igkl|3ck}EroxNN|7!)UPpGGk-_LV%d@beg?C_|ZgmIJ#XA>miok$t
z%rm1IXkAXrwM_Dv5H#7t1joeK*5*wqBFGYa^YFTtLT?lsoj@tyw``G2XZ7{1a=M$4
zF>)Lq4Q$b^9t~KiES&`rb>f!AHXokQy2B1=S^#nxahykN#DiY%G6;6ASvQ6qNSFzl
zh~!YdyhPpPLlpFtyc9Oay!}&FgZFk_c$Lw)(gwV%#hNcHYnwRUdEKmPaD@pA@$6aM
z0#6Vo<^e;ib$8oxfSwJK4mME{3v-SmCYOp$9>lIDk_#)a243&A4~ra3H7f=Zw{tJf
z8xho8MCpr@*3d#O#a79Te$C5$@p(8`?vdCw1Rso9PJ^xcCH;8roPue~_T-cM*)Wr|
z$s2CPrLQKKNxxm{{m9Z#CcsHFP(&`}#j@Mp2^%~B*0cYKQ?0`Xdu9I|T2J~l+)A8D
z2KGBcl$W+ce;r3kNWe#bJt~9qtZze|(WWd%leq?$@PZF_V`f~M15W}<EW0mrcqRwD
z<>=xI^7Aw%VrarYXEm{DD|7M*49*K4%=r2}6H@I9KkX>7yv*3(L8rXQ<Zr{ph`QRy
z`{srOLc$Ohsmjo%aYUkQ_yZC=TqiZ~G~s{D%Dh#qI{mk5Pdg1uzd*5hKD@M*Nt|F9
zWvXMFkYC7^ak@s0LG*Pc6inZ<P_78#!%Ll2Gw~ub^_KZBh~M!GP&sv_gu9n$_BaQR
zlBy^^t$ns4k6H1udAM)4>-@$WA!BN$<OTb3H%~gI`Q#WY>VLOJ?gKk%;k_fxplSs7
zdpi7ce|`Fce^6k`_+%EvUV$<MXI4an!DV(vJv;g!i?u%fM6IDQ`WmC+8YgGo2vjCQ
z=Hw@Qr4KKPQ6}Jl6XwQfT;?bM^ysT}4SOl$izlTzOghTMP|i=o>+2;P_dXH`qRwcy
zw5VM#vUYx5t*mP@Hfg_K{fTnkf~`R2z@5sb7uo<&AU6&b<R*2p&@xuaMHb*5<0z*8
zHI`}k+?W}Cm1g`Bi>2*&4#_@yJLz2hE$l$RJI&dJ4w*e=Ft|^@e^^r^_>k=LlZOKy
z(|s9Q4cXw_w}fU&r89j+Xr3_*YM?A;NmuWN@X4>UD=cJYb|%dt*X|2P8!dm!c75E;
z_C<I$H;o;|p!k6S4Y-~f;4d4*nwH#eOcRtHBVDBt{HFK4Fs%ITN`LrH0)L_>NxKTR
zN$>phHJ$8Rfrd-<bfk%Pvl$Yc5jjuw!oWUrCl^zqh|u8S7Zh-Gva&|d;qd!s0dRP7
zKp7H#SRkPV8dYow+9hx=xvi*8L{j&f2w>5U3(joUI)6;Twf)pZG6Y?T$GN{|ZpngO
zeM`ut+scfC)*7edR?W}!`XUmLald`_5fQ=y+7ZpZpIF)5C9wxY+1)Lq-TQi<2U2Gy
zWk%b-T*sZgr^k7ztICADdeq0lnr~51Eny~k^$->g6nY0d!%JhLH82^@yR@<4=MqEF
zUWt#2G(ta;XM25!IFPdH*`-67r<m2GO=(FAh7o2;?r0#qLjJ-j=1OF9YJ|Aim7t_0
zHM0@YbY2E-7*23rd~3@)G9@a@uv#g!-L_@P;xXpu-%$!{=r|ckOChIB2QF8u_%sqC
z(^Uj<xHu3nuZWV#^IOG&4v#+jW5a1b<Qzn$(tkNx$ODKIt_XaiXnBTQy~BJg-b}g&
zdP*P>1p4^M#U4&%K^x$5PooH<i`bSLQN-=i?)}GecDu*y)W5t)3zlYvR25FmiTR?;
zu8GMf^Wy?#z~1LR&#h1G(N&!vTXV`qD?^^&EVzN$)oDsOJLZzkK8jX8DAx>k_BpM)
zZA^c}Yv5EtqDP~|II27^(>W&g=YQi##^ghqprM}FK_l<m%CZ<eR#gw-Z@}UxZfn#G
ziZJcfl^)~}mh(Q+>re2O>W%T>C=N%>O6ASZ-)Ksb9?>E=+!yjul-En!YG%u;QOBll
zY%afmVcusC{qvv}P>rqlN7I5(P;@ul)u8DqoWh_?wp_m`Wny20vD=9;HOyD&sLCs<
z89P}+hOAn2V}CW{YT#Rm>~<_t=txj0nWm@oLU}KCTVf0!t3u+uU_ZIONqs;{?F09!
z(`aCUV?~L%?wq#LqxP##lpm@p5BGIA=+OdHb<)MAsI$@m@zm*E%0$-TtKtc75$Juw
zt^7x0;1vEoY)l7OXc$U(FMkRQ3t$Cs?3p{>g13E|=oD4TvReYPH@dsNt&Uzq5i+)r
ztkOlu!Haqgc+Jlli>tK-aSgq0>M;R%Wv<>ksi};;;_W1&ir)co%q5>f`^1WtQ$>^Y
zveoMYEx&!dPWA^;YPmNHmv=qQbSyoZU1$KFJ|7n2X{w<1Pno-|=~eELS~DS%-c!=z
zFHAFf#afw;`FV@U?mpPp(2EaMo%HSTsgxPLr+y8%@n0#ve#-`Y?CHXF&r0FUj@09?
z$Bi#lO0*?koaik1&C`M#@8G~DAy5Smu&yjV5>=Y_RBfE{`Ikuq?<Zd=$q@PROgZd%
zto7TrvPhv2c}SAm`^G+^h+5HgZ6xqCZJb7^66wn*aVIhOPoy5pi`=nTBqD{9d_H(v
zgxD#ZOsS@%Q_|0iC*gI{hiK)iQ~r;IZ5E?BKLswnyS2~z$Dz7}VwgrNjbweB=7~aX
z^HwpVK;9PJ`ms-0`^VjZ_D6C`oua<Vf=f+in6ZN%S$a>}Sz}dE$u0h7tCKjP2e!tH
z!fS@#AnO_HqeEq^5_RJ9=`k49q3ca6g%9lL)xYA4O-G%S2CfHEMIS#+UHQZ<QgsDQ
zu;Ug;uZu|@NSuw+#GQ=O6*Z!aKSuxfMa7KK)pdwvdtCxPgy_46^i9IneIK;rA2TIF
z<i&e-RB^*8T0Td0BsM%69Cr^dr3KP6I&;})ZV6J@_inZ1e_tVQK<$(0&bL_Dw>47r
z_41!;&bZrx5Q<f<l;F^;SY@lh6_3XA^WcfCexwV$T$ND1*#=pL%V+FNiCu1Sm4<Kk
z0XOCDgI~OxPc#wj?tGO#y}RpLOKX;fW?5!oLAH0r`MJ*f$wgL!k~15bXC%L5DL`Ae
zRwu3R!(yKVJuo9AgJdn8;k_Qz%{t~Ar4QV~iRmfa-gC%cOPPXCV)hGjmXcXmy019o
zCCbinHDYr?$+$(qH%{+J)Y0wNVvb$C>U470I(=TH<cXa#wlbu0FMKN0{TF~9$m;qg
zQWNT>-|jJR`E}u{`BNz5OM5E1TsvsM6+5gC5~N6D(wVu^GM(*akoV;L=9aEW`_gjr
zE>Ze)t+XzU(w@CJqcOgU_AVXoD86eEh1Nnld0S>j=Opn{6-xujV(G&rrS&NzUU0Vf
z@mDB@-ekL(=Yzgs8LxHo+9ua%+q;SwH~n_9KDTAGny~RHuE97PTulC8FXFs|D;qLg
zN3=^UsdKPWF|@(e>65S~zAd%a!u}!@*5nx1!PiOFbk82)!A<k)lWP*yx+xY<V#{IY
zZIqa(R6rM$JJ0(Jy1V?CDeg8~f2I6o*^T;(j}bux9E15Tz!9nDf?}KdWyYa06?$&S
z;=g)cu^|OcsbYD#tuJqn|DvrR$ZWgJh}VT3I;ea@(ZP64=c0Jpw);DiFX(Rwp$}E#
zJ!TEMDDR#Bz}-owCx2o?+yQcbJa`+t2?@x*b+xL5hw8z}JJxGdE;p3!IHo8L<N&}=
zD&Zqda)4U?ATQkKifaY-ijB8P9t?`Ad>lUY(BE4Jb8r8Yr-s%pMGrOGZJ^LPA_aV>
zWs+wcs?~DtLNGrThQ8eyS```kyj1gO##Ystc2=xthAX```|Y0Nhm(WbE*DkdrXX|g
zu#GlVY6|a@2A(K&Vc7k_l2~g9WYsi<;<i0Ywl_1y{QIOh=VqTDL^;YN$G?Ii_H{Z4
zS8m;)E3y4Kb4c&dCsc%vXi>_4@;M=IQQl>3$W1W*7(O7H`{PHz+H_(v0e{fpBSFE%
zVouNSW#*yCKD}J1b(URT&29-36rbNw<-S|Il$^2yZCqr?tL|8F{o?+1L&0^+gEyoS
z?7TuggSi`w1)HAock^P$szMg#4^(@gwPx?vI#Bgevb&zIEn$U->*cgG8w}IPV-G-;
z;<wTv6T|3yNl!vf&ps|!>#=Tjy&gYYuO?z?u8N1Afn&4i2e$OEA5^2%G5qdL!_k7R
zZm~{o&Vl7zo8Heysx;1%cwyf&#dnp;u(EacZ=03q_=6s-k}vgqVMR`3>ShXIg5w?u
z*Dsh8+Tjr!X$WrZcK*}7JLO-H2F)ntiguh!E#iJc)lRkMyFD&>8C<XCEvn7?r$u8D
z!7``DH&*nJB6Q5wmWu}5R?;uRB+T(lw#7S>i46p41DmAMC0iYVF+ql^6)lx9JgDM7
z8YFMLw1tpIS{2CVZtAj=2UYY3xo9S%!j&RbpZK<}l3fM8r{rV$S|a^#DI{*xINdgi
zY)3nh@4&;cG|L94a0UvA-Adjs$1oNV8K7DFk(<9s{<2oBms%PMQEIdF;aZ%Lt$@6L
zU5A@dJ<hK#0zfSj9su?@Amo)pD<uB49*12OkUJ_iYkcGygA$Ji__X$hww!-qD>;_t
z%m)!B%NIyW`2rS7!J!pW%XZ5T@I=W}Q+Ah&UNC-gCdbW>#3^PZg>XQeTT{=Z+z!9G
zJIyo_%UKlYA{5xV37M$?exGKwrx!x3QxB)q^Ch2WV+hkF-O@Yo`+9gwaZ0`mtv2EJ
zl?McG)FDdwJFN(93Ta@|3(fhR%7_a8tl$78GuhGmu!f5LR7)Qk-r-AvGNyMqQPK$p
z6zKpW*WqQp;q4@Mg;@@jC(qMD&fWP+YM6sIGWwEfTf8@$I5e}5a%7-*Ect~#uwI_6
zlh{su88o2i3|W%GD(8-uU_D=JAxMP(JGe4ae#MX#gujGLDa266Y;$Ha^5*<@i*(HN
zuOHfO-rZEmM#>oR=>f>7U=tt(jnjgn?U0^S<M)Nh3^*yJHcmengxH%ttdFj<j2jW)
zs_Og53>uw*>Cx`*nK;u$dj!x1*QM*PIHv8L8RkcNU+NkK?j>ZdR=>I}My_OlwZZ`u
z;y^aEu39RoO7O;EvXw5d!aY9;$H<kcK!{!j@~tiWaH<9OG&7tGV$_j+_{|F^Z+SZl
z`=&D-3I3OLVRcY0G&vGy(hecfXQi3-Ers|hKN`%i0-ZDc1#DmA8%;6q9vIagBx1uC
zJl+_6T+QE_{mYI{NI|LC&$Y1zXI?b|2S-pRyzDPdTpe5?{FijhE~&B`X*e_!{%T$i
z<cRGz7wlTNw2n{;znLAW@X|7`n@}=4D4!}I>}cRvQ7Sx5#d>3PLo2*L*@}7wucEgK
z5{dI~AfQO{>NJLsQqiq?)8jI!1_y&e+-*NF;P3|?;PfR7r(T~h+dZH6^xxf;PM+jE
zfBs%z<A%Qc&ilwa+%#FpxAY-Rni28`<bs|%-~NzWH&Hhhx~<NoCXl~oMNFcB=&+aW
z(*~zn8*amn&V7*M%oSyh)Ih_<(}^7T?@Lov5qvyq8gAm(a3AFa_lYfnS730cIDMGD
zCs<7_jlF&L5{;M`{b#6)VY0O`)pVx)&NB5y#AWlvlOeW_yA`VAUs@H}*d%Xq(*@7d
zc_su{KH6l>Kll1uzN7O-!vmb@;^rNEF$J9I<K~^dyI`+E;dBanlm|p<OyBVZ%8K;`
zv5v?_>PgE8r>lA~bsYGh3n<s=`;u9t2R965V@w=_Wy0=7<XvA&J?-d8A11S%$<a7Z
zcR;ZZd{B`_c5SC6*ou5i$<^48OS?Mq{QL8ubklXxeaVYuThhZBxg<PD4NjeRTUAx?
zgbvSmaUJAHI#9_A@DXWb<yhzfEOcQ$$g2H3e0;8Y{R@lh)m1d{pAiouSGHmy7$qQF
zbp6lHMwL`J`YGo?m%kg;g<?HUjtW3z<GEL0m$amsV%pe;AtKIuK*+8P#n}-3A_p^Y
zX#TkYC*yqT(h(uPGLp`9`kv*e4s&!^@22BxtuoSZjN9Ve9!d=3@44Hrt^hu5rHlN-
z1JEva4DG!o<JONj8}jlq<6@N+cJu4Me<o=|Zea<Cx?8GQ_jmp!TL(wP>f4;L<<a@e
zQskP(oV^7xN*u*jd;-vQ>vl%$0Cp2aP0hIu?(t5Y3j?Pjg!ppcV!=VlB=l&(xN7EB
zmi6*+H`=6JZ01nNPP2Zp?(d}Wq}a`)xXjynx=%R~4M48D$B?gh(Q68G{wV2rImw#}
zn{xx7KkBzJ$u2<5Hk^?J&T+fwXy^GWxqiHig``}-yxkZgx;{qf|42IaQ~`UY;Xf<Q
z<2~PHnjV4^k2U`v0JA_$zYS4y=c56-j@<_TXzrZcpOFGA(N7707?@@}cMb(W6w|=p
zKL8@Xi}}mBbJd5W&6Ez{(QKBqnICZZ0!Tlz;A?o4>Vl%<3TyFm2aqd)tl3WO?&|71
zJjVPffoQ{Drde0ChfZ%$ZTKr9>k7F8Cu^Sp!uq668PsH@v1O&P)n!WG)|#0z25L3S
zcQKOVOqZ}`p9MfHoMWunrvVV1CC2NnF9XKwu2liD?ozeg#ehwmOSQT<TB{Xqy8hZg
zVyLqW#^X;Ym5e`MM8{A*)hYPpKZ~KIy%@>!C(+|R?Bg4a^|&_xVzCAM%h!R(t^Mm5
zDy4e>dAr@H$3<Xs-c5Bd>DHl-()somv@dEf*1_6HbnvW-)}a&C!Sne))1kgABNZMe
zI$RzA(J{_ghs$tWOplI>AVl{?4u<qaH!$S>Uw>V^^iW7Y(~ri>NCs?{ce+NN-)R?l
zey8(8AbF0Gdc_Ao#2N+bji2F(3xJq>DfxYzg$2gX@U+v#sJ5S+JcLK0a}nZBbqVi>
zzn$HM-d7>d#@}^PS%&@lN-yyDU`W64^*Rvwxujpnx`q09s&T)NOZWf$pLBIi?h#{s
z`4jOoT&!6ew1-a1*3mJ?7Fin{$Nd7`W65O5xMPjcFSHtqOc?{UV^RJ!j8u4t=={Mt
z5QF)~W6}HTKy=>D819X)T4&rZe6lWDb5(ELuW84ol2mY3tKTOKriSMlLHqKwLV&C$
zHpO=lM9-tO&y1{~&y&8ijywnT_4lbRX(IK<?Yi-w{wDdU|8{k~G_m!b+BH;bZU`f3
z?G5SBa&I>L%+J-DJvHkg;y3=rXutJc2ciQp;pg+Q-@a=Pa@Fmm|NeRINUu?wY|BqI
zQy9syo%m_wIuHZ5s(wm|@>A|Q5T)A~!)I=9h~cN}sGqcRxkkFbuk};zMc|x9{dDk&
zt}d4TeR@$>m%%-4;#>9kvpuP<%h!>1ERCf8*{a)%nM~(r&vkW8-eue$F5W@(cDx8t
z<L8dGbPrSf|LYI6Yb&h1UE4?g1QHh@+W)u~MBZ-PM;=)VqH~b(*!k;PW9|R9mOO*5
z?~`!5HM(#7E#{1IuX^9w*!PXGKCzy~-n=&Uee88>V?T@i`P$g`#y?#f``ItwS`dS*
z?JvKx6#lOHtzBJK8fSBF>FSE7e=ofy5`Tkkj=e5uiNCK>UC*oqaWL@V^~p<Dk{B$%
z>sr~PiNOXukE44)*-vzJJ$NEI4#VrAFH*zbyY2f0?yF$V;7+BlY4_mOSnc~ciPgdb
z;Iz?L<x`+jPa3P9ui-D|dRa}2<DpZ^l)h1Y`(jhZK%+U|;`St#XVF-mWy05XADB#I
z*_O-6&i0HH^paTakNt3IbS$gSXkWD!L@~=amWRcN<*c=>`+I#H_xM?HPEZs(_Cr0}
z#rFoi_YR+=x-KDY0lh+=w{LkS%&2`hZ*-&1SMVrVeWuDDd0t9CH|t9CE}rB@nOE?r
zt`F1qODov^Dj&{Mjoc`Y=K1(<<gq&4sP1xd{o7XZ{S|dAE&2+?U^2+iPVu*+-+?z`
z%W}Dq{|XYP-=0(K@D+%T97e)+)O)kq`?BiuFsCl(k$96Ey<r7gTXig+;zs*v`Ah!d
zT4|~qoubz+#Mj2C11{qwtkcb84TZ12yM>?Jr_TI}uK$u0e=D0EK-SKs6TzTfx@%Ow
zDoG$0-A31LSCIMlC@a`L`;v?|jw>0dEk<owvu<;vQtIzPR<JEaxh>Be-usp2nZuE0
znZM2~J1%FU-eYr$-rF17q}Z3<70G*>Ht#^Q%nvrp!OM*EK8o`Wi{zcC&6{SH`R-=f
z6C>}(O^V%a6jNnx<nK@Xc-=Y0zVymS`8nG1dzxjww^`=;8J9mqR_setB6%~lc@xbt
z-`*@kjJ$W_ygMV$aHeYW?v0cA195VoFB5)NLYp7weG})M7qOeD%{$C2^Zzo-d|zX`
zdt}AF@0-Z`h|YcqVinC>^-Y`{_#sZ_V%Uv4qu7^*B6a@dOO4$#aWWr@lOcxP@i^~o
zkve~`%{$I4^ApT+Ak#SSn>g=J5xYCJd4G<R`QPGXKGV3)d(Ifgz~pQmHC#gW=QcHy
zYmEAz&VzZ>kWH>z)2!H+UKe5bKwFP~W|_azEC(+&X1M&UVqbbP!tjPR@5wlsZ;X>Y
zG4kGfHg^49%HmN&2U5SKxPCn&^?O2V<6^VSr<i5OCB`<6;rb;;@;<1|Yck7xyjc$R
zGS1rt+g%@FyHlHYYn;sQjFUaRjQunI9C^M<UB@0-L!LVhuW=VEek1Om*x2L6sVp89
zrx86SHY@gu_MAMw2O~*|x;cgB*<Yjad-Rv&+22#FjXa-V${2Wh4ehg!hWxSmey?c}
zQlEvnH34kcenq$Qw||L&{e#p#R~Os<tUujIeFkNC0@%K6&&kcH#J=`k*k9R?GqAsU
z4Sl}rm)Q0fA9N%2*^h3Ne`w12^B-N)+Ws=i?`e*0zi-fu)cgMD;tBtw7oR`>Mg#i~
zQT`w(G41D3_OYAY=zD7a%l7AQ|Gx(I3#fgEIkx?(tBCzskGauT)P8f~`P+ZOz<v(3
zUucbO-+IQ4)cebC#7DPN!+V5_+^C(I*3*3c^_*%@&vt4(?QQ5ZfYj0IccZyfr)x~-
zZ-1D9{a?SJ_A_GJADgrYsrTpd)i@2odD~Aju)l-a_w;HbPAPx&+io;SjngydZ~x2}
zt?hqE?Q>VfwqIT6MtL+&lH*A~AveN#_Y>b3*njp5+D~T3wqHv5XMNyC^=8^n)t|rp
zFAVJ8OYIkqif#Y+PB&8b$7`tl`M;mP{nrfakEixMV`AI4P}|<G+-N1WUvc96?LVTo
z-yS+$LG3&4F}7c-_EE)dB$~li<)gp7J3cq+yA!2bBi}6w&o$<b^aki}VrLFYjeNhT
zn5^ONs))U>-8qX#`$BFs?u=s3dym??BidehRcm`ZeYbb{RS|n7_Y->)+OYT1ARdXo
zy3v(q6noX%)LwS9y{gTv?Qx$_zRNXy_Y!*p+pxEPAdjRPH@cY4ceQEKi*B^PKaY~m
zDE6Y|v@U(4>tfm1x-Jl)@AvK#smqEYQkM>GX+4NX&hOmlcUiI5y-w|Qinf=z-oUpT
z>HDQGiP-CL2eDWGd2D;d>)mMbKpxe|ioNI+YOgx_dpLOk1K+B@@8{6)O(*sawqZ}4
z??(Ht;?Zi%CsKQJqWOx}8u)f6<?E*5yN%de(}unMgLstH=ti$&zA|FZwm+J$^vlS*
zVO#uHL-|ruBkyOQO6)Cf!(Nu#jXL+|(L&7kEaj7<?UjFFpyxO0`~Nk31;pN>w(NcC
zM*9cwXa?q6LhVh_wUy5e;`2w!cd^EQ`NZDLHtbEtYlMVFXbk3iirTByeQ#@(L45v?
z@^#Sg-AL?R--f-0<!&^20FN${qt~K1?ZIpw7566Vm0p<NP3x1ZYoAi<`UFo>{zMJ`
z^`t(1+TtI?qlTkylz{mkr}lo0=Fj}BwY@@_@+WBc^N78qw%SX%8@)7u5C0a-Qg>vH
z`Q7K5bs{p${7q&#uo?{4nDwU>d+B^y*KWGD_EGD)I^xN9qUxAPT`NbDx&~Lb(Qgmr
zk!_nB1)3DQWgfL>){RRa82BQQ*eeQkX|b0(g4o;GhP{0iZq#`okN(@F*h?Rv_P)}!
zHJ^dKt0>=@h`q|IiM{gG#`jUg``zfJt9Z1yNwG`s=C<qsJ@Pr-!*0jP<#(B7&wXZ@
z`_R}A?3vhm5tE1T$mU#x=3qZR7xDA$T0c)U%lvI-89p#Be_{ByP$GNqKdh$DkH$ss
z1!(s_UvK$-HOaGw<^lHa<RSaf8`V7DhyJ#m)ih5)iJj+dogJT==a4RsZjXNKKpvHE
zaiinCn7;ei=rUeaH8~jD?wdNh&!~I{+RoF~dd>TU8|C$<`~SK+6|3df{QWx3q<ISW
z{QW#rRsD9w&g0YN8Bg;#cK)3_#J8NvlcxBMu7837+i5n%7oN8-18J3R-W+ug%wXR9
z!D<k*!t>^oaNIYtb|0Stoo-uA=k9$Je`6A{7qxDjun5)Vkoof_Q*@n^X`Q(fu{j@O
z$Xq}5#q*!*FI?Svu0N30H?TM4SCT+B+>`3O2$j>d?kl=F|Fnw6^0C-;o~856A({t{
zww(vBX}b#Nzoxy`fU{{8UDN&&oAY?aB4o)XoVS_4w)C6Go@kHNnm+JIoXr0eCl@{i
zhI^vhPAc}yk#wH7LO0fxw4Ue59XQ#OOvj(CT_W%QP9o#MC97KBi#(OXqlUaiDE_o!
zulg4qcOHwjmG|iX<Lt}ho2s(M&r4`2t+dvrdEKM|Mk%18WvL*-O93q^;`b6EEF%FI
ziW|e=hM+!{wqcd!u@!_A25llJO9B>ATilAHj^dz#%oxzYLPtlXl)i57_qp%f*Sw@J
z1%H1P^6ql(+0VWAoZH^+(7E6Ud;jL+knK6$8RzP9!1$g^V1P)Z<VECsy}~CQ0LdnT
z|8jPO&iC(ng|8mW;9C;m6FzSYU**3Td`EQfnGn9y0b}@52a3d!wTK+454UfT=WN;;
zTbBVMiR-jT)z6QcBJ^gIK1=$Gr22Q%=~FM$CyVttO5^lzu@7N=jP}vo(n6AXg>ZD~
zFB11@9P@V5<@e~kA1@^8zGg43_bpcn_lpaOx)<4t>;0!I?bBZ*g-r+--vL}TMR>lM
zb2G}?RaZFv%mWLFy6@ME>#cBC)@Sqpk(6JBbpD;ycIgPWy`Nb~+-%)vuW*juI~S4y
z2G@xzg{!|va?T^JKIN{A?nieoByKj(dl5Qyae(RJ@^GE1jZ+O*$m6*pDfj~6di4t7
z>hj(~636&!Q-tk)AP{;3+6b=05WWtgwg0_+d)jtwX~-`<9MI|H=`phSNQ^8@Y44W~
ztq;X*+J2Tsi+XdKubS!nxEmIc85~#&EKFZT#OT!%3}V<mY=3D>NLMZR7q9B71Af$1
zVRt>Gh2-MRBH4IR;mZ>R`I0%#S3MnV+&MGv)89S2oSj=1h}=8umOCuK_U>|81DAAr
zcNC5qCT}xK7m`;2EcIrKPqndA|G15PJYsIOzK*F|ZnpqC<G8OiP#10QlEHCw*+Q}y
zz%tJdl5H~hJGzUU^9;Ka(N83AUsCud{UEs}!R2#k*d8^NwO=D-z=)T<14NR;qrNx`
zU~%|C0w-KPSM@!XGnOlowU@$ekdgd%87PwS?l{k<25{+NI+rJs>ie*56@aBcVeb*H
zi?H{j!uhkA7i156*R#At$Dh^6pNW3syOPHTisYYtaZlryI)$e^a_YW6&LcngLp<{2
zMTOU7FGKUUZeBz*+0*W5o=bv?rvdzQ{lx&5iwQ!-ng|^++Rtj<r=pI~>!mv(T>lJX
zZH339`<ev+mXrHI3XTq^vk`x2elX>cDFBvF_k#o-^wa3A`IVIB_X1en-4BwjpnX66
zTw0t!X>ZrPr9jse$JS+gtu;{p66e+ENawwo@l!N??cRdCs_BCp;L2>)xfKgZ9E%^b
zss2a+`Dy^mvi%^5BXBK-c?7!oKCM@H+V92vAXVmLA8pRa`%8M=T%NnA?JkxPuNC+~
zqP!CAtrdadD@mw`cHi_?KS)$wqTLU@*$+}Mf!c%c8b{P$EnD2`$nk^JvrggZ|GU?*
z`aDmd%vC+itMWQ#KS=rYtUk}<`0eyV`0bAUAT6y|_**F-4#B$85X@++2UI-}>lLlv
zkG1F2{k&5xf!(sg_uUVYi}i8+JJhE<5Bn_9^?@H+0*7UV??&etjD0Fkh5EP$W1soD
zKAv+efxpWNpG@areQe)_`V<VsKC^UvY|Sl!)3U;MqVwE}eZ&)?J~_j%&vad%N>gj#
zS6SgN?E}fh`UJlT^@$U(&;5EFbZHGJvcjL=2U0K(`v_l$`qbF5Pk|l>SGNWd8x{Uv
zbRO2n^G_YFN8npWx9M?UZ4F%8sPJFVc?L21e5J$nD4gde{XDkTzzvNG|NcI;&M(sE
zOC7H7#6I2i>*>=PxUEs)572oAGWz@@)TeMX_Oa;axurF5SEIsv={&5D?Q<P{?!i8t
z^?io72BtMC{1!UT07jorb@aIx`!w#;!FFeB;4h5||1zD2^$C8W!}b4RpPzMof)iQ;
zD;pJlA)Ti`qt8(tuE$}YpstVjKx^QYMumTx&cph6KGxy-e(dv=9=4*^z^+ED(bee^
z{_Vm33heI#?C*T`x0L;Ti~S9<zpd<VRs;SW!u~qh-)GogiT&NzpzwF?0}1-E^&Qdi
z>|%tqTn8)F5y4Tdf$V05AG!}D;U<RvN*yj=L>?@S=;vC~8mMnl_?swhZe;xNu8yaQ
zaK7ac{cI1m2KqKDyahz!XhOJOVt)@dDSXC0kZd<F_z&yGE64Gk)8qPBOJD@6K~^&g
z^;p?3)MJ)?AT>5AeC$4u#6AqZ3LQS)#_=9v<58U}KH3`ihK*M^0>|q<6vu;oAbt5W
ztN)gd-|V;HH+e5eSN+23zuEEIv?2KI_q`z9$-Y$!_-(;p{8qacq|@wM&2R?)t@!Q7
zy&z@%kLhprttt<{{cA5s6WF($VN8Dy!f#*i1!)cYR&YCh<Jh-<>;>t%U)lPGvh@wb
zZ`FH2dXar|-^SKA0KZl31*w94D<8tv*B`$f+6&T4zp?cVX6wtvZ~OOx)a7@iZDTY3
z<u&}?%I3cX+m`PIsR#S!&SUf6jNi)kf|SF)l@DU`_rq_cdqKLb1;@VhJL^A?^}h+*
ztlkUKF0KCn*8fKQwsbE@``NeZ{tW&b@Y|xjARW^9E0@uyFMgZ97o=4heb~3EKKSkF
zy&!$h`sLih=+hg&J-HX8|Fm>)Pn6v+7}wEVO?D^Xt`6F0=lJ#x+GywNw|3A*I}`8M
zK^yHH`}&UHVQ0_RcF;yUFSc~lhMn;ybkIgSmo;_JMmtNDJ35DA=bOKF&_+9x{HcRB
z+F9VgJ7}Yw-yLtnw-TbAxqa4X9Mft0qDclZoVG_B7bWi0_AE6Wz4o{EcR#fKg58bn
z&z|+M+RjF-Wf)$&kkxkV39H{*$@W$DMAUXn7G(OpU2Vsnu-gAfcx}g7d$rn*nCqnF
zHZ6E_5$Q23dTqzg3P1{W=dnKHG^;9)3-&D{(}#)VqaUKzcC7L*A`6F!1Z>!M#8m8C
z@k4lR$I*L3wH;6ISw!-OvD%LBo4#zG72|E35$kQ3+Syw_A<kPjwu`rAUc9$uk!kfs
zGv`xds4PKVy9et>2#3J$=^@B3?_qak-v+<udO=>cht-*X2Wvb2xQD%Q{4V(25w#Et
zf8o4yPhxGygGp&>KH;<7uqI-S3FK#cfczE*Us#hy%GI%goNgCn`5o|!W{k^Q_JAZ*
z!a#g?Cq<3-Y-W55rkTRg3uNni#`$QmdqMK_5#*^FyobT>xk->GGkC@K!0*Ww<Oytj
z!Ae}u9=3kh5rg%7$9d=cWb&%($kwf+C&(#D_-2OHF38Uu0l%xoiuFJCfYi`SkZm7m
zdCsACCFs1L>;WnLedBz)<9pQe?27E(FuQOVIC|e>z0atQhN76gTCHU*Zq#C60P&c9
zFYTh4_fh%zb^!#eoxtLc7b=cFh5IPwOT+W#?5uv&=1()6xBV1eBVW#B^^71*&6_(1
zY0hmXm_3klm+Eutv|9QzTY1cR|2#a$)4}ND`2zFiP9%oscverx98Wn@kbARyx!x=n
zI$h0+%g)v6<*PMl8o)39hPZ!X4@kjuj@8Q#<<wGt>+wAx9lr$vTi*o9wv6+4VX=J%
z!=FWs;Z0tOTVAJYQb9ac-eWQD+m8~-g?O;&@#~2dWXJ>ms6CjweBl!B3_gfC!+JjD
z1|gqL*@L=e7Y7!p5b5B4KBBJMA*93P_cEN{{oDAhf|(Z(zrl|&FVU*z{blDizscU-
zI|}~s0RCqp@LQ<jcR+(4w@Vmq>DU&#AlLm5{K2z`)3iMxL9&L^l(zgric@|MNKg0X
z!sW3SuJcw7EC+fBVedG4V+ECu&h-PojT0+ozX=jd;neq7%PAgX#EQq?Wb*hB*5RsV
z>rr9(nRf~^IRD&VIB#TrXwaPIi`j$qyQ%z9{&|FJPb*J<@Sl7WX|?t|?+i|CPph(A
zT*Gf~BCS?Oj8o2PKzSx(4Jeolj!Q`(XUD+ovMJzLqSb%;iFei{f!t*Z)_+>MDZ{Dd
zdY(@Lc{CSZ1FC8gIF6aXLgC!|CP?BgtWDsU!1!cMIG>#7K`vu80O!4#;k>Qcm{+=-
zL0)nFfU;<1vPki--edR=^2+)|kn4FN><)l?I;^%vsY?(hpQh~Gbe&v|<2ZliKaqz@
z=vp|9hb&=oS^OqQ7yELCdsnO9G=9fo8RZ)$pL+SFxQnE>>w54%!04Uw9q$a@-Jagl
zu0wi1&FI~W1B?G|hVw%awYSO`zF*C7zWuQ=zL$KB_@=z>dQ*pUQ+BT9O?JnAFXDVq
zl=?&GGmUfHHT<qU0shLPh~It`zYW?uA?acGz3EMm)+HL(d>9-Bzx|`&*UJ1eO-E80
z)5~GiSa3XN0?R+yTaoU45x8Tun=-d#I5$_dw=Zq@`xNm9zVLb}AHKnC`>y{#+o9p^
zt1rPHd=GIKd;=ucuV831zJCLx<FUqd7|y>Djyo5CgW~K46V|^!^9JHD#{`zR`5B@5
zD9NGvD90u6d)`Jk-hBfkvC_CU$~$j>)c-WTZ*=P&#<fvCdIKbFFS#R{^|)6g)o-Ca
z3x0-v<%p~B@989=!ggBOKy6+yNsw<9Akf7GmU=VqYm=#XL9XXP4t52<`wgsvtG=sK
z$vZ1^xiG)x^i{}D+Ze7M1h8Dtja42m$QKeoF0g=q^=_2Wns<1oXAtLajPeFj@G$RO
z_6A4?d)U2-DXvzy6C6!ut4~{R&?Lyy-vFuddGx`f?R!7}21vnJL7u>PN_-yt(e}`1
z(YEFc)&89^TYZo321$6nAx}NW%!k#@<`ngv4GIs}tT^bu>2LMsOrOO7f6y8HgLSx@
ze1Lb_`h??-i$&bs$8dK8v>(US8T`H8VDE_gd8g2uQ{Sr4<84|jdw*&_@4WpDkou`_
zlkmPStWJji`Vqa=J%oL{>en6E%R7h1z-(I_IEHtD+4e5r(7#ti=e}f4^||BNzV060
zslhN|5APgiFg_hmNWt+ISiqsZ>HN(bd{{li@)Wjjwwrfe!^S+gn|E#iur!%@ALTnw
zvE6$nU{&kUeZL!VC>{j=0Wzw0n2pX2)ubyJ363Sdr$((wcj}G|XQBx#nlDY^f0YA^
z{_Q4Qx7Ak-Y+tsVcb;QB%a`-c#uSj#GEmOrULO_q_SEV9NQ3X@WH={(8Ls!Jud*!`
zW*;!E534_+>B8QB3)zyOU-#x)Y<BK~-CF%<eDiH!63FL!<$I0l3K`iFYO^EjQp`+b
zwa6mvkEvU3yBaH2Nal5V^}<)+x2;2cwsbd0)RzeU$Jj2pcZ0O<7vnRhwY!b&(u&>2
zc8TgXs`E2d`;WZ!?B;OZ(&!c}<(=~w-6oXs&c?|m@BLS?cxZcgJhb3777sm~;k@l*
z<9H}%Bg)Opjl7f6u{Y-~)$o7O+{H&}(DuIAI_9(M?OJShZqjb{9<0u;MbeSlwvOnS
z8ikJSY@w-}>Zf%?$Ne9JKUmECf2!+F7~4mFH%RxNF|J3`BMJ?(I-p_G<oqzd-rf})
z53%|%Glyri)rwg%EW@ec=3ElU6hHcUIhw5ym+?;64U(e;-vV*}H6qR$&*(cY!`UPn
z`*OYA%olkS<17ldm<Y++cQIe&aqyo{66A3J{;v%E5#v}ZtmX@=^VcRvE5RRp9`XOy
zE|4mB8{_}rE|5|`2**FQ+Y1;Cs&?V~G<rHLV01XdzFp2=2=ng%95v=NUxWGvN}SKT
z3*T`a%!SKw8Gr-Zr29OqjnNx9n|4L7FSKS?^m<0ic15qBw3v?BQ;?(C^7*?!s>>GS
zXmymH+7-PX(i0uP`v@I3%A8YoMX%}PRPmGQYngYKw{GlcZ~cS<Z^P6(y^S;O@HWpH
z<yGFty++M8T|A4tT)r@3@8(nXzTvP8=XVh{M)j-yih8Q|9A2$=G??ls-5qL;-@Sif
z`!;{q#VuAyKKnYpq2>7u<CgjeUay(naonQChvyR_zO#BqqnV71W;!ZEFAtxC-!&cO
zq3(5%gnxv;38~4$h1Wr%`Y!N~a9m$V5ZdtF{JODTs(&5zlE7*i4UNlat66m_HlwX(
zRdZ}e4{eFbaO&>`>F2CsI><GHcYgmmzWd*7=6y{mARqsh(Xcd}hRwCqj)7dZf$jg?
zlHqK6tvxN>4<Rj&KEyk}kHtMWp9$Y?^_f8RCkAoh^{fOC$<wd1z1>pq5B!evw(Sp0
zLz;`P>uBB$l4rio_Re>Q_6N>S&i5Ma4|GKHFxn<Uaz>=BGIh%}v{hErmEm=Gv8JBJ
z8~yiyU;IC||Mxmbu03G5&+z!`APwAWET7Lt;fdL=8`~<X7n>sL>Ye^Zaa6E6R_VHX
zJ(0Rq)2ro`c&}&raFJ|nX7#TWlh<%xG6iI<pZ<Nl^Hqz8d$>r}0jp_s1^u<YecoS0
z%7=@j_z(1@{T}^b5h)lhlIPTWS)qOU?LLr#y+F2&Py)#SmS{N8+ZJ~<;=m+`g!;i#
zniYPK4<zvu@TY1usiN$4t9J<*t||O?4HrqxM~le$o?LHV49;)39v<&_>DN?!6yeAb
zM3M+#xzc`df5(0W0^Zf4YgiD2Z{};TQ@k3%T{E23nEjO9@9HJUg)!P&mUw0`#)tAs
zzlp<?z?IObD}d!cUXX+;@Lx&$^a!5%<nu*Dg{?2wJ1mxe4ID#a@Ey^1K0+++C!84}
z5~^#@Hz~Y!m#&T0ow1E+q)2FNOxp!nySRw)x^!7g&Lu%b57w5(({xVS=c^`#-+wZ6
z7kaKwmjk#oM)s_Xk%dF}W@A`>N-shFhpg~xkA(U@>eJn$em+JPUyP9<O5Yxh2<zqi
zrJCz-ozq8&q`XPt*Y?P7o9|xze1~FW@!c5N_LlK{KQ}7;+W1i4;rhP&Vr20^j2t{@
z-1kO0?}5-dZ`SwyYm6*D6C-<~^v#c`YqZOY`|oN^gd~vv%z<TYk|0k!2>z!MqUT{5
z>C<a{crUieY*BgIl?cgSc-eVSKP8Z&mz$T2<)+Ulk<{206VeGR&m;-*`2FCYlMudV
zt*;|#1V@t>bJ&{9DJWZ}?A$llI$eX5fc%o#o62NEg{LRTQQ^rKN%hZ*$W06$>zjy|
zFdKOpynN%0z>6t6cd3`1Q{Jltv^QEWha2Di#iV8o%5Fj@q|*uCAE(oP19%=`bP^nY
z0G=@-iF<u9`N<5HIZ1-N|5flmogjqKC+zId0G3s4v`R%<B|`ED4HoIjX?4ynlIkDv
zF8R46L4My1mg?o{EZ-rb#>1x2eex!ze<6*%f11jN>RXIQzvKDx=zFhi`Y#LhLXS}*
z+1{w|HEuTdJK=NJtZzTJ%Z76oB!}kiPH^tYS1@<YIkYi7@<p;ptw|Ts4ZXcO-LNJ`
z7T3qfo=wKO;c;2va~3hUugwq75n0n7ZZQwxb|-}3o^}tyed86teP)bEs^45p?r&81
z!k5^*G2!!;uWCQ9=XRX8x^rmWvI3kp=?dn}c@1f`eT+!*8Wr9>kIlU|BBya>`?-Y|
zS$?}YG<VfVocq_;@V-V=It7tVXY3+Lze0P{<6e;zytSBI)kyVrXpdl6Io>n04N(GD
zde)u5X>a$UPj@351Co`1^3#?35^)^r!a+;^xGt2++uMjc%P|fKW`yKDB~s>7K#tTu
zOGk;Mu<v5>u}NDO?m=F9jlE;u>+-nKe4|Tk?;0b1&$2OW{jMCpbrEA6XJf!$5x<wi
zt$Ozf&<9J2*gI2WiXq6i3-1s~Juk>^S>aRokPmTFx$b@I*JEUOGe#EXqpVMERQUa^
zA-&MET<2G9kC8pE#>nD)W4-VWmCqzWzG#l~<-CA2KW9$$MSHW{i0;-%y2obc9(|4N
zZ;wXbfUeWX&fG<9o@X%`V`9F^+&^yf>R)R=zxOrv?&G+Q=kIg3NUC34Ol~xRC1(=T
z6{jQg`mFZ4Lfs!XvHa&V)=>S8o~SQ=eAQT2wb_(jjNYR}(p6UYpI!yYGaLMWL~m%Z
zM@xgk|B*W}z8;H7&M1-8H!J)f(G6<s`M*UZCtoB#HETKxea&Ph4<4m8aM5h>QCW{V
zZcnTQtdC#%+_;#yM~URi=F6`oERLprN?>vH*e@Cm#)zbF*J3s14BKNJ29E!6V7XG6
zreiHRyNJ}-SzT)YOU<2(kCG$o-BbhL<R<1Hd=cWI?#akQ<2v9W_hzJj{uq(G4`3-6
z$>x+J>Wlq33h!$6{nOCA)4Jlk13Q?va4z$O?iNW?iXcDGpz!;D59yvxujzD8X^iaI
z8Y5RuZm)Y99~|jz&KBg`nlwH_{r=Lc$VU`LxG{=;R?J?F2VRcQ%d=R2VQ}=m8ts-x
z;TdhO<<aqrN!)0W+|aD>awf>FJ29{FO888Zmz@8x{fT^$jN`!a^G=W|$6tO7J&&t#
zK>}1zK2HX)oZ1PJct8BHdvI(F%JUSSA33nlH65jEa)AFz$I<gT<)w3xXB2+|M>YqR
z>VAwLe~!rayeFI=H9oLSKz@vSE5whd8&Xw%T)oqnA62{QVEY#ZB9Su%xoL8~x8hP1
z9irnKb-!fCVp1?hB>tx8?Zb4&g2g1~ZrmGCeWbhpxQ}%At07yZt=-iPl3RAN{aO+p
zqea@Q^93R)n6j8G0I;ZfHWOqgrQw}X_#w)EQO=EsH>z`Y16b~)d^sx07!i1@-hq87
z?zRG0Zl!%kM(-QOhYQ$!%)3Prl3lbR;!c#^%KH@6hD4K1{W_LTT})~UL^7gD;c1`L
zogfKzV^|{lx~C#6wEyD(mi?cH^w_bTIz6^9M)nlP$gbhWKGX&o`N1k+jBHScCu)rR
z@lK5&Fh+J+A^G{8?7Sv7#0y%iPS^G5NRh-{gSIO(4gz;l{cmCNb~Hl&4>5>IZ&X<R
zzg3t2kFs{)ZzyYF``uTueX)@!W9t52y{5PE94DF4j(&$+N<SXyXP_5Vx>**J!jYK6
zK-<3dH;{xujBZi-xGe|=?WgV8>Ty~I;5e5Avbz7j6C|pesEsl@<HUC9z8S0?g?kVe
zey$j5XZ8J=wWD^aKNo(E7;2Z|8^_ww{}1Ha-Y!w|ektC{SnluWop`Q9e>;;PR4lI#
z?WacDbDvp)d#gw87D+D_OLXKXx@ERUKSCtx{pM9xCtc_4E0}Ba!#LOW(IUBu&DBx+
zbGg{wMB^88ijUH3LVYL>j`V+*ENA<~_lRUn2kmA)%ErA*BqQpL<Lb7(=UcJu^gF0L
z#rg8;6<(7ctA5Xm2U#BrP@Yrc{t~ORCIRG}5iEzjaS@4Qv3xWfpW|@Og(F1LXpZw`
z)T1rw$gWeE;+q$dxDmMD*N}jEM9<6i^NM2(JI^c>QBJ$h#d}aSJ3x9(X8CI`;Wztp
z`0ex#kbaXD{;M4zd9v6&uM26R9N8I|%XrJ*@UFJ%gTB-nxV1^)KiUCOCF@i9Tc}Ur
zOziU~T_4Yq*1%m&3SY4Uq#)~K`!&?Z{RH;mb$x<=YYjZsr0~0R^N7EM`jpSYKJmIf
zw%x6P`ArJHO*c>Qzo9-gv$0Rh4&8cwZ4Insd7}3>V*cpUEYEfW`&+?&KiR18Zi=f+
zmLGjyx9(Lq_F3K7RQ_#iTLTMOj^am63jf>=kX%~-8r^z4*#B!?fARCyK&KXke{2Ux
zHrB^=R@Y}c_Bk3cr|V>Ez`}ADd$GAkH8cL0#rUHTdBC*;q$isdo=~{bS$^yfp*iCG
zIL96~hvtVsf)d!K<u^W#V=j0Y$Gm$7NZT*4{Km)dTiHYSZR8Hjt5p3r_O0qc{C4{e
zkVa|wjgR8D)6?<WpdBEMW#0;B;x~?c>$d}>$!xs`wEl&xzYE)3zXPQAwf-|$fA%eV
z2S}f3`J<08{7l7fX*)nVuH}zD%;e_*{FY4Rr$yn-l;5sq^f{rU&xeS+X*&7@e{T)k
z(2B4owKDuoXZV|p<2G#vX>{wA?F;Jno9Xy57q9UAO1D=``(3KLvVPiL?SGrDti67Z
zmCp08I(6+G!=~FGrG37L0$XO3JrYe0j?_iB0s5F&-4|(&-c}#S(zd@xX&V`1(6(n;
z+sHNQ{Uq8h(4z456W;OGjpe*8^Gx2BMX;Ls_^H9ptEmsL#0io+UXbI`@h->daaLzg
zee;r2{WTlQYgF6x7UUqS!6$Zt0kr>ICrG*5L2`A%nto!wU5>n`MdfH+J{NXwQ)f=`
zMc#qBZin_JT)ww%tle8b;r;ST^VF{^8ULC$S<t=+MdZx=A}KnKZ*pEx6n<KM5iyMy
zi5b9BHnNE1j~59{!hRz*V86Mnz20wH(5yI4t2vL{m(8;{Z{rM;w_&Q;TR)+bw{C2V
zw`E?ew`CExy54N^T{3g(-L<$l#D$87p)kPmL+90TP4<fHRG7WM1P(CU<uA9hJgTAK
zhY@zwpWm__B)GjH&ohkT&f@Fi1WEh0c?d`pw#u=f=9kboVikw?geKl;b?Wc6WM2of
zMKd_EuZ7t`4jdQE>AviAm|d2Ra|>zU-@6^}s1}a0I)f$%X!7uuQzR8n6p?ZhSZLdz
z75uNVws9k^PLT_>O`9l^il>UmE3B=U3jWQkZF#=c=_1G*`upOQ7I3^|O0Tu0f<s%|
z1C&4RYsky)g!i{0(=NwQTs#EoJ$=Zw%iMO1H|THB(=NA^u`{}dFwb)QcDCpK5cuQr
z!t*T4&vV{`Crw`JUstevQR-t?^uYU0QbU^4t>s!i2!6=LIAiv9ki>^zp#FWbO7`~M
zU$%qv)Pv!^vsN=_-gb}<?!xzBYd#qz2X%L_xChz$m2v6L;}3<u8>r#KHiWJ9LGaVI
z_OofunpoybJPiJznO9|u;wJd8@x8xE+d*o3e{`S~-@|;k?HzDZY3i2SWjlM@eFpd^
z0QjFx0=fJI!cFnlhr>HxeK?RGeGpcUo;axCXe=a8n%KJ`Zmtl9<D;hR+=7X{8}xe%
z)rpYon3$u!D@buW{vq(&dLeEzwu5AQ7}&dlp&V99)Aa2iSsyaKBl)N8#_tMt+fH?Z
z)#o0}-tCIGcWK>@wV$7xB$5-Wi^y+GcIMn@b#`X=?cheM^Q!G2QU2^+tDxLa{C}S2
zjO)y7tBvA6t*sWA#|C~4&nJ3QJg3)Ay9FF?Ckk>?F8B|{3t{iVviqj13(Ur~z5ZJU
z(onUwSB6hCXXkp#FbBcb5B!q>{F9T~?g6TK2n7$qYJTF-27NBUlFs-Zq=xtUo51hN
zM7$p^1F5o~hWCsxyuV!r(t(@8@5H*y;qNzl%-{&S4{Qd9+ay#_onz~SI!A~B2h}&z
zV!;uYAjomoQoE4m(_(z}K1K}ck%mbknfpo+S)rZ{X83lMh10jJ8Q+6`wJd_J>hD$`
z#g8_B_htp>yRQ9wHm2jAn=BG}dl8w<fkkcGy?xtCz_zze7Rg{w5qX5ww^VJ*+aX@4
z?j6nxmAx4+aOt%Rx`N|iq99M`3jVj^1=-;3TlHS65f408hIg7zn|a@#^Kj2iFXNs#
za9lK}`Rd}r^^Yw^rA6EQLstwq4#Z&1H~oIkMYGix?Vj;HWzp{$k17M{A{gtuVPz<P
zE%Wa1){PzIt)DQ`+c0&6w{b?kw|SP`tGv&t_l#-V{$=b=02}{wqoR&~BjvwFc3zc;
zzG+-H<l7oE$P2nNpWK7C@GVLoZxLx#_vm=vwG=*cn(wJgN<gcHM}41-lSQ)WwIX#7
zF-7P5eLG$x@|Ys>3#$P)XfWdXsf$YBS4EAz(9TT|$;A7L$d7<IJoL9)Cy3<4{}qw%
z)xK%IVh=l8`d$gy(n%s2ysn6R4Pc=*?LH5?i<Aj|YSZq~`edR_EAXJKyRy)xm3f#Q
zxVF7bt2xPeFP_I*2+qz{r<#|{Y#ZgP24>s*RcPB%?SdT00>7=vqT=(A2PE-Y&9?Dv
z`G9o&6&{eD$}+YqA9z6e`f0Qg)kj9jmHIp4S!mn%FVmbGY;FBjp08m#(hF#dge=T8
zN(YhH%-wPyVYsn%!(5}|?Ed%B>9G3NiGv%ob>(!1<Xb1^G^laW-_o4%%tpm?Aonq6
z=jKf86J~>Qk|24&#GHm2hJ$t8zz-J?2Xj3j3E30}eB0TKhu!CW&I8iGZpL@`7kNN3
z!p#dFylekcp0SO3+JiQzVS-5HX+`8d081wN@ua9V#BV&~o%BsbWS|)W-2g1NIz=+~
z;UZFRw)pY^EVR#at=gLasK-xiV>u(olz>*7G#0=zcN<8-1n_6--pZwO%`Gh=bRHvE
z@A5>?j~L;Jo^LSJ1JY!3xb3boq3s^%0V##a%b{(^`{LIqFH}ZP>?|S)IvIOwqDW4>
zR77HRzdc8N&Ur=Tf;rAd^_Z>2g7r@ZGvD8w?mI)}@tCqfz0>)v68Mzi_PGfn89c6t
z{H}y*zNmO`6p@V+M53p4RT4PnvHCK!O~w61<gJJ{Wr^VUD}zlQUqqad-@Ah2QRZ6|
z{*;RGeGuWaZ3AhGT4yCBe>1nSnwmc%{j7|BUABQFW+DCBXg3k()6>9Sr#QAL3V-~s
zg1lWlBS`ff-KKlT^hk_c`B97vnc$~-B~4NIi;04K@dw3UA1{QR1L*CA5uJ~018Fdb
z<PxQUxm)ftjQ4D3Q1@nPeEvWY8LKFKp#ybB>Jt&~^YGxOa8eseVXFK$yWeyQ@pX~%
z&$Va+-r5?HpY+K^L{#w?lHGL1Q!WNW41nd(R*)bS{26RdGksbSX^5bcCf6&r;rJBx
z9y<NsFi|9f7Zj0)bidIyY1DUFSVZ#J@AS7@CyAtDQ4z^yzsZY>$hQ;2=R4i3IDTxS
zJ;oL1x3b!+uY_b*tL+;HU~z8+$&(b4;S4=5l;9kRio)0bRgjOUw72^1+Q#%$S3$1%
zBt{N?9wWOFF%Cb|tnm8!!4sDjk&Tl?($cE%ad#rEtP!*->`G~6ZS!};Qg%N752RH+
z)e%=Ct;TE(`P=DBibyJ>)#0to#+8P6d=s1d->nKyeI|ah@`rt<ZrkwPc544=Y;$ZY
zt2?v_->Fdj{*^^!SDVhnm}B`?W|Ozzn<yDf=5E*uk{BDRqe{n+R}~RDj$hk9tHyON
zs6v_UyA>o}QTS`Of>e1PapM^p+Lx=YQ390S^R}X0cYUk`Mrr%!A2I##9*&i^6{K<O
zoBKojW`7sIC2s}kMMdGwTR{re;XJOvy8Y(g={#27w5{x(!3rg?o{g3BK8|(zZ5*rh
z6_7qwu*OyMEVH+9MkjB>)EIC5gjlb>=G8?r=Tl?FG`rkwD@eis@HeP$Iojn6#=DgR
z!0+m5m#tfIZ=-S``Z2S%vUe8;f&XF($b}KUOwJFScfdc;m$_7#s@8SN)73-D>k0BY
z4)*L%#F|JJyC6$+Y(LuZ5-Q_)T5W^$wi+_cX7Ckn1*v(UaUSsMtsuF2+2!-Es5Laz
zy$V-fyL|Q)md7*@{H}g>`OGVL?x(I1L~`3!wN|OR{>Zh&ead;$zrdPKd{$@;ybWYM
z{FXuBuY3dHpRg4qTO0goZSYeV#%~2_VjlSQxj@rcJsL`1SAt!hmSmUnD=liydM<^H
z2RS$Z{Ll2vuXwsweub;ET^^8wGOgAa^rt#2vEJ_B>>`*=$BXME49?+TKwl;gwnR|R
zb>IG15ovfpB$s$<AJCRnO-*wavKXkqPGg`<RVPq<2zKzxb2zX2Sa>e1-HyKD;00;U
zi6ba3Gkp5{bE-V;NmcXCy6jC=^UnHn?$SqD-r1ujkl%}i*+V&ZsXix80Fiw23d_?U
z4*qc$I4_OQvN=m_)d+B8B?<DBQQ%KW2(PiN-)l6&ZTwb{27*W$%qc!kA|${23aj&F
z2mcfR|NKO(b(B7FV8eMnJm=8M^3%MgY&Fl2!b5$}`|aSjZ9|%$q&zmq?ya=Lz(%vh
zr^TR}4@zl3*EJ~LI8LKHsfT+&I?`8zpN_BBpM`z%+v*j>bpprepHo7$zh)NRs;^gY
zzdg-)74usz=BKsgDXz1pwdE-W>}hRziuVg?PQCA7l&5Ihp6U#|g6GK>&AiWjGMqoU
z_rP{<{Uy!$?e%T^uIhWFXGX272iCB&fJj6uBu~`n{wMH{1MrVa3in$I9)#7_i38fv
zX9=T^KJRad3G@EKa;XzBKTuzvVu`7nnhPJN<p=%={NgI4>BCfy{E5nOTANSqVl`GC
zdIh9$*M<AjHVzzm8oD@eoK6ws;lS6Hap1Tba8G1L1g%fEDk%T2fTXqe061JD?D83N
zim%fvAh~)r<hg$6ym}L9tLM_TuTEvzD7SeG<;f^@y6<=;y3arS6_BFkJKy?B^gV-H
zUWuOX+~*Z-uODk7)=#*@+c0&Mw{gZuZ}Y4XZ8Z{I+Y$FYPo${)&+RKBJ*J4H_#e2J
z|33xm<Ll40Gjz4k)jIW4L{ifeDkkqQB6bce9knlHZ8!Ui$e<3|#<6za1&YWGoR)Wo
zwrSQD_73jfl>m)*Qgv}3oujFuh<rOmB=>M&iQfW}rw{nGdjR^jbneM-6_K<lBI!+G
znPUt~!xWL+_I43T@1RZEpG7k7a1pthwK1CS?RSdETT?^=ZR<f>b=ww}OZ15nh&Dcr
z`<jzLj*nRHcU48i`Dc+NbNK!9%^<;_@UCA+G^4aFXE?sCvWR>IU|E|Rx{JPSi!Sfv
zWQ;8SJ4UwkK%0H8RpA@W>AsXCK~Cuj{`82PA-!EPvJH#2V9rp3Io&6lGt~FV25muI
zRQa6}p!P4F!8`BwB2wrQ$wB~2!GE!4Zpw|}cWw*1h3-F5_{48ne#uj*q5P5n^7*ry
zLE8LF5qZvqHu-%PPiy+-+s(}PI)!j(IHR$U{{I>dDQpynO?5@;cnes&$2WsS|1V@9
z??vnLG=N1YM%c{npbU0zC?eZkBH8&l%HWT!cn|BH%^=bB!FzaTjM8@Vu_E#o^DkCK
z&@e+!!(%bB_;rlzv4UF9@7ETrE1RnE!UIe$zruBl1+Y{Hjq#mh4dI)PMST%C%<`{h
zhH%dLa9tUjF_sDE=kR&IJBIV#f_pQxE&06#@AlBXZ+}}vw6?U}bL=gS>i{ebJ%x%}
zP%g-S)cnYhFYwT2^v9^LK>Y;IdrE-XP$Rj}!!z$B!qb(~vlMA*OTxEcF4xb9=Rcyf
z>lytWh<7(f*X0K{N4G0`Hb<|u;idf&1bGM-Za15gv^#1UKF?-W`yfe>;jc)q_sdh*
zUQnjG7i9h%>)O(FPN`M`cWUw5Bo@Do!&vC;QjlI{-)bh}w=#m?{G}j$*Q)TZmVyL7
zBCk|_#)s~!oWVO6ofwb14k>{o+yfw&*q8+qa7^w#9CKSKNWB$>r~J2yj%#N3bN(J0
zH^&^#tCg=Rf$@sM)8EdOqTW^c_f;iuAB*wg95_$aJvdKMDM$;Iki6(=e=i&BYc^Kp
z4ka+`3gbbU#e=1#>N^?gS*<PGF0U_TI%o*^Z9VPsno{<r%24oMOaht4Q0Ge#Pr~is
z&xwqoYB_JpR~QdIeP62TTc)yjkopg)JuzPRDn8Ar#Z&&F;1@<RJ+v7l;r90N6pdd^
zn?bs5sBt{ibu&mqQt~Too$a#!UA`?|;_ps%f~kGHRLH@A?@K`nrhsg_3fkVmQFxFk
zo+ouLCg~4~WCM$vxO(21!{VmGi8O9XZ`1j%iQspi3HOPc5<p%s5&hyhX=%<mQ`+Q9
zwNt9Tx)WojnRli-r*?+fLpXP-{)`cQXTG+~369JpL4Nzs;Ll13Ka<qQMMik}xD@wR
z8q8U~%0x(>R|=9i9{kjYnGE3HoCLD_L0FwKaZs4Ad^8r4sjqxg7YC{J5$W0oA+0u+
zg4C2C$gWA6-<%cZH><pq0&@R};X1<BGs1W7iRYAE*xbGO{0g-$oCzEkd60*9f!Sqd
z#AW=j)KHyN9_yr*tM{PUy~3fX&ZVX79>dU7XCjMpKDo`fUk$7M1-GR-=d*r=LsFeJ
zJjejzvG+Hz`dhuh?>-+<BdRyT)X*i(nRb&=+{4$}`e5CZELJNgvlOJtz9?@r7M+p=
z^0^d2*4OhYV0GE_=fX2%@mzQ&i*aVMx~iEGG0x0Hq+4X%q}6EC=s2e@_&qsD$LmW$
z5^iW8`&=@E@48Zup1t7;VxJ@$%cO?IJ~^evu}_aukhJzR_OYq45AXYM6G$+uA+P@r
zoz>dw6UTy-lc3#ALU{}Jh5;EMk}k}5N-70uQfEkxZ0EWL1{9ivitO$%TZ{#V@RG20
z$|jIpSL0rg+CClIpEmQpGwkjYmFLQ&a64HE;HZul<fGRJ@^CJ$_9_k>sp|X|-~Tp&
zr2qCa2aet?_O+BhR&e0Z*RuH}QIMT;a~jkbHy-31h8M0;aeSukv07D~*K-p{*`45)
z%B!%y)~>2SalEf6ysejAzJcP3`NX!qb~%UrU)9z9?DC)JT6-X$QJww5CXmD)DEIAj
zc98R0YD`{LS7+&TwGH*uQ~%=I&LNL?2Y=AY<R9l`=a5-#`yX`94VyqZ)ZN%O*uDwn
zY}yeX@5YP~<clek7L*PdzH%G*)mr(shCHJ)tTmgk=Kh!WhVPSHF!R2*uZO@8HO9&E
zxi>}d-znt3g_}U4e(lMj#pJ|8BB66%%Ymhdy-iGi%ecK*{k;*ua&mYvNq-pIrRdsG
znSTEE&={9=ZyIQJgtlw!R7^Ha6G<ly&zsV8?+@zR(zt18Y%!^rCKCO+xeRc8#%l3I
z>o>o1F*y;@&z=U3_t-h5QJ=$c#bj<opE4^r_Ca`zxNjrdkN-dkbONwAHlhyGa9}j{
zkOUliAH&I^KE>q3gNUaiG*%cEiWQPJ>0*WRF|znejO^)+y#0Es!e=E3^5H(<w<JV=
zYtP8`#cjgemj<)NSJtZVO)M^@aLW&hB;#hJv75$sFR*xHa727}eRzB)e97Xw7+rjK
z2g-x80pAWBazinZ*;-2?V!Wvv@%%tMt^}GALhrj}va^fG-{^Q-a&f%g?0ek?km%S#
z5Aa888^%9z;J6*YGHFOL*~EBt8h|CkUQ8x3zWy_W^Yx_sVltO~v+KTXdRQc-BZ|pj
z1@Wo9WqE33F&WI->*wy?2^`&+uGDlyw~g#x)b~nY(w(7xg8(e=Xlu&?zxM5B0L!f#
zLGpaB4ASFAlZV5sosq66*%&>x5mh*{e9_{f=Qe_*?!kbu&-s^)(dz-u+=#wWwD@Qm
zh0DzQ#02K|+O@bR!*|A<?)&f)WrJEvEXw%*w=w$O++7<%3i5(%R9A7t#_0QfLp#9L
zKsu(GzwDmg$$`aWFypam)uyHU-q?WgLhx0kouB<YUrbI+7s)${!ml5e-*)~Pzfu3T
zc#JHbjgiHx@SNwS7Cis7f=KRe!L!=Pai?VAxO$$b`k&&Mrzm{QpHbGW5wczwA37sd
z@AqzJ_nFRG+RjMry^vm=Hh>gO{~cm$nuBp0>Cv_?fc*c!2ILJIdkC*70W*L_Sq~C)
z4!`H2jhE34$D7Jx#F{e*PuX|KGtKKkdZkt2f1zWXV)5;GU3_~I<J)@}9c-^Ffq$@k
zg2`HbLlDR0*k0^U>p?olV&B5=@mu$A@mp{`Na>2gA6pMn@Dk1^j0??Ia}m!lZ{C2h
zq-UcNcteYC|Ak{!9mlagTMyFvR}iya(w$-cydETR82UP{Y`c7JJ?_a00IWb$zr*ni
z^FQm^T>=5mFo$hmwHoZ;k393MKE`=ZeU0(z#gi5_UOnC|<O3aNcd^E;<J;m@iH`eu
z3ZDOM015K7c-0zqemQ;vNX_}ivNml4NKd8U`QG5sp?G!Uaf`D#31pW+%v#OCfZPoj
zvsQM6fd1WBE3>=lAReopRjlR-G|do6hMC2$A|E>Udm?o1NA<Aq1o(3<jFN4-y3|!q
zU~IEx2k$)fWSb6C?XJo%Us}}Ib;*|&wYKp9&Rwdv#|51QSvIHnvbnTc`xtPHP7>rU
zW57Q?Ar$L0uo}o==RO8H+`0knc%#|sb0tFZC+k5H?#A~ooB)1jSC9*)!RoAu{ljA+
z7Q@mw$uhBbLxJ}G#N*Vri1&Fak%ng}|0D^r?MX_<3}2lpt7&1e><{ZPmfioPv8|vy
zsfWG6obJ=$r{kxyH~92%?o1Zv+DzbRG^hI1n(8dhJ^7KvsjrQx=J&D~*Ylyp`Q>`_
zp-VrsIJ>eK_s|FJ`)IYT;RB2F1J>vH_bpBu+g`OE<)SeG<jQ{F&uI$hf$lf6y83H*
zXXT*qH^k)>N?((g%DimmRXTfa!B{tq#k#KbAbI+uoKiY%Ol%+Px~E5vb;D|VvNJxT
zSl6gNYz<H6KzgSP0Kc#oY5mxGkZc2CAf*qrk@{Mo)GwR49;6KejcNSUdXQvuzE^Kk
zMF2;(IkmP7z(HeDIzIh>B|Fojd_-g0#PuLm-q(;fUyW_EeB18^sjw|(MOoD3+14Kh
zsCOI>Se$VHmdJJ&%xOM#KiL8U+-7_e%GL!Og>5lyCW~oV%$$rgh;}D%*m?#_SYMV4
zbT#_n(fopbR2D%b|5=B3oYea5Iz3>yD*XOW+SMR;6ff)POXKDHBjRPs(+e&sj`+43
zqp7|L>o8u1uGn8|XRpWm=dtTSdQ(w&S1-H#z&eniFT&~SYnLajV|On4;C+$t>p&9v
zhVF~JN!Qgk%6*Z4a$c3szQFvH^sG>RN;-?3r3XW?^Zk9m-(*hn1-BqCR<8qz%8{op
z#?TEa?lZ&g^M1GvB<Xfz|MQD=D9_ysLUA<SYY)+{vUfwC5ieKKb(^z%aCdkNU1#Qf
zR2QDgg}`PGEICWjmTaDh^-s%};s4*BiF+{L%@hgc$D9?#gvN$V?Ei%?V>`;H%|F?_
z&vC343J-GiOw512ZDlc`--dH|x7)~;QU9uN9F8^b5mCL*pUTGRqN~5#*6$@ezbkhz
zxE~RTg#*jw+SlCA*7b-;;-a+I+U88awv!(bNlRO-jJE$LiJcEuVttr+HU{NYqxB`Q
z8Znn^NAXZTF*I)i2bMas)i+xL35H@_gLtF$Md?p@pb^6Ho->!>pim@~FX<fp?+(T3
z*R2C7ht&wnX^N3;N{sCKhZ3Ona;&8KWSBo~3i*Q7!$R>hrFCP1Ak%o<_PG+cf#Qxw
zdo%iT#czpg?;C{0_z|(p)$7nNsN+GcYw>{ulIPRVUBDEUd;eXbNZc>t+RmHPd{l?K
zcnG`?U~#wL`!*?~BI5pB-PsM5(P~ydrq~jyAM+8)F(-v;_o;cB&*NNl-a~ASnw^;{
zVf?S!pHGzlJ8wLu=e5qEbI4<nJQ%kiG`7s*_Fvbc9uaQD^WMw#yN}9o3FC#CBBAoW
zitR6{?}sEpvdUKhCD6!XkZ64M_6(7nGpG5gAI0$o)3I0Kzi)d~B%H!(-|!$8Jc@GP
zw7QtYFupHjzumUBnADjwd=2IlUsJ2XXR$RDN;p>LqqyGgZF>pmpCw3mK1II;zg7Y@
z>qG77x+uL1IA-%WkgMXsF%H0@wWDn|u^betGrLhf{#qHN;Zf5A1sg)+>h)<E)2DUj
zF22Vlkj|MczQYkQf6xSur_JDRqH9kQDztUdx%KgTQxa5Y^*b(@yZD^ycqzVk_1zhZ
zkLuN?1fhcRlZ&JNKkjqVxyP`%FE%Ry+MbS0+X)eG^H%{lX#0!ic%LAFbl#lmqy2hw
z;AgV;8<jhRql>T39Pb;XwzK%oQ~yDSOSC2NzME7U@IF^@ih7T6$DwQ5-i$h9&h)MM
z2=_9g?S)XBM>}KYC6Iy%#(No8OVRf-x=7J;p-fWr{D`Kt(f2^=)?V2j$W?1Gp711t
zU*og$=1d>uoiO~>D~>%%D7U>}G2^kBBH5+jy^E=9ajy*4hH4<|<*(*prn6^=WSgS!
zdVO87R;RBo#K^WwG3wh~)IKe5R`~Mc#=5UMQKz%b;1gG|`xOs_bRV}3b>ERSAcfnn
z3`6^s^GFCzikr#m`Z84hI&F?uWjT%EjmEb@3GHV`W4a#?jY;|Q4yJ3ayib~MFgwHF
zwgx0mXSAcybe+C0<s;g^H`~`J7|-@k#^S!lhBY8%w&MBxFKbXgi|duZEbab+1KTec
zgYB2C0co{%e_<Tk-?<0BEnWlClZwLEQ@@`F`KdJ^1v|0&CLdcv`#iDXbZg|Pt+o2Z
zg-T!*yDRYbHRzuN7bt;c+WqzW*#6FFoUd>VNbl<SGSa3kZ^5zNqGRc7y7;mZ$ZJI!
zbmWUf@&eUU-!NS5VDM?Md*&;FX_Q7|-}Sc4<Gd{+V0B!By`mgofDJ^_GSBX<8+$~p
zB|zhJF4%cBxL|d`U(hb}UIS7kK)}znZ(p^&nB+eu5}1zb{y{>$^~i_HhEy7N#S60j
z?Pk%0`;QOw0m<dUJ|os*pQ@e3WZ`2Xnebuw+s&Hp_|F>ky@;^+yZ^12On*!yL3RI&
z`?6sw=dGV$^45(tdt2sp^0t_{)p2P;MfSBY+s1(-I|gP?i@}(Dooo%ew@Yn0TrJ4H
zH6V%c2<I~gP`<0<?+DBFqc)KKKETR5rQ|jpsrp!Mmg_g#Zc%gnD&tXSQrdWPa9{1|
zuHkys76Xp3dQ~yt=mTKMxo8c&ZP-2Zw&BGX@K+8%{ZT^Y?rP(=4U5-+v^ELfHstyk
zzis&P8ju!@FChz`6-jUg(qu<5(xmPKe6O$z^BJfd8IAGc8tt8(k>0woBfRw!^1TgH
z?OtUB=DjW$TSD@m6-kW}UjP2Tt8sr5nv{S8z;b*|D0gep8eQ&Ie5_oV7%SW2F|PcZ
zqVVez1$q2M#lIn5Fv{0bV=*J!HEs>sAR2F+F{k)`>xDGY+dx+=weh@fJ(Zg%HqgEX
zB-aCoubwY3dreBn^k+r#D#KgY8^xCtM?g{dxW6GyQ&)uN7v*#c<$|fP^Uo~5=mtw$
zF4(jukmdtdgCtI3@-r9b?*4xz<g}vjx331tWdc7pzJx4eXX4g1=wD1%6rT3AwX*!2
zZ6V#4(~S8!Yge;;mUBuVsOh)fOuzNOId5JK5~XGHtV7<$8JxFas>xeF!R)OY+sWH9
zFUH$4f?KUD>i%W3+2m_5bG~}^7Gq%_i<9bua&v~7!&>%<)hW~1_hq3$)xZA?&nXWk
zfeilye_ko#tmc|K!s<yh%rJYq{}W|#T%*<5|9JQvAwB+Wso;3elv3+T1xHOr_&D}&
zag6;9R_C}A9gJaRV_3ma(<6M0vhQ(>luK6U{$TVmf)*Tu!c)^He2i&l*?p&rR_C0b
zqK{G82giWE;Hb%sSj%}F<Esl+=eXMFV?aL~L+A&NnjsNmG~gKhf44d>$kE4WlmFEq
z(Xqt-;Hb%u7^^FX^!e55ypYIUcC5$PSi%5s)Z7(5)`D(0)|_9g&i=N`kL6@z!Ax+}
zkO*84!m-x=*Xq2GclohKv9T)YSd${)x);aVf8OdGH~#Wt<+8EL?&Vbfef?;V*0Oz&
zzU<rS^NQnX4!$T`n2&d|X-xfPNIukD*)Oq1%Csu1OO!kSq~Mngc^5)^h^o#C#(`sP
z0t_r*b6lg%aZXX^A9N>3bJ({8_N{v@n}6kqw)qQBh0pIgh4T+dusFAwGHNR`kZ)?@
z>Hp(u1?~S`@c)(Rs5_UeV)cI-!}r$c_mm76pr5m#He$`S;MZ*Iff#CIt+fKnpXnXT
zY;G@b#0?bWnp5Cc>w~IrTYMad$FyAA4ZR@nzgV<upRWRGtqBI|aqa##d|vTeTx(ST
zaebgaNVXI0ab0NzM+y%E93T??cr_n}##7h+VR($B`X|)a0E_b_Q(Uc!14p$fzk>QK
z3#{8Rx-k0eScQ9*ZY4!+ce+(^bO(`CnM@UwmgRSVq}>bGayONp=r>Y-awv!-m?X5@
z3tF)%dfZmLDtdhR(khUGJ&ohb=T=3JFK4fc9z#C5Dthes;Hv27_ET1YRBoQ6+LkVt
zQk=ax+#_G$LOD|wbzj{wZ<M!g>_~6@gc06`srlZ<8Fp{;tdGjEK1Yi0?p4VD_T!35
zkE#t;r$)n^<KaAEJB~b&b0J0LZyWOqYktT7d%Cdy|Hi&|!8IIxnel&JIRDe{FPUKW
zX?|M<g?IFwAg$2iqhE213;ebWeV+wqv3|(4t3VoeRvAd?eUkA?8e0qZC9Y-K3f)@H
zhSt(V*K!v8ZSQjaHwE7*j0Z=(In(!N=Kpn~bDUGc<Rm9TK5ezEZqpW&lmF&|R9V|z
zPBeP{?`4ou2E%}-KqLdS^Z6R%wRXRRYd!NaNC#Nks$$)mE<~*90>U!zY>M+Gb84-4
z8#vnD<@*m?<88Rc|8QV&#|v`7+u(O63Np_LazA!1ShgrMM_fD?HV4FW>Kv&*;2f2=
zhvqnU8s~t!aSj)IE90e?K@!s0TlofeQ+zLjRISyo`VPmip9DwMLQv1X{(T2XwtvF_
zy_|Pe6kdft0R9b$;rZhS4;ahRs+Z9hzN$a+V|FLFg?`($5~RvH2pHwNEuy@8H&p0#
zbj^Day6rvi7pk>@thJ&EWnlCPTt}q|b#wJT)XnaF7@trbrty&91Oa8NNj)o|y35Me
z_-!o4l-XV2xA*seqcBmBEir-|1EJr|d%*G3HA2|Fx4%U()NA*>jCppS=7z8T@s%J2
ze};e&&PLGnkA;f*p4@7c&vm?!vok^#c7mVU#b7q#Am<qJwM+Z|m-zo+Hyr!@l}s-j
z3D*nsd;e@a)2w<aG+%Wfe7?#6+PRNbs^@uo#RK4oCU?m%gY;6Y>9;-y@NNBxEAft^
z?GVb$g889&$`6Il)06_T=MeboJL}@zqfDMy&g)V3|EkZyq2;^jX;R07+?)XI;Hq5-
zl9rd#ID%VU!wYiiG*EFp|Kk+(&cvJ}DbBi{Ab$hk5328cFnKpYU{x2e&^}$t1ockJ
z(hpLc!@2lc?iz4>Z;GpZG?&AgUR|xrGP&?vfUjd=bu>Ho;Yzf-RdcM)nrz(HP-&19
zL4zcu!D(}*?}_U{5~kzXr=A8P9TRP4K#Q$+uS7fQiLj$VVETm1ss#=lvN_Y&lp@G~
z0<d^if~0-3D~hT+3Ri+8`~~yGjC9LdO6L?oE=&;QnJH)=SLn`=Z>0a$zZ04y$b;D#
za$y3<u@HLi=jaM{ZafDZIVv0}we~6C$XTS%zsRa}se9&WzHaO;=kS#v!Q&Xq>(6B?
z0ngwyxUS;Bk;(czyb{mYwQsvkA(+RQz_Em#doM8|%mZ{VH)IOPr(8;H_sQUJFND<v
zok5;70#;K#+VG3we^Lp(m$H_vi}tg(Dh|;M7RozIZJeV#(Yoxf3f@PnUcu^?{E9VK
zD4%b5K_pq5O9-XY1a^0*aG$X~n|2!Q*-a}!>VH}pn5n&Q+7s)Bt2w-JVA0##@|tjd
z^VBeTb)mhz`WBFcbJ6W>%1V%^k5LFBv7~Oxn85C@Ex1P~?-6#?!|dqA*HQkSdKGP5
zFfC;3miSQKg~4d+j&XQzx!#=Wv#@g(xC5k#Er{oLSAgV+k8T6ctq9q`bK99N`3E?@
zS%|t|!FZib4usnu2!Q`3Q>rR2g=~x^J8=x^XE&Nte97!ycO!!@g~9p)^PSeO0I4#T
zQ}6#9*^a6eAQfnK{uKt_7vPw@2;sBeAA--lHyl23FSCzSPkOK~%1DYYfzAKS3Xoiv
zP)3aAFIxc;)t{RFJ-P|US@0$}HeDlB%;#Xwf`j>Tn69F>HWO>JsyS-=jQ#zkD=3eo
z)&|Ysh#W&60Ttz6gvRlFL3Iu9i|d4N@SBiFj;rwSwLu<af%*Vks=9BY+W!5__U}ji
zt;J;&ra4v!ycPqN26Lt_1w@hwB56(#WCg$y7bnOyd%>^X8R;s>DV!khVEU-f3Xq@~
zqVm)II)0kD3US5#8ysITe&R-k=v7l0E@Qz;YR8eEG<<hitLG<+%1;&pezI_=-%Tq(
zvNd2niIH61sN<)Z%NTs$gTul2scN9k?pKB2Q|m@mfnPDDw)t8$D^r|`DXtc@|F6LR
ziyZoJ-sK>jGxI+69zEAENa<zrYBA#BJKf~jB_hdTd3)~V*jH`OZ_Ci1aZY1roUO}2
zQcN)WQs-?M>Rx0&9WLJq!K&uTzXSf^=G0mjgU!7p#W~y@R~uyUuiK6PcX4QUUtG@a
zqEa|#=-|A^O}<$ol2%sBw4en0UF5fAG?=q|MmGGP%V|6WvuO;xxbv0_E!X&r+2Z@b
z%=^}lRP*l#o?V79bc!x^R#HITLfmA+Qjz@1p^p*QMUV?$L4Hi>8lFf0)mCcvGu1nC
zk#X_9<(PkS)6M8}X@2MD%Rmx-gn*Gu?pzL1q%4*P!sVIDi6@}>-aO)zORc?RPN%U4
z%3djxz0z>MTYVd3givw62?F1D3i;C`Hi3ior@nS-gs=VJMsPfRO?d4zI>yCK#(L$c
z<#<l;Yrk-Rd(|?KT>pZAQA|H$IrF=&kMO%zgx0RsA6>!hU<$Q^slI#rffQWPkQW3P
zsLD6{y`UdR;%5zcf(ZuP2_jj<Vk*3|m*)G?obLONIn#I6oZ@?91W2}Ll!4Qifu!ey
zQ-5+3zC<KXFy5PXHI98tKagxELvx-^!r%MSIZrj@37Ifp28iSb=4-Ujb)Sf?vvQU*
zoyA#d%c?`Vs;pZ`z6uV9>jL30>H?~(+Uia|!D26<x{CKD>U32SySs668A!ITQ9l{Q
zeKE_Keqyj_dWlQc>7{of^wK*>ljj~qn@};6>XKAdFDa(9+DeZ8O>fgni<X7-k`SSn
z=0EKw2bYV)#DRtO?MNTdwdnOxS$sI}#2pIpjvB)s0>A3daNu~!oL1{m|E4n?l<E8P
zGWH%Ng=v-!rsv&+Um=oz0a$21P4^hlGO(;;-SgE5kSY&^VtW0aoux_Psb4u|a|toB
z9b1=y)K;g>oaw8ewlYO`c6ejx>@f8>_=Dsc^&IKBWgv-P8=oCMy9}f`$5BW8-oyCZ
zPt?tu_o7G+?<gUg04&s}j!VM%Eu0{y-h%#jid~Q|d<p*Gy*R&<^8Z)iHO5`+-sXg5
zAUTd<EOo3$c+FgG-7ekymtGXfsof>ydA4U`uS->B@1C1L3Vsoi$*K$Z`yDrd<T>7u
zSD6h1N<bv7t?1K#wG?R`OafWB0q=}xc~W{EaA~ecwzx{jEV|wUc6nhU-ch?@nXc~O
zHL-Hg8Y_D~!}H{cvckuGfOUK=5%1j=d=CE8?9QqBCU_rq{&!D`diGXFd1(dWZQxS0
zPeyR@&x<5$dI=c~V9{{%%?lzKy0wHf^aPpm$1S>V8(tL2l=2eNm#*VTXdR79b?eB8
zm4n@4<;tVDj$37guYQNEBjSza!cW520oSwl6YmJEqk9Ri!`#6-o}DL>Eptl<uY>i{
z3nDqZ4cB2|_sb}K8q68KCbQK??QkK7K4qlMJ<jI3pxzV4_O992sQ0aUzMRZ*$FkJB
z=7Zi*He{*!5^277W00RU7!FcC^OmT04(dJ+;p+`OzIw#U!RupX*ZYXCmIj3{@H2cx
zy#E#VK{&oV-B^C)&=9`LUO;>uToN5$2j_|8@Czm6?<_X$z7%6q=ofmU%&6al=S9-|
zP>Gs9roMyJ6Y~`5??WFhAwM#?=(?1>;XVY%GaBog=S6aORtfP@+?)*IW`-U&ePZR{
zO|f$DFyiLp28Azto#7_pt?=^0;kdb&B*+ajMtD6udmpWT2uBN^LL5EW0giZ4B=g@Z
zAq&~waoJa>3r5@slI>7Kp6xmq@EVAu9|xAYvmyBN^zi4#%E3Xgva15&FQ@SDWbjA4
zOPf<+41Z+`ga1Yy{7)kM!#bj|D3UGJC4?{<moH&&H}~wA#+Rrpi6vwt>sQM9*(P_~
z@8Eoq99~*N2C;t2S-;9&m*=UhM@mSJ0Z&bNq=bxZRd@jL*u6_Ys^k!l+8vp>OYnZL
zk-hnG2}l%w2S+Ob{kZ&mk<4FMLI$@g`~@Cl8;B&2j-A8C=J7t?bOyiC*q^bnFYtow
zzgG#k8Wq0o_Ye;pSfb;BA+d6BSgZ`M<M{f#9*xF>8Wg@<Vtf(t#%7Msm@jNGtp0CS
zh%c)CjC}EyJ33!nS|F0cCrikuOjdhn^zC~YI*B5ga-@X3%lcVZKS=GkAI103g(YMU
z>leF(=>{RXZpfp37MGA6tdHzwduMlbJl8k#MKWc130c<~&P(+7Ez3*D;TDCj`Fm=}
z*SRj_>m1((elY>@cl#2MM31qrGjs_^bGD(cbI@k&>x^0wiU|#AK;c<gLLO@ky=j*g
ziSHLglC`#kOlLTFi{U`sPahQ>56`|Jk}XmRaj^T1-QPgHm3jk6w#^NB*#NW4K_s11
zw`I^6@bAsxxT5lZN-QC>Tf%>*^4+|&ggn-w@O7;rUT<>ics)N>4&D(fdp1Vr^_7<t
zzTgGM>k;o8S8s^I>%X?5e-oqgZ|*=^wUk8X^(i@Sl2;;<WQM~TZgy^w5stqw+EBg!
z_Y%^nRpAQ`>3C&eh*zFo3w~Q;vO51hH%K<gm{<0?K}uPRymCVnUOD6r=an$OW`Rhy
z94jHg7KQ(`Bzn7V7Kmi%Hznk2miv4o;}zRwWOD=6v5%IJqY<>Gzi)Z8g#1c*BZals
zovl%SYX0I9LgjQ1?K{rojl4fV^~IJWC8Vqc>vt!+S?<>|wkH=O$oy<U&RdS>jaCrX
zG-To%pZc>N?iR&SBrANKHNTDL9?<jLU9ocT-dI^&8lC4lT~he+nT+Qm-|=2z%yYqi
zBhS_Rc1=jX<|5CzI^emi@ow_$Qjt8xXz@u2<GHTUc`k3ENVfc|gv?-l-YG#HDcl{>
zkzwr@iR5r?37N#&?`7>P@5T1|wuc)^2)|e)_qHf}^^Oofr{0eI%-aR|*@fWu{DA!2
zS^^R*()bzUtRUlODr*-OAU{8sZOqTHjGx2yK$H@)VX;VVpzvl2auI`99Mc}&EwOHr
zS0s||tnKq9?EQnkDgk}F`CZ*)Ly<^$%71$NU+pH}6p196{yw$+xiID3QwvK7wM$$C
z-&1}*wYY@jHY<FCInzh|j+;x+?`UfC4KjU`8T>}E`$sCh(|l{EDFMCgOehk`mN+;0
zv034%&yhj#Y{K^i5ZAnK6kDs&p30sQkf^@CWKLK2-kyF$32cdXlV^)WVnm0(m9(eB
zr_Bmq7ax+N<s~{fBC&FCe5?#l8OzZf^$PDE%Va1fB7bX6dl?cwX7clmPJYr*epVGn
zm!DIM+~nX2k^HS0dAqTg)x)W8jVeDw`?|@qB_i3-tnlT_jdk|LC&4d%iabv7?D>na
z&K_9;(%M<b<L`Ad=J7Ed>EeYV$vRs?<}mm_DMnrF8XjH#rwn$JXWb%sgu-8}gMY9N
z{+ZwxKSKCZDNjCT48Mi)=3@x|%TeIJw#0bPdT3n<`DT$wMljen7qj{~!*p*~>t&Gb
z|L3vxFBfBNL|1-zd$ldwgTJ8}<$7^3NS=P}<$p??n^0Nl&e}a+jIyTgSKnpOp2<LJ
zb97%SkJ`u2OGpxf^I=948XI2DKF)uvgmBI6?c?FcN=QzV!q@c($<tfKI(eEDD+eEl
zl|9pq<*Dc*`e(M8SeLNy$TiMvh^rN*f<xPXRPR?+UDI~v7k9rP7d#NmJ56<HG1}7_
zGx!P~z`fJTr&67#c|k7C0!eh?yyy6~JkQX+Cojlbit$__HVThO#U1;wSu5OR!b*`G
zYEt;>o0wj>Ho~?}Zm$=D<){~O4u<ps*MNMzv?#h>XfAP+ODjaOwFzlhSA=@Ob5(S?
zYIeHG!KETu-K6j}k45q2oZzo~9p@ij43ce<v0M!+1}SAC%2ma+#yGpPIJ#aq+}}-j
zw@98~@PAOm-mDrK9saBtZgOy$NL&>DhmG~Z)8oKjxf9_}DhA1QzcKuY#UPDyApA?B
zz|R*O>xENxH{q9v<aP%8ItII#Z>$%Fvi<j4nox$9Fj@(BL}}0V#;<Eq_-l%cVVEMi
z$%Yjo$!bD557R?UC1k>4k)$?-`vRw!FOW#_H#v%3xCi`|n-PES6@lcr*BF2A7J;;O
z4B~Ha6#RW$6rKL_r@6`hBkteBqpGgPaeSRQxy&TwKFK8Ek_3DufqH|Gh!;2s7K4}4
zZUz|?$b@SGB6pB$&Ljd!XswZh)JtUoS~G+8Q)Nb)xB3!9Yw*$*QM9(T6SQ_PR*fWK
zPDpZo&pvCP%q1t_`#!(t`Thl&z0cljuf6u#YpuO5^Y)44KfQ{jZl3;L9+(9l`$2@|
zncX0Xck9FQ^lp$g+=Z}Y3<Jw^!{G6mHFad(&qeZ1@9_NcV2wy#Yu`&w^-?(~&8;`i
z!CI00{oB22?d?9svqRy?drh%^M&+w{K^ctl>Atu+a^wngFSwzOe7sjA&#7~pb?4r3
zdmZ_>P9#tDhVS=l<~m~8Ba+9jF#f28b;PnyBtKWjx9E<4+p0QZ`MF4HdKHUpcldkW
zj&z)3Yp-Hi{RsL;<#Nb>%NkQ{9Np6bkn92!-unnhnobjGXYQK8HI@KaZ`ln}&qee<
zJ2@pi?Cr@P9qtQ4b$?$p&gFkBRrTps?Z1zu+Lor4^{W0Qzoh@4)$0JT()Mo4q3mep
zC-UkeOqPxg6ziV<-T3bG1@kG!xF@swb3WTmZUw2;0EHt%;{DT^k9ZfK=I-G~y8VAH
zan(IK;N9AVd}7}tcz08{?Y-glo-NfP`MY;7nLzjIk)e0ZrD~D%{b4T|+lzKOO~0hy
zje2!2iSG@M4_nIS@=a8{af5N|sJ|?HBxv8JZAvXj&YQ5-mG&NW+mXGbTUIQAh_*|+
zM6%$ez2sXtoYod()scC7L~==1EFHBVi8rzO;yvcUIH|ImhOtR681PE6VxeuN3~pF3
z;QghnSU#x*$$lftBh(cfEB{9QvFr;5yvNvBH?Xl<9~kidHUi#J*$D5uvSK+w;k};a
zkN7SG-s^{%<ADM1mu!v<ZI1f~yzR1Ld6B|<omT%pI9Brv#Y_9gvHpX$oCgNHqax02
z-{?AWaF0lylNHOaYSo-Dxc;w0)_*6C*Harl9);uPUd7T-3zDyZ)yMxT<h%RuJAds^
zIDQvFLuXl^+zO;sdTusST#X0M)$Dnr9^Ff}MBx0jF}SXWWW}<$7Np#38GQc=!dF*`
z@U=$3C)x(QGcJe2ca-%JR|ny{rxv8vapCYq+K@(lu$RoHuvtLXWY{e`MY7<)Ua}>C
zFl)a(b6_u7A5bhs6rXu4&+|V+_H{GDD@DL-pF80748n`&u3Ce47v|l|qh~7zVGTP=
z%sz09tXMKBJ>{_d|9fy=<1cXD%^~yVS_ix<`oeLvn6<;>h@*tToH5vbzt(<G<40h=
zTmw?>sNr!)b-HK%wU-P8g7->Td#y-bySSHh2Na9H1|(;8aI7$TxQO~yM?kSq8UCi)
zpbT$3d}Uqawx6TC{aHY<{J91sdnP--AB619bBLqsLU3ficffm1|L}G^I_8d_*OC7T
zgyS(;+q-6cJQ}t3m#{qv!0f643CzRe@wUlzWO~11IYe=krjMfqOx8Rc0ngVpY~MWk
z@O;7A?Z<=g?5+VxNEsfUK6@Q`x?izuuK~%ItPjs9CNJ#@u=rMjdQ0Bj_zwJV4M-0$
zTYKHlu&v}SY+J|L2Jfz&A{q7MUa}yBj<N&DS6gc$&i}*#Z+u9<Qr7R)h<^4T4R|Mq
z^m~N$doiM)aNU4+Q%Jv4A^-m_<o_FFR{!p9Tub{5T+6f?kWPfWS6tJ};%{bQzot^`
zS6BnmKSKH)XZ@PXuwO+9_M1=x(m+VRotGJY?_~HDuwQNsNZDF_znKib)3Gh92Bd41
z;27)sSp3tEu^%@L`z6(Y^nezhd<Pr<c5E}&fV4;(e+C=>Hf-Z+Kw8JznoAk{w_;nb
z1Eh^VAeUwr&#6925D?^t==r!gQ0!OZ83j2f8rGfUz)JUPbvA7avlXavqB9nK9V<&v
z-fM~n>on%K@`jLVqu&xbZgHSk^)G8Tt2xlr`@9%^Vl;nBp%^@qU&dM&m5XP}_RzXw
z#jM_bM!Idv&EfU-Lw)Uhv0$Cfr+4HU!CJX8e2kK*IL1fjblcoph99Ff3CDnBux5tT
zrYQodL*TjISi|ZHOvQD#^I-M&mb4h7A;sUzwZKkc|0xGZzNzSkrruNkFx%SsY&WG<
zwT{44{g}ap^t|_?&E`Cx;WkiybW5OEFZPh)mcq5rfVHoGQUel&JukrG<o>OX?;eJ4
z&5!ulO{umVE^RR8rC<`;b=s$aRr5~?%}vnDXSgF_xuFImZxMJY&gL$G#wWhtdDaAA
zmSUjMABR4sn6ChJhI3<~QOtruDvQrLBDkh=X&syatcMK7j=K!3UOktwFO%vUA$bGE
zekClfgzHzV$u%H-sVElu?MeV^bE0|Q_X^daz^#Yls2Z$2p3e5QlSBLsI1qm&-!c6C
zBZ$AcNkROn_39>pN48*oQ`Ikjd}>(SkSQPkb`*nkutr%(O^+Tv+Z_qlXO19TpDc#P
zd=QC04dk;%@SZ-5de~jpq^fa1CykU&jU5w;Sq+AStbN(sV9srIj;XQGI0)Z322U(l
z%i_`RwImU&WlNxORxLE%#tCv{98qYlS3Nww;sD7T5yP6xfpsGn9;esN{M>%y04a*q
zX+PosscS&-hSLV-we-b7VfgQ(m=F6XcQ-%MEnZTl%wc&S?X1o~Ye4Zn#DSUOq~Ut7
z8k4g2y~g;XE1TIVqY&<NdNz|lhROP8aEAk=-XuZY+fnN%4B2jxM;}YyO_UC@-F@*O
z)8E9KFpm=b%^#1xm|`J#e<6b8<iHylqwMHWtgk4FMcacs16a$F1lg1ajfb?j(KO`e
zD@2f5Cqv<45u|U}U82=4p8SkRKDO19>nOiXfKJ&W$P-!4Sbr*hUq<PN2f1lRis~OW
zhUIpncmDooL~?v(y_$bb`|TJVb5%W|IHtHBrRB)C2=c2uc*g>m+ql4SHBKWb)t1W%
zvMUMioUiUr#@xlx&^e2%f66}|TqW#2y;TH>&avSckrXej*UitK<3JxsZO-B1t?Awk
zmkT}7F?=1WSO-W?rHAh~myUCT1El8x%vnqh)9{@3v`FUtxSl+#(>D2OksO~{PY&v|
z9eY|Nm+q}6k1<_;t%z?Aa9Z((_B;EuNG!AK$sPdn=8&A{?~BZCmLSNLi(_Q_@)+5E
z4dyB>8Bi?w51V!Kmgip+UfVhMZRVc^se^gT9VKYPJ6DZ+LgBdhv`7yAw4N-baNHGy
z<7g-xD`RB)Lou>558=3RK(Y8YFgPOehE?W;!vSxx{ONru!TjmBBOIO(IOaSfk}V7B
zNvRG_H&7U7)stI?Y5RCqJz2@>ahpX}Lq7uFY0rpc9;qi2f;IaGbq&q_L&q+@tDev?
z?TTWdJU)x%Vhra=tiDVv6skEK`E0k-F#Vj!W6a|32b8c}t$D2G%`$eD)x2TVtlr@J
z;c%+wWKliwU6Z2LcU>YRGrvxYn(L?a6}2utnE_zlPz{m~Sp5F?DXNWc<TW6P7AUk<
zgGA46SS^q?#X5Ze^XZ&r^NVKiP+ph5PLQXh<GC|~__%iVN=_=)*a56Prs0b69?FC0
z+CTkF@z8nVST48Mt6BYFGs+lg>je3j8P8r88&|C{(xzBT2NX+b$Qq1a;~Ksi2U4pU
z3ddEm{7DgfAdT@9dVkZohl_VLi69MEx4|F|pM&9Y_3*hHx+uJS##QtGQTRSyUQg(L
z9#>G$y^y5y=9MJK|EvZHszDM)pzhrE1)i1s8*%TezQBL0dFY(L)jj1;6J-BHaOGtn
zk3GK&@uBfhI_Jlg^`vn?u|)b1zgf-X*Y=dKd!iy0?}<O}3i9iZSJbQcrT5_zXBBVL
zfMPkf3#3*fv%ky<v1k1q^ZgfAvp9nziq|)wSl-#C=F~&`5()PAe}?_@S^w4}innI~
zYdVaIIG2_=^@N_^?E{J>GxR*qsV5Ic(&l~G_kIQYhMucSi*P;V14G-2%dySIbmr!d
z5kI?kft1^=6pFh*dXkM9dRM9YySSbdg^cMA`Tyww#iG<ko#|UM!qvMX!4)V^boI<j
za&^s4cJ*&harMuLYP`tv?rz@T?hVn&k}S+uip8=QolCJDGGv6u?|qaq7!z}uH>)u*
z6t2sBh8oL9={3C?B>QLRC!$BsLN$xOruX{$IG&>gtUGF<(bq%of^7GfyFjuZ4;1G_
z!Mb(>Sba0NMk<%BE&|E-8Wj2#Lu304uCaVM>h||i8aV;pV{bsAk^{2FTeCxOuGQeA
zXL$Q=&U@ns)E)EInr&sQMnUr*P~KAI!f_xw>EAsF>-qOnRGq427f8O>1I3pum}|TJ
zAv5N|rZjmH^I#9=(l{B+4^s6GuC@InShpq#a?2_3JRC3R)s9tl4?UTqa~IZ;z07C2
zMMKV{=XYUk4d)5)%m?sfB|%tRnQ;j;rq3@7RIxbkDg)NCPMcp4sAP2sj-3Dxyq2uq
zk0<HcPQVn5=?<?&(7Fqx$!~=7Ho*keP&h?Xcuu}n6Ii>a;Jw|vex~dU(UE({gIw}I
zEdSRtX4{;TSIGYr3s(O)j76vVc5_4cSll03KC`FIwzRj0A4ez%jw2R;wfU*=aq`|_
z@H}O<O@8+ZdBAQDjw9R-Ry~@dJfd%$ApayDWASTtffS0XlRcPwV8^cTcT0!*dzyRm
zE|6Ykx&Joo0!f=s)3@^~gLGSWI!L!_J>b*ena{!R@<z^(2Wj)22-<uHJk8s}*Wb?8
zZ+gsZyYT*CZr;WVX&}@4Lz~w(J|q_7U96kt8woPJ8>IIOucX+h?ym07aj;e;3G(Sz
z!Lu=>7DtaxzHL3apS%lmZd0CPPlS|z?_}>-Uhv!p;CUhuYdTy=6J*o;$$_dENcn1{
zAji!wQ1cqisx;dsaDseSG&D}&KwfFcnPi$jVeky>r?@$SX8`CKcn79XomtCm5PA*<
zc7n9w-H2S2)5Fh!eLB7)(lb;FB604-cYk}EevIekogh{78EOtL)&AyAu~qZN4nh0d
zg@3nRi}={HlhwGf$i<=a()MZttm}<ElpVVFZEpwnUOmfigQvMBeD5pTa4wf<wz=L7
z?!C50YJ8Y2eDCYpaPP%7@X-C&;`2>Mkk{qC57w=Tg8bJ%foD@(IIj!kQ+hagbtm$=
zi+s9j)9P+Yv5AS0Qn?ePRyAG<+?3}{9RYIht<aKh$J+h%5qs~lh3|cXw)d>APT@P?
zq4%I~KkmOs$A1_74JZw0HPp0vu)B7G^tbo)^~L&~;b)nS*Yk9WO<R*=Cza(!4$?*T
zPLP~!XzSFY`%RQC3>h8vOuDb>9l4pfN5&^pR9m3ag5w(4d2kx#u=i}c1+0e*u<l~)
zq3p~2D0dE@(czl_R-<O8c>?!I{1N6Fq5SGWR;&HKok5;+@*MIU#~neQ<NqMYbJQ61
z4_ID3A$T9woek$X;#u%CKORnZB`g=EZ?)Oh`bl`b7d3A0@f4dciP2xk{Fqma-PI#O
z&ix2HY8<J?e;&oPReTE8K0d=u`A^l~|8M*!ZD)}GbnzMP9)6U{hu+$Ob&=o`@LV`j
z;<5sG%n2YHE3m#yC?5)|A!Epylpb;ir+oq*Up3O7ZwE;BPw)=zN(-+QL+RwR9Ux8q
ztG=#qVMq8Kqrw0A4)k%OdL*U09Xl95`beK2eY^wtkuM9Z)qHw~GYj{qY&Y_u+$<b-
z=?;B9<jX`pMCooipP}~8*Y>4`(cHC^=Ca(kv3PKQ4UT=$awt1=EXQB*o_u8oNL03^
z=b(%B34y!ak9VeP2S|6YJM%X?g7nLsV)T1`h^+TrkbbCM>imw;?}QL}t~27!>;zBq
z;c)sr*@?K3ZD!kFy9f0`mB*>{yCX&QYpl3Ff_Hu&yf?+~DeYzq(ynPMlZ!8bb#sy+
z-zOv8hT6riMzhOzgx{IjJCH{R-Qjm;*8hS|=X8U|xf1ELXa`7Qw<arw)992PAZ_T;
zr%_=T8ogzZMzd8KJ-eOxHGZ#8qu1|1y|QI3rJKwSNJUz0O~E*HF$Kr{!*=#Qn;1@`
zLQ0TE%lS;Tzh=Kay&CcF%%?P(?Y@`gBT0#Xy}cD_Gkyn1Q3F^Luy4g3u5oH?d-@Ps
zuJ||hSGHq5A?<wR{aaDrK6;Wsu4cKLPHhK?@?(1pHzeniW>fgjc97)pLNK4$5`>%k
zGgy0gvs=>g{$!g6>xj4gD!h((>#xA0-3O-SDT6+?-Fzm?tCQ(=ZU;%|L0g<29Pe%i
zshPo0P|oiDgJAuAs?eg&pBkLs|5R{(dhUErv2&-S+30zEX$(lh(;@jF2JrV6#(-qM
z7$_F9F$cww8fZklaHQ&+^#z~l{@1NS%a?qbJ7F?Nz9)lv;zx^-22O1QNq7pplb;UP
z6PFqF_lx@$_iKO1eo<OE`Hf<wGCsXCd&dj%dn%r?-1kvD0q&QceaNvLByF!Q%uN~0
zSJRaQvbI-ry&8{dI~wFs^enU<1rO!Rkiuv^naPJXCNCx<%@1s2`Cq;cgwZ@CgY|>~
z*5!jpqN3}v5r3J?w=K;*ZZb%%E-36`c%wAGhv9DHHjr}N;GKLFbLzFnhUgzJhQleo
z2%fGSkTrgmPUu?G2j8pe39h~50$8(|%_a0L=psMT9myXiZ3ihpC4LY;*s&NItrvHm
zrSe%cfcabuG)iNkF*6n#DW1#t%zZ0=Be=@B^p27!u+q62qQI)!>N)eiEG}FY)yu=0
zu^l9+7WO~5jop>`;8AU|2|=6e`SF7Mx%Q6ahQhG3ei>;eYCA}uD2j!`uoA#pmz1&3
zrzjRVBBr+c;tW?$k}$~MdbWW?_Xj3}gnN<h9>?|~WgAGM2fQ1+K|0p-&R1fQmb)Wp
zx#T;9$F~inYWDV1@&%r)zl;XS*AbHM;dA``ozWoW{wGk}ItFvFjAJ&}XDBUnV4f|#
z_m#J|fz%tqm+Gf6S?q6MJ)q@d`FD`co8JwmpRRb2o$pdw&+HJH?BOp#8iy?8@2#0g
z7c;i8d#yd3)@l2pA+$cqeV$KOY5mPfAURKm)B3v=h~Jj2Ai+D}O?ww<-SJ%z*2?$7
zVYR;pp01HWT6f)&681J*a4WO>`~$3-o$+e4zGWM}Ptkqds=dup9$^A+6?>aqS)8K2
z%{okAJ;WP3zWN-jSa)UAkQ|NA#6sgBd`0Z+88L5QjtM%sG_Y1KfySy@XiVn>xrhtT
zPZTP5=-u6SZv*M~5q9rf4y@a_@Hen_Mjz9+X>YTc?%OD>Xm7KFXDi(u7%#}@`Ak*!
zJ9SfvjpAEKVsEvB{W8@2L!Yx60KI&MJHV&ATYHo#TbN&zrnf;r@xB)WW{RtZPr;g>
zG-{ug57%^EO30h-NO$vAl<RwQKyK|G=KXIQ%Ly4P$l2?#hM~Z-x3F%kbxQyCbz!a|
z?QbCf-n^|K_2vk&`evIJ{$_i!Td}^VC>CvR@?yYR$=+<A)bbi%i?-t4he2wcz!i2s
zjN|=B^WVwGv(gnQOEdZ7pIbqis^xQd6VLjeM}gG(ryvi=W51tfzuS$N^JOfvH7nJ;
z%gpL!DQO`4lLXlx4|4uB4a9#pv>a>}36)=RqVUa_{-5G=6?-?%&kKJKX#ZKV`W}$W
z-piB+co!Yl%<gE*iy|?uXduR6+KXQlNq!~HO=+Ny4|zWxor3Sjqw!titIDLI@5i&T
z?dZcGDI+mfOB?&rQIXWyaqNGy{FD`cK>RpHfh2s5Jn{t)$*28_Mb93n#DlEapv$(^
zt79F1RwSlaFkh{IWgY8(NF)ydnA_e@(~aTy$PXT80?Ow<*$R^Im44jBy<0(=d;#Mo
z+LHC-Chpq`($(Pd*CJe74vC};z`X3?tAAtMhu>T}B&zSL6o;oC21&KI-=TP~I_G};
z{-9G-^Y2_0*T2C27N<yZuFzk_^8tour%1Z^k?y7#_72M-zZtZj`4D$oldrtqvd3_|
zd2GB#V=!;n-iKK%^z`A^OW~<|0>A&*DUzKr_!eyjk#N0=MXu&uv|l>=PRswRok#jj
z<x}`QJ$rZZYW_0vy{zSIMf<+(VHRUuqId&oAk%Yg3aND;30K?GL73>clXx(DCIw^v
zS{??enZ4sTuaA+Pn`30>C(NI(SFzAJ+P9!?)B0EN{BP#7@L+D<fV6MEE+Y2!lZYHj
z(^&nmzT{wh-R*cbUfDAIzSaGj(Wg@+xiKs+)-!n4_l(5+SE0EhKI_BxK&^(M@Gz4{
z?pC~ki2YIdW)8?(nndD%0q6M(#ox3b{;ERp*AOE+AB~aWEaLASS+O*)V(X9a$7nkn
zzJB3mw*Ib=^-sa|ufM|jn>*PVcwQvF=&PTvx@zoSd`KkcqQUIBE4Y@T(6u}jBRijs
zk#qlyYjMenCBSF6^Ov#pMEG_1BXWCDd9sJkbhl1s{vH1buB+sFT-R+^Sl2w4NSbeG
zAns`7IltM0Z)dGVcm{RPUlTjOO(OYqG@jjGZDD7(2=`ZSK9$cMVZ5<PB#%ae`Pigj
zjlA!+gy3acjO^SMBMWUo+b5Mhs4VcDtXOtz0m(NKWMK-M?+WLo?nphE4p^g=_AO)e
zj?yB|it+7W&9*>1*1qeZxW0+yPdlGHSaYvp9OCw0n?a&;Q{FP%{AEY#RUR8^6B4!{
zf1$dXo#8AIz#L$8+4N)yinB6zJ^49@{XW_ZlJExd3T^(#xtm=<d{f>s!hrkrBR0Qy
z^YHtX|64}$O(Gc=9nQ~ohwfEPjO^SKBe(ufaIbn)KV^`AFDsUmEg-cP<2<2j)7GWt
zk7*J~^KXNEneNp&w$8SD^m&`{_25~c`$gvz**VDnDCB%+;9hOpjQQa8aI3*k`P+I@
z$OZ3|7i7gEr-4l27|HmQh9~2(AbvEMpXcyCc~VAut3l1(%emj&jOPP%@L<+*WHpJT
z%@f4I1wO-lfZ-sO(Z<zit<oC~(_`%WyC|)Az@s;>w)XJ3v)!9HwBIysMxG$97|Ih=
z+2bvC7abN!brhKE93gU8NFI^mm%(E{nWXN;*A$*t!sRe6k4VR6kS4#3vc&R4eL1Xa
z^H83q@|X7+Z#p89o_LTqMd2FOZbm;V`?7G^Lgi;?7|xD}WOh_IZ>R0~AJ&t%4Pd^w
zDSS?K?S97RpBIUs_iYD*=XsIb9HlQe`P{hHiHYIk=YPXwy5~hw5QY4C+GdtR;kw{D
zhVbVuc2_?yk||Mm-fv{|*ZL#HD_@B}_b|EeHzK(<3V9~&e{5QiPw&|ra`qpOk)2P(
z$j;}%qsA$5!FMV-UXbbiMEBeKTC$Du(m68PN=9r({+&CK!BZX7TZZuO5SUcjOcLZz
zAqZRBL`H8BcfY?Wq;7NwEOUR4uxR-t+l~eKdQ%tD=bBAFfUoz|lVX<tR+DpLHlvO#
z<m0;Z<Qz5c*>6PR?+rO`NrL=b$XM4gc{KE`>)0k1!^*}^1~AK4xG(4&W&Oc9YFPg}
zH-Th-^2#!1b6+^lcQKvh*-c1CqE%l;r!+M01(Em@8_351=4&_U%O14f$1jM)nBG9%
zA4dP6eJ;Hqk}^vJc@y-{4oG-*79{A;Q`{_)vg`)pVemi1;BTEXJp5alMbbRFfxN(M
zCBRQV*V+gk%GZq`e$YK$P-|C6F_5CQ`}r()>tpD5>Id+cIQ6}#(=?b%*yw(H6G-AN
zVgG0ih7ujyscMHq+bMA2wo^wR+9|x7Kx$X>A%>rsgUuqTWOfG4?m+j>#MVaFxPc3Q
zH)>-1^dfI^AKHX9uC>0ma^W_fCT8QIeI?fSB5!tM{^M|4v4hpNZrFsiuzhn%U3z_b
zc$3?q_Q`NxfbhE4S`Ox|n?O2d$9)cky#&CzeiPPv?>B(?GH-S_-<zhJJ0X2Hc*I}e
z*}iuZNWva{8^ArAK$^T8=X!gD{@pY83N&4LlJV@rBIyXB>oA&b7D;|V136~Ur)hf)
z&i}%Q;5>u$>=H@-kHYu(H3Q!9LwJpj{8;C%CnbG~Wl)~c;k(TtGQ?VD+jefm`_q{e
zer`hVor5ls)J<w22bqkye<RZgk`!<674DqlE|C}u8%VtYc{=TT?5^N_^VP<X`{r<r
z?EFoPoVyLrTBu({Z#?7g^~m2V1Bzw+M!aWQ6BI9%<9e^6D^OVK3LD5=2*T19NY$;)
z?cW@{U$nV5?M}AIs$6e&gNfZQV#xi%<e!f>=-)4)aFi7`kjVgMO^>z)P!{bS=3epN
zjC4W2)#S${tQ}2$90=B=q4b`+k@+aZ<KED_r1uJUN!hL8V}CoKSZIIG29RLQm30vM
zP4g`cgZEI!fMTI%wd_Xyv$|<DcyiYwo)&Ke$@!4}S*_Rz(*D(WR{kEZe^ys+9R93c
zqW7Z-;kq0T@>d+*5&znNbgRC%6b^q+Tyl%Ve@_GX8wchGHw-_|mZKsu&S@ZLxZ&@)
zgGWVDHn)Maal_cwR^U1h$Lr7YG5y}wKz`5G;9+a<O}+yBM@3S1e*-zn;Ogcx-I4Ni
za~qQbj)<g=8!F%WKV-7z5s`=-$`@DTLsX`y>#rv{ELYE!`VQL9lW?D?Y(Z&g{s7W*
z?FNvXESD8MmznDXIdd`ITiGnmLG?+<P^_MSVrd=~q`7oPa~UOq+*1J_aRJiYTN^;i
zT@s$-u$9r=n;Sq%Ta0@#eHfa1{|dBl&@Ga(J8><PzV2oE*|75X>r8(*ERrsZAkUzC
zpmXo%U(-Mg>`Yz_r*#o$IcDJM`;dPxenV-Vej~HmOXD_x<hwtJfAcy){_p|B|ELiB
zmyA`cNmQ4<!dm@N46fgZBvyyk+CHf#8lM_g_M~UBw1M=%(C_R1%5=5oMDmeNd*wgs
zNsP|#`JXWx%5x%l8^F9}JxIA6czSctm#K~<tMM{pEFk&jLE*gh`0k`f8#6cH`}K<x
z+57cKLEdmb^5Tm1X#b_-LI!x#EKnG_z8-eRaNnm6`eIe4h5KUJ)4+2n#Am8%b~3&(
zr+{^1k{}nRfM;`jcum8ry<=u=z*rl~f8$LEYp4&Ca|Bo~^BL|g-r~MEB3xz^xNzTh
zkprt1Z*bWn$baL&o5pNo%KGs0baDXw*W~pm<7wXv7kl{a`r+%&`qvL1m)O33_&B3a
z*AE|`bawslb!XpOKYX3rw<w%Bf;?PI)azGR$E)kLxTl}Fx@P~>)iZClD^UIuSMQ2@
zU43iraVfP?jaYxy>^{1l-T}BT8!jqdW5{_{MuJTF4?W}l4S4Q8eo-VmJJ)Z;;Xc!E
z_jfAZPE`)HxW}w#_sZ8;&w_rFzaGEui3geTsB9J=7<LD~D3az?jPF?lIb|4qPP_?u
ztKWpSx<MI&e*aMLdwNd9RY~gGXl-pG#^&8Ew4CQH?!P{Vv3dS@K}O$Hqx<P^6z^85
zGwHlx<}bl<y?u&BNdoyonofLJnjq72{qQ=FpqRynO-8vczZ&PSnvCzKCk!k;EQ!U3
zEyLgMUk8#Zb2AuJ8_zPvR{+OAIKPjI#0+4L^tZWXJ^J%i-k2QrE}U0^YyUADQ(H^V
zNRacFGCc9=Zm}=?-BrC)&exNf5&2P`S;ul4WnTHMF&@BNybg0<UG;sowqDH}bESUG
zk20R@6iI&o-#&8Ifh69*^4C0*8jMxDLI3T;zGA?8H_J;>c`f28F9&g+xelc3SZ=B{
zY>mEU1K#QKP`tFAXL`?bBDq&VSo+q21X}*8Uj<>QyiOk$VcCGUlFc`V&F5S?;9bJr
zb^L2Vvj2$XFM1+myqhpL&rJ4>HXbY+@HWVbMSHvWWGzVIZKzj(6#TwzLQog+srG6?
z%^O7Z5aX%=?_X4y(%jdt11a=vBX{M1_cX&@-6+IeNjl>0^jeTE$fzs+_gav0XX3oV
zV<B*l58|PR2R9wtzGc9h(~CGrW%JQC=jH)#7R&dNpM`U^r{G+_T?^9uh<sa@*0Nk;
zvxm~85x{(a!gS40I#loa_v*>6-taxH`<mV3&x_=v0mZU=El55)uE|*+vZh6JFVftf
zuLbFQEk8{f!do!{;jLK<(v6q(Y1`5)lIF|?V(C*X^!HVC&rc6vd~gcN3Tf#ewWdMg
zJ!?U_qbGdbEo|Ms?fPfY1Yo|8u6?xr8B}Gd)_U?;2z-OEQT=v81NrW<V)^k}RX4`<
zJ3`i9kLy3O7Noma&Yb3Ww*Dwwf9YC~Y9n%M?PG9@`}N`e7{HuQ;m#T!?lvRihrbcY
z(|!8*J$_Uq&G$8sodbwp?e~K(ip03OfovHF+Qx>{^S3mMq;kwqTiG3#am?ZLkY@JH
z7UsuuT|`c^yBH4O(C~Zr?=>L#QisO@)e+ieHjqnwS6>I^`DG6@kOD?)k#B2t4+QTQ
z3NLpVV|ycY2)ds9u??hC%iDB0N!{-k)_`PBgu=sXK$^kgg6TZ;o}u@PdVel$AUCo$
zz5CTz-aztMJa46p<K}&jcjoWbU=FM+`FpfqLSCY*3FnQ@;sNjbm#+M6D$95EUBtI=
z^MH5YD&I~GAkS=H1Jcm}9Ott&7*|huTJBE=y#Hc(znZ_tbyalWy0)zW=~K4mwoYtw
ze1&Zr)_|0%48OP4EZ3FsJN)jXAHQ3+=E}AVdUoDt-{yaV-?o2=-`=+dq@_yu9%ZS%
z+H4P(HINhiiluAz|G4_MbFTgw(5UHjrl!)VRRBfCw*)yq3cQrwpQLmVC&)ekPjws&
zsgX5;^1N);o;|cZinfno?PG?v_pJem>gHS%l@HV0{o6}iU9;b4&V`(FY8>bqkXkP*
zs*b*v!g5(D)cR2Qw`bn#uCCdftAD$})nCirqmu<0qM=b(15$1@`t7%6;BU9CVX<OS
z;IV^9q%|OkQK;9p#R)RA=Qo--kc}U5F0&bRKj++38>JD~nnB&=jH>5Ep&xLardM#_
z)$**qwFYa@RRYDO*?n>i){gJrUh3+aUE=DQcS>Eu#Yqm50brgy*+C2d<_(h_L{ATS
zc@0QXM7|%6L;c0Q1|+r4Cg8sPW(`PZ3mwG%W}<5AI8wl5XFkonI8G#Shn0hB4FpB8
zMB=cEH@GkIoLkK&VnmxiJrj1r^m9&t!btd?*@7%Wun#E86z7=m-|Pd*6abM#ej7=L
zbUrnI+^0#ljd9^|K6-xY53WJ_+n9azz7=bb7B`Lw?;BY^-3e-adlE`#WDQ7>zbP~L
zGrcQ}u0XlT)iW>7)ipcb)xUj&tDol^13c%x$nueueVAmU`cHH1$N+o+YkakamwajB
z?Nf|`d?Fh<#~Q)w$Ofx9Nszn7fef)FFZpU8xvjl+_ie^;g6uB_*#gU-rTWvsD2#2$
ziGr6YUHs%B%n#w4D9DdRA<xp<?tBQOT-tVnAlFA>u5PVOcnBmh7QFJ3nXXV=(6b(i
zx3o1NZM=_jZC+$>g~km~yhrvmt^sLlc6cm5#d&1Efrk*E503%)w*cn4RIv8&26ujH
zqN?xI10=^)ZMwO@6t^#zqr4!)9azoQK<RjGs%`8D$}=+De}4%5Cxv7@i-8z8GlHI{
zYzO%zfO$@~gZzS?t853^2VmClOuzknHTpcLe*X^!$9$WPIUZyo9&2-C#=@Bx`t3hU
zTwUc+F52hAkZ&ti1;710{dOYAU;+>QE|cneY#)s|g6y9RvT>xU=g1J>db=-4yq)fM
zC|s|zv3*Icx6{2pkqDiw0M-+!&?$0YJ&^&Of&r{qEC*o4;^6$hqVwMXGUah}eidKk
z!S=^!`(%&>KBRp`u)U797lZ8MSbHpVPW)Q2I{t<EPo6uDJmoykHL5t|)7=k8gCv*&
z#a-ohxb9OFOIoIbG=oU!KFqN=NF9iT%0&A!9HbIN)&6!i-9f0H%LACx(j6opM55{=
z$CFflWq%sT#@{2~It?PZFphIodhzf2V+g~Aap2<EZ#!0llm=i<XZEu?FW!xQ*8UFF
zsXyjiWyhEv|1yr@KMJl3Jjf?s!QWS|25It02XX!`QOyZ-N=X>xorjGg`GZqA2q305
z*FJ#p_1+{~0Vl}QIb#Rq$Nk&yadpkU+toAgE?1y@maBI~nM;|$tM;0i4}r8l(?KpM
zilu-130FT4jmGBEscl?tvGG^Iy5_)giThtpvKft_-b=<@-c^u*cT@lNlPV8V`ODEH
zoAKAU=BB(<n?W06K=Jl4KX>Q<OR|N&p{e|<mOInCf^!AR4X&PfysK+=l&gPxw5xvx
z*QoM-vmmco4N_|s-jB{iL0+{Qd5n+^9%rf`uV7~~Hyb>yAd=SAAVD^s!{+RW`}94|
zmGO6jt2y$X9Yy8sh~IKqzJ+^IZTVDRd8u@2Wpr*)GqZ;p)tu<*gL*mb`($&H4WhwQ
zZOH2IMT0dLMDh%UCl@?{V7!r<&mwIEJ!fXs5BToYAm!#_oI<Fbj-I#ByS6C`tg$R^
z<4>!@>&u?x@g8nl4bn)KckkZStY&pC|53}4B%5%V`4>KmbotJMAmxsO!nYm-DJ(ZY
zwjk$lSsm>FR*Eb7e+T{l82o>(5#t*#@>%XcD!y47kK7>xAB@X&u-Lfb1*x`6Dd1tX
zgc|*n$Ad`jWBkRL3?7QpFx<0vb7N7eE$sI+2#Xubvfx-VR)Zv_pqyp#ajsB1bB1})
z?i`jYVAty5ZJ%3KW6kgW?LT&P&A!9cGjE0~P+sclT~XpvYB}{B702Vc{q8$tUuZmX
zDz3Z7nrbUD59TRQVWF^QYJ4?y_;r_EKXl!pccj?@vH&89Uak57sq4=0aW1+iY91CT
z$#zOnEY7XSU&eiwpx$XG7dgmb5XsR)%0Vj6zpW@13zhB59V80CJhvR>zXRnC-C9mJ
ztw#H}mXoOkL^53NzH8NUYIa+q!FwIOw`K=@I+Is}gn29l*?1&Mh8Ln_dlKGrn-#^<
z!ii+cS_h$bOFkf;&9fr>trLUxAo`vCKP>-UT~e?<>1kYl#)BZWuW^vWoJhL(4EGoS
zGo9nWItS6KadqiIDx+t(hqIf1`yfcI58>D|&LVE9UVfg>a$6a0>DsMdE8Z1~V#!<X
zAO=n(xvQBhd<MUn71DQ}qF6p!?jTv5NJ8g4*{4`PR}{;|p9K9BS|1Fl@8gb=eZP&8
zeKE*Cma;wV-sB+J6n{N<XQoBquPi2L$5ZpSbuj$xN*eSbaGXGR|F{aIrcDlVp2Pcb
zjw8wTKAUIm76*~p@B76hTPQ7X-znCe=oj!o$r1;714ME{Q7k7{fh1nU`Eol`f;s3r
z(Kea$AoBFq&lK-IMX`8SfdqZbe)es!zp)qXM`;hT9Dx5)ynm+p?kPAEs!ve<t-`lG
z$u=F*)LIo)+mdWiDYJSV99XXbkaDAj%IljR9MrXtXERyn^k$R~DE_PLct=w?Ag>%{
z$8D=XYOi*X)^fbh$Gw63J=P$S_nuV_QhcDUiMoh#3RIrLi4Jm6Q7nP-*IYgGI9Jzf
zgR6f#@9IB=F`N50A^feQz}m(1qkN+vSB?hH6N%yZ30@ro9;c3cEIbI(t5jEs!}zvS
zqrv(_YWTMqIrMJJa6iL^%j|Pjfs}hAc=gWvga<)7p25aVfX*3o+>G#XpBRJV?ui)p
z_EjJ`uhSpbOvg=R<EB98sZn5kB0B<JHtyPpamQ15C+d$ounMH(schVI=$t{v9TNfX
zXz)07^pS5@f%Iw|`!)+YkI-+&hJV{bztzz@eDvEf?AvH~8AgLOXEb!iCxEqxgU3$p
zDwQ>Pqj_{t-l!ZClsD{ShSKUgt3aaPYW?d*2m7o3>Z4JfYci+W+O#~;qY-af?oI~(
z847>vDDa>zpW!~X3M3WY(TIQP+VFQ>^BBC#F#kZ3`VQQb0oLP*g1jXIJim_<<k0&+
zR5#PJGaOt+@83)}=D;+&r*L?_^?3EqS5bX5Q#aS$?o}Xd&I*51r7~40J(O^oOqK55
zx=KI)<c3w@d;rhx3|H6eQdiHs5?7%7%|Th%KNtBYSAu8%@s%Lea3a~?+CW+X%mCsC
zudh_|1+$uqW_6wZl|$Fq-ma)?q~~sgqFCrSXImQx)mN!(c~obdb2{TV*f=GtKr*p$
zCcn`@o&hjZIpRs3ao*G!hdYns+^`Cy1UAl`Qw^j6z)WSEy*lH(q6ZHfXY?wNQrI{f
z-fSQb1DHh+$tIm~oO<wlj^o6y0x6x1v;VCIvK+wd1d%M!8Rt=*ahe!B@=COq(s3^S
zv4L0t%v5HWe7b@BjL`_apS}PbBTWAOTCpx+x=!1V84cWqG?20qBsxyoI}K`l5FKav
zN|1c*iucPZkgC)-?{s$sgRS+v;(deS<X!a3qcnK`N{}pyV$sgzpH_lI`y6|>LCtYX
zb)WHUy*-2L&2W>IXm1RqYs7zso6;f0|Ni$HR2_K3pBl(;J_xU{`I2bAHyTuVasR0X
zRbD*yW&;Tw-wt4<IE-SjA7N)eEWrEmNWCUArMZp2#`|!h&b{sD!EK5X<bsz<r<!;u
z0+XQH)pCr`2^?5+qM(!B-;gD=MBb&w|C&(%TTMgmSf3$q+{YWke*a4qh12N%6M*D2
zpsx83ML8HM19Sa~)fbCre+}KcSV4{)TRs1U%mzOWWv9ohR6En-k$od=p545`-NS5l
z^h_qM1j){9yJ2_Ti16HP>B%5hUMsjX-ZZ5|kh=}wu@~U{KccYmL;V^lzn{1gq>l^{
zx%BvOKbj^UtW=Ifzpe1Md{-6P0z<#g8&Ir90CQOtNOl9(G6`#^c;wCQF)Q_b+A>#a
zx>vZJRy|h}262nI#;ZW`>)MZ*?U>1ZZPzBLH7&KA5GB_p*<Pdj!b72I3rG=KT!ze|
zD#$NBmMF-Srq#M)(Sn?tgLwRut|vN(M~XwbH}v<7QCKe^5@uEZuL8-*BTa?fnRFjn
z4!kY{czh#qo>n@Kx?hynqz&f2qjR080?BF!*I7&Y(0A#bDv<uED3-4(kq1!y>~D;(
zXye>og}mT9`g<ivcGmA}jc?^J{AMD4Kd;0Z1*f(4F|6H!?SHET={t6AHQcN3I4_k>
zy#P=YYVV=A89bXe335IU9%BiW3os8CJ$FX7U#CZ*3}GKotj^k;03GkN0o1x87qU_I
zHYEshvkBqwzW^@PS0xGg%Tp@cV1A(zq+A}~o%6HUd!P}&d9f0tR3^{Q$_UEybezMn
zI8Gjjq`49#k%PkK+VVhTtcA0-Jn$f%?+-%PM}H6f8;pZ;;Gpd*^xXkQ2(q`5`EUUG
zC577gg#?7BwjAw%d8H0=K2{_xPb&u_`-Y91EXaqhFs>MnG<RwNj?0xfh`}h5BUc;O
zEXeg&7}se+oru4m*)8vNkg-OQ{6c43$Q+6r7&Y`ag*Tk(UBSBo<x#GldC{(}*)gvE
z?Xj-@Q(WUkKFWQG<y59;pWc6Jo!lgl+m}G&`6JNyc`Y<5D?n<Ehr+=3JI_8j78(yG
zTK1U$%>Fb%ZeCds2<=Pnt&1x_65^nc$_nikLH0+1=K`PU{)#uc@8SfxoZ~uj2Ndgs
zRaJq4JZN00DBc2gUsaiMi_{z;yv3aZT!&x)EB(LGD98mymhTn7O6kxJfnpJ03WcS2
z1xR8Hc*}k%1ll<8(0S=NbPUQ{DXg=2^Scz@GG34?dlfIeX9snL=-eX3VD31{v3flm
zvq4(~`QkWmH5ripDKG!$3OpZb?xu0jDGn&Ay-|J7wcwn&99TnPZW>Um)%08qD8<5n
zGR0@XGn+q<sJ<~><iXVrNLTbuJ-$LcAF2J@?{sy|p6TkD_hVO}{0>*|iWx42Hw@mJ
z`F)AOnCHF(m3}%YZ{fK!k-G3j#@mfnL2l!|E3Sk<QRQz-r{)`ORCz?3jAJ<rcy2;v
zb%o~|Us?g?_6QlC{{Gwwl+SOd1PP+ht`_QZ@t+mQKlS9Jm6afEq<3iy^1lKOVX5j)
zRCx=<efwox*ZLJ&{vEta_N)lE<x(9b5;o1(GV=F(D#1)~6p9~}2Tv8`3jm(6(Sm#!
zz@vRfzY!qkoN0<6o1(x|kRZsXdGKg9k_+D@s=W7P6j<q=Pv@XBe{TJ!IrP4X0c%w(
zc=9uamg&*(GS!{@yzyPC$5L8uPXfAs?pZ6Sd<0%2h>znMjqb7P+hq`jM;Y&}`Z_U;
z_vZDZY*?^D<Ez1MR2;-|E+5ai9V?jcQf!H9PM@Okpa*bXU4LjpC2cEl`C|q7Lwf(k
zgFM{?FH`!SZbCV-Aa_PV{#K*g7ca<X6~$r%@q;spV$pu5Yo%>(DvISI&$%fa(^h~)
zX-Tc66)(uIYjwK5NL2l=`j>;$Dl3IwFK7OhpCfJhlPHYAbvN}OuY5yCp1Bwz%T)Rj
z!(^HEe<s@MSD-9YIVj5{tFp|75Lw0?Ey%5(B&g@|1<D7ROvo|$g3dvIKWotV`B3@m
zLy}?}jB_)9M>vP$?WcT_(~q5bd<97R`xWn-%hf&})n`lz_vZ?o%e(^VqVjKur@Rjl
zFRjZ#>eSH@G~W?bZuk^wH`jo;ne{jPTj0TJo+8LnG<fO~1-UF5JS7l#^?VFWsY%rQ
zK7#T&Js;%&>-?5O*%$acx3PbgyGnfrfzEvH&{IZ^+egPW@L;V<6y(WUD+37t<{$FS
zVh*g8iN<|t34?z7AvT2wU4`e|uPj&hO4S22oc&|@P~UiN0Ojhk6(IdbQ7rAT_-4?|
z;eM)lq9Jg+Jywu8;P$<t)uH<{;`z?yAc+8lrOQF0eg2!-Z9io^IFkQH`s>u0(C_1=
z<skW%Kx6w1Xgog-8Vi?)+fM9@q4BkBknHDU8yAfV_ho74OI+t;1^Kq+AlWCCpwG@E
zZio#nX$463BGz6sv^|!#-@@8&8QQMU@u#u&X+zsD(e_f-UOKe>TiQO8wa*;d{_o}J
zQ)Fa5MHKf#_!yt&E~n%4pl{K9injq}%Ky8XKg^9KSNDf0DjDhzb4$q(e;DVq@ZVbd
zl_}2B@ZWOjZ!^Px6Z?LkFU^f5>bd;zM51luB<`yIF;6bXecf1e^}dfT$35P7%hmhV
zvi;sT?dp9WW_!P}^y+<AGdkEfllx!$^DJ7f<IhuTI1?z3arMlLb#=`)y85@9T>Uc)
zjhEQotGbRik@@nB3Y_3a1qzLVJa#O255+)dNhw$_CJOQ~9@~`aD3|K{XMr$Y^Xg)h
zZ|7uzWY2@b6TMtZF{>5YWeB(JI(hC)`#7%gJkK@WxeTQCTT0YeHZ?zUZjiV5azM__
z9g3rCmZLABlV1?f!{MmqAW>L-;{{zDo9XxCLH3Q)Zy&K7>!P1{%An@DefY&hHQ#gP
zi;1>FhRhCU9M&1M$FY2nN9pgT4xb5a#QT?l<hw3V+-ictP#ifYl?*x8oy$NvHi?sc
zJl9BZa+v4N7?$C^Uhz}B8&%u;*dSh1+oJ_!aV&V~xr`k1@5?|sUc||CkA_?0*=4xK
z;c)csGQ`nvI6k!uaU5!Qr)N5{U&}I(em|3w;R{&fyo>91d=JSe$7iVd0y48fnh9X0
z`1Dy0Ws5z^6s_h!ffMgq9|u+o2jBUZmxjG<)3uv`>Cb?2*{_#@MEf-taq?&;4=<zp
zkpr@QBHC^BWVv51Lz+tC;JeDjGp;&M?J|&PKRQo7)#;xyv|QvZZVmSO0|<M?m_ggu
zur#oi(LhBFG%k)qf2BQH>^)n<?JYyUTTF3F@1oFt(}wo5(SFl7`DaTJ56%(bX)Z01
zLv0TZmgnJK6<30s0U~jha%!yNaPeiO%fjt#?c)%aw=Dx{6bI%W-r)9_z(e^6mmB0G
zbbYrh1&IKd?_J7jR{qjK&gF{aEZehV4Axv9`l74#=kG|dO<D?)Jq-$>1!el$zm8Dp
zsp)`&l;(+~{-AQu_c=7SpF+Lc9RpHs2G)<=@?R;o&^IH!H6^h1>(P7+qY>Xo{q}*S
zm}ipeuX^o0wB3Sd>U``SuI!~$_p`Xa98fH;ULz9kX$N_V*|)!667<7sDoPpjV>`DL
zBqu*AU{6Q;AH>3$oG9p=cvi8tpTK;VcQ{anro04w+05>@E-MG^*@5C?{DQ!v11Kxs
zzZBm#DKBaLhvFS>-EB)*yg#dtlzVfE?Jr9}f)P;I`XcVbjQ4RLDxP<cv13Itp6<gD
zwhx~}V_6JHzPLcKg@eENpS}7yKDrbn+K-;E;qZBw;d8kCcuL!kVb=BdQnsJ5ceoDo
z3j(h$0qMN~#d5&uAm{Q#awCA*d%!{N%M;010CV$=c%P+nf}CLzR9ma1M365ffJa=5
zIA2EhCsDJtW(?+rqId1mr63(h08clalTUYlc3C+{VH@KA%izkmMkG^CI!HQzdG3=A
zvN=yA8toVX%$uHfkfO2ZYxt4NLGBwX5^XKDONOUoD?MAo;EbNf;qX0kDM-SvalcQ!
zJ|a2jqmto1`h*&{nEK&oiudw>V!3aeNV<<Z$d`&@>54<1*t`byg1SH8w-Z1l{<EB`
zay9B>^{W!Xd>7jv#NTgS0uop6AoeG5?$2BB`^C8;`30M|xpsl-w^+X>G0blf<4tF|
zx@MQTdgk5f3Y5=uDYdM=-co!Q(Dtce3BEm0z5^H01~zdC))v(E!`td0FDr_rX|IF)
zUDL}eaa|P^2=9a?AazCfLN*)1eIb3!7t;7&DXK4|YOktFv>9*Y&@Zx(lZ`iXvhg-f
zHVT|<yn~YqvWEIe8W$%H`bk!Nl04`qncE-qle8~SwCUMChuS>BZMH)r#b-MYYX0n!
zJjBU`#UP0W@NVLvu$vcJd^|M1ZUO0B45WAmlqn|+u&xY5VvIhNZR8-;$YsRCPGNt_
z5{yL%wbf}hI>&W2Wbp)%z%JbPaYu1qGoMfnQkt(EjIl+zM|($0ro3ziepBnhZyYz)
zki!#1VtOL{jZM4X4=zF5&u5BaDVbVB7Ect(d8*T1Uqfmph~%HTIuf|kZbp4$?t(;H
zwIRKu)ewH44_EWZ!RFn%1n<ZL^qywlY%qXl@D0!aR;uUM#i8xS7ZR7*%7xb}i(J#<
zC0Ji0QfIPnMBE&4B5qDDsU>5lisX$0%0Wt(p*oeezOuQAYW<;;99Y%b6h?$+FwYwY
z9#KaIDOm#2{#!U5yF*Y1X<dsp%5l#yp7BsEd1I<bo;@(scCXZOXY_n`sjf=ls!0KF
z=v)VGLHO^RooG8@$mnS2z#56mTr=8TBjFcKV5R#)zjK<vO6jdG3eP3?O|nh%dnro^
z`n{-mU{k=80pbUtaBKomt%dB3fyN%*;yz@sbcj)4ZBB$UXtObO#2LW4W!t7es0{MN
zfD-2Gh&GoDcgJG1xv2T)$`Wnk>3Pth>-NQ{E2Q6<XbYvqFguO`toh6~I(KGxKRTuw
zXUoQQ8p8d91s<$V@Zik@F#mBeNE*JHda(Y^+!;g18+=FP!D?ah+;Ily+|oofzfl-`
z?EUt)i$NOB_w$9t`fs~Ui}n3#HJ{pU-r)A}2KTcSAgOZFH;PrM=3J^RX$hz`7<dpr
z_(cUs{v<)RM?s-#Lw%`qs()a-DmVJ4GW+UWq+>O=`BePBQ~^>th#&luy^BUKW_9eo
zRlFs8Yl-1jyq`;U)RM)wh{Qf0?}$^icozO4p}%Gr?~oPiX+^QL`4yEGFHAvu_JyA%
z4EhCf#W;>nQ7lx)kJRtOc=<Tw<p-uCFW+1d!pq}@7T-8%eC!ACa*9Lb<-z+@yGz@j
zsU?SR6NxZ~$p<@dea}l*=H<VZm4nWo;Wy*9GyZU>mYly$Bu_~Cy!@KQL0;a}TuTn$
zj=a3&*;?|(ZCBvsw;`|SzV83V%VQV~9+>t6czMGAj+cL1q0h@(XW>52SkLacwnvCz
zwn%16I=q~%&ws5BFHeZz<vM!epDIAwKkdrAJa;DEEvHs9z3c2F<nU~fOqBlrz{{s0
z{5`o5ygWgNmrv8-<<s<edDDsiZ+ZE{6+vD;H+y(q{!j(-NN?s3<K^9!|2r?AQvs5O
zFO8RXn|~NDzk|Wqoi;o#zqMj`US3$C&&#i`_+h+!qW#LeJlj4zFRzPdygZ-j8a&93
zc;u^j_HbVQxIM_rxvw7~=YNX4oNIrCl>SsC&g+qHEt!jFVdeg-^YZ#w#>=ls7>xC5
zG6s41kQioqb_?+A3Op26_Lj8dM8mog4y+r`$EtiiF9Rf%zZL}fYpVeY>kL9mjtSN|
z*t?!DI?={6+JTsGognnw`tlJUM}ER|`u<1A8$T0CEPxqU+o^jQuZG=ZED_1X{c8N!
z2gCVyM6N|Nu(g<AT^{o*$mNEINnKxhaDBOo;w?$pO~%f_Jvo`Uo17;ifos_PT88jN
z>%euT7_qKMoExF=fQsjI_uJ{{vy6B~e&meBdP4IrC)grtp|)J)v)pujU|@VKJ@}of
zH_8b%U~y=Xwm3B|A&_9JvJagzHyR3?+1{2!gIZ@Ulz(;eY3|6gHP1eLo~WPNuO6FJ
zGe;y9BX_H~eq)YEnnv#?Viw|h$?b@1_v1+al-E(1O06PkAGe$A2QZ7-C30iAYP(b8
z*2FO-@-NC+++7-Y#IYrEeL32roM{+$cfOqI<7wcjD=G=I88x5hT(5qHvAZo}KsK5X
z?=53dmo~eTZFMX^-V>?d5kDWHp11yTkc2dtg1)T5{CITV`^rHoOx5>QjkSYRya?@U
ze#6YL_^gT)+^<cqC)+lq4SuikQ1$%$DtXY3UzrlL<I}a<Q-Xf(7yg}q_U<&WW`RgD
zLHr<>A2Z3x@M2E~j}5>RNCdg84q-7}C&;0-aKBm%jkD%Y4HU#e%6;<-0#xP-#ajWN
zGpTHTK_K)!CO-*Mtn>2&%^JSa!2_QnzFsZ|DK|s2XITdEMPdJ4IY=4lgK>CaKJ<Sm
zXL(N}@aQea9AG(@l!JPA!%O8Ljh!nJN6~Ke4yJT8)+&;cyxrs?Z*=>j+4(L&noD?m
zD9=6VSFAG_4IZZ7Ub~xo&;C~P$bk64X{$);#_uK<#&HGn**vuEf>k7K`S|-B_Itfm
zB*qE&+fP_ce2sSc7vUXY|3>lBaVgBtE&{1F5j++a(^mhZ-K5Sck_rHG&w4?ALyfu0
za4#tjiMcYw$iA2u*_VLw%^K#<(76cDh>wk5b;E8_HdiDR4*x8qfsEBcSR7XK2=KIr
z#9;VX99HEA3F_U~!-HIshWF3XMTqab>vt2EqF8>PD9E;W@EoT+C*)lrRL;@c*XiXT
zO$Cv3^A`6UMX}UR-c9o7io`#jE6C*ZW8Nl}4=*E3q%;ruv~^86NC$YtZ^EDtJ<{fr
z3}5yR#Y=hBt&2c{Xz;kE1mV$xKj{kd8OuRBA6rsT!DP7n(}>6RlSqTtF9K<|qF8bl
zf#mFF`K@kG9*ik#zNmQVe(YMrYB>H=@jj!dId6zjtMBzk9JAyEj+wOxq_aADOx=#;
zVBXoRkQ~ub;IY4kXZB4BN0h$r%&A2n?dOpPP3zIuuije(Qq%AD5V2zf>T-$rZz+i6
zrbg{P4cAjb=el_j^P}p+J@|AXNOk~E-tYF14z^z730&{V<4g};2oi1oTxZSxjUj6u
z9lqvP53YId71q2bWX;?#YyKr&^YJ|-_g@IlxL90s4Tz-cv8%87^1|>n|5{t~@!*;(
zkK>y2eur~7>6(w@nw1&cnVxwDSJ!Ob)xSN;)z4Es34Kr1GaTaovT<R!KTP#PkQ@tD
z-+pg<tROehwZ;o_<3f;H`9SgcST%pXr;N!~WdO1-33Hi*%3JO60+l^H`RuoRP<05|
zVE}ot0py1kYW@XxxVmP~aP`b9btyAYK2YB|=$QSA_ZvmAoG^fV$N+M+0q4?tPnfg_
zBnqcq+r&i}524p~%_8*wr22o~n*VkUFU#@nOCd23p=-^&19i=3UP`d#@S{3>0BZf$
zZKZLIRgagpY$b7xl~0tm+y`K`Pr|-=^MYr(EE9dqsVpO8Vjk1^bPqCFZf};ube0S6
z^rm#MW+w^qwsi1}j2C2<ceAmKhp@VidVJEqP^&SYt;PfIxu_iM9;QwwJx2k4q;9R+
za|=Q8rs?zIKQ9c{`>lEoVa|;MYk<}2HyvW@hzDy}9u%E7|JN3RWCW2sJd=|t9;=@)
zw3yO_7R0TgrJK)m7jVYAr*oE71v`cP#V;Rx>JkSY6VK!niicDA`#1;sl$_@+?za{W
zzK4gw-Lw#-g9bH*zs1N|;`4cEnZ*k&Ih<)#1;^^cQaNWBSm_zrF_V)ELDY>;uU|NP
z4%M24TJEEva&zCBKQbPX?*8#YkeqQS_v($ab|FalbpEFdErWIZ_anZYU5eFz5Ar`V
zC&=k}Sc8?yX`7AUY5h6!zdPyKH0jH=GZ%u?6^rpCC%cq`dOE=Dg&-MLi^Tfw9zyqL
zG|LIm&S$xAXY>|IQz!qUSXU{E<@5r4rv|^`rRQhygChB`bq}HUviam5RbS|OV-FcF
z?)|2PsB_crgg+q9{ruB-_O@ttANZx3(<y9k92XVqlZs+FOy_!Qk1E@RuKQODP$m-t
z$ct}T0Fo2HL)Z7=JGj1oY4Ilw$det+9((Hoka~3Ppd8>jS`)yk*{)2?KQwM%f||=?
zIv3Xg++Dp8t@06)!^L&@Er+t{@9O(RLxSxq%c1N;hK!C2mP6UqhK!C5%c1O*TwL7B
zcqq>2jB)w#P>kzHQ|qPgrErfx{ZPF>>Jn@@kkLWss5TfoTBDf%(cT1GwZYUOL?O*?
zSb%aynEl2G)?5H{U5zj`-*j_PWsNYk(sXkX)h#uf78i@Yr_-b1<yHV|L!uy;N5ji@
z0BbpIj{)nxu|i8#O6l2^V}+J`QVesZb0bz!9dsX;Uo2iLsCB?7Y~2y{{7V>Y-UT4#
z0GNON1~mR+EZ11gWv_Q~KYwZ^<QG?5E67xSUiAhvJ~)<ZEa$S<JGgyMO*g?h3eWUt
zSl13<jRRroL=dLN0GQ)I*g6q}tvvp}Wg-YI<y`!#CaOb6LuVcb)+r#WF@<zr^y0t_
zJ55i!5w3L<?n{iGDE?b}lp@WqzIFjfVvkak4r1yzSBWhwh=n4PNstRn&^SFs#ewRt
z7xzZIYCqWrkbF;7)y=C+Blg+395uGkxYgt~!S6@`XMDGy-+tD`gV)C!?;h&IYjnTz
z07yBlxg8DzSck+ZW(h5N-(4xD(b!jhwyh6sRF&(PeA|R)V)Fx9yv0yBp7>rln5!r%
zjlLEU-&oQcjBhMnFid<Sa2=Ev<bp_4c<BA=5?b=314YIcOQ-syZY)ycQ05A9nITYA
z@M7syli|i9<BMuOKM%$6^l0c@#e+4j0vgLWO3Pe_*soaW9duV7G!{fdXNjVy{!Mg_
zGQ(er)HsA_=sd~+?f1b1J2c+CwK7o6L5K6QVx@P+bk5jOp(xgP5I<1kyOt-|GBDm+
zg>~cuV5WSV@)i&=wxvl?tY2z+!m<S0bTF!XK%4snH=@HCK-gAALt`~(>JTm~)_b?E
z3N%NvwJS<dvud*}E;_+MNA4xXn)sq1Kgxlp&7{Wocg7DW)<0E1<DWS}R=9)?=uxbH
z%7aFVdkV8(Q7qr^;C{4E@%+gls6J}{<Ptg@iemkrALxHw#{94EeIQ)k{P6yv{@1Q#
zeZT9^?gz>KCCiog<<MM-FFyd1{TtT)&CqriZU3INe?PRniMIE!_MV~bPtx{Y*4{g`
zy^*%ZFu&`Vp?=r(5BxB{YwiJ%oXqd~^8M&{{qoiPuD|#Jc?iGJ$wT=4&^(0B9$~28
zb+0hg?>grH=y&}E-gjnef^FlMSI<j$E8EwN-(0=#jckuMet-48|HbxuW6#z5X0yHD
z*n9Q9NsJCQ#{BR7uHgYazw4+oeQQRzdRHX40_BOWo_R^GuGz`1{_QEQ{uxoK|Fw3n
z`)4Jf|23bj`Y?5uCD@dYqg~w}$GEybj&*f^Y;<*hY;twa1Nmm7AfF!#USlkr$ti%&
z$}*Gztam2ZF8nfHm7gy2W_JSz$rGz8Z@$YEzt7K`-4}SXnoqlHBFG)Q+5I(dcFVlk
z-N&2V0+(~Ht4NT$=7D^9k|1B61G4{mLH5rE`N9N2zHm3lJ=Y3y&z&HDHCB+nnh5e&
zGeGVbBgh@oLH;^hkiWhaWI02S<zkTgQU$qhGRPg1qg?*+ysI}+kb7?cd5h{JZgJm~
z1X61*6o%?Rlt)DFiTi$#wtY!;Nc6*QKc6(1H?1ruw@9nsZ_EwW?*|=!@n7A~<ZFYW
zh3ZCO`Lkk%>I6T(AEeDOoZNIB$9$D7?(=+_`=`nH?p1VKg6a>x{niBAAwIps84K1!
zd`5>|{dZ(XZY<VjNTGaSlp2RwNXN(nk<3j7X*!?YVdqdM`?g;>*o*mPZld?#FXw~Q
zI*RgLi>mLDWRQI0>D`jvA#h;*yk9vehxD(V50Z1F)<4VrGunR~_P6t3rSf8~`tQgN
zp8>32&j(4KD9B=FI9&HIxSUL;Ecr{4jlwsrUpZ*c2oyWHVBe7dX1ZRV<xsXDD^uR1
z_Z{HhbZmRSGDUmuEcp|T^P_&{U~5Kj&Jvb8QMHf1kA24VD+eK@PX&nNhGe#PA8;+c
z99);rgzIvea9ws2SYMqFl8_oG761yXKj2!_Z_aTozLEG%s}a8ujrfgV1gmR4NRYz5
zImfkx>9yYsrN@~2L3%iXpHaRwB>(SxkSH(fwyCkfYMd42S&{v|r~P_B?y!O6i(~zI
zhxYT&NB%<j7<?IfgM9${oB8`yUSY~l81#2MIiAXbSFWw0?US!ZnQ}a2-yon&X{CSP
z0G)0Bg*4!~Cc)PHAo7%Y4wB=l9#(UgQvO1D%2$l1X#C_qyxD!;0y5?{HMo0tgS*v+
zx|q7pe@PnjV}5Qv=JOQBf``)o!5BDmJAnDL4WvANFFCwUBsVbn@Q-G8Gc(GgAJ9I=
zy~MCyB-gUqh~w%0`xNgBHjrW!#nN81mn_~Sk}&}0lQ-`rHJgxbE5__4hc}2M6Ts|9
z+)HZKi>iOEBWo`y-5`=w`u~Z0NzF#gOOkivUUGgT=KQQk+e^-`N4m|k>?LD2V9rl&
z>|Szy1HMBx{nuVHcB4pqR@BRDm!d9v3BauJL5iDgHhk0Rih<6fv54=y|7Q5H2=apY
zYMxt9pIQeC<V(ESP3P+UzQomgG1^7PsA6L%G0+*u#xPqFY--(*IlP*?uj_1-t7{y{
zl-D~46w7dY{;LUs{8b2_?-(n{9Wy}wdd&Zixp$9`qB<MLpEHw9W;O{S$tDW{OafJt
zptV8*q!2SpxFm#&3<IIsHjB2JfYz>;dO^)3!FH2)>DJLzXx{|wYcs2{uQgG&?OQj}
zz6I$Gv|he_-*y4D2|)$9Wq@#gpEKvo-q;AXeZSw|U&+p#Ip;ag?L5zOp7R{ZI9v_J
zM+K7c(R?rt&rQ*XX7c*kn-=P4Z%#FJ`^Y8=&te9Tm<4;Qr@>M0L{RM4Q~nWBU}Al9
z^E^RJ?*de4?tk`Yj}I$Zm+oXW$nT#>^=<JhQT#ZFo<ua(b}E(Ddo9n3_7|Q@?})Ja
zBsf}zKxt%szLh!t*rwhJMaMFT90T-+=Yv7U3SUn9>)K88CbkEnZ9lf!R<pKj?3uf0
zTl7-2?Ln(;4Qo4-w%zkzv~BV8(YEheZI{xvCmG#0{f4%6#kBps)wZ7XTS)s&|22bG
zkG6f?YP*WHokH6_|2l0u_-eH6t5(}JwCx!NL;WCw_vL8Y7g$^KjA;XHPuh;WhLz$P
zdJjX&*>qZS_eSJ1@xf0DZ2JWJ!?w}6r;jbxjh`&hhpHuG=<*bO==xfHXeJoL^^!64
zNu6m|9B+_}kumIiZarwDcF7nzO=Yd_H08OCNR<oI;AqK9-mP{2-o2GP>pYXOUP6*_
z=nQQ;b1D71@ukkKhYlir=qI4pouY7=^>at*`>hS2?LYfnxo8fR>z#|~^XVQ{KHN!b
z=WaWPovo+7E1ycp{ccLg{qAA8-%SHqk=*ZEBV)brKC6k_GffwIF42XQ<T>9>pJqgI
zz6YDKB01mgn4Is>$&B-JzH7L>$5*B4W19tijOU^`88*ovew~?Hz(G0j=l0J4-~H88
zcW-PkWo@9Jqqz>@V;Ko~8nycIRZDeTLvsN)_`ULhN2xw+eab6ykEwFcWfX7x0*bfp
z&d<&Z^nZf=a4G%f#xK)vTDN)Sg^#K7_dApC;asxbI^Q1;&;F;q^7O}OUSP6ZN#QKb
zsgZayW^{G2017=HPvidE|1E3%+0)n$IiqvK02Rb$G@t({YyHX7*soqXIv28_ycSfs
znZ0}KP{#Ud<QVBm2c?-?7_7E|2jz7aTo2$laXsb#-oO&0Cnk@;l|^;<%fHE5|7Jma
zzMyrkZ1;y5^!zz%+o}=UDL3%eN7zqjbv!$H{n>XKXsp`xN%Hvb9~(ex-RYINAE<IE
zfaA~W7>qwl4rA_M*7`M*lEbL)kB71NF$&}J7l83a2IHi0V0^9tG}kV#yzmFA9Cl=w
zakTbQ${XpOwD$i*vNnS%Z{RpHul2c1&@6u5bq$S+zOoLqumc7v@}Rus916zTb2OfR
zetxS(^T9{5*57*?`z7b-TsJ^@6R2`K#!l;f>%&>=J*Tn1Cx3KqA%KUx7xKCb?!(yG
z`kYsO2Eft(j1;L`dqYFa{jh;lqvyp`qllgDQZaVkH9<1|d<6G@$1cU?r^elTmjsvB
zH&9=tt)1XL-;9lq9;Wz@-GhLMgxB)}w`1%){<>GrWAu-Ou`(9MpQRc-ucR7k_CF8f
zEC%EB2ct0lF$s+B^eBw|zxB#%f1t|a)mfg_02-uF-gtIWbRXdWpBK0rV`r^I`P%WL
z_?(F*d;FbP>ig{e+g%xv+P~XHs*jxOKr0@kvhsC|oxN4b`>Yk?`-H#KK1=>9+9yh*
zeRAtS+y5J{Tu1mM=#_8qsq#{cor(HUN~3sR^)dE`&eB-&joC~;{?aQy<5T6@j)XYu
z-)TLsx7UF-7h|XECtjKRzA9hE@*MxP4m5(_qvz=F-?88M7(0uf_sR>uugYH_HZ}Xd
z7-Q!LYe5U2V)b(?vZD8#ouKu0Yu3^IaOwZxffq4$zPA=MFj#%w@@RYE6m373wGaOf
z9w2_n{-1m0HlHe|eumDjO@(rzuUpeVS$j3pS3i%}SNoY=ocqJ9^><82uCGdeN%d9O
zvcor0ebvHvQL`uKwYGIsUmgA^xxTt@9cY7ZdF2B?Q01Z{)F$CmD6RhHr8xz}-!SJr
z1AI?rM0M4Vs_5F=wH7o<fB{E3l$$>7Ib_B{La!#S!RPC&SQ)Ne7bC+zPc?dem1?Nz
zl$U<NWVmAV^UJVn9n&-Js0{yg<a`<KNux5{hp}@!+5IBH=Z6$eJ5SqbT{4Ehe!{o!
zdgX<Wt1{_Bn4VnbcG==(E_{U5rw>GBZo>$*?=D>n+J=2z`KcswR>bblx$7hBmkv;v
zW}Kujx&Gpn+a6ctZ+YY8to10Bv$JbK>tM2FtfjJa8^+E_Ye7?4&1sk#l>zT*Dg)nH
z%VcH*54?%7bNhQ<`G&_;*>izB2fTB->HqZpBqI_>v}_tkr8Z4#1}GJin2fw0FC(qh
zl<)6o&szU-eR3HQpQSPqa?!SEHI<Q97_IMIl$@r)wNyrCj3Xm2tpzQg<=&C?dn%~=
z{D-~rsHVzS0yv(?VKBduV28}7aIASSYyIrH<S;k?h{-jZUvWK!xr4#1Eldvc!wlw=
zhm*s+B?-(8N4@gACsaAKm-5!m_w8)$aRv_XlL807hy9a5-FJ2a3^;gjjPfWzd}X2o
zeyM;~Gza>_PB6kBQ`rCesf_i7FxA{U{`pfG>r*CPciOCv=qLYQf7;9uh5|EoL+tF6
z3TUu`o^!8!B4fS8LHY5IX|8}-Pw5GQi^;T(5y~A=IZ%WO$*5fj{btSlg)~3F@==I?
zna%1vg+G-H0?P&w6dR)FTf7pjdz6nPBZZxL8LB?NW_W%Ltp`0YN^x$*E!Qfbg_kF<
zqkY9%(2mcBU<7_Nc|=7NZeVaXT|?n6xrV|`Y(5L_2@IY>5suEN0>y;WM)#Jj=Ql1m
zzef4VDhg|70<2|(KDEhVMFiHl5InXMd={QmC#8+#q_IYDg7T;W+F7S$grw2A;Dqv%
zpT>_(`r4|P=NeuLSJHDk$;SIY0j)cgJK9+Z%4j3f$(UxXDl~cISQ_1*Fy-~Tl=oXD
zGnd%BUm<qAuz2@$JLe1Mf|2W{_2B(mGR#=ZlPwwR-zC0&u4DjT{q|WN0!17Qh#akL
zC~lW@^ZuDu;^){$He`WP%?l$NUF=L%=H#xaNHSvcZz|KkH(n0<PZfG*1CEmQYHGlJ
z82jB5p#KaHfq{hln=pXlO(S!5nzaOv^HT!^x0kY9&>t$GS?`O@ec!2pZz%L$3-eyH
zB=;yk#^~csmyC{F8c%%$fl@l=dYs_#N(4#=NAr_9I50Z0B%}P^l2LPR>0qRqV^1~n
z0e`c`q~q0U4k(m=^G7xapm^I@z88bd4WOLhrv$#h?vS3ZfYy^m^M7OSh&JzRiGeEv
zfs(_%*+Ay{88GV%W}U%Ykrd{<z*7w7o=i}B8O*Jzp!5=$)4;f{27K#};QsqDb`m<5
z%>t!q!sM>+nK5LlhY0?pVO(MHRspE{rhvNdF$4~OW`{h<ugWgs^Iw(~siWY$lGahk
zbxFn@i=bb+iR#Z>1+<g7lF_p$KKI<sYAIwZp#6C<J<Ij*2=>SEhYgf>@;c-lepM#;
zeKHLOww}YzUS=~mkz`D|S~7;%xU&~Rzj^~5_rw}Hu6rRF*J<9RV~tDn^|3Xey|a+!
z`+aK!`;+AhpIrmmslpEVo~Km#6&?mQpTo|Ei5>EK1`pxalXooC-{xT8&U4s#cR`0d
z=_ysVGyXkH#)yR<!NA6I*!fO&hkOrvMqqp!VBj0)u=CWE4td^Fs!X2c{|+b3r+#M*
zU9;Ao!_HW{@bxt@cH!%(M$dnx8tMXS`<xq#Z~JO&+c#2;o<F1-J*;ifIqXba6W=-J
zmDfL^%Ja`r`*Q8CKEHjbuVMCOX4Jl1GJL*$8Oo>j<zL6J^VA5nA1(oKn09UG^N-tQ
zjVngSElD!2noGz1Xbd}FJwk1O@$B30tU2FqI6j7*y?Z7kwPj1Lj<;odUS|HI65~HU
zLHYJ}`TV};9-?^o%NTZgcO@Ugn{Y36(JOQeVRdwj{XROzSCWiz>SM3``WSW+JLZQn
z%WqGoYcj#vZ)KW~AD8#|8aDGDXRQHkbPPL-K$Rb1-%9rAw>y%2yZ?3i?Tj^`InH4x
zfkk4q#22x@1h!MqA>Z?)D!=k~Jg{vHI|V)~nnQUhwJV71A1i_Wo`rONCuPt=rSUnG
zZk9uNLI$nBgu?diL&@#Ja|!r4#dXL}J*mn>FWxs6FCTZG^vX{?LEqhx_zrvJ^-rqu
ztz*=O7?P<EaXI__KKp$w`;L6`>M5_hgZ0-K^Sr_E%I~u0Um3&Bn;1@uW<dY0RLPj+
zk&LHiK>uV=e?Zz0UN^>~XJtsAr%rhzXK~0g(x2b(ntjHdcl{r%d~gms|GJv4rPh6K
zP1PA@-O`6nV!t{a%74Y)6Wbzouk%bh=W_ulFUX*cHoEj<X_E2&K3CAJ=fvj*4)9X~
z2l;})hXQEf3@ATIeC2~QM|f`~Xa)~~*H)W3lLJF`$uKgYToCCU{X~zO=MFQWe2ASX
zHt$!f%2;o`Kfq589ONg{^OG4+zW;4Hwl0EZjq_?H#oxcL2CXOq2A<4-^3AL1Gc^<X
z!%6me?;$up35I7iXrT<62OLha&-*RLKclC?z^73#_B`QPVmBqRTQ<n!pX<9$9zS<^
zjXeI@o8>ZSk^SY0jL81-_H>%FfOk&!eOAu%`qgwE&e9Hf-qWi5i?fs;8)kOM>z`KT
zSI=T6^|hUmb8z8wYI{FDjQtH??2w;&T9y0Qcm6MR$UB}^Wu5(g_394!-KSOg-`Vd|
zvpeKTTUB}cS?nB&`0>%c-6HL~Z5aDc&FPTWZ&l?d&tm7?$`1LSt*ZPu>&H32Lw;(j
zDnEACs&P+kjxDRHZX)Ze`b#{}5VJPF@@qUm?-GyN3iqt0`=F$K=vR2)Ze|Ot+ldG6
zA!DruO%<R&wx6?O*g28#t^oa3`%`1s`N?X~?1b0$vis||PKd+}O8!XW22HD3-Sjp*
zaL+mHJa;W<p?$P{=&5M?U4NqOzslN&zKaJQI)|OFUeO`n^Rz0jK8u|V6&>=tt*X58
zY<y02&1!ZQ`dvI==_+DB9=sMbDTSV)kLWM1Lw=p<W>XKQb;zSk56(Lq)h*=NT%kk$
z*t%c)61wITJ86vU-D^R6)jA(FjlOf`(|3EX1??4#o&I#%_X}gRUF}rb4&~8yzr7Z;
z_mbq{)$W@RJyTQ{f2OD?hpnlr$3Ig<WZ61Xba*KFe$;)dK^uIqQwEvFkJ`UskDR0W
zTl<C26n%JY{Fx%}we(Dp>%q>*nW9||I^WhzI^V8qK_l;zoule~BWBJk;^(Z|>6|M*
zW6tF<bN=Z#bFLzDeyCIKsi*xN{Hi^2j_R3<n6sWR=Xz_-4@Ku(l1b;h-$v)WlFa!b
zI_G5foF$(95ny4^i=cd0KBY^TM}hr37dXHR0m9FO&x;TYZ2v*0JpDygzSp$NX`7E%
z(f85>=y!j}?kC+GBa<2QToBP0MH$hvy`o6{@eOu*ht*vB=fA^>@I&k!R$D&A{=|ES
zz(#z^Nr82?c)ef5$KO%q=4oDh((`}Uj=!e-=348l`1yBLk>~$;ZTx*#`_IxE7_VLn
z+WVO5$^L8U{aX2F@W6QM)AQGY)-#{&Z!BZ6;3qrfg)ge|#CGg2h`BrI35JI!NAbX6
zjGbS&mg?)G<9I-=q<z%X(mpn5v=7{d{eu`g2OsN{5A><BG>^99m(q5p+UR~_9;ouG
z33VBs<v_dP+VStI2+g5<`RpRv7s9H1095%vTap?nN$w&D&!&3-2XevJ#eo*iQiHFp
zGHdqGdzjMI;4fCOIdae+PE&)gGQI?k-T|LW=!Bp@pWXMKtoHvgq1DWZBJ-Rr()&8^
z5b1rLFN>{mGTUJBwd30q*L()w%q8%Ak>dE^e0${X;WnhoKWw9V;T`iFB)508(Wakl
zNY!I=70ej$k@QHNVzVCQ3^2+C$>^Q{N2eFVz+fdPvoj>)*c32|giuwuy?sHxdB=Eu
z;0TJpN4#PcXg#xG;KU4S^WMA)v`{gP51H%ia}(AR-rBK>o(marb{9Ces|8RzIydfK
zg$z)fnNUuAm}RR#lUN_SwoqLwqWJUq_6*6WL%`x(jzA8Xdl8NKB*WYAD(Z(SZ4)9j
zY=lA@_lVnDETlf?(1ZlJ&j7PPOuwRZyJ{6^?yTtipoPvaKw$oi@prERE%q)blMV;c
z*AsiNr-;=c<MRUjA5a-Q&gaJOFK2+VE+aWl{A?Ai1u*sR$!h@+*jzvDlzT3reA8Y=
z*OJ#km9yI7*Ps1YP*{Gn3bbz^dPaZiD$p8^;fkj3Qd&TT%Rn){@6ZgYtB=$Dw|*;D
zuKy+7)YZi~pgcK2GEQbgzuz7ouf0$m+0EwMoMvsw1AJ~^@(0*|EFq>_B!F_9cLwed
z&c83q#Phr9>tEx9kqta3ORZYQtK#b_6d$Gja3jOzz)H}<NAQ5_g--crY!7PvD$w$e
z<AGOR?3Diubbp_~C^Oz_`ZFCTWMi>E!nbcx901D)-n}<HdOzte?9uy4e@<y4uLRBY
zN~bJkQ(DcKMxReds{G?ts!QYc$_nW{?*!&At)g{skDbB;>t61ZPk<^PPlthTMD8=m
z3;gK-_V+l?&+RT=6@M1xcx>&HsqFr*Rb~xO$F50aZR7%ilfqB$<G(X<AO9)y{*Amq
z?n<UBi0;070?S#=3!EajodSkCpT@l2Nrk-x#=)O-%EZ3;KHD#O0#rG_w^RONq*g?3
z;PCsD{%;<^1HZ-C*{XM%_a?WqZw5e>=L9<C;+S>q_LXcua6hZxuruAXdycLE4G_)6
zs%6j2ea%#AbA7TRdF_q2R}x#D(Ptv1Piug}@g#tQ@Wzubbjr#2`L`=Ub8~DhonU8o
z?a><ESF~dP%LnnmcL5xCPmqke|AzbTOt5WYb8M2?96w!2_uQy$lNVU={`t0z>woB-
zia%Zn+TYJ%r={!3+@4#(?rA0VSW}c{ohw=GZ+4gQsZ`i&2XK@)O!+rvzw6SEUC-;J
z?GvnzZaY0UXy*Ie6z%J7($@?ydU)u!@)>9T9xL0~UHV^GWvBU!J83PdgS;bf^9R@;
z7DwkEyS_&M`Z?@;`I%0+0>E)*1*;qK-*}+)rB2g6aG#=lS;JHOUJc;b@JgpV6JzJG
zo=&+IXinYio=&+0=>5pz0F}$3Trg?}=(^ersysXc>AgQ=zn9q~wWeI`*-a}z%LQ;)
zwRv~_jPg;*%k=$5R-4!RAM|%!tv#+bFJjM?6`-wowo_J*QrK@C6C?L9P6t)~ca_S1
zq(1M@(i7_QIs#U{-pPg~`e@_gNZ#I;R)TiN_D*^DLT4>)^d3i1pl2<2AyDk2;%A<-
z4D-UCWak-UpM7NoIE2YkaEKS`;Q{IK&vTwKS>N^VV?VLUh)n-3;jHBLGtsk>hgT#&
zE1B%h$D$$1D>Szsf`ms(0D`@s%C!JN_WUR~y0?D30vy!<M~fZZTP1-0lPjoSGqeI6
z<ac-lILy1@0Qyg`|IfcShzp!xXP^Nj!>lQRU_>xl-b8ubTSJ`L53O0l?iK9dBm*IF
zPl!WZzhb(HJQI+(XBQ`QS+(XO&r*dhf|Do7S_m}9p1}Dl)~|aE4<tLYmfZJ4fej!T
z9UvLiAdWy9Sp!l6$9dj7pFrfD%)!k`h8@A4=?Lv<MBK>X6i`M@cqT>WX6}dblLEaf
z=$ZErz(5&;&2K$Rp)s{#HfP{bSL+J8Mh&z12|S(OuGnX3LKm?KM%i-$kBDGTfRl_?
zPBIoEw5J+zBafWHN?QyLH?r?*5$&@m=1#0w-;Chv^f+}f$@~c|hwmtyB_P;C*8N-A
zIk!ABKZ(*@G+N#)L~yh?uY0STgMOkzdJwfYE!qiiK0SpL3Y!{%FVX);fu$=z3yt9c
zBMFQrc|H(#ZW1J;1SF#ngpvI`t#P=UW3{+=P-6K}1?XR}!aV;!P{L?+#R@aVVe+OP
z19uZ!r(&OZ89nrvx$L5~6^+<&5eLc!j_{aZ))L_m+B0PZXaomjoF0zen>EY}ff6J{
z`tCK~C&x=79;At^=KuR}8^DA<fXqICj6Q($J^*_kfY=8h^Z}&x0i^bUn$ia<-v=t!
z2P*0V75V_wDuTnF30(^Syz=mJ^L|<b(%AVUE<+b4O1`GAg8}fAyni`p?j>NjZP4#-
z6LsNBlCNnQ7|^52|A)N$E*NSGd6%sV;P5qdf&qdmze(Qx8(k{}K)xo<p~JPR{Co2J
zMKFkN5Wwzh;_`LU{<q}$&%r3-So=1o4qsB`LGt_!Fx-edPxUpmP1d1Em488=zipk*
zOz|~wQ*?quvbNH*eh?&U%k#@Y<71w^_8{o5*=dcuo=0m(iLQHQIcRrIPw`pr+~1W9
z^8AO(LA&cfijUx1<)F{~Z}j<-r2P%HX!{rG^Y4@PuiJdx4}#uJp8uRa?<DOPrbgSp
zL7#6S?Vm}Fwtt&Ge{eZH?`5@5<cs=R&=Ps0h~@H`buT8=oAbJ5IcQejvGcttalX&2
z)~);B1PS??9tC3wfJXF%%2AlUG7c`*jDw36<KSZHIJj`dz)JAY^j9k15&}hZ!QSS-
zf&r^rbkcUta?p;S!{%Px?B%r9{+-XH`pCPhV)`Mly15B`ZZ5OW&1Lktx%56aXYX@!
zVxOB6`rKSvpPNhVb91&nH<!}q=J-B0$Mv~6)aT})FA?vjmVy==2U6J`yaGr;Asbc~
zE(T960;L0srmfTo(KEObDtz0WO6QtN=u2R0Lw)Wx=yP*wRcuViYIn9CG`C$c)N^=%
z%yIux(5!PMDv^gPB%=wzzy<{UO^DvBBd9jL1h_6#4u+7Drd#Jm{(C8CpDYFK{iWyg
z&M}@3h($|vv)&A=8C;44bG@m!x@{|seF~;sey|=i?=?gh=5=|m0fW`m*mu`BI?RGs
zV(^wA7$`>2UlIc^fz^WZPfI~NxD>Q^6L5XZTmvA$mlInYnfYEX)tmQ08|oa%c)p&-
zX~NF#f>>Ny<A;HczYAbs5TGA<Z4un;Wq5fn2EXPR@jpqyUVsYpCkR??NxP4d;1Dun
zbhDb#2WomBsP;Zk#XeAlK2X#8KqWfaHm+VK`uL%G(5S5PqdhjJliO0LPM!{i1mBnM
zC-eRy7+~t%RJ|6yFPrPvEUJ6&B=3oiwsdcssKcLB`CH`qbzn#w^qYDf3aFkJRQYD|
zZlk4V$v2s%p4~v6e<xPYW|?}nBtg%vu1~IKi9fDBy4ch^we?ZiG@nnXGoLR!?>W_9
z3+kzy5Pd_RuP~p_iD~bCbfx+1>Uyd(TOI_xC5g`LOhPls9-}iKtugy4OoWBOKDj<Y
zmonIM>p{EobuOyUrZ11`(jMe%x&e&J1YMds&b%OTj7L|F_Sz+b;MM&d$!K~oK_@;K
z)rm)!MRnrG%cxEy&qtPl7J=;#bo>vOS^6iV&)t^Z=Wet2x!c4(cbm}XZcFQPx25*E
z+iZRAwv;}18{g+{<ND%tRXlF15@fX}Ek-Y9!s^1w;1N<mse6a|hU4kQ&@!g)QefZ<
zWX|mQ&zF()%B6R6f_cC3ojeRo1#mP?kPK}h_{ejW1I5Dci_1V$QzZj1?tgw6t>;Ag
z3LzMn5Yz9E*?8pt?d1On65;a!8-U|ZyJXx6G~Z+EGSFIPS?fvc`ViGKsfoH-NTQno
z=}6#oei9fh5Y>5TDQJ$Rpos~1q&6=E#GZw^fF#2{Q8FYXbWKOXo<?wtybhqWETeqi
z^xQ(d1c4y{I1ccRz`e^rYbs#1Uy-9rM3#O&UpGn&-t%-bfp=mQ&J#;O6UaQ5B<f}^
zz)y_o<<-lGF3uhKOkFI*=wbmybn)pWpk*!vjZ4(U_b^?2PgEC^cKHeIssTJhY25|F
z{n2*Lm^MJ>C&21DQ02m6@RWS1qd-ujZIks^($jsNuqAnaabtR;Z6?L?1DWH)(RWjp
zf);zfJ;q?(E8fFFKjE>$FA>|D>jOZ20MJKtssIoSw}%#(cl>?<3{cw_M1GU@4z&si
z5VY1{D?VT!XDoG`v1%`Jti*8$-7wGXJ$oCck9VhfWS$eC{{*{VeU$li#IJ7zI7;x?
z0&sLVt-GKRcr!;<K%%`Q6Xv`uKtCW={$(9#65Go-kp@9GCyfEXSRwBm0Ra@UZoOPb
zW2bIA^xw~=_|EXTfi$8sYQT5zCeSC<fbR@11jsi%sh~{eB_k+8e?gjLY&G*mCI?=v
z18u)~NABdnO<<nKFAwttftMoB3j%Hc&7DS`PY(3f(Hta5lZ<dG^#8aHw9`BUf~nBI
zH5K|>_^Bi4ELQI4bN3A0Q8=rc7e;<(1LcV`EpK-7aCCcq_tux$e&S<w)Mven`K&E<
zW_{28DKNEbD&%#Mx&0nvCz-zk)O}<gu2HPynt9&pK0@2S%>pCDaeW~U^@TX-YX()`
z%~9G8XGzBH%fJY=QQDfnN&9@Y>a9P3zH0&)LupcQ*L2ELmjF1XfVyuo%j<m$V1VHB
z`%6H3dI@M-mVmZ>360^dtOKoun_~LG?ySbqJJYC+t*ryifvJyw2b*V29ccFg#kW)k
z+I>K4xm49zHFeIv<NfSy3nO<(Rj0twku*>QKwV^h1SWe5_!^NgGL#BRn70SW|F5Ug
zx^ZQ=dQQDKC8q`PW?lT{*^pBYs#&kFK67f$^6Y6jD@4fY9^^eQpzeZ?oZSU|cU`ik
zrIq*0M2{3K%Y>Ze=;4C&6eu6z)649T-bMQN@}RVc;AuaLm2cT#Z&nKUK0;FEf7l9g
z3OUZx%7OC8Hw$KeVguh{J~QwK8yrO#o8N2zP+l8Dp5D_~Y00#H7kWxgV>1TRl1=O0
zz2=fUZ3b3SVrr0Cb<;kNKJoq&`ec?V=kc|}tns82B9kak%+5{`Uih%qk`+hb35@+c
z9FY}A;D2gClNfwtZH--5do8<?!P9gZ81A+xe8kRm=c`rj)cAOpwXdDK1hlE2Lmxpp
z^pEm<;Gk&_rUj1kseu!`EpVDo2^eOKkm{!mh~|C26q%DV;KtYw0<BlmTTAy3)HLY7
z7g3&mt~RPe){^<#sIK@?E!7p04f?mj=$tS=DX^`U>Wk}Iq{nHVM?s(#V}DT!l-H)g
z)j~yg0X!f*et#`!#P>YI1It@12s}^=TFa&{&m;IGvQA~5>mxc~7pU?s4uS-C1cyZC
zcU=ZX<afSWwQCj_?|caQUk)Mt&$6xb%~_Q8B7lR){M|t3-cTErSEcsiWOV0Z(0;cV
zwDInPvFK1_+Kn_eYt`*N5y5+YU`+&<`2h}Ne>jEUGC#1amc@lrp#K!3QEd#3PMyPk
ztENzOt+^LC@ExFi&R}zJP?<9I=4-Qv>~MWO9O~=gpl=9Nxi^L%doKf{Cx#z;N&9@Y
z>XkOo`&aU%lqZwlVWKVmeCx4*{;~CV%fA5Mr<O+X{oJ`IzCT`iKE4kxjpBP-48Dmk
zAB*qbF1;|mOVGa#-^)KIzH9$Md@ms5)DV5c>!)u{(Uaw{V2sQ=RHba_KgHVuqo#i0
z1E(+22I|d%IS^9i`<H@Nltb;G*@)UicP|A^%Ak21qq$L=i1?1=cOIzwPB|gi$WM;g
zNE??@eHF4p|0tK@JH|T$$J4+(Cug2-A>-I!paH;fJuex5Nr(Qgrb)&x&0O6nf!iW9
zpAxv_9QK1qXg)R29C<!9FzFojOQwFD5^ygCjp!^XO)@}${;w_t?JN(0`2zG$6`;R`
zn>6C$K)Hu=n)Xp4FN`ct1LZiM7sxx)@@65kk>;Mk1H>l!GU26E=+A{oU6UZMi_GN&
z?+6@ElZ>W?;M;sV=+~M4i4Y+3-fv)q;KRvmqz-P9FIHb#_R?FIf&SJyq`xzr(+}lJ
z!6By<d}DfQX}EoG!H`ojc17$a_M6#FgePXQJ^#xA98=l(Cu);Lf7{sq1QrWk^KO@=
zpyeT&+e6yCv<S36ECMaK2(;H1fi_CkG%j}p5Gd{mjiYxmKlallpedO8{--c@TDto1
z63{jSrPc5f(C#<?pBngZiKVyW_gzolyhuNLTTNvD^}Kiq^XuK5WHi}nETV`5MQlZT
zo9$raq3d?Q-uujW#P64Y_SyvS^botn4j#h8ucfm4YFM1&*GuTVSfu^n640#J4e`Ut
zvtKSDe*Z$#?=R*+vHbB@mW=0*$Hyg_@}uzqf-@^V@Z6GUeBjw7G(K==j%1XN;ekUK
zJ2x)^ZOfvl{}x8jU!4M;db3unWQZB6TvDWO69vhzx1zn~8RPcOt(JdBb6n~F_s90b
z{9Y00o>7?Z*c#hzyu13%{rMgCXzm-+BgBs){!`loq6<<2CwbnC7Yt3Kd-2r(NApnY
zR>DujKBqF77nnVU{bAE*$qQ^IxJaXV<4I<R+`EM8_qQLk?2!DxW#k(hl<!K7+9B61
z0gc!%ry_Ppe&Bk-qZ{YU!}B4Cr+`7^V`yi}D3O)$&h`aiUacBR2c!8J$&5D_*-ZZN
z5&j`Ct4qYM0)nx;{{cNe6AVW&1jFBR^$o9)g5qKbB3JtYaJ4N6^P#HYbjc8}1Or;P
zEFk>YZ0*sFEq=3k?Gtj{+JW2Q0dYzS%c&`0d~f9<l)h+><RY}DfHK}a!Gzxr-BCEJ
z#M~RTkK96dK6Wn@pnt{^8vi7E$wBafpnu~tlHMG%msp3yJz|R3)%*<TZVrssS$-C`
zgyxF9i?K6h5ono<Ks(CTlVo|2O}!Q`OdG{5oNnH6ZPpp2@uH?IniCL9|CAW|zkJrx
z)p>z4i|LsIb6-_Z<qsBv7D}VJGPoLoLsKMUh_{V~(?eBZe#?3ElXy^ebI50JMZS%U
zhCTBb4c`M@d=Kf4QV523?p(0H{nranYx@Ei{CxDA2H?054O9gEuP>(i(HFw|TPEI7
zAVAumBWp>1VEba4*WA6>;*qb>^DjS&@(A(4Vs)maC!enY?V-=0*U;7r(2GBxUQaEK
z(ral9y&j9D*F;sm_aCAc7e_Dm%>Os^TK75WbxjPtDj2<HC(x_ou?y3yt_HNpi$P14
zFA@@&t{2(enM~i8F@4{N#E~Wel(PG!$Jg3muRTMR0}tA_*_$`+XcWP-->h@O1sX{o
zX`qnz8>a`hk?(e;f<pRwWxBZSjYnOhr}+H9@T1Zwy*q%m?VWDlR+bGudo~!e5%s~Q
z131WcJEn`<Aj>s6d`ID|+Jrof$)rsTeu-~=Zjre^X5MKe@=^Q_S?6D4@)>}q`3z(n
zeY&`<G+Q$Mo8djY2(<7R9!Qo~Vy^)$w+6Ix3qhMw1KR1Ef1!^yB0cdgn;tvGYq}kj
z6XW2uM5K6K$ME`wh1X2*44S#J6tC$5#Z@Q6tJlOiA87duoWDC=+-84_;Cxa9=OF;4
zq?qO>mal-)SX{q1UEEgmIdJ`K46aKPa4qmrTnoIJ-)rW5ka6CbE^Zs1uyFLR4A&1u
za2>s4XSC6!pT7AwCcfWZ2-@Ekf;O}ewA~9qJF;+moC{Y-#?UMplQH*WR4M2MC~q!X
zu9NwPOF(H}M`Xn@(nkK@Ck1sIR5T$dZ@O%`Ztek#aC9RAWeUs1-GV@qE{F1_HYqrC
z4p+ps%fwi*qtLyLwv?+S4(R_PTup4m>P$FF>?aXP_a1t{FP9?wGP@{MjyP3$8A@MP
zitJ_8Rd9Pz2`IGQF9huXjyiUCLo=vy^F9a)BA9z>P2ZBtJO7%#1%`WxWNdh*PA>#B
zGW|=nr=JB-szDejCU$b0sHXuq@(|i{fX@reSp-_s63GxzURTp|qAr*@PTS;lpvq2l
zn>>%uH?&2z@G|`pP`m(h$vn;bZ&<$SLIfHVQaqV?(pjL)M8ckp`=nr<2&=0_@J#1G
zX|ci4-T9yp-5}b$TT78tnUUw+`Y@6zANks(H67C?&3+*-Kc^ezZR+7b=|;{?Fb$Mt
zpvpx6jz$}JS}EQtciZR9?aG7x(#eohMtqIcc{x`+FmX+{3q0TOt-Y_61Lcr;4~8m>
zEO)CV6OPt7==g7>KDpK2ym8*1{3o}jH*cD^aoVKWoANHnY4PwLR{<!?E`^-3OY>*f
zxuon)Q03|h@TAY!U9bsFwtwSk={{nE&vZ$vThJoUP6W!#N@?|`2hf_9v1(5Z`Q6H`
z-t>TNP0L3Go}GjSd7MWD@*GyTJb*k0azHu6+sg!G?~2fn{QoU5s>hIL7l6_vONQMB
zzKt>%B7({<130S33eCKVk_S@P2nem-C`(4Y4SbtqFlrH03KLbiBoAg2-)rUr6W7=$
zs&d(tsk5!;&vQ^w`as5-(pFf#NtTRTY~Z^^2BR54WdVSrOq`O_h<MM26f=f<^hP@<
zGqWLw&|o>J@|OtzwMk}8>AFvF`5JSaoHd(Vu=*BRG9Iyk?^YR%E(De76IFTU;*8nN
zvSeJr#+iwrlKh^@U@l|7%h)_i5L7m;V>#^Wz}SSb^UBPrIj^<yW-NFkyN|dmds<H8
zAn)0q1qz|hVcuTWf-*)9rVx0i<$O_uoR&e}vj=q-lxBkY{if`Wf-4C>G~YV!i?)KC
zzah@E!3Ik6Hw$L>*}yl#i-B&GIf5`Yd4%vcp+z%L9=sW2C(*wMk>`b;-3*=$7(0m$
z=tWR|1L4zb@a)e3rR;%;YXTWiPT*V5+7O*{Gl0YVKNBiMGk-vphu_ELgx;bJe9bZ#
zg$Z~lWN~iFCz)LYo{by?1Ah={j`B00Hy1!KKc=14#{L$~!6E)Ic`m|{9}qbud`j99
zz0%A<aQIEy7qK-2P;;6JAV~C0QNlfEu{t<$tT%p7bB)P*8G%;>pEbtrKTuf67#j;9
zcqpb_1l~6&9D6W!mRh<lGe*~Cg6}uy&i`)XujzOH8PlgVZs{%x*X|_mntwxKdOgWI
z{dL;sFOq%tTl%gaW9RiQ8e5CcC4vA>0|VAe#)cc%ohU@EZ<37WuT#I*O@6mY!CgSl
zO(nY%hC}olqQ{?M`INt12pZ|reVt^GcOsxY2#H<p)C|3;ZLv=JpN`O;gH|nD1m#0%
zlF@vVWRxPItNA9nU*J892i$ECJivG(GPhr!&kOG*oc#kET~GI?MDu;rHq@uKL7&R0
zRl->**aT3~#F_im<%xUlO|x7?9?bK#P5`Y4<MO6QB|~%}U-P42018!+e&8Xgk9)+`
z*Y+stQ@;y+EwfOt=}9IVPnx!xX&V-b;6Y<pai4?WhlE}(&_vhydo%=A>mH-U02&BT
z-t^pRbM10ttTeqS8O^Uy`ba56PYY)IW!u4L+NT^S^+*bKVO(CHDH*qXM>2@+A$q=E
zl#ESiqVJa5>9ZToVWr+C1vha}(TE`U3C2!q?Mw%72;1r1I;PEwq+ln;<#wB7Y<iN|
zf$63$dK=TaAnsWxn8)N>vW2Q@vn7N0GsLfHV*5mOKc~D*e3YSd$!IDA!^@sErGn9P
zpJX&$#_R4JwaWeFP?g)RRweEk;r6t>XK$ONpT2prKH6BIpKO?-A73?9AKN@lAFE08
zjk2>P-YYC$Zt|$<yFI#Wv=?9?%uh0NAAU53{o!>`ezu1931_5WZxNJF-pTt4+IioU
z8#!M&sPbLx>_$;Y_+dCpt(v25G0)+~_R}?n{XGhlm++F&n*sw(yqU{US^b~9r#J-^
z(I!<^f5dqPc~C@As;nO4JR5jW>ewB6bvzj5JeWROsSWlvb7pPnN@6z*qj_^8YaY|{
z#MUayoSM^^u;!FzPs^zu<UPaA?t-!t558%x*F4Sdj)k{z4Eu{#L3squR`5uKzPu~g
z2~b{rDZRt%3&cKYa0SV4NtEtGDe*9uvj0mHV7DWwawE)}OW@A}a9De|vGCVtPR(ga
zfPWcVGY>ht3zo&ezxy;E*o(2V`Vk6e*)+&$wDF$9X`nQgf+r+`(pUi=RRrZNV($~&
zkv1alDMFw$cJLlIqHP2Yl+NjI6f~mzjXemIk1%$c^vUDQyUnjA-;>{nGuKx_uhPkd
zIn~=aPuTYP=bxEm{sNnS;(Q4{0$k_T$h-|4q1mTrv0rsjn(ZR%d<X9#GD+sRKZo&H
z9_MMz0i|vd-3zqlu|GS09viYjshdjHB=gR=qeJX|KNqO-yJxXqx+cmSrPCm%+Qxg9
z6ThGoJYgObVrvejvN21+<08*^FeE-ywLdFV1zYy7lz6qu#ED38V&3^p>_d^#qPm0k
zY`0_saUNGnJd8a6$~0>Zd0gBWtrLWmabqONjGjbh1ST`FGE#ct!8aRCoOeWUF7U3P
zupd`A8c;A5V`q0Rja{oe^pSN&Sc8J%jCH0iCU%zNS(}e*xB1{kn{Pkw2t0la`=Q*t
z&)*QYgHL=F3^h&a>&TT1G21-zPjiGCP*6An!S0q6{WU&s2h0yu37aLuTa!Af);zSp
z`aN_b7~!kbs@ylFprbv-Cp<10Vi!BdfI#7EQhYEY#fNT8@g3kDfgh6bzr@COA+!FS
zslT2U%(zjm2thS%VPD(M-z?x-+ZLd~)&(%AE(l*0sv5pgGQ>;4fY$Z}M4x{ffkXJI
zWQeb_@pw=swDUfKqmP|n^omfCw^=fTHLbzdIANqr1ZAj(_c=Y_Be04yQhfO}DL&!G
z6yMNKkY0x9o{QZk1v|5$q7XsQT3@6w99>^BB_sWAy1qPn4l8z1GM1r<zIvWM<IiE`
zQ;eNtjvqTEgY--0Dn3qRkIYZ%YfBGR4fC#`SOG!K)wTe+S{HyzU7+TMsyb#y=PCTe
zq|09MCtwJJ-8%?<$z0wb{#^^`cm#so>0pFVsA`ue8AEn3!kk)V{r1iTL(NsIV$YXs
zKZBM1?Jk|r;~<|On0pNSdrsqu0t61CiwiU1=q@I6t)R+h&R{>8hdMn*?l>qf<|U*0
z3GfsN(&-*MC}o$z>c(&Kp6&V2U-Dm|q(3Z}HqgTW6K}nD<2?_HnO!O>e4EJ3qdYjs
zdgKM@7w%@YD)0oI&~7Lb%7s@YLu~!pj%I*zaqw$9Is~XFY@N2FumMq?Y|q=#Ju^CQ
z@6Oawb>~A1B6wH>M)-2I>SB2E)Th|*o)XWK#EugY<HaeVDxGiGkw~lX<)NzKHIi{X
zvu(i^suHrJI5+FH^AObUruGA&t#_tm2s6PLV$UE~trCchJ3mwf>8dGH!sWakB(@Ea
z^@&kj=p4mGGY947c&&e3Ahb4)degyB`RI5hchbIvLh?LR<xQt!*4`OE=28wE7EU90
zWAZHA!Dw;^7$!{Q|IJ_s4fI|<p#cnG73GDF+<9|}pV3QTUgHXue2V81Im=~omdE7G
zd1H#N646+KB@dG?AP<RhA1@D$rabh1jOQkkg(f=~?ig9H<`ydpgJ<ZOcdHHxk%v1z
z#s09J@&n=fKV$6d{V6Cj+mrJ%u}cmufQsrdx;I%p44w@O*xJzw9<qLwnfFKT-a0e1
zW#3E)ecFi954q;kb*5+&C}iDfeE}3flqw7JIFI|wptx-mpTZG}&%AN;)?B2@P5_4m
zuZ3IZzW}!-hm+&B*A7O{Mc_78&rBnDJ&h|$7@zjGf5nWm*S#f1@142?DPx<zrXOGR
zRsCec_4;Vzb^7U>zoMVLZM}}$(@gt1cI~W7VsADlu{TRidrdUgP%>|#8-{MAdZHVH
z4xB329mRf?2cst)`UMGm-geLn?*~26K7I8x_J{0HPH5sN249{Fe3o7;8-&#}?=8sL
zWJ9Zo?YD6n<VdC0-Dk!TA3&5p2Eeny4ocValD;eteCC>gKnd6IzWscj$%hq3vEQ8*
z)wgviQJW#mfnv>9MW9&oM5et0zGh-45V=gJaiPw178l}KeB^)Wee4~4vGwL+&n6F^
z#EON-Z=S|}=_IbO&Uz4@P<hEXawJkOXJ0<3`@(#FVB`q)6FD6=|2hJHKVsH-k#ED;
zsqvE0nJyXKoPET78Syv8G9q^~L6tWazY&qSWhlLK(bLjt_Z6TFF1P$VN8pWXK<lZ6
za@TSi<1lLzT?3lB7RoIcEZtgLPumdPO8AKI5Yeqo^-SjyU7o8}4Vg6yLsfz(8Nw7W
zh;IJ_#!jNsn@XWv099U&z+uTi=`W))uss!-I6^@05VP8dzlgSJwb3>kIJ$>mwHXdZ
z+iXZd5nO+kOwG!U`To_I?>YLti~H>F<qU8T8?3DLYdhYU0_A0cU)#|+g|1OWt$$rm
zLe{8+HBqRJS)<sx*l-Rzi7s7+pd#HSRkpN(N033e0#y0o;yqih3~kwWC4@fhMwy4C
z)u80QDj7{}U)wP>7s_LGl)LS(3!2&*N4-0_QFUkQ0_%5VZHuu7h)+dyYNAc>=@IM?
z{U2<u0e9X2d&S2jV<Y$V(R9CL<k`)AhCL&^eUIzXylq7i^3lD^MUM~vo%@;o^wXaT
zSBl#NQRw16y8q29t^rMWOfs6euaDaOl2MB6drFG)wuzi&V~nq(iGC)0M)Wh$(*$<G
zg?z%}U~Fh>9KC`2`l!l<s?0j-497p_`Mrd0JW}PSCW97w3!D7b(l%|!-H6&1O=(aO
z(Z9Vh`u9_a@SY8U!=%SlC?DF%`Ht0aK8w!FvM8PHS@Cq98N<^Z{~qlZ9brBkis$L(
zA4l8l|CqMffM~t`2z<}R!1oceOVMZZ<n4AkPw!+3pT&2(O6a*E!gto%MdY`nG+urq
z@0jeaJ%^nZJiGrb3Xf};!n6GX@T8=henn*?@fB|c<=7Z@n!gd}8N3CE4^g>na$!#6
zcFv>zCssD_;ILrsy*x(eTpp?#T0>zL%INd|MBu1yowkG6U?Q{S-Vi0@5aW0I9kgbY
z{SGk7Qov{542HeIe74u#K;r>ru6c9n#3?z|WL=#_*VPn`_ABzPU^N1B9VPt_J0+tC
zg{n$L$q+>_0I5~t9W>S;-T{WVnf<>R46%XwzhVOz;wrO#RprJK8hfZD{de#l^(t!r
z6n_a6!A9*LcoQoR5MEu=8no`c78_hak%#j1nX;bom}Js#w<sCIY@UQSuWbF=j#~lB
zuN?f^jz_)$6`N4To=szm9zXnd?q@GN{q(0BOEb2Sbzx@l{L(UX$*85nOIiy@i(3C}
z0kMT~Js7w;#<yVhHL-mQZE&<VCLYm0iv2xT&~@5`{U~^fo%9a!ice^b=Wsn3>O0Wi
z%|YcMr)1P3x{lT%8lxd=Xc-S?{e^lP?A^qHv5A+ATaZ+F`09CciT=BvWBk(!9&Z^a
zWDc8(-`ILZXv@AUAoOVq$~Y7%1x09Z1&6)}<+1BeqF&%Y{Q=PpzDb~kU&iG`u8Dk$
zILhPt_o6&rybmsF9l_}=9x?!)L5{@|$^UCX5i_YR>|K)F77i^2B_dz#G4k~XCSRb+
zRY3R=Jl=_PjZa+PNk2VVpqM^nUes^eoy~m6>;%6lVNGhXpT8y%IrG}%{iaylj-F%j
zxgdC2SF$+=!Bf04I%h#jK4+;qI_J{+W7hxwqH`X+0KRJla2%Qf<&B8eloJ|IFd5xH
zk1w}7jrwv#k0;v6#Exrv9R?<(f`j;#roEp|ZT|y1Ip4t=&S$M1*X4nByk0UwubF;S
zW#L2MDb6tOFsK|#r{^|qUjUi_jxOP7<2>_yIw*<#zQ2?6eQ*#(`sK{JMe4pq`JjdW
z11dhWQ5{m0Pjv|Ke_RWrepJsVSed|q!=wx1JR4k~2$@o)Fu5?Na69KI`Xg3Sx#+&_
z;6$qXMu7UpmQMX=@JjTny)3F<U6;@?>QOZI+L}e<fX9gs-QWuD%DJ!%9|TqIae@{a
z!WDgIu``igM2F$olx`)zhJmR`=#~t>2YE-}a2{ykmnfYwKE{3tR2h97)o1V$^p~Wl
zvX_H<hpH*>H2)YXhU&pMUJb@^UI-N0z)_buHK)3j_iWFke%Wma@oPdSix%!@u@bQl
zj|fTEyxwENxUy)i)t|7sz>PL=v~=(u_Y_cC7;kK7$4a^=Rko0IxD6|}jnP;&Y13%&
zPn#LjGuP_kR;)aK4m&M>i|{a+$Bm3mz4;fXYv(vYQ@yyH*i#OSo!0(B>jb*L@EwTq
zD1o8)ig-SCzlW8tBDOcpa8y_bhP4)#FgvCeQ@lM5;CMuwlJgqkJ^LquvYhesg}(Qm
z5x&jp**WTx_|L+sc$`~tHq-XTpm#I>n%Lch4~Y$aF)_G&!ecEsE(SM@&bN;X&tPZi
z#lXdEf>^kSPA6~?y?(K99r+0R)%)V%D&=S$-w1EpDNi&c*&`}N_AYT%6wkzFYG!e%
zSf3@rKg?&j7}$1yg#A5t#lv<nK82eLRW;is<I2<6`3TDmK^dUj0;+t&#qh{Slt(NX
zwBA*WVW%lujE7w}V<kOPs@ycWFsEfZ=NY^SE03SWPE)olKEDYo_ROg5yZxJ3`QsRN
z*8N|k@!cO`zk5?W9(SV)<MA&Bc9ONHCnLJ{Y?uIwkWJSfHHa0W?-JX%GNWxEgq52B
z91mwtGtY@0c6Jv$eB!}3H=&HKO+4L~I_#7TF9M@Pr16wm5%!vQlOd_H3Fgf$Vf&b(
zWxoR`wJa_sG9D$*npj*+$exx{ILK3*;lzV)HX*^p?PskG#W8E|HyxlsYs~(v0iOK`
z6k^-fA-4aB#@~N5?F>Zi3@ygbsr{qy?PPK5U4NxI|9w6tzlz2Fw(!x|-}c+69JcV_
z5VNDYbP$0e<VAI9=mo5p`;Reg%(W<{jr1}$?Z_sev6>V(-xuk)2w&tQ=8N<}yq}zV
z8aw|X-vo;~#%VfU3I=XT)$x2VFiz3&RbUjXaRq@>W#?h+H+_x`G>$pcE}C&n@@^t|
zR}Dswo4w<O$UBj|n+-;&(fTem@{S|#E(at0b?A43Di76gk=W<ZLFBW$z?WW3zCk|G
z1-{{*B0Zn{p22?41YMNCCy;09U<~s%v+r2lV#%}hJF>6A_N01a_N3OG!2Zy6P+rDM
zhQ)`S0R7dEfCr_4@*?pq2Y~M72EpUPSTX&lAegxgrVa{%x&OY~7TNc!Y#ad3c8<Lt
z0Q0Oh(NDxSaC3C8zJ~*4gtwOwUyR!Id(Mk7hB;6k;lM%qb^thZ8;yIAzZ1z=+0?$+
zjzDSW*l$Gl`0aTy`Vc_b%$euR<VcK}<qm{c?f?+DTEWxH(VR%jH_V9f4F`)r2_P6~
z;-YZ~G8Q2Ao7rQrafqTqmUF>Dxw+5Yj6Aob(ESZ$qx&0WW3al>0FQvEPip#OpzceD
zz^CbOi0*T&0;T#T@C*VdcXQw{`x>U_w@h15q%m#Nj^{xkK2uW)C_}thMs!3;@vg0<
zp)LDLA@pe>5)Y|7D02vXhmq$6^4+b-BP{`?`YvSB?ke)`CGfa7P_E#>Vfg|?50u3C
z0xlG9V-fg@$hRLMPpAfz>J!ML)`0RV2j#@Z6_8X}SPEv&%+PH5yEYBV!!?}mU^|M$
z?%&Unj1Tzyz-=Sg?_Lb$;TcQx@O&^3f<4)lpv?zx3|%f6!&lKYsV5B-vyT}ueeja;
zLAqpoeFXcZ8YmB6E*asgz!*xG46_z6X@4-LeVSx^kSiJT2=<3u6yBkwV2lS_?Fja(
z5|op949y24{OnRayp+N?G!L}!Y{?)n5Apc{!necE*6DV0uR<I-2ozqcPx}b=7hMD8
z#6}lw;2T~8hL~cmpOxWi$sqj><<h%UNdJGD2O8;5$O9jl|IUQ|P9DPkp83)BWtfZZ
zeW)n9_p#j;zuz&uhQ?A3tx3LL@p<2mI3=>i(mXkobWg)vhutVt)f}Vy3vF=JdjLmb
zL^F?LKODdn0TkVnB7GN+;r~_mFZ6yl#?HjOEjUi|Ga|a?Qdr&iHSm=1p!~i!ZK72N
z_l0{m-ec9lb>>h#Tzx5cYWZdN*=K=5=GV+@fo23o-8goDSV--Fxro|HVPLVq%cHSC
zqN6KN)NgcM7VkF>UP|wYOpML_{uuW6ltTGj9?FNGT@uf4L?*H%;{cx@xb6`47nQ`=
zGdA9nkw){0LOC>_sCYVqhsb{pC`0oZug?c#Dv`%$7wJSk34c!_{5_*Kemo+pX_9du
zS2C_4{QZUa@gB~m;}uP!<88krI$o<2l%b_;yrp2&QQOp{uX%2P2cw#g+QwFn6Ck>F
z3d~-d3#wdu6c0Rvv6J99luLE4$%|7!8RmsR*)(aMxfT?}uLZ>gphWm+KI5bL<M7$%
zc>iqx$H>gZ@%x~r9+Zp&>5_4582hCu|J*(((X-}wSB(SDzxX{_tBGAx!gNPTg6<%G
zVl4l}(bIN5Jqg|Rvz#(Q(;HcyT3C#sUuFXRG7{*Q5ktSF4Bn;V%;$5yC$PE`;B+Ik
zsxsz0#D1RI>s7>#W^zsZg$-%(vQ$iPGaj$U;D(G9o*=9wI6^2?RkS4><#(o+hu*^j
zZ^XoITs-v;rY68Zo?nc7NeOe562@zK8xOpAE_r;y%5x>(m;4zI{P-N*3og-dMF}qj
z8+l>Vo?fibTt2R^ms90l-m!!DLFyFhlX>T}*h>5NXl#Y7tM!sW^m-{0_IQ7iqL-NG
z7xQ*B5Wl4X1<Cq5br}0CpMk9FlgMx8I}p3VF^v6dV)o#}^^%cgwh?u_1`N_idO{y*
z34Kf*#ZJqQ8+stQA6N3=g=2U7akQV_&B^=m-cMs(ALGx)b?myf>{IM_r^n|Mdu`+F
zMWjH44&HI-V9K{heHTIxlNQyIp*@?TUrfy5x?${Bx%iwjH8)g6cv$`3!oIf0YWlcG
zP#-)5edb=$DHdx$bbZ{wMc2ok(^$!kp<fTr?`=Lr^CK=l#r7vGdpBm?43A>P2Gmw2
z{xspo+EH8)*(;Tk<G**+h3OdP9f1djh_5LbPn^QeYv<7WrU)(meiZwQj-HF7#TO>m
z{lClKK7$9|!`K<VJXA&eO=8Cq-*bNr?>jJq#y@^G0W@_a2Ie4m_NQJPyjI@tOmRxi
za!}<fGpFW!3sm{4>}ff8koSDz>@N7^#Dj0X*2;T+j~?4f=F){8*;<Vz-(H8hwpy{T
zr10fZ_&N!EAD)Zkt62O?Xi50j)EiUi-oSYLJN#^IY47Ewr9XyfOs1of(mFN<KU7KO
zFDd;m=XFB=>{Hlj(R<TT>~}lh|M&DhP{W%(l?Asx0kob8P@bqu<{riVaOU~*DNYCF
zE_Sa*Tz)!x?@IZ<o1ZV9jppau2@THR3Ky|e6XyMX4e$G)Jv#5{EY7zn3$&ip^XGr+
z2(8}{JO4yIYQ;e$8z?8LCFA65$%yFG&%u*V{3XTAzuT1x16RlJrMHykVkYhn?PAYA
zQ#VyhM#JB+pR8kR|Bn4Pous<e@;zEnjPG$8E5c{&Srr-4J*%NFB!{WwGAcuV!BLrb
z?g;ivyJPgpr7U-}mBtq?HkSIYmW_@xc;Fp&mSuk$DEAS5SGUCRv=x7nSo}$4XIDzN
zNDQc;5joBCD_@K`BT<Y%ne!RvSJbqBY~G(&MwanW8R>{Q!{Q=*J&G&dKY^X*9Ipn?
zBW!LVE@rMG??I{2GcDU~^h^tZqbvi;8%yaqpvz<C+L~~F#MFJ`oN*~Ug8l9t=gvFh
zl957v#2y<v<03@QxF8!ne`3W`Eg!H5oqx_{Zj2o5N)eLgGw!m*>-gWDpgyB@HfDd!
z*_hTOXJZOu=-$fC#t_;P8=Cn0#hFnXn&4oW4fbwibbSNG<RY;+zsUC6HW59OK-210
z-qVaaw?^`Nc}Jjr3_Ec<zxV8If`0mDQ6Fuz>n9u1_2a8D^s&vE`dAI`vuYWb_key|
zU}y0PMg?#MhlqZAh31clJk1~3osf4wG!u+)ZuIP6^Jp4fD|16tLo?~w!Cv-kyt9Kr
zmS@ni4h6|G(q_o4>7rIO-Ol{3+renQkDc+p4~&iLSf0>2FgC5Ec|upD(LABWgtoFP
zSaKTAy|<0`4e`iV-~r!VZ7II*Oi%IMy)eah&kZTQ`7wF;%|8HR3W8ubZDHSmDWR(2
zJEZe-#nVGo!&9QU;!V%dT=C}TXs&pZjDp^icrI>9(ed>V#52Jt;zLy>>5@^K4u-_5
zRn~87e!c9@nrI$=KCAtd7dXf}1HKRGI!oHUjj_|(&n7&voawelV$QbT!gO2WUfL}v
zqwAKHV5E!S+jKh^Gs)lkz^E4~4!e+4xe4aYy^`tBTVuvq!N$2YW}I8uIGeJknP=oj
zoZSVto_O%hO>MmIVU%f(WuCXb9gGt4_dYOcGhuJjIxxKdqCGn=61tjJQop-NjGkjP
zagS5X`z+16Jv$#-VAk>3nL0{%py>ya(cBsJOKx14;&V?=@ol()_$7IP@(;0J;wa7u
zZ|EEtjtlXIRnI5pY*uXj{@!+W|MyxUnp1{A8QZ)<KfY?YezKunA8lNwpT4<HKYLrP
zj@x-N&%b6iXm}^L_hf^hA73TvW1H>zSUVRdw@tDTsfR@5wwLYKHLr68MFbV)raZI;
ziTsdp3I52t-8LxSR3_`UJSrJP?#TOL#+S{n(7n4WdAfJ^5f{IAmnir8yXVXO(7Q2m
z-^Tlh%v*MdsRQh4)g6R~F0==j9;zbrv-SY-Y<k`=%yWIs)1&A7?s~@NyP?hIbKhVy
z<LFO+fc+|BbleWU=2yTVG#s8CJ?GcNxq>46M@}IUH*IJ2Xe^p7H)AA_-Nd1wSwmnQ
z3Yzoya;R$KeUfpA;cDaUG`Do)?O>4S%VKntsngeiv2mqj)FY{K1kIb%oS@eUzc<J5
zyLEP>Il-^5Lt<C+%4nX%zlz`Q`2hRfqxhfZcdKU9a8;DY2hEyM%k<-`>hzNhwL0EO
zYeqdX>%x59J3of6`#;}0RQl`l`LXHOpS=#rY#nOmTtOY6ywnD(n>iE|w!_}0SHNhA
zp?{pL+|FYBY>hJizYmP&b<9><2S)QsmiPNFuv1Hs{eOiIPQGuR{rQ*ifqrG8t~;L(
zELl5-u~RU4g5NvZn695}$k30k%GAd;PteEOqjt(atKW2f>SzzYZNUZgTS83){iU??
zY9b81bYcDW^hM~m9{w*2dik%8TKbLf8E#26a}GW@i2dQKz>p?dxe7EN!LpNj*?fqd
zWX6VXr@U?ce;*jE{)@Tp{%`Og^@(#$-(l8A*e|6+`6N)~p&OAeuNZv!F7Vym#``z`
z$D}k^-L&%aoe|qFf-*95N&Mc(jmT%+mHNU#c1CRFKd?8llEw1pvRM9H7VBThY|j6!
z_n%Fxql8x5%`;*Yum61*`-@`Eh?%wAuab<L57PMN*yfe`@l`AIlMT!D(Z+fm@1(Xv
zm<v@MvP;IH8Zg3zYSmK$lvkfXo?SMYS1`OYbz-vnW9ZrneS|Mf8<qd+sA;bj(mTM1
zY9wRmaxjLjl8o+^;Hl$Oxiqh%V3_#-X<*!WL0#hr{N>>Jv0oxvfYhq+_oTi9kGbMv
zzrV#aKB2PMZ*ffQS3QlD%((lLz<20<><{8-+&3|15gx@#?@MWBY*+t}G}F%`b16gK
zt<9`{jU|^v)&<s<$T*RAg4-cG(F0V@e`wydp1Sw!ZMpjCn;rUSW1fDpAzwef%BhcS
zo}`cQsZkwvp|xx_7-45r_w0Uz=^kgOYG^jqJ;I}(y_R`+x|UUdD&MsZ1z&5KqvMtg
z9d7~yW4n$U!N5NOGgs<&2e7}VJ#RFeLUl|pKPQs&^qT|NAHER`*l6WLWklZnio9z8
zqo~=^P3aNcbcW9jG-a(C?d1zbd-$j0^;66~)>%F`;C-xa^b|ieFg(FEO4iF^<^u<q
zp2`Mr+{HogYW|;#?Ra@GcE{+e)Wg`X-U#JhUNY`!<9%ifYJkO{`e+Um`AcA^vvpoK
zycB{Wi^YgM7|rbeW*$r*&VoH1NtMs1%$u{(%BSa|_2-D*YrGUZyEsrv2f<Th17&#j
z#r13E&<hkN#5Uc?blV`Cw*cV4OCgA7L-2O;{vvSjn-T1HUr%vh>17i>MBy7m)c+!U
z=-ozTpy?7YdieJi^zzr4vaxF$<;83S4l?!{0LR77$;_Dtn*UG}vsda)jq2`jD%IWd
z;9pDs?~Y)<x+XgJWVHYPxO?~bsH$smeC=~)CNq-<B$;H$1WW>oNx(;SB8ftC22cSX
z+#HW$t-VRGmISamUZo0RPKeqGLG0-0k*G}~wdRasA2<BkvGtNbdy8V#;4QvdNwC(0
z_(DURgM|J2?6ddDoS94l+}h9Q`?-H5bIyLOwf0(TueHwFYZJIit<5(az8oS>o}D4%
zL0irKU(JJdn8j`mvo$K^VzHYJX5*)^wMjGOOq*@}WVyZs-hr{WGlls(Ls;p%3cQ`$
zx!ysZ4<6pm={bi(XM;xe+BrT5>NPme<J6@-2reQ2pN-T&k{GKVvpPk-`=;Wn1SeIm
zH&5|7YX~caU*ociIdD}z2>zZFkS+#Uyc=Y(jKy372{G4X^@5hodc{+Xa`brXISKLB
zvdQWN*-oDZryFZ6WwF-4SiK;M`#%n2rBK6VUn6k+Z)2^SPcznfI4;(jt;bsba2PAX
zB{4ZLVy#<PthLa_@_!t$SZkvdqy`=|;JX(P+4p_l_N1Ph!OIH<S*&%C#ab_Bu~wo(
z>h4aiL+Wmzd$6&;l5y?C&h~&t_OoB3__{<rrr2w3lGy7RCLXBeW3Zazt_0RZ+5KnY
zt^qy<cPBqB+RiKU2QL(KU$Rd0MeG|pop$6%9e9@57Vpd_dpyCP?DzeTaKS^{x!?zj
zQ1EAqxL&e0!%hgv=Yls;2V8#`E8XXSHxFd-21Mf(WS@t0`_+9@WPLrlSJ<A^{TE({
z3_dGFDv^B+ngx=v#-tC?1?@~15S`$dN&PAbL0R8TdR={etp`)uJe55752v(wmLf-~
z9XU#i^WdWP?Og8%JWp-$vjy$L?1k!=eOPHP1~2K~w+6I<RW#o*bS{MS_S-pAd!PDI
zA65#_25;Z?WolnF%^hn#7eZ!zMQBZ69CEjL?nchiWI7?)cbM?ZS3Gm%`^0LLs_TV+
zgZRAPD`Dci-*!7l&&^pE=XVhJ4cNE#VWp-hCNuSx@{5SvoT~59%<_oTrt6}_HwZW7
zMu~3_V0lLWs`qwgd)fJTJ8Xc}rx@TsD>@qUJzg5bO8YP_+YjIxh|4dex?|@cR%-IV
zJGlMIv0T6H`g=ZjC}p9#n5^$K(;jQ({U5VBWrBl!!%2(f`E}Sq8d$^fkk)|aVK@;z
zLgdSk<9?py_wn+A0hZr)4a*4wJJk`$8J`c<=!joq<N(Q_)8HEBqphJnS|S}!_k9VW
z*9w{+z4s$rrp{Uympg3crLPZS1*U+vv+24h8B=Y_jT*Vb=VI(mN)KxSJ=nLdDW<$G
z#GRa$?HTr~5zlhR3|d;Dm+--<=%{@T2=)CHmn{Qu9lczL?6SeP+Bu3}qHg&3AXd6l
zz^k9lTmzbZe+iSTM7_{|5Gyq{@DdshRI_+*6U_-5xQ6M^0tVY60_$7z`<eptJNfIQ
z1It0{Y`Qi|c)tYM_YFL2Rogi5>-V(f1Uv(4AVTz$au6$qPt><U&>lI6l~eIu=l0P%
z#NvEcH}hRn7VS7RWpSMEnql%y+ncV9-hB`&yKtGht0^~1;J7mZ4*x;JufJX$UcN#d
zS#g~jt-e-0wn|cu-+GOT7un)sXMKxM@Z5f^e0e%P=sz7tqki2<<7k(F)|YSkKImq?
zY<~BGflJu;LHEhyXi>|l#L=idVUDBiYA9EU@4Jh4M|WYbx~nNCiW^c@Onh2S7Sj(B
z-`5@O+h+K_<zxP>jlAP?qhP#iiuuL(ebUbrEqvVQS2p%8`aV|rz6+Y5Kv(B1t~a*`
zf@wa|pX+t_==q<)?Y!Fg0sTEV2efozr|;qDIiY;e90CLfn_~X-SA2GOFk^W%qX>d(
z5}%sMtzLUS%4dfi4=s&q{IqcK6kn9cb1@Hk?C<0AK>Oru&^~p8_D$II_iW;WMl5j9
zB8$r`vPfiYDQfl%PJxJS(`DP9>`Rds+;E9axA9`<n6mYAOlJ;YrEn{Fi7jSl`vBxX
z8^6RW0A0-w(|WCB&sk!lc0KXY1a_VYVJsPS2YOE6vAP4bC$N+Pu{sR>qj;<iLnHY=
zou0R8XSQS?qVX_dV<eunu_MQ3%QoRy_t#i@$^tIq%%bmWEN!#I&d>E6!*OTle8;d9
zw9xv%WS<=R2rKYo@EZ6f&VRCcO{8sp!nq|kH?jQ!3qkrH3wSG^0^R1&+dT#T4jv?R
z)?M*?(JZdF|2%pQ;QIHmA~%w~=z6vnO^Xh)y~w=h5gT9M?>Nv(dHOAW4i8!?tJ(2t
zD*YC}1;BOKB8%1R``Tdyu4U|Z-+Yil2+At`NZ$wa^}3(;KX0coKA#iD&Y;&iY2WAO
z+!b$=nP4v=GPxl}<I{-+JI3s#>zTbYZOmT!SH3sz<z^W!ru}+Lc+gtexe%XmCJ%A?
zSyS_w;aUXJ(<pY{y~9HD1LhK$DFJ`Yh1Aw6ybz@Dth<=4<{U@ExBrF}+0STb6)H;3
zf~v}wkiU2%NOtCDq~%gM4g*YWxx4<ZWscOA?}97}sNg^j$YMUo`_24Qf@JZfQ_NFX
zgVI`3*_mHLlVS&@$5IESMdEp1r|B%Lkvrft)xn$eye|*hA_T5vFcbUhCy@NzQj07$
zPw;NgDvO&Ycvpa+;+~1doK9sd4u+{op5@5m>WRjfHom<&RTlsKpPaKKM;5OlG-T_a
zk7V(R3C3(rmBodp0iVMqix*8qOOVC$CV1yy=M#!2cwf)ccxzG^5v>=O6h>B?E7?00
z$zrOB4o|SyK+^fg;FHB>R^MndixpmBh2Rhe+8kcLJEM0l4_X>8Xb&Qx;ucd5&I^wG
ztb++TI4`76&pMcpgR>)ZM%Jz#-ml-SeDvNox1jWvG#<1P2i4U}9S|JkK&xjmwD}u~
z=WRyL7AFtdk_?zviSqS(1;~Ea&*z8F`v+F!<<!2+v4GdX3)*2mU%xZ_W2>Cif>KlK
zGVQ4)RtPS$!V$6u&Ot)O+8(HCD*^upC$O~EimKZ3z`qhedetUp5&L%S{q)(U<siN4
zl(Rm?*zK&!$#QI*dQGJd{HgGSxHx#l`u1x;Di}q6yA`BFox9Tx7qt+0jJt(cEO!m@
zive6@-?F1LT|XGlH>AK3NCBxuUqjI2f`pc7NT}FyqVl4|ysXbLtt*kJ--!Mr>-Id_
z()tm`?t;+*e*i#oY_wfdf>2d9fU6mx%)#zg(a-2_%(|w;2UX#w>!XBsp40ghDs)-B
zH0{Eq&(E<Xf1U#u5<Yb@dJrDn`Bln1LWfE#9BF<LOK**0H{ogW%p5O&@k6Zi39<e4
z@Dw3J_VM=1KqC9q-gMYm58xv9K(!+lW2^;PeC|W6KqWmRN%|A|*PCn!!Uu#$mzwCh
z7N`v|#Z<@Tbo1VfbtK~vnQgQ3{<R!PgvSakAhnf&zdwp&aZMhi`g91cStn>~SWd^9
z6B+8#behMZpM|;_G%{8MV|SZ_+7oTfyuV`vOKDc2qK(;OX%3-cOI|@%TL-7t>L-1k
z$Jnj6$>IEs7)$kzBy&0FT;F8eozQ^HzeUf#rt5jxhghk(Ahw>yIoCQ4q!xgwS8j-%
zZ!OCNZ!?RHC$1UGPuAB>uZ29Fe$OdPIM3=kGyXj58K(2BwX@>C&-TxxJe3%4%KH#2
z-E+a4!-H3yb!S}6sr>`4_t1|QtIxiNm6|ywTieR}U$wEA6FbXVTVRSgWrEb%bS=}}
zIZ^#?u31;8eK*l~<jo}zQn#;*pR0-M?QdD6Zg~$YP#izk+^Ou`Y!00ZO*fsJ%>k*C
zUqR>M-BIJ5ot?#H$U0$;o;B)Ep)nnqmlqV%_qrcP*0JsjymKo%!`hz7V&c={<6XXK
z@jgM18>E;WdM(q5ITP5ar}zFb0N2oSSB%-_`uX@hT=3A37pjZi!%E*7|D0VucoXwC
zZldwEM0mdG_eB3qWSd{6*X4}yOWYb-At<sqWVaEAOiPGErY6K8Q%&o_ub_10-O1^G
zn(xmyeN*jV=T9#-#R!X1;(5P-;5HF|T4Vf4c(6Ugesv>@9gguRi#62!4e$Jixn>wU
zcbadS+sB`}ERgv+*qPJBx$N)ao%<#@b82UGm`VS=Z{wXkC$Rfb4!oWGby1_1MJ<7&
zNz#9J+Q3Wvq3s`Vy?;-+R3$#qhi41gOYdT(+Ya9L?RTi{O*v7b7pjXPG!MW<+JCTz
z3mQJu(MJ}lAM!cjU%rc#!W8iKeOJ(kE;*02-QL9Yetn*x5j*Lqp2w6M{=2eB{n@)%
zX}40?I(c{0fP=If(d$CwgpWS5SRZ@ayI2t{#7~!^olQB>_F3!HcHXVSRZ$F~_9iJx
z;MD7_Oycj~_%2p}i}&}9*mFC7U6hP@be5psuSmw8SqvdvFQ>y1$L&~p<ZJAX#Wq(&
z7ru*?U3i|lt7%%4^#3;b&Ejtari=CWG!94Ta?!h|7V9+Phn+vAzUR0cgf?4TevWZg
z)A)Y)4m(q;=P_)fc~9fUXr*I(hOzrp_d277)A^=voPll0VH|jZj{g?M?!+2Sg{J!L
zW?3=D9C#!-%=Qo+bGI44M<<}sqjZelOmt@WY9p_jr*Zb1Se$(pi?d$=8lkCPBde)-
z{=f>*I-6ERiG5Au>^42lzQl;LZy^1zi@x+uJP$<PiRXcx@0?oP{pxpVK6hN)J>SR~
zTeRcQL-BF<H8{qbeN8BM^Ltpi8DlrzgL;px;?!t0ua2y+sKd*x>gWcWI@*MSM|mzh
z79*G9zq=kggq7}8nroO#)_ylsRh|X@VjD<qkj3i}&0DwuQNNJ18@zW~ehIoLbzTot
zjrA!3|0WwqH>ALkb{j~il0W=S<R6grZ8qgz{P!Vx7eNWDcW2blPRxA`)Y{HB_{p6A
zy5#$m_lVE(8;;(sn|qS6imQ{4wYP?jHI~mt<TmbpvCGuq<(H}>D;BHK>P70YRSQ+T
zhut;CbG^q_@oKc%qK>Svs>91|>ga|Pb#xC34)c7Ntmz0_Q{2GmG5RU*V5M&gXoVhn
z-#X1-<LF%n*Tt{<J%_MTm<L{s&kh$qv^1*QdG~|AC_N#M)CR#pH?b8?F~^hHwPcQ)
z4q*jy!8>ph1l>gtoaTdIagzHK*35vchI;TX)AMDQ(R^7WZ)qd)ccg+eG-qK#zAOak
znId<%?`^EeSv0PGy0%z}VJo?rt>mV*5{p&-%if=EzU<UPG+*{c0N21ZROdBIl)nyg
z;4emj)^@IYf$9{rLB^j(&SxTD23UV%UorU6;L%0I*1I449S)EVpS@5m$)WfAEwaYb
zebd`m>9+l!qI<7#r|6iDog!!p-=_OH#z@6(&_*|0t`0B1OdVNqsT!?btR7pnNX0zO
z{m<pVJ1~X$P4~0<3s#|G2?8%!pUx!uWAEj3Z+i@5H|ZPT=pB^*AbP!t>pgy}MLo94
zsz$4A>d1-|b$Gd59o^tiM;CFy5#Aa;%3H!;^L%)i=fYnxov<CCtB=nQPniv&C=X#h
zR~_X2xPjMoh2?Fm^tnNk&xNjm?GVf>f}s9=j^|a64}wHz6fA-xi-@dkCu{BrAL8@E
zR?=@Sc>A_5RPFkm*VBd^7)v85pcSOT5h9zlDG<z0f!;%Wez@-}2n`ennjPi03=~j0
zoAuBQ{a9%)1@C;2#SJU1IvsM;sLyY-sp`jyToTKNpG<d<`AhGIs_HwDztc{A{<UjX
zmm5C+(40l_dc=g=Yj0r%X8)6U_XUjK3MR;#|EAxc0zXenfnf0n-uXPnZp8!M(qBPU
z^&i2%dDbhfLzh?m`U>b9`zD9J!qPqf*Wj#0@pZ0Dbh_^?taMKY?{Er4T*PNG_&OW3
zz7%-@ncD{7($AN%^Iahu`1`UzDsaSNAGIKh@AhG(-2>j$SL^ljD+(T^b-0#Tg$hRx
zwJV5ypK3)_4UdAqW!ApdH97F`_qPeh`lf=k%pp`<(F0WttlgDXRMqw<__xe@wRKAl
zJbd3a;aK|=kkYKEYRe4BYRdzE+F6jv6<xPJ(Aex*YDHC7{tc?G`W~vPZbbfYV~eLU
z5B$yF+UzOLw5N6fcpX+xRwd&6G6&KRb^En^o)>7nM~5jtipaW@<ldq?67DVPae)*9
zSxmN;r+O~<n}{RowP>#fEzJSJwYP&dm;7B1+LaFIU3(pT<MT{(cDA1Q_@7o@l;}VB
zam?2?@`~3cvGZ49>>f@LB81Ne-p4z?IDy@VQ-nxMA+^ga#EzUv_e%17$qc&x4bGs?
zsuA5k<Mzvx?gazcbiX9~<eDV=<k<kOw*k5a+=4ckB9JxI_4e$O$WPY+taNkWwdYYd
z)I17DTjD;><Y^+f0@LFC!?(@8fm_f*2aJ7-Q*i;=x0b5I%a^DlD=t@~)t9NqR$Zzd
zzjd*So9Nz^IxXf)k$orGexu)Sd#8<^VVtg?%`MJ=GGpJd|660E0HLAH=^%~pmat)~
z-Zj%2Ts>P-i5)@wpp~38SaZmt+Y*02fE5AJeA4=#3tDL=%||ar5V6BAvoL2L+L3UM
z^;!Vek3<w9wlBT}A~+wkZmxU5UZRKgSfYJ<n&yxFX8Y|r=8q8{jQC``Z15}D3KChP
zegG-vm*s{B4q&DIIQH)41g(CnpsjvP&~lx!80MVpexTfw-Vb!<nGmYmDrohO37X0|
z_7xZ9K0(hO`gR=3*6$b`e=ks~K+g=Zdw~eNb{`7XJq(%~z?BTvmk9m7qOcMl^5wBJ
zjuX$5{EXv`^nRZo*kX70=x1Hy`NrUv-dPYjxqV^@e~<#&S0*1cA7s%Z^Fb)@USPjV
z&;oYQWRMqJFF^1+g%F(2?miZx7Cp!2T10E@n&W~wY;QEaT{Ntx@@d4EYc8hykX|G4
zI(mQWl2k$4>m+<a-*s}ZbLvFnT4UqNQ|wpQUQA<xW8+$(_ps@^L-9eZbi2XZ!U>TU
z0PouM`aRccuCjt;*b|kFG;if}edB++{>#;%E&Uqr{0qkJwO<I420m@g6Tf=G^Bh3g
zIqZ9{@hn{*TNVwN2@VeeNQe3Ku%26;4pOC+_dgHxd%&4_SFJDPK)M0qzl-!Z<G+iD
z=6iu1@!v&i9Uu{!CVm%r^L?xorqdWZ(WNCkjic!Lly|e55_#d8zhI?3HD<Tz-zyNy
z^FM;=_lnPPtnTLLSh|IMXAmqbp8Xk)k7s|1<Kx+%V#%<<9PHaS(^2DWw9|c0_Ai50
zJ%_P05ue|Pv3oTF?-LwE>P26qfp@H_`%|;0zzY8FZ(q883xGuaw?EV739#5j9*bQJ
zq?qdK8+AyG{KYS=`aWXRB+z4UN3CPA3$ni$@?+#Kn$K;XY+u29P;X*PO7=n5mplsB
z`k-r=hj7CMG)`B;aXV@_w4;WD9mYNR0ZxbvjNOwTi<ua)lE7wPq~Lqtx1Ue%XKLoH
z`aTvufv3*7yY4RI3}|5NUVT^CN9@i~><w%cv?b?4mjelrN-Ow_&ZT3>n^A<oL*O#Q
zRKr089Nh~Xd4g6y8?>5DP4mZoleW1sp>d?n36Zu7P$a<a;}1Lr8kx&sz4W)04tnQS
z^9hIqwt}`#*CVcQKc5|*$!gLYzquqhBMw|<Tr&Eo{wL!PoK0~laX?jNCiwRPNX@(T
zJ+*i9ZqQ14s(*VAij7a^`#p*u?-<c#!*sm5v!Khs&xk9G{bqcm(=HGEMYBQ5)z5tH
zneR9&)}GLz`7suIehjp>6A&SL8o_;T0xYvY7PlolI~hGTS>oY;g~0zQgTH{SZ3Xzz
zSs;zU#$cZeHZs<44q~O|V>*_726Wkx5GlA6{Kek_iRD##96~^>hxXeGkYjbt`5-Mp
zvUmfW9u9fdcpSDJ#7g@B<Ig;X!=>PFEINH09yo{<;UA1Ya$`6Iip@C4V>oo54N?Hf
zV##UZ(3OBg-9fC#hv>Y;*)bgSv!_Kbdz=symqGjOCCKSKbDOZfu;BD?E9PV|uo*@4
zx)8jq>n>vJmFeFeWO3h{SP`Z}R{=mpoGfo5ax5<x=Ci|cM$`PgV`r>cjEu>(@%v?n
z$Lj*ZU+*#gN{iuD#DR3OwU~7fD}C?Kz5yqbRdmJ$l?%XMln2sMP8LH6^W~EDdz-DF
z9l8dQEH+P|pOzweht27%o5PkM|L<d^`+pdI));<0mXqT*^gdSl_A~r=1HS?tzitks
z=BHPT)wX$*vjsODvIgbdw6@KmH?h(;jn(SNgkbY-(3&}#vuK8IKY{Oc1|L8dX>&Q-
z=k7Ye?(BASFR<su_PPM^xA$3fe~|2r%{E$3gz!wj1DfoV7u27??u$Sc^*n1I^ftc_
z8eH3;E_{>TQ7gQOmF5G27I>f8#wW0zpBb27EdmB#8T)DiU)8bwVx1ErOHW{TqMn{;
zjU9;kgUR+Gg0nHMmyBufN&-C$8R6c<N+Ew5GLndk@te)ra01kt6G+wV_idINYjR<f
z%=0J*kxT;5B<sJD(Agfp{v{lZv#ctB&}{_}nykM_`rG3BFJ<>8nfaejA_Ex+T$7D`
z$(vXKO9F4A__2-s>uZ3}fziovJ^M{l9VY|UB;yfSKLQBt9;LoL;oV)M*qyA-koh~`
zuBI8$T@CY9`}v04WQQ&9({DcOwhG#TY0!0N3J{+$;$XJIq7-U-BaruVAn)fv-hb2z
zA=wSydJ`^pa<<^gL)Kso!)16sR=^#@rJm4+-Lv0G_=fRu+XbM>9JfQ}&<>dcy@oBp
zr`y@RV6R8e0<%GrH#N;4`%T*C$_v`=MQWRk##ZE+5P6*VD;J<h9kZ?K9s{l61Vr{O
zM8P^;4`qj6{u@@hGbyg?GNFs$S&#>Q;RKcn9N_QaK^ovDhHc42ux;8ifA8!VY>9Bx
zCD?fNCm=##BCxLpa2ewnwVgV7)XSrdzwX!$y-)K<KY#YP6+(T)pSd8mc8~rIE8t*j
zXJ`22fWOBE(qwD%;C`&g&g5%T$JU16^z!W3o|}vwgce5KDT5Ze?DLMWL5t3&??nSP
z(AxRG&X;ZSg0`6uIaT@?{94HJ2FB>bY)GO@9c}dcfbO%{Oy9IvK16%d_o8q0Vx@i7
zJ!%2ihh#+f*&YU{j`sFqrL*bAC^S|_U+cw+I_n-4e9+t8G(B30K-cAadyTw}iEBD(
zrWo7bF?M6#(tG??r+REvsv50MQ%6>$tHaAP)X@!7)X_bBP~-V<l;^_4*Ez~VI3|xd
z;ljURg~-<Lw+h;PH*_`gLZosj=x4t>chfqI>TX(xv2%jGpp(HOr*<z0nDnyTv}b<c
z?3i8-qzD@E<#t_wBAskKIv)eAGhsc{6A<ZS{Q4-_cbgzc#@?JSXouOkH{*Aho!P3a
z0>4cB=&Qir?*u7i@->ZGDF!^o*||hG0=y6*ayj5`^K=rwXb}o_>av^@KJZtp)TA*w
zr9qe8whH_m86dU3C#VMQhD;R!xX5z?gTo<cgY5Y?3Dd9siWR|5VVZ7dFkJ=yMuz`C
zGj=P%7Z|>F*y#p&Ke5I0K^EPt4!8^C{TI`GzQ}i`g13P9H&a1MoR|0_6Y<V~k>h0K
z(-?cYagLGk&K>WAE|=>$zJ%<>WPSpNN8cm#JFIkg$iDT}8^l)fgpcZfbHiWif8F6D
zZy2(*TpeD1wK}rmDm7YtrFv}D73%R@m#LVy=yGPpaWAI#eXh4a*AiZ+*vo_WcLxOR
zH}4Bt1MeOJ1X2wzX#Kn={Q4OXl6mlMSOh`L<q!EVmdH4IO==Dzb&b^a>onyLb(Vs*
zq><{B_AGfpC($WP$8~x@Yj?^EsBi8G_q>6XTnp?p;OoHHU6Ueczc~X!U-1woxOSZZ
zp}vEl+QHp2Fh#G$7!1FG74p8u16{Q#f<|cZb*i8p;`77XNP8~7ML#2)B504E0il5@
zf`(TYmy<bv#%TET8(10P-Qm5QP*H%uf6U$HxddeKD?T?&=tOuR?{i#MPy+gQ%7Sl!
z9@i?k7W}@H@jMa87a|2#cDFFP#2H9|dG7&uI|4LrLSWo*286n8;C1NtlYv+U;7S~4
z?@4$oJxQNBZsI=0=+ya<?9c0G@+C%2Q~^(GIuy(Ry@v727Vsv{ZAY@W0Asfuh;J*4
z;oX9EMJDt<w;Qx&J=MPrPXN~|WbbBhh4~wzt4(knzC_Sgo8a1<B512KK--)uXsfe8
ztDk8tA@r`h03sbHu)ClL`~xX%o)QG29XU$(BA7RhMrd*xWn=7a<KT#~eoHJcubkQQ
z8E@#d<8*ueRQHg*r=bUkZNI*ho`LONXSuOvH+P)O>%`b?=ma9Ob*ren>FctJ@>MYk
zv=Uw2oFB6_h%KUW5J{9v`>F)FWPXN+?Y~5(|9%3y$$Y=%Aku$==D;P!8OQS8&i6%T
zTEJ`AQ@;1G((R)5RQ=Q6iP=w^Y{8W)ZNZv_Hr;+&@P^5Ls)b<ve$a?*^0Fs(NB*hW
zI2_qe+5AQCVWn^?cuCuV6y{@}1^(_7kSZ&{-=8`@7DDE!XTEnmvw8JzL(Jw)dk-se
zIvsO~mBo2jZ6vZkG^T^3%UF__30cF2*W-P`F&l6b?2tKm!I!)%T*G|9fGJ)wW)B*_
z4ZHmWs50{f`-&|$%FGuu>?a@d*((8D_00EO&3xbb%_vg8U(iZwp_kA+nN3Rk;AWE_
z+|1x0bhDrJzq8S&GnmNSrM1wzdOv7|jqlGdX{?Tp*~f-2ZL&=XKAT0#^M+ll=f{fH
zxEesQJS-YVPZrN6I{mvCyC<{jmDjP-eH6#p^(ABeV|KWoca8avD@L*M4}5y^are7e
z5pqs0A9ucv6-fQ&<>Nc=Vx^tQN1Z(;AA%jEN+0-Z(@tML7Qc%X$e?5HwZ`J0i7`++
zayTv9g!OVdNS%|&%YVN1ualRWDc`)jEd75>UP>>avSF5&z$MnH{~LK(aT0mi_u6=Q
zQIp8aERe;P<4j(7t~Xi!ZCpNeg4{g!4)s-jlpr_j;^Zbb{OoI3>6;4ln>~}8K4<rW
z!GBV2THe7*Unb@8P8MITJcriB`+r5pt^#m9%7d4{Rr590<+;%cQvC$6n37Y3fyj>@
zcbsLpQO<zT_n1xcQ;gk}3&7uF1?glu;u1o?6h=RY(Xam)mVSw8Y<V7$ze#xQ{MXp|
z6BDluCh%G;4jG?Iig_+LWIBKH&&b!|qVe*zWai1_YdkzgKKkj(!ob^9ho4Lq{{CmI
z)OfymS=dW+T&azf!Pc_ue=iIF3jL`7xc-s?UILdP3q6jL^J(yHtN@d9yFK=erY?it
zeMi5qh4k-hmB_ieJsl*Klg0WZ-vS66@Mo+D8K<$A8Q)IKvB3P~dl|gLkL_jOVex`{
zm`v85f=pgV_{fnUlVzZvP2S36^3s#Y<P`+Jlz5qZnLBlvw0%wI`QON4I3<Z)m@>It
zn0XR>+<(SOH^k#Z*7sFYd~!lrUc~nvzcocYw#u$Xs~zgd3a2`}JXIatkfx6Ed~k&4
z!$!W=QFd>^K$&&y9vzIW>XH<yM+Ua@>VS>n^0JNMIq<AS#h6o}P!?Ceij}@>(E1$E
zWd}=epovpEFNnoJ559$!ZU>EZ-ROX>Y>@X4G(m7$5d`ym5Df4_#E}kFl~(ZYwS!cU
z33?uGK{~x>{F*e_8Azq^j2<UQfhj`7ZiT7>2ly8{K>{R;OJBtb(NBF==pt?P^FLFB
zNSzHLc>u1~&rC5ywswE#AxPk(Ih*-m!WZ`fgov#>xP75&<l*%-L9n0C3m@XAg@64j
z&Fds`VAQ<w+yd&U#$3sKPrOC<A3gRL#XIK%xCl)QpSPU-zKH$x0=S|dKyX_V1W~G>
zj@`wRfCsT_t|stX!E2x5i*}yCJ0*awM>x=almcCS*+d@*S^?OH3R6Jp<3QWXfp!U-
zCy_pcw_pCdMPF|_fGg?yL-aj?TQ%{x5nHpe@2rGQa8-jkun#Ll7XLy1n&9a_fu;U^
zESI%`Q*l0M#@#a|Mb@!g#SRXn(G6Fs!^^KwM^-FTqt#2*W2=^^$8Wt{#fw<|_-sMr
z0bB<;dJcErKCBpH-oef#{P#Yr5MA{V#_q@SAat^`b;dcYY5yZ=d4CnO0zPl35P>wz
zTf$%Qd>EzpqJ4aB_~&^L5-i}Y<fjeQVtOyq3;VD#tj7;?!q4r)3XwN22VFTFbgesN
z3)av4?ijDtJZ%fE+)ejPH<2q~d!`R)&gZo>PV0%Q8}AA~ypMjr{t2UD7J%zVET3x1
z1ZUgy^*dmh^n1%>=hudp|Cc(t0jZ;lAP5=IrP~K~y`Dx_{dysyrh|9&Y(c9%L(po&
z7PS(bI?ePPECf<bhM+A(Xdj@;14QQP&JeV^r!A_nhY;BrNNMvB`MCmQadl2h>l$lI
z>spY-Yyj7eJjgm1Wbs_cX!+r6&|cVRzveUE5&oRFhpRvqYc3YFjJos6e|WK={ki`9
z@>?zzv>hn3<(7*<t9@~?S_v6LeO8dp0ij~YXyrvl-I_)KX-6hxUCnABzK}jW>lc|b
zvVQ3R{m#!RT$|@}cbjMG$h~jwNC&;H%?|XCXDj+i>p?3VY5p2ZuUnz_d<z7R@af_7
zT%r7&A9ybO%nC;uF_vQRPQB)b$FTPWpHTJs#;j{T>wv1;E*7*Yt4qpX-{`!C{$E`F
z+D7{|uLYs%Gu|2goKFo0$-3$Hzx&kMa|P{bMnl3Y1`X@ZC4X%?Eo}fUBmNgSV3}&<
z{Ecq#sl&^6capVy(hZ?!+z@)fee!(YFL@Lu{7m>*-FiiIgwF}@&G1EyeN5iX1sgeD
z&s+Y0&k1iOJozx=;|>&T{sCw;Hets~XZHfs3_FPJSMz{x$I9I91@#vQn&VrbAqTeu
z(&Yu)W?rdYNc>^mK2-A<Na`jOd~&xX`1nj~a4;LR(jW>pZ{qaxi_HtU;NTokn^$td
z!2-~(tCB_KX_{v&@8R`4<DBmM_Lo8T7bUz9sZ0l&%X$|3I|KCkWXo7S4Y9F^t+^Ux
zF%{+QTQj=ok>}rT-oNFk-+u9G^WVPM^7h~tYc{4m(SV#o=~j^18bBp>6*R#PplAIf
z_8h1p`&nldNJG1LdZrIx>gv1e?kaIOTMALZfs6HT2A=R!(;(E{0$odZXc^=^VX|(A
z`O?y5Gg7W8LCzMU|JsS|hv<2jEARGXZLuQ#TujRh$f_y1VSUpHELHEM-@vOkB0rqK
z(gF*(oFI#Hwxi(MnJ;^;vO-lGa<ATzx!Kc(a#ufZ-R!9>0spebEuO;~_7<SjA>lrd
z>hHhox5F5_34E=o&_!UpV;Y3|?w=gSKF8_9m|+1Inde0to#%#W5Nh8v`8;4f{dtCY
zI?sBZ&Ld2NP))<+^K_%rpXXg3T&-NT+O`lyic$rw!v|e~dxgjn4!lHPtJx3&AC$eu
z+C8!mMJ!x=pB_Z}*b(jXWHy8f5tQ}t;401+BKArs`-Iqnb7&52@p(dI?+NTJ{+&+^
zyqK%LhM;SZw}+ibsHl#BUayhBiB^C#$0}4b>;!)!2htn|{l6W7G!?)#kS*wEP#{lU
z(6$*x-bdil+eg4p<Xdka0lijGHOjmFV|SZp4wIQwkVWI!IUtMY)ZbFRs}cO@8jvdV
zHbfuEVw%1$$zrB{#!42+{)EWhKMx|r4&zWp%h@1{AM(!dr+jLd*bx=_cz2iYLg3fj
zZ62~VG7r*=(;@4-7^)h+2LC`RNE>Fp*Ln`f`_m!(MLHb*qJd98T$oDlHzjQ=dGNnu
zZSzzQf&W~7tA~tL{Sf`;h5`H^rL=i2=Tla{W^MDF&8L)-XKSo&o_qk;rT0VCuG^5m
z7=g5-gV*=Y9|KH%vHs@rkL;e7J}5Xq_9QY_^(c+YR}X@|r;vHcnEJb&;Q!D~>ywlD
zb^)D_%tLT~b~<F?V(=p#B%Rk?ZJr7iyPAdgmImO4zLneNISAn2Vr}!B39|SBpBMi5
zbjUg=gTIpl>DlSR!>eZgsTD)c;X)21LeFP1%jXgLp9Qk`B!KH#8LB=abKQgdvr<SO
z$ijABufcq_Rj9!CaQ*=+NaquKD!}^-d5{j0_ftTcZ51jGx;Vd(0n!}+uIm2;f8Q{c
zp2gVx>@Z~N<934o1D=ihds;IT|CaX)JV>~U-s`W=BXj=k97wqUE`40!^zS3H9YV#Q
z?kdQ-4#1_iJI?948h=b{iJtAC&w2p#+NtFCN7D+jaFo+&|KrU<WEDFD@yR@h=x|tg
z|HnZ2k<ggnguV2;Y7T%42k03GLWd#_q%*BTMVpJBaVQ0F>Awkl7Ld+#2o*mj^R;t&
ze9Ks??b9Kvg5~CGJRc^%8;Zd%a3D2!!4KrG99!QaSDR;+6@p}4r{=bK+5r5Y5&mQA
zI-9MTMYngrWz2K`XO$Oy-=3e<2E3oxkBdMS@50z^VRj$+yB=frO=;7!8f03-Z98gf
zy_L232jLe2JAm}ebjUiJoiW)p9d7@~-R61b)5?p;^Pk)Evkn5ajcmFvPVWZ!dD`@>
zgL3To&CK2)|35QzM%J!wUgz^?hVOl|1X)`u5jRwr3({FgsJN6XpLelUs33HzZUViY
z+$}TTZQX@(4j1)fsXCSS7urFpZsGOsTIV=~ii<%ON&8)h^Mezl9{{)__WZ0$p4V%!
zUg8icj`8{7h9-Jf%`G$E)5ojf=z4#70=xe!ZF<&=Q)gsV@8NZs|L#}!zIm{T(&k0<
zMC--%>&po|ohSy6fN1{@PGC2Ii}1xc=|aV>98SMWp1k`jdq?27g%^HJ#@t497XM(Y
zt_O1{kC3*#q-_hWcS>MyM0C6xblaEV$J0BQ3En!+Ih?=dZ7h`lxL!<~p7pz_GqM`?
z@ctbji#x1st<_Du|EC~}e>UbroDL^xW7JqAZSDqHyqJHm^(x-cvcn-%?CRk3^F?Hi
z=T2bv%}_qCg7J?*Tk`%p>`c;*wAgvjyNz0oQ)9IpBS-IjQ`gh%zKds|e4csjQcU9#
zo=wEN{|zi<od%A?W;-d4&%|)N{RDPD^XJNo5^<|Pf!&F?eV;r_z^(cOc9T7luZ2jV
z1(t*Ff%$eorFJy6)Q&Ps2U7%X34pf}f%b0zUb2VY%6_*!fFc9)gh&9{OZ7GzL0!b&
zT|xgwt|ompp-3Q1zg=~fgVefG(B}A)+mCIfD6)iS@sUeF3al3*od9J^QiVtX0>3?{
z%@bG;k>*W8q|^ab)kWaHiJiY~-UN}&4+s(G^ys{5t7A>tbdVfQS^V2rKDj3$zucq8
z(B451Y9+eOE$DTs1`7m@_~>IX6Fp}qFMOy#&~Dy~mF_ZDLn0G`&0;J+(L4vw^xGx?
zmyS;+_|ZjVELZqlD}-v!2QR^CNj`W3rM^gDI+Q(9iXw*+V11Q?(0?Sr`zH=UKTK$M
zDG#CggmwZCq3;{dHd^%aQ5^FFi7iIx8aTrjX?}pv)}f!9BW-_8;G0A3w4!@xKQm4h
z<b5f4PlaB2d$A(Sji;9b(R#CH_&?+!RFMFG9}gjKLc0nJgw9K7=e0nnls)TM7sJzl
z*U8@9V}(%rnG~<uJLB;pHV04M&pI`{KKK(><g?=OdKty@0cRT93bOdN4MOdO;FVVj
zn!Ozb11mvW^$J#qUr2nyo*<UK0&uP6!8_L~RFJ*rmGts?#119D+Zw?yJdbs`Zz}_T
zr@qI$>Y37gpSTN6S>5;?mh@VfS+o`=$_8n!gVw_A$)>t#F40RJoWCy<B*ODoI`XsH
z5bv)|Wo?s;+tEqK1vYL`7D#i`*|?b?&CL`l+B!IY&9hkA4B&FWFSD8-fJpOJAyN-e
zrpxA5h&VvbYUWU6klEygNM1nXoY*SOGZ&B5N88T$@QJUnQs@S6U^c6HJ{z>b8LSSv
z=~=yd{Ify!?2#};erB9kTS4OmW?p{40wHjLm*^eR=1U8N<ZQ|#8_4|G;MH@h!w_j+
zCuo6tY3#1=2$u9S7x#h&^$qHW|4s7<KlpE~j9~0G&cFJsAQAt7tl?E4i=Q3G?yJ(L
zXI*KkIq(pxNxK$gaSM8=_5Av^<pmdk-#_yW4|Lxrev1R=nXSV5+9$D8;H3AN{RG)t
zrrLyxf?Uqu{sflvKAY*@JNAy_bRXw4)bMLEzP|6Ehv;5Icwifr@<0{~OlNaDPz+vT
zL+m+@-DJO;%l2&YUgOikJ;$+oE~_aqhF?Mr<Sy2Rv?si*^GpusFMN#7tJg-aUt3Oi
zs?h?{I{+6M{90t8^%?R_JWA~1F}~wL+QMRIgr3VYXXx>)UlN#XZLI{~AjsnR+)rB1
zufMIF(1Pr(qz#$(b&$o6(Uw+&F3+PatvW2vaQ?y|mhL97FuP$)Moe`iu1uev)s|34
z;>v_N68d<|zq|7|c3-I1tfsL}nqQF}UiC6ovRRF7@^^r}E0$<1vpC^-XBB-uGvWEb
za;nd!Cp=$rHH~TKvggL!*$M3e^Qmm4B|P6dpU!7XcwV=RjvKJiZ(b)oQ#--;*s=T5
z>n!^Bnt=k)ih<@D*YNbaNxu~&<GU@!oH|fWVO7g1Yy;attt+SS3~oniu|?1VHt2E`
z2_<$b{T9PH7OwxmN^3G0dBk-Uv=5<KU8zr>lkj)PMHZG<njN>7Z{Q&$aNupwbwze~
zfQL}G9?!@Q-*yZuH3+=LoGjLb=~?C!<1DjLH_>YuJEJ^MAZR)cHI}jO0muW=MBl(3
zcM4h{L(mF%`;cq}DYsfs`}o}Oo@@xUr|9P^Dhloge}4){1DsIdfZUeS(dzQ*`@xUw
zAQhy+k>@y&Ua>)ttmP0tr*zGXlxvou)E1(1cO#IlV70$*x!aSq!;178;Lp#1ESbfH
z8dzMYfyIT0KR95e_|v<9-THT@PdEsHhP~4kLGVqC-6OLg*yAMdX6xT|J|yp>*t<8w
z7hQt!&N~6Tb@vL9B^L1NHD7Il)@gyAMG5o^oJZ;RON`ydv*Njw2cBc!RgLFM=F+y$
zBs>qW_H7Bz>&~Umw_)slbfyp?Fa!X024?&8?-|_)B*G&B1m2FblJm!x9E5};Sf@uV
z523!#vCb=GEIS8X=*;B(2tDM_uvc$qrM7Po;lr5}COd#jndwt8XCERyP?;Ud&IfSy
z6w&vI<Mk5yenR1><RR4lG4>k$1q(=Jg|UA9d`?{7-5i7php=~q6EwnKbFv|HNdMkL
z*Z6K8LWPI1cf>~D&q{bt)^|S-AsD3d7m)b}u$S=eR|_FXVDKHMb>gNG`S}QYd-Ca8
zCF0S>L8$v5Sm%uZP(Di~^OI*l<&4mm$l6?t-S1>UXk^7p>hN-;j&9)8(I$w?_t<0s
zukWn*xn{As?jtnI0Pi6_JG^AeRnZZi3%|Toh#L3j*DR#>Xx;ortjKBLeVG%q)toO<
zoJng0l_H4LbH2#xO+ut(qv~9W9I5pjiqzYDkrFFp*4t2IGbcodztRUFeT&%OoDeA}
zqUTgeyE<BDql&b3WI}KK?KBU%jzf{ZASl!6fWYf3u$*t;V77Cw;ULtPLg~~)cq#?F
z{WD_tn%gcR?``0%6KT$My~yTby6YSO7n+`Yo(c{^?G`Gt#D}Om!xyQK^C7as9UML1
zK<K%2%hD)Wht92n{#}LAlhgA8GXI#6dqnJL7@y~0tdmvGcUY(nFZZb<EB18q7IR&P
z*mI&YPsR&HIWhdqynqOP?vwMvp+8`yF!!I}g^~nbC^>yz=+8*LMsFYp$(fWFzD;C0
z6TBVi$$8<A2ts;p_XNDK9>CR+ntY!B4?#%CNX`qNSST-?LFP}7>G(!RJl&14wj+9u
z@MJu5-yg72<BaE-r4!_<otcDZ*74w~TdCJxiIn8fv!r!jV=4Rzr|aj`ukq9?>+8pA
z@YVfP&}%H#t@lNWkKr=%yFM&vtA8zM#mL@bN6wb|7X{6Z94$EjuKFJkztO(0(#Icp
zE{Y|4J(Y7G`9JafSL}TW_<dhtDcRTsh&xg@f~Awu<=cP2N;`_DOUWd3ISXX*#kl;N
z$>qn8okKi$>$2$Gb#=3SdR%72-R9xwSu2skc~ufPc^ys{ksEeyn#hSW6N0O62TecY
z$@wCCAv*5>Kw14JAySO&sf6dr*bN+t7&?>KX?p#+1lgE~htFp988;BQAp5{DKaK~_
z)W6l7n%??g&v?Dnj80u|{e?Sqy){O6&VXxT+P<`h=IKsE+W<u88Fb~?Jvwy;T}w`%
zu0LdSJqtmohRAq=Ty<JOa=yvwwASylNR%tY9SK-K@)`1Ffl1|yw72v0K54TYt>Iuy
z&I%DoQxe}J7?U&N6Hg>(gFHx$e^1UE8vsIr?c}_1;~uPZTjF`c!A-88h<|pnaW6~4
zbAu<5Z!>R|Pr`G@R{c(mRwH#}1*Z-#=he{-7Il<I!LLmDLPvQBN48!a9p-bwtr@;(
zCGXMCG)8$oT*PvQwoRouL)CoVSk6$#Zmf*xHljQH)7|uZ;YA#DxjE?4aZXzvU1Fhe
zwjSMn$kB0e?x8tD0hTk=%z>8sJ(@F=6_+!V8@_)xJ-6Ako8}A=AN?+tGnD9u4ZP0Z
z7Rwu1tPU?<q>ijus79-O>akUS)aene{=GV~0;$8xIdyacua544;Fr85e3YG!9$|SS
zeLM=UoJ!ABlKBENeUV}(cvsk=>n+aR(mZqVSY5>?7T5Z41S>UmJ%>cUN9}+Og8F^w
z?9OY#pUtz`eO0q*&8@vQq2hoOg0o0Fc6WWp1ntH>a|#s)G9c(8eOWEa4(`<Zj(e6N
zR2;~HVB+(@8NP_!3Ymd3P~;%z9x94r>Cu@e5@378KuVjZfurXhi;>+Km`!c>(G82#
z;pGd}krh5QTKxx|{>kEj$_Q54PvE$Cpm9%vdF~a%c;_MFcP8jj<IYvr#!jdGOg*R5
zOYD^b<XZC}2U7jGwaN~!AHfRH{Q5{iI{1knSl|GEAxCSMHF6-;F?i}{(=!?w0Ipi{
ze5Nn5*8*jSF?J`mAuyYtjorHeve<A2iqw0Ut>{5Ie49Ctax9du&HeOxYYg|gGicjV
zL~$9T-wEn(T|R=9!V|d60^lmNz?7PYX^!*h*v<ArU!)Gedo2e$MWSQJty6aRoDr7)
zY=YBRCo`<q+M(-FE~h0K-KURWh4?Q4CL^IFGE&d@Z?(aHHlZSvL`IUe8~4m9RD_bq
z$f@=n_bfxG2xSr6<DZ-HZ{u=w8EJT!=GG^!!|_{RRFADfYP6bDM^^Ca@N$bfy1}ZB
zE{Z?La1-I<nZC$?3%q~Hr8HeP69s=`k;SM@7V~Vf=utS`=YN9Ga}QM2Z}4Q5SW#8U
z49Kdi2fuv=WC5#3UH1r771SgD5(h}l08^K(sVg_W&zaZCSnppQ#fp#(UNZLAY_0VC
zI4jNb%tuf`e4M(}{Hy}Dc8TxJYgadAdR75jyJYQNX7`@H!i`_Mx@>yKBw4#t?K|!n
zTf4;PiEGz!6zg>)H<<3iG;lQEg=yepz6;ZUvu6}b0g%P%R;VI$OD0d>IZA6c82Au*
zawou(tlt$!u|j-&y(Vk{WK}kD{?ZE{_bkm^n(Aac={SXPDvr{7ZuD`cKvrc5&~cDs
z!f~d5g}qPY3gu6xK-E5s-O0wCb(Gc=I+>n$bP(^1$;hSZ@bbm#$cja3w0fa>Y?V(v
ze(QgC(sKe_@9|rC_1G$l8m+dfBP(p`@bVOObc0<T<vCsdb9NNr(@?}R6-BHr6e)&S
zUgKUnNJOTZWooZ(2ADdhzOLM;$Ee4A?GWnAN8Y+zUu3|8yvgwTWEd;m9&}Q?{$vMN
z^94er?&o@4u$^@;2wGhVbdf!v5`n)Yr_HnaULmqZ&qD)$32O1&4B%b8-WPE?p{&wM
zW4rY>U!>j!-uioek<~8>n%);=u_UM26Sl$53z>}`u|o)QkscGsc0i~-2YKsk#NT4^
z1pRw3jlH8bkUBvYpSCC1P7m;7Ik!*Q>A2hN5E8QKxTAzVSrd=j^At#AtSxqM1xi`H
z%yWgvz@NZNWN0_xl}+RESPiiAQULE#0tbM1bEyzn4dAVG(A>TH2YeCIekp5TdUruq
zbta9YuHNj6Y$kNG`6A1ZwUqo{Psf=@<g*xom(a2gKq9bo0+j8&lj2#b#~EE}{Z<<D
zuOs-SQe1c2Ata}wF`sOh=fZ(;KA9_geK%I*Rn(46=93YB%)YVHY52NzTYdCQ2;oT!
zNF{5j?$-IyR3G%tcdt|L$n`~t?yuvZY#retn=evlP0p8>4`T&vC+Ev`JnEWG?^6~3
zKQ6cBM>A3Iw@4PhgJf|%$YQI7^27`~xbArOI`z(6U!?JFK4}d1+)=F5aL9WAL)SDm
z=3{Kky*B6_NCho|=zTrMc~{uRgR5@;bt-vI#_eCnCyf<N8^uaH2Jg`+5b4@UWo9r{
z&@Mu*mLJ`23BF>3-ord-ch5w@^&ARLv&rI7n=B6Vj__tqsJNnp^39ETkVW|JYu;Xp
z5V)4kfb6-AP}Q~(`JYB0t=%j{uH?X5eGBq$v4GT23;s?gNS{{ISkV>^rvABpP5Bl_
zdW(z-4peIJtwsw-TWmr_+eXfBKY^uX)986Ghdnxv^be$f^uoVW9kT`E`wvbLB6j2`
z9moK02`^~HIS^c?*AaFOEldZ=ZjnW@Pb}lWReeA2f0YBN+K>E&R*<S4ynbes>~jS<
zoL@MO^&G#sM<KIK1^;#pOVuy&et9ZL)e+ubNPh36d5b!{jhw$JilyfPT-D9Ie#bj$
zU&OO9KjHj697tr(EEwhd#K!FaaOv+@?h<)t)JYbyK_c=+;3Io}c)0SSB@Vhj61(}v
zOvqZI-{A|cVpcQRz}4W{)-SPA^Er5%IibSAQQLyFCHqb(PxqbM09;Gbr)MoS*V(`G
zjBCiATc_V6+w8fE%rOJ9jJv7{Jc;8NHpum+`>TES<n2mWP2^HO-UeC9bnV(NvC@8+
z+OJC-<@(*O1opooa1HQ+*2dX~;0TrmQtAKgpJT}!J3Z%fYO}w794j>g;MHl|NNaZL
zIVX%(l_pv({}L<k5z9$ocgi%UQu!X>^mAsJ0~|yMOvPSmv%HMJrLX-c=NGIXwSB_*
zYX`8j#Yvx`0W1}p?(Xj3PMsd(o-w;B@i~#*87OAk*Pa8?xV~&{S_r&OcBiYx`Oybh
zx2cw<PtUp{b4J#c4#;Zg;r%VB&9f{WbRXcJ%*}eu>A^lM5jn3*f!<~t1WR*-^3AI}
z7ar%GVLLm|G7)W~Utp#1uaveSF27|m`nF|r{xlw>w*Nr>&KV#L@Y73&Dya_F^WExW
z_H?3*8}t433#_!iO?3dFk3oxa1Qq)MTmzQ-#5Uf(M!!eb&G`#+L27H_{6!v0yJTbj
z=?kpDf$?J=PL;*q>vuxZG36YPirN1i?up0y&o8hdzd3$9r&AU?0bCRHd*%zQboY+$
zSDGe^t&{Xq2>fr1@3$;X7Pm~&ulWnC2(OLrw>d*UBROHe4Ftbe$M<_BT^4Vfq~9$B
zzgLp<%aFyDlk}@5_`RH@Uz#jRlk}@1`28sfT{2|xvPt?aBKZAre7|s-ES68wuZ-Zg
zC&_#kSuCBT-`NDe-AUFVmDc5$s9zqzuR94{95mK4QNL7z-+v{U&moJY2r33SL65Nv
z5}D<4hkU!R)XIaa4fB5cBzpGf5v+9oE?&<%rcgcb1gkNU*tex&>NPD0%8W7oegrG+
zk@zvx3^oS4<KAfd&JnB#zfEZCWNmp_H0z#BHh1&c?|Dknsjud|@X;|}&CuEAK6Tkp
z)i4G8U-S0xRVWGGqjWF&%@M2=j^eU5EB$WppBTH1IE#-<uCpiFC-Y3PoPM7A%Ci$<
zFQ+=*sqQmooXOtTWP;!9n;UzbUa#!vy>Es%dkbm*BaGd59=cBT%}j3V{>L$_z;od3
z;-<A6eG{oi-Jtc~1VMehtq>{<gLj0_4)5K%I7)1tmp4^M%`va)BUk}77HfnW8f&bn
zp|QrEn)sN8iewRZa1odqXC$|iuReyAnx7|!X_pm3@-vgebny|a)ch<4Q_VUGQ};Rw
zQ_+vc!}OngEH>}5f@^@iALKyGqw6sC+k>E@;S3b1^DzIzgCb9+K(HKS@vhk@(#Gcw
z$xne4;Dw5Ujo{y*$6tB9erG{5@9&=qQgaHsry~=j=2W4gB(ET=vV-&2SV7N6EhquM
zCGV>Br0v@l(CZHBH8qmN9Z!6YmA)s($9sXrdkLQ>;*$>G(qYKq^!B&F>EoOXmiIo#
ziu^cub=*s6tT|b`-p{d8GlIupmWOH0;BNBQ3Vw7HkAr!;ephYzJVNWlxauH_dmT37
zVJSkzld0q5s>#}odzLCxJUL~2T=i7@j(avmsCY7);1T~kk)F3<>?ZcI4}nz2=aeo<
z2XEc%#cHYU6WfP&r&3>v;J+Qf^;?!-^reQCzAcRAPl0}RESWET$LCmSZvpRsDJD0V
z#FtLCUN?V^mF{Lb$N!}@F#LNn{tZlq(IG62^6XnN!M~B>KfsmGBjXSn_=wyPe~7ma
zwSR%7Hr_Q<^F_R0^vMw{5je@(%17wF^nivHp@ELKB!&7lm;E20r<snIfGiR^_Pm9q
zXL*yaWQsGN%3k&)Z*TcT{~mRvYJ3|X0+93?H8behPUAZ|)L^L&$zlf&uB7eHGPN%O
zzfg<y`g4!+@%nFCg8s`(BCk7b^d7ByW~0b1E_X<{6{Jp%>ikbQs_VP0O!wPBBJ1B_
zBeLx(wWIMlXr0VoZaf1dv)pq|D)(eQJBsZMJ_|_qOrd*2(UjzR_D7##1=gDO!Zf-!
zw5QR%p+7BtZy<ORd%u&#M~V<gou>Fm2Y~eN#`_%3Uy};blS~iwMzPXf2i|0GT>BYT
zx>xCW0J{DlxRjlQ-^m<1oe-R3=65c6yK&E)LdDJu2u^3QjWRO-O?3W&G%CLYhOU#y
z!$f0`dzK+o?93W35Ba)nJzl@ufwB8^`7Ie;@uygU?@_!a+i#D4iWT{AY`<+Ep!;p#
z0Nrnk2JtvPSj_fYLZ^ABxK`(w)~f$B*Xj(@9K_a{XpYPN#cP&G_Y{-O-FTWf<um?s
zMzPYpobew|^?k{|7>`6<{MHHVPSnA6wqA)km*BdD547&&>@B44-V@ke)J@~R7jyC7
zSN6U{pLc55ooH7R+rs?J$Qk(2?UtaK#=7l28|gKV3x9!b?BifGx){1jKo*TSeines
zJl3>?u_w~e`W?Btj&=<R3z?2)_v;zDw2%Xd@NNOSUytbQA}dH?n@~~B?$<jDz@`62
zoS*34urqddT@Me^>e-9O?(sHkE;o@+Ats--6WH+SpJJu`SWG^<qf|aYqw?v~u#|}V
zA2D_}Gu?apS6JzupIrBje1es}ODGI`nLIBgIvmmeSDNIG_zH>NkPW$;Z}xvDX?L|r
z2Q>1@+l_n1<i%{;5c;1^-}4jX=~VlUd&cA`@wo%y;}&a(UicTzm&nUk<8Mg5LQK9&
zpo{pd-z7E-$YP#+pLj8=+wMw`waMl>nas7%j>%k_BPMf=PLN8Fr?lQ=!`ML<m$Fz=
z3A^{Xgz-Z&-{z@CyuY4r_6+il(qdn6i@Lh5ymSU+RX5Ul0dr;u52wxA*V=~i4$A=2
z;ArJM0?RPQ?$lZPTIUM#{<+ZoMFUDZ+>r`Wbu;e=#J)ozkirX#Tb5a=%)@akIf%?J
zEN;2NDpWKeYX2-V-C5ap3@4T6yic$q6vpf>-Tou{t&REQDdS@h-UR*Ah+_JO*kRu?
z=^p}zS^o%Dkm}jFu3Ja2QZt?DoU>^CJ7QNJcDH$MK#tNo$vlnVug!?roR9%=KFclX
z6ptH6umT>oZ@K8c^{an^H<HonwU4pVmwR#><_{lZrSOxOj)WnqBWs4Jj_eu2<7j%l
z$%aYvS0~b6iT>5;=pfg>SO+E2b2i3q;v1ZOXH*kG`!5{<=}3owihxq3ONk&wiXbQ;
zT|_}T(jh>o(xgaN1OzE60@6F7D7_;fHK8{lp(X^9+|B!*`|1AghkMW26Xxl^d1iKY
z+1Z`Bxd1u1exjGy*i4Wd7cgcdtjX?wBmun^a$s6``&ToiR<&+T#B5#(b+-6hNY%$A
zBqQJSbs%Tm)PMqL>8B>}PHHpoPU>CYoz!o@JE<>DF%^kV+v4)m4Tf#%z!I<h49&)j
zP+ET$zJ=Cf{b|jCnI%TK#*YrA+am3=6$fQ?Sr>T~ku$&N(l<rJq&1J(gx3;(@pi^z
zu3G@-=`BR!fBxlLOB^_28|aX+$S-R4zg{SV{qWgOVB3<5{iL?bHRVOgIN9<%2Sr6}
zY-J{_bd08*;QO>n*Di}1@g1T*e&#(MWA;XOOioSuU8Wkv^8Co`cWnZkw<MriVR=|c
zwV=)qSYYO_O<Og0L?GkIEoBE|x0Iz&8`_$tAKM!<PtQAWKA$fVUy1k~uex_j|C&(F
zNoxHPk8|u$zPI2TAnWYfq5SdR1HZ*?S_tDy25Yiwz}DGV$-=`xnMFAYb81!BMU^Ly
z$qmQHt~6Sy-y2@&@xODD<}{T2G~3Sp^yPcp)6Qoum;5CU<Z1`X^*doXbL+NQv+9Uj
z5ZRiD^}1fSBWsduJkP`;!*S>&E^fwuca5gf*P{=3_H9xwoLHAFJ%gMxd{7N(c*Rf*
zJdMEbi5gV?Qf}mOzuNL@$Ghjn`IVcHmYq>|O+RBB(S$#?+16z*`zqu%jN7Oq)AKx~
zX4+G9Ru;sVb~g+6L>O0EXK3b^(3A6DRY@lKsJ;L2lFZg=G5r8uk75p4`WIH5$$q81
zzw0qgZ`zyD!h(Pp#>3_nXyg5_n-mh{w&N~g4D-M|8kx0+{>U(|AFk?~${dNc!`25b
zkMz7poJ&9T`8EWfVd#pd>eo0Pj%m4IDJM4^UsZ}ZS_!<YBcG`}qn!7cpsQOt2(j?Z
znLlmUgmdhFhJpj*8?2h1vP*+p&HI<pU>(9iP;$e9Z>bo+T>YK{Qn}l$ZR>sV!hy`I
zH~oJq^V+LSckJ*=w8$x^!56R~+q1T>>GgZX$NV3~6Fom{nL4-P3uHp(FfwCVzrnd%
z`!7!*Z|fmh_|4I*->RklazAYL$DXwoOawV)^}qOa6|`qp7wV?M2hS9$!O+Qsj7eec
z{cUkCgK=c_ugaAAAIa1~b(CFa4YxKn`&U^@{kz9rx6aGYdniZwZ1P%M{doA?iv#ET
zBM*PE(_Djbkm3IqL`bh&dbGd=3ejg*__%VR8ik~hUuM8w?9kU>K#rLFQk<(57f4D)
z-n9Qk`!_ycDNKVjR`t<NO{)fb`J?@o1<nv!*V$1_i3WR>Tu<Nj%poUEc~4Xuc3u-0
z!=<L(IIqJ61{)G2K1n93$%MS~&=PFmH<}D`8qNM4<k%6MP=V}u7q-BO>kv=e%9)Ki
zMP8{10+pOBoVZ(jdS#m;%t^q#ysCyn4|)#0$PZdJ>xD7`JH%!jeiKN1GJNdefKu(B
zcmHxM!S-^(r4$s^>Ol7ee#5{M^YYMjlmf(4)euwRnYz;YkUb@5zFwv&QNA_^+TCj<
zmI(UL=Wv2#l)|e1>TNY(2Nw1+vOl?yj`F<2gY>otnfg<ia;Upc?$*}F)sZIF!3$6B
z4gm8Q+3#1T|F$_iHo?2Tz|{Dyc?kIbj2}&r#=5`2CL9vFd0rhV$#l5ox$vx=zuHKu
z`D_0+Wdiol@si^OYDpkb?=E&}2ysE<uHaK5rpB2fnF&vFQ{{iL7HY?yJB(55JsDEH
z$~fb>fqr%9@kIH<id9|21X5i)`<_MH^dH0Lm@~L)Zy8$$Kq}=+_=X~1>=SDwk_eZp
zCyxpPzc_JqycpiEdG@MT;nz$6UzB7gs{IMOq(c3k<31Mo`~(udQ{VdPjrv^-K5AqL
z@hqr7%$5`8@l?&j>1e@#z#n{{U4Pg&ET?PB2_+{Jdg@>yCUtC@+7)nT3W}D-9Hjr|
zl?hRA=m5V&Ne3y{X|X>UK~?)zwa1JMoeURN)UkK}Z8Km<oVnYg(%(xrxN6=nyKF`U
zcWLmj%CT0vo>-7GKk&mwM>VP{CJCJ*7WUjlSfzj4ybs}k@usa<Qjq7La?&d23?Xe8
zQxQt6%ANPC1@7w{QMjC)fqlR`ryUn6w4e)3(z9k^ahVs?CVsUe_n9&k^{i+j>~7C&
z_e_A0Rb#<8JonzKLkpRXT&@r~2XD<&?J_a7R~~)XfTy)VJX{@P1FJV2Rrp_^aLQ9W
zZtVeJ;lvT$ZIcsKdHw|$yP9Moy`u_e2M+!U8@^NWXl!UT&k@7f!Kd)k|6Ts#aZOY2
zpGp*SgHi3925|TKU43@fNBb^+@e7Af?lC}Bts0R7tF*^~M$(~UXDj>VfANQ^7HxwD
z*$O$!fl(71mTz^E#U$=dZOHYat7KX(!w0OA#msUR_=?98v7G#H`!$P~hbl6-<+6P&
zybK9`4l8KrU$t<=;*tiC@Yk)m&n}kOErxZNCS3*R#AnIPy}~aEtW$)>4|syY6k#hD
zU*Liz9B2F`c;?^<B|C(I96W5~gg_WuZtWZ}&VUfcPTX$gGChCarK!m$B}jK`Xp@YF
z=|$E{p9t$LH!|aKL!<%HqgH0=LBN<JN0c_@yYBa<QB?7Lfx{DC$3Hk_ufO;cr%ooO
z5PyZ`n%ota@z10;&Y>-P=;4z;i>mo!5Ij;j&!}O~>Qu#V@B8j<Wtr<evV)oMR#Ai+
zC(SRA7bErJ1JZzdh=VIlR^$hz;TMRn_b*A&UY)9JUS;G5$>FVX2oKsOMtO==#->>E
zgTioSKCb|Z#R}4ZC!L{Eym4RzKSNV2*@18860=t$)#4*kw7L)zv{RMWi;;41C%p9r
z!h^mkm+T;_@PBk{B7hHvC?fc2o2EzubUK%~y%Z=HsZ-wi98xd#kfI-V<}oxW|8K|`
z?f+4m!2CbK=(-VsAwO6Nhln5ysTcW316(_o*t|fOkpI(1*OI#Iinw3`3v<wcLaa#e
z?M30YBEbxcj|3BJucE636a2eW<=2ryE3G=QA}urrZ<(}UWC0?Y6P`UdD&rI5CW0Yb
zD9u5S=7a(wEK?*{<6#rQfK8R|0L-i<8GZ4pXuHG<_K;0(1ut%VGUY}1C=$%GcoAO&
zj<`@N+Ll}idn<xfXezjsATQdDyJ=j<b<h`A1bpHZEz-h$5ZmUvviyLpo#p_<tOdJ@
zW{fLB_uy2Ewtc+dI&4YNF&7J(69Zn*bdg}vMYuqMf2XPe+y2`NiK6XTL`R+oma++^
z$JS1L;BKqhgA*b&N<?44<BN1wIsl|5QC^<65*j)~WsH597XbwRU7@VTCsAJThivU!
z2Pv#tu`3<<B3P0|kWhje9h$1D?Mw6pHxvn7>6mXV^{Tp&V9U^`&(_X;P##xQ5V3GG
zVVNcXWPC#Hg=Wzzh_Dh)z|$N6P@3Yr$~7mxdD*G6*<3+G;)?DqW(U8DZcQiVlcDOJ
zm*nw0%OVG}7L*=+y-K{Ry;DD+&a07GOSnsQwzb2nz=+L;2JKe#8no!ds^u9Dxo3Rh
z-!yhT;ovPKVKxh)7A1ncw^+uiW#q<o5Wu2kwUW%NmEDDtFWNTsD)^Vld~m2a(YkUr
zyRo7cA%eAPO1Y6BpUiyV5LYyX@VJ>E5eorU`}DeF8=5Q_{LlGt1l6SlKZff3+@UV~
zhdG{~__7A3KZo(F-ouxB5jM6b4qFjwfhXG-9R$7y5EevTpmkD`p)?0@K0rrmQIc2n
zUf9XA75oMug<nNWCiC-wX$}fN0Q=VB1wg?_4$6psXb<{Q`1wGw7ZYD}`WC#9s=>aO
zv3<c`HdzN%3w<*CoV9bf)k;(*5YcMWQkqj5Ju4e0jpK^JTFpQ055F2<rtFIz=5(*1
zz-&cZ{iO>#f%gm&H5ez(#w~-5;<gn_jFq&xO2(V|bENVD=app28Yknwz>oZ0V0G~N
zDaWJ1Wsii8wc*+=n~)t{;e4;lY6qSh^t8rD9~sA+Q1Pq=;w7x~F5g}z?&41KoX$tH
zP7owYmF_vJ$(hw__v(e{N1TzfkIWU#Ekav#-5uLzYgYVi7PbeQf?M6K<ZW{5Rzvq4
zH7FvjAyS<~b-wdbkb5>G{^ZMfSW~X0cYCCS^L^1CKfm0~fY%Lcc@<CRy?w2U<=}Vu
zW=DV7(DBn<wMuE#hDrS4cy?%@r?BKNBbdO1>d!_^4QJE5ByVPN7BjHiBNIAeq8#ky
zM$!FRJ@@81)=XpziRWrGaUPLtNedQRF7LbeWH1;n*T`VN9d~+>%(XN>T-!SOfyI?C
zM@>JsB##gM$*Iq(m9^F>kGWM~W-)W;U}j&mx+!zGcvw`r$6%ZM$qU_{KV`q#%%p^}
z8m>-F@5_vSPV{3FG3PV}AvVl3%AOZ0{yF&aDtNGlTI)29j<S&%slQ9wXn*$W$3afh
z>*|dB-AQ-h&6lg~(j)Oo!8NT~9DaQIuXq(^O8QPBd?(|0JiMhGA*bt2!Pgr`y&w+9
zb?;oiIfIinP5rgOQD(cAk*s##%G{SGM*hX@y>rzaVV`67fEjd)4lZ-e8pzx!Xf=Br
z8T**dR+gcWUfkI_FR8QMPdxL9lcuE_)wB=4#tYMh>y{;_Bveyh2lVS--r8ncK{{JC
z{2|=XNG_@N{r4<b;Zf<-Yt<1U@mpBG;TqNK%90mvKa4g>_Z;4t`FW~o_!XY`mu`}J
zGI;ScGELVt@1t~5lX>t6h{S8q_KunGNc^6oM!jF3-r1hK->b!EjhWJ{(j#??woA!E
z<3q0vXFr!e@Ray1H+46uDeI<blCWH#v1tN?-b~J5y1u??x#ahSNV0wSYBO^<OH0Q0
z@3-DHm4A<x*J|NvWU<AoRA<b3`@w2_tMGiQHNhKF!}-PeBd>;~96YL$6K;5<Tf~0P
zjptQd7AjU+(l#m3U$U)NI(Tj(Y)l^iPPnu=*x=9dd9_E6|6<Oy6eqU@R}-e;9Gdn8
zsrJjj8<O8#QV#A_Zti~9(|%#H_l|-~bY0Ul>FIn;`($t1V!r%<(j(u~zr_@cq}94K
zM^vO!LOuUx)3mQ|a;VA=2*T1@-E8)5m_BlT`|W$iWM!S39#`pxX{o}Cuiv-EXTRP4
zVD|3f`&X^0gc96n!AA5!Dypb%vlpW4Yi2Tif(Ym4<%?!y^u2Eta95WD!NKbhAT=@?
zX1=EvJXhl<zCt*ZY^xBy`{uos;wh<}i1IC_k2Fd}W9eV|#ATS<uHpmNx4?x7!AF|n
zuy1|hwRVl|y{nee;xp3QXO@n`yDcUukVi|&CDP09)A_EE8CJPE>q@ppN#Ci+4c4H2
zCoEppIi=4t`F(etI|`1_jMApNMn5_o+(xLj9Wl6h+U>C$bM4e%A-GZcvFxyGY~?{9
z{m3a5f2{RTLW!)8)Mo5x7t{OwNv_(lI^YqPGrq(@5=<6Y!n%Aq(zNuXEKjEX&Ym9a
ztlN>!&BI11J6y{?XO`~XyXXb|J-41|oW-Mqqdpwnx<Z`W?^n1>o-c6nhrVnqjfUO(
z?}L5KwYYDmT@5T0bu^f0GbQ9J%JZtk^_r}|Yy70)#AF=zs}R9kdKrbY@SxuREOWz2
z`xjh~;6IMm0ACHNQGV^Y{VjD1ojd;Fz4?QuCeXU;qpq21B`r_aq2z-f-ZS2r-ZH_X
zX*P}rXEUJM$Iw+cjxh4+vJ)1K`-0Vphh^fK`B?9%tq-s~x{}9zbXgjM)v1pO`}(-4
z$<XQHC*;-8J5OzHAHkLi@y3j?-^WTWk!6MOx3-KpnU4fkLho&YDsGLf=!tXC>!631
z6(=ciqdhClHL1!X7di~LW^RYFrQBsQJPB#SLZ9rMqlVMCx29s`erH`YM&~oavhx`O
zoK9yqexHyQsA-JFf^`)x4kX9rMJtp$1E!Aci#(?S0IQU^ZFkulvNvwx&9FL}$D0#c
zFFHSMv4Z%==z`glZ&Mxz{`32{w!?cbMWR^WS?JZa;)V-Wz{V(G96HgsZ82{|y}e&}
ztichJ6)Qm>DwV-A`(RGG{ewjDUgn*^pXO{P58tP}2s@A1=*F#$_}*=g8ZDK#e8};H
zx}p?4N&TAKMyKF&?so0T@pwkooNNmBN5g{q`^}#koEVGzB|o>Xuf#THtHv4LbM<JQ
zZ5=J#ViQtvJy^8xp=0={T>g>-*9&&64{({0Q@FepxOm;r4mSdZET*^1uev{+?B+F5
ze3~h?ur1xz+NSWu+|*NV?@^(tT*dE;I({fs){dS<yn%^1pH1yryUS#PYo+~%WXa95
z@3+MdOIe()(2m20wj=*09B7uV8Sy>=hKiM6n!L-hGL9bx)IF2ewyrbF7|bSEl=91v
zRTsAt8m`UqmBnPyEDeN--s%gkU%XnYKRc2Ws5Z_jUY&`3+9PZ2`C<q2VZFH|UH8G;
zmb==Mat5(dx-~MTuElK@3bB~uTRlmXwl^Q?)fwnv7@f3D(7zmV1b^RBTJ`}aC<K`d
z)y<eWd5hWaTwlpR`!YS?CKXDs`tFGSRq<{o_@Hhh@Ra3b*Gl*z$973L)TVEGH8lB6
zy+YNK*7W5|S&wgc)*n!LzFG7kzk7%d%+YCSsi6|>+VFTHUDqFStV#IR1NrpO<&7#z
zqT+YKh3;ZeaJshX>DIes=i;drD^2bEZw<$5+r?SVTZ&I!sAlox{<+&;KP{+`Zn*n9
zO*CiT(AMJv_Ip>I+6Rzf&1}n1{DQV+#!V*E_X9sb()pdMAC=}d`U-Nsp<h={RISBC
zxc+XNH*4S0&z7C?tWaHD5xPiIH>IC4ozAIf<ywHW$%*@Xw{NL-MCy`gseBP)x0){R
ztCP6l+!SRytf98qx7+lQYqnipD4%pSEaFmuD!+^a*mR3!c`YCPH7|!{YFJaO<lJU(
z2KZP7UiQNBhw_@^KkMAumP4^wjqmrqy(+!o^yheJO!U+xd9%eI*e&C?Y#7%r%x*~S
zE8>G-L**>0HDD6TdP`M)@@QH=yZ6_FD#F{L!KPK?`61^%1g)K3UX@TfW%e>O()ke1
z^wmZE>+B1Css!PDx1Rxi?_PM%k&Gk>`Hj3$)fx1*o}{j8%H_Rj3>tCzWnEzu@FLyP
zQMp>zT=<3akaU~9wtlZ{Yag`m?zdMTSzXV_An(GKRH8n8@-I+p8m(bXehOiDbfnR4
z`}srlyAPpO<mYaS)dT5fMx!)kcXekU3QuVA5mwro23@B1=xm>?tsJ_jUhpFK9(hMj
zM`lloe-G>{Oqk^l@e{6ir_^qC>qFeB3of{lS$7|;F*310y&61UUMLzi`>8I?ZN%&3
z_{BZyUz$@4Di|tDh%K9z%=Rz2bWN}*_W?Mryt1T7C`;_+1QTJPBT|0(@3%R0SgFF5
z?DP}LTZv}IVW@7a4<0?O$*E{$c9^N~NyNA1&l!lWxXX(NKkRDh3BgAB>juel!Hoy7
zQ{7)JCmusH4j<PzRZ9zIz2|%{XZu`!uPO%GSzFu{vaQKxKdFj#*(I<1ioLFpA;l|s
zx2E22br;gU02|JjIaO1{ad>z^(pI@4Mb}^0Jync(J-)v+mOgUtm(^4n*Vtys!)Fo@
zEi!T?2^MZK&G@JK4NKO>`a)KBWuFNOMd_PrHO%Wpn|>YW9?&o@?B2O=T-{9yx8r*J
z+x3C65skjR`0Zufi}5?RuVa5GNX1#MDn(w?ckxdFj~}UYgM5}&C*o$;izI50+|oI%
zW?~M(Q>bS?XJJx1yT7<z?gn4aI>J^jlz+gx_nRMjs#sL4(m2|+u+M<2bb?ES@9g^(
z7SE2<+}3h9DM_TnNVCx~RkPEH7MPsBeV=|Ce%ISO=26dJlhC~O`|RT14+aW&f*P&)
z$EwGT?YRfZ+XK^>Wq#=9$qwY|DsDZ}`^0QLko?4T=p?H)RI)>T%VV#&Bq>W#(vad6
zOR!1bg2UO-Em)Dx=VxUJ;opE|{mR`;G1rCI+J$wF2yFCa&;6(#)ZQ_hyIHH&A%gC{
zKM+`bM^fe4?X%<6zUg&u!PmRigloYKFEzdw`&U}WM8x2mufKY7$M%+yVk7@Ers$X-
zWYB7=$B2<T*_5O&MuyPrz$b#H2XBiKw60ZG#?Bf3?5=GjVgECtS(qc)IaOftMy}N|
z<>T`^R623L4Z*6n&i5Qw-~Gj&R<9m$SU)z%2QHbT*UZh&uIYnKJoGvGftmQLJ=mXL
z*`y!bPG!DxPa|4bN9end-B(|az}=@3+*zW0i70yi4{ll%nzb@>Av9m>^_GJaE<-#Q
zY7*W$$5ZT%wrX$1Ps|>C00u5UY*4Z*2dmDtYfr|jZWo0Qid-+4oU94Cw?A!hc9*j<
z|9a`)#b@QSh8DrQ*3k1tE!qBn-!<Mo5+bQ@DrB!sw|=TGHH6qD68b~CD67$R;#S}N
z8|-RYLeDS#{mv68_t!UyO{hXXu*7qS3pb|MIsT>insFs@`sqWFYZ-4WtaSR)HWD?N
zFHXAj;vv_CSlDH%Xt5e!t*@>0-kfnU{qa6Q4*hSW4pA!d?`m4hW)iA;x}4oGkFR#M
z@*r)6M=5AYXgkmSwuQ~?%)6I`cXiy(n%Y+%rCyO7w@bRV6IkWw`et^_)OK)clqQ;T
zS?p$opR};Uf?0}ZrTv~I^T?-gxXGYspZHXL#Y+k4zGJl0{f?ld{LeogC4(O|4D;W^
zQnkOyz@OwH1;rFrMh)36%OLi><1E65X#-ASo-1d&(#Rm=A5A?SH*@Jc6F$|uGgWli
zjiO(b{H@Dz2;4wh^8Cil@~qA+7`$|kd67PrEB5cbS-tq}cLI>wf%)buuHipm;My<I
z#$vlonMZbipEXE%Fb5z_xZW47pVX|BzA~In+p(?C4`{d0{>;Vp5|U<Kbbm8(OVa*?
zGwk42qXEOOTP8Eq)>cM41L}l9N4V0*4^OiR{kCEnx?iQN%IDclho@U?d#3a1*sH_@
zrrp$oD`!|ARzCBJzj>?R9@naEtvH{B#M9fB%o{AaK@*j>%{Rfmr-MS$OYyGGsu6<G
z;*&3I%Np8WCNMnF`jwFU&_?&pa(3&)PN^$TusS10>C3lks@N86cy4?B$xhTXu)$<w
zT2n}n!QW5U=uqy%3A0X>iGdY8!^OS}anzOp`B@4x>k`<-ff#p+YeJ>+5%Z^;$Invk
zvT9rVh%1-cWlp3mlSA(4_gYunk@BzDn|8OE;Sg7P-SI3nzWi=hc2}D<h4$O<4N#4V
z$d_E2XSKVQ-#-Vj8<8|T4pSC0jhdqfK8=XxS1_?mYlX#?t|y7}R4e3)iFn`p#^pG`
z0*UfJynW`$h<ls)$9joo#%I~)VVi^g+P--_%LsF(+%#-xSX?NhA|!6$ZTivU;d+*z
zAJ|z`v?Sv`U-qvW^}f0>{7KLzqV4s#W96ie`qHv&C!?sX*%U0yHb8EP<*>Kn<>b)U
zS6SQ^Wrhs0Q>*V$ny|pD%Oh>CM{9k)v4|Rd_y^xxR%mVtK7VR)@p0hX2v|Dz9r+!#
zDxu6kQDe+mCu85G$m1@Ls)8>bRiXivmUGJuZY~!`lu9%hze*RY<^;o%Cr08&vYO)J
z;_C{^A7}0+mDU>wSJ6-W`S!$zS^Swa^t9$|qg?Z;?F8AtM!jJ(>5%qEsk_rpoCAIe
zJRTkoVGTs)-=>CqF&VgDRT2~x4lZ&Km_52xob`cM>?i5SkkNogM)}0KyZ(ZiVf^8f
zk6%+orBx=REd77D@1!*t-b*(WexeZ4<0a`lRpa0`$9tT;k5kS|pIOsxEEL}Uqa@3b
zwf|(tMyoR1d@Xy5Ef^FUURfA06|@eAzaYJsXuI2$+WzwA59?Q|?Alg6lp>j2aI+1z
z>)ektYwfFLcuF+|i{45Z_bA74YqQFwVybwJ{`@?)!3XH#2^>fcvogM)!20^2B5iv)
zSr=Yoj73aFX+2y1m-jV04>T9#Q`5rUz3y2n_I*bmv*@5P_%HE+ti7{H$XY@wOXxk#
zF*QC~_j8N585Pz9H@w!@h<wJRkEjrlH2kADODGSm0zpu70{m9vg7Gc)_E@3u1UPm(
z0~W0<j?ovnyEXmz^}gMMKf#J@mRQR;%amvh>g4FJ=ShzP7habXHXC!vRT<NaaFvgD
zRO<yUzR~+yty}2+NG}i`PdlQd8_ye9&f*dhTl6EejHSgtO#@<Ru07&v_WFWL@Adu%
zTKCZGA~#hlXT=TPSAT|m*gmT2)9{5f7S-7nMc?why>j9bbN0hb<3hr;n;KsAc+K+F
zQ>3L3+jIu%pM;R?_?Ph&{t|n`Dwg@>a@n@=^2fD>vTjlt<Bv@WABmRO+vycjmQMcc
zdipx{o2;AO9lbAK-nn>ZzCEqfV3kRz`C>-{Z!~nyQT!ZTcJ(%WF4Z-mYFiqiN@MQ)
zHf<UhN>Hc{@kKB2xL)t&S`w|_VzG!-SW&dR+V^M<m2V=Fuu@HbkZFd}doRTaPBZyr
zx>y!Znmg1EE8}egE2!wKpEZG&iZx-uIc6hQ?~F;%#&U?!$IetS=y<fr@*X^6WstMs
zH)9XE$vb~OA!YL>RB`gM+KU`#7yQp!G(rAAxM&1)gDyJSbh%4EdJ#kGofL<Z?N7QR
z*jWCgzyAIKhQ*sT^?))}x$<d9YAdJrBcb&x-q{a4LTH-F`7}n~E=IF>Lmnp^-S;q{
zX=d&ZrSeWHSvR}VY;`9CEwJtpwMZkh-cZDgHv76&(d5Bs7UxNEsQN_R<Hjn4##=Zm
zbs-+J{8eC<qM4PS#k&unWA`r3Vh6JWNW7m2a)=8ya(cU`LVReN>r-2=dJAW!y2e-^
z6&~$-g64;G1f4kg<ENNbA*TSR>e^xZ;p20BHK}*szBn8zeE;BOfBU!S#jyTI5sP0<
zaP;0&w~LkE`9swyo1@}9bt#*BQmyEf+BH?n-XFAITiv^_9QxcdCM+6%=v#tGh1ns+
z!3U$-A<!R8aHhdS?D7#VF7;qLb}0J`hc_#~1PD&L?m5}BaS?Q9*Ym7rW5JpGP&}+D
z1PqVENR$gSQXTr4i+FM$R+J0qlt(XW_sg-#-Vx+@(4wGb-9eDQ-jOS)(C|l*rdbl8
z+uiz_-asguY2uLiv59Cq2_0&53hjBKV8>GG6TOp0$9~nv>Xp~LAp#r{f(ks|jG1vM
zV67bLW)A+VTjxXGiGpaam`lH>scV>-`v()WhZPk9eTSzS2i3HPC3pJYgpj8~iZnua
zZUaRgK{VU?t;|%O$i=->h$~I=NUHMA`=jI1id2a3x_0(1C{_9R{pvB;Fo4sWL(L?t
zZJwqX#kw)IMA@8~k|BxY?=R8I$llNvKu72dqK86LTPq`hG%uYzJb!aZvYxDB+tCJ*
z^0@4~vC#)3Pi<X$Pm2yMzNpX{Oc{#}TKt;oaijO5k6#qn$YEOJz$tUJT%d2wnRPwP
zRIuas*X(Qo4pF(3&d|+F+Wj!HN!6>(GJ198oa=_6bs_kVf&rUfHnylMQgcsVpI@A~
z^^1qp1uE67DXwR!TH^5yoZhbd;&#gn{h^qN)iF}B*@Qjmo%o~uIxcU|;Gz()Wt1=2
zybwR5;b9dMyc4s?cdc^aY(v9CCkD&&b`dRrJ~Kgc6<;iV*;s&+tlI{)g+P``fHaFQ
zkJX~N`f>Y*M`NG|sgQb&pj@w|*To??ckK`d?ZIq^JL}0+0*!p$W8h~Uyh;6V-D^h*
z?=Z_i0<9Nlnx}LIXOATgU^jjvqvnEG^Euc}Z%YnVyA^li$agBgGr_N{FIx$Agr@Rb
zXr2epF)FziUmgSB8!7=wtdB~)=zn+~7RKqVkdy(k+cs&_;TDDGD;)WtSvTNOve!GR
zo{H$Ot{-rT!VMwkL51C?IpLTNyFy;+e$|t}^Sz0y&Fwcfw&D}dRn239J+wk#72_%L
zMQzX@0t!5bxO&aj!DYC>EG8$_>e;Rm?Zz|wvzQBkRS4tyve~ZMm1cZj0&HtgZS4L5
zReyU)^rB_IJLE@5D>7!$Cnejn%(*|bT_cEEAOP+Fq>ZYdFZAbAyjMZQA|vPyn1NpX
zpbN0)0G5#uKufI~iW)<$1ko>I_Nw{3J)g#Ta(WA!x7fW{4D4ImK+3eghK^jzC-=X;
zRLd_(P^qQ!=1{T4ht*Mg4}m1rV1sHPbwl9vV)XWi@%|UPNX;*K$}40@4fO05YQX@T
z7z~4X>QF~t(^Yf|%kiBo*XYHOYn%3uQd>_CSCO?!9W<$}7l%h{c2~X8W)A~|H}hI=
z_dn`vy0{;6#v8Th$u9=>ki7w=28sEBim}GvT^-z4(CL@3KPmqYL?2=Di?hPNEiaGW
zpj)HIUbYFx+@Dw#%ih?g9BY44SZTYqrTk_&{@CM_j#n7_7P%s*`$HH7#PpLeLWOzD
z?9&#ajdROXvFf){{4vSs?5axiG5e>+wKnoC8%5;rAke5JB7|w{hN6NR3B>S|gQ8Ja
zko+i}*Fonw?I*|^|2NCw$4QEwy+J&qJ&N$yWByMCzk<M{l4~KHTW>)<m3&)I{$G%t
zA+T#Iq+9WdjjJluTfY^nx`V_=bw9;=Ek_>ve+odf(QUOWB74p$KQXR`P;6=c9npG|
zyrM$6HK!;UC`Hg8bs5=Z0JBQ$!kEt@FSfGbgHcm+IEgo#NDhU1wrp_1n(Ej}aMCqy
z@7r$KY9`k|?SITQVp>U(OV+=%=?6AQeYJsU{n&nO9Rv9g?<pzS2S-;_3G~5L)hyJL
zVZg3x>Xq|Ru-p}70tT2xReKK`T1Tp3{^DHUQOhLQRkdFMTVKBvjZRT+4a5MScR#&;
ziM|55rxQI?fvvg%5A}Ex8cd2iY+GG%VD8wvTwM_syi8E~Jq5nD@&GAO36444y2c3R
zS&7}uL`qt506)3x1Rq??K4D`IS8S%z9)M>+Q&t29k6Z!&HMNG`?ruC~XDo<7?T7we
z+rldT><9@}fs8<_)G!cxylu*U_4$Ph-Y^*!uz{36S2k)m=Fi&AhUu&#3mNorNw6q4
zyw~B;Av%LcFZvj*{{SSqY^%QnF126G7e;$(or6ArJ!sA20@T9>&g8C~n|}E|G)AEd
zJ&v4jsB}qKFPoA!I|t<%Ww%J!=|C563xT~_j-ZaKlGAGu1J^-Tx#dG+5od&D_7@jp
z{YF~}Tm+}ep+nBHkHzbZ0eEDSgsXXCh(S|b%jG|-6L_nHtHh9zQ&Q<4P}<)A&#CZ#
zwZSv;3xB%DVyOhfBccD`&UG`^IUbhH0!umhKaaXIIV!C=uh@h*=OWE7f!#+P)a;gL
zMAsLl9_=Li)`DDpTBP#~6-pGM%_JU<Wg%Fsx0;XtBzMut>DW#9mGB2ln?^b3Ni-+C
z4I!wT2SjI&9dkGiH@QA@?5qkEsBCDiboYH_-M-WyuDk`iZ?q6>eJm?6<u)Y+@wV4D
zaUSv)iV<?u0Ht1Lxr!<+U&FO5<<-sTF5dy3rm|fLXfX?pFJB0gCtHq6E-$-jQS~fs
z)}?l6Fekpm%vxVhJ=<l#;Bm;em8OV~7A_xDNv%s;+s&>cBDn2}b6ebhaqLu@CtZJS
zdMob_Ij~ye4G$r2HJ856Esyo@1(&%xtx7<|8x01WGV=zopQMaTO^MH1UD_Ir_6J`3
zN50(@qDrTkej{V!l5Ky>H}`Enfe+u@%>Hw{!6c73|LN{nG}UBTCRoE08gVW%;~ko}
zHFr~`zAjyN_n(q_U@+yg$|_f*k|p&q<xPmB)M{nReItoCrx{xdpN?&cTl1?P&e6G!
z#0c)rsTYvW9)HX}-eqGB>`0^w@tN?a=ziQJ*J0l3UVfb3vN;{!F26Ue#xy%+>uOor
zd}zCLr~#=hr1Mi)-U}-6vCYbxyd0)~iDTdKxVRq@Kj$8V=h0{;`C_M#C{!&iT)Svl
zS|+wo)m!+vF>f-hcRJW?iS_R%)@RJXG?<l9;Ifs^@*TgvdN&wi!KWiHNQrlpj>&!Y
z82(|ap!|=G60{20$QYOpIa2jGy&Fj~+Q>0`+bVI-#<FdU^{+4m`@H4tg~~HJuyop2
z_xN9T@4VN={#H!osCyWol^T%Lj))5CTD^HQYZn)M*Sw{NN!Dh`aG|AqArF{s3!Ab=
z*eSm9XxM8knQGaY-R}*TysJzh>G}AzPg^?F{U}74Z_UN#ly&(d$Ip4+cl=L`e$JoW
z|2nHQ2Yq&g9PVv=!Z09IuTLR9^<?+1_=mbxeCA+K<)7M)8>nlU-vY|@4SG@>?4&x&
z`6_pCL8L>ce!!xF0+CrxCN?b<64J_Pme!v7m}`NLY4x|mE|flPwVN0@tGt}!=?)uD
zFr1d2YOrrv!pDSHak^}|4irPhX+t=;OW|+asyx`&Y1@>HyeC5Z;(LmUSO-?hA63m^
zANfPVI8%@>89C_sPe0{(OQqPiCQx9Q4+iL-{ZPVVWYV@;e;poB;_C;G?L6Z5GPas0
z<ItnPT=k=?wA6Z(wy!P1V)%zyw}-EtdR2#88!N~@?6UrobWX~d85`|c7G|ogu-0-9
ze%EG13ODhl_KMZC>z?KH1zntLG?S-d^LXn8Fz+`b*a@2}%4ML&-SZL(==PDSDA)fq
zYLLALj~!UPcIBC)&^wO@vWcpsgv^#K6!k9i$^iOE-s$vvOf8PiL`=Y|Y{^bc#XO$+
zD2jY`|9MzH*^=^kcF8jmC#RmTZJmn(?Z&h}E1pVteU*~R{ykDcMqaY`QF4v3*)dFZ
zAtrAAAg1Ea8rOm}*6(1t=L*o>vv(V!TH%HmiRt>V_WMrR9Jfal{v<wf%^PTc&3H3m
zbVfpE(UyNl`=vVc>OUsja}XJhz4}iL_O3HwusfG7&;1TH(`TyQqNp#IT%R@-TlT*<
z>~SDbBF>hx6<lEh@|uP@W&So53-~3-7oDY+oboi)^)IteF3ZVTvb$pa8deh2R_$-+
z#@d5UpQ>zZL4_UW$4(`l5ALEf(SdH%9w2_@O8WiKPKw*)Ie&0zd?X(=KBlDVeG&P$
zltyoEN?rdnZFwJO>KyUCl$!caM$<HB^6nB}2+g%fg?IE*qeF4YI}<kbAoq1hVTSft
zv|=ul;au*G;`%sGVfo!)ZSzyo+14t8jjn6MmxbG*ivKJ_TfW^oDL&XedHSrZO5x^@
zz*{A`m3m`3b;X5B-<Oev_S}^#aOrLQL~)?j(Z}N(g28wH+;3G=$l`vD-0Ec!4Z}*t
zPCEDeGj?`xAa6&+@}Ceq7FDuD{!RJ|RSL<qN}Vlz39>FOcz5e}DN@At%l!j8Q;~nB
zCk_dqi>ZXllBZac;t2U5<~vLf<L1e`2H5n;`&J4U7OlU>x+|99kL)=0*=TN_Kj$<>
zz5ZKR5G%72t#IJ~s-@L0H%y^)A(ysXbZEvD*3F9@;)F5m)JxOXZ6w-$QilD*@!=B+
zsLe|_dfto_gWn1MmYU+qUcR#DxTqIs>aRmCdOP$-1im(c?dh60Jup#UCMhpFjxul0
zIrBslmN#*HElY`VubL_Yrukh^u2+>hJlK+GGuG>=Fd%oYHn&Bo@5&$E1n+Efs=jLS
zUHVHkAJodRH53p8MPE%3;&y*!Etz=ZOO3^4-`6Hb%Tngqw3CTA1tn=4Y~ahh_g;{l
z(udk7J}pX<ul6iKOWcQgC$+{WjmC2<?XrWC6L-D<`CYQL)ah6$Ywfvc-QY(eJqSor
z0<zQ-Tfa>RJ<GKX;xn&Z>fSum)Kp-NSq3M{j@#Q^#CQgoH%0?VPjo@@@`Y1#8^=O;
z+8MM{6kJZSd#UDIr>bg@LC}DIM>1I4T`pA<m2WAs^5a9Ts{0QZGbTD3tG}LA_EH6(
z^@T};PI6C;E_ZnkU)*iiKWf!psIi_7AQV<dG^iZVfe&bIvfQ>&?k!j<_eFA=@XpKL
zDmmxN^nWKfal`q7)Av4hK8LF1kOmx6hWnF$=rfF)LOCjdw>bX*kFQULr0IRvm5c&k
z!k|geecaNS6B5}03xo#n@ot$SLi<d}mzstyT36`i3SyRn=9=CcD<9A=eQT3C>+OBy
zP!Q6WT7%Xv6nyn-zVsj1Z##p}bK%|_==S56a72>llK*M`xW_A8XrWC~JL_4}!nJ!L
z|Aq?N2j8O1gjyU&KE6Kj3e3IBvRuS#!f;#pL2Jeh&lY)E`*d%CI-$B7-COO2BZbN-
zs%-bz=D+=OU7Y!8rSyXr^;<!6)~LyB?#*!hdz-SLl?(2ftD?EN@^{v5y~~yISj;PQ
zA8Z)cex=`I|LVbOb??#0nN7YGr%cyO$^j)At6X8j4~mBwFOh|Blk~hHuSMF7cb2}M
zB)^;gEat)Q!pXoGTkw=YRHwI{X`Y$eOy06p2gy_aZKXqcw!__O=wYD4+RB>+o(4I!
z^U|a*o+@FkFBQEVULv<w`War?1+J}=Cn?DPOW-wQkh?0{+M}GAw6fA)pU5bxtU=ua
zc`!ogeqf!gz-Q!ZEz&r)y7PS5>5W9-7=2`RB;%4upm^X&8RY`vmlLHOBY%@AN}*F9
z$<)Re@;fh*CznEj@W6{M@Qf!C&gh|{^Y5K6Yv7<*7doO(oIQjoWUwUC2&|5JsDau*
zMBySm*HM0vFmhWIX_sV_(VQqo+>@mZrxTeS9t5vp%R%#8T+KnVF3@a-{>~>o#@iLL
zQUbqakwMU*#ICl24eHJ|=!Ok~9AOuMHe$Nu4n$f}6mVWsS*eJ$>dZA_ZsQ!ju(Eu<
z+;`;je7Wi<ObV%gt}KNF&-t<(QL8bAP=s({9vgU(sjSF$?O71=BEfVXInhT^L9iNO
z3;v6@d_Yk9vJS4(sL&1xs$(^~Td`4K>P?(5jByip%Z}<8pXSLWnS)NZrr5;Y;FCgf
zoNGxT8JjtVFVs6m5A6wk1FTHRI9_uAai1%Ic+F4>*sDwj)hiU4*(iWZq$ps>|EYnp
zMt#yx<qz!9>*4|+o>2lm&Pe)VL%VIMj>Bx%jHn#IRmWXz;9`bNoPa0AF+K%OavYX2
zMszFfsRii_OZMq%gE~;D9I1B|P#@#tz+}f^agvcigr0Om_22@gkXx8>Ckjat&$*iz
zTGY6B<ZOf!)E31QI18i0vji?1cC~gU!I>}Vl96M7s}9{cJ@K~#ZwC&#{)IECAd#<;
zh#NYTP?ok8#cIN$4Z=PB=a}f<JTZ(Z3LCHzfQ2U?8TF{8Bc3?Y+A=Kvc^mpssg3VK
zHmXtbx7s8^^$rD?Qmu{Uf-j0k;<s8Kvhy^A@hq2O>VhI5LP6=TCr`-BJj6m*k~v)%
zMH_}YgQIOPD$*#KCjZ>NizA#PL=)&Py{?q#s4W{|j3X+4j}lI<cKN1@F)C$I2!lqP
zK<#1wo=EdE(uHv-1~(%7QDI(Wix~PY5LsiSCutQaoN<{1FBhoXbSV2r0b_&cL2MxY
zGIW_oa71~Mm309qqCjLwGT2o$61B6urh?@gK;`8FX#&L+8J4f$DFQh!{ZMKsHL1`i
zC~)TpV(Qi^p5B&%p9CG=7zw6YCdc2#2w>Dv(VjG6G%AcCi#NO45$r&ExdMg%QXr`b
zJWX$e&#I{!BcU|5<Z1`L)=<<rVjp3Px&qY49wp)RZ{cqhZyV>LBG)WP<ysq88%rDA
zr67tFwT~!;P!iZwcnn6G@Q5c}JY5`-v0ZNfH1*H1$q31a+%9yKa_3kCb!VZB7p|);
z0v)~;#TePz#d^>acqN}2Pu0Y6Ne5sV{s1`mfWRTpQ9Q6jOjiY>wac}0EK(u-2D1B<
zS|LiO(;dhRI?@5Xh9>V!>?)ur>uLm26A%>;QGjlWc)e&uL7-IOR|!r)Om&upTXo6+
z%_B)=chxXllG={0p^HF+r@&Yt#=_Czo|It54*E-Oj4g`h2_^VS7zc*SOBo~dlPZin
zgdP(eO97?2^hfa_z9Cc*@+f3yc7#s-6~jp32r#WJY1p+N5pWVadNmKp-T>49&^exT
zDtAqFGDb;~5NO*dE)`HNUjM}Y2xHt(<cMpCvMw4_RTnt|97&+RyoVV=Ofb^nB?8GX
zG^m@Xg3j8mq>4z6C<nw4P+US}BK#0H18)Q}h1|eUp+*o;YAADv0>&S31?e=3L{btM
z+IT{)T#_itK0@)M-XLN-g`+@J1q@+qDtwomff9gQEks$T1jY~Lh|*2Df|o=ocfrXE
zXqFi}h~tnD#(jzscuB1bMA8^lMP5Y)r!b5nkY6$b^&N|VQR43fGH!7Io+vJ5P*t5U
zG7uSzf?<s5k`|*0bO%br6Oa~^q=06otG07CoFmecM3NlJ+(vaNfaw8-yRis6YESZ%
zym%~W0ogKXJ{g`La~<UaG@TuZGQzwIL_T$8^9Dj1;f`4Af|C?b-~}=J2xim{0v_cQ
z(c?sCOA*Ez$c2$b-A2ixAYJay=`U@6k{d>W$vW6WSTQ~bE1=<FWOxY-Kk5Mj(gmi5
zf-YGCB{B3U83gMX^Q9F^69wvWiXzY+kSM6Vy&w-%!lWb6;Q`^mie^!sBp@<Ravet+
z{5{M|R478G3rtZ!7sk}abSc%uczGSOhEV9VBQJOdj{ryplo4=BIdwWk*pb?i@XPR=
zlIBy)bh<z12%*7{BPcNUQ1?)e5PMw;QJz$A+74=<sYp@nK>k}hCBs1^gt;~CBIZjI
z&7Nk>z9b>NH8j+af-zh;@*Ev8O08fI4Wb){RY_57!p$-F0y!@(VOKUo2`Q>ZDE@y6
zFyIm~R+hs-*FmoWiATUAXTu4*hfRw}?xcHmD1THSN(vYVgn^-e0~5N%Dn#Z#ntOBE
zTg_M@X4@xaX$=BN0UiN|0C!zIK5@6G{?ZjZ)Lawk8+vfQ$P!3^lAQ$TV{hnngr!=M
z?NO$G9vjBWz_Y7B>sg)HZpv{dN1SM32u`4pV&;a#TQ!+IVeO4Q>Sm#zVTBq6N>)&M
z6P(=o-f?iBDN*%nM%Yumf?1u)C_ob&6!KrMq5%&IKAh$jV_nmBQ)cb*iEfbl{j-eT
z`p?@PPbf7Cn&(e~LY;1(e5l>`%=&|O+yFd|Ul6gdmYfLd?Hpq#gbM-cBKPPtYLVrc
zCzb)w-2fZjCcHVvwyB*8Z_Cu;8FZns#bbLG>6^5njx#CkqITeZ@rctZG!bc-^W|U3
zBv6~JKY1BU!VXTq^`B~V_)DIAuz<op{kM*5wvhlhc%a*Vkq59YixWX@k$uBir&f*a
zg(ebVK#H*oH>N>VjJJpsUGZ7#eHU0;KE|1dB3Kl6YJzRUW5kJ6Xc};+Rhi?jV&_iv
zx5v_Z$ATs?A8?^xf;51nKuS)4BS=-23YV9L2cCri(-DGD<`bQpIJx)#g=AIrpM0fF
z!i7r4_G$w(2;s%hXL^L68EREqcoyvN4?;}_eux+n!U<5Yr!G+alC!?O-<~e4L|T0k
zE&yck=;^kMQ=g<R_}0#G@X2+6K*CJUzj&VmYjZ-YiecK5b~gYC+Np5Nx<aig1<HZl
zbN#b*dIHxV3^dM~h1o*Ec#S$3_i0c&-g+DK{)AC~7Wq>J+JnWHj5}4H;YZF$-T-d5
z7}M}^#bamWAjA<&#*V<I3mgUe^d4{3e9rK~JFRJI3&M*uKoc41W1W=<Kb-<2kHJcI
z&@x|~zus)hJ_yecy7><yUII4KE7%u$aV(AhB)A0aeTXiQp1fo|W93i>QdgCE1g*$`
zHuODwgOzdNA<TuX)sBP3c63UPfTOm(PlA|#Qc)ba3DymC#B#!@i?zCm69=NF8$1&L
znsv->^3t_bmhj>tJqD;i!=+o*iw8hoJgN;Hg8jFkI{e_j67VtiEWGvj6s@;|%$$l1
z9ogA`2(|6NJL*DfLvVsn8lw9EJv2eN<N~~K9Kr@<9{Ny^kg7t6#*H<8Cgya34o3>G
z!B#Hd+LE)LGp)jyCOn5O8tja3(*6jpQJuU=Y!%StMPmHq1zm$(3ki03dK5Odyu(7Q
zOL#F@V5c@TgAT~frTHW>^JFgHh3@1-IUivTzpG;n&7P6R*S62-1E*prcP{Z94iBBp
z<xsaP-#?Gp?;4H5r(3$OffrJQJ`-w+;R2a3_1oZu+$9pg;c@E;-YND3AG<$w05p_*
zsPm;uYOiF2(}fa{s#zq(4mM9<1oWIR)5Likds=@AZOCpV;@hna%>xj*5wfvJ?r($|
z)n#!YW&Zf#Ge~P8(D|xP@Co}khWiCd3wZ95vsn=v@Ly`}Yy>t`V={ZvNzH*~VuutG
zOV{a!^rFex=WFS5L!#8B7L*sSIznQrBIcG?m;vgNX84SuFp;9Ry(gEbN(HEHMgc-^
zK=_i#VFfq`B!E1H=z$lYY$=J_66}EG6rk~w3@ESzd=FB9&-c6`;4eK8qJS8J31DZG
zM9wYSs{p0a@VVtedO+J8;H*3VG@B>^%8necV+1^*WC0~S31B=iL`1Yej4uK3%!vAW
z0HP2IK;Md}`iKag380LKaYz8AWTJQHX25HpGBFsyw<j7)Pyw#E0ri`JT`G|X1_(D|
zfLlOekr9YzM|2_wQ12`R0h3XpFa#h^0H5}%0LOz2;J}E9u?5)wh#8P1<|BY;vvWT*
z+=%Fy4WNdJvb#W`jS)ZxBGyeDz=V+mSeKmt8?Y8YeF}^R1UU>qd`h73j1nk#0Q?gm
zj6E^!4MbF}#0p&n?8b=EQ;4pp0a>z5{2^<|U7+MhOfMHus03Q+0ShrGvAO60&A(KD
zO9&C?6+j+F15hwxjeLc%%9xu#C<9`(=7_<Gy#fuy>mpV?mYCrnK>m+dD>b0dMheKE
zm=Qe?GrUa<MQnFsg4JjNt{|YaNDdT)iH%0A=lf{@m>^L`tfnFeVC4aYpF}x1VCF$g
z)GRSlC}8^zz_mgQ$qTR_OqIL_Ap(dEO6(v$Dhz*>#n6h+;h!VtItl?#^o>z-9V<Xg
zg|@4X7jNUUX@K9~&l@~3B02j!4Kh6)E0lonQ;Rn6Yhd+&jqWeVH+Tg&AtZnhO#qB0
zF2J!J&|{+%l75?%Y{OlT_W2m}FMGM|38=x8<9(3-QaCbYISNg!AR;#h{udJhIzcZ#
zUN~N(ONCKkCI95$)%&4jSZY@T*rB!{j0-qvOF=Q0*@d7AV=&dZ{dV6?oU#y3c>^1J
z=}}4GafJ||D0uXxQ8OMdZU@cHz{{WGW`z%N?7*cGW~>Js(4j||d?xJh+$s6a`6=7Z
zx!+b9>Jn}H!!GoD16rp7lm7z<Gk2=+?UJYXi17hFWSdbROLr4Td32%Q52MD$-ozCb
z7i65wu3jim69+||$pYZ=gZ5EShYpp_AHhIJb}{%cU6|>lXXY%-vlm@SyuonPg;`7%
z(4U8n7l`j5Q!5D!J6PDIg&=_zfJUIz1rF$;qadi+dRxZ)0`Dr?VID#pAuFKx<wNUj
z#w8Q03nj91({Zr3zWaVGtg5bX?2`>R^~6aJtJ@DJ!L4t(x`M3)VDwlkH9M<|Ir?*?
zI<&DEY&=;YQbo|fZ;b<Eu+jUIvVL@mRm`Oz5GEJz)}PW!c53$pe=QZvhc$nQEd!2J
zH)t#pTJ`**b$%XBmx_$U(>2aG0w3GZb&LT6tUvBq3$$qx7X_p4-~(D@8Fm(8+z$nE
zF`Wh7G!rDK5bsM`i(xil(5vS+#-V1DptK|K%?<E5NCUr)E+pV|+&2PXV(VM#z%^?R
zEw;`&4m}&HFClcx3le|}vH4OMp7o3z7>sAa&>8y}eh{%mcti;|HwYOEs8H2Ccvcnc
z*&yMCD1oLQ6dAVKFy9N~5rlSM#Nd<C!qT7OZ+*M8I$+{Q5^sta^*2CSNN7M8{t9u_
z2c2{GG7_&!w{@YJ#c*k{^{QAkpZYW5OB~vrc+JG0Lk?Aef>{Afk|1|t1>8#@CkUiC
zIl0|q^j_JwXM}IY1+V}+3fw-CbEvzW^5^Rqd<ss1>mf4Gz+GdrWhma3Ai6DC38*3o
zbSG1QB#cD(M-1+H61EN6X)z8r{i23c7$?P%10p<yIgpIqE$V(KEw&bjh+{m6#Lok_
zEU;+M1E>RF1M3DAf~^6YKCd*Yi!XqP@K)(RFwv0l&v2rI@r~+<vI}5*^B^35AFv_(
zdN2;R1SIB%EGK9H<%JdRR18{y2!`{?f9{u%1=VEOW1^9~+ctUzQ1J=j#y%iw@Y}`W
zM~QJ#`U+t%?a*b(^=m-ugc4#eMc*tEh$tV<7s5&b3GCNf{97X0bV&^;1c(eCwEa(7
zF21!<{U<H>JFKit1ZZpT1$dp~0rU;AM*1w+9l!{jW26rC0T|F>g+f?4;LdY%b{zZ|
zz-{F7zpDD~u%?>mO;Ks0(xeMW6Qv6xg3>|hNJn~+-lX?Lkrs+{f^=yj2%&d~U;w3s
z-h1yg5JK99@3*_p?mv0%oSA#(%-lP3-z4vOZ}wL-zFm9~&jDmZI7|`3TjI`#He3g@
zCAIDGOD7LGg}Q@?x(+4)a2FeTJ(<#^1lV$pWj`%!@x((2O-QBgU9nydNx^NHy_8^J
zAN>xkCpdv@2W=k_E+<mriVs0~J$er8?W+NUB|HaS6tOiyFbKvUbz-kapSPp1O?hpR
zEY6445)61JF$D5DBxNiCPyFw5u5TA?>Ee7W8hAaTiPzg6rSj1EtMjyW)INgV61s@>
zJ?Ypa$nQzI;00#z5b!=e5Z}8bM?i*_iKqCm*FgC|mb(L%IOPr5g}+;dim7<GE{Ydm
zy6(?4>M&FZR3+>my}-XfwktF@)^G=FRF1&KBKt8fuGd{50*iXHgZ5suJo^vSyZ-|O
zH-3N)qCIi92&?EQuNVnN7a_rIz^xslRrL8((UCtlwzLS24i)-BfVpVP9ds<Z=twvK
zILt->b<m~c4oj%v6(9#mi)ADLsy*4Y;`6+dWbEq;b}V7@D#zjyko=){3C@v7T@*|4
z=^3sB7=FD^SnNV?>EbuA?^w`P02$3);OMza`qI+cmlDFQmt7(I6i-`>Im3m-=F94?
zUH(I(Dk5+zz>&*m(_lFJ4!;awAnP95xd@&e3KR+jHmP0V5|LS<*V{8r_<Sk;+O<=H
zdI4_k?A+s_;DM}&2{W)d?_g)xVF-X1C}vL?-NJf+74sxt;Z(0Gl4Xv-djv4&g6G;v
zNI?Vw7vO{{G&Z{kYD8!laCE&3pti8VKq3OFylNlEJE&pvka<N9a)C#X6BNTKuOjdS
zi_g4}6-$FN6vZ^+za2$|iV&{JqHNLWQA!^i?cyE<Xz4jU17ypF<2J9C&XA=Xa0*(A
zvq;$$cBO|vJzY+)AkdNjlo}SV^b?==B%Xa*c=o^PGGqn@Z=iWEz-(bM-VJ!wHT+8_
z4B=jak`v-VTI%Az@t(6ULa&$zYtRMQgEo&6FoRM?y3|-MW2?2VqhGQ-0nDoB!?SaM
zs#mQWDE5n`!_U`t!Vk0y?1ZBRtjZOO9hzeQ2+Kq8A`P&WJw77Lf(uk!r)DYhNxkeo
zJ5G#H(+U_s$K&Y;`{mG5An>&0`6m7k>WZ`&K}q;d3)rm9XHT1i^oK%OAIi4b2ZmVT
z>mDa0aLnEa-q;~?K&R7LSsXzLIEi#BY$n%=KVxbONVa*7TlzeMTV=Ou=#>-?{|EyT
zkPVLzaV_?3Cewvd9&v5xGOHEa(IM#>cFj{{j;rIgJ-V!lGvi=zk;oohfA-r|dy)V`
znz%C#&SeOe&bdxk$_AE!3p;q&jKztzRRa*fI&d++*tT)`DfAkAxoA5?Vh5c?=FZIS
z*`w#R!%%@|1ayMOkqw-UgjxYQums?#%))%T7Q16gaQ2E~;G(&_6VvgC(0n6-5IaWC
zssVC!4J@SzJ^q|BX1^F;dqYU@gL)8v%^b?AAy1ER;^C*64z!fW9KQ$K2J)Xolk6hL
z$t@b$rzajf0E5*?6`4Hl6K)V39FPPn=hjjQsfV$r1f;<H)i7=#puh>78&?iX8bLiw
zX);*#R}TTf%xPZH0F77SDj``g+0@G)H0+6&;-CbVfvqv_T%HqU8cU&S{*!YWkF-l6
z5LEcuLo19o{@)gerco{AGfbTa0EIDuAmB@S&{6WG1qi8vse?h&E~{X+y_;uqJh>bv
zAt2$DCezh8SQZbi1xBfYX@fyjUT<cE0Lo!{Jh@yaq99@LB_GHm@sfg|Wqp#sgZl{+
zR>efZG}lg1ZZuH!Rd1dS<5hm{4&Bvrnk9h~a~eWlo*;s&7MLcXn;jZB*f?!E`7#LP
zk$$OlJ=9nl_O#1O!uk3jQ*J;bjGx<(*ukOgDM*(4<OffO@~W_EoB1k46{86{0$&n=
z*pn`uKuGlvxz#T;?CCFkLS%rP3J4GC0_``^?lDyNl%r+nIIeucx5cPEp&gP6h#9hx
zEl#B@E~Q4LXc=~n7IB3-9tA`M*$DJ)bO$5HEHlTIZuqt=r;_DYDz{iFtV8(rA=!uo
zr_w7<C8Sbx2NTDYVYs7%()<~emZL>j0kJ?ff~77vQjYdhjs{S1Tv>;2zojl9<+PEh
z;#ELcg>Umx7esL?1#>A;zKv!BQAsm%1PLf00>ZaJWFslm1wS~IWaFu%Svh7IsJ){d
z2&DunX%>zkAq7M%*~l4n0l~ZFn`i(XM-YbsB8zOqgG&h-OT`*Z)y~Lq6&k)>Og7R_
zT_CFzjU$xx!nX-srjd<Uaw-veg}i}b);*}Jfg3K=1yfu~zyvDRc&ZUcPP^wi0nc^*
zI2Py>c4O=ijs-m<O15uk<5@L*1{@1K3qfBANAr#aYj0^oUn}@1hHv+fjTjMTC7#MH
zfog%CqeWW5=dIE}#bFFpsGtJElDc4pY=qDQ@=bIHJI5?52Q!EYE2V(gA{$8}8zIc6
zM}T+Ph>~XE-oY9ka=`V*dC|kGoDLXgDhIOcqyIdUH$F*2o(A-2R7vCl02__T@SKo`
zj{yS`M+^b6vFmt82=|wzSLq?KxEs~nV})ytk+GLsfN0}80<7jBc13z!DFD$c;l}+P
ze4B3v_;O<}1e%;A)lweAUMqxvW9j{@jW2j>DZU)n&O{JhwjbycmEr%)@F<?3XCqcH
z<?|5)N$=K`CCiW9Sj!lOp=IGdhRb!{c*`*dD#0p^EbFA2DMne%Jh1d79qvxB#mAqe
zFv|L^KuOQR)Q~%n508{EVZok9%iVlr{pG^poA{<SvOaVuV5J+nCj9s5i7AR~qr<%9
zqE^(de97~cY(3n<k27WHb7gT~2^TkCkqz2SS*_>n3|Mb@dC4F-M<YcdJpM3Lc`7Yv
z-oWTyNdzGy{?)F+oSN^|?lqrCJMxP$;dLN!O#bbUv(MjO)0q^^D<Nk(>aP~b;Ep^Y
z{=s|)_k-9d2#N7R!zt>R5!yBtf9XS*L8NfOr{Ld%3O}g8?{&9s*3C6Y$^HyR-Xc1<
z<tcrTX8nzjZ0;L{WeCD@QV{4uW+lokb23zxHh!k>*$F%$_3pa=NJ7CPy?%XA_xHs2
z-~SIeNCYy@I#pAPIuuZ8)bsDIrwCZTa~Nn=GGmXHOT1~v6kYCC>B3^pWaQE4)^EQ=
z95g$*mI;>7j#y)fF8`0=brufJAP;>6cW6%UOYl&Jy8H81_y*=)Q@m8daw^j-R(BiH
zE9l|g!=C5*x!F^Tr>_mO%nf@q1nO5!M1_}i1;72Hr879382>+{BZ~KqE<arr>5BE|
zXh3$j2RzG-D*h39Q@?KFR=LCe;~Du|r)N~U6T}iG4z#9NireTrep9@6epxxYsm)Up
zEpX|6Xs9k&`_|37P4C8k3?tuLGUb}R+t1FGa`UH>C|*mQ8H5TymC_3Nma7Z4o_<iL
zOPRm4R9jQvjBuaGI@kzl<MfW`bZG7nGE(jr`zf?w2+m+t6|8LJp$W_-4EHy`uSY}1
zFqWdFK+kue&Mm{eF~NpAi;!wcBlKJYIyPgW!?1qmMw0T`1ke3`?$cX_Sr+O$6hXTs
z?kp$DEqmvAZJ%glnk~MaZCUffc}rW3y@PHw!QR_BAU^ea_1_y-<63;Rq*g3$Dts9H
z-HzC$xb_hwhv#(meWDSY)+-cF;(r)I@*W0|3Kx*89<sfy((k)JgW0dx{ffRKZwV42
z*3u91^F?j7EwG&dpJw?yJHxK+7qH?}X@b^77rU)dEP2)xtD#`F`8I7+&Iajv-yrVu
z?gt2QOUAuE884G&>lb^rraxCZBFGuqQC|77xf$Jb&6DGP+K$C+@aeB35bvnt%HHDF
z)CY|E;9V1_kg6)u`rKyB#381{xQx`yzNx(+cuU*?UjE0$IwU^b#4t}{kNg88c(7li
z!6>NefAjRH%3J0|&!+b%-W!Vdj<^}sn~!llTZutl{9MRP8bIz`v-QR+%YElK>rELN
zBi$kYXg2p32+9IktS4r#i+`;Ctb6%`6zko$JM~l|$H#0AyzG>-HmkaTfR`{NGHN{5
z?;Z5{Y0lUJqx~2pV#hPyRN-O~Brh8(m#~$aPLQ<v7-j9O&V3UpyaLX$u1+Xy{Z{9^
z2hw=W0&J8T%OlSfd>mf8=^y>{xpuJ*7hQO_D>N)I!?h*d*}4ewn3S#<hH1PqUNhu#
zlMK2DY;q<(Ni{DPVSDU6wz5+DSP-yYuJ#Y2J26grJpWF?`U2zkdS){h+h6zPQ&SV!
z;zp?`U@#78V#m+-Xn(sQ;P1Z_|1oC;pZ1V$yUYdf!JEC)KlVYNcV`ygS(Q6KdOS7R
z#_QScqwj7K9}K@+|M-RGdEV%$uGqP6{Ts2uxBdpb&qtjW1cfEll`W0dzPLl|Hg$!B
zfR#p_m1|2s?e6VllELG?y;u!ZU4Yj^eqGHrQ#*oo%G|#8d8=OBAAprK&PZ#GB+`{E
z+9TJ)YG~#BBLwZMI2oi{vKlIUs%gHNs6iA4sJ#1Pyj1`Edff7#gbLqn6jn*Ov(7G~
zG7+)Ywb#v$;bjmEto|=6dPd6ZC(~Dpci(5o?UQ0G+=+LY!WJV;OC{ZlWg?S`ZAkf2
z`A4I;Ihxb#qpHh-bnBCHazq|_JgRu|vVU@NV_{oOEqBjX2k&mw{A6sjWzneOI4%If
z1~IvE75)<_F)~_H+a|DeZ>HD|eqL*qbBu7}>^D#={M0$pUUxjx%&?ZGgk6=4oJkok
zAAi}n+bLEqW@`c>dVu9Sj{LEm&$sAs;cU;zw7oae?1?sDB8YCrRYWo|8uzyW%7zm>
z6DsDDD2QXvKd7oz*3L_}w{)2K`lJPUYk8#`50-NKRi+6oOx^6xpw~7`+plAqQPrU9
zaxhxBb4#tZ44Pou%r(3j(=A;weWm0%!W0<G(rq^+BpUq0aZ;5Zt;-InXm_YF)9NmW
zNg9tuDgFU|<S)?`kc)fG)EMkHQh(b+V9-?iuj#WBhjGSq3dLKoUgTVr&4wc{TT&*a
zJPs4byG?!Y=K%4rW(G{4jg7szKoP%FH~Q2_fr9o4{r&>B<{pRjv<1nP?*ziZURlY!
zg0$X@Q^b}9#nF(au_?SuY!Jr8zz@<&ig@Dmvo=G?s{1*doqT;V$Sk<3?xAeZ`Hpgg
zlDJ`9KLbB&np?MT@4tx#eH#Jk;IwaaPitIF+q6!(Pit9>yM$8t2HbMv^ka()_zXY-
z`pP3pZ_`^1<Q-RNs>%2q^CCJu`+X=Tu$Zg}iq4Sw)2rNv+s@L;Dg7=B?U6fDUJ)54
zUdPVTRPvoIuIlq@k4;MGOm_w;?^I&w43dqEU8piG;)mnBV%zCx`av2H0bRcDr%tH}
z9UlhTew&M)hJ4=P(d0el`YX|&*mbjqq`UskT^47WEQ_4!xYGuDx)g!761xaBUZbbQ
zYM|7w(93Q?!DsE+IqEwquule3^Nr7+vfial8@-8(7n5!Jr7W*AVzWt(3ZuLG6-U0Z
zQ%?pjRSvKh_j`|$6mpL@Y#%_J+VkobgK0A@a!{ZLwvxf=AtR@6l)LR*9NEMvG$7m}
zg~`7MR(k?@Mkz_Ogzd786eQqpAmJKA0@Z4tcQytX`eC1A_0$TYsci=f#>yFTblSHE
z_*_N%9qQkC1x+N2m8JiZ$#VcdGv=4^k9M(-__U*(D-=_9TcL!Zc1r-TM|L}HB(qZ+
z8|s`TaaB)hiRtt(IL6xL5gvl+cG~|QfUv@d$NvcGOf*rAE|l~X#*cTQV=TX8B5GF@
zo)MuI^ztzF&2WjkRSy@^YY2=}R-o!^vLgNQT3qVn&AKdt6w`$1qoVMyc}N<Q?!E{c
zRY}u~x=Fh7H*ofP<BSM7tLoG?tICztzKvbr|5amZ2~b`8p!;=JD*t{d_UmkBN}Dm*
zJEy-|{~4JvTL4}5xqx9(r(Ls*f$_1bI4^U={tk47Z*%7!sbM1@b9CmYo_Whbsn+Ag
zELyXlE}*a{M!Qa?{yw$Gv%Xi2WKXxc#Gv_I+GXWKP4<})o|~0f51%O%m3}d*k-H@<
zLqT)$BUL%s3Mg6L0UY7>;z%AUYfvT{4q9K%Cg%tyb|XH+a8F!kfoEzbCri26Qw`nk
zk|fGt`$!rQCR%&*a7MDR2l84li+6kV+4M(!Qz)OFQq2;73_~Sl(Rouj?@iHvMfE}s
zySe8*>hU3ldQ80rtq9ivA|l?y1+42rbuzY-sJ1^iwN}(#VM3$-;GE5s$0bgt-eq`#
z!sc!WPvW_n^H*A>KjQ{}^cV7_?{<l3k%rbN`V5JE2lx4RMU#4!_De)&`vwp7wxURT
z?@L47F1^>~E>JcB^-t5wZ>AVe91NytFnj(HL{JNdQ-qwXCSW5pL(?%};GtD+9x#H2
zNqZ?PXF159rD3hi@U@V-{XqDlTZYAEduxbL6KOfMBs<slh9R;KqbmO*p4D7vTIu;>
zhy%nw6Z?smCisU)9!@2b$cEjnS?&Gg@orkUn8`k|@~%aGsx`^TxNcBYVP;p$9V<Es
z@QGr~j2<X$NbX{Ebbzy>xsxT#ScLp|S?<I%4hcR=Lv=J9en@uj$n){U7`$Ba64@R*
zayIX*ivXD=hB3h<L~RYd?dfxkF5b{15NNZZKh%xIpQ6|r2g0Xtq78x_Q+>odt;%$#
zX~<MTpihjcJ@8$!hjKTjO-DyPNSRr`qRyS9w<qK&a0K$96zuc8W1azK>x+BB(R2K0
z>s$j*{PD&yP3yqBeeyI)&Htp0ES?POnlF&oapH`h^rmNy4#=yLH>QS_irMEmRfx@`
z3quY(8Gn(U{lWB>+-P0ct@9qQRDcw%(>3{DNhpx_>wl?hn(1W+*y$L@ijqJ-!g8i2
zT2u@|xrXc95Tt64WIk(bFA%eprPR&uuR@K>VfVWJhQ1qK1xhj<zl(PrQ%5zRw4A)f
zJW?mkxAI=NxLAKN7(6_QRQ=)FCq8#I&KP<?LdHW|YL9KnI2Bzu9HEU(He}d;akJSD
zap*i+A#@O!);t#|KmYeM+3}m_kfhI~^V`Op+Wj~Q=iFixKWs=pzh$TfJ)}k%)V-X7
zfBPEV2y-zy>SO!|dtaHW)>u^6v~gD>=S4-aZ<+m%p>LAnxfg?!B|{l6G>f>Bt7CvS
z%p`!7S+Y}ud3&31-?Ob2l=lLr*&X-)n(;@OvQtL7d;CAo)5fpVoI`o)JCaQ-RVyGx
zlmDMtyoq3z!U8|+)D4hy;?)_9Qr>`pe*2g234#|u`v`Hyx9X$YUeiC6T`mghhDz&V
zT~{J&1JQk(9$%QJOAQy(>tgOH$GW<kd{~>fGxu-vKqCvP>_iv*I~`}%Hs4WGEW-n7
zQ+5L_fXe4hnm_(nR-2;+qng?=GQB*qp%CY#b<r#l@LX&2I>}%ln#ZXAkJrb&ZNA3e
z6;(;@zQHyO`*+_B9xm8P@I$=HS5Aw|Z4_6_8opH8nC|fT(Fu37qh#xSQL@dN!QVoc
z%BOSN5kg1j9>4aMjHjU0l|Wl_d`}B5-WSWVcO@}NsK5iy;_CyzR}jGVn_n|qhoZ7l
zx(jSJ%1~U--Yn2}Q_@5d83CQrU1_x1Wy!;O%wGN~J0J?5g0?7g7&gn(p)~Wa4qZPB
z4mi&hcLLqcgrPps;=wz8*s>|8l>=D-u3Wuyg#JO{-=nk%WEUFxQTX*v0G46RkD9eM
z$qUNE97-rWD6lotWsZKJ8~vB3K%C4{v9OXY=IQgVWs=NZS|Ji?=piR(h1w}5`&e5Y
zB(SY|y+}evG6+$4gvZf>^TbXY8YtVZnstCuSlYhG4Tu?T>%c#Bd#H8Fn6hoUy?kY-
zmu*ka@E4P>5BBT1ktK4#-@_Pl^3)QG%fp@aF$|$MPLUQ<p@6Fu?F5ac^?nc2+?ms5
z2`IHGF2WM$Gcvoxt{yLo`R5^YbxB8gueYO!ebK91k+#vi9Pk2{hQzG2k)k^!&tipf
zE7M#Ic3-iBMZFD&X5#)n=u~1`lR0R|ZdStlLe+`O1$p5i^Bkrzr9?V-s=goc4})U|
zyIu7(Fl}i;cko>GTKI1tAKv(?{x7YtSy9x!X0jv0`zuEZ;XkBrYJExH2TK2XLE^ep
zC}uvCBxW~vtjlcvO+)h`OGP%3ydmruHmD^8z6Mv?b>sWU;!_D(-RX&n^r|1_eLiNy
zbRng8WU|(4=Gd4^9EWAPi2{*C<Sm(>8~vKb1lijA4Ki}2v-x?)WWQ@%5RZR$L0h#F
z0hO8)^&Q*YXl60&YbWu4Zg)R7`IB%^o^mAR2kr<Gh1g$CLt#Bf5{IoS8gDQ1Jv%cc
z4_<gAzkM&gH_Uj>>HkB;b8t;&?UK}iB;ZAT{x|r6l76;dIr}BxFaAX7w1tYefB7wT
zx$U%8E2bp0V|k{DtKfsJUyLc@yxy<*{>0Kmoo>zS%rJqgs_u~XFa#EnQ1#d4T|&Mi
zSo0TDrH{lT2ui9g>Ps=TfnMzD4}DhXIiC^^3?$iU!=5VK56-{w8KYC=o@Ta^%xDR)
zR^_hVbP;BD-CWNEGt<utgvZuYmu#_aljX=2L~;|;Jf8&Ry-7@bG+MXMR~j?N4R2zX
zsx}Sts65NU^!2_R7H4URQ-aW!<}D8g-+ip}t#Fb0QFWSGer}Fancbv!RN_SRi^Py0
zmUW#)EZzIJlwAPQ0Hy%HDu^P^60SN00uDs1vE4Cy&D1X6{QH^vo#oViFP3jYjt<-t
zPo{=F7IRZ2fm{j(b8brszzKz@qaZN+FDvIWA=)#FC+N`Nb6ugxeXEbJnC8d5jJX%V
zX9Jzb7x$|_{Ju!g8L6-M>ZiaMvZ)&b$~{}(4_W^3X~O;ZfnZH`CFLm{%N92*hPFt<
zdEb%qH+GDZhWyAcI!Mc7zkfy#Xq^&L%|ABw<&b?BFx>VkLpEi&oH!eg_<fiAjp`ne
zNcdh+*qtjAi%??Z<ZK#A|F+s#`Nc9E_~65ad>QfLZMU=bB7VosfT|zFX8;d#xtIM~
zvt1_b{Z|%(RG^l9)<^5;$4o=?Z*P{X?5HO*DQrzR6D>R|Z3eR7b!#Vp`+POGaqnzQ
zR;oqU`bi4uXkEB(oi5LL-JJ9LUb{*BSMs^up1v57=;}j}WGa8=JIDuVV+%u@0c*j_
zQ@5g?AE{M~N{XDB=ADIG_p)1Cz_d1)6x9H}E>F&%LYCvtg}d)|B`)Th?5`BkuePFI
zsOChaDah9rmCGm0=~Q9V?Vx``G6yUVzZksyq)N!={!#Tx!E}sFVlym+j^RagnEk2S
zj^Jmq@mIn!-h(H(7)|X&_rM(BfFS-ArfA~8(E4}uVKxK6dh+DRR#9yI+)h_UP8Km9
zQ$N2jeN#`VFz{pj!{hh6^wz)iCqur5z@6qK&L=(>8YQM3<Uh|0!2g9gLul=N=#rbB
z#wPDE3;1$)<-ATLU(w5tdg^*`%X+DG{$*##_VD|TlIJ-t7XN;|Vqkj+ij5t41wL-S
zV>2*N&^Pk!5uD|sT&nv$LvsOndSejc$We}_=)td^8x~||)Y6gX%gsl-p;Y(7)OXH3
zj~R12@7Wsq)+|vhb)VQ<Ho%H#{40{0w>Lz!(#LM(#WxwM<;v`BY@aZYMElO%WKlTk
z@gF2%T3PSr%T{J5D{JB`ESm@U+UT{mHFxE{c`<bSw|<4=+d@lQV~-W=@MFfi-(`b}
z6N^|9-AJz7;XBfeWgKh4a7lQMbX{-MJ*tCTV?&k8XbS#B$*r$6=3k#^FQ+;mi|AK+
zrFCW5JQ&m$wlb6L*1OB7*4L7J@a0+fdC=UGsYHb2M|<<{ACQNTC{W0(_*X-or%PXy
zFG76`3T@2vrhQnILu@@>vafcU<(-c7+2Z@DQXs#&XHwg;A($#rG8Z`G^bS<Oa3KCs
zrkjcba|LDgX>+hLP2DInGwqPm_|0{vSKp^(Tx@s13hZe_OSFX;SEk8VTc4Vo9P;Qz
zek#2d(-}7pW$Csw<xje(dU5!PjVtMfuYJu8bSR3?wUCE2^x^{iO)(9V9MBW16CC#3
zg{#H(mmDxE>eo^9VC;)Hh##Lt((-Jb!Kl>US*u|Hl(?*Ivfy(-NOh!lH+jJqh<2aF
zp1+=6{MI(Lm`R4}7tM6l<6BS6J;vaV!V44^A380@Gi#Z-f0piBktgR3=5GoVVhp>@
zVAqjYA+0cdJ|I1}U-PU|f$`Si*aHEKhTQ3d$?pu2e>Q6*uR8hFk?@?j&KGR;rNY8x
zcac5^z(GCY1+1(VIc797{BaO-9CJ#JDUas%AujA=rB-}LJX9!VqQ0!*qbR=B76_hI
zo?97BQrGc)G5780y_tT=d$qH7zj;wTv88{y!&8-@RXhPfY*p{piJp&F8|;oiI?CTI
z<$X)te@8|7;}-|19`X9R)o~FN+k6p>9f$Q5b{WsB={Z_!{E;WTXZLR$*Q1^(qA%2#
zL>)HO`*qgJMH3M-X4otpxO6A}!*qTw@lzd*Am}=zO;grrb*q|-x28jIt$t}oaSv6(
z_^fONUQTb(kS;X*mk!k3_4$k%h>Ut2b^rKHvAzjG{SY8|dkZUXXOi6en|aZ?V=?p-
zs#N58-9rn#S*)AdrTio30X1LX0V-aN{Mc$r_VJ4vC&idDzj{tLh;oGrVr?slN8Y;k
zP_t=9&ZOFmF@JHT&q~i>V&}N<B3m!@etIFr{d#eLbsF=fCGgl1;K5CU{8J?Ij2X8Z
z4nr(+^}}j0Pqq-<Z^6J!oA%eHxFsAA6=6;E4|p>KtJ=SjF4SKo8PS81hP94SAp_2*
zf9HHiXmn+Bsq^Bw*uWSpyx0l4KZykUd;a*sw{`zfguDksgz+%Lv75hTv9qs?<dUA5
zqHFMW;Hx_=!9Vl*pmxcD>OY$hTRhYWjA?R2qW6AlT8P9>Ji77;UDOw|-`kOuXG2`N
zJ8Di3$&RQ6K1nig92Unt>tm|X=gsu3*r)&EdXaPSz)EQ=!~#G6;Jt#!XpHhb7w;}i
zuhK1$Y0<MT`)&q#rH=&+6AH0LB&>}=mMUZU6ki9X;dTd_@}|!%iF=)Biz1dlC;Iqc
znRX6RxsY_8pqdQ1!e_O<6bxNWPuy&H5^KBV=8GBmTF5*oVHc4bDhKOL1`z@;H!MAT
zSj8wM*F+TBw-bh=`_cL)Wjqx0(UdQ(fhwN9-}U=`d|&O)^zP}C7@sOBo~T+kqHbog
z0Q_~7mo=^Nci?~j<Y7Efx}kH&8xddasQy{d_>^6D@l|$n$#~d|jS6!=HC1XB8lu`m
z$u9mV^ObbSMOA^cjeYkbR`k)w5BsUia(X-Ph2DFOeB`tRro+WvtyT+DqMsxNvkzRF
zCzvENO~mf}vC<3sH$|p~SSh@@F<OVJ8S$#~qfrzrh)qmzdYOi;*sQ99f&)5g-qAY+
k)>%b~b(Lq#KTc#sA@ATxZ`{D+iLO6>ftOeqBZ+VPFLvg3H~;_u

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/composer.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/composer.py
new file mode 100644
index 000000000..6d15cb40e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/composer.py
@@ -0,0 +1,139 @@
+
+__all__ = ['Composer', 'ComposerError']
+
+from .error import MarkedYAMLError
+from .events import *
+from .nodes import *
+
+class ComposerError(MarkedYAMLError):
+    pass
+
+class Composer:
+
+    def __init__(self):
+        self.anchors = {}
+
+    def check_node(self):
+        # Drop the STREAM-START event.
+        if self.check_event(StreamStartEvent):
+            self.get_event()
+
+        # If there are more documents available?
+        return not self.check_event(StreamEndEvent)
+
+    def get_node(self):
+        # Get the root node of the next document.
+        if not self.check_event(StreamEndEvent):
+            return self.compose_document()
+
+    def get_single_node(self):
+        # Drop the STREAM-START event.
+        self.get_event()
+
+        # Compose a document if the stream is not empty.
+        document = None
+        if not self.check_event(StreamEndEvent):
+            document = self.compose_document()
+
+        # Ensure that the stream contains no more documents.
+        if not self.check_event(StreamEndEvent):
+            event = self.get_event()
+            raise ComposerError("expected a single document in the stream",
+                    document.start_mark, "but found another document",
+                    event.start_mark)
+
+        # Drop the STREAM-END event.
+        self.get_event()
+
+        return document
+
+    def compose_document(self):
+        # Drop the DOCUMENT-START event.
+        self.get_event()
+
+        # Compose the root node.
+        node = self.compose_node(None, None)
+
+        # Drop the DOCUMENT-END event.
+        self.get_event()
+
+        self.anchors = {}
+        return node
+
+    def compose_node(self, parent, index):
+        if self.check_event(AliasEvent):
+            event = self.get_event()
+            anchor = event.anchor
+            if anchor not in self.anchors:
+                raise ComposerError(None, None, "found undefined alias %r"
+                        % anchor, event.start_mark)
+            return self.anchors[anchor]
+        event = self.peek_event()
+        anchor = event.anchor
+        if anchor is not None:
+            if anchor in self.anchors:
+                raise ComposerError("found duplicate anchor %r; first occurrence"
+                        % anchor, self.anchors[anchor].start_mark,
+                        "second occurrence", event.start_mark)
+        self.descend_resolver(parent, index)
+        if self.check_event(ScalarEvent):
+            node = self.compose_scalar_node(anchor)
+        elif self.check_event(SequenceStartEvent):
+            node = self.compose_sequence_node(anchor)
+        elif self.check_event(MappingStartEvent):
+            node = self.compose_mapping_node(anchor)
+        self.ascend_resolver()
+        return node
+
+    def compose_scalar_node(self, anchor):
+        event = self.get_event()
+        tag = event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(ScalarNode, event.value, event.implicit)
+        node = ScalarNode(tag, event.value,
+                event.start_mark, event.end_mark, style=event.style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        return node
+
+    def compose_sequence_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(SequenceNode, None, start_event.implicit)
+        node = SequenceNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        index = 0
+        while not self.check_event(SequenceEndEvent):
+            node.value.append(self.compose_node(node, index))
+            index += 1
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
+    def compose_mapping_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(MappingNode, None, start_event.implicit)
+        node = MappingNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        while not self.check_event(MappingEndEvent):
+            #key_event = self.peek_event()
+            item_key = self.compose_node(node, None)
+            #if item_key in node.value:
+            #    raise ComposerError("while composing a mapping", start_event.start_mark,
+            #            "found duplicate key", key_event.start_mark)
+            item_value = self.compose_node(node, item_key)
+            #node.value[item_key] = item_value
+            node.value.append((item_key, item_value))
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/constructor.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/constructor.py
new file mode 100644
index 000000000..619acd307
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/constructor.py
@@ -0,0 +1,748 @@
+
+__all__ = [
+    'BaseConstructor',
+    'SafeConstructor',
+    'FullConstructor',
+    'UnsafeConstructor',
+    'Constructor',
+    'ConstructorError'
+]
+
+from .error import *
+from .nodes import *
+
+import collections.abc, datetime, base64, binascii, re, sys, types
+
+class ConstructorError(MarkedYAMLError):
+    pass
+
+class BaseConstructor:
+
+    yaml_constructors = {}
+    yaml_multi_constructors = {}
+
+    def __init__(self):
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.state_generators = []
+        self.deep_construct = False
+
+    def check_data(self):
+        # If there are more documents available?
+        return self.check_node()
+
+    def check_state_key(self, key):
+        """Block special attributes/methods from being set in a newly created
+        object, to prevent user-controlled methods from being called during
+        deserialization"""
+        if self.get_state_keys_blacklist_regexp().match(key):
+            raise ConstructorError(None, None,
+                "blacklisted key '%s' in instance state found" % (key,), None)
+
+    def get_data(self):
+        # Construct and return the next document.
+        if self.check_node():
+            return self.construct_document(self.get_node())
+
+    def get_single_data(self):
+        # Ensure that the stream contains a single document and construct it.
+        node = self.get_single_node()
+        if node is not None:
+            return self.construct_document(node)
+        return None
+
+    def construct_document(self, node):
+        data = self.construct_object(node)
+        while self.state_generators:
+            state_generators = self.state_generators
+            self.state_generators = []
+            for generator in state_generators:
+                for dummy in generator:
+                    pass
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.deep_construct = False
+        return data
+
+    def construct_object(self, node, deep=False):
+        if node in self.constructed_objects:
+            return self.constructed_objects[node]
+        if deep:
+            old_deep = self.deep_construct
+            self.deep_construct = True
+        if node in self.recursive_objects:
+            raise ConstructorError(None, None,
+                    "found unconstructable recursive node", node.start_mark)
+        self.recursive_objects[node] = None
+        constructor = None
+        tag_suffix = None
+        if node.tag in self.yaml_constructors:
+            constructor = self.yaml_constructors[node.tag]
+        else:
+            for tag_prefix in self.yaml_multi_constructors:
+                if tag_prefix is not None and node.tag.startswith(tag_prefix):
+                    tag_suffix = node.tag[len(tag_prefix):]
+                    constructor = self.yaml_multi_constructors[tag_prefix]
+                    break
+            else:
+                if None in self.yaml_multi_constructors:
+                    tag_suffix = node.tag
+                    constructor = self.yaml_multi_constructors[None]
+                elif None in self.yaml_constructors:
+                    constructor = self.yaml_constructors[None]
+                elif isinstance(node, ScalarNode):
+                    constructor = self.__class__.construct_scalar
+                elif isinstance(node, SequenceNode):
+                    constructor = self.__class__.construct_sequence
+                elif isinstance(node, MappingNode):
+                    constructor = self.__class__.construct_mapping
+        if tag_suffix is None:
+            data = constructor(self, node)
+        else:
+            data = constructor(self, tag_suffix, node)
+        if isinstance(data, types.GeneratorType):
+            generator = data
+            data = next(generator)
+            if self.deep_construct:
+                for dummy in generator:
+                    pass
+            else:
+                self.state_generators.append(generator)
+        self.constructed_objects[node] = data
+        del self.recursive_objects[node]
+        if deep:
+            self.deep_construct = old_deep
+        return data
+
+    def construct_scalar(self, node):
+        if not isinstance(node, ScalarNode):
+            raise ConstructorError(None, None,
+                    "expected a scalar node, but found %s" % node.id,
+                    node.start_mark)
+        return node.value
+
+    def construct_sequence(self, node, deep=False):
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError(None, None,
+                    "expected a sequence node, but found %s" % node.id,
+                    node.start_mark)
+        return [self.construct_object(child, deep=deep)
+                for child in node.value]
+
+    def construct_mapping(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        mapping = {}
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            if not isinstance(key, collections.abc.Hashable):
+                raise ConstructorError("while constructing a mapping", node.start_mark,
+                        "found unhashable key", key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
+    def construct_pairs(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        pairs = []
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            value = self.construct_object(value_node, deep=deep)
+            pairs.append((key, value))
+        return pairs
+
+    @classmethod
+    def add_constructor(cls, tag, constructor):
+        if not 'yaml_constructors' in cls.__dict__:
+            cls.yaml_constructors = cls.yaml_constructors.copy()
+        cls.yaml_constructors[tag] = constructor
+
+    @classmethod
+    def add_multi_constructor(cls, tag_prefix, multi_constructor):
+        if not 'yaml_multi_constructors' in cls.__dict__:
+            cls.yaml_multi_constructors = cls.yaml_multi_constructors.copy()
+        cls.yaml_multi_constructors[tag_prefix] = multi_constructor
+
+class SafeConstructor(BaseConstructor):
+
+    def construct_scalar(self, node):
+        if isinstance(node, MappingNode):
+            for key_node, value_node in node.value:
+                if key_node.tag == 'tag:yaml.org,2002:value':
+                    return self.construct_scalar(value_node)
+        return super().construct_scalar(node)
+
+    def flatten_mapping(self, node):
+        merge = []
+        index = 0
+        while index < len(node.value):
+            key_node, value_node = node.value[index]
+            if key_node.tag == 'tag:yaml.org,2002:merge':
+                del node.value[index]
+                if isinstance(value_node, MappingNode):
+                    self.flatten_mapping(value_node)
+                    merge.extend(value_node.value)
+                elif isinstance(value_node, SequenceNode):
+                    submerge = []
+                    for subnode in value_node.value:
+                        if not isinstance(subnode, MappingNode):
+                            raise ConstructorError("while constructing a mapping",
+                                    node.start_mark,
+                                    "expected a mapping for merging, but found %s"
+                                    % subnode.id, subnode.start_mark)
+                        self.flatten_mapping(subnode)
+                        submerge.append(subnode.value)
+                    submerge.reverse()
+                    for value in submerge:
+                        merge.extend(value)
+                else:
+                    raise ConstructorError("while constructing a mapping", node.start_mark,
+                            "expected a mapping or list of mappings for merging, but found %s"
+                            % value_node.id, value_node.start_mark)
+            elif key_node.tag == 'tag:yaml.org,2002:value':
+                key_node.tag = 'tag:yaml.org,2002:str'
+                index += 1
+            else:
+                index += 1
+        if merge:
+            node.value = merge + node.value
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, MappingNode):
+            self.flatten_mapping(node)
+        return super().construct_mapping(node, deep=deep)
+
+    def construct_yaml_null(self, node):
+        self.construct_scalar(node)
+        return None
+
+    bool_values = {
+        'yes':      True,
+        'no':       False,
+        'true':     True,
+        'false':    False,
+        'on':       True,
+        'off':      False,
+    }
+
+    def construct_yaml_bool(self, node):
+        value = self.construct_scalar(node)
+        return self.bool_values[value.lower()]
+
+    def construct_yaml_int(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '')
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '0':
+            return 0
+        elif value.startswith('0b'):
+            return sign*int(value[2:], 2)
+        elif value.startswith('0x'):
+            return sign*int(value[2:], 16)
+        elif value[0] == '0':
+            return sign*int(value, 8)
+        elif ':' in value:
+            digits = [int(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*int(value)
+
+    inf_value = 1e300
+    while inf_value != inf_value*inf_value:
+        inf_value *= inf_value
+    nan_value = -inf_value/inf_value   # Trying to make a quiet NaN (like C99).
+
+    def construct_yaml_float(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '').lower()
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '.inf':
+            return sign*self.inf_value
+        elif value == '.nan':
+            return self.nan_value
+        elif ':' in value:
+            digits = [float(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0.0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*float(value)
+
+    def construct_yaml_binary(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    timestamp_regexp = re.compile(
+            r'''^(?P<year>[0-9][0-9][0-9][0-9])
+                -(?P<month>[0-9][0-9]?)
+                -(?P<day>[0-9][0-9]?)
+                (?:(?:[Tt]|[ \t]+)
+                (?P<hour>[0-9][0-9]?)
+                :(?P<minute>[0-9][0-9])
+                :(?P<second>[0-9][0-9])
+                (?:\.(?P<fraction>[0-9]*))?
+                (?:[ \t]*(?P<tz>Z|(?P<tz_sign>[-+])(?P<tz_hour>[0-9][0-9]?)
+                (?::(?P<tz_minute>[0-9][0-9]))?))?)?$''', re.X)
+
+    def construct_yaml_timestamp(self, node):
+        value = self.construct_scalar(node)
+        match = self.timestamp_regexp.match(node.value)
+        values = match.groupdict()
+        year = int(values['year'])
+        month = int(values['month'])
+        day = int(values['day'])
+        if not values['hour']:
+            return datetime.date(year, month, day)
+        hour = int(values['hour'])
+        minute = int(values['minute'])
+        second = int(values['second'])
+        fraction = 0
+        tzinfo = None
+        if values['fraction']:
+            fraction = values['fraction'][:6]
+            while len(fraction) < 6:
+                fraction += '0'
+            fraction = int(fraction)
+        if values['tz_sign']:
+            tz_hour = int(values['tz_hour'])
+            tz_minute = int(values['tz_minute'] or 0)
+            delta = datetime.timedelta(hours=tz_hour, minutes=tz_minute)
+            if values['tz_sign'] == '-':
+                delta = -delta
+            tzinfo = datetime.timezone(delta)
+        elif values['tz']:
+            tzinfo = datetime.timezone.utc
+        return datetime.datetime(year, month, day, hour, minute, second, fraction,
+                                 tzinfo=tzinfo)
+
+    def construct_yaml_omap(self, node):
+        # Note: we do not check for duplicate keys, because it's too
+        # CPU-expensive.
+        omap = []
+        yield omap
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing an ordered map", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            omap.append((key, value))
+
+    def construct_yaml_pairs(self, node):
+        # Note: the same code as `construct_yaml_omap`.
+        pairs = []
+        yield pairs
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing pairs", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            pairs.append((key, value))
+
+    def construct_yaml_set(self, node):
+        data = set()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_yaml_seq(self, node):
+        data = []
+        yield data
+        data.extend(self.construct_sequence(node))
+
+    def construct_yaml_map(self, node):
+        data = {}
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_object(self, node, cls):
+        data = cls.__new__(cls)
+        yield data
+        if hasattr(data, '__setstate__'):
+            state = self.construct_mapping(node, deep=True)
+            data.__setstate__(state)
+        else:
+            state = self.construct_mapping(node)
+            data.__dict__.update(state)
+
+    def construct_undefined(self, node):
+        raise ConstructorError(None, None,
+                "could not determine a constructor for the tag %r" % node.tag,
+                node.start_mark)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:null',
+        SafeConstructor.construct_yaml_null)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:bool',
+        SafeConstructor.construct_yaml_bool)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:int',
+        SafeConstructor.construct_yaml_int)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:float',
+        SafeConstructor.construct_yaml_float)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:binary',
+        SafeConstructor.construct_yaml_binary)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:timestamp',
+        SafeConstructor.construct_yaml_timestamp)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:omap',
+        SafeConstructor.construct_yaml_omap)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:pairs',
+        SafeConstructor.construct_yaml_pairs)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:set',
+        SafeConstructor.construct_yaml_set)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:str',
+        SafeConstructor.construct_yaml_str)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:seq',
+        SafeConstructor.construct_yaml_seq)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:map',
+        SafeConstructor.construct_yaml_map)
+
+SafeConstructor.add_constructor(None,
+        SafeConstructor.construct_undefined)
+
+class FullConstructor(SafeConstructor):
+    # 'extend' is blacklisted because it is used by
+    # construct_python_object_apply to add `listitems` to a newly generate
+    # python instance
+    def get_state_keys_blacklist(self):
+        return ['^extend$', '^__.*__$']
+
+    def get_state_keys_blacklist_regexp(self):
+        if not hasattr(self, 'state_keys_blacklist_regexp'):
+            self.state_keys_blacklist_regexp = re.compile('(' + '|'.join(self.get_state_keys_blacklist()) + ')')
+        return self.state_keys_blacklist_regexp
+
+    def construct_python_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_unicode(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_bytes(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    def construct_python_long(self, node):
+        return self.construct_yaml_int(node)
+
+    def construct_python_complex(self, node):
+       return complex(self.construct_scalar(node))
+
+    def construct_python_tuple(self, node):
+        return tuple(self.construct_sequence(node))
+
+    def find_python_module(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if unsafe:
+            try:
+                __import__(name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python module", mark,
+                        "cannot find module %r (%s)" % (name, exc), mark)
+        if name not in sys.modules:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "module %r is not imported" % name, mark)
+        return sys.modules[name]
+
+    def find_python_name(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if '.' in name:
+            module_name, object_name = name.rsplit('.', 1)
+        else:
+            module_name = 'builtins'
+            object_name = name
+        if unsafe:
+            try:
+                __import__(module_name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python object", mark,
+                        "cannot find module %r (%s)" % (module_name, exc), mark)
+        if module_name not in sys.modules:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "module %r is not imported" % module_name, mark)
+        module = sys.modules[module_name]
+        if not hasattr(module, object_name):
+            raise ConstructorError("while constructing a Python object", mark,
+                    "cannot find %r in the module %r"
+                    % (object_name, module.__name__), mark)
+        return getattr(module, object_name)
+
+    def construct_python_name(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python name", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_name(suffix, node.start_mark)
+
+    def construct_python_module(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python module", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_module(suffix, node.start_mark)
+
+    def make_python_instance(self, suffix, node,
+            args=None, kwds=None, newobj=False, unsafe=False):
+        if not args:
+            args = []
+        if not kwds:
+            kwds = {}
+        cls = self.find_python_name(suffix, node.start_mark)
+        if not (unsafe or isinstance(cls, type)):
+            raise ConstructorError("while constructing a Python instance", node.start_mark,
+                    "expected a class, but found %r" % type(cls),
+                    node.start_mark)
+        if newobj and isinstance(cls, type):
+            return cls.__new__(cls, *args, **kwds)
+        else:
+            return cls(*args, **kwds)
+
+    def set_python_instance_state(self, instance, state, unsafe=False):
+        if hasattr(instance, '__setstate__'):
+            instance.__setstate__(state)
+        else:
+            slotstate = {}
+            if isinstance(state, tuple) and len(state) == 2:
+                state, slotstate = state
+            if hasattr(instance, '__dict__'):
+                if not unsafe and state:
+                    for key in state.keys():
+                        self.check_state_key(key)
+                instance.__dict__.update(state)
+            elif state:
+                slotstate.update(state)
+            for key, value in slotstate.items():
+                if not unsafe:
+                    self.check_state_key(key)
+                setattr(instance, key, value)
+
+    def construct_python_object(self, suffix, node):
+        # Format:
+        #   !!python/object:module.name { ... state ... }
+        instance = self.make_python_instance(suffix, node, newobj=True)
+        yield instance
+        deep = hasattr(instance, '__setstate__')
+        state = self.construct_mapping(node, deep=deep)
+        self.set_python_instance_state(instance, state)
+
+    def construct_python_object_apply(self, suffix, node, newobj=False):
+        # Format:
+        #   !!python/object/apply       # (or !!python/object/new)
+        #   args: [ ... arguments ... ]
+        #   kwds: { ... keywords ... }
+        #   state: ... state ...
+        #   listitems: [ ... listitems ... ]
+        #   dictitems: { ... dictitems ... }
+        # or short format:
+        #   !!python/object/apply [ ... arguments ... ]
+        # The difference between !!python/object/apply and !!python/object/new
+        # is how an object is created, check make_python_instance for details.
+        if isinstance(node, SequenceNode):
+            args = self.construct_sequence(node, deep=True)
+            kwds = {}
+            state = {}
+            listitems = []
+            dictitems = {}
+        else:
+            value = self.construct_mapping(node, deep=True)
+            args = value.get('args', [])
+            kwds = value.get('kwds', {})
+            state = value.get('state', {})
+            listitems = value.get('listitems', [])
+            dictitems = value.get('dictitems', {})
+        instance = self.make_python_instance(suffix, node, args, kwds, newobj)
+        if state:
+            self.set_python_instance_state(instance, state)
+        if listitems:
+            instance.extend(listitems)
+        if dictitems:
+            for key in dictitems:
+                instance[key] = dictitems[key]
+        return instance
+
+    def construct_python_object_new(self, suffix, node):
+        return self.construct_python_object_apply(suffix, node, newobj=True)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/none',
+    FullConstructor.construct_yaml_null)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bool',
+    FullConstructor.construct_yaml_bool)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/str',
+    FullConstructor.construct_python_str)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/unicode',
+    FullConstructor.construct_python_unicode)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bytes',
+    FullConstructor.construct_python_bytes)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/int',
+    FullConstructor.construct_yaml_int)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/long',
+    FullConstructor.construct_python_long)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/float',
+    FullConstructor.construct_yaml_float)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/complex',
+    FullConstructor.construct_python_complex)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/list',
+    FullConstructor.construct_yaml_seq)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/tuple',
+    FullConstructor.construct_python_tuple)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/dict',
+    FullConstructor.construct_yaml_map)
+
+FullConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/name:',
+    FullConstructor.construct_python_name)
+
+class UnsafeConstructor(FullConstructor):
+
+    def find_python_module(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_module(name, mark, unsafe=True)
+
+    def find_python_name(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_name(name, mark, unsafe=True)
+
+    def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False):
+        return super(UnsafeConstructor, self).make_python_instance(
+            suffix, node, args, kwds, newobj, unsafe=True)
+
+    def set_python_instance_state(self, instance, state):
+        return super(UnsafeConstructor, self).set_python_instance_state(
+            instance, state, unsafe=True)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/module:',
+    UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object:',
+    UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/new:',
+    UnsafeConstructor.construct_python_object_new)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/apply:',
+    UnsafeConstructor.construct_python_object_apply)
+
+# Constructor is same as UnsafeConstructor. Need to leave this in place in case
+# people have extended it directly.
+class Constructor(UnsafeConstructor):
+    pass
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/cyaml.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/cyaml.py
new file mode 100644
index 000000000..0c2134587
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/cyaml.py
@@ -0,0 +1,101 @@
+
+__all__ = [
+    'CBaseLoader', 'CSafeLoader', 'CFullLoader', 'CUnsafeLoader', 'CLoader',
+    'CBaseDumper', 'CSafeDumper', 'CDumper'
+]
+
+from yaml._yaml import CParser, CEmitter
+
+from .constructor import *
+
+from .serializer import *
+from .representer import *
+
+from .resolver import *
+
+class CBaseLoader(CParser, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class CSafeLoader(CParser, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CFullLoader(CParser, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CUnsafeLoader(CParser, UnsafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        UnsafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CLoader(CParser, Constructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CDumper(CEmitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/dumper.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/dumper.py
new file mode 100644
index 000000000..6aadba551
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/dumper.py
@@ -0,0 +1,62 @@
+
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+
+from .emitter import *
+from .serializer import *
+from .representer import *
+from .resolver import *
+
+class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class Dumper(Emitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/emitter.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/emitter.py
new file mode 100644
index 000000000..a664d0111
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/emitter.py
@@ -0,0 +1,1137 @@
+
+# Emitter expects events obeying the following grammar:
+# stream ::= STREAM-START document* STREAM-END
+# document ::= DOCUMENT-START node DOCUMENT-END
+# node ::= SCALAR | sequence | mapping
+# sequence ::= SEQUENCE-START node* SEQUENCE-END
+# mapping ::= MAPPING-START (node node)* MAPPING-END
+
+__all__ = ['Emitter', 'EmitterError']
+
+from .error import YAMLError
+from .events import *
+
+class EmitterError(YAMLError):
+    pass
+
+class ScalarAnalysis:
+    def __init__(self, scalar, empty, multiline,
+            allow_flow_plain, allow_block_plain,
+            allow_single_quoted, allow_double_quoted,
+            allow_block):
+        self.scalar = scalar
+        self.empty = empty
+        self.multiline = multiline
+        self.allow_flow_plain = allow_flow_plain
+        self.allow_block_plain = allow_block_plain
+        self.allow_single_quoted = allow_single_quoted
+        self.allow_double_quoted = allow_double_quoted
+        self.allow_block = allow_block
+
+class Emitter:
+
+    DEFAULT_TAG_PREFIXES = {
+        '!' : '!',
+        'tag:yaml.org,2002:' : '!!',
+    }
+
+    def __init__(self, stream, canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None):
+
+        # The stream should have the methods `write` and possibly `flush`.
+        self.stream = stream
+
+        # Encoding can be overridden by STREAM-START.
+        self.encoding = None
+
+        # Emitter is a state machine with a stack of states to handle nested
+        # structures.
+        self.states = []
+        self.state = self.expect_stream_start
+
+        # Current event and the event queue.
+        self.events = []
+        self.event = None
+
+        # The current indentation level and the stack of previous indents.
+        self.indents = []
+        self.indent = None
+
+        # Flow level.
+        self.flow_level = 0
+
+        # Contexts.
+        self.root_context = False
+        self.sequence_context = False
+        self.mapping_context = False
+        self.simple_key_context = False
+
+        # Characteristics of the last emitted character:
+        #  - current position.
+        #  - is it a whitespace?
+        #  - is it an indention character
+        #    (indentation space, '-', '?', or ':')?
+        self.line = 0
+        self.column = 0
+        self.whitespace = True
+        self.indention = True
+
+        # Whether the document requires an explicit document indicator
+        self.open_ended = False
+
+        # Formatting details.
+        self.canonical = canonical
+        self.allow_unicode = allow_unicode
+        self.best_indent = 2
+        if indent and 1 < indent < 10:
+            self.best_indent = indent
+        self.best_width = 80
+        if width and width > self.best_indent*2:
+            self.best_width = width
+        self.best_line_break = '\n'
+        if line_break in ['\r', '\n', '\r\n']:
+            self.best_line_break = line_break
+
+        # Tag prefixes.
+        self.tag_prefixes = None
+
+        # Prepared anchor and tag.
+        self.prepared_anchor = None
+        self.prepared_tag = None
+
+        # Scalar analysis and style.
+        self.analysis = None
+        self.style = None
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def emit(self, event):
+        self.events.append(event)
+        while not self.need_more_events():
+            self.event = self.events.pop(0)
+            self.state()
+            self.event = None
+
+    # In some cases, we wait for a few next events before emitting.
+
+    def need_more_events(self):
+        if not self.events:
+            return True
+        event = self.events[0]
+        if isinstance(event, DocumentStartEvent):
+            return self.need_events(1)
+        elif isinstance(event, SequenceStartEvent):
+            return self.need_events(2)
+        elif isinstance(event, MappingStartEvent):
+            return self.need_events(3)
+        else:
+            return False
+
+    def need_events(self, count):
+        level = 0
+        for event in self.events[1:]:
+            if isinstance(event, (DocumentStartEvent, CollectionStartEvent)):
+                level += 1
+            elif isinstance(event, (DocumentEndEvent, CollectionEndEvent)):
+                level -= 1
+            elif isinstance(event, StreamEndEvent):
+                level = -1
+            if level < 0:
+                return False
+        return (len(self.events) < count+1)
+
+    def increase_indent(self, flow=False, indentless=False):
+        self.indents.append(self.indent)
+        if self.indent is None:
+            if flow:
+                self.indent = self.best_indent
+            else:
+                self.indent = 0
+        elif not indentless:
+            self.indent += self.best_indent
+
+    # States.
+
+    # Stream handlers.
+
+    def expect_stream_start(self):
+        if isinstance(self.event, StreamStartEvent):
+            if self.event.encoding and not hasattr(self.stream, 'encoding'):
+                self.encoding = self.event.encoding
+            self.write_stream_start()
+            self.state = self.expect_first_document_start
+        else:
+            raise EmitterError("expected StreamStartEvent, but got %s"
+                    % self.event)
+
+    def expect_nothing(self):
+        raise EmitterError("expected nothing, but got %s" % self.event)
+
+    # Document handlers.
+
+    def expect_first_document_start(self):
+        return self.expect_document_start(first=True)
+
+    def expect_document_start(self, first=False):
+        if isinstance(self.event, DocumentStartEvent):
+            if (self.event.version or self.event.tags) and self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            if self.event.version:
+                version_text = self.prepare_version(self.event.version)
+                self.write_version_directive(version_text)
+            self.tag_prefixes = self.DEFAULT_TAG_PREFIXES.copy()
+            if self.event.tags:
+                handles = sorted(self.event.tags.keys())
+                for handle in handles:
+                    prefix = self.event.tags[handle]
+                    self.tag_prefixes[prefix] = handle
+                    handle_text = self.prepare_tag_handle(handle)
+                    prefix_text = self.prepare_tag_prefix(prefix)
+                    self.write_tag_directive(handle_text, prefix_text)
+            implicit = (first and not self.event.explicit and not self.canonical
+                    and not self.event.version and not self.event.tags
+                    and not self.check_empty_document())
+            if not implicit:
+                self.write_indent()
+                self.write_indicator('---', True)
+                if self.canonical:
+                    self.write_indent()
+            self.state = self.expect_document_root
+        elif isinstance(self.event, StreamEndEvent):
+            if self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.write_stream_end()
+            self.state = self.expect_nothing
+        else:
+            raise EmitterError("expected DocumentStartEvent, but got %s"
+                    % self.event)
+
+    def expect_document_end(self):
+        if isinstance(self.event, DocumentEndEvent):
+            self.write_indent()
+            if self.event.explicit:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.flush_stream()
+            self.state = self.expect_document_start
+        else:
+            raise EmitterError("expected DocumentEndEvent, but got %s"
+                    % self.event)
+
+    def expect_document_root(self):
+        self.states.append(self.expect_document_end)
+        self.expect_node(root=True)
+
+    # Node handlers.
+
+    def expect_node(self, root=False, sequence=False, mapping=False,
+            simple_key=False):
+        self.root_context = root
+        self.sequence_context = sequence
+        self.mapping_context = mapping
+        self.simple_key_context = simple_key
+        if isinstance(self.event, AliasEvent):
+            self.expect_alias()
+        elif isinstance(self.event, (ScalarEvent, CollectionStartEvent)):
+            self.process_anchor('&')
+            self.process_tag()
+            if isinstance(self.event, ScalarEvent):
+                self.expect_scalar()
+            elif isinstance(self.event, SequenceStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_sequence():
+                    self.expect_flow_sequence()
+                else:
+                    self.expect_block_sequence()
+            elif isinstance(self.event, MappingStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_mapping():
+                    self.expect_flow_mapping()
+                else:
+                    self.expect_block_mapping()
+        else:
+            raise EmitterError("expected NodeEvent, but got %s" % self.event)
+
+    def expect_alias(self):
+        if self.event.anchor is None:
+            raise EmitterError("anchor is not specified for alias")
+        self.process_anchor('*')
+        self.state = self.states.pop()
+
+    def expect_scalar(self):
+        self.increase_indent(flow=True)
+        self.process_scalar()
+        self.indent = self.indents.pop()
+        self.state = self.states.pop()
+
+    # Flow sequence handlers.
+
+    def expect_flow_sequence(self):
+        self.write_indicator('[', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_sequence_item
+
+    def expect_first_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    def expect_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Flow mapping handlers.
+
+    def expect_flow_mapping(self):
+        self.write_indicator('{', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_mapping_key
+
+    def expect_first_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_flow_mapping_value(self):
+        if self.canonical or self.column > self.best_width:
+            self.write_indent()
+        self.write_indicator(':', True)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Block sequence handlers.
+
+    def expect_block_sequence(self):
+        indentless = (self.mapping_context and not self.indention)
+        self.increase_indent(flow=False, indentless=indentless)
+        self.state = self.expect_first_block_sequence_item
+
+    def expect_first_block_sequence_item(self):
+        return self.expect_block_sequence_item(first=True)
+
+    def expect_block_sequence_item(self, first=False):
+        if not first and isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            self.write_indicator('-', True, indention=True)
+            self.states.append(self.expect_block_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Block mapping handlers.
+
+    def expect_block_mapping(self):
+        self.increase_indent(flow=False)
+        self.state = self.expect_first_block_mapping_key
+
+    def expect_first_block_mapping_key(self):
+        return self.expect_block_mapping_key(first=True)
+
+    def expect_block_mapping_key(self, first=False):
+        if not first and isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            if self.check_simple_key():
+                self.states.append(self.expect_block_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True, indention=True)
+                self.states.append(self.expect_block_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_block_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_block_mapping_value(self):
+        self.write_indent()
+        self.write_indicator(':', True, indention=True)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Checkers.
+
+    def check_empty_sequence(self):
+        return (isinstance(self.event, SequenceStartEvent) and self.events
+                and isinstance(self.events[0], SequenceEndEvent))
+
+    def check_empty_mapping(self):
+        return (isinstance(self.event, MappingStartEvent) and self.events
+                and isinstance(self.events[0], MappingEndEvent))
+
+    def check_empty_document(self):
+        if not isinstance(self.event, DocumentStartEvent) or not self.events:
+            return False
+        event = self.events[0]
+        return (isinstance(event, ScalarEvent) and event.anchor is None
+                and event.tag is None and event.implicit and event.value == '')
+
+    def check_simple_key(self):
+        length = 0
+        if isinstance(self.event, NodeEvent) and self.event.anchor is not None:
+            if self.prepared_anchor is None:
+                self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+            length += len(self.prepared_anchor)
+        if isinstance(self.event, (ScalarEvent, CollectionStartEvent))  \
+                and self.event.tag is not None:
+            if self.prepared_tag is None:
+                self.prepared_tag = self.prepare_tag(self.event.tag)
+            length += len(self.prepared_tag)
+        if isinstance(self.event, ScalarEvent):
+            if self.analysis is None:
+                self.analysis = self.analyze_scalar(self.event.value)
+            length += len(self.analysis.scalar)
+        return (length < 128 and (isinstance(self.event, AliasEvent)
+            or (isinstance(self.event, ScalarEvent)
+                    and not self.analysis.empty and not self.analysis.multiline)
+            or self.check_empty_sequence() or self.check_empty_mapping()))
+
+    # Anchor, Tag, and Scalar processors.
+
+    def process_anchor(self, indicator):
+        if self.event.anchor is None:
+            self.prepared_anchor = None
+            return
+        if self.prepared_anchor is None:
+            self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+        if self.prepared_anchor:
+            self.write_indicator(indicator+self.prepared_anchor, True)
+        self.prepared_anchor = None
+
+    def process_tag(self):
+        tag = self.event.tag
+        if isinstance(self.event, ScalarEvent):
+            if self.style is None:
+                self.style = self.choose_scalar_style()
+            if ((not self.canonical or tag is None) and
+                ((self.style == '' and self.event.implicit[0])
+                        or (self.style != '' and self.event.implicit[1]))):
+                self.prepared_tag = None
+                return
+            if self.event.implicit[0] and tag is None:
+                tag = '!'
+                self.prepared_tag = None
+        else:
+            if (not self.canonical or tag is None) and self.event.implicit:
+                self.prepared_tag = None
+                return
+        if tag is None:
+            raise EmitterError("tag is not specified")
+        if self.prepared_tag is None:
+            self.prepared_tag = self.prepare_tag(tag)
+        if self.prepared_tag:
+            self.write_indicator(self.prepared_tag, True)
+        self.prepared_tag = None
+
+    def choose_scalar_style(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.event.style == '"' or self.canonical:
+            return '"'
+        if not self.event.style and self.event.implicit[0]:
+            if (not (self.simple_key_context and
+                    (self.analysis.empty or self.analysis.multiline))
+                and (self.flow_level and self.analysis.allow_flow_plain
+                    or (not self.flow_level and self.analysis.allow_block_plain))):
+                return ''
+        if self.event.style and self.event.style in '|>':
+            if (not self.flow_level and not self.simple_key_context
+                    and self.analysis.allow_block):
+                return self.event.style
+        if not self.event.style or self.event.style == '\'':
+            if (self.analysis.allow_single_quoted and
+                    not (self.simple_key_context and self.analysis.multiline)):
+                return '\''
+        return '"'
+
+    def process_scalar(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.style is None:
+            self.style = self.choose_scalar_style()
+        split = (not self.simple_key_context)
+        #if self.analysis.multiline and split    \
+        #        and (not self.style or self.style in '\'\"'):
+        #    self.write_indent()
+        if self.style == '"':
+            self.write_double_quoted(self.analysis.scalar, split)
+        elif self.style == '\'':
+            self.write_single_quoted(self.analysis.scalar, split)
+        elif self.style == '>':
+            self.write_folded(self.analysis.scalar)
+        elif self.style == '|':
+            self.write_literal(self.analysis.scalar)
+        else:
+            self.write_plain(self.analysis.scalar, split)
+        self.analysis = None
+        self.style = None
+
+    # Analyzers.
+
+    def prepare_version(self, version):
+        major, minor = version
+        if major != 1:
+            raise EmitterError("unsupported YAML version: %d.%d" % (major, minor))
+        return '%d.%d' % (major, minor)
+
+    def prepare_tag_handle(self, handle):
+        if not handle:
+            raise EmitterError("tag handle must not be empty")
+        if handle[0] != '!' or handle[-1] != '!':
+            raise EmitterError("tag handle must start and end with '!': %r" % handle)
+        for ch in handle[1:-1]:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the tag handle: %r"
+                        % (ch, handle))
+        return handle
+
+    def prepare_tag_prefix(self, prefix):
+        if not prefix:
+            raise EmitterError("tag prefix must not be empty")
+        chunks = []
+        start = end = 0
+        if prefix[0] == '!':
+            end = 1
+        while end < len(prefix):
+            ch = prefix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?!:@&=+$,_.~*\'()[]':
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(prefix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ord(ch))
+        if start < end:
+            chunks.append(prefix[start:end])
+        return ''.join(chunks)
+
+    def prepare_tag(self, tag):
+        if not tag:
+            raise EmitterError("tag must not be empty")
+        if tag == '!':
+            return tag
+        handle = None
+        suffix = tag
+        prefixes = sorted(self.tag_prefixes.keys())
+        for prefix in prefixes:
+            if tag.startswith(prefix)   \
+                    and (prefix == '!' or len(prefix) < len(tag)):
+                handle = self.tag_prefixes[prefix]
+                suffix = tag[len(prefix):]
+        chunks = []
+        start = end = 0
+        while end < len(suffix):
+            ch = suffix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?:@&=+$,_.~*\'()[]'   \
+                    or (ch == '!' and handle != '!'):
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(suffix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ch)
+        if start < end:
+            chunks.append(suffix[start:end])
+        suffix_text = ''.join(chunks)
+        if handle:
+            return '%s%s' % (handle, suffix_text)
+        else:
+            return '!<%s>' % suffix_text
+
+    def prepare_anchor(self, anchor):
+        if not anchor:
+            raise EmitterError("anchor must not be empty")
+        for ch in anchor:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the anchor: %r"
+                        % (ch, anchor))
+        return anchor
+
+    def analyze_scalar(self, scalar):
+
+        # Empty scalar is a special case.
+        if not scalar:
+            return ScalarAnalysis(scalar=scalar, empty=True, multiline=False,
+                    allow_flow_plain=False, allow_block_plain=True,
+                    allow_single_quoted=True, allow_double_quoted=True,
+                    allow_block=False)
+
+        # Indicators and special characters.
+        block_indicators = False
+        flow_indicators = False
+        line_breaks = False
+        special_characters = False
+
+        # Important whitespace combinations.
+        leading_space = False
+        leading_break = False
+        trailing_space = False
+        trailing_break = False
+        break_space = False
+        space_break = False
+
+        # Check document indicators.
+        if scalar.startswith('---') or scalar.startswith('...'):
+            block_indicators = True
+            flow_indicators = True
+
+        # First character or preceded by a whitespace.
+        preceded_by_whitespace = True
+
+        # Last character or followed by a whitespace.
+        followed_by_whitespace = (len(scalar) == 1 or
+                scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # The previous character is a space.
+        previous_space = False
+
+        # The previous character is a break.
+        previous_break = False
+
+        index = 0
+        while index < len(scalar):
+            ch = scalar[index]
+
+            # Check for indicators.
+            if index == 0:
+                # Leading indicators are special characters.
+                if ch in '#,[]{}&*!|>\'\"%@`':
+                    flow_indicators = True
+                    block_indicators = True
+                if ch in '?:':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '-' and followed_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+            else:
+                # Some indicators cannot appear within a scalar as well.
+                if ch in ',?[]{}':
+                    flow_indicators = True
+                if ch == ':':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '#' and preceded_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+
+            # Check for line breaks, special, and unicode characters.
+            if ch in '\n\x85\u2028\u2029':
+                line_breaks = True
+            if not (ch == '\n' or '\x20' <= ch <= '\x7E'):
+                if (ch == '\x85' or '\xA0' <= ch <= '\uD7FF'
+                        or '\uE000' <= ch <= '\uFFFD'
+                        or '\U00010000' <= ch < '\U0010ffff') and ch != '\uFEFF':
+                    unicode_characters = True
+                    if not self.allow_unicode:
+                        special_characters = True
+                else:
+                    special_characters = True
+
+            # Detect important whitespace combinations.
+            if ch == ' ':
+                if index == 0:
+                    leading_space = True
+                if index == len(scalar)-1:
+                    trailing_space = True
+                if previous_break:
+                    break_space = True
+                previous_space = True
+                previous_break = False
+            elif ch in '\n\x85\u2028\u2029':
+                if index == 0:
+                    leading_break = True
+                if index == len(scalar)-1:
+                    trailing_break = True
+                if previous_space:
+                    space_break = True
+                previous_space = False
+                previous_break = True
+            else:
+                previous_space = False
+                previous_break = False
+
+            # Prepare for the next character.
+            index += 1
+            preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
+            followed_by_whitespace = (index+1 >= len(scalar) or
+                    scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # Let's decide what styles are allowed.
+        allow_flow_plain = True
+        allow_block_plain = True
+        allow_single_quoted = True
+        allow_double_quoted = True
+        allow_block = True
+
+        # Leading and trailing whitespaces are bad for plain scalars.
+        if (leading_space or leading_break
+                or trailing_space or trailing_break):
+            allow_flow_plain = allow_block_plain = False
+
+        # We do not permit trailing spaces for block scalars.
+        if trailing_space:
+            allow_block = False
+
+        # Spaces at the beginning of a new line are only acceptable for block
+        # scalars.
+        if break_space:
+            allow_flow_plain = allow_block_plain = allow_single_quoted = False
+
+        # Spaces followed by breaks, as well as special character are only
+        # allowed for double quoted scalars.
+        if space_break or special_characters:
+            allow_flow_plain = allow_block_plain =  \
+            allow_single_quoted = allow_block = False
+
+        # Although the plain scalar writer supports breaks, we never emit
+        # multiline plain scalars.
+        if line_breaks:
+            allow_flow_plain = allow_block_plain = False
+
+        # Flow indicators are forbidden for flow plain scalars.
+        if flow_indicators:
+            allow_flow_plain = False
+
+        # Block indicators are forbidden for block plain scalars.
+        if block_indicators:
+            allow_block_plain = False
+
+        return ScalarAnalysis(scalar=scalar,
+                empty=False, multiline=line_breaks,
+                allow_flow_plain=allow_flow_plain,
+                allow_block_plain=allow_block_plain,
+                allow_single_quoted=allow_single_quoted,
+                allow_double_quoted=allow_double_quoted,
+                allow_block=allow_block)
+
+    # Writers.
+
+    def flush_stream(self):
+        if hasattr(self.stream, 'flush'):
+            self.stream.flush()
+
+    def write_stream_start(self):
+        # Write BOM if needed.
+        if self.encoding and self.encoding.startswith('utf-16'):
+            self.stream.write('\uFEFF'.encode(self.encoding))
+
+    def write_stream_end(self):
+        self.flush_stream()
+
+    def write_indicator(self, indicator, need_whitespace,
+            whitespace=False, indention=False):
+        if self.whitespace or not need_whitespace:
+            data = indicator
+        else:
+            data = ' '+indicator
+        self.whitespace = whitespace
+        self.indention = self.indention and indention
+        self.column += len(data)
+        self.open_ended = False
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_indent(self):
+        indent = self.indent or 0
+        if not self.indention or self.column > indent   \
+                or (self.column == indent and not self.whitespace):
+            self.write_line_break()
+        if self.column < indent:
+            self.whitespace = True
+            data = ' '*(indent-self.column)
+            self.column = indent
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+
+    def write_line_break(self, data=None):
+        if data is None:
+            data = self.best_line_break
+        self.whitespace = True
+        self.indention = True
+        self.line += 1
+        self.column = 0
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_version_directive(self, version_text):
+        data = '%%YAML %s' % version_text
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    def write_tag_directive(self, handle_text, prefix_text):
+        data = '%%TAG %s %s' % (handle_text, prefix_text)
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    # Scalar streams.
+
+    def write_single_quoted(self, text, split=True):
+        self.write_indicator('\'', True)
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch is None or ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split   \
+                            and start != 0 and end != len(text):
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029' or ch == '\'':
+                    if start < end:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                        start = end
+            if ch == '\'':
+                data = '\'\''
+                self.column += 2
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                start = end + 1
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+        self.write_indicator('\'', False)
+
+    ESCAPE_REPLACEMENTS = {
+        '\0':       '0',
+        '\x07':     'a',
+        '\x08':     'b',
+        '\x09':     't',
+        '\x0A':     'n',
+        '\x0B':     'v',
+        '\x0C':     'f',
+        '\x0D':     'r',
+        '\x1B':     'e',
+        '\"':       '\"',
+        '\\':       '\\',
+        '\x85':     'N',
+        '\xA0':     '_',
+        '\u2028':   'L',
+        '\u2029':   'P',
+    }
+
+    def write_double_quoted(self, text, split=True):
+        self.write_indicator('"', True)
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if ch is None or ch in '"\\\x85\u2028\u2029\uFEFF' \
+                    or not ('\x20' <= ch <= '\x7E'
+                        or (self.allow_unicode
+                            and ('\xA0' <= ch <= '\uD7FF'
+                                or '\uE000' <= ch <= '\uFFFD'))):
+                if start < end:
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+                if ch is not None:
+                    if ch in self.ESCAPE_REPLACEMENTS:
+                        data = '\\'+self.ESCAPE_REPLACEMENTS[ch]
+                    elif ch <= '\xFF':
+                        data = '\\x%02X' % ord(ch)
+                    elif ch <= '\uFFFF':
+                        data = '\\u%04X' % ord(ch)
+                    else:
+                        data = '\\U%08X' % ord(ch)
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end+1
+            if 0 < end < len(text)-1 and (ch == ' ' or start >= end)    \
+                    and self.column+(end-start) > self.best_width and split:
+                data = text[start:end]+'\\'
+                if start < end:
+                    start = end
+                self.column += len(data)
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                self.write_indent()
+                self.whitespace = False
+                self.indention = False
+                if text[start] == ' ':
+                    data = '\\'
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+            end += 1
+        self.write_indicator('"', False)
+
+    def determine_block_hints(self, text):
+        hints = ''
+        if text:
+            if text[0] in ' \n\x85\u2028\u2029':
+                hints += str(self.best_indent)
+            if text[-1] not in '\n\x85\u2028\u2029':
+                hints += '-'
+            elif len(text) == 1 or text[-2] in '\n\x85\u2028\u2029':
+                hints += '+'
+        return hints
+
+    def write_folded(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('>'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        leading_space = True
+        spaces = False
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if not leading_space and ch is not None and ch != ' '   \
+                            and text[start] == '\n':
+                        self.write_line_break()
+                    leading_space = (ch == ' ')
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            elif spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width:
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+                spaces = (ch == ' ')
+            end += 1
+
+    def write_literal(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('|'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in '\n\x85\u2028\u2029':
+                    data = text[start:end]
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+
+    def write_plain(self, text, split=True):
+        if self.root_context:
+            self.open_ended = True
+        if not text:
+            return
+        if not self.whitespace:
+            data = ' '
+            self.column += len(data)
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+        self.whitespace = False
+        self.indention = False
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split:
+                        self.write_indent()
+                        self.whitespace = False
+                        self.indention = False
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    self.whitespace = False
+                    self.indention = False
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/error.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/error.py
new file mode 100644
index 000000000..b796b4dc5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/error.py
@@ -0,0 +1,75 @@
+
+__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
+
+class Mark:
+
+    def __init__(self, name, index, line, column, buffer, pointer):
+        self.name = name
+        self.index = index
+        self.line = line
+        self.column = column
+        self.buffer = buffer
+        self.pointer = pointer
+
+    def get_snippet(self, indent=4, max_length=75):
+        if self.buffer is None:
+            return None
+        head = ''
+        start = self.pointer
+        while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
+            start -= 1
+            if self.pointer-start > max_length/2-1:
+                head = ' ... '
+                start += 5
+                break
+        tail = ''
+        end = self.pointer
+        while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
+            end += 1
+            if end-self.pointer > max_length/2-1:
+                tail = ' ... '
+                end -= 5
+                break
+        snippet = self.buffer[start:end]
+        return ' '*indent + head + snippet + tail + '\n'  \
+                + ' '*(indent+self.pointer-start+len(head)) + '^'
+
+    def __str__(self):
+        snippet = self.get_snippet()
+        where = "  in \"%s\", line %d, column %d"   \
+                % (self.name, self.line+1, self.column+1)
+        if snippet is not None:
+            where += ":\n"+snippet
+        return where
+
+class YAMLError(Exception):
+    pass
+
+class MarkedYAMLError(YAMLError):
+
+    def __init__(self, context=None, context_mark=None,
+            problem=None, problem_mark=None, note=None):
+        self.context = context
+        self.context_mark = context_mark
+        self.problem = problem
+        self.problem_mark = problem_mark
+        self.note = note
+
+    def __str__(self):
+        lines = []
+        if self.context is not None:
+            lines.append(self.context)
+        if self.context_mark is not None  \
+            and (self.problem is None or self.problem_mark is None
+                    or self.context_mark.name != self.problem_mark.name
+                    or self.context_mark.line != self.problem_mark.line
+                    or self.context_mark.column != self.problem_mark.column):
+            lines.append(str(self.context_mark))
+        if self.problem is not None:
+            lines.append(self.problem)
+        if self.problem_mark is not None:
+            lines.append(str(self.problem_mark))
+        if self.note is not None:
+            lines.append(self.note)
+        return '\n'.join(lines)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/events.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/events.py
new file mode 100644
index 000000000..f79ad389c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/events.py
@@ -0,0 +1,86 @@
+
+# Abstract classes.
+
+class Event(object):
+    def __init__(self, start_mark=None, end_mark=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in ['anchor', 'tag', 'implicit', 'value']
+                if hasattr(self, key)]
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+class NodeEvent(Event):
+    def __init__(self, anchor, start_mark=None, end_mark=None):
+        self.anchor = anchor
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class CollectionStartEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, start_mark=None, end_mark=None,
+            flow_style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class CollectionEndEvent(Event):
+    pass
+
+# Implementations.
+
+class StreamStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None, encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndEvent(Event):
+    pass
+
+class DocumentStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None, version=None, tags=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+        self.version = version
+        self.tags = tags
+
+class DocumentEndEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+
+class AliasEvent(NodeEvent):
+    pass
+
+class ScalarEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, value,
+            start_mark=None, end_mark=None, style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class SequenceStartEvent(CollectionStartEvent):
+    pass
+
+class SequenceEndEvent(CollectionEndEvent):
+    pass
+
+class MappingStartEvent(CollectionStartEvent):
+    pass
+
+class MappingEndEvent(CollectionEndEvent):
+    pass
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/loader.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/loader.py
new file mode 100644
index 000000000..e90c11224
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/loader.py
@@ -0,0 +1,63 @@
+
+__all__ = ['BaseLoader', 'FullLoader', 'SafeLoader', 'Loader', 'UnsafeLoader']
+
+from .reader import *
+from .scanner import *
+from .parser import *
+from .composer import *
+from .constructor import *
+from .resolver import *
+
+class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class FullLoader(Reader, Scanner, Parser, Composer, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+# UnsafeLoader is the same as Loader (which is and was always unsafe on
+# untrusted input). Use of either Loader or UnsafeLoader should be rare, since
+# FullLoad should be able to load almost all YAML safely. Loader is left intact
+# to ensure backwards compatibility.
+class UnsafeLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/nodes.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/nodes.py
new file mode 100644
index 000000000..c4f070c41
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/nodes.py
@@ -0,0 +1,49 @@
+
+class Node(object):
+    def __init__(self, tag, value, start_mark, end_mark):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        value = self.value
+        #if isinstance(value, list):
+        #    if len(value) == 0:
+        #        value = '<empty>'
+        #    elif len(value) == 1:
+        #        value = '<1 item>'
+        #    else:
+        #        value = '<%d items>' % len(value)
+        #else:
+        #    if len(value) > 75:
+        #        value = repr(value[:70]+u' ... ')
+        #    else:
+        #        value = repr(value)
+        value = repr(value)
+        return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
+
+class ScalarNode(Node):
+    id = 'scalar'
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class CollectionNode(Node):
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, flow_style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class SequenceNode(CollectionNode):
+    id = 'sequence'
+
+class MappingNode(CollectionNode):
+    id = 'mapping'
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/parser.py
new file mode 100644
index 000000000..13a5995d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/parser.py
@@ -0,0 +1,589 @@
+
+# The following YAML grammar is LL(1) and is parsed by a recursive descent
+# parser.
+#
+# stream            ::= STREAM-START implicit_document? explicit_document* STREAM-END
+# implicit_document ::= block_node DOCUMENT-END*
+# explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+# block_node_or_indentless_sequence ::=
+#                       ALIAS
+#                       | properties (block_content | indentless_block_sequence)?
+#                       | block_content
+#                       | indentless_block_sequence
+# block_node        ::= ALIAS
+#                       | properties block_content?
+#                       | block_content
+# flow_node         ::= ALIAS
+#                       | properties flow_content?
+#                       | flow_content
+# properties        ::= TAG ANCHOR? | ANCHOR TAG?
+# block_content     ::= block_collection | flow_collection | SCALAR
+# flow_content      ::= flow_collection | SCALAR
+# block_collection  ::= block_sequence | block_mapping
+# flow_collection   ::= flow_sequence | flow_mapping
+# block_sequence    ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+# indentless_sequence   ::= (BLOCK-ENTRY block_node?)+
+# block_mapping     ::= BLOCK-MAPPING_START
+#                       ((KEY block_node_or_indentless_sequence?)?
+#                       (VALUE block_node_or_indentless_sequence?)?)*
+#                       BLOCK-END
+# flow_sequence     ::= FLOW-SEQUENCE-START
+#                       (flow_sequence_entry FLOW-ENTRY)*
+#                       flow_sequence_entry?
+#                       FLOW-SEQUENCE-END
+# flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+# flow_mapping      ::= FLOW-MAPPING-START
+#                       (flow_mapping_entry FLOW-ENTRY)*
+#                       flow_mapping_entry?
+#                       FLOW-MAPPING-END
+# flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+#
+# FIRST sets:
+#
+# stream: { STREAM-START }
+# explicit_document: { DIRECTIVE DOCUMENT-START }
+# implicit_document: FIRST(block_node)
+# block_node: { ALIAS TAG ANCHOR SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_node: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_content: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# flow_content: { FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# block_collection: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_sequence: { BLOCK-SEQUENCE-START }
+# block_mapping: { BLOCK-MAPPING-START }
+# block_node_or_indentless_sequence: { ALIAS ANCHOR TAG SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START BLOCK-ENTRY }
+# indentless_sequence: { ENTRY }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_sequence: { FLOW-SEQUENCE-START }
+# flow_mapping: { FLOW-MAPPING-START }
+# flow_sequence_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+# flow_mapping_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+
+__all__ = ['Parser', 'ParserError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+from .events import *
+from .scanner import *
+
+class ParserError(MarkedYAMLError):
+    pass
+
+class Parser:
+    # Since writing a recursive-descendant parser is a straightforward task, we
+    # do not give many comments here.
+
+    DEFAULT_TAGS = {
+        '!':   '!',
+        '!!':  'tag:yaml.org,2002:',
+    }
+
+    def __init__(self):
+        self.current_event = None
+        self.yaml_version = None
+        self.tag_handles = {}
+        self.states = []
+        self.marks = []
+        self.state = self.parse_stream_start
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def check_event(self, *choices):
+        # Check the type of the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        if self.current_event is not None:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.current_event, choice):
+                    return True
+        return False
+
+    def peek_event(self):
+        # Get the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        return self.current_event
+
+    def get_event(self):
+        # Get the next event and proceed further.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        value = self.current_event
+        self.current_event = None
+        return value
+
+    # stream    ::= STREAM-START implicit_document? explicit_document* STREAM-END
+    # implicit_document ::= block_node DOCUMENT-END*
+    # explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+
+    def parse_stream_start(self):
+
+        # Parse the stream start.
+        token = self.get_token()
+        event = StreamStartEvent(token.start_mark, token.end_mark,
+                encoding=token.encoding)
+
+        # Prepare the next state.
+        self.state = self.parse_implicit_document_start
+
+        return event
+
+    def parse_implicit_document_start(self):
+
+        # Parse an implicit document.
+        if not self.check_token(DirectiveToken, DocumentStartToken,
+                StreamEndToken):
+            self.tag_handles = self.DEFAULT_TAGS
+            token = self.peek_token()
+            start_mark = end_mark = token.start_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=False)
+
+            # Prepare the next state.
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_block_node
+
+            return event
+
+        else:
+            return self.parse_document_start()
+
+    def parse_document_start(self):
+
+        # Parse any extra document end indicators.
+        while self.check_token(DocumentEndToken):
+            self.get_token()
+
+        # Parse an explicit document.
+        if not self.check_token(StreamEndToken):
+            token = self.peek_token()
+            start_mark = token.start_mark
+            version, tags = self.process_directives()
+            if not self.check_token(DocumentStartToken):
+                raise ParserError(None, None,
+                        "expected '<document start>', but found %r"
+                        % self.peek_token().id,
+                        self.peek_token().start_mark)
+            token = self.get_token()
+            end_mark = token.end_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=True, version=version, tags=tags)
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_document_content
+        else:
+            # Parse the end of the stream.
+            token = self.get_token()
+            event = StreamEndEvent(token.start_mark, token.end_mark)
+            assert not self.states
+            assert not self.marks
+            self.state = None
+        return event
+
+    def parse_document_end(self):
+
+        # Parse the document end.
+        token = self.peek_token()
+        start_mark = end_mark = token.start_mark
+        explicit = False
+        if self.check_token(DocumentEndToken):
+            token = self.get_token()
+            end_mark = token.end_mark
+            explicit = True
+        event = DocumentEndEvent(start_mark, end_mark,
+                explicit=explicit)
+
+        # Prepare the next state.
+        self.state = self.parse_document_start
+
+        return event
+
+    def parse_document_content(self):
+        if self.check_token(DirectiveToken,
+                DocumentStartToken, DocumentEndToken, StreamEndToken):
+            event = self.process_empty_scalar(self.peek_token().start_mark)
+            self.state = self.states.pop()
+            return event
+        else:
+            return self.parse_block_node()
+
+    def process_directives(self):
+        self.yaml_version = None
+        self.tag_handles = {}
+        while self.check_token(DirectiveToken):
+            token = self.get_token()
+            if token.name == 'YAML':
+                if self.yaml_version is not None:
+                    raise ParserError(None, None,
+                            "found duplicate YAML directive", token.start_mark)
+                major, minor = token.value
+                if major != 1:
+                    raise ParserError(None, None,
+                            "found incompatible YAML document (version 1.* is required)",
+                            token.start_mark)
+                self.yaml_version = token.value
+            elif token.name == 'TAG':
+                handle, prefix = token.value
+                if handle in self.tag_handles:
+                    raise ParserError(None, None,
+                            "duplicate tag handle %r" % handle,
+                            token.start_mark)
+                self.tag_handles[handle] = prefix
+        if self.tag_handles:
+            value = self.yaml_version, self.tag_handles.copy()
+        else:
+            value = self.yaml_version, None
+        for key in self.DEFAULT_TAGS:
+            if key not in self.tag_handles:
+                self.tag_handles[key] = self.DEFAULT_TAGS[key]
+        return value
+
+    # block_node_or_indentless_sequence ::= ALIAS
+    #               | properties (block_content | indentless_block_sequence)?
+    #               | block_content
+    #               | indentless_block_sequence
+    # block_node    ::= ALIAS
+    #                   | properties block_content?
+    #                   | block_content
+    # flow_node     ::= ALIAS
+    #                   | properties flow_content?
+    #                   | flow_content
+    # properties    ::= TAG ANCHOR? | ANCHOR TAG?
+    # block_content     ::= block_collection | flow_collection | SCALAR
+    # flow_content      ::= flow_collection | SCALAR
+    # block_collection  ::= block_sequence | block_mapping
+    # flow_collection   ::= flow_sequence | flow_mapping
+
+    def parse_block_node(self):
+        return self.parse_node(block=True)
+
+    def parse_flow_node(self):
+        return self.parse_node()
+
+    def parse_block_node_or_indentless_sequence(self):
+        return self.parse_node(block=True, indentless_sequence=True)
+
+    def parse_node(self, block=False, indentless_sequence=False):
+        if self.check_token(AliasToken):
+            token = self.get_token()
+            event = AliasEvent(token.value, token.start_mark, token.end_mark)
+            self.state = self.states.pop()
+        else:
+            anchor = None
+            tag = None
+            start_mark = end_mark = tag_mark = None
+            if self.check_token(AnchorToken):
+                token = self.get_token()
+                start_mark = token.start_mark
+                end_mark = token.end_mark
+                anchor = token.value
+                if self.check_token(TagToken):
+                    token = self.get_token()
+                    tag_mark = token.start_mark
+                    end_mark = token.end_mark
+                    tag = token.value
+            elif self.check_token(TagToken):
+                token = self.get_token()
+                start_mark = tag_mark = token.start_mark
+                end_mark = token.end_mark
+                tag = token.value
+                if self.check_token(AnchorToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    anchor = token.value
+            if tag is not None:
+                handle, suffix = tag
+                if handle is not None:
+                    if handle not in self.tag_handles:
+                        raise ParserError("while parsing a node", start_mark,
+                                "found undefined tag handle %r" % handle,
+                                tag_mark)
+                    tag = self.tag_handles[handle]+suffix
+                else:
+                    tag = suffix
+            #if tag == '!':
+            #    raise ParserError("while parsing a node", start_mark,
+            #            "found non-specific tag '!'", tag_mark,
+            #            "Please check 'http://pyyaml.org/wiki/YAMLNonSpecificTag' and share your opinion.")
+            if start_mark is None:
+                start_mark = end_mark = self.peek_token().start_mark
+            event = None
+            implicit = (tag is None or tag == '!')
+            if indentless_sequence and self.check_token(BlockEntryToken):
+                end_mark = self.peek_token().end_mark
+                event = SequenceStartEvent(anchor, tag, implicit,
+                        start_mark, end_mark)
+                self.state = self.parse_indentless_sequence_entry
+            else:
+                if self.check_token(ScalarToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    if (token.plain and tag is None) or tag == '!':
+                        implicit = (True, False)
+                    elif tag is None:
+                        implicit = (False, True)
+                    else:
+                        implicit = (False, False)
+                    event = ScalarEvent(anchor, tag, implicit, token.value,
+                            start_mark, end_mark, style=token.style)
+                    self.state = self.states.pop()
+                elif self.check_token(FlowSequenceStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_sequence_first_entry
+                elif self.check_token(FlowMappingStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_mapping_first_key
+                elif block and self.check_token(BlockSequenceStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_sequence_first_entry
+                elif block and self.check_token(BlockMappingStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_mapping_first_key
+                elif anchor is not None or tag is not None:
+                    # Empty scalars are allowed even if a tag or an anchor is
+                    # specified.
+                    event = ScalarEvent(anchor, tag, (implicit, False), '',
+                            start_mark, end_mark)
+                    self.state = self.states.pop()
+                else:
+                    if block:
+                        node = 'block'
+                    else:
+                        node = 'flow'
+                    token = self.peek_token()
+                    raise ParserError("while parsing a %s node" % node, start_mark,
+                            "expected the node content, but found %r" % token.id,
+                            token.start_mark)
+        return event
+
+    # block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+
+    def parse_block_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_sequence_entry()
+
+    def parse_block_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken, BlockEndToken):
+                self.states.append(self.parse_block_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_block_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block collection", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    # indentless_sequence ::= (BLOCK-ENTRY block_node?)+
+
+    def parse_indentless_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken,
+                    KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_indentless_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_indentless_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        token = self.peek_token()
+        event = SequenceEndEvent(token.start_mark, token.start_mark)
+        self.state = self.states.pop()
+        return event
+
+    # block_mapping     ::= BLOCK-MAPPING_START
+    #                       ((KEY block_node_or_indentless_sequence?)?
+    #                       (VALUE block_node_or_indentless_sequence?)?)*
+    #                       BLOCK-END
+
+    def parse_block_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_mapping_key()
+
+    def parse_block_mapping_key(self):
+        if self.check_token(KeyToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_value)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_value
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block mapping", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_block_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_key)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_block_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    # flow_sequence     ::= FLOW-SEQUENCE-START
+    #                       (flow_sequence_entry FLOW-ENTRY)*
+    #                       flow_sequence_entry?
+    #                       FLOW-SEQUENCE-END
+    # flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+    #
+    # Note that while production rules for both flow_sequence_entry and
+    # flow_mapping_entry are equal, their interpretations are different.
+    # For `flow_sequence_entry`, the part `KEY flow_node? (VALUE flow_node?)?`
+    # generate an inline mapping (set syntax).
+
+    def parse_flow_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_sequence_entry(first=True)
+
+    def parse_flow_sequence_entry(self, first=False):
+        if not self.check_token(FlowSequenceEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow sequence", self.marks[-1],
+                            "expected ',' or ']', but got %r" % token.id, token.start_mark)
+            
+            if self.check_token(KeyToken):
+                token = self.peek_token()
+                event = MappingStartEvent(None, None, True,
+                        token.start_mark, token.end_mark,
+                        flow_style=True)
+                self.state = self.parse_flow_sequence_entry_mapping_key
+                return event
+            elif not self.check_token(FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_sequence_entry_mapping_key(self):
+        token = self.get_token()
+        if not self.check_token(ValueToken,
+                FlowEntryToken, FlowSequenceEndToken):
+            self.states.append(self.parse_flow_sequence_entry_mapping_value)
+            return self.parse_flow_node()
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_value
+            return self.process_empty_scalar(token.end_mark)
+
+    def parse_flow_sequence_entry_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry_mapping_end)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_sequence_entry_mapping_end
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_end
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_sequence_entry_mapping_end(self):
+        self.state = self.parse_flow_sequence_entry
+        token = self.peek_token()
+        return MappingEndEvent(token.start_mark, token.start_mark)
+
+    # flow_mapping  ::= FLOW-MAPPING-START
+    #                   (flow_mapping_entry FLOW-ENTRY)*
+    #                   flow_mapping_entry?
+    #                   FLOW-MAPPING-END
+    # flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+    def parse_flow_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_mapping_key(first=True)
+
+    def parse_flow_mapping_key(self, first=False):
+        if not self.check_token(FlowMappingEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow mapping", self.marks[-1],
+                            "expected ',' or '}', but got %r" % token.id, token.start_mark)
+            if self.check_token(KeyToken):
+                token = self.get_token()
+                if not self.check_token(ValueToken,
+                        FlowEntryToken, FlowMappingEndToken):
+                    self.states.append(self.parse_flow_mapping_value)
+                    return self.parse_flow_node()
+                else:
+                    self.state = self.parse_flow_mapping_value
+                    return self.process_empty_scalar(token.end_mark)
+            elif not self.check_token(FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_empty_value)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_key)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_mapping_empty_value(self):
+        self.state = self.parse_flow_mapping_key
+        return self.process_empty_scalar(self.peek_token().start_mark)
+
+    def process_empty_scalar(self, mark):
+        return ScalarEvent(None, None, (True, False), '', mark, mark)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/reader.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/reader.py
new file mode 100644
index 000000000..774b0219b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/reader.py
@@ -0,0 +1,185 @@
+# This module contains abstractions for the input stream. You don't have to
+# looks further, there are no pretty code.
+#
+# We define two classes here.
+#
+#   Mark(source, line, column)
+# It's just a record and its only use is producing nice error messages.
+# Parser does not use it for any other purposes.
+#
+#   Reader(source, data)
+# Reader determines the encoding of `data` and converts it to unicode.
+# Reader provides the following methods and attributes:
+#   reader.peek(length=1) - return the next `length` characters
+#   reader.forward(length=1) - move the current position to `length` characters.
+#   reader.index - the number of the current character.
+#   reader.line, stream.column - the line and the column of the current character.
+
+__all__ = ['Reader', 'ReaderError']
+
+from .error import YAMLError, Mark
+
+import codecs, re
+
+class ReaderError(YAMLError):
+
+    def __init__(self, name, position, character, encoding, reason):
+        self.name = name
+        self.character = character
+        self.position = position
+        self.encoding = encoding
+        self.reason = reason
+
+    def __str__(self):
+        if isinstance(self.character, bytes):
+            return "'%s' codec can't decode byte #x%02x: %s\n"  \
+                    "  in \"%s\", position %d"    \
+                    % (self.encoding, ord(self.character), self.reason,
+                            self.name, self.position)
+        else:
+            return "unacceptable character #x%04x: %s\n"    \
+                    "  in \"%s\", position %d"    \
+                    % (self.character, self.reason,
+                            self.name, self.position)
+
+class Reader(object):
+    # Reader:
+    # - determines the data encoding and converts it to a unicode string,
+    # - checks if characters are in allowed range,
+    # - adds '\0' to the end.
+
+    # Reader accepts
+    #  - a `bytes` object,
+    #  - a `str` object,
+    #  - a file-like object with its `read` method returning `str`,
+    #  - a file-like object with its `read` method returning `unicode`.
+
+    # Yeah, it's ugly and slow.
+
+    def __init__(self, stream):
+        self.name = None
+        self.stream = None
+        self.stream_pointer = 0
+        self.eof = True
+        self.buffer = ''
+        self.pointer = 0
+        self.raw_buffer = None
+        self.raw_decode = None
+        self.encoding = None
+        self.index = 0
+        self.line = 0
+        self.column = 0
+        if isinstance(stream, str):
+            self.name = "<unicode string>"
+            self.check_printable(stream)
+            self.buffer = stream+'\0'
+        elif isinstance(stream, bytes):
+            self.name = "<byte string>"
+            self.raw_buffer = stream
+            self.determine_encoding()
+        else:
+            self.stream = stream
+            self.name = getattr(stream, 'name', "<file>")
+            self.eof = False
+            self.raw_buffer = None
+            self.determine_encoding()
+
+    def peek(self, index=0):
+        try:
+            return self.buffer[self.pointer+index]
+        except IndexError:
+            self.update(index+1)
+            return self.buffer[self.pointer+index]
+
+    def prefix(self, length=1):
+        if self.pointer+length >= len(self.buffer):
+            self.update(length)
+        return self.buffer[self.pointer:self.pointer+length]
+
+    def forward(self, length=1):
+        if self.pointer+length+1 >= len(self.buffer):
+            self.update(length+1)
+        while length:
+            ch = self.buffer[self.pointer]
+            self.pointer += 1
+            self.index += 1
+            if ch in '\n\x85\u2028\u2029'  \
+                    or (ch == '\r' and self.buffer[self.pointer] != '\n'):
+                self.line += 1
+                self.column = 0
+            elif ch != '\uFEFF':
+                self.column += 1
+            length -= 1
+
+    def get_mark(self):
+        if self.stream is None:
+            return Mark(self.name, self.index, self.line, self.column,
+                    self.buffer, self.pointer)
+        else:
+            return Mark(self.name, self.index, self.line, self.column,
+                    None, None)
+
+    def determine_encoding(self):
+        while not self.eof and (self.raw_buffer is None or len(self.raw_buffer) < 2):
+            self.update_raw()
+        if isinstance(self.raw_buffer, bytes):
+            if self.raw_buffer.startswith(codecs.BOM_UTF16_LE):
+                self.raw_decode = codecs.utf_16_le_decode
+                self.encoding = 'utf-16-le'
+            elif self.raw_buffer.startswith(codecs.BOM_UTF16_BE):
+                self.raw_decode = codecs.utf_16_be_decode
+                self.encoding = 'utf-16-be'
+            else:
+                self.raw_decode = codecs.utf_8_decode
+                self.encoding = 'utf-8'
+        self.update(1)
+
+    NON_PRINTABLE = re.compile('[^\x09\x0A\x0D\x20-\x7E\x85\xA0-\uD7FF\uE000-\uFFFD\U00010000-\U0010ffff]')
+    def check_printable(self, data):
+        match = self.NON_PRINTABLE.search(data)
+        if match:
+            character = match.group()
+            position = self.index+(len(self.buffer)-self.pointer)+match.start()
+            raise ReaderError(self.name, position, ord(character),
+                    'unicode', "special characters are not allowed")
+
+    def update(self, length):
+        if self.raw_buffer is None:
+            return
+        self.buffer = self.buffer[self.pointer:]
+        self.pointer = 0
+        while len(self.buffer) < length:
+            if not self.eof:
+                self.update_raw()
+            if self.raw_decode is not None:
+                try:
+                    data, converted = self.raw_decode(self.raw_buffer,
+                            'strict', self.eof)
+                except UnicodeDecodeError as exc:
+                    character = self.raw_buffer[exc.start]
+                    if self.stream is not None:
+                        position = self.stream_pointer-len(self.raw_buffer)+exc.start
+                    else:
+                        position = exc.start
+                    raise ReaderError(self.name, position, character,
+                            exc.encoding, exc.reason)
+            else:
+                data = self.raw_buffer
+                converted = len(data)
+            self.check_printable(data)
+            self.buffer += data
+            self.raw_buffer = self.raw_buffer[converted:]
+            if self.eof:
+                self.buffer += '\0'
+                self.raw_buffer = None
+                break
+
+    def update_raw(self, size=4096):
+        data = self.stream.read(size)
+        if self.raw_buffer is None:
+            self.raw_buffer = data
+        else:
+            self.raw_buffer += data
+        self.stream_pointer += len(data)
+        if not data:
+            self.eof = True
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/representer.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/representer.py
new file mode 100644
index 000000000..808ca06df
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/representer.py
@@ -0,0 +1,389 @@
+
+__all__ = ['BaseRepresenter', 'SafeRepresenter', 'Representer',
+    'RepresenterError']
+
+from .error import *
+from .nodes import *
+
+import datetime, copyreg, types, base64, collections
+
+class RepresenterError(YAMLError):
+    pass
+
+class BaseRepresenter:
+
+    yaml_representers = {}
+    yaml_multi_representers = {}
+
+    def __init__(self, default_style=None, default_flow_style=False, sort_keys=True):
+        self.default_style = default_style
+        self.sort_keys = sort_keys
+        self.default_flow_style = default_flow_style
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent(self, data):
+        node = self.represent_data(data)
+        self.serialize(node)
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent_data(self, data):
+        if self.ignore_aliases(data):
+            self.alias_key = None
+        else:
+            self.alias_key = id(data)
+        if self.alias_key is not None:
+            if self.alias_key in self.represented_objects:
+                node = self.represented_objects[self.alias_key]
+                #if node is None:
+                #    raise RepresenterError("recursive objects are not allowed: %r" % data)
+                return node
+            #self.represented_objects[alias_key] = None
+            self.object_keeper.append(data)
+        data_types = type(data).__mro__
+        if data_types[0] in self.yaml_representers:
+            node = self.yaml_representers[data_types[0]](self, data)
+        else:
+            for data_type in data_types:
+                if data_type in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[data_type](self, data)
+                    break
+            else:
+                if None in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[None](self, data)
+                elif None in self.yaml_representers:
+                    node = self.yaml_representers[None](self, data)
+                else:
+                    node = ScalarNode(None, str(data))
+        #if alias_key is not None:
+        #    self.represented_objects[alias_key] = node
+        return node
+
+    @classmethod
+    def add_representer(cls, data_type, representer):
+        if not 'yaml_representers' in cls.__dict__:
+            cls.yaml_representers = cls.yaml_representers.copy()
+        cls.yaml_representers[data_type] = representer
+
+    @classmethod
+    def add_multi_representer(cls, data_type, representer):
+        if not 'yaml_multi_representers' in cls.__dict__:
+            cls.yaml_multi_representers = cls.yaml_multi_representers.copy()
+        cls.yaml_multi_representers[data_type] = representer
+
+    def represent_scalar(self, tag, value, style=None):
+        if style is None:
+            style = self.default_style
+        node = ScalarNode(tag, value, style=style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        return node
+
+    def represent_sequence(self, tag, sequence, flow_style=None):
+        value = []
+        node = SequenceNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        for item in sequence:
+            node_item = self.represent_data(item)
+            if not (isinstance(node_item, ScalarNode) and not node_item.style):
+                best_style = False
+            value.append(node_item)
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def represent_mapping(self, tag, mapping, flow_style=None):
+        value = []
+        node = MappingNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        if hasattr(mapping, 'items'):
+            mapping = list(mapping.items())
+            if self.sort_keys:
+                try:
+                    mapping = sorted(mapping)
+                except TypeError:
+                    pass
+        for item_key, item_value in mapping:
+            node_key = self.represent_data(item_key)
+            node_value = self.represent_data(item_value)
+            if not (isinstance(node_key, ScalarNode) and not node_key.style):
+                best_style = False
+            if not (isinstance(node_value, ScalarNode) and not node_value.style):
+                best_style = False
+            value.append((node_key, node_value))
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def ignore_aliases(self, data):
+        return False
+
+class SafeRepresenter(BaseRepresenter):
+
+    def ignore_aliases(self, data):
+        if data is None:
+            return True
+        if isinstance(data, tuple) and data == ():
+            return True
+        if isinstance(data, (str, bytes, bool, int, float)):
+            return True
+
+    def represent_none(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:null', 'null')
+
+    def represent_str(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:str', data)
+
+    def represent_binary(self, data):
+        if hasattr(base64, 'encodebytes'):
+            data = base64.encodebytes(data).decode('ascii')
+        else:
+            data = base64.encodestring(data).decode('ascii')
+        return self.represent_scalar('tag:yaml.org,2002:binary', data, style='|')
+
+    def represent_bool(self, data):
+        if data:
+            value = 'true'
+        else:
+            value = 'false'
+        return self.represent_scalar('tag:yaml.org,2002:bool', value)
+
+    def represent_int(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:int', str(data))
+
+    inf_value = 1e300
+    while repr(inf_value) != repr(inf_value*inf_value):
+        inf_value *= inf_value
+
+    def represent_float(self, data):
+        if data != data or (data == 0.0 and data == 1.0):
+            value = '.nan'
+        elif data == self.inf_value:
+            value = '.inf'
+        elif data == -self.inf_value:
+            value = '-.inf'
+        else:
+            value = repr(data).lower()
+            # Note that in some cases `repr(data)` represents a float number
+            # without the decimal parts.  For instance:
+            #   >>> repr(1e17)
+            #   '1e17'
+            # Unfortunately, this is not a valid float representation according
+            # to the definition of the `!!float` tag.  We fix this by adding
+            # '.0' before the 'e' symbol.
+            if '.' not in value and 'e' in value:
+                value = value.replace('e', '.0e', 1)
+        return self.represent_scalar('tag:yaml.org,2002:float', value)
+
+    def represent_list(self, data):
+        #pairs = (len(data) > 0 and isinstance(data, list))
+        #if pairs:
+        #    for item in data:
+        #        if not isinstance(item, tuple) or len(item) != 2:
+        #            pairs = False
+        #            break
+        #if not pairs:
+            return self.represent_sequence('tag:yaml.org,2002:seq', data)
+        #value = []
+        #for item_key, item_value in data:
+        #    value.append(self.represent_mapping(u'tag:yaml.org,2002:map',
+        #        [(item_key, item_value)]))
+        #return SequenceNode(u'tag:yaml.org,2002:pairs', value)
+
+    def represent_dict(self, data):
+        return self.represent_mapping('tag:yaml.org,2002:map', data)
+
+    def represent_set(self, data):
+        value = {}
+        for key in data:
+            value[key] = None
+        return self.represent_mapping('tag:yaml.org,2002:set', value)
+
+    def represent_date(self, data):
+        value = data.isoformat()
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_datetime(self, data):
+        value = data.isoformat(' ')
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_yaml_object(self, tag, data, cls, flow_style=None):
+        if hasattr(data, '__getstate__'):
+            state = data.__getstate__()
+        else:
+            state = data.__dict__.copy()
+        return self.represent_mapping(tag, state, flow_style=flow_style)
+
+    def represent_undefined(self, data):
+        raise RepresenterError("cannot represent an object", data)
+
+SafeRepresenter.add_representer(type(None),
+        SafeRepresenter.represent_none)
+
+SafeRepresenter.add_representer(str,
+        SafeRepresenter.represent_str)
+
+SafeRepresenter.add_representer(bytes,
+        SafeRepresenter.represent_binary)
+
+SafeRepresenter.add_representer(bool,
+        SafeRepresenter.represent_bool)
+
+SafeRepresenter.add_representer(int,
+        SafeRepresenter.represent_int)
+
+SafeRepresenter.add_representer(float,
+        SafeRepresenter.represent_float)
+
+SafeRepresenter.add_representer(list,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(tuple,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(dict,
+        SafeRepresenter.represent_dict)
+
+SafeRepresenter.add_representer(set,
+        SafeRepresenter.represent_set)
+
+SafeRepresenter.add_representer(datetime.date,
+        SafeRepresenter.represent_date)
+
+SafeRepresenter.add_representer(datetime.datetime,
+        SafeRepresenter.represent_datetime)
+
+SafeRepresenter.add_representer(None,
+        SafeRepresenter.represent_undefined)
+
+class Representer(SafeRepresenter):
+
+    def represent_complex(self, data):
+        if data.imag == 0.0:
+            data = '%r' % data.real
+        elif data.real == 0.0:
+            data = '%rj' % data.imag
+        elif data.imag > 0:
+            data = '%r+%rj' % (data.real, data.imag)
+        else:
+            data = '%r%rj' % (data.real, data.imag)
+        return self.represent_scalar('tag:yaml.org,2002:python/complex', data)
+
+    def represent_tuple(self, data):
+        return self.represent_sequence('tag:yaml.org,2002:python/tuple', data)
+
+    def represent_name(self, data):
+        name = '%s.%s' % (data.__module__, data.__name__)
+        return self.represent_scalar('tag:yaml.org,2002:python/name:'+name, '')
+
+    def represent_module(self, data):
+        return self.represent_scalar(
+                'tag:yaml.org,2002:python/module:'+data.__name__, '')
+
+    def represent_object(self, data):
+        # We use __reduce__ API to save the data. data.__reduce__ returns
+        # a tuple of length 2-5:
+        #   (function, args, state, listitems, dictitems)
+
+        # For reconstructing, we calls function(*args), then set its state,
+        # listitems, and dictitems if they are not None.
+
+        # A special case is when function.__name__ == '__newobj__'. In this
+        # case we create the object with args[0].__new__(*args).
+
+        # Another special case is when __reduce__ returns a string - we don't
+        # support it.
+
+        # We produce a !!python/object, !!python/object/new or
+        # !!python/object/apply node.
+
+        cls = type(data)
+        if cls in copyreg.dispatch_table:
+            reduce = copyreg.dispatch_table[cls](data)
+        elif hasattr(data, '__reduce_ex__'):
+            reduce = data.__reduce_ex__(2)
+        elif hasattr(data, '__reduce__'):
+            reduce = data.__reduce__()
+        else:
+            raise RepresenterError("cannot represent an object", data)
+        reduce = (list(reduce)+[None]*5)[:5]
+        function, args, state, listitems, dictitems = reduce
+        args = list(args)
+        if state is None:
+            state = {}
+        if listitems is not None:
+            listitems = list(listitems)
+        if dictitems is not None:
+            dictitems = dict(dictitems)
+        if function.__name__ == '__newobj__':
+            function = args[0]
+            args = args[1:]
+            tag = 'tag:yaml.org,2002:python/object/new:'
+            newobj = True
+        else:
+            tag = 'tag:yaml.org,2002:python/object/apply:'
+            newobj = False
+        function_name = '%s.%s' % (function.__module__, function.__name__)
+        if not args and not listitems and not dictitems \
+                and isinstance(state, dict) and newobj:
+            return self.represent_mapping(
+                    'tag:yaml.org,2002:python/object:'+function_name, state)
+        if not listitems and not dictitems  \
+                and isinstance(state, dict) and not state:
+            return self.represent_sequence(tag+function_name, args)
+        value = {}
+        if args:
+            value['args'] = args
+        if state or not isinstance(state, dict):
+            value['state'] = state
+        if listitems:
+            value['listitems'] = listitems
+        if dictitems:
+            value['dictitems'] = dictitems
+        return self.represent_mapping(tag+function_name, value)
+
+    def represent_ordered_dict(self, data):
+        # Provide uniform representation across different Python versions.
+        data_type = type(data)
+        tag = 'tag:yaml.org,2002:python/object/apply:%s.%s' \
+                % (data_type.__module__, data_type.__name__)
+        items = [[key, value] for key, value in data.items()]
+        return self.represent_sequence(tag, [items])
+
+Representer.add_representer(complex,
+        Representer.represent_complex)
+
+Representer.add_representer(tuple,
+        Representer.represent_tuple)
+
+Representer.add_multi_representer(type,
+        Representer.represent_name)
+
+Representer.add_representer(collections.OrderedDict,
+        Representer.represent_ordered_dict)
+
+Representer.add_representer(types.FunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.BuiltinFunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.ModuleType,
+        Representer.represent_module)
+
+Representer.add_multi_representer(object,
+        Representer.represent_object)
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/resolver.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/resolver.py
new file mode 100644
index 000000000..3522bdaaf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/resolver.py
@@ -0,0 +1,227 @@
+
+__all__ = ['BaseResolver', 'Resolver']
+
+from .error import *
+from .nodes import *
+
+import re
+
+class ResolverError(YAMLError):
+    pass
+
+class BaseResolver:
+
+    DEFAULT_SCALAR_TAG = 'tag:yaml.org,2002:str'
+    DEFAULT_SEQUENCE_TAG = 'tag:yaml.org,2002:seq'
+    DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map'
+
+    yaml_implicit_resolvers = {}
+    yaml_path_resolvers = {}
+
+    def __init__(self):
+        self.resolver_exact_paths = []
+        self.resolver_prefix_paths = []
+
+    @classmethod
+    def add_implicit_resolver(cls, tag, regexp, first):
+        if not 'yaml_implicit_resolvers' in cls.__dict__:
+            implicit_resolvers = {}
+            for key in cls.yaml_implicit_resolvers:
+                implicit_resolvers[key] = cls.yaml_implicit_resolvers[key][:]
+            cls.yaml_implicit_resolvers = implicit_resolvers
+        if first is None:
+            first = [None]
+        for ch in first:
+            cls.yaml_implicit_resolvers.setdefault(ch, []).append((tag, regexp))
+
+    @classmethod
+    def add_path_resolver(cls, tag, path, kind=None):
+        # Note: `add_path_resolver` is experimental.  The API could be changed.
+        # `new_path` is a pattern that is matched against the path from the
+        # root to the node that is being considered.  `node_path` elements are
+        # tuples `(node_check, index_check)`.  `node_check` is a node class:
+        # `ScalarNode`, `SequenceNode`, `MappingNode` or `None`.  `None`
+        # matches any kind of a node.  `index_check` could be `None`, a boolean
+        # value, a string value, or a number.  `None` and `False` match against
+        # any _value_ of sequence and mapping nodes.  `True` matches against
+        # any _key_ of a mapping node.  A string `index_check` matches against
+        # a mapping value that corresponds to a scalar key which content is
+        # equal to the `index_check` value.  An integer `index_check` matches
+        # against a sequence value with the index equal to `index_check`.
+        if not 'yaml_path_resolvers' in cls.__dict__:
+            cls.yaml_path_resolvers = cls.yaml_path_resolvers.copy()
+        new_path = []
+        for element in path:
+            if isinstance(element, (list, tuple)):
+                if len(element) == 2:
+                    node_check, index_check = element
+                elif len(element) == 1:
+                    node_check = element[0]
+                    index_check = True
+                else:
+                    raise ResolverError("Invalid path element: %s" % element)
+            else:
+                node_check = None
+                index_check = element
+            if node_check is str:
+                node_check = ScalarNode
+            elif node_check is list:
+                node_check = SequenceNode
+            elif node_check is dict:
+                node_check = MappingNode
+            elif node_check not in [ScalarNode, SequenceNode, MappingNode]  \
+                    and not isinstance(node_check, str) \
+                    and node_check is not None:
+                raise ResolverError("Invalid node checker: %s" % node_check)
+            if not isinstance(index_check, (str, int))  \
+                    and index_check is not None:
+                raise ResolverError("Invalid index checker: %s" % index_check)
+            new_path.append((node_check, index_check))
+        if kind is str:
+            kind = ScalarNode
+        elif kind is list:
+            kind = SequenceNode
+        elif kind is dict:
+            kind = MappingNode
+        elif kind not in [ScalarNode, SequenceNode, MappingNode]    \
+                and kind is not None:
+            raise ResolverError("Invalid node kind: %s" % kind)
+        cls.yaml_path_resolvers[tuple(new_path), kind] = tag
+
+    def descend_resolver(self, current_node, current_index):
+        if not self.yaml_path_resolvers:
+            return
+        exact_paths = {}
+        prefix_paths = []
+        if current_node:
+            depth = len(self.resolver_prefix_paths)
+            for path, kind in self.resolver_prefix_paths[-1]:
+                if self.check_resolver_prefix(depth, path, kind,
+                        current_node, current_index):
+                    if len(path) > depth:
+                        prefix_paths.append((path, kind))
+                    else:
+                        exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+        else:
+            for path, kind in self.yaml_path_resolvers:
+                if not path:
+                    exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+                else:
+                    prefix_paths.append((path, kind))
+        self.resolver_exact_paths.append(exact_paths)
+        self.resolver_prefix_paths.append(prefix_paths)
+
+    def ascend_resolver(self):
+        if not self.yaml_path_resolvers:
+            return
+        self.resolver_exact_paths.pop()
+        self.resolver_prefix_paths.pop()
+
+    def check_resolver_prefix(self, depth, path, kind,
+            current_node, current_index):
+        node_check, index_check = path[depth-1]
+        if isinstance(node_check, str):
+            if current_node.tag != node_check:
+                return
+        elif node_check is not None:
+            if not isinstance(current_node, node_check):
+                return
+        if index_check is True and current_index is not None:
+            return
+        if (index_check is False or index_check is None)    \
+                and current_index is None:
+            return
+        if isinstance(index_check, str):
+            if not (isinstance(current_index, ScalarNode)
+                    and index_check == current_index.value):
+                return
+        elif isinstance(index_check, int) and not isinstance(index_check, bool):
+            if index_check != current_index:
+                return
+        return True
+
+    def resolve(self, kind, value, implicit):
+        if kind is ScalarNode and implicit[0]:
+            if value == '':
+                resolvers = self.yaml_implicit_resolvers.get('', [])
+            else:
+                resolvers = self.yaml_implicit_resolvers.get(value[0], [])
+            wildcard_resolvers = self.yaml_implicit_resolvers.get(None, [])
+            for tag, regexp in resolvers + wildcard_resolvers:
+                if regexp.match(value):
+                    return tag
+            implicit = implicit[1]
+        if self.yaml_path_resolvers:
+            exact_paths = self.resolver_exact_paths[-1]
+            if kind in exact_paths:
+                return exact_paths[kind]
+            if None in exact_paths:
+                return exact_paths[None]
+        if kind is ScalarNode:
+            return self.DEFAULT_SCALAR_TAG
+        elif kind is SequenceNode:
+            return self.DEFAULT_SEQUENCE_TAG
+        elif kind is MappingNode:
+            return self.DEFAULT_MAPPING_TAG
+
+class Resolver(BaseResolver):
+    pass
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:bool',
+        re.compile(r'''^(?:yes|Yes|YES|no|No|NO
+                    |true|True|TRUE|false|False|FALSE
+                    |on|On|ON|off|Off|OFF)$''', re.X),
+        list('yYnNtTfFoO'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:float',
+        re.compile(r'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
+                    |\.[0-9][0-9_]*(?:[eE][-+][0-9]+)?
+                    |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\.[0-9_]*
+                    |[-+]?\.(?:inf|Inf|INF)
+                    |\.(?:nan|NaN|NAN))$''', re.X),
+        list('-+0123456789.'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:int',
+        re.compile(r'''^(?:[-+]?0b[0-1_]+
+                    |[-+]?0[0-7_]+
+                    |[-+]?(?:0|[1-9][0-9_]*)
+                    |[-+]?0x[0-9a-fA-F_]+
+                    |[-+]?[1-9][0-9_]*(?::[0-5]?[0-9])+)$''', re.X),
+        list('-+0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:merge',
+        re.compile(r'^(?:<<)$'),
+        ['<'])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:null',
+        re.compile(r'''^(?: ~
+                    |null|Null|NULL
+                    | )$''', re.X),
+        ['~', 'n', 'N', ''])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:timestamp',
+        re.compile(r'''^(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]
+                    |[0-9][0-9][0-9][0-9] -[0-9][0-9]? -[0-9][0-9]?
+                     (?:[Tt]|[ \t]+)[0-9][0-9]?
+                     :[0-9][0-9] :[0-9][0-9] (?:\.[0-9]*)?
+                     (?:[ \t]*(?:Z|[-+][0-9][0-9]?(?::[0-9][0-9])?))?)$''', re.X),
+        list('0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:value',
+        re.compile(r'^(?:=)$'),
+        ['='])
+
+# The following resolver is only for documentation purposes. It cannot work
+# because plain scalars cannot start with '!', '&', or '*'.
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:yaml',
+        re.compile(r'^(?:!|&|\*)$'),
+        list('!&*'))
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/scanner.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/scanner.py
new file mode 100644
index 000000000..de925b07f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/scanner.py
@@ -0,0 +1,1435 @@
+
+# Scanner produces tokens of the following types:
+# STREAM-START
+# STREAM-END
+# DIRECTIVE(name, value)
+# DOCUMENT-START
+# DOCUMENT-END
+# BLOCK-SEQUENCE-START
+# BLOCK-MAPPING-START
+# BLOCK-END
+# FLOW-SEQUENCE-START
+# FLOW-MAPPING-START
+# FLOW-SEQUENCE-END
+# FLOW-MAPPING-END
+# BLOCK-ENTRY
+# FLOW-ENTRY
+# KEY
+# VALUE
+# ALIAS(value)
+# ANCHOR(value)
+# TAG(value)
+# SCALAR(value, plain, style)
+#
+# Read comments in the Scanner code for more details.
+#
+
+__all__ = ['Scanner', 'ScannerError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+
+class ScannerError(MarkedYAMLError):
+    pass
+
+class SimpleKey:
+    # See below simple keys treatment.
+
+    def __init__(self, token_number, required, index, line, column, mark):
+        self.token_number = token_number
+        self.required = required
+        self.index = index
+        self.line = line
+        self.column = column
+        self.mark = mark
+
+class Scanner:
+
+    def __init__(self):
+        """Initialize the scanner."""
+        # It is assumed that Scanner and Reader will have a common descendant.
+        # Reader do the dirty work of checking for BOM and converting the
+        # input data to Unicode. It also adds NUL to the end.
+        #
+        # Reader supports the following methods
+        #   self.peek(i=0)       # peek the next i-th character
+        #   self.prefix(l=1)     # peek the next l characters
+        #   self.forward(l=1)    # read the next l characters and move the pointer.
+
+        # Had we reached the end of the stream?
+        self.done = False
+
+        # The number of unclosed '{' and '['. `flow_level == 0` means block
+        # context.
+        self.flow_level = 0
+
+        # List of processed tokens that are not yet emitted.
+        self.tokens = []
+
+        # Add the STREAM-START token.
+        self.fetch_stream_start()
+
+        # Number of tokens that were emitted through the `get_token` method.
+        self.tokens_taken = 0
+
+        # The current indentation level.
+        self.indent = -1
+
+        # Past indentation levels.
+        self.indents = []
+
+        # Variables related to simple keys treatment.
+
+        # A simple key is a key that is not denoted by the '?' indicator.
+        # Example of simple keys:
+        #   ---
+        #   block simple key: value
+        #   ? not a simple key:
+        #   : { flow simple key: value }
+        # We emit the KEY token before all keys, so when we find a potential
+        # simple key, we try to locate the corresponding ':' indicator.
+        # Simple keys should be limited to a single line and 1024 characters.
+
+        # Can a simple key start at the current position? A simple key may
+        # start:
+        # - at the beginning of the line, not counting indentation spaces
+        #       (in block context),
+        # - after '{', '[', ',' (in the flow context),
+        # - after '?', ':', '-' (in the block context).
+        # In the block context, this flag also signifies if a block collection
+        # may start at the current position.
+        self.allow_simple_key = True
+
+        # Keep track of possible simple keys. This is a dictionary. The key
+        # is `flow_level`; there can be no more that one possible simple key
+        # for each level. The value is a SimpleKey record:
+        #   (token_number, required, index, line, column, mark)
+        # A simple key may start with ALIAS, ANCHOR, TAG, SCALAR(flow),
+        # '[', or '{' tokens.
+        self.possible_simple_keys = {}
+
+    # Public methods.
+
+    def check_token(self, *choices):
+        # Check if the next token is one of the given types.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.tokens[0], choice):
+                    return True
+        return False
+
+    def peek_token(self):
+        # Return the next token, but do not delete if from the queue.
+        # Return None if no more tokens.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            return self.tokens[0]
+        else:
+            return None
+
+    def get_token(self):
+        # Return the next token.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            self.tokens_taken += 1
+            return self.tokens.pop(0)
+
+    # Private methods.
+
+    def need_more_tokens(self):
+        if self.done:
+            return False
+        if not self.tokens:
+            return True
+        # The current token may be a potential simple key, so we
+        # need to look further.
+        self.stale_possible_simple_keys()
+        if self.next_possible_simple_key() == self.tokens_taken:
+            return True
+
+    def fetch_more_tokens(self):
+
+        # Eat whitespaces and comments until we reach the next token.
+        self.scan_to_next_token()
+
+        # Remove obsolete possible simple keys.
+        self.stale_possible_simple_keys()
+
+        # Compare the current indentation and column. It may add some tokens
+        # and decrease the current indentation level.
+        self.unwind_indent(self.column)
+
+        # Peek the next character.
+        ch = self.peek()
+
+        # Is it the end of stream?
+        if ch == '\0':
+            return self.fetch_stream_end()
+
+        # Is it a directive?
+        if ch == '%' and self.check_directive():
+            return self.fetch_directive()
+
+        # Is it the document start?
+        if ch == '-' and self.check_document_start():
+            return self.fetch_document_start()
+
+        # Is it the document end?
+        if ch == '.' and self.check_document_end():
+            return self.fetch_document_end()
+
+        # TODO: support for BOM within a stream.
+        #if ch == '\uFEFF':
+        #    return self.fetch_bom()    <-- issue BOMToken
+
+        # Note: the order of the following checks is NOT significant.
+
+        # Is it the flow sequence start indicator?
+        if ch == '[':
+            return self.fetch_flow_sequence_start()
+
+        # Is it the flow mapping start indicator?
+        if ch == '{':
+            return self.fetch_flow_mapping_start()
+
+        # Is it the flow sequence end indicator?
+        if ch == ']':
+            return self.fetch_flow_sequence_end()
+
+        # Is it the flow mapping end indicator?
+        if ch == '}':
+            return self.fetch_flow_mapping_end()
+
+        # Is it the flow entry indicator?
+        if ch == ',':
+            return self.fetch_flow_entry()
+
+        # Is it the block entry indicator?
+        if ch == '-' and self.check_block_entry():
+            return self.fetch_block_entry()
+
+        # Is it the key indicator?
+        if ch == '?' and self.check_key():
+            return self.fetch_key()
+
+        # Is it the value indicator?
+        if ch == ':' and self.check_value():
+            return self.fetch_value()
+
+        # Is it an alias?
+        if ch == '*':
+            return self.fetch_alias()
+
+        # Is it an anchor?
+        if ch == '&':
+            return self.fetch_anchor()
+
+        # Is it a tag?
+        if ch == '!':
+            return self.fetch_tag()
+
+        # Is it a literal scalar?
+        if ch == '|' and not self.flow_level:
+            return self.fetch_literal()
+
+        # Is it a folded scalar?
+        if ch == '>' and not self.flow_level:
+            return self.fetch_folded()
+
+        # Is it a single quoted scalar?
+        if ch == '\'':
+            return self.fetch_single()
+
+        # Is it a double quoted scalar?
+        if ch == '\"':
+            return self.fetch_double()
+
+        # It must be a plain scalar then.
+        if self.check_plain():
+            return self.fetch_plain()
+
+        # No? It's an error. Let's produce a nice error message.
+        raise ScannerError("while scanning for the next token", None,
+                "found character %r that cannot start any token" % ch,
+                self.get_mark())
+
+    # Simple keys treatment.
+
+    def next_possible_simple_key(self):
+        # Return the number of the nearest possible simple key. Actually we
+        # don't need to loop through the whole dictionary. We may replace it
+        # with the following code:
+        #   if not self.possible_simple_keys:
+        #       return None
+        #   return self.possible_simple_keys[
+        #           min(self.possible_simple_keys.keys())].token_number
+        min_token_number = None
+        for level in self.possible_simple_keys:
+            key = self.possible_simple_keys[level]
+            if min_token_number is None or key.token_number < min_token_number:
+                min_token_number = key.token_number
+        return min_token_number
+
+    def stale_possible_simple_keys(self):
+        # Remove entries that are no longer possible simple keys. According to
+        # the YAML specification, simple keys
+        # - should be limited to a single line,
+        # - should be no longer than 1024 characters.
+        # Disabling this procedure will allow simple keys of any length and
+        # height (may cause problems if indentation is broken though).
+        for level in list(self.possible_simple_keys):
+            key = self.possible_simple_keys[level]
+            if key.line != self.line  \
+                    or self.index-key.index > 1024:
+                if key.required:
+                    raise ScannerError("while scanning a simple key", key.mark,
+                            "could not find expected ':'", self.get_mark())
+                del self.possible_simple_keys[level]
+
+    def save_possible_simple_key(self):
+        # The next token may start a simple key. We check if it's possible
+        # and save its position. This function is called for
+        #   ALIAS, ANCHOR, TAG, SCALAR(flow), '[', and '{'.
+
+        # Check if a simple key is required at the current position.
+        required = not self.flow_level and self.indent == self.column
+
+        # The next token might be a simple key. Let's save it's number and
+        # position.
+        if self.allow_simple_key:
+            self.remove_possible_simple_key()
+            token_number = self.tokens_taken+len(self.tokens)
+            key = SimpleKey(token_number, required,
+                    self.index, self.line, self.column, self.get_mark())
+            self.possible_simple_keys[self.flow_level] = key
+
+    def remove_possible_simple_key(self):
+        # Remove the saved possible key position at the current flow level.
+        if self.flow_level in self.possible_simple_keys:
+            key = self.possible_simple_keys[self.flow_level]
+            
+            if key.required:
+                raise ScannerError("while scanning a simple key", key.mark,
+                        "could not find expected ':'", self.get_mark())
+
+            del self.possible_simple_keys[self.flow_level]
+
+    # Indentation functions.
+
+    def unwind_indent(self, column):
+
+        ## In flow context, tokens should respect indentation.
+        ## Actually the condition should be `self.indent >= column` according to
+        ## the spec. But this condition will prohibit intuitively correct
+        ## constructions such as
+        ## key : {
+        ## }
+        #if self.flow_level and self.indent > column:
+        #    raise ScannerError(None, None,
+        #            "invalid indentation or unclosed '[' or '{'",
+        #            self.get_mark())
+
+        # In the flow context, indentation is ignored. We make the scanner less
+        # restrictive then specification requires.
+        if self.flow_level:
+            return
+
+        # In block context, we may need to issue the BLOCK-END tokens.
+        while self.indent > column:
+            mark = self.get_mark()
+            self.indent = self.indents.pop()
+            self.tokens.append(BlockEndToken(mark, mark))
+
+    def add_indent(self, column):
+        # Check if we need to increase indentation.
+        if self.indent < column:
+            self.indents.append(self.indent)
+            self.indent = column
+            return True
+        return False
+
+    # Fetchers.
+
+    def fetch_stream_start(self):
+        # We always add STREAM-START as the first token and STREAM-END as the
+        # last token.
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-START.
+        self.tokens.append(StreamStartToken(mark, mark,
+            encoding=self.encoding))
+        
+
+    def fetch_stream_end(self):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+        self.possible_simple_keys = {}
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-END.
+        self.tokens.append(StreamEndToken(mark, mark))
+
+        # The steam is finished.
+        self.done = True
+
+    def fetch_directive(self):
+        
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Scan and add DIRECTIVE.
+        self.tokens.append(self.scan_directive())
+
+    def fetch_document_start(self):
+        self.fetch_document_indicator(DocumentStartToken)
+
+    def fetch_document_end(self):
+        self.fetch_document_indicator(DocumentEndToken)
+
+    def fetch_document_indicator(self, TokenClass):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys. Note that there could not be a block collection
+        # after '---'.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Add DOCUMENT-START or DOCUMENT-END.
+        start_mark = self.get_mark()
+        self.forward(3)
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_start(self):
+        self.fetch_flow_collection_start(FlowSequenceStartToken)
+
+    def fetch_flow_mapping_start(self):
+        self.fetch_flow_collection_start(FlowMappingStartToken)
+
+    def fetch_flow_collection_start(self, TokenClass):
+
+        # '[' and '{' may start a simple key.
+        self.save_possible_simple_key()
+
+        # Increase the flow level.
+        self.flow_level += 1
+
+        # Simple keys are allowed after '[' and '{'.
+        self.allow_simple_key = True
+
+        # Add FLOW-SEQUENCE-START or FLOW-MAPPING-START.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_end(self):
+        self.fetch_flow_collection_end(FlowSequenceEndToken)
+
+    def fetch_flow_mapping_end(self):
+        self.fetch_flow_collection_end(FlowMappingEndToken)
+
+    def fetch_flow_collection_end(self, TokenClass):
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Decrease the flow level.
+        self.flow_level -= 1
+
+        # No simple keys after ']' or '}'.
+        self.allow_simple_key = False
+
+        # Add FLOW-SEQUENCE-END or FLOW-MAPPING-END.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_entry(self):
+
+        # Simple keys are allowed after ','.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add FLOW-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(FlowEntryToken(start_mark, end_mark))
+
+    def fetch_block_entry(self):
+
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a new entry?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "sequence entries are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-SEQUENCE-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockSequenceStartToken(mark, mark))
+
+        # It's an error for the block entry to occur in the flow context,
+        # but we let the parser detect this.
+        else:
+            pass
+
+        # Simple keys are allowed after '-'.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add BLOCK-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(BlockEntryToken(start_mark, end_mark))
+
+    def fetch_key(self):
+        
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a key (not necessary a simple)?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "mapping keys are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-MAPPING-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockMappingStartToken(mark, mark))
+
+        # Simple keys are allowed after '?' in the block context.
+        self.allow_simple_key = not self.flow_level
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add KEY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(KeyToken(start_mark, end_mark))
+
+    def fetch_value(self):
+
+        # Do we determine a simple key?
+        if self.flow_level in self.possible_simple_keys:
+
+            # Add KEY.
+            key = self.possible_simple_keys[self.flow_level]
+            del self.possible_simple_keys[self.flow_level]
+            self.tokens.insert(key.token_number-self.tokens_taken,
+                    KeyToken(key.mark, key.mark))
+
+            # If this key starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.
+            if not self.flow_level:
+                if self.add_indent(key.column):
+                    self.tokens.insert(key.token_number-self.tokens_taken,
+                            BlockMappingStartToken(key.mark, key.mark))
+
+            # There cannot be two simple keys one after another.
+            self.allow_simple_key = False
+
+        # It must be a part of a complex key.
+        else:
+            
+            # Block context needs additional checks.
+            # (Do we really need them? They will be caught by the parser
+            # anyway.)
+            if not self.flow_level:
+
+                # We are allowed to start a complex value if and only if
+                # we can start a simple key.
+                if not self.allow_simple_key:
+                    raise ScannerError(None, None,
+                            "mapping values are not allowed here",
+                            self.get_mark())
+
+            # If this value starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.  It will be detected as an error later by
+            # the parser.
+            if not self.flow_level:
+                if self.add_indent(self.column):
+                    mark = self.get_mark()
+                    self.tokens.append(BlockMappingStartToken(mark, mark))
+
+            # Simple keys are allowed after ':' in the block context.
+            self.allow_simple_key = not self.flow_level
+
+            # Reset possible simple key on the current level.
+            self.remove_possible_simple_key()
+
+        # Add VALUE.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(ValueToken(start_mark, end_mark))
+
+    def fetch_alias(self):
+
+        # ALIAS could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ALIAS.
+        self.allow_simple_key = False
+
+        # Scan and add ALIAS.
+        self.tokens.append(self.scan_anchor(AliasToken))
+
+    def fetch_anchor(self):
+
+        # ANCHOR could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ANCHOR.
+        self.allow_simple_key = False
+
+        # Scan and add ANCHOR.
+        self.tokens.append(self.scan_anchor(AnchorToken))
+
+    def fetch_tag(self):
+
+        # TAG could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after TAG.
+        self.allow_simple_key = False
+
+        # Scan and add TAG.
+        self.tokens.append(self.scan_tag())
+
+    def fetch_literal(self):
+        self.fetch_block_scalar(style='|')
+
+    def fetch_folded(self):
+        self.fetch_block_scalar(style='>')
+
+    def fetch_block_scalar(self, style):
+
+        # A simple key may follow a block scalar.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_block_scalar(style))
+
+    def fetch_single(self):
+        self.fetch_flow_scalar(style='\'')
+
+    def fetch_double(self):
+        self.fetch_flow_scalar(style='"')
+
+    def fetch_flow_scalar(self, style):
+
+        # A flow scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after flow scalars.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_flow_scalar(style))
+
+    def fetch_plain(self):
+
+        # A plain scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after plain scalars. But note that `scan_plain` will
+        # change this flag if the scan is finished at the beginning of the
+        # line.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR. May change `allow_simple_key`.
+        self.tokens.append(self.scan_plain())
+
+    # Checkers.
+
+    def check_directive(self):
+
+        # DIRECTIVE:        ^ '%' ...
+        # The '%' indicator is already checked.
+        if self.column == 0:
+            return True
+
+    def check_document_start(self):
+
+        # DOCUMENT-START:   ^ '---' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '---'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_document_end(self):
+
+        # DOCUMENT-END:     ^ '...' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '...'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_block_entry(self):
+
+        # BLOCK-ENTRY:      '-' (' '|'\n')
+        return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_key(self):
+
+        # KEY(flow context):    '?'
+        if self.flow_level:
+            return True
+
+        # KEY(block context):   '?' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_value(self):
+
+        # VALUE(flow context):  ':'
+        if self.flow_level:
+            return True
+
+        # VALUE(block context): ':' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_plain(self):
+
+        # A plain scalar may start with any non-space character except:
+        #   '-', '?', ':', ',', '[', ']', '{', '}',
+        #   '#', '&', '*', '!', '|', '>', '\'', '\"',
+        #   '%', '@', '`'.
+        #
+        # It may also start with
+        #   '-', '?', ':'
+        # if it is followed by a non-space character.
+        #
+        # Note that we limit the last rule to the block context (except the
+        # '-' character) because we want the flow context to be space
+        # independent.
+        ch = self.peek()
+        return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`'  \
+                or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
+                        and (ch == '-' or (not self.flow_level and ch in '?:')))
+
+    # Scanners.
+
+    def scan_to_next_token(self):
+        # We ignore spaces, line breaks and comments.
+        # If we find a line break in the block context, we set the flag
+        # `allow_simple_key` on.
+        # The byte order mark is stripped if it's the first character in the
+        # stream. We do not yet support BOM inside the stream as the
+        # specification requires. Any such mark will be considered as a part
+        # of the document.
+        #
+        # TODO: We need to make tab handling rules more sane. A good rule is
+        #   Tabs cannot precede tokens
+        #   BLOCK-SEQUENCE-START, BLOCK-MAPPING-START, BLOCK-END,
+        #   KEY(block), VALUE(block), BLOCK-ENTRY
+        # So the checking code is
+        #   if <TAB>:
+        #       self.allow_simple_keys = False
+        # We also need to add the check for `allow_simple_keys == True` to
+        # `unwind_indent` before issuing BLOCK-END.
+        # Scanners for block, flow, and plain scalars need to be modified.
+
+        if self.index == 0 and self.peek() == '\uFEFF':
+            self.forward()
+        found = False
+        while not found:
+            while self.peek() == ' ':
+                self.forward()
+            if self.peek() == '#':
+                while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                    self.forward()
+            if self.scan_line_break():
+                if not self.flow_level:
+                    self.allow_simple_key = True
+            else:
+                found = True
+
+    def scan_directive(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        self.forward()
+        name = self.scan_directive_name(start_mark)
+        value = None
+        if name == 'YAML':
+            value = self.scan_yaml_directive_value(start_mark)
+            end_mark = self.get_mark()
+        elif name == 'TAG':
+            value = self.scan_tag_directive_value(start_mark)
+            end_mark = self.get_mark()
+        else:
+            end_mark = self.get_mark()
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        self.scan_directive_ignored_line(start_mark)
+        return DirectiveToken(name, value, start_mark, end_mark)
+
+    def scan_directive_name(self, start_mark):
+        # See the specification for details.
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        return value
+
+    def scan_yaml_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        major = self.scan_yaml_directive_number(start_mark)
+        if self.peek() != '.':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or '.', but found %r" % self.peek(),
+                    self.get_mark())
+        self.forward()
+        minor = self.scan_yaml_directive_number(start_mark)
+        if self.peek() not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or ' ', but found %r" % self.peek(),
+                    self.get_mark())
+        return (major, minor)
+
+    def scan_yaml_directive_number(self, start_mark):
+        # See the specification for details.
+        ch = self.peek()
+        if not ('0' <= ch <= '9'):
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit, but found %r" % ch, self.get_mark())
+        length = 0
+        while '0' <= self.peek(length) <= '9':
+            length += 1
+        value = int(self.prefix(length))
+        self.forward(length)
+        return value
+
+    def scan_tag_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        handle = self.scan_tag_directive_handle(start_mark)
+        while self.peek() == ' ':
+            self.forward()
+        prefix = self.scan_tag_directive_prefix(start_mark)
+        return (handle, prefix)
+
+    def scan_tag_directive_handle(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_handle('directive', start_mark)
+        ch = self.peek()
+        if ch != ' ':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_tag_directive_prefix(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_uri('directive', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_directive_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a comment or a line break, but found %r"
+                        % ch, self.get_mark())
+        self.scan_line_break()
+
+    def scan_anchor(self, TokenClass):
+        # The specification does not restrict characters for anchors and
+        # aliases. This may lead to problems, for instance, the document:
+        #   [ *alias, value ]
+        # can be interpreted in two ways, as
+        #   [ "value" ]
+        # and
+        #   [ *alias , "value" ]
+        # Therefore we restrict aliases to numbers and ASCII letters.
+        start_mark = self.get_mark()
+        indicator = self.peek()
+        if indicator == '*':
+            name = 'alias'
+        else:
+            name = 'anchor'
+        self.forward()
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        end_mark = self.get_mark()
+        return TokenClass(value, start_mark, end_mark)
+
+    def scan_tag(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        ch = self.peek(1)
+        if ch == '<':
+            handle = None
+            self.forward(2)
+            suffix = self.scan_tag_uri('tag', start_mark)
+            if self.peek() != '>':
+                raise ScannerError("while parsing a tag", start_mark,
+                        "expected '>', but found %r" % self.peek(),
+                        self.get_mark())
+            self.forward()
+        elif ch in '\0 \t\r\n\x85\u2028\u2029':
+            handle = None
+            suffix = '!'
+            self.forward()
+        else:
+            length = 1
+            use_handle = False
+            while ch not in '\0 \r\n\x85\u2028\u2029':
+                if ch == '!':
+                    use_handle = True
+                    break
+                length += 1
+                ch = self.peek(length)
+            handle = '!'
+            if use_handle:
+                handle = self.scan_tag_handle('tag', start_mark)
+            else:
+                handle = '!'
+                self.forward()
+            suffix = self.scan_tag_uri('tag', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a tag", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        value = (handle, suffix)
+        end_mark = self.get_mark()
+        return TagToken(value, start_mark, end_mark)
+
+    def scan_block_scalar(self, style):
+        # See the specification for details.
+
+        if style == '>':
+            folded = True
+        else:
+            folded = False
+
+        chunks = []
+        start_mark = self.get_mark()
+
+        # Scan the header.
+        self.forward()
+        chomping, increment = self.scan_block_scalar_indicators(start_mark)
+        self.scan_block_scalar_ignored_line(start_mark)
+
+        # Determine the indentation level and go to the first non-empty line.
+        min_indent = self.indent+1
+        if min_indent < 1:
+            min_indent = 1
+        if increment is None:
+            breaks, max_indent, end_mark = self.scan_block_scalar_indentation()
+            indent = max(min_indent, max_indent)
+        else:
+            indent = min_indent+increment-1
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+        line_break = ''
+
+        # Scan the inner part of the block scalar.
+        while self.column == indent and self.peek() != '\0':
+            chunks.extend(breaks)
+            leading_non_space = self.peek() not in ' \t'
+            length = 0
+            while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
+                length += 1
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            line_break = self.scan_line_break()
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+            if self.column == indent and self.peek() != '\0':
+
+                # Unfortunately, folding rules are ambiguous.
+                #
+                # This is the folding according to the specification:
+                
+                if folded and line_break == '\n'    \
+                        and leading_non_space and self.peek() not in ' \t':
+                    if not breaks:
+                        chunks.append(' ')
+                else:
+                    chunks.append(line_break)
+                
+                # This is Clark Evans's interpretation (also in the spec
+                # examples):
+                #
+                #if folded and line_break == '\n':
+                #    if not breaks:
+                #        if self.peek() not in ' \t':
+                #            chunks.append(' ')
+                #        else:
+                #            chunks.append(line_break)
+                #else:
+                #    chunks.append(line_break)
+            else:
+                break
+
+        # Chomp the tail.
+        if chomping is not False:
+            chunks.append(line_break)
+        if chomping is True:
+            chunks.extend(breaks)
+
+        # We are done.
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    def scan_block_scalar_indicators(self, start_mark):
+        # See the specification for details.
+        chomping = None
+        increment = None
+        ch = self.peek()
+        if ch in '+-':
+            if ch == '+':
+                chomping = True
+            else:
+                chomping = False
+            self.forward()
+            ch = self.peek()
+            if ch in '0123456789':
+                increment = int(ch)
+                if increment == 0:
+                    raise ScannerError("while scanning a block scalar", start_mark,
+                            "expected indentation indicator in the range 1-9, but found 0",
+                            self.get_mark())
+                self.forward()
+        elif ch in '0123456789':
+            increment = int(ch)
+            if increment == 0:
+                raise ScannerError("while scanning a block scalar", start_mark,
+                        "expected indentation indicator in the range 1-9, but found 0",
+                        self.get_mark())
+            self.forward()
+            ch = self.peek()
+            if ch in '+-':
+                if ch == '+':
+                    chomping = True
+                else:
+                    chomping = False
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected chomping or indentation indicators, but found %r"
+                    % ch, self.get_mark())
+        return chomping, increment
+
+    def scan_block_scalar_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected a comment or a line break, but found %r" % ch,
+                    self.get_mark())
+        self.scan_line_break()
+
+    def scan_block_scalar_indentation(self):
+        # See the specification for details.
+        chunks = []
+        max_indent = 0
+        end_mark = self.get_mark()
+        while self.peek() in ' \r\n\x85\u2028\u2029':
+            if self.peek() != ' ':
+                chunks.append(self.scan_line_break())
+                end_mark = self.get_mark()
+            else:
+                self.forward()
+                if self.column > max_indent:
+                    max_indent = self.column
+        return chunks, max_indent, end_mark
+
+    def scan_block_scalar_breaks(self, indent):
+        # See the specification for details.
+        chunks = []
+        end_mark = self.get_mark()
+        while self.column < indent and self.peek() == ' ':
+            self.forward()
+        while self.peek() in '\r\n\x85\u2028\u2029':
+            chunks.append(self.scan_line_break())
+            end_mark = self.get_mark()
+            while self.column < indent and self.peek() == ' ':
+                self.forward()
+        return chunks, end_mark
+
+    def scan_flow_scalar(self, style):
+        # See the specification for details.
+        # Note that we loose indentation rules for quoted scalars. Quoted
+        # scalars don't need to adhere indentation because " and ' clearly
+        # mark the beginning and the end of them. Therefore we are less
+        # restrictive then the specification requires. We only need to check
+        # that document separators are not included in scalars.
+        if style == '"':
+            double = True
+        else:
+            double = False
+        chunks = []
+        start_mark = self.get_mark()
+        quote = self.peek()
+        self.forward()
+        chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        while self.peek() != quote:
+            chunks.extend(self.scan_flow_scalar_spaces(double, start_mark))
+            chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        self.forward()
+        end_mark = self.get_mark()
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    ESCAPE_REPLACEMENTS = {
+        '0':    '\0',
+        'a':    '\x07',
+        'b':    '\x08',
+        't':    '\x09',
+        '\t':   '\x09',
+        'n':    '\x0A',
+        'v':    '\x0B',
+        'f':    '\x0C',
+        'r':    '\x0D',
+        'e':    '\x1B',
+        ' ':    '\x20',
+        '\"':   '\"',
+        '\\':   '\\',
+        '/':    '/',
+        'N':    '\x85',
+        '_':    '\xA0',
+        'L':    '\u2028',
+        'P':    '\u2029',
+    }
+
+    ESCAPE_CODES = {
+        'x':    2,
+        'u':    4,
+        'U':    8,
+    }
+
+    def scan_flow_scalar_non_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            length = 0
+            while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
+                length += 1
+            if length:
+                chunks.append(self.prefix(length))
+                self.forward(length)
+            ch = self.peek()
+            if not double and ch == '\'' and self.peek(1) == '\'':
+                chunks.append('\'')
+                self.forward(2)
+            elif (double and ch == '\'') or (not double and ch in '\"\\'):
+                chunks.append(ch)
+                self.forward()
+            elif double and ch == '\\':
+                self.forward()
+                ch = self.peek()
+                if ch in self.ESCAPE_REPLACEMENTS:
+                    chunks.append(self.ESCAPE_REPLACEMENTS[ch])
+                    self.forward()
+                elif ch in self.ESCAPE_CODES:
+                    length = self.ESCAPE_CODES[ch]
+                    self.forward()
+                    for k in range(length):
+                        if self.peek(k) not in '0123456789ABCDEFabcdef':
+                            raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                                    "expected escape sequence of %d hexadecimal numbers, but found %r" %
+                                        (length, self.peek(k)), self.get_mark())
+                    code = int(self.prefix(length), 16)
+                    chunks.append(chr(code))
+                    self.forward(length)
+                elif ch in '\r\n\x85\u2028\u2029':
+                    self.scan_line_break()
+                    chunks.extend(self.scan_flow_scalar_breaks(double, start_mark))
+                else:
+                    raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                            "found unknown escape character %r" % ch, self.get_mark())
+            else:
+                return chunks
+
+    def scan_flow_scalar_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        length = 0
+        while self.peek(length) in ' \t':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch == '\0':
+            raise ScannerError("while scanning a quoted scalar", start_mark,
+                    "found unexpected end of stream", self.get_mark())
+        elif ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            breaks = self.scan_flow_scalar_breaks(double, start_mark)
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        else:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_flow_scalar_breaks(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            # Instead of checking indentation, we check for document
+            # separators.
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                raise ScannerError("while scanning a quoted scalar", start_mark,
+                        "found unexpected document separator", self.get_mark())
+            while self.peek() in ' \t':
+                self.forward()
+            if self.peek() in '\r\n\x85\u2028\u2029':
+                chunks.append(self.scan_line_break())
+            else:
+                return chunks
+
+    def scan_plain(self):
+        # See the specification for details.
+        # We add an additional restriction for the flow context:
+        #   plain scalars in the flow context cannot contain ',' or '?'.
+        # We also keep track of the `allow_simple_key` flag here.
+        # Indentation rules are loosed for the flow context.
+        chunks = []
+        start_mark = self.get_mark()
+        end_mark = start_mark
+        indent = self.indent+1
+        # We allow zero indentation for scalars, but then we need to check for
+        # document separators at the beginning of the line.
+        #if indent == 0:
+        #    indent = 1
+        spaces = []
+        while True:
+            length = 0
+            if self.peek() == '#':
+                break
+            while True:
+                ch = self.peek(length)
+                if ch in '\0 \t\r\n\x85\u2028\u2029'    \
+                        or (ch == ':' and
+                                self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
+                                      + (u',[]{}' if self.flow_level else u''))\
+                        or (self.flow_level and ch in ',?[]{}'):
+                    break
+                length += 1
+            if length == 0:
+                break
+            self.allow_simple_key = False
+            chunks.extend(spaces)
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            end_mark = self.get_mark()
+            spaces = self.scan_plain_spaces(indent, start_mark)
+            if not spaces or self.peek() == '#' \
+                    or (not self.flow_level and self.column < indent):
+                break
+        return ScalarToken(''.join(chunks), True, start_mark, end_mark)
+
+    def scan_plain_spaces(self, indent, start_mark):
+        # See the specification for details.
+        # The specification is really confusing about tabs in plain scalars.
+        # We just forbid them completely. Do not use tabs in YAML!
+        chunks = []
+        length = 0
+        while self.peek(length) in ' ':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            self.allow_simple_key = True
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return
+            breaks = []
+            while self.peek() in ' \r\n\x85\u2028\u2029':
+                if self.peek() == ' ':
+                    self.forward()
+                else:
+                    breaks.append(self.scan_line_break())
+                    prefix = self.prefix(3)
+                    if (prefix == '---' or prefix == '...')   \
+                            and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                        return
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        elif whitespaces:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_tag_handle(self, name, start_mark):
+        # See the specification for details.
+        # For some strange reasons, the specification does not allow '_' in
+        # tag handles. I have allowed it anyway.
+        ch = self.peek()
+        if ch != '!':
+            raise ScannerError("while scanning a %s" % name, start_mark,
+                    "expected '!', but found %r" % ch, self.get_mark())
+        length = 1
+        ch = self.peek(length)
+        if ch != ' ':
+            while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                    or ch in '-_':
+                length += 1
+                ch = self.peek(length)
+            if ch != '!':
+                self.forward(length)
+                raise ScannerError("while scanning a %s" % name, start_mark,
+                        "expected '!', but found %r" % ch, self.get_mark())
+            length += 1
+        value = self.prefix(length)
+        self.forward(length)
+        return value
+
+    def scan_tag_uri(self, name, start_mark):
+        # See the specification for details.
+        # Note: we do not check if URI is well-formed.
+        chunks = []
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-;/?:@&=+$,_.!~*\'()[]%':
+            if ch == '%':
+                chunks.append(self.prefix(length))
+                self.forward(length)
+                length = 0
+                chunks.append(self.scan_uri_escapes(name, start_mark))
+            else:
+                length += 1
+            ch = self.peek(length)
+        if length:
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            length = 0
+        if not chunks:
+            raise ScannerError("while parsing a %s" % name, start_mark,
+                    "expected URI, but found %r" % ch, self.get_mark())
+        return ''.join(chunks)
+
+    def scan_uri_escapes(self, name, start_mark):
+        # See the specification for details.
+        codes = []
+        mark = self.get_mark()
+        while self.peek() == '%':
+            self.forward()
+            for k in range(2):
+                if self.peek(k) not in '0123456789ABCDEFabcdef':
+                    raise ScannerError("while scanning a %s" % name, start_mark,
+                            "expected URI escape sequence of 2 hexadecimal numbers, but found %r"
+                            % self.peek(k), self.get_mark())
+            codes.append(int(self.prefix(2), 16))
+            self.forward(2)
+        try:
+            value = bytes(codes).decode('utf-8')
+        except UnicodeDecodeError as exc:
+            raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
+        return value
+
+    def scan_line_break(self):
+        # Transforms:
+        #   '\r\n'      :   '\n'
+        #   '\r'        :   '\n'
+        #   '\n'        :   '\n'
+        #   '\x85'      :   '\n'
+        #   '\u2028'    :   '\u2028'
+        #   '\u2029     :   '\u2029'
+        #   default     :   ''
+        ch = self.peek()
+        if ch in '\r\n\x85':
+            if self.prefix(2) == '\r\n':
+                self.forward(2)
+            else:
+                self.forward()
+            return '\n'
+        elif ch in '\u2028\u2029':
+            self.forward()
+            return ch
+        return ''
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/serializer.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/serializer.py
new file mode 100644
index 000000000..fe911e67a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/serializer.py
@@ -0,0 +1,111 @@
+
+__all__ = ['Serializer', 'SerializerError']
+
+from .error import YAMLError
+from .events import *
+from .nodes import *
+
+class SerializerError(YAMLError):
+    pass
+
+class Serializer:
+
+    ANCHOR_TEMPLATE = 'id%03d'
+
+    def __init__(self, encoding=None,
+            explicit_start=None, explicit_end=None, version=None, tags=None):
+        self.use_encoding = encoding
+        self.use_explicit_start = explicit_start
+        self.use_explicit_end = explicit_end
+        self.use_version = version
+        self.use_tags = tags
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+        self.closed = None
+
+    def open(self):
+        if self.closed is None:
+            self.emit(StreamStartEvent(encoding=self.use_encoding))
+            self.closed = False
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        else:
+            raise SerializerError("serializer is already opened")
+
+    def close(self):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif not self.closed:
+            self.emit(StreamEndEvent())
+            self.closed = True
+
+    #def __del__(self):
+    #    self.close()
+
+    def serialize(self, node):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        self.emit(DocumentStartEvent(explicit=self.use_explicit_start,
+            version=self.use_version, tags=self.use_tags))
+        self.anchor_node(node)
+        self.serialize_node(node, None, None)
+        self.emit(DocumentEndEvent(explicit=self.use_explicit_end))
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+
+    def anchor_node(self, node):
+        if node in self.anchors:
+            if self.anchors[node] is None:
+                self.anchors[node] = self.generate_anchor(node)
+        else:
+            self.anchors[node] = None
+            if isinstance(node, SequenceNode):
+                for item in node.value:
+                    self.anchor_node(item)
+            elif isinstance(node, MappingNode):
+                for key, value in node.value:
+                    self.anchor_node(key)
+                    self.anchor_node(value)
+
+    def generate_anchor(self, node):
+        self.last_anchor_id += 1
+        return self.ANCHOR_TEMPLATE % self.last_anchor_id
+
+    def serialize_node(self, node, parent, index):
+        alias = self.anchors[node]
+        if node in self.serialized_nodes:
+            self.emit(AliasEvent(alias))
+        else:
+            self.serialized_nodes[node] = True
+            self.descend_resolver(parent, index)
+            if isinstance(node, ScalarNode):
+                detected_tag = self.resolve(ScalarNode, node.value, (True, False))
+                default_tag = self.resolve(ScalarNode, node.value, (False, True))
+                implicit = (node.tag == detected_tag), (node.tag == default_tag)
+                self.emit(ScalarEvent(alias, node.tag, implicit, node.value,
+                    style=node.style))
+            elif isinstance(node, SequenceNode):
+                implicit = (node.tag
+                            == self.resolve(SequenceNode, node.value, True))
+                self.emit(SequenceStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                index = 0
+                for item in node.value:
+                    self.serialize_node(item, node, index)
+                    index += 1
+                self.emit(SequenceEndEvent())
+            elif isinstance(node, MappingNode):
+                implicit = (node.tag
+                            == self.resolve(MappingNode, node.value, True))
+                self.emit(MappingStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                for key, value in node.value:
+                    self.serialize_node(key, node, None)
+                    self.serialize_node(value, node, key)
+                self.emit(MappingEndEvent())
+            self.ascend_resolver()
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/tokens.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/tokens.py
new file mode 100644
index 000000000..4d0b48a39
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/tokens.py
@@ -0,0 +1,104 @@
+
+class Token(object):
+    def __init__(self, start_mark, end_mark):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in self.__dict__
+                if not key.endswith('_mark')]
+        attributes.sort()
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+#class BOMToken(Token):
+#    id = '<byte order mark>'
+
+class DirectiveToken(Token):
+    id = '<directive>'
+    def __init__(self, name, value, start_mark, end_mark):
+        self.name = name
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class DocumentStartToken(Token):
+    id = '<document start>'
+
+class DocumentEndToken(Token):
+    id = '<document end>'
+
+class StreamStartToken(Token):
+    id = '<stream start>'
+    def __init__(self, start_mark=None, end_mark=None,
+            encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndToken(Token):
+    id = '<stream end>'
+
+class BlockSequenceStartToken(Token):
+    id = '<block sequence start>'
+
+class BlockMappingStartToken(Token):
+    id = '<block mapping start>'
+
+class BlockEndToken(Token):
+    id = '<block end>'
+
+class FlowSequenceStartToken(Token):
+    id = '['
+
+class FlowMappingStartToken(Token):
+    id = '{'
+
+class FlowSequenceEndToken(Token):
+    id = ']'
+
+class FlowMappingEndToken(Token):
+    id = '}'
+
+class KeyToken(Token):
+    id = '?'
+
+class ValueToken(Token):
+    id = ':'
+
+class BlockEntryToken(Token):
+    id = '-'
+
+class FlowEntryToken(Token):
+    id = ','
+
+class AliasToken(Token):
+    id = '<alias>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class AnchorToken(Token):
+    id = '<anchor>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class TagToken(Token):
+    id = '<tag>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class ScalarToken(Token):
+    id = '<scalar>'
+    def __init__(self, value, plain, start_mark, end_mark, style=None):
+        self.value = value
+        self.plain = plain
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
diff --git a/lib/go-jinja2/internal/data/embed_darwin_amd64.go b/lib/go-jinja2/internal/data/embed_darwin_amd64.go
new file mode 100644
index 000000000..96a875e2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/embed_darwin_amd64.go
@@ -0,0 +1,11 @@
+
+package data
+
+import (
+	"embed"
+	"io/fs"
+)
+
+//go:embed all:darwin-amd64
+var _data embed.FS
+var Data, _ = fs.Sub(_data, "darwin-amd64")
diff --git a/lib/go-jinja2/internal/data/embed_darwin_arm64.go b/lib/go-jinja2/internal/data/embed_darwin_arm64.go
new file mode 100644
index 000000000..fc3c42772
--- /dev/null
+++ b/lib/go-jinja2/internal/data/embed_darwin_arm64.go
@@ -0,0 +1,11 @@
+
+package data
+
+import (
+	"embed"
+	"io/fs"
+)
+
+//go:embed all:darwin-arm64
+var _data embed.FS
+var Data, _ = fs.Sub(_data, "darwin-arm64")
diff --git a/lib/go-jinja2/internal/data/embed_linux_amd64.go b/lib/go-jinja2/internal/data/embed_linux_amd64.go
new file mode 100644
index 000000000..d63209415
--- /dev/null
+++ b/lib/go-jinja2/internal/data/embed_linux_amd64.go
@@ -0,0 +1,11 @@
+
+package data
+
+import (
+	"embed"
+	"io/fs"
+)
+
+//go:embed all:linux-amd64
+var _data embed.FS
+var Data, _ = fs.Sub(_data, "linux-amd64")
diff --git a/lib/go-jinja2/internal/data/embed_linux_arm64.go b/lib/go-jinja2/internal/data/embed_linux_arm64.go
new file mode 100644
index 000000000..81ff86187
--- /dev/null
+++ b/lib/go-jinja2/internal/data/embed_linux_arm64.go
@@ -0,0 +1,11 @@
+
+package data
+
+import (
+	"embed"
+	"io/fs"
+)
+
+//go:embed all:linux-arm64
+var _data embed.FS
+var Data, _ = fs.Sub(_data, "linux-arm64")
diff --git a/lib/go-jinja2/internal/data/embed_windows_amd64.go b/lib/go-jinja2/internal/data/embed_windows_amd64.go
new file mode 100644
index 000000000..f1113eaf2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/embed_windows_amd64.go
@@ -0,0 +1,11 @@
+
+package data
+
+import (
+	"embed"
+	"io/fs"
+)
+
+//go:embed all:windows-amd64
+var _data embed.FS
+var Data, _ = fs.Sub(_data, "windows-amd64")
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
new file mode 100644
index 000000000..9d227a0cc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
new file mode 100644
index 000000000..dfe37d52d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
@@ -0,0 +1,93 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 2.1.5
+Summary: Safely add untrusted strings to HTML/XML markup.
+Home-page: https://palletsprojects.com/p/markupsafe/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/markupsafe/
+Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+MarkupSafe
+==========
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    pip install -U MarkupSafe
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+Examples
+--------
+
+.. code-block:: pycon
+
+    >>> from markupsafe import Markup, escape
+
+    >>> # escape replaces special characters and wraps in Markup
+    >>> escape("<script>alert(document.cookie);</script>")
+    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+    >>> # wrap in Markup to mark text "safe" and prevent escaping
+    >>> Markup("<strong>Hello</strong>")
+    Markup('<strong>hello</strong>')
+
+    >>> escape(Markup("<strong>Hello</strong>"))
+    Markup('<strong>hello</strong>')
+
+    >>> # Markup is a str subclass
+    >>> # methods and operators escape their arguments
+    >>> template = Markup("Hello <em>{name}</em>")
+    >>> template.format(name='"World"')
+    Markup('Hello <em>&#34;World&#34;</em>')
+
+
+Donate
+------
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://markupsafe.palletsprojects.com/
+-   Changes: https://markupsafe.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/MarkupSafe/
+-   Source Code: https://github.com/pallets/markupsafe/
+-   Issue Tracker: https://github.com/pallets/markupsafe/issues/
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
new file mode 100644
index 000000000..3d3704663
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
+MarkupSafe-2.1.5.dist-info/RECORD,,
+MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-2.1.5.dist-info/WHEEL,sha256=AI1yqBLEPcVKWn5Ls2uPawjbqPXPFTYdQLSdN8WFCJw,152
+MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
+markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
+markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so,sha256=9PMBIm-zJzHm91NC-mblTC119_dIAldSQ4xFsE1_NPc,53656
+markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
new file mode 100644
index 000000000..4497ba573
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.42.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-manylinux_2_17_x86_64
+Tag: cp311-cp311-manylinux2014_x86_64
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
new file mode 100644
index 000000000..75bf72925
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
@@ -0,0 +1 @@
+markupsafe
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE
new file mode 100644
index 000000000..2f1b8e15e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ingy döt Net
+Copyright (c) 2006-2016 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA
new file mode 100644
index 000000000..c8905983e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.1
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.6
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD
new file mode 100644
index 000000000..365419bf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD
@@ -0,0 +1,44 @@
+PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
+PyYAML-6.0.1.dist-info/RECORD,,
+PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.1.dist-info/WHEEL,sha256=8KU227XctfdX2qUwyjQUO-ciQuZtmyPUCKmeGV6Byto,152
+PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+_yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
+_yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__pycache__/composer.cpython-311.pyc,,
+yaml/__pycache__/constructor.cpython-311.pyc,,
+yaml/__pycache__/cyaml.cpython-311.pyc,,
+yaml/__pycache__/dumper.cpython-311.pyc,,
+yaml/__pycache__/emitter.cpython-311.pyc,,
+yaml/__pycache__/error.cpython-311.pyc,,
+yaml/__pycache__/events.cpython-311.pyc,,
+yaml/__pycache__/loader.cpython-311.pyc,,
+yaml/__pycache__/nodes.cpython-311.pyc,,
+yaml/__pycache__/parser.cpython-311.pyc,,
+yaml/__pycache__/reader.cpython-311.pyc,,
+yaml/__pycache__/representer.cpython-311.pyc,,
+yaml/__pycache__/resolver.cpython-311.pyc,,
+yaml/__pycache__/scanner.cpython-311.pyc,,
+yaml/__pycache__/serializer.cpython-311.pyc,,
+yaml/__pycache__/tokens.cpython-311.pyc,,
+yaml/_yaml.cpython-311-x86_64-linux-gnu.so,sha256=ls52EONnCPWCytU6wojl6RE4BhAUdu8LH3XIYfgpH0k,2504120
+yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
+yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
+yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
+yaml/dumper.py,sha256=PLctZlYwZLp7XmeUdwRuv4nYOZ2UBnDIUy8-lKfLF-o,2837
+yaml/emitter.py,sha256=jghtaU7eFwg31bG0B7RZea_29Adi9CKmXq_QjgQpCkQ,43006
+yaml/error.py,sha256=Ah9z-toHJUbE9j-M8YpxgSRM5CgLCcwVzJgLLRF2Fxo,2533
+yaml/events.py,sha256=50_TksgQiE4up-lKo_V-nBy-tAIxkIPQxY5qDhKCeHw,2445
+yaml/loader.py,sha256=UVa-zIqmkFSCIYq_PgSGm4NSJttHY2Rf_zQ4_b1fHN0,2061
+yaml/nodes.py,sha256=gPKNj8pKCdh2d4gr3gIYINnPOaOxGhJAUiYhGRnPE84,1440
+yaml/parser.py,sha256=ilWp5vvgoHFGzvOZDItFoGjD6D42nhlZrZyjAwa0oJo,25495
+yaml/reader.py,sha256=0dmzirOiDG4Xo41RnuQS7K9rkY3xjHiVasfDMNTqCNw,6794
+yaml/representer.py,sha256=IuWP-cAW9sHKEnS0gCqSa894k1Bg4cgTxaDwIcbRQ-Y,14190
+yaml/resolver.py,sha256=9L-VYfm4mWHxUD1Vg4X7rjDRK_7VZd6b92wzq7Y2IKY,9004
+yaml/scanner.py,sha256=YEM3iLZSaQwXcQRg2l2R4MdT0zGP2F9eHkKGKnHyWQY,51279
+yaml/serializer.py,sha256=ChuFgmhU01hj4xgI8GaKv6vfM2Bujwa9i7d2FAHj7cA,4165
+yaml/tokens.py,sha256=lTQIzSVw8Mg9wv459-TjiOQe6wVziqaRlqX2_89rp54,2573
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL
new file mode 100644
index 000000000..3bed0cbcf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.40.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-manylinux_2_17_x86_64
+Tag: cp311-cp311-manylinux2014_x86_64
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt
new file mode 100644
index 000000000..e6475e911
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt
@@ -0,0 +1,2 @@
+_yaml
+yaml
diff --git a/lib/go-jinja2/internal/data/linux-amd64/_yaml/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/_yaml/__init__.py
new file mode 100644
index 000000000..7baa8c4b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/_yaml/__init__.py
@@ -0,0 +1,33 @@
+# This is a stub package designed to roughly emulate the _yaml
+# extension module, which previously existed as a standalone module
+# and has been moved into the `yaml` package namespace.
+# It does not perfectly mimic its old counterpart, but should get
+# close enough for anyone who's relying on it even when they shouldn't.
+import yaml
+
+# in some circumstances, the yaml module we imoprted may be from a different version, so we need
+# to tread carefully when poking at it here (it may not have the attributes we expect)
+if not getattr(yaml, '__with_libyaml__', False):
+    from sys import version_info
+
+    exc = ModuleNotFoundError if version_info >= (3, 6) else ImportError
+    raise exc("No module named '_yaml'")
+else:
+    from yaml._yaml import *
+    import warnings
+    warnings.warn(
+        'The _yaml extension module is now located at yaml._yaml'
+        ' and its location is subject to change.  To use the'
+        ' LibYAML-based parser and emitter, import from `yaml`:'
+        ' `from yaml import CLoader as Loader, CDumper as Dumper`.',
+        DeprecationWarning
+    )
+    del warnings
+    # Don't `del yaml` here because yaml is actually an existing
+    # namespace member of _yaml.
+
+__name__ = '_yaml'
+# If the module is top-level (i.e. not a part of any specific package)
+# then the attribute should be set to ''.
+# https://docs.python.org/3.8/library/types.html
+__package__ = ''
diff --git a/lib/go-jinja2/internal/data/linux-amd64/bin/jsonpath_ng b/lib/go-jinja2/internal/data/linux-amd64/bin/jsonpath_ng
new file mode 100644
index 000000000..361c5d5dc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/bin/jsonpath_ng
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-linux-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from jsonpath_ng.bin.jsonpath import entry_point
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(entry_point())
diff --git a/lib/go-jinja2/internal/data/linux-amd64/bin/slugify b/lib/go-jinja2/internal/data/linux-amd64/bin/slugify
new file mode 100644
index 000000000..cdfcebad4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/bin/slugify
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-linux-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from slugify.__main__ import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/LICENSE.rst
new file mode 100644
index 000000000..d12a84918
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2014 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/METADATA
new file mode 100644
index 000000000..7a6bbb24b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/METADATA
@@ -0,0 +1,103 @@
+Metadata-Version: 2.1
+Name: click
+Version: 8.1.7
+Summary: Composable command line interface toolkit
+Home-page: https://palletsprojects.com/p/click/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://click.palletsprojects.com/
+Project-URL: Changes, https://click.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/click/
+Project-URL: Issue Tracker, https://github.com/pallets/click/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+Requires-Dist: colorama ; platform_system == "Windows"
+Requires-Dist: importlib-metadata ; python_version < "3.8"
+
+\$ click\_
+==========
+
+Click is a Python package for creating beautiful command line interfaces
+in a composable way with as little code as necessary. It's the "Command
+Line Interface Creation Kit". It's highly configurable but comes with
+sensible defaults out of the box.
+
+It aims to make the process of writing command line tools quick and fun
+while also preventing any frustration caused by the inability to
+implement an intended CLI API.
+
+Click in three points:
+
+-   Arbitrary nesting of commands
+-   Automatic help page generation
+-   Supports lazy loading of subcommands at runtime
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    $ pip install -U click
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+.. code-block:: python
+
+    import click
+
+    @click.command()
+    @click.option("--count", default=1, help="Number of greetings.")
+    @click.option("--name", prompt="Your name", help="The person to greet.")
+    def hello(count, name):
+        """Simple program that greets NAME for a total of COUNT times."""
+        for _ in range(count):
+            click.echo(f"Hello, {name}!")
+
+    if __name__ == '__main__':
+        hello()
+
+.. code-block:: text
+
+    $ python hello.py --count=3
+    Your name: Click
+    Hello, Click!
+    Hello, Click!
+    Hello, Click!
+
+
+Donate
+------
+
+The Pallets organization develops and supports Click and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, `please
+donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://click.palletsprojects.com/
+-   Changes: https://click.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/click/
+-   Source Code: https://github.com/pallets/click
+-   Issue Tracker: https://github.com/pallets/click/issues
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/RECORD
new file mode 100644
index 000000000..dcffbf004
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/RECORD
@@ -0,0 +1,40 @@
+click-8.1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+click-8.1.7.dist-info/LICENSE.rst,sha256=morRBqOU6FO_4h9C9OctWSgZoigF2ZG18ydQKSkrZY0,1475
+click-8.1.7.dist-info/METADATA,sha256=qIMevCxGA9yEmJOM_4WHuUJCwWpsIEVbCPOhs45YPN4,3014
+click-8.1.7.dist-info/RECORD,,
+click-8.1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click-8.1.7.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+click-8.1.7.dist-info/top_level.txt,sha256=J1ZQogalYS4pphY_lPECoNMfw0HzTSrZglC4Yfwo4xA,6
+click/__init__.py,sha256=YDDbjm406dTOA0V8bTtdGnhN7zj5j-_dFRewZF_pLvw,3138
+click/__pycache__/__init__.cpython-311.pyc,,
+click/__pycache__/_compat.cpython-311.pyc,,
+click/__pycache__/_termui_impl.cpython-311.pyc,,
+click/__pycache__/_textwrap.cpython-311.pyc,,
+click/__pycache__/_winconsole.cpython-311.pyc,,
+click/__pycache__/core.cpython-311.pyc,,
+click/__pycache__/decorators.cpython-311.pyc,,
+click/__pycache__/exceptions.cpython-311.pyc,,
+click/__pycache__/formatting.cpython-311.pyc,,
+click/__pycache__/globals.cpython-311.pyc,,
+click/__pycache__/parser.cpython-311.pyc,,
+click/__pycache__/shell_completion.cpython-311.pyc,,
+click/__pycache__/termui.cpython-311.pyc,,
+click/__pycache__/testing.cpython-311.pyc,,
+click/__pycache__/types.cpython-311.pyc,,
+click/__pycache__/utils.cpython-311.pyc,,
+click/_compat.py,sha256=5318agQpbt4kroKsbqDOYpTSWzL_YCZVUQiTT04yXmc,18744
+click/_termui_impl.py,sha256=3dFYv4445Nw-rFvZOTBMBPYwB1bxnmNk9Du6Dm_oBSU,24069
+click/_textwrap.py,sha256=10fQ64OcBUMuK7mFvh8363_uoOxPlRItZBmKzRJDgoY,1353
+click/_winconsole.py,sha256=5ju3jQkcZD0W27WEMGqmEP4y_crUVzPCqsX_FYb7BO0,7860
+click/core.py,sha256=j6oEWtGgGna8JarD6WxhXmNnxLnfRjwXglbBc-8jr7U,114086
+click/decorators.py,sha256=-ZlbGYgV-oI8jr_oH4RpuL1PFS-5QmeuEAsLDAYgxtw,18719
+click/exceptions.py,sha256=fyROO-47HWFDjt2qupo7A3J32VlpM-ovJnfowu92K3s,9273
+click/formatting.py,sha256=Frf0-5W33-loyY_i9qrwXR8-STnW3m5gvyxLVUdyxyk,9706
+click/globals.py,sha256=TP-qM88STzc7f127h35TD_v920FgfOD2EwzqA0oE8XU,1961
+click/parser.py,sha256=LKyYQE9ZLj5KgIDXkrcTHQRXIggfoivX14_UVIn56YA,19067
+click/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click/shell_completion.py,sha256=Ty3VM_ts0sQhj6u7eFTiLwHPoTgcXTGEAUg2OpLqYKw,18460
+click/termui.py,sha256=H7Q8FpmPelhJ2ovOhfCRhjMtCpNyjFXryAMLZODqsdc,28324
+click/testing.py,sha256=1Qd4kS5bucn1hsNIRryd0WtTMuCpkA93grkWxT8POsU,16084
+click/types.py,sha256=TZvz3hKvBztf-Hpa2enOmP4eznSPLzijjig5b_0XMxE,36391
+click/utils.py,sha256=1476UduUNY6UePGU4m18uzVHLt1sKM2PP3yWsQhbItM,20298
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/WHEEL
new file mode 100644
index 000000000..2c08da084
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/top_level.txt
new file mode 100644
index 000000000..dca9a9096
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click-8.1.7.dist-info/top_level.txt
@@ -0,0 +1 @@
+click
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/click/__init__.py
new file mode 100644
index 000000000..9a1dab048
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/__init__.py
@@ -0,0 +1,73 @@
+"""
+Click is a simple Python module inspired by the stdlib optparse to make
+writing command line scripts fun. Unlike other modules, it's based
+around a simple API that does not come with too much magic and is
+composable.
+"""
+from .core import Argument as Argument
+from .core import BaseCommand as BaseCommand
+from .core import Command as Command
+from .core import CommandCollection as CommandCollection
+from .core import Context as Context
+from .core import Group as Group
+from .core import MultiCommand as MultiCommand
+from .core import Option as Option
+from .core import Parameter as Parameter
+from .decorators import argument as argument
+from .decorators import command as command
+from .decorators import confirmation_option as confirmation_option
+from .decorators import group as group
+from .decorators import help_option as help_option
+from .decorators import make_pass_decorator as make_pass_decorator
+from .decorators import option as option
+from .decorators import pass_context as pass_context
+from .decorators import pass_obj as pass_obj
+from .decorators import password_option as password_option
+from .decorators import version_option as version_option
+from .exceptions import Abort as Abort
+from .exceptions import BadArgumentUsage as BadArgumentUsage
+from .exceptions import BadOptionUsage as BadOptionUsage
+from .exceptions import BadParameter as BadParameter
+from .exceptions import ClickException as ClickException
+from .exceptions import FileError as FileError
+from .exceptions import MissingParameter as MissingParameter
+from .exceptions import NoSuchOption as NoSuchOption
+from .exceptions import UsageError as UsageError
+from .formatting import HelpFormatter as HelpFormatter
+from .formatting import wrap_text as wrap_text
+from .globals import get_current_context as get_current_context
+from .parser import OptionParser as OptionParser
+from .termui import clear as clear
+from .termui import confirm as confirm
+from .termui import echo_via_pager as echo_via_pager
+from .termui import edit as edit
+from .termui import getchar as getchar
+from .termui import launch as launch
+from .termui import pause as pause
+from .termui import progressbar as progressbar
+from .termui import prompt as prompt
+from .termui import secho as secho
+from .termui import style as style
+from .termui import unstyle as unstyle
+from .types import BOOL as BOOL
+from .types import Choice as Choice
+from .types import DateTime as DateTime
+from .types import File as File
+from .types import FLOAT as FLOAT
+from .types import FloatRange as FloatRange
+from .types import INT as INT
+from .types import IntRange as IntRange
+from .types import ParamType as ParamType
+from .types import Path as Path
+from .types import STRING as STRING
+from .types import Tuple as Tuple
+from .types import UNPROCESSED as UNPROCESSED
+from .types import UUID as UUID
+from .utils import echo as echo
+from .utils import format_filename as format_filename
+from .utils import get_app_dir as get_app_dir
+from .utils import get_binary_stream as get_binary_stream
+from .utils import get_text_stream as get_text_stream
+from .utils import open_file as open_file
+
+__version__ = "8.1.7"
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/_compat.py b/lib/go-jinja2/internal/data/linux-amd64/click/_compat.py
new file mode 100644
index 000000000..23f886659
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/_compat.py
@@ -0,0 +1,623 @@
+import codecs
+import io
+import os
+import re
+import sys
+import typing as t
+from weakref import WeakKeyDictionary
+
+CYGWIN = sys.platform.startswith("cygwin")
+WIN = sys.platform.startswith("win")
+auto_wrap_for_ansi: t.Optional[t.Callable[[t.TextIO], t.TextIO]] = None
+_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
+
+
+def _make_text_stream(
+    stream: t.BinaryIO,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if encoding is None:
+        encoding = get_best_encoding(stream)
+    if errors is None:
+        errors = "replace"
+    return _NonClosingTextIOWrapper(
+        stream,
+        encoding,
+        errors,
+        line_buffering=True,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def is_ascii_encoding(encoding: str) -> bool:
+    """Checks if a given encoding is ascii."""
+    try:
+        return codecs.lookup(encoding).name == "ascii"
+    except LookupError:
+        return False
+
+
+def get_best_encoding(stream: t.IO[t.Any]) -> str:
+    """Returns the default stream encoding if not found."""
+    rv = getattr(stream, "encoding", None) or sys.getdefaultencoding()
+    if is_ascii_encoding(rv):
+        return "utf-8"
+    return rv
+
+
+class _NonClosingTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        encoding: t.Optional[str],
+        errors: t.Optional[str],
+        force_readable: bool = False,
+        force_writable: bool = False,
+        **extra: t.Any,
+    ) -> None:
+        self._stream = stream = t.cast(
+            t.BinaryIO, _FixupStream(stream, force_readable, force_writable)
+        )
+        super().__init__(stream, encoding, errors, **extra)
+
+    def __del__(self) -> None:
+        try:
+            self.detach()
+        except Exception:
+            pass
+
+    def isatty(self) -> bool:
+        # https://bitbucket.org/pypy/pypy/issue/1803
+        return self._stream.isatty()
+
+
+class _FixupStream:
+    """The new io interface needs more from streams than streams
+    traditionally implement.  As such, this fix-up code is necessary in
+    some circumstances.
+
+    The forcing of readable and writable flags are there because some tools
+    put badly patched objects on sys (one such offender are certain version
+    of jupyter notebook).
+    """
+
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        force_readable: bool = False,
+        force_writable: bool = False,
+    ):
+        self._stream = stream
+        self._force_readable = force_readable
+        self._force_writable = force_writable
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._stream, name)
+
+    def read1(self, size: int) -> bytes:
+        f = getattr(self._stream, "read1", None)
+
+        if f is not None:
+            return t.cast(bytes, f(size))
+
+        return self._stream.read(size)
+
+    def readable(self) -> bool:
+        if self._force_readable:
+            return True
+        x = getattr(self._stream, "readable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.read(0)
+        except Exception:
+            return False
+        return True
+
+    def writable(self) -> bool:
+        if self._force_writable:
+            return True
+        x = getattr(self._stream, "writable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.write("")  # type: ignore
+        except Exception:
+            try:
+                self._stream.write(b"")
+            except Exception:
+                return False
+        return True
+
+    def seekable(self) -> bool:
+        x = getattr(self._stream, "seekable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.seek(self._stream.tell())
+        except Exception:
+            return False
+        return True
+
+
+def _is_binary_reader(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        return isinstance(stream.read(0), bytes)
+    except Exception:
+        return default
+        # This happens in some cases where the stream was already
+        # closed.  In this case, we assume the default.
+
+
+def _is_binary_writer(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        stream.write(b"")
+    except Exception:
+        try:
+            stream.write("")
+            return False
+        except Exception:
+            pass
+        return default
+    return True
+
+
+def _find_binary_reader(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_reader(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_reader(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _find_binary_writer(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_writer(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_writer(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _stream_is_misconfigured(stream: t.TextIO) -> bool:
+    """A stream is misconfigured if its encoding is ASCII."""
+    # If the stream does not have an encoding set, we assume it's set
+    # to ASCII.  This appears to happen in certain unittest
+    # environments.  It's not quite clear what the correct behavior is
+    # but this at least will force Click to recover somehow.
+    return is_ascii_encoding(getattr(stream, "encoding", None) or "ascii")
+
+
+def _is_compat_stream_attr(stream: t.TextIO, attr: str, value: t.Optional[str]) -> bool:
+    """A stream attribute is compatible if it is equal to the
+    desired value or the desired value is unset and the attribute
+    has a value.
+    """
+    stream_value = getattr(stream, attr, None)
+    return stream_value == value or (value is None and stream_value is not None)
+
+
+def _is_compatible_text_stream(
+    stream: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> bool:
+    """Check if a stream's encoding and errors attributes are
+    compatible with the desired values.
+    """
+    return _is_compat_stream_attr(
+        stream, "encoding", encoding
+    ) and _is_compat_stream_attr(stream, "errors", errors)
+
+
+def _force_correct_text_stream(
+    text_stream: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    is_binary: t.Callable[[t.IO[t.Any], bool], bool],
+    find_binary: t.Callable[[t.IO[t.Any]], t.Optional[t.BinaryIO]],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if is_binary(text_stream, False):
+        binary_reader = t.cast(t.BinaryIO, text_stream)
+    else:
+        text_stream = t.cast(t.TextIO, text_stream)
+        # If the stream looks compatible, and won't default to a
+        # misconfigured ascii encoding, return it as-is.
+        if _is_compatible_text_stream(text_stream, encoding, errors) and not (
+            encoding is None and _stream_is_misconfigured(text_stream)
+        ):
+            return text_stream
+
+        # Otherwise, get the underlying binary reader.
+        possible_binary_reader = find_binary(text_stream)
+
+        # If that's not possible, silently use the original reader
+        # and get mojibake instead of exceptions.
+        if possible_binary_reader is None:
+            return text_stream
+
+        binary_reader = possible_binary_reader
+
+    # Default errors to replace instead of strict in order to get
+    # something that works.
+    if errors is None:
+        errors = "replace"
+
+    # Wrap the binary stream in a text stream with the correct
+    # encoding parameters.
+    return _make_text_stream(
+        binary_reader,
+        encoding,
+        errors,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def _force_correct_text_reader(
+    text_reader: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_reader,
+        encoding,
+        errors,
+        _is_binary_reader,
+        _find_binary_reader,
+        force_readable=force_readable,
+    )
+
+
+def _force_correct_text_writer(
+    text_writer: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_writable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_writer,
+        encoding,
+        errors,
+        _is_binary_writer,
+        _find_binary_writer,
+        force_writable=force_writable,
+    )
+
+
+def get_binary_stdin() -> t.BinaryIO:
+    reader = _find_binary_reader(sys.stdin)
+    if reader is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdin.")
+    return reader
+
+
+def get_binary_stdout() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stdout)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdout.")
+    return writer
+
+
+def get_binary_stderr() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stderr)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stderr.")
+    return writer
+
+
+def get_text_stdin(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdin, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_reader(sys.stdin, encoding, errors, force_readable=True)
+
+
+def get_text_stdout(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdout, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stdout, encoding, errors, force_writable=True)
+
+
+def get_text_stderr(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stderr, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stderr, encoding, errors, force_writable=True)
+
+
+def _wrap_io_open(
+    file: t.Union[str, "os.PathLike[str]", int],
+    mode: str,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+) -> t.IO[t.Any]:
+    """Handles not passing ``encoding`` and ``errors`` in binary mode."""
+    if "b" in mode:
+        return open(file, mode)
+
+    return open(file, mode, encoding=encoding, errors=errors)
+
+
+def open_stream(
+    filename: "t.Union[str, os.PathLike[str]]",
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    atomic: bool = False,
+) -> t.Tuple[t.IO[t.Any], bool]:
+    binary = "b" in mode
+    filename = os.fspath(filename)
+
+    # Standard streams first. These are simple because they ignore the
+    # atomic flag. Use fsdecode to handle Path("-").
+    if os.fsdecode(filename) == "-":
+        if any(m in mode for m in ["w", "a", "x"]):
+            if binary:
+                return get_binary_stdout(), False
+            return get_text_stdout(encoding=encoding, errors=errors), False
+        if binary:
+            return get_binary_stdin(), False
+        return get_text_stdin(encoding=encoding, errors=errors), False
+
+    # Non-atomic writes directly go out through the regular open functions.
+    if not atomic:
+        return _wrap_io_open(filename, mode, encoding, errors), True
+
+    # Some usability stuff for atomic writes
+    if "a" in mode:
+        raise ValueError(
+            "Appending to an existing file is not supported, because that"
+            " would involve an expensive `copy`-operation to a temporary"
+            " file. Open the file in normal `w`-mode and copy explicitly"
+            " if that's what you're after."
+        )
+    if "x" in mode:
+        raise ValueError("Use the `overwrite`-parameter instead.")
+    if "w" not in mode:
+        raise ValueError("Atomic writes only make sense with `w`-mode.")
+
+    # Atomic writes are more complicated.  They work by opening a file
+    # as a proxy in the same folder and then using the fdopen
+    # functionality to wrap it in a Python file.  Then we wrap it in an
+    # atomic file that moves the file over on close.
+    import errno
+    import random
+
+    try:
+        perm: t.Optional[int] = os.stat(filename).st_mode
+    except OSError:
+        perm = None
+
+    flags = os.O_RDWR | os.O_CREAT | os.O_EXCL
+
+    if binary:
+        flags |= getattr(os, "O_BINARY", 0)
+
+    while True:
+        tmp_filename = os.path.join(
+            os.path.dirname(filename),
+            f".__atomic-write{random.randrange(1 << 32):08x}",
+        )
+        try:
+            fd = os.open(tmp_filename, flags, 0o666 if perm is None else perm)
+            break
+        except OSError as e:
+            if e.errno == errno.EEXIST or (
+                os.name == "nt"
+                and e.errno == errno.EACCES
+                and os.path.isdir(e.filename)
+                and os.access(e.filename, os.W_OK)
+            ):
+                continue
+            raise
+
+    if perm is not None:
+        os.chmod(tmp_filename, perm)  # in case perm includes bits in umask
+
+    f = _wrap_io_open(fd, mode, encoding, errors)
+    af = _AtomicFile(f, tmp_filename, os.path.realpath(filename))
+    return t.cast(t.IO[t.Any], af), True
+
+
+class _AtomicFile:
+    def __init__(self, f: t.IO[t.Any], tmp_filename: str, real_filename: str) -> None:
+        self._f = f
+        self._tmp_filename = tmp_filename
+        self._real_filename = real_filename
+        self.closed = False
+
+    @property
+    def name(self) -> str:
+        return self._real_filename
+
+    def close(self, delete: bool = False) -> None:
+        if self.closed:
+            return
+        self._f.close()
+        os.replace(self._tmp_filename, self._real_filename)
+        self.closed = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._f, name)
+
+    def __enter__(self) -> "_AtomicFile":
+        return self
+
+    def __exit__(self, exc_type: t.Optional[t.Type[BaseException]], *_: t.Any) -> None:
+        self.close(delete=exc_type is not None)
+
+    def __repr__(self) -> str:
+        return repr(self._f)
+
+
+def strip_ansi(value: str) -> str:
+    return _ansi_re.sub("", value)
+
+
+def _is_jupyter_kernel_output(stream: t.IO[t.Any]) -> bool:
+    while isinstance(stream, (_FixupStream, _NonClosingTextIOWrapper)):
+        stream = stream._stream
+
+    return stream.__class__.__module__.startswith("ipykernel.")
+
+
+def should_strip_ansi(
+    stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+) -> bool:
+    if color is None:
+        if stream is None:
+            stream = sys.stdin
+        return not isatty(stream) and not _is_jupyter_kernel_output(stream)
+    return not color
+
+
+# On Windows, wrap the output streams with colorama to support ANSI
+# color codes.
+# NOTE: double check is needed so mypy does not analyze this on Linux
+if sys.platform.startswith("win") and WIN:
+    from ._winconsole import _get_windows_console_stream
+
+    def _get_argv_encoding() -> str:
+        import locale
+
+        return locale.getpreferredencoding()
+
+    _ansi_stream_wrappers: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def auto_wrap_for_ansi(  # noqa: F811
+        stream: t.TextIO, color: t.Optional[bool] = None
+    ) -> t.TextIO:
+        """Support ANSI color and style codes on Windows by wrapping a
+        stream with colorama.
+        """
+        try:
+            cached = _ansi_stream_wrappers.get(stream)
+        except Exception:
+            cached = None
+
+        if cached is not None:
+            return cached
+
+        import colorama
+
+        strip = should_strip_ansi(stream, color)
+        ansi_wrapper = colorama.AnsiToWin32(stream, strip=strip)
+        rv = t.cast(t.TextIO, ansi_wrapper.stream)
+        _write = rv.write
+
+        def _safe_write(s):
+            try:
+                return _write(s)
+            except BaseException:
+                ansi_wrapper.reset_all()
+                raise
+
+        rv.write = _safe_write
+
+        try:
+            _ansi_stream_wrappers[stream] = rv
+        except Exception:
+            pass
+
+        return rv
+
+else:
+
+    def _get_argv_encoding() -> str:
+        return getattr(sys.stdin, "encoding", None) or sys.getfilesystemencoding()
+
+    def _get_windows_console_stream(
+        f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+    ) -> t.Optional[t.TextIO]:
+        return None
+
+
+def term_len(x: str) -> int:
+    return len(strip_ansi(x))
+
+
+def isatty(stream: t.IO[t.Any]) -> bool:
+    try:
+        return stream.isatty()
+    except Exception:
+        return False
+
+
+def _make_cached_stream_func(
+    src_func: t.Callable[[], t.Optional[t.TextIO]],
+    wrapper_func: t.Callable[[], t.TextIO],
+) -> t.Callable[[], t.Optional[t.TextIO]]:
+    cache: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def func() -> t.Optional[t.TextIO]:
+        stream = src_func()
+
+        if stream is None:
+            return None
+
+        try:
+            rv = cache.get(stream)
+        except Exception:
+            rv = None
+        if rv is not None:
+            return rv
+        rv = wrapper_func()
+        try:
+            cache[stream] = rv
+        except Exception:
+            pass
+        return rv
+
+    return func
+
+
+_default_text_stdin = _make_cached_stream_func(lambda: sys.stdin, get_text_stdin)
+_default_text_stdout = _make_cached_stream_func(lambda: sys.stdout, get_text_stdout)
+_default_text_stderr = _make_cached_stream_func(lambda: sys.stderr, get_text_stderr)
+
+
+binary_streams: t.Mapping[str, t.Callable[[], t.BinaryIO]] = {
+    "stdin": get_binary_stdin,
+    "stdout": get_binary_stdout,
+    "stderr": get_binary_stderr,
+}
+
+text_streams: t.Mapping[
+    str, t.Callable[[t.Optional[str], t.Optional[str]], t.TextIO]
+] = {
+    "stdin": get_text_stdin,
+    "stdout": get_text_stdout,
+    "stderr": get_text_stderr,
+}
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/_termui_impl.py b/lib/go-jinja2/internal/data/linux-amd64/click/_termui_impl.py
new file mode 100644
index 000000000..f74465775
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/_termui_impl.py
@@ -0,0 +1,739 @@
+"""
+This module contains implementations for the termui module. To keep the
+import time of Click down, some infrequently used functionality is
+placed in this module and only imported as needed.
+"""
+import contextlib
+import math
+import os
+import sys
+import time
+import typing as t
+from gettext import gettext as _
+from io import StringIO
+from types import TracebackType
+
+from ._compat import _default_text_stdout
+from ._compat import CYGWIN
+from ._compat import get_best_encoding
+from ._compat import isatty
+from ._compat import open_stream
+from ._compat import strip_ansi
+from ._compat import term_len
+from ._compat import WIN
+from .exceptions import ClickException
+from .utils import echo
+
+V = t.TypeVar("V")
+
+if os.name == "nt":
+    BEFORE_BAR = "\r"
+    AFTER_BAR = "\n"
+else:
+    BEFORE_BAR = "\r\033[?25l"
+    AFTER_BAR = "\033[?25h\n"
+
+
+class ProgressBar(t.Generic[V]):
+    def __init__(
+        self,
+        iterable: t.Optional[t.Iterable[V]],
+        length: t.Optional[int] = None,
+        fill_char: str = "#",
+        empty_char: str = " ",
+        bar_template: str = "%(bar)s",
+        info_sep: str = "  ",
+        show_eta: bool = True,
+        show_percent: t.Optional[bool] = None,
+        show_pos: bool = False,
+        item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+        label: t.Optional[str] = None,
+        file: t.Optional[t.TextIO] = None,
+        color: t.Optional[bool] = None,
+        update_min_steps: int = 1,
+        width: int = 30,
+    ) -> None:
+        self.fill_char = fill_char
+        self.empty_char = empty_char
+        self.bar_template = bar_template
+        self.info_sep = info_sep
+        self.show_eta = show_eta
+        self.show_percent = show_percent
+        self.show_pos = show_pos
+        self.item_show_func = item_show_func
+        self.label: str = label or ""
+
+        if file is None:
+            file = _default_text_stdout()
+
+            # There are no standard streams attached to write to. For example,
+            # pythonw on Windows.
+            if file is None:
+                file = StringIO()
+
+        self.file = file
+        self.color = color
+        self.update_min_steps = update_min_steps
+        self._completed_intervals = 0
+        self.width: int = width
+        self.autowidth: bool = width == 0
+
+        if length is None:
+            from operator import length_hint
+
+            length = length_hint(iterable, -1)
+
+            if length == -1:
+                length = None
+        if iterable is None:
+            if length is None:
+                raise TypeError("iterable or length is required")
+            iterable = t.cast(t.Iterable[V], range(length))
+        self.iter: t.Iterable[V] = iter(iterable)
+        self.length = length
+        self.pos = 0
+        self.avg: t.List[float] = []
+        self.last_eta: float
+        self.start: float
+        self.start = self.last_eta = time.time()
+        self.eta_known: bool = False
+        self.finished: bool = False
+        self.max_width: t.Optional[int] = None
+        self.entered: bool = False
+        self.current_item: t.Optional[V] = None
+        self.is_hidden: bool = not isatty(self.file)
+        self._last_line: t.Optional[str] = None
+
+    def __enter__(self) -> "ProgressBar[V]":
+        self.entered = True
+        self.render_progress()
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.render_finish()
+
+    def __iter__(self) -> t.Iterator[V]:
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+        self.render_progress()
+        return self.generator()
+
+    def __next__(self) -> V:
+        # Iteration is defined in terms of a generator function,
+        # returned by iter(self); use that to define next(). This works
+        # because `self.iter` is an iterable consumed by that generator,
+        # so it is re-entry safe. Calling `next(self.generator())`
+        # twice works and does "what you want".
+        return next(iter(self))
+
+    def render_finish(self) -> None:
+        if self.is_hidden:
+            return
+        self.file.write(AFTER_BAR)
+        self.file.flush()
+
+    @property
+    def pct(self) -> float:
+        if self.finished:
+            return 1.0
+        return min(self.pos / (float(self.length or 1) or 1), 1.0)
+
+    @property
+    def time_per_iteration(self) -> float:
+        if not self.avg:
+            return 0.0
+        return sum(self.avg) / float(len(self.avg))
+
+    @property
+    def eta(self) -> float:
+        if self.length is not None and not self.finished:
+            return self.time_per_iteration * (self.length - self.pos)
+        return 0.0
+
+    def format_eta(self) -> str:
+        if self.eta_known:
+            t = int(self.eta)
+            seconds = t % 60
+            t //= 60
+            minutes = t % 60
+            t //= 60
+            hours = t % 24
+            t //= 24
+            if t > 0:
+                return f"{t}d {hours:02}:{minutes:02}:{seconds:02}"
+            else:
+                return f"{hours:02}:{minutes:02}:{seconds:02}"
+        return ""
+
+    def format_pos(self) -> str:
+        pos = str(self.pos)
+        if self.length is not None:
+            pos += f"/{self.length}"
+        return pos
+
+    def format_pct(self) -> str:
+        return f"{int(self.pct * 100): 4}%"[1:]
+
+    def format_bar(self) -> str:
+        if self.length is not None:
+            bar_length = int(self.pct * self.width)
+            bar = self.fill_char * bar_length
+            bar += self.empty_char * (self.width - bar_length)
+        elif self.finished:
+            bar = self.fill_char * self.width
+        else:
+            chars = list(self.empty_char * (self.width or 1))
+            if self.time_per_iteration != 0:
+                chars[
+                    int(
+                        (math.cos(self.pos * self.time_per_iteration) / 2.0 + 0.5)
+                        * self.width
+                    )
+                ] = self.fill_char
+            bar = "".join(chars)
+        return bar
+
+    def format_progress_line(self) -> str:
+        show_percent = self.show_percent
+
+        info_bits = []
+        if self.length is not None and show_percent is None:
+            show_percent = not self.show_pos
+
+        if self.show_pos:
+            info_bits.append(self.format_pos())
+        if show_percent:
+            info_bits.append(self.format_pct())
+        if self.show_eta and self.eta_known and not self.finished:
+            info_bits.append(self.format_eta())
+        if self.item_show_func is not None:
+            item_info = self.item_show_func(self.current_item)
+            if item_info is not None:
+                info_bits.append(item_info)
+
+        return (
+            self.bar_template
+            % {
+                "label": self.label,
+                "bar": self.format_bar(),
+                "info": self.info_sep.join(info_bits),
+            }
+        ).rstrip()
+
+    def render_progress(self) -> None:
+        import shutil
+
+        if self.is_hidden:
+            # Only output the label as it changes if the output is not a
+            # TTY. Use file=stderr if you expect to be piping stdout.
+            if self._last_line != self.label:
+                self._last_line = self.label
+                echo(self.label, file=self.file, color=self.color)
+
+            return
+
+        buf = []
+        # Update width in case the terminal has been resized
+        if self.autowidth:
+            old_width = self.width
+            self.width = 0
+            clutter_length = term_len(self.format_progress_line())
+            new_width = max(0, shutil.get_terminal_size().columns - clutter_length)
+            if new_width < old_width:
+                buf.append(BEFORE_BAR)
+                buf.append(" " * self.max_width)  # type: ignore
+                self.max_width = new_width
+            self.width = new_width
+
+        clear_width = self.width
+        if self.max_width is not None:
+            clear_width = self.max_width
+
+        buf.append(BEFORE_BAR)
+        line = self.format_progress_line()
+        line_len = term_len(line)
+        if self.max_width is None or self.max_width < line_len:
+            self.max_width = line_len
+
+        buf.append(line)
+        buf.append(" " * (clear_width - line_len))
+        line = "".join(buf)
+        # Render the line only if it changed.
+
+        if line != self._last_line:
+            self._last_line = line
+            echo(line, file=self.file, color=self.color, nl=False)
+            self.file.flush()
+
+    def make_step(self, n_steps: int) -> None:
+        self.pos += n_steps
+        if self.length is not None and self.pos >= self.length:
+            self.finished = True
+
+        if (time.time() - self.last_eta) < 1.0:
+            return
+
+        self.last_eta = time.time()
+
+        # self.avg is a rolling list of length <= 7 of steps where steps are
+        # defined as time elapsed divided by the total progress through
+        # self.length.
+        if self.pos:
+            step = (time.time() - self.start) / self.pos
+        else:
+            step = time.time() - self.start
+
+        self.avg = self.avg[-6:] + [step]
+
+        self.eta_known = self.length is not None
+
+    def update(self, n_steps: int, current_item: t.Optional[V] = None) -> None:
+        """Update the progress bar by advancing a specified number of
+        steps, and optionally set the ``current_item`` for this new
+        position.
+
+        :param n_steps: Number of steps to advance.
+        :param current_item: Optional item to set as ``current_item``
+            for the updated position.
+
+        .. versionchanged:: 8.0
+            Added the ``current_item`` optional parameter.
+
+        .. versionchanged:: 8.0
+            Only render when the number of steps meets the
+            ``update_min_steps`` threshold.
+        """
+        if current_item is not None:
+            self.current_item = current_item
+
+        self._completed_intervals += n_steps
+
+        if self._completed_intervals >= self.update_min_steps:
+            self.make_step(self._completed_intervals)
+            self.render_progress()
+            self._completed_intervals = 0
+
+    def finish(self) -> None:
+        self.eta_known = False
+        self.current_item = None
+        self.finished = True
+
+    def generator(self) -> t.Iterator[V]:
+        """Return a generator which yields the items added to the bar
+        during construction, and updates the progress bar *after* the
+        yielded block returns.
+        """
+        # WARNING: the iterator interface for `ProgressBar` relies on
+        # this and only works because this is a simple generator which
+        # doesn't create or manage additional state. If this function
+        # changes, the impact should be evaluated both against
+        # `iter(bar)` and `next(bar)`. `next()` in particular may call
+        # `self.generator()` repeatedly, and this must remain safe in
+        # order for that interface to work.
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+
+        if self.is_hidden:
+            yield from self.iter
+        else:
+            for rv in self.iter:
+                self.current_item = rv
+
+                # This allows show_item_func to be updated before the
+                # item is processed. Only trigger at the beginning of
+                # the update interval.
+                if self._completed_intervals == 0:
+                    self.render_progress()
+
+                yield rv
+                self.update(1)
+
+            self.finish()
+            self.render_progress()
+
+
+def pager(generator: t.Iterable[str], color: t.Optional[bool] = None) -> None:
+    """Decide what method to use for paging through text."""
+    stdout = _default_text_stdout()
+
+    # There are no standard streams attached to write to. For example,
+    # pythonw on Windows.
+    if stdout is None:
+        stdout = StringIO()
+
+    if not isatty(sys.stdin) or not isatty(stdout):
+        return _nullpager(stdout, generator, color)
+    pager_cmd = (os.environ.get("PAGER", None) or "").strip()
+    if pager_cmd:
+        if WIN:
+            return _tempfilepager(generator, pager_cmd, color)
+        return _pipepager(generator, pager_cmd, color)
+    if os.environ.get("TERM") in ("dumb", "emacs"):
+        return _nullpager(stdout, generator, color)
+    if WIN or sys.platform.startswith("os2"):
+        return _tempfilepager(generator, "more <", color)
+    if hasattr(os, "system") and os.system("(less) 2>/dev/null") == 0:
+        return _pipepager(generator, "less", color)
+
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    os.close(fd)
+    try:
+        if hasattr(os, "system") and os.system(f'more "{filename}"') == 0:
+            return _pipepager(generator, "more", color)
+        return _nullpager(stdout, generator, color)
+    finally:
+        os.unlink(filename)
+
+
+def _pipepager(generator: t.Iterable[str], cmd: str, color: t.Optional[bool]) -> None:
+    """Page through text by feeding it to another program.  Invoking a
+    pager through this might support colors.
+    """
+    import subprocess
+
+    env = dict(os.environ)
+
+    # If we're piping to less we might support colors under the
+    # condition that
+    cmd_detail = cmd.rsplit("/", 1)[-1].split()
+    if color is None and cmd_detail[0] == "less":
+        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_detail[1:])}"
+        if not less_flags:
+            env["LESS"] = "-R"
+            color = True
+        elif "r" in less_flags or "R" in less_flags:
+            color = True
+
+    c = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, env=env)
+    stdin = t.cast(t.BinaryIO, c.stdin)
+    encoding = get_best_encoding(stdin)
+    try:
+        for text in generator:
+            if not color:
+                text = strip_ansi(text)
+
+            stdin.write(text.encode(encoding, "replace"))
+    except (OSError, KeyboardInterrupt):
+        pass
+    else:
+        stdin.close()
+
+    # Less doesn't respect ^C, but catches it for its own UI purposes (aborting
+    # search or other commands inside less).
+    #
+    # That means when the user hits ^C, the parent process (click) terminates,
+    # but less is still alive, paging the output and messing up the terminal.
+    #
+    # If the user wants to make the pager exit on ^C, they should set
+    # `LESS='-K'`. It's not our decision to make.
+    while True:
+        try:
+            c.wait()
+        except KeyboardInterrupt:
+            pass
+        else:
+            break
+
+
+def _tempfilepager(
+    generator: t.Iterable[str], cmd: str, color: t.Optional[bool]
+) -> None:
+    """Page through text by invoking a program on a temporary file."""
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    # TODO: This never terminates if the passed generator never terminates.
+    text = "".join(generator)
+    if not color:
+        text = strip_ansi(text)
+    encoding = get_best_encoding(sys.stdout)
+    with open_stream(filename, "wb")[0] as f:
+        f.write(text.encode(encoding))
+    try:
+        os.system(f'{cmd} "{filename}"')
+    finally:
+        os.close(fd)
+        os.unlink(filename)
+
+
+def _nullpager(
+    stream: t.TextIO, generator: t.Iterable[str], color: t.Optional[bool]
+) -> None:
+    """Simply print unformatted text.  This is the ultimate fallback."""
+    for text in generator:
+        if not color:
+            text = strip_ansi(text)
+        stream.write(text)
+
+
+class Editor:
+    def __init__(
+        self,
+        editor: t.Optional[str] = None,
+        env: t.Optional[t.Mapping[str, str]] = None,
+        require_save: bool = True,
+        extension: str = ".txt",
+    ) -> None:
+        self.editor = editor
+        self.env = env
+        self.require_save = require_save
+        self.extension = extension
+
+    def get_editor(self) -> str:
+        if self.editor is not None:
+            return self.editor
+        for key in "VISUAL", "EDITOR":
+            rv = os.environ.get(key)
+            if rv:
+                return rv
+        if WIN:
+            return "notepad"
+        for editor in "sensible-editor", "vim", "nano":
+            if os.system(f"which {editor} >/dev/null 2>&1") == 0:
+                return editor
+        return "vi"
+
+    def edit_file(self, filename: str) -> None:
+        import subprocess
+
+        editor = self.get_editor()
+        environ: t.Optional[t.Dict[str, str]] = None
+
+        if self.env:
+            environ = os.environ.copy()
+            environ.update(self.env)
+
+        try:
+            c = subprocess.Popen(f'{editor} "{filename}"', env=environ, shell=True)
+            exit_code = c.wait()
+            if exit_code != 0:
+                raise ClickException(
+                    _("{editor}: Editing failed").format(editor=editor)
+                )
+        except OSError as e:
+            raise ClickException(
+                _("{editor}: Editing failed: {e}").format(editor=editor, e=e)
+            ) from e
+
+    def edit(self, text: t.Optional[t.AnyStr]) -> t.Optional[t.AnyStr]:
+        import tempfile
+
+        if not text:
+            data = b""
+        elif isinstance(text, (bytes, bytearray)):
+            data = text
+        else:
+            if text and not text.endswith("\n"):
+                text += "\n"
+
+            if WIN:
+                data = text.replace("\n", "\r\n").encode("utf-8-sig")
+            else:
+                data = text.encode("utf-8")
+
+        fd, name = tempfile.mkstemp(prefix="editor-", suffix=self.extension)
+        f: t.BinaryIO
+
+        try:
+            with os.fdopen(fd, "wb") as f:
+                f.write(data)
+
+            # If the filesystem resolution is 1 second, like Mac OS
+            # 10.12 Extended, or 2 seconds, like FAT32, and the editor
+            # closes very fast, require_save can fail. Set the modified
+            # time to be 2 seconds in the past to work around this.
+            os.utime(name, (os.path.getatime(name), os.path.getmtime(name) - 2))
+            # Depending on the resolution, the exact value might not be
+            # recorded, so get the new recorded value.
+            timestamp = os.path.getmtime(name)
+
+            self.edit_file(name)
+
+            if self.require_save and os.path.getmtime(name) == timestamp:
+                return None
+
+            with open(name, "rb") as f:
+                rv = f.read()
+
+            if isinstance(text, (bytes, bytearray)):
+                return rv
+
+            return rv.decode("utf-8-sig").replace("\r\n", "\n")  # type: ignore
+        finally:
+            os.unlink(name)
+
+
+def open_url(url: str, wait: bool = False, locate: bool = False) -> int:
+    import subprocess
+
+    def _unquote_file(url: str) -> str:
+        from urllib.parse import unquote
+
+        if url.startswith("file://"):
+            url = unquote(url[7:])
+
+        return url
+
+    if sys.platform == "darwin":
+        args = ["open"]
+        if wait:
+            args.append("-W")
+        if locate:
+            args.append("-R")
+        args.append(_unquote_file(url))
+        null = open("/dev/null", "w")
+        try:
+            return subprocess.Popen(args, stderr=null).wait()
+        finally:
+            null.close()
+    elif WIN:
+        if locate:
+            url = _unquote_file(url.replace('"', ""))
+            args = f'explorer /select,"{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "/WAIT" if wait else ""
+            args = f'start {wait_str} "" "{url}"'
+        return os.system(args)
+    elif CYGWIN:
+        if locate:
+            url = os.path.dirname(_unquote_file(url).replace('"', ""))
+            args = f'cygstart "{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "-w" if wait else ""
+            args = f'cygstart {wait_str} "{url}"'
+        return os.system(args)
+
+    try:
+        if locate:
+            url = os.path.dirname(_unquote_file(url)) or "."
+        else:
+            url = _unquote_file(url)
+        c = subprocess.Popen(["xdg-open", url])
+        if wait:
+            return c.wait()
+        return 0
+    except OSError:
+        if url.startswith(("http://", "https://")) and not locate and not wait:
+            import webbrowser
+
+            webbrowser.open(url)
+            return 0
+        return 1
+
+
+def _translate_ch_to_exc(ch: str) -> t.Optional[BaseException]:
+    if ch == "\x03":
+        raise KeyboardInterrupt()
+
+    if ch == "\x04" and not WIN:  # Unix-like, Ctrl+D
+        raise EOFError()
+
+    if ch == "\x1a" and WIN:  # Windows, Ctrl+Z
+        raise EOFError()
+
+    return None
+
+
+if WIN:
+    import msvcrt
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        yield -1
+
+    def getchar(echo: bool) -> str:
+        # The function `getch` will return a bytes object corresponding to
+        # the pressed character. Since Windows 10 build 1803, it will also
+        # return \x00 when called a second time after pressing a regular key.
+        #
+        # `getwch` does not share this probably-bugged behavior. Moreover, it
+        # returns a Unicode object by default, which is what we want.
+        #
+        # Either of these functions will return \x00 or \xe0 to indicate
+        # a special key, and you need to call the same function again to get
+        # the "rest" of the code. The fun part is that \u00e0 is
+        # "latin small letter a with grave", so if you type that on a French
+        # keyboard, you _also_ get a \xe0.
+        # E.g., consider the Up arrow. This returns \xe0 and then \x48. The
+        # resulting Unicode string reads as "a with grave" + "capital H".
+        # This is indistinguishable from when the user actually types
+        # "a with grave" and then "capital H".
+        #
+        # When \xe0 is returned, we assume it's part of a special-key sequence
+        # and call `getwch` again, but that means that when the user types
+        # the \u00e0 character, `getchar` doesn't return until a second
+        # character is typed.
+        # The alternative is returning immediately, but that would mess up
+        # cross-platform handling of arrow keys and others that start with
+        # \xe0. Another option is using `getch`, but then we can't reliably
+        # read non-ASCII characters, because return values of `getch` are
+        # limited to the current 8-bit codepage.
+        #
+        # Anyway, Click doesn't claim to do this Right(tm), and using `getwch`
+        # is doing the right thing in more situations than with `getch`.
+        func: t.Callable[[], str]
+
+        if echo:
+            func = msvcrt.getwche  # type: ignore
+        else:
+            func = msvcrt.getwch  # type: ignore
+
+        rv = func()
+
+        if rv in ("\x00", "\xe0"):
+            # \x00 and \xe0 are control characters that indicate special key,
+            # see above.
+            rv += func()
+
+        _translate_ch_to_exc(rv)
+        return rv
+
+else:
+    import tty
+    import termios
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        f: t.Optional[t.TextIO]
+        fd: int
+
+        if not isatty(sys.stdin):
+            f = open("/dev/tty")
+            fd = f.fileno()
+        else:
+            fd = sys.stdin.fileno()
+            f = None
+
+        try:
+            old_settings = termios.tcgetattr(fd)
+
+            try:
+                tty.setraw(fd)
+                yield fd
+            finally:
+                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                sys.stdout.flush()
+
+                if f is not None:
+                    f.close()
+        except termios.error:
+            pass
+
+    def getchar(echo: bool) -> str:
+        with raw_terminal() as fd:
+            ch = os.read(fd, 32).decode(get_best_encoding(sys.stdin), "replace")
+
+            if echo and isatty(sys.stdout):
+                sys.stdout.write(ch)
+
+            _translate_ch_to_exc(ch)
+            return ch
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/_textwrap.py b/lib/go-jinja2/internal/data/linux-amd64/click/_textwrap.py
new file mode 100644
index 000000000..b47dcbd42
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/_textwrap.py
@@ -0,0 +1,49 @@
+import textwrap
+import typing as t
+from contextlib import contextmanager
+
+
+class TextWrapper(textwrap.TextWrapper):
+    def _handle_long_word(
+        self,
+        reversed_chunks: t.List[str],
+        cur_line: t.List[str],
+        cur_len: int,
+        width: int,
+    ) -> None:
+        space_left = max(width - cur_len, 1)
+
+        if self.break_long_words:
+            last = reversed_chunks[-1]
+            cut = last[:space_left]
+            res = last[space_left:]
+            cur_line.append(cut)
+            reversed_chunks[-1] = res
+        elif not cur_line:
+            cur_line.append(reversed_chunks.pop())
+
+    @contextmanager
+    def extra_indent(self, indent: str) -> t.Iterator[None]:
+        old_initial_indent = self.initial_indent
+        old_subsequent_indent = self.subsequent_indent
+        self.initial_indent += indent
+        self.subsequent_indent += indent
+
+        try:
+            yield
+        finally:
+            self.initial_indent = old_initial_indent
+            self.subsequent_indent = old_subsequent_indent
+
+    def indent_only(self, text: str) -> str:
+        rv = []
+
+        for idx, line in enumerate(text.splitlines()):
+            indent = self.initial_indent
+
+            if idx > 0:
+                indent = self.subsequent_indent
+
+            rv.append(f"{indent}{line}")
+
+        return "\n".join(rv)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/_winconsole.py b/lib/go-jinja2/internal/data/linux-amd64/click/_winconsole.py
new file mode 100644
index 000000000..6b20df315
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/_winconsole.py
@@ -0,0 +1,279 @@
+# This module is based on the excellent work by Adam Bartoš who
+# provided a lot of what went into the implementation here in
+# the discussion to issue1602 in the Python bug tracker.
+#
+# There are some general differences in regards to how this works
+# compared to the original patches as we do not need to patch
+# the entire interpreter but just work in our little world of
+# echo and prompt.
+import io
+import sys
+import time
+import typing as t
+from ctypes import byref
+from ctypes import c_char
+from ctypes import c_char_p
+from ctypes import c_int
+from ctypes import c_ssize_t
+from ctypes import c_ulong
+from ctypes import c_void_p
+from ctypes import POINTER
+from ctypes import py_object
+from ctypes import Structure
+from ctypes.wintypes import DWORD
+from ctypes.wintypes import HANDLE
+from ctypes.wintypes import LPCWSTR
+from ctypes.wintypes import LPWSTR
+
+from ._compat import _NonClosingTextIOWrapper
+
+assert sys.platform == "win32"
+import msvcrt  # noqa: E402
+from ctypes import windll  # noqa: E402
+from ctypes import WINFUNCTYPE  # noqa: E402
+
+c_ssize_p = POINTER(c_ssize_t)
+
+kernel32 = windll.kernel32
+GetStdHandle = kernel32.GetStdHandle
+ReadConsoleW = kernel32.ReadConsoleW
+WriteConsoleW = kernel32.WriteConsoleW
+GetConsoleMode = kernel32.GetConsoleMode
+GetLastError = kernel32.GetLastError
+GetCommandLineW = WINFUNCTYPE(LPWSTR)(("GetCommandLineW", windll.kernel32))
+CommandLineToArgvW = WINFUNCTYPE(POINTER(LPWSTR), LPCWSTR, POINTER(c_int))(
+    ("CommandLineToArgvW", windll.shell32)
+)
+LocalFree = WINFUNCTYPE(c_void_p, c_void_p)(("LocalFree", windll.kernel32))
+
+STDIN_HANDLE = GetStdHandle(-10)
+STDOUT_HANDLE = GetStdHandle(-11)
+STDERR_HANDLE = GetStdHandle(-12)
+
+PyBUF_SIMPLE = 0
+PyBUF_WRITABLE = 1
+
+ERROR_SUCCESS = 0
+ERROR_NOT_ENOUGH_MEMORY = 8
+ERROR_OPERATION_ABORTED = 995
+
+STDIN_FILENO = 0
+STDOUT_FILENO = 1
+STDERR_FILENO = 2
+
+EOF = b"\x1a"
+MAX_BYTES_WRITTEN = 32767
+
+try:
+    from ctypes import pythonapi
+except ImportError:
+    # On PyPy we cannot get buffers so our ability to operate here is
+    # severely limited.
+    get_buffer = None
+else:
+
+    class Py_buffer(Structure):
+        _fields_ = [
+            ("buf", c_void_p),
+            ("obj", py_object),
+            ("len", c_ssize_t),
+            ("itemsize", c_ssize_t),
+            ("readonly", c_int),
+            ("ndim", c_int),
+            ("format", c_char_p),
+            ("shape", c_ssize_p),
+            ("strides", c_ssize_p),
+            ("suboffsets", c_ssize_p),
+            ("internal", c_void_p),
+        ]
+
+    PyObject_GetBuffer = pythonapi.PyObject_GetBuffer
+    PyBuffer_Release = pythonapi.PyBuffer_Release
+
+    def get_buffer(obj, writable=False):
+        buf = Py_buffer()
+        flags = PyBUF_WRITABLE if writable else PyBUF_SIMPLE
+        PyObject_GetBuffer(py_object(obj), byref(buf), flags)
+
+        try:
+            buffer_type = c_char * buf.len
+            return buffer_type.from_address(buf.buf)
+        finally:
+            PyBuffer_Release(byref(buf))
+
+
+class _WindowsConsoleRawIOBase(io.RawIOBase):
+    def __init__(self, handle):
+        self.handle = handle
+
+    def isatty(self):
+        super().isatty()
+        return True
+
+
+class _WindowsConsoleReader(_WindowsConsoleRawIOBase):
+    def readable(self):
+        return True
+
+    def readinto(self, b):
+        bytes_to_be_read = len(b)
+        if not bytes_to_be_read:
+            return 0
+        elif bytes_to_be_read % 2:
+            raise ValueError(
+                "cannot read odd number of bytes from UTF-16-LE encoded console"
+            )
+
+        buffer = get_buffer(b, writable=True)
+        code_units_to_be_read = bytes_to_be_read // 2
+        code_units_read = c_ulong()
+
+        rv = ReadConsoleW(
+            HANDLE(self.handle),
+            buffer,
+            code_units_to_be_read,
+            byref(code_units_read),
+            None,
+        )
+        if GetLastError() == ERROR_OPERATION_ABORTED:
+            # wait for KeyboardInterrupt
+            time.sleep(0.1)
+        if not rv:
+            raise OSError(f"Windows error: {GetLastError()}")
+
+        if buffer[0] == EOF:
+            return 0
+        return 2 * code_units_read.value
+
+
+class _WindowsConsoleWriter(_WindowsConsoleRawIOBase):
+    def writable(self):
+        return True
+
+    @staticmethod
+    def _get_error_message(errno):
+        if errno == ERROR_SUCCESS:
+            return "ERROR_SUCCESS"
+        elif errno == ERROR_NOT_ENOUGH_MEMORY:
+            return "ERROR_NOT_ENOUGH_MEMORY"
+        return f"Windows error {errno}"
+
+    def write(self, b):
+        bytes_to_be_written = len(b)
+        buf = get_buffer(b)
+        code_units_to_be_written = min(bytes_to_be_written, MAX_BYTES_WRITTEN) // 2
+        code_units_written = c_ulong()
+
+        WriteConsoleW(
+            HANDLE(self.handle),
+            buf,
+            code_units_to_be_written,
+            byref(code_units_written),
+            None,
+        )
+        bytes_written = 2 * code_units_written.value
+
+        if bytes_written == 0 and bytes_to_be_written > 0:
+            raise OSError(self._get_error_message(GetLastError()))
+        return bytes_written
+
+
+class ConsoleStream:
+    def __init__(self, text_stream: t.TextIO, byte_stream: t.BinaryIO) -> None:
+        self._text_stream = text_stream
+        self.buffer = byte_stream
+
+    @property
+    def name(self) -> str:
+        return self.buffer.name
+
+    def write(self, x: t.AnyStr) -> int:
+        if isinstance(x, str):
+            return self._text_stream.write(x)
+        try:
+            self.flush()
+        except Exception:
+            pass
+        return self.buffer.write(x)
+
+    def writelines(self, lines: t.Iterable[t.AnyStr]) -> None:
+        for line in lines:
+            self.write(line)
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._text_stream, name)
+
+    def isatty(self) -> bool:
+        return self.buffer.isatty()
+
+    def __repr__(self):
+        return f"<ConsoleStream name={self.name!r} encoding={self.encoding!r}>"
+
+
+def _get_text_stdin(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedReader(_WindowsConsoleReader(STDIN_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stdout(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDOUT_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stderr(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDERR_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+_stream_factories: t.Mapping[int, t.Callable[[t.BinaryIO], t.TextIO]] = {
+    0: _get_text_stdin,
+    1: _get_text_stdout,
+    2: _get_text_stderr,
+}
+
+
+def _is_console(f: t.TextIO) -> bool:
+    if not hasattr(f, "fileno"):
+        return False
+
+    try:
+        fileno = f.fileno()
+    except (OSError, io.UnsupportedOperation):
+        return False
+
+    handle = msvcrt.get_osfhandle(fileno)
+    return bool(GetConsoleMode(handle, byref(DWORD())))
+
+
+def _get_windows_console_stream(
+    f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> t.Optional[t.TextIO]:
+    if (
+        get_buffer is not None
+        and encoding in {"utf-16-le", None}
+        and errors in {"strict", None}
+        and _is_console(f)
+    ):
+        func = _stream_factories.get(f.fileno())
+        if func is not None:
+            b = getattr(f, "buffer", None)
+
+            if b is None:
+                return None
+
+            return func(b)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/core.py b/lib/go-jinja2/internal/data/linux-amd64/click/core.py
new file mode 100644
index 000000000..cc65e896b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/core.py
@@ -0,0 +1,3042 @@
+import enum
+import errno
+import inspect
+import os
+import sys
+import typing as t
+from collections import abc
+from contextlib import contextmanager
+from contextlib import ExitStack
+from functools import update_wrapper
+from gettext import gettext as _
+from gettext import ngettext
+from itertools import repeat
+from types import TracebackType
+
+from . import types
+from .exceptions import Abort
+from .exceptions import BadParameter
+from .exceptions import ClickException
+from .exceptions import Exit
+from .exceptions import MissingParameter
+from .exceptions import UsageError
+from .formatting import HelpFormatter
+from .formatting import join_options
+from .globals import pop_context
+from .globals import push_context
+from .parser import _flag_needs_value
+from .parser import OptionParser
+from .parser import split_opt
+from .termui import confirm
+from .termui import prompt
+from .termui import style
+from .utils import _detect_program_name
+from .utils import _expand_args
+from .utils import echo
+from .utils import make_default_short_help
+from .utils import make_str
+from .utils import PacifyFlushWrapper
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .shell_completion import CompletionItem
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+V = t.TypeVar("V")
+
+
+def _complete_visible_commands(
+    ctx: "Context", incomplete: str
+) -> t.Iterator[t.Tuple[str, "Command"]]:
+    """List all the subcommands of a group that start with the
+    incomplete value and aren't hidden.
+
+    :param ctx: Invocation context for the group.
+    :param incomplete: Value being completed. May be empty.
+    """
+    multi = t.cast(MultiCommand, ctx.command)
+
+    for name in multi.list_commands(ctx):
+        if name.startswith(incomplete):
+            command = multi.get_command(ctx, name)
+
+            if command is not None and not command.hidden:
+                yield name, command
+
+
+def _check_multicommand(
+    base_command: "MultiCommand", cmd_name: str, cmd: "Command", register: bool = False
+) -> None:
+    if not base_command.chain or not isinstance(cmd, MultiCommand):
+        return
+    if register:
+        hint = (
+            "It is not possible to add multi commands as children to"
+            " another multi command that is in chain mode."
+        )
+    else:
+        hint = (
+            "Found a multi command as subcommand to a multi command"
+            " that is in chain mode. This is not supported."
+        )
+    raise RuntimeError(
+        f"{hint}. Command {base_command.name!r} is set to chain and"
+        f" {cmd_name!r} was added as a subcommand but it in itself is a"
+        f" multi command. ({cmd_name!r} is a {type(cmd).__name__}"
+        f" within a chained {type(base_command).__name__} named"
+        f" {base_command.name!r})."
+    )
+
+
+def batch(iterable: t.Iterable[V], batch_size: int) -> t.List[t.Tuple[V, ...]]:
+    return list(zip(*repeat(iter(iterable), batch_size)))
+
+
+@contextmanager
+def augment_usage_errors(
+    ctx: "Context", param: t.Optional["Parameter"] = None
+) -> t.Iterator[None]:
+    """Context manager that attaches extra information to exceptions."""
+    try:
+        yield
+    except BadParameter as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        if param is not None and e.param is None:
+            e.param = param
+        raise
+    except UsageError as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        raise
+
+
+def iter_params_for_processing(
+    invocation_order: t.Sequence["Parameter"],
+    declaration_order: t.Sequence["Parameter"],
+) -> t.List["Parameter"]:
+    """Given a sequence of parameters in the order as should be considered
+    for processing and an iterable of parameters that exist, this returns
+    a list in the correct order as they should be processed.
+    """
+
+    def sort_key(item: "Parameter") -> t.Tuple[bool, float]:
+        try:
+            idx: float = invocation_order.index(item)
+        except ValueError:
+            idx = float("inf")
+
+        return not item.is_eager, idx
+
+    return sorted(declaration_order, key=sort_key)
+
+
+class ParameterSource(enum.Enum):
+    """This is an :class:`~enum.Enum` that indicates the source of a
+    parameter's value.
+
+    Use :meth:`click.Context.get_parameter_source` to get the
+    source for a parameter by name.
+
+    .. versionchanged:: 8.0
+        Use :class:`~enum.Enum` and drop the ``validate`` method.
+
+    .. versionchanged:: 8.0
+        Added the ``PROMPT`` value.
+    """
+
+    COMMANDLINE = enum.auto()
+    """The value was provided by the command line args."""
+    ENVIRONMENT = enum.auto()
+    """The value was provided with an environment variable."""
+    DEFAULT = enum.auto()
+    """Used the default specified by the parameter."""
+    DEFAULT_MAP = enum.auto()
+    """Used a default provided by :attr:`Context.default_map`."""
+    PROMPT = enum.auto()
+    """Used a prompt to confirm a default or provide a value."""
+
+
+class Context:
+    """The context is a special internal object that holds state relevant
+    for the script execution at every single level.  It's normally invisible
+    to commands unless they opt-in to getting access to it.
+
+    The context is useful as it can pass internal objects around and can
+    control special execution features such as reading data from
+    environment variables.
+
+    A context can be used as context manager in which case it will call
+    :meth:`close` on teardown.
+
+    :param command: the command class for this context.
+    :param parent: the parent context.
+    :param info_name: the info name for this invocation.  Generally this
+                      is the most descriptive name for the script or
+                      command.  For the toplevel script it is usually
+                      the name of the script, for commands below it it's
+                      the name of the script.
+    :param obj: an arbitrary object of user data.
+    :param auto_envvar_prefix: the prefix to use for automatic environment
+                               variables.  If this is `None` then reading
+                               from environment variables is disabled.  This
+                               does not affect manually set environment
+                               variables which are always read.
+    :param default_map: a dictionary (like object) with default values
+                        for parameters.
+    :param terminal_width: the width of the terminal.  The default is
+                           inherit from parent context.  If no context
+                           defines the terminal width then auto
+                           detection will be applied.
+    :param max_content_width: the maximum width for content rendered by
+                              Click (this currently only affects help
+                              pages).  This defaults to 80 characters if
+                              not overridden.  In other words: even if the
+                              terminal is larger than that, Click will not
+                              format things wider than 80 characters by
+                              default.  In addition to that, formatters might
+                              add some safety mapping on the right.
+    :param resilient_parsing: if this flag is enabled then Click will
+                              parse without any interactivity or callback
+                              invocation.  Default values will also be
+                              ignored.  This is useful for implementing
+                              things such as completion support.
+    :param allow_extra_args: if this is set to `True` then extra arguments
+                             at the end will not raise an error and will be
+                             kept on the context.  The default is to inherit
+                             from the command.
+    :param allow_interspersed_args: if this is set to `False` then options
+                                    and arguments cannot be mixed.  The
+                                    default is to inherit from the command.
+    :param ignore_unknown_options: instructs click to ignore options it does
+                                   not know and keeps them for later
+                                   processing.
+    :param help_option_names: optionally a list of strings that define how
+                              the default help parameter is named.  The
+                              default is ``['--help']``.
+    :param token_normalize_func: an optional function that is used to
+                                 normalize tokens (options, choices,
+                                 etc.).  This for instance can be used to
+                                 implement case insensitive behavior.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are used in texts that Click prints which is by
+                  default not the case.  This for instance would affect
+                  help output.
+    :param show_default: Show the default value for commands. If this
+        value is not set, it defaults to the value from the parent
+        context. ``Command.show_default`` overrides this default for the
+        specific command.
+
+    .. versionchanged:: 8.1
+        The ``show_default`` parameter is overridden by
+        ``Command.show_default``, instead of the other way around.
+
+    .. versionchanged:: 8.0
+        The ``show_default`` parameter defaults to the value from the
+        parent context.
+
+    .. versionchanged:: 7.1
+       Added the ``show_default`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color``, ``ignore_unknown_options``, and
+        ``max_content_width`` parameters.
+
+    .. versionchanged:: 3.0
+        Added the ``allow_extra_args`` and ``allow_interspersed_args``
+        parameters.
+
+    .. versionchanged:: 2.0
+        Added the ``resilient_parsing``, ``help_option_names``, and
+        ``token_normalize_func`` parameters.
+    """
+
+    #: The formatter class to create with :meth:`make_formatter`.
+    #:
+    #: .. versionadded:: 8.0
+    formatter_class: t.Type["HelpFormatter"] = HelpFormatter
+
+    def __init__(
+        self,
+        command: "Command",
+        parent: t.Optional["Context"] = None,
+        info_name: t.Optional[str] = None,
+        obj: t.Optional[t.Any] = None,
+        auto_envvar_prefix: t.Optional[str] = None,
+        default_map: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        terminal_width: t.Optional[int] = None,
+        max_content_width: t.Optional[int] = None,
+        resilient_parsing: bool = False,
+        allow_extra_args: t.Optional[bool] = None,
+        allow_interspersed_args: t.Optional[bool] = None,
+        ignore_unknown_options: t.Optional[bool] = None,
+        help_option_names: t.Optional[t.List[str]] = None,
+        token_normalize_func: t.Optional[t.Callable[[str], str]] = None,
+        color: t.Optional[bool] = None,
+        show_default: t.Optional[bool] = None,
+    ) -> None:
+        #: the parent context or `None` if none exists.
+        self.parent = parent
+        #: the :class:`Command` for this context.
+        self.command = command
+        #: the descriptive information name
+        self.info_name = info_name
+        #: Map of parameter names to their parsed values. Parameters
+        #: with ``expose_value=False`` are not stored.
+        self.params: t.Dict[str, t.Any] = {}
+        #: the leftover arguments.
+        self.args: t.List[str] = []
+        #: protected arguments.  These are arguments that are prepended
+        #: to `args` when certain parsing scenarios are encountered but
+        #: must be never propagated to another arguments.  This is used
+        #: to implement nested parsing.
+        self.protected_args: t.List[str] = []
+        #: the collected prefixes of the command's options.
+        self._opt_prefixes: t.Set[str] = set(parent._opt_prefixes) if parent else set()
+
+        if obj is None and parent is not None:
+            obj = parent.obj
+
+        #: the user object stored.
+        self.obj: t.Any = obj
+        self._meta: t.Dict[str, t.Any] = getattr(parent, "meta", {})
+
+        #: A dictionary (-like object) with defaults for parameters.
+        if (
+            default_map is None
+            and info_name is not None
+            and parent is not None
+            and parent.default_map is not None
+        ):
+            default_map = parent.default_map.get(info_name)
+
+        self.default_map: t.Optional[t.MutableMapping[str, t.Any]] = default_map
+
+        #: This flag indicates if a subcommand is going to be executed. A
+        #: group callback can use this information to figure out if it's
+        #: being executed directly or because the execution flow passes
+        #: onwards to a subcommand. By default it's None, but it can be
+        #: the name of the subcommand to execute.
+        #:
+        #: If chaining is enabled this will be set to ``'*'`` in case
+        #: any commands are executed.  It is however not possible to
+        #: figure out which ones.  If you require this knowledge you
+        #: should use a :func:`result_callback`.
+        self.invoked_subcommand: t.Optional[str] = None
+
+        if terminal_width is None and parent is not None:
+            terminal_width = parent.terminal_width
+
+        #: The width of the terminal (None is autodetection).
+        self.terminal_width: t.Optional[int] = terminal_width
+
+        if max_content_width is None and parent is not None:
+            max_content_width = parent.max_content_width
+
+        #: The maximum width of formatted content (None implies a sensible
+        #: default which is 80 for most things).
+        self.max_content_width: t.Optional[int] = max_content_width
+
+        if allow_extra_args is None:
+            allow_extra_args = command.allow_extra_args
+
+        #: Indicates if the context allows extra args or if it should
+        #: fail on parsing.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_extra_args = allow_extra_args
+
+        if allow_interspersed_args is None:
+            allow_interspersed_args = command.allow_interspersed_args
+
+        #: Indicates if the context allows mixing of arguments and
+        #: options or not.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_interspersed_args: bool = allow_interspersed_args
+
+        if ignore_unknown_options is None:
+            ignore_unknown_options = command.ignore_unknown_options
+
+        #: Instructs click to ignore options that a command does not
+        #: understand and will store it on the context for later
+        #: processing.  This is primarily useful for situations where you
+        #: want to call into external programs.  Generally this pattern is
+        #: strongly discouraged because it's not possibly to losslessly
+        #: forward all arguments.
+        #:
+        #: .. versionadded:: 4.0
+        self.ignore_unknown_options: bool = ignore_unknown_options
+
+        if help_option_names is None:
+            if parent is not None:
+                help_option_names = parent.help_option_names
+            else:
+                help_option_names = ["--help"]
+
+        #: The names for the help options.
+        self.help_option_names: t.List[str] = help_option_names
+
+        if token_normalize_func is None and parent is not None:
+            token_normalize_func = parent.token_normalize_func
+
+        #: An optional normalization function for tokens.  This is
+        #: options, choices, commands etc.
+        self.token_normalize_func: t.Optional[
+            t.Callable[[str], str]
+        ] = token_normalize_func
+
+        #: Indicates if resilient parsing is enabled.  In that case Click
+        #: will do its best to not cause any failures and default values
+        #: will be ignored. Useful for completion.
+        self.resilient_parsing: bool = resilient_parsing
+
+        # If there is no envvar prefix yet, but the parent has one and
+        # the command on this level has a name, we can expand the envvar
+        # prefix automatically.
+        if auto_envvar_prefix is None:
+            if (
+                parent is not None
+                and parent.auto_envvar_prefix is not None
+                and self.info_name is not None
+            ):
+                auto_envvar_prefix = (
+                    f"{parent.auto_envvar_prefix}_{self.info_name.upper()}"
+                )
+        else:
+            auto_envvar_prefix = auto_envvar_prefix.upper()
+
+        if auto_envvar_prefix is not None:
+            auto_envvar_prefix = auto_envvar_prefix.replace("-", "_")
+
+        self.auto_envvar_prefix: t.Optional[str] = auto_envvar_prefix
+
+        if color is None and parent is not None:
+            color = parent.color
+
+        #: Controls if styling output is wanted or not.
+        self.color: t.Optional[bool] = color
+
+        if show_default is None and parent is not None:
+            show_default = parent.show_default
+
+        #: Show option default values when formatting help text.
+        self.show_default: t.Optional[bool] = show_default
+
+        self._close_callbacks: t.List[t.Callable[[], t.Any]] = []
+        self._depth = 0
+        self._parameter_source: t.Dict[str, ParameterSource] = {}
+        self._exit_stack = ExitStack()
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire CLI
+        structure.
+
+        .. code-block:: python
+
+            with Context(cli) as ctx:
+                info = ctx.to_info_dict()
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "command": self.command.to_info_dict(self),
+            "info_name": self.info_name,
+            "allow_extra_args": self.allow_extra_args,
+            "allow_interspersed_args": self.allow_interspersed_args,
+            "ignore_unknown_options": self.ignore_unknown_options,
+            "auto_envvar_prefix": self.auto_envvar_prefix,
+        }
+
+    def __enter__(self) -> "Context":
+        self._depth += 1
+        push_context(self)
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self._depth -= 1
+        if self._depth == 0:
+            self.close()
+        pop_context()
+
+    @contextmanager
+    def scope(self, cleanup: bool = True) -> t.Iterator["Context"]:
+        """This helper method can be used with the context object to promote
+        it to the current thread local (see :func:`get_current_context`).
+        The default behavior of this is to invoke the cleanup functions which
+        can be disabled by setting `cleanup` to `False`.  The cleanup
+        functions are typically used for things such as closing file handles.
+
+        If the cleanup is intended the context object can also be directly
+        used as a context manager.
+
+        Example usage::
+
+            with ctx.scope():
+                assert get_current_context() is ctx
+
+        This is equivalent::
+
+            with ctx:
+                assert get_current_context() is ctx
+
+        .. versionadded:: 5.0
+
+        :param cleanup: controls if the cleanup functions should be run or
+                        not.  The default is to run these functions.  In
+                        some situations the context only wants to be
+                        temporarily pushed in which case this can be disabled.
+                        Nested pushes automatically defer the cleanup.
+        """
+        if not cleanup:
+            self._depth += 1
+        try:
+            with self as rv:
+                yield rv
+        finally:
+            if not cleanup:
+                self._depth -= 1
+
+    @property
+    def meta(self) -> t.Dict[str, t.Any]:
+        """This is a dictionary which is shared with all the contexts
+        that are nested.  It exists so that click utilities can store some
+        state here if they need to.  It is however the responsibility of
+        that code to manage this dictionary well.
+
+        The keys are supposed to be unique dotted strings.  For instance
+        module paths are a good choice for it.  What is stored in there is
+        irrelevant for the operation of click.  However what is important is
+        that code that places data here adheres to the general semantics of
+        the system.
+
+        Example usage::
+
+            LANG_KEY = f'{__name__}.lang'
+
+            def set_language(value):
+                ctx = get_current_context()
+                ctx.meta[LANG_KEY] = value
+
+            def get_language():
+                return get_current_context().meta.get(LANG_KEY, 'en_US')
+
+        .. versionadded:: 5.0
+        """
+        return self._meta
+
+    def make_formatter(self) -> HelpFormatter:
+        """Creates the :class:`~click.HelpFormatter` for the help and
+        usage output.
+
+        To quickly customize the formatter class used without overriding
+        this method, set the :attr:`formatter_class` attribute.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`formatter_class` attribute.
+        """
+        return self.formatter_class(
+            width=self.terminal_width, max_width=self.max_content_width
+        )
+
+    def with_resource(self, context_manager: t.ContextManager[V]) -> V:
+        """Register a resource as if it were used in a ``with``
+        statement. The resource will be cleaned up when the context is
+        popped.
+
+        Uses :meth:`contextlib.ExitStack.enter_context`. It calls the
+        resource's ``__enter__()`` method and returns the result. When
+        the context is popped, it closes the stack, which calls the
+        resource's ``__exit__()`` method.
+
+        To register a cleanup function for something that isn't a
+        context manager, use :meth:`call_on_close`. Or use something
+        from :mod:`contextlib` to turn it into a context manager first.
+
+        .. code-block:: python
+
+            @click.group()
+            @click.option("--name")
+            @click.pass_context
+            def cli(ctx):
+                ctx.obj = ctx.with_resource(connect_db(name))
+
+        :param context_manager: The context manager to enter.
+        :return: Whatever ``context_manager.__enter__()`` returns.
+
+        .. versionadded:: 8.0
+        """
+        return self._exit_stack.enter_context(context_manager)
+
+    def call_on_close(self, f: t.Callable[..., t.Any]) -> t.Callable[..., t.Any]:
+        """Register a function to be called when the context tears down.
+
+        This can be used to close resources opened during the script
+        execution. Resources that support Python's context manager
+        protocol which would be used in a ``with`` statement should be
+        registered with :meth:`with_resource` instead.
+
+        :param f: The function to execute on teardown.
+        """
+        return self._exit_stack.callback(f)
+
+    def close(self) -> None:
+        """Invoke all close callbacks registered with
+        :meth:`call_on_close`, and exit all context managers entered
+        with :meth:`with_resource`.
+        """
+        self._exit_stack.close()
+        # In case the context is reused, create a new exit stack.
+        self._exit_stack = ExitStack()
+
+    @property
+    def command_path(self) -> str:
+        """The computed command path.  This is used for the ``usage``
+        information on the help page.  It's automatically created by
+        combining the info names of the chain of contexts to the root.
+        """
+        rv = ""
+        if self.info_name is not None:
+            rv = self.info_name
+        if self.parent is not None:
+            parent_command_path = [self.parent.command_path]
+
+            if isinstance(self.parent.command, Command):
+                for param in self.parent.command.get_params(self):
+                    parent_command_path.extend(param.get_usage_pieces(self))
+
+            rv = f"{' '.join(parent_command_path)} {rv}"
+        return rv.lstrip()
+
+    def find_root(self) -> "Context":
+        """Finds the outermost context."""
+        node = self
+        while node.parent is not None:
+            node = node.parent
+        return node
+
+    def find_object(self, object_type: t.Type[V]) -> t.Optional[V]:
+        """Finds the closest object of a given type."""
+        node: t.Optional["Context"] = self
+
+        while node is not None:
+            if isinstance(node.obj, object_type):
+                return node.obj
+
+            node = node.parent
+
+        return None
+
+    def ensure_object(self, object_type: t.Type[V]) -> V:
+        """Like :meth:`find_object` but sets the innermost object to a
+        new instance of `object_type` if it does not exist.
+        """
+        rv = self.find_object(object_type)
+        if rv is None:
+            self.obj = rv = object_type()
+        return rv
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[False]" = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def lookup_default(self, name: str, call: bool = True) -> t.Optional[t.Any]:
+        """Get the default for a parameter from :attr:`default_map`.
+
+        :param name: Name of the parameter.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        if self.default_map is not None:
+            value = self.default_map.get(name)
+
+            if call and callable(value):
+                return value()
+
+            return value
+
+        return None
+
+    def fail(self, message: str) -> "te.NoReturn":
+        """Aborts the execution of the program with a specific error
+        message.
+
+        :param message: the error message to fail with.
+        """
+        raise UsageError(message, self)
+
+    def abort(self) -> "te.NoReturn":
+        """Aborts the script."""
+        raise Abort()
+
+    def exit(self, code: int = 0) -> "te.NoReturn":
+        """Exits the application with a given exit code."""
+        raise Exit(code)
+
+    def get_usage(self) -> str:
+        """Helper method to get formatted usage string for the current
+        context and command.
+        """
+        return self.command.get_usage(self)
+
+    def get_help(self) -> str:
+        """Helper method to get formatted help page for the current
+        context and command.
+        """
+        return self.command.get_help(self)
+
+    def _make_sub_context(self, command: "Command") -> "Context":
+        """Create a new context of the same type as this context, but
+        for a new command.
+
+        :meta private:
+        """
+        return type(self)(command, info_name=command.name, parent=self)
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "t.Callable[..., V]",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> V:
+        ...
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "Command",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        ...
+
+    def invoke(
+        __self,  # noqa: B902
+        __callback: t.Union["Command", "t.Callable[..., V]"],
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Union[t.Any, V]:
+        """Invokes a command callback in exactly the way it expects.  There
+        are two ways to invoke this method:
+
+        1.  the first argument can be a callback and all other arguments and
+            keyword arguments are forwarded directly to the function.
+        2.  the first argument is a click command object.  In that case all
+            arguments are forwarded as well but proper click parameters
+            (options and click arguments) must be keyword arguments and Click
+            will fill in defaults.
+
+        Note that before Click 3.2 keyword arguments were not properly filled
+        in against the intention of this code and no context was created.  For
+        more information about this change and why it was done in a bugfix
+        release see :ref:`upgrade-to-3.2`.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if :meth:`forward` is called at multiple levels.
+        """
+        if isinstance(__callback, Command):
+            other_cmd = __callback
+
+            if other_cmd.callback is None:
+                raise TypeError(
+                    "The given command does not have a callback that can be invoked."
+                )
+            else:
+                __callback = t.cast("t.Callable[..., V]", other_cmd.callback)
+
+            ctx = __self._make_sub_context(other_cmd)
+
+            for param in other_cmd.params:
+                if param.name not in kwargs and param.expose_value:
+                    kwargs[param.name] = param.type_cast_value(  # type: ignore
+                        ctx, param.get_default(ctx)
+                    )
+
+            # Track all kwargs as params, so that forward() will pass
+            # them on in subsequent calls.
+            ctx.params.update(kwargs)
+        else:
+            ctx = __self
+
+        with augment_usage_errors(__self):
+            with ctx:
+                return __callback(*args, **kwargs)
+
+    def forward(
+        __self, __cmd: "Command", *args: t.Any, **kwargs: t.Any  # noqa: B902
+    ) -> t.Any:
+        """Similar to :meth:`invoke` but fills in default keyword
+        arguments from the current context if the other command expects
+        it.  This cannot invoke callbacks directly, only other commands.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if ``forward`` is called at multiple levels.
+        """
+        # Can only forward to other commands, not direct callbacks.
+        if not isinstance(__cmd, Command):
+            raise TypeError("Callback is not a command.")
+
+        for param in __self.params:
+            if param not in kwargs:
+                kwargs[param] = __self.params[param]
+
+        return __self.invoke(__cmd, *args, **kwargs)
+
+    def set_parameter_source(self, name: str, source: ParameterSource) -> None:
+        """Set the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        :param name: The name of the parameter.
+        :param source: A member of :class:`~click.core.ParameterSource`.
+        """
+        self._parameter_source[name] = source
+
+    def get_parameter_source(self, name: str) -> t.Optional[ParameterSource]:
+        """Get the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        This can be useful for determining when a user specified a value
+        on the command line that is the same as the default value. It
+        will be :attr:`~click.core.ParameterSource.DEFAULT` only if the
+        value was actually taken from the default.
+
+        :param name: The name of the parameter.
+        :rtype: ParameterSource
+
+        .. versionchanged:: 8.0
+            Returns ``None`` if the parameter was not provided from any
+            source.
+        """
+        return self._parameter_source.get(name)
+
+
+class BaseCommand:
+    """The base command implements the minimal API contract of commands.
+    Most code will never use this as it does not implement a lot of useful
+    functionality but it can act as the direct subclass of alternative
+    parsing methods that do not depend on the Click parser.
+
+    For instance, this can be used to bridge Click and other systems like
+    argparse or docopt.
+
+    Because base commands do not implement a lot of the API that other
+    parts of Click take for granted, they are not supported for all
+    operations.  For instance, they cannot be used with the decorators
+    usually and they have no built-in callback system.
+
+    .. versionchanged:: 2.0
+       Added the `context_settings` parameter.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    """
+
+    #: The context class to create with :meth:`make_context`.
+    #:
+    #: .. versionadded:: 8.0
+    context_class: t.Type[Context] = Context
+    #: the default for the :attr:`Context.allow_extra_args` flag.
+    allow_extra_args = False
+    #: the default for the :attr:`Context.allow_interspersed_args` flag.
+    allow_interspersed_args = True
+    #: the default for the :attr:`Context.ignore_unknown_options` flag.
+    ignore_unknown_options = False
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> None:
+        #: the name the command thinks it has.  Upon registering a command
+        #: on a :class:`Group` the group will default the command name
+        #: with this information.  You should instead use the
+        #: :class:`Context`\'s :attr:`~Context.info_name` attribute.
+        self.name = name
+
+        if context_settings is None:
+            context_settings = {}
+
+        #: an optional dictionary with defaults passed to the context.
+        self.context_settings: t.MutableMapping[str, t.Any] = context_settings
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire structure
+        below this command.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        :param ctx: A :class:`Context` representing this command.
+
+        .. versionadded:: 8.0
+        """
+        return {"name": self.name}
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def get_usage(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get usage")
+
+    def get_help(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get help")
+
+    def make_context(
+        self,
+        info_name: t.Optional[str],
+        args: t.List[str],
+        parent: t.Optional[Context] = None,
+        **extra: t.Any,
+    ) -> Context:
+        """This function when given an info name and arguments will kick
+        off the parsing and create a new :class:`Context`.  It does not
+        invoke the actual command callback though.
+
+        To quickly customize the context class used without overriding
+        this method, set the :attr:`context_class` attribute.
+
+        :param info_name: the info name for this invocation.  Generally this
+                          is the most descriptive name for the script or
+                          command.  For the toplevel script it's usually
+                          the name of the script, for commands below it's
+                          the name of the command.
+        :param args: the arguments to parse as list of strings.
+        :param parent: the parent context if available.
+        :param extra: extra keyword arguments forwarded to the context
+                      constructor.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`context_class` attribute.
+        """
+        for key, value in self.context_settings.items():
+            if key not in extra:
+                extra[key] = value
+
+        ctx = self.context_class(
+            self, info_name=info_name, parent=parent, **extra  # type: ignore
+        )
+
+        with ctx.scope(cleanup=False):
+            self.parse_args(ctx, args)
+        return ctx
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        """Given a context and a list of arguments this creates the parser
+        and parses the arguments, then modifies the context as necessary.
+        This is automatically invoked by :meth:`make_context`.
+        """
+        raise NotImplementedError("Base commands do not know how to parse arguments.")
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the command.  The default
+        implementation is raising a not implemented error.
+        """
+        raise NotImplementedError("Base commands are not invocable by default")
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of chained multi-commands.
+
+        Any command could be part of a chained multi-command, so sibling
+        commands are valid at any point during command completion. Other
+        command classes will return more completions.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        while ctx.parent is not None:
+            ctx = ctx.parent
+
+            if isinstance(ctx.command, MultiCommand) and ctx.command.chain:
+                results.extend(
+                    CompletionItem(name, help=command.get_short_help_str())
+                    for name, command in _complete_visible_commands(ctx, incomplete)
+                    if name not in ctx.protected_args
+                )
+
+        return results
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: "te.Literal[True]" = True,
+        **extra: t.Any,
+    ) -> "te.NoReturn":
+        ...
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = ...,
+        **extra: t.Any,
+    ) -> t.Any:
+        ...
+
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = True,
+        windows_expand_args: bool = True,
+        **extra: t.Any,
+    ) -> t.Any:
+        """This is the way to invoke a script with all the bells and
+        whistles as a command line application.  This will always terminate
+        the application after a call.  If this is not wanted, ``SystemExit``
+        needs to be caught.
+
+        This method is also available by directly calling the instance of
+        a :class:`Command`.
+
+        :param args: the arguments that should be used for parsing.  If not
+                     provided, ``sys.argv[1:]`` is used.
+        :param prog_name: the program name that should be used.  By default
+                          the program name is constructed by taking the file
+                          name from ``sys.argv[0]``.
+        :param complete_var: the environment variable that controls the
+                             bash completion support.  The default is
+                             ``"_<prog_name>_COMPLETE"`` with prog_name in
+                             uppercase.
+        :param standalone_mode: the default behavior is to invoke the script
+                                in standalone mode.  Click will then
+                                handle exceptions and convert them into
+                                error messages and the function will never
+                                return but shut down the interpreter.  If
+                                this is set to `False` they will be
+                                propagated to the caller and the return
+                                value of this function is the return value
+                                of :meth:`invoke`.
+        :param windows_expand_args: Expand glob patterns, user dir, and
+            env vars in command line args on Windows.
+        :param extra: extra keyword arguments are forwarded to the context
+                      constructor.  See :class:`Context` for more information.
+
+        .. versionchanged:: 8.0.1
+            Added the ``windows_expand_args`` parameter to allow
+            disabling command line arg expansion on Windows.
+
+        .. versionchanged:: 8.0
+            When taking arguments from ``sys.argv`` on Windows, glob
+            patterns, user dir, and env vars are expanded.
+
+        .. versionchanged:: 3.0
+           Added the ``standalone_mode`` parameter.
+        """
+        if args is None:
+            args = sys.argv[1:]
+
+            if os.name == "nt" and windows_expand_args:
+                args = _expand_args(args)
+        else:
+            args = list(args)
+
+        if prog_name is None:
+            prog_name = _detect_program_name()
+
+        # Process shell completion requests and exit early.
+        self._main_shell_completion(extra, prog_name, complete_var)
+
+        try:
+            try:
+                with self.make_context(prog_name, args, **extra) as ctx:
+                    rv = self.invoke(ctx)
+                    if not standalone_mode:
+                        return rv
+                    # it's not safe to `ctx.exit(rv)` here!
+                    # note that `rv` may actually contain data like "1" which
+                    # has obvious effects
+                    # more subtle case: `rv=[None, None]` can come out of
+                    # chained commands which all returned `None` -- so it's not
+                    # even always obvious that `rv` indicates success/failure
+                    # by its truthiness/falsiness
+                    ctx.exit()
+            except (EOFError, KeyboardInterrupt) as e:
+                echo(file=sys.stderr)
+                raise Abort() from e
+            except ClickException as e:
+                if not standalone_mode:
+                    raise
+                e.show()
+                sys.exit(e.exit_code)
+            except OSError as e:
+                if e.errno == errno.EPIPE:
+                    sys.stdout = t.cast(t.TextIO, PacifyFlushWrapper(sys.stdout))
+                    sys.stderr = t.cast(t.TextIO, PacifyFlushWrapper(sys.stderr))
+                    sys.exit(1)
+                else:
+                    raise
+        except Exit as e:
+            if standalone_mode:
+                sys.exit(e.exit_code)
+            else:
+                # in non-standalone mode, return the exit code
+                # note that this is only reached if `self.invoke` above raises
+                # an Exit explicitly -- thus bypassing the check there which
+                # would return its result
+                # the results of non-standalone execution may therefore be
+                # somewhat ambiguous: if there are codepaths which lead to
+                # `ctx.exit(1)` and to `return 1`, the caller won't be able to
+                # tell the difference between the two
+                return e.exit_code
+        except Abort:
+            if not standalone_mode:
+                raise
+            echo(_("Aborted!"), file=sys.stderr)
+            sys.exit(1)
+
+    def _main_shell_completion(
+        self,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: t.Optional[str] = None,
+    ) -> None:
+        """Check if the shell is asking for tab completion, process
+        that, then exit early. Called from :meth:`main` before the
+        program is invoked.
+
+        :param prog_name: Name of the executable in the shell.
+        :param complete_var: Name of the environment variable that holds
+            the completion instruction. Defaults to
+            ``_{PROG_NAME}_COMPLETE``.
+
+        .. versionchanged:: 8.2.0
+            Dots (``.``) in ``prog_name`` are replaced with underscores (``_``).
+        """
+        if complete_var is None:
+            complete_name = prog_name.replace("-", "_").replace(".", "_")
+            complete_var = f"_{complete_name}_COMPLETE".upper()
+
+        instruction = os.environ.get(complete_var)
+
+        if not instruction:
+            return
+
+        from .shell_completion import shell_complete
+
+        rv = shell_complete(self, ctx_args, prog_name, complete_var, instruction)
+        sys.exit(rv)
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Alias for :meth:`main`."""
+        return self.main(*args, **kwargs)
+
+
+class Command(BaseCommand):
+    """Commands are the basic building block of command line interfaces in
+    Click.  A basic command handles command line parsing and might dispatch
+    more parsing to commands nested below it.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    :param callback: the callback to invoke.  This is optional.
+    :param params: the parameters to register with this command.  This can
+                   be either :class:`Option` or :class:`Argument` objects.
+    :param help: the help string to use for this command.
+    :param epilog: like the help string but it's printed at the end of the
+                   help page after everything else.
+    :param short_help: the short help to use for this command.  This is
+                       shown on the command listing of the parent command.
+    :param add_help_option: by default each command registers a ``--help``
+                            option.  This can be disabled by this parameter.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is disabled by default.
+                            If enabled this will add ``--help`` as argument
+                            if no arguments are passed
+    :param hidden: hide this command from help outputs.
+
+    :param deprecated: issues a message indicating that
+                             the command is deprecated.
+
+    .. versionchanged:: 8.1
+        ``help``, ``epilog``, and ``short_help`` are stored unprocessed,
+        all formatting is done when outputting help text, not at init,
+        and is done even if not using the ``@command`` decorator.
+
+    .. versionchanged:: 8.0
+        Added a ``repr`` showing the command name.
+
+    .. versionchanged:: 7.1
+        Added the ``no_args_is_help`` parameter.
+
+    .. versionchanged:: 2.0
+        Added the ``context_settings`` parameter.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        callback: t.Optional[t.Callable[..., t.Any]] = None,
+        params: t.Optional[t.List["Parameter"]] = None,
+        help: t.Optional[str] = None,
+        epilog: t.Optional[str] = None,
+        short_help: t.Optional[str] = None,
+        options_metavar: t.Optional[str] = "[OPTIONS]",
+        add_help_option: bool = True,
+        no_args_is_help: bool = False,
+        hidden: bool = False,
+        deprecated: bool = False,
+    ) -> None:
+        super().__init__(name, context_settings)
+        #: the callback to execute when the command fires.  This might be
+        #: `None` in which case nothing happens.
+        self.callback = callback
+        #: the list of parameters for this command in the order they
+        #: should show up in the help page and execute.  Eager parameters
+        #: will automatically be handled before non eager ones.
+        self.params: t.List["Parameter"] = params or []
+        self.help = help
+        self.epilog = epilog
+        self.options_metavar = options_metavar
+        self.short_help = short_help
+        self.add_help_option = add_help_option
+        self.no_args_is_help = no_args_is_help
+        self.hidden = hidden
+        self.deprecated = deprecated
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        info_dict.update(
+            params=[param.to_info_dict() for param in self.get_params(ctx)],
+            help=self.help,
+            epilog=self.epilog,
+            short_help=self.short_help,
+            hidden=self.hidden,
+            deprecated=self.deprecated,
+        )
+        return info_dict
+
+    def get_usage(self, ctx: Context) -> str:
+        """Formats the usage line into a string and returns it.
+
+        Calls :meth:`format_usage` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_usage(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_params(self, ctx: Context) -> t.List["Parameter"]:
+        rv = self.params
+        help_option = self.get_help_option(ctx)
+
+        if help_option is not None:
+            rv = [*rv, help_option]
+
+        return rv
+
+    def format_usage(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the usage line into the formatter.
+
+        This is a low-level method called by :meth:`get_usage`.
+        """
+        pieces = self.collect_usage_pieces(ctx)
+        formatter.write_usage(ctx.command_path, " ".join(pieces))
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        """Returns all the pieces that go into the usage line and returns
+        it as a list of strings.
+        """
+        rv = [self.options_metavar] if self.options_metavar else []
+
+        for param in self.get_params(ctx):
+            rv.extend(param.get_usage_pieces(ctx))
+
+        return rv
+
+    def get_help_option_names(self, ctx: Context) -> t.List[str]:
+        """Returns the names for the help option."""
+        all_names = set(ctx.help_option_names)
+        for param in self.params:
+            all_names.difference_update(param.opts)
+            all_names.difference_update(param.secondary_opts)
+        return list(all_names)
+
+    def get_help_option(self, ctx: Context) -> t.Optional["Option"]:
+        """Returns the help option object."""
+        help_options = self.get_help_option_names(ctx)
+
+        if not help_options or not self.add_help_option:
+            return None
+
+        def show_help(ctx: Context, param: "Parameter", value: str) -> None:
+            if value and not ctx.resilient_parsing:
+                echo(ctx.get_help(), color=ctx.color)
+                ctx.exit()
+
+        return Option(
+            help_options,
+            is_flag=True,
+            is_eager=True,
+            expose_value=False,
+            callback=show_help,
+            help=_("Show this message and exit."),
+        )
+
+    def make_parser(self, ctx: Context) -> OptionParser:
+        """Creates the underlying option parser for this command."""
+        parser = OptionParser(ctx)
+        for param in self.get_params(ctx):
+            param.add_to_parser(parser, ctx)
+        return parser
+
+    def get_help(self, ctx: Context) -> str:
+        """Formats the help into a string and returns it.
+
+        Calls :meth:`format_help` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_help(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_short_help_str(self, limit: int = 45) -> str:
+        """Gets short help for the command or makes it by shortening the
+        long help string.
+        """
+        if self.short_help:
+            text = inspect.cleandoc(self.short_help)
+        elif self.help:
+            text = make_default_short_help(self.help, limit)
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        return text.strip()
+
+    def format_help(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help into the formatter if it exists.
+
+        This is a low-level method called by :meth:`get_help`.
+
+        This calls the following methods:
+
+        -   :meth:`format_usage`
+        -   :meth:`format_help_text`
+        -   :meth:`format_options`
+        -   :meth:`format_epilog`
+        """
+        self.format_usage(ctx, formatter)
+        self.format_help_text(ctx, formatter)
+        self.format_options(ctx, formatter)
+        self.format_epilog(ctx, formatter)
+
+    def format_help_text(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help text to the formatter if it exists."""
+        if self.help is not None:
+            # truncate the help text to the first form feed
+            text = inspect.cleandoc(self.help).partition("\f")[0]
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        if text:
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(text)
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes all the options into the formatter if they exist."""
+        opts = []
+        for param in self.get_params(ctx):
+            rv = param.get_help_record(ctx)
+            if rv is not None:
+                opts.append(rv)
+
+        if opts:
+            with formatter.section(_("Options")):
+                formatter.write_dl(opts)
+
+    def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the epilog into the formatter if it exists."""
+        if self.epilog:
+            epilog = inspect.cleandoc(self.epilog)
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(epilog)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        parser = self.make_parser(ctx)
+        opts, args, param_order = parser.parse_args(args=args)
+
+        for param in iter_params_for_processing(param_order, self.get_params(ctx)):
+            value, args = param.handle_parse_result(ctx, opts, args)
+
+        if args and not ctx.allow_extra_args and not ctx.resilient_parsing:
+            ctx.fail(
+                ngettext(
+                    "Got unexpected extra argument ({args})",
+                    "Got unexpected extra arguments ({args})",
+                    len(args),
+                ).format(args=" ".join(map(str, args)))
+            )
+
+        ctx.args = args
+        ctx._opt_prefixes.update(parser._opt_prefixes)
+        return args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the attached callback (if it exists)
+        in the right way.
+        """
+        if self.deprecated:
+            message = _(
+                "DeprecationWarning: The command {name!r} is deprecated."
+            ).format(name=self.name)
+            echo(style(message, fg="red"), err=True)
+
+        if self.callback is not None:
+            return ctx.invoke(self.callback, **ctx.params)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options and chained multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        if incomplete and not incomplete[0].isalnum():
+            for param in self.get_params(ctx):
+                if (
+                    not isinstance(param, Option)
+                    or param.hidden
+                    or (
+                        not param.multiple
+                        and ctx.get_parameter_source(param.name)  # type: ignore
+                        is ParameterSource.COMMANDLINE
+                    )
+                ):
+                    continue
+
+                results.extend(
+                    CompletionItem(name, help=param.help)
+                    for name in [*param.opts, *param.secondary_opts]
+                    if name.startswith(incomplete)
+                )
+
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class MultiCommand(Command):
+    """A multi command is the basic implementation of a command that
+    dispatches to subcommands.  The most common version is the
+    :class:`Group`.
+
+    :param invoke_without_command: this controls how the multi command itself
+                                   is invoked.  By default it's only invoked
+                                   if a subcommand is provided.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is enabled by default if
+                            `invoke_without_command` is disabled or disabled
+                            if it's enabled.  If enabled this will add
+                            ``--help`` as argument if no arguments are
+                            passed.
+    :param subcommand_metavar: the string that is used in the documentation
+                               to indicate the subcommand place.
+    :param chain: if this is set to `True` chaining of multiple subcommands
+                  is enabled.  This restricts the form of commands in that
+                  they cannot have optional arguments but it allows
+                  multiple commands to be chained together.
+    :param result_callback: The result callback to attach to this multi
+        command. This can be set or changed later with the
+        :meth:`result_callback` decorator.
+    :param attrs: Other command arguments described in :class:`Command`.
+    """
+
+    allow_extra_args = True
+    allow_interspersed_args = False
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        invoke_without_command: bool = False,
+        no_args_is_help: t.Optional[bool] = None,
+        subcommand_metavar: t.Optional[str] = None,
+        chain: bool = False,
+        result_callback: t.Optional[t.Callable[..., t.Any]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if no_args_is_help is None:
+            no_args_is_help = not invoke_without_command
+
+        self.no_args_is_help = no_args_is_help
+        self.invoke_without_command = invoke_without_command
+
+        if subcommand_metavar is None:
+            if chain:
+                subcommand_metavar = "COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]..."
+            else:
+                subcommand_metavar = "COMMAND [ARGS]..."
+
+        self.subcommand_metavar = subcommand_metavar
+        self.chain = chain
+        # The result callback that is stored. This can be set or
+        # overridden with the :func:`result_callback` decorator.
+        self._result_callback = result_callback
+
+        if self.chain:
+            for param in self.params:
+                if isinstance(param, Argument) and not param.required:
+                    raise RuntimeError(
+                        "Multi commands in chain mode cannot have"
+                        " optional arguments."
+                    )
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        commands = {}
+
+        for name in self.list_commands(ctx):
+            command = self.get_command(ctx, name)
+
+            if command is None:
+                continue
+
+            sub_ctx = ctx._make_sub_context(command)
+
+            with sub_ctx.scope(cleanup=False):
+                commands[name] = command.to_info_dict(sub_ctx)
+
+        info_dict.update(commands=commands, chain=self.chain)
+        return info_dict
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        rv = super().collect_usage_pieces(ctx)
+        rv.append(self.subcommand_metavar)
+        return rv
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        super().format_options(ctx, formatter)
+        self.format_commands(ctx, formatter)
+
+    def result_callback(self, replace: bool = False) -> t.Callable[[F], F]:
+        """Adds a result callback to the command.  By default if a
+        result callback is already registered this will chain them but
+        this can be disabled with the `replace` parameter.  The result
+        callback is invoked with the return value of the subcommand
+        (or the list of return values from all subcommands if chaining
+        is enabled) as well as the parameters as they would be passed
+        to the main callback.
+
+        Example::
+
+            @click.group()
+            @click.option('-i', '--input', default=23)
+            def cli(input):
+                return 42
+
+            @cli.result_callback()
+            def process_result(result, input):
+                return result + input
+
+        :param replace: if set to `True` an already existing result
+                        callback will be removed.
+
+        .. versionchanged:: 8.0
+            Renamed from ``resultcallback``.
+
+        .. versionadded:: 3.0
+        """
+
+        def decorator(f: F) -> F:
+            old_callback = self._result_callback
+
+            if old_callback is None or replace:
+                self._result_callback = f
+                return f
+
+            def function(__value, *args, **kwargs):  # type: ignore
+                inner = old_callback(__value, *args, **kwargs)
+                return f(inner, *args, **kwargs)
+
+            self._result_callback = rv = update_wrapper(t.cast(F, function), f)
+            return rv
+
+        return decorator
+
+    def format_commands(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Extra format methods for multi methods that adds all the commands
+        after the options.
+        """
+        commands = []
+        for subcommand in self.list_commands(ctx):
+            cmd = self.get_command(ctx, subcommand)
+            # What is this, the tool lied about a command.  Ignore it
+            if cmd is None:
+                continue
+            if cmd.hidden:
+                continue
+
+            commands.append((subcommand, cmd))
+
+        # allow for 3 times the default spacing
+        if len(commands):
+            limit = formatter.width - 6 - max(len(cmd[0]) for cmd in commands)
+
+            rows = []
+            for subcommand, cmd in commands:
+                help = cmd.get_short_help_str(limit)
+                rows.append((subcommand, help))
+
+            if rows:
+                with formatter.section(_("Commands")):
+                    formatter.write_dl(rows)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        rest = super().parse_args(ctx, args)
+
+        if self.chain:
+            ctx.protected_args = rest
+            ctx.args = []
+        elif rest:
+            ctx.protected_args, ctx.args = rest[:1], rest[1:]
+
+        return ctx.args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        def _process_result(value: t.Any) -> t.Any:
+            if self._result_callback is not None:
+                value = ctx.invoke(self._result_callback, value, **ctx.params)
+            return value
+
+        if not ctx.protected_args:
+            if self.invoke_without_command:
+                # No subcommand was invoked, so the result callback is
+                # invoked with the group return value for regular
+                # groups, or an empty list for chained groups.
+                with ctx:
+                    rv = super().invoke(ctx)
+                    return _process_result([] if self.chain else rv)
+            ctx.fail(_("Missing command."))
+
+        # Fetch args back out
+        args = [*ctx.protected_args, *ctx.args]
+        ctx.args = []
+        ctx.protected_args = []
+
+        # If we're not in chain mode, we only allow the invocation of a
+        # single command but we also inform the current context about the
+        # name of the command to invoke.
+        if not self.chain:
+            # Make sure the context is entered so we do not clean up
+            # resources until the result processor has worked.
+            with ctx:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                ctx.invoked_subcommand = cmd_name
+                super().invoke(ctx)
+                sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
+                with sub_ctx:
+                    return _process_result(sub_ctx.command.invoke(sub_ctx))
+
+        # In chain mode we create the contexts step by step, but after the
+        # base command has been invoked.  Because at that point we do not
+        # know the subcommands yet, the invoked subcommand attribute is
+        # set to ``*`` to inform the command that subcommands are executed
+        # but nothing else.
+        with ctx:
+            ctx.invoked_subcommand = "*" if args else None
+            super().invoke(ctx)
+
+            # Otherwise we make every single context and invoke them in a
+            # chain.  In that case the return value to the result processor
+            # is the list of all invoked subcommand's results.
+            contexts = []
+            while args:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                sub_ctx = cmd.make_context(
+                    cmd_name,
+                    args,
+                    parent=ctx,
+                    allow_extra_args=True,
+                    allow_interspersed_args=False,
+                )
+                contexts.append(sub_ctx)
+                args, sub_ctx.args = sub_ctx.args, []
+
+            rv = []
+            for sub_ctx in contexts:
+                with sub_ctx:
+                    rv.append(sub_ctx.command.invoke(sub_ctx))
+            return _process_result(rv)
+
+    def resolve_command(
+        self, ctx: Context, args: t.List[str]
+    ) -> t.Tuple[t.Optional[str], t.Optional[Command], t.List[str]]:
+        cmd_name = make_str(args[0])
+        original_cmd_name = cmd_name
+
+        # Get the command
+        cmd = self.get_command(ctx, cmd_name)
+
+        # If we can't find the command but there is a normalization
+        # function available, we try with that one.
+        if cmd is None and ctx.token_normalize_func is not None:
+            cmd_name = ctx.token_normalize_func(cmd_name)
+            cmd = self.get_command(ctx, cmd_name)
+
+        # If we don't find the command we want to show an error message
+        # to the user that it was not provided.  However, there is
+        # something else we should do: if the first argument looks like
+        # an option we want to kick off parsing again for arguments to
+        # resolve things like --help which now should go to the main
+        # place.
+        if cmd is None and not ctx.resilient_parsing:
+            if split_opt(cmd_name)[0]:
+                self.parse_args(ctx, ctx.args)
+            ctx.fail(_("No such command {name!r}.").format(name=original_cmd_name))
+        return cmd_name if cmd else None, cmd, args[1:]
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        """Given a context and a command name, this returns a
+        :class:`Command` object if it exists or returns `None`.
+        """
+        raise NotImplementedError
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        """Returns a list of subcommand names in the order they should
+        appear.
+        """
+        return []
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options, subcommands, and chained
+        multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results = [
+            CompletionItem(name, help=command.get_short_help_str())
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class Group(MultiCommand):
+    """A group allows a command to have subcommands attached. This is
+    the most common way to implement nesting in Click.
+
+    :param name: The name of the group command.
+    :param commands: A dict mapping names to :class:`Command` objects.
+        Can also be a list of :class:`Command`, which will use
+        :attr:`Command.name` to create the dict.
+    :param attrs: Other command arguments described in
+        :class:`MultiCommand`, :class:`Command`, and
+        :class:`BaseCommand`.
+
+    .. versionchanged:: 8.0
+        The ``commands`` argument can be a list of command objects.
+    """
+
+    #: If set, this is used by the group's :meth:`command` decorator
+    #: as the default :class:`Command` class. This is useful to make all
+    #: subcommands use a custom command class.
+    #:
+    #: .. versionadded:: 8.0
+    command_class: t.Optional[t.Type[Command]] = None
+
+    #: If set, this is used by the group's :meth:`group` decorator
+    #: as the default :class:`Group` class. This is useful to make all
+    #: subgroups use a custom group class.
+    #:
+    #: If set to the special value :class:`type` (literally
+    #: ``group_class = type``), this group's class will be used as the
+    #: default class. This makes a custom group class continue to make
+    #: custom groups.
+    #:
+    #: .. versionadded:: 8.0
+    group_class: t.Optional[t.Union[t.Type["Group"], t.Type[type]]] = None
+    # Literal[type] isn't valid, so use Type[type]
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        commands: t.Optional[
+            t.Union[t.MutableMapping[str, Command], t.Sequence[Command]]
+        ] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if commands is None:
+            commands = {}
+        elif isinstance(commands, abc.Sequence):
+            commands = {c.name: c for c in commands if c.name is not None}
+
+        #: The registered subcommands by their exported names.
+        self.commands: t.MutableMapping[str, Command] = commands
+
+    def add_command(self, cmd: Command, name: t.Optional[str] = None) -> None:
+        """Registers another :class:`Command` with this group.  If the name
+        is not provided, the name of the command is used.
+        """
+        name = name or cmd.name
+        if name is None:
+            raise TypeError("Command has no name.")
+        _check_multicommand(self, name, cmd, register=True)
+        self.commands[name] = cmd
+
+    @t.overload
+    def command(self, __func: t.Callable[..., t.Any]) -> Command:
+        ...
+
+    @t.overload
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], Command]:
+        ...
+
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], Command], Command]:
+        """A shortcut decorator for declaring and attaching a command to
+        the group. This takes the same arguments as :func:`command` and
+        immediately registers the created command with this group by
+        calling :meth:`add_command`.
+
+        To customize the command class used, set the
+        :attr:`command_class` attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`command_class` attribute.
+        """
+        from .decorators import command
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'command(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.command_class and kwargs.get("cls") is None:
+            kwargs["cls"] = self.command_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> Command:
+            cmd: Command = command(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    @t.overload
+    def group(self, __func: t.Callable[..., t.Any]) -> "Group":
+        ...
+
+    @t.overload
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], "Group"]:
+        ...
+
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], "Group"], "Group"]:
+        """A shortcut decorator for declaring and attaching a group to
+        the group. This takes the same arguments as :func:`group` and
+        immediately registers the created group with this group by
+        calling :meth:`add_command`.
+
+        To customize the group class used, set the :attr:`group_class`
+        attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`group_class` attribute.
+        """
+        from .decorators import group
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'group(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.group_class is not None and kwargs.get("cls") is None:
+            if self.group_class is type:
+                kwargs["cls"] = type(self)
+            else:
+                kwargs["cls"] = self.group_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> "Group":
+            cmd: Group = group(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        return self.commands.get(cmd_name)
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        return sorted(self.commands)
+
+
+class CommandCollection(MultiCommand):
+    """A command collection is a multi command that merges multiple multi
+    commands together into one.  This is a straightforward implementation
+    that accepts a list of different multi commands as sources and
+    provides all the commands for each of them.
+
+    See :class:`MultiCommand` and :class:`Command` for the description of
+    ``name`` and ``attrs``.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        sources: t.Optional[t.List[MultiCommand]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+        #: The list of registered multi commands.
+        self.sources: t.List[MultiCommand] = sources or []
+
+    def add_source(self, multi_cmd: MultiCommand) -> None:
+        """Adds a new multi command to the chain dispatcher."""
+        self.sources.append(multi_cmd)
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        for source in self.sources:
+            rv = source.get_command(ctx, cmd_name)
+
+            if rv is not None:
+                if self.chain:
+                    _check_multicommand(self, cmd_name, rv)
+
+                return rv
+
+        return None
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        rv: t.Set[str] = set()
+
+        for source in self.sources:
+            rv.update(source.list_commands(ctx))
+
+        return sorted(rv)
+
+
+def _check_iter(value: t.Any) -> t.Iterator[t.Any]:
+    """Check if the value is iterable but not a string. Raises a type
+    error, or return an iterator over the value.
+    """
+    if isinstance(value, str):
+        raise TypeError
+
+    return iter(value)
+
+
+class Parameter:
+    r"""A parameter to a command comes in two versions: they are either
+    :class:`Option`\s or :class:`Argument`\s.  Other subclasses are currently
+    not supported by design as some of the internals for parsing are
+    intentionally not finalized.
+
+    Some settings are supported by both options and arguments.
+
+    :param param_decls: the parameter declarations for this option or
+                        argument.  This is a list of flags or argument
+                        names.
+    :param type: the type that should be used.  Either a :class:`ParamType`
+                 or a Python type.  The latter is converted into the former
+                 automatically if supported.
+    :param required: controls if this is optional or not.
+    :param default: the default value if omitted.  This can also be a callable,
+                    in which case it's invoked when the default is needed
+                    without any arguments.
+    :param callback: A function to further process or validate the value
+        after type conversion. It is called as ``f(ctx, param, value)``
+        and must return the value. It is called for all sources,
+        including prompts.
+    :param nargs: the number of arguments to match.  If not ``1`` the return
+                  value is a tuple instead of single value.  The default for
+                  nargs is ``1`` (except if the type is a tuple, then it's
+                  the arity of the tuple). If ``nargs=-1``, all remaining
+                  parameters are collected.
+    :param metavar: how the value is represented in the help page.
+    :param expose_value: if this is `True` then the value is passed onwards
+                         to the command callback and stored on the context,
+                         otherwise it's skipped.
+    :param is_eager: eager values are processed before non eager ones.  This
+                     should not be set for arguments or it will inverse the
+                     order of processing.
+    :param envvar: a string or list of strings that are environment variables
+                   that should be checked.
+    :param shell_complete: A function that returns custom shell
+        completions. Used instead of the param's type completion if
+        given. Takes ``ctx, param, incomplete`` and must return a list
+        of :class:`~click.shell_completion.CompletionItem` or a list of
+        strings.
+
+    .. versionchanged:: 8.0
+        ``process_value`` validates required parameters and bounded
+        ``nargs``, and invokes the parameter callback before returning
+        the value. This allows the callback to validate prompts.
+        ``full_process_value`` is removed.
+
+    .. versionchanged:: 8.0
+        ``autocompletion`` is renamed to ``shell_complete`` and has new
+        semantics described above. The old name is deprecated and will
+        be removed in 8.1, until then it will be wrapped to match the
+        new requirements.
+
+    .. versionchanged:: 8.0
+        For ``multiple=True, nargs>1``, the default must be a list of
+        tuples.
+
+    .. versionchanged:: 8.0
+        Setting a default is no longer required for ``nargs>1``, it will
+        default to ``None``. ``multiple=True`` or ``nargs=-1`` will
+        default to ``()``.
+
+    .. versionchanged:: 7.1
+        Empty environment variables are ignored rather than taking the
+        empty string value. This makes it possible for scripts to clear
+        variables if they can't unset them.
+
+    .. versionchanged:: 2.0
+        Changed signature for parameter callback to also be passed the
+        parameter. The old callback format will still work, but it will
+        raise a warning to give you a chance to migrate the code easier.
+    """
+
+    param_type_name = "parameter"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        required: bool = False,
+        default: t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]] = None,
+        callback: t.Optional[t.Callable[[Context, "Parameter", t.Any], t.Any]] = None,
+        nargs: t.Optional[int] = None,
+        multiple: bool = False,
+        metavar: t.Optional[str] = None,
+        expose_value: bool = True,
+        is_eager: bool = False,
+        envvar: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        shell_complete: t.Optional[
+            t.Callable[
+                [Context, "Parameter", str],
+                t.Union[t.List["CompletionItem"], t.List[str]],
+            ]
+        ] = None,
+    ) -> None:
+        self.name: t.Optional[str]
+        self.opts: t.List[str]
+        self.secondary_opts: t.List[str]
+        self.name, self.opts, self.secondary_opts = self._parse_decls(
+            param_decls or (), expose_value
+        )
+        self.type: types.ParamType = types.convert_type(type, default)
+
+        # Default nargs to what the type tells us if we have that
+        # information available.
+        if nargs is None:
+            if self.type.is_composite:
+                nargs = self.type.arity
+            else:
+                nargs = 1
+
+        self.required = required
+        self.callback = callback
+        self.nargs = nargs
+        self.multiple = multiple
+        self.expose_value = expose_value
+        self.default = default
+        self.is_eager = is_eager
+        self.metavar = metavar
+        self.envvar = envvar
+        self._custom_shell_complete = shell_complete
+
+        if __debug__:
+            if self.type.is_composite and nargs != self.type.arity:
+                raise ValueError(
+                    f"'nargs' must be {self.type.arity} (or None) for"
+                    f" type {self.type!r}, but it was {nargs}."
+                )
+
+            # Skip no default or callable default.
+            check_default = default if not callable(default) else None
+
+            if check_default is not None:
+                if multiple:
+                    try:
+                        # Only check the first value against nargs.
+                        check_default = next(_check_iter(check_default), None)
+                    except TypeError:
+                        raise ValueError(
+                            "'default' must be a list when 'multiple' is true."
+                        ) from None
+
+                # Can be None for multiple with empty default.
+                if nargs != 1 and check_default is not None:
+                    try:
+                        _check_iter(check_default)
+                    except TypeError:
+                        if multiple:
+                            message = (
+                                "'default' must be a list of lists when 'multiple' is"
+                                " true and 'nargs' != 1."
+                            )
+                        else:
+                            message = "'default' must be a list when 'nargs' != 1."
+
+                        raise ValueError(message) from None
+
+                    if nargs > 1 and len(check_default) != nargs:
+                        subject = "item length" if multiple else "length"
+                        raise ValueError(
+                            f"'default' {subject} must match nargs={nargs}."
+                        )
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "name": self.name,
+            "param_type_name": self.param_type_name,
+            "opts": self.opts,
+            "secondary_opts": self.secondary_opts,
+            "type": self.type.to_info_dict(),
+            "required": self.required,
+            "nargs": self.nargs,
+            "multiple": self.multiple,
+            "default": self.default,
+            "envvar": self.envvar,
+        }
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        raise NotImplementedError()
+
+    @property
+    def human_readable_name(self) -> str:
+        """Returns the human readable name of this parameter.  This is the
+        same as the name for options, but the metavar for arguments.
+        """
+        return self.name  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+
+        metavar = self.type.get_metavar(self)
+
+        if metavar is None:
+            metavar = self.type.name.upper()
+
+        if self.nargs != 1:
+            metavar += "..."
+
+        return metavar
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        """Get the default for the parameter. Tries
+        :meth:`Context.lookup_default` first, then the local default.
+
+        :param ctx: Current context.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0.2
+            Type casting is no longer performed when getting a default.
+
+        .. versionchanged:: 8.0.1
+            Type casting can fail in resilient parsing mode. Invalid
+            defaults will not prevent showing help text.
+
+        .. versionchanged:: 8.0
+            Looks at ``ctx.default_map`` first.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        value = ctx.lookup_default(self.name, call=False)  # type: ignore
+
+        if value is None:
+            value = self.default
+
+        if call and callable(value):
+            value = value()
+
+        return value
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        raise NotImplementedError()
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value = opts.get(self.name)  # type: ignore
+        source = ParameterSource.COMMANDLINE
+
+        if value is None:
+            value = self.value_from_envvar(ctx)
+            source = ParameterSource.ENVIRONMENT
+
+        if value is None:
+            value = ctx.lookup_default(self.name)  # type: ignore
+            source = ParameterSource.DEFAULT_MAP
+
+        if value is None:
+            value = self.get_default(ctx)
+            source = ParameterSource.DEFAULT
+
+        return value, source
+
+    def type_cast_value(self, ctx: Context, value: t.Any) -> t.Any:
+        """Convert and validate a value against the option's
+        :attr:`type`, :attr:`multiple`, and :attr:`nargs`.
+        """
+        if value is None:
+            return () if self.multiple or self.nargs == -1 else None
+
+        def check_iter(value: t.Any) -> t.Iterator[t.Any]:
+            try:
+                return _check_iter(value)
+            except TypeError:
+                # This should only happen when passing in args manually,
+                # the parser should construct an iterable when parsing
+                # the command line.
+                raise BadParameter(
+                    _("Value must be an iterable."), ctx=ctx, param=self
+                ) from None
+
+        if self.nargs == 1 or self.type.is_composite:
+
+            def convert(value: t.Any) -> t.Any:
+                return self.type(value, param=self, ctx=ctx)
+
+        elif self.nargs == -1:
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                return tuple(self.type(x, self, ctx) for x in check_iter(value))
+
+        else:  # nargs > 1
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                value = tuple(check_iter(value))
+
+                if len(value) != self.nargs:
+                    raise BadParameter(
+                        ngettext(
+                            "Takes {nargs} values but 1 was given.",
+                            "Takes {nargs} values but {len} were given.",
+                            len(value),
+                        ).format(nargs=self.nargs, len=len(value)),
+                        ctx=ctx,
+                        param=self,
+                    )
+
+                return tuple(self.type(x, self, ctx) for x in value)
+
+        if self.multiple:
+            return tuple(convert(x) for x in check_iter(value))
+
+        return convert(value)
+
+    def value_is_missing(self, value: t.Any) -> bool:
+        if value is None:
+            return True
+
+        if (self.nargs != 1 or self.multiple) and value == ():
+            return True
+
+        return False
+
+    def process_value(self, ctx: Context, value: t.Any) -> t.Any:
+        value = self.type_cast_value(ctx, value)
+
+        if self.required and self.value_is_missing(value):
+            raise MissingParameter(ctx=ctx, param=self)
+
+        if self.callback is not None:
+            value = self.callback(ctx, self, value)
+
+        return value
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        if self.envvar is None:
+            return None
+
+        if isinstance(self.envvar, str):
+            rv = os.environ.get(self.envvar)
+
+            if rv:
+                return rv
+        else:
+            for envvar in self.envvar:
+                rv = os.environ.get(envvar)
+
+                if rv:
+                    return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is not None and self.nargs != 1:
+            rv = self.type.split_envvar_value(rv)
+
+        return rv
+
+    def handle_parse_result(
+        self, ctx: Context, opts: t.Mapping[str, t.Any], args: t.List[str]
+    ) -> t.Tuple[t.Any, t.List[str]]:
+        with augment_usage_errors(ctx, param=self):
+            value, source = self.consume_value(ctx, opts)
+            ctx.set_parameter_source(self.name, source)  # type: ignore
+
+            try:
+                value = self.process_value(ctx, value)
+            except Exception:
+                if not ctx.resilient_parsing:
+                    raise
+
+                value = None
+
+        if self.expose_value:
+            ctx.params[self.name] = value  # type: ignore
+
+        return value, args
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        pass
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return []
+
+    def get_error_hint(self, ctx: Context) -> str:
+        """Get a stringified version of the param for use in error messages to
+        indicate which param caused the error.
+        """
+        hint_list = self.opts or [self.human_readable_name]
+        return " / ".join(f"'{x}'" for x in hint_list)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. If a
+        ``shell_complete`` function was given during init, it is used.
+        Otherwise, the :attr:`type`
+        :meth:`~click.types.ParamType.shell_complete` function is used.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        if self._custom_shell_complete is not None:
+            results = self._custom_shell_complete(ctx, self, incomplete)
+
+            if results and isinstance(results[0], str):
+                from click.shell_completion import CompletionItem
+
+                results = [CompletionItem(c) for c in results]
+
+            return t.cast(t.List["CompletionItem"], results)
+
+        return self.type.shell_complete(ctx, self, incomplete)
+
+
+class Option(Parameter):
+    """Options are usually optional values on the command line and
+    have some extra features that arguments don't have.
+
+    All other parameters are passed onwards to the parameter constructor.
+
+    :param show_default: Show the default value for this option in its
+        help text. Values are not shown by default, unless
+        :attr:`Context.show_default` is ``True``. If this value is a
+        string, it shows that string in parentheses instead of the
+        actual value. This is particularly useful for dynamic options.
+        For single option boolean flags, the default remains hidden if
+        its value is ``False``.
+    :param show_envvar: Controls if an environment variable should be
+        shown on the help page. Normally, environment variables are not
+        shown.
+    :param prompt: If set to ``True`` or a non empty string then the
+        user will be prompted for input. If set to ``True`` the prompt
+        will be the option name capitalized.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value if it was prompted for. Can be set to a string instead of
+        ``True`` to customize the message.
+    :param prompt_required: If set to ``False``, the user will be
+        prompted for input only when the option was specified as a flag
+        without a value.
+    :param hide_input: If this is ``True`` then the input on the prompt
+        will be hidden from the user. This is useful for password input.
+    :param is_flag: forces this option to act as a flag.  The default is
+                    auto detection.
+    :param flag_value: which value should be used for this flag if it's
+                       enabled.  This is set to a boolean automatically if
+                       the option string contains a slash to mark two options.
+    :param multiple: if this is set to `True` then the argument is accepted
+                     multiple times and recorded.  This is similar to ``nargs``
+                     in how it works but supports arbitrary number of
+                     arguments.
+    :param count: this flag makes an option increment an integer.
+    :param allow_from_autoenv: if this is enabled then the value of this
+                               parameter will be pulled from an environment
+                               variable in case a prefix is defined on the
+                               context.
+    :param help: the help string.
+    :param hidden: hide this option from help outputs.
+    :param attrs: Other command arguments described in :class:`Parameter`.
+
+    .. versionchanged:: 8.1.0
+        Help text indentation is cleaned here instead of only in the
+        ``@option`` decorator.
+
+    .. versionchanged:: 8.1.0
+        The ``show_default`` parameter overrides
+        ``Context.show_default``.
+
+    .. versionchanged:: 8.1.0
+        The default of a single option boolean flag is not shown if the
+        default value is ``False``.
+
+    .. versionchanged:: 8.0.1
+        ``type`` is detected from ``flag_value`` if given.
+    """
+
+    param_type_name = "option"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        show_default: t.Union[bool, str, None] = None,
+        prompt: t.Union[bool, str] = False,
+        confirmation_prompt: t.Union[bool, str] = False,
+        prompt_required: bool = True,
+        hide_input: bool = False,
+        is_flag: t.Optional[bool] = None,
+        flag_value: t.Optional[t.Any] = None,
+        multiple: bool = False,
+        count: bool = False,
+        allow_from_autoenv: bool = True,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        help: t.Optional[str] = None,
+        hidden: bool = False,
+        show_choices: bool = True,
+        show_envvar: bool = False,
+        **attrs: t.Any,
+    ) -> None:
+        if help:
+            help = inspect.cleandoc(help)
+
+        default_is_missing = "default" not in attrs
+        super().__init__(param_decls, type=type, multiple=multiple, **attrs)
+
+        if prompt is True:
+            if self.name is None:
+                raise TypeError("'name' is required with 'prompt=True'.")
+
+            prompt_text: t.Optional[str] = self.name.replace("_", " ").capitalize()
+        elif prompt is False:
+            prompt_text = None
+        else:
+            prompt_text = prompt
+
+        self.prompt = prompt_text
+        self.confirmation_prompt = confirmation_prompt
+        self.prompt_required = prompt_required
+        self.hide_input = hide_input
+        self.hidden = hidden
+
+        # If prompt is enabled but not required, then the option can be
+        # used as a flag to indicate using prompt or flag_value.
+        self._flag_needs_value = self.prompt is not None and not self.prompt_required
+
+        if is_flag is None:
+            if flag_value is not None:
+                # Implicitly a flag because flag_value was set.
+                is_flag = True
+            elif self._flag_needs_value:
+                # Not a flag, but when used as a flag it shows a prompt.
+                is_flag = False
+            else:
+                # Implicitly a flag because flag options were given.
+                is_flag = bool(self.secondary_opts)
+        elif is_flag is False and not self._flag_needs_value:
+            # Not a flag, and prompt is not enabled, can be used as a
+            # flag if flag_value is set.
+            self._flag_needs_value = flag_value is not None
+
+        self.default: t.Union[t.Any, t.Callable[[], t.Any]]
+
+        if is_flag and default_is_missing and not self.required:
+            if multiple:
+                self.default = ()
+            else:
+                self.default = False
+
+        if flag_value is None:
+            flag_value = not self.default
+
+        self.type: types.ParamType
+        if is_flag and type is None:
+            # Re-guess the type from the flag value instead of the
+            # default.
+            self.type = types.convert_type(None, flag_value)
+
+        self.is_flag: bool = is_flag
+        self.is_bool_flag: bool = is_flag and isinstance(self.type, types.BoolParamType)
+        self.flag_value: t.Any = flag_value
+
+        # Counting
+        self.count = count
+        if count:
+            if type is None:
+                self.type = types.IntRange(min=0)
+            if default_is_missing:
+                self.default = 0
+
+        self.allow_from_autoenv = allow_from_autoenv
+        self.help = help
+        self.show_default = show_default
+        self.show_choices = show_choices
+        self.show_envvar = show_envvar
+
+        if __debug__:
+            if self.nargs == -1:
+                raise TypeError("nargs=-1 is not supported for options.")
+
+            if self.prompt and self.is_flag and not self.is_bool_flag:
+                raise TypeError("'prompt' is not valid for non-boolean flag.")
+
+            if not self.is_bool_flag and self.secondary_opts:
+                raise TypeError("Secondary flag is not valid for non-boolean flag.")
+
+            if self.is_bool_flag and self.hide_input and self.prompt is not None:
+                raise TypeError(
+                    "'prompt' with 'hide_input' is not valid for boolean flag."
+                )
+
+            if self.count:
+                if self.multiple:
+                    raise TypeError("'count' is not valid with 'multiple'.")
+
+                if self.is_flag:
+                    raise TypeError("'count' is not valid with 'is_flag'.")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            help=self.help,
+            prompt=self.prompt,
+            is_flag=self.is_flag,
+            flag_value=self.flag_value,
+            count=self.count,
+            hidden=self.hidden,
+        )
+        return info_dict
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        opts = []
+        secondary_opts = []
+        name = None
+        possible_names = []
+
+        for decl in decls:
+            if decl.isidentifier():
+                if name is not None:
+                    raise TypeError(f"Name '{name}' defined twice")
+                name = decl
+            else:
+                split_char = ";" if decl[:1] == "/" else "/"
+                if split_char in decl:
+                    first, second = decl.split(split_char, 1)
+                    first = first.rstrip()
+                    if first:
+                        possible_names.append(split_opt(first))
+                        opts.append(first)
+                    second = second.lstrip()
+                    if second:
+                        secondary_opts.append(second.lstrip())
+                    if first == second:
+                        raise ValueError(
+                            f"Boolean option {decl!r} cannot use the"
+                            " same flag for true/false."
+                        )
+                else:
+                    possible_names.append(split_opt(decl))
+                    opts.append(decl)
+
+        if name is None and possible_names:
+            possible_names.sort(key=lambda x: -len(x[0]))  # group long options first
+            name = possible_names[0][1].replace("-", "_").lower()
+            if not name.isidentifier():
+                name = None
+
+        if name is None:
+            if not expose_value:
+                return None, opts, secondary_opts
+            raise TypeError("Could not determine name for option")
+
+        if not opts and not secondary_opts:
+            raise TypeError(
+                f"No options defined but a name was passed ({name})."
+                " Did you mean to declare an argument instead? Did"
+                f" you mean to pass '--{name}'?"
+            )
+
+        return name, opts, secondary_opts
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        if self.multiple:
+            action = "append"
+        elif self.count:
+            action = "count"
+        else:
+            action = "store"
+
+        if self.is_flag:
+            action = f"{action}_const"
+
+            if self.is_bool_flag and self.secondary_opts:
+                parser.add_option(
+                    obj=self, opts=self.opts, dest=self.name, action=action, const=True
+                )
+                parser.add_option(
+                    obj=self,
+                    opts=self.secondary_opts,
+                    dest=self.name,
+                    action=action,
+                    const=False,
+                )
+            else:
+                parser.add_option(
+                    obj=self,
+                    opts=self.opts,
+                    dest=self.name,
+                    action=action,
+                    const=self.flag_value,
+                )
+        else:
+            parser.add_option(
+                obj=self,
+                opts=self.opts,
+                dest=self.name,
+                action=action,
+                nargs=self.nargs,
+            )
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        if self.hidden:
+            return None
+
+        any_prefix_is_slash = False
+
+        def _write_opts(opts: t.Sequence[str]) -> str:
+            nonlocal any_prefix_is_slash
+
+            rv, any_slashes = join_options(opts)
+
+            if any_slashes:
+                any_prefix_is_slash = True
+
+            if not self.is_flag and not self.count:
+                rv += f" {self.make_metavar()}"
+
+            return rv
+
+        rv = [_write_opts(self.opts)]
+
+        if self.secondary_opts:
+            rv.append(_write_opts(self.secondary_opts))
+
+        help = self.help or ""
+        extra = []
+
+        if self.show_envvar:
+            envvar = self.envvar
+
+            if envvar is None:
+                if (
+                    self.allow_from_autoenv
+                    and ctx.auto_envvar_prefix is not None
+                    and self.name is not None
+                ):
+                    envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+
+            if envvar is not None:
+                var_str = (
+                    envvar
+                    if isinstance(envvar, str)
+                    else ", ".join(str(d) for d in envvar)
+                )
+                extra.append(_("env var: {var}").format(var=var_str))
+
+        # Temporarily enable resilient parsing to avoid type casting
+        # failing for the default. Might be possible to extend this to
+        # help formatting in general.
+        resilient = ctx.resilient_parsing
+        ctx.resilient_parsing = True
+
+        try:
+            default_value = self.get_default(ctx, call=False)
+        finally:
+            ctx.resilient_parsing = resilient
+
+        show_default = False
+        show_default_is_str = False
+
+        if self.show_default is not None:
+            if isinstance(self.show_default, str):
+                show_default_is_str = show_default = True
+            else:
+                show_default = self.show_default
+        elif ctx.show_default is not None:
+            show_default = ctx.show_default
+
+        if show_default_is_str or (show_default and (default_value is not None)):
+            if show_default_is_str:
+                default_string = f"({self.show_default})"
+            elif isinstance(default_value, (list, tuple)):
+                default_string = ", ".join(str(d) for d in default_value)
+            elif inspect.isfunction(default_value):
+                default_string = _("(dynamic)")
+            elif self.is_bool_flag and self.secondary_opts:
+                # For boolean flags that have distinct True/False opts,
+                # use the opt without prefix instead of the value.
+                default_string = split_opt(
+                    (self.opts if self.default else self.secondary_opts)[0]
+                )[1]
+            elif self.is_bool_flag and not self.secondary_opts and not default_value:
+                default_string = ""
+            else:
+                default_string = str(default_value)
+
+            if default_string:
+                extra.append(_("default: {default}").format(default=default_string))
+
+        if (
+            isinstance(self.type, types._NumberRangeBase)
+            # skip count with default range type
+            and not (self.count and self.type.min == 0 and self.type.max is None)
+        ):
+            range_str = self.type._describe_range()
+
+            if range_str:
+                extra.append(range_str)
+
+        if self.required:
+            extra.append(_("required"))
+
+        if extra:
+            extra_str = "; ".join(extra)
+            help = f"{help}  [{extra_str}]" if help else f"[{extra_str}]"
+
+        return ("; " if any_prefix_is_slash else " / ").join(rv), help
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        # If we're a non boolean flag our default is more complex because
+        # we need to look at all flags in the same group to figure out
+        # if we're the default one in which case we return the flag
+        # value as default.
+        if self.is_flag and not self.is_bool_flag:
+            for param in ctx.command.params:
+                if param.name == self.name and param.default:
+                    return t.cast(Option, param).flag_value
+
+            return None
+
+        return super().get_default(ctx, call=call)
+
+    def prompt_for_value(self, ctx: Context) -> t.Any:
+        """This is an alternative flow that can be activated in the full
+        value processing if a value does not exist.  It will prompt the
+        user until a valid value exists and then returns the processed
+        value as result.
+        """
+        assert self.prompt is not None
+
+        # Calculate the default before prompting anything to be stable.
+        default = self.get_default(ctx)
+
+        # If this is a prompt for a flag we need to handle this
+        # differently.
+        if self.is_bool_flag:
+            return confirm(self.prompt, default)
+
+        return prompt(
+            self.prompt,
+            default=default,
+            type=self.type,
+            hide_input=self.hide_input,
+            show_choices=self.show_choices,
+            confirmation_prompt=self.confirmation_prompt,
+            value_proc=lambda x: self.process_value(ctx, x),
+        )
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        rv = super().resolve_envvar_value(ctx)
+
+        if rv is not None:
+            return rv
+
+        if (
+            self.allow_from_autoenv
+            and ctx.auto_envvar_prefix is not None
+            and self.name is not None
+        ):
+            envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+            rv = os.environ.get(envvar)
+
+            if rv:
+                return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is None:
+            return None
+
+        value_depth = (self.nargs != 1) + bool(self.multiple)
+
+        if value_depth > 0:
+            rv = self.type.split_envvar_value(rv)
+
+            if self.multiple and self.nargs != 1:
+                rv = batch(rv, self.nargs)
+
+        return rv
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, "Parameter"]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value, source = super().consume_value(ctx, opts)
+
+        # The parser will emit a sentinel value if the option can be
+        # given as a flag without a value. This is different from None
+        # to distinguish from the flag not being given at all.
+        if value is _flag_needs_value:
+            if self.prompt is not None and not ctx.resilient_parsing:
+                value = self.prompt_for_value(ctx)
+                source = ParameterSource.PROMPT
+            else:
+                value = self.flag_value
+                source = ParameterSource.COMMANDLINE
+
+        elif (
+            self.multiple
+            and value is not None
+            and any(v is _flag_needs_value for v in value)
+        ):
+            value = [self.flag_value if v is _flag_needs_value else v for v in value]
+            source = ParameterSource.COMMANDLINE
+
+        # The value wasn't set, or used the param's default, prompt if
+        # prompting is enabled.
+        elif (
+            source in {None, ParameterSource.DEFAULT}
+            and self.prompt is not None
+            and (self.required or self.prompt_required)
+            and not ctx.resilient_parsing
+        ):
+            value = self.prompt_for_value(ctx)
+            source = ParameterSource.PROMPT
+
+        return value, source
+
+
+class Argument(Parameter):
+    """Arguments are positional parameters to a command.  They generally
+    provide fewer features than options but can have infinite ``nargs``
+    and are required by default.
+
+    All parameters are passed onwards to the constructor of :class:`Parameter`.
+    """
+
+    param_type_name = "argument"
+
+    def __init__(
+        self,
+        param_decls: t.Sequence[str],
+        required: t.Optional[bool] = None,
+        **attrs: t.Any,
+    ) -> None:
+        if required is None:
+            if attrs.get("default") is not None:
+                required = False
+            else:
+                required = attrs.get("nargs", 1) > 0
+
+        if "multiple" in attrs:
+            raise TypeError("__init__() got an unexpected keyword argument 'multiple'.")
+
+        super().__init__(param_decls, required=required, **attrs)
+
+        if __debug__:
+            if self.default is not None and self.nargs == -1:
+                raise TypeError("'default' is not supported for nargs=-1.")
+
+    @property
+    def human_readable_name(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        return self.name.upper()  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        var = self.type.get_metavar(self)
+        if not var:
+            var = self.name.upper()  # type: ignore
+        if not self.required:
+            var = f"[{var}]"
+        if self.nargs != 1:
+            var += "..."
+        return var
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        if not decls:
+            if not expose_value:
+                return None, [], []
+            raise TypeError("Could not determine name for argument")
+        if len(decls) == 1:
+            name = arg = decls[0]
+            name = name.replace("-", "_").lower()
+        else:
+            raise TypeError(
+                "Arguments take exactly one parameter declaration, got"
+                f" {len(decls)}."
+            )
+        return name, [arg], []
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return [self.make_metavar()]
+
+    def get_error_hint(self, ctx: Context) -> str:
+        return f"'{self.make_metavar()}'"
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        parser.add_argument(dest=self.name, nargs=self.nargs, obj=self)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/decorators.py b/lib/go-jinja2/internal/data/linux-amd64/click/decorators.py
new file mode 100644
index 000000000..d9bba9502
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/decorators.py
@@ -0,0 +1,561 @@
+import inspect
+import types
+import typing as t
+from functools import update_wrapper
+from gettext import gettext as _
+
+from .core import Argument
+from .core import Command
+from .core import Context
+from .core import Group
+from .core import Option
+from .core import Parameter
+from .globals import get_current_context
+from .utils import echo
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+T = t.TypeVar("T")
+_AnyCallable = t.Callable[..., t.Any]
+FC = t.TypeVar("FC", bound=t.Union[_AnyCallable, Command])
+
+
+def pass_context(f: "t.Callable[te.Concatenate[Context, P], R]") -> "t.Callable[P, R]":
+    """Marks a callback as wanting to receive the current context
+    object as first argument.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context(), *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def pass_obj(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+    """Similar to :func:`pass_context`, but only pass the object on the
+    context onwards (:attr:`Context.obj`).  This is useful if that object
+    represents the state of a nested system.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context().obj, *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def make_pass_decorator(
+    object_type: t.Type[T], ensure: bool = False
+) -> t.Callable[["t.Callable[te.Concatenate[T, P], R]"], "t.Callable[P, R]"]:
+    """Given an object type this creates a decorator that will work
+    similar to :func:`pass_obj` but instead of passing the object of the
+    current context, it will find the innermost context of type
+    :func:`object_type`.
+
+    This generates a decorator that works roughly like this::
+
+        from functools import update_wrapper
+
+        def decorator(f):
+            @pass_context
+            def new_func(ctx, *args, **kwargs):
+                obj = ctx.find_object(object_type)
+                return ctx.invoke(f, obj, *args, **kwargs)
+            return update_wrapper(new_func, f)
+        return decorator
+
+    :param object_type: the type of the object to pass.
+    :param ensure: if set to `True`, a new object will be created and
+                   remembered on the context if it's not there yet.
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[T, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+            ctx = get_current_context()
+
+            obj: t.Optional[T]
+            if ensure:
+                obj = ctx.ensure_object(object_type)
+            else:
+                obj = ctx.find_object(object_type)
+
+            if obj is None:
+                raise RuntimeError(
+                    "Managed to invoke callback without a context"
+                    f" object of type {object_type.__name__!r}"
+                    " existing."
+                )
+
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    return decorator  # type: ignore[return-value]
+
+
+def pass_meta_key(
+    key: str, *, doc_description: t.Optional[str] = None
+) -> "t.Callable[[t.Callable[te.Concatenate[t.Any, P], R]], t.Callable[P, R]]":
+    """Create a decorator that passes a key from
+    :attr:`click.Context.meta` as the first argument to the decorated
+    function.
+
+    :param key: Key in ``Context.meta`` to pass.
+    :param doc_description: Description of the object being passed,
+        inserted into the decorator's docstring. Defaults to "the 'key'
+        key from Context.meta".
+
+    .. versionadded:: 8.0
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> R:
+            ctx = get_current_context()
+            obj = ctx.meta[key]
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    if doc_description is None:
+        doc_description = f"the {key!r} key from :attr:`click.Context.meta`"
+
+    decorator.__doc__ = (
+        f"Decorator that passes {doc_description} as the first argument"
+        " to the decorated function."
+    )
+    return decorator  # type: ignore[return-value]
+
+
+CmdType = t.TypeVar("CmdType", bound=Command)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def command(name: _AnyCallable) -> Command:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @command(namearg, CommandCls, ...) or @command(namearg, cls=CommandCls, ...)
+@t.overload
+def command(
+    name: t.Optional[str],
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @command(cls=CommandCls, ...)
+@t.overload
+def command(
+    name: None = None,
+    *,
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def command(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Command]:
+    ...
+
+
+def command(
+    name: t.Union[t.Optional[str], _AnyCallable] = None,
+    cls: t.Optional[t.Type[CmdType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Command, t.Callable[[_AnyCallable], t.Union[Command, CmdType]]]:
+    r"""Creates a new :class:`Command` and uses the decorated function as
+    callback.  This will also automatically attach all decorated
+    :func:`option`\s and :func:`argument`\s as parameters to the command.
+
+    The name of the command defaults to the name of the function with
+    underscores replaced by dashes.  If you want to change that, you can
+    pass the intended name as the first argument.
+
+    All keyword arguments are forwarded to the underlying command class.
+    For the ``params`` argument, any decorated params are appended to
+    the end of the list.
+
+    Once decorated the function turns into a :class:`Command` instance
+    that can be invoked as a command line utility or be attached to a
+    command :class:`Group`.
+
+    :param name: the name of the command.  This defaults to the function
+                 name with underscores replaced by dashes.
+    :param cls: the command class to instantiate.  This defaults to
+                :class:`Command`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+
+    .. versionchanged:: 8.1
+        The ``params`` argument can be used. Decorated params are
+        appended to the end of the list.
+    """
+
+    func: t.Optional[t.Callable[[_AnyCallable], t.Any]] = None
+
+    if callable(name):
+        func = name
+        name = None
+        assert cls is None, "Use 'command(cls=cls)(callable)' to specify a class."
+        assert not attrs, "Use 'command(**kwargs)(callable)' to provide arguments."
+
+    if cls is None:
+        cls = t.cast(t.Type[CmdType], Command)
+
+    def decorator(f: _AnyCallable) -> CmdType:
+        if isinstance(f, Command):
+            raise TypeError("Attempted to convert a callback into a command twice.")
+
+        attr_params = attrs.pop("params", None)
+        params = attr_params if attr_params is not None else []
+
+        try:
+            decorator_params = f.__click_params__  # type: ignore
+        except AttributeError:
+            pass
+        else:
+            del f.__click_params__  # type: ignore
+            params.extend(reversed(decorator_params))
+
+        if attrs.get("help") is None:
+            attrs["help"] = f.__doc__
+
+        if t.TYPE_CHECKING:
+            assert cls is not None
+            assert not callable(name)
+
+        cmd = cls(
+            name=name or f.__name__.lower().replace("_", "-"),
+            callback=f,
+            params=params,
+            **attrs,
+        )
+        cmd.__doc__ = f.__doc__
+        return cmd
+
+    if func is not None:
+        return decorator(func)
+
+    return decorator
+
+
+GrpType = t.TypeVar("GrpType", bound=Group)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def group(name: _AnyCallable) -> Group:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @group(namearg, GroupCls, ...) or @group(namearg, cls=GroupCls, ...)
+@t.overload
+def group(
+    name: t.Optional[str],
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @group(cmd=GroupCls, ...)
+@t.overload
+def group(
+    name: None = None,
+    *,
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def group(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Group]:
+    ...
+
+
+def group(
+    name: t.Union[str, _AnyCallable, None] = None,
+    cls: t.Optional[t.Type[GrpType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Group, t.Callable[[_AnyCallable], t.Union[Group, GrpType]]]:
+    """Creates a new :class:`Group` with a function as callback.  This
+    works otherwise the same as :func:`command` just that the `cls`
+    parameter is set to :class:`Group`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+    """
+    if cls is None:
+        cls = t.cast(t.Type[GrpType], Group)
+
+    if callable(name):
+        return command(cls=cls, **attrs)(name)
+
+    return command(name, cls, **attrs)
+
+
+def _param_memo(f: t.Callable[..., t.Any], param: Parameter) -> None:
+    if isinstance(f, Command):
+        f.params.append(param)
+    else:
+        if not hasattr(f, "__click_params__"):
+            f.__click_params__ = []  # type: ignore
+
+        f.__click_params__.append(param)  # type: ignore
+
+
+def argument(
+    *param_decls: str, cls: t.Optional[t.Type[Argument]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an argument to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Argument`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Argument` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default argument class, refer to :class:`Argument` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the argument class to instantiate.  This defaults to
+                :class:`Argument`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Argument
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def option(
+    *param_decls: str, cls: t.Optional[t.Type[Option]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an option to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Option`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Option` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default option class, refer to :class:`Option` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the option class to instantiate.  This defaults to
+                :class:`Option`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Option
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def confirmation_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--yes`` option which shows a prompt before continuing if
+    not passed. If the prompt is declined, the program will exit.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--yes"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value:
+            ctx.abort()
+
+    if not param_decls:
+        param_decls = ("--yes",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("callback", callback)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("prompt", "Do you want to continue?")
+    kwargs.setdefault("help", "Confirm the action without prompting.")
+    return option(*param_decls, **kwargs)
+
+
+def password_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--password`` option which prompts for a password, hiding
+    input and asking to enter the value again for confirmation.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--password"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+    if not param_decls:
+        param_decls = ("--password",)
+
+    kwargs.setdefault("prompt", True)
+    kwargs.setdefault("confirmation_prompt", True)
+    kwargs.setdefault("hide_input", True)
+    return option(*param_decls, **kwargs)
+
+
+def version_option(
+    version: t.Optional[str] = None,
+    *param_decls: str,
+    package_name: t.Optional[str] = None,
+    prog_name: t.Optional[str] = None,
+    message: t.Optional[str] = None,
+    **kwargs: t.Any,
+) -> t.Callable[[FC], FC]:
+    """Add a ``--version`` option which immediately prints the version
+    number and exits the program.
+
+    If ``version`` is not provided, Click will try to detect it using
+    :func:`importlib.metadata.version` to get the version for the
+    ``package_name``. On Python < 3.8, the ``importlib_metadata``
+    backport must be installed.
+
+    If ``package_name`` is not provided, Click will try to detect it by
+    inspecting the stack frames. This will be used to detect the
+    version, so it must match the name of the installed package.
+
+    :param version: The version number to show. If not provided, Click
+        will try to detect it.
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--version"``.
+    :param package_name: The package name to detect the version from. If
+        not provided, Click will try to detect it.
+    :param prog_name: The name of the CLI to show in the message. If not
+        provided, it will be detected from the command.
+    :param message: The message to show. The values ``%(prog)s``,
+        ``%(package)s``, and ``%(version)s`` are available. Defaults to
+        ``"%(prog)s, version %(version)s"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    :raise RuntimeError: ``version`` could not be detected.
+
+    .. versionchanged:: 8.0
+        Add the ``package_name`` parameter, and the ``%(package)s``
+        value for messages.
+
+    .. versionchanged:: 8.0
+        Use :mod:`importlib.metadata` instead of ``pkg_resources``. The
+        version is detected based on the package name, not the entry
+        point name. The Python package name must match the installed
+        package name, or be passed with ``package_name=``.
+    """
+    if message is None:
+        message = _("%(prog)s, version %(version)s")
+
+    if version is None and package_name is None:
+        frame = inspect.currentframe()
+        f_back = frame.f_back if frame is not None else None
+        f_globals = f_back.f_globals if f_back is not None else None
+        # break reference cycle
+        # https://docs.python.org/3/library/inspect.html#the-interpreter-stack
+        del frame
+
+        if f_globals is not None:
+            package_name = f_globals.get("__name__")
+
+            if package_name == "__main__":
+                package_name = f_globals.get("__package__")
+
+            if package_name:
+                package_name = package_name.partition(".")[0]
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        nonlocal prog_name
+        nonlocal version
+
+        if prog_name is None:
+            prog_name = ctx.find_root().info_name
+
+        if version is None and package_name is not None:
+            metadata: t.Optional[types.ModuleType]
+
+            try:
+                from importlib import metadata  # type: ignore
+            except ImportError:
+                # Python < 3.8
+                import importlib_metadata as metadata  # type: ignore
+
+            try:
+                version = metadata.version(package_name)  # type: ignore
+            except metadata.PackageNotFoundError:  # type: ignore
+                raise RuntimeError(
+                    f"{package_name!r} is not installed. Try passing"
+                    " 'package_name' instead."
+                ) from None
+
+        if version is None:
+            raise RuntimeError(
+                f"Could not determine the version for {package_name!r} automatically."
+            )
+
+        echo(
+            message % {"prog": prog_name, "package": package_name, "version": version},
+            color=ctx.color,
+        )
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--version",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show the version and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
+
+
+def help_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--help`` option which immediately prints the help page
+    and exits the program.
+
+    This is usually unnecessary, as the ``--help`` option is added to
+    each command automatically unless ``add_help_option=False`` is
+    passed.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--help"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        echo(ctx.get_help(), color=ctx.color)
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--help",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show this message and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/exceptions.py b/lib/go-jinja2/internal/data/linux-amd64/click/exceptions.py
new file mode 100644
index 000000000..fe68a3613
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/exceptions.py
@@ -0,0 +1,288 @@
+import typing as t
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import get_text_stderr
+from .utils import echo
+from .utils import format_filename
+
+if t.TYPE_CHECKING:
+    from .core import Command
+    from .core import Context
+    from .core import Parameter
+
+
+def _join_param_hints(
+    param_hint: t.Optional[t.Union[t.Sequence[str], str]]
+) -> t.Optional[str]:
+    if param_hint is not None and not isinstance(param_hint, str):
+        return " / ".join(repr(x) for x in param_hint)
+
+    return param_hint
+
+
+class ClickException(Exception):
+    """An exception that Click can handle and show to the user."""
+
+    #: The exit code for this exception.
+    exit_code = 1
+
+    def __init__(self, message: str) -> None:
+        super().__init__(message)
+        self.message = message
+
+    def format_message(self) -> str:
+        return self.message
+
+    def __str__(self) -> str:
+        return self.message
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+
+        echo(_("Error: {message}").format(message=self.format_message()), file=file)
+
+
+class UsageError(ClickException):
+    """An internal exception that signals a usage error.  This typically
+    aborts any further handling.
+
+    :param message: the error message to display.
+    :param ctx: optionally the context that caused this error.  Click will
+                fill in the context automatically in some situations.
+    """
+
+    exit_code = 2
+
+    def __init__(self, message: str, ctx: t.Optional["Context"] = None) -> None:
+        super().__init__(message)
+        self.ctx = ctx
+        self.cmd: t.Optional["Command"] = self.ctx.command if self.ctx else None
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+        color = None
+        hint = ""
+        if (
+            self.ctx is not None
+            and self.ctx.command.get_help_option(self.ctx) is not None
+        ):
+            hint = _("Try '{command} {option}' for help.").format(
+                command=self.ctx.command_path, option=self.ctx.help_option_names[0]
+            )
+            hint = f"{hint}\n"
+        if self.ctx is not None:
+            color = self.ctx.color
+            echo(f"{self.ctx.get_usage()}\n{hint}", file=file, color=color)
+        echo(
+            _("Error: {message}").format(message=self.format_message()),
+            file=file,
+            color=color,
+        )
+
+
+class BadParameter(UsageError):
+    """An exception that formats out a standardized error message for a
+    bad parameter.  This is useful when thrown from a callback or type as
+    Click will attach contextual information to it (for instance, which
+    parameter it is).
+
+    .. versionadded:: 2.0
+
+    :param param: the parameter object that caused this error.  This can
+                  be left out, and Click will attach this info itself
+                  if possible.
+    :param param_hint: a string that shows up as parameter name.  This
+                       can be used as alternative to `param` in cases
+                       where custom validation should happen.  If it is
+                       a string it's used as such, if it's a list then
+                       each item is quoted and separated.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message, ctx)
+        self.param = param
+        self.param_hint = param_hint
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            return _("Invalid value: {message}").format(message=self.message)
+
+        return _("Invalid value for {param_hint}: {message}").format(
+            param_hint=_join_param_hints(param_hint), message=self.message
+        )
+
+
+class MissingParameter(BadParameter):
+    """Raised if click required an option or argument but it was not
+    provided when invoking the script.
+
+    .. versionadded:: 4.0
+
+    :param param_type: a string that indicates the type of the parameter.
+                       The default is to inherit the parameter type from
+                       the given `param`.  Valid values are ``'parameter'``,
+                       ``'option'`` or ``'argument'``.
+    """
+
+    def __init__(
+        self,
+        message: t.Optional[str] = None,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+        param_type: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message or "", ctx, param, param_hint)
+        self.param_type = param_type
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint: t.Optional[str] = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            param_hint = None
+
+        param_hint = _join_param_hints(param_hint)
+        param_hint = f" {param_hint}" if param_hint else ""
+
+        param_type = self.param_type
+        if param_type is None and self.param is not None:
+            param_type = self.param.param_type_name
+
+        msg = self.message
+        if self.param is not None:
+            msg_extra = self.param.type.get_missing_message(self.param)
+            if msg_extra:
+                if msg:
+                    msg += f". {msg_extra}"
+                else:
+                    msg = msg_extra
+
+        msg = f" {msg}" if msg else ""
+
+        # Translate param_type for known types.
+        if param_type == "argument":
+            missing = _("Missing argument")
+        elif param_type == "option":
+            missing = _("Missing option")
+        elif param_type == "parameter":
+            missing = _("Missing parameter")
+        else:
+            missing = _("Missing {param_type}").format(param_type=param_type)
+
+        return f"{missing}{param_hint}.{msg}"
+
+    def __str__(self) -> str:
+        if not self.message:
+            param_name = self.param.name if self.param else None
+            return _("Missing parameter: {param_name}").format(param_name=param_name)
+        else:
+            return self.message
+
+
+class NoSuchOption(UsageError):
+    """Raised if click attempted to handle an option that does not
+    exist.
+
+    .. versionadded:: 4.0
+    """
+
+    def __init__(
+        self,
+        option_name: str,
+        message: t.Optional[str] = None,
+        possibilities: t.Optional[t.Sequence[str]] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> None:
+        if message is None:
+            message = _("No such option: {name}").format(name=option_name)
+
+        super().__init__(message, ctx)
+        self.option_name = option_name
+        self.possibilities = possibilities
+
+    def format_message(self) -> str:
+        if not self.possibilities:
+            return self.message
+
+        possibility_str = ", ".join(sorted(self.possibilities))
+        suggest = ngettext(
+            "Did you mean {possibility}?",
+            "(Possible options: {possibilities})",
+            len(self.possibilities),
+        ).format(possibility=possibility_str, possibilities=possibility_str)
+        return f"{self.message} {suggest}"
+
+
+class BadOptionUsage(UsageError):
+    """Raised if an option is generally supplied but the use of the option
+    was incorrect.  This is for instance raised if the number of arguments
+    for an option is not correct.
+
+    .. versionadded:: 4.0
+
+    :param option_name: the name of the option being used incorrectly.
+    """
+
+    def __init__(
+        self, option_name: str, message: str, ctx: t.Optional["Context"] = None
+    ) -> None:
+        super().__init__(message, ctx)
+        self.option_name = option_name
+
+
+class BadArgumentUsage(UsageError):
+    """Raised if an argument is generally supplied but the use of the argument
+    was incorrect.  This is for instance raised if the number of values
+    for an argument is not correct.
+
+    .. versionadded:: 6.0
+    """
+
+
+class FileError(ClickException):
+    """Raised if a file cannot be opened."""
+
+    def __init__(self, filename: str, hint: t.Optional[str] = None) -> None:
+        if hint is None:
+            hint = _("unknown error")
+
+        super().__init__(hint)
+        self.ui_filename: str = format_filename(filename)
+        self.filename = filename
+
+    def format_message(self) -> str:
+        return _("Could not open file {filename!r}: {message}").format(
+            filename=self.ui_filename, message=self.message
+        )
+
+
+class Abort(RuntimeError):
+    """An internal signalling exception that signals Click to abort."""
+
+
+class Exit(RuntimeError):
+    """An exception that indicates that the application should exit with some
+    status code.
+
+    :param code: the status code to exit with.
+    """
+
+    __slots__ = ("exit_code",)
+
+    def __init__(self, code: int = 0) -> None:
+        self.exit_code: int = code
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/formatting.py b/lib/go-jinja2/internal/data/linux-amd64/click/formatting.py
new file mode 100644
index 000000000..ddd2a2f82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/formatting.py
@@ -0,0 +1,301 @@
+import typing as t
+from contextlib import contextmanager
+from gettext import gettext as _
+
+from ._compat import term_len
+from .parser import split_opt
+
+# Can force a width.  This is used by the test system
+FORCED_WIDTH: t.Optional[int] = None
+
+
+def measure_table(rows: t.Iterable[t.Tuple[str, str]]) -> t.Tuple[int, ...]:
+    widths: t.Dict[int, int] = {}
+
+    for row in rows:
+        for idx, col in enumerate(row):
+            widths[idx] = max(widths.get(idx, 0), term_len(col))
+
+    return tuple(y for x, y in sorted(widths.items()))
+
+
+def iter_rows(
+    rows: t.Iterable[t.Tuple[str, str]], col_count: int
+) -> t.Iterator[t.Tuple[str, ...]]:
+    for row in rows:
+        yield row + ("",) * (col_count - len(row))
+
+
+def wrap_text(
+    text: str,
+    width: int = 78,
+    initial_indent: str = "",
+    subsequent_indent: str = "",
+    preserve_paragraphs: bool = False,
+) -> str:
+    """A helper function that intelligently wraps text.  By default, it
+    assumes that it operates on a single paragraph of text but if the
+    `preserve_paragraphs` parameter is provided it will intelligently
+    handle paragraphs (defined by two empty lines).
+
+    If paragraphs are handled, a paragraph can be prefixed with an empty
+    line containing the ``\\b`` character (``\\x08``) to indicate that
+    no rewrapping should happen in that block.
+
+    :param text: the text that should be rewrapped.
+    :param width: the maximum width for the text.
+    :param initial_indent: the initial indent that should be placed on the
+                           first line as a string.
+    :param subsequent_indent: the indent string that should be placed on
+                              each consecutive line.
+    :param preserve_paragraphs: if this flag is set then the wrapping will
+                                intelligently handle paragraphs.
+    """
+    from ._textwrap import TextWrapper
+
+    text = text.expandtabs()
+    wrapper = TextWrapper(
+        width,
+        initial_indent=initial_indent,
+        subsequent_indent=subsequent_indent,
+        replace_whitespace=False,
+    )
+    if not preserve_paragraphs:
+        return wrapper.fill(text)
+
+    p: t.List[t.Tuple[int, bool, str]] = []
+    buf: t.List[str] = []
+    indent = None
+
+    def _flush_par() -> None:
+        if not buf:
+            return
+        if buf[0].strip() == "\b":
+            p.append((indent or 0, True, "\n".join(buf[1:])))
+        else:
+            p.append((indent or 0, False, " ".join(buf)))
+        del buf[:]
+
+    for line in text.splitlines():
+        if not line:
+            _flush_par()
+            indent = None
+        else:
+            if indent is None:
+                orig_len = term_len(line)
+                line = line.lstrip()
+                indent = orig_len - term_len(line)
+            buf.append(line)
+    _flush_par()
+
+    rv = []
+    for indent, raw, text in p:
+        with wrapper.extra_indent(" " * indent):
+            if raw:
+                rv.append(wrapper.indent_only(text))
+            else:
+                rv.append(wrapper.fill(text))
+
+    return "\n\n".join(rv)
+
+
+class HelpFormatter:
+    """This class helps with formatting text-based help pages.  It's
+    usually just needed for very special internal cases, but it's also
+    exposed so that developers can write their own fancy outputs.
+
+    At present, it always writes into memory.
+
+    :param indent_increment: the additional increment for each level.
+    :param width: the width for the text.  This defaults to the terminal
+                  width clamped to a maximum of 78.
+    """
+
+    def __init__(
+        self,
+        indent_increment: int = 2,
+        width: t.Optional[int] = None,
+        max_width: t.Optional[int] = None,
+    ) -> None:
+        import shutil
+
+        self.indent_increment = indent_increment
+        if max_width is None:
+            max_width = 80
+        if width is None:
+            width = FORCED_WIDTH
+            if width is None:
+                width = max(min(shutil.get_terminal_size().columns, max_width) - 2, 50)
+        self.width = width
+        self.current_indent = 0
+        self.buffer: t.List[str] = []
+
+    def write(self, string: str) -> None:
+        """Writes a unicode string into the internal buffer."""
+        self.buffer.append(string)
+
+    def indent(self) -> None:
+        """Increases the indentation."""
+        self.current_indent += self.indent_increment
+
+    def dedent(self) -> None:
+        """Decreases the indentation."""
+        self.current_indent -= self.indent_increment
+
+    def write_usage(
+        self, prog: str, args: str = "", prefix: t.Optional[str] = None
+    ) -> None:
+        """Writes a usage line into the buffer.
+
+        :param prog: the program name.
+        :param args: whitespace separated list of arguments.
+        :param prefix: The prefix for the first line. Defaults to
+            ``"Usage: "``.
+        """
+        if prefix is None:
+            prefix = f"{_('Usage:')} "
+
+        usage_prefix = f"{prefix:>{self.current_indent}}{prog} "
+        text_width = self.width - self.current_indent
+
+        if text_width >= (term_len(usage_prefix) + 20):
+            # The arguments will fit to the right of the prefix.
+            indent = " " * term_len(usage_prefix)
+            self.write(
+                wrap_text(
+                    args,
+                    text_width,
+                    initial_indent=usage_prefix,
+                    subsequent_indent=indent,
+                )
+            )
+        else:
+            # The prefix is too long, put the arguments on the next line.
+            self.write(usage_prefix)
+            self.write("\n")
+            indent = " " * (max(self.current_indent, term_len(prefix)) + 4)
+            self.write(
+                wrap_text(
+                    args, text_width, initial_indent=indent, subsequent_indent=indent
+                )
+            )
+
+        self.write("\n")
+
+    def write_heading(self, heading: str) -> None:
+        """Writes a heading into the buffer."""
+        self.write(f"{'':>{self.current_indent}}{heading}:\n")
+
+    def write_paragraph(self) -> None:
+        """Writes a paragraph into the buffer."""
+        if self.buffer:
+            self.write("\n")
+
+    def write_text(self, text: str) -> None:
+        """Writes re-indented text into the buffer.  This rewraps and
+        preserves paragraphs.
+        """
+        indent = " " * self.current_indent
+        self.write(
+            wrap_text(
+                text,
+                self.width,
+                initial_indent=indent,
+                subsequent_indent=indent,
+                preserve_paragraphs=True,
+            )
+        )
+        self.write("\n")
+
+    def write_dl(
+        self,
+        rows: t.Sequence[t.Tuple[str, str]],
+        col_max: int = 30,
+        col_spacing: int = 2,
+    ) -> None:
+        """Writes a definition list into the buffer.  This is how options
+        and commands are usually formatted.
+
+        :param rows: a list of two item tuples for the terms and values.
+        :param col_max: the maximum width of the first column.
+        :param col_spacing: the number of spaces between the first and
+                            second column.
+        """
+        rows = list(rows)
+        widths = measure_table(rows)
+        if len(widths) != 2:
+            raise TypeError("Expected two columns for definition list")
+
+        first_col = min(widths[0], col_max) + col_spacing
+
+        for first, second in iter_rows(rows, len(widths)):
+            self.write(f"{'':>{self.current_indent}}{first}")
+            if not second:
+                self.write("\n")
+                continue
+            if term_len(first) <= first_col - col_spacing:
+                self.write(" " * (first_col - term_len(first)))
+            else:
+                self.write("\n")
+                self.write(" " * (first_col + self.current_indent))
+
+            text_width = max(self.width - first_col - 2, 10)
+            wrapped_text = wrap_text(second, text_width, preserve_paragraphs=True)
+            lines = wrapped_text.splitlines()
+
+            if lines:
+                self.write(f"{lines[0]}\n")
+
+                for line in lines[1:]:
+                    self.write(f"{'':>{first_col + self.current_indent}}{line}\n")
+            else:
+                self.write("\n")
+
+    @contextmanager
+    def section(self, name: str) -> t.Iterator[None]:
+        """Helpful context manager that writes a paragraph, a heading,
+        and the indents.
+
+        :param name: the section name that is written as heading.
+        """
+        self.write_paragraph()
+        self.write_heading(name)
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    @contextmanager
+    def indentation(self) -> t.Iterator[None]:
+        """A context manager that increases the indentation."""
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    def getvalue(self) -> str:
+        """Returns the buffer contents."""
+        return "".join(self.buffer)
+
+
+def join_options(options: t.Sequence[str]) -> t.Tuple[str, bool]:
+    """Given a list of option strings this joins them in the most appropriate
+    way and returns them in the form ``(formatted_string,
+    any_prefix_is_slash)`` where the second item in the tuple is a flag that
+    indicates if any of the option prefixes was a slash.
+    """
+    rv = []
+    any_prefix_is_slash = False
+
+    for opt in options:
+        prefix = split_opt(opt)[0]
+
+        if prefix == "/":
+            any_prefix_is_slash = True
+
+        rv.append((len(prefix), opt))
+
+    rv.sort(key=lambda x: x[0])
+    return ", ".join(x[1] for x in rv), any_prefix_is_slash
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/globals.py b/lib/go-jinja2/internal/data/linux-amd64/click/globals.py
new file mode 100644
index 000000000..480058f10
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/globals.py
@@ -0,0 +1,68 @@
+import typing as t
+from threading import local
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+
+_local = local()
+
+
+@t.overload
+def get_current_context(silent: "te.Literal[False]" = False) -> "Context":
+    ...
+
+
+@t.overload
+def get_current_context(silent: bool = ...) -> t.Optional["Context"]:
+    ...
+
+
+def get_current_context(silent: bool = False) -> t.Optional["Context"]:
+    """Returns the current click context.  This can be used as a way to
+    access the current context object from anywhere.  This is a more implicit
+    alternative to the :func:`pass_context` decorator.  This function is
+    primarily useful for helpers such as :func:`echo` which might be
+    interested in changing its behavior based on the current context.
+
+    To push the current context, :meth:`Context.scope` can be used.
+
+    .. versionadded:: 5.0
+
+    :param silent: if set to `True` the return value is `None` if no context
+                   is available.  The default behavior is to raise a
+                   :exc:`RuntimeError`.
+    """
+    try:
+        return t.cast("Context", _local.stack[-1])
+    except (AttributeError, IndexError) as e:
+        if not silent:
+            raise RuntimeError("There is no active click context.") from e
+
+    return None
+
+
+def push_context(ctx: "Context") -> None:
+    """Pushes a new context to the current stack."""
+    _local.__dict__.setdefault("stack", []).append(ctx)
+
+
+def pop_context() -> None:
+    """Removes the top level from the stack."""
+    _local.stack.pop()
+
+
+def resolve_color_default(color: t.Optional[bool] = None) -> t.Optional[bool]:
+    """Internal helper to get the default value of the color flag.  If a
+    value is passed it's returned unchanged, otherwise it's looked up from
+    the current context.
+    """
+    if color is not None:
+        return color
+
+    ctx = get_current_context(silent=True)
+
+    if ctx is not None:
+        return ctx.color
+
+    return None
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/parser.py b/lib/go-jinja2/internal/data/linux-amd64/click/parser.py
new file mode 100644
index 000000000..5fa7adfac
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/parser.py
@@ -0,0 +1,529 @@
+"""
+This module started out as largely a copy paste from the stdlib's
+optparse module with the features removed that we do not need from
+optparse because we implement them in Click on a higher level (for
+instance type handling, help formatting and a lot more).
+
+The plan is to remove more and more from here over time.
+
+The reason this is a different module and not optparse from the stdlib
+is that there are differences in 2.x and 3.x about the error messages
+generated and optparse in the stdlib uses gettext for no good reason
+and might cause us issues.
+
+Click uses parts of optparse written by Gregory P. Ward and maintained
+by the Python Software Foundation. This is limited to code in parser.py.
+
+Copyright 2001-2006 Gregory P. Ward. All rights reserved.
+Copyright 2002-2006 Python Software Foundation. All rights reserved.
+"""
+# This code uses parts of optparse written by Gregory P. Ward and
+# maintained by the Python Software Foundation.
+# Copyright 2001-2006 Gregory P. Ward
+# Copyright 2002-2006 Python Software Foundation
+import typing as t
+from collections import deque
+from gettext import gettext as _
+from gettext import ngettext
+
+from .exceptions import BadArgumentUsage
+from .exceptions import BadOptionUsage
+from .exceptions import NoSuchOption
+from .exceptions import UsageError
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Argument as CoreArgument
+    from .core import Context
+    from .core import Option as CoreOption
+    from .core import Parameter as CoreParameter
+
+V = t.TypeVar("V")
+
+# Sentinel value that indicates an option was passed as a flag without a
+# value but is not a flag option. Option.consume_value uses this to
+# prompt or use the flag_value.
+_flag_needs_value = object()
+
+
+def _unpack_args(
+    args: t.Sequence[str], nargs_spec: t.Sequence[int]
+) -> t.Tuple[t.Sequence[t.Union[str, t.Sequence[t.Optional[str]], None]], t.List[str]]:
+    """Given an iterable of arguments and an iterable of nargs specifications,
+    it returns a tuple with all the unpacked arguments at the first index
+    and all remaining arguments as the second.
+
+    The nargs specification is the number of arguments that should be consumed
+    or `-1` to indicate that this position should eat up all the remainders.
+
+    Missing items are filled with `None`.
+    """
+    args = deque(args)
+    nargs_spec = deque(nargs_spec)
+    rv: t.List[t.Union[str, t.Tuple[t.Optional[str], ...], None]] = []
+    spos: t.Optional[int] = None
+
+    def _fetch(c: "te.Deque[V]") -> t.Optional[V]:
+        try:
+            if spos is None:
+                return c.popleft()
+            else:
+                return c.pop()
+        except IndexError:
+            return None
+
+    while nargs_spec:
+        nargs = _fetch(nargs_spec)
+
+        if nargs is None:
+            continue
+
+        if nargs == 1:
+            rv.append(_fetch(args))
+        elif nargs > 1:
+            x = [_fetch(args) for _ in range(nargs)]
+
+            # If we're reversed, we're pulling in the arguments in reverse,
+            # so we need to turn them around.
+            if spos is not None:
+                x.reverse()
+
+            rv.append(tuple(x))
+        elif nargs < 0:
+            if spos is not None:
+                raise TypeError("Cannot have two nargs < 0")
+
+            spos = len(rv)
+            rv.append(None)
+
+    # spos is the position of the wildcard (star).  If it's not `None`,
+    # we fill it with the remainder.
+    if spos is not None:
+        rv[spos] = tuple(args)
+        args = []
+        rv[spos + 1 :] = reversed(rv[spos + 1 :])
+
+    return tuple(rv), list(args)
+
+
+def split_opt(opt: str) -> t.Tuple[str, str]:
+    first = opt[:1]
+    if first.isalnum():
+        return "", opt
+    if opt[1:2] == first:
+        return opt[:2], opt[2:]
+    return first, opt[1:]
+
+
+def normalize_opt(opt: str, ctx: t.Optional["Context"]) -> str:
+    if ctx is None or ctx.token_normalize_func is None:
+        return opt
+    prefix, opt = split_opt(opt)
+    return f"{prefix}{ctx.token_normalize_func(opt)}"
+
+
+def split_arg_string(string: str) -> t.List[str]:
+    """Split an argument string as with :func:`shlex.split`, but don't
+    fail if the string is incomplete. Ignores a missing closing quote or
+    incomplete escape sequence and uses the partial token as-is.
+
+    .. code-block:: python
+
+        split_arg_string("example 'my file")
+        ["example", "my file"]
+
+        split_arg_string("example my\\")
+        ["example", "my"]
+
+    :param string: String to split.
+    """
+    import shlex
+
+    lex = shlex.shlex(string, posix=True)
+    lex.whitespace_split = True
+    lex.commenters = ""
+    out = []
+
+    try:
+        for token in lex:
+            out.append(token)
+    except ValueError:
+        # Raised when end-of-string is reached in an invalid state. Use
+        # the partial token as-is. The quote or escape character is in
+        # lex.state, not lex.token.
+        out.append(lex.token)
+
+    return out
+
+
+class Option:
+    def __init__(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ):
+        self._short_opts = []
+        self._long_opts = []
+        self.prefixes: t.Set[str] = set()
+
+        for opt in opts:
+            prefix, value = split_opt(opt)
+            if not prefix:
+                raise ValueError(f"Invalid start character for option ({opt})")
+            self.prefixes.add(prefix[0])
+            if len(prefix) == 1 and len(value) == 1:
+                self._short_opts.append(opt)
+            else:
+                self._long_opts.append(opt)
+                self.prefixes.add(prefix)
+
+        if action is None:
+            action = "store"
+
+        self.dest = dest
+        self.action = action
+        self.nargs = nargs
+        self.const = const
+        self.obj = obj
+
+    @property
+    def takes_value(self) -> bool:
+        return self.action in ("store", "append")
+
+    def process(self, value: t.Any, state: "ParsingState") -> None:
+        if self.action == "store":
+            state.opts[self.dest] = value  # type: ignore
+        elif self.action == "store_const":
+            state.opts[self.dest] = self.const  # type: ignore
+        elif self.action == "append":
+            state.opts.setdefault(self.dest, []).append(value)  # type: ignore
+        elif self.action == "append_const":
+            state.opts.setdefault(self.dest, []).append(self.const)  # type: ignore
+        elif self.action == "count":
+            state.opts[self.dest] = state.opts.get(self.dest, 0) + 1  # type: ignore
+        else:
+            raise ValueError(f"unknown action '{self.action}'")
+        state.order.append(self.obj)
+
+
+class Argument:
+    def __init__(self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1):
+        self.dest = dest
+        self.nargs = nargs
+        self.obj = obj
+
+    def process(
+        self,
+        value: t.Union[t.Optional[str], t.Sequence[t.Optional[str]]],
+        state: "ParsingState",
+    ) -> None:
+        if self.nargs > 1:
+            assert value is not None
+            holes = sum(1 for x in value if x is None)
+            if holes == len(value):
+                value = None
+            elif holes != 0:
+                raise BadArgumentUsage(
+                    _("Argument {name!r} takes {nargs} values.").format(
+                        name=self.dest, nargs=self.nargs
+                    )
+                )
+
+        if self.nargs == -1 and self.obj.envvar is not None and value == ():
+            # Replace empty tuple with None so that a value from the
+            # environment may be tried.
+            value = None
+
+        state.opts[self.dest] = value  # type: ignore
+        state.order.append(self.obj)
+
+
+class ParsingState:
+    def __init__(self, rargs: t.List[str]) -> None:
+        self.opts: t.Dict[str, t.Any] = {}
+        self.largs: t.List[str] = []
+        self.rargs = rargs
+        self.order: t.List["CoreParameter"] = []
+
+
+class OptionParser:
+    """The option parser is an internal class that is ultimately used to
+    parse options and arguments.  It's modelled after optparse and brings
+    a similar but vastly simplified API.  It should generally not be used
+    directly as the high level Click classes wrap it for you.
+
+    It's not nearly as extensible as optparse or argparse as it does not
+    implement features that are implemented on a higher level (such as
+    types or defaults).
+
+    :param ctx: optionally the :class:`~click.Context` where this parser
+                should go with.
+    """
+
+    def __init__(self, ctx: t.Optional["Context"] = None) -> None:
+        #: The :class:`~click.Context` for this parser.  This might be
+        #: `None` for some advanced use cases.
+        self.ctx = ctx
+        #: This controls how the parser deals with interspersed arguments.
+        #: If this is set to `False`, the parser will stop on the first
+        #: non-option.  Click uses this to implement nested subcommands
+        #: safely.
+        self.allow_interspersed_args: bool = True
+        #: This tells the parser how to deal with unknown options.  By
+        #: default it will error out (which is sensible), but there is a
+        #: second mode where it will ignore it and continue processing
+        #: after shifting all the unknown options into the resulting args.
+        self.ignore_unknown_options: bool = False
+
+        if ctx is not None:
+            self.allow_interspersed_args = ctx.allow_interspersed_args
+            self.ignore_unknown_options = ctx.ignore_unknown_options
+
+        self._short_opt: t.Dict[str, Option] = {}
+        self._long_opt: t.Dict[str, Option] = {}
+        self._opt_prefixes = {"-", "--"}
+        self._args: t.List[Argument] = []
+
+    def add_option(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ) -> None:
+        """Adds a new option named `dest` to the parser.  The destination
+        is not inferred (unlike with optparse) and needs to be explicitly
+        provided.  Action can be any of ``store``, ``store_const``,
+        ``append``, ``append_const`` or ``count``.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        opts = [normalize_opt(opt, self.ctx) for opt in opts]
+        option = Option(obj, opts, dest, action=action, nargs=nargs, const=const)
+        self._opt_prefixes.update(option.prefixes)
+        for opt in option._short_opts:
+            self._short_opt[opt] = option
+        for opt in option._long_opts:
+            self._long_opt[opt] = option
+
+    def add_argument(
+        self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1
+    ) -> None:
+        """Adds a positional argument named `dest` to the parser.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        self._args.append(Argument(obj, dest=dest, nargs=nargs))
+
+    def parse_args(
+        self, args: t.List[str]
+    ) -> t.Tuple[t.Dict[str, t.Any], t.List[str], t.List["CoreParameter"]]:
+        """Parses positional arguments and returns ``(values, args, order)``
+        for the parsed options and arguments as well as the leftover
+        arguments if there are any.  The order is a list of objects as they
+        appear on the command line.  If arguments appear multiple times they
+        will be memorized multiple times as well.
+        """
+        state = ParsingState(args)
+        try:
+            self._process_args_for_options(state)
+            self._process_args_for_args(state)
+        except UsageError:
+            if self.ctx is None or not self.ctx.resilient_parsing:
+                raise
+        return state.opts, state.largs, state.order
+
+    def _process_args_for_args(self, state: ParsingState) -> None:
+        pargs, args = _unpack_args(
+            state.largs + state.rargs, [x.nargs for x in self._args]
+        )
+
+        for idx, arg in enumerate(self._args):
+            arg.process(pargs[idx], state)
+
+        state.largs = args
+        state.rargs = []
+
+    def _process_args_for_options(self, state: ParsingState) -> None:
+        while state.rargs:
+            arg = state.rargs.pop(0)
+            arglen = len(arg)
+            # Double dashes always handled explicitly regardless of what
+            # prefixes are valid.
+            if arg == "--":
+                return
+            elif arg[:1] in self._opt_prefixes and arglen > 1:
+                self._process_opts(arg, state)
+            elif self.allow_interspersed_args:
+                state.largs.append(arg)
+            else:
+                state.rargs.insert(0, arg)
+                return
+
+        # Say this is the original argument list:
+        # [arg0, arg1, ..., arg(i-1), arg(i), arg(i+1), ..., arg(N-1)]
+        #                            ^
+        # (we are about to process arg(i)).
+        #
+        # Then rargs is [arg(i), ..., arg(N-1)] and largs is a *subset* of
+        # [arg0, ..., arg(i-1)] (any options and their arguments will have
+        # been removed from largs).
+        #
+        # The while loop will usually consume 1 or more arguments per pass.
+        # If it consumes 1 (eg. arg is an option that takes no arguments),
+        # then after _process_arg() is done the situation is:
+        #
+        #   largs = subset of [arg0, ..., arg(i)]
+        #   rargs = [arg(i+1), ..., arg(N-1)]
+        #
+        # If allow_interspersed_args is false, largs will always be
+        # *empty* -- still a subset of [arg0, ..., arg(i-1)], but
+        # not a very interesting subset!
+
+    def _match_long_opt(
+        self, opt: str, explicit_value: t.Optional[str], state: ParsingState
+    ) -> None:
+        if opt not in self._long_opt:
+            from difflib import get_close_matches
+
+            possibilities = get_close_matches(opt, self._long_opt)
+            raise NoSuchOption(opt, possibilities=possibilities, ctx=self.ctx)
+
+        option = self._long_opt[opt]
+        if option.takes_value:
+            # At this point it's safe to modify rargs by injecting the
+            # explicit value, because no exception is raised in this
+            # branch.  This means that the inserted value will be fully
+            # consumed.
+            if explicit_value is not None:
+                state.rargs.insert(0, explicit_value)
+
+            value = self._get_value_from_state(opt, option, state)
+
+        elif explicit_value is not None:
+            raise BadOptionUsage(
+                opt, _("Option {name!r} does not take a value.").format(name=opt)
+            )
+
+        else:
+            value = None
+
+        option.process(value, state)
+
+    def _match_short_opt(self, arg: str, state: ParsingState) -> None:
+        stop = False
+        i = 1
+        prefix = arg[0]
+        unknown_options = []
+
+        for ch in arg[1:]:
+            opt = normalize_opt(f"{prefix}{ch}", self.ctx)
+            option = self._short_opt.get(opt)
+            i += 1
+
+            if not option:
+                if self.ignore_unknown_options:
+                    unknown_options.append(ch)
+                    continue
+                raise NoSuchOption(opt, ctx=self.ctx)
+            if option.takes_value:
+                # Any characters left in arg?  Pretend they're the
+                # next arg, and stop consuming characters of arg.
+                if i < len(arg):
+                    state.rargs.insert(0, arg[i:])
+                    stop = True
+
+                value = self._get_value_from_state(opt, option, state)
+
+            else:
+                value = None
+
+            option.process(value, state)
+
+            if stop:
+                break
+
+        # If we got any unknown options we recombine the string of the
+        # remaining options and re-attach the prefix, then report that
+        # to the state as new larg.  This way there is basic combinatorics
+        # that can be achieved while still ignoring unknown arguments.
+        if self.ignore_unknown_options and unknown_options:
+            state.largs.append(f"{prefix}{''.join(unknown_options)}")
+
+    def _get_value_from_state(
+        self, option_name: str, option: Option, state: ParsingState
+    ) -> t.Any:
+        nargs = option.nargs
+
+        if len(state.rargs) < nargs:
+            if option.obj._flag_needs_value:
+                # Option allows omitting the value.
+                value = _flag_needs_value
+            else:
+                raise BadOptionUsage(
+                    option_name,
+                    ngettext(
+                        "Option {name!r} requires an argument.",
+                        "Option {name!r} requires {nargs} arguments.",
+                        nargs,
+                    ).format(name=option_name, nargs=nargs),
+                )
+        elif nargs == 1:
+            next_rarg = state.rargs[0]
+
+            if (
+                option.obj._flag_needs_value
+                and isinstance(next_rarg, str)
+                and next_rarg[:1] in self._opt_prefixes
+                and len(next_rarg) > 1
+            ):
+                # The next arg looks like the start of an option, don't
+                # use it as the value if omitting the value is allowed.
+                value = _flag_needs_value
+            else:
+                value = state.rargs.pop(0)
+        else:
+            value = tuple(state.rargs[:nargs])
+            del state.rargs[:nargs]
+
+        return value
+
+    def _process_opts(self, arg: str, state: ParsingState) -> None:
+        explicit_value = None
+        # Long option handling happens in two parts.  The first part is
+        # supporting explicitly attached values.  In any case, we will try
+        # to long match the option first.
+        if "=" in arg:
+            long_opt, explicit_value = arg.split("=", 1)
+        else:
+            long_opt = arg
+        norm_long_opt = normalize_opt(long_opt, self.ctx)
+
+        # At this point we will match the (assumed) long option through
+        # the long option matching code.  Note that this allows options
+        # like "-foo" to be matched as long options.
+        try:
+            self._match_long_opt(norm_long_opt, explicit_value, state)
+        except NoSuchOption:
+            # At this point the long option matching failed, and we need
+            # to try with short options.  However there is a special rule
+            # which says, that if we have a two character options prefix
+            # (applies to "--foo" for instance), we do not dispatch to the
+            # short option code and will instead raise the no option
+            # error.
+            if arg[:2] not in self._opt_prefixes:
+                self._match_short_opt(arg, state)
+                return
+
+            if not self.ignore_unknown_options:
+                raise
+
+            state.largs.append(arg)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/py.typed b/lib/go-jinja2/internal/data/linux-amd64/click/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/shell_completion.py b/lib/go-jinja2/internal/data/linux-amd64/click/shell_completion.py
new file mode 100644
index 000000000..dc9e00b9b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/shell_completion.py
@@ -0,0 +1,596 @@
+import os
+import re
+import typing as t
+from gettext import gettext as _
+
+from .core import Argument
+from .core import BaseCommand
+from .core import Context
+from .core import MultiCommand
+from .core import Option
+from .core import Parameter
+from .core import ParameterSource
+from .parser import split_arg_string
+from .utils import echo
+
+
+def shell_complete(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    complete_var: str,
+    instruction: str,
+) -> int:
+    """Perform shell completion for the given CLI program.
+
+    :param cli: Command being called.
+    :param ctx_args: Extra arguments to pass to
+        ``cli.make_context``.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+    :param instruction: Value of ``complete_var`` with the completion
+        instruction and shell, in the form ``instruction_shell``.
+    :return: Status code to exit with.
+    """
+    shell, _, instruction = instruction.partition("_")
+    comp_cls = get_completion_class(shell)
+
+    if comp_cls is None:
+        return 1
+
+    comp = comp_cls(cli, ctx_args, prog_name, complete_var)
+
+    if instruction == "source":
+        echo(comp.source())
+        return 0
+
+    if instruction == "complete":
+        echo(comp.complete())
+        return 0
+
+    return 1
+
+
+class CompletionItem:
+    """Represents a completion value and metadata about the value. The
+    default metadata is ``type`` to indicate special shell handling,
+    and ``help`` if a shell supports showing a help string next to the
+    value.
+
+    Arbitrary parameters can be passed when creating the object, and
+    accessed using ``item.attr``. If an attribute wasn't passed,
+    accessing it returns ``None``.
+
+    :param value: The completion suggestion.
+    :param type: Tells the shell script to provide special completion
+        support for the type. Click uses ``"dir"`` and ``"file"``.
+    :param help: String shown next to the value if supported.
+    :param kwargs: Arbitrary metadata. The built-in implementations
+        don't use this, but custom type completions paired with custom
+        shell support could use it.
+    """
+
+    __slots__ = ("value", "type", "help", "_info")
+
+    def __init__(
+        self,
+        value: t.Any,
+        type: str = "plain",
+        help: t.Optional[str] = None,
+        **kwargs: t.Any,
+    ) -> None:
+        self.value: t.Any = value
+        self.type: str = type
+        self.help: t.Optional[str] = help
+        self._info = kwargs
+
+    def __getattr__(self, name: str) -> t.Any:
+        return self._info.get(name)
+
+
+# Only Bash >= 4.4 has the nosort option.
+_SOURCE_BASH = """\
+%(complete_func)s() {
+    local IFS=$'\\n'
+    local response
+
+    response=$(env COMP_WORDS="${COMP_WORDS[*]}" COMP_CWORD=$COMP_CWORD \
+%(complete_var)s=bash_complete $1)
+
+    for completion in $response; do
+        IFS=',' read type value <<< "$completion"
+
+        if [[ $type == 'dir' ]]; then
+            COMPREPLY=()
+            compopt -o dirnames
+        elif [[ $type == 'file' ]]; then
+            COMPREPLY=()
+            compopt -o default
+        elif [[ $type == 'plain' ]]; then
+            COMPREPLY+=($value)
+        fi
+    done
+
+    return 0
+}
+
+%(complete_func)s_setup() {
+    complete -o nosort -F %(complete_func)s %(prog_name)s
+}
+
+%(complete_func)s_setup;
+"""
+
+_SOURCE_ZSH = """\
+#compdef %(prog_name)s
+
+%(complete_func)s() {
+    local -a completions
+    local -a completions_with_descriptions
+    local -a response
+    (( ! $+commands[%(prog_name)s] )) && return 1
+
+    response=("${(@f)$(env COMP_WORDS="${words[*]}" COMP_CWORD=$((CURRENT-1)) \
+%(complete_var)s=zsh_complete %(prog_name)s)}")
+
+    for type key descr in ${response}; do
+        if [[ "$type" == "plain" ]]; then
+            if [[ "$descr" == "_" ]]; then
+                completions+=("$key")
+            else
+                completions_with_descriptions+=("$key":"$descr")
+            fi
+        elif [[ "$type" == "dir" ]]; then
+            _path_files -/
+        elif [[ "$type" == "file" ]]; then
+            _path_files -f
+        fi
+    done
+
+    if [ -n "$completions_with_descriptions" ]; then
+        _describe -V unsorted completions_with_descriptions -U
+    fi
+
+    if [ -n "$completions" ]; then
+        compadd -U -V unsorted -a completions
+    fi
+}
+
+if [[ $zsh_eval_context[-1] == loadautofunc ]]; then
+    # autoload from fpath, call function directly
+    %(complete_func)s "$@"
+else
+    # eval/source/. command, register function for later
+    compdef %(complete_func)s %(prog_name)s
+fi
+"""
+
+_SOURCE_FISH = """\
+function %(complete_func)s;
+    set -l response (env %(complete_var)s=fish_complete COMP_WORDS=(commandline -cp) \
+COMP_CWORD=(commandline -t) %(prog_name)s);
+
+    for completion in $response;
+        set -l metadata (string split "," $completion);
+
+        if test $metadata[1] = "dir";
+            __fish_complete_directories $metadata[2];
+        else if test $metadata[1] = "file";
+            __fish_complete_path $metadata[2];
+        else if test $metadata[1] = "plain";
+            echo $metadata[2];
+        end;
+    end;
+end;
+
+complete --no-files --command %(prog_name)s --arguments \
+"(%(complete_func)s)";
+"""
+
+
+class ShellComplete:
+    """Base class for providing shell completion support. A subclass for
+    a given shell will override attributes and methods to implement the
+    completion instructions (``source`` and ``complete``).
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+
+    .. versionadded:: 8.0
+    """
+
+    name: t.ClassVar[str]
+    """Name to register the shell as with :func:`add_completion_class`.
+    This is used in completion instructions (``{name}_source`` and
+    ``{name}_complete``).
+    """
+
+    source_template: t.ClassVar[str]
+    """Completion script template formatted by :meth:`source`. This must
+    be provided by subclasses.
+    """
+
+    def __init__(
+        self,
+        cli: BaseCommand,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: str,
+    ) -> None:
+        self.cli = cli
+        self.ctx_args = ctx_args
+        self.prog_name = prog_name
+        self.complete_var = complete_var
+
+    @property
+    def func_name(self) -> str:
+        """The name of the shell function defined by the completion
+        script.
+        """
+        safe_name = re.sub(r"\W*", "", self.prog_name.replace("-", "_"), flags=re.ASCII)
+        return f"_{safe_name}_completion"
+
+    def source_vars(self) -> t.Dict[str, t.Any]:
+        """Vars for formatting :attr:`source_template`.
+
+        By default this provides ``complete_func``, ``complete_var``,
+        and ``prog_name``.
+        """
+        return {
+            "complete_func": self.func_name,
+            "complete_var": self.complete_var,
+            "prog_name": self.prog_name,
+        }
+
+    def source(self) -> str:
+        """Produce the shell script that defines the completion
+        function. By default this ``%``-style formats
+        :attr:`source_template` with the dict returned by
+        :meth:`source_vars`.
+        """
+        return self.source_template % self.source_vars()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        """Use the env vars defined by the shell script to return a
+        tuple of ``args, incomplete``. This must be implemented by
+        subclasses.
+        """
+        raise NotImplementedError
+
+    def get_completions(
+        self, args: t.List[str], incomplete: str
+    ) -> t.List[CompletionItem]:
+        """Determine the context and last complete command or parameter
+        from the complete args. Call that object's ``shell_complete``
+        method to get the completions for the incomplete value.
+
+        :param args: List of complete args before the incomplete value.
+        :param incomplete: Value being completed. May be empty.
+        """
+        ctx = _resolve_context(self.cli, self.ctx_args, self.prog_name, args)
+        obj, incomplete = _resolve_incomplete(ctx, args, incomplete)
+        return obj.shell_complete(ctx, incomplete)
+
+    def format_completion(self, item: CompletionItem) -> str:
+        """Format a completion item into the form recognized by the
+        shell script. This must be implemented by subclasses.
+
+        :param item: Completion item to format.
+        """
+        raise NotImplementedError
+
+    def complete(self) -> str:
+        """Produce the completion data to send back to the shell.
+
+        By default this calls :meth:`get_completion_args`, gets the
+        completions, then calls :meth:`format_completion` for each
+        completion.
+        """
+        args, incomplete = self.get_completion_args()
+        completions = self.get_completions(args, incomplete)
+        out = [self.format_completion(item) for item in completions]
+        return "\n".join(out)
+
+
+class BashComplete(ShellComplete):
+    """Shell completion for Bash."""
+
+    name = "bash"
+    source_template = _SOURCE_BASH
+
+    @staticmethod
+    def _check_version() -> None:
+        import subprocess
+
+        output = subprocess.run(
+            ["bash", "-c", 'echo "${BASH_VERSION}"'], stdout=subprocess.PIPE
+        )
+        match = re.search(r"^(\d+)\.(\d+)\.\d+", output.stdout.decode())
+
+        if match is not None:
+            major, minor = match.groups()
+
+            if major < "4" or major == "4" and minor < "4":
+                echo(
+                    _(
+                        "Shell completion is not supported for Bash"
+                        " versions older than 4.4."
+                    ),
+                    err=True,
+                )
+        else:
+            echo(
+                _("Couldn't detect Bash version, shell completion is not supported."),
+                err=True,
+            )
+
+    def source(self) -> str:
+        self._check_version()
+        return super().source()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type},{item.value}"
+
+
+class ZshComplete(ShellComplete):
+    """Shell completion for Zsh."""
+
+    name = "zsh"
+    source_template = _SOURCE_ZSH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type}\n{item.value}\n{item.help if item.help else '_'}"
+
+
+class FishComplete(ShellComplete):
+    """Shell completion for Fish."""
+
+    name = "fish"
+    source_template = _SOURCE_FISH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        incomplete = os.environ["COMP_CWORD"]
+        args = cwords[1:]
+
+        # Fish stores the partial word in both COMP_WORDS and
+        # COMP_CWORD, remove it from complete args.
+        if incomplete and args and args[-1] == incomplete:
+            args.pop()
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        if item.help:
+            return f"{item.type},{item.value}\t{item.help}"
+
+        return f"{item.type},{item.value}"
+
+
+ShellCompleteType = t.TypeVar("ShellCompleteType", bound=t.Type[ShellComplete])
+
+
+_available_shells: t.Dict[str, t.Type[ShellComplete]] = {
+    "bash": BashComplete,
+    "fish": FishComplete,
+    "zsh": ZshComplete,
+}
+
+
+def add_completion_class(
+    cls: ShellCompleteType, name: t.Optional[str] = None
+) -> ShellCompleteType:
+    """Register a :class:`ShellComplete` subclass under the given name.
+    The name will be provided by the completion instruction environment
+    variable during completion.
+
+    :param cls: The completion class that will handle completion for the
+        shell.
+    :param name: Name to register the class under. Defaults to the
+        class's ``name`` attribute.
+    """
+    if name is None:
+        name = cls.name
+
+    _available_shells[name] = cls
+
+    return cls
+
+
+def get_completion_class(shell: str) -> t.Optional[t.Type[ShellComplete]]:
+    """Look up a registered :class:`ShellComplete` subclass by the name
+    provided by the completion instruction environment variable. If the
+    name isn't registered, returns ``None``.
+
+    :param shell: Name the class is registered under.
+    """
+    return _available_shells.get(shell)
+
+
+def _is_incomplete_argument(ctx: Context, param: Parameter) -> bool:
+    """Determine if the given parameter is an argument that can still
+    accept values.
+
+    :param ctx: Invocation context for the command represented by the
+        parsed complete args.
+    :param param: Argument object being checked.
+    """
+    if not isinstance(param, Argument):
+        return False
+
+    assert param.name is not None
+    # Will be None if expose_value is False.
+    value = ctx.params.get(param.name)
+    return (
+        param.nargs == -1
+        or ctx.get_parameter_source(param.name) is not ParameterSource.COMMANDLINE
+        or (
+            param.nargs > 1
+            and isinstance(value, (tuple, list))
+            and len(value) < param.nargs
+        )
+    )
+
+
+def _start_of_option(ctx: Context, value: str) -> bool:
+    """Check if the value looks like the start of an option."""
+    if not value:
+        return False
+
+    c = value[0]
+    return c in ctx._opt_prefixes
+
+
+def _is_incomplete_option(ctx: Context, args: t.List[str], param: Parameter) -> bool:
+    """Determine if the given parameter is an option that needs a value.
+
+    :param args: List of complete args before the incomplete value.
+    :param param: Option object being checked.
+    """
+    if not isinstance(param, Option):
+        return False
+
+    if param.is_flag or param.count:
+        return False
+
+    last_option = None
+
+    for index, arg in enumerate(reversed(args)):
+        if index + 1 > param.nargs:
+            break
+
+        if _start_of_option(ctx, arg):
+            last_option = arg
+
+    return last_option is not None and last_option in param.opts
+
+
+def _resolve_context(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    args: t.List[str],
+) -> Context:
+    """Produce the context hierarchy starting with the command and
+    traversing the complete arguments. This only follows the commands,
+    it doesn't trigger input prompts or callbacks.
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param args: List of complete args before the incomplete value.
+    """
+    ctx_args["resilient_parsing"] = True
+    ctx = cli.make_context(prog_name, args.copy(), **ctx_args)
+    args = ctx.protected_args + ctx.args
+
+    while args:
+        command = ctx.command
+
+        if isinstance(command, MultiCommand):
+            if not command.chain:
+                name, cmd, args = command.resolve_command(ctx, args)
+
+                if cmd is None:
+                    return ctx
+
+                ctx = cmd.make_context(name, args, parent=ctx, resilient_parsing=True)
+                args = ctx.protected_args + ctx.args
+            else:
+                sub_ctx = ctx
+
+                while args:
+                    name, cmd, args = command.resolve_command(ctx, args)
+
+                    if cmd is None:
+                        return ctx
+
+                    sub_ctx = cmd.make_context(
+                        name,
+                        args,
+                        parent=ctx,
+                        allow_extra_args=True,
+                        allow_interspersed_args=False,
+                        resilient_parsing=True,
+                    )
+                    args = sub_ctx.args
+
+                ctx = sub_ctx
+                args = [*sub_ctx.protected_args, *sub_ctx.args]
+        else:
+            break
+
+    return ctx
+
+
+def _resolve_incomplete(
+    ctx: Context, args: t.List[str], incomplete: str
+) -> t.Tuple[t.Union[BaseCommand, Parameter], str]:
+    """Find the Click object that will handle the completion of the
+    incomplete value. Return the object and the incomplete value.
+
+    :param ctx: Invocation context for the command represented by
+        the parsed complete args.
+    :param args: List of complete args before the incomplete value.
+    :param incomplete: Value being completed. May be empty.
+    """
+    # Different shells treat an "=" between a long option name and
+    # value differently. Might keep the value joined, return the "="
+    # as a separate item, or return the split name and value. Always
+    # split and discard the "=" to make completion easier.
+    if incomplete == "=":
+        incomplete = ""
+    elif "=" in incomplete and _start_of_option(ctx, incomplete):
+        name, _, incomplete = incomplete.partition("=")
+        args.append(name)
+
+    # The "--" marker tells Click to stop treating values as options
+    # even if they start with the option character. If it hasn't been
+    # given and the incomplete arg looks like an option, the current
+    # command will provide option name completions.
+    if "--" not in args and _start_of_option(ctx, incomplete):
+        return ctx.command, incomplete
+
+    params = ctx.command.get_params(ctx)
+
+    # If the last complete arg is an option name with an incomplete
+    # value, the option will provide value completions.
+    for param in params:
+        if _is_incomplete_option(ctx, args, param):
+            return param, incomplete
+
+    # It's not an option name or value. The first argument without a
+    # parsed value will provide value completions.
+    for param in params:
+        if _is_incomplete_argument(ctx, param):
+            return param, incomplete
+
+    # There were no unparsed arguments, the command may be a group that
+    # will provide command name completions.
+    return ctx.command, incomplete
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/termui.py b/lib/go-jinja2/internal/data/linux-amd64/click/termui.py
new file mode 100644
index 000000000..db7a4b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/termui.py
@@ -0,0 +1,784 @@
+import inspect
+import io
+import itertools
+import sys
+import typing as t
+from gettext import gettext as _
+
+from ._compat import isatty
+from ._compat import strip_ansi
+from .exceptions import Abort
+from .exceptions import UsageError
+from .globals import resolve_color_default
+from .types import Choice
+from .types import convert_type
+from .types import ParamType
+from .utils import echo
+from .utils import LazyFile
+
+if t.TYPE_CHECKING:
+    from ._termui_impl import ProgressBar
+
+V = t.TypeVar("V")
+
+# The prompt functions to use.  The doc tools currently override these
+# functions to customize how they work.
+visible_prompt_func: t.Callable[[str], str] = input
+
+_ansi_colors = {
+    "black": 30,
+    "red": 31,
+    "green": 32,
+    "yellow": 33,
+    "blue": 34,
+    "magenta": 35,
+    "cyan": 36,
+    "white": 37,
+    "reset": 39,
+    "bright_black": 90,
+    "bright_red": 91,
+    "bright_green": 92,
+    "bright_yellow": 93,
+    "bright_blue": 94,
+    "bright_magenta": 95,
+    "bright_cyan": 96,
+    "bright_white": 97,
+}
+_ansi_reset_all = "\033[0m"
+
+
+def hidden_prompt_func(prompt: str) -> str:
+    import getpass
+
+    return getpass.getpass(prompt)
+
+
+def _build_prompt(
+    text: str,
+    suffix: str,
+    show_default: bool = False,
+    default: t.Optional[t.Any] = None,
+    show_choices: bool = True,
+    type: t.Optional[ParamType] = None,
+) -> str:
+    prompt = text
+    if type is not None and show_choices and isinstance(type, Choice):
+        prompt += f" ({', '.join(map(str, type.choices))})"
+    if default is not None and show_default:
+        prompt = f"{prompt} [{_format_default(default)}]"
+    return f"{prompt}{suffix}"
+
+
+def _format_default(default: t.Any) -> t.Any:
+    if isinstance(default, (io.IOBase, LazyFile)) and hasattr(default, "name"):
+        return default.name
+
+    return default
+
+
+def prompt(
+    text: str,
+    default: t.Optional[t.Any] = None,
+    hide_input: bool = False,
+    confirmation_prompt: t.Union[bool, str] = False,
+    type: t.Optional[t.Union[ParamType, t.Any]] = None,
+    value_proc: t.Optional[t.Callable[[str], t.Any]] = None,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+    show_choices: bool = True,
+) -> t.Any:
+    """Prompts a user for input.  This is a convenience function that can
+    be used to prompt a user for input later.
+
+    If the user aborts the input by sending an interrupt signal, this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the text to show for the prompt.
+    :param default: the default value to use if no input happens.  If this
+                    is not given it will prompt until it's aborted.
+    :param hide_input: if this is set to true then the input value will
+                       be hidden.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value. Can be set to a string instead of ``True`` to customize
+        the message.
+    :param type: the type to use to check the value against.
+    :param value_proc: if this parameter is provided it's a function that
+                       is invoked instead of the type conversion to
+                       convert a value.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    :param show_choices: Show or hide choices if the passed type is a Choice.
+                         For example if type is a Choice of either day or week,
+                         show_choices is true and text is "Group by" then the
+                         prompt will be "Group by (day, week): ".
+
+    .. versionadded:: 8.0
+        ``confirmation_prompt`` can be a custom string.
+
+    .. versionadded:: 7.0
+        Added the ``show_choices`` parameter.
+
+    .. versionadded:: 6.0
+        Added unicode support for cmd.exe on Windows.
+
+    .. versionadded:: 4.0
+        Added the `err` parameter.
+
+    """
+
+    def prompt_func(text: str) -> str:
+        f = hidden_prompt_func if hide_input else visible_prompt_func
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(text.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            return f(" ")
+        except (KeyboardInterrupt, EOFError):
+            # getpass doesn't print a newline if the user aborts input with ^C.
+            # Allegedly this behavior is inherited from getpass(3).
+            # A doc bug has been filed at https://bugs.python.org/issue24711
+            if hide_input:
+                echo(None, err=err)
+            raise Abort() from None
+
+    if value_proc is None:
+        value_proc = convert_type(type, default)
+
+    prompt = _build_prompt(
+        text, prompt_suffix, show_default, default, show_choices, type
+    )
+
+    if confirmation_prompt:
+        if confirmation_prompt is True:
+            confirmation_prompt = _("Repeat for confirmation")
+
+        confirmation_prompt = _build_prompt(confirmation_prompt, prompt_suffix)
+
+    while True:
+        while True:
+            value = prompt_func(prompt)
+            if value:
+                break
+            elif default is not None:
+                value = default
+                break
+        try:
+            result = value_proc(value)
+        except UsageError as e:
+            if hide_input:
+                echo(_("Error: The value you entered was invalid."), err=err)
+            else:
+                echo(_("Error: {e.message}").format(e=e), err=err)  # noqa: B306
+            continue
+        if not confirmation_prompt:
+            return result
+        while True:
+            value2 = prompt_func(confirmation_prompt)
+            is_empty = not value and not value2
+            if value2 or is_empty:
+                break
+        if value == value2:
+            return result
+        echo(_("Error: The two entered values do not match."), err=err)
+
+
+def confirm(
+    text: str,
+    default: t.Optional[bool] = False,
+    abort: bool = False,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+) -> bool:
+    """Prompts for confirmation (yes/no question).
+
+    If the user aborts the input by sending a interrupt signal this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the question to ask.
+    :param default: The default value to use when no input is given. If
+        ``None``, repeat until input is given.
+    :param abort: if this is set to `True` a negative answer aborts the
+                  exception by raising :exc:`Abort`.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+
+    .. versionchanged:: 8.0
+        Repeat until input is given if ``default`` is ``None``.
+
+    .. versionadded:: 4.0
+        Added the ``err`` parameter.
+    """
+    prompt = _build_prompt(
+        text,
+        prompt_suffix,
+        show_default,
+        "y/n" if default is None else ("Y/n" if default else "y/N"),
+    )
+
+    while True:
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(prompt.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            value = visible_prompt_func(" ").lower().strip()
+        except (KeyboardInterrupt, EOFError):
+            raise Abort() from None
+        if value in ("y", "yes"):
+            rv = True
+        elif value in ("n", "no"):
+            rv = False
+        elif default is not None and value == "":
+            rv = default
+        else:
+            echo(_("Error: invalid input"), err=err)
+            continue
+        break
+    if abort and not rv:
+        raise Abort()
+    return rv
+
+
+def echo_via_pager(
+    text_or_generator: t.Union[t.Iterable[str], t.Callable[[], t.Iterable[str]], str],
+    color: t.Optional[bool] = None,
+) -> None:
+    """This function takes a text and shows it via an environment specific
+    pager on stdout.
+
+    .. versionchanged:: 3.0
+       Added the `color` flag.
+
+    :param text_or_generator: the text to page, or alternatively, a
+                              generator emitting the text to page.
+    :param color: controls if the pager supports ANSI colors or not.  The
+                  default is autodetection.
+    """
+    color = resolve_color_default(color)
+
+    if inspect.isgeneratorfunction(text_or_generator):
+        i = t.cast(t.Callable[[], t.Iterable[str]], text_or_generator)()
+    elif isinstance(text_or_generator, str):
+        i = [text_or_generator]
+    else:
+        i = iter(t.cast(t.Iterable[str], text_or_generator))
+
+    # convert every element of i to a text type if necessary
+    text_generator = (el if isinstance(el, str) else str(el) for el in i)
+
+    from ._termui_impl import pager
+
+    return pager(itertools.chain(text_generator, "\n"), color)
+
+
+def progressbar(
+    iterable: t.Optional[t.Iterable[V]] = None,
+    length: t.Optional[int] = None,
+    label: t.Optional[str] = None,
+    show_eta: bool = True,
+    show_percent: t.Optional[bool] = None,
+    show_pos: bool = False,
+    item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+    fill_char: str = "#",
+    empty_char: str = "-",
+    bar_template: str = "%(label)s  [%(bar)s]  %(info)s",
+    info_sep: str = "  ",
+    width: int = 36,
+    file: t.Optional[t.TextIO] = None,
+    color: t.Optional[bool] = None,
+    update_min_steps: int = 1,
+) -> "ProgressBar[V]":
+    """This function creates an iterable context manager that can be used
+    to iterate over something while showing a progress bar.  It will
+    either iterate over the `iterable` or `length` items (that are counted
+    up).  While iteration happens, this function will print a rendered
+    progress bar to the given `file` (defaults to stdout) and will attempt
+    to calculate remaining time and more.  By default, this progress bar
+    will not be rendered if the file is not a terminal.
+
+    The context manager creates the progress bar.  When the context
+    manager is entered the progress bar is already created.  With every
+    iteration over the progress bar, the iterable passed to the bar is
+    advanced and the bar is updated.  When the context manager exits,
+    a newline is printed and the progress bar is finalized on screen.
+
+    Note: The progress bar is currently designed for use cases where the
+    total progress can be expected to take at least several seconds.
+    Because of this, the ProgressBar class object won't display
+    progress that is considered too fast, and progress where the time
+    between steps is less than a second.
+
+    No printing must happen or the progress bar will be unintentionally
+    destroyed.
+
+    Example usage::
+
+        with progressbar(items) as bar:
+            for item in bar:
+                do_something_with(item)
+
+    Alternatively, if no iterable is specified, one can manually update the
+    progress bar through the `update()` method instead of directly
+    iterating over the progress bar.  The update method accepts the number
+    of steps to increment the bar with::
+
+        with progressbar(length=chunks.total_bytes) as bar:
+            for chunk in chunks:
+                process_chunk(chunk)
+                bar.update(chunks.bytes)
+
+    The ``update()`` method also takes an optional value specifying the
+    ``current_item`` at the new position. This is useful when used
+    together with ``item_show_func`` to customize the output for each
+    manual step::
+
+        with click.progressbar(
+            length=total_size,
+            label='Unzipping archive',
+            item_show_func=lambda a: a.filename
+        ) as bar:
+            for archive in zip_file:
+                archive.extract()
+                bar.update(archive.size, archive)
+
+    :param iterable: an iterable to iterate over.  If not provided the length
+                     is required.
+    :param length: the number of items to iterate over.  By default the
+                   progressbar will attempt to ask the iterator about its
+                   length, which might or might not work.  If an iterable is
+                   also provided this parameter can be used to override the
+                   length.  If an iterable is not provided the progress bar
+                   will iterate over a range of that length.
+    :param label: the label to show next to the progress bar.
+    :param show_eta: enables or disables the estimated time display.  This is
+                     automatically disabled if the length cannot be
+                     determined.
+    :param show_percent: enables or disables the percentage display.  The
+                         default is `True` if the iterable has a length or
+                         `False` if not.
+    :param show_pos: enables or disables the absolute position display.  The
+                     default is `False`.
+    :param item_show_func: A function called with the current item which
+        can return a string to show next to the progress bar. If the
+        function returns ``None`` nothing is shown. The current item can
+        be ``None``, such as when entering and exiting the bar.
+    :param fill_char: the character to use to show the filled part of the
+                      progress bar.
+    :param empty_char: the character to use to show the non-filled part of
+                       the progress bar.
+    :param bar_template: the format string to use as template for the bar.
+                         The parameters in it are ``label`` for the label,
+                         ``bar`` for the progress bar and ``info`` for the
+                         info section.
+    :param info_sep: the separator between multiple info items (eta etc.)
+    :param width: the width of the progress bar in characters, 0 means full
+                  terminal width
+    :param file: The file to write to. If this is not a terminal then
+        only the label is printed.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are included anywhere in the progress bar output
+                  which is not the case by default.
+    :param update_min_steps: Render only when this many updates have
+        completed. This allows tuning for very fast iterators.
+
+    .. versionchanged:: 8.0
+        Output is shown even if execution time is less than 0.5 seconds.
+
+    .. versionchanged:: 8.0
+        ``item_show_func`` shows the current item, not the previous one.
+
+    .. versionchanged:: 8.0
+        Labels are echoed if the output is not a TTY. Reverts a change
+        in 7.0 that removed all output.
+
+    .. versionadded:: 8.0
+       Added the ``update_min_steps`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter. Added the ``update`` method to
+        the object.
+
+    .. versionadded:: 2.0
+    """
+    from ._termui_impl import ProgressBar
+
+    color = resolve_color_default(color)
+    return ProgressBar(
+        iterable=iterable,
+        length=length,
+        show_eta=show_eta,
+        show_percent=show_percent,
+        show_pos=show_pos,
+        item_show_func=item_show_func,
+        fill_char=fill_char,
+        empty_char=empty_char,
+        bar_template=bar_template,
+        info_sep=info_sep,
+        file=file,
+        label=label,
+        width=width,
+        color=color,
+        update_min_steps=update_min_steps,
+    )
+
+
+def clear() -> None:
+    """Clears the terminal screen.  This will have the effect of clearing
+    the whole visible space of the terminal and moving the cursor to the
+    top left.  This does not do anything if not connected to a terminal.
+
+    .. versionadded:: 2.0
+    """
+    if not isatty(sys.stdout):
+        return
+
+    # ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
+    echo("\033[2J\033[1;1H", nl=False)
+
+
+def _interpret_color(
+    color: t.Union[int, t.Tuple[int, int, int], str], offset: int = 0
+) -> str:
+    if isinstance(color, int):
+        return f"{38 + offset};5;{color:d}"
+
+    if isinstance(color, (tuple, list)):
+        r, g, b = color
+        return f"{38 + offset};2;{r:d};{g:d};{b:d}"
+
+    return str(_ansi_colors[color] + offset)
+
+
+def style(
+    text: t.Any,
+    fg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bold: t.Optional[bool] = None,
+    dim: t.Optional[bool] = None,
+    underline: t.Optional[bool] = None,
+    overline: t.Optional[bool] = None,
+    italic: t.Optional[bool] = None,
+    blink: t.Optional[bool] = None,
+    reverse: t.Optional[bool] = None,
+    strikethrough: t.Optional[bool] = None,
+    reset: bool = True,
+) -> str:
+    """Styles a text with ANSI styles and returns the new string.  By
+    default the styling is self contained which means that at the end
+    of the string a reset code is issued.  This can be prevented by
+    passing ``reset=False``.
+
+    Examples::
+
+        click.echo(click.style('Hello World!', fg='green'))
+        click.echo(click.style('ATTENTION!', blink=True))
+        click.echo(click.style('Some things', reverse=True, fg='cyan'))
+        click.echo(click.style('More colors', fg=(255, 12, 128), bg=117))
+
+    Supported color names:
+
+    * ``black`` (might be a gray)
+    * ``red``
+    * ``green``
+    * ``yellow`` (might be an orange)
+    * ``blue``
+    * ``magenta``
+    * ``cyan``
+    * ``white`` (might be light gray)
+    * ``bright_black``
+    * ``bright_red``
+    * ``bright_green``
+    * ``bright_yellow``
+    * ``bright_blue``
+    * ``bright_magenta``
+    * ``bright_cyan``
+    * ``bright_white``
+    * ``reset`` (reset the color code only)
+
+    If the terminal supports it, color may also be specified as:
+
+    -   An integer in the interval [0, 255]. The terminal must support
+        8-bit/256-color mode.
+    -   An RGB tuple of three integers in [0, 255]. The terminal must
+        support 24-bit/true-color mode.
+
+    See https://en.wikipedia.org/wiki/ANSI_color and
+    https://gist.github.com/XVilka/8346728 for more information.
+
+    :param text: the string to style with ansi codes.
+    :param fg: if provided this will become the foreground color.
+    :param bg: if provided this will become the background color.
+    :param bold: if provided this will enable or disable bold mode.
+    :param dim: if provided this will enable or disable dim mode.  This is
+                badly supported.
+    :param underline: if provided this will enable or disable underline.
+    :param overline: if provided this will enable or disable overline.
+    :param italic: if provided this will enable or disable italic.
+    :param blink: if provided this will enable or disable blinking.
+    :param reverse: if provided this will enable or disable inverse
+                    rendering (foreground becomes background and the
+                    other way round).
+    :param strikethrough: if provided this will enable or disable
+        striking through text.
+    :param reset: by default a reset-all code is added at the end of the
+                  string which means that styles do not carry over.  This
+                  can be disabled to compose styles.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string.
+
+    .. versionchanged:: 8.0
+       Added support for 256 and RGB color codes.
+
+    .. versionchanged:: 8.0
+        Added the ``strikethrough``, ``italic``, and ``overline``
+        parameters.
+
+    .. versionchanged:: 7.0
+        Added support for bright colors.
+
+    .. versionadded:: 2.0
+    """
+    if not isinstance(text, str):
+        text = str(text)
+
+    bits = []
+
+    if fg:
+        try:
+            bits.append(f"\033[{_interpret_color(fg)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {fg!r}") from None
+
+    if bg:
+        try:
+            bits.append(f"\033[{_interpret_color(bg, 10)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {bg!r}") from None
+
+    if bold is not None:
+        bits.append(f"\033[{1 if bold else 22}m")
+    if dim is not None:
+        bits.append(f"\033[{2 if dim else 22}m")
+    if underline is not None:
+        bits.append(f"\033[{4 if underline else 24}m")
+    if overline is not None:
+        bits.append(f"\033[{53 if overline else 55}m")
+    if italic is not None:
+        bits.append(f"\033[{3 if italic else 23}m")
+    if blink is not None:
+        bits.append(f"\033[{5 if blink else 25}m")
+    if reverse is not None:
+        bits.append(f"\033[{7 if reverse else 27}m")
+    if strikethrough is not None:
+        bits.append(f"\033[{9 if strikethrough else 29}m")
+    bits.append(text)
+    if reset:
+        bits.append(_ansi_reset_all)
+    return "".join(bits)
+
+
+def unstyle(text: str) -> str:
+    """Removes ANSI styling information from a string.  Usually it's not
+    necessary to use this function as Click's echo function will
+    automatically remove styling if necessary.
+
+    .. versionadded:: 2.0
+
+    :param text: the text to remove style information from.
+    """
+    return strip_ansi(text)
+
+
+def secho(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.AnyStr]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+    **styles: t.Any,
+) -> None:
+    """This function combines :func:`echo` and :func:`style` into one
+    call.  As such the following two calls are the same::
+
+        click.secho('Hello World!', fg='green')
+        click.echo(click.style('Hello World!', fg='green'))
+
+    All keyword arguments are forwarded to the underlying functions
+    depending on which one they go with.
+
+    Non-string types will be converted to :class:`str`. However,
+    :class:`bytes` are passed directly to :meth:`echo` without applying
+    style. If you want to style bytes that represent text, call
+    :meth:`bytes.decode` first.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string. Bytes are
+        passed through without style applied.
+
+    .. versionadded:: 2.0
+    """
+    if message is not None and not isinstance(message, (bytes, bytearray)):
+        message = style(message, **styles)
+
+    return echo(message, file=file, nl=nl, err=err, color=color)
+
+
+def edit(
+    text: t.Optional[t.AnyStr] = None,
+    editor: t.Optional[str] = None,
+    env: t.Optional[t.Mapping[str, str]] = None,
+    require_save: bool = True,
+    extension: str = ".txt",
+    filename: t.Optional[str] = None,
+) -> t.Optional[t.AnyStr]:
+    r"""Edits the given text in the defined editor.  If an editor is given
+    (should be the full path to the executable but the regular operating
+    system search path is used for finding the executable) it overrides
+    the detected editor.  Optionally, some environment variables can be
+    used.  If the editor is closed without changes, `None` is returned.  In
+    case a file is edited directly the return value is always `None` and
+    `require_save` and `extension` are ignored.
+
+    If the editor cannot be opened a :exc:`UsageError` is raised.
+
+    Note for Windows: to simplify cross-platform usage, the newlines are
+    automatically converted from POSIX to Windows and vice versa.  As such,
+    the message here will have ``\n`` as newline markers.
+
+    :param text: the text to edit.
+    :param editor: optionally the editor to use.  Defaults to automatic
+                   detection.
+    :param env: environment variables to forward to the editor.
+    :param require_save: if this is true, then not saving in the editor
+                         will make the return value become `None`.
+    :param extension: the extension to tell the editor about.  This defaults
+                      to `.txt` but changing this might change syntax
+                      highlighting.
+    :param filename: if provided it will edit this file instead of the
+                     provided text contents.  It will not use a temporary
+                     file as an indirection in that case.
+    """
+    from ._termui_impl import Editor
+
+    ed = Editor(editor=editor, env=env, require_save=require_save, extension=extension)
+
+    if filename is None:
+        return ed.edit(text)
+
+    ed.edit_file(filename)
+    return None
+
+
+def launch(url: str, wait: bool = False, locate: bool = False) -> int:
+    """This function launches the given URL (or filename) in the default
+    viewer application for this file type.  If this is an executable, it
+    might launch the executable in a new session.  The return value is
+    the exit code of the launched application.  Usually, ``0`` indicates
+    success.
+
+    Examples::
+
+        click.launch('https://click.palletsprojects.com/')
+        click.launch('/my/downloaded/file', locate=True)
+
+    .. versionadded:: 2.0
+
+    :param url: URL or filename of the thing to launch.
+    :param wait: Wait for the program to exit before returning. This
+        only works if the launched program blocks. In particular,
+        ``xdg-open`` on Linux does not block.
+    :param locate: if this is set to `True` then instead of launching the
+                   application associated with the URL it will attempt to
+                   launch a file manager with the file located.  This
+                   might have weird effects if the URL does not point to
+                   the filesystem.
+    """
+    from ._termui_impl import open_url
+
+    return open_url(url, wait=wait, locate=locate)
+
+
+# If this is provided, getchar() calls into this instead.  This is used
+# for unittesting purposes.
+_getchar: t.Optional[t.Callable[[bool], str]] = None
+
+
+def getchar(echo: bool = False) -> str:
+    """Fetches a single character from the terminal and returns it.  This
+    will always return a unicode character and under certain rare
+    circumstances this might return more than one character.  The
+    situations which more than one character is returned is when for
+    whatever reason multiple characters end up in the terminal buffer or
+    standard input was not actually a terminal.
+
+    Note that this will always read from the terminal, even if something
+    is piped into the standard input.
+
+    Note for Windows: in rare cases when typing non-ASCII characters, this
+    function might wait for a second character and then return both at once.
+    This is because certain Unicode characters look like special-key markers.
+
+    .. versionadded:: 2.0
+
+    :param echo: if set to `True`, the character read will also show up on
+                 the terminal.  The default is to not show it.
+    """
+    global _getchar
+
+    if _getchar is None:
+        from ._termui_impl import getchar as f
+
+        _getchar = f
+
+    return _getchar(echo)
+
+
+def raw_terminal() -> t.ContextManager[int]:
+    from ._termui_impl import raw_terminal as f
+
+    return f()
+
+
+def pause(info: t.Optional[str] = None, err: bool = False) -> None:
+    """This command stops execution and waits for the user to press any
+    key to continue.  This is similar to the Windows batch "pause"
+    command.  If the program is not run through a terminal, this command
+    will instead do nothing.
+
+    .. versionadded:: 2.0
+
+    .. versionadded:: 4.0
+       Added the `err` parameter.
+
+    :param info: The message to print before pausing. Defaults to
+        ``"Press any key to continue..."``.
+    :param err: if set to message goes to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    """
+    if not isatty(sys.stdin) or not isatty(sys.stdout):
+        return
+
+    if info is None:
+        info = _("Press any key to continue...")
+
+    try:
+        if info:
+            echo(info, nl=False, err=err)
+        try:
+            getchar()
+        except (KeyboardInterrupt, EOFError):
+            pass
+    finally:
+        if info:
+            echo(err=err)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/testing.py b/lib/go-jinja2/internal/data/linux-amd64/click/testing.py
new file mode 100644
index 000000000..e0df0d2a6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/testing.py
@@ -0,0 +1,479 @@
+import contextlib
+import io
+import os
+import shlex
+import shutil
+import sys
+import tempfile
+import typing as t
+from types import TracebackType
+
+from . import formatting
+from . import termui
+from . import utils
+from ._compat import _find_binary_reader
+
+if t.TYPE_CHECKING:
+    from .core import BaseCommand
+
+
+class EchoingStdin:
+    def __init__(self, input: t.BinaryIO, output: t.BinaryIO) -> None:
+        self._input = input
+        self._output = output
+        self._paused = False
+
+    def __getattr__(self, x: str) -> t.Any:
+        return getattr(self._input, x)
+
+    def _echo(self, rv: bytes) -> bytes:
+        if not self._paused:
+            self._output.write(rv)
+
+        return rv
+
+    def read(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read(n))
+
+    def read1(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read1(n))  # type: ignore
+
+    def readline(self, n: int = -1) -> bytes:
+        return self._echo(self._input.readline(n))
+
+    def readlines(self) -> t.List[bytes]:
+        return [self._echo(x) for x in self._input.readlines()]
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._echo(x) for x in self._input)
+
+    def __repr__(self) -> str:
+        return repr(self._input)
+
+
+@contextlib.contextmanager
+def _pause_echo(stream: t.Optional[EchoingStdin]) -> t.Iterator[None]:
+    if stream is None:
+        yield
+    else:
+        stream._paused = True
+        yield
+        stream._paused = False
+
+
+class _NamedTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self, buffer: t.BinaryIO, name: str, mode: str, **kwargs: t.Any
+    ) -> None:
+        super().__init__(buffer, **kwargs)
+        self._name = name
+        self._mode = mode
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def mode(self) -> str:
+        return self._mode
+
+
+def make_input_stream(
+    input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]], charset: str
+) -> t.BinaryIO:
+    # Is already an input stream.
+    if hasattr(input, "read"):
+        rv = _find_binary_reader(t.cast(t.IO[t.Any], input))
+
+        if rv is not None:
+            return rv
+
+        raise TypeError("Could not find binary reader for input stream.")
+
+    if input is None:
+        input = b""
+    elif isinstance(input, str):
+        input = input.encode(charset)
+
+    return io.BytesIO(input)
+
+
+class Result:
+    """Holds the captured result of an invoked CLI script."""
+
+    def __init__(
+        self,
+        runner: "CliRunner",
+        stdout_bytes: bytes,
+        stderr_bytes: t.Optional[bytes],
+        return_value: t.Any,
+        exit_code: int,
+        exception: t.Optional[BaseException],
+        exc_info: t.Optional[
+            t.Tuple[t.Type[BaseException], BaseException, TracebackType]
+        ] = None,
+    ):
+        #: The runner that created the result
+        self.runner = runner
+        #: The standard output as bytes.
+        self.stdout_bytes = stdout_bytes
+        #: The standard error as bytes, or None if not available
+        self.stderr_bytes = stderr_bytes
+        #: The value returned from the invoked command.
+        #:
+        #: .. versionadded:: 8.0
+        self.return_value = return_value
+        #: The exit code as integer.
+        self.exit_code = exit_code
+        #: The exception that happened if one did.
+        self.exception = exception
+        #: The traceback
+        self.exc_info = exc_info
+
+    @property
+    def output(self) -> str:
+        """The (standard) output as unicode string."""
+        return self.stdout
+
+    @property
+    def stdout(self) -> str:
+        """The standard output as unicode string."""
+        return self.stdout_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    @property
+    def stderr(self) -> str:
+        """The standard error as unicode string."""
+        if self.stderr_bytes is None:
+            raise ValueError("stderr not separately captured")
+        return self.stderr_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    def __repr__(self) -> str:
+        exc_str = repr(self.exception) if self.exception else "okay"
+        return f"<{type(self).__name__} {exc_str}>"
+
+
+class CliRunner:
+    """The CLI runner provides functionality to invoke a Click command line
+    script for unittesting purposes in a isolated environment.  This only
+    works in single-threaded systems without any concurrency as it changes the
+    global interpreter state.
+
+    :param charset: the character set for the input and output data.
+    :param env: a dictionary with environment variables for overriding.
+    :param echo_stdin: if this is set to `True`, then reading from stdin writes
+                       to stdout.  This is useful for showing examples in
+                       some circumstances.  Note that regular prompts
+                       will automatically echo the input.
+    :param mix_stderr: if this is set to `False`, then stdout and stderr are
+                       preserved as independent streams.  This is useful for
+                       Unix-philosophy apps that have predictable stdout and
+                       noisy stderr, such that each may be measured
+                       independently
+    """
+
+    def __init__(
+        self,
+        charset: str = "utf-8",
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        echo_stdin: bool = False,
+        mix_stderr: bool = True,
+    ) -> None:
+        self.charset = charset
+        self.env: t.Mapping[str, t.Optional[str]] = env or {}
+        self.echo_stdin = echo_stdin
+        self.mix_stderr = mix_stderr
+
+    def get_default_prog_name(self, cli: "BaseCommand") -> str:
+        """Given a command object it will return the default program name
+        for it.  The default is the `name` attribute or ``"root"`` if not
+        set.
+        """
+        return cli.name or "root"
+
+    def make_env(
+        self, overrides: t.Optional[t.Mapping[str, t.Optional[str]]] = None
+    ) -> t.Mapping[str, t.Optional[str]]:
+        """Returns the environment overrides for invoking a script."""
+        rv = dict(self.env)
+        if overrides:
+            rv.update(overrides)
+        return rv
+
+    @contextlib.contextmanager
+    def isolation(
+        self,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        color: bool = False,
+    ) -> t.Iterator[t.Tuple[io.BytesIO, t.Optional[io.BytesIO]]]:
+        """A context manager that sets up the isolation for invoking of a
+        command line tool.  This sets up stdin with the given input data
+        and `os.environ` with the overrides from the given dictionary.
+        This also rebinds some internals in Click to be mocked (like the
+        prompt functionality).
+
+        This is automatically done in the :meth:`invoke` method.
+
+        :param input: the input stream to put into sys.stdin.
+        :param env: the environment overrides as dictionary.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            ``stderr`` is opened with ``errors="backslashreplace"``
+            instead of the default ``"strict"``.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+        """
+        bytes_input = make_input_stream(input, self.charset)
+        echo_input = None
+
+        old_stdin = sys.stdin
+        old_stdout = sys.stdout
+        old_stderr = sys.stderr
+        old_forced_width = formatting.FORCED_WIDTH
+        formatting.FORCED_WIDTH = 80
+
+        env = self.make_env(env)
+
+        bytes_output = io.BytesIO()
+
+        if self.echo_stdin:
+            bytes_input = echo_input = t.cast(
+                t.BinaryIO, EchoingStdin(bytes_input, bytes_output)
+            )
+
+        sys.stdin = text_input = _NamedTextIOWrapper(
+            bytes_input, encoding=self.charset, name="<stdin>", mode="r"
+        )
+
+        if self.echo_stdin:
+            # Force unbuffered reads, otherwise TextIOWrapper reads a
+            # large chunk which is echoed early.
+            text_input._CHUNK_SIZE = 1  # type: ignore
+
+        sys.stdout = _NamedTextIOWrapper(
+            bytes_output, encoding=self.charset, name="<stdout>", mode="w"
+        )
+
+        bytes_error = None
+        if self.mix_stderr:
+            sys.stderr = sys.stdout
+        else:
+            bytes_error = io.BytesIO()
+            sys.stderr = _NamedTextIOWrapper(
+                bytes_error,
+                encoding=self.charset,
+                name="<stderr>",
+                mode="w",
+                errors="backslashreplace",
+            )
+
+        @_pause_echo(echo_input)  # type: ignore
+        def visible_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(prompt or "")
+            val = text_input.readline().rstrip("\r\n")
+            sys.stdout.write(f"{val}\n")
+            sys.stdout.flush()
+            return val
+
+        @_pause_echo(echo_input)  # type: ignore
+        def hidden_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(f"{prompt or ''}\n")
+            sys.stdout.flush()
+            return text_input.readline().rstrip("\r\n")
+
+        @_pause_echo(echo_input)  # type: ignore
+        def _getchar(echo: bool) -> str:
+            char = sys.stdin.read(1)
+
+            if echo:
+                sys.stdout.write(char)
+
+            sys.stdout.flush()
+            return char
+
+        default_color = color
+
+        def should_strip_ansi(
+            stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+        ) -> bool:
+            if color is None:
+                return not default_color
+            return not color
+
+        old_visible_prompt_func = termui.visible_prompt_func
+        old_hidden_prompt_func = termui.hidden_prompt_func
+        old__getchar_func = termui._getchar
+        old_should_strip_ansi = utils.should_strip_ansi  # type: ignore
+        termui.visible_prompt_func = visible_input
+        termui.hidden_prompt_func = hidden_input
+        termui._getchar = _getchar
+        utils.should_strip_ansi = should_strip_ansi  # type: ignore
+
+        old_env = {}
+        try:
+            for key, value in env.items():
+                old_env[key] = os.environ.get(key)
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            yield (bytes_output, bytes_error)
+        finally:
+            for key, value in old_env.items():
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            sys.stdout = old_stdout
+            sys.stderr = old_stderr
+            sys.stdin = old_stdin
+            termui.visible_prompt_func = old_visible_prompt_func
+            termui.hidden_prompt_func = old_hidden_prompt_func
+            termui._getchar = old__getchar_func
+            utils.should_strip_ansi = old_should_strip_ansi  # type: ignore
+            formatting.FORCED_WIDTH = old_forced_width
+
+    def invoke(
+        self,
+        cli: "BaseCommand",
+        args: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        catch_exceptions: bool = True,
+        color: bool = False,
+        **extra: t.Any,
+    ) -> Result:
+        """Invokes a command in an isolated environment.  The arguments are
+        forwarded directly to the command line script, the `extra` keyword
+        arguments are passed to the :meth:`~clickpkg.Command.main` function of
+        the command.
+
+        This returns a :class:`Result` object.
+
+        :param cli: the command to invoke
+        :param args: the arguments to invoke. It may be given as an iterable
+                     or a string. When given as string it will be interpreted
+                     as a Unix shell command. More details at
+                     :func:`shlex.split`.
+        :param input: the input data for `sys.stdin`.
+        :param env: the environment overrides.
+        :param catch_exceptions: Whether to catch any other exceptions than
+                                 ``SystemExit``.
+        :param extra: the keyword arguments to pass to :meth:`main`.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            The result object has the ``return_value`` attribute with
+            the value returned from the invoked command.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+
+        .. versionchanged:: 3.0
+            Added the ``catch_exceptions`` parameter.
+
+        .. versionchanged:: 3.0
+            The result object has the ``exc_info`` attribute with the
+            traceback if available.
+        """
+        exc_info = None
+        with self.isolation(input=input, env=env, color=color) as outstreams:
+            return_value = None
+            exception: t.Optional[BaseException] = None
+            exit_code = 0
+
+            if isinstance(args, str):
+                args = shlex.split(args)
+
+            try:
+                prog_name = extra.pop("prog_name")
+            except KeyError:
+                prog_name = self.get_default_prog_name(cli)
+
+            try:
+                return_value = cli.main(args=args or (), prog_name=prog_name, **extra)
+            except SystemExit as e:
+                exc_info = sys.exc_info()
+                e_code = t.cast(t.Optional[t.Union[int, t.Any]], e.code)
+
+                if e_code is None:
+                    e_code = 0
+
+                if e_code != 0:
+                    exception = e
+
+                if not isinstance(e_code, int):
+                    sys.stdout.write(str(e_code))
+                    sys.stdout.write("\n")
+                    e_code = 1
+
+                exit_code = e_code
+
+            except Exception as e:
+                if not catch_exceptions:
+                    raise
+                exception = e
+                exit_code = 1
+                exc_info = sys.exc_info()
+            finally:
+                sys.stdout.flush()
+                stdout = outstreams[0].getvalue()
+                if self.mix_stderr:
+                    stderr = None
+                else:
+                    stderr = outstreams[1].getvalue()  # type: ignore
+
+        return Result(
+            runner=self,
+            stdout_bytes=stdout,
+            stderr_bytes=stderr,
+            return_value=return_value,
+            exit_code=exit_code,
+            exception=exception,
+            exc_info=exc_info,  # type: ignore
+        )
+
+    @contextlib.contextmanager
+    def isolated_filesystem(
+        self, temp_dir: t.Optional[t.Union[str, "os.PathLike[str]"]] = None
+    ) -> t.Iterator[str]:
+        """A context manager that creates a temporary directory and
+        changes the current working directory to it. This isolates tests
+        that affect the contents of the CWD to prevent them from
+        interfering with each other.
+
+        :param temp_dir: Create the temporary directory under this
+            directory. If given, the created directory is not removed
+            when exiting.
+
+        .. versionchanged:: 8.0
+            Added the ``temp_dir`` parameter.
+        """
+        cwd = os.getcwd()
+        dt = tempfile.mkdtemp(dir=temp_dir)
+        os.chdir(dt)
+
+        try:
+            yield dt
+        finally:
+            os.chdir(cwd)
+
+            if temp_dir is None:
+                try:
+                    shutil.rmtree(dt)
+                except OSError:  # noqa: B014
+                    pass
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/types.py b/lib/go-jinja2/internal/data/linux-amd64/click/types.py
new file mode 100644
index 000000000..2b1d1797f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/types.py
@@ -0,0 +1,1089 @@
+import os
+import stat
+import sys
+import typing as t
+from datetime import datetime
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import _get_argv_encoding
+from ._compat import open_stream
+from .exceptions import BadParameter
+from .utils import format_filename
+from .utils import LazyFile
+from .utils import safecall
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+    from .core import Parameter
+    from .shell_completion import CompletionItem
+
+
+class ParamType:
+    """Represents the type of a parameter. Validates and converts values
+    from the command line or Python into the correct type.
+
+    To implement a custom type, subclass and implement at least the
+    following:
+
+    -   The :attr:`name` class attribute must be set.
+    -   Calling an instance of the type with ``None`` must return
+        ``None``. This is already implemented by default.
+    -   :meth:`convert` must convert string values to the correct type.
+    -   :meth:`convert` must accept values that are already the correct
+        type.
+    -   It must be able to convert a value if the ``ctx`` and ``param``
+        arguments are ``None``. This can occur when converting prompt
+        input.
+    """
+
+    is_composite: t.ClassVar[bool] = False
+    arity: t.ClassVar[int] = 1
+
+    #: the descriptive name of this type
+    name: str
+
+    #: if a list of this type is expected and the value is pulled from a
+    #: string environment variable, this is what splits it up.  `None`
+    #: means any whitespace.  For all parameters the general rule is that
+    #: whitespace splits them up.  The exception are paths and files which
+    #: are split by ``os.path.pathsep`` by default (":" on Unix and ";" on
+    #: Windows).
+    envvar_list_splitter: t.ClassVar[t.Optional[str]] = None
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        # The class name without the "ParamType" suffix.
+        param_type = type(self).__name__.partition("ParamType")[0]
+        param_type = param_type.partition("ParameterType")[0]
+
+        # Custom subclasses might not remember to set a name.
+        if hasattr(self, "name"):
+            name = self.name
+        else:
+            name = param_type
+
+        return {"param_type": param_type, "name": name}
+
+    def __call__(
+        self,
+        value: t.Any,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> t.Any:
+        if value is not None:
+            return self.convert(value, param, ctx)
+
+    def get_metavar(self, param: "Parameter") -> t.Optional[str]:
+        """Returns the metavar default for this param if it provides one."""
+
+    def get_missing_message(self, param: "Parameter") -> t.Optional[str]:
+        """Optionally might return extra information about a missing
+        parameter.
+
+        .. versionadded:: 2.0
+        """
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        """Convert the value to the correct type. This is not called if
+        the value is ``None`` (the missing value).
+
+        This must accept string values from the command line, as well as
+        values that are already the correct type. It may also convert
+        other compatible types.
+
+        The ``param`` and ``ctx`` arguments may be ``None`` in certain
+        situations, such as when converting prompt input.
+
+        If the value cannot be converted, call :meth:`fail` with a
+        descriptive message.
+
+        :param value: The value to convert.
+        :param param: The parameter that is using this type to convert
+            its value. May be ``None``.
+        :param ctx: The current context that arrived at this value. May
+            be ``None``.
+        """
+        return value
+
+    def split_envvar_value(self, rv: str) -> t.Sequence[str]:
+        """Given a value from an environment variable this splits it up
+        into small chunks depending on the defined envvar list splitter.
+
+        If the splitter is set to `None`, which means that whitespace splits,
+        then leading and trailing whitespace is ignored.  Otherwise, leading
+        and trailing splitters usually lead to empty items being included.
+        """
+        return (rv or "").split(self.envvar_list_splitter)
+
+    def fail(
+        self,
+        message: str,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> "t.NoReturn":
+        """Helper method to fail with an invalid value message."""
+        raise BadParameter(message, ctx=ctx, param=param)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a list of
+        :class:`~click.shell_completion.CompletionItem` objects for the
+        incomplete value. Most types do not provide completions, but
+        some do, and this allows custom types to provide custom
+        completions as well.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        return []
+
+
+class CompositeParamType(ParamType):
+    is_composite = True
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        raise NotImplementedError()
+
+
+class FuncParamType(ParamType):
+    def __init__(self, func: t.Callable[[t.Any], t.Any]) -> None:
+        self.name: str = func.__name__
+        self.func = func
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["func"] = self.func
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self.func(value)
+        except ValueError:
+            try:
+                value = str(value)
+            except UnicodeError:
+                value = value.decode("utf-8", "replace")
+
+            self.fail(value, param, ctx)
+
+
+class UnprocessedParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        return value
+
+    def __repr__(self) -> str:
+        return "UNPROCESSED"
+
+
+class StringParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, bytes):
+            enc = _get_argv_encoding()
+            try:
+                value = value.decode(enc)
+            except UnicodeError:
+                fs_enc = sys.getfilesystemencoding()
+                if fs_enc != enc:
+                    try:
+                        value = value.decode(fs_enc)
+                    except UnicodeError:
+                        value = value.decode("utf-8", "replace")
+                else:
+                    value = value.decode("utf-8", "replace")
+            return value
+        return str(value)
+
+    def __repr__(self) -> str:
+        return "STRING"
+
+
+class Choice(ParamType):
+    """The choice type allows a value to be checked against a fixed set
+    of supported values. All of these values have to be strings.
+
+    You should only pass a list or tuple of choices. Other iterables
+    (like generators) may lead to surprising results.
+
+    The resulting value will always be one of the originally passed choices
+    regardless of ``case_sensitive`` or any ``ctx.token_normalize_func``
+    being specified.
+
+    See :ref:`choice-opts` for an example.
+
+    :param case_sensitive: Set to false to make choices case
+        insensitive. Defaults to true.
+    """
+
+    name = "choice"
+
+    def __init__(self, choices: t.Sequence[str], case_sensitive: bool = True) -> None:
+        self.choices = choices
+        self.case_sensitive = case_sensitive
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["choices"] = self.choices
+        info_dict["case_sensitive"] = self.case_sensitive
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        choices_str = "|".join(self.choices)
+
+        # Use curly braces to indicate a required argument.
+        if param.required and param.param_type_name == "argument":
+            return f"{{{choices_str}}}"
+
+        # Use square braces to indicate an option or optional argument.
+        return f"[{choices_str}]"
+
+    def get_missing_message(self, param: "Parameter") -> str:
+        return _("Choose from:\n\t{choices}").format(choices=",\n\t".join(self.choices))
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        # Match through normalization and case sensitivity
+        # first do token_normalize_func, then lowercase
+        # preserve original `value` to produce an accurate message in
+        # `self.fail`
+        normed_value = value
+        normed_choices = {choice: choice for choice in self.choices}
+
+        if ctx is not None and ctx.token_normalize_func is not None:
+            normed_value = ctx.token_normalize_func(value)
+            normed_choices = {
+                ctx.token_normalize_func(normed_choice): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if not self.case_sensitive:
+            normed_value = normed_value.casefold()
+            normed_choices = {
+                normed_choice.casefold(): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if normed_value in normed_choices:
+            return normed_choices[normed_value]
+
+        choices_str = ", ".join(map(repr, self.choices))
+        self.fail(
+            ngettext(
+                "{value!r} is not {choice}.",
+                "{value!r} is not one of {choices}.",
+                len(self.choices),
+            ).format(value=value, choice=choices_str, choices=choices_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return f"Choice({list(self.choices)})"
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Complete choices that start with the incomplete value.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        str_choices = map(str, self.choices)
+
+        if self.case_sensitive:
+            matched = (c for c in str_choices if c.startswith(incomplete))
+        else:
+            incomplete = incomplete.lower()
+            matched = (c for c in str_choices if c.lower().startswith(incomplete))
+
+        return [CompletionItem(c) for c in matched]
+
+
+class DateTime(ParamType):
+    """The DateTime type converts date strings into `datetime` objects.
+
+    The format strings which are checked are configurable, but default to some
+    common (non-timezone aware) ISO 8601 formats.
+
+    When specifying *DateTime* formats, you should only pass a list or a tuple.
+    Other iterables, like generators, may lead to surprising results.
+
+    The format strings are processed using ``datetime.strptime``, and this
+    consequently defines the format strings which are allowed.
+
+    Parsing is tried using each format, in order, and the first format which
+    parses successfully is used.
+
+    :param formats: A list or tuple of date format strings, in the order in
+                    which they should be tried. Defaults to
+                    ``'%Y-%m-%d'``, ``'%Y-%m-%dT%H:%M:%S'``,
+                    ``'%Y-%m-%d %H:%M:%S'``.
+    """
+
+    name = "datetime"
+
+    def __init__(self, formats: t.Optional[t.Sequence[str]] = None):
+        self.formats: t.Sequence[str] = formats or [
+            "%Y-%m-%d",
+            "%Y-%m-%dT%H:%M:%S",
+            "%Y-%m-%d %H:%M:%S",
+        ]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["formats"] = self.formats
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        return f"[{'|'.join(self.formats)}]"
+
+    def _try_to_convert_date(self, value: t.Any, format: str) -> t.Optional[datetime]:
+        try:
+            return datetime.strptime(value, format)
+        except ValueError:
+            return None
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, datetime):
+            return value
+
+        for format in self.formats:
+            converted = self._try_to_convert_date(value, format)
+
+            if converted is not None:
+                return converted
+
+        formats_str = ", ".join(map(repr, self.formats))
+        self.fail(
+            ngettext(
+                "{value!r} does not match the format {format}.",
+                "{value!r} does not match the formats {formats}.",
+                len(self.formats),
+            ).format(value=value, format=formats_str, formats=formats_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return "DateTime"
+
+
+class _NumberParamTypeBase(ParamType):
+    _number_class: t.ClassVar[t.Type[t.Any]]
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self._number_class(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid {number_type}.").format(
+                    value=value, number_type=self.name
+                ),
+                param,
+                ctx,
+            )
+
+
+class _NumberRangeBase(_NumberParamTypeBase):
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        self.min = min
+        self.max = max
+        self.min_open = min_open
+        self.max_open = max_open
+        self.clamp = clamp
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            min=self.min,
+            max=self.max,
+            min_open=self.min_open,
+            max_open=self.max_open,
+            clamp=self.clamp,
+        )
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import operator
+
+        rv = super().convert(value, param, ctx)
+        lt_min: bool = self.min is not None and (
+            operator.le if self.min_open else operator.lt
+        )(rv, self.min)
+        gt_max: bool = self.max is not None and (
+            operator.ge if self.max_open else operator.gt
+        )(rv, self.max)
+
+        if self.clamp:
+            if lt_min:
+                return self._clamp(self.min, 1, self.min_open)  # type: ignore
+
+            if gt_max:
+                return self._clamp(self.max, -1, self.max_open)  # type: ignore
+
+        if lt_min or gt_max:
+            self.fail(
+                _("{value} is not in the range {range}.").format(
+                    value=rv, range=self._describe_range()
+                ),
+                param,
+                ctx,
+            )
+
+        return rv
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        """Find the valid value to clamp to bound in the given
+        direction.
+
+        :param bound: The boundary value.
+        :param dir: 1 or -1 indicating the direction to move.
+        :param open: If true, the range does not include the bound.
+        """
+        raise NotImplementedError
+
+    def _describe_range(self) -> str:
+        """Describe the range for use in help text."""
+        if self.min is None:
+            op = "<" if self.max_open else "<="
+            return f"x{op}{self.max}"
+
+        if self.max is None:
+            op = ">" if self.min_open else ">="
+            return f"x{op}{self.min}"
+
+        lop = "<" if self.min_open else "<="
+        rop = "<" if self.max_open else "<="
+        return f"{self.min}{lop}x{rop}{self.max}"
+
+    def __repr__(self) -> str:
+        clamp = " clamped" if self.clamp else ""
+        return f"<{type(self).__name__} {self._describe_range()}{clamp}>"
+
+
+class IntParamType(_NumberParamTypeBase):
+    name = "integer"
+    _number_class = int
+
+    def __repr__(self) -> str:
+        return "INT"
+
+
+class IntRange(_NumberRangeBase, IntParamType):
+    """Restrict an :data:`click.INT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "integer range"
+
+    def _clamp(  # type: ignore
+        self, bound: int, dir: "te.Literal[1, -1]", open: bool
+    ) -> int:
+        if not open:
+            return bound
+
+        return bound + dir
+
+
+class FloatParamType(_NumberParamTypeBase):
+    name = "float"
+    _number_class = float
+
+    def __repr__(self) -> str:
+        return "FLOAT"
+
+
+class FloatRange(_NumberRangeBase, FloatParamType):
+    """Restrict a :data:`click.FLOAT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing. This is not supported if either
+    boundary is marked ``open``.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "float range"
+
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        super().__init__(
+            min=min, max=max, min_open=min_open, max_open=max_open, clamp=clamp
+        )
+
+        if (min_open or max_open) and clamp:
+            raise TypeError("Clamping is not supported for open bounds.")
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        if not open:
+            return bound
+
+        # Could use Python 3.9's math.nextafter here, but clamping an
+        # open float range doesn't seem to be particularly useful. It's
+        # left up to the user to write a callback to do it if needed.
+        raise RuntimeError("Clamping is not supported for open bounds.")
+
+
+class BoolParamType(ParamType):
+    name = "boolean"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if value in {False, True}:
+            return bool(value)
+
+        norm = value.strip().lower()
+
+        if norm in {"1", "true", "t", "yes", "y", "on"}:
+            return True
+
+        if norm in {"0", "false", "f", "no", "n", "off"}:
+            return False
+
+        self.fail(
+            _("{value!r} is not a valid boolean.").format(value=value), param, ctx
+        )
+
+    def __repr__(self) -> str:
+        return "BOOL"
+
+
+class UUIDParameterType(ParamType):
+    name = "uuid"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import uuid
+
+        if isinstance(value, uuid.UUID):
+            return value
+
+        value = value.strip()
+
+        try:
+            return uuid.UUID(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid UUID.").format(value=value), param, ctx
+            )
+
+    def __repr__(self) -> str:
+        return "UUID"
+
+
+class File(ParamType):
+    """Declares a parameter to be a file for reading or writing.  The file
+    is automatically closed once the context tears down (after the command
+    finished working).
+
+    Files can be opened for reading or writing.  The special value ``-``
+    indicates stdin or stdout depending on the mode.
+
+    By default, the file is opened for reading text data, but it can also be
+    opened in binary mode or for writing.  The encoding parameter can be used
+    to force a specific encoding.
+
+    The `lazy` flag controls if the file should be opened immediately or upon
+    first IO. The default is to be non-lazy for standard input and output
+    streams as well as files opened for reading, `lazy` otherwise. When opening a
+    file lazily for reading, it is still opened temporarily for validation, but
+    will not be held open until first IO. lazy is mainly useful when opening
+    for writing to avoid creating the file until it is needed.
+
+    Starting with Click 2.0, files can also be opened atomically in which
+    case all writes go into a separate file in the same folder and upon
+    completion the file will be moved over to the original location.  This
+    is useful if a file regularly read by other users is modified.
+
+    See :ref:`file-args` for more information.
+    """
+
+    name = "filename"
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        lazy: t.Optional[bool] = None,
+        atomic: bool = False,
+    ) -> None:
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.lazy = lazy
+        self.atomic = atomic
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(mode=self.mode, encoding=self.encoding)
+        return info_dict
+
+    def resolve_lazy_flag(self, value: "t.Union[str, os.PathLike[str]]") -> bool:
+        if self.lazy is not None:
+            return self.lazy
+        if os.fspath(value) == "-":
+            return False
+        elif "w" in self.mode:
+            return True
+        return False
+
+    def convert(
+        self,
+        value: t.Union[str, "os.PathLike[str]", t.IO[t.Any]],
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> t.IO[t.Any]:
+        if _is_file_like(value):
+            return value
+
+        value = t.cast("t.Union[str, os.PathLike[str]]", value)
+
+        try:
+            lazy = self.resolve_lazy_flag(value)
+
+            if lazy:
+                lf = LazyFile(
+                    value, self.mode, self.encoding, self.errors, atomic=self.atomic
+                )
+
+                if ctx is not None:
+                    ctx.call_on_close(lf.close_intelligently)
+
+                return t.cast(t.IO[t.Any], lf)
+
+            f, should_close = open_stream(
+                value, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+
+            # If a context is provided, we automatically close the file
+            # at the end of the context execution (or flush out).  If a
+            # context does not exist, it's the caller's responsibility to
+            # properly close the file.  This for instance happens when the
+            # type is used with prompts.
+            if ctx is not None:
+                if should_close:
+                    ctx.call_on_close(safecall(f.close))
+                else:
+                    ctx.call_on_close(safecall(f.flush))
+
+            return f
+        except OSError as e:  # noqa: B014
+            self.fail(f"'{format_filename(value)}': {e.strerror}", param, ctx)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide file path completions.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        return [CompletionItem(incomplete, type="file")]
+
+
+def _is_file_like(value: t.Any) -> "te.TypeGuard[t.IO[t.Any]]":
+    return hasattr(value, "read") or hasattr(value, "write")
+
+
+class Path(ParamType):
+    """The ``Path`` type is similar to the :class:`File` type, but
+    returns the filename instead of an open file. Various checks can be
+    enabled to validate the type of file and permissions.
+
+    :param exists: The file or directory needs to exist for the value to
+        be valid. If this is not set to ``True``, and the file does not
+        exist, then all further checks are silently skipped.
+    :param file_okay: Allow a file as a value.
+    :param dir_okay: Allow a directory as a value.
+    :param readable: if true, a readable check is performed.
+    :param writable: if true, a writable check is performed.
+    :param executable: if true, an executable check is performed.
+    :param resolve_path: Make the value absolute and resolve any
+        symlinks. A ``~`` is not expanded, as this is supposed to be
+        done by the shell only.
+    :param allow_dash: Allow a single dash as a value, which indicates
+        a standard stream (but does not open it). Use
+        :func:`~click.open_file` to handle opening this value.
+    :param path_type: Convert the incoming path value to this type. If
+        ``None``, keep Python's default, which is ``str``. Useful to
+        convert to :class:`pathlib.Path`.
+
+    .. versionchanged:: 8.1
+        Added the ``executable`` parameter.
+
+    .. versionchanged:: 8.0
+        Allow passing ``path_type=pathlib.Path``.
+
+    .. versionchanged:: 6.0
+        Added the ``allow_dash`` parameter.
+    """
+
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        exists: bool = False,
+        file_okay: bool = True,
+        dir_okay: bool = True,
+        writable: bool = False,
+        readable: bool = True,
+        resolve_path: bool = False,
+        allow_dash: bool = False,
+        path_type: t.Optional[t.Type[t.Any]] = None,
+        executable: bool = False,
+    ):
+        self.exists = exists
+        self.file_okay = file_okay
+        self.dir_okay = dir_okay
+        self.readable = readable
+        self.writable = writable
+        self.executable = executable
+        self.resolve_path = resolve_path
+        self.allow_dash = allow_dash
+        self.type = path_type
+
+        if self.file_okay and not self.dir_okay:
+            self.name: str = _("file")
+        elif self.dir_okay and not self.file_okay:
+            self.name = _("directory")
+        else:
+            self.name = _("path")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            exists=self.exists,
+            file_okay=self.file_okay,
+            dir_okay=self.dir_okay,
+            writable=self.writable,
+            readable=self.readable,
+            allow_dash=self.allow_dash,
+        )
+        return info_dict
+
+    def coerce_path_result(
+        self, value: "t.Union[str, os.PathLike[str]]"
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        if self.type is not None and not isinstance(value, self.type):
+            if self.type is str:
+                return os.fsdecode(value)
+            elif self.type is bytes:
+                return os.fsencode(value)
+            else:
+                return t.cast("os.PathLike[str]", self.type(value))
+
+        return value
+
+    def convert(
+        self,
+        value: "t.Union[str, os.PathLike[str]]",
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        rv = value
+
+        is_dash = self.file_okay and self.allow_dash and rv in (b"-", "-")
+
+        if not is_dash:
+            if self.resolve_path:
+                # os.path.realpath doesn't resolve symlinks on Windows
+                # until Python 3.8. Use pathlib for now.
+                import pathlib
+
+                rv = os.fsdecode(pathlib.Path(rv).resolve())
+
+            try:
+                st = os.stat(rv)
+            except OSError:
+                if not self.exists:
+                    return self.coerce_path_result(rv)
+                self.fail(
+                    _("{name} {filename!r} does not exist.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if not self.file_okay and stat.S_ISREG(st.st_mode):
+                self.fail(
+                    _("{name} {filename!r} is a file.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+            if not self.dir_okay and stat.S_ISDIR(st.st_mode):
+                self.fail(
+                    _("{name} '{filename}' is a directory.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.readable and not os.access(rv, os.R_OK):
+                self.fail(
+                    _("{name} {filename!r} is not readable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.writable and not os.access(rv, os.W_OK):
+                self.fail(
+                    _("{name} {filename!r} is not writable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.executable and not os.access(value, os.X_OK):
+                self.fail(
+                    _("{name} {filename!r} is not executable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+        return self.coerce_path_result(rv)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide path completions for only
+        directories or any paths.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        type = "dir" if self.dir_okay and not self.file_okay else "file"
+        return [CompletionItem(incomplete, type=type)]
+
+
+class Tuple(CompositeParamType):
+    """The default behavior of Click is to apply a type on a value directly.
+    This works well in most cases, except for when `nargs` is set to a fixed
+    count and different types should be used for different items.  In this
+    case the :class:`Tuple` type can be used.  This type can only be used
+    if `nargs` is set to a fixed number.
+
+    For more information see :ref:`tuple-type`.
+
+    This can be selected by using a Python tuple literal as a type.
+
+    :param types: a list of types that should be used for the tuple items.
+    """
+
+    def __init__(self, types: t.Sequence[t.Union[t.Type[t.Any], ParamType]]) -> None:
+        self.types: t.Sequence[ParamType] = [convert_type(ty) for ty in types]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["types"] = [t.to_info_dict() for t in self.types]
+        return info_dict
+
+    @property
+    def name(self) -> str:  # type: ignore
+        return f"<{' '.join(ty.name for ty in self.types)}>"
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        return len(self.types)
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        len_type = len(self.types)
+        len_value = len(value)
+
+        if len_value != len_type:
+            self.fail(
+                ngettext(
+                    "{len_type} values are required, but {len_value} was given.",
+                    "{len_type} values are required, but {len_value} were given.",
+                    len_value,
+                ).format(len_type=len_type, len_value=len_value),
+                param=param,
+                ctx=ctx,
+            )
+
+        return tuple(ty(x, param, ctx) for ty, x in zip(self.types, value))
+
+
+def convert_type(ty: t.Optional[t.Any], default: t.Optional[t.Any] = None) -> ParamType:
+    """Find the most appropriate :class:`ParamType` for the given Python
+    type. If the type isn't provided, it can be inferred from a default
+    value.
+    """
+    guessed_type = False
+
+    if ty is None and default is not None:
+        if isinstance(default, (tuple, list)):
+            # If the default is empty, ty will remain None and will
+            # return STRING.
+            if default:
+                item = default[0]
+
+                # A tuple of tuples needs to detect the inner types.
+                # Can't call convert recursively because that would
+                # incorrectly unwind the tuple to a single type.
+                if isinstance(item, (tuple, list)):
+                    ty = tuple(map(type, item))
+                else:
+                    ty = type(item)
+        else:
+            ty = type(default)
+
+        guessed_type = True
+
+    if isinstance(ty, tuple):
+        return Tuple(ty)
+
+    if isinstance(ty, ParamType):
+        return ty
+
+    if ty is str or ty is None:
+        return STRING
+
+    if ty is int:
+        return INT
+
+    if ty is float:
+        return FLOAT
+
+    if ty is bool:
+        return BOOL
+
+    if guessed_type:
+        return STRING
+
+    if __debug__:
+        try:
+            if issubclass(ty, ParamType):
+                raise AssertionError(
+                    f"Attempted to use an uninstantiated parameter type ({ty})."
+                )
+        except TypeError:
+            # ty is an instance (correct), so issubclass fails.
+            pass
+
+    return FuncParamType(ty)
+
+
+#: A dummy parameter type that just does nothing.  From a user's
+#: perspective this appears to just be the same as `STRING` but
+#: internally no string conversion takes place if the input was bytes.
+#: This is usually useful when working with file paths as they can
+#: appear in bytes and unicode.
+#:
+#: For path related uses the :class:`Path` type is a better choice but
+#: there are situations where an unprocessed type is useful which is why
+#: it is is provided.
+#:
+#: .. versionadded:: 4.0
+UNPROCESSED = UnprocessedParamType()
+
+#: A unicode string parameter type which is the implicit default.  This
+#: can also be selected by using ``str`` as type.
+STRING = StringParamType()
+
+#: An integer parameter.  This can also be selected by using ``int`` as
+#: type.
+INT = IntParamType()
+
+#: A floating point value parameter.  This can also be selected by using
+#: ``float`` as type.
+FLOAT = FloatParamType()
+
+#: A boolean parameter.  This is the default for boolean flags.  This can
+#: also be selected by using ``bool`` as a type.
+BOOL = BoolParamType()
+
+#: A UUID parameter.
+UUID = UUIDParameterType()
diff --git a/lib/go-jinja2/internal/data/linux-amd64/click/utils.py b/lib/go-jinja2/internal/data/linux-amd64/click/utils.py
new file mode 100644
index 000000000..d536434f0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/click/utils.py
@@ -0,0 +1,624 @@
+import os
+import re
+import sys
+import typing as t
+from functools import update_wrapper
+from types import ModuleType
+from types import TracebackType
+
+from ._compat import _default_text_stderr
+from ._compat import _default_text_stdout
+from ._compat import _find_binary_writer
+from ._compat import auto_wrap_for_ansi
+from ._compat import binary_streams
+from ._compat import open_stream
+from ._compat import should_strip_ansi
+from ._compat import strip_ansi
+from ._compat import text_streams
+from ._compat import WIN
+from .globals import resolve_color_default
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+
+
+def _posixify(name: str) -> str:
+    return "-".join(name.split()).lower()
+
+
+def safecall(func: "t.Callable[P, R]") -> "t.Callable[P, t.Optional[R]]":
+    """Wraps a function so that it swallows exceptions."""
+
+    def wrapper(*args: "P.args", **kwargs: "P.kwargs") -> t.Optional[R]:
+        try:
+            return func(*args, **kwargs)
+        except Exception:
+            pass
+        return None
+
+    return update_wrapper(wrapper, func)
+
+
+def make_str(value: t.Any) -> str:
+    """Converts a value into a valid string."""
+    if isinstance(value, bytes):
+        try:
+            return value.decode(sys.getfilesystemencoding())
+        except UnicodeError:
+            return value.decode("utf-8", "replace")
+    return str(value)
+
+
+def make_default_short_help(help: str, max_length: int = 45) -> str:
+    """Returns a condensed version of help string."""
+    # Consider only the first paragraph.
+    paragraph_end = help.find("\n\n")
+
+    if paragraph_end != -1:
+        help = help[:paragraph_end]
+
+    # Collapse newlines, tabs, and spaces.
+    words = help.split()
+
+    if not words:
+        return ""
+
+    # The first paragraph started with a "no rewrap" marker, ignore it.
+    if words[0] == "\b":
+        words = words[1:]
+
+    total_length = 0
+    last_index = len(words) - 1
+
+    for i, word in enumerate(words):
+        total_length += len(word) + (i > 0)
+
+        if total_length > max_length:  # too long, truncate
+            break
+
+        if word[-1] == ".":  # sentence end, truncate without "..."
+            return " ".join(words[: i + 1])
+
+        if total_length == max_length and i != last_index:
+            break  # not at sentence end, truncate with "..."
+    else:
+        return " ".join(words)  # no truncation needed
+
+    # Account for the length of the suffix.
+    total_length += len("...")
+
+    # remove words until the length is short enough
+    while i > 0:
+        total_length -= len(words[i]) + (i > 0)
+
+        if total_length <= max_length:
+            break
+
+        i -= 1
+
+    return " ".join(words[:i]) + "..."
+
+
+class LazyFile:
+    """A lazy file works like a regular file but it does not fully open
+    the file but it does perform some basic checks early to see if the
+    filename parameter does make sense.  This is useful for safely opening
+    files for writing.
+    """
+
+    def __init__(
+        self,
+        filename: t.Union[str, "os.PathLike[str]"],
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        atomic: bool = False,
+    ):
+        self.name: str = os.fspath(filename)
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.atomic = atomic
+        self._f: t.Optional[t.IO[t.Any]]
+        self.should_close: bool
+
+        if self.name == "-":
+            self._f, self.should_close = open_stream(filename, mode, encoding, errors)
+        else:
+            if "r" in mode:
+                # Open and close the file in case we're opening it for
+                # reading so that we can catch at least some errors in
+                # some cases early.
+                open(filename, mode).close()
+            self._f = None
+            self.should_close = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self.open(), name)
+
+    def __repr__(self) -> str:
+        if self._f is not None:
+            return repr(self._f)
+        return f"<unopened file '{format_filename(self.name)}' {self.mode}>"
+
+    def open(self) -> t.IO[t.Any]:
+        """Opens the file if it's not yet open.  This call might fail with
+        a :exc:`FileError`.  Not handling this error will produce an error
+        that Click shows.
+        """
+        if self._f is not None:
+            return self._f
+        try:
+            rv, self.should_close = open_stream(
+                self.name, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+        except OSError as e:  # noqa: E402
+            from .exceptions import FileError
+
+            raise FileError(self.name, hint=e.strerror) from e
+        self._f = rv
+        return rv
+
+    def close(self) -> None:
+        """Closes the underlying file, no matter what."""
+        if self._f is not None:
+            self._f.close()
+
+    def close_intelligently(self) -> None:
+        """This function only closes the file if it was opened by the lazy
+        file wrapper.  For instance this will never close stdin.
+        """
+        if self.should_close:
+            self.close()
+
+    def __enter__(self) -> "LazyFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.close_intelligently()
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        self.open()
+        return iter(self._f)  # type: ignore
+
+
+class KeepOpenFile:
+    def __init__(self, file: t.IO[t.Any]) -> None:
+        self._file: t.IO[t.Any] = file
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._file, name)
+
+    def __enter__(self) -> "KeepOpenFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        pass
+
+    def __repr__(self) -> str:
+        return repr(self._file)
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        return iter(self._file)
+
+
+def echo(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.Any]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+) -> None:
+    """Print a message and newline to stdout or a file. This should be
+    used instead of :func:`print` because it provides better support
+    for different data, files, and environments.
+
+    Compared to :func:`print`, this does the following:
+
+    -   Ensures that the output encoding is not misconfigured on Linux.
+    -   Supports Unicode in the Windows console.
+    -   Supports writing to binary outputs, and supports writing bytes
+        to text outputs.
+    -   Supports colors and styles on Windows.
+    -   Removes ANSI color and style codes if the output does not look
+        like an interactive terminal.
+    -   Always flushes the output.
+
+    :param message: The string or bytes to output. Other objects are
+        converted to strings.
+    :param file: The file to write to. Defaults to ``stdout``.
+    :param err: Write to ``stderr`` instead of ``stdout``.
+    :param nl: Print a newline after the message. Enabled by default.
+    :param color: Force showing or hiding colors and other styles. By
+        default Click will remove color if the output does not look like
+        an interactive terminal.
+
+    .. versionchanged:: 6.0
+        Support Unicode output on the Windows console. Click does not
+        modify ``sys.stdout``, so ``sys.stdout.write()`` and ``print()``
+        will still not support Unicode.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter.
+
+    .. versionadded:: 3.0
+        Added the ``err`` parameter.
+
+    .. versionchanged:: 2.0
+        Support colors on Windows if colorama is installed.
+    """
+    if file is None:
+        if err:
+            file = _default_text_stderr()
+        else:
+            file = _default_text_stdout()
+
+        # There are no standard streams attached to write to. For example,
+        # pythonw on Windows.
+        if file is None:
+            return
+
+    # Convert non bytes/text into the native string type.
+    if message is not None and not isinstance(message, (str, bytes, bytearray)):
+        out: t.Optional[t.Union[str, bytes]] = str(message)
+    else:
+        out = message
+
+    if nl:
+        out = out or ""
+        if isinstance(out, str):
+            out += "\n"
+        else:
+            out += b"\n"
+
+    if not out:
+        file.flush()
+        return
+
+    # If there is a message and the value looks like bytes, we manually
+    # need to find the binary stream and write the message in there.
+    # This is done separately so that most stream types will work as you
+    # would expect. Eg: you can write to StringIO for other cases.
+    if isinstance(out, (bytes, bytearray)):
+        binary_file = _find_binary_writer(file)
+
+        if binary_file is not None:
+            file.flush()
+            binary_file.write(out)
+            binary_file.flush()
+            return
+
+    # ANSI style code support. For no message or bytes, nothing happens.
+    # When outputting to a file instead of a terminal, strip codes.
+    else:
+        color = resolve_color_default(color)
+
+        if should_strip_ansi(file, color):
+            out = strip_ansi(out)
+        elif WIN:
+            if auto_wrap_for_ansi is not None:
+                file = auto_wrap_for_ansi(file)  # type: ignore
+            elif not color:
+                out = strip_ansi(out)
+
+    file.write(out)  # type: ignore
+    file.flush()
+
+
+def get_binary_stream(name: "te.Literal['stdin', 'stdout', 'stderr']") -> t.BinaryIO:
+    """Returns a system stream for byte processing.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    """
+    opener = binary_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener()
+
+
+def get_text_stream(
+    name: "te.Literal['stdin', 'stdout', 'stderr']",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+) -> t.TextIO:
+    """Returns a system stream for text processing.  This usually returns
+    a wrapped stream around a binary stream returned from
+    :func:`get_binary_stream` but it also can take shortcuts for already
+    correctly configured streams.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    :param encoding: overrides the detected default encoding.
+    :param errors: overrides the default error mode.
+    """
+    opener = text_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener(encoding, errors)
+
+
+def open_file(
+    filename: str,
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    lazy: bool = False,
+    atomic: bool = False,
+) -> t.IO[t.Any]:
+    """Open a file, with extra behavior to handle ``'-'`` to indicate
+    a standard stream, lazy open on write, and atomic write. Similar to
+    the behavior of the :class:`~click.File` param type.
+
+    If ``'-'`` is given to open ``stdout`` or ``stdin``, the stream is
+    wrapped so that using it in a context manager will not close it.
+    This makes it possible to use the function without accidentally
+    closing a standard stream:
+
+    .. code-block:: python
+
+        with open_file(filename) as f:
+            ...
+
+    :param filename: The name of the file to open, or ``'-'`` for
+        ``stdin``/``stdout``.
+    :param mode: The mode in which to open the file.
+    :param encoding: The encoding to decode or encode a file opened in
+        text mode.
+    :param errors: The error handling mode.
+    :param lazy: Wait to open the file until it is accessed. For read
+        mode, the file is temporarily opened to raise access errors
+        early, then closed until it is read again.
+    :param atomic: Write to a temporary file and replace the given file
+        on close.
+
+    .. versionadded:: 3.0
+    """
+    if lazy:
+        return t.cast(
+            t.IO[t.Any], LazyFile(filename, mode, encoding, errors, atomic=atomic)
+        )
+
+    f, should_close = open_stream(filename, mode, encoding, errors, atomic=atomic)
+
+    if not should_close:
+        f = t.cast(t.IO[t.Any], KeepOpenFile(f))
+
+    return f
+
+
+def format_filename(
+    filename: "t.Union[str, bytes, os.PathLike[str], os.PathLike[bytes]]",
+    shorten: bool = False,
+) -> str:
+    """Format a filename as a string for display. Ensures the filename can be
+    displayed by replacing any invalid bytes or surrogate escapes in the name
+    with the replacement character ``�``.
+
+    Invalid bytes or surrogate escapes will raise an error when written to a
+    stream with ``errors="strict". This will typically happen with ``stdout``
+    when the locale is something like ``en_GB.UTF-8``.
+
+    Many scenarios *are* safe to write surrogates though, due to PEP 538 and
+    PEP 540, including:
+
+    -   Writing to ``stderr``, which uses ``errors="backslashreplace"``.
+    -   The system has ``LANG=C.UTF-8``, ``C``, or ``POSIX``. Python opens
+        stdout and stderr with ``errors="surrogateescape"``.
+    -   None of ``LANG/LC_*`` are set. Python assumes ``LANG=C.UTF-8``.
+    -   Python is started in UTF-8 mode  with  ``PYTHONUTF8=1`` or ``-X utf8``.
+        Python opens stdout and stderr with ``errors="surrogateescape"``.
+
+    :param filename: formats a filename for UI display.  This will also convert
+                     the filename into unicode without failing.
+    :param shorten: this optionally shortens the filename to strip of the
+                    path that leads up to it.
+    """
+    if shorten:
+        filename = os.path.basename(filename)
+    else:
+        filename = os.fspath(filename)
+
+    if isinstance(filename, bytes):
+        filename = filename.decode(sys.getfilesystemencoding(), "replace")
+    else:
+        filename = filename.encode("utf-8", "surrogateescape").decode(
+            "utf-8", "replace"
+        )
+
+    return filename
+
+
+def get_app_dir(app_name: str, roaming: bool = True, force_posix: bool = False) -> str:
+    r"""Returns the config folder for the application.  The default behavior
+    is to return whatever is most appropriate for the operating system.
+
+    To give you an idea, for an app called ``"Foo Bar"``, something like
+    the following folders could be returned:
+
+    Mac OS X:
+      ``~/Library/Application Support/Foo Bar``
+    Mac OS X (POSIX):
+      ``~/.foo-bar``
+    Unix:
+      ``~/.config/foo-bar``
+    Unix (POSIX):
+      ``~/.foo-bar``
+    Windows (roaming):
+      ``C:\Users\<user>\AppData\Roaming\Foo Bar``
+    Windows (not roaming):
+      ``C:\Users\<user>\AppData\Local\Foo Bar``
+
+    .. versionadded:: 2.0
+
+    :param app_name: the application name.  This should be properly capitalized
+                     and can contain whitespace.
+    :param roaming: controls if the folder should be roaming or not on Windows.
+                    Has no effect otherwise.
+    :param force_posix: if this is set to `True` then on any POSIX system the
+                        folder will be stored in the home folder with a leading
+                        dot instead of the XDG config home or darwin's
+                        application support folder.
+    """
+    if WIN:
+        key = "APPDATA" if roaming else "LOCALAPPDATA"
+        folder = os.environ.get(key)
+        if folder is None:
+            folder = os.path.expanduser("~")
+        return os.path.join(folder, app_name)
+    if force_posix:
+        return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))
+    if sys.platform == "darwin":
+        return os.path.join(
+            os.path.expanduser("~/Library/Application Support"), app_name
+        )
+    return os.path.join(
+        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),
+        _posixify(app_name),
+    )
+
+
+class PacifyFlushWrapper:
+    """This wrapper is used to catch and suppress BrokenPipeErrors resulting
+    from ``.flush()`` being called on broken pipe during the shutdown/final-GC
+    of the Python interpreter. Notably ``.flush()`` is always called on
+    ``sys.stdout`` and ``sys.stderr``. So as to have minimal impact on any
+    other cleanup code, and the case where the underlying file is not a broken
+    pipe, all calls and attributes are proxied.
+    """
+
+    def __init__(self, wrapped: t.IO[t.Any]) -> None:
+        self.wrapped = wrapped
+
+    def flush(self) -> None:
+        try:
+            self.wrapped.flush()
+        except OSError as e:
+            import errno
+
+            if e.errno != errno.EPIPE:
+                raise
+
+    def __getattr__(self, attr: str) -> t.Any:
+        return getattr(self.wrapped, attr)
+
+
+def _detect_program_name(
+    path: t.Optional[str] = None, _main: t.Optional[ModuleType] = None
+) -> str:
+    """Determine the command used to run the program, for use in help
+    text. If a file or entry point was executed, the file name is
+    returned. If ``python -m`` was used to execute a module or package,
+    ``python -m name`` is returned.
+
+    This doesn't try to be too precise, the goal is to give a concise
+    name for help text. Files are only shown as their name without the
+    path. ``python`` is only shown for modules, and the full path to
+    ``sys.executable`` is not shown.
+
+    :param path: The Python file being executed. Python puts this in
+        ``sys.argv[0]``, which is used by default.
+    :param _main: The ``__main__`` module. This should only be passed
+        during internal testing.
+
+    .. versionadded:: 8.0
+        Based on command args detection in the Werkzeug reloader.
+
+    :meta private:
+    """
+    if _main is None:
+        _main = sys.modules["__main__"]
+
+    if not path:
+        path = sys.argv[0]
+
+    # The value of __package__ indicates how Python was called. It may
+    # not exist if a setuptools script is installed as an egg. It may be
+    # set incorrectly for entry points created with pip on Windows.
+    # It is set to "" inside a Shiv or PEX zipapp.
+    if getattr(_main, "__package__", None) in {None, ""} or (
+        os.name == "nt"
+        and _main.__package__ == ""
+        and not os.path.exists(path)
+        and os.path.exists(f"{path}.exe")
+    ):
+        # Executed a file, like "python app.py".
+        return os.path.basename(path)
+
+    # Executed a module, like "python -m example".
+    # Rewritten by Python from "-m script" to "/path/to/script.py".
+    # Need to look at main module to determine how it was executed.
+    py_module = t.cast(str, _main.__package__)
+    name = os.path.splitext(os.path.basename(path))[0]
+
+    # A submodule like "example.cli".
+    if name != "__main__":
+        py_module = f"{py_module}.{name}"
+
+    return f"python -m {py_module.lstrip('.')}"
+
+
+def _expand_args(
+    args: t.Iterable[str],
+    *,
+    user: bool = True,
+    env: bool = True,
+    glob_recursive: bool = True,
+) -> t.List[str]:
+    """Simulate Unix shell expansion with Python functions.
+
+    See :func:`glob.glob`, :func:`os.path.expanduser`, and
+    :func:`os.path.expandvars`.
+
+    This is intended for use on Windows, where the shell does not do any
+    expansion. It may not exactly match what a Unix shell would do.
+
+    :param args: List of command line arguments to expand.
+    :param user: Expand user home directory.
+    :param env: Expand environment variables.
+    :param glob_recursive: ``**`` matches directories recursively.
+
+    .. versionchanged:: 8.1
+        Invalid glob patterns are treated as empty expansions rather
+        than raising an error.
+
+    .. versionadded:: 8.0
+
+    :meta private:
+    """
+    from glob import glob
+
+    out = []
+
+    for arg in args:
+        if user:
+            arg = os.path.expanduser(arg)
+
+        if env:
+            arg = os.path.expandvars(arg)
+
+        try:
+            matches = glob(arg, recursive=glob_recursive)
+        except re.error:
+            matches = []
+
+        if not matches:
+            out.append(arg)
+        else:
+            out.extend(matches)
+
+    return out
diff --git a/lib/go-jinja2/internal/data/linux-amd64/files.json b/lib/go-jinja2/internal/data/linux-amd64/files.json
new file mode 100644
index 000000000..c214f0c15
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/files.json
@@ -0,0 +1,888 @@
+{
+  "contentHash": "6f5a4b4631b98d625713e403b600d43fec26e0f95ba727f6d81c07b4530b369d",
+  "files": [
+    {
+      "name": "MarkupSafe-2.1.5.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
+      "size": 3003,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
+      "size": 1200,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
+      "size": 152,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "size": 1101,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/METADATA",
+      "size": 2058,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "size": 2784,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "size": 152,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "_yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "_yaml/__init__.py",
+      "size": 1402,
+      "perm": 420
+    },
+    {
+      "name": "bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "bin/jsonpath_ng",
+      "size": 260,
+      "perm": 493
+    },
+    {
+      "name": "bin/slugify",
+      "size": 238,
+      "perm": 493
+    },
+    {
+      "name": "click",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/METADATA",
+      "size": 3014,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/RECORD",
+      "size": 2582,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/top_level.txt",
+      "size": 6,
+      "perm": 420
+    },
+    {
+      "name": "click/__init__.py",
+      "size": 3138,
+      "perm": 420
+    },
+    {
+      "name": "click/_compat.py",
+      "size": 18744,
+      "perm": 420
+    },
+    {
+      "name": "click/_termui_impl.py",
+      "size": 24069,
+      "perm": 420
+    },
+    {
+      "name": "click/_textwrap.py",
+      "size": 1353,
+      "perm": 420
+    },
+    {
+      "name": "click/_winconsole.py",
+      "size": 7860,
+      "perm": 420
+    },
+    {
+      "name": "click/core.py",
+      "size": 114086,
+      "perm": 420
+    },
+    {
+      "name": "click/decorators.py",
+      "size": 18719,
+      "perm": 420
+    },
+    {
+      "name": "click/exceptions.py",
+      "size": 9273,
+      "perm": 420
+    },
+    {
+      "name": "click/formatting.py",
+      "size": 9706,
+      "perm": 420
+    },
+    {
+      "name": "click/globals.py",
+      "size": 1961,
+      "perm": 420
+    },
+    {
+      "name": "click/parser.py",
+      "size": 19067,
+      "perm": 420
+    },
+    {
+      "name": "click/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click/shell_completion.py",
+      "size": 18460,
+      "perm": 420
+    },
+    {
+      "name": "click/termui.py",
+      "size": 28324,
+      "perm": 420
+    },
+    {
+      "name": "click/testing.py",
+      "size": 16084,
+      "perm": 420
+    },
+    {
+      "name": "click/types.py",
+      "size": 36391,
+      "perm": 420
+    },
+    {
+      "name": "click/utils.py",
+      "size": 20298,
+      "perm": 420
+    },
+    {
+      "name": "jinja2",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/LICENSE.txt",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/METADATA",
+      "size": 2640,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/RECORD",
+      "size": 3697,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/WHEEL",
+      "size": 81,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/entry_points.txt",
+      "size": 58,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/__init__.py",
+      "size": 1928,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/_identifier.py",
+      "size": 1958,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/async_utils.py",
+      "size": 2477,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/bccache.py",
+      "size": 14061,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/compiler.py",
+      "size": 72271,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/constants.py",
+      "size": 1433,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/debug.py",
+      "size": 6299,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/defaults.py",
+      "size": 1267,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/environment.py",
+      "size": 61538,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/exceptions.py",
+      "size": 5071,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/ext.py",
+      "size": 31877,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/filters.py",
+      "size": 54611,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/idtracking.py",
+      "size": 10704,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/lexer.py",
+      "size": 29754,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/loaders.py",
+      "size": 23167,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/meta.py",
+      "size": 4397,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nativetypes.py",
+      "size": 4210,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nodes.py",
+      "size": 34579,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/optimizer.py",
+      "size": 1651,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/parser.py",
+      "size": 39890,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/runtime.py",
+      "size": 33435,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/sandbox.py",
+      "size": 14616,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/tests.py",
+      "size": 5926,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/utils.py",
+      "size": 23952,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/visitor.py",
+      "size": 3557,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "size": 11358,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
+      "size": 18072,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "size": 2549,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
+      "size": 69,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "size": 12,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/__init__.py",
+      "size": 116,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/bin/__init__.py",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin/jsonpath.py",
+      "size": 2057,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/exceptions.py",
+      "size": 146,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/ext/__init__.py",
+      "size": 605,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/arithmetic.py",
+      "size": 2381,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/filter.py",
+      "size": 4312,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/iterable.py",
+      "size": 3680,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/parser.py",
+      "size": 5351,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/string.py",
+      "size": 3261,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/jsonpath.py",
+      "size": 26402,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/lexer.py",
+      "size": 5231,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/parser.py",
+      "size": 5883,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "markupsafe/__init__.py",
+      "size": 10958,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_native.py",
+      "size": 1713,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.c",
+      "size": 7083,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so",
+      "size": 53656,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "markupsafe/_speedups.pyi",
+      "size": 229,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "ply",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info/DESCRIPTION.rst",
+      "size": 519,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/METADATA",
+      "size": 844,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/RECORD",
+      "size": 1211,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/metadata.json",
+      "size": 515,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/top_level.txt",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply/__init__.py",
+      "size": 103,
+      "perm": 420
+    },
+    {
+      "name": "ply/cpp.py",
+      "size": 33639,
+      "perm": 420
+    },
+    {
+      "name": "ply/ctokens.py",
+      "size": 3155,
+      "perm": 420
+    },
+    {
+      "name": "ply/lex.py",
+      "size": 42905,
+      "perm": 420
+    },
+    {
+      "name": "ply/yacc.py",
+      "size": 137736,
+      "perm": 420
+    },
+    {
+      "name": "ply/ygen.py",
+      "size": 2246,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/LICENSE",
+      "size": 1103,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/METADATA",
+      "size": 8469,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/RECORD",
+      "size": 1489,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/entry_points.txt",
+      "size": 50,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/top_level.txt",
+      "size": 8,
+      "perm": 420
+    },
+    {
+      "name": "slugify",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "slugify/__init__.py",
+      "size": 346,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__main__.py",
+      "size": 3961,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__version__.py",
+      "size": 325,
+      "perm": 420
+    },
+    {
+      "name": "slugify/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "slugify/slugify.py",
+      "size": 6180,
+      "perm": 420
+    },
+    {
+      "name": "slugify/special.py",
+      "size": 1222,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/DESCRIPTION.rst",
+      "size": 1199,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/LICENSE.txt",
+      "size": 6535,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/METADATA",
+      "size": 2422,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/RECORD",
+      "size": 937,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/metadata.json",
+      "size": 1299,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/top_level.txt",
+      "size": 15,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/__init__.py",
+      "size": 484,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/data.bin",
+      "size": 311077,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "yaml/__init__.py",
+      "size": 12311,
+      "perm": 420
+    },
+    {
+      "name": "yaml/_yaml.cpython-311-x86_64-linux-gnu.so",
+      "size": 2504120,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "yaml/composer.py",
+      "size": 4883,
+      "perm": 420
+    },
+    {
+      "name": "yaml/constructor.py",
+      "size": 28639,
+      "perm": 420
+    },
+    {
+      "name": "yaml/cyaml.py",
+      "size": 3851,
+      "perm": 420
+    },
+    {
+      "name": "yaml/dumper.py",
+      "size": 2837,
+      "perm": 420
+    },
+    {
+      "name": "yaml/emitter.py",
+      "size": 43006,
+      "perm": 420
+    },
+    {
+      "name": "yaml/error.py",
+      "size": 2533,
+      "perm": 420
+    },
+    {
+      "name": "yaml/events.py",
+      "size": 2445,
+      "perm": 420
+    },
+    {
+      "name": "yaml/loader.py",
+      "size": 2061,
+      "perm": 420
+    },
+    {
+      "name": "yaml/nodes.py",
+      "size": 1440,
+      "perm": 420
+    },
+    {
+      "name": "yaml/parser.py",
+      "size": 25495,
+      "perm": 420
+    },
+    {
+      "name": "yaml/reader.py",
+      "size": 6794,
+      "perm": 420
+    },
+    {
+      "name": "yaml/representer.py",
+      "size": 14190,
+      "perm": 420
+    },
+    {
+      "name": "yaml/resolver.py",
+      "size": 9004,
+      "perm": 420
+    },
+    {
+      "name": "yaml/scanner.py",
+      "size": 51279,
+      "perm": 420
+    },
+    {
+      "name": "yaml/serializer.py",
+      "size": 4165,
+      "perm": 420
+    },
+    {
+      "name": "yaml/tokens.py",
+      "size": 2573,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
new file mode 100644
index 000000000..c37cae49e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
@@ -0,0 +1,28 @@
+Copyright 2007 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/METADATA
new file mode 100644
index 000000000..265cc32e1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/METADATA
@@ -0,0 +1,76 @@
+Metadata-Version: 2.1
+Name: Jinja2
+Version: 3.1.4
+Summary: A very fast and expressive template engine.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Dist: MarkupSafe>=2.0
+Requires-Dist: Babel>=2.7 ; extra == "i18n"
+Project-URL: Changes, https://jinja.palletsprojects.com/changes/
+Project-URL: Chat, https://discord.gg/pallets
+Project-URL: Documentation, https://jinja.palletsprojects.com/
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Source, https://github.com/pallets/jinja/
+Provides-Extra: i18n
+
+# Jinja
+
+Jinja is a fast, expressive, extensible templating engine. Special
+placeholders in the template allow writing code similar to Python
+syntax. Then the template is passed data to render the final document.
+
+It includes:
+
+-   Template inheritance and inclusion.
+-   Define and import macros within templates.
+-   HTML templates can use autoescaping to prevent XSS from untrusted
+    user input.
+-   A sandboxed environment can safely render untrusted templates.
+-   AsyncIO support for generating templates and calling async
+    functions.
+-   I18N support with Babel.
+-   Templates are compiled to optimized Python code just-in-time and
+    cached, or can be compiled ahead-of-time.
+-   Exceptions point to the correct line in templates to make debugging
+    easier.
+-   Extensible filters, tests, functions, and even syntax.
+
+Jinja's philosophy is that while application logic belongs in Python if
+possible, it shouldn't make the template designer's job difficult by
+restricting functionality too much.
+
+
+## In A Nutshell
+
+.. code-block:: jinja
+
+    {% extends "base.html" %}
+    {% block title %}Members{% endblock %}
+    {% block content %}
+      <ul>
+      {% for user in users %}
+        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+      {% endfor %}
+      </ul>
+    {% endblock %}
+
+
+## Donate
+
+The Pallets organization develops and supports Jinja and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, [please
+donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/RECORD
new file mode 100644
index 000000000..e9bdca35c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/RECORD
@@ -0,0 +1,58 @@
+jinja2-3.1.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2-3.1.4.dist-info/LICENSE.txt,sha256=O0nc7kEF6ze6wQ-vG-JgQI_oXSUrjp3y4JefweCUQ3s,1475
+jinja2-3.1.4.dist-info/METADATA,sha256=R_brzpPQVBvpGcsm-WbrtgotO7suQ1D0F-qkhTzeEfY,2640
+jinja2-3.1.4.dist-info/RECORD,,
+jinja2-3.1.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2-3.1.4.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+jinja2-3.1.4.dist-info/entry_points.txt,sha256=OL85gYU1eD8cuPlikifFngXpeBjaxl6rIJ8KkC_3r-I,58
+jinja2/__init__.py,sha256=wIl45IM20KGw-kfr7jJhaBxxX5g4-kihlBYjxopX7Pw,1928
+jinja2/__pycache__/__init__.cpython-311.pyc,,
+jinja2/__pycache__/_identifier.cpython-311.pyc,,
+jinja2/__pycache__/async_utils.cpython-311.pyc,,
+jinja2/__pycache__/bccache.cpython-311.pyc,,
+jinja2/__pycache__/compiler.cpython-311.pyc,,
+jinja2/__pycache__/constants.cpython-311.pyc,,
+jinja2/__pycache__/debug.cpython-311.pyc,,
+jinja2/__pycache__/defaults.cpython-311.pyc,,
+jinja2/__pycache__/environment.cpython-311.pyc,,
+jinja2/__pycache__/exceptions.cpython-311.pyc,,
+jinja2/__pycache__/ext.cpython-311.pyc,,
+jinja2/__pycache__/filters.cpython-311.pyc,,
+jinja2/__pycache__/idtracking.cpython-311.pyc,,
+jinja2/__pycache__/lexer.cpython-311.pyc,,
+jinja2/__pycache__/loaders.cpython-311.pyc,,
+jinja2/__pycache__/meta.cpython-311.pyc,,
+jinja2/__pycache__/nativetypes.cpython-311.pyc,,
+jinja2/__pycache__/nodes.cpython-311.pyc,,
+jinja2/__pycache__/optimizer.cpython-311.pyc,,
+jinja2/__pycache__/parser.cpython-311.pyc,,
+jinja2/__pycache__/runtime.cpython-311.pyc,,
+jinja2/__pycache__/sandbox.cpython-311.pyc,,
+jinja2/__pycache__/tests.cpython-311.pyc,,
+jinja2/__pycache__/utils.cpython-311.pyc,,
+jinja2/__pycache__/visitor.cpython-311.pyc,,
+jinja2/_identifier.py,sha256=_zYctNKzRqlk_murTNlzrju1FFJL7Va_Ijqqd7ii2lU,1958
+jinja2/async_utils.py,sha256=JXKWCAXmTx0iZB4-hAsF50vgjxw_RJTjiLOlGGTBso0,2477
+jinja2/bccache.py,sha256=gh0qs9rulnXo0PhX5jTJy2UHzI8wFnQ63o_vw7nhzRg,14061
+jinja2/compiler.py,sha256=dpV-n6_iQUP4uSwlXwGUavJmwjvXdyxKzJ-AonFjPBk,72271
+jinja2/constants.py,sha256=GMoFydBF_kdpaRKPoM5cl5MviquVRLVyZtfp5-16jg0,1433
+jinja2/debug.py,sha256=iWJ432RadxJNnaMOPrjIDInz50UEgni3_HKuFXi2vuQ,6299
+jinja2/defaults.py,sha256=boBcSw78h-lp20YbaXSJsqkAI2uN_mD_TtCydpeq5wU,1267
+jinja2/environment.py,sha256=xhFkmxO0CESA76Ki5tz4XWq9yzGu-t0p93JCCVBVNps,61538
+jinja2/exceptions.py,sha256=ioHeHrWwCWNaXX1inHmHVblvc4haO7AXsjCp3GfWvx0,5071
+jinja2/ext.py,sha256=igsBH7c6C0byHaOtMbE-ugpt4GjLGgR-ywskyXtKgq8,31877
+jinja2/filters.py,sha256=bKeqjFjjz88TkHVLSyyMIEB75CzAN6b3Airgx0phJDg,54611
+jinja2/idtracking.py,sha256=GfNmadir4oDALVxzn3DL9YInhJDr69ebXeA2ygfuCGA,10704
+jinja2/lexer.py,sha256=xnWWXhPndHFsoqzpc5VTjheDE9JuKk9MUo9DZkrM8Os,29754
+jinja2/loaders.py,sha256=ru0GIWHo5KiHJi7_MoI_LvGDoBBvP6rd0hiC1ReaTwk,23167
+jinja2/meta.py,sha256=OTDPkaFvU2Hgvx-6akz7154F8BIWaRmvJcBFvwopHww,4397
+jinja2/nativetypes.py,sha256=7GIGALVJgdyL80oZJdQUaUfwSt5q2lSSZbXt0dNf_M4,4210
+jinja2/nodes.py,sha256=m1Duzcr6qhZI8JQ6VyJgUNinjAf5bQzijSmDnMsvUx8,34579
+jinja2/optimizer.py,sha256=rJnCRlQ7pZsEEmMhsQDgC_pKyDHxP5TPS6zVPGsgcu8,1651
+jinja2/parser.py,sha256=DV1iF1FR2Rsaj_5zl8rmx7j6Bj4S8iLHoYsvJ0bfEis,39890
+jinja2/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2/runtime.py,sha256=POXT3tKNKJRENx2CymwUsOOXH2JwGPjW702njB5__cQ,33435
+jinja2/sandbox.py,sha256=TJjBNS9qRJ2ZgBMWdAgRBpyDLOHea2kT-2mk4PrjYx0,14616
+jinja2/tests.py,sha256=VLsBhVFnWg-PxSBz1MhRnNWgP1ovXk3neO1FLQMeC9Q,5926
+jinja2/utils.py,sha256=nV7IpWLvRCMyHW1irBAK8CIPAnOFfkb2ukggDBjbBEY,23952
+jinja2/visitor.py,sha256=EcnL1PIwf_4RVCOMxsRNuR8AXHbS1qfAdMOE2ngKJz4,3557
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/WHEEL
new file mode 100644
index 000000000..3b5e64b5e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/WHEEL
@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: flit 3.9.0
+Root-Is-Purelib: true
+Tag: py3-none-any
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..abc3eae3b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2-3.1.4.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[babel.extractors]
+jinja2=jinja2.ext:babel_extract[i18n]
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/__init__.py
new file mode 100644
index 000000000..2f0b5b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/__init__.py
@@ -0,0 +1,38 @@
+"""Jinja is a template engine written in pure Python. It provides a
+non-XML syntax that supports inline expressions and an optional
+sandboxed environment.
+"""
+
+from .bccache import BytecodeCache as BytecodeCache
+from .bccache import FileSystemBytecodeCache as FileSystemBytecodeCache
+from .bccache import MemcachedBytecodeCache as MemcachedBytecodeCache
+from .environment import Environment as Environment
+from .environment import Template as Template
+from .exceptions import TemplateAssertionError as TemplateAssertionError
+from .exceptions import TemplateError as TemplateError
+from .exceptions import TemplateNotFound as TemplateNotFound
+from .exceptions import TemplateRuntimeError as TemplateRuntimeError
+from .exceptions import TemplatesNotFound as TemplatesNotFound
+from .exceptions import TemplateSyntaxError as TemplateSyntaxError
+from .exceptions import UndefinedError as UndefinedError
+from .loaders import BaseLoader as BaseLoader
+from .loaders import ChoiceLoader as ChoiceLoader
+from .loaders import DictLoader as DictLoader
+from .loaders import FileSystemLoader as FileSystemLoader
+from .loaders import FunctionLoader as FunctionLoader
+from .loaders import ModuleLoader as ModuleLoader
+from .loaders import PackageLoader as PackageLoader
+from .loaders import PrefixLoader as PrefixLoader
+from .runtime import ChainableUndefined as ChainableUndefined
+from .runtime import DebugUndefined as DebugUndefined
+from .runtime import make_logging_undefined as make_logging_undefined
+from .runtime import StrictUndefined as StrictUndefined
+from .runtime import Undefined as Undefined
+from .utils import clear_caches as clear_caches
+from .utils import is_undefined as is_undefined
+from .utils import pass_context as pass_context
+from .utils import pass_environment as pass_environment
+from .utils import pass_eval_context as pass_eval_context
+from .utils import select_autoescape as select_autoescape
+
+__version__ = "3.1.4"
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/_identifier.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/_identifier.py
new file mode 100644
index 000000000..928c1503c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/_identifier.py
@@ -0,0 +1,6 @@
+import re
+
+# generated by scripts/generate_identifier_pattern.py
+pattern = re.compile(
+    r"[\w·̀-ͯ·҃-֑҇-ׇֽֿׁׂׅׄؐ-ًؚ-ٰٟۖ-ۜ۟-۪ۤۧۨ-ܑۭܰ-݊ަ-ް߫-߽߳ࠖ-࠙ࠛ-ࠣࠥ-ࠧࠩ-࡙࠭-࡛࣓-ࣣ࣡-ःऺ-़ा-ॏ॑-ॗॢॣঁ-ঃ়া-ৄেৈো-্ৗৢৣ৾ਁ-ਃ਼ਾ-ੂੇੈੋ-੍ੑੰੱੵઁ-ઃ઼ા-ૅે-ૉો-્ૢૣૺ-૿ଁ-ଃ଼ା-ୄେୈୋ-୍ୖୗୢୣஂா-ூெ-ைொ-்ௗఀ-ఄా-ౄె-ైొ-్ౕౖౢౣಁ-ಃ಼ಾ-ೄೆ-ೈೊ-್ೕೖೢೣഀ-ഃ഻഼ാ-ൄെ-ൈൊ-്ൗൢൣංඃ්ා-ුූෘ-ෟෲෳัิ-ฺ็-๎ັິ-ູົຼ່-ໍ༹༘༙༵༷༾༿ཱ-྄྆྇ྍ-ྗྙ-ྼ࿆ါ-ှၖ-ၙၞ-ၠၢ-ၤၧ-ၭၱ-ၴႂ-ႍႏႚ-ႝ፝-፟ᜒ-᜔ᜲ-᜴ᝒᝓᝲᝳ឴-៓៝᠋-᠍ᢅᢆᢩᤠ-ᤫᤰ-᤻ᨗ-ᨛᩕ-ᩞ᩠-᩿᩼᪰-᪽ᬀ-ᬄ᬴-᭄᭫-᭳ᮀ-ᮂᮡ-ᮭ᯦-᯳ᰤ-᰷᳐-᳔᳒-᳨᳭ᳲ-᳴᳷-᳹᷀-᷹᷻-᷿‿⁀⁔⃐-⃥⃜⃡-⃰℘℮⳯-⵿⳱ⷠ-〪ⷿ-゙゚〯꙯ꙴ-꙽ꚞꚟ꛰꛱ꠂ꠆ꠋꠣ-ꠧꢀꢁꢴ-ꣅ꣠-꣱ꣿꤦ-꤭ꥇ-꥓ꦀ-ꦃ꦳-꧀ꧥꨩ-ꨶꩃꩌꩍꩻ-ꩽꪰꪲ-ꪴꪷꪸꪾ꪿꫁ꫫ-ꫯꫵ꫶ꯣ-ꯪ꯬꯭ﬞ︀-️︠-︯︳︴﹍-﹏＿𐇽𐋠𐍶-𐍺𐨁-𐨃𐨅𐨆𐨌-𐨏𐨸-𐨿𐨺𐫦𐫥𐴤-𐽆𐴧-𐽐𑀀-𑀂𑀸-𑁆𑁿-𑂂𑂰-𑂺𑄀-𑄂𑄧-𑄴𑅅𑅆𑅳𑆀-𑆂𑆳-𑇀𑇉-𑇌𑈬-𑈷𑈾𑋟-𑋪𑌀-𑌃𑌻𑌼𑌾-𑍄𑍇𑍈𑍋-𑍍𑍗𑍢𑍣𑍦-𑍬𑍰-𑍴𑐵-𑑆𑑞𑒰-𑓃𑖯-𑖵𑖸-𑗀𑗜𑗝𑘰-𑙀𑚫-𑚷𑜝-𑜫𑠬-𑠺𑨁-𑨊𑨳-𑨹𑨻-𑨾𑩇𑩑-𑩛𑪊-𑪙𑰯-𑰶𑰸-𑰿𑲒-𑲧𑲩-𑲶𑴱-𑴶𑴺𑴼𑴽𑴿-𑵅𑵇𑶊-𑶎𑶐𑶑𑶓-𑶗𑻳-𑻶𖫰-𖫴𖬰-𖬶𖽑-𖽾𖾏-𖾒𛲝𛲞𝅥-𝅩𝅭-𝅲𝅻-𝆂𝆅-𝆋𝆪-𝆭𝉂-𝉄𝨀-𝨶𝨻-𝩬𝩵𝪄𝪛-𝪟𝪡-𝪯𞀀-𞀆𞀈-𞀘𞀛-𞀡𞀣𞀤𞀦-𞣐𞀪-𞣖𞥄-𞥊󠄀-󠇯]+"  # noqa: B950
+)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/async_utils.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/async_utils.py
new file mode 100644
index 000000000..e65219e49
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/async_utils.py
@@ -0,0 +1,84 @@
+import inspect
+import typing as t
+from functools import WRAPPER_ASSIGNMENTS
+from functools import wraps
+
+from .utils import _PassArg
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+
+
+def async_variant(normal_func):  # type: ignore
+    def decorator(async_func):  # type: ignore
+        pass_arg = _PassArg.from_obj(normal_func)
+        need_eval_context = pass_arg is None
+
+        if pass_arg is _PassArg.environment:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].is_async)
+
+        else:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].environment.is_async)
+
+        # Take the doc and annotations from the sync function, but the
+        # name from the async function. Pallets-Sphinx-Themes
+        # build_function_directive expects __wrapped__ to point to the
+        # sync function.
+        async_func_attrs = ("__module__", "__name__", "__qualname__")
+        normal_func_attrs = tuple(set(WRAPPER_ASSIGNMENTS).difference(async_func_attrs))
+
+        @wraps(normal_func, assigned=normal_func_attrs)
+        @wraps(async_func, assigned=async_func_attrs, updated=())
+        def wrapper(*args, **kwargs):  # type: ignore
+            b = is_async(args)
+
+            if need_eval_context:
+                args = args[1:]
+
+            if b:
+                return async_func(*args, **kwargs)
+
+            return normal_func(*args, **kwargs)
+
+        if need_eval_context:
+            wrapper = pass_eval_context(wrapper)
+
+        wrapper.jinja_async_variant = True  # type: ignore[attr-defined]
+        return wrapper
+
+    return decorator
+
+
+_common_primitives = {int, float, bool, str, list, dict, tuple, type(None)}
+
+
+async def auto_await(value: t.Union[t.Awaitable["V"], "V"]) -> "V":
+    # Avoid a costly call to isawaitable
+    if type(value) in _common_primitives:
+        return t.cast("V", value)
+
+    if inspect.isawaitable(value):
+        return await t.cast("t.Awaitable[V]", value)
+
+    return t.cast("V", value)
+
+
+async def auto_aiter(
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> "t.AsyncIterator[V]":
+    if hasattr(iterable, "__aiter__"):
+        async for item in t.cast("t.AsyncIterable[V]", iterable):
+            yield item
+    else:
+        for item in iterable:
+            yield item
+
+
+async def auto_to_list(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> t.List["V"]:
+    return [x async for x in auto_aiter(value)]
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/bccache.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/bccache.py
new file mode 100644
index 000000000..ada8b099f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/bccache.py
@@ -0,0 +1,408 @@
+"""The optional bytecode cache system. This is useful if you have very
+complex template situations and the compilation of all those templates
+slows down your application too much.
+
+Situations where this is useful are often forking web applications that
+are initialized on the first request.
+"""
+
+import errno
+import fnmatch
+import marshal
+import os
+import pickle
+import stat
+import sys
+import tempfile
+import typing as t
+from hashlib import sha1
+from io import BytesIO
+from types import CodeType
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class _MemcachedClient(te.Protocol):
+        def get(self, key: str) -> bytes: ...
+
+        def set(
+            self, key: str, value: bytes, timeout: t.Optional[int] = None
+        ) -> None: ...
+
+
+bc_version = 5
+# Magic bytes to identify Jinja bytecode cache files. Contains the
+# Python major and minor version to avoid loading incompatible bytecode
+# if a project upgrades its Python version.
+bc_magic = (
+    b"j2"
+    + pickle.dumps(bc_version, 2)
+    + pickle.dumps((sys.version_info[0] << 24) | sys.version_info[1], 2)
+)
+
+
+class Bucket:
+    """Buckets are used to store the bytecode for one template.  It's created
+    and initialized by the bytecode cache and passed to the loading functions.
+
+    The buckets get an internal checksum from the cache assigned and use this
+    to automatically reject outdated cache material.  Individual bytecode
+    cache subclasses don't have to care about cache invalidation.
+    """
+
+    def __init__(self, environment: "Environment", key: str, checksum: str) -> None:
+        self.environment = environment
+        self.key = key
+        self.checksum = checksum
+        self.reset()
+
+    def reset(self) -> None:
+        """Resets the bucket (unloads the bytecode)."""
+        self.code: t.Optional[CodeType] = None
+
+    def load_bytecode(self, f: t.BinaryIO) -> None:
+        """Loads bytecode from a file or file like object."""
+        # make sure the magic header is correct
+        magic = f.read(len(bc_magic))
+        if magic != bc_magic:
+            self.reset()
+            return
+        # the source code of the file changed, we need to reload
+        checksum = pickle.load(f)
+        if self.checksum != checksum:
+            self.reset()
+            return
+        # if marshal_load fails then we need to reload
+        try:
+            self.code = marshal.load(f)
+        except (EOFError, ValueError, TypeError):
+            self.reset()
+            return
+
+    def write_bytecode(self, f: t.IO[bytes]) -> None:
+        """Dump the bytecode into the file or file like object passed."""
+        if self.code is None:
+            raise TypeError("can't write empty bucket")
+        f.write(bc_magic)
+        pickle.dump(self.checksum, f, 2)
+        marshal.dump(self.code, f)
+
+    def bytecode_from_string(self, string: bytes) -> None:
+        """Load bytecode from bytes."""
+        self.load_bytecode(BytesIO(string))
+
+    def bytecode_to_string(self) -> bytes:
+        """Return the bytecode as bytes."""
+        out = BytesIO()
+        self.write_bytecode(out)
+        return out.getvalue()
+
+
+class BytecodeCache:
+    """To implement your own bytecode cache you have to subclass this class
+    and override :meth:`load_bytecode` and :meth:`dump_bytecode`.  Both of
+    these methods are passed a :class:`~jinja2.bccache.Bucket`.
+
+    A very basic bytecode cache that saves the bytecode on the file system::
+
+        from os import path
+
+        class MyCache(BytecodeCache):
+
+            def __init__(self, directory):
+                self.directory = directory
+
+            def load_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                if path.exists(filename):
+                    with open(filename, 'rb') as f:
+                        bucket.load_bytecode(f)
+
+            def dump_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                with open(filename, 'wb') as f:
+                    bucket.write_bytecode(f)
+
+    A more advanced version of a filesystem based bytecode cache is part of
+    Jinja.
+    """
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to load bytecode into a
+        bucket.  If they are not able to find code in the cache for the
+        bucket, it must not do anything.
+        """
+        raise NotImplementedError()
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to write the bytecode
+        from a bucket back to the cache.  If it unable to do so it must not
+        fail silently but raise an exception.
+        """
+        raise NotImplementedError()
+
+    def clear(self) -> None:
+        """Clears the cache.  This method is not used by Jinja but should be
+        implemented to allow applications to clear the bytecode cache used
+        by a particular environment.
+        """
+
+    def get_cache_key(
+        self, name: str, filename: t.Optional[t.Union[str]] = None
+    ) -> str:
+        """Returns the unique hash key for this template name."""
+        hash = sha1(name.encode("utf-8"))
+
+        if filename is not None:
+            hash.update(f"|{filename}".encode())
+
+        return hash.hexdigest()
+
+    def get_source_checksum(self, source: str) -> str:
+        """Returns a checksum for the source."""
+        return sha1(source.encode("utf-8")).hexdigest()
+
+    def get_bucket(
+        self,
+        environment: "Environment",
+        name: str,
+        filename: t.Optional[str],
+        source: str,
+    ) -> Bucket:
+        """Return a cache bucket for the given template.  All arguments are
+        mandatory but filename may be `None`.
+        """
+        key = self.get_cache_key(name, filename)
+        checksum = self.get_source_checksum(source)
+        bucket = Bucket(environment, key, checksum)
+        self.load_bytecode(bucket)
+        return bucket
+
+    def set_bucket(self, bucket: Bucket) -> None:
+        """Put the bucket into the cache."""
+        self.dump_bytecode(bucket)
+
+
+class FileSystemBytecodeCache(BytecodeCache):
+    """A bytecode cache that stores bytecode on the filesystem.  It accepts
+    two arguments: The directory where the cache items are stored and a
+    pattern string that is used to build the filename.
+
+    If no directory is specified a default cache directory is selected.  On
+    Windows the user's temp directory is used, on UNIX systems a directory
+    is created for the user in the system temp directory.
+
+    The pattern can be used to have multiple separate caches operate on the
+    same directory.  The default pattern is ``'__jinja2_%s.cache'``.  ``%s``
+    is replaced with the cache key.
+
+    >>> bcc = FileSystemBytecodeCache('/tmp/jinja_cache', '%s.cache')
+
+    This bytecode cache supports clearing of the cache using the clear method.
+    """
+
+    def __init__(
+        self, directory: t.Optional[str] = None, pattern: str = "__jinja2_%s.cache"
+    ) -> None:
+        if directory is None:
+            directory = self._get_default_cache_dir()
+        self.directory = directory
+        self.pattern = pattern
+
+    def _get_default_cache_dir(self) -> str:
+        def _unsafe_dir() -> "te.NoReturn":
+            raise RuntimeError(
+                "Cannot determine safe temp directory.  You "
+                "need to explicitly provide one."
+            )
+
+        tmpdir = tempfile.gettempdir()
+
+        # On windows the temporary directory is used specific unless
+        # explicitly forced otherwise.  We can just use that.
+        if os.name == "nt":
+            return tmpdir
+        if not hasattr(os, "getuid"):
+            _unsafe_dir()
+
+        dirname = f"_jinja2-cache-{os.getuid()}"
+        actual_dir = os.path.join(tmpdir, dirname)
+
+        try:
+            os.mkdir(actual_dir, stat.S_IRWXU)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+        try:
+            os.chmod(actual_dir, stat.S_IRWXU)
+            actual_dir_stat = os.lstat(actual_dir)
+            if (
+                actual_dir_stat.st_uid != os.getuid()
+                or not stat.S_ISDIR(actual_dir_stat.st_mode)
+                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+            ):
+                _unsafe_dir()
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+
+        actual_dir_stat = os.lstat(actual_dir)
+        if (
+            actual_dir_stat.st_uid != os.getuid()
+            or not stat.S_ISDIR(actual_dir_stat.st_mode)
+            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+        ):
+            _unsafe_dir()
+
+        return actual_dir
+
+    def _get_cache_filename(self, bucket: Bucket) -> str:
+        return os.path.join(self.directory, self.pattern % (bucket.key,))
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        filename = self._get_cache_filename(bucket)
+
+        # Don't test for existence before opening the file, since the
+        # file could disappear after the test before the open.
+        try:
+            f = open(filename, "rb")
+        except (FileNotFoundError, IsADirectoryError, PermissionError):
+            # PermissionError can occur on Windows when an operation is
+            # in progress, such as calling clear().
+            return
+
+        with f:
+            bucket.load_bytecode(f)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        # Write to a temporary file, then rename to the real name after
+        # writing. This avoids another process reading the file before
+        # it is fully written.
+        name = self._get_cache_filename(bucket)
+        f = tempfile.NamedTemporaryFile(
+            mode="wb",
+            dir=os.path.dirname(name),
+            prefix=os.path.basename(name),
+            suffix=".tmp",
+            delete=False,
+        )
+
+        def remove_silent() -> None:
+            try:
+                os.remove(f.name)
+            except OSError:
+                # Another process may have called clear(). On Windows,
+                # another program may be holding the file open.
+                pass
+
+        try:
+            with f:
+                bucket.write_bytecode(f)
+        except BaseException:
+            remove_silent()
+            raise
+
+        try:
+            os.replace(f.name, name)
+        except OSError:
+            # Another process may have called clear(). On Windows,
+            # another program may be holding the file open.
+            remove_silent()
+        except BaseException:
+            remove_silent()
+            raise
+
+    def clear(self) -> None:
+        # imported lazily here because google app-engine doesn't support
+        # write access on the file system and the function does not exist
+        # normally.
+        from os import remove
+
+        files = fnmatch.filter(os.listdir(self.directory), self.pattern % ("*",))
+        for filename in files:
+            try:
+                remove(os.path.join(self.directory, filename))
+            except OSError:
+                pass
+
+
+class MemcachedBytecodeCache(BytecodeCache):
+    """This class implements a bytecode cache that uses a memcache cache for
+    storing the information.  It does not enforce a specific memcache library
+    (tummy's memcache or cmemcache) but will accept any class that provides
+    the minimal interface required.
+
+    Libraries compatible with this class:
+
+    -   `cachelib <https://github.com/pallets/cachelib>`_
+    -   `python-memcached <https://pypi.org/project/python-memcached/>`_
+
+    (Unfortunately the django cache interface is not compatible because it
+    does not support storing binary data, only text. You can however pass
+    the underlying cache client to the bytecode cache which is available
+    as `django.core.cache.cache._client`.)
+
+    The minimal interface for the client passed to the constructor is this:
+
+    .. class:: MinimalClientInterface
+
+        .. method:: set(key, value[, timeout])
+
+            Stores the bytecode in the cache.  `value` is a string and
+            `timeout` the timeout of the key.  If timeout is not provided
+            a default timeout or no timeout should be assumed, if it's
+            provided it's an integer with the number of seconds the cache
+            item should exist.
+
+        .. method:: get(key)
+
+            Returns the value for the cache key.  If the item does not
+            exist in the cache the return value must be `None`.
+
+    The other arguments to the constructor are the prefix for all keys that
+    is added before the actual cache key and the timeout for the bytecode in
+    the cache system.  We recommend a high (or no) timeout.
+
+    This bytecode cache does not support clearing of used items in the cache.
+    The clear method is a no-operation function.
+
+    .. versionadded:: 2.7
+       Added support for ignoring memcache errors through the
+       `ignore_memcache_errors` parameter.
+    """
+
+    def __init__(
+        self,
+        client: "_MemcachedClient",
+        prefix: str = "jinja2/bytecode/",
+        timeout: t.Optional[int] = None,
+        ignore_memcache_errors: bool = True,
+    ):
+        self.client = client
+        self.prefix = prefix
+        self.timeout = timeout
+        self.ignore_memcache_errors = ignore_memcache_errors
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        try:
+            code = self.client.get(self.prefix + bucket.key)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
+        else:
+            bucket.bytecode_from_string(code)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        key = self.prefix + bucket.key
+        value = bucket.bytecode_to_string()
+
+        try:
+            if self.timeout is not None:
+                self.client.set(key, value, self.timeout)
+            else:
+                self.client.set(key, value)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/compiler.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/compiler.py
new file mode 100644
index 000000000..274071750
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/compiler.py
@@ -0,0 +1,1960 @@
+"""Compiles nodes from the parser into Python code."""
+
+import typing as t
+from contextlib import contextmanager
+from functools import update_wrapper
+from io import StringIO
+from itertools import chain
+from keyword import iskeyword as is_python_keyword
+
+from markupsafe import escape
+from markupsafe import Markup
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .idtracking import Symbols
+from .idtracking import VAR_LOAD_ALIAS
+from .idtracking import VAR_LOAD_PARAMETER
+from .idtracking import VAR_LOAD_RESOLVE
+from .idtracking import VAR_LOAD_UNDEFINED
+from .nodes import EvalContext
+from .optimizer import Optimizer
+from .utils import _PassArg
+from .utils import concat
+from .visitor import NodeVisitor
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+operators = {
+    "eq": "==",
+    "ne": "!=",
+    "gt": ">",
+    "gteq": ">=",
+    "lt": "<",
+    "lteq": "<=",
+    "in": "in",
+    "notin": "not in",
+}
+
+
+def optimizeconst(f: F) -> F:
+    def new_func(
+        self: "CodeGenerator", node: nodes.Expr, frame: "Frame", **kwargs: t.Any
+    ) -> t.Any:
+        # Only optimize if the frame is not volatile
+        if self.optimizer is not None and not frame.eval_ctx.volatile:
+            new_node = self.optimizer.visit(node, frame.eval_ctx)
+
+            if new_node != node:
+                return self.visit(new_node, frame)
+
+        return f(self, node, frame, **kwargs)
+
+    return update_wrapper(t.cast(F, new_func), f)
+
+
+def _make_binop(op: str) -> t.Callable[["CodeGenerator", nodes.BinExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.BinExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_binops  # type: ignore
+        ):
+            self.write(f"environment.call_binop(context, {op!r}, ")
+            self.visit(node.left, frame)
+            self.write(", ")
+            self.visit(node.right, frame)
+        else:
+            self.write("(")
+            self.visit(node.left, frame)
+            self.write(f" {op} ")
+            self.visit(node.right, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def _make_unop(
+    op: str,
+) -> t.Callable[["CodeGenerator", nodes.UnaryExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.UnaryExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_unops  # type: ignore
+        ):
+            self.write(f"environment.call_unop(context, {op!r}, ")
+            self.visit(node.node, frame)
+        else:
+            self.write("(" + op)
+            self.visit(node.node, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def generate(
+    node: nodes.Template,
+    environment: "Environment",
+    name: t.Optional[str],
+    filename: t.Optional[str],
+    stream: t.Optional[t.TextIO] = None,
+    defer_init: bool = False,
+    optimized: bool = True,
+) -> t.Optional[str]:
+    """Generate the python source for a node tree."""
+    if not isinstance(node, nodes.Template):
+        raise TypeError("Can't compile non template nodes")
+
+    generator = environment.code_generator_class(
+        environment, name, filename, stream, defer_init, optimized
+    )
+    generator.visit(node)
+
+    if stream is None:
+        return generator.stream.getvalue()  # type: ignore
+
+    return None
+
+
+def has_safe_repr(value: t.Any) -> bool:
+    """Does the node have a safe representation?"""
+    if value is None or value is NotImplemented or value is Ellipsis:
+        return True
+
+    if type(value) in {bool, int, float, complex, range, str, Markup}:
+        return True
+
+    if type(value) in {tuple, list, set, frozenset}:
+        return all(has_safe_repr(v) for v in value)
+
+    if type(value) is dict:  # noqa E721
+        return all(has_safe_repr(k) and has_safe_repr(v) for k, v in value.items())
+
+    return False
+
+
+def find_undeclared(
+    nodes: t.Iterable[nodes.Node], names: t.Iterable[str]
+) -> t.Set[str]:
+    """Check if the names passed are accessed undeclared.  The return value
+    is a set of all the undeclared names from the sequence of names found.
+    """
+    visitor = UndeclaredNameVisitor(names)
+    try:
+        for node in nodes:
+            visitor.visit(node)
+    except VisitorExit:
+        pass
+    return visitor.undeclared
+
+
+class MacroRef:
+    def __init__(self, node: t.Union[nodes.Macro, nodes.CallBlock]) -> None:
+        self.node = node
+        self.accesses_caller = False
+        self.accesses_kwargs = False
+        self.accesses_varargs = False
+
+
+class Frame:
+    """Holds compile time information for us."""
+
+    def __init__(
+        self,
+        eval_ctx: EvalContext,
+        parent: t.Optional["Frame"] = None,
+        level: t.Optional[int] = None,
+    ) -> None:
+        self.eval_ctx = eval_ctx
+
+        # the parent of this frame
+        self.parent = parent
+
+        if parent is None:
+            self.symbols = Symbols(level=level)
+
+            # in some dynamic inheritance situations the compiler needs to add
+            # write tests around output statements.
+            self.require_output_check = False
+
+            # inside some tags we are using a buffer rather than yield statements.
+            # this for example affects {% filter %} or {% macro %}.  If a frame
+            # is buffered this variable points to the name of the list used as
+            # buffer.
+            self.buffer: t.Optional[str] = None
+
+            # the name of the block we're in, otherwise None.
+            self.block: t.Optional[str] = None
+
+        else:
+            self.symbols = Symbols(parent.symbols, level=level)
+            self.require_output_check = parent.require_output_check
+            self.buffer = parent.buffer
+            self.block = parent.block
+
+        # a toplevel frame is the root + soft frames such as if conditions.
+        self.toplevel = False
+
+        # the root frame is basically just the outermost frame, so no if
+        # conditions.  This information is used to optimize inheritance
+        # situations.
+        self.rootlevel = False
+
+        # variables set inside of loops and blocks should not affect outer frames,
+        # but they still needs to be kept track of as part of the active context.
+        self.loop_frame = False
+        self.block_frame = False
+
+        # track whether the frame is being used in an if-statement or conditional
+        # expression as it determines which errors should be raised during runtime
+        # or compile time.
+        self.soft_frame = False
+
+    def copy(self) -> "Frame":
+        """Create a copy of the current one."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.symbols = self.symbols.copy()
+        return rv
+
+    def inner(self, isolated: bool = False) -> "Frame":
+        """Return an inner frame."""
+        if isolated:
+            return Frame(self.eval_ctx, level=self.symbols.level + 1)
+        return Frame(self.eval_ctx, self)
+
+    def soft(self) -> "Frame":
+        """Return a soft frame.  A soft frame may not be modified as
+        standalone thing as it shares the resources with the frame it
+        was created of, but it's not a rootlevel frame any longer.
+
+        This is only used to implement if-statements and conditional
+        expressions.
+        """
+        rv = self.copy()
+        rv.rootlevel = False
+        rv.soft_frame = True
+        return rv
+
+    __copy__ = copy
+
+
+class VisitorExit(RuntimeError):
+    """Exception used by the `UndeclaredNameVisitor` to signal a stop."""
+
+
+class DependencyFinderVisitor(NodeVisitor):
+    """A visitor that collects filter and test calls."""
+
+    def __init__(self) -> None:
+        self.filters: t.Set[str] = set()
+        self.tests: t.Set[str] = set()
+
+    def visit_Filter(self, node: nodes.Filter) -> None:
+        self.generic_visit(node)
+        self.filters.add(node.name)
+
+    def visit_Test(self, node: nodes.Test) -> None:
+        self.generic_visit(node)
+        self.tests.add(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting at blocks."""
+
+
+class UndeclaredNameVisitor(NodeVisitor):
+    """A visitor that checks if a name is accessed without being
+    declared.  This is different from the frame visitor as it will
+    not stop at closure frames.
+    """
+
+    def __init__(self, names: t.Iterable[str]) -> None:
+        self.names = set(names)
+        self.undeclared: t.Set[str] = set()
+
+    def visit_Name(self, node: nodes.Name) -> None:
+        if node.ctx == "load" and node.name in self.names:
+            self.undeclared.add(node.name)
+            if self.undeclared == self.names:
+                raise VisitorExit()
+        else:
+            self.names.discard(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting a blocks."""
+
+
+class CompilerExit(Exception):
+    """Raised if the compiler encountered a situation where it just
+    doesn't make sense to further process the code.  Any block that
+    raises such an exception is not further processed.
+    """
+
+
+class CodeGenerator(NodeVisitor):
+    def __init__(
+        self,
+        environment: "Environment",
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        stream: t.Optional[t.TextIO] = None,
+        defer_init: bool = False,
+        optimized: bool = True,
+    ) -> None:
+        if stream is None:
+            stream = StringIO()
+        self.environment = environment
+        self.name = name
+        self.filename = filename
+        self.stream = stream
+        self.created_block_context = False
+        self.defer_init = defer_init
+        self.optimizer: t.Optional[Optimizer] = None
+
+        if optimized:
+            self.optimizer = Optimizer(environment)
+
+        # aliases for imports
+        self.import_aliases: t.Dict[str, str] = {}
+
+        # a registry for all blocks.  Because blocks are moved out
+        # into the global python scope they are registered here
+        self.blocks: t.Dict[str, nodes.Block] = {}
+
+        # the number of extends statements so far
+        self.extends_so_far = 0
+
+        # some templates have a rootlevel extends.  In this case we
+        # can safely assume that we're a child template and do some
+        # more optimizations.
+        self.has_known_extends = False
+
+        # the current line number
+        self.code_lineno = 1
+
+        # registry of all filters and tests (global, not block local)
+        self.tests: t.Dict[str, str] = {}
+        self.filters: t.Dict[str, str] = {}
+
+        # the debug information
+        self.debug_info: t.List[t.Tuple[int, int]] = []
+        self._write_debug_info: t.Optional[int] = None
+
+        # the number of new lines before the next write()
+        self._new_lines = 0
+
+        # the line number of the last written statement
+        self._last_line = 0
+
+        # true if nothing was written so far.
+        self._first_write = True
+
+        # used by the `temporary_identifier` method to get new
+        # unique, temporary identifier
+        self._last_identifier = 0
+
+        # the current indentation
+        self._indentation = 0
+
+        # Tracks toplevel assignments
+        self._assign_stack: t.List[t.Set[str]] = []
+
+        # Tracks parameter definition blocks
+        self._param_def_block: t.List[t.Set[str]] = []
+
+        # Tracks the current context.
+        self._context_reference_stack = ["context"]
+
+    @property
+    def optimized(self) -> bool:
+        return self.optimizer is not None
+
+    # -- Various compilation helpers
+
+    def fail(self, msg: str, lineno: int) -> "te.NoReturn":
+        """Fail with a :exc:`TemplateAssertionError`."""
+        raise TemplateAssertionError(msg, lineno, self.name, self.filename)
+
+    def temporary_identifier(self) -> str:
+        """Get a new unique identifier."""
+        self._last_identifier += 1
+        return f"t_{self._last_identifier}"
+
+    def buffer(self, frame: Frame) -> None:
+        """Enable buffering for the frame from that point onwards."""
+        frame.buffer = self.temporary_identifier()
+        self.writeline(f"{frame.buffer} = []")
+
+    def return_buffer_contents(
+        self, frame: Frame, force_unescaped: bool = False
+    ) -> None:
+        """Return the buffer contents of the frame."""
+        if not force_unescaped:
+            if frame.eval_ctx.volatile:
+                self.writeline("if context.eval_ctx.autoescape:")
+                self.indent()
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                self.outdent()
+                self.writeline("else:")
+                self.indent()
+                self.writeline(f"return concat({frame.buffer})")
+                self.outdent()
+                return
+            elif frame.eval_ctx.autoescape:
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                return
+        self.writeline(f"return concat({frame.buffer})")
+
+    def indent(self) -> None:
+        """Indent by one."""
+        self._indentation += 1
+
+    def outdent(self, step: int = 1) -> None:
+        """Outdent by step."""
+        self._indentation -= step
+
+    def start_write(self, frame: Frame, node: t.Optional[nodes.Node] = None) -> None:
+        """Yield or write into the frame buffer."""
+        if frame.buffer is None:
+            self.writeline("yield ", node)
+        else:
+            self.writeline(f"{frame.buffer}.append(", node)
+
+    def end_write(self, frame: Frame) -> None:
+        """End the writing process started by `start_write`."""
+        if frame.buffer is not None:
+            self.write(")")
+
+    def simple_write(
+        self, s: str, frame: Frame, node: t.Optional[nodes.Node] = None
+    ) -> None:
+        """Simple shortcut for start_write + write + end_write."""
+        self.start_write(frame, node)
+        self.write(s)
+        self.end_write(frame)
+
+    def blockvisit(self, nodes: t.Iterable[nodes.Node], frame: Frame) -> None:
+        """Visit a list of nodes as block in a frame.  If the current frame
+        is no buffer a dummy ``if 0: yield None`` is written automatically.
+        """
+        try:
+            self.writeline("pass")
+            for node in nodes:
+                self.visit(node, frame)
+        except CompilerExit:
+            pass
+
+    def write(self, x: str) -> None:
+        """Write a string into the output stream."""
+        if self._new_lines:
+            if not self._first_write:
+                self.stream.write("\n" * self._new_lines)
+                self.code_lineno += self._new_lines
+                if self._write_debug_info is not None:
+                    self.debug_info.append((self._write_debug_info, self.code_lineno))
+                    self._write_debug_info = None
+            self._first_write = False
+            self.stream.write("    " * self._indentation)
+            self._new_lines = 0
+        self.stream.write(x)
+
+    def writeline(
+        self, x: str, node: t.Optional[nodes.Node] = None, extra: int = 0
+    ) -> None:
+        """Combination of newline and write."""
+        self.newline(node, extra)
+        self.write(x)
+
+    def newline(self, node: t.Optional[nodes.Node] = None, extra: int = 0) -> None:
+        """Add one or more newlines before the next write."""
+        self._new_lines = max(self._new_lines, 1 + extra)
+        if node is not None and node.lineno != self._last_line:
+            self._write_debug_info = node.lineno
+            self._last_line = node.lineno
+
+    def signature(
+        self,
+        node: t.Union[nodes.Call, nodes.Filter, nodes.Test],
+        frame: Frame,
+        extra_kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> None:
+        """Writes a function call to the stream for the current node.
+        A leading comma is added automatically.  The extra keyword
+        arguments may not include python keywords otherwise a syntax
+        error could occur.  The extra keyword arguments should be given
+        as python dict.
+        """
+        # if any of the given keyword arguments is a python keyword
+        # we have to make sure that no invalid call is created.
+        kwarg_workaround = any(
+            is_python_keyword(t.cast(str, k))
+            for k in chain((x.key for x in node.kwargs), extra_kwargs or ())
+        )
+
+        for arg in node.args:
+            self.write(", ")
+            self.visit(arg, frame)
+
+        if not kwarg_workaround:
+            for kwarg in node.kwargs:
+                self.write(", ")
+                self.visit(kwarg, frame)
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f", {key}={value}")
+        if node.dyn_args:
+            self.write(", *")
+            self.visit(node.dyn_args, frame)
+
+        if kwarg_workaround:
+            if node.dyn_kwargs is not None:
+                self.write(", **dict({")
+            else:
+                self.write(", **{")
+            for kwarg in node.kwargs:
+                self.write(f"{kwarg.key!r}: ")
+                self.visit(kwarg.value, frame)
+                self.write(", ")
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f"{key!r}: {value}, ")
+            if node.dyn_kwargs is not None:
+                self.write("}, **")
+                self.visit(node.dyn_kwargs, frame)
+                self.write(")")
+            else:
+                self.write("}")
+
+        elif node.dyn_kwargs is not None:
+            self.write(", **")
+            self.visit(node.dyn_kwargs, frame)
+
+    def pull_dependencies(self, nodes: t.Iterable[nodes.Node]) -> None:
+        """Find all filter and test names used in the template and
+        assign them to variables in the compiled namespace. Checking
+        that the names are registered with the environment is done when
+        compiling the Filter and Test nodes. If the node is in an If or
+        CondExpr node, the check is done at runtime instead.
+
+        .. versionchanged:: 3.0
+            Filters and tests in If and CondExpr nodes are checked at
+            runtime instead of compile time.
+        """
+        visitor = DependencyFinderVisitor()
+
+        for node in nodes:
+            visitor.visit(node)
+
+        for id_map, names, dependency in (
+            (self.filters, visitor.filters, "filters"),
+            (
+                self.tests,
+                visitor.tests,
+                "tests",
+            ),
+        ):
+            for name in sorted(names):
+                if name not in id_map:
+                    id_map[name] = self.temporary_identifier()
+
+                # add check during runtime that dependencies used inside of executed
+                # blocks are defined, as this step may be skipped during compile time
+                self.writeline("try:")
+                self.indent()
+                self.writeline(f"{id_map[name]} = environment.{dependency}[{name!r}]")
+                self.outdent()
+                self.writeline("except KeyError:")
+                self.indent()
+                self.writeline("@internalcode")
+                self.writeline(f"def {id_map[name]}(*unused):")
+                self.indent()
+                self.writeline(
+                    f'raise TemplateRuntimeError("No {dependency[:-1]}'
+                    f' named {name!r} found.")'
+                )
+                self.outdent()
+                self.outdent()
+
+    def enter_frame(self, frame: Frame) -> None:
+        undefs = []
+        for target, (action, param) in frame.symbols.loads.items():
+            if action == VAR_LOAD_PARAMETER:
+                pass
+            elif action == VAR_LOAD_RESOLVE:
+                self.writeline(f"{target} = {self.get_resolve_func()}({param!r})")
+            elif action == VAR_LOAD_ALIAS:
+                self.writeline(f"{target} = {param}")
+            elif action == VAR_LOAD_UNDEFINED:
+                undefs.append(target)
+            else:
+                raise NotImplementedError("unknown load instruction")
+        if undefs:
+            self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def leave_frame(self, frame: Frame, with_python_scope: bool = False) -> None:
+        if not with_python_scope:
+            undefs = []
+            for target in frame.symbols.loads:
+                undefs.append(target)
+            if undefs:
+                self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def choose_async(self, async_value: str = "async ", sync_value: str = "") -> str:
+        return async_value if self.environment.is_async else sync_value
+
+    def func(self, name: str) -> str:
+        return f"{self.choose_async()}def {name}"
+
+    def macro_body(
+        self, node: t.Union[nodes.Macro, nodes.CallBlock], frame: Frame
+    ) -> t.Tuple[Frame, MacroRef]:
+        """Dump the function def of a macro or call block."""
+        frame = frame.inner()
+        frame.symbols.analyze_node(node)
+        macro_ref = MacroRef(node)
+
+        explicit_caller = None
+        skip_special_params = set()
+        args = []
+
+        for idx, arg in enumerate(node.args):
+            if arg.name == "caller":
+                explicit_caller = idx
+            if arg.name in ("kwargs", "varargs"):
+                skip_special_params.add(arg.name)
+            args.append(frame.symbols.ref(arg.name))
+
+        undeclared = find_undeclared(node.body, ("caller", "kwargs", "varargs"))
+
+        if "caller" in undeclared:
+            # In older Jinja versions there was a bug that allowed caller
+            # to retain the special behavior even if it was mentioned in
+            # the argument list.  However thankfully this was only really
+            # working if it was the last argument.  So we are explicitly
+            # checking this now and error out if it is anywhere else in
+            # the argument list.
+            if explicit_caller is not None:
+                try:
+                    node.defaults[explicit_caller - len(node.args)]
+                except IndexError:
+                    self.fail(
+                        "When defining macros or call blocks the "
+                        'special "caller" argument must be omitted '
+                        "or be given a default.",
+                        node.lineno,
+                    )
+            else:
+                args.append(frame.symbols.declare_parameter("caller"))
+            macro_ref.accesses_caller = True
+        if "kwargs" in undeclared and "kwargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("kwargs"))
+            macro_ref.accesses_kwargs = True
+        if "varargs" in undeclared and "varargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("varargs"))
+            macro_ref.accesses_varargs = True
+
+        # macros are delayed, they never require output checks
+        frame.require_output_check = False
+        frame.symbols.analyze_node(node)
+        self.writeline(f"{self.func('macro')}({', '.join(args)}):", node)
+        self.indent()
+
+        self.buffer(frame)
+        self.enter_frame(frame)
+
+        self.push_parameter_definitions(frame)
+        for idx, arg in enumerate(node.args):
+            ref = frame.symbols.ref(arg.name)
+            self.writeline(f"if {ref} is missing:")
+            self.indent()
+            try:
+                default = node.defaults[idx - len(node.args)]
+            except IndexError:
+                self.writeline(
+                    f'{ref} = undefined("parameter {arg.name!r} was not provided",'
+                    f" name={arg.name!r})"
+                )
+            else:
+                self.writeline(f"{ref} = ")
+                self.visit(default, frame)
+            self.mark_parameter_stored(ref)
+            self.outdent()
+        self.pop_parameter_definitions()
+
+        self.blockvisit(node.body, frame)
+        self.return_buffer_contents(frame, force_unescaped=True)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        return frame, macro_ref
+
+    def macro_def(self, macro_ref: MacroRef, frame: Frame) -> None:
+        """Dump the macro definition for the def created by macro_body."""
+        arg_tuple = ", ".join(repr(x.name) for x in macro_ref.node.args)
+        name = getattr(macro_ref.node, "name", None)
+        if len(macro_ref.node.args) == 1:
+            arg_tuple += ","
+        self.write(
+            f"Macro(environment, macro, {name!r}, ({arg_tuple}),"
+            f" {macro_ref.accesses_kwargs!r}, {macro_ref.accesses_varargs!r},"
+            f" {macro_ref.accesses_caller!r}, context.eval_ctx.autoescape)"
+        )
+
+    def position(self, node: nodes.Node) -> str:
+        """Return a human readable position for the node."""
+        rv = f"line {node.lineno}"
+        if self.name is not None:
+            rv = f"{rv} in {self.name!r}"
+        return rv
+
+    def dump_local_context(self, frame: Frame) -> str:
+        items_kv = ", ".join(
+            f"{name!r}: {target}"
+            for name, target in frame.symbols.dump_stores().items()
+        )
+        return f"{{{items_kv}}}"
+
+    def write_commons(self) -> None:
+        """Writes a common preamble that is used by root and block functions.
+        Primarily this sets up common local helpers and enforces a generator
+        through a dead branch.
+        """
+        self.writeline("resolve = context.resolve_or_missing")
+        self.writeline("undefined = environment.undefined")
+        self.writeline("concat = environment.concat")
+        # always use the standard Undefined class for the implicit else of
+        # conditional expressions
+        self.writeline("cond_expr_undefined = Undefined")
+        self.writeline("if 0: yield None")
+
+    def push_parameter_definitions(self, frame: Frame) -> None:
+        """Pushes all parameter targets from the given frame into a local
+        stack that permits tracking of yet to be assigned parameters.  In
+        particular this enables the optimization from `visit_Name` to skip
+        undefined expressions for parameters in macros as macros can reference
+        otherwise unbound parameters.
+        """
+        self._param_def_block.append(frame.symbols.dump_param_targets())
+
+    def pop_parameter_definitions(self) -> None:
+        """Pops the current parameter definitions set."""
+        self._param_def_block.pop()
+
+    def mark_parameter_stored(self, target: str) -> None:
+        """Marks a parameter in the current parameter definitions as stored.
+        This will skip the enforced undefined checks.
+        """
+        if self._param_def_block:
+            self._param_def_block[-1].discard(target)
+
+    def push_context_reference(self, target: str) -> None:
+        self._context_reference_stack.append(target)
+
+    def pop_context_reference(self) -> None:
+        self._context_reference_stack.pop()
+
+    def get_context_ref(self) -> str:
+        return self._context_reference_stack[-1]
+
+    def get_resolve_func(self) -> str:
+        target = self._context_reference_stack[-1]
+        if target == "context":
+            return "resolve"
+        return f"{target}.resolve"
+
+    def derive_context(self, frame: Frame) -> str:
+        return f"{self.get_context_ref()}.derived({self.dump_local_context(frame)})"
+
+    def parameter_is_undeclared(self, target: str) -> bool:
+        """Checks if a given target is an undeclared parameter."""
+        if not self._param_def_block:
+            return False
+        return target in self._param_def_block[-1]
+
+    def push_assign_tracking(self) -> None:
+        """Pushes a new layer for assignment tracking."""
+        self._assign_stack.append(set())
+
+    def pop_assign_tracking(self, frame: Frame) -> None:
+        """Pops the topmost level for assignment tracking and updates the
+        context variables if necessary.
+        """
+        vars = self._assign_stack.pop()
+        if (
+            not frame.block_frame
+            and not frame.loop_frame
+            and not frame.toplevel
+            or not vars
+        ):
+            return
+        public_names = [x for x in vars if x[:1] != "_"]
+        if len(vars) == 1:
+            name = next(iter(vars))
+            ref = frame.symbols.ref(name)
+            if frame.loop_frame:
+                self.writeline(f"_loop_vars[{name!r}] = {ref}")
+                return
+            if frame.block_frame:
+                self.writeline(f"_block_vars[{name!r}] = {ref}")
+                return
+            self.writeline(f"context.vars[{name!r}] = {ref}")
+        else:
+            if frame.loop_frame:
+                self.writeline("_loop_vars.update({")
+            elif frame.block_frame:
+                self.writeline("_block_vars.update({")
+            else:
+                self.writeline("context.vars.update({")
+            for idx, name in enumerate(vars):
+                if idx:
+                    self.write(", ")
+                ref = frame.symbols.ref(name)
+                self.write(f"{name!r}: {ref}")
+            self.write("})")
+        if not frame.block_frame and not frame.loop_frame and public_names:
+            if len(public_names) == 1:
+                self.writeline(f"context.exported_vars.add({public_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, public_names))
+                self.writeline(f"context.exported_vars.update(({names_str}))")
+
+    # -- Statement Visitors
+
+    def visit_Template(
+        self, node: nodes.Template, frame: t.Optional[Frame] = None
+    ) -> None:
+        assert frame is None, "no root frame allowed"
+        eval_ctx = EvalContext(self.environment, self.name)
+
+        from .runtime import async_exported
+        from .runtime import exported
+
+        if self.environment.is_async:
+            exported_names = sorted(exported + async_exported)
+        else:
+            exported_names = sorted(exported)
+
+        self.writeline("from jinja2.runtime import " + ", ".join(exported_names))
+
+        # if we want a deferred initialization we cannot move the
+        # environment into a local name
+        envenv = "" if self.defer_init else ", environment=environment"
+
+        # do we have an extends tag at all?  If not, we can save some
+        # overhead by just not processing any inheritance code.
+        have_extends = node.find(nodes.Extends) is not None
+
+        # find all blocks
+        for block in node.find_all(nodes.Block):
+            if block.name in self.blocks:
+                self.fail(f"block {block.name!r} defined twice", block.lineno)
+            self.blocks[block.name] = block
+
+        # find all imports and import them
+        for import_ in node.find_all(nodes.ImportedName):
+            if import_.importname not in self.import_aliases:
+                imp = import_.importname
+                self.import_aliases[imp] = alias = self.temporary_identifier()
+                if "." in imp:
+                    module, obj = imp.rsplit(".", 1)
+                    self.writeline(f"from {module} import {obj} as {alias}")
+                else:
+                    self.writeline(f"import {imp} as {alias}")
+
+        # add the load name
+        self.writeline(f"name = {self.name!r}")
+
+        # generate the root render function.
+        self.writeline(
+            f"{self.func('root')}(context, missing=missing{envenv}):", extra=1
+        )
+        self.indent()
+        self.write_commons()
+
+        # process the root
+        frame = Frame(eval_ctx)
+        if "self" in find_undeclared(node.body, ("self",)):
+            ref = frame.symbols.declare_parameter("self")
+            self.writeline(f"{ref} = TemplateReference(context)")
+        frame.symbols.analyze_node(node)
+        frame.toplevel = frame.rootlevel = True
+        frame.require_output_check = have_extends and not self.has_known_extends
+        if have_extends:
+            self.writeline("parent_template = None")
+        self.enter_frame(frame)
+        self.pull_dependencies(node.body)
+        self.blockvisit(node.body, frame)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        # make sure that the parent root is called.
+        if have_extends:
+            if not self.has_known_extends:
+                self.indent()
+                self.writeline("if parent_template is not None:")
+            self.indent()
+            if not self.environment.is_async:
+                self.writeline("yield from parent_template.root_render_func(context)")
+            else:
+                self.writeline(
+                    "async for event in parent_template.root_render_func(context):"
+                )
+                self.indent()
+                self.writeline("yield event")
+                self.outdent()
+            self.outdent(1 + (not self.has_known_extends))
+
+        # at this point we now have the blocks collected and can visit them too.
+        for name, block in self.blocks.items():
+            self.writeline(
+                f"{self.func('block_' + name)}(context, missing=missing{envenv}):",
+                block,
+                1,
+            )
+            self.indent()
+            self.write_commons()
+            # It's important that we do not make this frame a child of the
+            # toplevel template.  This would cause a variety of
+            # interesting issues with identifier tracking.
+            block_frame = Frame(eval_ctx)
+            block_frame.block_frame = True
+            undeclared = find_undeclared(block.body, ("self", "super"))
+            if "self" in undeclared:
+                ref = block_frame.symbols.declare_parameter("self")
+                self.writeline(f"{ref} = TemplateReference(context)")
+            if "super" in undeclared:
+                ref = block_frame.symbols.declare_parameter("super")
+                self.writeline(f"{ref} = context.super({name!r}, block_{name})")
+            block_frame.symbols.analyze_node(block)
+            block_frame.block = name
+            self.writeline("_block_vars = {}")
+            self.enter_frame(block_frame)
+            self.pull_dependencies(block.body)
+            self.blockvisit(block.body, block_frame)
+            self.leave_frame(block_frame, with_python_scope=True)
+            self.outdent()
+
+        blocks_kv_str = ", ".join(f"{x!r}: block_{x}" for x in self.blocks)
+        self.writeline(f"blocks = {{{blocks_kv_str}}}", extra=1)
+        debug_kv_str = "&".join(f"{k}={v}" for k, v in self.debug_info)
+        self.writeline(f"debug_info = {debug_kv_str!r}")
+
+    def visit_Block(self, node: nodes.Block, frame: Frame) -> None:
+        """Call a block and register it for the template."""
+        level = 0
+        if frame.toplevel:
+            # if we know that we are a child template, there is no need to
+            # check if we are one
+            if self.has_known_extends:
+                return
+            if self.extends_so_far > 0:
+                self.writeline("if parent_template is None:")
+                self.indent()
+                level += 1
+
+        if node.scoped:
+            context = self.derive_context(frame)
+        else:
+            context = self.get_context_ref()
+
+        if node.required:
+            self.writeline(f"if len(context.blocks[{node.name!r}]) <= 1:", node)
+            self.indent()
+            self.writeline(
+                f'raise TemplateRuntimeError("Required block {node.name!r} not found")',
+                node,
+            )
+            self.outdent()
+
+        if not self.environment.is_async and frame.buffer is None:
+            self.writeline(
+                f"yield from context.blocks[{node.name!r}][0]({context})", node
+            )
+        else:
+            self.writeline(
+                f"{self.choose_async()}for event in"
+                f" context.blocks[{node.name!r}][0]({context}):",
+                node,
+            )
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        self.outdent(level)
+
+    def visit_Extends(self, node: nodes.Extends, frame: Frame) -> None:
+        """Calls the extender."""
+        if not frame.toplevel:
+            self.fail("cannot use extend from a non top-level scope", node.lineno)
+
+        # if the number of extends statements in general is zero so
+        # far, we don't have to add a check if something extended
+        # the template before this one.
+        if self.extends_so_far > 0:
+            # if we have a known extends we just add a template runtime
+            # error into the generated code.  We could catch that at compile
+            # time too, but i welcome it not to confuse users by throwing the
+            # same error at different times just "because we can".
+            if not self.has_known_extends:
+                self.writeline("if parent_template is not None:")
+                self.indent()
+            self.writeline('raise TemplateRuntimeError("extended multiple times")')
+
+            # if we have a known extends already we don't need that code here
+            # as we know that the template execution will end here.
+            if self.has_known_extends:
+                raise CompilerExit()
+            else:
+                self.outdent()
+
+        self.writeline("parent_template = environment.get_template(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        self.writeline("for name, parent_block in parent_template.blocks.items():")
+        self.indent()
+        self.writeline("context.blocks.setdefault(name, []).append(parent_block)")
+        self.outdent()
+
+        # if this extends statement was in the root level we can take
+        # advantage of that information and simplify the generated code
+        # in the top level from this point onwards
+        if frame.rootlevel:
+            self.has_known_extends = True
+
+        # and now we have one more
+        self.extends_so_far += 1
+
+    def visit_Include(self, node: nodes.Include, frame: Frame) -> None:
+        """Handles includes."""
+        if node.ignore_missing:
+            self.writeline("try:")
+            self.indent()
+
+        func_name = "get_or_select_template"
+        if isinstance(node.template, nodes.Const):
+            if isinstance(node.template.value, str):
+                func_name = "get_template"
+            elif isinstance(node.template.value, (tuple, list)):
+                func_name = "select_template"
+        elif isinstance(node.template, (nodes.Tuple, nodes.List)):
+            func_name = "select_template"
+
+        self.writeline(f"template = environment.{func_name}(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        if node.ignore_missing:
+            self.outdent()
+            self.writeline("except TemplateNotFound:")
+            self.indent()
+            self.writeline("pass")
+            self.outdent()
+            self.writeline("else:")
+            self.indent()
+
+        skip_event_yield = False
+        if node.with_context:
+            self.writeline(
+                f"{self.choose_async()}for event in template.root_render_func("
+                "template.new_context(context.get_all(), True,"
+                f" {self.dump_local_context(frame)})):"
+            )
+        elif self.environment.is_async:
+            self.writeline(
+                "for event in (await template._get_default_module_async())"
+                "._body_stream:"
+            )
+        else:
+            self.writeline("yield from template._get_default_module()._body_stream")
+            skip_event_yield = True
+
+        if not skip_event_yield:
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        if node.ignore_missing:
+            self.outdent()
+
+    def _import_common(
+        self, node: t.Union[nodes.Import, nodes.FromImport], frame: Frame
+    ) -> None:
+        self.write(f"{self.choose_async('await ')}environment.get_template(")
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r}).")
+
+        if node.with_context:
+            f_name = f"make_module{self.choose_async('_async')}"
+            self.write(
+                f"{f_name}(context.get_all(), True, {self.dump_local_context(frame)})"
+            )
+        else:
+            self.write(f"_get_default_module{self.choose_async('_async')}(context)")
+
+    def visit_Import(self, node: nodes.Import, frame: Frame) -> None:
+        """Visit regular imports."""
+        self.writeline(f"{frame.symbols.ref(node.target)} = ", node)
+        if frame.toplevel:
+            self.write(f"context.vars[{node.target!r}] = ")
+
+        self._import_common(node, frame)
+
+        if frame.toplevel and not node.target.startswith("_"):
+            self.writeline(f"context.exported_vars.discard({node.target!r})")
+
+    def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
+        """Visit named imports."""
+        self.newline(node)
+        self.write("included_template = ")
+        self._import_common(node, frame)
+        var_names = []
+        discarded_names = []
+        for name in node.names:
+            if isinstance(name, tuple):
+                name, alias = name
+            else:
+                alias = name
+            self.writeline(
+                f"{frame.symbols.ref(alias)} ="
+                f" getattr(included_template, {name!r}, missing)"
+            )
+            self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
+            self.indent()
+            message = (
+                "the template {included_template.__name__!r}"
+                f" (imported on {self.position(node)})"
+                f" does not export the requested name {name!r}"
+            )
+            self.writeline(
+                f"{frame.symbols.ref(alias)} = undefined(f{message!r}, name={name!r})"
+            )
+            self.outdent()
+            if frame.toplevel:
+                var_names.append(alias)
+                if not alias.startswith("_"):
+                    discarded_names.append(alias)
+
+        if var_names:
+            if len(var_names) == 1:
+                name = var_names[0]
+                self.writeline(f"context.vars[{name!r}] = {frame.symbols.ref(name)}")
+            else:
+                names_kv = ", ".join(
+                    f"{name!r}: {frame.symbols.ref(name)}" for name in var_names
+                )
+                self.writeline(f"context.vars.update({{{names_kv}}})")
+        if discarded_names:
+            if len(discarded_names) == 1:
+                self.writeline(f"context.exported_vars.discard({discarded_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, discarded_names))
+                self.writeline(
+                    f"context.exported_vars.difference_update(({names_str}))"
+                )
+
+    def visit_For(self, node: nodes.For, frame: Frame) -> None:
+        loop_frame = frame.inner()
+        loop_frame.loop_frame = True
+        test_frame = frame.inner()
+        else_frame = frame.inner()
+
+        # try to figure out if we have an extended loop.  An extended loop
+        # is necessary if the loop is in recursive mode if the special loop
+        # variable is accessed in the body if the body is a scoped block.
+        extended_loop = (
+            node.recursive
+            or "loop"
+            in find_undeclared(node.iter_child_nodes(only=("body",)), ("loop",))
+            or any(block.scoped for block in node.find_all(nodes.Block))
+        )
+
+        loop_ref = None
+        if extended_loop:
+            loop_ref = loop_frame.symbols.declare_parameter("loop")
+
+        loop_frame.symbols.analyze_node(node, for_branch="body")
+        if node.else_:
+            else_frame.symbols.analyze_node(node, for_branch="else")
+
+        if node.test:
+            loop_filter_func = self.temporary_identifier()
+            test_frame.symbols.analyze_node(node, for_branch="test")
+            self.writeline(f"{self.func(loop_filter_func)}(fiter):", node.test)
+            self.indent()
+            self.enter_frame(test_frame)
+            self.writeline(self.choose_async("async for ", "for "))
+            self.visit(node.target, loop_frame)
+            self.write(" in ")
+            self.write(self.choose_async("auto_aiter(fiter)", "fiter"))
+            self.write(":")
+            self.indent()
+            self.writeline("if ", node.test)
+            self.visit(node.test, test_frame)
+            self.write(":")
+            self.indent()
+            self.writeline("yield ")
+            self.visit(node.target, loop_frame)
+            self.outdent(3)
+            self.leave_frame(test_frame, with_python_scope=True)
+
+        # if we don't have an recursive loop we have to find the shadowed
+        # variables at that point.  Because loops can be nested but the loop
+        # variable is a special one we have to enforce aliasing for it.
+        if node.recursive:
+            self.writeline(
+                f"{self.func('loop')}(reciter, loop_render_func, depth=0):", node
+            )
+            self.indent()
+            self.buffer(loop_frame)
+
+            # Use the same buffer for the else frame
+            else_frame.buffer = loop_frame.buffer
+
+        # make sure the loop variable is a special one and raise a template
+        # assertion error if a loop tries to write to loop
+        if extended_loop:
+            self.writeline(f"{loop_ref} = missing")
+
+        for name in node.find_all(nodes.Name):
+            if name.ctx == "store" and name.name == "loop":
+                self.fail(
+                    "Can't assign to special loop variable in for-loop target",
+                    name.lineno,
+                )
+
+        if node.else_:
+            iteration_indicator = self.temporary_identifier()
+            self.writeline(f"{iteration_indicator} = 1")
+
+        self.writeline(self.choose_async("async for ", "for "), node)
+        self.visit(node.target, loop_frame)
+        if extended_loop:
+            self.write(f", {loop_ref} in {self.choose_async('Async')}LoopContext(")
+        else:
+            self.write(" in ")
+
+        if node.test:
+            self.write(f"{loop_filter_func}(")
+        if node.recursive:
+            self.write("reciter")
+        else:
+            if self.environment.is_async and not extended_loop:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async and not extended_loop:
+                self.write(")")
+        if node.test:
+            self.write(")")
+
+        if node.recursive:
+            self.write(", undefined, loop_render_func, depth):")
+        else:
+            self.write(", undefined):" if extended_loop else ":")
+
+        self.indent()
+        self.enter_frame(loop_frame)
+
+        self.writeline("_loop_vars = {}")
+        self.blockvisit(node.body, loop_frame)
+        if node.else_:
+            self.writeline(f"{iteration_indicator} = 0")
+        self.outdent()
+        self.leave_frame(
+            loop_frame, with_python_scope=node.recursive and not node.else_
+        )
+
+        if node.else_:
+            self.writeline(f"if {iteration_indicator}:")
+            self.indent()
+            self.enter_frame(else_frame)
+            self.blockvisit(node.else_, else_frame)
+            self.leave_frame(else_frame)
+            self.outdent()
+
+        # if the node was recursive we have to return the buffer contents
+        # and start the iteration code
+        if node.recursive:
+            self.return_buffer_contents(loop_frame)
+            self.outdent()
+            self.start_write(frame, node)
+            self.write(f"{self.choose_async('await ')}loop(")
+            if self.environment.is_async:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async:
+                self.write(")")
+            self.write(", loop)")
+            self.end_write(frame)
+
+        # at the end of the iteration, clear any assignments made in the
+        # loop from the top level
+        if self._assign_stack:
+            self._assign_stack[-1].difference_update(loop_frame.symbols.stores)
+
+    def visit_If(self, node: nodes.If, frame: Frame) -> None:
+        if_frame = frame.soft()
+        self.writeline("if ", node)
+        self.visit(node.test, if_frame)
+        self.write(":")
+        self.indent()
+        self.blockvisit(node.body, if_frame)
+        self.outdent()
+        for elif_ in node.elif_:
+            self.writeline("elif ", elif_)
+            self.visit(elif_.test, if_frame)
+            self.write(":")
+            self.indent()
+            self.blockvisit(elif_.body, if_frame)
+            self.outdent()
+        if node.else_:
+            self.writeline("else:")
+            self.indent()
+            self.blockvisit(node.else_, if_frame)
+            self.outdent()
+
+    def visit_Macro(self, node: nodes.Macro, frame: Frame) -> None:
+        macro_frame, macro_ref = self.macro_body(node, frame)
+        self.newline()
+        if frame.toplevel:
+            if not node.name.startswith("_"):
+                self.write(f"context.exported_vars.add({node.name!r})")
+            self.writeline(f"context.vars[{node.name!r}] = ")
+        self.write(f"{frame.symbols.ref(node.name)} = ")
+        self.macro_def(macro_ref, macro_frame)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, frame: Frame) -> None:
+        call_frame, macro_ref = self.macro_body(node, frame)
+        self.writeline("caller = ")
+        self.macro_def(macro_ref, call_frame)
+        self.start_write(frame, node)
+        self.visit_Call(node.call, frame, forward_caller=True)
+        self.end_write(frame)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, frame: Frame) -> None:
+        filter_frame = frame.inner()
+        filter_frame.symbols.analyze_node(node)
+        self.enter_frame(filter_frame)
+        self.buffer(filter_frame)
+        self.blockvisit(node.body, filter_frame)
+        self.start_write(frame, node)
+        self.visit_Filter(node.filter, filter_frame)
+        self.end_write(frame)
+        self.leave_frame(filter_frame)
+
+    def visit_With(self, node: nodes.With, frame: Frame) -> None:
+        with_frame = frame.inner()
+        with_frame.symbols.analyze_node(node)
+        self.enter_frame(with_frame)
+        for target, expr in zip(node.targets, node.values):
+            self.newline()
+            self.visit(target, with_frame)
+            self.write(" = ")
+            self.visit(expr, frame)
+        self.blockvisit(node.body, with_frame)
+        self.leave_frame(with_frame)
+
+    def visit_ExprStmt(self, node: nodes.ExprStmt, frame: Frame) -> None:
+        self.newline(node)
+        self.visit(node.node, frame)
+
+    class _FinalizeInfo(t.NamedTuple):
+        const: t.Optional[t.Callable[..., str]]
+        src: t.Optional[str]
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        """The default finalize function if the environment isn't
+        configured with one. Or, if the environment has one, this is
+        called on that function's output for constants.
+        """
+        return str(value)
+
+    _finalize: t.Optional[_FinalizeInfo] = None
+
+    def _make_finalize(self) -> _FinalizeInfo:
+        """Build the finalize function to be used on constants and at
+        runtime. Cached so it's only created once for all output nodes.
+
+        Returns a ``namedtuple`` with the following attributes:
+
+        ``const``
+            A function to finalize constant data at compile time.
+
+        ``src``
+            Source code to output around nodes to be evaluated at
+            runtime.
+        """
+        if self._finalize is not None:
+            return self._finalize
+
+        finalize: t.Optional[t.Callable[..., t.Any]]
+        finalize = default = self._default_finalize
+        src = None
+
+        if self.environment.finalize:
+            src = "environment.finalize("
+            env_finalize = self.environment.finalize
+            pass_arg = {
+                _PassArg.context: "context",
+                _PassArg.eval_context: "context.eval_ctx",
+                _PassArg.environment: "environment",
+            }.get(
+                _PassArg.from_obj(env_finalize)  # type: ignore
+            )
+            finalize = None
+
+            if pass_arg is None:
+
+                def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                    return default(env_finalize(value))
+
+            else:
+                src = f"{src}{pass_arg}, "
+
+                if pass_arg == "environment":
+
+                    def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                        return default(env_finalize(self.environment, value))
+
+        self._finalize = self._FinalizeInfo(finalize, src)
+        return self._finalize
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        """Given a group of constant values converted from ``Output``
+        child nodes, produce a string to write to the template module
+        source.
+        """
+        return repr(concat(group))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> str:
+        """Try to optimize a child of an ``Output`` node by trying to
+        convert it to constant, finalized data at compile time.
+
+        If :exc:`Impossible` is raised, the node is not constant and
+        will be evaluated at runtime. Any other exception will also be
+        evaluated at runtime for easier debugging.
+        """
+        const = node.as_const(frame.eval_ctx)
+
+        if frame.eval_ctx.autoescape:
+            const = escape(const)
+
+        # Template data doesn't go through finalize.
+        if isinstance(node, nodes.TemplateData):
+            return str(const)
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code before visiting a child of an
+        ``Output`` node.
+        """
+        if frame.eval_ctx.volatile:
+            self.write("(escape if context.eval_ctx.autoescape else str)(")
+        elif frame.eval_ctx.autoescape:
+            self.write("escape(")
+        else:
+            self.write("str(")
+
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code after visiting a child of an
+        ``Output`` node.
+        """
+        self.write(")")
+
+        if finalize.src is not None:
+            self.write(")")
+
+    def visit_Output(self, node: nodes.Output, frame: Frame) -> None:
+        # If an extends is active, don't render outside a block.
+        if frame.require_output_check:
+            # A top-level extends is known to exist at compile time.
+            if self.has_known_extends:
+                return
+
+            self.writeline("if parent_template is None:")
+            self.indent()
+
+        finalize = self._make_finalize()
+        body: t.List[t.Union[t.List[t.Any], nodes.Expr]] = []
+
+        # Evaluate constants at compile time if possible. Each item in
+        # body will be either a list of static data or a node to be
+        # evaluated at runtime.
+        for child in node.nodes:
+            try:
+                if not (
+                    # If the finalize function requires runtime context,
+                    # constants can't be evaluated at compile time.
+                    finalize.const
+                    # Unless it's basic template data that won't be
+                    # finalized anyway.
+                    or isinstance(child, nodes.TemplateData)
+                ):
+                    raise nodes.Impossible()
+
+                const = self._output_child_to_const(child, frame, finalize)
+            except (nodes.Impossible, Exception):
+                # The node was not constant and needs to be evaluated at
+                # runtime. Or another error was raised, which is easier
+                # to debug at runtime.
+                body.append(child)
+                continue
+
+            if body and isinstance(body[-1], list):
+                body[-1].append(const)
+            else:
+                body.append([const])
+
+        if frame.buffer is not None:
+            if len(body) == 1:
+                self.writeline(f"{frame.buffer}.append(")
+            else:
+                self.writeline(f"{frame.buffer}.extend((")
+
+            self.indent()
+
+        for item in body:
+            if isinstance(item, list):
+                # A group of constant data to join and output.
+                val = self._output_const_repr(item)
+
+                if frame.buffer is None:
+                    self.writeline("yield " + val)
+                else:
+                    self.writeline(val + ",")
+            else:
+                if frame.buffer is None:
+                    self.writeline("yield ", item)
+                else:
+                    self.newline(item)
+
+                # A node to be evaluated at runtime.
+                self._output_child_pre(item, frame, finalize)
+                self.visit(item, frame)
+                self._output_child_post(item, frame, finalize)
+
+                if frame.buffer is not None:
+                    self.write(",")
+
+        if frame.buffer is not None:
+            self.outdent()
+            self.writeline(")" if len(body) == 1 else "))")
+
+        if frame.require_output_check:
+            self.outdent()
+
+    def visit_Assign(self, node: nodes.Assign, frame: Frame) -> None:
+        self.push_assign_tracking()
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = ")
+        self.visit(node.node, frame)
+        self.pop_assign_tracking(frame)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, frame: Frame) -> None:
+        self.push_assign_tracking()
+        block_frame = frame.inner()
+        # This is a special case.  Since a set block always captures we
+        # will disable output checks.  This way one can use set blocks
+        # toplevel even in extended templates.
+        block_frame.require_output_check = False
+        block_frame.symbols.analyze_node(node)
+        self.enter_frame(block_frame)
+        self.buffer(block_frame)
+        self.blockvisit(node.body, block_frame)
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = (Markup if context.eval_ctx.autoescape else identity)(")
+        if node.filter is not None:
+            self.visit_Filter(node.filter, block_frame)
+        else:
+            self.write(f"concat({block_frame.buffer})")
+        self.write(")")
+        self.pop_assign_tracking(frame)
+        self.leave_frame(block_frame)
+
+    # -- Expression Visitors
+
+    def visit_Name(self, node: nodes.Name, frame: Frame) -> None:
+        if node.ctx == "store" and (
+            frame.toplevel or frame.loop_frame or frame.block_frame
+        ):
+            if self._assign_stack:
+                self._assign_stack[-1].add(node.name)
+        ref = frame.symbols.ref(node.name)
+
+        # If we are looking up a variable we might have to deal with the
+        # case where it's undefined.  We can skip that case if the load
+        # instruction indicates a parameter which are always defined.
+        if node.ctx == "load":
+            load = frame.symbols.find_load(ref)
+            if not (
+                load is not None
+                and load[0] == VAR_LOAD_PARAMETER
+                and not self.parameter_is_undeclared(ref)
+            ):
+                self.write(
+                    f"(undefined(name={node.name!r}) if {ref} is missing else {ref})"
+                )
+                return
+
+        self.write(ref)
+
+    def visit_NSRef(self, node: nodes.NSRef, frame: Frame) -> None:
+        # NSRefs can only be used to store values; since they use the normal
+        # `foo.bar` notation they will be parsed as a normal attribute access
+        # when used anywhere but in a `set` context
+        ref = frame.symbols.ref(node.name)
+        self.writeline(f"if not isinstance({ref}, Namespace):")
+        self.indent()
+        self.writeline(
+            "raise TemplateRuntimeError"
+            '("cannot assign attribute on non-namespace object")'
+        )
+        self.outdent()
+        self.writeline(f"{ref}[{node.attr!r}]")
+
+    def visit_Const(self, node: nodes.Const, frame: Frame) -> None:
+        val = node.as_const(frame.eval_ctx)
+        if isinstance(val, float):
+            self.write(str(val))
+        else:
+            self.write(repr(val))
+
+    def visit_TemplateData(self, node: nodes.TemplateData, frame: Frame) -> None:
+        try:
+            self.write(repr(node.as_const(frame.eval_ctx)))
+        except nodes.Impossible:
+            self.write(
+                f"(Markup if context.eval_ctx.autoescape else identity)({node.data!r})"
+            )
+
+    def visit_Tuple(self, node: nodes.Tuple, frame: Frame) -> None:
+        self.write("(")
+        idx = -1
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write(",)" if idx == 0 else ")")
+
+    def visit_List(self, node: nodes.List, frame: Frame) -> None:
+        self.write("[")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write("]")
+
+    def visit_Dict(self, node: nodes.Dict, frame: Frame) -> None:
+        self.write("{")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item.key, frame)
+            self.write(": ")
+            self.visit(item.value, frame)
+        self.write("}")
+
+    visit_Add = _make_binop("+")
+    visit_Sub = _make_binop("-")
+    visit_Mul = _make_binop("*")
+    visit_Div = _make_binop("/")
+    visit_FloorDiv = _make_binop("//")
+    visit_Pow = _make_binop("**")
+    visit_Mod = _make_binop("%")
+    visit_And = _make_binop("and")
+    visit_Or = _make_binop("or")
+    visit_Pos = _make_unop("+")
+    visit_Neg = _make_unop("-")
+    visit_Not = _make_unop("not ")
+
+    @optimizeconst
+    def visit_Concat(self, node: nodes.Concat, frame: Frame) -> None:
+        if frame.eval_ctx.volatile:
+            func_name = "(markup_join if context.eval_ctx.volatile else str_join)"
+        elif frame.eval_ctx.autoescape:
+            func_name = "markup_join"
+        else:
+            func_name = "str_join"
+        self.write(f"{func_name}((")
+        for arg in node.nodes:
+            self.visit(arg, frame)
+            self.write(", ")
+        self.write("))")
+
+    @optimizeconst
+    def visit_Compare(self, node: nodes.Compare, frame: Frame) -> None:
+        self.write("(")
+        self.visit(node.expr, frame)
+        for op in node.ops:
+            self.visit(op, frame)
+        self.write(")")
+
+    def visit_Operand(self, node: nodes.Operand, frame: Frame) -> None:
+        self.write(f" {operators[node.op]} ")
+        self.visit(node.expr, frame)
+
+    @optimizeconst
+    def visit_Getattr(self, node: nodes.Getattr, frame: Frame) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        self.write("environment.getattr(")
+        self.visit(node.node, frame)
+        self.write(f", {node.attr!r})")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Getitem(self, node: nodes.Getitem, frame: Frame) -> None:
+        # slices bypass the environment getitem method.
+        if isinstance(node.arg, nodes.Slice):
+            self.visit(node.node, frame)
+            self.write("[")
+            self.visit(node.arg, frame)
+            self.write("]")
+        else:
+            if self.environment.is_async:
+                self.write("(await auto_await(")
+
+            self.write("environment.getitem(")
+            self.visit(node.node, frame)
+            self.write(", ")
+            self.visit(node.arg, frame)
+            self.write(")")
+
+            if self.environment.is_async:
+                self.write("))")
+
+    def visit_Slice(self, node: nodes.Slice, frame: Frame) -> None:
+        if node.start is not None:
+            self.visit(node.start, frame)
+        self.write(":")
+        if node.stop is not None:
+            self.visit(node.stop, frame)
+        if node.step is not None:
+            self.write(":")
+            self.visit(node.step, frame)
+
+    @contextmanager
+    def _filter_test_common(
+        self, node: t.Union[nodes.Filter, nodes.Test], frame: Frame, is_filter: bool
+    ) -> t.Iterator[None]:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        if is_filter:
+            self.write(f"{self.filters[node.name]}(")
+            func = self.environment.filters.get(node.name)
+        else:
+            self.write(f"{self.tests[node.name]}(")
+            func = self.environment.tests.get(node.name)
+
+        # When inside an If or CondExpr frame, allow the filter to be
+        # undefined at compile time and only raise an error if it's
+        # actually called at runtime. See pull_dependencies.
+        if func is None and not frame.soft_frame:
+            type_name = "filter" if is_filter else "test"
+            self.fail(f"No {type_name} named {node.name!r}.", node.lineno)
+
+        pass_arg = {
+            _PassArg.context: "context",
+            _PassArg.eval_context: "context.eval_ctx",
+            _PassArg.environment: "environment",
+        }.get(
+            _PassArg.from_obj(func)  # type: ignore
+        )
+
+        if pass_arg is not None:
+            self.write(f"{pass_arg}, ")
+
+        # Back to the visitor function to handle visiting the target of
+        # the filter or test.
+        yield
+
+        self.signature(node, frame)
+        self.write(")")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Filter(self, node: nodes.Filter, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, True):
+            # if the filter node is None we are inside a filter block
+            # and want to write to the current buffer
+            if node.node is not None:
+                self.visit(node.node, frame)
+            elif frame.eval_ctx.volatile:
+                self.write(
+                    f"(Markup(concat({frame.buffer}))"
+                    f" if context.eval_ctx.autoescape else concat({frame.buffer}))"
+                )
+            elif frame.eval_ctx.autoescape:
+                self.write(f"Markup(concat({frame.buffer}))")
+            else:
+                self.write(f"concat({frame.buffer})")
+
+    @optimizeconst
+    def visit_Test(self, node: nodes.Test, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, False):
+            self.visit(node.node, frame)
+
+    @optimizeconst
+    def visit_CondExpr(self, node: nodes.CondExpr, frame: Frame) -> None:
+        frame = frame.soft()
+
+        def write_expr2() -> None:
+            if node.expr2 is not None:
+                self.visit(node.expr2, frame)
+                return
+
+            self.write(
+                f'cond_expr_undefined("the inline if-expression on'
+                f" {self.position(node)} evaluated to false and no else"
+                f' section was defined.")'
+            )
+
+        self.write("(")
+        self.visit(node.expr1, frame)
+        self.write(" if ")
+        self.visit(node.test, frame)
+        self.write(" else ")
+        write_expr2()
+        self.write(")")
+
+    @optimizeconst
+    def visit_Call(
+        self, node: nodes.Call, frame: Frame, forward_caller: bool = False
+    ) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+        if self.environment.sandboxed:
+            self.write("environment.call(context, ")
+        else:
+            self.write("context.call(")
+        self.visit(node.node, frame)
+        extra_kwargs = {"caller": "caller"} if forward_caller else None
+        loop_kwargs = {"_loop_vars": "_loop_vars"} if frame.loop_frame else {}
+        block_kwargs = {"_block_vars": "_block_vars"} if frame.block_frame else {}
+        if extra_kwargs:
+            extra_kwargs.update(loop_kwargs, **block_kwargs)
+        elif loop_kwargs or block_kwargs:
+            extra_kwargs = dict(loop_kwargs, **block_kwargs)
+        self.signature(node, frame, extra_kwargs)
+        self.write(")")
+        if self.environment.is_async:
+            self.write("))")
+
+    def visit_Keyword(self, node: nodes.Keyword, frame: Frame) -> None:
+        self.write(node.key + "=")
+        self.visit(node.value, frame)
+
+    # -- Unused nodes for extensions
+
+    def visit_MarkSafe(self, node: nodes.MarkSafe, frame: Frame) -> None:
+        self.write("Markup(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_MarkSafeIfAutoescape(
+        self, node: nodes.MarkSafeIfAutoescape, frame: Frame
+    ) -> None:
+        self.write("(Markup if context.eval_ctx.autoescape else identity)(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_EnvironmentAttribute(
+        self, node: nodes.EnvironmentAttribute, frame: Frame
+    ) -> None:
+        self.write("environment." + node.name)
+
+    def visit_ExtensionAttribute(
+        self, node: nodes.ExtensionAttribute, frame: Frame
+    ) -> None:
+        self.write(f"environment.extensions[{node.identifier!r}].{node.name}")
+
+    def visit_ImportedName(self, node: nodes.ImportedName, frame: Frame) -> None:
+        self.write(self.import_aliases[node.importname])
+
+    def visit_InternalName(self, node: nodes.InternalName, frame: Frame) -> None:
+        self.write(node.name)
+
+    def visit_ContextReference(
+        self, node: nodes.ContextReference, frame: Frame
+    ) -> None:
+        self.write("context")
+
+    def visit_DerivedContextReference(
+        self, node: nodes.DerivedContextReference, frame: Frame
+    ) -> None:
+        self.write(self.derive_context(frame))
+
+    def visit_Continue(self, node: nodes.Continue, frame: Frame) -> None:
+        self.writeline("continue", node)
+
+    def visit_Break(self, node: nodes.Break, frame: Frame) -> None:
+        self.writeline("break", node)
+
+    def visit_Scope(self, node: nodes.Scope, frame: Frame) -> None:
+        scope_frame = frame.inner()
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, frame: Frame) -> None:
+        ctx = self.temporary_identifier()
+        self.writeline(f"{ctx} = {self.derive_context(frame)}")
+        self.writeline(f"{ctx}.vars = ")
+        self.visit(node.context, frame)
+        self.push_context_reference(ctx)
+
+        scope_frame = frame.inner(isolated=True)
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+        self.pop_context_reference()
+
+    def visit_EvalContextModifier(
+        self, node: nodes.EvalContextModifier, frame: Frame
+    ) -> None:
+        for keyword in node.options:
+            self.writeline(f"context.eval_ctx.{keyword.key} = ")
+            self.visit(keyword.value, frame)
+            try:
+                val = keyword.value.as_const(frame.eval_ctx)
+            except nodes.Impossible:
+                frame.eval_ctx.volatile = True
+            else:
+                setattr(frame.eval_ctx, keyword.key, val)
+
+    def visit_ScopedEvalContextModifier(
+        self, node: nodes.ScopedEvalContextModifier, frame: Frame
+    ) -> None:
+        old_ctx_name = self.temporary_identifier()
+        saved_ctx = frame.eval_ctx.save()
+        self.writeline(f"{old_ctx_name} = context.eval_ctx.save()")
+        self.visit_EvalContextModifier(node, frame)
+        for child in node.body:
+            self.visit(child, frame)
+        frame.eval_ctx.revert(saved_ctx)
+        self.writeline(f"context.eval_ctx.revert({old_ctx_name})")
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/constants.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/constants.py
new file mode 100644
index 000000000..41a1c23b0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/constants.py
@@ -0,0 +1,20 @@
+#: list of lorem ipsum words used by the lipsum() helper function
+LOREM_IPSUM_WORDS = """\
+a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at
+auctor augue bibendum blandit class commodo condimentum congue consectetuer
+consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus
+diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend
+elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames
+faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac
+hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum
+justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem
+luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie
+mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non
+nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque
+penatibus per pharetra phasellus placerat platea porta porttitor posuere
+potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus
+ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit
+sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor
+tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices
+ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus
+viverra volutpat vulputate"""
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/debug.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/debug.py
new file mode 100644
index 000000000..7ed7e9297
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/debug.py
@@ -0,0 +1,191 @@
+import sys
+import typing as t
+from types import CodeType
+from types import TracebackType
+
+from .exceptions import TemplateSyntaxError
+from .utils import internal_code
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    from .runtime import Context
+
+
+def rewrite_traceback_stack(source: t.Optional[str] = None) -> BaseException:
+    """Rewrite the current exception to replace any tracebacks from
+    within compiled template code with tracebacks that look like they
+    came from the template source.
+
+    This must be called within an ``except`` block.
+
+    :param source: For ``TemplateSyntaxError``, the original source if
+        known.
+    :return: The original exception with the rewritten traceback.
+    """
+    _, exc_value, tb = sys.exc_info()
+    exc_value = t.cast(BaseException, exc_value)
+    tb = t.cast(TracebackType, tb)
+
+    if isinstance(exc_value, TemplateSyntaxError) and not exc_value.translated:
+        exc_value.translated = True
+        exc_value.source = source
+        # Remove the old traceback, otherwise the frames from the
+        # compiler still show up.
+        exc_value.with_traceback(None)
+        # Outside of runtime, so the frame isn't executing template
+        # code, but it still needs to point at the template.
+        tb = fake_traceback(
+            exc_value, None, exc_value.filename or "<unknown>", exc_value.lineno
+        )
+    else:
+        # Skip the frame for the render function.
+        tb = tb.tb_next
+
+    stack = []
+
+    # Build the stack of traceback object, replacing any in template
+    # code with the source file and line information.
+    while tb is not None:
+        # Skip frames decorated with @internalcode. These are internal
+        # calls that aren't useful in template debugging output.
+        if tb.tb_frame.f_code in internal_code:
+            tb = tb.tb_next
+            continue
+
+        template = tb.tb_frame.f_globals.get("__jinja_template__")
+
+        if template is not None:
+            lineno = template.get_corresponding_lineno(tb.tb_lineno)
+            fake_tb = fake_traceback(exc_value, tb, template.filename, lineno)
+            stack.append(fake_tb)
+        else:
+            stack.append(tb)
+
+        tb = tb.tb_next
+
+    tb_next = None
+
+    # Assign tb_next in reverse to avoid circular references.
+    for tb in reversed(stack):
+        tb.tb_next = tb_next
+        tb_next = tb
+
+    return exc_value.with_traceback(tb_next)
+
+
+def fake_traceback(  # type: ignore
+    exc_value: BaseException, tb: t.Optional[TracebackType], filename: str, lineno: int
+) -> TracebackType:
+    """Produce a new traceback object that looks like it came from the
+    template source instead of the compiled code. The filename, line
+    number, and location name will point to the template, and the local
+    variables will be the current template context.
+
+    :param exc_value: The original exception to be re-raised to create
+        the new traceback.
+    :param tb: The original traceback to get the local variables and
+        code info from.
+    :param filename: The template filename.
+    :param lineno: The line number in the template source.
+    """
+    if tb is not None:
+        # Replace the real locals with the context that would be
+        # available at that point in the template.
+        locals = get_template_locals(tb.tb_frame.f_locals)
+        locals.pop("__jinja_exception__", None)
+    else:
+        locals = {}
+
+    globals = {
+        "__name__": filename,
+        "__file__": filename,
+        "__jinja_exception__": exc_value,
+    }
+    # Raise an exception at the correct line number.
+    code: CodeType = compile(
+        "\n" * (lineno - 1) + "raise __jinja_exception__", filename, "exec"
+    )
+
+    # Build a new code object that points to the template file and
+    # replaces the location with a block name.
+    location = "template"
+
+    if tb is not None:
+        function = tb.tb_frame.f_code.co_name
+
+        if function == "root":
+            location = "top-level template code"
+        elif function.startswith("block_"):
+            location = f"block {function[6:]!r}"
+
+    if sys.version_info >= (3, 8):
+        code = code.replace(co_name=location)
+    else:
+        code = CodeType(
+            code.co_argcount,
+            code.co_kwonlyargcount,
+            code.co_nlocals,
+            code.co_stacksize,
+            code.co_flags,
+            code.co_code,
+            code.co_consts,
+            code.co_names,
+            code.co_varnames,
+            code.co_filename,
+            location,
+            code.co_firstlineno,
+            code.co_lnotab,
+            code.co_freevars,
+            code.co_cellvars,
+        )
+
+    # Execute the new code, which is guaranteed to raise, and return
+    # the new traceback without this frame.
+    try:
+        exec(code, globals, locals)
+    except BaseException:
+        return sys.exc_info()[2].tb_next  # type: ignore
+
+
+def get_template_locals(real_locals: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    """Based on the runtime locals, get the context that would be
+    available at that point in the template.
+    """
+    # Start with the current template context.
+    ctx: "t.Optional[Context]" = real_locals.get("context")
+
+    if ctx is not None:
+        data: t.Dict[str, t.Any] = ctx.get_all().copy()
+    else:
+        data = {}
+
+    # Might be in a derived context that only sets local variables
+    # rather than pushing a context. Local variables follow the scheme
+    # l_depth_name. Find the highest-depth local that has a value for
+    # each name.
+    local_overrides: t.Dict[str, t.Tuple[int, t.Any]] = {}
+
+    for name, value in real_locals.items():
+        if not name.startswith("l_") or value is missing:
+            # Not a template variable, or no longer relevant.
+            continue
+
+        try:
+            _, depth_str, name = name.split("_", 2)
+            depth = int(depth_str)
+        except ValueError:
+            continue
+
+        cur_depth = local_overrides.get(name, (-1,))[0]
+
+        if cur_depth < depth:
+            local_overrides[name] = (depth, value)
+
+    # Modify the context with any derived context.
+    for name, (_, value) in local_overrides.items():
+        if value is missing:
+            data.pop(name, None)
+        else:
+            data[name] = value
+
+    return data
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/defaults.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/defaults.py
new file mode 100644
index 000000000..638cad3d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/defaults.py
@@ -0,0 +1,48 @@
+import typing as t
+
+from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
+from .tests import TESTS as DEFAULT_TESTS  # noqa: F401
+from .utils import Cycler
+from .utils import generate_lorem_ipsum
+from .utils import Joiner
+from .utils import Namespace
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+# defaults for the parser / lexer
+BLOCK_START_STRING = "{%"
+BLOCK_END_STRING = "%}"
+VARIABLE_START_STRING = "{{"
+VARIABLE_END_STRING = "}}"
+COMMENT_START_STRING = "{#"
+COMMENT_END_STRING = "#}"
+LINE_STATEMENT_PREFIX: t.Optional[str] = None
+LINE_COMMENT_PREFIX: t.Optional[str] = None
+TRIM_BLOCKS = False
+LSTRIP_BLOCKS = False
+NEWLINE_SEQUENCE: "te.Literal['\\n', '\\r\\n', '\\r']" = "\n"
+KEEP_TRAILING_NEWLINE = False
+
+# default filters, tests and namespace
+
+DEFAULT_NAMESPACE = {
+    "range": range,
+    "dict": dict,
+    "lipsum": generate_lorem_ipsum,
+    "cycler": Cycler,
+    "joiner": Joiner,
+    "namespace": Namespace,
+}
+
+# default policies
+DEFAULT_POLICIES: t.Dict[str, t.Any] = {
+    "compiler.ascii_str": True,
+    "urlize.rel": "noopener",
+    "urlize.target": None,
+    "urlize.extra_schemes": None,
+    "truncate.leeway": 5,
+    "json.dumps_function": None,
+    "json.dumps_kwargs": {"sort_keys": True},
+    "ext.i18n.trimmed": False,
+}
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/environment.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/environment.py
new file mode 100644
index 000000000..1d3be0bed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/environment.py
@@ -0,0 +1,1675 @@
+"""Classes for managing templates and their runtime and compile time
+options.
+"""
+
+import os
+import typing
+import typing as t
+import weakref
+from collections import ChainMap
+from functools import lru_cache
+from functools import partial
+from functools import reduce
+from types import CodeType
+
+from markupsafe import Markup
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import generate
+from .defaults import BLOCK_END_STRING
+from .defaults import BLOCK_START_STRING
+from .defaults import COMMENT_END_STRING
+from .defaults import COMMENT_START_STRING
+from .defaults import DEFAULT_FILTERS  # type: ignore[attr-defined]
+from .defaults import DEFAULT_NAMESPACE
+from .defaults import DEFAULT_POLICIES
+from .defaults import DEFAULT_TESTS  # type: ignore[attr-defined]
+from .defaults import KEEP_TRAILING_NEWLINE
+from .defaults import LINE_COMMENT_PREFIX
+from .defaults import LINE_STATEMENT_PREFIX
+from .defaults import LSTRIP_BLOCKS
+from .defaults import NEWLINE_SEQUENCE
+from .defaults import TRIM_BLOCKS
+from .defaults import VARIABLE_END_STRING
+from .defaults import VARIABLE_START_STRING
+from .exceptions import TemplateNotFound
+from .exceptions import TemplateRuntimeError
+from .exceptions import TemplatesNotFound
+from .exceptions import TemplateSyntaxError
+from .exceptions import UndefinedError
+from .lexer import get_lexer
+from .lexer import Lexer
+from .lexer import TokenStream
+from .nodes import EvalContext
+from .parser import Parser
+from .runtime import Context
+from .runtime import new_context
+from .runtime import Undefined
+from .utils import _PassArg
+from .utils import concat
+from .utils import consume
+from .utils import import_string
+from .utils import internalcode
+from .utils import LRUCache
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .bccache import BytecodeCache
+    from .ext import Extension
+    from .loaders import BaseLoader
+
+_env_bound = t.TypeVar("_env_bound", bound="Environment")
+
+
+# for direct template usage we have up to ten living environments
+@lru_cache(maxsize=10)
+def get_spontaneous_environment(cls: t.Type[_env_bound], *args: t.Any) -> _env_bound:
+    """Return a new spontaneous environment. A spontaneous environment
+    is used for templates created directly rather than through an
+    existing environment.
+
+    :param cls: Environment class to create.
+    :param args: Positional arguments passed to environment.
+    """
+    env = cls(*args)
+    env.shared = True
+    return env
+
+
+def create_cache(
+    size: int,
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Return the cache class for the given size."""
+    if size == 0:
+        return None
+
+    if size < 0:
+        return {}
+
+    return LRUCache(size)  # type: ignore
+
+
+def copy_cache(
+    cache: t.Optional[t.MutableMapping[t.Any, t.Any]],
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Create an empty copy of the given cache."""
+    if cache is None:
+        return None
+
+    if type(cache) is dict:  # noqa E721
+        return {}
+
+    return LRUCache(cache.capacity)  # type: ignore
+
+
+def load_extensions(
+    environment: "Environment",
+    extensions: t.Sequence[t.Union[str, t.Type["Extension"]]],
+) -> t.Dict[str, "Extension"]:
+    """Load the extensions from the list and bind it to the environment.
+    Returns a dict of instantiated extensions.
+    """
+    result = {}
+
+    for extension in extensions:
+        if isinstance(extension, str):
+            extension = t.cast(t.Type["Extension"], import_string(extension))
+
+        result[extension.identifier] = extension(environment)
+
+    return result
+
+
+def _environment_config_check(environment: "Environment") -> "Environment":
+    """Perform a sanity check on the environment."""
+    assert issubclass(
+        environment.undefined, Undefined
+    ), "'undefined' must be a subclass of 'jinja2.Undefined'."
+    assert (
+        environment.block_start_string
+        != environment.variable_start_string
+        != environment.comment_start_string
+    ), "block, variable and comment start strings must be different."
+    assert environment.newline_sequence in {
+        "\r",
+        "\r\n",
+        "\n",
+    }, "'newline_sequence' must be one of '\\n', '\\r\\n', or '\\r'."
+    return environment
+
+
+class Environment:
+    r"""The core component of Jinja is the `Environment`.  It contains
+    important shared variables like configuration, filters, tests,
+    globals and others.  Instances of this class may be modified if
+    they are not shared and if no template was loaded so far.
+    Modifications on environments after the first template was loaded
+    will lead to surprising effects and undefined behavior.
+
+    Here are the possible initialization parameters:
+
+        `block_start_string`
+            The string marking the beginning of a block.  Defaults to ``'{%'``.
+
+        `block_end_string`
+            The string marking the end of a block.  Defaults to ``'%}'``.
+
+        `variable_start_string`
+            The string marking the beginning of a print statement.
+            Defaults to ``'{{'``.
+
+        `variable_end_string`
+            The string marking the end of a print statement.  Defaults to
+            ``'}}'``.
+
+        `comment_start_string`
+            The string marking the beginning of a comment.  Defaults to ``'{#'``.
+
+        `comment_end_string`
+            The string marking the end of a comment.  Defaults to ``'#}'``.
+
+        `line_statement_prefix`
+            If given and a string, this will be used as prefix for line based
+            statements.  See also :ref:`line-statements`.
+
+        `line_comment_prefix`
+            If given and a string, this will be used as prefix for line based
+            comments.  See also :ref:`line-statements`.
+
+            .. versionadded:: 2.2
+
+        `trim_blocks`
+            If this is set to ``True`` the first newline after a block is
+            removed (block, not variable tag!).  Defaults to `False`.
+
+        `lstrip_blocks`
+            If this is set to ``True`` leading spaces and tabs are stripped
+            from the start of a line to a block.  Defaults to `False`.
+
+        `newline_sequence`
+            The sequence that starts a newline.  Must be one of ``'\r'``,
+            ``'\n'`` or ``'\r\n'``.  The default is ``'\n'`` which is a
+            useful default for Linux and OS X systems as well as web
+            applications.
+
+        `keep_trailing_newline`
+            Preserve the trailing newline when rendering templates.
+            The default is ``False``, which causes a single newline,
+            if present, to be stripped from the end of the template.
+
+            .. versionadded:: 2.7
+
+        `extensions`
+            List of Jinja extensions to use.  This can either be import paths
+            as strings or extension classes.  For more information have a
+            look at :ref:`the extensions documentation <jinja-extensions>`.
+
+        `optimized`
+            should the optimizer be enabled?  Default is ``True``.
+
+        `undefined`
+            :class:`Undefined` or a subclass of it that is used to represent
+            undefined values in the template.
+
+        `finalize`
+            A callable that can be used to process the result of a variable
+            expression before it is output.  For example one can convert
+            ``None`` implicitly into an empty string here.
+
+        `autoescape`
+            If set to ``True`` the XML/HTML autoescaping feature is enabled by
+            default.  For more details about autoescaping see
+            :class:`~markupsafe.Markup`.  As of Jinja 2.4 this can also
+            be a callable that is passed the template name and has to
+            return ``True`` or ``False`` depending on autoescape should be
+            enabled by default.
+
+            .. versionchanged:: 2.4
+               `autoescape` can now be a function
+
+        `loader`
+            The template loader for this environment.
+
+        `cache_size`
+            The size of the cache.  Per default this is ``400`` which means
+            that if more than 400 templates are loaded the loader will clean
+            out the least recently used template.  If the cache size is set to
+            ``0`` templates are recompiled all the time, if the cache size is
+            ``-1`` the cache will not be cleaned.
+
+            .. versionchanged:: 2.8
+               The cache size was increased to 400 from a low 50.
+
+        `auto_reload`
+            Some loaders load templates from locations where the template
+            sources may change (ie: file system or database).  If
+            ``auto_reload`` is set to ``True`` (default) every time a template is
+            requested the loader checks if the source changed and if yes, it
+            will reload the template.  For higher performance it's possible to
+            disable that.
+
+        `bytecode_cache`
+            If set to a bytecode cache object, this object will provide a
+            cache for the internal Jinja bytecode so that templates don't
+            have to be parsed if they were not changed.
+
+            See :ref:`bytecode-cache` for more information.
+
+        `enable_async`
+            If set to true this enables async template execution which
+            allows using async functions and generators.
+    """
+
+    #: if this environment is sandboxed.  Modifying this variable won't make
+    #: the environment sandboxed though.  For a real sandboxed environment
+    #: have a look at jinja2.sandbox.  This flag alone controls the code
+    #: generation by the compiler.
+    sandboxed = False
+
+    #: True if the environment is just an overlay
+    overlayed = False
+
+    #: the environment this environment is linked to if it is an overlay
+    linked_to: t.Optional["Environment"] = None
+
+    #: shared environments have this set to `True`.  A shared environment
+    #: must not be modified
+    shared = False
+
+    #: the class that is used for code generation.  See
+    #: :class:`~jinja2.compiler.CodeGenerator` for more information.
+    code_generator_class: t.Type["CodeGenerator"] = CodeGenerator
+
+    concat = "".join
+
+    #: the context class that is used for templates.  See
+    #: :class:`~jinja2.runtime.Context` for more information.
+    context_class: t.Type[Context] = Context
+
+    template_class: t.Type["Template"]
+
+    def __init__(
+        self,
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        loader: t.Optional["BaseLoader"] = None,
+        cache_size: int = 400,
+        auto_reload: bool = True,
+        bytecode_cache: t.Optional["BytecodeCache"] = None,
+        enable_async: bool = False,
+    ):
+        # !!Important notice!!
+        #   The constructor accepts quite a few arguments that should be
+        #   passed by keyword rather than position.  However it's important to
+        #   not change the order of arguments because it's used at least
+        #   internally in those cases:
+        #       -   spontaneous environments (i18n extension and Template)
+        #       -   unittests
+        #   If parameter changes are required only add parameters at the end
+        #   and don't change the arguments (or the defaults!) of the arguments
+        #   existing already.
+
+        # lexer / parser information
+        self.block_start_string = block_start_string
+        self.block_end_string = block_end_string
+        self.variable_start_string = variable_start_string
+        self.variable_end_string = variable_end_string
+        self.comment_start_string = comment_start_string
+        self.comment_end_string = comment_end_string
+        self.line_statement_prefix = line_statement_prefix
+        self.line_comment_prefix = line_comment_prefix
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
+        self.newline_sequence = newline_sequence
+        self.keep_trailing_newline = keep_trailing_newline
+
+        # runtime information
+        self.undefined: t.Type[Undefined] = undefined
+        self.optimized = optimized
+        self.finalize = finalize
+        self.autoescape = autoescape
+
+        # defaults
+        self.filters = DEFAULT_FILTERS.copy()
+        self.tests = DEFAULT_TESTS.copy()
+        self.globals = DEFAULT_NAMESPACE.copy()
+
+        # set the loader provided
+        self.loader = loader
+        self.cache = create_cache(cache_size)
+        self.bytecode_cache = bytecode_cache
+        self.auto_reload = auto_reload
+
+        # configurable policies
+        self.policies = DEFAULT_POLICIES.copy()
+
+        # load extensions
+        self.extensions = load_extensions(self, extensions)
+
+        self.is_async = enable_async
+        _environment_config_check(self)
+
+    def add_extension(self, extension: t.Union[str, t.Type["Extension"]]) -> None:
+        """Adds an extension after the environment was created.
+
+        .. versionadded:: 2.5
+        """
+        self.extensions.update(load_extensions(self, [extension]))
+
+    def extend(self, **attributes: t.Any) -> None:
+        """Add the items to the instance of the environment if they do not exist
+        yet.  This is used by :ref:`extensions <writing-extensions>` to register
+        callbacks and configuration values without breaking inheritance.
+        """
+        for key, value in attributes.items():
+            if not hasattr(self, key):
+                setattr(self, key, value)
+
+    def overlay(
+        self,
+        block_start_string: str = missing,
+        block_end_string: str = missing,
+        variable_start_string: str = missing,
+        variable_end_string: str = missing,
+        comment_start_string: str = missing,
+        comment_end_string: str = missing,
+        line_statement_prefix: t.Optional[str] = missing,
+        line_comment_prefix: t.Optional[str] = missing,
+        trim_blocks: bool = missing,
+        lstrip_blocks: bool = missing,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = missing,
+        keep_trailing_newline: bool = missing,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = missing,
+        optimized: bool = missing,
+        undefined: t.Type[Undefined] = missing,
+        finalize: t.Optional[t.Callable[..., t.Any]] = missing,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = missing,
+        loader: t.Optional["BaseLoader"] = missing,
+        cache_size: int = missing,
+        auto_reload: bool = missing,
+        bytecode_cache: t.Optional["BytecodeCache"] = missing,
+        enable_async: bool = False,
+    ) -> "Environment":
+        """Create a new overlay environment that shares all the data with the
+        current environment except for cache and the overridden attributes.
+        Extensions cannot be removed for an overlayed environment.  An overlayed
+        environment automatically gets all the extensions of the environment it
+        is linked to plus optional extra extensions.
+
+        Creating overlays should happen after the initial environment was set
+        up completely.  Not all attributes are truly linked, some are just
+        copied over so modifications on the original environment may not shine
+        through.
+
+        .. versionchanged:: 3.1.2
+            Added the ``newline_sequence``,, ``keep_trailing_newline``,
+            and ``enable_async`` parameters to match ``__init__``.
+        """
+        args = dict(locals())
+        del args["self"], args["cache_size"], args["extensions"], args["enable_async"]
+
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.overlayed = True
+        rv.linked_to = self
+
+        for key, value in args.items():
+            if value is not missing:
+                setattr(rv, key, value)
+
+        if cache_size is not missing:
+            rv.cache = create_cache(cache_size)
+        else:
+            rv.cache = copy_cache(self.cache)
+
+        rv.extensions = {}
+        for key, value in self.extensions.items():
+            rv.extensions[key] = value.bind(rv)
+        if extensions is not missing:
+            rv.extensions.update(load_extensions(rv, extensions))
+
+        if enable_async is not missing:
+            rv.is_async = enable_async
+
+        return _environment_config_check(rv)
+
+    @property
+    def lexer(self) -> Lexer:
+        """The lexer for this environment."""
+        return get_lexer(self)
+
+    def iter_extensions(self) -> t.Iterator["Extension"]:
+        """Iterates over the extensions by priority."""
+        return iter(sorted(self.extensions.values(), key=lambda x: x.priority))
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Get an item or attribute of an object but prefer the item."""
+        try:
+            return obj[argument]
+        except (AttributeError, TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        return getattr(obj, attr)
+                    except AttributeError:
+                        pass
+            return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Any:
+        """Get an item or attribute of an object but prefer the attribute.
+        Unlike :meth:`getitem` the attribute *must* be a string.
+        """
+        try:
+            return getattr(obj, attribute)
+        except AttributeError:
+            pass
+        try:
+            return obj[attribute]
+        except (TypeError, LookupError, AttributeError):
+            return self.undefined(obj=obj, name=attribute)
+
+    def _filter_test_common(
+        self,
+        name: t.Union[str, Undefined],
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]],
+        kwargs: t.Optional[t.Mapping[str, t.Any]],
+        context: t.Optional[Context],
+        eval_ctx: t.Optional[EvalContext],
+        is_filter: bool,
+    ) -> t.Any:
+        if is_filter:
+            env_map = self.filters
+            type_name = "filter"
+        else:
+            env_map = self.tests
+            type_name = "test"
+
+        func = env_map.get(name)  # type: ignore
+
+        if func is None:
+            msg = f"No {type_name} named {name!r}."
+
+            if isinstance(name, Undefined):
+                try:
+                    name._fail_with_undefined_error()
+                except Exception as e:
+                    msg = f"{msg} ({e}; did you forget to quote the callable name?)"
+
+            raise TemplateRuntimeError(msg)
+
+        args = [value, *(args if args is not None else ())]
+        kwargs = kwargs if kwargs is not None else {}
+        pass_arg = _PassArg.from_obj(func)
+
+        if pass_arg is _PassArg.context:
+            if context is None:
+                raise TemplateRuntimeError(
+                    f"Attempted to invoke a context {type_name} without context."
+                )
+
+            args.insert(0, context)
+        elif pass_arg is _PassArg.eval_context:
+            if eval_ctx is None:
+                if context is not None:
+                    eval_ctx = context.eval_ctx
+                else:
+                    eval_ctx = EvalContext(self)
+
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, self)
+
+        return func(*args, **kwargs)
+
+    def call_filter(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a filter on a value the same way the compiler does.
+
+        This might return a coroutine if the filter is running from an
+        environment in async mode and the filter supports async
+        execution. It's your responsibility to await this if needed.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, True
+        )
+
+    def call_test(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a test on a value the same way the compiler does.
+
+        This might return a coroutine if the test is running from an
+        environment in async mode and the test supports async execution.
+        It's your responsibility to await this if needed.
+
+        .. versionchanged:: 3.0
+            Tests support ``@pass_context``, etc. decorators. Added
+            the ``context`` and ``eval_ctx`` parameters.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, False
+        )
+
+    @internalcode
+    def parse(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> nodes.Template:
+        """Parse the sourcecode and return the abstract syntax tree.  This
+        tree of nodes is used by the compiler to convert the template into
+        executable source- or bytecode.  This is useful for debugging or to
+        extract information from templates.
+
+        If you are :ref:`developing Jinja extensions <writing-extensions>`
+        this gives you a good overview of the node tree generated.
+        """
+        try:
+            return self._parse(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def _parse(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str]
+    ) -> nodes.Template:
+        """Internal parsing function used by `parse` and `compile`."""
+        return Parser(self, source, name, filename).parse()
+
+    def lex(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """Lex the given sourcecode and return a generator that yields
+        tokens as tuples in the form ``(lineno, token_type, value)``.
+        This can be useful for :ref:`extension development <writing-extensions>`
+        and debugging templates.
+
+        This does not perform preprocessing.  If you want the preprocessing
+        of the extensions to be applied you have to filter source through
+        the :meth:`preprocess` method.
+        """
+        source = str(source)
+        try:
+            return self.lexer.tokeniter(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def preprocess(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> str:
+        """Preprocesses the source with all extensions.  This is automatically
+        called for all parsing and compiling methods but *not* for :meth:`lex`
+        because there you usually only want the actual source tokenized.
+        """
+        return reduce(
+            lambda s, e: e.preprocess(s, name, filename),
+            self.iter_extensions(),
+            str(source),
+        )
+
+    def _tokenize(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Called by the parser to do the preprocessing and filtering
+        for all the extensions.  Returns a :class:`~jinja2.lexer.TokenStream`.
+        """
+        source = self.preprocess(source, name, filename)
+        stream = self.lexer.tokenize(source, name, filename, state)
+
+        for ext in self.iter_extensions():
+            stream = ext.filter_stream(stream)  # type: ignore
+
+            if not isinstance(stream, TokenStream):
+                stream = TokenStream(stream, name, filename)
+
+        return stream
+
+    def _generate(
+        self,
+        source: nodes.Template,
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        defer_init: bool = False,
+    ) -> str:
+        """Internal hook that can be overridden to hook a different generate
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return generate(  # type: ignore
+            source,
+            self,
+            name,
+            filename,
+            defer_init=defer_init,
+            optimized=self.optimized,
+        )
+
+    def _compile(self, source: str, filename: str) -> CodeType:
+        """Internal hook that can be overridden to hook a different compile
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return compile(source, filename, "exec")
+
+    @typing.overload
+    def compile(  # type: ignore
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[False]" = False,
+        defer_init: bool = False,
+    ) -> CodeType: ...
+
+    @typing.overload
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[True]" = ...,
+        defer_init: bool = False,
+    ) -> str: ...
+
+    @internalcode
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: bool = False,
+        defer_init: bool = False,
+    ) -> t.Union[str, CodeType]:
+        """Compile a node or template source code.  The `name` parameter is
+        the load name of the template after it was joined using
+        :meth:`join_path` if necessary, not the filename on the file system.
+        the `filename` parameter is the estimated filename of the template on
+        the file system.  If the template came from a database or memory this
+        can be omitted.
+
+        The return value of this method is a python code object.  If the `raw`
+        parameter is `True` the return value will be a string with python
+        code equivalent to the bytecode returned otherwise.  This method is
+        mainly used internally.
+
+        `defer_init` is use internally to aid the module code generator.  This
+        causes the generated code to be able to import without the global
+        environment variable to be set.
+
+        .. versionadded:: 2.4
+           `defer_init` parameter added.
+        """
+        source_hint = None
+        try:
+            if isinstance(source, str):
+                source_hint = source
+                source = self._parse(source, name, filename)
+            source = self._generate(source, name, filename, defer_init=defer_init)
+            if raw:
+                return source
+            if filename is None:
+                filename = "<template>"
+            return self._compile(source, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source_hint)
+
+    def compile_expression(
+        self, source: str, undefined_to_none: bool = True
+    ) -> "TemplateExpression":
+        """A handy helper method that returns a callable that accepts keyword
+        arguments that appear as variables in the expression.  If called it
+        returns the result of the expression.
+
+        This is useful if applications want to use the same rules as Jinja
+        in template "configuration files" or similar situations.
+
+        Example usage:
+
+        >>> env = Environment()
+        >>> expr = env.compile_expression('foo == 42')
+        >>> expr(foo=23)
+        False
+        >>> expr(foo=42)
+        True
+
+        Per default the return value is converted to `None` if the
+        expression returns an undefined value.  This can be changed
+        by setting `undefined_to_none` to `False`.
+
+        >>> env.compile_expression('var')() is None
+        True
+        >>> env.compile_expression('var', undefined_to_none=False)()
+        Undefined
+
+        .. versionadded:: 2.1
+        """
+        parser = Parser(self, source, state="variable")
+        try:
+            expr = parser.parse_expression()
+            if not parser.stream.eos:
+                raise TemplateSyntaxError(
+                    "chunk after expression", parser.stream.current.lineno, None, None
+                )
+            expr.set_environment(self)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+        body = [nodes.Assign(nodes.Name("result", "store"), expr, lineno=1)]
+        template = self.from_string(nodes.Template(body, lineno=1))
+        return TemplateExpression(template, undefined_to_none)
+
+    def compile_templates(
+        self,
+        target: t.Union[str, "os.PathLike[str]"],
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+        zip: t.Optional[str] = "deflated",
+        log_function: t.Optional[t.Callable[[str], None]] = None,
+        ignore_errors: bool = True,
+    ) -> None:
+        """Finds all the templates the loader can find, compiles them
+        and stores them in `target`.  If `zip` is `None`, instead of in a
+        zipfile, the templates will be stored in a directory.
+        By default a deflate zip algorithm is used. To switch to
+        the stored algorithm, `zip` can be set to ``'stored'``.
+
+        `extensions` and `filter_func` are passed to :meth:`list_templates`.
+        Each template returned will be compiled to the target folder or
+        zipfile.
+
+        By default template compilation errors are ignored.  In case a
+        log function is provided, errors are logged.  If you want template
+        syntax errors to abort the compilation you can set `ignore_errors`
+        to `False` and you will get an exception on syntax errors.
+
+        .. versionadded:: 2.4
+        """
+        from .loaders import ModuleLoader
+
+        if log_function is None:
+
+            def log_function(x: str) -> None:
+                pass
+
+        assert log_function is not None
+        assert self.loader is not None, "No loader configured."
+
+        def write_file(filename: str, data: str) -> None:
+            if zip:
+                info = ZipInfo(filename)
+                info.external_attr = 0o755 << 16
+                zip_file.writestr(info, data)
+            else:
+                with open(os.path.join(target, filename), "wb") as f:
+                    f.write(data.encode("utf8"))
+
+        if zip is not None:
+            from zipfile import ZIP_DEFLATED
+            from zipfile import ZIP_STORED
+            from zipfile import ZipFile
+            from zipfile import ZipInfo
+
+            zip_file = ZipFile(
+                target, "w", dict(deflated=ZIP_DEFLATED, stored=ZIP_STORED)[zip]
+            )
+            log_function(f"Compiling into Zip archive {target!r}")
+        else:
+            if not os.path.isdir(target):
+                os.makedirs(target)
+            log_function(f"Compiling into folder {target!r}")
+
+        try:
+            for name in self.list_templates(extensions, filter_func):
+                source, filename, _ = self.loader.get_source(self, name)
+                try:
+                    code = self.compile(source, name, filename, True, True)
+                except TemplateSyntaxError as e:
+                    if not ignore_errors:
+                        raise
+                    log_function(f'Could not compile "{name}": {e}')
+                    continue
+
+                filename = ModuleLoader.get_module_filename(name)
+
+                write_file(filename, code)
+                log_function(f'Compiled "{name}" as {filename}')
+        finally:
+            if zip:
+                zip_file.close()
+
+        log_function("Finished compiling templates")
+
+    def list_templates(
+        self,
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+    ) -> t.List[str]:
+        """Returns a list of templates for this environment.  This requires
+        that the loader supports the loader's
+        :meth:`~BaseLoader.list_templates` method.
+
+        If there are other files in the template folder besides the
+        actual templates, the returned list can be filtered.  There are two
+        ways: either `extensions` is set to a list of file extensions for
+        templates, or a `filter_func` can be provided which is a callable that
+        is passed a template name and should return `True` if it should end up
+        in the result list.
+
+        If the loader does not support that, a :exc:`TypeError` is raised.
+
+        .. versionadded:: 2.4
+        """
+        assert self.loader is not None, "No loader configured."
+        names = self.loader.list_templates()
+
+        if extensions is not None:
+            if filter_func is not None:
+                raise TypeError(
+                    "either extensions or filter_func can be passed, but not both"
+                )
+
+            def filter_func(x: str) -> bool:
+                return "." in x and x.rsplit(".", 1)[1] in extensions
+
+        if filter_func is not None:
+            names = [name for name in names if filter_func(name)]
+
+        return names
+
+    def handle_exception(self, source: t.Optional[str] = None) -> "te.NoReturn":
+        """Exception handling helper.  This is used internally to either raise
+        rewritten exceptions or return a rendered traceback for the template.
+        """
+        from .debug import rewrite_traceback_stack
+
+        raise rewrite_traceback_stack(source=source)
+
+    def join_path(self, template: str, parent: str) -> str:
+        """Join a template with the parent.  By default all the lookups are
+        relative to the loader root so this method returns the `template`
+        parameter unchanged, but if the paths should be relative to the
+        parent template, this function can be used to calculate the real
+        template name.
+
+        Subclasses may override this method and implement template path
+        joining here.
+        """
+        return template
+
+    @internalcode
+    def _load_template(
+        self, name: str, globals: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> "Template":
+        if self.loader is None:
+            raise TypeError("no loader for this environment specified")
+        cache_key = (weakref.ref(self.loader), name)
+        if self.cache is not None:
+            template = self.cache.get(cache_key)
+            if template is not None and (
+                not self.auto_reload or template.is_up_to_date
+            ):
+                # template.globals is a ChainMap, modifying it will only
+                # affect the template, not the environment globals.
+                if globals:
+                    template.globals.update(globals)
+
+                return template
+
+        template = self.loader.load(self, name, self.make_globals(globals))
+
+        if self.cache is not None:
+            self.cache[cache_key] = template
+        return template
+
+    @internalcode
+    def get_template(
+        self,
+        name: t.Union[str, "Template"],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Load a template by name with :attr:`loader` and return a
+        :class:`Template`. If the template does not exist a
+        :exc:`TemplateNotFound` exception is raised.
+
+        :param name: Name of the template to load. When loading
+            templates from the filesystem, "/" is used as the path
+            separator, even on Windows.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.4
+            If ``name`` is a :class:`Template` object it is returned
+            unchanged.
+        """
+        if isinstance(name, Template):
+            return name
+        if parent is not None:
+            name = self.join_path(name, parent)
+
+        return self._load_template(name, globals)
+
+    @internalcode
+    def select_template(
+        self,
+        names: t.Iterable[t.Union[str, "Template"]],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Like :meth:`get_template`, but tries loading multiple names.
+        If none of the names can be loaded a :exc:`TemplatesNotFound`
+        exception is raised.
+
+        :param names: List of template names to try loading in order.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.11
+            If ``names`` is :class:`Undefined`, an :exc:`UndefinedError`
+            is raised instead. If no templates were found and ``names``
+            contains :class:`Undefined`, the message is more helpful.
+
+        .. versionchanged:: 2.4
+            If ``names`` contains a :class:`Template` object it is
+            returned unchanged.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(names, Undefined):
+            names._fail_with_undefined_error()
+
+        if not names:
+            raise TemplatesNotFound(
+                message="Tried to select from an empty list of templates."
+            )
+
+        for name in names:
+            if isinstance(name, Template):
+                return name
+            if parent is not None:
+                name = self.join_path(name, parent)
+            try:
+                return self._load_template(name, globals)
+            except (TemplateNotFound, UndefinedError):
+                pass
+        raise TemplatesNotFound(names)  # type: ignore
+
+    @internalcode
+    def get_or_select_template(
+        self,
+        template_name_or_list: t.Union[
+            str, "Template", t.List[t.Union[str, "Template"]]
+        ],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Use :meth:`select_template` if an iterable of template names
+        is given, or :meth:`get_template` if one name is given.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(template_name_or_list, (str, Undefined)):
+            return self.get_template(template_name_or_list, parent, globals)
+        elif isinstance(template_name_or_list, Template):
+            return template_name_or_list
+        return self.select_template(template_name_or_list, parent, globals)
+
+    def from_string(
+        self,
+        source: t.Union[str, nodes.Template],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        template_class: t.Optional[t.Type["Template"]] = None,
+    ) -> "Template":
+        """Load a template from a source string without using
+        :attr:`loader`.
+
+        :param source: Jinja source to compile into a template.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+        :param template_class: Return an instance of this
+            :class:`Template` class.
+        """
+        gs = self.make_globals(globals)
+        cls = template_class or self.template_class
+        return cls.from_code(self, self.compile(source), gs, None)
+
+    def make_globals(
+        self, d: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> t.MutableMapping[str, t.Any]:
+        """Make the globals map for a template. Any given template
+        globals overlay the environment :attr:`globals`.
+
+        Returns a :class:`collections.ChainMap`. This allows any changes
+        to a template's globals to only affect that template, while
+        changes to the environment's globals are still reflected.
+        However, avoid modifying any globals after a template is loaded.
+
+        :param d: Dict of template-specific globals.
+
+        .. versionchanged:: 3.0
+            Use :class:`collections.ChainMap` to always prevent mutating
+            environment globals.
+        """
+        if d is None:
+            d = {}
+
+        return ChainMap(d, self.globals)
+
+
+class Template:
+    """A compiled template that can be rendered.
+
+    Use the methods on :class:`Environment` to create or load templates.
+    The environment is used to configure how templates are compiled and
+    behave.
+
+    It is also possible to create a template object directly. This is
+    not usually recommended. The constructor takes most of the same
+    arguments as :class:`Environment`. All templates created with the
+    same environment arguments share the same ephemeral ``Environment``
+    instance behind the scenes.
+
+    A template object should be considered immutable. Modifications on
+    the object are not supported.
+    """
+
+    #: Type of environment to create when creating a template directly
+    #: rather than through an existing environment.
+    environment_class: t.Type[Environment] = Environment
+
+    environment: Environment
+    globals: t.MutableMapping[str, t.Any]
+    name: t.Optional[str]
+    filename: t.Optional[str]
+    blocks: t.Dict[str, t.Callable[[Context], t.Iterator[str]]]
+    root_render_func: t.Callable[[Context], t.Iterator[str]]
+    _module: t.Optional["TemplateModule"]
+    _debug_info: str
+    _uptodate: t.Optional[t.Callable[[], bool]]
+
+    def __new__(
+        cls,
+        source: t.Union[str, nodes.Template],
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        enable_async: bool = False,
+    ) -> t.Any:  # it returns a `Template`, but this breaks the sphinx build...
+        env = get_spontaneous_environment(
+            cls.environment_class,  # type: ignore
+            block_start_string,
+            block_end_string,
+            variable_start_string,
+            variable_end_string,
+            comment_start_string,
+            comment_end_string,
+            line_statement_prefix,
+            line_comment_prefix,
+            trim_blocks,
+            lstrip_blocks,
+            newline_sequence,
+            keep_trailing_newline,
+            frozenset(extensions),
+            optimized,
+            undefined,  # type: ignore
+            finalize,
+            autoescape,
+            None,
+            0,
+            False,
+            None,
+            enable_async,
+        )
+        return env.from_string(source, template_class=cls)
+
+    @classmethod
+    def from_code(
+        cls,
+        environment: Environment,
+        code: CodeType,
+        globals: t.MutableMapping[str, t.Any],
+        uptodate: t.Optional[t.Callable[[], bool]] = None,
+    ) -> "Template":
+        """Creates a template object from compiled code and the globals.  This
+        is used by the loaders and environment to create a template object.
+        """
+        namespace = {"environment": environment, "__file__": code.co_filename}
+        exec(code, namespace)
+        rv = cls._from_namespace(environment, namespace, globals)
+        rv._uptodate = uptodate
+        return rv
+
+    @classmethod
+    def from_module_dict(
+        cls,
+        environment: Environment,
+        module_dict: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        """Creates a template object from a module.  This is used by the
+        module loader to create a template object.
+
+        .. versionadded:: 2.4
+        """
+        return cls._from_namespace(environment, module_dict, globals)
+
+    @classmethod
+    def _from_namespace(
+        cls,
+        environment: Environment,
+        namespace: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        t: "Template" = object.__new__(cls)
+        t.environment = environment
+        t.globals = globals
+        t.name = namespace["name"]
+        t.filename = namespace["__file__"]
+        t.blocks = namespace["blocks"]
+
+        # render function and module
+        t.root_render_func = namespace["root"]
+        t._module = None
+
+        # debug and loader helpers
+        t._debug_info = namespace["debug_info"]
+        t._uptodate = None
+
+        # store the reference
+        namespace["environment"] = environment
+        namespace["__jinja_template__"] = t
+
+        return t
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This method accepts the same arguments as the `dict` constructor:
+        A dict, a dict subclass or some keyword arguments.  If no arguments
+        are given the context will be empty.  These two calls do the same::
+
+            template.render(knights='that say nih')
+            template.render({'knights': 'that say nih'})
+
+        This will return the rendered template as a string.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            close = False
+
+            try:
+                loop = asyncio.get_running_loop()
+            except RuntimeError:
+                loop = asyncio.new_event_loop()
+                close = True
+
+            try:
+                return loop.run_until_complete(self.render_async(*args, **kwargs))
+            finally:
+                if close:
+                    loop.close()
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(self.root_render_func(ctx))  # type: ignore
+        except Exception:
+            self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This works similar to :meth:`render` but returns a coroutine
+        that when awaited returns the entire rendered template string.  This
+        requires the async feature to be enabled.
+
+        Example usage::
+
+            await template.render_async(knights='that say nih; asynchronously')
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    def stream(self, *args: t.Any, **kwargs: t.Any) -> "TemplateStream":
+        """Works exactly like :meth:`generate` but returns a
+        :class:`TemplateStream`.
+        """
+        return TemplateStream(self.generate(*args, **kwargs))
+
+    def generate(self, *args: t.Any, **kwargs: t.Any) -> t.Iterator[str]:
+        """For very large templates it can be useful to not render the whole
+        template at once but evaluate each statement after another and yield
+        piece for piece.  This method basically does exactly that and returns
+        a generator that yields one item after another as strings.
+
+        It accepts the same arguments as :meth:`render`.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            async def to_list() -> t.List[str]:
+                return [x async for x in self.generate_async(*args, **kwargs)]
+
+            yield from asyncio.run(to_list())
+            return
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            yield from self.root_render_func(ctx)
+        except Exception:
+            yield self.environment.handle_exception()
+
+    async def generate_async(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.AsyncIterator[str]:
+        """An async version of :meth:`generate`.  Works very similarly but
+        returns an async iterator instead.
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            async for event in self.root_render_func(ctx):  # type: ignore
+                yield event
+        except Exception:
+            yield self.environment.handle_exception()
+
+    def new_context(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> Context:
+        """Create a new :class:`Context` for this template.  The vars
+        provided will be passed to the template.  Per default the globals
+        are added to the context.  If shared is set to `True` the data
+        is passed as is to the context without adding the globals.
+
+        `locals` can be a dict of local variables for internal usage.
+        """
+        return new_context(
+            self.environment, self.name, self.blocks, vars, shared, self.globals, locals
+        )
+
+    def make_module(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """This method works like the :attr:`module` attribute when called
+        without arguments but it will evaluate the template on every call
+        rather than caching it.  It's also possible to provide
+        a dict which is then used as context.  The arguments are the same
+        as for the :meth:`new_context` method.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(self, ctx)
+
+    async def make_module_async(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """As template module creation can invoke template code for
+        asynchronous executions this method must be used instead of the
+        normal :meth:`make_module` one.  Likewise the module attribute
+        becomes unavailable in async mode.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(
+            self,
+            ctx,
+            [x async for x in self.root_render_func(ctx)],  # type: ignore
+        )
+
+    @internalcode
+    def _get_default_module(self, ctx: t.Optional[Context] = None) -> "TemplateModule":
+        """If a context is passed in, this means that the template was
+        imported. Imported templates have access to the current
+        template's globals by default, but they can only be accessed via
+        the context during runtime.
+
+        If there are new globals, we need to create a new module because
+        the cached module is already rendered and will not have access
+        to globals from the current context. This new module is not
+        cached because the template can be imported elsewhere, and it
+        should have access to only the current template's globals.
+        """
+        if self.environment.is_async:
+            raise RuntimeError("Module is not available in async mode.")
+
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return self.make_module({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = self.make_module()
+
+        return self._module
+
+    async def _get_default_module_async(
+        self, ctx: t.Optional[Context] = None
+    ) -> "TemplateModule":
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return await self.make_module_async({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = await self.make_module_async()
+
+        return self._module
+
+    @property
+    def module(self) -> "TemplateModule":
+        """The template as module.  This is used for imports in the
+        template runtime but is also useful if one wants to access
+        exported template variables from the Python layer:
+
+        >>> t = Template('{% macro foo() %}42{% endmacro %}23')
+        >>> str(t.module)
+        '23'
+        >>> t.module.foo() == u'42'
+        True
+
+        This attribute is not available if async mode is enabled.
+        """
+        return self._get_default_module()
+
+    def get_corresponding_lineno(self, lineno: int) -> int:
+        """Return the source line number of a line number in the
+        generated bytecode as they are not in sync.
+        """
+        for template_line, code_line in reversed(self.debug_info):
+            if code_line <= lineno:
+                return template_line
+        return 1
+
+    @property
+    def is_up_to_date(self) -> bool:
+        """If this variable is `False` there is a newer version available."""
+        if self._uptodate is None:
+            return True
+        return self._uptodate()
+
+    @property
+    def debug_info(self) -> t.List[t.Tuple[int, int]]:
+        """The debug info mapping."""
+        if self._debug_info:
+            return [
+                tuple(map(int, x.split("=")))  # type: ignore
+                for x in self._debug_info.split("&")
+            ]
+
+        return []
+
+    def __repr__(self) -> str:
+        if self.name is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateModule:
+    """Represents an imported template.  All the exported names of the
+    template are available as attributes on this object.  Additionally
+    converting it into a string renders the contents.
+    """
+
+    def __init__(
+        self,
+        template: Template,
+        context: Context,
+        body_stream: t.Optional[t.Iterable[str]] = None,
+    ) -> None:
+        if body_stream is None:
+            if context.environment.is_async:
+                raise RuntimeError(
+                    "Async mode requires a body stream to be passed to"
+                    " a template module. Use the async methods of the"
+                    " API you are using."
+                )
+
+            body_stream = list(template.root_render_func(context))
+
+        self._body_stream = body_stream
+        self.__dict__.update(context.get_exported())
+        self.__name__ = template.name
+
+    def __html__(self) -> Markup:
+        return Markup(concat(self._body_stream))
+
+    def __str__(self) -> str:
+        return concat(self._body_stream)
+
+    def __repr__(self) -> str:
+        if self.__name__ is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.__name__)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateExpression:
+    """The :meth:`jinja2.Environment.compile_expression` method returns an
+    instance of this object.  It encapsulates the expression-like access
+    to the template with an expression it wraps.
+    """
+
+    def __init__(self, template: Template, undefined_to_none: bool) -> None:
+        self._template = template
+        self._undefined_to_none = undefined_to_none
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Optional[t.Any]:
+        context = self._template.new_context(dict(*args, **kwargs))
+        consume(self._template.root_render_func(context))
+        rv = context.vars["result"]
+        if self._undefined_to_none and isinstance(rv, Undefined):
+            rv = None
+        return rv
+
+
+class TemplateStream:
+    """A template stream works pretty much like an ordinary python generator
+    but it can buffer multiple items to reduce the number of total iterations.
+    Per default the output is unbuffered which means that for every unbuffered
+    instruction in the template one string is yielded.
+
+    If buffering is enabled with a buffer size of 5, five items are combined
+    into a new string.  This is mainly useful if you are streaming
+    big templates to a client via WSGI which flushes after each iteration.
+    """
+
+    def __init__(self, gen: t.Iterator[str]) -> None:
+        self._gen = gen
+        self.disable_buffering()
+
+    def dump(
+        self,
+        fp: t.Union[str, t.IO[bytes]],
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+    ) -> None:
+        """Dump the complete stream into a file or file-like object.
+        Per default strings are written, if you want to encode
+        before writing specify an `encoding`.
+
+        Example usage::
+
+            Template('Hello {{ name }}!').stream(name='foo').dump('hello.html')
+        """
+        close = False
+
+        if isinstance(fp, str):
+            if encoding is None:
+                encoding = "utf-8"
+
+            real_fp: t.IO[bytes] = open(fp, "wb")
+            close = True
+        else:
+            real_fp = fp
+
+        try:
+            if encoding is not None:
+                iterable = (x.encode(encoding, errors) for x in self)  # type: ignore
+            else:
+                iterable = self  # type: ignore
+
+            if hasattr(real_fp, "writelines"):
+                real_fp.writelines(iterable)
+            else:
+                for item in iterable:
+                    real_fp.write(item)
+        finally:
+            if close:
+                real_fp.close()
+
+    def disable_buffering(self) -> None:
+        """Disable the output buffering."""
+        self._next = partial(next, self._gen)
+        self.buffered = False
+
+    def _buffered_generator(self, size: int) -> t.Iterator[str]:
+        buf: t.List[str] = []
+        c_size = 0
+        push = buf.append
+
+        while True:
+            try:
+                while c_size < size:
+                    c = next(self._gen)
+                    push(c)
+                    if c:
+                        c_size += 1
+            except StopIteration:
+                if not c_size:
+                    return
+            yield concat(buf)
+            del buf[:]
+            c_size = 0
+
+    def enable_buffering(self, size: int = 5) -> None:
+        """Enable buffering.  Buffer `size` items before yielding them."""
+        if size <= 1:
+            raise ValueError("buffer size too small")
+
+        self.buffered = True
+        self._next = partial(next, self._buffered_generator(size))
+
+    def __iter__(self) -> "TemplateStream":
+        return self
+
+    def __next__(self) -> str:
+        return self._next()  # type: ignore
+
+
+# hook in default template class.  if anyone reads this comment: ignore that
+# it's possible to use custom templates ;-)
+Environment.template_class = Template
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/exceptions.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/exceptions.py
new file mode 100644
index 000000000..082ebe8f2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/exceptions.py
@@ -0,0 +1,166 @@
+import typing as t
+
+if t.TYPE_CHECKING:
+    from .runtime import Undefined
+
+
+class TemplateError(Exception):
+    """Baseclass for all template errors."""
+
+    def __init__(self, message: t.Optional[str] = None) -> None:
+        super().__init__(message)
+
+    @property
+    def message(self) -> t.Optional[str]:
+        return self.args[0] if self.args else None
+
+
+class TemplateNotFound(IOError, LookupError, TemplateError):
+    """Raised if a template does not exist.
+
+    .. versionchanged:: 2.11
+        If the given name is :class:`Undefined` and no message was
+        provided, an :exc:`UndefinedError` is raised.
+    """
+
+    # Silence the Python warning about message being deprecated since
+    # it's not valid here.
+    message: t.Optional[str] = None
+
+    def __init__(
+        self,
+        name: t.Optional[t.Union[str, "Undefined"]],
+        message: t.Optional[str] = None,
+    ) -> None:
+        IOError.__init__(self, name)
+
+        if message is None:
+            from .runtime import Undefined
+
+            if isinstance(name, Undefined):
+                name._fail_with_undefined_error()
+
+            message = name
+
+        self.message = message
+        self.name = name
+        self.templates = [name]
+
+    def __str__(self) -> str:
+        return str(self.message)
+
+
+class TemplatesNotFound(TemplateNotFound):
+    """Like :class:`TemplateNotFound` but raised if multiple templates
+    are selected.  This is a subclass of :class:`TemplateNotFound`
+    exception, so just catching the base exception will catch both.
+
+    .. versionchanged:: 2.11
+        If a name in the list of names is :class:`Undefined`, a message
+        about it being undefined is shown rather than the empty string.
+
+    .. versionadded:: 2.2
+    """
+
+    def __init__(
+        self,
+        names: t.Sequence[t.Union[str, "Undefined"]] = (),
+        message: t.Optional[str] = None,
+    ) -> None:
+        if message is None:
+            from .runtime import Undefined
+
+            parts = []
+
+            for name in names:
+                if isinstance(name, Undefined):
+                    parts.append(name._undefined_message)
+                else:
+                    parts.append(name)
+
+            parts_str = ", ".join(map(str, parts))
+            message = f"none of the templates given were found: {parts_str}"
+
+        super().__init__(names[-1] if names else None, message)
+        self.templates = list(names)
+
+
+class TemplateSyntaxError(TemplateError):
+    """Raised to tell the user that there is a problem with the template."""
+
+    def __init__(
+        self,
+        message: str,
+        lineno: int,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message)
+        self.lineno = lineno
+        self.name = name
+        self.filename = filename
+        self.source: t.Optional[str] = None
+
+        # this is set to True if the debug.translate_syntax_error
+        # function translated the syntax error into a new traceback
+        self.translated = False
+
+    def __str__(self) -> str:
+        # for translated errors we only return the message
+        if self.translated:
+            return t.cast(str, self.message)
+
+        # otherwise attach some stuff
+        location = f"line {self.lineno}"
+        name = self.filename or self.name
+        if name:
+            location = f'File "{name}", {location}'
+        lines = [t.cast(str, self.message), "  " + location]
+
+        # if the source is set, add the line to the output
+        if self.source is not None:
+            try:
+                line = self.source.splitlines()[self.lineno - 1]
+            except IndexError:
+                pass
+            else:
+                lines.append("    " + line.strip())
+
+        return "\n".join(lines)
+
+    def __reduce__(self):  # type: ignore
+        # https://bugs.python.org/issue1692335 Exceptions that take
+        # multiple required arguments have problems with pickling.
+        # Without this, raises TypeError: __init__() missing 1 required
+        # positional argument: 'lineno'
+        return self.__class__, (self.message, self.lineno, self.name, self.filename)
+
+
+class TemplateAssertionError(TemplateSyntaxError):
+    """Like a template syntax error, but covers cases where something in the
+    template caused an error at compile time that wasn't necessarily caused
+    by a syntax error.  However it's a direct subclass of
+    :exc:`TemplateSyntaxError` and has the same attributes.
+    """
+
+
+class TemplateRuntimeError(TemplateError):
+    """A generic runtime error in the template engine.  Under some situations
+    Jinja may raise this exception.
+    """
+
+
+class UndefinedError(TemplateRuntimeError):
+    """Raised if a template tries to operate on :class:`Undefined`."""
+
+
+class SecurityError(TemplateRuntimeError):
+    """Raised if a template tries to do something insecure if the
+    sandbox is enabled.
+    """
+
+
+class FilterArgumentError(TemplateRuntimeError):
+    """This error is raised if a filter was called with inappropriate
+    arguments
+    """
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/ext.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/ext.py
new file mode 100644
index 000000000..8d0810cd4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/ext.py
@@ -0,0 +1,870 @@
+"""Extension API for adding custom tags and behavior."""
+
+import pprint
+import re
+import typing as t
+
+from markupsafe import Markup
+
+from . import defaults
+from . import nodes
+from .environment import Environment
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .runtime import concat  # type: ignore
+from .runtime import Context
+from .runtime import Undefined
+from .utils import import_string
+from .utils import pass_context
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .lexer import Token
+    from .lexer import TokenStream
+    from .parser import Parser
+
+    class _TranslationsBasic(te.Protocol):
+        def gettext(self, message: str) -> str: ...
+
+        def ngettext(self, singular: str, plural: str, n: int) -> str:
+            pass
+
+    class _TranslationsContext(_TranslationsBasic):
+        def pgettext(self, context: str, message: str) -> str: ...
+
+        def npgettext(
+            self, context: str, singular: str, plural: str, n: int
+        ) -> str: ...
+
+    _SupportedTranslations = t.Union[_TranslationsBasic, _TranslationsContext]
+
+
+# I18N functions available in Jinja templates. If the I18N library
+# provides ugettext, it will be assigned to gettext.
+GETTEXT_FUNCTIONS: t.Tuple[str, ...] = (
+    "_",
+    "gettext",
+    "ngettext",
+    "pgettext",
+    "npgettext",
+)
+_ws_re = re.compile(r"\s*\n\s*")
+
+
+class Extension:
+    """Extensions can be used to add extra functionality to the Jinja template
+    system at the parser level.  Custom extensions are bound to an environment
+    but may not store environment specific data on `self`.  The reason for
+    this is that an extension can be bound to another environment (for
+    overlays) by creating a copy and reassigning the `environment` attribute.
+
+    As extensions are created by the environment they cannot accept any
+    arguments for configuration.  One may want to work around that by using
+    a factory function, but that is not possible as extensions are identified
+    by their import name.  The correct way to configure the extension is
+    storing the configuration values on the environment.  Because this way the
+    environment ends up acting as central configuration storage the
+    attributes may clash which is why extensions have to ensure that the names
+    they choose for configuration are not too generic.  ``prefix`` for example
+    is a terrible name, ``fragment_cache_prefix`` on the other hand is a good
+    name as includes the name of the extension (fragment cache).
+    """
+
+    identifier: t.ClassVar[str]
+
+    def __init_subclass__(cls) -> None:
+        cls.identifier = f"{cls.__module__}.{cls.__name__}"
+
+    #: if this extension parses this is the list of tags it's listening to.
+    tags: t.Set[str] = set()
+
+    #: the priority of that extension.  This is especially useful for
+    #: extensions that preprocess values.  A lower value means higher
+    #: priority.
+    #:
+    #: .. versionadded:: 2.4
+    priority = 100
+
+    def __init__(self, environment: Environment) -> None:
+        self.environment = environment
+
+    def bind(self, environment: Environment) -> "Extension":
+        """Create a copy of this extension bound to another environment."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.environment = environment
+        return rv
+
+    def preprocess(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str] = None
+    ) -> str:
+        """This method is called before the actual lexing and can be used to
+        preprocess the source.  The `filename` is optional.  The return value
+        must be the preprocessed source.
+        """
+        return source
+
+    def filter_stream(
+        self, stream: "TokenStream"
+    ) -> t.Union["TokenStream", t.Iterable["Token"]]:
+        """It's passed a :class:`~jinja2.lexer.TokenStream` that can be used
+        to filter tokens returned.  This method has to return an iterable of
+        :class:`~jinja2.lexer.Token`\\s, but it doesn't have to return a
+        :class:`~jinja2.lexer.TokenStream`.
+        """
+        return stream
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """If any of the :attr:`tags` matched this method is called with the
+        parser as first argument.  The token the parser stream is pointing at
+        is the name token that matched.  This method has to return one or a
+        list of multiple nodes.
+        """
+        raise NotImplementedError()
+
+    def attr(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> nodes.ExtensionAttribute:
+        """Return an attribute node for the current extension.  This is useful
+        to pass constants on extensions to generated template code.
+
+        ::
+
+            self.attr('_my_attribute', lineno=lineno)
+        """
+        return nodes.ExtensionAttribute(self.identifier, name, lineno=lineno)
+
+    def call_method(
+        self,
+        name: str,
+        args: t.Optional[t.List[nodes.Expr]] = None,
+        kwargs: t.Optional[t.List[nodes.Keyword]] = None,
+        dyn_args: t.Optional[nodes.Expr] = None,
+        dyn_kwargs: t.Optional[nodes.Expr] = None,
+        lineno: t.Optional[int] = None,
+    ) -> nodes.Call:
+        """Call a method of the extension.  This is a shortcut for
+        :meth:`attr` + :class:`jinja2.nodes.Call`.
+        """
+        if args is None:
+            args = []
+        if kwargs is None:
+            kwargs = []
+        return nodes.Call(
+            self.attr(name, lineno=lineno),
+            args,
+            kwargs,
+            dyn_args,
+            dyn_kwargs,
+            lineno=lineno,
+        )
+
+
+@pass_context
+def _gettext_alias(
+    __context: Context, *args: t.Any, **kwargs: t.Any
+) -> t.Union[t.Any, Undefined]:
+    return __context.call(__context.resolve("gettext"), *args, **kwargs)
+
+
+def _make_new_gettext(func: t.Callable[[str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def gettext(__context: Context, __string: str, **variables: t.Any) -> str:
+        rv = __context.call(func, __string)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, even if there are no
+        # variables. This makes translation strings more consistent
+        # and predictable. This requires escaping
+        return rv % variables  # type: ignore
+
+    return gettext
+
+
+def _make_new_ngettext(func: t.Callable[[str, str, int], str]) -> t.Callable[..., str]:
+    @pass_context
+    def ngettext(
+        __context: Context,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __singular, __plural, __num)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return ngettext
+
+
+def _make_new_pgettext(func: t.Callable[[str, str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def pgettext(
+        __context: Context, __string_ctx: str, __string: str, **variables: t.Any
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        rv = __context.call(func, __string_ctx, __string)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return pgettext
+
+
+def _make_new_npgettext(
+    func: t.Callable[[str, str, str, int], str],
+) -> t.Callable[..., str]:
+    @pass_context
+    def npgettext(
+        __context: Context,
+        __string_ctx: str,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __string_ctx, __singular, __plural, __num)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return npgettext
+
+
+class InternationalizationExtension(Extension):
+    """This extension adds gettext support to Jinja."""
+
+    tags = {"trans"}
+
+    # TODO: the i18n extension is currently reevaluating values in a few
+    # situations.  Take this example:
+    #   {% trans count=something() %}{{ count }} foo{% pluralize
+    #     %}{{ count }} fooss{% endtrans %}
+    # something is called twice here.  One time for the gettext value and
+    # the other time for the n-parameter of the ngettext function.
+
+    def __init__(self, environment: Environment) -> None:
+        super().__init__(environment)
+        environment.globals["_"] = _gettext_alias
+        environment.extend(
+            install_gettext_translations=self._install,
+            install_null_translations=self._install_null,
+            install_gettext_callables=self._install_callables,
+            uninstall_gettext_translations=self._uninstall,
+            extract_translations=self._extract,
+            newstyle_gettext=False,
+        )
+
+    def _install(
+        self, translations: "_SupportedTranslations", newstyle: t.Optional[bool] = None
+    ) -> None:
+        # ugettext and ungettext are preferred in case the I18N library
+        # is providing compatibility with older Python versions.
+        gettext = getattr(translations, "ugettext", None)
+        if gettext is None:
+            gettext = translations.gettext
+        ngettext = getattr(translations, "ungettext", None)
+        if ngettext is None:
+            ngettext = translations.ngettext
+
+        pgettext = getattr(translations, "pgettext", None)
+        npgettext = getattr(translations, "npgettext", None)
+        self._install_callables(
+            gettext, ngettext, newstyle=newstyle, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _install_null(self, newstyle: t.Optional[bool] = None) -> None:
+        import gettext
+
+        translations = gettext.NullTranslations()
+
+        if hasattr(translations, "pgettext"):
+            # Python < 3.8
+            pgettext = translations.pgettext
+        else:
+
+            def pgettext(c: str, s: str) -> str:  # type: ignore[misc]
+                return s
+
+        if hasattr(translations, "npgettext"):
+            npgettext = translations.npgettext
+        else:
+
+            def npgettext(c: str, s: str, p: str, n: int) -> str:  # type: ignore[misc]
+                return s if n == 1 else p
+
+        self._install_callables(
+            gettext=translations.gettext,
+            ngettext=translations.ngettext,
+            newstyle=newstyle,
+            pgettext=pgettext,
+            npgettext=npgettext,
+        )
+
+    def _install_callables(
+        self,
+        gettext: t.Callable[[str], str],
+        ngettext: t.Callable[[str, str, int], str],
+        newstyle: t.Optional[bool] = None,
+        pgettext: t.Optional[t.Callable[[str, str], str]] = None,
+        npgettext: t.Optional[t.Callable[[str, str, str, int], str]] = None,
+    ) -> None:
+        if newstyle is not None:
+            self.environment.newstyle_gettext = newstyle  # type: ignore
+        if self.environment.newstyle_gettext:  # type: ignore
+            gettext = _make_new_gettext(gettext)
+            ngettext = _make_new_ngettext(ngettext)
+
+            if pgettext is not None:
+                pgettext = _make_new_pgettext(pgettext)
+
+            if npgettext is not None:
+                npgettext = _make_new_npgettext(npgettext)
+
+        self.environment.globals.update(
+            gettext=gettext, ngettext=ngettext, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _uninstall(self, translations: "_SupportedTranslations") -> None:
+        for key in ("gettext", "ngettext", "pgettext", "npgettext"):
+            self.environment.globals.pop(key, None)
+
+    def _extract(
+        self,
+        source: t.Union[str, nodes.Template],
+        gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    ) -> t.Iterator[
+        t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+    ]:
+        if isinstance(source, str):
+            source = self.environment.parse(source)
+        return extract_from_ast(source, gettext_functions)
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a translatable tag."""
+        lineno = next(parser.stream).lineno
+
+        context = None
+        context_token = parser.stream.next_if("string")
+
+        if context_token is not None:
+            context = context_token.value
+
+        # find all the variables referenced.  Additionally a variable can be
+        # defined in the body of the trans block too, but this is checked at
+        # a later state.
+        plural_expr: t.Optional[nodes.Expr] = None
+        plural_expr_assignment: t.Optional[nodes.Assign] = None
+        num_called_num = False
+        variables: t.Dict[str, nodes.Expr] = {}
+        trimmed = None
+        while parser.stream.current.type != "block_end":
+            if variables:
+                parser.stream.expect("comma")
+
+            # skip colon for python compatibility
+            if parser.stream.skip_if("colon"):
+                break
+
+            token = parser.stream.expect("name")
+            if token.value in variables:
+                parser.fail(
+                    f"translatable variable {token.value!r} defined twice.",
+                    token.lineno,
+                    exc=TemplateAssertionError,
+                )
+
+            # expressions
+            if parser.stream.current.type == "assign":
+                next(parser.stream)
+                variables[token.value] = var = parser.parse_expression()
+            elif trimmed is None and token.value in ("trimmed", "notrimmed"):
+                trimmed = token.value == "trimmed"
+                continue
+            else:
+                variables[token.value] = var = nodes.Name(token.value, "load")
+
+            if plural_expr is None:
+                if isinstance(var, nodes.Call):
+                    plural_expr = nodes.Name("_trans", "load")
+                    variables[token.value] = plural_expr
+                    plural_expr_assignment = nodes.Assign(
+                        nodes.Name("_trans", "store"), var
+                    )
+                else:
+                    plural_expr = var
+                num_called_num = token.value == "num"
+
+        parser.stream.expect("block_end")
+
+        plural = None
+        have_plural = False
+        referenced = set()
+
+        # now parse until endtrans or pluralize
+        singular_names, singular = self._parse_block(parser, True)
+        if singular_names:
+            referenced.update(singular_names)
+            if plural_expr is None:
+                plural_expr = nodes.Name(singular_names[0], "load")
+                num_called_num = singular_names[0] == "num"
+
+        # if we have a pluralize block, we parse that too
+        if parser.stream.current.test("name:pluralize"):
+            have_plural = True
+            next(parser.stream)
+            if parser.stream.current.type != "block_end":
+                token = parser.stream.expect("name")
+                if token.value not in variables:
+                    parser.fail(
+                        f"unknown variable {token.value!r} for pluralization",
+                        token.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                plural_expr = variables[token.value]
+                num_called_num = token.value == "num"
+            parser.stream.expect("block_end")
+            plural_names, plural = self._parse_block(parser, False)
+            next(parser.stream)
+            referenced.update(plural_names)
+        else:
+            next(parser.stream)
+
+        # register free names as simple name expressions
+        for name in referenced:
+            if name not in variables:
+                variables[name] = nodes.Name(name, "load")
+
+        if not have_plural:
+            plural_expr = None
+        elif plural_expr is None:
+            parser.fail("pluralize without variables", lineno)
+
+        if trimmed is None:
+            trimmed = self.environment.policies["ext.i18n.trimmed"]
+        if trimmed:
+            singular = self._trim_whitespace(singular)
+            if plural:
+                plural = self._trim_whitespace(plural)
+
+        node = self._make_node(
+            singular,
+            plural,
+            context,
+            variables,
+            plural_expr,
+            bool(referenced),
+            num_called_num and have_plural,
+        )
+        node.set_lineno(lineno)
+        if plural_expr_assignment is not None:
+            return [plural_expr_assignment, node]
+        else:
+            return node
+
+    def _trim_whitespace(self, string: str, _ws_re: t.Pattern[str] = _ws_re) -> str:
+        return _ws_re.sub(" ", string.strip())
+
+    def _parse_block(
+        self, parser: "Parser", allow_pluralize: bool
+    ) -> t.Tuple[t.List[str], str]:
+        """Parse until the next block tag with a given name."""
+        referenced = []
+        buf = []
+
+        while True:
+            if parser.stream.current.type == "data":
+                buf.append(parser.stream.current.value.replace("%", "%%"))
+                next(parser.stream)
+            elif parser.stream.current.type == "variable_begin":
+                next(parser.stream)
+                name = parser.stream.expect("name").value
+                referenced.append(name)
+                buf.append(f"%({name})s")
+                parser.stream.expect("variable_end")
+            elif parser.stream.current.type == "block_begin":
+                next(parser.stream)
+                block_name = (
+                    parser.stream.current.value
+                    if parser.stream.current.type == "name"
+                    else None
+                )
+                if block_name == "endtrans":
+                    break
+                elif block_name == "pluralize":
+                    if allow_pluralize:
+                        break
+                    parser.fail(
+                        "a translatable section can have only one pluralize section"
+                    )
+                elif block_name == "trans":
+                    parser.fail(
+                        "trans blocks can't be nested; did you mean `endtrans`?"
+                    )
+                parser.fail(
+                    f"control structures in translatable sections are not allowed; "
+                    f"saw `{block_name}`"
+                )
+            elif parser.stream.eos:
+                parser.fail("unclosed translation block")
+            else:
+                raise RuntimeError("internal parser error")
+
+        return referenced, concat(buf)
+
+    def _make_node(
+        self,
+        singular: str,
+        plural: t.Optional[str],
+        context: t.Optional[str],
+        variables: t.Dict[str, nodes.Expr],
+        plural_expr: t.Optional[nodes.Expr],
+        vars_referenced: bool,
+        num_called_num: bool,
+    ) -> nodes.Output:
+        """Generates a useful node from the data provided."""
+        newstyle = self.environment.newstyle_gettext  # type: ignore
+        node: nodes.Expr
+
+        # no variables referenced?  no need to escape for old style
+        # gettext invocations only if there are vars.
+        if not vars_referenced and not newstyle:
+            singular = singular.replace("%%", "%")
+            if plural:
+                plural = plural.replace("%%", "%")
+
+        func_name = "gettext"
+        func_args: t.List[nodes.Expr] = [nodes.Const(singular)]
+
+        if context is not None:
+            func_args.insert(0, nodes.Const(context))
+            func_name = f"p{func_name}"
+
+        if plural_expr is not None:
+            func_name = f"n{func_name}"
+            func_args.extend((nodes.Const(plural), plural_expr))
+
+        node = nodes.Call(nodes.Name(func_name, "load"), func_args, [], None, None)
+
+        # in case newstyle gettext is used, the method is powerful
+        # enough to handle the variable expansion and autoescape
+        # handling itself
+        if newstyle:
+            for key, value in variables.items():
+                # the function adds that later anyways in case num was
+                # called num, so just skip it.
+                if num_called_num and key == "num":
+                    continue
+                node.kwargs.append(nodes.Keyword(key, value))
+
+        # otherwise do that here
+        else:
+            # mark the return value as safe if we are in an
+            # environment with autoescaping turned on
+            node = nodes.MarkSafeIfAutoescape(node)
+            if variables:
+                node = nodes.Mod(
+                    node,
+                    nodes.Dict(
+                        [
+                            nodes.Pair(nodes.Const(key), value)
+                            for key, value in variables.items()
+                        ]
+                    ),
+                )
+        return nodes.Output([node])
+
+
+class ExprStmtExtension(Extension):
+    """Adds a `do` tag to Jinja that works like the print statement just
+    that it doesn't print the return value.
+    """
+
+    tags = {"do"}
+
+    def parse(self, parser: "Parser") -> nodes.ExprStmt:
+        node = nodes.ExprStmt(lineno=next(parser.stream).lineno)
+        node.node = parser.parse_tuple()
+        return node
+
+
+class LoopControlExtension(Extension):
+    """Adds break and continue to the template engine."""
+
+    tags = {"break", "continue"}
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Break, nodes.Continue]:
+        token = next(parser.stream)
+        if token.value == "break":
+            return nodes.Break(lineno=token.lineno)
+        return nodes.Continue(lineno=token.lineno)
+
+
+class DebugExtension(Extension):
+    """A ``{% debug %}`` tag that dumps the available variables,
+    filters, and tests.
+
+    .. code-block:: html+jinja
+
+        <pre>{% debug %}</pre>
+
+    .. code-block:: text
+
+        {'context': {'cycler': <class 'jinja2.utils.Cycler'>,
+                     ...,
+                     'namespace': <class 'jinja2.utils.Namespace'>},
+         'filters': ['abs', 'attr', 'batch', 'capitalize', 'center', 'count', 'd',
+                     ..., 'urlencode', 'urlize', 'wordcount', 'wordwrap', 'xmlattr'],
+         'tests': ['!=', '<', '<=', '==', '>', '>=', 'callable', 'defined',
+                   ..., 'odd', 'sameas', 'sequence', 'string', 'undefined', 'upper']}
+
+    .. versionadded:: 2.11.0
+    """
+
+    tags = {"debug"}
+
+    def parse(self, parser: "Parser") -> nodes.Output:
+        lineno = parser.stream.expect("name:debug").lineno
+        context = nodes.ContextReference()
+        result = self.call_method("_render", [context], lineno=lineno)
+        return nodes.Output([result], lineno=lineno)
+
+    def _render(self, context: Context) -> str:
+        result = {
+            "context": context.get_all(),
+            "filters": sorted(self.environment.filters.keys()),
+            "tests": sorted(self.environment.tests.keys()),
+        }
+
+        # Set the depth since the intent is to show the top few names.
+        return pprint.pformat(result, depth=3, compact=True)
+
+
+def extract_from_ast(
+    ast: nodes.Template,
+    gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    babel_style: bool = True,
+) -> t.Iterator[
+    t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+]:
+    """Extract localizable strings from the given template node.  Per
+    default this function returns matches in babel style that means non string
+    parameters as well as keyword arguments are returned as `None`.  This
+    allows Babel to figure out what you really meant if you are using
+    gettext functions that allow keyword arguments for placeholder expansion.
+    If you don't want that behavior set the `babel_style` parameter to `False`
+    which causes only strings to be returned and parameters are always stored
+    in tuples.  As a consequence invalid gettext calls (calls without a single
+    string parameter or string parameters after non-string parameters) are
+    skipped.
+
+    This example explains the behavior:
+
+    >>> from jinja2 import Environment
+    >>> env = Environment()
+    >>> node = env.parse('{{ (_("foo"), _(), ngettext("foo", "bar", 42)) }}')
+    >>> list(extract_from_ast(node))
+    [(1, '_', 'foo'), (1, '_', ()), (1, 'ngettext', ('foo', 'bar', None))]
+    >>> list(extract_from_ast(node, babel_style=False))
+    [(1, '_', ('foo',)), (1, 'ngettext', ('foo', 'bar'))]
+
+    For every string found this function yields a ``(lineno, function,
+    message)`` tuple, where:
+
+    * ``lineno`` is the number of the line on which the string was found,
+    * ``function`` is the name of the ``gettext`` function used (if the
+      string was extracted from embedded Python code), and
+    *   ``message`` is the string, or a tuple of strings for functions
+         with multiple string arguments.
+
+    This extraction function operates on the AST and is because of that unable
+    to extract any comments.  For comment support you have to use the babel
+    extraction interface or extract comments yourself.
+    """
+    out: t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]
+
+    for node in ast.find_all(nodes.Call):
+        if (
+            not isinstance(node.node, nodes.Name)
+            or node.node.name not in gettext_functions
+        ):
+            continue
+
+        strings: t.List[t.Optional[str]] = []
+
+        for arg in node.args:
+            if isinstance(arg, nodes.Const) and isinstance(arg.value, str):
+                strings.append(arg.value)
+            else:
+                strings.append(None)
+
+        for _ in node.kwargs:
+            strings.append(None)
+        if node.dyn_args is not None:
+            strings.append(None)
+        if node.dyn_kwargs is not None:
+            strings.append(None)
+
+        if not babel_style:
+            out = tuple(x for x in strings if x is not None)
+
+            if not out:
+                continue
+        else:
+            if len(strings) == 1:
+                out = strings[0]
+            else:
+                out = tuple(strings)
+
+        yield node.lineno, node.node.name, out
+
+
+class _CommentFinder:
+    """Helper class to find comments in a token stream.  Can only
+    find comments for gettext calls forwards.  Once the comment
+    from line 4 is found, a comment for line 1 will not return a
+    usable value.
+    """
+
+    def __init__(
+        self, tokens: t.Sequence[t.Tuple[int, str, str]], comment_tags: t.Sequence[str]
+    ) -> None:
+        self.tokens = tokens
+        self.comment_tags = comment_tags
+        self.offset = 0
+        self.last_lineno = 0
+
+    def find_backwards(self, offset: int) -> t.List[str]:
+        try:
+            for _, token_type, token_value in reversed(
+                self.tokens[self.offset : offset]
+            ):
+                if token_type in ("comment", "linecomment"):
+                    try:
+                        prefix, comment = token_value.split(None, 1)
+                    except ValueError:
+                        continue
+                    if prefix in self.comment_tags:
+                        return [comment.rstrip()]
+            return []
+        finally:
+            self.offset = offset
+
+    def find_comments(self, lineno: int) -> t.List[str]:
+        if not self.comment_tags or self.last_lineno > lineno:
+            return []
+        for idx, (token_lineno, _, _) in enumerate(self.tokens[self.offset :]):
+            if token_lineno > lineno:
+                return self.find_backwards(self.offset + idx)
+        return self.find_backwards(len(self.tokens))
+
+
+def babel_extract(
+    fileobj: t.BinaryIO,
+    keywords: t.Sequence[str],
+    comment_tags: t.Sequence[str],
+    options: t.Dict[str, t.Any],
+) -> t.Iterator[
+    t.Tuple[
+        int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]], t.List[str]
+    ]
+]:
+    """Babel extraction method for Jinja templates.
+
+    .. versionchanged:: 2.3
+       Basic support for translation comments was added.  If `comment_tags`
+       is now set to a list of keywords for extraction, the extractor will
+       try to find the best preceding comment that begins with one of the
+       keywords.  For best results, make sure to not have more than one
+       gettext call in one line of code and the matching comment in the
+       same line or the line before.
+
+    .. versionchanged:: 2.5.1
+       The `newstyle_gettext` flag can be set to `True` to enable newstyle
+       gettext calls.
+
+    .. versionchanged:: 2.7
+       A `silent` option can now be provided.  If set to `False` template
+       syntax errors are propagated instead of being ignored.
+
+    :param fileobj: the file-like object the messages should be extracted from
+    :param keywords: a list of keywords (i.e. function names) that should be
+                     recognized as translation functions
+    :param comment_tags: a list of translator tags to search for and include
+                         in the results.
+    :param options: a dictionary of additional options (optional)
+    :return: an iterator over ``(lineno, funcname, message, comments)`` tuples.
+             (comments will be empty currently)
+    """
+    extensions: t.Dict[t.Type[Extension], None] = {}
+
+    for extension_name in options.get("extensions", "").split(","):
+        extension_name = extension_name.strip()
+
+        if not extension_name:
+            continue
+
+        extensions[import_string(extension_name)] = None
+
+    if InternationalizationExtension not in extensions:
+        extensions[InternationalizationExtension] = None
+
+    def getbool(options: t.Mapping[str, str], key: str, default: bool = False) -> bool:
+        return options.get(key, str(default)).lower() in {"1", "on", "yes", "true"}
+
+    silent = getbool(options, "silent", True)
+    environment = Environment(
+        options.get("block_start_string", defaults.BLOCK_START_STRING),
+        options.get("block_end_string", defaults.BLOCK_END_STRING),
+        options.get("variable_start_string", defaults.VARIABLE_START_STRING),
+        options.get("variable_end_string", defaults.VARIABLE_END_STRING),
+        options.get("comment_start_string", defaults.COMMENT_START_STRING),
+        options.get("comment_end_string", defaults.COMMENT_END_STRING),
+        options.get("line_statement_prefix") or defaults.LINE_STATEMENT_PREFIX,
+        options.get("line_comment_prefix") or defaults.LINE_COMMENT_PREFIX,
+        getbool(options, "trim_blocks", defaults.TRIM_BLOCKS),
+        getbool(options, "lstrip_blocks", defaults.LSTRIP_BLOCKS),
+        defaults.NEWLINE_SEQUENCE,
+        getbool(options, "keep_trailing_newline", defaults.KEEP_TRAILING_NEWLINE),
+        tuple(extensions),
+        cache_size=0,
+        auto_reload=False,
+    )
+
+    if getbool(options, "trimmed"):
+        environment.policies["ext.i18n.trimmed"] = True
+    if getbool(options, "newstyle_gettext"):
+        environment.newstyle_gettext = True  # type: ignore
+
+    source = fileobj.read().decode(options.get("encoding", "utf-8"))
+    try:
+        node = environment.parse(source)
+        tokens = list(environment.lex(environment.preprocess(source)))
+    except TemplateSyntaxError:
+        if not silent:
+            raise
+        # skip templates with syntax errors
+        return
+
+    finder = _CommentFinder(tokens, comment_tags)
+    for lineno, func, message in extract_from_ast(node, keywords):
+        yield lineno, func, message, finder.find_comments(lineno)
+
+
+#: nicer import names
+i18n = InternationalizationExtension
+do = ExprStmtExtension
+loopcontrols = LoopControlExtension
+debug = DebugExtension
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/filters.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/filters.py
new file mode 100644
index 000000000..acd11976e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/filters.py
@@ -0,0 +1,1866 @@
+"""Built-in template filters used with the ``|`` operator."""
+
+import math
+import random
+import re
+import typing
+import typing as t
+from collections import abc
+from itertools import chain
+from itertools import groupby
+
+from markupsafe import escape
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import async_variant
+from .async_utils import auto_aiter
+from .async_utils import auto_await
+from .async_utils import auto_to_list
+from .exceptions import FilterArgumentError
+from .runtime import Undefined
+from .utils import htmlsafe_json_dumps
+from .utils import pass_context
+from .utils import pass_environment
+from .utils import pass_eval_context
+from .utils import pformat
+from .utils import url_quote
+from .utils import urlize
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+    from .nodes import EvalContext
+    from .runtime import Context
+    from .sandbox import SandboxedEnvironment  # noqa: F401
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+K = t.TypeVar("K")
+V = t.TypeVar("V")
+
+
+def ignore_case(value: V) -> V:
+    """For use as a postprocessor for :func:`make_attrgetter`. Converts strings
+    to lowercase and returns other types as-is."""
+    if isinstance(value, str):
+        return t.cast(V, value.lower())
+
+    return value
+
+
+def make_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+    default: t.Optional[t.Any] = None,
+) -> t.Callable[[t.Any], t.Any]:
+    """Returns a callable that looks up the given attribute from a
+    passed object with the rules of the environment.  Dots are allowed
+    to access attributes of attributes.  Integer parts in paths are
+    looked up as integers.
+    """
+    parts = _prepare_attribute_parts(attribute)
+
+    def attrgetter(item: t.Any) -> t.Any:
+        for part in parts:
+            item = environment.getitem(item, part)
+
+            if default is not None and isinstance(item, Undefined):
+                item = default
+
+        if postprocess is not None:
+            item = postprocess(item)
+
+        return item
+
+    return attrgetter
+
+
+def make_multi_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+) -> t.Callable[[t.Any], t.List[t.Any]]:
+    """Returns a callable that looks up the given comma separated
+    attributes from a passed object with the rules of the environment.
+    Dots are allowed to access attributes of each attribute.  Integer
+    parts in paths are looked up as integers.
+
+    The value returned by the returned callable is a list of extracted
+    attribute values.
+
+    Examples of attribute: "attr1,attr2", "attr1.inner1.0,attr2.inner2.0", etc.
+    """
+    if isinstance(attribute, str):
+        split: t.Sequence[t.Union[str, int, None]] = attribute.split(",")
+    else:
+        split = [attribute]
+
+    parts = [_prepare_attribute_parts(item) for item in split]
+
+    def attrgetter(item: t.Any) -> t.List[t.Any]:
+        items = [None] * len(parts)
+
+        for i, attribute_part in enumerate(parts):
+            item_i = item
+
+            for part in attribute_part:
+                item_i = environment.getitem(item_i, part)
+
+            if postprocess is not None:
+                item_i = postprocess(item_i)
+
+            items[i] = item_i
+
+        return items
+
+    return attrgetter
+
+
+def _prepare_attribute_parts(
+    attr: t.Optional[t.Union[str, int]],
+) -> t.List[t.Union[str, int]]:
+    if attr is None:
+        return []
+
+    if isinstance(attr, str):
+        return [int(x) if x.isdigit() else x for x in attr.split(".")]
+
+    return [attr]
+
+
+def do_forceescape(value: "t.Union[str, HasHTML]") -> Markup:
+    """Enforce HTML escaping.  This will probably double escape variables."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return escape(str(value))
+
+
+def do_urlencode(
+    value: t.Union[str, t.Mapping[str, t.Any], t.Iterable[t.Tuple[str, t.Any]]],
+) -> str:
+    """Quote data for use in a URL path or query using UTF-8.
+
+    Basic wrapper around :func:`urllib.parse.quote` when given a
+    string, or :func:`urllib.parse.urlencode` for a dict or iterable.
+
+    :param value: Data to quote. A string will be quoted directly. A
+        dict or iterable of ``(key, value)`` pairs will be joined as a
+        query string.
+
+    When given a string, "/" is not quoted. HTTP servers treat "/" and
+    "%2F" equivalently in paths. If you need quoted slashes, use the
+    ``|replace("/", "%2F")`` filter.
+
+    .. versionadded:: 2.7
+    """
+    if isinstance(value, str) or not isinstance(value, abc.Iterable):
+        return url_quote(value)
+
+    if isinstance(value, dict):
+        items: t.Iterable[t.Tuple[str, t.Any]] = value.items()
+    else:
+        items = value  # type: ignore
+
+    return "&".join(
+        f"{url_quote(k, for_qs=True)}={url_quote(v, for_qs=True)}" for k, v in items
+    )
+
+
+@pass_eval_context
+def do_replace(
+    eval_ctx: "EvalContext", s: str, old: str, new: str, count: t.Optional[int] = None
+) -> str:
+    """Return a copy of the value with all occurrences of a substring
+    replaced with a new one. The first argument is the substring
+    that should be replaced, the second is the replacement string.
+    If the optional third argument ``count`` is given, only the first
+    ``count`` occurrences are replaced:
+
+    .. sourcecode:: jinja
+
+        {{ "Hello World"|replace("Hello", "Goodbye") }}
+            -> Goodbye World
+
+        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
+            -> d'oh, d'oh, aaargh
+    """
+    if count is None:
+        count = -1
+
+    if not eval_ctx.autoescape:
+        return str(s).replace(str(old), str(new), count)
+
+    if (
+        hasattr(old, "__html__")
+        or hasattr(new, "__html__")
+        and not hasattr(s, "__html__")
+    ):
+        s = escape(s)
+    else:
+        s = soft_str(s)
+
+    return s.replace(soft_str(old), soft_str(new), count)
+
+
+def do_upper(s: str) -> str:
+    """Convert a value to uppercase."""
+    return soft_str(s).upper()
+
+
+def do_lower(s: str) -> str:
+    """Convert a value to lowercase."""
+    return soft_str(s).lower()
+
+
+def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K, V]]:
+    """Return an iterator over the ``(key, value)`` items of a mapping.
+
+    ``x|items`` is the same as ``x.items()``, except if ``x`` is
+    undefined an empty iterator is returned.
+
+    This filter is useful if you expect the template to be rendered with
+    an implementation of Jinja in another programming language that does
+    not have a ``.items()`` method on its mapping type.
+
+    .. code-block:: html+jinja
+
+        <dl>
+        {% for key, value in my_dict|items %}
+            <dt>{{ key }}
+            <dd>{{ value }}
+        {% endfor %}
+        </dl>
+
+    .. versionadded:: 3.1
+    """
+    if isinstance(value, Undefined):
+        return
+
+    if not isinstance(value, abc.Mapping):
+        raise TypeError("Can only get item pairs from a mapping.")
+
+    yield from value.items()
+
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+
+
+@pass_eval_context
+def do_xmlattr(
+    eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
+) -> str:
+    """Create an SGML/XML attribute string based on the items in a dict.
+
+    **Values** that are neither ``none`` nor ``undefined`` are automatically
+    escaped, safely allowing untrusted user input.
+
+    User input should not be used as **keys** to this filter. If any key
+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+    sign, this fails with a ``ValueError``. Regardless of this, user input
+    should never be used as keys to this filter, or must be separately validated
+    first.
+
+    .. sourcecode:: html+jinja
+
+        <ul{{ {'class': 'my_list', 'missing': none,
+                'id': 'list-%d'|format(variable)}|xmlattr }}>
+        ...
+        </ul>
+
+    Results in something like this:
+
+    .. sourcecode:: html
+
+        <ul class="my_list" id="list-42">
+        ...
+        </ul>
+
+    As you can see it automatically prepends a space in front of the item
+    if the filter returned something unless the second parameter is false.
+
+    .. versionchanged:: 3.1.4
+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+        are not allowed.
+
+    .. versionchanged:: 3.1.3
+        Keys with spaces are not allowed.
+    """
+    items = []
+
+    for key, value in d.items():
+        if value is None or isinstance(value, Undefined):
+            continue
+
+        if _attr_key_re.search(key) is not None:
+            raise ValueError(f"Invalid character in attribute name: {key!r}")
+
+        items.append(f'{escape(key)}="{escape(value)}"')
+
+    rv = " ".join(items)
+
+    if autospace and rv:
+        rv = " " + rv
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_capitalize(s: str) -> str:
+    """Capitalize a value. The first character will be uppercase, all others
+    lowercase.
+    """
+    return soft_str(s).capitalize()
+
+
+_word_beginning_split_re = re.compile(r"([-\s({\[<]+)")
+
+
+def do_title(s: str) -> str:
+    """Return a titlecased version of the value. I.e. words will start with
+    uppercase letters, all remaining characters are lowercase.
+    """
+    return "".join(
+        [
+            item[0].upper() + item[1:].lower()
+            for item in _word_beginning_split_re.split(soft_str(s))
+            if item
+        ]
+    )
+
+
+def do_dictsort(
+    value: t.Mapping[K, V],
+    case_sensitive: bool = False,
+    by: 'te.Literal["key", "value"]' = "key",
+    reverse: bool = False,
+) -> t.List[t.Tuple[K, V]]:
+    """Sort a dict and yield (key, value) pairs. Python dicts may not
+    be in the order you want to display them in, so sort them first.
+
+    .. sourcecode:: jinja
+
+        {% for key, value in mydict|dictsort %}
+            sort the dict by key, case insensitive
+
+        {% for key, value in mydict|dictsort(reverse=true) %}
+            sort the dict by key, case insensitive, reverse order
+
+        {% for key, value in mydict|dictsort(true) %}
+            sort the dict by key, case sensitive
+
+        {% for key, value in mydict|dictsort(false, 'value') %}
+            sort the dict by value, case insensitive
+    """
+    if by == "key":
+        pos = 0
+    elif by == "value":
+        pos = 1
+    else:
+        raise FilterArgumentError('You can only sort by either "key" or "value"')
+
+    def sort_func(item: t.Tuple[t.Any, t.Any]) -> t.Any:
+        value = item[pos]
+
+        if not case_sensitive:
+            value = ignore_case(value)
+
+        return value
+
+    return sorted(value.items(), key=sort_func, reverse=reverse)
+
+
+@pass_environment
+def do_sort(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    reverse: bool = False,
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.List[V]":
+    """Sort an iterable using Python's :func:`sorted`.
+
+    .. sourcecode:: jinja
+
+        {% for city in cities|sort %}
+            ...
+        {% endfor %}
+
+    :param reverse: Sort descending instead of ascending.
+    :param case_sensitive: When sorting strings, sort upper and lower
+        case separately.
+    :param attribute: When sorting objects or dicts, an attribute or
+        key to sort by. Can use dot notation like ``"address.city"``.
+        Can be a list of attributes like ``"age,name"``.
+
+    The sort is stable, it does not change the relative order of
+    elements that compare equal. This makes it is possible to chain
+    sorts on different attributes and ordering.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="name")
+            |sort(reverse=true, attribute="age") %}
+            ...
+        {% endfor %}
+
+    As a shortcut to chaining when the direction is the same for all
+    attributes, pass a comma separate list of attributes.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="age,name") %}
+            ...
+        {% endfor %}
+
+    .. versionchanged:: 2.11.0
+        The ``attribute`` parameter can be a comma separated list of
+        attributes, e.g. ``"age,name"``.
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added.
+    """
+    key_func = make_multi_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return sorted(value, key=key_func, reverse=reverse)
+
+
+@pass_environment
+def do_unique(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Iterator[V]":
+    """Returns a list of unique items from the given iterable.
+
+    .. sourcecode:: jinja
+
+        {{ ['foo', 'bar', 'foobar', 'FooBar']|unique|list }}
+            -> ['foo', 'bar', 'foobar']
+
+    The unique items are yielded in the same order as their first occurrence in
+    the iterable passed to the filter.
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Filter objects with unique values for this attribute.
+    """
+    getter = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    seen = set()
+
+    for item in value:
+        key = getter(item)
+
+        if key not in seen:
+            seen.add(key)
+            yield item
+
+
+def _min_or_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    func: "t.Callable[..., V]",
+    case_sensitive: bool,
+    attribute: t.Optional[t.Union[str, int]],
+) -> "t.Union[V, Undefined]":
+    it = iter(value)
+
+    try:
+        first = next(it)
+    except StopIteration:
+        return environment.undefined("No aggregated item, sequence was empty.")
+
+    key_func = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return func(chain([first], it), key=key_func)
+
+
+@pass_environment
+def do_min(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the smallest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|min }}
+            -> 1
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the min value of this attribute.
+    """
+    return _min_or_max(environment, value, min, case_sensitive, attribute)
+
+
+@pass_environment
+def do_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the largest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|max }}
+            -> 3
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the max value of this attribute.
+    """
+    return _min_or_max(environment, value, max, case_sensitive, attribute)
+
+
+def do_default(
+    value: V,
+    default_value: V = "",  # type: ignore
+    boolean: bool = False,
+) -> V:
+    """If the value is undefined it will return the passed default value,
+    otherwise the value of the variable:
+
+    .. sourcecode:: jinja
+
+        {{ my_variable|default('my_variable is not defined') }}
+
+    This will output the value of ``my_variable`` if the variable was
+    defined, otherwise ``'my_variable is not defined'``. If you want
+    to use default with variables that evaluate to false you have to
+    set the second parameter to `true`:
+
+    .. sourcecode:: jinja
+
+        {{ ''|default('the string was empty', true) }}
+
+    .. versionchanged:: 2.11
+       It's now possible to configure the :class:`~jinja2.Environment` with
+       :class:`~jinja2.ChainableUndefined` to make the `default` filter work
+       on nested elements and attributes that may contain undefined values
+       in the chain without getting an :exc:`~jinja2.UndefinedError`.
+    """
+    if isinstance(value, Undefined) or (boolean and not value):
+        return default_value
+
+    return value
+
+
+@pass_eval_context
+def sync_do_join(
+    eval_ctx: "EvalContext",
+    value: t.Iterable[t.Any],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    """Return a string which is the concatenation of the strings in the
+    sequence. The separator between elements is an empty string per
+    default, you can define it with the optional parameter:
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|join('|') }}
+            -> 1|2|3
+
+        {{ [1, 2, 3]|join }}
+            -> 123
+
+    It is also possible to join certain attributes of an object:
+
+    .. sourcecode:: jinja
+
+        {{ users|join(', ', attribute='username') }}
+
+    .. versionadded:: 2.6
+       The `attribute` parameter was added.
+    """
+    if attribute is not None:
+        value = map(make_attrgetter(eval_ctx.environment, attribute), value)
+
+    # no automatic escaping?  joining is a lot easier then
+    if not eval_ctx.autoescape:
+        return str(d).join(map(str, value))
+
+    # if the delimiter doesn't have an html representation we check
+    # if any of the items has.  If yes we do a coercion to Markup
+    if not hasattr(d, "__html__"):
+        value = list(value)
+        do_escape = False
+
+        for idx, item in enumerate(value):
+            if hasattr(item, "__html__"):
+                do_escape = True
+            else:
+                value[idx] = str(item)
+
+        if do_escape:
+            d = escape(d)
+        else:
+            d = str(d)
+
+        return d.join(value)
+
+    # no html involved, to normal joining
+    return soft_str(d).join(map(soft_str, value))
+
+
+@async_variant(sync_do_join)  # type: ignore
+async def do_join(
+    eval_ctx: "EvalContext",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    return sync_do_join(eval_ctx, await auto_to_list(value), d, attribute)
+
+
+def do_center(value: str, width: int = 80) -> str:
+    """Centers the value in a field of a given width."""
+    return soft_str(value).center(width)
+
+
+@pass_environment
+def sync_do_first(
+    environment: "Environment", seq: "t.Iterable[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the first item of a sequence."""
+    try:
+        return next(iter(seq))
+    except StopIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@async_variant(sync_do_first)  # type: ignore
+async def do_first(
+    environment: "Environment", seq: "t.Union[t.AsyncIterable[V], t.Iterable[V]]"
+) -> "t.Union[V, Undefined]":
+    try:
+        return await auto_aiter(seq).__anext__()
+    except StopAsyncIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@pass_environment
+def do_last(
+    environment: "Environment", seq: "t.Reversible[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the last item of a sequence.
+
+    Note: Does not work with generators. You may want to explicitly
+    convert it to a list:
+
+    .. sourcecode:: jinja
+
+        {{ data | selectattr('name', '==', 'Jinja') | list | last }}
+    """
+    try:
+        return next(iter(reversed(seq)))
+    except StopIteration:
+        return environment.undefined("No last item, sequence was empty.")
+
+
+# No async do_last, it may not be safe in async mode.
+
+
+@pass_context
+def do_random(context: "Context", seq: "t.Sequence[V]") -> "t.Union[V, Undefined]":
+    """Return a random item from the sequence."""
+    try:
+        return random.choice(seq)
+    except IndexError:
+        return context.environment.undefined("No random item, sequence was empty.")
+
+
+def do_filesizeformat(value: t.Union[str, float, int], binary: bool = False) -> str:
+    """Format the value like a 'human-readable' file size (i.e. 13 kB,
+    4.1 MB, 102 Bytes, etc).  Per default decimal prefixes are used (Mega,
+    Giga, etc.), if the second parameter is set to `True` the binary
+    prefixes are used (Mebi, Gibi).
+    """
+    bytes = float(value)
+    base = 1024 if binary else 1000
+    prefixes = [
+        ("KiB" if binary else "kB"),
+        ("MiB" if binary else "MB"),
+        ("GiB" if binary else "GB"),
+        ("TiB" if binary else "TB"),
+        ("PiB" if binary else "PB"),
+        ("EiB" if binary else "EB"),
+        ("ZiB" if binary else "ZB"),
+        ("YiB" if binary else "YB"),
+    ]
+
+    if bytes == 1:
+        return "1 Byte"
+    elif bytes < base:
+        return f"{int(bytes)} Bytes"
+    else:
+        for i, prefix in enumerate(prefixes):
+            unit = base ** (i + 2)
+
+            if bytes < unit:
+                return f"{base * bytes / unit:.1f} {prefix}"
+
+        return f"{base * bytes / unit:.1f} {prefix}"
+
+
+def do_pprint(value: t.Any) -> str:
+    """Pretty print a variable. Useful for debugging."""
+    return pformat(value)
+
+
+_uri_scheme_re = re.compile(r"^([\w.+-]{2,}:(/){0,2})$")
+
+
+@pass_eval_context
+def do_urlize(
+    eval_ctx: "EvalContext",
+    value: str,
+    trim_url_limit: t.Optional[int] = None,
+    nofollow: bool = False,
+    target: t.Optional[str] = None,
+    rel: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param value: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param nofollow: Add the ``rel=nofollow`` attribute to links.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior. Defaults to
+        ``env.policies["urlize.extra_schemes"]``, which defaults to no
+        extra schemes.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+
+    .. versionchanged:: 2.8
+       The ``target`` parameter was added.
+    """
+    policies = eval_ctx.environment.policies
+    rel_parts = set((rel or "").split())
+
+    if nofollow:
+        rel_parts.add("nofollow")
+
+    rel_parts.update((policies["urlize.rel"] or "").split())
+    rel = " ".join(sorted(rel_parts)) or None
+
+    if target is None:
+        target = policies["urlize.target"]
+
+    if extra_schemes is None:
+        extra_schemes = policies["urlize.extra_schemes"] or ()
+
+    for scheme in extra_schemes:
+        if _uri_scheme_re.fullmatch(scheme) is None:
+            raise FilterArgumentError(f"{scheme!r} is not a valid URI scheme prefix.")
+
+    rv = urlize(
+        value,
+        trim_url_limit=trim_url_limit,
+        rel=rel,
+        target=target,
+        extra_schemes=extra_schemes,
+    )
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_indent(
+    s: str, width: t.Union[int, str] = 4, first: bool = False, blank: bool = False
+) -> str:
+    """Return a copy of the string with each line indented by 4 spaces. The
+    first line and blank lines are not indented by default.
+
+    :param width: Number of spaces, or a string, to indent by.
+    :param first: Don't skip indenting the first line.
+    :param blank: Don't skip indenting empty lines.
+
+    .. versionchanged:: 3.0
+        ``width`` can be a string.
+
+    .. versionchanged:: 2.10
+        Blank lines are not indented by default.
+
+        Rename the ``indentfirst`` argument to ``first``.
+    """
+    if isinstance(width, str):
+        indention = width
+    else:
+        indention = " " * width
+
+    newline = "\n"
+
+    if isinstance(s, Markup):
+        indention = Markup(indention)
+        newline = Markup(newline)
+
+    s += newline  # this quirk is necessary for splitlines method
+
+    if blank:
+        rv = (newline + indention).join(s.splitlines())
+    else:
+        lines = s.splitlines()
+        rv = lines.pop(0)
+
+        if lines:
+            rv += newline + newline.join(
+                indention + line if line else line for line in lines
+            )
+
+    if first:
+        rv = indention + rv
+
+    return rv
+
+
+@pass_environment
+def do_truncate(
+    env: "Environment",
+    s: str,
+    length: int = 255,
+    killwords: bool = False,
+    end: str = "...",
+    leeway: t.Optional[int] = None,
+) -> str:
+    """Return a truncated copy of the string. The length is specified
+    with the first parameter which defaults to ``255``. If the second
+    parameter is ``true`` the filter will cut the text at length. Otherwise
+    it will discard the last word. If the text was in fact
+    truncated it will append an ellipsis sign (``"..."``). If you want a
+    different ellipsis sign than ``"..."`` you can specify it using the
+    third parameter. Strings that only exceed the length by the tolerance
+    margin given in the fourth parameter will not be truncated.
+
+    .. sourcecode:: jinja
+
+        {{ "foo bar baz qux"|truncate(9) }}
+            -> "foo..."
+        {{ "foo bar baz qux"|truncate(9, True) }}
+            -> "foo ba..."
+        {{ "foo bar baz qux"|truncate(11) }}
+            -> "foo bar baz qux"
+        {{ "foo bar baz qux"|truncate(11, False, '...', 0) }}
+            -> "foo bar..."
+
+    The default leeway on newer Jinja versions is 5 and was 0 before but
+    can be reconfigured globally.
+    """
+    if leeway is None:
+        leeway = env.policies["truncate.leeway"]
+
+    assert length >= len(end), f"expected length >= {len(end)}, got {length}"
+    assert leeway >= 0, f"expected leeway >= 0, got {leeway}"
+
+    if len(s) <= length + leeway:
+        return s
+
+    if killwords:
+        return s[: length - len(end)] + end
+
+    result = s[: length - len(end)].rsplit(" ", 1)[0]
+    return result + end
+
+
+@pass_environment
+def do_wordwrap(
+    environment: "Environment",
+    s: str,
+    width: int = 79,
+    break_long_words: bool = True,
+    wrapstring: t.Optional[str] = None,
+    break_on_hyphens: bool = True,
+) -> str:
+    """Wrap a string to the given width. Existing newlines are treated
+    as paragraphs to be wrapped separately.
+
+    :param s: Original text to wrap.
+    :param width: Maximum length of wrapped lines.
+    :param break_long_words: If a word is longer than ``width``, break
+        it across lines.
+    :param break_on_hyphens: If a word contains hyphens, it may be split
+        across lines.
+    :param wrapstring: String to join each wrapped line. Defaults to
+        :attr:`Environment.newline_sequence`.
+
+    .. versionchanged:: 2.11
+        Existing newlines are treated as paragraphs wrapped separately.
+
+    .. versionchanged:: 2.11
+        Added the ``break_on_hyphens`` parameter.
+
+    .. versionchanged:: 2.7
+        Added the ``wrapstring`` parameter.
+    """
+    import textwrap
+
+    if wrapstring is None:
+        wrapstring = environment.newline_sequence
+
+    # textwrap.wrap doesn't consider existing newlines when wrapping.
+    # If the string has a newline before width, wrap will still insert
+    # a newline at width, resulting in a short line. Instead, split and
+    # wrap each paragraph individually.
+    return wrapstring.join(
+        [
+            wrapstring.join(
+                textwrap.wrap(
+                    line,
+                    width=width,
+                    expand_tabs=False,
+                    replace_whitespace=False,
+                    break_long_words=break_long_words,
+                    break_on_hyphens=break_on_hyphens,
+                )
+            )
+            for line in s.splitlines()
+        ]
+    )
+
+
+_word_re = re.compile(r"\w+")
+
+
+def do_wordcount(s: str) -> int:
+    """Count the words in that string."""
+    return len(_word_re.findall(soft_str(s)))
+
+
+def do_int(value: t.Any, default: int = 0, base: int = 10) -> int:
+    """Convert the value into an integer. If the
+    conversion doesn't work it will return ``0``. You can
+    override this default using the first parameter. You
+    can also override the default base (10) in the second
+    parameter, which handles input with prefixes such as
+    0b, 0o and 0x for bases 2, 8 and 16 respectively.
+    The base is ignored for decimal numbers and non-string values.
+    """
+    try:
+        if isinstance(value, str):
+            return int(value, base)
+
+        return int(value)
+    except (TypeError, ValueError):
+        # this quirk is necessary so that "42.23"|int gives 42.
+        try:
+            return int(float(value))
+        except (TypeError, ValueError):
+            return default
+
+
+def do_float(value: t.Any, default: float = 0.0) -> float:
+    """Convert the value into a floating point number. If the
+    conversion doesn't work it will return ``0.0``. You can
+    override this default using the first parameter.
+    """
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def do_format(value: str, *args: t.Any, **kwargs: t.Any) -> str:
+    """Apply the given values to a `printf-style`_ format string, like
+    ``string % values``.
+
+    .. sourcecode:: jinja
+
+        {{ "%s, %s!"|format(greeting, name) }}
+        Hello, World!
+
+    In most cases it should be more convenient and efficient to use the
+    ``%`` operator or :meth:`str.format`.
+
+    .. code-block:: text
+
+        {{ "%s, %s!" % (greeting, name) }}
+        {{ "{}, {}!".format(greeting, name) }}
+
+    .. _printf-style: https://docs.python.org/library/stdtypes.html
+        #printf-style-string-formatting
+    """
+    if args and kwargs:
+        raise FilterArgumentError(
+            "can't handle positional and keyword arguments at the same time"
+        )
+
+    return soft_str(value) % (kwargs or args)
+
+
+def do_trim(value: str, chars: t.Optional[str] = None) -> str:
+    """Strip leading and trailing characters, by default whitespace."""
+    return soft_str(value).strip(chars)
+
+
+def do_striptags(value: "t.Union[str, HasHTML]") -> str:
+    """Strip SGML/XML tags and replace adjacent whitespace by one space."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return Markup(str(value)).striptags()
+
+
+def sync_do_slice(
+    value: "t.Collection[V]", slices: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """Slice an iterator and return a list of lists containing
+    those items. Useful if you want to create a div containing
+    three ul tags that represent columns:
+
+    .. sourcecode:: html+jinja
+
+        <div class="columnwrapper">
+          {%- for column in items|slice(3) %}
+            <ul class="column-{{ loop.index }}">
+            {%- for item in column %}
+              <li>{{ item }}</li>
+            {%- endfor %}
+            </ul>
+          {%- endfor %}
+        </div>
+
+    If you pass it a second argument it's used to fill missing
+    values on the last iteration.
+    """
+    seq = list(value)
+    length = len(seq)
+    items_per_slice = length // slices
+    slices_with_extra = length % slices
+    offset = 0
+
+    for slice_number in range(slices):
+        start = offset + slice_number * items_per_slice
+
+        if slice_number < slices_with_extra:
+            offset += 1
+
+        end = offset + (slice_number + 1) * items_per_slice
+        tmp = seq[start:end]
+
+        if fill_with is not None and slice_number >= slices_with_extra:
+            tmp.append(fill_with)
+
+        yield tmp
+
+
+@async_variant(sync_do_slice)  # type: ignore
+async def do_slice(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    slices: int,
+    fill_with: t.Optional[t.Any] = None,
+) -> "t.Iterator[t.List[V]]":
+    return sync_do_slice(await auto_to_list(value), slices, fill_with)
+
+
+def do_batch(
+    value: "t.Iterable[V]", linecount: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """
+    A filter that batches items. It works pretty much like `slice`
+    just the other way round. It returns a list of lists with the
+    given number of items. If you provide a second parameter this
+    is used to fill up missing items. See this example:
+
+    .. sourcecode:: html+jinja
+
+        <table>
+        {%- for row in items|batch(3, '&nbsp;') %}
+          <tr>
+          {%- for column in row %}
+            <td>{{ column }}</td>
+          {%- endfor %}
+          </tr>
+        {%- endfor %}
+        </table>
+    """
+    tmp: "t.List[V]" = []
+
+    for item in value:
+        if len(tmp) == linecount:
+            yield tmp
+            tmp = []
+
+        tmp.append(item)
+
+    if tmp:
+        if fill_with is not None and len(tmp) < linecount:
+            tmp += [fill_with] * (linecount - len(tmp))
+
+        yield tmp
+
+
+def do_round(
+    value: float,
+    precision: int = 0,
+    method: 'te.Literal["common", "ceil", "floor"]' = "common",
+) -> float:
+    """Round the number to a given precision. The first
+    parameter specifies the precision (default is ``0``), the
+    second the rounding method:
+
+    - ``'common'`` rounds either up or down
+    - ``'ceil'`` always rounds up
+    - ``'floor'`` always rounds down
+
+    If you don't specify a method ``'common'`` is used.
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round }}
+            -> 43.0
+        {{ 42.55|round(1, 'floor') }}
+            -> 42.5
+
+    Note that even if rounded to 0 precision, a float is returned.  If
+    you need a real integer, pipe it through `int`:
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round|int }}
+            -> 43
+    """
+    if method not in {"common", "ceil", "floor"}:
+        raise FilterArgumentError("method must be common, ceil or floor")
+
+    if method == "common":
+        return round(value, precision)
+
+    func = getattr(math, method)
+    return t.cast(float, func(value * (10**precision)) / (10**precision))
+
+
+class _GroupTuple(t.NamedTuple):
+    grouper: t.Any
+    list: t.List[t.Any]
+
+    # Use the regular tuple repr to hide this subclass if users print
+    # out the value during debugging.
+    def __repr__(self) -> str:
+        return tuple.__repr__(self)
+
+    def __str__(self) -> str:
+        return tuple.__str__(self)
+
+
+@pass_environment
+def sync_do_groupby(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    """Group a sequence of objects by an attribute using Python's
+    :func:`itertools.groupby`. The attribute can use dot notation for
+    nested access, like ``"address.city"``. Unlike Python's ``groupby``,
+    the values are sorted first so only one group is returned for each
+    unique value.
+
+    For example, a list of ``User`` objects with a ``city`` attribute
+    can be rendered in groups. In this example, ``grouper`` refers to
+    the ``city`` value of the group.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for city, items in users|groupby("city") %}
+          <li>{{ city }}
+            <ul>{% for user in items %}
+              <li>{{ user.name }}
+            {% endfor %}</ul>
+          </li>
+        {% endfor %}</ul>
+
+    ``groupby`` yields namedtuples of ``(grouper, list)``, which
+    can be used instead of the tuple unpacking above. ``grouper`` is the
+    value of the attribute, and ``list`` is the items with that value.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for group in users|groupby("city") %}
+          <li>{{ group.grouper }}: {{ group.list|join(", ") }}
+        {% endfor %}</ul>
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        <ul>{% for city, items in users|groupby("city", default="NY") %}
+          <li>{{ city }}: {{ items|map(attribute="name")|join(", ") }}</li>
+        {% endfor %}</ul>
+
+    Like the :func:`~jinja-filters.sort` filter, sorting and grouping is
+    case-insensitive by default. The ``key`` for each group will have
+    the case of the first item in that group of values. For example, if
+    a list of users has cities ``["CA", "NY", "ca"]``, the "CA" group
+    will have two values. This can be disabled by passing
+    ``case_sensitive=True``.
+
+    .. versionchanged:: 3.1
+        Added the ``case_sensitive`` parameter. Sorting and grouping is
+        case-insensitive by default, matching other filters that do
+        comparisons.
+
+    .. versionchanged:: 3.0
+        Added the ``default`` parameter.
+
+    .. versionchanged:: 2.6
+        The attribute supports dot notation for nested access.
+    """
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, list(values))
+        for key, values in groupby(sorted(value, key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@async_variant(sync_do_groupby)  # type: ignore
+async def do_groupby(
+    environment: "Environment",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, await auto_to_list(values))
+        for key, values in groupby(sorted(await auto_to_list(value), key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@pass_environment
+def sync_do_sum(
+    environment: "Environment",
+    iterable: "t.Iterable[V]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    """Returns the sum of a sequence of numbers plus the value of parameter
+    'start' (which defaults to 0).  When the sequence is empty it returns
+    start.
+
+    It is also possible to sum up only certain attributes:
+
+    .. sourcecode:: jinja
+
+        Total: {{ items|sum(attribute='price') }}
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added to allow summing up over
+       attributes.  Also the ``start`` parameter was moved on to the right.
+    """
+    if attribute is not None:
+        iterable = map(make_attrgetter(environment, attribute), iterable)
+
+    return sum(iterable, start)  # type: ignore[no-any-return, call-overload]
+
+
+@async_variant(sync_do_sum)  # type: ignore
+async def do_sum(
+    environment: "Environment",
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    rv = start
+
+    if attribute is not None:
+        func = make_attrgetter(environment, attribute)
+    else:
+
+        def func(x: V) -> V:
+            return x
+
+    async for item in auto_aiter(iterable):
+        rv += func(item)
+
+    return rv
+
+
+def sync_do_list(value: "t.Iterable[V]") -> "t.List[V]":
+    """Convert the value into a list.  If it was a string the returned list
+    will be a list of characters.
+    """
+    return list(value)
+
+
+@async_variant(sync_do_list)  # type: ignore
+async def do_list(value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]") -> "t.List[V]":
+    return await auto_to_list(value)
+
+
+def do_mark_safe(value: str) -> Markup:
+    """Mark the value as safe which means that in an environment with automatic
+    escaping enabled this variable will not be escaped.
+    """
+    return Markup(value)
+
+
+def do_mark_unsafe(value: str) -> str:
+    """Mark a value as unsafe.  This is the reverse operation for :func:`safe`."""
+    return str(value)
+
+
+@typing.overload
+def do_reverse(value: str) -> str: ...
+
+
+@typing.overload
+def do_reverse(value: "t.Iterable[V]") -> "t.Iterable[V]": ...
+
+
+def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]]:
+    """Reverse the object or return an iterator that iterates over it the other
+    way round.
+    """
+    if isinstance(value, str):
+        return value[::-1]
+
+    try:
+        return reversed(value)  # type: ignore
+    except TypeError:
+        try:
+            rv = list(value)
+            rv.reverse()
+            return rv
+        except TypeError as e:
+            raise FilterArgumentError("argument must be iterable") from e
+
+
+@pass_environment
+def do_attr(
+    environment: "Environment", obj: t.Any, name: str
+) -> t.Union[Undefined, t.Any]:
+    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+    ``foo.bar`` just that always an attribute is returned and items are not
+    looked up.
+
+    See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+    """
+    try:
+        name = str(name)
+    except UnicodeError:
+        pass
+    else:
+        try:
+            value = getattr(obj, name)
+        except AttributeError:
+            pass
+        else:
+            if environment.sandboxed:
+                environment = t.cast("SandboxedEnvironment", environment)
+
+                if not environment.is_safe_attribute(obj, name, value):
+                    return environment.unsafe_undefined(obj, name)
+
+            return value
+
+    return environment.undefined(obj=obj, name=name)
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@pass_context
+def sync_do_map(
+    context: "Context", value: t.Iterable[t.Any], *args: t.Any, **kwargs: t.Any
+) -> t.Iterable[t.Any]:
+    """Applies a filter on a sequence of objects or looks up an attribute.
+    This is useful when dealing with lists of objects but you are really
+    only interested in a certain value of it.
+
+    The basic usage is mapping on an attribute.  Imagine you have a list
+    of users but you are only interested in a list of usernames:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ users|map(attribute='username')|join(', ') }}
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        {{ users|map(attribute="username", default="Anonymous")|join(", ") }}
+
+    Alternatively you can let it invoke a filter by passing the name of the
+    filter and the arguments afterwards.  A good example would be applying a
+    text conversion filter on a sequence:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ titles|map('lower')|join(', ') }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u.username for u in users)
+        (getattr(u, "username", "Anonymous") for u in users)
+        (do_lower(x) for x in titles)
+
+    .. versionchanged:: 2.11.0
+        Added the ``default`` parameter.
+
+    .. versionadded:: 2.7
+    """
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        for item in value:
+            yield func(item)
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@async_variant(sync_do_map)  # type: ignore
+async def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.AsyncIterable[t.Any]:
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        async for item in auto_aiter(value):
+            yield await auto_await(func(item))
+
+
+@pass_context
+def sync_do_select(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and only selecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|select("odd") }}
+        {{ numbers|select("odd") }}
+        {{ numbers|select("divisibleby", 3) }}
+        {{ numbers|select("lessthan", 42) }}
+        {{ strings|select("equalto", "mystring") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if test_odd(n))
+        (n for n in numbers if test_divisibleby(n, 3))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@async_variant(sync_do_select)  # type: ignore
+async def do_select(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@pass_context
+def sync_do_reject(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and rejecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|reject("odd") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if not test_odd(n))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@async_variant(sync_do_reject)  # type: ignore
+async def do_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@pass_context
+def sync_do_selectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and only selecting the objects with the
+    test succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ users|selectattr("is_active") }}
+        {{ users|selectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if user.is_active)
+        (u for user in users if test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@async_variant(sync_do_selectattr)  # type: ignore
+async def do_selectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@pass_context
+def sync_do_rejectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and rejecting the objects with the test
+    succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    .. sourcecode:: jinja
+
+        {{ users|rejectattr("is_active") }}
+        {{ users|rejectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if not user.is_active)
+        (u for user in users if not test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@async_variant(sync_do_rejectattr)  # type: ignore
+async def do_rejectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@pass_eval_context
+def do_tojson(
+    eval_ctx: "EvalContext", value: t.Any, indent: t.Optional[int] = None
+) -> Markup:
+    """Serialize an object to a string of JSON, and mark it safe to
+    render in HTML. This filter is only for use in HTML documents.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param value: The object to serialize to JSON.
+    :param indent: The ``indent`` parameter passed to ``dumps``, for
+        pretty-printing the value.
+
+    .. versionadded:: 2.9
+    """
+    policies = eval_ctx.environment.policies
+    dumps = policies["json.dumps_function"]
+    kwargs = policies["json.dumps_kwargs"]
+
+    if indent is not None:
+        kwargs = kwargs.copy()
+        kwargs["indent"] = indent
+
+    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
+
+
+def prepare_map(
+    context: "Context", args: t.Tuple[t.Any, ...], kwargs: t.Dict[str, t.Any]
+) -> t.Callable[[t.Any], t.Any]:
+    if not args and "attribute" in kwargs:
+        attribute = kwargs.pop("attribute")
+        default = kwargs.pop("default", None)
+
+        if kwargs:
+            raise FilterArgumentError(
+                f"Unexpected keyword argument {next(iter(kwargs))!r}"
+            )
+
+        func = make_attrgetter(context.environment, attribute, default=default)
+    else:
+        try:
+            name = args[0]
+            args = args[1:]
+        except LookupError:
+            raise FilterArgumentError("map requires a filter argument") from None
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_filter(
+                name, item, args, kwargs, context=context
+            )
+
+    return func
+
+
+def prepare_select_or_reject(
+    context: "Context",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> t.Callable[[t.Any], t.Any]:
+    if lookup_attr:
+        try:
+            attr = args[0]
+        except LookupError:
+            raise FilterArgumentError("Missing parameter for attribute name") from None
+
+        transfunc = make_attrgetter(context.environment, attr)
+        off = 1
+    else:
+        off = 0
+
+        def transfunc(x: V) -> V:
+            return x
+
+    try:
+        name = args[off]
+        args = args[1 + off :]
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_test(name, item, args, kwargs)
+
+    except LookupError:
+        func = bool  # type: ignore
+
+    return lambda item: modfunc(func(transfunc(item)))
+
+
+def select_or_reject(
+    context: "Context",
+    value: "t.Iterable[V]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.Iterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        for item in value:
+            if func(item):
+                yield item
+
+
+async def async_select_or_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.AsyncIterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        async for item in auto_aiter(value):
+            if func(item):
+                yield item
+
+
+FILTERS = {
+    "abs": abs,
+    "attr": do_attr,
+    "batch": do_batch,
+    "capitalize": do_capitalize,
+    "center": do_center,
+    "count": len,
+    "d": do_default,
+    "default": do_default,
+    "dictsort": do_dictsort,
+    "e": escape,
+    "escape": escape,
+    "filesizeformat": do_filesizeformat,
+    "first": do_first,
+    "float": do_float,
+    "forceescape": do_forceescape,
+    "format": do_format,
+    "groupby": do_groupby,
+    "indent": do_indent,
+    "int": do_int,
+    "join": do_join,
+    "last": do_last,
+    "length": len,
+    "list": do_list,
+    "lower": do_lower,
+    "items": do_items,
+    "map": do_map,
+    "min": do_min,
+    "max": do_max,
+    "pprint": do_pprint,
+    "random": do_random,
+    "reject": do_reject,
+    "rejectattr": do_rejectattr,
+    "replace": do_replace,
+    "reverse": do_reverse,
+    "round": do_round,
+    "safe": do_mark_safe,
+    "select": do_select,
+    "selectattr": do_selectattr,
+    "slice": do_slice,
+    "sort": do_sort,
+    "string": soft_str,
+    "striptags": do_striptags,
+    "sum": do_sum,
+    "title": do_title,
+    "trim": do_trim,
+    "truncate": do_truncate,
+    "unique": do_unique,
+    "upper": do_upper,
+    "urlencode": do_urlencode,
+    "urlize": do_urlize,
+    "wordcount": do_wordcount,
+    "wordwrap": do_wordwrap,
+    "xmlattr": do_xmlattr,
+    "tojson": do_tojson,
+}
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/idtracking.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/idtracking.py
new file mode 100644
index 000000000..995ebaa0c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/idtracking.py
@@ -0,0 +1,318 @@
+import typing as t
+
+from . import nodes
+from .visitor import NodeVisitor
+
+VAR_LOAD_PARAMETER = "param"
+VAR_LOAD_RESOLVE = "resolve"
+VAR_LOAD_ALIAS = "alias"
+VAR_LOAD_UNDEFINED = "undefined"
+
+
+def find_symbols(
+    nodes: t.Iterable[nodes.Node], parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    visitor = FrameSymbolVisitor(sym)
+    for node in nodes:
+        visitor.visit(node)
+    return sym
+
+
+def symbols_for_node(
+    node: nodes.Node, parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    sym.analyze_node(node)
+    return sym
+
+
+class Symbols:
+    def __init__(
+        self, parent: t.Optional["Symbols"] = None, level: t.Optional[int] = None
+    ) -> None:
+        if level is None:
+            if parent is None:
+                level = 0
+            else:
+                level = parent.level + 1
+
+        self.level: int = level
+        self.parent = parent
+        self.refs: t.Dict[str, str] = {}
+        self.loads: t.Dict[str, t.Any] = {}
+        self.stores: t.Set[str] = set()
+
+    def analyze_node(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        visitor = RootVisitor(self)
+        visitor.visit(node, **kwargs)
+
+    def _define_ref(
+        self, name: str, load: t.Optional[t.Tuple[str, t.Optional[str]]] = None
+    ) -> str:
+        ident = f"l_{self.level}_{name}"
+        self.refs[name] = ident
+        if load is not None:
+            self.loads[ident] = load
+        return ident
+
+    def find_load(self, target: str) -> t.Optional[t.Any]:
+        if target in self.loads:
+            return self.loads[target]
+
+        if self.parent is not None:
+            return self.parent.find_load(target)
+
+        return None
+
+    def find_ref(self, name: str) -> t.Optional[str]:
+        if name in self.refs:
+            return self.refs[name]
+
+        if self.parent is not None:
+            return self.parent.find_ref(name)
+
+        return None
+
+    def ref(self, name: str) -> str:
+        rv = self.find_ref(name)
+        if rv is None:
+            raise AssertionError(
+                "Tried to resolve a name to a reference that was"
+                f" unknown to the frame ({name!r})"
+            )
+        return rv
+
+    def copy(self) -> "Symbols":
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.refs = self.refs.copy()
+        rv.loads = self.loads.copy()
+        rv.stores = self.stores.copy()
+        return rv
+
+    def store(self, name: str) -> None:
+        self.stores.add(name)
+
+        # If we have not see the name referenced yet, we need to figure
+        # out what to set it to.
+        if name not in self.refs:
+            # If there is a parent scope we check if the name has a
+            # reference there.  If it does it means we might have to alias
+            # to a variable there.
+            if self.parent is not None:
+                outer_ref = self.parent.find_ref(name)
+                if outer_ref is not None:
+                    self._define_ref(name, load=(VAR_LOAD_ALIAS, outer_ref))
+                    return
+
+            # Otherwise we can just set it to undefined.
+            self._define_ref(name, load=(VAR_LOAD_UNDEFINED, None))
+
+    def declare_parameter(self, name: str) -> str:
+        self.stores.add(name)
+        return self._define_ref(name, load=(VAR_LOAD_PARAMETER, None))
+
+    def load(self, name: str) -> None:
+        if self.find_ref(name) is None:
+            self._define_ref(name, load=(VAR_LOAD_RESOLVE, name))
+
+    def branch_update(self, branch_symbols: t.Sequence["Symbols"]) -> None:
+        stores: t.Dict[str, int] = {}
+        for branch in branch_symbols:
+            for target in branch.stores:
+                if target in self.stores:
+                    continue
+                stores[target] = stores.get(target, 0) + 1
+
+        for sym in branch_symbols:
+            self.refs.update(sym.refs)
+            self.loads.update(sym.loads)
+            self.stores.update(sym.stores)
+
+        for name, branch_count in stores.items():
+            if branch_count == len(branch_symbols):
+                continue
+
+            target = self.find_ref(name)  # type: ignore
+            assert target is not None, "should not happen"
+
+            if self.parent is not None:
+                outer_target = self.parent.find_ref(name)
+                if outer_target is not None:
+                    self.loads[target] = (VAR_LOAD_ALIAS, outer_target)
+                    continue
+            self.loads[target] = (VAR_LOAD_RESOLVE, name)
+
+    def dump_stores(self) -> t.Dict[str, str]:
+        rv: t.Dict[str, str] = {}
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for name in sorted(node.stores):
+                if name not in rv:
+                    rv[name] = self.find_ref(name)  # type: ignore
+
+            node = node.parent
+
+        return rv
+
+    def dump_param_targets(self) -> t.Set[str]:
+        rv = set()
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for target, (instr, _) in self.loads.items():
+                if instr == VAR_LOAD_PARAMETER:
+                    rv.add(target)
+
+            node = node.parent
+
+        return rv
+
+
+class RootVisitor(NodeVisitor):
+    def __init__(self, symbols: "Symbols") -> None:
+        self.sym_visitor = FrameSymbolVisitor(symbols)
+
+    def _simple_visit(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes():
+            self.sym_visitor.visit(child)
+
+    visit_Template = _simple_visit
+    visit_Block = _simple_visit
+    visit_Macro = _simple_visit
+    visit_FilterBlock = _simple_visit
+    visit_Scope = _simple_visit
+    visit_If = _simple_visit
+    visit_ScopedEvalContextModifier = _simple_visit
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes(exclude=("call",)):
+            self.sym_visitor.visit(child)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_For(
+        self, node: nodes.For, for_branch: str = "body", **kwargs: t.Any
+    ) -> None:
+        if for_branch == "body":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            branch = node.body
+        elif for_branch == "else":
+            branch = node.else_
+        elif for_branch == "test":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            if node.test is not None:
+                self.sym_visitor.visit(node.test)
+            return
+        else:
+            raise RuntimeError("Unknown for branch")
+
+        if branch:
+            for item in branch:
+                self.sym_visitor.visit(item)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.targets:
+            self.sym_visitor.visit(target)
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def generic_visit(self, node: nodes.Node, *args: t.Any, **kwargs: t.Any) -> None:
+        raise NotImplementedError(f"Cannot find symbols for {type(node).__name__!r}")
+
+
+class FrameSymbolVisitor(NodeVisitor):
+    """A visitor for `Frame.inspect`."""
+
+    def __init__(self, symbols: "Symbols") -> None:
+        self.symbols = symbols
+
+    def visit_Name(
+        self, node: nodes.Name, store_as_param: bool = False, **kwargs: t.Any
+    ) -> None:
+        """All assignments to names go through this function."""
+        if store_as_param or node.ctx == "param":
+            self.symbols.declare_parameter(node.name)
+        elif node.ctx == "store":
+            self.symbols.store(node.name)
+        elif node.ctx == "load":
+            self.symbols.load(node.name)
+
+    def visit_NSRef(self, node: nodes.NSRef, **kwargs: t.Any) -> None:
+        self.symbols.load(node.name)
+
+    def visit_If(self, node: nodes.If, **kwargs: t.Any) -> None:
+        self.visit(node.test, **kwargs)
+        original_symbols = self.symbols
+
+        def inner_visit(nodes: t.Iterable[nodes.Node]) -> "Symbols":
+            self.symbols = rv = original_symbols.copy()
+
+            for subnode in nodes:
+                self.visit(subnode, **kwargs)
+
+            self.symbols = original_symbols
+            return rv
+
+        body_symbols = inner_visit(node.body)
+        elif_symbols = inner_visit(node.elif_)
+        else_symbols = inner_visit(node.else_ or ())
+        self.symbols.branch_update([body_symbols, elif_symbols, else_symbols])
+
+    def visit_Macro(self, node: nodes.Macro, **kwargs: t.Any) -> None:
+        self.symbols.store(node.name)
+
+    def visit_Import(self, node: nodes.Import, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+        self.symbols.store(node.target)
+
+    def visit_FromImport(self, node: nodes.FromImport, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+
+        for name in node.names:
+            if isinstance(name, tuple):
+                self.symbols.store(name[1])
+            else:
+                self.symbols.store(name)
+
+    def visit_Assign(self, node: nodes.Assign, **kwargs: t.Any) -> None:
+        """Visit assignments in the correct order."""
+        self.visit(node.node, **kwargs)
+        self.visit(node.target, **kwargs)
+
+    def visit_For(self, node: nodes.For, **kwargs: t.Any) -> None:
+        """Visiting stops at for blocks.  However the block sequence
+        is visited as part of the outer scope.
+        """
+        self.visit(node.iter, **kwargs)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        self.visit(node.call, **kwargs)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, **kwargs: t.Any) -> None:
+        self.visit(node.filter, **kwargs)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.values:
+            self.visit(target)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        """Stop visiting at block assigns."""
+        self.visit(node.target, **kwargs)
+
+    def visit_Scope(self, node: nodes.Scope, **kwargs: t.Any) -> None:
+        """Stop visiting at scopes."""
+
+    def visit_Block(self, node: nodes.Block, **kwargs: t.Any) -> None:
+        """Stop visiting at blocks."""
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        """Do not visit into overlay scopes."""
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/lexer.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/lexer.py
new file mode 100644
index 000000000..62b0471a3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/lexer.py
@@ -0,0 +1,868 @@
+"""Implements a Jinja / Python combination lexer. The ``Lexer`` class
+is used to do some preprocessing. It filters out invalid operators like
+the bitshift operators we don't allow in templates. It separates
+template code and python code in expressions.
+"""
+
+import re
+import typing as t
+from ast import literal_eval
+from collections import deque
+from sys import intern
+
+from ._identifier import pattern as name_re
+from .exceptions import TemplateSyntaxError
+from .utils import LRUCache
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+# cache for the lexers. Exists in order to be able to have multiple
+# environments with the same lexer
+_lexer_cache: t.MutableMapping[t.Tuple, "Lexer"] = LRUCache(50)  # type: ignore
+
+# static regular expressions
+whitespace_re = re.compile(r"\s+")
+newline_re = re.compile(r"(\r\n|\r|\n)")
+string_re = re.compile(
+    r"('([^'\\]*(?:\\.[^'\\]*)*)'" r'|"([^"\\]*(?:\\.[^"\\]*)*)")', re.S
+)
+integer_re = re.compile(
+    r"""
+    (
+        0b(_?[0-1])+ # binary
+    |
+        0o(_?[0-7])+ # octal
+    |
+        0x(_?[\da-f])+ # hex
+    |
+        [1-9](_?\d)* # decimal
+    |
+        0(_?0)* # decimal zero
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+float_re = re.compile(
+    r"""
+    (?<!\.)  # doesn't start with a .
+    (\d+_)*\d+  # digits, possibly _ separated
+    (
+        (\.(\d+_)*\d+)?  # optional fractional part
+        e[+\-]?(\d+_)*\d+  # exponent part
+    |
+        \.(\d+_)*\d+  # required fractional part
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+
+# internal the tokens and keep references to them
+TOKEN_ADD = intern("add")
+TOKEN_ASSIGN = intern("assign")
+TOKEN_COLON = intern("colon")
+TOKEN_COMMA = intern("comma")
+TOKEN_DIV = intern("div")
+TOKEN_DOT = intern("dot")
+TOKEN_EQ = intern("eq")
+TOKEN_FLOORDIV = intern("floordiv")
+TOKEN_GT = intern("gt")
+TOKEN_GTEQ = intern("gteq")
+TOKEN_LBRACE = intern("lbrace")
+TOKEN_LBRACKET = intern("lbracket")
+TOKEN_LPAREN = intern("lparen")
+TOKEN_LT = intern("lt")
+TOKEN_LTEQ = intern("lteq")
+TOKEN_MOD = intern("mod")
+TOKEN_MUL = intern("mul")
+TOKEN_NE = intern("ne")
+TOKEN_PIPE = intern("pipe")
+TOKEN_POW = intern("pow")
+TOKEN_RBRACE = intern("rbrace")
+TOKEN_RBRACKET = intern("rbracket")
+TOKEN_RPAREN = intern("rparen")
+TOKEN_SEMICOLON = intern("semicolon")
+TOKEN_SUB = intern("sub")
+TOKEN_TILDE = intern("tilde")
+TOKEN_WHITESPACE = intern("whitespace")
+TOKEN_FLOAT = intern("float")
+TOKEN_INTEGER = intern("integer")
+TOKEN_NAME = intern("name")
+TOKEN_STRING = intern("string")
+TOKEN_OPERATOR = intern("operator")
+TOKEN_BLOCK_BEGIN = intern("block_begin")
+TOKEN_BLOCK_END = intern("block_end")
+TOKEN_VARIABLE_BEGIN = intern("variable_begin")
+TOKEN_VARIABLE_END = intern("variable_end")
+TOKEN_RAW_BEGIN = intern("raw_begin")
+TOKEN_RAW_END = intern("raw_end")
+TOKEN_COMMENT_BEGIN = intern("comment_begin")
+TOKEN_COMMENT_END = intern("comment_end")
+TOKEN_COMMENT = intern("comment")
+TOKEN_LINESTATEMENT_BEGIN = intern("linestatement_begin")
+TOKEN_LINESTATEMENT_END = intern("linestatement_end")
+TOKEN_LINECOMMENT_BEGIN = intern("linecomment_begin")
+TOKEN_LINECOMMENT_END = intern("linecomment_end")
+TOKEN_LINECOMMENT = intern("linecomment")
+TOKEN_DATA = intern("data")
+TOKEN_INITIAL = intern("initial")
+TOKEN_EOF = intern("eof")
+
+# bind operators to token types
+operators = {
+    "+": TOKEN_ADD,
+    "-": TOKEN_SUB,
+    "/": TOKEN_DIV,
+    "//": TOKEN_FLOORDIV,
+    "*": TOKEN_MUL,
+    "%": TOKEN_MOD,
+    "**": TOKEN_POW,
+    "~": TOKEN_TILDE,
+    "[": TOKEN_LBRACKET,
+    "]": TOKEN_RBRACKET,
+    "(": TOKEN_LPAREN,
+    ")": TOKEN_RPAREN,
+    "{": TOKEN_LBRACE,
+    "}": TOKEN_RBRACE,
+    "==": TOKEN_EQ,
+    "!=": TOKEN_NE,
+    ">": TOKEN_GT,
+    ">=": TOKEN_GTEQ,
+    "<": TOKEN_LT,
+    "<=": TOKEN_LTEQ,
+    "=": TOKEN_ASSIGN,
+    ".": TOKEN_DOT,
+    ":": TOKEN_COLON,
+    "|": TOKEN_PIPE,
+    ",": TOKEN_COMMA,
+    ";": TOKEN_SEMICOLON,
+}
+
+reverse_operators = {v: k for k, v in operators.items()}
+assert len(operators) == len(reverse_operators), "operators dropped"
+operator_re = re.compile(
+    f"({'|'.join(re.escape(x) for x in sorted(operators, key=lambda x: -len(x)))})"
+)
+
+ignored_tokens = frozenset(
+    [
+        TOKEN_COMMENT_BEGIN,
+        TOKEN_COMMENT,
+        TOKEN_COMMENT_END,
+        TOKEN_WHITESPACE,
+        TOKEN_LINECOMMENT_BEGIN,
+        TOKEN_LINECOMMENT_END,
+        TOKEN_LINECOMMENT,
+    ]
+)
+ignore_if_empty = frozenset(
+    [TOKEN_WHITESPACE, TOKEN_DATA, TOKEN_COMMENT, TOKEN_LINECOMMENT]
+)
+
+
+def _describe_token_type(token_type: str) -> str:
+    if token_type in reverse_operators:
+        return reverse_operators[token_type]
+
+    return {
+        TOKEN_COMMENT_BEGIN: "begin of comment",
+        TOKEN_COMMENT_END: "end of comment",
+        TOKEN_COMMENT: "comment",
+        TOKEN_LINECOMMENT: "comment",
+        TOKEN_BLOCK_BEGIN: "begin of statement block",
+        TOKEN_BLOCK_END: "end of statement block",
+        TOKEN_VARIABLE_BEGIN: "begin of print statement",
+        TOKEN_VARIABLE_END: "end of print statement",
+        TOKEN_LINESTATEMENT_BEGIN: "begin of line statement",
+        TOKEN_LINESTATEMENT_END: "end of line statement",
+        TOKEN_DATA: "template data / text",
+        TOKEN_EOF: "end of template",
+    }.get(token_type, token_type)
+
+
+def describe_token(token: "Token") -> str:
+    """Returns a description of the token."""
+    if token.type == TOKEN_NAME:
+        return token.value
+
+    return _describe_token_type(token.type)
+
+
+def describe_token_expr(expr: str) -> str:
+    """Like `describe_token` but for token expressions."""
+    if ":" in expr:
+        type, value = expr.split(":", 1)
+
+        if type == TOKEN_NAME:
+            return value
+    else:
+        type = expr
+
+    return _describe_token_type(type)
+
+
+def count_newlines(value: str) -> int:
+    """Count the number of newline characters in the string.  This is
+    useful for extensions that filter a stream.
+    """
+    return len(newline_re.findall(value))
+
+
+def compile_rules(environment: "Environment") -> t.List[t.Tuple[str, str]]:
+    """Compiles all the rules from the environment into a list of rules."""
+    e = re.escape
+    rules = [
+        (
+            len(environment.comment_start_string),
+            TOKEN_COMMENT_BEGIN,
+            e(environment.comment_start_string),
+        ),
+        (
+            len(environment.block_start_string),
+            TOKEN_BLOCK_BEGIN,
+            e(environment.block_start_string),
+        ),
+        (
+            len(environment.variable_start_string),
+            TOKEN_VARIABLE_BEGIN,
+            e(environment.variable_start_string),
+        ),
+    ]
+
+    if environment.line_statement_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_statement_prefix),
+                TOKEN_LINESTATEMENT_BEGIN,
+                r"^[ \t\v]*" + e(environment.line_statement_prefix),
+            )
+        )
+    if environment.line_comment_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_comment_prefix),
+                TOKEN_LINECOMMENT_BEGIN,
+                r"(?:^|(?<=\S))[^\S\r\n]*" + e(environment.line_comment_prefix),
+            )
+        )
+
+    return [x[1:] for x in sorted(rules, reverse=True)]
+
+
+class Failure:
+    """Class that raises a `TemplateSyntaxError` if called.
+    Used by the `Lexer` to specify known errors.
+    """
+
+    def __init__(
+        self, message: str, cls: t.Type[TemplateSyntaxError] = TemplateSyntaxError
+    ) -> None:
+        self.message = message
+        self.error_class = cls
+
+    def __call__(self, lineno: int, filename: str) -> "te.NoReturn":
+        raise self.error_class(self.message, lineno, filename)
+
+
+class Token(t.NamedTuple):
+    lineno: int
+    type: str
+    value: str
+
+    def __str__(self) -> str:
+        return describe_token(self)
+
+    def test(self, expr: str) -> bool:
+        """Test a token against a token expression.  This can either be a
+        token type or ``'token_type:token_value'``.  This can only test
+        against string values and types.
+        """
+        # here we do a regular string equality check as test_any is usually
+        # passed an iterable of not interned strings.
+        if self.type == expr:
+            return True
+
+        if ":" in expr:
+            return expr.split(":", 1) == [self.type, self.value]
+
+        return False
+
+    def test_any(self, *iterable: str) -> bool:
+        """Test against multiple token expressions."""
+        return any(self.test(expr) for expr in iterable)
+
+
+class TokenStreamIterator:
+    """The iterator for tokenstreams.  Iterate over the stream
+    until the eof token is reached.
+    """
+
+    def __init__(self, stream: "TokenStream") -> None:
+        self.stream = stream
+
+    def __iter__(self) -> "TokenStreamIterator":
+        return self
+
+    def __next__(self) -> Token:
+        token = self.stream.current
+
+        if token.type is TOKEN_EOF:
+            self.stream.close()
+            raise StopIteration
+
+        next(self.stream)
+        return token
+
+
+class TokenStream:
+    """A token stream is an iterable that yields :class:`Token`\\s.  The
+    parser however does not iterate over it but calls :meth:`next` to go
+    one token ahead.  The current active token is stored as :attr:`current`.
+    """
+
+    def __init__(
+        self,
+        generator: t.Iterable[Token],
+        name: t.Optional[str],
+        filename: t.Optional[str],
+    ):
+        self._iter = iter(generator)
+        self._pushed: "te.Deque[Token]" = deque()
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.current = Token(1, TOKEN_INITIAL, "")
+        next(self)
+
+    def __iter__(self) -> TokenStreamIterator:
+        return TokenStreamIterator(self)
+
+    def __bool__(self) -> bool:
+        return bool(self._pushed) or self.current.type is not TOKEN_EOF
+
+    @property
+    def eos(self) -> bool:
+        """Are we at the end of the stream?"""
+        return not self
+
+    def push(self, token: Token) -> None:
+        """Push a token back to the stream."""
+        self._pushed.append(token)
+
+    def look(self) -> Token:
+        """Look at the next token."""
+        old_token = next(self)
+        result = self.current
+        self.push(result)
+        self.current = old_token
+        return result
+
+    def skip(self, n: int = 1) -> None:
+        """Got n tokens ahead."""
+        for _ in range(n):
+            next(self)
+
+    def next_if(self, expr: str) -> t.Optional[Token]:
+        """Perform the token test and return the token if it matched.
+        Otherwise the return value is `None`.
+        """
+        if self.current.test(expr):
+            return next(self)
+
+        return None
+
+    def skip_if(self, expr: str) -> bool:
+        """Like :meth:`next_if` but only returns `True` or `False`."""
+        return self.next_if(expr) is not None
+
+    def __next__(self) -> Token:
+        """Go one token ahead and return the old one.
+
+        Use the built-in :func:`next` instead of calling this directly.
+        """
+        rv = self.current
+
+        if self._pushed:
+            self.current = self._pushed.popleft()
+        elif self.current.type is not TOKEN_EOF:
+            try:
+                self.current = next(self._iter)
+            except StopIteration:
+                self.close()
+
+        return rv
+
+    def close(self) -> None:
+        """Close the stream."""
+        self.current = Token(self.current.lineno, TOKEN_EOF, "")
+        self._iter = iter(())
+        self.closed = True
+
+    def expect(self, expr: str) -> Token:
+        """Expect a given token type and return it.  This accepts the same
+        argument as :meth:`jinja2.lexer.Token.test`.
+        """
+        if not self.current.test(expr):
+            expr = describe_token_expr(expr)
+
+            if self.current.type is TOKEN_EOF:
+                raise TemplateSyntaxError(
+                    f"unexpected end of template, expected {expr!r}.",
+                    self.current.lineno,
+                    self.name,
+                    self.filename,
+                )
+
+            raise TemplateSyntaxError(
+                f"expected token {expr!r}, got {describe_token(self.current)!r}",
+                self.current.lineno,
+                self.name,
+                self.filename,
+            )
+
+        return next(self)
+
+
+def get_lexer(environment: "Environment") -> "Lexer":
+    """Return a lexer which is probably cached."""
+    key = (
+        environment.block_start_string,
+        environment.block_end_string,
+        environment.variable_start_string,
+        environment.variable_end_string,
+        environment.comment_start_string,
+        environment.comment_end_string,
+        environment.line_statement_prefix,
+        environment.line_comment_prefix,
+        environment.trim_blocks,
+        environment.lstrip_blocks,
+        environment.newline_sequence,
+        environment.keep_trailing_newline,
+    )
+    lexer = _lexer_cache.get(key)
+
+    if lexer is None:
+        _lexer_cache[key] = lexer = Lexer(environment)
+
+    return lexer
+
+
+class OptionalLStrip(tuple):  # type: ignore[type-arg]
+    """A special tuple for marking a point in the state that can have
+    lstrip applied.
+    """
+
+    __slots__ = ()
+
+    # Even though it looks like a no-op, creating instances fails
+    # without this.
+    def __new__(cls, *members, **kwargs):  # type: ignore
+        return super().__new__(cls, members)
+
+
+class _Rule(t.NamedTuple):
+    pattern: t.Pattern[str]
+    tokens: t.Union[str, t.Tuple[str, ...], t.Tuple[Failure]]
+    command: t.Optional[str]
+
+
+class Lexer:
+    """Class that implements a lexer for a given environment. Automatically
+    created by the environment class, usually you don't have to do that.
+
+    Note that the lexer is not automatically bound to an environment.
+    Multiple environments can share the same lexer.
+    """
+
+    def __init__(self, environment: "Environment") -> None:
+        # shortcuts
+        e = re.escape
+
+        def c(x: str) -> t.Pattern[str]:
+            return re.compile(x, re.M | re.S)
+
+        # lexing rules for tags
+        tag_rules: t.List[_Rule] = [
+            _Rule(whitespace_re, TOKEN_WHITESPACE, None),
+            _Rule(float_re, TOKEN_FLOAT, None),
+            _Rule(integer_re, TOKEN_INTEGER, None),
+            _Rule(name_re, TOKEN_NAME, None),
+            _Rule(string_re, TOKEN_STRING, None),
+            _Rule(operator_re, TOKEN_OPERATOR, None),
+        ]
+
+        # assemble the root lexing rule. because "|" is ungreedy
+        # we have to sort by length so that the lexer continues working
+        # as expected when we have parsing rules like <% for block and
+        # <%= for variables. (if someone wants asp like syntax)
+        # variables are just part of the rules if variable processing
+        # is required.
+        root_tag_rules = compile_rules(environment)
+
+        block_start_re = e(environment.block_start_string)
+        block_end_re = e(environment.block_end_string)
+        comment_end_re = e(environment.comment_end_string)
+        variable_end_re = e(environment.variable_end_string)
+
+        # block suffix if trimming is enabled
+        block_suffix_re = "\\n?" if environment.trim_blocks else ""
+
+        self.lstrip_blocks = environment.lstrip_blocks
+
+        self.newline_sequence = environment.newline_sequence
+        self.keep_trailing_newline = environment.keep_trailing_newline
+
+        root_raw_re = (
+            rf"(?P<raw_begin>{block_start_re}(\-|\+|)\s*raw\s*"
+            rf"(?:\-{block_end_re}\s*|{block_end_re}))"
+        )
+        root_parts_re = "|".join(
+            [root_raw_re] + [rf"(?P<{n}>{r}(\-|\+|))" for n, r in root_tag_rules]
+        )
+
+        # global lexing rules
+        self.rules: t.Dict[str, t.List[_Rule]] = {
+            "root": [
+                # directives
+                _Rule(
+                    c(rf"(.*?)(?:{root_parts_re})"),
+                    OptionalLStrip(TOKEN_DATA, "#bygroup"),  # type: ignore
+                    "#bygroup",
+                ),
+                # data
+                _Rule(c(".+"), TOKEN_DATA, None),
+            ],
+            # comments
+            TOKEN_COMMENT_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:\+{comment_end_re}|\-{comment_end_re}\s*"
+                        rf"|{comment_end_re}{block_suffix_re}))"
+                    ),
+                    (TOKEN_COMMENT, TOKEN_COMMENT_END),
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of comment tag"),), None),
+            ],
+            # blocks
+            TOKEN_BLOCK_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re})"
+                    ),
+                    TOKEN_BLOCK_END,
+                    "#pop",
+                ),
+            ]
+            + tag_rules,
+            # variables
+            TOKEN_VARIABLE_BEGIN: [
+                _Rule(
+                    c(rf"\-{variable_end_re}\s*|{variable_end_re}"),
+                    TOKEN_VARIABLE_END,
+                    "#pop",
+                )
+            ]
+            + tag_rules,
+            # raw block
+            TOKEN_RAW_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:{block_start_re}(\-|\+|))\s*endraw\s*"
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re}))"
+                    ),
+                    OptionalLStrip(TOKEN_DATA, TOKEN_RAW_END),  # type: ignore
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of raw directive"),), None),
+            ],
+            # line statements
+            TOKEN_LINESTATEMENT_BEGIN: [
+                _Rule(c(r"\s*(\n|$)"), TOKEN_LINESTATEMENT_END, "#pop")
+            ]
+            + tag_rules,
+            # line comments
+            TOKEN_LINECOMMENT_BEGIN: [
+                _Rule(
+                    c(r"(.*?)()(?=\n|$)"),
+                    (TOKEN_LINECOMMENT, TOKEN_LINECOMMENT_END),
+                    "#pop",
+                )
+            ],
+        }
+
+    def _normalize_newlines(self, value: str) -> str:
+        """Replace all newlines with the configured sequence in strings
+        and template data.
+        """
+        return newline_re.sub(self.newline_sequence, value)
+
+    def tokenize(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Calls tokeniter + tokenize and wraps it in a token stream."""
+        stream = self.tokeniter(source, name, filename, state)
+        return TokenStream(self.wrap(stream, name, filename), name, filename)
+
+    def wrap(
+        self,
+        stream: t.Iterable[t.Tuple[int, str, str]],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[Token]:
+        """This is called with the stream as returned by `tokenize` and wraps
+        every token in a :class:`Token` and converts the value.
+        """
+        for lineno, token, value_str in stream:
+            if token in ignored_tokens:
+                continue
+
+            value: t.Any = value_str
+
+            if token == TOKEN_LINESTATEMENT_BEGIN:
+                token = TOKEN_BLOCK_BEGIN
+            elif token == TOKEN_LINESTATEMENT_END:
+                token = TOKEN_BLOCK_END
+            # we are not interested in those tokens in the parser
+            elif token in (TOKEN_RAW_BEGIN, TOKEN_RAW_END):
+                continue
+            elif token == TOKEN_DATA:
+                value = self._normalize_newlines(value_str)
+            elif token == "keyword":
+                token = value_str
+            elif token == TOKEN_NAME:
+                value = value_str
+
+                if not value.isidentifier():
+                    raise TemplateSyntaxError(
+                        "Invalid character in identifier", lineno, name, filename
+                    )
+            elif token == TOKEN_STRING:
+                # try to unescape string
+                try:
+                    value = (
+                        self._normalize_newlines(value_str[1:-1])
+                        .encode("ascii", "backslashreplace")
+                        .decode("unicode-escape")
+                    )
+                except Exception as e:
+                    msg = str(e).split(":")[-1].strip()
+                    raise TemplateSyntaxError(msg, lineno, name, filename) from e
+            elif token == TOKEN_INTEGER:
+                value = int(value_str.replace("_", ""), 0)
+            elif token == TOKEN_FLOAT:
+                # remove all "_" first to support more Python versions
+                value = literal_eval(value_str.replace("_", ""))
+            elif token == TOKEN_OPERATOR:
+                token = operators[value_str]
+
+            yield Token(lineno, token, value)
+
+    def tokeniter(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """This method tokenizes the text and returns the tokens in a
+        generator. Use this method if you just want to tokenize a template.
+
+        .. versionchanged:: 3.0
+            Only ``\\n``, ``\\r\\n`` and ``\\r`` are treated as line
+            breaks.
+        """
+        lines = newline_re.split(source)[::2]
+
+        if not self.keep_trailing_newline and lines[-1] == "":
+            del lines[-1]
+
+        source = "\n".join(lines)
+        pos = 0
+        lineno = 1
+        stack = ["root"]
+
+        if state is not None and state != "root":
+            assert state in ("variable", "block"), "invalid state"
+            stack.append(state + "_begin")
+
+        statetokens = self.rules[stack[-1]]
+        source_length = len(source)
+        balancing_stack: t.List[str] = []
+        newlines_stripped = 0
+        line_starting = True
+
+        while True:
+            # tokenizer loop
+            for regex, tokens, new_state in statetokens:
+                m = regex.match(source, pos)
+
+                # if no match we try again with the next rule
+                if m is None:
+                    continue
+
+                # we only match blocks and variables if braces / parentheses
+                # are balanced. continue parsing with the lower rule which
+                # is the operator rule. do this only if the end tags look
+                # like operators
+                if balancing_stack and tokens in (
+                    TOKEN_VARIABLE_END,
+                    TOKEN_BLOCK_END,
+                    TOKEN_LINESTATEMENT_END,
+                ):
+                    continue
+
+                # tuples support more options
+                if isinstance(tokens, tuple):
+                    groups: t.Sequence[str] = m.groups()
+
+                    if isinstance(tokens, OptionalLStrip):
+                        # Rule supports lstrip. Match will look like
+                        # text, block type, whitespace control, type, control, ...
+                        text = groups[0]
+                        # Skipping the text and first type, every other group is the
+                        # whitespace control for each type. One of the groups will be
+                        # -, +, or empty string instead of None.
+                        strip_sign = next(g for g in groups[2::2] if g is not None)
+
+                        if strip_sign == "-":
+                            # Strip all whitespace between the text and the tag.
+                            stripped = text.rstrip()
+                            newlines_stripped = text[len(stripped) :].count("\n")
+                            groups = [stripped, *groups[1:]]
+                        elif (
+                            # Not marked for preserving whitespace.
+                            strip_sign != "+"
+                            # lstrip is enabled.
+                            and self.lstrip_blocks
+                            # Not a variable expression.
+                            and not m.groupdict().get(TOKEN_VARIABLE_BEGIN)
+                        ):
+                            # The start of text between the last newline and the tag.
+                            l_pos = text.rfind("\n") + 1
+
+                            if l_pos > 0 or line_starting:
+                                # If there's only whitespace between the newline and the
+                                # tag, strip it.
+                                if whitespace_re.fullmatch(text, l_pos):
+                                    groups = [text[:l_pos], *groups[1:]]
+
+                    for idx, token in enumerate(tokens):
+                        # failure group
+                        if token.__class__ is Failure:
+                            raise token(lineno, filename)
+                        # bygroup is a bit more complex, in that case we
+                        # yield for the current token the first named
+                        # group that matched
+                        elif token == "#bygroup":
+                            for key, value in m.groupdict().items():
+                                if value is not None:
+                                    yield lineno, key, value
+                                    lineno += value.count("\n")
+                                    break
+                            else:
+                                raise RuntimeError(
+                                    f"{regex!r} wanted to resolve the token dynamically"
+                                    " but no group matched"
+                                )
+                        # normal group
+                        else:
+                            data = groups[idx]
+
+                            if data or token not in ignore_if_empty:
+                                yield lineno, token, data
+
+                            lineno += data.count("\n") + newlines_stripped
+                            newlines_stripped = 0
+
+                # strings as token just are yielded as it.
+                else:
+                    data = m.group()
+
+                    # update brace/parentheses balance
+                    if tokens == TOKEN_OPERATOR:
+                        if data == "{":
+                            balancing_stack.append("}")
+                        elif data == "(":
+                            balancing_stack.append(")")
+                        elif data == "[":
+                            balancing_stack.append("]")
+                        elif data in ("}", ")", "]"):
+                            if not balancing_stack:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}'", lineno, name, filename
+                                )
+
+                            expected_op = balancing_stack.pop()
+
+                            if expected_op != data:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}', expected '{expected_op}'",
+                                    lineno,
+                                    name,
+                                    filename,
+                                )
+
+                    # yield items
+                    if data or tokens not in ignore_if_empty:
+                        yield lineno, tokens, data
+
+                    lineno += data.count("\n")
+
+                line_starting = m.group()[-1:] == "\n"
+                # fetch new position into new variable so that we can check
+                # if there is a internal parsing error which would result
+                # in an infinite loop
+                pos2 = m.end()
+
+                # handle state changes
+                if new_state is not None:
+                    # remove the uppermost state
+                    if new_state == "#pop":
+                        stack.pop()
+                    # resolve the new state by group checking
+                    elif new_state == "#bygroup":
+                        for key, value in m.groupdict().items():
+                            if value is not None:
+                                stack.append(key)
+                                break
+                        else:
+                            raise RuntimeError(
+                                f"{regex!r} wanted to resolve the new state dynamically"
+                                f" but no group matched"
+                            )
+                    # direct state name given
+                    else:
+                        stack.append(new_state)
+
+                    statetokens = self.rules[stack[-1]]
+                # we are still at the same position and no stack change.
+                # this means a loop without break condition, avoid that and
+                # raise error
+                elif pos2 == pos:
+                    raise RuntimeError(
+                        f"{regex!r} yielded empty string without stack change"
+                    )
+
+                # publish new function and start again
+                pos = pos2
+                break
+            # if loop terminated without break we haven't found a single match
+            # either we are at the end of the file or we have a problem
+            else:
+                # end of text
+                if pos >= source_length:
+                    return
+
+                # something went wrong
+                raise TemplateSyntaxError(
+                    f"unexpected char {source[pos]!r} at {pos}", lineno, name, filename
+                )
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/loaders.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/loaders.py
new file mode 100644
index 000000000..9eaf647ba
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/loaders.py
@@ -0,0 +1,667 @@
+"""API and implementations for loading templates from different data
+sources.
+"""
+
+import importlib.util
+import os
+import posixpath
+import sys
+import typing as t
+import weakref
+import zipimport
+from collections import abc
+from hashlib import sha1
+from importlib import import_module
+from types import ModuleType
+
+from .exceptions import TemplateNotFound
+from .utils import internalcode
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+    from .environment import Template
+
+
+def split_template_path(template: str) -> t.List[str]:
+    """Split a path into segments and perform a sanity check.  If it detects
+    '..' in the path it will raise a `TemplateNotFound` error.
+    """
+    pieces = []
+    for piece in template.split("/"):
+        if (
+            os.path.sep in piece
+            or (os.path.altsep and os.path.altsep in piece)
+            or piece == os.path.pardir
+        ):
+            raise TemplateNotFound(template)
+        elif piece and piece != ".":
+            pieces.append(piece)
+    return pieces
+
+
+class BaseLoader:
+    """Baseclass for all loaders.  Subclass this and override `get_source` to
+    implement a custom loading mechanism.  The environment provides a
+    `get_template` method that calls the loader's `load` method to get the
+    :class:`Template` object.
+
+    A very basic example for a loader that looks up templates on the file
+    system could look like this::
+
+        from jinja2 import BaseLoader, TemplateNotFound
+        from os.path import join, exists, getmtime
+
+        class MyLoader(BaseLoader):
+
+            def __init__(self, path):
+                self.path = path
+
+            def get_source(self, environment, template):
+                path = join(self.path, template)
+                if not exists(path):
+                    raise TemplateNotFound(template)
+                mtime = getmtime(path)
+                with open(path) as f:
+                    source = f.read()
+                return source, path, lambda: mtime == getmtime(path)
+    """
+
+    #: if set to `False` it indicates that the loader cannot provide access
+    #: to the source of templates.
+    #:
+    #: .. versionadded:: 2.4
+    has_source_access = True
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        """Get the template source, filename and reload helper for a template.
+        It's passed the environment and template name and has to return a
+        tuple in the form ``(source, filename, uptodate)`` or raise a
+        `TemplateNotFound` error if it can't locate the template.
+
+        The source part of the returned tuple must be the source of the
+        template as a string. The filename should be the name of the
+        file on the filesystem if it was loaded from there, otherwise
+        ``None``. The filename is used by Python for the tracebacks
+        if no loader extension is used.
+
+        The last item in the tuple is the `uptodate` function.  If auto
+        reloading is enabled it's always called to check if the template
+        changed.  No arguments are passed so the function must store the
+        old state somewhere (for example in a closure).  If it returns `False`
+        the template will be reloaded.
+        """
+        if not self.has_source_access:
+            raise RuntimeError(
+                f"{type(self).__name__} cannot provide access to the source"
+            )
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        """Iterates over all templates.  If the loader does not support that
+        it should raise a :exc:`TypeError` which is the default behavior.
+        """
+        raise TypeError("this loader cannot iterate over all templates")
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Loads a template.  This method looks up the template in the cache
+        or loads one by calling :meth:`get_source`.  Subclasses should not
+        override this method as loaders working on collections of other
+        loaders (such as :class:`PrefixLoader` or :class:`ChoiceLoader`)
+        will not call this method but `get_source` directly.
+        """
+        code = None
+        if globals is None:
+            globals = {}
+
+        # first we try to get the source for this template together
+        # with the filename and the uptodate function.
+        source, filename, uptodate = self.get_source(environment, name)
+
+        # try to load the code from the bytecode cache if there is a
+        # bytecode cache configured.
+        bcc = environment.bytecode_cache
+        if bcc is not None:
+            bucket = bcc.get_bucket(environment, name, filename, source)
+            code = bucket.code
+
+        # if we don't have code so far (not cached, no longer up to
+        # date) etc. we compile the template
+        if code is None:
+            code = environment.compile(source, name, filename)
+
+        # if the bytecode cache is available and the bucket doesn't
+        # have a code so far, we give the bucket the new code and put
+        # it back to the bytecode cache.
+        if bcc is not None and bucket.code is None:
+            bucket.code = code
+            bcc.set_bucket(bucket)
+
+        return environment.template_class.from_code(
+            environment, code, globals, uptodate
+        )
+
+
+class FileSystemLoader(BaseLoader):
+    """Load templates from a directory in the file system.
+
+    The path can be relative or absolute. Relative paths are relative to
+    the current working directory.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader("templates")
+
+    A list of paths can be given. The directories will be searched in
+    order, stopping at the first matching template.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader(["/override/templates", "/default/templates"])
+
+    :param searchpath: A path, or list of paths, to the directory that
+        contains the templates.
+    :param encoding: Use this encoding to read the text from template
+        files.
+    :param followlinks: Follow symbolic links in the path.
+
+    .. versionchanged:: 2.8
+        Added the ``followlinks`` parameter.
+    """
+
+    def __init__(
+        self,
+        searchpath: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+        encoding: str = "utf-8",
+        followlinks: bool = False,
+    ) -> None:
+        if not isinstance(searchpath, abc.Iterable) or isinstance(searchpath, str):
+            searchpath = [searchpath]
+
+        self.searchpath = [os.fspath(p) for p in searchpath]
+        self.encoding = encoding
+        self.followlinks = followlinks
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Callable[[], bool]]:
+        pieces = split_template_path(template)
+
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+
+            if os.path.isfile(filename):
+                break
+        else:
+            raise TemplateNotFound(template)
+
+        with open(filename, encoding=self.encoding) as f:
+            contents = f.read()
+
+        mtime = os.path.getmtime(filename)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(filename) == mtime
+            except OSError:
+                return False
+
+        # Use normpath to convert Windows altsep to sep.
+        return contents, os.path.normpath(filename), uptodate
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for searchpath in self.searchpath:
+            walk_dir = os.walk(searchpath, followlinks=self.followlinks)
+            for dirpath, _, filenames in walk_dir:
+                for filename in filenames:
+                    template = (
+                        os.path.join(dirpath, filename)[len(searchpath) :]
+                        .strip(os.path.sep)
+                        .replace(os.path.sep, "/")
+                    )
+                    if template[:2] == "./":
+                        template = template[2:]
+                    if template not in found:
+                        found.add(template)
+        return sorted(found)
+
+
+class PackageLoader(BaseLoader):
+    """Load templates from a directory in a Python package.
+
+    :param package_name: Import name of the package that contains the
+        template directory.
+    :param package_path: Directory within the imported package that
+        contains the templates.
+    :param encoding: Encoding of template files.
+
+    The following example looks up templates in the ``pages`` directory
+    within the ``project.ui`` package.
+
+    .. code-block:: python
+
+        loader = PackageLoader("project.ui", "pages")
+
+    Only packages installed as directories (standard pip behavior) or
+    zip/egg files (less common) are supported. The Python API for
+    introspecting data in packages is too limited to support other
+    installation methods the way this loader requires.
+
+    There is limited support for :pep:`420` namespace packages. The
+    template directory is assumed to only be in one namespace
+    contributor. Zip files contributing to a namespace are not
+    supported.
+
+    .. versionchanged:: 3.0
+        No longer uses ``setuptools`` as a dependency.
+
+    .. versionchanged:: 3.0
+        Limited PEP 420 namespace package support.
+    """
+
+    def __init__(
+        self,
+        package_name: str,
+        package_path: "str" = "templates",
+        encoding: str = "utf-8",
+    ) -> None:
+        package_path = os.path.normpath(package_path).rstrip(os.path.sep)
+
+        # normpath preserves ".", which isn't valid in zip paths.
+        if package_path == os.path.curdir:
+            package_path = ""
+        elif package_path[:2] == os.path.curdir + os.path.sep:
+            package_path = package_path[2:]
+
+        self.package_path = package_path
+        self.package_name = package_name
+        self.encoding = encoding
+
+        # Make sure the package exists. This also makes namespace
+        # packages work, otherwise get_loader returns None.
+        import_module(package_name)
+        spec = importlib.util.find_spec(package_name)
+        assert spec is not None, "An import spec was not found for the package."
+        loader = spec.loader
+        assert loader is not None, "A loader was not found for the package."
+        self._loader = loader
+        self._archive = None
+        template_root = None
+
+        if isinstance(loader, zipimport.zipimporter):
+            self._archive = loader.archive
+            pkgdir = next(iter(spec.submodule_search_locations))  # type: ignore
+            template_root = os.path.join(pkgdir, package_path).rstrip(os.path.sep)
+        else:
+            roots: t.List[str] = []
+
+            # One element for regular packages, multiple for namespace
+            # packages, or None for single module file.
+            if spec.submodule_search_locations:
+                roots.extend(spec.submodule_search_locations)
+            # A single module file, use the parent directory instead.
+            elif spec.origin is not None:
+                roots.append(os.path.dirname(spec.origin))
+
+            for root in roots:
+                root = os.path.join(root, package_path)
+
+                if os.path.isdir(root):
+                    template_root = root
+                    break
+
+        if template_root is None:
+            raise ValueError(
+                f"The {package_name!r} package was not installed in a"
+                " way that PackageLoader understands."
+            )
+
+        self._template_root = template_root
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Optional[t.Callable[[], bool]]]:
+        # Use posixpath even on Windows to avoid "drive:" or UNC
+        # segments breaking out of the search directory. Use normpath to
+        # convert Windows altsep to sep.
+        p = os.path.normpath(
+            posixpath.join(self._template_root, *split_template_path(template))
+        )
+        up_to_date: t.Optional[t.Callable[[], bool]]
+
+        if self._archive is None:
+            # Package is a directory.
+            if not os.path.isfile(p):
+                raise TemplateNotFound(template)
+
+            with open(p, "rb") as f:
+                source = f.read()
+
+            mtime = os.path.getmtime(p)
+
+            def up_to_date() -> bool:
+                return os.path.isfile(p) and os.path.getmtime(p) == mtime
+
+        else:
+            # Package is a zip file.
+            try:
+                source = self._loader.get_data(p)  # type: ignore
+            except OSError as e:
+                raise TemplateNotFound(template) from e
+
+            # Could use the zip's mtime for all template mtimes, but
+            # would need to safely reload the module if it's out of
+            # date, so just report it as always current.
+            up_to_date = None
+
+        return source.decode(self.encoding), p, up_to_date
+
+    def list_templates(self) -> t.List[str]:
+        results: t.List[str] = []
+
+        if self._archive is None:
+            # Package is a directory.
+            offset = len(self._template_root)
+
+            for dirpath, _, filenames in os.walk(self._template_root):
+                dirpath = dirpath[offset:].lstrip(os.path.sep)
+                results.extend(
+                    os.path.join(dirpath, name).replace(os.path.sep, "/")
+                    for name in filenames
+                )
+        else:
+            if not hasattr(self._loader, "_files"):
+                raise TypeError(
+                    "This zip import does not have the required"
+                    " metadata to list templates."
+                )
+
+            # Package is a zip file.
+            prefix = (
+                self._template_root[len(self._archive) :].lstrip(os.path.sep)
+                + os.path.sep
+            )
+            offset = len(prefix)
+
+            for name in self._loader._files.keys():
+                # Find names under the templates directory that aren't directories.
+                if name.startswith(prefix) and name[-1] != os.path.sep:
+                    results.append(name[offset:].replace(os.path.sep, "/"))
+
+        results.sort()
+        return results
+
+
+class DictLoader(BaseLoader):
+    """Loads a template from a Python dict mapping template names to
+    template source.  This loader is useful for unittesting:
+
+    >>> loader = DictLoader({'index.html': 'source here'})
+
+    Because auto reloading is rarely useful this is disabled per default.
+    """
+
+    def __init__(self, mapping: t.Mapping[str, str]) -> None:
+        self.mapping = mapping
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, None, t.Callable[[], bool]]:
+        if template in self.mapping:
+            source = self.mapping[template]
+            return source, None, lambda: source == self.mapping.get(template)
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        return sorted(self.mapping)
+
+
+class FunctionLoader(BaseLoader):
+    """A loader that is passed a function which does the loading.  The
+    function receives the name of the template and has to return either
+    a string with the template source, a tuple in the form ``(source,
+    filename, uptodatefunc)`` or `None` if the template does not exist.
+
+    >>> def load_template(name):
+    ...     if name == 'index.html':
+    ...         return '...'
+    ...
+    >>> loader = FunctionLoader(load_template)
+
+    The `uptodatefunc` is a function that is called if autoreload is enabled
+    and has to return `True` if the template is still up to date.  For more
+    details have a look at :meth:`BaseLoader.get_source` which has the same
+    return value.
+    """
+
+    def __init__(
+        self,
+        load_func: t.Callable[
+            [str],
+            t.Optional[
+                t.Union[
+                    str, t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]
+                ]
+            ],
+        ],
+    ) -> None:
+        self.load_func = load_func
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        rv = self.load_func(template)
+
+        if rv is None:
+            raise TemplateNotFound(template)
+
+        if isinstance(rv, str):
+            return rv, None, None
+
+        return rv
+
+
+class PrefixLoader(BaseLoader):
+    """A loader that is passed a dict of loaders where each loader is bound
+    to a prefix.  The prefix is delimited from the template by a slash per
+    default, which can be changed by setting the `delimiter` argument to
+    something else::
+
+        loader = PrefixLoader({
+            'app1':     PackageLoader('mypackage.app1'),
+            'app2':     PackageLoader('mypackage.app2')
+        })
+
+    By loading ``'app1/index.html'`` the file from the app1 package is loaded,
+    by loading ``'app2/index.html'`` the file from the second.
+    """
+
+    def __init__(
+        self, mapping: t.Mapping[str, BaseLoader], delimiter: str = "/"
+    ) -> None:
+        self.mapping = mapping
+        self.delimiter = delimiter
+
+    def get_loader(self, template: str) -> t.Tuple[BaseLoader, str]:
+        try:
+            prefix, name = template.split(self.delimiter, 1)
+            loader = self.mapping[prefix]
+        except (ValueError, KeyError) as e:
+            raise TemplateNotFound(template) from e
+        return loader, name
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        loader, name = self.get_loader(template)
+        try:
+            return loader.get_source(environment, name)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(template) from e
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        loader, local_name = self.get_loader(name)
+        try:
+            return loader.load(environment, local_name, globals)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(name) from e
+
+    def list_templates(self) -> t.List[str]:
+        result = []
+        for prefix, loader in self.mapping.items():
+            for template in loader.list_templates():
+                result.append(prefix + self.delimiter + template)
+        return result
+
+
+class ChoiceLoader(BaseLoader):
+    """This loader works like the `PrefixLoader` just that no prefix is
+    specified.  If a template could not be found by one loader the next one
+    is tried.
+
+    >>> loader = ChoiceLoader([
+    ...     FileSystemLoader('/path/to/user/templates'),
+    ...     FileSystemLoader('/path/to/system/templates')
+    ... ])
+
+    This is useful if you want to allow users to override builtin templates
+    from a different location.
+    """
+
+    def __init__(self, loaders: t.Sequence[BaseLoader]) -> None:
+        self.loaders = loaders
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        for loader in self.loaders:
+            try:
+                return loader.get_source(environment, template)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(template)
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        for loader in self.loaders:
+            try:
+                return loader.load(environment, name, globals)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(name)
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for loader in self.loaders:
+            found.update(loader.list_templates())
+        return sorted(found)
+
+
+class _TemplateModule(ModuleType):
+    """Like a normal module but with support for weak references"""
+
+
+class ModuleLoader(BaseLoader):
+    """This loader loads templates from precompiled templates.
+
+    Example usage:
+
+    >>> loader = ChoiceLoader([
+    ...     ModuleLoader('/path/to/compiled/templates'),
+    ...     FileSystemLoader('/path/to/templates')
+    ... ])
+
+    Templates can be precompiled with :meth:`Environment.compile_templates`.
+    """
+
+    has_source_access = False
+
+    def __init__(
+        self,
+        path: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+    ) -> None:
+        package_name = f"_jinja2_module_templates_{id(self):x}"
+
+        # create a fake module that looks for the templates in the
+        # path given.
+        mod = _TemplateModule(package_name)
+
+        if not isinstance(path, abc.Iterable) or isinstance(path, str):
+            path = [path]
+
+        mod.__path__ = [os.fspath(p) for p in path]
+
+        sys.modules[package_name] = weakref.proxy(
+            mod, lambda x: sys.modules.pop(package_name, None)
+        )
+
+        # the only strong reference, the sys.modules entry is weak
+        # so that the garbage collector can remove it once the
+        # loader that created it goes out of business.
+        self.module = mod
+        self.package_name = package_name
+
+    @staticmethod
+    def get_template_key(name: str) -> str:
+        return "tmpl_" + sha1(name.encode("utf-8")).hexdigest()
+
+    @staticmethod
+    def get_module_filename(name: str) -> str:
+        return ModuleLoader.get_template_key(name) + ".py"
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        key = self.get_template_key(name)
+        module = f"{self.package_name}.{key}"
+        mod = getattr(self.module, module, None)
+
+        if mod is None:
+            try:
+                mod = __import__(module, None, None, ["root"])
+            except ImportError as e:
+                raise TemplateNotFound(name) from e
+
+            # remove the entry from sys.modules, we only want the attribute
+            # on the module object we have stored on the loader.
+            sys.modules.pop(module, None)
+
+        if globals is None:
+            globals = {}
+
+        return environment.template_class.from_module_dict(
+            environment, mod.__dict__, globals
+        )
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/meta.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/meta.py
new file mode 100644
index 000000000..298499e26
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/meta.py
@@ -0,0 +1,112 @@
+"""Functions that expose information about templates that might be
+interesting for introspection.
+"""
+
+import typing as t
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+class TrackingCodeGenerator(CodeGenerator):
+    """We abuse the code generator for introspection."""
+
+    def __init__(self, environment: "Environment") -> None:
+        super().__init__(environment, "<introspection>", "<introspection>")
+        self.undeclared_identifiers: t.Set[str] = set()
+
+    def write(self, x: str) -> None:
+        """Don't write."""
+
+    def enter_frame(self, frame: Frame) -> None:
+        """Remember all undeclared identifiers."""
+        super().enter_frame(frame)
+
+        for _, (action, param) in frame.symbols.loads.items():
+            if action == "resolve" and param not in self.environment.globals:
+                self.undeclared_identifiers.add(param)
+
+
+def find_undeclared_variables(ast: nodes.Template) -> t.Set[str]:
+    """Returns a set of all variables in the AST that will be looked up from
+    the context at runtime.  Because at compile time it's not known which
+    variables will be used depending on the path the execution takes at
+    runtime, all variables are returned.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% set foo = 42 %}{{ bar + foo }}')
+    >>> meta.find_undeclared_variables(ast) == {'bar'}
+    True
+
+    .. admonition:: Implementation
+
+       Internally the code generator is used for finding undeclared variables.
+       This is good to know because the code generator might raise a
+       :exc:`TemplateAssertionError` during compilation and as a matter of
+       fact this function can currently raise that exception as well.
+    """
+    codegen = TrackingCodeGenerator(ast.environment)  # type: ignore
+    codegen.visit(ast)
+    return codegen.undeclared_identifiers
+
+
+_ref_types = (nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include)
+_RefType = t.Union[nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include]
+
+
+def find_referenced_templates(ast: nodes.Template) -> t.Iterator[t.Optional[str]]:
+    """Finds all the referenced templates from the AST.  This will return an
+    iterator over all the hardcoded template extensions, inclusions and
+    imports.  If dynamic inheritance or inclusion is used, `None` will be
+    yielded.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% extends "layout.html" %}{% include helper %}')
+    >>> list(meta.find_referenced_templates(ast))
+    ['layout.html', None]
+
+    This function is useful for dependency tracking.  For example if you want
+    to rebuild parts of the website after a layout template has changed.
+    """
+    template_name: t.Any
+
+    for node in ast.find_all(_ref_types):
+        template: nodes.Expr = node.template  # type: ignore
+
+        if not isinstance(template, nodes.Const):
+            # a tuple with some non consts in there
+            if isinstance(template, (nodes.Tuple, nodes.List)):
+                for template_name in template.items:
+                    # something const, only yield the strings and ignore
+                    # non-string consts that really just make no sense
+                    if isinstance(template_name, nodes.Const):
+                        if isinstance(template_name.value, str):
+                            yield template_name.value
+                    # something dynamic in there
+                    else:
+                        yield None
+            # something dynamic we don't know about here
+            else:
+                yield None
+            continue
+        # constant is a basestring, direct template name
+        if isinstance(template.value, str):
+            yield template.value
+        # a tuple or list (latter *should* not happen) made of consts,
+        # yield the consts that are strings.  We could warn here for
+        # non string values
+        elif isinstance(node, nodes.Include) and isinstance(
+            template.value, (tuple, list)
+        ):
+            for template_name in template.value:
+                if isinstance(template_name, str):
+                    yield template_name
+        # something else we don't care about, we could warn here
+        else:
+            yield None
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/nativetypes.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/nativetypes.py
new file mode 100644
index 000000000..71db8cc31
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/nativetypes.py
@@ -0,0 +1,130 @@
+import typing as t
+from ast import literal_eval
+from ast import parse
+from itertools import chain
+from itertools import islice
+from types import GeneratorType
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+from .compiler import has_safe_repr
+from .environment import Environment
+from .environment import Template
+
+
+def native_concat(values: t.Iterable[t.Any]) -> t.Optional[t.Any]:
+    """Return a native Python type from the list of compiled nodes. If
+    the result is a single node, its value is returned. Otherwise, the
+    nodes are concatenated as strings. If the result can be parsed with
+    :func:`ast.literal_eval`, the parsed value is returned. Otherwise,
+    the string is returned.
+
+    :param values: Iterable of outputs to concatenate.
+    """
+    head = list(islice(values, 2))
+
+    if not head:
+        return None
+
+    if len(head) == 1:
+        raw = head[0]
+        if not isinstance(raw, str):
+            return raw
+    else:
+        if isinstance(values, GeneratorType):
+            values = chain(head, values)
+        raw = "".join([str(v) for v in values])
+
+    try:
+        return literal_eval(
+            # In Python 3.10+ ast.literal_eval removes leading spaces/tabs
+            # from the given string. For backwards compatibility we need to
+            # parse the string ourselves without removing leading spaces/tabs.
+            parse(raw, mode="eval")
+        )
+    except (ValueError, SyntaxError, MemoryError):
+        return raw
+
+
+class NativeCodeGenerator(CodeGenerator):
+    """A code generator which renders Python types by not adding
+    ``str()`` around output nodes.
+    """
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        return value
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        return repr("".join([str(v) for v in group]))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> t.Any:
+        const = node.as_const(frame.eval_ctx)
+
+        if not has_safe_repr(const):
+            raise nodes.Impossible()
+
+        if isinstance(node, nodes.TemplateData):
+            return const
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(")")
+
+
+class NativeEnvironment(Environment):
+    """An environment that renders templates to native Python types."""
+
+    code_generator_class = NativeCodeGenerator
+    concat = staticmethod(native_concat)  # type: ignore
+
+
+class NativeTemplate(Template):
+    environment_class = NativeEnvironment
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Render the template to produce a native Python type. If the
+        result is a single node, its value is returned. Otherwise, the
+        nodes are concatenated as strings. If the result can be parsed
+        with :func:`ast.literal_eval`, the parsed value is returned.
+        Otherwise, the string is returned.
+        """
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                self.root_render_func(ctx)
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+
+NativeEnvironment.template_class = NativeTemplate
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/nodes.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/nodes.py
new file mode 100644
index 000000000..2f93b90ec
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/nodes.py
@@ -0,0 +1,1206 @@
+"""AST nodes generated by the parser for the compiler. Also provides
+some node tree helper functions used by the parser and compiler in order
+to normalize nodes.
+"""
+
+import inspect
+import operator
+import typing as t
+from collections import deque
+
+from markupsafe import Markup
+
+from .utils import _PassArg
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_NodeBound = t.TypeVar("_NodeBound", bound="Node")
+
+_binop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "*": operator.mul,
+    "/": operator.truediv,
+    "//": operator.floordiv,
+    "**": operator.pow,
+    "%": operator.mod,
+    "+": operator.add,
+    "-": operator.sub,
+}
+
+_uaop_to_func: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+    "not": operator.not_,
+    "+": operator.pos,
+    "-": operator.neg,
+}
+
+_cmpop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "eq": operator.eq,
+    "ne": operator.ne,
+    "gt": operator.gt,
+    "gteq": operator.ge,
+    "lt": operator.lt,
+    "lteq": operator.le,
+    "in": lambda a, b: a in b,
+    "notin": lambda a, b: a not in b,
+}
+
+
+class Impossible(Exception):
+    """Raised if the node could not perform a requested action."""
+
+
+class NodeType(type):
+    """A metaclass for nodes that handles the field and attribute
+    inheritance.  fields and attributes from the parent class are
+    automatically forwarded to the child."""
+
+    def __new__(mcs, name, bases, d):  # type: ignore
+        for attr in "fields", "attributes":
+            storage: t.List[t.Tuple[str, ...]] = []
+            storage.extend(getattr(bases[0] if bases else object, attr, ()))
+            storage.extend(d.get(attr, ()))
+            assert len(bases) <= 1, "multiple inheritance not allowed"
+            assert len(storage) == len(set(storage)), "layout conflict"
+            d[attr] = tuple(storage)
+        d.setdefault("abstract", False)
+        return type.__new__(mcs, name, bases, d)
+
+
+class EvalContext:
+    """Holds evaluation time information.  Custom attributes can be attached
+    to it in extensions.
+    """
+
+    def __init__(
+        self, environment: "Environment", template_name: t.Optional[str] = None
+    ) -> None:
+        self.environment = environment
+        if callable(environment.autoescape):
+            self.autoescape = environment.autoescape(template_name)
+        else:
+            self.autoescape = environment.autoescape
+        self.volatile = False
+
+    def save(self) -> t.Mapping[str, t.Any]:
+        return self.__dict__.copy()
+
+    def revert(self, old: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.clear()
+        self.__dict__.update(old)
+
+
+def get_eval_context(node: "Node", ctx: t.Optional[EvalContext]) -> EvalContext:
+    if ctx is None:
+        if node.environment is None:
+            raise RuntimeError(
+                "if no eval context is passed, the node must have an"
+                " attached environment."
+            )
+        return EvalContext(node.environment)
+    return ctx
+
+
+class Node(metaclass=NodeType):
+    """Baseclass for all Jinja nodes.  There are a number of nodes available
+    of different types.  There are four major types:
+
+    -   :class:`Stmt`: statements
+    -   :class:`Expr`: expressions
+    -   :class:`Helper`: helper nodes
+    -   :class:`Template`: the outermost wrapper node
+
+    All nodes have fields and attributes.  Fields may be other nodes, lists,
+    or arbitrary values.  Fields are passed to the constructor as regular
+    positional arguments, attributes as keyword arguments.  Each node has
+    two attributes: `lineno` (the line number of the node) and `environment`.
+    The `environment` attribute is set at the end of the parsing process for
+    all nodes automatically.
+    """
+
+    fields: t.Tuple[str, ...] = ()
+    attributes: t.Tuple[str, ...] = ("lineno", "environment")
+    abstract = True
+
+    lineno: int
+    environment: t.Optional["Environment"]
+
+    def __init__(self, *fields: t.Any, **attributes: t.Any) -> None:
+        if self.abstract:
+            raise TypeError("abstract nodes are not instantiable")
+        if fields:
+            if len(fields) != len(self.fields):
+                if not self.fields:
+                    raise TypeError(f"{type(self).__name__!r} takes 0 arguments")
+                raise TypeError(
+                    f"{type(self).__name__!r} takes 0 or {len(self.fields)}"
+                    f" argument{'s' if len(self.fields) != 1 else ''}"
+                )
+            for name, arg in zip(self.fields, fields):
+                setattr(self, name, arg)
+        for attr in self.attributes:
+            setattr(self, attr, attributes.pop(attr, None))
+        if attributes:
+            raise TypeError(f"unknown attribute {next(iter(attributes))!r}")
+
+    def iter_fields(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator[t.Tuple[str, t.Any]]:
+        """This method iterates over all fields that are defined and yields
+        ``(key, value)`` tuples.  Per default all fields are returned, but
+        it's possible to limit that to some fields by providing the `only`
+        parameter or to exclude some using the `exclude` parameter.  Both
+        should be sets or tuples of field names.
+        """
+        for name in self.fields:
+            if (
+                (exclude is None and only is None)
+                or (exclude is not None and name not in exclude)
+                or (only is not None and name in only)
+            ):
+                try:
+                    yield name, getattr(self, name)
+                except AttributeError:
+                    pass
+
+    def iter_child_nodes(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator["Node"]:
+        """Iterates over all direct child nodes of the node.  This iterates
+        over all fields and yields the values of they are nodes.  If the value
+        of a field is a list all the nodes in that list are returned.
+        """
+        for _, item in self.iter_fields(exclude, only):
+            if isinstance(item, list):
+                for n in item:
+                    if isinstance(n, Node):
+                        yield n
+            elif isinstance(item, Node):
+                yield item
+
+    def find(self, node_type: t.Type[_NodeBound]) -> t.Optional[_NodeBound]:
+        """Find the first node of a given type.  If no such node exists the
+        return value is `None`.
+        """
+        for result in self.find_all(node_type):
+            return result
+
+        return None
+
+    def find_all(
+        self, node_type: t.Union[t.Type[_NodeBound], t.Tuple[t.Type[_NodeBound], ...]]
+    ) -> t.Iterator[_NodeBound]:
+        """Find all the nodes of a given type.  If the type is a tuple,
+        the check is performed for any of the tuple items.
+        """
+        for child in self.iter_child_nodes():
+            if isinstance(child, node_type):
+                yield child  # type: ignore
+            yield from child.find_all(node_type)
+
+    def set_ctx(self, ctx: str) -> "Node":
+        """Reset the context of a node and all child nodes.  Per default the
+        parser will all generate nodes that have a 'load' context as it's the
+        most common one.  This method is used in the parser to set assignment
+        targets and other nodes to a store context.
+        """
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "ctx" in node.fields:
+                node.ctx = ctx  # type: ignore
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_lineno(self, lineno: int, override: bool = False) -> "Node":
+        """Set the line numbers of the node and children."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "lineno" in node.attributes:
+                if node.lineno is None or override:
+                    node.lineno = lineno
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_environment(self, environment: "Environment") -> "Node":
+        """Set the environment for all nodes."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            node.environment = environment
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def __eq__(self, other: t.Any) -> bool:
+        if type(self) is not type(other):
+            return NotImplemented
+
+        return tuple(self.iter_fields()) == tuple(other.iter_fields())
+
+    __hash__ = object.__hash__
+
+    def __repr__(self) -> str:
+        args_str = ", ".join(f"{a}={getattr(self, a, None)!r}" for a in self.fields)
+        return f"{type(self).__name__}({args_str})"
+
+    def dump(self) -> str:
+        def _dump(node: t.Union[Node, t.Any]) -> None:
+            if not isinstance(node, Node):
+                buf.append(repr(node))
+                return
+
+            buf.append(f"nodes.{type(node).__name__}(")
+            if not node.fields:
+                buf.append(")")
+                return
+            for idx, field in enumerate(node.fields):
+                if idx:
+                    buf.append(", ")
+                value = getattr(node, field)
+                if isinstance(value, list):
+                    buf.append("[")
+                    for idx, item in enumerate(value):
+                        if idx:
+                            buf.append(", ")
+                        _dump(item)
+                    buf.append("]")
+                else:
+                    _dump(value)
+            buf.append(")")
+
+        buf: t.List[str] = []
+        _dump(self)
+        return "".join(buf)
+
+
+class Stmt(Node):
+    """Base node for all statements."""
+
+    abstract = True
+
+
+class Helper(Node):
+    """Nodes that exist in a specific context only."""
+
+    abstract = True
+
+
+class Template(Node):
+    """Node that represents a template.  This must be the outermost node that
+    is passed to the compiler.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class Output(Stmt):
+    """A node that holds multiple expressions which are then printed out.
+    This is used both for the `print` statement and the regular template data.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List["Expr"]
+
+
+class Extends(Stmt):
+    """Represents an extends statement."""
+
+    fields = ("template",)
+    template: "Expr"
+
+
+class For(Stmt):
+    """The for loop.  `target` is the target for the iteration (usually a
+    :class:`Name` or :class:`Tuple`), `iter` the iterable.  `body` is a list
+    of nodes that are used as loop-body, and `else_` a list of nodes for the
+    `else` block.  If no else node exists it has to be an empty list.
+
+    For filtered nodes an expression can be stored as `test`, otherwise `None`.
+    """
+
+    fields = ("target", "iter", "body", "else_", "test", "recursive")
+    target: Node
+    iter: Node
+    body: t.List[Node]
+    else_: t.List[Node]
+    test: t.Optional[Node]
+    recursive: bool
+
+
+class If(Stmt):
+    """If `test` is true, `body` is rendered, else `else_`."""
+
+    fields = ("test", "body", "elif_", "else_")
+    test: Node
+    body: t.List[Node]
+    elif_: t.List["If"]
+    else_: t.List[Node]
+
+
+class Macro(Stmt):
+    """A macro definition.  `name` is the name of the macro, `args` a list of
+    arguments and `defaults` a list of defaults if there are any.  `body` is
+    a list of nodes for the macro body.
+    """
+
+    fields = ("name", "args", "defaults", "body")
+    name: str
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class CallBlock(Stmt):
+    """Like a macro without a name but a call instead.  `call` is called with
+    the unnamed macro as `caller` argument this node holds.
+    """
+
+    fields = ("call", "args", "defaults", "body")
+    call: "Call"
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class FilterBlock(Stmt):
+    """Node for filter sections."""
+
+    fields = ("body", "filter")
+    body: t.List[Node]
+    filter: "Filter"
+
+
+class With(Stmt):
+    """Specific node for with statements.  In older versions of Jinja the
+    with statement was implemented on the base of the `Scope` node instead.
+
+    .. versionadded:: 2.9.3
+    """
+
+    fields = ("targets", "values", "body")
+    targets: t.List["Expr"]
+    values: t.List["Expr"]
+    body: t.List[Node]
+
+
+class Block(Stmt):
+    """A node that represents a block.
+
+    .. versionchanged:: 3.0.0
+        the `required` field was added.
+    """
+
+    fields = ("name", "body", "scoped", "required")
+    name: str
+    body: t.List[Node]
+    scoped: bool
+    required: bool
+
+
+class Include(Stmt):
+    """A node that represents the include tag."""
+
+    fields = ("template", "with_context", "ignore_missing")
+    template: "Expr"
+    with_context: bool
+    ignore_missing: bool
+
+
+class Import(Stmt):
+    """A node that represents the import tag."""
+
+    fields = ("template", "target", "with_context")
+    template: "Expr"
+    target: str
+    with_context: bool
+
+
+class FromImport(Stmt):
+    """A node that represents the from import tag.  It's important to not
+    pass unsafe names to the name attribute.  The compiler translates the
+    attribute lookups directly into getattr calls and does *not* use the
+    subscript callback of the interface.  As exported variables may not
+    start with double underscores (which the parser asserts) this is not a
+    problem for regular Jinja code, but if this node is used in an extension
+    extra care must be taken.
+
+    The list of names may contain tuples if aliases are wanted.
+    """
+
+    fields = ("template", "names", "with_context")
+    template: "Expr"
+    names: t.List[t.Union[str, t.Tuple[str, str]]]
+    with_context: bool
+
+
+class ExprStmt(Stmt):
+    """A statement that evaluates an expression and discards the result."""
+
+    fields = ("node",)
+    node: Node
+
+
+class Assign(Stmt):
+    """Assigns an expression to a target."""
+
+    fields = ("target", "node")
+    target: "Expr"
+    node: Node
+
+
+class AssignBlock(Stmt):
+    """Assigns a block to a target."""
+
+    fields = ("target", "filter", "body")
+    target: "Expr"
+    filter: t.Optional["Filter"]
+    body: t.List[Node]
+
+
+class Expr(Node):
+    """Baseclass for all expressions."""
+
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        """Return the value of the expression as constant or raise
+        :exc:`Impossible` if this was not possible.
+
+        An :class:`EvalContext` can be provided, if none is given
+        a default context is created which requires the nodes to have
+        an attached environment.
+
+        .. versionchanged:: 2.4
+           the `eval_ctx` parameter was added.
+        """
+        raise Impossible()
+
+    def can_assign(self) -> bool:
+        """Check if it's possible to assign something to this node."""
+        return False
+
+
+class BinExpr(Expr):
+    """Baseclass for all binary expressions."""
+
+    fields = ("left", "right")
+    left: Expr
+    right: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_binops  # type: ignore
+        ):
+            raise Impossible()
+        f = _binop_to_func[self.operator]
+        try:
+            return f(self.left.as_const(eval_ctx), self.right.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class UnaryExpr(Expr):
+    """Baseclass for all unary expressions."""
+
+    fields = ("node",)
+    node: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_unops  # type: ignore
+        ):
+            raise Impossible()
+        f = _uaop_to_func[self.operator]
+        try:
+            return f(self.node.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Name(Expr):
+    """Looks up a name or stores a value in a name.
+    The `ctx` of the node can be one of the following values:
+
+    -   `store`: store a value in the name
+    -   `load`: load that name
+    -   `param`: like `store` but if the name was defined as function parameter.
+    """
+
+    fields = ("name", "ctx")
+    name: str
+    ctx: str
+
+    def can_assign(self) -> bool:
+        return self.name not in {"true", "false", "none", "True", "False", "None"}
+
+
+class NSRef(Expr):
+    """Reference to a namespace value assignment"""
+
+    fields = ("name", "attr")
+    name: str
+    attr: str
+
+    def can_assign(self) -> bool:
+        # We don't need any special checks here; NSRef assignments have a
+        # runtime check to ensure the target is a namespace object which will
+        # have been checked already as it is created using a normal assignment
+        # which goes through a `Name` node.
+        return True
+
+
+class Literal(Expr):
+    """Baseclass for literals."""
+
+    abstract = True
+
+
+class Const(Literal):
+    """All constant values.  The parser will return this node for simple
+    constants such as ``42`` or ``"foo"`` but it can be used to store more
+    complex values such as lists too.  Only constants with a safe
+    representation (objects where ``eval(repr(x)) == x`` is true).
+    """
+
+    fields = ("value",)
+    value: t.Any
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        return self.value
+
+    @classmethod
+    def from_untrusted(
+        cls,
+        value: t.Any,
+        lineno: t.Optional[int] = None,
+        environment: "t.Optional[Environment]" = None,
+    ) -> "Const":
+        """Return a const object if the value is representable as
+        constant value in the generated code, otherwise it will raise
+        an `Impossible` exception.
+        """
+        from .compiler import has_safe_repr
+
+        if not has_safe_repr(value):
+            raise Impossible()
+        return cls(value, lineno=lineno, environment=environment)
+
+
+class TemplateData(Literal):
+    """A constant template string."""
+
+    fields = ("data",)
+    data: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        if eval_ctx.autoescape:
+            return Markup(self.data)
+        return self.data
+
+
+class Tuple(Literal):
+    """For loop unpacking and some other things like multiple arguments
+    for subscripts.  Like for :class:`Name` `ctx` specifies if the tuple
+    is used for loading the names or storing.
+    """
+
+    fields = ("items", "ctx")
+    items: t.List[Expr]
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[t.Any, ...]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return tuple(x.as_const(eval_ctx) for x in self.items)
+
+    def can_assign(self) -> bool:
+        for item in self.items:
+            if not item.can_assign():
+                return False
+        return True
+
+
+class List(Literal):
+    """Any list literal such as ``[1, 2, 3]``"""
+
+    fields = ("items",)
+    items: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.List[t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return [x.as_const(eval_ctx) for x in self.items]
+
+
+class Dict(Literal):
+    """Any dict literal such as ``{1: 2, 3: 4}``.  The items must be a list of
+    :class:`Pair` nodes.
+    """
+
+    fields = ("items",)
+    items: t.List["Pair"]
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Dict[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return dict(x.as_const(eval_ctx) for x in self.items)
+
+
+class Pair(Helper):
+    """A key, value pair for dicts."""
+
+    fields = ("key", "value")
+    key: Expr
+    value: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Tuple[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key.as_const(eval_ctx), self.value.as_const(eval_ctx)
+
+
+class Keyword(Helper):
+    """A key, value pair for keyword arguments where key is a string."""
+
+    fields = ("key", "value")
+    key: str
+    value: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[str, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key, self.value.as_const(eval_ctx)
+
+
+class CondExpr(Expr):
+    """A conditional expression (inline if expression).  (``{{
+    foo if bar else baz }}``)
+    """
+
+    fields = ("test", "expr1", "expr2")
+    test: Expr
+    expr1: Expr
+    expr2: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if self.test.as_const(eval_ctx):
+            return self.expr1.as_const(eval_ctx)
+
+        # if we evaluate to an undefined object, we better do that at runtime
+        if self.expr2 is None:
+            raise Impossible()
+
+        return self.expr2.as_const(eval_ctx)
+
+
+def args_as_const(
+    node: t.Union["_FilterTestCommon", "Call"], eval_ctx: t.Optional[EvalContext]
+) -> t.Tuple[t.List[t.Any], t.Dict[t.Any, t.Any]]:
+    args = [x.as_const(eval_ctx) for x in node.args]
+    kwargs = dict(x.as_const(eval_ctx) for x in node.kwargs)
+
+    if node.dyn_args is not None:
+        try:
+            args.extend(node.dyn_args.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    if node.dyn_kwargs is not None:
+        try:
+            kwargs.update(node.dyn_kwargs.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    return args, kwargs
+
+
+class _FilterTestCommon(Expr):
+    fields = ("node", "name", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    name: str
+    args: t.List[Expr]
+    kwargs: t.List[Pair]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+    abstract = True
+    _is_filter = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        if eval_ctx.volatile:
+            raise Impossible()
+
+        if self._is_filter:
+            env_map = eval_ctx.environment.filters
+        else:
+            env_map = eval_ctx.environment.tests
+
+        func = env_map.get(self.name)
+        pass_arg = _PassArg.from_obj(func)  # type: ignore
+
+        if func is None or pass_arg is _PassArg.context:
+            raise Impossible()
+
+        if eval_ctx.environment.is_async and (
+            getattr(func, "jinja_async_variant", False) is True
+            or inspect.iscoroutinefunction(func)
+        ):
+            raise Impossible()
+
+        args, kwargs = args_as_const(self, eval_ctx)
+        args.insert(0, self.node.as_const(eval_ctx))
+
+        if pass_arg is _PassArg.eval_context:
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, eval_ctx.environment)
+
+        try:
+            return func(*args, **kwargs)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Filter(_FilterTestCommon):
+    """Apply a filter to an expression. ``name`` is the name of the
+    filter, the other fields are the same as :class:`Call`.
+
+    If ``node`` is ``None``, the filter is being used in a filter block
+    and is applied to the content of the block.
+    """
+
+    node: t.Optional[Expr]  # type: ignore
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.node is None:
+            raise Impossible()
+
+        return super().as_const(eval_ctx=eval_ctx)
+
+
+class Test(_FilterTestCommon):
+    """Apply a test to an expression. ``name`` is the name of the test,
+    the other field are the same as :class:`Call`.
+
+    .. versionchanged:: 3.0
+        ``as_const`` shares the same logic for filters and tests. Tests
+        check for volatile, async, and ``@pass_context`` etc.
+        decorators.
+    """
+
+    _is_filter = False
+
+
+class Call(Expr):
+    """Calls an expression.  `args` is a list of arguments, `kwargs` a list
+    of keyword arguments (list of :class:`Keyword` nodes), and `dyn_args`
+    and `dyn_kwargs` has to be either `None` or a node that is used as
+    node for dynamic positional (``*args``) or keyword (``**kwargs``)
+    arguments.
+    """
+
+    fields = ("node", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    args: t.List[Expr]
+    kwargs: t.List[Keyword]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+
+
+class Getitem(Expr):
+    """Get an attribute or item from an expression and prefer the item."""
+
+    fields = ("node", "arg", "ctx")
+    node: Expr
+    arg: Expr
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getitem(
+                self.node.as_const(eval_ctx), self.arg.as_const(eval_ctx)
+            )
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Getattr(Expr):
+    """Get an attribute or item from an expression that is a ascii-only
+    bytestring and prefer the attribute.
+    """
+
+    fields = ("node", "attr", "ctx")
+    node: Expr
+    attr: str
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getattr(self.node.as_const(eval_ctx), self.attr)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Slice(Expr):
+    """Represents a slice object.  This must only be used as argument for
+    :class:`Subscript`.
+    """
+
+    fields = ("start", "stop", "step")
+    start: t.Optional[Expr]
+    stop: t.Optional[Expr]
+    step: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> slice:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        def const(obj: t.Optional[Expr]) -> t.Optional[t.Any]:
+            if obj is None:
+                return None
+            return obj.as_const(eval_ctx)
+
+        return slice(const(self.start), const(self.stop), const(self.step))
+
+
+class Concat(Expr):
+    """Concatenates the list of expressions provided after converting
+    them to strings.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return "".join(str(x.as_const(eval_ctx)) for x in self.nodes)
+
+
+class Compare(Expr):
+    """Compares an expression with some other expressions.  `ops` must be a
+    list of :class:`Operand`\\s.
+    """
+
+    fields = ("expr", "ops")
+    expr: Expr
+    ops: t.List["Operand"]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        result = value = self.expr.as_const(eval_ctx)
+
+        try:
+            for op in self.ops:
+                new_value = op.expr.as_const(eval_ctx)
+                result = _cmpop_to_func[op.op](value, new_value)
+
+                if not result:
+                    return False
+
+                value = new_value
+        except Exception as e:
+            raise Impossible() from e
+
+        return result
+
+
+class Operand(Helper):
+    """Holds an operator and an expression."""
+
+    fields = ("op", "expr")
+    op: str
+    expr: Expr
+
+
+class Mul(BinExpr):
+    """Multiplies the left with the right node."""
+
+    operator = "*"
+
+
+class Div(BinExpr):
+    """Divides the left by the right node."""
+
+    operator = "/"
+
+
+class FloorDiv(BinExpr):
+    """Divides the left by the right node and converts the
+    result into an integer by truncating.
+    """
+
+    operator = "//"
+
+
+class Add(BinExpr):
+    """Add the left to the right node."""
+
+    operator = "+"
+
+
+class Sub(BinExpr):
+    """Subtract the right from the left node."""
+
+    operator = "-"
+
+
+class Mod(BinExpr):
+    """Left modulo right."""
+
+    operator = "%"
+
+
+class Pow(BinExpr):
+    """Left to the power of right."""
+
+    operator = "**"
+
+
+class And(BinExpr):
+    """Short circuited AND."""
+
+    operator = "and"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) and self.right.as_const(eval_ctx)
+
+
+class Or(BinExpr):
+    """Short circuited OR."""
+
+    operator = "or"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) or self.right.as_const(eval_ctx)
+
+
+class Not(UnaryExpr):
+    """Negate the expression."""
+
+    operator = "not"
+
+
+class Neg(UnaryExpr):
+    """Make the expression negative."""
+
+    operator = "-"
+
+
+class Pos(UnaryExpr):
+    """Make the expression positive (noop for most expressions)"""
+
+    operator = "+"
+
+
+# Helpers for extensions
+
+
+class EnvironmentAttribute(Expr):
+    """Loads an attribute from the environment object.  This is useful for
+    extensions that want to call a callback stored on the environment.
+    """
+
+    fields = ("name",)
+    name: str
+
+
+class ExtensionAttribute(Expr):
+    """Returns the attribute of an extension bound to the environment.
+    The identifier is the identifier of the :class:`Extension`.
+
+    This node is usually constructed by calling the
+    :meth:`~jinja2.ext.Extension.attr` method on an extension.
+    """
+
+    fields = ("identifier", "name")
+    identifier: str
+    name: str
+
+
+class ImportedName(Expr):
+    """If created with an import name the import name is returned on node
+    access.  For example ``ImportedName('cgi.escape')`` returns the `escape`
+    function from the cgi module on evaluation.  Imports are optimized by the
+    compiler so there is no need to assign them to local variables.
+    """
+
+    fields = ("importname",)
+    importname: str
+
+
+class InternalName(Expr):
+    """An internal name in the compiler.  You cannot create these nodes
+    yourself but the parser provides a
+    :meth:`~jinja2.parser.Parser.free_identifier` method that creates
+    a new identifier for you.  This identifier is not available from the
+    template and is not treated specially by the compiler.
+    """
+
+    fields = ("name",)
+    name: str
+
+    def __init__(self) -> None:
+        raise TypeError(
+            "Can't create internal names.  Use the "
+            "`free_identifier` method on a parser."
+        )
+
+
+class MarkSafe(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`)."""
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> Markup:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return Markup(self.expr.as_const(eval_ctx))
+
+
+class MarkSafeIfAutoescape(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`) but
+    only if autoescaping is active.
+
+    .. versionadded:: 2.5
+    """
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Union[Markup, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        expr = self.expr.as_const(eval_ctx)
+        if eval_ctx.autoescape:
+            return Markup(expr)
+        return expr
+
+
+class ContextReference(Expr):
+    """Returns the current template context.  It can be used like a
+    :class:`Name` node, with a ``'load'`` ctx and will return the
+    current :class:`~jinja2.runtime.Context` object.
+
+    Here an example that assigns the current template name to a
+    variable named `foo`::
+
+        Assign(Name('foo', ctx='store'),
+               Getattr(ContextReference(), 'name'))
+
+    This is basically equivalent to using the
+    :func:`~jinja2.pass_context` decorator when using the high-level
+    API, which causes a reference to the context to be passed as the
+    first argument to a function.
+    """
+
+
+class DerivedContextReference(Expr):
+    """Return the current template context including locals. Behaves
+    exactly like :class:`ContextReference`, but includes local
+    variables, such as from a ``for`` loop.
+
+    .. versionadded:: 2.11
+    """
+
+
+class Continue(Stmt):
+    """Continue a loop."""
+
+
+class Break(Stmt):
+    """Break a loop."""
+
+
+class Scope(Stmt):
+    """An artificial scope."""
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class OverlayScope(Stmt):
+    """An overlay scope for extensions.  This is a largely unoptimized scope
+    that however can be used to introduce completely arbitrary variables into
+    a sub scope from a dictionary or dictionary like object.  The `context`
+    field has to evaluate to a dictionary object.
+
+    Example usage::
+
+        OverlayScope(context=self.call_method('get_context'),
+                     body=[...])
+
+    .. versionadded:: 2.10
+    """
+
+    fields = ("context", "body")
+    context: Expr
+    body: t.List[Node]
+
+
+class EvalContextModifier(Stmt):
+    """Modifies the eval context.  For each option that should be modified,
+    a :class:`Keyword` has to be added to the :attr:`options` list.
+
+    Example to change the `autoescape` setting::
+
+        EvalContextModifier(options=[Keyword('autoescape', Const(True))])
+    """
+
+    fields = ("options",)
+    options: t.List[Keyword]
+
+
+class ScopedEvalContextModifier(EvalContextModifier):
+    """Modifies the eval context and reverts it later.  Works exactly like
+    :class:`EvalContextModifier` but will only modify the
+    :class:`~jinja2.nodes.EvalContext` for nodes in the :attr:`body`.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+# make sure nobody creates custom nodes
+def _failing_new(*args: t.Any, **kwargs: t.Any) -> "te.NoReturn":
+    raise TypeError("can't create custom node types")
+
+
+NodeType.__new__ = staticmethod(_failing_new)  # type: ignore
+del _failing_new
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/optimizer.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/optimizer.py
new file mode 100644
index 000000000..32d1c717b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/optimizer.py
@@ -0,0 +1,48 @@
+"""The optimizer tries to constant fold expressions and modify the AST
+in place so that it should be faster to evaluate.
+
+Because the AST does not contain all the scoping information and the
+compiler has to find that out, we cannot do all the optimizations we
+want. For example, loop unrolling doesn't work because unrolled loops
+would have a different scope. The solution would be a second syntax tree
+that stored the scoping rules.
+"""
+
+import typing as t
+
+from . import nodes
+from .visitor import NodeTransformer
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def optimize(node: nodes.Node, environment: "Environment") -> nodes.Node:
+    """The context hint can be used to perform an static optimization
+    based on the context given."""
+    optimizer = Optimizer(environment)
+    return t.cast(nodes.Node, optimizer.visit(node))
+
+
+class Optimizer(NodeTransformer):
+    def __init__(self, environment: "t.Optional[Environment]") -> None:
+        self.environment = environment
+
+    def generic_visit(
+        self, node: nodes.Node, *args: t.Any, **kwargs: t.Any
+    ) -> nodes.Node:
+        node = super().generic_visit(node, *args, **kwargs)
+
+        # Do constant folding. Some other nodes besides Expr have
+        # as_const, but folding them causes errors later on.
+        if isinstance(node, nodes.Expr):
+            try:
+                return nodes.Const.from_untrusted(
+                    node.as_const(args[0] if args else None),
+                    lineno=node.lineno,
+                    environment=self.environment,
+                )
+            except nodes.Impossible:
+                pass
+
+        return node
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/parser.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/parser.py
new file mode 100644
index 000000000..0ec997fb4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/parser.py
@@ -0,0 +1,1041 @@
+"""Parse tokens from the lexer into nodes for the compiler."""
+
+import typing
+import typing as t
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .lexer import describe_token
+from .lexer import describe_token_expr
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_ImportInclude = t.TypeVar("_ImportInclude", nodes.Import, nodes.Include)
+_MacroCall = t.TypeVar("_MacroCall", nodes.Macro, nodes.CallBlock)
+
+_statement_keywords = frozenset(
+    [
+        "for",
+        "if",
+        "block",
+        "extends",
+        "print",
+        "macro",
+        "include",
+        "from",
+        "import",
+        "set",
+        "with",
+        "autoescape",
+    ]
+)
+_compare_operators = frozenset(["eq", "ne", "lt", "lteq", "gt", "gteq"])
+
+_math_nodes: t.Dict[str, t.Type[nodes.Expr]] = {
+    "add": nodes.Add,
+    "sub": nodes.Sub,
+    "mul": nodes.Mul,
+    "div": nodes.Div,
+    "floordiv": nodes.FloorDiv,
+    "mod": nodes.Mod,
+}
+
+
+class Parser:
+    """This is the central parsing class Jinja uses.  It's passed to
+    extensions and can be used to parse expressions or statements.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> None:
+        self.environment = environment
+        self.stream = environment._tokenize(source, name, filename, state)
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.extensions: t.Dict[
+            str, t.Callable[["Parser"], t.Union[nodes.Node, t.List[nodes.Node]]]
+        ] = {}
+        for extension in environment.iter_extensions():
+            for tag in extension.tags:
+                self.extensions[tag] = extension.parse
+        self._last_identifier = 0
+        self._tag_stack: t.List[str] = []
+        self._end_token_stack: t.List[t.Tuple[str, ...]] = []
+
+    def fail(
+        self,
+        msg: str,
+        lineno: t.Optional[int] = None,
+        exc: t.Type[TemplateSyntaxError] = TemplateSyntaxError,
+    ) -> "te.NoReturn":
+        """Convenience method that raises `exc` with the message, passed
+        line number or last line number as well as the current name and
+        filename.
+        """
+        if lineno is None:
+            lineno = self.stream.current.lineno
+        raise exc(msg, lineno, self.name, self.filename)
+
+    def _fail_ut_eof(
+        self,
+        name: t.Optional[str],
+        end_token_stack: t.List[t.Tuple[str, ...]],
+        lineno: t.Optional[int],
+    ) -> "te.NoReturn":
+        expected: t.Set[str] = set()
+        for exprs in end_token_stack:
+            expected.update(map(describe_token_expr, exprs))
+        if end_token_stack:
+            currently_looking: t.Optional[str] = " or ".join(
+                map(repr, map(describe_token_expr, end_token_stack[-1]))
+            )
+        else:
+            currently_looking = None
+
+        if name is None:
+            message = ["Unexpected end of template."]
+        else:
+            message = [f"Encountered unknown tag {name!r}."]
+
+        if currently_looking:
+            if name is not None and name in expected:
+                message.append(
+                    "You probably made a nesting mistake. Jinja is expecting this tag,"
+                    f" but currently looking for {currently_looking}."
+                )
+            else:
+                message.append(
+                    f"Jinja was looking for the following tags: {currently_looking}."
+                )
+
+        if self._tag_stack:
+            message.append(
+                "The innermost block that needs to be closed is"
+                f" {self._tag_stack[-1]!r}."
+            )
+
+        self.fail(" ".join(message), lineno)
+
+    def fail_unknown_tag(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> "te.NoReturn":
+        """Called if the parser encounters an unknown tag.  Tries to fail
+        with a human readable error message that could help to identify
+        the problem.
+        """
+        self._fail_ut_eof(name, self._end_token_stack, lineno)
+
+    def fail_eof(
+        self,
+        end_tokens: t.Optional[t.Tuple[str, ...]] = None,
+        lineno: t.Optional[int] = None,
+    ) -> "te.NoReturn":
+        """Like fail_unknown_tag but for end of template situations."""
+        stack = list(self._end_token_stack)
+        if end_tokens is not None:
+            stack.append(end_tokens)
+        self._fail_ut_eof(None, stack, lineno)
+
+    def is_tuple_end(
+        self, extra_end_rules: t.Optional[t.Tuple[str, ...]] = None
+    ) -> bool:
+        """Are we at the end of a tuple?"""
+        if self.stream.current.type in ("variable_end", "block_end", "rparen"):
+            return True
+        elif extra_end_rules is not None:
+            return self.stream.current.test_any(extra_end_rules)  # type: ignore
+        return False
+
+    def free_identifier(self, lineno: t.Optional[int] = None) -> nodes.InternalName:
+        """Return a new free identifier as :class:`~jinja2.nodes.InternalName`."""
+        self._last_identifier += 1
+        rv = object.__new__(nodes.InternalName)
+        nodes.Node.__init__(rv, f"fi{self._last_identifier}", lineno=lineno)
+        return rv
+
+    def parse_statement(self) -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a single statement."""
+        token = self.stream.current
+        if token.type != "name":
+            self.fail("tag name expected", token.lineno)
+        self._tag_stack.append(token.value)
+        pop_tag = True
+        try:
+            if token.value in _statement_keywords:
+                f = getattr(self, f"parse_{self.stream.current.value}")
+                return f()  # type: ignore
+            if token.value == "call":
+                return self.parse_call_block()
+            if token.value == "filter":
+                return self.parse_filter_block()
+            ext = self.extensions.get(token.value)
+            if ext is not None:
+                return ext(self)
+
+            # did not work out, remove the token we pushed by accident
+            # from the stack so that the unknown tag fail function can
+            # produce a proper error message.
+            self._tag_stack.pop()
+            pop_tag = False
+            self.fail_unknown_tag(token.value, token.lineno)
+        finally:
+            if pop_tag:
+                self._tag_stack.pop()
+
+    def parse_statements(
+        self, end_tokens: t.Tuple[str, ...], drop_needle: bool = False
+    ) -> t.List[nodes.Node]:
+        """Parse multiple statements into a list until one of the end tokens
+        is reached.  This is used to parse the body of statements as it also
+        parses template data if appropriate.  The parser checks first if the
+        current token is a colon and skips it if there is one.  Then it checks
+        for the block end and parses until if one of the `end_tokens` is
+        reached.  Per default the active token in the stream at the end of
+        the call is the matched end token.  If this is not wanted `drop_needle`
+        can be set to `True` and the end token is removed.
+        """
+        # the first token may be a colon for python compatibility
+        self.stream.skip_if("colon")
+
+        # in the future it would be possible to add whole code sections
+        # by adding some sort of end of statement token and parsing those here.
+        self.stream.expect("block_end")
+        result = self.subparse(end_tokens)
+
+        # we reached the end of the template too early, the subparser
+        # does not check for this, so we do that now
+        if self.stream.current.type == "eof":
+            self.fail_eof(end_tokens)
+
+        if drop_needle:
+            next(self.stream)
+        return result
+
+    def parse_set(self) -> t.Union[nodes.Assign, nodes.AssignBlock]:
+        """Parse an assign statement."""
+        lineno = next(self.stream).lineno
+        target = self.parse_assign_target(with_namespace=True)
+        if self.stream.skip_if("assign"):
+            expr = self.parse_tuple()
+            return nodes.Assign(target, expr, lineno=lineno)
+        filter_node = self.parse_filter(None)
+        body = self.parse_statements(("name:endset",), drop_needle=True)
+        return nodes.AssignBlock(target, filter_node, body, lineno=lineno)
+
+    def parse_for(self) -> nodes.For:
+        """Parse a for loop."""
+        lineno = self.stream.expect("name:for").lineno
+        target = self.parse_assign_target(extra_end_rules=("name:in",))
+        self.stream.expect("name:in")
+        iter = self.parse_tuple(
+            with_condexpr=False, extra_end_rules=("name:recursive",)
+        )
+        test = None
+        if self.stream.skip_if("name:if"):
+            test = self.parse_expression()
+        recursive = self.stream.skip_if("name:recursive")
+        body = self.parse_statements(("name:endfor", "name:else"))
+        if next(self.stream).value == "endfor":
+            else_ = []
+        else:
+            else_ = self.parse_statements(("name:endfor",), drop_needle=True)
+        return nodes.For(target, iter, body, else_, test, recursive, lineno=lineno)
+
+    def parse_if(self) -> nodes.If:
+        """Parse an if construct."""
+        node = result = nodes.If(lineno=self.stream.expect("name:if").lineno)
+        while True:
+            node.test = self.parse_tuple(with_condexpr=False)
+            node.body = self.parse_statements(("name:elif", "name:else", "name:endif"))
+            node.elif_ = []
+            node.else_ = []
+            token = next(self.stream)
+            if token.test("name:elif"):
+                node = nodes.If(lineno=self.stream.current.lineno)
+                result.elif_.append(node)
+                continue
+            elif token.test("name:else"):
+                result.else_ = self.parse_statements(("name:endif",), drop_needle=True)
+            break
+        return result
+
+    def parse_with(self) -> nodes.With:
+        node = nodes.With(lineno=next(self.stream).lineno)
+        targets: t.List[nodes.Expr] = []
+        values: t.List[nodes.Expr] = []
+        while self.stream.current.type != "block_end":
+            if targets:
+                self.stream.expect("comma")
+            target = self.parse_assign_target()
+            target.set_ctx("param")
+            targets.append(target)
+            self.stream.expect("assign")
+            values.append(self.parse_expression())
+        node.targets = targets
+        node.values = values
+        node.body = self.parse_statements(("name:endwith",), drop_needle=True)
+        return node
+
+    def parse_autoescape(self) -> nodes.Scope:
+        node = nodes.ScopedEvalContextModifier(lineno=next(self.stream).lineno)
+        node.options = [nodes.Keyword("autoescape", self.parse_expression())]
+        node.body = self.parse_statements(("name:endautoescape",), drop_needle=True)
+        return nodes.Scope([node])
+
+    def parse_block(self) -> nodes.Block:
+        node = nodes.Block(lineno=next(self.stream).lineno)
+        node.name = self.stream.expect("name").value
+        node.scoped = self.stream.skip_if("name:scoped")
+        node.required = self.stream.skip_if("name:required")
+
+        # common problem people encounter when switching from django
+        # to jinja.  we do not support hyphens in block names, so let's
+        # raise a nicer error message in that case.
+        if self.stream.current.type == "sub":
+            self.fail(
+                "Block names in Jinja have to be valid Python identifiers and may not"
+                " contain hyphens, use an underscore instead."
+            )
+
+        node.body = self.parse_statements(("name:endblock",), drop_needle=True)
+
+        # enforce that required blocks only contain whitespace or comments
+        # by asserting that the body, if not empty, is just TemplateData nodes
+        # with whitespace data
+        if node.required:
+            for body_node in node.body:
+                if not isinstance(body_node, nodes.Output) or any(
+                    not isinstance(output_node, nodes.TemplateData)
+                    or not output_node.data.isspace()
+                    for output_node in body_node.nodes
+                ):
+                    self.fail("Required blocks can only contain comments or whitespace")
+
+        self.stream.skip_if("name:" + node.name)
+        return node
+
+    def parse_extends(self) -> nodes.Extends:
+        node = nodes.Extends(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        return node
+
+    def parse_import_context(
+        self, node: _ImportInclude, default: bool
+    ) -> _ImportInclude:
+        if self.stream.current.test_any(
+            "name:with", "name:without"
+        ) and self.stream.look().test("name:context"):
+            node.with_context = next(self.stream).value == "with"
+            self.stream.skip()
+        else:
+            node.with_context = default
+        return node
+
+    def parse_include(self) -> nodes.Include:
+        node = nodes.Include(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        if self.stream.current.test("name:ignore") and self.stream.look().test(
+            "name:missing"
+        ):
+            node.ignore_missing = True
+            self.stream.skip(2)
+        else:
+            node.ignore_missing = False
+        return self.parse_import_context(node, True)
+
+    def parse_import(self) -> nodes.Import:
+        node = nodes.Import(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:as")
+        node.target = self.parse_assign_target(name_only=True).name
+        return self.parse_import_context(node, False)
+
+    def parse_from(self) -> nodes.FromImport:
+        node = nodes.FromImport(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:import")
+        node.names = []
+
+        def parse_context() -> bool:
+            if self.stream.current.value in {
+                "with",
+                "without",
+            } and self.stream.look().test("name:context"):
+                node.with_context = next(self.stream).value == "with"
+                self.stream.skip()
+                return True
+            return False
+
+        while True:
+            if node.names:
+                self.stream.expect("comma")
+            if self.stream.current.type == "name":
+                if parse_context():
+                    break
+                target = self.parse_assign_target(name_only=True)
+                if target.name.startswith("_"):
+                    self.fail(
+                        "names starting with an underline can not be imported",
+                        target.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                if self.stream.skip_if("name:as"):
+                    alias = self.parse_assign_target(name_only=True)
+                    node.names.append((target.name, alias.name))
+                else:
+                    node.names.append(target.name)
+                if parse_context() or self.stream.current.type != "comma":
+                    break
+            else:
+                self.stream.expect("name")
+        if not hasattr(node, "with_context"):
+            node.with_context = False
+        return node
+
+    def parse_signature(self, node: _MacroCall) -> None:
+        args = node.args = []
+        defaults = node.defaults = []
+        self.stream.expect("lparen")
+        while self.stream.current.type != "rparen":
+            if args:
+                self.stream.expect("comma")
+            arg = self.parse_assign_target(name_only=True)
+            arg.set_ctx("param")
+            if self.stream.skip_if("assign"):
+                defaults.append(self.parse_expression())
+            elif defaults:
+                self.fail("non-default argument follows default argument")
+            args.append(arg)
+        self.stream.expect("rparen")
+
+    def parse_call_block(self) -> nodes.CallBlock:
+        node = nodes.CallBlock(lineno=next(self.stream).lineno)
+        if self.stream.current.type == "lparen":
+            self.parse_signature(node)
+        else:
+            node.args = []
+            node.defaults = []
+
+        call_node = self.parse_expression()
+        if not isinstance(call_node, nodes.Call):
+            self.fail("expected call", node.lineno)
+        node.call = call_node
+        node.body = self.parse_statements(("name:endcall",), drop_needle=True)
+        return node
+
+    def parse_filter_block(self) -> nodes.FilterBlock:
+        node = nodes.FilterBlock(lineno=next(self.stream).lineno)
+        node.filter = self.parse_filter(None, start_inline=True)  # type: ignore
+        node.body = self.parse_statements(("name:endfilter",), drop_needle=True)
+        return node
+
+    def parse_macro(self) -> nodes.Macro:
+        node = nodes.Macro(lineno=next(self.stream).lineno)
+        node.name = self.parse_assign_target(name_only=True).name
+        self.parse_signature(node)
+        node.body = self.parse_statements(("name:endmacro",), drop_needle=True)
+        return node
+
+    def parse_print(self) -> nodes.Output:
+        node = nodes.Output(lineno=next(self.stream).lineno)
+        node.nodes = []
+        while self.stream.current.type != "block_end":
+            if node.nodes:
+                self.stream.expect("comma")
+            node.nodes.append(self.parse_expression())
+        return node
+
+    @typing.overload
+    def parse_assign_target(
+        self, with_tuple: bool = ..., name_only: "te.Literal[True]" = ...
+    ) -> nodes.Name: ...
+
+    @typing.overload
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]: ...
+
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]:
+        """Parse an assignment target.  As Jinja allows assignments to
+        tuples, this function can parse all allowed assignment targets.  Per
+        default assignments to tuples are parsed, that can be disable however
+        by setting `with_tuple` to `False`.  If only assignments to names are
+        wanted `name_only` can be set to `True`.  The `extra_end_rules`
+        parameter is forwarded to the tuple parsing function.  If
+        `with_namespace` is enabled, a namespace assignment may be parsed.
+        """
+        target: nodes.Expr
+
+        if with_namespace and self.stream.look().type == "dot":
+            token = self.stream.expect("name")
+            next(self.stream)  # dot
+            attr = self.stream.expect("name")
+            target = nodes.NSRef(token.value, attr.value, lineno=token.lineno)
+        elif name_only:
+            token = self.stream.expect("name")
+            target = nodes.Name(token.value, "store", lineno=token.lineno)
+        else:
+            if with_tuple:
+                target = self.parse_tuple(
+                    simplified=True, extra_end_rules=extra_end_rules
+                )
+            else:
+                target = self.parse_primary()
+
+            target.set_ctx("store")
+
+        if not target.can_assign():
+            self.fail(
+                f"can't assign to {type(target).__name__.lower()!r}", target.lineno
+            )
+
+        return target  # type: ignore
+
+    def parse_expression(self, with_condexpr: bool = True) -> nodes.Expr:
+        """Parse an expression.  Per default all expressions are parsed, if
+        the optional `with_condexpr` parameter is set to `False` conditional
+        expressions are not parsed.
+        """
+        if with_condexpr:
+            return self.parse_condexpr()
+        return self.parse_or()
+
+    def parse_condexpr(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr1 = self.parse_or()
+        expr3: t.Optional[nodes.Expr]
+
+        while self.stream.skip_if("name:if"):
+            expr2 = self.parse_or()
+            if self.stream.skip_if("name:else"):
+                expr3 = self.parse_condexpr()
+            else:
+                expr3 = None
+            expr1 = nodes.CondExpr(expr2, expr1, expr3, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return expr1
+
+    def parse_or(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_and()
+        while self.stream.skip_if("name:or"):
+            right = self.parse_and()
+            left = nodes.Or(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_and(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_not()
+        while self.stream.skip_if("name:and"):
+            right = self.parse_not()
+            left = nodes.And(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_not(self) -> nodes.Expr:
+        if self.stream.current.test("name:not"):
+            lineno = next(self.stream).lineno
+            return nodes.Not(self.parse_not(), lineno=lineno)
+        return self.parse_compare()
+
+    def parse_compare(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr = self.parse_math1()
+        ops = []
+        while True:
+            token_type = self.stream.current.type
+            if token_type in _compare_operators:
+                next(self.stream)
+                ops.append(nodes.Operand(token_type, self.parse_math1()))
+            elif self.stream.skip_if("name:in"):
+                ops.append(nodes.Operand("in", self.parse_math1()))
+            elif self.stream.current.test("name:not") and self.stream.look().test(
+                "name:in"
+            ):
+                self.stream.skip(2)
+                ops.append(nodes.Operand("notin", self.parse_math1()))
+            else:
+                break
+            lineno = self.stream.current.lineno
+        if not ops:
+            return expr
+        return nodes.Compare(expr, ops, lineno=lineno)
+
+    def parse_math1(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_concat()
+        while self.stream.current.type in ("add", "sub"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_concat()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_concat(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args = [self.parse_math2()]
+        while self.stream.current.type == "tilde":
+            next(self.stream)
+            args.append(self.parse_math2())
+        if len(args) == 1:
+            return args[0]
+        return nodes.Concat(args, lineno=lineno)
+
+    def parse_math2(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_pow()
+        while self.stream.current.type in ("mul", "div", "floordiv", "mod"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_pow()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_pow(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_unary()
+        while self.stream.current.type == "pow":
+            next(self.stream)
+            right = self.parse_unary()
+            left = nodes.Pow(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_unary(self, with_filter: bool = True) -> nodes.Expr:
+        token_type = self.stream.current.type
+        lineno = self.stream.current.lineno
+        node: nodes.Expr
+
+        if token_type == "sub":
+            next(self.stream)
+            node = nodes.Neg(self.parse_unary(False), lineno=lineno)
+        elif token_type == "add":
+            next(self.stream)
+            node = nodes.Pos(self.parse_unary(False), lineno=lineno)
+        else:
+            node = self.parse_primary()
+        node = self.parse_postfix(node)
+        if with_filter:
+            node = self.parse_filter_expr(node)
+        return node
+
+    def parse_primary(self) -> nodes.Expr:
+        token = self.stream.current
+        node: nodes.Expr
+        if token.type == "name":
+            if token.value in ("true", "false", "True", "False"):
+                node = nodes.Const(token.value in ("true", "True"), lineno=token.lineno)
+            elif token.value in ("none", "None"):
+                node = nodes.Const(None, lineno=token.lineno)
+            else:
+                node = nodes.Name(token.value, "load", lineno=token.lineno)
+            next(self.stream)
+        elif token.type == "string":
+            next(self.stream)
+            buf = [token.value]
+            lineno = token.lineno
+            while self.stream.current.type == "string":
+                buf.append(self.stream.current.value)
+                next(self.stream)
+            node = nodes.Const("".join(buf), lineno=lineno)
+        elif token.type in ("integer", "float"):
+            next(self.stream)
+            node = nodes.Const(token.value, lineno=token.lineno)
+        elif token.type == "lparen":
+            next(self.stream)
+            node = self.parse_tuple(explicit_parentheses=True)
+            self.stream.expect("rparen")
+        elif token.type == "lbracket":
+            node = self.parse_list()
+        elif token.type == "lbrace":
+            node = self.parse_dict()
+        else:
+            self.fail(f"unexpected {describe_token(token)!r}", token.lineno)
+        return node
+
+    def parse_tuple(
+        self,
+        simplified: bool = False,
+        with_condexpr: bool = True,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        explicit_parentheses: bool = False,
+    ) -> t.Union[nodes.Tuple, nodes.Expr]:
+        """Works like `parse_expression` but if multiple expressions are
+        delimited by a comma a :class:`~jinja2.nodes.Tuple` node is created.
+        This method could also return a regular expression instead of a tuple
+        if no commas where found.
+
+        The default parsing mode is a full tuple.  If `simplified` is `True`
+        only names and literals are parsed.  The `no_condexpr` parameter is
+        forwarded to :meth:`parse_expression`.
+
+        Because tuples do not require delimiters and may end in a bogus comma
+        an extra hint is needed that marks the end of a tuple.  For example
+        for loops support tuples between `for` and `in`.  In that case the
+        `extra_end_rules` is set to ``['name:in']``.
+
+        `explicit_parentheses` is true if the parsing was triggered by an
+        expression in parentheses.  This is used to figure out if an empty
+        tuple is a valid expression or not.
+        """
+        lineno = self.stream.current.lineno
+        if simplified:
+            parse = self.parse_primary
+        elif with_condexpr:
+            parse = self.parse_expression
+        else:
+
+            def parse() -> nodes.Expr:
+                return self.parse_expression(with_condexpr=False)
+
+        args: t.List[nodes.Expr] = []
+        is_tuple = False
+
+        while True:
+            if args:
+                self.stream.expect("comma")
+            if self.is_tuple_end(extra_end_rules):
+                break
+            args.append(parse())
+            if self.stream.current.type == "comma":
+                is_tuple = True
+            else:
+                break
+            lineno = self.stream.current.lineno
+
+        if not is_tuple:
+            if args:
+                return args[0]
+
+            # if we don't have explicit parentheses, an empty tuple is
+            # not a valid expression.  This would mean nothing (literally
+            # nothing) in the spot of an expression would be an empty
+            # tuple.
+            if not explicit_parentheses:
+                self.fail(
+                    "Expected an expression,"
+                    f" got {describe_token(self.stream.current)!r}"
+                )
+
+        return nodes.Tuple(args, "load", lineno=lineno)
+
+    def parse_list(self) -> nodes.List:
+        token = self.stream.expect("lbracket")
+        items: t.List[nodes.Expr] = []
+        while self.stream.current.type != "rbracket":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbracket":
+                break
+            items.append(self.parse_expression())
+        self.stream.expect("rbracket")
+        return nodes.List(items, lineno=token.lineno)
+
+    def parse_dict(self) -> nodes.Dict:
+        token = self.stream.expect("lbrace")
+        items: t.List[nodes.Pair] = []
+        while self.stream.current.type != "rbrace":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbrace":
+                break
+            key = self.parse_expression()
+            self.stream.expect("colon")
+            value = self.parse_expression()
+            items.append(nodes.Pair(key, value, lineno=key.lineno))
+        self.stream.expect("rbrace")
+        return nodes.Dict(items, lineno=token.lineno)
+
+    def parse_postfix(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "dot" or token_type == "lbracket":
+                node = self.parse_subscript(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_filter_expr(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "pipe":
+                node = self.parse_filter(node)  # type: ignore
+            elif token_type == "name" and self.stream.current.value == "is":
+                node = self.parse_test(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_subscript(
+        self, node: nodes.Expr
+    ) -> t.Union[nodes.Getattr, nodes.Getitem]:
+        token = next(self.stream)
+        arg: nodes.Expr
+
+        if token.type == "dot":
+            attr_token = self.stream.current
+            next(self.stream)
+            if attr_token.type == "name":
+                return nodes.Getattr(
+                    node, attr_token.value, "load", lineno=token.lineno
+                )
+            elif attr_token.type != "integer":
+                self.fail("expected name or number", attr_token.lineno)
+            arg = nodes.Const(attr_token.value, lineno=attr_token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        if token.type == "lbracket":
+            args: t.List[nodes.Expr] = []
+            while self.stream.current.type != "rbracket":
+                if args:
+                    self.stream.expect("comma")
+                args.append(self.parse_subscribed())
+            self.stream.expect("rbracket")
+            if len(args) == 1:
+                arg = args[0]
+            else:
+                arg = nodes.Tuple(args, "load", lineno=token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        self.fail("expected subscript expression", token.lineno)
+
+    def parse_subscribed(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args: t.List[t.Optional[nodes.Expr]]
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            args = [None]
+        else:
+            node = self.parse_expression()
+            if self.stream.current.type != "colon":
+                return node
+            next(self.stream)
+            args = [node]
+
+        if self.stream.current.type == "colon":
+            args.append(None)
+        elif self.stream.current.type not in ("rbracket", "comma"):
+            args.append(self.parse_expression())
+        else:
+            args.append(None)
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            if self.stream.current.type not in ("rbracket", "comma"):
+                args.append(self.parse_expression())
+            else:
+                args.append(None)
+        else:
+            args.append(None)
+
+        return nodes.Slice(lineno=lineno, *args)  # noqa: B026
+
+    def parse_call_args(
+        self,
+    ) -> t.Tuple[
+        t.List[nodes.Expr],
+        t.List[nodes.Keyword],
+        t.Optional[nodes.Expr],
+        t.Optional[nodes.Expr],
+    ]:
+        token = self.stream.expect("lparen")
+        args = []
+        kwargs = []
+        dyn_args = None
+        dyn_kwargs = None
+        require_comma = False
+
+        def ensure(expr: bool) -> None:
+            if not expr:
+                self.fail("invalid syntax for function call expression", token.lineno)
+
+        while self.stream.current.type != "rparen":
+            if require_comma:
+                self.stream.expect("comma")
+
+                # support for trailing comma
+                if self.stream.current.type == "rparen":
+                    break
+
+            if self.stream.current.type == "mul":
+                ensure(dyn_args is None and dyn_kwargs is None)
+                next(self.stream)
+                dyn_args = self.parse_expression()
+            elif self.stream.current.type == "pow":
+                ensure(dyn_kwargs is None)
+                next(self.stream)
+                dyn_kwargs = self.parse_expression()
+            else:
+                if (
+                    self.stream.current.type == "name"
+                    and self.stream.look().type == "assign"
+                ):
+                    # Parsing a kwarg
+                    ensure(dyn_kwargs is None)
+                    key = self.stream.current.value
+                    self.stream.skip(2)
+                    value = self.parse_expression()
+                    kwargs.append(nodes.Keyword(key, value, lineno=value.lineno))
+                else:
+                    # Parsing an arg
+                    ensure(dyn_args is None and dyn_kwargs is None and not kwargs)
+                    args.append(self.parse_expression())
+
+            require_comma = True
+
+        self.stream.expect("rparen")
+        return args, kwargs, dyn_args, dyn_kwargs
+
+    def parse_call(self, node: nodes.Expr) -> nodes.Call:
+        # The lparen will be expected in parse_call_args, but the lineno
+        # needs to be recorded before the stream is advanced.
+        token = self.stream.current
+        args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        return nodes.Call(node, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno)
+
+    def parse_filter(
+        self, node: t.Optional[nodes.Expr], start_inline: bool = False
+    ) -> t.Optional[nodes.Expr]:
+        while self.stream.current.type == "pipe" or start_inline:
+            if not start_inline:
+                next(self.stream)
+            token = self.stream.expect("name")
+            name = token.value
+            while self.stream.current.type == "dot":
+                next(self.stream)
+                name += "." + self.stream.expect("name").value
+            if self.stream.current.type == "lparen":
+                args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+            else:
+                args = []
+                kwargs = []
+                dyn_args = dyn_kwargs = None
+            node = nodes.Filter(
+                node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+            )
+            start_inline = False
+        return node
+
+    def parse_test(self, node: nodes.Expr) -> nodes.Expr:
+        token = next(self.stream)
+        if self.stream.current.test("name:not"):
+            next(self.stream)
+            negated = True
+        else:
+            negated = False
+        name = self.stream.expect("name").value
+        while self.stream.current.type == "dot":
+            next(self.stream)
+            name += "." + self.stream.expect("name").value
+        dyn_args = dyn_kwargs = None
+        kwargs: t.List[nodes.Keyword] = []
+        if self.stream.current.type == "lparen":
+            args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        elif self.stream.current.type in {
+            "name",
+            "string",
+            "integer",
+            "float",
+            "lparen",
+            "lbracket",
+            "lbrace",
+        } and not self.stream.current.test_any("name:else", "name:or", "name:and"):
+            if self.stream.current.test("name:is"):
+                self.fail("You cannot chain multiple tests with is")
+            arg_node = self.parse_primary()
+            arg_node = self.parse_postfix(arg_node)
+            args = [arg_node]
+        else:
+            args = []
+        node = nodes.Test(
+            node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+        )
+        if negated:
+            node = nodes.Not(node, lineno=token.lineno)
+        return node
+
+    def subparse(
+        self, end_tokens: t.Optional[t.Tuple[str, ...]] = None
+    ) -> t.List[nodes.Node]:
+        body: t.List[nodes.Node] = []
+        data_buffer: t.List[nodes.Node] = []
+        add_data = data_buffer.append
+
+        if end_tokens is not None:
+            self._end_token_stack.append(end_tokens)
+
+        def flush_data() -> None:
+            if data_buffer:
+                lineno = data_buffer[0].lineno
+                body.append(nodes.Output(data_buffer[:], lineno=lineno))
+                del data_buffer[:]
+
+        try:
+            while self.stream:
+                token = self.stream.current
+                if token.type == "data":
+                    if token.value:
+                        add_data(nodes.TemplateData(token.value, lineno=token.lineno))
+                    next(self.stream)
+                elif token.type == "variable_begin":
+                    next(self.stream)
+                    add_data(self.parse_tuple(with_condexpr=True))
+                    self.stream.expect("variable_end")
+                elif token.type == "block_begin":
+                    flush_data()
+                    next(self.stream)
+                    if end_tokens is not None and self.stream.current.test_any(
+                        *end_tokens
+                    ):
+                        return body
+                    rv = self.parse_statement()
+                    if isinstance(rv, list):
+                        body.extend(rv)
+                    else:
+                        body.append(rv)
+                    self.stream.expect("block_end")
+                else:
+                    raise AssertionError("internal parsing error")
+
+            flush_data()
+        finally:
+            if end_tokens is not None:
+                self._end_token_stack.pop()
+        return body
+
+    def parse(self) -> nodes.Template:
+        """Parse the whole template into a `Template` node."""
+        result = nodes.Template(self.subparse(), lineno=1)
+        result.set_environment(self.environment)
+        return result
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/py.typed b/lib/go-jinja2/internal/data/linux-amd64/jinja2/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/runtime.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/runtime.py
new file mode 100644
index 000000000..4325c8deb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/runtime.py
@@ -0,0 +1,1056 @@
+"""The runtime functions and state used by compiled templates."""
+
+import functools
+import sys
+import typing as t
+from collections import abc
+from itertools import chain
+
+from markupsafe import escape  # noqa: F401
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import auto_aiter
+from .async_utils import auto_await  # noqa: F401
+from .exceptions import TemplateNotFound  # noqa: F401
+from .exceptions import TemplateRuntimeError  # noqa: F401
+from .exceptions import UndefinedError
+from .nodes import EvalContext
+from .utils import _PassArg
+from .utils import concat
+from .utils import internalcode
+from .utils import missing
+from .utils import Namespace  # noqa: F401
+from .utils import object_type_repr
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+if t.TYPE_CHECKING:
+    import logging
+
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class LoopRenderFunc(te.Protocol):
+        def __call__(
+            self,
+            reciter: t.Iterable[V],
+            loop_render_func: "LoopRenderFunc",
+            depth: int = 0,
+        ) -> str: ...
+
+
+# these variables are exported to the template runtime
+exported = [
+    "LoopContext",
+    "TemplateReference",
+    "Macro",
+    "Markup",
+    "TemplateRuntimeError",
+    "missing",
+    "escape",
+    "markup_join",
+    "str_join",
+    "identity",
+    "TemplateNotFound",
+    "Namespace",
+    "Undefined",
+    "internalcode",
+]
+async_exported = [
+    "AsyncLoopContext",
+    "auto_aiter",
+    "auto_await",
+]
+
+
+def identity(x: V) -> V:
+    """Returns its argument. Useful for certain things in the
+    environment.
+    """
+    return x
+
+
+def markup_join(seq: t.Iterable[t.Any]) -> str:
+    """Concatenation that escapes if necessary and converts to string."""
+    buf = []
+    iterator = map(soft_str, seq)
+    for arg in iterator:
+        buf.append(arg)
+        if hasattr(arg, "__html__"):
+            return Markup("").join(chain(buf, iterator))
+    return concat(buf)
+
+
+def str_join(seq: t.Iterable[t.Any]) -> str:
+    """Simple args to string conversion and concatenation."""
+    return concat(map(str, seq))
+
+
+def new_context(
+    environment: "Environment",
+    template_name: t.Optional[str],
+    blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+    vars: t.Optional[t.Dict[str, t.Any]] = None,
+    shared: bool = False,
+    globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    locals: t.Optional[t.Mapping[str, t.Any]] = None,
+) -> "Context":
+    """Internal helper for context creation."""
+    if vars is None:
+        vars = {}
+    if shared:
+        parent = vars
+    else:
+        parent = dict(globals or (), **vars)
+    if locals:
+        # if the parent is shared a copy should be created because
+        # we don't want to modify the dict passed
+        if shared:
+            parent = dict(parent)
+        for key, value in locals.items():
+            if value is not missing:
+                parent[key] = value
+    return environment.context_class(
+        environment, parent, template_name, blocks, globals=globals
+    )
+
+
+class TemplateReference:
+    """The `self` in templates."""
+
+    def __init__(self, context: "Context") -> None:
+        self.__context = context
+
+    def __getitem__(self, name: str) -> t.Any:
+        blocks = self.__context.blocks[name]
+        return BlockReference(name, self.__context, blocks, 0)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.__context.name!r}>"
+
+
+def _dict_method_all(dict_method: F) -> F:
+    @functools.wraps(dict_method)
+    def f_all(self: "Context") -> t.Any:
+        return dict_method(self.get_all())
+
+    return t.cast(F, f_all)
+
+
+@abc.Mapping.register
+class Context:
+    """The template context holds the variables of a template.  It stores the
+    values passed to the template and also the names the template exports.
+    Creating instances is neither supported nor useful as it's created
+    automatically at various stages of the template evaluation and should not
+    be created by hand.
+
+    The context is immutable.  Modifications on :attr:`parent` **must not**
+    happen and modifications on :attr:`vars` are allowed from generated
+    template code only.  Template filters and global functions marked as
+    :func:`pass_context` get the active context passed as first argument
+    and are allowed to access the context read-only.
+
+    The template context supports read only dict operations (`get`,
+    `keys`, `values`, `items`, `iterkeys`, `itervalues`, `iteritems`,
+    `__getitem__`, `__contains__`).  Additionally there is a :meth:`resolve`
+    method that doesn't fail with a `KeyError` but returns an
+    :class:`Undefined` object for missing variables.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        parent: t.Dict[str, t.Any],
+        name: t.Optional[str],
+        blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ):
+        self.parent = parent
+        self.vars: t.Dict[str, t.Any] = {}
+        self.environment: "Environment" = environment
+        self.eval_ctx = EvalContext(self.environment, name)
+        self.exported_vars: t.Set[str] = set()
+        self.name = name
+        self.globals_keys = set() if globals is None else set(globals)
+
+        # create the initial mapping of blocks.  Whenever template inheritance
+        # takes place the runtime will update this mapping with the new blocks
+        # from the template.
+        self.blocks = {k: [v] for k, v in blocks.items()}
+
+    def super(
+        self, name: str, current: t.Callable[["Context"], t.Iterator[str]]
+    ) -> t.Union["BlockReference", "Undefined"]:
+        """Render a parent block."""
+        try:
+            blocks = self.blocks[name]
+            index = blocks.index(current) + 1
+            blocks[index]
+        except LookupError:
+            return self.environment.undefined(
+                f"there is no parent block called {name!r}.", name="super"
+            )
+        return BlockReference(name, self, blocks, index)
+
+    def get(self, key: str, default: t.Any = None) -> t.Any:
+        """Look up a variable by name, or return a default if the key is
+        not found.
+
+        :param key: The variable name to look up.
+        :param default: The value to return if the key is not found.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def resolve(self, key: str) -> t.Union[t.Any, "Undefined"]:
+        """Look up a variable by name, or return an :class:`Undefined`
+        object if the key is not found.
+
+        If you need to add custom behavior, override
+        :meth:`resolve_or_missing`, not this method. The various lookup
+        functions use that method, not this one.
+
+        :param key: The variable name to look up.
+        """
+        rv = self.resolve_or_missing(key)
+
+        if rv is missing:
+            return self.environment.undefined(name=key)
+
+        return rv
+
+    def resolve_or_missing(self, key: str) -> t.Any:
+        """Look up a variable by name, or return a ``missing`` sentinel
+        if the key is not found.
+
+        Override this method to add custom lookup behavior.
+        :meth:`resolve`, :meth:`get`, and :meth:`__getitem__` use this
+        method. Don't call this method directly.
+
+        :param key: The variable name to look up.
+        """
+        if key in self.vars:
+            return self.vars[key]
+
+        if key in self.parent:
+            return self.parent[key]
+
+        return missing
+
+    def get_exported(self) -> t.Dict[str, t.Any]:
+        """Get a new dict with the exported variables."""
+        return {k: self.vars[k] for k in self.exported_vars}
+
+    def get_all(self) -> t.Dict[str, t.Any]:
+        """Return the complete context as dict including the exported
+        variables.  For optimizations reasons this might not return an
+        actual copy so be careful with using it.
+        """
+        if not self.vars:
+            return self.parent
+        if not self.parent:
+            return self.vars
+        return dict(self.parent, **self.vars)
+
+    @internalcode
+    def call(
+        __self,
+        __obj: t.Callable[..., t.Any],
+        *args: t.Any,
+        **kwargs: t.Any,  # noqa: B902
+    ) -> t.Union[t.Any, "Undefined"]:
+        """Call the callable with the arguments and keyword arguments
+        provided but inject the active context or environment as first
+        argument if the callable has :func:`pass_context` or
+        :func:`pass_environment`.
+        """
+        if __debug__:
+            __traceback_hide__ = True  # noqa
+
+        # Allow callable classes to take a context
+        if (
+            hasattr(__obj, "__call__")  # noqa: B004
+            and _PassArg.from_obj(__obj.__call__) is not None
+        ):
+            __obj = __obj.__call__
+
+        pass_arg = _PassArg.from_obj(__obj)
+
+        if pass_arg is _PassArg.context:
+            # the active context should have access to variables set in
+            # loops and blocks without mutating the context itself
+            if kwargs.get("_loop_vars"):
+                __self = __self.derived(kwargs["_loop_vars"])
+            if kwargs.get("_block_vars"):
+                __self = __self.derived(kwargs["_block_vars"])
+            args = (__self,) + args
+        elif pass_arg is _PassArg.eval_context:
+            args = (__self.eval_ctx,) + args
+        elif pass_arg is _PassArg.environment:
+            args = (__self.environment,) + args
+
+        kwargs.pop("_block_vars", None)
+        kwargs.pop("_loop_vars", None)
+
+        try:
+            return __obj(*args, **kwargs)
+        except StopIteration:
+            return __self.environment.undefined(
+                "value was undefined because a callable raised a"
+                " StopIteration exception"
+            )
+
+    def derived(self, locals: t.Optional[t.Dict[str, t.Any]] = None) -> "Context":
+        """Internal helper function to create a derived context.  This is
+        used in situations where the system needs a new context in the same
+        template that is independent.
+        """
+        context = new_context(
+            self.environment, self.name, {}, self.get_all(), True, None, locals
+        )
+        context.eval_ctx = self.eval_ctx
+        context.blocks.update((k, list(v)) for k, v in self.blocks.items())
+        return context
+
+    keys = _dict_method_all(dict.keys)
+    values = _dict_method_all(dict.values)
+    items = _dict_method_all(dict.items)
+
+    def __contains__(self, name: str) -> bool:
+        return name in self.vars or name in self.parent
+
+    def __getitem__(self, key: str) -> t.Any:
+        """Look up a variable by name with ``[]`` syntax, or raise a
+        ``KeyError`` if the key is not found.
+        """
+        item = self.resolve_or_missing(key)
+
+        if item is missing:
+            raise KeyError(key)
+
+        return item
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.get_all()!r} of {self.name!r}>"
+
+
+class BlockReference:
+    """One block on a template reference."""
+
+    def __init__(
+        self,
+        name: str,
+        context: "Context",
+        stack: t.List[t.Callable[["Context"], t.Iterator[str]]],
+        depth: int,
+    ) -> None:
+        self.name = name
+        self._context = context
+        self._stack = stack
+        self._depth = depth
+
+    @property
+    def super(self) -> t.Union["BlockReference", "Undefined"]:
+        """Super the block."""
+        if self._depth + 1 >= len(self._stack):
+            return self._context.environment.undefined(
+                f"there is no parent block called {self.name!r}.", name="super"
+            )
+        return BlockReference(self.name, self._context, self._stack, self._depth + 1)
+
+    @internalcode
+    async def _async_call(self) -> str:
+        rv = concat(
+            [x async for x in self._stack[self._depth](self._context)]  # type: ignore
+        )
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+    @internalcode
+    def __call__(self) -> str:
+        if self._context.environment.is_async:
+            return self._async_call()  # type: ignore
+
+        rv = concat(self._stack[self._depth](self._context))
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+
+class LoopContext:
+    """A wrapper iterable for dynamic ``for`` loops, with information
+    about the loop and iteration.
+    """
+
+    #: Current iteration of the loop, starting at 0.
+    index0 = -1
+
+    _length: t.Optional[int] = None
+    _after: t.Any = missing
+    _current: t.Any = missing
+    _before: t.Any = missing
+    _last_changed_value: t.Any = missing
+
+    def __init__(
+        self,
+        iterable: t.Iterable[V],
+        undefined: t.Type["Undefined"],
+        recurse: t.Optional["LoopRenderFunc"] = None,
+        depth0: int = 0,
+    ) -> None:
+        """
+        :param iterable: Iterable to wrap.
+        :param undefined: :class:`Undefined` class to use for next and
+            previous items.
+        :param recurse: The function to render the loop body when the
+            loop is marked recursive.
+        :param depth0: Incremented when looping recursively.
+        """
+        self._iterable = iterable
+        self._iterator = self._to_iterator(iterable)
+        self._undefined = undefined
+        self._recurse = recurse
+        #: How many levels deep a recursive loop currently is, starting at 0.
+        self.depth0 = depth0
+
+    @staticmethod
+    def _to_iterator(iterable: t.Iterable[V]) -> t.Iterator[V]:
+        return iter(iterable)
+
+    @property
+    def length(self) -> int:
+        """Length of the iterable.
+
+        If the iterable is a generator or otherwise does not have a
+        size, it is eagerly evaluated to get a size.
+        """
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = list(self._iterator)
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    def __len__(self) -> int:
+        return self.length
+
+    @property
+    def depth(self) -> int:
+        """How many levels deep a recursive loop currently is, starting at 1."""
+        return self.depth0 + 1
+
+    @property
+    def index(self) -> int:
+        """Current iteration of the loop, starting at 1."""
+        return self.index0 + 1
+
+    @property
+    def revindex0(self) -> int:
+        """Number of iterations from the end of the loop, ending at 0.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index
+
+    @property
+    def revindex(self) -> int:
+        """Number of iterations from the end of the loop, ending at 1.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index0
+
+    @property
+    def first(self) -> bool:
+        """Whether this is the first iteration of the loop."""
+        return self.index0 == 0
+
+    def _peek_next(self) -> t.Any:
+        """Return the next element in the iterable, or :data:`missing`
+        if the iterable is exhausted. Only peeks one item ahead, caching
+        the result in :attr:`_last` for use in subsequent checks. The
+        cache is reset when :meth:`__next__` is called.
+        """
+        if self._after is not missing:
+            return self._after
+
+        self._after = next(self._iterator, missing)
+        return self._after
+
+    @property
+    def last(self) -> bool:
+        """Whether this is the last iteration of the loop.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`groupby` filter avoids that issue.
+        """
+        return self._peek_next() is missing
+
+    @property
+    def previtem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the previous iteration. Undefined during the
+        first iteration.
+        """
+        if self.first:
+            return self._undefined("there is no previous item")
+
+        return self._before
+
+    @property
+    def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the next iteration. Undefined during the last
+        iteration.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`jinja-filters.groupby` filter avoids that issue.
+        """
+        rv = self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def cycle(self, *args: V) -> V:
+        """Return a value from the given args, cycling through based on
+        the current :attr:`index0`.
+
+        :param args: One or more values to cycle through.
+        """
+        if not args:
+            raise TypeError("no items for cycling given")
+
+        return args[self.index0 % len(args)]
+
+    def changed(self, *value: t.Any) -> bool:
+        """Return ``True`` if previously called with a different value
+        (including when called for the first time).
+
+        :param value: One or more values to compare to the last call.
+        """
+        if self._last_changed_value != value:
+            self._last_changed_value = value
+            return True
+
+        return False
+
+    def __iter__(self) -> "LoopContext":
+        return self
+
+    def __next__(self) -> t.Tuple[t.Any, "LoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = next(self._iterator)
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+    @internalcode
+    def __call__(self, iterable: t.Iterable[V]) -> str:
+        """When iterating over nested data, render the body of the loop
+        recursively with the given inner iterable data.
+
+        The loop must have the ``recursive`` marker for this to work.
+        """
+        if self._recurse is None:
+            raise TypeError(
+                "The loop must have the 'recursive' marker to be called recursively."
+            )
+
+        return self._recurse(iterable, self._recurse, depth=self.depth)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.index}/{self.length}>"
+
+
+class AsyncLoopContext(LoopContext):
+    _iterator: t.AsyncIterator[t.Any]  # type: ignore
+
+    @staticmethod
+    def _to_iterator(  # type: ignore
+        iterable: t.Union[t.Iterable[V], t.AsyncIterable[V]],
+    ) -> t.AsyncIterator[V]:
+        return auto_aiter(iterable)
+
+    @property
+    async def length(self) -> int:  # type: ignore
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = [x async for x in self._iterator]
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    @property
+    async def revindex0(self) -> int:  # type: ignore
+        return await self.length - self.index
+
+    @property
+    async def revindex(self) -> int:  # type: ignore
+        return await self.length - self.index0
+
+    async def _peek_next(self) -> t.Any:
+        if self._after is not missing:
+            return self._after
+
+        try:
+            self._after = await self._iterator.__anext__()
+        except StopAsyncIteration:
+            self._after = missing
+
+        return self._after
+
+    @property
+    async def last(self) -> bool:  # type: ignore
+        return await self._peek_next() is missing
+
+    @property
+    async def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        rv = await self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def __aiter__(self) -> "AsyncLoopContext":
+        return self
+
+    async def __anext__(self) -> t.Tuple[t.Any, "AsyncLoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = await self._iterator.__anext__()
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+
+class Macro:
+    """Wraps a macro function."""
+
+    def __init__(
+        self,
+        environment: "Environment",
+        func: t.Callable[..., str],
+        name: str,
+        arguments: t.List[str],
+        catch_kwargs: bool,
+        catch_varargs: bool,
+        caller: bool,
+        default_autoescape: t.Optional[bool] = None,
+    ):
+        self._environment = environment
+        self._func = func
+        self._argument_count = len(arguments)
+        self.name = name
+        self.arguments = arguments
+        self.catch_kwargs = catch_kwargs
+        self.catch_varargs = catch_varargs
+        self.caller = caller
+        self.explicit_caller = "caller" in arguments
+
+        if default_autoescape is None:
+            if callable(environment.autoescape):
+                default_autoescape = environment.autoescape(None)
+            else:
+                default_autoescape = environment.autoescape
+
+        self._default_autoescape = default_autoescape
+
+    @internalcode
+    @pass_eval_context
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> str:
+        # This requires a bit of explanation,  In the past we used to
+        # decide largely based on compile-time information if a macro is
+        # safe or unsafe.  While there was a volatile mode it was largely
+        # unused for deciding on escaping.  This turns out to be
+        # problematic for macros because whether a macro is safe depends not
+        # on the escape mode when it was defined, but rather when it was used.
+        #
+        # Because however we export macros from the module system and
+        # there are historic callers that do not pass an eval context (and
+        # will continue to not pass one), we need to perform an instance
+        # check here.
+        #
+        # This is considered safe because an eval context is not a valid
+        # argument to callables otherwise anyway.  Worst case here is
+        # that if no eval context is passed we fall back to the compile
+        # time autoescape flag.
+        if args and isinstance(args[0], EvalContext):
+            autoescape = args[0].autoescape
+            args = args[1:]
+        else:
+            autoescape = self._default_autoescape
+
+        # try to consume the positional arguments
+        arguments = list(args[: self._argument_count])
+        off = len(arguments)
+
+        # For information why this is necessary refer to the handling
+        # of caller in the `macro_body` handler in the compiler.
+        found_caller = False
+
+        # if the number of arguments consumed is not the number of
+        # arguments expected we start filling in keyword arguments
+        # and defaults.
+        if off != self._argument_count:
+            for name in self.arguments[len(arguments) :]:
+                try:
+                    value = kwargs.pop(name)
+                except KeyError:
+                    value = missing
+                if name == "caller":
+                    found_caller = True
+                arguments.append(value)
+        else:
+            found_caller = self.explicit_caller
+
+        # it's important that the order of these arguments does not change
+        # if not also changed in the compiler's `function_scoping` method.
+        # the order is caller, keyword arguments, positional arguments!
+        if self.caller and not found_caller:
+            caller = kwargs.pop("caller", None)
+            if caller is None:
+                caller = self._environment.undefined("No caller defined", name="caller")
+            arguments.append(caller)
+
+        if self.catch_kwargs:
+            arguments.append(kwargs)
+        elif kwargs:
+            if "caller" in kwargs:
+                raise TypeError(
+                    f"macro {self.name!r} was invoked with two values for the special"
+                    " caller argument. This is most likely a bug."
+                )
+            raise TypeError(
+                f"macro {self.name!r} takes no keyword argument {next(iter(kwargs))!r}"
+            )
+        if self.catch_varargs:
+            arguments.append(args[self._argument_count :])
+        elif len(args) > self._argument_count:
+            raise TypeError(
+                f"macro {self.name!r} takes not more than"
+                f" {len(self.arguments)} argument(s)"
+            )
+
+        return self._invoke(arguments, autoescape)
+
+    async def _async_invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        rv = await self._func(*arguments)  # type: ignore
+
+        if autoescape:
+            return Markup(rv)
+
+        return rv  # type: ignore
+
+    def _invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        if self._environment.is_async:
+            return self._async_invoke(arguments, autoescape)  # type: ignore
+
+        rv = self._func(*arguments)
+
+        if autoescape:
+            rv = Markup(rv)
+
+        return rv
+
+    def __repr__(self) -> str:
+        name = "anonymous" if self.name is None else repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class Undefined:
+    """The default undefined type.  This undefined type can be printed and
+    iterated over, but every other access will raise an :exc:`UndefinedError`:
+
+    >>> foo = Undefined(name='foo')
+    >>> str(foo)
+    ''
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = (
+        "_undefined_hint",
+        "_undefined_obj",
+        "_undefined_name",
+        "_undefined_exception",
+    )
+
+    def __init__(
+        self,
+        hint: t.Optional[str] = None,
+        obj: t.Any = missing,
+        name: t.Optional[str] = None,
+        exc: t.Type[TemplateRuntimeError] = UndefinedError,
+    ) -> None:
+        self._undefined_hint = hint
+        self._undefined_obj = obj
+        self._undefined_name = name
+        self._undefined_exception = exc
+
+    @property
+    def _undefined_message(self) -> str:
+        """Build a message about the undefined value based on how it was
+        accessed.
+        """
+        if self._undefined_hint:
+            return self._undefined_hint
+
+        if self._undefined_obj is missing:
+            return f"{self._undefined_name!r} is undefined"
+
+        if not isinstance(self._undefined_name, str):
+            return (
+                f"{object_type_repr(self._undefined_obj)} has no"
+                f" element {self._undefined_name!r}"
+            )
+
+        return (
+            f"{object_type_repr(self._undefined_obj)!r} has no"
+            f" attribute {self._undefined_name!r}"
+        )
+
+    @internalcode
+    def _fail_with_undefined_error(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> "te.NoReturn":
+        """Raise an :exc:`UndefinedError` when operations are performed
+        on the undefined value.
+        """
+        raise self._undefined_exception(self._undefined_message)
+
+    @internalcode
+    def __getattr__(self, name: str) -> t.Any:
+        if name[:2] == "__":
+            raise AttributeError(name)
+
+        return self._fail_with_undefined_error()
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _fail_with_undefined_error
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _fail_with_undefined_error
+    __truediv__ = __rtruediv__ = _fail_with_undefined_error
+    __floordiv__ = __rfloordiv__ = _fail_with_undefined_error
+    __mod__ = __rmod__ = _fail_with_undefined_error
+    __pos__ = __neg__ = _fail_with_undefined_error
+    __call__ = __getitem__ = _fail_with_undefined_error
+    __lt__ = __le__ = __gt__ = __ge__ = _fail_with_undefined_error
+    __int__ = __float__ = __complex__ = _fail_with_undefined_error
+    __pow__ = __rpow__ = _fail_with_undefined_error
+
+    def __eq__(self, other: t.Any) -> bool:
+        return type(self) is type(other)
+
+    def __ne__(self, other: t.Any) -> bool:
+        return not self.__eq__(other)
+
+    def __hash__(self) -> int:
+        return id(type(self))
+
+    def __str__(self) -> str:
+        return ""
+
+    def __len__(self) -> int:
+        return 0
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        yield from ()
+
+    async def __aiter__(self) -> t.AsyncIterator[t.Any]:
+        for _ in ():
+            yield
+
+    def __bool__(self) -> bool:
+        return False
+
+    def __repr__(self) -> str:
+        return "Undefined"
+
+
+def make_logging_undefined(
+    logger: t.Optional["logging.Logger"] = None, base: t.Type[Undefined] = Undefined
+) -> t.Type[Undefined]:
+    """Given a logger object this returns a new undefined class that will
+    log certain failures.  It will log iterations and printing.  If no
+    logger is given a default logger is created.
+
+    Example::
+
+        logger = logging.getLogger(__name__)
+        LoggingUndefined = make_logging_undefined(
+            logger=logger,
+            base=Undefined
+        )
+
+    .. versionadded:: 2.8
+
+    :param logger: the logger to use.  If not provided, a default logger
+                   is created.
+    :param base: the base class to add logging functionality to.  This
+                 defaults to :class:`Undefined`.
+    """
+    if logger is None:
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.addHandler(logging.StreamHandler(sys.stderr))
+
+    def _log_message(undef: Undefined) -> None:
+        logger.warning("Template variable warning: %s", undef._undefined_message)
+
+    class LoggingUndefined(base):  # type: ignore
+        __slots__ = ()
+
+        def _fail_with_undefined_error(  # type: ignore
+            self, *args: t.Any, **kwargs: t.Any
+        ) -> "te.NoReturn":
+            try:
+                super()._fail_with_undefined_error(*args, **kwargs)
+            except self._undefined_exception as e:
+                logger.error("Template variable error: %s", e)  # type: ignore
+                raise e
+
+        def __str__(self) -> str:
+            _log_message(self)
+            return super().__str__()  # type: ignore
+
+        def __iter__(self) -> t.Iterator[t.Any]:
+            _log_message(self)
+            return super().__iter__()  # type: ignore
+
+        def __bool__(self) -> bool:
+            _log_message(self)
+            return super().__bool__()  # type: ignore
+
+    return LoggingUndefined
+
+
+class ChainableUndefined(Undefined):
+    """An undefined that is chainable, where both ``__getattr__`` and
+    ``__getitem__`` return itself rather than raising an
+    :exc:`UndefinedError`.
+
+    >>> foo = ChainableUndefined(name='foo')
+    >>> str(foo.bar['baz'])
+    ''
+    >>> foo.bar['baz'] + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+
+    .. versionadded:: 2.11.0
+    """
+
+    __slots__ = ()
+
+    def __html__(self) -> str:
+        return str(self)
+
+    def __getattr__(self, _: str) -> "ChainableUndefined":
+        return self
+
+    __getitem__ = __getattr__  # type: ignore
+
+
+class DebugUndefined(Undefined):
+    """An undefined that returns the debug info when printed.
+
+    >>> foo = DebugUndefined(name='foo')
+    >>> str(foo)
+    '{{ foo }}'
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+
+    def __str__(self) -> str:
+        if self._undefined_hint:
+            message = f"undefined value printed: {self._undefined_hint}"
+
+        elif self._undefined_obj is missing:
+            message = self._undefined_name  # type: ignore
+
+        else:
+            message = (
+                f"no such element: {object_type_repr(self._undefined_obj)}"
+                f"[{self._undefined_name!r}]"
+            )
+
+        return f"{{{{ {message} }}}}"
+
+
+class StrictUndefined(Undefined):
+    """An undefined that barks on print and iteration as well as boolean
+    tests and all kinds of comparisons.  In other words: you can do nothing
+    with it except checking if it's defined using the `defined` test.
+
+    >>> foo = StrictUndefined(name='foo')
+    >>> str(foo)
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> not foo
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+    __iter__ = __str__ = __len__ = Undefined._fail_with_undefined_error
+    __eq__ = __ne__ = __bool__ = __hash__ = Undefined._fail_with_undefined_error
+    __contains__ = Undefined._fail_with_undefined_error
+
+
+# Remove slots attributes, after the metaclass is applied they are
+# unneeded and contain wrong data for subclasses.
+del (
+    Undefined.__slots__,
+    ChainableUndefined.__slots__,
+    DebugUndefined.__slots__,
+    StrictUndefined.__slots__,
+)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/sandbox.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/sandbox.py
new file mode 100644
index 000000000..0b4fc12d3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/sandbox.py
@@ -0,0 +1,429 @@
+"""A sandbox layer that ensures unsafe operations cannot be performed.
+Useful when the template itself comes from an untrusted source.
+"""
+
+import operator
+import types
+import typing as t
+from collections import abc
+from collections import deque
+from string import Formatter
+
+from _string import formatter_field_name_split  # type: ignore
+from markupsafe import EscapeFormatter
+from markupsafe import Markup
+
+from .environment import Environment
+from .exceptions import SecurityError
+from .runtime import Context
+from .runtime import Undefined
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+#: maximum number of items a range may produce
+MAX_RANGE = 100000
+
+#: Unsafe function attributes.
+UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
+
+#: Unsafe method attributes. Function attributes are unsafe for methods too.
+UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
+
+#: unsafe generator attributes.
+UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
+
+#: unsafe attributes on coroutines
+UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
+
+#: unsafe attributes on async generators
+UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
+
+_mutable_spec: t.Tuple[t.Tuple[t.Type[t.Any], t.FrozenSet[str]], ...] = (
+    (
+        abc.MutableSet,
+        frozenset(
+            [
+                "add",
+                "clear",
+                "difference_update",
+                "discard",
+                "pop",
+                "remove",
+                "symmetric_difference_update",
+                "update",
+            ]
+        ),
+    ),
+    (
+        abc.MutableMapping,
+        frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
+    ),
+    (
+        abc.MutableSequence,
+        frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
+    ),
+    (
+        deque,
+        frozenset(
+            [
+                "append",
+                "appendleft",
+                "clear",
+                "extend",
+                "extendleft",
+                "pop",
+                "popleft",
+                "remove",
+                "rotate",
+            ]
+        ),
+    ),
+)
+
+
+def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
+    if not isinstance(
+        callable, (types.MethodType, types.BuiltinMethodType)
+    ) or callable.__name__ not in ("format", "format_map"):
+        return None
+
+    obj = callable.__self__
+
+    if isinstance(obj, str):
+        return obj
+
+    return None
+
+
+def safe_range(*args: int) -> range:
+    """A range that can't generate ranges with a length of more than
+    MAX_RANGE items.
+    """
+    rng = range(*args)
+
+    if len(rng) > MAX_RANGE:
+        raise OverflowError(
+            "Range too big. The sandbox blocks ranges larger than"
+            f" MAX_RANGE ({MAX_RANGE})."
+        )
+
+    return rng
+
+
+def unsafe(f: F) -> F:
+    """Marks a function or method as unsafe.
+
+    .. code-block: python
+
+        @unsafe
+        def delete(self):
+            pass
+    """
+    f.unsafe_callable = True  # type: ignore
+    return f
+
+
+def is_internal_attribute(obj: t.Any, attr: str) -> bool:
+    """Test if the attribute given is an internal python attribute.  For
+    example this function returns `True` for the `func_code` attribute of
+    python objects.  This is useful if the environment method
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
+
+    >>> from jinja2.sandbox import is_internal_attribute
+    >>> is_internal_attribute(str, "mro")
+    True
+    >>> is_internal_attribute(str, "upper")
+    False
+    """
+    if isinstance(obj, types.FunctionType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES:
+            return True
+    elif isinstance(obj, types.MethodType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
+            return True
+    elif isinstance(obj, type):
+        if attr == "mro":
+            return True
+    elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
+        return True
+    elif isinstance(obj, types.GeneratorType):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+            return True
+    elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
+        if attr in UNSAFE_COROUTINE_ATTRIBUTES:
+            return True
+    elif hasattr(types, "AsyncGeneratorType") and isinstance(
+        obj, types.AsyncGeneratorType
+    ):
+        if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
+            return True
+    return attr.startswith("__")
+
+
+def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
+    """This function checks if an attribute on a builtin mutable object
+    (list, dict, set or deque) or the corresponding ABCs would modify it
+    if called.
+
+    >>> modifies_known_mutable({}, "clear")
+    True
+    >>> modifies_known_mutable({}, "keys")
+    False
+    >>> modifies_known_mutable([], "append")
+    True
+    >>> modifies_known_mutable([], "index")
+    False
+
+    If called with an unsupported object, ``False`` is returned.
+
+    >>> modifies_known_mutable("foo", "upper")
+    False
+    """
+    for typespec, unsafe in _mutable_spec:
+        if isinstance(obj, typespec):
+            return attr in unsafe
+    return False
+
+
+class SandboxedEnvironment(Environment):
+    """The sandboxed environment.  It works like the regular environment but
+    tells the compiler to generate sandboxed code.  Additionally subclasses of
+    this environment may override the methods that tell the runtime what
+    attributes or functions are safe to access.
+
+    If the template tries to access insecure code a :exc:`SecurityError` is
+    raised.  However also other exceptions may occur during the rendering so
+    the caller has to ensure that all exceptions are caught.
+    """
+
+    sandboxed = True
+
+    #: default callback table for the binary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`binop_table`
+    default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+        "+": operator.add,
+        "-": operator.sub,
+        "*": operator.mul,
+        "/": operator.truediv,
+        "//": operator.floordiv,
+        "**": operator.pow,
+        "%": operator.mod,
+    }
+
+    #: default callback table for the unary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`unop_table`
+    default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+        "+": operator.pos,
+        "-": operator.neg,
+    }
+
+    #: a set of binary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_binop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`binop_table`.
+    #:
+    #: The following binary operators are interceptable:
+    #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_binops: t.FrozenSet[str] = frozenset()
+
+    #: a set of unary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_unop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`unop_table`.
+    #:
+    #: The following unary operators are interceptable: ``+``, ``-``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_unops: t.FrozenSet[str] = frozenset()
+
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
+        super().__init__(*args, **kwargs)
+        self.globals["range"] = safe_range
+        self.binop_table = self.default_binop_table.copy()
+        self.unop_table = self.default_unop_table.copy()
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        """The sandboxed environment will call this method to check if the
+        attribute of an object is safe to access.  Per default all attributes
+        starting with an underscore are considered private as well as the
+        special attributes of internal python objects as returned by the
+        :func:`is_internal_attribute` function.
+        """
+        return not (attr.startswith("_") or is_internal_attribute(obj, attr))
+
+    def is_safe_callable(self, obj: t.Any) -> bool:
+        """Check if an object is safely callable. By default callables
+        are considered safe unless decorated with :func:`unsafe`.
+
+        This also recognizes the Django convention of setting
+        ``func.alters_data = True``.
+        """
+        return not (
+            getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
+        )
+
+    def call_binop(
+        self, context: Context, operator: str, left: t.Any, right: t.Any
+    ) -> t.Any:
+        """For intercepted binary operator calls (:meth:`intercepted_binops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.binop_table[operator](left, right)
+
+    def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
+        """For intercepted unary operator calls (:meth:`intercepted_unops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.unop_table[operator](arg)
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code."""
+        try:
+            return obj[argument]
+        except (TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        value = getattr(obj, attr)
+                    except AttributeError:
+                        pass
+                    else:
+                        if self.is_safe_attribute(obj, argument, value):
+                            return value
+                        return self.unsafe_undefined(obj, argument)
+        return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code and prefer the
+        attribute.  The attribute passed *must* be a bytestring.
+        """
+        try:
+            value = getattr(obj, attribute)
+        except AttributeError:
+            try:
+                return obj[attribute]
+            except (TypeError, LookupError):
+                pass
+        else:
+            if self.is_safe_attribute(obj, attribute, value):
+                return value
+            return self.unsafe_undefined(obj, attribute)
+        return self.undefined(obj=obj, name=attribute)
+
+    def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
+        """Return an undefined object for unsafe attributes."""
+        return self.undefined(
+            f"access to attribute {attribute!r} of"
+            f" {type(obj).__name__!r} object is unsafe.",
+            name=attribute,
+            obj=obj,
+            exc=SecurityError,
+        )
+
+    def format_string(
+        self,
+        s: str,
+        args: t.Tuple[t.Any, ...],
+        kwargs: t.Dict[str, t.Any],
+        format_func: t.Optional[t.Callable[..., t.Any]] = None,
+    ) -> str:
+        """If a format call is detected, then this is routed through this
+        method so that our safety sandbox can be used for it.
+        """
+        formatter: SandboxedFormatter
+        if isinstance(s, Markup):
+            formatter = SandboxedEscapeFormatter(self, escape=s.escape)
+        else:
+            formatter = SandboxedFormatter(self)
+
+        if format_func is not None and format_func.__name__ == "format_map":
+            if len(args) != 1 or kwargs:
+                raise TypeError(
+                    "format_map() takes exactly one argument"
+                    f" {len(args) + (kwargs is not None)} given"
+                )
+
+            kwargs = args[0]
+            args = ()
+
+        rv = formatter.vformat(s, args, kwargs)
+        return type(s)(rv)
+
+    def call(
+        __self,  # noqa: B902
+        __context: Context,
+        __obj: t.Any,
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        """Call an object from sandboxed code."""
+        fmt = inspect_format_method(__obj)
+        if fmt is not None:
+            return __self.format_string(fmt, args, kwargs, __obj)
+
+        # the double prefixes are to avoid double keyword argument
+        # errors when proxying the call.
+        if not __self.is_safe_callable(__obj):
+            raise SecurityError(f"{__obj!r} is not safely callable")
+        return __context.call(__obj, *args, **kwargs)
+
+
+class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+    """Works exactly like the regular `SandboxedEnvironment` but does not
+    permit modifications on the builtin mutable objects `list`, `set`, and
+    `dict` by using the :func:`modifies_known_mutable` function.
+    """
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        if not super().is_safe_attribute(obj, attr, value):
+            return False
+
+        return not modifies_known_mutable(obj, attr)
+
+
+class SandboxedFormatter(Formatter):
+    def __init__(self, env: Environment, **kwargs: t.Any) -> None:
+        self._env = env
+        super().__init__(**kwargs)
+
+    def get_field(
+        self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, str]:
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+
+class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/tests.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/tests.py
new file mode 100644
index 000000000..1a59e3703
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/tests.py
@@ -0,0 +1,256 @@
+"""Built-in template tests used with the ``is`` operator."""
+
+import operator
+import typing as t
+from collections import abc
+from numbers import Number
+
+from .runtime import Undefined
+from .utils import pass_environment
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def test_odd(value: int) -> bool:
+    """Return true if the variable is odd."""
+    return value % 2 == 1
+
+
+def test_even(value: int) -> bool:
+    """Return true if the variable is even."""
+    return value % 2 == 0
+
+
+def test_divisibleby(value: int, num: int) -> bool:
+    """Check if a variable is divisible by a number."""
+    return value % num == 0
+
+
+def test_defined(value: t.Any) -> bool:
+    """Return true if the variable is defined:
+
+    .. sourcecode:: jinja
+
+        {% if variable is defined %}
+            value of variable: {{ variable }}
+        {% else %}
+            variable is not defined
+        {% endif %}
+
+    See the :func:`default` filter for a simple way to set undefined
+    variables.
+    """
+    return not isinstance(value, Undefined)
+
+
+def test_undefined(value: t.Any) -> bool:
+    """Like :func:`defined` but the other way round."""
+    return isinstance(value, Undefined)
+
+
+@pass_environment
+def test_filter(env: "Environment", value: str) -> bool:
+    """Check if a filter exists by name. Useful if a filter may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'markdown' is filter %}
+            {{ value | markdown }}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.filters
+
+
+@pass_environment
+def test_test(env: "Environment", value: str) -> bool:
+    """Check if a test exists by name. Useful if a test may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'loud' is test %}
+            {% if value is loud %}
+                {{ value|upper }}
+            {% else %}
+                {{ value|lower }}
+            {% endif %}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.tests
+
+
+def test_none(value: t.Any) -> bool:
+    """Return true if the variable is none."""
+    return value is None
+
+
+def test_boolean(value: t.Any) -> bool:
+    """Return true if the object is a boolean value.
+
+    .. versionadded:: 2.11
+    """
+    return value is True or value is False
+
+
+def test_false(value: t.Any) -> bool:
+    """Return true if the object is False.
+
+    .. versionadded:: 2.11
+    """
+    return value is False
+
+
+def test_true(value: t.Any) -> bool:
+    """Return true if the object is True.
+
+    .. versionadded:: 2.11
+    """
+    return value is True
+
+
+# NOTE: The existing 'number' test matches booleans and floats
+def test_integer(value: t.Any) -> bool:
+    """Return true if the object is an integer.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, int) and value is not True and value is not False
+
+
+# NOTE: The existing 'number' test matches booleans and integers
+def test_float(value: t.Any) -> bool:
+    """Return true if the object is a float.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, float)
+
+
+def test_lower(value: str) -> bool:
+    """Return true if the variable is lowercased."""
+    return str(value).islower()
+
+
+def test_upper(value: str) -> bool:
+    """Return true if the variable is uppercased."""
+    return str(value).isupper()
+
+
+def test_string(value: t.Any) -> bool:
+    """Return true if the object is a string."""
+    return isinstance(value, str)
+
+
+def test_mapping(value: t.Any) -> bool:
+    """Return true if the object is a mapping (dict etc.).
+
+    .. versionadded:: 2.6
+    """
+    return isinstance(value, abc.Mapping)
+
+
+def test_number(value: t.Any) -> bool:
+    """Return true if the variable is a number."""
+    return isinstance(value, Number)
+
+
+def test_sequence(value: t.Any) -> bool:
+    """Return true if the variable is a sequence. Sequences are variables
+    that are iterable.
+    """
+    try:
+        len(value)
+        value.__getitem__  # noqa B018
+    except Exception:
+        return False
+
+    return True
+
+
+def test_sameas(value: t.Any, other: t.Any) -> bool:
+    """Check if an object points to the same memory address than another
+    object:
+
+    .. sourcecode:: jinja
+
+        {% if foo.attribute is sameas false %}
+            the foo attribute really is the `False` singleton
+        {% endif %}
+    """
+    return value is other
+
+
+def test_iterable(value: t.Any) -> bool:
+    """Check if it's possible to iterate over an object."""
+    try:
+        iter(value)
+    except TypeError:
+        return False
+
+    return True
+
+
+def test_escaped(value: t.Any) -> bool:
+    """Check if the value is escaped."""
+    return hasattr(value, "__html__")
+
+
+def test_in(value: t.Any, seq: t.Container[t.Any]) -> bool:
+    """Check if value is in seq.
+
+    .. versionadded:: 2.10
+    """
+    return value in seq
+
+
+TESTS = {
+    "odd": test_odd,
+    "even": test_even,
+    "divisibleby": test_divisibleby,
+    "defined": test_defined,
+    "undefined": test_undefined,
+    "filter": test_filter,
+    "test": test_test,
+    "none": test_none,
+    "boolean": test_boolean,
+    "false": test_false,
+    "true": test_true,
+    "integer": test_integer,
+    "float": test_float,
+    "lower": test_lower,
+    "upper": test_upper,
+    "string": test_string,
+    "mapping": test_mapping,
+    "number": test_number,
+    "sequence": test_sequence,
+    "iterable": test_iterable,
+    "callable": callable,
+    "sameas": test_sameas,
+    "escaped": test_escaped,
+    "in": test_in,
+    "==": operator.eq,
+    "eq": operator.eq,
+    "equalto": operator.eq,
+    "!=": operator.ne,
+    "ne": operator.ne,
+    ">": operator.gt,
+    "gt": operator.gt,
+    "greaterthan": operator.gt,
+    "ge": operator.ge,
+    ">=": operator.ge,
+    "<": operator.lt,
+    "lt": operator.lt,
+    "lessthan": operator.lt,
+    "<=": operator.le,
+    "le": operator.le,
+}
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/utils.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/utils.py
new file mode 100644
index 000000000..7fb76935a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/utils.py
@@ -0,0 +1,755 @@
+import enum
+import json
+import os
+import re
+import typing as t
+from collections import abc
+from collections import deque
+from random import choice
+from random import randrange
+from threading import Lock
+from types import CodeType
+from urllib.parse import quote_from_bytes
+
+import markupsafe
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+# special singleton representing missing values for the runtime
+missing: t.Any = type("MissingType", (), {"__repr__": lambda x: "missing"})()
+
+internal_code: t.MutableSet[CodeType] = set()
+
+concat = "".join
+
+
+def pass_context(f: F) -> F:
+    """Pass the :class:`~jinja2.runtime.Context` as the first argument
+    to the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``Context.eval_context`` is needed, use
+    :func:`pass_eval_context`. If only ``Context.environment`` is
+    needed, use :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``contextfunction`` and ``contextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.context  # type: ignore
+    return f
+
+
+def pass_eval_context(f: F) -> F:
+    """Pass the :class:`~jinja2.nodes.EvalContext` as the first argument
+    to the decorated function when called while rendering a template.
+    See :ref:`eval-context`.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``EvalContext.environment`` is needed, use
+    :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``evalcontextfunction`` and ``evalcontextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.eval_context  # type: ignore
+    return f
+
+
+def pass_environment(f: F) -> F:
+    """Pass the :class:`~jinja2.Environment` as the first argument to
+    the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    .. versionadded:: 3.0.0
+        Replaces ``environmentfunction`` and ``environmentfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.environment  # type: ignore
+    return f
+
+
+class _PassArg(enum.Enum):
+    context = enum.auto()
+    eval_context = enum.auto()
+    environment = enum.auto()
+
+    @classmethod
+    def from_obj(cls, obj: F) -> t.Optional["_PassArg"]:
+        if hasattr(obj, "jinja_pass_arg"):
+            return obj.jinja_pass_arg  # type: ignore
+
+        return None
+
+
+def internalcode(f: F) -> F:
+    """Marks the function as internally used"""
+    internal_code.add(f.__code__)
+    return f
+
+
+def is_undefined(obj: t.Any) -> bool:
+    """Check if the object passed is undefined.  This does nothing more than
+    performing an instance check against :class:`Undefined` but looks nicer.
+    This can be used for custom filters or tests that want to react to
+    undefined variables.  For example a custom default filter can look like
+    this::
+
+        def default(var, default=''):
+            if is_undefined(var):
+                return default
+            return var
+    """
+    from .runtime import Undefined
+
+    return isinstance(obj, Undefined)
+
+
+def consume(iterable: t.Iterable[t.Any]) -> None:
+    """Consumes an iterable without doing anything with it."""
+    for _ in iterable:
+        pass
+
+
+def clear_caches() -> None:
+    """Jinja keeps internal caches for environments and lexers.  These are
+    used so that Jinja doesn't have to recreate environments and lexers all
+    the time.  Normally you don't have to care about that but if you are
+    measuring memory consumption you may want to clean the caches.
+    """
+    from .environment import get_spontaneous_environment
+    from .lexer import _lexer_cache
+
+    get_spontaneous_environment.cache_clear()
+    _lexer_cache.clear()
+
+
+def import_string(import_name: str, silent: bool = False) -> t.Any:
+    """Imports an object based on a string.  This is useful if you want to
+    use import paths as endpoints or something similar.  An import path can
+    be specified either in dotted notation (``xml.sax.saxutils.escape``)
+    or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+    If the `silent` is True the return value will be `None` if the import
+    fails.
+
+    :return: imported object
+    """
+    try:
+        if ":" in import_name:
+            module, obj = import_name.split(":", 1)
+        elif "." in import_name:
+            module, _, obj = import_name.rpartition(".")
+        else:
+            return __import__(import_name)
+        return getattr(__import__(module, None, None, [obj]), obj)
+    except (ImportError, AttributeError):
+        if not silent:
+            raise
+
+
+def open_if_exists(filename: str, mode: str = "rb") -> t.Optional[t.IO[t.Any]]:
+    """Returns a file descriptor for the filename if that file exists,
+    otherwise ``None``.
+    """
+    if not os.path.isfile(filename):
+        return None
+
+    return open(filename, mode)
+
+
+def object_type_repr(obj: t.Any) -> str:
+    """Returns the name of the object's type.  For some recognized
+    singletons the name of the object is returned instead. (For
+    example for `None` and `Ellipsis`).
+    """
+    if obj is None:
+        return "None"
+    elif obj is Ellipsis:
+        return "Ellipsis"
+
+    cls = type(obj)
+
+    if cls.__module__ == "builtins":
+        return f"{cls.__name__} object"
+
+    return f"{cls.__module__}.{cls.__name__} object"
+
+
+def pformat(obj: t.Any) -> str:
+    """Format an object using :func:`pprint.pformat`."""
+    from pprint import pformat
+
+    return pformat(obj)
+
+
+_http_re = re.compile(
+    r"""
+    ^
+    (
+        (https?://|www\.)  # scheme or www
+        (([\w%-]+\.)+)?  # subdomain
+        (
+            [a-z]{2,63}  # basic tld
+        |
+            xn--[\w%]{2,59}  # idna tld
+        )
+    |
+        ([\w%-]{2,63}\.)+  # basic domain
+        (com|net|int|edu|gov|org|info|mil)  # basic tld
+    |
+        (https?://)  # scheme
+        (
+            (([\d]{1,3})(\.[\d]{1,3}){3})  # IPv4
+        |
+            (\[([\da-f]{0,4}:){2}([\da-f]{0,4}:?){1,6}])  # IPv6
+        )
+    )
+    (?::[\d]{1,5})?  # port
+    (?:[/?#]\S*)?  # path, query, and fragment
+    $
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+_email_re = re.compile(r"^\S+@\w[\w.-]*\.\w+$")
+
+
+def urlize(
+    text: str,
+    trim_url_limit: t.Optional[int] = None,
+    rel: t.Optional[str] = None,
+    target: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param text: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+    """
+    if trim_url_limit is not None:
+
+        def trim_url(x: str) -> str:
+            if len(x) > trim_url_limit:
+                return f"{x[:trim_url_limit]}..."
+
+            return x
+
+    else:
+
+        def trim_url(x: str) -> str:
+            return x
+
+    words = re.split(r"(\s+)", str(markupsafe.escape(text)))
+    rel_attr = f' rel="{markupsafe.escape(rel)}"' if rel else ""
+    target_attr = f' target="{markupsafe.escape(target)}"' if target else ""
+
+    for i, word in enumerate(words):
+        head, middle, tail = "", word, ""
+        match = re.match(r"^([(<]|&lt;)+", middle)
+
+        if match:
+            head = match.group()
+            middle = middle[match.end() :]
+
+        # Unlike lead, which is anchored to the start of the string,
+        # need to check that the string ends with any of the characters
+        # before trying to match all of them, to avoid backtracking.
+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
+
+            if match:
+                tail = match.group()
+                middle = middle[: match.start()]
+
+        # Prefer balancing parentheses in URLs instead of ignoring a
+        # trailing character.
+        for start_char, end_char in ("(", ")"), ("<", ">"), ("&lt;", "&gt;"):
+            start_count = middle.count(start_char)
+
+            if start_count <= middle.count(end_char):
+                # Balanced, or lighter on the left
+                continue
+
+            # Move as many as possible from the tail to balance
+            for _ in range(min(start_count, tail.count(end_char))):
+                end_index = tail.index(end_char) + len(end_char)
+                # Move anything in the tail before the end char too
+                middle += tail[:end_index]
+                tail = tail[end_index:]
+
+        if _http_re.match(middle):
+            if middle.startswith("https://") or middle.startswith("http://"):
+                middle = (
+                    f'<a href="{middle}"{rel_attr}{target_attr}>{trim_url(middle)}</a>'
+                )
+            else:
+                middle = (
+                    f'<a href="https://{middle}"{rel_attr}{target_attr}>'
+                    f"{trim_url(middle)}</a>"
+                )
+
+        elif middle.startswith("mailto:") and _email_re.match(middle[7:]):
+            middle = f'<a href="{middle}">{middle[7:]}</a>'
+
+        elif (
+            "@" in middle
+            and not middle.startswith("www.")
+            and ":" not in middle
+            and _email_re.match(middle)
+        ):
+            middle = f'<a href="mailto:{middle}">{middle}</a>'
+
+        elif extra_schemes is not None:
+            for scheme in extra_schemes:
+                if middle != scheme and middle.startswith(scheme):
+                    middle = f'<a href="{middle}"{rel_attr}{target_attr}>{middle}</a>'
+
+        words[i] = f"{head}{middle}{tail}"
+
+    return "".join(words)
+
+
+def generate_lorem_ipsum(
+    n: int = 5, html: bool = True, min: int = 20, max: int = 100
+) -> str:
+    """Generate some lorem ipsum for the template."""
+    from .constants import LOREM_IPSUM_WORDS
+
+    words = LOREM_IPSUM_WORDS.split()
+    result = []
+
+    for _ in range(n):
+        next_capitalized = True
+        last_comma = last_fullstop = 0
+        word = None
+        last = None
+        p = []
+
+        # each paragraph contains out of 20 to 100 words.
+        for idx, _ in enumerate(range(randrange(min, max))):
+            while True:
+                word = choice(words)
+                if word != last:
+                    last = word
+                    break
+            if next_capitalized:
+                word = word.capitalize()
+                next_capitalized = False
+            # add commas
+            if idx - randrange(3, 8) > last_comma:
+                last_comma = idx
+                last_fullstop += 2
+                word += ","
+            # add end of sentences
+            if idx - randrange(10, 20) > last_fullstop:
+                last_comma = last_fullstop = idx
+                word += "."
+                next_capitalized = True
+            p.append(word)
+
+        # ensure that the paragraph ends with a dot.
+        p_str = " ".join(p)
+
+        if p_str.endswith(","):
+            p_str = p_str[:-1] + "."
+        elif not p_str.endswith("."):
+            p_str += "."
+
+        result.append(p_str)
+
+    if not html:
+        return "\n\n".join(result)
+    return markupsafe.Markup(
+        "\n".join(f"<p>{markupsafe.escape(x)}</p>" for x in result)
+    )
+
+
+def url_quote(obj: t.Any, charset: str = "utf-8", for_qs: bool = False) -> str:
+    """Quote a string for use in a URL using the given charset.
+
+    :param obj: String or bytes to quote. Other types are converted to
+        string then encoded to bytes using the given charset.
+    :param charset: Encode text to bytes using this charset.
+    :param for_qs: Quote "/" and use "+" for spaces.
+    """
+    if not isinstance(obj, bytes):
+        if not isinstance(obj, str):
+            obj = str(obj)
+
+        obj = obj.encode(charset)
+
+    safe = b"" if for_qs else b"/"
+    rv = quote_from_bytes(obj, safe)
+
+    if for_qs:
+        rv = rv.replace("%20", "+")
+
+    return rv
+
+
+@abc.MutableMapping.register
+class LRUCache:
+    """A simple LRU Cache implementation."""
+
+    # this is fast for small capacities (something below 1000) but doesn't
+    # scale.  But as long as it's only used as storage for templates this
+    # won't do any harm.
+
+    def __init__(self, capacity: int) -> None:
+        self.capacity = capacity
+        self._mapping: t.Dict[t.Any, t.Any] = {}
+        self._queue: "te.Deque[t.Any]" = deque()
+        self._postinit()
+
+    def _postinit(self) -> None:
+        # alias all queue methods for faster lookup
+        self._popleft = self._queue.popleft
+        self._pop = self._queue.pop
+        self._remove = self._queue.remove
+        self._wlock = Lock()
+        self._append = self._queue.append
+
+    def __getstate__(self) -> t.Mapping[str, t.Any]:
+        return {
+            "capacity": self.capacity,
+            "_mapping": self._mapping,
+            "_queue": self._queue,
+        }
+
+    def __setstate__(self, d: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.update(d)
+        self._postinit()
+
+    def __getnewargs__(self) -> t.Tuple[t.Any, ...]:
+        return (self.capacity,)
+
+    def copy(self) -> "LRUCache":
+        """Return a shallow copy of the instance."""
+        rv = self.__class__(self.capacity)
+        rv._mapping.update(self._mapping)
+        rv._queue.extend(self._queue)
+        return rv
+
+    def get(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Return an item from the cache dict or `default`"""
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def setdefault(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Set `default` if the key is not in the cache otherwise
+        leave unchanged. Return the value of this key.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            self[key] = default
+            return default
+
+    def clear(self) -> None:
+        """Clear the cache."""
+        with self._wlock:
+            self._mapping.clear()
+            self._queue.clear()
+
+    def __contains__(self, key: t.Any) -> bool:
+        """Check if a key exists in this cache."""
+        return key in self._mapping
+
+    def __len__(self) -> int:
+        """Return the current size of the cache."""
+        return len(self._mapping)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self._mapping!r}>"
+
+    def __getitem__(self, key: t.Any) -> t.Any:
+        """Get an item from the cache. Moves the item up so that it has the
+        highest priority then.
+
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            rv = self._mapping[key]
+
+            if self._queue[-1] != key:
+                try:
+                    self._remove(key)
+                except ValueError:
+                    # if something removed the key from the container
+                    # when we read, ignore the ValueError that we would
+                    # get otherwise.
+                    pass
+
+                self._append(key)
+
+            return rv
+
+    def __setitem__(self, key: t.Any, value: t.Any) -> None:
+        """Sets the value for an item. Moves the item up so that it
+        has the highest priority then.
+        """
+        with self._wlock:
+            if key in self._mapping:
+                self._remove(key)
+            elif len(self._mapping) == self.capacity:
+                del self._mapping[self._popleft()]
+
+            self._append(key)
+            self._mapping[key] = value
+
+    def __delitem__(self, key: t.Any) -> None:
+        """Remove an item from the cache dict.
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            del self._mapping[key]
+
+            try:
+                self._remove(key)
+            except ValueError:
+                pass
+
+    def items(self) -> t.Iterable[t.Tuple[t.Any, t.Any]]:
+        """Return a list of items."""
+        result = [(key, self._mapping[key]) for key in list(self._queue)]
+        result.reverse()
+        return result
+
+    def values(self) -> t.Iterable[t.Any]:
+        """Return a list of all values."""
+        return [x[1] for x in self.items()]
+
+    def keys(self) -> t.Iterable[t.Any]:
+        """Return a list of all keys ordered by most recent usage."""
+        return list(self)
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        return reversed(tuple(self._queue))
+
+    def __reversed__(self) -> t.Iterator[t.Any]:
+        """Iterate over the keys in the cache dict, oldest items
+        coming first.
+        """
+        return iter(tuple(self._queue))
+
+    __copy__ = copy
+
+
+def select_autoescape(
+    enabled_extensions: t.Collection[str] = ("html", "htm", "xml"),
+    disabled_extensions: t.Collection[str] = (),
+    default_for_string: bool = True,
+    default: bool = False,
+) -> t.Callable[[t.Optional[str]], bool]:
+    """Intelligently sets the initial value of autoescaping based on the
+    filename of the template.  This is the recommended way to configure
+    autoescaping if you do not want to write a custom function yourself.
+
+    If you want to enable it for all templates created from strings or
+    for all templates with `.html` and `.xml` extensions::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            enabled_extensions=('html', 'xml'),
+            default_for_string=True,
+        ))
+
+    Example configuration to turn it on at all times except if the template
+    ends with `.txt`::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            disabled_extensions=('txt',),
+            default_for_string=True,
+            default=True,
+        ))
+
+    The `enabled_extensions` is an iterable of all the extensions that
+    autoescaping should be enabled for.  Likewise `disabled_extensions` is
+    a list of all templates it should be disabled for.  If a template is
+    loaded from a string then the default from `default_for_string` is used.
+    If nothing matches then the initial value of autoescaping is set to the
+    value of `default`.
+
+    For security reasons this function operates case insensitive.
+
+    .. versionadded:: 2.9
+    """
+    enabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in enabled_extensions)
+    disabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in disabled_extensions)
+
+    def autoescape(template_name: t.Optional[str]) -> bool:
+        if template_name is None:
+            return default_for_string
+        template_name = template_name.lower()
+        if template_name.endswith(enabled_patterns):
+            return True
+        if template_name.endswith(disabled_patterns):
+            return False
+        return default
+
+    return autoescape
+
+
+def htmlsafe_json_dumps(
+    obj: t.Any, dumps: t.Optional[t.Callable[..., str]] = None, **kwargs: t.Any
+) -> markupsafe.Markup:
+    """Serialize an object to a string of JSON with :func:`json.dumps`,
+    then replace HTML-unsafe characters with Unicode escapes and mark
+    the result safe with :class:`~markupsafe.Markup`.
+
+    This is available in templates as the ``|tojson`` filter.
+
+    The following characters are escaped: ``<``, ``>``, ``&``, ``'``.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param obj: The object to serialize to JSON.
+    :param dumps: The ``dumps`` function to use. Defaults to
+        ``env.policies["json.dumps_function"]``, which defaults to
+        :func:`json.dumps`.
+    :param kwargs: Extra arguments to pass to ``dumps``. Merged onto
+        ``env.policies["json.dumps_kwargs"]``.
+
+    .. versionchanged:: 3.0
+        The ``dumper`` parameter is renamed to ``dumps``.
+
+    .. versionadded:: 2.9
+    """
+    if dumps is None:
+        dumps = json.dumps
+
+    return markupsafe.Markup(
+        dumps(obj, **kwargs)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("'", "\\u0027")
+    )
+
+
+class Cycler:
+    """Cycle through values by yield them one at a time, then restarting
+    once the end is reached. Available as ``cycler`` in templates.
+
+    Similar to ``loop.cycle``, but can be used outside loops or across
+    multiple loops. For example, render a list of folders and files in a
+    list, alternating giving them "odd" and "even" classes.
+
+    .. code-block:: html+jinja
+
+        {% set row_class = cycler("odd", "even") %}
+        <ul class="browser">
+        {% for folder in folders %}
+          <li class="folder {{ row_class.next() }}">{{ folder }}
+        {% endfor %}
+        {% for file in files %}
+          <li class="file {{ row_class.next() }}">{{ file }}
+        {% endfor %}
+        </ul>
+
+    :param items: Each positional argument will be yielded in the order
+        given for each cycle.
+
+    .. versionadded:: 2.1
+    """
+
+    def __init__(self, *items: t.Any) -> None:
+        if not items:
+            raise RuntimeError("at least one item has to be provided")
+        self.items = items
+        self.pos = 0
+
+    def reset(self) -> None:
+        """Resets the current item to the first item."""
+        self.pos = 0
+
+    @property
+    def current(self) -> t.Any:
+        """Return the current item. Equivalent to the item that will be
+        returned next time :meth:`next` is called.
+        """
+        return self.items[self.pos]
+
+    def next(self) -> t.Any:
+        """Return the current item, then advance :attr:`current` to the
+        next item.
+        """
+        rv = self.current
+        self.pos = (self.pos + 1) % len(self.items)
+        return rv
+
+    __next__ = next
+
+
+class Joiner:
+    """A joining helper for templates."""
+
+    def __init__(self, sep: str = ", ") -> None:
+        self.sep = sep
+        self.used = False
+
+    def __call__(self) -> str:
+        if not self.used:
+            self.used = True
+            return ""
+        return self.sep
+
+
+class Namespace:
+    """A namespace object that can hold arbitrary attributes.  It may be
+    initialized from a dictionary or with keyword arguments."""
+
+    def __init__(*args: t.Any, **kwargs: t.Any) -> None:  # noqa: B902
+        self, args = args[0], args[1:]
+        self.__attrs = dict(*args, **kwargs)
+
+    def __getattribute__(self, name: str) -> t.Any:
+        # __class__ is needed for the awaitable check in async mode
+        if name in {"_Namespace__attrs", "__class__"}:
+            return object.__getattribute__(self, name)
+        try:
+            return self.__attrs[name]
+        except KeyError:
+            raise AttributeError(name) from None
+
+    def __setitem__(self, name: str, value: t.Any) -> None:
+        self.__attrs[name] = value
+
+    def __repr__(self) -> str:
+        return f"<Namespace {self.__attrs!r}>"
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jinja2/visitor.py b/lib/go-jinja2/internal/data/linux-amd64/jinja2/visitor.py
new file mode 100644
index 000000000..7b8e18060
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jinja2/visitor.py
@@ -0,0 +1,92 @@
+"""API for traversing the AST nodes. Implemented by the compiler and
+meta introspection.
+"""
+
+import typing as t
+
+from .nodes import Node
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class VisitCallable(te.Protocol):
+        def __call__(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any: ...
+
+
+class NodeVisitor:
+    """Walks the abstract syntax tree and call visitor functions for every
+    node found.  The visitor functions may return values which will be
+    forwarded by the `visit` method.
+
+    Per default the visitor functions for the nodes are ``'visit_'`` +
+    class name of the node.  So a `TryFinally` node visit function would
+    be `visit_TryFinally`.  This behavior can be changed by overriding
+    the `get_visitor` function.  If no visitor function exists for a node
+    (return value `None`) the `generic_visit` visitor is used instead.
+    """
+
+    def get_visitor(self, node: Node) -> "t.Optional[VisitCallable]":
+        """Return the visitor function for this node or `None` if no visitor
+        exists for this node.  In that case the generic visit function is
+        used instead.
+        """
+        return getattr(self, f"visit_{type(node).__name__}", None)
+
+    def visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Visit a node."""
+        f = self.get_visitor(node)
+
+        if f is not None:
+            return f(node, *args, **kwargs)
+
+        return self.generic_visit(node, *args, **kwargs)
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Called if no explicit visitor function exists for a node."""
+        for child_node in node.iter_child_nodes():
+            self.visit(child_node, *args, **kwargs)
+
+
+class NodeTransformer(NodeVisitor):
+    """Walks the abstract syntax tree and allows modifications of nodes.
+
+    The `NodeTransformer` will walk the AST and use the return value of the
+    visitor functions to replace or remove the old node.  If the return
+    value of the visitor function is `None` the node will be removed
+    from the previous location otherwise it's replaced with the return
+    value.  The return value may be the original node in which case no
+    replacement takes place.
+    """
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> Node:
+        for field, old_value in node.iter_fields():
+            if isinstance(old_value, list):
+                new_values = []
+                for value in old_value:
+                    if isinstance(value, Node):
+                        value = self.visit(value, *args, **kwargs)
+                        if value is None:
+                            continue
+                        elif not isinstance(value, Node):
+                            new_values.extend(value)
+                            continue
+                    new_values.append(value)
+                old_value[:] = new_values
+            elif isinstance(old_value, Node):
+                new_node = self.visit(old_value, *args, **kwargs)
+                if new_node is None:
+                    delattr(node, field)
+                else:
+                    setattr(node, field, new_node)
+        return node
+
+    def visit_list(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.List[Node]:
+        """As transformers may return lists in some places this method
+        can be used to enforce a list as return value.
+        """
+        rv = self.visit(node, *args, **kwargs)
+
+        if not isinstance(rv, list):
+            return [rv]
+
+        return rv
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
new file mode 100644
index 000000000..86be119bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
@@ -0,0 +1,379 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.6.1
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+License-File: LICENSE
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.7 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++-------------------------------------+------------------------------------------------------------------------------------+
+| Syntax                              | Meaning                                                                            |
++=====================================+====================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
++-------------------------------------+------------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
new file mode 100644
index 000000000..28c135846
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
@@ -0,0 +1,35 @@
+../../bin/jsonpath_ng,sha256=kobtzF-MfUVWOwuEGnHuplhBWwssjmIPKgy0IfD-hpY,260
+jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
+jsonpath_ng-1.6.1.dist-info/RECORD,,
+jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
+jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
+jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/__pycache__/lexer.cpython-311.pyc,,
+jsonpath_ng/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/bin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng/bin/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/bin/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/bin/jsonpath.py,sha256=C4PCWjxSRskALh_Z7ILOFpvHNjP5HLBmRnxbzrbgg98,2057
+jsonpath_ng/exceptions.py,sha256=WbmwVjhCtpqp0enN3Sd4ymlZGP8ZZUkvT9uq7PXiEq4,146
+jsonpath_ng/ext/__init__.py,sha256=oxAHiz1-xcRsDX_KGDCiBh6LGP2zHZKzvI3QxrFTh6E,605
+jsonpath_ng/ext/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/arithmetic.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/filter.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/iterable.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
+jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
+jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
+jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
+jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
+jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
+jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
+jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
+jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
new file mode 100644
index 000000000..57e3d840d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.38.4)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
new file mode 100644
index 000000000..e1985ff19
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
new file mode 100644
index 000000000..30b75c567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
@@ -0,0 +1 @@
+jsonpath_ng
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
new file mode 100644
index 000000000..ed6553b2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
@@ -0,0 +1,6 @@
+from .jsonpath import *  # noqa
+from .parser import parse  # noqa
+
+
+# Current package version
+__version__ = '1.6.1'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/jsonpath.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/jsonpath.py
new file mode 100644
index 000000000..386f87c59
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/bin/jsonpath.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# encoding: utf-8
+# Copyright © 2012 Felix Richter <wtfpl@syntax-fehler.de>
+# This work is free. You can redistribute it and/or modify it under the
+# terms of the Do What The Fuck You Want To Public License, Version 2,
+# as published by Sam Hocevar. See the COPYING file for more details.
+
+# Standard Library imports
+import json
+import sys
+import glob
+import argparse
+
+# JsonPath-RW imports
+from jsonpath_ng import parse
+
+def find_matches_for_file(expr, f):
+    return expr.find(json.load(f))
+
+def print_matches(matches):
+    print('\n'.join(['{0}'.format(match.value) for match in matches]))
+
+
+def main(*argv):
+    parser = argparse.ArgumentParser(
+        description='Search JSON files (or stdin) according to a JSONPath expression.',
+        formatter_class=argparse.RawTextHelpFormatter,
+        epilog="""
+        Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw)
+
+        atomics:
+            $              - root object
+            `this`         - current object
+
+        operators:
+            path1.path2    - same as xpath /
+            path1|path2    - union
+            path1..path2   - somewhere in between
+
+        fields:
+            fieldname       - field with name
+            *               - any field
+            [_start_?:_end_?] - array slice
+            [*]             - any array index
+    """)
+
+
+
+    parser.add_argument('expression', help='A JSONPath expression.')
+    parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)')
+
+    args = parser.parse_args(argv[1:])
+
+    expr = parse(args.expression)
+    glob_patterns = args.files
+
+    if len(glob_patterns) == 0:
+        # stdin mode
+        print_matches(find_matches_for_file(expr, sys.stdin))
+    else:
+        # file paths mode
+        for pattern in glob_patterns:
+            for filename in glob.glob(pattern):
+                with open(filename) as f:
+                    print_matches(find_matches_for_file(expr, f))
+
+def entry_point():
+    main(*sys.argv)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/exceptions.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/exceptions.py
new file mode 100644
index 000000000..a592d83cb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/exceptions.py
@@ -0,0 +1,10 @@
+class JSONPathError(Exception):
+    pass
+
+
+class JsonPathLexerError(JSONPathError):
+    pass
+
+
+class JsonPathParserError(JSONPathError):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/__init__.py
new file mode 100644
index 000000000..1e5c325fc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .parser import parse  # noqa
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/arithmetic.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/arithmetic.py
new file mode 100644
index 000000000..0ba9e0ca8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/arithmetic.py
@@ -0,0 +1,72 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+from .. import JSONPath, DatumInContext
+
+
+OPERATOR_MAP = {
+    '+': operator.add,
+    '-': operator.sub,
+    '*': operator.mul,
+    '/': operator.truediv,
+}
+
+
+class Operation(JSONPath):
+    def __init__(self, left, op, right):
+        self.left = left
+        self.op = OPERATOR_MAP[op]
+        self.right = right
+
+    def find(self, datum):
+        result = []
+        if (isinstance(self.left, JSONPath)
+                and isinstance(self.right, JSONPath)):
+            left = self.left.find(datum)
+            right = self.right.find(datum)
+            if left and right and len(left) == len(right):
+                for l, r in zip(left, right):
+                    try:
+                        result.append(self.op(l.value, r.value))
+                    except TypeError:
+                        return []
+            else:
+                return []
+        elif isinstance(self.left, JSONPath):
+            left = self.left.find(datum)
+            for l in left:
+                try:
+                    result.append(self.op(l.value, self.right))
+                except TypeError:
+                    return []
+        elif isinstance(self.right, JSONPath):
+            right = self.right.find(datum)
+            for r in right:
+                try:
+                    result.append(self.op(self.left, r.value))
+                except TypeError:
+                    return []
+        else:
+            try:
+                result.append(self.op(self.left, self.right))
+            except TypeError:
+                return []
+        return [DatumInContext.wrap(r) for r in result]
+
+    def __repr__(self):
+        return '%s(%r%s%r)' % (self.__class__.__name__, self.left, self.op,
+                               self.right)
+
+    def __str__(self):
+        return '%s%s%s' % (self.left, self.op, self.right)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/filter.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/filter.py
new file mode 100644
index 000000000..e0bd48a4f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/filter.py
@@ -0,0 +1,140 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+import re
+
+from .. import JSONPath, DatumInContext, Index
+
+
+OPERATOR_MAP = {
+    '!=': operator.ne,
+    '==': operator.eq,
+    '=': operator.eq,
+    '<=': operator.le,
+    '<': operator.lt,
+    '>=': operator.ge,
+    '>': operator.gt,
+    '=~': lambda a, b: True if isinstance(a, str) and re.search(b, a) else False,
+}
+
+
+class Filter(JSONPath):
+    """The JSONQuery filter"""
+
+    def __init__(self, expressions):
+        self.expressions = expressions
+
+    def find(self, datum):
+        if not self.expressions:
+            return datum
+
+        datum = DatumInContext.wrap(datum)
+
+        if isinstance(datum.value, dict):
+            datum.value = list(datum.value.values())
+
+        if not isinstance(datum.value, list):
+            return []
+
+        return [DatumInContext(datum.value[i], path=Index(i), context=datum)
+                for i in range(0, len(datum.value))
+                if (len(self.expressions) ==
+                    len(list(filter(lambda x: x.find(datum.value[i]),
+                                    self.expressions))))]
+
+    def filter(self, fn, data):
+        # NOTE: We reverse the order just to make sure the indexes are preserved upon
+        #  removal.
+        for datum in reversed(self.find(data)):
+            index_obj = datum.path
+            if isinstance(data, dict):
+                index_obj.index = list(data)[index_obj.index]
+            index_obj.filter(fn, data)
+        return data
+
+    def update(self, data, val):
+        if type(data) is list:
+            for index, item in enumerate(data):
+                shouldUpdate = len(self.expressions) == len(list(filter(lambda x: x.find(item), self.expressions)))
+                if shouldUpdate:
+                    if hasattr(val, '__call__'):
+                        val.__call__(data[index], data, index)
+                    else:
+                        data[index] = val
+        return data
+    
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+    def __eq__(self, other):
+        return (isinstance(other, Filter)
+                and self.expressions == other.expressions)
+
+
+class Expression(JSONPath):
+    """The JSONQuery expression"""
+
+    def __init__(self, target, op, value):
+        self.target = target
+        self.op = op
+        self.value = value
+
+    def find(self, datum):
+        datum = self.target.find(DatumInContext.wrap(datum))
+
+        if not datum:
+            return []
+        if self.op is None:
+            return datum
+
+        found = []
+        for data in datum:
+            value = data.value
+            if isinstance(self.value, int):
+                try:
+                    value = int(value)
+                except ValueError:
+                    continue
+            elif isinstance(self.value, bool):
+                try:
+                    value = bool(value)
+                except ValueError:
+                    continue
+
+            if OPERATOR_MAP[self.op](value, self.value):
+                found.append(data)
+
+        return found
+
+    def __eq__(self, other):
+        return (isinstance(other, Expression) and
+                self.target == other.target and
+                self.op == other.op and
+                self.value == other.value)
+
+    def __repr__(self):
+        if self.op is None:
+            return '%s(%r)' % (self.__class__.__name__, self.target)
+        else:
+            return '%s(%r %s %r)' % (self.__class__.__name__,
+                                     self.target, self.op, self.value)
+
+    def __str__(self):
+        if self.op is None:
+            return '%s' % self.target
+        else:
+            return '%s %s %s' % (self.target, self.op, self.value)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
new file mode 100644
index 000000000..40ae1eb5b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
@@ -0,0 +1,118 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+from .. import This, DatumInContext, JSONPath
+
+
+class SortedThis(This):
+    """The JSONPath referring to the sorted version of the current object.
+
+    Concrete syntax is '`sorted`' or [\\field,/field].
+    """
+    def __init__(self, expressions=None):
+        self.expressions = expressions
+
+    def _compare(self, left, right):
+        left = DatumInContext.wrap(left)
+        right = DatumInContext.wrap(right)
+
+        for expr in self.expressions:
+            field, reverse = expr
+            l_datum = field.find(left)
+            r_datum = field.find(right)
+            if (not l_datum or not r_datum or
+                    len(l_datum) > 1 or len(r_datum) > 1 or
+                    l_datum[0].value == r_datum[0].value):
+                # NOTE(sileht): should we do something if the expression
+                # match multiple fields, for now ignore them
+                continue
+            elif l_datum[0].value < r_datum[0].value:
+                return 1 if reverse else -1
+            else:
+                return -1 if reverse else 1
+        return 0
+
+    def find(self, datum):
+        """Return sorted value of This if list or dict."""
+        if isinstance(datum.value, dict) and self.expressions:
+            return datum
+
+        if isinstance(datum.value, dict) or isinstance(datum.value, list):
+            key = (functools.cmp_to_key(self._compare)
+                   if self.expressions else None)
+            return [DatumInContext.wrap(
+                [value for value in sorted(datum.value, key=key)])]
+        return datum
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+
+class Len(JSONPath):
+    """The JSONPath referring to the len of the current object.
+
+    Concrete syntax is '`len`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = len(datum.value)
+        except TypeError:
+            return []
+        else:
+            return [DatumInContext(value,
+                                               context=None,
+                                               path=Len())]
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __str__(self):
+        return '`len`'
+
+    def __repr__(self):
+        return 'Len()'
+
+
+class Keys(JSONPath):
+    """The JSONPath referring to the keys of the current object.
+    Concrete syntax is '`keys`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = list(datum.value.keys())
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value[i],
+                                               context=None,
+                                               path=Keys()) for i in range (0, len(datum.value))]
+
+    def __eq__(self, other):
+        return isinstance(other, Keys)
+
+    def __str__(self):
+        return '`keys`'
+
+    def __repr__(self):
+        return 'Keys()'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
new file mode 100644
index 000000000..756b72c69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
@@ -0,0 +1,174 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .. import lexer
+from .. import parser
+from .. import Fields, This, Child
+
+from . import arithmetic as _arithmetic
+from . import filter as _filter
+from . import iterable as _iterable
+from . import string as _string
+
+
+class ExtendedJsonPathLexer(lexer.JsonPathLexer):
+    """Custom LALR-lexer for JsonPath"""
+    literals = lexer.JsonPathLexer.literals + ['?', '@', '+', '*', '/', '-']
+    tokens = (['BOOL'] +
+              parser.JsonPathLexer.tokens +
+              ['FILTER_OP', 'SORT_DIRECTION', 'FLOAT'])
+
+    t_FILTER_OP = r'=~|==?|<=|>=|!=|<|>'
+
+    def t_BOOL(self, t):
+        r'true|false'
+        t.value = True if t.value == 'true' else False
+        return t
+
+    def t_SORT_DIRECTION(self, t):
+        r',?\s*(/|\\)'
+        t.value = t.value[-1]
+        return t
+
+    def t_ID(self, t):
+        r'@?[a-zA-Z_][a-zA-Z0-9_@\-]*'
+        # NOTE(sileht): This fixes the ID expression to be
+        # able to use @ for `This` like any json query
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_FLOAT(self, t):
+        r'-?\d+\.\d+'
+        t.value = float(t.value)
+        return t
+
+
+class ExtentedJsonPathParser(parser.JsonPathParser):
+    """Custom LALR-parser for JsonPath"""
+
+    tokens = ExtendedJsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        lexer_class = lexer_class or ExtendedJsonPathLexer
+        super(ExtentedJsonPathParser, self).__init__(debug, lexer_class)
+
+    def p_jsonpath_operator_jsonpath(self, p):
+        """jsonpath : NUMBER operator NUMBER
+                    | FLOAT operator FLOAT
+                    | ID operator ID
+                    | NUMBER operator jsonpath
+                    | FLOAT operator jsonpath
+                    | jsonpath operator NUMBER
+                    | jsonpath operator FLOAT
+                    | jsonpath operator jsonpath
+        """
+
+        # NOTE(sileht): If we have choice between a field or a string we
+        # always choice string, because field can be full qualified
+        # like $.foo == foo and where string can't.
+        for i in [1, 3]:
+            if (isinstance(p[i], Fields) and len(p[i].fields) == 1):  # noqa
+                p[i] = p[i].fields[0]
+
+        p[0] = _arithmetic.Operation(p[1], p[2], p[3])
+
+    def p_operator(self, p):
+        """operator : '+'
+                    | '-'
+                    | '*'
+                    | '/'
+        """
+        p[0] = p[1]
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'len':
+            p[0] = _iterable.Len()
+        elif p[1] == 'keys':
+            p[0] = _iterable.Keys()
+        elif p[1] == 'sorted':
+            p[0] = _iterable.SortedThis()
+        elif p[1].startswith("split("):
+            p[0] = _string.Split(p[1])
+        elif p[1].startswith("sub("):
+            p[0] = _string.Sub(p[1])
+        elif p[1].startswith("str("):
+            p[0] = _string.Str(p[1])
+        else:
+            super(ExtentedJsonPathParser, self).p_jsonpath_named_operator(p)
+
+    def p_expression(self, p):
+        """expression : jsonpath
+                      | jsonpath FILTER_OP ID
+                      | jsonpath FILTER_OP FLOAT
+                      | jsonpath FILTER_OP NUMBER
+                      | jsonpath FILTER_OP BOOL
+        """
+        if len(p) == 2:
+            left, op, right = p[1], None, None
+        else:
+            __, left, op, right = p
+        p[0] = _filter.Expression(left, op, right)
+
+    def p_expressions_expression(self, p):
+        "expressions : expression"
+        p[0] = [p[1]]
+
+    def p_expressions_and(self, p):
+        "expressions : expressions '&' expressions"
+        # TODO(sileht): implements '|'
+        p[0] = p[1] + p[3]
+
+    def p_expressions_parens(self, p):
+        "expressions : '(' expressions ')'"
+        p[0] = p[2]
+
+    def p_filter(self, p):
+        "filter : '?' expressions "
+        p[0] = _filter.Filter(p[2])
+
+    def p_jsonpath_filter(self, p):
+        "jsonpath : jsonpath '[' filter ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_sort(self, p):
+        "sort : SORT_DIRECTION jsonpath"
+        p[0] = (p[2], p[1] != "/")
+
+    def p_sorts_sort(self, p):
+        "sorts : sort"
+        p[0] = [p[1]]
+
+    def p_sorts_comma(self, p):
+        "sorts : sorts sorts"
+        p[0] = p[1] + p[2]
+
+    def p_jsonpath_sort(self, p):
+        "jsonpath : jsonpath '[' sorts ']'"
+        sort = _iterable.SortedThis(p[3])
+        p[0] = Child(p[1], sort)
+
+    def p_jsonpath_this(self, p):
+        "jsonpath : '@'"
+        p[0] = This()
+
+    precedence = [
+        ('left', '+', '-'),
+        ('left', '*', '/'),
+    ] + parser.JsonPathParser.precedence + [
+        ('nonassoc', 'ID'),
+    ]
+
+
+def parse(path, debug=False):
+    return ExtentedJsonPathParser(debug=debug).parse(path)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
new file mode 100644
index 000000000..1cd27632d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
@@ -0,0 +1,117 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import re
+from .. import DatumInContext, This
+
+
+SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
+SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+STR = re.compile(r"str\(\)")
+
+
+class DefintionInvalid(Exception):
+    pass
+
+
+class Sub(This):
+    """Regex substituor
+
+    Concrete syntax is '`sub(/regex/, repl)`'
+    """
+
+    def __init__(self, method=None):
+        m = SUB.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.expr = m.group(1).strip()
+        self.repl = m.group(2).strip()
+        self.regex = re.compile(self.expr)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = self.regex.sub(self.repl, datum.value)
+        if value == datum.value:
+            return []
+        else:
+            return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Sub) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`sub(/%s/, %s)`' % (self.expr, self.repl)
+
+
+class Split(This):
+    """String splitter
+
+    Concrete syntax is '`split(char, segment, max_split)`'
+    """
+
+    def __init__(self, method=None):
+        m = SPLIT.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.char = m.group(1)
+        self.segment = int(m.group(2))
+        self.max_split = int(m.group(3))
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = datum.value.split(self.char, self.max_split)[self.segment]
+        except Exception:
+            return []
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Split) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`%s`' % self.method
+
+
+class Str(This):
+    """String converter
+
+    Concrete syntax is '`str()`'
+    """
+
+    def __init__(self, method=None):
+        m = STR.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = str(datum.value)
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Str) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`str()`'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
new file mode 100644
index 000000000..19e5a9eb3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
@@ -0,0 +1,815 @@
+import logging
+from itertools import *  # noqa
+from jsonpath_ng.lexer import JsonPathLexer
+
+# Get logger name
+logger = logging.getLogger(__name__)
+
+# Turn on/off the automatic creation of id attributes
+# ... could be a kwarg pervasively but uses are rare and simple today
+auto_id_field = None
+
+NOT_SET = object()
+LIST_KEY = object()
+
+
+class JSONPath:
+    """
+    The base class for JSONPath abstract syntax; those
+    methods stubbed here are the interface to supported
+    JSONPath semantics.
+    """
+
+    def find(self, data):
+        """
+        All `JSONPath` types support `find()`, which returns an iterable of `DatumInContext`s.
+        They keep track of the path followed to the current location, so if the calling code
+        has some opinion about that, it can be passed in here as a starting point.
+        """
+        raise NotImplementedError()
+
+    def find_or_create(self, data):
+        return self.find(data)
+
+    def update(self, data, val):
+        """
+        Returns `data` with the specified path replaced by `val`. Only updates
+        if the specified path exists.
+        """
+
+        raise NotImplementedError()
+
+    def update_or_create(self, data, val):
+        return self.update(data, val)
+
+    def filter(self, fn, data):
+        """
+        Returns `data` with the specified path filtering nodes according
+        the filter evaluation result returned by the filter function.
+
+        Arguments:
+            fn (function): unary function that accepts one argument
+                and returns bool.
+            data (dict|list|tuple): JSON object to filter.
+        """
+
+        raise NotImplementedError()
+
+    def child(self, child):
+        """
+        Equivalent to Child(self, next) but with some canonicalization
+        """
+        if isinstance(self, This) or isinstance(self, Root):
+            return child
+        elif isinstance(child, This):
+            return self
+        elif isinstance(child, Root):
+            return child
+        else:
+            return Child(self, child)
+
+    def make_datum(self, value):
+        if isinstance(value, DatumInContext):
+            return value
+        else:
+            return DatumInContext(value, path=Root(), context=None)
+
+
+class DatumInContext:
+    """
+    Represents a datum along a path from a context.
+
+    Essentially a zipper but with a structure represented by JsonPath,
+    and where the context is more of a parent pointer than a proper
+    representation of the context.
+
+    For quick-and-dirty work, this proxies any non-special attributes
+    to the underlying datum, but the actual datum can (and usually should)
+    be retrieved via the `value` attribute.
+
+    To place `datum` within another, use `datum.in_context(context=..., path=...)`
+    which extends the path. If the datum already has a context, it places the entire
+    context within that passed in, so an object can be built from the inside
+    out.
+    """
+    @classmethod
+    def wrap(cls, data):
+        if isinstance(data, cls):
+            return data
+        else:
+            return cls(data)
+
+    def __init__(self, value, path=None, context=None):
+        self.value = value
+        self.path = path or This()
+        self.context = None if context is None else DatumInContext.wrap(context)
+
+    def in_context(self, context, path):
+        context = DatumInContext.wrap(context)
+
+        if self.context:
+            return DatumInContext(value=self.value, path=self.path, context=context.in_context(path=path, context=context))
+        else:
+            return DatumInContext(value=self.value, path=path, context=context)
+
+    @property
+    def full_path(self):
+        return self.path if self.context is None else self.context.full_path.child(self.path)
+
+    @property
+    def id_pseudopath(self):
+        """
+        Looks like a path, but with ids stuck in when available
+        """
+        try:
+            pseudopath = Fields(str(self.value[auto_id_field]))
+        except (TypeError, AttributeError, KeyError): # This may not be all the interesting exceptions
+            pseudopath = self.path
+
+        if self.context:
+            return self.context.id_pseudopath.child(pseudopath)
+        else:
+            return pseudopath
+
+    def __repr__(self):
+        return '%s(value=%r, path=%r, context=%r)' % (self.__class__.__name__, self.value, self.path, self.context)
+
+    def __eq__(self, other):
+        return isinstance(other, DatumInContext) and other.value == self.value and other.path == self.path and self.context == other.context
+
+
+class AutoIdForDatum(DatumInContext):
+    """
+    This behaves like a DatumInContext, but the value is
+    always the path leading up to it, not including the "id",
+    and with any "id" fields along the way replacing the prior
+    segment of the path
+
+    For example, it will make "foo.bar.id" return a datum
+    that behaves like DatumInContext(value="foo.bar", path="foo.bar.id").
+
+    This is disabled by default; it can be turned on by
+    settings the `auto_id_field` global to a value other
+    than `None`.
+    """
+
+    def __init__(self, datum, id_field=None):
+        """
+        Invariant is that datum.path is the path from context to datum. The auto id
+        will either be the id in the datum (if present) or the id of the context
+        followed by the path to the datum.
+
+        The path to this datum is always the path to the context, the path to the
+        datum, and then the auto id field.
+        """
+        self.datum = datum
+        self.id_field = id_field or auto_id_field
+
+    @property
+    def value(self):
+        return str(self.datum.id_pseudopath)
+
+    @property
+    def path(self):
+        return self.id_field
+
+    @property
+    def context(self):
+        return self.datum
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.datum)
+
+    def in_context(self, context, path):
+        return AutoIdForDatum(self.datum.in_context(context=context, path=path))
+
+    def __eq__(self, other):
+        return isinstance(other, AutoIdForDatum) and other.datum == self.datum and self.id_field == other.id_field
+
+
+class Root(JSONPath):
+    """
+    The JSONPath referring to the "root" object. Concrete syntax is '$'.
+    The root is the topmost datum without any context attached.
+    """
+
+    def find(self, data):
+        if not isinstance(data, DatumInContext):
+            return [DatumInContext(data, path=Root(), context=None)]
+        else:
+            if data.context is None:
+                return [DatumInContext(data.value, context=None, path=Root())]
+            else:
+                return Root().find(data.context)
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '$'
+
+    def __repr__(self):
+        return 'Root()'
+
+    def __eq__(self, other):
+        return isinstance(other, Root)
+
+    def __hash__(self):
+        return hash('$')
+
+
+class This(JSONPath):
+    """
+    The JSONPath referring to the current datum. Concrete syntax is '@'.
+    """
+
+    def find(self, datum):
+        return [DatumInContext.wrap(datum)]
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '`this`'
+
+    def __repr__(self):
+        return 'This()'
+
+    def __eq__(self, other):
+        return isinstance(other, This)
+
+    def __hash__(self):
+        return hash('this')
+
+
+class Child(JSONPath):
+    """
+    JSONPath that first matches the left, then the right.
+    Concrete syntax is <left> '.' <right>
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        """
+        Extra special case: auto ids do not have children,
+        so cut it off right now rather than auto id the auto id
+        """
+
+        return [submatch
+                for subdata in self.left.find(datum)
+                if not isinstance(subdata, AutoIdForDatum)
+                for submatch in self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.left.find(data):
+            self.right.update(datum.value, val)
+        return data
+
+    def find_or_create(self, datum):
+        datum = DatumInContext.wrap(datum)
+        submatches = []
+        for subdata in self.left.find_or_create(datum):
+            if isinstance(subdata, AutoIdForDatum):
+                # Extra special case: auto ids do not have children,
+                # so cut it off right now rather than auto id the auto id
+                continue
+            for submatch in self.right.find_or_create(subdata):
+                submatches.append(submatch)
+        return submatches
+
+    def update_or_create(self, data, val):
+        for datum in self.left.find_or_create(data):
+            self.right.update_or_create(datum.value, val)
+        return _clean_list_keys(data)
+
+    def filter(self, fn, data):
+        for datum in self.left.find(data):
+            self.right.filter(fn, datum.value)
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Child) and self.left == other.left and self.right == other.right
+
+    def __str__(self):
+        return '%s.%s' % (self.left, self.right)
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Parent(JSONPath):
+    """
+    JSONPath that matches the parent node of the current match.
+    Will crash if no such parent exists.
+    Available via named operator `parent`.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        return [datum.context]
+
+    def __eq__(self, other):
+        return isinstance(other, Parent)
+
+    def __str__(self):
+        return '`parent`'
+
+    def __repr__(self):
+        return 'Parent()'
+
+    def __hash__(self):
+        return hash('parent')
+
+
+class Where(JSONPath):
+    """
+    JSONPath that first matches the left, and then
+    filters for only those nodes that have
+    a match on the right.
+
+    WARNING: Subject to change. May want to have "contains"
+    or some other better word for it.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data) if self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        for datum in self.find(data):
+            datum.path.filter(fn, datum.value)
+        return data
+
+    def __str__(self):
+        return '%s where %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Where) and other.left == self.left and other.right == self.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Descendants(JSONPath):
+    """
+    JSONPath that matches first the left expression then any descendant
+    of it which matches the right expression.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        # <left> .. <right> ==> <left> . (<right> | *..<right> | [*]..<right>)
+        #
+        # With with a wonky caveat that since Slice() has funky coercions
+        # we cannot just delegate to that equivalence or we'll hit an
+        # infinite loop. So right here we implement the coercion-free version.
+
+        # Get all left matches into a list
+        left_matches = self.left.find(datum)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def match_recursively(datum):
+            right_matches = self.right.find(datum)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(datum.value, list):
+                recursive_matches = [submatch
+                                     for i in range(0, len(datum.value))
+                                     for submatch in match_recursively(DatumInContext(datum.value[i], context=datum, path=Index(i)))]
+
+            elif isinstance(datum.value, dict):
+                recursive_matches = [submatch
+                                     for field in datum.value.keys()
+                                     for submatch in match_recursively(DatumInContext(datum.value[field], context=datum, path=Fields(field)))]
+
+            else:
+                recursive_matches = []
+
+            return right_matches + list(recursive_matches)
+
+        # TODO: repeatable iterator instead of list?
+        return [submatch
+                for left_match in left_matches
+                for submatch in match_recursively(left_match)]
+
+    def is_singular(self):
+        return False
+
+    def update(self, data, val):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def update_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.update(data, val)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    update_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    update_recursively(data[field])
+
+        for submatch in left_matches:
+            update_recursively(submatch.value)
+
+        return data
+
+    def filter(self, fn, data):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def filter_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.filter(fn, data)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    filter_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    filter_recursively(data[field])
+
+        for submatch in left_matches:
+            filter_recursively(submatch.value)
+
+        return data
+
+    def __str__(self):
+        return '%s..%s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Descendants) and self.left == other.left and self.right == other.right
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Union(JSONPath):
+    """
+    JSONPath that returns the union of the results of each match.
+    This is pretty shoddily implemented for now. The nicest semantics
+    in case of mismatched bits (list vs atomic) is to put
+    them all in a list, but I haven't done that yet.
+
+    WARNING: Any appearance of this being the _concatenation_ is
+    coincidence. It may even be a bug! (or laziness)
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        return self.left.find(data) + self.right.find(data)
+
+    def __eq__(self, other):
+        return isinstance(other, Union) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Intersect(JSONPath):
+    """
+    JSONPath for bits that match *both* patterns.
+
+    This can be accomplished a couple of ways. The most
+    efficient is to actually build the intersected
+    AST as in building a state machine for matching the
+    intersection of regular languages. The next
+    idea is to build a filtered data and match against
+    that.
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        raise NotImplementedError()
+
+    def __eq__(self, other):
+        return isinstance(other, Intersect) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Fields(JSONPath):
+    """
+    JSONPath referring to some field of the current object.
+    Concrete syntax ix comma-separated field names.
+
+    WARNING: If '*' is any of the field names, then they will
+    all be returned.
+    """
+
+    def __init__(self, *fields):
+        self.fields = fields
+
+    @staticmethod
+    def get_field_datum(datum, field, create):
+        if field == auto_id_field:
+            return AutoIdForDatum(datum)
+        try:
+            field_value = datum.value.get(field, NOT_SET)
+            if field_value is NOT_SET:
+                if create:
+                    datum.value[field] = field_value = {}
+                else:
+                    return None
+            return DatumInContext(field_value, path=Fields(field), context=datum)
+        except (TypeError, AttributeError):
+            return None
+
+    def reified_fields(self, datum):
+        if '*' not in self.fields:
+            return self.fields
+        else:
+            try:
+                fields = tuple(datum.value.keys())
+                return fields if auto_id_field is None else fields + (auto_id_field,)
+            except AttributeError:
+                return ()
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        field_data = [self.get_field_datum(datum, field, create)
+                      for field in self.reified_fields(datum)]
+        return [fd for fd in field_data if fd is not None]
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field not in data and create:
+                    data[field] = {}
+                if field in data:
+                    if hasattr(val, '__call__'):
+                        data[field] = val(data[field], data, field)
+                    else:
+                        data[field] = val
+        return data
+
+    def filter(self, fn, data):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field in data:
+                    if fn(data[field]):
+                        data.pop(field)
+        return data
+
+    def __str__(self):
+        # If any JsonPathLexer.literals are included in field name need quotes
+        # This avoids unnecessary quotes to keep strings short.
+        # Test each field whether it contains a literal and only then add quotes
+        # The test loops over all literals, could possibly optimize to short circuit if one found
+        fields_as_str = ("'" + str(f) + "'" if any([l in f for l in JsonPathLexer.literals]) else
+                         str(f) for f in self.fields)
+        return ','.join(fields_as_str)
+
+
+    def __repr__(self):
+        return '%s(%s)' % (self.__class__.__name__, ','.join(map(repr, self.fields)))
+
+    def __eq__(self, other):
+        return isinstance(other, Fields) and tuple(self.fields) == tuple(other.fields)
+
+    def __hash__(self):
+        return hash(tuple(self.fields))
+
+
+class Index(JSONPath):
+    """
+    JSONPath that matches indices of the current datum, or none if not large enough.
+    Concrete syntax is brackets.
+
+    WARNING: If the datum is None or not long enough, it will not crash but will not match anything.
+    NOTE: For the concrete syntax of `[*]`, the abstract syntax is a Slice() with no parameters (equiv to `[:]`
+    """
+
+    def __init__(self, index):
+        self.index = index
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        if create:
+            if datum.value == {}:
+                datum.value = _create_list_key(datum.value)
+            self._pad_value(datum.value)
+        if datum.value and len(datum.value) > self.index:
+            return [DatumInContext(datum.value[self.index], path=self, context=datum)]
+        else:
+            return []
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if create:
+            if data == {}:
+                data = _create_list_key(data)
+            self._pad_value(data)
+        if hasattr(val, '__call__'):
+            data[self.index] = val.__call__(data[self.index], data, self.index)
+        elif len(data) > self.index:
+            data[self.index] = val
+        return data
+
+    def filter(self, fn, data):
+        if fn(data[self.index]):
+            data.pop(self.index)  # relies on mutation :(
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Index) and self.index == other.index
+
+    def __str__(self):
+        return '[%i]' % self.index
+
+    def __repr__(self):
+        return '%s(index=%r)' % (self.__class__.__name__, self.index)
+
+    def _pad_value(self, value):
+        if len(value) <= self.index:
+            pad = self.index - len(value) + 1
+            value += [{} for __ in range(pad)]
+
+    def __hash__(self):
+        return hash(self.index)
+
+
+class Slice(JSONPath):
+    """
+    JSONPath matching a slice of an array.
+
+    Because of a mismatch between JSON and XML when schema-unaware,
+    this always returns an iterable; if the incoming data
+    was not a list, then it returns a one element list _containing_ that
+    data.
+
+    Consider these two docs, and their schema-unaware translation to JSON:
+
+    <a><b>hello</b></a> ==> {"a": {"b": "hello"}}
+    <a><b>hello</b><b>goodbye</b></a> ==> {"a": {"b": ["hello", "goodbye"]}}
+
+    If there were a schema, it would be known that "b" should always be an
+    array (unless the schema were wonky, but that is too much to fix here)
+    so when querying with JSON if the one writing the JSON knows that it
+    should be an array, they can write a slice operator and it will coerce
+    a non-array value to an array.
+
+    This may be a bit unfortunate because it would be nice to always have
+    an iterator, but dictionaries and other objects may also be iterable,
+    so this is the compromise.
+    """
+    def __init__(self, start=None, end=None, step=None):
+        self.start = start
+        self.end = end
+        self.step = step
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+
+        # Used for catching null value instead of empty list in path
+        if not datum.value:
+            return []
+        # Here's the hack. If it is a dictionary or some kind of constant,
+        # put it in a single-element list
+        if (isinstance(datum.value, dict) or isinstance(datum.value, int) or isinstance(datum.value, str)):
+            return self.find(DatumInContext([datum.value], path=datum.path, context=datum.context))
+
+        # Some iterators do not support slicing but we can still
+        # at least work for '*'
+        if self.start is None and self.end is None and self.step is None:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))]
+        else:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))[self.start:self.end:self.step]]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        while True:
+            length = len(data)
+            for datum in self.find(data):
+                data = datum.path.filter(fn, data)
+                if len(data) < length:
+                    break
+
+            if length == len(data):
+                break
+        return data
+
+    def __str__(self):
+        if self.start is None and self.end is None and self.step is None:
+            return '[*]'
+        else:
+            return '[%s%s%s]' % (self.start or '',
+                                   ':%d'%self.end if self.end else '',
+                                   ':%d'%self.step if self.step else '')
+
+    def __repr__(self):
+        return '%s(start=%r,end=%r,step=%r)' % (self.__class__.__name__, self.start, self.end, self.step)
+
+    def __eq__(self, other):
+        return isinstance(other, Slice) and other.start == self.start and self.end == other.end and other.step == self.step
+
+    def __hash__(self):
+        return hash((self.start, self.end, self.step))
+
+
+def _create_list_key(dict_):
+    """
+    Adds a list to a dictionary by reference and returns the list.
+
+    See `_clean_list_keys()`
+    """
+    dict_[LIST_KEY] = new_list = [{}]
+    return new_list
+
+
+def _clean_list_keys(struct_):
+    """
+    Replace {LIST_KEY: ['foo', 'bar']} with ['foo', 'bar'].
+
+    >>> _clean_list_keys({LIST_KEY: ['foo', 'bar']})
+    ['foo', 'bar']
+
+    """
+    if(isinstance(struct_, list)):
+        for ind, value in enumerate(struct_):
+            struct_[ind] = _clean_list_keys(value)
+    elif(isinstance(struct_, dict)):
+        if(LIST_KEY in struct_):
+            return _clean_list_keys(struct_[LIST_KEY])
+        else:
+            for key, value in struct_.items():
+                struct_[key] = _clean_list_keys(value)
+    return struct_
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
new file mode 100644
index 000000000..b2ad5ee6d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
@@ -0,0 +1,171 @@
+import sys
+import logging
+
+import ply.lex
+
+from jsonpath_ng.exceptions import JsonPathLexerError
+
+logger = logging.getLogger(__name__)
+
+
+class JsonPathLexer:
+    '''
+    A Lexical analyzer for JsonPath.
+    '''
+
+    def __init__(self, debug=False):
+        self.debug = debug
+        if self.__doc__ is None:
+            raise JsonPathLexerError('Docstrings have been removed! By design of PLY, jsonpath-rw requires docstrings. You must not use PYTHONOPTIMIZE=2 or python -OO.')
+
+    def tokenize(self, string):
+        '''
+        Maps a string to an iterator over tokens. In other words: [char] -> [token]
+        '''
+
+        new_lexer = ply.lex.lex(module=self, debug=self.debug, errorlog=logger)
+        new_lexer.latest_newline = 0
+        new_lexer.string_value = None
+        new_lexer.input(string)
+
+        while True:
+            t = new_lexer.token()
+            if t is None:
+                break
+            t.col = t.lexpos - new_lexer.latest_newline
+            yield t
+
+        if new_lexer.string_value is not None:
+            raise JsonPathLexerError('Unexpected EOF in string literal or identifier')
+
+    # ============== PLY Lexer specification ==================
+    #
+    # This probably should be private but:
+    #   - the parser requires access to `tokens` (perhaps they should be defined in a third, shared dependency)
+    #   - things like `literals` might be a legitimate part of the public interface.
+    #
+    # Anyhow, it is pythonic to give some rope to hang oneself with :-)
+
+    literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
+
+    reserved_words = { 'where': 'WHERE' }
+
+    tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
+
+    states = [ ('singlequote', 'exclusive'),
+               ('doublequote', 'exclusive'),
+               ('backquote', 'exclusive') ]
+
+    # Normal lexing, rather easy
+    t_DOUBLEDOT = r'\.\.'
+    t_ignore = ' \t'
+
+    def t_ID(self, t):
+        r'[a-zA-Z_@][a-zA-Z0-9_@\-]*'
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_NUMBER(self, t):
+        r'-?\d+'
+        t.value = int(t.value)
+        return t
+
+
+    # Single-quoted strings
+    t_singlequote_ignore = ''
+    def t_singlequote(self, t):
+        r"'"
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('singlequote')
+
+    def t_singlequote_content(self, t):
+        r"[^'\\]+"
+        t.lexer.string_value += t.value
+
+    def t_singlequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_singlequote_end(self, t):
+        r"'"
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_singlequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing singlequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Double-quoted strings
+    t_doublequote_ignore = ''
+    def t_doublequote(self, t):
+        r'"'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('doublequote')
+
+    def t_doublequote_content(self, t):
+        r'[^"\\]+'
+        t.lexer.string_value += t.value
+
+    def t_doublequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_doublequote_end(self, t):
+        r'"'
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_doublequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing doublequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Back-quoted "magic" operators
+    t_backquote_ignore = ''
+    def t_backquote(self, t):
+        r'`'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('backquote')
+
+    def t_backquote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_backquote_content(self, t):
+        r"[^`\\]+"
+        t.lexer.string_value += t.value
+
+    def t_backquote_end(self, t):
+        r'`'
+        t.value = t.lexer.string_value
+        t.type = 'NAMED_OPERATOR'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_backquote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing backquoted operator: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Counting lines, handling errors
+    def t_newline(self, t):
+        r'\n'
+        t.lexer.lineno += 1
+        t.lexer.latest_newline = t.lexpos
+
+    def t_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    lexer = JsonPathLexer(debug=True)
+    for token in lexer.tokenize(sys.stdin.read()):
+        print('%-20s%s' % (token.value, token.type))
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
new file mode 100644
index 000000000..87e353ebf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
@@ -0,0 +1,199 @@
+import logging
+import sys
+import os.path
+
+import ply.yacc
+
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.jsonpath import *
+from jsonpath_ng.lexer import JsonPathLexer
+
+logger = logging.getLogger(__name__)
+
+
+def parse(string):
+    return JsonPathParser().parse(string)
+
+
+class JsonPathParser:
+    '''
+    An LALR-parser for JsonPath
+    '''
+
+    tokens = JsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        if self.__doc__ is None:
+            raise JsonPathParserError(
+                'Docstrings have been removed! By design of PLY, '
+                'jsonpath-rw requires docstrings. You must not use '
+                'PYTHONOPTIMIZE=2 or python -OO.'
+            )
+
+        self.debug = debug
+        self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+
+        # Since PLY has some crufty aspects and dumps files, we try to keep them local
+        # However, we need to derive the name of the output Python file :-/
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+
+        # And we regenerate the parse table every time;
+        # it doesn't actually take that long!
+        new_parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule = parsing_table_module,
+                                   outputdir = output_directory,
+                                   write_tables=0,
+                                   start = start_symbol,
+                                   errorlog = logger)
+
+        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+    # ===================== PLY Parser specification =====================
+
+    precedence = [
+        ('left', ','),
+        ('left', 'DOUBLEDOT'),
+        ('left', '.'),
+        ('left', '|'),
+        ('left', '&'),
+        ('left', 'WHERE'),
+    ]
+
+    def p_error(self, t):
+        if t is None:
+            raise JsonPathParserError('Parse error near the end of string!')
+        raise JsonPathParserError('Parse error at %s:%s near token %s (%s)'
+                                  % (t.lineno, t.col, t.value, t.type))
+
+    def p_jsonpath_binop(self, p):
+        """jsonpath : jsonpath '.' jsonpath
+                    | jsonpath DOUBLEDOT jsonpath
+                    | jsonpath WHERE jsonpath
+                    | jsonpath '|' jsonpath
+                    | jsonpath '&' jsonpath"""
+        op = p[2]
+
+        if op == '.':
+            p[0] = Child(p[1], p[3])
+        elif op == '..':
+            p[0] = Descendants(p[1], p[3])
+        elif op == 'where':
+            p[0] = Where(p[1], p[3])
+        elif op == '|':
+            p[0] = Union(p[1], p[3])
+        elif op == '&':
+            p[0] = Intersect(p[1], p[3])
+
+    def p_jsonpath_fields(self, p):
+        "jsonpath : fields_or_any"
+        p[0] = Fields(*p[1])
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'this':
+            p[0] = This()
+        elif p[1] == 'parent':
+            p[0] = Parent()
+        else:
+            raise JsonPathParserError('Unknown named operator `%s` at %s:%s'
+                                      % (p[1], p.lineno(1), p.lexpos(1)))
+
+    def p_jsonpath_root(self, p):
+        "jsonpath : '$'"
+        p[0] = Root()
+
+    def p_jsonpath_idx(self, p):
+        "jsonpath : '[' idx ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_slice(self, p):
+        "jsonpath : '[' slice ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_fieldbrackets(self, p):
+        "jsonpath : '[' fields ']'"
+        p[0] = Fields(*p[2])
+
+    def p_jsonpath_child_fieldbrackets(self, p):
+        "jsonpath : jsonpath '[' fields ']'"
+        p[0] = Child(p[1], Fields(*p[3]))
+
+    def p_jsonpath_child_idxbrackets(self, p):
+        "jsonpath : jsonpath '[' idx ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_child_slicebrackets(self, p):
+        "jsonpath : jsonpath '[' slice ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_parens(self, p):
+        "jsonpath : '(' jsonpath ')'"
+        p[0] = p[2]
+
+    # Because fields in brackets cannot be '*' - that is reserved for array indices
+    def p_fields_or_any(self, p):
+        """fields_or_any : fields
+                         | '*'    """
+        if p[1] == '*':
+            p[0] = ['*']
+        else:
+            p[0] = p[1]
+
+    def p_fields_id(self, p):
+        "fields : ID"
+        p[0] = [p[1]]
+
+    def p_fields_comma(self, p):
+        "fields : fields ',' fields"
+        p[0] = p[1] + p[3]
+
+    def p_idx(self, p):
+        "idx : NUMBER"
+        p[0] = Index(p[1])
+
+    def p_slice_any(self, p):
+        "slice : '*'"
+        p[0] = Slice()
+
+    def p_slice(self, p): # Currently does not support `step`
+        """slice : maybe_int ':' maybe_int
+                 | maybe_int ':' maybe_int ':' maybe_int """
+        p[0] = Slice(*p[1::2])
+
+    def p_maybe_int(self, p):
+        """maybe_int : NUMBER
+                     | empty"""
+        p[0] = p[1]
+
+    def p_empty(self, p):
+        'empty :'
+        p[0] = None
+
+class IteratorToTokenStream:
+    def __init__(self, iterator):
+        self.iterator = iterator
+
+    def token(self):
+        try:
+            return next(self.iterator)
+        except StopIteration:
+            return None
+
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    parser = JsonPathParser(debug=True)
+    print(parser.parse(sys.stdin.read()))
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
new file mode 100644
index 000000000..b40f24c66
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
@@ -0,0 +1,332 @@
+import functools
+import string
+import sys
+import typing as t
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+    _P = te.ParamSpec("_P")
+
+
+__version__ = "2.1.5"
+
+
+def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
+    @functools.wraps(func)
+    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
+        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
+        _escape_argspec(kwargs, kwargs.items(), self.escape)
+        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+
+    return wrapped  # type: ignore[return-value]
+
+
+class Markup(str):
+    """A string that is ready to be safely inserted into an HTML or XML
+    document, either because it was escaped or because it was marked
+    safe.
+
+    Passing an object to the constructor converts it to text and wraps
+    it to mark it safe without escaping. To escape the text, use the
+    :meth:`escape` class method instead.
+
+    >>> Markup("Hello, <em>World</em>!")
+    Markup('Hello, <em>World</em>!')
+    >>> Markup(42)
+    Markup('42')
+    >>> Markup.escape("Hello, <em>World</em>!")
+    Markup('Hello &lt;em&gt;World&lt;/em&gt;!')
+
+    This implements the ``__html__()`` interface that some frameworks
+    use. Passing an object that implements ``__html__()`` will wrap the
+    output of that method, marking it safe.
+
+    >>> class Foo:
+    ...     def __html__(self):
+    ...         return '<a href="/foo">foo</a>'
+    ...
+    >>> Markup(Foo())
+    Markup('<a href="/foo">foo</a>')
+
+    This is a subclass of :class:`str`. It has the same methods, but
+    escapes their arguments and returns a ``Markup`` instance.
+
+    >>> Markup("<em>%s</em>") % ("foo & bar",)
+    Markup('<em>foo &amp; bar</em>')
+    >>> Markup("<em>Hello</em> ") + "<foo>"
+    Markup('<em>Hello</em> &lt;foo&gt;')
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
+    ) -> "te.Self":
+        if hasattr(base, "__html__"):
+            base = base.__html__()
+
+        if encoding is None:
+            return super().__new__(cls, base)
+
+        return super().__new__(cls, base, encoding, errors)
+
+    def __html__(self) -> "te.Self":
+        return self
+
+    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.__class__(super().__add__(self.escape(other)))
+
+        return NotImplemented
+
+    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.escape(other).__add__(self)
+
+        return NotImplemented
+
+    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
+        if isinstance(num, int):
+            return self.__class__(super().__mul__(num))
+
+        return NotImplemented
+
+    __rmul__ = __mul__
+
+    def __mod__(self, arg: t.Any) -> "te.Self":
+        if isinstance(arg, tuple):
+            # a tuple of arguments, each wrapped
+            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
+        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            # a mapping of arguments, wrapped
+            arg = _MarkupEscapeHelper(arg, self.escape)
+        else:
+            # a single argument, wrapped with the helper and a tuple
+            arg = (_MarkupEscapeHelper(arg, self.escape),)
+
+        return self.__class__(super().__mod__(arg))
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({super().__repr__()})"
+
+    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
+        return self.__class__(super().join(map(self.escape, seq)))
+
+    join.__doc__ = str.join.__doc__
+
+    def split(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().split(sep, maxsplit)]
+
+    split.__doc__ = str.split.__doc__
+
+    def rsplit(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
+
+    rsplit.__doc__ = str.rsplit.__doc__
+
+    def splitlines(  # type: ignore[override]
+        self, keepends: bool = False
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().splitlines(keepends)]
+
+    splitlines.__doc__ = str.splitlines.__doc__
+
+    def unescape(self) -> str:
+        """Convert escaped markup back into a text string. This replaces
+        HTML entities with the characters they represent.
+
+        >>> Markup("Main &raquo; <em>About</em>").unescape()
+        'Main » <em>About</em>'
+        """
+        from html import unescape
+
+        return unescape(str(self))
+
+    def striptags(self) -> str:
+        """:meth:`unescape` the markup, remove tags, and normalize
+        whitespace to single spaces.
+
+        >>> Markup("Main &raquo;\t<em>About</em>").striptags()
+        'Main » About'
+        """
+        value = str(self)
+
+        # Look for comments then tags separately. Otherwise, a comment that
+        # contains a tag would end early, leaving some of the comment behind.
+
+        while True:
+            # keep finding comment start marks
+            start = value.find("<!--")
+
+            if start == -1:
+                break
+
+            # find a comment end mark beyond the start, otherwise stop
+            end = value.find("-->", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 3:]}"
+
+        # remove tags using the same method
+        while True:
+            start = value.find("<")
+
+            if start == -1:
+                break
+
+            end = value.find(">", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 1:]}"
+
+        # collapse spaces
+        value = " ".join(value.split())
+        return self.__class__(value).unescape()
+
+    @classmethod
+    def escape(cls, s: t.Any) -> "te.Self":
+        """Escape a string. Calls :func:`escape` and ensures that for
+        subclasses the correct type is returned.
+        """
+        rv = escape(s)
+
+        if rv.__class__ is not cls:
+            return cls(rv)
+
+        return rv  # type: ignore[return-value]
+
+    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
+    capitalize = _simple_escaping_wrapper(str.capitalize)
+    title = _simple_escaping_wrapper(str.title)
+    lower = _simple_escaping_wrapper(str.lower)
+    upper = _simple_escaping_wrapper(str.upper)
+    replace = _simple_escaping_wrapper(str.replace)
+    ljust = _simple_escaping_wrapper(str.ljust)
+    rjust = _simple_escaping_wrapper(str.rjust)
+    lstrip = _simple_escaping_wrapper(str.lstrip)
+    rstrip = _simple_escaping_wrapper(str.rstrip)
+    center = _simple_escaping_wrapper(str.center)
+    strip = _simple_escaping_wrapper(str.strip)
+    translate = _simple_escaping_wrapper(str.translate)
+    expandtabs = _simple_escaping_wrapper(str.expandtabs)
+    swapcase = _simple_escaping_wrapper(str.swapcase)
+    zfill = _simple_escaping_wrapper(str.zfill)
+    casefold = _simple_escaping_wrapper(str.casefold)
+
+    if sys.version_info >= (3, 9):
+        removeprefix = _simple_escaping_wrapper(str.removeprefix)
+        removesuffix = _simple_escaping_wrapper(str.removesuffix)
+
+    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().partition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().rpartition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, args, kwargs))
+
+    def format_map(  # type: ignore[override]
+        self, map: t.Mapping[str, t.Any]
+    ) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, (), map))
+
+    def __html_format__(self, format_spec: str) -> "te.Self":
+        if format_spec:
+            raise ValueError("Unsupported format specification for Markup.")
+
+        return self
+
+
+class EscapeFormatter(string.Formatter):
+    __slots__ = ("escape",)
+
+    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.escape = escape
+        super().__init__()
+
+    def format_field(self, value: t.Any, format_spec: str) -> str:
+        if hasattr(value, "__html_format__"):
+            rv = value.__html_format__(format_spec)
+        elif hasattr(value, "__html__"):
+            if format_spec:
+                raise ValueError(
+                    f"Format specifier {format_spec} given, but {type(value)} does not"
+                    " define __html_format__. A class that defines __html__ must define"
+                    " __html_format__ to work with format specifiers."
+                )
+            rv = value.__html__()
+        else:
+            # We need to make sure the format spec is str here as
+            # otherwise the wrong callback methods are invoked.
+            rv = string.Formatter.format_field(self, value, str(format_spec))
+        return str(self.escape(rv))
+
+
+_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
+
+
+def _escape_argspec(
+    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
+) -> _ListOrDict:
+    """Helper for various string-wrapped functions."""
+    for key, value in iterable:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            obj[key] = escape(value)
+
+    return obj
+
+
+class _MarkupEscapeHelper:
+    """Helper for :meth:`Markup.__mod__`."""
+
+    __slots__ = ("obj", "escape")
+
+    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.obj = obj
+        self.escape = escape
+
+    def __getitem__(self, item: t.Any) -> "te.Self":
+        return self.__class__(self.obj[item], self.escape)
+
+    def __str__(self) -> str:
+        return str(self.escape(self.obj))
+
+    def __repr__(self) -> str:
+        return str(self.escape(repr(self.obj)))
+
+    def __int__(self) -> int:
+        return int(self.obj)
+
+    def __float__(self) -> float:
+        return float(self.obj)
+
+
+# circular import
+try:
+    from ._speedups import escape as escape
+    from ._speedups import escape_silent as escape_silent
+    from ._speedups import soft_str as soft_str
+except ImportError:
+    from ._native import escape as escape
+    from ._native import escape_silent as escape_silent  # noqa: F401
+    from ._native import soft_str as soft_str  # noqa: F401
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
new file mode 100644
index 000000000..8117b2716
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
@@ -0,0 +1,63 @@
+import typing as t
+
+from . import Markup
+
+
+def escape(s: t.Any) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(
+        str(s)
+        .replace("&", "&amp;")
+        .replace(">", "&gt;")
+        .replace("<", "&lt;")
+        .replace("'", "&#39;")
+        .replace('"', "&#34;")
+    )
+
+
+def escape_silent(s: t.Optional[t.Any]) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
+
+    return escape(s)
+
+
+def soft_str(s: t.Any) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
+
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
+
+    return s
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
new file mode 100644
index 000000000..3c463fb82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
@@ -0,0 +1,320 @@
+#include <Python.h>
+
+static PyObject* markup;
+
+static int
+init_constants(void)
+{
+	PyObject *module;
+
+	/* import markup type so that we can mark the return value */
+	module = PyImport_ImportModule("markupsafe");
+	if (!module)
+		return 0;
+	markup = PyObject_GetAttrString(module, "Markup");
+	Py_DECREF(module);
+
+	return 1;
+}
+
+#define GET_DELTA(inp, inp_end, delta) \
+	while (inp < inp_end) { \
+		switch (*inp++) { \
+		case '"': \
+		case '\'': \
+		case '&': \
+			delta += 4; \
+			break; \
+		case '<': \
+		case '>': \
+			delta += 3; \
+			break; \
+		} \
+	}
+
+#define DO_ESCAPE(inp, inp_end, outp) \
+	{ \
+		Py_ssize_t ncopy = 0; \
+		while (inp < inp_end) { \
+			switch (*inp) { \
+			case '"': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '4'; \
+				*outp++ = ';'; \
+				break; \
+			case '\'': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '9'; \
+				*outp++ = ';'; \
+				break; \
+			case '&': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'a'; \
+				*outp++ = 'm'; \
+				*outp++ = 'p'; \
+				*outp++ = ';'; \
+				break; \
+			case '<': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'l'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			case '>': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'g'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			default: \
+				ncopy++; \
+			} \
+			inp++; \
+		} \
+		memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+	}
+
+static PyObject*
+escape_unicode_kind1(PyUnicodeObject *in)
+{
+	Py_UCS1 *inp = PyUnicode_1BYTE_DATA(in);
+	Py_UCS1 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS1 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta,
+						PyUnicode_IS_ASCII(in) ? 127 : 255);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_1BYTE_DATA(in);
+	outp = PyUnicode_1BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode_kind2(PyUnicodeObject *in)
+{
+	Py_UCS2 *inp = PyUnicode_2BYTE_DATA(in);
+	Py_UCS2 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS2 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 65535);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_2BYTE_DATA(in);
+	outp = PyUnicode_2BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+
+static PyObject*
+escape_unicode_kind4(PyUnicodeObject *in)
+{
+	Py_UCS4 *inp = PyUnicode_4BYTE_DATA(in);
+	Py_UCS4 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS4 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 1114111);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_4BYTE_DATA(in);
+	outp = PyUnicode_4BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode(PyUnicodeObject *in)
+{
+	if (PyUnicode_READY(in))
+		return NULL;
+
+	switch (PyUnicode_KIND(in)) {
+	case PyUnicode_1BYTE_KIND:
+		return escape_unicode_kind1(in);
+	case PyUnicode_2BYTE_KIND:
+		return escape_unicode_kind2(in);
+	case PyUnicode_4BYTE_KIND:
+		return escape_unicode_kind4(in);
+	}
+	assert(0);  /* shouldn't happen */
+	return NULL;
+}
+
+static PyObject*
+escape(PyObject *self, PyObject *text)
+{
+	static PyObject *id_html;
+	PyObject *s = NULL, *rv = NULL, *html;
+
+	if (id_html == NULL) {
+		id_html = PyUnicode_InternFromString("__html__");
+		if (id_html == NULL) {
+			return NULL;
+		}
+	}
+
+	/* we don't have to escape integers, bools or floats */
+	if (PyLong_CheckExact(text) ||
+		PyFloat_CheckExact(text) || PyBool_Check(text) ||
+		text == Py_None)
+		return PyObject_CallFunctionObjArgs(markup, text, NULL);
+
+	/* if the object has an __html__ method that performs the escaping */
+	html = PyObject_GetAttr(text ,id_html);
+	if (html) {
+		s = PyObject_CallObject(html, NULL);
+		Py_DECREF(html);
+		if (s == NULL) {
+			return NULL;
+		}
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
+		return rv;
+	}
+
+	/* otherwise make the object unicode if it isn't, then escape */
+	PyErr_Clear();
+	if (!PyUnicode_Check(text)) {
+		PyObject *unicode = PyObject_Str(text);
+		if (!unicode)
+			return NULL;
+		s = escape_unicode((PyUnicodeObject*)unicode);
+		Py_DECREF(unicode);
+	}
+	else
+		s = escape_unicode((PyUnicodeObject*)text);
+
+	/* convert the unicode string into a markup object. */
+	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+	Py_DECREF(s);
+	return rv;
+}
+
+
+static PyObject*
+escape_silent(PyObject *self, PyObject *text)
+{
+	if (text != Py_None)
+		return escape(self, text);
+	return PyObject_CallFunctionObjArgs(markup, NULL);
+}
+
+
+static PyObject*
+soft_str(PyObject *self, PyObject *s)
+{
+	if (!PyUnicode_Check(s))
+		return PyObject_Str(s);
+	Py_INCREF(s);
+	return s;
+}
+
+
+static PyMethodDef module_methods[] = {
+	{
+		"escape",
+		(PyCFunction)escape,
+		METH_O,
+		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
+		" the string with HTML-safe sequences. Use this if you need to display"
+		" text that might contain such characters in HTML.\n\n"
+		"If the object has an ``__html__`` method, it is called and the"
+		" return value is assumed to already be safe for HTML.\n\n"
+		":param s: An object to be converted to a string and escaped.\n"
+		":return: A :class:`Markup` string with the escaped text.\n"
+	},
+	{
+		"escape_silent",
+		(PyCFunction)escape_silent,
+		METH_O,
+		"Like :func:`escape` but treats ``None`` as the empty string."
+		" Useful with optional values, as otherwise you get the string"
+		" ``'None'`` when the value is ``None``.\n\n"
+		">>> escape(None)\n"
+		"Markup('None')\n"
+		">>> escape_silent(None)\n"
+		"Markup('')\n"
+	},
+	{
+		"soft_str",
+		(PyCFunction)soft_str,
+		METH_O,
+		"Convert an object to a string if it isn't already. This preserves"
+		" a :class:`Markup` string rather than converting it back to a basic"
+		" string, so it will still be marked as safe and won't be escaped"
+		" again.\n\n"
+		">>> value = escape(\"<User 1>\")\n"
+		">>> value\n"
+		"Markup('&lt;User 1&gt;')\n"
+		">>> escape(str(value))\n"
+		"Markup('&amp;lt;User 1&amp;gt;')\n"
+		">>> escape(soft_str(value))\n"
+		"Markup('&lt;User 1&gt;')\n"
+	},
+	{NULL, NULL, 0, NULL}  /* Sentinel */
+};
+
+static struct PyModuleDef module_definition = {
+	PyModuleDef_HEAD_INIT,
+	"markupsafe._speedups",
+	NULL,
+	-1,
+	module_methods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit__speedups(void)
+{
+	if (!init_constants())
+		return NULL;
+
+	return PyModule_Create(&module_definition);
+}
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..85d1350e8686485fe1da3a7f9141bdb4708be38f
GIT binary patch
literal 18030
zcmXuKV|XUd6E6Hbv6GE$+qP}nww-M3WaDgX+qSi_ZR;27<bTflPJfv0s_LnkzWctq
zr>2G=8Vc~g1LXU%8`c+9Y?;%$!^fLBN#2}1qbm>qN=`)S6*RFCazY9Ll|Xn6k|f0}
zC7zVQxd05JY3O1#c2{!p=v_i{dw!_CD9!EY==?f>ozvt0qlc!U<V&#+N<esizPVFg
zbAEl61AThk{r%m&@<gHLcAmu@&wZlmrcnAe|LO+o83*bP&4^QXG_JU=hU)KF8wH}q
zh<2$6UfS;&Wb^xQrDX91Sy%eEYe9`2ZG7=?nm6~rtjJ!NvxBs6d1+$-KACE+*4>f5
z5EUZqohxrKkMvpGOccYj%UyA7qR#2JidV56Ei7S=DSK6bg#EC$+OOv3{4D4@vO=A=
zxJ~O&mEQFBG$sG>OXaE2w5&J>^gE2e&}f{!&>g>z{j{`Kce$R&l1i1F=Ht)xwMPTN
zcNf<u54!<rG%Sd{cEGLUH$~j@_fx&eet;TZmh5(dy!mHJtqbte%>?;Fot}x84SF-z
zG%JeqMHkuY4M@lW{MaWwpp^#+;ELoWApgCS4fa(^daEb3%O!P~@mF-GTWUlL0&sxR
z#~>GUL+sv|$?XEg3(r3mA3nQ}MBgtDV=&C^+w)Z8IEIn(`D^V2)PNB+xqk&64!mDu
zp>AviI|6JyScwbCN|Uvf1s8_(C6fnK+F&2wVA5LvVfO~k9!k*fCh-^+gs#D%9T#Ze
z=U_s)ifj-6k_!G&-JREr0l6%skylxa^V@Atv9mV66=xj7HSDut{&wm44Lw}s_mOi^
zsaV+CHrJjb#bBW=I>e#1R-9#E``3(oF*c&kKNRaf!F&IHJXDZeDKWov1@<<wY!;wY
zl9NIb=Y#)oTyf??hHDn_yZMkD;%H^rmB44q&%1mO>jeG1oO4YH($O*aYpoPDdZ3yw
z+k9>DPqP2creq%jBy~Q^>L#6sD9G3Hyk%Px?gpJE4=nof(p1JpC2ch=pGvictW+}M
zONf>*;jglf(ZNUV+$$`sCX;VE)Rv1115Kyo_qG?`(feorjxRj+J`d%WJmAc_Pv!pJ
z#mJl!oTGx9@A$5U@`o{~?+FyP1H?-=YVQP~H*BCAf-^=rDh1+YVj;O<9MBsXw_p@V
zP~xuX5U4Q+ZnukD+=P8>U5h|}y8G_tn2F%82<dUU8}8;<iojnMe4#R;gr}Puu5h}m
z#qEioU5mQ)SK?R(a^=P+%FR&;l3}I)@!~-hk5>$`cE117{q}s<9j{9tQemlI<9s&}
zVY?`}^lTT8+p_~<yE@q7boau|vDLq~H2C7ms~sT+UO@N%FW;REH>rrW+j#pbW`J!w
z&<0LVA|St&kMLQ1_NzITVAbsvGvH*EIs(nO6SOl7Vbr)@b5EcyR_5@Z|2%)7o$h@&
zgyg%H?SZm@D}$9loSiOrxIO8W#E-@CKl%9{#Emvp1Uup@p1Rn{5k(HGoftb^?C`&m
z?<=b#WKLx{O|>KJ^r0eZMSkEdPSCj26j#%$BgGD5BI`Imm)K5-ZX#J7sUATZGG=o4
zuG)46IP_xn8?QriZFGuk>Q|&s;`3bMMtd~fg3)z<Hd;e{Ww_L(zf`y0ls(tS&)o65
z3*S2Xbj=3PSa^9v@VNqXE*&#nE_q}97ifLB>@_B_yLHT~DTjZ(Z~s~7`fMyw0KwEn
zjUI;JF|J?5zl&uC*gv8`e2HNEJa>!o$!hgP%Uq{P==6rie=o;8P9mfmT{=~pC^PlD
zSMSDUXB(PTZ(ZkTOR-Dvv6J0?28Aq~1iJfcZ?ZRQem;;8uXN!m=J)qq8R#d=wOoN2
zSuT}Bz^PhK9KE8No7;E|joJ!*z3!6r=a7QYU7DRC;|&OJeK&s38VQ`j6NOQN2hP^5
z0Z>m5+GlSMQ9ZX$6=Jsqem8rs7|5~+JS@4>jg~A-hK*J@^kzG*{^~~0R$jaEjHmr|
zrkQZho7B<Q7CH*^iI!%DRy!`H&J(?x)Y8zuRtz;h3!QYwo9ofRE(W~V(Lgx)S9bKu
zGoSfRyS{d`*kfPEniKYT7oAG9Jp0kmZR?ZZ2N)>R4zxV;Q3aSTH$Mq#1kZPwuz3Kw
z-1}HNpCPy-KdCJi?oP{*XwO4~G5!YVcB<D#-z5D0CaBT{k-W;}hCul|&z0Xv>N8it
zvg9y5%jhJP4n(xMa(35(eu4xyfoOJH28-Fn`ijNOwHLwToxD%}iC)3%6>eW&g4-m{
zW(h<4D+xr`CdQHgUreKJx7qHzm!A(rnr|W1+Ff;tX-$N*xSKS3l<Iht#`&8Jy*y|c
zry|Eyy36~G7g<eZHllVbTwHF(P1j{9l(%CZ#8Q>YVwLiLF~EffT@AhOBARnW1^qb|
zgE^Ga*%q@pNe&-|D!gV;wC3H-;wrun6^<g=E!c}~q6+>fP?uRg?C5sGy64=#>KXxs
zR!cTQ*Kg(T-J#ZM3(rc!zyDehaJL2w{kQh}Ji)3H@3TPQlLoqP!}zs4Z9^tV9vaEv
zd(+wB+xg~hw4!U~^*y{KA8S;-{Fcsv@^;+;c~HRUMF*^=<Yp<q^?Q6h-bMNq%z)*J
z?ZoW)K=+X$&Z`~N4JEv57SZedWX<bl=#y<z#m$cZ9>!qQSfurX1zqJ*b47q<VdGg_
zZ%4xor5Dflxl*&LMZl)QBiu6#HgwzY;pq+yGHw$y{<$pdxmhKgV=<V>5dYc2VAvRO
z766d`FApWJx_0^aYA2xrX(op1ZD^tT-^-=q3*j4qV^K>FS4$MA2s-H2ki*4W4>s<D
z8tqeA+>Y%4L&3qb#!`*~()*I_+F*X6{req9eR}H+0UL@z<pmG_%RpNF>c6*IllqRH
zgYBLGPl_J)mzT8q^faG+tNb#(oV}~wRpq;hKcnu}pB$B++1B539bePd-&RSbUhfR(
z&r{7)Wu9i1BD%s$w`t`sUp4l4{&vV8cO7@7r?(O#dn~=>YYn3fmg`I>W=V4nExu!3
z1U^Z%881fDCIt7*pQ)Wrz(@Jbo1>ijCqLG<6H!`r)DLR(jkBxSUiO?DJc@s%1EDUs
zoJv|=+h6eX79%fFpb|BMZhaxWLj45OqkHjHoQ#V?%OWKH)j_%b1|31)|KYB{A#36^
zWMP$~L55Kq50z_mVV$X<y<JX6p0dy&Bp~60eXTJ-b#wCn;_Fxp7+zptc((T%@X<+G
z;kt2P^J75h{x4<wi|tc@in8|1fl`sN2m5VO<1_(++hGS*gzpDdJ07_gME?vxZ^=z)
zK248ogu$m9t-6!p>0~WhZ>_!Me@}Q1_OFDqod;9N#+zig9`=3-q}$?|9^y}j#DJ3;
z;7yDzPdT6Y&PBFTV$GtRkI%BFg=r}&a4dGaCmwR4_n-4w06=iq$zf+9Sb;zy_pfT7
z*LzMPhF7Z}W$p8Iy4wPnE*dq&zkGa7{AjOMSK!H}cX$KQl#X8ad1OoWHeRDQ1toxi
zd}|2}bg43|g+Sv$ea9!5B5v4N!d_#2`%7!I3J}bUuu72=+2rS=m}6%#WL%$(1}b4M
z-VM3KjUMggG1cnz&d=WyX{+v?ipcLB6UopU5ybE%jI!B2jWhTX;Bb3y@-us4(v6>c
z;=BDGU~Gexn76w?GO0To1pf303guuYQhvp-<T3yp?T0_@v+ims3q}IcF#~$0c|?5c
z0@K%cM7k0e@mu+J7LKxsz6t<>_F};X0kSMFb`|{^xC`Umk6;LGS0X3NGUH>7QPHe}
zv%DqPU%mf@X?%K&Rx!ZJJ+<PSJpGKvqcc%MH6|wa8`oOzQv@J5H$eXKTQJ}J+t~X1
zBH~krpJT1p%<<{u?&+JL8-Jss{L?P?hn*^LPv4g;*5CQ%Z!Z!b!MVf6A_hsKh`|^H
zD#r&d#apLWxy`d6jHlvWE%0NoU49B)@3X$h7~egmkhLE%>!TYK_+phOyxy{e_U^l^
zflDF*pD{HAeguf_0qD_q`R^A|zn2seeDJQ8kHas*FTS5O7Vb1{kC?8$_Ydk<=S=SE
z0!F_<n?9E6H7|n?>NS5~e+%Hn57)5vec^q3%r{(n(zZNDYhJb-tbeB+FdGJb@_fw}
znjqlE5Bv5Yv{x>i1k(o`4&+>y_0j>NCDkCQmi*OVMRh*5fZ8tw{WF4+VU}%jPhv+<
z@1Lyyw$2=&JrCmoON$2y?pnuwOD--fsxB_FjxQ{-s!*BJ41>{r<f|*FEWDJED=><l
z794tT&35E%?%lD|R?rA>@y_*$@%>hmA=Ey%iXjd*Ttu;b_%F<dH(xMsi6oq_y5G{H
zw0DIBa(NQJeUQPYBj^gRp_B|a@v}dHVtrvgKaCob_#myMWVz|rjM4pjUg;pg<BLd6
z3AuUxk3$W?Yp7QFdoVKv#&fGX4|fRd$WuuS=rO)O2^Q78jTC`fUzSa!GJnQ*u%KUb
zeE6n;h)RWYxJI(29`7Vy^a`#WrQAcBlSV_f(BaDv#LRfVvB27?MjYtmvTJU$uFIcf
z9nSufC|t-)ZnueQB#@S{iqMiii)VD}hXu_!v*XK8J(H6TNGffYcpCc?XfX1sjf(*O
z_b=~P8MCNH>!u7O`IE!NnJQ*T=aC`j;f-o?yu5H!-R7@|Dp+w)Q}=by27m3$zvR2C
zC_kMpxIrdjD#J{CWmHrwW^?4o7{phHRK>cDL%j=Xaytrub_1fSZZ*bIS@P2Z6=K15
z6TV^OW3~m-eDJ4QTYm&uk+g6kyg$Y-aqbHLo>~yG8=1<kEnGUZEAA~^#zW{(_LC~G
z#&ll<WoPG<#eB0v@?u(@N+}KVImWGoD&?5l?SEW-8AkjSWm=*&|9i)RQ}{cg)cENo
zQoGd}v@1pR?XHAn#&TGROIfy#!kT?hXBZ0`zGcdlb$5D5-2Bu+%n@5QjH)RMLTopj
z{xppE6b#E;@K;k(qMjJQ5gQ;25l9vG#Jc_jDu@AaU2vxWi~&qhZCfwaHz|!qWZyQ9
z_wqGu$pD+4r05%908k0zdOd*Rw-&8C=Ee{2z;OjX?=-7YzRD*2Ne<a*LG8PvaZ*x^
zH^!-M#EwAwO7b;hJ^&YvbdHBh+{JD!a*i`&SfvW|n6ul68IS-k31g-w{3r~7Vq6eO
z{b~vofN^y1jZ0wk&ohfr+~9&k#sOuIa+Q0sL#sMZiM^E8X;}y35|dj_Vb{76@918}
z!C2;j<FwN%y7a`mLoaAxoPtR`y*$>1bkF*qRz1yA$`g+g?)wVpd)>25Rf%noaGRV#
z_nM(^;VVtbd_M@F;fh7Qra)XhseKHM+M@QEuEcf_AHqskFSo70k5`PE!*aYRuE17-
z_~Eg4+9iY)cYl+LL3I*3k5&KGp%2H;|F2lxsLZ9g#oScZdt}rc?r*FtM7_x)`FTZk
z!wzjX;`VP(797m2j4yhmh&MbpS_bswf3LRIGq&FpF@)B86hqLh`)G>Vug`8<y|JXk
zcTXlu$UNdPzxn_2S*aSV>ovU5JYx3t;oVF{W+;tDFy**?XD=BGNPxjEv@;(qZ1RJ>
z`c7=Y`woAD_KDx}%oaNd0McpvYluy?v1-pw?ae!)Yw}G<^|5><rrRk#a?;i=4>&d@
zO%3J|<6HGfy^NZR?lyS!V|d~x_xYZG*(URuO#~0R^OJu1BK0wtf5|x<uL*TIk$*;I
z(B0&mQ&G~_*3#Z9r>(7`tWDRwrqV~ZeDwTezM?EIONUBYM5-IEmrFuM{MM%OiJcqa
zvjUgYAqVlD1a4+x$B%ulAsBk`Kg-5&=}dTm1Rg0P^eImtEg9nK3>iv7{BDd*1Ay@t
z^T7+&6;&Yvz-F`s1C6J`7Wd860hO@<LkNWYjMPy^mhV_dLoB3#VtW)0o%#dq!!HV+
zz~;$Ml+br(AP)p1@9QJ6ptP4hpRrvtut@bVH~g{p0YH`HvSQe+2v%o@<wUd0QBb2{
z)*VcuMQftsBp6MGNBB6S3dr=Uuw#ZK-2065>*x+U#Lc34hnuexjFQ_2%p*k;M7vtO
zHscCXFY^>>Z}5`_K#k8#TMIFyZA$|a&a*i7*!8({U<m1mW1Y{8X#$&8e-Fr}&`WHR
z)u2KOrnvsb6Rem;=md1l!xd?r@7n<$=T9P9WVwyNHL0qPfJH}EWbA?DyB^v=<%QAi
zn0>=7vgszLh&uvFmS}61br8boRCXkay#RYiNw>q&2SB;zb5XXLP7v$D6~M~EV!KE)
z5K=Pp@1Jv!I;ns(z<i0>t|k4Mv1q2yzx%*mph^qN_b4a!a`Xb(1|F{wLPAcekhqKk
z;#fjX&XWr+9bXi@#JU?jK*QUn4SYTuj80)ahLxVU4DuzQ1f;0rp5PFOt9df13{Yly
z$Pw2s)nYVjUFR3qKiL4ju&?ll-qS1qUfeypQ!FznK#I(d0;WMZVXFYW`?#I9z34zv
zd4QuXjeTDiUF;qJw>Qstss+gDFBSG6xl?3lGR0#`pW8R&pIx~e=Hlgp9eCiK#+=4c
znA|&V*}A8j^P7*u^dlVp<R1I5k;jJ;@8q7FC-8uL)E{T&2vhWZHY<Js__qiGy3a{w
zn`vM5hB#NprB@#EG<BlRsq{b%r_Y-T2eOUEBp1yvsR_~Qn!Het-cFSN+4N}x;4ZDS
zc=DW~unzDi(+i7zZ{URNi=E$5Y=_*$TyB*L5IVvqw%(!Hi|e}^m38e9kmQ|svgGF8
z3Tzqz+4bZ-z`^O$FGpkZiz@3js1S8}GDqD2B1pI9gUy=C*Ms7w@{9cKH7{^Ml>R{$
z_nmnG4<JES3$^=_E87aX8)5?~U6(tB?pQOalz)<)<aEu6u|DfW*f@c(yRU1JFB&je
z)d+g%R0ALJ>R}egxk8Wn2|g;#v(3@@REW#KJ=Z?TrNKAfoxE)gnLg2eoYx15hbf?z
zWrGlR&pbCj*-pIrj5yGp<8mbdu1{2*l0_3?(j%=cmqml7#wn_emvy0X_=Rod=29c^
zXXj!_V%ep}MJb$vg^9*)Ust03#%|t&>%^Hj+@s;R807Mhuy8xWY?Ns}(`UUeLv8>t
zKRAsM$Rfcc<!wO-Hlth6EHe;uGer{1dxiwylt>JGmLzZn%qSHp5$eVAy^^k>%G?;u
zp2n=HyBZQa#Sq1o&%YxFy3kswN~J{t<Prb$!BVvd+yh$1Nx4WkzQ`}}DGV`-6QHKX
z4mvL}rARAY5<sa0h0~4(quTlyB<AgnLeT;ZOn|$&Q|*6aUTJ6q$q@o7(far@KEQut
ze0x!!_y^rGimZ+zQ7)Sx19~Y=%z_@d2f2TRizzY4K<?(cYbztMv4In!OtTP+iM7E$
zyl-a-2RT9z=WQ;qg*-TgSTtZDg>;}!R7DcCNxkhYFsghG&q>u0$IQlY(sJkFO*hWo
z$ppROguNL`gPiS%FP>z@qbzpAJuW4CR%QNcde069yC4Y*1y&pWir?4yXF1D**XF+7
zV2fHQI!s(hU4}up(c4+_Yth9Ppmo~O<bsUY*So7N#I0du(J6;UhR9<u6_+@pkHe<k
zJ8|gDJj8^0RBW4N_J!8;Ep!rq9L1BNsW77Sum7emK;OM!??r*>`I`iXFLEb#=2`lQ
z5Nn?VcOM1tBAz5Y(7d-~+llup%bgm{oFRL7ykPtr*Wx{a`TEl`Y$e$nGovRbmVPuK
zP8whRunokkH-GUv(sq05n%s7onLRyTvS2}BjV<C^{mBjNkv!}zFiJX$`kjAhedfea
z^C$wHxw7{F&tU`T9PK!o6`tD7>X8J_@h{cOa$>`C&#7seeu~S2tCt8jMAdrbLzNt|
z{8zS$?So>a1LIQm6}6n$Sh6Z0F`w0RH+O){P}`laU-OT2XsQ~ma%S0#MwH!OG{cZ^
zm#KzYdC&xV@ju6H_GB_Q1+IWm-T6AHUx$40th)1_x;V#4;yH`4<=#LmPf~=Hq)<~d
z+SF}%a7WMV4Jr9|Fvzl>NvF(Ju#_mC;tFxkr7`|E-<{rYA*s;qiXYV&0oSekH%b;G
zNj%9F7e_|2P^1Iwbumf2RW-^tHF3lnI`&XgTzrEx--RnRY16Ac<jI*eAt!sD$Fc=2
z<X9syWIsy+n?t&`0E|ZJfZYlP!H?f+lg0?Z<uA(m8LS$|{=#&Il~6OfWP)aOnQ}dt
zvs6@X@J6u7SVa^YjC_n19?yy(BQP-cQN%=vR$x0_<fKYHidG%UD&LkP?4+IYx~Cic
zt2Xx3@Id!_sGlbpYhU*{4@t-@igTAmDF!wKz8rw{7$^VElx4?rzL3Hn^kJrqA}<v&
z^Q7A(#EIfkCDQ>`y&#9}H7~<?EjA&q*a1n0Jw76<LmMlER!~%``!{%EoL)9VrI<%4
zwAu8O+6uIyE-vO6{7XPF^ih}*K8<=5!pDp|@IOps1KFbv@bFLQlnWbE&q$o47T6b9
z#lu*TaOgc<RYw(lJ8o|`KW;(t5kp2k`rn2q%40zpdrr13JF%NN;xx8I>R?vn2<>W2
z<*b2Kt$)H~xI@%euhX;T-B;vY7bZg-xdp=}=PU$5NT$V>YR2A%;z;)NB26T=UsM}5
z{4g_gsd#0FIx|0_foaA(;$PLI2_lCEU2>8{I*+IgpC>B^aUFCIW)0FN-Fz+t%RF`4
zf9@~=rkWu(!v@>{@vlfoB>S;`yVy_yP?B$)n>T!=^#MxESMcrUPln>@*pNRAtH2Nn
zOCPY9F8B=}D;`9`LfzZ-9oK*GA&$*uwuIM1ontnq{-ww_yY5^9MDN*!o&?V;$yx}m
z392-Kb+f<!8%{9Jj5H4awHE-E%sxo-F|B_FmH>wPadRyMnc<B40nY5%?g|d`AMzTR
zT#CMUQ*co!%!@|d1;M}xLZA}+9=uaG3gHgHIryF&MaSN$Zr6h!4a#1j9p~vr22OoW
z+@l9`D|aN1D(CHv@cj)`a)rL<mVZ3;(w=WJQjtJ3V4#z#F?+~~q7)SB23ms?II<b*
zVkVRXeU$a6M<IBvE<4&TPXkEf!A|nKCh?3$FxmM9U{;pc-?qJU!4)L0R%ijV;T6sF
z=7J;~lSez81Ce!-bZPWlVTzE2GJ=?K0#(m-uZVTzL7XUc<Z;+17Urh;c9mMfC1(!|
zl|vH_grT<aN>}OK>&5<|^<sIAfF#&YUJG^T;s|zZdC}x|Zis1A@YS^K5}O`qUjniO
z#hYNC=Oy?L=1K(|fm!1C+JZu8^x?Q^j}@?Ut4aAmjb4D75S&ntJNG^DH^TZlyd$j9
zqrE%}Ge-YIh!)FIumm;fj&o*A*MZiyXuct{H%xX^vs=JgDUafW3`<$twM1Y|_)oO0
z<6MXyqrP_1@LlLXNJ`zLpq{}$@0ah3MA5Zqz<Xwv=%-SU!%cZpPa+a~45c<ua4JR7
z@1cJj1P@ViXN_hR*mi@}Lo#68>`BB5Ap;_9B$K7$W2#HsIG>lyAbL@X_lR4pQ^x@L
z0AvbN?opz!JB7RUi*EZsmiy=?di)6$U|WW+bUuzDGP|^NR8y&0aW@J8;(m>!-(J-H
z-oXqcS&v=l)ul*1W@8W)oT50$=5Pf>@W_D@iQ<n(5<(}E;q2AKccy#1sugt`MCZS1
zKE<pL4|ZYlVsm-rem1D`QLsQNHV}YE(CK7OyO*k;h8ZyHl~P^7lxSoc;0PLr0e&qC
z6xN3f)Bx;W2BS0qJ)2AT;XkR5q&NiE{(%Ml!PPPa&hSe}kW{cm|9o}?S8Oo{>Ep_B
z78YKchX!2X3I>8wwmX6d3P9Ec$F$gh^v%JUpBIkIeT_5p&DrMwZjm5w0TTN7c>&6N
z>P!i@SStX=W;(pU_w?0}jT~^s*!10lUr^~SDnoCg`wA*IvcTQ1GDCb7rtkD}qc11k
z<xxLd(A}>~b&yYX?EZzqKEA(Ub!UH?`}m{_tVT*B-cGGFbGb}lnLT4kDFUek`j@Xl
z@RB|zP}#K{PytzJa6pfD&Z>LfJ^{|a`7<%>mivg5&INBTc0nz@Uwxk-eK+8NEW9YJ
ztgx?Y!Y>hx4uV}1&;SXrKq4T(oK2Y&&WBP@7Yb=g6%Y5jo5Af}GLYGTs1I}VTN6NT
zBry&i3UJT_=+^;~tLVVm6u~Ti0j1e7K#DYhIU^&pFu>cVGj1Hg@mkoF9o~jZK=DO1
zt2sy;C&1osq)a!kfhG!&x&cgG1)BGki=ZrFcZL*a`B@<duAPVhcrF2cZJ-&Slf;1$
z6_TVZ+kPPs^jFxV9o<m7`aA&pV`+R!kUqNp9mfzC#f~mpc40n9!bO)g(Wcr<0L3Lh
zP2toLthwZivMI(T<>y_8ksZy@m0A#uLue3V>2JjZ?u`C%4j|Bj-Q_gtrg4@5M6+_D
zcR3Gwg~u9N`%;)ynOcx1@z*3m#kzy=q`v*dcwuTcH`?xms`Z+X8wf<Kxc0=_%~WwJ
zUlz=*Hg)6W$@yw7Mcrk1`(gvJJsYX@+5(yGREC*GoFNI^DP5;3h$gAhBr~p1bq4J_
z3-m5bq;{%Nr1iAvngwZK=~+C|kTiwrYkWb<+vQ4Zo;o)*(3en&hKaSZrbO%PmDjp>
zpEa<6)tsy{^K8tzU`G1-*P?XvJYYtyP(7*$=vvA|qgJj?ed4D6W`^C@Y_%w@R*_PX
zsCA}b1&A+F`k%5w+Ps)!9-v<;(67FuT=pT0jSsEpY(o@Cf!CLaptz>+`8=!~=tnZf
zJY)c(=oOCe^#=r_(2?p;!%^l{21t!~ij+lyLU_xCE$l@ca>gA}42?8F!VP9Zk=!dy
zaW@aw;W=V_iiC&?qS~%y-;Kdx`dre(hn{DvK-7l}DcB5Zi0q!sYXEhd0=ioUns=y3
zB)AHV<O-4uhX#V{0rCOF8HEATPlIWuK`RcR0lRXbZ>7l}`A4Qe9@`vi$1(pXbUPH`
z5RS@q$LDJ;{pEkB!xHOu$iT_lp6;p@f9%0-<r1&O{t;#4<oy`kcysjCZcV)lPW$tK
zXFu~DL%bN+pZn#R3rMDZZo7eYU6pJ@T0aGwt|?4_)LEQ0>=3Jci9yJ5?v#nWvc9KS
z0F#N=*2XMaD?aT#eEXa+N<L7n64Xr4`|fE|VV}xbK{;`ZHmVEHY;C7NG;_r)g7cxR
z<#L%2j~3QmY|#4}wQSk-)kpog`fX$I<SY)7XanOLPi+rPK~2pX*Es){excgUO^;OB
z23oDTvSY^OE%T17_0jdM+j8T;$*9_tta%dR?0(tmjqnyt7{qZfZ$0^$l%?oTLvW_c
zRl7>Ey%V)^nZW#r8k_;lF6k+8W$N6CgeEftBGs&Pkh_<-*2QdGfJ*1|6kY3)%Vixa
z8H7Fsm$Lu0T*)TWTaN&ni6Yg9$}A-`S|gijptl%*ohufi0rpLRO;+^0AtkVczp#$1
zka_p<9aX3}g{D)nfRyjTV4o3cEE^Khlo&MdvJc5{#cZhlKb1tR6vFA%BCCmjeBNZ7
zT&BnD3HQy+X=Reia;H`DF2+>*QHev~VS$hZ-|=z-ZC}<i3?Qm;(Fevg=UbkRM+u;q
z2Fb{RXow6V6Cw;afdUwT2}U*|?Q)O+Y6eEigaJE}flh6xa+Iq2kOP_3iQ}PwKXZWm
zxkVW)5?I>-zxO4qIj2RL8+>@jcgyo)xao@J|1uuk5g+G0#6i2*{(4!7p+D3|(YnwQ
z+$l21;ei_Bh;%o>(U_#CrB-IR2`+kB4PpkGnUwvn+03hDeuW2GXAk!{@66ViN-<f*
z5d&=VkD+hODW3=^5kk5CtJE4-nDH3N1c;9{y8G5qdoQ$H%d~qRQJM5-gxK9;T5N!m
zQ?z-brHUy{&E`ipJl8Z|+o?49=KpPW5?`A77z?h+m#Xc4p&2-Bl3^CzjF+TlvBonB
zvdNvQ-J%)$y>EIaz=;mP@HbvFX8Vdx8veGz4|KxUOYJg9>4m-_53u>ZWVJ5VM(hJY
zY@YwD__ku3mPS!1RA0XYt{xhxd&@Q>SDrN<hL$SPY@GvN6n?A>_yDus=_ws*G+Sk@
z^Az}j@qCNYTNNpqbQ_k%Sxx}0gR=iA-6$I8W1IjBr=YRtE-=8S136=$pp+U>-<uP_
zW(26pUpXln3ND?h3#<5AgV2*lC=@q2zJRojLPYzINH+({s1srD2@LAU=RRya@u+ty
zYC|K+sy_WbNGs|JpQ3LOk<r+l8WHnW-G_dA_a-Zl<7FW@-+s3ywS^mKPAfSKrF!1m
z4C>e^>F3=h0dcK;A7d0I03Y}+_QnHXbP;E=*YqDv+Bq^jml-p!9ykV$m{-S5ds`Jw
zlxUQru;WPT8M)NQO)LCoTVrU8FTq}k%Kj>rJWY+4$u{qu607iIBUe;YcXzSMda<TE
zw7N(fnNlefkgX5K7;Nf_lOOCAtpW%^<h);1=*wak*o+NCF5ZacSz)&)^_sKhyRbhf
zq1tj-kQ;!w{35%kIgw7e#_qbfpTDNiY)#9I+kzbvxx<$CA~W9hDhCL&4f`eSsk>Ov
zh;aS7+`Au7a*n~6zuGgW+>*JY=L~oE(eyw_Qjv#5nzwxBs^W=t`}Uv)e6uOolKv+T
z(0qAd1;NsA0N3<Pjb)wTMFF69kpgdbZV&ZvZm)$VZ24tY#UPIwUyYf|p0SF!2h5;*
zE%YQfi*2map!y6dS3h>a0^9e@cWcSA7objTN|QV+N^*>VyRC5}VU96G_H-nLi?*}#
z`j(f*3?K#qZ*YOka7ABtfDOi@1CT_2?7q<hpmpv5Ql%flH{UZs+mXcCwc<kt4S3*&
z&8HfZ;FbY7AQ@g3z}X7OD*+hJ3E|b`Ew5q^eiO&?&R^04p#ETx$S4hIEV`-}^Ah-8
zxKi)Afdf`h6`@^VfsPl<(Dl-aQ<_A56rlhz%B$LFfIAv6Iq#oDG+>*)05Q4!&$%6X
z+;<nF8L?kpmph0cSlUwx$pHc7cL-k$e)0UZ#5z$==G-<9aF@P_k9Gco@h|Vrm4=m;
zoL`R*<&g)<*~3;pG~h<waMlB>L`*})ia%R2_of5`RC4&g*XxX7KvMLN2>}LZmO;$f
z_ZIEZ)xVqtp!D`6NLv-Ap$yZ~#V@rMXB@zD$u3{^`D1Ss@Jkm?v4`Wg9JK>}IUmrT
zTTiX+gC9m9wOGVITK*Ci3-F2Ue3XXzB?-}oSIQCuQ}df9T-w}8hrDm0v~jpRNM|Bt
zkk&l;of%+`w{Qohsar{MIHQ=u<2%AenS7Mp^qd6uW*d<5w%cp2milDu(2Gsc29n}t
z2J}^hyCv7|#L#ml7Q7KXZ@*TWijuP&R#17DDQ}G90tIO1u_=JO%#j94MTqfw+>i!R
zP$<os!P9M$mmLIUhv-a@`nBDW0ThJ?WA|XJr!nnOqyaE8i;k5hH}@j#*&!PZ%G4+O
z$bsv~75$H70F7jTtS~LHYZ+=@c`}S011QpjWm`2psHVQS9!&w(u>8PPYf_ob6$9vt
z4VK{R+Xv}hi%fC%+>hK%JX0INkPed4AUl_IbAD+jcK$(b@0dP+kG&K(uOcfHXRzti
znmV>OBuvMLOE51hY-4s3_%><P#;1tj7{CSF`sp6nDr4E!t%TrMmUYgimjbUW)yAhP
z{D`dtOwa);UdtIKP29a|xAAEdgzA|22RYhc7Kd&KupLgoid*fm7c3&#Pwiu}S)^bO
z#A1bpY_xo|Ir^wetm;|AwIYg>!E<Pa+_e~FTdA9jzBm)OkX}|$1I*O{i$<$*{8c8U
z5eRjp!H|-B;|7(ESi1RxbkK21aU+{>GbylrCxN@^^wS9?Qf&5sd;qCc3n?dnwn;+O
zTXfw7w2oUS5ujYxN3ZkCtHXi;Bv6%uf|FDV>yHbl<QX@F3Rz%NBec6WHxxVH<{m^p
zlM7g25*(4WNZWoG5|DW_D@V+nox?~p7N^qw4_r<tlC6cp9F@}y6fXbhz;vpjBY2Ev
z`!FHrJy{^HvJ@od-tm9PF^e*UQfJD4Lx|%iVv|S=YLWX+|KnVUt9J|<9P_$F#fu}(
zrNB|d33Phn=SMW;9i`IFVMnmuG(#5rt<NV)MSC=Z)i207C2Jf;j7EFbkFsBnX6Qt9
z>ZDW@>DlYl;dBZ|&r(c%ljZ`ogjLuM^UQpW=rT02nKJ*n?<LwTg}jmutH=yaz3F=`
z;^GXHKKMljUN5`IIPuQzq6?w12T|5$%mV4Vt>$tMpvJ<yqo9ekIf)T$qAJePZ|Cfv
zL48zL<;)^GCyyGKQ9lxPmTM@#Gx33P{ENxayihtM_Yp(o)XhSMV5q)hj(}Qhj>Dy7
zl5N6FB&Y_W8)zL_>Bw<RJcpaa1w4*&+Mg=Kj_`&*R>8&If-M;We-~z|Ia`X)`?r$p
zjCL1RGb}Yi$c;e*a3iKdC#$3BGv4|jx<hvD$RH6$7<L5I0Ug*0$3Pu7SK?fEIq%KT
z5dx!s_W7=(5y_#QN6ZEZxa&7Jv^HngDLe!DiQ~m+XvG$3;39O{eAU01!K3<aWcwIV
z2P7r5Yz(V$5q@?a&QfAtTBNwClime?8fFY#w0vY_*51l3UT6L)BSSa2zZ@mb7?xT1
zX^C;+U_#L!%;P2(-X&N%@B#$+(2ASDA2nuDDX#$dc@nRtzhRI81<p1$dDTsz8dmMC
zJV<m`0HsQ8XmQ4nRVu(%_tqX1o-BepIBLwbzNiCylUPa){rwyWpUF`KGG7rJl3nB}
z&^y1w=O<vj4)SM6`2mpqlUv!d^>e4^8+O@7y;YE4ovi(5T128m0WPX>FKSGK)pI%a
z@Qs}uNRc5Vs?{0OeEst6q?muJd0F@SW*RlbLr`!j?(Jb2;?Qf_l2OE3Q&6}n9XAIe
zjn(Z_DYf*_<qty`=xfl1wTK<M*9W4t21aoyqJoAZGt_IA2O_)F+H6UbJH+}s6lI&8
zSu~=u&@Op>ScG3bi$jtKJ3>c2arLG!>{rX`NNN3Ds4RXBErhoArBbbjaI|T2-}jN>
z#!=p9+6*ri5>pgSH$fFxqTwIgHKdy#sTVX2kfaelu}4wEEDsY?OdW{wPZCG04G5vG
z(H+Cel>KGT&q5KqU^8wZBpJIRFDiJ{6(ioJ-faFQhE3%wX}Ps;71fgHxFmiluyQrC
zKjeBbEBa-9vC+IKU1{rApNhgqBeqQ!MH&96O;ZZ>jy~E>mu1-qv*K`QzD;<)tc7}n
zO}w+s`TCRCq)Uh5w82RH6&aCE$7@F{ao!TLcv86-usybBU7hPs4Wph9MX^^SqZaJ<
z#s}xl#<ptK)o*B^Ys|PByWEKyyk*FmE{60F+F3TNKtZw*0*bTYzFmxYkF%7J$>E$S
zw$05m6X)P7!1I;5es}xaaB#!!%)a*4LWctX3YJHvQ6A>|pAV)pBHQ6kOpeEicoNZb
z0ntWPJn2K1g=#Qg`oD+kSATS$KiZeqH)i!|Kb_+r?KaGD2c?fUa>&eKjkq;I^BbKD
zWH^Hx$0L%y7z#Bxvk0=RWsNsNUP#F`Llyjmm8VH4_pCOLwJ+q?tS6i7(MJoqHw&`U
zujDV_m#3TC)OBteW~yRs_=2jli-xuA@UQ8s(;9m$kE(cX8m^mb7L7D-8epzM(we8o
z&blxxi1*=X4rFG$gPWIAGpc?Q!zPU<G&i$Uv&TEF20n^i97{lXSG$#DRSjzy9P;C}
zSbhGdTH^4~Yw^V%@b<k(X}b3-hn(iGqF35j=av?+g<C{irkE1C*F`OD*C{&sul+gU
zh-8EqoH=S!N8xmpuVzPSc1)LG&32s8s8#mpuHEBP-c7lE#X5bm63saZy8)IDcyxK$
zU-%uS#gv*BzXbe{ldR$_8=Z@z()fL$DYVA{!ZXsOXkL}oF}vHv``cpZOQ2~;Q6)H%
z0OueHbd}H&?W*dbzmPV?nl#O~1zXg-qdR6>U0QoC7i8%soLb3>>G(`re~Gj$BIoT7
zd5s@lO*b5E?(IZsZmI2Y%#q+-s&SPfCFwN-iYh)J{aKW}YUPjK)!0Nko3}c=8r>S*
zj-(6b9-_o?^oM}zGomf?=BbZurDFZ-M9#wS<_64G>0`LUepk=gZN6svPhT_-%jP+)
z*@LqiG*PK1Ys_auazl|kh!pn3@|#|qPAE?MGc?_>;IzA<{E)**GG;}(9|4PtYtq$O
z=js9NAq&UXVuVSf(6jppL^L=?&-ZQfSG_|d_satF#nzRSN+mqB4mzB3^thd##bY`?
zPzzV+ei66od#SM#x=sP8S0;2_YM!AR<xqV_22``4qi(N3`OAIYr}xbvosYS;m0H)C
zou*2DkDCw)95331%-gJin^zaN5<FA695x7HAAh!6aui_~pKER<P9@eH2e+{!$iJnr
zv1TYl(iGa~B7}7~=a15e*0ECadpwK;_3;x<z}E?}6FwVop;7Slddve@0ds;DI1`J~
z0$1qPPv9blRgybzj$p*V02|K5wP?z(vf9a=tytYoU%EqBhkSE`G=n&>mG=&B?ju7F
zigN?JEBI#Gf`+lJo`hZ+z~c!+R_|)7t-r`Y!|=b&<7hB$&@W5D_NCu%+eg0@FB$}!
zN>$=o4Il5@+1M<5YYfXI5JXqN3z!imTz|XK;eACYlz`0N9oip>_&K*K#J#LQ5YGWz
zA%sPp3ij3oMQ1H1vL0}b-)E||cp0uMy^^7cqTOFQL6NNC-S^5aK)zskf|al)I!KI|
z75E9-MPPn7&*FE*y<a2G%;k9?(KC$^_wQZQz$Oo#3_eWct@fKvzahON&OzTzq&df=
zt(p$IZ_Pd$3<Rlr3?ms-Z!n-k;rdC*$dx)52d+8D*@VC{v>Aw6F}$-Tb$A6Gb~v8G
zkM*I~V@bGJ;Q<?9Q|Szf13w1FwJEE2Mr>d~xJd7D+D4nTvs;<j>uD5>Axz3EJl*3c
zDxgdH?`RYdWhs%m4__1hv49c<u_5wX{U<$(ym5GE{uiPC=%(BP9h~LZwPai9TM)q~
z5+ip+`YDR&#v`+C#Kg+;4AHhS0d%XVlFB!C?>>t(WmWXVFFBH{%;+DGJUFqFgKa>O
zPDWx{&1DJ0nSvOm`0Gw>ID7s5KQwU4NnEXfD9|mgO(C5fpML=VohAm=I$htxXsgdV
z!^Bn%KWMP0_uiMay8I-GlV1>xjM*WMH6ZioVQPGpF?j!BSjV!3J|$0XCqdEp){=yq
z%rSSSrjXJs%XzbsGGN8tM7kZ8`nQaQAmLlx-`u|p$d>x=>Lpy=?9GDvu{#|#;@6x+
zsqwZ-5Ak@8((f1)+;1%DRCGpd%8OLTvS9|1N`t4yB$u;7bOLS(F=9hA;$75Xf@N^x
zAtTq4ihqew3fEU9vyMnxJGk&3Ph-G+*VE)dKP49LUnng-9)A)8w4AT*^X1&`f{X^x
zQ@wt(?>Os%EJGA(>$-w>{003}wl`S-i^1W2te)jZZ2|5j-Eo+sXsGT(h#CQ=!%L?3
zB`Gsn^{6sS&1Dl+TC}CoVA@bxWT!W@)4i-RuWrDC!M0rR6F>h=&0lUw`5sKvtvh+F
zG0U^_A*Gt=y>4|LnTxm>Z%Vu$r`@1o&WmeAL59<lw7xW5fV(1e@1-&w<l@*x-x2mW
zV^*FrWn7j*o<h$Izjq8fFpcp-ay7K9ME2Jb^R-Y3TUu{oViEmzlJ6I}b6seRptA%i
zHe9%GLoc4!kQkJ??@!S4#E4ck>nO>JIlb3*EzxYE0^csuP%}SqF6Y=%hIEw<bTZhK
z@xT5AWR{-4!!Bvl27$?T*<VkTCGOeQqP2!JT)tS6K?9#s5}d>+qa+Km@+Wp`&TbZ^
z_S`hhmU$VN8e+y8rs2_8*bsa~)bAq9M)=T8%^{}VmuwwA7MgJlR&o0PP6N8^J<9b4
z3H!{bB#8o04&HPb(5+uk&tqGrGz+k<^kW5QDlUm<GR<F>GK>)@HI`B-c{$N0)RW$=
z%=HyU<DT3Uist_mY)K@%L2Sv#!S;!3uH}RB?Q=W+?Yk?Vyg2Fne$#Itn-79&wZgvk
za_L^0T$MNH;>*<8iUIEg!5PR0Oi%OI3Uma%5tZD%n%<-MVR0^A!h)}VnvO?L_+xFQ
zi^GglSYGC&T9SRSfS>zdJQF6@t7$lGR-9$Gsze6-7hYD2XF|R>v1}cKL(R`f!<5+q
zvEm*YnbZuSvl<uClIUxS=@%T@?#~j;6mtQgXX*r<6lp;XM0)l*wp3^wpqXIzFcL4a
z4IdxaT9OOQ_UFQ^$om`e^Jm1nIvuCdf5+@GN_IEcFjXQ%<zCvL*$ufPTAN{#tyy9q
zTfp8JqF@^MvO=cly%IWmi~R*Hx_{*yk>d(y_Cl=(%Dwt{FjXWIEnz-?c@F*+@=YJM
zg8MNKe;qq&rlGC!&4|hVR%{fP3K}P{TCwo<?(o~B3u;gV6Tx@{BQeDY9uGyTkN%{(
z`8>Bld8~SCgVFB)(tWOj@J>?SS%E^yX61C04kqK4jQ<R|Z+=T_jIFBpWIMIcJ-FVB
zFrju5p#?exN2a$j&JSXj{~9;uAlAy8(5ZVr^yD2YStzz6r==NVzp!d`G7oML!2jZH
zca;65|1NMRcBNSM1vDk8lvfj))M{p*IjnLM7BOAYvgaeV!BhUmHs`8DH$D5Mb>aUQ
zdV5s$CWcFF!&VmHQJ1B*Gr2(0upG%NC$8OG;UFXa?RaLtOpTjQVNvb;=r?s##my6!
z)r@^Grd26LVzH!%%Vnd-Wz3m-?1sWFoXN<J7`x7!?)$I8KU=4eg)6mRCa9FVS8MUV
zq^ZVw8j1K925qYiDs3s1;7_+ZnhF@13>f?+ERDu<S`Xz{E=_yXoZuz#-^iLddN?ex
zyvylcRT*~wGK1O7@okXbz#-ZRHEAQQ3&xzrF9<XKb1-etE0?!ASZea_gy;xYzflsB
zi6sQm?|V=Hv{iQpvHx{svgNF#ca43ushb#s{UV1BL`QoG%Yn9Wtk}aL(@s(Sr%V#T
zC<SOD1<_X9wS>3an8sdUooTdkYZ+OCBF;hq&_xESqiL3&OkrbKWiga2MYGL_Bkg4Y
zETzDjD*F8SESCRmcFkQb#E!?G`(=yIKw87C1Q^1Us2v+>n<12_nU7S)T!QJ<T`SHO
zQ|?TkLncxv{$5Eu)~2%}my8#eW(u7HPoi*&i%*B-V0g8Wla!ej=L63OQ4vD6gQKG1
zN_3wX4BKlWIZ4S}$x_kBmxYP2ZR+1!^|v>-Vn2sQnLiipdHXc`)QAw%DYUX<RsgA$
zVrZ8Wnos8?u3~R|s+@8+wGcjq;Mh=NCL)XYP)U&DL?fMJ->B1)2^_k(R*Cs$q2jZr
zLrmv@mC?HX(~K5Hm&%c;G4k8ij!`{exvK?lF2DXwW36PVoKQl<<Wc%Txj{O7<XrE#
zt5+u6d@2QsWyj#OHKw#{)?&j$Z^kgI_2dhu^=7;^>~c30XontK;9M65?bh2Og2OmA
z-j7Xk1IEL8UO|pP<DL<w)9<<*rgO)~?mM^`|98mJ)R?!RdQNuE5Bt<h+fRQ36-Nj}
zw0#RYunWdl3>2nQ>p&!SoTBM1a%2dKSQZ)Jh4#|?17}esyZuz&5*%97=KmGHiV6yW
z$IS<(ZdEbK9O%kbE@4}cL^#R=4pD&MXr47WEH<t`a26~@v;IFg$0$HxsBew`2PZH0
z+4i;6dBkj`kmh&SIEO}th-nI!D6;*5W*6JVJV)hDk}q%|C9$|cOq*IJp=pZdi1wkn
z$g8-D3DI7k3L_%{+4ewQh<r~qL39Hn?1UD&)k!wBc+k?q=w#v2J=e6hb+$`4%ejZ+
z=5f{XJ<R02A)|QhK3rB3`r-9C?a_b;-7e<8?k=NeZ`rrPb@!<*MY7e4jAn(p6&_>!
zP215z@*=Q|T~t$Kd2p#FCen-NwF@RJIxX!ALpM4MIt~Y@R76q(RD+eP5`Bf9s$o~l
zsvJWj>WQU)QHiz0G_IC3iKQP`?Sq%+hWK)5ZsRHtTW{qAQQSust(W%BIqd8x$7^lV
zJ1*^!Ij1@IBwFsXO;@TdA)@f^=2Hx+XsOI-Up01XU-lEpHZk`ubt9C#kTx+OWUu2Q
zTXLB%Rp!3-8n0F6OFm0%FUa<-8L#KU3)%my8+j|gyA{x%(^)M|v3U!x5Yp>zEb|ns
z9#znq7NLj{^N|5|)VFOAvOf%5s}RE;T{!prznUMA?WpT06-GnYj%{R9=gyg9BY%me
zlLFR}feWgJNf54A=CO9zCzV!@*0GJhL^&z`pJq4Kd#36xdE^yPjsK4mM<~PvB#-VF
zqZ~N?vJ1bhHYADzt5w(=o7;ennnhLb(qV4p)Ss>iT-nO0{-&Q3bZZf9nT^{8T;;O`
zd?%S1^ph-IKe=S_F?e@hS4;-Re=rZb$Kao`D9S-}XH;XPSulx~nXdPv@#|a$3k~uO
z8z0qPe%wdJLtPuDg`e)6ExjC#tT>PUD9QtBd+(EPwMfw|!VAkZd-h3Ey%ZOnq9IG>
z%l!TJ4@?ic<~-L-L}ZeXrKrWFfu!rg#{?Miey#1Jb(MXzhTH12X5**!c37t4r)&=s
zFR}I#qvr?@>*_hBKRmU4IA5&!VQK7f@u4~%cBO#z%=^s|*^XU9baqxzw%_7dg#dQ>
z&Op6-r+0}wNu@u_z3EK|X)oq?rs@~Gwc1frkeZCdxdEY3wKe=7H5*k$(8@2$xYTC)
zB}*+go1b;!Q~YNo$z)Zjt8m}{2czyMV9&Yyrdw#Xgo1q)36{#%%Q#rx=&o=-UF}FM
zdFh7XE~%!p8M7QGdx$i}=rAI*^S#Y~Cw*_l5XB;5Hvs*ac5*iTy>UElXcI+KHn<22
z!N;Z9pUkT;$UU3aD*sf<R#ggrPMW~n|8D#rQ-xIAn_tsg1%&rf-|z5Bb%fH}PFG`v
zvM-I<3U;?ewPx}w^?Isq<%8*p?{cGVhk1K7;%D|uzF(7~$>x<+s}}4Hk;;ano{tm~
z$hP7|Lk^7@cb=Ly-kEg6A!eb?&^zV}nYX>H7Y*k<dvNz-<A3(ErKy@0da$(~*OcCH
z`?VRYBC5PO5&kr9FCb|(3w*!Vih3K3mWgou49D&YjC!|QGXJ^O1=G*i<<5oqkpI4h
zuefHgiD01k*DbWfSHfhZCewrer&-*_!Mov{6YU3&^>IBK&Bw&HJx!ZR@yUubo2IJu
zT!D`Uw#}oj9aivfgNCYiRg-I<@I<lEQ25A=sX>TyQ5^;Ol#3XpL0cVpAoQad<mXkK
z%2eX_C$g}fv&IJB`8Sz9QUKH4N+tGEEr(@Ml6C%*G*@Md&4-p-c3AUFo;(Oul0Aoe
z#$lPk5Pxm)Tn+OW(}(*3FSoiPPLf(cMUZ;^n#{s#opnBp_L99a>E2hLtx?K-;vUsB
zgl7Git=q#)P_|}zj=<E+Kt!^wh0%~qS0ke_d~2g2dDXwF$%^POma+emNbWj(UFKth
zq!<S`R<XibJ1*dBU301Z+>w2s)c0J%68-$eKIfD2O(||_i;ikfXH_m`ct)Iy^Do(X
zrQ4l{Ztv@#!4$~j@7`)&Mpoc7azy<P9`){G8Md>h{6{W2_bYuj?;b{b9RH&k^v$vL
zU*$x^k$xmWS&NimN8Bd$Z%X1XH8!weO1*q1t)k_R^t}WRO&T}p=ppI3Tl%RvboJ2m
z+>QDc>dBku-b4i~GWOc`tUl{Qz&%)WVQ!&?A;URY(PrdgeinF&?l(*zd2C7D%QL^O
z)<RMwje7cN_#VU~QY?&;-gpdg@W*}EJiXSu_`p4MF5I%L`w#kJ*Yb#y(%)b)eV}kZ
z5f<g7$~ARu-l`s!?TyFW8B-Jm@DSf6F&(^6_~<t8^zC@+iS2d5#lt*P{GR~W1t<E!
zXUDxiWO!(p44>T)u`<_i8)m$tIm591yO)*^(ejV995CG0K0(W;Xu038`{~b5EZ>Ba
z$dl}5h{<QmAAWpx1b28;;#-eyO1CNh)b0oB^W*7^R|bV=8ScgEli;)S#LqU|l_kSx
zAM|DARfa#PJxI&JB=qcKybsfI;5*W@ze)Wd|9d>i5`crLd?GkcKE!B-3$QaG+yaA^
zL~s#qu_l6B;b1~|3fNK-!ENMQu4cGhJ1sp9o(i6Xa0xsaiQs7o4Jbgm_FcO;xC5$+
z62YCYDIwei2WKUMXTafv@Jtv?2zSHLgzzjFI42Q28=xu?JO^$}2+xHZs}sTVlK9Vv
zB=C_*;G>ej^OL|wCxMSi0v`*B?x8L4Nz4dOBX^2se{fKEy#YRs!gm_rXA>Tp-Pqmk
zTv9jB?*(+6{f2SYDj$_G`N_3O<iClIWBmB`9TaZ-&hx`ee#2*Q2B`e(+tTd5{#gpY
z*8qQ>jc@o&$m;}O^Q#Vu{|SY&ug`Bf$-I!mzrhJlPB71JB76tIH^<8;0yoD?0jJEe
zF@DeHsQd>1pG)B8I69w8n0nv>E@8@m?Md*jNdmtk3H-q%@FzH&a&sPgCJFuv1Ya_J
ztp433@*m^0XB+y<#wQ+sL=t#e68PLC@TMg2a1!{%N#K_yf#1w0*7r|I@b~cm;}gJ#
zc(jjsJ^DDwIM5Q2qjFDMTWJfl1|os>U{nr7d~%nsr867~M8W544g1<V!_EFqU#lFB
zM1B6A_2lrP&VU?fEiF%s;cE+qf<AvF;_vkZLUN=R+9Lk0fUmWutE(4$K3$8P=M;yk
zKd?+a)Xs2J6+McIo~Be<&dxZBKj*}JNTA`gIG=C9vg$?iee)O3^Z8JfXxP``54Cm%
zz&G#w#np>y=7P_+aB-t=zL%nU=Pd)DuVK+#MzpYQ$(-ss-;xCjmd|hSHB`^3o9{E9
zyXC8CSme`8+^}da8o0sV+!=^J&o0S9mHLC?;!f2erZybdW;l(>=WFi@hkQ}lACY}N
zP!3qEs#;iAGiR=^vb17~`83VMrvN27+i2LM6Aed&=?{n09|<_j@omIzNvvi#t<UFc
zS?^a5*U|K=EIkvHQ^Vp<ZG+NiZ<p+EhSI1UQOXWh3x(xCX?v)rw7DnP*;*281=1o%
zkCwLfhN8V)N-0N_9(wRtT*DWE(nz4wkBGF^-6=yUk)@Ozv{y=IuQU=SC+U?2I%sHg
zv_`a+LZQTnLc!`tg#(vH!bBW@SFi<2+ru*XN8zT7+#HQUX-l}P3*(}+HPGDC?(;|d
zq4q$OHG`qHu-et!90{ytt<GR5!0JR}3J$lhDjn%xy>K~C(Y+hT?h9C1kl@!n{Z$G8
z$78WDuglx|vRvJx#qTHBH5CAN6)JyrpTWwNyvCQ)(X*Xt6&;(=v-=TN{+S#87iKR2
z#B}nr`xaJK8sz5<Wg`H5tD|T4H>@m&#PYMNmG&`ub|1t_7oXUEO#cw2pTpqx__Bl3
z=(7{hucvaUw`H#Qa^y+oKWd<7_h0ILn8DzN;bEhZJ|n*TtCX0YU0V(GY#+o*`$^=#
zg3_zEx1RX2$~rv%s}1yQf62<3C*gmifu7w*veIj?pV5Erp!Y7!KiGZ5!IH%IHbeO!
z062B@?7rpjDbhbq<!AJ4KR$R8dUicW=Z?{{efv>Lzn_b@o6Rr}2Mzq${qR7UmLG<b
z|B!)RC7^-3^Ca}|8tB=5(2eDZ{olCf{D6+7($o8p8!O`DG@1QAp)AUcensialDr4P
z%CC~Vb@N<BeEv$7KkZy%`WU5uvvhd+>?HJWG%4j>mf`77OG4itp!p?zc=|FfvHc{v
zv|g7!y#1yp;eQLg;q9#$p8xzL^keU%{+~KLeO&I+|6ued`a@BQ_8encg8XmS`@ZhF
q{7L$No*$lnMiTmMPb=l}ldQl07XSbN|Nj910RR7TD0YOH(EtE2LN@LI

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
new file mode 100644
index 000000000..f673240f6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
@@ -0,0 +1,9 @@
+from typing import Any
+from typing import Optional
+
+from . import Markup
+
+def escape(s: Any) -> Markup: ...
+def escape_silent(s: Optional[Any]) -> Markup: ...
+def soft_str(s: Any) -> str: ...
+def soft_unicode(s: Any) -> str: ...
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/py.typed b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..5e826bdf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/METADATA
new file mode 100644
index 000000000..25ed5ab69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/METADATA
@@ -0,0 +1,25 @@
+Metadata-Version: 2.0
+Name: ply
+Version: 3.11
+Summary: Python Lex & Yacc
+Home-page: http://www.dabeaz.com/ply/
+Author: David Beazley
+Author-email: dave@dabeaz.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 2
+
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/RECORD
new file mode 100644
index 000000000..b4f331424
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/RECORD
@@ -0,0 +1,19 @@
+ply-3.11.dist-info/DESCRIPTION.rst,sha256=nnBY1Nj_GhIsOFck7R2yGHobQVosxi2CPQkHgeSZ0Hg,519
+ply-3.11.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+ply-3.11.dist-info/METADATA,sha256=pYZ9p1TsWGQ8Kxp9yEJVyvs25PkR5h3gIDuTOCsvJGg,844
+ply-3.11.dist-info/RECORD,,
+ply-3.11.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+ply-3.11.dist-info/metadata.json,sha256=s7M7va9E25_7TRpzHfNCfN73Ieiy5iKogF0PzXtMxMI,515
+ply-3.11.dist-info/top_level.txt,sha256=gDYBHRQ7Vy0tY0AjXyJtadvU2LDaOsHqhhV70AGsisc,4
+ply/__init__.py,sha256=sx6iBIF__WKIeU0iw2WSoSqBhclHF5EhBTc0wDigTV8,103
+ply/__pycache__/__init__.cpython-311.pyc,,
+ply/__pycache__/cpp.cpython-311.pyc,,
+ply/__pycache__/ctokens.cpython-311.pyc,,
+ply/__pycache__/lex.cpython-311.pyc,,
+ply/__pycache__/yacc.cpython-311.pyc,,
+ply/__pycache__/ygen.cpython-311.pyc,,
+ply/cpp.py,sha256=KTg13R5SKeicwZm7bIPL44KcQBRcHsmeEGOwIBVvLko,33639
+ply/ctokens.py,sha256=GmyWYDY9nl6F1WJQ9rmcQFgh1FnADFlnp_TBjTcEsqU,3155
+ply/lex.py,sha256=babRISnIAfzHo7WqLYF2qGCSaH0btM8d3ztgHaK3SA0,42905
+ply/yacc.py,sha256=EF043rIHrXJYG6jcb15TI2SLwdCoNOQZXCN_1M3-I4k,137736
+ply/ygen.py,sha256=TRnkZgx5BBB43Qspu2J4gVtpeBut8xrTEZoLbNN0b6M,2246
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/metadata.json b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/metadata.json
new file mode 100644
index 000000000..9f472a327
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Programming Language :: Python :: 3", "Programming Language :: Python :: 2"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "dave@dabeaz.com", "name": "David Beazley", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "http://www.dabeaz.com/ply/"}}}, "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "ply", "summary": "Python Lex & Yacc", "version": "3.11"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/top_level.txt
new file mode 100644
index 000000000..90412f068
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply-3.11.dist-info/top_level.txt
@@ -0,0 +1 @@
+ply
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/ply/__init__.py
new file mode 100644
index 000000000..23707c635
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/__init__.py
@@ -0,0 +1,5 @@
+# PLY package
+# Author: David Beazley (dave@dabeaz.com)
+
+__version__ = '3.11'
+__all__ = ['lex','yacc']
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/cpp.py b/lib/go-jinja2/internal/data/linux-amd64/ply/cpp.py
new file mode 100644
index 000000000..2422916c9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/cpp.py
@@ -0,0 +1,914 @@
+# -----------------------------------------------------------------------------
+# cpp.py
+#
+# Author:  David Beazley (http://www.dabeaz.com)
+# Copyright (C) 2007
+# All rights reserved
+#
+# This module implements an ANSI-C style lexical preprocessor for PLY.
+# -----------------------------------------------------------------------------
+from __future__ import generators
+
+import sys
+
+# Some Python 3 compatibility shims
+if sys.version_info.major < 3:
+    STRING_TYPES = (str, unicode)
+else:
+    STRING_TYPES = str
+    xrange = range
+
+# -----------------------------------------------------------------------------
+# Default preprocessor lexer definitions.   These tokens are enough to get
+# a basic preprocessor working.   Other modules may import these if they want
+# -----------------------------------------------------------------------------
+
+tokens = (
+   'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'
+)
+
+literals = "+-*/%|&~^<>=!?()[]{}.,;:\\\'\""
+
+# Whitespace
+def t_CPP_WS(t):
+    r'\s+'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+t_CPP_POUND = r'\#'
+t_CPP_DPOUND = r'\#\#'
+
+# Identifier
+t_CPP_ID = r'[A-Za-z_][\w_]*'
+
+# Integer literal
+def CPP_INTEGER(t):
+    r'(((((0x)|(0X))[0-9a-fA-F]+)|(\d+))([uU][lL]|[lL][uU]|[uU]|[lL])?)'
+    return t
+
+t_CPP_INTEGER = CPP_INTEGER
+
+# Floating literal
+t_CPP_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+def t_CPP_STRING(t):
+    r'\"([^\\\n]|(\\(.|\n)))*?\"'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Character constant 'c' or L'c'
+def t_CPP_CHAR(t):
+    r'(L)?\'([^\\\n]|(\\(.|\n)))*?\''
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Comment
+def t_CPP_COMMENT1(t):
+    r'(/\*(.|\n)*?\*/)'
+    ncr = t.value.count("\n")
+    t.lexer.lineno += ncr
+    # replace with one space or a number of '\n'
+    t.type = 'CPP_WS'; t.value = '\n' * ncr if ncr else ' '
+    return t
+
+# Line comment
+def t_CPP_COMMENT2(t):
+    r'(//.*?(\n|$))'
+    # replace with '/n'
+    t.type = 'CPP_WS'; t.value = '\n'
+    return t
+
+def t_error(t):
+    t.type = t.value[0]
+    t.value = t.value[0]
+    t.lexer.skip(1)
+    return t
+
+import re
+import copy
+import time
+import os.path
+
+# -----------------------------------------------------------------------------
+# trigraph()
+#
+# Given an input string, this function replaces all trigraph sequences.
+# The following mapping is used:
+#
+#     ??=    #
+#     ??/    \
+#     ??'    ^
+#     ??(    [
+#     ??)    ]
+#     ??!    |
+#     ??<    {
+#     ??>    }
+#     ??-    ~
+# -----------------------------------------------------------------------------
+
+_trigraph_pat = re.compile(r'''\?\?[=/\'\(\)\!<>\-]''')
+_trigraph_rep = {
+    '=':'#',
+    '/':'\\',
+    "'":'^',
+    '(':'[',
+    ')':']',
+    '!':'|',
+    '<':'{',
+    '>':'}',
+    '-':'~'
+}
+
+def trigraph(input):
+    return _trigraph_pat.sub(lambda g: _trigraph_rep[g.group()[-1]],input)
+
+# ------------------------------------------------------------------
+# Macro object
+#
+# This object holds information about preprocessor macros
+#
+#    .name      - Macro name (string)
+#    .value     - Macro value (a list of tokens)
+#    .arglist   - List of argument names
+#    .variadic  - Boolean indicating whether or not variadic macro
+#    .vararg    - Name of the variadic parameter
+#
+# When a macro is created, the macro replacement token sequence is
+# pre-scanned and used to create patch lists that are later used
+# during macro expansion
+# ------------------------------------------------------------------
+
+class Macro(object):
+    def __init__(self,name,value,arglist=None,variadic=False):
+        self.name = name
+        self.value = value
+        self.arglist = arglist
+        self.variadic = variadic
+        if variadic:
+            self.vararg = arglist[-1]
+        self.source = None
+
+# ------------------------------------------------------------------
+# Preprocessor object
+#
+# Object representing a preprocessor.  Contains macro definitions,
+# include directories, and other information
+# ------------------------------------------------------------------
+
+class Preprocessor(object):
+    def __init__(self,lexer=None):
+        if lexer is None:
+            lexer = lex.lexer
+        self.lexer = lexer
+        self.macros = { }
+        self.path = []
+        self.temp_path = []
+
+        # Probe the lexer for selected tokens
+        self.lexprobe()
+
+        tm = time.localtime()
+        self.define("__DATE__ \"%s\"" % time.strftime("%b %d %Y",tm))
+        self.define("__TIME__ \"%s\"" % time.strftime("%H:%M:%S",tm))
+        self.parser = None
+
+    # -----------------------------------------------------------------------------
+    # tokenize()
+    #
+    # Utility function. Given a string of text, tokenize into a list of tokens
+    # -----------------------------------------------------------------------------
+
+    def tokenize(self,text):
+        tokens = []
+        self.lexer.input(text)
+        while True:
+            tok = self.lexer.token()
+            if not tok: break
+            tokens.append(tok)
+        return tokens
+
+    # ---------------------------------------------------------------------
+    # error()
+    #
+    # Report a preprocessor error/warning of some kind
+    # ----------------------------------------------------------------------
+
+    def error(self,file,line,msg):
+        print("%s:%d %s" % (file,line,msg))
+
+    # ----------------------------------------------------------------------
+    # lexprobe()
+    #
+    # This method probes the preprocessor lexer object to discover
+    # the token types of symbols that are important to the preprocessor.
+    # If this works right, the preprocessor will simply "work"
+    # with any suitable lexer regardless of how tokens have been named.
+    # ----------------------------------------------------------------------
+
+    def lexprobe(self):
+
+        # Determine the token type for identifiers
+        self.lexer.input("identifier")
+        tok = self.lexer.token()
+        if not tok or tok.value != "identifier":
+            print("Couldn't determine identifier type")
+        else:
+            self.t_ID = tok.type
+
+        # Determine the token type for integers
+        self.lexer.input("12345")
+        tok = self.lexer.token()
+        if not tok or int(tok.value) != 12345:
+            print("Couldn't determine integer type")
+        else:
+            self.t_INTEGER = tok.type
+            self.t_INTEGER_TYPE = type(tok.value)
+
+        # Determine the token type for strings enclosed in double quotes
+        self.lexer.input("\"filename\"")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\"filename\"":
+            print("Couldn't determine string type")
+        else:
+            self.t_STRING = tok.type
+
+        # Determine the token type for whitespace--if any
+        self.lexer.input("  ")
+        tok = self.lexer.token()
+        if not tok or tok.value != "  ":
+            self.t_SPACE = None
+        else:
+            self.t_SPACE = tok.type
+
+        # Determine the token type for newlines
+        self.lexer.input("\n")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\n":
+            self.t_NEWLINE = None
+            print("Couldn't determine token for newlines")
+        else:
+            self.t_NEWLINE = tok.type
+
+        self.t_WS = (self.t_SPACE, self.t_NEWLINE)
+
+        # Check for other characters used by the preprocessor
+        chars = [ '<','>','#','##','\\','(',')',',','.']
+        for c in chars:
+            self.lexer.input(c)
+            tok = self.lexer.token()
+            if not tok or tok.value != c:
+                print("Unable to lex '%s' required for preprocessor" % c)
+
+    # ----------------------------------------------------------------------
+    # add_path()
+    #
+    # Adds a search path to the preprocessor.
+    # ----------------------------------------------------------------------
+
+    def add_path(self,path):
+        self.path.append(path)
+
+    # ----------------------------------------------------------------------
+    # group_lines()
+    #
+    # Given an input string, this function splits it into lines.  Trailing whitespace
+    # is removed.   Any line ending with \ is grouped with the next line.  This
+    # function forms the lowest level of the preprocessor---grouping into text into
+    # a line-by-line format.
+    # ----------------------------------------------------------------------
+
+    def group_lines(self,input):
+        lex = self.lexer.clone()
+        lines = [x.rstrip() for x in input.splitlines()]
+        for i in xrange(len(lines)):
+            j = i+1
+            while lines[i].endswith('\\') and (j < len(lines)):
+                lines[i] = lines[i][:-1]+lines[j]
+                lines[j] = ""
+                j += 1
+
+        input = "\n".join(lines)
+        lex.input(input)
+        lex.lineno = 1
+
+        current_line = []
+        while True:
+            tok = lex.token()
+            if not tok:
+                break
+            current_line.append(tok)
+            if tok.type in self.t_WS and '\n' in tok.value:
+                yield current_line
+                current_line = []
+
+        if current_line:
+            yield current_line
+
+    # ----------------------------------------------------------------------
+    # tokenstrip()
+    #
+    # Remove leading/trailing whitespace tokens from a token list
+    # ----------------------------------------------------------------------
+
+    def tokenstrip(self,tokens):
+        i = 0
+        while i < len(tokens) and tokens[i].type in self.t_WS:
+            i += 1
+        del tokens[:i]
+        i = len(tokens)-1
+        while i >= 0 and tokens[i].type in self.t_WS:
+            i -= 1
+        del tokens[i+1:]
+        return tokens
+
+
+    # ----------------------------------------------------------------------
+    # collect_args()
+    #
+    # Collects comma separated arguments from a list of tokens.   The arguments
+    # must be enclosed in parenthesis.  Returns a tuple (tokencount,args,positions)
+    # where tokencount is the number of tokens consumed, args is a list of arguments,
+    # and positions is a list of integers containing the starting index of each
+    # argument.  Each argument is represented by a list of tokens.
+    #
+    # When collecting arguments, leading and trailing whitespace is removed
+    # from each argument.
+    #
+    # This function properly handles nested parenthesis and commas---these do not
+    # define new arguments.
+    # ----------------------------------------------------------------------
+
+    def collect_args(self,tokenlist):
+        args = []
+        positions = []
+        current_arg = []
+        nesting = 1
+        tokenlen = len(tokenlist)
+
+        # Search for the opening '('.
+        i = 0
+        while (i < tokenlen) and (tokenlist[i].type in self.t_WS):
+            i += 1
+
+        if (i < tokenlen) and (tokenlist[i].value == '('):
+            positions.append(i+1)
+        else:
+            self.error(self.source,tokenlist[0].lineno,"Missing '(' in macro arguments")
+            return 0, [], []
+
+        i += 1
+
+        while i < tokenlen:
+            t = tokenlist[i]
+            if t.value == '(':
+                current_arg.append(t)
+                nesting += 1
+            elif t.value == ')':
+                nesting -= 1
+                if nesting == 0:
+                    if current_arg:
+                        args.append(self.tokenstrip(current_arg))
+                        positions.append(i)
+                    return i+1,args,positions
+                current_arg.append(t)
+            elif t.value == ',' and nesting == 1:
+                args.append(self.tokenstrip(current_arg))
+                positions.append(i+1)
+                current_arg = []
+            else:
+                current_arg.append(t)
+            i += 1
+
+        # Missing end argument
+        self.error(self.source,tokenlist[-1].lineno,"Missing ')' in macro arguments")
+        return 0, [],[]
+
+    # ----------------------------------------------------------------------
+    # macro_prescan()
+    #
+    # Examine the macro value (token sequence) and identify patch points
+    # This is used to speed up macro expansion later on---we'll know
+    # right away where to apply patches to the value to form the expansion
+    # ----------------------------------------------------------------------
+
+    def macro_prescan(self,macro):
+        macro.patch     = []             # Standard macro arguments
+        macro.str_patch = []             # String conversion expansion
+        macro.var_comma_patch = []       # Variadic macro comma patch
+        i = 0
+        while i < len(macro.value):
+            if macro.value[i].type == self.t_ID and macro.value[i].value in macro.arglist:
+                argnum = macro.arglist.index(macro.value[i].value)
+                # Conversion of argument to a string
+                if i > 0 and macro.value[i-1].value == '#':
+                    macro.value[i] = copy.copy(macro.value[i])
+                    macro.value[i].type = self.t_STRING
+                    del macro.value[i-1]
+                    macro.str_patch.append((argnum,i-1))
+                    continue
+                # Concatenation
+                elif (i > 0 and macro.value[i-1].value == '##'):
+                    macro.patch.append(('c',argnum,i-1))
+                    del macro.value[i-1]
+                    i -= 1
+                    continue
+                elif ((i+1) < len(macro.value) and macro.value[i+1].value == '##'):
+                    macro.patch.append(('c',argnum,i))
+                    del macro.value[i + 1]
+                    continue
+                # Standard expansion
+                else:
+                    macro.patch.append(('e',argnum,i))
+            elif macro.value[i].value == '##':
+                if macro.variadic and (i > 0) and (macro.value[i-1].value == ',') and \
+                        ((i+1) < len(macro.value)) and (macro.value[i+1].type == self.t_ID) and \
+                        (macro.value[i+1].value == macro.vararg):
+                    macro.var_comma_patch.append(i-1)
+            i += 1
+        macro.patch.sort(key=lambda x: x[2],reverse=True)
+
+    # ----------------------------------------------------------------------
+    # macro_expand_args()
+    #
+    # Given a Macro and list of arguments (each a token list), this method
+    # returns an expanded version of a macro.  The return value is a token sequence
+    # representing the replacement macro tokens
+    # ----------------------------------------------------------------------
+
+    def macro_expand_args(self,macro,args):
+        # Make a copy of the macro token sequence
+        rep = [copy.copy(_x) for _x in macro.value]
+
+        # Make string expansion patches.  These do not alter the length of the replacement sequence
+
+        str_expansion = {}
+        for argnum, i in macro.str_patch:
+            if argnum not in str_expansion:
+                str_expansion[argnum] = ('"%s"' % "".join([x.value for x in args[argnum]])).replace("\\","\\\\")
+            rep[i] = copy.copy(rep[i])
+            rep[i].value = str_expansion[argnum]
+
+        # Make the variadic macro comma patch.  If the variadic macro argument is empty, we get rid
+        comma_patch = False
+        if macro.variadic and not args[-1]:
+            for i in macro.var_comma_patch:
+                rep[i] = None
+                comma_patch = True
+
+        # Make all other patches.   The order of these matters.  It is assumed that the patch list
+        # has been sorted in reverse order of patch location since replacements will cause the
+        # size of the replacement sequence to expand from the patch point.
+
+        expanded = { }
+        for ptype, argnum, i in macro.patch:
+            # Concatenation.   Argument is left unexpanded
+            if ptype == 'c':
+                rep[i:i+1] = args[argnum]
+            # Normal expansion.  Argument is macro expanded first
+            elif ptype == 'e':
+                if argnum not in expanded:
+                    expanded[argnum] = self.expand_macros(args[argnum])
+                rep[i:i+1] = expanded[argnum]
+
+        # Get rid of removed comma if necessary
+        if comma_patch:
+            rep = [_i for _i in rep if _i]
+
+        return rep
+
+
+    # ----------------------------------------------------------------------
+    # expand_macros()
+    #
+    # Given a list of tokens, this function performs macro expansion.
+    # The expanded argument is a dictionary that contains macros already
+    # expanded.  This is used to prevent infinite recursion.
+    # ----------------------------------------------------------------------
+
+    def expand_macros(self,tokens,expanded=None):
+        if expanded is None:
+            expanded = {}
+        i = 0
+        while i < len(tokens):
+            t = tokens[i]
+            if t.type == self.t_ID:
+                if t.value in self.macros and t.value not in expanded:
+                    # Yes, we found a macro match
+                    expanded[t.value] = True
+
+                    m = self.macros[t.value]
+                    if not m.arglist:
+                        # A simple macro
+                        ex = self.expand_macros([copy.copy(_x) for _x in m.value],expanded)
+                        for e in ex:
+                            e.lineno = t.lineno
+                        tokens[i:i+1] = ex
+                        i += len(ex)
+                    else:
+                        # A macro with arguments
+                        j = i + 1
+                        while j < len(tokens) and tokens[j].type in self.t_WS:
+                            j += 1
+                        if j < len(tokens) and tokens[j].value == '(':
+                            tokcount,args,positions = self.collect_args(tokens[j:])
+                            if not m.variadic and len(args) !=  len(m.arglist):
+                                self.error(self.source,t.lineno,"Macro %s requires %d arguments" % (t.value,len(m.arglist)))
+                                i = j + tokcount
+                            elif m.variadic and len(args) < len(m.arglist)-1:
+                                if len(m.arglist) > 2:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d arguments" % (t.value, len(m.arglist)-1))
+                                else:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d argument" % (t.value, len(m.arglist)-1))
+                                i = j + tokcount
+                            else:
+                                if m.variadic:
+                                    if len(args) == len(m.arglist)-1:
+                                        args.append([])
+                                    else:
+                                        args[len(m.arglist)-1] = tokens[j+positions[len(m.arglist)-1]:j+tokcount-1]
+                                        del args[len(m.arglist):]
+
+                                # Get macro replacement text
+                                rep = self.macro_expand_args(m,args)
+                                rep = self.expand_macros(rep,expanded)
+                                for r in rep:
+                                    r.lineno = t.lineno
+                                tokens[i:j+tokcount] = rep
+                                i += len(rep)
+                        else:
+                            # This is not a macro. It is just a word which
+                            # equals to name of the macro. Hence, go to the
+                            # next token.
+                            i += 1
+
+                    del expanded[t.value]
+                    continue
+                elif t.value == '__LINE__':
+                    t.type = self.t_INTEGER
+                    t.value = self.t_INTEGER_TYPE(t.lineno)
+
+            i += 1
+        return tokens
+
+    # ----------------------------------------------------------------------
+    # evalexpr()
+    #
+    # Evaluate an expression token sequence for the purposes of evaluating
+    # integral expressions.
+    # ----------------------------------------------------------------------
+
+    def evalexpr(self,tokens):
+        # tokens = tokenize(line)
+        # Search for defined macros
+        i = 0
+        while i < len(tokens):
+            if tokens[i].type == self.t_ID and tokens[i].value == 'defined':
+                j = i + 1
+                needparen = False
+                result = "0L"
+                while j < len(tokens):
+                    if tokens[j].type in self.t_WS:
+                        j += 1
+                        continue
+                    elif tokens[j].type == self.t_ID:
+                        if tokens[j].value in self.macros:
+                            result = "1L"
+                        else:
+                            result = "0L"
+                        if not needparen: break
+                    elif tokens[j].value == '(':
+                        needparen = True
+                    elif tokens[j].value == ')':
+                        break
+                    else:
+                        self.error(self.source,tokens[i].lineno,"Malformed defined()")
+                    j += 1
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE(result)
+                del tokens[i+1:j+1]
+            i += 1
+        tokens = self.expand_macros(tokens)
+        for i,t in enumerate(tokens):
+            if t.type == self.t_ID:
+                tokens[i] = copy.copy(t)
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE("0L")
+            elif t.type == self.t_INTEGER:
+                tokens[i] = copy.copy(t)
+                # Strip off any trailing suffixes
+                tokens[i].value = str(tokens[i].value)
+                while tokens[i].value[-1] not in "0123456789abcdefABCDEF":
+                    tokens[i].value = tokens[i].value[:-1]
+
+        expr = "".join([str(x.value) for x in tokens])
+        expr = expr.replace("&&"," and ")
+        expr = expr.replace("||"," or ")
+        expr = expr.replace("!"," not ")
+        try:
+            result = eval(expr)
+        except Exception:
+            self.error(self.source,tokens[0].lineno,"Couldn't evaluate expression")
+            result = 0
+        return result
+
+    # ----------------------------------------------------------------------
+    # parsegen()
+    #
+    # Parse an input string/
+    # ----------------------------------------------------------------------
+    def parsegen(self,input,source=None):
+
+        # Replace trigraph sequences
+        t = trigraph(input)
+        lines = self.group_lines(t)
+
+        if not source:
+            source = ""
+
+        self.define("__FILE__ \"%s\"" % source)
+
+        self.source = source
+        chunk = []
+        enable = True
+        iftrigger = False
+        ifstack = []
+
+        for x in lines:
+            for i,tok in enumerate(x):
+                if tok.type not in self.t_WS: break
+            if tok.value == '#':
+                # Preprocessor directive
+
+                # insert necessary whitespace instead of eaten tokens
+                for tok in x:
+                    if tok.type in self.t_WS and '\n' in tok.value:
+                        chunk.append(tok)
+
+                dirtokens = self.tokenstrip(x[i+1:])
+                if dirtokens:
+                    name = dirtokens[0].value
+                    args = self.tokenstrip(dirtokens[1:])
+                else:
+                    name = ""
+                    args = []
+
+                if name == 'define':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.define(args)
+                elif name == 'include':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        oldfile = self.macros['__FILE__']
+                        for tok in self.include(args):
+                            yield tok
+                        self.macros['__FILE__'] = oldfile
+                        self.source = source
+                elif name == 'undef':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.undef(args)
+                elif name == 'ifdef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if not args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'ifndef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'if':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        result = self.evalexpr(args)
+                        if not result:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'elif':
+                    if ifstack:
+                        if ifstack[-1][0]:     # We only pay attention if outer "if" allows this
+                            if enable:         # If already true, we flip enable False
+                                enable = False
+                            elif not iftrigger:   # If False, but not triggered yet, we'll check expression
+                                result = self.evalexpr(args)
+                                if result:
+                                    enable  = True
+                                    iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #elif")
+
+                elif name == 'else':
+                    if ifstack:
+                        if ifstack[-1][0]:
+                            if enable:
+                                enable = False
+                            elif not iftrigger:
+                                enable = True
+                                iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #else")
+
+                elif name == 'endif':
+                    if ifstack:
+                        enable,iftrigger = ifstack.pop()
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #endif")
+                else:
+                    # Unknown preprocessor directive
+                    pass
+
+            else:
+                # Normal text
+                if enable:
+                    chunk.extend(x)
+
+        for tok in self.expand_macros(chunk):
+            yield tok
+        chunk = []
+
+    # ----------------------------------------------------------------------
+    # include()
+    #
+    # Implementation of file-inclusion
+    # ----------------------------------------------------------------------
+
+    def include(self,tokens):
+        # Try to extract the filename and then process an include file
+        if not tokens:
+            return
+        if tokens:
+            if tokens[0].value != '<' and tokens[0].type != self.t_STRING:
+                tokens = self.expand_macros(tokens)
+
+            if tokens[0].value == '<':
+                # Include <...>
+                i = 1
+                while i < len(tokens):
+                    if tokens[i].value == '>':
+                        break
+                    i += 1
+                else:
+                    print("Malformed #include <...>")
+                    return
+                filename = "".join([x.value for x in tokens[1:i]])
+                path = self.path + [""] + self.temp_path
+            elif tokens[0].type == self.t_STRING:
+                filename = tokens[0].value[1:-1]
+                path = self.temp_path + [""] + self.path
+            else:
+                print("Malformed #include statement")
+                return
+        for p in path:
+            iname = os.path.join(p,filename)
+            try:
+                data = open(iname,"r").read()
+                dname = os.path.dirname(iname)
+                if dname:
+                    self.temp_path.insert(0,dname)
+                for tok in self.parsegen(data,filename):
+                    yield tok
+                if dname:
+                    del self.temp_path[0]
+                break
+            except IOError:
+                pass
+        else:
+            print("Couldn't find '%s'" % filename)
+
+    # ----------------------------------------------------------------------
+    # define()
+    #
+    # Define a new macro
+    # ----------------------------------------------------------------------
+
+    def define(self,tokens):
+        if isinstance(tokens,STRING_TYPES):
+            tokens = self.tokenize(tokens)
+
+        linetok = tokens
+        try:
+            name = linetok[0]
+            if len(linetok) > 1:
+                mtype = linetok[1]
+            else:
+                mtype = None
+            if not mtype:
+                m = Macro(name.value,[])
+                self.macros[name.value] = m
+            elif mtype.type in self.t_WS:
+                # A normal macro
+                m = Macro(name.value,self.tokenstrip(linetok[2:]))
+                self.macros[name.value] = m
+            elif mtype.value == '(':
+                # A macro with arguments
+                tokcount, args, positions = self.collect_args(linetok[1:])
+                variadic = False
+                for a in args:
+                    if variadic:
+                        print("No more arguments may follow a variadic argument")
+                        break
+                    astr = "".join([str(_i.value) for _i in a])
+                    if astr == "...":
+                        variadic = True
+                        a[0].type = self.t_ID
+                        a[0].value = '__VA_ARGS__'
+                        variadic = True
+                        del a[1:]
+                        continue
+                    elif astr[-3:] == "..." and a[0].type == self.t_ID:
+                        variadic = True
+                        del a[1:]
+                        # If, for some reason, "." is part of the identifier, strip off the name for the purposes
+                        # of macro expansion
+                        if a[0].value[-3:] == '...':
+                            a[0].value = a[0].value[:-3]
+                        continue
+                    if len(a) > 1 or a[0].type != self.t_ID:
+                        print("Invalid macro argument")
+                        break
+                else:
+                    mvalue = self.tokenstrip(linetok[1+tokcount:])
+                    i = 0
+                    while i < len(mvalue):
+                        if i+1 < len(mvalue):
+                            if mvalue[i].type in self.t_WS and mvalue[i+1].value == '##':
+                                del mvalue[i]
+                                continue
+                            elif mvalue[i].value == '##' and mvalue[i+1].type in self.t_WS:
+                                del mvalue[i+1]
+                        i += 1
+                    m = Macro(name.value,mvalue,[x[0].value for x in args],variadic)
+                    self.macro_prescan(m)
+                    self.macros[name.value] = m
+            else:
+                print("Bad macro definition")
+        except LookupError:
+            print("Bad macro definition")
+
+    # ----------------------------------------------------------------------
+    # undef()
+    #
+    # Undefine a macro
+    # ----------------------------------------------------------------------
+
+    def undef(self,tokens):
+        id = tokens[0].value
+        try:
+            del self.macros[id]
+        except LookupError:
+            pass
+
+    # ----------------------------------------------------------------------
+    # parse()
+    #
+    # Parse input text.
+    # ----------------------------------------------------------------------
+    def parse(self,input,source=None,ignore={}):
+        self.ignore = ignore
+        self.parser = self.parsegen(input,source)
+
+    # ----------------------------------------------------------------------
+    # token()
+    #
+    # Method to return individual tokens
+    # ----------------------------------------------------------------------
+    def token(self):
+        try:
+            while True:
+                tok = next(self.parser)
+                if tok.type not in self.ignore: return tok
+        except StopIteration:
+            self.parser = None
+            return None
+
+if __name__ == '__main__':
+    import ply.lex as lex
+    lexer = lex.lex()
+
+    # Run a preprocessor
+    import sys
+    f = open(sys.argv[1])
+    input = f.read()
+
+    p = Preprocessor(lexer)
+    p.parse(input,sys.argv[1])
+    while True:
+        tok = p.token()
+        if not tok: break
+        print(p.source, tok)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/ctokens.py b/lib/go-jinja2/internal/data/linux-amd64/ply/ctokens.py
new file mode 100644
index 000000000..b265e59ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/ctokens.py
@@ -0,0 +1,127 @@
+# ----------------------------------------------------------------------
+# ctokens.py
+#
+# Token specifications for symbols in ANSI C and C++.  This file is
+# meant to be used as a library in other tokenizers.
+# ----------------------------------------------------------------------
+
+# Reserved words
+
+tokens = [
+    # Literals (identifier, integer constant, float constant, string constant, char const)
+    'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',
+
+    # Operators (+,-,*,/,%,|,&,~,^,<<,>>, ||, &&, !, <, <=, >, >=, ==, !=)
+    'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',
+    'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',
+    'LOR', 'LAND', 'LNOT',
+    'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',
+
+    # Assignment (=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^=, |=)
+    'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',
+    'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',
+
+    # Increment/decrement (++,--)
+    'INCREMENT', 'DECREMENT',
+
+    # Structure dereference (->)
+    'ARROW',
+
+    # Ternary operator (?)
+    'TERNARY',
+
+    # Delimeters ( ) [ ] { } , . ; :
+    'LPAREN', 'RPAREN',
+    'LBRACKET', 'RBRACKET',
+    'LBRACE', 'RBRACE',
+    'COMMA', 'PERIOD', 'SEMI', 'COLON',
+
+    # Ellipsis (...)
+    'ELLIPSIS',
+]
+
+# Operators
+t_PLUS             = r'\+'
+t_MINUS            = r'-'
+t_TIMES            = r'\*'
+t_DIVIDE           = r'/'
+t_MODULO           = r'%'
+t_OR               = r'\|'
+t_AND              = r'&'
+t_NOT              = r'~'
+t_XOR              = r'\^'
+t_LSHIFT           = r'<<'
+t_RSHIFT           = r'>>'
+t_LOR              = r'\|\|'
+t_LAND             = r'&&'
+t_LNOT             = r'!'
+t_LT               = r'<'
+t_GT               = r'>'
+t_LE               = r'<='
+t_GE               = r'>='
+t_EQ               = r'=='
+t_NE               = r'!='
+
+# Assignment operators
+
+t_EQUALS           = r'='
+t_TIMESEQUAL       = r'\*='
+t_DIVEQUAL         = r'/='
+t_MODEQUAL         = r'%='
+t_PLUSEQUAL        = r'\+='
+t_MINUSEQUAL       = r'-='
+t_LSHIFTEQUAL      = r'<<='
+t_RSHIFTEQUAL      = r'>>='
+t_ANDEQUAL         = r'&='
+t_OREQUAL          = r'\|='
+t_XOREQUAL         = r'\^='
+
+# Increment/decrement
+t_INCREMENT        = r'\+\+'
+t_DECREMENT        = r'--'
+
+# ->
+t_ARROW            = r'->'
+
+# ?
+t_TERNARY          = r'\?'
+
+# Delimeters
+t_LPAREN           = r'\('
+t_RPAREN           = r'\)'
+t_LBRACKET         = r'\['
+t_RBRACKET         = r'\]'
+t_LBRACE           = r'\{'
+t_RBRACE           = r'\}'
+t_COMMA            = r','
+t_PERIOD           = r'\.'
+t_SEMI             = r';'
+t_COLON            = r':'
+t_ELLIPSIS         = r'\.\.\.'
+
+# Identifiers
+t_ID = r'[A-Za-z_][A-Za-z0-9_]*'
+
+# Integer literal
+t_INTEGER = r'\d+([uU]|[lL]|[uU][lL]|[lL][uU])?'
+
+# Floating literal
+t_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+t_STRING = r'\"([^\\\n]|(\\.))*?\"'
+
+# Character constant 'c' or L'c'
+t_CHARACTER = r'(L)?\'([^\\\n]|(\\.))*?\''
+
+# Comment (C-Style)
+def t_COMMENT(t):
+    r'/\*(.|\n)*?\*/'
+    t.lexer.lineno += t.value.count('\n')
+    return t
+
+# Comment (C++-Style)
+def t_CPPCOMMENT(t):
+    r'//.*\n'
+    t.lexer.lineno += 1
+    return t
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/lex.py b/lib/go-jinja2/internal/data/linux-amd64/ply/lex.py
new file mode 100644
index 000000000..f95bcdbf1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/lex.py
@@ -0,0 +1,1098 @@
+# -----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+import re
+import sys
+import types
+import copy
+import os
+import inspect
+
+# This tuple contains known string types
+try:
+    # Python 2.6
+    StringTypes = (types.StringType, types.UnicodeType)
+except AttributeError:
+    # Python 3.0
+    StringTypes = (str, bytes)
+
+# This regular expression is used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+    def __init__(self, message, s):
+        self.args = (message,)
+        self.text = s
+
+
+# Token class.  This class is used to represent the tokens produced.
+class LexToken(object):
+    def __str__(self):
+        return 'LexToken(%s,%r,%d,%d)' % (self.type, self.value, self.lineno, self.lexpos)
+
+    def __repr__(self):
+        return str(self)
+
+
+# This object is a stand-in for a logging object created by the
+# logging module.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def critical(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    info = critical
+    debug = critical
+
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+
+# -----------------------------------------------------------------------------
+#                        === Lexing Engine ===
+#
+# The following Lexer class implements the lexer runtime.   There are only
+# a few public methods and attributes:
+#
+#    input()          -  Store a new string in the lexer
+#    token()          -  Get the next token
+#    clone()          -  Clone the lexer
+#
+#    lineno           -  Current line number
+#    lexpos           -  Current position in the input string
+# -----------------------------------------------------------------------------
+
+class Lexer:
+    def __init__(self):
+        self.lexre = None             # Master regular expression. This is a list of
+                                      # tuples (re, findex) where re is a compiled
+                                      # regular expression and findex is a list
+                                      # mapping regex group numbers to rules
+        self.lexretext = None         # Current regular expression strings
+        self.lexstatere = {}          # Dictionary mapping lexer states to master regexs
+        self.lexstateretext = {}      # Dictionary mapping lexer states to regex strings
+        self.lexstaterenames = {}     # Dictionary mapping lexer states to symbol names
+        self.lexstate = 'INITIAL'     # Current lexer state
+        self.lexstatestack = []       # Stack of lexer states
+        self.lexstateinfo = None      # State information
+        self.lexstateignore = {}      # Dictionary of ignored characters for each state
+        self.lexstateerrorf = {}      # Dictionary of error functions for each state
+        self.lexstateeoff = {}        # Dictionary of eof functions for each state
+        self.lexreflags = 0           # Optional re compile flags
+        self.lexdata = None           # Actual input data (as a string)
+        self.lexpos = 0               # Current position in input text
+        self.lexlen = 0               # Length of the input text
+        self.lexerrorf = None         # Error rule (if any)
+        self.lexeoff = None           # EOF rule (if any)
+        self.lextokens = None         # List of valid tokens
+        self.lexignore = ''           # Ignored characters
+        self.lexliterals = ''         # Literal characters that can be passed through
+        self.lexmodule = None         # Module
+        self.lineno = 1               # Current line number
+        self.lexoptimize = False      # Optimized mode
+
+    def clone(self, object=None):
+        c = copy.copy(self)
+
+        # If the object parameter has been supplied, it means we are attaching the
+        # lexer to a new object.  In this case, we have to rebind all methods in
+        # the lexstatere and lexstateerrorf tables.
+
+        if object:
+            newtab = {}
+            for key, ritem in self.lexstatere.items():
+                newre = []
+                for cre, findex in ritem:
+                    newfindex = []
+                    for f in findex:
+                        if not f or not f[0]:
+                            newfindex.append(f)
+                            continue
+                        newfindex.append((getattr(object, f[0].__name__), f[1]))
+                newre.append((cre, newfindex))
+                newtab[key] = newre
+            c.lexstatere = newtab
+            c.lexstateerrorf = {}
+            for key, ef in self.lexstateerrorf.items():
+                c.lexstateerrorf[key] = getattr(object, ef.__name__)
+            c.lexmodule = object
+        return c
+
+    # ------------------------------------------------------------
+    # writetab() - Write lexer information to a table file
+    # ------------------------------------------------------------
+    def writetab(self, lextab, outputdir=''):
+        if isinstance(lextab, types.ModuleType):
+            raise IOError("Won't overwrite existing lextab module")
+        basetabmodule = lextab.split('.')[-1]
+        filename = os.path.join(outputdir, basetabmodule) + '.py'
+        with open(filename, 'w') as tf:
+            tf.write('# %s.py. This file automatically created by PLY (version %s). Don\'t edit!\n' % (basetabmodule, __version__))
+            tf.write('_tabversion   = %s\n' % repr(__tabversion__))
+            tf.write('_lextokens    = set(%s)\n' % repr(tuple(sorted(self.lextokens))))
+            tf.write('_lexreflags   = %s\n' % repr(int(self.lexreflags)))
+            tf.write('_lexliterals  = %s\n' % repr(self.lexliterals))
+            tf.write('_lexstateinfo = %s\n' % repr(self.lexstateinfo))
+
+            # Rewrite the lexstatere table, replacing function objects with function names
+            tabre = {}
+            for statename, lre in self.lexstatere.items():
+                titem = []
+                for (pat, func), retext, renames in zip(lre, self.lexstateretext[statename], self.lexstaterenames[statename]):
+                    titem.append((retext, _funcs_to_names(func, renames)))
+                tabre[statename] = titem
+
+            tf.write('_lexstatere   = %s\n' % repr(tabre))
+            tf.write('_lexstateignore = %s\n' % repr(self.lexstateignore))
+
+            taberr = {}
+            for statename, ef in self.lexstateerrorf.items():
+                taberr[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateerrorf = %s\n' % repr(taberr))
+
+            tabeof = {}
+            for statename, ef in self.lexstateeoff.items():
+                tabeof[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateeoff = %s\n' % repr(tabeof))
+
+    # ------------------------------------------------------------
+    # readtab() - Read lexer information from a tab file
+    # ------------------------------------------------------------
+    def readtab(self, tabfile, fdict):
+        if isinstance(tabfile, types.ModuleType):
+            lextab = tabfile
+        else:
+            exec('import %s' % tabfile)
+            lextab = sys.modules[tabfile]
+
+        if getattr(lextab, '_tabversion', '0.0') != __tabversion__:
+            raise ImportError('Inconsistent PLY version')
+
+        self.lextokens      = lextab._lextokens
+        self.lexreflags     = lextab._lexreflags
+        self.lexliterals    = lextab._lexliterals
+        self.lextokens_all  = self.lextokens | set(self.lexliterals)
+        self.lexstateinfo   = lextab._lexstateinfo
+        self.lexstateignore = lextab._lexstateignore
+        self.lexstatere     = {}
+        self.lexstateretext = {}
+        for statename, lre in lextab._lexstatere.items():
+            titem = []
+            txtitem = []
+            for pat, func_name in lre:
+                titem.append((re.compile(pat, lextab._lexreflags), _names_to_funcs(func_name, fdict)))
+
+            self.lexstatere[statename] = titem
+            self.lexstateretext[statename] = txtitem
+
+        self.lexstateerrorf = {}
+        for statename, ef in lextab._lexstateerrorf.items():
+            self.lexstateerrorf[statename] = fdict[ef]
+
+        self.lexstateeoff = {}
+        for statename, ef in lextab._lexstateeoff.items():
+            self.lexstateeoff[statename] = fdict[ef]
+
+        self.begin('INITIAL')
+
+    # ------------------------------------------------------------
+    # input() - Push a new string into the lexer
+    # ------------------------------------------------------------
+    def input(self, s):
+        # Pull off the first character to see if s looks like a string
+        c = s[:1]
+        if not isinstance(c, StringTypes):
+            raise ValueError('Expected a string')
+        self.lexdata = s
+        self.lexpos = 0
+        self.lexlen = len(s)
+
+    # ------------------------------------------------------------
+    # begin() - Changes the lexing state
+    # ------------------------------------------------------------
+    def begin(self, state):
+        if state not in self.lexstatere:
+            raise ValueError('Undefined state')
+        self.lexre = self.lexstatere[state]
+        self.lexretext = self.lexstateretext[state]
+        self.lexignore = self.lexstateignore.get(state, '')
+        self.lexerrorf = self.lexstateerrorf.get(state, None)
+        self.lexeoff = self.lexstateeoff.get(state, None)
+        self.lexstate = state
+
+    # ------------------------------------------------------------
+    # push_state() - Changes the lexing state and saves old on stack
+    # ------------------------------------------------------------
+    def push_state(self, state):
+        self.lexstatestack.append(self.lexstate)
+        self.begin(state)
+
+    # ------------------------------------------------------------
+    # pop_state() - Restores the previous state
+    # ------------------------------------------------------------
+    def pop_state(self):
+        self.begin(self.lexstatestack.pop())
+
+    # ------------------------------------------------------------
+    # current_state() - Returns the current lexing state
+    # ------------------------------------------------------------
+    def current_state(self):
+        return self.lexstate
+
+    # ------------------------------------------------------------
+    # skip() - Skip ahead n characters
+    # ------------------------------------------------------------
+    def skip(self, n):
+        self.lexpos += n
+
+    # ------------------------------------------------------------
+    # opttoken() - Return the next token from the Lexer
+    #
+    # Note: This function has been carefully implemented to be as fast
+    # as possible.  Don't make changes unless you really know what
+    # you are doing
+    # ------------------------------------------------------------
+    def token(self):
+        # Make local copies of frequently referenced attributes
+        lexpos    = self.lexpos
+        lexlen    = self.lexlen
+        lexignore = self.lexignore
+        lexdata   = self.lexdata
+
+        while lexpos < lexlen:
+            # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+            if lexdata[lexpos] in lexignore:
+                lexpos += 1
+                continue
+
+            # Look for a regular expression match
+            for lexre, lexindexfunc in self.lexre:
+                m = lexre.match(lexdata, lexpos)
+                if not m:
+                    continue
+
+                # Create a token for return
+                tok = LexToken()
+                tok.value = m.group()
+                tok.lineno = self.lineno
+                tok.lexpos = lexpos
+
+                i = m.lastindex
+                func, tok.type = lexindexfunc[i]
+
+                if not func:
+                    # If no token type was set, it's an ignored token
+                    if tok.type:
+                        self.lexpos = m.end()
+                        return tok
+                    else:
+                        lexpos = m.end()
+                        break
+
+                lexpos = m.end()
+
+                # If token is processed by a function, call it
+
+                tok.lexer = self      # Set additional attributes useful in token rules
+                self.lexmatch = m
+                self.lexpos = lexpos
+
+                newtok = func(tok)
+
+                # Every function must return a token, if nothing, we just move to next token
+                if not newtok:
+                    lexpos    = self.lexpos         # This is here in case user has updated lexpos.
+                    lexignore = self.lexignore      # This is here in case there was a state change
+                    break
+
+                # Verify type of the token.  If not in the token map, raise an error
+                if not self.lexoptimize:
+                    if newtok.type not in self.lextokens_all:
+                        raise LexError("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+                            func.__code__.co_filename, func.__code__.co_firstlineno,
+                            func.__name__, newtok.type), lexdata[lexpos:])
+
+                return newtok
+            else:
+                # No match, see if in literals
+                if lexdata[lexpos] in self.lexliterals:
+                    tok = LexToken()
+                    tok.value = lexdata[lexpos]
+                    tok.lineno = self.lineno
+                    tok.type = tok.value
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos + 1
+                    return tok
+
+                # No match. Call t_error() if defined.
+                if self.lexerrorf:
+                    tok = LexToken()
+                    tok.value = self.lexdata[lexpos:]
+                    tok.lineno = self.lineno
+                    tok.type = 'error'
+                    tok.lexer = self
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos
+                    newtok = self.lexerrorf(tok)
+                    if lexpos == self.lexpos:
+                        # Error method didn't change text position at all. This is an error.
+                        raise LexError("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+                    lexpos = self.lexpos
+                    if not newtok:
+                        continue
+                    return newtok
+
+                self.lexpos = lexpos
+                raise LexError("Illegal character '%s' at index %d" % (lexdata[lexpos], lexpos), lexdata[lexpos:])
+
+        if self.lexeoff:
+            tok = LexToken()
+            tok.type = 'eof'
+            tok.value = ''
+            tok.lineno = self.lineno
+            tok.lexpos = lexpos
+            tok.lexer = self
+            self.lexpos = lexpos
+            newtok = self.lexeoff(tok)
+            return newtok
+
+        self.lexpos = lexpos + 1
+        if self.lexdata is None:
+            raise RuntimeError('No input string given with input()')
+        return None
+
+    # Iterator interface
+    def __iter__(self):
+        return self
+
+    def next(self):
+        t = self.token()
+        if t is None:
+            raise StopIteration
+        return t
+
+    __next__ = next
+
+# -----------------------------------------------------------------------------
+#                           ==== Lex Builder ===
+#
+# The functions and classes below are used to collect lexing information
+# and build a Lexer object from it.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _get_regex(func)
+#
+# Returns the regular expression assigned to a function either as a doc string
+# or as a .regex attribute attached by the @TOKEN decorator.
+# -----------------------------------------------------------------------------
+def _get_regex(func):
+    return getattr(func, 'regex', func.__doc__)
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+def _funcs_to_names(funclist, namelist):
+    result = []
+    for f, name in zip(funclist, namelist):
+        if f and f[0]:
+            result.append((name, f[1]))
+        else:
+            result.append(f)
+    return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+def _names_to_funcs(namelist, fdict):
+    result = []
+    for n in namelist:
+        if n and n[0]:
+            result.append((fdict[n[0]], n[1]))
+        else:
+            result.append(n)
+    return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression.  Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+def _form_master_re(relist, reflags, ldict, toknames):
+    if not relist:
+        return []
+    regex = '|'.join(relist)
+    try:
+        lexre = re.compile(regex, reflags)
+
+        # Build the index to function map for the matching engine
+        lexindexfunc = [None] * (max(lexre.groupindex.values()) + 1)
+        lexindexnames = lexindexfunc[:]
+
+        for f, i in lexre.groupindex.items():
+            handle = ldict.get(f, None)
+            if type(handle) in (types.FunctionType, types.MethodType):
+                lexindexfunc[i] = (handle, toknames[f])
+                lexindexnames[i] = f
+            elif handle is not None:
+                lexindexnames[i] = f
+                if f.find('ignore_') > 0:
+                    lexindexfunc[i] = (None, None)
+                else:
+                    lexindexfunc[i] = (None, toknames[f])
+
+        return [(lexre, lexindexfunc)], [regex], [lexindexnames]
+    except Exception:
+        m = int(len(relist)/2)
+        if m == 0:
+            m = 1
+        llist, lre, lnames = _form_master_re(relist[:m], reflags, ldict, toknames)
+        rlist, rre, rnames = _form_master_re(relist[m:], reflags, ldict, toknames)
+        return (llist+rlist), (lre+rre), (lnames+rnames)
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token.  For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+def _statetoken(s, names):
+    parts = s.split('_')
+    for i, part in enumerate(parts[1:], 1):
+        if part not in names and part != 'ANY':
+            break
+
+    if i > 1:
+        states = tuple(parts[1:i])
+    else:
+        states = ('INITIAL',)
+
+    if 'ANY' in states:
+        states = tuple(names)
+
+    tokenname = '_'.join(parts[i:])
+    return (states, tokenname)
+
+
+# -----------------------------------------------------------------------------
+# LexerReflect()
+#
+# This class represents information needed to build a lexer as extracted from a
+# user's input file.
+# -----------------------------------------------------------------------------
+class LexerReflect(object):
+    def __init__(self, ldict, log=None, reflags=0):
+        self.ldict      = ldict
+        self.error_func = None
+        self.tokens     = []
+        self.reflags    = reflags
+        self.stateinfo  = {'INITIAL': 'inclusive'}
+        self.modules    = set()
+        self.error      = False
+        self.log        = PlyLogger(sys.stderr) if log is None else log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_tokens()
+        self.get_literals()
+        self.get_states()
+        self.get_rules()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_tokens()
+        self.validate_literals()
+        self.validate_rules()
+        return self.error
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.ldict.get('tokens', None)
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = tokens
+
+    # Validate the tokens
+    def validate_tokens(self):
+        terminals = {}
+        for n in self.tokens:
+            if not _is_identifier.match(n):
+                self.log.error("Bad token name '%s'", n)
+                self.error = True
+            if n in terminals:
+                self.log.warning("Token '%s' multiply defined", n)
+            terminals[n] = 1
+
+    # Get the literals specifier
+    def get_literals(self):
+        self.literals = self.ldict.get('literals', '')
+        if not self.literals:
+            self.literals = ''
+
+    # Validate literals
+    def validate_literals(self):
+        try:
+            for c in self.literals:
+                if not isinstance(c, StringTypes) or len(c) > 1:
+                    self.log.error('Invalid literal %s. Must be a single character', repr(c))
+                    self.error = True
+
+        except TypeError:
+            self.log.error('Invalid literals specification. literals must be a sequence of characters')
+            self.error = True
+
+    def get_states(self):
+        self.states = self.ldict.get('states', None)
+        # Build statemap
+        if self.states:
+            if not isinstance(self.states, (tuple, list)):
+                self.log.error('states must be defined as a tuple or list')
+                self.error = True
+            else:
+                for s in self.states:
+                    if not isinstance(s, tuple) or len(s) != 2:
+                        self.log.error("Invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')", repr(s))
+                        self.error = True
+                        continue
+                    name, statetype = s
+                    if not isinstance(name, StringTypes):
+                        self.log.error('State name %s must be a string', repr(name))
+                        self.error = True
+                        continue
+                    if not (statetype == 'inclusive' or statetype == 'exclusive'):
+                        self.log.error("State type for state %s must be 'inclusive' or 'exclusive'", name)
+                        self.error = True
+                        continue
+                    if name in self.stateinfo:
+                        self.log.error("State '%s' already defined", name)
+                        self.error = True
+                        continue
+                    self.stateinfo[name] = statetype
+
+    # Get all of the symbols with a t_ prefix and sort them into various
+    # categories (functions, strings, error functions, and ignore characters)
+
+    def get_rules(self):
+        tsymbols = [f for f in self.ldict if f[:2] == 't_']
+
+        # Now build up a list of functions and a list of strings
+        self.toknames = {}        # Mapping of symbols to token names
+        self.funcsym  = {}        # Symbols defined as functions
+        self.strsym   = {}        # Symbols defined as strings
+        self.ignore   = {}        # Ignore strings by state
+        self.errorf   = {}        # Error functions by state
+        self.eoff     = {}        # EOF functions by state
+
+        for s in self.stateinfo:
+            self.funcsym[s] = []
+            self.strsym[s] = []
+
+        if len(tsymbols) == 0:
+            self.log.error('No rules of the form t_rulename are defined')
+            self.error = True
+            return
+
+        for f in tsymbols:
+            t = self.ldict[f]
+            states, tokname = _statetoken(f, self.stateinfo)
+            self.toknames[f] = tokname
+
+            if hasattr(t, '__call__'):
+                if tokname == 'error':
+                    for s in states:
+                        self.errorf[s] = t
+                elif tokname == 'eof':
+                    for s in states:
+                        self.eoff[s] = t
+                elif tokname == 'ignore':
+                    line = t.__code__.co_firstlineno
+                    file = t.__code__.co_filename
+                    self.log.error("%s:%d: Rule '%s' must be defined as a string", file, line, t.__name__)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.funcsym[s].append((f, t))
+            elif isinstance(t, StringTypes):
+                if tokname == 'ignore':
+                    for s in states:
+                        self.ignore[s] = t
+                    if '\\' in t:
+                        self.log.warning("%s contains a literal backslash '\\'", f)
+
+                elif tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", f)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.strsym[s].append((f, t))
+            else:
+                self.log.error('%s not defined as a function or string', f)
+                self.error = True
+
+        # Sort the functions by line number
+        for f in self.funcsym.values():
+            f.sort(key=lambda x: x[1].__code__.co_firstlineno)
+
+        # Sort the strings by regular expression length
+        for s in self.strsym.values():
+            s.sort(key=lambda x: len(x[1]), reverse=True)
+
+    # Validate all of the t_rules collected
+    def validate_rules(self):
+        for state in self.stateinfo:
+            # Validate all rules defined by functions
+
+            for fname, f in self.funcsym[state]:
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                tokname = self.toknames[fname]
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if not _get_regex(f):
+                    self.log.error("%s:%d: No regular expression defined for rule '%s'", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (fname, _get_regex(f)), self.reflags)
+                    if c.match(''):
+                        self.log.error("%s:%d: Regular expression for rule '%s' matches empty string", file, line, f.__name__)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("%s:%d: Invalid regular expression for rule '%s'. %s", file, line, f.__name__, e)
+                    if '#' in _get_regex(f):
+                        self.log.error("%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'", file, line, f.__name__)
+                    self.error = True
+
+            # Validate all rules defined by strings
+            for name, r in self.strsym[state]:
+                tokname = self.toknames[name]
+                if tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", name)
+                    self.error = True
+                    continue
+
+                if tokname not in self.tokens and tokname.find('ignore_') < 0:
+                    self.log.error("Rule '%s' defined for an unspecified token %s", name, tokname)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (name, r), self.reflags)
+                    if (c.match('')):
+                        self.log.error("Regular expression for rule '%s' matches empty string", name)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("Invalid regular expression for rule '%s'. %s", name, e)
+                    if '#' in r:
+                        self.log.error("Make sure '#' in rule '%s' is escaped with '\\#'", name)
+                    self.error = True
+
+            if not self.funcsym[state] and not self.strsym[state]:
+                self.log.error("No rules defined for state '%s'", state)
+                self.error = True
+
+            # Validate the error function
+            efunc = self.errorf.get(state, None)
+            if efunc:
+                f = efunc
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+
+        for module in self.modules:
+            self.validate_module(module)
+
+    # -----------------------------------------------------------------------------
+    # validate_module()
+    #
+    # This checks to see if there are duplicated t_rulename() functions or strings
+    # in the parser input file.  This is done using a simple regular expression
+    # match on each line in the source code of the given module.
+    # -----------------------------------------------------------------------------
+
+    def validate_module(self, module):
+        try:
+            lines, linen = inspect.getsourcelines(module)
+        except IOError:
+            return
+
+        fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+        sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+
+        counthash = {}
+        linen += 1
+        for line in lines:
+            m = fre.match(line)
+            if not m:
+                m = sre.match(line)
+            if m:
+                name = m.group(1)
+                prev = counthash.get(name)
+                if not prev:
+                    counthash[name] = linen
+                else:
+                    filename = inspect.getsourcefile(module)
+                    self.log.error('%s:%d: Rule %s redefined. Previously defined on line %d', filename, linen, name, prev)
+                    self.error = True
+            linen += 1
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None, object=None, debug=False, optimize=False, lextab='lextab',
+        reflags=int(re.VERBOSE), nowarn=False, outputdir=None, debuglog=None, errorlog=None):
+
+    if lextab is None:
+        lextab = 'lextab'
+
+    global lexer
+
+    ldict = None
+    stateinfo  = {'INITIAL': 'inclusive'}
+    lexobj = Lexer()
+    lexobj.lexoptimize = optimize
+    global token, input
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    if debug:
+        if debuglog is None:
+            debuglog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the lexer
+    if object:
+        module = object
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        ldict = dict(_items)
+        # If no __file__ attribute is available, try to obtain it from the __module__ instead
+        if '__file__' not in ldict:
+            ldict['__file__'] = sys.modules[ldict['__module__']].__file__
+    else:
+        ldict = get_caller_module_dict(2)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = ldict.get('__package__')
+    if pkg and isinstance(lextab, str):
+        if '.' not in lextab:
+            lextab = pkg + '.' + lextab
+
+    # Collect parser information from the dictionary
+    linfo = LexerReflect(ldict, log=errorlog, reflags=reflags)
+    linfo.get_all()
+    if not optimize:
+        if linfo.validate_all():
+            raise SyntaxError("Can't build lexer")
+
+    if optimize and lextab:
+        try:
+            lexobj.readtab(lextab, ldict)
+            token = lexobj.token
+            input = lexobj.input
+            lexer = lexobj
+            return lexobj
+
+        except ImportError:
+            pass
+
+    # Dump some basic debugging information
+    if debug:
+        debuglog.info('lex: tokens   = %r', linfo.tokens)
+        debuglog.info('lex: literals = %r', linfo.literals)
+        debuglog.info('lex: states   = %r', linfo.stateinfo)
+
+    # Build a dictionary of valid token names
+    lexobj.lextokens = set()
+    for n in linfo.tokens:
+        lexobj.lextokens.add(n)
+
+    # Get literals specification
+    if isinstance(linfo.literals, (list, tuple)):
+        lexobj.lexliterals = type(linfo.literals[0])().join(linfo.literals)
+    else:
+        lexobj.lexliterals = linfo.literals
+
+    lexobj.lextokens_all = lexobj.lextokens | set(lexobj.lexliterals)
+
+    # Get the stateinfo dictionary
+    stateinfo = linfo.stateinfo
+
+    regexs = {}
+    # Build the master regular expressions
+    for state in stateinfo:
+        regex_list = []
+
+        # Add rules defined by functions first
+        for fname, f in linfo.funcsym[state]:
+            regex_list.append('(?P<%s>%s)' % (fname, _get_regex(f)))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", fname, _get_regex(f), state)
+
+        # Now add all of the simple rules
+        for name, r in linfo.strsym[state]:
+            regex_list.append('(?P<%s>%s)' % (name, r))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", name, r, state)
+
+        regexs[state] = regex_list
+
+    # Build the master regular expressions
+
+    if debug:
+        debuglog.info('lex: ==== MASTER REGEXS FOLLOW ====')
+
+    for state in regexs:
+        lexre, re_text, re_names = _form_master_re(regexs[state], reflags, ldict, linfo.toknames)
+        lexobj.lexstatere[state] = lexre
+        lexobj.lexstateretext[state] = re_text
+        lexobj.lexstaterenames[state] = re_names
+        if debug:
+            for i, text in enumerate(re_text):
+                debuglog.info("lex: state '%s' : regex[%d] = '%s'", state, i, text)
+
+    # For inclusive states, we need to add the regular expressions from the INITIAL state
+    for state, stype in stateinfo.items():
+        if state != 'INITIAL' and stype == 'inclusive':
+            lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+            lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+            lexobj.lexstaterenames[state].extend(lexobj.lexstaterenames['INITIAL'])
+
+    lexobj.lexstateinfo = stateinfo
+    lexobj.lexre = lexobj.lexstatere['INITIAL']
+    lexobj.lexretext = lexobj.lexstateretext['INITIAL']
+    lexobj.lexreflags = reflags
+
+    # Set up ignore variables
+    lexobj.lexstateignore = linfo.ignore
+    lexobj.lexignore = lexobj.lexstateignore.get('INITIAL', '')
+
+    # Set up error functions
+    lexobj.lexstateerrorf = linfo.errorf
+    lexobj.lexerrorf = linfo.errorf.get('INITIAL', None)
+    if not lexobj.lexerrorf:
+        errorlog.warning('No t_error rule is defined')
+
+    # Set up eof functions
+    lexobj.lexstateeoff = linfo.eoff
+    lexobj.lexeoff = linfo.eoff.get('INITIAL', None)
+
+    # Check state information for ignore and error rules
+    for s, stype in stateinfo.items():
+        if stype == 'exclusive':
+            if s not in linfo.errorf:
+                errorlog.warning("No error rule is defined for exclusive state '%s'", s)
+            if s not in linfo.ignore and lexobj.lexignore:
+                errorlog.warning("No ignore rule is defined for exclusive state '%s'", s)
+        elif stype == 'inclusive':
+            if s not in linfo.errorf:
+                linfo.errorf[s] = linfo.errorf.get('INITIAL', None)
+            if s not in linfo.ignore:
+                linfo.ignore[s] = linfo.ignore.get('INITIAL', '')
+
+    # Create global versions of the token() and input() functions
+    token = lexobj.token
+    input = lexobj.input
+    lexer = lexobj
+
+    # If in optimize mode, we write the lextab
+    if lextab and optimize:
+        if outputdir is None:
+            # If no output directory is set, the location of the output files
+            # is determined according to the following rules:
+            #     - If lextab specifies a package, files go into that package directory
+            #     - Otherwise, files go in the same directory as the specifying module
+            if isinstance(lextab, types.ModuleType):
+                srcfile = lextab.__file__
+            else:
+                if '.' not in lextab:
+                    srcfile = ldict['__file__']
+                else:
+                    parts = lextab.split('.')
+                    pkgname = '.'.join(parts[:-1])
+                    exec('import %s' % pkgname)
+                    srcfile = getattr(sys.modules[pkgname], '__file__', '')
+            outputdir = os.path.dirname(srcfile)
+        try:
+            lexobj.writetab(lextab, outputdir)
+            if lextab in sys.modules:
+                del sys.modules[lextab]
+        except IOError as e:
+            errorlog.warning("Couldn't write lextab module %r. %s" % (lextab, e))
+
+    return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None, data=None):
+    if not data:
+        try:
+            filename = sys.argv[1]
+            f = open(filename)
+            data = f.read()
+            f.close()
+        except IndexError:
+            sys.stdout.write('Reading from standard input (type EOF to end):\n')
+            data = sys.stdin.read()
+
+    if lexer:
+        _input = lexer.input
+    else:
+        _input = input
+    _input(data)
+    if lexer:
+        _token = lexer.token
+    else:
+        _token = token
+
+    while True:
+        tok = _token()
+        if not tok:
+            break
+        sys.stdout.write('(%s,%r,%d,%d)\n' % (tok.type, tok.value, tok.lineno, tok.lexpos))
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+    def set_regex(f):
+        if hasattr(r, '__call__'):
+            f.regex = _get_regex(r)
+        else:
+            f.regex = r
+        return f
+    return set_regex
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/yacc.py b/lib/go-jinja2/internal/data/linux-amd64/ply/yacc.py
new file mode 100644
index 000000000..88188a1e8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/yacc.py
@@ -0,0 +1,3502 @@
+# -----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammar is specified by supplying the BNF inside
+# Python documentation strings.  The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system.  PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist).  However, most of the variables used during table
+# construction are defined in terms of global variables.  Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing.  LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book).  LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style."   Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+import re
+import types
+import sys
+import os.path
+import inspect
+import warnings
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+#-----------------------------------------------------------------------------
+#                     === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug   = True             # Debugging mode.  If set, yacc generates a
+                               # a 'parser.out' file in the current directory
+
+debug_file  = 'parser.out'     # Default name of the debugging file
+tab_module  = 'parsetab'       # Default name of the table module
+default_lr  = 'LALR'           # Default LR table generation method
+
+error_count = 3                # Number of symbols that must be shifted to leave recovery mode
+
+yaccdevel   = False            # Set to True if developing yacc.  This turns off optimized
+                               # implementations of certain functions.
+
+resultlimit = 40               # Size limit of results when running in debug mode.
+
+pickle_protocol = 0            # Protocol to use when writing pickle files
+
+# String type-checking compatibility
+if sys.version_info[0] < 3:
+    string_types = basestring
+else:
+    string_types = str
+
+MAXINT = sys.maxsize
+
+# This object is a stand-in for a logging object created by the
+# logging module.   PLY will use this by default to create things
+# such as the parser.out file.  If a user wants more detailed
+# information, they can create their own logging object and pass
+# it into PLY.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def debug(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    info = debug
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    critical = debug
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+# Exception raised for yacc-related errors
+class YaccError(Exception):
+    pass
+
+# Format the result message that the parser produces when running in debug mode.
+def format_result(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) > resultlimit:
+        repr_str = repr_str[:resultlimit] + ' ...'
+    result = '<%s @ 0x%x> (%s)' % (type(r).__name__, id(r), repr_str)
+    return result
+
+# Format stack entries when the parser is running in debug mode
+def format_stack_entry(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) < 16:
+        return repr_str
+    else:
+        return '<%s @ 0x%x>' % (type(r).__name__, id(r))
+
+# Panic mode error recovery support.   This feature is being reworked--much of the
+# code here is to offer a deprecation/backwards compatible transition
+
+_errok = None
+_token = None
+_restart = None
+_warnmsg = '''PLY: Don't use global functions errok(), token(), and restart() in p_error().
+Instead, invoke the methods on the associated parser instance:
+
+    def p_error(p):
+        ...
+        # Use parser.errok(), parser.token(), parser.restart()
+        ...
+
+    parser = yacc.yacc()
+'''
+
+def errok():
+    warnings.warn(_warnmsg)
+    return _errok()
+
+def restart():
+    warnings.warn(_warnmsg)
+    return _restart()
+
+def token():
+    warnings.warn(_warnmsg)
+    return _token()
+
+# Utility function to call the p_error() function with some deprecation hacks
+def call_errorfunc(errorfunc, token, parser):
+    global _errok, _token, _restart
+    _errok = parser.errok
+    _token = parser.token
+    _restart = parser.restart
+    r = errorfunc(token)
+    try:
+        del _errok, _token, _restart
+    except NameError:
+        pass
+    return r
+
+#-----------------------------------------------------------------------------
+#                        ===  LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself.  These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+#        .type       = Grammar symbol type
+#        .value      = Symbol value
+#        .lineno     = Starting line number
+#        .endlineno  = Ending line number (optional, set automatically)
+#        .lexpos     = Starting lex position
+#        .endlexpos  = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+    def __str__(self):
+        return self.type
+
+    def __repr__(self):
+        return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule.   Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined).   The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol.  The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+    def __init__(self, s, stack=None):
+        self.slice = s
+        self.stack = stack
+        self.lexer = None
+        self.parser = None
+
+    def __getitem__(self, n):
+        if isinstance(n, slice):
+            return [s.value for s in self.slice[n]]
+        elif n >= 0:
+            return self.slice[n].value
+        else:
+            return self.stack[n].value
+
+    def __setitem__(self, n, v):
+        self.slice[n].value = v
+
+    def __getslice__(self, i, j):
+        return [s.value for s in self.slice[i:j]]
+
+    def __len__(self):
+        return len(self.slice)
+
+    def lineno(self, n):
+        return getattr(self.slice[n], 'lineno', 0)
+
+    def set_lineno(self, n, lineno):
+        self.slice[n].lineno = lineno
+
+    def linespan(self, n):
+        startline = getattr(self.slice[n], 'lineno', 0)
+        endline = getattr(self.slice[n], 'endlineno', startline)
+        return startline, endline
+
+    def lexpos(self, n):
+        return getattr(self.slice[n], 'lexpos', 0)
+
+    def set_lexpos(self, n, lexpos):
+        self.slice[n].lexpos = lexpos
+
+    def lexspan(self, n):
+        startpos = getattr(self.slice[n], 'lexpos', 0)
+        endpos = getattr(self.slice[n], 'endlexpos', startpos)
+        return startpos, endpos
+
+    def error(self):
+        raise SyntaxError
+
+# -----------------------------------------------------------------------------
+#                               == LRParser ==
+#
+# The LR Parsing engine.
+# -----------------------------------------------------------------------------
+
+class LRParser:
+    def __init__(self, lrtab, errorf):
+        self.productions = lrtab.lr_productions
+        self.action = lrtab.lr_action
+        self.goto = lrtab.lr_goto
+        self.errorfunc = errorf
+        self.set_defaulted_states()
+        self.errorok = True
+
+    def errok(self):
+        self.errorok = True
+
+    def restart(self):
+        del self.statestack[:]
+        del self.symstack[:]
+        sym = YaccSymbol()
+        sym.type = '$end'
+        self.symstack.append(sym)
+        self.statestack.append(0)
+
+    # Defaulted state support.
+    # This method identifies parser states where there is only one possible reduction action.
+    # For such states, the parser can make a choose to make a rule reduction without consuming
+    # the next look-ahead token.  This delayed invocation of the tokenizer can be useful in
+    # certain kinds of advanced parsing situations where the lexer and parser interact with
+    # each other or change states (i.e., manipulation of scope, lexer states, etc.).
+    #
+    # See:  http://www.gnu.org/software/bison/manual/html_node/Default-Reductions.html#Default-Reductions
+    def set_defaulted_states(self):
+        self.defaulted_states = {}
+        for state, actions in self.action.items():
+            rules = list(actions.values())
+            if len(rules) == 1 and rules[0] < 0:
+                self.defaulted_states[state] = rules[0]
+
+    def disable_defaulted_states(self):
+        self.defaulted_states = {}
+
+    def parse(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        if debug or yaccdevel:
+            if isinstance(debug, int):
+                debug = PlyLogger(sys.stderr)
+            return self.parsedebug(input, lexer, debug, tracking, tokenfunc)
+        elif tracking:
+            return self.parseopt(input, lexer, debug, tracking, tokenfunc)
+        else:
+            return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
+
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parsedebug().
+    #
+    # This is the debugging enabled version of parse().  All changes made to the
+    # parsing engine should be made here.   Optimized versions of this function
+    # are automatically created by the ply/ygen.py script.  This script cuts out
+    # sections enclosed in markers such as this:
+    #
+    #      #--! DEBUG
+    #      statements
+    #      #--! DEBUG
+    #
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parsedebug(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parsedebug-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+        #--! DEBUG
+        debug.info('PLY: PARSE DEBUG START')
+        #--! DEBUG
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+            #--! DEBUG
+            debug.debug('')
+            debug.debug('State  : %s', state)
+            #--! DEBUG
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+                #--! DEBUG
+                debug.debug('Defaulted state %s: Reduce using %d', state, -t)
+                #--! DEBUG
+
+            #--! DEBUG
+            debug.debug('Stack  : %s',
+                        ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+            #--! DEBUG
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+                    #--! DEBUG
+                    debug.debug('Action : Shift and goto state %s', t)
+                    #--! DEBUG
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+                    #--! DEBUG
+                    if plen:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str,
+                                   '['+','.join([format_stack_entry(_v.value) for _v in symstack[-plen:]])+']',
+                                   goto[statestack[-1-plen]][pname])
+                    else:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str, [],
+                                   goto[statestack[-1]][pname])
+
+                    #--! DEBUG
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    #--! DEBUG
+                    debug.info('Done   : Returning %s', format_result(result))
+                    debug.info('PLY: PARSE DEBUG END')
+                    #--! DEBUG
+                    return result
+
+            if t is None:
+
+                #--! DEBUG
+                debug.error('Error  : %s',
+                            ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+                #--! DEBUG
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parsedebug-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt().
+    #
+    # Optimized version of parse() method.  DO NOT EDIT THIS CODE DIRECTLY!
+    # This code is automatically generated by the ply/ygen.py script. Make
+    # changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt_notrack().
+    #
+    # Optimized version of parseopt() with line number tracking removed.
+    # DO NOT EDIT THIS CODE DIRECTLY. This code is automatically generated
+    # by the ply/ygen.py script. Make changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt_notrack(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-notrack-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-notrack-end
+
+# -----------------------------------------------------------------------------
+#                          === Grammar Representation ===
+#
+# The following functions, classes, and variables are used to represent and
+# manipulate the rules that make up a grammar.
+# -----------------------------------------------------------------------------
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# A grammar rule refers to a specification such as this:
+#
+#       expr : expr PLUS term
+#
+# Here are the basic attributes defined on all productions
+#
+#       name     - Name of the production.  For example 'expr'
+#       prod     - A list of symbols on the right side ['expr','PLUS','term']
+#       prec     - Production precedence level
+#       number   - Production number.
+#       func     - Function that executes on reduce
+#       file     - File where production function is defined
+#       lineno   - Line number where production function is defined
+#
+# The following attributes are defined or optional.
+#
+#       len       - Length of the production (number of symbols on right hand side)
+#       usyms     - Set of unique symbols found in the production
+# -----------------------------------------------------------------------------
+
+class Production(object):
+    reduced = 0
+    def __init__(self, number, name, prod, precedence=('right', 0), func=None, file='', line=0):
+        self.name     = name
+        self.prod     = tuple(prod)
+        self.number   = number
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.prec     = precedence
+
+        # Internal settings used during table construction
+
+        self.len  = len(self.prod)   # Length of the production
+
+        # Create a list of unique production symbols used in the production
+        self.usyms = []
+        for s in self.prod:
+            if s not in self.usyms:
+                self.usyms.append(s)
+
+        # List of all LR items for the production
+        self.lr_items = []
+        self.lr_next = None
+
+        # Create a string representation
+        if self.prod:
+            self.str = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            self.str = '%s -> <empty>' % self.name
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'Production(' + str(self) + ')'
+
+    def __len__(self):
+        return len(self.prod)
+
+    def __nonzero__(self):
+        return 1
+
+    def __getitem__(self, index):
+        return self.prod[index]
+
+    # Return the nth lr_item from the production (or None if at the end)
+    def lr_item(self, n):
+        if n > len(self.prod):
+            return None
+        p = LRItem(self, n)
+        # Precompute the list of productions immediately following.
+        try:
+            p.lr_after = self.Prodnames[p.prod[n+1]]
+        except (IndexError, KeyError):
+            p.lr_after = []
+        try:
+            p.lr_before = p.prod[n-1]
+        except IndexError:
+            p.lr_before = None
+        return p
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+# This class serves as a minimal standin for Production objects when
+# reading table data from files.   It only contains information
+# actually used by the LR parsing engine, plus some additional
+# debugging information.
+class MiniProduction(object):
+    def __init__(self, str, name, len, func, file, line):
+        self.name     = name
+        self.len      = len
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.str      = str
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'MiniProduction(%s)' % self.str
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+
+# -----------------------------------------------------------------------------
+# class LRItem
+#
+# This class represents a specific stage of parsing a production rule.  For
+# example:
+#
+#       expr : expr . PLUS term
+#
+# In the above, the "." represents the current location of the parse.  Here
+# basic attributes:
+#
+#       name       - Name of the production.  For example 'expr'
+#       prod       - A list of symbols on the right side ['expr','.', 'PLUS','term']
+#       number     - Production number.
+#
+#       lr_next      Next LR item. Example, if we are ' expr -> expr . PLUS term'
+#                    then lr_next refers to 'expr -> expr PLUS . term'
+#       lr_index   - LR item index (location of the ".") in the prod list.
+#       lookaheads - LALR lookahead symbols for this item
+#       len        - Length of the production (number of symbols on right hand side)
+#       lr_after    - List of all productions that immediately follow
+#       lr_before   - Grammar symbol immediately before
+# -----------------------------------------------------------------------------
+
+class LRItem(object):
+    def __init__(self, p, n):
+        self.name       = p.name
+        self.prod       = list(p.prod)
+        self.number     = p.number
+        self.lr_index   = n
+        self.lookaheads = {}
+        self.prod.insert(n, '.')
+        self.prod       = tuple(self.prod)
+        self.len        = len(self.prod)
+        self.usyms      = p.usyms
+
+    def __str__(self):
+        if self.prod:
+            s = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            s = '%s -> <empty>' % self.name
+        return s
+
+    def __repr__(self):
+        return 'LRItem(' + str(self) + ')'
+
+# -----------------------------------------------------------------------------
+# rightmost_terminal()
+#
+# Return the rightmost terminal from a list of symbols.  Used in add_production()
+# -----------------------------------------------------------------------------
+def rightmost_terminal(symbols, terminals):
+    i = len(symbols) - 1
+    while i >= 0:
+        if symbols[i] in terminals:
+            return symbols[i]
+        i -= 1
+    return None
+
+# -----------------------------------------------------------------------------
+#                           === GRAMMAR CLASS ===
+#
+# The following class represents the contents of the specified grammar along
+# with various computed properties such as first sets, follow sets, LR items, etc.
+# This data is used for critical parts of the table generation process later.
+# -----------------------------------------------------------------------------
+
+class GrammarError(YaccError):
+    pass
+
+class Grammar(object):
+    def __init__(self, terminals):
+        self.Productions  = [None]  # A list of all of the productions.  The first
+                                    # entry is always reserved for the purpose of
+                                    # building an augmented grammar
+
+        self.Prodnames    = {}      # A dictionary mapping the names of nonterminals to a list of all
+                                    # productions of that nonterminal.
+
+        self.Prodmap      = {}      # A dictionary that is only used to detect duplicate
+                                    # productions.
+
+        self.Terminals    = {}      # A dictionary mapping the names of terminal symbols to a
+                                    # list of the rules where they are used.
+
+        for term in terminals:
+            self.Terminals[term] = []
+
+        self.Terminals['error'] = []
+
+        self.Nonterminals = {}      # A dictionary mapping names of nonterminals to a list
+                                    # of rule numbers where they are used.
+
+        self.First        = {}      # A dictionary of precomputed FIRST(x) symbols
+
+        self.Follow       = {}      # A dictionary of precomputed FOLLOW(x) symbols
+
+        self.Precedence   = {}      # Precedence rules for each terminal. Contains tuples of the
+                                    # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+        self.UsedPrecedence = set() # Precedence rules that were actually used by the grammer.
+                                    # This is only used to provide error checking and to generate
+                                    # a warning about unused precedence rules.
+
+        self.Start = None           # Starting symbol for the grammar
+
+
+    def __len__(self):
+        return len(self.Productions)
+
+    def __getitem__(self, index):
+        return self.Productions[index]
+
+    # -----------------------------------------------------------------------------
+    # set_precedence()
+    #
+    # Sets the precedence for a given terminal. assoc is the associativity such as
+    # 'left','right', or 'nonassoc'.  level is a numeric level.
+    #
+    # -----------------------------------------------------------------------------
+
+    def set_precedence(self, term, assoc, level):
+        assert self.Productions == [None], 'Must call set_precedence() before add_production()'
+        if term in self.Precedence:
+            raise GrammarError('Precedence already specified for terminal %r' % term)
+        if assoc not in ['left', 'right', 'nonassoc']:
+            raise GrammarError("Associativity must be one of 'left','right', or 'nonassoc'")
+        self.Precedence[term] = (assoc, level)
+
+    # -----------------------------------------------------------------------------
+    # add_production()
+    #
+    # Given an action function, this function assembles a production rule and
+    # computes its precedence level.
+    #
+    # The production rule is supplied as a list of symbols.   For example,
+    # a rule such as 'expr : expr PLUS term' has a production name of 'expr' and
+    # symbols ['expr','PLUS','term'].
+    #
+    # Precedence is determined by the precedence of the right-most non-terminal
+    # or the precedence of a terminal specified by %prec.
+    #
+    # A variety of error checks are performed to make sure production symbols
+    # are valid and that %prec is used correctly.
+    # -----------------------------------------------------------------------------
+
+    def add_production(self, prodname, syms, func=None, file='', line=0):
+
+        if prodname in self.Terminals:
+            raise GrammarError('%s:%d: Illegal rule name %r. Already defined as a token' % (file, line, prodname))
+        if prodname == 'error':
+            raise GrammarError('%s:%d: Illegal rule name %r. error is a reserved word' % (file, line, prodname))
+        if not _is_identifier.match(prodname):
+            raise GrammarError('%s:%d: Illegal rule name %r' % (file, line, prodname))
+
+        # Look for literal tokens
+        for n, s in enumerate(syms):
+            if s[0] in "'\"":
+                try:
+                    c = eval(s)
+                    if (len(c) > 1):
+                        raise GrammarError('%s:%d: Literal token %s in rule %r may only be a single character' %
+                                           (file, line, s, prodname))
+                    if c not in self.Terminals:
+                        self.Terminals[c] = []
+                    syms[n] = c
+                    continue
+                except SyntaxError:
+                    pass
+            if not _is_identifier.match(s) and s != '%prec':
+                raise GrammarError('%s:%d: Illegal name %r in rule %r' % (file, line, s, prodname))
+
+        # Determine the precedence level
+        if '%prec' in syms:
+            if syms[-1] == '%prec':
+                raise GrammarError('%s:%d: Syntax error. Nothing follows %%prec' % (file, line))
+            if syms[-2] != '%prec':
+                raise GrammarError('%s:%d: Syntax error. %%prec can only appear at the end of a grammar rule' %
+                                   (file, line))
+            precname = syms[-1]
+            prodprec = self.Precedence.get(precname)
+            if not prodprec:
+                raise GrammarError('%s:%d: Nothing known about the precedence of %r' % (file, line, precname))
+            else:
+                self.UsedPrecedence.add(precname)
+            del syms[-2:]     # Drop %prec from the rule
+        else:
+            # If no %prec, precedence is determined by the rightmost terminal symbol
+            precname = rightmost_terminal(syms, self.Terminals)
+            prodprec = self.Precedence.get(precname, ('right', 0))
+
+        # See if the rule is already in the rulemap
+        map = '%s -> %s' % (prodname, syms)
+        if map in self.Prodmap:
+            m = self.Prodmap[map]
+            raise GrammarError('%s:%d: Duplicate rule %s. ' % (file, line, m) +
+                               'Previous definition at %s:%d' % (m.file, m.line))
+
+        # From this point on, everything is valid.  Create a new Production instance
+        pnumber  = len(self.Productions)
+        if prodname not in self.Nonterminals:
+            self.Nonterminals[prodname] = []
+
+        # Add the production number to Terminals and Nonterminals
+        for t in syms:
+            if t in self.Terminals:
+                self.Terminals[t].append(pnumber)
+            else:
+                if t not in self.Nonterminals:
+                    self.Nonterminals[t] = []
+                self.Nonterminals[t].append(pnumber)
+
+        # Create a production and add it to the list of productions
+        p = Production(pnumber, prodname, syms, prodprec, func, file, line)
+        self.Productions.append(p)
+        self.Prodmap[map] = p
+
+        # Add to the global productions list
+        try:
+            self.Prodnames[prodname].append(p)
+        except KeyError:
+            self.Prodnames[prodname] = [p]
+
+    # -----------------------------------------------------------------------------
+    # set_start()
+    #
+    # Sets the starting symbol and creates the augmented grammar.  Production
+    # rule 0 is S' -> start where start is the start symbol.
+    # -----------------------------------------------------------------------------
+
+    def set_start(self, start=None):
+        if not start:
+            start = self.Productions[1].name
+        if start not in self.Nonterminals:
+            raise GrammarError('start symbol %s undefined' % start)
+        self.Productions[0] = Production(0, "S'", [start])
+        self.Nonterminals[start].append(0)
+        self.Start = start
+
+    # -----------------------------------------------------------------------------
+    # find_unreachable()
+    #
+    # Find all of the nonterminal symbols that can't be reached from the starting
+    # symbol.  Returns a list of nonterminals that can't be reached.
+    # -----------------------------------------------------------------------------
+
+    def find_unreachable(self):
+
+        # Mark all symbols that are reachable from a symbol s
+        def mark_reachable_from(s):
+            if s in reachable:
+                return
+            reachable.add(s)
+            for p in self.Prodnames.get(s, []):
+                for r in p.prod:
+                    mark_reachable_from(r)
+
+        reachable = set()
+        mark_reachable_from(self.Productions[0].prod[0])
+        return [s for s in self.Nonterminals if s not in reachable]
+
+    # -----------------------------------------------------------------------------
+    # infinite_cycles()
+    #
+    # This function looks at the various parsing rules and tries to detect
+    # infinite recursion cycles (grammar rules where there is no possible way
+    # to derive a string of only terminals).
+    # -----------------------------------------------------------------------------
+
+    def infinite_cycles(self):
+        terminates = {}
+
+        # Terminals:
+        for t in self.Terminals:
+            terminates[t] = True
+
+        terminates['$end'] = True
+
+        # Nonterminals:
+
+        # Initialize to false:
+        for n in self.Nonterminals:
+            terminates[n] = False
+
+        # Then propagate termination until no change:
+        while True:
+            some_change = False
+            for (n, pl) in self.Prodnames.items():
+                # Nonterminal n terminates iff any of its productions terminates.
+                for p in pl:
+                    # Production p terminates iff all of its rhs symbols terminate.
+                    for s in p.prod:
+                        if not terminates[s]:
+                            # The symbol s does not terminate,
+                            # so production p does not terminate.
+                            p_terminates = False
+                            break
+                    else:
+                        # didn't break from the loop,
+                        # so every symbol s terminates
+                        # so production p terminates.
+                        p_terminates = True
+
+                    if p_terminates:
+                        # symbol n terminates!
+                        if not terminates[n]:
+                            terminates[n] = True
+                            some_change = True
+                        # Don't need to consider any more productions for this n.
+                        break
+
+            if not some_change:
+                break
+
+        infinite = []
+        for (s, term) in terminates.items():
+            if not term:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    # s is used-but-not-defined, and we've already warned of that,
+                    # so it would be overkill to say that it's also non-terminating.
+                    pass
+                else:
+                    infinite.append(s)
+
+        return infinite
+
+    # -----------------------------------------------------------------------------
+    # undefined_symbols()
+    #
+    # Find all symbols that were used the grammar, but not defined as tokens or
+    # grammar rules.  Returns a list of tuples (sym, prod) where sym in the symbol
+    # and prod is the production where the symbol was used.
+    # -----------------------------------------------------------------------------
+    def undefined_symbols(self):
+        result = []
+        for p in self.Productions:
+            if not p:
+                continue
+
+            for s in p.prod:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    result.append((s, p))
+        return result
+
+    # -----------------------------------------------------------------------------
+    # unused_terminals()
+    #
+    # Find all terminals that were defined, but not used by the grammar.  Returns
+    # a list of all symbols.
+    # -----------------------------------------------------------------------------
+    def unused_terminals(self):
+        unused_tok = []
+        for s, v in self.Terminals.items():
+            if s != 'error' and not v:
+                unused_tok.append(s)
+
+        return unused_tok
+
+    # ------------------------------------------------------------------------------
+    # unused_rules()
+    #
+    # Find all grammar rules that were defined,  but not used (maybe not reachable)
+    # Returns a list of productions.
+    # ------------------------------------------------------------------------------
+
+    def unused_rules(self):
+        unused_prod = []
+        for s, v in self.Nonterminals.items():
+            if not v:
+                p = self.Prodnames[s][0]
+                unused_prod.append(p)
+        return unused_prod
+
+    # -----------------------------------------------------------------------------
+    # unused_precedence()
+    #
+    # Returns a list of tuples (term,precedence) corresponding to precedence
+    # rules that were never used by the grammar.  term is the name of the terminal
+    # on which precedence was applied and precedence is a string such as 'left' or
+    # 'right' corresponding to the type of precedence.
+    # -----------------------------------------------------------------------------
+
+    def unused_precedence(self):
+        unused = []
+        for termname in self.Precedence:
+            if not (termname in self.Terminals or termname in self.UsedPrecedence):
+                unused.append((termname, self.Precedence[termname][0]))
+
+        return unused
+
+    # -------------------------------------------------------------------------
+    # _first()
+    #
+    # Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+    #
+    # During execution of compute_first1, the result may be incomplete.
+    # Afterward (e.g., when called from compute_follow()), it will be complete.
+    # -------------------------------------------------------------------------
+    def _first(self, beta):
+
+        # We are computing First(x1,x2,x3,...,xn)
+        result = []
+        for x in beta:
+            x_produces_empty = False
+
+            # Add all the non-<empty> symbols of First[x] to the result.
+            for f in self.First[x]:
+                if f == '<empty>':
+                    x_produces_empty = True
+                else:
+                    if f not in result:
+                        result.append(f)
+
+            if x_produces_empty:
+                # We have to consider the next x in beta,
+                # i.e. stay in the loop.
+                pass
+            else:
+                # We don't have to consider any further symbols in beta.
+                break
+        else:
+            # There was no 'break' from the loop,
+            # so x_produces_empty was true for all x in beta,
+            # so beta produces empty as well.
+            result.append('<empty>')
+
+        return result
+
+    # -------------------------------------------------------------------------
+    # compute_first()
+    #
+    # Compute the value of FIRST1(X) for all symbols
+    # -------------------------------------------------------------------------
+    def compute_first(self):
+        if self.First:
+            return self.First
+
+        # Terminals:
+        for t in self.Terminals:
+            self.First[t] = [t]
+
+        self.First['$end'] = ['$end']
+
+        # Nonterminals:
+
+        # Initialize to the empty set:
+        for n in self.Nonterminals:
+            self.First[n] = []
+
+        # Then propagate symbols until no change:
+        while True:
+            some_change = False
+            for n in self.Nonterminals:
+                for p in self.Prodnames[n]:
+                    for f in self._first(p.prod):
+                        if f not in self.First[n]:
+                            self.First[n].append(f)
+                            some_change = True
+            if not some_change:
+                break
+
+        return self.First
+
+    # ---------------------------------------------------------------------
+    # compute_follow()
+    #
+    # Computes all of the follow sets for every non-terminal symbol.  The
+    # follow set is the set of all symbols that might follow a given
+    # non-terminal.  See the Dragon book, 2nd Ed. p. 189.
+    # ---------------------------------------------------------------------
+    def compute_follow(self, start=None):
+        # If already computed, return the result
+        if self.Follow:
+            return self.Follow
+
+        # If first sets not computed yet, do that first.
+        if not self.First:
+            self.compute_first()
+
+        # Add '$end' to the follow list of the start symbol
+        for k in self.Nonterminals:
+            self.Follow[k] = []
+
+        if not start:
+            start = self.Productions[1].name
+
+        self.Follow[start] = ['$end']
+
+        while True:
+            didadd = False
+            for p in self.Productions[1:]:
+                # Here is the production set
+                for i, B in enumerate(p.prod):
+                    if B in self.Nonterminals:
+                        # Okay. We got a non-terminal in a production
+                        fst = self._first(p.prod[i+1:])
+                        hasempty = False
+                        for f in fst:
+                            if f != '<empty>' and f not in self.Follow[B]:
+                                self.Follow[B].append(f)
+                                didadd = True
+                            if f == '<empty>':
+                                hasempty = True
+                        if hasempty or i == (len(p.prod)-1):
+                            # Add elements of follow(a) to follow(b)
+                            for f in self.Follow[p.name]:
+                                if f not in self.Follow[B]:
+                                    self.Follow[B].append(f)
+                                    didadd = True
+            if not didadd:
+                break
+        return self.Follow
+
+
+    # -----------------------------------------------------------------------------
+    # build_lritems()
+    #
+    # This function walks the list of productions and builds a complete set of the
+    # LR items.  The LR items are stored in two ways:  First, they are uniquely
+    # numbered and placed in the list _lritems.  Second, a linked list of LR items
+    # is built for each production.  For example:
+    #
+    #   E -> E PLUS E
+    #
+    # Creates the list
+    #
+    #  [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+    # -----------------------------------------------------------------------------
+
+    def build_lritems(self):
+        for p in self.Productions:
+            lastlri = p
+            i = 0
+            lr_items = []
+            while True:
+                if i > len(p):
+                    lri = None
+                else:
+                    lri = LRItem(p, i)
+                    # Precompute the list of productions immediately following
+                    try:
+                        lri.lr_after = self.Prodnames[lri.prod[i+1]]
+                    except (IndexError, KeyError):
+                        lri.lr_after = []
+                    try:
+                        lri.lr_before = lri.prod[i-1]
+                    except IndexError:
+                        lri.lr_before = None
+
+                lastlri.lr_next = lri
+                if not lri:
+                    break
+                lr_items.append(lri)
+                lastlri = lri
+                i += 1
+            p.lr_items = lr_items
+
+# -----------------------------------------------------------------------------
+#                            == Class LRTable ==
+#
+# This basic class represents a basic table of LR parsing information.
+# Methods for generating the tables are not defined here.  They are defined
+# in the derived class LRGeneratedTable.
+# -----------------------------------------------------------------------------
+
+class VersionError(YaccError):
+    pass
+
+class LRTable(object):
+    def __init__(self):
+        self.lr_action = None
+        self.lr_goto = None
+        self.lr_productions = None
+        self.lr_method = None
+
+    def read_table(self, module):
+        if isinstance(module, types.ModuleType):
+            parsetab = module
+        else:
+            exec('import %s' % module)
+            parsetab = sys.modules[module]
+
+        if parsetab._tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+
+        self.lr_action = parsetab._lr_action
+        self.lr_goto = parsetab._lr_goto
+
+        self.lr_productions = []
+        for p in parsetab._lr_productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        self.lr_method = parsetab._lr_method
+        return parsetab._lr_signature
+
+    def read_pickle(self, filename):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+
+        if not os.path.exists(filename):
+          raise ImportError
+
+        in_f = open(filename, 'rb')
+
+        tabversion = pickle.load(in_f)
+        if tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+        self.lr_method = pickle.load(in_f)
+        signature      = pickle.load(in_f)
+        self.lr_action = pickle.load(in_f)
+        self.lr_goto   = pickle.load(in_f)
+        productions    = pickle.load(in_f)
+
+        self.lr_productions = []
+        for p in productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        in_f.close()
+        return signature
+
+    # Bind all production function names to callable objects in pdict
+    def bind_callables(self, pdict):
+        for p in self.lr_productions:
+            p.bind(pdict)
+
+
+# -----------------------------------------------------------------------------
+#                           === LR Generator ===
+#
+# The following classes and functions are used to generate LR parsing tables on
+# a grammar.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+#     F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs:  X    - An input set
+#          R    - A relation
+#          FP   - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X, R, FP):
+    N = {}
+    for x in X:
+        N[x] = 0
+    stack = []
+    F = {}
+    for x in X:
+        if N[x] == 0:
+            traverse(x, N, stack, F, X, R, FP)
+    return F
+
+def traverse(x, N, stack, F, X, R, FP):
+    stack.append(x)
+    d = len(stack)
+    N[x] = d
+    F[x] = FP(x)             # F(X) <- F'(x)
+
+    rel = R(x)               # Get y's related to x
+    for y in rel:
+        if N[y] == 0:
+            traverse(y, N, stack, F, X, R, FP)
+        N[x] = min(N[x], N[y])
+        for a in F.get(y, []):
+            if a not in F[x]:
+                F[x].append(a)
+    if N[x] == d:
+        N[stack[-1]] = MAXINT
+        F[stack[-1]] = F[x]
+        element = stack.pop()
+        while element != x:
+            N[stack[-1]] = MAXINT
+            F[stack[-1]] = F[x]
+            element = stack.pop()
+
+class LALRError(YaccError):
+    pass
+
+# -----------------------------------------------------------------------------
+#                             == LRGeneratedTable ==
+#
+# This class implements the LR table generation algorithm.  There are no
+# public methods except for write()
+# -----------------------------------------------------------------------------
+
+class LRGeneratedTable(LRTable):
+    def __init__(self, grammar, method='LALR', log=None):
+        if method not in ['SLR', 'LALR']:
+            raise LALRError('Unsupported method %s' % method)
+
+        self.grammar = grammar
+        self.lr_method = method
+
+        # Set up the logger
+        if not log:
+            log = NullLogger()
+        self.log = log
+
+        # Internal attributes
+        self.lr_action     = {}        # Action table
+        self.lr_goto       = {}        # Goto table
+        self.lr_productions  = grammar.Productions    # Copy of grammar Production array
+        self.lr_goto_cache = {}        # Cache of computed gotos
+        self.lr0_cidhash   = {}        # Cache of closures
+
+        self._add_count    = 0         # Internal counter used to detect cycles
+
+        # Diagonistic information filled in by the table generator
+        self.sr_conflict   = 0
+        self.rr_conflict   = 0
+        self.conflicts     = []        # List of conflicts
+
+        self.sr_conflicts  = []
+        self.rr_conflicts  = []
+
+        # Build the tables
+        self.grammar.build_lritems()
+        self.grammar.compute_first()
+        self.grammar.compute_follow()
+        self.lr_parse_table()
+
+    # Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+
+    def lr0_closure(self, I):
+        self._add_count += 1
+
+        # Add everything in I to J
+        J = I[:]
+        didadd = True
+        while didadd:
+            didadd = False
+            for j in J:
+                for x in j.lr_after:
+                    if getattr(x, 'lr0_added', 0) == self._add_count:
+                        continue
+                    # Add B --> .G to J
+                    J.append(x.lr_next)
+                    x.lr0_added = self._add_count
+                    didadd = True
+
+        return J
+
+    # Compute the LR(0) goto function goto(I,X) where I is a set
+    # of LR(0) items and X is a grammar symbol.   This function is written
+    # in a way that guarantees uniqueness of the generated goto sets
+    # (i.e. the same goto set will never be returned as two different Python
+    # objects).  With uniqueness, we can later do fast set comparisons using
+    # id(obj) instead of element-wise comparison.
+
+    def lr0_goto(self, I, x):
+        # First we look for a previously cached entry
+        g = self.lr_goto_cache.get((id(I), x))
+        if g:
+            return g
+
+        # Now we generate the goto set in a way that guarantees uniqueness
+        # of the result
+
+        s = self.lr_goto_cache.get(x)
+        if not s:
+            s = {}
+            self.lr_goto_cache[x] = s
+
+        gs = []
+        for p in I:
+            n = p.lr_next
+            if n and n.lr_before == x:
+                s1 = s.get(id(n))
+                if not s1:
+                    s1 = {}
+                    s[id(n)] = s1
+                gs.append(n)
+                s = s1
+        g = s.get('$end')
+        if not g:
+            if gs:
+                g = self.lr0_closure(gs)
+                s['$end'] = g
+            else:
+                s['$end'] = gs
+        self.lr_goto_cache[(id(I), x)] = g
+        return g
+
+    # Compute the LR(0) sets of item function
+    def lr0_items(self):
+        C = [self.lr0_closure([self.grammar.Productions[0].lr_next])]
+        i = 0
+        for I in C:
+            self.lr0_cidhash[id(I)] = i
+            i += 1
+
+        # Loop over the items in C and each grammar symbols
+        i = 0
+        while i < len(C):
+            I = C[i]
+            i += 1
+
+            # Collect all of the symbols that could possibly be in the goto(I,X) sets
+            asyms = {}
+            for ii in I:
+                for s in ii.usyms:
+                    asyms[s] = None
+
+            for x in asyms:
+                g = self.lr0_goto(I, x)
+                if not g or id(g) in self.lr0_cidhash:
+                    continue
+                self.lr0_cidhash[id(g)] = len(C)
+                C.append(g)
+
+        return C
+
+    # -----------------------------------------------------------------------------
+    #                       ==== LALR(1) Parsing ====
+    #
+    # LALR(1) parsing is almost exactly the same as SLR except that instead of
+    # relying upon Follow() sets when performing reductions, a more selective
+    # lookahead set that incorporates the state of the LR(0) machine is utilized.
+    # Thus, we mainly just have to focus on calculating the lookahead sets.
+    #
+    # The method used here is due to DeRemer and Pennelo (1982).
+    #
+    # DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+    #     Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+    #     Vol. 4, No. 4, Oct. 1982, pp. 615-649
+    #
+    # Further details can also be found in:
+    #
+    #  J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+    #      McGraw-Hill Book Company, (1985).
+    #
+    # -----------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------
+    # compute_nullable_nonterminals()
+    #
+    # Creates a dictionary containing all of the non-terminals that might produce
+    # an empty production.
+    # -----------------------------------------------------------------------------
+
+    def compute_nullable_nonterminals(self):
+        nullable = set()
+        num_nullable = 0
+        while True:
+            for p in self.grammar.Productions[1:]:
+                if p.len == 0:
+                    nullable.add(p.name)
+                    continue
+                for t in p.prod:
+                    if t not in nullable:
+                        break
+                else:
+                    nullable.add(p.name)
+            if len(nullable) == num_nullable:
+                break
+            num_nullable = len(nullable)
+        return nullable
+
+    # -----------------------------------------------------------------------------
+    # find_nonterminal_trans(C)
+    #
+    # Given a set of LR(0) items, this functions finds all of the non-terminal
+    # transitions.    These are transitions in which a dot appears immediately before
+    # a non-terminal.   Returns a list of tuples of the form (state,N) where state
+    # is the state number and N is the nonterminal symbol.
+    #
+    # The input C is the set of LR(0) items.
+    # -----------------------------------------------------------------------------
+
+    def find_nonterminal_transitions(self, C):
+        trans = []
+        for stateno, state in enumerate(C):
+            for p in state:
+                if p.lr_index < p.len - 1:
+                    t = (stateno, p.prod[p.lr_index+1])
+                    if t[1] in self.grammar.Nonterminals:
+                        if t not in trans:
+                            trans.append(t)
+        return trans
+
+    # -----------------------------------------------------------------------------
+    # dr_relation()
+    #
+    # Computes the DR(p,A) relationships for non-terminal transitions.  The input
+    # is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+    #
+    # Returns a list of terminals.
+    # -----------------------------------------------------------------------------
+
+    def dr_relation(self, C, trans, nullable):
+        state, N = trans
+        terms = []
+
+        g = self.lr0_goto(C[state], N)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index+1]
+                if a in self.grammar.Terminals:
+                    if a not in terms:
+                        terms.append(a)
+
+        # This extra bit is to handle the start state
+        if state == 0 and N == self.grammar.Productions[0].prod[0]:
+            terms.append('$end')
+
+        return terms
+
+    # -----------------------------------------------------------------------------
+    # reads_relation()
+    #
+    # Computes the READS() relation (p,A) READS (t,C).
+    # -----------------------------------------------------------------------------
+
+    def reads_relation(self, C, trans, empty):
+        # Look for empty transitions
+        rel = []
+        state, N = trans
+
+        g = self.lr0_goto(C[state], N)
+        j = self.lr0_cidhash.get(id(g), -1)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index + 1]
+                if a in empty:
+                    rel.append((j, a))
+
+        return rel
+
+    # -----------------------------------------------------------------------------
+    # compute_lookback_includes()
+    #
+    # Determines the lookback and includes relations
+    #
+    # LOOKBACK:
+    #
+    # This relation is determined by running the LR(0) state machine forward.
+    # For example, starting with a production "N : . A B C", we run it forward
+    # to obtain "N : A B C ."   We then build a relationship between this final
+    # state and the starting state.   These relationships are stored in a dictionary
+    # lookdict.
+    #
+    # INCLUDES:
+    #
+    # Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+    #
+    # This relation is used to determine non-terminal transitions that occur
+    # inside of other non-terminal transition states.   (p,A) INCLUDES (p', B)
+    # if the following holds:
+    #
+    #       B -> LAT, where T -> epsilon and p' -L-> p
+    #
+    # L is essentially a prefix (which may be empty), T is a suffix that must be
+    # able to derive an empty string.  State p' must lead to state p with the string L.
+    #
+    # -----------------------------------------------------------------------------
+
+    def compute_lookback_includes(self, C, trans, nullable):
+        lookdict = {}          # Dictionary of lookback relations
+        includedict = {}       # Dictionary of include relations
+
+        # Make a dictionary of non-terminal transitions
+        dtrans = {}
+        for t in trans:
+            dtrans[t] = 1
+
+        # Loop over all transitions and compute lookbacks and includes
+        for state, N in trans:
+            lookb = []
+            includes = []
+            for p in C[state]:
+                if p.name != N:
+                    continue
+
+                # Okay, we have a name match.  We now follow the production all the way
+                # through the state machine until we get the . on the right hand side
+
+                lr_index = p.lr_index
+                j = state
+                while lr_index < p.len - 1:
+                    lr_index = lr_index + 1
+                    t = p.prod[lr_index]
+
+                    # Check to see if this symbol and state are a non-terminal transition
+                    if (j, t) in dtrans:
+                        # Yes.  Okay, there is some chance that this is an includes relation
+                        # the only way to know for certain is whether the rest of the
+                        # production derives empty
+
+                        li = lr_index + 1
+                        while li < p.len:
+                            if p.prod[li] in self.grammar.Terminals:
+                                break      # No forget it
+                            if p.prod[li] not in nullable:
+                                break
+                            li = li + 1
+                        else:
+                            # Appears to be a relation between (j,t) and (state,N)
+                            includes.append((j, t))
+
+                    g = self.lr0_goto(C[j], t)               # Go to next set
+                    j = self.lr0_cidhash.get(id(g), -1)      # Go to next state
+
+                # When we get here, j is the final state, now we have to locate the production
+                for r in C[j]:
+                    if r.name != p.name:
+                        continue
+                    if r.len != p.len:
+                        continue
+                    i = 0
+                    # This look is comparing a production ". A B C" with "A B C ."
+                    while i < r.lr_index:
+                        if r.prod[i] != p.prod[i+1]:
+                            break
+                        i = i + 1
+                    else:
+                        lookb.append((j, r))
+            for i in includes:
+                if i not in includedict:
+                    includedict[i] = []
+                includedict[i].append((state, N))
+            lookdict[(state, N)] = lookb
+
+        return lookdict, includedict
+
+    # -----------------------------------------------------------------------------
+    # compute_read_sets()
+    #
+    # Given a set of LR(0) items, this function computes the read sets.
+    #
+    # Inputs:  C        =  Set of LR(0) items
+    #          ntrans   = Set of nonterminal transitions
+    #          nullable = Set of empty transitions
+    #
+    # Returns a set containing the read sets
+    # -----------------------------------------------------------------------------
+
+    def compute_read_sets(self, C, ntrans, nullable):
+        FP = lambda x: self.dr_relation(C, x, nullable)
+        R =  lambda x: self.reads_relation(C, x, nullable)
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # compute_follow_sets()
+    #
+    # Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+    # and an include set, this function computes the follow sets
+    #
+    # Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+    #
+    # Inputs:
+    #            ntrans     = Set of nonterminal transitions
+    #            readsets   = Readset (previously computed)
+    #            inclsets   = Include sets (previously computed)
+    #
+    # Returns a set containing the follow sets
+    # -----------------------------------------------------------------------------
+
+    def compute_follow_sets(self, ntrans, readsets, inclsets):
+        FP = lambda x: readsets[x]
+        R  = lambda x: inclsets.get(x, [])
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # add_lookaheads()
+    #
+    # Attaches the lookahead symbols to grammar rules.
+    #
+    # Inputs:    lookbacks         -  Set of lookback relations
+    #            followset         -  Computed follow set
+    #
+    # This function directly attaches the lookaheads to productions contained
+    # in the lookbacks set
+    # -----------------------------------------------------------------------------
+
+    def add_lookaheads(self, lookbacks, followset):
+        for trans, lb in lookbacks.items():
+            # Loop over productions in lookback
+            for state, p in lb:
+                if state not in p.lookaheads:
+                    p.lookaheads[state] = []
+                f = followset.get(trans, [])
+                for a in f:
+                    if a not in p.lookaheads[state]:
+                        p.lookaheads[state].append(a)
+
+    # -----------------------------------------------------------------------------
+    # add_lalr_lookaheads()
+    #
+    # This function does all of the work of adding lookahead information for use
+    # with LALR parsing
+    # -----------------------------------------------------------------------------
+
+    def add_lalr_lookaheads(self, C):
+        # Determine all of the nullable nonterminals
+        nullable = self.compute_nullable_nonterminals()
+
+        # Find all non-terminal transitions
+        trans = self.find_nonterminal_transitions(C)
+
+        # Compute read sets
+        readsets = self.compute_read_sets(C, trans, nullable)
+
+        # Compute lookback/includes relations
+        lookd, included = self.compute_lookback_includes(C, trans, nullable)
+
+        # Compute LALR FOLLOW sets
+        followsets = self.compute_follow_sets(trans, readsets, included)
+
+        # Add all of the lookaheads
+        self.add_lookaheads(lookd, followsets)
+
+    # -----------------------------------------------------------------------------
+    # lr_parse_table()
+    #
+    # This function constructs the parse tables for SLR or LALR
+    # -----------------------------------------------------------------------------
+    def lr_parse_table(self):
+        Productions = self.grammar.Productions
+        Precedence  = self.grammar.Precedence
+        goto   = self.lr_goto         # Goto array
+        action = self.lr_action       # Action array
+        log    = self.log             # Logger for output
+
+        actionp = {}                  # Action production array (temporary)
+
+        log.info('Parsing method: %s', self.lr_method)
+
+        # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+        # This determines the number of states
+
+        C = self.lr0_items()
+
+        if self.lr_method == 'LALR':
+            self.add_lalr_lookaheads(C)
+
+        # Build the parser table, state by state
+        st = 0
+        for I in C:
+            # Loop over each production in I
+            actlist = []              # List of actions
+            st_action  = {}
+            st_actionp = {}
+            st_goto    = {}
+            log.info('')
+            log.info('state %d', st)
+            log.info('')
+            for p in I:
+                log.info('    (%d) %s', p.number, p)
+            log.info('')
+
+            for p in I:
+                    if p.len == p.lr_index + 1:
+                        if p.name == "S'":
+                            # Start symbol. Accept!
+                            st_action['$end'] = 0
+                            st_actionp['$end'] = p
+                        else:
+                            # We are at the end of a production.  Reduce!
+                            if self.lr_method == 'LALR':
+                                laheads = p.lookaheads[st]
+                            else:
+                                laheads = self.grammar.Follow[p.name]
+                            for a in laheads:
+                                actlist.append((a, p, 'reduce using rule %d (%s)' % (p.number, p)))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa. Have a shift/reduce or reduce/reduce conflict
+                                    if r > 0:
+                                        # Need to decide on shift or reduce here
+                                        # By default we favor shifting. Need to add
+                                        # some precedence rules here.
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from rule being reduced (p)
+                                        rprec, rlevel = Productions[p.number].prec
+
+                                        if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+                                            # We really need to reduce here.
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+                                            Productions[p.number].reduced += 1
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the shift
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                    elif r < 0:
+                                        # Reduce/reduce conflict.   In this case, we favor the rule
+                                        # that was defined first in the grammar file
+                                        oldp = Productions[-r]
+                                        pp = Productions[p.number]
+                                        if oldp.line > pp.line:
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            chosenp, rejectp = pp, oldp
+                                            Productions[p.number].reduced += 1
+                                            Productions[oldp.number].reduced -= 1
+                                        else:
+                                            chosenp, rejectp = oldp, pp
+                                        self.rr_conflicts.append((st, chosenp, rejectp))
+                                        log.info('  ! reduce/reduce conflict for %s resolved using rule %d (%s)',
+                                                 a, st_actionp[a].number, st_actionp[a])
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = -p.number
+                                    st_actionp[a] = p
+                                    Productions[p.number].reduced += 1
+                    else:
+                        i = p.lr_index
+                        a = p.prod[i+1]       # Get symbol right after the "."
+                        if a in self.grammar.Terminals:
+                            g = self.lr0_goto(I, a)
+                            j = self.lr0_cidhash.get(id(g), -1)
+                            if j >= 0:
+                                # We are in a shift state
+                                actlist.append((a, p, 'shift and go to state %d' % j))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa have a shift/reduce or shift/shift conflict
+                                    if r > 0:
+                                        if r != j:
+                                            raise LALRError('Shift/shift conflict in state %d' % st)
+                                    elif r < 0:
+                                        # Do a precedence check.
+                                        #   -  if precedence of reduce rule is higher, we reduce.
+                                        #   -  if precedence of reduce is same and left assoc, we reduce.
+                                        #   -  otherwise we shift
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from the rule that could have been reduced
+                                        rprec, rlevel = Productions[st_actionp[a].number].prec
+
+                                        if (slevel > rlevel) or ((slevel == rlevel) and (rprec == 'right')):
+                                            # We decide to shift here... highest precedence to shift
+                                            Productions[st_actionp[a].number].reduced -= 1
+                                            st_action[a] = j
+                                            st_actionp[a] = p
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the reduce
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = j
+                                    st_actionp[a] = p
+
+            # Print the actions associated with each terminal
+            _actprint = {}
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is st_actionp[a]:
+                        log.info('    %-15s %s', a, m)
+                        _actprint[(a, m)] = 1
+            log.info('')
+            # Print the actions that were not used. (debugging)
+            not_used = 0
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is not st_actionp[a]:
+                        if not (a, m) in _actprint:
+                            log.debug('  ! %-15s [ %s ]', a, m)
+                            not_used = 1
+                            _actprint[(a, m)] = 1
+            if not_used:
+                log.debug('')
+
+            # Construct the goto table for this state
+
+            nkeys = {}
+            for ii in I:
+                for s in ii.usyms:
+                    if s in self.grammar.Nonterminals:
+                        nkeys[s] = None
+            for n in nkeys:
+                g = self.lr0_goto(I, n)
+                j = self.lr0_cidhash.get(id(g), -1)
+                if j >= 0:
+                    st_goto[n] = j
+                    log.info('    %-30s shift and go to state %d', n, j)
+
+            action[st] = st_action
+            actionp[st] = st_actionp
+            goto[st] = st_goto
+            st += 1
+
+    # -----------------------------------------------------------------------------
+    # write()
+    #
+    # This function writes the LR parsing tables to a file
+    # -----------------------------------------------------------------------------
+
+    def write_table(self, tabmodule, outputdir='', signature=''):
+        if isinstance(tabmodule, types.ModuleType):
+            raise IOError("Won't overwrite existing tabmodule")
+
+        basemodulename = tabmodule.split('.')[-1]
+        filename = os.path.join(outputdir, basemodulename) + '.py'
+        try:
+            f = open(filename, 'w')
+
+            f.write('''
+# %s
+# This file is automatically generated. Do not edit.
+# pylint: disable=W,C,R
+_tabversion = %r
+
+_lr_method = %r
+
+_lr_signature = %r
+    ''' % (os.path.basename(filename), __tabversion__, self.lr_method, signature))
+
+            # Change smaller to 0 to go back to original tables
+            smaller = 1
+
+            # Factor out names to try and make smaller
+            if smaller:
+                items = {}
+
+                for s, nd in self.lr_action.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_action_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_action = {}
+for _k, _v in _lr_action_items.items():
+   for _x,_y in zip(_v[0],_v[1]):
+      if not _x in _lr_action:  _lr_action[_x] = {}
+      _lr_action[_x][_k] = _y
+del _lr_action_items
+''')
+
+            else:
+                f.write('\n_lr_action = { ')
+                for k, v in self.lr_action.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            if smaller:
+                # Factor out names to try and make smaller
+                items = {}
+
+                for s, nd in self.lr_goto.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_goto_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_goto = {}
+for _k, _v in _lr_goto_items.items():
+   for _x, _y in zip(_v[0], _v[1]):
+       if not _x in _lr_goto: _lr_goto[_x] = {}
+       _lr_goto[_x][_k] = _y
+del _lr_goto_items
+''')
+            else:
+                f.write('\n_lr_goto = { ')
+                for k, v in self.lr_goto.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            # Write production table
+            f.write('_lr_productions = [\n')
+            for p in self.lr_productions:
+                if p.func:
+                    f.write('  (%r,%r,%d,%r,%r,%d),\n' % (p.str, p.name, p.len,
+                                                          p.func, os.path.basename(p.file), p.line))
+                else:
+                    f.write('  (%r,%r,%d,None,None,None),\n' % (str(p), p.name, p.len))
+            f.write(']\n')
+            f.close()
+
+        except IOError as e:
+            raise
+
+
+    # -----------------------------------------------------------------------------
+    # pickle_table()
+    #
+    # This function pickles the LR parsing tables to a supplied file object
+    # -----------------------------------------------------------------------------
+
+    def pickle_table(self, filename, signature=''):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+        with open(filename, 'wb') as outf:
+            pickle.dump(__tabversion__, outf, pickle_protocol)
+            pickle.dump(self.lr_method, outf, pickle_protocol)
+            pickle.dump(signature, outf, pickle_protocol)
+            pickle.dump(self.lr_action, outf, pickle_protocol)
+            pickle.dump(self.lr_goto, outf, pickle_protocol)
+
+            outp = []
+            for p in self.lr_productions:
+                if p.func:
+                    outp.append((p.str, p.name, p.len, p.func, os.path.basename(p.file), p.line))
+                else:
+                    outp.append((str(p), p.name, p.len, None, None, None))
+            pickle.dump(outp, outf, pickle_protocol)
+
+# -----------------------------------------------------------------------------
+#                            === INTROSPECTION ===
+#
+# The following functions and classes are used to implement the PLY
+# introspection features followed by the yacc() function itself.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# parse_grammar()
+#
+# This takes a raw grammar rule string and parses it into production data
+# -----------------------------------------------------------------------------
+def parse_grammar(doc, file, line):
+    grammar = []
+    # Split the doc string into lines
+    pstrings = doc.splitlines()
+    lastp = None
+    dline = line
+    for ps in pstrings:
+        dline += 1
+        p = ps.split()
+        if not p:
+            continue
+        try:
+            if p[0] == '|':
+                # This is a continuation of a previous rule
+                if not lastp:
+                    raise SyntaxError("%s:%d: Misplaced '|'" % (file, dline))
+                prodname = lastp
+                syms = p[1:]
+            else:
+                prodname = p[0]
+                lastp = prodname
+                syms   = p[2:]
+                assign = p[1]
+                if assign != ':' and assign != '::=':
+                    raise SyntaxError("%s:%d: Syntax error. Expected ':'" % (file, dline))
+
+            grammar.append((file, dline, prodname, syms))
+        except SyntaxError:
+            raise
+        except Exception:
+            raise SyntaxError('%s:%d: Syntax error in rule %r' % (file, dline, ps.strip()))
+
+    return grammar
+
+# -----------------------------------------------------------------------------
+# ParserReflect()
+#
+# This class represents information extracted for building a parser including
+# start symbol, error function, tokens, precedence list, action functions,
+# etc.
+# -----------------------------------------------------------------------------
+class ParserReflect(object):
+    def __init__(self, pdict, log=None):
+        self.pdict      = pdict
+        self.start      = None
+        self.error_func = None
+        self.tokens     = None
+        self.modules    = set()
+        self.grammar    = []
+        self.error      = False
+
+        if log is None:
+            self.log = PlyLogger(sys.stderr)
+        else:
+            self.log = log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_start()
+        self.get_error_func()
+        self.get_tokens()
+        self.get_precedence()
+        self.get_pfunctions()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_start()
+        self.validate_error_func()
+        self.validate_tokens()
+        self.validate_precedence()
+        self.validate_pfunctions()
+        self.validate_modules()
+        return self.error
+
+    # Compute a signature over the grammar
+    def signature(self):
+        parts = []
+        try:
+            if self.start:
+                parts.append(self.start)
+            if self.prec:
+                parts.append(''.join([''.join(p) for p in self.prec]))
+            if self.tokens:
+                parts.append(' '.join(self.tokens))
+            for f in self.pfuncs:
+                if f[3]:
+                    parts.append(f[3])
+        except (TypeError, ValueError):
+            pass
+        return ''.join(parts)
+
+    # -----------------------------------------------------------------------------
+    # validate_modules()
+    #
+    # This method checks to see if there are duplicated p_rulename() functions
+    # in the parser module file.  Without this function, it is really easy for
+    # users to make mistakes by cutting and pasting code fragments (and it's a real
+    # bugger to try and figure out why the resulting parser doesn't work).  Therefore,
+    # we just do a little regular expression pattern matching of def statements
+    # to try and detect duplicates.
+    # -----------------------------------------------------------------------------
+
+    def validate_modules(self):
+        # Match def p_funcname(
+        fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+
+        for module in self.modules:
+            try:
+                lines, linen = inspect.getsourcelines(module)
+            except IOError:
+                continue
+
+            counthash = {}
+            for linen, line in enumerate(lines):
+                linen += 1
+                m = fre.match(line)
+                if m:
+                    name = m.group(1)
+                    prev = counthash.get(name)
+                    if not prev:
+                        counthash[name] = linen
+                    else:
+                        filename = inspect.getsourcefile(module)
+                        self.log.warning('%s:%d: Function %s redefined. Previously defined on line %d',
+                                         filename, linen, name, prev)
+
+    # Get the start symbol
+    def get_start(self):
+        self.start = self.pdict.get('start')
+
+    # Validate the start symbol
+    def validate_start(self):
+        if self.start is not None:
+            if not isinstance(self.start, string_types):
+                self.log.error("'start' must be a string")
+
+    # Look for error handler
+    def get_error_func(self):
+        self.error_func = self.pdict.get('p_error')
+
+    # Validate the error function
+    def validate_error_func(self):
+        if self.error_func:
+            if isinstance(self.error_func, types.FunctionType):
+                ismethod = 0
+            elif isinstance(self.error_func, types.MethodType):
+                ismethod = 1
+            else:
+                self.log.error("'p_error' defined, but is not a function or method")
+                self.error = True
+                return
+
+            eline = self.error_func.__code__.co_firstlineno
+            efile = self.error_func.__code__.co_filename
+            module = inspect.getmodule(self.error_func)
+            self.modules.add(module)
+
+            argcount = self.error_func.__code__.co_argcount - ismethod
+            if argcount != 1:
+                self.log.error('%s:%d: p_error() requires 1 argument', efile, eline)
+                self.error = True
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.pdict.get('tokens')
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = sorted(tokens)
+
+    # Validate the tokens
+    def validate_tokens(self):
+        # Validate the tokens.
+        if 'error' in self.tokens:
+            self.log.error("Illegal token name 'error'. Is a reserved word")
+            self.error = True
+            return
+
+        terminals = set()
+        for n in self.tokens:
+            if n in terminals:
+                self.log.warning('Token %r multiply defined', n)
+            terminals.add(n)
+
+    # Get the precedence map (if any)
+    def get_precedence(self):
+        self.prec = self.pdict.get('precedence')
+
+    # Validate and parse the precedence map
+    def validate_precedence(self):
+        preclist = []
+        if self.prec:
+            if not isinstance(self.prec, (list, tuple)):
+                self.log.error('precedence must be a list or tuple')
+                self.error = True
+                return
+            for level, p in enumerate(self.prec):
+                if not isinstance(p, (list, tuple)):
+                    self.log.error('Bad precedence table')
+                    self.error = True
+                    return
+
+                if len(p) < 2:
+                    self.log.error('Malformed precedence entry %s. Must be (assoc, term, ..., term)', p)
+                    self.error = True
+                    return
+                assoc = p[0]
+                if not isinstance(assoc, string_types):
+                    self.log.error('precedence associativity must be a string')
+                    self.error = True
+                    return
+                for term in p[1:]:
+                    if not isinstance(term, string_types):
+                        self.log.error('precedence items must be strings')
+                        self.error = True
+                        return
+                    preclist.append((term, assoc, level+1))
+        self.preclist = preclist
+
+    # Get all p_functions from the grammar
+    def get_pfunctions(self):
+        p_functions = []
+        for name, item in self.pdict.items():
+            if not name.startswith('p_') or name == 'p_error':
+                continue
+            if isinstance(item, (types.FunctionType, types.MethodType)):
+                line = getattr(item, 'co_firstlineno', item.__code__.co_firstlineno)
+                module = inspect.getmodule(item)
+                p_functions.append((line, module, name, item.__doc__))
+
+        # Sort all of the actions by line number; make sure to stringify
+        # modules to make them sortable, since `line` may not uniquely sort all
+        # p functions
+        p_functions.sort(key=lambda p_function: (
+            p_function[0],
+            str(p_function[1]),
+            p_function[2],
+            p_function[3]))
+        self.pfuncs = p_functions
+
+    # Validate all of the p_functions
+    def validate_pfunctions(self):
+        grammar = []
+        # Check for non-empty symbols
+        if len(self.pfuncs) == 0:
+            self.log.error('no rules of the form p_rulename are defined')
+            self.error = True
+            return
+
+        for line, module, name, doc in self.pfuncs:
+            file = inspect.getsourcefile(module)
+            func = self.pdict[name]
+            if isinstance(func, types.MethodType):
+                reqargs = 2
+            else:
+                reqargs = 1
+            if func.__code__.co_argcount > reqargs:
+                self.log.error('%s:%d: Rule %r has too many arguments', file, line, func.__name__)
+                self.error = True
+            elif func.__code__.co_argcount < reqargs:
+                self.log.error('%s:%d: Rule %r requires an argument', file, line, func.__name__)
+                self.error = True
+            elif not func.__doc__:
+                self.log.warning('%s:%d: No documentation string specified in function %r (ignored)',
+                                 file, line, func.__name__)
+            else:
+                try:
+                    parsed_g = parse_grammar(doc, file, line)
+                    for g in parsed_g:
+                        grammar.append((name, g))
+                except SyntaxError as e:
+                    self.log.error(str(e))
+                    self.error = True
+
+                # Looks like a valid grammar rule
+                # Mark the file in which defined.
+                self.modules.add(module)
+
+        # Secondary validation step that looks for p_ definitions that are not functions
+        # or functions that look like they might be grammar rules.
+
+        for n, v in self.pdict.items():
+            if n.startswith('p_') and isinstance(v, (types.FunctionType, types.MethodType)):
+                continue
+            if n.startswith('t_'):
+                continue
+            if n.startswith('p_') and n != 'p_error':
+                self.log.warning('%r not defined as a function', n)
+            if ((isinstance(v, types.FunctionType) and v.__code__.co_argcount == 1) or
+                   (isinstance(v, types.MethodType) and v.__func__.__code__.co_argcount == 2)):
+                if v.__doc__:
+                    try:
+                        doc = v.__doc__.split(' ')
+                        if doc[1] == ':':
+                            self.log.warning('%s:%d: Possible grammar rule %r defined without p_ prefix',
+                                             v.__code__.co_filename, v.__code__.co_firstlineno, n)
+                    except IndexError:
+                        pass
+
+        self.grammar = grammar
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build a parser
+# -----------------------------------------------------------------------------
+
+def yacc(method='LALR', debug=yaccdebug, module=None, tabmodule=tab_module, start=None,
+         check_recursion=True, optimize=False, write_tables=True, debugfile=debug_file,
+         outputdir=None, debuglog=None, errorlog=None, picklefile=None):
+
+    if tabmodule is None:
+        tabmodule = tab_module
+
+    # Reference to the parsing method of the last built parser
+    global parse
+
+    # If pickling is enabled, table files are not created
+    if picklefile:
+        write_tables = 0
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        pdict = dict(_items)
+        # If no __file__ or __package__ attributes are available, try to obtain them
+        # from the __module__ instead
+        if '__file__' not in pdict:
+            pdict['__file__'] = sys.modules[pdict['__module__']].__file__
+        if '__package__' not in pdict and '__module__' in pdict:
+            if hasattr(sys.modules[pdict['__module__']], '__package__'):
+                pdict['__package__'] = sys.modules[pdict['__module__']].__package__
+    else:
+        pdict = get_caller_module_dict(2)
+
+    if outputdir is None:
+        # If no output directory is set, the location of the output files
+        # is determined according to the following rules:
+        #     - If tabmodule specifies a package, files go into that package directory
+        #     - Otherwise, files go in the same directory as the specifying module
+        if isinstance(tabmodule, types.ModuleType):
+            srcfile = tabmodule.__file__
+        else:
+            if '.' not in tabmodule:
+                srcfile = pdict['__file__']
+            else:
+                parts = tabmodule.split('.')
+                pkgname = '.'.join(parts[:-1])
+                exec('import %s' % pkgname)
+                srcfile = getattr(sys.modules[pkgname], '__file__', '')
+        outputdir = os.path.dirname(srcfile)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = pdict.get('__package__')
+    if pkg and isinstance(tabmodule, str):
+        if '.' not in tabmodule:
+            tabmodule = pkg + '.' + tabmodule
+
+
+
+    # Set start symbol if it's specified directly using an argument
+    if start is not None:
+        pdict['start'] = start
+
+    # Collect parser information from the dictionary
+    pinfo = ParserReflect(pdict, log=errorlog)
+    pinfo.get_all()
+
+    if pinfo.error:
+        raise YaccError('Unable to build parser')
+
+    # Check signature against table files (if any)
+    signature = pinfo.signature()
+
+    # Read the tables
+    try:
+        lr = LRTable()
+        if picklefile:
+            read_signature = lr.read_pickle(picklefile)
+        else:
+            read_signature = lr.read_table(tabmodule)
+        if optimize or (read_signature == signature):
+            try:
+                lr.bind_callables(pinfo.pdict)
+                parser = LRParser(lr, pinfo.error_func)
+                parse = parser.parse
+                return parser
+            except Exception as e:
+                errorlog.warning('There was a problem loading the table file: %r', e)
+    except VersionError as e:
+        errorlog.warning(str(e))
+    except ImportError:
+        pass
+
+    if debuglog is None:
+        if debug:
+            try:
+                debuglog = PlyLogger(open(os.path.join(outputdir, debugfile), 'w'))
+            except IOError as e:
+                errorlog.warning("Couldn't open %r. %s" % (debugfile, e))
+                debuglog = NullLogger()
+        else:
+            debuglog = NullLogger()
+
+    debuglog.info('Created by PLY version %s (http://www.dabeaz.com/ply)', __version__)
+
+    errors = False
+
+    # Validate the parser information
+    if pinfo.validate_all():
+        raise YaccError('Unable to build parser')
+
+    if not pinfo.error_func:
+        errorlog.warning('no p_error() function is defined')
+
+    # Create a grammar object
+    grammar = Grammar(pinfo.tokens)
+
+    # Set precedence level for terminals
+    for term, assoc, level in pinfo.preclist:
+        try:
+            grammar.set_precedence(term, assoc, level)
+        except GrammarError as e:
+            errorlog.warning('%s', e)
+
+    # Add productions to the grammar
+    for funcname, gram in pinfo.grammar:
+        file, line, prodname, syms = gram
+        try:
+            grammar.add_production(prodname, syms, funcname, file, line)
+        except GrammarError as e:
+            errorlog.error('%s', e)
+            errors = True
+
+    # Set the grammar start symbols
+    try:
+        if start is None:
+            grammar.set_start(pinfo.start)
+        else:
+            grammar.set_start(start)
+    except GrammarError as e:
+        errorlog.error(str(e))
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Verify the grammar structure
+    undefined_symbols = grammar.undefined_symbols()
+    for sym, prod in undefined_symbols:
+        errorlog.error('%s:%d: Symbol %r used, but not defined as a token or a rule', prod.file, prod.line, sym)
+        errors = True
+
+    unused_terminals = grammar.unused_terminals()
+    if unused_terminals:
+        debuglog.info('')
+        debuglog.info('Unused terminals:')
+        debuglog.info('')
+        for term in unused_terminals:
+            errorlog.warning('Token %r defined, but not used', term)
+            debuglog.info('    %s', term)
+
+    # Print out all productions to the debug log
+    if debug:
+        debuglog.info('')
+        debuglog.info('Grammar')
+        debuglog.info('')
+        for n, p in enumerate(grammar.Productions):
+            debuglog.info('Rule %-5d %s', n, p)
+
+    # Find unused non-terminals
+    unused_rules = grammar.unused_rules()
+    for prod in unused_rules:
+        errorlog.warning('%s:%d: Rule %r defined, but not used', prod.file, prod.line, prod.name)
+
+    if len(unused_terminals) == 1:
+        errorlog.warning('There is 1 unused token')
+    if len(unused_terminals) > 1:
+        errorlog.warning('There are %d unused tokens', len(unused_terminals))
+
+    if len(unused_rules) == 1:
+        errorlog.warning('There is 1 unused rule')
+    if len(unused_rules) > 1:
+        errorlog.warning('There are %d unused rules', len(unused_rules))
+
+    if debug:
+        debuglog.info('')
+        debuglog.info('Terminals, with rules where they appear')
+        debuglog.info('')
+        terms = list(grammar.Terminals)
+        terms.sort()
+        for term in terms:
+            debuglog.info('%-20s : %s', term, ' '.join([str(s) for s in grammar.Terminals[term]]))
+
+        debuglog.info('')
+        debuglog.info('Nonterminals, with rules where they appear')
+        debuglog.info('')
+        nonterms = list(grammar.Nonterminals)
+        nonterms.sort()
+        for nonterm in nonterms:
+            debuglog.info('%-20s : %s', nonterm, ' '.join([str(s) for s in grammar.Nonterminals[nonterm]]))
+        debuglog.info('')
+
+    if check_recursion:
+        unreachable = grammar.find_unreachable()
+        for u in unreachable:
+            errorlog.warning('Symbol %r is unreachable', u)
+
+        infinite = grammar.infinite_cycles()
+        for inf in infinite:
+            errorlog.error('Infinite recursion detected for symbol %r', inf)
+            errors = True
+
+    unused_prec = grammar.unused_precedence()
+    for term, assoc in unused_prec:
+        errorlog.error('Precedence rule %r defined for unknown symbol %r', assoc, term)
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Run the LRGeneratedTable on the grammar
+    if debug:
+        errorlog.debug('Generating %s tables', method)
+
+    lr = LRGeneratedTable(grammar, method, debuglog)
+
+    if debug:
+        num_sr = len(lr.sr_conflicts)
+
+        # Report shift/reduce and reduce/reduce conflicts
+        if num_sr == 1:
+            errorlog.warning('1 shift/reduce conflict')
+        elif num_sr > 1:
+            errorlog.warning('%d shift/reduce conflicts', num_sr)
+
+        num_rr = len(lr.rr_conflicts)
+        if num_rr == 1:
+            errorlog.warning('1 reduce/reduce conflict')
+        elif num_rr > 1:
+            errorlog.warning('%d reduce/reduce conflicts', num_rr)
+
+    # Write out conflicts to the output file
+    if debug and (lr.sr_conflicts or lr.rr_conflicts):
+        debuglog.warning('')
+        debuglog.warning('Conflicts:')
+        debuglog.warning('')
+
+        for state, tok, resolution in lr.sr_conflicts:
+            debuglog.warning('shift/reduce conflict for %s in state %d resolved as %s',  tok, state, resolution)
+
+        already_reported = set()
+        for state, rule, rejected in lr.rr_conflicts:
+            if (state, id(rule), id(rejected)) in already_reported:
+                continue
+            debuglog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            debuglog.warning('rejected rule (%s) in state %d', rejected, state)
+            errorlog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            errorlog.warning('rejected rule (%s) in state %d', rejected, state)
+            already_reported.add((state, id(rule), id(rejected)))
+
+        warned_never = []
+        for state, rule, rejected in lr.rr_conflicts:
+            if not rejected.reduced and (rejected not in warned_never):
+                debuglog.warning('Rule (%s) is never reduced', rejected)
+                errorlog.warning('Rule (%s) is never reduced', rejected)
+                warned_never.append(rejected)
+
+    # Write the table file if requested
+    if write_tables:
+        try:
+            lr.write_table(tabmodule, outputdir, signature)
+            if tabmodule in sys.modules:
+                del sys.modules[tabmodule]
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (tabmodule, e))
+
+    # Write a pickled version of the tables
+    if picklefile:
+        try:
+            lr.pickle_table(picklefile, signature)
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (picklefile, e))
+
+    # Build the parser
+    lr.bind_callables(pinfo.pdict)
+    parser = LRParser(lr, pinfo.error_func)
+
+    parse = parser.parse
+    return parser
diff --git a/lib/go-jinja2/internal/data/linux-amd64/ply/ygen.py b/lib/go-jinja2/internal/data/linux-amd64/ply/ygen.py
new file mode 100644
index 000000000..03b93180a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/ply/ygen.py
@@ -0,0 +1,69 @@
+# ply: ygen.py
+#
+# This is a support program that auto-generates different versions of the YACC parsing
+# function with different features removed for the purposes of performance.
+#
+# Users should edit the method LRParser.parsedebug() in yacc.py.   The source code
+# for that method is then used to create the other methods.   See the comments in
+# yacc.py for further details.
+
+import os.path
+import shutil
+
+def get_source_range(lines, tag):
+    srclines = enumerate(lines)
+    start_tag = '#--! %s-start' % tag
+    end_tag = '#--! %s-end' % tag
+
+    for start_index, line in srclines:
+        if line.strip().startswith(start_tag):
+            break
+
+    for end_index, line in srclines:
+        if line.strip().endswith(end_tag):
+            break
+
+    return (start_index + 1, end_index)
+
+def filter_section(lines, tag):
+    filtered_lines = []
+    include = True
+    tag_text = '#--! %s' % tag
+    for line in lines:
+        if line.strip().startswith(tag_text):
+            include = not include
+        elif include:
+            filtered_lines.append(line)
+    return filtered_lines
+
+def main():
+    dirname = os.path.dirname(__file__)
+    shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak'))
+    with open(os.path.join(dirname, 'yacc.py'), 'r') as f:
+        lines = f.readlines()
+
+    parse_start, parse_end = get_source_range(lines, 'parsedebug')
+    parseopt_start, parseopt_end = get_source_range(lines, 'parseopt')
+    parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack')
+
+    # Get the original source
+    orig_lines = lines[parse_start:parse_end]
+
+    # Filter the DEBUG sections out
+    parseopt_lines = filter_section(orig_lines, 'DEBUG')
+
+    # Filter the TRACKING sections out
+    parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING')
+
+    # Replace the parser source sections with updated versions
+    lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines
+    lines[parseopt_start:parseopt_end] = parseopt_lines
+
+    lines = [line.rstrip()+'\n' for line in lines]
+    with open(os.path.join(dirname, 'yacc.py'), 'w') as f:
+        f.writelines(lines)
+
+    print('Updated yacc.py')
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/LICENSE
new file mode 100644
index 000000000..82af695f5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Val Neekman @ Neekware Inc. http://neekware.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/METADATA
new file mode 100644
index 000000000..d02e1c298
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/METADATA
@@ -0,0 +1,246 @@
+Metadata-Version: 2.1
+Name: python-slugify
+Version: 8.0.4
+Summary: A Python slugify application that also handles Unicode
+Home-page: https://github.com/un33k/python-slugify
+Author: Val Neekman
+Author-email: info@neekware.com
+License: MIT
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: text-unidecode (>=1.3)
+Provides-Extra: unidecode
+Requires-Dist: Unidecode (>=1.1.1) ; extra == 'unidecode'
+
+# Python Slugify
+
+**A Python slugify application that handles unicode**.
+
+[![status-image]][status-link]
+[![version-image]][version-link]
+[![coverage-image]][coverage-link]
+
+# Overview
+
+**Best attempt** to create slugs from unicode strings while keeping it **DRY**.
+
+# Notice
+
+This module, by default installs and uses [text-unidecode](https://github.com/kmike/text-unidecode) _(GPL & Perl Artistic)_ for its decoding needs.
+
+However, there is an alternative decoding package called [Unidecode](https://github.com/avian2/unidecode) _(GPL)_. It can be installed as `python-slugify[unidecode]` for those who prefer it. `Unidecode` is believed to be more [advanced](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki#notes-on-unidecode).
+
+### `Official` Support Matrix
+
+| Python         | Slugify            |
+| -------------- | ------------------ |
+| `>= 2.7 < 3.6` | `< 5.0.0`          |
+| `>= 3.6 < 3.7` | `>= 5.0.0 < 7.0.0` |
+| `>= 3.7`       | `>= 7.0.0`         |
+
+# How to install
+
+    easy_install python-slugify |OR| easy_install python-slugify[unidecode]
+    -- OR --
+    pip install python-slugify |OR| pip install python-slugify[unidecode]
+
+# Options
+
+```python
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+  """
+  Make a slug from the given text.
+  :param text (str): initial text
+  :param entities (bool): converts html entities to unicode (foo &amp; bar -> foo-bar)
+  :param decimal (bool): converts html decimal to unicode (&#381; -> Ž -> z)
+  :param hexadecimal (bool): converts html hexadecimal to unicode (&#x17D; -> Ž -> z)
+  :param max_length (int): output string length
+  :param word_boundary (bool): truncates to end of full words (length may be shorter than max_length)
+  :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+  :param separator (str): separator between words
+  :param stopwords (iterable): words to discount
+  :param regex_pattern (str): regex pattern for disallowed characters
+  :param lowercase (bool): activate case sensitivity by setting it to False
+  :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+  :param allow_unicode (bool): allow unicode characters
+  :return (str): slugify text
+  """
+```
+
+# How to use
+
+```python
+from slugify import slugify
+
+txt = "This is a test ---"
+r = slugify(txt)
+self.assertEqual(r, "this-is-a-test")
+
+txt = '影師嗎'
+r = slugify(txt)
+self.assertEqual(r, "ying-shi-ma")
+
+txt = '影師嗎'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "影師嗎")
+
+txt = 'C\'est déjà l\'été.'
+r = slugify(txt)
+self.assertEqual(r, "c-est-deja-l-ete")
+
+txt = 'Nín hǎo. Wǒ shì zhōng guó rén'
+r = slugify(txt)
+self.assertEqual(r, "nin-hao-wo-shi-zhong-guo-ren")
+
+txt = 'Компьютер'
+r = slugify(txt)
+self.assertEqual(r, "kompiuter")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=9)
+self.assertEqual(r, "jaja-lol")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=15, word_boundary=True)
+self.assertEqual(r, "jaja-lol-a")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=20, word_boundary=True, separator=".")
+self.assertEqual(r, "jaja.lol.mememeoo.a")
+
+txt = 'one two three four five'
+r = slugify(txt, max_length=13, word_boundary=True, save_order=True)
+self.assertEqual(r, "one-two-three")
+
+txt = 'the quick brown fox jumps over the lazy dog'
+r = slugify(txt, stopwords=['the'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'the quick brown fox jumps over the lazy dog in a hurry'
+r = slugify(txt, stopwords=['the', 'in', 'a', 'hurry'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'thIs Has a stopword Stopword'
+r = slugify(txt, stopwords=['Stopword'], lowercase=False)
+self.assertEqual(r, 'thIs-Has-a-stopword')
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, regex_pattern=regex_pattern)
+self.assertEqual(r, "___this-is-a-test___")
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, separator='_', regex_pattern=regex_pattern)
+self.assertNotEqual(r, "_this_is_a_test_")
+
+txt = '10 | 20 %'
+r = slugify(txt, replacements=[['|', 'or'], ['%', 'percent']])
+self.assertEqual(r, "10-or-20-percent")
+
+txt = 'ÜBER Über German Umlaut'
+r = slugify(txt, replacements=[['Ü', 'UE'], ['ü', 'ue']])
+self.assertEqual(r, "ueber-ueber-german-umlaut")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "i-love")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True, regex_pattern=r'[^🦄]+')
+self.assertEqual(r, "🦄")
+
+```
+
+For more examples, have a look at the [test.py](test.py) file.
+
+# Command Line Options
+
+With the package, a command line tool called `slugify` is also installed.
+
+It allows convenient command line access to all the features the `slugify` function supports. Call it with `-h` for help.
+
+The command can take its input directly on the command line or from STDIN (when the `--stdin` flag is passed):
+
+```
+$ echo "Taking input from STDIN" | slugify --stdin
+taking-input-from-stdin
+```
+
+```
+$ slugify taking input from the command line
+taking-input-from-the-command-line
+```
+
+Please note that when a multi-valued option such as `--stopwords` or `--replacements` is passed, you need to use `--` as separator before you start with the input:
+
+```
+$ slugify --stopwords the in a hurry -- the quick brown fox jumps over the lazy dog in a hurry
+quick-brown-fox-jumps-over-lazy-dog
+```
+
+# Running the tests
+
+To run the tests against the current environment:
+
+    python test.py
+
+# Contribution
+
+Please read the ([wiki](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki)) page prior to raising any PRs.
+
+# License
+
+Released under a ([MIT](LICENSE)) license.
+
+### Notes on GPL dependencies
+Though the dependencies may be GPL licensed, `python-slugify` itself is not considered a derivative work and will remain under the MIT license.  
+If you wish to avoid installation of any GPL licensed packages, please note that the default dependency `text-unidecode` explicitly lets you choose to use the [Artistic License](https://opensource.org/license/artistic-perl-1-0-2/) instead. Use without concern.
+
+# Version
+
+X.Y.Z Version
+
+    `MAJOR` version -- when you make incompatible API changes,
+    `MINOR` version -- when you add functionality in a backwards-compatible manner, and
+    `PATCH` version -- when you make backwards-compatible bug fixes.
+
+[status-image]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml/badge.svg
+[status-link]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml
+[version-image]: https://img.shields.io/pypi/v/python-slugify.svg
+[version-link]: https://pypi.python.org/pypi/python-slugify
+[coverage-image]: https://coveralls.io/repos/un33k/python-slugify/badge.svg
+[coverage-link]: https://coveralls.io/r/un33k/python-slugify
+[download-image]: https://img.shields.io/pypi/dm/python-slugify.svg
+[download-link]: https://pypi.python.org/pypi/python-slugify
+
+# Sponsors
+
+[Neekware Inc.](http://neekware.com)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/RECORD
new file mode 100644
index 000000000..691c5c267
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/RECORD
@@ -0,0 +1,20 @@
+../../bin/slugify,sha256=palUow1exrTTy6gVLOk6CcMyJFAF90e2WI-biyLKnbc,238
+python_slugify-8.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+python_slugify-8.0.4.dist-info/LICENSE,sha256=MLpNxpqfTc4TLdcDk3x6k7Vz4lJGBNLV-SxQZlFMDU8,1103
+python_slugify-8.0.4.dist-info/METADATA,sha256=FI0O_4c5wefK7aGhDtE_gmVk35TFPWWsQRAv9qLC74I,8469
+python_slugify-8.0.4.dist-info/RECORD,,
+python_slugify-8.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+python_slugify-8.0.4.dist-info/WHEEL,sha256=k3vXr0c0OitO0k9eCWBlI2yTYnpb_n_I2SGzrrfY7HY,110
+python_slugify-8.0.4.dist-info/entry_points.txt,sha256=s_Bxn3Nd2lsHTQ4PFCQ2z3o3xMgzQTtPPx3UGsUnI9I,50
+python_slugify-8.0.4.dist-info/top_level.txt,sha256=D7zuR7zxISqlCxArlOOOuLsWObz1_3jgosq5XhlSpew,8
+slugify/__init__.py,sha256=Q-9bKCQv89uf3bJr_yHxMPhBWXN8YCzlxQwK_kdpefI,346
+slugify/__main__.py,sha256=1kv8A15Tg_3-lrwRSVuHoYuA8_ykvra3OhCA0xYo1cY,3961
+slugify/__pycache__/__init__.cpython-311.pyc,,
+slugify/__pycache__/__main__.cpython-311.pyc,,
+slugify/__pycache__/__version__.cpython-311.pyc,,
+slugify/__pycache__/slugify.cpython-311.pyc,,
+slugify/__pycache__/special.cpython-311.pyc,,
+slugify/__version__.py,sha256=Dh3y4MnWAjNJGbaoRm3dfiytyF-iD5d-3OCfGyl__Y8,325
+slugify/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+slugify/slugify.py,sha256=MQPsw0u2g2LU-8BBT7K0DOlGtAhIxoKHQD4fWltKllY,6180
+slugify/special.py,sha256=8bHAPGnZ-1keuW4x2WZdFXVb9LFoS7i9Jo4ty_2D8hA,1222
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/WHEEL
new file mode 100644
index 000000000..09b796edd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..3031584eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+slugify = slugify.__main__:main
diff --git a/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/top_level.txt
new file mode 100644
index 000000000..f4843f722
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/python_slugify-8.0.4.dist-info/top_level.txt
@@ -0,0 +1 @@
+slugify
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/slugify/__init__.py
new file mode 100644
index 000000000..6d3279fb1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/slugify/__init__.py
@@ -0,0 +1,10 @@
+from .special import *
+from .slugify import *
+from .__version__ import __title__
+from .__version__ import __author__
+from .__version__ import __author_email__
+from .__version__ import __description__
+from .__version__ import __url__
+from .__version__ import __license__
+from .__version__ import __copyright__
+from .__version__ import __version__
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/__main__.py b/lib/go-jinja2/internal/data/linux-amd64/slugify/__main__.py
new file mode 100644
index 000000000..4cc461622
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/slugify/__main__.py
@@ -0,0 +1,98 @@
+from __future__ import annotations
+
+import argparse
+import sys
+from typing import Any
+
+from .slugify import slugify, DEFAULT_SEPARATOR
+
+
+def parse_args(argv: list[str]) -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Slug string")
+
+    input_group = parser.add_argument_group(description="Input")
+    input_group.add_argument("input_string", nargs='*',
+                             help='Text to slugify')
+    input_group.add_argument("--stdin", action='store_true',
+                             help="Take the text from STDIN")
+
+    parser.add_argument("--no-entities", action='store_false', dest='entities', default=True,
+                        help="Do not convert HTML entities to unicode")
+    parser.add_argument("--no-decimal", action='store_false', dest='decimal', default=True,
+                        help="Do not convert HTML decimal to unicode")
+    parser.add_argument("--no-hexadecimal", action='store_false', dest='hexadecimal', default=True,
+                        help="Do not convert HTML hexadecimal to unicode")
+    parser.add_argument("--max-length", type=int, default=0,
+                        help="Output string length, 0 for no limit")
+    parser.add_argument("--word-boundary", action='store_true', default=False,
+                        help="Truncate to complete word even if length ends up shorter than --max_length")
+    parser.add_argument("--save-order", action='store_true', default=False,
+                        help="When set and --max_length > 0 return whole words in the initial order")
+    parser.add_argument("--separator", type=str, default=DEFAULT_SEPARATOR,
+                        help="Separator between words. By default " + DEFAULT_SEPARATOR)
+    parser.add_argument("--stopwords", nargs='+',
+                        help="Words to discount")
+    parser.add_argument("--regex-pattern",
+                        help="Python regex pattern for disallowed characters")
+    parser.add_argument("--no-lowercase", action='store_false', dest='lowercase', default=True,
+                        help="Activate case sensitivity")
+    parser.add_argument("--replacements", nargs='+',
+                        help="""Additional replacement rules e.g. "|->or", "%%->percent".""")
+    parser.add_argument("--allow-unicode", action='store_true', default=False,
+                        help="Allow unicode characters")
+
+    args = parser.parse_args(argv[1:])
+
+    if args.input_string and args.stdin:
+        parser.error("Input strings and --stdin cannot work together")
+
+    if args.replacements:
+        def split_check(repl):
+            SEP = '->'
+            if SEP not in repl:
+                parser.error("Replacements must be of the form: ORIGINAL{SEP}REPLACED".format(SEP=SEP))
+            return repl.split(SEP, 1)
+        args.replacements = [split_check(repl) for repl in args.replacements]
+
+    if args.input_string:
+        args.input_string = " ".join(args.input_string)
+    elif args.stdin:
+        args.input_string = sys.stdin.read()
+
+    if not args.input_string:
+        args.input_string = ''
+
+    return args
+
+
+def slugify_params(args: argparse.Namespace) -> dict[str, Any]:
+    return dict(
+        text=args.input_string,
+        entities=args.entities,
+        decimal=args.decimal,
+        hexadecimal=args.hexadecimal,
+        max_length=args.max_length,
+        word_boundary=args.word_boundary,
+        save_order=args.save_order,
+        separator=args.separator,
+        stopwords=args.stopwords,
+        lowercase=args.lowercase,
+        replacements=args.replacements,
+        allow_unicode=args.allow_unicode
+    )
+
+
+def main(argv: list[str] | None = None):  # pragma: no cover
+    """ Run this program """
+    if argv is None:
+        argv = sys.argv
+    args = parse_args(argv)
+    params = slugify_params(args)
+    try:
+        print(slugify(**params))
+    except KeyboardInterrupt:
+        sys.exit(-1)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/__version__.py b/lib/go-jinja2/internal/data/linux-amd64/slugify/__version__.py
new file mode 100644
index 000000000..854038e50
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/slugify/__version__.py
@@ -0,0 +1,8 @@
+__title__ = 'python-slugify'
+__author__ = 'Val Neekman'
+__author_email__ = 'info@neekware.com'
+__description__ = 'A Python slugify application that also handles Unicode'
+__url__ = 'https://github.com/un33k/python-slugify'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2022 Val Neekman @ Neekware Inc.'
+__version__ = '8.0.4'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/py.typed b/lib/go-jinja2/internal/data/linux-amd64/slugify/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/slugify.py b/lib/go-jinja2/internal/data/linux-amd64/slugify/slugify.py
new file mode 100644
index 000000000..09c7e076c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/slugify/slugify.py
@@ -0,0 +1,197 @@
+from __future__ import annotations
+
+import re
+import unicodedata
+from collections.abc import Iterable
+from html.entities import name2codepoint
+
+try:
+    import unidecode
+except ImportError:
+    import text_unidecode as unidecode
+
+__all__ = ['slugify', 'smart_truncate']
+
+
+CHAR_ENTITY_PATTERN = re.compile(r'&(%s);' % '|'.join(name2codepoint))
+DECIMAL_PATTERN = re.compile(r'&#(\d+);')
+HEX_PATTERN = re.compile(r'&#x([\da-fA-F]+);')
+QUOTE_PATTERN = re.compile(r'[\']+')
+DISALLOWED_CHARS_PATTERN = re.compile(r'[^-a-zA-Z0-9]+')
+DISALLOWED_UNICODE_CHARS_PATTERN = re.compile(r'[\W_]+')
+DUPLICATE_DASH_PATTERN = re.compile(r'-{2,}')
+NUMBERS_PATTERN = re.compile(r'(?<=\d),(?=\d)')
+DEFAULT_SEPARATOR = '-'
+
+
+def smart_truncate(
+    string: str,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = " ",
+    save_order: bool = False,
+) -> str:
+    """
+    Truncate a string.
+    :param string (str): string for modification
+    :param max_length (int): output string length
+    :param word_boundary (bool):
+    :param save_order (bool): if True then word order of output string is like input string
+    :param separator (str): separator between words
+    :return:
+    """
+
+    string = string.strip(separator)
+
+    if not max_length:
+        return string
+
+    if len(string) < max_length:
+        return string
+
+    if not word_boundary:
+        return string[:max_length].strip(separator)
+
+    if separator not in string:
+        return string[:max_length]
+
+    truncated = ''
+    for word in string.split(separator):
+        if word:
+            next_len = len(truncated) + len(word)
+            if next_len < max_length:
+                truncated += '{}{}'.format(word, separator)
+            elif next_len == max_length:
+                truncated += '{}'.format(word)
+                break
+            else:
+                if save_order:
+                    break
+    if not truncated:  # pragma: no cover
+        truncated = string[:max_length]
+    return truncated.strip(separator)
+
+
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: re.Pattern[str] | str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+    """
+    Make a slug from the given text.
+    :param text (str): initial text
+    :param entities (bool): converts html entities to unicode
+    :param decimal (bool): converts html decimal to unicode
+    :param hexadecimal (bool): converts html hexadecimal to unicode
+    :param max_length (int): output string length
+    :param word_boundary (bool): truncates to complete word even if length ends up shorter than max_length
+    :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+    :param separator (str): separator between words
+    :param stopwords (iterable): words to discount
+    :param regex_pattern (str): regex pattern for disallowed characters
+    :param lowercase (bool): activate case sensitivity by setting it to False
+    :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+    :param allow_unicode (bool): allow unicode characters
+    :return (str):
+    """
+
+    # user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # ensure text is unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # replace quotes with dashes - pre-process
+    text = QUOTE_PATTERN.sub(DEFAULT_SEPARATOR, text)
+
+    # normalize text, convert to unicode if required
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+        text = unidecode.unidecode(text)
+
+    # ensure text is still in unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # character entity reference
+    if entities:
+        text = CHAR_ENTITY_PATTERN.sub(lambda m: chr(name2codepoint[m.group(1)]), text)
+
+    # decimal character reference
+    if decimal:
+        try:
+            text = DECIMAL_PATTERN.sub(lambda m: chr(int(m.group(1))), text)
+        except Exception:
+            pass
+
+    # hexadecimal character reference
+    if hexadecimal:
+        try:
+            text = HEX_PATTERN.sub(lambda m: chr(int(m.group(1), 16)), text)
+        except Exception:
+            pass
+
+    # re normalize text
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+
+    # make the text lowercase (optional)
+    if lowercase:
+        text = text.lower()
+
+    # remove generated quotes -- post-process
+    text = QUOTE_PATTERN.sub('', text)
+
+    # cleanup numbers
+    text = NUMBERS_PATTERN.sub('', text)
+
+    # replace all other unwanted characters
+    if allow_unicode:
+        pattern = regex_pattern or DISALLOWED_UNICODE_CHARS_PATTERN
+    else:
+        pattern = regex_pattern or DISALLOWED_CHARS_PATTERN
+
+    text = re.sub(pattern, DEFAULT_SEPARATOR, text)
+
+    # remove redundant
+    text = DUPLICATE_DASH_PATTERN.sub(DEFAULT_SEPARATOR, text).strip(DEFAULT_SEPARATOR)
+
+    # remove stopwords
+    if stopwords:
+        if lowercase:
+            stopwords_lower = [s.lower() for s in stopwords]
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords_lower]
+        else:
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords]
+        text = DEFAULT_SEPARATOR.join(words)
+
+    # finalize user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # smart truncate if requested
+    if max_length > 0:
+        text = smart_truncate(text, max_length, word_boundary, DEFAULT_SEPARATOR, save_order)
+
+    if separator != DEFAULT_SEPARATOR:
+        text = text.replace(DEFAULT_SEPARATOR, separator)
+
+    return text
diff --git a/lib/go-jinja2/internal/data/linux-amd64/slugify/special.py b/lib/go-jinja2/internal/data/linux-amd64/slugify/special.py
new file mode 100644
index 000000000..918cb2add
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/slugify/special.py
@@ -0,0 +1,47 @@
+from __future__ import annotations
+
+
+def add_uppercase_char(char_list: list[tuple[str, str]]) -> list[tuple[str, str]]:
+    """ Given a replacement char list, this adds uppercase chars to the list """
+
+    for item in char_list:
+        char, xlate = item
+        upper_dict = char.upper(), xlate.capitalize()
+        if upper_dict not in char_list and char != upper_dict[0]:
+            char_list.insert(0, upper_dict)
+    return char_list
+
+
+# Language specific pre translations
+# Source awesome-slugify
+
+_CYRILLIC = [      # package defaults:
+    (u'ё', u'e'),    # io / yo
+    (u'я', u'ya'),   # ia
+    (u'х', u'h'),    # kh
+    (u'у', u'y'),    # u
+    (u'щ', u'sch'),  # sch
+    (u'ю', u'u'),    # iu / yu
+]
+CYRILLIC = add_uppercase_char(_CYRILLIC)
+
+_GERMAN = [        # package defaults:
+    (u'ä', u'ae'),   # a
+    (u'ö', u'oe'),   # o
+    (u'ü', u'ue'),   # u
+]
+GERMAN = add_uppercase_char(_GERMAN)
+
+_GREEK = [         # package defaults:
+    (u'χ', u'ch'),   # kh
+    (u'Ξ', u'X'),    # Ks
+    (u'ϒ', u'Y'),    # U
+    (u'υ', u'y'),    # u
+    (u'ύ', u'y'),
+    (u'ϋ', u'y'),
+    (u'ΰ', u'y'),
+]
+GREEK = add_uppercase_char(_GREEK)
+
+# Pre translations
+PRE_TRANSLATIONS = CYRILLIC + GERMAN + GREEK
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..a17ced9af
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
new file mode 100644
index 000000000..5ed2d0fda
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
@@ -0,0 +1,134 @@
+text-unidecode is a free software; you can redistribute
+it and/or modify it under the terms of either:
+
+* GPL or GPLv2+ (see https://www.gnu.org/licenses/license-list.html#GNUGPL), or
+* Artistic License - see below:
+
+
+                         The "Artistic License"
+
+                                Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+                                The End
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/METADATA
new file mode 100644
index 000000000..23bd3d45b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/METADATA
@@ -0,0 +1,73 @@
+Metadata-Version: 2.0
+Name: text-unidecode
+Version: 1.3
+Summary: The most basic Text::Unidecode port
+Home-page: https://github.com/kmike/text-unidecode/
+Author: Mikhail Korobov
+Author-email: kmike84@gmail.com
+License: Artistic License
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Artistic License
+Classifier: License :: OSI Approved :: GNU General Public License (GPL)
+Classifier: License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Linguistic
+
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/RECORD
new file mode 100644
index 000000000..c6de40859
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/RECORD
@@ -0,0 +1,11 @@
+text_unidecode-1.3.dist-info/DESCRIPTION.rst,sha256=6Fgx54K_UeXRByELmqkfLcHlbXhsvNNJdkPFT0VF0J0,1199
+text_unidecode-1.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+text_unidecode-1.3.dist-info/LICENSE.txt,sha256=OTjnU1w-TvfmNj3ptpP-O6_jxKXl9JJc1IN1CW_nr9U,6535
+text_unidecode-1.3.dist-info/METADATA,sha256=B9j-1l4-yN9P5e8mpBrXCqAQsRUnA4Izyy0hG7Jyrn4,2422
+text_unidecode-1.3.dist-info/RECORD,,
+text_unidecode-1.3.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+text_unidecode-1.3.dist-info/metadata.json,sha256=vYPs2_8Q45eS8mrUw0qzf1NeShHDuX_lpyh8S3yqg9U,1299
+text_unidecode-1.3.dist-info/top_level.txt,sha256=SQH9SRjWlLrD-XgHyQOPtDQg_DaBt3Gt6hiMSNwHbuE,15
+text_unidecode/__init__.py,sha256=_hESqlvGR_cTy0oryPuoyrVntCOIID7bHDA-y22I1ig,484
+text_unidecode/__pycache__/__init__.cpython-311.pyc,,
+text_unidecode/data.bin,sha256=eSRmbaTOCtJNS4FCszDm2OiUZc2IOTRyTNnkt9gTDwk,311077
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/metadata.json b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/metadata.json
new file mode 100644
index 000000000..3d8b506b3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Artistic License", "License :: OSI Approved :: GNU General Public License (GPL)", "License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Linguistic"], "extensions": {"python.details": {"contacts": [{"email": "kmike84@gmail.com", "name": "Mikhail Korobov", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "https://github.com/kmike/text-unidecode/"}}}, "generator": "bdist_wheel (0.29.0)", "license": "Artistic License", "metadata_version": "2.0", "name": "text-unidecode", "summary": "The most basic Text::Unidecode port", "version": "1.3"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/top_level.txt
new file mode 100644
index 000000000..2f7a53e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode-1.3.dist-info/top_level.txt
@@ -0,0 +1 @@
+text_unidecode
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode/__init__.py
new file mode 100644
index 000000000..80282c74a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode/__init__.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+import os
+import pkgutil
+
+_replaces = pkgutil.get_data(__name__, 'data.bin').decode('utf8').split('\x00')
+
+def unidecode(txt):
+    chars = []
+    for ch in txt:
+        codepoint = ord(ch)
+
+        if not codepoint:
+            chars.append('\x00')
+            continue
+
+        try:
+            chars.append(_replaces[codepoint-1])
+        except IndexError:
+            pass
+    return "".join(chars)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/text_unidecode/data.bin.gz b/lib/go-jinja2/internal/data/linux-amd64/text_unidecode/data.bin.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfae7c3bfe5368bae3efc7b8fa8ed47bd3e79a2d
GIT binary patch
literal 70243
zcmc$^Ra9KT(kP6(ySuyV;1UP~3BlciLvVL@2u_edfS>~e3qA}CZV7HPNPs|K@FCcr
zbMC``@5}uj?_OQ2tE+c+byfGOs$IPqQ?Zc#^Ps$(J|#w)OXf?Zl<%D1g!kXweGD7y
zZQJYCXftqf<{;Kg{$`?`^37Caf`-J_Dv69aH_p+eJ^1DC15_-kQ#5zlVREDYGtzdb
z<~9mlsnv5N{3Y=P=~)Gl2~|jVL3=hp%t6ng3W+Z$&svBU=wQMN#<Mx%96Ffzg8cjn
zQ4WnvctL+QM(jW%6JJoDbrFNmmjrqQmV81a<_p6!!!vRKj9@cf7s?QZa|c5P#JvJy
zK6oQ#!mz_I%10>S?2kCl#1Z&|(K{exxHz3Mdc9sOt5kxF7?itIk<@HHfdCLIa1AB<
zD-?AIM@bNh5!Qy%BIv_#cZL;)wS>Ge4u#NhTWm1UrMjb}`Jg2EP#BKY2+lGv8p#Vv
zvkk)E1SyQ%!3E){j|%X_=iMtqM&&NTmuFt87mR_#2uAq?*~7r$p_WK|M&wP?t@sC_
z4$<yF#&Um36h9a#g6wu^#48dvl#p>`dn8;c2thRvGxF$<W+=70Vi2(epE$UoC>!>T
zNVnA+3c=@yG?l`f5`?sH%lGv$#3T;2(5{ksqbAyXGlYdTEZL;|!8#3XB4}?~jzZZm
z@ILP%^``Vjp`4GCo~}esy)(niUk@k%mMYZ}%nj8BplyS=8^7Jy_Ag-o7jEf5m>WdR
zws?|QfUfmrZw&IfA?klB92Sj0(8xcM5kTG0CXMwHWyrj|J&Uo-ajACc6{^g`aJH2w
zn{C2y9)N^T7>&674M9)BeM2XEd9)WVok=ebaI~@^C;Sz-T-eLMLW{t1C9T^6T~nBG
z&VP>@MfcOG@I{`&Ep3+icG1QdGTZV4%%C=&<&x6H&-$8jP@`ZtIBYocV+8FWuXFBk
z!Ph+BiPG^KNBP}$b>PtuS(zLr<3Al~n_uBF4E9H{yF*cGoZ)|Q2z&(0grdYZL6X+t
zsZA(zFj;^KTKx)~riDK8jTQ_K@Hr+4Zy=$?-_T+x&Dw_pN0sD4n&P^6h$taRFu&Wq
zjDA>DDq(5)giMEcTcCn4e3eN#n7|7v+pXUHU9GTq$QV%%TG5MUReev1^|$2$aZOQ^
zyXv(JJRYgRX^{b%jO<b*s3305`+5-H=W!uF&Os13NdS!f_Cj?qVFwflN7)eAOiYB!
zBFLVxBQObJ#&D!TN`+p`I~Y13ss(0%K$cH1pi-iz048+7^O$-l;j{>oSNFQ_W#PCl
zPbha}y7olk>TFcQRZ&_d!x-B`8+QYJxa9+pF=2-dj6Gw_kF2a0-7k0#hj6?ymgol7
z=#n9QRj6*>fcT2WuFl1V>i&0hG2El(i`u!1*}Z;Dv~%j1TmID~@TZ)fE{!9WB39)<
z!=b*Y2JxWBFAxerABxCV)%*2Pya>$jsAr62TGd>+Ap9p@6Kkcxr1yL*LmXv70!K-_
z_4rbPHc%T<FI)6O?~5zsgRk+m46c-VgHcsUNoAl_WR|{Jbi8GBF+p!M*DiDd7%nv!
zg(EG6G?$4F<kPn_OjEDc_YmP@g_LG1Ija>_8^^jmE=1v-n#6QS5oa7k&KT65LHIr6
z<wDhm-pm`h6xn$=xX^0ol*LnbugH_-q*W2nZ%QdNIJ8i{O_8)u6uyo)_(q<oaC4zO
zBR;+2v)-~SwX53bndQJ+zZtayeGF^6J6fpH^@|5@VFvBz_9JvQL^c^Aj)S-jmUZVK
z_ug`{UT^bLkOQS>U}X>P72(Y%OOrEYXNn2mK+5I-YNo%v!0q^90r!AplvCxT@;{)y
z)p#YaPl*&|uea6d?@+WVSK?Pj8GUKFA?EO<{ek29wpWAW!{b<A+Oy3Tq9SGlWvr{E
zRd=_)n2Rt=|JfW+rh8;W-?m2Kf9lwfFq4Tvo&_1azaVi{W+kwq=WM{YKLWGg;MI?6
z9f7b*DdrO?g`y0o8m&P@-vul0Nw{k*c2|J7gfLbF*+2{?z*(B49T-e~I58YkutAq1
zWhq*kqSYPkXc56Mn_A#ao@|Hg7KB=oG`J!NqiMDRJ+cP{q2JQ9z>&^g<X^+(gV+A1
z0%DcEx%f;8?cxDx6`mQ8B5tngNEE!0y`U6~B%WE+8C;1b8RB5)Ugdn7H@mMN*AsPa
zQ6BN7955p&+MarV7srhFhA#+YJ8X;qSO_K5Ns<7vk{y~tr^A{7A*(@e%%Zk_l~g~B
z!~rMy&B!og3^%**M_z%eI6UVQ<wNsrn4)5tkxoHpx&sG<$#s#0gir$wDKg#eRIe2v
zt<4>V1nsJOipE=8BIlN<c9a0tJd5oiv9`fO^wM%lp-(w_t;xDF>G*fXV1vmM6qmw2
z3_Y(Q;eqX;293th`P32dL=G`l22U2}9i_Eu0{#g9>-ee8Zl#M;H!5}J$qlX-*bC7%
zQ#AG7`z>%$Fi~rrKx||If695MNh=|~@nDo0nCu1VP5^tCK|U@K&K-uvI2?{3laG&#
zYk^`SoDq}^hO1w`2&+WM=^XHjWwi`Mmna_wHBD8$z`ocP5`Zav9$snu)Lg%bDis>S
z3elh%NDO`90p9iEuYF{1gyNYAC0Yid7QlIwH*2EMr&;uxZE?D!hKTdZD2d~6+4f7u
zan$57Yk<+_LDa%<x9$vkHx`k!ti5o$ZCW@K|FMA%JgB$9-P^|7+xF14$(*}LM8c4q
zrt+B{N@ivw3yzY7)4#JVA?o?XB7&#p5IM{G^gSw-g+#(>w8p@pC11-<D7)PP^r0v1
zQDy(<tVWHA+BU9uWGZ@}(s#<WG!_GtKLep!wY7|WwQO(Xy!Pg-21bGg5`y)I8k5ih
zXwE$ihj_btk~!U(=ayqWCCUP?;ILUt(+12)k<oiO)bNn{9S~;jCk4m8z4IOV^C0(D
ze*;DuzrN9OpIC+C;~nQaqXsE#AGc7N2*%jn_4p+%DND#pe<JXOh=2jKmk4a{@{M#p
zX9jFO;6)4`Elo%-KQiw;<!wdGTf6eicGlP_wMP$S{<wJH+^yZ*n~RzF#%1KE)e_N}
zL=jC>@eDm0ZpR$lFCIEPVavMuWF4VdNT>tW9aU!R>)_YEuB}LQpLnX|MzABGJGz+9
zF{{bWyR~n?%XWzSq~mQ}6)govf(YWu{Z~#l58OXK-=*YVdO-nT{5FhvZTE27`;1co
zu(U!x>HEt0q{_}i)$HTBo*ji8n@8@H>d?^4v(b!)S9i~8xCbK!*QxxZMY)V4#*C#T
z>@bB;`Lic*5#m_upnwE6<ubk=<8>e?fiD|re+9Q!24_x>^dgQ6)O8{c4s7_S?04b;
z`z;5_2hm-K;V`TG^VylvON@L;%JaE}57M6oB=x6`mn|&I!WGdbINe)=5+5Gt$vhP(
zi{p;|T=yTkKH0Hq`Sx7d93Hk1(#=0AWE@KuFI~T21i_CY@6XPt)AxA)V8L}4{7+~M
zucRX2Bshp@u?vi8_RO4kB6GUByL92aUF3?bWk_Y}3&UA!e<eQfY9jHAEm>|L!`QQz
zeotzZ&gBe+Ih%4m!-M{Y$hz`-lq8k)vN$j^d(eQ6vUpW_LDY}zxv@9<Jb9Xz!143p
zm~^O{Cz|E9R{p}RE{J)QBxP!l{wd^RG&q`+`ByG|)I;NYTgR!{r`4_0Ev(FR#2*+z
z*!P3+Yo(59($!En+ASj>Iu=tGdJ)SB-ybGLoc@Eyf3Q1D+Wi8>-i+0qe?uNIRPsPE
zaE~#N&icTt{IUBNW38&RlS-`c`c!S#d&ShtYXN0Q4BR}L$<}7TN_0G|u78f3Ei7H5
z2_OIOSf;GglVcfYXsMeeI_v8F(vh*x?=l$L-_@7d7f;N9GeB?e)wA47<W9u(p8ND=
zEb6m8tBy)2zr#F~oP=+cZE*mT)BLSqD{}APoaFAvYU#@EC8<d`N~-Qq1c>z0kdQ}S
z&4|MO#1#sMP|$sb*Jiceoz#bgujk5yf6+rO-&z0jPW5{HHfWslQLNY4ROIl}BhDSg
z%iqDMUBKY`4Bah{N>Bg&X3>rK6`!)Xe`f!g#4`~4Unqi3W&^`$hIt@wM=0`kUm-6J
zk`{pQ?hB5|jJ!4f&icnybqfhV>3#vDd2Mb*+LES33ukRQ9Qvo~NvTJt2uf$5?%3X)
z3GFv{v&*zn=H<g{GH2F9Yv`q)M%FN9o1u-U&d&5Eb2j~PH)PBIq6N@jyk%!m6V^5}
z>!H7N%f2RFHsR!q($8<afxDK?wj}3pI<IC_O2oxIfB<7?iQ2-yf~(?=byj;kZ=0%H
zn4&Qg)md&+wKUuVx?V8?Nl!#tSsv+#cf*uKc8{XPB$y5-{1p*Z((Pk^wi5(=mJeVK
zxCjk`Vq_v7mLUX>PeI8KKAc18gN$BGw-h_O^w7-5a7@@h@{Dq~E+^ha7xS|~gdZuP
zJ!3EJ`oJ*#V*)B|m-|qt&mC&_1BON4=ic*Zg4NYZEjPg0)dO<bP9Xg89utBGbLdQ9
z=M%J{*55^;5H+y??c!|#C4t>BYD!GsIEc(<nG!43P@LTS;?wlLB^;pTmtbj?1T~BE
z<pT>rcCl3cKGbsq38SX&#M8|-tyUv;D5=tXA>PulQ|K|<Gy*Gb-K9eZ(iRk0DXCaa
z#%gG>SdIoJf-GTbh~x@6!3xw*;(i<`yjolo*~GlF5oqtdJIF9nkm6%OR9ubmAZ4Wp
zPh8YgBwS2fdmCGRK0ZDGUo$@0h4V$=MIu7$(dE$tR>{?jZ$Z<I=Y0%ar0V`gA;51D
z(%mNk97yLM`nx>(r`z7+)F%AIHayhB#?gk{=D@}gudy*cFFr5P@UbJ>KdK|v|IzWW
zGQK0x|FJHKf9SinkL($EE_D^qxaZL?0hbwa!)!^9URegY;kFzHTU*mc1o~_Yotz-<
zJKkXQfrd_4hE72L7?BR@gU1fJ_Sw_`TG6%KaDZCCXHisV<XO5>YE<WCP*J=nq4NsH
zHdPQQG(A>wY>3tkmL4z3ux&xRO0|l%Dz!?5O6z88Z@Xvf>jB*y3Xbx{JRBS9>G1Z1
zZI0Y`M0a6qV+5T*n}p%ZW<hQ+{;fae18ZF?0-m%%wCC3z0aaS4Q%G8vTJ|<B{Cxa;
za(pfLd|r0Az&@Y<O5|mC1?=mQ0J_-}tj1f~+pL(ab^uRo@79MlhX6yH!<$rv=D5DN
zzTcaqca|U5M?Fxlg3PZ@JAZlMPw!w94*LIR7O%ea^f~4^iA+LCNNvg9-ptiu>bS6~
z1C>H%x%y8H=O7oTV^jfw6%DFjQ+xr1)#9rz3{TWenWQ0F+q-2@QzBM(mzq1WCoW~z
zp3Y-m(#(hlT4oX(@%flis(nCg9W}Z<>JKCXOaprxSAK1NZ8_~0eC<8wixC8OL|QpS
z5bOnRv7qY4@`gb{RNX)d0X~bM?rsSoQ6XF*Um;Npr)AJID6Ls~FS^*Wx7)*p0%Dtw
zzsUD2^9*=q(2a6Vs)hQx<DizX4AuN+pH<;}|Fn{<8*T-rfcE{DBE)ZZ<;^ho!SElY
z{y!8GTG?(MfW>Hw`*JJ#YNO?5hU|s%$tu8|g=BSejKaqEWH(?l*}5k^{p>a`+8EhN
zI>-^PuZ_aWH0S_k*oTg4jND9TF**flFz>$fCf8p~kDj7MZSkDW6j6{p;`y5i=S3{F
z1VDL%5OCDev+b%-;L8yM9pF1=CgWBtXXe?k^FKKJ2bBMyAoC2F2K$yF{4c}|``Mje
zZLTj_QCt#BQvk&vE=y8FkB@{b^Wy>jB5|r8m{ln__S-Ov2RvJY51)*9p%7&uRRxdK
z<{rZ;F{zoqkAT1mldwf4Y6XVBhy;Eh(2tC|Dd`T7@L5o8lo}2C*e!sfy))!zYZE&I
za)Q~k!-1w~t9;u+s-_8CbMrSC!l-SUD-8NzT8l1<l_m)K<F7-vT|TNk4R2-J^#?9v
z*|+(Y<~??ghrf;$+!CG*L<yR0DJ6tByJpxe+HbFDW?{T0QEHj*2hrM9qcS9kZ8xRS
zJazFkyGPiGqF>fO_%43CTKp!u*eSE0&61r$ndUbo&1O<Y!y=UEz%TH_ZE8mI$E?<m
zS&fa~Hl!^SEo6f2!W!>(M_E7l2#^%^96BXkT9|w46bD!p2dJ+bVP3fvZlL^Xj_MJ#
z@x-YfyZ~jh$tHeV^%YgEZsC{Yd?PFPMwZp1AvGt=LgPZ&M_k%WzpR9L`{aLH$#(<~
zm&UNV(GZNs|Jz$RNfm8S$AMF|hyOSqWfJjjFpHUY91TEH1@Exq;8(TF;TIR@YR$x!
zB<5W;mSXQXo_}4Zd;fozhyO)94qUqNa0SQ!l4*|jkDK#HE4YzvtI1zm4EnIIz9*e+
ztEMi#jUFiAZ+dP}aKqvM^%a1e5x~Ox3Tw(&6ddrsOZZAKu~8Zavmt0=yj?bNT1JPf
z?b1hGdw=`Oh%sC51!p#iY$DrgX!UHifVCSWEza>4r6eG`KZy!inrI);+|D3@kbNYM
zpd6&k+%Z|*lv>>kTHWND`JmdxA|b{`GP(kIjZ5$a<M4Agd_D9d8%rQziCQ0+#mbIY
zu$2oh0~<dk`T&n|8qfSR%)Pa04m_Qw7>C3v*9u?&r}FK-8N=n@^%zU#-%S@t2}_a(
zh<K0vl&$sPVErB^gsuC_Z*!;-ONbXRjYDgGN;i!|@&ho8Bq!?gv)TdZM~*t`ABELV
z4AQ4dLCV0R|B!A~W5U3s^VWus;cyPejPrS#l{)p5dVzOe4$#Juze<dH#WK_f7ZP-L
zZ}k-t#G9_#BrX?{=Y7p^k<2Pr$hraZQRKtN(QIW{Xk;&oUk&`(%yh><9qiDD`e7sA
z#Oqa>lm&R?BIprGAsHg5(RrJM$?x+Dqb3#UM||QjXpG{Yf~P)X0S+W2rlN?Xi=`s)
z0<hvGhCkbKKt%WK;~$tWMypmyzK|x8{7bi8OAK8vk6bVR8;1GAJf~Z3*Fejn0BgN$
zcp2xE<(ZjdQq<ltzLx}hNOUI?1t|p;I9v|(g1@@veKdXC!eSV5vruat=}=9@HYVlg
zw9xIYh``b9M0Ey68IKE+zyAYBT=B-Po9T%sPk2DL5IlSzGs1M-<sA>Zy)UvFrp5AZ
zSGHs?I@$G_kuDOuaAdvfh>`xC0VlceZ(@G_=sDyQfnv{Ep8or7XJeT?a2BJ+Tir+z
zsG65O%YTt(0JoXJDYdT5Kz&&WvPZo9%OIj6$TwsA=WNe$S0645eEPXI24`+VADzd4
zT_?JSIryx97>rukU;y}HAu9)=Hqe@EZ4R+K?*JhUQl?oA(ZMU-^msh|!t#t;xJQy4
z75G2;(2z`!!&EVbF&%W0ruMew#7J`8l&-GnGvgI%AEray+z(IaSA*eD<l;)k)1j7C
z4UD_{C>qhoSr2yRXKFwu3D<`M=Rziz1S!Wi!+8e9OSIZ@mpIOV*HhlO=$p+fb3Uot
ztan{H-Tne{6He(^A2O1Q1U!XAZu1w(wrr-KK8!J1O^gakrIT9ukn8$teHAc*^LRdg
zv~?fCN|;ah6idG<EhV*z99yec_-0uj%^-lntYu=84t;V%8Ts+E;xj9Xc*1$}ig$#{
z4xV=`@gTbuLR4KdzscQ^*L-c#sIx8a|3n{*X;*B7q<g;sB*VAmKh~BlcGf;#2j@Bf
z-%QtN{MqWe_UQhZe^^)Bc)oEw)$1M4ulx3;QuXGXqv54B?nV%b-^pw-xS|fHDB;LG
zG#bKC`MfHP{@1P0ll}gM`;Q80Q5T`(!V~u&NZX}>(_=}~ZPmKX)$9rUQ^AbY<w(_O
z9=fb&f5vujPoS0VPVoIH`(apq|Gr7kp&It^&iRvUi}QIO-XT)KB|%xL^#00=wEb13
z^E3CIV#~)MQ>)&>tXoV3BGDb*CD`^r5)f#6he>bHa~>A9@Df7#5;?CV8*dO+fI?LZ
zztBPiQCc}+8#^#{dX)~gqbl5{MBW|5zwAU3zQj#f$&cdoGLF=igCGvHk7)Au{D3IT
zix*@-)L`u3gDf}E<y|K9oKY@CA?>BGTH$#x?tI<@N{TpQMI7;V6TYC`!DJEpxw^Zf
z44@}3sQIMfBY6bO_b321+XbK58kDNZlQNF_v(N6$7!k{Ena`->`MLasMAGM7IKdLd
zJ7e!KJpOJ!+#|)nSm~~W`C}FQjIwfNQVc!wr={c{<qc-Tf)*aOzW0ZMz=|{RP(s20
z8)wFc{zP4G*;~w2g|UcpnDf8f0NOv2HMG_mn!OsC@w7ei&mFuN1pP&^8cMB&?{at6
z!u`-#spR4pe$>u`CY3xcQM_CGqa~>{_JGpfUNC+PkQ63v<Fhw*psQXlZs1v1<lPw~
z^7lJfsK?;QcUnT?#DAv9p?quQ&pBy6?CJV1fz{ACRMG^p7jgRs@l5MJIMKO((=X8z
z0ibDl2@mkvxXZG-g9ZLe*A9q5{(BCI75{S(t%2Pu)`d^cT0VD?Uj`MXv<If#Cm;F;
zFL}4-%0mRRg&91APl6u;6)yZ=oP{P84#IXWPP*1k&<7(v^~>MqTAy28t%crQzT&?d
zJhJ1?_FQ{@uX7_9oA-iO%fB-8z)WmoLpW<g`3p#hi=deu9_9_gDgY+%BB=Q26p^iC
z66b8tcWjx4@gh>y9IfrSTR8vaeh85Vq9ox+&kO_6k%V_p{xGzcs5M%Kk#i{VCg{)`
z^BH>}#x05K3F8dp1uZ!~+yP1ckUPC|DcL4?pSXP+oVmmJgQ5S=6~iDSTww5gYQP;(
zX&JI{C>NmswT##)2ww}Des~-Zd}#Aw!gR2=&OBOn{-*2o&<8ok?3+4&XcMH(3@+cf
zbF`Kq*pG5QJt5u-0bwG-t#2Lo6bZ)11{fBaARkmEZf}x2>5rJV)^#C^zbLyipX5D$
zY#{%c-;h7Qc(7lu>I&c9yF=YRxC>t^Nay^f^?&8?H|_S=qx=r>6cu>?Urxg3R}TZH
zQ)AI|S?S?&pUrg<NdJ|EZX9`Sb%pi&jY-D;S_-OMwfV!b$@*g{!T(~7e17@gk@nk%
z|7DFT%|!bUqS{pkNB*z$Qdy{Ntu3$oPFm@*|2s8ih(_1#kJfMZ)QqtIV+6w#@qc;w
zS0wtmDbQ<`=<a9zS06I-D&ITGGrr6~LbU%oG&qZ(X6EVi{knjge4gdn|4_CD2b$f#
z7|dETqD<u>ywKu5?imI+8V5wi(oG8bXUZ~Be^yBF(kZ(gjL(EI17fU4yaJ&s|1KV$
z126}o|Ka5@>i}qptoPjpJ%UC(jEtA~eCX4^X7kw-5LHmv<mHDh?1WG??8gq_Z%0CF
z1JB?8Nm32>KdsXD8T8|bIY*&RpQleC18jPdi=umCi(-SLOrxYJxJyC{ZF};~QQa`R
z2$qpOQ5##2*4IaxAZ@xBxbo6`S(G+3Kpe7sNXc6ln#2xzV2GtH6i+LhoM0A6@|GCN
zH)I%vqIF?uiw_nhG=8TBu_eZ8v<|Ae*{H)nTaxrK!9dj_`w-3n$=lC|bA-)nKJQ5x
zm`)}{8lZ|mlv%y-5}fVBRp_$_1qX5bD)AwDvB-WE=>G4OQFSUXSqsG~)}ta&b!<@#
zk4BgQ|Ly@@hhPR$AvlS1ur*()(;<CK0$G2lls{x;Am5<BbXJPB1UCeau*(V)-P<Re
z$_C|>>DSrwfhW_?E*+*{)cK7lM?Zfy;9-^-F0OpX?*}??HK<(2ZPb47G+h@pu^vKu
z+oUJJ^Wgc%=+27VDACby3zL3}ch2^bOs7owNt%v+Sicr^u57qn2eYgUWE*zk2MrGM
zQmM5{9O;gvBBbktnbMZ||Gwa*KLR0fc7Du$Mq26?{b$kg17Wk*0{^*Blr8v&u32`s
z5B#%ppiim2-iMC@n?*bEvL*k}-vXQ5|ENXDgQ;6$0S&8`V`qE;C#$0Y#JyLmGxlA{
zTZX4Nk7Dl5ue;j=12NA|A!kehnf7;V0p+7-SF7Q~y@K{#cU-r7Hhbo*2*k2rOzQa`
zq6gBhG%wUm=}|%s^s}_^ik7|14NvJ2!CkAR{T+8|fKNJs1bj8AId~VZZ1B|%Bw`=I
zx}I$Ps{Wp`d~5I*_}AS+*!s@BdD*H2!^ymM00JT)yHwabI!Gg}Qd`}VcV9-9PjH9(
z9QHQo{_}8n2!R|oLvG8XQV<Q~Sr<96U*fb2R)L?n0k6g{?|@xNge@cpZUFD<@IymA
zRyVvx9?<3K4&#ei355wQtOC=uM`XMg_VGVpmki~_?KtD&IH1>YTw`KIB8WrI-_mc<
z3mH3g^n9DbFB~<r9kQ@m%R_H(gXU{>l}4MFQF{L=uvs~@{XJaT!iN9?x}d3Ag|vZ@
z2hh#NX^hz!P)liiktyFJiPNvk#i422X!EXb7_+Dmbendr#zKL(nOp9T0zP|-o(M$8
znmbY^#M61Nz<U6vYq<$9Z5-hO+icteHh~t0dIry1ppU=8Y+;)Ml4m4ZR{Rtf*l?s<
zp_{G%Y=hnap_|lrQzgK~BA?uJK?G{Nf4g0K0&g$q9I{|KQe@h6iqc$a3fbuWaL9c2
zDO4&|m!#!lvT>Ts%CtAS9Vl>$V%0Q#Nrw|UkQ^KAxWdqEwRW&LQvqz4;kQ_mN-%b!
z=;=<6<~`4+4ceom<$5G(4l~iI6iP)Wi|B~c3LLofKBk}$m<dKMa1u|{YPXP`V;t)m
z1?fjR8F{-nWAq}j#J)*7i600Qvh!I0y1h*nA12LA;@jin^ZMiRx~68P1(2P0^^rr-
zPbt0ihW1d($l#{P<&<zWWNQi_rNTC^jn`mQe=N!^110dTI;wvTXZ4{ks$cM5)fV;i
z3jGvvbxH}0)Ej!<L!sFk87E?t&m6&fMz{Dh*yTX8+|(5NoKCocfic$P6&BU$Pf1WF
zFvmEw#LP$NLN<LsZovS0B>F}E-nhal*#`S+)slYXvTz_EjWnSI%dtSTaIV4!_iBv)
z8*P`K*CwdKN6Wg>=exy_AMzD?-}kr!_HgBqkYMb?0-?dUsj2f@7$Bf^#%J%c7jiL=
z43_wphCEpv*hp;t7mh3Tx>an86P>#_))21zjO-#bJ{h;%{jz+!DOj8Rr7r||iqek=
zc5sP4ZLRq40|Vbyx|+~?T_912Q8^Ur%6XLio4qrGg?!Yco0LN0756*FS!cZ)LL0N_
zzi+@i=>pyCVvJ&pitYGU_-#M6Oc2z3+bmiq6yC>_-b+ypLCv0B_*(`hEfp^q3C`GZ
zI<}EGm<B<BcuoU^J5ISSER{P<I==sv!Rkf{X#1J$mY@cB7lae4`>$FfyOl2oZBrVo
zK77D=$gBY}&b2GVKgDvNDwKhqbGc6=CE}mvYJo4KWVeH*py4WRy3;pWTN?k9xB4I5
z+5f{Awszc&I~6tqY)%6ze&x5*zo!{QmFq%%0)d~hMFE8#gQ%o3tCCZH1WUW=>*DCC
z66xRfB3!oqH7MjY6u6ZE+r9yq--9BKLj+D0(Ocv@W%X`+8WO@8b?q(`A1NX_4$>H?
z9{g<R=5!B__o72g#>{bL^|~(h5TTDYZ=q{@mgV3F>CWq$pcvO-uU4-f_HAkTkk#mf
zwP@SN3X0xJ|FB22mi3fF+>47{X;geScY2k%5SRN1U<p}}aoIquJs^2c7(6#kAO<3!
zE1`dH+J7KmRhO!};Cs<^p><=ksCYqZ8Ooh|xWDM*xhIrKH%l+y?E@&qZ-+8o@7d!w
zkHl~uqcO&+&zvg$n8ZZ<aZaUw4{87Q9=_|MGeVFSa}b<7vXDu*BzzG=9Pwy}nL#0|
zH`)LV{w;PbAfK~mDZ@Ssrovp^O?wDZi|NLe^NFdeBA;aqFJ8}4Z-Cfq=Tay&W>U6m
zov~D>mB!%pLy)Od-_z2Vaker-F{SVm4vUd$qXT~uJX!$e{YH^dQ~AoTHA@Su!sb()
z=f^hc7Lb@W)$~-mWzz#wEc@E?vuSCkn4r$Ye(!B{iIDPT=a<+`g};BkAhp2#7Nvvz
zk?2>3Tnoa8ZumJpnKZ5TqZa;Rat5kg?saU?2tHtL=&Hzt{_>jScQWCzcfPYsS{Vju
z!Icikz(;RmZG`sz(!^*~#9W}y%4HxOz}75dc5}@YBtSE?*G+wXBn2TS#{2HG$;!3l
zJ?Vz*gQPIRm0@F0%cL_|i9(Y;B@8lzE;O4!3}_W-_bErddO^q02OPwuM&E?1$)_|n
zDtaUo1;f3UkGNmiPDmE(Q4VvK)sSLc{<g)G$)G{8K|d57f7B)l`HMd5P{IDLwXM)w
z{d*tHUjQDd(r&kuUE<MabzkzNkn1c0=o6$TFswwpXGt^5QOQ8g8!f=6XF-s7{jU^F
zS_CV6_q>>)oCldjo_>LijqPG}9t#Nu6hlAr{zaSQxc9~E;u$U2tmjjTj~K+GHb}(o
za|)^551>|=v8tC`-(RHYWT3{9BW{o?0y~kKu~D<?fXcp$WYR}=9xp+Iij)QX6jauk
zwxfadi&@~8#v<w#3kVBet3xPEJud&dt|&u`e?4w8cBIAMxcfb-saS1zbAwUcyIk&%
zJ|fukEkT^k*$EKRhqRalY41xcYi8H96=`hcif#JOSOfGit=$l=q!m53;3WijS_6FX
zelbZLRd8u&O1gQ1qG^JOFnS~<aFuCRnMg`-LLld!Nh2%5n=a1Pm`L*?WO!lZOA?hW
z9agCi`;Q+aAp4)XhahUmo(OtaE7nKOxL~;*%<w8@8*<2RDUcAXFNuc$9erV(&jop*
zr9MWnRPh{5U%ZT0YJgR>F-S|Bpsx{gw;FzmI;J6FpVZ@ap^6F~LoS!(>JH>zFr;%t
z{$5tK@RgQ6Ky~j4dhL{)ZO=!uf;vpOJrURC=o3g63up~Uax_blfv55}_-eZ!#SxW8
zVTt-JiA|HDowgphu~z*Ud2ndUixz*f)5emlGF)Q8k{fZRp4=Bw%ea#yDqVfUDLt$1
zenkA8*oBqr=D0XXnkaM8Riw=i3x$tGG6qjjDzAb_Q25qm3D?)makW`0;yum21gR-=
zO8$jL+&v93FR#{vsZBnPY+qh7jJ%mOYQON1s@18y8r#aXJ0ojlEVn#lII<RWxwLo3
z+F&A_j3yjK{L9g^+nUPp4VFMKIhxf@P~tZ*7JeFe#)A@dmIg9UG76J*ELBc(GLpWJ
zmb?!pCz>${$#sR4Q;Y%Z$7d!e;QIA#@|~I<TTCNf)`yRV=n#w%?r^n(FU9un*hS|Z
zKUDK^lB9@<uu>}^yIHaLX=#)BbM>?MgF(4NcwAN@d+?9m$q3VS5J-rwl<3tMA8{tq
zutU0}T&h%fL)gDe>M#Aj8Tzg(B%ZwjR9!82r`U2@wCscpfVOPR6CQc?ORD?Qfq4fu
zHu`b~JMGhqS-e&TRZ8@egeK=<mlCeYSB1$Y4`gej+I<{OQ5Q7Z>~9Qdy*%r}bmzGD
zSo>__p7O~r>C+a!ni1^^>o-@O$BBO_s>(~YQ%CdqPE$600;)_@aIC`ug!3zPlPbqr
z89_{pQLsz0rKu-hbFhHD#|mtqtO?VcG1Ewfsm5+*+wVmcD&`n<Gt0sFY%!=cbM~Vx
znvIQ)DC#qq7_AaBd3mwq#rnf4X(qacA5KjipHzK@+e|(w<*Z=N%FObH3(aGa+L`*W
z6qlk6yJs8uw=|Eug)d+m*f5e<$?GfS8FR{mxpgqI=~;D+YBwmS`T2?+=NmEG!%56=
z$4yy&(SLo-by*o#4guepaA>cYQHu_)bJ8ou*y*ov)o^mq_WaH7AuF3&oa3c-0)2T)
zxuEl^iI^;mNKR}Kg~}X;{GFwYnWWAUzQj^*n`82oXj^?CksROuZ8$%Ac=<j^0S2QH
zEjZ3U!R~_T8O9U4a<?xzY4Sl?@N~G`L0gOdg>SxyH@z1-X-wm5UX3nl@ZP+=QawH<
zx@dz;8?hmI(b&$ruHA(wt*}>qml8+><&+(LcCE8Wav-Eu&2J+XG2DIy7F?yzOGcTS
zQLU<1nm^VfW9#_lN~2V0yv(ka)fR)NFY1hLcl|*`Mvh#83QM%ogt<m}UE-LB1u&n<
z1OCKbH!S|nc+8}EO?8tz$cQz;?w3eJKd0I2;_?~`T+`}$u6ggbR9s1+4v3M1<lVeH
zbi;IOm3Ye^Im%xT7sU}}K|LpT=3!=J0^hBOBj&#BX!||EDvS}H@J<n(xS$Kt14iC5
z1u0@j4F%_li$kzJ0qV}GPtc*3|J0`I4+lxV9G4(Wr64-8<vtz$3#B)|!sM)@O=*;=
z5_EL}w?BMnw}g1d`7#X#9K%Ei-u+TH3eDjnQ!~cixp-g2wqy5&O-YG;0n0%*LFrqo
z&T4)QI~x;8iik(`%|BhB>-VP}$av(1QhRzABp|I7RHsqXz|x8DM0w<V+JH3qtuoQ|
zZ96{28#+G+*gl8`e!?bulg+BLnxa_DpCHXb%$3r~ryEc*A$DQLcZ&NhO|4(}+h@hB
zS~pC2;VYXo%Mg&!jDxz%DMWLRl8^P>cStk|-<Vv!bNn}NW>i_SrKDFm)HgDeuHd0q
z4TC&ZSJqGGg|tT4wuw8eOZ>d$qRhK!!hN-0791`0D3>agqUxM}8bOn7M7|j(310zB
zApjac1!)z)*FZY6C`MVOTKw%5vEUw6vhJl9LvCmKfpQxf8l=(wP2~74cB^Excg&_#
zyPhRvU9K-fpEg@)3hnZ9KluR?x1Yw<NQE%jY{zFln1<h!l$cb%N*)QP(!BB_bZ<XU
zBsxAyVb@op92-@qzJw`9YCBk~$@0-XDKp_iysAeQs=_oP+yd@lw!-p;*qzyi^%(cB
z38zw}KU=-)W5)ZoOow~!%=*vl5mI`~l=v3-?b--e_m5vGwBxA0m8kAvG_+wOo87xZ
z<KoPW@D}_zG|pq3>!=%2Y)hxA?0c{+s<}*-a;8Ut18lQswyB<Pr35JQ7ju)`6)BT<
z8aRF0IEkn>uB4|##q)SMizo*FMxW_5GTYbGPIr-d?6T(sg@`<>-NROa#Yt)u@k%JZ
zEhiZq%R*f-IC<ZR)u_&vcOT1lS3?fkPo^Kfk*tX5u}E`UynSY|lXNxc<N@NiDcsu4
z{J}wE6+e<)<|h&dg3!yj8in<3;O?Aij$0{uZ(j2)FR?Z#nax-4bDZ_Ss9y+TlyPEM
zKXZRXVTob;vmh$&oZ_du8<<+HZo5Q`!<%eVXUZ=W7(GIgKRwKFfkG{$<iH#wU8im~
z$Yw)8eV;qrV1J*luJf^uE1Km;D&bw)pf%?M)lN{VAJk_^&q&%21mtdRz*Vz3shRtz
znO|)Z;o9oU3YOnPR-+Cob&>KuD-0tzzI1qioclGIEV8`y#Ett@f0nJSXayAaAW-$;
z<gp`>=3wzpZuSG?ToRajfU{~R0W=%xMBQ~o;KP+a?E0O^7bRt;83JpRi2LLr?DjRF
zJ0Zv7ky@0Z*y}raF$c?f%#c_8?s3^hzn+Gc>w{iPP$%8jL3mPG4gG{RQwrZ7-*2!G
zvErpWvM<Q}Y$7Sg-g~W^+CdDiP?czjUhUQBrTcj+Bo;$p4w7V8RIM{iIA!OP<`kl#
zxvVLq>iF6Qi=o`DT%A(ok`xp6D<CIc$KnQ?|0xj{En~3&eo^(q9WTg`v!{vCq4Bh1
zSt<?ucwIC76i`T;B)aiV7S|0WF7*=`3KHM8G2Wb_mOFVIa?E(|egKH?y-kgKqwAf_
zo`uC5d_&RPO2sjn3j`AzoQOyKZQfO!B8N~_@-ur3k!u+_x%jXt@mj}>G6(+P{5Ln-
zXVYP=N!b=kvJOF1s$#=;=~0FH7J^Ac!jvS_`2x)cWLk9fP20G->gpmLGB@b^6A-4P
zFVy(`ek(n98OHd*GZU+<nhMj0zGLq_xPm_V@$P2)Aax`A$`MyUdlk~q?eO(3x!@RE
zG%ktr>XFEpO9kZ)jN=s#?r=jmhc{TLB*ul!{WVyEwey>zozkSbg)y7r#i|Nm>WrDN
zeXKDQ?IzdBbAYu5@pgcvmf$F0@mh^^v4td3oh7uv>GVVu!5C8&RjTEE$rw@-SD^^a
zYg%#UMjPVWyo>L3!NCsd=f4dfj*~S57*DF1m%j2C90p(PqHDnEQ#C(eevh}lN>8J*
z&vw_6;<OqU{lI`#pWYQYUYJw)y~Tc$5Sw4bI6Af7qwr7#N4YT<fPwttV#DDv-q6(G
zVECv|NMD>3Yo0n?%2In5Psv)AdLs}vA%Ef+q`If_ZmakWExmd+{ceTJ1o8W?byP)1
zDuzk#Vv!;@uEOml^~Mbc^nbRhCZ+*nrn#oxFz{?~5P$MB)z*6Tn{<V#bwTt{y|l~F
zUDR&5-3fhfVeX@G3vGv{iH{d`yKm)!xo5B6n-La<HvS~!Ud<+<56K7~)K}j0B&;k3
zALw%U(;{YU#O4jRZyQym?Aq5`+h!0)q`59y4Q*q@@d=KeX}1%MK+YAfuZ4Q{=H36c
z4HZ`(i#Z6D9#Z<Dt%Qr#Q0r(URcxa8nJG;@Gj1~3o9Ky6lPFvMT?v;}5my+%#n``Q
z{IM!So=>fI^OXP?NK?V98@0FPql{%H_PH-Wcl5g&OO&mSUG;J&sc<W-3qw;z+X`Yh
zvRnTf5A5+(h1at1O$#D5tDz2`cB~Fr`<-hM-o{&r3zM3>M(^<ee^T6d-JiFgAMfJo
z#x(DxDJ0DQ?DGHn3vcpMPEtPlfxPcqRqMuLHtq(sw}lJP16vO82(ZVpqo0)3^^Kgz
z;U{5wvjP=n5z+ACSJGOnNeq~Si<;|O$h?U;u~y^S)~BzdQ$eYpQ=ZP=A$|REbR3vq
zw`aSP%^vxMvP;J@C;MKCy3(6>zt+J98ZS=qd2*V2GTQYw<t&pl5?=0P6$E5-hNtvI
zY$+-()3J1+U7#hm%`TchG2yD-MU4zUPBD}jAKFX*S@erg&4p7ZN}Th%xX-M1TG9Hu
zK&Ur^gj?U)7yZsb9tK=Isz23&#^^Z)grn>yc%eFI?qorl4{|nq+{>)jM@km!WIAa8
z^d`NwY`bLA8<_n)i);;7&uB<tWnls*S8kvjuNg+;zC*!C^zZxZ=%ycUsymVZHV|RB
z-zR0hha#>ba>LiML?c51##(^}{Hh~-2|PYDxUNoEr^?#z<3l@t;!oqJ_BOuJLHUjC
z%XQIUSo@k*UzOCm>QP5Ks=i3nxvF?_$^Z7(>(@8z$KT+=Sn6(ZzI>v004BD#blIvC
z@-<dLEFbNQ9t@-G-3}~%q9nS~Pmgk4QYqKSWmJFvDH$iTIBvM+Tl&T5^Iu5gtZ{-@
z^_itO=Ph+EKnd(oJ`<x%+L&~eSF!W;LCc8hF1OrCqgf)mG#C7il(LQKHzQ~WPxmvN
zc!c}`ob4eQ2&`+hR5WQDVecKR%xTRDn;!2b`<Vcys^Db+kS=-LOr)q1ZR3G{|He7)
zb~q+2HaG5k)=21?eV=}Mb1K?%01oA%6=zYk0w{i1__)Pr-UsiS6j#0JE42QZ*v=ty
zL%R4;q^8MP1$N+6G|s5`EzvA!H|d+lF0*U24{`%Zm!08HkBlnAoNzOY`cRdi*_O?p
zP8Ly`I_VBVGhqX|78%P)%v6P904rmy>W!zYdosebak9sQ=)bM0HClYgV#eeFzXI*f
zhl|)NoeFE>pr(v>dL1YBqf4j-M;r4g{V2jP*q7}1(W*(x6<PLx?$O`+K6xKVVBngp
zEQ@?IwoRGa*oLIUO>Huo`bsgG2QhCu2Vk3+ItYVJQ0^~(1IPOAZv~1@Kf42&M^Xw;
zX)CTe8`)Ntm8|*MS&W4D61n^>W2mK{JL7~MEEg|0egZTi=wEMAH6O7q7u?}~v=L1A
z=2IU>>y6g>rdp84-m&?^v$4C4WyPHx6RB#JrM8HXVol#Sez=m<v9j*3&RPjJ^N7p=
zznKyw_$yzH&xQm1-P2O3OdEcqh4g)cVVb&*COlm`TOV@*{3<;jL##<vl59ff^{fWK
z2;bk(xJ0+)CL~0$)kCgMpEodAnT-@Xc$6Dm(JC(}#y+{(rt8`Pp!3>yDI9O6Gtoq0
zze2=_e)+0I{KwgMF6s%romt_Q5RzpRWC@#uN$wUX$?iK=P0OaM=`qb93iBWrjbbG`
zGL6Tc+0wp`bb&JjbYIzfh(CJM2&do0Aih=X-T8c|f!b7(3CE;m5Pm2tlY&*aezg;2
z%%m1&i^Jg!=poMybYJomf6d2dd8`*>kuagj&p;~z3CJOe*M6<hfQR|VgjJtpjrH$1
z19P<^81ly>xCuB0tZG(Duf|cJNKsxtHAt4BDt16CbYL*_SRjIakX|nAYb~xwl)(KZ
zG7;ZY^kb|wgfG_sjXSY%ohJ58!5^vU><l!UEFq|>bk4Ws;kqFqhhx0ppEM;GGWDJm
z?4rVj08je>RBUB8pJ)b0aLpkbRI`6A11mXQ$|9{u*e^?ox|Uv5maS7D9V9zL)~Tv3
zw%ydM&&kuLV{tZ~P#<f+8?qif_bB;yx87JXSx-Dx2Dvph*BP5F@B;|CvOmW*jd8Uq
zarMX{&7TyhxbZbqg!<$i2_r9bp)P&PXq=1RkS>?4PExG9;h>0A{>@+foS@!du}qqX
zICfZ&0kXx<Yy!1M&PeH{zgLUI{0dF1`7l`}MbantB1YXuB^6Y097md7otQ!{Z=L%u
zt?p@lajLkGbz6M-gCojICYw(sA*@{X6~wWsYMF4x#54i3H_L6L%jHJt2^oZ>zH9-8
z>JN4Ar8qjnxvD=2#gdcXF!@euHfNhwkUv=VZf56lE=eifPwkU4hGo1pOE$~>tg4s@
zW-0z-Mgg1emT3H$cl1fj5Ovv$=aL#n9bjnrSFyAlg2I7%9Z7*{3kuzx8M7C|n>Z1{
z3YViWS9ycanub`HxZhdCqpvs8T@Ag!a^<vKh+Dvilrn#&XQLe3$K77hsH*h0^Rl_!
z*CRtA51!v|60bD;rAGS|hkH>n#3zX}JUW+IUwN6La*(=IMxQF5`uGeo@#0_F<CkWr
z`{UJu$U+UW+8BGg$*Y4N6+>d)Kps1*Dc6th&56wHt_&4_OCeWmMkb9SvJ!tLzj_Br
zIqv4K*;AKjqc7RS-$*dP`5B8L5?UsF`Q5b^Qe9T6mdi1yG+aqztkR}I^qljj4lAbC
z&TIS{?0y0?AJ}6Zh4&?)8zu7^1Rh4L=3C}OdvS}tGuVmrkFvX7YZXC36(&xmuH;ci
z>eA++VD6t(zT6cLX{ubmS#AG0z4oZ$RzfV1d!KKxWWbw>mHqyUgEH*F<A8MpY>-r^
zzq!0jL?!3E7}>BukWTM#0iSHe8GYqkGav<h7xy`p*?f=V?`MT~@hYFB`?A05CgroT
zdmkAzqp=FG8I}uqE5zSaJQtvjX09DzSQ6^pjnmmoC7l^fGm7?TZyZ;Zhb#boni?Pd
zjP_|fb4w(t+{=TO@-(|3$in7Ie~F|<G#_Z!>0&D+#ZGCgu6{*r1{yVDuwuE?f0FKL
z6OVcPkoA}#O~Re&a`vV0H}NauuijaU8f;#4%Auy!OJC>wWIQ0Vfipurx>)CiOSOk!
zb~j8?z?1%*V?9j+V54;`RkI?EM<b;Ek#0(+U|a-WjQLaf(NwWJ_o842`|~whotE6j
zNP_FN1E(Oqm&2hXFSx$Q0>kVyYjFBd(HRKAi%#h9nN4JJ9UVB*bpvBh+Qua}>%Q*J
z$|*Ftu$}u<%2}l5^qFA0nuew8fS*;!r|<|g+T{7R&M0fm$;teqO4&foaOnBxaFIOC
zx>3F_5d9BAI$@{q{sGSqpTf@klr;T*a%xunJ}DlH&5ya<eFI7+fqH$auujgbGxK3?
z1~TRNME5fd^PD!n^W8XUZE&zs{!}FV`~7RI8y(MfSBm@9W>V)}d)|84Uy-Xoo?w(l
zZxH8YUM?^%Ji#*g;2~a0HQ?i=<7SuLXvP|r_4eDaCDQZ-J-jHsjU<s;L4YiGckKQ?
zRqmgdt-S=1lvnk>q!$5=>q)MYgNweut)^j&H`Ain9$M=8>T0EAoZO4|s*x8NOA|85
zcsblFbc&@fV5}RuIz`otvN1;*nt=w4meEetA%eD~9v)bUA&K4T7oG-`D|J*S!p6FI
zqtlu-vcp2wfqo|S8j4(6vyzDso_KB?9Dw$uice=Ci5RN_)o;>UgXKn}%L%eEBTZI%
z7HmBFud8T3_f|<eQ1x~+@40h$nP@%2bd*fqSa<RGIiC?^*f!@~uhLyq{cJ2iWV>b$
z;^Q@FWPbt>gEGw&I7ui2NCVs)<Rm*nCJj|S8AfKBX~gEH{SsTl&*d``8)NY&s?B%j
ztbQpUr^!d+8g}6}TxOd}Ai8dJsnhpVHoPBlOfmj!THgS$Ls|X^Z)<(K5aJo=61V?6
zQ*X=B!E=BKGd81XFJvJ~f>uxSCvi(nE?X4)!}68wA@3b}Gaz(TBhgu$KTn+QvpzUs
zC!XuEbyT)ly9W><SLC>GHQ4QHpyV7>{hr7~F;%dK<g72I`l-2dG(&h?%+RCE<?Gng
z+co6I@@X=Hv;4e%I~o2+dh4^>5Tpcd3}OdcUud3P_oQC29mG!^^Q`&gEIE+mn`cMv
z?N5mt?Fuh|k+f+{!sVUB{6C5i*DaKM3SONdU`)Bbmif~WN6V@HwtS5aB+Zo>%`O@6
zQ)I$%pN&h3-mTtU_NSguy6O!{{VI;8LGJNbJCJ&DFoawr7Q_ESLiivZm?vag^acH@
zk$(SCb+~p_TYB}IFUrbUho2z@FW7#UP0PSglYqTQ6mAk!$oCg$Uf8jIRn+_@ZM@ID
zxTQz?RMrSmQyqR@Jk7C+wIPlEX7V_Ot(9LN*K#D9@RX(dXUVP7<~+6Hy1dVbWv!>g
zHD0ZfSBA((4TApZigCWW!W4BK-#V(=A9>yNn%Sj8(wd)t03455{SqiRe|7E`zeju=
z&wPuKv^Y^qMS2UdVZHG%ab1jS)})vymU7Br5RewqQB5)M*D-ImfNp^|Kq?%e3~yeu
z^Wky3#)eqDp10cP`gr_Pe}Bg`Z=5%6O{2+m$->z{arna&ZC!4Uj-kkKni#qN0V?f;
zrAOlg1GwF#LKEp^<957L-PY~rTYkQ)B(Ivq(v_HWQhp9}_nWunx)2W0F*fySVX(Ib
zPjs}d3twi_hMC7c@hB0Og$2K;UK{EwOVA#>q8@tLx5s+56ujmn!pX{UlO7DOtVM;^
zbu+4{)-k23oexW%8%G+<u7-4ZfCB!4QMKwv%`LXzTI~v&&?F=BHhnf6gWPM^k0<=q
z^Zw$$$LTL+Xj5S6hu@FqMo}wrKKh)BUJyv*noBpB1pZ!B>>w)~^PIww*Fb`Hg^9?j
z`=$DqLwhs>S;>I4wlb%kwas8xW`FEYYBhZ=cARJ2ghqGVUlabWGbC=ZyAy#;|FEh3
z_QolQi^x_dRBbTz{r#u^<0<o)79woYn3GyNiH{&x`uO7|FWZJXKc6UD?x813W?r$T
z4D@vySq+_1&St&Wr|M5RfJCQXQVZa5m%7)YzJP40*Yd@SwpjLNgulI*KU^?<wdDBi
zTvn>lKGwtA&t%>z%Yn>;TS-o-hJiKn82!7^^H;*ZU}3TP*!fVMlVdd+Sh&>`R_q$9
zF5LgQIpz1G5SgU=MLwfb>8lx`Jaro{6LDZ$S5j6><-`X{ne=j}4Dr-)PJ8CzuS-D5
z^qimm+S^5@7-RVhapBy*%%7gKw+$`SaSW^J&FFJm)&FLYY@N%b|86mroAknZC0?Q#
zW>mPLeUlkAuX9|kF5sB^TQfuHl9FuBd&-qi=k9Y)lI~`}B<0NlwTY|0zI9fB1Qw+j
zS+C?(3nbZ}Uh2*2VnFb++$avGKzq$=rfs1$xqC|P$BLZ)4=+H_zu2!{3j9j$DB+!)
z0*#O|S9P2MnP~9TJsrJ&O!Cq&qQmd&y*>+Bmd2pk7*%`{ZfesC636CAg4`x~G;-3{
zPNsf{3}!{5YwN6ip)3}fY(W`6P24+nnP>Yk4`$aUHf0>dyh{!}k|MK`g27d-UiI7B
z=b1X&CWGQgTv3~TW$a32<eExE%{)8msZA<bm!+R09|Tr7wS%%8R-Sbr!97G&Bu>5Q
zl{adrCNr~o_t}}D=TdmEV#~BxDF#`L5l%HIV$BiU$ZM$+82ucv8Dfwp2J<O@$Vl^D
z1S|7^zIQcYRE~C_c@x4GKBgo&Dv6Q-`rUji;~*?$GiZ)K5->v+7dLVm)xw&RhNflh
zk*1g3l2zH!5Jd!XYHDt6WXTVExvR8V%!ervyt+p=GDsSy3{M;}(qR=1YO^>Auqs?A
z8;w^Ej}kQpuPfZJ6I)X9)x*1~*=mx=u$fI!OT?(A`XF?iu!Fp!)R|i{(5K8vV#tx4
z-=frMNUUiV1Ug`cgAV5<nTbmTMjy+448%tzkFYsnr^lp~*>-0|r9d_hHBtHEyjC^7
zvL2FGnF5riSwQx}C0$#UJ;OOkxQt`fCX%L3)q_mB($t}&WPqt#oli-kI%c{v%0f)r
zE^`%ZXV2M8zNW}Q9tmEj)JCj`83#$7U^Sns#Bq$%&GsoRk+QbQPmsJDf@(3wVVT^l
zd!jY!=N3OP;BvM$qlv7YRY${&W2%yWrWzC~5?DD-Szd5l$5~)WOT6<3%0gEe8TFEH
zW+QW>q?5N(!dqlhs~OYQ=FCbA+3x+!CqWd&1Dg~en(<W3=<NhpWVqC%pAF4-Mu_`a
z$Wrc!Je9JfasZcV0>rkhF33HXoIGm6@wUkINw|+*azRkVWi@4R*X)!oCD%^g+#z|U
zJ536g)P@tQ{B6r6Wk6G@h%A8QOv`B%Sw*O*fPHhF*fvE4URCMfSXC4$!580rL!Nb%
z_@|TXafgBo=#*hAL9E1#xlDGYk2@-q46^Kr>59x<8r6{3yqb`y3k=;&b^j+m@6c<q
zBSw*Zn+(KG5V!c55E9jJtC2HmQW8UhQOD&&-KvQ}t}Rxwwq2%DCysGJM`QFkMZ73A
zH0^jY(;kbvNn1>svYLnzv{S|cdJsZor<tPs#Hq8q0<*$TM?6mkNxH3@6iQN0>FiUw
zCkb@wCm)Sb7C0pFFLf0}dRgeHR$Iv@P-CFt>a|WYUQ2d3d5&ffk5h43%C&9jf|Mg7
zY~|G!BW|(;kCJz$amlJEP14b{B&w$&2?0~Ki%O=?*0?j1O09^j+Ysf;IOS*>h)+f#
zJYkFNc@<7;LIpQaO<^vHpEWLX@=}#XQ!P`?ZDTR{!ZCelN}9Mqvcyc35k`?80k)s~
z>N`$E0!~Ngm5&tXW8zsERu6s3u|_Ir;vGb-;j<ufVKDRjW+bAVXucw`Q=CZPV$Wr<
zqE?B`P^6Y|mgLH?W(|E1DP>6ttnSM4>WU@%kd?iIl*O<W67+IX8HxEyel41vo`Pz+
zBAAVnzI>7b7%P$lqLT%}Rtp(3!(>tIvty%`4wMZo#9V$HlA$YweH%7JcQkrCdrm1y
z&|)8C5i)wp#!<}#$!>(*Ax{eFQ@UoE@_9*Ory4t2oCMWaCQgx*hsj>au0&q4n;21{
zAim{T|D<w2_MF(ET%hT*7p10wZmPb5JU~RQ>59*#Ae8vn6|XMhMiKB<>?sTJmbAki
zpY(Zk)pcMhR`p#K9|X<$BU#hXOBREx!n$y)Aj6sY`w7SnBynITMW$}~0-Ol3rx*}s
zI0s5vs#5cU)awJMl{eU&6C}S!GntlKnwYYi7bI}W46VHEP`O0JF2`BU2(6ZZ+}FTs
z;ATUj+!=zrU^}DeikyS2mS?a+`^UQem5N~+#E@KXS>Z-GM1pWD$m3SBeAmo1XxQ>l
z9j&{P@{?z;?Sy(CYxeHIKOM4n@CnD$+hl9!WW?&e9yo@lV`MdU$Pg?^8in<#=B04@
zq;uDlrgftx<UVUyj0|F?n&!%8%%b-ko7K7+lG|giBPCBpZO%3eBCH3KDQx>i=1tL}
z3J575pG{>ASbT4$#QtNo`cEV}V33)ukV&f;m-3LahYiXD4RdDl0%)8qGq0}Vh3oHT
zp*fwDFjyQI6CV(i=149hQhA?xM%<K0$cVf8NIX(~COC7Pi3-C>#ZO848aC0hai(`5
zm);;A`6CWG8FGHLY7s=uIgrTvq&seE>Nr|jGF}a?QZ~!{QMKL?aln}-V=TANk!M1s
zQcjJQM$fXFq-0Dc-wL0SlVuS;z2t4(3pPbtD7V#D$K;Bn`6j-R190(<CDGhi{V|wl
zR?W61rtCRMM<}s5bOx2|+D=lo1!24UMT%9^sPe9|F*WwR8VIL1k&JXBXOiY1@dJYl
z#*Wz0F!-$`+&Id0=9`a%`)(S=HKh4gW`TTlH4#$ZXoN{nrxI1SizQZ>kz<=V7f2E%
zE{u{y;4Ir$J*Bx;6C=;CQO~t3&$nc!HY}N=4X>SI3+q9B>v8Z7bqXoXu|}dby+{vz
zq6=9(K_2`t5<D?WB}kG2hCxp=mz?O;5vg^ZbS*8+HgYMzrl|>$H1YFxvBbV%8r)E)
z`JUTyDPSVhaamc&+_NBL#2c$CY$u2#^y$TR5>)i2nXU-=A)&q^q+OHOX(_#K$c^+J
zm-(4mDV>u%aRx>uc;kiZILV6dalIp9h*}|00da`vYBW_!*H3u}jZdcRg!{;u)M@I^
zn#f>vuKZcaxXiIlUb<o^ZwqQPE@g@Fq7ZD6$|(K(G$gO74#V<^;}u5SXWeQ5q7~`K
zry^Ry2~hStBTI=^i-<zR|0hJ>BJv?3NV4)sxSg;<EynPTWQ$4}oVL>9q|KJ*J>yUn
z>$W9*(hI1rpSYPIp77#-I>{3HB#M+G-G*kH>m=`H`A#R<AX5(Ro;VzI#VwgAdecaf
ztGd{O>Zz7RB}LMTO;LSBnqGvRAv=aPwv<zC(Hzw+mn#Y>`<li@NJZ5Y@ywX-P(+vX
zvs#LE>o~OsXIZc`fk|EGp(#4vnj|o(dCfP+6&6xjh;efAZL8VyP?dID6%jS9hagH$
z{1&o`Hd+$MCjDR$e6HT9NbF4(fJvz_C|jFkp)|5I#0638Wn}Bn*=m{O3@n8heM*Sl
zO5rJujB2NXtSTpXmdaU_6=U_-C6t%+JH0%ZdMP1~oV`;(FHh;&bK7NlsfbcgIr%ub
zx-?Q!$in4L=j|JtYU*yq)L|h2>#~v#$LX9QuSO?|cuM@9^p7FsTE{qqb#ix^6k?(7
zCM~RZBpY$h9EW6`PENy~vW&4Oh_EmdBgwP}DRY1nKNv~mMniS@HMKFSFO6o~)l>n)
zR0XT8xvoi5t#t@0nsa_)Raay+WrY>1_Hin^R?lo{qpYG&Lvv$mV9;1?zRFr_t-nE1
zfSstRb&_1=Mp;<sh$RSJauPwHZt!ijmA8GKEWMF*T5QxwnaqPGYp@J8S%IygRn_OA
z)+IX396GX+LOk>m=%^7djbOGc;mXk@jK-0s;;Y)v%_ogy;H_u*mHUNB)$FX6M|OEF
zo)gu#$sMX|Zl(q1`K<&^fo!u#7Cxn>`531BJ-m*Cy03Oas;a4}44kMTlm1va&?Jvd
zG!i5C&(4C{hb9lYi#Mh!^ifC`GWkeo<tMVbsEwhPB`}sdqnS^hSsj)B#+iL{oF!ac
zW|d;SrX=$zsgh!(hRO3k9_AiesJNIUW1f^SX{#x!lhg)W!NO|>v&{QCk0z@n%+^&W
z!GRc!$64rt)YlRQtR?z_K^Eh9tg(Z%gc^b#M|qBfjJ8!WO6oKNs8z3JF@}tENV}<$
zN?J*{B9rTRLpa=#`pVPt>#&!bPlYg2y~eSYiC`xOn@Wn1bUc>WZISY-M!4gSKl3Z8
zpGc7f)ugElVg?<B?c|n{Sf(qE3rMC;GX+RRoRQgu&9YI0VgW)5Lk+5!Ze_9WCtC<N
zTOWgj=uX7I=~9TsFvBaYq$+3AlouzOT8hVMi*zHElJc_C6!~i<P1Tl0wk8ox>Znge
za5NLH6Nh4Sw>>(;5U`0!*?NS5si*v6MjaA0W9~4ITjpSK@hLmCs;;E;|7j^@g(t-3
z!j7j|&02(pdWO~8evZ1!OH2@PUPw*fewaCRw$Y&fwk8E0bAa}?PYNZ4@R|;3oK`T`
zD&sH%F1#oSZ^TNeh2Z;MVXCi*9myD@()Wp&#w2yu&?qg-l4?rr<c_A~3R$B0QBXa~
zn8Q@q*+kOf5bV`eCtvlM;b$I{36&i7q{%`Yd7F7da@qjQC)&$1VRce$wa_#%t&i0u
zQoYo&AZ+aFVoB223M+}vTqaD^5^J73**YQzTB$3T75_!6WHm*aaV!UwQ4|yWsm8mv
zQ<;^%S34I`uT+~|Ej*JTw5gMMa;sMZYkrLS?Fc1iE8nqdRVx}CY*{BX5r@u})A*W+
zRII=cQzE9i6amkJpr~T2CUQ;LKpOr=&@`Tqi=d_;EY824@>8Pr!rX`tODkzOC`>mb
zLsHMBG$<)mu{tM-Z&zP})SHQ;Jhciz6)8<v(QHgrO~<C85|cv5Zz8ouV<W4-hOji%
z^+ICIG((M47pdD+8BS8Xr=$&<C#I29bOX_x3qEe9a-@gMpPYo0*+h~=vpviwbl*3r
z&lEi;PNII<jwUh-Tj|zTNl4qQ6XF*`SSMLdYbMKdC>hmLf!r)+g=R8nja>3=vTDKN
zDutqFQ0*FGnnB7WKGGblB-^QT&QMba*Nx<h6c7Ed6>HMA8kf|{%B;zq)|AN{2*x_(
zYQq&4z#5YDBiZLG)@7=9wPp=-qlZRUE1GI$o*&48SdpaqKBe6os-Gm|(yC3#N`e>L
zO)kJm@eGv|kF%=Gvf5ZN9WMQb1edwH6abtkp=)Ky!K7@WoS~Ph%@--tHs|MbxzAOV
z;?I(AxRnZ&CPj()u;nu-j`=cXDJ|((bGvO7eII0AF~c;OPUF5Zx0GH=airP0byfBA
z;-%^f*wgiP9I_N*6VlA98iW-0$2yf&Mp`MVcBm<9TOluLK2AC7)nU+Tuw-j1;DpIQ
za48>F#ky@()5L9sWJrKjazt;2C9yI7(p_lw-nw}8)>MTrU+nuifyz|0mt>kpXF|?p
zYhDS?=w{<h0mMNxVw!mJSWC;0!YZiO%9b;$OUZunP!x?lO$oThA*<^&^pXy%q9r~k
zsE4C_STn432CcZQHbYua9B!H=ksRow)BUxD!dHvTM~MT<YzlVMta1qx^?lM2jIx|t
z6D|;7w3fL*i3A|_^?9p0h?J<zWnXV<{H)~i3R+7?4E+srOB&(L8uKimOGZ1aJS!ju
znR-zJfb245+vuCQnTuMo>$bFus-HWSTu*I9;-_9RLZ2iL7qjJ^Q%P~CW6c!Uc2baq
zuAxhaMWec=t7HEy!)22CVY%f>dzy4ZM5T!sE>ls&EYneze8(_MuqGwmvqXB=gCr64
zlJu0g`ejzfle1PJc@SQm3rcy-Qr=T_NM_uUNgjpd2I#kfsTyWoC||1Sdbb#wCVl1E
zN-#u{@T96pD|z^jGqhe0KCfIV0cM6sZeQy!arqT5;V3T4l&k8nv9RFv<R_O57gf%D
zljU3%BHgknW3*Mm({ft6Cr{*coU|KtO{_#lTdAYZxV7yxb+n|(ZHkIuAdYZejCLy3
z6eewHph4S90-bRtPAadF6~iLB)5w^IEby%1=V6^ZGY4j+`3<!K{v_2(nxq1d-H?ls
z&7^!I-<*`rK;z_UoD!DTPupvHL$CQtmRi0b31p{XxupwFPCo2w9+n!xY12|_XI0Ft
zu4i>994P#qi1l8}eR+|KPD85C!%@;UD>m-6C}BfXIkZ6W8CtqR5uZ-NI<mK6YRO#L
z7g%8dRxFIkA7iX0+kTe7d7%2tPF_1-jc>XNx5^0A1^-Qg7D$vLBbu`MI2o{OCgn|J
z6K%z95qYv5H`Q_FL~(M@sRX*^16&g|U&Wa$xLWjy!UZ5g%2GlPjMPg>Oy9t3elx9@
zEsUWGwW2=F3g<_l&Pt5;oaBScED#}gIHr<N`p_K9uW|LF8b}z77QNVlwV<=QTeQ`4
z=UI@YE-0#&atk^oFhK&%#fRh4=Ql%n0z;+_o}_ePlKiQ!3DY~`9nD!j)Y`|&k839h
zu2R;JvCCN{O)22Apw5nFY3C><0k@RyQ1XseGcQhZ+E0ZV)E#BpR$WUD>PMGikWNVw
zCA$=+U{;$Rr;}QTxxz-(ZRMI2KEJ2&A)}BoiUiGE=CXR;Bc_cbF>TTUXsP$U5ZVzd
z=0)|_2wHV+Dc@|G?aivx8ZhdKC-*v%dF#2Puo}DMVl+@n_Kb<*AU&;=#!5knBPqIM
zHPJcgw8iCq9JUKRu|%L*8!AE2H~Xzi_0N+mWv!!N3*C@}8$ol;NU`QIFBFb4m#&}H
zzqiRlXe{nR)sPXuWLm6ciK#~+&%KvIQ@Sp5mDCt3RW7zvGC0<SK9+E{M#zhHk8Mgq
zD~@6uhbFO(xfPCrNZ2VyB0yC*tfji;S%%b#<D(It!#ZrG27I<{;bxnGpg_v85^UyR
zcaq3)3PP<*L0ZXy^Gt58mYc)8xMiqdqJqJp*h*_ze4VszR^*|Y4C;y6bwlnUP1T%?
z6l`mY=8`Jhty1iXAewg2U{X;E>)8fs<~<2{<R&IiQ1Ov#7i95)1Bs(dx$gUl$E8%X
zPm+ez7YQo8s<Y}O5806t+%-)ARFhygauip^SJzohx}S1JCRBlp$f;xxC$|k%_tvtw
zwVum31xYG86MH1Vh7iV7-iM#Hm-(=;h_;l}K>f@`xRNWA#bID$F5N9lf*qHtZizxN
z`3&})EE&wZ!->NbN^6Sq*ugR{e5P6`&CM_fK8>W7n$;MH#&(SFP_cv~WoSK5K}Hpd
zY5Ad%CM%wr)USyF8EY(m?hc3CB>91PHI(*LX5cFS$r&%Nbs%mlNmtq6ARQ^Cacnc+
zj-F($9(tX!WHB12A~aHJLknw%rN~hdnB5L}n(~3kGtNt{KUIRT{?%!AD$OWA5pzk>
z=ufQhoKhzoJ>RRDc}DXnw#6HRcwtc}r#KZ|tSx5h#+(G@Sp9kid3r3vYFAM`^V~N>
zp5#e$eX@!}F;m9GR5aIxQ`4q;9<{7i_mgR_ix||_5}#^vs=B;xXJ0e#O5P$e!HcP(
z=cMQ%JG%s{(w|kIL{a`&i3L)}orDHXR1PP^Ua^`VGZla1?Cv}wU3LdONx6R}S`l-+
zl?`T+31{OJTki89J*n={XK{kXPpPk9q{Otkib-aUChI2>#ne*Yhs!*bc-srJxSf*c
zMA8s*4ixp7YWP$@Dfr}%qbUpGn8*91=RVb09A$YuatWcaWo7r|Z`q@gGm`9IbBw1*
z$Ru2(6vICAwox&mik8GhE|rNDPMDTP5N184t7|EMbFw*&k4-i2+G20<no^Xlf0`5}
zrQ7bRc+k=u4=tmyye&0m9H%VLs$o60DMdqaE$~`FU-V6qs3pZQ^)oQ*T9*O@ESp=<
zc+pLjjFVT3*8LZ!-GLVB&uzm*tXQBLqy&If%Y0tTDP2@Cuu!{OE#&!ATUj9muU<w{
z?*jq&G-SpRtrvY9wo^-x?tl%M6f>AbiH<ct>rniB$aleu6>;b_b#Im~L&}YD2@@lZ
zD76%(CAAzRwM9Jz@Q98=Xr$NZvPPDdObdb>Co<cT{4=DjRkx*<bz4D~$4R|C(8}pr
zUby2#oD_9aW}Hg(Kb$BOdnzH1HF~lyI&!VCKQt-%zvDsLQYR!|wsuNbr&-o3cDqR3
zsZG968pPDJqOa8eo_^uZ0uRlEEhn6~Q;|7^o-UPpO%KrLJn<oka$(ykZ5+1jm_5#~
zC#lXkU~<T<rkNNm=Z(~eOHH;>Pkcth=N_H(eC<?BJr(ki3}nf*pO^$4>5dVtOrHxU
zbyZ*8+Oh`{r^3ok!E4o2`nR2ApSBmjNtTiGaz%}h>@rzox2hsjw5q0{Njf@_fY{-i
z6C(BVbR6W}%rdb}QC_s5H0|FYGbcBKmcj0*Z#E@N67M~?<?5JhS%UW_PV>;EygH=H
zME{tkrc6rl{w+zcSXYe^Np0e}$le7Bj{E6GS(YY;+GNk=p`bdSj)H2ie2<e7aea2`
zpQ##LYe=)jrK=^E#SAQbK_0I)5jm@`rSYtUTX7Z|8EdJhkY!%!IMKqgY%o;TmeoX>
zbTUtw+?HzjENN$XqedJZUrRMng&c~VDHZG|{ijvMNo703T3r!Y-Dv3bq)7P&?A9C;
z9JIubzm@8LR@^d!+`iaWDlU21B+rXx@+#^VY7B34d_^lWQ*!1L70`suOo>)RW7k#x
zg|SJiK*AkT+QC-J;zH?TyqX({+cJ598G-+-e!17m8-xy`^f6G^&5_H~Vzj+JVI#qE
zOQL03d0PEh?mFC7YhqR%2#J^k9B(JAPEnkr%#7u?@>o>0(2Nls#vtS2=_EesY#WKw
zBiF-_r*q!czl^r?2M;C6ft|7_>R1zjhrAj?*JzGKweK6h9n3Ux$=7z2>aT0z5;64j
zHQ+_kCn#H4bDBqZsZq$OAR-wyY;w>PS%?fYTQ!KPSx@#iHEOj~K#9Co-)31Wa=(#A
zP#ER(I98p5mU-M@zsOjhrD_+I;2n$Ns$o-l?-VZ?$LpCIzgsDzg4`-4FHHFYh7u2<
zD&v;Z!q8guTcLBD<uI%!0I#WMz+t8WPT3dRIuAAVpa=>vgfDxNm`ogdj2f-#>hVtg
zNH()IaY{TsN#7^ulFZ<tQA;gVx^M_a*tP+so(+O-DXKO0S~pym2&L5FR+=kP)dnY~
z1NB00X*9$k%RBUpl=$8)#ZI5qrsE>^;{MLU^jujnqGG|T<s+-#FxIrIef85wfd^?t
zl3<=#ze<*Ix-F&QIqz`T0`7Xq&1sx>I&4+=c_-&@E;xy|n9Gau5Ifya@jSCQ;gB8+
zht=9<DWn*e2(WqeNHxB;Tvj=iH6L6Yz-VaXNy62~d7Z9t7DRTOWq+{ZBwAJOEO$;g
zHe0F2#)+!mXwYzGwNisz+ocHf<#vE&7QETesw!IftHoTNtm;-!SM^aM3iT~FvxY>*
zwOz{XU9%a8q;SB7A|WXckb;Xjh|K)I?7iD^B1zLN7?1M5$(VowJ_Ixp{9C}-Tx1o|
z5RxjAMnp^0(~tRSxl{kXor|$uW}VRm%1k07<Fx#+7U(`Ojzysg^TjUY$vI#1QhHjC
zoTrsVKqLNSWzMw~9>6}D@b$?vqJ`bta}p-asS2ZwCC0W!_MVYt^MlH^nbxu~IuE*-
zZ!j-z@zB&hxDq<o)?dLpz3C9IxQpplfLz>~BOmN*=W-i{ye^OpiPdQyvkKjH=k~|B
zMJ9zb(_Xi<TX)*NG{fOLWReN#oonInTjiIa-2xKO`%_S@6$?v`G@24f<TIG}Y<DsC
z2-KbZHQ3K*MUgP#gT^f`wlND#!;oB>jcr1!?CB?watkH}+tXVbSu;&t4fhY}_Xq&A
z*XClhBM&?aRQEb|D;fjbZ?kqsN9og+vf{)Ps-aPrPGNQ)H{(<DJ?l8T-hqXmG|+PO
zVL(Klx!}IuA*}1!OeT}&9F4(=B`?e$(F<`IO!K`Wm}!xAmMWLsd%0~<qxFs$!Ns{T
zC<7DY23yBvb8|&NwPvPwT|o5_bVl`=wMneG;K*>-xXb`AP_tBbaJjQf?@xE38tk4Q
z*d%I9rm>j@&d0uSY;0+q{50k}@Ra0jq?~Tr%+nmcFuLdti;9UNVkf*P?!LzSD`ViV
z{#Uyq>K+&=a4##=gVEpiqL#(LFl+2+bax*?zxVW<X_TRV=z-IbZunP|fv<0Gfu&IK
z)=<fyd@0`svS;^4$H`Os2AIX3(N(r3@Lsf_&g1#Qnw+Sfpt*~_7KHf8u#oU;zjdo1
zeRL}b_DBn`yoUYFt_7u^IWn;Kk}7C2saqq2wGhNWxZhl{0b*A+MQL88^gDjx%Z7dH
zGZuzN^qE;yN_GWJtDE$SXKel!mX!HyaprSn(bGw_b2=hqWX<pO@^=14;bsE;$FnQG
zg&mnh?gc-UO-K>3dt{LQviGGO;?_1F?Pq@L>QBxRTy=r&Jdmh1%Qbz$mfa%=$ELz&
z?3Fu<uh@scCy6+_BW9O09VDdcUwx-}L{xcKv7Ptna@DB`7~DL)Z7z(GGMn3G(EDkO
zBxEnt%ukR(^!VQ&r=s?5+x;y-skSi31!pZRI`>E~EWdc-viL?D#mnA01pb>VG`qA}
zGrA(#R(r{oFSEv|rl4=djTvNHJb7i+LzW&UFt)fqHH49lEc?MDmTgUi?Y)6aum$>Y
zAybi*ezhsU?kM7K9#yNBnE$-xYRX!o9h@x=21(6ZBxPteR&mNl;1=p(zB0|s(kX79
zhYG^PyB+Yta{nID6Q(A1uQDici?a*kmOI3#cqAthc?UUQ{G~^zub>$yZut8|<dyoU
zA3zDyJGrM?5LUgtQBO;pHjqQA!86BXWVLHqXpRNj_xEnYkwxnncS2wfMZ~^Z>O0pt
zgGeWY5ZBEGd<Jkv?GUjyx2O^`;z+|3u)p?3V=ApNa7CJV2Qz1gmwjwbMT|9h;an2C
zavzqrL)@%pEQ56HVmhC5dpmoi^}cxI?@RC53)qe=usO0nxgP}yd!CRn?IDEW%2NyE
zO6;7Ru@4F7a2iN5t9=}qLr&fucBH$&YuTJaWN`<TT)`pi3?4M$ZVCgc$_r%=Rnx5m
zjDfqLiqN|xv8zw5KjjRkwVE{x;}bB{Trg8Id^&t==<X}nUzR;64d$Q&o!Fvkk>Y-n
z1xy~(1~%=vTXLQdz8Xjk_ravTQ&-1}$4gB*GrJjC=M1=Tgy4w@Yy~?D{b(^|eFBA&
zu@U=<`Kr^F*QlqA<z8`$y_6R>|48<c;g*-MiI1aZ?h-var2ttK&s7;W$0NEv7G$({
zw$iTj`^T(X$hA|OX!o-V76r4=+z1Jrq}cWf-JRPaqMvyQ#tfG_oH$F%)-^-67FxJA
z>$ZdwL(ODhGScR-#Kb(!$bSibh5<q&)k?y97W25iWEVS7k_ro!GoyI37ZcKL5u$ic
zEV9EA_7tX4q}71$+?+6;2|9C2?^*=|$_K25FK)12xo_451a=|aQRmv1?C(@E13d&<
zX=-x`wtg8x-*iq6Of1rIU(8%O413dEhd5sqKnCNiZaFpE3$#_^4!{i55i^%$u*rCl
zk*A=k#Kl!cieX$Q%jO4s4mua=v2J&%w=oXOw_)6MGyu36v|0l90?JG+ja>aEb7b-B
zvfO$oO;sbXs;<SL)5WGUEA^%eY5Vu|KDM21K{wUz{$Td^&0QWUo^TiyAWXmoO!V_|
zm-+luFj+jnfw2hDI4+?Ys4q<kaioC*ygPS#nx_UCHCNfw7ryqE<mYwE*SPa&trkRc
z<*yGGSPjaw-}$2_t;U=uO$*NoGdJbVuQW4l3?U`e?WyGz&293Wx#mCvpU$MSz^75O
zd=%@GNb7hiPEs-PWPmP48+r~%pgoKnK@gO22B!wy2B8zo!A2vYLj_Fe&*)&xdYIq3
zW4m-e+nx5F@v&vl6{;w!1+9+q$Enzbi*mugH>bYFjj)TZvMVXSwQGOmbl4e;T4t|Y
zcbD!h+Y4M|q_6MQaPB0-`%@2oy>+fXq%uk!g2-?6=NM`9Uo8Y;IERq1=7AId@l-E4
zxYDrbYmP;RnQl{HH-!x`dkl0iFIp+Hg=gn+G71PfjM;k(H_RXkoCguNU0A(AE#%An
z@@{=Vwlr@$H^Gp;hnmL#S*jKmjyOu)RPGSPK5ovo9#}A-z9jo=L?3e|Lw8nOKQlEa
zaZoIM7m<U*RnrX?sx~TVh9=%Q>M-vpuOt6sC3yCugQKkr@}<Vr4o<?Ir6UYYXxX}-
zQ@y@~8s8g>1r5wiP<43fFpFPhG&Dp6dJL<JTw%113?g%&(g^N(4VG}-m<~qJ5wvPm
z##*SUT@<7_MO~nK`meM!1+ZO6^%cEXBZ}75#b6+kMs~)hddJ5+cE{4nh><2{Ru~pU
zlIw#h%cs4*4f0iIB@lRp3~Sp~b&)~nPTpx&q9|G*YuTA!$5p*XPEasJg8I~CCl=uM
zjDB8~mum)<S1xkb%&9#0WOs9=y+8xE1CM>&x$jD3bHD~_gEad^r=3TY@~l}N?5hD(
z;>`CxQW7Z$ehrPxLh>UUx|c@mJI$4XSoL6ZPJU@|#5-dFQlS!~jhew$V4lu3XpM#@
zGdMwnkfNa=8SM$APM##q#hq2jXgkdd+Jv3Rzyg?!oyHiatc%{u;~S;1Y;*M9#sfZY
zMu%KI4&r#HA*$NILH6HMp0@?>Z3OS*)Ewpmf9(*-gVgV?1w*!JyoL<VHIz=~1#|iw
z7L=8F=Z4Nuu=PoKA0(9K7SAzPN6H(<+BUdOb|x*g>k-$fzv}FObEJXrttXZ@Jnn20
zIPRic%9GK8iNC#r?0L3Os(il<90CkYI#5+3C@bR+57OnQ@URSQ)>e}uoG3yW*~4-&
z4OWzW*1<CMNP(Rud`vxx?xFnV(wk#{HT8%wn*vu7TF~3V!&~cNt4?`gI(8OVV>_EJ
zrs<3f**Fp5uE89qzoD#4k)U&`{5J#BFqvl1t_EkK{bgrSuw$^K@-B1Lfup#EWK(s4
z+~xQgYTbIojraKnXwPAB8X+BTqLb*N-DmG_G3_q8kTYky?+rTd5sdfxwpVWF9<?BP
zdkl6B^Di#Eu4>_Ty=Y1GR5A@4D1RBy+eJF>oli$oVQ;hr@6pw1O{dCtfeWLE)PM=!
z1ucqYMyP4fD2?{Th}JaE(m=_eIOzu5l_MBYaf5FcYYbyd2x(wqFY`V2CU9=-EUd~5
z<Xz~6{y4J+2hOy+%kePH0Rgg|*jfU;?$$(A=Uusv3f#B?=8FrvtOH5gT&!#*ijf0Q
z8{(Q-!n%Di3R$}gqrX}Pxp^@ibYSS+*+~nFuh|xdXVpCwzgh8Yk#z%x>bvy{3l_bm
zGLCJXT?B#8N6WVpZ1U(MNC{uFE^sQ~(Yvq8!yo0j_c_3MTL=GY7WwPMV{-_bEV_^v
z0$rwsuP)D$Xp|wC)+0#JmIRBPZq?O2T=v2&EnAqLC3_9r!&{HfM3&tt$iO44;R)#v
zCq&dQ%RO1{v>`Ho;pyfJm?tq9q6Ik;=tjQRiEC(XJ&;pFprcP=2B!8Mf}Mu8=|-f#
z?awS>&@8Yvhgi;G*JH<NPTQ!PIc+@zhX5L$bThdxffROQl!s5{UN+oFgkjrWgCTQf
zPyz(eO9<XS-cQz#*p7_VxVr01Gtc%&Ye<M_uNZ;iX$M2i7(0uF&3jKRaA<f^><B#n
zGKW1FzF1h7oFn~si6q9=?-{3a-2)8NKCW-3(}$g7q79x<rl-Di$F3T!n0j$N5$UnH
zK;$<|{VK|x@?yLK^XAf?n0q&YU=ecp)1ZW8@;wm!%H{6!V|Hxw<RPS*tB5TrVkT|r
zmFN7Ahp2J!4XK;HNPDCx_m)R9<jT)8tJyrzwa6>T&f@A)ZOTpP3DuI+H+1sAknS%?
z+uUrUf*AWz@H|XaAm+hl|0j<RALJ6lpN;8bjumHQdFqyI`2@D@=V<=U_VXhfTOoXT
z0I&O?ID@(qfCdwEXAX#^Z+d6g6KsHt*ZEB=6Gq9_qjsNKj-Dya^b^U?Aru-AOfqoY
zqo5InRF0unc59+*bKgNJ__S8!5iZP*F!UoC2IJivb`N+?^U^&AH`mbSL9NLE=`sub
z|FHemDTW@7Geh*)+!l#__DErmwo;ts{xfrqb~^TDG>r<V-ZAll*cBKt=rHYI&EyC-
z%~v(7_n09MV(>J?RKfJHa=B$~vI4a<`;q77n{tWmxeGQIZQbrS$pt5I+Mhy%$r!z8
z<x%fG?<wE8PLb;nj$uJb&NOf;L1FgUW6;?Jy4D`dTnimS1ASwN)x?5aj_6@N_wJxb
zfy^k`y^f8u8uBE?3^=ZLVT!n*6R`a10-4d`zGH<QFCdy<6~z5pLJ$(jz$ut5X>F~#
zi6Eqybhh;!8TJwx$@^4eaGlK|qhykVHR{N@jMV@c?#exA!Ini0z*8U5V<ghPv=DKx
z^U%)nOxGo3Z12PLwL^@>M1sUEC1{~ipPF~&gt6{dS%W5L(?K~4lu1hnIe-;E1k7#V
zImzaEF~hG5q&}HdX4BOFx;D1qO#`B`>;mjK&G6{1+~PDKyrY?dneQ>*r9n?%THl*a
z3g-jE3$1Z6$a>kU6JpRIYpD-GYY^~M;0bz&{ppS-qy&yQb7Xsx<kV<G&;wi;>^WEG
z@86#+nq!H)E$~mwVHuNDQ_I$V1ZA`fvRWOW1hfXv?%Z-SdH>!l;7-zIHKNa$9sE%R
zB8E-EBcwUi?iV6F*g1gtVT+C5On0w?0!nEo?Ajw<U>Iy3FU}pdFCGB04anVkC^Wq%
zAVr)s_YD{LaBRQ4z=&Ps8fK1pGh)`e=w`9U#3!2?DPK%2+X9J2B4gt-$L;Zs*EUbc
z=vo?6*}yW}Hm!j0%W=k}_t^+5;d5ZnfNyi#Odwds66C$~pO4sssu~JxE8r$>I%4Ob
zC6R?xRV6zM3fZ}I^-Jd@0KG5a&h6z2*1<Zx6D8D;M|-;C%GpLh%!piqZePrN^oWcb
z6DwL{7JqE!Z!mYd5)O14vDl1R&I7SRg~a%?gO^RWxy@y4<k2*~(vnpi2*@HG6Fi3v
z_RPHtC_Y7ZJ=b?1E#cWzXUr%z?gJej@;jao@;Zs?QO)Md*}b;6u5P_^Y(<r^V7yrW
zMldBe53V8S&{9fK%X6EF<IOWU)~ApRHVk{ip~eruvh?UtcP{6`U=dN4qE6r{zI@7m
zUq9OS-lAL}q0rf0WEKLc5H+X{9G5^r=&^P`lgSyB$nHJrJvm5CjRGrdVqbO;Mzy4F
zlY$<2H(To@In3&zU1jsY7TW|H-@sCLSt1bvC*C9@BMJg4Oj~~Q=+Cg5T=(rQ+c=&#
zON4uBQ8h2<ybOHqU=P(O$7~yf^>AB0t99+M`AgYg&oY87Z|DnwDC2jYOAV@6qlUD=
zc$=11U5w(HHD^h7>A4>7Lnj=K2tYGQzX}1DlHrZoX;eaQ8>NZ+JRZAa4?YsA)L-`;
znw|~obo-IFaFSgy7mJ*W;7?raIQuYD7Bq9F4InXqFk&91<LKacjQXE`j^s*CLIl=O
z!=_zA-zekft%tlSk~3x@1#3|7@)1VkVG;XNzE|h-w%7bx+n&5Y`F;z|hUm2l^etm2
zC9z<W5O%+hb7EE#A1~&Mz#yPgG*57EYKTR4)W$cy^2R5S7<+DRisxatEcyQJ%cMTh
zOinXX%!}<)!Q&=feTW9JVAI~S!HcQW&&?uhiXKCc<y7v6?0|pOVVxP-R(*kZeoN)o
z81NmKWTBKgbn-aRuW3vbNHNr!whR%JGPt@AX8cyVazy%dwTqHA3qv`9d}8EAAeRGj
zZM;zjOWP<i<E)$69QOVeM(AsJ+se^+HEuNUSC1my@c>b7ynB1h_cFS3XcXyK?Cy9J
z9-ZqmBT+qDCf24{uzeo`?xaqe7(FF7A0vK!uP%yLbfL|i8AsVfTOVDRLJ4NOf%@UO
z!SkqImIL{qlfwpOR3t8}3!(rpKrEZtJYZOgvN7z+KcTxmcN(?5!ZUW-B7Kma^QXnm
z8&nokXNP=C4fNK%0}R7Mk$8XWewGi;E;FbXUiT^x{Vqeqn~5=Pip#=j{AAerFpACI
zZq21(9ZZ>>Fude-duu;k6lGgnU9VGuA47C=Q%0L(hiZXBovXviuZE2nkLJgo`^Xxi
z!cYN#u9vKm<_p^+k$L6{(L;#U>Ds%rV3>(P`(S_2<W_mUA@+Dqn{O2wXX6!li~(DV
zK2~^X*~jy{s4iKB2Vf2n(@0?KUAp%B(l*U|^HnTeuy*d$ZL-cN=$`ap&mrjtHcE%S
z_HH3X;I{m!<rF+;3vhP?xzwH9Miz^v`}bLalH;kF3}Z2y{?v^LGs`F0K`n5Ez}+?U
zZr5NSc9w<5QZ4d!Y&N-Ji5g;4mp;>BX+{W)TeWV1M>48G^v)Earix9lw7ayrF8bkR
z?L8lV0J>!pfD+aeo)l*;hc<OFn;EjFb$M<U48vYCxPLSeLl)}{qRp*{<N&KSL}bjJ
znPE`whv_8$#>~74xmF-3d1}sXX1)rAOm1i1mOyya@|`Zv%;N<X#Y6h$ZYOzyjK?5Q
zLMV+k3|JFwt!AP8?Vf=Y0i+(r(9G^LZmzZ;Q_}Q>jp3eN_iv)VhV1TAL3MGbQxfwJ
zrQ^6-xQU&=L}sThM2W+6ZBG~lvj(<ox@MP+gn4uA4+Fo0j4VgB{{@ym1i(3;*xr)V
z_lQlxyi~C#jA<eJ9>Mi<onvXae8<H7*nMz@@YapoGdQhGpX6SU%&6FVXGKHwLeK^p
z7@$<z>kz=6oyTiY?qY}$%{b|sb0ub&;d);`cHo8E6diSYMEMM3Ft$==y95%fear5%
z`>*uZq5p6L?mGD2i|YhhQe$UqLaQz?0!u<p@4YG{ooZNavm8j%L+S&P48DSAb4+vy
zn%%;Qr}hHB!?eHj+Sdlia~xs=(Fa!aeWV!;lCcYTTr4nhrJD|0oVKCa+_ScBCGZZp
zXi+g<L*FYt1=7`Z{%JX=m=&HK!cCj2@#K5ExBhGw!z#vIh%aeIeK1pQg#IoPpMT2I
zLu@O#bsnAn*5Feh#9|r}ku?)Zh<oQPF>RPWYJ}{}nF}5Xl^}1%hmKb;H;gWNvGACz
zawH`1nSI}aGjC_Rr?8m~_-Wp}Ldc!HL&qXW-e7^*!tWB|b&Wq9xsbM8_wXG}GemTC
zZUoslwj<#E=$))_WsD{hje0k?Ko26@adzH5MDDp7#1hNU*6HQ3Uz}r=cM-gO*agTl
zKw;Xp31&&0dFI(5$ga(7;ePHcx_|2ZX5!4`k+wUK4Jyq;h|ridWJ5ylXk+GwO>ytT
z+}Yx`V8<`N@gh&!Zz+I_u#OF~FNB_x_7ujstWZe&Q;z%M3&YVtF}ko|N?TD~SAJc<
zJmr9H>jX0DDM#So94m&dWY}bmm55wDm^tLqOnkV{OC(Pd5yyfI>Uq9TgIgeQZ0i{o
zDm0bDuK%fE*jt{Vuwih|>1|UZy;uz6%`_SxyY4Mt)T*^o@=EgtOuFB>{GJL-hUNth
zl#oHS6<5qNlm=mgd<k2VxJ{V?v&>D8b5V@{&0HrI#x}8#uZcoRU2HdquN)(h-0g<@
z=8Lj<m4qlqb3&G$`=XH!3rngIItatiozo7g%{;g`kt{d^|FZl(KiCS=U4gUCm}?;k
zr-r<pPo_Hu^&O<fZQVD@T^A4Z1UQL*bRE5W-}1BbvPu#5MEel*$d&mxmD<H9J*c~9
z%s!Ehc<YNX(5+={qtnZ^%djNt%HRpv<u~Se@p<=1qZvZyactqIE6W+5ca{g}$<5GK
zZh;IZ<T#pO;*&G}1|GjPK!T3J5q>?}?6^L4(Q+B>!E4QltU=G;exz^CJ~g!z*cJRo
zmL%*fJNlqfQI-j}w>5P+x)B_Ab9cTW1A<LZPnM7Gh3AHSyU2WI+iv=7y5o3_8>nwj
zvXgFkV8TkHxg_$uAl68gZl@M~BwYQb2PeJhFSDvHQM(m5rsrmam?L6E_%C{MnTcFP
zhGcZsEtQ37VSipCz3Mcqg?s4Fc#fPU3T6lWE|4iS#lLYwBYjfo0(M4X#B-9qQV?94
zoQOIJ;eQOO)stos0b4gnn>q8XyV}d%z~VVn=Gnq*OqZ_m{Qu|~*(Q*H)8@gdE2lho
z<xC0yXA9Rk8gg0g;sG`x6Lj83*=O}O2Db2ZGx>U#*?$HhS~mH?rV*+`lVKfU(N^pC
zuH4DRKRYEO_(CR8xfW54FRqy|u^D4(Ys(n)f~L8Hy$3demfA?0$EndNDX^G?+^Y(?
zTitj*-4U;iv*|HQ57=}eM7s~(=wOsmQ4t@<NDmumqV^N~_G-55j18>>_4y@IpZ5h)
zHpdWtSrrVeatZ0cpn@`{DvNA;%z@8;>nywK+86Y17JCW*Fei=~IaPwsRDso9IPzg;
zk;8pZZ(_NBvrow6yUdudqK>J@P6?R>@XZipzbuPnAwhqAFSo9Hb6I^28|!R2elp0l
zK#0rS^|J;xf|cafwFqXvYda6cCX+oM1rERA$r<&wCKw_LKn=Th^M6FPwWS$3M&KP2
zh1+F+bE-=29P{E_<sE_&EdMtsjuh9_h38RB?-~eVv%^N;L-E*(><jjTS#vF8sf94g
zS%Zp)Q}vFJycoEfB#!pQ2$7y!px%(z3<K$3x>0&S#QV}BTr~1$2_uh=Jbpdj)D^aA
z7|21J-)=E;R*!-6NsR;j7A#M2c5NB}-V^AdUpn=9X>cR3$|NM*&EX@4cK5_`<_4x%
zsdbo}gv<(*dBv3h+;k0J#5Sz`=&w73gG$&dJ2{6Z*L94U154wk3at8p#D0@uA~e%4
z;LnTY6+Z`;`WmcKyMm-qVI3TKEa$QZmGRtJP@UxvYMe?%*1^ai<o4C2z%?!1D1e@g
z1$rNL#)BZM@`yX`tl7f(P$#sH)*<#G?p#^;oRw<tZZ7)<ZMAe>ftlk_cW?PZt#P6r
z+3)H1&6WhslxT6!KLoYd&ZAMc;8Y6%u-oEU_BIo()$vKUIP@1+-!{a!MmU#7mzg<g
z1t=+G5_cl5ux-ACBu~VmtYHIFf44s07)jE4qiJAU93TLFnm;&sM902bSOWo;gv?~M
zD+~}IG`XYx(YGJsAGT3Pa^LmN<O`cmvuK`;+gSvGB8_YbUCwD_EsOT)1<XQ1m+NBm
zu#gVb*=mXDLOIf3EId)U4f?-ZMT!6*{w`=z*Sj3Ir$BrL2?%B8taq+VBwbpJ(HMJM
zCs!VJ=1H~fppuFd&8=B><vwsyg6*6+Y8PVa1*V&p#1p!>=g4Vz*QSM>lLdy{6uF$X
z0kNp-v1yixcvA~$1Uj4f$mYdP3^Q<mnuBC!BF0aM!h<b9?Z}Flcu;ULMtT5GZWEW(
zZRP}fuuvNjhce;DXH(9I(k8~!QCxfCqYH$btD;-1$gC5{bZlcUwSV>u+Ks=eQLxp4
z_g2+1R26fTZC^P7<<<^r(Nc|PODB{tLuje{93aw?A%rgnF+I3^M<530F|$M$aq-B7
zZJ^ds(;;||#MH#?JBFUy0_c07-tR^4@r)qcm<6Py=o0{*qnLM*m3)#d({>Jz&Q4vO
z9uM0gWo&0#Lnb9OT^Xpb4>M+Uu=RoF6sDJ17-D09xrU_(#%GazJE<A%S$Wj)6N@h9
z2=w>LBij}zKe{`I^r&;Tl)%H{8)(}3KfuN;)byVBw+YmfzcJr+@V1{U300@>=T4RR
zB@z%eq9=rFN$|O=TG`$R+a%|IUc+U$a1DT<88Gr(V%w&(y*WpgkAVt;?<{*~)1u-x
zJdZ{LH?TBmkEa>ii(B-Nw1=Z)1ZFliY$+e0Tf1kjN$sy<R*<T>MQY^Ek;};QhhGqv
zD#}&O(idLb0IL2JAG4nS@y)bEEzNgntWS^74b+X?N%dy_`=dJ+C-?5}1on3dJ%88+
zHc~(got4RHIWbqLT~E_V=AFkVy?~csDP9_VcdKT}(7kTM#}*v{elm6jn0KlK)(dm9
zDn8q&F@K5-1knQuUPbL7vK%%itb>(&)1hC8B-%Z%FrWEQe~&Kc4X4kVlWf+wm$PkL
z@7#`4gVh_Cd(`-Y;L{vu<4<@(4_i6^`Ur`>({?Amuz}O(#X@*h&G6cNFBi6aX>u%A
zFGm?$NmO)pfnE1n?z!YcsdnKG1}RU@i(3iz`)xyL@zMfLU(g0yfX0<?+a4ryJxn5!
z_oA9u9=IUR>82?S0~pR=>3*n|e*jMj>@6!F)G`%WY43LvC-`j%EKQS)&7TFeVI!J#
z^Dc9CnB$%tDi3<7{MlB<FiybEE~Y;WdeATKW`1;q^QlRFtZmaZceDG>V?!2j0k6$j
zqVRU2k^2(5xAk=ON9bZk_VIb|N`;7Pgrwy96ihYcF3MuwnXyay+|;tB*P*A(i-}_g
zsIGh!#^d_ZN5)Rg=d)>c*N_t<Y&%c_GGMjrJdHnw)gkK7l0<lmCEL4i>g1XtVZ_*D
zG?~I2#1=;gEb|<EI+M;)yA1={iur7uSz9+(?jTPzDEHw=oo;G|S(R#BzHJ7{O0@W{
z-3wqLCu>u%MYBx_B;_7{Gl*}C>%%mp)HYj;R9mGOU;$1t>&GDE*bSUAY~I}dvIyc<
zwkWThWOQmy>UFck+x(kIq-pOg5W^i(={3S=>tl(=-a~IxJ{t0_8#7*VR-tn69xQz`
zG{e3oXeq7{9r4((51k@<*(Zbr%%|(V_HR85eWSj)Pr|}UjEZ$$V08miy<3tNAQ06M
zEaw8B6>#8iF}IMfrvg<16Cbpl+78susst-7|BM#+20K<p9Ai_L_Om&2Ra&=MJkYLF
z1|EZLBTw>1n54@l&0YFM!^1rf-!_-?5;!$thV&FST=u^y*Y8^O+~}#r5KWDP%oz>Q
z+(Tau<_&;a(0SyZ^w@WBhg)c$@z2Y)eB(Zi0k%AAx8039uq22?kcZ`BZF`h(G!u&3
z!d@p7JjED`)<78}C41E;TZWhve(TTBOx@UyWZz*oEE6C5M-k33@sO-7b|m923jIF9
zl0FETl#Aj*WUg-;!10q)6!6RctHrRqImB)dL*gFsxy$a4oYDZneLJJPn>MFi@??vR
zYy?WEN#|NaE$WR;-~dJn!W#O$50;;`?|Nqf%P#e8Y&tJ3j!xM+LY>jXo)#Y7xUx{Z
ztvQlCUsn0Uro8`OdziJmcd4sC!*}Qw&sn>7hwh5^;$491o8HBNoZaQg5Z&0KLOda6
zZp-RO17NQo%qZ-f7-G?J&zdWj>{WfOD~4Y6?io3wb4$g4v>bUgv3bl*E`fa<vVlMu
z14%Sfa%B*?wm2Wfj9XpvhX!Z1%_Xg;7OWSHbLN2<K%~f0anVMDt_CeRH5)vMYKr+f
zlo-M3^@L!*c%lvD*wk{@!$7gfW<*(oJj2*Pje4TP94E%LZ?ah(o{H~eAvEv4n}PKN
z6<bg{-gD?gpjB?*wo;oyy%T!eDbMr*!V%+K!2%&kcaW7FTNvxi!VV?Ip~ocVuBS~l
zs~FPPEW^#10uYrlYi=`m?u`6-0`Fh%oGExcg93ttiCy+&JC%)VYE6u7bkZW*i^cYv
zMA9UiKCBfBm;-j;cXk!IUBCzEb~Yofu&0`K)=P@D@8Y)!R}|UZ-OL-RZ{MB7!Yo9_
zC}TnK*-a?DFT<U2QLv$eb2PqbGp}9$aUA&ToG8T_IlJ12r~M8Jw)%mu+hPIk?Jywb
zo3^{S^>rWiFEXuITEeb@GqiIff9G2iq!(D0hpw7^WayYew7<JkE)ryKY}qDm54Ea-
z_~|7SlT7IjnO?ys{7t8i5#DN$QQdiRSdfOLRq|28Os4QJEG$@h;j2Q)ka~_`CmvM#
z3{>dsHVirO-Lt1C>^vJ61ZX>Fnly%K4>s1o`@6e`32ok)CJtuH3;`5~z8DR<>||>&
zAN$tLk~rbEviCeRb-?DaLuzhA5c6{%qm+%@tZ5H;GAsU|xLeQ2ti1(LT+Q|`iaR91
zf)kPe!Gj04;0}YkySuw3I1KLY1PJZ~clQAjba0uV1H8$XbIv>WzJJwwx9U~(?pnRN
zd(Yn8YyH;h-aXw^nX7gsn!&F0`fmm=s6G9&;Y2P%Vke)e+=jQ!(O7>dPtOFvV=vHr
zGSnFGY*+Wt0*lJ7XMV(*pL^%xbCl&vV#Q1IzBq2qiX|(e`OHac3%0FgPcBHO)w6#4
zEsX*b<1#@xGpWmA4T9MO))f0W(RLZ_3+jvM+69s&NwqFM#DGqZB_Y22i-H%ize?&J
z;<*L9YuLFir<Iw^13fC5er7+8_#RAVG1=VcPC(Z79=KYps56F~230SZ4<nTaMvXpf
z<O(mae?;UD$##0Pvm~4%4$mXqn5;DxmCKD*{7AEeZAd%!#GIM!cJkA*VGoR_bP+~4
zf@i!IE>$}7>6r|e&>SQjh<$vluft`z8mu29JW(hBZd!K|6}+FM9v0GWVIZuK-&#)N
zabIy`t69ici!j_o5M^Du39vprCtcRJUkX0w#npkM{UlW9g;vj2ZaN{j@SXLv#)FQ?
zLm=e&BHHO8i(%*bC+NIYuWeH-zyjY(0<C8d@0jE3kGBngiF#C!WNqMBpJ}6bg5x*U
zq;g_6%k2=<>z8pBAK#xwBZ>d&9KXbEaLpn4g&>dhDKqEifUX~M$3$<bc_xX1mcg=c
z{sy8+4*UE_)=c{IMcspzpu#S#*kCiRp2NXj+{E|h6l7-Jr-7k(Q|=d^#|lC>_yw&a
zN-{&_PeuX@+!!9LsI3VrmPmeV%{%@KhftIhiv-;(o-MAutfheR;xYsubG^Qe@0rD7
z`ayVLiA5cwEk#~0=lKzMf$<#qaaaDrukWMlX`UfHB!G3lR11edS0?1(2=x8U4?TWA
zKuNO$aL~Q=nudj&E$ibUR@R|HVY<v|y-Q1%eF@ojk<jZl7uoH}2_Y%nX&fF8!kX6Y
z?w$$(`n%ZOivePRh{@Vnsz+x-Pw9<c<?U{HoRuPdl<9cvk+EqM<9RQvP{J#61yG0I
zK1ptok-XJ#Sn;tAMXjaVFK`EBe?Xx&g{_Yz>YAkOO#8T>*I;Egy{V<YN0l~~&XG=_
z1-KD1_3SGqS-$oVZqj=hd!1K;oe~9KfP#{ZPUP91d1bb>w~db57h+(meEf~OBV4Wj
zYK?Hfi(yM*RvEEf^!z;!#Zu`rO^E#Woh>2*B$loI@g50`SjkAFTD0F^MG8a{ZTO^f
zn<RE~+UO$J<)dTtS`p7P%u`NU7UZjiBI%ji9;UK#jg4$s*Zk2&G~PI$E))ja4RiDx
zoA!sSi|v%xUaMLv*?vVvVnQ6qV^+&{-Li9%D6(AoL~#2v<7=YWp0`f$@NZ_vx0y~o
z=p1Srgz=_W9z7qRVK;bvU#5EsZHbZ3ovP}XK;O%f#{!_{IUJUC*UC%vZw243nLDPR
zeNW)1sPgzRr_R0BY40ENB5y9;nUqV~rr|*@f#T!DO>)9XPW{LZd69<v{P*)6l9w)_
zg2&&?3=jm$(rCEO4rNwzc|V>T=0TXN!zF!ZiGz4H7>NPPjKV9iu6K5o9y>{MSVikR
zxUA{LR9I><;P9}qvhVYFR!<MQ{BR)g*w+*x%JW@sh@`x8RC{N-EMDSb-U^KO5*4%#
zlg&en8R(ba`DV6;k3mS8@59eEZS}=+noF^Xe2g34*F=yIFH)6kVdf{s$ahrMkZ6xY
zZN#)y{VuV8n(+%giFt*^@O-V>?h#T&8qKN`cSV$w9HPax5c7h(kLyR$npHS0t#x(~
zBBJgI3$ahZ%Z$PmI;}$29NUZ208CMW6pkX+4@+O|clnCWMSj?QwTv;uRJpVHs`lhA
zsT`zxPT(nFPJM}chS?Y1OkHq{y0gKEIOycu{07K|t$UnQ^<G%9<agbevbh0zllOGb
zWY6yJ1LXl+x5R*?h~pE3?u25N7&0#q{|3>b^D%j>2M0NSw*y?bdyUA+$Fo>Z0~hCe
zpS8(?+f&8}0Kt`IX5u80JmX^zq=NGUJs+|zWbnn=yjhi^eeYq{WK;F9f_PjJ?wV>^
zS$GZXs5yxj-j>lEm=<edR?6?R;c#vUjZEY+6;SKIzH!UbkOt>m%lFs~-?7?J#~mwi
z(dpf(3v7xHI!UE?{Y%k$ax>Bvm?2KhIr8#|5jv}fb}7m6lkT|^LXK-UHS7aBPx_u_
zuZOvG`P@%U%)i`5ls}&`pWED{AY9l{pVH*G#K=WY23@WX7@Fwad{ggbA~s^@?l(BJ
zFa>&Kt9OCPiZI7`)52R^V)W?D&y<H%<Ht^!l8kk-CP&kCBqVxyI&@OxU7R#d>F!}@
zew0+3d0K$J^ILUiQ!Wc6W&5?dtpIxAKS3_Tn2TM4NA|i&RFKDpt&c_S5|m17Rf2kp
zI<L9mibF=l<zst@`sSW>Jhu+==~UFZRK;ligHjFQr0qkI)ltEBvBkTWbEn)_D($;w
zwdj_7R~n4p7Hv6sJwiKJE{MuHYQ8G-1ZAp%O-lzYohCh<C!2wG1s<oSD-l5VU?V}d
z>*aLSPWkOz+X+$T)%oz5b+0TD<5!`?5;=veA3UyqY(2S8GNrl`1vC1abYebF1FPnw
z1|3p}i2LMXj7Q&&<z`$>e9dk?67%KD%rf*8C)xiV1TqO7{?3YYoPf`;*Gu>5mXpul
z_^z*=B4<wAp(bTd`FtS?fpD<}lii(Bo~^NWHL|-FGU4l@&`QOKs(K@sX^B{sVas_4
zcg)qq=$*wNsdr9FDfZb2K~T-#U3#GT&Jy;OzAKvpautNCC31cnIm7fGGyF%mp=;Bp
z+gACpUt^H!)s2pZdI^)qZPja|yzrNP(^rRlYX0x9bV#Xur2?`&K1RRkljo*J=+{v2
zuKSI;5Qw$?ZQ0ZH=XuVd(xbpTv6H3`Qf)lOv)9?k@(hpa`=7N|Xe2;dfvlMgnm3Nf
zQR3rx62^;FjF6Dv^PEmnkL#NPEgOpybbRxqyefo%-^0dr&_g@JsNB$oPM@|lmtQ}l
ze0tKQ(0P#^Qg5c!L{ix|D36-vSu6%D-X3`-eOq>Xp%?hH{F&wEj`@wDwVe2rgnEnQ
z^>R@|`Ta=DJ$*t2TJOOsCmrs_5_~<BmY8N6+nHi8=-y%d9N{9v<EaTsP=m;_grxg*
zd4w6UA9P<KG+~4o?`EgO;^u&Pw$3Itv}`748)B+MO}ncUfOKp!{g$FYGQ8M*(N<Pa
z#rwPPUN<{prWBoV<Ca~tW)eRtw$*h~&${icaD1hgM_rVk^@`s>kb$y`SQfH-EthBf
zh#311H7fUMp=IG;C=S-O(9@6_54Q;A1}h(E=C_q);Q3-USAPY2H1UUsj4%$ibLP`J
zO(L8A;o$);sVQPYH*EnRvm=KW&c(76x<w7jeC3KFU;lfJ7m-}rpY!sRU5r!|;no=1
z)zL&kMGL9My{?Y&NyDu}FVH;@IjiCQJxvKaw8-2tQASBFgm#7(nbMll?ZNj*A=tls
z@AJ^Gj8mA6pHe9jP|rV3MFY&t;Ufo8g_`lRjk787^QUi2NlpogG{ez|613QgcFqtB
zpN0u)-LW~W&}=rvpFb2F*-AArYoFU`j@vGCf0%s7C6N|2Vcu-j;vb4tXV*LCY|15y
zLz!U(&-wf~QcjqMZQ_ck&ah&z{DQyfK)}b@y)>*eW*j!JAAFqBCTv>Cvm+5<ltB58
zYc^vd6d_{u1BF6<l<G}VA4X&9>sKp;1bgj)2ok@}=TAeovR-Wslnj`?gbcR0iQM7Q
z3tk=vwkEBh?5}L7Esbl~GfU*Bp8k4IRyNmpa&eoXvJ-pfCg`4O+rfE|R0Dli66p&b
zkGoXzB^q0MIy*vT@UfIgg+qNjtwZefao_-u+P-!N)wNep%Ywh}VEz;wMp&km@;%?$
ztQLXibaq#;!A(YX`*J}ozYUi<%qfXA>Qa+8Xc^m5Vz?qwi~SS%1@kw;`-zY^f5%iI
zF0=?S#>31#x?KLSEDcJ~5x<w`Dh5w8FVobP<;=R#41keYa+S2U>av_ScbpkX7U5o#
zH*wN!d+)Z(fyO-CZukkO`JELN<9w3&>?&WVWVu}Yj<tJGKgyk?sNI}be|{G!sh%>b
zfk@xWI@p%mS0T0)3NdfUnxY{BY3KU&;&^ha+4sB5)89BWc4E`{7tqMUOONSwnR{n-
zUb504#0F2UGOwOCiE<;`^6hK>K2A`>nT>JTHte8$qoZUkhzc;0sM((`wew+jxXGS!
zM&t|^Yd1Lv-^e|-0zGlOkTJbeFfs(+nUSD=<<R(S&M`4Zsr~kP{MY>=EoSa&YiLDl
ze)b0ii_oamwQ!R2HivIk&i>){HJ%Q<j!I;*SNS3BMeEO?P$Me6Wj>eGR^?@-#V!}-
zV;A>=mju;x`_D4ZJnhiPYSd@aoaj=^g-njZ;Y1{2o56H@JOS-F+;Ved_+viIRL_}D
z2@W5pobhD?CWIz<yD@E4;5C0X>8J2<)xuUm4li<!H@pVNR&E^9kuGDgNlF3s8`!&F
z(~8Y3AHeH+jMX4<;fol$>}*{K8lC9($)jEtm&+U17i(lKY-Lbzpjo=7Bz42vF2EV=
z!=>c|CAX}Ef}9OXcT!O>Nz!<)aY?kZzn~aeT7OA9I<4k5tI*9akFylto#c$^)}tJ6
zee()|HLXaRu%UYsnP23M)6%If@jD`852q4=m26!_^e)#^yUoB`HFzJLHn@RkPD@iL
z&5M0@2SIo9f;B28rCIIF(`Dh!pHxRpHUmwC5o&UQ&=9Y(h;aD}gzJ}YDS;otYXOdf
zy${D=?v$=lr<rAr$$|;_+4h&v2KNG!^xFPcQa_B9gA4Mf6g+##J?$n~3QsNLpN@ku
z$O;}`XU_!ihwU)1pL4Fo)HT|X%~z*n&q<18t2Sh05>o=fn<EakjVJW=*U81=!=}-%
zOO{5Si!l`vvgOy}Xqa>h(68#WBogW^y*P5@BMaWElA+jRw=t8N%5etQxnNx{0k8Bu
z3@5(5v4RA*GK-`<u)=R!x0I?}-6!)+lVI7FZ>)6u0!LN;Vq4J^<j#XF=1iWPkMecJ
zUat^jTkgiB3nrZI7RzF!O?(l|Zn`HxRQ<ZQbHJAmaibuO^>F3Q)Q0|MRcqomGgJkE
zXLF@-B>Q|z7Y!znt#(p#-}zX*bZ5+d?hld2?6)_Gk3eRAM*S8a`8k`QPiOg<ha>&%
zj-?%5KZCInP<{CC-XBoR|C&2rJPC3v{1Vq|r%L<Li#{Lq_<?WD;PfS0Q{dZ`#ichp
z1=a1%x(~UJ3wk%qm&NiHaFywZCI#RuhGiMpI>Y0=E)(UmnxXAL_pz&JMPi&y?ECAt
zNAY@mP8Xv{ZY6rr<T~MSd9BFsGK+xy>iJ%pdXXP#@Jb*KQl;n^QS+TeD-5?yoQFr5
z{Dsvff>A411kTCHn2#?U4;1){Duru64{J5)2sJapl6p6Ur8IS4ZkmkN2`qBbj9#)}
zmYi3U5+aBNg_$vnbyPkN7Oa~|VYl;vAU?(JW2H`pXo)n<8M2>iU8T>FWjFO#1g$bA
zF0pn|XeNX3LOtvXr>)t##4i=IDfjr6iK%<$1zt>I+}I{04w&GJv4JH{Mr1t!&sR?L
zu;XsUtT2sfqJ1|)tiNAD%=^$eyo_R?=2!?5x}<y>H$<+i2qGmyuQn0(Q9teXl<{Im
z$xj;ps+B^Y{lfo@PqQm&cKbXDiF$7RNTf&6emcSCimlER(|%}5B8Z0__<^~<T~&1;
z?@F$!F)H0Cgr8oj=_AWVHr~*0|D})owwaa4SOuz1c39fW5>)RmiqI^OE8<Ik)syRq
zqy&xOrjb*G2L}-kQu`9pnCfuj<DuQP5I4NW-jOsHHE1_DteZ1)Q!m)Ci5?Lbe*0k1
za2Cp#Xr$hD+jdhL-(w~y{~m232Hm(+H7n2OeLg?%8y?wxD7n{~`n5Bl@cYUROUG1B
zovm4jv5ke6)xak>x0JfP)~J<^GW0tCNMNCdzut(&z2%TXVV(p<=lOaSszBT9@}eDj
zV)C4bD+N?8i7%v;Zi|sE(anID9qU*)_;*3&PaG?1QroSPgEf+3vii`7QwNaFrw%sQ
zf;TC{IyD)9E&Imj3qejGSKa3*qk|-N#iL8cHlX_%fwqn1g#gAYuK6<uiVyGYU;a>j
zK(UZmUY+`4lM%!JmFRe2k6@MufuU*bT*J?W2S=wgd)z|Jm^q`sZP1VARR=hpblcT8
zGEp6~Lb)AVPt|0*cfUrcOQ=!sy|PbE&s+XQ6teTt9IV~##fX(&@5FR<FKH4>-H_86
zo|4_VhXp;3=BTCC*S2_O7+w3g>EVHz+oGyJPHI|$h>5(vl24*A&A*eG952{}Y}QBH
zF>VA{Yj;X23aUKb4GDiJyX9B1dHeIMoT&2$2W%sT70LFSA~~P6S{$EE$}>4{U&3TP
zPWm4XJmTLM(U{vh!%$E~{V|t*wg<mB?!^*aEm&r(KPwTFQ~TItiy0oiZb!!&D`Gyg
z%hcGcSU=DsO-rt6_@u4(`6#cef!jdI)_5$LRp+ry%e_~7p6M{#z1FQ?u;j?0ZHpFL
z^!V#!_}db#HR3ARcfrtvV)l$w{epKl!@PLu3w!2qUP?*c->NFaDWjznl-Wh0$J5QN
z-XIfGb|RA9XzX#}VFKs+L6I-MTj^0(8}$d_R1a=v**2E!@4D}p++~eHZU~}gVx5!+
z4Y<ZvtV<%0j-_0E)T`dY-LNTf-^OO53j#S2_*FsVumbteO%V>;&5ElD3%zj3$k_D=
z%k8|Gw2Ar3IrQ~_^<M6QzF#iBPs(}cey-f?k{eaMcH7eA?S#%<4<E5T$Ggiv*~!GJ
z_M&y=C$!f#n194T&K8&U5qubCZ!M*QpiEjteGRWP-WoZi&oP!}f<fPsp03f-<@z4A
zZOdu$&0-2a$q40Q@466dcak0?_>Q3cy|Ya2A=|xqa)>@{fB(ivja@=57i4DYcQW>9
zQdr2i&e^4ZBw$GxHFQ>!Xy8nE>Q@TE!?m?^LbV8{+~*pBFeH|ka@PSnMDw*^;hmsY
zn_q9e+?ur=)TJ&`QGz`kQfY0|3>d$ivO1!mGa?k8<cTRYl$NF;s;ojY`8VM##Oz+Z
z6h>pitP&xWJ<N&-CC9VmR-bPFOn}TQ3lfaWkbT`_+Cyk`Yw7NX2^Py{R&;EMMi5MU
zm!>xS%&T*E6GSfDOmM0Wf%N?zX-V}cxoU{akUb)^!y{~XnKFbr_Fe4hZatV@pV87K
zDLb0Egw6|v_01batheWSwwprzg5Ft17w6Qjds&>Mwhy_&E6-aOG`LuZzt!{6r)XR=
z-5MT<(1Lp_z&2eI{J%Fo?J*KEq`68`F`0x<>}((fxCI~jhH0(6&)2E_$YHwn{nVuG
zr3GgtNaIc1E>Ua)-7(|0RHB0iy|%RVan7;Sk|FNjc{kZ7%$|aNr+&ydvW>@Z&e6l7
z=PFl^Vu(w@cm*7VhmlqbKL`uBC5RE%G?z{jN2i$*4mKaT{DNQQg|ys<NOSV{(s!Qg
zp(z?-5?l;0S_ET$tRW`&jy^8b#$*0c%3n*yj6A5ZR_N=mhl{Vu@mE`VZHp815fe79
z?~Xc4R|rwOo0Ax^B5~_Be^mDgHFA*z^ZXL$YC5hIg9lhEsI#(gzNc_6neTMzRKR9S
zYa&uMQo*KbrsVfySvfX+5qUr-@dkFnqRS8dx3tdpwz2EqwuDGLW>gy@FW%w)m~ehx
zHtfho8XXvFU+<>6tdlUZwBxO=`0>46ur6fZ&M+TCJ!;=wF`GYTotsU$u=b8L_j|A>
zzQ79+0Ta-U;t6%dOSz^c9yYzSQ~&$fohXuq)^8V{mq?U0_tH(_DP{E!h6G7b89Ilc
zMW$Sq31=}|o>iWPWA3zjl*omE@pCc(A2=w+%D3&wnacYZ;m@^W+uSjTi!0&Sz`~a%
z4~Fn9@;7XVrfFL4(2i%&6Cc9Kd_kO?s%8gMsGqUUPw5EZBRiKHHK&zrC$aa8->XA%
z)<y@PYsAs}d(KUEBud!y-^HPS|0SuED@peId?&i6W}y|`^_i-52Fxwib>sqDaj}7H
z!noWcim*4y{QiCIKpVPAWCRIrGh0zT6U%U`0?l<6i}|JJ2giJ}vpG(=To;=g+^ERO
z9+HUA=z8?DR`(yU&zU1na<jOQl9v44JU)*hezFSl;{wGAu5wwO+#G+|N8BfzZwe#?
z{qsYC=h7T80;^P8FUay9CdU!5UAc3h0t1PSU6}*}<DQag9pVbKwKIL(N}Ph$n>;RP
z9HkkjgoEb0ddpcX6)~qcO*Gz)RJ5#5TFet~`#;Bta`a)^D$&d|SPFjTQ=-6+Yu7d!
zVvkT(%8^~`eebF7EG5jeKz8C6;!lj_5mbIw97Z1SvShWbShGmtUdous*M&G9ALQj-
zy5JD#v6D<Q8FQpMKb-tZ!$_Y)BZfAUw4F@D<drVS1$Iui_RF(RI_7Y{V&kq~yP)E{
zRCTa&3VEabh>s-ARgCH4dQLEuWFAD!uFr)+K3C{6)v|Rvs*=r}v)VC6Bll%zG5ts&
z#?=Hm`-EDU=4xcvUx31YIFA`~MCsP1bn<2@tYvqLT(eahQu4gQ$89w29KqHvrdES>
z@q+)l^fZ-z&$`PC{jE0Iz$y}E<#EY?bItK<@{+zF5`K;kR`!gpQ+{9hy!Wlr-_9A&
z7*EE`sITmI8&aQf9$Uj*Oako$P@BFkw-|<$B)FEGZw*#x;TKW3p?$oRb}sUj>6N=o
zoT%pI>SzD4cthP@<GPGcZm8t4>Mh`AT%Pu1I$0vnQfS;<(IXzjE64Xjy4G|5L}8ZY
zqtS$|^omFPz*ZOrhV|T=OJ-I~3cET6PSeE-PNwKSwLpQy#!n{*CKKw#F2OU8U}mgc
z<Wn1@!5Cq|#^4bXG^)hb-CgO1fbD1f`XmB34`zUyFM(sPO=2F%D!OPj-oyT-Yi!*a
z{0BmRPP_9pku?{@HZN9@p3)teatfPWzB}SiS8Ac0Qd+N7-!WZRwVA*x7v4Pv;%r5B
z7OtK2RlJr&Y^XFV(`ezpD?qGkL@p2@aM7_VY~we!$bpAL&5^5TlVU}U_jdkadmuCS
zJOhljfDRm6ynDAs(Ly`)FiUo{ThWb|-)PH<#B`Vo@!pS-81!o8Q;ng?V6A5lk+y|6
zu$ou_I!362SvDJID&ExEWPy4vmWrQ0iLdy`db0@>1WD^o&MZu9St#ct{ze^!P6s^&
zfPOq6E_z$G^lNlGTg>$IiN7n(XBt29HSnV5#=g_lKT8jHt$JlUc4P1u_b?Xh+s)yV
zH*}s;XQCHBhsYXLy(_f(<(M@RcUXs!-FO`|(io(!8_bWwm20cCmfuRSNUg0aiF;;_
z2ca?L%OF1Tq-`Qjv-ilyN57*_nw-o@nPcG0ayDFZ8MHkjd|Mz6SD6056@RN`?lE1r
zpyeB4zE}*U{;{Fh*=m%N-n1n%z7>1OnB(%rGKBR&kEVpK9mjnwXhkdG?I2TSZ|)$2
z381idgZqQXmQv_--urKHd#^Meo3T>&g}*ksNTgatihy!?X+c9zZWgD5d~^DaZj9MQ
zCP<@qF*>W<65^4upFY=k$Iohoh#T91tV+L~^AOd4d(&#>8wiKn;65G4m@h}Gtd9f2
zj&oae#<TIk=2yFp5{WC%7hg<p8&=Ulk=E`^)gaI=8PsJ}Qk=xsQ=oVhu^XB6uQlgK
zD<E8!Bs|n2wx}W~#KmU94V}+|pE}0(ZMTq3XTE0eaV02X$MQBc_Sofi=X<r|6qEq}
z3)d`24;kD++%J<kmWFcD;MEiVRtu{Ewc!4-cWXn>wJB(&how*%afRT<%nHZ0mHqX^
z{%MRM_fJKYe)}$3g4CHWwSElsk>#qYcyUR;EkXbz4n(%=$1e;+Y$L_?PR=U=?>?7k
zDjNEai=_6D_o1!i1kvmxGunv}e7&iLeoEaW@+mQITmI~Z52a`4y=haCe*2<cYtipq
ztPNgXy>4=|XHiQ36+vwY=g)1li(gXl5dP6>t9Byv4wCe6dl3rWLSuAdkWMJZ@4@#-
zs>uc9nkc3N<5c>@v9;L`&Wc?PAi6`4)O?u0#3bKi$K4gGapIzvX*zMnULJAX#W6rT
z!;QtnZCcV8`(<yeohy~JjApGshqC1SVnDwMur+2+^P7gql0aGF@i#yB&D!5Xk~;w>
zKC(3=-U{F+Q_Qv1`+c#1*KBQqcWd~l29dlgHz!>eO~_am_FG7G1fO^)UkX>Puyq!X
zGB^`i<w3tA>StTx1jGL7YH6!}{+r(%ogb7AJzl37vAZDSp7drZi4yu4l59(`-x*dM
z4K>SHay5+lbXg(Jw%{~a`0Rp%gYBgwN@{;`o1$te%8@hHQ);=9K+LJ`7+LR{>4Z}i
ztzc!;`mO`Pq(|NxI*ioIOGr4oLa6&m=c^lp1X*C`*o~4Ol)*{<DZpGon^nzcw5m+U
zio#aU*P-<tyNt+d;gmz$I$9TtIe!%eVGphmwr0pVu$A`yD#bW-Y5%j~J5z%@x|Awg
zsqsrZ^NEJGUP6m;O!G>u2e)6`-=)%MU&eBc`BGR~Ucaq$GTNsnp_=kF2@h}g-F&_2
zg{3%f5z(p(*d2AD<TuKUxynO@x;y=<T9h22r@nnKCuxe65YFko?)NJ;Vxdu0(Mzz2
zdk^n~uNgX6|FH7-D{@Heg-OQ!e4CGj>|E!%sz_ogPpEl<k{i-SlAePoBE$5ct=<AT
z;KJt$#5N#&qrJf^#vOz<(2rfxX<?i0-&_*mexvg$^4i{;n`~9^W`L&)1-pR8JPNPv
z{;6-2K?4&p*U>&0$>Xihkk5D*I}@A>JyXN(yu$nDO&YHc>$cPJERj>`nI&+q@ow0l
zHwk)5lw^=b`_1+^ys-{`_wEcdqf?HBK2eTwqJopg@qq=&6E%T!;ez8*2?1M~ZC$yl
z>Gjj@7zNIP*2MQ^S&W?6?U}_)nnIt=kJSwKb)L|)1RNn4JT<hE)|#;(r)wSFhwnVi
z6N1lO_2rhz?X>z?d>&Bpv*y@*ho%S$(!2Dqx)uFcl%)baZ}kBG6u+KgpCjF|p|?gn
z=&I_KH80j2xFsSNdbk8LiN+yhml8P`NISRtHK6kLw;ygrPQI!3%Z{(#QiMKwyXq9R
zx0MB{5)H0*TawP><7(m6&#ncQY!uMEDWZ|EL4ABs2l-*GMK!cX;xg6ucKJ<X_#H6~
zI?wV>L64*5?M^xf@EEaemL5LNIDTKg2VlH7bAME#M#^+rSfdHZ&GfUi{|Ve$LYs-l
zvy}uLan^HzT1{{sdp={MY<)6F;X5Br`t_+`xLo?cPS}BZjQHTzl6O99$am@U<i1Uj
zcMj_jUQ%UhngpLp!5f-!)x;0$V)(nUb}MA5K3+z<f<$(~rqnN*IaVEuj85eByiM<G
zB0+R7l{sXuxlamB&I}cqh>B1*_9?v!;U#S)Uj(lk57q}gc%yvml}V0|K(S?d!}I?5
zG{IERNog-Uks6C>d)S@Zl1h9^!@o|J@hd2XQZLCLvmnv^)IK-kslTPy(cJ;x*d+o<
zYn{QhS`<LiFXx_fkth&vR%JCN6WhsZb6f9aT}q?!h0Df0IlKq%!{9MyNwlE0Qan(|
zNv0}0!uidiuwh9Rh2;C(54}DOw<(jijAP^{cUX2OqVZFE2g-{ic+|laJ1#is6*v9t
zBnDbI9n#AXhqq}qtmEr)grRx8S}BRQ&Z#Sc-*{9%2~4kjH#$w{>k?mlwqozX`S$r~
zzq<YVJIRdB-4`J2no;t`X~bEQn4iP!BJ54*eHv*d9}gs2%RD9)OIizjyinshyW@uP
zS{?zXRq(gpxwU7N&n{jF3QZ&r912m!5UvbeE{-<xIl7~j-2&KZmT~*Wp2P;+WwoU<
z?P(A@xUKuuPx7q+T-vRc*L{#FCieWceXpyT*sNkctXH5KKpW=B2bLO9z6phTn;D`h
zrTc~+lC;eUuxV_M8T>1MHv*pvQhx2Gej3v$X5Rg#lR`1vI$^^(FSrqZRyzoS4v>Qx
zx)Wk(5x=!a?%f1C(1^J1b7jL`kylILSM)Xkt5Yn@xO2rJ%lQ~-$1_qQ1w&cu-k6no
zuYJZ4II#Qjqp68A7yETh!*r#Y$j37Tx2BhGkaD&6BC$!m2d)GqHjcI3?UY}rHjWq*
zFL>mU?W4B@fO|;20}m+}*WZ0!kd03n@<_|qEY&-T=g|xo>1RCc!L3)b#mPd&tw}XU
z@sFeQ*mM5)v1@sq%H$HhDH%#ytxa}1naIAt1vTf`CV9&|^OFe+VeYkEie`wNr$kfj
zO!tJ?5{9$n-aQCqGE>j<WW_+6qj?hJ<20k|xY1F-)N;8L>Nk!k6yd`4mxvMd>@9E1
z^Xv@*JBQHqUfnbTwouDTNI5m8T;X3z6L1gGZ1=NY4-&5{xum*~txD+-mB-8#_FI<L
zDI*Iu=8YfMq_@tLvGCUd++S}KK7TvV?MD1n(>H&%x|k#Hh{e-@Hon@jHL;kqRk|`4
z`HfnQ={<w{@EAF<p-LNMqd!-~gxY&_lKESM(n>b=xj3_>=V#(K#-zbn@lGp25%=(!
z?00k@IQMWlGbNeI%wk;7-1o4L`?O}lCoIFo9l6?C2@P{peyQO3S~A-egwwyfQgX)n
zrr!LCAm*xb`RAwyBnf9^GKaA3;`KY9WL<&tnS*fUC~Vt`qr8(-02L{c5bR%V8}m)7
zd^&<$)L&LlgyGp8F+@Jgf=5fP(TP#$(^o}3X@-BlF@5tBuE99;YK9FAb!8SQn2(HW
zeXCwAnZhj^H0@(CG3Vmf_c}*IW7_L8TU-4#WU_H@-bP}#K&Y7;zTIqa=Q?%#H;Ytt
zU(~zQhu6H#r>Ec&^{?qe%LnG4TLmeu$kE9j&t)Ad59lqss(raKBi?JrD1Ik{!z6m%
zglZu|<qkBre>Q|^%Cq+`x!OH<Ki59*PhC7eUKo_?s@};^16}CvGGv})s7n*4%G*m$
z8QjYGN*4o)7fTm&RRiQ7H4aq+6z&*yAuF>t&hndM8u$7zLSYjuxCxfnlr7oL>hf5E
zbUw&zwnIAkO3z%o&#Fsd%$p@hcGtn2$Gz0+JxDgQ4Xn&eIoPK#?)Ci*wO_a1+|8QC
zy}#_H!#?CuVsn!jtXl)t?V4>Za^WduU-+rZM!xTQS_5A9D|Shp1o32-<LocaIVtQv
zWlTcEb0;BndULHao3LvL^YI~Zve|}rvupM)WwP0YckV^5Ln<UYGjJ`CBuGajLu56G
zR8%`SGk7hSBt%CnBV<jCBvdCfGjuhSG)yNfBWx{<G+ZY<BYaJQBtj=5Gh!`*BvQLf
z<&l1&)}O`oTq9k`ocZ8u>?HVLEEea!qO{f<7KL<KL(~duNywoKVM6*U#kn<*x!(^l
zIQK^}&))4tb5qX6zrJGdP6AAy(pvLaczH_;S@?Jl7_2GjVM%Y^i0-1Z+e!%oPQf^w
zr^7x<aD)S-mXsV4LHhjDT^c}DF*TJ~#-&SKfvFK@ElO~=LR~R9wP=6`OZ5@tdn<AJ
zUq{hjB-KntRfuxlt>7+%REjj-dbQJ33{UA4SVQ${z-O1hCuZ=OvqAu@i#%?CPp7k+
zAf881Kymj2#3Mi<pxNfW-LJS?=f3@KGd^|c&22W<LT;EI{rE})#yB5!x@NnnA9W5)
zN~Y4ghF!Dfx<Q<eYktK6?GOhKh3D%fh{H4R>13|^k>^pibXMym<H^ndyqWT32e}Y^
z?kWm!Sc06LFg*ImKF>}mzkBj&FA{4l5xbL#NW|IA!hs}3B!WMcih0OKoHCHNxgJb{
zg(o~L{dgfuu6Y4-LQ`Pjr5)EihE+~-l58MOjG+F(W~wXGk}Hz|SbMfHYYynYr~OA%
zPHMobe#JJaH6R{6u$msYx#o`))<CfRW=a|SiYi^&W*cKBi&f_u|Gp^>)DUV4v4q-Q
zIznA9J)yqPKu9Pw@-iA4k9xn0D8wMdD8MAdEW{%4QHWKDO^989L#UCTOTeSp8c-o2
zfd98&Rf{nI6~Y3puG0oq)3av_Vv4AK1N(Dej%n}>{iD7B2k&hqW<W=gYO#p6Rs5pp
zQ2LkgO|vI97ZHOwrD_g<jU=qRSmP{=mSPAff}J>T+?K*pOg|km;{yEL-Pc^&el-DZ
zYLs<V?V<(MtGLYCfomEST@BjoCZg;|Z;DE-%V*gy-p$~3&ixZ!|3}^qv^Kz68-E1O
zKgGj4#Usak<Br{LN6{Cx4c<WUYRYFD^I)r%8Jb}2SlB)L9^zjZ@-&(>{cw_4<_&1S
zNi4HJn_t!ys-RekrI&Q`Im2Bz&Tiv|C5GI5N*xZq3M%iyits2;lo<nRZ&J$Cb?GYb
z)S|2*{;~kd8k~ha%^I*~*KA#p2~X*}g*~Z8o)ozu9`be@UUviVa<Perf@H-+g0+jS
z0Ic_l{@jop{0<a+8b6m%<KQZoofG@Fvmxp=;A-FE=ERLrp3a%LE+FhKoo-8zMZe-^
z=1#YLh(!0zqBrj(xVpQ9`@TTY0m5o9N2-?vyH;T}XTY%QABc#BmO-l^-!9{!$(L!+
zENC922wHYob@>hY{jvqx0queGLx-W`&}qm#bQ!u1-Gb~u4=#@(=R$Y;<#Iych=AD_
z&;0H%6;OPV{-eT{V4llV2zkH&cis`Zfe0-}*Oz}3nFS0H7yI=!yk8@KTTXoMj4dF&
zHLupn(08Wi_V6IDwv3<*`YRFhKBIe=1<d#K#X;hx;9?|BiuyGKSzaHK_j`Fp#9*eA
zL5LYxPI1Q`u%qaTvl)IWN>D`mQ${trydJQ`oLyF;t6W2?mSiKnIsMv?cSf@9W2vfO
z>C|b4V0$fOrFiNzOAuT?^#?L@A^D2AkSQoo(B*!7A5y71S9=Nc2SO^Rhvc3oVeeCW
zn&Ize0M<zLhc)Nd)0@iQf0$1h{xh%r?!_s=eOdl9W+xf`oV=Wm)_>L70EQfH4>H~M
z;H48-uIHm$dlBVshJSJ`q!31A`A_RWMF{ScVX6r!Y%ie%Y242gQ^K$(?+ert*5i=E
z?h;BEj{8sld2mWsEm)Zt1$iM7zmDl{7Vr@4*Vemc<8<zw_(~}O36#yU_XE|v6Cx+Q
z*q2|euVh!lNF}txGs9tv3Sfv$8loMN8L}4g52}Z(hLC>NhN1f!4BfTEGR0TJNJ>=v
z=od<#=v}kQhoP)6?NfSDlre8WP7Wcs5%5<1{rdT9+d4~EEVB(%lJ|BUGoZ+zFq>te
z_^EA1Bw!at?H20JN#4m&Qu`&l+~-;QCc~uA&vgkh<5wKV?B}`<5$S%O`6Gp}_j&=7
zLP|&i^Ef!<kJ+0!n1@~4VNZV2l(1H7fz{BtZ^@oRRr?ik*aO_sR^n`-P<d4o1qeIp
z1Lm(fy0xI_B3B@41lx!#Y<WA1x6l9xYA~0A7(^Pktfd6X-ga9iKNT3=AI;A=DRg_r
ztBfG~i6HLu8_aq@34T+PeCt+7$LWghvi7C>$2QHLDcyWhzWD??$m@2#`83m#uMN%9
zhJJE`_411x7Jo;*vYp_rJ%>Bl``GRRWeK-Cr%~7Q0bc@gDEN<Avh0D`nk;)5#(7OE
zaWbc#e*NOwIz6S5&Yb!rgA9Wd*iQeZ_w;ib=`h<kqY=YW5YpXtF4=Y#^W<F^$IW|C
z%l*U<6NCBN=N{}0KKN8B)2+cGKn|gsL!UolfmQl)tpV}*J^L4qPNg1m{cH9A{9Nnv
z+?k(}NdPQl@xt0RBr{!x`2h3KlJ+UFYrB@sPrUOa8N4-iP&t@7+iReA`|c6Pjo<nx
zZVqOJ89eyyk4`gMTH8M>GGZ&7$O}!`DHuSaNV76{Y3(hoEv)xaS`u1g%A?A|%7YxD
zGE;SK+@))GGxWzayqUl-)50(jRLe1~|HsAAFVF3qo$7ANiFNTV{)1JWvqKWJ)0=ZP
zfBl)xjT-RpYoNXZ__w=4EhMuRCa<Nsb3(fekE*jmyID{9o6rdVtK2`fF5rOs8I~;l
zqhvz=*r$L4lR~_MGuRP<lq`@l+53HW`Dd8)3pGQgPX1QSNuo^7O{M_ms!^!tq)=+)
zXygDX|4^y9sT66sX_V=?=@c2c+7y|&nUq<%Srpkhu;<mdzq{9lwJKXc>fP8lvfqR%
z@1t)qWlb$KLFmHZF3$D5^pA0p>DB^sA07SEW>(f0-i5i{GgF%w<QDY*sVEcxW3q;}
zDpT7-sr`lwX13a3ZcD670Tao|beBxQBeBDjr-wu)`$pykPBfR{_p5@KrPq&FSzY!^
z5ExDvG(+6}wv=*Ad0%s4S(~m-4dVi^(z{ThZ=rbA*{r+<u%MG$Rsc|}*sG?l*oo0T
zT4V;hx0kG)Fo5jA?tG=Bk9#NXtqt6Qzn3^zz;(KFiS!>kvghs#i_lLFY3{NJspY|S
z`^~Z>z79*@52mb^O4Zs+=mZW*+DoJ(NMq5y;jB{2TUNFd-P>v3A7z=(r(ZvER@*Oe
zJg$`LwU#_DFkAVx6+Z)~tTv0arf$+YH)e~vONf7`rV7SrYtI4LSa`4<tfcHdGVXH}
zr|8Y`OK4PEd6VQguU-*Gba{_ITM$J*;|F{Z8p!>ncu{(*3Z;AcKTSRhz0SIJEDHG=
z=Xy*}UJJ;Yt>Y^)xlurUe0-!O*euUu--I#C^HjlckmfT8x8SY2D;4NelGoiK!$D+e
znmRr9-D{Ouf>!5?QR-ZA;P9F5xs`6*IKhZ+(zx1)Zt6I2#1|vC_xFg(@Z%kgZ$Jg0
zMBA(j-XK6`NJnxg0h3OstV*}TdBlRe%yU0jvG5D1CCq;PGq-&qDfes)>_CzWI^RJL
zK{1S0q0P{<=a4Vl^tUL!0tPv)pJd9Px4*goFV&uCX<d-7+LN7|=3(byHO#ZgayHDf
z%ZfK-eb|@QYe=~daTdE1sd3yRv1m<SKT3{mE!`dtOQr;<GwZkRG~fU_TzX5D<y{mB
zCLZ|=L>I;d7T9jie6e%;EPVIbi{c-y<ZqvZ$~+5$9eS2>--ksg{L*$RE>qB@u6d;v
zdH7@D=c=Pw3$rdk4Z23?lT^UA_IYn}Atu-z5X3z}USLxeRIX*e&dhC<mic`=CUcL*
z&LwHE)#+%x#mjzHklQLR^ZT@X#sQ6;Ym!8pGy|w5-F{tx+p3JTd0sx_kjBn!d$7&P
z2Gr7Ozpl@1|BbYHIi`*BMiA^fd((0xJ(UzY^cdTo4dDg5&h8hDNyjDO&_2erliqNF
zZMFWk+Z1rS?E?GuKIy#$Ie6>WJMwbuR^-;lvfpJVExRqCmW7symVuVemd3K`vf`F(
z@BehO%9^7(k)Dgp&{XW7j`mm5YW3VroZ?lwm_*K%_<g$r{*_evRWXNI(5vlFqG4P0
zHu}sr9N#&h3w`q$mB0aTj(zLh#qZ*jtnxhcdY^u`5~`@Mhq32Dw`*H&k|JYXZkA$g
zUT%@{#hgcZGO5j+={M?b_+^Oh&vDL4XZF_Doq=+H<fQzuyh}i%d4Kg9u#$7Q>Z0aT
zV>Lx^(wZZn(Xg+5tve!kMdyps4Pp#i&vod#Db<j3J7V7qtSx1hK};E{#L^(H=GQc<
z8dcg&7)4YYEXPtME@qQ5iynOmd^L)gJXDG`rT@3F6ti<tY2sulQs$qvd7Ivm>-rX%
zRJwMkhy(~0nfR23JSj9<0n#PhtN=g>PAfoyL_kruG7|}<FJD`{{mnb_wM-g;Sx(5F
z6~)7j*RkqeonrcspclnM^4~<xe<xr$X8+0gTkKzTV8#CCB<<HJ{;dPc`B%b9_xxMD
zGF3?MP$(8U@hko}p8Ug(@iT8iL<WPgkcrXRUV4(9e~ed-Fa9gMx;!<cf7)UUlU$Oy
zs0dSb_ZLuB@GHIgM(fsGi*Xo(`u`o>;tPf_sQ*jq0d=AT48Dk6Ic=7Oe{^P^r@Ro<
zQVMFR1eMi-${Ii|&7hWcP)j$c<p-!`2-GqLYMBC&z%<8k-{D^>e+ZqwvyXwP&fM(U
z!6#=b>T1}YE#m}Zx^;2{WB;Q5N&Y*EQT)m7srT>d+Uw=UtuW#B_O22ABM9KA1GSCY
ze*%p75B-<(pBUrMBYY*G+j;WEgDoo}>KxViNqYX9Rytg8ws%01S0%eeM)zIC%Y}%_
zAB{gp9rar1b@6J@7D6g|8$bA-pB#v`f#O_?Huo8A+xASsL$GFp=GFg$a&CFQvM~i?
z4ym@prXzY@^im=S69s)ldWF^Z=Ce{{&&xq7tj|PImNFa$Q>hlru_}kpx4(3YeSyy-
zBf7m%=He_Sw{evb#>R1#3C7>!Dl?3<qh2aYRmD$v>q`Fd3|Xy%TJ|(I1v;-(UX>MS
ziuZoWBM4*oqJi`c%~*N3AWdB4YXM;x(-$557BuHq2L;RGJzoo6hp_}3AoZXHze0OQ
zBq1D~M-;{yZh|%ZA(8ciiKawvbOCV)d$<MGG*JPolu6p4a7+P77-zT*{xVTLt7YM`
zL~l$1X&Cnx2mGy%eXk-5i6lj0^T@(@zPKPApv@|m6>3WM#uku=@qO{YKS%rZYPc{>
zQaG-FB1|CI2k92=^3}n+WyzknqRXoh6_fIhOBxjnjk}}Hdc_qgs^w+#sugsN$ugI8
zzTxvq|3)Mq#7;PaDVC^A)w~3wcZiZ-VzDTQ1yurz&_>=Q8ofu94o}3QAy#0^E0U7V
zPc))NmJLtAVy4qq=_!horb;rVL6(osK;ojaSJ`?$ES;ZZObf3VoP#e&=dS`+j3z^s
zZ2SQkwg44Lf-V;KO|g_rezGAQylQX>k^*`Tt}yk^i$9uh)Ou39TMTMlXq_k?DDEt7
zEUqptF3v87efMe&EB5pGm;9*3t^v^KZoS*Grc-*D26Ql5keujtRK}_EWR+6;m<RMQ
zI`F;dAS%bjTe8!sJuCwT2tD{gbVztuG;idT(t1Aj8X@!}MbY82GnyO9&7}3R{xHE9
z#!n!A&n{=4H?EZ4%l5+zWgI`9j)UE{WNUmny_bE!0%ICKpYF42bjh0-<%}MV0V|Ao
zq;fidY88#4{B%Yi=YS2yGJYMMsp@!1p1e|K57&Sl0&IT;I#;}7nl1V1%pUGu2ZSx6
zUi45^tkO3MN?CoM2AmLfkVfc|RT)bS6=t&fcm`ZB4v=Qhi&W)k^Awb``*?fZ5RQ>n
z(7)r^(rzi-s>SL`NiWSkslUlF<VW#}zC_wXpTx_fl~T;hF%*FJiM}Q}Mc**#p^a30
zLun$2;un3Nd=*x^pEGdvU0CRcKgtvSBQca6S_-H1Do;fCM<5CUHZlno2bra?QbL}n
z$d6zQ6l`n~G5~*Bpwg>+QPF`=3=Cod3`T%%S&veDzNpwhI06nbIXyqXw+v4CRe|W|
zfk+HoWNHjKK-LFg<%9xJn1Ub>A~Rv=;&*%qOn6l&EHMy`L4wRlZwpxe(4!n*C@MJ+
zi$OskK<^8HmcgmKEE1L)h(~x!AWk2RPev!K5?>@N-J6I&LoAPx1>i3aRC!q}Dl?Fb
zK##0OUj@)D?@>u87L^@H!C*#)^)tYi4o>w|iKtv}8Uh=#8OAt%7M*ZXLW!{aKn4aE
zvK{?8po1<@^<}B3!ax=VFM%8VF<`yCM>W1wSaBc+L6E?Y9*Pg8g9E%Q6ISZYLl7kn
z!@yD_s}Kgnmx(G56d*_-$Iz3h@mB-_UX_cg3>0C=AOkTN)pY55014%ys=ct|8IZFv
z_z8UJ;naw#{^=hVzv4C(n18#ZRzc4R{30VzoS`CH{(dQ;@&hO1za1~KC3($8m<!<8
z@{bF!P&0cWgZy|GZ~g!7?NxwuDnM$Q+q`Y>=bUy#W!m0q{Np*5;okj0!lQ)Nx9K*C
zt@P<fiLGquF!XK_{FmdQ2pk1ej&pAvDVA^W^1>eWPQ>gV+jAs5!1vmhL@heV!faiO
z*j-&B8z^EyJ+6iBtS*rSgtIW~&?2^17tI9rm{V72p<AnqW&i`tsk5|*&DBNH)r8H>
zqP38X)kV^P@aAT|TFCn9BB^RUW(2lc$lB^6DQbacX1cJ`h}A`aKoK(nIW1%rb%|sk
zyqOul7O{f5L=v#qbVA^dHT>UT-FkG)Vt1h7a#qXhXH|!-x;6&`Q#$bVxXhT@?m+#e
zik4M=)pt2{?e`2!37qUKMgh3SqP$Ty1Hb}aCt!;NY#Q~2Mug1|;LkQkwH6xPSNHE8
zV{Cd+H)ENL)|8PCZfZrthW(;5!l;Z0K5HVsR38jc+cG5J&?LrE9}HH@GbDJgiHxS+
z8>D7vNPw@2jHEso2&6J3K++_JQ|}E>+cGeNXb?ly2K|Bg24*`N#J3BiZbGMivv);j
zPD@ESwB&IQ<Q{xrw^?w}lyqtm1ueP4J*fxxsom^K{a>#vmtn|l`;RTm&*cAO3oGWs
z*Mryn=e_6M*PYkx*R9vh*NxZp*R|)>=T+7f1pe*Vs9BTlwHDbZl>588!nOvx3>h6A
zU`X{{4Eo~1e9KXR8qzeHR?TKw8NE!8*d*gwjjLN3y+|L_II3CA2B-|3r-yHp`BaT7
zR~b4>AM{;@sG99_W$<(b-1pJjDh&S0;7R(BhSB9J435g+@d~&G`j#pT#>(K)iop8O
zv?{jumBGXGi1qZIRTyNI(S!6Mb)%Y9Z1|PY{q%@+s}_G`OZr6dw;7r`agZ8<A@E$o
z>{gA~PYuNYSf^ojphoPahN2I2)SzBgBX(0m&;zn+m<_9;JE<Y)0?*Z{Th!3)7IGvR
z8{o-X;}dylU#JsTvH`q`E`@<k^gjR+<yb1jg>0YALNDQVFX(<Wq>7$SasPZ!-QN$Q
z!xHy>lqOP(b9KB(u>QBFxViz(>sGb1>{hpGR=28Ew<=Y)%2g+QOn8!LwEVY&0a(ja
zY5nUfnhXPwS=Hd>fEOwREdXRDH56H3oeDu20GUn=UPjGPg&+-pOsxhl4P;d@iv%E3
zsi8=zohuV~0*J}gP$YqM%4U`TVq!HEiQh?s$S*L73D`b($_>ZIzv@K{9ty!iCB|kW
zGG!cAicffh7&HX`0+AT`e;plow{=Yaqut*Cf3@3q_m6h}w{HmZ68~tovG~6{Wda63
zUEd$=9`td8;lg3o{0z}5K!OVxC{L}cO1ub=-~@`uo5`sX&jKVkfbjCv{Ho}a010+r
zkDM8!D)A^llnodtM@?p;tLrPk)EV>7XmV7Rz~okixD$ZD0{kXxcA!Gs3P527I?0+X
zs}MH=P?&%pWvPc%i0c3djKB*SvlbQfY5)QQ@S6;EnF@M20D*p#&mHzS-fz8uSjzP8
zl4anEaRtk<6zL0-Mz@OCxXQ8Q>E9)d_7veVmm|s27beQ&6|vEjV@cCfCCUUA;Zm?N
zb96nu51o|cZMl^K9`>vKB2f-26VxTI!PW>r>Qnof;V5240l=;i{~6*S`Fi%mA2z8m
zB{%CjA)Pk(j~w9W6>kGE?ysoG+dOy=&d!9&Z(*=~=U@Cw4mn!}He&EA?Y{UsN)(#S
z_fh@g(iYA<@<*={YleYeHJI-hD?a<fM#S6RrZrM~8KyNddu^sQa(k+`ST%|%|B}99
zwgvht*tkxWcm01xSNNfz{|<0NL9hVh{Ehz-f0_Rs!w-qT{Ryy={~`WE|K<EA{(Jxb
zXW_s6zcJO#{{$FxEMlnoVK^OV<eu2P=eVwU1P8*H(?LtQh)hDL`hGYaw`7(lJkzr-
zdBA;P%qc4NF#iBt9KZh~u<cu&`UAHA^&bDfywFbxP@GS$t035C{ddv6^w75d5J<s0
z+m#pWGP_$eBps3TGzg0E$#iY{*Kl-y)CmNew|JCJeii!%CUE{gVlH`^on~TC4Nvh8
zi~ni1#QWpcr~eKww?4rFjPp1COTg&=Ex`C_|AhZ0V8<7Me3~J`?n^h`bT6o=bops+
zFmFYT5yI1Z;+>46o$@M+z$$8$I?B@i&OMVhQ}=!WI@=eQ%XP0qKiQ1fSo<8StDQ9{
zo)kXb9l?_&^|BKGuMvDKx}zM*5Yi`_5EHgfG(D{UFak{w$ndt(1RG%A-OKJ74F0gC
zx6+XQ6#iEp+@Cr<tmtG(|H}M_5oCh<iRNF?{dAqR=KaFSp?$FysM21I7bxMD+a?bx
zwpY0+)0roi37O5cpNb2a+J8B@v|GvwmR(i3Ig^{an|~Y4k?l}jk{4IXk<G&7S7Xaz
zAy3jkBd?VdUM0=G=z1vTSHh@3IAm2A%V5Rp1Fd|wTDaNq6bm0a@_)7W9Y9en+uEcV
z(hyWKL(VxT$sjrBAUS7H6cEWtB}vW-$dEyhAW2CoAUR4#I7kLX2?{ds&kTro?tSOo
z<E^^&*Q;AK)q7X(-g~cJ-|Ftw-QSu$p9VUuk<F>3f3wETrCbi!-r<=ck3CfC=^QW)
z+qUN2JoxH~XRtn^38DB)k=J9}p=S@!WNF;|(1E-;zAv|-<T2W@q~>t#v9?uDRI4@p
z^SB8aE9?gx@RN2rF=?wPL=_FJqAp(-4uUp5DTHgar#K3DL4ki#EJB5F?ZQw%>ZJEj
zMY)jhXB%sT<juWM2EpryP&fjvGe{5!BFZB!o@0jq5Rt4o5BXjO?_F6l!2CTC&`)*;
zb)vY3Az6wKqLbpj&`?y-klv&r<fXZ^l*`{`WqBh@aJ@c((O>dpIeve1!~FQpW$?W}
zG6(OA39!7t5GxRi#@l#xR4EC<M?;Zz!N<1>Pooh=yH6eeZT$Ykz<&Dnt>}|C%LiK%
zM=eL(nEhM|l3QSVCK1t|Nyq+vSXgK^)vjm%?N}1?Ra9s=y;$Ps%~yUYu?f1Wu<^#?
zjWOoaFar=#6hqf#JItCe;}DL8l%S|3tHv<X=+r@#?Kc5D7VIQfIwE+i%F--)m(s9#
zY0{&3Q*BZBa?_*uU<(9;CQlj^J=2$E)QT7lJsTJ;Jl`%qQJY}&xYCF@7v_#4jM4cT
za}n)kS(b&maOdE&TOn61AGNAGFx6j~!`wC$W7J6NT*cf&ySqvGs`CqvzYEo3=SdC`
zo~SjGYP0(IWCDA`RXzLlYmW*?Zl$OvDEPFKUj62WyWp2VSGRar_tLMBrO@%#<Z8Rt
z>gpduOL<7z7;Ch{wh(Nk)C5jOQ}xCi0&Of-Q++IUQ{%>Z0y8Y`@U#$B%L1t@PQ01z
zYRF7IEUN@wypPKY=XJiZAQ6UO$%N;kXz3@B62|gEWVEGOu6L(Z74)*)?aukq(!5VE
z>?B$1y=3ZLqTXkEV|;qdtK8Iad{VEVLw8~iDvS_~K|u}5)&9(UI-kRn?FHd{Regww
zC1+mGI+j;>6N(v4MUKG)+qSKLy7>YZDmxkxT6J4AH(M{L`W1*rg`L^UXtUkWVe^lP
zrDsS+_cv)LZL6?tQ@c4+OgWn@h<LFxOa-yCOs_Wi5J_O?gb#)|Sk_39Df5lA!=lGk
zIEsk$`QDY)&Kvu1v=UiiSA|caxawz461nls$iP0YGu`J?J=ZJry)Q`CgVBV96W{&~
zV6pv1L>2>a5_S(@S;n)iVcR6A{|Vn(`z?9XB2Gj5aZ<08M~?Q>q~6B{xY=k5TjPGt
ze@yyN<1MA%@p_zVzn1R%{PDAU`}2=qqJLwTNW|L-mKY^I`9k}>!RY9bAe8gF={Ibs
z=~2@WF%k&b4DAKThh|%Q{!MF7Ffp2Jh;&;|NN}4<C^7o0P~>)e%Q$XT66R~+c9!+r
z77nC9oL3PYxwlEgKvY0{+56J3xvi*&l=-i`dJtiy$W!FNMi%w%NrM9yS@iuO8xS9m
zth~d*x*o=11c%02cD7ot@_Zu+07)6gG1`y}-v`M7>9!PQhZFc2T$QXZt7RlEyhX~F
zBZYu;$ddJKD|t;wD?vs;j#nwcDjUNuK;~p=G`-XXF^)FI>2?K=935!Ybok0hCu#&k
zGZ)lCNB#iaj1WP6l-qA%U(Yx1cqikrrN$!PF6mK?B#tKbC|a#_j3$9oM1(BrlN1L{
zes-s5<Gi+^ZHFNKYh?5|i9qFY?P`7#r?d#w(1Pd1H=G`26z&%XuLnx+!}`jAFSi@}
zQ*7Rj6<^h1S{Hj%P<<=mgJNXA$Bpd+aQlIB?95TcR8`AicDt|BCHX0;(}AEy(#-hq
zsFu|RAbxO_KoB5ag12Y%&YnGXM4rN6_;~fRyNBb$=e_Wb(W}>8hVDyJLYg@mCEdgH
zYj(WpO16xt={9zh3z%QhDf}evc{C?vB#-qXZ&o;-_&SJV#>#$%ci<TWW@wZ;R;`|$
zk3=_Tv{rDhdZ&95i+I0oz|In#n^{=qbp6=A%<25`$ug(o$B<=C`;Xk7b-dnmo}Fn;
z4;rqgiMGysUUD=0_-@I~<m2-tH{*{fOKyfA>u=smZqjQA?Vc@|QR}AA`WSSxGf^~a
zX6OSh<JW_{J$hl>H$u6W?l@`tT=G#(|8h8U=g!9$SG{4x+KN6?u0GR>-bcjCPsf+~
zdv31iHEhT=YzQ=LFf?osHVho?xMi;gzE{JGCsbl#(x#<jfcPoib5V>iQ4CjAyhgRo
zS7ib3jfEL<K1m*Nb>HaJB~q-v9@ZpXzt}blo+)pm0DUy{5CV9scnG0+i+Tv5db4>5
zp?HJpWm{)aW{~IIPPUfc#~yoa*IBnv9By^FqX&FXeM(g~kUHS~uyiGJC93n~;?%*r
zgW-ezgYJWlgZ6{w8?*JU%`Vl5fsaY#<|5L*!AYsV21mPMlanH#IJ=~9N=sy2eyoU;
zFwaa^rB*w?Xyo3T8&gG#%2Rse#|=_j#f~S(gRoKRmr+A%I(E{l>p9(Xips4oQ=Ct?
z99)Utd6hkvtu@u22Gp9WPrs=#Rh|y7F_oXDnR3hB0#3yac<s2<^?P|dx2~S$pXR8Z
z<(}TEnq{9ZubO3^=9$EO>lNjKZqp?GJkwf~Y`SeC_Kg?wbGl~~_qVc*U}L*3G?@!+
z`qBhv(AJl6+!n9h+RzG$yIX_K3TC3)Q%g@xH>b45Id5&HIo~sBdR>cc()6M>>UvX6
zZQ!b*06TQu>vr96*+;!P)<?>DjT*BBAGL*w@4_NZar33uH0oA5+g3a=RyMwjr0p`e
z7Jv6Hfcn9$exOcYXRuReY9KX5!ay)%+)K^5$*$Hkaq6jvtK?p;gboo?)MAZRXL3!p
z__3Vo){whdU?=s68_yPSBsSH{)3GkatFp#Ae^z&jBY#$NY6~)}I#mvtRh;4(#*O#F
zc0^Zf@~_EM5WPCpHWVA<<xoSHM?tdnevG&#ys2GHTBDv}<`O>|bl%HDsGf8N+YR6y
zLLMxUgEIrT2&(h<Coto6TKvMuPpiT5Y)NjO=kj$$7n*0`uZiF%3zr^KKYN3yBHJ^$
z2OQwm0Mj8IxW}|KDi<m!S~UsCG<`a0*%#~NrCDvAK{32}-wvI>Nvt}GPc&mPJe{Iv
zQ`0Wh#!K2R)!K{4F4fA5#x7f<oT*LA-HZWf?zLNm&DFG7C7Vjou-R(c$sy`8snvsP
z?3HdyY~=O23Y%TjY;vKSvwX9?o3nKDNjGQlW=QvOExgGeKG-b{V-}T}1SFYCOfI~Q
zRrm6!vQDJP*zB@FXKXU5ieeCDoeWQ)NZgFGNmcX;wn<g+x?z(l?`3IYKK!(%D-x1)
zg(W`zvbF?7R*+tn6C%S%|3oYaXvBWjD?R-*KE5%Xn(<D-m<n$C8;j**1iPP;-gT;|
zWVh&tm*p^--)k?(QGfy3a~OSU{>D_|<#?{cl&<Nuk70vS+WRp14=fBkEf`|*lzb0*
zZFm#ARXO?I_KLM%`M@W7Ixq{c!Txw)!hGa#@6RpfHBu**uzu?^lvqNKGL%kMkFp?Z
z!qW`Bc|$<#F9~v|lSdg4enY6Wz-ghec|)AoUlQcg>i}?R+cPpS+q@wn<LnJP3NUQJ
zk?{U^6tYdboyNN)Q1gYz_zq_Ii%@+t>C!o=QZp&GPuY4E*~xVSuvNXWCi}5c`>{;>
zu_*hoyY^$w_K!wNl(iK~ipaF3*9+H+y>w$6wFI2x-xLv#X_xD=tn*h3tCQc(x;*&R
zIdQ+Jl@<F;#Glf)!URJ|_cKAr39DTYykeo&fL{dPQyG6az0$MN)H$}(xASIk?#7ni
zhTodsir<poqThnw`+Bz-LG$O62s=&$H{3w_?rbdSsK-!Dr>BckOueVGrz^^;Fk3_>
zkY_a-<y5R+LU8-A5-z5RQmIp3cM)ev_t$$cuV0t|4rj5_0<57dA)f<-z$6$ZRp~{f
z5OAF(KQTd64FM<c6fOj2KY)W*9adKaW*318vW6nY#`Ow6M0W5GD}b3r&<}O6!c7GB
zCb%T9hg`IdJ=x9@%Qb_#(xzm)+ZBy^Yr14({_BFbQyZ0L^W3z&nQ@c@8^tAYC9-9O
z%~P{GAY6_rvn_n(EAUx@Z*y%%h{R*qv1YfSYACDLsn=M*ww$a=zt3=^7;i7VO4tZo
z7<2V0WN*_^yjJP%Zsz!Vo--6tPR$P?Cjz@)61cu#=6Ml&gl^z<+VI{3xGp^P&>6hq
zhUtxlBQ04^F@xg<{2Fq-?a{n^4xR(5ciZOtj!4*!QtS+DW;WFf?-!=(Utq>`=_tG0
zx#Sal+Krv{XFg#}iY{kfii?&NHhQJG!R{z*jJhpydkE3c{;pbK&2I(K9cCIlK)%pK
zf3;6oDZuGPL|cX}wYEO{nFMgaot^+%DC=(_3wwBK4J$_#Ez8n1WgAFX65d)I&f7Tb
z;yBC)%y{|IMA&Bo&HDGfy~F+df+NL)&#)PK(wSqHL<O6n9~%=^g*^77z{(7v9J_bO
z4*Sq8Vsg$R>D&FAote(@KRRYXbf~c)Vcz+!AUbTY(dmKI!=^PJ5X<gi6MUM9qCf;M
z0#p#Za0sF!2Tz`6R<*_B#Ja%mLjF^c^M?;m!A6)H%*}8+NNk7A>ARE0HJ3S(?qJ%^
zNv9iVz9VPe03_Wxv3VK5>z>`)!?ZD*xVQe+cgN<XPt}~LQN<&%!m_{FiTzsw2d*97
z`0jV$_qE=)`A)OXjOf!x?vJ=0eafoHa?j$*`b0h+Grim+csg7p&<WvM1gae*R<SBk
z6hHaj{ITwm7}mVTBG&g*Fgsh+^t(b9U&t6v9Nd|N4oBcjX=hqTQ2>Hrh+Kf83XTp)
z7@_s^!x=t5pa_MbgTN8zXGsLgXAeJj#4aFz4i^06$4lUt0^ybc7YC7flxsa!xm!9t
zHmh9SXfRuHi#29l;&x`E$}HrgR$Y;35-?wK_AwP=NvEPm!+JQiCjaC6^e^y5sH8J5
zta}AEUbB(+85vpYze`FMu(9nkJQ%%qsA`mTI?`)P-0dzDbbJ`Fb0`Y@_p16I^}tYn
zV1-aVTy<wB2<0K4Hl(w*cCJyepQ}$lTHdMJ&mV%&KLQ50dHmWkzl_5@#&xFQip%E>
z_wU@EP&G`;mY}T;xhAiyco2s>83$^J!%C04|3#C`=GobpYxKUNV!UpnhXJ?C(vyUu
z=+$PWXb}1rZgCg9#aD;ilACy_Xu(qW<Y-}rG<F!c$h3-RkrtP@L*#qow-tk4(_$us
zDMeo{r8m6HiJ2Cr8p3Fq*!tkM)#ES?P!hf}{u_B7?J@$sH|jjPagoKB^)br~+1iq~
zBipQ=p&7Na2d8MNR5Hw5_IPHZnpzq4`LZu&^8^<#8erW%!7U$6cqO_4>?zGi@2Rz1
zrE0;*?|EbSOD`Zpg`e1wbHt<wa}3Rya~#cubJC;+a~jP}MyM@wTMY?)Ax+paODZ<`
zN-yRL$<-8fO{TId6PR0Q-tD5ulu?}@Fn37Ab01qgoVEUDC{gfm%lb%Ba=Y`GCkQ_d
z(*`w|n!pA)DIF2VV1qR&(}7PGBD;@IU3FiTRuwH$^AdZz+@yEL%?$a}7*23_EGMO@
z1QvC894D=*d}G`#mNhHb3OcqjO@7X>ZGP);etwk7LOznteU>f)J1qWO#%h)s0*|V!
z5OqtY#kam#65-h>nlwe!x+JXlwsPrO3(T^t^n^)O`Oz%S-C0$IAl3(1+LOBSgeAPC
zo2(Y$WvXn`-St&Zd)dBsx5^me_jI5b>8GTJR|gRdhZq}TyX5{KTX7nucv1ZcBo=1>
zzb-hTfA^r;u09G0NQH79g&%Vsn;v5$MIdpZm;qnl`><?V%`dfLhtRa;%-goL&gZv9
zg)X!qS>ESXBw+**Jdvs9HX-4z0fk0b$}SFG1yM%eq28x?O>ITO6X(E?@nGSaEDwZ4
zw}voA&UwhBh8RcwwF7SiDQb+qbtTV?gRpU|bZ4dYJkKtPA4n2N&7pXO7vy*?f;KeX
z3qs?ll#%cp!t;Q!@9nlt(C`zGb_7d|aw)GN=~Iwl1bb+TWlwAVZAY^RE}UL`JN%Ij
ze%^9bzL9=@{`i7o(sv*i<IJ|c?SeMP8$gj)S;769_LY1yq}w%OY6F#ppGglv0aMw)
zB7jrKRE|6|mVoT5Tx2a3er7Tv0r~Qwc?TbUDKc7|ga{?neEni0GEM<i*#c>u=~3ZY
z^*){Nqf*J5G$k=kkSDr)W9ons#WCGly%;^`F_T&Y9R1f=My~pUPPG~3^@R1b2CI>#
z;p3kb7vX*lKjqoZ1La@%HI8DwWWVXxjC}h?zoyl5z8_f>eI1<R*_9>x0es&RBMa3X
zw_XI&N8^HP<as|sb{HJ89LI;=3)Wxe=0)!SGcH$hqql;;-Aqe;)d=obs^qxmD8k-j
zX^3kgVzE@oie3a3T;gUye*zA=IsX=!2|WXBakKZI_%$o@OCmnEam}(q$Cn3HJXe!N
zd@ONaa-wtfw3Xgml@r;`0Q)N8zNEcp7AITL$y1p7_xu`qFwp`x20A5pdA<^eP69Uc
zNDFy&85}WRiF%JzxUAI@4HqO#Jzt50js)I+&wT<sB%gP;XhDVozmT`O`~8MrvzQq1
zFZnfO|Fd7?K%V9*^*ne2XhHsE3V$4EOx`}#>V#T?qvVR=B&$wtH5E4;5hrL<gFF-w
zE(od#9*DRjSXPbP4-_OXn5^uLuoT>^vP{7#bs@1uO~g?YWUoT*iVzp<eHPpSBq29+
zk$MLE?@oO3bH4_S9K!{}LiU(!+c~EKxf!@mHt0-Uf&3z3M&R|+;KqnS0q*f26WKq=
zP{!lxBI*So<)44gujxQ+uJxa;E|H!2HO{glQ-fuK{KYtZj*A!lnqlF)WaoZOdc+%k
zP(g5NL<4_WK5`0BpR8cGGASaLe-mQKh{NVcqJ&C^bDy6bf*cp&&)=ID919dCn{bfI
z3yubIll@2inovR1Nl=?zmjLQJkS?E8Un@WAFz6Z|QeT{XgfQPAtTzItkZRf~^2)}M
z-t5J<jv(L*OXE5BYnnm3ykV&{O`uiYxE>@<)H=`vuVxPthpZhbZI2YYtOco$ZEG@3
zImptsi&a*aG@%<`x8tW@^8^&ei<U%_4f5d~e2c_{nhA2?jeCp4D9cG|^;U{OmYFoo
zMk;|O9u#cTMJEd;9qz)H??{OF7yKI8|N1q5->-S~U%%!*wv+Z>zvllxzed4VEKwe}
zkNlzcFeH~}kte^C&9QONA-6$BHk=VF=1K+wrL*q`$fZAWPaMATi5vSS?XIrffOMu%
z3WzU5FoQn_O-h9#>mbtwFC*iis-i?A_acFiUO?~c?aYm<n7jL#ef1sRd9uP$Ven$^
zlW)UD-_!BNxi#~L^os3@_$)Fgir<*UB4b-G35LjbVUR4)8WIo!<kFbwWv&G=Q)1nF
zl54?CgcVLpL(PvKBhBo9kr7Odk3tr-oc-DUkTk$9dkFmiDZ2rEUsYTdZ#h`(KKk}N
zMSZ5E5|{9t+l#4Pv&H-la<vM+mpwl5pNSR;JHAJy61#JnUH7$L3x6}MT){f0^8&IP
zF}$JliScFHuKqBaqxueCF=a`|k$OqkI=6;n0E3>CWJ`cAbo21-p65p4<8l5KNVfO8
zz?$#r%PGqV%a51o`mPUu@;j!_v9%*L!tZJ2t!O2z;VtWB&FhBn7WJ}NV<{uE@L^p`
z*8~#yp=b<Z3b!#1?g}skV{!&FXkjw9(bFhhLs8tu087(ZphZc=E7Ie)(O6<&A=B_E
zVq6YJqyDV$?Eo@>kZa|UF6P(*U;Y4FG0Ne=-pGdixW?1$>ymr+YS~%4I{~{?TLA?c
zD%lAV;{LI)zho#Z`1FvzwUv0Awh@VVg0|*9dl2Ah5MdFDt_7CjB`q`pAKEObD;BgV
z7!0%zq-bL?=$>HU^T<ZyV^{^HQO%?Jl2F>+8?wAf0$z@IhAa>ik&eu(3PMFS3&M6l
zX14$oed|@q3A$n-lZ14cTjoAK4HB9k65b%Pa4T?-nim7)A#E6hB_*wjfB703va}dJ
zZnK0EcMu>)iXI8gLy80+5CpRrWPBtf?qj|q=iTx7fr*OT?D*_p^Tp-}|CmFvU4doi
zF3FJtRWcTSjjT@)B^m42BKbSX{NfI`24`||rLTl`0Q#_2GWxUlX|oO=dP$B<4jT<m
zj@*HGs=&BGW2B?v1$PzguYC>r_&IAKYiK64q4Or*66IU*xVzx5-2Ke`)E{}WXlCf@
z(LFlcBi!ZPf$kk{5g$K!4!8Ez_f?i_WlCrAT$g<=?*eq`aE@@6cLq9lI7K+cjFJ_R
z77D2HDf1~hN58`_zhsPB(_xP@@IDpNmi{a~*NBb}m2a^s!ZxNG)E)g6^ftN+)D_(c
z>LiO1AmJl&X11fZqkbn`W@(sL3ABu9BMWKihajhYPF*m_;|k@nu81&;c>#J6-2`fi
zZUi+(H-H+*ZV1ft&N<cF*4S2#8J6bi)0G2_W2(vQR`?v_Y@==Ok74v6^?WN?(92^B
zWwU0JWus$5Wm{x@RU)s4QxaWFrcJ6vswwc;NqEemq)pelIAXYh!I9b)Y)dl6+)dq0
zQbMCk$BfFn$n=USk13SNnn|`$UL7YZI+IM0RDhIUz|N^_^nNk2&SHK<4+F;l#QhyH
z*C$BDSRJR1v6+&2vHK|T`uE-2hl2i-RRs)8{v%J|T?YpT2Lp#Vhl26*n$c0pV)4hu
zVewOETV7L(`S}Cpr84@1i50SzI)izKn%TDg9e)VBj^1FXRnXYVRh!D=K+w%7cHlIj
zeEMbB5@VM&V|==*op$<LTgLQs1)mVVQ}R^>#Lia06SfWGWRCZzrCQ}^>1rNFLHWLp
zvPlxb%!0mx8`V7Sf;d?*52|@?3if5G$=Z*MPV##R_B~PywIBH~Ng|$UKd`(|&Eqfl
zFuQNZ-WthOHK&ixVFxrN7AB~X+h^^t1D+DQFUUC5!8|1vB^WWZ>{xRL?An_b6I{a+
zFDO6Up*lsPJbeUbRbAY#Rz2{X`*z{CyYgaf;LhT}ossOF4#clOaz!n$Kl3<C2rA-!
z=s5=~(N|oYFdENV5}_M+SnOLuk(}qI8<U~Mvo2Sw%cd83wGXl8SctX@oq~w7R(7`w
zPm2u*;?=}Fczy@s`q+_N*44VimC`wLWoo(Y`JF0PO4m&L>E(szJhOrw)5{0XdFBN*
z>ig*2tUFvm4KXZrJj;U1GaWh8&9|WS{>^^PcTL3Ki<ygkq!{n7>rd_X?l<Tc>L>31
z8ne;ix?`J(;7>@rjVDL1Y$@1RQcH%!>S_r<LPj;lbhe7XxAUAvqa(GrO7e}1wMW-p
zokA=yCZDWjs+;`j&v12zS~l=-2z4xVyqF<L%Vb<Gh;QKG6T<0>DQ@5q6zc0!3-uiN
zFvEXUsIOn`mFLLr3`ut8%E~fwBagJu!@)kjTh{m8REPSkZ|#6*#T11!hWqkv?Xb^^
zsR|XWbqLRjX$S$=mmf6Vfw=XK#^g5g=m~YKcbLqQlug^egTbX2xYXk_n^utt+$_Ls
z;;|C4+w6#&O{*fe_OkAG15K$VdW{s#rqyOfY<1MklGJ4`ZxsYLIsV~B){trUasT&b
zVN>u~*y!0T%;{_vrl7W?HR3nQPbJW&uyt`3rY(Bc>BlUrqkc}TLI`g&=E2K5Htvrn
z$z|_aJGoO%XRhoox4pb`)17iQ)Bfx7!b_f)LLFb14_@-L3TbTj(ZT-h&K>kQhNYRO
zLumP12le~^EYT5_4A&t<DiMv0z`-ylI5+}G26phtK@MTO#2=qy8Nx`wuRCZVors-b
zF-RZENX9>zgNg1c0p9?Bc_*3VngdBLCZ?LQ19$F17?6NW+d(teG8{;hQ8V~DJc2l*
zbr4@R6r^V7AS0VdmN7B-A%ao3rUF6C)PR^X_&I#b#l%+&aln6Kc^^ni7U{tKWZ^!L
zK7)Sf+Jgv&4DO-9YoS-v9y_4OB{F9y4%tL9>ees_<jd*P=l?aoF{9bsyuy7vRRtXP
zYMJ}0=DkTvZzQ}AmcA2|9ryMu116||7%0Kif*2UjWP0(zDA(dJ2-;{Z&|=c)7UGc}
z$X%w#OeA5@SE{5pxy+53j;7Ym7<^^pwHRhL2{TO+b!3bc#E``<@{v^$HK7he*=56L
z`XOu!grRS&Fss6hP&jf^EL7?l=B*miI4y}68FnxGJu?T9V0VN)vy3KTV<hnuSq@QE
zTz=APo8GGGu>42wQaUz&ssrb+NkN0=l@iQ%CQmUZOsX0jt~|$_33Ce(TF6AgZRfes
zE*uPIV@kWy&vT3YQI5JHQ{|N@%#UH-C}Knp-(Fef@s$y8qipKje&(l2HQo6wK4AVK
z)EbF~`brlNMVh$_R22%MQRyP63Xi7YN4vL4BV}_b{aP9ZK`yOfSX9O*{w4kxPI6OW
zEDBSxMn3{6EE>~mjnTJg*0hJ;z(S>olVp^o^Lvzo^Ho%cQ`=RL3-EQ~Sb7N@WYp|*
z>RIM(L;#Q4)jJaR2>h@l0XZ_7(nZ|5)ZLN1dF@&ex{9pKwko7L?~+7pHAr<Y6GEzr
zqgi!r^(XaOv5eC7pC{k2HBC3zPYw>Rq)v$eRF$#wVcR2fKmfIsL=!UCm-T(vT5WFt
z8rn_dQ^yE5vAh8<WXz;1Dh=j)4tZPJ&4Gp(>=<^Tq?Y<=q;~g6tx^m%H>)PXpAAmD
zdDdf%T!lX=SJh)f+|8M6%HCw+)y8f^#NXsXB;0h%>odC_krZ|=V5r?8m_Ny`AbbSH
zDaBZmqs*?%$hoa{+c=2hHIWT=HDIbtu$p7Wu0DJw#O-<JXS<i_?)#a@_vTgWxlO41
zBe6Te7eOK_oXo^2*uCM)A)X5jNRQ;~hr`#R8#PTU`=9c`z6L+i|D5k5MAXOrJ*f}I
z!0YPIQk30%JDXy%1H*iKF5=dBTW#WZ@wScp7^#*~{fqGS7bNEG4*>tAHU3>%BWtdV
zF8P?ET(MorBP`wcl47S)veI`Y4NetgW%miIrpj{0oCL1lVDpfBI!M@rRRIfiUo4g*
zDHfYER+FaEC>Hw*Vx#t*U0q7pFh9lX3}+_rv>=!XRsk?(f|%Xq^tU#Q$>}C`3F&vj
zn7Zt}PWh8g`ucqEq4~={l7WKk+a3YDh(?X1?BhkEx{UDcF9~DMv3pc2X3D`npI~=M
zAPQoH)<<hklx9@cYh^<eZKT?3Wl0odv~A176?NMvy2t7|(MXkH%9~2|`l{A$D?K7j
zBbRO~ZK7*NNVaW>0CggMqgI=A$v<xuvs4VU_f&7Mv%e6=uIPJ`YB$7Iz1`04Yf5C6
z5^i8S6jik<V6>aS?kh+1k~+%lp{=^yU-}h}c0V|c<BVHc!FoiBhV1QD_(Wocy=_)F
zMBIjz7Ce9`218Jr6*>`LrD5<J40e)Asa7jwA|%7j7OP{zU4vHhwgA8(;Rk~t^Mm2N
z#r=aX2On?j`R(|9uJ<+(eSg*b>U$A$k@v#p!taHilGpX6x}Iv7Ucn9AdYsYCM5vc=
zRa<T>4oh27Pop;P=4ecb79Xqp%c2ygd}Xadyi?+Yt}eNr{B140X33hzXq~y=;8Zy^
zEH0FXEO>+Z+}DF$0M7_p^*_|oJ|(Qt533Cs!_s9-FupVznWg`_hBlv&ro77m@PrV%
zoWuc;O}JBLXb;FDbkSF>wn`^_RW@P!hMi5{h^HHiku9#w&;}4kc(*Lg8W2Ostq-fV
z72p9Owf=b=2Zlbr;icBdBfWV8X>))d;ig`WfwURGhp?gazA4}~VQ#6#Q<R3t*LrAA
zY268Llqz0d`aR-L@($d@vre~Cbo<X(jFAPkPmIbPwAnI7x_{yQ+}zhyhjHGZ%X{7+
zUc#ti5>)^fp=Yt73V@xkOjkAEiiJ?NctYuoDyzOWPXd-aD}J$|B7mCkdr_JKfP&CN
zw^A!u9zaTHq5GfpYh1CaSVGj|ow3STiVA`<LL9LmEcXkLGH3?~ZWQFC)Akau>*T1$
z+eA|9d`P41AYduL;ITdTYy4PN^D(&OyjTYFsZ&u*u-sTG^K(*Aj3axsucd?-Mz(5i
zD+ja58MCx2$LmEFY11du7A5`kYp$_i<YO?)Nw91~auQM0u>@HLA=HT|s*xtzuM<L)
zBQ>?Tm4fNzXjxE{;uRu=wIT5^N&^Gozu?zIBK#V2r}c-U2;w62^E)T3Lmy@6=i%X%
z3OyRO)wkohl`N}T{zU^-64s}|9*22_$AgSpLn(09>}c!(oKUTOc?ZUx`M{IdrOL=x
z-1~tyv9}i%5hHQRAvMshuF4Pzf(q<a{Fxlb02IDDzZ#T>8jCC3*g6C_Js>NfgH7jG
zQ51+zGdVqO1;dKCdE5&9d4S!}HiUDUNe-T!Uj@SMqWDvh^M@b)<D~5l&h0swN2!`C
z6r*<lw_gS~nn^wSsxiJ%xU;|Z!mn{o+_d8HQz4D<sKSkxBYRV8p6ey_w;_=wG=z|V
zlE+R8OGV^*d3L(dzFHh(%E?dE`4Ig83$lL;j3R<nR)zHM3H<k|*W;s-#if5ar}Q^G
z<=;J>D&j4PD)|D<{Szns4iXH3Go_tr9d>9PLjDB`Y&beWc?hkaAI|VOgF*<74je}q
zFc*rPKl~U$dmS@BK>3OMIar93vzK7QF@;+OLL5XU)m42Qm6k@+*>e8UyJO|bg~LT3
zb?S<nM%C6SZ$~xCI%*z{Y#p2u_!^J+8U2;6uOB}u&W3Yyp?=N+0DrOkfHRKbn1J1F
zH6v45{qg8A4ValHy?J{&lijN>3~)-^Ulpoou|BWBS&jc@RZab+uh+B95bTCsZ>Nx!
z9mI1(_YTc$dpWP~!Bl@~6?LlBl=}i@tK~TtoaraXi3o4Fd>t06K=*@ajbJFk!W%AM
z2P488E?-ZYXorQT5sJenQKssq{O4G~m5)%}*-3C7LY44_bk^2>YILU<PS)uweU0>^
z<^6i^nf^~3C=8unTV~)-X5#PM&Q;9zzta*&_n?Qq{@=AnJ}Y*@-KsU87pG*?&pwW8
zJL4sBgu5R$G$#mlizG(vjk2Gel5#uq3KxHK#p!A@<)57!l6hgIPGn)+)*DE%vh%`d
zv8Wzkl+z3h@V(X>7Zdb(VNmQV_zjjGVBl#X67apY8y6E;A;k5dMQ&l-&_yILBIE20
z*2jMiSSffBfjcLI&XpVLJ=n&!I!L}c2>Vx0sORdQ=k~sc&jHx?E7*4r?7IW@{S5Z~
z1oqtmdtTL5T3000lVw$e>WYuWc54Zh$oCbI>^(6qNoJLMWQX8y>YyA3z=mZ)LtEri
z5r0Y#6DIUjI)sQn<pjZN4}{k)=oi6%XDh#xiQ=!jR;p8)>6)giF6o$@-oZacjGP05
zz=Q@a75)XJ5ODoSeqw^C8XQg-QV6(yCWr^ZF+pH<5g6DT&NuYo0K#5&W(7!aot&uy
z4Q?Wci|~wJti$j3B1RVB5hGX6R+Fxt`C8SuF-G?a%4B8V<&tg)UyK;Jl_gH`V>t<U
zhGOff`61*)V0SS=*c}Pn2G1<_%n%WE`u4Orhhv7&4a>KkV<9$&W);0Iw5hFc-pqro
z{>lu-F0$)9XWE4&L-T23c=QH&Dm>mv`2h#a503vCE(?pBeYlPGfa8=${(wW-WdUh_
zBl0o4-{UOgB>OG3Vt_mSoM6)@-yK$-i%s-b`$RNSMEgY`91J&;^Cb4C*Y&$1B;fuF
zju)<fOS9Sg=FuAQ;e8)?9MBmVsYd)SCW*uQtB!Xa689Z?%HY8`okxgZoCgQ67=tfq
zN;Zs%>AH3|)0OO&VZk`rr$G#C#YRSb@JY<`f981!wmw6S#qn?nvc4iL7;KFS&OFON
z>16b9xtIWj1w*a*gkd+3f-~Dr?*ew(dAM9mV1?k<$>%3Pv3>IsNS%m`vo~b^lc{2E
zOx<9Iio+sB&1bBsUEtI%%9PKEi!apWg}<PgMCP1$rkQx=oLHurSmvB)rkUt;mf&B{
z#L^L=HAz9u=9x7L0DU8*QxShkj|>+KA>GdeA!jJO_HC!qUliQDF<?f*T;jd>)5q?Q
zxhTKJI<H(`QCSgPVOt?z!Cv{^aeMLkK~*2Zj<Y{>#lWL;_LVaKC1TRl|2$zl2L^!&
zCS0dz7mz~0^&>gQ1W`2voG_#iaQ#f+4@6*s!0aM0sNnMja%?z&nCDgy1k(xZ#Rzo-
z!%YN!5s~qWb^M+;<|vvC+ctW>a~di2d<V8|lpM2Mre^)FfW>(vuGX<*O8ufc=4!7o
zT@2ehIt~B-QB{Qb!R16?_e+AXJ0RQ!&n)-M5D|6y&(0oyORXrKg6Bk~3r+L~AQxLI
zqW!`%)Zk|FGugTj{{K73qI5oos5$=gc+)$~I8}ycvk5f>U5QIzOrhjqA(18I(C5_0
zKKv`!Y;Q=%|2I3c^>Nuhg`ZtU1;Z8xTD6cB0ARiOB9zlZP##JwtA}oI9@c3lp>PSj
zh=6cO+s^|4JT_khJk7+3b@I>+h24eqry}PMzx~ggGFJE8Zk3`hxFs(_O6H{WxN^F`
z7q0K=-1)9+CZYG~afyM(SZ3k+8=bwmV&AP%5xu|JiTzsw|4z(XNw%)uUwVxaXW<Zf
z|Fb&=L*PtlXIdu|W}Pnz`UMIA9GzAzgx1dwXZV~!K?X+$jw1}13q{T!{xjO`C-UcD
zAx_R-0)Sx(697d4Ar3rq6px}bBHw)W=|}yHv6t)m`8tleUyG+lP1hN3KWvnn&E;o?
zuI(S4{wIQI09j%)gyZ%}zwQ9s#Lq(Aw8hPh4^1W=`b)^FOA5+LXiA+rN(x~!knTTh
zPFG9TCv|>Cy8U}q{m*(}Kd^!;AECO_6Ics^s}j+W&f3~fjUK>*<o1^Jtj=5BFZZ75
zA8|k+_-o5-A%c61lJNn_zjb@6ZZeTke9}!?23~EM?t8boB5b<Cb-Ti@CEXjQjtW1G
zx-B^j@PFCtU%ciW2>tqTkIK!z=@rFCk9(ps3%K6({})fUPZqadbrLT?k5U4J163rC
z99|N1*X_Rg)I-?Z{}pzklby9ux2r)JSQD`OZSmwQRr&D=crMV+Fi?8p*hh0Y(D#UT
z`@Lk~(AY`uHltYJjibZFh3^L|*!CwzgAecCoX@@-s3IEhx+3R<{Y6VYm4DyiHw7xF
z0kl7$#!p4^aSOrR`{9Qz_ot2)KOKJS?5W$mvK3p&>IeHI&8)_<+QP>5!?)hayG%XT
zr5|!k*X@epl^<8<a0CVmpUCN-02ZL17+xIrRvtTAE(Wc%41C*TYL|qj1gz|=m|p!*
zH}<rp56|oPj={;|0u;M_gBZ<!R`PJ?q_ETXgwz?@PzxP8#QE6czM6VW9+h$&xR={{
zQc<GYqIVlJkjOEy+xECz*)hOGGVGWG%1EUEVF}o2+K28Ra6p$24h|%fPTDgMKApH6
zOa?L>?Z{=9MnqlTV$!pR?u3V)w82VQdkL3JxP0&H^gNhcTN$7#@;p91U^+HD2}O5>
zeOKj`&dC<S)NWVYg*H{VuN6wFNtzC8n6DKcnoIiU-&lnyw)&m7@k$Nn+Sm7vTYJP3
zJGGGAZ^|cE^I675N7%|8)f5h|JC5>$Dc9n))io#&pu6r9K9Gvh$()m(&yVJgK5@7P
z*sV%7sf!GM3e;8?cU?<9et(kP0&4009(as;Ja97JQWjX}d0cg(cgS}Wx}QqZaI(Sm
zVl6dL1UiqthQ4N=ADDdXdr1C%xJ51S8wb>FcwlFI<o&mo?rR1C4A7|xf0dSm0FL96
z6G7-gwtkwqa!XQxNPbJ^vHIcOuE8+gE&2gx=-BS~@O#xjHmH<+zPZ|(dBKS=lxgh~
z^vSDl=7A56eU8`#!dnuK^L7p1LM!r5lBl#K-*M$rLCn<yMWOa<k{Ty+hg>5tNj7%h
zLtt<6UTe_^WP;A_vaK16ROFj$1ad*~)&f;q;*SFkvxg-WPq?9WhYD*{g;WJp`6nXK
z#9fV%ha-|ICn|?ZhvmC11t%O(ufvr!@8K3jn5?#kFLzrCVb8zq3&~Q>7|sgFcwAh-
zQ0rs;a)ils?PRc&kz!4?CA+!sgb((~o5W++!_eJ(lHQU5MlC(NDr@cqpR#uqRj!V}
zzO}It-`u~ur_`B#{B8hx@||vvVUKT5WKV<aA%6;gKmRhn#F`JpdML$Oy_4xB)!IwQ
z*Yr70-#~4DNF&6z;A-Ka(uQosAA27j9eKX5mmF?}KvlnI?Q0w!E4r_zJYG9c9muV7
zQu&loz^~@0QDN^}zLq@V3>l9%yFTS?tfMYcD7M>A$x=IN%vxMX=eqW=<$!99XJ_l7
zNMAPp$q+Ml;Bacd>ZgahP@ckp0smbk`$LJq;jbe8=1Jf7-ugL(86Hmv9c{f=lsv|C
y-9}&Y4iJFuSA02vq8_`Kw`3fzWjAR+zpJo7-y<O*otz-UlT_sVB!(6=r2hv{fc!B4

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
new file mode 100644
index 000000000..824936194
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
@@ -0,0 +1,390 @@
+
+from .error import *
+
+from .tokens import *
+from .events import *
+from .nodes import *
+
+from .loader import *
+from .dumper import *
+
+__version__ = '6.0.1'
+try:
+    from .cyaml import *
+    __with_libyaml__ = True
+except ImportError:
+    __with_libyaml__ = False
+
+import io
+
+#------------------------------------------------------------------------------
+# XXX "Warnings control" is now deprecated. Leaving in the API function to not
+# break code that uses it.
+#------------------------------------------------------------------------------
+def warnings(settings=None):
+    if settings is None:
+        return {}
+
+#------------------------------------------------------------------------------
+def scan(stream, Loader=Loader):
+    """
+    Scan a YAML stream and produce scanning tokens.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_token():
+            yield loader.get_token()
+    finally:
+        loader.dispose()
+
+def parse(stream, Loader=Loader):
+    """
+    Parse a YAML stream and produce parsing events.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_event():
+            yield loader.get_event()
+    finally:
+        loader.dispose()
+
+def compose(stream, Loader=Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding representation tree.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_node()
+    finally:
+        loader.dispose()
+
+def compose_all(stream, Loader=Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding representation trees.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_node():
+            yield loader.get_node()
+    finally:
+        loader.dispose()
+
+def load(stream, Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_data()
+    finally:
+        loader.dispose()
+
+def load_all(stream, Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_data():
+            yield loader.get_data()
+    finally:
+        loader.dispose()
+
+def full_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, FullLoader)
+
+def full_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, FullLoader)
+
+def safe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load(stream, SafeLoader)
+
+def safe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load_all(stream, SafeLoader)
+
+def unsafe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, UnsafeLoader)
+
+def unsafe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, UnsafeLoader)
+
+def emit(events, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None):
+    """
+    Emit YAML parsing events into a stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        stream = io.StringIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break)
+    try:
+        for event in events:
+            dumper.emit(event)
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize_all(nodes, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None):
+    """
+    Serialize a sequence of representation trees into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end)
+    try:
+        dumper.open()
+        for node in nodes:
+            dumper.serialize(node)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize(node, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a representation tree into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return serialize_all([node], stream, Dumper=Dumper, **kwds)
+
+def dump_all(documents, stream=None, Dumper=Dumper,
+        default_style=None, default_flow_style=False,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None, sort_keys=True):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, default_style=default_style,
+            default_flow_style=default_flow_style,
+            canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end, sort_keys=sort_keys)
+    try:
+        dumper.open()
+        for data in documents:
+            dumper.represent(data)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def dump(data, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=Dumper, **kwds)
+
+def safe_dump_all(documents, stream=None, **kwds):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+
+def safe_dump(data, stream=None, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+
+def add_implicit_resolver(tag, regexp, first=None,
+        Loader=None, Dumper=Dumper):
+    """
+    Add an implicit scalar detector.
+    If an implicit scalar value matches the given regexp,
+    the corresponding tag is assigned to the scalar.
+    first is a sequence of possible initial characters or None.
+    """
+    if Loader is None:
+        loader.Loader.add_implicit_resolver(tag, regexp, first)
+        loader.FullLoader.add_implicit_resolver(tag, regexp, first)
+        loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first)
+    else:
+        Loader.add_implicit_resolver(tag, regexp, first)
+    Dumper.add_implicit_resolver(tag, regexp, first)
+
+def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper):
+    """
+    Add a path based resolver for the given tag.
+    A path is a list of keys that forms a path
+    to a node in the representation tree.
+    Keys can be string values, integers, or None.
+    """
+    if Loader is None:
+        loader.Loader.add_path_resolver(tag, path, kind)
+        loader.FullLoader.add_path_resolver(tag, path, kind)
+        loader.UnsafeLoader.add_path_resolver(tag, path, kind)
+    else:
+        Loader.add_path_resolver(tag, path, kind)
+    Dumper.add_path_resolver(tag, path, kind)
+
+def add_constructor(tag, constructor, Loader=None):
+    """
+    Add a constructor for the given tag.
+    Constructor is a function that accepts a Loader instance
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_constructor(tag, constructor)
+        loader.FullLoader.add_constructor(tag, constructor)
+        loader.UnsafeLoader.add_constructor(tag, constructor)
+    else:
+        Loader.add_constructor(tag, constructor)
+
+def add_multi_constructor(tag_prefix, multi_constructor, Loader=None):
+    """
+    Add a multi-constructor for the given tag prefix.
+    Multi-constructor is called for a node if its tag starts with tag_prefix.
+    Multi-constructor accepts a Loader instance, a tag suffix,
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor)
+    else:
+        Loader.add_multi_constructor(tag_prefix, multi_constructor)
+
+def add_representer(data_type, representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Representer is a function accepting a Dumper instance
+    and an instance of the given data type
+    and producing the corresponding representation node.
+    """
+    Dumper.add_representer(data_type, representer)
+
+def add_multi_representer(data_type, multi_representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Multi-representer is a function accepting a Dumper instance
+    and an instance of the given data type or subtype
+    and producing the corresponding representation node.
+    """
+    Dumper.add_multi_representer(data_type, multi_representer)
+
+class YAMLObjectMetaclass(type):
+    """
+    The metaclass for YAMLObject.
+    """
+    def __init__(cls, name, bases, kwds):
+        super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds)
+        if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None:
+            if isinstance(cls.yaml_loader, list):
+                for loader in cls.yaml_loader:
+                    loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+            else:
+                cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+
+            cls.yaml_dumper.add_representer(cls, cls.to_yaml)
+
+class YAMLObject(metaclass=YAMLObjectMetaclass):
+    """
+    An object that can dump itself to a YAML stream
+    and load itself from a YAML stream.
+    """
+
+    __slots__ = ()  # no direct instantiation, so allow immutable subclasses
+
+    yaml_loader = [Loader, FullLoader, UnsafeLoader]
+    yaml_dumper = Dumper
+
+    yaml_tag = None
+    yaml_flow_style = None
+
+    @classmethod
+    def from_yaml(cls, loader, node):
+        """
+        Convert a representation node to a Python object.
+        """
+        return loader.construct_yaml_object(node, cls)
+
+    @classmethod
+    def to_yaml(cls, dumper, data):
+        """
+        Convert a Python object to a representation node.
+        """
+        return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
+                flow_style=cls.yaml_flow_style)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/_yaml.cpython-311-x86_64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-amd64/yaml/_yaml.cpython-311-x86_64-linux-gnu.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..512f2245287c63b28515dd811a6fa72648716d3e
GIT binary patch
literal 718197
zcmZU3cRZWl8@4^F#3)*`v`VXJYwxW!N|(KBi&=Yys;WI})hLRp1V!wTQmblLY(i{8
zjM$R*@%_E;U$2i(<lN^z*L~gd!~=IM717lf31Pc6$mos!c~2{az4r^xVKuByOpL>e
z$8t$uzp|_H=@~nHdPMc-e&$QD*No4)qj^D^zE8FSo&-JkQMzCD@1@SjW^^s76Cc-T
ze9?P;wKqpWuyc!`qip7bpnS#otw2I_Ma3c>x@!>>GSM_K4R-gak&p<D$<TfJPsDxy
zcEQNe=bKL-&x?77X)~$wegZ}FUOuxN-i%(W%<bFB{|!=H_oO&`PKWMT6FoR|%fIkc
z`f-a@p_o5<h96?auJUZ%TS}1Hd>wE6I42<1TX8U!lm93BTjWmuICSfu-W^%9A$%gX
z!|3Ary`6k#?t2$bngt64$KPjNLnjiyF|Xx!78Ql=yY>?BUE9gV+rfEf#o2Jf%YU92
z49TfV@4s7Keer(wZkHSK{oU;HHX8Vg!AIbkTlm*y6^cBzq+6`qQcpgu$Nl=IT8g@V
zreu@$vQlJS>AmkJ?qe=b>U))FLy`@ZxPp|ChRj;<0=?;U)`#^FZ*$sIZ@!__HR|$2
zLUqm18WoQSy~-ado-e>RHIJ#0u{6&zvr6xlSpBV_*pRm82dVVcvGn^2Jj<%xf>b=*
z3@QqIAA)tMPC-1&G%CGZD!mFSpCagAX;Phz^KZDW?VTmCrx-wF+vVKsiwW8_x*<Oy
zt`m2f{&f8^Jj%UreIMf5XxQ9%(E2{lvE~Op*y!(<8byWENU`0EZksQl6BaJH7tP0*
zr_R~#uI+XZY{X%)YxC4S0>^HeL+)X=&(T6FS4bd!k=5clWciP2>pS0v5Jbx2#KxgW
zZu+4`jcw&=0lHn-^4Q?4IJw^N!UK6e|Ia*1<S=pe(8Fi`l!s3;Vl{q~Q8q+xe35J>
z>!NMt^B4<V>x^Ab%naD_nfb-;U%Gr3*I@j{x5<C8r3o;uQ?KTWNIh4nqw!JdgL;>Z
zRBnZa*ZYn=-T&r_4P_M$1}5r$kNy(5usro1`?_+2fGgD73XbsGx(Er`n%z)V94+_R
znFvoBgkeSEU|TamDDF*@wW#U3K?gsV%NBW_1Hzg3plZ9%vB&)Gbp7CQz<NF#2$v6D
z2$YQqx>>0xw;trbPUv?vSsMyiUmKEN-wpf@fkg#=it?OVDZn#*^Vz|A%(LhPEENzY
zf^PN@fpFh~dI@fAuwzICWjiRqamWpH*2*<#x>&%?b&zB@F%2J-1fb-(PDHs@-G4?M
z>Fg)fCv$Dy+T`J8@&8WH2c3Cwo$>tXY=EGZA?;DVy11{9p-!nI?4yKO9BiWfkLo2P
z(2-EdbwUTa<leQGe~25_&5iPT7aJ9<ux8z|FXyrJYxe~Rx5jSjPB`a6F79z{ZY=UZ
z>VnpXZi6tv<D`VX&Hz`g{cjze{&V|PgM{^hyt|--V{s6Are9TdOdi|EHMoT?2z3V?
zIL1?6GI0%pkB5hNxVpCrqt12%zAN^qw!;pG@xEO9rLj@Ip{wDNK~nD3QClMxpa4dc
zwVB27qg@$))N6Sx5ojV=QvPtw1$4QvWZjZ2UkmvZ6{rz73|T8s%;j1gp$6dyDC^+F
zp!Iwz(AM%35V~zpRd!46gl(CJ`-j}&niL2_$cQ=^<o$5yDg=?MT?+u=^p1w}*W`2j
z@}h#db_y0;FzZrv{M1wP4T@GRf(0$4eTvKY!=mgBPU)SqBhDoE{HPWt^yj#zd^`~2
zTvpel^VWDAWa6`Vk56y(Egb1&$m!})T<LA@;vLdkes}M1cQ&}FS+vrhnsigv9Q~{I
zU44QV0PDT~fT70OP29I!R%ZF9w`YGj#SpNrPqx)*6j~j~5%M#S=tyai2bp)<*8(T~
zM+=E3L*iff%-P^lE33Ffd=b}?dDX%H^bGS8Yl}m;lzP1=>euc$ylICL#vN$pw_BL?
z9u1zIzJ}w+dk>7y^Ix7@^X&(An;OYW|26#7q-PL9eVWv<&;NiXz|=sGU1F!8v3Kan
zyebUx^IXc!2D2CRr#1Jr@g@1K-s2~3b~sA;=vhQV$60CkxT2mpzp*@Xe-fnp?Clz@
zd2FzFxq~?SF-LlSqz-rIrsW~kzQZkog)4z=xz$*H;k@eTp*6<(RKn1ezue(*xx>S9
zeh2b>3uqqSX29AVMZ}>o6#v2i!i%;y&~t4&m)m#1Ng1i`yq=JUL#pR`Mt*gd_e^Xz
zeXq!WNKlOo3^oq>lipCtpICEoEc+>|<-^LFfB}T~iwHUsPwtazyq>qVP<7yD8D<t@
zag;ut_cU3=?y@CzJQe#PDCojU{%|A@{o|MuD*w`DHtI=e#Hp6i>ip2%$DW$@z6Nje
z`0h`nWIkgYs~Hu#`&e9FF!yfvKvrJn+d**=&7qo1uQi?goa9`)ywqB$&Nw?*#@%~s
z{3F*=o{So1X}<0F^ZVA6@#<8%8Mr#~E;J`C%^|PRzf5{6Masc0A?q&GcH~VB-}Ku)
zK59XmgH$G)ztWAX%XhT{eUW!G8;v)NwH=k++<4<lY}f4X8E2*-8NYn_lG{%PP0Ew%
z&Phv7&i$Kf^KNMtD&45r*Z=0{R7#G9!96?syV;^+LM&cxZ)2o8T^`r$8?VY~`&LZB
zJ~p)6|7#x8&ChRV`(4UU%gwhW(Cxb{|9wflayGsC*&I7h#i{Gl?@W|kLaU{tOdQBX
zQ&VA$jUF<FFPB_uB4r+nAZPzdn7%zoMOVM7xs{n?t@~%3O<GW1+V!2Uz3!`ufLFf0
z6q-iT()am?vaNM<tSyuo4Z6San>zA&vUsgpQrOq=u|5qqY`o1${X@&r1>Qg#RsL%%
z^<kgWs$5FdJ6)3s>HBtde0^_AKBs>8>}d>mp<6NacF<?B;iiGBnZ2%WMP#K{-PDrI
z-r@EQd!jGp1!eX$t`FSr_UC-bgWfYKjC%icRLIH0>TQQswpsMv)KouI`p3adFN!U0
zft<YDl)UVUgy%~S!RdVRW8<VAWWK`FR&G_%d#fv}*9~jXV+U_A9N+}-iw3f>?PfZy
zxMFk3{v4Nq0c}e+`yapky++^FJaam?ul!q+DH^%DGM2q+U(D}Nn#pARewf0}K}hpk
zqfYzcjgbJLHljZbYGpll@bCE3cVqBT<)?waKcUOskJ?2Cvih>5VXL?Qjz~8e_;`L@
zO#2om=lavC=l9A>W+B7!JUd-2<Gv;v=d*WS27*o+n89bG-6Y#;YXbv+v@KKYbgfIi
zJFmX;a&y)=x+ckInmhSYht}q|mPeBREll}Tz()DsXgA~1!O~mEzg?@dzZ;-8yxI(E
ze2MPL3jOxITfJw^d{-gub1Sd5)*o%JezV>^G8)N#2ivhfCCm5he%vS9`u*+OvR!n_
zEe!*V#<bPM+f9WQlaLy7ngegIdzgT_l2J#Q`ra}cflF`GBUESnG9SMkPnE5RsDo4g
zZE>-ooG($}g}+nL0mjme8^-Bx+;EA-xsp!BT{%&lbb{gO@hy@+;|6}Mr`^a2gFN0a
zG5BX<W%p-vb1CNS-$T`MlBj!+9qdBi-m6gB2#C(o+%S$ti7_bDYUqg9=!Xftx-e=U
zjFe6f)0TruI<M;Gxz&BME3IO%C)U<DW~m;@k?YF-eBF>v9OC5T8Bha@6{7O6?#Ub7
zHy+S6Y=7GpR?26uz4T7PjQ81JCfT?x^`-~QQ1AGnVYk0Z_f`%*?&yws+WcB=^X>BL
z7pdWUEHBvO{E~gdxnQeWb}lC?x0z8rAl=OCm3^VKV5E8B+~7ub2lXw@zSZ>`P1{2f
zicaDVd}E(Q`%}{LiYw&3YFHdhYhEqYq^3Uc&^X{na2g7h4l||*u~)6Ctu1HPG+cJO
zNIov1l~vaAtrkx;*jl`?!wb?_G_md*EEw+)z7Ep<^Gxs0!3#T!cds;FRg|j0Q}LA=
zjcPE7Yj?9WrKN#Mfgf^yGeEF*wRrV${4Z@xlW(+sS<b3X-MC8Xs)(GtU{}ugHOu6@
zx0>gI7CB&DlOw~NoV3rmpYw9k_9l1*b!mhy?XxzjQ{E0n!d^FZ!E39?yK=IhJ=QEf
zf0*J-kzXeGZcM0xYcw5W7Fv{@4VGvg73<1YWgK^ZL&f>Uy`V4CY4ES8>8w_|eW^oP
zn1y>LV{fWK&G=u=FIlZQ^TKymR<gW=qRTWlZgH)8I0t?_6;WS>E^ptM_=n$;Y8<#Q
zh=FUJsu;oo(r2%Gr9U#1)8!4d*?sRV^tTWVko}T7=WP5+>)IC$7<1Lsh!#V?|4%aH
zbytJpG2A!(Xc?P#DWhI<fz#QkD)s1CSXr6<amt&(wY1EvTyQtop9}M(X{^6y*?vT?
zzU}!y)oO8a++mkA%j5-UsGo~V3vGKgck_w3g4^iw@8r%-jpjB^X*siCnf38Me$LA{
z!alo{1y`0~xr|8S(?9|U9&`zEAS_Iu7*?DURuo05ONx&E`X0oJzzgJGc4WeXnn12=
zB?-SV$65c@V&L1S+8+@0qFj6);`i+R+Sd74Xj*bS6~i+gaS32^U^gkLgJsb?Bp_Ry
z8nv7?O?RvuR_v!d6wk5O0>uZ9OxVZKknLFE(x_U(#$VsV3Y3VjN?8XtBjV$BZ_M;f
zzvejt9c<D2lcM$CUP5!nN!;I_nS}R?*gT|>TZkS)$CatHJ#NiMjAbgkL5b^d^I+##
zUn*Ln#&z1Cp%{F=i_rTsk7ZD`<ZSp|oBegjOj4Qj(o(1{bpxz+Dg93}I%lJgk;gqt
z;TcLcOF<2_k}<g(el1vbjGw9{d&BE@V5Wj4iVq6;LvGQ1I72?~L5!pO$yHLx=ucH{
z$>L8uCiw~DfIBay4(L4$C#keLqY7Vp6q43ER1}(g#pyYUTE~(XtFB{t4|{L5UIlfK
z6<UuV&1%z-6B(Ph*0Qa4l$z)5C;YheC5rapf(jW|*I@z4kTs5<O78u}8cj>wc)kes
zMG4@>uUr4zS^cTTc5nDo_pdz&r+gd&N7UDx&fLZ-mAEsW=+@!MgniaRb-3?hozp=t
zNhF`N-o+{k7Xc(bY<Q7b3{C^_EqUh~!r)Imw#(vAIwnh&H*^Rm$;h%`nF&aT5&A#i
z@;5HY^13%c%>J}vPpMks1{O|9D(%nIN%Ds_{};<ofxhz7_dO`b45`fC;tXkmCC4VH
z%<K>9HBrnudQU!_c3n_V2lJ0bQMG&=7Xh*l#8NJ8#UTOFp9KWd&ZR9aHfN)rX0~@4
zO%E_Jq;82G7olkh+h8Zl`&vQBQkj1e@)e;vj<ZBb>u~d7O<fd(8U5MDN~728w)CPA
ztdB#o5O(SA%mAmuW^&=jA@K;N%r*lQgN|PHhrrBv0jy=#0)6<?$06SlV53WFl0>Vs
zQ<C<+%^_BQfiYI93z@P17fDjUyxgaaa`KAy4kRR;@<~W4qBTq5k*N{kswQMg5*Ztk
zH~2tjV&P0BLktZa7wOb3nyu~FuM0w0iV{Dn3oamyX7+(o5%ZaMpah*=eypqx_X8|j
zNh0<ukUHlQ%ez>CI*0(h|L4H=dsqtJ%jvAKvrF?x#KF{=fe?01$MO!g40`z-sGh+6
zZ;wR&UA80qejIm^h$M|eD3NC&-tQ4bMnUg@1Rh@H;_|gH_6e>{AH}eJw(ehzJKuQ_
zZuk?Y#uD;4B*NbU8QN}UZI-F<0u{O)$eKKJb`T{Ho~S<o2`_ydlHGe1)!5879TX1~
z@_<Ysf5R^p<1kUl7S8`D1coR#KG)2v!ixgcs1Lp534ke9QZb(dm*~;^lZ_1>fBjzo
zKVfXoFeIRt`B7BC5lwiS{{pCx0_2aY_wYFhzl%I|Efu;@p`Fp63=Byt#;r-GAj&5L
zQ|z5C8($<K>?9WY$>x9Ot)<aiBmw7J!Z$ccK-LF84S=TTC-KX%-)h%4B8;yA9c8~|
z3M4U8K?N1QdB6>{9uQ6nUx>+V?1K^!27fB{%3Kn^M<J1js46^^<;1O|l3`|O)1A?u
zd@OZEWxo0>f~+ldLzOHKaiP_33dzg5jdj~RYj44=)t{1xyghptp7Hq7H(ccH>4wq#
znHTCo_^t!4AJ9yg2Kp*JKUDAo&N5{1A$AUm2YUPaP%3$whB<*eulvwxDIlxOR()%z
zub&JL)G<}C0?<|s+(0|Xg>Qh#h0C`fZB-RNhA`ywh>AoWlEk-XFT(k&_MZP2O;-Pk
zCc^&;a`x#Qfky5FFrwsC0c@^s3JWX^8BO@Ldi+7;y>Qvd3tF@LaWrF;)N*M!y?=j@
z`Ssc)3$O|T3BOMM9c1TzyNlh{5T?KDEGzW*4-z7bqTg}|1sI67KEz&2SM1jBI2$?)
zC2@b1PXM}d;|>`<{K_``%!@mG!5Z_w#-?gf28{1mom~qTd38)6Sr|AJCt2t_YyYpY
z^BB+aae7Gzzb7G|5Ps!D1oF1r4JI;+0tEm_dhBXc#k)85W`#B*SbtuIsiOEchYHAq
zMcb<pG?{J6DCzCc-|p}#I?=1%p29s=`LDS>6zdd??_$MpYtg`DN1Og{R3e9vQP;wU
z9M0xQDy=VH*EHes-I3QW<k&6uYyVfBvc?KgRB|yJs^ocpR&CxR?qr6xA%=czwIfus
z+LTbtF2VKx3+QZOy!&TFL}r@_$_|SESZYc*bxK7n*kM3scXBc|fa=KIC?a#S4b()H
zPWl&9=R68YK=4Ue*a37DS%q2s#rx~$NZhRgqrN*_8Vh=4ZP<kyK5F%ZUGc~VDs$mQ
zvS`Q$ME}%9_J7^JtZeyzYcu-n!V*P?TifP39RFW1Ex#!c7_KUl#1EedB;Z811jOJ^
zXIlB~JrbgKTN(P)oIqnjkdF!uA9@L7K*R><v;1F&bii#I@)=QIb`A+=eH0RL)lBQh
zaR3D%n4Av@+GKg2DKJqI(DZNQt?-FzBbL(#5(F}ZnoqFUt=ZG$g{iaq*zXS{KxA#}
zH)RtMoZH-AZ_$tszSTs9wlD2I8esMR$8(H+gO>$60A>ii(|53N{z<8rwbsJ<XH5sf
z(9j};Y7v$@ft<SKRMIz>5hwown9TQ~p_(XV>Pb*68J>Tvl)6PH5eJM{ma7Z5gB>SM
z;!dD!-l3Y^73g1hYs~?%I#5EzwmBRaEe};+-0)AJo*BD~g!EoYdCrcJ>1G0nGn{P5
zppx5s(9ar9S>-u<AFICo+>|bS!Tz9D3q=>XQh?BV)cSC9x7r=qe86pV9!~;tw#o;_
z1TN}RpaCQep=b|elH4!TJskL;Aog<Mw*omndYVw!mWOLc)IYh@1?IRPRf}Z*%!BZ#
z>VP-RZMcBDG;#&B=adC}u%SCe2(L-S-dqvvB2-?Q#Qo%>IX4;Ca@RgEH7754C3y6H
zOohHiVc%bG%A;vX?{Xp$q3Xu>vHGuD1M%bX`hxp{xSVVeb@NyQRfl4kPI$Qw*&kqU
zmL$>xg8>+y9AhGk4V}G6)vJLUjfgNh_q%q%P*O?nzs_@vHwfSzV+W>1C`7z>K9K9<
zr?a;0Kx=n-5MTH?GfIku>O#}!lC>cMxIX1H%#X>q{@@F0RZ)qeKy`Q-5h(BRx)-$>
zzQVXC)UWwd^@K=s{n<<4NJROA5}tYn-|pc{0Im3w^h9|EEA&Kp1vB*Ud&$M4A9D;X
zp4>=S^D<lVC+=DEZ25quk+$gGQ%lJ3lFLHRNay|8%jFnC`IGn5NVR=IPjUEpTxcd3
zdR~Yp7<$R&qs2KOF=#l4Wv6ErI+DX3<xk!7Mam8BkK$c+oeB~#59s&g%&+HIgU~3Z
zp)cAgKcS=uB`E?4?u!TM=!<hTCaL-KA=3o*)0UM65THo7dU5Yr6Y7!02K4WVoB;A@
zK%u<@5cLCEQUr_4T#kjlD~&w>9Ur1Zm#}bkU||V>G`~8a2w*Jq1ES`A0AnC{{+(PH
z`mQEAoI~PW3wzI{)O_v`B%%H9nqp7T{^`)3MKIp0MKT|FZrcfn7ElNI0JYDIQlW}~
zY;D1z_7nQ@<YMi_0nn4n1db9SfS2PnK#%lF?sX;q0Ei&Jf%BAm0OT(~6ijt>-14Dm
z*B--_MjD_Ib+ws%wRr>B<Q@R@=jLTwjL;W~G@|c<uLD9z7@+qQ3+Vm4(&GR`3%>xp
zo&!MiN`WA)5Pqd_MV#^!u&xG(xViv^qN~+iV1=i?GJLFV$C0=KaC{BO{jXs1y8$i1
zD=pP4K6wC4dk-Kgy+Vdu0p0@SEpdQ+Xc;(Yxqq4u-6Oj~e00U)O4s4afvGEEbbyGE
zbESJ_#PkaG&XrsNkVCF~RlG9CeHA5|t0)-)n-|moSlcIHlm7~*3lPag0;?}qr`xYy
z7y*U6tAk@#t1EZguJ|}yu>&4-d*whP^_hAWRt^-^(T!Kf6M<b*0Kefg@J8gyn&6c+
ztt-}7R4lJTV|e9Z=@nuua3+}PO5P91|05=PCE^4`3%!8o^c?;!!SE{lya0s7RgvUh
zIY@bh8hC|De0sjMTiM=@$DjTGZwNcu4_a)~wm(MV0(qHbA5xqq<aI=79MNl2E55Ge
z*CKe~0^e>jsi)z^KFS_7nW(=^!}B{ri#)}D_c(5=+fe>~>a_hFeeDxy*hmkJp@%5j
z1dhEnq}b~bb5li=eDWK~oTnRKQEG|k)?gEP@6R3|;+R9Ur@>ZV<ay&ayW?zLcL9B6
zktZb^rE*J5cbnKzgj7a1r<2ZY3oRR_cy<%Vmdx%@6!%h(<1F=ss$6V$?k~mPV~)Yx
zCsF>4@y%h7Pdy`(+`vvsw>hvA;lx3N=h@LlD`7#Ner$fE1bV*`Pd{KG%XUmepbr{p
z;6I6KIE~5sh9e=+TNZh`V?lfBY{$feW5?i+-O7L|Cb2dEFgUI|1OR;MGz$V2Vcoxg
z9TCS_VCUj-JSAY)Z^ZvLK!P$}6`}Zh#!-&yLbWBiI|4Yv?kGnFEE2j^fknBa-1Q69
z9BuR>08lK(MU3C=I2n_=0pQ$>?*xw4ILa{s{NuZefJLgK92>Am=)TfU7ULqt^Kj{)
zDS@33Ck|r3GhOsgU}sQ_ixSV{_7uH`;(jZ_rU!T?X^Bj&eFiuq&ZbC(=V^O}jz$sa
z;uPbrVEG+6Xz@G>8fZ=6aFJNvbzq@{z6ofviY1T}=pj1j`@oL5Sl%@}&%Ck?5bBor
zZcjiIFP29Eh?LM#0L+#n2MEt&p^n}FcFfp@0J9>+dpg*K>u5bR8GvRZ7JBo)EY$$o
zV~%p{z#_Wa3s|5X<ye75O7{V<h;X`~0<s_yzZL=c)I4_b63CAOn<8KcaH$6fnuVAJ
zkVdz*Z~RU)z;eRzg6t&fgg2h)7s2%=giQoUUH(^3MnHBmo)y4I9F@BDUzV=C5OH*&
z_|K&`03%^G5n=-U?pIGXAXn`1V^`^MY5}6(65ieapG!GFSOJ%G01m?OSG={Ia%k~i
ztS+2#far(Db?d!{d~z6(x}qQ79RL{66s!AR-2uVk(nPNSqF-VbSJ}}<2me=hm1I|S
zxA)+`x>F>_^BfiKIRlHD*LtIQ06EK|JvM-xI$I?<p&qbg26(HWjCKI5_c*rD0j{KV
zM*^^<V#0u{5M}gRK)XjQlm*}&+r0%iA?s*H0^~)*h8^(hPP`;QNOE|R4shiudJTXn
zcQgao4HoYm05HX3p~M%GK-o0_r3jRrB|vYea8CmO6=QP;Ea(;P*#iqHHg_OciQo3L
zQSC2Z7OwrCa{C)%R2{Xu>2!O4cZ@pO#ZtSAu3WQZOW$Quy6mLd?yKnSd0#wD6DGwa
zYUN-chS62lXuDUD=l)pqxWLrr3jdcIeBB1;lO5~ipKGU^t$Xgyz#6UNLH+T^HzM5#
zC0a+=BKhlT)tsN|&68X#`zz;Pr@f7`P2@YByIcH#EtG<9>TNU}1gkMjEtI<CE51gb
zQ(~T4sKy#vp6hIpgJ~b}Lc2)v%?yortqvyq)c@n<zDV6!y!UZt?eJgf_)T`-3KVp3
zRI}PVu3o%*W^+YQ@)xE5O*KIXA-z!Q{F!fOyjP&g5bxBTWyDNvJWCOD_9I<@T(?2<
zqd?`uj&=SAMQbCk7h>~7kFB#RqEh4+^g>IcL(!I|rTnj~Yu;i6rmpumeU*CHnsfQ>
z=Xm;j%G?VTb^|v2h?#srDK+^0^wti8$`a<1^7wJmM%UUy1<x3T2HldmS8Sm;C;0-}
zdWi>GIT(8Qi4Z4!r;vK|Ynk^0{xd?SLmHce>J?Sz9~%`9B$!8j$Iindrh~m$M)Ra^
zxR+;WUDmK{MqgOdz_Z)`@@bkq)0_O1(o?o9o%T#vQ%)q{lh)|VQALTrJfF{Wm-~Ch
z_N5+5{+<$+mK__EWDXLHQJImcefg3rcH+#iT2EZdmw<P`sj-=Alt#ikA?wkd3FFf1
z>jTM@@@mg=Ft-P$l=|Fm`mr>7?Fro!kKma2Ca_m$lKmiY*w!gJPkT)5LCXz+sm^mB
zN&3b;3C=2O)<J}M47}79)Xwy5tkyz7GuGwvjpNE7<ENi&L6y4{b}6tY65G`m+&^xb
zIz0#-jip~x?&E3`8CF^sXn7RBTCH$1FqB6={STcrU-Klj!7u7IiUIG3f#IBrObL}A
z3aLF#CXj9^^1;-CisLGjM~`X;8lP214TZ^o`bl?2TkuVj)|WgI+h&t1laGqspb1G*
z=N5PJ-U<kSdgZ@3iDYRB)3?<={~F#qH2d~5bo;fTdQ{-{Zb@Ot2l`WzLE+bXPd_A0
zR`mlGe264A#-)6SA2aKXGVnrFMMt<4qCSHn?~VPcjvE;~wj!!q4ajsljfJP=5mWFk
zIKMF+?URly@u|&u|GY{;Ns#tyjc>TO5vYCYn+%=o#x@JPFI~H6**~YS-Q`f|`@EF7
zD!75(()IyK@hG;?I7!}`E?~~JX)w6-Sr@-hTgqr&g+l4_T7_WD8!4VlqmW$He=-F$
zhrd!<RjX|IQ-tnKQfa3ra2>SD5t<5hL<}CbdB#NR>Z#|w<1BS}>WbqaFZ4=h@YIU3
z+WP80LoU58BdoDVY;J92(>d6;CuPyKTPJXBR!J+8lGMg!AMMhi#;=mDSE~J1%sive
zRT5~cdVQ_Pj8*MA>0ipP%J`(T9^^7T)GRKKxO3Mu*yGd1n2>rh(_|G(>zevAvwis{
z1xQeYy@QU&?HeuI>Q9fu-mu{>iUND*A>vj+$Up|hlHSV4joiI6LFM~)I(V^EOZ5Pj
zRCeY0<sTvUQirVe6~8L`tx&oTZ~toCZ`PKNDT~N#Vier<R(&r1dL&WUlmA|uMdI7Q
z=QC^1Yt9aRd?d1B>KYFXSBu(GHYA4`We;smG!2gE1pD9G@w{?6u{N-Gu&epn%>=w(
zgDz_tFfOV;Yr$j#wDb)2sRTD@ajta2om~(n!33+W7`oX0pABKmel}fjsJ|qOL-o?C
zpiv8VO#8KYUDh!T>B^VQ&s=QPWq&$`79k%GtyBGUr>h7nKje`)H7GMqEs8ks{&>Jq
z(#dugVpu7#H*DIKAT?v%pZQ4rsBy4HHN7nb!~3temwWbK%w5ysV)LBQL7DL>J_+dK
z!5wDbR}Y@QSaQiNUa~<}`Ok>F({3%4qWqW}M+^40@1XqK?KQfXX?4dsb`1D&LTl<;
z!C6syVDIB``!O^3$EY{u5tpCJPI%AfpXqe9$*7dDT1qe{zIPwYiYZ!T?|LK0)aLZ<
zpz)4{TgKQmjJE`{U`e47XG!?oDWP94tB07?%V@?JmI}gs`eF(_>~8Qi-0}aXW>f4I
zXYxuiZR{VeKs!8l@U?6~E7@EkVwInnTa=j+!F*H|oF-AqnR@QIuSBL3T1385`QkK^
zC5>IWk(=ZmA-qrY`^9bZ<;7}?DV54r+`d_iBIzv8<eQ88D4P9<8@psKPndVfe)RIB
zwT+U1XM+0-IxAfdP)kBnJDNjg@8y%{ET0<oEZL+hThlqY)RZ}D-?*qrA?3I7^I6cD
zrQ>KX6o}N<nu`%oSsro|&<b|a@aS2e!%*`O3J&sxnTzp}2UZcxtCQfbU=`ce!Vl7g
zlE2xX9exx(E4*W{&=FfeKA_M~y1C9JxAYxe^iAqp$GukEgiPSXJE?m&Ll<QJGWagP
z(D5MRV6|l94z^T2@YwpcbSJ&xWHb$hXw|<RQ$Ma*j1O`cuCe$eA|97r%D=xT7{gc+
ztXwa>S9ego_r#*;bvMJ(_Umj@PW|DfniklB*CdsChWAL>^U394L7im3QJ30V3El;l
zOOKel;)=$M9>nKVo9Hd;XM8;rf*&fw#Xh9tx7fZ6F!hYwVv0S_v99!aOy9V~#^Llj
zk%N|z_p`=eUO9g?ouCDj1?0v2baY8nSAeUM1!UFbOL!5Z)k!%V;;~U>Ub-HpPFLXI
z;#qhwh+a>hynenY&i*!Hx@%r!Dqq5+n^|ry!)Utyb;T&N7WXy>|CG(;-Sb(cGO?!x
znv3kdYV&33M``V^+c9Jvqa5lMn`&yi%6DZ4QJx@1-YvEp>aRFT3JXA^c8gm{O`pBH
z@9*#Qqn6bzSHE>eeAq5h<!Mjgn{w`hKT|mpGJ^ln7Vb#daMq+1I(=9-Woi+_r}{6Y
zwbu4hK1x{^!N?6?#yoqr%@02O_UOIQZmOcUvuRJA4Yg-N@;2V$9_gG^?)Ec9-XR|e
zdTFBci_Z&BcP}qIRhG2RxigFTM}km1O(6o%Y0JTn`lc2k<nB35+DE<Lbt!lu(oq$M
zAE|Q-7}EXMp7rezf*o%Dba1HI%D;|-u($ewknKk05GvRLS3nZ-bG%Pq?pI;3)!{tp
zckZ%{-Rs05Rr%q)OfN0N1GV9{iT_?J&<ET?H}eJg$Ml8S(61(yvppirH0yfN>m3Yq
zR*boP9Q)9|TF!aI%T-4Vs^Li9UL=)q>}oX1`5WV>dE~)lD90YlU-h=x79@g>d1~_$
z5+srCR7Di!@GeDHpm8!m^X<#(ilTds??r?1A8f>?yfzbB_-b48;HA|DU48AuU6+t&
zhJ5V>%eQo2#idZ{_d#AfiAa5@(HHV#nJ+E454WzC)~leC62+)kk)9_oRiwrEB4tW9
zb+(NpCH{x)&1WA2F29x5_g#jLriNI2{cwJEu+Q*Mv1D_1t|;TPXbR@qSl{kf-Z%O=
zEtLH6sK6#FJ_`M6c0PR0U1~o5IGt+pyKNp8&5-Iu;^WWObbVY3b3IDSFXT|qabY*0
zW2;5u8$pr68t0xDKNWI@@Ds9Z*u;&G_iL71^tEwX{<=Y=FFRz<Z}xVA`d!@+xF<L0
zT%)4e#^~r^u04_~YO<us1W#kxp<O@a7Fw3;5Lx-edS5PX@@{SF1-lOiEup!xLkZ2^
z?W^p=gGx)7k6(Q$7*{79!uqS-MUNsRYk4j>FkuX{#u+H%h>eYPhGC_?orSida746^
z)`_gb;cpqS$$Z7V+kxIr%iMm4YDd4u`5y)DGUTkTl{A-}o|9T<S8fo+E{b^b3E>tr
z6Zb13Ob3cyIoV3bgRLiW2$64`1sYXF)Y=RaH`gDC($YO~akjZ#mU185{${f|lsD~f
zPs$;mH+j6AuQurYgR*~*?tM;r^SV2f%}~4eW4D}&PQ-Q5Mwv5d>R`)M=RZ=nKeJVU
z#$Wc4=~iFrr~NC*e)6FBmFn=&i~ifX`$2qK%fMOXvVR`Z<af>WHGkYkgZu1n4tFd4
zEQ=5C<sU?g<79K3zEpt&B{rhvRv1}A;?&`og7pEqVekYSP7S|9^5Bn272*Cl|NM(I
zD208d{nvMvyR6pnT-PYs&%U&pxgMR~Xm?N2qFrDRnf8mHz}2?Xy_~gWvvsr?o`z(0
z?O#F{&8vKRs(e069;yl3oqw2-D$=k@p5<c0@B7FnH&=ZmyaTaW=uFwwRsQ%;#0wF>
zxjr{odvk&*uCT~DN#XqZ3rpjmU@e}0|JhIYi|6V)#{TOLrErdL+Rx~Uyk6Bor-}9F
zMsquLFU-ZtckB%2MBT=5otyU@$K`d(&oNMgITGlOCUnO{7V5@U?v`!pqnKAPeyc5F
zYQ1@OM(NwnS6|`zw%qAz5lj8)65h>g!AjLnLn|fePnF~jBWf~i6KBh#@`4fU!siV0
z6ug%CJxv?cWxcnq(MCJQ>ec??e!<<F6%$IcYWkSegh650@#~Da^f@uCTri4}BvB!*
z_M750(_s@Lqh<kz8s*?l*yv2@uW4~3_h5`g4t&L;5YAqUVdWZy=925-_bjYjn=-<C
z!*k&Dwf2v`!sTtmz}9ZC-Ux#amd>$AiNq1;99M_wmyaD<wGzK5VXpRlAw}GlPVTiV
zVaU2IDX?#@Ba9u646m_Q18d4u)fqY5ez$BkkR3o~1U}LLJ9LPHhnnDpEi5Kx6BMvZ
zezO{hjsX*iYn-kKlN1Kn<(ghC%bLN4?J(QDo4=+@Kh)IaenN76>tvL8UL$e+V?RWi
z7%ccHyf=2u5$SuK63qPs>?#fBKi`K<dR;pf|2xfHBo1Ev)dC+7*iJ;|xyB;#Qc*|?
zzj86!+K+c{S}zpESkxTdr=5lJjag^0mKuK{?_6;=L>=Lz)%BKfHR9mXkKu5-z*-6K
zT6>{?FlGmQ7|TKrG{6gKaqG9~Ip~_m67R7Ed+q7~)Vw{vvi3&pM~4FTU_H18GNJAh
zQfs|Rj?W2cfbckVcP9qB*A1T!7-z%t99`+z;ZaYWkTG*6BP^yI&PrgOA~CSy2P_hQ
z!ui2<!~{+Zi_B36r<fLVM<B6Wjv?-|XlQN|ze!L&UH?%T@K3?k4Ht^7lt_hU;MN9#
zz(}sh=C9bt7LKl`&jzNWZ?`e4{_MKMIl7)b8!$1I1kVe!Y|$d!Hb<rpMIABX^;(cq
zTB!ckuWXPzrrUgE`mxMIOT7^&CTekCF_0A+qFSjEPn`|V!0K)?lkbvSQjbC7J-}U^
z?TeRjtS0@mV^DRvWmx1_>`Rd<WUg_)d_1xOw<y>e#0Z`H;D*J7WYnx4u!8H?tIXoY
zp}AME<m_!&lP1viFJoDSo6tTX#{q^P#)9v_UGE&#Pslk<X4rlh_p>8Rza(_D%2Y{=
zu)|zo>fqON4_dilK2O0#J08fu1qK-I8&W3+e&mSJ5H)I^g7Uxnr!$bvZ6dm$3Wg*M
zLocVlxOWNif9)dhI%3Khvf+N`2gr9Xjh-P)VpvViH*c5(jl)Loe-+pHz;N_ATN+%H
ztqvX$Lu>RnB2{>pE<=V*WSs}(RBI$c=#6GPSYdE9l-3U%i8gfHb0X(z>nn`{BX!9S
zkadL~^(1;FE;6;gXP{bNIIHExlVP@3Rv$uG=U1Vc_3Gd<F*H{$)c6Zc*80M^gwd9l
zsopZ}m^heS1>59H35&m3VJzqk?#dS*UXpP6H|>GEn1hByb}WocQ<A~p*2t0ueG>|k
z2wIIv$@=J;x+=|D`_j&8`xJXu=Ia@R@As-Cvgh4{Z&n)1#`!rbN)*ARJH^1_@}~y1
zoh<bZMH04|_Lzdu7Wi0u7*>bINS1DEOg*4?*Ac^9ucb&1TO?hlSisdwfg9`9z|7u8
z^D#(hD{<$F$Q%jSv;I&GzsEC>%>|oli$@yJjYDa@z+F@>o^NPOv~T_}4k{6GhtXam
z9X5Fl2u^5W;)f_f`8`p<iphc@yEJ%<T^+1AVqF$93g!H;xNkX0h0ObU98_QGge;^C
zgU|n+-cl6<Z_S!KrZi!|Ps`WZa~2w(Uxdz2)88=J35Q$!&Bom|iS;Reb4m>r4@Vvs
zeaV3vy2l{1H>%9?z8jZEEbb4rQX}`>Hlt_1)YO$I8hx4l9g3GUsyWj3YhxBHU|u{t
zdq(TR4mED(_-(4KwD`sE*Yvj_N7otZ+PVSQs8ubJ2FBU+%lLf#qazFiM`qO^8DOw>
zVxVt@_LrpwrZaw731L`FQYoE~ADiGyIPQY3Kb*C7?n(Br{4e5y*C1`A$n;rt@Oh{@
z7&mvKg;oM*lFgxl_GKI}!#*P>*9RIXx&A@p-|HMga56?g@$)^Un%VG@P%Bt11MKu2
zGS3sNzT)Y)w`yPOE38&?<j6fgEpbB_OaUI6QwFa&51Yi978`#Re;DqDb#3T2mJN7b
zo31PBru@y`Rl&B9@N@z(-7^8)Ww}3$X`X_)7u3LafT$``?!%H2m17fUHNXlvaMr*B
z<WYggxog$YOHq>pYovv5xi^y|?U1tM37bEd)=(WhG!_?R|K1+s)T>5NHT*TbSRTj=
zkyEcppJ9bwzKgiL2>NR8`pHx<_-EJJm*Ht_cs9H;Xb(AfNz@_#+zPWc<LG)K;)u~A
zvfOYRW>a_%On}hOHTEa5a6QNFORpAtS4x0xA4S!XX+&Oc`)_BYLJK!^t~CK^02+oe
zH^ATCt!tpHkq8R2$LQ+KXM?U)0#)djJv_agKQe6#jH^ltu%fEuNrEE^>f=ri8y}84
zx6iT1JhCl>sLC5Pn^f}e&)poDF1}smt5|bn4;h%&Ge0$uBY{zYS|XAA=U`;VER^=C
zb;unfnzzV(hzfYc?Q>uOTy~hY?J+I~&VVa~2Z^ECx}A~2%J<ILhfUa>F`<Lgw`(O<
z*i2+^K#keAkul>7s<8u-Bh%nt*>FC2e{ju9sl|Inv8|Cvi*p8;`O%snCzXjRy-CpF
zH3y;97)O{0e09ip>jSdMk{B#su^ugFS8Xo@2N{|AGQ*_LosdYNt_BDyv0t*_q?cmg
zN}n~@N)eW_whkx|PN@Xsy+(aDkcsNUxGHy~-QaXl1~3sfY}r@~jM+(3|3ZG-Rj~vb
z>n+=*ih<p66kt1A$AQF}BOBH>=BTy^7Dy;5%zVAvSav?X{)p|`M&P}vJC+U6NMR0D
zu<6``5XRb%#en~j8B$>53^njAF*GChFjSr{Yn|JR8ro$s%GCJKq{d)|1{z|Li0n9b
zMp87wJ5Ggar6P^D5XJ|dz(0jXqDQ9N-M_-={!SO4pJ-W<z!u4e&(dY3!I8Qn)3IXc
zm~KbpwcAXW+&=H&Jvl&Ku@xI{MIv?0l);H}mByxM<TXW?J<*8~lgZ0$cyxFRoMs`+
z1MgFHwB=LFazttp>sx-PJ<NuuHCZ?od58QX5`$DIx^?W<V2|NWipCqW{xUgImrvHy
z`3IFpGC}WWj7(489+=)63>NJ8*=18v2oF%s76%i#!$_}%RKAC&gB@Kh#7%<wV58GT
zR+tH}6-J5E0dpxcGOd~IN#KMT%U;V`w=|+e#%vy{82}yZiXle6&w|&V19!x%$==Oc
z-iuU<+M_qz1Jgm~0bpx^*<m8&*<-L?NFp*P_e6`<5k}th>zFmG##f02#^8)O6Bsa&
z2THZ^I?^H?r$)C5y`1EP^8NfEH)>jQRBI}T<O*lWm?(l{T7eH8mjU2|7n$ZD<hOE1
z*K^2-Nt$VKgfe(N3Mp)k0{T(87MZVGqBLm2T6=^iuR8igE}x9%6$j@IPuIBot2hKk
z?g83#&zHIOq*>50-mT&dnAi=Or?NO>h%m7yH90?%t*z^Vjb?onfA*-OO=f<&_@EH(
z<o!fF0hm^inyV0$oKd-4CI34l*}!z1n-!*2+YzHMIIUD~z#$!{sA!86KKciJzT06s
zlhENeGTj|m>$_)K>pSw>(3u#<!=y1;zZEc;y(5CG-mo>{C@~HqxtB!{fxL%jE8^7V
z#Vl&<L1f@@-J|n-d2w+0oQdZOy~3{j)y3X%?hm#s!Y1}xVGaZx2Yy4JdzT;D4YNt8
zNS@H0rq&>FdLz^JGFiwdXXG{OlvB$N$d<=xPF`<wj}!6-31WI6*3s1(G%yX~JT;h&
z5}FUb1&iM)Fg}Nhx?`3m{M$bwL!0A}8juL2M6-SqYwgD&<t=ufgc^zE97l|z_mfNT
z2YXk3ohJ}ZlY>HJD0jKB=vVm8-|42EY&fwS>=S~eeM1eL=sN)&_gR8vy~x}p1IyTB
zMv5F^gBg{F+sai(GkjGN#}6HZHldCfkW5x6aM7RB-OGYZ)L03jpn1K(XKhXMU(>&3
zj?OLT#K3xu@V7ibNfiUkpGyvy=t+W$US<X`KxrF3Adwu(U{I63vl>{Yw(jt{gX_+%
zk!(pgQc9=Bmlg<WlBkvI`YrinN)1P(703mompn3E4~*wcx?n-1zDjI+nJU<w+!<+q
zwuj_WUrdmxI!a=KwdzMAB^vc*uGfAf1}Xro=Y>qqV}V5u`xH_-2ob^5b1A?hr8u<&
zh*HgwK5LbIa~QIM!V!7a3}4D69bO`{r(G4OsT=%lY8ufI?kKdzYf>%~hg?1iF0N4m
z`%`I5`gsXCxVpj|U1f50UaE?NnXFPyhhXI3181CC=({+3%u$FHCgQ*mCg|Y$*;KG?
z4kRR;J~F*hkqy_A-AB%=ERx)Ux&q`gKn3t;^;(8u$RyG^)cMZ+!Rgi4g>W;OtiQlj
zr}?PwA|sCk+^@S4eetTn-u1ePSDq>u-Rz8PbML8N`ax<Uw?$&I_18ExBmk^0z~M~{
z4dE$*5B{CjsMoS2hgs8jN9@ikN`ZIrJSH<*{9_-1(e3~gR^=rrl=-57e?J5GB_bgA
zS2lM|U9V*g3vdfmOfEegEP_*Bh=b*4q2}|H9gAzfrpss?G2xX{itm7@XmcQwPF7&D
z_CVI4m`n58Bj#KkZn{xuD<v?r4|c6w`*#C*ClW@X`rahqMTZd+Pu78Ht$KsF9u~_p
zCYaEAq4AfI@OtE}$j^}X;_@|hsM{uAPzD>Pt=N85EttjSN&$QOdh|uN0wyDh;w`Do
zpps91$8YJ|=hd6n-Ns$#$_4g&wJ=s9a{j-aq@?mW&CH`IC)oC^UhheqIPl{3TUujY
z8ER2Q&j*n}o{Bh!oyi7HJE=I8)7()V+M@oclXC4&P^TY$uWsydT`cg-pfo&?(FUAG
znecvrL87Bu>!;l9`}a1g7Vn*pIU>XNPvv8luBY(t^gz(#z$2Ex7D`gw0`bWZG2M=S
z+M}p9Hv_`B?54LH^k3H_5+$&564-crZ8(-Ix#xyDz=8HO5QSAp(nOdhIgmyj`(LN1
zuq3)*i1(w|i3;ZR@E>~WMYCd_4ElF+3l)<5C9E?@DS-r}94a{3rAVQ`c6uL$%}a7c
z^zbM`_k0kgw+Zx8El+LlWBr#+#T95yf|tSJok1Gi#1N8G#`t6Mwi~B9C@fcsFTyKH
z@#`M=SimyA1?1tc*GG-oN~#|}Aw~_|soZ@k-O^*riXG^MjGSnoW|DVF>2}49$uIJI
z7e-FrqPXush^1PNZP~DMy@rm#cd-$@On{k}O{9u3!9TiN!w7M~WFG$Rf4Z8}2p{E?
z&^=-Oy`S6CI)n7vh(gIv$>Vp4=Ho7cP}up;w1_?xR6baa)t_?Noha(KT8^ScbRWl-
zPu3#2?*eF~|3XA0D;DkzB2<(0$mn)`oZ3`RZ!VLHhf<u}UA_lsWE3Izmg{%?_7cN~
zltZscwXoW=V|$XgktZ^!vR*~tOuX?mInq;u_#u+K#9$#0|H{8oC~%U<h`%L@J!uF~
z$aSJ@xqeE@){fLUE$=-Cc#P%{wUGvx#&Z+liTBTL|5<DmZw@1{pNg<8P|b!1a|0j)
z4^UA_?L~WCh(w<M0%FgGWm^^$Q(!!iUXDgAwo1)~TdFDOqb(5Z$%#aCy915>U-p}O
zNyS31H|$aWB`5$9@opoUXZT-4I8Toei}JGUVU#=sGjt;&iWfpE)e^P#7<DJPa^mDJ
z3dB1^LASec>$)7p=^eJ+>vF`WYCtygSMU8<<Kh0kCyHRbBS{=}e8EAU_wmBOot1F2
zf&8jOxW2j~4F6Xm`RaHcAm78UP(wTmKlY3f{mGT&bh`{}lovkB+G6vpC&J63Kr%m~
zXz79k|0|Mu0m8KaZXnPFObF0z_wqeb1R=JijdcZUQD}~UsNrL~B}ppP+dxt+^^VNg
zgZ~u?Z7*v_z@ohESlEJcTVci)H+vjeg{jg%8hpQnx2h*MQA1${(K?7ocuJ5+j)<tD
zuZ(Dk2%+vL9M(gO&=;prx<}ODl0Z_$LS)8zPU6o%WOgD$>`y~vHboVtM~o;gw|M%?
zn#jZTj1*Bxgjzb_B;qG(XbL7raS=5Hw@@N#lfF+xxf1PA60s7ohrJ}SiX5V(ry)wm
z@)2<n6M+xqh&G6<7!t^_H;9bvo{|cX6ZJbP61fwF`BaOBB@!W2zLUP7CNgNEn9RnL
z5v5nZCK4tJgKxGIxsir-IfBBD^yq!yr>tQXL{`!P<OnLFDhn4PdfG5ys=@J*AO}^o
z(q>V?z{*>^GFiE?g~t_PpLF%tpzEy?pVrm9yVZ6>$a!T3a%>8Z+dvGtYJ*AZt>?E3
zU;mzx58MUOk5Hqw>06H<s)@D2Wn<^K1%bbj5RRL-H0L(i#iD3D^v<>X4BbkJL{u!k
z@A;#;dNZ7Y#jp;^Lr8x;RC7||L<84Jd(!dPN%59Pyz0CKT9KquDYW%VEQI_*dzoJx
zF9B5QXEq2OP^r5<UYJuM1bdSE=IZo;2vI2O>FYVOp!1t3PS48Evjgxb?rU;Xr>cMq
zCyaQ?%RN2-=Wh?9t>Ekp^7g{C4iV=^%{G4lCteC+#g+$^CM?btuBwe|eOk2r+J*G8
zB}LOww>rY|Dc;~K7?eZYLeeNd44=p)y&&3eQJTo}CBbqhU#T}!kSZnyzxxVKoF?{X
z+UE(cXkCvlPpj{gM}&k|$gjC0f_U4RP}8PdWC|RoQ$!P7`<95JBnTi9bfZw9Iprs=
zkY990-S4%e_P|`e3KMy1aT7I-?jjXYZhMG;XRy--v+qv<N~U@!f{KCy0xmg5x)9r9
z83qRVmWA&-FJnl}f?(X?`O2ZK<zPJ=GnTzq&({Z&J5MoBQEB|y+&t*pS{NlSq_P|=
zVoR)W^R%R*LVkz@#gwEtJ`S&sCRQK~cxO1lWiNnL@8#ayoG$k!&WjCxV>pqw>?RKt
z1w!V7ksl<6P&fJkYG_lGY_ja7c~CTjlt6Oo37N=S)JHAw5=Ix`k^&@n%KiEa^PsTn
zD8nSh>2Ww^Ch3L5z8qvC@CorrPlJM7#U3h9JvmQWfJw!yQsO~;Fji2$Z0krwo!aZ4
zyye#OSN-2cd;LHg(Qlk5l@+@sj4$|_7ZWq~aAgWwurkoaX^hs<{m&W|WFh{-mpA|M
zPO*KvG`y#E{-uR)j%Oo^MVqzHEwhbQ@X-T!S&72q={@pf8_)*z&xA}tW{rfY5`MMn
zOQ((70K&`<{{0TU8|u2RZ>%I0jPb~i2tjWQS{|nr3Y2v|55XoHrD^&`#7opAtv`4k
zQuxVM66&2;diIlO#yy|y!EXjP&qY2P^qKhwdd02nDh)gE_k^(2y_C83p?>Uo#io>e
zxZ#&KeQ7>Q)taGYCD)^D1<MOxnP!c|(!VZ!&&C<tD|3W5-lptxYcSCTQ!n_M>2)OB
zw_}h|$*C;+cygflJ0DVOdki5>IDGDixhT;kkH!9$K6#1i(uL;v@#WQvK;|LXHTJIj
z%2L~7?w54@`}X`=R{Sy7e9DhQp~vfwE9T{e6|o91691y>`5>PO!5dxwqW+SHV=P+a
zA5{HB$*X)Ce4<s&9#gle+2TsD2wuy8K#I<?zj1Nj*Qy=hnOdHF8|8ygfmw3T{oqf*
zWZO1B`24YbQ^v|8vhZ1CmYRbT_o~MVlN@12o&Wt<)}IxomdzsUD|%N0n_s%qT(9@8
zadHi>-BC~0S|g*>Do(djEc5oMdg(^sfhnY~e;X|&UHNOiZJQDT2&-Si<`}p6O?@B4
z*e;OXe+4zVDDLdim%)ARy5n8K>+T=jpU0;A0)0=4qP4L!o#|f_^}Jg6U$We9on24(
ztBmfR=TTHtg^T1om^vQ*txpqgVP@^u#|2Jv!KJj`zBVT9$YXx%Emd-^EOS@D1AUCr
z>D_om<dVCi8MMoC=S^Buqc<aZZ+Aq>DAuxI562>&e$6jq*f%>S&-vwzfXVaifu}+z
zXLZ)iw}k^q7Umgit5Vo?WC*65LpT>XhtQLWJr06`VxC_6Q|6#-?+?8qZM)Vk{RC>8
z=3Z^~EOm>E-rBC8&(UN~ZtwFw*WXDgCwxJ13-qpO2;_4Y1oyR-h6z4I(Qv112Wd5Q
zFt%0smD`lZ8=m{!=n8lhyL<8aWe&IF&(!WA4>Unfy)4LxeaPLB<6D>IXhYlQJ#&p7
zzq25zHodC7+%~2jzmIEsUARv1I$w##gLTKL{G*~0S*<9WOS6Rk1BO6(zZXdMr$bd7
z>cZiY{pko5N4RiT);|kb2dQ~~{U3_rJX<C^>E}VtKaF2Y)z)*>-x5VpV11ze9%HW`
z%zOv^O;Z$wu1%1yv+*V7y(%`+HEbWO8Fp{U_8NRw=+H?vZ`x2_%#CiWoGl(u{u+Gi
zCObn^S*<3k{fq29mrT}VvL^FU^UYgbPEgVyN@7t0iwa8MTa>f`NoRT;33EISi#Y4Q
zSKfw^X1GkYzpW_Fe{1DWy{#y9YqWe?M&pOH_;DI{(c*__{JSgPq94ImI>p)U&XsI8
zXG^x@QsJeL_|nzEf$?+|h%e0uHpbhU*&92DzN;u&G~;bWkso~rf69}AOF;24OCP!-
z_(`^(<%K)otqu>niu6*U7h5oj6&khG!J;7*H`1t$F3vU~Sh87(WV=u916PlOA=JC;
z6;$f=ZFR6Qj=gbEI*fnvQ92BN8d>YmvDgq-98KduExw=DzFScgg*yTEQ@^(q#px)M
zd(h7sZvNAFw=3rJ)2|Hj6V^S*&qZGUcYda6xsc}NIX`nWS&o<I{LI&6`ChH(XMrXu
z@M=9jOEgKz|B|0~-gM7T=bP^NdGby7{QTxk_x$|wP51nK?@hP-besRr)BauS2c5gn
zkLy`<kPHr<4#k3np>Bm^urPuZMz|UCaXFBO2!47{Kb+t8G=9ky)0y)ln>lx&ad1Z4
z&&p554r`cXe+rgXpLpAOAblkJQxRbf%DOxrZ#ys9<b}}-=pu^s(LChWbhZ9_v(?P9
zU3Z=0c(KEp#a&3@EEGP<T|8YdhPz<8;0W$Q>4M!^9$-5=Kr`Vja7yj}**@Ix|FwPU
zCeE#WwYpZ?C+k{iUxTid_8I@j_B|43Q`lSUFpr8GEvqDZ<U@z`B+hn2e*7QWD=if|
zz(?QGe$IZy^|s!4+i7@d@|Ad-B0ut$_O8a0a8aY%=`J*F;%yE5T2)3bYBjGbit`NS
zbC@C@c~yO*t*NLKW^d%)LwX|r@V43#OOhPpYK3JEd(*G&SFHs<?a*5ADj|fsz7Elu
zikHFV^pyO>>uif=Do#`sr7la+_8CKT*3MKj?sfhKGB&KSZnQ#gMb!HhLy{eTWdGtD
zcx~<o?>&@rw<}6)m;*ZIB5T%zYO_w7igW1+&%nE4482(uGguY#6sr5p`31dS{dEI(
zf9iU@pna`TvajFC{w!ydbvgYgu&iw?rYl~QWqFt)Pu%Y6v6*4VB-<g{+ZSmYsOLD_
zK}*i`;&YZ!arXFNW8*V;U?!wXy}a%<MM*7-D;yfEvvyh-Z@WN8t#0UR)O!>@B!Ka|
z0^ionh636jx(#}=P$~_NyX#G8kz|jky9uQ+1YQm;zp5zCXI=MUKiJ?`MWoX3@9%iC
zo3MZEP!wmOsSm;Tf8+e2cZTH!Z~;4MnJ1M-4!rA4<ZZ9eKC_MrJBAHcj>p*!%A>dA
z>uOE$Hq3c;A18nFhU*2ty<@}9J-!fMz3f_F!j3JBUQqY-n=meoCGhCt6t+tq@fz%9
zwQNW&)Ak3fm8CuZD-~XnB-@-|Bi$v0(p^GGye)?A7czn)q{A`6A$T#42@X}iiBR{a
z@wVIXwrlaWD|856*pBHi1g?nf=|&(#Dn4Q=dJ-0rqmr%0d7s*k2}Y^VVWfMA9@5y6
z)+=;N5enOY_(8RjtxH?yTQELTjCkMdXDS*G)tqqNuQ`(JQ~ac{Q~fN%CHpj^RCvHB
z6(6xYD%r<MV{chcOZFIAX*{j;jAYYyf=d;x*ET2EPhRr|?Y23=e#H(`i4C@~LC|(q
z6*FM1aLvcKvA<b+*OlQEjp5F}B#y2YW6xSv#KEhJBiQ-rJ_+vFS2fc?F>G3|-nc)x
zT~T1KA{8E#{<2>={u=JWe#b`8M%HzsTkNB+!xk(VxaD<rTC0to1<qC)p55$CoSXQr
zD~^FT+Zp`f?5MiGS<T)HZ(t+Dos&G{HTGiaIdHfoIHb-WzVo7e8cO>Vwtlt_0U*0_
zPnG@Hg7Z!qd&^X$=m<YC3NQIdcEh!2^+Xyw)o9v$KpH#6Xxi*3I%X>Rkq}bkFcp1E
zSBJGh#AMq*4=z|8Ouv5}24}8c-1s@cex~BjApv3o>3R?-jjf6@Z8;<rHYuhpj;NwT
zmUdF%ZN*glA|2PytU<A+&tiguYz;BC{SMj7QRh`y+qUp@+lVS_ZdBu;AX9MzRQI$L
z-RKB170-hAds~7f(`QwMw{@nXBpo4zx4le7X*xperWkvh=&@DSF;Zc(4%=(`%psXR
ztd^U$!8F+HFn#852C8||Ykx5{{JXVFk;CE_=8y^x`mvcFgL$PdI%d5f+3MlX0>s<S
z%k|~jr3;=gjW-k(>xpTzLmEG97JPTWc))6)wGN<Xr^}@EpOUTK78Be-4lP#{drWW#
z=Vorc*y?48u4l(tyGo~rN~KRrh3BIrQ|xVc1vZRZ;XyyROyLE1xOP9h1<cvfTUhqi
zjlzo%mc#EuGRdqKc559&2-H=XS{7Ft9~>H2Y6+I23v1~quhzZV!X0n=%oJn#tWDjU
zEPqU&n_^6#x2bzk%_n%yL6f?`RCJgS(zqTj1E!)ca5XSW_5$@PQ(!9k7nMBAByYf5
z*Kb({OZKhvVH0u;)(t<Y_{f^&VGd`zGT2Uz-ET>g##;^qS{qoqx%Flrfj7suSk6hs
zinTt>A&n1jDTGmh>q`?G?*h~vuzW?QalJI&zot-6EFWNh#1-z>O&@#IIyKAz*U7rP
zt*|c9X6r3i<L&eOrWYSub2`l7^u_UT=;Fp6u$ZLrs}BWQ8{j3!ramM#><H91%|7S9
zfs%ca+Bufj8`t6Waf>we7gNz_n6@vV>m#NjI-%q3(SFm59j52A6?jnSN7qF-kHb{-
zI6Yweoc)2;ORNv@{u2K>16}Z86CYW*M=w4E?V(i1*$&dHS#R7z)xyOW*R_+c!1Zi;
z@j2@m$!@s2PEX?DVmk7kx*W}a1-I<#f$q;QVf9dxKxbKlPr#dWmI+c}lb5A8Z9%8}
zi8O&1)?I#?UB_|0Ev&Rp?P-4`5Wbi8*Y=its<B=6sR*^_<_4d2a50^A6ECJ`wkV2p
z82(0@^Al}<W{+A#&uEeC1qIB1no`ZSdQV7p!^LOlw2w7fhr>A9>g5Q<wToMV&q?5&
z?Q+3p_Eu<kT{Xp};o)@4@OhoO4p{fGCe#h1*MbkW;zi=3WH*d^2AXTUi_IOiMNyo`
z%J{BY23=K};3X9{>sQQ`N_~eDJ&}^TyeR38Drek&j$xk~2zkl+i*;3MnOiK~s^Rpv
zYNYbYy761tb8i?Y?40FX=PY$~&LYWf_^yC;PEYQ+wWRisWe|=DcE#X3-bDVF?COdi
z)zLTs*K^j1<2SKRbXLkQyoBBJvt&2)D1h#%!;7BWWwW9<_okM?lM;Aa=-k<o?YjKc
z7JOgtTB*=mM^9v%9~g&k>UM4A@}$zp1=qZZ{QZltm6PaJ?t)~yf?K)tmvAc=j2?Wo
z9bF9iE8hrzKm#DGr)+;WEH><%^C-?Ux2+!RLod)B@fG>xR?s_lNOnWpwcx4YDte0A
zq$th}ZVwQNIA2Uf7xAYS^mf}zDs0l5*1v^6g9vZ&CQ`C~ousSQ?qAh;qsHPqu|Lw2
zqWx!jOFjpr<fFD~Y3vV{ZzQ|n=o)C;_-oj>w>Glth4TZ*E4Slrolp<8e%<={Zq-!E
zwRC<YS4m^5Ohu`XBTb5Ri~R0p95Opzj^f>ZfTpJ4GA;!ZT`4$MvKywYVJSFNou5@L
zuKB6pb6U8Zo-V`7Y2C#Zb#`uT@+NY(^RATKUzbm(Wx!^(ZCZ-Et~Z{BuE=b{t|)&|
zQR-&m`VD_*2b0i?CE;<pvdW`2u@{Ha>slN<u(y33Z%Yfr#GD@lSs7QT57ud^X)1af
ze}=iI-kZpwFF<-e35gSLyFk<PYx(FVnx2;}(=k1J!yS`l04})f?_OxnN8tSzFVH(M
zdS7*dUfzFwL0z6zwW$x0`)zXFyG6u?U3R{y-j^OU#)e&fJRY8lM7#1vZIj#{^8ahN
zm6hy<(W{}WdeviBWtJ&Q-E8jumEHFH;Uy;_O)5TSDtZ9-?16A)8w@uI_axhO$sU<W
zs~fw<Xe#ajPx0pYNu{|usj$Usg&7Wg+lvr;UZ7OitXT4-@rKQ-^~6;4gbp@a`<|k~
zAUJY<8uag7$f<|$RQ1s7jiwSi{$#;Vvem<5i__fwdvlAaxRLG{^LpAR2TJ?T_m+GP
zY2~;6kP2HAQ_&sV%NnKe2EWyMVi_ZiH%xp=Ppn1s47RtyVyvH3+NF(T`#~C8wcH}v
zV}1&xciOJ4WNI0RVV`54>nD}!M@nN4ET0B%aJTCZxQW&Kut3RfxVH-5vv)<k2LHGT
z2H6iE)mBP}57Eg*_cyoXsu#3B1oAEPHr%NH@H|Tsd|m-dB3+T+EmbdTb6_CZ^>wbF
zWNWBf$o8A^*)ld~!ga2WXbb(n5(i`CDjJ+4++e^WKnDX`2V(;J7P~hzE*&PSh2Egl
zE7kPI1pY8eNsNvSqV7;#Yzw;|yd{Tj(tKsGzwR(W&3(ys$W;7r3+L;H=kR972*0rJ
z@)hex@5F4^>gKm7N|{vH>}BaL*-pvVo~Jb)s`G8(*C(14vsqUBT=&#H*Yg~-RA*H8
zz2gnHSL%snZCIl;-Y{ULo|uX^z};4?U)YhlOYp7#yp{O3LhK{uex>l|nnuXm=y~mv
zjZ$g2a>-jA@R*hAZRo`p`Syf4>OQ!~?Z?%2ynj#Kf6w&`YYcPLy$xqHoXe+Yq#bLI
zkSCV19w~NMJ_9QEe4Y&vbX3h<MRC7AsekQDvfY$yE$Zqg(LIJeGW!!fk=wCsvl|wD
zLfae_DA{63ysaO-#s=a7h?_;%YDD*$o1VvO|5?c%+2<3w$-E+LQwOTsRO>#;Zph15
zH=^%eQzyaqWs2h5A&0z(m)sv|d(}UA6=(a7{V^bDvLtUTg@0|c>tpzxkFQNdz2NV+
z#00|+Um~PZOK_-UI~;FohCg8iz4O5f@TTMyAM1&{k$w*^^R}c)_6W&t2zndtkONJ{
zdIKTxc0=2@^@MKNi>7$P4t3@VJ&7CZu=I)_Z&<d1PLC~c3wBsGJcmzWiV6PdlnC1Y
z@N^|aK2oA6bt9pM$a^2b?>6-QP~60uiq;zl`G0u(()cKf=KtQzZn6o)2}*EPkf@6U
z6im=y0!9-^U{*F7C1?~BGzh35pc_Okk?acN7~~PW9v@FUA0K^GJTS-_AP`V4IRrTs
zIeG};CJ7-)|36jTb8HgS=lA0O1~NM{Jyq4!)m7iFu7-)S5>Iegk5KhAZvy?d#?NL+
z2$d^Zj2t2^uyWL)s4;S|p9=~5W)e{D+BV5a0yBl3i6kOt4wfq)@`aP+s)w>`_u}9^
z?I0vabKUrbljNwCCC41{oG;<SMU~33-<&xa(;RO3`Ll$O5R>P=8bwHIP1Ob1{`4D5
zCpa>irgu^6yPZ@wE~A|t8-K2I99N1qD$DjcwSso;oQ(Pz+ttd9rfEBKGV0}jEtkL9
z<k*;<Q7+H@0GNIizM(i)=VVNF%c1#rYFsj(d9}p-pX0`})HQzfC_OaW1aogx3zNZ4
z1fCNpWwG0@9;08+F<jW5Ezljb6a3jf;8}GJV^zP}{NKrQT3|xfcq}b2bg2~NIJT6r
z+|YhGv<`dzn7YHS*3jNB@W~iNofoQ>gO^6xyMV5G7WHo1f1M;3diOH4o=gr_!E~7T
z?SGx5^l_H09*4=T59o2xD(r#2(_-B63+^aFLN)T-BnKg>YpO1mI}>?sPX{5{rGBp?
zJ7cvxw>|WvTHbASwpx+B>`3QqM@9C}4cU&hzM=|fNy~|GXJ=GSugq0{t6JBbtCyc=
zEJyuaDNW2jCK10{lUlBnX5Il#P2Z4Zq;GNX;}dUu9!)F$=5Yu)&{ShS@~JE3&~b4@
z&SkS1)Bk8<j6S1+eby3V12_gQ{SR)wtNP4IXz%AZE@;=-7elDA3qN!62>L^=tJ-Hy
zlCAE|P2DdvR=ur}G3^d_YPtRr{58;>o4VgxU&^SI-zt~CDbIFP<YerV=l(zl$t$Yx
zE&I*sbJXSbo$Qu_`@mgrrG4fk8Oz0rU{Q_wv$E`<Q*kt*zMqoEM=M3kN_2-(ax?)X
zDz|gS<YfH*^nsG)j$C!JJ5Nnk6RSUUa_3P`Z#0~^wjhS~&l>i8nm1Vqu|OPOe#GIg
zP4lK$i)l|;Co!df(TC?kS2r@I-`U7mwz@@gJ@+Y+8ahA-$tj(X<twTIV(H~LQ20q#
z-!?FoS5%=T-t#F8CD*+`8t9aoHVFQ7l%qUuW{j0S&QDaLkA)bknn_287}NP=pZ3JR
z;cdS+LDBB=&}uXzaHYERH=V?%mMfZrPZF-*-gFXuZM~S26zwLjU#-tp_tG1mV@%)B
zz}OGONeF#a6Rvi9JVPPzZGr@T_aCrAliiA%_`!c*a^S{5KY9)s5k01tVzj{RUuYhF
z&GpShP70#vYK}L7z87T7uZdHhJo<oo#(Y|Oo|??X`OkBV(V0QU@K9yH=K9w}&_>s|
ziB3|rn11ja%2A(K-(vnOFfi2#5Y+k9{eE>H%ZC~GCck<RlYEpAW9ka}%xq)i6#GIu
z14H~;m!3eUm_a8*#HnRZItd9cL4+{=k17d*imECJ;!;{y$5_=m?x&PZhUY4B2&wvo
z>l64t$5?`}kC`w&YY#A1HpPi;y;3ES@GfjO^Pg1`q5rNkqpe9IYvjoi#`K37V`Wc4
z>l<<i(TkaxPnV#mjVwPuR35me1XGuy0$Ij)^OG^J(~L99UW+0mjCEd1<1gcU+ytM!
zzK$__zMST|Vgg^c!g!|a6?kt_G9gu~?D*4Q{{3^}`&tQnzogC)xVoe+D$q{RT>HlJ
zW`-L1njhPKAWG>HOt$i(;`UEa)V;i^-n=PHMaUr}T-BA3vbj-6chO;_`|ZOLp;K#t
z?x6<V;h1DX%Ki~$$lvr&{H5bP*#$#Vt3fv=`_w~zwFzdMzB5r70;U-)_J?)`CTLD?
zs65clud<Sr4*KkD#;Vry^&Lhh!zeClqzOUG^gfTVO~qu>?Go#w;X@q>DLa6!Py8o3
z(j9%6>rHtLV+OwA(*`8?)ml?e27#Vz_=B;sL;T(Gx<taPBkIXYT_SW=jnI?g*`OnX
zpJ7a&Vy=INb2|}IRt*w-HhdCjIOrfmf09KE7{311Qa**2e13Ww<x>#+Gx;2R)-Ipz
z&vN-3pVdM>g)QVWwjCj5gE@~HMfpfNm(Sa0{z5+g-N#tj5dQA%R3hPEJCx6IDiQkN
znF#q@KQmH3Kf-s1a``+7e;2eapMoLafNQfs8AIiPi?hFXa8}&>lwKoWr}W!85onh_
z?V$&z<H5hQQwjIF^K(P{iz}KNgW<r$;oli68zvzW&mEFTxMvzN@#1e1;pbf<6Qx-H
z^J%`Unnl7L(g-QLm%ldn5Xx=DZ(MF;PBVs^%EMQ{LqjD(On=H;e=e!?h>>srT(}#i
zV>geR#px}?2qQNkv@=l57c*IYlF^roxobryfKHU$<RyW25vmX48s^mU8R)m!Zj722
zo(6h(g7?|$2a)dU4sp6aKgC$p*P{$v&=k|XAf^?+F;;epzgKinBH;y{P)sKeN`y{2
zW!lWgh0W~W;^VyEKY;IpUyYgN;n{F`5-!JLJl|YCg+e|R(@;Kn&zxUA3C-oRvBWN)
z!WQy*dpbXYFhV|#3kfM3&iR~r0Oix|AeYa)lYb(gg?kw*dw{>!|A0iomt2VQIdVWE
z^sbXF<a1Svk8}B41K)qpluui@9AT5s-L@kV)mlaU1+z}H5W&2vT;d3o%b^-V2%R|1
z$~-AXf19U6YiZlwY#Ck^ML~GQ15i2mP!tULX<oO|H#6g52<}he0m8$)9z;68vC6~T
zw-U+WD~WM%)NUd~tm+;xLW`<^ziS*mb(I`k#ZT0fgPG7SI(7>k@K;ZV98@{LLX43O
zu1hYFgLgPYSRx1SahO9sB6P{Ze%wA)q&%Y?NZh$!B6Q2sCi8gqboiwLLdqt(uzwc*
zf&Kd3eu?k{$?4a}jdA`ebk4KT;#@vorkx$*#8tX@+W8qC#m3-LY=JjH>zDA6TMpLZ
zgnh63qa-;r2w2quUXN0mS-C?Zw9gboJqP&JTEBWUkHem;=;j%Wfk;Bt;QJTP;Ch{;
zXs%_W5&Qc04h}iiPqpJADCg|(7X^gK!43R??k)QyQueqD0-PFgz<O!su0JF~_Z&0z
z?n?t#Iz~U5B4R^1^r1Mv^Q9?_VI2v-T1)4^#UuQAoNwVe-*|s79Rt@rjQdCZ>Y+UK
z5bbveb940e5qMH~2FQK9ix9n}iLrU~(U~|YVJrgvVt8QzA$aPkv93VfQ$&h7t|!*$
zoOIq^p4y<-*{;pez!T(3j_~73S3=aKEu0($|Ml25%E`w@Ud9nQ7>mj@J%JQ=_iH^?
zj1mzEms9X3KD#9NtuvRwUWhf9wCCT%IxhB+bA=c=t5CzM9AX^irdH>s?ytIl>!m;A
zRN#7_y33z2E<v9A3nAoIZCJI(SF+LpLntq_Kd_63Lt8-vuBRCDXPhct=hu2%(Tu{U
zQ2V0u)YC9ld}_2D`U)*xEnPnux-lYOOFc#xPv+QZBumD6gz))1hV?|-r!C>xp4T}7
zUHmG_5o8yt02R@CjC#lj<5megkPe>ASk;z!g2t7IR`j^pc#e<sdl;@n$-#L|5N<fV
zoB^j-4$TnZa9iMDq7A=PxB1j9bjTzg63y)j(TzyU^{EFjd)Pc|SME$w*YNZoXlvdy
zK3rczKAm1g%Q6yBinl46>(!B1;%Dt|U=7mV-6rv~&eK!N=|j^Q)6X<=Q$6`f#`K=d
z96w{=dJ5P7@CfjWXLG-J&|b7FNxx!Cbi@(H^!K@*(<i3$;jyiev9KFnngves8az}S
z;`clbU`m{*8#z&FcA_>;V@w~>7~vr)+HCBpzOIu+P7-j7L^ooN25n#h%lE)Eb(6hU
zFILnNejyNe!;eBJ`PoUvqUClYZkf(m9J5Cv;Ww@p4?@he7v}#e<M~C+_6r#Cpw{Wm
zA}8@{AHqj{8M^{KMVu!&?1~V$#mFuWl?Sf0B0wVe5G#}26b+C5+=J^s#n$rWJk0kf
z=Gs-YXw*EVH2&+|5-Ec=!#P)@X><X}D-JVO_2#@kw;vO@{dncU^V^S-2mdGg;s59V
z7yGd?VA+q~ANbq$V{V`|`!PB2H|&SInf;hxw;vOl*^jFqXkkAt3bbNBnnwJu_G9f6
zt=f;o$NvxZBY*Or+mFH#I8-<9!lC-$X4_Eh@|4Yfq(2d9Ka!uY*^fRD8*b-*W1F35
zKgd>YKa!};eq8^Q&3^2=jF7U;j@InQis4Aq&77z+n`}hQo7}4Xn85AFm&4C*Kir1>
zm|(Xb6V7Wt20Y%veyry#Chw3)_{qyG`|-|BiO}AM{@Q+AI2`TAguk{Q6V7Wt+^yM<
z*CsZzA9E%~*pK30B~rG=K}h)W%g}zb1(Hh+a{E!>FZ~cA&mkZ&czXxh&a|TYoyOo$
z)RQcqpKCgu@bYgqq(u(CD)Q9cp2Qgaq}U4D|BD^8WTqkXE5S|ns|(==pLzt`WXx}}
z@kxK0z*yC`$oYSQ#b9pg{<8maQ~t(wiG*XiBTJudk_i3$fc2c|zg^Uwkh0JD8;@>B
z{hYap$3rs@;Cdgr?D}}F-{CIs{FgAbtvB<ng)+GnZD5j8I@v*=ogffSmxI^M)A}dl
zjd2sKnB|0VYApTsaVzieoMCjd%;W`5qNqnf1^wznNs5~5@vGyKY5F9wLYIpNiWe9m
zMW7dt1}|!5eGdJF@n)XaP%A(C7@a&`#F53Ts<xT?mZ>BA`wwD4!nq`nlA|6h8;tqw
z`<2r8e%ts!{#7FM-u=y6HS#)=#xqv6O60M9|4J+&Rg1X|@8eewWq<!#EFtvVV~k<)
zg3bRAbV2t$`}@~p2`LVO1Ha`l#t=Q>uVJ)^=Rd*gKil_H__Z!E^PFUeqV>4(WhWVo
zYui>b(PK(!ro3Jvbk;bGTPCG$Qq*I(GeS{U(vE0Is{^AI^;q`zJqrk-A8$0)mafcE
z4=Sbc7jBbCnUjYh(>6+k-u(w-LsQFf;U4TC(6q&jqcQQE&VRzpT6quRg73Q*5K{FS
z9XgRmMn@IR_2Io38O>YABctD-onM;c&wj1TbuV!K?tZCt{;pdm5&G`f*7&<=qMg5*
z!GzE?8=CRg>lcY&POMUzS+PMP^vQh@{3+vF;cwC7&G<Vx82Otz!Q!v-9^~)ywVXe4
zKK?$O%lUh9LF@e8zE&c1`J=7zH*A8Pzolt}P<?$f{_fmr^<P`y@0H&p_!~2}75+9)
zY{uVrX~^H}<1PLU6(WBdf8zWljXMv28%jBUugq_qzwtjwgzkH!HU6fJxAPYQ{$iW+
z_xKj8{|Z3Wzx^$Ozd4V#!r!S0&G>tU^S9(Ni@zAo-|-(s{@d7A_!ItS$q|oII?d};
zN(;PgmC}IMO`my~F{Nml*GX?2$1}(tgiAND)n%NSl{X!JY)da1XIaYGrll+$Ck!ii
zbfXmcv6Z8I@?&fL>X_tF^4Mi^yDX1VQsFVYxKZ=6!voz294Mvn&u@}QSz9ib`?g4g
zzO@%kmj^|IFL3`XJM424QoIIajDON0k1$sC9mey6+{T8b{@hq~%nMZq-rx(&FN3X0
zhKHXYW!ha2T<;KeFr4Qmq$+Hmzv><qDXy5mb;LuzeV8Z1$XvGqaX_S4CyL>iNcqna
z3D?C~e#XMh5~1t&2tPx-kcI6j+SAGO)Wf{33-Fd{Z_BcIdlR6&@o`pr{b7vFIA427
zbm4j0%i`@NL3>%Y_O1Z>dY-R64;_4-_HN<rZQLl4a64OjM`1?i=cC%&<LeDIe9O&R
z?ptBPh=*^Lb$v3#NtBG)bD{{5gH41G?S*-m^6<)nD45=uy1Ls&rRaFZc18B@!JSy(
zzc_aI)Q(;b;i)gdqZvO2ZsmG#eO`zKqJ7}Op!P+gc!nM@nlOg3sy*hoqhyTO8p-!L
zwFAnG4W!_8Ugwa5IS6dJ&J;Ke{7}XH_EkaAuJ$Qh`qf$<N0bH<lN5CaUGRv3fd#W2
zglI^zRtl`@DG~eA#D3ef!_Tz@O<xwFTX|ln+z)X`Z~^9}?4|FGhCs*ZRYK)Hb)_8q
z3IWy0Zl!OgKG;d*&`v~93q5(EopNwJUgRhE5KWD8_)3x;a&Qi&4(#!(+x+TbzdFq8
z_N(o^^qya!X}Hqbdwpu9ujCqs9Gq{Vr5;3EnH;=Lg5SD3<X{hs`3Aa`zOJ|eCy|5i
z@g%llq~#Wl4$nbwHbzLc7k?$eukyW`n<_&KL?Ht;1aeZB>8H*7Fc{bQqZrc-oKZ_#
zHkjk4i69yJ$D>>z#y&`&mT$nPe4op$ZbkKb5knmh;i5L#qm*U_S4srmKQ+>PKXfDZ
zD8m%09IqRCppwpd7=lB5Mh+fE;&Vx!x}1jwxkL_~;9w^T@x6zjx%OUtGpCo%e+Y=T
z@w1K2gr8O!IA^8R1Ea;u*bDkS_WdGs5WG~;WVN#wU%A2fUZJhMqsUq8CeE2pt;|!G
z>o-Q=r!X#F9ch{RnGOR$ztcfTW$4u?LL4a0Tz8&&OiwoAY3WgTsT_;kB96+kmqzyn
zN3%!*gTF6FJ<6Tcm)4@Qx)Wx?Pk&`hAJAaKSC_hb!xxhs{Kf1aumtlDezlU07-_AC
z__Z#&1_4@+sArv|S%$hC+`(s+Z&pZzb}QmF8TMk@t=~)qUPXTx%`x%dR*pwxFTEEj
z9wQM#`>lcz+tVS3Zebj!{;h~Hy%%GQ_O?b_aVJG{&B(`zc=QTB5q~RmNAAprNZ{)1
zr5E=m#8w9-H<jt7jnFQmbD-UK3}tb8>61nL{i@Y@>c*-S*-LvOSr18~D6_!@T|dU$
zHXFJLobjc1nGEQ2ni!+ckBa<NF{`U+uGP0A)n6><R69m8rVnn42-ofFKL%o@__fCp
z%uSF8U)}72K5KNyp<U51wjT4qeJsi0FMSj*JY2hu!QV;7Hp=sCtVBGDrjFup$Q79U
z*X5C*6VnNk{G|b}rxLRT_y@2y!*ah`qo__VhUp;HStBr7bSqlgTOmwdvs=<5P9wWd
z<q1G?P<I;DSVl{B@{E!TB17ok;%0(z(__2&hPdf5ZYJ4oju1DIeShCBi*Iw1%92-w
zk&_pc`}=m8cAK%QE#BX^%Urk$rAOi3I_SB01iSLwO5gY|;a<>*@=h#%7AA`&yZ}R#
zu&DFkd+L1rv2T2R9<;S921EQ2#_An^@-BSx6F&0{Nl;3Qlfb~<J_7VG&3&8GK-hdG
z(c+b&C=<4aAN}eg1FMmP++Hq%duX4)M@Z&};5#D_203^W&R-=najvg6h0gP+gBL^z
z-%bvO`I4NHV}XL%!&l5}$;-V_HePP>Vr7qd8o1xohD(Aiv|*CS^~~|6o7bi|q0uf;
zMt7<u_^YM<X7~Q=uyt>9#dy!rOfl>#^`yh5QhqJ%6+a4mPK3Z;#MyZfFJiI7kNYp)
ztYJ*4ESV=%h`tGv!5vM__9GT@1E?;+`ryuZu(B68NQ>OJS0!8SoA_;k_$|Ge9_Ofs
zxf5TxN+Q`yG5x$WGii-P=&zeOY8txH+DFn))cbkke#Z1P+j<(+;FlK~%z7D9;rfS0
ztNsgI&$rE!hiD=EbU@&ggYM@pXR`ivBV+SuU%2_Q)!sF5?YFKkgX?>&>o#!xv^js$
zbN4ZZmFdNG6<l|*u6M%qzbyKGg6omi{U!HtdeZf^NY5v5|847gujBp1idjw^$of#6
z{D@E8f{Cib9EK%*5qoHWM^U$-V$x+pd93xq9jKjSz3KYP^=7+I+=s=)+d}6?I}jMs
zFSBrIT2#bS=-QqW{!-=_K_{Wl-_MQgXcr-6aSlSlpSH!Rb4Vr3(($xHA~a?bucKv8
zQJue-AI>nCXFPA2!IQkiUV$91TMpJqEp@EH(af~km2HE=J{vUCx_2Esg*QpT)oybD
z!dRj!9|TJ^((BgWs~79Mc^6<wUk4$2*G4-&Pbc4th^gagTpEG-Q@hJU-yIGDT8^^z
zl@4Gyu|1FL2jdb(+3WWynroecsP`+Y5cRGMOC)=UzcfCrN)q)ol+yU?RvCHpvmaor
zFs!sC<X-T9R!F1_%fXdq9$RUQ9{TP^#`H_iiFIlE#L!4RE`sa(t?R*X{h)b`=kwhw
zOs!E#<6_AOjSCem@w@5P9AWl=m@EQa#YExLZgcz9GkjXY%9P8_+WkYi6NQ&JcDj>P
z{lxLg)%P-1^`@c!_cEpzSmWUnxbA9QzYf>+w(&E9F@2V)$IbQSk3Z9wjen*uOC5GI
ztz|BM#!2WKL%F(t5=BT^J5cv);;|z}RiL_`T_zFg*}&C3*;My*`rg;#h)$dc635MG
zWxn+|3@XH=YZ22Yl9)&~x;AISE`atz?GsG3H${;|*AHh*|LLsV-fKO6o(X<&+ND#S
z=%w4;;-9%&{MKTL&<hK>TRhmo-Qr_@wTADI`)C;MkTY`0$9j{&8R)fy?|VoV^#lz{
zvcs`B(vo1LEj???tN6T-G5s93H*{ek>dg()okZVevrAebV^v?$AUt~!c&t<4udCs&
z3Gi12{51;x`X2ro27hgUzwRs)^;rBIGOMBG_nG?76LE6!fE1TS-sNY_I$_}-a2~uA
zevUaS?3-WJ{pulqsVlr32lo0~orJDg!lzHQp0RLdTSD|38yKU#hFXWg%*f&X|F^>b
z2VO1t*a&z7OVxjhRyr=yprIXW#MuNN`Vk*$;~=E!*KAbN?4|7@l>v3&M|dR_U%3q*
zy3o-){|^)YwAl@qs>=dJq4MHeeCmEhZG>+6cnHXlr%HD!#I(1&?ll*MLST16cOHp?
z_z&7}@O<GD{e{U_E1D<XVczc-I7Z_C8Q=#Y$)TCJ$lc|cfRo^=Dt9QIUWbwSbxVJ6
zX+P#kV<(|`t;f`-cvOEEZ8r=7*gU>*(y#tOZ{bG>`P5xXsJeIxd{;P*Uvm@OJuH#3
zSDb`|-x(m*N;2Ormk6GZst;g{S!q>)4~>+nj}RRhiz!usuO&hc72uZ_;+Kzc;J4%+
z1b*dUy~9`~84Sj-&0+)nEl^71KVE7O@PSD{XCUCKA6w)~n&W2j5XSVInTXpD(J@09
zt6FH;`9ipU*N7vlvD&6m8lMT@`X_vAx%sU{KS+csKZ46+;3S!MOvSmY{&CdVbB{X-
zowUa4@9|C8+Oh8q%I6P2qcH}WYFxvZet|td3gm>w!iQ_*!@LP%?O$?;zKFv9O#Jdm
zz6nj;OJgbo7^bKz<xr-`345l1F+Ihsa}kj`D+f0dzSrfGZx}247tf_1^u0vFJ2-i3
z!V;nPuQ5H&hs9#}HPGrXYhR(3*=`!*2DeV(_!^=*=BBuZ%$&r~D89gbZ?>^9Zr&1O
zLjUF-#?Xq*qu1Om_HEAMk3W%xVjZ@Kn}Ywq=SMg4#j&>rGp3&a<F)l3zNPMEr8GXY
zL?UIcgQVASR+^Sdgw9{hnEqbN{eq(Omp0H-Qs>~svP$Y=<lrJ4ls(o?LFNwNo}OH{
zUwa$O01mfh+~s)pONr3LJGt>+=ipnBkNMT3*=!3a_P_5EiXAI)b<6nL5Gv+XDy8w8
z%Oq0vy+la(t3HONN#96>?x|#Ks2}sB1>W!1y4*2EY_hQBg4^;ro=&3Q-faO+ucNlO
z0@yq8jgJ||V?O@gWB+4#lA0V`V&ttT+H|lT(k);+TpT<7<`!-=9-zDK#-UrtlXexg
zipKrGbzR+!z5FznD_>{${*^w2@O{lW>cO%llCi-0`*(<0T@KdZ>?+2p?y~LU<>uoJ
z!+iXV)9^!JJ$ip35&CgHlJEu^Em0#OcZkR=+2SxGT-DeXCx;e`A@SH9&E+Z9hmO+C
zcbRL{p}Va4H2irV!uv)kjlYIdJ?1OEex9|8G5tO(FEil|E3XpqZ@6|^c_YX38Pgvz
z@*?-^*D%Jy)1dt_iIA!{`8ds7^Ca4nTgRc|4;tqr+25;u2%$+Ut!4C2n?z)4$}Ll!
z4654YxhIWrc+eh_pCCLW$K&rp7jwjFeI|^>eM)JXbFm~o!$+j|F2;1lYTvIFdl1^=
zC7JF^;DNMcBqfC~Ha?7?(Ox>~2afgm)CxJYuaU!jCvIm<-zxU~(*A?RIR7UnMY{>v
z4g8mn^NM^CMjC$2MaJ{*a=S2;Kc6F>UjWa~7B*`3?V^?)T{;9srpFlhsV4p=z&E~l
z^v&&7(ncSIRHl09JGbK(MeubM247Q?=ySL8omXyL8mN?m*%Bc?L<5Z*?yzp*mfb!0
zQvVc1OZ(#qKD#Swu1C@OC-~KelKg6JvR|E^B7RR-wEpSh@2rSIWiR6}?C)08z4ktx
z6_I(C!QFv>_jQuIjDtM?8Y_{|8}G2}!6%XcL2#43U!CBgujaw+O2pekOb&i7@%#ux
z-Elq^oxB(Q*G5Hib(w_b<mhO_oO~t0$1}H%cJem9ck;CezO4C8zD2-uPR<M7;r<Rt
z#Py@t)|96{l<ZS;lhDM`Y57*qlsgF-<&z()gn!nV>!DgMQA+b2iaLb&z_}J_HFEGO
zp0yr`<Jo7~9P#q_n<b$e`?cQb!;28ExsAs(FF6UJ|H0nwGNg}TbG0W@@-hwv<UI8t
zmfbeSM@CVC976Y5dm=qA<6!X~MRPR;#18We*P>BQB8PTkLZa)<QDWnDC+rQv#pK7_
zt4RG?DF=TSosR`QYyx}jF~eWXO+w4<Q^zIKK@qQ4$ia6dF12#_XX_|=>~g+}jD~Ta
zz>$Xd8PhlN3%}Y(bK$zZu$t*`akf$TPqj4JZ(Ao)_tL^Ud1~7vb4w^5TjTJf<5TgK
zM9N%XO6%f`$?dlPN`yL=F{VE%{F9~iaVARn8?Q5&o4S9A3;(S4l_Wa?1=cd;Q+c84
zKn!0CxKAmKAMuq$)E(+kr8M)@XA+?wl#A)05pB-_&=L4@33ceZ8za|eDrw;$@c(@3
zktJ?I$kN_zZ26POKiq%KTIWn2B(_4yoypRMI70OPR^80f_|1z9hHK)`Ll^-hT~yAP
zKHZMHVRv&r>DF5rLuRq-zzL1z?Uw;b;nX(R@>7d&{z-uLR{RiA2i_X5H*oJY52(PG
zd*jQQJ3f^NErqv^HrdxlGk?d4Ch<~CTu!@eq?6EZ!e|lD-u7w0_8PyGNLf6z_jDVc
zy;hnz8=C9`O}^SB?5m<>{)4wyR)p;>DRL4zD$H1!3@?9*FPG!^?9Ld&LlzOQJCd8q
zmcTPh|J#NTJ=XNEznF;gTAy*P&TIRKwS+5&zG~ogD|;LB+O=O8KIWab+iB20Z8E;Q
z1h`uI4E*?(-LK8S@Ag<ewl%+YBraNlsS90l4!=38x8c_={@nQHp4%AHf3V}n=J%e5
z?_Fnp&(41t^54i9ZMqHnq3RWS`Zm5C*n#)%_%9?<26ImMQr^1_pGbuMcPV3fLWF*s
z`xE(;cS<QalFYZ97I@tvf3eU_NVfJY-+AhigCF4nQTzjGVDlV~lDcR)G#0U}FySza
z9CAv8<f-d?SRgO$f^oomt-W6^i?jI~!85UFVn4fq*G7^<ZQbyVA)dU@COODr;9`0L
zUpkL5e2T0Xkrv~};+hk01<MA(y0C0XZlIyS>%n9o4iiF{qz<d_h^z@PiaA?6zKGhX
za<F$S3hmGb5~24F;I4aFEXQpQ`c=k5(&M)Z&;3}eX`B8PZLHtUiZ<uP>!NJ}jFE#k
zM#CSma&Ub#A*t0Mz~KC7+=L0zN*UWiS`WqAcW;f3wRUe!y&mR`_nl%_63+CmIK}QQ
zn8?lDTXOI%m`$)SZkqE3W7AW2KcCKC#G7{;i}odwwdd)TSZHrFc-ULsmk1r0%SCc`
z8<2esuJ0=93cA+^0@*1CN3}6Fe?dQTd5m+4>cYWd_zUEA$Sq<DpL#^(Hr!-MEfw92
zisV-3<C40Vz#x!e=w+ByEX@l(izeOgO`sc5A^buiR?4C0cmij5_cer+{S<{7T9qmG
zzgjKim@UkWY@yf>Z@&+3ujX&hQ%d90K1Hir|B*yetLdOJ#`L&oqh2d-XFxMbf<sU&
z-5hf891N6<b#ich1M)Ew*Yb|?_j+>On{#yxZu-V1<j{xw$&@JGyqjK}YdJx;wn1jn
zqX?lahXZs8M!9GoznKL$_vKj8!bfck7xmhKrezPljZZ&227MAgA1>e|Ec2=3QxvVo
z@kgCxlsvZFrw#-!%k5K#C;LhqQDP+JsiTv!<#q$pQ6=8wLu$c7iO`t-Tz`IQ!-rIp
zS(f;Xfns8A-`3EZLEJQKeiS{*wZjdM@;`0Rqg*sxc$7c4;U1+WL!Ql(H36B)j>F<?
zSdb}rLmVGYD=<5UBA@-;A^~KtqNUw83chBWMcTp(m=A)o+$jeukV4SsZ`>T8yUs~`
z83WyNa8+AEesF>~cjsDB<3=}V-=^Huo!N^gT}w!IcykmXdMWr{J?-m<v>#)7L4)w8
zYQUvf`ClF|De4M2xY)_fRA^xXV|qKc{e9g32k$Qz>s(x~X~jUx!#?gpE#MXWSJ5@R
zH|CshK`btT9V!iD(STzE?J5}|&Vb7%&e1Nrb-E|UjH@#n(7j6CsgI80`TmNQre4QQ
zPb~fKK&%-x)dU5df$@gTkzCe3%i-@xgl@{>N^?>oB(=t`)^eNkXs)n1vry#@q0)rr
zpW~?>Z)Edbs&Ys>$4i=P*^KEk&YANn%maQcZP>%m;noZ=!;R{C;BAS}Lh<Fv5?5Et
z;2q7uj~CCj@`JP-k)iou8>EN#cy8+c?8P_rfKJ~9o&Kr=#DVr<1Fg#v)<HjYE@FKt
zi!s}@5n6K=x??~Bnul7JpJixP#aYJi3l99kukeM3@e4e^D2p+D;#m{loCDW)pEYm?
zK6^fqC1y|k<2t)PV*6gY@x21$dsV2$+u(a=Ij&=WUNN5c8qZ&h^zDS_*YM}V<GT}5
z_6^^EQ1u~N($5!i{DgeXm|oB6#NdX`?PnRfC*r{?I#%Z3Rm85W6Z};9)nmAMVmE#3
z77PCfRm-7;XBpE!J{wuDerM{=)avZTtC5wh=KkdsA|E-9&sqBs)!Pa2#Wjw=!+D`i
z5H@yqaJ^GX<FETrB01{G9CejantAkHiO}q?c;Uk~Vru)@00t*85eEg@<)-e}A81z3
z7+61WGh@1fc~E<Ez=A_3x#{|w8Ozb&QY-Mf^+{HJJHNUu2gAcp#3OEfG-GU@UuE!n
zN9<%Ya8wmfbj0rFIc^sk_=m#3XMg^lR-Ql6WUE)74#Zx`;}OF{q6_<5mhZP3#`Nu2
z?*ZaNH$30>oPl#?FaFq+y$Bn#2)&9=Px|gN_*|ZPhz}q>o>F)6fdumN+x_Qo6U@%*
z#I5`5ta$2=?8Td}H7ziH4R_$_Z6osgKIzZ*FVC;x>)MNZTBA16hBqzD665?*C$?@I
z=bJ5dK5sPR9@jhFG49!c>3C`L-$o_R4)2aKFtv^S7|UMl>p_VAiSb@;YK>lBZ_D3!
z^ixjXKk7}K@Sz&(J~$}jKm;qfgQ5?u<@<JK!8ltCG|g|Y%WE$D{+*Cl&sxhaqJKfZ
zzsVYLKSo=w#d|kde!|{p%d2?)ChKsD5iy2W@ypHdH2?LZ7}Kjzv>yM#U8C`d-3+Xv
zKe`ga%@~@3M*(uX46a3<T9lNhPEAJlC|hpVpF0;{<G%mQ8()_Q*V*^`h#Xo_znmCu
zxA&NCM(<nD%@A3(;8X=q#u(H2<-FM4gGK0YJbJg`aJ0iHq|=>ugTt|thabKY$pP_X
zSD5<yyXD}37%}y83d29(+zBLY$~4n@;m+dP?&w?KlFYLbSH?~H8|S$G^GwKC0ge9B
zhcUgOfw6hvYoK$NK|elohOv3{vYV|A>JZJ{?!Zs2&pKC%S#dTr_fZX67dizlGHZF3
zV-wb2y~SFcnp^{>dy{D<`=V~Iht{^#GnS_|VFVVA!er0y#8TyF_Zwhl&Q_12xo*49
zNfdS1I*<7Aj0Zv;dofwRI<k?Mo_K^Wn>_lOMChJ$KJyNDniX8dv>(VcrhTW8b8!o@
z-XA9Un%DWXAD(+HA!XoZ$)P(>qXPhT4QnCJ%3w?jc-=VXrJWY%hh;EU^(~0J2>x0W
zj)ev`0J|5SW{g&UjEbyRoPnWw5ej1?cJUw3w+YyZFp^fC73*r4uCKY)c7d4g52ZBi
z%U8v~-^vF*J)0pEBR6#uHy-*^XL)zjh}sKx-HfA3kFJ5wcEZp897Rag?Cix|%^ne$
z-9^#pKHzlVSN}+@rmv(!Pc<Ngxv87@^w1gR!Fh&M>8VU};D-Lw1Y91@Q)_d1ug|vJ
z)jf5nHazgSIh}hhZvCeQpv=+^c+XTqbSV@qb0FWlN(vD9aTGWS9s3`&BM6lAJIz>F
zF?vjY=On&#;czFRXWrpJ$2NLRUu#||;!yttFSd8jD-r?AzFx@nopeKWIbr%$bwJ~t
zNaGf?c$<Jsy-l5EKVhsUgh8dhLzONs<EQudSArg|9}2zb-|E3IhwJh>#1ayOGH1E{
z>c}%5yDQl>iWeVySt2yPH&<vkS7?6B8Lm-P(s%k`g1dpQgG%4dYt3mq!;9~8bOidt
z7{2H=a3ZdAgk>-YKcI?_KY`=hRPncZ+f@9{6I{ig>&;lzhl;v^&V;`fWiKuO;pk0_
z(a&xYstC%~;S^(e+Hk&up$A?(DRwYKJGhfnC=v35ix?*ESi14LSl@U<f?M}_&>~t=
zMVabb&T%E*gFYy{KfbTsL<$%uG^!rD?WgY0ZDpVsn{4x;F}}uL=>#7^DNVccB{9Bs
z2|akNw|#tpIn*zyVJ!R_%zR6r!5fbo`p#7y9fZw7i}fRCFo?-sys$gRr;W_f?C|&S
zcBp|dx*%OFKUFmFm>Y=Nb_FVC`2vYR+t?&f6w@2OheR2}OAnn9bxwKR^`br&#Cog|
z#_yr*#qMhe=MDN>Z;NB@Qxwe7C=-G@;V``<^lz@khF!OEVy<7n7sN`^M7n+O^|RJE
zu}v0dPDAV8nqsed+ujM#@U3TYfKD8Wqq<MNlfw~8X<F}mC!zoNNEinZXNNY|F&5t5
zU8t+R>?pq8Yp8gSCcJ6AP_-^ko9e;g@M#@{J^d3n@<$vnOCzem7mkJgK?CD^iv|q+
zy8#!ZrhCGmf8T-rSx}(f75Z&gZ#-ujA&y~QH)j!rJ{E13>!KtSTf>Xs-eWz*bUN?`
zp;73I>;38&qw{+U1sKfND|dFr_bOhL(09ci1Le`usrv?yEcB)BtGD&6`H<eL9tScX
z6~FcpU(^55V6(l;dl|O3p4Ub|gO6QKKj<Zb0N$^9w^Q&0pQ7^A1~7cp`sFaB!NhNh
zz#|$@^3NrpdE|bIP`G_3K_`#d{Q)a%(ko6fHqW+xYR`e<i*1-e@h;!dCEd&MoZAie
zsu#LfT^8LgvX%ZB*DPD<AD26c9NdXGPFhZ9%vRc6z_EmMT680>`d?>dEB)h5d$!Ur
z?$<8O96(6+(ifeC=&wiF%RB{E8qmYMXe%FS|2&D%yHl|37503jQ#T0kcUD_-<aOpV
zFMV>pnZeP(D^j(4O(JFR(QrRASLmJBB|<xXz?l9Mf+J!by@ziw7DC{sdp71}9FT)&
zd7k=pmpe&bM!@Tq7nJ8^6uadG%Y)!iM-dX-BnRJ)vQ94gS6lddI{f)@TfwHEpL*x(
zJ0w944U{<e;qhsC=ReEn3W<<x`I~9pq-^<{;v}_BJrQ}9ksNA@A|$J(GD!|y9M55C
zg&%Kp0>4{qo@X>GUYutXinq=)l0#wiT<RTx_QrWe$-Vd_`5uNa4T{#OrlXU)n7)i%
za&Wtokdmb&iVz2mWI5+J)*(GaKfA$7ty`YLShl*7*7vf!*~elD$%Rhq5ofFg?BY3g
zcouqphuIH`=6c|6)X+Y8hK7#e8hS;Z(9n<E%{27bWuT!dZuv-iw<Buk^>=a&9YvSj
zfLe5)rJ=`Ow`r&xdX^Bf^kUS{c}`QQ;-XQ5HoOc5=&;z-l{pgJ<Gl+R)8`U9{%6zY
zR}6h#Em`{9ey&95>>fzTe7inh)l2B}VQVpCxX4KQaGt5p9eJip_RA6}10us6O@03P
zRf$ml!e)7Pd=IFt9!aNempQQ?L!T3_w;yr6zb7Al-z^90u>8ed)bQZ^SYfoq5rKnx
znmeTjD1BY~FLjb^dBIAhuj`9T@ld23H<d%xu|ik&$8t=yB2{26*)T8c7J8s=<B4sL
zza){enZQn;T!Wn`U}yTfjOo|f_KO06p;}zrIs{|y2<A2Pcmu3f#xXhQhp9T_N!tjO
zLmoFjV=Tc9V-gP;bH<s&^MW|O?&8<pw?^k1*p&m%GdQDRa28L?mcM!WeB-kCem*8|
z!q%S_L-OLd$RW8UP7KLE;%rBZUB!<W3pOxj49S;z@<pNv4F>L`_4wj8;Q4?Y1pb<t
zB{?)-;!JCjWt47@HM#B)+nQ0D;rKg7snGG4Mk&o<7^R0}BaBl2*hmTNi4_t6jj@c<
z8PeP+&F{gD(oU|#BR$}6HlR<dk2+`D?{JJJU&ENbt-;Le^1yYig}=JtdW&^k*PSta
z0e`*{3q68C!lU~2s{|g9n_8`pLr1MzPiu$(d_aT0Sf4+En;{dY;1-Frsfv@(4sTgD
zZ)qK_2*2>6F#}!4vmUQ}Nh0)(x5RFpJoS*#ufO|+E+?{<x_mgAck8}rQ<ooeo4wi-
zS8cf-YXcMV)Pughxe0P;0IoRPExPqb-mUdaerb7D@E3EgabdR_DqXLhC_jw7x(|Ex
zM>)itMz22TwySlf+vwCEu~Ub-MW^2Hws&edLIvQ1jB*hof3qn!wHo{O+iSpO>ol)}
zlZ48_nq-$WI`Y)hm(-LTY${nL>7lc>ybQw{(eiGlDe9;6b=}j!G(}f;uuRd8C}E0z
zj^d^$qleuT{TPL&=&9aHX?)c@!wlVEnxU!lB|>Z7U`&6%9`W2mbagUgx-RsGOB*M(
zX)ywb(YHd7Zo6|^17lVD`T9$zj}wLcog@5)nY;>`eygy*lN*6AVSgWOWXx`Ve@eFS
zrrV=&llh25lkpyj7UPp#g7I-K&Un_fcE+I(fVera(eU}Nfmo~|Y2;U2avSRPm$|6d
zi*lWW-uy31uV-_;{`Li9CW_^Hed~)7p)3Ezm>xI_F{_a;{czoR@}(OQ?@N5{Rx@9E
z+spQR>HF$<n$sO!8PoIYjC|?LjN38)<MF&!@;~HYtbI)^l+I(Y8SRZ6kgw(%IUqZ(
zWlZc!%dzKoUwq~~^xn(q-RCpu?HWOEn=_o=cdlkkZ#r$#tKP=*Rs5~eJIZONw|gzm
z|Gdbc*J;w*9q2Xt32Dlezp0i(6Ghf_H~4Nh<NTJ=_{6yqDbt{b)|y)VKDgCMuQR4^
z;P|vJV|VdId`=BbK4-^ctnrqAb;Q)KUude`Hy2uJccC%fV#Rn{)6K4SQDRJ}{J50(
zCrc$#HVde`$D}R>sGIdq#`M%$Qy-h<$3G|W{CI6PV`Zh>jku;%BH{hHsD>+EkO;l`
zpJsmip&AaqwCTc_zN5y<BkFX?g)r{+7Q2I+<j{MDkKwLm3=A!)MeI)3#QK)jNpI&A
zlf%)|w*1#*#%#e24v{jhb@}aZ1Z4zy<gWq+Z=DhAEIYe0W^+1uYW*3;s#e(z$nLX@
z@wslwX<>JId@(@S3*{`H#*FqNG^mL&{j+m6{xX1GeD~(lw)Lt*G~r6V(Wl@PV|rt~
zm=BN9x-0na15YuAmJn^CQX2o0#`CM^^7X;rUS&*wfv*qQ^iVp-_3)jm7}Gn{7<jsQ
z-z!RIJp=bo2&E0cMU8lKG+exfsbZa`CfIuCey}0XJBRCe@9e|)y@7Yf@KcQWO7l{D
zB`cMZgIPW~XPu(1*Bc;e#$!lJDwL8#@cUXt-Jt(+lB4mlg54u$7}Lj#!FxK1|F{o+
zyjT3VSNyo5hA};>k+D&HJ`g{@QzHhRjoF3uoTUX<GNzY;jKzVcGfy&R9CjKw*(%|`
zfCVbOJ;hg2Dd^q+bboQC)u;bm(>j~M8ph}lK5OX5>KUVoxOnj#XUi?<UtWtA{eWtW
z$l>OQEPh@h^!Ur5xTm<(Hh1PP&8lUrYE5_>sLAsX)o*FEnCyAR`rBJ$G2G#d^>^Ev
zR@wQywpHe}TC2qmYpqsZ$6<O%KYr>w^&E_14vO|e3P$z;ZxX%#3TqW@6W;@mt7`+U
zu-41^V0OuptSF=SVz(<Sl+~v$mxJ5gVx0|9G5YXTCW>k#!<EayKd_k+vFw(nILRq_
zhU<-ZW8E#wqiC+V@jRm^Po12kl#nO|tBw>V8{1mc{1mxc4z9dqrDF_y#L3V9ds-6d
z$=7ri`Nd#JR=N4g+bTspmd&>K)KzrJRagTAACZHZPF{S3=Rqmj61UjLdC|;Uu8>2M
z9E8k#+Ck*dSO-sX);>w#6?haa&D}pTNoPbGTdHR;strc*uMfm1et%yhihmCChC2P!
zS1jX2wdKorC5;X__!3|H8`ahjOQoW@JZ-@QWVz+g9&|MGJ$RJg&k*)#V-gh1O2i_j
zzzFmg;@yf`;7#Tb-Y;gCX$4rB0ny0>tS&gj(+rsOtHW@y!2v|5;>bOpmh1Mb)7E+H
zJB;@7oT{uD5}}JaiTI?Axm3nQUdgql|CM5O;cy!>!|rJ#Q>XYUJa6D~#;Pt6`-JCT
zW#HH#%mX|L>#;U?bkS)1FF`5o=TOvWt)zXF!1geYLp@Vc7gc<@qV*UE&#4_0^*G--
z1XBAfiq~Of)X~xMBp*V|#C0?m+wa;3I%|SQ4t<J{i|c|uA|HObo9DwTnrl{^=#}8{
z7!w7~@g~!Uleh*Z8)<(Z@xoTQshh$xQwdqp8S{8-DIB#Z&~mth9!wEOHODD<*T>5(
z!QJZ|a<HBdqV7;i<1<4z8+Ct1BB?v+;1^M^1JSq&S*UOrdQG66SiMOyR&Vl@P<0@N
zukYNE7up|);kh6~Y&q-qC?yq&qHb@Q_vlw^>FSQw{%=LyKo`UH$5!6ZM{xbVwZHMz
zj-te*$k&(y*Ke40kWgxBz>7J*N%WD9LVOzhq!oCR^xtgz7*vLqE2kqaEhULe5aL%W
zttPtio8s*+?D-Xnx((lV8t=brzE6)|1~aZ<0_4!ybByURB97KvXWizY)JK^(1c;V)
z5Jo4-+K;ovX>>X-v}_guPOT2#lS0UnHWDFN!dLhyJtn$aXlrOlBd<g^<TA!|rI9aK
z@r^MssKQD1%@nHwb5VgpHvr+?@jQpz)N+#q_@^e^6+Yfpl%_$7^zl}`1YRVnwe_;p
za=tcF;&9}t{z|YAdt=0|lRS0gHjl3)+L5OQHh4r@bFIgx^>ZUHe(fX7pisv$9$egq
zFkWW#6bX~3lWE`*p8k~#Hl%AbH{09%YEw4b>Qh%z=jE8pgpbI<m(48aX%3?V*@I}I
zp%41H2E;f?;8LUTjJnFN9;Q(qo@RI{4E53yewqs!r)2tU=g8BE<Y0vhyRQUKFLLwP
z)>p)6!)0JJmZQ-~=Nn%zH!8`mZsO4p%TMv+E^jgMb&ui{21feeXCEGlrT(n^d{)U=
zJ>y9wW8?J4;f}|Lb!MH*@knwNmvoaIfdTM^?2<}{NgE!b9c}_kk}L@&gHF~zLVpIU
zha}OfE)gnOHHV*LQAranVXW$NW8AG0TRf8J<jcgPC3UR$xo{P<e6`W?CjE|c5&2=;
z=xPsR;(&TyCJj1pkw<i(J}zRsnQFf&H?>@>$%8V2DyD)e#!I{}0|hu8-XF{JV0a-g
zIkdH2tU2X)Q`7)VXa&YF&+_n7>ypsX(BP()<4w`ut+&T-3|>uF1Kt!QR523Ek|^<T
zzSA|hi8G^-VU}dn8*WLzL402z{sI`pH{0v^*`KdAAI>#Ld^=-*CG=YOpdo9$>a6j5
zn3_NSV&XoQ&9EC49MRS|{_w0hj*a2NJLlz&qH~NX>4yf!^f3Znuj{~=9;h?ypv`aC
z)4}dH=<oBWe5T~&RG?ieO&c*uBB|9#9K?4YUo6xKCOjZpmo2(XZOu)s4i5oFF9$}e
z>x3ONH<}3wI$mNrlR1{>k{tui;7Yr3(sOI^yk0GHBJR9QytfxdokM#$34QiC>$H|Z
zE*ll$2aE|>f20oH&r_)>-SEB?TZb;`08ia1a0Sx~lj<1D)AEHEW|UT3=@c$8$Ug-o
zO79TrnhZUWV(iWw45m!I+k*~7tLwy}di!|NGP5%gM|rMqt2j!)Y2R;DPz$5yu%fw2
zqKr;cO4GiX#@*#4WS!$Gn=Z9=8;C_O#H1|l%F)4>+WfIl-x>pdQIFY0mRcP?o?^(#
zQ_I--robiUQzvU8^I=)!logJH9`eAGt09upF6A4IUOg@HGB<`7SWcCZ@>8vU%=0_L
zo8YE5!cNYtiNLS3`|$jM6em|ar8KQ~ij&Yg=2(6lpVUK-w-|rnr6wcYY7id<%M^Vv
zA8$##q&Ti4ZZxQ~=+&JzoFen#zPOL<%M4D3yOqsk^-+8qK#rBvu<{g+$@d8EDC0eh
zU5n%)Wr~)rl%_48B9YW`TII32+3XPHLLYO6vG8X=+!Yb>%0FXUf5QH@I@u-)%MNuu
zW8p&Q5-rGd1J9SrVwi#2?Qsd3!)EXZ0XqI72x5gc;WzXxCVsd?fynef7h?DGc#D^$
z%NLPp5`E!9%MHWGbTEISFpArh6#m$l3q|kXbYTp{j3^^p^rQAI?yr!8$x*fdwo@Pj
zBGvJJZ-SLJ>e|pGkvw&33J+cTyYtlkNq%iH4_yZ*XUpvdrDF{AD9<sBnaJ}+lW1`Q
zH*-lCLOINQ(Y@Jhn@_Ezu0&CMbeK0u4sLQ7xuWw$X--8;i^BbV^?s~$_o|^WB@WOS
zb-7QAfdC-1NuIL>yD<iDFEJ_*`PC{qvjb!N)QrWato4RUn+aQ=U^ih{y$Z(S(UXkP
zlO6a)@Ep(Ud^dqHeFWoHBT3O*zD9|wy;7RiV*+>lFr8&`JCXX2?4@qP0g|U~1l`+L
z%M%{=9A}Ka&_TGn@Jmwz2V(lbchbQn%IrnRl5WBdl#A4pcWTWnuf1H>YNC*}==l%?
z2>gXSb#J(j(TZMp(y(7)H~iQge(cYG3||PpTm!$Po@6ZC5iYNV%PUX92g6sJ&2+A1
zjBdG*F?G3K+yokK`-m7~)h8IE8!xm7lS7X%WAl{ex}ZVgk1M5VCm-W5YCl6|P;}r-
zK%;r;Uj6M8@R5x;E;sqqZC2E&hfW~%`qL+XNWI<J7WGC1UgT3x8<0_<fQ)F0Z0+G0
z8*QOQ9@#>R*2XnMi_Trp3@w_{CIT($+paaVXm=YsS`^cpqebJ-Np`eo#5qZzMPr(w
zMIYJGq9lP9Rm;H{JWu<DaRyq{*w%&?z1@bJi3AHW+G^q#CGErr#Kf<!P2A`S=l_fw
zZA^*8jkaH4$BlMefKWtH8a$M^wwseE8TlSL)K5m-Xi+zT8~rHTaHDvn!qv0h5YS3R
zbNzN!61Y*%wl>`8infI0X%mFU5-mKIi`v*=BM+vb(zj%hiUnidV>n+E+x{tR^y68{
z4jT<{`_-}QJVu{DFO1<O*kZ>@gidQCa&2TQ!`c$Nhqg@+u+b9PgpCU0c$#@}7r$Cd
z`?O`O>N0bG!q9en*mzL1dGRQh-awNUe;xiOa3hBeH|mX^@HzuGl97dWin`juje1H3
zZnP%W7?@bE0u|o%)%Dn2@ySMaNeJ_~PInc^(YZDza-`IWehJQKV?&No=yexxZRB&#
zDmgR&Ed&pm7<i<ouP0>5fadtoXh#Ho^mZhE^c~){_5nTY5CBrc;|L&KG9Ce>3uiK>
zluYxwF>=NOq@xv_G!Zz8mV=+;WZ?(Vt_dVI%L<l*@9=F-fi|L>-Vu){wEp;uB%=Do
zd=4raXjE6Ln8LM6Nkw5K7!|o+F+Gm4stvaK2XWT9vWi+uJ#ma-2?WfC*g)NIeWz9T
zrY_cgy@67=et?<vB(}$jnGCPD8S!KijFc2w7HdV3Nea%36YO}^F$g{Bf>^|xQuJAN
zyh=3jB)=)%&TffUrO*Q7{azMcl@%L_S3Pr%G5rOj-lxk~V;TcI!&}r>ZEGCN&AnQW
z94wBB)Uw>vn$+s>I+&t*MHD|a>e=cuY;_2Fe0QeBXbEj?;JDQrZpQT0wtNvgew9F*
z;v<Q1%fTmbb6T=P4t-G1nBJZl`6uPg=zAULyS`QWEKhW6gBho+%u_4Rk861ZuC<b9
z(+db|Ys5bNbzt7APJ`E)b4HlAfd;_!xd6Bt`4;#Ee5UC#S|aq-Xl~=uW6gr(ESvq}
zQ&-U*ZA3-#ideI}{!@|xZVi{PZuI2Sl7(jB@nHw)4K9vm4U21zW~I}`ZJVQ62XX7~
z8WYfp^Q(Su3O{I+A9j>@(P@|yYYYI(FN{zHug9GiS_1>Mn?nx%(?q@Yna>*@c?VYn
zRQ)u#)KR8+%a662x8-v1c3g4_h|LRrb%aOJ?n>e~SXPpv4X}VRdG0Le>WqzY=~Ece
z+~t92+po4qyi8FCB!Df%56QuU4%^9b`S{IHc^-KAM}R{0_XshB&SJ_m4=@Hr^R#A@
z$T#C6qKqus&3FPlmMp_#c_GdWHQ+IYMm2v7$WU<i{p2_!)W~$V{?H0J_)whb0{OKr
z&K@G(NV3Hn!%srIF&Ld6+(?|K_D?o<zdxFS0SE2@`3GOAd3mG=IFND5B=hSc^hk{3
zx$H^kG9yAb%$vf?gg)aI5bQ87DoBzXbi^5f$N@JmAAt>Hp{-g)OM9#vdOBt_@_sCj
zU;W+`2ub+SUKo?W>qcFq&)uS~s%Y#KJs2wp<rwo?eW+D;bQ?`~GN#8Hc5wquhU<Hb
zdO$c=r_hU>LizMZ8YA#bM(ZRi|IM!+qZF>EG?@5bLUa657$MW%gx?2Sbb}pJ_ZjOe
zJLTXA1JYc|A<ceuCZw6A2E6GC$B$tq7$@;iC<Sp%E#OTDnzMAd&f4z^?<s1)n+5Ns
z3-EcEH-)B1oJAN?S<pbbh+>C%Q}oB#dH4~`g#X*iW<i&vMJy2XWcGT!34Zk#B%afp
z;Sw|>sU>wx4o$?2zRK{#8wgo)o8iQi>jTXFoe^{}6DR%7KIt^G<sUaOHqV-tTFh8~
zHV>>b@G8Up(vleKD1{Q3X$Ct9;q{HFgE9T}Gj=>wIK=B6c86GBd)kI;RvRJY+VCB~
zwjbiHAvNYcTA((3AKb}<JAG>q3%TK_#P0zcXuXgZE(64Eq8^Y49TFw9SD-e?C(1%U
zdB%>P<*AjNl<>ob?DdUj?E7=8n@y$RHQ-a`!h;`LxQ&U!3eFcuf^(q43<c&!!xvXY
z;IOAp+38WV%saXwzIM1H;;~g7orKl|EaCf{EvO1_HQZdiy~q>FQ;#<vdRzu~!K0aW
zjnQY?{EhHb5X0?~?HhXeX&atpL`B7?8Ozfqi>N3@L`5%2X0QsXJ~xWvA1Ov1m60y6
zTSNW?y?v|Js1v1j#X8OXt~PMn8ha3Ut7OM*f8nU!`XgYkPjUqj+5zmNY`A(<jY3$j
zy~|P%6raB1RK)(u`A%D06#DX{=@(Tu6K!gBc;xlA0gA%apFd^h0k?F;W<)%H3p_vU
zl#$=%<gifE39-J>+|Rtu-hs{h%nl|Fm8aH)-8Y!QkAd@wW_V^1u9IZKL$^vTbV~p6
zq*xzVhTAn0AGws{tO-hK+NevNgg)?ibI&+*#?hK*oZ5n7eVidr+QwmJ6_hxT@JMnk
zHuP<0?e#Gq?t-}fm0p9cmf-$4hk^el82E4FF^>Np22D9^BK%uMVvZU&j9PkXIcg75
zO=)Y!#G1^2J^f!Nc>jg31Zowa_7kwbTwhQ_u(4JLCAY=A3kUOlr>9tx6*Y%K90~5N
zgEK9xpHiCEVHmC?Wr~%g;f+nq(9RnCrtTDU3A>y^`!+Q3A&C`hK-2ztoH05wieG%j
z3$CrB2swW<R3gUMp$=@_-aFVedUhR$92XvCjCK^V0(t9Nlezybg)TqW#C;OoSu2k6
zfuBDyf6l;^thM1XkYIi@SaO#EOQMhEH>U7v!p$squ#DBZ*J><)ayK;jt<j`@`WWL2
zapmxP2!6i<e&5A^haX>nAMb=8E01xCUV~o-!!KVS12W*Zg=Ul4wTw}3lVC$#t`Dw(
z*CIbGOlk2k#%vDd1;$$zjF}@~%ydO_4Ll_Ax0TYgYwqPR=2Vmy!kB*0$Z~Kc((yz5
zn|eE>y3Vd?K6R@Fh3LnR@_h-1k0PkK#a<sj`);4gtQ5FYO39JQiZ&yi7S%WL`Wf93
z$()*{s4MAh^-bpBox*=tXa@esm;9&4nDc?tOP_9N!b7)=7@#tSkW=!E_{xJ4@oBTi
zh?C?-$z#_D$nsOTqmD^Zv>v^#z;qIUT8>E0Qz7oc<SMxvuP&kR9JeeUOa59Yjw(~?
zn#`lhcEyOgoRMj6NZ!VVCR?i8g^~eT@^cHO=F{P4n`{+iPhbwz)IzG9Z9<36ZSYl#
z25RaEzI@WnxNR-9RLH^k?Twh`;d9OIqpPsFJuzf5N*-UpLu_7b*7eE(;OwCkzt*K=
z5|;|Ei=+<WHE20_D7PEJVcbgGl9svpZi&#owM`gYL;GT~J0x;OHlAzZ=Nep`Xkv%g
zIteN18z;{mmq>^vDW!@1MoL5}a?Vm58`*F3{AwkowM|Ul*<||5Dco^d12&?@tn-h`
zxHH$b?iIf6a&UtpjtjD%ewDy6cC`04^iGe8K<_S<BEs$0d1<2j;fU3}F_Z^zS-GkE
z>4>q6DJ3^~aqDna;1Wf<$*X8F7^QNUEr!?EwxfRw9lVfG9FN=n6PaB0sd?Z)Xj7oQ
zqD6rs@wTGm;9CwJuO}&?8n_#6-Hn!m|8Q`;FI@?(fx8atu7l5o3RkLDS}u+(g*!=n
zD7n=SjS(M8Y4t<*IwA@uY5ctW<{JVnyco6FR?hZ}O#ZiCzY%)9-tnisE{^8O!g{oG
z&NMN7jDaT(^JdXWXSfl}5+$><c%0YKONZf|j$Tpgn)ubdRDt&gn)x?09j*r$^=`M(
zWVkLcu4}0Wt{-f&@K3m&U_D=Vx{2vCnoPWt!u53P{q1nAS?{lg>(|V98(7F!174Vq
zv*;(MIV<^EzzhAIrQaMGZ*PO=N2mdBp<3Y0hj~N6V3JN0Z;sFc-a-xTX>bqY-(6O|
z9iEd|s0O_GY5~0J_h!-F;?+Ve;LX?IXU*@;(!Xwq$cM4==AN~6x`O9w#x)tR<30!m
z&zv*sQ5~b(Pc<>U@>~mh00Hz)n`YE-<uElPH?=zK0_8aO=gOf}I=!eQHMV_xfAXD8
z{8P5?fI^1l%WYpNYjFJ8r!0KgN(LQ<lTFb%k-sm83i);fkoOoh;2ohBcnd+^`G`RH
zvAe%N$t6EV3wTFp@PGynXz&2`{zd1kI&Xi{PT;TF8P5Js^1lS+-}pD>f2^rh`TwN_
zxax0M0P`cyMV!BBOj-0)O_Q0Tlz)~neZmEZM;LUVnL%Qjacq9rrVD?E4i)R~{IBxN
z0anSMPjPxrdtBrCZZ~*(X<y=hQ{9Rt%At3_VyBBPAcTH!rpcD<{XtKB?-~By6#Ng~
zVffA_Ik?~w+<`WNx0s-)QP|XKXlm%0CIeasmR*MprSpbTcN?pJOi`opfmP6u+CdxK
zF-I%%;I8B7&Y0if+%1uk`l#a0ik3*=MODIspVZBq#Ll9ABJg)HF8%duV=Vn$eig2Z
zbZaAyu2|Dml$p&gX>iD)FK~f3@!z{7JWI-_{;X)O8{jG<*DVLHOg2-;{N4n5*~unb
z>DCo;s63IFt0DVs-N(W;R}oTnPgJv`HqX~dQ4KsEcAf12^mlqN4(KoR$RRh1pocF`
z&_DS~^XLuN^E(YXmtQ5oeLDF>ld=9EnkO5o)QmtJM8awzZQ;T$gp`eovMKMMkvrI2
z*LrxTWS&D5(Ru{ikqug!+^pHvHAa4stDR_9>+de9i;{!iUqDDnog@cKF2I%d6FVfn
zTHKYd&@W3wx&1rVklQ_-P;UQ-6>@vbCbxnehTKkGVWMlpyl&d}c#|zZqEZfR`BMpo
zukLK?-!l2{im!dW$!9F5d!O5&JMVI&dyQMreQT0M_rHEM=-%Dg=<hkltp0BL`~Ce`
zXF|%_{au2K&Kmvw)UP;vAOBS%IocCRHv6FscB4IbC5{lKs1F@})C%9qx{D(ziY7bh
zfTK-jt>L5B8hn)F<9zp1S`U5-LB%LVe(ZpvrAfbHa!Cb0!ohWVdkZV{y9dYd4!EO6
z@#Ur*k@9yYju4u4+y;3B@9lwF^9eST_?~FbS`v?vgTGx2idK~1&nWW9!AU8gBh$P|
zspYBFeswGaRAapfIcfk;{PSrydGpj-`p9w1;N5s}gf~C3ji}R2bB|lB`aF^A^n)<%
zr5>xj9ixMeV>~tIs!JeTtPr&H?1?99R6VC?t~D2;{#+St=+E_+qW;823;jv5>Cdoj
zhW;!{GUTpQ+w`Z+-`1Zuz+R01yZUpLfxEgcxzI_pp>9P>+~6`ybS=&xJ-%@Xl7GKk
zkQ~}6hsNOgQ)28kyMdnni@`{Ck~x6=UN@a`q{%G$ga-QL1+5wAmi)wAK}cD*zit0&
z1V2;V^vR?4>2fscp{rLr?3SHQqg%%FVZGcbc<g8EmX%u#ZZ>un+|VzotZtbc|F^qk
zD6nzuUw8yBow4eWe!LaO^SfJH^#^uF6GC6EwlnDKitkP2?>(}$#Yn7ZhaHx`HPRor
z&rJv&RBa89cX48NCF666S8O$hV1hXWOCb6~D>K!jlqMd_mk6a*O|~PA|BY7O^~V-4
zM^lq?w4!Ta)+m{p;*w|gzK#&Be~MC?cyWOZR<N&!xIW&(`QOqi|4UrJ{}DU?nO!*l
z{JlrEwBY}}1kV4KNd5_ka?lZr|9h_H{PTvc*wVrudOe|qKlDc;`a`ETTmI1T%`N;P
z>0-+t`uGC$hpvn=2Af~lhbW<l>n@M*hrYw(91{PzSt34YQge0PY-nd`XImb90=+<Q
zvK_IoLJs|I)6+<2C<d&>BY)Q!I)k+yT_0?cEDbMBo1M$^1hW(^oo+hFW5z7}-p)wJ
z+;qav<A1dB$yh8u=Q<UKyDYsaiq`3cP22-fG*@s_bLEue;B3C7REfut{yQ;7`aJG<
ztR_Oh+bsbzha5`6G>gQHO{P8Lg1?Ll{)$ap@FG*g&)1?8=sSm+jI><8h4W=x!6(XP
z@XroKb4~dfC(0Gsa=RR_hj-hHUP69|0i!bPkY!ZL?Y;sB-1l8cNZG)@Fdl^`P*T6f
zI*I->uWq*+{$9!d{vH1Qj{kiC{{FNnazD=Bj^hfUC!_v?ntn$j);Ir`_8)}y*<T<<
zla9CAes~g(|IGKrN4P9)G1`91K&MAWgv~zWIL_ESI`p8x!JldOm#D*j`)(u7AChIE
z4y;wwL4Wxeo>J904p%@6olai&-d?4&fS(g{I$I)i^zR(gP4h$+yvKav1Hxa%)QVY`
zfXeRWuJp_tkxCq1)y2q5F?0*LDw`P9GKMa1iKhHn_uP3{;28mM+{&Z$Cr(84m-+jn
z^%!53lt=m0T7B~w1OGGb590B+miW|qb6o24Yt41pUvO5?(x$A3iKfWI?K0Tp&@dbj
zowDFXH5yO31945j3ahm=`S&KK7o8C22N~`3YT1sr9^0u~7uimFJ#Xi?-<p_yO}+3t
z5`SK2(Ru3$vkq6{ck8(Q(EHUhOYIb%-S2wcjmBzZgCvYq@|9?;2Eh+ttg4MDDK}Ij
zhx+i1-lglT7*BIuyv~>pvaS*dvsC)SGAzR`Y-U($!t;^{DZ9$v`7N!p&W_k{io_FZ
zE&g`agDNHNSu0rkjqgIF>-IJ=)Gqx)EK>9f){pV4j4s;S#Pk<L8Rrk+;-k}yWoxrv
zjUohy{1J=eZuhG@{aUBp4yUNyZ4Ut?IrJX(p-|}Idxfs+rSP)WDeM4Yx<(^e@OGzR
zYn#Urk{lX-g0ZUa{930O4kxKv?^BP8<P1gY=oLp0tq>)!(H|5UV`De-64*cT!zaev
zY?L$qWp|TR&fIs2*q(yLuzhL;9lfu~EN3nUOE2YvFK`(zB7XOAUPSyKdzzSj>v03$
z-b-ihX<}77|7Yqx;ne+@X;7DLr*4&}IdyA(w^0{*kTFI_{T>-~2S2z9?8uosbr;to
zn<3oPnpqEj)WxPqW>j)Mqw(@#P?n?iJQ-jX$rl_~w#M-`4|H>$I&1@HeGl$k&fIX5
zL}<TVHm>VCh?8tgt~dW??~|V{HgZa5JB*`|lI_QkxA5!#mJjpX0p#m{>%V!NiMX4L
z{+qnh#>w*?n)hF<ofAA>6USFX|J`>bd||s^J%jzX>HK^_=RNg5ArZe))L&ew!RBb?
z&L)<d%2#au#J>Dlqxt)76?UIA1c0kFEfmF4k`*3Bb9zNO^5)iL{1cb)LN4PE`fwR1
z(Dpm{ClWx$16#=W{XM3P6Xf9Gi;d}XfT=B>7TRJmtiN;wsm9uG-~ByZ_{o!}`cH9U
z$8uuNW*7=F`d6DmY)EWQY~60VLj2<#WAvrn%@m?M2|lyKP>AwBSBS*_DHLCQkRRn!
z{%aG{$DT&*;EM6tuT89_Lg>X+eD-(&UicJGvDEPd#_YvTl$LddK{l`Vu1)j0eI+rD
zJaroHb6-ic<90Q$S%{5mz&VeiWpl}j%z@k0u`4`6?wdWhpz{G=EPp*+r2Z-hD?7J0
zG2EPCrvAQ^Xzn`PfJp=u^o3n0XzMvS*!>b=+^<$jx;X;rt#CX0aKw7wUjD)P#s{lb
zaX)ASow>bLX$?FK0@_9&*xtnS3CB@d*^5D3KX7Sb0)MtOMp~Cv9!TqUwcsa1TBlk_
zD^DGJ4y82+v=pUvisxF4yD>sqzx>i%TCcQkA*}~?HkVdtQxjwK><;_OhJvo@2;bjj
zx-FI<)O8kG%^{Y{?Xm3nw6fQJjDW7GFg+)IS&em!1ATFq<uI)|&DdY9{DhZBOmP$c
z;`4p>a;NbV6qT!Dg*|>Pcj*3u{JzHTzt{Z!O~?5CNBR9=^ZOl-^817M{gEpS6vTns
zjp0@bzvZ*t`u?<;W>w2=i?-8lDJta99hj!|cP+*LW9`f1qbQocXLqv@jxa$8F3J&L
z#RLTsGzbqwi6%0OiHM?r3V4B{T>1nLF2U@A!x{{VsE8MWfXI!21VXrpa$f>LLCzUM
zxXGRE_tRB9Gd;5#$>Z<+C!g$0Pjz*5b#--h_qSgDpEfPNIc2TBuC@C8MTDpm^>fkM
zB(9u3W+|9hLisGK2A?_iH~(L@21@_7GWn{t?zWW4StW#INpeBbuQiOZhy&AdrN%lS
zlie};h)k1TF^x!lIxB~QaWFoa853-e$;rRFAdHVkfMCVostaQ@?>=pEd*A>!xs7XN
z+@2<f=)m0Z2S2$@Ys4(r8xsBdOnkn2=qy#Bq3%wpa%HN2s5?9*K99B`nu=K->W*e2
z&d-UX%Zlc=SXQ(@4)a5NzVgk108!sLi`IYIfdDD+Q_D7)K5n3x#U80#Il`KuiTz#Z
z@}tn@xwrIchEyjITlb{3vqvAXbauBJgs8b1&Zu0h9N7=!>goo5sgY|_$vL_xfqjXw
z?r4v^nTkzL2eF}tKxLZKmC7vo7BVY8reD+E!x`Q`{|K_3TSVWOQW&yq9LT%)z#o-F
zgqz<Z>vs#0l>Qa6>X$-REtC?XCYR~!#x%Ly5P{bI94Q(i3-S4sUMJL@wJmNTf|8?n
zQnFi0{23IV-x-wy=T-x84%#-!-${9FKRYTEyikEyj5$73Edx;UCxij6uGhl=YQhD0
z^cVN&w!d#ZXYjF;oc2^7@3Dtg!=sRU<H2Iuyr?||(8|394nfIJhSRqY-N^w5;!kzu
zStvcS2ujCaWPYNQnb7v4Lr~^xaUYh*$9pg4fmgk!;JZ%i9fHzeZ-A(epM(c@W3_9r
z+Fxn4uW;4QWYu25YGbk5|6u7Zv~)+VG^Dkc|5Q&P?cdiq1m(v)0is@2sxirq|DV>8
zhyJJr$urSB$=F+v{NPq3b87xivq^_PKnw?OfY3%=0HM8o!67KNM>L_OKSu@jO*IrM
zr?W{u!*0=-Uk+D;WY6Y2$@;e-`O;xn+ZZ=T<8zIP&a}#5X_!(38?1F<qGOXF=dojs
zWh3rMFb8|Zz1rgE^_|?}=Z{G1;-`Eszpj6yKAX(i0qkD~>kN?}!p<Bzg!7SYSAZ1k
zpuR@&&HyRcqNlrVbdrvzQ7qkc4K3aEzDO?Jb-41u9{!Z@X3@K+0l=Ja*{;<Ka5*7y
z`!$E4EboZN>MP*rf8yqApdev*FyE;-1jska6y#B=AiIu3$p!T5boR9j=lK(F;@7Lr
z!`G|NI|OC6@pT&g`rETXx?pmWes5Kcx#5+A|4ih#yBeN(^Mh2LDK5YPu>GY8SKx))
zRn+tLJ@1ahQ;N~M*(pWCDcCN0&)i1E+}#Slpe`%~$vk#dQ>3H>!z`+2Ak>@KmdY|F
z0c9zc(*lEV;S+yc<15U~Gd821wm&>=m%f1THUK7G=KK1)0;u6W?3vVa&@*Z09D)-5
zklr&*XwQuO8%ic!bqLC=`;nKrWz`tDU0d*b4flqgT9)l6xOP#)LK$G@A{?TV)BU&T
zxWW6WOxURCb|U1cm=j?d6+?GgM#ZD`gGNQe0#5GBPlT3xAc9Ne7_KzjX+CA(eJT=r
zz;L~hc*Z4;=T@Odax;T=Z+E1!=6Cb1s<%-j@@!SHH&Ml&xZ)6$(;cwmTGJ(Nqn(yR
zOyA;`-7~*{7CaQgPOUSyrjz2!3+=@~$LVX$>bo%O_Hy?-HK?CR<(pj=kJ@nqJZee)
zliP))`cTo5SFP@$Rcp^dXn*)6+WvTK|KsKG>=pWK4}115K8w7B{>o_(LWk21L8<Jb
z4~1|#6rMXp2&b8b^E9{RKd`Zf)1Q4X-=?wre;GEdkA=Ey3s%A%UFy>A$<xjf>N~od
zMepExY%JG+h?E{^!7vNg{euf>y=ksAU!Le4d{V2|##cL_4p(gqx10P_o@F<g@(=?I
z{1HJJc+8cwriPYJ4X#oqS@o|0W^7wSoxYdjP}a)=+OpWZ?5)a>oUv^8{gYOm*iUI6
zp|tgoF~*mJj>P<%vxgJ*Ymo;dte_ueDEKx_K2BfF*N#2up`rq>GIvLS%XFCRjud?-
z@gm^qWuR?4-E_#^#1%+4HtNJ}0gx3Nc$}E%tOoL{_R&Ih(>}z1znLZ<HP)W`i6QQU
zgeg{hHlR0JkGkrOR_6u&c^V+8{)8dR9Hvd$oLoxhzR+Xkhn<8d?`*f2r@DCdV)asx
z)pxC!teBXTEdecIquDr_f<H01{5!^<kp3rS`eZL$;?pdS!Tt(5)TPku_umWBlH^^m
zsMY-ylRt8Xi@ido#^bcSDQIXazuzd|r;-q*?>62_ZWnzYqAGo{1jIA3rCB_An*&;c
zK2uP_9DrcrIeLrj^s#%a@rVoCE%AsZH_cHHJs2}5n%~=R6>`#0@7#m;?3Xx9`V<$m
zXhnyv3zhPKfA$L?0-}0;!#s<Nt4FvEbvM(hL-<PGEnJ~gf8wCU`WV2YB|E8oa@}eh
zG7ngesV2*x)BcRB4$Fyow;s037g>hwD^%1khSvLwJ8n(zMJvIlsED5kP4KH7oLlr_
zK9xg%aEsv71I}HS!USPMxb7BxzscejJysLlqNHDI!c1wNt*nz(@dZMZ%1t3+|GsYE
zM>#wF4CAXsbG!-rW-hx4%ghe_Ob=znnL=3>+rtiA><ZEDCOd-!nd(n$O>5?k_UKcX
zb^<2nFx98Vx6r5Ge-A}GZ{e+opRA6uzVtgx_HUd8C#uOYkX6%T4nbMdL3g4CP$z0L
z#IKya7FMO!`8i@VKeaWvMKFU-sOpeyylYlun7KjGRa=|;w-F-Af6^(jLi6CbDN#KS
z2+D~w&Nu|+`@7MDxt|cC9L%-Y;Ab#*PQ#y|-IYxof+YVLpHCG<$_X;SH~=bwoJPX{
zqfjG$<A%YC;~`fEQFiXkWw<hPgJnfiD-4H0)vAB?61CV|U=*UF5DQKAr@Ld+Gx?fH
z2O|#Btip2$9m7b;!-F=7>jFgWkC~;pm2>NL{K{GV;R-82+f#cTYmb_8jeC4OTYK!f
ztUr!aj<d&+>hIU^s(XwQvjOGL0Ruk|sfe9}=R<Gxywf~me!h-<V4X4N1gR2sm^x?&
z<AJXI`ew7WpIU$|wffc%WSe|z>R7Aq+|Y|M@4tRF@BOPMu5-=2xmIgtx#<v>?(KCr
z#>r~?T1{355yxTpJZN{HJJ6EN%MP|=rgl@`BuzdJ?uoU7|G}8`+zzz~Sex3|Eamv@
z&~95w{C>lU<^+Abx}MvSZBVWJBUJmArP{S?`D(dFnogOpI*(Mh&R4L`D6BK!GS~U&
z+A2I$(?N#+)kD3qRfCyGm2avK@6qfZAQRnGTkNzvIIowWzr06`*FeDb8zXl{l6R>C
z_iM!IujD+fuq6MfUO51b&6?}LqtNQ@2iWWVtg7PQEOj5;h5J+goZo2t8skFHF%GeI
z@ERkORaV1<SR1K$)|gGP_X`d5L7BRif3;Qg{!)|2sU3L2f%p$|v^{u$H&`<VPDtma
z$%8nY+WtmXqj7O!Y+ZMfSU(K`A1>n|1f`KfP@Y?bXJHF!GVm%6<AHKpur`1Qf**wG
z2!b^+ml5FEjahBn{CTIQ4rQmjyjs6+>TU1PvFnt_RvTBP9@25@KKs=WWIqF#Zm>9_
zp|*ePrcK@TgG2DhL)~$bziqF-92~&KP<Kq4Os4|e$W0RK_jV(i!vZ{@QWoV9lwrTH
zlfSj`YV74y`CJk?B*|M9``Q2|2+pgmCkQSA*xMB@g!u-9-OQ*i%^iYrKP@eXxq;*6
zwL@U^Uehsp6`LUVGu(DTNcOLY)?s>Mk2(an^#R+@1_;mhb-7H1-Z$zZ{wv-w{d1p#
zWe$2S0+L#8+2=se+l3L7YdDi1u!+8dc=mqoY&>9^CjXH!)*WLLeO*8uqduCAhf(2B
zJ|K`O_17TM4We&t6uo;R@F@QF!4e+Dzx+KO#TV-*xjda=VoI)qd2SKps$(5NNJD%}
zI^_#mO2?d99Qbb>qTtJ^ZkO`)YV==SIuO3Uw>!=wZxg*ODP{Q?3_u!_f0{gW8^5i8
z*yZte3-`#WMJ^2r-AC9}hRj4~L%d<(QvSOFr)(GP{)Q1O2?W*n?WuAR!k{B0aOvuR
zhQu5rdK*S)C)8qVA;8I~cB%4qrPay+DR5_{%9j<_$^cO>BA%bp<<|g*4}2EUdmDX^
z12!W&#x4j>aq_eXsuD4%P_IODS9$dN;dqUj2cJXuq@!&GA^W_Y-G_<Ki{H=P$lGN>
z;}~X!>YWNd^XSi5o9Nx6A@x3aC!l|9za5ZzUyDJc-bjYj8_AG*qjiLga~3FG`0cOj
z=8<?Kb;OJ#0zz|89Z9bb&>Y5<sPth*R;jl*fZn%5rHJY#D0NmD_QM~>3ySC|h&E9X
zowV~vUk7!3j6amumIp|Itl{|<D}Cv2uaQqmS{@+kIHKcIbfUi_3_RZ$)9*csi~hb-
z!`rwFIxeT9ibpGD%NT$Z;EjN5^g4$F0QkGC=$>T(Vw8F+0Qnw>h2BrW^lJ0;_Q1^K
zMN-jf6U5QbOuJIBioZ0P6JVKDMc+MTgs5#RbsUWIO1EVJJ#VEU=0b+2Sd^1R#r(J3
z0*J``3oSpY_KGSh+!Nutiw9NAnMtXg()1dYzymwrBN+;4(mKSqtP43UPgvyg$x<{W
z(I}VR?l|>y1)q<T!C5}ff7E{|3bPY{V(Ahsn9Sdg;rT~|wmFp7({@AqjD|mA;7D-a
z6=?<I3v(9p+KC_4Gw?6v%e1S`DUbZ3>$z_@90~#a$W(vSf?2vvSMSzv=}i5@hQS_M
z(K*vF*i{}>9*2!FW_aLHgTv|N+WqdR*jYGrsJW$deU~r|?)f=809!R|l0V_@S^7zy
z7~N(phe^~~a2TM{!+v+Le1#Vv!~9(Zzd11J-xTmO!rV5=?;QV?L%@l~>j=|sW(-+o
z95md;_YBGTw7no?I~;<bu4DR_>QAsCf1iA%@fR`qD=U9C(TAxd_9#6T2Z;I<(eIxm
z>^tBP*zoSA{VrIn=@ollj`zd1&U6R{UR`Fw+z1EjYkw!@%Hjag<PP#S`Xxc@$29q5
z=%WBUh_vOHHjgO%J4}ZXcL>!Z552DCPAkVfozF2nh*B4~&2U0idi{(uWDJZ2D&6f4
z{dB-~b_n(OQg%E*D<^t~gt0RM&p|@56fH?wi<u5flC)FGpFiR4@3W9r6F`zv<<rXG
z<pBbHu6|Ui<L@cCKL<#`GR-cZKrR<*Toz12yhy+pJx#S&F`FWWLvpNyzdz-X3-qCg
zBQw4*r;vVq)-+H)DmTujb^19#)TGK#<JxS`^5YA0Z0#7Wl=vdGqn>{!g@eL1=JI;9
z@CCadsQ0t;aGJQee(Ai7?-wm<Jw?MuI;v@ZN_>8ryd`IzJ_gp55u)TT<{Z_vVWBJ<
z-Xkmm*0uIP6V$iMxV-RI->t<$lkWx=_x2)v{wPN7%YS0rtGPvlWJ&(SUi%>8R<;e6
zp5@ydg7Ro{BZ-f*f*}r)oOHb@QN?=x@Ud<eczBn~2}#2vF*SK#bAv+<FVXtDEDCVh
zGB=Cf9uQs{^AF*rX%(jYP4W93)YG21*AXfo)?5dlS6qUfS?AlIJ6K-vpX+P*yU-9!
zg|&T202`+!7V&w>P_FXNOs*_TgZEtr*o7P(1^4C+4KG#e_pR-CeC3<8`&O55^WRaE
za&TR*W|dg*d+F4iGd-Bz$6Vf}mzThbP3?2tz+Kf4e+#Kv7t=5L-^A^g?Qlq(_QxBG
z1E#E3F46ZjY?>GA`be8Y$sA~>ReY(~(8K55F_>1+#w<a!7Au3eW&r|ncKr;r>#lGR
zzb1QS*a8+QgAe2PgFsL=R1%YlxqMj*c7vY2v;`==yu~3X-!$PtZdcnv45Ar2)18Y6
z$;#PCCGOPlVu||L4GpjN=pL$9i4X7A^eVvX)k`+itF3f(=ery4k2m{_>Q$MPnb2Eg
z6HO6RhI%z(QGg&r`G$?545^C@oM_;3md2%F@umO@XED{113_<%zM*DqU=bnM2jkf2
zMl8+;0w|uCG`SdkCCTqx{wc`ss~QeLV^ujfk9|hzLVrM=Y4R4;QN%#OsIuhzs2Pto
z*sX&;HQ=o2{F*|ko@G?C=7nfJHEQbOn}jIKenyRb3UFMvst2wRqRfJaTh$o>@MVU5
z>JZdtAg|mRbq-`&Vh1=v46nXaxlu4wYKHUikTFg$e&mrW4SdkPl7D=(^2m?uUUUbz
zJwGPKBX3vQ{b+<ip2g>JN@H4*;e#gB;PF8R&Zm~bzz6M9gD%E>ELs%53!_C}eqzdM
zH02X5TJ%DU5k7f0T6Y(oh_m2>N|*!t*D!_;8Z*bh2OV3ZYJAY8^Lc#G(RK|VG#c?i
zJ1Gy%HCpyx9VRu|9j@Fp7yWV_BD4Y_LM4O<t)aa(L4dvxrG=9ooo9Iuaki0Bx_AtT
zP><Z5N+o@oL-5EW;v|3D(%+4^l1J_nohEmWVfi<b#QJ?YK{V`M457_+I0VJ@0|u3(
zC_ShYNFs+Nd8@K$9t$cBjnXbic5nznMwcjY@;4en=-9~M^*{JOKLm(+AYjQ8nh!n;
z4#u3{Zxe(y!)?L%pDFSCxpn_v<^(>X-2@QY2_Zn!>No^>6P!@Tr1U3iIt1l87Y70w
zo!%Ih`R0_*!SR41!2|+I1ank^@R@sp05-3h6Zc#b5UVphBv$7c!Gy+n7STBSn$bAL
z=7MryE)U7LRrD^bZ_1|1cKr*{i(7dcC(<>q+5|!UDFFBB*%^MN)oiv0p*n~upAO<`
zhRtTUnl}wx%`4vrh<YQS=YcrM{iZ9Az4W);$P1K9f7^^W#8UcO)PA2(zN5eEX}<yY
z67oIB$t)Kw+UWPbXJ_I3>F!ScWR{8+MuvL6(u{ivd2BH|YHxS6@*w*ZGT5RE+S?ti
z=2mik#UJ{T8fvS<K7qwF)bTx!&uPZV9PpzRC-Ze3C-Yc2A?i&7my;+<zY7p`V}*G<
zq{QbUK!xUq7qPs!`8glZ!SNbDIMlNh`ubP@e!uzqTz-6gL`e(@F}@&k)JtF<r&s8R
zmU4xTXbBlK<YY{sp}EaerWd|N0YMfGe=;V~h|_)OXf?UQoIm6rsm;0-wSL4Zul-cR
zHC&29e)~3O25s)^Hg5H#<wpwso_(D2UC>a`KmLP{OF>*Cpu921h-(zEy+FPra0|vD
zf1R>4)YOR+0wMDuvu$)P4wBEum*|kjk$kc&#P_fd&$nx%sa?b9hx5ufJcs{A0=iOW
z)IHQpx@Q|ONY@ZwvW1@oeaE<*;^cFW34;F-my{WGwl-((CBL(DihiSVa298VOnYkB
z^7qRO|J1p0iWyHZE0W;}_K5^M!SAOqJi&4i@tw9(N3-eLH5yXJl^9ws@%uFnjF}%#
zpn6@?Ci$JtDGtHYxqG<ieJQ~NCwTE&{`AyV(bp<6crfXGnDaveUWj9<5I0qr^LIFp
zZUMe-)A>5p2KXvn&G>qzz0TJ#S>tQReHz?bzi*9rP@6{oz)cFT4h0PaVa<5TP<(|c
z|FP4v1@Qn^Yg;WvvA|D1jh{&xKQE67S04K&peKw~X~(}jrY`z0@!#;qZIkE~AK=ne
zMPi{@-*BEvq?Qw^`+sofB^P#HaLWapw_zV@?f<zecg8wg>HUrQ6ov0-6Cub*>SD+l
z(2(z!2~-Si$`LPSOt|vScgEgbHh`mziBw+tjt?CFggV|7?!q?hxJv80`~;9y(^X7X
zbvvP~u&Wk-Z3wIGf7pgqs{9%s!s-?+`JKMWT07Gd^>$Ku4gH#j)7~ulTunpuI4IwN
zhJvtWGHu)A{J0si33z_%7mep|)VF@WFrGhYtLt0kB#jSyyrysJEJNSQZmX`oHH#92
zHB%@v8%xdlc61}~vuUNqPXP68!AizYyL%1&*ZE27pzA-!&l^$I<!3(SXDaBwg&z;{
z(^BVW%3Z)uEsdWZ20wrLG=7HY{N#OQ@bgu*`6;CQWKn*;FER7;YcBBf!3vF^oo?V~
z$O^{K?t658(sX_b+G_lC=J=^4R+pa+jRaxMCzPN17Jg!ppHs^<ep;e@@|H7x8X5eo
z_iFrHkJI>BFw@|tYqjO`4&`S$<%eD7*7^Ao?#(uRSm)=N*1%7!#?OOobbi|E{EX6J
zN*i<h#70z?pLLX<8I+%^MP`0#AwRR1Y5a^ve&l70pJxqzzRuA2Ij{30e`)Y@v|e@j
zvE42RYrdfTylCO)y&T}juJaSu68KS<GJYn;==?<J{48jr@l*PR!Ow+S)#c|=%Fj&7
z&%T>xe$@5A&r3@+eqL(@{CG5eo;3Iw_kqUG=2(rNAsj!&)#k@f`I$xeNiy>@CR~|3
zlY@9g49jF>a@Z1$$-mH9=)Ht7`Ij*%ADO5zIlR4gnQP1E29qx|sG7;b9OB}qqWP4=
zZ*OpZ)|hbR{FlajB)i#swEs&U!*U<hu`X?YndlJ2>A9(0+GfCio5DAVzQZ-(-8A~d
zn+E}l%gU!;;7)`$P7r*#qnb*7=g5i75yMq#{pN7O;@OF?eRSVC5J>7`O(0|M1A*MP
zSn~=J_?d3Y3}dFdqoZY}3+HCKuO?{1Yx4k?7A;cwU`Bu#PQhl;SLb$4Q0AF#a$`YQ
zvzUtRmFqeV^Tcf6c(lPW>e-7L$D8ibyD&=UqL!{_wi!kjK3VN?_%gNQA5m70UW0hQ
zvve)$`yze(wLpDe#P~SaTIVD4eT|P1x;=RBGlP%X)wWN2slI<h`RH}cJpP6tKbwBm
z_^F7-`SxeVPnp}8|Ho_mTyCw;|I-bAI@PQ$KT$40So0ms|5q*Z|F1aT>ipz1#ram_
zr=?*JhUxswy+@z_Ieyge>hkj}<!3g`|5vT{;GG$UJ-8iEex3ItlfxEjOn!ei+Jl9R
z$r!_F+A&UJa?QP(Jy`jv!DRi&f3gP)P4-|e<?!Px5d3{@oQ|GaC}k#iuGnFyL`(io
z%JgYkM0vmI-h#gBGZs;QUj*!d+N)q(j~Pb?y@Mssl>7;=kFz4))eyZ0v8&pxfu+F%
zKWR&Yn<#~5KQSph$6TWnU!mw73~|_q7EpuD=8=Ds{LY1AHQ`Karzhv89{eYtSUmVT
zk<4*N!5D3N>kdI!v%%D+VQ{0S>7&0uo92ym2ubVl0(rvBvDiRsn|${Ygth7Sae%1J
z2@p860MbA$ztSP7=U^|p=~4RsG5miK{eO3WkWlN>oI_N|BTNj9EkHZukuRoLgKH;v
zr`fW$UvVi!ykS2d2e1SPIGt8sy=3f9ou0<x>mzSrx~d2=+zIzw+wT0uA*A{fB9=M?
zk3Yq9vz{)qrOd?Hg?2%S%ES=xhj;0SqL(#9(FN0ZMA5FX9HMAD4V)kL&r@^e+!4HJ
zTeHcgg|$pa?eDlih`1_OeF%<*M|?V3*E01pJRqaIpBW$pKPCBn8b)N%Wey|q*Cme7
z7?FD~a~P3bGBxbDUjbyb>C7ddV~>p1F(NyS4uKKrzsxWqpIzb*3U;T-fqz0L+={pb
z9EO`m9(qVaC)|ZNZX+9jz~e941!az(LovvX)f2BW6oZ5;9>pNFoqlw6eQoVH-v_k?
zOH`e=k7`4ekTf|^74)EmRR%ryczxjT;{rPimsC#S*sO@Pf-Ow_m}j$ZTXvA*4g|Km
zQi#BoYy1JCo-Wkm$n*UHQgHl#X6{X7?%D;7xfgimz6@gS>Qo*E?`1-WGIgps`r|F3
z%YFG6?Dy^0uCiFo!wk*!G^D%!!oQGi%x&2JdIP?dxdz0>SQ`*$YQXFOA<C{yO9LiX
zrvcI0+-)?V;@_ypd2GN)RcpXsA94-&;cjaKMr860_`8x2rLMIBjS}G8KQ_Q*X$}6j
zYil)w|E~Xr|C*>lOBId(W<3Ar@3Qj0<RhN{7L@<gk1YJ3jK4MiiP~D6n_rZF!G9J4
zdtEuN@jqZP$A6*Q%Kv3Q&;N@RgeV{RE&Shq|E>8Sr1@GLpuqWm!GF&P;6G01|C>o1
z|Bj#m(B8!V_vM5rJEvIqUlLc10Z><4TpJB2Kld*hup3Whk2t3_;7=ddfN?<sVE7ci
z0Vm4{QR-M5V88Fy9T2Mp-wgh{{2TtKq5>^BtMT8I=l`viR{j^uJpa*@|Hott|5@#B
z&3};=tTy-`bM{~Ge+kp{Up}Mp-`~see<WxCT>6mb|AkUQ6#s`7{?EkSn*V%lF=p_e
zedb^AzYX=Lz0UvF865vl2Jzp{#Q%3CgebpHw($Q#d^HBZaBWp<G@$JCzi5CD6=?Wr
ztpUeB;2Kafr~$(!^9?vrOo&q3+5q9+TX(<;E!xWgYW^SiUwlgAzX{KO-Bwoq7fs^%
zZ%+B|G0DPz`|4Pr5-mJzG~m5c|DpkN5Du&GZ><5(P2?KzQ*&zrF8cTe3@9Q*k$sj1
z{BUnI8t{P@zcm`L=5HPN84)0r-4g>OCB6_Za|dt#P56r?f~Jhm))-gsy-6RJ^ZqqE
z?;CVb_z~;T;NS5?a0Cvl!zVSdBv0VP@@p#t_=cSWKIr8=*Mn~6x!whsm$4?l+PrL8
z_b0ARPEQDsf_;*FLODwR+x35J0PEK%y#X2Ta}CIC8PtFVd;@$BQSWwXhNWZAwuO%M
z$R~`Bh4tdEE`9|&*VL=0PT(Q9Xbxs^@lZGe_xTCCkOKMAl`|9cE3Et34NJC-9cnQ;
z^#oP*QiOBffJeiP<De#4rOCYy82G0if08D!`AlFYMB+lx`y0*)`G46pY_L??|Kr)6
zU>*1LX=8TVlZ3#hdp=+?)XIt8hOL+;wDM%c+S23s<c=miSedWqIuBP4Yqb^RrOJC!
z;tQ26;{zo09{3oz+Z{++L&X3Qu=xEs80&DptzV1;WdUhevGF*w@EE|r0>~l?;qafj
z{*U9-XI;?5erO`EJ>9PnqP#WHqCIQc+}bXWXvnr-jrPs{QwLSPtR!X_VY6+QO{XPt
z4U#$E-604NC*b_EqhJ&a<nQ?XzcMMk`$LeFl1-So`XF1X>kJ%v8-bY-mLAvr|FN8u
zUTwh-vcus2OyI4=T`iezGyy9SZC!omtKS|)<FIXPfD{~)=(sD2&sSEDH7kSq&QZ_-
z-e9E3$sy3|Et3F4ufK?a1SOxTyz<N#4&XPug|)ZOzt02wHfo_Y11_ya>oV7yapVX#
zgN&ig(9zqkjM1BceYEt56`Uq*q6M7hA|$8(pO+W?^Le~7o&2Q<7V??ZARoec3moI|
zqz(F0t@PVggMJ9-{F^H1x3kjUb?Mghducmy2K@)CpuhWl3;ki2Xixs{tD`@UhLrzs
zEB%P-&<_zm85f#<JuCf1g}0VZh{Z*-qr7}BrOL(1it!fG3olaEF9flkvy9*FgEKz{
z;jKqP^8JjJ_|1#ekV^=sd{AimMdK{=KdTP?5Mdu@X!<j(^b;=LTJ9mD8bAIKS}!|V
z=^rYn2LB;k&Xhkw@_%@&h5o35Tk{`cO>ypUX#U@}(vPYJ{SZ;BNmbBqWTpShg=)wr
z#G2x+!y#}U!<AKIEc8Xd3_F6JA@UE7VMJqI_vf2v=N%#>%S?BGmF{ZD_VGV@oFfkz
z=NUB*jdSHnNAs?nR#P9iXK@UxNdu>g)-#FUTe5gw;Q;J=S&11%3ARmo$swqxg7Ds_
zjJC8XR=ss!hwy`D9wcP2MPBW!v=<cz%L@RR&NSrZ1&6>q2l4*d#F=of=ckVinC~Ay
zb_mKwMca(QOE=!g8q|TitX@0}ph_*ig72131z&!}REMBURRTIrcP@YvoKRN*T2$io
zFQIfYmQJCiU*Jktgkk9zgb+_e+B2~9=d^SOuJi>)`wjpWOC;EWcd_()v~(C(I$*=n
z&mXJ8Va(5wsl0tAdH=SjO84^a;2CsQ$kL!f?^Clm$5eXw9>i%znS7TCe1D(m5R}yO
z8sF(1DbG8ORmnwzV0+o9YM%QB8$V??aFK^x9Qz2k$p6S8DBI2%())%<Z#<$yzl^1y
zN1pprp1<Hq=QyzRl|xm^;{cV%JQF7akdvBU0PRSmU7ynK%F!NcN7`YB5T_bT--diQ
zpnTWkO4neVtoo};nd}ZWcn5a@?WRckM?cV>=XVIo^0Ru+bf9!E{RJiKV9A|Wau+T6
z;aPJZPCr^D2Sv9BO{q`rs<QOg!83rn>e54l-K3(O!1KV*f#-1KxfbR5;F;haABsr>
zdSU4vSo$$q`bVzxU94CBI#lK8y1TI;tog~r$x!6PiM0Qk0<=#|aR^F}GiEstN4;x+
zCFfwtxwK^T8MB-(9;#9n$-%DCh2N_zEeFr!>#8ojGuU68`g@hyzl6$Ssj2h}RnzVg
zyp-usb?H-$f*kL#s!J~mUdJ5%t;*8%gJ-1qp-bm@8wB~e<Ekc18U`(QdIHpEV(xT@
zpcMQ8ovh9;MGBF@>UAF#=|VcCHNp><&<~fh4_6@m{Q>&y8}=*@pY5T~rm$xsf=Fk4
z>JXH-*)tzL6KT1Z*t2qc)_^{HoIR^w5$fW`nGiQh?xd}qNO}DYN5E!UUkygbiKy}I
zDeY^A@mXg$&yaWzefAf7R$KzlR?}~PW6wrZ81z=LXG4(Q2>NU`d)Bz3%5nM`Wo{B>
zZr2X@a2woJjT$it2HnU>4nbLXQXl%hM{9;UQ(u^K(iP<FjYWbtKXC|(i*fRF86j!@
z?ugSLcbNWoN5|>M%YjGgb7ug<mGQ&Pr`^4KA*<ITJlcEU1R)-O9|U0PaR{kO3~~{v
zF0HR$Fz@XSS7L_qmn%1m-UW9Gf=7PJ1q6Y#TIU4EYuM3HyuNAXb^kC6uOHqS#A}0-
z9IxXKgyPj>=5_2a3$LFw3F37;Pc?jhD5^cpR9joAe&0BVs&bN(z=e>#HA6H>VDC_i
z1TNhXEP=Be)w%~lQC)AQI@(J0ZdVZ1b(rzsed@;kbO5#OGXVHZEYAX!{y76wdQpZ$
zP>%d*sPsxlXqEoR6|~G)u$2?@)!m`QOhl8IH@smH^9Wavm^b~+QN3qpD60MInWzr2
zQtfej5Y>B65du+Bb<r_v8Z32~1+>3CEY@+cXfh9t`ICrnyw<rxyFchpoCxlBRLc)Q
zvaLRF2+H{5X34VSdxbgO`GZ}SvwOX^a4IqFw@@naRzz_2j+b5!%HFY6^!~RIRgRRP
z)C&G%pbfrEEqh1CK4Z0`MqKAQ;m2K}I$=kIsT0l&v2;Rtqu>#Aiffp#Csf0}i!kZ>
z)FBpKKNJ-_g3fSMr|b$vHL9+OY9}kzmbV8{tvJO=z#GysJyq8vfm5$pB=B0W8V=$u
z)8hw2QJrk2`jM6Dk*FZ5_5P&#dP1FckfZL~OMeUm>aY(A)X&u6fcL_cc2??9jAyI5
ztUC?rvWhM;`t3o3Qi_xCld%4X>M{Y;zUu^spiDk$sD1yiPzI$aXSRMB>&1=8{w9F;
z+^=nuF@NzcTJD3;0f@<42vKUkX1Rf=oP*QBJ$eB{_ie$TezXo|`raUYt1TDtQ!(Zc
zV$)<>F0z(*kkhd)2T-z9#|+5|wN3ZZ4i2{H*b}#*j#(w!3MKmrT~-jxc%!~m7VPWg
zJVd>`pS81}`D&Y7Tz}D(z&7^br{!8`#T>=GrC+9Y-K>9U+CI4Tmv-YzQv~zYU+&lh
zEvQdh5XM@tqf(0^L);kLXbk1(NX_BKy>8CG+N1^ej4)@_-<jA*GCtKKyw&`)#wNY(
zrs(9Y+rD$7{-tR@;?`e&vQcMO-w3ECyL~nSkO@D$+H3xJh~X8pk<<E@_R$|bnPs&x
zt^XpN!|slTiz*moJovI6WW*~gfD`~D!N*1dj214RCpRem^LN$jiTs>7y6Kq2#^>U#
zph@$<PmfwU8b<!I(GEeWIB2ZYUuEn1*LUi&H|=HJTK0`{b=m8i4b_x={s#S1J<eRs
zPruus^J|K+-<sdSMy2|uR5dHT$Eeh_A$RLaujYhYspbsOFC~r0<|eA{n?p^5$DQ0|
zh)A5RCcLQMjpni>yigCPEbcIbaTG!=J^`AM>2(OocRSF=T&^TUIq;%od%i~at+(ex
zY#lms2vH`zXibmfeKMT#{y%Pqty*sqokj0o&;>Yky%y$%jR0`WL-(t>Yo1xJZBxL`
zguX^KBVXwCpTY0d=JYdvA4Ktgf0H)-@s7ptFs{F%+4^Uo?veI3(m%DV!{GeGf)n|w
z!%r}U-DB)L=ndm9y_lNy{yI*d@^*yMr$r8KdXAO=gg$N{>QkhF3ba}DK3_Yu3$*YA
zA<EYSEn3qY_5}X7ji0^QgeXr94BCaE?z#g`82vB1Fdt;=x^PA_j8%^DeD$epeO#M1
zS#CY98)s|FB3KE5CI*jlrmSkgT1;OMtqd8!{4HZ}9EX@`wN_X^tR+NgJ%AVcHqm>;
z9()q3s(qdpffIr{Irdqmlj>7fxW|L^#|N*&W3)JrKg%qR`q5QZT3>H<c-EBjVc0c}
zTqB*FdXsxh`e~2v<ttb8$Mr99mGA4PRX&5~X|4Xa^CgbR4?2-|c_JU_rJXmp$D{Pe
z-|?jf=#N`m;~sa{AHQ^+t1?cn(!-Z-te2k2)3)o6FI;9sbjyCOFK^jZN10v=8>(CT
z@<UbaP@z*`wq{OW-qxsZmYWMOuVj2*-YdbPiI5`2d1neZ4Pk5SfF0MnpPut%KctyS
zb%+1cFoZ#ypC<27udN1pzb6B|m8<PS8awbq=~ndR7aztz!n6tMFZl6P{P>;KcEKZ`
zz$`4A`sz6tOeX}5QI9;RZz7EzNaH>W17kQc{OTuo_a3uHs4bCP`6EE?%qlavd#fN9
ze29dRJFp7K{fy*3vyl6<PiS(%XCoLnFOutz<Q}z<o7$%enFSxwVZyr~=|v#DqF>DP
z9;|}BV84K|clH+`m-8_0qy575=e1`-(=tuWJgqO0)>}yHIgK?2&<6Z{LutwvxPzpc
z$DunKcwjCKX|+aLqNSOAo~c4?!6!(V*eX{7y~9aBZ^KG6y_!|g3qHxj=q*BelaSsB
z3%%7(S3xiMgbt(EAL(^Odd)5LUVS=rR|KCpVO>!V$(`?pdBj(k$+@Z^7kqGzk=w8W
z^WP!4i57Bsy+e}=KIX^BjYM)DB-g=0Zgdsof{)!XaxIWt*+W3?^l~$~d#WH8e1e0K
z+rJ#hEkttDE#!_rRYlhZAMRpZ`vKB>4(TOZ=zUZbz2L(>j9v$%R|o0cSjG+6hpHm>
zYfyBY5j(pKu1mLm2w+OpJXrM?b5Sk>s)0KOx{MH7r%^~pE;2^29}9uhSvkBbuk&H?
z6Q5nC)oqHg0Z@wJF`0KyTQ4*C&E-ETFfC%to4;3=23G{YUuGL*e2}{|G-vPd;9Zup
z8y_vLg0l{$kIctI`c(B%Gah!wvKiY_`^fagfFR$Q%WJfxifZPYsxfb{XIJ&nv!;_?
z=DqMqRekiRsZ-4>)?Q0Oi#y6xk@-+Y(<;6xG_}Zlltf(|`kR+c-<S_2{8Gg?ep7qQ
zhdL%Mu0jZVO&^(e`coGpmhTx{Wc?$ULiA#7s2LR?PK|j1ZG3TQQ57t$Gij&!D9f*l
z2+2z7Gg!Qw%W_Of@=YzxRI2~&NHLZ!o??^T(ezIoUG4hD0*Y>+hUj}MOc1V%BOZ^r
zE{=G#({*vg09UI2ZI|R9A1%hF(r=!}uj3?t_i)KSf4(3H6VD2QU=zK^AhA*RNC^M}
z_fWn7LvRr!h{;Wl6F(g75Co;N7os(0RFYB6l#ic4Oa<T9PTG*Igb-3t6VFQ)O8&9#
zXaKVIe@ClIns^558tvrkdPA@4O;*>v;)m^MUDJ92_^~IWf{eOTX{FT_S3?jy+qXbn
zVOc5hXJ|z+SkZi}h&Aet8hk}<^ortGMfZsxp0x{t5(5=&_0UGORMz%n7437<im*|2
zI6QR8KPFN_RL!yOPMFBBy)FG|$v-A;up|!OI@lu)KbR{2H*&BzbW^JQMvPeh5f|>m
zw6~?FN&YdNB>Aa0Ku4iZ?n#x$bc)ZFGPXz@NUfItqoG^b{utsq7tG31vL6eOg54ax
zY(uv)PkTQn%Ri!tzq?D?c($2TYpeQhKsz7nAK`*DGs*r}UFvTJ4rj9eRr-Nv<C$ij
zT3ghm0k)r+Oh34daOFl|xwFkYwYI7yS~<|Y$wf9n@W_Xx%&53EcA>}1VapkIu^{;$
z1qkO(l0T&rBwLgGDRG!-!=Dm^u)+S6XvmWTIlWR`m}snnhjo9zDNa5mKxU*%t4-8l
z-}O-!`!-S`62fKs6Lt-EK<XX;GcG0eaXtf+gQ`!)MVsVL_<}1G#tH#&x%UgFUg)_I
zMxhgFSSSVx-D?yY%oSS83dKR82W@(xUxyimK4XPCL7}h1uuz)sjQH^jVS<o~S(e7S
zU20E;Z|ip+?Fb%8%b#$Cy1Yk#sPF0cwSMQX_}<Rme?s4H<=%gZ?@ukj_ixen^$fh<
z%Svu{O?=NFtH}5>F6CS*hxO>26~H{6fXk9`F<kOHn*!~q^DFGMiras-3rWwUW=1q!
zX=izBrOb%;SJ)XY{U479NZ*{J;ezn2lo@e$sa;r`0%a0stgs78$@&0ULx-KJRuIB!
z$WCzRq!Lywv<t6?rDjH~g9;<uNLtE_8nnVL#OErb9uJU#IcviOA*pY{SCYTm3n1uJ
zFmn?oXrTIC!&tHg_|*>HMtqsz5F~%Ma7nJ~mOAek)tk1nXu?7?DotsxBRVCuDzgN%
zD(P=ii_%N{Fg*;DB^>~fZDl~fze7ahyi(acK-3)kA!R14USb!N&R-iK?+f6-Qn&De
zk9AyO_<jldem(tuHiuW6<R9v8lH{k_jbomDFushCg3Q5L^u4R#Le9Q$K~O&i@E#_M
z*$%TTK4FO~5LV3#ZzD4AH_M`@E{D%R4k=6wpJ`$kLB-HR{O~IW>eSB1*eHgaQgLN?
zV!Y_l08v}v4=FQY>0-N}beLs;y4BOfki|Z9u@BeN59@I4Pw@|GlH^a(3>Yh}mJ(7h
z1M*?`2e}H=oc*-<S(Sw39H9SAs^kPQ#BLTuKRXHna~M8`piSQU%z}8D^^Y!(jSec0
z?p4X-S36=>uj|3)n)Wu)H>DJ!RLc3308z)`4=FR@`$cv^Y4w$nNAa~%CXQ)Y_~Co(
z!^QN&p*&t^iho3tB*Rc+@g7VZ$?)D)ph}s&-I1yC)l~U%YNj)ODU4cMCx@VPT>!vE
z^5}9xa<))eJ!_1?2RhJE9<gc(l#icp7hZR!W=1@))EMPaXO?KA{A!N?={F!JmlBCG
zh+K<z2&tJ7cC7T`JiG9^L$?vn0qLl3bs|6a2#}<HIV<T%epcOGu9I0957zAGd3H)|
z<r2H_x?LyJ5Xtn_$qb@op37MrE(p)59~x8!A(g>MWjLi`)2ZxU3{-B@sWk5qApLXZ
zQ(m4|A1)_E$?VRYg)2pvKNabnUWhif9_^n)JpQEeoc6`17<W7!hntn`i{r@wqP|;f
z;8xwEl`q2@R$%#wto+Zk{0V%u24C6c;HzoL0S$-zNlc=ljDI9R)D$c|1xp|J0ZYFO
zrD61B72#lef|ky}($8b*xvX>ol%~41vj|nO6)n7>h#Oa%E#qnh41x28jhPJv!rY$D
zDdD4fdHgBi`e=#?GptMc%P^8s;|u9nsxN-{sU2<0$nMO<0@t4~6EXAQ08xFqZR!1!
zT~H2xuGyARU#LoekR<;wFdNKh7Gx*+hq(%V(Rp8OGxI(V!mEVxz7ZaP>khmpg^%jz
z@h2I)(`I@6Nyz&fz<ci$WWKTZ;Uu86CsnTNR+c;(AgTVkZZHV3Hqmz$!q$6~!$|?6
z9>E_{W<u5iyP(_#ZJ@P}$^yvq6#tMWN&X~ls28kD@egqotkT=CP%yXQD+o(mHcZ<T
zL2E<z@KI?Ve|Mt|J#B_HOCJbrkf^Ke%T14XcRcOy>nY5zQzdAM0ehtx<vX%WGh|2R
z+Xdy>8JZy*HA|gYN%?-2nJ6&Xl<!wv1*?>#WTxq(Fv)XXTfF=-A60G>rTr|v+KsPn
z|K2WmGIkRB`Um=YI3YwSeT30@4hv7j!aW(C(X?PUd^HJQ?fK3w&<^or>;hVSlCWRY
z!2v>)1sc62m~$o`KO*yxUK>hpI=<?NuipR8E=Y`49s0VTG2f)WV)RLRU(hKDq?7&_
z+*YQ2;g;mCZspCNs8`?BO??B9au($#`=J0)C((&KGvVENc0nndPDcUAcLx=QI)oOx
z@h~tws!;MfC)^8MJ<b?@uUmi=9MaX~Lz9}Mj|JsSb%&F^u;~GtcH7ej>CAP6x4_|^
z1;`;3q~i<NjE5sUb=^wjLrjd#D}mj-A5qLo_v!coX^&b=<*t@hu+KU_tiK&~R`NSH
z-UIA^{3Gpb6zVFC^41DNu!Fc(^y3sgJyloomQ+a_FF@NR$y-I=2HYr8UU@J;)aB)x
z<~IA$E-2r9s%!3c+MVhr)a1`hG9=p?S-UY8CENTVD%rsXn*HD`E?@M-i#x&v!9Tge
zCI}fNMD%_E|JX$D=a3MuGM;$ko64~+hCBFRIPIJDM{JN-P-){3Qacxm({rURi7VPL
zJlj#PNL>=Qws8pQ&ndf;=<NO8)A9M35o!I3?t+lC{^u|~PernPLCTDHYpz|8F9B?3
zVplpyearQ^;tnS|uumoih#KK!`8UN?xq74mGUkGRxc(&NOk*j!jSjIpj=t`a*p5E&
zj-;#k`;rh}_l*c3;2jJEzCH=7a)(WlPbj(F5M~sF<By~-?y<4_%M$~XeevV4`o?Ge
zN5Z8p&e5^7jycqK@8V2=3O^5noXW}`+Epy=_PW~zbm06GP6~oxEaQIFqC~Lbcnd@Y
zc)7h^fy|W8KC5M>%!1^-ZIkE&U!mxA)uAi`puo6rsY~L?7+U#HP%7cmScj16zpKeW
z`gL)7du2HYU{vc=`J5zQ_Q-|G$@$RJfL9_nrcy5~=&9ozKOO0RIC6e?`X0&uZ20_W
z(bu8|)q-IzDKqiGuk3=d>_3PxIjt`J^c)~edgLvN=OI8R5WU?ZD1QKRI0`#8X~Qd2
zA#&!034*fmYrW6w*|5(CbO{jEW)lPx{`<=yhll%Va*%3)9Af)1IlNojEQcd^Q#oux
zIrw8x4g)kf{M5}Vha>Y0IgE7OQVzA8x*R&rv<u3D&M1dvb<A=|dXULsWL;ej<HDF6
zrhpt4P&xcMOOu1QM30w9nGtET?LxAAEm;oWKxr`7E-2402@q-GmK|`qM=|9TV*Gx6
z#L&$jK@yR*K{xlcrav-Zk=gAv(7nZw%)6UQ&+{$GC*q6fjIbGiDGt>`Qu@5y57hsW
zNGT)NE@hO2iIXn?0#nq*AMJe3C^}xLOlCsz#G;gVNK7VWCcB?V_WSnQFoja2ggLIm
zl?3P%4bLgXg$b6l4A`&!CqN*;@=aHLK>6$uf&k~R{3(&X{i63A<j}q($(P9!k#M60
zn2%`FnyODqB)*g6-^dd#`np9u+Kofq;r?F^+R&jp(S^<@W8JP)`I2(2bATktTa`9l
z+4SqGCkTL}+ozr&C{HCCV|y{wv|a&Q(%vR|J5u8!e@!1KZMcH%A@sQZie9j39Z>N}
zcR6Tz`aC{=yRXD1pz;HB2wPHn&zBLB#pTv64KwAXDhp#cuz%9oj#@6?fl2^QRcdw$
z5OrH6<kO(GZhNvj#*}PE%JjN(wQNKAQpQ+!jDRsDd86pV^jHb~D3hK48xH+X`$zP_
z{Lp!unE58^oGaDe^@^0S%_hm|?r={=O&gbWYnn|r*%$%tHWGx=D~wr2`Xf1v9g#|v
z1CV}_?A3F6MtkIKi2G90ls@bQbQZ%Uf7CcP<#Dg*bwd=Z>Dg9v$~q$YXgfWb-J>Ph
z1~@FV%)7J<eR&yPJ{m1$Y>Z5kucXQ4lAKh6Vi3JHg4qQ-Nsz?|?|w&{nZwgXl*vwz
z_0h?`iKb;;5*+^cyEEp|gabP+Ry>+IHytIvGrJX4(>SSfK=iGvuM0u{dPOJxYy1?%
zdaN#HGmlG?x24G^)X&ZNY~;&Ic*g)y$Cv5(!b=hYM18wl!*6BBTvFXG<*x)SeIjj^
z`gnlLtF;}AWGAp}psE}oBr7GpP`zGe%GaspmvZr;4c~yJ`zcHi)Vs?K9Q}+jk%H)L
z3l7F}00D*W&2yBw+zKO4EsGyQTL(LJ3zsa9bxX|5ZD>g?+fgT&xeG1mkDqIDX72rP
z&dj|P4rUG@nhZ<Vs<y?_^{r>MbUy&vP*kJYoTbZ3_K$HT6`#=OtE3D<MBn3d9dPvl
zW;lu?s2pH=Ptfu>`yXlIf666oJlRaDwO1-WBE7sLN!~7X-jTju@;isO!27t<(XZ>C
z5FiChSX_LJt6-+lzh*ib5z(7Y2r2kwaF$tqhaq!fvRk6kONEH4x~hoR7fPS{AG95#
zepA|NZTO>})`o(W^u49ty-@Go^c|Alxhxvv#EkhV_XkM9DxQ8)@ri<OnH~hofsqou
z@6pPZtUuzRF62R~KO1gx`bd<x`vOEQE7SASMbqD<+V23T*FXNi>$OMTrmig4@;VbN
zlF@;hX~dYn6pjhiFzc;9>h5T&QX3)SIMy8v;a87b>e*MC+IfdKRRk+oB4*YI#}Y0n
zqlV2R7fbT}+og<Ln+HPI{zt>rA>~FsVyw4L2P5a?l5hlrW=5sy-OXveLm-Q0I;&Tb
zi=};pRyVbR>UifXV&?UlSOPYAJn~^lZn%xB_u+6gO3$+{pHNET14M0eQ_K6>qA%hP
z^hErDo(>^t!#jq1@}D2|1Zm#E#e}Fc%=t_b|L%kM75M!^_`a9n=9SGgzHd#xf1J<v
zk?J3XSYDo+grxe1MdFcJ>dc|XlmeS*QN4RR1cpJj;5+IswX?xpxrc5dCbgTksl!b!
zPe)>{e&G2%+(*l2dyda%JGLec|E<)8^sT)C>*vRt(OOPPnF-!6?51X50PY)VNiF$Y
z62I>Y^&ER9WIZiR^*jrgAf4x$YV|aMdJJ)6JsoL1r8f!5(&ZChg?wCK5~I34rOQYD
zmXpujOg>?80ixb<(`tVg*>T>M{Ahy3B2G{Cwhs_B6US4UylwqZiH^iIVQ5X#>&EA+
zZLb;S<MWko=ogLo{1*C3upCx`%jqyKxyt3cqu#@Pkhp*Bb(bVx0lm$r2?;&J)%9AQ
zZOX4rob-#%Z(o3FSEVv7FZu~3n%3SF=e48_1NFZ1$b~FM_u~x~|8Ex{>X$bN$x7Pb
z(`8?9cyN~FZ~NvmkYD?)C%|tEm;4{%sy<KjVw(8Gho;&EoRt@~Mc*G@$d_S)28b%M
z4;|aC9nhr=mwZI@X4B4+$GXGUF9unz2me1yD+1w*?*fD<Pg4eG(Ek?32MFI7Oe;t5
z{MQ|L{wotLEwrEI<5d0&-x-aA@2&+1DcFYV%eL~<(9REf2Dh^#wzE&B*3PZ>Vmmul
z)z04Wd^>CE?Ih67&9t5SJ~p*;O(h{}17hyqLolSCi-x`(T0)5OSla+mkKWL6mWUGD
z-q@MAA0ihgBzc?Cp`8|1*(~}V#B;(*1pPYxx}k4i?~~op%Jq9GH|cCjko-{(-{BC{
zCS{Bt#nCoE;`7%_F#F_DwN1h_1WM<)0O4lZ+9lN8E+L}t5z23QdzR-Rp@a~%SkvDP
z)ZI{qw=-B@X46@Jr!B|&uwrEW$$JAteL?$veN7PLiZFJNo~Z9u03K2P`e%W~-zbaU
zTtXISP$rC-w7t$^f68KCjm4gnMOO(w|HHgQ<#XU3Jn<Z@O-3_a4na*X)%SDTCOrlE
z^JJQ)KSnAFh^%KO-tM;x%9J*!I`iy$HsVX<fFy4PeT4=5Ow=l6NoIgBvsP^5Y{%`;
z_La1S>k4TLFOx`ZNwpd@VEg*FKngplqP><GAnK=BP^oiIfT;Op_#@CJK-9&hm^K7R
zuLrZVh?0J>kdXCWAhV19?nQrR!tdSC|ApLlzrlBl>GN1x?pr9gm;P>Ch})}jI{NO>
zO3k*YYc7Z^4TJ^Iqjb5l`*w#w{RDriJ6cV<P6u^Lq^WtMoY=h8Kz~1Np8QdOs4Fkh
z79ECqdTaH3doT7G)>9kmc{n`P-}J9Ww4TFQPp#{Otj_~_2PnToE)uf-0}%0A`nx#_
z3x>Cn+Fpz9ioS=-30eP>Zn)H<QbN`rfZw_F_qkH;!v@@kSLui4x+PH8mlC2ZhXPyG
zu~a4JvLAnxU`IV28z5>$CCmF^UI}%M<?`&iVCe()NL&A0Cd4Bbub&F_Wz+i7O6jA+
z>rcR=jr7rfcwS#^XXJoQujG2UfuVSh6cC~`yEni~0C(O>@cd^Kp8xz1ZSi#4fJ3xt
z7w!r0jfZd6l@L<!+xkJ!3BObFXD)C%SCy8n@j?hEoG^BOjza<Gh$z~v+dZ9=!bRUT
z0k(aN70gM8whyGOU@qep>1&^HE0`4jdoJAkNxF`kKS%El5cU4+gwV%H8z9NBZ|pUE
zxsJXZag7lA9d+b4C;5|_B>8)VT+93@`JJ;HB0kiIb^#;z{!Yr<G3*`$*1V4qA4rLB
zxkiYUreSS+(M7=m-d^pIG7~OOwF}CdW3>$`(RV#Sh&md{;?;|cHmpjHSQwo~GjeUB
zuQy$=b<>Mb87I;8+Vk{zOdCD@6ePU>_26_v@;m!C!1Mo;u=i)shSXOHS-(NIFU)Lj
z<hLk?SUS3&wWB5M=t&K@j#jN5ooTmr^f~P4Pd^RW(a}uYSMCZBwZS!WM<2L~FAva{
z+pgZCqqTJ(?dV@`0~xfL#C3FLYg0%6%!t2DiGO=FL`Um$7It(N_OF;}7nEtEjsC5m
z{X5_)*S|l+=>4nHh|v4DKkdgCV)*{;LHl<QA!Pkd-IlXHYI>6zIvAY$=-}*ro)Bgc
z9)ez9O`pb}CuDt+{+oUK_l@Al&)u1P?1lw?L|<b7i={?u{qqLd?`{yH{Bk#2cdvp(
zTF%7!Alo`0p?-Cw^84yCr%4km8^$BGZC>k6n&^ER_DtRlAN3#lHWK_aW#u&HoYA6@
zRDj^5oq`=H+J?=onDForL}tPmI=NTAYlu{mw~tz+wyEH_T5j0_o-I_#)np+ASIt6m
zl~Ad1)mG=K1@7^konjZ1SA)13S4sQ7H52MxC{#rRp{|;OLjAi{fT*=EYot50=CsAv
z6*p{u!A~;SCyVv!o9HZ+-Nk=*C!ke1$KiL6vG3m2zbh{zCO2Ju@;Wj3`zkfdhP_ko
zIYS7y!^iFK!9iV@<nJCyo_GQvPN+^~W|!CmL77e!%Ku0twJ!L!3|8L>bwmdMwr4;&
zd-?#qR1EF{ruWA9@@#<x#B>U4?1I2P6MdWEuvk~OFe*G%KCet~L0!2mu2lIXf2K4m
zO}<g^tJqwKFHDnf<kXH8gtgz>`Td^Eh^J*cbsq1SWEYfSGjI>Z7f0PZ>MM?^!8TKp
z*3t5#W>R;db&CKg$ijF|vEphGAZjmM2c^WH$;poqg!sa>v+RPP$DQc&LVW%WeLh)_
z8)Va}l>1v4QHyuM2xoVq&zrO`PKk}c=iTV@uogysP3qYLD1ju0xs@K!*I{nBI=Wr-
zegt1-yk^Ig+S>+;Lvu0EKO$Q4x2+>lQ{UZ1U20E84SSkAB8IuvX>#|tB(Z+?PT*rN
zMjv~{`*uNT-5h=F@ebX`4xo>{t`+mKX(Mpo0MHiv&THLaTkVam+P0d*0SfVCSBC%*
zhXoFV^7jCYh(F=ihaCd-H@V=(d)k>jz$fjClU2XE4#Cs;(QwgwM!WQ!CKqQfuv3+u
z6)OnJ11)u7`KXeL&9!uBiv&|-e=7VW=}lAO3z7Mi@T4%k4*Os_>P(Btc0oRtEEh?c
ziGOF<1?B$f`sU)+N<4gIYaSr#no5ip<TQ_k&ZjFCb#f&k+4F$EM`QK9x*AlNh18}G
zBzzoPS<@_lGY7;OFQ?L8p3@9_S$$A{u4K`21GV2onLvL(Wc(gUf4>zV!~hKdNc{Ny
zlHXb95ginNuS@bf$2{T?(&V8#G+g{EF4*!g<H?sGo_skTX8mFuor%NTO3kLooF;GT
z^=?a*2|3`Aw<=$@pku6%77)EZ!+HJ~Tl#}k-sun1cDN?6qggpC>3F3bDf*s*;}VzU
zba!33p<9{LG(h|f-TriUU9}Uu+OA|Z4UmF0w55~ie=C{49Z-r}8vgccm2_^+&7K3|
ze<hYG%T`s?&Ufc@pjFPLz4SL6n}aycE3oLhoRrfQdNKP)Is{uZ4G{H8CBkcMgWI=Z
zZpGh{8-80wUvokT)5S%xf>1Dx)%--PAgJ~L;tj&p)hMYm7;R5yhoIa)EkJVK)S9m)
zBYnJ_5cN2puRp$!Ye`CcuG)@z9_N~~nddghaT(^8{LVJD&@Ucq7r0O8?9i8WmwL_E
zf1xAjCnz<BGJ3Is5M?9`qpj-uh&<Rh8Q0^FXmQ9({7`k<aHzr#nlA>=3k|46hx7$0
zGhup$cF1sT3%;f58)bCuq^87^_(IUzJs{SVcQPIysURfH|F|p7mnV8f_%S{b0a|L>
zaOR+6lwmW}bu0gArXR2I$hqmw(qt(#7DI6bAz2>3jk6q5hGO%`Hqp0>3VtLNt-o0S
z`;&5meTt3~PS{&&BF@}soOmlWwm+|Axo+yZ73B_gnx_vXcn4VWZR)`QA@PN%VxVB^
z^m2f&QQiFhmSz6!<nQi+OCEKcg78j!Mu|=I9Rb67SM0-drVVr3q>L?{Ec2p1pJylz
z`px7yXiJCH1S?>dGTwhe5WO`Z82)}=<+D4CLpuFn18~d>$^>|bTM4}*;Nfc+of~|I
zIhU(<Py~mY6N!bsZ^CXD8t^6?Meoph`gA4v+YU?8tWpv+O1o=Nqx53*U`ZUF3w-)h
z!s&#TCijYAIdRhDestDK>I7#YBuwm6`7T=|C~vr!D?~f(n|f%RcGJO44tnJ6N_i7%
zov?`LohnlE6l)W`|Aj*!&eR%I+oMuySW|x5MQ^uS5Lb*AMDNoexG|lS=Nsz@OuQpe
zM%}Ra4>#s99yW^JPw};ccRN}&)}@mQ(vjq?qBm2Mqw?~dmiHcci|Ad?Ne}I|o62p5
zlTPwO-Eoq??H%15LJ0Xi?~YEBQ{6EvQBIOrKiS<0rdbDyaP2#GL1}wCPW*o|!JPxa
z9rDQAludV1!4-+#8&2&Qzc&Xq3!Jw*A#HG^6NQ%f1d-%M0A2#&CVxUv7=1J52}!O2
z@!V!L1VOpl#Bhny@Z7>~D3`E3EJTXphhYbHOtkWA6T@Zt414YEha5u27?(rxcXNr}
z`LuI7JCouag6Qj07Y56{@ze`BBYJO(5ZI{kJBfpO7Rgi*zNpJw3*|y%UF&_#9D=Yt
z*&Xfy43hkm_`K|ck$UT6oYZ&NFM9K|qYh`{^E?@CY@)9p9O?Zd6(p|j8zMeqULy^k
zQ9p=4`#45*<Cy6DAngBq&?z_$dI{s`;@fsX`5+3r>bWr8M>~f;n(GecqqS#o(0T9b
zanL4qLCAL2$7c1=n??PSLhWEpnlFz!OmtL4I3R+bUR#2nhwZe*`U#8^b~rK<E@ehs
z8D|&dzog8>{LywnsR4-@iRkq?(Mv?<TJ)~Bna-HJjb3<q9md^McwH!ZW6Ozldb?RU
z?y-Cl6(DN;a^wEb#6%dXquW!5^9h&e%Y}nfQ7^W4V7CZxHOg+2{9|G;2le78-fnGS
z<M`z<ark=R?fmOp(L2?SI>%YHE_ZOi9J*CY0DItEY@-VGaJcBbzXpdN<bowA0(<yx
z*S}BIfy7*J$RmzvTL<ix_`H<(qU<gr9D<<!Y8#vAomWZd0*3mlpo7yvV!5KXdw@zT
z#wPj_1K=*vI(fBwvLPDAX#I#uq<WivKFlL;SEI`@SQ^tXK-51f_46Gr`g>47_cO!k
z?~dB<)5bg-p9?cBIFTNC=q5<DMCWbYbdTNdg3ZP>dFXF0me=bVW;p9o19bbo|Jqr?
z@b7P9y+O77zqQdI9X2wY#ox}d7WJkBcqAk~rXq@UXvY)U>uZ!0LI@@u{-jdh-|yBS
zKwu>g?ZlK4$~_I(=u{h25|WiFpHN)1Ttn@<J)BGfx3R-3_{IJT&aXcoa`5lG4SONR
zI6i>iJ`m9E#pMw@T{mqacFqXq+SHY0gk)tm6j4d;3q5w#vE{5i#mWo7o%1~_p*PC-
z{j2jzr`rNVO~8Fw#UEvCDScd95VCFc1p#6-%E&0gVArdIY&^)Zk?K!~Aa(?6D$H&e
zDG2KRGW~qQc?Mpii(+Ga>|d~cObUz2^!?wPYCU7);GELncEiVyq2Aidgpk2msq&$u
z>@Yo3T3*sxSo>fmFn*rgL+8nQ4^aQ&m10+#oJ?Tl^O&6c2ds^I%Bd$@ysfoEv?K9{
zk#<386p6NWxC6B?AZdp(e{RSQWu9ibmfn=DDFzqeXgU@dAZouNT@FOq5g8x_N7=c|
z&dvpG=seXf9OkL%ZP+~Zbht53^{KRL^HiU3ZJv6#fiX{Y48z{&Zp>3M75`JE#<{06
zYDO6*#Fr>X%SxC&|DklEzkg%*GUXFW4E?<Ye`~E(K8?~nL|;R~ts}}clSS=SUP^qf
zN4|jCnB7wp1ofeE^ZBtqlpSJ#s4I%J@uaMwzb6!F=SO1k?&Zu_@U*{*bqGogFDRwf
z+<VFh;S41=2C~Cxm7PoZa~r)LfcbQPLdf$JlWXESW)qz<eEZ;LnsY`4HA1Jr?n;>n
z+uydca4gWrb<L@U0SgoA#uB|=iyhBH=o)RDX4j@{wkabdyAl2G9{qfp$KS&RTjm=|
z3Gw(}kCZZOHZ-VU+yF-q9c>s$aDs>Wz4z7EW5OChWh%}q-UzBna!*%MHl2`?)|znz
zAw;0=slavaZg3<h!PyOrxFbwY2X7FP>Q8J_ZWlcAX6k{-TWK>p+XNwdlSp+Tpym`~
zJcPbTF|_e1s*SUYDS-sF%+4OC#23<X|FOY3Hw#D<t7D3}^)IJi9{ECi9_W-N&oeAW
ze!K*kKMcEjbnZBNn|Y%5{as2(n!L{=ABU><YhGRUS<2ZxMM!|UyUK#wjP03*HwjT2
zmK*j`c_Y$zOK{b@v=pxXeL2)F0DF-CG9p0I<Z|eHLl<yt5cQrCt-n+K2}esU^5}x{
zn91ZZ)qK7wVF8rS19hUsyV7RNVTE73$<D9%+fKC7O{N7Or0sPT>Gl7Ao4?0l{P4eT
zX!G~qwYmA*9u_ozzbSI_x360XAxb^b=r%kZlO`X4KFec$MlD?SOxlKbZczJApFLy~
zbb+M$6XX)RkbQ~{D?H<r@NS7+&=eI4WiMvZy6*-Wl5Th*rDutq6}U)0zsBAs;oEq8
zn_WcT9fkv5iJ!s!$f(_JhmieCB;4ix&Fv7Br{728z!nbL_S<(i2sNVWgzJ3&7qfn1
z{mG4|Vs-cpLel)tyIp|z`Yhm>Kktt8WH=aDC3t~*?7Fx4ygOXEJAz+&ZW6uMA$QKR
zt{gh_tw4}zu!ES`rUSK)O*hA(nUv(ecr&?&T_T2C4ZhrKp!g$-?Sdp9lQI+LzG-Iy
z0Nc1tG&P^v#<_54M)w)CnS!>z$S!0Hv`gt|Q))->n=M;K?~4$ONmyR=4`S+m-D&|&
z*RxoF6Lcsq((nO7_%6LDAJl6>2S#mljWZcwCyXZTheKz|fV!N%`ev0AhAQB9&bkRU
z!S@<9mdD|1Y8H0YVjqCJqtQ!~_fe8_VgK<Dt7ZQ(oVV;?*40u>B67GLsNcYrFjc<L
z(jh4MxNDu}%Ny02a|yCvrvi?KeoOqeokLJwdJ75`97>aSs-G8AHA{74*zK!gUCnH~
znyoMbZ<Mjz+WZW$N%W>eTY7|6vmXJ=n~i1|!UlW$)dg1wQ7%V-OQXJ70ugpp=9x9M
zJkWPw2rlUch_=nEc7aX$w)!aD5#gwI#=2H*ca@Q%4EL<5ZIg8*geViBx-Duf(p9fx
z3@MTha;jKTX2RCN80U)$r(Y(tyFp!ZD3Y(~AXUE|SAfF2>%dvoU^EmBS*IVV33*Ws
zBlaK~l#|!(g1Ypwp){}J_fHH)rJ2dT|DvX@G^waG-J#wCRB$8Vc*=3UtHJf_YdlAl
z#n6S??J^-?kuGSfOKo~mKf6i@7k|vS=t}h`bfHq|TqJsD!#U0Ik%C9A^vE|v??yPP
zFaQpEdi>+!@CM3b;0KR&N7_7c|2T2dX}I}3)E&*X79gMjP(7y^d=7+gG~k6~hlXm?
z(t%eW6T}bugkv0|XKlRtl2J}ZMJs=YvmkgRrLcW7944>D{IB?Y7E<`#&iJu=<o+?@
zq%Kb6C#EWX%1r!tb$(uQFjH7+7X<OcE>7eryOz$A=<Vu+t;b}2&u6_>yTc>*cZrh{
zS?zIE)jq2>Uwdo4_AssXub}osR(m2}`-4us-a%TuVIH}Ev^XgR>V4kbiFH;acGdu`
znA0Qoj}#|OV#T_#Vx6#9A3MVc@yPu<;dRC{P*+I}aq1(m{g-e$#sR0$@Dxd;=xqtd
z%u~VvBF30V#?-*`%iAFkm{vo(xm18R<ijO@!WS_NSjPCuS%cpgtXV@ZTX9!V*;=fI
ztsZ|0i}0u5UhieC$kZ^_?i%8xHZ`!#5?p1%8-M36+Xc}#5+<H;E{J5k3_pfN;x>eF
zUb+tS#4)%Za9Qd97M{F>;F93f0ujq0ZgxiW&VzU}e7Gr04<y2&V!&P6;!2gTaDn_R
z<tuxDs0;P=0qyh;>7y8oNBH|UfouP#n@P1ctKpS8K2m=d+(5=P4t4w2^?ybX*4BeN
zv*)DDh`MjUw)nzV?Sk^mJGi?ZpKH1S$m(;^`Z{8L@%eBvVlaOnsKgc^>Qw#xd;EJP
zpT7K}((pGgD?8|;q3m37HvRD}$2Z@eRTX@D=2sA6eqYbjUIFd+i<iKPjvj0mlGcSi
zgEq9cJwVphg?v&0emxpblvsxrSx9dw$=g!p^GZiM3z$msW_D=GmoNGnl@pS*t_GDO
zkXm8vr{Q_rzwBD@B)tVARbVr2XM2aUQwP2qWt38Vozjqi9@k8WrTlj;PIoIkYrxgg
zJE<>*S4+nY!zpWSrCwgUPkJoX{}S9M?QGZYlb#!B7nFXa5`q`|;4s)<scb7`i*m)m
zVi(h4bI9S53o+X65Pf~vRlg=efT&58Mmy<*t`ymV+Ueli31||uowJ~wcj)b$Xz=Yk
zdJ+1m<qHh|NeB=n!l7X%ICYz@F6H7?ux?e}4z52#;OcL!)jt#JZ>867<Ld8+_0JxN
z^>?84XWCi)0$2ZhzJ7?k6bV5p;}Ce2*=l1dlLZXit1~d60@r8C=0GJ;>y-23Vkvzz
z2;+C)W+_vH>-maQa`o)e>gfsfJfPR(s?hHvDSatjU!@+umFVyOMm)C@{k<!|&bJh*
zn=85f$aNk{GlJ6GQjP~7!fE-`a{XLFNo6Hb<IDAUu|j_<Wjg&M^!Ih+zTgh}d!dd4
zw(J7*!?l;_czuG6*ExYog0((wiXSPzJ8+ZwdMVz^SofS})>L;nAxb`}B<hkfO|HsU
zIJ(u#r7XS)zqbQC5!T-e>z~=5;a||!eXHLSq4tmR+YaS}n{!2hO11@M^gn&1_se0;
zWGpPD{qo8)Y-R>VMc-(QY|0JYN_Ish@i%m<uNv~1Ur|Za)&WA40PSpF?x@C+-`PV2
zHt%~L+03Y{gz_-Iq&sL&{r4F`DEI=~owTljUT0mXvj#h}-lL+DS;8Bo+|jxREk{S&
zfwkb!RhlA#)?<_n9!(7E(+`i9m~f-M)^MZVp|W~X{4mymF;FjP_GW}zxrbryEGe%f
zYO^8@v|`B1c0nn4!iY!LD$;PH^!Wt|L^1-yDFFw6pDM{e5Wrd3jDf}fzDY>IRFso{
zpsPUT;***@`dH9@y4x-C=!igCU6g;8$M7&-9$#4HF@oV}rPH3)<go-n_LXnTDv3J#
zrY4VmFWChpzo#LOU1e3sV>}};fD(A~=B?z>6XXG+xRkW6$uokWZmOhudl&t8wQ0WB
z<dbPRAUe)wk<U;l5OL@Ef0mEm{*Uq*i$Fz6?*J#C2-dv!ODl;g=<@0OqFqq3A2;OF
zwkr7?#@qqQgOottja$iQ-VH-O)Zo>mpEa$(8M3UTlE9G}<%x<)oIGBHn-|U_XJN$t
z$R@ab^s7g&6QbO$6|9Tl<|SBg94k1V7QBkr09N9w%D(t2v$T@oR8?Y%0%Z)X{>n8%
zlzrulYDc8n4?n$|QGJq9y%S#zz*qAa)dzH{V@i<fU6kr@WFa04k7k8y>xFl-!X?F(
z1Y+O1atyKzo~P{=xT$122RGH%bozX)gM*uT9hBjz_<V*om0&l}rjjZu@!$_ti&#2r
z7~0fpl%Lr;+Eh#G1kFj+(Wa)UYXLE<AD~UKjxJc2<nPC$O<l9-_bDr4);?R6O~~V$
z&<~o>PjA8|4lrwcxupqs?01hcx2Te+Vx`uEfdlM<^7mt06GmebTm{>$4KbRq%5qxz
zN5RsB&x9(Q@Vf0EdZ9JfgzPd)6FReAICZm<sQ2o<Fsr{^P@3^gm{M6~FDTAZrptrS
zr_VeEI`|x$qbE`E^r$36`G2gvcYG987ce}#$%dtb2_>-fAd3b8P1I;Y2xc+BtZpDc
z=%9dz_=wmN6$J&etBmU+D)?Z*M+Iz%1r;&65L!Z!7Fr<mmKg#GJq0HB``vTyv}6Om
z@Av)#nVmbgoPN%|_nbqOtl=4q#ZSV9_ppZJXv3}e>M4A+Vi;y^5^}ae?xkMWZ~-9a
zq<7W++Tg$~@uL$=>qgT4YOudH_-bOU{?1-y{oM(N|7@3zL$l;s&DN{U@{LI>|9>Q}
zYW|oZc@@M2D34C5VOgk#USZ=6$6Q-Y#<Jv9@3_s$tLOyfc=fXx6^bc&RXDDuaEz5x
zS5l?+d_(zvvl8LaP%Ck$`Lx8#Y`lmYu#&!G*h=z*5Gy%;oqe|Ant3I?j=@UohLzl{
zuH*;!=)C;xwf{FOdTCs!6*W{>^v5MOZUtV2cy2UXQQ3eHD=Ji1bnL2mMN^K#itZn+
zuV|bKt3@n7!BD~90op+ToIqp0(vl-t4TWTz{iv18epIr+6+m#Rx(PY4maG<nSR~|x
zS;iR76H1LQDWvp_rY~1>kYOis^=K=X+YHYM&lzFmq_8JzNPONHJ&%y!5d5}{M_`J7
zkA+N>KaEuni7u#6$ZFD<<4S)uTt=YweVzQ_Ip-2R{%KJ{L7FoL8g+yH&O+W-35Si8
zFy6NvuSCXP=ARwt@c5@e)^NCo%6IcPqXc7Wz-A4pyZmI7JCNpN*PTAI!F8uqkD782
zsrjWH=vS3^{8`QzsrzL`I}~vYPEMwzHV@+jF<*+iq!4kvFOQ#de}op9TWsMtUor1p
z22)I#>VOk(OIxyC7egFtLWJR_zjrV64bds#u$AL|&BG1RDH}XI!J<=eCKN_fKwqAP
z=v0Zc<}o!owUPH;va+*Q3nH{Y)JL?N<b(l-tz6bUkk=;JcJ>e*&D)T}v+38Q1F}jd
zytgMTEY^bAFx~!PoJW-0;xG<Q|8;_p@rFc0P)QK?OR;4N5&Q{*Tj2SBalPOl?htZH
zEz&>$rka;|VmOA}40)M-hk$VYI~vI7jUiUfHOv!;^o_Q1u2o@pcE4nlN>vYDRmjNI
zZHHlA=5`~kcoJ9$q(lz0a?<!oltgPyP^DL~T#6}I2=(EH)ewU5ou=n?WKY2(i~eYe
zxnT}LEE965_h%LSDPK1a<D}Vx^mB^O=%LwHS)kM7PZ$(!3|@M~YtYtW!uzN2<xGy_
zz0ZYf!NXxJEA#RTiZ;e^IBS{GD;lY<@QR{tRD1W?v@esx&B@KKAGC73cMYD?{IM89
zPrUakUG2`x7&wyH<S+zPJ(?xTyo>sGVHnu-b+K^V>g-`!UOqP3rG|i#FNRyWT+Bk7
z^1)CmC!L;HL*%<Gb@H_@y`kl6H~#LfIONW`L3p2!+S$?trlX(IQ|HT1V?2TKr>o*n
z`s1fcw_zTKa%tpwg~-=#=<yHwjFBKtN~RAFX>mj?p2m9{LQ(|G(KZwL%R%Swv2v2_
z9D-(B7(3c@4UYpYx}ac4EdVB91PiIT#R%T}yj26sK1?0!3cfmw<0ShaEnyqv&j>_5
zH;ln6O)L`vDUS`Ya?*+k>LE_w00mw7H_j;}K2Ppth}Q`I1o?m(Kjbed5I@9JWp44D
zlrjpVCt)}0#t+rCx~<w;zkbBZNo`7Ttq=|u%RFL<TRewXJ$@{w%RSHg{=QEApK^t`
z{{Cbb$GL(Hm=yC3z}rFZ76Hd*KZ17D#&gs-#58GmuJYGXDiq*|S}1;`#6GW7A@Vpn
zQbf4|VbBsqKfk!gougQJZ?T2r`1b-F6K?OqK~lxS`*PvtTz`ik?#C0@U&`Q83jTzn
zP1#MP;SOnQnPSMU4|ODRN-csv;d?`)uUR9^uHRm5<SXXiI~s;*;8?o*_p4CvqF%Zm
z=Mc;05F_~e$FMR1{aKlS#yG3e6>1zO72pXqt||7j?G*FAvkDOck-|_bmnNQtfPP9+
zhLw}veT>R9mKh840!bs!DnuTBLyIp7^m#hQ>!jB%fJl@7TcySGV(I(O^?06xKIiE1
zK0AG0r9PKPl`?f~745x5pF1e(eL4A81AVUkbr{FxHbhA+4uLI*S%a*cwENK-0vk4g
z47z|-kP-Z}k(}fkU@23G?XLy2eI)=id6;&d)%Eva_|Qf_Twg<owBj7b(mDu!Tg_ge
z#u9<~zh@Pq$*sFAZt*;dGQgKdtPr!DcB#3n5Pz1_E_c3eiig<T`>>bi&my0^rSf^!
zokAdT>0m3D3pIf=hoSr%Naf!+K+~)$Q~Xy_Na;T;Zh5i{@lsKx!SRjjgt&qehjAR_
zQpWpClj!5zYC<$y;J#`#vyXYFDiiqk65FZzb%efC<-42ZJHAU&h<sbM!RYN#%ad<!
z)s#~n?`>*TlaO|}mx45@i1&TLahz_#X=YXvE3;5^GwTz)RsO^<gPE1)f1<r1{e8tD
zCh`=_uOPi!q7eB)m7$Ku6RN!5OZm+FJ^OgjH9|_)GQIMIqf`<gm3Bi)cmCe`q1LZh
zUV6Dd!O=cHi*n{=Ldfc93hCb}sD%#M=4C4Q1GdIM#0f(WS~+R^!<cRU`gKB9H>T~q
z6<Tig&AXwtgD@D{uXkIy|5!bN$jyUw+a-GSVAXcXIj4|OkFIV&J9)6eaGnwD=$X)0
zLKgHD{iOC)`Z<NHUO~TEh)(K~-PD!1Bm@#()*8i9;R~6kabj`1^%*2|r}MIS0+I31
zcjU(zYAK4_216-|v!x1oY_)}Q*GPFOJLG!xw1T^M(jzic&ciTzw7U>y`eiyY$v<Zl
zBKI=JipJLpv}EXkL^NI=q(3B$wDUf=m8k78TQI_r?w@QVst*y6&Y`AM1(O+(;2H35
z@v@fmAf5H6kivU%dzZhzf$U26*7~h<1MQ`BwGc?y<*{;tSRiHe(vJc@LA1++V=E9Q
z$4@Cl9#o<3!&FEal1@$9^4~Fgm9Klm3N6v|^K{vm<atttfnDz>EdEJH=tjV2?9C?i
zSCXFO8PaD{Ge-KogkfbQW_n851z2h9VfX(jAW~?<cd=pi2ElK0V52ikXE!^okkTK7
zKxCoE%E2Mh)qPN;t#Mm9sre`nY0Iyu_c-m+(UT}Lg+S!z9^C?*N1LA<SwrL=z)g{}
z=}Ri&SHFuLPNOZ>j)V@!UV%2_JgOY^V4H_&n?=|rQOoD#8sQr57PnJ((JfvXCWy*V
zVfMKq0P-5hlL}WkjQK)$*$nwYH`rLQ3=pN;ZPXu1d0;2Ck!MG+w4lkh$?(H0`a|Hc
z7$MoVZ3l(^Sf_*c4QZeyZ}o_0r0%B_;u1GfFHnlW{McX<c><H1;~|L;RiUR(gYNL!
z;4aoo2mNyGN$NgI)u$Eha`X0P=sdpE9FwiaXoZkjWn_n`ZkLvi6)!==g_|xzH-qy#
z5V_c#6)pHJm_r(NfGxcDHq8H;)d;tkx<G3v?OaS-hZ$~Xh4J2&(6@dsrKLHUY;-s#
z6?F){Li)AUe6ubh925A)2)=9db%goqS49}d39~m8fk7;p?*FTo$>&GZxlBHxA*w3q
zX@=9z@!m(l*YEl4cB=tJ9`UTy^(er9&P+IR1t&||MucH%GQG!dqKqj%zk{~6+-+3x
zJ!I#78IaI=D3%p}2p%4Rvf_A*jzTddjBR1F%ORQ07-{-RMZX6Tt6n|o4u!Zg9Qp}5
zgnmw##VwA_bGZF3JDeF&@A7Bu#LL=e@g7a-gH|=?tH&87Wgb=F=o=OsrnI!8m3DD^
z2iYx%>!o8SDeo8S&3JEz)_8rJ_ugw$Z%Ve&j<pa>R#Vx4y1*&FC=?K{ICx)4G+n!G
zp<>0mN&js{Ift5d7PlDX77>~j%3OG>VIL$^wfzJgMJGZ>84lieq&;-hN$sdlhfp0A
z=^Y)0<JY#yIHMgm)ERB-03EHo!8%Il7^<VY?OI2_wfc7)hP2Wrybi5|cSJ$57EV;|
zgNaY44);4-tsL+B8%|n1<p3Z5CmU5`PerkF{_qcl^dAr^m`O)y`498VuSam4bpI(d
zHOnZjMc9*i{1N6J0`&}Nz^;Y0>!LZG@hw$cHfTvrV+-C|l#d$iS&vvC#U4?Jd_uMF
zA^S|M)Z&N&_ts+NKTY<pxI?NutPpwEb?yF$M4xx+&qeh4sO~RpGCfyFtLXC)wf%nS
zTl#!nzsIzYKHt##GqBF<hmEWwf2H5QlEQEwkcx3%QnhYBsky4-3*mm90mo3)Fi*pA
zu<#KIrK{ng1ggG%{c_}S4&`aAQJ%(W^7Kt;T}WHsX~F6xSiIo(G%H7ONQG}8rL->`
z9+lP)X7`lSoUyzwxtb6;l^W*i^yGzAc>jq=jzgM;@Xl|mO8dS*JgN3{u|OVPrJo<$
zfw`x}OlO?b=MW+_5wf1i<Mewyg18^?-tLf!_ko0vdFJnHicR0w=;xt=4|yo`l<@x(
zkk^H?{8^25pP^eA+~a9Wr9-WIu@AHXnOD)v%1Qq@h`h13t$u}>%C|J9U8-S3YzN+G
z(GKVx?qvo$!F;cWbDZ=_3cI3-_bGdWwN+qj5mBrV*@^HtDpej-h<v45yU!%i=Y#5V
z0Se&V2blntS5}+(4UT$CzaGS?MZw7#?LD5i8h%*EaAz0Cxy1tz$&Al~BzcrCY5^Hw
z8{F+NNHJG1!iJA#U;|yG`!;7qP^ptO4AhrXAq1~7w^i7w^fYHG#d@M3dYo}m7@Kb@
zMSUWr`#8DWc>i&SbnJja<lZWu1KkLeZ;jpjeE_==C>tC5dWq=pqwx9gfC`^xM);^2
z%%JMzBSuvRTPN#rQyltR8(#<q{I6*sgNsCY!6W|$Sn_W5o@T=Ad?u3TsQO&`oDCi8
z%gfHD8rtLUxsIc{=v$=K^Sn3lE}+#%60Pi`Klf`N@jj_F_7w-21gUD?%lMWuqsp(b
zw0#^9adjK2{I|)ik>1??!4S_2&zdFp{{!*7y{$pJID|mTz6aDn(~N_@s116}BbJlB
zhVv3Ezo}hnQN&nB{>CW(rQ{<R3bV`qy+-*V6dh9N{?82E@X*lJ?te<V_bVhg5?GF!
z8S={OY<*gMHVnM=7wm$V<&32Z-3$xuM;Chjezbn#q%r$Y9L#P-EdVG%PzH(jJz@b`
zhp|!#qvcqD=$3YBtlqZ{(?_BtY_?yOgkMz}^Y<WqUf!qDXRh)7nrff^P-U%cpOQ94
zYx3tdnl*8u%39l+XxG+gO^j>{R?e&%E1Va-Lh0~12k*1Aha)#p^at8*L<hPO3uat`
z`{1zO0y|&{A5_w>^&whxfaxIPc$_ipN~HI1=+w4*ot49UftSIWb2;>qGsjy|z&{@a
zS8XAmG}VV6MziCRpsQh6DNv*kHbf@yCRi&nHMS^Z*JyV}++wN&tX{Y1$#V#PTjL5V
zmo8@RRPz;8I$(dwkYxB;YhbKP_aW+|Fo)@wJq$0D2x2;8A%s{E8<4(~`rErOig*l2
zd@Kr%Sh#SN)<w0Mer$=sLEal^Njo_T(}eT1W1Ue_)?W6lnh~IDXWE`x$pfMRfQ4(V
zTzZns&!-A~<qT)6J83O$NzTtpwO3}xdXgizueEYno!G{5l(eIWNiuLvZsRz9L7Fob
zp=*!U=q0bB4!wkRL3&vatFU%~8Dvm%*dHxlRL$#7PRRAWll}lc%k7k2tSY^Xb;hxL
zu#{dVUNh5+uPf3^CWY5nXPibaU16}rd6ZtLTQnSO-$(FTtGfdwl^5Y!E0PKY(Nc$j
zRM56SdKtHm(F>+!#cT<QKr}aKx1!)!qg`KQ^pXkmvil0q%clD2B{~M^W!*gndWn;|
z7aHj0wpgT>M2%kJ4D|9dom|cgXA}sQMBY0;R;8AL)+)7JZOzKx>hw|}_1~>%S!3S5
z9d?Q|V-fa>@*NzPo>c1M=jVHp#{!L{*)L?@;YsfB{TeHm)zO1xL!zW*`xxO-8Yzh7
zI2XSlAECN|ij?FI)7Mxz-W%=Is`z{hKiuCH%3HKpW92-7r(<~E>)mv5m3^g-xLS6n
z>Q2M%toQLdS=c1mHUc`F?1T>2t)~9XjBd!%lyX+7ouxt!jTknF-u1TbhRcQCVclUH
zYe)rrC7pc$3vIpFo#S}#;C39hibB#880#D__-8nyGF<%1{ERfe$C>C6&kFu5XKWe>
z`oN$Vk9gFTbKF8f6)UCgRLJO2l!nGS9lZB=4>i_uL>g8IQ5q?*N82>@{nEpru{2%P
z&v%~p*)ADUE31ZCt9v1}G9WVe{2;2ide}Hl>UJ-hlW|lfYWh)LcbVGn!T*4Y<80Kl
zxPtb*QGW)P!F!vHnac*_IfUITKXX~tpNse5mdN1pkoKX`2&d}#H;-YBy77a(w!Uoe
z3(~Me5-eT4YmPw{aU<_dZwWw9HNVv3o*Lo`TB)}yO7VsIG&Tp{^n`+M2p?eKC4K)$
zCD5^#>JVr|E2BRBLzj<VT&g1<KWk;wr|F=7Y;hGJAHO@N%EwsH$+mg)2Tj@C)sE$q
zP?c&F%p;-iMYDYT3RE_TZ&fsoK)pTZFIANeZcbM;*a6Zvt+}d2tp+VRhBs@`OlOod
zV3$Ie;5BH`&uC|2hNITSODHFgK?QL}9!NpZqnP~9AP+~j0C~8gr%8Xd+h&l5!Hzf6
zpI_{%qd%8-R3+k!rm937(=>$syl;Cg{aMjL)t?rO>3on2`jd)8gXUyXF>-z`N=2qQ
z7wj@<&dnWFsYn6ZD+;9I<GEC3{o&B0;s@|UH;UcBi!nm7t?EyT_AF-<@9WW7r@T)t
z)}g#VVvN-EStkw^eV!-TLnjFp1iM6XoF_T*+@ExmR*_oX+89aRiF1wd<+;R-{2beD
zYNYK<bB=T6C>9q(Bq-u6r$Y$LaE^E76cHD{a=ReTaK=b!TQGopqqAP{EQU#=ROzK{
zDBgbDVLV^++ik1>**T}ayw}R=EHBS#Twb&j(?tu(wjHaiTvnuzY@170<-6|=10TEn
zmUMBe#_w*?0)1KA;2r!tsyH2-N1Q=b{a9zBhmvW!D5X=1nB<Igi|53RyzgDy@`)1s
z(cS)}Y%|=>`#MouEUADGd<}Ey?-=OsQR&Vpz}T4~#J#35#|e)s(p%dUt!7$S3$@_6
zKhqg2hzIaY1FPb8tc4ofe7_OL<!rRzJkv!9YaoFWOBI^~Hfq3i#Z-{lZ+pZnr-QB|
zE?wN{5l;*LvCc%P7o%(kJ0N(Q;J0;LWz~vvEx8M??K`BHZLB5IJs2MpjZlx~9|bZO
zr+UO|(l=WvI`gHY+Y~J)izSvK^BV8{_)ddZO&7~TXo>!%M*jsPfzmx&6w)s~Pu^K#
zuHV4CpB7tG?`Ku1xn9kL3$O|KeF^LqEi18d((pcdLe^~|qHY+SI0ve&f$gShK>p;M
zc|L2wQAZVJP$=lrn-t`!&^oeNxq1Ha7a`x$C*@X_ALg2o_~*1l;?D!$FuEnijdLW6
ze4h;Yp*&89H2fcAVTT@aNTYINZaGqn1J{fp2EXl%-vLxpV$mCqWBS&gC@tTNP<B9&
zLR%cT``XGp;#%X%<kYgd`muLu9X9r~FzQF8xuzdymDbUZ=UN(Beo;%9b`(XlKjo>@
zYE-=x^k!tnY36S}+WIE`=51%q`qAGyw7+>D6gIUz{+p^K8}YUM&B~^s{LOuh>iU}<
zwuJIGzvFM=Z)!@C=|?r^NhLZl5m9)~^>&k{ytvVzDXnd9rYT?AV)PthdGCOBs-6sM
zr0U6Y4MTViO$rn>X}!0ijpjMTXr9ANxIk{3^y|&E<>X&Y+VaUQ25p(u&ZsR<GzM*%
z@GDhYQ=&C(ISGE~*ILt-TUTh>a(a864yT^2Lx<_@jkNXO_Mx=pTM?iwSFfO>Oph>V
z%fB|8wdKP0s<u4d^j~Ys{+m%-zSE(uwiF~GAGPJIO-5}wq$AUoqdMx#OE0OjyvR<*
z<-OTS)0R)IVA^uwFH~DrbT-IEU0XVg+VcKrj^(((;*q+#OcyIWVrjZ~m@3Ouw|I{C
zo#a@Jd4EF9FO+$*?Y!?=H14cApfJ{f7--@U3}rPPLQVsVfcx4tKhv4XAdE&t2|3kP
z-uGlPN`@~x1pl)!cu5_O6y0s%y{|@KI&D@!^v*`69pkGFanCXpv@H}9D-ryWXMcvI
zF-+f<MKf*e5ibhjLBXht_fYY|YKNAlixs@L1Hm%*lxfsD<Gk-d_;o5ZA8Op<VbH+r
zfEYC_#M9EseAKM5Ob6c~_-&v3jJZ4<sv@quLsi88-Dpz8qLV^k5=b*?>v~kgf=4_f
zb=;s3s3<!uU)RJ>Iw32jg9@`|5J1QR1wf}5qpP8{C!v0-Kg9wUJEPfsgydsZPHOc4
z=uc|NG*#72Q*0knlLo-s?0E}KnsFMkzq~J5IcZW47@_ntE$!8c0{xu9nKN}gQS-J<
zu$|dqydH9!Og?-{J!g9J-flc%>a8ktZ||Kl=5<Sw0B$GnO2Nq^Ru1ZoGPt!;;nwMd
zDgRtZ_{|(lM}7Df@QXSH@LNkQ9A|fg-~3t~<^|s$O8c5j9r~ju36a{O#FnodS5F85
zqoj*+txpSs|I<FDhS*bQ2mvr7bmiYp;e|snPa*QetAzB6KQG@QvAomNiF!7VIZ^W1
zQkDah{yb9qIk}WoIMEbj?>wV|ls#wBV2P4))-!FUy7#>AEMAFP`-4^65r-JN5J*_m
z$;uh#N==y)c}j?|$IamT^9e%I_?41ea|v>|%lAr{`2D|Y6e8aT2aArP0`;v?chkN)
zi`UIwq-{#i8lW*@jk@f)7Y)#OSo`^zi$-Wr$NH`{M#ozAUSJdYw2CFw*Y}<ge8IJ~
z><ida0VCsbXNu(QYqSL9@p<yyG9mGW>Egv&M+<@vrkm)$u_^pA{*+<m{?+Qrr3;9w
zINZ@GT&w7rMdL7kr=t$R8;MMAKq)HOwsRTPvJ;}Q#$JXrg^9Qf)n0n4gPNsfYg^n@
zrsIzEhy{Xw9#)^vbY_r3I`T;PD4+NCZI4xc{iatCBx>F%^s6*y2Jbu92`#6Q61Ns9
zXe7v__G&2JCsrX@%nB+*o>8SG=&wM^mDlN%>lWAZzGNVyb?M?ofPleexTZS^fQ?{!
zx)J=f=(FeqlA4{4`)B#hMI;pkP0UzrWWwsYql8GxI*ig)oyHT1%l}r0+~69n?+f~H
z;c9J`75_G|Y{RRBNWZT`A#?b&flx7RvD9V_9+E&aTg54zXu7!lPa}EmI)CdmIc`R&
zWk(25P88Z|NB?5Bn*5)ugv4(SLHPRznYxQJb@$})y7NJSoeiSKatnd|*bzdc+||r+
z1(q1uTDyp|1kwx2j4!ltj0|$-7-FK;UkZ_X02v*vy+u)-YuuuM{Rug)1krgUS0Qpu
zNo@)pkXMUB51gaz*HQ{Cyak1x9%O`5tp(qI3^ddZFeRexMJ%D25J(6wvU1XzyD<M*
z6w{H>9&s%wDN5D%(786N8-gyZjk2~kqk!LzqLMoGCtdkfjU2{0<D{K`qU4Q}JD1=A
z*44DtW~6ZG7y1zSFGz5SnP%=bP2lN6gh*enLAJUin|jm08EkLj^ZMwggwoGwrfMKr
zbCg?LC!an6P=4wt1FzJ&iw;+Lam}q)@bk^6{<~sAq*JSrp~uQVbkh7)3X$(VQ;!<D
z|F3%0(20(9)sW+&VT$SEWjaf=n*HEfl)1&V5Kn>0b{=fnxlgO-5DClI>MQ2GKOH6n
zOlRNH!;ELroEdb|b<cnNfvk{0XI$qH$mGNI=*xn^CIF_J02oJyPb%O8Z%1+5Apg`F
zhZY-@kCqaWE?#zv2hzndTyt%5r!Zhk?{br+%gu<HuVbWV|5iw?2+$oDOu9#>z`cVF
zx>;X=nH1$G4&hny1uG4VGKW4izo^kdCUtVgQh7wh{hfbmHq6*sTc+!&uPq)~qgMvX
zlm7u?PB>JIyKOVt<8Is1<{ZcSJ^+h1;ScumG4}Em`qJB~3CF>$0r@#Jj1%#4=7in4
z*crFm%1OeVCb7f&j$7*5CABfU;$|!|u-HJr{itHOT>JZlW+@eE`hK`_YaX3%CNYnx
z16vUxQtDqQWqvq^dB?tjs}`7+SO_G%-=3X8VWCdAe1Y*!X=(2Nsd4<_enO<}x!|M8
z&z0i*@zul<e2S^H8i#RzZ;+ug1gC62NQm@WuA(Amojm-sO0BglA+~2{q~M!P_QwNg
zn#RiekTg0RRApsp2ZO9EtBVH%iwsFOabG=F**n*7jms}?CN7fp5h7*%iSo8dshO$c
zq)%2cROw9ZIL4O8WGBpevp(^!(~Troi=_`%GlPz*#NY~5C6=6_f~h85ECs3L77x3{
zDgjeAR$KY^A|v7WC_m@%rqqI|wg>^++zxO>r`(0WO%(Wkn*_ft<A2~0Pj^^3lnZd{
z=N`HaaVnO%1-fJV6&@<?LLG<;2SeyFN-ABe2?=IuBoSXIpJ55&KK(^Mns}zEx_NS~
zk?JR`mzSSnL2&8r-&u592jwIzl>f}<Fy-ORsB3x3NPPZ8Y2ga?8A#Du5r0Eee4QyO
zekWy^MSs9S3;F7yTNBCiH<K7G_W&Jl+z%q|(e1j38@=7iNl$b&iMZ@Rw-Rq(-Hali
z-DhO)U%;tdD}OD)6#DL0S?P<m`k<v^NIPfA;QEz|J_6ZGi1fnB+IG$}IN<DkxWBUv
z$%(G{>upv}dfv$@WvF63H-uQ%_#*hCnVTa+bMxO7H<Jiw2bub)#|nO>!oXo;eo{H?
z*R!gT4Mw!V%x3ZsE6q?seQQM>LLG;My5UnG)a6Z)Pz~0&KT#_G$v~)u^%JUj`)2kY
z<fOqr>YVg+6P1&$8aU~FiICtqZOHgSd3-e?(yHIs5<%@#%)NLJ4R41)&7hNwsE1zZ
z_RmlpLQb9q0={&evh6HJk!*)R?#p2ZjnK!s1$Fo&`(}J{15Eyu^gWDNr0cD9Dv|fX
zS>h}TAQW@)g#tuHshq1LM|GDh5hT%gilk3fpF--qT!&ZNNId8eCHNa?`yqnZfcN&b
zV>ls-0#P1Yd}}%Ia)xPry-e$CvJ;WD<OhB5f=Crvi|snHzBs7q(!ClN%0E^9-$B3y
z5ST!__!#OijCDrU_FO}Fiw8~oUppRrh3fwmsQ6q*2?~>c(d)AGn{e=oU0^dly$v=C
zv#0^sn%9e&7B$gMNkvIbo8r-^DBSyctpUdcAI_kiKVai-b!I8V*wePF9K7L2orB@d
z<jcsv;R}I(&o{Di2DCu_&maD8w9JN`x+ws9KfVwlW5DID=be9vkl-P0I`M__+t&yQ
zPR~#YFuqXEhNw`PN8CZ}6OS`i;(lfkKPrI5ZF1v(2$4ShULnD6;ln<ZTK=d}LGsJ;
zS|CZP0FYe#2tabMp_MaQF8)NR(=rVtW;+K~9MT4quU`c8&)9)3Ll3N+GiP-}>Q8Kg
z#CQoK*h`+he4oDb{u0h{tHNm?F+~P04KCN_6kjMWtsx|s3(I?uF0V)-MEc_=q~T>J
zq5BJ4fb^<%S~=;nCOYX&vKvV6!^S4ki-_R3V6P#x-%Q%?tbgGlJUPT9C`OnB#mTLN
z1fLqBzKAcBe*+3sx7DH`wbTHI#~&y7r`Y8$(bc*S=bl36eyp)R_pS{MbKl>{H201+
zjte#(NQY`k=e_~1ekUB?3|(E?VdbO+hOV+Aw5}Y|yR0h*cGdc3Y!{p|unrBof^F%L
zSGU|6T<6Vl^&xZIXbU0I(QgzITnI25LwmjcFHHNp2by|qMZbHJcJ|eBwtFk5Q}gD-
z<wzrm#UYMv#x>B7Zlb)CUTj!Hf`u74uHhg?nlsK7bcHtU%Qu5^KqQ^`TD=f(83eW-
zUfGx~UiOHm<>*6%1iy#nj-}IXay`V<4mPPXwIX{B39cIwdTNh`o?7PSP@&Yk;JZLJ
z9YTN9X)__gFQG-Jo6BQ^L_E8R5UJ}Ac-6i89zrC?4+#2F<~Ailh*j|0Uj6_i&v=`5
z4rVfwJWIbu(H2){iPTq-2W|z)_2dUuJiUS5Pat7<W0TAC;4+2C_RF^>qCI9#e#}Ig
zZ8m99%rs|=)MzOS^2kd;ekRP`g3`>@7^PXRor=190GSD6*-IyT8K5t{TdW+n3R06K
z>}IyA$LWyDzhlRU)Uv9b8>;y=W*uXPZ!s^;HakNHA%wX77TD=rSVTy06qtv1QhM^#
z5F+`PC?q%le(Xkne4xfaqkWdBG}^xcBi%igC`5jx5;xRin9yfC*jR4KV3Zgf#Bhv(
zES(1!og2nN9~74dmMH4RXZ(5U<jPv)L*0)uSmF?OpJrsFj~A<xymEz*U_Q`eXWHy(
zg^=Jk1369}qty1E)$@09BF69y0#X{VSRwM~6<By9LrP==WXPRQV_RJjNbP9b7Z`M!
z(uYIUA$KK$cYsz(xP`B^b)x~{HQ&@i_?;1T5FV>#@Pgiq2;Ym*Rq5rg6e921PeD+I
z69TGsgF!LC$hjeyyw}Fi%V`ZT7;=l{+}HqQ{!9Uqd5Rs$ykP^%18o#Su=vZsouLPr
zG*DF`A!hc)2E-7xm5oO`@Kndze(|U9;%#~u9^8nLwl6_X2=X%dnnEd(8y1gv0)#@a
z8zr@XZA23Yo2-hnax7xfaW0VUfCk{zq42PN!{Q|@Dx8Tm3gfW&7_bD=zA<tl-;hEt
z^nQ(^ZW=dRuadF4SdZo$2;y3|SOw$OcZ0FbP*ac(81w0RCe#lg?+6X~+t(8kEQJ<b
zXeZWcLW2M3jCZLjbf+7E1yVzIx@%ns_4a{PS8wTJS#ZK&j*}`ZHN+Kk+d^r$n}P4y
zb)l!#Kx6%zeH~xV*Am#D&2RDb<+Y)|?r(Bu>ihclwYpmvg4A7q0~bXq$nS4|t`PY@
z#U>$riV5kwe(~3W<IFPkaf-7cYe7OU_G31e_5Wk6;>*jrU0V7Dd%|S77(9uQI)1MH
z{MijQ8Zd%UD;VOQ-OR%R{gs|3gw8NH33O0*qcoCN=Mf_0#9FA_rsRDX`ebHOjeyb0
z8O}J~`#a{^%6>=F_+vriPYSbgu#-e#-Fc{5fUMtQ+yrqjZiQ_zyuLNn8G}<};ZNA@
zF>r9N)0!L&W|}u?gj-;-e2s|)<W@%@QzpAfm*$L>wtc3BYCO(Z`A%}PXxE`3rfAn=
zrroCxPu=X(gE#q9pKpV8gao4iFI_3F+EJ(TqR#e>uOaT_{-8t0Ivvsv;TX<wPyyR-
zmqFziBL<smM+}+`Hk$mkrm^Yd&6aXC!?YArA9CQPpI*Mnr~2>~;62z-r7PSL##X3Z
zk1pB&@64gfA$5(%b0-K1w$eeo>Pj6UnDxANYb<*x$4ON;6n!{Gq-gxRf=|>|<~Yhr
zLE!Czw~@C?K4k}Ie0f;|VDDAh@R@4ktU6>^O>oLk#t5$9q*}VnaQ`bv@m%T=FS*6T
z>0%9TBT$Ati+i^k*Rt>c<ynm(>-5JY!>-V$JA%Ih7{`THBJciPJ3=X2&72_btlMv)
zTRb42Sxv}1*9bwpsFgSquM4x!eG953Wyo7r&f}j9iG@=k$A_DrRxp{Ln#VUwa|-mI
zk@TM_^q*JwW?ttU%;>@UD&WlajmG@jM<9PwbZ&%|d-(D2uUO__$nOWiN!NIm_t7;{
zfHWF@R|ekv^gksCepjj>hC2nnD-kU}zY7ks+CBc~V?F)}F&@9m;R!qq)d3wIv0PfT
zkVR;~i-nA|e{HhR*{El99|0F4p+}G!XgTy<K@Ml-*yRU9y{_*YtFg-h<8kKV#>RSG
z%NwgF!P+%cd&1M!f7z{SVp*)`1;LhO@GF#vJkhoW>bST4l#1q_rCuxNPC5tYzPqmU
zS~+&|`yo5Wr6=9sy}j(1^>fRon3}0?V~(TT*wb#zFPNTG!+XE6)XEF@QZsgIC?}7l
zh1-mX8EiA9bWTOQcti!Pt{e0zhW?WXC#^kVZzugDmi}XxUx!ed*8b*=)7APq*#72?
z+t=uMAaCAYmXurdEB~z+>wAZ6C(l#Vymav1{PJ1Fa6icOUVfy`ck<ol`XK$MVAO@D
zKhKN5rsuaD{|Uu>mecN`NIPL7Knw4E9;!I@k3uh3!`#D-0CUU244BjL@AAI{`M7gx
zNcN}F_Ju6X-B_OERzpF+w^&{{fB*I_|8R$}_E<-u;ZC8VNO*jwm@g#l%-SIMZRu}<
z1F-t41qA5rA1S2t7us*_@6?apE8WcceaTUAq;!^+kHoOvd7t8`oLB+wHwej*+h=QZ
z{u(5$s^Yyb*f5LIiG@h#uiBB$si>bkPw<C3JxP_kw>#vO?K&x!vdsqGI}P%SMIM@M
z<vdA(T@csu^YhY^JWf0B+hOB4ZyxV0uyNe1=`kEH+9Em5HEV{G{@pDSt3C++j3{?<
zrZbB7VWo&vhZ}s+q)n;(f_$j+w;(Uoo1fK4$f+W{ZyqZb;o?_jIb+iJm8mh}#XQ-X
zCg$ZFZ;&ThbB;Ag+>||4@b`AQuI0t>zQ!=r8$#-}{21PMx(VgVET_P)+>}#g;k~Jm
z9G6pN<-K1<a-5$}^GCRnHf8q^a;h!7H(=v9er2A(|Fl!uw*c>JOt-<JOJ-TsJkuV3
zSNES31WqUKEris2EuEgEhwVBvk{Td1;u~<>tXC-nerlpaV`h^&&{*}apz*=KgT^!+
z8re;Z&=^!38qJ~@GzLT&pm7&Mqas3w#-{lQjgv?M2i~x9hWgN5<5#KhDB(iE!_DB~
z(%^Biu?~-L1`jvfpGnGy;(b4>WkT?_L@I?zRuqMZ3X8cWSnw-fi4ia4Nmj8c=U9V0
z*_v~_LE_r%sr<@Ksn-f(c;CHn|EjlB2S#t60Rtd0glCW##@D8ctX3)%)_n-cty>|#
zt;VBJ<<e^lp)OWI&Q6P}nmo=pjRQTeYaH0d$~Z8}iX1o|sccSE1m(c2M%V{bbI;kM
z^_JyK6q3rIw}hIRT5r28w6_}Gy9JU=R!GfRZ;cwNz3s86Y8Om^zltn)lN=T1S&RPW
z81#`-WKokSXsv$JeiCzNE2-TAJth55kVfw>$)YOhuc4o1^attEe7)gE*zkhZ5UV-a
zjx?s;)H2MInNw-uxcEF__6BMpnNo76!W``W=NvgTg!l2+36X|;$Yk%wjhXC~D-3zp
zSo?}2rT^gfGn{t+fcE|op+xd`g5Q=q14MH73n-F5oTre|Pv$|wO24bUe{gM)%zK}s
z@_r-I1HUqlF7$8(A*(HnH1g&vMBWMsS=IN8stxaFEl`N;uU6m7l~mWQ%#-`n81-qI
z(;-E?$ILGI%WJHj-{rXqksDWNb>~jf=VGnSy0n`<_to^gw4OdU(Vu^%&l&pjV*31)
z_MDz{BiruH<9&@Gu1u|gGvEkI)pND0N8UbE047Nuf8>VOtelIVpD!faM!iOfG%wA5
zf%h$sVAj==2(+%IexP9Pd5=GG9{onl=e-|A;9cT5W$X{{0wbIp6i%OFK5;aALC}bM
zg+R39hDEo0(HQVLQE^b)ml@4q{(7CW@NckyUlIH+f&TFvn!#z#DXJYjUbTZq3Vv5C
z#B2q>D@G8@p{N+%$j1AjsnS+IR77y++-StV{V*2t`1Lxap(ajkVupGqPX`o|8wlgL
z)ol_vZk`Z`>`IM*K+3dA3n!&mYse~~<*PRc@%Sf1rTb0^0h_y$wuwxtv~cXYAwOu-
zs>YC)B=WKLR?fo@$`b;%a}^f)=O&hEIe)s9b7cyF=(!aZus6yrEMPJJ1BHxSUGe~y
zs`%=Ph07Jg;Fjr`3JWLwZc*p)j8->s`gCBB+>6K{FVKa|qYH5*a-4iGtFOA1($P3A
zKW^@P+9E5FonM_Nz4n0u^$<H;f%dtd(D(n)_ZMpjnWxd+;;LG7_vX7g-3_v-bmy6_
z(cSS^bh;ZC&gd?a6|T7Qo=$g;>5T6Bhcmh(><@3xDneFU8Qp#HfkNai)p)c%>^+6(
ztgl=p1XQ%|?rVfd`EyYgc{^VtL_U4hP#;08kT%UVe%kB0`sv$LjQQ11r(Y*TzFp0;
zp1Xv?Wo#11$p?(~t_B}}ZTL*|>+ty^9N@#xUneBnHopvTvG3%4e}plx{D^fVq{DL=
zSO6a1gfV!GSK-mMiV!&pbD<03eNO4n9BN}Wak|Bgf<NKW<#>}@Y~pn1oVP%&g6aUa
zU`Lr!d2fP3plZW=Z*y9`4l18VLOwr_f09%1__LfDnAOD(3^>*K9CJx2V}g@Pc@|w)
z#>wc=G8RWSm+?M01P@(Q3ow);tH#U$R+XQFoYV;ieq`6shdZQx0l-35bKq{e7CPa%
z!?9(-a=m3cW6KP!We;q*V42?X;=6{HBej-RZ26&K^a5kc@mk9ws6UX<%`o~RW6LR8
z%OA1j8biw$jV+(kT6(eNFhfhXvE?gT%hA~KUPH@HtYx$+Otr>6vGM2M>y0n@4UOj*
z8*|uLHZ<PI8aq_+tu@|_{-+Sgbf$X5<APZ33E0+L0&!OUs+E(rV7U<SdxenIe?P!+
za`)>x|K(DeUOk)g(fiee%*$OypZ}oGv*Gy%`kYUnpQq2j4E^|(*LdHHRakyje48rY
z$P-ys4icMU{SUp}dRC@(0=CPg?Y_RQ)pOk;jr75bFSD%F(GpKxGVpWmB0BzMkbhN>
z-=Rc`#rDs$_IZ~GDcuhPrtvE;@xF;SaKH<1DMa?%AjBQ;IOE(o8-$!Qse-uO&8J<#
zZRo(DI3cG%aOE6J75IKt@~KPsWxf|i;MoXMFB6jcKRS^p3WzDd@B5`Mu$BBGw(516
zkkTT4C7;HxjF8t|3O(-Up~ijnGWIyoi?||mz%S{5J?VfIl{l@t+3Rz3q@(;Fd>a2p
zggo*RA-VshjX$Me+EQt{U#sS|-%+cc>>7}86?$6#AE80?^%vCopqbR!+R6K>jQMr7
z=)kvOwL>~rG1I^GibW3$U^pO+rBLvlDOc-vIHVyyNJj6Fca;-DU$2IHE53<_Hg~CQ
z(#r{9uKn*f2_1Ya_-)N!05zO*8r5*APa!z?H0)S9;8ln`0XhsBOW?hOsNwpXTCYV2
zBs_c0!buko=mnf^D`%A{&edS2;d6{StSM9<$g}XirwJia!P`uSjiVOBG-9Ohk168*
z1pQw@$UF^S*J_nvID>ACj<3DYAo`K#{~f-B`tUXRQvLY)@v>fT<*OW4Z{_35CVYKW
zrnh-rZ4)T_*Z7+F9N=sBNyJyOSH)K^99-&_qY%00<^L0WtvPGqBv+A+ud++E@Rj-2
zP4LzFt$OjLviC(wO#YV6oRZY^K;O9Zz{7$^EO7H_RdVhHLec|i8s~e&eBk_FE)b&f
z?22;g%3xPN8-8DMfe>k-k9ls1Fl$@PvjCwo86nh$!lT0_LZoNah9BZ-kBVu~a3gDY
z;Z23eubeX!w>VadsCHU3A%KR_8s^SA+>mzNm#3z%(da1OqNZ!o2<a~*r1%R4LW;kJ
zg$I0LD2#!fADhkCx$HW{W|ouE$9|VT&Dq`s#R%$B$e)7WmWs>z<v3gan+nO<PD($o
z`=R<(PU$A-9!h(7#1bKp@PlOGq`UU%X(75&+@4^%sh`(K4lYIx*>6fsyo?mG2%)3O
zUG-uiSx*}Zg*;|}W7ZHIhS_)0{u9cW9VzDXzAqR^(wuh5GmCMI|AsnKE1ju#uR7E0
zHS)O|gh+4ZFk~OWN-~X}0jLy}AXLI;D@0yT8;(*N+Q2on9iIvfe_{;}&QgecR<9|P
z^&i739`%SNY9f!U!LSObo!L_mXE+_wwDWiq-67^<$;{R@1QTv}-(aY<VL8*35(_7-
z*`u(^gxPE4H8q4t!8h65e!*g_{cvtA*xdTixqVb)tp7a1HQY7KEnanHy2TqFv3%H2
zVfMLK>{zo;@F#R%V&zcw88%7oZ-hBt^3$o2{xfX3*p7cqC1qrz&#at~Bsh3qOe5H6
zy7;M;gX$tt5cFz*MF?8E#RkyVf5O<V#tWbzZJ$6l3BP`-X8CQyLpPtO-Bg9_#vjhQ
zX^UklhC(+fV?R}sH@yQT?NT06yE)r3R5u%Jted}ZQB81BwolbXt%q6<Dd#?6-Lz{J
zs+)kFb+e%<bhB|OEb7Nk)I}|63*9VGyBXU)R5$r5Y=W4P>UHQQdc-Gc#>T@Pp_@Kx
zH!00Rb#r%9*3FNYn)d<dCX)L^UDUwapqrA9SvM<h3)RiHEm$|LF-7u)C73_*V|6wq
z*v&k(n>V_I>gGU8)=g9==;k}<CUVHf>TG;npqnJMn}9P^H*MRoZuUc_SKCCK&Gm)q
zY*uxJZcZ#@-IU)Es+;RPcH=9%9j{b4q@o#$ejTY_d~tkn{CO=Yi))QVJ%Ch*d8^{X
zAk%qPV|M7T%4$jr)C)>R7G^bq^zz;@R&(K)r>!BX(m1p#3RA5&EkpAR^j1tehihn7
zC>%rCH%+WG7LGCGH<uD$QwS`1F16i}&BMR28cK5_o??upfr?}3M0$>0WaT_b3h!+J
zG?3z%V&&XPZ`k?yc|y`mI~8NG{QPy^Jl^|d6OQv1^4^bO_u-8gju&s|Id0ZW`WFXG
zJR(X+9u~#>9>t>g4#A)85RxvW@(T*I4Tu5?$Qr`?lB^upk6$?`hF>`|CQaNV*5pan
z)Vwll&annLXBwm?Uf_MvR*rLBTN}gs+T6u)>Ha|iM&K)Y(%EJU{L0E4V&T1&_i<bf
zvGU%-4{)5zpOofr<w~mNePHy#2E@JXAgJmQcf=P%{JrlCa1Q2UjePGjcVlUy<rb*h
z8?<s9C*KtgrePYwdFOP6$WyesB2pfG?y1JJQr3O}_smw{b%b9(vT{;Ws>WEBr@}}e
zKBP3v^T$pToKNPs+{0nUOhF^VSzQCDTrk$@kcLiYIi2LWimCoW3BJEqd;hv(u5W_x
zTWIfRn%_enX1jFx6?|`(XPDoY!%->^RT<KD)+ok9tqA#yv0g%jq21T!c0b-Q<ljAN
zX!p9g-BM$JN2T$vC`4BDx~CcR`EFJx0Fc(FwWilvEUH8BPj)pDd=JR$-Sfpy7{TA!
z1e2`Ax|2pAxev25O8==1Qu;S-G)jLZPNnqa@j%;ALUO+--uEtOoe_-EFCnE@6Mn(E
zRPTP3(w}T;qVz3dP2O3g^b<(wmw4YpEmcadzTZgcMfa<eUJaDqJeg5?_dX^{52G3-
zr_#cE2REjaUZ_+0$ms@3&$d%g+Fr)ez|o2(F$zDe1HgVJ05(DZ_WGCsFry=GC&jvx
zUPb_Bs{m}(4guJ-od&?4;#B~yyvGQ@^)3Dd06%YWYXH95LIvOj69Bi@0^oDK7y!HW
zHUY3#3l)Gbcc=xx*00n7;D&4fptpGojthqAaYzPC-zRl|S<>DJ%rouPIydjMgc@xh
zPPB5ocTp>jbLIT)gmWnnnCH_Zv>?l*j8_#R-&>{eLu$4{<jEDRzNRKw`o$AhFr3Pi
z9buu;ka<MK5bp>?UOi;t(!?@g%YN}h2&4=uws6RximZ@y-!+eVdN_vn9<L;%Up$d_
zR1z|Io^<_H@EYZHS5-N<`4f<XTiypbxb=N2Cq>A*9E`NpCkLbGoOhb!U<Og+V+hy4
zM|I%Z%>>u7c3?cDPXPO@;{>YB@YWGOKhK?10mU|8%QHLDlbq6Ff|cWaZ#SR_FG75L
z-vAVWZ$*UR02dqnt-8a1WYVf*Vkk0az-aXUShl-5EDDhP<9Lc>Aqw@$&o8U>)#c7A
zHQaEZ8v3oJHfXcDgC=)34$5`M{-R#SEWuRMddK!qyBtW(vf0-udGhaN-pz6GM6x}v
zZ>ByLrw#S>f;vN0#~HJ(u8spM;nDF{Or#0<9Fr;`E#&OSC@h5s5NwGUO$&326xD(l
z2EEO^jUu1)i!T%cY0l?7;z=QAhBJ{%7b_vEozBWBr;B^i@ieU<h*O=Zysx`O%?_FA
zjB`_2?fZ;ccuDK|fGtT)3)!Pc$XSmm9t~-fe`(7qANmtE%(p^K7{dyi-)?k%Hh0Cd
zSdhuFLMyTu+sRO5u^mg1xz6p6pr#w-eT~1J<J@8dG#K2*Y!nuCz+|-^f7jASsrWp`
zdnZy-@h1$0=L@`V+Z|}H+J!*B7(r~{_V=|z!#HY%(-u#6LxF2|2l~dOi+kLnB#8a(
zLQZ}ZLXi@;o%il#S0*#4Kbq(f%Q4S$21{S&J3-(3DQNvuov9visxvNKR6OD&XJWco
zAi1;H8DB`e!ZJ?w5d5~-NA;}FTT|H?W)Bq7>iQz)=!%2$$Y{JS?nRqi_xNWxM;hwM
z^s~b!KxPR&7nqakR^5R~=P8a^Ifd1CP}Z5mSZb2SQq|OPOYS;m9A&BV(aaRebVf-d
zvsl6~mSS~hHx^&#y;3{8?L`gre!laVH<gN47wuiF#t!~?N$Y_3Ht%jc`pLWnplMA?
zZMbaA>-gn=>6$vMTY&kP1@VX}GjVGp>weT4eV81{BL8&(;+ZKQF97-Z>boF6UwhZe
zN%<#r`KfUA$<KeN{46%f&!}pxjy92^o>hpv;UcR;1Ps6Y!#WJ#u$`%bXj>3m${5)5
z^CYKi9itr?Ic9}-2k0-}-Bui=_ytv{iS1Mg^ivCti@yeN_7$h{^YbO&^VF1va9zst
zRKEGUel=gsUwy_nof~b9)A_os4zI#;fEV@f_DxlY+~yKIN4m%0k@^^S(vEDqw~+Vk
zxJrnSJk=S4Tb+6IQ7mKU@QL)wG+h|BPk|yJk+@zVxo7ccZN1~EiAB5Ny~ChPM7ebS
zd3HBUT+e$4wglNNF1t(!RUF-tDOL)@7`_Ur--!T;Fy;p}l9IvqTNlQ0lsvJ>UdCS7
z)c<|As+k`@fi&vq7hfz-t<>tsBVM0)uMS>+HYuuXaQ`9~jJBd=6ycE3Cd8GHZ2N5#
zMd}w&ULbV}bTF+w9xKD*r0pq6JtASnw9oV2>Mkn2-)@28P78wm0XA4aLkzSXWG;?&
z6<cbbXC>0Y=NJiz|EWYsM)cNU=n5VU<GA?q@-H>8zeS`(ihXybW*5cM=gM-`9%(io
z=<Cf7Lef|A?MASi?yA$*+%iJu@hgku2cVYR-4@<=<|5{O%YRxS@_~zl%u^e`dma;A
z{rwbfIbFCwh+JVjhf1U`*t;$CU9mz)eDORMW0=<*Q74XdPC?1IIAE5H@h0@8#Hh7=
z)0}a<_g6$389|ZeZeu{2*uj9b867x|oq{poZS(Ca-n=bq;caPRZM<znye&Flz?*-Z
zLzC}0*9q^tgAgKFr?Jpw@B29JFF5<b6GHss92Lc-MgD&6{lkoL==DO<&aAb9-}dGR
zkb9T6V2E?f(+VkFVQ!A`?)7+%^`H1+if4r54X6Q<=A0sqbxwsneA#u44GR2`bDd=G
zmL@;L=63u2Y;L8i{o@>^$Lk%ZK=9k7;V`pNY-Vf!qma_yLN8=t=?*n+a1{CV!>1U(
z%6Hr_`R{NsC5kq(OVggxDv)G4?ec-^Ci=;EN+I$i=Ty2*dLQWe;dvqH`fsD2@eRY&
zx33SUV&Q}kNce511ydJe_yG^`?3ktyWHT)sQ7eOS-et2r9zC~?oSE6$SPZFeYc<(;
zvhBh!N}ln}fL6!Q2cOr$f^_acmNQ2B{AoNHTF}NMA45m%3T4kZquw3-9_Y>6e1N4c
zJ}W29J*4W*?CGI(=Jgbg%jLq2Ydmzxj324!NrlL5OSL%9djR(nb3?*?M;jxbPH&^j
zlb>af7XY`z@794^+qOoy#bK$PnVDF+CkD<;2V3gET%1XP`DH7Pa|be=F+#GfVJ1fQ
z6M3K9Uc=C3vCc^Q+v$a+>GR@t7_y831u(spRu}6*7-On~nVmwiZRt=7+}C5M;h)O;
zzUrin6IOSeJ{`>!w^ATrkRlINcVK5YV}+zj-utZsNJ1D&NupP0z4F$|cUY%bc}u{t
z^bwxwV)ChPGb$kJe#P+KWx69Z<()cHY+#c9eh3*y&Kg=<Dc*oeWVZheq43z+!609y
zE(ZBp+@+3EEa|4s>3AD78Ak7>+6{cPiaWGqt}EMU(_C8@l56ikNMfH0?_i}bQ1}mO
z50kUP<f=OxCihZT!{nao%7ni_9Rjtq-mkIR6uPu$;%cljPWr8oIRQD9MBK=G+sCTq
zjQ(k-&Gdh7*O}=~r?GI~>lm^h@Q#&BPddtbuX0+*=tVm?<S(lsqd`qEWHg{D$GK*`
z7Q^x4Z{4-%(K_nQ`X7pNCl83?eSbBjPeUDU{~(8uw54v$sEY8ukD5Zv=%E-09Hoit
z(!|YqXRUcM1dWb2NZi8vUZ8`)+4gC70G~i$ztb*X6EK40zMJFH{R0Gk<rX;5-6@V8
z=uWzq<NUnKAD6V9_ubbNBSu-BAzG9V5flg*oq0mLoXYzmo2n(>;Jx4DjB<$wGKQr=
zYUrG`a3wWEK!<FGGgcZoQLpnB!+YQCYLIzU63Uq+n%txI$+~hw{S>fMx}8HirQ_oY
zk=vg$*Nb`o9gve}-vBvT`i7O0Chyn%i@lcm{EM_c9G7b|$;zM4Yv-5L$k_K26*Z*z
zMqT=d=wM{Htzc62EcddIVwY%Eg4&%l2t$hLDt&ZqjP%i=u|^aR#Ht}h{~gAV;zIks
z2r0g32l5yZlg6)1k4X~?)5Ps{gNo^PN+9cEcposb{|!bU_B%1Cn8vT%;sO#G*n{I-
zKqJX_b6lFAPxH6xm$ZfVHL|O5#eOXzuE>Il>mIKYRD5;<MrD_k5&}hy<mIIX|1Dzz
zwK`8}`d<V+v~EsFJv6VC5zxI_>3ZndleP3)<#>h2ze}3^EYatuN{xPE&$sGeGRmaq
z_hJdUZRtjR^=va;UtLb8;wgxR>Z9pa&K;nhl<&MQPK2B~gZ$dYtg0g0pa6*xk}mMx
zvn@1LH6ObFJz7^))gDUUkH+x6869=M$XjQKp(cuSf^fG*rt5)2!Ef8=0Vk0C5(}qa
zv)h7($!bACb{dg6XL3i5;}@($iC@-~;(MLoPq-b271Nw?wN=>Yj>h3fbqpOp9Na)t
zX#E=?)?RoVs=Uxqk9E|-hf$^)GEk5N?vFr>Bd3T+#beRLii@dhV(FIEr4t6e=6z+S
z2$91s6Ee?L;B~5(CXqxRm220huyeYs>K9LByP>|5;7_UYg8Ui%8pxk9uUR?iOrb7+
zW<v3VQ1WLll|Q^m{=~`Zxk!KH;74lv{pHmrzyDaZ+3%nAsP6Z_*8>PM`Vm01kZe2o
zuy)FMd8Fp|e-(*J{OSaQ-~VYO`u&T}ptpKYGRMhb7mWOK{>?gc*WG0AWnrntz{5uV
z*>B*VU+H|jP6$ERIzFuN&uHD$v(KtC2x)8PpRH|i(<=s#akbR=Clk8QZmn)!C);w}
z6hEV4c%Mh-pRTj(4Dp94{{9*sCD`UR@y|!@Tky})@yI`)w>R+5U%bjcXJ*yQKO;>1
z6I&1exa=DL+;2zh-!oq0pEjLT{wca8|7?8>>v8AZAVew~qYzinn#MRtqt)E0;VknW
zkppMU=Svg56R^@$j610U>2yt{iB5m6G}CF(7@bb7cLD)CBdBzmENFE4QWK3%A^)aW
zE~P(apwmfBkWTMEjdYp`@u@wg_>?^6yru_^jaG=9rum!AW&_`T@G|i2hc8<>>8>5X
zx9L8T)k;+_pC2}^H#8^rb#Yv7l8KWipVr2mLdUH*qmKLWEGs8vZGe$V=QFzp%9`A9
zR<nbo7so>bxzo|w`(cK0??~pj+(J`?v`o{dU(SN{ef1KoZ}Cf3P8ztq?)q&1VtqgN
z<+$9TruDsbO5eBkb*e=B?DbI!k(*Z<?K7~&R~GTUCyru7X*6xKv{aLGDOJ>Bo3tL6
zJAn}5&Uqt><GtJM>Y<BR*Z`5AWmcer_AnLBHKvROt1o(aHZ1bTY%3={wM|=O8+DOS
zvb^nwM=C^q{Cs^9xnml~<vwFt=jSI0k<L7dvuk#;zAtA|OzbmZV$w-9%(e^)l@Qoh
zl}6JkEIq*r<77HBBw-|mQZnR)XX@)eyf???9yRqJPG{y}Guv^JmB!gn32;e!-O5S)
zI(&H%58Gw*v$DJYZ>`ayB~e<m<jZkdv}9-KXvqgB2$2qs!%mw>ET=8v<LP2VoP~eu
zbVC(!Q|ySjXU<{1u17~GMDBYU&s<&{t|>|Hs&?9z#x5R1f$8E6c}W>8W<Z)1O5wz~
zlL$%}pJI|QFDYgT^U?@i!hjQ;Y-^lG<;r>?*>>O|lrTlSZ;~DXAH^czrK1fJW(bRb
zce{!bW*pUoAH%WAlp!;L^18eTl;?cW%1Py0>Qdf)2a#wWAFdGj+0y#(`yi#fXHAsn
zJdQNmjec2CN(fXQ$MuUGlmFS_-n{JBJz|Yo!52$wXAjp4thvPk-a81PV0%cFv%C9h
za`yAqnlkyYwHCsQk&ca0fPleob5XDP&DL0RZ_anDRITqarWft`npO3+W28-g>E7a;
zm)mh1@B0Uv)x2tG_NB4evmH2&_bzU#mN57NK1dli-O35cDgFCGETApwZI&VfHfg8Q
zH@;&~-LXuXHU`p*gRlNSFb#U<%z&NqNqy;mGwniB1@9edML5}|nWNb$Aqeck&qvr1
zA-nX&TJ}<{lk~1t4H~@G45{VtN-dXOb~B2{DHM+{gx6M}i1B{$L`QGGqp-rp)Lxvt
z8hL7+qDjA<a9;me2Qp9=6lh`lfsRbJohMsP)kjawscmUB(bJwIgh=g2<4EPFn7r6i
zf%Lh4C>2Y`v|%!&Uxun;sTtIyutmAlXlwt!H2Lw5CO;;O(&R^RX!$XO&ft?#ID;GY
z&V3k_b*D|T&OyH%&%T^^6uGfwAC5~Gue*ZQTH8;i@G3R`Up-ylSaEeV=nsbpk*<uy
zvEDyOh%^9{(>nR^F@)8Bho}ljJs2QAT1r7QEXv<E>RUVS{T<@dqwU|u@V*zom3+n_
z1X9lYVqt`rIoLpWU$#{VkL(u2jZ(=lg$Ta$@SgX*qYxr_hZ$*cJ@4Jond2xB9#2!L
z%e1Z+OsIeLl(wISBD!xlP*)66*Y<kV&JYToJtpu34iO^l9f9Ea^&p~RglR+TG;U}e
zJ4s0V`S@aa(K$k-uh=KOB{moy?J*2ChSF>U)5K%wU{gk5^3vBN5Qs>fzh*G%RO_3~
zacGgh@F<MJrwaZNF@k?UlpyXBc2x;UoA|laRL&>u<O3JMSs3AP=R{aM;#H4$-#SRf
zE)Ixt`}^DFxTApVIhoEl>FW%I@GCQ&aq^7|sJ!mW(3RH<4o!JI6QwJ!`&h9fNM0l_
zl?jO_l4pos`T9wy@Rm<0YS>^ZN4i_!Jj3fJF{gQ4hC<}$PpV}KS03bjjSiqrh^DVb
zUV?T=P+=MBdB>@TDed)q=VdGB@%MZU?gvpHV<8^$FXp|jXt>Ed@+S)?Z5@dA|3nAJ
z#TR<SGN3}YSRhRpst|3Hnojb<FQ^ZA?_BCu1m{zHH4Y)`%z|$0L7emPA$Z4PJ@{&i
zPpMaKicS$CEg8b@S!|)M`Fk3@#-EpegbPOd5$%5uG@_mQl&vZ7@3in<2ampBs^EV(
zM)3EI62$Got{Nff0zbDkV0{xGKo{|0hdU?SX-OAPctqz~M0?*Ta82b2hm8O~ScH>b
zGEgD%dzT53whW{`(w}|m_()B|>#lt~#TT%xcvRvB>NK+&Jkv0ADAm)_OL$E1W2Yn}
zk7Px;y3wI4z!I_rl2sAB{&!6TUr$j*@R6aK2<AeU?A%dAh}1e0S+Uz0oLv;1-NbZ#
zb}oH(aoX%EnzHmmFuV38gg|&jnm$M;=^tBYB>m<<14%!A0!eyYx<cgP)QtRaC^Get
z)2fy1+mGu_qHSK;U!RmXN2#uvNlH}jM<l(GVWhC*CsYcHqLy;s3`SwrlZ42dPpEm5
zN~9?sedSkMYrOnwQ=OL`=X7E4u}2jKcVDPaZZ@MT?3hVz4ukq9LlE-9Q9|O2<@>1)
z31r6!IU9wXl2n0DyDC@hBE*$*Jk=d|IW9dgLU8kGm)zn-dG{{5$kKH21mvW=f`^?T
z%5DITaY!ndi+XdM{2JAsw++FAjb{#MHpcaawLGlb&LALHKB5pg<qYEEJNnR^zDZio
z2cCkR{i%l?+QBq=;sGk><^E-a!0fKTG)w952YXXOn(9nV7fWz<Fk^Y+;rh@!?m>>r
zZ4*xI-+hEgQwL+#aJ$@@iivT95q<?IoTW%Qw|3?Ap`kNH!*LTDw(kW-N=sB3>D3h)
zBc=6G8EHX=#z?l%jP%xCLZt1e1>`9*^M4;!i2T-01J5^kSf{NvEkp49n5IUa=g)$j
zoc}aj4k~!w%1QrOuJ@1+PD+6^`3F@JABzMlh61hCEhTZ`p8B9Z%EfWH$tI>+x`z<y
z{2=5~Nx~$Bc0gacxL*)U1%JX_IL}U?W2QP&rQi>`nF8Xue+!)PZ_Bj&64a>iZf}D0
z*&&76aMiBh#W3yUP%TIYi&5pS6?8ysh}PKjih)gkDaC}W*93*gcbozqYfgDAXC}3J
z?uR>5{Tv?uNV_{H%pw<_WERC(XB_m8m1*)%qE*wvWYti1mYWn4)7=}lSndk`m|~c3
z?seMk$=!rVKQUz$M?pw{{|Bl`@N<uwaN!DWq&SSBgx`I4ee^t$((@S;J=YWxBK1ej
zA_w<qyxl3n=s&nmgv8(ErvQJCJ*(nR`MwtZ9*IW$UHQ(8ziAAA(^ULb)Qdmm0K5M`
zKq2yN7m!mX^~1A6uk0X1{;#aXy+V`c7D}EEQP}W>z#xmJz{J0vX5}RJ_c~n+Wen2q
zJC#9>1A}}?f!nbj29a}jA-*S>@O=iY*tQ1<kxqM5G1L!qW<rmt22XbX4+c-R3sma6
zA01xhX=o<>ZfqepqrPtEhH80@-%e1$dD0cUjxeNC`8g$|)cJ*(BVE%Fd=G6WL>>u|
z7~Avrsv_;1<(f#_tBJIAk7y!|4=vJu-ARaa{Sih=2kIljF?D@{>GaFB?8{3hjPkFa
zj-20{g^+*GG%?D*K@uS@eq~Y`zp|Cw2&xJsd^Z_zojcXaN#nlNyL-DC;(F9KDz4+2
z(D~I+Tsu`<GZgRNfpmASF9Oa*0aqX!&Ld?y9l*>-QveCli8OY=DVJbGIRwOJ?|>P$
z#u+;34FCE@pW&x$hJSpm&hT0zI>SYjoKtTpuDk3&vh30u{9M4Ov9T*?R&De5)hFHy
z`f^<EFq3%C-;R`2>_UL_+D3@HQc~@1!Jjbd30PIHr>&fH`fGhv3wT`B@uljjq=s~m
zEGnEz!v00*<KgXuNFTUSwQM`B&)OBdFO}nRyHQT>x?PjouY=t%E(T<F$0I1?n?FR&
z#4=a~#$5nFQgvTS=R^&{7y+iwVAD22q$oEM?0bidGf3`hV2<2J=u|$Ttxur(fzWO3
z+bIj_($9ttdW_qq`4h#w@8~fEduCsS$X}LHYX2iCjsK&S+<sGi*h_qf<8sH*i8P}V
z86~K)sLB{Zaf{`KZ<f#*m72(7&p(7n?FFonS+gD7(cnY6?ViYMwtIeGgY6!E2yOQ-
zUDOYOaxDoR9tYaE{V6LaZC;|&M&qVP8ygp^w9yS{qbVgop+5QB>mMZal)jA6%>sww
zApX4kJ5{M;2Ot(cKW@a?<0hO9q@X&p6#-qEsz$NSLe7qa|4f9bKRw0DNlgt?4`XEA
zNSpd^F!jb1`lD~jtS@b?Ysxz|hc@LeZNl|F5qiA?alIQ0jZ6IQA>$ICpi2zfii*{q
zO0CXvLZm+Z5jrmF@Wiu+i=cn^OUEBnh+KSu`hWeg3S(?B&STj_A?NV~&LgEz_4M9z
z>EL=e45)>Icws6+3`%Fegz;{09i?dxswUNA2aSvAOS$|`x`qe0)CJpZ^?>aLaEQut
zPt!hn&_1qjh9NN^0dJ+NeH5aGCK%(_V$1x^gh(}gs4qXiZyjHLh`!&sXtP@2?u$MO
zk*hD@qg{HRKBmKCLL^)uN@+FO%1M8IY1r3@M56lr3zevP0#VJNL^ZKKez<cp%lAV^
zn0^r*<TQTeS>E?H7~(8I&-YQw0X!)g!Mn>uD^n<p_HQCY>Xe2Q@#S%rKHe3)-KB!;
zQVP3Jo12J>mltoUWugwDAn#7Qn?t+X3BqHe{6G;Q(#cfjUSHo&h$}ci#W0AzEJyr#
z)=jZIYLodsF4es8=i`f|)D(r_4S+)0E*|RqB&?Wdu(Y08Y_Ov~Y)mb!RZzGqAqSgD
zj~H8wY7CZEgj(I_;R8tUyF(NF6eM`h4g^n})HGEs4?tJ;&wdu{Ox2EqxPkzVwmVqd
z9AL^^8R@y+3Q>I=fNZ*09fA@MZ>Ipu)L^@%#$W?o*uZF;x_F4FHoX<1I(wmM`)ocq
z<bGKt)icQokw3bKkEtH<8V1t_^<lCxC(pur-)w+4#XRCw`Q9zK)U;F`P_7_w>|NUp
z)B9kfk?x-FW2C!=CVOLeKC4fg3bF?az%^2<>#RD)G23v4GZAb<AK|^-AdmY$L=J2+
z!k4)kQdBa+ciPS2J9AqdZ|*$v=K5^YKypTMr6>dd@qPn#OeI}BArIM%dgRwcw3D7F
zB1FD$5~~uI(KiiK4TlZS8sRa|1dqlhc=QLzoeH7uC#YLUdgC@wq^L}~D+L92JGO<|
zw3k9;!d$9mY=(dCCqy22k`mQhl&J0sXXFaETsIg@jy>z^7?|g8W?<g?4<p8`-m10r
zZW3BsC1E$QwnnQ&yhxKanMn#!P2kW(+;syMIY5V1VNs+L>0*IAb(3Kc+t;$rztlLS
zB2gi#w`c5J-nCxkh&_o4k-eAMr#0HAf74H$+NbjW*0X~7RQmjMzb;$Ed-hNW&#D9A
zXV$YgU1^92om<@C3YOIl(p~J$aq_+`Y%<hV!pYoCCnJPdN5l0-GK+lBNM<cflyh_)
zA+A{`Qr&?!1m4T<Bg7qeBTkOkM<>6OPCm{!`JbWr@l+v@E%4s5y{Me!(|eIn9#2#E
zmgIL&85Ge+2?oG8cZUW{ChZ$|;$LhU+_6rDqJFc}=u)_XS87ACZwklB^Hf`anr#S0
z`F@3{23%-T%Y{-r35jD3nkH<KL61~LfTpQZ%V$}48{z-D3I6RVbf&B|HYlbZ>237)
zjI{{JR=p`Llrk}tdeYds)Mf0hKmDxDT0_)H3zwNz--fRKgH4QD;X>+lsSNNk!#NV7
zQ1YOShFoBa!_B$CJ`C56(qk^LH=%*;>}^&KGg;k6Mb6WU)l63FdEb#OD2LukP>8&1
zi<-eIb&-XW*1e-;uqu#OZ-MP*9+bxKCg}ArL9dmGdOPPaY|hZI*)BmLs^w(jiK}Y}
zk;WzJ{><|>V>IVxvN(5*aYC<};NQp8a^4!`kMzI*f%h)oNl1ENK%Bf}C;j<YsypzS
zz<cNHq+Iq|ocsp;Ik<&#!aYV#c$oGQTvmts?pZ@c-W3)*SJc?KM?48k;0l)48)RFU
zUthT9In^!K8*f=nh+8bDgWTSmaU#lkP>%8)`H-E?#jlK$Pwp_nW|YaY98YO;=4xYu
zYBl&GKVka4k;y}&GEGi1HIPgVMw+1BcC}&a13*EiJ}`yB#}&L<FI;AA3@wZbg2ur=
zHlaM#H25M@%S9$?{r{MI7w{;mvvGW8cS8~&oQ;6S`>Lx1QNP4$O$yarNaQRmH3~@T
zrA@_Bs#GFuAOgbT?j(%M)F`Obd#hE{w$iFVK_LMo;uTR4t1SUhXNZtUAmp-}^MB6!
zo|&E91f>1?J^x>yr!v`df6sf~^WG1?V~hoF_TrTe3SP<a7Ds!??RToNVSD-^K9+un
z@8E~{{Vldr`dnJZzU6Y-DUD#J_>yx|PU%}u+fM23Mm(iWg$ZW7+i0HB$9^YE`dPKM
zQ~Fw?eW{r#dwo+1P?o&G!P>&XdW9XVmGJxaUKn5gM$(lyIl>N3{MKzwdT%C+KH)|D
z^40IZLc})C+X`yVQ_ca0tELqgwK(AN1T%iVl_T^X-p!vziDCV3HuFAi-fR`Ulvd>1
zoQ!Kuo79CV7i@J3BslRgYS%;3Mn73oVAQ|I<)0sjY0kuH-g!1mvsg^?b`JYVTa#{N
zX-j<#9^=b6dKR?$*8}J$k_R^(@Pe@--BXybZeiee`@YSzO(?#IR0j92u%|NMGaRxp
z#fGszsCFYnQgHEY&XoA!&OX{}pO>r?qPXpB8MD{H8VYd@XFMQFg6#737g*Zo0ex$q
zuUyC2v^xJ3|BV5)J^3C~<l7<|+t?~gl3rPWPStB&)@uoV^(_cRIUAFqo^uwz!Q1t(
zFTtAU^b^T1VplpRIUqTxJ*1?cJqqm(c<M7_{f&_A%@s7Wz1^P)uXr?%cSzvbz7C`V
zmlyN24e<t4mlwLrbxBgN_$v~{`DNUVJ-syE?8%)4Jw0gl<jXovPp?R#r`47Rt@0od
zPrswS6ZA3UGVss{^+(l0D<oTM58V`qTqajd3aZESgO?^)^EmJa9-9?Z+pYW`puacs
ze>6JnfRHmRN1DGlB#Dl^wDAmwM53$VL8&c8C90nC_=M1(f1`&lO)#T`i8uj(`kUAF
zg8I!OH{)9q_+VFq2$=KFGaTrWuMYIm;<rO(bYzBnhC>RC4XQ2ruP%oNi}Ahs98+do
z(uDapAV>l;(ka_W^ywUdRS*X4G2>~?7t45q394b?T|h0xc_s52(8vOBo<x+-pt|2p
zV?(?UMGz>yK8q+1W=Rq)ZXnt?Na5no3&t*an?@RBK98(Gq*Rh&DI+tkIo%-<<?n!m
zlf^sZpJz(agxI}#6Jk}KKqONRMEc1Agm#%DB@^FYohkVf?t>j0;|{7puREyrP<0P0
za|dHVOzUw$mRa1MR&pK$Z1E*cP}?S`T_ie;A%(~fsvkm*PfjU3&@tN%?eKv{4B5*M
zsBaNvxM+is-9dGrS8u(HQ<i~V2<{e@-BfK1T|r|R@8%_wt2{ao{Vi>6w_Iv#3k?JC
zcI-Md(Ml84e@#$7MJrLMM537qPKbc{?w?4D_sSZPV1`rVL04P!j*AnFj=VHCk3)Z4
zg0UDpouXCC>U#b`r!w7jY0^X31J4xw_`K^J5>>bA!wZuS1)QB}orUw0R0kfgZP&y3
zNM)|dG>y^97b5j|)x`;Bd?@~y&i~kldG<D3JWi6<?FL1Y`D7uZT8{4_$cOQMoh+3W
z9@Hm44IY42&c+L6328=7oG~$$Lv)|byFc13-aUEzF;vPGntA40#7>(#tbaBfA34TN
zh8;GPgcS!5=QbnQ>)bZ=v!B~NKrM$}c$#@`hj?l6c5ulJoXX)o41jX4B$4Q<3_-ef
zG@pei`ZZPe1R`5yRt6Y)8eg5d57QwH^ahG2WD#YP1JeZk_U{>(4e2K_Z!5ZODLX=I
z_!+7CYf$}E&mNv&%`aH__*(Ri`~)*T=t-`hulmb;v1;Qqd%l7VGx>h}6BU1V_E`47
z4OjBtKjYWh<en6K+k^crv-<m0YW{;yMLs}Y>8^Y$A0V%JSu!8shHBpbzj*&g?f9(E
zzYO<pdMB3!j&9h>>+N-kS3Ehk2x{>Xq*vKSq8k$YE<VUfS3N&Op*wA<qW*+Ff1!Rf
zGC~d&!rp1%Wem5<eei;9iyHD~sYAT_hGCeEI5xy<{0iQSqv{^B@b}5W<~7Onei&3s
zyl%77f??uuaI>3Ama-3Ky-B>YAzpZW4q#Jg)@wAY6xt?J%#!gUznFmWb|n~ZSK^TL
zIgcmUhA4;B9v3KC0Artk^r0><_~B3PFymrA`UyBjo-x6UGd*NSb1rY2VQf_mG?sD3
z5PlR6Q0>aH-<q$(%(=uqp78^FKFAim`XVk3i@cf~gO52R>AKkMN73uh7?ntgACz%D
z^TuF)q%jUjfBvxq+wdjtf1hnV?{(YO^WiabJu<FmU9ivf+>*YYaf8kEgf(+L&yTQ=
zXG~4z>7XNBUJ{)Lp7FgX$%hx)DM|9W*n-TEKvdZ&)TyHRH_0A?v6cK1_p_aSb<;?q
zd+;5W<5bv6qElVRuRzsCqD*j!m<ZdvugdRh-b8uGWfAgFhoy10w|vsun|20L<DI%3
z<bkM+FOe>36!}`ImT@=m^aH(A%lY6{*?j5zid+X?ja0j`{C-S^l!cp;d$B!v%7*jC
zBeNbG=w0`vOA<FEq*CX2z!{RicQ7^~He*{JRo|wOdKq{TG!@@*4DW{xlgCTay8S>;
z_8V_?oA&+<KjXiD<&vc4uhB2EMPGG6f*E5lKk0@b$BxfAc9eG7)*Da{T7;?a;D(=A
zwQlSN`ZYoQM4-VZppC$QTwdEauamJ2*P9Ir4^B|`nq&-X@EMK(oHv=Lr+Og0XI?N?
z6pU478SC2_+wdLlf<wf3xq~tNN5k<In<tNgH1aXAy->}eylIIY%D{}gz%Pskdl=Ib
z`Pev*&+Q@JaTD+O1`b$&H*5op#%FgoJbu&yPXXh~m_G0P1T#wcOjhNihr{0>$$X1m
zalQ!35y->I-j{JKiw;XZRxs0nEN&3ZBA8U%VV$QvkkDX%^Xd3*n|Ys#yYy{%mBs4~
zs>l57(;#PE!IdjClwX_M;o5wMUz<D5OR(npAg8p$E=({{lSIctu-MQ6gp-rYY4KK~
zAkQ<zJ3&3F5Ab5$3F;@t`5a{L48v7E0jq@Uyjjre-REIV^hzJrZh`QJCJ2qfPPn>+
zC*M!xUTmV~?SsW6N;W_v!H?A$OZj#l5WAZ*dlkHVlT&MMG9I({a~yd1;AE}2D4qG7
zpmvDKU7Orrz{UN>$_|V5oXGHfbP^qmYL}{<H0-*)rWbYv`WWr2AZNwRF|W4cRB;Dl
z#O0m@GlpQ~-ohMwNcySs?Bqw#t<WlcP9K={gKmq0*#P>*xptz$r)8);d}qGhu);$3
zS#j}B`Vg-^ehKcPQcskQ1e|H>z)w&=*|6Gbb^Ebi62e`*M{De1Y(wWbYr*D0zvvi8
z1@YI0W7e4-bc~N_Y<O%OCwWI<sAQ{FF#cxzY#_pCp~nVl6I-I^ax|TIUazUFOZ1xX
zt+jo0p!nJ>+#PD+?i*beT72D_^dr+;R|Sh3XAdQ-Go$s@c{I`}2Z}pp{U%V{F}E44
z2k>5_x+$`+Dcn_0qK`?Eq&BFV{C{^!k`&q78res}olQh}Qj(++^#dyR1k}TU;?`Ni
zd1uY10=;h7*Dum^4gW#jM2mYur;*i}YC~jieYi6m+E-X_%H{q@r=#kWNY|n{IYISP
zV~)v3`6HdqDiTybUEIYoC5hDD!Wi>MI$c$p7k4oxNprV1|DBvGshfh@6h~y=xf6=F
z&sypKJL38-<8H<nUqeT@tF@|*&)&snzc14WFnc_)e^NkwZ!%RAR6RD4#;U4m?AA(J
z{IAeOba)#r{+N=n|DftW^ea3GM&(<p0YU-wEbq;?`fu4ht?p*{;a1uRZ*}sYl6`YH
zPNwQkp(o0sv9Sd-HZh;Zis<kz>YVSP#Rq1cP1OVX&T|ut#>Ny-IiE(hWI?Al-@18P
zoxa{I;SE(cFD<OU`BoEtld1YX^sgSnWJ55{`04tWXYzLQr*rXCfBsC&eNxYxlhwBN
z69a08*)|ZP9;$w<)AJLI7Vo~9EUzc4>+LI=R!6mr?;e#oj^Hnineg9!9PW*d430jj
z^%W-GJ1priTFy<dH26@Z-7IgV3JVeACQrg1zpoxM)}EV4@}mk14KUhIPYAwXbFcn*
z`JA)O^1`(FTW@uIGC8>|*YJyEcn_7^^;^yc@uskzOSi=Ve(8)DT-Z*v1w$qM>9Zi!
zjzndhj&KIlQdEzPa8j+LR0^mruSjDsg2Ne=P^lA?{5J;FU4fVz=0RhHphhg-75aHV
zjZ^jAp!!zx*~s4<4yuQ^_&n|mzIUO^Xl$}XV?PMQ?v(<uesuU@I=q7xZ(q1mU%}_h
zr!~SEkV_?jJg5OP_gUbn_%Rj#k02;wmvcxA@1cu(dKkNA;lP^<>p7C6TqCzrb*KL0
zv+$j_{Qwzx6CE))z(s35w-JM>Hl&QIlO?J;t?|;=51^;&Q2~87A9Li@q3fW-k-4Ek
z2*St~H=HmUtCFbNN{bJN2GiI`I{dKyyL0$1T;YW!58q0iKM1J&FDFO!=6cgVw2&5G
zUiCM=9yRFA;(HrD6DR*e1SR~+SHP#7zMfobIk{AI8b4!<71kTS<g_DYJrltZ#1G2p
zOhnjjsx8VYtf!5&=5xSQ{ftJw>7c_q7dJG?lGI>0+vv+1C7&eeXXbH)i@=-7!YNCK
zS11~JF;ye=P_lllBuN{kdid#WE{N|t4H_;n1*yyN5#AM058eomJj2T}L?bS7>3_yX
zS+Z!9fX*WxS&}yT@H<b2M%aT}mL$Cz8x@(2-o}a)WQTg+#xT5x9P#nGL9APD)_nr&
zPKQo;MRS-6Ui%!ZU5T|rv#1&gTfO3Xs(HQkQ=wj+s5g$U4SVDhm&D3>&G)e8N>S58
z)yP_05LQ|xOX7eaUN<`NmFD$)1N4Qb^OLk5VA>d2D~auEgiR2itHh^%Jyr%-HUfA>
zjTOnyC1zzWRxZNIZrQ5gNq*)fKeNQA{%sz#E5~-eWDT19EHW!^#LAUexguF(dh)Z}
zto#sGuEWaJ$r|D0XQf&BmsoivR$h^;@l5iw&a7ONmtY+K0obB&ZSr%a_~bhv;BVXq
zuQKHvS|Lm8UWGLISJpiU8pj77lyU#Xx#k30VWIz_kwxWF)ikQKhelI%?sTeU6hI!A
zxz$wOMb)w8R9#d-)wz|N7H_6n&h@-=uMD0406V{&cm6w$GFr~%y!aw49)iUMym%fK
z59Y-eV)4;BDDJM4CH>}8Q|>f#eqNm4&3t}WQ7vN<%#BZoPi*dVb5c({Dog9G!fv0!
zZlC1cx^UEcd2uloFT&#A^Wv|DLh;XdaS;|*VDU6wyme?gyiUjYl=1moLe;tDRGm^`
zPU6@jva~LM-JFiy<neA6;V8R#@pvrmdH{+C@!|?B{yQ%ohsB>`@!khyN%s#;usU=6
zp|RTSk|ZhhRTrykwj+gyv2W(B%dz#7*!l_H+KHWy;>AD3;)PiJM_#;tNCNZ)NPmCf
z=#&0F(+B-sl}3LbKZO&FF-0cv9bhNEV<=VU`!+hl@JE?`7gjEZnjb;WW2Os=Hl~th
zh>8_@=_yFCOyc}UDM^rlxb?G$wSM|3$s0ha58W#Wyh$j5{%42=oFwUbE;QIK8U(2t
zX)-$&WNtUFSC92{QO`@&NQY#jg{_iB3oU(#Ne|~2>30uFFxoiAhibt2<+O1O#Unfh
zati2WSfK(dtgpke>7q_K)VX8`5RO&7DC0B9Pm^@&Y%o;b-i!RcePT-7i0yRzd3Ul#
zQ}T1WS^2TSf;zP(3p<jZx|F0&*8O0#AbtAnGFe*pOT@<3rGSmYHCfVcJSF|S{eVUm
zxuvQ*_<6gQY8gl11=U4)R2}Q4>Rb<1r{q)hx&k3Mn5W_3L$b8)JsjWx9N_JxvZNo)
zh12i>Fa7|FE3tSRFW!a4ukhmcvG{r{eux*Z$xT@LQX748+vroT`H2aQ;$1djmpw7)
z@+#it?KtAuym%iL@4;f37nfpj&x5kGZZ8(s+lnvB?TbFSZS=`a)hT)ABp&769L8?$
z!EXK*lO=tR8%C+-#YeFCCM>>-7uRF)PkC`07LUZ@1-$t8ZX10fv9Z-kebq32eTY$I
z-cEKvJ14dq#oPTFyWLkOOY0n1y#IbEF5$)F+$r)4mq!Zgm3H!Qy*hTm<}#|~Ea5E&
zVau1W<(K!%lJ4dmb6Tlg+Y{-?f*ht~Osl$v?;NzejJG@kTUKJr7kSHF#Db^7Lb*yi
zy!}pStGXs?w%zdnzu&O!71;JSyzOHoeZGUt`PMEm8&~nhmt*5&DqfDf@vS7~_5*n@
zl&P*+YBoHJH@q4fZor1Tz3wGR`W^aNER(9;5#1H($enu*)rLNDe@dEq;O7@*>3d+A
zE%hYVNpi=yN$waA$sJQba>w|9gqii$5RiS{`d>(bHNVg2|66`X;WVzoX&jy-OZt<8
z(&j&TqQD3e1yd}Si#7spcpLdQc*85Pa^A`ChIHh5&IE?MAirv3%LEgyH=UB~1nX2a
z35HYuWYB-cPd+i|-{2=_4*ECv$<c%U4SsScR$hBD{3I;~zB6=%fKMxp&FrADMXiFj
z*Wb=bfD3$mPO?*MQ?*@xng6KG&!UY^-WgE--Dc0g6m)B`q)>)}J3s!TIm-MCc~Ms_
zpp3Itmh?LYrk|G|S*%Bw$$E?}#~(ftd`F~VI`-e_kj-0Hos|Vg<i(gQt@{Jw=HoRm
z5DCeWE)V4NNnxR@{;mEUX8+LnK;HS^u=A_2^S{lOCH=Vpc>eJHQqV#~zAY+IOT4ZW
z-={qD!y{HpqI(^Z6i^cZwVkRT2h{hdvV%l}AaHFX(J}DR9=d2_7T@Sm*-1Z!GKVDj
zWBt@p$sfDc6;KbUrLJJ{mn1scA*47xCtJjyn{DE72ur*ky7(<%TQn$~;mrfPQM1>)
z*R(P>jcj&Pb&}UZ)%>7ZofRnlf<)g1MfeEt95Q4{3dZJVfyJU5Jr(u-{Q-NZx>etE
zfI+U-W5RKxB|Cw!Vq5hsqUZ}@LwznANK6)0-_loPivWv*B-&tdd}}34tL~vAOT2kR
zxtR&qeyUCK=21w$|6w-fhFxmbHLf)EpBygABj8ohPLx$Wj1}%EY!7JnW(8HFus+aO
zYGH7ou@qS_8yff<OC=|`aaLu;O1!RsTICL?lk@y)DZko_QglT2_btIp7F3Vvv-{&y
zx*l4*!0QebT5ulQ8jSr)oWByUM<3Te0d5|nQyNt5(hCJ(dt;G_VEQ0v%k+M{YGg}M
zVSS3{7R1al<2TH1j}Cd=#*rS=E(m(|c4HhsH{^xqsyxOg$gX`@%efOoet!gz|FwuL
z=`Uo#4ZeyOe~HECWAV$pcnKCi$cwj&`yY$vR`UBFi)ZoTkHr0d9~6(}SK_#={~djB
zrPGIPHL|oW*9im7$AMaA%96e}Gr{cl)l<;pQGWR5qDEN1EYremr_K?$idYI{abKz}
z`tE+b)+R0^>;+P(e#YnMv`D1M<J;%y%rNIk)rnb2ve~T2(z*+9w(l>7**?Zuz8_=)
z)ZXL8=VS3-u=sqwm?4>c(4)K(HRv4(i;Kvd=zIVqrd(Xi>d}DuNhv23?V%}rx!3fw
zmOJDdSZ)Ev45=;pvzdsdk7p)WA=8&<0><T~VI08Y?F^G<h3Y3L`$IqA?Y_)__Pp=4
zUqjymOAGfmKWFnVtjjPRvqD;_a`2u3{2aZU0cme1Oie&O%^rQ;*GNfz#TfHz_sVoC
z(@%AY;KUoii>(Ws<Qnyjnd0t3`E~SGSCJG@>kI4Y@J_Kmk%sB!_Lv*f5BB6ve(nbb
z)v4~FIwnsYlOHSbmIc-M9(Bwmu@Y~&I;McHKb;UzEhjrFOY8i&MFYaHMK6VANxwS-
zcJM$%me%>O_}fKLT=5%O(r?H}uxWMH?(t3gRI+W9U;RMr)p)*F%Usr8P5%nu>BWue
z%76`O%SbR(Knpdt6_2UsyR7|rkMGYg4*W4LYk%^fztG?K&vB=<Cx1A3+|Eqm_MKTA
zh9&Ckyb|@!vn;hb)pGuNpDeALjez)aApl~^3|Z0xu7u6s;@`f%vr_MGKFA|D$U+?C
z@SU=x?{|vxa<cHgz-hs|<4Zfd?{@*bBd+7Zd#$4ncz^7$;Jxz8B)pe8{u6j-pA5Vk
z!m_mPB?QIndjS;R+#yT)XO90By!)rX`z$`l`#8uT9OOPeNXUWkw$WP-Z6UZgBOU$b
zUPQH_7cNYDUkl`sVNM~Boa0PqMpHo2t&N|a!iG+(gZAGzMEif?N1ndZkzmcQgMZbc
zEWHtazSGT%XmKL+s6GGny%LSQ<<_5tI`?+ykMWP<JM*gc8`GKXJ)cEc`XWby8MiRF
zJ2^(<t3=wB84Caq_xxIx^gHDgiOB|!*G+k8QIUS7<9l>RLmc0)J8G4IpRYd|-4PwR
z{%uK;Lc@}L%5<ST)AKTt{a`haqd=-#D*tCHr%BkZ<78A$v=~%Vp&#)5N|j%Ddp%1=
z`9-qziA}1u>&+7UxB?}m6YH$>4N`AmXJxvuv#Jka=V6Za_oI&Fw0W@GW%Fc7zn8^R
z<>Qq5nR0o-%`fR8Da>8I`B7jA4e!CD?mIwY=n1ID$ns58*%naWC(G-zHifcj@w-IX
z3UWX{NzyYCahA-Ye--e-EOb7~6nZ?4x8=Dq7bs3s-Tv4VS3qr4%Ur?YW)gkDv<m5O
z#<3rdDNh^`@<f46p73yaA|Kw3?^B*A0C}P!D^UDT5-qdI6T3m4n3@Hi&wmo~#5$Nd
z5ZVX+g;#y8j10oliMUBKL!xMgXf=tq67mF1#F2&`3{g%<$8g!8fXfm2M42k&h&(Pw
z<a0TqK(9^2IRQQs>KT4!^M3>Wr?gN+6+hJz2Y&mJo;dtcK;cP%E9~zRbN+s&#org`
zcR-sK{Whyj@dB@>YL|X}Pu%41(>C111^qH;`;C4PuNv7xd-M13ye!yar;(QW3F^YU
zfO=y-)fRI!2&jVs>a|%Q8U@s!xC837o>+<3?I*d{7Wvg{3t}bSA^Z>OSFgPSh&cbN
zoDY>UkPkeUI(i_az3`xM2<3x4_s9}tlc3s_=gmb<XRa*iwH#}-oO)h-6&5?NxQZ7~
z$Kv1f;tR0&%Q;ZIgck>}_&#3j#o{ekJZzyX=@-Z2DgGzo?*2|Psi&Kc92pvwq+`#-
zW<C>){c06e$GB;1(aOj{S>G9tvq-{0Y9AN8=ax9&kDC^cta?{p&HoaYF255R$7Bi0
zigMQ@Q2R~~jm^*J7sl{uz3z+IQ03kZ{SN+7d}n^uej1za(Qk&;ox~M}=6fyYrfOMQ
zHy7dXMis!}jybZVpWh8&8p(@)g~d-|@n~M`?2d!qsKP?|rG@oM`@*y7)OH#>jcTqr
zw4o`3Y6Bg#_&WEjjG$KHcqXXU!v+5CTv=N80QNTl`#W4EOZux_R)4uPmbnfI^H?_}
zC7Yn(EZ*=bY&ZlP{+&0R*OjtgcKTP%=^x4`uYr8>3Ftyp_)bvusQNBd+DY^pIONCl
zr#tzHft)m<f0*(KLpF@BmmkgUE;uUHDM!Wb57VOOLpLa&D4*ZcpYMN3XPl{<gHzjr
z>Nll@EU32YxiCcN588Z?G5&TeF491R9suu>uepeE3+zJ3>n^PS`#|)!8MD=O6$Ave
z(U-Xl!KHQN&1QJ>g6aaVC#Z(J`S3W%$jMou1#M(ziPzmmW(K_;s*SE_BQqy?3);xc
zTfDx2TFOgq_m;JhnKQf<B-arbQ7Vz#ac+`(gNHVBWRTpO3VvPx@=GthL~?KQk=#4V
z`1;e%?}njp7%nXg$&#@?83z&2CT9h-DmSN4;f^@a)Iay2Pp&Z)S()l8Sz5OiclJlK
zVP`*^Elc_{9e{y9<;82T_)ILW=f#UV;;hcv>*=t~*IJ^dU)>3N+l@feHy^Y1cExVw
zuYuO^%^3z8)}o)=341%;+*{7ysV#c>F>62H1FN6juRU&Z(Hp6{&)S<$X>20jmVj2`
z^)<S@4zVp+LG^YoJlU7WzdR*yp^coF6`I>dX1ctvH*RZhJg_$foS?wo_+W3!NUnp9
zaDMOBOc#?!zihEDugsDqgC+NcY7?`lHXAbc>g~8M_{_sZH}IXDzRs4Vb>AZ3|8O^I
zP-e-Jo^>p4>3dEZ{$tuL_~(6^2LBh1A^e{{)+hXTAGN`s&t9)N@_q1+dU?f0m)H5d
zTM+uc+k$CzCj3k9K0f@XA5DY*od|!=ELmE2dIsvhDgpkDm9nHSIckHyc|RSNBuQx}
zztwo>oDgUF)lX>bIycpZ%%N(6Htfrw+7)hE{N1b>RJ-XJs*TEvT;m|h?>HNx>|a<F
znEDCThTH%(<?Xb%Vb*OlHr7K&j?D|5Mzt~*Ri}7LRF9>T;QOOZ$)nm_4~;as^{0;j
zpR=DjZ<T0ljEAawnj5K>Gwg0zT6YaD<fk)XA!qTMc;gW`;90!51dD%!#R@Ne28)eK
zSz0$5i_gU3i+J&3EPjU<Uya4_yU+z=rYz~V9f`APN&0{?&^Q^PwAF%=y3?<|2QcEW
zQoC(%BKJKF9=UfsGfo?oAGyX!lx7a)gXFhcp#9DyxHi$^kH~$0Mo^O9DxCE70_Q9X
zocUBM%i`cv^GnnUm+4by`6Sx-JsW(lX#@D~qOp-dxrKMuyoPEyOJ>T_x?2$fUB5y2
z@hiHb4FL3OUVJ+ie~!hMarpVMcpNXj4U6Bv;t%2e$KnyZxB`ox#NtZ0|FL)=FTMqf
z7h>@Rcgd2z|8Sh4d|eCbz}TbUVphC8R04FVBqo)j*CfrOBOl-r(ySpgR_UgTw?gXi
zk!!f5HajO)=~CLO@*0JVRG&|aw^ucoj?fZ~mAPrm=b_q_kI#{%#!P<R+sMpX@VHRt
z7EyI<8Pzf#;~btkHjBn;TcKo%kE&w}3hSwQ9VNMAJ(hj4mQOTBcPraMnX$4jlpR%r
z8+{-^;-F?ds?%6mE7h*NfOj49b(o{#9BgBslRox!*4R_T*nROY;D4D%V-Kv9Fzt0&
zFgC+mPF09`yWLv>%GUV+-P#rK_N7~!wcQu)$tJaRT=d$Q%{jn>%~#v~pXz1d*aEyz
zRJ0qnJ=~d1YM+58Gh1X5-3-iTjE}8_{w&c5NY1i0W7c-6UC(F)WL=r6%T_`cS<!9x
z{6YO7@^zCh+*2Q#%RgIv;hrY+M~v+4pjxFX+}TP=$=2iys_ql<L&(AG(MKLaVmJua
z6<LuoznTh=u1dUFYJOkZ(P?!wQtvR%wCPQ>4F4RNV+71UsLu9*H<6Zc1MJF}EE<EA
z1l2ofP@P&v)iDKy^^H!xha`85hYw@dzeehvcK!zDt=AlcgL!NEgy#+vAT%mLqRDu@
z3g!|6JaHnPz-+#)N}J7WpM6Focf6+$b$C)AA5h~Px$H1mJqngW3Ly!x1>Q=_n!{13
z+OqZpV}F7xGARre9*mo|J#@8N=@hm-F8Wao-yF^(xtW2;8{U=RU>l7>413hemmMxT
zFEm#<I6+<D^>MfZlRk75XW2-}rU|Ne(AC}MCo`9NA#hJz&;hl?%b{@LY#F|@c$ckU
zADiJV<G&R6Np8^V(HFGD8JB6c6s6e(AQDfTl|hR`-aJxM1Ddf)IiS7<bEDcU86KG<
ztEDB5KqLy|%lxAiKmG(ul1X%fLz3wF&U5(!U6RSi#;_l<x}Ul!vTsl1fIr-II;r^+
zKObcuhr2E(HM?a=8g(9tu5jS<A#UX$iGJpgr0_N8RrL=qk|h#-2MkgfH_no+#dB~h
zhv}GLIA>NbFf8!;0Dvg~ndJ2t2QW@qJY)Zj-hBYhkMgS?k#^E}yC>znTMnnlrVLs<
ziNk5MEJ@M&>IwnBYvq6%6#yFzp?@B-y5ETbrZn|1W{p2zjQ?&AW5#@D+5waCDh?U{
zY7KWak?2{nBt@D!MzvNwkuo}1X0<XI?8RjDsY~2}*m7%PY1Jyttv%(xUCnSZjC-Wy
z*^f!&A^<8tYIFuI=BJ^y5l;33&O2I$;~ydrqK8s3$9TxHi=J??pyNH6dO21-j!fVQ
z_m8-3GY;vv8J8v)GY%yft26sB_y4z`W4lofs3ts8U~X<ZU{deB2U1K`G*=tb;*6Q|
zK-8NM?+u$X3}j+VszFw}qdSOtjYE>uUE=y6(VY_hDXx$|LU2$=xT}>Y*FdLb$tjDY
zZ$IDvzu?OA-QPR0=B3|P;h}VR9ry-u=?@?^TeuXhC#o#l57yr#`@!P(HykXY{17no
z|G~rcWa4`!*8J*;@&69N4tR{BggBW-zpj+{u_*!dQ~!-YZB~{QTJ+xJ!h>dTQ5%{0
zKoeZ`*%o`|ciZ`;_2Q=E;PuDu<xCM&!>hje4AW1tH(#Z&P*(AW<hQLdV0pO9LzFk5
z>8mTD>jv3mtEh^dYBw^Aqbl%4+wXb7ueSOlO-=rAM}6ov{G-($?q~}AGV*mtQ1iKb
z;hxq2DXF*dR5i)@TYS}*`;inBL!?Yn)=1Z1asKHCHvWn8I~OGXE`FZ`4TTY9nJh`+
zu51#096oYFH-@|VhprEIZ6Z+yKkW+@Dy-^szxo>~7Acb@saPjV_c$aeQZM_}Qppxb
zXH6trEr+YNg{vJaL;b?lju)%m6dNFu8c^HC#=2>wJ|j>(HjC7J1HfE{C&Do*C*&X1
zKQw04CK6rBui||q`aTCe-yf3!^pjkdS1?%tcu3=n9y`8-=gIv;*TFDwP^Y-JO8xDI
zod`fVxp5J&?#MLqGEB4i5yXe$_sMEE2^z*;IJV!@okMizNbAla(jobzfHv0+T0y3N
z_9gD5gE1!DpD(rU6^?Ir^)SY_M)@T&otbw4)442->5P?leI$3HhpJ<I{0|EL^sy2z
z=Qz3C^30tnJSpcxjfRBC1K<#N72AiixsBiV&nC=ygsWwRC~<!8{D@Cy9{+RhzXOY2
zpf!rHqcBk}<4n)$(T+%c`6!vxo(t<7Z5}`zg31B)IyVp+fg}IhDk)R#dx{Sy7*h_C
z2RsRW6_!etGof)m=F>rbJ)pi1Ec@h%g`d;Nx0J@B-X)xThrC17NnUp__69KLK~Pu4
zUh{(e742=?LIbG!q29JH4w))V_8qwY-nJh7=Dn7M4Y~T;GKGcB;_9^-ytKrdPjWMx
zJtp5_TCb?uqEFk4chHbbyxBb*P4XeYarc~0Xrx=7Gn8s~vVc}4Q}uxU{Qfwj@(gc*
zO;R}4Pm<`HoyXXxjIl9R{)gm^rj<Rd(LJ22eq>X)^Xj>SsM<n5ZlP*tWUrk4&Zvc<
ztmqCBy;95ptWx<@o02i=LK1xr%mp8jn)w-=p(RURcJ*eS3e3x+KwNrJm|Sn>mTF~;
zU(!gXH_M!)E7vm{XSI9}qWvgg?lbd*>7VZt0t)S$z7~Hp_bh(Jdu;Z>%q9fy>yW7k
zhb=8UXk-KRf_}AG+vHYwF?F_#3j`-Eu+C}YAaz&)=X+j5K_a#k7Gid00s@pGnjgOL
zz8TH<H$cJS$BKMWMwX0rh+9ot=rDm8P~Q-J+~eTi*vGsc{=L%HcB?GfMjD(nveii=
z2b{@1#2i&IM*(M0A&?~#MN_jnUvspYAMi+*gVcO0<ElX3{LzI(c><b_lQsYL63xGH
zRQ8-1{%}XeoN1c>=}{S^b^(;%;Lv7m*XC{Xg?qB+<oLoYV@{?v`sq;_bAPV+Uu<Y{
z@t;V|BR!01<DQNjm=f;nM@An;kVmy13|6lXcZG@atW%Qwk%O|a5U9`%4!`;l_U@1D
z-Q$lKet)<#V@?%}HIwtfrbPU}G?0iNzFn4j%fJfb0$v#&FH*7z1zr>hIh)PDDAh9V
zn3g6Sf;4DEFn<|eJE{GeV~l@WLz7F~-IAr5A<^?V*O=7K+$N`MXN+)Czu{LqO!fo)
zZt(|TK}fV8Z~Kj4Lm03jMpnvwn$o^8z5On!cl)IYd;1Meao{fa0uLPHSIYfy^PVZu
z{7=K0Yp&>Fj4$}|l<|}7@%<_6aa6F*C{k28B*_oYYa1^jod!OrI$`I79LA+-fA5W_
z@<};~)V~|j%JY-uBJ;z@xbP=V&a*3Jo<n4dji1onn_KQh(fVe*3;0C_G~$H(`F~c;
zc&*Fk|C>hIF8Lfu+dtAI;h%OPAK`z~0h!^u&HP*^S|AvvrkzB+(-~v2VDjLdIu#Dy
zS-+5N+7>uzaORY4<{=aZZ&F_euXt*o2d{rus?_T-Iy#fT7|orwTjOV+Arc?yV9a={
zld)JRImx?kgGtV<z)3!lKFRj9N#4@eBxl^#=Olm0$C~6FqU;Errj`A1@xBDy$**-V
zHtG@*{Zj{HRQa4Jk6Pf2)PsT}zxQqRQ(QzelQ9-q;B`yp0#^M37O?u~NrfMhGrpYX
z`cU}siTg?J?YIy={onq)&*?wkA>=$7yTzMFRVVUPk94r~d=*K1WJ&A=&VH3D`>SpW
zs5|M@N6ReZBvrT5;=}ijrm;sMN`B;{K7Q4r`BIzZqUx*s0F*#$zjxI^7bh5Fixw7$
zxXZ|v=_P8DWnlG5{x|ym9hj?F)cXuS%`fwjNp6Xkvzc!3?P()3qZVW5<NqnAF^CUR
zgI+hUQo#R11CazH(PjzX9gf}sit%On@XxDx;JRdpX$=2}4sQ((KR~sCDsAX+QEkXW
zv|+D{%A10kYY=VN=c3wzL1jU8tA6;4I18!==m_Wv&7UczPtEm^-SkNtnq1TgK}#ez
zi{zHMNp87^<W>}r-040Vfti;X-=RK|Y5-EIt)aM}fmGXABukP$Z#SaPOQ1_z#*0xr
zj0L>|@lHM02bQ9-ZDeK$CItvsRwh=dF7uc(E+e@GP^*CCR%1;c$*uH|-0A|7OMS*|
zAR5HnFc)Y?H2@mbFi`7dfz4;abYKz9wRZd43EIvSZTBRsw#F}dQg9OU5%&nRT>R}?
zNs>xpFYxsu$F7FFSt*`bMdpXk{3tU&%FT}o^P|%IsKyU8dz;^Nw(k|TZ___hzj`MM
z2L+~Z@VXEVeA7tFHdEzaL~;pCRv#qlmqF!v2m0YnBP~1luN7iNlf305*RAjU1S@00
z;AP3mpNo1pSzf=I<mTyrh5F)1@Fo?>Ci_bZ5BeipWM0l^U#hlHp+qCOo<OWdhx_F(
z$oxLlDo#~C+A}neX(1-*7B1?zyn)CD&T~3R&1}M3)BtB1*#H6_m)xV92TD@7>jDy;
z<l-M565Z((8jts!l2oF0ma5+bW4C+VL2ZV&+|nO(<&fwLgn#rW(Wl^J6Nz5w0F4NV
zmT>Vz=!Z&UHAtcAedOUrwI|&5Bchz|kR;ASM@J9hGbxk9U6*LH8hm7Vqc7ZZHL3mE
zKuHR$<7Z8hq_O~c_At3`4#7ssZwQW~Wbpy39buyM$o$K>GBhMy?R=3ahh#}g;wN}T
z_|^AOlN$?p^N@0ZS7oJ#|B_E~C8}2D^KTDT%PAK-)ye{h=V_F{!9kr~MAb?kRm-wS
zuFnm+g~l;?NR+lyb&R`IIT#w?Z>*UlOOkn2mg#@qiB5}^eWN#EzP<!1y@80)H?E75
zpx?SPE}qzU8S}sJd#jpiuL*IwMSpw;Uct*UFyBpMKXWz(`nh5@WqqGR6sWsCIf*In
z{N$vk{L&{NFfQJ*wpYlPsYi+4m?KI4*lG#97kuR5t-fe`C_mhF35kx+;X8gaiH^>Z
zBz1eFY0s!zN%TTc0nI1Tvw9d)wh`qCxGwPU&|*Afp&O~T6sM?hd0Ly~E#g<aFQ_er
zqZQP!fqtqWbRPhb6w4CaVPQKR-bK|nu;y7G$Kj^-nG8gcskp02D*KoGQASHcKz+p2
zgZoS|)+aRhHITb7_B><_(5B0QSPe1+e?bYfoc{uXtBU76qRRob21WJ`nbb5mtYHhc
zq5d_L4SKODkTmgjue(%@LqgmQLPw!w^F`0_R$BHlXqQcvHvkEE-XTfRZA5v>Ax`?a
zPI1ytb&8WdvY$BV2Oyeq1MC?i%KhDpm5zL#&y@W3UjB!gFlyq-_cBYoW#OX!M8W&L
z#9J9Il87>?KmO%2Z8k-urm26@PUG7uc@Sk|lf30(FBW(!^kpCQ+KAe@!c=A3YCZNL
zZfzSRyR~hSdNY@LKZ@*a3U}6%=$)C8#Q$mycQ%pe(Edq#%=JB{+2i<|`AAZZs4-b~
zpD9N8gtT!Il?+EF@_FHEIZPBi&KM|*`-iI?FA`<9ZDalFhrEbH&+dUrFOuls9>$Dl
zihM}585|t9aBg&<cY<mJwcGgtDDhTM^&jxI^Vj-myAVbnb|V{FMzx@~lB)j*s$U1S
zptm}xnRi(WT!i{pJF&%+-Hi3QJx4w?sYq;+x7s>G;N7<S!#Fe6pd7jZ6XqS$FL)p6
z*2N-EIVV`gxbCF=59pXtB=UHdDvU%49K1(3&iRW!S(wF9_j!1;eKj7FO>!VogQ_p}
z5z_z>P#>}BV`2_dA5&u)Hy)L&lVyC4^Thoam`L4^IAj~&AQbp-!)3=v6!rE3WCA^_
zNljUo9R=Zhy)KLMb%iX>*UL_EzIH%bV3;bX=kDaPVVw}Qj_GahBD^LshRM9mbM_k2
zK<y_Pv>3@8sd>Z!xAKx*>2ztisLZi>DSVsM2^EI|c##^L+7PB>d@T6j6H?1V@8cn@
zFriRRYX0D`Q%iut|2PB`3LF9o85sf!OEWAe_~DUF<EB*nHo*+^VmW+omHG!FFo4{9
zA)wC=G}c(EZrhqzQh#CLW$Yb<^9B5DO|$F&`&Zp}ywR;uQQ@zZ^@tfb`j~+^Iv2(2
zY<jG_9VvRO(XL*4ESj8el8}va*a_KLt|TG5D4mcUclUc!Dsi&{u`;V3ho~K=s<Bg+
zq&l>lZ0Tgo*c@l9j%osbG*cIY_^W@s4JpjXWA;O1{7~3uIQ&WUG6z!83iG<CIR4%v
z`g{)tBrH8mY?PPZBIW!RsnAPtHp-X;W5&w%q&^7OGbzr=;E6ENVcZS*;*pMcIZ;_%
z>CkR04|mC=c1XO}&V+3{6F%|Igl*sspLl2btZM9vr|SJ$yKMet|5bc3{vhc0f8jzk
z*0ysd@KO@p31s6kqKs(c^jW@)D5K!ZaT!rAZ)418bO<{sU<;x`3eNmTC-%cm3r@hR
zehBmM%$-NqN*4(+fIPdM+&8C<vFHw>+;EgJ<JWDL#_X7W$yP-3ft?nb8#ndBudXh}
zj)&(CW3Vk>KBu0_KMup<6{74t!kE!<*rvaX)H@A#=fAbT#;HmCK>WR<D;0ll>gvTJ
zRhT<kae^JKFn6@#1T0coCBtifPXc7h58C*2%4B1a&HspVFzIZ+jg`^Qe_v>B53}QP
zDwj3JnQ`w?yMNgU@zyx4UC@sWF0sMmw;<)HZe<LTIGgiJWmETKwP^4#?zGS7Is&+S
zDN!n0VLLA+%CuI1yVDo$@sOG_S(1F=o=rqK6=YzSLX_crn8inI@Ag~VqH&}xm3!nD
z?Yoi?s3+iXVWN!TIP?3X<~hyi7$<Y~%V~;{ZGJKn6%p#SpySN*lia&J0rgriv*!oY
zYpDpCyS9vK8N0^GylR#u;9Of^-2EL`?w{<V>(wb;2h<x2{3LhI@w<O1h}|1!e+Mg2
zh_aX;`F?Gj-ul8l`-n2Qg%`QPM9GG)jFlvM3s8uR7m0H85M#!KHsohE+D`5<a^DZz
z81qHjiL#wn%5O{0ze=apg4(rsE74AuCCNWIsJ-HrQxe-ozAdNfSIre1o^532Krg5v
z-Bc?p168C4)Q|;9z26M4uP+s33{#$JWpO&y7pE%d7FEzK28){(E<nu&81YGNDgVFQ
zbPEwmuo5p7db~!LH(L^lTK=CRIuf!t5#=Tb&akTkgQ{U_1aEx{oZHSbwSkvf?~X*a
zl-rzLHe34Sa`6K?m)8k^l*MX6aI6pIMs%4*UYRaSQoag524mpK5kx<v#>gZyfEYcJ
zOkacvoJwc`StQ;IiX?>SXe8wDM}$W>Kt}iv;mk>{%M0&Ts8@Ko#F8IWgWiH5sO>@B
zuLivoRoVhDQ58M!|I_U=V<5^P@2Fq>*dO__$sg{n58a7>wEDx{O`%gG`#OSJxhve&
z8XzT`A(|HLbxx6;C;Yv7+cleEmo6}O=~|Y0zaLE6KZS$M?dCpCwlX7^$JU@erfLXn
z+{zeZI!R#A@Er7APX-bUfItGGoCEyWt7zE4?ZeOl8e4{5{@_ny+f(gY*-Rg)`DKw5
zl4_$NiLPXGkw?ROj+`{wn;WXGH%<0bU2j_Ksk+{7u%BQV><>7D+E1KRyT>Wo2h|uN
z4z@MD(*S?|bwd0BPe1h%ZxA)HfImTRQ4q}?3wq&?{9nPJ@|*4PGk&$xAKBaF2iE^I
z+5Dl^58VIHO#3x8?avKHLz?}1hd;8f$q%O4M(c-GKUilklR<h2YGnc+H<|X2lyMhH
zY2#XUZ`-(wd*HpKWL(L+W30H6SM9D_vx|g(*48m;{#oOF7`;H%iIn8d_6TUeJ;m|*
zoSsxXFHQS<YvSb2&)j-AKVz)()01lFUY%wKzbozU_Y>*otE9(#S71s&Wo8JB+C~?D
zTO=o=aw>N#?V$lN`h~KMC@(s#;{yf-e`BqsTuw8DEIE!*<Qd!dO567;+jqU~`)%8|
znLVPh#5)QUx!<iv`$gE6D*RR_8anu(Ns|gr$g--e6%C&;4IkGe4Ic+BTM1?$7rrvN
z`TBjLRlV6NJJ|{fwu=UDLxZ9~tQL(VuQZ9EgGW)r`U)bC%S*LVIiNxeQvg5Fho}}v
zlRCp&2BM${Hp-pk^##;NZK|Sbr>QEcwNyn<I7K+j&c%Dd=B(W0kfcHu?i%4E%Nqlc
zS_~^%a19GYU_4n};PnP#8_{oR3QHa1k9~}Beh!RLTDV_C-P|4SDj?D6IehXPQEtIu
zO0?Uyo5N7;Iu=kLuu-$HBdzakBpL^84E)`E8s0N0V}Ic=eS3v&c`B%-*4Rf)j(B6r
zYVP@)O`9>mnWD`Y=uFpUG%vw;I!IAxx^=w<XrXWYJ2KH1WpXq_ePAZqH3X+#@&+0t
zp81{=VV)X&uxL>KJ;%ecCGJ}<>=^vO_OfFn>Dt+CS6g&#jXhrO=VrXzp{q|AFE`iI
z{5wnD5bG2nUp~nUWSa*1!U7V#Z2({a8U|svITBE9t{jMMM7x0@2h=r~p}A2OC=pOM
z+W4gB2K2^^$zY#zmuRDR`WH7LZW{yms3XYoP2n#2^c^&^Rpx#2AtLXXqo|X-UeSFD
z{;A;vW3~{8KMYC@ffxjL4PZnU>bEA^^jk?xdR0onr1Ji~^kO&1Q{&fyD$_Tw2Ab{_
z$Zm{{+vAFu{_JW*v6eWRfOu=;j|q5?*efNWTUxl^*c4~XHlcU=r%dRnoL&>UjCaa!
zpax67#Q$2B=06p&$=O{w<l%;JSAQRQc<XuJfu(ke6Rb1QqJBb4`eC-vlJ3j~{jM@2
z!#p3H{ymLIQHuh>E#3;SR+lRKL#O&<Ah!6mAugr9gar1LsJDAZQFv@O$R+OOa4;bG
zWDvv3Db-56qae~4bJA=Dw_6tSmYe_A@A{ChbBl+Q>oq-$1tJ@T<!MD0KhDBm1Ri{x
z;mt2CYzL=bKhCkZ#5;;8FJ)U4iL92Q^(49?Taw^CryW(f<{1xP)1O2$`|(bn5L&H2
z!J&s-E<x=%IQ2noDH0O(09E&J(SH@J>TBKmCd%8db+aVh5Z<JGR&U^aG`vf{cukyf
z2}nHv){v!e-|()s3lH(n-oUPYExM`~UA=8rhx5w%p4D*{h&^ih^LzYc`PNa{WO;)>
z`-4)ly1jW(-Kc$-_?NHS?U0iCb?rLP=Pya>^XtiyC6>0N)>OOI+0<@zmNGDnQU@Zh
zh+x1`E)H#LN;xF@m@G-7`jhBG{NGJPxq}J!_9(oFVLEFI`vT6VpF@(=2Gl@@e#O69
z!<|i`%Q5n8@kvb)C-Hw%)%dh0dG1o~w>$eK%@AcSVTSnBG(+4div#wRjBX8o1S{gk
zzHh(OyZoNzHWG1ZsxJTPUbmm|E0pul|Njw)1aPbjxx@1uFA}B3(rbwmC6gL_?^y6n
zU|zvXjMS{{U@Ub{=QwarSL2>Ww>U9;B*$ga3po0bZ?oX3IP`(BpKN}rz#*bYzyDq9
zj4NZ}j2Rzv+4W;^O!%=l<!^W_Zb+GpQJOIAX$n#Pnxqjjsd>v~JNfQ#SO3r@unSjb
z2_4n2Zc|5fc6X{FE~lG!WNnCUNAf^pt*N*b*WCeE3L+REcBSbzPwz?XK3n`vq6eUk
z<3$ohp)=$Dt7LvjqtoBmA`ZuZI@32nomm!8$5N_g{Q5^SFUk^>m{aBlnrysFKpk7)
zC%M;oj2|9Ll~-){pS9D%y0A)E7m{lWL~2)v<@X5&gD<KM5dBxC)$wPh)$weX0P&Vi
z6U6H}%{AX-8km*mI~g;^+v9Dm`*Z3mcz?dq&6u&i!?Kgjllv3pYKHcalUjj8tiX}B
z0*5grP0q5tD?7?VmT%&;v_5+~SzTX}-Aa_boj7Ve#BNJO*_~l06{+`zd1as<!g4{_
zKF>%_xDF=lG2XYo?<wqrOrQD}T>r26kywAM_j&zBPQ~sVqMQ!qWDX!-0vUwkE!_?!
zfwX6Im|;i0_<sQ1-uThkZH6DUbf<(LHFab7k&W1{vJu-=C#K8)>#8YB=zHo{cUvYE
zrhoP)Bs@QCXDkVDGs8l|Vg9Sd${jmwYxy*`R3;u{%s6%ww!~@V90pzW?|;zeK^KR7
z(hp^cpLyeyIAa!4{6uu<>S4@y{-|xJE5sxpJZeqS2z8nY?C1C)`m)PBiVyQY7j!e`
zSGOml4eoSG68<2f4XT_%TjLYjntEfz5xbAec&FVoe4SG;+*B~!4Mua9;8XAYF3I>B
z%u=lLB^cxF^ggn{>t(T9ydDx=Ax;x`qNSaxAZNf@sD@T0lPv>=3b$Qf_9_D8g2PFM
zjCU@Zyjay32#5-b3#KKV71OU5J?#B1dF(AcfyLsvyr?E$Zk>J%k41NEP{>sXMR^G%
z4V&ck@zN&Io7;3>;-^d(KjzCx!a{PFdm*#q@a-h`2`}iCL^#sg3@#30UqdBH8opbN
zdLad;^5=h38lCiK&PvvLI8hl{%O@4OrOot0r&?KAKz$VTl%6&+^G{xs0j9g#$jsMZ
zdL*}!m%QOcf9>i5XpK!OP}yjZ?`(O_9^e%N8uS{_*5tuI8$n+-_Rk<&4HOeHW;4c2
z0bOlTU0(g+RdE(`d5t$)ZD*k1Mcgp$uyqE~ge}PUvUBm*D1DA^VJzG=A`n}Hf(=Tr
z%QqP_!J5=JJvS~oVq&j;m@#A5F>$OPJH%L$Te)4#<+&C_9%$+?kHb5M#K-5YqV-zy
zm$hbp^=8rY$86_gvU;?z-O{K(3L5ntRYMBfO~cVhpl&|0d}}N=DXCXiwh;v!%!}dO
z3lhZ#WN1EBV~}Y`Bn)cwiOh;V@nnKe<hu7k)a2qW#@Hef9qIt(JF*?1=#FfXQ4KHm
zHmwA-N||cc$?7t+$HWlNU+ryR(c}{wSW1L~Jm}4*>H;n`hP*}m&%O*S;s2t7Jn0`4
z<BdvU<-6&|_us?+(GjscTo|mVq0=P{6O_F2p@0u{#`3|R>+{gfC9$$EN|ha<8*JL^
zoJ+q)d!2PDYOf3HQE@$yQgwa-$(`*nrX=k#jXrn`M6LXSs<bJnQaz~pTB%yyVaPq;
zAG53i71YyFL0!%d+^H+!z>PMIFtAU?KNI|hu=M$%`8HjCXknTje;n%ZlXf~t%3pUv
zz4*`Jkc0-CdhzRe*^%z;vFkU!PUF{hC3?rROex%k5yJ`pBrrZL{+3h3*wb)SKCc>F
zxGnXlkmU`fu_q_t-VkMch9vnL71N+(g$W-o8L-{qnf8i6u-u%dr$r!qzrJ1n=()5=
z<ZwnZ64?qi$hXwuzZdm=Q29%zUAtZ4Ewh3RD9J6-L!xp8R9>A{xzegUomU?FoJ~{D
z>(@B#kql;3j$m?g-GP{*gR1;>B&-jwFvGC}F$GnWn<3I508wcQ(t+J5LMf<3S5{g+
z$_kS1{?Tn@$-vWuAEpYO2HvpD>yZv8skzh*Z819GO*1;7>J)J6iJgXSJ<(g;D1GOg
z0o9P9u6>##+$ApIFWa?=C}UlwL-{XVlB68u{hW`PEy7*5km&ym-~<6;f5vCf;-EL5
z)Qs$pu8|*Sna&*#o6a4{$YbHcqM+Qb2qsiPxj(sP^vnL8(^?Z*?WQWYR@dIl7z>bR
zKOy&RbK+_moRDiTTF&^jHjF60U~p3nBhkx1wf{Q$ezue7bO6(nsKY%Zufs>6v0R%k
z2Vzg6w)IWC{m07zRcp19Y>*}2oFPe6-j4ZLVz*$j<A92A$Ia*W<uig4S|!+;CM#M_
zeFAtb-qsBP4{vyP3#SdAX}np>3E*&@cK}+xs2AR#QI`rf36*Pti5Ut!z-xj@djdJQ
zMbDwra7EvT6V9!E({pi4LEG0!6^B^A{5j4cDaauyc*9&h1nv*h&xvzM594LU8KWmq
z=*TU1120q$e^em<v>o}U0^pyJW2_Wh(ko#5viyT4d8bn?<gMf!&Y<5T|9_t|X}2h~
z!b3dzZ=b~l`%aX^`q$5%1XN0%JvpeH^{lXBbfiXOB=Z#@#6~DU_}5uiW<!T-LQFyW
z@TRycHw9u3PY1E~b-+KTk`H(74ZHbmc}q!b+!v+Fw$MZx8{I);^K`16z3W1Z{zP1k
zjcYYu3JR#D{MOuYq0B$C3hM*vtwjO#USB|+Km%%3fuH2w>M=$OJ4oYbyf?>vLDkVs
zL3OlF)p@N{oz-C+vdiZtyp6gZyT5sh{_0b>H8;d9e{+v<r=@2DWysIsrUbUi)He}S
zggj&F@x>`E{2b2drh$?aNyw*fi|p-=Gz=?#heS)caL&udoWc*;0&fMh6ZvxBePRf@
zT4n}UU1BO{E-;ld9YQ$+@#)IvB-%4TI7C7~#n8dRPY!e(^M)h?h9RILpVYiEB<bx~
zAOb3UoET8cW4}xv{S2HJaBTc}mk9@c#iDf6mmc~q7ZT46jx^%ATvQ%sQ^%fwgn|d|
z!z)w$?}0j*e&)ChEKM)h0{TO7A=E695j^J8SCyvM`E*iqJ1A}yyVv<WCZHt~(BGJV
zegwSEtqCbJt+;F<ytL@EpRoDgZ?OEr1wQm%;f>}Bd*y+^bvl{lPahT_Tw*sM!1LKp
zJrx%L8e(OX)bw}RuNzp|qh{1jKQn6QP1B$LtbW$Y*2B4onST5nUIIrd!MjuuUexJZ
zCcI&lRR3w{()h8-|5@j3{No6xsXdGtkHk~_=kM=5sx_L;4_6T?v0fvaqc-+wC;Wvg
zMd!ZHb)q~FNhQgTTy`bN8#e#>s}rV|>-S;#!%5|q@;&y6|BI@|atqGMbv=}#{CUo{
zt_zN(t*Z~#r}x->q*M5BRWcrIPtCKG+0B?S*o+qli+F)0!bJd%#<Rae0siq0`$0E;
zX8N0BSQBDeS#SJaFP}V;mv<jOAH-Q=8bea2@z_yuE>PWjm&of@w%+cDUiKd!fURA2
zzhWPs59RYI)0eKm<M$5^!9~aHb`FIoc_QGeuaoaE<T$!j15Md$(v;mMP4SzNN~@gd
zNfqYgM-F6%yJnKwAA#g?_8+~nL{{&hQ(eobyqh&mJ0ASLcogCH2`Fzhgx~dY^D8O#
znF{bfuXbot(Eq%ws}}}WniyPp0t~J+@via&$eC8jIFMrR;&N_Ldc4Gm>4Q-i@4J4l
zb7#CCPvVV2l+j&QfL<?5b{K^Tp@CZ2`R~nVPIsF9>mR&>)#VOtBEt8b&R*~>GiO?M
z0{E7hpes88eA6l!cf@=7+aDJ`OOo+AsVvXyjue(>SRkee*%rmsH&<AxqEMX0IoV}d
zt&#~Di>$s1#Hgob^r4}VO%57qaL|bE2&ivj)+g*=#r{nh_%zNPeUW9l-au7j=Xdt_
z4u^u#@~J0?)a-+ppo~ACDN8mU8Iy`kP^)|awG?#JZoxS}b`EmRLS*Mm_Mfc`D*?5X
zGtj^B7)#m&KjjElErq!G{unpEfH5|~q&^)EQj-ABB4qhFECefK$(^t<APTK628k3r
zZHqZ?Dt{DE#o5gT>T&x3K|OZ#7t~{8e?dL+2MQrKGQeVF!bRtk=z#ASLmuU=WITh2
zt7y^N9zw#lp@lKy>LXU1XfmB7iH^uNe-IXu@!66DX(h*+X(c<1|LHMfhJN2-#tc2$
z!ttLv!<`;d^Io<jg*!J9r77EtvY6Qdd$aMZliZutXZ6~f*VFf=%42-{9mX%)3F5oB
z&gkav@aPv97XllyR9u58wS(GHq5MY9K>zV$*jo86>DAOXYdL0loEh;p#tJ{Tc-#jb
z6!||6TbG&OZ~2`zxJ}Hc@N?Tq%QmUDnOFLC+qt7Q{ZStWu9^kZH?jL-K&ClPGmR)e
za9hQJ)9}E(-q(T4<p(ZPG!s=R7YZs4F-D7bllxB1;P7#sUbv%q*t9yW@@ZeVCxg^Z
z%aEjoeJ--PHF9VQZ!8}U6u(WPBf!B^)+)Da)tFwbpD)ZZ=5EExkXNmCp+k})hpuXF
z><tf(fQNCohq3jL3`+0m3vdI>ire}u&M}K$>a)1NSsd%Lc%WH4qtD_q&Eg4t7H65o
zm-ShkX%>?{i#Mg_ui7d-W7fyKGU@eiF^lW_EZ&#iT{!)R7tIb9B~EHSidp}<|8T&S
zW(R}%>_9S$(YG+Y_<zje?R^%XZx;VG&e-}a{`CU?;)Kw6(&P^!`Y%RhkQ!ftvB;qU
zV`Re2yO#8~-0w*7w^U5?@7==u`+@OZyzjhtzjvhNwevZJf4|@K?|<7U=ht?fcAu2b
z*pFGJB$1lDerSPmOQd#SKlIHj;FoTsYZ0lPXg-CvBsUOyvnfdkCYYDBhDkaGj-+Z=
zP;+HA53REu>tOLaA}?lSlRQql;uLWm(cwJ-^>ut@U@INI%eur1ebM%NHu%*xEAnPI
z{sECUXuyWs;iu;9@NV-m%YM<|Xs(%77tl1cgFcLQ(AUup`X<;%uBk(M8Fg5SG(&4f
z`Fi+n<DW)~+h|UzPuL8HkWXg``E-}jsN3u(4NlMzSj72o3<n#1&?3&p69*YnKUH@{
zzPYC1P`^lHcySl(MD0s5Cs2@ttH8IUFcpD)ONxwn{OGFx;vN4^bZmTUvEatLU1l)i
z0^JNooTW2n?CP*P82nYX%a~uw0>iEo7}jZYw!_7_`xIH?_oS6Q?T=0NE7ZJG{UrC7
zp7gtP$Iz6!l;57ls|Pse+u$%h?i3$#7h^%Z9B;uu%Y3SV+3{aNl?An+mj*Fy(j;%5
ze(Ew@^3M*4=u6IP=3!lMh~*8Y^9Ge*o6)}#xALV280%A;c4Vokw2e*jPPYmw_0N~a
znX&v^n5NUXpi_KY4<DNx#>ZcSn@8m9Yhbhd4f?>yR=$r+lIBkHM|4lg5;=YU3VLto
zi}7TJ-k|!8TH?*p$%Apm;cLVV7|m(?@@xLl=rAgdiVx3G#?<W%`Y93J%?ARW8=p!j
zC{gPpP1i)~!%G~-Jq#K+jg}+g<80mqdJm^DB_{0jzX*n+U1xnm=gnB08Mij~W`nk<
z*zyhCWP?UPt&EX_Pm%|_X|OCAbKAiR^B%eH$L)+ow-M#JuNX55lKO_ueMG7I$_y8+
z`N|9z&1pBoMQ8CAJx3V}-vi!PM}_N_R@q~T=*Z)MeIP|#f8EBVyv2{T+#sl#(Q$-t
zeCImOA|ykr{wjWT;;$mU>hU9tMZW1M+`*|YS-y!j>~k13M_@|*iSiqUf?z<aOz_i?
zHm%+>GUpIFVzS&FM;Q~jNn7;VS_J;5dQwCXgyHixPI1;cAmFRX7iRS&I*f4?iZr#3
zY9i5x@nwU;`fyh(Szb>YnjA(y2r<prG3X?>F7p&wGCXatyfB7)hwpK$B++OOe7#7N
zb#06pRXvQUhcVG;XgL3B4R<w#hDW{zQ1w`#YTeHmn5&HWJ&Xa!jW6~y24FUJ>`%&P
zrhQr%r`2w{_}e9z<Ic>!*q4R6B=)#vq5e#^M?6{vYPV^a$xAi&++UOSOwF$y$9bkE
z7<(Co2=HA9#$Ls|{jVmiw_2$gT^YbYOOe^%wAG3rOS1Y@j*#GQ9@#2W6}#YrpXHLI
zz#HacF{Op(eMDBD3dy)4x_{K^q$a~5N!sX-M_o>8&Txt>IH!xma<!eD9Z$`O5Q&55
zaZ7zNT2#j{(N-Y}Clf^aB8kBydWQ?Vg9=U&VpA4m?!%}pbVuM6q&%pGycJXpd8dQM
z29obt4klkZMOsBpD$9gF3CYbey}ZiY;BQh!a?8=@q=MvD6oA7?rR8B_JeOkc6Jw8v
z^tP8J9d1l}8I3KQj(IK7#Ux_4m)&mK%Wei+S!`S@*v+(|f9MbS?S=cz>;lu(WMUCj
z=liHSo(h+fhx?l@ClDREc*~M>Bj1VaX5|US>d=ovKUx!Kh4syE)FtosPgC;B>~M&?
z{U_pX|IT<T`TmN~V&svUi@|Zex=g%naidJtWxd~FvE`d@wdb41_j3eF`y-9A5f%Ag
zIPx`(swdGiWlReP#O8;xsnxFflL#$7&VwMm^WpdLfX9EYl5vLl&H;IL3yCz!$w`Tq
zYHIiN@y^Z%_aWh}Ngiyn`c&iPwD-B-{fot@5Bbn~7wIbWA38o1jBD)i<R_?iINi?&
z2iTPm>?j|9DvlowgK8V5YHaRi3>-7~=7tx_3W;XL5e|{WV5(&t%7To#QZ^ts#&MI<
zO#;FBAVKv`pZS_YR#2T?29G#s8Qy^@vB4yFz6aiK7@hc@e5j8{!G~#t>BIDGH@_>l
zI*fk!;WQFm;QLxIm@nbMZu1ce$k+jF)Z4X!je0E37?8Tlz=dO9)$s5_enFkf|6Ir~
zsMEXQ>qVjrV2m04t$b$MxQ1}&)pI?RUqe2JB>CvaIz6^M(j-UgNpx=)W5#Ysa`+=s
z3wsL0$K#e<>PJ@9=8se2iRt2Rk&2>UXmKqhvsI2{SbpddiO%RJNu{wDI>b|s(Z&6e
z?w03b=-*r?G(dM8<parbTn`tuRGnx11X4>T-`lgt(=3&&c+m?>F@r#<(q82*jlF^w
z;z6RU5;kw;1?c(dzN2X-rbg2|l6-q_q9rwj%2O?RwwWk%?D^7|zIh?yXHhc9#F&_t
z7vTi&!axAt4`pGa?`IlA5@w`OqiGCbP8{z`4Ra;D?UW>c>=p24J6LsEAhxDe%&1{K
z)_C4&ZI6@Gyq{&wFMy%T=tLCVL87l_^0gf#%26=qUPz*obNR=mB)Td~q(J&d1}O0_
zBhk5TKJps0ZhJ`W<Wr>7^d_H@NI^e%FI1TcA%)k3vLT<&FZ!9OSv{oYrC}ng&|Sk!
zb+w<P46;0>g*#}m?kCGP8G}!eq`Gu`SZ*^*Z#NC@YkQC`M4uAbXQC5CeAT9&|17>L
zBUP4Wy>kBBF=Ga^IU&Ei0P(_;41_kuvot%|ubCAzKqH+psrf<@`J__fl}I$(bR{s%
z$gv(7j+<Z>iSjteWywf>WgAiI`iNH@EatUDPM$?Eg(`RQIFjf*hX~lsO)zGhm&}hA
z#`r3`zr^pYI3}Q2@Y{8X)V0+PXSN82rSowbvTQ?3(>J?$P@S#ioOd9o<p}E2`-grE
zk;myF8}>k!WN>ixPwnwo@4<5zhNI7jm|h*2tsa5<j-TWCrXg%rYQ*ur)JNBTD))*w
zp2vi<cr>Sn!F%Xu-Vdi#DT>46{dDmbJ`F1wy7{V;LX=Z`7&Ee%=`wVzn=#{o9`nzR
zgbDhutZ=IRe8+ZSmGwl~0!kLgMxtDT07ya)7cHlUR4*Bsnl8X-6LCbwU&ZuqQIW{_
z0fXVK+CcKH+VkpSS<1FhZXmW1oP3I_vq<zKP(|QFv`zlT+5&;9n4R3{N_|fXX1*X{
z&YVLWa@GL+NA%cEn*Sa|rPV!**)AYu5j-aV)P&(Ir(;wDI=)|wmb`p)S$q`z%^(Wl
zBz@qm2x!yqH5nSR8{Ryt-7bos5w@AyrqpyB{>Iu40e<1|E2D$s3Y)_u|MzV^+{i~!
z+SrcH>ShMw(PaU(76p#}mJcGyy}|Bzc$3HGd3ala&GYaMpK(bCr<ymD=whJ$^GUQ6
ztZKKCr~$^bdr7o;fJj9*ub;RWZoL2~JBbd=z-(#JwVC|mViH|@KL5CgL>u7aJQ95x
zDlfp0_HftLM45Ggb%`kLBzofooOSsp<j)It{&?<Sx-r8QF5;XC{kVl5`!w>69PU~W
z%7$#+?E`QU%J0CQ?2|`%LRq7-iSkb{^@)5PkD~5xW*OCfe6~wYhOQ^0tvJVbu`4Bv
zGN3Lh3aC?jB6{-Y9^+?m#_9svqZJsSG93d{z+e9BYDB%;k&5vmV`VCB7?i3VAL8mo
z8&<>_J7E}%Zyt`)BUvbFbn^qL91IQagMRrfC-*Z%h9!PXUV4==zq*BY^gy?D97<y4
zyFr_<&w+xo$PAN)++x_{A+wakU`HQE;drR5obC9Y2%yq?;$qUuBLk9ID?aFAOjvB0
z?yo`#<(y-T8Gi*24l0K`FD216nMqEi(?e<-9ci4(hqEBJ?|lizIJeT{fID@Pd8fYO
zNaB&eDs^U=i9U^Ei}1FXVg~D-D<hV@f|zIFl%M3z^l*eShMJK-&%(#IS%1$0I2{VA
z%+G*@qm7&RmigKLN8Ou%M^U7Y!#$I05{{Z6VmyiNs9{&#j4Nv*K{I3~^uR>3a;hMB
zAu0mO3?On0c6XAt9Y6)~T6GtHE3WIYs~b^NCgBLtJuqG<AOS(92_fN1CfC&W)LYfZ
z%mnb-|MPr452mNPy1MGE_pW;1_g(Tq7lxpu$fW0KbTnJRe|IFW;4>GH(Jv=+V~gkv
zmnke+4UEGh)q54_7Of0>Lkle45U&S2x@1^NO&H5G^@qIN6qSR|Goo^sWY7?Vt-jsF
z@q8>?RO71hJ8*E@rz6J)^z66%4oi9P7$A$z=f3N~7$V7%_}n$X{wSXtWe285(d))s
zV0x6#-AqHzD4)B%Sal!6m_^)BrN)T58NRxMgQy#wH4r9nL$Oz$z>@`imn~>Hk<_6y
zsUvZD=h5Z;eH3GZt4TM<G-S+06~q{W?f#_~GJRJfW}8|>2yX?5wPjI^Kgwcgea^>J
z!tRDdwKM>3=~2U<T#KaR=W9KMiCtIN!*D9&hvAg%**Khfs9nb?W%_oh+22Q*xRW5(
z=P``q5y@Z@G{S-f#50UCNjQdXy<*ehlVg*HLJX_=6PkY=^vTr}<?r3@k(&Kixs}^@
zdZc~C>VA-VwnD@I)lQajMEp|DEB4Aa@M^v>6FwBM@FCt(H-b(@n}f0eLRR1u0l>~Q
zn=+c@iH-lnxs+pi<>gPuv&a=D>}OLz4C86&!rxdH6p>ND2aE#V(b?roW;WT@jj{SU
z;TUnu3kmDaiDy`UrHnm6{>96?e{{$5E=Y!MLfUK2Av0u1Tc;uIE$3*cHV#f8z6fYi
zvYjB#gJ&_HYv{i1zR=(F6*R9TuarcOp;`AuOpM|fnl&e)%L=6=in9Nv$B1mF_(ehb
z4ig)dlrwyD7GM^*UzCR%z3*w>QLnNZ^vxlyyxakWe1?3=59#!xH*08VpFOEi&nL97
ze>rd2=99PZp@BiZW^Zcb+(0+xl`)MpSp{W0)N3^-%9!*v?{6xh`%r3-uW3y6rcg&n
zb^-7snqZ8l{AeBgD5w00W)ho7`4L^=sl{FaCRdIFxj2x61NO-Lr;IE&>M@M#N*I;B
z*%~iuy$WDlnNmqHd7P1xLSEf!BD>Ih3nM*LZ4tw$%0GynU@_sX3uSxYe|BD8$-oYn
z%vLI!Vd`6)!NWBSPUPV_#*XZN8o@r}0d~x)zb@51&VA~Mqx!i->*Ywi@GM<`tGiBU
zr>K^gPf>j`h+*jRLE0&*DJ>X(l+M_w@H)m&X)S?v9x3R7jXE)(SQfz(2JeeYmREhI
z&h0+x!@6AY8pi5vopDriojC}9)>{~>#Y9Kx%kGqI!dShclNcz=smWd+r=0cstFD|K
zJz^5=#oIkn*xyH)zf;0UT4iRvFPhYnGUeSw6k!NKi=T!{j0AP1rUZ4S(js$M5;t|F
zRo7*e^6gTCKhv$u-szFr0%vQ0=*MPN`B#k9i5-R{1@Sn1)KSh*gOa2wq$(>p%Ec?)
zRMs-3dseP`sFk^RU$bbjcfUGLEae7bE_~HYfWLe!3uvxKadX#rkWa=w`Eca#tEeD-
zsuctX4cuZnMyegy(BG1Ej9)`U7S%Bxv;#Y!I>v%rpmwTbjLHXUr#i-s#cJb0jN`YY
z9z0iU@So)pHozSuUY$cNDd~zFUCRb)R94e;voGtaGF7}Gr;9cvjWbeTx=g>UD_BNZ
zzq|wqI*^6K#S`yijCd2oO=a6@43anR*R*o+-adv+as%W|-;1Oxk80itpY9mC>!{|P
zD2QRKjz7xwTl9UPu72iypnd%klSnWXf$ektfFfPb++)<m^2(cF+i_XCF<)cblXd_l
zt_^>7bzEK*GP2!*>I!z8jVi9T5Nq|bV8@lH;zNjlXW1x*u~<hq1O?8~K`F`3QELjv
zy_W_EH~gV4NLO*}FKBgb@Eh<|R;F^CD_G<hi=<z}<wA$Wg`^AEwRI$t2C(ZC4oT^$
zh8Nxx?q>ifFj(Df<YP+6#<w{&ArIsHw505hC(Hc!&_7Iet|KMR&h49$Xy<Bq7^&jU
z3pJ)XB7dfC+Nu`-eIL`pD2X_udtiTn<TG04c*{xij!C1;o}o+crb1?D3}bzb<O3e(
zzQ~Mwy9qP#IKw{qD<5pX+;nd@_R;O2x`>bbpiN!(c4KwYp+tPWD{kNN3ab(Kax2zO
zwXZ%+eS_YT)tsar#{Z(J`c90<MQs<J$i+G14fy{75*EP<RnCN6#FNz2STYUvzK}sK
zaH3PQ)|Z;W&q%~S4cyuP(j4{V9zp(n^mO{I&AOY0ND^i}jMQp&PSGsxFIwZ|NSQpZ
zoXL<SxoS2o<31q1uXj(@*KH^5YhEsFLQ|G@E7n+ALAS=zMq!NAA>CR+kYVKKIo)yf
zWVAetVEr%X{$UuRrpA6?!*n{=OAe7aOev<QO{V)w+;kZn*xbmh(V;|J_HJs+?&~)4
zECzC#7Wc+K{L|xj$1~gy=N;81-m$|H$2&GA`Oljk(`kCl9n=~2mcgFYdFG9mD_MhE
zObyQIA{aQsVdG^uwdZ%_f^y(@6jObFhNBq!9X$CrCi2!CLl5^_bagvecm)#Op#P^`
z+>{9C<vN^0X|oQ;!&C$MEZ&4vH{_~Iy9^?^lZ8yd5X<3&8XMwNGDNl??siPYe#dn3
zZ%m{hppDc2fFZXIX2kCv<svbd!GeMB&w$b6c#2qkGKy$#J{d(!fLPzW$i;UV_4*<?
zcWFFTeWjCm>bGed2X#GId-!OlkyMW!WlLn^^dQ^A1lE?VWV!N~Sw<F!p`W&15zB)*
z7+#1|sAx7k`S}EeYIQ_A>XWEd5v7U=&J@ED4<-AV>29PJ&~zuNg2|%e`NU&auxX&%
z^7{HLHB|2=`zgukt)ECvh4JKc;i<?ebt)B+_Yy-yaXaijWvnAdJrJcw?cgZP=bY&%
z%!j?4yPFU@Wq#QfTK!LaTHDnALgV_yRPMu30H1sy^5yN_2`ajOKIq{|>iLzRkyG`2
zfgLn*y2_(+K_jQ?`HlHte^d4R=3>>gTRWfkau3FEx=?)<>L<}{y%<B*dt#^2fM36z
zX~6y&n)W+Z-{O0WW^jD=d!5RB^w1%rFx@r+SexjLU}o?1HY-;h+paSUsK<F%H&(ZN
zN2O9=1?<MA6KNC>%{#MyiOYm3aJ^^3EN5j_rFr_k;{6F*ypv-;JQL>pB~YcEw?wr4
z!@;Iu%sW%x1+JJ(dG#Yb=9GG{-8+SXGb`}ukIY~APLKKI`0}`u<MZ@$T<@pSg5U?$
z@o=644iel9$8EBZ_y^1m5>#ttY;M)%|JWXk)n|Im`&u7=E};+Y&c6n_`dCByXPBzf
zr{@%B5)#P!X%l%r8^7E92$!^@bf1Qb(ktB<tKB^&@p#503UbtKBnXT@mk>nKUAm6*
za*w9t5SXZ|dg9_nhm(7M?4kSPDe5teeh$X80bD``u&D>*4}t7da%I(GbhP>-7anEr
z<s1cfh*x<r&jS9fT=?^54*YqAdZ1q<7!XnJqgH*mk-QStHlOueT)rU@z9yQ=&L#5b
z%{sSy<4&J^d&DQ-+{#<F^YXn>ULMh?*0!96*u%H#=I+DYx(`9!)Dj=B8;1u)7TvB&
z3wCA(9{4GY+#bJo7(EpuA9gck<d!JL>XazP&Uy%*)EelrPB>&E>O+|v(KLz3i}MYI
z#}PHB*S^PW1lz#jCUDH*cA@T>p#k%0Yxl>g6)&Dlt=PK%WNdCquKIF&eE#%1Zld`5
zSi6C*YhoC$JA(^yd`)8}|5;?MB>?+)^D#Z6n5SivHt7LA#Ro<6J(>n!D7+p!FE4c1
zdD-vCVd6j4q&fKH$4)8xb)SsPJjOCLi&R?_V>tKUsB_gXb$`fM{h&;33}e+}R$*sN
zWa)j#lPBAB`ShHoOg+&9M;(~oKQQ!kKL5k}5`6ySzx#39kGqx_7;^nC-Sf#@(@a5j
zhNU*$|GzTKHWbxyD#k9kR!<){nf{>Z<3<XNQD5i}sYR_`<o;N_Q#}nWUUdsahpnoy
zD|X}n3wF6gWl=iktBF3z>Rl8mUpcu?^37eR@=4yEt4`cWCSufAT4b)Tbaz61rR{s!
z;(xkb3;L+rt_6MEs%k+WZ*Rv~y+Jk32PSx_uTp6^i9*_4sxqzm;k^tI9^7kkh38lp
zWq!kHuJ8>Jj6X_aXf^*SjMZ1aV@|p!VKmktl4Q6_S&PK*w{Z0;k^<y=fB)7PS3>2%
zr@n>CgW|GpF;@BQMm|rrGc;zq)PTf;L{{$EkMRn9<Mrk}7^{!$rL)Q;Zx7qgAl0=?
z8_|(n+K8UmuZ?KeE{s({Yy15H4XQg2Xiz-^Yf#;K0An>3oB4ABTo1&k_kTAbv1bk#
z=i~-3VBPW`jMasEG5+WbcE?NZ+`HG%F8r5hnuY%iv#-*#RozGEE5xU$JLrW~ZTK!8
zd9E}g&v^;Rqta!ysMqdhEB=+X;{Va`>fbvxXl>l7LF?+>8noWriLsiuo9-^`UX8K(
z)*hA)&Y5C54*2;SM5^y0>;#IW5fe=c2eOlnVY-wJV_8XV&T671-NrR-Jy1Q53GC#g
ziC!wgwM>F2`%cGfRFPpEpbgHq6w&BVVh86EM&)cH*55l2U>^S`;+$sirgI_v<_t%!
zE4YZeFmSFbxX8l!2NH$3b8I(u1sA5_3z7Jtg$hEStU4Q<ZLFuHFZe=k2OnAbfYJYY
zJ;mB@#&_clR`~uHEk7e^@eCx$z7QPrTZ%2z8y_s-0*GeGqlp~HI`UY3Ab9DBHPL3T
zs6GHHXka=Ou?+{nzjNu=C-G&4(jNRaL8{(e?3JhRUYanTy0KvB9_PNu{o`mDVP52p
zaot#5{1sygV-GNc;z=r{ZaF}uR6tP6519Q~J{gzMib!lV%Mx@p;M$S>x9R&@=X`ZC
zMXeQfYUO*QOq>v9jp=PvXS+AzBl_CSt)Q<h?ZJ4wv;Oo8w{@0LQD7ON^B$9(N=WF@
zuQd`1eyx$v>x~)-&G;H)^@T=u?zQtGB&C0bF(6{(kFQ~@-uf-ZaAGZT#UIQl@Kg+A
zh|XsDgyGOb8C&j9sl}^ophs*f8}(!%ROEz;u~)8SDL%k8A~v8ZKlnlFyrJ?KO;%82
z^~%r%^`6M@nhsa!N0}i-NG3yc-V!AcW8l%KKOSgIeWkE_Y^H(qTfk6x7bx@EYyA)N
zp|lsjjKjk>O?bHDtJC4(tXy@D*(3?xK-Ha2Vk_L#V>%@~jXl}dg|T`aH4@EQ^!sM-
z5lxuMpx0llpZ_3lIm#TT>Z)$Sw`n{fGY$8}^l(D|tVEYaT?}&GuA@<tS|Pi+rdLW6
zU%81q{Fp@v7LhB663i3!M4b)64n0V48rGZ;x5u=r^J7|&Adj`c!E58>mvAVDmoW91
zLt2x)Out3h=_tF@j<QR0QFduQ$}TNdmUnX;C)Ee;RL+tb0=Ft~)>aDpAK(=@vTzK|
zve8hr)${~I|6^!YxgBMXw;w~ZCg!5-TXT=0SyS^-_O$$CXx8*%ls&VU7vT7VMYz^V
zPw$fd{Qb22$T<)PR@u#tu{Irm{T|uxu<>${Bhq;zVL3$(Uhz9@WKm~hjGOBCP`{UU
za@_kWaQmU_zkqGA2R`Pw$o3n$F(2x;lsrC2A3skY_g}|xk@s%sHsxcS;Fa55<Gu2i
zu5qrhUb%bR7{Ghw#kFus<jr+(4!Oxc(<T4ADQg8UY_yY~Q+VZf1k?UiPB1MHamx{p
z)Eu~y72)l7-cEw(sg6`Ya38T_AlK<w2T!i@AZ3vk3Kt2RY;iGhtWGYDlwaSCeR8{3
z-W>5<PZ-5!UJCoClu6D0o4tzYSO@Md(eajr<NTNMp>n%dUI}-7avm>Fw~?+*MNpxC
zZ)hdF;0?V)I|zN?AXAOpcs<Ny2pP5JELuz;DYr!ClE1<xn=@?gi4CDiGUZTqP2fXm
ze<YLFVu0i>*uv(8L-T2NVOqN>ZQf4mm?kRpOt^*>A4?1>pCgAnn%H{^<ddXQjx>%o
zbJGSbodci7vCBL~pa_k`=Rx2@Bvu)r3i8|83=#V3pE*-Jk<^T&`>lkS7uzgIx{6#X
zrG15nMTlBZrNhc`8;CI!xqY;@M6^ziODVO<9%w9kQh5aeGMx>)yqgyw&eBpRXv82C
zSP7L2;d1%OZcuTcbtFdl7<h-wqZQ$_ZhEM^N9eSm%68I4GzE#*L(ZgWwlZa=ouIJ`
z&&_w?xp~fdUf%7(b8~(2_dfYxB)vy>eHYPC{b6oLp8s}&LlCj=lXHFYbQ_qLERWmB
zR$iGE<&`C^0M*FtWfV7VE~6?zK3}-dksJ6j;w^)euEM7Iz2tK>h2hIM^6h9kzbP#K
zFdqUQDE;q_aEyzOjbZF;Zh8XptU~OYv$;v6`$}ZRioqXr$mUh9_9_$fNx#QJ0m-~0
zP|=>rrBaNsSE#dlh3mM$7P@&Nh5aeKoW~0b9d@dz(Oe!rGAeIj6p353Kww^`rJ#K>
zN1EHHG(}Pt#sna+C+zXDkh~Ky7H6qkpX*h|=kcMTuI)s)m*&@{P;bE;8!wN}<>fJX
z5HYwGLXPy-$G$pc>jg24BVQ5JJ9)-lbsW}$1|iKl8-1M?uK<&x*OA9g(-oPdiQHGX
zCIF$!U&Pgy&Qn(BTj*;xuGjc-V$#vj<JaIgp45!QLmUmr6NeE?(8GnwV?t*Ns*G9*
zdRu9oAc8=4Uf%6f0=Yire#oK$(Wy3{vM4{Yu#39)Ug9{;p!Pv=U-JJ>Sj43vaVy*{
z%jK1E1k#^=Nq%}x0%_RziQGSmCOpmI<vPC5?XdfYYW1q-w?=NzpDOdC5ts36p~KD#
z5gI7Z7e)i0MjWFUk>th4Lz8=yI|z$7D=+Uhm;})mgw5r$Ksf}=CbAPK$p4OMc54+6
zCq&cz?|?GG<VoahN@|i4!?;N@)yLW$d73@?hUmHjY2H_FXraUAllM5obwZVe<IVzE
zeIV+sOQi)dbk01aL#UZvqoy3=Un8Oe&haZABK<u?7bq+6(&{B1-UWrd$<L`Sl<k8+
zc^EXCv9qB!j>vc+5E<i+iBJRh3s4Sjm@pp>Xsrabn9hL@m8bGbpn!~@m!Av*>-X^d
zkd8WV*g3<zGOn1;lju@(KH5y#yy#A>-=SrNnBgcclNS<cPS^+Cr|}b!PKb$CiXZEk
zSVksG?&YWm_6zvXlk;g1aF7N8&nBz*Whv!@8#sL?RE=9f?G>_0e~wbj-U27k<7fLs
z;%tqXnr2C7n3gm{eJxE>WlK1YEaBu_Z3&4MK9((^TaLI0Td+`P=p;wEdU=n|XZ{T*
z6?&WNK@Tm?qRrE7FsJ73Ug|NJ<B8>Cyl`l`@-D#=d91@B`y9DM9?qnGekvdLA+Z$X
zZ>mFx4nX1_IGHrok?VzYPx4qt4*8kKDoKuY*o5dANUTjETxK8=v#m6@qm5{sIXnXr
zudvnyL{Z5nFXuU%J<etqV5UMwQt!_cqWzJ0cRK0nOe8K#B^Oyp+?+u!`XX_Y4QfX^
z2>;s#VmkwgeKX004T+CtvdVX%p))_@I6gCiq>osh`y4X-TmYXyV88OoHW<DaB$GU^
z02E`dJf#@2;k)WGsLnZ$=R-p;Zh-R!<z9K7%`4xK>y;<u5o^krRgoj|v<LLe$O`z|
z5~=b~$sY7D9yL8#KaJcmk}?g6@RP4i`6poXpES_Xiz6_zb=^cUiwqypjok`W(Y*2&
zB%YVXaa*8j05SXkPvoxweM9Bl{E!Z%xLc^1?v+;up_X_h!QdJ-#Tn-7QW(nCrKAHR
zyU)%9+ngM?T#~0p>DQIyQ%#_xn91)Fo>dVjfjkfeyj(Jor`z=<Q(*>j300icm@dEF
zj)F1*>9UZ|Q4Vg58MF{-zE@#tZ2`IBz0BNk8ODx_nl~KqkmWg=IvTlv(fw0t@%USj
zMikB>#~Da`H&vI=bjf^jGgX`Ep$}FWit5Xt96p}GajxLC91_ohZr@x>H)BBCFWij8
zt!bo}I|&0j<dt{v^2Vk!^?dunCcC$AClc2H)f72=a$Dp;377`o`Q)ZDdB0D&(^2eI
z7TF@ZU4ST{)<+u153qh<be38^v;a~z@R5<l-5B)ZH=xsijkT*Irp>{UZX;z?IWHgf
zSz01rz)hcn_sQ+9E$)6C7dbitKIW5~BL_xwV~;Z&Ttundg;s_=&SrH!Y_hqHCF12&
zhnFt!&swH=Zl<PM<Cp0MtHx#q(js-F<J>qb@oHEy(Mu7Ge3>Gj+fn{Y4DK6P9RDEG
zz@+0w{&%_A*{q(a=ihb-3mrKYg1ZG}$|Of|8L>!_7)WJ0Sdo?Ef{VBdk@N&HSK5M$
zEKm%}*`SeU=wTbBPrh3z?)J*dHKHBT!RXT&7HXz5`lN~hB~hPzUpXVuTPFJCF;jIC
z1>%jTPfCPd`m`j6T-fC~ghF#&qz`$_Wkmm7!sLW`bU%uL@O33qbw-i~emA!x|CkHS
za?@0BKHv|qXgta;AwQ<Vuu%5saymxvjc7~eY%ndFp~iUSN?na{$*Y+jGd)p{0g>Wy
zwyC#64re`baZD%WLqr=;A28MbrxSLDy$aDyh=xXJtBlZ&s}5$HMYS|GUtL+NOQGRj
zbIKY27&Fl)k3PwoxaE=@ZC&b0&SU)4M$lc|VXkiho;7Ei`k$Wv5iK?qv%+Wzw7AmB
z_~fbhqq?J$*|S96y>u;MOU<;J2BBkJnyZ&bHM^H_U1zhpEeiQ-P7Ck;r-U~h%baoo
zZ&M-}0DL0;!vau2L>8c~<UDZj-5WLMdry1l6Y!~~ns&`|yz<CmwtYTQOI-$=mA8FD
zy{zQkM6WzDmk0REBl95jHJsqwYRV_?m75s~I-Ax1wEq~qJL6<<$b`%Qtj+_0ztV-V
zvjP0N>MAJidD_lxzc7#$x5L3;48uro|3Sm(bILjTF~-hjb#)uY1dd9oLr1WGouKqg
zy^hDn@p8`?`7>TPWMfX(1|+WFsP$R}p#rbdur=u=Q2eE*LGk}L+fwu7@}cq^US9PQ
zxMex7GA^H&%k8`(F}IT-QJ<64i_d8lwJ2$c9l0e^IUMBuS)lwe=j29Ke<keS#Vf0*
zt=Zt;rC5b%A0+0|xbX*sDAMYk(19us=JKKQ)9c|BdBmrXf5olDKIWAX`MeyWtw!bX
z^5g<ObpG>o99QSzXpDAQu}}8!yu7HKmnYkJIgrcCWqG{p$yaY<ej*`iM`AmL3^j=)
zY7*TC(x5z*7Uy)<^YW@7K%$PuRO%B`pE(xiFRv{pDoql&>LiUF@iI(5a$6DQL|=kS
zMFR;Ex5O|eV6oGB#sog}Xg?hx*l8vS$_uX(807GB2rN^14?m<smUKayWThFlHV}a_
zf*5LWeDOxj)*iuwfvwxxM6sfnpiRu#&>JQ&9H6%Ls_r;AQTY_PZy444?}Kx>&Fa1E
zJXUBGwe|i<#qft<>&31H-DCipx~ZNK%LM8StIzbrop%qddYbn0676RN>8G0Z^D)CJ
zHPg^<3_k^c%>G0D6qyF>Aj`$=aj=`jU`MlDS%DF{9XT$PeW#;bean!))HKy7*r45&
zjCKbCYW}e|+I`3h8!9CUq{}N~eg^6Os}M-{JPn?P$9|(mzuQgp+o)s-9sQB$F^w-Y
zJ0f&s`U5(#hR(lY6X~5U36SoCxj?f(!a%oIZTew!JA=_}<X43hk9Nl}cJ5Gj$F#aA
zy%P!h_%A^tx9AJ)Y%q}tgEylV26LgnYJmNuL}Eag^C=G&_>_B#H9n%;9Q`4@<jexf
zOKt#OLRXXg9!_`(2Tq0e!CR1t#J_Wi+|GYnFPsiEu{ti(wEd&LaoDKK(i@#!f0b6p
zlhWDb9#i{X==*}J;^{kp6X;uA%<?}`>Li1qJKtAbNvyeA9!^3t8r}k~I1}+E(rmi6
zbq$U<@WFZINe-U;EGIuFlAlw(@>oZXtIiE&kU4SzfLD)pV{Gu9eUKmgXVCA`{{{W_
z{r!)pU;An4_vM<?(eFz&Kazg$82bN)ezX36LBHd!Iu-qf%3Fm_3#!<lk#Kb~2~RUf
zm~C8{skon+iX#Wj`hRb9T#+A7$Ky^z$K&(k>3DV$9nX!U<9<3F&$#0MJsls6qvM@%
z@pAF>EPrND^b?GtA3eD?Jvilmp-mTF2_${CiIk1;N@4#F6Fu)Bieo=rpMK~h`gGrq
zeyBdZ=>sx|$+lYv^*Y17k~k%AeQdOT15sb+^`ck*hNeGDW%yag4I-$i$)3s128N_1
z5q3`h2kX<>PF89wL7(1a=+oZ=0rf-DwEu}d{r{HNP(S*)`IL{|!}RItRG%gU#Jau4
z%F8Y0p2GyFvea#Y-50;5uzR{Ep8r(!V5~q8dXLc24~ef60Cr}xIu!{^n`cQ_+A|5Y
z<;G60pAWh$p5MINeQJL5{cqy=&1*f0{N}$bFE4NzpE5m{S0?6B<^!dAmD%}`)*(9Y
z+4@s>&kVAflN`l_?eOGhIr%w}{5&b|DP-g7eO~>4Lzm(A26{q$9P{}YeKSiqQ~)Ql
zI{Omqq74pb{kJd2`9h0ryxhafN1S1(_i*cMzAl|(h7Dg=(waCgxAJ;7-8&EbR`GCB
zIFP3RsD$WQ{_}<Cpm`VYp?;S4IgY<0bt!MziW~Lue8^5=6}aU{FXuIs5A*5iUGY*I
zU<^Yo|GyNQ{9oZfmw@{qahHwbgpO<^er`)fE3QuhT4fW)T~D~^rUIYb#>*|nht)p&
zbkONNT$b2F7N_MUV9_c~Z!>ywD?lh7vI;L|m`9AnK^SA9AR9?#83co-7WkC;#gs~0
zcxB>g1U>W<nQ<9QE1enN_xo{zenu7(^mk+>!{dUigxT~poi_s64^vWi#o+w=AM;t_
ze(_fc^C>0Yw1-B;gpO2Hc@)@Yh@#^|-HNxHmp>%G<Pbpx&2Oj7&gGTzJVsYj^VzYh
zfsV+ZF6qX+GLRm$gZ;UUNPIqx<wH4QqO5ci<_zi3Fw#V3>FHoG&n@uE<BQAWX}njS
zTke&|Pb`zCO)Zme&2iP0GQujQbhUu#7j9)0oo@pYC#T2HcRVn+@?4=HoeY>v1GaB@
zr5v_(?MQq%oq2)T=w!DePj>|8Qiq@0k<*lC@H4*Er%a9V%KTPd4iU}}smg;K4v}CU
z0f@AYF5X%T#|5@gSZLk`tL|+`=S~6)k37>x2ji+sPh~r#Ub$3@ZYnKi?%7hFd2UN-
za(b^^N;f6Fa_Lm{X2y3YdJ|}HY4Ol0fND*%^9VHP=mydy&efNgs%-B$dRgapQhxF}
zm&wx#yz<;)uRNYFlc$w?<+&5R^7!7@`3YA4^nH!(Br$-$?lAL9xAK4aEK3=r%JxxP
ztc=h@X&1&WVVDJpov^PsI@ha=$>T%kx4%t(mgF;ShZ-?uxx74%8ZrHh`jXBDbuLca
zzvy*b0}jJ^jE1H?6i-8RT=hu2C?$SeZ*;=A`XlLH*rd3lpiFtV*eh%#jK-_na!N+y
zlcA$XN*-l2XC*B2A3CW=ARASF(TVZ<+=vv8M{8=4u%#1Yy6{=Ldj9W=G!co!Pc5+3
z{@yvDH~ZxFW3TCmsjXv~ytvpa-wNwkCNG}om2aKumB%Nq<HsGRTgN}Qn&EZwcAXLP
zdOI7Mz6L!1XFf~unqrLyKzRq{;^N{Ij+r9^$cQfLBHyFSLRO{P62B@r9T3z4)Jx}0
zUq+f>9n!%t9(FG&uIq@N#ZIi3<PyXpSEC7q@-CEJTHr$2*O!y~K&o#>e-J+1c+3nR
z%JvA?TWE=&@6;%pFS2SwCWNhC*-75l^rdT}y4du|Sd;1|`<p4lM-r9cbT&<G#&o(i
zHr+A$bZ^n7JDyDUR%5#1b`9-_98;g`fK!l>l8dQcTi=ec`g}XRc?G-qpKgrRN_O*X
zcJmKWjMWF(%~W>tni$6FWOlQ~L2owqV65`&<~QtSYbVC)@7T@F?B>5opBJ#3Z?T)}
zx-eEV+0EzJ%_loBR*$#Qn-%P)pL~6H8!*;lUMc5^)}Slq9aglmhUyP~hYeNN6CP{O
zv>Y-Sf)qm8U`j*L-0}kY=2%A#<PxRF!^?Hv0I@!&&_vYRX<F>lTUS(ZdHYwCpJcbi
zTL_jmj1`+^A3WcatbOfHGz$RzhPC~u&tJtp|HO&-&p&d4e!ffS=!3+|yOTe^Eb;R|
z?H`<==F*5022~S{@<7x~+e~tug05+@QHtVsz<&RIfav6&3uP0@Ryx(Cl-OJ-duF*y
zF100Wq@30TpuTt<<KE4M-4{@xTy0ESZ8&M`zhBUeUGiq~Lb~aNzn_Ssztql?z5jsm
z{+2G|{WT~3U@;rs)27yt(7o5z16b>OO|9LKU8vuI*E#O}*FoDFI`egi#28+|agpC%
z0D&4?$>YD#$2ZW&uRhIj5jz?1SeN|yI53CW$MEv8$bIJ%iS~_mot}LvbX5wR#{CwF
z|IzINRBe@O^weu}3xvq!MOUJVMKsAfA4+@s4f3Hg_r1Y!xA4eaTj$~Ec?gfq8J_H#
z#QY#)_@VKnBZ%9)kz7IC=0u?}%7;d!7Pa!o{V5vE@r7Ro6kY~porYYv<^L-N5737N
z7BKravU)pVB+z1YwU(x>yijXxsx{|(s!eJ7hw+;ZcHQ4#u)AMB#bC|$rB^<|Ow1f!
zhT2r^kt@$*hp=kk&CPUATv<nJb-ffN8bD#UcAmLRnP>CK?UC+t3Ai`%g`4LN;N@DM
ze3;z*@@%l*uk;Fa_Oin6z^813eeFb;@!F{t8rhQ=d@^l?SGmpy=M^ox_#wNz@<%+u
zou|(2#%1ywPz^w?D7WYlYHw&gC7<_&{FMDZc#W_G3Jl&xTE@kwtZ<F>g&c#%@$!i=
zG{TUVyQFZy!z&|sTI^^-F{+qp(JDZV;kR(PO@mG68B2Ix*lf|BqUv$D$}R}!5!&|_
z9zx<d7Ohn{jV~-Ip1TlLdkEfal51&D7p<2>ezgWW8<Dt{FpI`$QET8`)_tm}`|c_`
z+%@j>B;AQ6-N99M2oU4t-I0Rxne@UK-;#hI?1R?Rc6K&B2hQ53{Dk3r1@$lLpsW$6
zd0lRyguq3fJddT@0#}Lg@)j;v{iA7rb%HNcG|2GkvH*h|sovk8E~v!Ht$07|!MGD+
zoYi!rK|fx!X7htKu>pyfSmW0TRoE>YS1dN8swE6CUSX5I&@NOx)?qAlS>XXBE&-ok
z^<|Eb=f$G4L!O=JsoJ7pbDt{?_AK_V5gP(8lJ4XWh|wKkNs!*L(jSln>F?|ZS^L*%
z1mELen;Y$)<4o<h5KP%0Ee`gyBI!W}DX*|8HExs%7z6iudbt<t<({$BMm#|D9Oj7S
z*mR*Lh!*Dn1F-&}j>D#NYV^I7pFBuEJ1=D5Q*R8$OxAPrOgP1s5o&}bafwJe%-H`u
z`EpaeGc1HH{L?;5BV@r<mz(3k^e!*vl`%Z)mJf|!I7P&mtLAVj9~xzG39&3*9?hQ}
z78*N7gxvX8S6Rsy^q0su#}v=KOW2S25N|0C_R#hX!rqS1j5Dt;uF7L=eZ%f_*pN84
z2V+<f4O`u)`h?aGs+__Yz}08d1w4acj9SVbT)-Z5#^{44iQKiZyZhko7+xKQF{a0q
zj>WWeS1N_SYl2Juijbp6-b`fkzksz8qLkZt;gBuz$(h~Q7xJgknv0Ke9H&6pGpPYd
z3pEC$jkscEJmb~*>fyjdMQ}hOfv{U%L+PBJokXj`o(ng-<<}e*^YIiWUrxiX5Bt}~
z^MHjA^_$4Am&NhxxBkccy6P;0UnfObn&{^T@$KxN&9|Yto4h-6WDrG*do(N>6T^5M
zue{5H813PuHh(d%tR~_*vJ#?G{9}3LpP&OsZRC0t5#P>wVp9FC6XVHJ7_ADU>aa;3
z2~ZJ*^Izg|hM6;$4-K`v%yE$wJs9@Fo#Dy4KN@ggvRR(NH`r(Cr?z&$Shhls&IV$k
zgogfO4aY^U?J*C6=wq-=2znA6NmnL0@=>+5C>K@MlHT9v9D4ST+BsLCYAFaA$7#nQ
zzoS1dw`_4c5GRE5tK5$MksaL_yX3GG_WSF=LZG7@>nPw0zo8Xhc;TQ$k8!Ea;^l38
z=tii-9WD;Wg8rr;F~uH%Yy(;TMSN)Ji)$c5i~pWr$6h2xO+%1dBKJTgsIU|!q(OL_
zTMpl%o!2X>rTd3Pdug4q-~vk!Nw>q5buAKqO|M=>()Ac)^;~Sq(-nAj+6umKyZ;t6
zm_ya&m=_`z`BPy}IM@;N9}af*^SgqbS^gqOQ?{DWCaex5gz)Qir|xAr!TbYh+M=7W
z+22E9WTmTa|1-y_7sWjfF0e>Q`UkPYmk@n|_8HUDAx+ZLAsr-b%8Yo`q4$#BK4%%l
zTr5a)XAI+}M~(i+5#Vr4tFS4n$zm(Z9h6~tA+?FTnJOEEg%n26vS+wNMdH5@Z1@;#
zPFk3L7qudBw-%RMM=l_Y&EgE#0W%{16>eT~anocrUY!Xl@LUL6WPyHi(KTkKIq!2q
zoMX=bi8UR#xXFG9yk=-c6R=jMk@~`EWmqF7e51xE^l$frtae)bZR-Hamo7B%rHu(M
z#Q)4v2PMXbj&;e$$H`v+gjwBzVU^nn#ZRJE{gaI#BLLEN`d4b0KUj`P&4KKcCxe_G
z`$ryW`lCnM=g)8}Yl3h#dJShu&@cJWYRIh>dY9(P*szV`xX4VT?K?t!SBN%d`;HKS
z*7VZJ^8wK8pKlW4;|rVo*T?4rxQ^um_`n{Q4`3i4>R0q4O$Cslr2<Hb_;=HI|Ec};
zc>i(zdx`gtax~t*l{3ftN4e9+`_mjD@6ZlHA2=Wp-tGO9<NcQ*8u?X$P7?1=dPs=(
zr}kzKvp0DqU5KXmCkj!k|5tn{?Yx&bt}cVxXCrNJpqMw?X95&@vm&vNg%06i0HFU1
zR~^*#&eoQ{X)~jfwCkQHogI_EFv62*d1|*KhYzI<ex8-5=0j<Np4az)N^PWh0gdSo
z`|U!3MJZ1W%n}Y-gig!6yN#mKK4p&GH*8K05<fEb&B~N($r3g9?Z)2FRT;j*7!q@=
z9OnvNcOep=q9^gcdVzxi;&i1wWIgye5KddchtfQMJWVS?e{s^V@{b%Bd8CcTf3AZJ
z*}7;UFuR%tJxd=D7Wj00J-o&ELjSM%P+I2czN($49ckf(!xp}<6$zjmY4x?usqE+G
z2?s9^c3w#fPx7I(o`l|=VRZl*#|p6l$wZPGnKiXvG_&R=E-_y}voi{}%u~F|cpEQ&
z1)F@42m8?YG8;HCJ^;Vn@16Bz{v*37X#UuPu~*n)_Z7~`L6SFyu`hI|!`^hZ$sQCo
z*}X!MgG1tz(8W~_FX{9>jRd*?mVvL-a>(!MMQc7s!a1~nphdk48~Hn}>V$;)tRv0!
zi_;c7mjsiT>0CtG%H-$Yl8H3?vt3GHp>kg?$R?=`c_O^<u#H0^96C{8?a6x6Oj{bF
z_(0E@@*KxS#vi8uc?|r7B{rjxFhA8o5t|PU9sV4h^QEl$<ZcWBpa)o}aT)oo++p_(
zyCVmQPI&3^zRz)7(`*f%Wy)0!pWGh#Jd^OQHZlgeHd1kzcF?yQV+e;MP5z$QjTxA=
zb{DkLcKf>Mhi9@6f8IqFa+BRxNItxdGfxw;4z@(*9HTh@Fi~4x?lKRw8?s}p0w^^E
zu7I1;2n?W|#rR5!##c<Fq)zDqO)3taeV*mGNILzPSj5J;rJer1tc$|e)Cs{(>FyXE
zPm@4eKh0XlI+MHK_zcHIUO7q|?1I`bWecTxn&*+cd<%QIrW0c*kgeg*(1)L)t9K85
zTN**A|Jlws?x5mWygcTG4f(X7NG-vov3zK#`x&-PHExVjS**Fp_)yyA&p@i%Rv2@{
z3ZDt|XC5WpE_p2<Hrmz{SUApWIpizcAIMiXY4vDN?>|dcr(QB_van&3{W;Di+oaoM
zZ~u}unQ36s-Gu0ScVAKcXj>-LkID%O?vI)6uG8CT9kHKlr@c$`VHnj$vpi0Um*<sq
zd9{tGSIhfah_(dPu-x+Uffg2j{wBw9^A-uwG@5@_h^8ay3~EjZ8+ZtBAD@pz4$2(P
zS_nn6yR3w|s8;Q%g?;c`S_W~xwqI|zavV6h$ip*II8K>!8U5Xc#P6&er^c+Bzg~!D
zBI!k<m)zV#(fJ|^$4y(2q%mmc=6(mw{JV)%zWWGVf96u&Ooh7ENOHhfrYwXChi6$i
zPI&k{D-!$B%8X%}fDp2=4%x;F(dmmbg=;csMFCeG<O1uXtvSm{qsQC*X*I;#Ww2U}
z>P_bJ1Ci&LEGoemdz5zv(t_jui@nS<<pqcHW~)}HWCBt7T|y<rJEfA9Frl%vt6zd>
zQJMix*u*FM)5-LwGcLLf3fZnsW#?z4Vkq@|!$Pt+((f!942D=v0fS6hE|kHbpALh$
z+WBr~uOsOwc+wW<(IZPp+6y~FX=9#>SNPPTIDG{275z2~YLKVWxb)d{$)NnPM|p9f
zcHHT<EVf5DF^i(muk8ed@}xE-4Tf6cl_Ilr*68O4!C6HbuOV1F`ZD(0KTmyve0{-m
z8<NhA8SBX=nx;=Q)Pu3GV0spkqJ+NK^9=p@{q%e$;IT)l_uD;6<$QMHOzKaNvflq|
z;o-};fP<bBJb(G)9OtF=gz2Wni@c#%y5!2o=$?J#wobZ?nLRZ7=HpC=c695}kx-A7
z35&hm7`ucG<n1(6`8oNeKwo_5%-dJNQNKrc%QoByaPcS*01fA=Y?(|<y+RO%AV-^x
zO^-nC9*nVD8J!1DCNX=^rK}d&0fpapW32v(;R6}b)>P^!Du?*{k-U0Qk6!8zWQR}2
znku{N3CR9C8^p{cM{eY`COVxnh^k`Q1%);sTzG~f&ovJF9R=FINcmwShts|;`Yj?g
zyoDo+QN<e<14`&t_@fsyEByY8nH4_nVvaNHVV3{_*%nt_rDl(_Dgk_96B3{A$E0G@
z17w~>S^n8YwMd*d2z)8xS2@(BIpb_HAM-eh&L+|;MGT{=SI*KNZnS9Bj;hDtD!WGT
z5G?M{R0r~1M?ZMIs9)eQuQHG4L*p6CIGcPq3yGzJIF59_>r|a5&WwFUKU~=Kq)VwB
z*vtA1dmJ)zlJ$|@j)AP88`xG}c}t{6rK@#UC&oU@F>m3wNF10;<iFpM<7{(%m=BpC
zFYb7P<J1p0R$srCV+9<pw{u)*#PFgasNxN{*Nnsm2a$`z{$B?>TadK1FYGy#T8h>q
zam583SF|BuCpWA@ctnu}ReV4iC>yFcdMfp$zU1u|B#r1#jIqU*^++r@BXLb;45S$`
ze|;`};uW^&Fms{m@#Yn2gGpUC7{)OuG@`NSR#Z6@19`z$!+~X_uS@!}*?BW)`3kWZ
zE+!!{1s+|5#LhmnoR@Sz#<-8)F%U`bWmC>Y7NrnAiI)9eHplr2{f-<YKATOJp#*yi
zw;(Z;O-X)2GlhCf6k{^STqKVD6&;_R>~q(JME%-AgQyFQy5)%rJW2rGJJ6!9Gi-8@
z#m$Y-&s0T?#hsBw6XV)E&Nh#8pSq6aTOc!E8HQ=gX@HOtEdySQ#QFVM#ex_6f$&4p
z0&=J0(m;X~{QfMn6ui`sg66f`V27D{0O{BC*A{TIc>%|n7LX3qL{>gRR?9P?mvNl@
zDJ)14S<uWwNE)4%ydGDlk+)_zY)HH;O<Rx6NE}Ss1{V?d52WW}BOfsK1ywdk|N4R~
z8%!2tGpkZRkFLmUi=OJ*Mauzrlvg0eEOc3l)DS4(iHhwKHl$J|y-y}XWdmlpy=o4?
zJ9gQ~dPDk%O14f#S!iW#Q9mU9E`^p%`ArIS3b$lXMm9E!CS8+u^hu-|sjtq--m{&K
zlhN<SakE`W9BrfAESGLydNRL9(uFC>5bu}5alwZPU{g|9{{Dj$uw5rGM%8ENU_CE~
z<9N$P7a)4mvnLTVo0J4G<K9oZ``d|L#LU<@F{2(Z#LS`-iDG8c1@U6$&;?A){PzMT
zX5PKvM~IoB85~DZ1k@;1Ve3W+>T!*2j_bn+>O({eSKg@cmDznL-24L*Ai8|X`H7hG
zGGcCKVPh}rXIeRDJq+#Hbh3757?chckvnrwz(z*5;;ck`@%7VR5a;%z%k@FOpC+X!
zH2k`~D|A`|XL_i{2Z#ID9K%@c--dChyc?8Cv5m0k4OI}X;P2<@vpf~fkIiUf$#RKq
z6Kca)4IDG{KLX9%cF?3q*A|-TcN?eP(MI#&DI<B0)Eux8+WBW6aP+Y0)~8b3&O+j`
zR4S8arvJ3r(lcvneYYtezIo{y(oeZ`l<6zo7_R_!n_(lvAzdJ8NI&zKi)@Sy!Xizx
z(M77yJQY_x)wt=GpY1%!xSKK=vl2G<#;O@_yrt8WZzMF6^8XN@<}JLT7*#xxMk^3{
z<s0}d+$8N?q4OeCxy;IO@;2`ssiM!)h#O%J$_>SQXm%Q3cm!3nonwA?KFi8XJ8*}t
zlDaX*O}~Xa60xjxS3?1B-r_>O&1LcpyrtDur8jp8hf`72hi8%xy5%Ef%1HjRh|q}S
zE#6QuKzH7HpN!?P4!i7k*dlLtbOFN|b_8S6SQ+cED}INqX;nOkF3QpP`C(@pW$G7c
z-&7xHXY5CBK0CSjU3&8oNzMN+x%q>7^D~l~yOW#y_2&E95}QAi+<dOy{GUn9|9w_c
z^V{_16-mvl$-Ph0n@>n;{-@;LZ`YgWB{lytx%o`JdB=&w=H5X`&GYr<AD__ie`zNz
z<mx~iH+R(1&b(amYZoF<hLCH?c4i`#6eRauuJ=6?`sM_pS8j%GBrvz_J&8liO77-*
zy_-u<U>tndA|VMu9d?stQ8}WE8k}4^McJyuMC202CS96fX3gtM8h+JA8v2Kt<>2rv
zCI^pYGC8;-vsdXyc$ms{5zDj9Z-@FKd#P-;A7=hhX9L8&4Siug$3-69MV}sR#@Jg|
znXA__XIbzyS4ktarlIEdJBPIcEYG)MZ1@oWmTC4O5>o<vh)DXqMhe2lR1@RwuCg;2
zYj=8*?!=Pr;3~VizYXe~$d`4Q3gU$=rh<6uvgi-;eQ^@gYkl$wXM@4}p5l7teX6ZX
zlZ(dOdTi#o{mz)%(vDwvZuvBl0(NEob)4eN*hBOq%2<a@E$aki3nJ;yfOgikNR)fv
z>Qy8yJApC8dy%z&jJ-eb5a65`M)H+snWwcb!#u5_S^BhM(O-C4uSYQkgT@_W<=lqF
zXe|u~F}frqy>bMU{8Edscd$1!(^|7PU1+?{Qmc;YV0AEhj!+9Nh{TI*iTcs^X{P1h
zgp9(!!6S4kUSUhB*(^<%3%S*kd@GiGi%jP?M_~U-8Of{N?G)H(H+8L^c^qT)&j%s@
zMQ{;Wr)?ZqHrBQNKIG4<H0@~I@GBcwFJB*}OLp5qX7UhNN$<4x#wlJun#?KQvN29E
z*2XvmXeGVq$--ufx{Q7G4*FH;KBD)1uj=^>gNrRMqKap_F;@4t5a2JeNHpyzQH8{}
zj?mW!e#`WK6$V|#sWXl+jwn821sCC^q}?ILZA2B!j$mi53$5G~?94<f!>-It9#p+A
zeo?Par8?B86bdi(nd4@T(;0`pPxjH#w@hF2&E_>9m%QfVlGl7(@|wezK(y7wZQjT*
zq1&1)1Kl)X_=|q}Ga85yS>H;rqa*@=2D4ore}<W)o6^iM8JwxZWZ#MZ!N8WEfKtdz
zNZy<QmiJ@K6)m=>gKdGt;c$_H#Ea8=MMgE{c%s0am7!_3TYB>(QQi2BW(t=zEfjy9
zEf}kp9H4B`pG8?>izSiR!nC4cWCndrJpMhy$1Ehhe6%-G8_|+XYI8MGJ6|KUG~3CA
z@}i@_ysR6L^x+|l)jxEYu<4vk6E@B5V_?%&M}J{H{M`}LXSdl*pS{-fS@)4&__N1a
z&3N*REgnw-Hijpq84ORZ$mktUma~=nM>AcyYxV;n3{oF%Vp37G#4sj?r;_Nzu1v-B
z<p6uRXCExP`fQh`zE!G;>RXFS-*K^b>i6mD+vjR;n3B_+j49cf3{#G4n6mQ}nDV-+
z(*kou^^5<RrCQtc^|787_E#QB>QAjX@gq8z+x#OM&u*nc`bAWETN}nO8-qLDAE!rs
zW^gAy@(W{J`vFRCYmxZ<33~Y|lD4*EtbTdIJR~V@NK1?%4fv&pRC7Sn+y)=eG`D5C
z=GNx`#_AGcc!XxA2z!xhopFo;RbQ1}vp1a=!WQBC>nulIh2bR!RcEWt(XBs#SAW++
zQF-n`$}Hdc9%Hp*k7<9EJmtTnYK%yp?$~o$RQ!{n+^75mn5;USjGWiEYxVVe`y%K8
z>pFha)Q77-s`;IVf7YBz4<?OY&FJ`9U7o`P-TM*BhDJ29-M~<kKKK)RFhqM`i6lzY
z?(`%Rc8YHF-1$B2=O)(Ap54G$(}{us#*|JkEpZCQ?`%4~+!p;GDB69aiPLx{c^W=_
z8h_lM*jz|%ZkT#A_v?6(^3xQcWru)ZQ(fy);jmqXI;#7$G_$?k5W>>PV>;NZKL8+q
z-<M1<Ri`JIH={pyrZ+St6>IzSfL?hGi7#a&*Pwsvz|Z}vu>VKMo^<s`G@cqsrc#;N
zLu2++D%i1;Q4?WFgbX-m0~*W~_45}MW%&#EJ3cO|^?Qm~{qUkpzpW@2Nw$ncg>y5p
z${#(U*;Qf~Rlzy-S_^+iEvimUY5H4mVIN{HJ(uL>4JRno&u1`YX^EyR-F*^eX~O|6
z-e6%LOE9oDxUdhgLCK$2k<^sVaeBz@@5xm(*wKol!5CwqHkA!bwPTF67~Q~sg<7lj
zpgl&~rD#7RF^qx6)U)@VmH;g6$w=JXrYpz~?ZH^hKdjS5%1`4R6?=XJI@Im{SqxhF
z{%5`Z*^fc<hju5p^1hqRagh!6RB#U^*2P8NFyJwV{nAd%aU7~3hU3ysj5!Wf?zM6p
zU-%y+WTu)OVFBP|I*YtA@}t<(q@zCz4z6#1*6UNgrS$vc9!kIGe$D9j1*XO?U=OU?
zgC-_FZ(|SC?d-wk1M~sU9&FPdyve%yEqm~;_Fxx#Fo->PL3?mLb?HTV8tDT`dvGUv
zu#Y{Mp*@(#KK==NFh+ZDPK4P%?7=nKgEj1pXV`-awFjl_jUanq(;kdqZ`{ouw0y-L
z>}L<IXAi#A9?WD9hO!4AY7ep_CZlqO)nrtTvnC4#cjM0`>~^NfKK}{zCtdYb{5JMY
zP@8q5D(%G>F#L6k8N<h|vzalxe7|Y*>&#x{e_E19e`1&6pS^511;jgFn*6isKFuFU
z)$Gd%GkfC8)AGbil67r$!0Gkxs&A5C^MAwqzu(d!jQ9p)6@97IH9e=1KE9tm7EgSk
z>5RLLxs|hr+rKc)?Mt)6eUuqgzv~5555+JR!$@q6Vys@;k*JwTocXYYp_Dzc(-_6a
zyXYuxG>_s+y+UipE-iw#MZX%mQ+ql}liu$%V+_I%iFZcn<*P_qMTRw2qkr}x^>g;l
z?U-FW!^D}oea~sNthv!-o#J-(1-z4fp;G(8rBQ95<vrTqOXKpj>$z5W;gC&g2uu;K
zwIOLH&0*9?6oS`NS+FzBL$r$AlqHC>^DHDwpJ_3NGxDLK8}8+}$denXtXNMAv<aJR
zlU<WGuJAa+Mv6Q>G;}#>dpET8Z)c|@dATJbf~fItRwVLymr&%eg~~1RDtad1O7it_
z3#EoYe?=k_DU`^<F78WSRqNo@M|nkp!??pFsIN`)X6Q+JJ&<VoB^sIlLvl9Map^2&
z{$$rA^??SAS7@E+(|-x3&kpp`Xf1lCoaOs41LB=~I4<&NE#)BXF`AobR2>COeGFrD
zZ;a_raqlf8@7+k>lLlgp)%Rn1T;!^!Ihwzdqxm~Ij*E=n-lgT^B)8Qwlk)#Q9K%=!
zSh98PZ9&zcv4jF{iTHseqCF}j7fRtke|lnt9$2BEpScA<e@|TW)9usfk}j=*hralA
z@lWn;O=!3$fk+)K6~fkJ*ER+RHZL0FW{PKEaBQm7<9K?5*Ck&8yx!N~^^gv)g!%d}
zR#w~L+^oN!0>>tt4N@4btaY}LDSb=ldluj)5|=RKy?Zl+TAX3vz3%^T*3+r6P#Ch>
zkKE01kvqfC)4vmdGyil5+t&n~@P8q5&&gKzhokaI@$B#y@pyJ?5}x%*iXV-K=M+8m
zdg!P-DYWj{08_s{Vd{6C4lnwfroQ<<3@;*0z)J$ij2Uj@MS6O6=`?db+~j$tC(QGK
z#CbNoq{q*|L43suff&m;j+^HbqG|qFLNp!1zYqXeSv{XdGv)CLoFwN{DhueJsq_yV
zbsJ9lL{DiU_B5^{a4xSb-%8o&kWYD`WBTH~!h-2p{$U%Zt#F35d^)s0a}PA1d%~-)
z2n(j$0)Ogt7){}gy~u+sBz=Dxd7zA2NO6pCh_e&r!P|FoTtxVgva?U(s5VI+NTltA
z50m79e`BIN$TG=;1|kn2?n?TM496rB(DEAA#UEmn5&w%bXhD+=<5-e1mzKNzCB66p
z87xIZibIph#9Wiq8~+9MK!1*WSa}D>MehB84(kAu55KOVfO?O}hX$SR%PkQ*eIkAs
z!<fom(Sgk&X|&f;((6Fh>*F+`y_vAwWTFO1(QLdRGSJ}o@g2XN<02ogr{j5^jAz8D
z<<NgV1-i*&Uu;^nqW5-xfp&ob8rNtt^4l|toAra_)vBJ;$g98-KouHq3iVYevzbV)
zi&>~oo+TL}_Hn%;1UdymxIV^sMI6hgbZLs2M`B+i8y*nODi$|SsV6*tN(yACfKk&)
zBFT+^Ilf*8uYm7nFXVUXo&Rm4isV9rRMf*UTF=%jzd}R5p2~5NSKgz5#L37uB@x-|
zq_6jkd_=v*`B(fm4nLe>^)E(!3W)q)7t`~2_cH!cc;6q^#y-!G?-N|(y>blV>mc)u
zaHxQ1QB=b!;dH$CmK_R%csM>Zf4WzBAq+7Qm%n#A$9d(CNK=$e8kE^lHgAV2yC}OH
zD(&W@?1}lu(5$<PQTEj0V`$d><tTf4Ij@YH%FE?b`NG{uyx0ywb1Xmi?}S(e5-%pU
zO)L|M$KfIciJw?F&RbWZB`5UORTLPPym47>TuwADry7^jjmz0uro&h|68}nY3-ad(
zu?&Bj5X%gV;FUQxUTX9AcQ*Ls_Q-W_0kH&lWsaTPzR07DU+9q<0-0`QbdE==57<dF
z{_j+PL!6QD5rqAFl{X03Q01QocVm}Q0oWKi^YYu`0-K6CA(j^SgnX98)V4=HeiH<E
zHBeGPQr<W@$`9Gj4<~4XmRDFgZXJzP`^H&M>xpH}>+ik8Epa|e1UIe_REt!P#DByf
zVc&GV@GJjh#oDx8k7ui~G<}N(Lt%eNjW-%<<Uv&00<h0u9(>3%otIm@as~MndFs<H
z%n-w?07meIT}b*Zd}UKXVwfKqtc_cUPDji0wYW+s&p$10UIies-mq}oIw(Q+D=nV~
zTbTiLW&ZCCN^xHS#nIKt@hFQIdL)db36Lk`;XDqBKAPPwmsjTG_(B8Iy>j(*nx&5*
zgRk&QBsN2sKzh;TNSxT0<BG08;_ejiAj=oVo%^WkZ{C*a>`Q;acD^Xu&CmXkZGP5~
zZGNVbmNjxMbp{7gQT6y#I3<760CTgW*}XN}i^P5dK#Cf}65@u{V?W7zXAUsW<$<`D
z-hvUzHFU(}rR!6jJH&dla-*7&!f}R(A;6zVfiJyGB;q(4Px!wgRrQ|k|84)HY5zuO
zetU#Jj<MQB@9T82CW^88y`KNT+`fuD`Xr(K+ea~0t9xz#G<oz~Li;C=V60a3+I~KH
zbYDXIF()uq$M@R4fIJ$O(EbcKx6^C;=wXc2KD52Ch)YG{_kAH!c;L;DT$@G;m)e|R
z^`0)K|9BM$bN3Fbp!&kE`%<~?an^$h<&~d$N&f;X0+b5%LTWKqU(nBg>f@X9KAC@4
zZ{wRt9^Kc)>d97UxdDVloCS#^pc+Bin41!Z`cWsXSD$tyX%=fbF-FznE%K+q&MT1E
z*as*o*qMtepUC7megk)jo;B+$Bs|`i<JQ9z+zvY^v2q<RA9Xg@xgD2LrMBMV+(DxO
z>fDZjoR+`5&h5zK=-(Xn_dNEuFQq2GBbO&kh-i96mxcHmw9@Ucxly&>VGDL#iz?S!
zIgTe^FXuR}oJVUuc`(x>wjuFvR?Vsl@r}WbTj%B!W%&md)zZxRA%1wUV+g7&qQPx)
zH><*)>sHoO5xG0b(bpsGL+;)3Bu8KJ*3MKKP<3M(#}(xwakZ7>iZYQjK8;LphsRk@
zC&=QI0X&vkZ(#!x-?T!)S}}~Oo=+i{qb$LWTvRbD1=4;Y>4kKT3ofuq>uFS27Gdhu
zqb!WY5CBM+<`W3<Qn14s;&;2yQ=5Vv*UcN`{b*hmM{sGS_p`%3`G~N`;>!G&N8IN|
zo;o-3;G*l0_#qkmHAws?`FlB%RATGwK+*>mmdBx}pWjxLg`@!(V=}vUEC7Q%zVJ($
zYdkc{;-bR?kmQlcEKh|-1HFYGBlm8PRPRP^pTq7EchIKtB*#Fv>~q*@Je>|A0`MI%
zV^a@_i&Bl9KqM|<zhE~|JUfl!0E~n^8IArN*XW%z^RtX}^RuBD=4ab&94Bv-YlQEj
z!LC*$K9^1xL7Yxr+9-V2>XN?=b~PfgHlgJLXt@`O1${Zr6^u0^acx4AsaligZCVpG
zEv|`lX$%%ORlR`d*F~2FhEOam`W2FH?7`S2?6V+|Cs*|3%?27o6T`UZn!wlernCcz
z-WbL%dAm#AtzN6^%dl9A+i@O28h4#cu0kU$-ojeN?Z}~bav=PEFC>YW<haZuf9;WX
zdYn7dkv)2xgHQ20a+QUS^NdJ0uUxT^ss^G3zA><m+mX}9?Z|V<Z_KxFTxOmB0&g8O
z;wTB_NIU#}Ty+&y?3P<0-;;Lu2f2)P-nxpQ_KMqK@8fp#^$+sKJr~)f)a>tLdg777
z(7o{+Bk|c27`u!v>7KWde|f!$cYT5cUkc-0P?&hy3LPb-CwgF=tig_4|E^$1rhj{|
zBg_9;u%n;<KfwjoS|kQCfNJ*!vVsdzf;8m?ePb_@i1BFP_X&c68{dNi8XAK62k9uf
zvIbSx^P#>W$gfwF6-3g89*pIU@1>pY4J&=)RZ5#uRS(AM$40yswNF_f*4;*3jNk&x
zi>UGv3+1&IVA4Av8K1iaiGR^D^NG8xG+xo;+$V-zXyqo4vtBJS;@FCskx0N<bQp;r
zbYfi8f~47*8jo9##2r>b5gU;70tl6xt)bB)f*lrAxvUdo^}kvk8OU2GUT@K^rht=Z
zhwi5(7<)x0LHOM+dAmBKQ}>JS0QnGOag_$hk8@_KKSX%PMm{tumC_-PJRhsY20ZBA
z$LLNy&jje-!#WMW!z4$pqG+N)s%Mfx-Aws1z_a504vaN;s>3nHE8a_iWH)`Yf*qMi
zBsfJlKSWEYzAlW3WO;&+_Fg1C9n<nRE{oCpjs7f}yK!+0W1V}dn@#a_uv4x+Nxz%N
zIJH%sroo41f&3-~u3km%7W#odX&=ahWw*W>SivAEy&p6BQrBz#oM6Y^z^{S}tiiw~
zg!6AmB^{=$WdiG_C>2=KR#4pUfZl^h`aN8wXxMpa2gd4U=K2{x66%hap>SM|q~+}x
z2Nzo}M<S7sM4A5-qA%p*a6gEoC2+<1eQz(3m(qPiEq$n6v-?M-s8c&IHZ4FF60^I>
z0`x<ots7(YK!*ve6a&0bb52EXUB!Gos25m@iJ7VSM_`&8kW|}_v6?~|dy49bV*Eb+
z?7%_6&P;zM#PaqW1z(){X&dDXy;43?0i-zuQr31RDkgQXi$&VS>JBXes;w1*Sdc_O
z8C<L>5z?e%7_0ZT>HfIoP-ZZ+dMkCOP^)#rTSVt<-@sxSQ$cYhE!1;cFs6&Mfyf!9
zbiNc0<R~5+v21eFpi~UNh6*X=BSJ=@2{EBFV=m#zK~`7Ur94GeT53R5H(8B_eXlG0
z7%gjtEIt*FQC=P(?>)xe<2UFL)^!!+FDBM@T}6(*9v|gGE+dP7gjXqLo4VtRQN`ma
z+NSP!ehb&a9<rb7<9}{o_PeVNJP-iT{8m6lD_JygG=vCcB5{NkG*lR4VMO^cz{Xl6
zS}ElBB1t#`co{^}Lq}k>gNswwA~B6N-HW7W^#&{8DwUCj7(PzEdc9SB`3T0|&{I!C
zuxvFL5uuO3YqjD7x=hopx_zOpJ%%w2F5c7$q*jZhtJ}4ud#y)9Ns37+K%RHD!=`xE
zWP)R3sa+FXY`p?Wk9TWYhy1D9_c+EYh<&l{uhg0F=wXbNMK&U2Z-)d2)sTX%4c0A>
zg$$DyR)0hXdedPL#cQ<^+e!sws4T3A&?z5=t?E`@nGW^2yz*1zc_i{d7kIiGKj^~R
zJHz0ez&2Gm4Aa!Gd?B$dzc~iqA$W!{UZTF*0~3@tcVVm^Ycb3J_W>?<fN*wwl&YU3
z^be6Yx;|pkmWbN3i7E&h+sciodIujm?~k-h__rg1MOSK!Z|X6^Pr^t{jS_K9CAHdk
z!X#%?g8unLD^RaEu8*=D0#14W6>5=mNejj>uwc<32}x%WQ?wx=S6w?F8aib($3<>_
znXX3nA?VJ?6WJa?uTsau{20dS&O-!H8h%L+VT{$kAB9iuMbdy4z`h`oY~<r<^y6A%
zD;dERM<G8Flu%Ju9E#&<{gCMFVg!*#pj-q?oz8X{WVgc>dHka;thgOEb?hOG$?$><
ze@8$pVJQ#hIn2B1Rp9S@Oylp@!j&dpq->%qyl_Mt{P~Bq!Jl!M4W5u%(V(?R8bFNo
zRiJBJpQ27UjImtntY@yKl{LKlad6=>OOOu@TxEs6w>4wj6xO{_D{E1819=M5zAtv#
z_qR4<44LqQi&G>d9VgH@6Ev05`RYDqNrMbi-)|*&IUnRG5<g%<6KFE~D8}m6sE#*4
zzr=tzrIskpCg}gbF+=Mp>W4%(>C1Zr=$d6dw(|<GdR}=O7=N7`3a4{?VY`2!0!etK
zhQMt;MWD{g_Bolp!Y$|#DC(j-38G_2jF;C_vEg&rc;(@#-XX2NA+<gkUh>IX@R*5o
z1K;hi@fO;Z6b@w72|+DMv9QTby`OCVL;E8AhPQB=f2RVirLaHLv~2~iJW2ik{VGOt
zTwMx?26?oNm&e%aN^&qwU2MNa+u!%ewfvByk-OG+VZCcQWo119fO<vz1~g4;yJRAV
z#LqK0PFWp<4|MVJ38?`||AsssuMrN0gsH^rS-*{CCVB)sr|YZeCt#C75niIuLyx=z
zFK$8NxoI5752HO)Je3MlrQ>0su0`TLBVU-JY-0)A<Sjyn1&Oa&IWFXi2~i8G984se
z5VIgLlnN*>bXZ+zWew!aN7eNsP<5(x1W|Ts_Sh^n@_*&6OAm0}9Jds6I|;jbIGy9(
zBOqLgx$WeJ$HH-;+3iBiGB*<n?-J9Sw|vZ7l<lBD^D-OllXU;&L5mPwf-1j&#4B%;
zdsWti83_W2QZh5?a*VO^c97)+Y%u`|avegaTa0(6tuV4MGQC@fTG8_KR9d;>3Yt4m
zyxz)j6l-}!F@Jl=R;j`N2~VK4{L>VUs}r_qV!b>@_hac^PGKc%KS+ZU@`aN%6G~zj
z^FvyBxz;Ohik$sk7v>eAisslR3k{VcU>fR$dfvQP%Dfvj)J4+q6l#y?OaGjePT@Yb
zsi;_zQDGaBy1{-k>S~NY)xIpUrhcoHEb0;YKTE%dC5^$7O2<<<uBI_-=^mWIaTjyl
zh|8=AEhTdX77}`ED#mzeY|2+0hbrGnIo;~Yb;6$OYFg5Tn&5DpLEbq?WMWG(TkYbi
zYm!&6%BDtHeNR+vmFtM?{Y#J8{=GQPb@Q&(<eriGrUF){pvt-wLI6RQ%cTbPE(A*c
z!%KLB{2#XQa*5p;W(?pK)A=4}y)ztoi|7GM2@p9{aRrn-V_anTjD&8+*yWNOsK=~U
z^bmO`hlK;zvB|n>B7KFr;BbsNZtl36$N-nnc%2ZjyM%C%pnW17+*Q4xcX3rguMpeP
z4e{ARB-dSKZK~7r3={HhCt@e+0#b$l35|n6A8tC2wX11N7rwua7wRmQR$t+Nk$8;o
zkm{?hamlSNp)u?VMuYxu_)wZy%5i+kdNO@&-X%6?n3o^6%X4zn$F+LL4A8{-BmXTS
z*jO>Mn`mgm|6U5O5s2%cW3X4tss5<R5F}>xn3ip5QK|9WIlU|!FRusIDX#}|YUso`
zG`mrV-HIv#T^J9CWEfC$Om&j=nYOeL#{xrmp~lJ!@DVGeary~h2I^gg|6`g^7-RXn
zA^fqa3*%`^3tQGBsgWo!4-xb2%Pt~CYEoE_DF)ZjdOV|3&kG&1qKXMUbbW|I1pgBn
z5qRiU7&HIIbJCfs=jwj^<cXx1KKpzJ#-X>kT!PI#g9#hCme{T58h$#V!x|VZM3>Ah
z4ZX$X0oG@5+}u9HF}8E4BDd3w{Hxp?Czs@ymyu9_`dFu_zmz}*Q2x9(gpO2ljX7@K
zpAAC%#(h#kR7-S!34u<krpE}48R~E|S`2sf(uq7eN43U{_irV=k9TK>xv%z;xW0t2
zRUVx~yHx+t0R`&*;^w&bpI`~{O5m;E{+i<=%iiq5=Hns7+!!d?eJ#|Iy1`Bq0m6z9
zkvAjf6TZD4`1S;zSLPM)@`Q3;p2zcrN0GSM!a{9baAEZ+BWJtN%32p%RpUX`4MadU
z<@3T8i?e~3=kO&}1MR#rX7-4x)GS^pnawM6cwea4>XS=m^TXzpBk?^@x6{S&L-pFm
zr2n_ZrliGU-bB3^B=Q{I8Fn@_t(j)j9~o~E8VCDAw^|9y*n6F28>>ff3lB?+DrAo1
zE+^<N*UB|D2M5%s{~vq*10Gdz^$*~my_-LqY`EE*WRnE~TreR)LkNF_2oVz!k^l)t
z2p9!Pmd#DFve{jBHz6o$Dwfg~+qAWo_bqQrm0E1E@@=W56_r{`X-nVIw`j4YEv=}i
z*izeCba(Iko|!v$v%A^NV&6Z%-}8Ii=aF+~<}+u`oH=vmoVgdw-uY(vsCYTqAAi32
zldHTxc+<4=&5~ui+a*D3Xvh|#1W$_y{?R7(L5jbF24kPR+txhm9kSN)(c^(d&7Z8V
zZvJ?ETl2^3o0~sb-_cCFe7wGohlK3^Lvn_Fc+x!Uo#s#8XCuG-=<$IK%@3w$vPI5_
z_^(L(_~0hv&hxp?8TD^YBLAL!PT>#EXEg78-mvqJHyKVg-|)Wgtv50VAuSJXO51rp
z^EsAxoQjr+OTkI=gA=~I4EX*`&1~*j#>{3-IdJjTCxX<fhG}!D*1Sn;E}+fTT8w>F
zR2)t8Cxg2L3+}F8aCdiicXtRrgoNNS1ed`fxVt7n27<d2TnBfVWncDT&z?R1hia|U
zeXFk2ue)yD+my$j;W#efG@daEjKc?`eyE2X{h1(EmH6|$4=0@JP5dSF;rZhJ-}&#&
z?|rZ_3y1Pqio??%p~{y12l}0MZNp-#N7y5K5ohLdoHe-ydV63!ma((YSl7){Um=9m
zJ>d5pyDk&|&R0O!YT-ye<ud0pf_OO{^)m{;h^c=cSYO*+y>G4Nb7<^uO3h9-+paDX
zXq!id09&KR(LE;XdgCm|>Rx_CKTsnDg%G@X<TX3twu%r+8NeVcqQXY}u!B_U*8n=c
zHvWgrEMBL9#w@-(?GSL!>fQE1lN?ZLlFxzilpEHuIV-lMZTo$lBY2IIF@DVE+`bV}
zv~jp*>N_ei*X!hg7jsxRL;Zx?=BaiCW3IbHzf*wFxwdWHY{TH5@BOG4CD`=1+*|OJ
zQ(vc3{_Z{y*>v3-9I8o@CzlJKvHUuEMe}_dOHd4ozI=u@QtHA?1ztZgAR3F^V01Y?
zqq;z;*t+|eFzh*fL*sGc(+F|iUh1&6o7@*6RDd(=sV$YeV|fD@NN((7-UK4UH*Q}C
zhWJ{ov~K>j%)9l^P}wm!<^nU^2f=&8fNWbgodkhXP*Tko*W>r`bXBz1eHnT}acHmx
z=&1HJBRL;V{~3~=NRkKNLLN{@<@Ivr9@t-l8Q4;)GP-OPkbz|TeORpG0lv}Xs0AfA
z(v-PVIqbkp*#T~fO|<bnzN4L55L0V9Ks+pq(UHUem(Q~E<6Fdd*!RgJtf~2fotY;}
zCc<w4R{Ot+T1`l@)fDU*OK(`kUEA)v-V@=1Z{7UC7MFVdK`dv!Y%&q*cAC?&j`Q(N
z@ls>E;$0T4T_LeOIV(T6)AL@<leh|e4MtslEO(+ko&DvdZ445M8a+C?7dBJwUzX_X
zQO;_(aMRQ`7RpfCJkx4^d%Xh|YusVA?+E|*N}u_?Si{S8+9A1FY-_ow9ltd|n?x+E
zv}tw6GLB4Q;wsF6S~4OpjA09B2|>9$(#Xrf;X|&*5v8YW;fJIgpqcfWq5pKdewT+z
z>F*uV!vF(+|2tMdZ1hraf3Mu-SZUgPSjSDR`|`=9$dUE38J@|zc%Nj9IoZ_tXnIXb
z&pfiN$S|!INYV;@K*#9c^I9^yDp)_TeXFXTvtWGwK{;67PNCe^ZFF?`K(GwG7YSZ}
zBBeJv9|`IZTOXa@dKp~+2&?*jzr1+$uUkBVszJb6rVjnHKSi2!|F@iVY1rhT4y*F=
zNp$`SEALt)6e}!w7O`&uHqKMF&GfEUm0WO#`uB<9UZhPLv+EqMiQ;P7w)I%VT<4(O
z%q}0Ti_Zyd*_VT6l*Yeg1u-@G(KqEF=Fl)$0E6bjx`MmHFcC$sfU7P6t|?=56J0m8
z(2>Ve{U7cf;1%P7NvOTams{H$>KUP!*Jnbo|8^p)IF0%&yBQ?fLM^(fiz1ZL9XBtJ
z9reP`UpiRQ!69k3)Yt#lj?bO&`r&Cw(Q>d;+9I?#-bt^Zt_lBLe6l6ZZrJ?6#dWDr
zfzHWS&(FeVz2@H?`Y8$~&6B|L6w`Vpt%Hm0%l>wu@0P*_Lrlf7aM<qLt_7R*Q?YwE
za9(rO5+~B%Vz*<soH^1TyddY*apRCNTjLnDuhY%hB?I8$2&y=~TdKJcTvrx2oF19r
z^-rAE2RFV?W9oEfsUJ8B`xX3n;)ZR{K#itvH_l|x^fbhb8hg@Q!<`Ql8}-4VIj#Rd
zd`}eq0atF>_22ydUB)={A82Z>m>I1kj3cNU^eZjuud=>W%Q}>A%q*h?362$;7Rrsh
z#}!3}--wWO0I#o~X@^9ME8r{c=>70A{<+;ebhyJ$l2cOiV?0xST?#Rz0fiIk`hr@?
zk10U=@^8hf+{EaEJdrqqvtMWNeA-1xnezGR*H5+qh^DLf+4;ZsVocn726xm1Jtlax
zlA>j#E&ETj>qWP(SPwXF4C*EI;}DZag0HBx<BoXG%{z(ifT!B0Z*ZZ9_YVk4*15aZ
zg{w#9D3n9U2tTEn)l#A*wzq%4x5^e&p>kXd>__BN4x-e3FI6W+Xq!FJgNJ;Y!fl|D
zok*qbQ2es{2@QlK9qmdWy_-uT%Sj?lZ;P7JTNgEQ`CbNwrAu~PXd3S?agUyZqJM<b
z$+{**jZ7oZXooS&a#CXAop{KU>_Bjx0zb(*gE3Q(G@=ym1Y~5xL}XViuu`H7WNZhj
zXs+%tXx{&^%KE?1$tJ!R|86o`AsA*#E*p*ak#ck{4Nc=t4=yB7LiVnQik5HySBMBR
zC0#Q*7vozr8#yf*9%BYBqX?!Ii0-QrGdb<^9Inwt67HjeTju9@t1CGg)kKotyY>I6
zs+0cSjUcqro+W2=#7+(8{{{i){Mwx_;}%*ZV0<IAYAg^^b$7u|4bJ(!JH5{>v`o&}
zlJo0NGmGjI6g9O_&8jh2CzJgUGZi$!9q6c&*<H_~%ISulDzQ$&$hAqrI1I&1ty?2u
z#Ay2p2{5y|QZvX586sqitmXdi{yXFn!ODA2GSfGdK~=c-10xE~S4c$NcSzQI3FxI{
zblOBs#jwChjc0l%Nyh3bL&nN`9pCEHQ4Dt$s1~Gh{$0t7Th;iBRU_R;MwBmB-mD)P
zGrm}X@X=F2nwiag#Eg7}+(NkMshZ5Hu`=(q2pA8ft!Ob=8&Fw0KA@+*CpYp%Wp#q+
z#!Q!h^qg3Y(#t?(GrHPoWuQjhG*va77(O)yBPUigGQBH<V&#3?N?V&UWyVb1#*vZ_
zT}ljK-k-Z7jA<_eC7^2dH1@yRF?1>nWZt@s{0a;{-nyWyVi1B5>*E1p+Kb&6<uHCJ
zh9q@OrJ9Nl#c~Yi2bH_7waV^I6(vJOAOri#-Iy%aNAsV`Q4W>6BdTfatU57<WuP|u
zN?Y?R<y<>fCEN9|!Fe5sdb;~K*H}oChyKkUoue{<hN=9-mE)_pRqk^R<s|SOBT!y+
z=3)m+rnG3<$E@w#JR&p>|ND5+FePpTQ}ndYXi4BaSteF{K?r5<)jfTMJgo-4ump#Y
zv+&%L<5S09oBS)&>JZy1Sw<CUd_i~(>*#i_@KvO=#kmeX#i-rvu9vPQ&2Ag%9SQ4+
z6gNMwI6kU1=T+&|;#|yC|5p82fX;DQoBY$F(h}M%y^rm*P~CpHdc#Jhfs+>AkC*(M
z_BI|n$@Ppv9@@Ch)x@yNVnBbaA5}4w2UzsyR~yvuYab^$Om#U!0BDr&Z;Y*mB8*lW
z25&JTVHDo{$j=wd&WFD<Up~<Z%9WW85Gke+cUx5N{d1OsQgNi2Q{N>PAwI~Y;4rIo
zQfl^9@U_t$5VKnxCCo~8GI`2&xpW%Lkult0$DwhvfPC63*_D2A4d!>9fjasIwkFJ)
z?QB*uM8&MMbl|iHF0rnfsdrH|ybK>r+~k;cetxb0NITSP*Xd^e<H^BspDDxt#GWO?
ze|X%Zqe~?0!SV3}pG|+y;Mwwix{)U%N^9_rf9po=V|K$C+Ly*maHR73k#7KUi2wJ-
ztUb%=zRVUQ@sEBo{jeyqw$`ts2_70#n{|SsQ0Q(Vo7EM`ZJhZk;_1J;kth8`$ndR2
z+jamm6siv1zHdiP`|r#pD@ldFEAvkFH=XkterugpxA<V4rbUZrN=WD12T}#sVClD8
zUab=MiPX&S#uo{F*k2dcn2+sZjsEKc^C!MID`pe!?n$L@{~ajgb}q`_WekP-ayiag
zJ%@LQY^`okDrppXtIlDz=kc=an*=z`2@SvSjTeUkLi6NXKC<}KOox8t!z9fWAH?&-
zX6-gDw;1wdkcCRTGbcR0_rvDzWi!snR&`Ex6Jmb>LL&n4$r0LNTX2fs6wcp@M;0j5
zQN(1NOL1YQo^G`4b1W{)v-}z7hK6I9)ttLwhyC@PWHV^7QKUsHb#Annv0c6)Kq1Gs
z8_5Z6*s(+J=>DNqA&pODsytHIA3GtDIL*=}>?@~_L--%D_@^^R5lY((DqpSU#yj}0
z>#5oT?aSp$fiTKW)3<(q;sC{yBO#&|1S2758OQ6S=s4jZY`K5$XWy|AgX|~G1Wg?3
z-a+=Ie+lM)WHY-IJrJLzb;`C`tAp8LH@_N=>F1`<E&=;K`LpW@t<d;<;)$^FeEG9>
z0pz+>6Wj2PuHt63F>H;1xuaj_=5)}a^$oI}K7E!|o6!_<{Uow>jwe15<baPUvZ*3|
zhgm1Uww%f+iqx?9p?W+q|6jwZA6As$$6X3j%?cV^a@^1CHO5Ar)B>F5U);Gh_LIf}
zTIx|(LneS<+$NxsV4|aXzv?J^LG$4LX_Rcm=jn6b;E=<%O-Km+coARt@-k#&`_eae
zluYx**LUBbV&pUyJ1_6mpUIDj{jv7QtMf<c%1dV+c5FE^oWCgYX;1S;jqAzjpRcaA
zHt;Ja+4Te>+z594YA-gM#<eces6Q)n4FbhZ%^gZ*490yECd`#fqfPtj9jSa@v?OgW
zZ}qY!sO-7yNMn5$+<S|%>BJE3HYVKH4<^hj{i5sU;q7XV6mw1Ftm0a7_$)jIyDKXL
z<6Z$4MaFh6Usl4p0_MWcsWc%9Z{J{158=;3ZoL)^=i#ypboW&yFJWn>FVXsCzTGd;
zu|$D13r_bzEeT~kA1_z(dI`?&@$ZtlqrH%Sym?)&rwo8vPyT{hc{DOJCB*DPC^e|>
zC?#6Op3XEvg4?#W;g!7~6*k9*n_al#hy2ycB+NE-1B^Et;_J%#{Fy_kv8%&vd&Jw}
z8eVlU3jVba+s1fS=P~FRFe#n}y~JH9JcWBAIbT~rVHQTcnQsO>!oOX(aPe0%?89GP
zYb?-Yhd-jND#-l#bGBlY+ASe53~C)l!nRr2!M^(MZ0(!Pi~k+ETerU$ae|XZ!9eC6
zVqE{qBgP`)c9PR#BA4abUGxoPMS<t&@J<#Pcb$?WEb#C2{-Uc|zK~90mBHG2(=LU`
z?w<!T57n=W+ZN+UBPx5WqxzfLO&N`!OSDhI^T-G0*94LAFFvQ#ZzA_Bo^}N2Hr6$`
zcWada6c1MR+Nw=@JHrAGj&sP;o7z7W+?0bNtU&RTW=^a`!t7|o^jRq9{Pv_Zer|4T
z`T}zH09UQn_bSq$#Jcs!(yf9B(8bhyqMFP4JGl(-&?!0v5%yha)}0loOT>GSDT9NP
zY&B`<`})M!izDG&V^>5Dg;N*yrg2`6w8t!Pfd?psdC|{BKYs7PZ#mCB4;<E!VJTi5
z=}K`iRrV22o}|-GOqXi4zZQL1kz3d(^z&I1hxVj<rp*E2p-xeAd$X#B2`fb>)khvx
z7QW_+0c$8vS|L#5$iQ^fE@OC|?2%|pY^pD-Trp-|m?+cnwpd{=VA#9A*U0~7In-Z4
z@)EN8L;x-dpV`ND1ZO?=_z!22?LN#iyVbeG?o-hnbn>y;4xZNsr@1fhpfX2{JowUo
zA6Dpsa1N@AwRhL{c=_K7wgV@jzJmz(lT1?%I3tnjNn@0nFVm^9`y#?R<z1^s^(dm^
zM$5vM0T4ivY3U|0<6PJ8*-7)l&mk)u7l$+w^00<|;e|iN=EI&e*3b?*!NK+MO{;oU
zfdzd&h9p+%thLZl&9-gNyH&GJh-1i&Nw?pNx0`ONu!ESa(%(hs)!niH8=yS0@{ib5
z-9v7oqZcTsy4{T5f5SZ~_>MWai!I9KQ($Lak9w=HU7B43#SnDN5JCN~hY6Ucp#Bx;
zb!JUK>_NKbaa>-vjs1`tYti~lFcf7*>};Xb<dH!^86Zi5PVG(UuGMOR6hts7F{`{x
zr%okCN#*12ZpTcGQpD-n>=(0Y^`ckqpW84t{hz^t&szmZ<Ml24pfBgGWcnWlRd?O%
z7v*%bhs{)u>2PH64K9o6!x1){|12mK%4)P8gx^GW2-7|mA9KAZF-SbkK6r}~Ex!F{
zUgmQ9fRuJ~c~vIylb(^%e`y`Ep)w3cc-NmqiS={Y9*PCr|2%k7&ziEM7j0YHcu6M4
zb4gnK@@zno6-DuZaU!GEljqYu>Z^U&Nn>(MTV6?A7R#rNg5lzC?e{-QGwb&69Iltu
z!TDRpY%wFJK@7b=hxeA#+rQ}z_1RK{vgBpz?8Y)Tpgv*gY<En5=BF{}$;k*O8oBZL
z%s|s+@WI+hZsZ@M^ql~{cV|lStJ>F7cY0ZKImI(p>1+eMnFZ<Swr|PT312Z=a2xx+
zC0EKzW6ub$EGUmCve5*apb7PUNq%@yd$vsemf$@X?DppOedZj?)!{rfwMDINK-=_t
zNe=zc(~f}R%Xc^%`2_cp0l>3hg#67V_~W0O>gsAlGISrd18es^QO!c`;5%2-xU9?w
ziX|ZWT11x@jyvgVh^^am_MTr&(_-sljT2RkTYE>C*~!)XSyM)xd-P)%b(Zpwb1GCl
z8@`?=Ujci%yc_(wmxmZq*Jv{r40B9ya?qD`uvw`~e>T+PCY&}K*DL!uR3o^&Na{=8
zHq3N#Zee@(lS`!h)qL>Zsh6|YUB&jviShA*?nqEs&1GG3;AkbWn0QC6o!t7$f19uE
z@1U&pXV75-1)WX+7mc2|bnh<XE(tM>PAl$JzrM7(E1m7L<Tk9a4R59`Az3E!YlsyY
zO&<mQZj{^CHJ;4w$<MGF%JR)-DQR{T)Q&4=ngc2Z+w<bDpQ#v1cC@6O-*+!s((Fke
zy!Y^=CnTgtAPT5LFQ_!ZR5Z2^c+yXY;TDV~cW^WVTzJ;cpJ)t<94}O2PFiqsoA3En
zR7#Xl-mY$ZQZm+KJ`weBSfzt_d-uirOA!ectf0RtS}T|{1D65d$=NY+_-ht_S@GZ2
z;meTUb^Y59UI2Nqn?r)No(S=?^BbrBrQo*)?*weBSK}{Gd@z%}&7Z+s$oX({z~{Ud
zLb6~VS-x?~n>qn&C_=C)!kc(M_i}rQ5P~I))x;y&*8#4)TMCqpWZJ~1$l3_haKi%K
zu~QEd)6*FN$EfHdT(^SXs7WBmy`mrK`Goq{15hB8XpX`}^n5xIEyG`Sw`dC<vZ$9+
z0lK32^v^uNY=<wqipWz}s>!*3;rPYz=?^}^E%Hct3n8@Ms3z~)!jplqKv$|;OHEQU
z$!NL3{EEV#0E<3Sjdb`Gk5b9xe-UHDKhisVicpcj1hHjFjwO958AUu5!lTE@0;))0
zgLIlhJ}Ii(0W#E)m5ll8516F1Q?Ybkcoiq?5X!@d==bcm)+WD{3}NO96VlV!_upPq
z3(1^><I#8d0Ape3ARnRrLJK5_o$)(u4EVqVE@Y*9M9X0nsm7f2a0>czCb+^TDQmol
z*iFP314QXQ3=j{k=i$ASH3Z4o91B!vTCm+hE%XC}JcvVaVi%sH4h4-Jcw(L0YzP$d
zK!liM)L)KM2M)lWer8h~Ww6{VrB1m9%7mkRATB*egg`_K_B^D#S#a8K+NfC|D4acH
z^uHhb^TUxL5g`TJ%E`H7D8?HYAQ1f4+OyP^B*2sXBfSDTFtm`mLlf>46-6n6aH#@W
zDUxtW;ma-!n`aCn1dmNK5?9Cu>5f|V%^hiiMiw1CB9w$?Mi15XFGkAFH%U3GXv0|G
zwi3+;W_a(i?<1GAmODkbkOn~QKJKz3!reM0?RUpzd|Dc^sVkUti5+eI!FQTQ4_Z%0
z?@ZHd)YEoO)w}mlZ`r?gujnmpbTUiSkSA)eQ(GbZ@(P)!Ihb><7^%(HTQjZPEL_O3
z0pB1;)&={%nYwC)PnfAGERti^X{Pz`yVcrC&$<Qeatxt55fmJ(%Myfwi$x%w=3YI9
z!k>~VRm!gKF<@(0e`X?|I_fE%@mg9`DX)|R%8m7A1hCrYDnS&pz}$IOlK0S$@2SUA
zXMx)}dfL<o!S4D>ahR^II*@wIT;nQG<fkoX0|>?^-1luD$x?$l0}Y8_n>s`55wJ>z
zp=CBAcU8C1OSt}=KMhk2CDy|LA~PF7(N?v4;kz|;#u{iP?0Mv$mYavI>#7N1SP73*
z=0;d*lVU*P0mde<8oi&iD>0by0Bv$~Kk*_kLv<nfB>jowtdGx_TWj`dyQT=_-W4VP
zNc&4GcDMNY6DiY7JCFqzi$S>`wzTV%`P1PzLRl}<;mGn>mleiLbiEr9mk#um^jJLq
z7K3WFsfVjTk}Ol(dJw2~!B9D9ta-f-w2~z`4pf%6hbKeP^A2J3bk9+i=7|uKVQu&U
z5L(sK)<&LNs{y^*^$$JkdH=+0Z&qP&+mjrNR=&$XI1sM_jr|DIV`ymt=GOhRwI%XA
zEKp9Ix}tgK3ewknotSqkYN6|WVZ60OrRTk8Y`G(s#%qCMnyom}i%#wEiDsA;m@xQN
zcM{pyRvLQ}89NQvx(e~`FO6;c2gfXpk#EY>4tO*iK0u#1G@(x@OJ4XignIpjMAGQ{
z@CU|dN0}I=#%d!+9sPy;(%$<3zO%2NS<Ey>vH~S1YQ9>En}tiW?jzK$q8;Vq5O`4A
z!a@q{=x7EpfXR8ubQnM%Z0WaN;BiFq`XWN@<OlELAj_QtR3#Hs@}TJC{crvGllY&y
zahD#rX>d3YV_^x&O&Af`TpzT%QAZw$XoiUZgqw`JGqeT!PSVbm5%6K0Bv507-^qjA
zLQJ!~)^N&j1PFqgg!I3S;AB;b9Zj-aHtb1<)Kb$;Mfz-!&l~`fHb2)jkd&|w<W7X)
zL~#uc;JIIPlWpbZu@IK<4DNA(g%!eNz)0SxP*%mLB?VxSoM8q>cJ|-uGbA_%F#3nO
zjaFe3UOs2H1AuObfTHl{)q;gTLui1DFagD~!_C&2ORWCHb7ZvV#g=2)F;1xpJGxuD
zxH5a5Q2;wP9C05Ry#)7RCS$`WGg+gY3dJ{cussgusvX>22$y0QNo38|k{%vAMQ{?J
zB2-v0OkB8?$Aq_rALFbjCQ;>D0>Sg>h`K}USDjSz883fy<Ar>yW0k|2ezt*Z{>k_u
zyyr9=!Mov(bL_J#+ME6LY5I<3=aW_#w_BEBFH?_H^-9__wf^~E*AHD^HSFT%Z>{z6
z40~07WW==E71@#GtW>%-bb6`E6laYt(86VaA1xcF!*Ec6XC2g!@IyDN<O2(Xcg1&s
zs&I+-$dH<;{pRm?t9I4+c7<}y^Z!AZp<m!$N(B^KWj)!LYt4UrTlF>N1CrBm*KsMn
zF9gv*8<Sg&9J1HiNY!UbKUc29ukyD?%^AFks^~yy_GrRGy+KmSkUH;*zcYJxo^7AO
z-PFtJ!xMaRO|Fj1Q;1|fSG{(KYh^?>cdDKJw)dJy5^+6=3^~BR!50VB6lcf<l)S#V
zBW8o2Eng4KD-{tq?~#<)o^io<U8#^6RhSAwnMmX=AI(s2y25Ey;)(%9OC55<_=Am9
zwfjdK`P@Yrr|b}m#HHgaLz9GkJvLu^rfoeB`{0)l()#m<3M%K~YYl`uN*qwz;|o<u
zBec-JiA}8l-C{zpntRbM$=fAbR3Im(Np2PWZq0drGmWnt0V52T9;{L@+eOFf#=lu4
z#<jS-*z~k#pUrrxgd+cblapqT(v9dl){vD<tD#wjB@a3RT7XlY(d_x=Yy?&SGNhxq
z!KFp?lX~7hhCJpFol^{P+;L<2KB5HXhtB&3R{sqw>$Lx7lQ~B5M4WjsaO~o|i_OjL
zC_ku4h<a5TRj*{Vj<qXHy@VrAy%bY-#KC3{^yXj=a0=>(O4N<^V@KJ1F^wOL>gAhM
z!ez1GvcX%!QlFScsUV@tYgl~tK7Eba!H#?aPB`QCVMGKD@EPIc^g2%ARw546vcfYy
zb^JPGYHw@{ZF3Dh%{0Nj+Z-te!q-F5cvHpEkWLZ&&s$7VS5(uD=zc4jZ1QsW3&VQz
zISqLI5Y??;8j&SyxW!<?xw4Z#S9wQj)`WZ*$Kl5}45m&SxCXP5cEx;H#S0S?N#6LL
zyAD!U-CAG=Gu!<4_Fj1MpA>VkiM7jT^lYr*yC9h@7nw>_;y8-?CZQ$2V*`ypwg0VV
zsD)s^2}b;cKiUv-f~S0vOI`z~%#@KGZDi5XuZfKBL%-g#jjv%>H3Dt85}&YZQQXhz
zkV!e>S&ODsC&5s5%R>hDE?2i;Bkt+JH&;lRb9uwBeD<xIcWjZg<BuL-ud`V|^L5|V
zJ;xV^Y8;+4jDr3#s^Qu#{$V6&T!E4wwT;0G^n-Z3%FUq;w5aH9?u+fV++W%xb(Q+x
zlhY)T8<uE1T+>gA<^GYeknq9BfA*alSleNd_1^I@t$*g{a=z7|{r!^QB~Iq}INol9
z2@4qdSZGyB@_C(vzTDYn;>|9lDZEsW_9HBX21=M7_xw%%vS5mtlIZwPv2@;NQ$w0W
zROzwL2?6o5jxSOzhUUcYA=I<;`4A%Bu@EG4m)**xQ(HpDLZiK8Y@9uj3j(MNC#Hwt
zg8tS;49Tfk*G&E3(C7OTJ8MZ~{?VjM`o7_}P=AL6BE(@y;dO35hgLj$1uek<dl!!4
zAaZvM?QYEsuWiNBU-lcPF7zFjU0%aPybUzqIxR>npb7ZE>$(u`j-#xrDa3+D>0|=3
zo3Qa>htVD_3IX{%mh}_|MmjP42{pJ~gGgHg_|>FbwBR8_Kls_CO{%eR!ke`Z5v_|w
zlj4jHJgH4wAJ({G>X)2&{U-)Vn@sTECE(tEp!%A13x{Bg!({uf<dfO?>06SF|3Oa;
zF)9SumaPLrb;m#POs1K51G-7*IgD#r>Kr=uiHH_w{0%rY3Fmtmb12!1&w{-pYQ0u)
z_TcH1R*v!|(lE%wc@z^%m|_NseY*LB+Ub|B)r>{0n&2=vQ6Tq!cOG#jT$U`m6%<F@
zvX(z8;s=nq6DnZlZM!3g1!qCOv-iskOn<hHcl)%t$u|Uz--~MRWaPQMX5x?ppn=-r
zl@_$e)_XH4aw6t)RvUK$+Am3ee<Yao_=b2&EWO(jf9d;cXP<vZB<d@xlf45p8Ijla
z+sODgmg`c+hOq}H8Z@rTF=G0HK;!5VC6>LS2H<6=jkJB$O{i8fN@k_Bt^9`GU!QmS
z_&H)cb1ecWJsUV>!%Vr&&3UptM3eb@Llmxny|*;pwVZZgOR@*gNq?@*eqO7Lq11-Z
z$hx<WKHilxiE!|RojvxyC*rU*9ySac+j&g*7@zp(YPuf&`_W?t4msaf2#$|mSi%l;
za1sCDo0|O&fX1EcF1icrWDrj#qkXmiiJznx*KfPtijV6gnow(RsKT4c<3RY38E(Sx
z*Y2O)s%fYE%krUJep#Pikw}uka+xL9qWRE58ze~+xlBwu^YJhO@x0S~;MFIi2$cQr
z5YGX<i>o_EKF#d7W|N3wHLJUP#=S6Co~HyQ)AB9#&lrmp!_>polJimAf%G6Q#KxZl
z=K0Lz1($V%f~_>FwS+n=>XC<hl<Ka+e)|;LQ#IT5g*xQU1U)&RUG<^h1c-5Bx!lLO
z7;~#8!De%Ee%}}wwW5rCfi8>)WQR;ulR!d;#b`@WE5*j_AzqB6^yfc4(s_ck_1CA?
zG|6{o+$`BYW*n*sCduM?8b3_fb}S2SGMn>O<8qO?<8zUc4qhV<^>v_r{->My^0-eQ
z+{?1Uq%?E@dZgdEkNZ=s{jR+$e-5o;mJbGK3wjJ0Hk(Wb1OM@b2`?|pj6a{t0WVdG
z1FWBVf)lX>O$$MoVdv5|hRew0*)<>&>+_auN7Z?-SoYRpOso8K<Cj5NUJYnHz`?$1
zw{=Nmol&coCr4^|Ual*wcns=uzXYdSxf``4E)eI<q(Z@xD4n<jXHu$M8?*F^%+Hzk
z+lfq5>*oiZxo*xS;FWUPuEM-o0|0|nk5+CnoL1B1C+Mm|IFPpfKkPP3+9~3}q~o7~
zw73<zF<f`hA{xd8sAZu%y?5b>uqd9O{!fruipasfY{10HcF_-epFG2jk9tyef_!-W
z<Y}&yK2*ItZlUxqZoD3L81?Lp`cA39V<FZ+@qu-_R71bun{_O#{3ByM4fu(_T97>X
zP^|b(p8C&=?Z1<2D9n9pIvD|j*Lr8Q9a7B?O?;HiZo~AJu#mKnFKxGSEoXU%1nioS
z(C)LuidMQ*U?CFg^2n<D7-ibY4gJ;<d|HTf^hnEE|F*47Yee63p=hn@d%E?XyPJYZ
zZdxxGj0h;i4Cz(QpEOPL3~SRN{hlq#3)ihJ-3cqIo3>luoYU&hk3H}>n%#$Ow?bN!
ziDo;ojMqnOsSl9T*h~D{oc&N35#|LdY{j4B_Ker3A(Ho4tX44CtNyg~b)=5(3z=>s
zPb1e-9-f-Qa#w{)YQ)%k<+6hFI^nnc!3xsmp1)AOpGozE2;mk*AMP^#eKVf^<<?jE
zvEt{y&OU|asq5Opk4t97pxdD;!Sn7R0ZcTHa)WFq_ng!2;!hN;$Wb1#X)!CW7=!(g
z99?hp%j+vya}uYzT3Q|30GUGTf+~H6Nz&T=Tq1s^AGHJQrt03S>N^FsEd33_X||+8
z<0_;(-lK%}R)X$hi&;k@I2r(dcCvYiI9NFxQ^xCLf)+R7l9_}sa!cOT&;G2Sv=Xvy
zKXzuko&}e4h1GI+1v1^M(T~-aM~))JtvsTHOVbsgp{j;FtH=grMQgfK{YFkJP4)Yc
z!Jm@%=xM6|#rO0Ph2>HB5UcrF<{&rM>9z!zxw}p3sUpbhCqmU&!_RoPmXy<820isU
zGU{mxAFBTTB2yZ4xV#x~l9Y*4j>1&B-or!S^XmLFZ6Kh~XoHg{&$AO?M~dtCO8gKi
zkZ949b<}2rj9slycVGSA6Gc2a!Gjqr8B^4^N!g#Cs!#dBdCjn@IUq>EcFQ$KxtG$9
z5&R>fpM#ZT*G~p+0@D9zqN`0~s@E&d&|pz1Fgq(?rOCdQ;rO3X_riY^pB-zI(Np&r
z*@~cZJ-@&o5~m6te<I9A^see%SsJUJu6%rUFE-CnsKHeoaY-|}h~Ft!<pF-@|GAr9
zO@HaK_MA$Lr6fOn-AB?NVV)ME`*E^YcxdfBzQ<|zP6DBQOBW&%Xn+SZ=l{r5&H#z%
z2r)Pe38+}<8sO9ICA_>`sh9f9mm_E7SKMh#;*#R`4hN49c!^zlkx|!*L0qIaO>Ii2
zMJiHeW|3LT-6y15S3RuDmUFMxJw*7y3Bd}l+pJB~+{Q)M<*gwXqy<}HY2EqYPvJ&1
z=0x$Z$;?yiEfBRio;%+61gvd$n@B-x+lO<qLAGDxS}iVvWAK|*3=I9y$tu~{ksi~G
zt^nPcH2a;FsFA>~_&O5<w5^pYP>+sZ2ib?UZ=S1S>>tx^zIxY9EuMLzd7iSQg{G2D
zdKj_yrEPmfUY<xd<{>ptx3D64=W9WR_ss{*X2J#z6+`ZI9Qb=doRkC$(ciz#Z)+9C
z^yDpbeN_1>+XB)OWkxl>tk>kCBs{)7uCc!?sFxOH=an_TI3@lnwk>7l7qTaJSs+Q+
zsw~RNd-z&6PJn}swQW_%(s@TALyOm19)t3YC~@B9HKZb~+nrBNT=BVWXpt0)Jea4>
zj0sBI9DID2C3(Hd%JRwae(qOTKCWjUdBIt@KICfYTqK>T9mf^dC2LjLx173KaeES~
z^m%9@3jvOE^8KT>2!xUH*+#DM)*TOrEZzibTT3SL^V$@3{`&x-LFQgo{@LLJ9U*_L
z0#=n^r<|ypAq^#ey+~p2r>(*OU2hd*W!MV6KS>=A{eLF@u)K?6oHOW=FG>A@Sz0Jr
z-by}}JeX!VLCq(qG2$>w*9^Oa1ohGU^i}K{j5Qa|AFKDvVSD17vB{IQ*12Wb(DEZ$
zQGLfL8%pO4Y9RkWUYN}8Yu?3UJ9X={t7<X(H@*g|r{7+J{`%8iGxh)l9yFm#37&~w
zLGow$=#_jIBI+EpKtZ=PFZrPn7Qv>$tMUKb*HSss>!Kf3Wdtd?RGLWI;kJIU7YJn}
zSE3oDg3*FM1ho^|7qXdDyDR%L_(L-5_w1YM#jIpfmj$PjOZL)jtIgGCq~h+Ko!){u
z#=&STJn=nMMTJprSm)jbt&Uw;7#e<s^G$q>rYNV(jP#4iSJ3?ZulMw5B;P@&d8_z=
zj6p-tUTo$}>5+TdMlPyX#`E=&y>VrqIg}u*7m--vT7)}whFvKekjO?<rl5e1;<iAZ
z(hKABTRHq^D`6Vkp{KOHhWjSALE{0i=iBXRUeK5SvRlqASb?=Jin^5H8m*4THqi01
z{lyV?ua}pum106kV>Fucp>P*th8K2|J`UHJUalTZKrRPEiP#sn-GG!|Cn;ki$W3g=
zCOSm-1e3^`@+1G2f*XQb8OOE8JWc+B>UnBy_;H!(N^XuP+D$;Akb9}g_U~}HSy(?Z
z@V%*DSzSLbZ7B-geQLTG{%SLq<Dq8Qx5mz_)JwX*+1|k#v9kQNTh?zz{&txZf|nK@
zBhZ9FSUb6AZzb?7?TOf5sJs=zKqE$I;MIyn_VpkY3HzLJxn)QK^&O~=tCIfdi9+`3
zvqBp8Td<|C*b^`J$M!t+m%jS?8BFII`&2FSU_4h2%v*j!Iz_)*zd`T;_K=|k`uwE`
zo?E138?P$T{WB!akK))BnH=@so4RBC@vtelcA|^c#%0sB7=5WdCOKm`u}3^s!Da6D
zzp=KeDqyp^w7Sh4tW_5<EQ0p9U})wVe`8@!L^(#}R#Q}(k}coN$()qJT42vZlR9+O
zE;ds$Eh^miF1F!wxrc#aW$5*O_*d6nn>7j>foCdDBxeTrD@u`XZ*HfXIk-I{JOOs6
zO5xmRIzt*5L}BMohX_(2$mN_bf=|SL7ixq2UTot9#I^PV&69|3_BDAXhVG_Xv?Xb9
zoApaIjWXeoHqEh#%?^#s=^#<xIqcbVYxMQ&P2xt%X3hGt$g*EUeUzE0fPIqx|8d^^
zzr1;2RBscoXjs=p?!rc4sF%|e48}xjJ$irTy=(I6&13A{QR8>MqKz*tmw{JUYM>EJ
z-Q`31e0Psv?JE`QrREBQqur~>REl(h{ozZ?zvS^Ti~Xyt;x|sAR}#O#E?)Iqj!_|V
zSny@ghW?+Ui_WE|IG*?DQzk#B-(6*Niy+~?_Pa2tt(b)!JM&uB`O)*sE0W*e`5!kQ
z`8HGX>%(Z;X64lveO7)SQI~fKhGxzV3x>wd;^+4MIdaME9djDePayIZPM!Uh%kSNp
zKTD~OBD6ku^gCC4=tw6wf9r-p-D2m)Or7VUPgi&3NL8KKdu8M(NIh7PV%L|r9LMMB
zW4VS`(3jZ^!O(=+0HN_MSW|(tx`TIT^8f$6$glt$452*8k+eFQklCaYPI+W5bo<6i
zooeTXMP0-5=|g#)*Ar(s2|`H7|LAelWy!NyxtzPrDYLh^cb>u{N1W<Z`#1l+JHgx_
zmUDSMk(Qr(XE!7yP5uvB@o{^{=YP~G{RaP!PVvw<-9&{kT!)+CxV(9Am3Il<hDjAa
z3$=*lE@`}H$O<)uRkockJRa?cl}zt+hh;7<UVReeJ9-t|AQITHGv~j2GuU3?ddtzL
z3}WNh&rN#4Tmb~-?>uR5O?a<O3(Q*YWDBl2C02#W{N7_6$lGo2A!lM7pg3s%P0W|e
zfCjBd>`ErW&-k;0?PE$dybRjHKE5(jj*Btb_IehA@(yQ#w(h*wpaj<x|JujuTm)Ir
z+y#cy%BQaDIW5q`WIErpx4Ov>Le+lnF%8_lb35W>yPYkB5+AfBEI5&F-Rnj!aOG^Q
z+D)3|vT*zNtbiM>Rv*lD;Gp)UYGGK-DqN3T;DrfGU>~;gXJ^HG-CTPK{MYMQ=M;x*
zm_oH7oTIbn!f#CF3y;^@`KEdtL}c4*>Rv0>tL}8~S}mgMua^vqC$SKAoueQ_O#Y;g
z={rphLhkf~Z-V1q6f6&Ub6zYjP_IN6^?`HdVKdc+By68tfk9Dh@3m!umpdO*z1YxR
zgGCE;5sH6;I`79hJGG{&|6qc(9BJ>r#ZpFLUTYE^>*Wdmu|Z+JB5DocT{nI^{>gcN
zVMqSSzsy$zYlV?&vv$nY8^dn{=Z^i8rF)$dpHU8&=$Ae8$nV<-+PxFssT`sg%-WfG
z%gqFbsafs_(hZY<w%ExX9<Cp*vb48oUxX4%GSAbv;*;XmzI&PqBK5_wcnbGjlM|~B
zoV%juPMq@&&tF~F@S;KKht2li0=+-vQZnI`M&~4Yo8o71@npev+AHZV!QxOUF>#H5
zbvL4g{DbYmLQvn>$3#!l+nkt#s-2teZQIyTp}$^q9!W`L+kz_S614{k0wtLqRKvHW
zSK;Ia`P(5UQ+q1^z^lGuePVCz<L~VKa~5R2kYY_a&*IrBQM28?Pw+A-1jP@bB!O&8
zB<5sTi@64cLGJgeZQnH7`UtL$9*-adml64s=Bi%m7XJcIW9YA=A0!glG`xDvcH4Kt
z$-{dO-U$PVN)G4k37S;CWbAPE3BQR8|D4>Jd3X|;@LDXL8q+fCB{=cV+}Uj#Ufh&Q
zblJJi%-%JfI_G07d#ChX5<QsmUwds_%zfaWcOKzr?@~Rz#&Ue?!Sq_2CJ6gI=5=3|
zsX#T1RoZ`auequIUlMj=Q%Q1N!VYJzSg(c4!r4vB<*jMesuajab6C$OmuoPjN|2N7
zTh9-lT(&gWjv&pu0K7_}hkN{MuZ&~4vUnHGU6w7uS(BY}pVv3&p~?HT*Nt;+bl9-h
zcMCEY<*w+kS)k8LVD4VKM_K*sEIDyE?^{srZu=O^zE|!}=f=lyu|)5+fwrL}e4LXf
zm4CxH$0sSj%<oQu)cxKcLZ<}PqkU(gMVLDu<7HQu5Oh0d=fop(r&|=73$k6KNvu-#
zo-EzzCU@w-eSQ<BTr6MJL+?7Dc{C&6R2LD1y2d^p-$Uz4>-+52%|Sz4YcMZU4Ri_J
zaj!c14&rwnteZas5im_#bkt@LoY0*3r+opxy=`3*JTLxwSGims#>8hCbg{^t?9Go7
z;ErFLKDp{%P>TgGrENBffRr8V^8UPo_NMpNr0?7@j<<b&%Yi3`gbTR`pob0XY|&m)
z4f`=P=uiY??zn4MO`-@*<m`%@9F+Hgg)`q3$uzj~A!$dyy#H*!JzRtEoof(+FdM~i
zt_)s{N6SqEQ;xOU)#k6aR|mX-6XEm}uu(4S%>bJH-u-=)x8N(-Zh$Cud>34$SPbm^
zh1B|X@zx?_Gq<x7Ivh|2Yl~{@Ca;QK!G{UVzEN0we|1Q{=<YZd2+4bk|N7hrysxX|
zqd$ec32lfAc?Hv*bG4zNJ@$>RD$IPihcS6bxbo89k->^Wv%@EEKRAHX!EdmrP)Zm>
z+pLAD*?p}UOzin)f5`dx0oD+@Eo=S!!qYan(#Pn|wSBkv?a$pc<$cbu()L^5^s0>F
z!`oIyNXVo2_FH*ixX_RGSCj5g!OZqopP=WoKRe+$NfIv^e_s3gS5rztS=+8zdto!6
z)4taD%X_fEYq&p5&%48U=a>t28a_N>J8&^Dfzk_01ow^t#7Vkf6X7qBXT$$Mh6=j3
zJ21Mo_cy~>?w+-K&CQH<P8uS1*jYT;1flItA@AlK!m`_?*LDrF>YIl=n!n)<txIG$
z#P@}>|Nhn29Nv2MHXI2144Wzd_hrQlZ}zYDl>IqVyS<IuyDFPMv4{9nu^#A6q#fvu
z=a}#Xyt~Qu${(fYoB=ktgQ06if<$O|YX3P0?nu@6OThj@^+TV!yT4@!TytM<wAVMO
zXcPxHHm9{ojEvP?uK(-PC=St2;l3rfr%UY+6;hfr8rTgN<cS;$534Dg(jnaWSMGQ8
z@cTDu@9FgA#bk)YFBmDM{a>~CI;#hy48NBPVXSZz7<Os=B$LnD<5~l=4%PXyF^t4$
z=O2px$>%W)(q03_c$lj_vH;2K0#ht7H(0H|!FubZ%_jKAX%~R|wbAiEU|<s*JC9u$
z1d07ki_Ef;XGtI7qO??G9q_k!atxDkQQLCk?8azBwF)`C)K2`kh=T-L+WhJD(tnhx
z2Xxg9#=bfq16GUSFZ&dbjRbjq3cbrwHa~`I?ES5*qqgbr!h_5VJ8vT8FJcKLVtWDl
zORNHH?+>U-CT|(3pOFxd(nJlAZDAvxef;0TeWtOOk*PIlPvQRR;m2W0CIkt1@*kMZ
z>cCTrEh6r|@c8g`B^}nmc}p89RE(BPkVvX$60&PUt*I64kaBL0<*C2df60Z(Gqe~Y
zu%#WGvjV&^jeoMj?n@;T3(_jDVeiwU|2dbggrqfUEGmybioH**W7f>2gBQ_vZJkRK
zUknxzgp8to^`S``y!osG$(std!~ln57Jh8WJOll^_xp8OSi6eGEXjTD49Te;nHMbC
zPy6A&uy+Yau7WB`_cuKdyj`Q#;DFE9rDPGgG06CMz`RG|S`_cHkKR5B{m_?H=8UYU
zwea$Yus4aLw_KZ%p!l-qM^+9!r_$F)-qDe)sx<8VgQ*$O8ec&PaQZ%3;}I?8cz}}R
z#BFx&@O9l7k~a~Fsy^KXJhJx@ZHQKNpevE(*kf#rx=E)j8<iC+kT)y#nRynd^pr?A
z@<?i9H=sM)1aIcsIYBrVbVzQ`wNS*;x>en(TQ{x%Nn_~$%1Xw!7uejpyJ`YN^NIVJ
zubiF*M7xfAI=XJM>;Ed3>eL2e%K>;D{K;@CUv*;AA*2o~1B!F0s03HXlUlCaHv+T4
zD*zq$mLoJe>O2xeZ(;|hg*#J<<gTxTGu-nxT6ElsS`3rB@aehR#PO0?q0m(Q?Ccr1
zqX=h7V?FLqDgGWENpC67Y|a5QCZ)i+QFOhTPI5_O4sEN-(n&$Uk-bU-VMUt$1ab-g
zNpFl~lP{D~vU3oWhtaI`-A>ZjCJNP8v5gC%q(x})U}mXXwg<ajHM5sL0ZQ@2KA#CK
z+veRsR}{EfX6Hee(Z04h{mjzQ4ycbFq$&<QY|3q$y1`#5=b#ud`Ek#-aDYE9Y2I>U
zLuNMOkPYl6qi;<HIlzsW{IcZ#A=*G$zf07o*fD)@71H#Ro+9}RHnoI;^_p>T8r&7r
z?u#Y5rSt9Vm(1&H7GP=1>W*X>XXJ8;pNwShH#F8_+kG+Mptflmw&0-;q)fjb<WQx8
z;w(OmYWUSXH8oMM8xc2%UAHQErVL)%BWxIvf3<EOF8yU2uyU}cFUe_W^MtcfK8a3H
zt=1O~f7UdQM$nvd&SC8{nuBVH9!sTx(%KWmR=;Q&Ix^?FomUM$$nzF}Tln5_n6wAK
zz{QPcd-SSroT-elH>1dC`C4SB#%TtNS%hB*C31VE%0oAV$z1Ku+;VXuS6hI3K`M(D
zoq+nV<w~NdTP88!E!+08Y3EzjKEgsBQJGN$=g}Hw|5GN%sxsDP(>U<fMUIGVD=psy
z(Xfxkd;}?~#DWEQn|!m4XlWSqMA`p@xYKG9<j-dLYQJ&d6M@G<4_IKjR^NjUE_KKS
z-kKnN)3@xqp>}&z7hktPDRnt&?i(u$HGBe5)QjgSVBJ<UH&fM%i$stfd!fYvPOh~(
zkpx*@(?;*;_|Il%IGXoLbnO5W%Cq`#3*g;(L*O-t7tT;)ZyL)>D=5<W<{*%#y5G(T
z8r1&;4&2k<QueDuHPmP#j4FJ>34mX)*yk)fajR$z2AqWN@tMHI6$Twh_div2`(s%0
z=xUI{S35NGebRN%K&<A9H6tom)9k53uJ8TvjD(?SSFw?aU>GhoU<atgnkOU()GrCH
zUC<PB5wZ-;8gE?I6nmBLe<I@#$|($b6YhU9(Ld(ay+?vO5z;^Yq-)WOQU8{h_JldV
z$&IkE*#uhD%nReOd_`zVp^>>wTn6511kSZ!kyT18U>kDPx2{JW2e87OR3Wt~^+y93
z0s{a<CqMl0HD$m_#CO?YIfEQ6^^288$K~0E5!m*roEx|-Bii~-C7PV;6$AP_8h+lS
zY-?DS5x$EcMXN&J0m=wHmGBNG?TQp}5I)PC@}@BX3$LQd3EemQql_HdZ$wV}6e-d<
zbF8xHXWC}=B~vuZC$!%ZW-|O`OQ0ZowiIbFFCUxsh4Q~QMJvTl2b&UZ_A`$}0)Lh8
z^Ed+elJvB9G<Q^PuV3Ks8g}$IJsJ_EbkgzKimBqJJ%aEMFO-1cT)R)-@J3k7ieCV3
zUaq4|r0EevU^G)#PEvhSk4m6~w3)4HR@nn!9?hZTEIYaGcP?O-FfaihoC9LfGpV>T
z_6-o^7EaHbU<Z>uk&;?8Y=6^3Od^VC^(%gSdWtBD>EI#+=rI@iJ2wzw+9Sy10VJL<
zTlvZ+r)&;i82ejmx29Qi^V`_qR)h4pl~ml3UE9<{awlY;RB0@`B4aF5H~J{*{Tiej
zZiMhHSO20n`Yr&L$g4GJNr(Wg?wqZb$gb-870KcPSoP~!rOSqrh_3EqsX7%5ub0^U
z`{N?QS)`L37;vll`i|+Uvw$3pRhyYeAGjQgRqL5Y&VK%iGj1m|3WuE5ffA-x_*NRX
zaHTRbz^a(sW|lP8KhBkdUej@0=TP7oooep7c0F<Z+2480f9fj-fc@(`Wo+XIM7Glm
z<Wr!VM!G#}p9iulPNVqu(z*`7s*RA}U$Wj=?4{lz?53R=IJdyuTOpS5eDtN>fv4Q`
zFb_D_?}q>07wZBnpBdS5GolVd@(B#cBI0T$+?RR>^SM+OwR@;iu3~@k<c6_X23Kw!
zvHVTY(@Y3k^!5Pw*!1;a)l=A&I?LR??g7t+zuoF&l3i==YWOsj)rWhw?z%EsW*J^k
z3H9Hpms6>%G7{Np2^kCE+*lT+jU&|Lj|W&=7w)^7n8lLe$7M>iDE`y8EJ`4Bof)p~
z|D&|_skIFOpUG#eenz?>>)Y<k45sBa!A~!Ez9{?v0DgI+bjwXB0=E|_+q=|4kQql+
zzu2qtO=IyUDRa;Nf$wgS>;H2!q~Ps{CAONe^7W1V_;D#6f32u>uXh~>l~T?02QMjL
zz-5gWz#RA_F8R6eVv}U@6(1<~<24oE5m%AI5pp1a@GI%v@d!wD2qgA{Q{Vt&qB5bw
zMl|bAm^%RqTI4}&SlVH^Ids~N`Katg$61{6aElwLs7x3RJpCc)mVi^{t-4a+1^$UM
zvLo@MWoXKPA-AsgE2-o|)<?^Vt{X3L;>c}G4R^S&;5ZBWsk-AS2Ye-P11WA;%Cio#
zSd9!<bVJ2GG2qwH+8E|-ZDLX3mndr@y)W*P4|eWWoN|N*-gCEj1Ur>deVeGL4(xuI
zD?c!NXJt|Z#MuGA;?mWs8*=!Ayy=QwY_X}kZF_R~!ss*DPOej=61j=MUD&u`ZlzVG
z+IdK*4nAN@vEG_EKh`o7hm96IT=R+2ST-S1V%#vB(sbRc99GGPn%hq{mz;JDgQ!!$
z=zy1ID%=Sp28^*dcGF5$mG~heR10lUIMlw`2XhbjubVED;8Ohy6gIvN5R*OJuRyg#
zVpHIS!r7xN3iS&__)k=a0acW|a0i7KM(_|EYMmjK-PEw(ArBri59{7}8{8MiOxgSF
zE4mfC3{A!RC9@+ZUDJO+>RtyxnV2?U3o5hTA3AH^ih#@xC4l=^VENL5#Qa#t-`~kC
zpi%UDnZ9<n1H?%XY+Pd(&EXqcY65pct0Hz%FAd-65eF#VeMIgLiqx};=J)^}7^Y*s
z<7I37tfS_K52R=u2(n4%qDp>Cm3JCr*Jx~y*=Jk$-=+a3FC<X^MJ`)j=GR`eWvV*|
zpgN(NT18_vxhV!|b#G?Xy?-V5nPq?LbPVnUUB4oILTiD|s8IjuQ$nzT6HVz&CZ?f@
zp-RpTJ)8@h%{q<UGu(-@{vn9*Bj9AbdWy-d6REzn;fq11s#RP4uVmd$xcXYFwW!j%
z>8;NkJ|$hH3S)3CA}%B;l!Zb=K?@FbH-dyW`ua;;6#jq(Y<)rIv!dDF1VU_;I44$b
zk(?u~BjS0WAA*YzCq>c!V(F{n+GxJ76M}2dA_aoGTk#ZkcPP^0Ufc<7(c<pz4#i!I
zyA`Kck>W0eU!L##{*$vab93h0xp(I?o9xb33e@+>AJS-L3hVuDNE8FsI(`iPF{_gP
z$*sQ6yR4S1c18bp{<Us8{9++^Y*u*=Sn-vxT1(diN3Xr{hD%FaoTT=)RxlNF!9i<Y
z%pn+afie%bQ`3+dq>#u5yHVLGp)<9~SV&6x0Faa1gEa;s+_cA%3LxkRm^e5Qn%?ZH
zhuXy*iNF@d(D@H5k!l?m;<ZNf(DeLujy%SS=y>HXek3!GNL;nTf*+@BnPObX%q#7R
z#4Q1f4v~gD3K7;qT;?4DIoXDb?e*!UMw@wPyX!{P7B(<<l$7HUW!O!&-%&3cW8D;D
z<sB&o1}y&0x{1sFm^D|YiU9EafTGYUFi{{+8a_Y#DXPDDsr++jO`o24YHsk&jYC<0
zVp@y2iW#wz(gNxGHBb8UDc%xMEv;Zm@drvCF*N{dqn>#74fbAxHIwN-srSh15wjqF
z*iAx{G@jx>PBuvIj`%ep{7&R4!Lg;R*#35H;KeWWpSLIJzaO+&FAoX4Jr`rhrXy3V
zJ%uCVhpcQ<N>i5x55SzXUi?dtG}LmR&rlCFzKdj-*J3W$NJjqQEre&uD<O$uP8c>K
z>OE%t*O|uubiz<Br>11eU!x3H@A9vuX}v5N>%{%Tb)-b@4k<2YKw0d*g-xH9TL&MA
zGr)v}jG<sB&JeicYOu_SMsA@A*unAkrWPVyMEIG|VGl~yA<6jR$h14h8IW9pe8>m8
za22Wa3BWb=W7N%<t9I$}V!nz^N;jU7=(%@|yX7bei1g_W!R)!ukzqcWwcM$x?~+K{
zluyeU>28emUy@Gi9!}MjclwJM*=^aY*VqtsDLiIitA2T-4Z9GKk)?8u8Mz<2Ucw0S
zJvlw$d<iFS5fyMijI7z6dCa~Ihh0c)tX@CxKR(-TY@(;-iJBJ$o>~T;*3MR0JxeYo
zQhzAF8Z<G}*t-S&T;k4QG&kIKFz{KwH>Pr4jdF)tl4_^bjmFkhqoyu8fjCe8u=j8(
z69COt44Z*AdKw*I#!1WXI(W_qNK19n*;X6~3Qfr%B*NJWUW`1#9Oeikadsw3K=H1!
zOEE|>fCPSIH+9L@GfzE%zT0rknyyjTs4%DO_>nv|dBTN_jQOC+$05-v+=evPl0TpV
zRS*9AUQYvpW7pxKzN>wvt`BdG8~*o22Mr&}SjUA^W;G2l#KJeE+Cp)ZDL|JtBYEYA
z5Hg@(fmaolv)>;_TlIRuWA&^bnf+`>b_=k~F}9<03s~lq23p2-EqQE}bi;Sne{?9Z
z->)c}ZHO8Ne)1P%G3py(4r@k|^P7&G+Cx<58<d)W-VX)?*ONMssZoizq6LyP{qOWH
zT--`Vk*aS%B>I1ShN!hC0NnLg4Z>)KD6wXfb1oY(O32(Umkq+<fm#3({9pdEgbJs6
z0Q0b);=f>|R_qQnwSHQZvgr=<KfRl=W0_sWx#FUE8Zcw`!wif+w&BN?)7O4>&PkS>
zexXZD<6Y7dk5d-J(rfeekzb6K&%C+T5DWf9*mIqBsF*4#GL6ghtI(4??hC7Svkdy)
zY)*<4{6g=8cAP|G10S14Y0^pvHGI`c)}TtF>OF-5JKPi5b1=bH${Ez$FmysJHW}00
zu+s(3)$A~FEUaFm7dKPcT=@4~BT=to_A`3>V{rP1U&Mva8(Z$0|5M1>i$wEFW@rNP
z3>Y~iyIKNxTwELVu~m^R_3rl&$v=e*{A83J@pMGC+$Hf;MM&<@#TcKC^e;cGN$?^_
z78B&ZuIVIdDGm$%OE-$1%b6p%o!(pnv=3HIT~tD*ZR11l9&xJQtOTIvu;yaXA1<uI
z`uZzP;g{M*EAGyuYR2~tW8HJrRtB&>nvRM#QpV?Kk0Op6Y(TJT-52@CD?aFNPmE$t
zF}kTjP_S$ic|s7KED?wf|DHD>11a&o3CPcN7d+CiUy|TG;KRjT=cK%kTR~*ZURAF=
zHp+xt*v$sCcM<asxu(XVEnY2+rB|}h9iy8&EVLqKsz}#21ZFrCTd<v!S%R8c@fDW$
zJX8ftGo~CPlxBS$dzx~G-vy%^|F{*)t+I{|Zjx^$fzGVugFIGj)-`givy&SX#j8LO
z`&W%w(^v#-TXs*w+_?un^!cp*wqQns;nR}QWvKLm{XFyGR3mgI>cOO06T`THn9(4;
zX#JjK5hyKSLD>Ytnmy)L(;BNTOjhJ@M2JY{5|HQd5~?XHE*pfRWgOkeJQ`ia?7;?`
zhFx|DZo3d_*_P%RlN=H3l?NMwn8$^Ji>2^P4b2Lt_?*@dhnuvMr>3)&*w_-p`cE6P
zk5KHZ1bMdw8j(eef9d@A5}YO2l);vMoNe2dcA5DHWbYvJD3bJHMcG2vLQ`44vN-$S
z15$*aJASNFeHR}ZBi9=0uGL=GxWOxDFxg-d6Ia|Do(DP;M76dR8N1}lb3oC_%GEM@
z?lu3(gORwJPw1_PFS?rTQg-(OFwt=_`wtPY2>axr7ztXY=sQUO(`ddGxf05qFA#lg
z0yAP+PjM_F6yYrMo>}ovi<hOb{wO5RqwgxDNL|($*l6?r%&f-a2{KJ@U39Tz=Bsou
z-52UADOP%Y1>de;XcMeIO|5mZEnkyCs7@q?mE|Pl3Xl-;?u?7*3PahIg~IZC(LcV|
zl6nu7MzsG0_O9z>Mjp64((R3Aj37ULddf@_b-k0>oSG7M{*%UIm7OK{XMDLcg9O4k
z^O#n-9?JwZjju~txgP>>1u=0oAp8_-#6?y5USK!y(+37^Wu4a2z&UZ010oRqOw%&G
z9vJM{LMhLGECJfEFlH#(&1Eb;H6Oeeb9fKnoOT@f2;p3{&O(k1u<vl>7q_M3Yp*2d
zdvXWx9kXUcr88$VW&jYANeasJ<%=DgxR11#?Roixw~H)A%S-ho#e3w)lF{DH?az{C
z>2Omxm+TRNC>jit&=C1aqimot6*>rLK@(iK0g&5ZT8Q)a2L1v1aTEl@MDm{=XUK@B
zY93)80#%3zo}_2s9R3QvoDb?W|DXoZq4$3sl>MTcQkLO|9Two6#}OFD$<G>Ogcvfk
z0MlzHd4s_ObvyY%4EMtAKiP%URrp)bc8d|{miH%gKCf;$fp<jiFw$p<2gQ{G0$a|2
zBzv$XCZe%Gbpf*On`7iNsVF;8VN_{8vXf^XvM7G|u79Fcu|ui?Z4RZv*CxR%<SP7i
z)0Hm9o(!Tm>~BR`9>Cu=EF}QT6>@2)l)(`xgxf*s4TRZY3=bmYuxJmVcQ|B*@H-gO
zfm0T{$+r}Jt(f3<<h#9{MxevN8+0}kIYx=d3`(Z9_a^IUz9xdiLNtbxVbo3#{cjG%
z5n}XUIl`(=qZyrVCkuopZqiB+#c!SRgtM_fs?ayX>|oGpW^eUG@bDY6ji$A(*g?iD
z9D?s&f;U~`T99e|hP>9OJQYPL;;LG)Lp{-N&vArehx(%0Bk}}~VYO%uX%ga#Y*{t{
z&D2crIoi?>hoD)KC4?X;vq@`Eq6#G{;_Ns1es!Pz2`EG|l^4-&FrUO7)eTI)?s<5V
z0t#a9EA(aa&k#DIQ)(-ib=DA2OC2EiN3ID|50b;(Q9|*fXe%I|iNFMkMU)5i_DPy|
zb{)R~2ANSOKlh%I5o00BlxpZEz9o|nk|CD5kN-yazWI&1`yq4%>4?=~0G+%1R&%6u
zGQ(U8#df4Lxq+(SQPXF;4wJha%15%GOi!{9Z4Y@%SD_0C;_C}jPNDx?h1xEbrM&Iq
zfX5YND7{;trS3-OT{c{Z5Mj5kLsP4r#Hb@(1eAX1p~t;tLmR_gVdX9ZY(|-5d4^dZ
z^&AVgprhJrUddKq3{Fy8Z5iVdNr$jhcp4-q>(t7Av(O06%tC26+(Wqyug!2D45-N0
zQ(1j)w~^E-TCTt~x<R3Po4m!sASqPnbNNJ37?7h;<S|N=qu!J%jqE4&t+PN_m~?iT
z>r_c2P`xZno!OY^kicqNe$bA((jB?t9YuaVlhoh{n6N}@6{In^`wT5`u9`3<>w2I1
zeKu&;VF?)29{fN+IBAT7c#6NTdT76ngPwq_lXm{2udtVOy_p2HgIbBSXVzT+5Y+rl
zULfp6F$H)N<W9X`gvtN=CSUtQ8~<<5Z=t9C+`sQw3$*E<1Iu~Q>5fx?K{&zh{WuP@
zYn1QRWeE_VE3*HFzllde@Wl@4@Voln+o{R7`$3$4nPrXw6o|Z-h=t<~QD85P#<|qz
zA^pM}J>x1u2J!rM#G5XqgPIp^#Mz<THpFzQDO72DEZG#=q~GG%b{JcPsci<HV*V-~
zKPX10t^;$ubSAhFjX#$Xen^|Gz_yd;D9bh4;tQ?g2Bfduk(-$y>m7kYMSHS5eu36x
zv9X=ef;isBm8JbPG!dFDGksXpE#GA;9$<AgPGU?c@#VNg5p(^9Ra87@6aMcfu5y;-
zjdL%R1ACCq{W5N=&Ykm2To?bZey4KtoAXd+b)0r>9C4vO>w7=lgpB9Iu;SB7ikIV9
z`ZU<cOHVuY(xDQ6O$_;d0WkO4#4f1E6Z;4G0%kEO@xFFpE+ZA#p=J9=s%GU(JUS6W
z4zqryK`Gwn2+U#AMEe$><Ki-zbT;A#?UC;<WR?j)Sz;~}`T4>_M;k8{#Yb*VI#L^g
zR6H$H+fQBwR_chvDhUgdYT`YQoaCs8T4j1^YQFuBM}o*1J~aCFDE$yyy3qa+tjOV|
z`bzUVqvWJ*nK71!FaIQx{g8O|Ulip6T?Q(97-W=ee0!QZfT(_!ddadg5NDmF%&xcP
zPoruN@lK5D4>IcE??<XVpj(Fh_ktKLh3`~+*JEVn1x|t*_)_AQ)_+sg9P`9?Oya-C
z7`jz3cvtLJ99(dvWbiKDceYPmIFcy(V!6SYAW5BnwjjDb&g*M^+;Kf4nKxZVeH@ZS
zV$}0mNPXN5Ut-j^jKrwQ;bQyUAu)KZ!m`{7-L-Q%zc1A^I^B?Un&TO7NCV1acWnrA
zUI9<>yNn(4AWga<u{3TX!G*77Z6_)!T_>K4YDZhV0Ztrjm6Ie*v>6kHz00>DS`PF-
zv__5%MF>&H)r*KnacncIh3kW639n#1MkUJ`=s6$I5!u~k1mZ)e15L~3Zt@m8)|NE}
zoy)w7nBgnQkqzAnjYub+!IZ}GL@0B$N88G7Z3NcjH`n)9-8xCEgi96iMcXpk@yxe^
z9~KM-1FTq>^_a2C<CpFp8PS`{33iU9%(g#k=S!!|;u|bvR<}3i7fdofFtuyA!M7XI
z^;1tWpSN{sQ#q7j$Qmj6(wU<{S243%F7;wqPQQ;|!XlKC5wNdR^kv~1L%TjbpiE)@
znrz|v%N(DSz`u=U7rENQm~wNzfBH$KO!~6w5?cZ#cAbuop>q^`FK{L%qk7si?%6#b
z1%U_;I&s3k96CvrGGf~KFT?gFp%Z|~Fer!B_=ZT&QfKz1q*aA(5g`txq+qUQ0QLS&
zQo;p}dwB`@=4Ce2w59$Wag)SAPDZHenUjG6HB#rK?Q!%CLQq|K^|-(zx{tkEQ}HSN
zLr5eNLXygZreZLMClIW+bsZ}_|7K~tLfW+M$gFCrn*!D7^g4Dy;BirN+p}o9e#lcG
ziC;+6{O^;tM$7W@m-s&V&0Q+!mJZ!R_2s}SVG2(d=(@)v=jeC-nXV7|dVxaVuIQ}X
zav1abUD0MBs>tu_SROCw4PktyR}F(7QX91wiB*ih{o+zIkr9nud@T0?AEb@fqo7-x
z<sON{zF&SGxof{=xV)?>W*t1Fn#-oW42VKN_>-A^=K_16K4bPte|M%t+ipwXoyF+&
zx_#X+jKm)y(n^b(Vx`4iE4%wa@j<p@O!C%MYPVBqZfSJk(v;%78d`qW${MlNFrC<t
z4n)*2`Wa`GYp!cWeGnm%W>tk?viHw{u!oMaX%6`4t~*~D4TV2T#{`|4$OHV#@-y;#
z7lUx!V~#%UK(7wVuK$K`t;oUz?KY7FwvDl(PftbV0<ySM5Uz8$p{lBd0DoB!(t)C{
zI*grI2Ivz>7A7sPfegMMu>iNeY-mHJwghy?gQ8(h=Ps9oDUAptYR@TS20{C3@#xLy
zgN!!P(!cqWJrXyP_pqOWc;&7}Js8IB_kA<D>y4U|(8$X{2;QeeZ|W<z$ei2pE(PyB
z+%iIiUC!Cuj<;5qPtxP3*q0X^aJuLmea}yRH=%51pPHVZ?07iLF+aAR^m@WpDg03W
zI|$48>Lii-^TbE9qSUoSy;ox<S3$=#wMc=0*xL5{a}biFt_x7$!>*$=QpF*jcK!CP
z#(y6!+W9TYg5K&9rj4t7>MRDwO+zQ{j=pPMv*eMhQI1RQZ8Ln1zQi4q4me*0TE3b&
z*R0<70S$Y^?8g0B)*8-RKF!;Y4n=-FmAm2djT1j_S>0pZWw?}FV=Nc;ekTxLgPQ$2
z+%`*5zPnrzs;;wDy4qMAdv*A!QeuCOqdwwP@(^w8XsJ0<>)9}A+uyL9NmRE8(d2>G
zXIG=h++@ufGF_+;kTjF+R-&e}fj!rm74(l9d>Xy1IsRK1u4(hak;P9pF7JL_o|bsW
zw}k~P=Q-Asv9&6zdM@pV)B45aL4u<>)V`wvy;^def_q<{xh2|pY^!a)*@GUOTIpw3
z<b)?GrR;796waX#EUuVM>LMFHVb&^}S;~H_a2u*p0##p)#0spQP#JC>B;Yz_xAW=$
zrZ8cj*hO#tBmO|JVqyB>?6!d|cbdImGs+Q%WJ#aU!pX(8C;8%uNZT!<!|pJkSx+6h
z+gL<sTfr<7)`8*&-BQtx#PvpNn03$`^onCJc~~!qK%-Xex?atT7@@9Vh#K}UKX~Ka
zjUTmM{!3-ofe{7auHs|zu&~U_L)fZhaTdp=LA-_7pWE0OY&`F{&Y+$QN1U`zox{RV
z#U+~skAh)Wwc!^zLMI|`S4O($`Sp(`T(#1>Y$efMYK^N^zXB)OKD|;z{NvbF|65|M
z@4^e6`r!CgsfkhXc^h@?2$5ha^nNgoRh*U4SZ+yh);Z$Otb2{Y*YS{Iljm(>s_vw_
z^<>Pj@6o$|ifmqv5{jsq8!rfB5{rOZw%_A%C5U82O)yhA=m6WfRDmRzJV(vt;z)dB
zr~%)8qldKPJu~(v5LXvZQhxFx=%=ya^2z-D9&?HqA&h~T{l`}6_kqjUF9qDIz-@V&
zFCm<^UopU{`oS4vz>9{NFOI@TUzMODp9VCkQeMIj?f+@8f^P<yp(0iT1w7NQCy2R9
zyd)cBLZGfkBG@~#(oKH<Ze8GZAyr^sWZV?Swla-T=P}h+{1UB^Ga6rfr!tLXH<gPf
z+Z2w1ZZFxSwvUg;NIf2*_rK0n&iX_H`b1Sc5Vkc7dghXR2<C^ZWd7!fK&Z~j2VwVX
zu}<pj5gn`6O<iiXEN{I*OMvZ4=0)L4JZp(At-*)rj&dg0yOIb+@>%vl-SU>jIL`(Y
zNSDr_jO>Q~(Lo2*YqE6#%~`<5`zYp(zr(`KsNl`=Z6cIMoUo$I(%?D8O#d|AbGED*
znzj*fmUK{<PWkRlXFDkvZSvsJ(akj{)`7OX4RLb>8)khHX}lB_a@EQOlhbh5@9Laq
zUncQa6(F7LFowx}mJwf%qTZ|thRJCcac@e-CGM5ZLQK4Mq4!y4%IgPtLfX-H*Hb$|
z#G&^S=K<?Up|5wbzhC<qS>rJaMkro+w<*|)f2ZvHOCc>xkv0}5{qb6EW{v0Ftwb~D
zGP=zam(ofE?qdqxB=i=a^%B;)h#Z#Wg<xunROEkiF5gCq`vVbnWzv45Er;u<{Vcib
z0NJ@IrGD#Oh6Ot>Z!$)C%t2NAcD!{x%XaU_MPQjVgMA}wY+gv7W#*t@&CgAQK)p$_
z*!k`B=4lbe=p2%iQrZARmVJp9DJ26dze2Rz<jR{31zui~D)RSsK9+mFU8<bp<EE0o
zncPeFbyGf99M*E8(G@4xh|)Scb<}BFHQ%}L6X>y5{V}(=oHoureqbw&QMQK@|4(v6
z#-k{3>IZ3?r+(36^MSWw<<TkCg4~Uzi?X-1r0~-Q9jw)h8WNHD!FsJf((k*9dZgDn
zVN(I(`3F7#c<95CuFYoF3GgE1JI{vI$a%Wa&r!VGR~%!5-zqH~CK~Nu#~4vRZ-{iU
zAyG|c<Wv<yc5NlU7#I4K(fml2*j=rT{6{x1Fg0@{j~-C9#>OymK-xdkxT303wpGgT
zeV9Qz@27Z-(HL97@m{{7CuHIToyR$==o~<zYuHR!-MOaP&JL5aBE~eKO>rDLm$s|$
zyXxk(C&4tS-7+$Wds+Ap`nONE4YaS^55RSPDy1IZ`cPZ+w|V_06dGJ2f6E>};r7&(
zRNsN$)Ec_Qs?$qmkP!o3%Qo9cSrJik=I`(5Y<NKL6~w$^pNSu`5M`x6MnCoe?9Y$D
zhTZ>1mo=|^rv`O1CG3c6A(3^a=okORmt#7CO(3S4t|{MCu<9vc+hv;aFTp~TQAD+V
zuWa|&aWh9F`EHC?JXg)2XIHGQf{~?B>z#V433_UF5RB37f4l|YaVdk*@5C=L9|j34
z`@Z)D7jFMHf)cd*>&h+DxBu;DJ(l^sPW#kb1UuNh6=k*XE-{)bw5a0o93sn4-xCGS
z1oK^W74MG|K;0~CHazA<vQfhv;eN#ISL?$V%~Azoc!U>$`NGHho!jG6!;ikT*E&xV
zm49v4m59-;?h5~w5`l{xDYd_mke$@~>MaKMvC(31r)E2DQZS7fQfF+&<y?PE^-Sgy
zh0}dX6|m(qYye6*g?O9jxGIZ49yvRpPTv)sO+viiXk01agZ~llD+4FSY}OB^IL~@5
zeVBAfdN`e0EsJ-7A0hoa4c8DT=Eqb4C{OcrglMW&)}4R=nI*zU)c%ftE%JFfm=>v?
zhx`TBh@o6YrCDjL?(g~qZ{-ivER`kRp=*u;TmfvGG;3nzs65v%y`79m#3RgJWTvja
z@Su?&F@Arrn=oMth_*cB6h%v%h%`&RbKw&wK?$qFyh_gBHyE}4$%Wtf^&o1%Ttx8-
zId&f_ky+I=^^S#iq6n5c%<1%MrNa&wpp8cND~~zM3%<b%@t$+O${>WLj&q)|*-hpE
z!k93xi1IB(st`0u_Q@qDaBT33xyH#3)4J6!g|cL0r>MAn6XIP$9=wQo0tq0@#QT~I
z<L&tXuCHbrk?TqYm^JZc8$Z_mN(<@{_IF6PJ`l+3@{9|ARb(Mq9jcE<CAd8Sr3!up
zs_)#YOQ-g>8)hsgb}!VUZxpUPf7vgNw$eDW5l*Mi%T79n%cz-wS#QPmGFZa*ID(~)
za8hcSvD2ZX4RW3(aOj8LH0otAJ}2ol=O1RB{73hBn0+<ef<`@c<_)K+Fo0|5<e1jN
zyIcQ?T6(l~joj(gS|*-y{8OsuXI|ZA!~wsq&;D{tAc7fo3%#6?8yOQQtEnC($rYkS
zF9yjX!&id10``x3l!)AZbPyt*$~#pjNzK}CW}V8nJz}ty$dVpA%DA9^mAK&&W+?$M
z?=xp8>;FHQzD+P+4p~&{J889NXD21Yzw3H4)8B_4a^n$2V=b>=W)<>V!(dQ{Ydn-R
zZ6WbZwPotmTW%~L%MbmWlw9VM;eY{ykOwI$S9K-`yHzR<GIvP|@FRJ@UssGbNz^SN
z<`tKyr5gaOTc31pgT2pxxpBif5lWGI>;u|n4)KohzAC?fwWOPE)c^8}&W<8&^wkrt
zNXI2W;O87i0j6oP06t^&`(?-ILwEey`a7b!NhGI4mM)AaW@pV)mwxa%rQ2;NJuG7R
zrT8Uhw5B}Y$%H%%^IQo>V3CpR<BJw5uXFX(m+2803&Zp@tAC7~6hv@-^$g@Ev(9S?
z*FG<<-~TZP`!!zq@K?|kujo{OXI!=@jbRS(8Kd7XKUFZNZ><XR3MjQtM=<U*x9Fez
zCyUh?-qaD)k@gt0I5CjxJPYmd3!;#B^!(o}!sa+}HeA(QA3@_mh*KY7O|bEvxow(f
zlH76gs|Hd|h?Pnq@19D?1DNv)Pa){^W9pO<H%$rXBU!&+L%27-_r$tVjOT{H9SQ8$
z<ZK79!<(H1e0M&+yQ)7$TzIF#^j0+N@^eJ*U7NoauH`w!l%-SsJoy?GrMuN_5v@fD
z1${`2MrB8gnON?mQr@oZn|?p`6v1|6a68HVr|NNGCd9vHsj6SODGM6z0zw|n8GZ=i
zgK;>=t)f!{<9>^jdIwJK$g0-)dQ08!^18AGPlw*`d((Jafkh)uKiO>H7)5W2eyzIr
zF8RB-7xo}z;fmA#KOt$p`-Wq{x*RjHk5l%!TP`p&vAD74SeNRr@X_Nao&ki(67OFz
zkAqx+7mWQK@O!7^UhaweJ1XkEecwSS{`l@n-tA6|lYd-S5<xG)$s-6Rnq>Ij<g&kN
z(Ohqjj$T8x%$r^<>A0!GG#09sYNE;N8?SwCyl092@Suq~^o#FxINdP!T(hiI6q4=n
z6p&c&_nadLqu9%aI}D0rZo_QUYLGJ9SL^BE0D-6e-}r?m>}zfNrJ9MMPAj>Bwgp4}
ztnxX1oTyUs60`|O(R=&(iC<n{tYFsuz2e;!=ATvV%#Va<j3P43js;r#rK_F_qd$LH
zaE-@1MD=0NKK0W=pU3`}U@;%LbB0j{xI!KVsLS#>D&!>0;17}#j<gs%KRqhwZ!E0&
z(G!6=xI1R5x0!X~BKznH^J6Kpja{Cq<Lj?Z>QVHYNQ3X<?K8#z7xk;2YNLJZPgG;Z
z5q&$f8QY)%7RSv{jbt37#QNX;Y|9>u&r#+zCxEcP|HUG4*+Te-JrO#n-v+)+2-98f
znuOcVbA2C{H2#!2l@-UFTo>`eXb&O8KSbMiZ+1#c-0OUqIAi)GG|3TgkE-iRY=Pp$
zInL0Oo->E9gx~K6tyqp&`-|A`M^Pb|_+?%`<l$bMCjc9=VV<gL$hVp6D>BGQS#3Lc
z1K4H@xwA_x+_X%MQQ_+@9DF1Xc_`GHlg8cu5b|KEb+su9yr2wuc&p`#7B%9Fc~w`k
zfBO#FF~ynVV%x<>1b!Xjq_nl&kd2|Fgy&>x`ke;#4OPFNd6{4x5x4|?LMu$jTK5XV
zrye<5G1-bmS<I`4f_;{2)*G&VzqQf_$od`w=G9^T{yT*|af?(Od_GkTuYZwdV#4#!
z=^b0HArGZ$Kf;plIEeQX-cJ|~LngV$QG(Jpai8h>{Z31~BXp`<AF=5B+nGK*D|Gjo
z-)FzT?hU$o8?f7Xa*E%+b_9GKaUOdQyO&uN=(kz{Y#TakVm9Z}?tf`=3ehbBZ41N8
zCOH^kXN~?mMw%#Llnwqo&#a=!|4L6Xe)k4Ip9|qgX2Tx1csp^<>(XNaZ_kt#2vmpj
zi87%*Yr}CT?9OSWi^TXn&S|&Zlcm=?<qJx9d1Dq09BBJwc`p*2*8LwX;qqM|yqk__
z9c-^(T_oA>ahkrEiJ8p$1$zk-@9)q~bTc;c5bw{?Ongs76(ZU1r&h)}^x(>@Ir(NP
z(C<f3C>W8<g46GJSs<8Y%F*vPU9g;p9>y8+U?l6xFCWS?KJ+e~GQMGiGiSw`o#7BQ
z<RMn($}T?IJax*PmrPzL!c6Q7{FQoz1@O4MnJ|<W3NaHio$-t5Q(}eB*!d4!du*RE
zuP(wZhd#s3xyDQA(yd1Pw&6N(Ck}j|4W_A661=jpijC%}F=D*p1$ql`!o%t3gyaH5
zc(O?TC_@B?V_pe{Sc)v0+J!v)lDMMwHo)umQ^-qGbms2&W6Xn}-XogC`#h)<ZNFi1
z7O63Bd7TQabAEE>a9UI3Gl06`QQ={{ZkoBBsQup2QUxz2*mTUn2Q5<`NBX3}|JWw?
zAR!MP67TDIqG`Al{Iwz6@Mb^pDjWTkt{X4>gj@K~cTwYjm*Geu_uVlXPD0s+2yR{J
zs_HKv7q>1IvVO9B_uWrS6&|~qxYKC3;Y$#O+a;U_^9=<3zfeJnMuOqhjthif>6I=%
z5hU>7e{{mQ;H>|e(JVZ(;MQyLj$Pm3^iyi5EB_^exQ5P}G8{3OY?I-A+~Zw_oc>2{
zDFX3<ms@a149no=XKW}^s{iF-9`ULo+*~shAzulOPI2wG|E1aKAnc$3?qe!9^m+ka
zzUP7+l)%f4{=gX%xLv3$=p(GjNfe9s3ka^_nSWvr0;l6B(zdOI)0^a@L{q`Lz11w{
z)q<O+%=Tc<-8zuVn7@4gGV2Vt%(!I0hC{b}*_9j|Jt4v*MR0x)L8<J2`3qQ|B!*Xu
zODeAG!ErMcE$lO#PvsCf>;jIHN0?z~|GCvh2ciEjzd;Im3^s6NOxve}*9U}Cfa&2p
zza--vBH(%o;OmQWIEK!QtIomQ@rk&FNA#GTX^C|SUi|ol1wN!5OK4#v@Gn>ATJ0;q
zJ2fd}_{$7O%96-71Gp0m!+-4>{O!CrA+~UrMMB@!s=#ZpFB^RRQ!4ReF89O`9~1Dg
z7~W9^W98H=JU5ytA(nPeP1s!AiX+H>-~sUR#fI#|6?;8%LdW4!oY|yzAK;yK31fm&
z{;L<<8^(Z(@q7OwlXqh1nT8w&k3Pvu2rB!3aWRkBRQyk>AObiA?r%#FQECyq*;wYB
z8!jSHiORke-n-pFuVpYCHw%?)ir`VwVgb|{!nI<cZu}Qi$p-Va8aVPK;)vzK@z}b9
zavm;)?_tjv&Z1ga5*Z42lpX_6_g{X_Ai=!!;An$*1|KYE*)KT%CDNN-l>bH{eoGdv
z$4KS804^h2_WTn(ReL3%BGo6pJovQtXmCDH+WT0z7+>7yLO96cJtx9p3@zZlF}*?!
z_-|UYLk-Y@g8-hN-fA<F?7H%~D|&RB8e$lY4sa0WwZYsn;uviZY|s2W#(bUI$ED3l
zN$<cQa>0^We`Y7BK2kitV%NJ$5|Eu9z&ZJ4$-tSN5TE7xjnKXc+d+7Mgr8n;CMuEd
z7+RwC0glGFU}D7!Cl!-P#6=n7{`*nAm(1yH_7vW3nSiz8q3!^DVdXPwwtyd1XNJtz
zHR1ba5$}ZQf7YZZJRH!tQee%0!e=Xzt=`>>QreFR&+1O5Y)@KF%C4BEd`c}iv@snm
zyuT~d5IY-lo6R>C9?>{5v9inJlMH-k@uKq5;H2T#hspFa3)2mO#_FIZW;~mKogydk
zmtw?4o`a<-`kN^g1tH5}vihyHN|m0QwMVm5tMIX>1Pz_CMLu>r&Bvsw!_8l`xiQXO
zJ|H9~R%Gtg#(V6ZV;<PSlO}-R?G>nw%SAFu)$&}x%OB$j6pbUbHbu(pMMXY*^tKxV
zYESoC7WvGQ_N9g=sPdzJlKzPG3(E!UbNI}oGC-6?Up0V?A$AvBKZJ&;`Hx_CY8d$T
z;RvVV58_~rK6ZmO2cGT_NY}PyD@YpJ&dJo#IJ?r0j1;{9eX1p37Lh%OCV&W03+_Jk
zaq$%djZ-jb>DK0>51&%CK5IQRJK;KH=<N$2!-$Y1z=>Kn-G!%rk={KY(ferq`;dF~
zh7Lyaejuu{zNtv6w`~!sl5fw=Q;2riP7K9pCatI_|Lbd<Z`$`3BC4-*Qoj9=TNmju
zqqkeqfZ(z!T-Y<C*6IHS6B%KU{etNCHI7DSD13`1av4yN;<x+ah;E6AR~Ia>-f=vG
z**9IoOPzH#*PtFE?Kjizmo(E|OGBU_W$c-%^t>;?IauUd?~<KzNn)%nA?)Gdhzt{l
zldCt+C`g7xz>&|k;PS>9(S3lBx$KO?S^55xCwldn?*uPodWr6($a_7uoF(B6AjpRO
zvyATPp7?9u7WN@jMq`a~A@KE``#B$g+hB-p{yEF)#U2GbtX?ov7b43aXwCq+ljaMT
zw3A@)GGPW=yA9JP@rkHCnDIePgTK^Ry)!T#3EZVuMtMH^zM%yP+<FI5t05Hu&+{+>
zQI*us4PO<f3}zDo4ap$Ws^KzAFCTarDW9zh?U$J{F_oA70!}uESYMU6qP}a0vP$ti
z7NfvmLo}mkC4sR={td*$Yjl8JQBqHRHdVzJmPY7zqlGD~#uc1ueb6p>@_|a!{@q^`
z#7VT}Ke+29YdkdK1$^Lp{e@1=imIzCb*O=1*}>Dwv~UYI)^L<s7lBSm`^y*-ZL>nE
zJ;3Ju^(hln271I)hOuxZBM6q$q~Xeo)-Rj>tjPkYouoM?n%6Hdo7k}jp-Po{cpiFe
z7K3JDjsg?Yo0-HqsSMOZV{A1ZPH13j(xa#*Sbgqxur(ryjlQAxUbECaGwN73HSb%*
z$ejzB=&FuiDb~^Hfd|uu0l$qjrcQ~kN1jz50Y6I=&JKL4Qgpfs3nH$*_+Wo>@wM_s
zlr@>sf;gAS8fi}L)W=)a*R&&nORvIw`Kt5n_1?8M%Ze;uQkuj6-J<whPZFTY3MT%G
z`zQUk=SVm16{;#|$2Ve`Vu;o|D3aWT^YTwz`0HLWe&R&mu(%khvw0biY#MBf(Oix2
zR*a8mj?{~9IH&HdbA!5a@*%woG5X~`fXx%tVA|1X%ghJg=afYWa@Y{da{8(51W<OD
zrw%LlYRxwWFt(d!mGOcV8t`3j3OqX;Xb(MfM<K;`L}>j|ny}hI$SsiFc>k2<QEpqa
z_skXmDbQNqo=)qyaPvKo4jeC74|<-Ackaa!gV=mE=a#+Wvb-~gOn*=_JFlqNjeg&(
zcJjUU_3QHq7qpts5ydhD)4lhnBeY&sr;}InNBcC$xj~an49$V-N{cHN_l+)R5l~Jg
zG4v`--)Fk11c+VIR+FgT!8-Pk@en|*#z|ehH6WL3+Cp$B_WjJ#d5R7y<F_`T|61D+
ziHgGQ_Zh?LpT7->9|U7KEUev9$2y@;3<{rhMf05BZw^9F|6Tsfw$Zss!WmwtuXs75
zlq2XcLM|*Gd!)3~m*hiwc-6()RT0=dk($DGxbzo{t>hlYEH_|q_@rzIq0wA_wHI~S
z$cCQkhkj!SIT~?lM3sA-h>akE?|S%-R8DhbGGtlgD^h|HbO^QVZ_qMTdmqac^SvK$
z>>716G5HKFx@{&@CEosa*}gsHS3-0uHRMzGU-j|2)mwsHjt|(hokcP<7AlN$z6rp<
zbbDP=4Z7xD>E0S#XtW9PTAiz#N}C^lEG~;-6p8$`!SL~yB9@>Qs!Jald4^_G_)cKM
z(f?qXh$EJ-nSrTuU7fH@JpD}q7Z#m=^L0=af#nfhsvF{+2&DSea$;SXGP{sQw)wR{
zy+6J<2yY#dpv|qX)9QYLu~{^YQJED5!*PdDdzSFUaV+*@o}fZ^ZqmvuGCUphj|D-C
z5%c5|<@_AT8k*YR)UkuDZ_!X0^R+Qo$^JvwBGf*a;3c;FfKuTbR?lXz$V+^hL+PyZ
zBnYpjMT@#~S7E>AFJc&)j{mARREI9fS8nI-%n%!OYMg(*vu?QjX8bQpPJa>gnNn+o
z-Ka)bZQ5nc1cJJ-A1o|~L>4QbA_o*k#ACQfdgSe>!qSt&Lj-mbxVNa8ir*;GO7_v*
zhjy%j&+LIxBjOEyHSag9M!%#7gU<wpRi<CGeF{ZaAe#t(o3RP@TssG|MA?zz`^bvq
z#BW@Bg`_UnLJ=883KAIqAa98{_Z20*bCv;Y>q+X(_~D8EmM8{rBLZ}75-?&q2Zp-E
z7XLytZ5yIVl^tBnQUM{u;+WPhW^n)_)E;YVm){=1HTnh7`CW;z6n%1&i=eRW3FIaG
z!qY?gH_>QYoP4B;QT4{yqO%6i?NpZ;4^ZOpwyP=wAFxN*MKoREHP3g}!K@a=vX7aJ
z&S5iV$mx~%4C~{tzHrG%44zv(ZEUWU`}dKqVO-bZJ>r(QqJIS%=qb65*tL1?y(Gim
z9=AFGE~LJSq=8>nt?OlZhwT+A8D^xl*ozeleSQc5U-FEh=K9>-#^_R_cvxY#SikFQ
z&1fO@3m1G$SZ+*NJj~SE+ZXk<-<1SQ-oK3aL2Ru_A#Hq8Be#KZ<SD#T!ECW-6xj&S
zltoJJ5f|zdlP|BgOt7#zN5>unNQGrDf&}vP30;5&RmG5^<n_=Z!uFky^uI+UqgP-5
zGJ@=Q8jOM>8v*FEI!7~1B~39!tPQh}^@}s#eWB3(4hq6{sL#R!O4}9XQK+K7`bE7@
zIV){xUy(-ZbqwY40wv<(+z@EnT~T>b;z35X!+0}Eg3bHl_~t8vyptg(&bC))Bm<Dz
zt6nS{ExXc*4utcpYYEs!I;J1eUokG7`slzh@0q~0_Uc0iX<A^J5^Dm>{r#j+C@h^=
zs+tV=DC<9t%*?71AB?FVMvfe|elxRUbE~mGQ5ED>Z0wi`c4vw@=Q+~J-^T<F{J60d
z$GU&jQ^3tvSug&aR^NYjw438wzM--tpH<#G=YF{3?vzuSzAOD1)>37>>nDr=&Nv=C
z<yk~43S>vndiPXU%@_P*9PQh%;bT$t4W`e0xIr8ND=<y5ap26IiEbKC2W@z*oG$am
z1FZtlT&#eOT9TH!aUj%yx>IbC-Ylt<)edx17l>?Eg~z1V`OS%~#CYAH_oGgl?xxTC
z^TkTMSV0{{x60<t4s8VPH+JFqkBRQR(N%b{-WkaUxGr|0*HxlrbdRA22Q}^;HFPrH
z4v6#IpUddzLk?0)-3!^w!Xv=sga)#$$=0PYMLKB(XmJ`u+YUEzq$&zQTfy4-w9yQv
z9{zvr-k<1%CuSKT6tbpqk$wE!Iogv9Wi4|mdaEwflkVd^t3Pk#0^_@J_=;WIw4sU}
zTc2x*JFuq^nJ(|Y#MCXX&ub+%aC5_5+j7k2xSP;H-?KT26DE6{*v{S&36DXWBTYlQ
zn2l#H!wL4aeb)L1)y3tt8}qD*51W;rJUgwBAnfy_KkTF0lUY1F)mGUKs>K&pzVxd$
zHf^2TRZV=LEXN<2{cu);pC+7A&lYOv`1r?SB}ih8SEJo#MI$*3>+_u6NpWYR)G;`G
z(I8(zu`pDw&@TMOAm1=+UAZd0DW1aJL!eQi5Mm~{Y2b9cxUs<ew6MHB&kRiKwh4cs
z64*4^^t<FvCN{G2#DRzEb{_AOgrh@bS0g$b7oF4)LDi?M<WlSz^(yzj^LVZjZsRjT
z#`AcJ5^k(BLIDeSc1MXB0gaLC^Ac(So1uYs<L>SrQw<990k<x<<95fpJa4@B|EuaK
zn%qxoo?jNZS`^B#+R%A(ly<i$T{V~8TA<>+um7E_)nu9{kP<y?ZG}K#E=oX$Np+-(
z4a-O2y@L_M2@_J|iLj08q4`}RhaH>hL#2*+K;4%K8)y}G$vEK(f$ho9k4docUW1Qb
zRsQJzWsjnw5^7v(E?xB!-X0a+p24;STV0FJqs)FUp-2?bmojO}(!598;<wB@C|t&>
ze`XEZG4$zXdCUnnub7Xs6Lefm?Ceh1&EcdPY@fY{OO2{!i;NU2YZ^1E;Tg%XgeUNA
z?F#EL+tWIHRl;qp*u5i{t||23SGBue9^EO<%;)Y!+@=UR?2v<ZrS7}d;U#vT9E2+4
zDYp9?J!0w<3Qbp;Z&Ooj_kP;#a&auJi0(^OO?*<BUlG|ihaYTIV%?<T*zFM+jeb&D
zVvg}%<^~x+8-^<JUyD&@oouO>0`kh2S|2`7Z=%v-xsBMip2Tbd2j0O7ldtIXB(eg2
z1606XilUINDjNoqO0u2`<k)$7r7!EH52Orgr-;-#w*@zqGL9P;Q5f&`5U7a;5VqS%
zy&b;}fu2v1sfDnR2k!VTou@KHdfX{`{M25)7||p+eVWVW+h<IhUTV<jdEwjtks=3W
zo6f+lB2gDCAf+zWdFQkYSaVu03#!L%Fj^cS|Db4djl89ZbKVuYc!|}6Wo+8`29<$p
z=K%|<Pdv?sdEn>w^{DOYiA*acYsyjW1Bti;fC3YAiVj*4ss={80g$VJ9bH%Dn*<8J
zD;{0QEz>~aHX_b8BM>GA%HucC<R{;t5vzxb7S<S|ymbCQOKO*$Z@j49dWpRSJDnlD
zkYPVlsJy)b?DQGuW}vxo1K)^d{~!%j&g1KB-9w|SuA^9ZlipKAPxq-?|E)>7{HxGm
z*~8+G=Tgy}Qp|ERMH4$w<4qfc=5*Ly+EuTWl~;AWfl?`=!jgiWtK&+`Ppq@y8dgD#
zGeH~WfdTy<1UlKTN8lZ6xx+*6xjeq}0PFCHGQ<u+{`HL@oxCU3o~QIq&bgz56hWBh
zjczX~e8WeYb4t;-vIoThW#JpXf)HwcfJs`96+KvmPi7lA*A)@|Qe5I7te!;Ft$5TP
zeWhExx7ysJbbR~V8k%*$7H$MRa$r~;84Mr3aj_P0Es&E2s7eb~aflQog9XJwo$43%
z$Y8=WK^djaH^{l}1YkOo{(;W5-M(jz8zVhk_UtJ_KK2Wb1dKZw;OfG6vOgBQvTgEW
z>XB9MNQ>$N4lciw7`K8MA(vDcnfP|X2+<?aoPvWgyyu&YJy%;Py-d;iB@)BTJ^v<C
z@@kZI4zpW>K~H6WS`3!<)?90>a}667uD(9%O#bri5+nTu#`2n4@d0EKByUe$C=c#}
zwwp;eTUdaf<!R30oHf=^OgqHUPq1+Kk7^63&n(DZ>FB{xP!-l`dLmQ?BpC;qS_YzD
zq>3c|G@K&X2jnQUl@1N3#a~Zd*xVoVqwM+!7uP$;Q8FWcoEDGiibN|vG_{A{0^`Jb
z)?X{8FAU0tDz5D)I0yjS_EE>gcWQq@=>E_(N&eQYq$zHM^;J4CQ|cT3zsG?G6A2FM
zWA(^ee+fmLu(>AdNZ|{YI`DZ5Yqls0@HI(;ew_FpMfY;ORDWauDXHX&Xt+-MxI*r6
zQk$;lP|X*Am%w_49&cqDPN^6tvGvXh{>mwBSW69V%P2}^p_aKK&AAEXc>>OV=YlCs
zErcSK42O7%4*_K-NL1_IlV-XIDR!gpav{X^Z#h}n*C;;ApFU%{2?hvk1_oV1Kj_rf
zXD=5R3=v`)5c|rat{2XAU<FBg72gekSXHbhH?)B6F_9tZE`w{nO|VJukDAl!&&tW|
zD}1fa4hXeWK|0@DqoA6=S{qSQzXjB{asUbyz#0l0lK7bZ+c#aL#(}~$;%aM?@TaW2
zPrui=nJg_xbq)J>W&twuy9~PLP&;hHo0_Cts}Uk!?GRt&00D}%l_%eHCUh?<ANNTu
z931e18l-xBe|BN^h>kG-)G7Z(fz7b`=q37&D;Rd~q`dn<SHDS&5%(a)+I!BNO;^YI
z$C-P0kL}ULQjO$CP?_U>`X6txG8u<mX`O#c)XrhrQw!zItJ<%bsD7&D-8kwe)C*$`
zwp|Kab>POhxtgZ75j(8irly}xS*Ia2`5C^)zZQF}1u-@p77gx<=(d(kk-Dmqda!g|
z7iGF+CwXLc`}@_OMiop`h=M{vv}{#1CjZ1!bUcI%NJRhGJ4o%k+U`*Ji80da-Zt8;
z!Q<ar_Bo2|d{bBEP*Yh^;S^EOBVUP%vO>P_EvI^Mbj*UeMsg~n=FcI!-S3%FY0P5A
z__2m6qXZXdNz^hoG)SRZeI**L9JYv~?8nGq3w&{3h_0ntQPz&q?aLG$ahltTIrvo5
z#GR-H(n<eO_$ezVju-3&IN90l1~{ed`Z1eyl@%wgX|sa~GnBbX=r#5hUkD4`y4<Y@
z)U|T1?9dB^mj4t*)E~LNkGe5<=ymfMs8Q$m!i1!p=&xFKDCy5Is(e^HADK8`G|9x5
zP&7$xuuyC;|A$vg^L<ydYFQc!22=T0V84z24<TY_tXM{#KYi&NiGmgHIVwrm-LsDo
z!>IYv)wxsHo6xyq*mb<!636qtYh#lWa^Zlp>~_&&(h^(KH^;Oa>FvKgL%Bkl>nccd
zO^<0lV8}ph&j4vZf0p0foNQizsFiVFEYk4Oivq*i{uw}Qyn_kQhADxDAVmX^{8NZx
zt@9h$rXfhY5qV|2;+u8BDg3r2PR{TN+7g*z0)9`yr>y`3nU$rMNs~`SwYs#x%U?gc
z#$I2pVj>y-r5xw9lzw)MvKwtoE;y4%@SxL=o^<K0__ZJX;)8e2?9Tt2Qs^tgnnX=G
zf{w`;&hgIMkD0@sVKdZ}ryj|}KLtDLXPFfyR-N+7{K^cl4{unKe*M9wnDyjGkoTO3
zr#`VM3{XK}rv*Cf;_r?v%>FE<2l>Ybg;|eAn3N@dYNJN7mIG2d=9f$dvefD_PqPt*
z4buvHYX=!>2HBz7M<Nc`p=Tx{Un_#B59HN5s(Vxdayu!*N{ff4cF;xkP_Xgu$tNz!
z(EW<A&dtdn)SUQWW%Q16w%SrQu)36GfJ9LLT+quQbP~y>`hfJaS7T$Xw)&C7Vi+3{
z<g4Hky8l8vR;@);#nR2<+cRYp3c2R}d%E?I8tROxi*UECD7PMeTla&v9P=y$OYb0_
z(KgyUKB>O#so2lMommT=7fIdTPKiK*CeYdjA62KIz)6X9<!R#a+ehZ;Gv2(P3opnO
zXG|wB#T9*j+3Me24@XX(ZB690>5q=&E6tyxD0UXxth%<fv}qSxJe;TQ8bR<+8+cWO
z?Z#F2Dv(2SihS|;E9FSG@IkgP?^&yR6w97W#UH0t;Gfn%66>zNUylUEKw)EmH4D2J
zrn-Qh%l0&FXbGA2gl*5&7c9zvPtIvCeIZM~oa;s(*UdO;M~fM1nHdAWD|a<3zffg7
zV`6x&A$FMdrx?DI4#shuzdc-TWhOQbh`+Z^S3Ywk601i)f3ea&|3fwv)0E94a758j
zz0k|xuljrhi86anrTY8G)N_GM+mi)&wzbf7T3p@azGO=1qXleUX=@*2A9#6Qw%<CC
zIhK8>X1Kq5{A~9{U`l2#z|KVBo!0f5Bbyxl%@?VGglbA!Y4knyL=tEUCPY5K{zA%~
z5<%Ar@SXczAw_xeD*9_W@HrMJ^)~nZ*}U-??~^s)fULH!H_k!`{t%OE<%*YOf<-nC
zGHe|<CL(U|bALoPkY`F2p+^?j^Y5fS(7=>JpD44knICBr**6VgBKb+QB38>nRd7#%
z1|9gihUfFGOvh;nc^%Pwq9Rj%Snc8JF<QOer(Wsp?h>u9mY<3~FXeWSZO-$=6Z(bN
zp6{KOEc$B(0g{#0SdGTOjQ}uQQ;}}=J#(U@NI_eQ7Nbd-4s-CixF`}hpu*y>CDCmK
z9s9)wUp*v{QBh=`5#y^lo*PXOheKjI<FcV)MXZXAY@7BwRT~B2irS0@3$4}J>F@=F
zmzxH}My+HTAG}b?cv=nGb~Yyt4A8CsaOd(+C$LnbyCY>?1O;rOOGk1uujCm1;;tRY
zq%RYmao@o_(&EBn_s~(EQ+d_R95~U?Fy2ZsY@i2)dV1Sm^+~i*u=?f*>ncR+WVC5+
z`?x0=9TqU}k4k)5n-4^(>O0d3-`$pi`l-=z%dTTewfX?IPnjQVB<FP<fOVY;|BUo$
ztuM=WhicW=wepgl@ngAd?*r9gUbzYZPNX+=%!Q+>TL`1H(K`AJs0MpWY@I_W8bWG=
zIqv2OQP=g3*A#6t-df4*seCEyzGXG<Afx4p$_;^;BCQTdyi@eYcdM*<-Je$wX!oq-
za3A)x#*})p&}aqs<(;X6oGcJHa1Yc?$%AywffzqvVXid8Qd)ujE1;}Z5bh=aY=yz7
z<0@!q1tchJ)23KH@Dfv%B5_^&vLyR=NH$E?EUDs@=osiP!OzK_u~-Wn`ue4pg+aD3
zpLwafbY^^qy>b{id8T0WdWYS93b{$$?C<9{#^cD*7NDQ;JM7P~Sbk{}P7H4;U8jGu
zRJFH^y2qhu{{bWkDh*eWwPpw$Y3-4ER!Cb*VmrG>OIw>@*9r_#yD_7@OZ$Y2*V@A&
zD8l^P;0}p2X;QmdyV-!2XcytiRo;1>9b$~}2!b7G5H_CiL;tQKt;J!i#Vh`7!FZR0
z;rBi`!xJbf1jrHw{GR{mW&6h20malGrN_(W&ABnkmKMr!k)S8IW0qq=yiD$V-LjK+
zY8W(o#aOv-_>trXtZ()IIJ)Y%sGcBxN5|3Kpwi7r*P$W`C`fmgba&iIDTp8`QU^##
zcgNA)-6bJ;(#`Mq{c-bd-@Vy)GxMF<{p`LsQ>1Na?bF=1(-%Tzw&>7S6_5%lil6es
z)*<DrwBfv&t%+~8q)1Q3w7>4@K4jwgj_y{RFzgp=E#Hh_D!{gvA<&uOn$fP+RgvvD
zhRXRs{r>hmAWvUL_3U&n{C273(w?R){3q;#kg)YX>j@eOUEJo4YkoOS%dh=yD*i`p
z*`m)9rIEOv#u=!Dp0{9<U0-OlHost!TVa5!+BKeH%-q&pGq&6TKW4T-G4Z;uRN`)}
z68JA5M=!-F=US)s)t`&6x?sx552mRR<Y|d$>-ISY(y!CB+*NjkgOCi6So?q)wLqFP
zeMY1Q<LEnEaeeU^gfs)t_gL-z!7>Mgr+I~l_y0z|O@3)BgEVNdJUCHt15qcu|Ij)v
zyyrPEuRsatz@OdJ5%A72JoL}m%UR$}($@g+aFiJwo};bSpbc!Ma|6<OQO!NH)eW@s
zU-EfAjx(fRoVc?29IK^1zGe}~89n~hg9i)8<5f}QLNkkmI@>;#{(Jt!#O?d$TkA+@
zbR>_8-mkusgr&G#hia+c`P3X7Y%25a5<73XYww5R4rPj^KQ2rMo&H+Nb4Wj({+PmE
zKa3&$_b$kO|2*UB!F$|D+C;$y(NgU0(a_-<*4KpyF+<!P|84b)ZM=5R2a^NtKa4@e
zJ|^3CFxVHcbKev!viVCf6Y8Ih>|S>i7$qOC^_L3?bN;Hn61TLrl?y0QD|z+dXnfxP
zm(Y0*#&~_gc)CJ-7oF@<8{y@foI%YBt0|uB7fknAmt*}}g1o)ziGxqnRS%F~8j`ZH
z{1lJh!&5ZeRV>SI<2ubu%mrhfssHpN-#|};4y8dqi;@CdN}ufgMY|oP`RrXJ%IvAp
zKO)t-i{?LyX#>VKv$lNUjc?+oZDOdsmu+sf`iiXUS6V`!-(i*V-yTQA#ZrFBffO^U
z9<Y!F+WLL}?C^pOECu^l5};TS>Rce`JA}^21w7;iel<OT?i@nr7@QL`oIeWl**_C@
z0ZVrrp|xwJI?D~puC*f$ArFU;LUa++=$7>d`r6lTzEw7&gB!`lJ=djH->@Nf4WWV`
z8J!ipR=W?OAHYOA%jh;M=+46F&Y7oVHO=EHKQTX1g4G#Y@ri3QoYyWG5v9@q^KD$J
z3MJU2nh>HRgLAH|VRZoK<2bkMglwY)Fl$7)qj5;+Z$J)WSq%}eVI35Gl#Yjg+d_$S
zn$TN{{CV~(aODYEa_$lQQ-g1rkkuU_<a7boUkxu6&f|amezh+hahMLJZYHZMrz$I;
zDwdLj=~^OYg&=<pF!+uLo}bp_+USiw<4`x!qj~r%azk!7hOIM(-78~4=9&FOQjFL5
z6!`w)`$UBwdzmcV4}VdU{W)CF0siR$>X85ocGX05(665gUT8$;n4TAy>y7#sX@0fm
zen-+7`Y=0@)qqpC1*aA5h$Si7Tlx131d_07afH_ba081rp#`B30GtU!1;fnZztLMK
zK|Yo%Oov#V(;Ix=H^9R{sLP5AmBcB!>ou^r7h0G6PZV=F1m~lq`86>6TDQhcSJuQu
zR=4>?lS(Q>ZzAGp{9tjRvRx|!@kr}#d)ghe_zv*zvXGDd0GmG3>iv_UVtPo4t;e=!
z<POyxbmaOw`j(#k(`)p#JD9!M0Iy*ME0|}8$bEk#>ho5}J)-V@S_N5qgz@D0hds~Q
zLkz7`?8LL$z*o_C@$b@0Pv02n(s0hK9^Ank6zvvtpKsP9#{FQ4CtheJ@f&<q5Ak`~
z0dA}VTsI|+;a^Yd@cB=%@28jq8W_CR41!kegX|>!7pTPDqjC%#+6zRbxFZ7KVZRaF
zZGo(Gyr!MqOt{ae8&JXmkYNMXG@jlVN&<Am5wx>tOLS9i#wtXB^vS6Fj%aKE6JeP}
zA6i`|m30x{#8EX5vn6xPb7GvQ_>dk7N!W0rJBCU}e;Q;3204OFKR=zU9j&~=DXGfM
z3}jZ7RBbMoQe4hVK~6C{s_FhElB^}exv^wtet(2f!h~a>6djl6iH41hc7u(^n|1*#
zsk(vMonahna_;@qrYR43q8@z%eE?xBKjFo^0G0<scjTagNE!GZGu%7o?1IC~&dPr(
zy_%rZ{oR~t=%f-h@B|BZ$S!ji9-o}DECfF7!e4c$Dj@7Va<y=sx^g>=Ep>N2bKZ>4
z^VH#9FAj#LeEcC*DNE2oc{4)D-SyUcg4W{*I|Hkd)d^e4QjcNvz&_I85H~~g#x6-{
z8t|a1_l-)I6aO8xbP0a}Ph6ioy5TqYne@Ldn3`kLZ5y`-7c-?cVO;3&dkD{mP-VQ&
zoNj%Y>r)y2JW!nvbBfJ$y^9W0MvjHepX|`%Tb^sNsUH%*NhWY{u&lT)1YI(v=IzT@
zJX2>*Oh`cgVQIN3)~7~VSfQh6HdR1;w*MS5SzsZ5E?F46qVtOYyVE3r^GkW+aa%&#
zuj6F*x$qSo(C?~cv+8~P&msxC1mkfRz%Nn9QSk*T{xw9*<J_AWJI@jc0IwPq&m!T2
zGiZv+cYl8Te#1KPG;v3bGxi}Xr$!+MGUs<X8!!A+O?5Y8=WRmH>1w6cG$;XsuizJI
zo)&-EZ>B5w`VKbk52?y9^?UGG0)3wgq9UI9lVxPpE7!aKs(0KM5<jH6!itskCwO#}
zM#?Mh%^zb|Kkg|USbpHM3L}ba-_HIQ1w4zYocMFo#6er=oeC7T_sjELU;ZgjNC!XC
zry8&QXbe^Gx4M|L^Pl+`vtJRD-X!{yHrW&Bs8G0K-S#91dyO4^jbH-A{(&wTeQ%av
z^fo0%{$XZ*OSpJIv4q=XAt2x{FdBu0JdaolNn--}Kc^Nj=3tShXmg_E?^I;g4XV7f
zWx};M5slmnrC+b*>TINBnR)k)&%i6SIknU~lPp@ZPG+9q^8xCV2!@VSXGB%XH@9D_
z+~+zy911_aR(TPA@cXUbY(Ld(@31_uK~VzpD>6!FLX+xgUM%*jzX>`!z9L?oFyZ%e
z=lA=0ar`QDkL9q79xsHT+SljJ#qsFFE^81+jHt%L{CT$H7&-9sgGOD`g?{M_J0WH_
zVRZ}kmF57;__<=hgzD;bCbaf6sx`oN-9OlgIb-pz8Bd#{FwlboNm@wg7p$p0tJxR^
zG^1W+c<`F~r+4;R?Jh8MPoVG+wH7NgsFs$m$y8owBm&Y=F1QKLKmRJpc<a4UdGjzM
z%9yUGWN#o${15SP>;LPp&Y`caoy)xtt7$|(6g+iYuI^~0oB3%y0{c=pAR6z=i1lBV
z)Lo(3=c13)%=nsrWcn@rw2^brryxX7kuY;C&xPzUG@|S+#nNS(vs!4xpDB0o#9)Vt
zoX!VA0<F}p%?|8%69f6og1c!z$bj0Rk1D5^rn}{4NyNRPK%Ck5qANw^gD>$L`Zpv_
zM)eVME5jI_x5w1F;MnwG{%YG6_NNA_d=H~i|I8zN@CPghwOj%})PFtUs^b6PP$av_
zp#ti@8qlCSt8GylF#nyA?-ZtX{u_@A()xifHhTxQQ}3EN9g@8{{S#?c-z#;;9HS<T
z+UH5zr2oyW2Uv$4ldF-cCio4IO%3?|^8MmDcj5r}@PUz2Vjq(<D6w^fWBCiXXKcN|
zJG<yr;E5h1r{lyYbl$cp8Yr~}A5}%?Mx4!5RX2;-Gv+Xz&;^CDcGIN;@`i*pEz?C;
z$XC_*)#!A<=aNlZz32l=vOPT`;;(m0JbL#ke;M8Sr+6OflZ=D^#9!dIgb#8u6&g!#
zB^GK&9}xZepeVqa@Fu$I-ub#($cX*e5bdq3XY7+>uP@f&Kq4aaCxpD{ua?NK7K|s}
zn2b9!uXDi8@C;S}w|Ru0V-$`>l)uX|v^0anT0oy;u#v;5Pad)w-Ni>giW9Sp?4{*A
z^WwukG$4FN6-yG~`jnlWh?r!vJ1v^aQ}CT3Y(D_fnL-i&_5JskB=u+lT7YHLTTVew
zg|LxQwiG{mi!bI}#{{wu1MVr#l$2~xd;OG<!S9X;yPHe>OxaxO>Dm`52P=4Yf?Z`T
z6cr{{d!5U4;@AHY0!1#(BV6`m_B8+QQXu*%;+q(2I(vr~nRG(ev5UwP8snLYTooXL
zp^k{f@MP0TjYyUk)UV%FQyVq)bt8A924hN}cjW(mJrm9wCaDFucoSCZR3#`?RZjDA
zmIlT6wH4#@+z9Ay5ZV6DGc3@`dwRIcl??ocduUX4$~&5-r3uaZgOEX0U$^r~t`(?W
zsSjx%vzAY~3b)ef1&xFV@K}T$&C?_<cY>}I!91z9MT<^?Qmts0ibC{0aZziFDL)0J
z%&jjSW7g(LO%{Pxv(Ypnp#u9oAmbXa^6cOv*S_e~8)*~4ull&1z1vm$Ln2|pqN3)r
z7S@-pF>CjvtJXu#XkaPQ_D7038Ekd=(k+ZEmsa72X;K1&y>HZ`GRm|uB}Gum%-Wly
z7paU}w#f`GvJSg>Nj(kjkoFAgak2{Y&!L%C5#}P&1Lc)quqlOE?}Hu|Qr7|{JEY~p
z1eaj33P09dt?Hyh9%<Jw@?QT3i}A;>fjrt_1)i{^QjF<0VJa(T=9kO7L)4D7;6+jk
zooR+k*&(EaRh?kSn#W+-*f6qRKlzbs=AE#oV22?$EG>4exOSde#?uZQMt1<B3kGd_
zVQb0ugK7mks#zXsj%V0rt>DX+aZv3$VJvA|L4OZcWQ2wHUk8yeIw!ks=i;=rapsPL
zCE$bkptCGEm8l&?i)z6<bM24XTa=v=>jCi>VYGY)g*%iBrdH?BbX<9coymp0TY_c(
zT>D_9L(-1q0H<15&#rq~^=kiI8~feu5v>c-FGBM#{A{{)AQFb|=+s@-KJ2U(!{Q5=
ziUxP64?1h$Jkpr7HOwL83%9VmTw0%KeUOqC(2(_Ij}~2rh<=J7y`{AnN3TFD_G;iK
zn!sVuzzb>=ZJeiRX-J?sPO!SX(#ZZolURzD`!<Yemgase)igQHbcVSjf)T+ugnR-X
zBr^5>PGdDkbJ!64$l&c#P`-*Axt34}^@v@|l(Yw})MwLl_)B&aF?U2sLs`Oqm|i}Q
z%#;mzJeYn;Tif&!demM=9?idSp0JBjG*6|llp_?#y{*AvDD#FecRZDbmI`-RSW%O;
z3nbI{9)R+eyB>9?oNgsG42mvAGl~OkFI$>>-x&^_yp(+D6tfn}h#*iA>X5SfOdRGj
zh+Jo*>)>1X9}zwiU*D?efr4}}{n=><m#xfoT8n)GZLE74J_PFE{gLeg4g6ROMR}9u
zAhIaUbaCl_AFTM;?KCK0Dm>~cENJgl8)drEn6e$7vVUcYawoObUshsaH0ijeDB5CY
z?QH~>T1j2|@v%EiMHi%`jlRU%@i0%5>*$ougi<Y?MO_WK&gpY-kyY3`7EodG+JI*m
zzmxSN#<f(yzA_GiMFs>KZ^DioY6Wkr#XHy}JCcGy7fEQm8Kz-MKi0kzKT;OS4u%VX
zN8KeUgNFq=3boPqSUY+S%LS!8R8DS3hmoo=Yp5C<F;=s^po?$;dy6o?eUSFbz@zHy
zQ>}{py3Ojmgpp8-x_?G=9pOg~kN@rvSLo|sT;;$-8b`~pg_qPQs=p87pKJRctP(>u
z7e!sjPTN(2KIdsdx(++f=OaW1pjr%?#50WhQP71@M-<B=eJ$Csp7y`$nkT+eC9jPX
z!kAb)fRYX%J5P~EmPcQ@z^Gxc3JXtOn<svxYLXp0H~$+cJdfrK74qKNK|6&z%Z36(
z!YnU@AGwmSXdI7l<E48*DL>Y3iNoFvmMsq>Q?0y9#5;07zP@y$?5GfisPrL;Bs+fn
zkA{wG=8oKSM9<H)p24ywAt>q`o3@7E`2T&FRKVv#9Y2L32^N>bd~_WdDd3_qa4NaQ
zXCp)cDxyUH??z0?Ys``z2aW&7hF{yCyO1c3YzuGa+NiZJOOKH2kdq6$YK9_C21ljS
zPCAIg4*#a2lvy&{@u)U;6;VEcj_?@((c7?@qjJH;#=J+w%?kIHWl<q3tbQOsCoiel
z1Uh&mJ8&<+k0vF{r4yA#h2m-~F;1H46(@7=v%CLq^yo&-&}4;VQxWiKxWJ%Q7_Mg+
zCei;msLZ45Qs51Hh^{^%EL^|5f4C`I#5Vwzllhs=yeen^@H8>MT$GPPzSBr`ABXbm
zY|bpPB;`Kl{+IGs=8**1AJm`MyfP=1zxy$p)oSf&ZMAJww{m;3;bUfHZEfUc<+&`m
zz39NthW@ZaSu<OtLtQ;LC#%7GD#|N0PL7me<FV)AIdv;5D=!;WuO9V_EK~jUD>Uk9
z6?c1k1uo<-hL!0YZ$#+38nK)3g3$Eb(E4|<gYoun?JvZ1W<Tg$N@<oO)2oo_m7xqz
zt7gp?+bMA&;H7q|g3x>Yw7Zv6FUE*Zh|pofD>(R1LqqF-7leLqZ@(!BRj9?omsixI
zra`TKhUtq50C!6Dy?qMJ*3_-><>SJFZ1iTuiM^lj(sS}O{WV#8W4b0h)lRVx68eOd
zm!2jwfR#sC5wNvGc{rP^;~kh%8I-T*Jya#YLac)-8vKKUXV9fg;De60Vzq#0BTA$}
z{ir8ZpEnlU({Le)j%)h|5uqtHl8++gDdSh7!LZmvLO-^*KP9Bh#l^oUr1V^1;UVYz
zXsQ<yMz+{qh>N&r2)*;<pkzCAJ}1(|zeu5624R%E#TUiHucYT$<ltG%*V6$j>2Rox
zw?~o8)0(dBVXWpjnwlh<nU?ZcKd4qaXMfBz1~VW2DnlxnnuZ038sp(lXyP|lgg%ON
zEA+z7CszORkQ}~9Ze{x0zN<aD@=<^7?i1|@E688<_V&v5b`5O&5j=eB0?OqC%4Lrl
zq<zSFN?F+yIXuU4ZKWWz%TwY}B=9?Y^Pj-*U!kHQp}2&U%fyu31(b}-oR1Q%Md3JX
zaXPNWa3YwO+9M??@ZHjQl~sAaCQ#PwxABK-5<7{=5O`;tVD?rf$p?*{lQa9^wbsel
z);4*-lRvy_t!uHyE3?B}rKw$5Yq(1#L1evh=`lxy16V_RpI=gzl}BN5zXr@ViIP<h
zJ%y&IL+#W74l6h&$Zg2T2=HJB2fnX?2;zbpQUgILc%W3gri&9C=Hr*EM-!0XJ&BLI
zzp#i-I|tt~GQHcVO(Vc6N!`-kw|?)Medw5;_tou?^+cYRZ0$A6?o^XVQ$v!=9u4MB
z(zWg#p9US$pucg-QNTnx(WWM+_QWcS&Li*I7fcWoJEUqTikJC%9XA6!@dsaYcC?6a
z$~OSDAxEVS3sCPesN=+sh-cesPgHft%y&2ELRJ=`viJJ#8GO{w_teuEC!MR;*5Hyf
z)F9>5{iu+C{#v8pCys_yLIXn?$^3DamP_#HuxfO>HSobr<V7v;DYMcbaT$%Y^!PB~
zc_79p3yDn<jyK^}PC5up%IY|(G8k%VjaWHatA|=&&|!I(Y}4V|ZwRc+f^ncd!Y!K4
z9AyU}*)XJcmPL@;Ybn3gHR+DQ`>x&^@9?g!`nK$fioKlK>Whga+9Fs#pR`|hs{#-7
zMxAaglE#dAAP8f0Of`C^5*p=jsgFl26+I%bxvOiFTQR1LO5|V<IMj9s2?TErfkAig
z@)hpzAFq3GeCpkKj3!G26iG`+Tg<dz6098Ip3@%MZ;js%x2n0|0WY||x0+F_P)eCI
zOxSO*I;UoBEKW`<vA7VaB;uGWw>l?amFybKowGXk1vh5J28<3m7F!sLRQ7PrJs|fb
zjx&w#a8FnjzsGJTJTdQ5Utl!ml()@DLK?^Ki&)jH(1RPPMoRFb8x+rVD&3!t1Ue6V
zBG?{sBcI|s-=@Lmfd5#~y$h1r5As+mS6-tR`nSTJs=$?3g8x3Vo~_5XEnk&s`kULk
zZ{Ma>pjTkP#W#@`I|lz4Lp4OARl<EOHUT0vney{EPsw0EUO^&jNXE%v&ud7mpVBL0
zv?yZST9^Hmfx77tpb7CIt$%f5pRAUfm0WE#c2Hg7*&Hr+d+{fuFZSw7^7e&1aC=4)
zZMT8-_tOcy4HSj+3lcl@V=bi*S(ACI`&?f8xGRe2(=vNTmi}#XbFLU4U$m&q!OUXS
zo&NdVzUI&8H81NG<wShNijBCFQ}z7wC*dn;0iq;zX*fDeY})~0O4w71B+TDq;eMHV
zCz14jgb9#8x}WrsQ^DVoKJTMBeXf!66e64lJOYmzXft1EtT}y-$6!%z<bf>Z0u8D2
zoeS_su}M#1;5Yaa{r)|2<rC0y&?JZO5yQSjzCwXbYdE-<H1~`OPB8(s1U*M2$hW?U
z40OSwAe`{T86EqGAi=sGpy+i=_kZY<VplB}IH(6KrC{CmL%O!>cl4Tlvh2=M<yhOR
ztdhif{Ul6M2z63M+)T%k#<Td-<S06-=Fl|!Bvd0|@9WW)zQZMl;asNktiTEt>;~|t
zxwav<n6dl2U(fROexTBCV|S@wcY{@vulRWMo*U~__0mi-EAO#GXeM9@psHz#ofr%T
zSF8Z?Tn8%n#sth9<nGxLSt1={=(h^8CC|Nk3L(lxzo6Nv=Z-X^?8W{~B?g-h`3PHa
zQ*EPxj(`vnA7S{Tq_}$PAX}>3AyT+67%Bm(GKEE!Fc>p8crMaRvMArYhx!fzKGE#N
za!1bdl2d+($2bE`C>pN8--4mIph@#g{81ZR+5-?C(Zn_0=sXR=7VFwSGqS{zCw}Y`
zIA8lm%{%D(A;5cqQBQ43O`~T#q@1|4w7GY@kf0&Jy$Rem(f}&)R+Zg)6e&>rSCf!S
ziVT^8tJ6V+Qs?cHv1)JY(a!=7xd7o*+(~P=ZV6A;bJOo{-j4nfILHEo4q^BTskS|*
zg71=QEYUn?Rp$1I3eFwGU;~eaf8=YhQXw;}lnl-d`xt;>bEj;=fPUs-IW{t$m60a*
z+jL$FC;=uD8-frSz<44t-~4)JBlqK68R}|{Mnsd}Yer>Q*sSATTm!cG@Z-FXh+e~<
zQq_Xe#Gzp}RQ~3d{7tHyU3(P`+UY-@)t6Wjhj{MlpByEEg*vL}fxE)^IM(p+l7_7`
zz6Lfm(kd2ZzikCV#Z*lHVF>Glq0Vzz)MtgJN>VwJ6#lLfN&t#q!*hpxA`}Zg5B;c*
zv2)9_%7dQv-fOJdufpykRn9o%;{zEyuM*k=Ivq@qA5#jEf5Ixq-d@Ef>k{)|55KfW
z(6)ABa=iOAo+_8uQS}#X(n4hPGi;jIWvn_|>DA0PiQwUok5m{Owj#uR5b+Wo+e!_c
zXKJMGyvipJ$-!2GSh<2R0l)D_ad2tZK-Zkgd%O^RYxEQvn`1R9L;Z3McZX2$j_;2e
zT`1o$7N5W<CCZ*UY>)QzCC-(mfVWzsKbXVk2MnO|N~(U=qsFFs8+-H`wuH!Gdc?e2
za%4#tADLmK2bMJ6L@uuCD*Y-M*3ZNKEYa~S(P8+E>AVkcR}_1v1F}3|2rb~DdUW$z
zQ@t;!GSmES&}5KCP<>>Hhdy7!^bpOfHN9VegCFSj=J4ebo@+V1(_nC~sKLTBNYXZ7
zMQ~JFo4J<am{);26%yKB&5m|zMu;RrzbbYftNzLTYQ|O~I3mO@DsT;6;RYLb1KMp+
z@bS#^^3ETCxR^><@l+%0Az&<tT|9TgPbHGUTp@Pb7&fa0a9Q-bwE{aMZuyy4il4Yb
z?Yf*?RmTlX2+<RC{<deuC$wjgTdSry7bgJ@Qt>SWNAa}bccfJ-G#au73mg#bZL}5e
z=$8b(22X9zgA#DQY2CRF)My0LNNAKyo07nY^--C&G$jH4k-^LF(E3?{)3cg<5d3F0
zFmS#{oroq>j}^#EV{^tuWhmLC=zdTJ-l=pxC;||?MZ*#t71yQ=_{s9vM@6_@m!q4i
zEosakWJ$;X8uoTnz*;rhnfC?s{28#3+U7-AWC`yOv7!Dh2#;V!1ZOn*EkYP;ey2a{
zxNtM2T}u*%6=qkDb}E8<nFO;f@dREgf0A*-BEX%IY3Punh=X0k0_~8tREBhwdhQNi
z!5k6>HwI7{B`iJgsD?IWb1Y@ED^^#ioi&Dyj*vh+tZBLqplR?Ff`TkrM|GB$xQ(2U
zKs0Q(2nEhzyFYZrsd8~0)y}~A4A8zM97mhd@H?fU3)T?9%ryS!nZ+tQR>L0Nsn(}u
ziD0$%Y6Y}EiD=B2W!FU>W7V{F|65}#)Q;)CUrtjEst7tA)1#uaETy2dlnmAivs1^&
z55OBugb_BP-EqjtN(5_#+pXY@ekL~&LtpZm65f*-6GmaJdQI>9iWmnkrcN(Jex|<6
z=1{_P%)nYztB#Tlf~^MSr?&acJ<5nXzX6)3D6zyF9U@=FLTAw5&a$hum~j*jJ`b@Y
z!t9O3v-u4@`_3JSWq}uog2}fqJAxw@)iVt^7kX5mJ5VtJu3<g;&zV;aDv^W6Ky720
z8(9*NfGSL#0N$~v^VEaB&O>`jv!ky~DQwLDXw3%t5{i})IVCk%7iiL_8Gn=*mv$Z0
zKwA=uH=3!j%8f<ax-36KS&H(~eb6<Ffj&FLOAV$EivQc6B}DgsoM;WT3&M@rmO}L3
z7nZkS<|klOyJFojmIz;_1<U-vo-~0U(iylr{J|Ql{yq$sZLjV_n?!APC&Ne$bWaWR
zP8VrTr3@rlAsbsjbL!rPG0dH%C^S^?IOQ_nK85&iePk?)huJ!~k5v=W$<IiL1>Y0Q
z_~MPuoIpE3<h%V@O5<5d!_4|2HCoWX6zoMyxPA$wly#>X+{^yrMjeVbh~2b>uC>61
z3b_q${~rNOLbM);2=RUpO<KUQQVeve0^-VS8o~MQAtG;~pSIAKsCT%v;f18`Q#2ZU
zFC;l3E+;S@tm`SwnW~{II~2~2UfTo)xsDcGA@H!cs^&uFD@E`lt;B<EU)xAy?4(>F
zK49tX<5j7D@{|a+Rj{$c*txhuNMlJ<%*oF<_LeL;V@*Yk-V-ygU_vj@5Z8I!k=KqS
zkK-TaYn!wCb$A0lbRP8FH4<Mn7K2qhSnrh$877AX(8L;Usc+zZ5XqZmXDk*h6E*rC
zXS5R&B88sjZuw!NxcvzVY9%CkZQ=A)R=}7x2t!Q+fFK?Y8-~Micwa%^^FafX+a){;
zQ4YGu)lf4^Lr$MrObM5z0uWK#L~%zdI>xOq%x+=q(q&2$!(ZUTKH&rHrX2VnywCDO
z!8VW(tqT%tVI7=Fb2#4u%BGhhW7TWJa5<8B3?QB%&Z!CfO9_uJ8?Wych?XvsfeIcH
zig<=KUegFjSmJwh(2b|hR}2XI4RDGq;TN@yJ9-NTS#}O-a{oy5$^Ze4#A00#mJ*)+
z@06Qj!B($rPy?V13z7<b$r;m^MUFpJ&h1In3TFP!6FBk-Vz<0QeunFS*pQ49S21FA
zS859$O$j8R$v-5dqI8&J;hA3t>Ct9(;j4B&Vg3qhamH-mkxNRG<9<@*gkiJ$!~_q0
z$#Y8BqHl)5QXHlwZzH23X0!3cL>m3d3gw}`iDfnoU>my-D=N5KBoqv)8l|ua$2f4t
zI`}-Qg*zH258*>+7<3)0&ajvXbj7k%u(`m@e?_axLr`{)8hV!J{x`=<61{^w`bjZ@
z%O9{X>qfv(B7ANbUi!3347i(yb!rAbwWl&%Na1a$nW1s#c_GOLnV9%0imB7;V)<bs
z?f))PafWV!=&M)>W;-DcUJZb=IC$VNT!}<42C(@HxJ_d-`JT!!rB=NqXOQMJAf!eO
znw|qxp|MFo8FZiY5mrmzMh|gS`?{bHW(d8HN%*R83`~jOz^GBQbQjf$E(jUcZry<V
zOxPi*A>A&hfhseK3f>Y4<G_k=vm68BO00r>=`$H9;JT488j$-u#ZEoO7Y$sWf6Onq
zk+t5KNHY^|^f}MQONnW}#?70x6yTp}CAtUEAeFhCE<{(??FMUBYI6U{zu4_aSgWo%
z@anl$Rn2Lc)JI|LH+wltWW@<e*orwP)33z6lDYma>b;RLQNb>vBig=T&G_}|#Bg;w
z=+bcW@499ZWBJ4&m2c9O!m?9}$WYVE+Bw-<$Ew0-hw?|m{rl-w%i{|p^2zi@xf22=
z>#|#3fsFrdqr-p$@=I*%e2zpbf42_N&Ahnl8^u=+WI>l7PC4J~pQj3UGz|=!^S5Fi
zE^6WzjntcVwfrEe^Jxz4skS&7khaWtxy)v}cJZ6w3znWNmFV5j2Z<h810B{bj8iqh
z5(PpT*xQROparzxfNpbci8`LkiiRI9X@F(7>!l_c4b|Qa2ZXx4<&36c+pdm1dT9UC
zBs=m4qe(z~VLN$qfg`n0G4NOWzaLJnW)#CkS5{XVp_S@=EBVfj+^J9T@{Z6dZ-qnS
ze*M|zN)5(W{<f_YH{qVC+j6TE2UhKSK<4zlHMVh;;7*N=96Uy+c#qF2E4TJl&%$+_
zVi=s`pV-csVzrf_CdM$KJp3*+E;~M`#My}BDzH@feRUUG-Y$1srDeIU3^JjwzUWUl
z2mOV699gz=ZeGf!HCHNwVqjSNmHgViwpeo#$BFUUpw{sbcPf9<5Beq%@u(!OlZWcQ
zzj=SKQLV_tpQ$2vd7VO*_o&GctE|>qCl6TsH{SLawZQCl&g#WM*(~RIUQzKG@?r5D
z|C07A{l1IanLipvrmp=DcCI2Ns#_1OY};9}E4pi=iYV#Ulns9m28C8?_Ni!#$#SRi
zgp!pjCO_a=hs6e|ukGtwx~6ldMhnGXJ#_zh#d)Q<@+0+%hK(H=)yLVOhq^BBODt2i
zbCz~WYBJvTcQu)pYnP=ThEeB-Xyf9tom({fSG2`c68xKl#VMwL(m&L)vAY!uJ*@mp
zJy8s#3q5(g_KGVt#H0UKTP!91RwMMJLn5y7!&-<H7fKV)xUNuw94g1f6*|)vX>ZBC
zarNcA+Vqjx_*En-&a``ll{bp@sEX)>TNs`-5-Tna?tHJ&pU0hQMwf8X+J5Dp-6x*o
z{GMymi7VBB^`X9<v$gNf<@Y|_%D2f67OtrD$S@06BhFOfP_Rp-&;!M=FKbY4dwqrO
zzaaAWy_AoAb1DXYYwugmx|GGsJJhngZ%j@VU|m@m`ZKsxa4GA^*5j3eVtoISRaR{c
zG@FaMY}+fxzo4D7$x!@(J9TS;;z41}KRdoP*ZE%U*p1?SGDE~ec5<qwWc*cWa;m!G
zefZBlpAu&jyy|!!Z&<Au_^G`<J_pqkJBR+GEn;JX6xZxWv~HO~$;#9pwH_XOwC(6>
zb)a#}<Q1oGk|gx7^zOYhtL&?_)1^m7>t#MLvyNH(#W?9PE{-QB)ShhBCw=?E%=BG}
z+D^oHgg4)1`zy*$q*m6S?4qS5w!iXcM<sh19BCB`{%6&iO%~dLVqA(Xn6>i^l$5pj
z#k0NGb$zYN^qj`LD}8aQwn4_tZ@^j>iW0;bg#MGY#zBcR9_G}}f(&9wgx-6`1@=x&
zjkQQpL=6U#PeN^kr$<PEA84ktmF+C8{y?~O&WhM#T~8Zb%ly+a6!}Y#_BH}-l4Y{+
zXM%}2-8=<<`yDG{i4|(i$L}qMhxBg~JwL-Ls$NgK4&YS?6i^CksgZB`JR`3tGqof>
z$=|NneNw%dgl3r(p+XuJlYo|Ny7ZEFKu3<UDyV_nrkuR2yGIi1Anwl*3E8VnYAx|6
zlk1yu-TWBANoeRv5i3vGaQt2sl%4Qna4Nx`P3tt{UfnXTk@UaAVZxX^6<|AlWlpWv
zLd<eOY_wzG1gGGCj*I+3<Aild!k8=J`NdzQU5LU~8Ny$DN_70smcKY=5hrsVS(l~J
zl4!hnG1X5&&)urZMRhWm=c-=qY8c)>?Zx&Z;Y4HqmzI5w1_)4a^$IvS>z(aMo}nMt
zNv}J+^_wNSJM-ELe9njI$%m=<H?GAc|K2jfS_!7W1NN&(7hffXsw4r25`j6WGLB&O
z^1)6^#Ir<Q|JZc#aN(N`A!ciu)#6sG<}aBg@J&eG=6YjbM#%0Fr*SR4PJQY_NFt{!
z7r$EI@h78vZ3TWAOD2A7Mqccq#$(jdkb-}z_?IxB@0YakbRIM5YE<4uU%)FB(kt8}
ztGn!V>P=to6Mjd!Y}M+i-oJB!a?xZfc{Sr;_E%x&E82YN8C|IupAn0`Hev#(PN~W!
zM*Stf;Dl_xJX7gSkT|?#WzsVmdyP}rUa3N`Av^x+JqeMaCld()aVRZ+&ygboa5OUA
zpZga9B>GD0YA_LS@JIi|9>e$!bEna7w^aCI%GkdpFYkWc&G;^K+b>GGJ97A8|99q1
zx(vX9@{$M}SoPXIr#$XRZA_=l1e$yC{Pjjblo)G$Uf8jv43>=xk@<>xy%XMob}T?~
z{RWSc_=fUyRMmlr?l&ciFTTPs?cEWl%8_9JE)#(@=Bdg_qA`%%5ZELsA%Qh1^eX7=
zCX)hyPrDKY44_rpI8#6*CLjtDZmV%?hx--wngO;9>lp^n)vn=`ZqB27-G5~E)>`m)
zpU?e(f&F%Mc=?SHtwZblxQa-%_im`fGh>B-5wmTEWvk3qg}<r!v0bAMFZ*Yk80PuB
z-&ds#;8o#|UHhEW)E1$Me6ER9RP{+2KQAqW>K8dEE!XVzbEP@h2jFpvFO?r)RUBw&
z!OcH=DpeWsp>rg(EjT`tQ<$vrvjE7^K({O1eC7{13;zhYZ^v9L`qR%7COKf2#l21<
z=3NZ0ZDvM)L*k(DR@DNSbKpjU_&9xD>a&o}QTR*9y*9>+O}r+Jd106n&aHSOS9MTM
zJF0b3llPW*qQt&&&K8QfkiN3*Ao)@Y7m3x&sCJ%XzYt#CtX0F%frk-p<J<VJ5ayD#
z6h#`FS<`4O95Xa8eK^Y3-{S$u4`X4`J5;(B6}1haHa?*lh&?#GM$`1GwD6)dO8krM
zEBi{8B>oF9z$70FJxc<pA=b%`j2~;CQTrSjLH&Zq-o&^V>t4sfrsVU7n@C|qt}xUX
zPFFS-tqOO*f#ke6-9$JTy@3_SogI*Nd;W<D%+8+m)HU~mZ{Et|cc;dRUZ%TVb7&_M
zE9HH{xZcdd44y_qpBCc(Yn~J9*OIVRu4u@w7t=)fqcJfJjZd#Eh_@_>WN~|Hl$br`
zoilpA{pU^I!s>#susu6i#xz=J569-BrDC8<xXiSTEdhb!-s}r(oxEexgPW7H{*1W+
z32{xeT!{sJzD~7~Xs?QX3HZ3g*xL`2PgfMp@4VR;O3~*_Hqz)D38{y07|l#Rg#(oC
zzIr$t;pk&;%U5_fFGIZfwk>H1##X*;Vl^S3-g{<Tyf{rFEY`v1(e2s(%O`Fly7cu)
zw>jn>RB3NkO1gMhT~?OBM*j_fn;P*V8LGmDZIp<B3~^+kFIb`#gMlN`-w@OUI&3fs
zg4HTzlL&xJ90K(CGm$kKHnqS6$&YMckfI4I`sEWcZ#HO`%7FT(#t)r!ejlY(?W9-h
zdr7EQ37>QFKobZ|PJK;AeF=-WVc!p5lQ7hoN|z-9^Tg5AmtYpSMP>k}V(b!p6Kh<l
zbw_f+^ul>S{4Buxn+sq!BbdT=X0_*=c{y=(Kxp6PrC}`rB#FQtPo%FL-b_DyKCE7*
z^Etd42iES&^LYvIbqS!FM~|=N2uO4SRLO}`(k}q~o8|nWBY}EV+-juS!ky#!IJIkS
zSgSIHf5uX3=SyWri$A+xKMhCjqDQ{LCT8^VwsH+(ZsV~J=s)Q>6J6@HE&U;R!>03a
z{caWazFYinX%0E7|MQ;|HYDrl<O?{L_82m|LlsYS()#FNE<AQP1GFO*fh#zR^ERnZ
zR<QQ+dI?jYo+(hT@L&@${%ld8V9Mog`A&!!zq=J<oYR{*qR5D;mqgfP?|UaEaq~z{
z@ctdK<5Ll=H?mV{8k*rjDx3YI|MgjEG!8sj7jL^>C-G^Ud$=wMahcB`yDevwwnr0j
zBE6qkG-<|P5=GCj7m@f$ZqPiW0IB4K-0?PPtN)>@aSZ?{;+|jdZj~{PG%+)QO)DjY
zb?7v{miBDd0P<>)ztf({r3EB-jG1%89W3+0Q>FI)Y3Z`UGPkjlk`HFj3Fpp9v`pm6
z&I@fC=d|E`TFd8-m1MRH|MX!lMF)dT4#u&X{Ztq>ADqSQT*7NgduyKR!m3P)y<C>h
z(~BWBHaG0JioE$%cQ)KeY&*XX%QeP7jfKs3PFGzsBx~+U?Nj6ptDfmJ^39jj5ad@y
z)gB~1WuTSKIgnX^8ZFFTaXKwnS|q#)Gorj5rt7I0*zVP5)PZfb=|z(^9Z)PlS+fol
zN#nC?0zBxPzf?=JIW52{@bG|DLUr~AxY!Scq4tt76gm|4m&Tzr=rRjFjSkPA<;ILV
zHXcCs4xrYp^a>A!pvc14G^APM_hAphTy<ZNt*<d_Deh<TR~=Dx?iqOQN(IAg1prKd
zN$_mXk$!e)q}pfU0qPg~A5FF$uygH2pHtaR9#)~-G@v87oq#_R$nUi?Oi=x*lx06m
zvCp<WT%YQXd3}$y{t?)gh=0E*?9+&T=@st$?$w72e{Krj@J2R@O6WyJo!z(~zD-6K
z*AiYOyx3kOmcZ)4L`kCXjAQWA2VKNx9yrn^C$&+TA}-qD%GRB8@Y5*|GcP`Jr(22s
z0A1N9JcP*VpzDPDLU_4F^t_&pzS4+vWuX2k`X}D)<+WznADHyLq|H?F(#ORbWzUZ8
z4tQ2`cbdIKOa`nHIzJ2c6gl?YGE~kwY4-3;p$+nL`a|2=8i-Uy>GBhX*qtNjhn`Yq
zf0lt|SHk4x_ANZR+kW>}1H7I&e+Dkb5EM}$cyM`~gd=tk`f~^mEQ3Ed`}UZ-38aWj
ztg^}X@Xq&yO&l;>t?bV(NB8gH1MfZcTrjM3VIN7U9RTW{Xl@wDFBr>JwDRt&f71{y
zSo9k>rze1tH>(2Z`3GprcqVP&ajG+c2x=#aSxo<`$TSRkm>?r0VH{0t5%6sR^Xq&U
z>`2KZEd0YOY^x)*8bOoMWT|h-Vgxq5mMsR}WeVHli=5X1RL)LG&Vz~r%SoQ;pVrzK
z3l-gZ2E9aAn^PpM&OFgQJl%SVdK{U(Yn=yoQ%MdY;yb%A^!f1VNImI{B|j+~IKAuH
z9~sXzpVm9A|GNHzLDF2p>L^~2p;F2E*k#bFJbSL+dGMR_4C`wNE6oAgZ@Pu6TZ4iN
z6?8g{3(kXjn0rjcyfxU!Idd_q;!oxt#tuXRj?pfM_716%NBcm>13~&qkuYuZ1$>>0
zW6Q3KU#TU7f|b}w%{tv}f_^O0wN%63bdyXTL@S)fj;<UZDp1X#xNqNd2lN0-wR_S;
zVr%5~eEfRfOqho8c2*{SG5hf>;OLh=*l(jA=X%0j&!QbP-S3zkVuAnj2ovoBO(e09
zl~rHBhJVzFfAu6&Z6M;fsIbvqW>RGCldvBQq!qbo+tx>!x{Oc1g0HcYV&4|tlz9JT
z&es)ZH_f@h#$`75FBQ+?IdGOeLUUn)9NzfacwqZ4cV)=gSxIxw+)U%S>hervAEj;|
z!SCy(98bEXw>9v78ThyiqT984(E?xM5Pkj--9M4Dx=5_umUY43M!y0Rd=8w@;Y}<I
zNVab~4?t`MKtkjCC^a;1^gf(dXSo?C9k(nmVBgxFpK)(FuROo@?VQkAT^MNTZm}ym
z5shlOKE$@afkm6?CN6Jy-oU1BfEgs5l(^0vLvNsta}LjiyFMk~z+P!3Y})?jq@-UV
z@*lEoek)?98>QE5FJlzQiJAgp8v{x$r-V2upI@O}?%+cT)6L`-sSq|bV**{DCX4|+
zbFT-;@r#Vn9F5WRlF0Gr197XaN%M)no3*Vp)#IV7@znK+E*=qrZ;WwZ&2!>oTF5vr
z+|vsIldUAkdJ=S7+=wlgzjAgc@{h;sjj70$0lTk19qOWZlhcPzxmitR8@MHkM6&20
zvUD4V+nZ8{^+z-t_mzgN%C5&stFuYnbr1GOZQV<E04O?CB~v33qmCtvCUD6y8}B#e
zb4kE+alouj31y6J+b?toePOjwSCOT#E#|C$Q^jmuWl)P4VE?-&QH7}_KuR27vy!W$
zdcnOKTnad_jlj$Z!c;b+^HS##yQOf3I!L`Qhe+Zy-QndU*}6Vyp`>H{O^M;nxxokG
z457Dr120}(zPPLtmBe{2j^my9Ppzl9@T89DMwjLSV!nueLU+Mp32d<X>SvMe!lW}s
zePMS_Sp;d9GijGIUo4&Tt8kI^Cca!}UX4q${SFXi#)C8Mi%2BewhaU$R<MC|15+!<
z%Sd9?3*yz2FKPp}lTT8jwYN3!Ki`3mi3Rp!@@dm;+rGU-B))`-h)sP$?d-RfN4cQ1
zAOU(V1+w|_o3fJ;>vd(6&u>b959-+<>ijaHsZY-Z59!o+->CLTt9|o(2L2UOY%&z#
zzi7;ebuR<*el7X+hIZQ}Bm0{li}_;8mgu3SFPeMu$c5DQ<YB^Bw_Qu~7P{@pfo|oz
zLmByPT?<xGjGYnUSqBZDbWDP1z*#f^<y=!~)^eRB@NE*r_Ui)OfrvL+d)E9+{qL$x
z{*joF6n42*2dVRlxno=&<EXZYjGzUbrRr&<t4B&?s2};!Y)=M#1B`s@ZD}Z<n00A%
zA^D<U9cgLIts%IDYTnoH_Zy?Lwo=NPrIzgt+})SL4vgvEx4reF(8@Xd0Pp{B2)un}
z-VUM^O|PM9)#zi%Z{|fGpx0W}Z`7(3BC;i7!X%{MbX=7Nzu+yxNaFv7Hu6nK6ls<Y
zKd+_<ro!4OT546d46j+~uQAtwxp_KN+B6;t!lwn7Yi{J{aH|h?%n@*N=ysmZLZE_H
zpXm<%x!16UCr-YSF}cGH1(2i15o40>8_-U^@ksHF2}#b9eh+l7Xz7~pAgjna84Gf?
z-~gPrqt~F-?7}I$n3ttAJu~vNBhfml_CkG?X#^Es(Djg@8_l5GWG}HN`Tf}bGdZg}
z^n;d;z&^nVO1eT_X%hG0X2uD6)C#;^#r4*tU<^z&yg*VhVN=p?FY$1f5@C7M%70C=
zXTTn2u$CLr4Ub_NC)?qK&0&=xa1k3A*waY}4HeX=MAm}~pTnh`6hn*lM$>=hoCi$x
zNBc~LI4AwF_mO-IW}FH*7ce=UlM;MW@)grnXSSm2(50U1;(;jxz?eoX*bAmvk#ZxX
zt(leP(%2Au^DhoE7AJ-E(Vz74@>#T;Zw7{M8oA(`naV7~@3D1;o=R_o9Xkf&5bj!i
z9ot1T!JQgl^B5VaAU$DLEM33puX0*HLW>)Rx5$Fy>F`x0E;{Rz7@y>gPVc@3#X36m
zo5dKi!+6=FsGlt@t3O~|bHZmipJKhOjW*Q<zX!&t(2zNN5gfZ0!@Ldb|16hC%bwGo
z2V9vj_;P0nitVC5@i_PTR3O>OOi}@T(?_Cj&VOIeV{oe8;^*VBO>NPj4jQi^g%ExE
znoi^aHu_`u>eT<l<i+oNjOJdG>CmbPNXi7{cMAI1;N11h>Il$p7;U*F4siYS&5`a@
zB%~{Hz2h*5COMA}?K@Rh_!1M=Tmi7|M%ww@4{^gYfJ*0FcoWTyXy%4qP$VYP{aH{)
zw>8A%GQezdsu=8f-KVY%yW=?l4)~i{l+<GtHDP%_L|e)T>+xTqBcBfVcL+ULTLhkv
zmEE!<7QlpX>(^T$dyr0#f5lg=1Y2IB&}Pxj+N}rNai@BYKr-*E$jj+lx9mULwb1+8
zPF`xaeZ9Y>i-29LZKkvgr<sWEx_=`?OYE~U%-+~#PX%X<LaJN0MPdTzkbC|aW#<9w
z+`3gukp}_pbe9_<RQ@Atj<>%BwGt`DFpUogRsRy2L@^vBUJUaDh<L0Czs>#gM5^=9
z;~*e#TlYv3QYvY-Nw_Y*WYPb`n8NO2oLjjS{n_%EkHQR4IxNEKTk5lzDWfuTUbMSP
z!dVyWS@-aFzdU#(FpSEhj3=W8_Mq@aNO&WUp5)unMKCPD3%1_~wVd{ev_~kv)dYRx
zI$K3Y<CS)TZE8czA1u>rO}0uQQ^qh-F#pdfsS^O|4V905^7vu*grIwd(P_h~)v+T;
z|Isy>Tc{AssG{cIOcR?NcPg&IHGbVC6;rK@EBPx$!t+rM^TqTB%-g%9`+GkT$4vzs
zeb>1<dHIBy@ZXCs;gc_^(W$SAaRPgL?Ek$qX?rPSwIYkbCxu~O<mw_~b+{=6+a=Yz
zCx?Y8_=s9yXS=Ye{v%O6CxKLhVI<Me9R+9<#e|+U+5#hxj`80O5vr<6^WQ-MhAf^O
z+kYwbMlxvkffzayC&}K^(LP=B!Cek#-PokFEnNP_HJ6A8LFMa4w?8g#Ef41Q^|EYA
zjrfRT@VyzC9BZrxoBEm(!=4stvG~d9Gsv8nxx(7&{kIr~FkAXJvpFuxKJZ*qBLfDl
zmN{ikuBEWrnNE_~X^}CU9$RMwt6=^c!Lkj(44)%eAfN0OSVg096Zkp#;tafs1k0Sz
zJ`gMh<c^$qSP#y(T#2-%3qPFE;PbTr_?k@8r)lu-eSlJaEL(@q=UV<<ut7(bg!o}<
z{8x)<yxWKSnZrM~-D<Ctn31SCJo@JIMjyrG#$Y3~JEP<Jlq*u5yV&UK;v~dblK<pD
z6WX#5=B$pT+u^tGs;v{<ivfBmBTI~>P{-2CMZ*U?osNP^v+Kp?JG{#)iVP*U%|!w!
zhry-7>MMhSGur%rv}L{$LrZ=3f$s;r4&P62AHK<}*Iy9(%)JgJm$A}%R(2jSi=Sxo
z0?yz9xwV6@*de;lZH&8VqD4dR@NL*P0JWls75fcW`j~U9A9q;DRtoG(+0PsAH6o-w
zaSm@MP~J6bO|HF1rPhVa)wX}vXC~S~+x{|<)jE^mQTO!XuRgp>|FBoS6*H`9^V{NW
zZ8w>S_t8gsV&^dD7Ct#YMr`^({Cz)so!MI>eu}!~xrXVx$m-upqwGGc#9Yv?Z<lF8
zM0mWplF5lux6bg8zUsP?CmXN>W_!#w-|tD6=4C$VoVu)xb$u#0_f5N2T4#6OtE4zo
zy7<*R{}3l@-?p8GD4nFHk43r7=sS+hJE5$pETcDf1D7)!J!L#3ie#B$lKx$Drrg7X
z+M)W2!gtPV%?V_%lssI1I<hKFGT6xH(XTl3(_gydIOx8tGK$i3$ZCNMDD99*_eWK~
zRp9j<uzSZ}vIJ)4epOu^Fhj=>21g8sA?MZKbZh)I<>q3<MI;g*F)oa#cz49K+_P?V
z(V7|moY_f#(nhT^acpH_`U$r?MyX2ca~83z^0e^|>1Vu_{TRaZT!cqH<phm?H@Vh|
zY1;=o9Nlt{Ea_WdtC#S<iBRi7Z_$%-D0vHuQ}hGk_RCAAE0}p`D@otimZ?@$bxxV%
z<--tB+P3cVo!z;u_c{mf!+iDhaiVxE^0(RX*FJ@kpY3Eu!}Y)Wemm_8%9PPomgUZj
zPN*|`CC8tvMxkB<)E>0wHqA`{b?sM?qN;atZ2e4d4qbEaq8C?yyey#}3PzTqe*F4<
zgHNr%Y@OD*%l(4c{cJTNc}I?Vn}xj6xhUK0{P}8x_@<oLnp_zl(_a3Mz88Yj*83d2
zh4+h4?k#?zb|%Ibf}1{qvYLXS(zt=?YJ%83k$qcU%c{x?VYhVwJ8x}PlUvPR3CjzL
zTjOSjn6*peW~Lhmo=D^3q7Gv&W?2~NqU3Q%7H#ExDwf_z6LUZJuA+-4MJMYK^{et?
z2VE5EGq3YaHzIT?*(JVvpgImE((D?nB~fz-A)Qk+eV5yrp*kW%XBz!ZTLq7Q9QiVn
z)Z4o!Ww(6qim;(xQf@3t<e#j29B25(md{Jkvk*tdSsdAU9FZD@nW3L(Avu_Jj{eQK
zT23V?<;x+a%YT}7aT+vpCpGhW6%1a^G~sGDg@%drjV+QVX}|oy<U(+__s)BBNLZsU
zT(vFSF29&4Gb(yiwH@<CVRU_1_YHB_jWfYPf`XZofe``2^=G@CYNE9qq8U|T;}_z_
znVJ8w^c7HTJx|-k3B?_XyA^kBafjmW?k>e4Kyh~~?pE9(!7UWGQrwHXzWM#X@0^^w
zxs#ban?1X8pP8LIqtH!;0lYk>t}9II1@862pRl>26T1~;@T`n$-k^)chx_c^i|#WC
z?kha3YFAWz?<SOxlDZE7^gYVsrR6dp9*-hONUe}x7a!^;ZW<;+=j$pZxuTk!$KLV)
z;C?J5V0z4zg<!CWZLgE4+D4JFToDR93^g$0NEvM3H)5x`v!`ZlbVk8O=dfQUGc+4|
zK@NXu9}Im#&Vx3+7t|Kdu2GhX$;|fgl#NGm8c~k~RJd$|wCR*+n2gp@JdBby8nPM7
zutpZX)SU4%Z(~|MyULtWUO&H)B|R!@Nox6By;E}T%Lh`&LCl8#o}Ft}ad^`fqhL{e
z#1gJoRs&(51ojT0*9ka2z-jl5tuU!w#c{Pge=>cI6$jd)J_{=kfWF&ypMb016&vL1
z==eG+hjWHMV(}7C`B)_I_*#F;p)aMEe>3Fz`*iZqO~zS+Hr&oDLEe}lF=WfQNfi>k
z+H$7!@B@!k@#3>$gVCpaK9~8Oj?mw;1SV+;s~_K%Q%BrMKjN(7(oyG6FevJb^Xgb!
zmauQBv<^_kq)Q<e;F_|6rN|(k8N_9o#HEGli5tdKiB%V#fg|p1(U^gZP#S?&>ZVa@
ztdFwB^*9{n<vKYna$m+Kecsy}ym1irWp2eziu1L(*w*EGlNzwRbo9r8d>UQ1dbW?S
zHp?nUzR)`$;UGJWj{CEcw6Hd(o}zxzI1c2NP3dr=L0Wjpw?yMeiZ)+?Nhwn^n>=)`
z6fmN2{jDvP@--bZU_K{}lABSYp>f<wm_Ss`gY%>a3qoo?zS9w9iM*rZi4O_Tk8laq
zv>v+gnbu3s+;LQ_{5{*6LlEcVB%v-^+L=b{!KBdebU*-+O7I|s+>#s-LKZl*7v0>F
zQ{Usil>S3FZ`nK8#j^x7jbl4FB=r88W{@FNi?6Q{OQk1afoLyso?{*M2s7IY_`*xc
z8|oIrJ&vz-!fwr>m|50RVAzBob~B%7hxl8P>V>ek!y4-nXi-eo_iHb*F=5_mCT<+j
zg2t`<EnjP4x1<qzfARjnr{6^U?W?Wz4y8I8C(X1{73}UXVMl1=GTZw!7kjVP5*h3E
z)yuYPB$@mp_(zpL5$zg#u$_JBd21;Jx{fw86v0bT5!SB5E>xuLs4JVOJn&x8(LU$f
z8M&B~2jZt)8LLV03<)Vc#9uh-_j(L#P@&cgW=x-?ArmlNmU5Zo61MkG49_0@4Q0z~
zOao9ebDiIC8Ve?9)A<`_vE`*R0o&3ZX9X%y3cc}qJ)~n(sv(x<N9%J2hJq@Zl(`k4
zoepH%{-g;j;d^a75V_{f-Y;f0m(C6%NPyV10Sh^=Hx}gcx1EmHcRa{YJkG(z`b2~=
zG2^^?C(}SZ(={cl`>jKbypC>Kb-6STsB5A9JFg~nO;tL5K8^?TOC90mdKJC_$6giA
zxCTKq7DA7OyyherO8H!kldXLaO{AB{-Y%#;`Em@LKNjZ*(MA^d++l{UMSog7jmM=F
z-z8faZM&AtJluvj(1ob22qp%u@&L^i<J>hSo6`+A3YI8n<|%aA;@z<zk3)jP?)v&}
zLk<;RM{6i?)v0;ORc;*6Ky5rFX3??-BDc|nnaKrLJ9j0Blx@;)(O3((Lz00iHc-~>
z0P)8A4ztxhm4}Cby3F!RH;@qr?pz0+wqhd&GJ=>%-8o)e<|qa-7P-sN<Wn&FEnHn@
zpD4x46ZBElg(FE1TSpx2`&3z#dB+2Aw0E;s$6d4-Us)mfmcrg$R+n$q{X>R%&NEwV
zKtp9u%hzBE&QAD#2lzgt6bG2S@31=@HaxU4R04srCo4O~J?EP63;jOV<&d@@=h(Ua
zQT?!`Su0!}|5M*m-q7=`d7Jnc_sbzB1-FJmyj3m0mq(+VXKCi}18DR^UEv-KuoT8X
z!Wan?9SIq2&xjV+8O)RV>C40CVEc+jVeB~i-33)Q`?|t!EdXjecQng+x{?Ka;$w~h
z=<c4&wy)436;Bd$SjgJs%-83E68&bgs}FYsffy&qc$P||GEzOqn4l9`ys4B+gMJ<f
zDfQKhV*XlmQ#;boxPN0R^4BEW9eB{?B4xCLy=D~I(1D(@93}|t@@yYmR7n-%G~%LZ
zJ>X((l=cMNo^TeN5N9l}cLK9KI|ip0X>%(kXz^7OR9nb0meZoHmTt*WqgKS!Y17pb
z5;YPOPNTUu#|K|%Tf4|itwjvY%6*dx3o0)SENSy|u64<hT5?N%IP{mi|2Qy`-!Ttl
z4=oWB-KpEfxJA}J!4eLDjw}-AJ;BGRBDa<*jXvK`J>eqTlwQf@$3fN5tBi1)L>(QG
z7{jGO%M;N11V^}+%=#+5jYmb^snP1qiR<qw18bj;)AJ~_f3wnqtcghm^ChO%9ctcc
zQB%Eu&=#fG7#~)-VfVct8dU_pfhkfScGqsvEtdc?NSe(ThWTI_{4iq7C+^Lpp%BE9
z_g-7`5711dJT&cmyO##Z9t$Z~fQt3CYaiAU%7Kl<5%&XP?Cnoi|LanYb-RNz4!M;0
zGG+Qj8rUz*nXiz1X%INoW(V2nSS!GE3Iy#4K+53l)uB5US{YWW_2ANAstkCa1MR?&
z4CtYKY0y>%WL2^h&Y*t%+fSb6!&=8^T7z79&r5siz*KZt28>jCtXM*&(ZH}EJ4vt;
z_BIqZ59HqNKp^!I=HpMC;e!t885Yo`<Ef>XaFCCP{f4r8x&Ce;oN-x<1&KT9FV`^P
z65p|cw_kYK?&y0<@Hvwy_o=Jv_*IvfvP)-QpWL(Aiy5e#zZT2hO7tH*WIoB=2OjQ2
zRjTnvP#V6!<-Z3;%FQ`p<`WcOc<o&r2+z@|_F_jZa+7{knrDmf&+6-_gMF`EW_vGY
zP`nmYt`Kj_j=A?&udS5NANiV^N->-W&uwP=xJ4jJ?c;c-{;+!&ROHNim-(c75tzE@
zpB%K1-O$ydqZ{NFeZb@a<sIXNf9HiiA%#v*yt?pGD~_>tPAet1E%oBU^W%_vz#3-J
z>Zs>JP-^$aOH*Ur+4*3?)+sMA%klp!XSA2725ul*p5H2FYs;2`^$-MEN^D2L`as9^
z_^Qi^CGTG7y7amWf^02Dy}V2oaKy5du3GikSkSM9_Qqx+W7^yifV6s5>aJGvlC;;^
z=%IX4!<u*ALY?Y7vLo<KN8;F%E8qT4{DrMhKnKa#N0uXpVRwkx)X<fxHNoXNHBbI^
z+%rZWw;}pq(g{>MQ_SP6#k04Qy3f_S-*(UCZ_edcTWkA)BJK=CYK1U~Jx6gMr4yqx
z_YqhSv~v)idn4SII8q_uw;6>pjUkd_5Z<*n66jsfWhnKZEW@89<}yne@#}afSPr7J
z@Ystc+DKxrpw?C_Bk@jxqV-?Q+LKA~Knc<gv%quN_PK8i`#Cx?L-3w^(UnV4s^vHX
z-+33MgbCO;IP!C5(wNI+=*3;=3p2fTt}i9&J*gBAY4C6u*aik)%%J6Hw6Rn?sA`T<
z`^;dkhuvZLkfnfT%HCADr-OLcWjI?9<!u5?B8VlFx6I$WE;A($VC+o?omE4Q@Gi`k
zPM0C>WATc=;mlT=1fXr!ZGuD}-=xd3!c6l&8bjSj;y!=Eg>tZFKP0(%@iKeRcCRfw
z@Bj%qR;N7jSQ(ZM-p<lT7Hasu{Z?vw?-b=@H!`a0wmsZ;V<!*t(-yC;bAaX}^W0gB
zGx;~{iL(^P{_E4y)ITR6dDot<C*ruh0##|9U{|L*TFa@j&4!_kO$EtR;iWInF8&}7
zcZHDY7w@`4-#-AxKOGTwUi7DDtlS>gbX#o{b%n-VIDyC0JlsZPQI}8wTr8*n`;Qs1
zANDriFin*cXH@mN&4t@oe%Oy%(fh0d7I`iohusy)#DolegvOb;qUL|$h&FKHaWww%
z>WnS__<2<M&?<w8m<61E)rN}a*?3({XiY!3nq~i;IfxO>>&L<Ho3?Pq_Y?((+PsGG
zY1+G(yo<0rg_=hTj&i}joHV?jGZk1UGF3$~|1)c%lmK*!sQcK@f|)K9nF=*($c2i?
z8Ox(%Pz|jgG022ejje!6=}!itr9-jj++%4}q6DH*b`CyWQpJTW_?#VDs9O{c_)2=I
z_lTC$zQ_n?(8b+%Il{};qzqgCmO!?aK+eyhtG--69eanWVYz9o|6rvE8l|w+GTbHl
zW$tU=cE?9I9zb{Ppu43XX7oLU&$`-nYa!*n+>ywhpg~cVGij!?u(tbr(4c$A?6sn$
zl}4-m`^PP6-by6OI-~)?8BJkpBDw$=t;Ybrfp%3gMgNtshAyOpgKj_U8WCR$tlue^
zvnew8x*~uaKhBIT-h_jVJDTppu^oZm!BC?r_}C4D4C0AQ+x&6wa(z)%T#+H+K$53k
z_yZP1Gnzu<2NXmPB8%rB6G5T`MIU*MyXg}S-r{JwqoKMzd;{q17vobG?C|&D(_+eq
zd%-PT^V!snK%c4GD!RLC{YAqDu&`(9#J%j@Pe1Aa|CVm@WC~+oXanfp^H}jLiPc^7
zP!WVL^}rn+F3?6=2a&7zOG=%8f&)d*w%>qb--Pp@S)*O@{~vg6!x(77NH`ddP3}Yf
z!?E45Sm-Ywen$y^PpPvOJ9c2Sb@&YmXwC%2p}`K;%BDfS4%j+=FkYV(n%gQcOv#!Y
z^<uAkK<5}Kec_FIX#WsCN&W~qk>H<;g#1AX09Za<eIuF6VDDxlA4&-T7~j(_6MiY^
z8hXZhdAjUi{+}D`swCpFW37#xvWmQ*EAko3>So7X`+sh%4t*Dj0c(nat}rC*W7Jf4
z?fJ{8w#ReO!}_ZmyXm`$sJAmZ-8v!5z7r|bTO^VTF+9NxeZ~~^{xsgPHnXr^%K=n%
z{E^%By!SHNQ9SvlP6C-U@<Jj}7|8C2On&PeiK&dbRqRA6@A63=YHIASi?ANBo)NpZ
z8Ne5GO+{i8W9+%}Su&WSS5HSDx!+H!f-VdF&x|r!5!QM3>+lB-l7qMlZMX+I#ris)
zU*9>r6QDk<r~P$DrUWHa`}!oqPfV*P#7c*RN*9wJnOzQco@wrUVGB=_Mi&{#qIp&_
zI9AeJOHZr?>TN}UwIaa6O71a}N`*sTrc6EuynSrNAf0+Wp?DnOTc-VuIE5Z@HaPp#
zflVhnPtS@Cem|auCZ1+yH~fP%mYd8kFjzGPA9hU!i#MJMtP+==E+YgPw+iSM_j47y
z9by296$1;1KgY#;<(o}C`8b{pz0UtC29(OUi?uA+h)?`pS0NS5X7}NSIpgDnOWBS6
z_re^acY7IaO@FSP6LRw#7>=6MMbyrl?Gng6aFA1LMXMtDOMW9M(8HQ}#tF6XmJrr(
z1!a;*B9k-1#9XR*z4pT}wo&|6KmpCI@L0$B`TZ3}{BFQGfBH-y3yc)OwV4Ffkb={e
zZmddgO4yWKvz8Y_+R9>Gg0>e;fu#8`wsb75PaR>YGL@Gkm-NJlhfZx-fc(?VK9cL2
z4k*3x<-&+eVU%bh{m>XNw1U+V$g?_DJ=)IHg95SME*JbG?){qg{Hw2{rc%|f5Uz%i
zH+X0S3ngI(ju2|l2a*h=Gb3J1^Mh_({Xg6*c$)`_!ewscV3_>V5wF$Z4L<N`tnHbC
zc?oP54DR&xrv1Fh2OGZj@iumQKYS3obHwc$e;7O29KfqJ$<CJUB9fltt)1=7M}AE#
z?RpJ6jAIvXz2CDrv?`UguS*hNAL#ROjK0Av)3@g|edycE1!4ld$0wBrt2j4ddL`WR
zH|f|JW&G+~izOq;%Yz>War88C^k7oFz3yN?3sH!lmGBmgJq0vY1a4SdPfb(--zVWq
zz`t<1`yFf71b*0|%kX9yl0tnFu~O$KYK!4Z^`|~pV9>VCi(dj;$-f;y?e-&7Zlj(}
z?O6U!f;@0vpIAjU;efv9<PsQm=}(EbfU*no1IHvK3Mh^9*uiE>Md?;#AS;y@3RO;3
zY{s(A%2ex_g9K_P7NO4;jfq-hXYGmc#}fpz_w+bbD*GR8(H=dF;<i}vXIWDKd2~6-
zKmBD3uSF~=<MI><MY704|D*tPQywc0l<8gsvJ#%20l+E%i+K0JCVYI-#=M9*CFwGB
zsBk#Q-vIuUe^S1TS}o{u1W*R#etDq&${#Y@3eBt`zS>J(&|IKM=`S2^@{dFGJolG$
z!k9B<o(+G9ISIim;xKz-L(8JemgC;9JH+L`T^lNB`XkDevH2kIqTW^Tyc@9{Rx4|c
zxDIDHFnW8pQLbI(CzhAO+?#=vOgSdH(iT&6N_*~ebhMEQrLeU~eip<M)w~-!A}0Lz
zxi@TFvp)Xa!OrdF0Z_02M_4bO+g|0&IhRWsX7NpVhhP2+L8di2BB^<s0q#s`0nV(b
z^}wG)|7nt%D|y>*h}FW2PM4(p%*JoIiD0Hke$9LeGM+y)%+7B4lTD{XpU_-<mO}XN
zZAMK$Pqo-X*XHlf!f7Ts<1+VCgszPf=OLV(#bwyiinKa037+nkagz0fk2`B{u(WF}
zuyDQ~?aQ!d%aXA!AY|0zQ5u#9Y!n(QG#W}YI$R^WORM7^6bhnkUceT7bBtS4vbzC~
zpZZjV5>z3-W<z+QfO}E!_d){y1w8D%Q_Ng5)IWs4vzg&M=*A-i(PF>J()a{^CbRwo
ziZHto_~<l_v@SU=fqECiP{7hte!#*Y9Jk3A=leA*9VTd0KB=ZB<C|0gD%H%S<(Fbx
z;L{v3ZXar<NL(U+oB&S{d!!T51(+LDY72EfbN)Q`0Qt=UR^u)EGmn5+bAa^X1D0Pf
zT(sr=OW#Cmb<8uSbsHQ7O(#687GB)(g_DaD2WkX~_g)2<+wXD_GRkq>%DCv$h<=56
z+8_?_hDFVT!xV~VF->kM-fEMd34CLuULVik!sa0ev9Q7u&;=RsAzx;ML5$bXySHU!
z?&WCkd(@gQ9cla*pEu5Vpik^}Q_!vWX3BuwPRgw_9#p96dd%093X>~yE#H0NWqKTb
zhYM?APlmZiCbO&*b-yob2!(voeMxo>7SdTfiI#dk6ww!bc_a493A|A5+4!!U_+}8~
z5D;MgqxTXD%Be5iKb#*XylVsW>iY(cPpUp>^5o~<FZ{(<jdMO^gRhw8yCHz-hCr_$
z{7r;e&#T2Aj8mKsF<zFohi;Hw;T|I1f`c4;3&paG>17|0#s5(3Q6t}mrY2Arpv=mj
zU~Ie-mS_ra0ynG09K^U~gO+>Uh+emzw!S`rZ@*ZYpTGPRAK#GrN;Yf+RB=T*l=j}a
zHF}{RJ?`C311xHYGX~%~dpJXb3Pi)$9S{rWBh7CVUrRl&t+2mO(WKh(szOMHIQue{
zbcAy@YZIQ?{@lhd<|r@-WkB!Vr_S;nUaD!am}s%OZ+BcK7zCK3W^yc#CEUBZL_f5s
zAzP~b=xg3o_73>LQVA?)Q75nJk{%0E2lSO=2gQKv5w8b?L6B=?p8N;68|6f=WA|b(
zkJb>329xY{?l>3ODhv}riInn|O61;~90Q38gNrl!mp*T{frw!Rp;<_~P+>ogb1<0)
zn~reW&#8&b)1^mBO5upj+5p6vf<GVc=YyLcfk)SXjXqEK!}_zgSDv3!u;QDroS?sA
zWics|(-LM<OzS`Pl{fbhfN>vn9v)SJeIJnz@Gma3=bI0C!tXPB5*y45D+UevpFaXJ
z2#B}p_rhwwY?HXQ;#MXMj!jZm^bea(s+)yOQ-L<5CJEM1)^#KwvK-+nKRLF-p4q~;
zapRvmBUF`RRh3~i16Vd>sh3xVYihrU6Pt<?4}4E-dpuDMWQtC8mOa@njcc#-SJ)qh
z?6+AQcYecQbA0f0U7ht)v#KK$PD&Oj{0U1Pd7bZ{Bh8;S?3bJ)?UOm|N5!{VF{Gms
z%|?f7IO#X*#!>iawvkd81ArsIsk!TTH~zkzG;M8}Vq<dWavh^9<Qte}V-lBa>=dE<
zra;^GhT8PvEgz^t`yP_qC$rT)l=+BZmHkLN<$od@xEuecA#<aK5x{p00&Yqh-fB_~
zl7yOhwl&~TZi?EGs5(SnBwqaZG88)AIntyVK;mM<VR~-{_4WK#8-e*e3qXVJ^=Q}r
zTMv*_Yojj-yBVPHFLvmAuWRsolIzQM;ZMKORD((pM4!Fki~idMY)}mCwoI0H8M4$5
z+*ElbnG15u4SjirzSMVyIWNY-DYdua$%|6pVJUof8*6%=FfyDBcC%7r|5Yh4T;XvD
zJpSvPO4E>g-v3LZCH2D)7&L(#IME)M!%EF<FuYxF-}vQ#F`h4#g!Jo7-3V;f1hW0D
zS?LHIQB-_e`O9>4j}RGuQ>=>~+Z`wVa>1cb)=Yx#D=+?qj&cKw_0ZigY)4c)WRlln
z2z?NiCj$q1!r7u6i`08yU9!Dhw3Bt&pSTD7IswQRyXwh_JkCIf9EJ%wWtSO&`Iv!|
zoPpEa&cAuT2Q*H<hUU_+j=_qVw49y`_TG=*&Oq?1qX5>JY#6ZivG98$m|md->Rv3P
zfClhhewn1D0o|A%Ee9%Au4L8>c78zvO6>f30%$2+X%p&;N?@q=NQ@nI<(8Y(y#Fvw
zaj<=mj>EpM<2OVk;nKdG#Gif@V};}Fpqa!!;1{M--471cbv0lWtE0&^9^1XjoS?PC
zqjbQ_nCR66o@yGf8WF*NmPm^UOo)b_!hsLT;JTw@_pt%f6!4bFQ9nYBI7{Ve?6@;V
zfvDmJh#8}usGw|A)+A>x<Z@1+<OPsD2sLB02^CZfCDI6NP-%Wm8ZG>7Kvk=SqgS_&
zP1KvsZqt%EuiHdQe_LPtSn}q^WBP8#QRzJGl{>#-{!r4}lI;@EqN;Z0z!wQwSt13e
zX?UR(-Vhfm^a;c-?fJ!Tb)I%aVE&Sp-Q5vTRw>|$qN$-&)RSo7Eijjtj4+K*BXcjc
zsH3bg1g9l8MY!0ZX^$s&m~9G*aim`T)2T}pv<IBm)BfidV8mI%-d=Jmtua;@)tN{$
z)0c74A4zj_t9voLjVerqG1n|b)srD?h-cm_;r>#R%l4DLo_f---1v)Ff6QP4&-q2P
zBIiO1hnBx0L{0=D8Shp@<qhN3AeBt~3`ar)F8q71j?Ac$Ohcnc=XZHa>}X53+d&I#
zL~FNOk|`Shv@GjJERSl%${3{w{yLhzTll}X;&Oi{I9>ytjA$K6N76KcL<-No*Ogq{
z0%vXw<O=HPX=(`MqkZKc1k#yp*S>=ypwza#OH4*hx%@^0Ip;+jqxu8+s$U@&XNZ(o
z3duX9-7RJvlG4r;gASOX)sr!Jdqby<1}-a~kcD`WX#;Y1D<-0#g4(>8tj?J7b{V@B
zC7#gxa6ar8UKH9X#c>%qawi(@W!Z)@IsqozWDT`N^|}(HPk_Qt9m(kqG%Ty5X{q@%
zL48jJg(XF<26BI$X$+v;(0`n~u_npT6~)YGhePRrqdgm?1eC~WPe!L5Gyd~t&A{l_
zT~#8V1Hj{TrzK5B{E^y}yy`^Pyi&t#%f{yB-~ISFW*wbO7VGU=Zy};7mzVs$<CUuL
z3r@EN?gYulGipby5bdwxj}66!4f*kd>HQ|*l(BDb$~G^On(T5F>Lt4(j3-EhV&6Wm
zD`rBL&jlOl8Se}HKWp#jtn>Dq4NL(8asXr*);XT<v0TRG`~r*x1w9`i_EF>KsAoAy
zI8>!vx^F}w<4BJz3Uo8tVSv3h%o=@U4{LVQO)c?}TKG=R%m$NBrVqTKOGg9npQ<bN
z(COwkzWOxg{d^V5Y~ak95zG0x5`p=)A=Ta*^D~W5JhMAe)eqzAb5Ko>w-3J5z1T~Z
zh+oFd7nH(CbT#<W$_iZCMA*t3>?+YB*dko=5C*AiOk{Zgtw(7D9Vs<a54_|NVSnhX
zIL2#_mA93bJH78q@6zq_Nxt7*bC$rtWR_6}IXH9*wV0PnwI>kO+1c{2CoRP2WaPqw
z87%llUquf7C`9D+&*UfiE1|L_hr^`VPtjLG(bb_DF9NuLnS{dQ1k{J55a~Pf885Ef
zw<t;nHL(bJ<2!SHVQE}mS4@quFwD2$ke+m0_6HoqMQ_ZDTe65DKcC-Z>@z>V_TP#?
zv(d4uj#F%|^`I);bIuTi1rIzEKAoAn++p3oZnTu?ZXJ5{hlCW!J0?~pt9{C*LwFnO
zQ0Cw4cYh|TI<qzbWAM-TiAkuuS@**r^{zwMEydshJo`gpo{6T<tzF8H&FVA3-0mX@
z9AB$KFLjK5S;=YGw$B`LA`ybn+4*zgnJl_y5|~5q?0zPKlIUp>YRFg@S5`?)euz;l
zuBc(KD+=~+P7TC*w!R_}dXZzEI52BuY5VKB<T<{%{0=)rB5Dppb<rlua8`nr<CCZ&
z$udY~l-ug1KCLSq{u*J26mFl?uQkq<>*$_HnSCujR1=6QfI-L_Yx48F1E17_&?hnL
zdYf;);wa)kmHG47f-kT=)OF!&1YT}_h=)Gj!(BPqh)5ZIhZ^l{W7uT75E2^ty*aY~
z=ogtM4q^ULm;0ZY;t+NC2k$$}<O%=NQ%vx6Bw_9uN4RbqM<m%@*6Jeon>FpXm?Sgw
z*B%MfcL5q5S$@(=49BLM33LvYZ5GflZVRH?KQ5knu)w5TQEHNS2P=sg|43ug2)=<U
zyWR~REg2a{gQuM6fy}CY^R8(GcBE8{yonkk1V7*(yF?0DF?vxUN-IPCZ{{wtGFH*8
zz~syhdsx>v;WM_7bNjt$N=x2k;~m}aYR00*eKITAgPXWc(uxo20-IShdP!8rcMql!
zHDI#<@$W?C@(8|lD$t<miz%#)##lx>9!WQM>N^fNp&ZG;0u-l%1a=ZpD!nTSO&j6H
zmfci`h^Q6RX-)Hw`Z)Ut=UnoneBVL+t26?{flMg9^f_DQ4n`Nb66mOew4cmAAjK-V
zDQ*WpnIhF$alNEW^<SY2sGc%NK$9$Z{Y!+4i|6F#AK#pEWw>a76G`Co5UkR(-)3lu
z?ysby5x5Ir(z9Rs7Lg~@K^)IKs6eX-htIImB;aPI)+i=wZbGgI*KCgJYY;6u7o0Rg
zh)8CBv2VidMyz^l9kE%Eb##i)Ky)l>X#(B9%MV#DUhj`tg-a07isL)<B~A$H2Faw0
z7aN&%g|7j>keqben596MTmitE@0B0iyn~9oLDiognEq~Q(e54F*7emp=(26RE0}B2
z-N-36J3597j0nbg<(5A_QpulfR&Yxtrd{=!aE(whATH*iso+Dr$UaQmwGoqVmY#Nv
zXc{5Ptwpg%i_fjar3s_<R&-O$7%dGnMScw*Sn)CVD&lbw_z)|e&ghF6cB{x#mVh7N
z_QHnR*!SbiXOaz-{FSP6C)1e7=vC8WB#@pk|7Co$o4d-y+X4ARL{EU7)!{FVOw(`i
z<#QGGQ~rU?Q`O9dZYK$81yf6T-^aFOk}#Q=&H$Ittv3K&w^8Nq@c<EXlXtl)AOGe*
zCuu@ss{17u-?5i%WhM@8^>Qt2ypqSlC$ozeh6$Bl!%C+6;_*IaoflXf`l+#4kO_@7
zyqD;V)>JZ4?qqc&J`NK;i(CCsNA*<ZXwQkiGZ?KAl3tn24E>k|9{v$NS)z^#DBl&|
zKQW&_KHzevbYIhHOcdD01<$CPQC`n5Mu?OXb_--SCK7pNQ{FV|j5>H_Z>7zdQF7gK
zgMrXiowGshE_^b$5z0Pk8=+plCvNpoGu6drSlntJ+E-<ssn7T9$l#gD@X4iVc5YGg
z$p}v}^UoH&T&?}$R$`aFH#$~pqyx2nGlXm6W$!*~?4`pG?~REoP9CNov#3j?y*1>C
zCSop4lZ*Ec#EZ*wO&?xR!zLW(4rd?>!Q(4d{sX@wf4`$@5+{#Ek*O5X7R0<AoDoGZ
zTT8xkX{>xTEYp33bXgNU<y*SsJ+7Ov@44ImxH{SeJ<;yqwQy8*nG!E2(u_#y=6<#&
z;)ODylWGq}{HRYWvUJ%sm5aaHfxr6Kgv!T%wYGx-P-$n}i~rVxB9osrKW7aaM!-i4
z2HF*vSGX!?s@7Q|Wm{#=9PFIZ%^#3R)VrfP@h;8*K_gW{Vk7w6h5vSd044qr_Oo2>
z!fX`V4+r-R)-Gp0h-^;c5l1y5BMrwS=Po=`+<D9ggl~fMisj?J5hw@YM;>C3na6JS
zyllH3rLxm9908-u>DX&j<NS=W>u$Y`iFw62A|WVk`WjUq!sT<#7ICzjXWj0;!JhY{
zG5v^z$hhA_Fbbj{t1_HU<qc`%Ehb`LwBkN8e~<hPA2;R9y+}qY(N}6@H@b!JKpVA@
zLvho!<&5eXi1Q?3(Or{QW-)i3)yJXu9ygFB(2FTj$6rql{xCb^PX+h+c*NzDF9O^b
z1v6ZH`HRs~e&NAS&S;JPhtZ%=<Uk%Z5+P(*A*3Mg{_y*T%2g+0Qa;4AVk(K);?8`O
z0<F1~T%wC4;(_EFT|g*Je_zv^oK=>ZJ0aa3JO8s1lUwk&6+N@fim+so82V_twH$DR
z{;!G}D^^%f{T9Os({_+<H+x|sOhomv^`dfY4~}jx+>Y=l5qkUT$ILVc$BV#k>Oi-l
z7^k3_u6~?r=4zxR*`$C&Ae<#V2Zs^*3TQ{F-r7Y3@9$dQNAAoL4@jEm>gwHZ?_|}b
zV|vZyA>!|+Pl<2k8@5QZbYs{+5@XngPD+Bw0{dYM12_Nv%5yeZk>3p3U&*{h+h&^C
zP`*A(YNR7=RJr1B#2DkMWo8It&W`9KzoM8*ZbZqE)Q2D$tpK#Rlpl*WBZxOt+Z-qM
z)_O75%vbZ8K68(Zr&%mLr+gN0B48S^k07}f+0C>ESBrE|<eMK)Ce7V~svd+sSrv?h
zyXIQBIHZz8e8(cRG3h%SR<TDA?y7z}sT;yEr%Ar44+chU6A;3(u|t=_aA1@)0U@yg
z<})o#*<63>Gi|4V$ze$%KDp=S+(%Suw&gnoSxM(KwJub7+TUZ0W*GysA5ml2ei$Mm
zv9X`_QFswmh}CMrwz0DB8ew*!f>=3$Mz~$5dPWvLJ4Nf3E=gN?F{sMC$M0jTaMlkM
zRMo=q3)dAVdeosIGa3=AY@a+0Czcgy-t7<dT6p{Q=!p}^(b}2Il;oVK<@3i>JGVa}
z%7RNjaI$hvc8{tG@(zwFK9mb?dPZ##K@2v)qo>+%{p|{<)T|s2Pwg=HSvJCoXAgN>
z07$G4hRL@mqfZ}h-t!6}=cv8*ksnxA*RN9Ug}~>169Hd1_V<6DiV@zu4-DF~Ix3B3
zyjw6_)8o{43}z>Wy_p@p6a4o*D^cuys3FXnIHzlSYEmMDsMR3-ISpI!X0ne6|LyZV
zGi~;BTIVYm^EqL?KGi}z!qD`h7c_`p-xH<buH_dzrCfqn#5*;jg-$;UdNy+u?Gj+O
z$o6;G%aJsXT$*M^&8cUHFG9fNR}yXg#rb>ra?d+$z*F;v=gcqh)$}7Fg|zY95tBq$
zHR`nMy(+~9*R#gDdP3-*YoAL8-=dQ#+ai@buQbYACL9d5!~5L{{Z9JXXvvI_h9f5M
zaJAxeb8L4tS)UVn!#j;y1Wmvl6WA8rc2dTngE;{70ll4p<EK@2X2MT<R7hR);}7k6
zj&6^*k?&Kc(=w<X!|aF9-<FFWbm40se{kBGiJJZ6iQrix+;mDrf{ZP3dG86S5*ehH
zMs4lPorWzM*K?5c(IM7iFXxYo*#vmRZ4L0WXm|apdg$yP<HR|V&qk(ZGO}jyHjKck
zicr^E-iLG=SRcCN4P<$fBY0`%z=aTKGF!T$pWswJd2nDp91DWE;{#UU{7NJPZ}Y!@
z$fS0bEfK{QcoqbIjrX60(~Zle!gb@n$Cbf8YC9@&=;b5K<&#{Y$;GL3ULIe3M3k6C
zLtL`WSv|{fip%BoV{hF@RjKB*cAs8}nm<(-@O?y!7)o~cMj&`7i*w&Vix4sZ!I6<f
zR2$9-+?UYt1mKw1V|TS?Qqp}oKH!`m!%IOcb|Z>7h)z<Ahwg-=tMA`yUuQ+t1al``
z*fRzK)a}BF8AVhpIQLrPQr}+GVpE+CIM*lBsA=n;kCp7E&rPAJ61WB}Br0=I3;BjD
zB({|zmUI3?GlU#Uon!1<WrQ5HePa##(AKbP?BZUD!z>wEcq?G=W=z{`P-72YqEz2)
zaM#;d^Sc5eb=j106qfqU=LoGf!tO@`^Fi)Ae6V#}ES9=v$cT(0eJ>NcnH`1b-<R>$
z`hG&b9;RNxoic{Y5kkIOydV@(zQ>Qo6eCL13+;^ACpzk^FK?3a1(e*(C-~qyeeov5
zimC$_`6jXrXaeq-ffdSnOzqQbwp{7)=l)irE7xX8GOj;Xt}bbKj*y+PzgEjy0WDwc
zbl7G32Yb+jc}%vu58?1;NHGh1Q!myPzr}#3mqSr+W6RaO6q$+|HnHQL;;7FtNXVRn
zB8-Vp8#wn7ExgR=B*qNm;&QRN%lYoDGUN;#{`Irw*sO&ZivDg55fp}AI>n0|;XH>V
z*AS0~qkzQf;161p7CCZO9^RAR7y0uFn<-@)2Yt|IA9yAHtSJiPX|r6C=6781f=|~_
zlOha;l)i0_6qCxS$tcSNhtoVYVpwrL{5739XKzU2B2qhNkL>~ftDv57n^i=dsmVee
z@FrUKCbBtFj6m=vvbq#IvF7yoV{UR!$Y4(gZtz2eJLdqBW{>?0YQ=ppVn;9&f;sIN
z3{GhxT0SoA5BEd0=D!Oq?T@)9vioaoGM53%cuyqS0fC}sn-evY=YR-jXjaqw(qI*`
zFlrT##AKKiohYWRRFb=6hu>dYC(LCh&4W+6KkP^^Teg;CX>~A(+J~{5wK{s|3SgUi
zLhUAsc8*Rnk88+XVE-{_>lqmnY@|L|06JYbtT%uSrVP{8`6r1YNAS9EAsk`qi#k0F
zJG|l8PD4dr$E%W&j4Nv3xi}-TF*wD4#<71x65`tB(}h^S06)jdTBgv|o_Yaj`#6Ui
zsM3%HDgf}RKQIqip=97VlwEj-PT}U$V%qtOA)C-EDOYxuGot3xD{WbbvmmXck2HuT
z6y6|3N$;EF>+ZowtRT(eD$^pXZ+g+l9gps(`ST7WD9Ku9J_T=GBcW~xx9!Dx)V;>c
z5s8y=`iNNkY&k;xNX|LAALLcW<s)V`L&h-^;t`QR&f$OYgYwj(bLI`9Q)8?w55|j`
za&xIe{FzPEjQ?5ICg^np)syVwzxNvs@WqIK`;xBBdptA?JCt-E0NV7Y%Bc3Je8p#0
zcs9;rzLyg<mHiHC2`YE84Jz+IXny}$*ZiK+5pH+w`lsx*g*5%Ho`vL1DN^Y<h4j7X
zHHh(_${wB<Ur6Zw*vYqicK^u<vV8{0=l5T>L36%P1|xKge}DDAJR39oeB}vbMQ8~B
zHtfTxt%#nQkSa)Yt$Mr*sxVq7vHJ>+phqp`(_rU(pIA7rpC#5xomYKQm7?Z~vo;F+
z3eF|qPJLrs88sN<lHr+Gtt><=AX0j~pk#7U!3!?4O1Q|=B`}F8MosB>{uLq0W`E%b
z$ztK);^Up0>C8g>D+Ts#ceX;0p4o(c)_wx|)1?qPC*b&scv9mRH-%c^`+Ir0CYt9O
zgynF;7M&+2CzXk<yk<AMvhU+2l(MH;iR-);H=oJKwQJb9ay%DQYpW5B+1NxwW0-#P
zk{qrnN#r;Y`%6r~IB05&rMj57c%ub$*<X<2eQa3xW@--(;Y;S>R$SclTN^8$WdPf$
z``L`{Wig68VuB|<`f9h9^@;tFuJnxUt?qneBznBLADs5^x~C`o-$c+1|1N9_v85)E
zPfiAj&d&U!M(Zv14elA3^aw06y$a%aP<Hsx5NBmIro!W&QZ&%UNB$mYZ^cVqz4gjL
z?0<hX?U9nT;uIY*KbB3n>debrGK-34X>DU>)3*Th=Try#3C}_4T$I{@#ir{^|MBo~
z6*w%Y+E&v=+zCxie)r>^{8Jkhspp-|Ekm~Ga`cmq%<gr1^7Jhy0s^t$E?i{ca$mJX
z^Lw8il&JliljZHkQ?hFZr5jpV-H4#2oZDSEPR2Y+q+Tl4{8dL=%eT339N-FyMale!
zRAU9)h}~R^uzs_!BKr*x^1xQd>{8ka^2F?QOUw*i#<9GC*Ix&kIzj1vN~0e|fe50&
zY-vaXZ3v<R&%Zjw3Bh$_?23JF4g<Nh_G|}&k&-hP%c_M%PbLYA)6H71_Bi`lqogDw
zY?HRN_6QPeB4=+n9Uc9ppe8A4edPdy&|<&r(F%~n9uq+HfL1bc$(K82bI!cQDhFjH
z?Tb(^uAiuSD37o%1HDkbG*Jra&I_RUbu6~w+@JB_On?Q6qfPMv$Lk3vm!s)pmJWvE
z<*dv1q+GKVd`FT-zhjlrYkGLA@3w@^vTlEf97#ItKYg(wrD%^YVCrzwK{s>B!}*d)
z^u@&}*XY8dNnq&eNTb7qLfx*WS!DI(M9Pe8*XP5Q&W9+*bPn}By%9o{64KxM9M4EF
zz-JPekPcDeULDY;J2R$<b}^|V@<q{whHFW!wgOj9#&`@!vX%1BgRR?;O4)9@N&Jjk
zV`7~FMWG@E%u{UImptcrd;#OB52roAkbov^S!9}KbQ&o5z4<3^5=3FDO_6migsl$u
z!rhS38JT8GweNk5ORd2sz5g;D6oVCkOYP&%ZXRfD&H-9Av+&wXj&;Hr%Kq!yt>dxD
z7mZbiM@_*m9*n?hYWMkR8U0xqN6e_<x6r&6EUVGZ*-(#9VYm7VH}DF?Kj-bExQeLP
zWeamKVw_WO!bVVF`H8TYL-*Q%9L#Nw)4pO+YGz=Sg0OG@OO1oIX>9$D&fJ|FZ_f8n
zx{`1yjJ9YjGzKS{fWBYTp@~)_t<<cPa)vdt1mixa73wqK#nfplL2OmjQ!35GWSy=a
z0>nk*z@{kJW%g+3DJ>9^gSBFChVcosu78uXw8W}c5%25_)eal_=DiXN7HgbOC0SkN
zTURoTJdo%z-IL(c*D$b7S!|NDG|uBx%Eu;j{B7W;>}ofqBP!)#(Wg7{Ppom@t-k*H
zYx=ru`M7&SSoeUlln^c2wWm!{*1L~?tM1#uA8%bxQTwb4_vI6V*+{?1gge26&&6BC
z^_F=-W{bW)n1vdc&`OxGi0@EJ0{2O`G3J)o*P>~zea3ekX|6Amg6Cb8U-BTi<xYop
zEDINe1^C7>YNd!+bVy@@1zakNk0dH3SVhx(h**nAM4n_DI$%oLbFs2+>o8>c(r)K>
zn!UXSlEI6b!U5p+0KD}OINWEke_fimDuDV(8d|``%b%T6P-mv+s<>prRN%)~Z#i~T
z(ekx3Rng9;`BW@r39}%y$lfHqD=GagMfdXMmfe_EP?k}v{TRodVuG*W9NVhkY%kWW
zFMXy9bEf^+B2Rj{|9#vH_So1=@`Sv?xW#G<O+#qJ*NM{9lT{SM=`s4f&Q|dZmDN&*
zHd%Q_^(vU97SEn$16f^4psFZPLBOet*0Nwve4L~!l|C)i_^eqWOY^Hl6JFJlqy3?q
z1@cxLrnrd{0$O=SwNYDb;V0t=%vo{CPfq$Js|}%6!I_;epeNYQ?!ct^z1#fK)s01Z
zlW>NGMNH5>X5~Z<zMSF4Zd7w|ZRJE?IOcRXVQ22TEVu?wZG*TmqI+636rX9AG_&-D
zbg6^5v5b`ujg}ig%P&L1pqRl`ZHufsw&@p@VDYjePw4y_iH#VEeUnW7!9An0y0XgF
zB*gVAhHnUQ(1+8Hv@f{wCOl#vD&V(t83ytms-tH9rNg--7+Q7NQMzaS+pq4wup_3c
zOSNRevR?jOO^eKyM)80)=CygJ)`5`$cEdDZbe9EyeqtA``zkDuiY++gkS?ZE)G&Q@
zIiEN<$I9HQFWg|N>;dlp<17#6Hnv<r!*{DKZ64V*C|PQ}yu#D2L8UeaeF~UwOam?V
zT4kj@X<C4PQ?2&rMx{N5i>obsU7Zm)^5fx9!CzN$9qh`>%T`^fa2X0vHwEJ&h<|Ba
zQ+#}eUEGB*<JaH&^wj5)R9!DdK4wPu-Zq6SH3@Jsv_!eqAQA7~cfzewcCwYlnTu7s
zmEP(d)Vw@QX+i?J)w6^>reC#%L=<IldCNNe!_%KLru?UyG?;h%5o_^F^>Czh@aP;*
zL2kC@1j0#LLs`6D!m%zalMRjY(!}`;z6!&iu0&C&*E6o1p1=MRKj78k+-Pn@qy^l{
zW9Ryz{9{uiwj*qnUS0m<10F_9r@3Kfbf`Hd_9R!9KsyceS8d|~4SS{2IDBSwV5z6s
zQkDzt+5&XN`PMhCEGyWb@<tr+tWR28yi+2WK(^!XuU_v&jFJF_{x-|)xP{7$p`vFM
zaB<obC<*~aI~0~pOYA;Vg2%yp5P+foJf(igl-&vyXDQQ?*uY2<quy?g8ql&-mSTt*
zk+YOn4T0vNn<WW7gNlSZ(Wj+NTb8r*locB3R;!38;rLUg9Oip^r&|U=2sTsAriM@{
zOq&9hQ#uv@Ym+e5Q6YWlX`pjC%soa`8|ty0iJrJEFFzVGvl8-WC6`|kWDm6tYh*^7
zw;RoM5oMnU{ezgMWU8z*y&05j)Uqd|nifCJQ_g-T);WSN&|ZoTZLcP8JnG{(mR+Xs
zt{6=v_Dq#Sem1Ek^z_$?NK}hRNQ*9o$wJ|NK|re!7w?bvM6GcmZYV=Fl_P?!PDSk2
zNms38`5N>YZMpR;DUR<qIOe&vrH=Tlf;R!mBid_~HovrS{fW&$7tkvG`JITZx|sJO
z;&T??j>aEX&+UXc<dc85`+^+CKE*6s3BTa2SJ}w6zTsmey!a%&iPn9mjwf4PTVhcD
z>jvD|lXRs^qgG^)u~L_Z=fsk~yW`Au3lIRUy1^e5@4U~ZmZ6Yo-Lk14tD2U=7g+y7
zE+5BIPNi;l=Uq<dbU|^W5|?lb5G9klux&6hDHPt~7_kdnj~}Xj(Q6fC9&D_lhgURa
z(*yslihi=Pk2QpBvihwr67wXi>F;Q@_VBbfK9FfH1@f?uYKwIk5i0Cl0VDPR(@XLA
zwk&nSMVX&AV4Z5Mwd^&0Rs1>Lo*Xd??ygjJP7A8m#Cp0$-{dT**{ee$NI#X>*QJ>N
zQ3A$s1TzQ<Lvt5hL!mpGT7zFV-=(|T<!?aR$hf1)N4)4roEI=)Iy~oNR_|969|<%z
z=hVrQ%*kRfpcaI14O6|RY=%DZ6?NYn3@8YnxU4WETbmgcX3lNM<9fGnrwl-XRfpq-
z4`l9ICISraCUwDX8SzuHGk*c|$v3Z**+ep723AlkJISXwr9%h6#Zn_{qn5O(oTdA-
z+Axid)-Y{<tJs>(C+{zV|IJJ^Z~)IzyNgxHZdOpGL>I7M^LsrS=n?-RKt>Q6iqW~E
zz0@Bsg;4XD9+Ibobf-mQp-Iy~ee~s49yp$cyg?HCri}Dmo64h_X5XBKXi8d@ePgES
zro=hidR-%`p%EKq01ZKBxJ{9Ty#G~FvG9+Qwx7$Y^0)Zt7;omP_P=z`WVuag$mPsQ
z9Y`{;De}H#B&KNq2vbr?eoe)J%kfZ=MCU=VQ443Gn<b}ltDM%nyQk8(*eXRE!z}e!
zs}=NlPaBilA_*jS!J!Uqj_E#htyqhy)bAiF!3&7e_R9%U8sJ=;?)v3qd>pv<0ttpg
ze^JYFY39s2Fovtb^smCqH80y0dw+^rN2In^2aFl~B*(5;uxiw$tU}qEViIS|t30j=
z2KTmfp_mF<V{-L0NF?S;m{bW$3<|ttezDCV>gGoZbNf+*S}wP8s_{vs&A#(%RX3I9
zQf0_%>X-Y{hLLJabOlp;hU78joQ8!eY$gp_{=fNWzfJehyyeO28ObVhN6z4n+odiD
z_0ld(H3y2rx05Un8ta%$c@8+58+47rBx1J{Cj?IAemW+D7pj00$r64;l<Sr|sy)Po
zZaksx21z6vnj~h1#LFA-OkJ8ThlX*921@Z?@gi}BB7GN-n*<`W=01|Wu?zSY@msi|
zKV#dJ?7I9S-fG{ysN7C8KTz!!9Ox4qc)Yz4N5A<*LdS$2;)Lc91Z$W~vZ_JfT*b=o
zU&+tyxyH{@p)7kq!t2+1+m2OLo54&5$DaTPz-?5zXjjj3F}zwfVeHG3kwg=3B8ERO
zQX#9POCZ;V)mC2+AeuH0^k@`oi?Th<;z6FX|6zNY!h;-Xj|n|X;fVWlCm=rP4stZo
zEYgFowLK+o1+-;7l9=AQuRC%!61te>baqetvGxk7E;7!k%9p*E?dO#w_|#<h!+To*
z1c3l9<>zT07HFWTRib;02VicGa%rR<gNgrDp*w$VkHt?3)RJw`4G+WX)3sW25cun7
zf8*Vmog8&~Oq)RGcIiK_zE1`*s@>@q$Joo2YWaLt-5N1773o_G`ea@vkwy97%6DSJ
zqf%1T(>yS`N43<UT1<Z@sh5eyXHfZz3dj_xw^B++E9O5h$Au{p`V#aBP(l2938P8C
zNqa75MPF=qevbKi`A-j+LozWSB_OK#w6&uy^0YJeyUtLpMy&;4+5#{#V3EkRY5~+Q
z(Wzq#s~j5U3~H^a%O`$uMmtq(K8dzC3(VW}&w~qW#ceP9kmJ^W{rl^{-zY;|wqE6m
zN5QNv2K*jnS--qZo&d(pDbu(=IELBSt30&s_k+=8Kw716Jp*;ij{QpfjASt4nZ?ES
z6l}&h_eq8N@ic4~T~!QZmBPO(rBXmAj+VHU&P#kg&x$nA?GHi7EY#N`CbiRj9rrJG
z{>eF7l-iPE5@A8!Gl09n{dZmd->CGCrBs*l${tI3KI&8l>5Kga>FZo4WuIE2F-qwe
z+p6=udAA}%u09-z*uOgfflK&%0xn@BIt~=(G;_mPuhTbWbje73Xr_msP5d{dHb|BL
zGCUmQJ!~Iu{^E+0^m4}Mi@AO$Nug|oT_*q#oy2z`7PLQ%cGEOhB0~3UZ&K+<S|ESJ
z0{}YnKNV(46=}<<L-gEkQu$@lC1t3#C}o1!dQ?5mRyMvh1#Jl@=Vz<dJl}(wT9jxc
zX;C1&v`OrANzhY#RLH&}m9P>n(@Q)`>gUjOYx}F73kPRftS1^*2(Mc3P@uDKYoq-~
zpVlbbs>=?aIUJ_5hmErpI$A6`8UTd%+t4BB9#MUr5><^HRmc5<pOi?3dO?nA?^S}?
z`Q;-G=#qx>o~+GT=7+7!{>IKZUPkJd>(u>0!@Hglzcnl`cN5k=crQw3)v$fDUa<Gd
zUf*K8OKD!BF|1!@YWd618V>B5`{SSTIble!6+{c^$cjK1F1tnH)WK;!e<pa2-HZ3V
zEYS^aitDG5SajZ$$Qq7d3%$Gb_1PUT?;il_bzNRDsD>*vL*n%2tv~#tGx%O3ha@hD
z{UVs$(WDDKxio6coB9`sDU=iGLE}H4G&sFK(UeyG*(x6)?=Eb4MYx{Y)JrCm@7?Uw
zp?5jSCAS!~C)-A{yGoA2KYDfKMj`4Byk5ot{jnrGo1W<>K57jsoL1s3zkl3%cV)lP
z(=#ovM4I?;T*ny?)6IR2O>!NG3o~D#45ZAH{NSl=tL5gZ|3R~cYv6a*rky?4j;om7
z+C7E?^XWLoj?TVEix7n@9Q18|{_A2FbS^=hS;1?Lu_Y-IfAq|{b$%J6%uR;7lrN&I
zSuPb^1BM6oUCevoN^fd$O#F-S@Zaz0zv=X`!q>AFH3Z-q*d>bSor>H14&OX`)C>tx
zdS_dpVW98f3i(BQ^vw_%OnYP+?NOI^Q*Vg8Vu(B)ZS30)&eCcS(!E5+SnTgr_?g{>
zkYHyBNb5u)vyGN<Xo!<Zr~}p+0?zoZV<0<`#(l~894RTRq@?qf2|vj9y=f;8nYNL%
z`9NH6ks}zdomk&Jp=LG-bv*xUTtj)z4{D=h<%%Uke$%mFhngDx?dLxr0OU~l;g=9h
zou9GpesWV+a7Vj!g^&1}`eEJp{{i$s3%}wsY_UY0Oe>anp>X(D*V#;J#5(PN@4{?6
zL%oj{qJfo*cBSnReYmsJjKT(|MiW+_sm3}SZCe7J-(w$2*H+&LgxH7Di}Oz!aZ)eN
zl-eLuZ>lxW1d7`$G-G>r!q)C&Ue?n@k(a3^o|pAp=uY^pJHg#GA4|P;I?!R3Y`TmP
zqfd&{4luCJ>3}<#peKuNNWy7|4dr2LPp=Jo?cLBD$%LlK1osECY#oKc;=i+$>2cI!
zJ;U$qWANfE{J5fyRU!nI;IUIrUqeY#k_n$A3nks2OxT<(gIo@0C}&<W;a0Lx&elB$
zZ}t$%DT$JeyrrD&_NgFu*(^&bKiXG7DSwdV9*kN0n6h8%Y;#?>kIk~V@$2ht7xU-r
zv2^rg5$Mis2a8rrv#ZTjl`m7Ot3BV-uhM?5ZigIzAMauxsp`())%jb`V555-)q^my
z2f>SXuipHV(XH<2LD<%V(2#eltb@^^{@#O-(?fKqlAM*Y9~GL<dGij{>`0#}L9<Jk
z9q9oMz&lcJo)gMDP{37YwpHo>?DwqnW({P2EIT(=SB;G)rK{!))4+UVf)*SQ5oEcZ
zgi<|41lg@8A+aaHn}Zn<<S#u5hk6SAkYqGFK@~xcI3S!?!(N2?y?6w<K!8m<U=7_D
zZ7eW!->j%L<>H0K1T{S<#OvCN(6N^gZ*DI_S}z_~Nb!Pu6MTCM@ir^*HWwmZ*@Hs7
zk9rdZ_2%Lo5@7WXS^@5rg5s4^d(X1Ccx7UOev{(O=}nl~TZnhMH{n=sf_Ih_uSp+5
z!#+a1a%$g}MbHv&yA*GHAHwH-xOjC1SoT4y_F8T!5P!F{c7c`Dz`|oH*FGfTS1%sF
z8gZ)xa;lVVM!~ddb71(5qL#|3HIJz>>W~;1uI@uv*+<MI{L+W;b00C2@T3pnK_7xQ
z$1w(ojrtN^>}$*<aH`+Wk)GxIIUbV&Z^n3?kR1B=CA`<yKJ=X4moTlbm=q}e7GV=7
zYDl_U(ahqKM#OkkIV|Y7`Vk!c>~w1NBRtoSw~dr=eLq6merm4cm};G4p1bN=#dvi(
zET$Xg_b1HlFXuXbRU-WAS**wyuhmkVANvz_^|y=jcYnfP{Y9|`3?TRpkW(0E6#HCW
zteBXPKaPkHr00i(P9F;Ie)vPet`9{B(&HmS`;U0&Us8DaUq2#be<Zwo?ZJdfgM}VS
z1}>Gdd-*qx2t8apn6Pj#4?!GrEyvUANC9tOb*_xqQ%5+*AF&-s6w?&ul*U~9l*R_j
z#cwMLV``Qy5ZRmcFM&vlx#~8uQW{v>7_XpgIho*IS77QvL1%O5xENP#wuqY#3?}Ru
zOmN;@TgW9z9C`R$HP2sK151c;jZm!4*jYK63<N$`tYqqCS>1^-L5DeJn}Gmz9LNJ2
z0vkebelI{TzExl{;b+CYF6W*U<9e*PU&~ie?z=9}RV(KldSFaY`cdJ#qK6P#4H3R;
z(h$ODLkQj+%<x?_l<;VX&>2Zavk|m>*U+OvXL=7M^c>24*AoFY>8Rye>H7k%wT;?h
zn#0BWC?@FTV?w-%LkXV`72@q1O89;#!8=EaS92Jl$}k~b8?`;tB4~+M;+PO`=rF?I
zVO+dq0ao*v<ytTQP{6egR+~M;%V=Q3Vk(b2R=~ANAg4+d;abltYMGo`dQ6q`$ApKN
zJB*M%Ot{uv!w6Z!gloM#jPU0$KDa0&9GBn61fP$UYrQ#7>etPA9zJMZjMoc43l1-Q
zOsM;@-3PV*n2_|b@IhNYCVc#{bglOk%^WUiMvPaAq|<6Rq2+Kpo%e<l`VHr8BPGlp
zPDmZDT&p%;wvJ3G*Sa9aYva$twRTG(bV-q})j3~^AXBPXi(<UIjtg-{r4T+%v5WI{
z3SnuAD3;HsgaawkwfZRbfn_zYr7<B*f03iRQG^+zglqK~O?Wm+xYl{23DZXtyg82H
zS_8%q{Kg2^`q~&m{V_rhB?FgA*<I`W<3bNNjv=fc!(D5G`Ic+ldAxvYZ6^hunlZxp
z`|%<iW%7KRYi;?R<yu33$%m1lFaq}4Tx+wv|KeH)s;0={)%JCa*ZaRnj}y7c)3yFr
zK?j!8z?R3jR{SDd>)A1clVb?Z&o&j|T9?jO<3f(SGRF0fL=GKGC_a|pOx;}AOsU~(
zw<+E-r5+?%6%+LGuXbPCW-K9^)B9t7k-qkx5@!GxXLXG0?O$cd4{ouSoO=tu3^j=0
z(C1@9cmHaiNE|wrFnFw(NR+^&Ql1lubH@_W$Et<<a*BF3r~V|SWY`Hi^<85LS!2b*
zeK|!vr<}EL|JPW;9|pw)mhC_l55}x)n-Z^_kc;?+e|{xHO+A;_z@Bdtbozww&;Fki
zygwKIxy|Q<H+TjIGyL;UpA&X`F6=^*(QE`Q|Gephu#2kW2$jci{~Rm84xF(3^V9tW
z{Bt)|f@Ch<D{X=spS0IW)Hp)xaiYd0u+xT?zs3iQBfLLO)p&nZ<Efl_r#2-f<fH!O
zI6~SuQRDqpjc1g%YJB@R!d8<aGu{(Xi^!bf$8AciKgqy&eP0?!xWFOxV@E7N2g1WO
zuu*Nos-EKYe#8Oq@dWpHUe)0m==u={BE}P*A5Z4JP!iK^V7h9X_d+F2AS6tXNQ;j;
zFl_?i;|b;+M@CamS8Wu_Sx#yb^wTNP)C(sP=1mk$eQ_e;<V1ou2Q!+w!z4oDB+=B<
zRozZ6q^TF45=}jA5+QXGZ|W5S?AudTQ~&p1fk@%(LP;%^i?_IKQ18=1ye*Rm8z%|z
z9!w(Kn8b%7QoI3Q5Z?Ymh$qQtHiDLT%}xvPj($Nn@&y;~rT|MiZHf1Aa{=+(>U=>q
z7caAI5S<a?<$Xc8^Mw$v@nk}s$pr6gDc+jNgk_V3cy6^f-y&#<mm|dsoI>!Q!o@2q
z!0w#3;;ijk3W)c<q83|01KZFxXrUCZ(G<dqQ-pXQO(DEDg*R>mA>N58grif0c<(Fm
z-Y-PFk!OT>l~V~7Q@MC40xa!}ReM!-7O>-~>L5ZY7jJXh%DHC>#90!^sZvG6SvM55
z@QNDP>9$o`o)zIj>r_HSs))1RPbIvYD&nl^sf1~%+(IgfC}vA4VN<GFV%HX{`&K#C
zb8Wq*ORDEn31?I7L5O22fu{0$l+=1oB~+hE@^YwBi)BrwaB4Yiy*8dzFRyZT#T2_t
z4)9xBFFGgKZA>GqPqVW-oklpB#)Cx3uF-VDlQfd^+T|Ck^-oUikG3H%pBItO<gW<h
zz7mnopI;G9e<dQHAu|a5XYjzTqKJG>%^>_dLqtAxW)iB-6q+F!xKzp>`OG>eG$VB;
zVe(8K`MkN<ihMSoD-ikgU2Gdvo<CPa<TGHgE%KSQ$%=de&liF5@(;GiXW$P-M?OXn
zT1u5lrc@Amv8~tG^9)|RL9B+@IFqn`rU*WZ&mx@Ug*9S{QK~^xD`{YVwe{L?Ud9rk
z>pi2WFBEhZhyJ^*>*je82)&g~=#@@zK3i8r6t!cqT3q4CSK7MD|0Y@evfgumx<|2+
zsru?PY}=szzuAMP`RRnYocE)}MFvg2OVn<!${N_UwywE~dxwplK~p6K9m}E1#)dxn
z&ECoGODF6}7hSjnCYAE+!mp<juBNLlyuPBI!l^fjEg6$zryewiP;8Fq!s{#Qsg<oR
zyzv}D!#QfVV>YMLCALKGoP2>&yCq8Nt7u?DVuR>{aIoFy5IWBh4tD+=!k2Rh-W<$u
zu%UAa{&R&HNiv$9pymH_gc%K)OZaFmcd-2g*qt1kgWa9a!SXg9qUbi|;th)pO5)=2
zc3n7^Fncb+n}0DH**TAZc?9ROB_53|c7qw)d##$~6hDr2jk+LPdCg|eX@~|()w&vo
zz7`u)@uH}nx8@Og%@ftLY#w3mJnqP3^^}`W2%RsgN0QNO1g+|Mc0p9n$oYif^Lh0|
z3b3GyR`vKDDA513Q*?8=csF8wQZCxnWbu5$!udi8C9rNw<yXRe^9g(AD_=iAQ4g=G
zf#t@Ae{)fcd9TkWT%9jn#5n6j83(){>pF2!*6E_}JT2!(1)a*FAI1h$xm2Ljlt83X
zg>;%_4?A#5QOn}g9>ta)%Bj^k?0`4V34Q6X!;CObsZ#TNM<rkLl#T&pp3)KJ{zs9_
z<s_fPHd}B>lshPcP%MLw^=Sy8Et3>wN<9WpAugoE?+h$t2+%l#&@h8Q6^8)5G6<dd
zpXY}FM=}U|_@5?2fJO@l&o3Z2y_e;C48T1Y?(oX)@T#J=>n~FpTulS39OsqzyKu4T
z3kWkfi4$v!*if`_nQGJO8d#$^*Jr=WruzGcr}{ru2lit*^z^u(3V#Uo|78K;=mMes
zAqxpU3whX3U8w)0g@n-yh5A2M7YRHr<OYDJzYF!hwvcdTAy@xm;_zAVKP>f6-ccYr
ztga63rE>8y;)1fIc)^PZfs2HAiHiu4i+F4;#XGQw@WUb@UUhZo%_3-tH}?-AUaiH1
z=N5DEUKL<#|FDABTHh5AZ?d8mSc8ZDaY5bx6yhZ;CbV5F#GAU9Fn%$?n}ZqR-Cj(%
zwpfTaS&28f5b>J)Da32Kgz(xDE?$NJi~ZB8y*j%JIFE1D3BOn_-q&%JSN&PQ4keIN
zrHTk%ORi9n8mG2Dt_uAn;=Vph2)&kw;C0dx!h|Ivc-^pskhz3MYBfascYO)rpCxLN
zu-*#k24qSFGKb>4+Di^qml7&3wMUjwO9`!)ihySKQo{R7<s@N4MKka@4eUsq*Ahvm
z&2mEYayy+t%LxOQ^R{_TO1PZx)p8Y~#;S5R<<x$O3psmPM5v#vCVaSBM5vcn6V9#{
z5$b=}5C*Q{eb;j$LcO|%@Xs0%p_a}h6w4INFB!O0D&PHAm*v1TlaQLpBh>yYtO&K!
z<pL3E>Iz$gnsT{_cysm&TZB4rn-!t1%a390<9xi^7NOSJ^FQY1xQ~5(h1wZgQv=J6
z^Llbwjw6hgk5a7^<=OJb;=Ee_T_A+rlu6i_DO&u6wS?1|vVU5kXf@@`PQ-Z)`CB@@
ztc{)_>_!DWfJ2{(b8Yxr_}A?l2%9$$oa;9h5yIxIP;+S<`AnSawnV<SfpCi>fBJ2a
z6M=UXZ<$gt?b*1X7XR2|+BzEvwKfu*HC7fG)4se?O}=q)&c(R~{v%6XXR~L|9H*dB
zO9S(Z4?XgaJ)G#Uk<f0V2qz>ksg!3pF?=K8zZ+Fd+fz}m%c<9jFInM=o%+I!gp7?M
zrtPVyH?3vGw0kxZe%h#F+7wPFI=)2XEBRvD(JNKZ#sS`n4?1y0_}%Lp3IA*qez(rI
zgv#IYpskkhyGy<$%>7mvo+P8$2wHx3!xdq8&P@b;6ZgBb1lZmymf!t*Z-JP0iK3g!
z#rscuP>ri1rmeS$P-7Fpn}0DH`O8g&DVqq+Use_!)Ba)AY;6tfop@LKtFo0(Zu9Ka
zd#zGSYaIG`e9*nCqI&LaBHY>}s;A**LaogNZw_Wu&#KLYC7VU{NHUs@pjACTUlrBk
zzlGqtg;&o|0ruBbt9r&AEYK~DR&+DCc)!N`Bwn+t$%|VE^|lBll)$<zm0t-vY$3GU
zqGH;4ih4Guej+}6_%#vR4c|ie?-uDZzFnnkp^gT2KHjzBnygdD51y8DLqRv?&==wZ
z9$YKXmr5W~sUl)pU7dU!z^Pq~FCTqf#<V=gifMIqkeuhMnAQNw7t@wfBr`b4-{YHo
zbX}Bt;TA%MQEpz6YU-4EHV1qf@BhQ~0wt-Yj&D|5U7*@!Nq8;3wnl9dZKQ!kCAe;0
zm$i86XZwiWI2F28ZDtjzc&Sob6DaY9*lA~Mg&Ve27D%RA+qS}qU3XjaZGq$U;M}H6
zg$v|}Yd-vjd`4~y;ioO~=tkg=YFxnquf{iDDgm!=A^f8hW#Mi$_-U+xwT|`q<A(6~
zO|}vmZzVYEA1-o_ec63#G{n(giub9UE6_jQN*K)1-#k(z`YDB;&C$Kv`1F$Ko3|1+
zaP*QzqgURqwn4tcU1b}ug%Uk)E8!MLk3Uk_`7Of->^dYHOs13%xEmXKB3Jl;R@(?I
zw~;_ve?%h5ltMZiAL@HkAicMZ(2pazR*0jMb^8LfZ<-e_Pt6`-#2;K1*LMP--CIEP
zO%aoaX)KY0!M%HmZI@n6aeySCFEHdL%l85aT+77Q^!I_uCMEVFT=I<Ok>NnrO%YOM
z*xoQ1>~Slz>$1R@`xbEWro03iF1hct-f0J1x0u>rTEv?x`)644lrzEE3vlm{oACbw
zxYFiWFwF%_eYoBgI~g9l1-x}D-|-vsB5L*mTtCdSa7S3Uv*%m53vSu3>Q<P$#q!4|
zSIkSb#nUmX(*XWCP@E+Dr4Qh^U7*d>i!V+tQl)T>b#P2g9Wh<kSVz~?nIop_^-952
zbAi>aRc_nb)oge7iwmrV4ellWw7hLSW&ZgBtF}M7ZSBb~ytae8i8Yh)HWH&3S|q-`
z{l9Nrb)8ydRp+7GsybILwyN{i?IN1us+gEs-Uq06r?46mIPs1Va6c=hu?}9t;SR4{
zw@xJnm-kYut`hDD9+}o@E4Yg<wbfQFF%K~A4$Jr6l)=W>v>LAs0;+VEQyg4|1$V5s
ztq+P1X?=h#w)|7eEICf)m&3To?}F`mBNwf(>g&lJRbR(fSoIZtw@~#fC3?`FeSq$F
z|9{t3<5iZFpWYQxZnoD}(^a<Gnj?C-)pzs1k;m0|5D>gsd_SJ=`(W{%*X0PH%GuSn
zBO=%C%9n=VN)o+f6gQT8DmrrYTw~M!d-<d^qNjegYiwM-)?0Pi`kr!Ku5YdEWGnlh
zEmrmrEBoFyoBy-2>u<M=ebv1J#vW(;e6Zl>K3SG8{9Sw=1i04xVC6ry<^T4hl^=TF
zG8eeI{A7KpbKk-kFZ$pW=NyQ*&k(|g-`pT&=gh5lu#HsV_Upd8$L3c@@3l&`@P2_(
zEwFw5zTjtlpC!_1yGXLb=OTIK{hLUxEE}DQc{VzyY;@xOosQ3bi_SZCIx+;{bY@99
z<BF`Jwfn6q3N9z6q_^f-4)fIm7QMgo{?+Gh5#Ud3Bu?5$)Ozr5BwYOuSuGLupg>DZ
zvVDH1;ODi6tQ%QIKd{OVx8tx)8x|h1z*gA7T!XSL`uhve51x6<{Cxg_RlqIBtOEKy
z{MR~~EA9)b@X$J#wdsUK;(w!~hI0_Wd?Sr(y~A6WdndL8%4<nq3Dv~4-oBB^k6!||
zZzH5`BXO;_Z{$$p>f{}SNjpefMeP@9T%8=Xi%@bGiMyoz&CHK~BsBez;Crkxzyi!n
z_a4IT-6U?@4m30W+(%frkHlTl#UhOhkrx~!q#Y!2mvoSsIq(qSl|v-%k`6XAH)In&
z%O-J`bcji_!g0dHpGn*$9cpHFIZenpMdB{$5|PFg&)t3_g#Sk3F6ppH<2L7t7YWxd
zkhn{_q{*nw?}VnmlekN|lwkA+;S$d@?vgHTX72loF!e7IcS)BqGwc0Bc=k7myQIsS
zj9$A+sC89d8(q$16n2g9_^P}%x_qQ@ZFI-$gx9ajYoo(W$XPcC!*7syP+)u%l`&qf
z`Y?*hyjllfA4EB7W_baud6Z8`oY~|xQ$qk25#<x!l596RPmQ9Qt;~$T*hLy%dn#|y
z8yzX``pe9Bi{9u+ao6A1_FMFJ3&ny;`O2_<bfn|bV=;Kzl}pIVm6sDwj*>{3i!=i;
z<f*uv_)0F}k6eN`|6*KD-0&u${!MW?vBcDnyU4tpc>5E%aCwu^@urx?Sb3B1^-Y2|
z2Qy|d{=7-JcvDWU3o^P*6l)e^))O%p3BN@scZ-1FWddx~6YI^-+_q$!#VF1TwnkBt
zsnU{e<L<?c0={{R(Bc+}yNdS<umX1#i=hbsXD0!pE-cQp-#I8-0|*RUuVL#`d4b;g
zNaF&%_iqv2z9lZu%Z!!sC9l`OHbw@`e=07}+jfhv>6W-a@9r(a&07Tb#(1(_pf^jP
z8yD#PB>tEe=%uXF(DIqQVQG7$al=xB+k~38#pO?Lv?j6Di^Fmd<D^^WZNl=~;tXVK
z0mG2F&UOZp-61@>O>nmt-}#`_IXRX*ZvPnRH0mLFu?9b;33a|C)j1=dI$x6NJkzeu
zfp5qPk}0Lmmm(eOo(XksbB7RpN2+tTXo-}ySTg{Bhi0ntkUNBdcL?76i=ocD?hvx>
z2z8d28nDDv=ZPGXtMipRgg@@ceOPx1_3skAIhdi&AKWFpe^;opB%|9zvDEo(<K5_^
z4y?ROSbmqQ^AG{{2{fh7zs43&=aGt<OchY)qjw2M?n-r@9sTd>{9Lq$I%n9`d8Vb#
zS*taSXPQvw;!%b=KfFu0b62QyZc8a&?rIGzI4bCUrkUy-agWgAo>1pc?-7RIBe)kO
z*ws0^rA?iEBkby&`HhAeq`}v?53)>@aUbLl_XwNrk+>JKY?N_XVcdPfoA<@NkoVt|
z?OAuZ#zD&Fae-zXb>PH(!q4{!-u#QPr?F%n!7oqkJNIiTbzi2`PS=`IKD9N?RK2-*
zg!DXlPh_!{l3_7Vq*_rvJtfkvJVI8UoVyB9NXcBv7o&XUb3krsf9DbY$RjvEZ$$;q
za7U*BS{o^5Dn|~Fs&I)TcS-{)JRp>RKyW_ahW_Whk<;5s8abRs`6%<=$d(TXZ*crs
zZRua`jSO6&VZBom_eM4_o8q$vgm)g0Dd)&I$s>1#2KHuD^-L0Sj(te@>><H9KCTEk
z)kH;UI>AhZRL^-1N4*-=8A5|ZZC+J2JYXePz9^q-Bx*D3Az?dbgxG?$X;`j*j6{|x
zWw|d!g;msr<>oyk+<PeRtL(2pGdRcBq5|G_Xy$#Dl^zjFKN1%_j(<cL^+?=TIXXtx
zN8l>+zRF#?1_%H2V!Zq$Q?E!NZucs+LD%4JE<PByC3cFpnTmUS40+sLxl2_&A5OEd
z-d=gSsF7bE5sp0~xNpT<HDX>_c`HtqYQQSnm6iUF3BHdBUc5wx_DDc70p(Sd^&b;n
zcua8KkE8#~Rh0{3BpI1{U6#6Ol+Rj+khs%hLI+OvhZrjOBD-Nuak33FxI8VQe6CC6
zPahM8bL7$Sg&^~~uM;QDHhYz!rU4zDqFE9WWQE97l&x8!oEqFc6Ku^gJi*>9FUHxL
z#dTCDDIdoSbZSxwtAt7Y8;)@z`xBtbOIG%LEBoC}R<<leAXaOr;nGCM-#W_Z__sYK
zY<es@ei?T<!C^Uw`9l9=!p+B`<FBHeU)|NVj{o^5gqlydy4X5?ql;gyVZP!TWpe$`
z6GERSg6s2wq6-|BgBV;FJt540BDmI9TvP2_&pjcW;#?2q=c;!*;6ODM@a8Pkz@Cc?
z^m1$F<$xug5`vzJ%K_t_652i$mjizClrZ=y!JFe4Hw5l`O8Dt1!P!*MlQ#s8P#Z~x
zD^7tt)*TvI>}$6O4(J)-*;5f5y#9>v(ldg0pp11VKO>BLCV~S=MzayLf`c(`;bP7_
zBb<81gM(=TY?fP-^Ly?pk@n!gQ2S#oq~?b6sOR%Y#~*H?_8N3NeMWHRMHFE(W!{j;
zb$Q_PXQZQ|mq2a;9gU&Gne#>=$h>K<L?{Qqk*7t`9FEMJcLa2N0Nrff7v4}^z!F>Y
z`Y;`g>2Sr_7>xDO)FAuq)>Opfr4mC!@=^^fEsDIoC1<ANW2T$SRByDBoMozv=Zy`U
zn2wE1hqHYvD&n#~$<2vW&TV=Wy(_upFde6vC}%rW&g`YOa@NswJg4b!cJOG0k?J;z
zWUD+P6(n`z%P9I&a_g(<=&gye^-<hp%HOkW6Ez*<Ip;whO=v3jj&xwCqJm`_ScAx7
zV|+C8R@2Rzj@6oO-fCKtbW|f9-W<%h)wCb!=tH`x+>#8bl>JuIo<2gkcao0nqyxd}
z0&K94re2xpBU(V*YRU__Owp~&#cLet*ySVi^DokIiF7#Mjwq-mhT+~;q9k+Vn~_01
ze1+jw&~=p6b<=Qr=sMc#I=nfUVYnxC9of1l+ilf2x8EpexUcz&vc2Tc(a6Ee<`&Us
zysu@ree(@cjkVrj6{Kcx@oq=@toPMyOYPkpI=VP?b4P{*){(i)+L1BJq2p7|)0Fg0
zMNy`dqz@uPE=x(jcIa5ju?+2Q5h;;!xEK?nDAG^p+YyJ30}i3x63&69U)!|X%c;ZR
z)Zz4vqCy@5=E3n$C06R!8rYr4@IiheAa3T=@w!tNtv&Tksf<}1@KK~I(@(Va+fE(5
zIh*0F3kisMb!IB$T#o!SGQi*8UY!|E9rK*Jxr8o(Nu@lmO8m*G;|DI8xhY_eq8|Q@
z2KFqn+^7B;Se?TT{NvPd*{Q>uf1#HSI}qT~;pfuLO#*vV%kl4yO6Jk3`Ys(WxFixE
zhIDl4Xz$XkO#>$t%UI5mMKxXSFRE>XOUEZ1)+qU(Z_1WQ;ee&1{M`Zek}q=USl|*R
zm%uKS^4znr*QH~(A&Ai^r6OeOg|E@T-i~s;79bkshD*m4mk#$0TU>2!&K(^gg_kL{
zIX5~oXc?yvG6bmM)=|Z+o11h0<JQrG|9O50@QYi=A^xYy5a3lW9Syv6xF-o>0q;uj
z)+_O1xp=XWuHU723%qp9_0r+I997Um7_sL`C8bO$zZ)OvsvRf@o$}Igf)lzDQAAhh
zt2&w#F2%$s8W$*x$k$uPV=rMu-IcKgX4;Hsi?@!A-a6dBN0R5=Sdz2@O*1vHNl|o3
zlD_M$<A%2&{Z6D3!A`n`kB--Ubhw|7Dw4DpGCAolqUg<Hg7ioq9m9MC>0yd=uATHD
zA07LAbU43@q#|zOl^pyKzE%U997XFT2bZr7@)e!gIK@Gxs(W^3O?`E|=BvZGFtRX5
z!yW#LR??PZIk#z%LGi_f!+*<HM=xLD@R#}OnCq*<n}eC>1^je``U!_G$!Io$mcxI(
zxNxH*{d5fX;|@PdfVC)YIs8Qh9sWT@H<gPwJ<?}!al4%^_S3P@PdI!DtRrKs<?#3U
z>Dc3^%ejhcisCg-NxzH?KUG|~i|c+muKGzYD?#1J=3>l=bkzwGiXP&xqnN)AS7sZl
zj!Ooqaf-7}d=cKaOl#>-!`EqG^CJT$1=-6M<F6yiU-%#iY^6NC?+5-m2KX!QTSv`D
z#&YTzk>#ER3GX|@U&ojJye-!W@4MY!$5wygeI=%DU`p?M!C%L33W<APXMhepK(}Tf
zUso(&SJKL7X(F4}4;EEhGeAcTj%Oe}jgm+*rI40KHv5l6iVe`wh9en%zOS0e$>D|b
zifT4Z0)7;rV^Dx>xZ7=%{;b!)vLju4gGIy53(zq$K!^L!w&d{?NA*~VRXx^2M`lNc
zJP8)s{C9wkzc?$`J7Pc)&=&{^QQ?{Er8ljyYwZxF6Tz`!^cErV1{oM5f#7$<mmc}P
zi~y=El(S@0zaHuQ#QdyJ%^2x~Ynkw|?cW8a3-*HnS9XLY);cAY#^Q{{dbx&jWH@l%
zq~}GsCkuPCJ-C=?(7b$NaVlkEts(}7T1D(C@}CR!z-ZQA)~<-EYgB$0U{xcGhoxid
zo2!JoOUu>1`|)zMuWCf!$1ed}19kWY>SDF8YQzZRVZbmQ=S%3~Y2IoP@@d}peMTk&
zta?P5<K=k9-uHb2O9QM%MA;jafaT?N^enH#r`E>+doCi3bEBzQ{e9o?0$9z6k{c=k
z$13WWS5b%WqygNanVGe#=<uqd!`Jl*z-mVrD`%&w>R47)hws+s09MD$e65C#?CLsv
zy<7l$-pssKTgRuhb@6;|T{E-A3p&cbpo{gzdS>SC7j<lSQ5WlrFPfQeG|(}&zAn}m
z>zkRbS9MHmqKoy#24*H}uH!^AU92xQj4)Q?uC~yzu7xhv7aN(Gl_GRJXsL_!#l{iF
zqN8tX9fw=#Vtw(Y2xBcUBTC1lC|#^CzHFk8iq<hKS{Dn1ub7!-VszZ$nZ^QPlL%vh
z@LC%kKef@t0^zGB<R7s*cEsvpf$&aiDq}46J#0;ZnG+bwmXfO?aS>uwWI(>B72_hr
zs>s{+=Pc_sRBvuJ^w^aj7vb0&CcH*!ypGB7x>yxy*Gyf;Fp(L6cS?#?kuC8$*2nW8
zbRsiXMf3z6T7oW4CpJ?XLOJG3-NP1?6y0g<1Rd29M0fgef{wunI=nfU(VcEc(2<!S
zx>HF;w~1oA|E;8OK-Uv=TutEJX@3DWt)!-2ytv+~zzd}RRn#)Lcyc8qC{ahTL>=Bd
z*IW)+*i0*WIph;@)$6ZKJ>DZ7V1I)0ZR<VKz$FY1OKIYXllBqD6DKbx>S&m#Be3Zb
zhO|<0MyykWF(dY2qK*NHBAW7UCfkm~auCCXuTIplJW+?UXG9^FzM9XOHk12BSu>AI
zI66dl?JXtR|Ib7nzbESAr4xs0MMpCarRf-9zI5V~q{AyoHy(nT%&@JD)XpJNJCpNi
z=Mbr#9qiiKxRGoRnNo~~L^%4E7Sh#C(orW#YUfVXh?$d_0XVIU(9VuYIuep}c=IoY
zb}mlRu`o$!=T22FOfj|d^)f;`4<+f?lO(jWR68A^?R0o^Fhe^N+v$jHC$w{?s>z*&
zXlI!+LOUn7(=n+X*Ul3HtZo@gJ0BI)&P$3~-6=NhT;EQ|S}qOGHMP^b`Ts#Xzw*@1
zWV?2Du(UI03B$~?Qagv6+IhO2j$hm92n<}xP_L}i&J<HSgWKx}Y%jF)x#qI%I4lP-
zw6jfn9g*#IIFpLh&I-+?cFL6X+G&JW-?F0p$F|ooy1mrSD$QjpR%z~`G$Vy}u4u30
zoA!ow2F_s!E+>~FJGL^G1CO`Yak#y1E=8h=x)gE_1MA$X*n_fSDY8Nb9c4S{=2B$m
z4m#R*(BVE6V}F|Nw^wXW)0J&vf0{0P7Q=*cvg&%aGTt)$vV)GP9dvW5JNspMi3*41
zAm%Je2OS4Gi0b|2Wp%J&HnYv5bkyPKsKfnPll;#=CeLO-dCB#ClWU8PI$rN6xYl?@
z-7P(v86XDN;T?4h>nOO^c|~n=w{zXpQOA1Db%_Vp+=UDs6xY$M3^lpiQO7k&as2D*
zxzUBp05K>gb<z>nNr&^jHw$}O9E%w;72RJ<x@nzsOzb4+vZhK47Bd6HpnJQMjvJir
z7cC2WFr~>rU{-x~ux301TOSedpuA=t?5W*ZM~%)py!jX7V9#5fb@b}2!@aA%b+AW_
zSs&F`2l_doN3E%IxEQmp>a1f~XCbPDb0T-Vtx_L#)^WeH4yS*E!d{QzqQ2Nbb;%Pr
zhlqg1;X>2~U3Apz!n@=NLe&0UboA?@!`-!kT~x#5K5QV{Ri>25Ia@hSg$t8g+eOEk
zE^-+0g+hwu+}*7lp%uh1;$#;c$GhlozTLEt6U=;^w?c`Y!jWHT<@I3&`#3MKs}BFJ
zVw@*|HI?$5YiiI{$BSLn1m-z~aIS%eGj7%@=$i_{8F%WcqeE9Y{nenMq@B&<fW(N3
zu8MY%Mt0RPT#6)toi?=mA}#K!W1%6E@sdEIin%a}fpv}e=z1m1d`aL)R~>u0>gG!V
z4Z7*5*-baEaF$3KQaMsyPp=_dBz1-J(r!8ychlkS*3k2=|8X)$rR;b8udJw<cl{se
zrej|>UEKAbrjT+tzlS}8f967tO9$?B({a6<Zr=6(W_KO0cGuy}!Hi3Zmvz^%pu29~
z^?$Fsj$Hm{O*#;ftmE}$-MpGOO~spO4GUgP+?+G}`H%xkl65Rf*2NXYGgK|q{el@+
z6p!G5iw-$(Fj>dmWZn&a!OXk<y?f};dT^?)H4UvJv~w$I9!F?{zZ0J~RnlyC^7C$Z
zPea@7&>?TwUJrzGK*Pdr@>dIC*$vfm6kOIG5ssRbg;BiILr32pI-DJvXoXKB-cZ#q
zQ);raSA-*35?a_pM@A26hW8sOpUgRqk8sSDfO~rA_=$7W8fk^kH_8u$ERKA)HR)A^
zk9ycc$3H#9yxLOLsmfG=1+Y~;bu8=2U19Tl=e4+Lz1m3Kl*WUYk0UDftYSB<yq-Gl
z^%SNhft@zA{H9g5myXiClxcNQ0b?qsJ}P41+tq|=wd$p#X)j?~t9$8K+)J32MAA?<
z)ikYRRqUo!zPFCDy>+<zHu5yBRIA1t6*MhZRbg6h^w!b5w=}JEg_M$NnpR9TVOsC?
z*6~(vVOl$T>-e^}4sQ--m{xcn9i{pR)9T+x$A9_=)5_|jV{;#2TIniSPH$AuwB}Y7
zruF|Zb{*hZ6i@$mcYB)xNJ8&~AiaeiAcT-k4@H`kkkD%&B%y`?Ql<A!fB;qm6p*4I
z7C@vaHbjU86a@Z3qzit}-p%fNdEZ1oc=9}ZcQdoQvpf5nop(!x!3^aFOViq{w2-~T
zHm&cgl4(T^W@tTF*!U7Mt(k)vCJ(ku>p)YNX+5gyVOl5XbCGK9rgg5VV@G;eq-%e9
zs731BWA5D{x8+S}`mdJvo$AVdOEqY7V$AK;$PRuP%y4zEfTKJt&$5FTgJqu!6U=|N
zF}$ji9aJ2`P<jYqbrt1yWh`}I^{62X!-g>MpjP=^-zRhM#cq+qvo^*snZxTt7`DkA
z8mSy|oH;xk!f;RI5Y{Tco8Dv&FCbu<2JLwp<6D_S{h<tXhLSDEs2pUfh`TKhAIdOv
zC<E`+Jg>X)%4GpD!Rk;Ek=q9`{%_RQp+#l^D~B>H9Lk{e%L1MaWw<XMI%ffchB5RV
z#-KHGKGe+uE(~M%bQrUT3n^Pij*vYeq1e(I&f%ihaE2bkX}FNY%#q4HT%-?Ym@-_v
z4cwUp1T5F^NevywYgxed;S5`bGqj!^>^i_cnNCF*&4IvqSwP%!4SQ?qFcxJ2KMiNN
zI-J3rch<!3A?j%25I0X_Mnc8DHFap~tRul0%n=O6_OmAHj$o)cf}!Nx3oZeshX7W}
z4l)lN!7y0xW?e9`cm%_%BSc;5t<3`N5l<oFG1g@Pr$#WG7{Tm`(Zdkg+A^hvg;x>^
z*<t+=47V(q2po|GWGuJOJus58fTANA{6{jF<<FWJ8ZK>2rc`YwB?PpqMX~f|BN>{G
zWOf)mek4PmkyKmB#yteckovlj3~NSGZ9f{x@WDu{wv)4fWa23<Yda+icsi2d@kpxe
zBsF)O<UV(tLbVMT#ZY0C^}5J$(H)}Hfnk&ilPn1d0X{dg0H23hfOa(th#JKZF^WOE
zm<5a&#V~9XLkYGWFe`2cYDURQ$y5_5YfM7HWx_y0wgbyXF)R{N>Td@=AH{HT6oV17
z9k@G+;r1wIk7!Y<WV@GZ&^jcTX|-uYt1+6P+GqyeHIMlb52cqYha-0+9lRQS+A~}(
zvL0<;v6u`jQ)ZVf@;e&iU$?RF{F8x%(G2ZJ3oux&!T2c|=rx8RVhn?ECm9%=#1NOn
zU_4C*hK^<EGM1r~_jsVP|9HR%r9Lj~b(tD!m$})ic6W$RR2}loyN_e&HjV*i%kw5y
z1xr<|3U=#wcZc|_5KMi}o0vR~Vd6Ljt<!lE+r}|$8OLA@J8$CTIEK%JxWH%Qg=RGT
zSyzXlrvMMfG29-<>=nP;g4MAhD>Z1fhZetChgSTKOJ+z)X7CkXtnRrvnPFwJD1Mp3
zDZuWQHZSeTfxpP1SPI}bp5cY@3@Fnz1^AuF<l5_CLDn+`Xgr>wp+#0d1qcYuEv>&G
zYmx%=9?#IzB1=gDf`}}D$Yu+&Nhv_ac!qRAR<B|zu$kJunKYdjQ-ST{8McjQC{sTb
z*iRIJL~+^5FBSNFJj2QH4BnqcIq;b8q^CDVI-tQ6{YW;qrcx!;9gIWDB-W!ol{22<
z&Ul6rqC1rk-Kd1<KAzo%mkxD1hbBjzL(}-nR3L1H2IH$#pmYjD(G&(FI~ACi!Z0X>
zflV3%{M|;KM<LpE;n316gLG&M#sFPY89Jmg_=+#a>M=lOD#M0U;c<-tvQrr@iHCQ_
z0Fh}7A!!6tHQTCf_p5}{Fw7@7DA#(4G=?o{1XGgOP$~D{Do>^{e3m9ER;&V%v=7qN
z?#Nc{>~|lG0Y(Iovs6R=80B4{qvPP7njPH~R_BuI;2zOLp>5TPe4^-!hZerth??bT
z8p9uH48G!vW$Jq-FuXp2OuhU>hT;>+)Mrg(m^#sE>OZ%2n7Yh`tCZ8!gX)v1|2C1~
z+C*vU;YzFFZ9PqWT75G0f|D40Cy}W)n#9mx5}A6hNen$ENmI{RrQuowGWGeB7}6&(
zn8MUMsTPr`KozkaTKtFlWcC#%GnAW5fYf0!L+i=XM8~?-N^d|W`qgBH3l^Ce7hZ3h
z`&zpi4QO0=JelF)WH~PEC9?9;uWCT!LWL;|<)%o3=k0QzEuPkZ3_fBCL+dHh;Nyra
z!fEhBr!WkjLIyv!UG7?+X+Q?Qa0<h#Qy9E6+BprrZ@XLu&z8=$pu;lxpH)+xYnyvK
z5+>iLA@!|&QyBJ4VepMxt>tg`QW(G4Heb894S&fhGW@$!7;aA?!>==yq1se3{CXW_
zD`%{>4Sz`^GW_(Z3=^h`sn%*T{Bu(oPERGnFPzTclTL;|Hl1NaIvM_ujw<-N#y0%=
zjhu%6K{~_XbTa%QssJ+OZumc^Gi0Y*hTok?VjAf#9ecgo(PjFB8+n-iXPq3Tf3wrS
zn7$QpRfP`{g<mq%=d(uSRd`KfFsCtiZ|vxp!t*KgBpTY$@N~bw8cE_woFyt~8beJX
zYEE01DDN!igVruru-Go$v1aOb93k#Z8)IN&D&5p+3=@S&v!(lCUpEw2w&1$l##kr0
z4oqWsS8x@Na&lQabegNv%hqbp{%lj?aARGbUM2|Q6@g5t@hc>@R!(CIi~esK!|iD@
zjJQTkufl}XsMtasn>ag1u?&VH8Pqu>v7u5PS1o5SG|f;eSoSLENkV#bY`Kq`kk{QW
zgP~7`@K4riw(C7JgJF6Gtzg-!svy2gcl)&rh8>DY3~^^N7*1z6)(?KHvdk1&#>R%;
zY(h2vGlL;V&{}JNud6Bqt<#{5j4isPDXjr6J)NQWbXo)4bvi?*=?uPt%vuAycsj$p
z>GVt5b*1&|ZaUH4ODH?IDWS&C(;2d-GoV;e`c-05Q(Zc`yf;mg@2`h)e(m-NZlMkk
z6{VaITkK9#XZv`~U@&J;`$%H$V9VV;wP!HYoWZ2@_Uads93ee3wq#haQ+nqa44r1s
z+AK+I0P8g+F?9yRcuS(Goj1`(Nt7uSZ8{cPJ0)1RPw-zqgJJCq*$ERBQ`~wD+Ns!L
zU*#&su^9{>%1S1xVkG8M$!jwhesNVYNlDKT((lHWtkTRW-FGH~_e`o}l9Il}QOSBU
z8S2br@@j&KN@BK<=-;Mx$7WQqZZjFW%#_j2+G@U?v_XURVjJ_-W@PD;XELPCWZ>1>
z<a2Clsg~+`P{DjG#ylyR_swM3Bbb+j=fPYq3#i*twX9(NJjTC%C<Q$3&1CpvCIviR
zeubgyD-`hf_!Wl3uTa3F)+~m~vnb%PdKSa0vj|Y6Yy(Lf?SRLO=1zrHoXt>vHZ_+d
zcBR~#D{?kN_-qyM$lRz|)^7zoM$BdyGMk}wQcJghhgKgbBj*35B636cofZ@e*g2bF
z`)rB@NGe^WoUwo&Eof9aGn?V`Y>EZ^HJc%4HpK!Yo9Q7y4o-FFFw~wyuGdR*7&_0f
z%p&Wwi^nI=?AMCyKRRt<@f?PQa~QP!r%mje!|<*UVMP-vN8}Mr_+bvi_j4$kP%A<<
zxlDOP6EK(Ixm7BZnU@7TqL^hV83$-dQKKqz87j}EsF9>HRLU7OS{_1Cqjqx{+RUY>
z(YUz`qvw+DBpde-AfrZa&1HCFF6r*8xeVv#D&0vQ-#oMbI)rprXdXj>d8E6B^BC&S
zV-$BXqVkA4^_s`fV;<?wO9d}v$|LTSK96C_JXa*<JH_(de@9}r&12Xyk0LRr<}sX@
z=ZwT$Q;`^%YUqf>lnbRuOwK%pTk|LqQ++-|)%g^O=`^3A-F%9~AX=Tzw$YBnXrVN4
z%$d(HYd!;iAv%vp%;WqcF+b;y#0cxN=VnvXD1}WLv@c@(_eGQc{Na3tH|8_=iZ9mO
zY|X0-3tpwUS%U=(RTt3Q?6U<7hZZ>JX2+ai7?}%KDd*hmi%>$@xP=TI7s|O=h8hE9
z$~iYH+luC9DGM2r7t-8p<3fh@3u$h4d?CZJg>r7@w^_r)Fq)g)UC8j;LJGqyR0Cqh
zW;+ZswiV6CMlNC)zDRiOo5^EYyNF@&A}b6dW@Q<na`}Y)Z%r$jmH94a@LnwEQLlyO
zw$!7oXdV@`n4#`sIeE)=3&UJ*MU%Ie7Bh5REGKU{L{>@eiw>j7+oZ(|6Bf%^SvYl)
zQ0J^{^J0dLi)mKYizuoQMPeAu%05}la9q@2XtZ-y);2o7Fw8L(hB=l;80Kae^{JbS
z8Gc{<FJTzT&A<7NFiiX=nvE4*!cb@l&Bl_KF!WzSv$1RKWZ&Ms*`AG+3#ZvwhouZL
zOBsB{7i%`QZYjg6r8FD6w3OlEQksp0E@No2jKH&KdlkUVv}a>STRXvX<1&Wz%LqIr
zv7u7#4)^h849AvPvoS9s`Kq-m3{$a#YcBR@Ymd2DymKx#t<!&mVXC!Pw;pBMVVJ?v
z)bB52xVB78l{3lI-(1eHZ8@2G$rTKRSCFYsTfvaF!fEQK+dE8M=E7CVY3c{U$<%*Z
z!EkkjH1%3atF_vDnmUglQ|Bug*h(_>x+@uKuOw6Nx{{&uN)>V4qG4ntnffa$878cx
zFify&5t(v^VG<(9>`Sd;D6xw0EM^r$i&ZiV)7!09^CHOL&#YoNy-Hg0vi7;dFuNnj
zlJBizxVuVP^7{6<!!X}QkR_K|%}`>s96tWnKDWU?kD%eB<!Xi&tEIsQb;u(Oldzg0
zel;0<=MK4R-7S&~e$Hx!S*sbm<2yJFzGa8}!!V~+Q@!8bGYs=fB=xO#Rx`Z0n!z`I
z%fEzSq%i(f`~L{TWM-1#|FN3kx7B3$)z&anT0@5asfvOu*<u@h$!IeC32PX}tzqyL
zUo68vwT9u-HDvfcYZ;8SWcVZ2G7MTvhW|`OGW@pMhW~z))9??hW!Sft4F8!bz_Wb9
zFqhXdTv}@x{w*Ro8|4hcwCUtB{o7F<roYH(`g{K?3{$a_3KML#<0c)V$)(WNG5oWZ
z!MkB6XBehPr+*2<^iv~A(pE<prsg_^7uPX(C$)D(UKTnZZnn=O4AV1I&6I?=Gco3$
zvUF+d7?Rg9@UVzHW=h3Ro7mh+-GH@CgSIHP_<&d)TBFk@-d)G=_BsZw+G!K|dWPrg
z7<>hp(dx8`(De+#>luu;r%fzf&oE~_IRsLs7vhD?B(ubf7#bOTH!yf_5WRUDIRp(i
zFx1(=WB}u%R%*S5;2mfBycr`mKyF}|A}Cq*855tkQneO@$)=Ac3eL`&*tUUT%LWGR
z(HRpbH!yrA9&Vp8aeD*9A0m6fWB8plQDh^7-$u*ZE_}hn1tnFc)JQts^obBTRJ&lJ
z*+z!O8yU267fd8?WEd+%@b77z?6-sAI+T(vU1R@jC)8asOsYF5OM`Ybw)purr0xwH
z8CGp1b^o!E;kS(pzJknBcePCnl{S&OCv9R#+C=J>GQE(LWvlycEUEk6CWgD47<|PS
zOWox*GnCk@)ZHvh#f!3Rb(d*F>K?M0VbEr&?(i^mig%W+?xZ%P?gg6}=5Ho-@7c`o
z&Sp~gH=7wQZf5WmJeInjZf1DAS*g2?k}6Y9b?<FM>JH3gsE|qO?vu&TJ5#8;b?m>X
zJ57L`T0Eb$U4zyy#%$1*mRU^CWSEvI*UG8|;k&mx7IN&!WXQ^7;32K^TgcH-{fHg5
zLxc88jJZPQa5|IWl+2-{`iVPZha-oaOolrmhd$x?<#1fBmfkILc+kes+ffc>w=fjl
zLQ6$@s0px4m3Ch$GI<Nb#4QYbxZ7~x+PD2&)dxE@XmPQvYPF*dk-3Fo(-uaza4b?Y
z`5-~~Mr`qj_PTuw$Eht0A8%pyEgWUHG8Es+>{~d7Z)F&`Rdnl}ntcn$!L1DMZe{i@
z90j*A@NE=Ylo=R~tX#KneAJFSp<de<dTe8W*Sis}bxzss+}Al(`8-0Mt2>&r_VUOH
zbqKE(1n-LxjulTUVqJG|G|HQPYa8dPCu?2cL)8p2Rajjt8|yQnJ&nxi+Zd*7laaEk
zk!r3cl=(c?XO|@0zKvnqHU{qkk<OU7Xo6G~5ZEoap2ilx)`6Pf{5FQqw^0)WW-*k@
zq9z!d#V{gExbCtEj%6_%%AzJHx}BlWc4~rD75Yex%;Wy|4%7tk+Zp<87frA}(sBQL
z2ahJ$8|i3*IUVv;>5)iB6P$50!GS#Ky}oGU0`G4+c&tnNCRYntYTF;J>hhWft!Qk~
z5}inG^R_e0+)iryVLQXu+evNJcQCxTL(Jx1Bef0O!O(99sqNhz3~%oswaE+&XI4sW
zlRJ{yp6_7zdxuclH_<M&t?THaw%_Tqo{S?M^Hf?+v_okV+qjf=D{uNWjvov8=k5OE
zR%b0n1*nC>O2m3~?L@t^%1(w#I~jO^HlC~Xyk^sC`Q(wn@J?1qM3c!y^yj7m8#+;S
z8~pe$XS-+6%J9=efcHANCU_SbyN-zc!tq`%$*q6M#N$r#5T$$$vz3c-1##85{~(qN
z_e9zI#pO}<Y1S5=boUxOCBAV(fN3_LvGn|CwRX*`bTik<(_7-mm0dI1J|A0nkKTdJ
z9Oq-l(8I~N+zpIkgXzo9?q9s7)0gH$fG2Tkr>oZ@N7iLJ=gQhTop6;SWAC@=p}%<e
z#_>>PxBNk3>1(5T@6M_<ywA0C@GlQ_oS;3mmFslr1;jB8@Vf7KpVe7yu=lD)IJ{*A
zaJ;i~y{h;c6Ylz&?eSF($D)}FcX7=X@@Z%}Bn$G;|0MTb809#*SQ?DrozO-9*AwiE
z)ga;piV$A04gm+dNKNJ=z?%liGcEzVT5PVfit}Yg?H4KnUR`z6X%1i-YMdzoXl3oa
z%mHz3+p{)I>nis$myL-PB>i_Xyu4HHWiA^NFJ5lg$*^W8LtASXa5;M$FZxs=aV_i}
z)y6&TC0*-g+|#-N0aaT7T5`0NuePk4j?z{($<YaaHv?X<c14emwsu9oVC^_giMGVP
zVC9iY57rLj3G`s?ES^XY){f#y^kD5Io*Zp$+kL^>K|F;XtgXLO>A~9an;va#`F+9K
z>O0N;VsG(fF|@_kH^!)z+)ZwvTpmpuDC2T%pj;kJ8z^Jt#=WX9So`(XMqB&!s+PAl
zNNtF=Hb?=eF?k4}4YgGgR93TI9yerDEbS+oVrX=vwIO>a!`GrI#&xq^4!7jI&XDt(
z+>kxYuK$tO8Qy!Hp^#`!DVZT-0-%kIE~G8(s-xi>3}xS7@D*>HZ0f4RSel(~yxCPp
z$2S?8yvbm^-&IHFw;0;J#bA8eRmah{7&eNBFT3gp-Ng{Fi@~_sRmb9Y7?R&%Fm4I5
z-3<G7GZ>G%>S(lwq3#|AgLl)hZx6$I@ldpzj@x?~zS_%R1a#98@g75s_ZUjm>87J{
zlWsZ!D`>8bsB@_nhDxdJ7<x>J-(Hey1uU0(xvFy5BtR<=W4zRzT<S6V7zXSkms;k)
zRjR1FOI>h3gYSL@-k2zI?U4*@)lJ9wNx+{ybi17ADQl>dGOp#(=IZX`YuDe;P;bB7
zFx#<$WD1yU6Q1fp8)kd&XXqx%Aih`|X1DKW*tVZG%t}rj@q)8i|58akXv6H;{R}7f
z(}vly2N+5o5c6^&Cg&~Sr2`C|50FPA#V|)vTpMOP^dOIB@d1W~2N+N+k;n%0a2;}c
zn%+4MxgDdV$&|+-x9=Tb*n5D{zS;Ri_OE9)m)CM{n~igBn^o3l$EChjU15n((5mRb
zxSr0q)b|G%zCA#3DM>WFWk4KF(>9tA90I{@ad(%+gS)$H2=4Ad7g^lhEx0APySuv+
z-2LqRyyyF~JzZ1VQ$5pNGhJ78)tLH-OQfuTP}k+d=f>6j4y!X$k>`V>M5cDjX4%FE
zJi2zpR(-0r$=F-LGq*T7-k##Fl{2T`CC<&G+!yS6J~`bl#AGgKZXo&+X~k%j4e&bC
zgZGSGO34K~zn|f`+i^i^a`<aD1*Y{%hFdE%ky)ujtXu0X-_X<zNl-OOy<2OWXRPtz
z_m#8j)$gG>D3HHWh2j1}nYP183#8v)JG-`GUO8iX`_|ha>eMXj11t-<$yXc1K+HZ8
zZ`C*8>x*>_@7DCGb!&a~3f~?fwQe32+rj9#y)z(c)&DVVaqIRBR~GOf@@!&Dp)371
z<`lbG5Y`4TJ6E)EDv_<j{E5nWIREWeS-^m4)PvWo((EORXjU&KF}%|J*NhWfgJR+z
zsa~mp9|j7erlw_Edg=;bA8E2M+v$V#jlC>l!7&G62ceOmRg;aX6+u-N`xvg%4!N-h
zRQ5Hjv5kEJ$tK~??uR8%62yc9k9NE#gvO<=!OI0}P1h>F<;s-p^cyDUQq04T;d^t*
zuSv2NM`W>v5>Kd33w-ZoieVt@0i@!A+16uWUZb(2;@x#}<O=|)ZO8tIde=tiPu+~>
z7?w4jo-U#C*f6d$*w)+#B1mq*g7NRZrQPK|T}n@1Ms|MDnX0rDbg%ezeS7)*rSqhi
z)7s(s<U5tO4NL4sSn=oO<4c)B)E>CaB}sRK(xfbui*0lLx9JK(&h*rv*OjoA$GcH0
z6q83g&_d%x=!Mk*7gF3f<C@4v$H#f9m+$savHoUT-Ey2FSNFbtX8rXZznycH^I_)k
z7JoYR;kC~-zj$WP(?@Of%@7eQZHuho#l0(V`3Fo28{O>-s<{-LFy?QI&Nf81VWuV6
z=3iH<C<=;I>|Bdp+)SVEGAaue3v6Qk7_{AnM~d~g^6%s;H%S6?kftKUv7*aq)^~T5
zQ6Bz?CH4w1VVQe3CwuFq6EQseK^D+DchuggUE6iKH6r}2noac2n<F34;nYtPRt@;J
zf0@K5Nw5z-3cyA;U%|1Ei(wnp2SYV{RxUo1cnIezCp=+Z|4Do-5w`DC;9E#Q$Pn1J
zvj5I&quJuXq}dYgQdIHOFI#q3IG3xZaw=Umzn*zB@RtI%HS-3A@bmbnT~;m&KGJKE
zv*3?Fmx=cL9+=^2R9p#Pk}T)y(!3q>-Wc3A!T5>4++}yBu<xv*q}yBc!$TXS{PU$E
zD@}g9V81bz6H{2jtES;|zaF4aj-AhxV%Q`CY&8b*z~P&Vi%_?cF2B#JqU5$JvOx)M
zl;O*<6kk7!1pnGuNs#Y^gE&9`Mak~qEV5zN4;IAR#o8^T(0fA`+@j~xBR_Cn9}u=c
z#-EU~)9i5@Drh>l6HJJMSFC5oqI0*%`alrsx5<Kg_HwFqOW50Wfh%)&QeEIA;!ha1
zvZP+lpWg}Y-@aw(=mf*n-m)}yf-h0-MRR|y=W+)Ofc8X6!lX-NiZTDpMRGBJCCLnL
z@B8K}-7=-VDqS4KZPW7$!V=RCL3ZO)kK4X8-NwlxhcU$=F#=ry-o0*loAM+$&nuLn
z6)8g@c9&m7*NOjIX6%c^yapN{q3(&uvW_WZrXaOb1nM0T3bB~Ik?0+1h$Sa&IpwYP
zd;Xa^OXNtqcF0rw=yEuLI~GB;d)Q>U&BNu!;T<{_(VRRJnN;)TkfbU7?y_|)R)Umu
z^QAY7cqk;fPp@cA|7a%#FTy~B>6UAL<+DAMPUI1Y9xe`v&?}Afk?rqPBs2TiUpb}*
zvzgi#`PC3ESYG|3)fBw<KVw^OZmF$ES&W;diL)UnL{dyHam0A9eu+%CjQzpQHaK20
zBu;r5Z$nd$l1_Q5erC8g<p1eDy`x<rHlIiGzf+U`W*)bYlCX-UPmdJmIay_)l0^~c
z`Jb>;-lCqdmaBNn6i^1q(SDh!;R4cDjDazaPso3IPw%Ki6ZhP(R_|xd0uxTl00}Bi
z3y&`tckf&z#s178Z}WW1A+Pi7l9}mty2eNU=eDJ~EhFI?vU0S>^g&9{kYsfG$T!b<
z-XDC#aLwA*%WSPM&Zj@?FO5vH9g|4)Sq2AwdR}l4mpV;gj|mh+mjw;uyk67wzG%`a
zkPOmQsSr8-+N{H?GH1U`;oU={HmYWTE3U}T_9vLa7stZmkO^zD1}Ys;!*1r_HdKxV
z$_laiFcE1m!X<x<v7B14;&>6TpfJPXfAlDw;=u0iIc?2BlHI)aD4m?{3zyN4epXHW
z=aZBqS4LcBAkVO29zN?c_&UOJqRF=TBty=&-@#_uUyVHK*XXy61+27Xe94t7!@5F3
zk0c&Wn(a2kLmA4X0IJeHWLCY7I4qCQUN-M{#p?^-#PLSyj()DTMqc5B-Mw<kec=q{
zx$4sVbfIs$L`f7;^{L?$lFWcL^&*?SR(Jo;Dx;*WwMibVsO!(1Z1(AYyrQ$GCNpHI
zV44~7Y`Jbx3f0b2WM772T?_e4rIQre5F>4nI2U~Jp@sZd+XRa~t8X61Q;4_1Du%2<
ztX#Fe#S&@i2sFH6s#L|u{7SD2uDZr2LwyS#U;VBJM3O!3P}ok8aX}XlL%rAh_;urR
zLoevPG3<0|B!|8Bf;-gR&y+<K;1Vh`>@Q(4PHmiuVmkrE7`Q-QxyZ-noJ@mP=`okl
zSU)Pp8bg;OJ(N>}WUn~6K$iFi#31yu_(@HHiQXT1TxbHg_#~03u|~J@xQQ3<XF)Tw
z{@t`RQ4eV4GX2_+cPRJoDQnyIduPx03z@R=U~9n@urrn2+l0f7`-&C$$TSZm5`IWJ
znBv);@VgbAUr^rVSCxdqUAld>*|zP%;ywc8FLqL#jVe}FSlQlfI99v@nR6Tuu)Y5X
z3X7ZVS=u~B%W0+5_fl2maqL+#JHK1SbF|1Lxo9SQ$cKt>OUuVc01I2o%HHHdn;<ps
z$@Fjy&S5mGXOh|}y1Zg~3;Dt|GhF9{@2w;@J5;@rJKG8MR5GvKTMuyLXzlvGKbk4?
zuO3wT9))lvKE9I)z65PA5mV&vF^2Xu2NMQYev*iX_bkvNWmRf0_$=4i&vJ$x^Z=co
zdeHy5`VoAudXp!d6nBD+E!cf!FmZwe>RzpmR+EaSF_kdEv)=MM!xmj&#Q)>p(I4v@
z32RrqihN)TYxvzz1bL0JFW?Nnlwh#3CIl}_^OLJR`&`?&(XH<1sK4VZ|G4T=u`4zt
zLL9^<a4;fklwE3;!kY0ma6H4A7rISg&RIOxjkg5CPY+4YuL|F7%}R!_uR9cOEd?UJ
z)z1=!y8UXk^j7?{|GDqc1AdK}r>Xj#G?M^>RvoJWZYo_8i&ik(!ET>0RNGxjU;kt9
z+ntcg;`#^c>y;3!VYg}7XixJIAhZTR-J#8N94y5deAdWXIrfu!rY*U*hCGZ*K-%Ps
zqqqK%6IIx@3wT9>64Vx3yEsr4_m|>5sW*0)X&SDT5dCz+ywo#AnsZFWYG}jyA+^y|
z>Z|Al8*-bh)sj~V=?zoa_MCpG;za~#bHo3bbEjb5I!Xxd{jY30)wN>ilu+5Cjf>@x
ze(NF!v1t2`ryOLY53~PpRfB{#>fU`Jyhoh4r@QpXxRFJl#dA(e)6&H@j~LP|qAx-#
ztT6`lY;5k;X$KqD_(%?unBr(%*$y#z4+2p4ljp2H9x(v|x6Gkb{%AE8@BKCB%ux4#
zXn;1ui5N>r6lfA3S2(@VofI{lzoiWC%@9!%<oq7+4E`{)dO0M{oovx?a|_VdO39!b
zyX?Lof5n=;q$z9JR?hBv4>ddS&B;6TMfjHhQe(30h!^V;JQeJndx8Gve$M{tWeD{`
zs@{_OU}MBRh-UKDvx{ZxGih=myV?jyi*W$m<jlM4^85=(D~Dz~N6eFKVXih<D}{)~
z=ON(RX$~CnB#~5~NM>T}ZT6SiazQhAAE|IkOXQ?$;op5>$Zy2xCen18BVTH{1k9E$
zr#}CqR)1pOtPgB=V=FuE6Ag_aichB?)GX6`pX5<dy^=&0Czj^)Et|VFC$bvBm$b5a
z4<~&@D=YgT5ABF4Ot+)?pk6I2UXH>2!B57yuJk?`{TlGLD~T*g9QWVJLkYjG_gA#u
z%@{z}dwV%(Q;=Y3kOG5F(|b(mm^JUZZxDGn1|dmN@CVPk7SxL^CD{b_v`00j@*RR`
z7X~`(HbU<oYKomXjL?{DDWeZ+I_?@nMJglv$HcsMRfr8{TEU2TW*BB`GGRUfL$D};
zx@I<hNO$CmE}6_SZHrjK)%D?C*YcYyU=_|MNo2Y#03NG4+~MZTH-8*qmzH<_hF0{U
zgpKzu8gb|GtQlcbD(`6SwgfpLCt}(|NW7%OW90HlHA2C+AYaw-<?Kl95Hmty-GAh=
zvjj5>@gsxu)}D2HQ*pYC)}LMOF(Y4fv-D_=+f%IMq*%$t>SGi6;%z*@<b%BK5>wNq
zyu`xgq%8iPqw{DE)t}wxqd7_;>F3AhbeXyBdcLah#F3iA`H@-@{C+VK3|17%@0=58
zJAPA-cW!xJN>)wU2go@K<fNRkBeg`Uvvm=#tE1W?DkYclUG~r=3(TyQ*C^vV_6P-O
zDnetpe@Ao4YLM$Kvxk;U;<oXL|B)<llPq<R2!;?d)FKpM1TEk_m<m)SF=ykyxVfBY
z<BON9@LPm?DNL7XPvR8|SX^S6X}Fw>9wJ-hsJfhl_~W*H<Q=JP`r~@NicXi2%V<lI
z@fWC)&(iSTtq39Wy~j<LnaUt7|95F?OUx|Z2h`qU|KJqofP7ULBb|@W)feP?(`6Wz
zMAK!~w@)P;4@Yxn@RBYk>EygHm!Hv|LULD1vbeV&1an=Zx#Fpm9!sd@T!Jh=FnP4+
z#iq()C)rZ9pfP;pGhY2#eZP?o9<#)W9{;>KL)hc={ft2k^Dy-)qANHOB8xs|UND{!
zpJq+vG7gP8LEk{xHW@KpxBCO}z(84iL7x1gzTgL$7`yESyArpu7`N@kjqZ9M-g<EL
zmLqUm;46k>=<#_loOs1GVMEsCI7U|TLy_@LoAC-$Jq1_IOYZ0j5kA#90o59X7wJpx
zS@7mKWi1rDa_C>_+rUlIl)mgSG43BDxynnVMsmC`(Hg86k*St1$%?5Uq5hyt#=$hI
z(2U|UT>}pJOiuY#`KX9wLP5Hf*=7J6Xss_|P0Z6S-hNp-&JChfHb~OQ{(>ALrT>6@
z6M4-?@HkpnAWX(<ec$>yNOauBKTl_OQ0B<VMg9T7{2IPy927r9!RO48>)8KpXM)OY
zyU8{+Dn`qkkXhVY?sAB_+_4`(yT?)az*ajm+K>eyW}!-Y^U7CHC(OF^j`rD${MqO5
zEf4m`Kf~jA_G1IeGkavv9NDfYsEXQS+_lR)rJvAk&Ro>=TArNQ=C?Lm^2xg<+0&{L
zeJ_~bph`x1#zOJZ9O<=uo>}elw4dGA^{Z-;T{2#6&g4s)yPaF@^R@qful6uiDS2BT
zxxPm!PJK127TmLAT@$)8%Z3<GoM2(`z93cdvlM5Nn$?Iy`EhIv=nX=QmyxHuaqcF5
zPW^KzYDHHzr^Y74$$80%wrAbqGfJ!`??&9@J36a6%<8ke*eBaje1_X`W^Gd9@eRDa
z*+E4FPn#V6L5l`#3LjuDObFkAk#nIJCflGhGLig@e)T&5^a3My&DfZ_)?x0!`;;t-
zn2xJ973`jeTVnrrZd>$T!CgQ1E<M8@C=MIVwo)NAgeE!lQ~5i_4bsdfpSoPoBqF42
z%>@Y|re9*+J}G?kOIkl0{*FcH6e$*X^Dm19DTK&*KX(?l&ndj3c|UL3;LCs1Bc?5>
z4Fy*}n#g}#V6!>4#v=IT`})m(IG^qFBzX2^zn3VGGg!U;0zEUQZfV}6zcX8Yd?4Wq
zM8%blpyA!d(4q5YTv}ZtQAxB3pI9j`iB<L#R`G?%>oME(a34xBwOzAM_fLMQZZj!T
z0Q(y4s+S;Bw*ao$uR4hHA}P26P$4hr`N_T*Kg4Q^IGkUC4OdpOOrW*R;PVTrX}BvC
zknuZ}$Sals<I^`9-pEU<h)$52e@}(#JC)!absL>tU$7!tPlcek+%1EMhdPr67@2Lq
zuOfaH!Ak>^wf1*-UxigfLprspgZHpYO*rVwFA&0!W$qlFL*fqcEP`DXCadG$@V?UI
z+PaH|sB!Xl(zK|2s)l^@f)#X2EWD3Y1zh#!Qc$@#LV*SjXKhVsUujXfn4=`^J8J^0
zVW$a|PvrDgt6JmP%o6_&G5gQUGtDuv922KY{p#TA7)X1pL9m-?{c>{55<wT%{c`_k
zsNgm&tS<GP=2#!I>3{6FK(e*ulyyI7`vuu|?@+Zx&ThTPeeIaMCh#$h$Oxx9?<yTH
ze;ov?yzXMDsH!+(^hPH9-%Ii;Catg-H8O)oMX&tWwWxUUMoD!+PGy$4U;b4sb8b(+
z2b!65-bKF*VGv+duGu42iC$QIDkHymqdGf;P8FI=!l|!m)smf)?v~6_+aCO-z^x)3
zny}z;kRF=lP&V}u5*Jy{NE%~b2E8ka(b7ar8l;><gC;#l^G+(BNpHEMCXKFKmI$gV
zlIr`TLKT`4kLwB&8zO(N?i9gw{hJ7qEt2!t40kn|o8pm#NRK078#NlOJWC;wW;>7k
zkou({YKH2aRy@dVbcRYNvG}{YktN1ek^Cd#vk$9`PXmjUswKv$42Fb0qwUViOt5m&
zO1bbND?x!@ra0uGM1fAs<seu)wuC&BDOqI{0?{IuP}Iq?2AKUb@iMOZ4=&@mX*Mbp
zq;qE8{XpgZ)pyBoe0csjL&+IQ;b|amRKc4oKa=T>AKokqqHj?-nd%56WW>ETk8ag7
zvvodX%WD3%dwCmM(U1A}X~98C)rUH&7KGvf!`sEUCp4qX<7!hYZ48Xj8RWaV5p|!%
zh$*k7FXr-Xx(m>q^Q@b9H9CCzOGpdo(?3Q4>Chk5zd@^PNb=&buV6l^?*5T98kGrX
z<~636yP811E8ZUP7u&-Vme*a^1{#ZeOQ6cCTvD?fZ6hb>{>co*lH_kDsCK__<)A!#
zY0b^f${PRdMvJYI*1{yo$V!jYKyt>hs}#3-_a_h|Y*aZ5yHu~=oiTOp{!b?8C0`-t
zMst-&{Z_6UAKkWtQ<Lb@a6_#9I<cQfeZZz<r6q-Xy0Q(ykAu0<b6B16jydho@7$k3
zKdC}%LLMe!q96dl&xJwcYcozBle3{}YYJJ8c2MBT&0cZ8i-#}nxlZMpok7+7$l>hv
zoAw{m#_MEw&3oDFp^cT?rDe7fy|mHG(9&JFoA&~6G?{)H|5!bE{~s@tV|4-A{?2b9
zA?Aq#Wo(O3zC&hKrU^7pr-f0;>YLR+Jk5v0%QQLssLig92IC2{)Hz;)cBeYTZ#EsP
z&p)ddSO0b-`_8{v`*>?sF}J5{Rv9ks`_2n29->V2dph0M0WDY_kaTH<o6po2BhKgu
z_4IdMD?X+v_f#0-8ZUme)xFP8c;$KLvGcX?WOz6o=&ZL>OxU`*R{@?6^?{#0*Ykc^
znUL~!b>9zha($SPvUYVpK5nlJLs*C~vMzhDjsuU!R7>(|xObu*YpuU&6q>p|tj2-o
z*IUU5N1HZ5E)1(1gvVM<?bI{1HZPM>D?5)QGs4mHJ1?-UV}9=cBGxp#MLP``7WwVN
z8y5H{Y3)r+JTc5GM{L6XF&ZqC8s*EtBrNdTH;i(${Q?CeQXxib=h6=&9};}h`C&$C
zI}JsMLzl{<-W|;48wehXph{Qc*ru0C|81BHK_n9F+M0w1vm&Vcs($t?H46_Ge!|%O
zB8NMObM(m8)n~D@y#_@nK%aJ`F&ymZ83@)-lC!}=<;FgO|H?5<GZlPg6bMHBBHu<$
z6cxftMxXK1U|Gz(GlX|QnUy}ppmdkOtL9rNp}-LxB{{r~f*EK}{O>*4y;5VeHT+Lh
z^5`6FG$lZV&5n}!tbr+w^A_EH?Lf^`Bo$)Y&tID)5qj3hk?JMQ115t54!hY4^0(7P
zz~f6u7g>M9F->s(J}m5Q#qw<mz59Dh!uviNIV>fiH*#~mzX)<0Gf812E_Cln=4N<z
z*FD(eVRIfW&Diz^&eYXOXKQHeQcn{yb1~C+xl9Rozg%T0)D3EsnkmJ!FZtv)mgPr)
za&gT6t3<e}I{IRiTIc^Z55>u_NUlH)c46IK?HBuQeb~P^UYUh6*qRo8@uR1s?kVHI
z#r)>Q^dEgjr>&j-GGJx2Zy}pXfB9A4xfw#Uw_BfhE$jqwzR9=LJ;lGV{m2F7f04)3
z!+`!N#L>*)x@m-A3YS5%RDhnV-(>jCHP$y{OoeEdf%sEsg}DUGHtmrJ`V}qu=}g91
z=psV+QVYX2K@KxhAAPE7h1rxUV~KxQtXse`AlbGPIn8)y*aZW|y$EVWv1tsWUT!Si
zJU=&v=5=yh)(!EK+c;;fQ5EPHCEceL=5bjI=ucRO8J9Ws`CDT=!Y_@UWdfhOns4MY
zv6;CeqN+HXLxVortxSe0sMh6t*Zn*#%0QPzkmI+EH#Xl&5b9#83;W&0{itSh>Z9PS
zShqJ|%5I6dxy_DjpR=0?{wMcY3f4mgO~<5Iw>;&iGt`&;p%^&;?~nW~`nUkMQNJ|b
znZAewr==F##kX@y3~q%Cm)g4zn-L2OIhW_2!pKTzn~?)edE|DJnf?X$vlLYO)SvFX
z5c)?U{+l`3rD6h8Q-_5r5lvTZ&8HFw*~(7eroG~u<b_Bk<jm$;%Ti0e&>*Lf0*<aw
zjX5^+z?GFU_}51Mpg@B;n0B1CkfUU^idZ>L#yJy>nNiPUZLKGSc+{y)H+j}}QPF0^
zdmpHfbQp{=OBSs|Etc<ybhBU5lr?Wf5n$?r<ovLCyK`3_fW6t%c4~29(##F@HHO2g
zeFk&tAT;e^blK2q-vy=ts&bs!AQ#77Ow)sJtj!?Oz=ieG*(eKp6>EDc1|=QN4<f7Y
z%nV!USe9cx5`({pPOD63W&UCfRfibc!|2p4{lCNX)+NVj#{&V^t6Kq2lIqOvMi$=6
zT<!jj2*8EL-gUmIzCj1^oM<z=s>aOZ^D-8&qhe^AzC%msGz`We7}}xbNK13^9ckjn
zo2<H_w9u&{;+E9ct^3L63mAugC|i&v)xzYnI~0!{EQB?+?>|IN=rn`=*y8OZiKkp+
zN4VA=^!rxk#p2DZ>!qG8^hJCS<2WhQG~eU8<W(VwXGMJn0(qWo-f&|S4PHEPrTV^)
zokf@~V=pK^)xmt~%+2QYs!W!D2!R9v*ZW_AFj4#>&$(`YF8?5o)a#DLxt=KlsHYn)
zZZ(ziHNT%@?8%*<bGcC8@erL;@u^L((jk%D7q;RZF8k8{ulU6ri&Ni(L~>Kus%1S8
zU=QQ;h{#rPYzOP4hgw*iV3JxuQ&r5@6p?=3KLQ9$5});C&G@%Nw@5hOmM=L=_?sky
zsWheFct!mnyo}-5lzG`jlm69u_DQ8yZPuJ8!|qqbF`M@>O_K)Ky6v)y^xyRJCYzSL
ziQ<Zv6dT?&6?ym8kgH=WtCqARV6kShyym>*aYeHo+Iwwix}Byum@q$iCvx5e#&GY_
zH!fYl=_LHrmV3RJbIv8&aIf?MVv&f#0nWe_kkqH24@CklI;G^P`&lfM)n?@lMCBj0
z#KD~gnDUDeL)g`hoa;BAVv4Ox3e9ibIP{<B07VrJj}gsov(a}?i^Y8JLvJhI7PDVn
zIrZJr!Iakf>#I4TiI}!?6^N3HbZZ^n-hYcj{~+)-V33NdF3ha2@|8Q-RQ8;;HrH1;
z=vDP>XW`rNoNp+QyPf{b<v#B2@a7{Chcl$Uh!!L;IcsB3O)3ymx7+-+4uEA0L~Hof
z=akW^z8{Xk(PL`|v%J2m;*wI)R!TScS`OIo(k5SIT>4(d`=eaXzrk5RJ82gq?UXcr
zi1a56D5=6AdiU?xUFis?;C!656eoDg3h<hRC_xlR-uds2*H0;J6N#3DEk`ZdRF4yV
ztvdcY8tr#_DTeNpaz`I>=#n{ZegXeZQvz2G1Ll2+riQ)biivH_ti293?GY@9VDT>+
zu3*A>;9~>q-@Uq`G}Aw>mLB$mK!QSBAzSGt!kp2joF<CZ^W%myO!HOR^QO0kqFQr-
z<@?<e0BVKo>c$>@tM2P)i@1l$mu0tke89dH<VG_m+g4Y0*Ve%<H|@<i{xe@~qP8Vj
zeQ$vs{EKh48psKxo5RGtXIpm5Ne2j6$J_oNfMffxB;3?qPBj>j-qVEoZ8`ia(`xoZ
zewb}o8;!Tz#3;(@doI=BcV+ymg{HG$oR9gYUf=c5eUB2`2bX0xA7Vm#yLfpVJQ;bM
zl!{|A(XwNcEO~b^&ULhh;z(r9XPd&}R>Oo{19?t{7g^t|ivrzXb}r>vn1vl0^~hcb
zYLaee&Im4Q+^hM=3>oRw>n_pU%Cq{V{f;fzocbXv0COuO<WpJs#d<Eu<`pNcd(Gau
zPK#NrWik2Y-&}+7D+@JpX6oFKVLxg`B+p%uev;rzDDPgwH7NL>$aXE<6>rwFUzz_c
zxHwJ}N4j#ZpEvSGjn8B!h_;IntXGU*b*`9AnvcqOV?!QH-65|lkJa4v*2mnK>8ESH
zP0hiuv^rTI##S+{DyFN(f9Ty4OvY;|`Xa?@DUZB!xb<l*eYv~<kgHkB(NNJr&+{?%
z_K4gG`sj(nSY_{jdQHFQ_h{aH5fdrU)$G2$Rm_IU6|~?A)R`+{sx4(2d~NB`JeAbn
zG1CVto~We6{!bq;DN`o21RKPB*{NRoMrNISe1g7e?d<}}ZY<)=xi~yR=R9##E2Dn)
z6k4X7vHq}5`J+8oDH{xI6|1R`4gdb94||ysvANEHzLrSx!)uPRLv`xEaXnATwXmzD
z8x!<k6Kj#OR7fs8JYKW!ryH|NPusi|sZy1TMUkxcK>`-}4tUiQ<vx0x;LTY?&2aUp
zqWD-EIq5t5#bfeI>Y6~N?mx~w?eBoukUi7$_<Gx6<2P3d+oW}#Hcr>wT)qD*PbTcv
zG+cL^&LP#tX)}7)UDRJZC~%Hl*4EORUnp&gb|r%{qbc@#Ta9QlG;Y5=!q_f2I#vAs
zNL)z%;s14KDEV%(oa~etBD(qq;vH~g?r`glV1M33mg^LLjcR|RY5)HB<aDLru(&I&
z<`g2jce|A@SX|`1kjk@psrH>$!7jmTolwE+>rm0+`gY->ib6Y+x|jY*6{I$hZ(F!H
zdFq_`oB5WvAW^nDtSQdmOQsiN(XCEZgKG6v8ZT6x*_(Z+?p>#D&Ti9h|5p6E_g@;Z
zT6fj+0R=i=P&O!enA>4(r&*<kAsM~m`AR<z2EeLRyQ+EHPBWs*o*%#hPD9pU#;+Hw
zwc5Y|XDZcLWYX1se{Xe2<8M#S=1$#ZsyF|hHi{HF3Pj#M+kOF86KK5<%e3C=nDHIY
zPnK!g7cJJBXL<=>SMRc`k7(2-4*l;p1{)}&eHF-1Bv+==6v2UQQ=;;|9<U2iAITYM
zk$LK1pv){vyx!I?{#B5O&C^y$^?J4L`t!H=_IEyb03G*U=~8T$v9KuE;46%XJGH~(
zAJRd%uLyub+;!3^7?f=Y(<{DX+muv5uN2v7hiGNR<%Ys%6av6+S9tri1j)d|+o?P(
zTVtE`@2B6=xpsaog$HT+A9;R{>-W)Q9gIAF`HMZEKFr^QHb~Rmwx=vO*6m+rI?)f!
zRuZCYN6p%~9Bx`-bnhLHdc)BVAbD**WQ;b5f6^fb=Ri9{Ty0Z@RL5k4V=ytSe#eht
z5jZE>j&-x&(7WZmoJ_>N^EO<FL|0QdR}TP~5e|5Ihcf=I`g-Qcgc^aZY#-Yt#zqO8
z8L-Fv1fN){HOImi^V$jQTw=#8@SQW!$DDm{jNg}&>W!)}Eyq&E4CHyDsK_ind{V9X
zm4K*Ic_EVc)D+IAQ~*X8XO_tzZ8>H0u36z!qijOUIgczq)%1m6@=AoSS_MR<qu8)K
z#bufq4zDC^JhwcZqQ|pDrK>n%D9&Wjn&v1)8BUn?GC(<H;2w|j(Mn>0swzsyzuN3U
zOI)%rAYE7hG~vpc)Na$5v9T)HlPwH}F6<AqBnox9lMjQ_<5TV7IF1`ig&GPTS(s;>
z#6N<>AndU#xq}*m{hHM@(MTh3aW`NigouxMzedbnGrvCM=qYZ1K*dFdWpK&pc$;S0
z4}>y(0qxv|H`aan2g@&F#5iY!ltDS{-m37bCnK?!xEru&h9aqsB0T{R$#8_`-rXW}
zIwWBo9@)(wAy?h2C7F?m_hhhxe2cP=>_&|2wz0>|j`Jvl^GocnLO-aX;FgN&;#y`V
z13fqoS<+QeV$@K+e<1`m*iB5=0mHbn_pG2kLy@9l!NX6_>pY_RM+zG`IfEMxprOJt
zoc~!e2^*0F3I|~WICa0lOR=_y<|09xY><7^+W2K^iS!vN3-oWlS&u}iB+)t4sM3O{
zw9q_aXa1*h;Ztiv_ESAJ;6>NL+j2eX8+h)U9djl9a(r(^QR;Yj9gzWw&r1C6Pg%Qa
z>niLKWx>SOYHOl9C4FU9spbVvZlBe^h))hQgWXDY7Xb-<p)!AoTjL2w94Qk=IVTd5
ze#Hmh!hrfy4&v>ac35=cT%^a;M)bYLH30Lvj(<0R&avPgZ_9S)7!3en@SnlaK<7%x
zO@Zrx3P;%ei8XL`H&GqtXoIwSKeIniH#mQO*34NOyU3)|@~VkDm}8u|z-O;ss4I~6
z3xZT1F90ZYoplCYlT~hXQC(x&H%;BA*$$=_0HhI?%`+Qz51CEW$!nx(=(^6x-{cln
z4n@TviAfAs#I18u8V*v|(^su?kRV%GwllHs@MGrstrwmoLGLSeI&&{FJdzST%{X^5
zyrM;!kzN@cqLE%P!Oj5mo=WldkVJ<xC#I9EM-;}BH`>hIavF6AAkF_PNZdhZPPeff
zF%@M&Khn!u++i+!>ptH=8iGX+zGwb{2ZMk4g#>LRU2Dx{pm)asy7jGd-qfE`;5iAU
zZ>u}P<{D^!naV?#NzXVYIhB`f+NsP|!h<u=ROHQ*(nk*RipSOqsXnB@J#mG_RB?c4
zvZC~e(uhp=@-ll0$!aNxVS8G=Jhe4_LEPzg1O=xw-9hYmad9;{up?rxs&O)~oC-Hz
z*E&b?UtY-QBsq{s+{t^}Ne@$UmBx-)Zv)U@%N3CjUMwS)%9ww}M7yJnIoL~sK24im
zAkP6BiaOB37`Hrg4wL)~3Gd{ITIqWqy?u%8{}$e3@bXIZBs(4krFj1bWmE{_vTA+i
ztXS;lfM%X(okK9-FbB%}?B#_#*no?lyBWSc6tVrEdAiCMo4B%Z64jLFyx+n5%=tzO
z3|qTq@WP)h?Y+e4)RC&S_tM^Q?<vYKSgwU)c-61-;zORitHS`dDWT_d=3H()(G3BW
z(f$LKX|I_6Cb+IR%>C@`_OzVbM0r#)8Ed}>axT6D;=bqObN7UvOj$LtxQ`%9G;T}T
z^lmp!Y*#CIExNAuDurRRjooE`=rN*xXc&2CLE?}Q#Az!beH=Z&uhy?R=-G)b5ltl*
zi0S5)=LMfttU58+$u2SVAE5*?*;Kz08NU=X0Z>;EZBVJ}iZA}wyj4aJExpIbCzD4k
z=8DI)gdwb+Htf=@f?Fnp&Unt73aW0ryutHlKp&Wxkh5Ms2jqXkOYfd=;9bH$FW>Fn
zvZd(b%YK1_)<({q$s9c-!8PFEzW6mIT6YSfnK)A=NhVY$f~rJH)rp|BANwPg-zC9M
zY}C>dY9j(A0))Vg<D;HeW8Nsy;HMNmC%u1Csl*E)@;?~H?=M+AZti4b%ou~p3}6=j
zmJ!Ei48<}3mY6MXC4i(!X5TAJgi9dAP(I~nl1@Cx%B|4zKv(pxuE@{oKjru9!hMHl
zLqqN~k!n%ks_)e`{@4UCnBs_jQ=h#z@LK<ZaML&eK;4DEndNhix?o`aXrj}fav-?5
zASPjH-AvoHvw*5!EoWZy+d=rzi1ICU{<ufEA`-ejOy;qdI@^fr<Wrz_3KPIlAAW46
z#i7t8&d9B~1F#z(%GYHhiUW3q&?%xJn;cU=lySfX|J9P{_dowwY;|~D=?{ETgdoXb
ztEq<PBxPj|nkYF{g;dgm>LX>vOcx31&u;r3e=F1yp47^vi!-fst^~_0B{acNRfWY_
z`oJdlB&%m-bqWZST(1ulypZ{y2ZyJTU!WbpU|s6}ci^CHA&@lVhC9Gf<Gdm;Hud`m
zf?hIhaYR0q2zXQG2KTPR*Ss0*T>46z_)-2JkX(Vu`b-JVV~z_qWp)I3fy5r&4=<0I
zSUZnr*HS;mzxTWjuLG&v4llvJCw;HK8uga^4s(%oSLP?8pUTj0b|a)i81S~cUVonh
zGFoQ4-Ynd~ndcl1DQDfvZE#`Lxsy0I{gOyGVfS0OOF=9j<3xZ}uWtu248_>$(KW0e
zW28N=A_BlRFQ@;E<OdJu!_)25aE68qLSvgca*Sg5mZlvS#=rLD1%L|(=Wc<J4*S%8
zK=P4!&<#fO#C`9@K9Ec6F3JYri0AE_2*-6F^)kJM;Y`4-N(v=4HHyKX&GZOe!W(-x
z8UT{K(V9??`=^^zAR9P)?&;fkI*!Hv-z51sWHI)x*Z?qkBiZCgn~BH#sd;k=fNQE&
znVE>(akW<Ndob;}ziJ1fd#U1p{L;uD%}>aH%+7kAX}y}4T1y=zsDl~4@T+exPLH>D
zUH9W7I%XrFGt?L!G<O3-Fwhslk-Nfe`IW=IZ+$*xx3U9qbyIC5o|d`^^|32$R?`>A
zG?claX1bE`w0B#|JQxIFV3#<Cq=_>2-uDBTzo0cu9uKls5*xn=z3~v;liLta<?Qai
z2cHe9g9mfGOkSFazsYsZ=j=wmqpwcV%&<e8rC@|8ijm%c6L%>rZ<Q(^&58oG?RR0&
zv#8I`uSKbTO6jlLWz<a&AHupTK+!H`lc9Gy!RqE?Y>fa{HaSOj&D*R8xc3Tu_4K_`
zVt1OW$&g1T7mF=`+~ZT=|GX^_bPOaB8U|3eaJhwlY1E)IsVYoaIVTERpM3()e}Qih
z1avu?1wgV%e4VeWm`0g;HvcrJ2%-OPjx3#Lb#-GvD*sIp9anT7D@vXk0kI?@(}w7?
z7;s#A3$;TZW$b@25^YKP2@yG`Ii-V*e5_T3hE>FbsJ!%`lza&~j{-$(`Z<NenoO(}
zT``^0SXuE72=ESq%&dZnM7Sn*>Aj;=DXVz3G17H;c_a*=fxL^6H=KGxCZs>jkKqBH
z{$zvaVo*OW0s+s$PzOX`fV`-QOWC<%(9yNE0{Rh4+_Ae^ffPN~-@>@U#clz8XxvgJ
zFTtJ8rY{>Y@T)PXJ3L(Bz1|y}3O4>lV5DB5kD(Ao`qP7;vltnv5Q=C=qZi^Jo~p0;
zfvwAsueu=1Ed@w4bqkjN=Eg_t0&DQu1@ZwTw3G2mP7u%zh02CmLuEzu0GD9ZP)K2E
z!xmn0kQ4yfhaYmL8|q*K=;<bxIS4zml^s!t6Brn{KONkUaTMk8Ltm4mI}AMAp#1P(
z>X3>i_%6-ckfM`nNvsN+6zY^nII`WiZI9E`{I<lIvw6{V554F;F}fG@6qYn@9zIsw
zbjf^$VElfR2j~q$Ke)gjiQ`P{)r{3nH8jVSd@>GxQi(eM22tAH#25#YL<3hNEP+pl
zps`a7oC9Jy+dm&h-rC1IsWb)>NcE@Gg^|r+j%|WbL5i1?hs}SgCKD|Y4vymnsucI$
zkBtGH$OSn(?<#0Hg|*-uo|#Z*3e>|(!CgozBNXBpLx2j=3^Ys3k3=zI+=;7u2RnPh
z)>WyhgrqX1he}gdNe4CJ?rp-UC5I2nq9bRliEqm_-##7$lR68dwxkG1{iX4`Yb~I|
zAWol<!(nA-ibgPI0UvaWj>U1wbxL9!Kvpthp-jPSRminbp;^xxjbYZRa1S<mHt*`2
z|2<yXLS7u;Me;v=lx!)0I~>OzA0)))oUy<$ze1kW=0Q41-)HlN*XS0b4A7T!ygcF0
z$!?QVw*?vb(e??wu+PlTC<Blr<EogVc6eB2JgRr4G;0fhJrW63$z^N|qoSI`J`ycn
zz8r%S(;}LDpnp9UO!^_}w^Q@2GUuMkZA7H+->IcE4<(&_SalvtRWxA+9UQJw<n^*!
zTAuX!0~1_-3W$y=Q=84%BM-84zm=K^wp@Qml7<>7z|-nnQXE?y;(~2Wr8E}@9A0@O
z8cf)Z>F7WOuIR@y5v*z>WfcUF)@S2+im4FvlgR5VsP$S-^k;idbjx?l!*{+SURgQE
zpEQw!Os&!3Hnm7|TB23Oml;#*MIzprPLs3x9D&jjG=olwxTD*xx(l{<THt=uGQ0l`
zkMh+LYV%+xhQXlPd^_jxe=iADE$!%u6?Q$_hE;n9;X7yWv{SE%v%}0n;DUcVcEoZN
zAUqZWO|b7H54grrk0`!HQ5qS)T67f;J=Q~J<C+U>8k^fN=Ot3cxxstK*GGSYS>`&;
z1Af}&@i1)Gwya}tCvB|q0~u{#s62XBIr(#ecM}{rfN}qQ^(!j8;|@CZR*62<Q$Z!(
zLiSp0#3GssE#}P&Sobie?S`1KekQK&{pq$Kwrd6s9R_e78aOzzMb7@#Q_}VB7P~M5
zXGhS=y7ZWV%ZArnn{0fO%)vv~?XfkkISDIu@xUfToeEJ`RrMjM={#Q?m9}Ne6Qz;_
zpaO+z7#&NtC;>AGTL|x5)D<9MKs7Ah#3f8vGmOqLop+9T7wCu2%sa<IR^h3${m0#F
zUXSo3=uS8y-dhgyLPhF|USwhaF2E2GPH}r`q7v>$k%OEp8Xa1HYc0{A)E-B!kcgE0
z+teL{wg>c)^MwA2<Pl{`bxeDKxGX+KW>9j8FHzz2#k-gJbgLSvvluCJ*kj_`uNH$r
zHE>fIpe->YCZ4Hv<FNdvtcvT;&XB~^$B_EdafN*k%A}T!L#vqZNJjTXZ}z0!JGDFd
zXDrP{j2Wb624CKk+nX|gh3YU#bt%|aaNa!jK^1tejV^!I2I7;+mn%E^-k$90C=sTy
z*9Ky<1QgBiVC{lT5T$1GV44}GFQV#kD`$9gij^sIN=^8OOX9!G@}SSCQMPk%(qhi+
z>Lzbw$v(GnfPt23($Y30g5&DL`j!CuWpr`Mx5U165fh2gmd()!-=qOYQh6}%3&-;9
z6^6^tQC%-AL0S0^is;?%_+bx!zJ;Bd;;l1VInSbZH&zsVRMnfgL{m9H%aarka0i+`
zLI)mT3>`5kZ1L~~dfhS8Ij0DxOt*U_d$|^Y09e!!2EI8%Tsf}MJMPvVxj@YfvB}7t
zGrQxDSB5;#e`4Sv5Y#yJxAe)>p*X>~Ah=TrK{$&36O{}<jQ*pQ85>7%;_b2+c=s0{
zS4@^{auxbKQ$I_$9>v_p3~&aE%JEeo&IOALR4`0|V)*^X@ktj2*qtg4!gfB~$KNDC
z#3R{4$C*~pXO>riAm;X*`Q?hv<LCs7l3NtBTC3E5{HCx%BLS!*hb?*_HZ$Kh44_Q_
zJ_?cxF<+JDd1c3H^3MUBvR&@F&A>sw_zKJfoqye&EH2q}XQEkV@+yK~dWQiIRI{1F
zGigI<N2wTdIX%i2h;SdXtL$G|IrHVT+iIkFIX+_ZMVXbXqf&cV%@7+0PE~oD<j^Wv
zK{~w_bYZ|G9nt?Z$uhn&PAMl@u~S1f9mKXX<fZS>7#c^w1PMCjE7#brjamIuYWmvn
zbc(D#ps)-ORO0mWtuBC173hbBnpGbVcML!{2I#OKimo$k{os{!<87A2qs<_-sY9_9
z5vfHt<dsZIDRI0_mnev$I0(=9hi}eS>{zH+|0|iVJ|JqCH@|bvxGfpxU*<rqExzQb
zZ5@geb|uW`K=QhP^#oUrXPL0LM3`5$=-m=aK=CDu0R!V5t*T5;0y<QcpY%qkB5ar@
zY%^hW3m%}6oks>yQnbzy_4CZ}QF`~Z_9ddfsR*p3RcNVH`>?jKz|K|5=R8{Nt^s85
z9UeeDSZJoO;U70!k-}PfywcFMEZD*UP;W-&V1OMfpe?y2PB@Uyu+@wVw#EY-v_aGl
z{m{xtV)<EAaD+w2OkO3Qb^eqK7-|+6b!H*Ykvf6Kk!3}{{O7+=S5>w##{g#ek`;xt
z30BJ%_0>jgVZt5H?+b4F*fr+7g9pcItIt-<4RU2G9U_fyHoSw>$#R&y*)aSS6i7SV
z;&M9ZP(F4)J`1AOe>$_mcJSsMj6Mde^fTl_WT#^f_LQGi{$&fN)qfVCnHwRBKx&GP
z=mk0_t|P?d2rBqMMyY&vGrB+q>;KY^#baF!)Me-K%jrI2rD0KmNeWIyK{z1B+0UY9
z2SQmmUFP!ZSsEl8RJ{s~bbM)v*m?Q5*|<KSic#~TzQrbiR)J@9`F1QGaf^bO2i-|W
z88G85l7L+vK>}aOf%WZsdhiD6Ez0LY+LMp5^DNJd;!dH%Jr+Lii>zh7=JEBc7ucl)
z;RA~_GNjFyffnkJbomX~$_8ntKbiAoyR<}A!ybX5PJbjk*;l@O{nBJ9YqCH(p)T-J
z=gc-m2s=i^%;MG-pu53Zh4Q7vpG@fv<MZw`OYQ)4U?v81lu+2`Dru+`D#X1jd=yM1
z017{q0kCYs3Uh`rtKNTR@#TrONi#<gTT4LuQx*P<fwk_Fs1Er<VYPevtOC!5ywmoj
zSzu5C3}8G#@6oreYjzk);)4R`S^;fHK>U;V2R_O_{QbTNb_LuCt=wtMz;spUIw?oN
zQqON}D+rPfotZh(J1SuRY_b~fh_zktL8ZtDW}t37&9!<2jE3?FiQR)Gb=0L+?u%Mr
zl`2f^q!2cbghcrRw>yOvSj%WfEl^RuW=U&{A*if8_1&q1xF71Y81Xk}x6U9`-@7<g
z3UZ3k**=RZ3|OWnB1G~Nv$k0|ojAQ9ln1N&)<YT86J7KtA0U>toUaKfLP*S~YekG9
zKKZT+Vb;m-4&nZ(J1Y-1AjOnK^2Rlkb(Lk4!KaR=x*YSgasm0=1&%;Hl}smT))C5n
z>h>jg9HD}D^AXIq(M01x$xrKrO4+!dZ!@T-tkVPH_@T5|<&BOx0vU+E!VYLGb{FX_
z9=~04#nlPevN(9AcP(2&*?A783gOal>*vn7d^YVjGTL$p+_*OBHQG9I34EJfj<hYU
zQv4>9ZvX7P3ABDN!TJFYJ-H>N_nDw2$*pA7D^z$CPbJ;yw^=N=g+PBQk>e(6P$1c1
zX12`Oh6J7~(KLNqlLbg@b;WW?W5d~Qx&b@v?u$_r23Y&8jXKNJ`l=HTiu?zB_|5z*
zT*3~{d18eveL0OK)v0O@Y5b4#6Bp%aJuXqBxI&;{Q1#MS>=CnXPkn|MlZwF0;31HL
zms@me4jBdHG>LhcLz`lQ941CQfr-nNAe!HK3wR&d8v6NiV`FkZj=99A8Y=eAV0n@C
z5G>{@TZ9C<PRMUnR;bpx`)9%IEOl#B+_jztK>wOXIpvNWCKh9Xu$I|RI{i`)<27**
zd-QG-SW&N?ih0Hm4z3r;uR(G%_HqXc4+0tF5Ve-3RFGzufKa9fN0&5I6QB(o9{y(&
za924Hs*z85<+2n#RxwmE#UoNbc9;ngK5Zr%2(@_NP+FLq*<y~Gw1xvza~eeQ=yxtv
zV>QV2;fF&-98UrVASSK!AvHuCZf*B^1fuSYpWT#;5&<rd!~AtoI$vUuWOre(2a$L>
z`1X1>JOTycgYj(EjoWPQjZO{Py0Sb_gj8IxvJ!pLpmpC7pgItKJjN-)>N>uPix|MR
zxq!Y@(;-0RApksRX-e#tzf{Af@LZmxl1vE(eyL_ffGR*wb^kvp+B7KPe@hu{5K4Vp
z%E|RCacE-)_{~rrtQSBB!Xb>c0-Ry$#<2h`@?S?tTq4uyzX4M`x!I+z?0zUw<>@Z|
zg~~eg5@{xH=@T*03(Z>%{tLBx;B?evQPmaWypO^=LDZ7PT$S_lH&)Bp-?6;aO=lQ`
z@%^dFVgA6-8#5*LWYK2DLxiZT!Ms&xft1)<jiaW6x)s3*j3rh@VO&Z!_;n(zNq!eT
zReska4QYajj+H+y3B5_B3c%`12krv|iqY-&ksRqGuHZ!XG|D(xjmeEG-qz*18<^{H
z9EVZ9A4kdjhFgz5DC<9%zu|TUh&Edx!Hh6BgxMvu+vKf&Bm9e;cbm65KyRZt$%x5Q
zuM}ce%ZsnX=zVlQiG{NMZa{PSgEY*JQV4_Q9WTsIUJ&EwYZ~IZPLy;0jXKJ@;Ikab
z0Xxe2fF;pCe2Wk}+XSGC_j_7b{Ur3-HMk5#90y@f+bq<Mjmo+!rfi}OEO(H~;1}0r
zgJ2=y@uf{=^lHQmeA&c={%98$F$~MDB?!xxI>x%ZFAjx+QwDDj48r<RLp==G#*2gj
zM5-Sx1e!DS5Va&3Feo{(hS>$-iM&l2^;Q5{IQ1E(%xVJ`kI?U@D!oBtBHaJ!m%1>!
zPJQz<{3b1<p&fsOb<8HMd*VFZ5iN-1x(qD#kS3^ckSG`rrYhAM6cA$SMYtWaM4JOB
zq3oWhFH-Y#4=JGtlO2wl%s^eQlz<jsGGd!S&qkANgWxFJ2I9JgLB02?oh(cXgSmZ0
zz}Iydf)?KvHKSJ*b{Fe0l1;;#U^|5A?5VSzMmdpY+54%pasLoI(Yr5W`1T=ouGRI8
zTCHkZkws8sOuRu;wni?+dAgR&Z@+|R7}T>4=+g(25dm==<cMbIEtPX2)hZNDCFz0N
z+&nI$Eph?Ljz<e-X~JjbPQwGvkO7z0b#D%U@a?y2{7_1vfBDMA+K&zsK`}CAOCOZf
zvW>7#7Fp<>(WJTfg80;jAi0^ojBdAt)25s+93*Do0K?!yf2KIro<qaJqHHm)=xyy7
zKSw<`=1Grr2LwUYqXTn_0>1Y7><mMaSJ7PB=1-&>E@EO(_H%MNKW*;)e(DzsyaAmQ
z&BEyK&`3iGmf}6$$se@V>TTtS9eA(rL#e088a^T1_`Wy=%8#a9;J6$YA>qx*rF$hj
zW&4K+Z(zk=&>}beD-OHppq#l9V5ykU^gjviEluh@OwMATriZqwGU}i=5^bKjZht@w
z%%<nqjI=zNj`y0@`P*8UFK8apRfskAV3O_?sVLyHStDZ9E`4P?{J<k!qEN|S8?V4s
z4^@*^F<zcprwrv%g_XL?<@|Ju7`RKHI{H@w@$omNgDgwJ=&UB9Pm9XFRXrV(H@w%M
z*F9|Kr)il$IC{zyK03j*dxyU=WiEO|c~7xqCERTq;JoHDpP>#J5(g}2&)|a~tD<#&
zu_|<U!=k_Z%Bra8TfyWV8t3h0rS1llQ<e~({9+=u?%sVx4TLD&qQ7hMGs}APhaszF
zf7%S#&6A-Yi!`<*-BU+TH4%LNM*MwsNb0&%XDdwW(mQX|*;=0;+rLX6J!Rjz=7TVG
z{>FavY}~shf+g@6Oh#kQ0FO$i>q|R%4O*G=`3z2kc~`)k|NbFJV-#pcK>WH0|5!Dh
z*?u|=1}X5USnV^oEGpEF;0I1|%3W0**i4C`_A6LJ^ZuT8+YKpR5>Y`8pIE+RT8(zJ
zhTfqtOWu_f2w)nE5AZB-woM6GjA^;t#}Axbl)6`N>G5!x3kjHn@zd>Pp1~?k0ZH#y
zjt`_U!zlQc#hQhyJ6CpPFh7a6=ottRzrh-yXjAgm^a>al=r9}oKHRVDG{_zB!mE_u
z+t+V5FnaPbFc6nGO7`{ay|}tI&}Me9Y}eb^LB3xQn7p1SPdzt{|3;kkp1BuHPPW2%
zk^NjbPz{r5h!p-Mg#9VCupnlGL28e8db#)fre55iQR&UvuW8y4De6(Di?RE+;!Y<v
z&j+WFuB1R17>{4K>E&d81vXHRV6Xn}M@{^Lz$6zBhyH;{c+7_F$nkvSgx>|41=ETB
zx6-CSb{rx5|Bs}r3~1wd+QqHKwRmx-1&X`7CODMhPH~6OPzn@xFHoex-JKS9g1dWg
zZQ#xC|9;xL+1b0<&0cnP=9yW1L`EY%vIaqHIj5b`@Xpd|?0fsd?j}m%)VBp`0#>yt
zEzQB}-2L?Hn0oi$!hOG+wI2-8(7QavNFBS1Ek+G#ScP;iMkTCc{)171mW+cw1Y{(!
z4g?KSL{+R~2Hw4~MVu6WHAtjVtVvKF&`l9FvW{u;?;9WSUuL8M<~3^${)E`jVXfpf
zMlE+DSZ$UIp<S(V*Jy_6hp%bEvVvIsPFv!a$U&w4(nD&OI9GyLqpLf98A<$$kpp<b
zCDk5D-M8x5x(C`o@d}4U!J9nso$THQb>yKep%SSqG?T0cdy-5gMX6olFhQK;)lto5
z_d2Pou}ACiCu_bz%pVJ!yn%d@r}4E%_5co3g-=s9pzthl3Xna$h@vo4-;eIxF=R=X
zy&v7{S!mA-oKVLoaRy!<xqXrn0}4=5oDc(kgZ$57(s4|+m3O?s(V@m+85E#ZW7Ob<
zUJ8)wwTX>-%?D&-+M00R4*88;QltxAC3Ff<1AT@q>Xs~GsOt1NPPv6mzS^<hq(|U9
z0)KWlA#Xh;W)PROK;Gy?$+-}#cM!V|xS}m7?=&#+VeOeaY!mTAu@uV=P86_>>%gvP
zHbEnECp%5Z7+oZY4}K<7;6dZ(nUB+$*%5|s21r0Pcy!Kb)d$(JD`{?YU>^AiUNex%
z1W>jeySzWri_A95IyiyB$LCH)eUKHqEFFQz0if@&#mu1Rj_z7S`QS?Ov%+aiVu794
zm&2G(UKA&>#Axm$g1AjUv;nZu55z4ZuCC56!Yz7UU_W;#Yji@I$@Wd}O|2OG2nt(9
zb!fV~F=!<CeOb*g{42OkcaP1uWqcV`#MzRg<UfU~$=xHjI)$=J{nN?EMt5^3B7?e^
zn_zHdV`^$>t-E3)7S+;U{}<0Jso{?~s(M0e6u2RmSo?$?u4IEPIUbP$jW~MCm6z3)
zBUYbS0$j)rI&-)Nc0P!_*Jf5fQeGTVUPfbfy4$hf&_gKjMR$CS8OKdHfeks%#bNG8
zsjD{6x5>_Xk*CN5jdf#z4W=7^y!UcsJc<~8I@$D4BR}}?!j4Yxzpv&0zak~EL2*?H
z!v(F0ru)qJV5+U=UseMsCgxqd1Y!91HW*ix3i5wMp~H!DN4cx?ZcEuDwaR5rL8X~L
z9H9EFhg|38qNvX+J*3SG8lZQg;nsns)Awi4dOZ%EskbYA`#I~2_+1UUKYKJj_HTP*
z_n#7{zIk>p=|0MF`dS4(;#%h)LDzrDIbFKRLDu)d{$7%Q7*ilbnYo0X6=k!!M4c(Y
z=7>9|N|{M6Y|v)+sPks;Sz2na%i8(_Z-EVz!@MIrZSb`4FiNKK?yJ-_9<mwA@Gp3-
zb4%6Qglaix3RIX^cSsHY+N~&AeF(q60C7nU!vFDq?68o;PJT&Hhq;S;;7P|Fo?e?k
zrJl9vHWlstyDY1FCd7+<-0fQHQZV=%LJu{BwhHRr`1aXy;K5m|PZcE!>ULN_8Il(S
zIR~c5`E95xgacy6enDy7MW%s`wP!9MhqjrV3bD$E5~JI?lnV1-khpr|Ps=Wi!`Lg6
z6`nT<-Z&;}6%#<SxltXir^R7fotT{^hEFG(3EYllA;L)s!)FAn9g2AsD*~&LZ$mB@
zhZ_S>GtV~bQkHKq1M4CtfWSw?pQ96jjUS$EL5Gr8i^Kc={rmRwUh<mj!#oe^JG*&k
z+|T9Xz+TO-k43UkCnfPeI*?;Kj?%4wl7E7swRsgLmx*!8scRfsIt&j_Y#NUx)b?Hz
zD+44tGabn4w~)FNKMK8^3gW7Jr(MMWw9mH)A<_cSXwCq(903Q54e1s+6`U`bcyDkY
z<v(@v1lno!P_$Z0@-JMG(7rXfitdJ(&*t~s@n76ci?vSu-K={=(8aE!yFupnlb?op
zkmG{2BhV-2Clj__KjrrXAurxt<V&Mj9spZurDB#?@LS^W-mtT3a;)a}R6e1K!0K`;
zeoS4h3-pN?FYe*l%z%TCw{PEP5ob?wiDnhI1G|XYG(YW2{3(v(&ypApRgW+)TaR32
zar2_B8*=OlU8q{PuG^QkSz6Ew?viSOk20fe&sKOkIW(C6{1a@G6gK?1BsWu?_Jr*F
zs;j86Fi=u?Q0>@h_n+kbC#$Vs(8TRk&tS<D8qLZ6*Mx=;lG58U5o2Nfr0+FK;2eF%
zR5*L}xjys7jy~wA>qDdn25JFrX<drrKb<`4o2R4+V5KNs^=)YAy!W^2ao}0yk+7`c
zqh<+!lGi#uRERc3x#5>LnkS7%@u}zTZxm!jyy`=4Z>^t$(jQmHaIyJ?ST|D7GhTE~
z)Fez>c7JyN{TkSMxhoACz<BW79Yl_j9OA2(NxA+ed3Nfi^z()usj1yEc%^MGzB@`5
z`LiWxRN`#aP%2V>lJnTpx<l~96h=+h%v56x9HPS|H=u(a4s+I-zaa!Nev&k2Gre#L
zfn)uoD$s3^f^{vBkV$gld#0Oysp><f#=~i5N<WO^p&}Lfl5Se_Zo8h~x_Qgkb%8`*
z@*TdHT<g}%>)Qd!IF3%j>~WHH=<LVgL$Auz(?|=0O5X(nP^F@;xG0=?az_x5dtMs)
zMXz$7)BDd|9QKOXaAmV{qSWdy&&vDXT}EQi+P1BckVWd9Ge%He;(|208$z!X88lW#
z7EG+?csAx!Z8)iHo?5?6sHGt~m-x%TcFu{g3H*w;L?(%~*QerJjttW1bN`bQhgC1}
zxAOk_J*aPBf#gn@dvaH(ZOc3k=R|nCQph&+tv2F8_XAyvWj2!Z_`WhNTXb*UCeyH8
zX2?W|(c=fp_(5xtqTtpj(`{SRFV*^|figdn6d?FN1wSGkntrhj=RX5Wtzhj&F`($Q
zZ7sf3b3E^XyN`%YqK<Qjzl;4gx$qTl3l&b~Si|nSe6Og9O(ilUq43|=a`!&&*@9NK
z1l6P@IWD6zQWH-JW+}5HH9dfuN5~ow6{I$zi#(>uM$0Fr@@DRH?AX8$Atv5`#82e^
zo4XP=Q*5B{l7#`*QqGS@_JO07y2z5bwJlqV{?A`LIQ0Yn^f<K!scby5A*MG`tF^7J
zMkK?c-hI7P&rFnhG=CPUb$783)o8JQ3EEM%&Bq%_uF1Rl&oe4;y0#Oi%r8ctmh5e2
zRK|)^GHUFv>_M&?d|5z;kBBo;)onF#vL&27{&3tR{Ti(?`J!E7@t{3G0g}|Lqje5a
z_<2ZiTgWkv$th82a^bE1j&aTXPX`HBHp%_=>m)lb;Kpg4+UH$Eki2aQhsI~ZqdQSD
z6<K=I8kjJsd>^%)8)L!r0*`<u;wffk(i*2t!Dj2b=-zxM)7swmz6mUFwq+lDNEq~G
zf5ELvlI8qC_|R(WrD9ZCOms_f9IIVuAh!9hAE^53<h$a|{PMK#2*E_6i>%0&^*$PD
z?tfeEVuoNhvyE{-q#BVB8*ALT-FXb_EiT1Cx#^@>p`9?Pb2Ow)qD1M8uSgFsuGYAf
zj%@^q8{k4!0sS;ivF-pe)JGG1x*NxE_fQqX*QR?LMl_lsmYQ9xfOkoELb^8-<Nbp@
zBD1*vRB@Suo*QwH*UdiVy*!3>Z{xTN6E5rzm=GWMBm_O{!99d@`R=K+t`dKFDi3gD
zQ+2Qg1;6_$zNM^^*VW?LsvqBma+AO;+>yQ{EYk8iOEvI|_QqZG2_Z=}VjF5+vfsrR
zf0r0c?I)wFnL2AbH{KyZa&w@HEWmS-l}(iCuM)Pet^rd;7FUm|pjPJ2*5s?Ulsy$w
zPAuLpa*eXlnlxdd!f?dEMW7Gu(@>dBKgZH`GFI;={-^X&RRtI#P9)#+joR~7L8l5a
z<{i*CB{leB=)RINhJ4H{MzyZZO+658HIwH(cxYOYv;DpLYNy*81W(J@#$K4LsDIc{
zOhcnFnWMsk&e|#;l_s_EF8;RddWY{DE=&XY%`$%DCUz7hwL=1T5LceYf+X=}>wIbP
z`Z$*Cry&G^Vu{I*?&j*FwwhURSGB*ZK9BlOER*px&UmhjmhwTNQ&fR8K?0A5Z7UF7
z5>wjK`vr+hw}$~en3<^!7eHOVVRqgn_N^E4h+hpzMUB)Tlaq6~Uea)5-wNph(0HAN
zI^!N#(n85a+iF9tFUiwLg`|%bSc(1pRQ^K^>cDmKXGZr45zx*URlqSs>TB6(jj}%4
zR;7ySPa*GpNOuf^U}=OOYu#N#X*OC@FpnBmsT{j%Q>|}C6ALX%KC9m06Yq#|_wP7H
z?c5$SaR^lZ`7A)OJz>fBd?)~VKaVPxf0A)pGHf;9%5!-0dt2q)#%#5f*-ibkBJl)R
zKf+VGGxR}2=yo2f{KUo#&6JGQEyoXf+A7s{jO>DCb9prC1uC4+Krjl3;Ys6FA+L;<
z4N@X+3NltDQj|9@_i=PZ9eOS#=(0rbTyxJ4y<c{ouN@ae6<Pg64eb8rQq+*S?Sk3A
zIw_KEsvDOy`vOUN@@GHFTgNvD`syXrRxIJzsThH`jxXdZYdjWckM2!eo~3A|UNnI~
zyEijq#FSGui*R`STYLi=5KP}ram7w<VcS?M66(Ay?vBbD{UZO@p5b8gzPWt#qPz*U
z-Bmeu-nQD$P@Kv&z0+6TXN-u`t#_*31-EZtJSpB7nZ)J&K$~N3DbT2F@itZJ*f?`r
zR^SF-IY?`D#aUPT<sh~D1;G;Ga5RM@Mr9tX`e~8NS-_Gphr-LFb3Z9+<RX(Ta&IDO
z?#<}Yh>3)+>Zf(Cz1pY7S1u#n_DCLnC(a-|SH84ufwXPJ=A4>#@3LVTc_>jQmWTW#
zCN5$`TxP~_j4QL!!M^MPu-bjr>4bL>8+wduJcjLqI=n`Jf9GNIS-{-xjCmx&On<&%
zHjS$X!w2=7@(w)Xk0z*PHW`^zWK#$zSpALG<0MNI`54AKK(kKJ9HeLz7Cu_D=Yy8H
z0zk8LXOqSpP06)<_?K>(1jANq=MV-)^|0Uj34Lr-5h*h?)T|26UW;r6&A`)DDPh><
zZ5$h^KII#CmE9F>$OWpEqvbX)CPsHm9Z6oM81Qs`br=?ZCkvgCt=7Bcz`=vCN1@;z
z{^iHB8{`*lyoW<^(8b;C{`Czugy5J&tuF&X&w8Mo+rM^%VFiAPlPr-8)}%Y63DJ1D
z%<cA2<{p_wlPYIU<fQ#++tDomLZ_1Cd=++vL)^@>vC#bLz}@^OJP5=&pJeiOC^CH_
z+pYa*lN$e1_cHwr%r6nge2wh>pG22d9CV`bf{!J8=ll!$Lds3k6LJKsu9p21$TZI{
z`DQT)#Bx_u>;I>0fR?pI=-+o7G8~R?rK#iO9cP=ylHH-(GYs52esuB2pum&o=+LLP
zZ1NI4wBqh+sd3`=1X?d3sRj(>*f=sINeTRgXDNi);73bzs6HNQa0uO}asyO7KUS^H
z{LmT;0^aBR?$QY4N^wOK|5uu-Ri|e(on$-Z8dP64n<9`SXon5QgtvOPd!wqRqO;vj
z4mXpG#~pSF$Z{o#eJ{1TxnSg!vCUc+2~sVJiEKN41CA=MQF~F;(at}fQEd}=5N|G5
zAitT&(md9;Y9BuD2tz@tI+AYGoGd*4^?<sn8q$JSlaRJKiTsPnp6#zo-1kAnL(>Vb
z_wgi!FASiyIMnt`Kz-N0WCNCZHx`xh&KncIy7zO#ipV20Sl=Z`_<Ywhui|mw(X0v>
zoT<Uh{%6XIZ-gLJ?wivLAdfgysv_K$_`4dZ+kxq8PVe4QufcHXIJ8GGQr<O@o!*B5
zWaYRAwa5ZxJ9_)S&F(>LEcNH<I5|3~BEOUZYSJZrvy<Q9rxlEFjj<Luf9<C}x|HDl
zqRG;7PA9*S3m#1j><{;o_he;3ifCz99f`Dk7z^)aL4MXmrK*Z;#($Rk8P)FV+aIo>
zi7FzNAe~Dku^~wISDfH`z-JpBcw9@hoUW-30`EnBc1c60$m%s3UX_a($Q?;4wAVYv
zf;`WJ^*$@a{9KK8JaOW!lg&^?UfSCx^zTrNov*1vo9O_)r$#DtD)TBNcQFz-NfI|s
zbCgj(c3x#O#&V=u2_iSKq^xEp4f5srSKGN*f!Au?3ti~VH)<P~d;q)BQumeI{ClKI
zpAlVFjI06wE}Yp1(^vdWrHXGHc9hD{nI!g?$1M&r`--u~wQYv!QOzi${F6cBZYs9>
zQlD)8o{Kv!#5w(o?o99PP)$Srp7c7pN;%G>+O6xQO=^7|tsNcMSO!i$s{E6zSE5vI
zBjB#;YNc{>yN=fRlvDKh2ZqenrK;KhE@~a}0JTmSLb^h@tDl8c8w!*$4IPwk(z7|C
z2|TF1=9ta9)Vh#>F8qUkGO9N$f3Aale=|Wp7`!if?8X7Xd6M-sd5VuCI2(RF!VqoZ
z%rM1#dvtQ(MN%88sYiop$eTQ9h#e?G5*{>>u34R&pT8lgrjSC98a+*aw(}tblQ<8W
zw=&^pL%F{?;yPqcB8Yf`ENcxRZ(x=9doszj)imTLb9R(FpuOoE6=Y!fE?kz|Y|N<&
zHP8&pSKzg#<HnjDC!@$Fs}{pCUpN$=BE=G!LYPYGSn}-Tp4#u<r7-uQg~D;01JpoR
zCNF1H4%)4cOEQRTXm4XL4>7}PPc?v-760)sX}9Tix0iREG6{#CG)NWBBb${?TXf7B
zL=rlFafZoaI}SO59tcNRsOP4zMW&Mt`XB)TyB6gERcJ09r1&fhd=K3hozLWacHu<0
z>mq9cB<@3!sA13e=Mdr)??Hh_j5n>yoIa+oO>B-^JWvne@mB}?n&;V~L?WiS0k4jE
z_VSJp%zvykNAuMdhSE;pL;!TUwzblKoWpM+^x=hV<Ee!IQ_MZfZ00q(+5US@f(|~V
zP~_$x2M`IVwf0<56XlrMDl8gmH2$HHV%U70;eDOVh)u)g$2GvfAS>AMAN3K=_2}_X
zy7$(z1q_MS5FU%4Y&W=DSv#7`Z_vLFmHrqsi1z#2Em~|*ZpOohr9(S=8*k%`DbUQ+
znmD$Z^dH$_Uw9IpCrFiF{szsg<gYhgT~Ep`yK39xtHrBDVcmEf??D#VR33Ozn@!1U
zmBDwm38`pil8FO>0bbXaCX>1nK_t@{>B&3-ZHnk1jVE8+DW<)d!{E1v$A{~c=UeDF
zlN`YwArQfH{Z4+TOvVZ=)kcMi{*xW)0)u#j5CQ=`pM>vl$1Pqp?7kjbT9bnQv$vL#
z*yMcxS1x{G)(LQpo+617mh$k+n=TZ@e|m{HZV3DGTT;sQfjBVG_0yN&Cz*Q>kq~9`
zPtjhAOMuos*s|i9&t`J35(T4sFg2c#jPx^__$!_d$Ok>IVC@+9B)kT>((Fd%o@?O_
zXtV4)Vl8joz&q^@a74l)yxIEiw*D13zNshG6(OIHChAj~Qv1n>wH_0&F8u$9$$cc*
zP*kGg+-RsukMUzYLlW)d-yP;|xRGqU;bGl8ED6hPftwA_m^c5#kjU;B(N8n^&S^(i
z^7`-2zvQ|^yqUI*5V27&%9JT@c2_68&gq#Uuu8>;T;XS@tf%2xnj^B)*_5QD*$x~y
z#*NRgUnwz{RbfGP?yu?g$q=!_7I&JVXtrd~4%{9kJ%^wh){|TEuQuM6=_vJX)HN<B
zc(`NuLHs%H!7s>kjaf|4nbCu^F(J^I!LZ~!MC>van}$8-L@${qRgW1?mcmC*!#;AV
zm#mwr7yN{PCb9dKt~BauYZ&Pa5nR)%W$G^e{k5DT&R7`c#F&DS#`yG1HdF)<V?>0#
z)d+uUwV(kR5F~@7t{aj5Wg~^o7xPjIlMSF5KO*~tiEZgde9evOKq8(Z)hw^t%g;^y
zF#PWfPw1_pb=e-y&+0yK`vfS$vc_B(<>5{)lMcS7hvx9ihW}U+stE^%Zdb6HNBY1u
zK`6B|uKXKzpS?t$34JdWx^0gmLJNOG{f>A*Hz8Q}CkZ)Y<>U4*n6DodyZ5V4oLsze
zQ7i;8C5oa@Vo9}U)ig$>g|_MLP1w<dj1(U7Ub+2I7TRIFSMx@S1-`b&A14PR@3Oy&
zH81#qoDWCfg|!u=M#(p{-hT~&1-d7XJa$|qQ{1kL=27j|2E+cv!tcg|zEV;B_?<f5
zs2S@X!#OPdlE4X;HN+hJ5JK(N`dvna#uBNL)u#JmS7ZY~Dx*RghCqdM8e`OZ5G*wh
z4o9=AvB+$_QiN9eEs<`wACQx6%933eYmjZ~ll5@*jJB8Jqn6Nd{L-_kT`1lfivC8r
z9sj`y-vJxhUCgE${SPPGTP$Bwo}=nr`Jmme@ZZ0^l4hb$GRFc-JHsY*@mFdE(*jww
zLlay(2bNb}X<8#oIa$d7<{<ufd`?}MRlrx6-zhNywO2wlm9V<s^Rc&?6z+yq%i$w`
zj74!E6TFZ3w=b6=xf3FdKaN>@<TA$%0jl?^;PX*UD1)WmefJ2IgjNBwILuRELY}H6
zdp7cZajfGU>&ckv-@9#DqaZhB38ePk$xV^G$(Zj6dxqnZIm!((SpoKz$uBL0*|dgo
z;1)Sx@D4qJ%Sbd>Kq{GxekFP%RmdjT3QR`-H@f`aAdeY1uib!j_SH9MR?XmFHdv|Q
zuUy0O1d(RJJqTS$Buy!e_OQ1phv9v(+_#5ViPsi;ih+JbKDekKtzJt;8Cvftl3vLd
zKP2E`mw73tzFwxX-eDigD#vt{v33o!(`JN2GIx#i?QBq$##YFz1K%Y`rg(N>!2*(Q
zL~-=PW<?;t+xo6LxAiPU)Wj`6>&>Uadd#3Iib|s;-|HB6XO5wF#2d`_Es^U+);Kz0
ze5ywa^`!+Zs*6OM7A`W@f`+jE|C#fHS>~qH?O-4OI3FVaOmDPpW4vk6UcE})lzT35
z>17o(jQrQ;(hK;n{G3TiZ)w4N$&y;ja!F~!G&`Yk4(Scet$*T#78>8yKaJ~Tdx!9F
zSV#f4>Yv`l5Hk!s6)MJdsd_90xd3}d%dLu5U9Ff*##Iph3%*mcsR*sLi1PY?09qLi
zKZH(t-hyY*f@f%dC%=@+qtf?r0HKpssCX>Ff8){ri4Z#NRP(SX%!cODNbn)3;#EBK
zB|JS`uyp&o#!m2F=cVD{6J4A{1y2t5=`-K@n)%YXUf||B=hZ>NynkCF)iW6r!5eaQ
zrqu|xuvBbR`}KHET1%hgi!T&F5TFxW)afL=d@PUo)|Tk0q!X;zi8{rFLS4syZ56Lm
zOFF&B{lndvtMBdG6GhfjMf~>}_I5tb-bqZC?X3EpwPGD+!C;zTv5vE)PV|^2b=O*2
zivp@oZg2ZsY<?+I;8Cn2V!>$xq^&t)W0C)+?uM(16?ve43s6m-nVNQk@lXGHJ^p@A
z6y;SW`3`-ZsCY)|w*bYrfl=IB(thbQe{eZOF28bXR`cB18MM5nE4{!7Wf+aRqk;}o
z3_5=EvCx*a^4+&paN7i8ev6Dfia}B|#1R3aq{TpZL@#ljEzMphlabm8|NX(8jN_)2
zTxHq#x1f~99aB#K1YPL4^61#03I;cA$c-e^)BYCf`YzDw^?ox&`B_)w0q2*iGrrMi
z1CRSeztQN7y+0q0$3?CR?3?{+CfZ9)2iu$9@vOB>_P2-jwL=WY+u5y5$2c6!<PG&}
zEJw?HD$2-Y$I24s0Gn~6We>O$NiQT8e{+Iu>Ywn;)3v$ZRp9WodY%8V_uKrz-?D4_
ztr>m&z3eh)f{op=?YDaF<5-fOwJHbVg(+mW*~+8Zu;l^38_zQ+zFTtBJ*nIH@Za6>
zlHPl<4n1;niFZc0Eq~&w$K&E9Kg^vt@raH*5!F5sUCy7`dgCVM<e*@_LBW(@KIV{1
z=R3n!vU{s^{yyzz0rY`2-c8**Q<dPeSL}qsJsoAwfJveX&^Gr3mG;4wTfG$8A|Yzg
za>AchS_?H~!JrqzKydtK2kvK3fn{rFOsaXyt~#>8F2Yz6d#&NdIk6_-eFV7^v&_Sc
zyEoYcmDYoVp<>*<1uNX6>{J2Z2>0G)b{eW^q|_$Z%dDS}^%ad<a?z`!dl{Ei8j|J2
zfg+eSnS5O2$+=vOaCBTUs4g_XHHKbd4j4i-a^z&bL&!#YUR!lqD2A?huc)R7T6U-X
zC|CWj_I7^9nLJ{?On1B{uS-&FOM-}OS}F;gQYBOrA~_AJ8YHG|c$86W91tdy#38+&
zP$W-|(}G2dj_U!|*DCG0OEiGp??1jPvFgta1e-o!e#Vd`4P3WOI;PhADgh|ete<q<
zXIM!-5ag2yNkWJJRLFD5f7)Sbz9Is@tiGO9T~m)aqb``-=DJpSz#?JthyIu}{w3}D
zYl_V1;PjGcN$EP5B0nS<J*Ysz+$KLHJMTPSE-#nh5yF4)#Q*4kBmQ2};<wz31jF@u
zb6vBDrMYr`h;{x;V%~Y3TvsN+W1juwvHi6x=XJmXmJeg=dI#d2>#8vlW`!ZH`A=kY
z_oQ^+9VmX<X8g;-S#>GR^T3XBSLxxrEl9M;NvhHb#WxB?SPe$|E`xCJ*Vv?hr*z?L
zYHD6mom$c|pfK#Aa!#Fit+t;e+S48ikPC?ovLofywdT`99{XdmkA4;Q$C~ZiAlLmv
zGKPEMkj|6Klh0yN?BWk6J5w5p9DHC$m~(QA)x$w{O4kPzYzmqbzMuT-v|NnFGz#|`
zXBOR4A`7AV^kJ-WZnJnFwQBJ5+uOfmew?ht&yQ(mC35<tN8dYe`7Wdy1PI6E*a>&7
z2FZqFV(g%Wy%FP*Q%WG4_%+X^HfWl@(F_=u^0bgq_xn<r4eAWX>e&6W>5gtg%&e9~
zCYi!_u4~b|*NfVeT{<PcAO)wBIi(AG&$`e(P1kGZck!hfge{L19!2;=xd;7>m?=Aj
z%;W2u6Ly9B^7J1=U*FVoN|zeT{N3q6e`c5V<>c{3r(DoVtZrwdp8$PA`4fvl>6_y8
zo_!+xQ=k87rn?4wOV87bg=+U*3|Yz>-@K1q{e0`)Il7W=Bn(LGa&LP8Lf1})QIqw=
zJ!RWoC8r&$PgqhtS5Zy{{SfLybK#XxOBH0^I%12@Y+-llsNGzylpaK(^F^2wDi^rM
z`L<JB9etInGom$7kI4D_`5N|Hc=g1ri<9C?ab@QiMsQW4$5iHHl#0b7EI!qw8_?Wc
z5!SkjyCHWK8vB7FX6YulP+AiP=0%B>oJXElC8|tj_AMz#3%skmdKEygg#6@*!^@|J
zHiCbdO7EMs&OU5xV{@4E0X%1YZ%6_$ZaT>*((HZhJ7OEIA8D*%d^>2AGv}YkwbQKb
z?@#-B8yd+Yn{N1RLtwa5gu6w=))fNMQzfIUfbyANxb+!Pd9=hP(^Ij^4l<D`i+%R(
zP*)KvOh4J(dN8H^X?}DEorzAGIVQBP$I@gn?YmZSPJXq@5W}`97V=UHF1N-qgOwy!
z9?6FKWjfXNzoj`0F-dg(i0U>%bH&ihY>jm@LfGGVHU2ty#umoAQE40LD6(llOtDZ@
znZ3r_%@r_O&|y4GIG4;+X6FiX2m1^s0P5!@(>E}gjc=e^Y1z329Z{_%);vqg!ZKXt
zZ0&eAdNjo;VJtx%^YYc_m3Yj7B%{3n?CEar(!=lKKJ}J;+WOqF>L7f<KP|;=%UQ0e
z`7BgrqNu}FrUVlgMma=Vsbxv4e>QOzd?-k?IX3_F%L1^>rIV}GEcT_rlqc8-z`&vt
z))0sGHkD;oum|CUvqQ)ETwO_cQfRQzaS29ZP7mRnjOjrpcM3xtA;1~s)=X#X87*ip
zF&K7OioOii&#f*JGnDs(@yXeLYqlE?Ms>><+cfbDo2PwkL9*M?uMc5`*_kHmbCt+8
zoyhx%0;~;(>dC8m3ANL*UyObT7BiD=7h!`#hLZq4eB{t%y0EQCwqyK$2Fv140pG8^
z*G6wId6SyTkQsgcsLyCsp#&sY+atk>+5Pjar+Y67T*aQ4f^YmNC9bbl4*)kwC5zLi
za)I&jW#-cIu@|IF>i0(`zvIgoeE&h@K57vf&nkNn7wms98}74w^voabV_fW;D&7A}
zh>xe8gUm9`rdvVyFa!QCZ|;3LWH3kulUf!N0sqxoO2+Ta!3Qq+a1bo%eJ)xxj;yXr
zG_`NLG^rab0Tg16LQeU;CaT^BWF_W<xAKRVS*2W8YdM_u9m=cKWw2so4J{(V3BQ4B
zd%0gTjp6~Y+sYb=+R7+_UZ+9%U|Lx$?%&Od{4apA(px;ZyGz;M^*A(r=Hv=BAn~1s
zwanFU|It4K%@p%|Jxj0W#t#-A)<vOEn&LTs$T+rd{)bHy>!KSk+TyuKY^dR}cKEpu
z;(msvIM#a^Xj{Rf9j;X#rL&*(8n{|H?h2sihx8r=#?h;M=+}oD=3wa4x0{D=+&t!+
z=I}_2s^vgsL_J3;$MXdYGWUS={rdT%P$P@zg@~8RxzaI*jyh}$M-t$%AON#V-=ZN_
zeTpE6TD1aWmcRV%vS}~oX`hvwSp@WHgtvF!qI_+j4>O|Aprfx3i=@}EL%+CmKN~Qh
z;|j6YhqY{i@7>0Is%D9_D(VOBnj(lAzhyxr@}w{4uS*}BS!e)pmG)L9mTfTIEQqG>
zBQ2y;SpN58rAR8I3IGY_%XVYSMywxd09SJ9QtBQ^r%)I#PZ$8Mjk>7;HidGC*F4w?
zL``y~sed(XFgPt!BrJHBvg8VFU(HN3J6)dr+yJ9dK6pFiASs;4`#ur+e5};ls#J74
z<(0GWcFZA!JJIbOf=brG4FU8P-%>i(ETvVbu$rboJG}rhGZ2-$RZX2Tc!p8=glZWf
zsXpK_JEsTx{la>KL0(9u%7Q82@M`&Wad7%CIsW6T90=GLkWz8@(w_mzeOaDzattiQ
zG%QSB8sIZ9Y+KTgeWw@ox#1;|UQa!hWUBo3v=H;O0MpDkcL5qal{D)hsZ-Wr<Qd_z
z+w?mqV~NwSun?1>@LB$pq|xqvXB`?0GzC6EwZXgE<+t;Nm}vzDrzH}AvMil>ohJ=1
zMDO(&^hy=}^D8dJRVa`HVxYl30==;g<+n@_B5a^-gZYczi?5rw>gh|Rv;LDNgy=5-
zL9Al=X=D$59ytO}lw~<|WlGmVF9J2LcYZ6La%8}N6R-K&=-wAhWWSi{y@cjImiq&>
z;fr3rl;_4?y_-j<RneNx%dcu8s+u!{Qx}aDjpeUL&DZ8`WgEh-qxXX6jALw}ScrFl
zw<GyXD}uZI87@^KsM>sum|Z|`!6pKjJ9m>`jq@u97{4t&Qu;pr>5mw{cGX(g<LW@9
z2D`~|bBcbwvL*+UKdP&s1b&@tLtk#)62NM4sI7RaV7Aa#Z>xBE&K#R#JIYNB;&E?s
zfpiRFi<3ZWmzxLuownD?<jJ+7olRu8db5q3wi}`E0?kzyo8!?n`k_rQ`Hv=gy=e>G
zOVK|{OK#uQ4s?>)hj4l6)&8QPOx`g9k2ECLWO;JkoLRVvfAl`H3)8Rv;EhAB2EQDD
z`#T|4aH3&F4$CwI2kATGppV|p1y~gYDI_D~e$~8fBu~7V=hFPfHHl5S5l--<Iuhfz
z>IR%8q~6Oee=b)vtpC)GKKBwk&cyyk^EyZs4{R}h>GEd4R;6mWrEN=ibn3!YAi9;S
zgGZIBv+8G^>Q6GjjUV1{KJBh+ohn$x**683sxJVuPUp-Uuy`EnR*%dgCi8KZD{SIC
zu_5`^O>-Zsmn%%YFeT?USHB~FoGi$<6?Ct|-SnrP0YWW8P2ar6!>~WMjB99Jq)UP;
z**^vU+6*~W{LGKD_0~vQrH=VTr54KM3uXGxGW>;Qj_F6mNK`-#_ok;Qa0UAYv*>t{
zWd5bbS+YQZ0Mo(hR5A7APPdhnc(3A(-lu|B9bO}q^>~!E)7({x2Ee$KTPgA0XaDm0
zxMKpEIbD_If&?NiN{>%EKPBiDgK*Up4oS4Q5F&hGz*YMTW$B0RcUuJo^&UO4D;V6e
zdVM0C`3?|qL<#djDVn~cEt>oH5MxlpAwZ|+^i%I~v2gY&ftIpHrO8psZbs_2=gq+H
zI|e}nA!H@=+yc=gPi*{?Wa2_-bv;tqwQZa(Oc5erlk!}Iw7HLtTE#=V4Dest9=&C7
z$fs_#);|!BG0Z#@q+4-5=K)3bk}}b}w0&j~u=+DT7r!wdPts;6+iU#BuqMQ>0O(`M
zpjz|d8;z30_694DKe_Ehp?ss{EujX#71~Q1{U$&bcuo_8NljT3wmyespk=Arv)^T{
zf4&-nDJihkz0;T*>QKaCGWXrBFyZ%!KKV{rli0Z60%<y9N6Jv}ui_xd=?6rLb`}ll
z+<H5wKS%`XLSjQp=^Lx*bnas6w2I#)^Mv^B$7uN)?|UsJ-Y$QRW{<%lc}sLKph)Ad
zo9Rmf%d7|qFEN)B8y9LUl|cPI<5$ioJh!Rz!s%KT`1|DjRnayjk-`wm!=nx)&^~ps
zD^p^SGsx#M(JZMc+f6KblyoLab-jq6nNg6rENpt-m4I;lo$o|+S^%i2d1rN59rI15
z))KZ#aq`N1(h94x=4plpe3_GJO-DuTP)q8Y%i^y-Y>RSt?>KI@TL~4EgY-E*+p}Wt
z2jdxVH3VxU4|yUHS9@qZpBapzu9Q-z8axuo%+->;TE+}kR3Buw75wMi8{nD*7(eS-
z22)<X3qYPMXUo^tt!1AP<}M=ujF^p|=?X*5V_Tblm;&D<3W&Sy+!lWW{B^O=?fqBW
zPjcvP4lD<7@fcIIExUueLOkBPZH`2FgwMoQx7wZ|kG(DnT#Zx565YkLd1$Ro)1~}F
z`ac@H7+j`4#BP4qWdoKT`+i*eX1*@U{&PxI+1yH~PfsCt8BJEJ>p^M<&2pj*dOM3s
zXL^6}`uy}vKcpa4p5V&aw#}7Je$90k^Zd+b)*7Iydnd*f(7+E9P#kNQYOGZ>B`?_*
zJFDe0Z4rbWDVhQ!n<B<A@3Iour3Ix?Fgl!5ejZPSsZQ=XXkglD%rS5X<s08BnoVY_
zPTn|Z986_5qpos_vq0S!_dGj=(|%^HWb@Vt8(uxN3R~p-`jq-J8ajG>+gO3R`g;#-
zIX1*DO;$!xYUDSa`g3G1Y-2u*v-qz=@n4&6y*gCW8B#Da*Pw2g3us??tx;vN!lmbC
zTcMt=zn-ovc%_O9GhpYB8QTgM7KkfSxqOB(k(1EEhd6Q}72Ly>(f^zZUggS=%LRf%
zf&EMe!B&KjX&X?gNtlZXhl~kF*u3<&YL&^|&Hd;j3~-a4ZM*``cZEjL;eT232O6gO
zoLF`a95Q#-9KA<CCz-0IcP7q7YNg<j`ups5d(u3QCg$&RRwQ|j)0tXb0*2fhhhEfH
zf(=m<4~<)olz9!zjP=Zjf2kRg6&LkpZe^0LgsC#V!%p_~$+NQGfWWf~;0fVK1AVfC
zEWYiT^#-Bqg`6kJLjP1C;euJP#)rd3Ac#>|P73Pevs70_G5u|_;|(9=v$0G<W0W@G
z+_iw>65(x=`o5zY>|9PY(!shR1;8~WlC$nt;5?Ny@^a*}W_SFs=kDLdSJ$u#OLkCX
zor;BzQ#!v}GZ|liwXepW14U1Lwlak;u0&6KB%Bn<R}l4A-r$H+MD+`9{vCoG+bJt_
zj{8LY!r>qXt$oVrGAg+g^%GE9yY5cNcV2+)IBE{gm_6hW>Jw)HM$UX%8<lr`hRwCJ
zIYO8^)|Ku0f=hq_GBLNqFgY{jQ=eexzTo|iTQJS(BCOp-({}~Y^ou_bX^g9@uBBoX
zR{DfMUqDcnKBlaHIn=l3$}}$aurh8#+%yT+WtQBC9_5y#{9ex}+7~+>?s~|PrpAPM
zO$M__qre<o9&)Y_l8?fq(pN$7*#B@{Av>YoCq6FTbSAK$|HgF?vl7t-AcCn`l(1c-
zcK!E4f>vkYr6^v*x-?GKy8V2@B!uB9Ct?XEHaZIH_hB4884TXfzZJ#fyAtj4Vx&5=
zyApN0P6F3g|I_I4S+H+EQSzNm$WhqV0Jr8W*mEAprOzlo<eX;8{g8iGp7rjcfQY_`
zD9P@cJAb@Q?ek_EcoD|l<#Dg#(3SMxuom+5Ol53%-A1j#${YOBykG~T<w`22UYzDu
z4>`q6#Ht?~s~>V|bFi31>x56C8Iy%|A4&+hua3647GP?pYUv9Z@bS%Ya8S-7>~(XI
zB-GC0AxCq$ZhdGyJiZR+Kg(!vi8+}}6*p?lJ<uk2zsz`81+}66-+1oriO-xDeIR|!
z%g`Xqv*jk_MwF)kyMK^=SbuD;qHJl~liuXG_lMDB3U5W(=VY(|T%*PX9Jc!5Ry5Y?
z4<d8PQw|gL^aC}T%>j@(c!0(5;tz{($9jIOcNZUoa&z0|#D~~7)${u>to%Sh>7*F0
zA;rN0@v`XhD5cy?L)5BxvJfAS2bXyH$jqFb_z<=ck^0zn=^Dft2qB&md73^9OP->$
zo<>ouJVpEpPCmVdXTvbC{l|zRc_S#_az^Yh%&G<jXVd|4@WdODnyQB~(anjo;dy=)
zjhr*cbYzhFAr1H^&50xF4PF18R;NvI?ocH#wTkVoa&>-m_E?lpxMP!gS^44Z%m(*t
zzuw4*jhm0sr&G+eYr20^vJ^{wA~WE*)O>-GPj3ypCMGNXeMC9F03KDAq$D)e(gd`a
zZN<-}uG>R1;2M#+;9l`X80UPud2Y|PrhgiIygC<5FP?%pB&<%l;Usu}qwU0p^qLXj
z0uA1e$OTi2lZd)FdiU2iKIBk}V+|o1ugp1VS9k`ODDlYjm?5UE<LydtcI3JrB6qtb
zPuBWk>0<K2(xs?}Xx+?xJ(-0XkM~<!e}dSX&n4Qmg7l?Lm!bgze2H9y7Pcgj3v1w>
z4rp+RpoNbsb3z#&{m-~d(Sao0C+a-z6Q9Q$`s+j4^VV#qJ5hOB-+!t@+_!LzQ;dug
zpS7+E1H#$Adp<U|^lGPld)HF5z0VTE*(%Ly@Yr_y$DCvdFh<Y<Oz%jQbso{n<Yf_V
zN6UwtuGZ@H$Ya&}(*K#`gZJ&sdqJJ3H4ol4!L|d=*5<YiHUBj9^lwE;9tnnT8NR1K
zQQYTDHNEfzD{3tI0eFh2wpJm}j%`O(Z=re^*9_N*U&Bq*lZsSpYdsTnaMam;RuIM3
z0N^3>$yRa7hf0#Y!OHfYMk=<7#|64rnL72q>VH8J>Wm?HLi(oAJPg&)euzSnOB4?r
z%le6^J@wb)D?s9E#SkRbpKQax7<zAhM2~w!Pq>SJT=v$yjQ;V4<vLMTP4gzE^x^Cl
zvL>!lP7R2m#CDVq>D7sBke~)8I2!pZ3vUV;KnLe@YPfG%vQrEs7itbfLTGb3B=MJ4
zb#oPi3jM2SCk^ki4tLY{wbq-m<S}e6jwesyp$2$ZRV8HN$__fhD<tsH38!r_+f}M1
zy!$nY*uoF(E+2?mJMnxUOzTWvx7rj^cWZjK)1KS1zfF;%5A;xxq|=P!7hGOH|3Q<w
zSFDfqY_PzIuYFfsqBZ@KCh(Q(YSC-F4W`vgtsAY^fD*b{Z8{Ws_XHP3a##Ozw(nFZ
zn2YH6h?qt{?1INvGPAEF(DHf1BY$g1U%!<)$WH)Ldsr;J>P<#UE%Ht=$A~$YtI$yS
z<f=&S<Nwy}wHbyJh13Fn=*B?}ZZm(Vo3vTIDF!(T7Vg8m9krGXU4C+VX(O(kMEs;D
z9ev=ANcWUPVC}!E6oY~7gYD;4v3*K$4EpR?;6sdjphfxCUnMYVnm3)kcS&K;oC?$_
zjrx+(mMXQ4AH5_Ty`O%Wy~r>h;rVdS)J?&p$w6UV9g%uq<x722xrZYMaTFAZh()Hd
z?HgtAqU@-!Offb&QZn7ZM|p^z<CE^4dzCH}e|{k)^ZX5#l~Zw+f*#eWc<vV$AL8s&
zR~JI@s%VYnzDsj(y|!pkn7N35@)LgkJzdyDVt(khiNT@*0Ob4?%lr-Vec%<+h7hd{
z4S<qD){aEh#CcmL-EWT5mo@)hYs-N$jdO5S7Aq-&Fi*DKN!keTvC@ES+@KfMhcN#8
z^;_X^tz-5^8-!`rp0qo7o!y7xzaaJO=bp6Nc;P<APj1P2Ih?i1dn_x0t0Z(v_FTXj
zC3}y-Y6s^vA_6`$VVoZl<AWG4hW=&~C<tFkS%NSN<CnL5y8oI<1=0d8dU#gK@2f)?
zE$)<Lq}+Mvn&Tk%_~b6Yz(IkicxPhT*Dh&*oYT~5!hZhmTnYqhH1g;Er`y8hqv)N6
zK(9T6hU+`#=gqa%r*mPrav>&>!fzeCidx9_M#c0yG_Y|I&0O5OKqdlw{7Jm#s(org
z4fiz`MS{fH_J}8lpQ-`Y=kaA%{vPp6y75QhX+U$`N-iPv)#wqDkWTLpsvy7NHwr{Y
zG0YOi6}~6^+*k&@z2sAA6TmLX%*habP5GXd_}M=1#>cBEaEd$o>IwxlJe47NlHn)I
z1}m{eHh{r|TD|#~0_!o53h&UKlKzEU=IlM{RBz5=-|Y;8XA*-Lj!(x~)-Y1Y&fE<V
zV|TQh{-59z;^kQSdMep-k<V#JNhgS)<~GK;SU3Hr;L*NAOHAE?LEp86onCbDPKU$Q
zrM2_0877@ZMzW7F^iIi2Kx+kcae18=rWG%(vBMSeUbcrpB#FZjrE~!cn!_()zoeqi
zyBpyx%xbqnVIfrWVEea<c2tT8|K-)rc)w8Zy^uu9m6GPa1koV%baeQGXw2#taNZW?
zxzUzm)l1^;Upl&o)CW>`cC$^82jg0_ba#bNZ;VhFYd7!v4zVsL=gtpr#v#MV{mMJ#
zoASDk%Yu)F1BC4ZmkN>wj$hp7e&85`e=zBhtEyc7b)?2U;8Is@E*pE5+Ky|9RWVSz
z6EnZldef-9wp0TKSYo|f5QKiP%INU=p>;9m2}g}||6#IO$%AqJ;aMQ{JdhLQy_EXi
zA~ZIz-?Zy>sy?A<rC;W|$h|i{rrL6%aSWd1isvdCOjU^)=JwC1H%L@}`s(J%(~rsy
zzku(*jH;ojwWg$IEDsPg#xlqUmDt$eD8o<BPxy4TyFSFa*;9q=)a!Z_8PnqZ;oQa=
zzxZ{199k@-suRew(%?mRte<fK*4a*hWY6-gFd<<?w9&k=@~$V>^bHW};V5yA*$@ey
z4d2gfckm0Q6>h(Nf++_HANBsa0Ap=q{Vgoyb|Tj_kjyR5vkk6{P*)8dHvTeycmYn@
zejv*4`b+doRaFMrxtMz7V##4>pZP9r0${o)l9|$Mh71pDVn$1BLfEl~q?$T`fD~2O
zVj09YM8z#g<(wUs)Cf@l&@%Bstg9f2r$LnvojYBbQ%wLMMZrHYGN=N=PL2Krka8!%
zbp4QA2Kjf+wz;f{g@76Z0c>I*EjMI+fIUA*%N9`@@`HE-5T!PXuhCi~gx$P-0syF0
zXGB%g0|1PU6qU~$0f3eZ34OqCkp%pY3IDmGAnddnjIVR;fB?Vs0bRf!^5jaDDb!Bq
zBiAYEZ>J@NJ2uwe;wtKgi6xEgQ+VLdMfEDO>v~0i+R-&3g<tHI(@^soIwO&b6@tG-
z(oW&I8jNC@gE!$W50D0}iURv%oRlm%R=&s$G|7PO&!jQKyCqiq3b-@eVr}NH$zmM%
zA}5^)$zqK7BIAW3qZP#S<b1^<|3f-VmHH=P39xufmEI4550e%ROOakLYvmSb_o3I-
zHH&2+(n28-Z|)n$3V)s9Qnc(mrTWJ8Rd>E+^PLtK+)2K$_8}ljVRewaGpfsZig=mN
zh(B%Tj!yEAD|EOxw?tN`gQ$=6Z@P?|8vS>nu4|~JlHUazBR=K!1Lw>VSx7uoH^N%^
zheaBmE@lf2&doNO`83)6$G^JTci^g$y^&M$y^S<7zN#^f*+M-L*j9^`$soFP3pOI3
zbZ<E!Z_>BYw;bl-G06e3?L+X<Xp-C|=Hqg^b%^t&S9*or&^KP=sl*tI#sa2w@M2Wz
z2_BzTu?C<!!R`&^b}e&&$wknYj7^A~@@E58EFBB%{2gMMU=N8%3%K=u7#rA77t=N4
z%E(0>t<#;aSjncRQX|w7kX}`|fRAEWO!yp+L-C=%8~hubpo^F%(?9>>qwuc1{oE}c
zbAG26b}^2Ra#ccLqrpJl@s0f6_U&d-J2`@X;}G0AgXO27+N*Q(w-upjwc`jihCgW1
z{Dt_~h-@x+0y{qNVg9kHK8i_~CKr)CTU@t>F7tn_c0n)8wPfC$peXluc-8kYS@DME
zjWskNfO)ebL+2*7RSdE(%9(Ri;b9Lg6B;!OasH)K#Kj%Z@o`hTqmrU84gVuFn)F4x
z%DGGRw^_E;!Z@$xIxn!vf)DGfEnz>0{^J`oHaWJniEr?L3g$2KyGl9OO2UUzRE~Q9
zwHvm89^D9DJ0rgC_sKW!f}5wK^DSrvri&83EduE0DzO<(Am<=cl4o1}a0(p~+*=H)
zpo#>e@AVL^Ba|ZSpuSAicvl<3&TQpDS5lKBN}E*4Vae$Dpj4gkU=@;IG;E26)!HBY
zJ|PBo$qj|bmOx?bU9+|8SB1W!>n3U!x?`ta$vRAhxJ`7@QRdN1bzbz5ClAc3oj-${
z=%4rSAIIo-GQ_fry4ofK62?O<ozh?W2{_@l`}naF7Kc2PnyfSv(=XCu76$Dr>7F)+
z>r|Qsv=h@XHM;gl+e3X6^2U6z=@+`xqAq*neC4p@=c!%>xS`^&q-T2>)sP1Q3KfsA
zYULN%tZScf@-_L7hj;}q@y`?C+}11<x60`?KB%fM=cqDjVJnN#uYZ}-s~m=W*pmG9
z5~{=i_tPj!d7ku~HZN`@Zk`8>dg?co0QZr&l7b}lK0LIlX#U1ECc<<i!j$+TZgp?)
zhq#Nz1M74TGCP|GP-_X{O>?uYR8fapd!^<mvP#4?<DaYp_y75U7i(wKwBeRh?SgUf
zVw$_@pAL2M9>6~PWmHLh(~ZVgSY-cQ&V&WJBIOSt%LwZ}Eq$XHx1HlNY$?XI`0EvH
zz-OgPhMw4qq&UE9`TQbe)z%Q|=8P2KgspLq8nP5$aV{g%6OMY3Os~VFWJhq<8i2G8
zk4xi^o0<AcelZ+6uhPkd#xdX%_+>97x0nB^Su;v574N0cHz)HKabzZKtyzC|HAz(&
zzD=?6x_S~biC->#1Fv7TPLb}&Xfp7sP-~>)ZpTU*mq~IWjs4+)^*V@6(w2<yh?8*#
zugt|enEk?rnGl<WFtF1BOGpBj3s9bn;sqqSEN8yw#6+TEkR7wWdCuOr&)(pp7u+Bx
zaflkm%OjFV&FLD!{8SHZvF5TkFiMf7w)E04(X?yM-KZ<V-1uH665zy`yrOh|coSQ1
z1Kf{R2UlcaN_2V0FDsULJU4+m*V%<>C-}Qq0{?X+UTId0ZyH-iBwk?w_rK+U7jjg_
zS&VWRg5Pbhq(tRdd1)-F4%X-weP%J9pz#mI50onUTw;(@hKo-+IKFPZuZI(KE#2FO
zfh7?#GHy@$YnylTh(0WCUNO|N6|Ln2GyjkvO!HUZC<W<G3uEtZ#v*^digDxtOe6%L
zc???s06Vq>ll*txNViPI!Y@=g-9`o>N4p(S=owaMVb{6)tN-!n_RB)@g#wACmif4u
zLLSCroDLw91F*+Fru-YiuMZgoWQH{8+jGwvKVU<rTNYGOOyw2bi#Lb9^looMRIZ{o
zvDpsW(a6Q4%J|8IqzAu*{kLGTkJ0AP{ez+E+XK@z<jkuf{4c_ZeC`~Y_^H_&KTL+P
zdQp@W5Yh21wJcannzdEB|Bn$I%%L9YtejVtiAzG=86<E7iIe|!3<?PP@Xj=4&!)!T
z$F~PEeZoaM+;JQR8DEjOH811Cqsc86@ks0txvFYB8YKf66#^<HAhj7~dBKUi7mW0u
zw&gcYSW~VlwHHUBd6LRPL5WFU!~>2IycS{U-uwe>GTm%p^V#X1Esq)<DYB=@-oMKL
zx3|<|s_<L3UgQ4*(LgT0r&O-KYj3q+UDF~}uWaS&hnyk|K4s?W6E6e9MjI$-&U?8f
zaprtK>7(W=VdO1uIbR?k`3A5><9utw+0<XZkGKKzmWku_bAS7@1teVt2FEGsKULYV
zq<>c`=|5H3u%v&hUHXsoQR}T*`sq$pHiE`5OXi&-B%IPU%7-eX=qnargE*G{-KPlK
zPD!!7!qQ*lG@;;WRik{UVrJqMOZs1rVd?LBn$Y1iOaHplgfC7L+!D-`{#&OB*G{V%
z<wJFi@}cRa|MVD^{-862LTAhx<qURjjKL*N;Z;4o^al*nYJJ64qrCnZLftb`rLQP0
z2p;yYT5x_y8ZFpm*MhAcEl7F*)E}#~;9})K(;=QA^gBZcz(e42oYI0TmCZLlNoNR$
z&#)GJI8+yheh3r9)B^We85<J3N{mRS1w)1^Ef_L1&5~cLOxefslGiy)h(4>dAXYD2
zY+9ttmB~ctdzR4qtf>V_w}8E4)x29*F(o?TEMdx7g0GC6CJxlEiEhCJF{38`a|G{m
z{A|+(s)^#ZEmG=sj?nQOK|~HplWtEm)9nZdxee4Fr-tup4gc*q!dK^b_)U6v2`fR&
z;Y*(<6hF_yf3Jt{W*@%Cc|w=-1krR*2Je}ycO5FC$%~*ffMZdp{|DpvUB_qV2@B2>
zyk_<Eyz78VVlD2ec&u9f`n&K@|80uG?(>A7B!w^R6wGmVX$mdmxEn(KA1kao=LxqY
z)-S2B<l5HjrLbm6tR107z<B*ytif*{0D)Z+;D=D7iv$?(n+uLEzq#OhfspkA!O{9R
z7b;&MRJuTLOITyXZ!UDZKxlV?(hgS&DU#a$P-9HS!}%cOEa3Pl)HsrAxHA_Br_^wN
zT_F4^hm)}8aAhwNf-dSJ`Hg$2rT%|}U3GjE#~1%@_U?8jSb$KZNQ%Tg!QF~OfP~;K
zK^sb298z3LaVhRDp_D?=;0^&Qlokj@ijx8@R^a!Uy*G24OZfE<K1_C>&CHuO@6CR1
zx1*4DCNh`DSSmZ${cd2%?^JgBT`^GP3YDF!uNYW(#ek>aG0V<kR}JL5N@eH#s|KcB
zrC=l#Fx9e_on6Mr4;)`Jz^{q2vrAW3**R)Vrm{0hPRDSp9+Tm7nlDB;sF0k})p7<M
z*V9#18h`Y3RiU>svL}rsc1O1U|EKh{PC*{{{0e9XBK4MH(8LskUo#MT&2Uad+%*Hu
zuhCQty=GwWHBqboN>j1+nt{dF40ovo5F?}>iqtntsm0O^6iFkgwbBgKNF%Ae(hMY|
z8SspeQs<@_n3875cqXM5Q7zX~)kyufv03_7aU=;7jz;PM<E*}w^SXiT*GYBsbpw&t
z4R|I=)t#;zh`(;g3VlIWdE$^Pq@9b@6UI@6e)YP6pRXHm`1Ev(Qb{68nY-a7WpBD*
z4~xoejHlhO+8+ig{Xx6ous;lZ@rMCVL1ylTXZ|p7<PUPdOKSaI>Y8~syg7~>F!Y9j
z;2UB$yhmg&#;NbYup<L9Jh8QX0u=8id*>rEtf;8mTgL0)AACXsAEYv8*-{wq_+GxT
z<K@8T5yHy#l*F<nQKnjpULR>fX!9Een%*#+8;+#XGSkQR%IOqLPaMm4li?{w*jYBJ
zc#a9yCys+}7#Mhio@Yv8rdsYO@WnR_EWDwdcCO0$(uDL@Q6;)eAg4Wa!@z+X<g|Bg
z7`T0dJSXQ(1KDpH@Dx0z=S1B!5OLFVS|N448r${V+&=HnHp<u`HMG2Gpv6rCTxc*Q
z55H+(=uN{ZH2J21r9!9~ShuK5)$0nNwTm(?O~~N<`<2paf}lf`QFJ0Xze_>uTLxO*
z5*geTGJVP|1H*5r0g+NT5`~mbQAVGMWNz8p21?(yn%nlaf!4PTcqU3|Q*Rp>d0U0&
z<7#-93Ta)V@-CW0;kojk2Fm_P;d%C-1}6SV;km>e1NrZW^zaIW=S_DEthz(tIqzKq
z+3wQnkO~advW91mNwhlp-!<^bT@jvdc5{X2k0xab&(FK5@LY3}<^3AYkKBpiZ0l}0
z6>K!X6^{pGO@HQd%c-FD#ebX%=IE{_QPdILqm0XwDCW$&Yhc!01CBw7nNJ1HXITXl
zvuvqVl@MhwF_{FV-ZgMm2=eWo`B|2^_GKyVp;}7NS5bP*WaW2)_|xv{AXAvUG|JxJ
zMIcu2c~u*Er2*QnQ9kD;TUYSkcMUwfODk9s8>;2Lf(zX<P~e_|cNFL$)mIbJuSDx*
zzM@mQn)eJ;zDK8Y$NNb-*{bV)N;mbMfhqS4u&4bpJXjTK3Mn;7Le14^eY#Zh{XGNU
z-lM#-n4(KgvxrW=XW)Sly*eS2=zt#TLAMZnEn0sdMF-wD;Cr7$hbqxt*Da#E-Z#+k
zz5#YOv*>b4bhYb%mKLqonL?r$-#0K{imt3gCt5{cx^Lh|Av$}{Orq;3(MyHs>(Tl;
zDLT&s134d%=!Qyks#SEu2L|dsFyJ_yki|!GObzn<M+g1@v|G`7j;~3>qz48@Ney4P
zJm3%O_edTXcpx;?O>o<zUpRr`LdP`Ki$tO0cC_AK>ZtwDK-Gt&W4_X{)T(3NLjyA&
z8gR69*D+zF(y>M9NEJH%jMgto9d{oZxFvObr*z<kMMsH828um0;7CY#AGmJ6(hz<F
z(C$R*Wv7yc4v!49dPEvdC=DI08oqsGV5875C?TtC#;N0~(lJfwxErm1BX#JH4ZM>&
zZYUioRvnce8z}$SfMY^J7N1`+H9S-r(uIb5(fVttVc=r}10IuxCrX3QO^b%Dj}2@R
z8vNZf3{x6jDh)9=0quUY-fkLcxc}I|pHjnH*J8J7D3xyDqjXW5CcF=XxJe~8$wI?-
zQT7qjWH2;CYu8?qK(-VV=4F(9+cc`r+oc<5lWtHx(YKde39_Z~iPuqfV>)fnW6}+b
zO1Ey%8`2G|OQ(F|Ub=y^rc5(z_mX4rsk<TnM%gP(Cqo=h4A`DXLxw6thPoT_Hp)It
z8WQrvK+qGbA+b*kG<!mZ%zR>C;1g*`k}@R8-H>-t_9N1eEl&+>dMXW>s0^9tZip6b
zFF1n?`T41VAD>zcdGpl3>!)N$rDq0wp2-aBYh{SnEkN^#wpW;uA;Vg%lvWc2wrG3O
zj7%9;%fAh@_*-OHw`4{0w}GL5s|s04VMr8G?9ujhGpLW-{xPuiAA^#oZOWddf{;b$
zzC4qXr?h_z{QM6kPwk%@h<#4U({IlWoOv#ir(2Xf4SHc9@dYJMmtPq8@dYJM+tkp>
zmNj{*I+K#8QZEgZcqx*n<GozTQ~Q~jlBeIK!6T3~Gb6BylA#;DEXh;5L|5{ZoHhOS
z&#YLUFaD#hUE`Xc+kj?7+x=&eBh-IspzcenBYg7GK;M^Qo^I1TZGLHB#!FTHJy6mT
zg*4A-d$(DXL7jeO;P@*MF#Ej+yZKx(FBQz$qxI#I+40(d$7>PKvp8ZhJ>+_C6>9$k
zwBFJ7Q?tlJs=PK(>9s-M_J6GiQv_lE=scC?(6{}2zBbV5wc-4>|C!eYj=eVEDag!k
z`<MLJK!JY^=ePa8|JT6ge+}nL4PUFnGp{=^zwO^<HoXfi{~H7O-Wc!{cTBY7$8QW&
zc%xi9e;>6I3*Jxde9UYz{K6Xpse;n{wtulcYTFfr1MK|rZ2GqU^EU?meq%Vl?O*t<
zfkJN$=ePZ<zco<xt*ADHdatu~bbo80>sv#9+rNa8DqGfX`xl-=-}ayK*1$v|wD5U5
zj=eQ-M2K*#`9#b3ZT}>KXgLoa&9HO7x13hlQU|4dqwVwNkheW}YvA5nDjjpbGmz^Y
zm5ycK87TdZ!cXUS23o(9;pefM%%x&X`bFCh%%Q<M_|8DeI~n_)D<ht}8<7}oFEW>m
z`175CTkpt->|pQ&a~cr|hHx;a5$(Vb2S$Dy)JIB8HD@r|-h3|k?S3%q1_SfAX2<5q
zWKT8kxC>}wqjOE1ODB`h!SJ`>`n-?(dFBi?UEzXjYILsslB=l3P*`JNb2D-M;Bp<o
z^-XlHza>{qjiI{W+SkYZ6x7~VIz+PIS{1DqokxS4pfPmU7{!pveP#WTCJ2+G^*-~g
zM@UmNhRGTY<Tj0AtH$6dXwA_~(-?jh!kkm}L0^TI?CUmFYohhz^JuE#Js9FVm{Y?r
z4~8Kgq+z)S!%`2Ls&gI;M?9pZg_LZcdw{ksS}*zy$@^GmsHKy<-a121o#ai|8K&wC
zo`S~|x=&~LPG@qUWdE}xMo8Tntyldf!zNftshuVWHbm>QrP|UqhA11UZEa&{X(P2s
zHii*42G40y?Is(;3LBFL1vUE0sFNb3?ugEHaz5>K{&t4qcIMpcM%WoX6Mu-k?zNra
zshz=7@R)mDI|oC&gE{xQ%?^gu4(8nJqynZ|*1axhKJ9hc4F*qx0Y<03uD!1Q{7ie@
z_`V80)Nj58hiZlk+P$Xswd{6Jzi{n#OW()w?Lf<ZcWdB(?01oBDiZGl+NNmTX8}z`
zguxJI&{VWA7-9{YieU!B5YbD)V@}07gJFrmWbrROz(cjvNNtYR8!gE2o0{dygr&lS
zAENcq3n*R`XADId16yo;N@c4w4>+g<rwXoJ(MIWoI<$m&Ku5;Vk}+s)<^d^;VUPHu
z@jT!yWB7+LcnTi<b3w})T63D<gUalK?q+|`r9k$DG{KuV!v@X(?;nZGccB%qI~-uc
zXyBjsRp&DI`>NXe0if-U)<0cH{rr(Lq;dww_AjzX2E>SZ_EVp|6wGI%^#uzl_+<BF
z@bqL<pX}_XHhw|)d$j&$A=M{Qo(y50%vqmEIy;s=u+%4gJsEm>GC0CN$*QInF0(>C
z-wS^TXwRcQYQBhEW|b$y3QuyGlb#I6J;`O#JsBPeLj{lNGWoMH<jp2r#<)dKoEG#0
zdMz@CQY!=F%WkgAU()4hu+rTv-@lwoe+=jYtRk9l7=LwlvF@SErD4e9fOErvJBw&R
zCjFch0?8;$8)L5SfMc=lLc5voo-9XqeY*lai{<-uM>^nLgYHBxR%hqlU(mJ2>KZ*`
z_FheQ`nlZ^dWHc;YHwFZ#yV-VNO;$x-RT>b65~c67ischHHy-6grz5~mKtC6cQITi
zhA22@eCoRFl!1WXB1JMBZlbZOHKivcc_bRk=b%Jm8R7lvmItn9V`!9(5gN+~A1C;l
z<YCC4havlsj-nI^H$gqey&1muW(3jV;U+|DQ$B{V`4~a8Je`#F@-tM=&j_NGE!@Nz
zz0A+BTU<0DTG^c!4;5k<TZj=vD~I!9&ms(AMHoS}ayl>GD8{g<7$e|SF6YH;#Tnjx
z#0Yqm+j;R>afWHd83C{II4?T<7|!}K0$$~HUR)QzP&0rL@XFhHv2-ZIh7d-;t9;HL
zt&3t<5yc32^?~!^htUkVq8S0N@{{&xh701N3A`%cq#Rg=A-)VF;8j5<Wx;X`hsrVn
zUKMgu4y(v8s3Ifa)rZcD`ztbR6BkY3RpD?Gc-6ELL+wh8fLBGFl+P<M+^xh2c-20V
zfLH6n33!z&LeCa!1zz=t)I;JV@aiaVZ@Gk?><uU2RdNRC$=+}RUahr4Pi{ApL0Gm_
z=Ce24zF--}zgd+TW>jVpc-3BggZikG@W66{p6sv8u%oir>yHxjq(~Kp534W&UbUBz
z)908Idh*$Fdf4`H6^3e6nDb%V%qk31tBCyPn0(k)h2caM+C-!no5d8@!?vc&X%jK3
zGT5t%O~ku{ldRiv*XQwbcg_Sosn9`6i#cY2o&;BA2&~HBDXu!9CvhGAFZ5(&dpGDw
zvK4x=)&)IDKL(_%kkFH(;U)kpt|~*5stjH}$AMNWB!=QdxCy{oUX@{SRoY^Lo2#D@
z9*0Tde0xMyhD%i$*r+y{peH4o%RN%I)RZ3!=U=a&Dfh0%kf$0W=!su*IdOi?-41e&
zhdTjS<*PB26%6pgN#NNE38o5(aDk~B#wzZUFmFi!R_ZyR^h(K7-NN&#g@UP^gL%sd
zz{(b%0e}^L61cNUu7XYx1i)IFVHI?WAOO}p>nfNTE9YId)R1(F(3h>GA!%QYp=~v}
z3W~N<AO1h-B;3D>R>8z-3}04b@Dz8<RdBZ&!>wwx3M8ioaLTy~hODAh;8&gDqw2H@
zKC8}<SY1?vr)U*yuFkN&I;{dJ#%3|awF=@_(JHu8o#A$Mu?or(S?^UY_~GVGnN~rE
zcIvm?r>yY9#8cAy`?dSO-e141oA)oZdjC9^_gA|J>{~6pKOw>dUgfUAkgW!TSK>t=
zezo-e-VrA7s$&g?wl&E6x3-m@A!r4O>HYI-FwCjJz-DyH<o)Z~%FfA_n(Cer##gK5
zIY<qL)Ed(JH?@@$w#l8TSA-LI^}Ghd-!+&lf8_>V0A7ax%`ZIHv(;4o7Ou%qs3rsJ
z+|(U>)UT=3BU=i56cL`Q%o<rh*JP+JBn)YqsaRJMVuap`;ko)qu3j}65(L-WrtW3;
z2hCKmD7fl`>r>Wbs3s+WffPYdFI@j^jkVmKT9aW)P0B;J*JRjMQ|tkUC=X4q$#AJA
zb64k&bRn&Ixc+a}>T)3bFrYOE*PE@S^!HUQh8MLc{Vi6Tp-62~Te~(x&DtXUJxpqo
zYBMC%R>kXw%@hbpNNp9KYy3JYUT1vFFyUh=Uh~vpaMYpVb#)zvg>@J_1&>+07OBgS
zuPzm@qw6vZu1gD2DqyN*Ene@er3Lw{F2j?$qIfOc%vHP^>oOIujp(+=Fa)j3fFhcp
zO3}Dx77)_<78Vdv@pxAy+v`2-jva0Oqj;55krzHk0IgBDeq|j^MZtOu`RmbCRH?^M
zsUA&5*Ln<{>xu3A2u;P3dJN<1F?Xp25hJ8F3D=|6lhk$f8P?P%sb}jmoUTt&pVeo0
zQeSMtQfgQOhWrgwNi3xnRV_9CG2wd0^;!B@2_y*<nuY6|*IQk>d_#t^4M}x}h79c*
zGI%CQ)$<!NjB3ba;n_v4pkyJfO}PGWJr$no8!;?z#NbG5k=4UTb4OUJ>`fQ!yTfyT
zwSjho?2Q>%W7-kwHfE^Nn88z!nLENajTxplCI^&aJS+lTJ3`M5<bbalGrVXlc7$(<
zZ1@Hj2q|CtOdzCtuJ|DGqW$5yqc>VXNKchE*|LI=e%+7(gfyXrB$llr?jWRMO&E$a
zVb0(yskF@W?jR(sxxz>aI}e2ypRv&jVW{1Np=J|CFS~3mSF3EfLl}BBVMu7AoVKG%
zmtsV&bt}BYosHzQQ=2eMX+lo>T@!|Hn~>*RZo+V>iE!HE<T>w}FuZA^&K?Iemt#A?
zJ+rzKZdBSt8cN166pvw+CnNP@80y5(nd7h+hCVTj0_-4_ttAOd?}i)gHf3=B2})_Q
zAh;iHtk{(45t(mOhLTMgJd>sAt(r2_YpMoBO5sQoQXYmIe@S!oW(-<0tGWKo7<`*C
zc&15dZJIGOXr{vRbTzzQCjc!yJa6$W6rOo=2E93j=T6NT;+j)<e%zelMso&F!DEK!
z!LbbeV<|jei)HvFmR5&UV5pWgJdfW@tD|xpL&Z1|o;Njjh3D0qGll1r<|;fN-)wmq
znFUnT+;XxwrJXAtzsQ>YNC(Tg;$I#91BCRmn#84Iz@CH~9kx)+=^Dq-F^<8J(B?fL
zr0a@Vw(`rtcouG7D+Mi#W0)@lr8m!fR%NbzS(bXJmI5Iah|qu9k^zKNAy%PGgvr4X
z_J6iy03pp)^+AfrJ-bEt#3pC>cuO3^{y18}lGsqKOdoHFW4IZ|B(UI;QlBoQcZ}3`
zC)2@Qt`-cu1#^Os{%)n-MnbIy?jWQ#Ef`w0U|>G2GhuEnD>dP#MP(4Ff3TI*jB3F!
zq6MX|*A!jH(-zTtS}^PsqW_7@B>Juz?P)@E=SaQ36#Y*Nh9^?=BPBY;Dmpx#Avm6a
zm2Z(r^a~|AU5M@ysh^gjd&M(!k0;S@lxUwb7SSu?8I}ssZ8M8D;#5|82GF`j>Y?9~
z=&SJzm!;_JaSG636<weugLg{?N8uJ(0Xl>Rc^0B0S!hUz)Tc=eu`L-Iw<HabN<+F;
z!?KnPi-d-Gaqok@lv921IV*~VNd1}AaHS=~FH%Ddr6K05b>v$y1h!&utc`m=1gW{w
zktB5Viqu<dBOPD1Vi?|vbhK1DlC3&+w_?~KbnJ|K9|Wm`(vT)J^p4bbN)3OvV)#pH
z=&Ce$owH~NYt0bUn!#~A?tS2$-bzC?QLXoh)C+w_8hW;7=+>GvBq|MwRt+m!Gb|Ar
zF2!YaI4*+7-zp(kDl}A!uvh#p19<1Fcu62z3aT<T!k+jY)p)<PX85%=qkVXGy!0U1
zQv2}u2>aphXk+te!+<u{jV+)JgI^okhg-K{XxK*X!}H@+p`Qw96C&&nrSiYpFg#X-
z-zmayLHKoqJ?D1SC1KraW!-9b>n26mJ8viJK4{C}-PUSd#kLIP+mdyC+A_3n%V?N3
zD5bKcs@lmB_PN{1QoS96)=m!77G=m5cSEK`*zZe2{M#}3wzC@2s2xLtc4Wwib_|J1
z=1wJZr@PE)5%#j*XUa_SwP(oNo@9O8o}pZOIg)!-r#gy}oE~BC_&s&xN_&RiOhS=v
zTu_A51mUcR+_QI3y5ZS@0Uapan9zY?L<dSY>>U}NcVO@oJZ8GFu_MFEj+AcX?8Lx2
zQMz$K^+mR<>Bc|bQ@YWr6GMC_k#0PQccmNoc4SI7Y%LY$x%>{-GX{}BjFbsP_Li1}
zqkbD#!qNME9J|_EQjR;F{-YW^s%9$YJfO{tu;180Gd`jd!>~@)8DG(fVOb}U`ktqZ
z@5fFIM?0yasZdMxLOCIAPK4cOC*>V|J2Uj`%;4D6Dhu?DU@obclLhm<2)%`5UelRj
zMP~*!ua)&ZWBNegtClJ>v~;UfZb#%kEhOX{2wdyTaHTVYUVI?n=)&O9g+UJ+2-NDr
zP)+<%X&{i)g<)712FENCmdp9oJvI`|rzG?7C0mcSR8d#hdN0E6@dMeqrwhZ*E)1-)
z)m9TWbXxV$>w-wqBl7g$MX;e4T^OEpVNTdkovsWuyNVq60>Os9?8-2_D|5nz_IG92
z(Um!2LsF&#)h;+;Lo<FL*pN>*hN9gVJjERoHdLn@L(OjL*ygqxyTl7l*wF4DXlae?
z#xPt^ny{hAs=G@sIAKG%cM)u8WjBW9-Ix<LbfO!>G4aR4Gj=@c#_&L>7d$3xC~tR$
z+})Xk4Lwy-Wy=a1YQBqLLlwF+l<Cf#u%XYoGkhvUI1*ZAfDKum=}U+Dx23|=2&*4N
z*w^f$Nm|gIVQzN@7L#F;#CCVPl?w3}0j)!%&Ue#x_fvO<^WAB?lXP}?U9@a>xq2{U
z>%rjY*gC7!My$D8>d0}a&@ejUqYk@i&DH6_P`d|}oqc*R^y)!n=Zqc<(|U-}yhv;B
zhaL>udoX#_$U4f&lr44C$Rcws+f9dtfAwH^+=GF6cXU5$4DP7#(!#Dhk-2`6Tm=#s
zK1g6-5t+D}cT`UOBcK(I%#~vgaaB%Ws3^Evc62|WoZV49m=Rq5k$Rau<a(VG7&<0M
zw9V;`^5if{5JpAnWA<22b;c(!j7^|H+LXYsA%VeD(3*pEHGv^DLDlA~m9es=cF4d;
zJ#7z7!^oZt!+X*+tnA6KyeDZm*^}XTPui$n_hfk3Q(C%S$xacL21n{;_L97Xy%^^A
zB6$aTG3@U}^8W0_aH|)CXNt7AKyL=m-fE4?{^voukQyDS$M4Nh`JYy5!+!#_@JM~t
zUh4q;(3@dLZ&G)yH^UX7K+u}%y!tSB^iehY`Ht#HRY<E4nd|aC+C;baVc61#HqmT-
z8MMB%iB9OtkkpsKQ}CFZ=)JxSH~Z2iTD~7cR6p88r2?i})=jkHKH5ab^kW#+Pi&(1
zJGwT}*84JTqB`wx9wRYgp9KzJMfYUuWZ6XHJ6q7N@8d}CY}rJMcKMG@^nhy#{0wNJ
zk$U)kdHC6nVNE}I_}P!)bU%6c*^l8#KM~}Arl~0P2}Ax*)Zyo8HBzVDM=ByxZ?``K
z9;jd^1;G_2REpGR?x$FH{1b-5pD?g}o!s$2p`FxwDFj#LNTYTN;el8p!`n{?4>UB9
zVPGQRfp#Y{Y)xeF6g(y#D6&68V1JrmDbvFu-Gv7#oI(>kvp>W1{tWQ`n8?bcxQ<Yo
zig3wJcg}<ditnTfC1G)uNPSca^>bH$hVT0`ID9+52j82h1}R-IH;vRcq)^a#(w`w+
zm}Bf{>OyiHOi_rC`psRJe@#)inm5fYxS9^JE?mu<6osqV5$j_0KA><lvcf$#9H@4H
z96Kg!TutMaE?iAVlUBK_`3l2cEnRq(AqT9;n$PIY*9Tn4n(cHg`G6HaV~)FX1NHWz
z&F!#@%doX|b>p`K68U1Bvs`|1K#kX+j;_o6puFsmQ{dYbE+Y}(RaN9JAtqGDXP1+t
zyn@P1y(ytGi6MRJmIqdS%8>6<36)6<86)@>4PqEPNTOo;hnT3CxFHN7Lm0BZEhRD>
z=f$XD4DW_YtjmB969n@42!_fd7_!HIBodGi6UA{NiQzyJL-rNJ0qt|=#fD!p)cR6_
zYQAu?^HB`P#Kn*E0@^_5#kXS^_KlJFnL*BrbH+1_7%%ZNgPj+bOkkKkLE>kIIxjAr
z$WU&g#Lo<KUSwZ0teqn9GsB%1!)Gv@oG$S*Bb*mMox|WWN8)EjI*nib4a3rJBz`8z
zc`?s?hV1hte&$Oj`-=GtpU;>0nNiM*Cl)e{TqyA~qn+%jOBi-8kx-d2&Wl%<GNdk*
zP?@nICRAqJGKN9RBvfXcld{HghREd-DswMPFZ_FLp)phssvHVvPeS!B`>arzr(t@5
z{SqouTtmL25+pDul%O)xGJpi;gc4L{LWZ}r>``xN+2dBF&Iz?2JxrnD>2ij@mP?Sp
zxRVMbP+T(!9~>c&K+zQpAFL25T5-(@5*W6EVaN&s2}n*4qzlgS9SSTtLXU)2tzcNP
zf*uJyS;6o~h!JGwBcb4x4E`%AzDhARiz%*0Lc@+weC@uHq3cQ!UzZTsv?ETCfQYQN
z)0sd58<aGk5}FGtGi4>i#FY%5;;IuYaQ@`~1q(!;bOQ@avw{UCxWEEFB{e)bD!~Hl
zLQSa5iIoh8Rx)_Sl+-Z!s00ga3^k!Lg;p_muc8dR!(KUSf>w~2`#_IX3|&?+II14Y
z;z-M!`S`tZ7m+QM2Cfg~DMxAMm#kt~v`S(I+U%9{*T$V`L#Pumb9fcQLBRk&`!R`p
z@d`7Y4}JyIrIPYekh)ZkE_qc8*3d^?ZW!i*%{)1zUS%AtnYWy<nGX(UfXz$`)UZhj
z=x7npObHM);+9i@|Iv&uJ_^*3a6&Gr&%y|IlaygeeHKQzn?cqkHRq6YqB)1$meglq
zdcor~uy<E6{JBalsnFx<1+GDwNm%s+Eh+ES4B1zUd^L!c)TgT%5?9lblAIn$3UV%~
zC&y_?Em+Mkdo?YoJF6LP3NeDrTvEl?Fce)QQ<md$K3%4`mejf9w4~auVQ9TZEU7v~
zcH_7Uck}pErX|%}NlOm0EUD3J7)GvP@Dx{_OKR}(|GT6n9dlb!N!BGb$g-qDHPk*S
zm(<WO6MwUR4Z{y>#F7ftaP@>-QX|4l{EgRI2G6y$q)r`EODa?|Nt~~}U(3*HErVnE
zsrN0ZL&xNjk}b75hJ_h<PtwfKUdu3Ztz1&aj>-8u=FT)c%n8HUwU%M$S_Q+A$w2|2
zhz4z1NUotLsoK1@mf^};23BL2I}E4sE~!VhRBb#zB-dUk!Lg3PwvK_d-sN89eySu?
z6M9#M<a#Q(Le?<^39f;=+^gLCiYrNQC5PzVr!o|8lE8svLGW#e-uaZZcx$$fA!Z#_
z41?A&e6ddWO%aWLL9mWt!8+!y&JSrq+MW=7bk^#!!>6bQ?Yj{Dd<J#Z)-zODPwKj_
zXXv_KME;_rZti-9iR)FZn7&Ini;#9OB$vk-sujy@U<lqowc>Xh7}jr~S}|xNLy3(H
zo`T1$6{l}x7{8Hf#q66HJT}p~lnR(?S!=}}r)gad-^4I<lgQoeyIr;7xYL<x#R9w4
z^WC+lt*??*zk4jT+XBAXzTX1A`8&n(2B0jN9f^nkqfV5=p9d(WLHj;LZ+V95#O0e9
zmTsat@z^GYBb#U%9&Tc|zlp(9@R-w3bTfn3X67!n0K$dTogw;WDRuj1hHaZk>gCN0
zmo}4BY+-o2Sp-%oHDU`xi7l%7lv0bRmKysXLiFFxWa(GM(NUPNJ46pSYxS$+TNsXR
zA=QtzFg)18;Mq~CE|$!YJ6W9~hwfJ36d~<!h~E9Itnrc=zDs6s)ZLfG(`&I%%kP#>
zDO+l(p9{&g_AD)0`&I^hD+8;&+dWt`m0qG+O2V%px$a2`!CM&ug@ksQB=l4gdb&%v
z5t1wT97$-tm7%GS@cC}{z_EC@`k{^(g2y3x+&PM%L$)#u+A0s7&hM6JF8FBBUWMo@
z&RIu($ySC%TWREvY-KpKRk)H5jr^;v40pDw<FPer<k#$W+rIw_(chgTx7zV7!}f2<
zt$zQO;qten!DAZ(w$bre*=-D^wn<AjD%sV9rB6fjxKxt&Y#YOqZ6vSYcMSQzBY9Q7
zW2pQcgJ(5q@n_#LbpB3-JlX#ONEA|Ehv;9VW^heOz>zEno`>j%Q>_COv7I4oJE@D`
z&Jed<L|CcrtL+R!wyThLRSip;kfw#^`ujYEyr$nX)cKx5-ns7?j(krcuhtHRDmxfF
z1&<l>X76B_vV%h2>m3Y#?Vyk+6)@GZhP>A2DdhFp$<S-32zgH}A#d>cOd-#)M?GU&
za6ZeoXXo5wIUHMb&=uuQWlewUsO4xZ_0)fayz^?-mwu!{`#VH$aDirh`c8(aJ89Ox
z-^uXZPMU__cQRbwDGI5NXc}_=!0>LT3QkgLPSsMQ^ddwbbRomhSpGfIgj8XI9;$D@
zAm7OI1H<Vb7#uzaGUqjBhB<nV`h~41+Gd63j=e}3rspmO$1ch+Ki<VqZI@VDvS^#V
zi(%?6n%2?EhS7U6XP6NeX<BdWVz|CbWSHL&S?!B19AD)VnQ(j;l-w9mw9O06{qIGI
z;}iFPSK4GNrv;jKLFg5<Y&U~rH^K9MS6$A;<AUdzl*tEGetR%8N{}d>c*8w1y-N~y
z&JWGK@<*$ke=9p>E1Sj6AwQCxp}QG^rJa8(J2UaP*%_{?64~;~!cO6?K6}+ONMYxa
zQ2VPN$z5Z2Gc?;x?mBok!@%9-u1j_^EZQxiMhSA))ZGjRcQf@WwY@USOBYgChZb-7
zlNAHicMn7FJ%oXh#7wo^F;Fx1FihK{_W#AI8ch;q@bS<Rn}3pldJn_)Ju*=5VYs|U
z2I{>G*efccl4P^rUWQV8)mE@ojl|ZyZd<{rP{ZSA($H`(L;bzhhs6E&GJLX^wt$s;
z8D{O3_=N9O1^vD1B*{D-YLxw%cDTm-7#i-ASb}}ZkbUlkoDDT5OG7^2$1q@@)sThz
z80PPjKjGfTuz#Q2iw?P_SqxcfsPU_mGk8D4!2MP^i}y1u+%KkA4%PYn3<vhBP2sef
zfHWcPVrbr+muOQMnZhtQg*Js>QW#F9(5BGk07I(-VpAwdn?l+FhD!%%Q>b;2p~^vu
z9#Vm!TGmbBlV2!$Og+dj<)GLU9`1E*3Sa+{X;bjrr=FR7`%6X`!3Y`V^Y6243!k5`
zeEsKr95qi_HijXm{sZe+YM-2fv{D+hpF)iWmnbTKe~{tZgA9&t$Fg`&nqUr7%(9hR
z4#+Q|_9;@(qk{|&4l=OH`!u&N2+IRS57kn^<8`RM>yp|*2BzAPvQJ^Bd^Knf!t{@R
zrANZ~4>9CEL@2|x2PB<rRdYufb~(h*=@0`udmt02?yyo5Bh)+$(??4+lMXSAJ48kL
z2}PIWtGPrUKE#l6h{5rF%KJcd7gev5g@#9A`Yoy9?IDI&Qo|*sA<e3x++l|3!win@
zDerrC*bSw@%TFY(VS2U8q~X)U4E+w1hC50_H9w1njfWZ59%f+EQ!)+D6D2xPh)xgF
z7f8{!4>SBBML$=fms&;p9APMYgn|8@S+qP&){!biKMT{}Nzv_(Ftj*AqJ8!&NAS0Z
zK6->9<p_hrKgA6SIL!qGtgv65Aoz<+C`|A4n{=Y140(@|j;cyWqE$!JqYRCXGC0bm
zyblUkUujq>H2f2$ACVfS9Ay|UH8fWmQmq=&jxt;p8tSIJ|7~OmN(TZ&Ivu75{4Ref
ze~cmI80q*_=?D+7=ooj5A?X-{<HdeA9rIi|Mk^g1g^m|t`edo&mtzbUrH%<o$26;s
z+{YPm9A|K_l=neDzg8Mjgoc-4`a`Lq!EuH<$4SFXr6Jv_VeD~+FNKBzDenVK&O4yM
zrGXl>`(b*ME2LrnafaPegQT+~JkX-y<#C3;g$Dg#RvJVEtD};djzU9+F#Dh@w1GyP
zU<f<GDEnBTPGZx7G-!jue15)S%|2S3V2C|I*@q-HRLed47<z(X@Cj9b{i(>jf;DIj
z!tC#)8B0$vEIuJOf4{?$P_`6?vuv0>`YJIUIl*v9F_l$JW!;%dgxPyarh6wC?kJ`@
zib=Lq#*iz_zF0ElI?0gZq-0umSpAI9UDLcU`$fqVeUc&aq|8meJuKtKx9*zehuQtE
zQBKk3Btxr{)|_J0Nrt48l$&fj$*@Wpvg5Gy9NAJy(t<F1+iPS<>?ww3r=%hKl_C4x
z4OtXsPnL!ZJ;gBil+}>srx=!=B10~oVmNY28gf_}a@c)D7KhnyNkcw6&G6}IX~-F6
z$QgG-mWJ8Or;#BGPBVOS+G@zb(+nx6$&ja~8E&1H2+#}4kVN5P%fjrP)8x<C&oIn5
zBN3qKig2kQToaai!F5W+_Mc(cafTAHptB6c&Qc<F;4H)Tv!d7xrbMjiIfe%3C=pwF
zj$!^ec_69!lzupKBK9JU60!T|819}EiCC^9u0$;V^-PIa@DX(&S^0W~w2D4d==`wa
z5lbqz=BO(b>;Hb9{U<ER*wYjLQKkQ;X02n025m){{qA*|DX&z9oT=8CDxJy@mCE2L
zXwB*Bp32ZNRaNJIs%eldb*jHI%wF^lnmgk>gZ;d8ocqdz`|ggjI?Vp*A7oDOd4|CA
zR&$!3XJ~Ss9B0&dhR@E+mul5Hq7D*8x7LN(*Zx7NVW|rYA6;Nz+mBd5F@md+;z|)*
z8^ZLflB>f7hBkt0=@IwORZmh}>4NJ@m~Pylj?TTnF#Ce6J^oQoI+8*)Xmi3oYIlP=
zx90-Gt_xJIUBAF^?E;l+#zhAEMNzJW(wK){WC*-yz6oZ=E*I3|vl|M5F?qM^@?_WL
zN>nU2O#s%Lmz#3^Q~4D#BiCLR*MS@I-6_Us%jHWq6#OM_p9TIRv#4{!f!sIA*)L@c
zXxVYdCC~q+!o&<X;=;Mqy_pf`G7K=}DEoE=x;oh$PqnxbFLW5Uj=4k*y{Ql<bB||y
zGfNZ@@bw5liwiX2CTRiA`%ONOaFaE;Z3H)o3+z_6JmC2wL)VK8AD$_0UK}p?USDR|
zewpDz^UW-Afpg6d0$yeK<qAV~6PVH>(8NqMxXz$oXUHCx1ZeSrCI;n;n+(}+N@z$+
zC*>b^7{0zEp&_lD7b`ws2zVf&A#DOp%tWz=46h$ZXh>V<#Z8YGW<Qe9kakY?W9bY<
z(j_#cy_2%dbB3nRB{ZailXBh*h9}P@G^C^R;>LFj|GbsZkWS8vfd<EN2PbGqXXnKm
z**PX>=Y#_3;#4%zizD8P6AGkjpos$6n}=g^9!@BbZq%cE9Cy7rp+Mq8bSKuMLx^5A
z$~i+$SV)^7f`!}*(z}Jwoiz;5W(Mhn|EUUSr-F2^v?V}+KjlO0OM!;-A$DShhuD__
z4d+Ab1nWcWVr6A)mn{{)E(ID_Z_~1Fl%JzPehwH_tGFJ|dj6?9V{D@J5v`ODmPoX7
zH<}+QS_S<4r+i*}Eij)jXGngI#QYpyiK~I}f6C{ze*|U|cc13xc$}X*)5nEX<O4lH
zD@e>Z6;gmBpa2J3Ts1?jbKJtB!Ar2D1!hbBlX}#x07sVs9LQlMw4<6JydId%B$`x!
zV}c-p-`zhY%HWeA0yO-qF0G+UUL9uvmG8*Q*MeMlgf<}xY&r|(Ehio!AtD1Fq1s&F
z#vM78b%SXtJ7$>5y1_J+Ev-|zIaE%iY^kZN8*Hq*Bj0gbfMb*BlhL(;Ybt-bLsQw&
zI+ZQeR8Fp7oywS1K+0V?m2HE~sk~f(<3a%rucTE#tGnvsIl<;sRw~F*rXWpafl6{P
z1g#)3r*dLJj<E$f9OJ8IQPrEB^s1z0w31sV+XZL)`Yv_yKtYcE1v#CGdRLO0w6{A`
z`(Wox-!8~;Q!v0QaSE{Lp6pz5u!$?kRfvNZ;_zBJ1t@b*c5a(<CfXO`XjzClH#<<h
zIBg0{60>s~3URC{#Nl`tkwsB!c5X_b?3`>VJGTZKz3)-yZWQ9UUPyLsdZ6swba$q2
zgPphn_92JkL$h;9Q-LA(W#^(p%+8hnkR#|r4zJ{?K;HYZb7e!!&i(iy$Jr05b4P>J
zH`AuVBr!YpQDKfEg*hC9!rlj(*cT)_CtJ$S(ji9O`_#Esg*oC2%g!APQZL+dXDSoo
z?A(aL9K!^IQ%wOihO(s&yQ&B2YwoMVuEQIF`hhC56;rh?IM>GyBuuR^$FjoQ`NZQ^
zVUFJlb9f3e^NB~>A{?<rxHDC*ucp8vP(AS|@qkk0y+t^77vX?+2O=x`K)x0bY<P5r
zCmy1j?X4!XnlNuuu+Pc|)@t^TA{=Q&xU-s-#17SRuV#&+9QLAICc-I7da96qD)^&U
z4`k+9lq0YxcP3{|i*hs(e~9F4U{Q|Gi*k4h9y2*xSd?RaQ8oVO)L5KzcgHiq_OOR?
zffnW1FSyKv_+p?;C@%)OCB)}~?V}%(S+|RF+$_p1330Y!9K0BJT2i+dM`$rlhFnsH
z$d)SUQiJU~r6EmyIGXrKL#``BuDcs@A=sY%5g9VbhvN$$t07B#I2QSkA;0@@927Fm
zO6|5X1YZN%#o*kPA5*3F@FR{JA8}`;_DOM$PQ|&iQp;I_!&X9g+}HFogRvzzhL_;Z
zO6`6Lj_W1J{cbB$ZwF?s)RsSzkgk#(txJl)?+9{LY6l)=hK>ZO*N)zJWPN3}dM@e{
zWU10BN4u)DypOY_FH+i4q4g;LAIIeZLF$)vV!(b1whwtsMak%r93x9|I4(tG@eorm
zM=R!J!Td|GzC$waEy?kNU_Ku4o}cAaQOs$A`BJd{Ofo+&$?;S$CuI@7&0sPpNSzLe
z&=?w$Yi2qHlZa9rA*Cpo^e@HHqZEgyATxu>ol+cWrD!$>sgUOq=n5u@=`@@5d^zg)
zieNH@$i}3*g2~^RgUL6lZ!yBWh!CH@(yhUypD#xrUkWDQs4(wpWeg@WeL1H4n!#l8
zJm9=*<b?DJAw`-#)uHX32c-CNeDBMlCC>xO`*DQ%aoBF8+7*)>iPHe>MQ6VMFCAPH
zCjFgi$9g}GwSw6E!b^}mtxKK;co<stt$$hVKj+7B#*gfm#9Xy(ZuUR(<9OmH>}R*-
z&eU7j^4S?X9;rEaq_oNpD0I&8>@OYK*fVw%^ykR$FV=a_1;87%!KI1byz1;-MhwA(
z1wbu-j!OO<+Rz2ST7QnE{v4iyOrN~~@C@Lv1#sxg7XWPnIGT$;wk!bl25{^M;IJP&
zV^<1XEfrc1bj~s9i4N`J89P`Yha*r}HRFsOTCn<Y_H;ly*g5-ALAc_K9bthSL4h2e
z;*P%Mj2)i@a&!}{FbW2{V#KW{?lHnUfNsBgVtLE3>3R{t7FgM;vX+H^rSkh1zGE^a
z4yWe95<y0&Ckm<?9Yr@PhUllB(i!u;K#r?{l%GgCJHlsJ9z_ib;^-5^VYG~Pt={cV
z)q-(MDx1~$xsX^ZSOt_BfL0|$XU`}myba=b6~y5<6#kxo(pWL43FfLHdTq&EE|?=a
zn8Wdt8}k6Um39i24%I2xZ8NGLq7QjSJ6K{cN55cB164Xi{XT1^sBA;@XU}M$mIZUn
z45oqV9xPpG+DywpRS)4P8^U26h;&(X^_l#&5*+@~?|U3}JW^r)h33v7dW*m1*NZ|p
zl0!)IXD*MNWznpMa=Z)SaO@1r>Y-2jQ+5mwQ4c{x4fQrCPm0hm>69InLpjQaa%jU(
z*)cGb<8$#x;wd{8hjPph<?s|d`kYgCTngp*F_gnGisV&vB9W;tH~RrAL)1ePp@|3Q
z{pW8&vU!DZ<P76r>q6Xtv)dI{y5PzioHzI%;wl}+5hb_|gt#N<E+{V9QV6;t!Fl^h
z32nnTS_=tRL);N`hN}F0W&>J4urc=^a*okq9AAcUBCHy!KA$KEO9vY}|H*(L^9og`
zh=L#}*vR>ua-Owe9IL}9Cp;6zaVm^*!lz*ze}#z=o=rKSPdLX1;VRRVYV#sRNR19Q
z+CI19(x!)VObsV#JHk1(hjVzQNNG32IWA|G#^E(bY-GX4`V7+IA~>2ykhGx@9D^go
zW;;iIQ8I#KafFiQuX<cfNDB!z@It;KE|MdEB=xvTBuAx4lG-(rqjMyOXEiBxdL+mA
zNG@R#wL;a-CZtvj&KvQPay}NtfhfxP5~Da0qA2J4F^c1K6o;qaF>}5$(H!B?l=F>`
z<`@}GS%Or+RLh$4&3Qpt!mVhI8_^=?YZdB>=i6Uo%K3VSs+{ka7gj8sde_2$P)pAD
zqO2?DGhSv%Kf8h@^zX0mAE)wF)ik7u0SgN@M!vL8s%L2qR+@%CyfjB>X|aRK;cr)(
zqj_mngh**QRZERdWU#UEWd_XLFs0gSE}&HoHtxQZn7Ps%r%Q7<el43tfZw|S_(91}
z63oql^G<lBL;HOJ;8ljhQHDc1w*VMjhGS$I4o^X*-(3LgFT?Re8JbQh#=|0z4F0b3
zhuvP$bml3`;Z;^7eZLdg;8(6+W#pyA`tJphIq7R9Em@cs8=N=bHRYt`%W{-1OF8Ml
zvK*h3<?s|_W=?vgEXOZp$-LLfyw{<bb5h%DGB2<khkrR?UJi=kg<e~JpUIw7%#f9e
z!7m!7LZ&dVMX=G~H4T2#avY7yaj@HEtq&kXF6bYoUK~6R&{_qT-22*^3r;M@F}@t-
zf|A%!E%(BBb2*NU<xKAp+svgfxi!j`db`-yfq6pyr7h>DavbN&(Uy~|JV%c5wB=MN
z&k<doJ9nG$<vB)|=WzTPmU*`^eTapt_XCLD1O??j{V(~@q4FGi%aadzRp7{8fx}af
znLgC80>{S{Xp*ED4~syT53T!`CTU3pjzty3Bn1)K-hW*_G`n;LAF8(ih*8p#=9#H|
zlhk)Qv^EQX3l%sHR-kM?M(L0F2GD-%%){PTv-x2aIfhi^V4cF<^X+bmRkqY~;H#Z;
zbbUkl_Ogl`ODf8IyMMUK286zAoxO*@rF{E%MUKN2Dc`nL;y@*_J$*y@cBM)j6)I7_
z-K7#ohf0)hFRH}xO(n{=r2<#Wns2{)L;3bkl{hX|lKJ-Msw?T=IP>i?Zz<pYw-Uz-
zVTib6=G$c|b3|4)^X;$0UGX{YZKiyC5#8?h*75;R5oT9~yTUS%Lrhqj8kq3;fOes?
zk2zV1l{xxU=Exy7s0V6NrwN)rI%hXGr}dRNR#&FY>2_s~KPuDa<Wq&Ca1}9%^J#Nx
zU4^4X722F;RpFRcg*;IT*DY#Xn^V*~^2F0sI8Ig(n-hz0b-vlVOq)}o2(>wV_AX<+
zL7PqS2usmXI>Pc>mPzGZJJr^AdWPD9e#>&K()%|j%54v*+!hM}ty73z7B**Y`@9Or
z<0{;Vifb7qhhDb)-BEF^t8&Cv<zPdjGGVh4OUu+IT&QUkqJJaR?5@hOqAI1(Pa_pl
zd!a@257jufSL1N}67@b*+#A)A@P&ZZIz)dhHN30F@wggk@K7B|wrbc?onu3F4u=t)
zxoB}}$R4F$7bG;a3DH|<q~WjX9Ji{IhTKX+%p!}1AvHL@sKLQzWFDUUN_5g9Kx-SK
zZ<V5V)!<03L81#Q(P>uE;WaseYjUvd8AXqp2h=UCo+~T{w0a@MJv?mCrp*HqYI1b1
z$>ET*qkg!U{*%r1tR&n+R%d2b|3V3rEtS=O6PUM_5H7O%IW;+E37c$X-0K3bG74T;
z#!bSCz`Wz6guOL6b_)rGGfD7Q68zmIYzoYKTuQiElj9E|Av%Kukx2Dc5@bt-z#jsQ
zH$s9)q_WlG;I-r->L+F7^8du0X?LK}O1IHx;A?S&)}r(}t`<l0S~6*`#WA=R9j0!q
z#j#k(HuJ;*N_I6dPkRH6EmB^i+8hmPle|xBb0pR#dGl&>%&9HX^~IDgo~X^SyS7T#
zmz7cJx{!J*Fz-#9&6%zze$0{ZF-64RKjujNm?C1oIvm~Wh;)51Ma0xP94G5gMEs~O
zN5Q%j5v2mATGohITPPC|ab#VN;dMns++D^M5xd%K?h)}q85I#HIPc20W3N@Pn9F4>
z348xat}wXkeH=HdSW@<aRsSPppIb)0tq4m1?QozGX}4KY_LX%xme-{zI9ZqDcwG)p
zLF;^>P+g9Pb-BAV9Wg@Mfj}cEgS3V9IOf+QX$R|Zq|_6ckd*ec9>=YETvo(VS{@_`
zX-5K$WkQ<km4q{ux|!}ix<Al(V<(@QRi9%<ee$Uv>T~R<PbOTe&vB(b`KVU|4vz-%
z$-`VV*>l||`(U6E=&)I<kB7>TWMS!<K%=9>=1hRMHQ?CNfP)pU;GO`NC@XVXpQV8I
zdtk|ZLaa)F?>FGM+kg^aNz7HtJpuM=$dR)lmvMGud6mft=`BNaUxVUo)rK5V4Jpn_
zIy<n;5@*je<T%ifgPkbvvYYLyn(1=}70O9-WJ^uL&|u!ipy<-H5l53oGP+bLCkITn
z)T!9;V7|qmnfsy<$7hYKk7yP&;`pW!&DiNi9Qzu{s8UnOoVE<mMh5dYQcjn~9Gx0l
z<xFVIF|M)5gqF#-lQrhp&{$QUP0GpPYvSImq+lM&s9P~jI2t#R-D<8(Xzt#vQNes1
zBXd4)!ZDzU)tvcFIOa8>Zk=kvvA2ml?rEtENfF%|9n7~#<(*?VI>yLHRDG55bU`>i
zIA0p4_%|hnV{8n?zn3u_4`V3)jc>{^w5dpEmr?x7)r^BTqxjdp8Ar=z6#t|GhiYYr
zf1Kjqx@H_}nu+)~s+=YM@l5e=Ryh^_#yRi0e-eLTIZO0=Xh{OU&ze5CvL*Jls{9|Z
zuanDRmIK<@U>@p8Gjz5Y$LVI)8G71`<F97IVV0A_lx)uNL31vP;8jXmijX!jnD_Ri
z7_hfF#}Cap98b$-@z}{+gs!<0%#(wSwUYUHbB?Ei`AxaZr`sm;u5#*i$SVMCO0aQD
zGKa--gv4?<u9kbx`Lv^=WR@*8ss9G@JlQe?TuI_kE!S6_19|&wHuu-0#>R3qizUAv
z9?LN>R{C|eiYh({tKS9kkxH34Js(z7PY?xx7Q~NaR&YF)<7h00r=T&l{1wY_KUS?{
zDTS$)TE`wi{8ctuN|oX`D#XckTuiAh=H5?R5O18FyrfecM~678myC<!7!ybR-4e&K
zE>8Bhr0Q?7=#D*z56n)=U&V2}h?DEMtRhSkge)lE#vHVcOSIr9(t_6U=PfusX+i7w
za0`xoEjT;{kGYNu#&hJ2r*)hV&(S%a)^S<Yr?M3@uj3p!XdQ2h=hzxA)^YQSu5}!o
zBhxzWQBkeq80TFA_F7ivClxI#c_dwRTpYdAFGa7E;>DfA-K}VGcXxMpEgVqX-HN-r
zySuv_TCBL+d(ZFvBRjL%O*WfNGTHgee8<CdS&HzEKRUK7xpCvV`#M#D-FRN@b2{pP
z{=py3HvDNv>Mb7Wi(T%mfr!SA_{^bhp!ij?6+N=joDzs_npls6va)1a+v(PR6#Uq_
z>%DX>F__7aS`Uw-FL78&&&`2w*br{lO(Dr4FhH_`RSJ7t|7FGr4riU5SIe;j^9-KG
z%rTxiBsU~b42XEx+gs?tfE%Jz$tBg0M_1xU8{Jk(g(zh+I9rYR-;OWT*o`(itx`qH
z9pbjvhC8DNn|wlC_|IyvR#~cZDSR(H(aL@@xB0u0dcwla68?K-u!=p(kf9(0&aj~k
zzy+*F$z5%&Xh7Y|Fu-twP}}2vpj-!00xsz6C%<d<xoi5;?$x8D6qy&4evM2wtQueK
zut8(-;hE?w3vR#cK$XMw9Y7@5iul`+_bbKK9QT{Y(I2Z$?IPZ!<0**;UNNPDa%;Sf
zcl+f?oVetNkGR!1CUOMT-yX@DKb4iW;e_tSHJ)>{k)-$Ps>TPM#|@eHtI!=+qba7w
z387;z#KG?1rz+kLZ;N+$5uQe3La_m|ZE<|X(Lx6bYC5FhB^n&Z*}`7|rjwt}g#yAN
zLc~_IWOws!Jf(GRg95T$$DwnY4*zbXqlY{h1^}R=E&3JnkSM?2kR1(5+j2!mL{Nlq
zZ+be~X-Ci6avP?8d|@)|@m+VkwV_lTkk7>8Y}nJ7mCO5`1D8s*+i}ia*O)@JYc4mI
zd(I8l0AX=|fk@xE6hcD}1Lw&tzNDZbT0s4J?&ZV4tZF=Zto#9=QQ2zz3UB?zo1#Su
z{^a3iCOe@UTD<Gq^{;yJi4bxj4N3+3#FX%0Tmmi{mp?{^sYUli8mF{3ybg57Jz$M;
z$YfrA6m+IfxAU|`JKZCYScX4pELH!ZmT#@BvmA+y_(6ju5RrdM@cdb<?C|;l-g9&t
z{*CJGhuQ<%=N}D4ZAaf@BK<C6q3O9cTPj>Gad4n4LSJR==XbAH6=qzjMBY0=&Ihlx
zl_h`PWYtG4g^yw$GiIJLi_8fMd5gpe9yrYfijO5J|01Kq`p1vR+`dph_y6q7DH4!r
zc)@|NtvQ7PGFW`#b27`)cbvM6#m7!ZS?-xt_r?KwD=v-O&@KWoJ{*C(=E%ebE@?g-
zpP3$z|F~lmnST0zMlb%8@pdK!v8zhJlM$bOaZfGOVZ`Mp7#mt73*M|fEW$lQJ$#dq
z#q?$Qs->*=D45ZkZ}{DAJCB$18aKP29BZ8@qp!2LPBM(2gX;H2NRrzyEJfzDkk$x4
z@Y8dek?MIIeP$&Kep|Euo!#R2gE%~$#eI9S#gTbDR$D<Ey0x+%V!6pp;d(T)?y-KU
z?jF58Km^$0&^hhBl1Bda=4_A0LGIupxicdkCgA1#^?Wi{{;mlup&xzh%Y7TX#bF}7
z|9Fi4%{QwV$uY<2(RVD@|H4+Jej4J#wl{<9xqkU_gx}78G^5;Uo5~hTW=Jgli*}16
zvE|%WWUGjf!N)`3B)>@O3(iYSx8DwQnh=&homahF(2s5;BEFj@?&S+Qqq>ZT0h5eR
zZsNLgaZudGG#lk`s!b|&9(01$u{nLC^+NdaaH9@&>Z{453p#+A?s0i=!H7ZhYY=s&
zL|bN$*LaMiH`3u>{?vXhf;|>%N595P0)lk!jwADm_<m^cDZ7O_^zAOJ#LY=BzBK$i
zj(=&96Ta!G$OG#;Wf1oqyfYU~3sUqc{DguMT5yv-^ewZ}dZ-B3HBzo099xRZ=#t+(
ze&4JuLMYi{r9l58z$Jc;So`FblZE(U_Or`#yA8r{JPH08ZJtvW(X=&<xJh<9ND8V|
zQz+iS2Vq!|#L$!iFe)Wn*A9w-c3MtBBSZ#!P?4Y2N-;g;hRPP67KAxkeK#Odh{Zn&
z%EjLjIlzgQXGP{gyIK1qWQ}DYpfKYVpy5a*{*;?&=!QEsYe)qVKkTd%I3nCbUsXL%
zX_d+$zMv6EHAjp;J*|6~zI7WWHggaT%{pL9zS&?87x#1V85b<5_H!M6Q&#e1g}?wv
z*rFO-sEt?|7lQFILlPRM`nh?&VfBhjWpHO2pIyq#am5EWBtzYA&JFdT;=hxP3{jAA
z;YJac=EUq^GYRi6DV?04;@^ms)L$x1?(@i_E49Pz`(2VO#x9CGso+bp?@z?xD~l;1
zJq=4lZ;OZHIzhkHu#tw5QH5EJC`#gs#FvEpze&zW5s?y7TJnG+yW~PF=5LvW*f1iq
zG7`Kw+Zd?St6X|oDk(a}RLuQN4P;dz!in^Er_9iDKNEVsEq#G6$Vt&D1k8Bs7U$4s
z++WPOqDGF=U4>?NdbSFgCKKMIzr9JP7xyr7zjhaRhCjvUU!@q`bI$SkJ^_aV7#EL0
zDyO+xR@mz>E5(>o4r3c~X|Z%Ne+dl)lvAC0g!8%hu?N8t?h)j9EOZQR4-HYcUYL#C
zi*l-CCej4qx5za|G{V;Pt5ngcikVwp&yI+rDz*t`XljgB&Rusdf2pFU#T`Auc@MSa
zW1@Gt_`-Ri=;G(0B{MSZe{_<mY^)&g5e_=KV?b%pL>*FbYJFX%@S<GA%ID@MkmaWw
zT%jv!`9vok9y<+;Ib7jedkuz*d(#>yszKe`{Xut`#FuB>nZ&jl@BPaQ`b0jTn<4t}
z_Ilp&XY%nu@vWP4oC*W^gR;G#Z2dchbfL@?lvds$ndaA-nShNBY^0g)d~UtSWN5Y!
zGN(w52d99hDDVnX2%JUObrEoq1$pK?k4<pPnEN^s6Z)1Qu9N0Os;pnzqa}YzIWeIC
z@kR^|<3e%b`A^=fMs%I=u~0C%TS@XuQ24zu_gb_nGR^%!8GDUp(7khjUmmt?-u$qW
z4|g)hELNHOXa;?TMU*4H>X0MXy-8zOI_~XZJgcn5BT$g>SOj+{au1s=nvJPZcG#xY
zVuU-p-<c0y+j>?o?}lntQk%^p<@2qhlFNigwAP-a3keW+^!sdg^wFawUnm)UgzM?T
z4kn|zuSXr+dGV*WxCI51&*D{p0>j8U^2IU|)6c`r=n!yTt`xYY+ThR^=S=)srzR8W
zL69kwSXc}d#en?&?+hwrDd%CSJ;*mstU_Rd^ZSYFwDL2W1iez+VVuH=E=>ZyuoRv9
zn|va754@Dwa3yYoD%21vb@4fQ^io2FQ&;8yvlH5XGc*_|zpKG5DY~*d)*jyOZtWUy
zCFNE=XA=D-!L->Y3DEU#Qwz_4je%j>pVHYSH52^m&N7@jx=?wZz`Z1!eAF#87HgTO
zefl}_*Px{5T{TykA8^{goce$|&_P*nD+*|F@$U{(e7V}<LhdPi?*&4uxPtR<F}^|E
zjs9&W6gfnu341?OD|0c(<uZ|Aa;ebvKiLDmpaZ)Psoom_yiu;_o4r7m^Ua)rvQFM2
z&?M|sZP%8eL51l<bcFNyR{qwoBF|QxzkArj<Hu3=tksNB*Ww>r1SY+tKbmC^?BZF~
zmGui3*3ta>5f~TRPU)ih&N3fbSs&35%?zl49!ktZa?LWR$mvn`z@W62(C)%8wV)*)
zc6sTOxBlp&Esc0_DSq^LEurSeh=E?kR}{-YPwfETP7^)0B;#KOTj&|weVACTZOa@;
zWYVjDQYOv&!KL`r%B}NnF-@^XF-;E6AG1)erjpk^{>4rm=`=aMIVvxAlI}&!P<#y-
z%)V?<`73PS604G?L#)=>{x;sMD!Ai{S6X5uO*O@yif=3r!Exo!m004F6*+Rj4Vo)@
z@D$&M&1F$(q`)LTmL~GKW)Iamr~gMBP5&cPx$;L4jqc$BoZQi6j$Jm-a^dc!9rg06
zl6IS!-**49=O5mk;BOcIT=t;#m%$6_F7z{yc#yi~yKQD8@oyUre^RRXyx)N1d+Rx2
zZbAY(()z9^Ud<2-dOirVR?{l&WMwuA^P5#5HeM*grTX`{TL+1BX!p^lCC7Hih?S(>
zsi%UPX`4G<Rub@hUR>;s@O(DS9(JkEcD$>}b_8lnw|HqymwRbKlJ<1@v&M9}+Vi~U
zqLx1alynDFWzsx0pPSn?>u~`hBHT!Rf!aF}V!YctH?C}oxMbz)%kKzJGl%_5l9+g{
z@%(}gKMvqrNTFiD(v(1`+Sqi68Y>s>#16!0^-e+nPj7O^gCj_!`ovtMKMkK~dVdD*
zd9}uXV%X+NoK^s@ZgRI~dUvM%Wp&2uyEx+2@FxMh!-?Hgl6Q&gdT<|IbbURSl+0Cq
z?&nnnqv!)<XWym*0X`LJg3t61A3G)86}TPsv*+XQbw2~$9oz0lTqkFLSCyjAFsIb>
zLBaZ*96~jW`^hmrQV4qWns(bUFg{LB@4~9T(&;%Qy)#k1r{|dN&cD*3`)^LOToH|j
zRZ~*D8;A<>9xdejG-Fgj-zJujd*$wKJAB|YbM}}@M)#kp&S~+m;}|Yob=p;av)Bz@
zCNB*`j)7~4@Z)ay^9c{K!{|M9@CYyWYW;-gm)c(oQB~>j_JqV7I$>mv=W-&}81Cvs
zgLh-TL2(RB?^*D~h+Lo>^sjm1j}H<BLEBtDhU{&7;sb|ZS1x}}-KmTd9qKSD!qGeC
zoW{T3+e6zfO;1tK?wYvoUcW!Hi=O>RvlBpafvuc(k^R|sCX_7k$hvt6P#XB=-Ig&-
z=UY82Q~A}x|C#5<kbs8QL{8Uc@GyoCq18Kc-)*WWG}L)?^}O#C22?})Z78?ugAaZ5
zUC;8a2C^?b_#m$O0O76Herl<WPgwq;5hlCahyMLxV0qVH-k1Kpc|PXVzB)(Fd@bjN
z8+jCUW)*S9&(V$H7`792MWk&n$l^G<`*8`KJgW<Aaf>t@dce=g=*FVo%$k$G>l2M!
zPML}YA0BZJi_duEY{EHw6hHq@6p^clE;gpj&s8r{e`MBx#N8|naRd%2j3{F8s9YaV
zbpCuI9KDSdPN!TEKl!u7xRki#FvD2AU`02`W+#G+?W$Tg7Ac2u_ivK~s3Qi-*B}<j
z6w4Wg?r>%pX4S!*S-kAg*eezZIoY9r9z25uzsh7pJ!~$`eTyW-fuTJVXO9!w#X1r)
zKF-yJ<&O`jBXNTj-^9d!4kpI?SGDt~`szqO5`sy~eOR?WLj<#`V1_BaL-Xy;G!_X<
z%@JRBP_YNqM&y@HFUJaHcB66VNxMyHM^k!^x<(1o+H1XAgXZL{6?<scNd*DAnscPa
zWSoDWXUZpS3aF;ftCNh0T{@FjI+s;^_MsQJ(S6n`g|+gI<7#fDUAZ}(wk4C#AxjBA
zjl`V@1lNy>FJ6cYmkIP$uY9Ht8arB%5g^XA<Rm1-&zPToV~C<))+!b}1hBzEDS9Dx
ziu@Jr320Cdxj^xfMWA;<C_x~_RXhf5n_q0Mx^D-)zS3s+*0a`oPfh)^<t;o=-9(n&
zOzl$nm*XX{8>&*<NcT{L$ly%2&BB?fynoS^)A3Iq@S5L-qK-JTD|KkADYm6tQa=$T
zpFHaQB_X+$*(j|gungFZ>qOBS*D0e%SCg*uJ$TFei|W`&L~yjEU4y(6H0;J){+emW
z1BRae=kXt~#t>ilU8u|Cf-MFhS#e@q0YT3GkVfvZAlE%AZ$I!rW;s6idQb|qOwn3P
zAxY}PJsQO-i3Zj%9oL5<(=lzuOG=gotuwmkA2{6!TQ!Qy)cj;F*pybQLZf}#Xx@nW
zA<RPl=<nu31&b(gaAb5|gZY$0(9P(+cj&|!2m`M%b{E(Ik>pr3RSx-mU!Ep*l})py
zJ>POP8#KUT^_X^C8825x0q&w<-UECG@w>+@@eJOYIo{E_gpR2aSi0E?b9Z){o|-H+
z!FWNzm7y_L*PMn`9>b4hf;WjSw}(T#>Mgad!FW)u^ii@O?`rRF=NH=_Qas<Ep0OS^
zn1xd{6z1HrWcf6}L)(4b+KgAzKAdOF@(c{r(zH@**NMv3<$~oEbpwSgC#HMxO;88>
zXY}=RQOoLMt1r=3=nrwQg>bZ+k3NNXQ*bf*fl9yf>(&7W9jCVY=-qcsbK^ORFJf58
zXagl1RECJOjBlsib5UDoMB@jdd5hgqw3`~VuiEzrjGou3{>+z~#vG{(bUF-*ryF=~
z7C~6h{#7n}Q&OA_gb}}%)mjyulJK-%1_duv?R?tDkkD+m@Vl``*jt}7>Z7_F15@bW
z@|Nk~tj4?6L|--UQzeO>nExc%X4t!W;y5o=I2kX})c#SGefYAbsQ!f?C6IoOfUA8h
zYQ8Uw=lC0+_Q4Q37=%*qoAysIY|#!w|NOAZR#i6wD?GgM?kkoqIzdVIT9jA$rkTJ?
zg<Jlz)#~(9`DSYS8l)Xx!m2RQ-oo{a6tU@ejylLclsRMCbLxBoSnlG5=aQ&^%59&@
zw`#Qc({TU#{u&<HyBUx_sK8g@;gwEO?Y>82xbAEU_|C{_;Y)i7N8bf9l@=IiyTLWv
z^h9d@*CD3ypiWl#Qm(l4wrFwsZlw=s?dDPG3sE}dBYho3N;+FMY3ydyh~rfGA&vd=
zqFlbo1%X?8_}|GF>kX>*kY>qFnVjbe$NW=VPNxW29P1`BO@oc*pLX;wNWA|l9rv2q
z?P5zBk1@|I;?Bg*O*p^6s@LQz$iVX29MG(w)+|MZj_%e~2NJ9=x79jUww#q4h<CZ#
zwJe8?cYSgDs&^!|?P~Yay~IGgsR3uRGLYaUM}v?bNM&y%0M#H1v{BwlJRKW#wJWG{
z9=B+I57U|t-U&pD?zbPaNOAAPd-me|%)nm@v+!B^z&~aCb_mVu1WVel#l%zEOb@U}
zpZ2R&Z(}sY2Faq8T(L>TByXQ)c8VC{gS%k1S-oCa;i#p#S64^TGltuo#BO35#h}UB
zUfY6AXUKYtK74CQ`S-@mUC<lF_|P=z?Nw;D*a@>}Iw%!6Sfc;V&Zj2(_=fn<dM~vF
z$!>*%$(L{ldy0NzXDAcNZvQ)m$)p=O0)F<u{*shh1KG3~XU!}UT4NI@&04KpKAtp3
zo1u4e9>Im3Q~oXm=a<DQ3-R1T%<~%8GK=9ZS-Xnu{g6s?QC=@QxBPW8P8$*0HAkCz
zyq5ui1e!HP&j`GO<`&c+kP7Y!pl2g!*WyM#Dj-!P6emXv)5v?if#cUqFloUa3X<_Q
z6W=+-Y{BjRiz-JQKs|qHu5k5xP5*6W(%PKQT4`v}97#a3gyxo7rwF_$O?iEtg9&-O
z?CWPdO59~eLp*KGw%hgZoOX8L2T2Vk&iG)17qq5r+VQ)J0X0t2=CQlTgU_gsX{JA3
z?8@;ro7=$ncekdew#~(_P!SK&BXS?yb@M#pTbxG{Iao&$rAXBg<5hWZP~{KI`gHBD
z4Cpm8UnzEy^0EdBxZ5V94zxEBvNShK@Cntvmw1gtEx~VIHlU*KTFsK;<^3u<wo8<B
zAGhgU4#%}m{vqSOmsrA92Wy_5geBL?3{J$$cGrV$I2A>DKb&;f8_?wBE6uwWQ#7W@
z;=dT`xUuv2_wcD9M`m;`WpkusKZG)m=+B#t+Emx!5d8ASrHwb{j2|;C@B4np9wjHA
z9oC;sHd@ZNlcA&Twu7*`?(`%AKX>DPg60W9pYaO1+Za6b54Z7(q2|dkV9bWa<p_N}
z?uXg4=HE0t`J6UWwLM-lQ>iAr^7>7dUso4qH|jzyuNz1ZNH)QCYbifdGPYV&z7IC|
z1_7DTEH`0q-cil>V$CPBPvFH*@zuWXrfN&%ecu!<e^z;$nSxP-gGtF_s@~QsCR8(H
z2}Q5}uK7=lDVYNNQ%F2r&by1G$;#36N~IwAFJ=eU7pQVe#E^Vw^ao#dK)ZE3U)z1I
z%ezP)nW80VLfq^I$`wKPG}h<%)=`nnMQj;}Q6+s{I8Rx$AJ+ytcLh}Apx(Mf(%aRr
z>s}RNYn%Aj@4i_pPY4T1UWTYX$@cyL4@LM66#}F^rC}G<@4<F^1gw8dC>QUoTE_XT
z**6PGG*!1*%cEL#TxiNMSavCIRM~A$r1`bJVQBvmyST)Qs6u!eGSbcA{H}|79W|)6
zM5eABa#P-@qa-wk2}bZ17c2O7hj4y^y5nV<`!KSob+Ix@udaK#_oj6+vS=k;DPCoU
zxunpQu1mO)M%m{f@1*pjFVzdwGh%==yj?pU#Cs!(-S6E<2=@8GGQ9tc=4v8VWA;0B
zx`3ZD@ilX&qK>*)S(1?sT>Yh`Akb?Ip;=AV?K)x_V9QVG>2Q<;d~LeG{1E$vYW5jC
zn}aSE4u>$|^I4~42xY+#q3lIaA(W)VB>2xXLP&u0mp~rWXrh&N)f{v+1mh}n0WT6R
zHCbVW%`ZYgSfMo|S{TP*cAK&(6gC!;k;lx~cWx4<+?o)cMV!DQ3K-@)0O}nOrXQ<3
zaUhsoWFX*=xUcZ?GtAL4w=k0dvq%q+Jw1wSqrZGyj-gs!LoJ8ow|+%e@`L@tPhp2V
zev-y6D4`|g9U<3j*=Ev?ddmTc_a&8)-#HTr5#k>^&Q6XG=7NRpnnGO?)qxFhC#NUo
zOnxkwI;j`=#8)^qSGt5fPH{t@wyNb@DB%<;4i3ah6I_GyATe}|31VyoAN8TRM=-@p
zL5$OMr;qAL2n4t&ndL<t`xY=Tq<B>7K~detxcW;0u`7bO_7#zcnj}Wp$QBYcoQXr)
zRC~3n-}l&Y(Y7ol9PBc#(Lku!r*jTnaP!^11qJ>U$ZzZ7QqSE+g&&inGX4zI&&@F|
z6V)VXv(+TI@*+YXJ4kxZM3p4RMAn5LwBhf|92&>lKV<rc9#Y>sNs*pER$`f|Nl2KO
zWkk*&JU+doLwi({fZYi*8SpT@4AV)BzRER<ftqnqGwV5zetx*&d1|y4q;Bxe{W$xv
zI=U5w@B@$ejn~%X+5OsnfpV_kV?zwY9rg9O*c^It+Z@5q41v^__%V$Hp-FhglMV76
zV0)+IqKz)3FYeh$&%O`o=+Z^>m|sXEkXE9=&?2Ni(tQpSWm9<$AZf7{zSJh`n~p;G
zbu7x3>61e;!a`EAk*d&D3)<OYX=M67`xO-uImEbcW(dYyFdAh;ZwQhOmq!IiH>Z$I
zDBam9&MYQSUTb9t@>?g60|kIE0_+qz_BMhjANVcLP$HLZ%mAT3$T0R;2`DfcBqgjN
zBs=lf|IUq~MbC5v(F5zl0(LHy7-5cyBoIDBnn#6j2-GC`jWk=+Ng;Bn#|#}<CyP+c
zP69I&Y+<30KvJSP5kTAp$kj&&2%VF=e)IVanJe29oFw?D|B$8~QA^SWP#h$q4qpa0
zjIGAxc+$~qWN`vx5*B6`-lO=b%!Dtkl>2C9kq}68!IrYo;Q9zpV~-w<M&AIlSCgSj
z|L%t<@QlKph+55Z-k)qGVv_;+qQIm2$}dt&s!`?QX)hh|`Xyy>I*Zb(uDfN-WmW+d
zUnUwXxk}5>^E#$pdG!jz>MV!k58;>{m&Q4M$GIVOS~D|aiAx&wg{DU2lQR>^)u7a0
z!%$G9U_i3D%a-C(7cHe8WdwJ4Iya;z7_A|9O35t61mw~B&e4LbEG|*eZyXYZCirCm
zKhn`YL-(_7R1OaCeK$q9QBdy7E{ab*U#<-jR{M=TKsOVKvJ$y-mT7Eb(Hb2#3LLB@
zQ~XyFV?rrlEB4regI+($Lt%#ZAts(LW8^m<Ia8U2gGcyzUciXz1M58a8jO-8wL=n_
zBco?~3#1@~!jTdZi3oHLr7<AveH>Lm;awINdM5jGIb30oE80t5NPNi*xfwQx{&w<g
zXJO_i^@@q2f>Py%u-K~!O$pnoxX^|%@r!X0xYk0lzXG6!OBj*N)?r!*2ItE3_lvxt
zXNvLO`_rMO&qgxIer=((u1yKiB$CFh0|tdOV;~*TH_tHvfA$y3r-r2DBjNtD6I-GA
zorswSZinP7=ON+3aZoBaOZGd_s;p6?5><<4u-U9;&NOiMYEp{hCTsPw(KYr}C#dIb
zO6H8n$=S=Lu4P(kc)`xcN{5H2=gZ>SS<9`=ZTvB;C?Yvi9;&f&l=i_do+4Oc+oMG9
zukT`$Sz>EY`NE@tv7r0~6bb19g_)F)t5&uN^)E}>7_WaY3ijvz>w$G2%hclq2U%(^
z6U7<XSp~?dCIfrb#rCzq68j2g{?f_uy=OW!Bqibo-cJoTn`oGgPhbi;cYKf_$A<#7
zZ7I`1^lMA`EgB<|w?Bnts%0VAQ?$R4pREF~EZ5eyQJKbWhUpJ1i8`XNflo;YWlm|9
zl4DSatTxI?b1a*T5(ZkG@W3B%{C7|=J;Ia{_ngD8Jn(0Ku{XsH0__a_QVXG$jX=v5
zjai3U|9pXn47P?watnGS++6_5f8qh3j6~w$*B_@y&`u3z;A}tkX9j8nnqjWFm3DP4
zG%1Lr;7*=A*;_*kbfJX_#e~TQsv+zKvA-%o$`Tq2DpUi(3CW<IeFLPR6DF98L2MNA
zCh`eOYLdUrDwDqrCQ+D)Th`+p+JU_|S$lHF8HHbaIi=rtp6nvMeF;`aQ`JC!)xHW<
z7k-6G!GK{ml0o3N6D?UB3m|5|!&Xlr!5%;<coby%O|oJXY%oq00!acFaD!YYi%DCq
z)}oJE*v@b5J&3(MZD@fQv@qHjFaj?+j4<D4XG#f0nEF5lYP5ZcYM`EzUEDvAj5W~C
zvKr{Lk{rf)L2o;jfS$x7pPi(My?2#L9HFS>G?@Bb`y-C|ALr?)oSUWWV;Q>$lZY<k
z#HBr(lrY5T&M@A>AiHI<d6W#*9cu<3?0K}Du#I77CA%_{jxtjh^TEBT|6s@q$Wz_A
z>@aUxJXiun<f+E+zZV}PDOI)<5I$i6rnUb%mkLFY@nPYL-CYS3ztqmflAaBL)@l6y
z-4tRYa>W5*q(aukeC*!%FO#^0!?;+s)vE}^AK9V>g_k_^TmA9D8C=(#>S%HPpR`sT
z*5gw$ZiwX&62COR?HT{m!zYQDgl#6luo59Au}*#Yg9NVR7$Ew_f01uz53t4Tze%<t
z7T{mm4yma`N+Tj#u#hfUNH!50YXVK$0?5~}iHKC50#ROIA=hkP18a5>S+*&SprOi4
z-X0BXe4lK(fAR`nxeawjcWw2X$DedxUiISns)~&*JoAh179#J;1Iiv6@#)t50uBsj
z&4M~8XFYHq*#xF1v(Se>hQX{~g-}Q#V7$wHww-tyB##9I;Cwf<K>Ib+wnnnpSa#yn
z?P#V-f+uT4G2PtrI|pqm2)eF!?>*@Cd~`vp@JFtacPV?-k6cyn&x@v&=xgX9jg;Br
z6^$h{rH+gQcHSF1g_+?jTcL|a{kDy`TD&F~f+LGU>3)sS;G}Ob;pX#EyeRyqf;9fZ
z`mQ|LGiux$9A&vaVje}%U=R4fdU=6vXvZmJr!ngF0!HO{X&U&M7qDjxTcYxPR5Zwm
z003qC{2Ur?=ey|G)%R-+?3v?Sen<e26)opyY)H@35;cR;O1SL6#2r-=;YHgOEl=}(
z>+etNq8YEXSY+5(DvOIukmg1E?oQ4<6z%78Z4`)d_T5f<b%bYVm=`VDEz#JgnvA48
zKh;pvDN@^=6ywaKhqggi)p!Dk>B<XQ|BQR%n3V-6<dy!+ekN10t*P~QJ8h<!HEqn^
zm15#zB6~}rZ9cd-tIxJlV|%FzG^tzIRjvz2X_xZ7w*%>HA|y@``p-ux)Mb3J+4vyd
zVH7+iw8Pt22?fy^h`5r>05_7?R(J&2y->;?Vh?%lh+X~){Wp$y*Mpd<LciGjdRut2
z&aG7U*gB(Nsi{1Z)L2l4Yx>-Ykgdm3b9XBGcPm0LFA8<#{Y127QyQ-6xf76cm;5UV
z38o~Ty~cO;CtTB0C&1Y|qUZbkG~P-GhbKvmYP`S^?r%}q3dWBT^t!T#`s`?|izpLw
zJ%(++_=BI7frw7utl;w5*k5&&BA;nCmMTh3db+kiKRSWXc6SsTXY?ea^PxM(WH^i6
z$hkH|@x3FtLt|h8HT}?aG4?yp!5y*#iTxjfr|5R;+bSV3Yi|Ie2TCq+WUo;}ozB5U
zDFIi(T8m6n;|L3iZG7y_9Hx%$4RT#Yr>h4#&bNnq%Ci%Bgh%HcM0lK!HF<)+6e>9p
zwRgsg@-OIwbtl_NCo<(HobV`PNW?H5Jbz&qACgXbx}nZ}BG2i{|M3URm<Fi4{Vc6|
zZx+3~h5`YF?}o5C58>N6T(HU*hgXa;q!%HjSv2oHp6gG3mY<A40}kNPKKtQa2A&{4
z*DoIn-z8zMW2pUbBR1R@EPXaE#Qo4vxge5|z>#oRgFj5nD$1=xd5LLhiK*Q*MO=jj
z#H<RlnvzUe<<1fJ;RPW;^)g0F^A_?5m2`bKE}s`J`^Wry#x+*utxze;NVU@m#c-84
z@FwXOch=flWnC<g&SYq1sXkac2!V5@PtcU)T0bJV84jK1D+L!V(ycZP>!6b5T55&O
z!W-61)$q!f=0pyPZxoS)bhbX#HUrwWIz%!p<TeY}&2a~fwPLFh-#P3CR-WslIClYs
zdxcSzV`4>%LnR)4u^x~uV0YAPP*RkNDcNNg!XM@)YnweIKJeFdu3{UNZu{D+XB6R4
z5*YL1UySQ&sT}{P@HT^^a*S;*n&LU&kVtOvNNr6#%>x&Ql1V^FePTJk7{_^lbbR-6
z2!`Mk>~*82%W0H8BAZ@*LD}E%-w}zv0XukAesX^3@!j5&dIY4SA%8kIi=5olT1#b3
zWU?)3KrOTx(6rqkka|>INj<QKxaAFHjEM!-Tv<m}vaWlWW9N=BS?<xBk_}qrPc!wo
z_ajW*Ks)i+XKxGCl1OWCp&Lt^BA$kzs?`VI2Q6-RSkzv=F!j+Jf**Pr+mkWBw|zb2
zcPNEr<Tf|9AsUjj9t=g#3rToVla@D)lD>P>Z~3s`0{4Sqj`DgLN7JlqT$DmexSvpF
zzKHVj43@&mAz<K?Q6!?2d_TwDqn!~24Df%380khIbbW@v%7=gX1v^`1tOw=INvyib
zEa&spqICAD%houwU4gTQ#8063AH6d*a*SMlb-3@s&^Or;Hv+l8q+;UOKZ+x}W{R%V
zJ!STa_WzF3jRH4mHHD>cDP><-605W3gLAO*^5vRpv)Pz!xeUh~SRkJ2;7_X80+vRn
z4t<B<fi=pndnv?a5QSJ7v!dymR--<FT+76o=1Qg1`<g8o!Wx2WFeX=Kv!sqvXC^k`
zMqcG~idR-hIsE#2A7Vd&abgYl;TM?3I`2|D=J)gB@P)b<id1B*Uww^s((Bv14GcH|
z)k*~}T46X=0Jh;7RguWYaB<5RCYRUR+_0JE$vTHSkjWRcb_gG(a)!0m{F95vCs(X*
z36F|hY4eKcm=kT7>^kSM?^~sTy}>X-UlS^fwu=4E5`u8iW3i0=pI(W+VlqHebMT5p
zUq~D%piW71i=hwQu%zsoT+bsOHLhESx0KHZ0}_(51?2l>zK=2=fhaQmJDND^A%y&k
zB7Nl#N4czB4D=kGGc9PF!=&&FcZjm1d>CC6N8iGse;7R%NAJRh&^<Bqp-75Y3uBvP
z&Pa+1!pe|K_ydnKRzYtxu!Pl7e@s?BcJF|VARaFIft9`J<&#BU{VbZ$cenC*fxy9G
zl)NGALs6T*ReHaF`!J}bj`(D(k9%B>V)um_k3^FAF3@7=)D6V~Hp~vO`)-+8LTU=`
zjqtj$<I{FzC!RirW8?C<Ll!XK-@oIi)&#k-xkZ!M5Rr)o1w*Th`m@<Zl9)s*)))3-
z6P{w^c6!y8*!woL524{37rOn|g6{i|C}0PVnot(M*g0zOz2PAKJkR6LXC>oBmq0jM
zQ|4hY{a=Gp#JUI_-w#GEF(uSL&#+klBX|iP)3A%{T)zBj8zkr@@P&b+`Xxic)ZLO_
zSKYJkc#=n(0%xo1s9qn<KR%0jw_j2v8|2pL(WR4BF+N*;f`gvof|xYro~TmBnXF)5
zQ7~6M_7~CiwIs15nT!GUP_WQ@FIDQQZ+bgie9*NnaMPPEmojLw52|b*`F^7o#I0B3
zk5_%&1~^a1(=q0`@)k1&v<DY3>s*v9f7?C7ZD3b?qVcB=-C5G;n>If9T2ZK{vJ>wL
zcX+^&G=#c^PZ=5oY{XiBMA9y%uE>&R%=pz8BZjV`r3AiMEAeSwb=%+)j&PjY<~m?Z
zsbIP|<QUyUC|`w~UO*c8dM*$QY`tYk6<x{Z7b19|f8E45D7jDix{kAlU_LZj^JW5Z
ztKq_Fiio288A%Bl8K85xJ-|hbdK{_e=LGm~NNc}JN<8&7M-zTzU%GUVBO}6>#0z-l
zQKE#)Dm>Ir$s5&b<oepnbTv#}`>CA+K<ViFZxyoW2<4O`FPbEf-(~dwc6JZ-a5Ch#
z=~NfyS(y@CEQ(vxM$izHD(Uy?|B9taf|e;Enk=@__>b}%#E1G@7<<T-`;>zZnpA_<
z9Mu=^i?<3<#uWW*lhzzpNE|J+_~9~G^3?#cp}6*lj;I9_H1Lfi%+UfhW4jI;=P`|i
zN!TG?zHVXrBTOfU6mf5<5U<9DYH@`8OnW}zq`SN2Oq=MT_sk&f?YpA=FQ-u+Z{_xp
z)fyKx!z*%bymv)0eTzL#JSqR_wbsP>=QQgtHynzOPqrp1{neEnvROa5I3%x={~NYB
z%?}i)brhw#*FfM9&{dlmxbfrOnm?Q8mjcr-4|HzTEI)!jLNBx%joGl<a>Oc<J9rW7
ziNq;RrOV=dy3H+$88E`uizW9egg+Td2ZHI1bwu08#K_PQ`lG~1&Dhe%=JRJ&y5V~&
zjdiwNlCF$ZKO2gE*8G;klOV{IL~I|iMuARPV#lG*ua31D8R0l-xR*eIP9a0V{nSp|
z`%m~XBK4KBZFIETmc?+>g!@Tah6E%Nm*BsSA$*PTIgDdypOH05!Ky6t^-3AwTQoMh
zt$SDcvVcYDZ^Oy`R4oV8$)=(BSSj5a)h}L0Oz`hjVSnmAH{(9rx=y7hwk$J!=FB|J
zdXI3nx|+3;{`9y0Ss;6^QTg|xtM$y<P)oR53e{>+7;|0T?HHSIm?aEa-JwXOB}l%g
zG*l}ismUYP)-$r)&mBk3FHNk4KMEz*@<|2u+g^|HVz~54$!HRDbZbTKUl-xOE`c`#
z3s@KQIGJy{j`!~VQw))gS!WEE%Emmo&n|~&0%Okt@0q$7d*M%F(L*Wo0D@v|aWX?5
z!(Err)y;XpX)&ug5j71(grf%jUfEj|+xzI(K5^F6de5R#-Fy_C?+N}I$fK)ztO&a1
z5>s2LLL;dp-0Rj9x#KdBZh|wvm>_>;QFgjN*938zNlw*4*^iE`=5)tpX0b*vStnl+
zOtUeX+y2nov1zmnuLpYX_w*naYi84NW|(=_`3wo~eB)+wPhPzy%A91E{ozH1v^Iym
zJW7aGxLJ?DYp$vI?D-u$ME4n>30?MD52#wDxz|fA;{TjpG}o2JUM<>^xh=Kfmnxge
znIY+{-0I+*PGqSU<G}u+*5>TMVfbNF&g*WD{%<0=AS_)3A+x`rHNWMPZjc&JAA4k!
zeuhX3OQ_^tb`^tf@D3j86Q>WQq{ue9lP{y>{Hb@J`nL4k$`Kl&AEO(08~Nm8D=5wx
zXjwG@%*>*d?1$?B(prW?O57~*2_JX{vVrG23rcS{5erJ0bmNLv-Ipo|Pjq(6=IIUp
zr3C|x^%;oT#?bapDxZ=2Uh`+dZ!Knw$aGr0q(Hles9KZtq-;inhAVvky=sx|4Z`>#
zb)O)TK+1xVE=QkgEv0`wbIy!2Kl%`VmTryw1DVVd!ZMee`9Gh&%qKPX`w7akY({{y
zKR?(!cm8)%4po+`X!BO21HnIP<AWh01Z#g{F8k>jJ--Gckwq>&wkizp$l;Lxn_$Zg
zG>O6e*U1a)_@sHyItPe>mOYuyf%nxrS)2ke?xjm8ZEa`!Ase+yv6G8Pmo!&4ukped
z9gvT1y4_5HrUtw=SuGQkK>ha+?f|U6LjI1jrQMSNlm(apdb?1c{EsIAOjsy9^sxyC
z*Pn%-KXYrgF_ODzND$8srP6iNk?UwvQI2N_ph<mDQA($uD6dIVNKbA#)ycfXF&&6A
zYuag2NWW|`$|N6cjj|NEe?whj??*EfG1DNm+4kIOb><2^oC1De8a~hrC^=crJpXJN
zdjO~4`H|ba&xX$}5&=^DF_wK=4?v@xzyHuHp;Ii&P#~o&w9_~a>SR4jY?v{UPUs92
z%$nCB>L?XhYELu<ZAxnXTxlFRnW~OJ=%$M=0O-m58SE%V$}A=PGkI%#fi<Y(UrVNq
zh0eifCLWkX*83jaz<Bulr`m<wnHhXyR8Cd}gc(LVmM8>*)Ki$eBWT3y1|Hq04o}w9
zal30k4t9Y0=1jE6iF~1#I*oUt7s>mz6trxHxU=)F#2LF%lWJ!i@Rbs3@3q9eoQ@cF
zr%c_$8cScRX?*8_N=}Q3X?16giTxsZpSEORXU^1Z9cSA%;@O)~k<mryo6p~r(v@}3
zBH)Vo<O5ohy&OGHWi99>&H6p46Nq7yW;DZt>HM}RpSQpfhLU0;YN>)|_%nV*<{<8D
zGybPWcENpvZ&FiF2X4dEpbqe5TyWKgJNL>-xMx%|eY>`~U#0vcZ*h4LpT2c*0@A5@
zi*1_kVAqIrYVB9R3H4$6oW9fkkdyGC6NN=MOVY0V4Bwy*=gW9iyE=*vZG~=(t`JqH
zFj~Xi7vVQdnHlJC_p83QjzJwyc!@oCH59vQgFrpyp@d+AUZbaNA}WBE1(0M~N^&Nb
z7SO3C75H6C^s<5!B92j9HfZ{OtH%FHQAeGsh=(zSmQ$@mbGiB?IYUzpNK(Ud*P(;i
z6xe|cgqu==>0~Dky~O1kN7K{KFa=Z-_+8dD?)TvLS&uAz5L=|<HarR<X>}P@Q9}cz
zD%H`os+#iHeAo^DTK#X~xhn@qtCu%#Fwodyy<JV~Pq-$qt80stv<;QDZsH2Bv!i{K
zS|j8yITUmVM1+k1G3#=EwhO~cGW;Y*52s*7&6ze5Zz;g{{C<AIA;F`>ns(_|w-{HQ
z0LV%xBy&yx07hkgzSy_|fe_5KHTH<8?z&_JBYMQ|N`Yy@Gin=+p|Aql(vK$e-p6T^
zdQOs_VY^j<L4_$lmeAU&8@;%l=?$N?jt_bpLAFxn{DrJJ-BUV)y83lf)61wQRrM!l
zozXMSSqrTu1cp;QOE`HhA&;jn81CmLSqDq#M$6i+9D0y|u6if<t=Tj7KaiC`xCK2v
zxNPQ*%agrMv4I>YpE)lZs>&kOu>xBoj$*J$i(MCyKwlt%@Z{D6Q=5h4POb0&2b^dU
z4a`M%VNoD5yn}{s+dmPu$cx$W9LnNdwUB?O%s-FIf}%498tj<Yc`LhP{0+4pvMRSc
zw$Sa>t3TnevP#RIk<`=E#?a65rhH7cPIkE_Hy%y9elR!cD?(%86bK<w{d@NM{nKif
zqVG{wtzgNXv|^L|`w203qrDBOiH#C(F(-zej#3Klzul@}5pp+OPV_b#vt1P>29;~d
zXuS>BoXxbhG$zmb#Vq;^Kn92O?rU3`gC(oJm5egaX}F!}P|G`KqO-ppiBEknN-WR1
zKWb*a)?kF1B6D=phSlWvzAv*h&P^Yr8b05K2^mUP_QD(|@o9M9PQUjtYPZZ+Pa7)h
zTr&hRSMiFN7T?$aJ({$5bq#5AU)5HR-LwI+P1iQmoZ^FoV81PF^<Rc_9!qL{L{gW&
zz*K4&#DSKwI)h$Y(ChljIL+8N&AZ-Vgrh7WMQ24_l!9f(;`q`!0)4Y2Bc&bLS5=;J
z>a4|A*TWdcw>}<`CiK8&ZCAB*xso>Ble4z088_b3ib9vA>t#)<Ayv<og(nYQaBj@h
zZvs#rZ^6_WF9N&UC9!W295qunT%|)~`MCqP1eQC>)Wy!qye3XH15Cg1wZDMy5aF;~
zUp)cKy-$6@j9+o&k1AadC9mk&D5LT8gf3{b-Q=vbH6pfEdWeu?M+Ino=E<cqlwH>j
zFm=Owa6IxbmItFU4rCWPtDKeckPdUznMIo_J6b>v%p+*O;SNfAT3v7a2eQSib`%7I
z)X0Ziy+J?AX6=N7Hq{EAFDPy|Wg%*=o<<)|!*@GO?=_l^mI5PriAY+Xf`NaN7=3uu
zGMV4Tg1@~F03saku&FmKvxP0vja(`DgPEvA(adGPfQK=*B5X2;uL7iL2w!mzw8o-4
z8bcL4k$LN^33>Z~2P5ZH%jj+e=Y+x=gym$$_b6iLanUyGA{wosI34!cZ5I?n56x8S
zSBi5UH=Up&Z%rl<z!0EUAYUh^*5FmI?@#C1f#bn}qd%j6j1xUJuv4ca<#JE2JVpEg
z?b}6?9{;LzOSwz73XlBr=_}dT9ph<cdkm9#&U99hFKF|nV9NUiLEyqT3oB_V;+^Ls
z+{u?MJtgrCH2UJ33?Z^Fg;VP<fRuaIisc1jM@ik&jR+?sTzYt$GpN45&}SpnV{!U#
z1W%M>uHgil-T^g-0gG`r@CZ2Y1!Vt%K$P&<mD@>VfX|iw`8x6|kJmvUQ+UnGFf<v|
zK;(R#!C{GBba+51{Ob72*!au49{+ErI~=mk*CS%^mQZ<$=r`0aMDcolKEE&TNg7+#
zcyeA&eee%>rg$#!NjLaS7I8dMV~=VUp8gpMKlS5Vp5H7Y7UhY^=U-dznG|%orp9_|
zh^@hiBQ!>jNW840_AQdZpxH)BtnX3fjw|9=J`ezH1Zc?U|63#2=b8v;$!u$lLBEYj
z=aSPeq8dbox=<|3$8((T`gUu5+={n51GR4Gy*qHnJ9F=J<mmmj4OYRh_OCJGhfxcE
zfEXC+<cd|{d;3L2OU!*Qkf6_$hcEWQS|w`Kd6;<w`p)IxVT7Qc<()Tg&B8ZWj(_*!
z)5+$^bP<P{U!qZ!Vwjba>5P<hlw{Iyj@ty}SPmd|qXNSfGSps~C|;RZ7ki+S;k0Mk
z@1@>b!E6@wq`Ihkg;xSG=>KSX`=yxF5GcgjtZEH@sR%33c(*Egw$5&kbH`P+?iHpa
zDFZN-EA^VBfDIB!dU8_0uZld))LHAVu2WGirnOTmY{JKE<x?S+pl3^;(L}Mo2}6cf
z%_k@+3oKlWbC|3`ZdLmL;R%47Nsg0APB)pr&$ef|*k~WGz{@K@IoWn5u?sH=fu=_w
zlk72Hl?&m+ax2qZ(iqRSG-XGI-Qp^B)(na6NoJNDcFGjgPQe@w<%||an!qwS&Zn{*
zauptG=$^3z&_Dvqrv)xij~k3%Kk>*u;r|d_@t1-Nn3)H?7Mp%DfQZ-Yr+4eTub+J7
z(Y<oML+!kijz8$5>mz(>#VT*-l%_azcqrO2lK#}vJ%smZ>S)1ei9-4lSKYC|XTe*e
z#z~qAA#JqdGB!!MgMoQaYcT+-66*y%K&ec%!lIFGZZ<(%mrr(tOV+`!^>Gk>eQ3%q
zisz6)l<l2@^m&Cm%zXw&cn9Z+L2Zx~^u>I?U4woaB|V1(vJ(gpc>PN99{F6<6w8D3
z$F2shQst*hEljEFFis!GlGoc;Fs`+07LaS|KLOQ{%rEV6S26e8IhRh|z!4MnZ&Hgl
z6WG8@+ZfF&jqR*vrR$wsBW5vaQh79uHs#SssE{-1&Pci|CF4S4jWj{LKN_n=Yl1Rn
zE>StjiXh910Qrg63N=H4Go`8&?W7bBwwNi=aJe;^DoPSs>C>t<MX9P$8|Dr?&s^aS
zm8ksS756yEoLf`3ltt0f#*FwkuC<;;*6@R}F`8Q(+f~j=*EzaI%0kwl66Xk^xI>G#
zY>$;xgxw-0FJHc9iSG!IeWPUkbOWk8DqJc$0z^%t|MyZuIh0?ysvEYHv=V~V!o#A|
zNE_|A<yQu@sxv8dj4GQDVa`AQiq||X$3g%yP*nm>cJfaQaU1mW@?Pqfny?TYu?m(H
zu@J}@Br3}pP}C4A^P+O^CSZlz)K6tx*L2%vc-UE<$*u2n$Y(@L8_z_A(;}3t_aMPR
zc9&h2c>a>+Zj0tFHVXR9z4@x|EMX*>**NRl-#Oc}`vX0Uh%eVva5Caq^^%>4cQ~JX
zrT3}>0=|fJezf5CcZ_MvsE(y*mUSmB9_&1uwlsTHR4^bfSD<d4!0H{h#BH6>m+=sb
zsx`mkB2Y1p?XFTL`|JET5CG^yH(6$Wo6HcfW!m8p7_%lZNoVOWX=rXcV{>EuGlCuQ
zY-ilTg4D?pL(c+56xqmzP5)843`n(LD>-Vq+X;GsCX8w1z&E$VX4|s1d|+cA2%_{T
zXYJ^^Xja)yTEqnJs*{cDxe(j5>2^LpUf()Y<tcY)jb-d=!L}SS-mCfZ>4HNGw@x_b
zRY}_=lTY~dj*-SY785!av&rr6(5mC*l25X>PP}M47R`&w?TWO@E<DQNt8dhf(hb$r
z1D*H9CMf}18G@zIh5<{nd>g#?_UM@oQ4hL{W;ft1f`}%TZx3A(D-Lmg@It-aX>dKL
z;A&*2@b|;)5iRu7&AEv>ey+HM?cmIPo#|qs&CsFn@k)~~{%51M)gja317Y9S_{Li&
zF@^VNeRy2e>#tuig`Y9`v)VFNJH}OoBg%a&T-=peo^f+W*!kI>@or}R5>=y`>F<f;
zd#A=1vH(!i$m==qsjXO%Bjo6<^8M+|r-nZ!ag19E?uB^6*LbEA+ecv2KtwE(ejmem
zpq}u6WVHo1!=hKx3kwQEe+Z4C=T@ce{=o7Ku15c&N68iO9)v%4U*EX#8+}O*qp_1c
zqT9SfuEa^#&vwM=*I&Ka=O25neeQk2yW5Q1a$9%Q4}}CXHpzU-<XkCBg2XWa&)4R)
z&=3v#JF83b!5ON^)ZmbG19TUsKZn1>$GSJ$TdpPxhk%FWbK__Af-_(tQB`}L+{Asr
zs!omwjRc{Y>$k3D1!z23TC2>UkLE-7Z+<3wD1z%KW@h0I(_k4?yuJw;)FGc0Y_o|_
zKBQ|%WJV^|(|)Jk<;iOz<768^J$d2^u9+lN?T?9g1talPVD7*aleBP{u3<6=t-YTP
z095Luvy{NaXbfJ&05NDU7*Zr!C@q92t%KYp&E!c<=h|Pb#zLp|sB<vPAa%K9)jacz
zg3u%l#e~C1IT2v(FHQ99c$UxLz&CiH4N{vLGv2xFPYtSut&Lvw=PS-ZHFqHzv)iAx
zY}nVot?%CoHBHr@Q{AEG{*{N(&RKP{c@L{mdu26hB6yyLIX4fq9kbyLd6U7WdVex(
zB3SmP$VB<5$g~|E)JG`xBUx#hYRZS8cVut^nu6-jxqK5GBwn4pnh3J|fDMmH2IHBw
zp-11Lnh|>4&DT+V{F?}7r_I;n=sP*Pj!wxw01CjnyeD|ko2pkmKPS$c?+|p_rytu@
z+92EJ{be_KdsM=$c>Q(NHd&87j$Rzbqyu)R4Ysd;g9Ao(q2hr1iE^X6B?$^pGwI(O
zgC~-dpWD|#|C&ud8LDTM-3ouJRBZ;(f<`y|JIMoD_(!hgE~K0*wL^Oadx|x;R?nYl
z#(9Iarw;gr9qwuu9vT*kHR5R)QfbZat5T-V5|rHbbh_q(PQ8-d&9+lth*){o1%mb%
zPAB{b%_h$D8?owp8c<n{<V(1liKg~iJ1H09ryb=>(xx4)H3ir4tVWMo7#CQw9zwN>
zZh95QUHCDq(xyU1=%4UoKw8(_gh-7tx5l~2VSaoIEVIfY^yt1)sWRBCtdTd|OMpF}
zXc29wHLZGQYWcSt?tdD6^S-tvann~v>!90p@*D0dB=&3WqBpUXJG@b!Xls!upXmGx
z6u1o%$n&#~-S;m*J=@$&6`Zt;?{X3^SrZvDDcRT1FDE%+BiL5j>^TBPEz%ag>J@)T
zzr0-~QVP10w6L>1tcbc<s2;8|zcUy<>IU9F^YIdH0XN!c888H(ZHT7ojn|1lN&YA{
zNQbMlPx8WV0)Qrto3p>kqL2T_(p3huwKVP90&Rkn;2PYW;toNA7k5f2?oixm8lWu@
z+`YKF+a<KPON+a^7m9u9{oX&>bLM3Ctj^4yoo9wF;@yGh*sCLMB-+`VCtoj)`v{%`
zZkW@hxR}v0Jt~TJwOY1KUrQIT?~!Sic(g8WND5B;1afrPp3_`6gY<WyFCcuq93PUa
zmG9jxv%okf1d^?90HY~3(9;Ir*V!8=FV$QnnR1E-s~6Okja_BGfypQFsYh>urN^ma
zQjbnPDyyTULfr$7kM!>EkYUGQC0u}%xW=2%T3rXOlDu_gxX5GjZv0qmmRnHf&3uR;
z`>-IdW^Z<JID9qygG$XUSs(Ru&G!sLT;LQHenwH&R>Ig>l+9s)BUri&Kk4@s2C5Pz
z;qdx!%WZdTKRJMp91X4YraR@uXP(X2cC{b&9}EfoE<`4u`=;+VLE*;H0G88OLM*e@
zk)4~X3zBmYK^?SJPNfck9=ZjtnEa8ul$bkS)YvU0@-01NmJsRf{(1i8lp-3qMWq5a
zmSW-$;=ntubi8GM2ltj_azq(bbzY^!+!_Rih}@(qC$WWHZd4D}Yy2_10IoeSqr(@|
zZ2F3AI&aC6x$1kojE7^G;oR9VsbjGPCfxlI|5&)1FAyM;m_KlmR}H)Gg*NQY6Ce|r
z(RY52eHh+Jxl!FJ4chLTx;C%m!wP(*ZFH+z5J+TtOu9YzJFi`6CqTLXDq*$!Qan5W
zAz!CEDK&9pUA!UdZ1TXmc2oop8LLH2)1)!$r{?^7_b`#pyNSN8*12K8G)DcSd1Hg)
zw-s#&_u2~kn0x=utav)JzI(6=J<?G>_;O(9CaU&3W8#>bSIW_pe87FbHsoAe#Q$Z9
zV2vjyOQyfFFuQnq(nIaN7K6hEv9Eje4~gH#f$8_bx0FiHD3}$jpv6bt*W7okYrJ>R
zuh6B6M_oS!pAE8Z-vdMSTS_4oTY}I~wcLgzuGm{je{p(`Kn3fpo|!Sg&=092613=S
zykjZ)7~6Pv$-XaRsO9Nm#kW_tpJqq?k~4|7$V8A<Fx^tJ&-klg?3HS_Y=o6$AJZIM
zVGcD7BFC7p2bp3(eCHxeRs=~X=cz}r`$kKC){=cMR8V;$9g$?YikBBkf@_+Mhc-1k
z@XtG_{mcEiNG*gf+hX_Pi935kUPZER*wF<Q#8c%lI{+~-_S6-CAWj@5n&TeWG3b!U
z5s0U#k4`#&QDIojm~G*HFj`jNxid4^dSUOhWcI`Gx4u*PU0EXvXVI?F(q#m)mn~tT
zCyQCskoY~eb2IdMSz`u>;uV4c>NkfXW>Wv%IQy#4o}!LzJ=L<a#F_7}GGdG!2My}L
zXU{kO<hC@_GkRUZ5mmXL<SLFP@x>}-`jmEAJRH7&Lmy4whjaeY66>`S{o^3&=$kx$
zrp^UU{IFLY%GqFH#0B2?AytqxA3IdIVaElYaKYqFN&Yx7lQeIh{FDOaU~xGW$zg=g
z&vV5eD5Iq#S_MrN+PbpK1WW<fxSqpCOnFO$>4-0a;Agbe;%2O;WsWr;QiYNNut$WF
z7VEc555V?^n^SLV<EeiVj&p^l$dP4!musOs4;9MZNCXW9J=lK^6-cEe{%L|+Q@yQ#
zx{(SsFt~6>U39?>&P5c$2LlkgDUv6EKjIND>f;L|+-kFz0}#iFs@d_h0-^oB>4+Xd
z)5#r6MG{SsAC(sQrpcEgR-z;u<C@dC^i4T5C=`nNs;eMF)AhSla6DKvOvD2PLYa#{
zEMA?~94zTc;vPUesDl?WL@`5|=QMX47{nYC;|`1WCeI30!jC>Nh*7nAED}5gWLZLw
z{s9Z1dCVFy&(+XN_Z9vFo-mC&Oc^%WPql<HJ@K&&APiAj!^eY{L69NFh5<kPb>VuG
zxZ#bTGR~%g<mI9}oM(S1_HS%j#{P&6vujb0FXkd@*%|1E+B_574qUUsug?Pzhh+pc
z-_8zl8?D*%Rm|Ev16WO7|KuYcj`E>3;GAx>2sIgtTNDlQIN0{<{qV8B+{JK=s@e0N
zQ(WW{|Bc4GsB$&4H53OM4o1v!8*eK%i$D?W!cb)=f($zfOZ?O35{7R;0#_ruaE5ma
zH1ydUO;q5jc*MBI#zkh%+R<CIQQ}{2bVkV~6kUMVwfqRSygW5B(?VxQ8@*0#J*a`<
z-)m}14OEObaNW?}>)-ER)}5PRfWhp$sB36ltqKviN^inS;fK2QR(q)^UFrU5yD@0I
zlb;>;=lDcX*sHM$?thNTXe^js%uJt+y=)yWo}Eje{GE%ymE4@0`cZy=ZvhsN`ni?4
zTWP)3Gv<*&lBgiJYptgcSV7-b$8{p-EyS+>d+N-M+H_m#zPDU8y)bWx5OsZM-pX%V
zfRJSOOl3YZuKTdc24<Eoh-E$#tGhkM5tW?H84~{@p*HZv*fVmabjWzQV|b9>*wYbJ
zzT!UE5}tp&;8DL&h<XsHIsjSlM0fnPg=`d*TRvYVe;*-2dqF=RbT;BW>n>1a<-^=1
zBt?gUG_Xmni{0u5eV-_Gy10M+pmumiKB?>3bf1*KtXvR-CzZPA@;=Dd@K1WPGPz&H
zTHbN^PBIkbnTyg>O1w*aKPdI8`0n4j{nOC8pfd}fpuPo%O>DC+)4us5(bd89BZ>Xa
zDRSTGz*^MbtoDoVY!Zh2rURikSMj&ScW$>)dB;`GzhY}lq3^B`<UwXV(4{y0;Z1*D
zfpxw5ePUS}L})BSKjU#T9gg!_hrhDfTQ%XP8nyHIkc4v69JjxDbASAPpf>)c*Y0eS
zY_g60aN@TX9VLOZm=*E;$0o3-^OqL@)vEk8&DXN78MKO*A6JECd4@2%Ut@H?4hA50
zybrBU&X1>K{fk20rHTKBNV_r{LSk$~-zC99C{ZS=Vz&JTL!b;n+TvPmXiKK(^LR1a
z-Nq!^ejeJCHtoL1Onlg_bC`5LCLS7WLCo{MRy&*zWdmy6O!l0sL_KTZ<ZZp4SM4kp
z7_W^KCgL3S4iTJJhYw3@^JwoH3d!-a!a+lY-?_z91mFkI^y^DQc;+!>3b0W?i$RUf
z=LqtHeD6%}y&El3cimd)anDRRO*dw@Ek?H{HGr<o*0wc^)~74vS$CwVDAVyIo<UPY
znEwGO3>S+OB)(X%vCIYR9>2%_7(+z&0-gHs=h?9{cr-}<11!fZ2=$6(ISY(M#$Q9~
zuNEuvo=}z32nu@_6P%ZZp$Z^A{uzsMqefHvHEidA3>Jzl(~gUdMFx}91I%Yy0Gji$
zIXPB^|6K;pS8RmvZ2w_tB7t@NQ~|74fG#yb*!>QnG%XQfLlmU23MTa5UI#Z$O^APo
zxyb#T-vPW*K>Ugmnqu-0jY=BXzXSZN8%7Ae(DD%W-UM`)Vf@#5&g`piJ3n@1s!h0Y
zh0?N^#?Z1Ht=P7~X~g9FrU=nsa5nNVXG=g9ANo=tjn62^qZR@R$U;E_USGC{<o#6G
zGrgn&|F{MK-i~aAuC_(t!;bX;qO1VH+hJJwHMx<?dq4&T4#56oLeo7O@o)btR0JSP
zz#@ti_j}i%6AIB#!JwmMm%|2R9Zj6sM!&Ktqoggae6H#Fl(NpY8x$CSXc^ieI(T9Q
zSl0iz8~CK~3_}f&b~H0#S@ldtPXGrog57<G!HDiA32HaffQ)~~d{$Y~gjIEG1LD{f
z?p?-NF0;tt*(SI9xZ2GGl*u51F=4{^+lXM7UgXY>)&NOfT7ypgK4gdJ^NF{zPb1he
zP6W@#B*CMB_^_|f{x_;>zxQleHiNh_2+*ybqpYq=)PqoQ726HHKAcN}<F9$qx6nvo
z=P2AlJjijr$f8FQ?Rk5F`6Y4KJ8W5vUoT<2*fN~iTLvRAtH(O&-8s6Bw)!`H80N!?
zjvsSYh(}4CLUWQ}t6{k4U%&$OD}x}06p--mgZ||rdY+EFutQGlZXE)c`kiO}5;yJV
zpJdNb9X2e>cYR>cW){w;kEo;3u|Z81QIVFMHq@EIK--<?;@lWWZWmhy9-POD56eLl
zeU3{C@(5P>)EPyqXz>?s6w?dRIX6Ub7jNCbsL|~(z|3=PUtfCYfO<{(IMXL>j72Q!
ziD1f@urHDySqkFAj2B2@bxi0^xVyGYesMEOJuyz$-M$2{hnF6QqBOL^xilb@aeD~O
ziVU~~ci&ZVz>Szv3q*NNJrW5!R$D+p8$^pYdOl%y^I~-KJ}K-lpqt|E?|v9Z`P}8i
zA!y=5zr}L<`JNhZPO@J9L-H0tgdYAt+y55<-*)M|F9VJb<^2_ag?_dm;!r~b(<em7
z3ZyAsR+rrYW6LPgqQOjGdOC_0(^vb8;asCg6Ob3^vEd$Y$~cgTH!u2M*aavcP_ZvL
z+(TGu*p1l4l^5MaD-)Y@v$9>*>%$o>Sc>XBpt6}1#{L+E#7qTIO5|^xqRMS`ap-S~
zr?o|b<o-yH!~X;CY|^2?J1$<Q5QO{TQg*n<B2lkNPqsg8_0eYe4?O^k2>l^|=JQeh
zT68A1i~|8IrbiU^>HrXVkZ(S%9+p!9><;M>^#dn?E_LhvpRLh{dr}IQ_mHL2qpuVj
zo<>RKZeX@}A0}i@BX)g)QfPNetYzLjDL65pGa`0bf>8au<%Bck#fyGH3X`S=Z1bW&
z(*roO0-SGUd8%Ua=C~xWjy@xz;k^2sBW=Wyi$4q_{sZj{-b%;ZhlaU$@u5ek0{p-e
z6IY*S6M}L-q6jK#fKloRxBbuXcNu9I|Ml2+${EeW;#WJFl-wg>C5Al1+2avdEoDbZ
znU20X(2G3mZWaM7g<BybI$Bac9q7F#8f><d9J7cAU5NDgjkN10S|8!%=Q7zU`>T5@
zL7+vJ&1U2>r$nhm4bQfp{l|YZk+;4Tpz0uWldF$3l^tQhTBNWACiEi2zA&n|cMyLZ
z0u*IM4X`X+n0Ltw>_%^(|BImrdDqViMvLBaZ5+UZ;n_p^k-_d4#<ahe2_?sOQV=73
zq%d9-wYO^m4D6n<5apugqfsm`H6Nu4%ds>cRTEprlo>!~r2oW}`Pb?{IWT}kG)qj1
zEx3W_-JZ$d3>onR;qDZIT}IT(Xi|>r=#_2Da(}-K%keNrgH85%CJ0y3^AuEs{o8>p
zGlzVE4(#)cl;EOm-nIn5%m3miKA7}{Zir^6e1NZJ#H0A-zGW)%829?z`?N&#yy!K0
zat3xc<C8*7s2ZR&f4?}vUK(_R2>W(N3gg0-Da1uLC52t+0jya8*0-|b1=SnO*Oi{7
zh$Li61cwmI`SC`3xgKDY9dLXn9nwfnbz%YN6rd$dFSW2OMf^M4NM3ks0q{!&-Dj0<
zSeL@zMZ*40GrlH`Gz6xdXhz@%_`A=rcb}hZgY;(ueX<WXh3rII3wY7#3DN2ADXtPg
z!-`Y9oFgGLm91glAF#WP!f2LW!Wyu<&DqiOW(wwPpH%7^Lc!o`m6OJzy;-)%mTM!L
zl-lfzS|eKFa+=-EdWgnv6&y5N9&}?>fOFwqb6O!i&!Y-X=qn!d1vP+u=D6kt98S~Q
z0|KA`e$qS-aKr$!hcNRNKt>Z6wYX*mDnggCDPuBKC2}`rfnhl*;j}E<E4Jw<xEl~`
z$UH1oFe4yGZ3#H$LuZu)E!qGY4QK(QIzlY3A84A*X5G>|*fT2g-nE9%EY=beiud~(
zR)8EeLGZif!aE4sD_-<5Re*i|L2+Cqef2R3xizXNkfU@pi)r7z2T%s1f$}f#kV+|~
za>Kdx)y^m-t&b^ZU)5bz`CRCd-AgNGmCR|)a|T%rJ<dL>2MUQ~(6nU9##H=v=A^d(
zhsbwOJJIkMRsf9;drCHm0j)tHjlni<w{bUuD?HzOC2RUDif4P@*$~SbyuO2>2S{QC
zynbE|vJ5IQpEVE5QK){_eIGAsoiU9^dXpGd-Gklzk_lb7VB<^)C=)Dz_1_e`IZQxA
ztM9oI54dUnsYt_E`9tuh<DGX$Pi;KC`W~s*SK8eQYZ;d(g_D=*AP%Vli#b*_*rvBY
zf+!LcX#>Cyq#+#x4c9_W=RE(aDMe)62&uU?f+CN6OpD6!XUm2lKltCerxehT#`W27
z?v{7^CeWtXLr!lJ5dKBqjm8aoaG|6yGA49R^#fZEBZ!7%v=Nr5L)hnMGLv@Th&KnW
zK^YqyKAitQpmyEId{9f~s_dU`NBpuHOt`WdsP*Xq{CE-h>W&NzcH_-oE<Omde2os2
z{QH|%0n+I}qCkRVgV<h|!fYM>N0A6EWD0xlUg*0=&7imMLf_THax9(M(U-a=dA3Pq
zPs@NZd3>Vw*%NpvsBSB^!0vWoLN^}WHSkt|xXO(Dm7CZAN*hmG8&BaeloF&QfTfP=
zHNEP#Gv2v@QX9{9&m>ymGV5-`Cxs?Pbf>ZX&teXe+{J}!tskD^>3Y$|d2Ku+h1r+5
zU3D1=N(#y7!tU-y_h&g5t1b^2_t4Qc%IruzGjg4D;n}h`(hH>ksqkuu@g1A&5aY~8
zJ$cG(aB@e`2faS}3E;2PfVZ}HR69E$J=;4LTfU3C#hV)=**2Z9>jSzM^^C7Q;5NH}
z!^eg&n?7I1RubMEaAvNBZ5U;`_Pz)lrEK=jW{ixxy_OBXxT8c{)V!ixFMgsAt(0Hf
z(z0T9&z{Q7wy>R=cK^)(q_FfgWjsl&i2gdm_wGajr%vm3?mCKY*=C_@NuzJ9tB6eM
zjQ*TR`LUBVI<8HJD73#czLd>G594P=E-gz`*-)rYR7)Z+Eq&1INQ~y7TBa}9s^z)n
zD&z#)J)j`_b=eeL*_)Cti9A;>Jm$^$VOu?*z8rp$q^L2J+7#A%CE^RL6OYPHGXPF0
z;aR7@5mw(VH~#}<QjG_F;yK&#xD;cqM2I@D1j2w*;@@e82i!#wnelMe#5bnkFRqK?
z-x*YIe8IFkp29AhiYf1JQ+QC4+mU?zaUFhWnRg*do?(OhzG;E{ej{X0{2ssX$rl_b
zkH*K&*Y$}Ya&wZrK3B#!Iy1&Fm0;{3CHO7$-+wnATQZm__4|^(=xuyDx8JLs>An!X
zj?mLa+%ZRFR~fk}b-WR$XF2gNUmNuWH-&~3^gYzcgy)yW|2t?qPW)nSzTl2Q#QGU?
zDb`1MnMTjOpA3DsT)X}LGD1?Pl|C}iP%Kf!{<NZI)A5Nz*s)6`Lo1e3*(b*$GiNTq
z0OXxvOvS8HS&IsZhsitld3o?yXp5zw{-1A%brR1}8G_hBK4xv(1yDlM1gmdhZ)t>R
zP<wH@jeWb960}C86-BC55yj`;Lz&76YtxTefv<=D5>tjmUzq(Ii6)wr4q-DKo1P8O
z>J+}esYQe*M};4kEb|GxR_}BzRQROh88EjIFFCi|5uW^`z~~isn?Le{&)j(YGMXS;
z_PO1o2H4c={!cKaX)nkp22_SRptUsiRSue`c9Vxru(tw#-06EvH`C?b?0-e5>wBOM
zTcvp~z9NA79>Epeig-rJFXujFZqpM~?w^_@8V#AvXkM32&tH}zdi6auFde|Yx_u#K
zqGNVHjdT*HZ>j*bi6ReL&hoS>&DCuEf~WO~#$%QHKFGqnsy!AjwU<^kd#%4brrQfI
znqHV{&+Nrn3D~B?9L3a!Nbt0)_Jm#4!ufcQtb8@2N*17+b#F>nrk4m3gzoAyP?1sh
zeK@tD|HkM%#qi3iEeWsvTa(l7k`Y_6Z?j*_Y!vteDT^xA{buVa$a12;So)?A@%GzH
zqs|l0nRJwMp{=Jxzu;A5Wb(yp&w%WbAzrT3UT*alNmDrwRF-W)y`sJTe4hE1gS?%I
zB^%a-ukdSoNpV{$WxFcN2v_Xbet4&?v|eh*RO}l{wjYpye+R{)vwhHpuBA^x8q!5e
zm#4RQnS?y+I|i~u6OLPvQ)VznZNn92Z;t>E=>9<v6#7d{Yb8=lv~X!c#&d4tb=SeH
z9~49QI2g1Z`m;@@5yvJ_(LgIz4exo=C&!l8<!JRhD$w^y{NBPUecc@0!GgcGxxwDG
zIw9=Yy&Qx1^N+6vjUO|xT}hs1-1g1LR_zymX>N65yG9(NR)(2I8|u;1@-MgFDAEY^
zZt-vF7s7&|9Oa+?2(in)Xx_l}pbUH`E}?kwqIraj8@+k^e8=RID{T*cZu=fXr(zu?
z+4M!d(6^Sc4xPurH%VxpUM${4=c6p0Z}J|<t{h^VCPfB9x~O(<E<RdH=Z1@7iYLUh
zKWIP`!{an<sP}CjVpc4;N_tE4p9~&|Ef?HIcO<sC24laUlh+4-a*Q4wI6XV#0}EvD
zxiV!3C?Ns#b^+ws@=09eRk$^t;@oC$s2)|J_k2qMWfwi#9DN0akJPS50fiQAJU<Vn
zhtAQk9Fh|R+G+JBKnrghuP^w(sbiZzIkX3UbmsbU!fg%!13&Rj9sXb`jRdP`^Qsmv
zlfGy7lPPtMtH_gS)Oje<%6z9Q!D!qkmn*uziB(F?I>QRNDg+r*>jjD%_nGTuR_NFm
z>WXC_^k11krF%$pFWMRe<@CmLoUm$4t!D(X4t(xfbWE?|%6x|1-~9f#gX6OfT=mq(
zM84eiF;ADAAbYPt3t}W9IFIgNp;-m675$t&Jw6q@8_g!dgEL%~DUB5?6^TTE791PL
zv8niBef8r;hJb*n_vUG{H2;1IIp#+GDbO-~P{WxY1uYQhWxl{g)b3X*dwQ4c|1*Nt
zw*8S$Qld!iE-*1v&fHx8bHx>--CE$tCvSc`^OV{c=LR0_i+8ovF)>;0dS|JFFWBtI
zy~1a&tD}t5UP{$PwG1ja%11;Mn^3`b&i_qK$<ltjVjP5IRL9`Ik7(iGtRLKxi8q;q
z)YitlYp51Xe#s6G-Mq}Ws5;RX)PhGz&^Bs1(kG96a%^;yo9nNg_gUDMVN8EHnsAx%
zAx~elpiq_(XTBA*;M6!iv@L_1UjOe0_3wJM28xZo)mjE9!;_)4$%+B8x7*G62*+8o
z@0z<`-)!&S@KMfgJcM4|cc0v1x`_1T)%`FNrt8YPBg*FQ#TYH+@BNmScL6Ohtzn{S
zx4Kv@9I;@cviu80Vx}5)`Yqk$FI=&vTp&?h`+`#<c>1Z*s3Ez|ALNicug`YG?moUe
zdn_X>+vc|aV}VQ@ZlZNJGXDIw&@8d&Eq1m4_}DS;n~qt_-!z){+J!>ZV{6@P;eFy)
z>mgI01k`b#OZK0Ry<g&x#o(HVN_l=uReOHLg^ThhM{^cozJ?h3<j!Tc<`?p^<k=*o
zbm3ElGwyREoA#I=e(GWKvOt0@OksPoc&y)A=kIuZhePj#eO-0#>4}g1H)V)@QRvMY
zKj;A!;dIAFcK78lzR?ONsNp=#^IqEn*K1Gwk*xh^)v(X)&C@sk)A-yan)w`eaSjtL
zGX+l8)#f0z<HCUrnUFquZ}y&1H)!~6mqvSeNS=M+p$A#?%PN1%A_^bzn?-uDrLhee
z>gc}16U^wB7uZX^3%G-{sMEKMcuZkGOXYC;t?L|XXD=2Rk%ZNg@vqMj{9eVz&bXbU
zoZz(Bg->=Z1+rov{Hr;eJa*NcaVvpKy*F>P$u~+rW3)-5I@`Ff%Z3WKbA-MxJ2bO&
zQ|i(E+=quf8X|NkK33_GyQIfsUmktE<SRZq@IQ=N@aRT2PStgyvj0^Rzbyf#!qWM~
z@#w)vc5Zj5omuLq>&YkRtY@FTX243F@7&?gQ068hcjiB|xxbfHcEOM;ppvZ;4aiSg
zIbZoiP16G9DURYAHoFz^`70)!ydMr&?(}zRAYWZN$vKMSEpIOKd0UTmi1CSu5kQKm
zzKy3p<yQXM*?mceFPc%E_Zvui8Mmt?tWgj!aRC8nb6$2}N_4io;ADHf_JeNsO*kkk
zZr7ja&ocga7l1avITu%gVM5>SGB*|&6udAo1_!Atd9YFzYjy5!GBqz^K74~fv2f<y
zV}W+^;|I;ahQ;S7QkTJVzhI%<s!+*`YPqqk-6DDdNlw^fN;;3}H<dN%#B+IWSAwjX
z@x3=+f+F+uBa}aj*+HKM)n@4@3S4uPZ@*=G6O0<|8WZ|`P{A>B)<H(n?b7C=6SIvs
zv0QR8=KR8CoW{}Jt%xpG*%tXTunS*_$ic;A#E$u2%WT5&t^Fp_-~4l3N}?4?*`cdy
zyQTd&?x*_CTTDiA5@px3F5wqy{~*HfUxnj8KgOyc$aDH6&o_<n$QUm8x`683^nGMd
z(bq`8>!&z3-V5%Pq0#r3j76LJlIHMQ^VeM4_lz6w5hoPMc)Wl1w9i{Jc_3{(cqDyr
zyjrB3i3wQ2fQ)H<ox~jOjkL_k%E69fB`SvY?iQ#I1@cirzCy|QWy$z^e&tN?{;8ir
z=7drq1EP6$1#s7NQHc%i8gn#HKX-=f5Ix$JW9W@9JC2c;Dzd8RD6@+rqng3Qqm%HJ
z2J6abFki;0Li4wzCrzb_c_s3Cbv)qJ=<Eb;7(r0%|9avil;GHCcZksM88ldk&D<03
z@&*7&1$^vO&E;l)))9!F>jb}w5h)CFtq`z%l4CSsg=K+d`V;<_9fg%lGTs#<^pk|T
z5M_=(l!G5K0Z3!~z;MWl=JP+)c<>dD%eQ@uezZ_CqRdl!yvvt(@L<MP!dE&a@0+@z
z_=EDLYh!4P*Z)Fg+Q=*@#n_<~vG7+WLo1b=(g74WMwtfmry2JqVsSjZgqPH~*cvYV
z2)FLhnq2A(f~MH22!`^n3~t$7eq)T<*A&D0%9&F1z;HUH#hqZt(oXRDQ&;!>LA;h$
zp>k_?z#?#u@VJq@KBxw$xpU-nL?SPpVC%qosDq08Q%NXa43htVa~^`PvcB7A5t)DS
zZLU=wuT^fKfBn`Nb1(tZv%n&XRm%=SXx^^HR+cdMhYh2be4$`6j0GuLX<4bQC&rrS
z^&uYfy)3R7=pdmD1=Ey^_0FtS=Fc_Z_x;713?(3zBQP=PGbw7vR}&^tTlO6E;)QSX
zZkiS)U<f<P8y+Mmk$e~3y5NPwNS{YmGFNyGnv;C3&@Rl-2~U>_%AGxHGjbA!X4h9}
zce?f%6$M<Zowt2Y0=Q?MN8V_zcW=8BC6B9rx`vcf`D=3EK7wR#*up@r_nWdST&L=P
z-Uz@{OHNmi1hW_4cJpTqARgr&O<_g(T3p=j8GZfnu!{FU&i9NM3am1zTFJAx*Q8ZS
z1$Z@Z>;nFygz{L`lD15<Gg9XK$#nzdH-lT!^k8MLgL`dB%Y|cJ^0)ZWHJLT=Uls#i
z<Bu*ia5IY^8$+gFPoqn>-&?sqtJ*H3vY2Jmyt&eXmlZJBHL-O+n4GFb+ss(W%-;w@
zEHh}1BHZAfZm@b;6@u18rsigZk`bHiDL1{MSPeF9T_nwso^DY^(bxFvZAO{-t|1U2
zc`g6pCP9Awbm)iT-36=sd|2|4x4>8&gLuH8!aTXRlTe71NvB<NRK3~v+lMEYSHFsv
z=jYyjx=!o6IjG&GwK0T98~WqUu&5O4CHZ^%^HNjmCdHWONxaU|9O2gf+Ee9^Jw|lv
zrYW9l(atb@F$muY1lCPiM0U~*laah3rEn3laS}K8Y^NDs_CazX?Eb8ag!)G6A2>yy
ztrM+9xFpfH>mfj=cIIb^%G$SKT3+6(s8}^Yifm?VP+@Jvs)_cl|D0mM)TE)MvZ>&t
zz#xE?(9<PD+BSve;O#*@hjO9LQX7=42WzV#2?$R>_g^Am0&O#YZtY5zo=u|3EO@k=
z0}d?SQ)%|THoW;)4)P?o$B~)%PLkx1XlpJ|S9k~}hqU;DG>kllx1kcRMCNvrtkreV
z!n#Nln5lv$!^#B%NkRm#^U(8*V{NNrFiC9M&|}~)>(8{hu^TcpGUMFl;8SO}A@gnM
zw<6p(ZE-)gOK)rUT=<Y2#b{@8K1<28ruk|La%JEQ#WDJjfcHTyYs4%zMsH$SC4vo~
zScjpxx%{`+;#c?)k&>2EB7}X_HZL#g`q$=Bb0PqZ4KL#)yHPvJ!AZmDH4*!Q0K1VH
zE#6N(y7Eet@yeFR*^Fa+of+F`(B9CTu4ZqR15EHlpYE`fL8MJTvGZ4Qox``t;)8Dj
z2t7K=5=)n;kU{jPL0BCQ8$qc~QpSUlrkj*Yc!Q?Gq^IW1@gRJRO=UDo54M{xvjEyk
z{UGal{oV>WfXaYY25QyC%it`B2y2F-`ezx-y$n@(qKt<+wzcF^SY45Brn(fo?q$^w
z>IojX{zk?RvWPmNDv}MyX|f-4DHM!6)rVvY*D<X&D7$*5<r;u^HTqSEOaXQGoNQ^|
z^@V~lwbfw@Exn2WL|MR}d!$Ms#W+d|M{MA4d5wD7GC|#BO5~|p`Cp<0j~8P$qW9s%
zGmLgg*|ALh37&PP^%F;h?d$oX=5n5GB12^aNqQvtx6PvFHl9jp0ycysq7LKAPzr75
zK_w*|NI1E@P7b<*d-sj)*tIc?Ki(eHI}OSgG5U1sjw6$1Cjc}Q0CH7Y#4(i<f3ycq
zVpqwNYN;SFbuujn)zflNIocfXB+Gs%)h#Hbl{S5i-S&>)mvBy$PP6cuG--<8Zg+~Q
zZb!AxDVlCXyR>gy{*#{Ie6zdC<>a0bJig(ugHR_OWRUJ}Kq8Y?*Z>r8V4w65W>=!u
z{>tA*A4T3I-xX+@ern~UltyJ!0DN7bSjRl+bKl6bqveDQo%eD_9)OVhfXVs_Sz8@w
zT;Z7E4~(}J-1JdLwWrhvphtaZ9FsP%(5>5rP6B!Yn7r2xcdbCsj1;%RyFD@NsHPbS
ze=`1MAZa640EYwMWJVQKSo2K`llF{K;n(5dW5A?G>6=}R?0D;A!-e}Db>2xw$udR0
z6Lny|?{Rq)|4BweEYn?<d>Xg125$2m%Otk0MAEeGr)$rA&5g?4f{Z_K-m9aI`a(%_
z-9T8xP?~8&o8;QkpRfGSb{Om|m17Gv^JCrg-)by{j5mB_P&*Z|gQ>Dk@_*s?QgUY!
zqEU5xC$v-Y0zQI+ZrAA|eN+FDA!;XM6T(%cH>J2y%+Ve!3t0(^<4;U{_l(35Zx7hT
zta#xgi@Xej@h6kxBZLU^4aYz8RN!_0@Kl}rF2wX*kT^eeJSAqvAf~XkG+uR1iEoQq
zCXJec;PF>VeBp>l1pmP!t3sO04x!!hQxW=Pes*1~^|=UzUF*F??6wzh|JjAI1dQLU
zwC}vlZafW2PWF3Ku%;L85Ovf+I0XmIz@w$wfRi5f5Zh(B*lh>-w5mWQK92cWpEs8a
z+-iWAX^NAF+DwNRjB0-MZZc`^Rlqf8f;JJL8t_aF!_H5DvEGGE>7s5Oss6Si(w6?-
zO!FqT5Z<H4XgA8%ZDHbSSzmM!C_`?;_dE?asp_oI@5rPmI|9T_!$V0-hLNA!@SQZQ
z$wfPL7Dp~ccfFatLs`YT2Q!(pM@~SXvFqebW|QK@Qr8bf0{6GE+ml_4F@=l16n6XB
zO|jNToDuvpC&|)jQC3tkX;Qk;fy<_!1nE$fH@lp)-~>z=&-$0-V63GQqmv{HwC(p1
z!zDNg?TE9I^J7`%(?VD*P6B=3IH@3WlH&N;M^y+=Biu`7^<4_IJ?x~^?_wupW2}Pw
znFQnSYGOEaVpXcs6XeA7ZFrs+If}bEugVTlU{^}hPk0xAi$gB&YyHHmSXWDAuE{Qw
z=3fEOHv&$UtI=^N()~AO(<*?8##ocXc4{d<jbgTmbeU6Y<F|LwWYXv>fZ@jOlL6-R
zBcERWP`n72PlG=x(~P)@**VWD5m-|Iijs4vTvs(?tt0kpAj`Hgn!U?Ua@@BKv^h~7
z$!ra@I<~T|ZiaPbf0}4L?D7<+&S3MU-reE+U+}_SEG@V&&w~&RvH5$xGHEoZrAkB>
z8D#P$onSWUU428kb{l7|wXsZ^xf3vOUU~AeBd2*>`;#6oGKCYXYdp!dvVuV^314*^
zrb{R8;?SDRAA1DoK0>$KZlqUrVpb$r$dW$#kLheLUBiXuu_n<yXvA%~72^x`8MM77
z;TK3@I|UCKOOMt3RPSy&H3_xfj3e<Rgmy1{o{Td1$IPl@x0kR4Codb-o`e!m?fjz|
z%OrngaAb*Nv;~m8An2%XMl;uZ>CfG<{INO@En9#AYm#zL`ljR)U6h+<oI)X?9j1hW
ztki^yAsCn^raTEZNkB1Ix)Fis8o9K(QhIZFXq(81Cqw&!X3Vw+6q$>N<6k40xk=JL
zXzlYcCYG!rplyn0P$Ob&{))AH?lUTiZkKf|XRx9a!&J?;7Q`%*wj)aL)9XLoC2iXj
zfYSz;<T!yCjLXLqe*JG%PR-FOy60l8nUJWbHIi^nT8e&+wLX=XPqRYcE5^G`D5SBH
zIOU7Hi{O_+HBsY9Gq$jPzh?0*d3`!nUT)Veqqjc9Ro|amU{|^LSK{h=?Xrt&EB*^F
z-TYgH*lh~4$$N6E$TN}$z1c+9mNJHs=s`GjpwfkL!dWUmb14PwxAdiqq$R)zYAJ7e
z(C2%{=ikb^<%Z}V{ASrG=eTzkLLNEC@$V$8266ca4{D1_#}o#5LrlD7(sY-A7j0OR
zI>$1fk7Qik!14V4ejv#`T1A58cxed?yU`NSOn-o#^#P2Zz#spE|A$FoF2j6ZBW{JX
zSrru9ze2UobwDBQMY3ali#5d*O%D2`ho4Tq$TvSn8yB4UTowz}kllhP3E+YMy#L-t
z797_f-^Ao+n@}0^n(Z6;H2LKJI4ct$k_7;I5adkdVKj`h-eUZZvsyw)h4Mwl7zi2}
z7DjH_QmdH_W40AuuQ}E-jI^rQ2Mm=7Fd<o-J|i#u@vMKx<<AwOOhEW;H|WGWGGY8x
z*L3aUDltr@LbSzAG$Rxpz_F|UA4IM|z|kMTr1(sDbz?Nmh~WP(Mkm>rZD(rakz@wH
zzawh22<b;?Blw#l@fF>X>S^g-lN>b_Q~a(;(rLF=C@x&28x7uwN+K{P6qe^s+*A2{
z;BZpV7znJmJ2#X?J^vC2%=^PO>CwvZpM*pS<1SJ8E{R>0o2DuTwR5X0(@`tx$#y(*
z9U$Sh&Ms8(&_<}pSPGIH1mlmsqK`abR+>7gU5A*VzLEj*ymMF<ci)WPsZ3h3cQbI^
zc)@LARbmRAgCR4IF#fSi=JGvm#VOZ+a?k&PMI5B$-`f4N7XA#z4@3jjpkdh6>i(w$
z)P02U-=YEQUVfMy?sAOnbtR%7(M~3^D{VnB9IRxg{5j7#1@dI4Or|!J9-v(lO`}%2
zUvm>gUf)C)X=eH@`7ODkk9kf<awoOojTcR}z$HO`i&%`ST@GE;#aD(Xlr%Jn;4zW;
zwnB_eH%!5xw9)x(xz_ZIb|eZwFQAxGX8|(5qiGY7!lk?CS9EqKS8WzhjAL5=O1^S#
zzZA(sJb={4X5ygWP}0@~Zo7Aj;blcD#cY4-h6}w!%~DdxXEHj)ivbXlLKg5>)3ILF
zfSlyQ_!q+PvnbdUwRKUNz+pbC8jN27Qw9}U%Fg=-otitFLK>|;q1|LL`XqMOd-{=S
zcEQO27y6Mp#^RUv=f#TJ3Reanf^p`L06jnCxOLyq>ZsNH)~X_ej1fvY>~dF)s?(~f
zYv$jo$8L+6O%6x$8}UxKBq+NUC{Nz!tKJMG^ViWwHB4ssmB2+yyxd<D;lC)voa9hv
z99B-u7qNBwsPCYje^$dG{+_g(Pc?2EhQBy~v7_Ku`2uT_0f(NSib=7~f;9JC3XNJD
zKct8MG3A(B(Vai)6q-h(cH{xs@{mcxDpe<;f}|~X!}!@JfkTrbc9)O{egarTEK{XM
ztaYF(FrU@TmR>CnLSfgqK>Rz1RYrp5RFfSE)s5c59nX=Vva83$>$vn1T^sT6=YGgi
z7fu<Ka15b|ij`?ju2j4*&P5Gh3C@d0-rh~ngo^_opp1{f?iGphU$MwU(|e<rb`kW#
zTt93ngPsiDLk8pT?g5f=HT6=m>sX{gsISR+djswIDSCiaILTodx?vet0t`I8yIaIz
zl$7c>R?SN>cRj%0VOX;E2%7KFF^3)b*mDC5zlbb`T_cdelrlFffPuGNWrOdz`rnJY
zz%j2M#bB;Z@OLMNvGB!MSciZDo^tg1M(8tG2UGzs2+TOUV9%dBVB7uHFeI_I?iZMC
zw#|}%?aM?)hnqg<^-oOB-sL~~GvQZ(?ZH>+n?uXn`c5u)WseScUNTDLUt$|k?hUD~
z8lRH(YaY-9YzZwEafv!Edu@>pc}E?WL$=6|69Io-YgFrxF)UJ5EMI%Kl)f#&nam0O
zPI`s(IBEN%{~E|`jh|6hIlp}EUsa`Tgo2scMrN@$s9WMc4l<x~v>M&3aGwB!^b30W
z6F#J5PV}mn!`NyJ;kz6IQ=FyWIZ@G#{^-@a38~ggmvKNMIQ+39`{^t#fmxL!bR2_m
zuP!paWvjA=`-;sM@8N|dj4&mPCWSd_hdEvdY%bYaR6<E7Y17BK7MvB;1<h3(c`Q`~
z&2<|+Qhp`U+O>;#%TrVhBH5#9btvh<*3tMTKQN>|UsGa{yqdDX&OIPq<H?SqZI@6G
z9uBF2k6Qed;-bS1HSh?F(4P8HTK*xtS9Q=CyD?eHLeFN`6e|%pqsXE;0<}5hY)|P~
ztf#aN@&R6Uxww-S-K9M+V5a{*L`}LJlY4r~ZHXBRyH5hPCr}CjdO7ZnR9PSTzGan{
z?trdM5Q_aD@N59Q-F2Fu&eP_zKa7NTOudg<!~3?P7foMIiE>JEB=8^qSB(}}j^92c
zhx*uLEM@d;0D>dq*Mh{?p7rsUT}g$ueAPdwF_4WW6gERJ2k<T<+?~bOhJ8k#8CEo#
zJl`r^>U>#Mav~-&KWva^onJio(FFNuVwfmfIxE|$n+kRqPGnjfWn3I?NCydh1c}M$
z6zrfw%7AfCP~ElA_EV9X-m+TPK)P;T&GV;DHu0d(FPzNFcPtY!4AdBOvRH1OM&*!0
z1Q<_K%y@rP*WE*DVNat2=&Ho`)MBYT?`v1PIB28`zMe`cpFZ6Uz+ITraU%}|AE87W
z!31YEU4{m`4`n&dW)~FZYtJgG7O2Q<9P^*5Ei)<aWIs^}w1}3GzmmO;Vg6Z6!Rfa@
zXo)NskZ)u|x%yF~MeV-lOu<DUay3m!SJ|syIA+u-6b_LH;y~|U%(Z1gr3|q_xLD`+
zRBDF+h7qL{<<HsnLPZ-okh>C?Fkc~lZPB1aVqjI-4yfuUK~3+B?HOgMSd@l4d3VcZ
z>&cWu^`!EKk;?lkWnPHGAwPua*ZhYiZ@#UM2XUa+1#A-Hi=^cAY!B=F$crh<0^HJX
zmdd(*md!PM3Oaw<?BFhibL@e><ZJ8vntPMJ@Nx0In{XoQXF|aq&1cf<jzjd0BXt{x
zL-dCu^v#%-X3JyrCL`L2;PX}^qAlChHH88L&BPy5z=*=K*l%pt<u1ClJyCt{LxELq
zm=9ClT7D4EJe~3o5y_Hi7BGz>)Lm1Y$cX|9y-f(MN|7-Tl#L>EDMoC=HhLt26XN1G
z$lyXY{R3wf@RYvI%^O}MMfBgThnPr~(yoNII>H7&E1ebkRVaUBC}HU=JqeY=5Irzy
z??#BDk6NcRW#d;{?zTvsaw5-|ombEG>VezepWv0R&!|ya`S_}4{DyI9-(m@QeTHkE
zRz?Qp7@bb0E~=6d<L<=WKdd@X<-rH)5~fx(kLa|&K6Qmt$Zl+I`UrLl7{_g!&A6bp
z$?hzRv#cW}eCZkvjY}Dib-+NIp@B0;<mFu4)4W<kZn*xznCr&J?{)&=<L}jD*H$PY
zy_7I^B|V1?O5`_@uTPcf_S85~F??qoHqO#XiR^I!GpBXUAA<>{gA=YBHIqpAms|K^
zKpT+a0(fw-#gr9*48OG}h-PaKAqnDG^wA{FdJ;Cj-uO!jkRlN$JHE|}TzztgCV1;(
za@zIN1k%z1dkP+5JWL;Y`BVaXV&BFi9woT%5{z~Y%3A#Hu6=G+`1Q0aay9ro01|z>
z&6Jfc_?XQ4h&(71&9%`>#eWe*CUkW7%_$)`k0FXV&k?u7hU#iOLOV*2NA;5z-D0th
z-sNP%EgZG<J1#c^kcGG68m|cCZdU@3%oj7NtiSf3BfLZx6<OJ{$gzk)RA$nylD<>F
z4f%BKXi<*c1WnA?8@#w_0=_pi&NZl31{V38Wpe*Y>LazW<g}&jZWw<XA&LcTAjYh;
z;$XNmWw8;vBP>)cnH&8|O3(H7bhPHLdz~?Et4A3#S-l^mEoaD>(g;8z2@#Mv0w6&G
zl-=f{Q+>;z6l_2i_dVUxGqT2zIO_&Icab3OGPLy6gsWMyx2`IKCNP>A0L}vCKb-=R
z2X6qAzfDzbn^I8Uo|yI?l0lEA9E#Z;@R&xqm`;t@&Qsd_DqZ!M$5VVHwTkebX%olf
zZx;Q?%Pr@U9H|<U*kY%sh0?{^*vH0Z*@*bZA94IIW|gGYHS?uP$T>MpKQ#*WepUf>
zzzg6nRSr9J%vovOShJ7vhaMPIfSE~blR~WpOk|W!7LgNTGULCGwU8qP=r(^i%_f^P
zjI!M;MtJ`aXq9!phE!Og+c@KKI^QnrPyeaM#+m<G{JkrG>vjlGm;41c(#%M~$2|4s
z-<xnN_({?kx#eea6Jv$u_DBZ%98rw+m^?3pa(On3VOxfVZ;SL%OU8I$i*#mf29KRc
zw=Roj69==SQKd#W>-7B^dHwG0cSiiH<SjTF{?+jZq|+B8FO1wv%)dHoF<1{YU#?Mn
z!lv^ZfHQ9s`=yUz|Bwit%8tH|#SR#&02QxP&;;~oqTG=iHN#vdAUImy?+IO}U&MaF
z8N!+#WCs%IV@@Bl15Hth5<8GU@7$F|GuuRIwpuH<kbQcdUcfew4nJ9G8jT%z$GCr#
z2v5gvxMYKr=my9MYUMN<%PSfcXsl=#XS?e>6@Mqd_uOVfM(RGlYSD$;=mV!+^zb^@
zi?daxhsppuoYP<SOItTJ$?HGheTiZROn)r{Zs}u9SC#=YQ3<dNxS{{|TtIHAKCRlh
z0rH@iOSMs)Eb)b%VgGRk9*BRnZIAT)Vq}j)YmL+Gsrs$aP}a6ZA@}iHrNIceLdJhC
z-bd@(sDW(1F}+5%sjQD*l=Oo=jyW!LOO$E<hXA~e*xviVD@PS)z6|e+8aw9nxdRaB
zfMLJW07p1r?B6uNGa3S@Qdl*F${EWI%QVb1ipzxeBm2MW;(M+bA>V%SLq!iOm5VZj
zel~)-R>T!69RNmtu}-&P3P`Ga(j$%aLB*M@pjS0z*2sPf^|8;CUaCV>r{{eD6I|Vk
zBJHpmibUc5%+LoBwi;hXku8%qpUt>6#44HVQHlFcg5GlGW-sMw&jVoDPxk3#LVK;o
z7o3cuZc%beZCR%saviN%uJYd$oM_}6S1l$TKhA$Z%iVhsy8jN}Qwn+&p(M_(S>#Nk
zx=f>yJuf}mE|YV-EPWH1cbr^oBLq@6DrVhhxT)tQum6=tV2lc!az+8P62zRorT{t#
zVNUZ>01YX81HkkezZ@CLXNxtUWoS`YBKrxm-#ziK?xNr>jQfdEa20%k_XOQ_U;6aF
z%m)zUo-u{Cs+iWKN$Gt`qRR4l`%QgWE~Qy1$9Y+97L^1wemMpH*Zl)(a023e7Ehxl
zG3X~R9&z51uZxS#sqY+#iv@%TN?nMH1BD3uT(-{ypgHO*sws_zxi92OZw57!zcZj>
z2aP#0ImQ<I3ley#OuMH8ZG`PV%6UpD<uHqs))-S(-%ks#Hn441OFIBI#-GX$xhouf
z5v$R4AxO6O8nBhkj+5*3<tXQMpW3&n(u%rE{{7eAd(OwMf*X{J4Q7lX5~M4$wZ@+h
zTY0vr>uc|f=KP)JEabcbg)P1VRnTgm*{ChxTCBSyA&Ieez{b}Ln0>aFZHW&Zj1N(q
zcg=|stGMiUh{V9&B(Rp6)f+L(vaUoY%Ep<M!DZW_V+Sk!KT~?a>~|8z*CvTa*y8UU
zzT`qVQj^ODuDzY>285+Jznvx*oTlsk<ZC<}!t7)5pC0^K#=ck4cqq)?Ho?o@mX(Nl
zQCq~IS1)B#s=#$KBVT1JTksDcyZ^_2=YM3gv@~{N5Z<N6>{)nS?dY}*^a%ea?}2;j
z$eka;v3d9JKCaYQWmnhwlj>cYvfs%YH@1ZhKK3P<4h*V$8O?E4940%>J(M3_O0)Zy
zCq86x`lDW0GBg-e8}`ljf`<K0O~nt@P-FJHa?ZQr#HG0MLu0*bQDecflG>`d+M!=M
zNgh~@wdr%UvK5ER0=oQcrv`I|0=m@9P=mQ!HnE)Xq@y45i3AqUj^5iE@V#JIIaMfp
z{ob$8={6sM&@$r}l-Cj!cort9w0p`xTTJ+LSD?`pOt)%~DHVRs_s`J>mJMmNY&sAB
zuhPL6!|cn$7jN($*HgReo>h#er#6N1IAeWW&VFV43lc^3Po)cO#zv~y>F~kw@L>^<
z><xh}_gMRyZtyAp+Uv1$9jb9>KgN~7u+x1$bWttfxN~UOJ$6oa9o&8l-?rwJZBs`a
zwS<b#g(1XbNmcp)Z@XBpf+^?fmAg&{@SrsG`2^RiL@mBwKg|*D4c`M=-#*J#fA)ny
zu%H+VBkG@uHz^j<PD}pC?eXW3r|0Kczu8qVHCUrhe7hDf0mfK>XPj`kvrpz$cG#iq
z^_}JjTuZw<EPy}Oci$|nQ5^op#8p28=-;QnAhaKE2nBn;E)Mm4TygNX8P(2vsPAmw
zS<7H}9NrmT8?q#rnW)IiRuhpW4)PHOZ9LTd#tmJ^z0aNRMEDekQ3cJ)3fy<bfb&ny
zc_z5T3psUeaieXY)u#HIOJZDkHor&S*S~$G->O${@O=!7Ypd3d_{LdUM&ElG!IVq3
z$PH5qw%xx9U+tulcG%uBIQ1I+wY?s`$H>{fi6aQkEx0ikm5u}PeOWQO=K-!Ld`^{f
zVSjv&-=3L_!sOH}_&=>PUQ*{GnqOs%w?VFi<L96daPezlvT=Jqhd2*iSM`?r?H7|<
z4q=T#RX+ZRm`lps>F=E=m$_ND`|j|HF(sSIErH{8cX<359w{yb{v7ok#Xm+%8ifxA
zP-ylJ&@_7oZRdq_kJQ1gYdKfOk+43r4?0G$?31<HtP6$ikN}*_XoM*}J;fiMn{z&`
zRhH4O%R~Aj(4l*+qD&o%iaS!JKWBKa8Ihlp0SE<8&--)yHRH!TQ&TX#856c&>gukp
zexDRK0oMg}396L3#A<7HT0d1&@I?H<zG8;1J~Y(<`2?N{QTxWGo~RWr7f4O6)zEn?
z!PYRy4p*-F>~0WmM(g1(pApx(PK1op|IS*n(gnHsLj;lj_zxDD1O9{v(df<j=*?GT
zL9}V2rj4$w^d0+jO-ZNgUWgNVmlIuxqBfci+jpUm`gsN0nkbOQ#=PwF&%EcQTgz?x
z2aWMD+y9K#=$kLp2F!d|>w$Q@dgoZXW!AJcr0i<Lz98*$y(Wu$byx;ze2dm1_)@mb
z+SkkI6V#`%yzAVtET{9;uX~NDy1QFHK@G;3y9wOxLg*poYM|nFxJtAlm`!3md^L7)
z4y}>kbt9hbzYHi(2_~#HabXu?K<;CP@e`SlYblrQxh5cYr&^B0cEv__VLIiqyg^HZ
z^pQW>eDw10Yij&g0W@IyE}^<fX87kfn^R{YLVQo!$hp6lHZI#Axq%&B32*w$+Eax(
z=?@<e(l33ttCoj<1=DcceU$F=*_LtH-hM(wz@i`b&ALq&nz~6n{r&9u(rRkg%k<c-
zIWvHJ5bZcx)@``{hfx`1q8V^A<C$%Ed)&wqL&B}LWIC=t-={}96Dhjvk>D5Uxn)Sr
z=VENxBhdD^rD!~IN_rpaftp+dnQRB@)1=d}M!49cJ5H{ehns&KpWI?rg5KsegU#n=
z3A>z!Yli&(jVep!4m0<#U235??g9isE7eZ)Wt3RR>YA3_%uX7sPh-t1r-fJV_T3=I
zZm@`_A2kjytM7!@>Ne1yxSi61ST@tt!sM%V(t=O^8Kq{<5LX|6b^H%`Ce5^1chNp&
zq3cVYHFVk?xB(=Y=TT4_J~I<8|HhFcY1~XgX4VT9a;gk*G`Co~+(`|&7;$u27Mj}*
z`KVu>1&LUxkZ};_7%rcFB!CAll4ns2uoK0wF}#T)VqbUOdf(Ch34><!4*Q^xRhwlb
zXei<ErR4wdbX8$-G)*_SEf#DS4IZ4uB}gE+2MF%&?iOrucL?qTg1fUgizj$+5AM#-
z`(6AOGu2()v(GcrH8tB^r%t2Z%R)2g+FCR#T*JL;-@vsY|L9RqmJF<h9SWkNiZ{h!
zQN;pJ3YM46z;Ry@-M^Q&Ddv&s8?3JmeXwq{35U8T+o6>#vTmQ24i)QL$J|&py!UtZ
zc+=;nuL=v-yb-GK-CzISrZB4H@R4tJsvHilg+O)TP8x2x)a)ywbb7ncYweMKf`^qt
ztXZM2+noe&3pIZgZ)>r+Oc}m^Y(|O)Yr;E%Ug+80%|yQ2_AfJPhnKE{>k!cV`}Zc_
z{AC0KNAGt~5H>drZ&FUmF;7QMif(^>U1v*RtfKqm1C5@uOi5)nhCOv%hNWS565?6F
z;5c&>i(Te{{vgdVXm+HHnY(@X`h3l@Y+855B1kYOOLdDTzfUGe@R$VCfH&zX;|Oar
zK+h|&=B_ADDa_W*?};~)!FXnGGAU$D={>yI&>aB<AS=Z-gGGx*HBtia@8?@nTBs6k
zpP~$5<47vA_0~_W5i(OoE`AA1*HKek;TgxK(4!y^Ga?#-gZ~6qlgH<NoJAxKv*S!x
zlB_I@e_xewAvuY?Ri8`H?J2BE)-71RIO@1Yp4~B!uL!^IJ?>%Xdr_rokx>xA_us~}
z$I}U4cfZBo*k!<7In1W}EifLuEJf9_^MlSbo3K}*?`~PXHb`fZkgCN_NWt@f3)@~O
zWZ{f(b)5&zaWIa7a0QvE;V#au*KW<K@Al1V{$bj4a>$|D>*xB|HYjPz)g?9563n4@
z&7G;sjf};0b`)_UzH%bozEpD;H6?dE!N$g%EKoBn5ZU5lQ#%LETEpLZP2j8wilg2M
zwA1Ln@M!;~6J824&TR>vYr+=_c;n|f1dWVA3;)<{cFE?V>r3X+e#ud9SB=GrS720~
z+Z*nE5UEQiv_Ko57)3jmq18TXdZYL%GqGd>=aBiN#=C#he+8?}^*+ZQk4ETNpoLnX
z!6B$pIO`ZDyoXP?iAAn*E!$Gn5*u;}`L_23O-CI~@R-*2jfd-ilrk?#2~Ab~aYl4e
zjiZ=P0Q{wUO13#ymPG=P@^u!HLFw(9_+FSFOB(pmE|I})9$JAjxlZ%fXKnu6C8Tf<
zb;4R~v`w=np{^={tuKi(hvj{*R}PM2&boXZb^2}ewJPe6=VK>ulmA1bbvFI)b?x9N
z%X4dc6&BprU&wYA;ZAHaIC-aDVyBnRKG1KJ`^pRh_03|@a8&~wFISf#R(o%fa}P~t
zBFgNEZ4$4GkFAM+MOcZ?Mc-c4TiuA>g?beYte@mrt@okB`|~<ki|9hY=k>p>qAhNL
z|4o=J8>2$L5>@%NRZw2?9}ZCtcFnato7d=7EKIic{K6^pB~dv#j|wRylBk7CLw!m6
zQu~Juw?dz)ML2B$tNqKqmrUmtUs<^7u!;yen67Es?lwk3m(G(Fqrp54O@Z~YjB$EU
zkFH3c&TDO9BXH(4(cNmQ3-#RAj)})zty@gGg^I_$!#`BnQNs3UUqgCdU-~UR=3+90
z5*osbF)$cgr-6p6A+er{#HT*mRSRAGhIpc`fyVSJQ^}X|n-M^{+^#l;Og=jC$-KZu
z=dVBYCS9Wfwb*bviJ*3D4UapFQN~20#Lh%&9vru@a2|Z9d6uyBNICf2RA92!DeL)I
zvA-a$f!1w6pciNpf}-)?@~pc=r%gz|4Wm7|8kYN1bFnZgxT0zHxH*OvE0ON^E}bvP
zxTq2DQGivK`bVpzW0x^SQ-+G+@CT5TsjNgG9%atnGFpIQhvG+%>~&J`FfY1%+IXCL
z$4V4s&RX%ey?-IGx;F0MDg{{^k@+@)O*DJ9hCx00=pAjP<wh7XKbJI5uzY#^`X0|x
zQ(CTz9(`pO>(;PAg^{VOkl)ka!TRH!J>7Y<_Fqx{0?yfvcWwLhLzqGC;{6G2yr={Y
z!+aObeeT`WpD`RscxhLEk%V~Iqjo@fQ3F<RJeL&u0(k$6=>*Mn$$Sh@9Y|0HA7Y8W
zm%?->Ng#{t$7NU-6((|Qjlm^5B7dDw=+ohqa0;`3@82!sxHGm1?|^%<rgkn~06yBb
zgxPhdBih}w^v&qNA0O+4@H*h?3eqk`=!66}t37=zECH;$#5y+boyJo6N4F~gopk!+
zqMFg@?W69%Pgq97WGCnp;dkfbWPKJMU!KaG(&9Ze`mwdXs}>)f7ph9(isZD)EjXtQ
z#d!x;-GSRoYVW2$KP@^C5_&X9AarM3gm04vSM6`eE7rpYPg@od$aeXcIrrebDjl)k
z%T#b$)nJQc+ZU?S_m&EIptYZ(3ukxA@%d@E%AAQHK1iL_4~T>aybk+?=2ujS`7JXJ
z+eII%(F6gMAxGOnL<c-gZtrnTCq+UgUnmjP6q$rmx%dT@ny6NMOEmvf1vunmKgvi|
zX6h83J6)rkT%-v8YeG0beHL$djN`*GKqq0`@%iBYBqWyMLo?+33@Q8AKP@g!CMPgf
zyCNjE>|@M4ucW1NR%^$6dneRa=@atZg5s-)1DaJu$a6<Xjq(tKR-eT!>gmXPIzR$0
z_W|Cco!{&G%@<leUaVTBY=yLYwLjonJj_f&;`fW{E%JxmAuq4!Y4;BXeWh=*+%q@c
zG50^P+E{dp642YA1=f6vmb*s8N{!*T5Lu_YTg%#K#wh$DIiN>xx0*6_?9*a#`WXIb
zQ+h~T`={S#CxF^kd4%?{C$@3tjCO2wtd`8@@WM-kKjFS24(zYWQn|l^%KuW}2#9<@
z<nkXbTR9qT6HiI=tN45wBCvYQDBygK(AR-dK>aGMLUvzXMIGQHdY3^|W3MTr_O??N
zRazPj`C<4!I$6}`xSkh0x$`tNG>$)W9t>S$0U?U7xIcQ!{kt^S=O`FKT0Kz_sBZE}
z1M+uq@t3(}(s(}`j|jZ3Mf$#BWrHh$t~y9Dlb#<@-ALo7N?)i+)26cVU5_Vir_6el
z(E$_41NlBo`&?LL1cznQdZO6y;v(#9SMQKIN3l8y0Zja^rJGYW1Xp{c0<6DlzlyzL
z1J-2r70}zJu<R@WSTU3zR!c3$mr339`*bQ0Ga^;T0`p^g$O{_25sPEQc=_B@t7pm+
z_?QTanGCPfo{}8i#xJwqe~&1ZCQ@7;r?{uguksFudkef6B@C_u<Z7|&NoT(w%KrRr
z6B-sGye8h^@2zLDkPmLTGk|$0({n=*Ixu1F@1B9HS0<|-%2{N9C{n<L0KC%5@1d;+
zVB-h>Xd+ya#P2ybEyA!|%7I+3tv5jM8(_IbcrDlHmq-$I*GPHY`J1mGeRV|P*=LaS
zU48;JIkQ|w2neaqdAC*17<sI3<~WlSi9q!O%$J@0{^o8}h+GQG;JHGivm^GFkJPSx
zAH{-iN(IkYwC?^1K(SQgQ7+Sx4c`-e+KJ^$Vh*}@5P&KP;28uXveO{5zu5!h_l@9p
z$VBttU@wp0{KDRjUf-zRnqI?I!<WQ2>;?hol_tv2f6$Q6jJ@ZM`47*F3@aflKu-O#
z^ex=dbzEaEE~RRBS?betKTA(*Woo*(t7KD84i3;R^RA5NT{1Z7LGIl4z*j_0n_ZQ2
z`vGY5WPQULF^-Q+&6i8pOS<(Euf2#IV!=*mAC3!>Hab)j%?mk<3ae+FJl0EReoTo%
z;zir}F%dwADCjfM08=3Ta0sPNG9^dxE))Gq;CwNq1_J08qO3T2G9^+M<cBMY`y1Cn
zgey3t{RqP40_Ji;6R*<)l(W*2r>EhYKapcDfjrhLS2qK_h6Ws=1M8Kxxulue%_-kF
z<^}e6gp;-1f`Qh^U_`EoGoL#dcz<gngEu^Cl2|lTr^Mg-U?4}Z>0g8yvk15@2ZW^%
zpxtA5TQ$H~lialWQSdXs0V$#_7v1<S#>BgMfeGfTALULtXdS_s1T>E)+v7L(Oa;D$
z_Yeg|0S51r3a>wg67JX-h2d-^f0-}_6lRclA(?0nhJ@yVA-owyGP-R=GCv$t-2h<Y
z$H<aH3fL5{CXadt2hHky`~>A-OIKg~P!OmDWf}7=$J~=n6L_J@4$U!KR3pIORa{lm
z6OWFgRWwJ1mf;9aT;M>8DFMH->&k^OjTS(C+cixkb^m};|3I6qzm>l9QQAX<?Qzk%
zoj85B2@`5GK8o)t|7RD}8_W5C>d;8(eTu;|hqCaHx_70r1pKchx#1xoBY>6Br}yqM
z%~Ts9{sUASQ?A^Vddo@y3kp}%Gj>ijJ`e(w+fTY(YtlOSKlm?jp-ZHHo{$Wzr@TXf
z>W>%!I;4X&AEGG@RlU!5Y%dezWMs8Uw%Nu1;T0$)inc?6!ds#kvlJY{yVzH3Gdn9b
zBF)A>+Mkr3kFl?2jR5q}egr*ql#1k21fgLl&b|@HjG$Cm%!z^3ls1Is8}Wya-<F}u
zv(OIC6@PMw@Dobuk_kEFfc(GPD*v`_<T+SK<^QbWoc=*|6!fhHAq)$L{3<2PC{D^-
zIZ35%AoGr~${FP(**yD}{m1n}2F3e{p1x3&Mu0^b32PV{i&VMS$LdvUk9CT=vr{Oj
z3o{KGk|2BL!g^OENaY#t7@M^LNb3uADUxEpio%(25)9f9Lkxaf$)5nzCmMMdImY@W
z0M;bY_kiX9fx-5GBFcPH^7!Iv_#UzRh0J@J;F@$7Thd|(ngb^DM*i#3$K}e?DwQU!
zwP*P;jbEvG<Y&i)sak?%<YUj;!A)~ye6I2P#i=TQ@xr4{u1}GaLXrPP*bJn;fSIGe
z79CWz<uyCJR=c45BByz%lIIfFZJ-%{XV&-5pcwO{M|I{$(=?!}@Oal$k~2DzuxJrD
zUc;q5_?kb8lkxRDpiq$Az2@m1CnR4tnu|sOl(=g%Z0@n%(%ToW2nLWDA3?VJ*`wbu
zb+!>kngrBa-Ey6(1H8lyYbyj@$$Tj$AjU!Ty(99mDeiB4dqtWMv|0e`udQcdmQ*A0
zO6PmD!|Q9t*fy9RrF;0(f6DGJon&K<ss*X61IiWn!8R#h>@*@N%kibScL5FVbn~Es
zCf)#!;n9<#y6nlwVg{G67l$SaNhoD%-xa0xZG*0UnTzz$nE1=9o+)I-;%bX|{SIe?
zXXFqgu8VHm=in#rxYnM5D^o_jLF9PqHA5=PgK{J9W3?-jpnVy~`HUk|`x`+UyoZ#|
zq8`4qsJ8ob_6p|ryR~PyW1&+z9=ikO*3Z|S>*u@3>MjP0kE_qx;oa%zmVzN?8nT{J
zj)FOOCid4WxIgUdRQ(hz>D<N;8=eeH$TYO?d#yT9X|64iEoXx=+zp=Xv>kOEB09t1
zv_%TYceByUFHWB=QRidsmyBN0O;drtK~oP&c4<fNE>1kTdHXQmND3Ew#b7IUJYSyJ
zc{?x(L|`%Y44YxCy)5eQ(n*#f5#8w|OEbew<2>26%eI_v1$Vy1ro|E@!A<iW_$B(H
zA@1^bmKri~?IQS7FH}PIZp?XlG(r=9Nv5>H)b<q^Qy1yDx6V9yF{YBb#{8mL{n0Jv
z#qX-DYp7YjV;Gniubq?`N)_vuJBv>`n4Ua{N}Nvqg+1b_e=T^&(z`s^O1a9?Nr5=x
z7riE*@Cd{!BbfK>!iNG*Qe#TfGY~w@Wvw6+#UR<n2`)|-PxE;WK+Gt6{Gvj{s$_+F
zYQC5j9nW3LEzihA9f0jZzJ8j~lcY-ZllZ0Qn_m4&RzKE)Z;*2w>(}<Uu2!s(7eB;$
zzTn<4gY-UO)mqKR9hm|(Y0D+UsZ}J;jedx!px|VZGf-*P6)}5bTsx+~GZcYLhI$}2
z!v@jv55u-0{<`M#3#rC2^LNr8Hrx!hH3)Y#q)?q5;Jz!i=ue61LQ+v%cyUws;MYw*
z0j#i}^;Grp3H@zW0uA)H2m4t)Q-Xn$Ty^h;<Q`pNa)#-tJ<8V+xy%ZGe_zGX*<C6L
z=tcl0zLZ~WDhXuLaQv3OTCKNwqEFV|ey2C%+RAL@8rg8cX?tHz)$NMK4jsi#C;T_Q
zc9{mdv^NBm^VFOnpU-+{J^G^{3sjJv4>p8*S7)l=p6v;<ENc%b>OYhBBP-424;1h7
zB@drjQ3Vqw78J@OL3DQR)q*sB%0|Yj5`elYhSx3A3kpA*L5Ne{0-ma__-f{w8X5UU
z&XHI{hw3iGCFv0gF2v?p5kdTzr5O<#yL`K)`<7av`IN8COR&HEr5l{)o6r2Q8mg|o
zdZ8O5jDXnNx1vhS#(*^-w)(3ptgLsc5LtXP5TERCf9h>NltDm1BAkN$t<xT%2y5~F
zol1l5W)(hJet{R>tK75`v+R>&$sr#uoqtHl;TaRHe}BoL<6t;N#2dAW*g)K2xd8D9
z1?E>bTY}y6tuWP!jH={M!{MZzoWFg5tfafC7DYSGtJSnaCLrVQ;1)t?kG3!S*$!4-
zgbsPTau1RLb(~GhLg}?93q-3C2#<a8PWNeY_oY(F8r-2F7cElUmWw&Ol<Ni|85qh%
zJ*9l{WfS+y->{`5UT9|<`$3AS>N(WH?+~BBr3<qv;|WfBef(o0(rmcoPd2Nzcmn=@
z19zZ=NfgyUX3g19&XO8pQSnWN*hD9Nyn38HiJBL6-d7`Qo?%}X>zVSPndU025#%nj
zKaSqkgXLGqBTgA+Z$SE>fYg~Q9`MDx8W+CJoD5RohIqw_6jRHy4-)`TAF}f?;fLA_
z!|@fVS;rx91rT14hMj=nJiD-<oNhqfC$`;z$ACGbyG|@|Q4^)<s9TGQ9RsPd0=yxg
zG_POLIQ0Xf!a7_Q5nqS%zrM^dPs<^&@ymrWPGnGIf~mcWNFnoP;Xj#(8W<UWyyYaJ
zb9zVP+gci=<-6%2?`hmDWev&_T_8BWJ0`!xk8V)1drMjJtYj7c!)w>~;<%?dySVp{
z1OK<#%({EU!w6}uTFpx~*IiZ{z<?n*i9lPJh#9Z)l^(N8H*Mn+@10(I??WJkTM^UU
zl`;i=1?eZ>n~x`PB8O#~arwSN$U{36Zda8<Q;p=}_yN&HKaKt1qKQ|fMmN0yQ7x<i
znH}nJ8`s|E#|_V^O?ZMXFsdxO9SO+syi+YX^xoTfDXWzD21ry%badygmf$gVSvg3G
zVu=|{hAkO!DD~R{wQ6#`L#yA1|ERv=K}MH}VL`>+6<3qN@Ix9#1E%{G35%i6oW=gA
zk&>5hoap_kF=+mf;7F6Pk#OEZv!{`&&rf^=6y>aI<65&dW4V!R@W<k=vdeLlbCmAZ
zGfNf1ZHQ{$gR>5pm-Te;RA@Aw@f00<qdS4&)4JO9OqB<I{5*P~X~t$`gaB#n2oWMb
zrd)eIM|KMvL4N*`h6B4=fl*-+6VWkg4I_zVyf~LwW=@i@`>uTNZOxOOJ(H3cVqeTV
z_chdsk>DDB9~T)w%)Vm%fr8-8pbHC(#34(V1BGH0kBi?cr6e>{z108&0l(7Cgc$u}
z7;nnb^OR>=_!~9X)0w@9)x;q~BpiGOjC0*T)s`zawa3%X-BNvf*Wxz{AqCg-I(F$c
zHqY&tAbaO+hJmeno6$TmtiL}%J9S8|osxh?Vzm8ceAg#L5?4iPNTnoTB4HrETVrYj
z?_CuVr@8EYRSZx+eoBOK-&gSJToNF~=h|H`^@G_tezQjrODOF?$%2S-3{xW2MAr~*
zHeiDAShoT!u4aO~_h5XyGFC`Ff_Go}HaITPHJ+j-5dE0YfoCDc2E_)gCubAL9{<Jj
zuyG9d>*qa}{b<7>V>G`?Ff{kQfX?UB2Js;tqj1~4byJmryi%rp6H;%_nysRcljRV~
z)`;&pRe67tY^Rtq*_k({(x{>uFK<xMvboTvuo8O*BQ1vK6@Xo~ecwY;%LSb2;SNmP
z_?AizTV_HwelV+x0ZRb6=NZL34x>{o4B|Z#>50Y@?G<O)x|bdt!sJYc+>H#-{*r<a
zY--ca*u{U1^$gJ1k|!gbjuEVnmba#&kHOJpq;P&+3{Wey=d2*bOxs}AwP?yNPyjPw
zSXV)w3;z`*2c7KxZ*xF!7TP|^e?FqK90V1>dj5*Lk0@-hDgs(aDWtCRs5n6?$D@U^
zyprUKWKr}Y+D6XEF5Ld*lqF<Rwf=mHVy-)k+u7a?f_9lZhfEE<-?{wf2m8pY=sA0A
z4w!H4#3=CXJWxxvjabrUiU4sAMWmL^{>YbfnSQ^QB4ed$%K|RphwkqJCPYjkx$6uX
zLi7jnbvU<p(VoA$K=x=FaI4@8$Q~?RAW+f=SEv0t^tO2MW+TbJ=kNk0Na9~G;PmuA
z4=FW%zP0L|sz(a0XD><TWl^6RQH8T(#~|g<Z@8Ty1Vrf!->l+PNt)`iha&wVXIpx#
zA_P>sJSiFbF8hSlS<=rF55lv_j<Gcv@-eXlsE&};>*&|gii^o1?}-eM><F5*`Vi+8
z*Y?D=!V6T<LZ?#Uy>s85s(G+~9W4|Y>zG0Z@X!!6u`_kReCCDrEGGwfe*X{@#9AYc
z(roP5XzYkg6w0%9F;Lcu9yS*&B%*}F#?jVbY&kF6F}yGnX(Y~cPPL`W1W_eT{+G_i
z!AJv6R(Q|GK}QdcmP>TFH{LcGW*qfSnDz|vOgPti52cp@uzUAwqQGILD<4TnYDWv8
zIzAvi&X3ja=(NLt%i!<lwR4MU%jB%xRC5C4Jce0sNvk?tUKNDrUf*{CJn;1BtJ#Xi
zd<p&Zb?)v!js8kuZyII$0xmd71#sG<2jY}f0pACsKctuMLKR$K>X||O>~!H9n`6}9
zRq&3v(}}V7+Bd7A&hHAn(nDLk3iyr(J{>Eo%|FQse*Uy|6aB8M0RdUS9ohQuaYE)h
z<vfG`52TgMj}MzsB2|CR7lm`(1m(u0v<TOanEcg%7{FO-=1SJ2NE3eD>V*68rm?*&
zJCoL_r)x9AKALIeYEKgDJ<{4ANEQs|w!%C?x9zCuN^!_M@^yn*c7=9yW|BH|WL{-5
zf6}eKmQ~Ae7P2Hg(PJd7vKh}XxvT@CYBRV52L+-^cT5*gumjjOo&@J+TqRTM{CnED
z7&K(bq<6WFzQn#N5XvQ)X>;~Bn!hEbr^_YT>2NmKv!v1$n}087NTcJ_;f($&>&wyF
z!3~|6TP>F99K`x4ktWNXkh2m&N>aK%HF)}N)q1?9o;x_T7UAxV+WYfMVeYdO{bQWD
z;CGZN(2L#pdU`8D*(xO8ngn@hlT7rK2QXp>gcrs!tC+l=@xN~F8cJeHH|KpW_IAws
zHl##?zkjEYBxem5AYm;LhgtK`o(A1H6JpDIIC5NXW)QIEx)vVR-yQek9)4ss>ruNm
z-?E<C@0TSujy1~^+0|s@{Drg_`_zJK>a*p@Ieas?@h$#1273HqnIz26*>epeBmqHP
z{~w}dY3EM+WhWaXC+)eW*dRyuT7>L(b`-NMl)W8OoME<R_A|AYxe*DZ-VWH7j+}G8
zggE$<f%3WbH3<3G7iZR9VH(`RB7WKgSZZYu=&~I<bJ8JyVY77PD>*D%jm<X}L=N+*
zh`m1sUfjjasJewTSfJWYu9pd@OL_Z1D4(PX%LRn3C(rDCApP#DZqfJybnea1>_mP=
zpF_5zh#Ovm;OCX<*&Yzx3{j6h5c(B4vd^$uTThp|qd+pr(gi%Z4LY~?!u_}Jj55R5
z5d_$;4tn-f@BM|NKrCud--*U>DmKNWSq2N1^C2>IZeaaIl}4oc<#xVPH&d!rl|rm~
ziWC&7BlGl<*7}v2$C{p^R#+~k8m8sZzhkyGKTG=<+al?FgOuwGzhuD5Hbhqhx1@5u
zrRE_jxO?$_;^=0Jm4xk;Pz07{ORv|IW?QQJ-|4@S1!CrX;&J8JP2%y7JEOX%j<LZD
z3|5jcwl-VlHKOhC<xlUX1`+u;g>MiVU?0wfkLEu}6<-}(_-Q76xC}>8(-zV5XA`2A
zCPh|hAHJP&3F<e(N!fXe1aw|h%iP~l{dcy!c5_JC6GT{oa|kA)^AsOCcz0kQqap1f
zxPCY)A-vyH(}93Dv`6Zwu%0m{2xdN^S@U~7vV;0%1G`T8ds@b1O#^5qw_K!&W+nFy
zfWI^HB`wI4_uyhjyaXVwW@R%ez2}}ev6UwPy>?E%Z`%i+O(@V=At0&J&cR(d3Y7e1
zE9DazlQ)Oyt*K*2R%xLM8{{<+L~5{ourM8FWKDrQ6z3%X|G??H9M^kpkrO+D0HVV(
zb^I|ldkzzYC?J5S9Ci-gY~`OLmNDPt>ru`xY7=(x_TH7X(tmemsL)@OfNAy8f8oD|
zUT1yVV*77q-AF4wT6;PF_>+zso;wN6Wh$CCF_v=GL=P4W?LCnF?JMjPBcE)ez(MfQ
zWQ|N?SUX~h?`>uw_0dL(eXJ@UC(*0*wMDEeNxPf@Al~{7N~OK>C`DUQjP~ogXQ$;R
zJv|ksWR#vob?YWCojhrl@zq5Nk>4AZ+$>YXZmWPRNPknze)ONTFJjk~!+jJyEav!9
zJo-$gihrYMA7T){B@r?20u;YBf_J!JheSXTSCgPX9!!(Bcop7NoDm=wpsGV<!SGwF
zi|`SJpIt85kuzq)JM$wYPd251UUGc$#1w~~<|q1WBhNP5m?46jt*!;Q&$0RMAIkxd
zaS;6DB><wtiFk7WfFyz7+xr|LJsZx;<M4kHFnnucJ`5dd75He!8Cr6S5jSXp8WuDd
z*oU2Dh`Fp0q2aiFdBxN~!Z;k{PX3^cn73*lE}%O)9=Ylpsn&7SF}gDiEVY?0+SoBB
z5xGhOx$0KE;KR_-;ss%t3ZPLEE%+hMcwbN!$mN0$jaKQ)i<1O@8moP#Si`baOdgXR
z;xjM~7US9dhq}^4HkGr8^#sn`n4bnLEgg$~p%a&;3yvBSSY5<2HRUKW=eT<{gQ9<V
zf)|aFyHp#V&;PrOWjkWJkUWw{V2^@j&Othi?;=u;U-Z@bWKSNWQbY>&98?ed7}YEt
z^_=>(M)rO=dDp2p|IzLDm~mOsK;HFAwTUz#G>;isYR;c5&H@YrZ*;A|*(xQw7-xK4
z^Ht6iWHexQ?amyiiGh->z#UB*FAQy<d%WYV2mZ2%Ahy%^+bC3fr|luyRi;vI3rV*{
zZdj$(V&u^f6jX0u@eK3pB6Iu}FU_H@Wt^(Wgy(74zOHePUPs4KEPNBAIBT)}b6Q#r
z$tHFyxh}v$$Ki(q<9zGEa{qPERp)(Bxy&MfrQYnS^=Cy63^esYTFFzl#>JEedS=@@
zLAwZ0GR1H|fth;>Wr_3>hVQ%3WNqx((xvf0)YX#EW4%8NgI}Gz95;awdz1c|!6AY_
zUuVRYXC#L;Aw9JKxD+NU?E5Q-jbxfeb38L*!{FzKleZOThkZ>*V2S&{<`SAv$-j@9
zsECt)HugF7hDvGyHiPKFjHzj}A6cPNv~=4UwSb`^4n8?`<~p8{A+|>%`09z-fnU8B
zb@OJj*S$YJ2zmY54{qZJG`ghoH5D5ZG~U$=Gx2%k@HLr9V~KZ@A``tvdD)JQ@dMa)
z*-r(@%MZf1el416x~6yqJ&5eG`=(KsQSio6dXol6MP)plip1vM^7RIwZ8>lb48D3@
z{Cjl*Fb#q~bY$Q}W$y_!nGvr0c11pCD*>xDr9$aci)ns+>f8D21aOEm*}O`PX4D>$
zQXRjzk+(Ig+Q(&WJeF!H`<&lwu1cU#@^CZM@!>hWaxvct&>fe=rf89@!In+vg@mvd
z75nHw3Vn9sfK4*75#{gQ7qFquNKK@n48~bV1KCK+FFhf#TcOl36qE6s`XTq2TcEk<
zw8?CONEs&IS|a2FCE4Jc7>fl#eecW6i$iiW`+L04-uYac51x>pGvWKXkYQb;FJrop
z-PZrDI2zKWQ3`1s6Zn10Cv^T@{Mma9>BeC?cf!n5w%~ZgY+-yFop$M77c$#w9d?>j
zA(z8^S`RjNiWfHjoDg^DQBkm!`>rA7Z8(uGa30VA=XhU21r!Y}MLws;a|Rm05Kp+2
zQ1Rvz3^lnwXPkv{d@fOg>ERWvX@6L9KShL`(hpCpmdY>g+1$2$=)4s(n)`zW&?wSM
zzytNsqt|CDnOX{{xVk@lff(Usgr~VMR(yp0^kN@ApAf@k<5e(C7f}f*%^mwWzYt}2
z?tDZ8fyn^iJ`*&)$4V0_srb<ZobtzT{=)j6wu2*L<6fp9L^bje>E^w?f^o~BoaK>f
z&^^c;KDXi60MPLq5*~c{dse9g-^T!B28H!Ki>?cY`1J?}R+qk3Cy&-9f$qgy7X&)a
zt4!GXW&n6={W1xJP8Y@Zk^4Emy`Kc--zUn=b?hWiS0?kO;T1mQi~+#PYChPzstWX$
z$8}QvA0lPb@C@&QW0C<NS8~R87lR|`*(Z?YAa%}nS1*=SZtQe6&H!+bPjEVOHak|4
zx<WF29PIV<A&q7wMrr;QkJ<32S!5M3GdY?`_M`7?3?GDIpe~*iM62IBHBhj1qF~e_
zDA6`3NKho+u@&{=9-mXMsh`Q7k`GhcAU-bTXvk*NHG!!?D$D!0=j6>a!Rmv(llV!(
zmjnLv(gFI!SI=q?htf9-Qj33S7}BuPh<_0!b~R&!(po9saY1UV`tnL<fy7ElT>>$b
zW|>_3B!80E)XpLhPLU3-Q&EF?luQ=*6o?x%Kn?TrdDuZ$DRLp7a}`bQJTuw%Pptq$
z#h(Mc0FpWEW$xtS*PlRFN=!%39a+L?GfFZYuul*bFL(zpa_G#bz*~26XqMNTiJAnx
z<P15oD`9RVs!R8M6@3H`gB{CJfw2dG+lwzf@y>9=de#`g!ctB^)`TIT9w~Z4?vMMo
zy&2g7{csr-5#NcZ6^iY*)a`qyD@15kB7u#m_0Ft`%4Wi_Odz=TfEgt4Ze;A;ap?!C
zehxSxFJx#q=mImJIR2zrT*EUuf5qg}(>*|XJa{ZxKVlC2{3oqE=5^0@(N4mh45)}}
zY(S1x#8w|rz=OeFH>M-&HCDNGYq!W$b%aS^drP6Y*u7LIqE%u~6(5&DVFAaR7Qqd3
z2x#mCwQgO^dRt+>#5JCN|5b4J@_Mw~{CGp_K-UQuI3=zihSnMBO2Z`~0hd6h?tQ9$
z(D{+76EC6UJAV00mMbb@Bt9+<F5K(h$;8nzzJJc8h{0q6>~E{fY4$~{i^VF;{w=04
zDIwKrjK`VAIqqPpUm>mWOYU<(YZG4m%q@+apCIW@i8*Up>}^8ut#YbBB7%(6B4EdQ
z@NtYGsg9BNH?sx<wCQ9-4CHSmtwEQiMaS<4LO%-YMEkfF$+G$@X`Ar08O{#IqVIz3
zl+_q!X%}~bsf^oPijr4JRJ^-fJcsi8`t^MR@rRROz&^@HPNYkjEHCpO6n}#HAB<fe
z2zL1Me5qtR8|3`nD-Ts~s+RYmA|<;A-EWN~wq~nJ`0Qc14!s*<qo&}$jTZdx5WJ0k
zL<~2OM2`2fNQB$b%Xbc}y3i~2V=3}epoS}sHpI%H%6N+_Tr6wMSs8eh`VsuNQFmR^
z7_l;7u`&><tL86`L{CYvOOZgZzCUK7JGMDS!WU-`FykbFt9rii%DzDoIKJdRHc@<R
zneDQ)GQg@kB_Z}?>qs5_*)&SDy5#?;?;YyLk_k6D8N}~fVfwQ8&$8Q~BbL&2@+Z}a
zte+@9o2+`hT=uO%=6aCYMkG?QO3;1c_@~jwU*(&GW^p$Hzc6FY1(r;H%%4XMdRA`{
z#VB>erat`sXIYM>FD0jNC7^BHtkLirt~yf8#TrgFV62WWE%X9>BX}J*nJ9vOb^DDv
zRS^NSO7`*g6-D##64Q7X93H5`DNSkLuhNcn!%;k<hN+4Sjs|`iOEUkyWL*J44+cd7
z%$3{a|D1WULoun4<^R-JqC!I`0f!6a#DrL8K+fdP*<f|(gb~0d3|wZQ_~&fI5n==d
z{dQC3uE7P2q9VI3t6?rnvR9Jz;`ljMKsxA4tu^<YkLKm@f^np_Oq+P6GgxoNb>d7d
z`4f9To{qLG>(82<HmR1kuI6#n{q9cyY?Z6wX$=0od13Ww&X)B%QP)vOn_iZN1XG)d
za?Y8ZhU0A!>APLJf@)(-TX?@p+7<%Eq(;K+@WmHZ0B~x9+5@r1o({>Kk=eF#3e@EW
z-s)?Bd*W&pK)V!Ld9x&VCI0KZCGwgj<U1Eb<BBDuX!=IDJ^8Rv)!ndp;ir2%v3Z<%
zI={B%f^g=>^0XLKsSq?H8PyXTV>C55tiGYzo)NrO0P6ku!Y+=;@^_Hkm6SS&aHP~|
zK_@oPYzPQ(7-Zj9|5N!bRLwb}Y6H<qb3<K-bLYGX42UbcV$s;0F%K9GG<`SDKzv&f
z!6^|y7i0F3=i8h~w$SkVi1R#+Y#!AvJS%4L$Jzq&L^gbkEWtx3A7<!vE#Lud{wJ1v
zN!g8x$4t%8PsaKX2xJSWPeC87uHK|Jx{QU1G6eSJjqSDkXUX6f@xbV2XXl2ohMaub
zY0X>yYsM48u{EFrd06u0AV@f85#Ji(j3%4RQ&O&9IJ|Ooy+>#T*B{;4$9g_}voP#s
zR_HgJ!YBg;C9S-e;IIanLaOQdX$KKxBhLnxY!6~oJM^Bgx)WwMJZO}>x{>ob>{GmJ
zun#<xg&&QYAgm?n^PRi%Qpx6eFbYM3+srjGl}v5c`Vv}?zn&28EfCO4lVO}iKXb!u
z^jeE}BHDtFJBP9d@$6ZP_=SA(Y~B;n@d}$ci~DHSg}&$zFTYrQ<TpuTb<CpjhdvD@
znFQjNaed8ScgP!UzMByD;E);O<;G!dz?1}3K^2wv6i-Swd7mVZ(XX9U_Gf?wE8Xmd
zF00?|Ro;D;eUH3@x0^l>P^X4HW<iE`CoJ8xc5u2Q&pBLX*@g9t2U$?sCY$^$sp@_A
zga`SVJ1m$J47kiWCBXxZDjJ?;%whAuknKMu<X?P2&ee*dlzg|SZT?=okLInGl|Kg!
zO#<#tiPwLFR)(#P07gyU)a@IoF#RNua6y<ki<BmIKrYPDrLIF>V5Y(@jRAmJGCWpP
z2ykJ2dHZ~>mS1ojSVp<bxI!jocR~aPy~|*xcOH-qdGA$aJd9S-G#NHxYmfV$H^m?2
zBy>&eASG9o_%=Cxy667zg4F8@X^)I6RqFk{(<-^BUMC8s^ovkB)?`I47)G&~ImdP`
z16#5p$6IC6oa0jt18XuJVS|DBWvv*qm(&DaX_NJ&aT$LU<#%V8s!p&4*fo<@(QYKM
zP3vpUQUzC5exI$D<%kTXkU3{V<}qI*cU8P^Gemx|w5f|5o&-iz+9V4zlKw%hXvduk
zJ=-O9vL2(eu7-oajDTEHKbEvP!i=Whl>dH{LhxMr%d0G0fH^RuDQqI==hq)gvOG$5
zZuLrC>D&>_bT(9~?h5XpK$YBx%-`u_%6`AfMx<Oo0x$yZTC|Fh<W@k^Ze*ry&RC7p
zTML^D$Ul?GdNXUt5N0w(Lio7$XIrnG?$o?;M3VZft#Tym5|}xG#|`3&GwS)If|r$-
z$(%V<<Cs%6((46y+>6NklrePXnNub+aSvGB<=p3d3FFo>oi|k(%&g>u*9c&>o-q;@
zZ@({~OWNg>PiM0>##2j*xdidRh`3w%ayOoQRq(brk)JtLlKLlsku$+^uh7huIvZyu
z6NPWUz)qs@Ou$`q{+dMr9fpXB=2=Ergu-w4Iu(VRfWeyEx2uM7!Jm@3N6z`hul4}m
zC!4QHnVxiLyej1w>`sBNmFM<Dm&LJrd;OOStUXvmmwT~$7G#qyLyx&@E}yCoJb(FZ
z1gwsnf0{cd4Sl*vcK<Z_ZFq96=T+AuN;pAdX~4_uZ8uycaCHN=*FcK<?H<B+gNu>E
zfb#7CC1PC8Z&u24*zel>C(btZ8W=xlJRHAUkDCP9`%mPN1K(X~_nb|`BVWVbt#80X
zbTEJg)!6R}0!ThIO%%KSRb0e<u{rMWdLtja#4=!ScoZY|Xi1qQ_qgZi*xze(UnR#F
za0(kSV3&UqBlTFgK!TRA^*e=)8L;cpIC+s{zSF)|n_8E{Je-C5?m-z`7yr2sw4Lkg
zd~#1;=+?L-K}s#bRSeJ@X7|i*QEoG*geHaphIyPm#B+B08l|Bs$V@f_iteWYdJQ;$
zUPwdPaqmo-_;40zOBO7>@?uBv$xxH;6Z5aq0Mb*)@Ov0VL{-QDL~Y-Zvx&6bx@Z9h
z#g4JAe?_7UORVlUX$6;(z9Z~MauDgmX6eIf>BG{Fd9neRzgP}ZaNs&Q`opi8Jby4y
z^OY8Q!3O%x9US;03V26_eEZ$LXHl$fU`BeQ(H(5SHj^j6k4&oDUlV{^b>q#bY~g|M
zqS^20fE(OaMiSqUo<D4i?B>U7xN8iFh{|yLK@e)@QF`??@6+l2vtz;~-@mN^05(z7
zR%N1=#83T~txB*Qupl+vVdj7d=<bRz$R>N+6ef0)@RT?}<^Z<Q{REZEjJyx_txqY$
zSS~dg>G^jYlpZ4emli;f#*U~Qi<a=VmGdtaTpUnma{lXAxP){wfNcgIm3>7*@-Gt&
zhXK-!9U=@(X8pml9S$^%k^M$hMa^gfW<w`O5cI_io)9|~ykbCSh}-&u(zi8aAb1sB
zfCaavtm#L7pEF$4lRL>+^6vM6>L?`U5*CZ}I^7=QWoL-O7%j6t+m9C?3MV;4<|_ig
z2?4-6xX)j6_&Pr#RxJUS3R{F3cmHEuQ2rEpL@ZwDj^JO?eQB-Uvq5wcvNinXHIJ1c
zv7r*$g0+WA!~I4o8`oiDEZ4l|AQUDff!%7u^mehlt#x$B={HnYHKlljVjl_&vH)g+
z{j!F{e3&fc-6(h(Y)=bKPk|>hs4~^;{F+B?On{(6J2frTYi7`1HwCsT$0O_f2ENjy
z)z_!bP!~)&-*I!%0K@bp6!2g24YeA6zrG|#q4{5tYG&FSpBK_sgdhlw(7qrDAsk7f
zo!I1C{E?l;@X-L<8Vulw^3!>5YH;>f5$<QyW*YTb2j=Yk1d&%yaP>+bv}HRhvKOYJ
z(R6l0@&||`iYVQ)uw;g#i)P0V6D5Bc0lOqWSX~oCQfv?t6)TPSnk1<h8mog8#*h+U
zw4i5u#DPUh$1itWl$VG}HM$?lU$h}@Hb{xy)n@xm->9r4#Jp+z8gxHc&1*wW=Q#Gu
z(GC*0G^q~E-}DN4tnpX>v?00kvNS@CI#Yo~-`xO%0wgj7vJ0naCpMG^YdZzlc=KR<
zgEa0$Q!q-R_O&{@3e`cC8$e+W?d|#@cBgF7nR(h{kHDMycr~M9(V1yC0LmQr&A1|p
zZ2y6%<}qkG>vQrCyaS6)=QwTk+2UQBik@GN{RtB%svW5qcv2{RDnw_rmfvNJh8G={
z1JqR&XvhedJv8p1P3vF%X+kTLDG<lM7r_^kN>_Y4d=;Hp!XrLeCRmUlxGT?YUX!ie
zSP)Lhw_^-`=`h`GwmRe;5I>ZCG^&s85!&ybv#{^+v%}WPh-_NBUY=O`o)tfOhF1PJ
zH-5mT>w0UzpsH`_D>JkDCme2$0ecxU&D_y-E7b+IrU}OGEbSxD)umV6*K$unhno5M
zf$k-MizhFPt-ZxM0BMwg+INl)+~MLkfOA72{%$9o)p}L~5Y?T?YK;I5$Ly2vyW$qV
ztmbU}$nf`A`o2@4_fMY$t-a~TE|s=2x_dJN-jUoziEAwuUA6icfC3LX5w|Bbv?r!d
zf@NvA#<9><#R>tROPgBv_ecx?<*oUTa5w4x@uh{kO6fNYqLjLbjTnVK3Cz|0DVHQy
zm0Z*Cz-#V438964#{j%wFuxu^UXfnGo-=}DpbWsD6Fv?w${OKK!0?HuRO9)p5jqao
z;aTpo`bmaBkJaEi`@~&vDZBtXd)ck@o1KG!&-z}_9~|CySxuWmys|<a(3kr1Y;n5|
z+Q_h)h%N6+SZqQaw3|YWMhO3VpZsR0SpZ>8sB8UA9G*?+YggyrAh9~34i^Nq-InZA
z7Ybx^0)Dd*Re+(UNT4RiPid0<xWLzy(KE}RAOviN&08V7`7UF^+=J*q-WLr3sYZX!
z0E$+<XMBismjke%J73E;{=4)cFJP<-7l+}VMLgdD=}Xr`s?mLOhOr@op46rx6Y{SP
z#h!w79>~)&4Kq#Qydu95*eUzF#Iqg1tr<=8YH4uFB<uS?haJGBX;BW^i{4g6RI|_=
zW3<Nu7iIjPufij2o=4OCVsC-E#%icyCMe!|{GRYSswlVh@~!KgsUWoF7~nliRh{0d
zDgk+lb?dw~-qr8UHad0}L}pDKfccpVLd%bN1ndc$HNt~gTz%{Hua@hN0ZPplF|k=0
zChJDQ_@7ojP9@l&h#z4E#y$uFD^79t7m_ToCwd75UgQb(7dnHDma()cu?Y9i{DyGO
zvPGp1PJ!>c@b=Rm$)LYa5e3L;mYDh}2?a`u1*Xrh1R?Zm5gCtxcHiaAezcl+aG0)H
zO{{dIrka(%WIT@3h<Ia_b{X%IXKss51{J-EPS$^k$T1RUzN%dO=$(I~2&oVR!G9e3
zGMSkTkaI`B`f_TFx=K66X-g#Dt(QRuWYB9?oj@~R(SVl`IX0GFrcJn-v7b$g$VhNK
zVG5*~v`4mU7X8|14>4{>O3XYlx9rfNVz4g@a^OLw!TdWu74X(-n0SPp;Y?M&jT~5n
z*A9w3CX{~g;e{6deJ^vLG(%nf?@dqa^Y$o=rlM$zrDl{Pig;uWOx80<5EBJXj4ZpQ
zsLD0I5=v(_gc<dblgLCRnFco!TT{wBYhP^)3IRxNOk-%YU~fMzjxV1o-PRDcu|ghL
zRCWpy>mri&E)B7LLmRNrq%41o|GnV@!S1p^%_GH=$?CGWJM;-G66v<Mdw!G6w;Wtc
zOz~X9SleKj*vw9Kw)9e4n$e|xVA1C$IF1xt8I2nb-6b2U@-#!Qv&Pr0+bp@e1pEe-
zvG9EA3AgR>_pi9m6Lktoq;v&qF;ow3rzSnZ$bME4uIIV;B`Bh~x>R~kOcbZm4{@k`
z)8sWA1Sw$nUmbDzROP>Nk_R-ju8Cd=;JVEwS*sxYRO_*iK<!hLGhelSwx(6O?xg?R
z(cr5t_5=rx$c+K+**C#qd0I|Il7ubyh+aQu3TT%f04~`?pe*(glzB{qRj~sH@kR*=
zuJDM@hxN*1S^p%{vLB~{XKm2pD|-q9UXUkZS+|qHIZRT)pESSe+QNX=Z)v9$LzIw{
zu#n(Pzi^}7H}6c5pEp9dk#|F3yx=d*SBB?~=t~uadIvM#$kTrf+-Rf-2|heW5D%j$
z3ieK>gy(5OMY;Zm4G?+lG5j=+4@ZJDE7gOh^97OAF};_MnR<OcNb5^aL>MTNqDg4h
z>y`Bkb&S)mOTu+kCk&KHI<dr=J!wqj*%GAK9%7N{mu_@nw2^T|4N$_un7n$+1SpBA
z`83O`6KWwV)K_zYI(|+aVj<uWvT=pGkx>xK5kg9kW3{dV$&m`Ri2P_hc}~qTc{Tm5
z)S}HZdE-e17f#Ncpi1(AdOaYHql3>{vIj5fL1=QjsyZFIEI_@k@-_nWgpD47Qra#p
zRFsLH(Ug;5=OJpOFN$yM(;o7oMYB$j)FGrVFG3S%`<^AJnzHk?Hpv8V8qbnF#!qOF
zTKfNYKKCSWQEv3WxgR(+cjt)E3_N(kNhS7Af<~wCabM5Qo8bwOlsLA984OiM>`gM9
z`!*+d;R&A=Ij;B_49|CDAoujN%-Z-0A`V1%-+DGrWFTvb9Qzc6eghqyKP?|nTY8&~
zSF!j9a9m|4maQb})0>l&z{vt;h17kkn?D7X#D<z2B)S{<2F@nRE2k-=_}^}d;m)j7
zbm&YKAg+YwYAZZYvz;tDB=<^pWLb;Rp^#^?Zv}ZN{hvP=!Y&12<q+<Bx@K;yS_Q^7
zPq1@+qJG;TICgGEQfEKCc03|>+ycmxgL~<&A_&j=5Q%y>1A<^!z`O(%YbqCZbDN21
z1l$9g%`%&@`ApVGUI`xQmTMi(fEc`T9+5YD79jnc{FE(VVAit*s7sK^QFT)a(kFtx
z0((p_T8hgkNi`L`QJA2*A#2n#+`o?lO!_AS86BF<@0pF)W|xs5&bcPTZi<Fw6Z{bE
zJw!-bj>*37#Of<qq2U--VE*JJSYCvlU2W_nLOVk1==B5#7%4azf7#Ka9DE6=&Q1eb
zXQjW)@@9LW0*?77YyN!-esMAu07R@0ewjY(znVV1B7>LUo#cG-)-SO1F(&+Yp=XHN
zVpzB@k!V|nV#18SbFX-19DxCd=vUy^`g{<|i8$B!I@D!i<r0;SjPUvBF9yIt4+kg9
zFVN@^39fe8-ISPjE@&Z35UJl@&+zUb$m>8uv~ooPGDC#a|6pLc@1-JoG%5k9f2$fF
z{r&U1mazZjVFIl-G7UIt@E#|swmHm1zgB4F;l22n99_R}Q0OuKDFq3yT3D%xjL2~0
z2@J8WmX_>;j{1d2(3Wh|xs^#3yK|o+E@@nAKl|bP;DpTuVn~h}$Io<4#IEO~X-3ry
z__aT2z;B5QO7F9CtA0n(JW2I0ujVKO4e?X0Qm}zZ+xyoK41Tj!&#-o@F0Fg6!d`W&
zljGIb{a#<gJ!6WVUYfXtJ>Gl6iNM`r*K-deIN3K)xm1HHpUE+0H~5JY**KG1V0rx$
z(^Fd<;ucgvdzK4+8Ad3$hoqRV`sR00;q>*~4IO=FCj`i+$BV?tWA)sy&OY`_bn$m1
z8e_0&#|w1mITNf6oMuXaaHd1mwwa&b)hzh;(ME2W8DnHY1k>%o9t?Qt>O0#bKsK?5
z+oPYA8CXUt3iB5%jI`CiUbpvRy=N5fQ@^hpxwW0cD`K4c*_B+8X<%mQozi<pmsFvM
zw9R*%tfKz8TH85JnR|y3O7qn$Hr?KT?i@Y2Pyf$D$~q%-zR0{>HO3R9Ti~ZmnJ}u$
z{yWO2zqW6!nq#GX^z9%1Zf)P04IqDhyS7j4Mt|G$wYJZB9yqF-6gsTb9T1a0z&%te
zrp4Z)xHweI3Or0a9dIg7m<K`(@P>-N>6>W!E0CtuMJ(BT-<k);>c1&pItI`7Gx=Ck
zcw;C%-lRHxO#V0G;MMa0mr7*{jp39Rd{-F35X1g_y*JUy<XV(R@4-jyK)5)XD$0|u
zpWLd9vJ+NYG{oi0=XUWf)op#vsPg)CO4aYzkl>2rKg7DCB=<qKj&&sfLwc#kkS$g@
zC#X{zZLecTHq*4DuB{9QDUpsWFgA*X7ISDIwF%O)FtezvVySB;I%1^$VcH}cht0vj
z*2+~{+`V3sA8?t(@jMIkE*)vs+hJdtf{t4ONM^Rjc8oF4o%yZl8D?TaPvK;L^y1r9
zL!_(#-KAi}soCwRPGVhE8=5_i*EvO2>zAtP)a9S~{cezgdC>1nAMWVx3HJ1GIv;M+
z*NDL9{=BB8pBs<4z%IIiF@4NnfAjqZ&R_w<YRIQ<_Af7ed9i<g8eOsheuk&lYCuuC
zIXdo{#IMqPxVQBhHJ~1S+6u=QTn!3o<?jSrz(LL@M7cYik4#X9ZjOeDSt6h|XFl8a
zOo9W0EjyKor@LSGUTf~;kIt~i?_Y;diCK3-Rt-_RdjA{iJ-@LvL+LI`;nU?)WbtZ}
z&C4zl2lk>>Lv{gvZcX#s2K8b5B=dRBApfMplQqK@xeIC4Z3W0wmYC{n7Jz{_w1j~d
zM7Ltfj$HavZrp@e_;Of~6I#Z~0MWkw-ZFgwRe%KZ4#cFcIlNgHgMGu76=T%)w|S%)
z%!Xyh0i4`vw${IBDEC+5YZmb#GehGJ3*^=wt-R149Nj`&^s8;4CaCBn@oU_gF`xHX
zSItw8eKHD7V|G3=1%4Vw&Z@Der`!r$f-iAfv#V}@nOj!=k{z;A-bQ!$`O)|1Se4G;
z^9m29;rFaREYUt5V>X8U{<OyfO<oprsT?PoAH7d}SOx^Fn*SdFlt630&}$p7x^N;j
z=tyY=C>;znO=>9l8$-fx;=)NGLtbB&si=$>PCEa_@X>D!dRZf@3nvl>{XYWShpgI9
zt>IFdx~A49_c^sbJkve?ODWk8$xA8vbx(%NC*?A{Qnry&G4l<SS?>VK6_2>JdPsWL
zE1o8%*ZZn3pj`D>j?VNw*E|j%dfnr2jz4)E&hclD!#V!qaX3ehbdG`K92b`Zlv9@e
z?xIQR+jm(a4ol~F%2ShArvJt;`8WGjfFASO#fje-j{Ii73ed8N-C^+FVPNE7rDQjT
zQ3w9$VM?1r8fxERsBwp&(h5+!AJQ=L4#V&}4C>%R8dlw5SVqJrhcw*0!*HF5*@rYF
z-(@IqmzG<HH1xR3(3Oa<4r$nYmtn(QhP>Y$(y&aZ&3oXGhADzD`in%Dj{sx1Al~{2
z&^H(vx-iB0+T5oe>ccXb`!Fp9P`YZ_sEyU;hc(13A8I}+OAQg<kCNtf)7bh@x@lp=
z65F|LS18@J;CEC2IgNy9Anu(2Kq)H(Eg?ZUs+mu!nu2<^{g{Xpld#fnn>`*d4p7Qz
zUh{fQ-0fU|;!`at#}8|W??`lc(iHRS+h%5MQ*B%gni_{H@xB~@+Uux>_|`;MqN4Gg
zC|ScycBW)KGue}pjm=~`N}3kLJgNXF!xVD@jc-HAhGw!WC0m%uK9uZeCfoIaGTdU0
zIZvZ?xYEGN=t}AL%#4590Llo#^+kS@sADR-)XF5@F^7IF8q*_{Fq631+9YzB#KXZR
zkzf*|d?sNIVqS<Q>QSQ1rZOgx$0T;uGKrFw=+{i5s)e^WlQ65rPq#LS4@~0Eynr%V
zi7@dtF*l%$v543<-JpzBqNsJbCnunc6FRF0nnX5}*!ZzYm<GJjw(Eyb)+pW_Qw9Rc
z3WcHelw?3JA7*yvw4)m8h3NFav=Oxv-T?H37$Vf|lv}DAJurt}Gm|qhnw}%4Q6>hc
zJ+3jJ$7eqf4XA0hwD`)Vv=9F531~$XHTIZ>THU%sE1KQ>c;3G3^t>>QntEisR<wet
zfCjo&%pB3EeYr27<<3S-YE3C1cPT$(9*gmVubTqyJc>F}FuC*Ou(i1J6tT6q^OzUF
zn!Q^DaOVvtcH}f}L;<yXz5%!+EnOR=n8?z8_9%-z?m!tpouEVwiU8ER$27#;$zwh#
zY>uU%E`T~wDdARt7}Bp!R9>^dF|RnFwo@z}fyXt(ck50M%2_wLYeWHRiW0Gm`lYbU
zPEm?m*}+W!wYJE9Q)bsz%A0*|s;#30E;A83y#k<C6TH18Z#AWiC2DbdK#fy!(27=_
zA+zI@3RZUS#()|rvcHzuk<!l2R9&CQJ|(k#BD?mqoPei@Rmp#jTMg+cVl`xmJb<TY
zI6X#Aqk9BUdu}PflQ&``3Cnpxu;)#(RGF^Qt6D>~(g{nI%c~X^*Xt_+u76yLnN9P0
z41vP+k1Ka`!g$R9lPFE=4ikv37p}1K=C<$0?*gv3T;b|8DfBH@A?stF3lzZBz!k2p
zm01mBmeBxkMYzJ%gEA|^6>nwTBTMfn;p)#a>yBb&#g$J6T)JXaBIqP#e?SisO-E!}
ztSi-<n{e6I1#qnmS4*9wmiPd!wZ$k|Z?pNlqVVk_81TVV6>xnXuC|n{pPMVKdbujl
z^9m+w?H3&Z*Gx<GILSEEG_0Pfd1iT2aqZte23!-YUi(TiPAF>iS|z|WF_a8J?Sgp#
z*Qi)3r5=-vqY|vXFH{zA4YZ`(k(mRn0bJ$N78<ZW<L%b*r!+MDyoCm(S;JNIr>VN7
zg@%WB86Mna2z}pC%5A6YE2ycQDcxIWh`z@Vd5`A#78)wuW2kVCS@&0E5pU+gJGgy+
zwaVT#z?1`4MyzdJ;nSM+rmK$k7+T+B);q9H-(xs@PrUiE+<k`9_r)8pqy(3pa=!5j
zr^ViL&-)A?-)BIpMS?BIY3ud)kCbK<8$42)qUBnVXTJHWN}+-ZTAj3>G_wtiKBGaY
zP*B0b`wX-0Gbl9+D#-miL&Wb4N~3}bHvP`9@^=QcML`AC9xzmTz@WA-s9^X5hQ1FN
z+$4MINonfBa6sAortblnOA?+xV0iLC$bRDwhT4BHOY4F^80P&!i_&l)nG`4~ktDjq
z3L%cFV%4Y-fcyi+V^<$|&e$*csy0zRwrEs26{TR8csSFpZN0M^lwYD0T>pdN92xO@
zl!6Z)GQ9baL3tLX;K@UV-ySlkTC{>uj~IqLVo-yl6`Xs-aP$#_n`HY=$=aq-ZF|1u
z3nJMhq48se`j3U|C65^v5J6fWKW2FFm?415m<p2qWGMD0LnJB4A1j2qdg2#<<-$vd
z$4~vwI;5P+vU#qav?UZc>zD9IJTC8lR?Rq-p~)I^1+7kHY_cIgYEVAp3O@dmq5Yo>
zN;j_H;hzjQh#0^XjCsN^;0c2|nkxwZi-G^epibcm+W*Dy-d_xElD)=mvfv0nDbn0m
zon(`QpZ;RF{Fjhj>M29<r_9ni>M6sprwjp9##FHTDZ`GZ43VTD{|<kXMg8cn@G0@Q
zi2qrK2U$1S5Wj@C9TKLC$6fr-s;$V_WUgsI)j{I-M7zn3p3|U&PXqpa%J3J}B=<C+
z<KGOe|7M6RJ`GSSOaqSp&2ac{fqW@OwNp0oSA7`$>_>ro;~9hgi~(-a-O6UIN=>@_
z!?<Ono75#dV<_^BS%!3e#?avzLjbX<WWdU23`?IeM3Ny|?P)-_LGlgSGG(95{^~>T
zxN{neAtJ+k<?UEOn6JFm+Y5@^U<N+~w2*fG`9a29^Xo7!rLmF(RGBypz-f#13wuK>
z>7oYZi)p}}XAIY<N^7P8L;hjt{ttt?e;QEuIYW-;4C?7=!1?D4dx%Jz1{{6Cu;T@T
zdT$yq_9a8#mkjDN>bHLxO8m<Z?U@cJ-%JCp{mXFnUnV~6bVhpOh19eyKGe3H7fbw>
z;CKt%+C*r3S~eRZ9n1PX;MfiheVoY8yiE~pYp5CtDDQr#C0!62LKKcbMQC_nYnbBH
z@V>(Fj>6%QmXe0-7c}`2WWB(d^qPBGFFzL28g>PYWI>qUwRu|*hd%%YTyPw4Fc11R
zGG8jz*u41GTuFjwwqWns8JKFZD~T}HJLPY8%D?20fAN*_dkXnR!!wS-_Wl|FVDt1i
z;}?|o;{R=EB8+JcL8$W0QXo}4xo1Om^%V`ufu+C#g=2=op*~v*<aBWayEvjf%Yc-7
zO97-@r+<|*OM!hZj!iCZ9k!4nb)2BiEZN$-_M(7nFO{Q*%H<iPGqN{j%45G3y0!Q5
zMe#%NT$N+C%HeHzLbHA#-mP-%Br$FZbAPbKAPP__v<_}{NrRGjLc<M};}?}9w336*
zZKv#C6$4bCsVdOT;dMJzm2`6?xjBT%C+(6aGsqyl>n{nDo4YyQbaU&s?O|??A#QHT
zTk7UmO!D#sF9Q;zfESlFsI<H|;^z3l%~86v$WfD*0Z-i=58T}PS?Hx*)$UZ)H(RqD
zm*vkw8b?!&L+^JMnKsW%x2m0$Ad@Nk;^8~3LmOR|uTs`HCTX&d0?tZ}G6hGWg_lKz
zH)$MSYofweG>%J}sIW`t0R8W|E{vbw71(lFqQvt=Jl@_3xOh4JI|r=~X6f^VYX7e<
zC;h*g_`OJ+ZEGsE&cxPQ^DDxO6wx^f>cWdiJ~wtnIlM?)oujqR(Xy1I1p!Y^LH6tf
z^ts|Ra1hY7fg^XanM=;R8CrA_8TN0aE957|P-Vn2V4=vLZX@setD5z>v(-Ase4Se#
zLTl&YXyM`3XV0#CI4%)!U>Q)#;3#Zxq^w&e`&bH9?UeK5XQi)-K3;BcEH$W8_6xTB
zoq(oSGkyH*%vn1k=yNrF)y2omE(?y>PJr>JAewXmx@P~;-?7Wh!e(bC{fJk6@T`hw
zHBeRLcXr8k`R%#}C1y47qrvfm!J!mb4RrN#yzk{us;&m|25{sG;7}T@23iJiyi3G8
ztAWn~IOYU!B)4A;^CR!cz05@F(B$E(tuOVflU4%{0yxeDaH#WF1I2tCxqTebD@gWN
ztAX|BENk+9yBer?UJ&1}2C@kvrQ~Xe<7N+jl)XTKgEFrrTYpWo{81mrAs@LeLYHLJ
zkti6SUK5B4WE>tQ5LJ(H)M6X~#Ad>3EaMo-$S>tNvKnX=4a`o{pq^X}9A+E`7>9QE
zn1<kUcBpwS!-!bWGO|{h2Ib{34JzkQIHBHI$emT8ii2dKc+OFP3K@+Bo6-d^?w#|G
z0_3?yjT;R#xUNA>TMabf91S=}>3d{&44~d$4J_mwpK)RI6kF?*jQZEL%=TRBKhHUS
zw2hu(8=Xa=*OIP_LN7SSKc><8d56(G&O3~T=3e9PbC;b8vfuyGQkzTybFBgL1##pF
z;!r}@0QG`6>I4z8z7&1Ct26M;^-O-v`jVY%C}12v=XY=V+vhX*y6&fJU+11WXQ&QT
zIeu6}&!HBd*ae63*`PZbl<S8zj0ocBP6qvTSVPNTjyk~{O7sy8?}czQ4B=4nAJL$N
zlFb}S;t>t)LpdrDQQ?S&%HbUO!Z{k&Jfguh6%8Ake~pGM&A-77JDGo@8}>8*#x)#m
z{*70s9nsJxg5#|S4)u#88XiV)+#q7j5e=V2atw;(P`^2%p==aKd=!Ve|A>ZXQ5?S!
zar%gc&CwjoqB+#GBO1EKaC{KMq24>9LCMDPh=^xLG%U-;F)tg3>N%>RQg)7F**Vnk
zqZ<Cq&T*TF+($Kx%E2)p2Zvhxs0Mc|$CDf!$>on~mNTejCQ^qcH#HMmheo$Psv+-3
zM>W(LA%M+}Xi!sJM>HVi?qN;LHdRK**(NOpP?jj(eLsuY=F3=)FJig%!<Xc9+bK`R
zAHMd-a_o)eavrN=OAgKkC@U2f_luBxCzj)OteD5@*plP2Iiv;W<ls3uj1NX2<I9FW
zwMD0p=(UP>k`!G!Cr8Pg!st(J(K5v|8vRaAj^;Tz^tmHm71qlf7lx6xb&B_;)HXaP
z$6%?g^GIoxOeJL0wj(FUHqth0B+_3(7-ycWGW9LB^`(-&^@_LauR`CAoE$$%ee*|3
zzWJ}xmnRoTTrLiMUq*ey{QADK^`()%RK<H$>Z_NFqgF1V?+07o53kZUHW$Ze()T!{
zzNbTMeLHM@!P#jos(9<)5c*PcajcR0{<ihWRHolrZ{^~+LHYtmA&c*rkhcA{wyLCU
zgW~;GY72_v2#gcjf=Ag_je3Q)T5%k&$8qR+GHCPvj(ptK)}6F{t$5>a3T<8EI6jiv
z3fkIaDl((CWpNx!NL$$q+Dw<Jk+$>p_?D?q>Do6b-bGUL;W&;%Qu7rXJ2J&GYJL#M
zai28*mH`vyw+K9|h0lJg6L9F}E59q6I@GaL+$)Hn&cI`<j4>ESTs|YN06f2l+|({W
z?puyY#;bmG!7*=`XCfatM3uc|2jF4D{4(06m(j;5g9g4Q&oIA?L4Fz49Wqv?moeTc
zg9fvwu|viIi`f`tSE;*0)Wh_m=3hwn$raB~ham55+nCQC5=z}pCt=xzbRR45tanJL
zciVo6<xz)(KItWV?T|1O@Z5H=E>6$7-C6S~)Oy-*Kl6$7%zH0nnC3mX9L)cuXFldI
zq9@=f=U^@HTRPTr4%Q)nr@4c*aeCID{jBO#=<xJ)@D54O`@56Z(BYZo;9ZrT_a7&3
zybjM=!8^AjaPT*QgJ9jIG^Or4=*YbxbE9SM4UyZwBjCHE33O3dHPmXmxEXGERDr+u
zIszr{h=ajX%nuWLRm1+OZqx|>lC<s}djORf;a|CQz2n?f86uaQhDUhT3Y}=-GHN=I
zDk8V~_QK`;hZ>Yw(}9w?Il^*tD2t{8v-5Ba&BLK?n-0v)%P}=Chk9^25R#9>n~x*<
z>~tXd>U1Dw-E_cZo}m6tMypsz4)W7B5#{bWPf(A{$1yw~w@y$?X4Ot*JVCu8AIGwM
z=EjEk`i}F`t;&?W7c-$v#Nu?Cj^^VyEHz1Xx1GwU>0v&O2d1VxH>U$9vICKSXi)D?
z2V(PcMC9jC|DFyE%g-@@2z>@{H9yCBBEn_>#R_l~EWn|CeO$v`TjSjf8kI$DSj;^Q
z%D&?o`W4{lQ-Br+ROpG#`XqCqvTw*jpBLbmUqG%XTo+`M%anbdc1fGik@v)kVow2%
zU3MY;f^12dvNbJj6SY+qx><nZS1Ob(ZUzt{SPKZ&yZ1Dx`DXy(1vvr=a;PO{05b}5
zd{U4WkAcTEylGokH3y(<YZDUoy9OopxCS225fIOz^>*;7c1r%IHd4HG?rTuS9@kJa
zo})%Q)uQlm4Xte9tuj<yZL0V_r9u^tYv>fu(J`Jwt$kd>lz5IwB!Q86DHo-LVL7Z{
z<4w~x#dCZe&k_2jgGaSf_D#ITO0d%5xQ2`I9OsFDhJ)Xqva3>E@hZ!XYxp;w<3+p`
zt(wjBp>2OEHPiMsA>|*4W-3sKBTpgGOp;HxQ_g1U{<~<V_X}~fC?uPytKCd8r8$~u
z!|$S*Mi$~2UPv_4ib5RA3dv^LWmn{Zvzd+-;y7GLG?V0U*{QgU&GfJk$AdzmnIxCn
zAw5GgMHS|VC@h+3!!Zqg?3%>I0?LjyY%n#`)ngi}7Un2lm_s>vOvALo921DxdrZUi
z!W@@KiYej~|Cq5vl-?ypR4Kwyu80sZwFt+jMTCf-if~*kLO7^81Ncmcke^I^{6K?R
zZ3a-kC`a9*9L5U4G1Q|2#%NK$@*Mzug@cg6Whi;(>vo6AR5uC9VQsQ0<YRjl<>*#a
zc<8T+a;zqTe7CC@$Frgwk>su;$xZv+b3)3D%rezRGk^}oI6f@Kp}s!@SXzwZi((w^
ziXQ_n>{ePxt#qbM=%YV0C~tfWJTAs@zZgdV<*09e3{)%5QK>kGUR%`dr}mCTmS!H^
zv<HVw<&~8?+s0e*q1YcDS)5}yNlLt!dAX+lA&mOl7VqEWD`9TU#q<Dh$>JJd{~-0#
z-x`!6J%H5W9LtJxC}n#9MG`pjCva<fUKVoU1l2dRqqpKCu|3~EfunB%x3(@NpW9A3
zx91-`6dPy@5;#6f;IQ`eC9B6-JpG>j_X!-k6U0W^odk~C31VwHB#|R1(caq+vDJoT
zFo2By^pV(@tB}Z1E>Xy9lgQCJQOFyY$T22S{w$I6lKrzpPCyCk$VxpH^<JOIu{KfE
zTk@%P%31GQk3_xCByyZel=YUZx}6HlSnt0RIsTG%=1$_sl_cz}mBjISl3njow%Sq|
z>mAmSjeIQX-8qTlqa-13MiR#~Des#kjx8k5J*x*$&8~MM)jPanIDbNQ=mGqc#Br5G
zZ0Z5zD8Uh3f<sx+1881?qiG3_04fuCya&LpIApmkSx-6yDbIQUGfQwxrJ}$00FIa7
zI4p~*T2H`NlEWy;kteh#Ff1pq=}!%6SWlp4Nsj6zIn<mzfuSWi2AAXr9e+$iV|$b~
z&M=Ua(;b+3vt>z1jzv^>=`jt5N^%@1$q_Z~q`$D1sj$4@a=#?UT`Ifeq=v9k93iDl
z-`kODIqXt;r>-3Bkj+c=^iusIsY)G-^vr_qVh5kMc27X5)DtLMiX*v{+@^8Y>;c@g
zyCRjEFS29!Xu@mT9ze@d9PgImP@4Au=9c1^S&Aco*wh|9fODldj+f$42loKVmgXo`
znj_D+9>9Z~fbq8mb$kz?M`@0(rMcDdB`@0@p9@d|I);Qj6&=5(G{=h4qT_Fr=J=_!
z==eOz966Jz_i{NqUdnP?vSi1%NakpsEINKxGRHJo)a>{Z$s9+LIhv4&6{7MXj#mBf
zFAZ6>Y$o1xEo+qF(92NECeVngFKm+^%{50>LK%)CWyHwpP==#j88NaXyUR{x8d(#|
zaC}-ujI0f1I8w`qktK_0nF`C1b*>D@*)n2eJuk!YtPHm=FOnaMwY#MiHKn&B+x}Ge
zq1<ITa+MW+Nb;$6%ISx?KNWtcW?7CJWu+gIth$}b<bOMr<>**e_>JjhIi{ACexoeM
z77}I2Dr~DQoWTGx+LZNkS&r*cR$w^}Z#f|=u^dP7a;7Y5^qV#!Z)Sw^%MM<%(cdb^
z(X5<k^daRq29y(xE{hnM3d=^{T#jR7Inn4>%5hvMXEnO%P}6K*l9th-Msy56^S5xQ
z5#>3;%8SZWD$h}&yr@i@@*J(pbD-rFAs|<KnuBMr0fvdT>1F?H$o~;vqMT8lV+_gI
zyauRHfg_;;w?0BS({9iyxvY;+Zhj^{Lb<O3$BqizI+~ZiB1i6u909~;9?5H2k>lNp
zVu;MNhw{wJnUCa6e<p^=+=?8tD{>%wxnNuV%>OaoeV38(Ba}yNX)=}RBb47&<k()3
zi;qy=x{Uw$7;m@F2LQMtc3bUurN&Eft@@9O9M>yywElJgFtp|Y;;wmS0HBz^;K`D1
zoXBO}TmSeU`P*qFj-{34@8jMp5?wOoyzIW~AJNxGDslW!N%ZyON*oU>iN21h%n?<Y
zi_7lh+q*v(m)&bu=BQkmTbJEKuSj@?UO}eI?m3=|%kGCNa~!BFM&^^s9CuCG69)p_
z<A9{+8j`0C1e6ryDL4>V7zfmUE-tQjslw5z3KtjGo7);47uTm%;h0i|%ZuwB>`I@A
zgL!fN+vlQ%zpcWtxeCwn&bln-eEmaiApWIz{li~XI388u*4^|HRXK`R<<{NwDYj85
zxnbT-|LKLeo8G-DM~A8$0hD9jO}|i;<7`!K-A#|F#t~MHTX)k3SL5hijazrq*V}!#
zi)23U=$-z;x!-ZQ8pp+IV!va(ZNT~~S?_l!)j9sHMor}TTd?ft25fziZd1&E7d`Z<
z|CdL-*j2ppF1oo3eb6>mrt)OGJYJwWN51MDdfJsNewopST*0d@Z&&Hr7f2K)<g`&U
zLD8X%?h7=k&QYg2N9!r(ZNtya+lH(9%F_q3q}!1aGCb|QU%wOx+Ekt6>*^9grLM{f
z$rK!gT>lCLU98S=zPdn=>opF%CJ<EcHIDrBAkUJ1z=PaCG<2vd`vEDhanyfJAgIz+
z*>f^wFO;gck9hxIfuPB+aZG$oAZYVz92-b>w)6df4p))xO+=&r)u3MK2mJ9G$L}Uv
zj{ZP*!6simw1(Jn_XnbCa75G~wrBl-VOP^{d7LJ;fBOMVYH&0%**5nB=44R%jM%pI
z0|wOK=tFD?`}+e6Gq5Ee?r)+Tr8^G*;_?7$mjS@G8XTKyaHs<Y0D-S_Xs-)ot+1PC
zSRO!G+&-oebvq%e#p@hRU*`y*91~gJzs|Ayb%CtAuXEgZT_7u^CP(d>0$E4wzI~9#
zLe@R#4rHyb$+5PkK-Ll4fFoD4M%I~{9H(j$vcmUXmFG`&d5jVs_ccG<3R)SN;g)pG
z0k`_sUJW<%H`ZHr4dU_w%Chzr#Qv$t@mEa_J^!^VAck&xdjg4RR@Ub>jv8n>lplKn
z)oO7h)#7M<oz@{W@Ao7e{nJyPACV>9ctA@3Xz%@<x`LYEuUZ^`){@vMmnN-~DH}U~
zwD(qa=@xc!)aJ-mTVSU~ZI0@-1$H{t=4fA=u=Ao95SI`5Sk<ArdINK6b4;o&uv0Tl
z_Ki#xwP*eg5%Wk9VJD^zM^qhwotkwxD%PQ4oYWf_mX>}t+3nJyCiez*)Zy4>vi0r_
zOi4@s6XGpm8_*m0xemv5ldVZ_;Gkg3CfI_=>gK%xqb`SDmnsz08(5eRC`?)5y@6tN
zIf_tLLasi*KSDxoIlJZS12nG7ky4i<A*m1GyPh7#YH}Z-Z(WYwb<JQ;qfTCK_rUTD
z0+oyHv;Cxs4*$F^$Nah+k<{Ul)ZdZR-O)xbAa6)7zZ`u>T80t%!1m6iPxS##<O9^x
zeSiaXIliyUp{Df#T=h6!))h!jye`AExcq=Ju|tfm2_#po$5FN(M*!uRNM2cwV`)8s
z<lFT)ey%5w+@L<k>-7ba8(z0h-sZQEyv6NA@|yY_tLh6ROJ>zhWkmAH`W(mWn{(vs
z>weH)cE19&E3Z31d+_>y%#j^zV`a)-GEeCsz8YVj<8gfsedzV909>WiD&WKoD{HMC
zY7h13P-?CMiZtMeX~3a0Sq1#jfa5k1tyTfe-{44jgG24I3fTDu$Cfv^^>&WnoA$Ae
zn;Fhu)@l`e()10qq-w~Ky&)l-Y>2-pYbI0ng_Vk}LO&vV$b=dVIjS}kCJbrFF@OlN
z^t*-}8yj*&l06zl+a+u}WU8Khq_dT;1&O4HyG#m4u@teISdqf9EJds)%Govr7qeCq
zZYo5piL)sjhf~CAqIM&W8jUyth|OG0jA+C$q>)%nNHH#lK>upux-LB4_C_4vHlo$U
z8-ndmUAI>g{cdJjO}uGKld0H@tBLE4IIcC4tBH?q{?}^4D0b6vI!u2e21aZbNJG%Q
zIe<3+ltA}QE?~8bk{I2b-1vPDU?^$B0bkP*z=`2NS`*6?9ubbT`veuP&&mO=lTqae
zJBDXLXTa^&I(F>^RWUkO2DDm~<MO!60;=1yxHF(Cde_SIP+QrQN@>N(@Ojk%bwW%x
zO85E@P$y=mv~GANQFV;@FiZ9(ne)vjRZX2*Axrh#&h%_Q;d2`Rugf(Ea3{u`1`zOa
zAaGuLV)SqUfjesf+Fzck<{o61qJZ|?JCh^^w#)-)FH9mhFsMABy)=pFz+YPc+P@|d
z=eu2;fS{OEyl+fCKvOI#(RVdJpt&rntnYpqKvONMs_!L<*DR{GuU#%c(=95+7uo>O
zJQmg5_v@R0=2arsyMR`{oqYi<Pzk3_>fo#Q7N9Z3w7<KraWOy(v8Z0YW_1BAOkv~_
z`uRR-4QNqHXcGX#d?TU(Em{d`4Pb;Xq!OUTD8@DyFw*x+X+Vorf)2ZYalW@nN&zKk
z1g*Y(e-Z2x6fbqd9N$Z#5-n<>Pg4Lb$)Z;Hd_<M7s8nAVQ6-gtVgR=KI)?ySY0J)C
zz9K<@Rz@*Sx`4f4LDUKJdBCzlK(zLyLDdetOAi;BO@P4cWbR_K1&qK=5rDSb6cr4^
z7(fpV^S(3<45~wr^`;%e>~Qnxb@?<5hOvkSS%udCJtd09r*_i?1SGu+7<!Z7I28yC
ziU;&&UTcuV<_7e)Ou`LU-FE@Kx%!mK#5D$j^>>4tQkie30Q!5Olty5P2hdxZgaN}K
z4X#PCfZj?issh1p^#(ldcW8*W;Zs#0WMBw@klfV(CFE=Z;0ozcfMz6DpWcApS#3wf
zHZ`-0b>|1ESl@h9?C+XXEZHoU(!wm3?@d7OuYOL&$``bY4dPL5D%OaK?J}rX#Wqx|
zV+}wJsb3Iqhjgt*!>W8UKo2Qe3h=-+xFDcUQO~GAz?eZmv_3t!xf=-FmmSb&`ihxN
z72O@s=a_^MSfL!C&o_x+xTXyP^v~41ZXh`K5Zj(*d_LJz#6$M1$wv0<DMa?%@sK@d
zRkEkUI|Mmbvmt=KS^bbiJj-s2_=X=L5&PPch$odvM6S~0rd|DW0QzoqITg56(k`%<
zzn}ttm8SxYVyQs0!DfNrQh<I`Jx>M3ma+?+;|nz)<c&5|;KwplpmGcuxwIk~IlcuM
zxw{@U+Vs5CXr-xwA?r9`g!u9T-jHh=5D+rxT^bwnO9H--oI?Q?(zp!3L+11Wf<iiV
z27*KS4F*C&x_tnIhP<8+2n#va4+sz0779clbTye6pr~FA2y^R^ig&*T`1;KR^k^k^
zs_CV}3_XY9C7r(Nfq<S<$<|b6<Wam&?TmbOMz9{QcysB1&m72wMTYN<PXN8BMHvW-
z))N(PQ(cxXA=$KwfL=-oH@n_fFejiVE4is}gGp(5#XFD+nZT;3gqX<knaHYaQEoD!
zy5e1An@~f_Ho;U=nh+kXhbfxj0U}y|3g|IP;93occ)u2)=TZWxIU**_0QCGyAT>c`
zuh#9M7gGYM+7T0n19}-Hkg6K-Bk8H41X6_}0!UgdC6Ek7l<Qp}MQ2KILl5BdP=$h(
zC>jUw1yNL2NAZxYhHqjoT9_#z1cx|Ztsp>u!=lO}bZ<lQGm1*~Mn@0yqh8?~JU|Go
zGZFH}KpInpTF{uf7f563t9CS|`sAiD^}+<=-uyJC3VcXoYFZ$Tsl|nX0E7-12<Sr<
zwS~tV5uYmF^By@OCfXw+Sf8b^e<`EnC<3WckO;)I?fN0~c@{;k>Kzpbi_@nn-tq?E
zGh1l7QjiGvCevV;uLO|-!?$5Dpf9kxFB*nHt~1Q7FH*d3Q&BT}iRfz@1S=G856Un*
zXO%tj67_Y8_nMuNDl%fsZrdQb-5PEiEh^X=Zkw&)7VT?E<7lg;DbBZ=^nPnm`K+P1
z-5QGVG=6s}-aKBZY)?96d!;hd^!=8IU`xb7B`>*|a1wDu@wT-^97`wSL^=_t(up{u
z<auF=2v5|<DcWJL9Kw^7z@0Rn7fb;3FO)#d03vQp1oWj!U{ym7?$t^lHLNv+cPN3>
zm=Wuy1NtE)kQy*z#3VpJs{~R75!J6h&_N%e1cwI5Av{`%qG2b7@Hxdp^$<h&q8PN+
z5WZ|tDF_|iAJDHVD%l%dA<-Vf8(q9!01$G$1`Xk>J{rQO3>v~CUFN=TzC=L(&ZXuG
z07A)FeYYz|+W;V{odLAckGqU-ZOcx%B1xKP#<MPK?zHT5sh+2S)QqN`nrd2>XxZtp
zsM-jf)0BL>i&2Y5HGGYx^8>EnhXFuLr?&l}A97g}x;2yzyTpth+KNJfBQEto0H|{>
zxxA$UCD#>~)4yGFIsMypm-KJZ`b`(>7$~uI+m)9Hfvr0hWyJLA)*bpii=xPd>K+!S
z|LXG2qN4B9413=dM9N`lc;GU}Tr_ET;$nww4NqNp5BoJdvnZkAxkZtNhn9xNE-y8o
zZ!E#&g)3;5U&FsHb4W%bJWfCF(hB?J@cPLW_-_CZ@%=DB|HBp7Ef9#PLpe|bPm+MJ
zXgx^PTKc3-A!;NM!lp2b5;jFx6xq}~z;s4ARBeJ?G^d)&;f&%e%0Sfk&NP61YVZqU
z4W#alR6S&*a7;03E^<uKmSf7TdfNKP12mw{%BPwgoan>*=I7i^s+2W^3aQSaUPP5c
zeH@M0Vya4}g?<-6Fi=?(1F})!(hSH>;ca#^MMJ@SqYVtBmiaF|iJFlQh}VBsgU2zz
zH=rY+|Eh|S7xD(6-?AvTuL$McQLS*vSC34&Z<!K|&}I1m{dZNZ#(?Njp*HFstGpZs
zLWcGw)Xn!0>Z&&+)Oma~aV-3RCXRQLY2rx!i25Z*WtuqJ)u)N0Sz($uN>-&{q+)vt
zM#5FHYeGB)BZmr8Fw&zc1tU*#Q!p~REd?V1ffS4kEKI@3<LVTQ{7u0~$lGrNks+OX
z0#OLvOS5z#w>pynQTv8cBP6(khjQsBliXHp>@y?Al5VpRM72x1Wwp-@rO3gp*5u|0
zYwz~%=5m;Hbmt*L43kb4W%zox0Q4>vMI($Bwc*ivTeo(X0}%te0eV+=-~=Lm{g~Fz
z?jXv6VH}_ZBc;RQ^nPxwe2`Q%z#VBhbyL+Ki!yvY2>?SZD%dxj9L_L{iY5_b-P&MV
z#CUf!4HF^aQ;QNJCR&sbG1;O_5$oLAE?Y#ZJBkP)VuM8)zN0DReJv{3SDO6BW{aX(
znBo<h=G@vpwxB(3z8tooy%r^~x!<BpH+I6UB?ikvr`$P+5QWZIlqmG0MNxCpFb|8?
ze|Bq~?4rNAb9V9<y=hUR=xvLlqUEeke&E)Y*+n0^BbWJ$KDH=P^od28Zp3XCedgA#
z+eM$doo?i%MTw%&Ov<b!)3nGCStv-$L4+t2Vo{<{m_?C38pk=jt${Q}ui_3i!T?`|
z4iqrDqi971UxUUJ6uLubt!emL5*q5ct<{fjKxII0U=8_bUmDFU4c#JOED{drjjVEI
zeJy(edJ`+Js;|*VT1L9Fk-Fx-x=jH619u>~pjN)3JpjFj+jD>e9b(#cYX`lzrD2#a
zZZx0|cYFTgw4xtPk>DuHmKDA)h??T|&|pusqQvR$2#OL<_}-}t=(8-&^A<GcTDGM5
zzM=)(QcJ^A-`}(<U13qrW4|6p;fX~-iQPFK(6_if1O`KiJ@*y`WR}!;CAL0=vpX#2
zL?yOJRX{)B_UsP=$||w#Cj<HqR&I(CyM@~7s6{qaViU(w*y8rk&~C28{>=gXH@7D_
z80fCVj-l1XJ$DR^t8q$fY4YZOxji2T15=b(bB<6n&zfLhg%bNI1tj5`hsMt?CH5e7
zUz8Tf!+`S&3?qQxYS7FR8r2%mV>LBL2oSm~nGDoe@h~wh)C$WqEg<@8KHFm-)%bxh
zAmmO0dF-x5$YcLuE+5wyCy!k#2YKw=&B<fG+lM^%fkEW4FSR9)U8WOx?456r$Bykv
z9{YvqvEPp&k3GL5dF+p?kjGA{PaeCm4ul{ydwxLwQ&Y*fC}S|-)1PU<EFAFF89-Rk
z#FS+E=9ik7lDbgT3f=O}2#q3A(bY3yCfee4Z$pw`4zI#`4%5H+HdBaJR2QMq*7ks2
zT#ulMF_`>t0bT1AF8y$V9+)j$`r#6~<%h%K^kiMz5-uTGR(Cqz^19RcR@9x&x3cbc
zzSVW@nJuD*?sUF2b*J;Ktvj7>U0pigXuYkjB}7OO?e$zl2oW7EN;rm27DbMMx;89M
z@1bk`?4rH&sDA#UeJo1&?S2*|{PqBgBEKDKg`Y!o?Q2`mFx~05N9az!Jxcfc?Qyzx
z%P#bZ?sS6_bf+7fr2F0A8eNNxlp|oBXmcN}e)Uv6*y>Gl-LXMu)^1x^oW5DtT1Cng
z`c_$pS0IGTLgtpicG*$ciqa~;%8N!=yuL@*E=9@!d#@B>2H5+hhzj*+$tCpq29Ss!
zEGpbL=R=CuEh^gA@;zFESyT>RXd^&BVNr2bh<i$pr7%4oau~@#s-g$z!R{F8zC(4V
z`wrKI`))%6B~H&yjKRM3WdS{}ZaUs*-#S{-m()E3g*XcfRdf%H@v@e4t*3ivFgLfH
z>l?c1T>JTkQ8f0Bg{?up=CrD6p$mtdNNbSyEozi+62Y#OMUC?nB7Gm|p$Ao9g3ok$
zople5^(j8n<8{-s(I{NuD@r{%Q1_IMAlGg>*3r6WNCdfd)B8=<Jv6v(SzdOUE*-Y%
zzh_#cTZ#RY>N`hx0VOsM%~10!(x=3(3Ip`dEHYS$ji#AyfklQZvE~-wmlheV#G0Fc
zi!CyT5?h&CWT{2QDY5^M8Otp)pAtL1C7`dg$ap1oFX8iR-9tk=QHhPDk-1a%(4eiY
z#IkCDep>g?aO|MOennH)HLL6tCDuhQ`?^KWP-44KjQEQl5fB5+QDO&>qMKIkLgD*=
z(@o#Mf_#7OF!KH6EkpMdpoN&O(vVey-5b3?&QFH{o==q^8mkpzfb2AAkaNIDz<t<d
zK5k8qcS9}{%zqw|v&&hExGJkY(%p}^OdpujOON+ig%{A{DOnWGHGCvs)L=WMQtKa@
zW-J@x8Vv_L#W{`CYcX<O+9stSZj%e}6gKn!%_@HZm9K2(=gKDYtJ?WFZ;SxE5gMNf
zAUT^<o4fZ&AmAs3)sbb8bKVFb;F@BJYHN$Kq;w?qlUClKZ1QoQ2g3lRiKdv5!BFe>
zra|^;gimt-d8w<ECR!=#s>sG1?#3K>X<e!`)lAg?)R^O9V~%{Z=2x0(<`mtu2}g}4
z9C^)`r8d>_(!+?R99mP3Ft_riruni9m!Q0*Wj9>{@>6K0G}k<jvH=AcDS1bWq($|S
zrX2g5aumEj5}2O@@Tv=cw|;|*SB6=JzuOcjlqd-5(Mj2X!b&r*n)?6Pd++F|s_%XH
zxl=O9Omfa70TOC@og^ecNa!T=q7-TJp(7xIiWC)TQ3Mezp@`TJu?r$tC>BINh=8a8
zrKljF6hRQAgY8}WlzZ=tMEQQ-wcho6*ZTbdE2r#z_SyS6=j?Ou%rh5c*KDIlgtN{s
zy3oz(?eESux?8%C)x{?Ng_ghjVrB9-h05P%lV`P*d~v1nLqg>rw#i?w<u6rg|DX{0
zz;c_sklp%AWwQN3WWkm~I#;~8NrIaIko@2K0Ha7^#6Q&;^2x6@bu>nb+=YaZ!k!E%
z^zXlAg8f)v#OTFvnJN_}vH<wFUJOHf2{<%%yKC0gaA*<?ho)|iqc&vZd)A@IAJCD1
zZmKQv+oxJHpH*AU{-^Vm&Ax@4{Q=YSr)~0^wfvY$J>NQ1o=>yn!|N#d{7U6ZL*xT_
z)2=yk%|m2m<j6T9a>;O0Sdxoq0eNNQ$|p<hcbk!$oTww`b>~pz8uVsJrGMiGkAUHG
z*P<ThdovvF&5%MzyWw*;{KEyj(}&^tJ|c2aZuibQI&v&Ha@_5CzYdU2*BZm`7T207
zH!@7Tks-Yy!7AD<9#MRABg2*(8Dis&7`MA5K_ym3th=W5)Xk_OOER%Cs>+fd=?^3U
zMm4u5G68s|FT;$!3^~5~fDz}8?&AfVb5Bnd@R^rL@bRCPZp#%m2i(SX<(sSz)E}wU
zf#(xM7#w#3S({b;@@Bw$w)$^W{X@NguT=eHAnTy5{%2eNORBzQFTj~-)qAJN`agRC
zHC26h8M5|FvGCnO)sG`QIL7(2jc$%{;Ru9Jy=K@{m$1?ErxW+ALxG1}BfwJ~?)wsf
z<W;nM_qpV<pA-t7b;%k$`&_vMp16Jto_-oU-@62O_Vi=e+)sn&dsopm7qF;5!_58y
zJO^Cvm?RCJgRUU({NVCjPSoJ}QQnCM4PfXuK!fLye7^Pm0EXoQ1b7a++*6Y@c#gPg
zS`USdqq3yH^OG$3kv<>;FpjxA9g={ufebef)ZjVp3I@-XWCBlq5P1G{8Qqj`vYJh@
zz;htU3U2#J7I-e%>TjH6fyAF|foHI-J~P?sfA=H{JS}bYvnN^L>7(kyTOzB^WD7i#
zldle*S(C3BJSSWNJo%@C_8fAGfK3g!2@}baXwO+DVUsvfYCmPdW=5KZ%`#VjV1vO7
z#|LTHESIn`hA^BQtdoc3t_D>3%MgY=Ll{!%-eN3wwV)AB3}x6eR0HgFm$-OT+{Ccq
zCIPTFT<&ox8el7f0k+EJ>6@Yf_ND~b{lgf_hG~GkB>{F|7()eB9;PMnwyb=5IKxB3
zHCEoySUDiE@>m*SrE3sYw!4f8${|^UCt6sEOtoS;dZLAuR9pR&i54cB+UjT6>U*gA
zX+YL16D_Qaw)KDCHtzkY7UsURjl0yW&lY?J$ohVwg|H2>HGG_*=s2>@sn)T5fJ3GY
z+2Y%w*^*NtYr{Pj7Q@qIpDCix6oJJl;mA6DkA=ndX$p@UE5+kliAU{Y1o)(D#`2mF
zS&3x|n!s{A+yvC*N2e2JUB<vj;K1EddqeZ1e#z+?%TK%V2+N&EFti_`a@2b1gn%(>
zgg~{4*KFKkY227#<4B({t|r_xa`JdW=)=;ua%G%FtNXQS+{3OcGVZ|<3^PVBq<m6S
zR2I?l**b#ZV{P#vVR5;(c;DUEZ1JPg;__gN4{3|5!A<7mwIGX!x{NV*NzJv*ZJ|}B
zwsxp1gRCvSnIY$9hIH>7z!>JL`IiUSbTh+-o0YXUWRkTj)sS^tzT?0r89=&Nj<>j~
z(sE21$q+q~A#>SX)-uU@-&UBFVXlF|ZJ`tXs?rJHB`3VnoN(q=o6^kV_CnO%wn8;~
zA<b3@Jbdl$9uYdaa5p(bxVsA6<j>?rbO=VOop`*|-qxvI{#}lCd8FKlJKVxhcnd?y
zu5!SLa-}p52kMPtNF2qG(m8_CJNba0jb^w&l?%pDk|!(EZe@tRl_BLi+MfL`k@kn*
z#_&5;Vt}YjqROXlV<^8(Y|k++cTASvo@0Zz=PEAG<xJ42Ue)F9k)==dYA)MLPb1D{
zd+BM!yVOh1bRX^M)m@&1ETF;d45_y>q%SA@)o_UynAeYCXg)?H4K-cvw@mf5>~A!T
z+V(dZMje-Wl$Vo2hg^coGc}9${3X-U#X*(m5@h@_cQE`uhN*)kNggbX#xfL+RoIoM
zLq*W((8Xo!nINN6*Z+<K;{s6VuP29ncr3$=u?$&Xjkk8=4%q@NPA?2(wVhyX?t`<f
zO~2a&YjdAys~>FZKR4St3`X1fziO+WJi$6tKC<*=&a%~Kt(#!&^cQ3&!B&(lDXa*<
zb6=T;tcbfTyf+Le%&({v^TiVL73OZAc~{7KSyZWPQHU(^ai_Y*s)`TE*&>EFxav?0
zPmX2yc`QR_wL5KVw2rNit(efV=GelqC!oU-hOAd?4X0#-QH-n~CRj=$a+HH+O$$TT
zaa&7Lj(M18*0l|r)!kNTn_~sDudRMSjuo_aHa{)S`PaQACDhNuL;XCf(i?SZsGsv5
zriJ{C(@4BSDsh`T{;^yj<>3jUIqB}IK;k%tD&zEy|D99p_$$USyfRL$n#;MgYECQd
znK#~H+e(Mn3s2Y!OYMba_QE=QVV}Kl#9lDQ+7OU7HpClGd{>z__Bn+&P6zMOGzqaw
zN5f4%NM1pS>lUZjr8kU`+WVQu_)~e>O<SA=<R)W0!{u>$bNNhuc;Tk;41>l8JseB?
zRUPBC?zm=)KbID3Q6M>D7+@@w#;v?vD)N{yoSCnUTk5P&#;qUEuyQ;@$|DN^<9Vk@
z=5Lw6&~Jjy@Sk@UQDwC|8N%;mNO^OL=-HA+`1nqSx9`-+{0q)Hf4G3#?_wBym!9xT
za>6lpGqAfE(l^pZ{IXMI<fHFq7;v}F-CvQFF%ucWCo0!0%qQ0j`qjSge&95IQ8UZh
zce}MAF0E^=t)FhUHpF*r^%ripps~YN|A(#qn5;MQkrhA2+9!>Ct9$MkYuM`f*3vB=
zV+~tit8Z=7)4{3_tQm97p?*z<deE;y;3WSDaHhab!A)-012E>v_;<ZM6r9BcI{x#V
z^(g+2PGopsqK?%98LKlB8Gg|bkk9XyXmBpS{hBRaC@o%MfwO%)V2qN+wY)79oGJCS
zaig3K$hgk;Ff_kMgLAY5=cRiXj^CrfIa-4Ag-HwxCuwkwmf-9<nW1#D2IsBLgl#V1
zkI4+DChG~`E+@QX3d7S=G&sjd9A25iaAJxE=N+<g$yA1gQ<ZD#*B6gAgTOh{X-ri!
z%ewV83neY;*&YkrW}&3Ft$yZh76@;*)jw>jpIOfY=PS2apjvF}{()`S)%7e8Znh2k
zg{}T;o1P<9eW2a7hkBe0^?_h;l79p^Q{krICO@787=<$aWuv9`^=AA_8tV8LI&&!g
z8Pgc5PSf#kDC3VZhF_-X_&1dC-&e-)X_<cfP$YZqzn9_jd-daoB4-8-`_6p~&)>(8
zGLUR3c8a8T)^vt@rZc20n<6Sj(wluhL;C$1K8>8>LB;U<8HU`i;nPIIXX*V6i|^O)
zX)2NO`~3{R+^^x&Ojf=$gJIDO{am8CtZYA%p>(FgRJVrWdFL5BrUp2ToyuETAC0zx
zJHLSy^lhW9;4ZV(?;CAl=fAf4!?ybG8dzXBVXHsWz{FbktrkYSg_fGyw_4^T7g}mE
zZ?(*6Y^!f+)6?Bn-_xe&7F9nL$Qo|bGs~>c7R->yy609aUwcWmhEFk{a?HKeddjg;
zwDu6Pg5xtQ;Wi81u7>~m?4m>>Tn7e$=C@t*>S!4vD^~|aTC9#*a1->C4>SOb+Un>Y
zrM^jKZrv{y>D5u&8KBki;!KA5Gxh4I?QBDspZWm9=m#`D6C^&{&SEH?rSX|4QTOyL
zhIzAs9)0911G9FFvZ8URp$$x<tZ4X)Y!AstSy9cj)%PE5`RL{%<)<^3D$Qi2pYlx~
zPab{EK28piMe>&e=~AptLS^7U)1AGGwL7EaNm%Vc2KJynLZY0_NN(bT3=<yI?&Q*)
zs~==|^TD9wagZ7|@W!ZXwm4cH=$6GaTVuULSbTbfRMgA7{<m+cEne>s$77Az4363Q
z`v0LrT>o?DFvQK#*Z&O;aS?6!5JQcJ^!5KES$WsP3<Dq56aH9!CVbW-4C5aWH~ozc
z_wU8}rvHf}=%&BP;rX#xKZyO*A>1<JQHG(9>P!1(hq$zV`Y6L&kBUqC7Ki)hM*7me
z)nUK1f99}X+P67^F72N?JoOvdFYRAA#HD>jIm4pzprd$6(6)KSVYqKm_w$Ok9f)nB
z@8|pE2>a$TY@f@JHT`C5A34^@c0a#xv$YV6#ul)Rk=8<}ZmW+TY4tB?Y(3nqW$WL;
zR-ZG{S~!C(J(<O}`m8%fTKDsXjVr&OAG^iE-mb>~ddL33A=5K+wS|XbxAMFFk0G+i
zPrN1gem<~?zMuc$5cl(;^B4xtW5{fHi|uyS{FdPR`DEIDdf38oXA|=p9%bwMNE7pn
z$n0XP&l+nhyw${t%ssaH&ze{f$goY?*YsZ(ZAGZl+K#&B%l7tArzNKe27S5U%SVJJ
z>xaz+zrvAE3x3`_hS~G<ZnRP^yYurHex0Y5!TF{lBh|ani4oVl8@(xwI}m(Ekv?%o
zCBjYSBsXsj7|%$H^GAeksswLo@iPvwsdkvpP%@t(<?hD-W3i+9Tqm%6KEo^X^)!~q
zX&jr+aCm;urkZ$GP2<sPpT<%-4J`^3d_Ns9#!8Fz_p`&SH|ouS6tN?Xb)?b(+Gqho
z;R2mBj&;<_1#ssAhOrA6>WSTIyd$1^u3EtG#sY@)akNWKkd=EEFnqm$p?>+>4y13R
zEbnfI_y%pq#~2zv#*m(t2N)9_)%pVX{V|3MR4G=<J+iXbLWcGW8S0IKG07o5>~~=y
z!?}eFKwfS)z-aF<#@r<5GTrokMhhTiR;*}F+Q5PI#~Ero9`r1x>skFdjGJr^Ot#ny
zJ8Xr(*_%RKf1py=ca*O0YPvqp(~r_&htX0gG3iB~-aw}Ej-ok}3U5Bnu;Ousl&mhI
zviW8waO!b}pC1o;*D*$8Vsxls11kUMg*0r;S?e9TzdDc?R+TRG4g*S6ebc;wEwy?1
zj%+e7XAwi@BFeR<h)VG)X5=D<VT*zu5SMH7>R-Eg^`v>_mfs@0fRXAjHVh4Yfpy6=
zELHmLr9})&$uNPcR7W8hc61TL{zXB4Td57ZF!Y)YOP7YNv<z!cD2;a*WlBk7)3CWE
z+OT*>78!Qk6AT@mU`QG9sHkj6hCT8G!^|g?Vb7I_N9x+Jcdy;B8q%<evq5_m=@WZZ
z9Nc71-gD7_5$Q0xD$V((wJl1uwULe-vi95)45!K3vRg!DBeJ&ONrv1fm9_Gt1gEvN
zW!G*klh&TL+<1x-q`wT~^bnQfSwC0XN*nf<5g^0HKFM&)lX?UF%V<p-=-ww8zSf4R
z56GNTse6Xau<uI$)i^^Mr^OLy8#=KWmC8CoWRdp_E#6axF-A>nnmMtyt@XrC83G?2
zpJHhK6hlfc+MiDw39jnE!KWB@QYF7tROUSb;O?gxMn4?{ntVOmRYNRmx3v1#*`6`v
zB|%%9Rbi8lXszTMRVsfjL_Tn8NQk$FS1NlpL>75f=-Bz*Fb)isN@iR8PaEy6?~Oe2
z7Jr7p`3ytK;X6cSvl9$>=^2J6p9y+y&{aDo$7a|Mt^d_A2c&UbO~-Vy$tSl_^6e_m
zB}3!`w_Lkp4u;4gZyp_+TMVP6a?BH^W0tnnj@e@5lVh4KW++(9kg|fHx785eQ}}u@
z!)B^neXFR<pd)nDvkU{DWk^{&LR5-hTz4#CxbUoU;hSy638P*3)L?50X>I@2h1=vb
z#+WXA*Cszq%TKLT{)-U#z&C@h*@d5n$jS|o<|8)5I&hQY3T~uCti5$qT(S2D*g`4p
z4nu)bD23wg?(S~I-Cc_e?(S}bySuv;cZb2<Vdwk(?Vj~>_K!Vhaz9C4a&vR@-aC_*
z<X+<r(u-uC%pNCqIahPohRX#)`1;EOIs-R1cp=FhB!y)^FHbl4zIXDKrjtn3z16%!
zJcKMmaopTxedWSw?ngl1?I9l2HW+19ShnAN;V9PnmL8#YA2l;4=fZoZsc}z6XW2R5
zd{JYr5;x+<RqELxo(pgBnMaSAxXYc^=(J&J;|WYY@^XXwufFHPmCED@_1d!a8>ERW
z)8Vv#a~`}-&6$^F^)jz`;s=I}CVPbi(1XAGhSjR#eVCPo`C%hRG(-uItB>7*57}xt
z7PA6-FjS0B0fQU?&1EKyi>|XnNcJ)o_fSIdxOj{g-%O?YMh9W^;?E1PD&x;s)DFx%
zbJuj2@)0)oKcya?(r~a=q((0z60gEW6ZuY<u3N$PU+a^^p<>lVq_-z}c|v#NQ9*Y)
z_^rH+>#4g}<+~ioyQ@a{{@pIZ^_TTaJUnH4YeVYe66Yb|;p=YY?wk|Y+}HX}?VdA#
z8DwLZKw1`Gu`LdJGUw*H4E~sfGBz0Y7+64CoWUrmo<DT0|3+qXEx@{Yu!_iY8svEv
z<b2<Yu0=ZScF8him=ZB0X=$q?>d8;ncf?6@+uD+Y8S^IseL_Qd*gKZ=OeE9umQj-O
z!R=K9D5i(>t{k|*K>SS~f1xd&k+wl`_gQ?GYMjXS$uB0<xl;Ll5KSX6SS=Lh+9DDr
zq7kSt!^aH0yrv;nRS_#Y=h)S6_au_}x1I?cI0Plv)i3`ZH_5*O*=?}>&o`BH*O=vy
zCsX8m$sxeHu0`q4H`5W;{K5PtVYq2z>iD$^U%VLYi9cCB8-^<J4DUNN?#~Ia-;*G_
z_~>i)mi%dY&3jZCDO&Af9d)xW!$DelCh8xxvQh|<q6tYzK0&#M)B@&pdOVmT9wlAI
zXZ<Jd^I9Uae`uo0jai?Z7vC&3XDNkws~bL8Jj>W2&t}~Vv}l~c@8h3|+$Nk94dE`*
zaj{ZSEw>1Lp=x-F4sg*UqM6Zn^dBm~<0>#2)$(vI8R*3l$yyIla_73CiT1v(-23U-
z_f8cwN-txpQa5p5l0;Yf+KKy}n6ll)wlHWoFNdgyQuXW#OlfW8aXLi%EFaARo+fy?
zVgY(r9SiX+l*k2pY%>B|$LfdvL@Hh{MHnMJC>pay$`6DT3ES*40`JD~W<{_-_$rhL
z^GQsP$xKGxm4jVvoYi$>o3&_%8u^5bT`HMh)nKRf@qcywRw5ti39u=;V`_y8>U|yy
zHF`bTM-ob6!a~@k!;L!|N@4;Oa2mYqFMMCBVygGe%#}~^5mE0va|T9MF)?E$eb6G&
zY4@Pz_%>K^gqYWlr-co=e2VD!3LK$5K6q*=C6uSEKa(M~wyn~4vkvlKs<he3%GpWi
zGIF!yRcs)fmfs`e3wQc)`Bi9v5GmC%cvUtBxvwfN>L0!dS2gD{;y#GJg(IeAZNp($
zH>A;g!pep&q88U>g+>C^n^}GN+Ah$St_uG!z=h8tc<JrW7DX3!v`Yx_Hr5oIZ9=Op
zgI>??P61CBm9OqD!-Podn{Yn-g|}=Np(8lE(VbLusdo8^0PV%~q~!8y79=)8R+1Aj
ztv=?up2+gYPSw8M^@`X0h6<lT97;zL%km0?I+-mAtv3OsZvF*Pt-i$bM(M#TVyz$G
z6~wpGAej4JvHM=Sd%+2xMnO+4(o3T*%cv8r>vO}w1~)>QN-<%G`L$RJUe;ursc-zb
zZd)(n$j@yDlE9@zq@Zlq!d7WedQ05)HxTuBPOBg&Tx(!UYhYTP8_K630j#S&aCu7w
zd_`c9c4d)n`^Mi_=v0<EW$p{-8Q*h9A$0J0{^~@x{*SI|A!=Fp7oZ0Y*E#M}`I4*0
z*a2zL)n@A8CV52F2Zhi=I#T3-XI)$1m2Kz9<!JiKbQ^)ZPLCE6zAc0CobVOV*&@UY
z%`pvd9IH)cfFXexC1Fx&cZzw)x8<k2I{z+eSbkS@*T7|;7E+LF%)cCNP}{aO5XF`W
ztCJGEqOcy-gwLw9E{ZUrPrABK1a!He$C@Nf|BARge?ecK)A~72j|^1Sl9mg$0G0=h
zW-NL_$=%lbZX1NX&k7!_Y&3Fdxv^WX4RDQq%Fp+Dud>NAoWO55E#z5YNEK~!X6Xx=
zM+(}>_4#RV99)LKP_gjs?8om&-M%fYd>)TXw|rhVWT6ihq}0ldBr#|S5WR@iHcy0C
zPBXkrRjPm>VS+?WkwoCf;O<~_(9Caphwqo;1i+z1dgf(NE5*O*U;()tGo)jX?Qez1
znS}><@hQAnCB8I>e{|$NhS{4m@XB;$@v$Lu?C)LlD@UphKNCUbG6WT7TvK(`yvMH&
zS2E0h{EwFJZ1e9=k)8L*;cCNiEb-H(yLvz;^c+-NmbbszEpNxC#+c=4a44Ux!q|6j
zJ`Q3AI{xBt$7}BD7Nup;So~D@C6eG#4_75v*qZkbnMUs%5f6P(05+y1At-%Ra+t<Y
z*||tV#_t!;8X~3EnB9XWa8~b_wK-`!xB;m`yhOVzj1E;L&DiM_x}L)RS8{z6sR5Bt
zyohhQQ?!4bD5~SEj0p&Zs9fEMkmr4&D$<1bK6hfr^DoRp7%{A8E!~!2ws?Gq+j2l$
zh+E;ar2XK{Y`=TeyRVQipmTaqK-$-{vRB{~-Z#6w_&B)fQ^@pf9~;-Fs!X4yvZLTJ
ziGBzz-Fl#UHlXVF#D1g4#_&$_Ns&zDmEn^v^vW(GE>f(Kn?qG9E&MO-_%AK{FO7!K
zuA@(1pP1k1MUG7L(B7))LVT8Rh51eq^N8<ZW>8<4-!7?O>DM7G^ErH~^Afo2>m+$L
z_<t!`?C-;_ID;x?_H2;Ws5XN-w|NN>>zcor4Z;<ZcThl}m|ctps|({3y*u`0h+p{1
zdMhhV)}^W7Q7{?vja@zF<w|OBhnn#>-h)ryAsK{m3gdmZZ0%w0&5>J@cYzR>IjD;+
zP~0KzkGwy(aL4<6dbm#^@UDMgu(Icl7If)?fr-`YBS3nJ`+tRZeS~eX4F13(v?%+}
zx?Dlki?XDr9aKS=ytO|=1e=QyFA)(8x^mF&|99}E53(b|?GB&}G>t>}AD;i=((?mN
zn6w@E<x5bto;=)3z^}l=Sbnr1J3Y3o|68m7kD~m4$&?@kRQwA3IDz`}CCDz7@X{P%
z`=$S#fQ&LQJLjtm>6$3p4?=X?G~`l~fE={<!HSmZI+Xx9B{(VRK{x~hoTB}cV;cdi
zUS3F1rE4ezgzaAXi3tct?;fmP27ke3y%g5mh6PB*su|9%I>b>Dp1g<>T(lju3Ud&B
zOMX}p8U?QMJXSCB8C9BKN|7ey;#?re48edAYhD^*8xD1A4y!j1`Vmrkncy4}uLnSG
zJVAC*c{njk1cTZ|%#9I=k2zg*-0=aA4%kaXTGg(tKX?Cuy+4r)+T|nPNHiU5Hcmf-
zQnky8Q&i9Gl*z0^7PZTJt$8N~p0(Jw9?WS~YZ*6-ThtA|;9AyahBu^*40von_ru!P
zJo~q(=d<9RsG`DAZgPAN>vgX3M&XiY#x0X`tf9(*qg|N!QP84Z>gP5wAX#|%A4<M5
zXnxM%AASdqF|S?D%<h#I?p&lV8Hui4u9rfl?NH!l5NRip^bf9U3?tG`H_C1jUEuu2
zoOa=7Ir_W9k1G3LjCDLHt~P<d6;zaLGC)aQi~27w$jj(tv4BL>t_CG^npK3WOhI57
zi&|>52vjS~`Zh$SYE4u8qM%eC#gv;ige8+uXs687qP`6SX+1FlvbbBbkoWiu;W2^!
z<$#1%RS)gIJwV8LVaBzL*!r)gj5O;H{#0zkfa2|Ha7zSCy^*hQ1t1<)tJqyuLqAH3
zAX?!JjzHP@a|iPu#WbsXr-ieK>Qh0~+jtLU-=keF<L#$sSMv;mTlW7SkVA&#;E&E8
z%zwu3;ptQM!JkB_Um@Z1knx(YXTi0E&E{W%Q|lMa29AiUF=As$i;gHZLpp48D-oze
z7wR9}vR3THj|~}XN^E9a>V|2IKy?z=wzYv+j|5Nc`M}JpG@y!&a2haC(kHvfz?v-O
zli?TSlOIY00hMloA&LxQNeN-W#uBA&%1MD?*t8EGN&}K=0PKV?HsfDw#pddzdk^LW
zs#F7gnBPcUtC49RjFo1FXs`5Tf2~kTS!meAk=F#MG_ScUXqp9=;b13BFV+?Wx{P4B
zL-wVTnW>AV<pt|Fi)!YH8B2tIizmmhrrPyf+4t$e;@Jh=`;&XfCM6ufXna=?l#IwR
zSho#(Kd-$Y@g0rB2+~UE|DC^fP9=?K?@B{OnQNw@C|FY~yo(-asmWY!;L{C}t_e}t
zl3-zdXGqZBOx;_6xtv#~j|x>srccsg01}n7rtyY!9eA>fm}hWjPOwnHyLIqLLZAv!
z1<yr(x(pgJ<RxB>v849Qj7+_+i{1G@*T}U{9{*Q{4gTipmXMkfI~Y3DDZmC*dSpu)
znZ8yA3`$lDn7Qf&gd&5ALUVQa74HbmG+=`O7X4t!f6{7o|4HB7Q|7GwC#@F_rORLe
zQDyJc*Zia+gUDM%0#!M;gk)A&PNzH;WJ~0)>^5F#cHEi)w1;6yRW9wOPW|$HTjav-
zHi=r=L{JHbtf{?j=F6ToxG;PGZ<Ehi43i!{B&0yiy}pqFpPWIycUU?0Qt=}fIyBnl
zd)DW>zx4!QenJ1o0fLc6*CVR4P{&a}JCPrcgw7<lqy}R6Tlhb%O7Y(wdN6I$WQ#-G
zBvsHV63HWTS1d%!%vjLk9NRt{K-QG#Kp0x;JFMW_JTGUKR8ZA5G53zUbzZ<)v+}+7
zJJmWyp2?>y;h9cdBm;t7_-N8%T8a;G)*hji-vYxwJqy>kh(gSW_M;S(l0Rmasd!>N
zUO#u65t47#^N<t2W`r_yso=vFj67^8xHG#YJ0qPfFcgGFBQ!-?$i(ZmMHvi0oNG$5
zMcga=A)WV4&fU@hI*oEhpwv1nw;{c48V~0<jvnD*OPM)LuG6#Rd*SFi&0@nAnRrP7
zofoi;=NOCDQ1KRz!yqeR7uoQ5i(;YV@z<n%+jmIEJDB-8M*FbD4BVIKLPc(wI|ia%
zrt>ceZ-x9%C$euRdnW+;^YE~9EJVn0OsLLxy1u9nMxz(a&ry*`OT#g5roZHyV{>`2
zeQ02SHb!{T6@r^nMV$f#7vUu!IdktiR>twQlG}=n;mgJaS1YnUg$lZJOdu$mo@DyX
zyfnP~$>ev8;VrY~cf0Hgk8qVYV8yeaO2?+E_e}ZZn?+4Ih5n&#Ev{l#1HxZc5Pw;b
zGdAg2ia#Jf*wN;x9+02zcwTNkOk{;Ql4(x&yAIc7nPsz17{}%T+E!}f%jewIKOp%I
zcZ;Z*O#ckSTl+~J4w|861uq%$OaC};$WCdQ;V@z?#68*uFzPbcleWQRyG(OL9ZuS7
zgRxX+epJR`f+m}Q!itlJ1yT*EW}Jen1I#B=EG=8CEo-{K{H2k{HuX(eW$ZND>dqE2
zVVA$FhfKC>07|9vCBgjX;i|hMIfGDNT-wddoz&`>dGF)M6SQfB4gXOmJ#Z>3Ddp$f
z#t6i25+QIKL(Y1i76ImkI6;t3$tj_;KculNkj)DswOhCB4_3^-o7!YFt);D@HjbQW
z+aN!xP5U9oJiIuJfy?@!ocZ#3Oxxs6qXw_oIfsTq(zI8QZU!it*B8TBdtS3kE>N<Y
zV{t<=FD<i|ZV~!Xnw7BoC!5B8Hr7DZoSdn`)a;%qz|^dI=Og?nep&d*+Tihri8_iA
zj4K@Pv_9;%0zSbFvHi=9ohqH~8K6K9@$i~R{c!b<OX9|hBl4BQVFk7AmO@Wn$M*Wh
zJBYceF`J(GJ&;t!stD2RyY2fuCXlY=I{7J&F|yxgwV&PyQz$p(!mty>EHb2B5c-Sn
zU@V_`;p$gkkPOoCA|D)H^qBehOM=0Dv9wJlO!QGjomB($prl@+&XvW<>zxu%DH~M5
zWWXeJHeqpcTARAv3c-xpRD)TQ70z@Xqk&he_J}8TWX35n)$v`>*q}KS?c6KJHH-d+
zVYE8J?`;pKJw<x3P1a|;3pa8KpQ=iRt0=aq-hM7!d-?;mJp8Kr75bV5%f5cjDrC$H
z59<`SDM;c4WJhfN(oOxUcFAk-r-Lel-@6219iEd=dE1!EYp+4T6gb7dj+EAq#}fLN
z<@U#*8+r9IKml#jXc*UJa~r#60=H;md!qOVH{>ERB7PL2Q@Y<Ww_&E|{1(29>pz2+
zE=!)VqyxX|^l=h6@!H}<K8>0H$<y&?H`0Dl4J0e%HPO2@(igx7cx|ZqTYDh(S%I)@
z*U36|bP1XgNiC>_(yCc!(<K&oI}*2ZE0B<XMi5CP7ACAuJVqGInnE6SDa~=}S?3{E
zARpgcDEvd325_7R=ov}wsB+Fv%Ezt-?Lz*!F`n&UU6bF%06E8rQ0R&kcsfqdy<m+*
zSR!Bdm44e1sF2NMR7cQVIEC-?l#v^Pg_XSUsmQB`eg_dKszV8|1W=x9LN^~u0ZH{h
z&JJFk?=^eSmXyX<s!w%Anm;kA@CH>%oUgrL`W&$>GEYnOA6o@0;*ZXdyxL?nfV`D=
z`&G`}>Zg&oSp5Z6+b+PbtBIZIjZ8?(mA5=KncFpIlABRyNZ3W4mm->a9LHK)k$UBK
zI%|`5x+hYrJu$UH$0uz8xr-=;w(lsw7B0M)havwhV|I<-ea|M(jpKk5=E(Ue!tIKR
zLCv-RgF6(Kg;*k_;9K?iu0JKui3DXYYDhX=c|2qwZEzm7u!D8x35mSAjj?>BMSAEw
z&;9}}qr7t$W^VD0C1|m|vpZo0EYIk$2ip&gI?+({U}XJ*g&6a)qpj6?JE3h^PiLX#
z0oT<r4R-0gwjt)Ti6m6|>9*DmixUJ0^^F&^uwDsd6%)@|dNKCBVix>;;uGqjVH-7^
zYs|Ax4TRS_#%|}xOW8y59;kkx?oe+M4yh;{TSThpG!ge~(pFw593W_m-`-jD(DA`R
zucbw<x>|f|%y?gaVWH$dxjqRA3H$;RM%#v0xmw82V2s;Wpo4%#?ZVLBDD`*eh!)t_
z#+<`8IepSjecXnJ?%cM3+mhbXrgd!Do}TO0G|Tpft*?4ra?`L4|KNfm2DyC`YHs`s
z6Orpg^#G@J5q4%Ge9sJgyP4%Hcl}iZZ25GiR0;Fzorwl#9;T3!RhscJrEIyh*hUcS
z2R6C0+FXrefN*FHlR`Efn{a_f@E$U{%u&p5w5xM`(ky%|Z9YPJk5Yd>u?x7>&}FVX
zR_r~Adx1cOuAWD&p>A~o1+mWWWvf8hOfwd{!yi0$PQpbj5aMXh=?VTMDlI(GX_LdB
z@m1yf_wxK!koOkILEl|jEuK9=)hUEt-j$tbWwmd=x@^LrDL6b(@>?!f?>;)!K^vL&
z78l<N8G?0*{B)Y^epTQ8o|IYcSpp1499u8H#ka_M<tV2u-Me-5o85HyUmkBX$hOi#
zwks3WE={@?Q&O0t_w;M^!K4+dzZFtt;dOhPknA_XRhV6PwA>7bT0rwnaNl*IoxM7R
z?-1HeCTIM0@d>%&RTT6f=#uItZXV<5iVI@vq?8<^Bl+)zid4aqF0jaR9s|E4c{`~C
z$xQlrgYE9POY<mt)C=$YL*yi@EqQyUL-HZm6Q6gwRqoW7z0!GcX$Y+=I%#wJ<@er;
zqW?`V#3kS=Dj`U4-D*^5urvlmZibWycVigg*bQ6p>T~|pZ1mI4jmU1_N$AfR=fn84
zBm(@Rw508)q%@4egQna(k{Ht11*$b*y}|ZZaMTa)Rc^&i&r;1zR=IAdM^?E|bq&EM
z+;4;tU6<l`;jx{!;sx+0)Z7@)z0U~IdRSkSo62k;2Qzs_a7b=?BPkvVp<rap=ZP+b
z(Krz{YO%q%<Ei9Qgx>rD%~ZpBzbokWC*4xWixDKxBZ4&?Ou3~;bI(!t0vY!MFQk7a
zxP#*`<(mj;3VJ|1+%iq5NoO#<5<)x-=uS5CZ?QO<rC@Cf7uvhwK;5+yNuJ0cp+F-`
znx~(siFrSMrpNtqz)O8Ac1u%_GuOQSn&u}Z(P<&s%6**l*Ps>Rt85~ce)&nP?k1K#
zmVM0nR9v09CK7%myEkD^X>S%rvX)XuiWUyDEw_KDm!6Op2PokM#}X~Y0@F6KBw}#2
zLnE=iQZIz6%vqeq2@5RL;)GpwMrk|&<jHUe#!ISN@G{K*2;SGQP(1t3Z?-;7W^cD^
z&-NQ$EWYN1-nq6^q=A~@(mZ=T0j|uIWuZw->4BxI(AWUi`gH*sr)!(_f5Ss_;^bXm
zlv?6slT2n+YdB42)v_~f(}}jt;#2Fw6N$TZ?JRy)sk5vLt|n*klCx~xNruUyMv*f?
z-9U7;cxF)1B=0!@G2GkvPyq6WxO7rzeDW@#OXTot>y12uYytSSewkyICONko+i_^(
z%0i-&Ty2`$H_2#lkXGs1RIM?^G+s1snz^TnT&}gi2#kLHY#|cx8o0J#nsT^ntMTlm
zeTHF~)5i-mdBK|v9G$NmEV$m{1)ja!J~a<wOC?78PF)^7Aer}$SZcTI87=w%5jP><
zsyX9WDsjM{#ewt|naracO;(!ccXE<ix|h&@Wk7a%%+<_NMGCtMoRpCSP0Ir2|C*6e
zzIcFOuRHSoBCJ~{oi>WQXzdI$v~mq4a>cMMF1!$X=AHjZTSOe~V5w{H)U(?kdvipA
zv1zohwQZb&+&2vpucXOv05Gq3OtX%2mcC2pdZMYw6H4+55353HKDd4KbZv&b2gjR7
z-^sP~CxYNDUuD`KK*54LKicmxS8T8ls46wP*BWzrvr0UUjF4w8$RCU2p85q}cWG)m
zp*G^t^G?J7$(UxK(k)g6urzh~=98$>56}<c&Z!OKLZy%3gCH&n{coP`{vFcvXQ@1T
zLv{YC;x46fSY|GfNr||#r!LS?0?djDqew5q$S<o6U%%}+Xr$wdkUAkBx1H4hq&5^r
z<_j+cDzgf!50+2E95@`9=20p>`XNt$Nvndv65ooXO`-gX_Huc<z_;LTUn2Teb`6({
zPxPm-z&v6+O?gp;&Y91K33D$_DAU(B$|Tbt5sAbNQ#Cwn`Idcwj;g!W(}N{9s=MB#
zk?x3-u$x!K$70rz=5<T%qUoRyP;LNE&v8czv{6?w{2tMt;UZsZ#=lx93`l(a^0ld&
zvcFmuwJhKGan9`Y^kR`w9{KFMQ_gRFGZ2lM#=hvX_gC+s386P6+z%&o!NrMu&7?0J
zl>h~;a#5?{*F2#0HLbuM8hqWQ7eaTAPYQg)v5<(G=|jK54GLONyR|h@7k9R7Vr#Qy
zjqy$)&16=vz6!C@e>4CJ1gExND<0gGt``2lWaH3()On}7_B)L)?H=qyx`<<LNYIr~
zQOYF;6>8%NDUxw-DEzqNXPrKU6M7><68WdtPC}^e9%%4{4pf~ohOSacjKjQTGf6Um
z9*U+1aP-DBDK#`UZKJ@w76KiIKGoe=(UJt9E#Z@;Yt6W%nDY8U%%n_U*XPT`bFDD9
z{12?m?CI>y8h3!yX3Ie>-%tLjJOugYBRNNd5_ujeg+B5vjJrG%w)Y`;!8=-gL#gv|
zY}MvA6A^Y9H`kSM8#(pm60<KcA1hS`C1EWcK7lu{8so@wU}b#_Of~l)KIa=(L~KW5
z+lPI~G8N^}WNRS$tOOeoDeIdLMbak3X}2ziMC6kv?hEF(uX5Vz$;K=C=$B_?CZZ&Y
zulyrt{{(jBDI+g9Jg2`X_u}6=OU}lNivMPT?l#6X7~>I<%kspwD@UVoGNnJrx@)6`
z{d9VU*9SHnof?W}0B{z)uD!Dht?rIaxqdUn^VRNFUwft%@P(H8NX%u4MksTj)DyWX
z-9?fEsIBmEO<o?`7j}TBkZSm-&t!Z|%x;<1pEq76uI;6Jx*j=f^RJP}0Si<em>i;P
zV*Pp?qOSQV{sI!VamW30d;NE^zGEKzF7BN4ucpAyd`wshQddmJ-3!_Hyzi;Gdn^cp
z1lULnS1w(a!{DyCyZ)PA&?&V%rmeSs?rmV&<0B@Lp=?QL6;Ds~GbH)&6YoBY<WVt)
z>3#M^Wo!ZkucEho{-l(jOO6rmCw^Fo$k*o|LeCOC7&sq`T`jpGYy51nC&-Z_49xwi
z#lE`UBrjeBm)8=&Lo+ywUoHjEYO;(Oyd(0xBghR2gkg2Fe_Oif$Dc%a6xq?MdhGlX
ze6VnQo3pO_P`l^>k0Qj=#du4<_Je(j@t(63eVQ*IPIZ5M-7DhIR$aLZqnhq_^R{%r
zTI_}@Zdhh6`=FDDuLs$b66kh0H1AoL`J8#;>5#@-SVliLvFm&7-V$5F8S%w^E$1A#
z-1)_s*2pgZtemDf_lEITp-35DV!)%lL)=2~`}8TZ(Ayl+auYdJc7}=D1vBLNqRvdD
zjGHShj1J{9k%730g{y~*T~8I#fb9<`%t`t+A7JjpODMm(KcMjJXK42=XKlAiIgt5N
z7#lg%X12kS=b%@h=1|6zDr^MX_q+|O9RFkPG5rjcp5N?a@(<+*2RV@42$LXvUWcUZ
z+&WFY!ygq@<i~`>==+q)&l{X$)siP%Zb=4R3x|9|-IKq(C#D#fdBocKeD)iF&VILo
zo+xp2-;9%FL`bBUeTPw*>FPI->*epDEk8BA%Ot&@(DKsF1iyx@Wr5n<#<}FNEkvOm
z3(FNyTWa7{v)5J{1-BIaS(ez;h$G(P4Pk&kG{JJzcQA0w;<X9?%<&S!bVNol=F=VO
zD3FCPnp~|T1wsjhU2+*td-1|z7kA%saz|-JvkdXPqFjP1sM;P+0ewFY@dy-L6hs>m
z6qLE9<oCISHVOjEjIrF;xfeUjc_m<3Q$4r8GMZ=3brr!4Z)Bp>^GwNmWaWlvhM^Wh
z8z16RWSdexC9;C}=0(XdSSo%Zg=TZ;2L_D@Ti>_?WeNf;27I1R+=1CsWhaBFUAN{8
zz=B(Y<tHeiAw+~~B|7>wZ-LJ)7cf9uI?8SjI>tafqp%cGMrd*SW0C5(+m7?wE(Ihb
zSVlkpaHJMo{Mr+vPffZ;c<!;eA+3p6rk}{IkGjtB!6DOOYwR*%_pKd>Ve{x$*CN0}
ziTnDj*=St+dmZH#ekWw>USf;j6Rb2u=GK0BCkdI01u3LH+S21Uuh8u!a+VHoGX4&2
z`0>88%Du9+A*?E9nyVWH{aA+UJ1cC2hU`a762D8Nbk43ZuqYYwL=`d%?f=>No?EDW
zpl7ne*nMWbD!zXSOUHEDRqpV3NsVNnb}O>uPX6$4+ri*&A7q~NKE~Z2+zK&F{ww-G
z*8oo2U^dmelHRF9ux$m5wN;NTpSDC}V=I)lG>Ns9PK}hUV=%mt0X6;>Y4B`|HEoT8
z^$`P=@ID#y&LwnJinUe7hsXO8koyQZ%=M9twD>k6PY?@ge6lFDNSBj<ad`g|@*1AY
z&WEjz6vb#)Z=Qtk?~)27cKcU1PISwr&$-`K<`7ptd<+jA47-KhDHD6GX~Cym0HBGB
zz4k)(^ZUt``r#Jk_taTaB_sNk-*TV7*E>MXIAn8JD{jzn?~DyvFxhVHl^pJ2a0_Js
z0!sL|Qcw2W5)i&*p=JVz*;_h4r97j=bbi}LhnGp{6q1c1uJ6Rd4c;ugO>Ab@Y)<H0
z)d4iMvZFO0)ws+6WyX`clF7;|E`St0FMn*Xs~XG?kyQs%E=FX>Q1KE+9*mNUW+hgV
z&R4f<4Ktu7KotBE#mYI&a#Yp-1{k7$TX^bGT>`;nrHgrKP~>x^w(eB)-4iqG6Eon{
zGAA0{41^4OM}WN}7M&CfMX-GYYCbe~nIp!fceA^)@3x<PPv5)MSEDI$sPEhW-#`VY
zct2NeK$Qo3tr+>|fIbcnpraA0I205*03ID6Qjp`M8yBc`Tqi;BNrIov2HG$Agmlb&
zcy}8eTSldOBV@~sM-awJ@5_)YI+cE`E=rXeOnFUm{!-azdUn~9RsLr*^w=foW5T2T
zqYIViZ}$%4S5)2?o*WzV&rzNnKHt6n>gAP-vsvO?Ya620DF*jU2%;*vAAAI_PTr(j
z2X${-B!NY8LGe4~jvjNH%5%QY8AWY3u=YtHVj<=Iim<K~4xOA1U&`4+l!3Xuit5Xd
zlXPlZdt$K!Irp;E==@MQ_Y)lAp$Xpo3K8C@Al_>qL4;}g(e_-QV?X=hzLok<wJ!yq
zvLD$u$Vz2@bvwrbD!y~nrWb$WBIDrA7ZgB{#~H9U#ZoK%HV00MX@%{5``O^$C2F4$
zrg%V3AGIQ#x|nM3WHj3Di8r(!;s4Y^ld^$B`fW-Lx<VGJR`Ux_7G-)^``emDBg;e@
zXzkG`qOs2Zv>fx>l{%vFVO_*7e$nY`oV{1kS@|f(pO)G>>_f_J!0<%%8Oh(TjlC~4
z|6r+o(=dQ*IQKRUc@-^0@R_TYGpbX3T1RZ}aNPKo@bgyq8H4*GDiug<?ri<qo;xC?
zl37}Y<9geES4nf5O~Qp#Y>rXedr*=p-?jm$_A8uJm02J&5d$*~Ql&&3a<IO4xMTTu
z4GZ+*lW&tX;f|>wX$IohNGG*8(CYxl`xce#-5cO@SJ)f^-;e_YboqvweC&5e+Ge~P
zlne3UtW3*`s|=;a+gUD`V9I<ND|{dmU5=wMa?;OhAL;YW3?((6p~~hRQv~q4dvXQ`
z;a+oX>TOLw`F>?#72ZNgv`;Ad%pxT;m{Ca}VQnvOsPv`RQq#ioD+|tdd37n)&a|%)
z$QHjvaxyEfW^x8q;qV%00(4mk(Mt-!eRF=1q`-sq7&Dd?T9HrS&JVxGdE_S}$VW6E
z#;N^)d#|VP{mI#N6cXPp_U=oreXYln)^I_cE0|D|p`y=&3KE~YNHvK5QTUoxEIfaH
zR}jNE-k$;ZKD9ji_bZ6aJd5jlG7pK(0M2|;QTFP;e$SxUPKp*aEfUY{gX*rUP%fgU
zMEctR+LmXo)?-zd7Ud9)hC2)y`_Fkr9#O=p+3@yt)+Yeh%k!pjbnx(ZFuu4DOsPMy
zO`55vW>CPt@OZ9?2igQo*BlkITP!JCS)`#`JX$(lxphlkORpi9t0x-Zu0w>Tjk6&K
z<DYp4Po5-0jdD$!%>f55OsTO7p8YFowG!ez`gJ)=xq_2&grV#oqM@(2D(t+Ky$Y=y
zN}XO~p6`*qzAO|z8#O%E8nDV2#pCw8dG=<>1oDabYAUo3RZ}1bFGxJar3`+aT~uY4
zvPg%TBC3yYNI|kK+3`HiT%*fa!-I%Y@6gYF`b<aMBfs`<kUao#hdpM|V7{Sqz)}ve
zTH5&|dW6YEi;Kil>FcEgV5pTn>a>c{k8qcxGW?K|gFhWC@qB@BR=%fJ(HDelwD@Lo
zk<$p4y*1<>>T#pZ1ZZTEwR4I=rVY6HhpI4Li+H9Ti)iWhWo6?-1qIInO%D*a>vJ{`
ztMdu<3gP^dLh~FHYHGtAFG)#OPnF0VWEOTvWw|jo%E(bqELaYp#l4WS(wMnQ3bFLG
zKlwJ2HY**HZ9Yim>8GrLYJ>mwnuCmn^@tbt)YaniLt3%ovqArM;Hm}`q~Ad$12qje
zV#nC%bJynXsGZ&wxlk)}jV}D~fXMltG*_aSbuwf#)%1KH>!{Nn^X}jVj*XHD1qZFP
z>-;3AKhVqB`&S1|YCZtHU_)u5u+g^BXzCNYc2%*btGb4j==TRJA0(+QJ90`sR@tqR
z<eb-L*1v|%{@1&)U!sKIXQP<|EG|-_6C||4hS0taQ8)<yaNtP17LL*gbt33G<Uh84
zW-wN8CV3;e;eZQWym6}{gGH)9(H7rh7ohS`fjt-B!AtCqUC-sLCJ){1lE6xS08oBY
zA{v%B2$49T%v98&%vR*odR5?UxV66;8Z9lP3*n<G!l?qGys`!DhGIqS+|B<jo@Fm8
zuut%zXthdLY%k`#H02Z%;S{^t26vB0N6|5HtYnm;U{y4D_c{%H<q1G$4oK?^@#HGe
zwl!lN+Opc8ZCM6Hn@}fLP93=MX|>!6vkqNZRqA?icPgCB`R*TQ-ubgxWG@gAZEbxn
zY!mUz*Wf??MzqyTp5w%azom|q<MpuYS}vEKb)vta`>+J^CYrElTmi{8f-K7$c#oHB
z@<;h_Wn%SCmr1&Q*11qQq*pe0FP^A+8q`#v9eq@uz3>qUDMtNj95l|2B<}i27(Mja
zlk=<b_G%Fv6V;w;fUKN={_V>GTPVmy@ux*gyC+?&C|#W10fy2sS+PTYilqMb%Ys^{
z1E)YC=3f@pOg87*3+H%JzFBL}4Nrd1DiikK09NPt-_CU2W)p|=vW-v82c3ef&X}Oq
zwgcK!3}81dv8KV}D=2{MvPUfGCCU}SeiN2hD>7@cr^P2{U9^m$!7*g7qj4~9dXT7b
z@N=$(+!DdhAj$Wu(EUl4Olnm0ioI#Lh9#qstdm!{ZJn}S%K@^7CK*<{11}5c!(%xb
zPw2&<g4B36SnoZKe=q#{>%|Ki^vA8fo->b`;B_iZUr+uF^aLBVlH9xrXm1x>5>KnI
z)#Tk*pK0#Q@%cXhQ8pX^a?}}(_b+b`ia?L|O6O+32O@gamX0dDs;sV$j6Qqz;QSEH
z{+oxv767tCi`P5vk@wx}+h6Ud;}&fn&RnmujXSltPEuM5*{muDj?VFY$~;Z`>&I*M
z@7MoE>MY9Kuf6oS+{3Qf5pMpevQkAGnq{qwM(x`JCX}=^v~{9D&Ua&l<!Q@)zTxhV
zF}?FPRpHw4>B#lvV>8XPnH<FI^0O(G;mg??w%Y^8zc;(1<88Nwh;j^Dez|*fmb$=~
zde2+K!A@0-UFqx4>iBlj4oS?)>4c5!zuj=O?mJ?|pOj(Q3FFu$bQU-U9P+*p?|pUh
z<f!<9Gtb~#mB$vNLx!xb*j-cYN5(~lT%r<9R`g9wB7hm&n&$Y+0+)XMgIhKjl-E)H
zZHVlSa^*y&o^F1ZT}e)a%f2JbrR^C&ey39Z(WdiaIPIZTuQq?^*1;==J|AXATsCE2
z-x+pawK`EHT+t-5y6G3dB0ocG-91zPH|&1)D?o~%#7vEO>oM<dl#7ys_%`cJA8tYQ
zKf{nGJ)3U(r2b*1GeizaM2@f$DRbydi-P{oG&1%d!6<m^+#BzEQ?&NoN<jceM2=di
zT|X*hj&@{@TEtzyVnT;;%V7m!#(}pTzw+-Wdgx+T!|Ypcf1(-&0EMoDrR|0u8KYdI
zyUH6^(vXO5I5Y;KeGa-<I*Wbx2!gr75HjR@4=T~pA`#^~B}#J>!%+30w#gT(Y*y_L
z<M;dN{Mh+u7bW~2M;Z1k>)x3-05#y*7&B@roig}+CUCcj0&w&Q!(kWzePUKmx9j&+
zh64j)RNx{K`gMX`d*UB-li`qbw)dW2&G%Z5s&k8Gl?nC@GZSJPU#2MUiGOwq6C7R>
zcS=jdsOfq^KY8ec7j(<-{#j1OZmw0D$~#7Vo=D6ROLOEF_PGAW4tQOrzgl+`(9Jx2
zX5B-iEG{lFb-wO-#!A%cxbI*U`Y`smj-vx@eSKSL<`@Ez#G|ktE>+3w(6Hxe9+mFD
z6*wo&{X@fNQ8+Q5_RrTvY|A30VgK47?=h-n$1UgqMQl@7TX9V|ZgrAS@oZeyx^Sp^
z=TX)gP~lOmk!h*CgwpKfx$U7vTAknPVBip)6F8c*m{~J6WZi_Fwt~pEjPO^>Ro$L&
zu@8q!5~0Y)xKOChGv#>tL~k|A7iI*DB&K~XPQ!NObj^Ik3zt*2j%VQ(z=JJGWfWz{
zKN($H7ujf|!9xwLlrzMp+EmFyJ;IJQ{I*ehw2<WzPCx=#$SO1x*cV!_-juYVqB^0#
z$PX*cZ8=DIOUjSBXC`8C?J`a(Qwwptu`2uhtNtpBEQ#UG^DUlXe>R1D7SCajG5s`N
zEgl=SmRjPfk*LO`7L?2p-`5D9P`yJHtH{;v_!t@Qir#x2QPikwDy?0RQ>~YzRtjzZ
z8Kq+!jj^eK?Bz7f`Ef{ztYm~jFLLndKM-`?(<2se(=)<I?3HLUH)K2)N1ursQ?Yze
z`1zt?%PqVydBU9ELn?}ZhC|W?+|Dn>Y46tv!Zg@udM;_#SCNV`ra4}F72k)U+-{y#
z+=qFOR?(d<49ph_9YvhXnsyghjJ9^~X~l?gm1GYqQQd<%lwy}nENLfsE_nA_je}ei
zC{~O@DWsxHQ605cD;-6Ar`&(6P_|C{s|wJl7;pCj)V?%71u-eQ{TN5PxtIyteOA@>
zICxS8Ox5pD=Ft{%IqOz4p|hKXy?mVb+4GKT3BEJO`5{)Y%f^H`hIXG-Z~z+)hI!NA
zw5=xWYgzVTKAdw>$Un!g+9BEYDQL$dSaSgD_bDf(p(Y!49}9{0$t4&u&6Lu<jB}fN
zhHUX#KL=V-Mun*R=5q>*HXh>5Z1{w5&t&b^+>a7-tvD*z7YqG3HC=u8&2Rab;xJzg
zH<Z<&k2=yiW?ec>fZ4t6B-M+2+4?tsgoXgO+b64q*VS>+<;}C5I46LIYfJapX*S`X
zuG6gWyso}Bsg7RKi;N2x8dU;9z%}<6ccjm>#qV@ncOS;Z?;mtr4W8M3q6#`^E0iGL
z8YN}ddId;;U^{|{^Ytbrh`1Ri4D92ZU$Sxc0nGF0%*^9F_Z3ih>w{c-d6)YIQhFCv
z;5p3x1q%L%%zJ+GEh_POwZ)o;{)mRuu~Jl?s#a3w)6Xx_wJI(-H-n(z|KR(Etin1&
zNM37xWFF@NBz{E<;Rq3fP>)dLPM=G}d59zo9K{+2mOI0m&xZu2Q>^)L2wFmLbM+U<
z5E73J_ytPM%=6Gk6S>=hlyCk|&=0eyWux_pYw$vL35LDQmZgx^;R~ftoR6k=o)t^c
zWXYg+HpMUiqt>9Y6`>c++J2XwxIr(<nkvF%^8o)Ku}a%6KSmEpF%;%Lp9yhW5)S0E
z%0+M3$k!0T#m7IPp_=_^9D1KoDJ#IrwHVTTI`d`lCK8E?9|Moi*p7f??co56#Ht2K
zkDGhD9(J&~H;DlKYTM7sM_?e0|1u0+0j)CBMUN>qnYghxMBR$DTp2m;&x;JU3w%?P
z@d({^qh>G723w3>y=qj#k(TIgC$&^5M%aZEr3u1@2H8#y$I_5Mfc3us_&GKSY@gCU
zb+Ll0(%6bM6CvV}(^Q>siVEljf5c+Ksv`Fug2I+wt2Kb0E`h*HGN3I8wxsrvl;l*S
zuPGLRj|VBR!|d_>+RToQ$!kv?ej62un4@kq?1_H~r%w!}++mZ9e@V7a3{$wF?I#pl
z@Ve<^lb9LY6#dTmWeVDcwVT;Dgx*c6X-T+?#KOvuECzJAmkqnP4$^V3?nMKAnJ=+{
zp{m^7O6vSi4{JzXRi;LVAzIxtL3XAF4{eAB&v|yryqbGeqJ}rbqf=S--Ac+l*E@8b
zhaO>_N72+^dDd|qQ<>7pAJr*kq-kc?k@Af>Q$y9_9vYK74px)9WnRL%XDbLZ@5ZUg
za$c>->d~^)`4Ml5I!<I$hO#bOLsh<mI)<{U2MFUEFGvlC?2&TapR<GiA(Q2@<l!2b
zl154ykj7oZ>LCSD|ETH__m;o=6hvygr9hbaa6rUlxz<db-}O&{1PFWPcnxp0f<LN!
zxTT?*1A6`%Z<0oZ<KVNrceQb_ea|>J<QXDXVaZ2)>b$4$a_W3K6QnyszWS=sh$gD8
zOcUk0gI42U<MICypd%uPv5d|TBAo2_V7V-fz&Q9YCGx+D@)#m9xr>5i5J9vjvNl-m
zLkp4m|3v<%b_K7d%$Mpj{8vxKaRZQEar&i>l)s~V=+T!EA3_-KuKjO)-7^<#Hd2+l
z`9D^{2-OXn9R~-zLP`qwaMeANbU`#4gAvJ;I-h+FDY*#yziI}e&#FsE2KB3p$sGcu
zREJ=s7+NDknJ>W5P<8XJ%Sbi)1=i%QnZ(4Ippwz#F16gj<W2=boT1tV%HO;B=*x!Q
zY*XjW8MK+|Jn%n=>B}(dA$==$N2}x99vv+Ib_r<<^#MXKeIPnYH^i!YP7=Qori2Vx
z=a`&Ig1EWtoh!gkj4>s6=smNieKLcwJ0EWx^AC%y>lww|-%IdUYe0~))JG4d&-mwm
zouMl~Jl&hr<Egxn=2e-1U;+6ddp@+vqoIpp@YV;Gl>3>|KN_K1O+jlZqg7l6{<DDx
zsBa^DoxkocUUx&od|%D1$X|CQa802_9VO87iO(7s_*`4csbYTf>aMQo@b9*A*=5*H
z#r_r_)oebQ=Gomv0hDps{qVi6E*bxB+~l-}HycYPLSI*J*AyN<{=0Ms)<SBH#hk(R
zVz{P|Obk3_?56;(6aY(d+V8pSh+_iOyw?X4mCe;WobQ6=cskaVV205Es@CfY%-a!7
zRzc&+^ALyIF@;AzYi;2_J(V6TF8$NHyA2;fIj6!``P=>aX*!oltZfqT7Z$3!e-hxT
zV4(QPt%YeQJd-0vsR#>=SyP#1Xe8CJ?4kl(48_q^;^E(;tZ|X?8pbqsw4KqukZSDY
zD64xc97QJMLiYMwc}K}lx~hU#%G-|on7if8abzs6iW9)d*I7%ZJ9O!&rW3XuH3`t-
za{S>dTJzDHD9MwiGo)ZgBz9el`gt(9vY+RwJ9*LGOEj@caSB1>xGk&Ckw@$tTDhf9
zW%tGHDK-3GfO5?$`S;ark0{ke#{xxv(^LD<FSf^bfSbz0kWjWx`<6o$C9dYH3h!06
z&N|zdLEYq)dq?v-!WZqV_xZh(K;<j+iwm6^CmWZG-kFy0uQFMyCGn(0v1+Q@{Gxyu
zDv}espO}ML7rj@?xKSClb2<lNf;#rIrMof4P7p&696$OHl8~&DUZFIS-k~%+n!$=P
zpUp@je~{>s;EE+y0vL2Sz!m|NP8h(Ck$?23pm)hxdhWw8UG!po_1VOH2{o8L(>4e0
zIhCHvn@T{o^S<PIKv8RHF4)IK<Rf=p=V;Vkv+QIhGT)P}@VwIoV7v}DPmLXx)(<tm
zLoV4t9}}N!!?HK}H6M@Tp%lDa!=LVUCbCzsda%Z~5oopkUCSG?yNcW^TgFWbh@ED-
zdzSl)Up8J^s*fQ3K+XEjd1@KqG7$3%&vsxDW!N~~6}YAv`pJ;EQN1jp7tH_ndnrbn
zZciVkaPGP*1OMN=G>{~rCh*fdXCmfdcHRJ!TxqHmDD{x4{@=Lk06dExGER^YnEDv>
zEnZ%9)-y1BGR&+rF{4i~p6<0F%|pP|W&URevCFPo4WU@=v~T7=-#o6NsB^$bJ~2+>
zpNzn70N?d)(qvg&j*WaCj`O1tg=oOFGS|dg%wvO_4j#lS9$JY4(PJL&(1I@DZwZ)x
zegja`!2wl*!hAlVu$G?BJHk9%f`W8DG1J8+b`a-+qhH(qu=UrY0jj%o!6S!(d0M9O
z(V1EP<I|<IZPbv2YtyGoG25ukl4*)hU!LuZ?zZ8W5k7f8+uh~~+I&h`4&Hs|4P1Ar
zpkcSJGWecftwE^4$A|wYv%ob)z+*0w&EjE%zaHV$a_VSfYiJ%)VQyflu2sfsnpz=m
z<vcoKV|s=UZQOA)=}^<N*&=Lp=}PPHy|}7kReJrbUdV|$ew~&hMx)Am8pSD*cKAZ#
z<&O?bs}Kvz5x7;7W_n*rUOZ!7iG8d}aQc#ZgtMW(U~_&YE}~It&|>82hr6hEi)r95
z_d#>QoANmd_l;ja2u(ufcVo(6#aknD-lLS6OVnjuGTmJ=%PVr<qv~?~Jcy&zUd&3W
zlE}Q=$cD<;EJ~_e5K4UiCGXC65`ZoDFZJGnck@5&Lc3!lnW4s9APbG>5w?nuvvF5G
zfSZ?JUwjs$chh|k{-VEeaKB+g5#Aq~P3w_f7QF+6o-v{5aJ8nJa~p%Y^CN$Mku80b
zgOfJ1GItxFm2a}ZB!rSmS6^CEY*U1ru)%=J?fQ%UWJ-xJr@~ISFteROn@QW}-o=x_
z6wv!rtrT3xBa)*`#W^jA(msM@Iwnjssb~s4`)cJI1^awr*BD3E&f~Xx{FyVO!ib#@
zZ@9)H2gQ_-<JC_9a0Y9?SMfUf_a~;GvcV+sYzA)t2PcZ^i)N(ivmN(aBJ`lXY2sIS
z3q2{kUIoXHl|@mMZ9G=tGs`K|Z8sM<G4D8t3GN<Jz$Vi6u(b8vgE!4jd5fT8M}O=`
zkwVq23+ZOfEyTT=B=`1Py~Vcf^PZ%GbBQ_p-CI3r`6X+Xg#2asp!Gwb12>nlf$NKW
z)KoCl>ELF+!Wl)-dLtWTZXa6B)mg{_lVwI)<r1or{bY08B}Da3dPTzvUkZyk(J`?6
zud!)~6r1o%DFH<R4jQZL2;C<N)<ozkHc}DV#F&+R%I^~o8~qH|6v(CPC=9*51^}gC
zbMZ45IB_1X48wOj<WgI}pT{IJ$ij@>-ZnL?EQPr^ku#hl!RC0ZW1YY90}cff^uSg|
z{wTBrg5scf6rYW14464Ce_b4=6rYUaoM=R$s}T6lSInWEEsm^CFT9N3LfLWbVv0f|
zW@Tp0|6fvpBxz#w_#V#U*U|zL0!2bIE+@`6qIm3rS)1(-R8Lzd9g&(d)DQ6O@g&Dj
zAvFhCK@1FWk{EaYFHk?w(3QL4E6tRJQ(;qod=_CK$r+EKq@*Mv$s@_X@q-Hq(e3bu
zp6qjOMq!`Q?bxtA1D(&!k9>C6^tAN8=vr{3=__4V@l-ooX|PmtzUY{7X(v~797=CC
zfFNoFTa6<GKLEBni&shF``YGtyNN#(QB^sG@HQsVOUFQ1vCo}{zeK3&n5><y6fsP2
zN1rdgSV@=-H<FWX#LL9lT_sX{)i#$BY%dP`L2BY3N(}$VF=FcPH8E|R7n%}EvC`3`
z{wZFhF=~XOJ>L2XPU7mwJ~8yQOxlP>>vOg6lZQ~Y#SSJEue53A5BLmS%bhq)OpUkF
z#fl$xzL}w`U}>icLe{UpHJ}dV*ceP&Lw}>wvks8iSn{^4^v{&Z7=?D%{K|5Is!TV?
zGXjQ|cSwDqPxtGZV7z+%jj8dVCwC&+iE7R>Bzy~aVRstt+n}qB782u0nd#vz&^|@C
zMbb+%+*#(J;CwF=Rt>Ka&h<?4?(H0p-^r-15RB?l<}uLY|EZ02#swD8%BzkR<^2~g
zpb~zVHk@tw-7*tS@AqG|Nfri+%FrEY#OUbzhVO-Tj*zv3J8I{JAryEvf{RS!dQ(a~
zYo4}Rz@t`@x9+4dbVuZgDL!ShtowVq*EeULBaJp~bS7!#brF^1M9yH~Bg%HX=amIa
z6oMwhNn2na8{p1Q=Ke?6{Pm+YX7pr(>X@3N3?SRGB5C19x?sFcb*$w^I)i6QlZNRq
zwb|ucs;US+ooCDj`fw{Zraqe+hB<H3IFtP$H$)#ZKc-^4quA2K+h&BDh`C0h)Gd3`
zY6y8W`uECV6M9z&Wy+)e{gCQ^>70pY;X-k{5yh-pH~T(j`Z-i{M}}fNz2M^QNsNcR
zD&M<kW8YlJf%}94lgWlL_9l79Buv^Yg)6+*6me%UKI_q%hz9wlDP0=SIkKbC<Av#d
zLzAV$xG6m06>d6qn6A#fxwE|eM1eB#6Zu9XmWd^p6CrP75EYD!<yFQFF$&;_d{YMX
z(PH@MQ}}5Bg_~Au`8^D~&(bYa=_uoD?dg$=<MK0tR~-~_Zns(z*X0SoZ4!3>T<V*q
z3i*)PAtwbLBEG}v+btfo%l({Tc~xC@XHVeZD30d7%o72-mRUSo>NLf&ph5dUVDC{J
z&25jVw6^9aa&PegZi|_dZ$%H3C#Tb%5T8^>Jd@>fCm0s)xmKyMmdNB@9vwVWs&lxE
z_Ra6couRuo)-2wnn8By}h|=Sl`gxg0yCTvh$A1xJlxgZ&t_R|D7ey$paZ@R=aAlI|
z?Pm&DHn^z&)=8zlyGMDCFb9?<OD8j&oE5aI5{%}dz?t6Z)D?`bji>NUDW-}=xm`Na
z{)XX6hF99U{Eq2~vy9+D`@b;u)?raaZQm#%(kcwy-Q5i$Au%A`Al=>F;1EN1gLJnv
z(jg$--6Gw6w$J-~C*Hr#b#bq~;*Q@P!)#{QYk`!EtMqM*mW))^2A^WBml1Pzd0Jw$
zei^0gY2UKnvhdV8*1D1!GqG>#8LbW`GP6%wLKeiC-`rBe#q0}ckmLRq>o=XL(rU4Z
zox3|=!tzPp|28|iIWmNAu(4)jT}b|g5j{|w<4r`c=g758srEr3P8eNi5E!Ln&C}4U
zpOxV($P{55sc4^`GM7{FZX?0jaFhN~(}@JxidT-qV62|HKBE=0wUjY0oH}iFv~)MT
z&QMk4_b09=wwR^s562=EMP^9`6A0S7%Yk?YDL?3B0~N+vV=&ymV@}+$WvBE}E565A
z*!sM6M3Ni+&DxPFMxr1b$=Xr1N0hA5Q?+|iIL*uTi;)iLfLqO%ub|3oC2e6!9kt5L
zH#L>{v-fk<A7v^!hTbN^3nQdg9wUuyQPZ$!8|4?{?aZMNnEZ4CWhAE^NCtN_5S>|5
zr=y7}fpvW!DjevFHH5!<8$lCc@7H%>Pb=6Q`%ysmIXkeA>KU4iOA_W~v!!5y0Kd&#
zqiWA??b<K<;$&S6=y?9&kUaO)Ayyf9zxLj~6!+8v`Pq?&V%Se}seJy?kZBfK`24pr
zT>Cnad;4&?6*TB~R?!f}`P2jEsI!ke?2jqLpMnqdS)$Hit-)71*7)1=72NE;m8MbE
zde&ReMj8cL!A#&k(pAx2On9o;Dqfw#^c-X<39?310&4e{pMSEy*ObO-Ekhb2O@<@V
zw>Bb;>m);<(=n$o&w@O0sswZ#$qTiQOPE`!@X#X+wM<L=$)dTih%&fpcI-5K*0zgr
z4Cmd85r6bMQ2>RXGz@sod4bF;ng{qDJ0Ohn83!v4zXV(=H0|>ZJ0O|%54@r-iHb-2
zL@ZMg=_D*)&J;uCOeLYAH(O-8Pe<L(Y(EfI%Ew{iC(uWU92L#;tRn-TMmYm`=Q2F9
z-*VBx|L_WiKnOn{Scri*0&;j$?*`w3e9cT?@T<Mq>hS2=c;G$07C@K@nbk#bXuiJI
zy&AV@(-kim?WVb>9eAhokF>VQ%Xf?#?fz+#UvW!e=73jncy1X_EsxA%?{cw%4C8-4
zoAk>FRxl`pZ+loQ+QqK+?%vY003*kePQT^zNr4E@Wce4v2lJ#IbPWSZRZpIJyU;e=
z2L;nSxY)oGd9DU$$OhE?<>`)U1M9lFgQS4dQ$N{Ct>lG1q-aLnz1V@)*KFDIkIg`b
z8O%~wi#GYUW-1ZWNg3d%MH`C!L+1>L%Eyu}rx!*?zJ_)LA_5TP)2zwMuM>M`x^49L
z3(a{3r4zQ!0n8a-n_N4Z9hety`GZ@aY8ppSoC2m#*n!_ZAbv%OKJefWJ-p4zKInv0
zTrm;uUa&q;<~9}2GY0Y$z1S^%o9dC`pi)^UyeO994aQor&Odct6kDvd*$DLp+qBI~
zEJ`nSAL)RfT+1QTonvoBYQC9h`gFBn(LJ&d;`!x3@@~`UUR(p}NB1^tnw9tx#tm{L
zu*jx9p_?y%vdAUhsry~0kW8}VlLLvq)$%$Zy-o8t6_I<NRXZkeYWtmbt>)^>GY^Qf
zSqqnhHQSaojWWbJI>lgmI6lF<DQ%%<EFNUrhTOCopOAS>BVflnnYM&v$Zy{Ufn5gg
zwEMX^uO`&<Z&k$3@;zqOSou!F-&mIDn3KKM3VpqI1My=1wDk;d4~K|C$YvP?6A{r?
z47W0glhtla@J65axggkH1lz}gI_is4#58-SH5GN+g7Q9{y>%nXZs`_{({G%h5<4%0
zm4Vjds0Qdt8Y)@`+~O65u;zcclz`X3%S2@$t$VtMMKNStwKA$0cCk(V`(F;F-z8)Q
zvx}3p=CA#Mr%oIElFXB}Iy&%e<EV0PubHz#1ttexbgeh~^=PseO)2~pt#cikAuFp?
zXfw^mm4Qla;HU*#3UjmXfhmg3cQWCjA5F*HqA&R5c$t2|6iIokT?)~D-yXxrj%mt{
zk%2$4e|d_^o0}8lEL`Nw{hHdJ^XX%EBI%pE##!~xRl0702Hr~rI-!9i>o>YQL+syT
zIdv?v%cbC~*IY8%N*l<ByD@o8gk0*z$9+tYYkZN3yC+mvssu8TJ<e~xEF70LD7ESx
z3!Wg`t37YG8>W<BfLe5)5!ciUu<aQiDj(6-l?Rs@tV++i%WU>+P204D-*%g~Y0Y}T
zbnTi+f;XC1D)v;E|Md}0fPP8r-~Y52HLDdRiJ*V2D&~LM|IDZo|LeP`ce~Z+Pu;^V
zk44CG1Fcmd;tz_iZCb0Fumf*xcp3k^CI%dvNfx#OEjLE@KbA7lfW?28x80e*WaCfx
zU+4>V>TSZ^LH~H*#XbQlTQR!J{v&t&AI-P_R52W*0DN4uG5^uK-wCW=e{-mhXj-Z8
zY0AJxU$$@2nzX-T=4IRpm;m}}5fdor>)0gmFzNevm~RO_*|ao}_Jsf^7VvN(^)`z;
z)(a4e%|wRGyVY}Wbprx2<h3gm40?9zr%HqXKEXy{c)<IVoT28vsc3Ykuewr!$wj8n
zs)e3tr><cgK)+HUziDQQ!pk^)Z05?t?QP-kV=?gu@yy>pOjb9`_%jue7H%&eCYg@J
zyHoSV3eBbjt#hx&A5tu&5L7(O(|QC)vDUPT&c-=H-IM9t>*br>=eD`XmIcd;anE$t
zv|57HlHJv-G!_4~qk^NS2wT9ujbevcuEDr${}tKHGDSIM`lrqAl&P-j|1gN=efS^E
zt7}?vrGZ!D1auwsBKdFsYjRo8x*B(5D#<K&S9V$hQGQd_7)66X<;PTNPtpKZ6<3i%
zA$ureG`+6nf0ybZjAOj|%Sn5(#7GNOTpEm3T)flp%SmA<NJ~{*suV3{@7ku?KPTC0
z5HOH^ZJYW4YtZdhSPG~Ln?P!t@{s}CYNX5dCrR-J1RTpw>p2#t5%|@NdVOfnvkd7&
zv;oA<frSJ{AN7BXc>p^BgDHZIMmiyuMtXP;@Ob7o;s(fK6_+^W8({VkTO-||m+oax
z+_5io%M>?4L#r+3O+>6iAwB^D6#yyNg>2HTP)ia4z>LiRK<-<R0N|#kSpeYRL4c8P
zv=qj%RV6V1=OLrnlv`n*;~iWRBRX?e#6O7B$FiTEcmF3um-<*=|DX8SY{@$NCvM4J
zS||RIb%suyERJSV^_bP3bH}K<z%D15)#fY!R=!Ng0_wnu&5Yo}(WE^o(*O8M_ZC1e
z+srsdEdn6Z%F#R0i^*I83{qZw0g$wObS%8@HLtFm5I!#bT3NYWw}bjG!1=ae11x%$
zPS5|~l5hRX!7Y%3PtQD|2LCvf?uwbTuwG)R^BoE%0FE0VbOaRUO2AhO-%L2fdy@8K
zx|sDzz4GmEU?EM6(c#&E2Fhncjr7xA--!A6PWK0_MCx)yNS%Z)1vQhN<<i@~MYau1
z5ga42)U!!Nfn@*+#fX#TDz5LT@$gNIW7U3BFo1i7HM#$im-Nq`<jf_v&J2*bKk1u-
zdVlX)wocv7Qywt7T2Q|VRS%LN!Biq0F2j<g*(B~XUdjE{dFrS*6Zce#Y2zYbi@}{1
zPfJup-EG6trW1_(JfD*$)hbdS=JH%PEi*4FnBelfT=03`y(8Y`S!I7JADr_>BBNn-
zAoY_<faWFCQ7qF_jkTLgZsP3^{von@!A@7i?mL<J5@(stqd>gv9D(%@=x-kMQ1Sc^
z=Bz%*{#DevcuNz%6htm7($}0%!P!tdY1HG4_9`9n(Wg4c{QIN_hDYk0MWA72wDcg1
zR9u{gMgWaaqKyleive0JosV`z^a1gtSpJ#ip-HL^+*C$kB)M++cOg|g8RbG0&jS{@
zPT;Bf(nM;K4^?!+rZPYBuXwIZ4Y7RD*zs{9I8BDd9g~@~=pIJnHBAc8o)6g~*rjwB
zH0cJ0<EejZj9?;jfo;XZ*k^wm8yy$9N-;8Mf{RDvS;>eDtKtBiP`3FIOxqlHIq6id
zPokVr7EKt<1cnmMCc}Svg|sjq%mec#(0H{?N=7XqOj^;&!|@gkW53-8moRI3w>&ol
zf_V&sM;EaOC!VD$8lpiQQQ_#%gPMYGx(nP2evmZmFGYtuUXys|E2CNv#!ke?#TpZ_
zT@5=ng$Y{}d?2`qjm{s0S#oA>4YWq?zpTSTsUVO+(MgVnPce|ns9`EZz<digfT1-K
zD{x{;nRVrYqwJ#>p!W+2&j%Y3u7{N7r^PkvM}xcGkf=Lz$(>LPDmr{A>#`wuK}MK@
z4h&`-&#!}?0h5d0@(W|h=fznmBTU*U$lBH3;we%6;+}ddIRBZ7@Nate-}3-Rh^`JN
zJa<FoyST!|K+L6(u#u_uZVqiXjiIR^F_uX}JE~aMPAW2=&oqGW5jyOqILG2=YWjBG
zFJhdYSs2&4XvC=@#Us&Ds^Uxz5@kcXQdr3I=A}KhyJj-5Olo|66^W9pa(eRHdZw1J
z$xAG6@R~=B(BxJLsM>UJ_~pPw!NUStXtk<_HTJRnCdmx)H*F^D(S<iu&=uxLe5Pyn
zKLf&bsr|~h`tR^`OxVK<Nxom-2Vh9%>-8uneCEjE$p36HVN_aM3_HLmg$3ExOm1xx
zJ^o#13omz#R=}){qfs*h`2@3VOzB9Bs9rl`4f$Psap;xIkZIY;7Vq{pz#AWJ{gV+q
znJvD5F6D7wm=uL|%VdKBG=1YW6W&kTUJ0~|%p9GpGec$h<4$H;0*r(3PH_y5%qrrB
z4sojZ7eao#rfPem_2>E2lISRiA!y+_+|3Eb*858@mK5FN?|PAo#SD_%F?J4k(r8S&
zu*qJ-i%pt$4aDteXUs8q=9h=~kRMM8gf|c8%w{x6bBoxqwTVR?lf7=B&%k>v>lfUU
zWMSV9PeoIA&f9e~wmV7YIbK)`^Bde)g&D>}aPO1RYBQ+xB~3Kaq8S&sar2M$SbjOu
zf!Vu`<hSydq3m|i8v5fvtr;(>M8d=oj1J>HO<P*|PQ`nAelhPRS@C}e3S6rcS-wHH
zzpZ3p?jxp*wpHi!Ld8D?i8YZq6<0H2w751y5Zb^dsEJ3ul}Nkyw;6P;>k<lx;!Tsd
zxn|h|c`Yf*;inhK;Dqa3$P6NQC&_@k)F<bS>YG3x$LZ7wmNTw*W9IN$G9rW${#KgE
zC?`q`%h;=GJJkIlxvnxlWAVWW`C2x>Gi>1W>Wp5R>Jgf16O}emLdm@E9KSeww-z0|
zFsVJ0XJ0}WVNmb26BcJWKVfuZ`j(o&G~)h9FbUkNN>U^lUz(4GUvM#K&6F{DS0Hkd
zqWtSmukQ+J;nlfV;?y9#k}T<a33^{4JYXV?j$YCz{{1i<hkyPQQ{+;Lp;djpEU{I+
z+JAqXRjr)WtS*_Xh-sM-7d+#a{zmRTF{Ar0;-{EI&Uh+OOT2U<f>-WyE$?+RS=%OW
z$w6799C6I8&Ygc1o_cAX-e(M*G+};)FX&t2Ju(C}0%Ppe$H>2Hi!rH4LPq&#%e=yO
zOq1C~j!H%XP6&nPN=E4nIc$@M$RN)c^f<j^()U7fbp4e$L*80}U0dC#A}Sj=Xr5jA
zTQG50eqXNo3sKs)^%_`O<=!2)4Lt~~osXkBmw2nPJ6gPgXh^(z_P)Fy&I|OGzgjkS
zE(zcH9qcXtcgdKuK$e5@Sq5Zq%pP}Z5j_oQl-*}((>&DOb7h1{wnj#+6r^WrQM!lL
z?3DJz;}%+^!O4J#Ny)i%^EXqp>{EM?x4W!NW8$Q-G1j_8K>i}86px-(xTHy+1-5T|
zY3$a_6+L`Zamc4{Gwz}T+GO5<zGGFa*&7}Dffl=1aJ$jqa7fuEUjiU2=OLU})K$|Y
zf?v1d;CUi3P2Ho5!R^igi3zhROTsseb*}F&2Hv@9UP&=ZBfSVWw0v+O0#84Nle_+5
z)7lI=yMoFzg};Q8YqnnDgLs9EDN^LIZ;DsSr{AZ27BZo*A9D!r$u$Y*km4%NyoW`<
z(ve9UQ*7El(V>+78=tm6dD&LE|2`~d-4^Rx3wBPNO_Th?ulJCy(?4|=Cs=J4ZC-hl
zNT-JpWbMU_L1%$1*!{_-FppodTbFXAD4&KHd=#{|jmsVI)gJp8zW+{8tQ7Bs3-C3=
zE}BZ1sO(W@@G->JFU%uuM&bRPz*^aJ%muBk>=9RPU)Kyhg&Z`ilZ)AQ*1wA+evIo|
zWku{d5@)2g_IUUDxpDu@PdMg><1;yk^IaMpjsc7)S<A&0Ip{qxM_gNC*mEq)j{Q_U
zjg*M>=z4FwT$hmb7A0In^)<<)&h(_|lQWH!sCmA_dIrf#7Rt^aDow?st(}^Ce$Y`4
zXWV|r5XRz?Dm~h@n0^@oDd_zQPS~`Fx3F!#(Qb^!Qof0~!Pi;I8%Bl4lw-Kz?3w%G
zQnADJ2e@@%^R0}1`NWe`)CS)*iHA#?FK5lD#6I^I%W^J0nNnTybyI%p$;4)+X6a)i
zrph&Mh3)evE@|ren-@l@89V&B&zWHlQwNfdj*%8MfYFNqB<XE80kywI=U1acR33l(
z<R`GtWS={0s?)ce_f6~W%Uw2u#%{$VUY(8HeKRTYR9z<MwexZ`W%?Y<G^<{D(LZ0X
z2Wn*Z*)4Ix;#kx0?2I+<;vx4Td0%(G@+S0+9LqR)mNqWzeP4_`R_>5z;vvWVbj1T4
zUY4!!-KM0mbE^Qxtwk+&n!Zh(Bfldy*|09)*R!g?C`ApY{038p_=gWUS~t_n_zg<t
zA_}OK(`8RmKb(p(^Av!O<V55OIHypC40>*?qUp+(&t<e_{JjeQG~0~e_CTW7WSVK8
z6st7_AN4tEkEubP2<mzq7-dt$yWUU)+R@#3m%$H2eX_B<k4}T)x<x|m-PL0aYqRmg
znq{d`o-qtar`AC=8@r<!8JW0ujan!iDbHz(X**YP{JJ;Ntz#9e9ihsHb-P=UEcZ`W
zJU5rbYYNb*)y-pR*=FIa?L`)Ql&tM#>%PHNeL2cTnrN3S3Fm%+#X(BLs+Xm=2TW)B
z``A+Ogqe(N2B+wld)LzPD}H?vRljGh^~tfjNZB2qzCk#wo`1F0FwWAF)Tph6;4Z`L
z1~!S&KQB7Z^leLnbLE_LVBEu;F<*M&=QhA}69ws4`=`?2c7IhLt|xNHwS@KG83m|s
zK9L|t42C^RbGAlEj={+>Q%-gMesJYJ_vU_Z$MNnZJynU?+$CY}M0tDRJNxo>^I>#b
z^z-^)wfh%`-FJT^Tw+0izuxu`nXCDU>hdd$R8$b{3xn06h0J@3z-73G@wIeUAnA2R
z05U?nPV>utbfk^uGY^!dhSo_cutR8VuCHqK&=j<m0=#!I*;{uY$(3t>pN_CWi-Smu
zg6V8QVeMx5JKUf}#R(iSM{~gkSJ0{fZ`|tXTiCy3Ywlf^`4bs5bp~BBFoKZL;AXJA
z=duKT?VbUsC+Ba+G3=u*s&71EB8e@ki_iQU|9OeSpG{($-ZVj{X>^o7n+YxHJO|+i
zIsy;V#4L|^y75ml=)Bh@EOiOVuHivz@8w+zt+4rR1DgDK&mR$K7)F+1PW>#lj^Be_
zDD`x>7EiuCGp^x0gtzM+XdP36{!+?KB>S1<-%)N(e37!UTTMJOFP|wkvENW97<%FQ
zIwVcQayKNQ;iW7!cq><p;xBwxg;=5cp4bX8Q9lVr=p_y!4H+7GvvEqA=8=MeOAT{R
znqhHW3#pnZ$`^q>c!EIIMR=5I`CyTJ%(ilJ(uW9Llbp_MX_H2oN_AyBXn(7ss}l+w
z=aAY3w`ZXe9objF`F{$WP~VtmaoZ@zx?@09xVd9N)MvZkX?Eq8J4;YlbZj*A=P*)&
zkT9GeC9V;_5qbU9_bDfhP7nJ{r-0qoog=6)GPoPxAbrCiov!jdaD<Vq(dIl&D`rr{
zV{o_idb-D!4hUNjA+YQe-0-|6af=(&op>vZHxFCl!Hy*V`m-;DR9>|m(02c`k5=`L
z3rYTNvhR!(tonrart@*KZ&@_`;N_Hz?GgSxPa`732RM<t;XWPFG`f=XMIR4OEndEE
z;bUSFy{4YPuCnf8#xqvzJ12ybF(+X2$}=v6PJ_S{`m<)NyG4{IL<AA#z`+Wa4Nhzi
zM1)T9z+2UgWvn|%l&4&{oc!)}r43Z<yBHLo0=SsNjqaQ;8(Jt&8<p?cl>@6aOwQpD
z^?y66g~*`I2}Ii1BF<AVicC`IXznuwg=6&yC-q<D!*$t~!oNxczHjf(%bGe5Y0$&f
z9o3N3wh($lRE^5o@E-WU&+DMxCbz)=3Gb;M@{|KkR1XX2?MmmnDu+yMeK=dKrh%&D
z=^^1gW<W;PE%JOfKK6%_fBkt%qwLSC#7^<19UU6pt;8Oh?ZL-#<*?(cvyZkVd`q_U
z@+bONcg5j5c>j|FHj}?hh$Jb;-S+9bzYnr}#R(V+F0{v7@mwK6M=l5=YJpvB^LZVg
z15?%yX4Xr(Ct8LBMXS0eRA?Se5%p`D$fx>dLCeMA&zmAw0j@Kj(ptn0DapSUrWmKE
z6u4L;{TSa!HFHR;LWgC=BMLA5{Q+)C($OQI?_bV?$u|OGjDN%wY*`?sVvRbwF-iA(
zlW!dHL4zHMJm(FL(e7G_%wg8&1c^H&1B-tFS)xCSiy-jP4kXRm-tgB6WL2ZtKtx!R
zG}Lve>iy9Y*ObgsJqV9j)r9Z<B27|b=T)LA2V=KKgq~S&wePXPK7RfITO<b2Xq&%t
zlSr@B4?z)TkIKPCaiiq3BFu~Y&K*Tu0R=1U9Xn+EGp6)y6>>K=sdq@PnxrHgn{b-(
zXAbF~?r~Tns2YNG53W^m>gHJoKIfye<5jjh{7m;sal<?)KG_uBdRTYw5d5m(x)hY;
z3$Q(Mbcmm>-?eX?HcNfwkL6vgi$3_=^yw$(Xpn!>TO#GN6|0~Ar+H_AVIr~b#7#|d
z47k~Cc>VsuK1!iRPaw)x+o3WkZ2n*mEpYMC*~r3zYN-4W@@nU$w{e@C+(u&+Wi$}>
zQY~^){qB@&@gPw=h;Xam)N1*@JjzB&WcUTAHRQ~<I&^Md$NZvI6<S)VyA(mF!aoOE
z;}8(2KyiOYvAQnA`SS%P(as80C}rdvt+BO|Ik$Q5&YeLTKg)bA-NL;ikO14WMIDCE
zJnv&A|F|t!&!F7RceHO$?^L`vD&ArK7NgVOB5z7`8BR{ynaN^I=|N9t!@(K~U&$Xa
zLQ7BQTou7KOgwt1>n}#aV^*ESy@r-UAdS5g9u1%F(Up)kfRQs$**h?u{sYBFG<usF
z&P|^tVC%xvRA6w*1={XCCxH4Uw2Jd`|JQ?N>!4#fW>)lw3H31|51)bG(6RbW;r(AD
z^`QKmIe{tN->U*yQp1y$(}bFxNL1Yyl4P)NU7kYUZ87d@cCC^f6^B)4UK@E=Fg7|7
zSRe5ab$wqp?ofle8tXtMZTagYKSOkOHBU!3esBgCM7{C98F27m6}Vrk>c_@`EnG|z
zn~;aHq!AUCS_O`q>2UJTnL1$!`Dr9L62)!bi9xr~-|mF+2*97}?5qTvXr4_k!=&(^
zktFa6{L)i)LD{3IZkq~4j8NzsZ+CR(zkG04I)>{~$DRyhko+lnDscT|GJW5sKCU=S
zpw*>#N5NLymz|?cA1S=-h}BTPU#u{$SRx!=+#xLL>g2a(IdLxK4Q=1FCPLt@){K*!
z8sVJdv(Z!eTjRP+V4f=-p$C`g9kh9K=N8@TWIv3orO&|ghJFGecrH6#G6&h-d^rD)
zpvg09&uF7<=~%v815022J1ruJ7EdHg64L`+<aQF1cZ)uQRzoYiv@s&Iz0{pgcR_Q@
z!SJ5=9d0%=|4$CT-FM~-T`3I~__*Jz_^)entlnr^%W+g>6h8Jcx=WaQFH~|n5~r`l
zZQs7TshQrXu^-+`jkA@LN+-G*CxW&)@m(aZ9ipA)DbJsIWp?vSc*|Q}DwQ_EwQ^%a
zl*?~W-3983-IYxzmdGxDU5`J2o2}&Gz0mYd9j^ZZd+Bv$%nPojuMTr3UVzYdH?PMl
zs{ic#dcZ*FlnZ>#`+c_nF8CucSi;G}XB#irTw$QX%hxkmehGQ=ed7kbI62R`Z<#D6
zHZN+n&QDx3tTkzw<0@2|DGSw!zjc3!!)1liq(mgf*d&|z)1a_;nBBy_X0jsAjg@&o
zR}138wFLZ1e#0<Jy-CR>#KdC4N;>QzNisgqKwS{TQ}JsN-fQ(_==Vq+4*mD`3_JIS
z8(pnYn!j_)#1H=N2m8lr4%ErbNE$zJn{%AhIX`{xy&2UqogV2WmGzL#%$S9Dx~N-<
zY^JLAUQ&y!M&~e3;PCCXYGYryfmKYKzWKO_Lp;BZRzoD`BQ*@Qow7YIJvNL~gi5dA
zXka_I(AD(QY8bWT#uj+zF^jY)``}<XMzL<u{qh(MHeL-R!Z2+7JslQn6^&lMqtm58
za{hBmr=Ms7*Lf%61Af-7##(ct!-{5)5)Uo9hrjBb)FtzKO<cvEY!<P@Fs|J8M9Qwj
z0vAbwGjaOCO=Xs9r3q5vChZD?kKQ``iYfCYYYIf!3dxo$r66e;S_K?eGlCDoOFYh^
zWa+}f$czjDQ-8R=O3*@o&Qv%P{I24ZRyK!Lsa9@fa(%Tohk~>C8Gvt&83w+?D(w=z
zvTT=B$kneE?}iGd%r`hExQKi&H*Jey*vC_{b3IFTf(|&@8S-HbIF!(bX=hc}vkPgD
zpVvfhlI{|bhO?VQ*Rn5k_25-ae<EGL%WreIYtzJQb=^Ez>L2*RJ~#076~!2@_|gp<
zCoE5oFKhuX*=17`Yv2oL;L9{tFHu%Z1N+~Tp4#bwGe2CYJMt%ehlWdiN3&38D;=JJ
z>(0sLA77I{7I!h@w6|j}=oxm^H0qZ>e;0bnI5MQaAR#?sa#Q5p-$d|ZcFAAebS?zr
zx@YjvT3s${N-t&-0{2!yj^p2?+@1A3-AVV`#WIVhJ}6G8Xjdv}qXT1fpE4On>u!}n
zeqv9(!=WX|@!a;+*`n!;7#cSHme<phEf`S@MCC!jkcrci4<d4bF=`vzSOnH9Ty=^P
z+foSg!SAYqya(D0LbN@UJDLzHVi(J5c<TH^*C%YQ`>1YfOy-u8dZ%aAS@ig2TjPHz
z5bhFb%X#r_Yw|4R2{#}rj28wm7i3{9<Pi7$reSLizqVQm{zYP9>_^#kVAAHb(Dsv8
zeo>~=bgr3o)pEIIzU(Q+Vb?qDBJWqnUzakbwXoNfUO&Q@dN2pJ(hQsPhEu?*QC|Ko
zmC|ZYpS$9*pCIm6#?&vD$H}}A;*9qL?$lZ4v_r}3+BuIdNI5BMrFG5Uk>%T&iD#3H
z9W?BGX?WrwF$ha)4peFmCXr+(AT1Vh@6MoYF@$Cj-n3tR`!t2Cd`^e{7!AHCa)o<@
zt&U8`14`8Sw9H@sM#j~V3Oh@;cKLiRgIkJ(F?D59_whdqP^P1+FDuSDTv0%}FD1dh
zDQ)%(wYhIe549>|x?h~i+Ri>nerjLK0uGa-5>=_-kv#8CWY`Up4`eNIntSl3Bu+3c
z4zcDG1(^;0G6-E{ztjn9KdrP9b=+8FFqe5!3EW?HTmo69k5nSttxsofIMJ;2Hv7B4
zcDHie$0?cDaWGT_VNZQ-&ylXq(1B%=%wN2I|9*kMC?<0gi)PLJl7#5>uN@&VeT877
zeA$i|wKP6*Umci-SCkA3pXsJFTkL+mPwJt!oG*%D2{_g1WB;jI_Z9<GON|Iy<d3H!
zG$fk{8zLO2;qBDEqLK=8nGi_JyU43Do8#5Zp|$eMD%Z!E<4bG$%hlFhA+7Xc@UYk~
z;Z3ok9MA4-c1*uxghansG$Ntsf)_66ltz5uwlAOl-(DpzI{X9wx6&8*z<m_BUt_p?
ztDf&|X1~(;gvka3mS`S*qvV?`>|WNWk|&F_BprgLQ0z7<JU;`6N`S#j&-si2A47z4
zz#^{GRZDC^zBJ13LnCO8H6O#cEUZXp;`W*xKf~K%7~c20CHNys>_P}b!~^H6*hJU~
zDglU64!XiY1x98l4u=-dzmr7Rs44-w#{5+Tqe_m}C>x{`=ktz4*zSce?-e(Gn8C5L
zoHn#klfHaLz%0*-sR>~go%8x3h(K527II}+sN}CvpuE%3vFOQHggg+G?oAwp!;=_S
zmEqbfOse5?0&6|7#d3g}*f|4#z?nvA%^`glNYY(IPjp%20Q^a3`duW(rjgp}2A8Df
zn2BqTE7!&N{l;=RpGap!fs5(;Tt9}vnNnSrKZ-rke+`gt^6icw^g?6WGuhhjX0#()
zzb6-bgV7tHf}apFG2R#yrg$(rj568C*M@e@IAO_q{_<U>k6%lkq_3uuZ%fw}84!2B
zc`Iu@5~yRvpN!c7y9+!5PINk>O?*OPH`8GmE_&A2Ztni021?mA{^zXFl?Zp<G1p6#
zpY0LDeI*6j5g0MK+np%@eGq`=tHtn*6nuTA9OIVJAEz7_nX7N6{D3REg?1y3@N!l#
z&eBrSd;wXPxfv;lX}y&tr*Nq$bEHYXyJ17!&3czuMThtf2z0LD1S_I8c>7z<KwPs^
zx$_Q}f`%xYjoFi?#>X}iH`2R5yMfjEBzJ!fyJ^kfZ$m%ztjxRcXj=3f&e@>l3^?|4
zS@RGSIWlEPd5gC+iko4<j8a~ezwyM@$z-^d{v&WPURxH$@J2r}%CtgxcYa8-s=4f-
zU+hQ(qqai1?CLKFW7Mr&Rsorfi6gmJHpw%tw%uCIQU_%Pgg;s>o3u}93~4m;l`!8Z
zAJTM6WN5eF!O&7WP+e=Wr(!|~PhuEjhw)6&yliJ7N&P+F5^<(eX6!EH;B6o`<t8Ju
zOiO*tHfkQ+@F0zk!s7qyC+6DJa@-h>vF+jMRb%rN-l#g(<fD<M!KSdw(y4HO)u_-i
zc4zsq@7tZ(SCwf#l2o$}EIgsC?O%twoh)a%W9P>%(4Z9QAM=uxKJ;H04Nzt}e+Epi
z$sj^CaqeqtFh1|89?l<jPnPp%ccxbaxR7m+)HL}oQ+9%%j?v23W~}*WbbBWyJ@7-0
zxW9Ddw6hmh)51PhZ7z7DOCMg!bQjM%_=tznCcuaUQ?dmYFwR!r@gb**1RD>bL4%@@
z$GW5uQMRgFNGYr`EUB)VjQ8#Wzc6-3?kDsHI+5sG?$Y|NMEu!FA+9<;e(rkOc}>ZA
zdR=_l*__!qXO;uMw4|rESH}YcT<t?<b`Hms6DBNWtS%zc3u#0j)@8t*@?dcGnZal9
zi(UQ9PVnpW%#JOv)^)g3Ivmaos2CbnNmyTD;=ZSTJyK2(B~}27=zzf@(txNo7`&z-
z1NQ6sA1hB_Zf;Kl4XcYzS*r^^pue8*orbjHI}NM7memEh6|hh>v*VjIvx7J@vttZU
z{p`$6IY77NrNis0DhY$7rNg7ErNhqvubeIb;D>So?SDumLB+qo2cGLet~Fl<y6;?|
z9lza@MUZM%!N@k2pd|ZmYKCaSSC2p2|F)Dr8>9=6Lh|-~aY^!?ho8vEJNfC^;vJ6@
z?|7n#;G}LYkdG|XoPm!&yL4yABYPvkDszAZe!Aj@o<AG%BVqfVhMH|`9pKsTx(D?7
zUjjN`&6Muw0Y#twqV9X>AFDVEiRSNkuv{_nXA6r^4|0MH_y#Y_I~~5JZ~6g4>`bBw
zRVOE*_qU@WdIay}>sP9GJQSREJru0sxA9>C4%eyS^US@GbD_EQDWVDFDu7P9xn>$2
zp!+icN!u+HUuk=>x+I|c*@2)v4}GFLRzTQc-{S;ik-Xi)@!;<a-B*L<9=y!7pdNHy
zPXN^aTgA2A_YlFW-1*n+c@)J1-h6eLCYo560Fb6g1I;0XanM;Z3J75}&@s?}?so#l
zeUpeL=KJaRvl-#6fY|W=Pi(4?fFRut0MoYvCI8=Mh-l&kz`Abqg36yAX#|L?Iyecb
z3=f~nQ*T{u1!Qe|>Q==6YtsMQWX?8lERCPH)2k2vYsUWD3|pmt7(ajV1DN@Tlm3Tf
zhR=y2RGfsuw}ANni(`02<|b7SkhNgIgP0dwXCc~5szK)<#zD?FK_%$^et}{pknaP~
zz6Xt=yOYoaKTs$kuYfDsXw2j1K5ToUL+A4OKwMZNU3WcbT9loH6rn(Gjo@hHT>he9
z#{;^l4&7gXp+{VD>EX{-$*SQx<o+(G5Sizf_4BxIT)}PsDv%dONs_|<!h(eS@e<t`
z)*xr${^`wq!t%fxQjIAEI{c01sj$yY;ixx6EbMb{4O5I?mlN}#%Dj^a()x($>bC*T
zc}JTrD5Z)I$`qOA-H1HY+{~%r(TnBGm||m|z~>^p$#+Db5x>rre43hM$j5`CyUC$P
z!&`W8=ZL?qt}=q_<eg0}65iVR@;1qt1ewa)cNmnO&t6dGd1sRoU74D9Z$`7n49E9|
zd?LOoqCVcY6Y_bjcE{28q!ZbI2`wM_iC$?^kuuJsx^K^Pq0!F#b+q!G1b<^K+U!UM
z>pY3lbdcBcsDf-e;<j%H`Rl6Rc&lq#->&!7-qS#T5thsu!V<FO6dd_LGkFsN#uP(O
z^E$5rp5xWBV0PYW!&c%td}rDidgeqvs1GPeM_H$Zy+-9TQ{E(%>25+G(!q5gi}~$~
zEoJ^{Wos~6X+CUivm%Y_&~CE*;t4w#!*eo+%CC&0{o|2&htHWD@dEia<*`Sfe?~3A
z)Yo!5qaoI~M;vv%ER?93rQuAtC3YK`aQ!@#C@1_}uW5Z?u<IfqYp{+X7)PY@8>L-b
zX!SA$^g<G+b4ij&gSqa^R<qA>pMr2*64AzIHpHG{RLf{vu;JTwZuDt}B+;O)PfH|!
z9j?wDi}o*ekJ{+dNVZP;kZSl*kHG<ruGH<New<Ee9A}}1g`V4SBWSaYPari>CpAy!
zR<W(m5wZbcveJjTGi=sPI$fj9a;+Z6pO~oYV{&{1$(naJ%$o~@0~)vk?jdJ-;~Zv7
zcOqIn=W)@jX7u6qrJ<)$g+#u|+IN4Fo#gdK$R*Ej*hGAQPqAsX4?lbnJ9v{mE5~nF
zKlxX0q;^p1a#tD3iUcOl^JI=H3i+)&Q74hImExE>TEXI~HK5e=tH<?_0~(p4^#g}x
zJGCncp3aK``A5(fn{P+iNLcN$Z%kHSzxTc9P#nT|&NKX&wCj4_G7)a%@43sDh$IwD
zcC@LN>FSKy#?Ekga(d_7BH23c1TEVoqRVcYC$F0%Pu%6VXkkJ{;9980_ObO(cL+2n
zhfY=Yh{c@ly|ale*#2BV>%izBP%0{TKRyT%8;(z+Fi03;vs%5T39D{_pek>_W2T4}
zwB#Q=+a)UWbcS^cU04x{HWtKqf8yC=*73~9{6vmxkY!T4J-<sN%G$gz*%V0G@zY2;
z=Ph&%9Y?T;$3fn5Lu~(&*<?Av!XX%tRl2zWL0P2k9SA;}r=5ihOi8-@aAtSK)5|F?
zE>&kxKc{Mp&33_H1t}{Q_!f^+Z&8}(owXsUtqFi_K6<bOz8gui-1K&QR`+BbuUy14
z_C564Tx9-%`})4BZ;(-AYrB%{B3kyty_6$Z-?xYCLb2@QPB`61;0=uIBJ%%DdLMUi
z+k%Ez-4K91XHY1*7O*A!Y8k&h8EJgD@2?`eC<ho$T@d1`0fv9nHG(biq6;jN1B>o}
zr05O`g?|SiAr4H20+Xo!RJH~U{UeQk3>f_1o~)<=;{NuOW%c3S3Sj<>A(6eu9~Kfg
z@L_ojg+dX;0v!65_YtpC4Sdqmd%o>T?dQ`-AiCy@`%*<9+L?g~(7!9T=u3$cF3D+M
z3@OuTPjNGq-xCb2-_uuoQ9p0Ft-%S$t-<%n8VCMQ?puSRMFTO_%3FiDW#`+dvv=nw
zj4nAKQNNmY@to(Jftb_%e@d!<yXOe`Jz@S+;u-p~IlMh6dI&7o^v9fDiV}&w963DQ
zom)NK9m+o4Npbu66fgpWE!wHU=l6sP%;V~wZx6O@4Ql9|Z(jqv+rXR^wO_kNH0e4R
zLh7IN4>lmftMPPaS9NzD3efC-sXpoM{5^oKtz~P_-MK%e+O0oky|ORnRT2;$1C0C=
zY-IF%3I~jj&fJ~D18y{zo^KndZx51cY!7+^V+~+T>M|I!{vGgXJA(8z5)exIM}mG&
zrV3AYKj*lg+n6IryL38=Ui)3a{!Ij;FM9ul6A8dC|3?aLU{S?rQiJ0N()FG6mo31R
zPk<}`2XcLq^}{+~tqXAV^#rie2BhLIz(mCD_e2gTTOHwkHU$Jm0cEU!FI~SPW<^+u
zME&9jL`4Px=1<gqPbB{WNFbUGK$hk^-|kY`9`xS_lw|=vx~u1OA{k6KD{T+*wr&mb
z@<2$tbb&37{>dT$1`Ph8)cY^}>#xjT*-G4PaQ2%S(7l}C_@|VgZ{H#YsE1rt!o<q&
z$y^XTsFnOrD!X=GoA1u;fiPDCQPcRBuK&>XU<~qL%<C7x%m5JX-`Jvl1(>2DvcOm`
zn$*7<B-+{azw)=5cy}%b1i~7CF#iKk=-3})P|z16nmZ69x)DL@-wogm04N>^js@Uv
z1CWaUn*akUK;hs6focSbz#8ypp5c7E8VJOHoc`xHFm?w5^sgvzfw2bT`L_R;?f(=A
zs|!$;dl94tfL}TP^8K%W01%M1|4pK8mQQ!fK+*UEC|_p*L_9zg|CJvppj8^se(T;J
zlLO@Pe@k|)0x(N~lu!fA;Q+*KfF>ON)#u><Z|WK+7WGR3O7Q&&Q1JgH>s26c0J$#!
zHH$^q?FAGM6;K!G&VeN&we}8VX*-fH<fg2C<i`ulFry#lDZten3+esHVy$-<9F&oM
z_Vyc^i`|n_x*wZCSyqfy*~|UNBEG`73$ZYFjlOe*DtmF&!WL18OOT`E`o6%+MJecU
zG|_S2wObd}p9w@>=XPh#=B=e0+!|=J1J!!Z<cn+#tWgJXN2u{DGttmeCd|rnl<TV5
zD^i<?S}1e?o;X_;X0Ku+wIisY7aqC03Y$n!-67Yw`BU96WrH1NfDO+=_3Bk4G08Pt
zSJNzkI1k~$x$7^p;7p}F<LId;p|<-}5YOp`UAA-Mlr9&sS5J}FNfDcmyCYfHyYoIP
z$1+7RRb#l=NBS|zFZxcq5C|&Hbl)ySuIei(`~Ft}+2CyTm@7L351cW>Gb-L2g|`hH
zh$mq4!k-`iPOd#{sB=%^9^p#X=l-Co%{^x#9|<Hx-Dks@kPQ|~d`{Tt40Xn%T2Yi3
z<}(V`ft@t{z11px`@2o@7S$_05D!=EhP+9OG=Q&><m;bYe?CL%p!3=bM=s&2Ty$3P
zn82?UL7`=#Ce_H26pr7y==kDQX#`fw=;JNK<B2}JS8>sZQ7+K3j4i{cn)A9;Dn#gE
zBkMp*pRimRkZ8D@<U!QdB`7_nFq<D&IK=(+;qSPrj+VtThTd?<%}lMwTN7&f6&Qh`
zk84wcX;!XLW@2s)c+Sw1KT=g0bkRiu_f2c`s@xO8^g*Ee@z`%Ru*T1QSGZ>R1~q&H
zbWZ0wh!M6du+)+j8WFNp%D?H+gA3FgilIh5f{0o!4L0Jx>of~rxpH>n3B_>9r-#Mn
zC8RV<+(P9(yX0o9W#+6V=uR&c$XiY`7IGkzpm8uOTv2G><TK38elMPtKC-N)upTm0
zS1-3o=JZa_q{wy0$uIDhvUcn~w0kQfas@GKioHg^?cEx{=Q6|0=B#woy7W($WYtb8
z^s^I@`};hrCYAd3fJH_?P_JfQ31+{KA<+VE96dw}C9_y3!J*Uc+9o%}(owiTW`Xz}
zI)nH$J>pBeUF{gT+eeHQYdAdJy+7-rRmkACEGVoJS=sX?m>-CV35h}Atj>j5#>kA6
z1}Df;;V?|tkfrvbU?^9&X<YJXr4uwfVt6v^CPgmEg1dtv>RUEC2!xA@reQ8SKK+fX
zfzN2@Gp0#UlrpVM#Lj^xF5y54u`^_Cfo)ai^F*{WCqCY3HcF4LsTL?(0jV7HHGfSa
zM^Twi;tj3fl)a-FN?eJ28W!y^j7ER`JI9|E%vG){8|vp#&2UB9<=u!g@m6pC2*9Q8
z9dLj3(#XT8ddImGUt}F5e_0xU|ItE(V7O6#&LzGY^uU9Yif>|-air5S=ipmm{c%k8
z4VaHDqrVmF0KEdu{B5a3dung`L~wsdi+qx4{EjEnFa8awJtoR26yDmRkty!-%QPKK
z<hOe@Nemzz;S=AF&MwjOhCf)iE6MLks9XNl^U{fqeabC;8)et}JixVTVLV$JS<j0y
zy+-Fj)$zgJJ`C9|i^#<uj{H^}>|(u5b&J+$RmPP-S^1n;^e9_aAK8#xB&|J-kiF(o
zZ4L4awmwpCzf3Fi=A^LqNsDs}bfd)%zrm=8sX)@vLu>}mvIo&8gKPYL)?vl(6AhM)
zs#SIf^(X&wXX*(mYSPbJ)}?cL-@_eZv|PjJc+)nOph=rWp(&MBIIOj|_N+TLG7B6U
zG*?)`Us3LDr_0BXKAv%8*(`=f7~Rs=%BeHt{evfIr08IW=gaQely~dxu6~sxRRSas
z<buLinf7r?haWG~ZrO7ZI>w0h-W&CFS=Ikl(UL%?|L$}DT}D}|m<l#%Rkgpbgn?#G
zo!zl1f}OGy&#pYxqd7vxp*%HLr$1zcfo8JOC_cR`RXt8s-bn>JVXGunwbV$PSB>2g
ztR~;OJYzFGLtss)Rcs<LC!ZE4-{Tf{rT7RssHsR`ntX@RFomoJE#q-ov7+SNLgrS)
z*z{53$EF)8{jKy>5}M5bb(vvs%sG)=EvrlLN<NZDEaSKhtZFaSo1qSRIcC6C4Rv}t
zG0QP%&DrQ%{Y0|DKuHu=uFy(<<$`5dU8L^QC{&O`qu9}LTrhn&Zdj?<x9wu^*zFnS
zbtkN{$~kUTWb?2X9`rIk?ArZ$nD{CzKwUR(k;V<0OhhgZ|CLY@?uIe*>9MGsjxnh7
zU_<>qF){yy8|xC0`S3o2EcxjhMrMOaI)pMQdYiJ`2pi+Vg-KTGxJ21fol=*Gl3|;A
z$w`!5@H;iV&)Y81UoTW8zM!sBeF`{<tAh3Vfew-NJ}&!16|XnV8MHeir*}6yb`seq
z99~A}C9TR(y!@v)rhxQ8cFZMgR9WECM7CE%rb*uNv#sI65``=ShJlLjrhOSJ9QazY
zp^VkY#uvl-DDubWhn|LOgqVgR#XO1hsyh{;u=G+4>5o)$2ys)YAHVYer^2mDNo%VV
zPzuM(TBJSj1qNa&d4ImQ-Pcz>UX>Gx#F0h3om)AllBE+2!W^+|U2&$Q%M()jxWl+q
z*sUZG+LTV`G$Y~orapJ)4N9r1(&wy9*QJ)yc&5k_^^skYb?Tt7Zzkaqy6LM~*oy@a
z*|J2&hLOrBwSt0D7&N<G-EU>u<UQv*uNA?s?iKL2(Dj?|8K0#>z*L+)=WSW7wGHkj
z45M1Q#EIPVllm5mreliB{1~@|x~8^SzsbJ+s6yFkWr(V&is*4`k}TAm#iXWfNugu5
zcFI1*+5{)E;bh)wm_pU*V;ZL29Z#?HGUo12naW?6MPC!1FW*>GGhb-e+C@!MRwVJ5
zR>|cxourWC|0x@8n3rfnIx6=KagBEk^3HuXB70ae;@ngRr>4@@lDXSLjR8uw`2FDu
zF6x;C7j*zHL1}0q$`C}G>v56Tx-~ioE+gc2ovK0Zr!4waLMZ5|Y`C94HI-kt<(MEP
zpUUH;S{s6SCTjO}J{G+g%1pv<<+Zvq46>4*#ZFGfQp^%+sq)Z1p4md)4#SPXXV1S&
zk6=l0r)SI*u-aKLbPWX!fYaT;j+T&Uy!<M#>D`Z3ZQk#0VT5Nn?(<a<fD|aaC)I%;
zJ5uVyDb0IQQ7Z|(NllLc%Y=dGR3Rr-yzj8C(?#+QuryKSl`5kk>DlNkA>~lC93|c|
zb%dF@Xd-?q7eFAe6<<Ya7AHFN<cUin+A$$=fFk1TeX~ENi*nYJu<1bJuu7%fTyzGX
zY*PkDaBLJ2cdNQc8lUG5S7BSW+3F<>rSvQ`wG56%KAX#I<$G&sL6LmYv)ZG=Q*2k!
zFFbb7KP98mio`S}k4VZoycH}@9(N6s1=8RozEz=b-P(~=+9V>L7jGK>nspQ-A6Zgu
zOZ_M^x@wT2)b-6_tC-`)P%(?b<0*7o3Q@udEbWzwA`r3ZORD2D9VjVPp;c_uq^B}r
zdiujASqLeh8OaF(F+4beviO~@$KcTj_2qUdlx<gM91{kH(z1kno_;`7Xoe6q-e(9{
zu6$>2<f%p8mWm-@Hx60d#waLyUvH)UE{DfXTyOJ-jIgOkr}mxjx(H=g;N&|RHa*lo
ztKwI@<e@J(;V$4y&R|dBRy&K=)(FqED$C2Q)NF~G*rvY>MMv6P(;&2_XcB@Yb4U3Y
z@-J3jCXoJU|NiO)e7Q?r!%119$lY)Y$F0hsVX+(T!aOO}X52t%Tb4(xV93zA#MVk4
z=4K8Ly2ET}c`Y%IV?#V<_YswZ8n)2Wk7Z4X%9nN#b-$-U{lg9cKZvFc=g2>LavMK<
z`4pK!X}R`%NN;hH!DM-|AHO##GiI?y?C+FbU1cQSwUSCpPa=TbFUS<}T0>`Nt#E#?
z^2H~BZk($Dn}ooOtz?2rew9ypK3YonYYl}S=fF|ePphlDL;aZST;FF|->j6w^QEz6
z&EP70-Z#Ns6+f>`3KXt3do}*-ekYK>`P$DjaOE;-d_1c0$23L*lT8gSX1QAjc|ifL
zt0u4+gU#a2bqKvz#Ceg&UCXlrwy+H);;WrXPx&D^1ZrpDy6n>R6N()@2b}i~e|@y0
zSuNPF$=hWXeO+0(SxX~l)!a1~vLvXJWoYL$_Gi8AjSXX<`(pPk)`k?}od~Q7l|wN4
zQ$RqiRK?oBSr+Y3m5uDpsZP?zs(M7v=)8_E22_ZiW01F{_|rjL@}In~Q_1kkZP$Aq
zjwW#rWu*K+p0pT)hk%JxlfbGDr(b{epv?Ih=Ux%)8eHB@mi1XWnfm&mlie?$bO^c>
z=1Xx8mk1F{Fot<J8@zK&qRI|M(tkv{+Og^J?j5nuoMXIw%GR6EMzQszn7)n`tF><v
z+cbSZ`s96KD)k&SoxP@?GihKRc2l2X)r11kkN$nr`FZuE@bTf$uRsY6^5Fv|n(g{%
zlyAF241Wb@^t{QzgNbq0e1R|(1KyH>ftih7p<^T7NuZttkIXG{ANlc1ie}b$gP2m-
ze8D67ahe{mIYMCGu^(h?QjxR4Jlv<+`s3oEJ#-;UWbAkHNrS+1Z`=d_n4qmiG}n6i
zc~I2^>O)yOiLjdY>9>Bq{8)NN{G~2;HZ$FdK`YYCaVA^R44ZN<;ZKovA4s34g;te@
z-{iYfP_!Bri+#WMsuS>NuLygwDF~c?e~eiB_rN^<q`)6d%71>cuXlSE&32PVij4WQ
ze_!=yk4{nQY)R&x%T@YwCOeF5d&+J6;|;AT3ZeB(%!w(S&HIN$kK{#<&lLyZ+<As8
z;vwx@!+L_2AEzefsdp&o%htP;4a{e3I2Vv#e#41~sC>)M1I{_EJ@XJAyaMhrqN@m<
zck8kWIGOp1rK))vR<EHo>z8%Re`mvPmfYkPfPMGtYPvk_ISsq6cRzDH`~~I+yQ=J2
zj?=pW-@G_t-sMr98E|pXpEFVzdD}h8P``A}D^MFsH#eC`HD_Z^j57Ds?<RWaTViB;
z8we(abSzN_-2%|9f%*GH52&pz!?}|<rOea$aU8YZk@fYmHq*Jijc8+^2L2LdL|@l^
z1oOFCnA<#$+}64;^;EWMp>1n8`|5$DxM<4tdrnh@RQenuL2MPf<*CG$xHBIgS)p?6
zko^LcEv=5iLn>n5U5SJS;|yV$X{zs)nco#-W=T1%7!=tUGn%tp)NxD?gwbtV<_wlT
z38SmT=;cYz#=}w_=VVoD-b_r|R&dx1+ts1VaugqZC%>%A?2c`EQuD&g7dF77BR_^{
zHDS~!#7wamC)M>c&a}`4^UpLPTP>9@Yx)bX<~M#UG;Q=5D{A~+*Z}1&Xq1Hhn$f4V
zD#dAZ#VF}8RMA;bwzB6bXwp))F6@w;S<;$0`6hO3o3R9@&EwH7yiwq^a+k4kTxyeG
z?$2*xfNQ+9v2xatJ$^QunUk~ncnqIEH;~`N0oT~IJY$v<m0t0f=qi;)x$E=FczqN_
zaBpE>|9=5gK&!t;m627Hm#S$uJju4{dQc09(lpU4-)O_P=PkJqXiW^Ue^PJg&=zx8
z*Nt-}-=40oad-BPS<H2sq$BQ=*3fQiN$vf1?OR(?`v95z(ZbFjKz6?P*DwCnk}EHv
zQTdr3qg~x!XPUn#Bcq6(%s6Z$>d}M6f|rfvT8*X&(tjQ}`5dU-{MUh|-E3C(fL-^G
zQ`BYJK^jj?Kb>8ikx?Y)@W})9kE?1-ZVKORW!t1`s%oy9K7G|vO{?!yRMR`JHdjrz
z-)D90+1FaQfbY1ksgQpxsA+5NQ&iKNuQnI)wKlDTEv2=t8Lhv|k%hE7iCSBW+OY`K
z*4xzfx0Kq3X4KxZsclrLy%K@iT{gA7ueDHFY-&dB?N=?;boYIVYB~~u+Gd;D6D_57
zPcv$7ylSbYd+$?J(~A+PZLz66`r0W~)BO8f`scS-9o2MGvqvXZP2COczAd(ZcQ;Hu
z+7j>qvh&;JEkd;R$`)1`zIfPpths={y2a}J($`zas@JxJS!Ge%YTtAm+rs+m$riOc
zk2Po2>o&DTEv5EGGivu7v&7)dEkX<=wKWl_y=7CI|N1E>=Fu%K?jJr@pJ7kTBh4OF
zIy3PXLt7J`iN6@;I^EYxH~Q<kaj_mSSf$?DDAL=A{+})AJJ0lVqejo54a3l8^p{r%
zR3mVXZsdzf%t+J&={g&ip$GEU=`4}-^M!`Ci#;w0UTB!QZ-ai}Rb<|VNv0b`0&kdP
zU6^D$qekx#`B9cpqi4(BOsC$&uoKmY(726Jqh~6Q0$1B(pr>qH292P|8o@<|w$UEJ
zMREie{ZEXbtx==5JLw3rjT$}ge_#X&hW37|$8|kO|D{l|j_E!v#+RT6uOOV2bp9pl
zph_Uqjhjg>9f03hp~nXG_@JI@FyClB-sq`^#0|9H&~D#T-{6wbI<faXbC5A#f~>OV
ziTX-oj@&+<K1h3_K&lOzqbC`xh>VdcYwKP?U3pyT$|X&^GUTLP@nyLBqWg_IZOR7@
zS_|y=C*%V22VHf2HBIXM5xJi3H^vygj1wU>wA0x4UZy7++C4PZRD;#&$#Zm5yJ8Lj
z+ZE}tm+JmRJ(iYGlC*C8zR@m{K7%#XNF<*<tssdtv`=UF4%1xfF(F-VB~O?~_u41S
zSVOyOKVvoWh`G1EQaxf?w$*fT-12EV_lT*O>GkMA?Qc&D6x#3CiZ>tXnbg!C*&{~D
z3~k@j^>xk@E}rOqqcNz*YH>_VOtL}U*d#7&V~tBlpLjjGPdm83{;-$nZL~dmS&bfR
zREZHkwLg4wS|t0wcQ0dhV|g#URSr*&BS~m_V&>YhJ&ZLF7h{<gWZSibB7yn&{U@5f
zY0_T)X|EWSUt7GtK0^rYPkUKqkqs(puwg>}w3<pSDB2}fX6U+hWq+FMadQY#P^bH~
z3o>+O{p#=a7}_KI>kk`qNciFnZU0^te!E7)k<erN88dtv^$cy!tQwkBG29JLg|ET&
z4DFqLjOp>~b=}w=UJ`y12Vu{jt(yY&+{NM{8`?iZZ=+qiPH#O&=Yz>iuFS}wj!rv9
z9gQY_O{0!R7tyau-ER!lW3;)~dpa;(PbF=14b$Vb=<oFyZCd~Sy6Ib_r!<In2l58K
zF&NaN`-|lo?Mu*2W1gHWtxctFYQsro`9=#+QGeYu`s+!Cb=nB(?G2_UuhZLC>ak?m
zUzntc_Z{il7yIp7IAwbEXoGvn-e2_?>+jX{R6~2=>3ScXaj0gh!R0S6(}!sflOV<$
zoAr=5`Xp-6{rl@d@jL!vJ<VWxaiyMUT(0LEOwU-S=Tm8b9-Cy$(G#_6YV>&8Y7N5i
z9Q~`!7%h<KdFRtiU0Y)?3tcOXAEVxAPdr`!eT2S@)ecc#5{<ivY=6C#U}@sTVvp!j
zr?)qT>be$3EL$(6()d{W2sBQ=FF|J)*JS7!+WE)y^cp=+i>}dAKGPG8i^Z~{9_t3R
zP1dH?=!r(LLPD@vi)DIjqOQ|+;@2LY<xBVvcucD={jg~4+e5Wtoa2k0rCm{{XV&Pt
zmeiofYs1#*iAGn+%^JzgMm;u3Onlx7nyXi%j_G<zP{?Jfc8yq}(KSNZEP7ln=yYvT
zSkhCq-=7idF<HCy@%n~iQosHzVL@$S(<XYd7BBW1-Ov^sV$53GKLmq8ucoJIUp(%t
zq8M!@;nDOogW&7jaNTe05fgeqXy2faQ#z8;dF`NRm#Xczo>}b(uE!d?L!v7r&GO&N
z^i~GbbL;ftI^A!4F4&PcK<A_M#A2QI&=afZFYR}UwD;5cJIAZ(iP}nuUr*D{v&QGs
zN@#E!^hDaPY4;YJyKW4So$wplH?nt$+KQI9zF4-7)4n(;hThw&>8-Sv1cF3M!`x#3
z8`Mh;Rz&hOogOD93P7b`f!N)+afvnZ4SFv!hEhq2hUg`vs=HLq(PNB|SXO489@0`8
zbXGzzZOmw)xKa)6;aLs3UwaWOsJAs(WlbfCakXV4+^nZ+A4W6X8x%;q#+`z1QR{Ty
za^jt~u1;>h`}Wj33VxbVXVmn6+{+B@&X?q7GG`9)$<S`wS<iHTNKe!zTMWCvnpT}_
z`OGJcm-QqSA+mGX<wZq$toGEbZF)?N9-6CH_zLy%Ip6Cctvl1%<r3>xkJne84C}|#
z)fd6^a$->{BaT?@4^r{4?l%%`xHdy@*?J^Dhxpgu*kSp0GpPOYfV~L*dF=_;vQKMx
zf%TW$_2&=NA9l7%pSJ7;G3U<-Y(Jk2n`JBPu;hLD3$_LD*#q_49F+2j9&0?Or)rlA
zbpDW@s$C=(k`$wh?fV$}OcV5a^;GTY9db#D_b@*~wnzvsy+cPxi^_MvyhcwmYV>rW
z1N#e5tb8Y2rzdN|WO)HX|81MKO?2IFOp|+*aiOkXMy3NzLVbj11~armCZ;NZp8Z1)
z3588UE6zWxM&~r4enZ;_vVKHkZd@;37=KHnXksx1wMNO6X?lz{N-jS!<W(mbvTkVK
z(~wR2$@J(NJw$tx(+#nU#>j!(B&N%63=uOq`@t5-MT|B-EEnHDP~V_V;*GMqje4p!
z?gW$A*klqL|MN*~(9?{%CX*=5ie&BDx*9QwOz&!FYbVrEC%PK(I@hMx>0PxzrJg)M
z&oH#9buIl`ps12qY8|VX=C7$M68D8uMvHF<=xK_0mS9|{`xA{ip9C=@*ifWb8`|fw
zhjqPGk`^cT&;1W7FD~!-tMwY^%?Imin!m>JX-^%JhOr(SlDv85!Fm^SVztNq%9x>L
z`Vwrz@a_le8R6%K_SRp;glI8EWKuIj`xRuCEtplaPLI_Fu_B#mn}wC3y;nb)w%K%1
zZ9N;Ur)&Qodv5|JRdF>8-<mV0=C;fTbTfdggBms4phTlG7h^)y*r>^y<;~R?V-js}
z!L`+>*jE}5aKUCDwjN+u1cpVFtyu>V1{Y)<kWH3h6A%~>L=^s~PSx#uZ+FiO7?bb&
zp67p`H!^*1Ro$vnr_O#(?TDB>%;aw(B3mONG7G>s(pO<|q=G~p=)e%6yO2Wt{2tyw
zCs{Gf0$2d2kRdc`6liQuZ^G0FgRin#lSVRL<zq*r9jk&Owy!03t&p3zpwp&OS_9(T
z6(aCo({ogKJ8WvY9H7IgwTw|93+#EG5u5O-sFHVPyQutB9_40Se6>muc{%%C&r1cf
znTa}wF+4$b?s_H>A_Km7UXQxB_1l?A<s#EQ_NcJ;5pHC1CqJ0!-AM+etC(IX;5^8R
zGDfFXh}yI(jPYvm`x*7STD)(@^BCi1VS(7=_6!>acvQ^&GJ^a&*%u0VG&md-XBgo)
zn%~b32+jnPUi9w3k#{3rJ-_%vf)9M09dfo{!i)A6kTP}h-AF=gmMJtmox{FQ2)UD+
zatG{vQjZZx@8Auv@jZCQ{}y87o9LxZEA_)`iy}%vKUvPCee>KxSCA2hQ{{|hXCs4I
z3AI7Zla%!X!O;ug_=_x~n$-}tFOh2AGj1gd^+cMEMY>?GY$<k3SmciTVX&#3g-vDZ
zpR_0vl8WZWauziUu@#(tu|O(jW!MIKikH7CAT{#Di%|i+3L(>6i|ye^Ue*=Njim$M
zwuw)B4jWe4Q4?=xCO(H(N;dC8+8r}&`4#<HKk^sSbl+Gl$-^M4Qj&*5nh@ln#Hx_U
zTETc+G>DV4Cc&6~4{uN=nvAlN_)JoPM(qY#q-Gx03~UAiEt3~A`J0H@odwu1V3Kn;
zVY`%(hs1wP`VTgPABc(T?Zq)zne~6101bS}i~had@erUeH)H7pDE5-Xex1Ydthj^d
z{jn>Ieu}I&LQU(+;VHp;FOFkZq0QyO#W4@YzrQdNli0gpsr0wQJTJyCT&ghs$h<U+
zk1bc0sW}THX`Z&lcE`i%9S7JQXW1R4vEuMTX;<>Yz@-tU&SLpeI#-ixJy)({HK5jG
zwMreUZ3{hA204sgswTB{VG02%UCLOjP@TE$3nOvc-dB>Li(~v5yOc#^h2l_7dogGq
zO60IUTZSn%hR#7`aEVc17?KdilPB~(48m;4x=aanV$nP1+vhXLVdOG(KC9+Oq5`T-
zp=248?o675mX*z7GFU=LcKfjnY`>Tx1Onib>TZt=h{@rNb&Lsg9xc!Gsj^6_1lebu
zEe8p@(iwk9Yo0IgF+>Rcq}Z<81w80GqZXupry(4Fk1@Q6ueMLukOdJ2kE^)IGw;zS
zk}toVPaLQPhaOU+l)l@%80H2^z-vK*9$XX?aBn3PtA7a4wlWIEpM_<Z!=ZP5hPmVM
z;sDv~?=-Nzft`YwpCBQw_mj4IUsBubiHExvP+Z#r`eO$!4nZ?6l<!zgLTm>)ST4L?
z9tjdEklj$ozDn!%bhFjAv)M`zZ$a%zU1=iK7DCE>i&9Qy9)~x}1wlgwKb4zxn@Lkd
zG2UD5DIQ3j;z7BjPNFSLbWiI*jng{potEP78K%{{Tr!92m?_1>C@DUl$$j^67_*GA
zU^r~>XB-=2P}&%C;m>AF$nAHFVe^PEM$ymV9wUQpF_q>}u{c%A)BWg&6Wye)axOcV
zKp%`+%v2yl{|my2?*XaX9mlptj4Xx)Bt}ciVLso;FTp18e9(vr9yGH)IRnMt9f<3I
z48SI9_@?O;5quH6wVDF4r8Rurbl1{5XI^>^^jk&51TG~_Cd%P{y+9nDD>%bD47}06
zU=Z_-GR%WrPq1pSMaA`*^fU~3lA$kf{xl%N5&9vA0fNlr!GR|Vi6Qh`5UB_%N?o$d
zra;6EJKat6al?FvDfnPAIf1f%)Ce2GZPhfykOh%yu}?pQzU!Fef2YbKg@q=W2D>j4
zgfE|)*i2}PLcrd{|01xh>_xpy;!eKUYGgOy#jgaz<T2u59<|*@^3;uc&xPI;HUoPW
zFcvKc3Y`3V2y=zPC^XXg#E|?Z`eFM^1fHfcaiTT_v;hyGuc#&+ROy*|oYc^NF{Orf
z<gg&mlqR~4ygs(nd!Y`?BPO<l1dED=1jLr*!a{kj8#PkL=Ao?18VSaY$oJUGWQ@mo
zoP-{zPv4E<Mf_hRg<Njp%@x=|4B1QXz!`@zjA0I}ijX%kES9(T>Dm?SAnIW{b8>Y#
z9Ex)pnHI&ve9q8_lhD6*9%W7#Fl{*#WV5pjNth=QT(T%3-dx0C-g2c6AlL77Cf0_6
z3E`Uv!}=6y*pr2^v3z(s5|S~80p~y1N=6@&0kfWTtv(pG$xH~Z3gJ%;^arsXpN<Xm
z#zY4%=56Wl*5lWsuM_dA9|XlY_wlxLx_@9`ZWQzWjP>|W5#gdBHsbjtDqJMD_1air
z5U(-F*xHc3F3<AOxhc4Y99~%=C_IO6G$wXOdQ|jBZ97?qp44;s+!{Ssws7;+3MJgU
zpSi7+jlNzXm725PeOUNqj2krA=@rZ*6I)0x)H`5fNQfcw15MTJp+OAtnG)(w&?wb%
z6gu;zV(HB=7ycy%Dc*y5a9W8kZMa)Rw2jY@8?$$@Q;6sjJ?>1euZp_&a=+Tj&T1?F
zfIca9{J_M#3Np95w~|&-%$Ro-z9z&8eOzCutk3<$a8Z|cx>zlcDERETkvMrrKUhIP
zzRA7hj85aIDNuLDa>nka;quYfCSW7MU<dIV+mMl<X%)tL1F_YU;>0KIi4vtRg}hK4
zkyi<%6hbvzE|K!bF}zB=7>7R-CoL4kOW_YjrC9h4jG)vyj97$?I^mCbcf6czj{Gm!
zoHxQ2?MYH?C2?617<qh`xp5lVJqoRl+Gum678E0U{H_(^sQ-l;Z<<?6ESF@<`|N=?
z&aFMzE|0^0yKSYXZGTVODhf0@wVW7eM+F?A-Vyx~Z2l@9z^jYI`M*h_!9dLAO|jmM
zc<Dct>9`4Aev6>6jRfFwc|PKecC5qcxe><ALe98pW-}PSoH3r@F<!-uYEBxo8|kFa
z?lva<CCa`_Li6Rk5nk~W=J96&cqtFy<+sbfFQ@mC!hDu_Hzo-f%ZZWWVVuP>&|aH1
z$KrD0>*ht`+^iCt^pyaQJPREtM#ZN-*nM8a6Imgahz3lR;Dkd@SIhLQCpa7k>XfP3
z&dFR11R7BY3SJeE@k38=_&dXUpmiBG2;w-#V>pqKoCLn0IA;mGix=YW#gPAFAP6;H
z%2Dv6pq)W_=Clh42^j=+rk9W}njl4-H-a5s+hmAw_^2mixROC*-7lKn7{_{iBSMjY
zeIUKZV;m0lBrXi~s_|aI#)H_6N6`{OG{0M%Mewm6jQ$V((3rW>GxvV2668koVoaZ(
z{)G%DWhxQlW*oMQRk%_%Cs~vWDtPS>20u12%;DAB^aAnl=MI<^kbk0p9Om#(hId2D
z0t~}HgV+FC8rY2+v;cy1K$%3q7Zda5u=*W~WixpDBaPu-<ccFagx#fbVwwe5%-|}L
zaa+XowqjM@<kDGkru8^1*F=~3R$+l?y+n)J+qQD1EB-gEQdOsZtkE7Vwpam<VbCau
z&vN)QqKCzBH>9i)3)K>z<?w)5Vv7QN79J2wY>~1=@>2uvY@^TRrn6{ME_(L6wCE2%
z)Km=ZJC-*!897Y<NMmGXpD88?9Cm1?z13r=KLYHqN0^y90&rMnk1$G%fE=y}f-jK<
z<sXAT7!nZpJt<3Dv^YW_6Qo~FLi!j%Iwl}p%Ajo&pW!g}p=$B=diNPjp2D97RBDv?
ze_|=maOfmN|C?g?4E!pH4WW&J&%obEUcD(w(#>yq1^z)C$ln{%uBMpvRYCb@4u_T`
zeAZ)_56>8QF~12>e8C4}EfYb0>S9=@g`DS6`#Hc~Eosyn9F!0}bREM2I5LQlNi={y
zF?b%igv;<+4re}(FuYz!x(p6SSQS1F*O>xthY4=>a6Q#<-(JTuo%yr3t0SKS!>)_s
zUpd1@&QWj0@5Y>zqrO37nTPkBbUAK~Qdct$OMdP-=j$WMbAA^LVrAmAPqh;GG=~LU
z^s<!W?%L6xr0wX_&W=8v+|j4KJ9-zdNRrt9^p3{<E@5=6mDthGr_{8glsDnt(Z@3G
z=(+plaM9Kocl7lA$sLWi`VKql8s4*`a@^W>^!?W7wWCjRh_29ROYJ?pPVQkqynB=t
zB8NsM)&nDs3>t;7A<VOMKO&Edy$j;KJc{>ohJQ1iy~`0q?R-{yC6g;c=rLRoud{nJ
z?^?edX4Sgb0uJSSwdC@;LBa|NLRYS3WUOkqY{9}fRP51Ae3ZlT-{~?{-G;)C6lH&u
z!y`h(&X3}w@JLYnW#XN@0{@3I{GExwdj#+<N(<reTu^-Ysvt?!Z!n&~7^4`I{>rin
zK54m%-!2!s`{$BSPydZKSAE6xOsL!SnLX>iHfaDjsrvM}y=Jv5aXnMv*DHP#vr%I9
z^$H~@I=i3{yTT-kTy>vlaor6g`)e@m=TVaEUf@xDsRnW5y5t_dsa93}bMFrJt%?3j
zl>*Vc>!Z;EoXFr0aU8_p?^XB+hdo_{c;woVAF3UB#MzNYk~?w-ufX34=I~v2WSBZ>
z`&&!sPX3#BM?NY@*^!?2CwJtG>eJ)?ns;PzfxRP3|CZd5`2{IE@@P#vVt)<ZX?-C(
z@~T?ZsTBIr^Zwd*WKlutjy%s{VNd4Wk^r_-d-6PohY3urtK<iwTO7~L^BmTVW6VGf
zKauX6?pq=ul`U{$9Ag0@H?}lHJi){uH}FoWe7A_nuhdr-qCWW-WFh(^hc6#y_-AL|
z$>?}wW15-PBp=6^w@8^-sSF8sE0WfqcvX(F<CSktF;nMom^EJMe@imFoIRelhu$C9
z>~SIGa2PnAF@$_<sZ{&VH%BV78McHW<5@6ioSnEOqsT7Q&z2m9(ijqua-p&qiu19!
zG$;?34e9Mp@7r9t3j1xJ3?H<8J0aAA<f1Ism}fd=k_3%sET(AC=12vvmICaVaTF!X
z!Y1C$4N_;GjtNBgd7Ln|-xj5>93RINOMTEozx!;d-G&4b)H0D}i>*WzXj$1=Fsz(O
zqg_^0fdcfb-vX5goJGGWbvTQ|n-={6k4r0H7KbRM5NDB%<7|ZC<@5;Km{IA2sD6*J
zY>ojaSAn8G<P6)IGE{NV`($A3fd%ku<+S729QLWEZIkY^Veiu@m%w2=gg^>Iy#z8V
z_4>{CZ3DOTVqQ!wHcCWo6~pGF$aCEkSh4?~YBzl_X-g#TO*rsNfX$QuONag*0sZ;s
z1^taYD%2~Mu1r>N#;eu;qRPy-uUsZ!=vDXteESc2HY;B$?`8NH9DP`2RGiuzspi$$
z92-D!H%e>Za84Z19*o0;aaJ{{QzdpWsUD2yA@7Yq#Z($Wzu8uj4z=LW`vZ+3mxXms
z&9cIZ2<=}fbRvH<mx&+{z_v;dN~-+jT8zAIm2X>_y>7ta9f~8hX<1lmc48LU434i<
zdRfUV%WE+}4jVtvh{GJwlBaLjEL&7*2K&U!l|aW~bVLsH<?M{IkvxGPt<<Pu5S-EI
zoPI2Zt`G0TEK^X?507Z);Ye^3Qj^2Xm?brGhl65)oXfd)Ew8otMh+*%tUFS0{<jhG
zM7++*0urdYtp5X#8e$d#u5Z-@R~>c;y&U;yqRBUMQyO00bvE}e9KQZQlWv<=W?4aT
zoPIB#p<v}rY}&g^0yU!@&uxg_BK9LWQz_EgV)-YtNLbB*nIEVf-Qiw5p;ZotAs=c?
z9h+I6y~*V;?!&ZwPN%X4`V8qu@6UBp93R@)55>j?#Y8SEvlaKJc?_Q=d7wYGB*O$M
z;cK=P_T~?tSgEn3#T&qHW4O!yGEE}vIvZgZXF%9F3Sr-5=?j5h#<;1{3VYkuh!gL6
zfY5?N9|D4_?A!ENN()$P19nLoU<HByP=2~Wtsqn^4LD4&r%>$L{5-fh7EI$`$;gEg
zu8Re<Ccn>80kRfU8boZ~`zN&+ViP4G^uPu@ipYmxJwrzIR%0H2g$~xb1sPHvIKzvf
z`-=?g!ME8#${?D)hy}&SPsFexG-QZPaUkO`uCJvB5n<~|&ETUsMZfqs>{uL8BsH7i
zQ?Ohhxu3%(k7_#FhULx=9QC)vez;5Y$)Fx3X%1|j$D%}!qxc4c4R2bM6$fP}HOdCV
zCWM!W&1j}2YNk8IOeb(MiOuL^RcA7rId-!aGKDxvVcW#)iH@72Cc3Rc?cJ=|Df#+>
zBCphJvD|BwnrS7A_B|_<0J0{CIhhRqBL1W!W2hr@xA(}LNINopQ;*E|K20+$w|3+l
z%j9MyjX6bp^$o_s)Xk)De}&sVFxdY5p$d)7=M10W@ODJnz1=o9ufa{U`iEeo1z~LQ
zl(PY3i<BVvV2+jMIxMS@6j4%yIVsC*&S6f4##~_BJI8gTq6(5jE0T}|Us#=C7X|1&
zSFPyl75166zhtx6?G;*zE>=A!<LQ^~^?fTe8QZl?3n^-8*n6LyC5ZSOOG;@R)>UZ#
zx#^HlrZm5gDm0IMW{86bDv)gWT&s{9Cg#AsOmq@>u&P31NknMjMue|yMCe<QVm?um
z$rch5Y-(rJE-$@%hg)3Q`Lm?7H0lnU_%8j~g~&?Z+*YHg^v3n+lG3|(2)^_2&y)|i
zQySNK``T0~X>q5dkW_wc1{rC@oi&R{6Mp8AkdF6aLPC1u>j+6m$9k~~myllnI#QE_
zG`>@sfVBGB3y_ai-By!$l(;@!IvUf-EgY@CR?0?Yoovx){k18QQJ*``OE8*sZH;o#
zmz|_o^!l}`uui9Rq3GzfN+z1tDMchYdu_^|p0_|W{%2|O&{I5y&t#H^rr(i5+gJUp
zE@@~zA>~wslzY;Vvj4TIl90Usw;;4rL1lQS6ftPmwO*pLp_4qzWvav8V7dqtyDmin
z$^bG)0DAd4RZgVScM^X_{>&}?9DJSqcch=Q)e({@qHnNTq@U5(W)OasD-h1VHVM`D
z)uRR1W)ysEGUAqdUS}}<bVSNMYhP!X<et-Nj=jYkmE7}cb>utCJs;dDXE~>x+_5cp
zq)8Jae)ipEo~O8>jzx;hGyKk!W3jtkW{Kx}nV>E0EWI-+?DYB>!`Ew*b>^!NFK<VZ
zPWZeeop7C!&e1#5W2D+Sa?YMR)5M(q?c7q%>vyFKImfQ4RmPcmmt4vEYt*T{(<@QT
zZI>cY6yH^|cvF5&x^$y<nWURdciO_u)OP=oX}HCj3GM2TYL?vP5o*MSztye=nI^90
zxBD8eL?fq>&G0!G_=#pDcir|};d2}w6CM49_#8YIE);(n2Kl5KaE5n>u|W`DWjrQ?
zDlzZ*Hlx0qGx4q)4<$YKQSe2H)cu4<v903k%>#Hvaz2Nqd(;Ks(0?@vi#Z%Vnoe@r
zCGhTQEhz9$;uXU98A@Q=`iT-OXHQQNESIcK6)a;jq+ppt-g^oKuS&7F5l+lpt;K?N
z!LLuITR~ZXM{Uxy)tbxg5G*JZAA7z4>+ygfiXK?2FG{aK^(Pt&;ur?MNr*1jWc07u
zbM$ezne279!t3ILzvZxgk<<sTOFyqaR$JEwmX<RziT;*D$)X4=#QM;x40GYVauzl5
zmmC%@iZJ|ja^J8GEKyzRb6C76B3KEOm$RUZY!y%N)}%Zpwla>bxj|t?E;IQmRh>PX
ziE(Dsm*UduC*tDNU(VqzxeeLKphwqa#!8gpL;cBD-MczsS#u6&oj2zm^`yB7rW_Em
zhCr>~bLAU4{sg`J6TBgaC%@aC+~Fr&+&LtrhBxcm`5MXWBvmwj%f%}1<_RxCEv9Po
zg2Ad`-+VIDfhH6>aB(<lV^HyvQ5$!r*Jl~RY^3+fZfsKH799Hhr)F3!TTfAi^#?wg
zNm|Ti_$a(lKS=(R<4=Ut*(|Fs*nbbg^tLX%m0yyGKIvlHSy%jIoWzX3z_%BZnDL{i
z-C^*PwG?;xD~EFz8)S9w{-o{enxy7C$o`Zc_Fr69`*`6@9v1ZRmA12EvIhwA(@QQk
zLvsGz)ox_^x&?Dfsjd|M(krOo^#O!S(4x}Z_2H62w4ifX{8b<}ea<D}jHy-@ygrdJ
zYzS*FDLAiUF{Z$%@(|Jdn;uY(wf$Q>zA@l1W*lRBNs26SkBxY8oiA^VglVCE4)Jl!
z%|=FVm02S2`a(uIj)ob<KXQ0KBz=NDD8D3%t-33>2}a=XgIOeb;4f0(A{b0FjBp4E
zxHK!o2!sS&nh{)%)Bu+VteZe^d9B$6z@={rT*NZGaM@p4H(chq;IgOG1D8*0fXf?6
zxSURb%dAP30!(Ivi8u%oaU;xIm0C@Z8Syz~mA_Z1T>xlS%Q!>_HlG$-DX^KbPpcC)
z$BL~aY^Lt>#NG5CW@UuUdhulmoSBuH8#*t+H*Z<BqRmSV+PvgOn;kVl=Ox&6fS~iu
z1wp4c6*~Qgr9$V_-nyYPd6)y86MH?-`Je{qjC7#$xfeQ*z}u@L3OYA>BF7qe4M_M1
zhrbC9(WZ=pPdDsO4h&1i@kKp`1u}6gHEb)6*K+uFi45DqM$luigvZ$>5xPC401jsA
zW*Va3IlG@^x>x`QGJb;^cP~#iwnYkT&ErXlqItk(`fDHehyzm_C@^M=HLZD^kvO1J
zQ2z7=Nl{_d;~qQN+YOk65u;eTyWrAF@%Yk^4V<G-OW^d+WqJuk$R;eIUN6^z^fwjY
zTcX8mPIK((8rc3_FeBF_e!2ST5c+sq@r=XtT*=ASJZ*Ebk8>q2IZ7kh6Ma)XJtCi)
zG-5UBPS7k=``0t_IfbsDc*d>SKxNwmZiIJomHYVPr>kxL=bbZ|4o+W0m~nH8Jc>V8
z$oLe6^#-6tkSuY&Bs%U==vY!urkh;LO+p9;|1=SxFfPFMxJ#3*?>;|kRPPz}7*9yy
z*?SZ_B^CMmIP{9Mn7oVU>+~Ck8ri~ga`1!dKAs^Bgf#v6VksKm$KjQ`8Ro**R|JDp
zAAYdF_?v0Y$BUVm^^kp$O8hg2=bU+8;u?6D8n~oE4YPhQd7;m_V#e@Z4lk&Qe{wz(
zAFi%T+E-speAp5>@q0N$Y2s&T;zb<x3KDq}eJ4JQCVp^lq!RyB<HY-`fsfX&bK;YS
zF%qEciH|#<iLX@S&!vf1sEPlT!&y^IJbI;=xWQqLnD{T~J1gbHmxzh~Z;caQq6RLn
zd*U0!#NS{X&MvfK9@BgPuTi#n=`$bd_{>H7UHg>NJYH<+F{PQD*_ZTvbMYk@%5(!e
zhA<D7N5c3sNH7C|2Ls|{`>2aQmNaHv5yRim<9v9oP({Dj<M2a<m&2baG}9N7jdMA)
z3)*xcF~q7Vd=5DD`dq2W^M+Wg_M+E)KG#^RPzk`N2P-yKAjeQ)qVna}gRQ6?nDprZ
z^?|PjyF6Rs9lZRx7A6?IJj4nsBhXpFn%gF=KqW&wCRgOJT{I9Jp&t0dcqu#<5>Go;
zDTXa8gU=X}+zk$^4ydh|Im9xQDT<!uU_N{{z)F(Z_E2(IV~D0onO;4_O~kK*6$i93
z><B*k;;4vTNC8&@0^`?e=Tp7N6*;$Qs^aM__)3A+ZD7rQay`gA>h>^AAXF}_-LHiW
zyq?S7?Wsd&CDsJsRf1_+O0*8I9Ml-*@RcgIu2V9PQx=!%B+DlZP4PAQI1Jyfwrfj<
zmm~IT$ymFd#h#t<arjEedYF%`B^p4lVoMJp6<=*FP(PSVpj=v9V^l$F4&Tr?a{tc_
z^>~(AarjogB|L4x``Zn_8R{9P6^EB4Jd=eNjt$BPE1}5<V5!*nD=Vn+N^fJinH8>f
ztt;gG+=zC1ze2R$LnS`9;c#ld2cIVlO~vPpqQMm${7fKoP}w%G5C>fxbMZ5torBF_
z(m+=f&u1<-)fI5!pr%e<@lZ=Iq@!0Lqw6-24d>qr&8toe%}dl4nio9Z(7f1rgys?E
z$;dq9WzKa63siL8aT3rg1m3KgV5Q-W?RSyhtr8yQy5Fu~9*yz@H}#PG9p+}j8$%b@
zD=>${R55IT4kb6R14Z2T$DDwD5cYVtG>5~`{gTY%6<k&e`EZaG53AKqTPR02%P<cn
z3M%jz{6tWF7?7196K44kWx`w{2^Yc=`$_o$iZ1Catt_13|G?pwD&*F$Ew(}_Rr7tk
zhl~u&;jlp9SwPXN*EZCk8zsxS%ug@t($k|8#l#sqJlSHH6W}+^RXWjvq3IQx{T$95
z(2}v!@5#lq;_$^1W=c(_Ki3mt3qQ`Vg^E|ThO>gDa%=!223fja8Itw`<55%Wo*eU=
zBzXwoAEAkv5RK++&`ee1#pG~ovWm5PDu%6K&<0KS<5O^GvSo&_x%eGYeo!hZUuLDw
z9AJ^n)0Pae&A89Q%78#E1S(WYi9FaSfX{PyRuY9nU4oQU9B&e&!Wg<_)c%;Qw`}Sx
zWC{3Eqf&A8IlSFO?A#cl*_0B`?@)R0K>s$v%f-K!$e#hsb^l8Kr;&V_=jqxX8_IP1
z0F!T^YcTbd-+uL&k$jahO6H+6HIglVBL9&yOx`o}$|Guh#BH35hRkex4EU-MQ`52^
z-HqJ-&7pae1S5pJFkS`^$4MB9%UtA#9RfW$Uv5R^!&OS*isv&~QnzJ~Kmc>#BBE<A
zk7q(Xd3j4DC{D}SaTgk|&=AgTjtCvkq<j`hFr?4<VK=cT;4mbgQ7w4na8XR&;PZ%C
zTk>>k4x{rKky=#IC8O%>F(#$Q$U1wBb$Vc9N_`N(X~bc{JSq&eOh~K*W^4vC#j|87
z*AB^2uIGrbty&&owtH{}S%3qu<G~u3@!QRq9RTrj#bY~%ZOJ-^!|5i9$95qW`x6eQ
znvma60eC`}6l%P&iF6v)=g(3S8-0HGgX!%3RI^m>zPhu6J8w0W-`&)iLIp16Frg{K
zE0di4ROb}N{z_Bn*CvKe9K6Q^nHYEu=5rXFltQ6L3-K%$zWpab1bVaxMlp{+OUj14
z;3GLLa%ZWDE$K`ExrD=_ri?NM<-|VgoD#GUZ%PHAsna{1C2cKlN(ntaS$=OyXP5in
z5)L1F23(su;FP8UW29RzOiUur#Gi08vs-Uj=dic?yr$wK<hU35Og)Bq@C+eNy;uNq
zFR?ow?Oap95peiK-Q9YmbInmniAJ;=^O-K|$Zvbd+1?S2B|!E(WN+`V#_sLy`Ebhi
zp3axso5LYDjIH+s0_cN_7>DRMCRDVuig>(yfy4s?@a>ie!{2ce|3K<!e{2)Ls{`m$
z6y%|>SMDC#m}XIr;briQNremoa$<_0jC{D(Y7A{SjBU&)kvd0_hY=5(b@V7r=`p;{
z9^;%IcnP!@pub3^?Q}^|4Bu=b^}=IaY_;%>CJcX?+>F>mDVuS)F{3&lbk@KpuamkQ
z9;={IKV{%Eg%CNHRZ_)hEaLFta%Jr>DGz&VR>DTJlbvf_32<1caP7-FTYjKgo~W~>
zIAZnq%GA6Nh4Z=;mVv{Ywc>fQ$Up&|h@?Sd--})az2cFI)cbs@)lD*&z}%*GtIoCF
zo|twW&}A^BvFiHyLuJnMHc;6_3c`aQ3@0R2p47yU!FT&QXAZv0;V`xd<1zH}5{m0-
z_*-moJ%P_3z?^(LYpjV_RSX+7lNSeG%dm-U^vUCJUjm!Jr4#`;e>_Vl!Mh8GuQx~R
z@Q6mxK%L4g4kI36L=g7~S|PAV7XF#9cv262K9#PyNH?$*mofuUWj}|}4~J2Q%P21m
z7Uom5Acw)?VA!-Yhr`bNqzb+0VYh)Lhr^<LWlcI)=V@A;?>&EK>+G>4rN_5*_9)M%
z6D7{Akg0O09$Q0(t%Q7w0bYf-!nQ0rKLOYAAx@?=#7_gvwOx6=u;B>I;T_P|2=m0Y
zg`$`nq_e)EORPeibt&)7Yr<?PF&mqaY`Cg3a~FmZ2t&^aX}lsY!CFe8Fn6I+fY~M9
zMwiHHjRE<RBvG!%#Xoul{$6%I@@a%5(VG8*{%7RL(yvB%01Kp>BYDtPJrehv6uHmi
zn~*Ao4FxGO>Cc;t6t!}Fmy}e-x0<kkpli=zLkNc{Kva_V(OtZTnzme=H<w7XqDu;%
z%~m2&j^g+ibC~*|3^Co>EQpuGb5#G!C+mI9>r$nT@vJ6lSs!*O6Y4WdU7OJ66G{E{
zVGdtyNglH%(1_VH8d@jrO-$i0L+b4DR!Wb-b@rH)>;b-*;+gZ6rA!=jx<yepuz(J_
z&lbP>Ka`Y5eH`{F!C}}##H+64u%|I|vFo`HrI^XyZ_IcAFZ(k^G>~ERp<3DVWgM0_
zX82QSz>~7(LuMU4R;2VeS!a(5DMg5W;;;*G<T7#C3&dg12|z!lhm-b$t>al8_JgT)
z+YcJT2%#kXiJRC;d_o#s-{@kxkhOrrktR|>%HjQ)o$Bj@{#|rap&)UdWj5zo@Q_|;
zmuaf;KXlEzl)qR7HiXe)A`M{2cxD>-CoX@RoZ;g!{1YTBJ*4}^;Agurg%uU}9Fd4<
z?c{;l#IcpUT;E9`Z3x5V+GF@QXV?YadP(;SLFbwTwvrwK4Co#3HV%I?@nP7hRbnd+
z?Gsoa-{y$7w{y7H#HTn6uh#USAUr=yFUsUf@qdb(z)he{93h0ca5Y`s@@z<GcDe2}
zar_;x#6NOo;vWpU87NsgB%0J|;s}t(?5aNpzKo=m#ChXYK?;)c`$s43tl@ebCiP{^
zKn6!5vf!m&U=zMgCnH%`d1FUgaESM1ENS*WcRXW?xeonbr$O4lu@iJ9)iY51n#9<3
zH-r(%1ggxRl*{m@#mL-Ac1<(Q%&An;uisNiwSJ)(m)vICpA#w;<Wz)ZQc1q(>r}B`
zdr~C;Pwz_!z&eElx+OgaIzAX(&dj<}o;&>qQ=X@)6WW5qmfMmBx$2XiNSRg~UX`07
z5AIR#Yd?pBeLaCO>unfJ`;LHN9E$reb<QW9is**zgFal-h(s#}oQy=36I<mwt8N?K
z_)Zhykm$pr;mRmycq_x(rRsY^i)9>3&%Br%Sky<*9x279_-CXsb<N3?I+H#Q<NK;(
zvif8s%|A1tuTu-*w6h&$@@)^=E!#h%!`CMxblF{Nc%`qrh)>22o~otJVN41T?}(x9
zlXYk!JSt0DN%_TFGUG=Vh5(shRa+so>b~AWYCD~BJWXNcHD!WPZ@!C=ar`xO^GE?a
z#cKD|HRzPo$TL-X?I$a}lEL;a+J6utXl68O#bNRFp`?x56!c@0eWH9~k4#>XA~%uQ
zdChM#0&c3k`)iVTbb-*!X80@|J)+67JdM2NMxN!+m0<w{q6oC=m71(SOtwF}Ovu|G
zX&1u$RYaA|{WmJw(u~VOY@o=;u6`c+>E|%vnBz1U_NFquA2_OfB17#bpC8pSpV$6x
zx?-%49i>Ef7->~zXTfpm4E>HOJAThMt#E3#LiJG@Ccf24iAx)is%O1rRS57<)uvl{
zl<0x<OiJG)tdU=vag@BLJWM)<Uzxvwi=|h~JM(P=IFJDx6z>~!Omlc&-`8t!`Suoy
zkn;NNU9DAo{{=ZRvctjCEt?-o!u;NwR#nDo7?Y0GuyyG{!w#T{8OG{zGX9&)FnFHK
zaLshbJ@t(XUu%dZPLipq$K06#;X?AIe<XcUMuiYKKNLs7Bmx8VtJAQ4zm2Fvl7M-f
z!$tu<;NXvE1Z!Fffr2Xf;Fr;4<q!`~ydOTW)#)tAtH!^IKlGq{5EB21O5DMY;$Mch
zs-I1@tn6%<u~JiwvtjjYD@?eY&0+dVK{3SN0m9I1BEs}r5D|JJi7`E+PAr?r&XO?8
zXV^ge+e!W`qI(vy-F}x;LXCgruxhp?gm;*^QlpBx;sL{s409IM8Xd8vUxomPV`?8Z
zXLvdCm=hh*<4r4t`<_0kdAM)SH?2xyzTX^mMMjjrY1PhrTfypuwkFY^XI<*YR<ISA
zm&L3~;;B!}B%R0L^BhVxMk-RGYTe;YPTEf!*u6-`UOms@t0fUuh`G>bF{=ui26o^u
zvRp;Hsj$s9uv4|q73ap_5HD8|TFnGfiWZ-_TigVrMT1<}v4}+tEaLL_P1K>Y9SM4A
z9P3A2877^RNgQ3>87AZWQXk*imGto|IP`UrMaDktP8Q*?EkF5cw0tE=)$V+josG?5
z)Wbn)_nFf!o-)Kv=heuEQ&UlP=Sy^`>gvUo%Q*~iW;HCW-(J;kr&^lb?@A7Xoqj{o
z`W?upkXFi#hVGLkj0@=Iw|rvP-z<sLa=qXy2^K^j{|F19By#>@lI!#xVU&a!!#{HP
zc0+_R6=kZ5EB&{c&RrW`K{bzEK|FI)z|@ArB0rO9+6)dqWbaTz4g(s?9s1&-kbS#N
zV<sz{-OLTiiFS9TQ98mXzvnaCy1HURRJ2eDeaAk&Tf5pPPu*6!M<!}=*wR(7@(KRr
zNk8<cTU!lEj{RzYAfIuWEus6v&b?%fIPA@GU&b>eAo2I}M~UCw!l7TlF;Bnzu)N)8
zl$Cn9&n~5i?|C%rnavd(`UjFQ9R83y#fny@`t5qut7|mpFv#gQ^r56>p2L0#X>7xz
z$)&Xn*i8pIO|d11Lygt!vpEcSNJVC=JGQ@2-~QD8b`B+4M&;Izaz5YBnYNP7jx{Ds
zClXiQ)ysM-<Y8D8kfXocwO0EYgQX3L@6MUb^eElmDG;Md$gENiTlZchEj7J#0o~~G
zM-JU9Q_vitEmJktI|b|;koGiAiX0`4owvD-RZ&oNHm+ASi>DHrt#{CDQ5u>xgn0o0
z`%yNgU2bB-D7N8-+LX>VzO8$x7JOT#@NGd7-xj#=ZS6xf;ajYUN;ONzx5duJ9qN+W
zZ=mY;ZVJA&;jq-{cOb3bkS45#RXV7*r;7*mhBt9gud0g|^+q;v@MlQZ8mg;NSbi>t
zHGY;1_4UE{uBNQHCWX620gnoL?xmy(iX7gZER)_1>1JHAG2+w!>{@5NJ%zx%ySlRh
zzVfRg5T2)})ze;{r(gRst47^rs~F`(j*;lUo|&~zP4}BdCP`N%0L~4#=T&1IF>rym
zuDNDxsiKn;0j76On|IP3D%M9^viwnl%Ky&~1nKwtj~aR*5AbLq9h8#|8Qud|7^=`g
zRo6;aPQ$K-(iX(3F9fW525_pkXZ>!v!^?!c&3KgCNggTNYKmzT!6rG4F)Uug2ivB9
zP$(X06(r*h=rYW)LUJ!X!5RLBVJB(3TBpTo`0AeYA>xuU;Xm{kV%$g$r2DaGnu$%}
z)rl;M2q!j0!UC~go5(KQ^wPg}(@XWH2z?gdayQmxGyDgq$z2YA)C;i45c8QkkyRtY
zay6fM-(@~^n1Yri=d)Jx9M4MH+;{wjX_i4@8QGXmPhh4p^&n@eCI)bbe;Q%`CJtsZ
zoWS6lPqeC3aXy)^fD;&H%-s#mbVIZb1+f7%Gd*?nqpGg{Gj{Sp1(O&ud1`v;`;XRY
zEXl-x_ZJYlUUhGwJ}O@M;XbMgv@eV3NY6b~H}RX{76r;g_grY*#D8!&Gu&eMpi>n{
z+DP_Kv@+bW_tqvd0qFr{iRzS6fL5w~iOE)4joAeo>?DZ{FBfib)V^JlJ!)S=n7)C&
zNj1H(kXYA`xq*dA292!)*hcc$jT0=7lye7%iJxjD=5qLSf@KH0O!`#KCZ0N*OF3-X
zpe32;x|9KtLz&%ogu8D{^4~44zN^#wPXAOBYDK^O8vD0>e=RtCKGZR$ESa1d=D&an
zwl|Wp&txm5((a-Sj!|ym<ka$qi#MohWB3Dsh2a>7k2Rfe?%Zy|x$Yw+&V9T4LUHcz
z99|x2F?=AU>T%TsD|6Lj0r5Jk9?zbXj#o=6?aFr<UY1unNVk2G2LL%7;*}azJuZN`
z2gTPtelPJ?x(N~6K$NiyEW#W7K8x^XG{W^vF~R|d6NA*PHzOz4m_^cz!?;QZMK(@K
zMWFGnx0PvcCsZl~BD-4u$;z&FRN$4Oak3QHq?BrYLXN1^l$_X4%+Ecu%9^V>e_Sa|
zd84}N(PYBc^`?iU-lRxsOBYEM>U1Tc(gQ?X{>}|T%`4&SZXtXTUI7FBuqQ$h(eG(-
zG0rbCkY;C`2WgytaD&L|l`!+ALhJ^svcx!}EE;D-c2Mu+Vm+rO$>`NGadHN&)l3@b
zuQbp-+@K2!T5vd~g<LB3>@q8*K=zt-3hK&K;D=>1E%H#m|FKqu%^)#T;;mnuq#tn>
z#rrrc`&e_ZDHk?>qg5uvF__-NV%P>&f0InCGARLop8v)6SV<Gta;H(k#6NSGCmQ8)
zSn-X<47^AFc6C_b>R{mA9NrTR?sbnE;4F@paf7aJbj5%#o#OH~#AL+IyX!TIjuEu?
z)I^8&W-|=H&`nhJuQ?o;XoaIPKD*B*r^A=3gVg92%iFS>L;0eJjICM=Qeiy2kOjl`
zD>`tkIlSr`=(rk)zT29^>#ldl-0yNY^xI@J#VPIrJ1sdZbgku!lwSSqUb9nsElKu5
zI5g2>N!F9YVbCT`sB2gN6AonNJ{&$1%;$WPR@M%&l7UE@rdTQQ_~Ya>gf7oi{Dw{*
zo3P`sDV-wlGK0g0sIzRdR*Z8iU4~8JEeauo0J`&#!*y1>uFq@$Z!cpEo3y9$Z=@E*
zR8>C3eSXhj<UotzpOOegL3TorYS0M-Fk!eA6^q!or_Ovthp9#Jw_NmO_<Jv&E=~iE
z+F8Z(7QB@%W?cm9H)_N(TIznv18B=DupMW3dzFfp7&pbLva>_&Tq`n(7cYuX$wJs)
z&Vm#Go~VP?s|x*NB{dgRL){iV$<o8Ng1)jc>3vaJ`KT8t$|aF3mG8Lguo+CA<t8(G
zl4NH62b!B{L4OtkUm`mTrcWdP-r6;qG*S3D^f~ffxA=D)zKmH6|6s3W`ZOz+T2LSl
z7O&PS3vGAb*GILOa@xrJ2KsZ#_u}yLaoA`x|E(FqQA!;T+~2<Ea1@*Qm#DMbQZj$R
zb~rZRaB{rG47tazZO+K;lR0QDyaGXGN)x?M;`dz2mV^dGN4s~Un|Xn1mY#bte8Kmi
zdub20s>J3d=E11}Rux_e&l=bg_MqWltjVLcT`4K!I#R5FPeIJC!#R-g1P)=uqAOpB
z;Zz2b(NHIB*ksFg@I|>vi$e};HaNGw^%va-$?k_<h~X3lgU}!h_({}mG(a>OEE_F(
zA%<lPmWW1U7;JihG}bTBd!33c2~hd2BkR?9_%W{#8V_Y%=&)w8MK^Eqn39-Q*n;j!
z)ms^V`r6OGoRmyW*TaPUeO7A>3t?Zjfq4*nu@G;8quHuZ)_^HiB2$EYxjo#slPp$8
zH2zY%?KhLGx~y66*=^6%J?^qfjp;qo0hY0k(yl8~z?1Rz%Q)Q>5i(6)!A*fk+$`gI
z0oN<kf63bA1U**cuQ+@mG_YH2I<sQ3RZV31N?0hs+YQ!cON@ARj~0_5y#i(X3iT%s
z#=j85D`7Jl*s?8N2_s$*;^suq{dgsO+AUsb;Jxq-ZC1Y*V|XuA(_Zy@F@#tCl*}kw
z4``KACX3>WaAt(X64(kB?9&q1+>FU{5|ZacjASH)dV5lfV{=%3P|99ca#+#N(u4RL
zs73=3Rvgqqar_O3d4nuF?iiqfgx}doRx)O$dkQkxR+VVV#@o+(q-=6F6JHSu0lCi)
zjJK*4M|<UcJN}v8e4U6eqk^D1UYv(83?WhaPjP%2mPE?%Mab2|cqQB(7lO`GtrFY7
zl5=j^(&VuC<#dU4wx`jbIjj_o?(sG%JC`D*u6wywDK%#R2EZQ{Vp7*iTMn2x%}R?f
zU$(}P@%ByjdIwr_DBj?_-ZQyo=~NKV#pSF*=KBm>8j<g&bqlJ2hPwvZo&KGXuGc#!
zdqvH-ZMB&+Ek)G)*fsg>DZR$ny(XmgTD`^*P`6H&0;;J5)NvbZ0d>fsIt5hU07RZ}
za@jxd@Cm(8K!4XjM@X%hmMVw6yC#E>>d2=9r_~Tp<dRQ!t?|mIwooUf`Bb59qrlyK
zXs-M5_IL<=+$7nqor$-{v0VuB4Q$H|lJkH=Rdy(adcw`*Nd+mZ)h5y<S$0bfV<gLl
zmZ=B$VJ@Vt5VnGmN3?2e9z8G1K!^-7rD9M)zl@Ab*iW9HsOhDaAr6&7ZFq<(JWuQv
z!-lXCj3Uf~(cKF1Wd^&UFoEr$h<qe^6B!aa+44HaI&yeLV60E#-uQ`LBU>8|n>RVH
zOC7b&$6@OxX$ypL6XgXv_A~LNgQ=##YbnV;In?NsFZnopX7}Ac*>XDs4=+@=^bcGb
z35vGuIP`N3H7ZTnbW}<;^e&;UVF7I3|L-Yl1svjnN2yeb*Qa>=Lzi+mO8STZaX^m0
zv=Y8L#k0``9IB<ZBI67DOmPd)Iq>CrO_s2HZHg5~UuRy%l{~W8#?bGRVekq8m|rp;
z=ZwdxO4gBeG9+>OVXaCz0iJ{{11##loQgrzJ_mWOs$&Z3YZo%c<3gYtV1*^mL?0CI
z*FtzN>>p}XlXSFSD-$TK7n=Aq%pD@QZU?xCN}0`Yk|57bs^M@>6{1BAfRZcJL*Aov
zD~GXS6K@wgng?rMjN$z-J-d)(RTwzMB56f{<Yfk9NM@WPkCm7f9W%TV;@u3QTv>1o
zC<aYWXj$1}N`i*z3~yII?~hTt>?-je-H)wc>;a8o^C-zo4LN)~#Hz%X*)`~c83(kG
z6f~mhLoc(N@KI<|Mi=a4h0<3SqVnzSVA~pvQBKHTWjf|mH?wHXq4!$n#EhGqcKEi~
zT;|YJ=kWPByuMZ)^0AYxu(I8lwxPx~<QO;C5|qmx@4(a)LU03zH(VX#>2uj>_uV_S
zMnYgJLJ)HeHKJy|u12ofKpuln57y-|s6~0&<IsYVK@Kf=ZCWZVIJU;21%0QvJfgba
zl=R^E8W%n2J<UrGPOee(;MHmWb$UQ<>W3h)UJ``Q_Go295U9<>;j;b=-C<7`0r39B
zeCsKXRlg}ITV9XD{`Kl}Z)A9RV7=o!nC-Rk<ioc0WWI^p{5?OK<m?5!vmgkU1@H&b
zV>M}_S0MWxhYg!-kJXfk7SomcpuAk=TABC|>=mL-0~mftt1tv(rQd?FzRW@iTJq>a
znkj_)Ljx?`FBvrYVER5S6eU5dSe8fjaq-N=mawMSGVm$b_Ci?|-Va|u2m`w@57xd|
zSZLyt@S!GjkA+sK13n2$wU`hbR)}v<)Z|9IpTo$ZGD@^+KaqsP1FULErs#CpM6*Cp
zv(iB}HM`%4;nOhQDx*p<SQquwO?57&movt7s(pC84w;2CsEXBE1-67OLiz3hXI?N9
zf>t&v#4F)-E1~FOcSdwE>q`Im5JsUeHpzrmbmE6jvx2C@Wl=(j<!iJc)>E#k*F0iz
zJq`!gC{%kj_06F*4xYU;&BLAZVf&i%$FsL4r{P)U1{=>NPqvs&b=_LQa)D<rGuS!M
zGO;<79MVFmKYjhVUdW~OqS!i*gIz@<_jg6z>VCW*MiDWB-3PUhA%8~8umOB_P^*%0
zCh*SE2qV^({7-Fs(?oqrnIyAx1`WL35CUcQmrTrqgAo%O!ePz8+u^Fh1Qx;?5YLCb
z7)rN;P^o;DDnC2{(|WOxI5+JwNBrVd$|3Xwhrcpx0+&@HP_4T&OfP_ol6$$}RHh8Q
zL?2g%-tH4MWav$OO=ak9_>wa8o`-i|m1!k&Zv4J7^yc51tPt0ld~OSFtp2|wo$l1F
zNuPJ+sYr^?dqN*qI^BBjYd?p%eLU%Oy}weaK4*G6`9Hnvhu`$BA&c$YDLW6y&tXe1
za{20hYz7}04Dk|sRRd*x!9>KX3}RDg$g1RGPrlD&F`d2{TZLt-KFe*bmkMKL1Ga$A
z6OIg!3xmZtKp_E%NW%LZeSBIrU^7@cUjhBHq};M_8TD%h<?0>vYXxHkoN{4=5ym`T
z+K48U$M07E{uY~XhCd8r+c5h00lK*&zcV)YGv>F&20z984%naweX592uF&RsWdr8J
zVEGkn0l!tN)ZuEe#4(r;VTn4*!Ekp{E;}OUm=A-_zjr6u`(pTf83Eu|*?>*p6B;1j
z-X8nk0A9mcAvWRgtazQDPY)z&Ph3V^cYs>?L--5M3~Uy}Jbo`{_yC75er2B&SZ72H
zYzm7yhVfz!MJ83haGV{@V*zX`i)?Z5S0&Sh%T&5>RpxZzm@JL)vP8>z@M#|w#AYzj
zGGq=hEF&X#ZZeN}<f(}F>VnOEJW0e!^o1F{St1#ClaV3~a#N(fU)Dg8dfOD~jHF0U
zLO(^3wta6DX|RhTCCXHu)K{6)hUfRG`8dz7`7~3aRMr0_WNwW^=DtZIb1%Ee+}GaM
zb*#TOa>h8!=|w<?xgGQ}szp{mtotd@{8y|o`SY4_SZ;*trgK7t?Y+Dv`X=5ETTWEw
zM?^=ff5osq^y^@V56l(%1JHfNt%>gG?dZ7p_&wMRcGYuLN}Fm|O7n5OjQ}udAUkG6
zqU0+a{RxvHw<E)<-r$0WTZ;N8hcT}(h9PNo8=e*WE`ZC0V@p|uP`7kCm4`9|D?1CD
zLcc^r)v^5Yee#H3Fzkpo1iieW41K)wc`%2v^I#6a@4_59Wn>O-OXhHQt<2%h3uO+S
z{;y&V_o$VRNnsBE<Z$9w3|lp_=@xQmQDLLS#M;mz`rk&2|6gYKZ^{e<JKDS~3e$`*
zHig|CmHmAB>4@&PYrf98P;pg8?w^Xdb5qH=az@a&OC=8a<4O)8?^^dSBb8Bdyur7x
zF_v1A;Rl)Np`L*bax(ZwUt!TC?Hlv|6z!9|Rp4<p;AOD=R3v=9q|m6F6dpJqQrPSN
zZBjVEO$zbqoADPnD8$FBc{n6U;;@c3NtCj1D`*|Wrto*-`-2U=(8c%-(=gG;Z~hPQ
z{s%aW5a*(^MD@{G<^}V9^uaGfcCt~TMzITF$4gOxTpKj88&fQC<{MHd-Lr84i&k7L
z8g+Qb3JdY;wGLGt>1$v|mg!J^KhjryIqqDmq6VRB!1ph7EmuNU3=t+X-JeQ#KGe>i
z@R0HO-QLWswG_;jQ|YB(M)XnI&*oF<rC>((aZ17T_$sv&%<10VQZPNgvP;2y)7w=F
zru?fqO2IURk_2O6L^ydT5&gdHzV}q06L+dAD?g|KKXc%|c&)&jl>vC=Ht^of0KBCx
z;B7mV3cQj&Uf^v%Wdm<)9~baOoImhZOW;la{(-m32HuBSjZ9bPu<TSMp3NZs2{Y;L
z;&?jh)4c6c9*OU$qmil+wa@HqODy5PqA5MVVTp@co?+ifQ_6v}udw)e6+SwwU6}Br
zXQa<HS3X+Y$6NX69VhKHm&3dcw*HH`GQ31D!=^B+V;EaOMSI<kt>NUYrisnr)f+>u
z$`L1|p`sOsS8t4AYgjEC&A2f{)l~=HLQ=-ng4q8~u>s`pSSH2bdn50<_)uxbFy_G=
zL-!k)YvK*nc%6Vg4Cok@>@Qx^hNhK4v7xJTxH)=$SdV(c^J!SYnf#wjXqfgMV=3D}
zo1hy))Zwt^R3whRMwkzeE1BnyN<PB|@M9LO5{>d$Elpxo<RAJ>2r#)(yrBZGi&o$b
zOaLdZ3Ui|sbWBby5Fj~^`DX)%lM#m338B9UznHS&1L9{4eLUZO4$qSem3)=YVWGwT
zy`_9VO=8M6eRMvv6Dyq*%NyW`E<i&VGxL`3M8WbntX#@W%#Fsen8B=H3$axe0j#P4
zY!?hpSC{_~q<vCiyRdm>GaSM=oY<=AhIAdJWS9m5*gjb^W~MCWOkJkFW>L|Ybtkl{
zFb-k#K>jvOx(?~%*VJ`Llv5{1c<Y2acJU7!Hi}07OF2H1PH0p@Y}0F2!fqdT+M8&?
zPWg?J6IzsNdeU!GoJP1PB>FxVmp!StjEVItlEr193)Tm}jK3IFYE{`WiOFOd`MWGF
zxh5^JG5Lh9e`&^H><%XieO##%Z}DSTs|t-}BZE&%EYAgp6LvW7Hm1CL%k^$U%Dc&~
zckA5mfJ501I~BCl@|OGG;+o0olwQ;AUd5@swkLZbtSWKk?})>;!w!$^v-3NLN6N}^
zl>&-K<5m)iiPF^cy`^#{f+2&C1)#Z;^Cr{j?uJ}XwsOFe3+IC~TeUd;0+x=o=su>8
zv=BDnaC|G>8u~`5WeARYbn6A=*ckX1E_%wUi89?JQ{?8fv9&~Qw%|~)P2zYP7<ydh
zyj)IHtPzJn(<3oYX7=T<b2VcIw&$?_b&H8Lq8;VAwj@2uQ-?)6=+-bjP-|hVabweK
zU#;Dy(4us#l_qPi+vdapd^FaxTLD<PjlNk$pSaq@Kn4Dk8+bLzRh=;>fNcVJnT!Ki
z8282j+{K}MryU2dIBt<=vNebIb~^FBiMTi5DTl-RJJn>P?#Ze{?TNZ-$>GE{XRJAK
zZ+cvX>pQdJwMIkbaQI-SI0RS#$3FWv;-U1mP9|IL(N2(X=~#~=ser?$gex*2YRuS_
zD?JsP+@?}A{>J0@4`P&qoqI;sjj`NydBT_zM!%u5GfKBp(m&oPP7y^3TqJ86!s0P5
zsG<&+h0zax4JqHzob3)W>>rbyRYH!sV7n#>aw{IE66Gq#S_V3&mri_jOfBc78HYpL
zB`J_tKO>&0F2IhRbgr9|u_8mJehBlxH1HO<igMC+s0tmYO6<srh8&J=m-)NJOkOQ=
zvZT&jkd-zi{j%=1AJ}bA)ZO+&yY2D1+kUizDg_=#_^C%kK2lO=+RJMDGhcYxmZX#;
zNhl7m#%_MNmZ24Dt+m@8s=MtvyY0a`+A`R<Lu0YRLX{>oxx|XgGCon;+U(Ty5u-XO
zgJhVVQes89?&qc+lefspyW_&#OgK4P<+XC27`EZ?!Er4r>(ftnSIn-E0Zb=Um{F@J
zHa7+0O^;g)o(UDT?~mQ!W34c53ng(nS@KLx+^)$`)hT0As4sH(&~@O}k8zWM{z6f4
zLUr{5d=O5=DLC)-okD8*2baHPfsM8qI4&6k^5D!CjTK#ARD@Ul7$1XH2Ij#7aV&%{
zsdyyU-<I*Eqf=^5wB``|%&9psVpLkqiK<;{dw0A0CS<JqKv&=5^uGJ-zB@*z2geU_
z^&Onv_j9}Nw$#4OISh049gyDlu-$j_=-LD8ui!A!HPoA<YT_VaHS*D26i@r{_J3Q3
zYQYt*DE(%1>g}1|Zg=W$d^<W-!aBD-iRUU=-v_=*BA@h0(y;td@acx&5qAsCBZ%F2
zhziU!gy&=f!<|m+tH1(SMWMnew}VFw{5gk_gDlByr1WGbDGp(}AN^4r$haXBB9oQR
z8o`v&9<tSn!x{;2Yz93hy6)2)`K&9`Vz<1}1x7t<D!}iSmpP&y5+qL6*Z!B<TO{*y
zH`%2E?4;Rmxp>83-ZK(Enk8kW<?7m_dGt;7%*TRUfa#YUPHuAUKb@4efOWJ00oA{d
z3nBo|$xB0n#BL)zB#ly~EE>nF;4z~;k*^t}t*Fcjl*FnPhqd-d5S?gIm9lE_`4i&v
zzvc|P#N&8Xk))P0Mq9dHkjf}mDVWE$Xbf^=KZbu9*Ii$PSKfeK1%vc+n3^58DaBVM
zH74Q!hZQ#MK2=h4W+VEJbKT^oUd8pe_$T%2SJTHIhjvCB^Wb+CkQ;;N3fs38Pj3Xn
zh(`_l9gG1Z9>uBbrZ{$kW8KOy4{nZQ16Z|_VuL5fEkly8yqkm$44Zdq2}Kldf$3w2
zD6ZKqh~lrf{GCjkd}WMP#;bV+H><=MT(eMKJv1$Dh2a^a2z{_!eq>DC3QH=EJ{Yi5
zGqD?d5x1&!Kjy(KD~30~iYz0J0eHiTXO@XWRdg**7M#<<$t;L0fj6=q@2}O*Jb11O
z{{lWEj#oo>D=cVq#DKRgqX=(<4NOdDQpCjDU?YoB5K~VUtF<mtbWC~`niJdA26oTz
z@=F)rnLNfrK^nq7B4NBLDQ#8MTo<V%rTE|-96sA+OZ{U;Sxk>sX4@r*2QOms=AdkN
zYn)Soc;lA;dIe%%f6NmibOrig>UPaYpr6-AU%oiE6UI^S@a8R=NflM-_b&-;o-=9R
zs6f_dT3q4auQ|LXNWpD_c;`Vp5-Tdg`=E*y#^p}JGEHu8`~LV0Oqb8MN2>4&SW3wE
zjuk2@!sp?vc!eA$ZPiS5PtU!ubDU*})39#4Rwz$H$iOiSmO(U*SHP_X=G~+U43tKy
z3Gpgr?PpbCfI`pB%(bEOU~43loL>?C72alr@esCxsXHhJzY^~i7*ZBjdpLfJR;H>*
z_bhex@XXflWe@MB2MsfCWP|>N(bPTMKE{f}Gep`ZZ`Yz?3-dUv9b+-I7WBc{t(qyF
zozYTRT{@4$Xv>6YmVtkTnJk9)!7&yW(0o`xvl{P%%18(sz$vlIHU;`Awt~-gYI;y5
zEOFhB_d&1GlyW^XVxmvH7JF10w<_^I*hM$SLvdCmwt+QA-4?UobC~v~Di)FpYmZ8c
z+4MIZi`j~!E{oY8VeXq`F{?N#$lU*M`TLJtJqzi6(SM$JsQNE-_y1p5D*G=ws#TD^
zj(-2IU9352YKyx~ZLT`b@0D0#S0U$RJ5(yv=OdD-P*m&p#~j{q*|okJVR<Vu_pWkY
zo*a>6@_r6$Ayv!IV7j9*`ntwAF{0*#M{4|<t8w)Ruf6PzDn%j_B`Nl@1+Fz5N$C}{
zd(BDhwRnePWjj2=Yh@c)Wn0-MZu>s0Y-`3kRyJvobjyIHawdvdGR%PqaVtnh*`1DM
z?2Cl!;{)EetExTdHja@-2Hh7$q&_}whZaUqckpj4@t6o&a2UVCDbD5RFula0<qHkd
z;NUZ<W>??Qs%F<$pD9QVFG;V}wRMNQ;-L{sQGD&9osy@k(&<s@MvzQ@-}@0eOL)yf
zX5zgZCXKPe=!1>hH52a@zw|2gvrL?zZc($s)wd#>;U6Rr^WcR<2k~O+wq%~sgRo&N
z2^~|mDNT%i3r#HVpB=DUmns7vg}aQniI2cVMjX4sMP}T@8{r~J-%ssS^gV1~Hy9<<
zxV#Y^uocYQrbT5Yi{2Kyark5`P5bR_nu&Sv(O655Vz*zYCx(fIFnA1+pMEbH@IjV=
zg+k7|#fY0xyc%{z7!GC}ih(Ym%Ip=mG3gapbVO1N(PeZ@dIfeI(e#3_^aGT~()|GM
z9!c>7d>Bjm0cIVMRPCdfL)9i9@%RBY#E2?QIimak^!vj70F&bXmLI?&8PdWqWRDiJ
zkxrVWY(K#Aoeo{tGu&&>AHK(Vw>#zCNY}faDevO0cb^US(wfnG)CrjwPoXuRxMs37
zrB|ulYg}rtwL2XOwRyOgLQU9XQ>Z~(zcYo>pK(Z3RjEUwmd8^`)a;#U=9rr<$Pv(c
zlNQIDVD?0hBjDUdG8lG$OF9C+*?6IjfbMVA=?F-Ss@)N=V3+L(DE;CB906PVr#J$(
z56|QXn7QYC904;%r8@$a+s2RS8D6f~<){RkMx{6c7VbKKN5INqX^wzddu^5A!(mBB
zz?{8~fqwb0G)KU^y=t=kM%C>I*uTpe>%C!KN5BHtcgly=<p@}`S2+T{-TXZ{0?v$c
z90Aiur8)vW-sLy~rjGJPBH8uOt9B_*z<oT9e^2!Ud^WNcPr%UK(i3n)nkV4Hk+pdO
zrtEgG;l#*PPr!`bNl!rHd^`a|M%L~L*s<H~30N>JlP6&P-t+MU!0eZdBD@8TXOZZA
zK=}i{9&R}?0@5kVVOzHJ2b>;Wr!9WDO;Nw9yX^|Q?WwxkR@iM%4zIJ;)XF`X{Q=dU
zu02w0{JLLVPW`d{sbj-y_6bB$532U7?Dj|Np4umN+atqk^*5-YSKH0Ms2f6S?6!x8
z*X^6I+a4NTyNiTD<sOa23WLhuFl9JdiIOe`F_72Az@coo6_x&oq*FruQJ3RkR_&aw
z4Ts7vG<7Od91ofO4yC2i?@-hpyTK=<an7{j{fH)>j$69nazBjNt=tcDMy9(T7Q0UQ
zj*(vXgC0!tKkP3hskeBm7Bz*`OTQoVDvB;fPqppx;K&Z?e`t@7LCZq&KJ>#Y`(YuR
z&e97V4}{dtydH?2RgMXMVsV-^f73o2??$9o%<k>#J1)KN7Q64E)V|kpc-7T+OnTq#
zcHaXd>flYyrIu-r6)(12ceU)ahuJ%#PG>~SHOh$Mx||VJ`($yCPrqA@pN&qoV95l>
z6Y<)})JovTb~~Pkz9UmbyyLr5JrPK^IZMJ+;P@d@oe+7jtXs4L73Bl3A3`s%eG7wF
zHTt92pK(JLOO&=r8=ZTOtevzVhlEhcrLmqy9L{(Zj$&@nPtyDmwGY)0R#(a5AkW4F
z_O<jiT=>!mUUs1j6u-n^e-?Q%F6VI4wa2rDrrqlD!G62?!EjGqnlq{}M6c(A>XMh!
zu7PHz5A^YVjbStRc1*gH#TE!XewA4As_L2?E5YyXSm`7kE8lE$94n<GlJKpPc=l<P
z<5;1+vRx^0K}I4WqW+qLD!`$GUVv?2{Xs`R#XrH6L8NbPI4JbZ-*fp}+Tb=E)JWqj
z8{}xK9~|`9;AY9*A0E^y$OcEhr48;w)qA$9_mYDi3*2JayZoT07m%t<4>FqI^ny$_
zxaGq=Hn{RV$_96MNSY09hD)bBGbF_Z*Ykk$^7N1zY;e@_6<5nsX)RL~YLoi(arOCf
zNUhd6u}!ZYP)NOSc#5t%&$Wi?At{zSyH_H$*MdEchI@2~SHq1Rur=Jto6b+er7BWN
z#nrpm!hIXN7GN_Dt0p>1uGGWb6mayOq#bUXP^ugB#~c`2Y7wq%*;<<^&KKYfg>u@U
ze__~bgB!C)izaPwn}>U^)`BVGlP!{#6S-Y8hbxoYsy!}4-0LIM(=Tn4=BVK*ybxps
zYp)^BmN@+!Mp=xi0$rZ;TyC<DDowg%gp``7)U7LXFc0?ZP+r1k4e%9SUsQA>c7>~A
zcqROAT#URUJ86SCGd!cGQb~QwY^m?-;pgG0Ot?Ljt~s<TD#FL1t$}%Pmx+%<J28_x
z%oygvH{-3cC?Y45U0e{WueV7ztX_y+j5uBaBP`MJc(+RF;Jo3QBD@i96wiJg$1D5A
zup6wU+C}8o+`N^%J|jvkqo}BT+kVu-$Kms>(x*fPU`r>s{g?wrTGi5zsgpne)w?wV
zr!aV5i^byxzRMujh@%hseM+Xnv8B?%X{d2cq4*3gwU{k3`XEkEVNj{1hp-#0(qg({
z;1#eq%fKSorWx@H%!6UwVns!G1FW>2pNTr1pH&{`=grdL)Y0YqluFt?us%z<Kw~Z!
zXi<@Ld}1C<jKr~&!CBBv0p$Lcfmgv^jU0LVBh|IKMEi|Q_j>N%Z5Q6k@bZ957M?va
zg~4yxeg0R)Oes!tiLTpc+drljTTG8eGr2@ZPIBC7yDR_CxI|Y>uqwpioBe6hm$rO@
z#l&W9$TH9edn?J81{{V@vKZcMyG8F&ZqeB0q-*}y9L|kPaf`Oc`(Q5<O2CMSiTA-C
z7Bk658uR)>+vC6B<t)*zd&I<l!8zp!pS97hc8qzjd4k0p*JXQrhWvebusRa&ryF=L
zyawbr{p?dxkw%n?k;!$s5Xjm0TLbfMf)m}uF_8|`87!<EsJGPQK>d|`aZ6?gYJ0pF
z-l18nio|2s3J!`h-8?GLxwzCSE5duBx0sgP{<kZ&gz~0-HPPAr-kbi<cvDwQu;Nfp
z?DMowX)~5ju);;{(FY3!4E=nBK#F@goSaBL@>e%$bWfK2{VTU)wIALK?<&t~WjtiS
z(ujc#pvM++s7lgT^yW{o6&&8G>3(b;C#_Sw99k+c&L_y0n8UzQE3DAQ2feot(HdMz
z4%RA0$?Y(ElvQaLs`U7S1WL{YCZ;@Uf>nt=*e&Vf&{9h;#Czctu@|{8rBYKKAmu!g
zMZv1b4>Wp@n8&OlYyfX>(#p`sE2!Rzi4VfsiKG%w+ayH7e{lJm96=8hVYh)*cm-^T
z82Bih)<SX9kp3VOyUKrVgo{k^`LDNXrkM~_c(_oh^F|g$u@%hTBv6N(LC;_}4j)Y<
zXVANwXayfkBxg`h^~4}=P~QpU4N`WnA}oXxSzdq8K*pi>pQ>H%piF)tyf*0-T3;-0
zsudl3?2{J^e_PD-f}n}N;V@-iMBY@F3mb~%)$wKfBH^S2UCdnfyWGZMmS`XJI+2z*
zjbaAg&S9}=bcb{U(U8x@yl$Yd;|AJ9qVJm9!b)<DrZ|9vlu#cA8qzVe__lD(j-Y5*
ze5?HHNb<79<+r(<KQnG{Wa^F{7fw&Z5vaXyUUA->^1kWgy!o=DN4R~}P!jQNDFU(c
z{c3NIH&l;AN{<CMII?g@uPAKTl5j6}UXpN`BM2|B<>1bauV>ZQ&gGd~Z%dVeZ?Me(
z*ail>HXCo{@VVIQ+wJ?OWt-RBZGHnM_R$U0uNSkZfwyq^`!`%YBU$>(eUX^mySoeL
zFbHR5?`ScrAPhX~VBq;gKJ>m#DP6?Brzw@!QMHaZyRx98SJ8UU+2TaU8bTcea;{a#
z`Emy2luFh6&Pa1pKC;4jHQS37D-~9pz152qUpX^=$J^s0)#FS`k24M)z1@*zvO6hl
z?h_lW4)$dKmgT7#hd0hRC^hP~lxyTZOQIAJ?V-2nWt_ySJXm|Zkm-e5@j_t-c;WwJ
z?>)eyI+8`<X_dM)1Bf8u-F3pk31f`FUhlG?!8Tsoc;#J#BM0ooamVlNyLWAj$S?x~
zh>S+$I3y7*k-;z$AOQjqOfrZZEJQTPBIp0>>OOfiBd_tj_y6A8Z$GR#r@Ky7b#--h
zb#+ys39XYt<Nr)Qf)fs0hJC?|432DBHBnWx*Yc=d=#}fG<=8WN+f{1YyUU`qh5Ypn
z!ko#pGE1~xguQ9%oNMu<m&v`^TJ>8umPK{a7piTqFN=QOp|-siz3qCn?bT(God4Mp
z<s!BDl?pZApf<l;q2?Ra=9enee3RPzVstt;t8L3F1o}I*`A-#UzC~?*Aqpl0cC2?0
zzml9xYr);i!bGU$rw_XM{?dQL8(#Xm!#0%ud0hI%o^t8y&Ls83gMVH>@sM#e^OyM)
zrWA{l4ePmw<sakoGNw3#%o$*cvy3@Ync}qHW!S+NjOsAAFY%|M;lzJi&Jy&61Peqa
zO3#6q;D3Uy?z$O`n!HTwK$igh6rSM5;wOA=*BM0PA>Qd$TS27&bZ|F%3AzS2H$D;D
z{8kG61nP30ysuy%zN@U}OrQzeCYC7lULN(-DNh|a|ME!whaBcCW-)aW_<xj`#}mpY
z<ul<q_?v|k`<ONcH%I@^q9Gc)>FK0YxDY;Nka<(`G#;*a%V>Algd)&PfsXupv^(rX
z3wyp#k*tY-S%Qj(_%x`(cVz|GWQos+;m1&lPp6_Pr3_|Oa;Adx@a|e+K97zi^bas+
zwIeMyhQ>kh3SX)`o~8_@td`Yj#TFi10lrKqRAGu<QblvbpIRaK885;%;?t<hO`WN-
z>idk<avZW(7!PIm*S{BEPk@{iKCFvL8Eh=))9*1iMj)9#ogeYjTLmn!y7ygyUbO}=
zWsSp4{{U_HF8d95P!<HuGdL_6j9G&{Ss;z$P)Wfy8}q^)&AX+eB72SQsJMtNe<NND
zSmPivrGU>}EHGPu&maSFg0j_)@(brp&MT*I9-b+QHoMk1MAB-Ikt(z{3>ZSx7#CWb
zO$>94$vNJH!EWA}_rmiaan!#&T!hQcbq+!ku}EDU3u?Y5zvgS=0^L5qcLmL1colTL
zwGR#vqPVeY8A>8d2_el#3Xx`3%*hQ}XkNHHI?Zc1Hq8w*OWgM?4Tt-(4HzkdaS9yq
z`m6}UWa43Ry8zsBxM@QujprzjXy+LQU6UKVOq;{`s(fN*v<qekB4%Uw1Z-~3DOmC+
zLVqW3JiTTv@XR;6jrq2_1|0IbIk=`nGln#I34tsYnW3@c27AYx#uyn=U!1J%bHqHs
zx%T~Q{F8GVmoF!!uSR8AW|OcS8~Eoi3`=jy$NItY#+ob19v<2d=EiWQ?euz}Oi)Uj
z!%BR%riVhC!-^Qr!h#-(WZ{t*Nj(fglCCr^UkoNhCuwgJ;q$SOwEE>RByDM0jtC6w
z5ugp>3SvE2rvycyFL3;?cUMJVIye)cl2j{k4EDXEDbpD#X-1W@=oO>BRaNVn6dc|^
zn0%yM%O%0d3=;MtmxqD>f>-4G*Gf<&!694oL<WN|V20dF86-7;JqO!*+DfcGlBmXE
zt$N86qLu%mR=jEDOJbjjitI83afdOeJ62YWW3c)~lBg-=oL5wxY*xo5Dbkesvo7?~
zHI(i~uDpU=$+YVJhD@Qqx9R>qujuAl8g-?~K$bWL*HVaf;2X!@;D5RjapOtjVP&_{
z1|hyCZ;bV0f}}TDDSZnw0%cN{27US~5zRdpgRyS$6#=6t42-d_L^S?g45mvMeEq6|
zdDmTj%<B}-;N4Ujry*X1v6PjP#nd^l9ChgQbrE#v*=5mnX#e$kK`Z0*86H-L-Y!>%
z?*B^Fp|h*<NwoDVU575N#wXCmuha>&jj9uf!NY|99zNr<rYX)ExbiZmYfw{N%_UgK
z>i2R~s?Ievt2tU5E(|j+hP}#P3@<b_bK;v-;W%+DKk`aQ<Kb*qt{sO{&W>YUban(8
zXUCB)Dmw}ovIAxHZ>*TMG?iA3je#Jt<Y-e7!j~3qsOL3{%9C|3i2H7qf!?(;9C^6~
z;Rm`Jv<lINP?ys*sjJ(hC(DqoL0zQfIWo?ftS)jVU$PpW^<ngj!tOlvlELg8`eInq
zuO(CHJGSY6>!k>m-|!bjqg5}NOwRg{|Dv!s^IuX8&Tqqi^l!|KV`2X2_b-LjIg~-(
zi((8166W;NA;dI{nh`qqB_im*^dgaKg}&HpD@Xn+%Q+ZjurwbnQaA}Qb%@H@wYfH%
z{&~n<D{cD1T%%3DaBX<Qx)oFO3Wyq^dvYTg*59sG^Wfx~ZTjb-bgi`MC**22{r+-3
z{VsFk#Rc=H=SBSVk+lY!{u0`fG#M5aI^6Vmi%tJs$Yj&cE(~MSFAqhs=~oo$HhoFR
zVAGE)ls5hGkY>}b#%FLx*tfk4BiQsAq3F8#c%g&P*Uf6|+Q4Wwz0hJO3vDL-H{XU;
zWJS?U`eW^+NuPzfy`&wQ^e*U^jt7XnZ+O$V5}+>VpHAE?#MiDNH@rpgzui#Tt!-}?
z`hr8b&WmI4jjLEV5?1;`0(B>Y#|W}sJ@*|~ptHX3Dr4kqvYc^)3XtDRRw2JP=SSf8
zx|PxSJ&!BBmvw#%r}fN?itM6ZVz9ixp^ww_j0%iX4OqeZG-D;QpBkT5WQtFFI8hB5
zI}<WQ+dRx*c%cj@gC9dOq6P<bN})s8XNN<+G-+UsEEGX?QX019hLeW;wL<Sd9JHwY
zD?Pa0A1Dmuj&A6{t^B(#{<BZVpcvHAu44F)koZ3rft*g|xJN#LpHLu%`hpo5&hF*7
zP;O$IKB5in4g)dt!0%INcesOIj*DIe29ZDthA4DNrq!WmItlPMy>56(qZbDutY#Us
zmT<p_3c0E$?v}$1H@xn;957t=dQt{Aq1|C5-txZS<zETl7tebYT+nt_E0)VN*14E;
z#Sx{rb#Ao!Y?x7E?*JT#4JabpmT7X1`MGn}I~3G1-!JpwA!<B)--yt5P>eR!(y!2C
zM61J{zKCnD8(!f~YnGA0Hz49pK>{3J;S&|DYvL+^&$i_Hlx(ajwI(IiO>4p?z``R?
z_L7oKYcl9S!d!?c!X}gEdEIhZDhuOc`2*Zs?MMsjUE$E=q99!?w1HR?YKhuQON}kl
zxI!jIg`972vK-DcM@E;?1o%+Jt9PM&nRp%s7n<?<E@a0`E)y6;qT@9^6cMlOhJ|8F
z$ck4@25*(eO>z0i@K(WbzR-xn9~FzaLQirrfXjd8dTy}WVDjr4F8$AC(G=Wyx5-B&
z^xKKyMopDbzF~abZMGbzz7$4*oO@B|58DReP*-P?@D0pDi}*m-;E<t$`aZ8aQ^WAa
zAC@<Um^KR8>mA4f7lWP4e17IvWEEPD!-U2pQQp7;mortQHhC@0dcA5>V?EK&YsM=P
z)Rm})F2pg|-B_OIyec8Mn3RAtDFL^1K+|5+$Ddn>*`mc-31g_lg7F#I5K7je(w!#W
zEjNf6r}B>sPOdXtqFQ3Rkd?Pl+G2y2M~+s1p23d>Q29$DMytm$ShW$O)$d&Sh1Hph
zX)Ok;2I$wVeq3fPJDa&)zixGEnYpmBIOGt_>b>5;tPRWT%*t7>Q+Q{wjaj`mNoK8E
z7L{4^4WMo=j>fD$n~+({e<`zQtzy&3(a;-S52ShWv<0#)tgptW(5kN#+7=3MC0O~D
zl953h!s?h}8plqFO~k7@bBY9WmNwA{y4=jlnt?CK@P=2TF=n|ArmR^MwhWO_L$8{5
zG*2?f)4`m#VH0?Pb2F#+&pWOTBX^r_c{RB^{HmoU_{1if)E#`)R6g?iMnSQ)MVqxD
z41{7$?ykLJ6T3S)Ejcz?c1RvvekB@bd!=Y#=0xM{F67WjKlxSUO%M;A1GFuS0WNRn
z&;=^ux?V3v6&%lCXCne#MKXegue-(CwV@GlgG(7Q)YKlMwi-gg3q%vqLCwrj&5twq
z@daH$t*}ksRq9z%|7Nx!IH&hqVeh$G?b)|kv_beu2NYTnZQ2*E#%X`;&b`o)J$vao
z635>tt2<uMWOY`vaI)HzHiRJ46~JKwkMJVM9~q3+X&bT9#-tw$B$EzAWzskuQ0B^r
zOnQXDxdL62X4pS_p+J;A-+cF;>dqQ4r>BpL^qwvzabC>0IPd79iZes`EE3G*679B0
z^o~Ykh-kWii?V`}d|-`(l+ieLRXDYco)Ela_Bey|wL0O`m)Qv4ryfzC&9$s#wHXXB
z^qp$y`v`-BhSh1Z9rR%p^vPU{FX@jAh8jRmwD&Dh`yR`Ux=3akK#f}#ZMGa!A(vRO
zdWyja1E|q<tWK^MQnK^<zi~(8QBxd~Gnvn}CH?i;c6qtgBI&nIw@5B7_gN;K2gLyv
zyzcZEGsIaXr3eM(Y@tz54lfTQD5DLA*@&g~iMc_Yn9J>gGS1L9bE!>G&TTMEK0D|O
zD(KzI?SeAN0D7>!??tum&giD+R0F61OQQ+O6&3RK<#s`tZUB{T$Ljh9At-CE{$fF)
zwVcVQQHrESS=1jdMQm;7hEAa-uh6!z1doV|+KKR;nhg5AUL0;a!$o4~f6Ds)tr#5S
z_HY~A9L@PEfKCuk-Hb-G9UMmUZu(aWZ3p|&yvyR|ou;bzj`l-8=Es1?NyJ}q{1;6K
z2CTnj1t~r9r#al|k0I0ks}8@LzQV-s=E4OyvYpi?@FS9a#L2jeL9cXDtbtlH070#|
zB0=GA1m$A<DJJZp&0*^;ZxO8y3wjgLZY#Id<R{nm&_7Ar!X`XMUeqJ(_eR{tprtc@
z2?u{8oQ80UdHCFOwh(8AE5l5_GQ;w;JY<unb%koizLoad%$E&)mxgSUZ$qK}da)h!
zCKdFp6&5jnjKK{9=mqw^ThzYSSJ<~fw+(&g+WT%-`(82j4T_oCbG6?08++fKYTt`t
zaPDpBJImg8ccGY?$8JVT;*nEPn`w9-U5k%iY1QJ#3Un<#a-~^|?`q^phDwUR2s-+q
zYch0k)Bgoqu`GCAx8RVW0Wsqiy{>460V@6M*OL|WG$f0%C8h|v=Fq1X3jeJ;Quy(=
z6zbkxLdHqdKaPLwcIRM5MnDR+qQRNp6X9&TE8*a84o9HX_vL^(*^wImpNKP6I8vcH
zr(|ucLgQgRQo=jj=_`SIXmgmAj==X^cN8IT{EbM~NTKm?1fzKPUNalRcn-AZd(EsW
zd=BnyuUMua2e@2lkM&n2z~!p;2+?@h*RF`RhHbHanh2dZR`a^KlcB4^S>9S!V$bTP
z3>g|g2Tz}LqM(h|`-YeAE~pE7r=w%`+I4TSJZGTs;*jB%!wuKGZs<n>wEK(b7S_%g
zO5%(EP3Ij`y+~`Mu>X9&BvVv}t)|?YG^1a@20SQT+9jAFFE@>=R;=C3<3j%$|F3Y>
z;RY8Q4QP)i;W5r)_2v_Q*IYDB6+eYw41dj;Ac{_jo*SDI6L@nU*=Uzjf)7Q2{KIme
z3R(;2R^8|sjp)ZP9v6jEUn%rs7>z5}NxpI&vNZezdWqrfs?bm1Hbu95S6f5+2~5Hh
zha*Dk3rv5EF>~uxf#~b<XFN>oQDpmGF`it_ZO6a20~hR^c3}|v2+rUK$MjI>M{p9C
zoY6gmYbBc&muen>;+Jh2cXCrr@eNvKQ+${5r5t_#vQ6Jk(|h(`Wm`e6<{OM1JK*ao
z;4LqkmGKh{X6b-?+k4(pdv3Dye3ZdAde5Hro_F(w7GKem+$$}fdsp|;oPXJ(#D_H1
zbog1*JDgp^gzkRDps$5$maf}S6B02a*N9hbIk!rh2+j<*zdG7Po9B728iRQfVOJAU
zPBe%u7uSMj)>K^Iy&!M0ENVuAs?$CezIg#}4?5i_`?s9tsr(lq`+qe|<ybfuQ)K8e
z&1dfNy6EzTHeCW=<8=8yo|oxoP*RzT{P?t>oE!Y<r*JWzKOOkBJm{MhQyh_@2kcxM
zCmFim{%X9=&_1u389Jm%g_E0Iw=uM@%Fvt5NU6@yqfG@v@kS?Cqp=D;KM0c1xG#4`
z7MVHA?FCyluanbh_Hug?x9`^J%fpW4rXa952CFcx)^J`T;vo#=tzTlx-S+K9_3rY9
zB|cqbVqnZ_hk3}Gi6MW*BqghzQc7q%ocoHaa#{^SsFw4(pfdab_TtYuT@?BO6yvHj
zyNi-R+rgn~#kg$=ij@sIBsZa11TLXDli69y$)swL<>c5hJEJmH2SI6=m&4ZUTpVKN
zVj}brCj%9lettVUZ)xo8qp~xO!TJJ6WJ$Q)%q9ren@W?unT>!OO*Q<dzidYTT+<3;
zKW3#3`{M;F_TyIigt*5sn7BF$_A~7$Zk4|38TMD(UeK`L+RTjo>K7`E{n`~a>_e+n
z?ANXE87He0WiF+)VD4RqmTt>UU0*O~GPlZYHX^qQsS7UlB{CGitsR)p{7RUH!gzHi
zYqs|2K4`t3x+!gK{4H(vvJN2>@U}3%5{G!Y1Gj}oRpJ0obx<+_64?`#6;1EPLS~Fn
zac}5mo{}$%Dfz0Vg}?7uM61COoIs;GyP-q!i}XWS<>DX7?-<1Sbft3S`7|`ou9Z%z
z_Un*5`+PcOFj|-9S?1HhH5E@SIeVFHOn0qU$Ml<JKH^kGa{Y#A6Do}Mysqt%!@Rs<
zFy5z!EJU0u6gfHF8Wql@2or0mePV6UCe~7w3^Clj3N_hm3mILwq%7+p6{0O9BO@cD
zn6`zHz?<Fe9;DUbd|%?>quuw0ml!Sx@Md?b3ZIK?=JwOJP%r>p+1tL-AJ)20%RWb4
zUx@9JGa(uCJ@LI>JcHZUy~H##${@{6U2s<*ckQ~DW4|4Z-X%R0gP%po$S9+2p--HL
z({cy10}Q|E^}r>s`<cN_IhxtbLu*W=)#3ZQ4tKUBMKS=o251e~i1NI+a~j|G?2F@&
zr*{s@fSh8(WM*H;sq9RMHkaGNRW#t!+Xbl${OL%@mFr&j%Y0^6gG+J6+8k=qjHbYM
zIEfZ^3}ys4fwQY{J|1o#q%~l2l>n^{`>#8+J9@=#bm{T0Z9)Fu>`Owl1}yE5nPfJ%
z<C>^f#gOlH!|P0@ZQ(X9ojto)@NE`u)4%F2da??7N>3L4mWpU&*N}8mw1qVoMN!n1
zQ?v{>P=#HUp|mCxRN>@rYo7)kJ<kko)Z`V~4tC(a{hRhdj0##?C7{6h9()`ALkGRt
z*HC~eEw4jR1`lBhkX;=V^QP=R*pA16v%06fOnVYIhW8`Jbr-!RBlj<L*5UpW=HkF_
z?X0#yxF<U+CQ&(ueuhB%v}W{Qa0e0Y)jlY!P_5BHRKQa@q&1^o!dXOjSO=jTOI(qa
z<J6UQ)v;4O?wS(j<t{_~;l`B~y|SU8;>N~`ki7t3p;mw|<RdXpB#1&*>k4E-$s$#*
zYA~3R?sIa<Iegv02Yzb0&yVuUM}7+O=|FqMB3aZ0eZ|ik*S+qHz{he3>3vX$bA5jI
zG>m(@>2*Wb<P^@`o&+xAzy`WY>!02S1*ovXv~CJ_v2i+%yD&U^(c(zElLQ#;E28mm
ztD6uGF371c7o9)*x+ydjX2f!o_jKbM?gSVei-K~io5D@ZuE{Ua&)_<?=+iAY6esG)
zN^V*me!S`6lX*lR)Q}fDxRa%dz8b4&)<fT3gqY?m!wNFodY~?@FOz9J+`KMkth%^!
zzNhPaeKCNM2~>$FX_sEM$&z21gct3vdg~_Pgg={w?5exMGM2H*CS&LGRT;}%<s(kN
zQly|&+ZK8jIJi<@)01$v<=ypiwr%R_#vw6nql++^znXPL{)3{rZ3R&bt4}l)sH!N7
z3PgA6^4I+WxHE|<PPhI^+~99+L_`e1lGoK#GO}Dy4F(JQ`(mCX;yi}7g@siE)CJ#N
zbtwGTqW+k3WlcNfl_Ay%!3pe_F4o8jtvYhaYzr#};6hOFl}d_R&_Z68hNXy#uJB?u
z1l8w-?%@`*2+(T4?4DR9XZKx)0orU_YIb%B0}TSCSX@Zq!~Ihi#c<=zO&h``;&#JX
zP-r!1CDs=H^atv8!xAq>&YtY5=ockDFwdt1_&O4RGd&cH5q66hVK=P<-+TGoUDL^#
zV7Ma4-)9pyp1$``^b12CI)X6xzFMH1VhHq4TGpEl;_w$cj7k@^5Kdorl%~-U1Rsds
zvO@CGbbDolRo5+*5%SZu$_V+_MP-D7bUj<-lIy0*2ph#WmR^^Y5%9MXE^CQDY)OR0
zv+ik0ghBfqe)Ud#?kr<TgxuYFn#K!R=F$ck`}KF{EblT6@6K4>4L7_yon=n_IC8&S
zOc&0wq<&m$z~qFb*BG_eJZrD@yY+;T$Fj@`BggMo6Gl!t{_kbd)e^x!z+mrKJyqoP
zSw2fflW%rA3|VppUbj>Wx|}XEl^R5>r>W6f4DP1OgrtT>SFTy)a6msT?P#VZNkK#E
zn@knSTQhy(bKfX3_stCh#}{Oo{I?9Y7zS}(mM=p7n}ho?{5%0J&-8^!&xERYn*mym
zMO=0m-hE>k_?_y&Uz}+f_}+W;Ub8H{cB{QESbL@K(Zyv37ng9kO=S(eeVX_jIp+AK
z>2Su3)1_yaO?plnq=$E%OqjEXP9vt={4)EvnuNU3&nUOi2v+!l@Bv@X2bDO|Xbm_X
z^tovxSj<I)!DdG)O@h%ss7ZXwt+tVEuC{SJ7`58Qt{J}aL(U&!FlDb=ZDZwCN5$^Y
zOx<g^Lz8Ff^-XzqXlCriJ2Vq4cWC_O+@a|`&3uRE)&cbnjenZ)4vqhyyhC$mst+$Y
zQwDbqpxlV~_w&=j-JqFr05=9X(n4%)u@GA$6$LZw+l?iArDW%adAW42z85()!?G92
z-urWW9Q&r)EXAyYs-<{fs#XPLhM|P_?y0sTpjm3|@<}r+!3U2q*u7WpyK}1TMC%&^
z=p9p|75>OMC<}iKEv;DLkFcjrn9#npe%^F?ydE`>Kf`AUwanYAM-8l;VJ`mRcgs|{
zl)?9Vg*QvTL}{u3a$&m9EUmyGeV@2p63^gV_n4<izZ6=h5siP2{vSB%2w+9B*isQB
zpQYBuXv|>5Zc!VfXRNr%AXeXqd69Ohy7E+3)ErdBYTJ|1;c7bgMD(_M_J^;HaWtz!
zwJ{E;pDKw?!a=p|4_W1;`!UziIHa~el2wsf+=tcXhqI!V`97kyJ(Lx#zIN$;tam|c
z!Py@iX)+<{fU!QZfYyPoZW{l4yg!L<G@rcdk~Q1sOfqD5lC@g)+iPP4v((xcG7Xdy
z(;S8P4om!*#*~mHg5^^N2ghm!Br?NTM$S}2)~CJ24g!_^DYOoBKz#oN_j7bTK}?e5
zd;+Qj>eqt~Zm8tv6xC@|pZ+J*#o(1~v85{bGg*;xNq?_$^vA3yxuiwS50O$D@jFnA
zxuomYgD(8z^h<b-Z}nRQX`P+{8sCq<gO166qIG)F#^6q-b>Pn;UhdLy5vYban<k7C
zED<q&r)ToD&wiha#=`_|>pcnE9ex}$w>FOd0eeK*Twl;xk5=d4d6UesYMbt`4HM!n
z@dZ<8ok8MDH)i>qN#@I8l)<Tek{^So`@&vGq6|*&(-(~;(|zVENpceG-)FoutFP@>
zvm&hR4=}j9&sZ2};?!`3fi4~t#TOoQCgEyWj}_sax>uc|*xoW<0CAgKJ_*GJ5;j;#
z5Y<p*DW-`kLl&#hSb)oQj{3aF{CuqX{DAgco|s&grHF@&<-_3O!^DSX_gGBwI{P>#
zdF?;e=f{NIVvrS@3=?CW$)%La0Fm#r>_t<i?boY6^q*oYUUF3}47@GN9^*U1(6_I>
z?+vx@cUktLDYFfI{r0}M)xI0EA_wt4#~|APO4L7(RPCgvT1Rqymc^#2&0wAZ)UC-j
zta=~DdljLQdlBsY5QCKy^?E5n*BA?g2lngrQcj!SKEz<y{t8uY7n`VQS-vzkW|8D8
zl9to|c9zWP-$zwtL$mC~HBauh=Jb~<B}0wWjL4k**{IqM6+1`@{ZBX}@-h2@L!6$I
zT*ozro2W?!n3s$)lR|_$j%2vxb;BUyr`6%qF$dQ}gSa~C4jJeVz2Xf*e^Q(RH@xnY
z6dEEhh6Fg#u=|)JAY=bth1C=B^mJv3qX<iV<L_7b{^&zzLXg&iH6;#(J{aI@+u*T2
z?dvI6BBVPEM2A=zUb-Gi{0jQ}#?JC(3zs0Ln4>Q8*zenC2ycjCguW;ef4?k$wl3w`
zWttR$)|Mpn!T>*?WzRF;PaT(YVP5v%uPdU_(@myF4Y;wd;z{TSPq8JTFFT}~-$SSP
zh|^ybE(v|^WIYS{+Qa|lN$3;UQ0lsm?=f1#^2t6ob;0_>vJUrhK6zgxSSu(IwtGv<
z$s|$Ahkr9V0T&ZDZO+Gh0j3Ds8WT`L9{M4a5E7)-A-}}oFQf6ewdOM7rX64+`VdQc
zD6|6vV?@^ZNk2G3B7-$o!<#4a)?89)JGc_#MmfE9)S(})og0sGI;_;;SLiED{FXtl
zf1&X(qep<Yg#$6}V75YQ!RS(lVm^-fkU`!=AJ;XowgfBI@}F+`(^D)DLcSR<gRY9p
zD>Q$mN1#63b|{eOhT~p0{QxF$gxkV5F&;Gs{k21mVtJ5pFsP6I)F1wvMxQT=YdG~d
zB8V|{!So-v7*GcLgIYQEGd)Os2#{nrh7Bjjh&mFbNNNg9$D!QUBN#wG{XzUWtw)g7
zfCDjsztHM1N~Ez2jP<$Qd?YR&7bD?f&IZg)Yly;Je8Al53f&e?j>kmuWB91mfD_}<
zJwCS7ku2V&$#?$P7?`(O=91SA6XF?+80Sk9(xxr?qsC#k)5k<^`msKLeg5+}Dp#o~
z2NArYzp%s+l)3FGQ?uMZ3p*zHNXSnc!b^CV;pO7Kn3zSMCc_q@&{u;&Oy<7z)sQg@
zeE96|yXWcI-}`S9+260t)3U$M+NNcH-!o76sb+7}v%h~g&yxLp;Wm5r_cik@+28ZF
zRXqE<!Q;KU?Y(q(-+o*xKeM5&!QGuxTXP!TX=Cz2_Ig5lbIbguxBlja`AuK_&9ycr
z4`jb5q?@L#+5fmy|NdojkAbqs3QLdWwKa$3#Wp7Q_K+u}dopLjJxKz;>8PHu`*2%J
z68MR=4esqRrZInw!HI1$3w#wAD+TG~Ha(^LP=g@R*Wssan9@CCo=gajzePg$jCmp<
ze3_wlpLwQ)@Ha*8zVl>4_?z2)RzmoJZ6hayKckP(sy60a?fLp}uV@p&A-?qqA;P`e
zrj=6zf3*%N*Yc6I`m5z;30Ws4q?biPF6$UCHTT#cd))cEC55~$Q;XY>@=SAJuvrzc
zbK`$;LimBDx_C{tir0bKriAe0+QvLe)Qs?3lgO}ow9cPse8Uv_5mpe2hY3EkDmGUa
zN#L_u=uWWo+QP9_%`MVww20<@n((Y()6}RfC(4#nqO^qIvxF6^iQ#h%F0F|zDv%d`
zs{G7^7SY^U(`3u>Q2>`fXuna<k}bzYg*jce9NVG-iO*-q#$%!)FjKZ1T@kReWaCjS
zqGVIgewO%?Qj=*dm_C?zOeqTPmUzkBdQDPjofOS!vIrAHedoaF1vuU|Bukrx&5^Dr
zMHh?8tY<B*Gbn!3Z%&jhlBe6!rEfio@mdQe$aLxW+mbF_SGlHi>06V?n3TG-4s=eY
z@%@_6I!$PN1NtdE%xA$rg3g9eIq)a-Jyi8WC$~CRK7l&C(FbUFt*l;VN{v3fML0*A
zbWM(v?9XZuH6?ljb4v8BNdzhf5DDnQF^W%yPVOctFVN4RL4ekQzXfT$^LM5;&oxP*
zjUk2O+FYTHp)qgwXHovgKaqqq@7mB(Lq_xfhjGi{hMV4GNGHi~)$3`Jf_p;_>5@0-
zY(uNVoe3D<(C4T(xgPq^`=UU^KP%(_9cfMveNy{j#Oh-ZMT}<n6#6mjbBGN^X?#dc
z#W|2Lrzd<G$C@y+rQt4^^i^$bfaw|YzIKLUV_<7r5=&rVZ7oCek-ys#J&$@+WQacE
zRq8cKd1)wrHkUZvYI4WT_AYZC4VN3b`0xB<-#l7={<{+&2Fk7TEwe)neJpHl=pk*w
zoO1PkGFoovbv-;#IY1l2JhbkMdL+|^una4Q?ex0gC$F0}hg^KO77gJ%xu>gDDl*&-
zMVc-?T7G`pNzrL4ek^Qq=)%@vXxj8-Ik|1`bPotpt|GcUk(8d0EFxz(DNUNv=FkTM
zI2|7>76fegkQ1=%vGNCH-v?0%82`A50Fn23?94D}q5~N4vVD(N1iaLQc{4?!;2nFs
z0kvmFxSk4a1^f44*68Uox#9LM6Tdl}8c@lDRVzycjA$teFSIh9u4X(X4_D8(5*DuN
zug!eQn2m6!5@ta1>X0;=2oDF#6|zCyJ+vWQ#t5n*-4z&2l5sd_bGU}li37TG(Ygvk
zv}&iRllwgu!k8U>X7k4Z`W{m(&tqd?*#~?eH#{C8|L%r1QAaZS39~379<^DK<YA`j
zn=EW&b_zbqV8Iibqx8o6)|$b6>k4JDx{c*t`=bmN>m9G!ItJ>h+&|nZ4EGm26)nN>
zsBWD5r!gXPOgDvAgPd3_^Vf~f?H^;^I2~$di|Mex4d>#FC(57CXIe*P;(#a3RSqNp
z!@?18=c#h$^QNwHKF`4z>hHSp`Mij7)c1DN=kvEz%;zHxIia_=<`m3-vV00kl&BO8
zuS4jYb_)8xABKYdPnSbMK^IAZ$Yiso3#VWO;}mS|s#8$F%o=Gh5^y;J0TZJWu%`~8
zf3p*?=Djckd{-U;w>nD#t|I|=I&%X2ah!mG1_ILK%ml1gI02zL<rA={Ra62dJ|!G+
z76R_P8-{>k^~xdOTa|#7c*9{i60jZ#DD0vWu*pJz9|^b{fq>!B2`G6g><BCmN5Jm#
z2q^0$3FwVC055go1Ppd2<3$CXfPm9Xz=~F!fVEGRPr#P<qY^N)uDE|{A>h(GVF;M;
zOgRMPs00)t0rQZ6?MOgwXPtmu76Pul&j}b%w|oKyL?_@(T@lr8Az)rO0)8lufRi01
z0Yfm2?&*%4fKe_ycIl)OFwSKrU=b3qB?19!--}AXf~UpJehUGo-ws2-jQZseFij<3
z2NEzH3D}PWEHDso*h0X$_c#H=pDv$(yYEIN;L6is%N9%zN5GHe5pbx3Bw#dND>>4E
z6EL|FC*Vv+oq()Lf`FAV#d@CpkUdZTjkh^r{pv@s69&B<m9o?IO-ZO#$`-T;L)qbm
z<xqC|Yf0H4tY~xQYfjmS_+&M<JJ6ml(PQ!D$*;MMG$vk}-`WP~4HlwrhOv>}V2btm
z18{XRAv6}vNgB&0VM&a*Aayb48+?!Fr+;FQe%MQB3hrEb>zUw1IMbB3EE}pg2D_5=
z`!{bH61T*`!sKjZue{7mAc4fj;2*c%5=R{b`X=LlE&m9C!>q`1NQS%>bx2Moi$lg}
zrrUtGY^K}UWX%Fw`8TTtR`8slF8wXL>2^Wym}~2}_Bk!7`<vl%x<4DubUV_Hn{Jcw
z9$jfWZn|xX=VHI`Yc3a)stVI>VW)tYvZK&;`!Ry;HZ!{Iw&lsN`^)dbSw3s(mLu5d
zs_k|jZMXhtyIn)uZG^#gyCrS6HL)H+!E97Idm<>EP;{k}TQBTx^2l3ZD43sI4h3UX
zrE>t4&UjQh$583aG$@@@mCRbR^j%KC#CqiuaQU661oV8yEXb08@!<%#Tpj^C(<A{?
zDsuvg(>MWhDsuu#I_Lz<t!yS>5)x1nfq?nZ2`GFfY!Q><mSG48H7JLG43&W6NI)hM
za2^SmXdvLCkpP_Xe`O)s!m9PRyu;~Q^h^Y;e>l3<A5}jrVSU39HmE$Uzp}j~>|4A`
znctohmS08F`lYD#3-M)Md#?4@RtYH71^EG@aKrDYH?3Y1>Vm!#)iMq@O1z~nX%!q6
z`S@NOhE@|<m9DgqkyFH&F5Z?HJFlUp$B(v<6*LkVOl=?vXdG(kG1XDYX~@|+yd`Jr
zxd!EXPqJD><?8l^=Czd8h9Q$HlJ2|_gYO$!3uxs3HOyda`+b!18Py;kuR<+u=YEkk
zhXK_&BQJl6jQpu;vFcGA*wPpShiUm&HAq7S6}0pi*?Fdc#?D18%?Zm{A|{-SW6-;y
zObXP(5Zo5WV7Po<VtJn1kgzlw523Hn6-hsVGdSYId_iZ@Kc%Z(jVc=GQ)pwjf(`on
z6z8J`e=Y3}{Yf&7pFpd_mGR=D+flE(iRzlI1-&N{XDWSA5q|vWzFsa9^QxO_FBA+W
zX%)#k6s`8cw->#7?S-;8b!I9a%r8IaSw5`_zf_>VC^L~vDJ-wfd9e0NrAf*QTma^h
zVz(k<H5bqKl5#THyBMsQ=ap&9;~0#6)SjJw?%!?M>5CrK27CA4%g;`~^HI^}_J`$V
zr@yWPn(_Cr+35=;jLg5AveV~0rl)IO^Pw%H_@c+OQ2uL*^^!opI`XXi!)VDtm+D|H
zD^XH|4wO(=d}zxkzFY@WX2WJk9YT{}{<vS9QM~Awo~x?lL*p4+5`%G%X*UOsd}vBH
zxGgC-tX`9*v>_aJ>AA!wzh}!NR{XR^#jdxkRLn^h)K7db8c+A?V0OF}g{L{moHv2t
z<Q^okzI9G#&)jz`sl2v4qp>IZ9aEP7GCj%vPfzPP{`bFY<Inhd8est&f6hz(?0GjD
ze}X!gA<_6#hWyzy>>lP?=Zf^GHw2wLsBzmu4qiIn-XTaE!raQbglvDu#)0Y2=qce^
z+A_j5kh=e!XdIZOgX!He3I}dA;2bE({53i7EoL8EpT;?`%c*l<&ighFY_6-Je)w%G
z2PW5-$8_&U<G@xO%z?L~a9~<}&Vg|wehm&Nk^_gFoCA|PaSm*X(>buXm5l?dpVCl2
z^^TPTqn;5QSkNjO2MTpC$KQ#<fw9kU4rGn|H94>olZDLb%sFt;Fbf9TXTfP*d<$Aw
zIj~Y%Is>B4g0ni9l`W!hpr9e=z^%Zq$$?uq3;Z|>#u-+MWA>FIQ&;ihY_s5)oCPIO
zSBeojn9<Q@!AYD2yN3UodSDu6?AhOubKqO5bD*fTjRSL^)KI_uo|Oasrv(QJTSw!-
z0v*ha_o8s1@6((E%SQj2GLVn?GFEow9Oz@HJaY2`8wYOcHqU&U&9hb7O4mM!#(_IJ
zn4D-9*bcO$ejNL2azNz8_^CVRz^O_)2S(ZLfg}1tzR9*4E|#m|@Tm5{Q5{TCwAJui
zTn*EQ{hAyoLwjH_+5@)?v!J(q7F^WDcbRP#te3N(XVh76MF+Da+AP?Jv*6;WUsDhC
z#cU?myKoK^Fr5P{6&nYZ)zMJD_^y=$gX;+n<SNlPkgJ2a@NN_iWYpsvm^<p%l!1-N
zfyKyybb~!`-EI%u)={5p<G^;wfh$q%fu6cO@J%!h>_iTn8u@F=KnB_a=g}Sr7;M7x
zcAK!DZp>xbETa9=B03Y*CLE}PnG($+I)oO{;Ss+k2gagJc&rm%<$^^YX{DF8Cy{!h
zOwC8KOwHyb;{IT$-cFWWI#yrb!=HG|ma{)2StEGDn^wLZl>vjLZ`t@gOz$_=*6+CN
z_rqJ!_&rhwGwRJK{66(8=l9Nxf1BUC^?hpA1%02I{<dYGdZoU$Pwn%zIpy@WBr>dS
z$_p|}7H6}XY`P(28aSQ%wvE%d^>y`P<5-5|*s`~6oL;H-J8SDVO!iyyb~H{G=wMDq
z<Mc@6^sK-y<aBt+uA9OweRM?6$3%A9Fp=Hd_6nB3?=w+k=IVLW>#j##(0d{}18<gK
z^8dc#*MOtmBDif#{{O6W7&e4K)r-qCO>yZ>+c@~2)fh4R4QqOe;^(!OGv5e%89+@<
zvFCZg`SWku3g`6GzmWBYO&7_2XWopei*ztk-mr|Aeltc@MiT5PJHbPAI6)gaKRl1w
z-1iSA_olAW#EbgG8q&ftvCcQtCf1-97XO%MNXiQVsl62DXG)q{lWTL5$Q8F()pVPZ
z$V)>pC=(RDx=a5L%pTOo8Jv4uuL{@7I@E?ebZ)DNL%sGX!Q0*+*oOL|{)J_&Y{r-D
z*E6aCenkhfq*b(`-uM&_S=pF-x$xA0J}0~(8V|R-srE-YM)zIohIc9NOc3=x%INzH
za`_;)#&f3)Uj{S>dA%m|D+pER6LkHTd@7!a<!iRHnJ~iJq**2N=o7lt{l0a4zSWoF
zb?-+UpXD+Pa%dad_?*<gu;zVR@l@GwP@AZwQ*|);??)?~S{H}s_UL=DPTf4APp5fp
zEYs<`C$#C5)5bcThSh5<R;eW)`EivJlW9wm`$e2h^FB(}XA_@H!Kw;<gq>399QijZ
zyH3lHg@Y|^Yt+~V8h?h_`kj^i_O*=0<_S8OjK4);^M&U`*}$Rq!fl=Xlg{QlEiG)m
zldQ4%R!b9`w<LK+glF^iB)7#p+mu9J2*{bF-%9Rz9<Pw}%#<mA@wZI*n~~-T=NJ+o
z4Ef8ioJAM|he;UtTf!LI!4qy%DPg!Z7;8@=jJ(kj2L6^XHg)xcb57V`oH>IqMhurQ
z@VA69t)l_PNp$gy>KF#bOaWuB3S*`L#z_vt?k2MFV}anuR+S$M4E#9M!4uBuZiA6|
z9ATUvD`DVo3FA(8PdHbFkrvt<HXp<CW{by32%C=y2s9qn^bi(4X54mT?r?4g72#Fs
zr9BioIs;B2I#)+YVE9|2lit-6Zr5ysk$Vnd6sn?zza@;FX`XPNcpHp8rxC`ikrD>}
zmN35U><Q<|wGHva9}&jU5fTReR@3cw@`Ty@*zwpR__0vs#})%W3c7g0?V)XWln6Y6
zDjp>UJaRgD!ujQGFop|$oK^WT+`x}poju`pvNl>~T|gLnG9(QAEn%Gan&W{M^DGS5
zJMcBu;=-CN`@U8srBnm9Q|OcIfCRSFpigq!dm@_ODr$P6uqhW2+Tp=O)b+yOdZDl%
zz6@|+Q*gyU`ejhd9{iEi(F>COX$W>)hM`8<z!M1d${2|w{uWUG5zzoC(?Hx6AbP1F
z?&=^iXgu`q=C0S6wuQTxU%GEMPUg+nfFe^gOzz={R!vK`oEB%PjFl={{ms;BM2w|X
zn4&8&u&0}))hnV^b5pBapQY8`M5~rswTSUuoC&(g)tG(>SxDxgZoxf9Q|xmnz}VdU
zj)v!TQ>X{V;pm@iAC%wxDXuv3Co?-286mfY9E^P5+1dQXFQ5#cXLME}_pMZc>Sois
zSV*>2_1e?jKyuv_`i0CGKSCqnSmeTBvQb>L4=w9p<SnP@BwkV&+eQ6QMrHGdUKAi+
zHhpMjk0Mi}H$<a1weM{1WMXJ*2w*tcPiba`{sX?n0QZfZ%+EiDbPOQ8*+E6?rqhhp
zU&R+&n9!Qo-9o=5Nqan;?rN5;f52)~JNaL$A3A8s^B#8E6gtfGzbP8MrG4i}7Zd%T
zz#$CjoYvJ$=l_Cf$o@lJ%+Ei9<G5~)?_n10ECL&`e8aMK<_;ggE@W`Fg~1-Ug$(Z7
z$@+m!$l#?Ntk1u}yJf}QjnC;PFahy7+QZ!ZGZ>3>o$MNv$z1YX#aiX1{Eh?$8hO1X
z-mSLF>?|r%6*^=|nWG^8IMP}EF~=$YnAt=8fj~ERBF3mH^;TTU3-n*G7;h<JpB1w5
z)fKM<qJ8L$1`U4>^Af|a?UZO=>eq>w)zJJ{w<;x@oJ!=9Hv`)1+s3-|L%4zSxnFw~
zzm1iO^@?0CMXnli^<7)e)VuQ7<BI)N&w5%g)TH-}x6Tux?CA>U+#m6lHIeG+WSM+o
z)LU8wss724G0%I?hF(Zwo@;-V`?Q96sRi?#ietXlhWT_A^ZjoTHK=TNgUFbleaD90
z0M*HEe>LzK4fB!jnlZmsufmuQY-z>(QUi(k;FcQC?>rM3^L6jr(3>y)0EPBf3+if^
zpL^eo`Lwzf#{B5pR?NrOmzW=WTjTkqdXX{T*2;$74C!IoYJWBJDGl>$t<0E@eX7Ek
zpMA%QdFC?`^Yia$m`{H?GUk(7+tAznq`)m`f3@dH4fFM_&6sa|vcj0>y=TRI_0tmb
zmG5cNvZj7y%zN2I;<A*Mp7vK)bZMDwk(QGcmzJPST8^mFGWl&|eaO)bjb+BRN3Q%A
z4+l*;_XC)LI(L723`d?wBbU%AwU5&<IfO^;uZHVGIJk|O5q&E@guULkGU9e!$%x+X
zYr>aPC-M-E{?LZr;m2ei68ozok7<~%`p}H|j>jsD`C`S2`NldD^QDTw{42QiJbtlo
zFbV2)pMS!Q&9<R(V}rl-z0vM=3T|xXqm{Fx9pBi@t*UKo7UK1T2+QuAc7YVQ;!UO>
z!Vg%kcj{LP{SXdefxO9IDV(2Eqg41jY-ieN$<IUfS7UU3_WQe;p93GOaE-ZJHh%h5
ze%?`xMFWpKX{+#wVZ*VJWn`aXLwtgap4n@EHL;FHli#ACGU`-VMy|eVrKw*%Nz?Ur
zHR)a+WjPyU*Ze=qMPZ=*)fs(JSY%lg4pn?nm}OfOiq%D7&O4fFofl;}8);|k50d92
z?5|36p07~MnD4AO&llQwzFFn@;&(O7hea`d7TT@KwKB$Hf&EpXZgB3i7(d@u-1ymQ
zGk)f&#?SVanzT%47#Z_fcH3-=G}~s{Uv1URwr%g2F)w(g!k8DfuwuTvp~QTB3k~yv
zXZ;Z|@BOw7y^Au&(QkisslJB!H*cFUKVHAWm`{Gwius{uCFWD#G-{o^XN?Q->P{rG
zmtlQ3!<iZV2tu*$Qm)Rs`Jp#)!zHh~UXv91FUZHe=GyMTq2lUHahM9IJ&$^c;g~$V
z)LWDS*S*Q~EBF?#8?FB`Sd4cEszhe+ZaWtzNd_0&Urp8-eAmL@VHIcaB^!eWstmqj
zV(`g^`o432dwttX--Dfad3E;J!N#&}Nj1M#nsZ)ztP0mXh?%JrS{-gpz~si_UeXK2
zv@P7J%-i%yi`1q#j<?C~TwWXb>D<_2y(%bHR$J2}NUOue3Fv_BbJXj8CZh?~&m8X*
z{%-qg@x|qpg<rnB_eZe*)J~DGKJDUd#&nF-W?m(6EE4WJ5Fo{>G^W5tl*SO3#yAG&
zqttgE*1{$;r7|iz)Bft1eoZjc!YodE8~%&}Cpm9e1#0{AQlRF&L7V|`6j%7T(MMv;
zUDKGRz^YhxP&KGRE`J1XAOF{xK-<FY?woH!J49l1KPC=q${WzkIB{rD-uunie`%LU
z-<a+a=Vax<SWWq({I2D~(EU-gHC%~D?@MWi(ugBH;{$uK=*MMAUi+)<k82~n<pc9b
z7d~ELd$6FDb(~i`CC7P9E8+}jiX-%#UPF3thOr8yHQG`?lr-yF#Tb)U-ici?#2e*F
zyHL;N>1I5ar?#-yD-L1Q!EuYxA<qmEgEJ%Eg9kivaGs{sq31+VV(@N>m!x3ub!=oM
zzMzfW{E*o~=i6VcdqNwFy_Q{C=!puC#b(<sZK1kL+wwkf`myX}$@8*YaLHgIvpBk6
z9Q*>-)a+9=a!t+KE$v02<wdVs_E$Ib%n{SyG81(!xxz$^`J1g6^mA%0=)Z}T$xyP@
zEKm`S>kOh*B%*G{U-SmT9;NY)w_`oD#(G*E`ivoNZ8A6Z)3z`$mb39jw;-(nees;^
zcDL|KVJ;Sw-qDV?%)zV=yW3e>Hulq6(08J-s%H(D^ApAcm9yofwP4p!5;O)7T|eP1
zE&uQhqal{I30ew@hAT4qZ~TK$^nXM(QDe2xaTmQ<N%#0*!dK_<7rlPTY3hPL6GeH@
z63qXdK9RWnj7aOsnV^|hHDLBnSjBVqPy{mPCvP%!K{4lp+MDt2eyuNc@kyLaYrwS=
z-ZH)bbaM-SP#5$YQ+`K-O*h~ue)Q@D{B@_qn`}PVHlzPD;TYl<ei0nQf&ae^$8C=5
z_(k{_VoV~!Q3t3TFzVC|hLaM%$eSR`uJ@FItG7!;*>w%MG9BtoL8Q8d1Z6JN;tI3J
z5EJo>*lY-W`9*LHu_C`{xC}8CzX*;Y#OW8oF@#(FA~=R{sfxj=0liNkoZDlJa15ak
zzi7M+@j<@`jv=1q-<@7=L+ptaOdU8?)t~034Pm)Yanour4+}3Z`PyAi<S4>CM!^8a
zm|}xh`8U4rhVOsGm1k79AZ-Y%u_XS6_HLOPr5d#2El;&~*VXc&tZW|~D(_py!^Mtn
zEic=ZPRU~bLz}~Rd~&iQCd@+Ra=fD=Z|KFt0IYv}RV}Hk_3De8raPF5)Q_t6R(IYj
zFNXKpj=ko|3d!PIT58;NJrJvalefIx$*tw<>)A!eDifcSb>i@c;vBlrNs;%5<6(7Y
zx0a@`u#1k>W_<E(XWnZAj^vWgio9<b55-vgStQ8Z+fDDa44-W3%6lzAx!%xK!6@uv
zjFIS}Hx(IJ2X#jZ3K)mFxr<v%TDi5W-gGrSDd@tXu0rWth2^O)R_49Np%92<Jrg_V
zy)NOCj5OZsC!DK8(iE9pAs*)97>d+%3p(k&j^LANIEDvt45#22&c$yX#&3ztMkO6|
z9?!!kJMmlD_^loIt#ssZKcq|KvK-h|@6``^d<%Kp2YGx0d3+0boQXUZiL6F+(|g^<
zC+W!J8_456$m6U^#aNWyt!1n`(^2m=9iJTPz<W(a4S1k~BJWPdLl*WDDW_(3)VXmQ
zpNz#`C$QIO>@}!*F=np83_>Ck%a`W-HGJNUiRU|`%U`=?ra75sXr!1}BE8({uTcPY
zp$IQS5f&L6b35y36yuW|6yfhtgum&e(2fj7{zoa+8>yB|J3_lu3T(Gt4dstDDXp2v
zo3#^R#KXQy#WD@ItEE!Pj$!0)6$VWLjN9#$!S;WV#Ml_P?7-3p)fg<R&bI?oa61sk
zoDJk3Z*cH6SUgQsXbpu@_E92z81{!m_GG9^Fx0qUF@_q`s*I#k!r%(ua@PE9O_>^K
z)jC4buoggk&BWLk`T!J)4vFekB_5V<B7{M0rytYKQwGx)dl9$l4EAjjb!n=2XpKas
zFgIbCndrb;FQH8sp(&1-SmL2g_<#67TnQ1UCz(STROls`i|=6u`$9zdnOIX7b2hz~
zSpSj1L5_7}Mg+PZ+E~T<a)>xZwV}Zr>)!~h_x=yS`cDiFt(7?o-2&?r73)hO;tU|x
zLpavJpf;g3;iFWnId&f-3I$e^K7K!iL|O&^eWs>f8TNWR^QN^HgWK_hKBiTZnEbUR
zasR=1!k`YJzlBdz>2IJD7Rhj>f{W1KGU!C;?;s(S{ucg~ipA(s)h}(gd?|^+^s0nD
zp?&FEJIj~)RwY>Z>35KpDn5ek*0!^i@LO1w&?hxOKUx6|t4iqoShpG~r;7Rt3=x=v
z6|-@pPa0tIBNv0EU#H@QAEsn8{#Pua_c2&dL<qe<kv^PQL|8U`fK?@g`57UEmC^fH
zP4TXnu%LWreHzCge=Q&9So#3;|5Cju@BmzL=$Xpn81$-6nA1%YST21?Iv^4fEB0rN
zx9CIA#f^0=%x~lF6V-v^SW|{YQ=v;x>(zoj)JW}PXh>bZsY&Cx=5nUdwwU`YK>s1r
zUAowt`pdt|m!F4w`H_6-`PnZ&mM_1MFXLDXK2!mk0P%$0*P2hy{UK7sa8uosOGPh2
zoNa`5I=043gsu#l8!%@AYa?{QanWX9xo!T$;KUl-LcJc;+2a@N5tx1+r17b=N--+_
zGhYV$v4lQ|7{kWuqH3NPbj$|2;$JdVXrg!?BcG!X=+6bkTw4f8%T^Hi{(f_#`>|>o
zNfa+@iVSs__s>~G-xi&Fe(w#Jg4FO2P3XYqL6WnBIvpxA_<NAsk2(Cq_a`RaPhE+W
z)?_h_6X=T!e%Rq9;(u6s60-6LUV*tv35A+96Mv)Xwi!8I0@q^6Z);-Jn#11_qQ07%
z<HgG{hjtKkZZba10m{-SWtoYzG9$?p*em#)vJsg6ZfuU%nE#HeT?SWopr5TO49M|f
zsxc=%Dnf^T7e2_Fyy4bNKJ&{{;v2&1aK)s<Q={qdY$4WgRu*+!wA5?JHkHGQI0s6%
zY9Z+^1|?m%wIIluzQ`NELeVY;2RD=OF#IA@;J18Mz>N?o5^BepAiq7*-mg^Do0(rE
z(nZqF(4Q|KE(SyLNbrB)NCxixNT&YRk7RNMM)Hpgmf=WV*G96m{DE{Pm`2h=JHh}y
zl3gd^Wrsm|MEM^$nq~jPM{`nzM$;W}G$-L`{)xeI9L;MXQvCBr)5YK>H~qw#SVTMd
zX=OH!Z_CP2%qKL(Oe;fLh{nUPa$4>;w(QDxMPtfoxl32}{PWP28=k>(8gJDbC#5M|
z2KKHdf`H0=2b0NS9#5c7R>Sn@QQISDkgxA^I+HNVyNf}`sHzaxe&uKPmeUWdf}hjd
zG~BLVZ{jJ@CZ3!ue43?tqRq1?`<RMMwd7w<adN}^M{iJ@Hp$Yq_Q>h;e+PrzQTK@<
zmKH^w`4uCROWpsE$v=n5$-ij9D4)Sj2Fv0|MYP^9&N3&1k<8K@PIf^*#cHoJ$=oN8
zZ<WGziSPv%gRk$|fGc9aTiXWw!wL_0HCY95*-~!+J!(Z82;aUo4LbyiNytMcA%6hb
zH-!asUbJS;G~VPumwPSaf@I2O(8|!+Z=n3SsFW+=NT<$Jm3pNd>UT4RbEvu?-^H>y
z3lv%f8BiU9EX~Z0<bdEuszElm<#DJ>F{Ln-rDArKd&!%7CJs){6Mr;u_`;&|%u_O)
zIMBfavO>NXERP$$?sa`x_j)j4@DZWEh1$*p3LaVwb~~J@=<@8~rd4^XN{FsPYcV&i
ztroOai#KA{hX)w+Uh7EH%av@<%av>p!`F<#ja(n0uVAd^ZExx`O=(-`L)@Hyur{`c
zvm8n;U{Pv-Ng3RjW4YFnum>)9!<FL1)fWrlIbq^fLfjnaZT|jYZsbq~l>+?HAN*#l
zbJrNL{=!;hMWHV+Se@r1v>7_xddqPJmtSVP=pgclUi6whd6YrsU<{EUdY~p{lSBfa
zOI~9HO)UoJ2Z?kWGFLV{QY6uIp_n8x*muF3W{@edOi%_j2z<#omcn2uXIUI`j-bCK
z^f4@{lZ_>HYOzd_h2vpZbHSL|JuichRQfy%(MDW_Vzta+UT2bCAV9ATFz&LqENpQA
zMHVF<sAUXEgn}~D3_xsgY_<-;okDF416*{`TNF!Z2mDbyn51Fx{TK!#8;NrKF~8%`
z@b%C<S$;nzQB?dFEi-)h2Yg8cOa^|$Jq9c9-0@<*B0nLtwjzh+#u|e2#+g7LVQ}zu
z#7{^NjBDgfjb$AFkifq#BeVf-j;g@QLR>=Mph@rw5%nY(eGpE_rVX@#A6rOBETi|s
z*^t*bs(rac$u=2<sM@qV`c<(-jw}HE5QDLQA!-er#h1Otgy^*x6bW9l7nZTsB6Qx+
z1Zx&>osz&{Uk1@?*p`Ty6H8#kKvE2qNVrkHbSd&E`v)0Dd3<@JeAzh4L&PYz!ymT{
zqkR64|5c;h`!B{(zVyfcF{8XnALXI8Q9frK<-wQDyK7)@C<8fdSDYKlQJmOjT87-O
z?-vi%66jg#^L^&$)79sD4bKV8#+-o+a=SURG1M@L!MA@%qx3f@9uxDziboB&$Ooqq
z+omqFqw>5`i^VgzxdwTry}X@^ggwMp7<}^vu6pqST7@t8nS6Ds$w-=;{*%G%R6_q#
zD<?xAfbsbbla)PuK}0M2>;~1!hQ`9B4M*mC<)KE*6A9R8_71te6!L|E;d-{n>rbJz
zU@dXeB<PgP-+mX9j7$LrE@u(80|pP`!jVefWX>d9Lf%fLZ*jXSGZCA#09Pty&<T%;
zp7LYXn{>hgbO4dC#IrVOw0bHXPgsZs^*5D-IRdU?g#9Kfqi-`p-%|7saIgV<`wa7Q
zdB)}Z!9?0X6O|%dYmDW{m++B(6nl42S5HfK{m^Q;t@~ObKM4%R3NgJOPGpcY6<R!l
z4P6O+1iq!nxynKM8+oR8-m<RpRh{F4$A1>NuFPPp_>hai$qQb$$wCN;-bXE>AE^j?
zsbxAuYJ1EwMan4yE`2Kxhz@#zbSxOtJ&nryPV=nx#48NeaeE?8R7!g@gVq>MEA6K>
zKB1JQ^T#5@_Y0hP+b-A*&?=BGM*%im@NyMX6_#a?R9dAKt<1iNrSt*Vf8MJf=AAMe
z=3!IL;bCYYy}<m4<}?+}SVBK$uw$_Nz}$=80LQwOct$@bGzor3Xk1M-hWPTu$Q+Gh
zuwgL4ddBEMO<=J8`81&`ABJtYx)t+Vn70<yP;UW@?=Wcf-PFZ!q9hm5cNi>vgV6Ui
zOGriHRCFYENhE|qyAW2P#WA>)ff^0}u2Y7MFQ2!MK^%h#0lnoTWwCMeJ~(<#pixC_
zla+}@nG#|1`SLzkXaG|ufQ_@lfAFmFg8}^DFw+Mgh0B>Fl~#f|-qhGQS_OVM@AZhj
z_@Xk*=FN!|vJkxw68YB6nS`=Xr2)Oq`3T>+aCq4Yt;||ezJIUUnkG3Pp_N%vT=(Kx
z15s?~0R~G79B#QF2j~Y3Hm>xQGAADWZ;)g2(@$PQPPj)QFqj0LG7-{G7rg{)o0PF4
zrZ_RJWp*s1)nQC`QdSmA=%3)sP}Jmb^bgK7aZo)X*Bkbvn!#PMzFc03OMediEut%;
z<WH=$%*1#G83hE_97Uira+Q}bC7UL|rS6!yk1|*|RMN4_X6w%sCKRo~xNz5lPHDKI
zP-qg&`2+cHSv-TdcrLXro<r~D;`x|75171_kTkxaHDr*v%17w$8KKW(jW_yx5ejl2
zgR*>w(=XgiWg<ucX7afSA?dqr$YAzLAE6Jxg?vYv3{v33qy{!PlTj7znD14`WR*H5
zMYb_nEXU*#bxagFCXa}1;+}km(~V~a4H--{VeK(seJ<bOOf`j8K+uZyQh{|zz9Wci
zxR2eZ(dkT}ufg;`6U8GWYxM<hNC-MA@L&Ndx*|S?ic_KY!NxZTDmn~~Y0BL6CA7ja
zsY_FGnHP1VQIR*9Rn7VU9Jy|o6cakC$szf~aS2^Mv7@30{vCA@`Xo1IJ$&}p77KJ|
zxd2d3?6U5nPZ22c+Q@CjUlCZ|LH$fs2D=@^jqA;9pLS=alE8L(M|t4JpSegXYt0D#
z3xl!g;_!{Z)$?AG8pLXDTLL61`T1ow^7Dph<Y)Z<g#6PQ`7@AwR69VJ-yf?chdMY=
zY>CqNKgAev5+mP*)P!s?GFMoP$WaxeWtM8=^!yur<CycG5w92xzwEVLBsw}!j?6IQ
zOF1;91BrIcDA&9paxo~t4bgpkQljrH@3I$NK99iKf#?kp&a>;6%X1NZ!Tj6|{2kt5
zn-oHZ#iq$SZDU%B4R0)i6Ak3UMBJ;!!q@WR8=4>ZWY21^`V9Ms8o99yX06~tDW1{l
z{J(FApDENSKF7JlEfZYts)%H&32Z2J-N%inQ7tjN`*ed4mgyVSlF-*A$_!36C^n+J
zQb)PqzY*m;f%003a-KjrF0yQ#y=0e-0fXe&pSfh0je&!7*%)b)jT08x7^TU^X`^g>
zA4N7qe%nNxo-=d9Tf>^caMo-v2v^|wFa|?EX)pwZTA#=b2CmZolbgqGg<H4%!DDgM
zSaI|uYbOJI!*M{}aQvWcfZ`eK9zcqpX-YqU&BU#E_?GB<M^S7nrLf_=*BGc<mEnFs
zGwEMsSa1=>8%+B980_Qb`zLNxYcno-Q#nD3`j`>=52jET%zi!?nPpr%-iejb5D!@y
z*E=fX0v5(S0)+#GOMWyBS-9{BgY<#wHt^<U%Qg@l#l;BX$AQ8`oF2n%2T=y|+lCdY
zf@#fttQNv_HkHYblNi>|awW1hbENm?q+E$ary#oN(ENZLPURyo<}V6;5KjJ4mK}9+
z>jUzH>#7!m)qnKUM_?s3TK&gRDMx+rUx|kL@doz{^<gc|sE;<G?v%kICvm1kGOaDc
z{tFFk5oue5#6Y|_{77KXCTQ@!WlE2^6TVx8n_L$x$~VmaqE(iIl_I`*a0bN^KbLPB
zeyhk(k_5;O<2{wLjBh;0#3m~q{(JHZ3aydoC#8gyI+Hn;*V|i=Eczu#a`f83*+B&3
zq-S|ODU<2HV2=9vp~lar;ZfUyMP8y&7RTT^H*gcBq-=Ti-!JvLK{_vMF_`lv-xG?-
zd-tMAA;-h$frLEMl*YkHf{VtMm@?Gmv^#TCpQ++AYpVQ%wbq#Kw=tc%pqavo7{OA!
z`2;TVaf*j2-IANqJ_LrMuKR|-dQcP(Z{XtpeGN7_6ufvNnvKV1|AJlEstWA6>Qyvz
znp;_;(+Qz}m0?j=&wGnggHkZ24<m$r$cHkOc4z*`1T+mJG*uV`8UI?D_O+A7ug%cD
z_8P1mMu_5}tzdZ%jwrX88e;O`A~$WrF!9UZ8KG$b+6wBHi5A0*Ex64fTTlkeo)O>l
zQ;K&th$4&Uo+#upQtm+kZ_-Q=hiZ>9$QVpYQM7)#=ne8Q{t_<n#ml3>c86PFkuI<(
zqpcateN%9ZLKa@oy2?kPJ(LnRtp&TEEu(3W-$LQaEWe=#H6E?SoD*ppWVXb|=Novk
z=_mp>TM_|%<_j2xv?1odF@Pft!*GZ9;F||a0LL%c9Sc=CWh;q!ln}x&to;WWozZtu
zxcHYVYNVdwbu6K^VZ>&Vin`^@BCkiNk67GzPUkA%0XU!UP|^rX);FHcB)(Ur{DT~e
zbzWz(*s}JKaTHz4LBs&}KDe3hP_(!ZC+<*IgCRsG&_gK0cm{2XX^q4p;&c<1>MWwQ
zpjSIWAM|q*ktNf3So2px+ru$#8M$E3vmPh<v<JOywRir>;P^nI@Hu|L>q+5XIkej0
z|9?XA?+eL7AtWXDT1XZOAvtFflBAy@B>#k?D}A{99pytkiomT{zk;b)x+zWR7Z8Zy
zO6bityvey9o)o{+O{+sr4510mT*ZSy64Tc>tN}!PW6^{BDk2jmXy%_$BuB)|aLK7A
ztsfY;$g5CvT~y=asRzxNIeiQZmm5NcXcgpUb+{1YH}aNm=Boc+MX!^=#Te_jJ6S9J
z$!_K>4fEs?=$-2$(8ifS|HUBB=L}Lvq>XCwf8)8>cViA$Ov9Ej4*owF`)9m@)fC?+
z+>enrdc+O=y$rbN#^CRSwuZ-?3AB2uW)I;39=JkS00^IZ^ylKtWP#6I3LhBs+TtMK
zB8ggDN`QWVW{QV;nVa?^XsEQNRC9<8SZF=EO5frjVZW*!7)~Tbsw50w;1lP}=e9`I
zlQmzWrJfe=*y<pOv<f6@7R3#05^mSs0Tl!=Si4n%yDr+wBj%Hv9fa0|KRVsC4!r57
zHQ~8rI)*?Z9>8uT=;f^mcMP34SGGEcvw`98TSb7IuJT5n<$Gbz>$0hfHDJX|I@;o4
z&UX$%rx5rpN9Ugk|MNF|#rogH{Li}lse(_R!T_p5M=`ApGyTH3Tm=L9-e<7qwyg7n
zCM1`M+Az`7=sgA{ypdvVG~Cpv6@xRpQ5(ih_evO0&?z9=)?kD_uFx83v^I0o#}UjI
zYN)~31wK(TN@U)dE8Uhm01xfzGdQ>f_i&i9XG@Mx%h`i_g!~<jRID15pX0-O5Dzn0
zutV>#S$4qY4>MR~c(+l$Gt?haYZa-*rzFHBhF(RsUV8B^8ENtD4mq5G1x9Inkil^S
zErkZu7=+Y5L#%yHi9U?P#xhuw<0D$#CCXsM4hP}$ISFo`b3`kW6mbvr5QCcmpB4c!
zZ-LKpEb*PdgYPla>3d_oFXk!phWQ}|x3HlI7=wjBI`}wk8R1j-Zg2jN4(;GnxBw-R
z==Q755~(YNI*mTQcNu&)!bfN;eU~Ewen!ppg;C@;wmWc-`LHuV%>mWiO%t<eeLOEA
zA+g<9$;mU#E-@2Vsxz_Y0$;RK_El=zyZWr<!}2efD%6pS!QllyceuX!YTrBa%m0qV
zsemhx4q+5X*s#NdSX2sq`5@GR89vki`y9!%9n=Y`XE`GlTF5Ud6_Hwgmd2b3Og+&Q
zo7{%r--=vy{uaN#alX%7=B*inY-}MU`);<+TIj9k_xkJG+1d<>W8nYZA?kkJ$@Zyr
zzwjAmYoG5ki&qMR1%@x(uzV?wL0`4+YPD}Uwa6MWSZn}wHQN`Z8d?AE9cY^^jy}`S
zua&L)wen1pt%y&jwV6Jx9NF>tK1)5aQ5-W_kgU}Fwibgi_*Qy5O7z!UC&2iv4h7BW
zWAlAM>iU8One@`;sY2IF2sbXBcea=%UR}2CZZS(Yy6K=9(W;>`*d*pGDWjh=xXYEt
z7ox(5H$c5GO2j2ybYxcqJfAlVCl37zzV#KA3PGJ^6;v+de7}!vMa{@V3w)kr^Z}^z
zjz3cF3DMHsKUh-gOrXu7h>u)#Sa!~lhWWekcXLK)TMtcvX}%(bQmCCx+d2c32HlL%
zSH$}|u+!`GP%lg($qMqxLu<i=3l7Z2#&=p?2G;|=V!qYvci!RQ)+_v&=`#_4K4;W1
z?re0a{OC}mPvv*NqZF2n@TFmhicqyQ2~S_jQ@LD3tG{8>y4I5wZlzKNOSvX~g>&%O
zFW_n{p=}wA5l@{kYk{wnx^h@r1UZd^nOhuzh-Ww_t-8X+V5kb|M3|QuTOHa;7BDY&
ziO^eUynvQSFwKxiuz@*|U~hv}A~Olz+~JT0P2U`!NLHD^U_RG^Qi=N)*p;{oIo6zi
zT!{AV`MzxGOf5#wJf^v83u`ic3Vje(oO3ARSE~5sL6?PaPgrFJr*43AI3NQ?LqvDK
zIpKJrmxw7eZHt3sD{k7JLB<<JGGN~js-H-om0O4Q3_d6H5qQX%KmjGDlG7a<11CKs
zmcZEirA7OXG}GA`WpMj`w8&?~YP`t%)F>`%AC_5SKQ-9i8y@BoR@lvnGJnkxf<*a&
z&vkQ&!R-f#ni%8!=jIIxWzg?Iu|IK&2qafFtqmKNXl85xt&OD{y~5hS_$*=Tt}-=x
zhe1AX^ghE#wk5&?U9iy`P}?uj+bdLojl6XgSh|Gx(VWKL+?-B?N*>;~Q>p05h3!eq
zTKO1r;{m_OS}D$;KTlKFvqT1)9~8^k;?L3UZNMP+LB06&$0mV%gh9q5+RJkvhpn`l
zCR=9eEzjs+q*1P*)qQpaNmW<JRKMspT<>=J<A@e=9D|XMh%s7d7(8xhuhmI7@v$j=
z#~9gTo~6fnwFiY`9}}Y?F#Zu~8BdyeFRHZeJ*bxt-Tt{zStK#|2C>i*sei5?P^D2<
znx8sT<-A+<phf(yF1CnY|4mZ-s=&3yLb3*I(k1KcVuNJ855qR0WSv{gCF>m~ehaxg
zx0s-84L9^Yy4WO_6GZRQ#iR)35`QbI)M)}4EJq+ueP%WT8!#C1kY0!SW2+JPgDxTy
z%8^0Ty%!!)@OR+jwDQF+AYdNVVUDwX@R<H`j9HvcNO3yynOU4h>G+Q{_c$$k9JKTp
z`;aDp!#^hB%tsl&cvh9i@1~G{Yp1qbKkfSFkS>gOKQrzZk{H}J3F95{I$j84d>VDR
zsWUYsuLV6M8Wnt|>&jSesH}WQuzvMtcol&%Sn`lrcjC&Z(B{ldQ*FVlyFN3|0O}0M
z2@rZn_yb;LA^N)M;3|=WtwhqO6FTw*zfvmyE0sUp>G0sag6W^(V8DTgwEH4O`gM_|
zpO$}Hq!xqxhdEp1=JCKsw!LE|Se%4*!GkiGv;ixk&oM&(5}?od>0dltRNacYX07`)
z+#XDB*{;hatngEHbI12r4J?-IB<A!m#VI2K4?IkaH{9@W^vERgb52Lo%%|w;*8Two
zV~%+FYAbdOnV%Xq3;<^y&gRzW&Tjt3(AnL9)@hQ$X;>HQHqf9h&LK(JTGP{9`E-qV
znk?-&`E>QC(YDgJWy^x7E$_&d`B7WmeV90V8+OfkpO))dizT!&^sFULA$or5k@>B9
z*OI|sQNPuvmeFL1w3+WKTQ2`JQeb|L8kpa=mN71$OG&pNRQmtedk^?1tE_)~Zcfh4
z3`u}wKp-FlbamGkgUhZfn!$qWx`uaOU3b+7L5eGbzN;uQfQ8J!5J8lX2?$7WLX#q)
z34#pLi=l()gkA#z(hMLV?f<#w-shQTN*c1dzyG^_K8Bfj%5A57?>Xn5!{X!MD}q@w
z>%}}db+B`6R>-2z&63Sb8hmE1k+$&0uxXx2G5i%~ts%v*d7e-!|HI|?zjCn^TRNLL
z>EUG?-O9|94r6D_%z1XSi58RT45Nns18c=iwP4<C@uJpTe*YiNFy%#Tz`v29#|;0h
zVM-A`!W~K`bP1VxE<GQ^$}{X{=0ZC(_Lo^U;87>u<;B}!h)2Um;iQH3qQ#(@+0qts
zEq@H7@bcF3QW({jv6clgQMJ!&GOCCjTyw!nLMl8b0}!7Nk1@NQL&?nyZBiF~**;9Q
z**JXOShk(_e3?cLvDo)<_%`&KmF>$jao9L4RBs&=-J4^f*DQ<b&0_W3z~{qvS@&@`
z5qfTM)N{)k3+lOC@RI>rI)}@9-PDrk$BgIAi`s<4Mj`yAIi)akjk;h7H!#HfQEbk6
zDTVfv{auCnTb<lmimA|!+@Ua_zEqkQUvN>NLTB)&Nud=+cVh85Tx!6qUKN8UbV(|Q
zc3vw5Qr#*kq#<k;JHGl}A9jTiLV!1fqXo=Qzw}}7i2wm9o|c#lUt~Kl4Q5gj-mlz#
zadlOkL;A4#zu=c7==GY7HjW~JHplE!X!9-z^ez?LG(lF>=^O>^)}<NHXkVvDq*c(+
zxVWd2$+|b8p`@|hom}e9aiKeRb&53JO;FNtV&`x=x`o46q2{+oH9slz(&A2K(0G<=
zV@gAX!-h<VO?DyW+M`mTM~8QXz}U*p5r(|a(+oS_^3G8bK8Zu0hLzg}`<3~vRE}a(
z19{Z)w1PzWF(Fakf0PZ064W8v2C{k)Fl=ZK0i?+tV*sS1jmiZ`8YY5|6-t`!`@ENA
zo!2V`p4nXZM-In!$)b0q*xrFDA7$e0(8uG<#P-mSIpiDGb+$UxD~!PMll4M%m*Q0Q
zyEr+3IPSo9K1_zc8aM{qL8e1fA=b0UvVaOz-n7^4(qolpjb*=3uyQho5B9qKnP`I(
zV_Ak!R(sv9Ol$`Z2ijoHSf-KDZG#YOtz-ZbjSgRg-<M!AJnqH6!fzdz4F8>x32!+v
z@%B42@kO}bp<xF|(lkuqv&*%aZRi|j6`PtS$!>k;sG#Rh(hPgqxz6F{vhitEsNhr5
zDbidvs-d!$9qz=eB}z9eGZIX^1iN=r&BO`g1&(lX`TZp>r0znGQ%b!|A@<HPhZoae
zwnt3CJ{GWMU>bbl765mb+jTFz>A<eAj4~cCc6+faEN9}5e`r+Xr=0^+tc@}SHTLy5
zGRbv6aw5}IKOTcV`=}p%#)^LYiOcVgapuI10WZZ5^cl-k+?kWZ%sr}`4Iwy=Sv3_{
zgzY($>~aUu24f~L4O8IYE_V^OZ;2^=&<6eq%z?MV{+(`z5bLv9p{e(;z&h&vT(=ir
zf%Vk;HX2m3reZQ|ce~(CM<%`sL6#xr;c*RX!{;o3$uKdy2s^>4I7bmShjo@hN5B9d
zyQ9_p$dK9|(jii9pGa3nQ7Z%=V?wXV>ressIIZ4V9Nn9O&}#-o_2!Iv?(1mqF+TL%
zz^LbbNEhJa%dtNZd|<;M*4KjA5oYam3nJ(WMQ#@+!-?#|Or@2(!Xb-G!!#J}(Xb`_
zR$LzE_GV&B*hee)h=#AgMT=One2<st*_DZ}fIlun!&jl2cy@q(0bhm5aSn|ncpNNY
z8l{nq3(6m;DtAEsB&B>@q4?uaBJ+>(!lUYI8Wd$)omdl&jc1};M|Qd$ijy*QPO@?M
zGR~_cM;i)?O62*Z0}@qK_Kb+hPvlUf6xj6WOKWa6BuVgjGpepFwvuS$etLOx4QqR`
z8F!GHN#|X}cKa4P{z}S`b?w9C$P*mqG*)tCLwja*XvXoHVT+lZig>tuASC<yee_Go
z{`MSxJRoZ)^#4f6`2_lboGb0cG*gL%Ahv{6``tq97iW8$Vj4_gPHYMNm`lTkaBN(t
znvW0^LwCEwMWMccB*#j}o8;JMdr6M1)8!a_Cpp%K!H;f#6t3*UU<7kvP1rh)0^bCg
zI5a1AgyHcH4QqmTEc0T+ccdrF+KgLMu_OFQm>l{GnMmKP>GG?$Fg^}uE_XAdjE|z`
z%?+f2_vs`Xqq<@TtyC^1)wd7G3a~alpj-mI7)^y&l=bUE^rfo}3<4eZk8lD#-JsG0
zI=n+9fgVX$1o~kIL7)O8c7z|&X$CipWnQl!mG!+%q0uTbT1A+V4=9;K$xe4r0GzHc
zH(r2+V+BkIp5gnb<k7abz4y|yE1h2TXt>h{ZSXlT9#F4hVtLOn@uI1MO44A+Zg&aV
z;N*A~5Z8)#yGavyWHj4_@v;mK^+N77&<4fhNR>_6<My^h8*CrP9OB~CJ@o8Rx7S6I
z<m7m!N$Qv>sbh<zj+u%&wg~FL=HMribP%+3Xr!|=)AzgJ+uj;&@SSpluX(Y6ahRFQ
zG=y-MRV(GP64zg3$f0f!>%x(`r2=P<=~9U4u&b_EWqWNpLQ+`n>Fl~3b}uH^X_qiC
zb!~C<A+qyJ8RHCJ<S?=e!!$eAm&vXq;D3LcJ1gAyP&%1W1AFTV-88O?6M?t3--PL~
zr7|51JL6I}vYTz9yQxKXbE51f2<SgD{W_8YTASU76#bMH@V6ZN9T@(eGrU`#ZvMTV
zo_}t-)hiR5bWo1YZDD6V8gRHYnNAUi+5CoPbDEq@F_}d_&ty(FO{VW(HkpCSPUd7a
znZVCTxmO%HXE{@hIa^<sVI!CunzJQ8&z#LO&Dnroe$HkYb0*WJor;>X+|Zn@s4I~E
zqR^bp`<KjFlx$gI$d>;yWXqxANZIn?6e(L4P%pnU$(Ct9PdC>Z-OMn$xg)BZ6Q=0-
zdA|DEEl&u{m_|n)TBqGaJ>0Ohj2`}h!@_AymLUONpoa_>+@xpNJ5?{_PFWF%kr5jc
zc}<x%Y>6}hZ4i|ICPS<p9|u>Knu5}8@UGCO=}_RluK1dfR<*mJBOJA0?V_+m5XfQq
z6nQ4}s}zPQFr#Z0rgPYwQpEtujvS_UW%!R!G7Xz}i+JTM`O1w|edS{uW_DE(j$a6d
zARpF$!^$ZvOEp46nipagpLD{lo<h4VL3CH^TsP4ztSr&}FNgD87&fpQY2s#lT}GO?
z1JfvB;hJ*oC4GvcoBCmjUL-phL#|B;ofDr@9C=Rs>nY*q#HSX!<!RvJDW(&chl^t$
z!Iq}aZE{9s3Z&x5Tq4`$RRCu|n7<-4)544`j?C}2%k-Lp@T<V#w79C$U>yiXr@{JQ
zDkC;ZVwecsvyefuGUDYFy93f{URqwk7s2k!I~tbIb;Y6laC7zfT^oBIR1Ez&{kAp6
zv;U9^O~^TDu93M^yo264e+pyPHkf1=5=na47`J2MBglSd^t_Zhoea~97%P>(Zk?}A
zeMkQ)N6FRc;IfBm)UOHq6*&YtFkal*VLH7zfW@4W&!Wc4VVZzD=^XadwK|N`z8Q3!
z|5=CWyl<PB=Y6$U=Y0i*y~yE&c=JCwLof3=MH9Q~T2sqDP~4{S2Z~h#7s4BmNfr0k
zEBUDj83UC_$Y|s6hX0pLz_?I35*l&%q)QYh)9nr!vmxXA9A%w6|7mN`cZzupZssr~
zy(C7Keu0SED>$wv9iqVg)pf<FZd`xfi|o(9vih?iW`7o4M}Nv=f}!UANTxqo><&`M
z>XRJiNf2lks)iWW2CIwRg(NAibG6FrjX%0K2Ssnl*`od!Imm=0gb{^|sXMn6yZs?o
zwCMrTwjVDSR9c${@eLU46n!bJ=j1t@hB?S7q*7)jg%ZBO;rwKomh)hW)j_rghZo<1
zDP0+zqCQd2-$uT9fYUU8h_E-MkZvzD4vH5FD!7=;VpGB7_A>H&z&5vEj^##A`~PxS
zC#L-sc?|6ipLwuo<?x^!Q?&2+40p<T)<PLJ$V}FTTfKtur*<hrg~JZfVpkaJ35xDt
zus9=TKE@f4Gx{mEvk?m-9f)K`TDj(zsy|R}`I?gdUzD#YtVH>m-*UJ(nNA^po?hkh
zHKo631&RNxpuU3MDYSw!E3txsi26faVQUBG1e;7Iv7mAAKWq8RuI2l3EhkldEtOIg
zI{>f7WfGHy#=Z;z>PM<YD@@r$2K4YV;6J%cQ@Cic!pYmU8}>?~^_#($u3gX5G`luf
z(D*;KoBmT;=>L^TPUCRY?Wbuqw(K<7HV*m!ndE;lCC9Ac6eT3DqfArzkJK#ZZ8x-v
z(|<}D{a=|ID}1lXRLAMw|IAR-4B=ZGN>;e7Sz_b=P$*wbExX;0_t+8Y$#f4dMF7{g
zIPAZPVGF32PH3<HON3opz>hbHsVbIbqFmg8y-1k1(YMY+Up8;+8*n&kXY$yMvT*PH
zrxDhc$YFRb8P#^|pAKd19#M;c@AJw7GVSGnH2Dr@aM(_F)YN3c2HmzS%aLg0CrspU
z3quC&GgQv>m&AN_=Az%$bUzj|?lKI(H5ffD?_B$`=u$D`Fv-r)!(neeqiIuN4iD8r
ztYsG$Tw)QEGSCCAEb9EMVs{Cx>@Mk9$j2Hy1+8r`i9-_~XYui(f%k%8X<2J<xHg5n
zBI7WH*ZMQsHS&yz;iR;F8WZ@l)L?zsc}tl3x$<eb>Ze~(RARBUpN1=-G!FAOu(;cp
zZX4gymSHUp{@WSWg9DnwTz)??y%AB3JeacYwixG99C$y6_u9xhTC#o^ron~1veT)Y
zl_2tFcn4=*{40n4V?$Q>ueV3Kf2T}RmOquAXpO~d9N#LiyUO<rS_@5HH7AEXFRQ3l
zS=5XOzke{M$BM&ypO9&7jfzHWt&Zm9>mDrX@V0Fc-kJms{>f@nQ@kz0W0k<6U~<S~
z)hB$k2^=odXlvum%5v6sJ9(^bhHH~p7J`x(i?^5QvAUT<9~GFvje*Jlt*8i&e)2{-
z9B4`^MYD47n=<@()Ad;qvoMMAAWmiB&aZvj+!059W=sxA+#%bQhv?KKH477rSxPV*
zURx(KI>cVnpp47gLZ;Au`UGE+KZ=?A$iql5mPD8b>2&*`Nvz0E!18fNs2;upliOm-
zXmeHk7qc)qOT#2h2HF<8&2{nLpUR>N<6r*9{WDg^e@;HU?4MOGjL+_t!t~sBw^gHU
zV*?J8&AcTG-O0*MMO0GGw5A_zce^5z-!n{s37;@2|32RCCh7ef4%;V5PbVUSUEe6N
zlg61k=Q`mNSt$=6<R$oUcq_}dN4iY|@@1mu+wG#o$uDPNDu>*LD)+{k9;`y&dd(ha
z%?u9?_^g_K5coqnEDJ|FDL1xEIlkR(&U&za5@YhhqNpA&nG|yDei3zbDP5Ja@{1U<
zvJfBSFry7K&4ieo670wwrjP=8G(YO?8%%BIY>$vN$e~nRZ>nywLt(HCo-UaxeVYU8
z7a@{AQ27GwoRR;Je1GKRD~<B`d1Dn}D}BM}*tqSHPV=3ULQeBWKCzs8ECHR*`^A=R
z%2B?^BuV<|lH}^7(2rjI$7_>Vcvh#70I3b<1^%Kv5o6ry61$`x%9U(QWmNPC*0+@k
ztd%TR@{n|WrE!>ftJTFAcR7@4D)^b(<mVAcg~Q%u<gYB(>)G#TC_C4PLt*Err7(Lv
zeNq(cHj$D)iqQ5<Qq}2RP%$B6w!44Y$`nMeOw4>+%Ga_yLgL2@hFbZtRCLuiqdeSS
zS4_SYx~ypz`i3?A7js$rG7x!7b@IW7H^bJ>8rFyDX#qX|%*`CObXI!N#s!Fw0$pgR
zNzCuhFeJU7(u*Z?C|N6nuAOV#!FVBMOL*2H)45L#mJu10z+vAM#^_+2wZG7s4FoQI
z92?w2LEwfO)uaNwsg|nt@50WcrhNFaavR(D|Aa0+uP(l%E++8D#R~ecuGk_pY=a5V
zCWxuLK(+_AENlS19D17#RM=4XM^jG(s_Y71S{Nl17|NU#NEUNq%7r?adAEnq#+6A`
zqU?S#WllJ?$`!i2T{()q-iQG5LQ~T2a4)h<bhKb{2r?VPf``1kRQF0dRQB|~)8xkX
z7VRgC%^0}L#^FI$LIAbzWaf~D3PDghwfq$uz?-qw&b(lS_$+J_>(vl`NGmj4w*eu&
zrge^`NGOPF*CeW(W`&8{-5T1us03FHIqXmh=4K8jZ?>jmS_x(PDt$g|aU%)AbzOpN
zVI}9PY#J!ksqc#_wTuWmQ@zUPPs@I7nVZp}oM&N{Kv{2{#RNXF+<?2Q+oA*RF6hAg
z%C_i$yNi=T+m}h(BLnV&lfnb;CT~{(ciShKqESk=ms6L8Y?<$_llI>^@i*B1n^BSd
zHw22#f5n)U)WOuZ8P<<90joWDOdnk(HsG~6EZD%TK{M#EaoDX)yr<^6!_!VW<fi?T
zwd53YIh^7RNz4E-L5g>bewq%-r*SA;t30DN4hzua(3|vj$f37?w%bR?xRW_t+(0U$
zkZ}$BGZ@}hX8!J}DM4O@UgpI_J_?gzNiBw0&u*_LmK1C8xO-DEi^Gh6N;`|H&n7f)
zkO;U7m)pqgjK|%QY8Yc0N6NH#x<&3NY#ctl+0U&dn8@LyP7IS_RqSS`7|j+*9vivC
zEfZ~8Iefc`#mEXi_U(TSxmCs8;ID|(eww*wo}e}&9Wo!rq%-pP3c{McR*$T-rpwIm
z^+IqtRlKfyBsEF5gQ6zEHnn0BvJiFmbGY;|74<lJt52sf8;4tN^deNfX1`Nk1ifVc
z*}1A@|DbiIlKtVM>JrlfqoxAWG_ug{jxX2Q(nf4UfWz0%{A|ic=pHSU74k-4pXp`v
z=gK6e{T#y*<M{k%YU&HdA?KAs!#o`EU#;-3Mn-t?*b{=F?y}O>cmJI+E8Tv<;G^MG
zcxXt57E$mvWXbq%4r88V_;|>q2{smP&MP8{pKvs$mO~CFhZ{N3prO1u=V%mraL66O
zSbPE|aTt2UtqNF-V6uqp&?9b_{tM;D{H+ty;N16N2H%#_;QJ2_0|!T#on#hJ<krS|
zPwJB;Du7S$4E(!b;lDYgP_<H$hIMZ5;LQ7)=MI(ve(DLgFIK9dX%o~U4&7a0P3J=W
z-XUT47KCLFRe9Ec!*u=j{EA;aL%-J-x>pOo*(Rn&ZpMMbO#Okpa$c_X-Lv$22UpyY
z+4{Y?l^Wxx`t5@%zMa8m6Br9-Q7Zf`-ADos{uLcqEq#`ZOM`w@rBg5(w&w8tvof1i
z1HMpYu~TW-tm(>LDIn>sVw*UiEuFPFe`^)b+PuJ_e_NSZIV}D8?r&r1h&dmUzs71W
z7gf(Z7LBUE)FYi{#JE^AEQG3ykGaEhe*}h6n<Yl>kD{_uf2=?3j?De>=}4x|L~lIo
z)=OQ_9jSAMxi?}VZ{={18dT}{O)pd)jQRSrzGLok^Hbcy;jrmdtJJH?&Hx@5Ne90A
z{kl>aBWSm&Qbt&tgyjvgW{7Rzxo3>LL7#<BYPwtxJ#)~UW05AxHN!&Yuur3|t{tYV
zy0LP@T|4SFB?XdMfK+lIhxp@?2DkIWjJz1NVA8R$=(mO(g6gs^5XWF)tj6|~RNNTK
zTSts$3?G)6h>QbUwcwpYkxic;72foB5VPr%`zqb^fC47%sNqcy+aKBVw|-O8$?%!0
zki<Mz=kQGppHcK+OdY}TB`*@kkE&Bej{gUTgD*04hB%%WzVD7QHiCJRDsggc>#pd%
z@&sLeeih^5#0epmzqBii!fYJ+PLLbvboizri!f@6PoAi*V&h7g=L-qdez=%acoH00
z#x!z>eAG$hP264HVYqiD#60eHc2}gq_}vL1{y7u6T1q@?r&MoNmyx|H;(x=^l`eIV
zf?R}IH|%n&>~L~iR3@8jAOZ}HQeY?<UM<aU3OzFJ&%Li{D|A8wpN7fM$vIf)wLvwl
z>D04P6|2mT^)(z>DU~@%zx~6CUJa8c$jwwD?}3oX+n9jp2cd_p8S!Fk{LWCKL1<Vi
zsLqS6xC0-FN((#Uc!-X$IvnrKT!m<(;?ben`Nr(^VKDUrS!MF7+Zmd!+`(86CNrOC
z?_r-&NOJXWuD_7vp-`UZPoEY-ndj)`M$dm|E;lNsR@IsKK;|ifOW(N*3k~W}bW=q0
zlE7iXFj?yo@8m^7C0aA6B$ziJ?}Gd|@#R2vM&^C^D2$_TCD|H23S;7Ym<$KAow;Js
z-mMvwPK|QbOr<O}SbB8Wy=5e&^h;u<G=_SoLwVY)>7pwapJ7-N2K>5+Y8{AgkBa@X
z=&1v`YmnrC?!Fe-9%jTjFd4RIYuFwpQ~$SRJ9B;ddA@=Sugc*@`Pt=(zG+oF(Pzzy
zk{>?FhwE05%BxAbyKiqHJFWrA-)nEXDwE|eW|AkXkUed5mEDNLTr&4!O%AKms3H?w
z1nEfI6~h-ZA>@ncaQ(g*I+>KWiVT#2Fi26IGZ&fS;hV)WNeotp?|Mt7L=H0+>Gpa|
zhQVzZ@lfV{O|dhaq9kG;x;5+!M`%4qxW#HEaQK+{v7V|s%jE%uad&!ug169DNr#h7
z`kNvu0#_$XpuP-2@uuSPl>yqO3qI7$e7J8IV{-3F<GED;*S&4&s9-@=A$e;Kd)i9i
zFXfv8{xFPQ`<+DkL#z7Q=Qtc|%dn$aY;qSxR-}et&6Y6u7LnUm<#e1lJOrgEsUw9f
z-^#FN0ovhYTd(L}UU~hq*?EfSUCsQABK!-7lWiG35gM;VB<BvhV<d?jJyNFOuq*tL
zACZnp;*l?px}%aV%^a?T*XkG-XAKYGkyA&*@JMZ#G@RNjF_JPBm7SDn-yzeEAt=)_
z`A6w{kOPO@gn$}z7(0p?+2eK}3g2cl<}luLdFLTx>mZ<$dK>IIWF)tv-zb_Wa%{JA
z*g8D)s%;T1**Hud#TaEQ{or<1>8jf1-G`pA&e~5GW$7GBG$UQ^>hSq&!eO51kxH1m
z@@VAV<a4?z7x-ms7TUeog*)&ihA$HY?INRPqMi$==hEOn3x@G_tj+CMt2@T?HMDXG
zLZTK^c3MB)&0+MT3|nx9)z)GHe@5p0j(X`A@}*Fp=IV=E1PiWgM=Th)rRprWqFse7
zc;QIJEO;dr3x0l!V!<!l5ev?{r3x(gWxE(GI3^|wo{eC^)-hS|<dJADdv}B)(-Sc+
z4jd6;!QqiCculgP)nV|UHN9*m9B{}TnHuf9!Gi-2xyfnUn8QUAljTJ7;3d;#Zx|0=
z(Rr|6hzGCeJh=8qG!GVz2)*iBNfZzE8LfD5;cY*W2U}9;Ew<s37gOo9dK-fm<;0tL
zF>geO7r#3aN&fjGLcG|8TU{Y8%$G$vju`mWfmWY_OG8KKoH$T&VlB=vp7)S!=+)V<
zNO0j<GZ#K4%PB>5W7r6t3#EBi?m>0)?)*bB_pUY$J4Q)}B0ekg?uUn>Y1*bpA&Im2
z1ejdncEvN;KAKT^h~E-Mx!PE8zPCN;^vjK_Xw3TyhraE@7);?**ijO*?+F~{k7kSp
znqc&OVM%n~6F3A-cQz`DPr%wR^`P6x_ME_B&loaar@@qirg)dV7Q;<Ornal2nT9oC
zd}EnteBW}n!zZ7=I$Gu;YFt4sB5S}T?*77IPt>3VmJ!sT@e(TEn!x)}*Be5LQ-JG>
z7ERWMsm;mY4yX6KH4*_nKhv-gY<xQ%Ys07US^8DNV04+5%Vtg0=b}Ct4FmWjci_{U
zY50^w5Uw4QIqZ6a<zY4WIDvfJHXljlo3b?Q!?*+cF%m2JXp>d%`<bfV+d0hXt%=Pz
zWMEU6-#Y_sum*hi8eDwSMRl5s-5P;m><B+FhuC5cbUW|+9lYsll}m-{``qr2LeBT+
zwm>)J&_2iO*3b=C2{~WOcKQNhILnzv**j}xVPB?UEibycMs;r;$`ndSF`2_$w<GgD
zOn^-+L+>^h{aWgF+?j_7l$AIcK67h%xq~qQwlE)uk-SLZ%z=#rF`Vy6q&}cg)#2+8
z9b>`QD-EggStrt+ml{@GcX~Tjs5=*wxWy)}eC7FtAm&FRl;_2UN_qD0<RD9W!^$a7
zuORdOonk1@-TPxH&pH0eD9@QC(faYr(Ygse#>Jx1CKGx|gz{WGy7Kt7XkV1-oL8W$
z&b9jt)%kfrNTIDVJ!6zqk|mckrAh;)+gI#!mzP9ez^no_l=n+ak;r0){N3o#dzS8t
z(xXcXlpej@m{odPULlsf{9LH?LrJ9m+&DU<KMPAD71!p`mBF%~L_PP_XkCM@{arYg
z?Gb@xNr}$+?<gfYCF-4Dk1kJ%Uf5Tb5*=9(r9`*yi>X8fQAjW8k-csf&)~zcEGs@i
zd~?Zfn$)ODB+R>6h=jGzlcbq@a}`CxlN{DO&+sXO@h}Y*H8<gnE+M>OZ7t`j1uXpw
z!<w+PxyvCYPJC-&T8YsIBWG>@7-Iuao3g~c<F*E{He6Eb#&2jFN@1OaPjYLPQa74Z
zH|mC8`_!<PHW0&J`VSiR;s#Y5_Fp(G`G;BF(27jj8@+r&)1)wXmC1Uv$Hq$0(*{*a
z^Go|f9;{j%E`3B?mjLe^aQhtb4DaRe<444AG@*aY!~{M<#z-G92P4*k9UrlP1CxG_
zwcsshiBl7L_IKhrDcrhH7f0`nAR0^+D2QQoI6jtTVKTSc;}O$f(jF5?Icf^ZtqCW_
zk~wGy*5M2v;<8%&Nz*u9;4r|iJaHHIONsKV{0(1Z*aYe_wAIo@<<bM?+o=Wc`-m~S
zJi;*a&R9nn9^g>?B*Rt)VvtZm!zpCoo+e}4WNobP_eYA4_emd!_cx%U#L(J-N!*SJ
zJWtJ^Q^<F_MkB6XfOYy}B5z57?oFC$8YXimHsPean)JnF-cpbW*5J*g={k)=pSv8&
zYvB`W^xESZr;OmY%Q@JyKa%AAqE7_Es;hErMYLQ`^3re|RgIht$6dY!xhiD$xZ9e=
zgVuDiR2y|Qz8c0N@@~h8<&&x6|ERtu!#CN!e7pnvWUBs#4A*TT5J%N)*JV5Na;+|G
z57XiZQI%vn?*v!i-rwc6XqBrHvG>2->QqHI=Cn2Pu&=-MXHLWJBctiwRc_|+YoX$*
z^)+l*B>pDDx~B>=u|0f3nXPkwt#NAxw&!r>8Ajg;Lq1i6Hkf)xhQNctrx^4Mq7CNW
zAt2$ZryQ-sx_pyp)s##bSzpMMZ(kspGNOLfLEGUMVu7|?dhMAP2(-Olzv`f^^o0sR
z+nRk98$1ey4*FvRW*b;vVYVM$AcMz%`c*J^{P02y%ywdTEX+1xd}VBoOZG*>viUlY
zSsde{(3ZL&`gUIgW}8t^dCazLSG3KMTyX^2cI+~2j#DOt(9<`&qU;@?m@aSKRS`%t
zLWV}~D>D#6FUz#k1phYgih^x3Cn(r9s9}|3AIi0S9PeZxx5fJ+MepK*5OVusU!)LR
zT2Q{_Bd{-)<zsn)j@x!Ls|0SF@I(}D`#h>AD+|iQZSU?b3%3oN5QW>0?uv=q1YJnn
zc3~&sws$8IZo9CPaND~RBXHa5dK8)CBw@3%Ue$5i0%rtn+mKNaZkzR2q5n5$NZcmA
znQ_~+y^*uFW$cZ^ZFB&$t{C&=E;Q!ix>W~lle$EKwk10&1Z`U;Mu4^t_Jo191LG8E
z^Y1Z0+x~GeLEHR2;h=5VI09|02(%SBsGL&-WShIQOvtu%q8YL+*-<8B`+6clwrydM
zZNQ!|$aZp^k{LtxxP4g?vWeeJkd68?VrNWZPlAi0kwm^mc3{xX@Br{c4rjy-)d^yK
zOg%~Ft?A!H{<y4Cv^!ctj~uT=+^*dbAuNd;#_AWZ?GB^8TjeR`{P7Ao$WzRw<H<_%
zF<EC<9&{!&!OBLVL&pmVscVa=dn$yj!^SJvdJ|{ZQ4@Id6DDBBbamFk=GAfPXN;HN
z=Zwla7kIpwz!!w*0PIdRO=~3P%-0-Vf}IWtJKMy7ooIzoO<ib*!+)bQqa&M!A<)Br
zQwUT)v9We{B=>$gzAOl8O^wE&2)_wnGE9F>Lxin01Y(*dJ`?!dkx&|4^W|Y#^W{(S
zE8(?4huoT@kkS)P8Om5B5`7MKCJ+++<PB$Du0okR5`tkxVqjYn3T`NJpvGa|(~NAK
z$uP;|(<4mqbvSAfuO02t@O3z35rFPPk8?28v}PDLwS%>EQ^2EPJ6KIO&G$G5t1+!l
zv}Q#Qs+AnnBc?%(+3(gIWFd_`s&=q0kwz78g+{eD(LAbTnBywKY}jAJq0y;>I)$pt
z3v&4G#d3Y+g+e0z2Hu&#im*{jOosf|3h{OL&f?YNhT+<G?n3U>^mBW%Ce0CG+{;Vo
z|01rHXr^+NvL2C!wl0_qYoBsu-baZI7TlrX>l|i1?b6T&n}4Gabkk<g)0dZvR>*M#
zebmaOLbq&&%XTO%$j=!s3Tu;M-#*&Jm=9~iyN{OXd~%j(Vm2@Ib_~wM$KZVs#CN{8
zhL6EO5UX~!w^J6{IqnWpQ~t2g{08QBww7R{mNGp5{C0P#l>K*eU8q4?k)3$(9zWLc
z;_tZw?-88HyI`WkHa|v4AP!!^KZ#O99oZ4Gf87KlK4uJ?w8oqIQtZ`DjM&)W!X{q4
zmpjm5yxO?tk8!OAarqC8{a6FuYws1<;ap=)kB&n=8`Iz!!I?KH&wv&riP~PJ5-8mr
ze)PuS4-XE)$KZ%2)W?Un%NkPR8<mi<zt9Ym;b`wbW{ZchBMb)$ZadoBnd>t)p_)AU
z3zH*B{{Gw+*co<_k^Pfw4Ld`Sf{7+)JC$Kx3l&FFM^KB1I22KY7dom96FZdw)14)l
z499wDQO);)Bh<V<Tf<&(fSMnj?eytXqH({hsni@6jb>!2-`7i0*95D0aBnX`UE{3c
z!Ck$aP(7$3Z}39~E9imc?!vrWYzQA@$m($wN3|5{j4BV6UfSh$(9y;I6PTLTOS{~q
zyhv5l;!LK;3|p{1?WuZU6IHyhy}n?5Gcg&y>gAIQHp5B_wxt&Z1d%xVR+g2s3b7OC
zjVYqVUnMj89CLfk>kB<xgER3tI84(zCR@YjpoFG%q?%TpCTM24TG8?d<ZOa?)sQy?
zft*YbugZHPf<Tn#2D)ctw!kiMTv{bYXFKz9eV8Qf)2!*LD%`hi$(&#%gG3RL8;d~~
zeQ0_6zai-2M{2d-8|9EC?GvXLuySM*+F?v@&4*3fxzIiplVNi&M+<BN-&YeY4ez00
z8#q=?v^1=TGZ#}i^si}6)dMj<swm2@kZaZ=qEyihF_zQaC8Z8c5)GW{E+{oWNi=Z0
zyOYD_YQgw;L;|s<R8TcJoHHBtT5(y?_^`>a*O^0}ZrJ-?8TQ)B-|!{IHMGN??4S>u
zHb?t^(MY{5a07!gG}I4zXyVIp8tc#=PJ;9^?+BHwJKagpuCJk26SOP7nS{;$?vBhB
z*bzQXqD4N?y(CXAL<tFXxyQ|sLBE_C?4qePx;nhvHA>*{ew=m_!Sy!0getK%<~d?x
zq;?<;oMrk<^*W6^SPT{luWTp&isAd-@ENpMoUIMc#13$k2tMZx4LiVPBE7zX^qRvV
z(C`je<Po1&Sj0^QO4XH+s`HboJ3y*#bZ-(y(d<-`C~h6^66~}mQQTVKiex8SnhTTR
zqULCcHt2u515^2YRmb+c#-t$-ZLsN94co%(wi<nQ5+a%1mf=HWJPl@RM(g{tGo<pT
zW`e32I|S+U?2KMPNc5Sz+H$bq;~e6_YrQn=0)4H5ldm-_)QYepjB4l9oM?ysHlINg
z59j6jG{xlC68vT+Zwep1?L+$=QdtT5>BnF^&Do*en)ouBCapv$E~p+$Pn@P{8}1VF
z;22HY(CBI7@F|2u@Uk|7jF;Rd$yj_7WUQh6zSd&pdpn7ae*mK6{N7HYV@1Zi#NjQJ
z$DfaklVY6`QPd`ceXOz1>a;qsF^A#p8P<oR<YGg{$5GVrs>i*^VBuX3(a)8Svlj4m
zbq6vy-ndZ1C!yp?reRa)XCrg==H4#B=w5u73tb^lMLs4P`<vqjqawLA2?7r-4FiF^
zi|Fl|r-IlKMv6h%z<;|~q<vZ`+F<PM8EA+7noq95{ow{w<Z$ISoi3Wfn08{hgwpP<
z=6@Nj)~eoO{uk0>E${8rb=IlG7!3DE$#9RVuY%4srJvfvNm|YiTpG5A<FuUlVma-w
zI!OyEBAV*)hKR^dF9_+Fvx&59LtW82CJvUiW0ldNJ}Cw4pk*|}JHRHow6C{A=+7lI
z+?BnB{``W5yF$<=+F_Pe!=|&OT;0-3(Q<$|WkWBb<vAo-*7s5%OzK-NFQE#Q>qZj^
zHpPxZ3b7%)(?ly{31?er3Hvt@OL*ZqYkIzHFk;~nIqXjgmPbIB_eK*?Ji{mHh>f7b
z@4$&kuq(|aCNP=9{4SKF5T@^lR7|_f=8IO!d~t1em}2@tH($KBN1pv^D}TezoZ(AC
zH*wh0L-Tr}uSdw7Y8i6Y1(|h$RW$F*dJB=Wgywy*PG<426g0C`u|pt{Y2IxDCv+3c
zyotfPH3GEv%<Wkyc-3#riF8NlbF%SUx9PB@&nM@FBHZn;N2t-JvoIMp_9E(k8NMXi
zSkhC&mtmPrbnA<rPM?_k&*HW6CV$$In3LZTHjgJdfNgPw<{|80kY6L96=G8uo~<d7
zxxYK%`+f{2BoSWR)!msJA^Ys`eLJl+Hhln-A-A_r-G5eY2;L{!P2@1tM!mIWU_0)>
z4n}v^$U@`?%?B{z879K)G0ZQzInpC{Zu3jrVv?G|hS7v^<P5bElD{F$zr$1{R}gbY
z4#zqL1sM--D9HFoCn1SGY$znr(M~?8Il>7#s9{Gq4Gy$FjUDfDqWw<1<6%sOfkYv#
za((zDOij`>Y}yH*gz?!fLBV_CC@yVqLzfi(g+v1@ItcM-MAwTRE>Dl{;lei5!&SG5
z9xiAjdidpSqKAPtLdmYa%|W|s2ijoX9VB#CJ;ff*6If&j4_-G^X$sS_HGFcInB87Z
zd>w{!m*y0Uda;4NsEHi<IaxU?wrg+Hij5n~{6s$=d6W!4&|OjS{A4kdO|J_oo}ElW
z>UF1>(0R#XLgA#F6w;J9S7l6xP|c6^IKw(wWb&%RS(YYlxzwY)9>0Gis>h`x1dZ7^
zY_|~8S~Kuj?!e~^uH|06^!2w94>yIp5zLSFL8QU61S!o%8rWM}i&kiZPthlq^-`P`
z#?f715kcWKJ%pf{Pe^#RLc)iVH8a^@Q}FfFLQT-q*W$&~1Kt)-UyS$BvgI_9%jP%g
z=nx_q@()&SJRK$F>fy~q8+=sFs7S`edJJ=Ch!wQKDGGi&)T1yDZ7`;qFFp>64v<n&
z$58xQP)x_`@bN^(<Ux`|t-@x{cB5u<tA`4qHRUkOt?8`_4nNn;>JZHis_w(4aJWZk
zD(=B9unUPJroH9N^I;G84vCNkxSgR1gExJxd=g;D2_n;(K0}S*_=|%5)~Au<R~`Hj
z-<?#jXHI85>*M+~4Sxf3I$P5nh_EJI3upnX&tY_X1|@{QcnLOz({01az6(sOE*9%R
zH?dg$>S8AMb~Bk6G_D!bC?h<NjA87$`P#-|3uu_e@HU|q{-oh;UXvE;B7JZ-L*Cwy
zC8`#j9?Mu3-opcUA7@yLvKhdn18yHhoxToBN9pU@HH<pxzO9GCXn{=Lz<80%Py6~&
zLm6v%4}4ucAmk#fY{a-VL+1JomTw5r?I2dCG|E}w$6XYGDs3UMb=ur{%~RL|mW`qA
z_JmHFrU@iX+rTr2-O69^{RrkD3kKvJaXbBD1^irPfgU?nzqW6$xF&b^c33moq?QFn
zJ7Xo<^YwD(<<jAe>cNVqeacSrv=>i|G3`tCh-v3`UgR*Vx(&TDTHxz2QUFgojLLRm
zGJM_3mlwpQFfJ)XbfRkq<>q*7chR*34tvW{6b;~-oAiOt9pbG_bipjiTU&{@QsCR_
znikaXHr`b?b)GVrIyGtQ%$2rIJEp<9#$hH$M0g<>z+ZD%NL!Yba?6s);fwa-#+8jl
zV_!aQEkT3@cR7%a!wi_$UPA_J8)rB$1E#eXD12Bqv6WeRmqWuuSkRt{c^K4<sSS@9
z$hU3Hv(Xd0$uy9@Vm5+~LVw}24qr+O{2w?<oH?qShW`VHtNUmc@_I1SEIbGKau!OJ
zg!znXI$;UHKEfo}GjSAy{A%*{9^!Tz2Y&@}koR*uW0rpXv%OOKT_vko(4`6Df*FZI
z`hEF^d4+ny)_7`c*4tv4o5DE=hIM_eyu67ni=9Kz)YqOc#739D?<p>)!13xq&FR&A
z%CdK9w_7*NjT*{)j=w*IufvoY4y^>!I1FzrSh<c&B$QNw$vnS+ORgFGg;B*GGhono
z=J!JndQCU6TS<hA)g3{?o|jxqOxaS%5);3&Hwi^6e1F8Pp)D(@Ij9c%3MLIuR~DL;
zuQOf{&BhgsSyM5IL$d%G#%g1I_zMwMGKUS1Gi(hfstb9&y0J!r>30-v(62qijHeYb
zHGxyrg-(E?#+rt$AwcxFy0KHt&c?^Zl~3<-1RdBE`e+%V$0y<hKFiD2#Fy{o310Hq
zG>1VDq*>T`)LrToa;1cLcu@iK8E9He!;?@*#J97X*pYusYGFq=C(*Cu=Fq**!6$U@
z?rvf`IDzin)lER^9<bX?kImsQ(|mqRg#~e<)#7YxI@<p$6YIcK>gALkjusDNE!a_w
zaQVkQ%Gy&t39AU8Ebk$@x0nFRvL1rsr%Ng_-TNG@pnF&Lpxr9nyF$EK^J|z2E31pe
zU(_w`7S{3}tOZ5Y0~DCQup9GXPdG>euyOdx8k<wv7@T4-3J+p3EPYLo;L;in@v_CQ
z`OpT-Yxt;)aC#(h78h_vi?yr0PZJ~G@S4*xI2f>IX_x^=sw?vJrbv1rBgK$zf_hFW
zu`n;&EK^1?=v$q*$NRcq^yY8?G#?q~GO#(6TD_PIKXxzG&wjtfVaMNtDk6LT5D!^u
zYrvcnmMjDguUOL~ay0#c68zg$Ms)gP#~K{Ekk=#4TBuUM!$FIY(|?=KW9*kzB{?f>
zJYk`Pe1|L=rrNP#DDP!?A6th$_N&6Z=8v3V3VGJ=Q+{<0S-$WD<CXoxRjzYhOFH!H
zsnq9~L=Du?Q=uCU{<2?(P31rIfPkSXVGZ;{u7BrHzevWV4)qxJ1>o@caf@8WqM;rt
zLy^v5-f;`VUl~agz8xBwyJ5Jvp$3OkhIOGUrB}1LXr_R|U((>}Hx^cL!E(J`dDbsk
zuN*i`J#Jxkl}%g@BGoU`IfYNwclu-v8|op$LlX{1#ax7{*UycbtTo~WeQsP}v!-Jj
zEI(i|MJ1_2q<$F*SW_UbdpRup$iv7l3SuGEA_~?rrT0pMC3`GkISq%-E;py)i8WC<
z4foA*tDu^=+YBzFY`7(sxXp148*wTZoeCTCJxrxN8GPEp5FpiS>P`^TVBC%D&Tm!u
z$Z?yPtfz4|hvQ>CGCu2G4O?hfo5S$E7ONIYs^}L_Or~`Us4{PNb9hHQRvQZTTAW7B
zCYf;Yb>?K;FOQ|oa_i$O)W?TuaBRPMv8J0AtEH?V(~`qbzlY(25sT$Fr;8KYe$ig;
zHx?I)KFC0dx-dB4R*44Atztn6MtUz085~s?QuIXsKdfT%fZxDCjC67%SL@-7+}g};
zx5ooEfMbCWOizMg;st;WxcJ>4{yW<E7x5q{R28<zTR6>$jl-gq^jsP&Tj&mjVI|S;
zn9OI_qMjzJLMzGqIWlbi#)ZuUM;;}sf9=*-voqFilYuoev35)G*T%c3Si--=1J;IN
z^6l6F9#?~}2~7mCR2On$9M%SxOxGX-ba-nc*zlC>U~Tvy>J?VFi^Y7pjeNQ~99v1F
zZxs(%2R6|QYO9EYq58je{4Hl0ScgMTak+MF`a!0Xn7oo48_%l2kHZHzb6{E)CUdbx
zd5XjIPdqFX#sCehnobj^zYfua=w&%XQ1~Ar_<x!R)<zP6ODBS@|K>!XPjD0kh)0Z{
zZ-EsHr3>Ali3vm#t)CH8QHKbiSs~i^1T!tP#+uJy?Pg|DsQwt*_=9CoLzzq2??w=U
zjl*gA^o^i`mjo4Hnkz&E-<pU(Mhw@0YNbNoFiKIQ!>AqmD$qRlbC^)zk@Ylm%_Fo;
z7XFtGWbk&=3qPyqg$@oy;)M@Hz3?|-$Y`U_6CSn-@X0BKj)Fc3B^z^?a>~N+4g(#X
z^F^Ygcf}1ii&sOEhBt#tp-H-ZnYj_4On~;8c;I&9jYp#1I85A-rp6qgXtJi<i_KIj
z*ZOvBW<0&a=W&HUJwZI(gr4pp@L-I`Z!;cW7xnn3;_*ftsxhnwJzeT8;zf-(^rBm8
zx$Kz8Q!<c2esAU#od4NAOOWu*?>W3T&ci4OuZ0iqp%B+|dn{I;Usm(1t#D3OOq}z3
z4ihBK>ATnB2tgvNhE})~#~h;l#R66ub%}TpT4BKfi<hnq_eWjZzu)3@XbzR}``|3M
z#<d`oV-bJi8MfjuS>j?FY#-_=R98%Yq<omMg0WgOpJ^QCd5X{m8wBibL?<e2{6QuE
zhhQ2UNHnN4p`|?J(Aq?+jVZfS99jip^HM1I*i9@zxlzZs)cLzF!iwNO#bJj)wHggB
z-{3qS*owH9Lve3edkQ|!_mo+-W6KE(<5mZz@_eFM8($czz7YFk{!jdv@>gtd&z~!(
z^WZNj5i3@}7}n8@tnXiexdz_}pGS<M4u_@RS%?t7hC*vIOcb;$xOQx=hul)CCfBx;
zmZ+LsGl|)5P)#npi7wWW7vla<NBmPnC%9brH~HY;*`6vF<Vxf4b<k3Tw%R<%bI7v}
zSEhOxz9^&92LvtF^fvPM3*vXM+wo}*zbzEgv}A*&ROL^27DmqT5b0k2#!~u=lJ5Dk
zNEee~)gFt6DRwUlGG1cUFqvm!id~amGq5e387D_^{A-KVbsfVnPR*G1r}_w(J_4<R
z5qxkmd;~#Efpxt_Yp;b<a}P}Bwa~_clt(l<3zK}9?7}1sZT!VrqKBnuhg}wiwVuK{
zZLn4ww70?fZSbaNvHsIow+%KJf@uX<dkv<p5q<J`tmzdN*-7j`44ufW&Bz~Hm*`K!
zCdz*DU+Q~v`Ca_YLL0AD%Q&z1pU3}=ANT&ukKdvmZ>k>uo%!(uURxcsTWFO0=p}C~
zU)IS?!RgorRsq95!5>PYMk#UPR-dOdo`HW8)3V4-6U~QIPQmI$Yf9yABv;A1E0_b5
zG^-0=g^NN~wh-d86z}%ZDO)R?|AG$nRrtOl0mM1Xb2GHn!rJhv0_1;J`W0)!e=%Q)
zxF@;1TdcBD?p^_~@Aj6cZk1rN=ofW0H6BDqP72h1x7d8u;nf9vx7o#4pJ?I18_|hm
z(FxI_7u!N$8qLk>uPr5bx7RPb@V%)EK$cCT7x4^Vg?EKW6!-15SgF49nz*04N{TGq
za{enO%hU{<?sl1K^pGE8Xg0&N$igYgsu#0HPq`*N!=4w{gfYg+r?_7o)p}=++Z+P!
zqI%67ept_<u8YkDe6XHsWLn|)9CMkfyE*g~>M{+6?zQ-wvdT*Ba_xgQ4sXTi123Qe
zZ2g5~J=8+hLn8R)U@H0J%MO+NIX^R0^5@_tD)~byIxDV8Dt3j<0;k(JY~5=qy}@h0
zuyO^N{{Oi4zvoaO*Z$m|8?yHL3u#AnL)Ko(hRL5^r+BjZD-=(@64AnDOIgAPZM;Uz
zwr#w2+49QD;pApkZmAu;=+k@I?3WQ|rg}qKVMPQi6t-4X8phPPTT(Nmg~+>^#UPyN
zig*R3eXyP}S2z(mVh~|Xa$`*Lm<pu^j8afEqnlz-njo%cg9d4pVjBF4dC|se-l)mf
zuD95e=F%r$ulDrb998Y<hxJsUrCIdEbuqYJFZUEaTq}n&asHo~{;q!toZ(Yo6I0-?
zU<!C~#0<!NVVN_4GZ}m}&J%YlE2~&iM7<>Zy(*S8Qx;3A2|J1`L5FzHr1?T2!S*7H
z4{Jd2d=KSinOtNkCmn%!%Vgs@E!^|^R}MjO?eAeVlwuXU*qQ68u;4`+htZ`Lri#ng
z0`Fjtxx_^S4nKZx39Dy6pZP+KiGNHj77X(ED$!!`8B>d^2Sv6x?@V}$4a#ot>id;y
z@PfI)kE0qaj%aXTeAz9Y9#E+k`(H4%IO5&N77v{dZ*iri>=q|iuEkB}7B>!vY;neg
z@D>M^vy8+0SE|K*7fmfL>L1zSl8fOj9w}#5r}nM5MUc0yziN@kb%0@--DrPv-^lh0
zuZFjOG_LIS7hZK&w*5d~CXeTYw}0TOJEHwjeOaa3-*BnY?N7-G<-#<zfA&&j`|swk
z%Cb>m<(prV6H4o3YJO`}^HX!8il!y0Pk!h?YIfc$EdQQ6n<K)yR39e8+*h2L(jHzq
z*yD&*-Q;AB!Umf!Raj{3lz#7~OBGg4Ij!HjvEqBb*YDj>aUV+cd)Hs8Of{A>`t9p3
zRj%;bS^a^v74)0I`5eXq8Ci0E-@D`v5D;&`;i6f<qcngL5bIxLVVD9xDxH;6uFi^;
zLg#4?7lo>7V^rVKeX_-y!+f$s%kjwuEAq+GT>*L5yCL7~nM$~33!_}KW25}@S(Wn7
zPl)u-KOW0J-v(<wMvnPA>F;A`<1NVsoFo9r(5m`mf0}c?b(Nj-j&j|yL(I;3OmpB}
z58?xNC?`GMMMV)g9Gu}X3N3w?>xn2-mS1Wy9JmenH1V-6hg#}@wg5D;td5dLaj^A_
zMINFIsGNk4$`plJMvB5~*}i)-Gn->4@W%O^m<(64Wd!o9!5(V{_i~N?T3zOkMcnFF
zC5Y&wQQqlnPFQ&-4)0%bd#OLj!B?ub-4O#r4ns>V>?X>o{3S6}zt1I8UHbAmn9BQk
zOs3jcd8P_fim6=xVXFTJnCeLm$4yLiAUC2wx#X<TCeA_*4d~R@PDzX(D`MP!J;XRM
zHZd0dhZz5lO8CJuL&Uf=HZd+V5n}>}T3)Qn8CK^|Enw74oF!><v!cxz*F&3|!f8`g
zag5SB-<Dd!3P{#3BDG_qFR65LL?WXADUNM}JW}K*!&l#1*u9yVcj7;xA)PSjqU8x(
zHp1?swt|;JMIAt5V*33X^?Q+w@DWNS@eo2L517m9ZMhU)Rxc5z<xnbgn0dEejX<iw
z-Sa)+YVZ-M2LEiR!FEy$c7R`z5`31@aOB5XGt_iXT}{(nyg(T!R#$bppW+Z);E~Q~
zB?{7D*3M8|RP7$pZ9iR4t7*MPapapPdQ?H+L6Hk{@=S<M8bNnD3|M6Gh3a-~TSdK|
z5|F(PuCi1;v*qM~N2azkdcAjtIhw0qWNu4u2L6tN|6>osKgifPxdVPbvinQUhPrQq
zuUA>TXot^4Uu(j8(N$ZfApg$-9v7y=npKu^;_&s1KC;_?=P*}v`<YNiPQjYZcp>GR
zP2dI8rCH%!O6Ra%bSc4Z4;3F#lWC_D(0=??R6^l_t1K)F?QmW+n9gB9l_&Y{9DWGz
zEy?*)13VFqlWH8sU9d=F|K0%}S6FIIbrJ8<WWa~YuDSBP&{+aIhfmL0WOmJs?|Jm>
znzPSYD7&T@<HKUgAC?C&-U~As*dbrsm$VD*@Rrk>feHK}`4qgxFlnNZVzVT?-{usX
z6E0YUFg!#VHc$2Ul$Bv~q8NytJLy4{qGG;jB+qkLd``vvEq~8LUXM2NH*`iNMIT7(
zTyA#B&(2vWyCjEiR+8go+Cs@QTUTC(VEtsF609nJdMa#R7ouKsUHCdMla$AQW1Sa-
zN{U$){?8mH&h;onz2rTLsA>(%&RJZl0eSp4e7%}*SRofypN1db^OU<Gw{cjhrhyi6
z#sE(liFgl+^-1E44DPr4=<fcJ%Pwzy|Dwgn+1sd;O8K09NA@F0zh~%=mVm4<(!Z=0
z=bB!l8vLw(%m#Ov8}w0w6U+^Y9{J)E;9P%?Q$A7hqa_P(rEH;--C1}mY-dhP<}k^v
zVFIf-X?+)~Gc0@Pmobypui0h^%NaUvvd7OUSC;N=^bRzZLnyvm;RFdt4h3;RC2X!O
zw=k@kk15b+k%!8<Tv=|ZY+aY9xp*oJjiy2WZ83#;O>1kkaj%Td{R5nz>=Ar9aGS;D
z5YnB#OX)7t6_>mlMoM;=d!Ei8!3)+>L`qt0S13VK)u4yHRdndymOho~ep8VpK-xMU
zisyTbRQFTJs`AU^x-T-e(Q_iV(GN@f@FxR5jCD%@@f_@DgdqHGbp%-MqtzDp)Om}p
zn@2Av-F#?~lrtljUx%D2iCWI_#pdNKFh$Urbo0(B5xTk0yOFy2@_CY1V%@A9It$*Y
zpMh5Btcg!fwUBk?JYQR8(bU=vT@YHk<Eww!wL=ce&M09(c2!J*Lz^rz??a6MCaF~G
z6qZ<G3QP1lwDRH-&9mC9jJU*%a^e#ICQTvuG-vpl7heUN7n9*ZC-ih=-ifIkM%puU
zj9YvuW=;oXYdxX^=AZ$ENpZxgPkk(hF>cK><7)$5$3WGxflqRnhBo-*?x0ZY3kaHh
zwAz4XB?}0ejaprKX!Z<;g8~OX8-ix(uz$UH!A&IAKl&mvUL=LXnH4HtB=-v$FOot(
zVKu%-_oWX1!mW@{GKWhmXh*kMzj$RKtxW?C{p4OxR;fz%VUhqO`B06DxVaqIj>EN2
zJ&aP`7+|ax^cfTh6)&H$sKodyi*NK<NE?S~UrArA<k$@p6~{gyNac98SI`PR0R@y_
zZ(p`k%9^=@#nww%0Hs_l2r#C2bIg(uZysFw%krib{F@k~9n0nMYJ+1k&G@OTd@v<I
zad!h(P~06RTOF9>Eh5x+e1V&G-w7NBo>z9otM7*?p>z&c)gswA3=>3pCwwP}IDw9q
z)Z~yWeze1x1yY&5SMIisd=aj2T0Rp+%UjB(WgX8L#5?y!60e_#H*Zcf@t%&_=L|Zl
z6Yty`NxV(MPtFFgIfrirRJfZn{DUPfp84=@@eiFa`EZ-XnxV-+6+t8vhEk*=Rs3P$
zQq4K^nM_AaMsKrZ$U93J4-hHroF(glBybq1lfua;QW&g;+?XsEcS0{skwIgr0<IKW
z{2GP)a<~xIXU){-f!i#ll-Q{@uVr*2MtoOu4nEo84~z~MF>XyKF4!|iX7{jWC@Xpy
z96Q&fP1pVG+7wgyV3n|R#(a-8^*-zb{V8YZ#?=<5pAH@g@_&@5_F6V;ft}zT%2|9h
zTgwwKI>HSL%2&$>@61>%@y_OD*Rf5WzF2LOmBGr`spLfM8#D<34qmb_-EO5yhUDdV
zqE9V)FNf|^6-TdlJ-Ts<!+TdOgkY&g=MP>FW$(1hpHUWQ!DLwYhByD7JDVR+uyH6a
zDc|b!{hOLHJNY=F##3*aP@^+8Q7m5+B8o-Je{qPl_M!o4mo23wUa~|k@sg$2vBZm)
zL@lvBbYjt(MN2rOU(EGR;BZZ>V|b0(GhR=u8ngZ@7F8m~>-EU8NLQ~|G+JP<*W)sN
z5rZ@e#cX~+jBwV2G{B7yRIzIAUpdTtP{t<39G*OeKhEnZqk`_~D^a8K#vWbXRef~%
zebwkrT~(vY@2f_4>Z-*jM@Pj2?iWM*@F5!7;rpvNw7+o}@sPx{5zM)=uO~VHc*9j?
z$C}eup4vqDo58DcDn9NTgIAAVjpEgzeN4Q1_L@c31|HJKQ&w%@6qt0)qG3(=v1NE|
zVC3+@HKJ%)BJX_5iYf#bhVRMxw~Dr@@97u0zw%!;+0<=twq+sOVOT4HuaCFX;q|aq
z0$m?%S!r;sarmH>EYV@$ky$JMov`(+h0*Y2Q@==fGX1i}C{@**`$-k+WvVvxi`48h
z<=u)yceWIQ`Quj7W!JKb5=i4PF>(gSuKYz2-O?CSwj^p27MZ5(?jp2%u{qCB6DLhH
zi~2=+-M_jlkAf_3DMqkZPTA6`PTAi$ENT_W`C>7YtFzDQe^XcIjDNMO^BI+8LeDi}
za&^A*@9yd>KgU20HTS?vnC8G_?v)NtJ>A6990ChMnFbp1P1H*+54OWai=VuhN<Ce5
z%UbQH`ZA@Su2RG@{X!lNo7JK4)w=H1tjs$z&<b02TLPtJ?H-MD6eh<$Au<kwc`yu;
zJs=@jD+7{Ec~ctl+Q4=R$tJx?2;e)5HKP(fTRTOud?lT;Gn8|7^Yu7qr^gN)nDBo#
zaKOw>|6YLuPsHG+ar(bi4jhOX!ZN}XH84Lm1+ESY4(lsE-o#;%?l-!e>nVx7p?H6B
zXhU&!*)O-Dux4?)J{VuAZc?<tsa%f{LpJZKvD^4MQ}9^fABn}j%B=cUW7;1p-f4V%
z)m_F;<9J^diN*V0b;rWu?|bE)B;AHxaZB+1otK4gEe_r%#`Do5G@kwUReftQ=8+1w
z7IUw-%h+1%_C^h7*p-;Wx$M<zYfilEmRpNm{gmvUcv+2ZS3fDcjnS3fD@Hf?Pc*vI
z_f}mV=Kd+d)p2p7DR|<L44!Bis!2LsX0-bqhn(5Ucxuf-<eAd0e$5?$$Up8w)oujO
zbQfLytpjVqx_e!C6Xg7f==IlGa!XKjZ~0q-tSCtN*`Fk&H2S_}V_6{-(xE_3w!+yF
zZkm}<o!%fjZFaB4HDO9y?t9Iff6tv6FN&X+TZ$q>FH7ZemX@m2Gsqz|pdx!TOoxx@
zfb*DaU*?_I1a`+|D67U0EDckk4@wpKu%SXnydhQSvv4edROqlbG(j$Vwpgqg6+2(N
z|4QG>lN?5h0YAkVzDnljK{ZMhi5_kt)_v5YM4}}vsxDAQK3cIrnSZG)fwChfiUU8q
z6q5rl=9mP^<R2BwZGR_1pq#r$jOYD7(|FF@Q+0vz-k&QJD64-gOQ5WKCu%s8e~dYt
zWAEq!W!^<4P}cTW0%hJsHM+I^BLqqgjqb7>o%f!q3zSQLju0sCudk#)DV-B7P>x=X
z<jtY|VhEJoe-Hwt^v_`eWyc??Do`do79mg$uB(JV88tUTpe&2(^um5+3X}vYv06{h
z^pnit*elL^nqxf}LB~@LzoOlT^<Ye@Ljcr3E59t|>IX`GVOIZ}0_EXu)?ps$XEhvV
zep9&ol&dB`zg30HTV=SsUVyZ?uZPZ9!`AODR!zmu7blURo6_B6zD+e=9IwAP-s(at
zoZD<+SpnL-{I9H_;1E4qFyF)Ib+3Vg-uAGjy0y9nRm%x=>rb*<kD0o4^r}0uTODCl
z4SG@FH4+SGEwV^`1b{4{L|uA*4oA89Ins?04e!h3i0FYe4=`CadGf;8Ws^BvlLn6y
zi-~rotCGb%WDfkr5!Hy3ISg3F$Oxil^rIyzle(OeoE#RuQsI^1WKDxhZY{v=D*w8Q
zMQx59U`{Gc%lcPnTGkX<f<^^I(;^I!fgC5?YX29EvHdF$c$&lJQj0?#n#h%&fzXCf
z_I_oqN7K`}o4WEUjFg8i4rhmV#i5}Ua%!_IJ+9*0xgLGGQ#p+K0}FS|bb#Mvpbe%K
zDZk7&^F0h7p?Pe_T3`qGwF8r(t#rzm28<joK4yeVZE%#7zlxL>JYH>&8bq#TzbdVz
zSE;??3(~XV#a7&bj~I3?J!)-y=&WX;srXV7hZU>kTW_R{iOP{x5t>+OLKBiS52O@@
zQD%4vH6oK8u_?1Xd@U(++AASB5~RCSCOaBq5<eUoYoTeZg&HQc!$xk?h+iyo#5JwW
zj0mqN!Rjk7uh!EXzP)Ub%2Uq_hCKf!GEqFktqyXCH{xr}2P&L&^=WZcKDUN0HK1}U
z$l;R&4O3`(ZssuIg4^nd?S<wr<ZWeGP2sR>0Eq!1!8%yt;*)qGK2QG|sxgJ4Fd?s{
z3$ZStkip7?Ylp$%ewM}@#3raZTy?v$u(9|;g=WRB?pArNv8KFUKdz7^bMbF*pj9a*
zfxo5KflqKa&`M|?(R>$uzdq|yq?TPzaq4!-Ff%ThlZ+s2%3+0q2y$N0?rA<a^S%d_
z2>2#77!tV49V&6)2WD118$;lp3un^SGPXAcljfP36owIxQoTD9g}w%prB!U(n`H?s
zBV(gciaMUMdiw(`LTEh)hnSFBr*v;}{sIrfhp97T-K+&Z2PKRObh@Jimq}8;49BDp
z9hMy_&!2$(i#%cg#cx_u2j6#R^TGYqFjiTlX7p&$67ih`X0A<pV6oCXwP4LfX)qsN
zWC_M|w8JuGQu_^O*epvLbr!Fp3GavL@JDGjisx7#zE!t2lL#3(j9kT7JjZ%)BH%V3
zuy{xCBpJ^jZxtPA2pHvG_*#lNMLu2noErv>QfN;6Ul=215Bk626{GxLxRB}-^V-m9
z4ib~Ao&UWY%7{%CtD}5UijewMCn!vYZ)X{L^;<dhA9|u!Yhu8|#M<U(Q*_g5if+ow
zcH+&js+tQMK(7osmvO%<j0{?2-uV!Ah0~HW^WKbnaUEE^(8Dm1du7c-4eNOE0q($7
zM)_|;+q@U%SV`otLxn_R8hr0F`4h+VH2V{6aL}faBk`l2S!#U`+Nh2ZQdT2tV|xF^
zH&hHeidp@<x2l2wS;|;?g^NoJ7WB|ts?MR<!W^WRr+Rdw>gsB$=2K7Q$P>TWSQeFx
zXe|@m%7@<_;1MvwM%AQTf}uH_5p-Nz=-fYY2R<5AS+Rfrm^wEFHeIpEV4BsIAR;77
z8JNo9S-**Z^98w*PT8=;O_Aj=N0wV?Nv|(j5)Lc9mBpV$x;#nX@Pon)F43PYGD=_W
zp~fu<nXOY`&r)Kc>8fu-)RA&To<mv``I<H|D7ztt$%0N2lwkG_FxSvZfJ+xFej)na
zD7>e6?tKq(xVpm<%7kML3O1NcbOxopT$0p^$|kif1H=4ri5#Z=V369_e<7)9<&&DC
zG)E;VZM#8f^ZR?4CiK7uz$&$xav=)@F`BoPbKa2K%8gXEdFC71eGg(i*pxu2yH+tx
zP;L=E#2xs@D9Ro7j*$nzfmT@()E6|0sg<RQI=}~9sG_CIl`2}g$N<pazexysC>N^e
z^qWztD1pP2hlmtIoeGDrpXbEtl=R!~7C<75lZt*4Cq-5CM-J0IS3a`&v3+E^=OCHG
z`yNe6)4o=crdNAuk%TU^5#)dBDOZGy>>DjY%tFYFD!RcWslm5LY48*n{0Ng-9P_TZ
zUFGB-^9Cx;py;A@r<}1chfmY+H8?@lX@~T7;%jgcd^B4-S6WQ9s8{o!XJ@My@aHi0
zoJE%I-QC|4QM$L#d@kxCRa1VZ>0H!5IIPysMFrHksAuJG*hMr7-XzWCa5(UJ7~^ty
zHAf+hUoQGTq0}nNU<M!XN0z~iDAXUeeDmb;t;yB|1#c9~7sg&~U^lVX`DKc|1}^q6
ze1L{KMX*;J*hTC$If}i)o8_?Onp9n734kem%HTB{hsjsuvr)B4rMy4<j#=K@V8o9W
zzZljRy)+W|+Z1P<l*XR??$J2ou*4a%ny|x~fgK2Igleb?1t43yIMCc$BINvFDHVWb
z{oB6#^F(j2)(DozVADbwbxaH<<(yY)>tSB9AHv%ET{n1NpB00W)wW(L=$>%#jG$Hc
zCc7{bdqQDc25lR%wS0UHmLtvUTY~LYq7RecofQ_pR%B3{KZNY?71(Q|!^4w%`ib7U
z!g)z=??#CW8;6bjU$-;DI&kQ-O0V#gh!y@ut?;F{eD~*>_V->*&w9%+$xB7Z*UnI=
z_Mfmf*+=1dTi^Bza&QG=((bvOaN2$MlBC^rJ&AT5*bc775n#>{*t#8DA#Cl<CU)OY
zWN{h%4rg1j%I)P#qPOxIJ^^39DTc7%Ehjz!U!wTD@GWni4_m<JTPzyh?JW{gVtB6z
z9sDeuOb|li@KPltMlJC$e2`XP#2c&yJ_{!j#M_3yQQmg&H8?Fd7<rx;)G_JL<w}ph
z6?ZJ@LCG`UkE59Itcd)T%7<}TqETxGYTRLpACt@TVNN)dJfxQAWDo70X7@SZ3o$Wb
z?I|dI(OeJ1dYtyY@4e;31o#0RSdW`9Qtn&+%si|I=a5iQAVDifuwCpEP8>PcWb2z=
zmx2v@!h*OUCd2CN!uy)%Voz8|QQTi<J9U}2OIngAyr#)z4C38hE1AYN&Xzy`+j6Uh
z?IW5V|9*JWJI~6dFZ9-p8?hF$MJB!m8>(dx;cr-J@!#MLYE}%32UjK!O`2giY|Nnr
z==+NEJ`!(p275AyQP+QO(GbCFcStKuX72rEkK*g<g3o4k6QXW&bqcq=aIZg-Z0|$|
zd<rDxw)WQY2=UDv><Ly5Mgxb7Zi6_Zlc*-c_EL*3Pd3z)D*n<v{xDH{Z{|zb6&3)k
z^XlGF=ACp7Gda7Fn?50mPb+m^hFE(yf^yF(%H7jViM1!7xH{FY?pB!D9G`%%sIKSK
zZq5uP*R;qbc^xj(lDyl^iLb+j>OQ&n^RK!6-0K&8I?<Pv2NT}E>JIBuX<tTt+W)HL
zCW%%L5Ap<W09t(l#tS8$4E@vqf20BS?dHsAPxQ4sMGR(nS3zHkQ`BI-zbpn5YcHVu
zO_~W-#klVYxbSDHH`-M;x->;Jy0EJ=gHFC}B>KM*Tb3^2P7zw3oz*g&at;T3J^mYl
z_&+{lVT2^!Npz^Aax?pRlp*2A3l_o1Ti<Y!QxN73_BhBlA+9jm@M|p|$P>4IQX?3)
zQ{DEO+^J5jA?D}n*T?}nqlQB^(f^uT<0YI)o68<=xl}dkN;p*=^h&Ba-BnV$;jh%p
z=8~+k)8BUqv)<Co9wS;A)m0Gw;S`cZ2mYXB5h<QC50l=(WLVbSc_${o(xeEzv%I?>
z>%rnAF=MN{i){nG4#%rGNTlp<sS7qbH$}1N>gd$VKBrLW0jpM-#4nM@U0oR(+N^f&
z;u#rK3m7?kdc|`6FhxiT6mnyjqVOX`;X}JRGc?ut@2eT-zFro(F~5g5^G?y((e{i8
zbLz_+u3oaR|Bt&r0gtN4`p5CEdvc0<lkOzFWT6pkc2H;*#X-_2?$SYYoEf+QopB?e
zB1>`;Hc6m^>kQCA+{eao8MolRKtORBnMP5^E#SUIXIwyu+c>_X|L2^#-RTZDA)~|p
zeZN1Rht6H9>Yn=4sk78_N}Z(sR0B1U8qjI@h8bx467}jno3rxx1-mxz@5}7z<QMn2
zBCD|$KFMvVR0hXpVt*%#L&Yc*Y|CEtFXrAy7G!fTJr~M%8GGdF9EpXHyu7|8Y<K*B
z0COd};VsFlMq=D>ST5n>&s_p1tJ(H^xb%|xN*?>Gg)KjFiMQ0SLI0NOrG|v<v3j!;
z!^i_~vf{zh;PM{Cd;eNkiKoHEJh1cKLiSf4hZgK9IIzmmvWX`E(?KnI!%h`dLaH^w
zxBb(_0oV=Lbvf^0@xv8gyCQg)wClA?1;;p?9!Jryj)MQ<^7?qHMP5-Y^8MnDE%Hjb
zMVdOc$Q@b>24KT>7ip0j?yHZC!&+ER4h>3ZT~p60CP~=su(69Uc8^?KUzy|$tT$}s
z4XjBb@u|hUuQ$o-IPM}IpUyq*&4qF9q<1h-Z!DxvdMg9<`a<*7GE&});2SkRc-aLe
zpSf$mx4srt^NruvwRP|$l4wEeMxOt8-)brwu9|E8%KBL6ra~>mzh;ECE^RvekStTM
z-D4rXd;KfsyRR>Fw2ll|1rcTDm90D?J7>d>ob#Eg4jkK{`0Ir#;@B2F98vV%v9g`L
zI?~JKUZOg}CEs(gTWdQMd&&1)?6bAz*duMxPfk~BYV}d8%J*^2UgE!1<=kCkj)mqI
zT`_bglUNOJZ>;Cz^8aC(Wy2$<M`Bn37w70cV(BH7SOJ&h#O+~=J1(y`?Hx(<jo0RP
zpzSMF<+taXV~^Z1whVs@f7Yq>-(FCOzlEE0YW=qsnESLSbT~+$`y|v);A0F6Ra;iW
z`#*5`PuZ<sB;k`k)W`m#Le7I5FBYN&$HJB)OdMkakZcD4tKiNad=~ke3zY%1Ba&Q&
z74TXP)%kXYWM>+ZotG&{_AF=X`pvl=Alb8=&7Jq=vd%>bm$+Lx7xO{*v5rre|JpLg
zmf>``+93RP)mGwkxWXX(cGo8O%~wXa5@*Avg$Zt|mZd7g3N{9pRZ)gzY+Eg>N?<MA
zozqMrU`Zv`!aX+iu>5jf#=-nC06zOlO`%=9)7ARFe)53zQ-a^8&2Y!q_x6D@vHR=9
zzT~?FPc!3gSx|`<Ji(0n*a9=V<G&x{CjWF!hbDhtS-4-!F~=T>ec;DuT`ky)WNqxh
z`YvSRPVO*Qc<9xhD(Wz+J@o2}s-M(hy0j%b>tL6t4xFG4Mj+%7*^km)4ClkuIh8S!
z54itqN#zl%ck=i|4P2yrtbbi-w%}~otVQsk<z&Mzjo@t9!s9YeF0C9FR`B0x%fCn$
z@K1-fLdv#gF0t|MLbhe*CK$Uba(U#fttP?kbTjk&d-JKC)-k`oKR>}pF6SZ|<`I(r
zW`j01&&2uAn$r@|!&HmwsTNobSLL;&`~Rg}>iygbFI7>gcXKPeSj7!w!Nc4mpRc7?
z_ZxAnh1*0z*%72i-%i^RFT^?*^lXN=xkx|#$Q^STcg$rN=TV)TT3qJ;Cwn02f?MiU
z54(}ur*$p?`A2Tz59XR!4Hvn|JpHa(vEV1ng4ZxZ&IM(&Oi<xM=EAeCF!_o7s4)}u
z>ghb#MNf4J>)&#j9gej)1@64Ho;vO33u9$?3Oo(rN)t~TN8OvAoCZ$;7y09bROZA~
zkx#n9Y6T-x-pGE(mve~nmEO2&?(6@jF7cn9`!W~axQXqVE9+BL`i8z_z^Bi<Oi3b0
z!k_M~C$;r2Ujz;Kke5YVe+<EJ(FMsPSI5m(^ub%ertF1!XjKFQ@QxaKx#>cI0eBnY
zF%vCVuTz>Y3D*^6SPj?asqv^!A9p3NO2Vz1NW8!se{oUX<qy`!#$pxR&O?-MEHqc+
z#X`bOecJ3pG6Gr0W8g^pNDNAJmI?{`O`S!YMNeM7Oo%Z0VEs3BO?(mv9wY^N;rq)(
z45vw`No0m3f65hCv)Zld1XT`bH<Z#pJB61=KQQz^TpnF6;h8CH%4RJ7b~;4k@4M?d
zJ47Q&KXwrH)r~@=cSEoGye>1&Ssw|z<031<=<8ja_i*X%PJ{7hesOo^7w_5K@r%zj
zwtvx%sZZr*I-M+ZzFjSv?4bL<|DrA;Ta?54-5T3r{mZT_M|M-{`BS_087TjMQfZ&;
zB5ituS4d?@9XE;+5=%|=!4D(%6<2Uvr*Q=*OZaiJz+ZOQt^QVf`!p%E)@8PjfVVaK
zT;ABOI$dqe>LFoAqnd5nJcRtRzf5J$Yaa3+a^6W2o|-D~l<ZiTH+@>ScPz}^YweBe
zYd)>pD;6fb#F13n*Sl~pfB$J+hI{$dT4B4FH}0-e?&Z6UBHHd=-nhF?xtILdzX}bh
z_fAFH{B~DeW~9v@8-<FrxqNqBJgOpX{=g7rMB2Psjs0Y^ryt&?bUozxcI-jSlbaZZ
zt3R#lEVSkqYef_b%Q1f{dgMBu?Yrrdy3PV@?pZ7L4zT%2Mg`82@O#CdKKOc9UEB_^
zNzXC@Y%)>*`owVyh#RiDQV{9e6ak;x)TGAW^CZM6K|T-C-<le%=f8RKWHq3*tHYpu
zo`i=}-DZo!%STf$-`|zR!voa8zIU&&Hz<lgheIxH`66J|ZhLd12=Jyw(Rs|!d)Elz
zPfs2FVRzR({tVc>Ms<+dI4|-kmI8k-WE@wiZ-9}+Go--cD6XW(als)e*VQMnhuoMB
zLs<fT6Z2$JMWU?168*qbD9SblFcpUKN5?Rf|5KI~g|gw;7Rj+(;T1b_()xDf_*kna
zT%yBq98okXQIG0L4${?TNB{35A(1I2dT@n~mIC|7`KA&>@Q-mEY|4)YwVQ_*B}dE%
z9xowwoWO}$@p@bF7)h_PA|E`REu2CU9-*)HU~>&~^$_;3C#;|PJk!ov&qTT<e5<6W
zDy(biEqQ?IC>5M(0mS3%r<~1`lRs!`6mWZX5f7w_csBd_gQ@4wWIul>^?chddo)qP
z+NXr5<b%;~I+?h72SS<54AJ-Wu6>@Y@~;jGDjg`KgK}9fb)OnfO*~-_|2MG&<W;YF
zNSb^mYYz$kj4STFeke((50znY?a=>Rythu-OS~`t%t5@bPKozD4&r@vTD-T1I&Rr*
z3j_xDa0%;daoeL*O@r>vVx5Zxe7RZ(o?E+DnA|7r{<m6G(w{#F8Nt;;3SQ(jH9}?O
zDT=@8ToN~uB=*Q1EQ6PS+Nlg)<0ON(?e4Jrph7}Zqi~99eEsM9G8^Jj$Tk&cEJxr}
zcvUfQqCSDMU<eN!!iS&NrO)=@SY$Z@XTaNW6-a&4P(8KOcC~;jrV6}IM9>cl$TNAl
zE>ea*3IEa}Db9Rum*e<->bRd2Q*Li(N{+e1EN|L#9J@BxiLBg}_US(zx>i@V)mI(5
zn`2tL+^;)y!A`o$dYO=Vn0`#zDos6N|0blVx)5*v_=JEvo%eqzD^*L-PsA~9tXgRQ
zd0o7HTmFsB_L=oL@a&ZIuKWjw{{KJp+Y~g4$mc={+otfc{L@pW@>QSL>86au)GYcc
zGIVkfS;J?qSGz8g#Z&9mp6JNp(<D4dEI!i)QNrO#Jgrj<k5(8Smx1BKyF0<~&Z%h(
zUmfzlis9{31s*N%wAAp!1E1FErV?jkq%xICp;rR)q<)~E&wChaVyPa&F*1T<NsIEz
zB4waw8#l#pBk8n$>u`YFs?zj^XFqATY>VMRWs22cvD)iBK7#%95RQ`(9G_mblzv(1
z^s<15!Co6xi3M=mWIaT>bmyo@`-Gc*G6rEPHEppS8Oziyw%8^MMfa<_vQ8}3LsCVI
z^hmg9jT-(ypS?o~;ki+9>?`4c$*tH6wvXc4X#IUC{)8U5Z*l^5Ej3ZV`-epMK8gZf
z7-hEba-qqJBjbB<<abUS`F@7sTO#2KqUG!e+rGPY)uk3us>f2`Olji1Lc(?z@2)s3
zktx%1sEuI@iGlkCY!&wO%;sHnZEQxI0r$s+&@J@9v6W@x@N{^>6>g10NW;WzLG*Nn
zqN+@}p`r|@!;?Iov$@{M1WB0=v1YOl;hxE&JBBypCV0xXB+BMui4;*2XTpgr{+}Gu
znp!yk4;rFb_hByy8z#r$uc|!~61LZ-Rt?OAccyU6fYqXsTE~_afB2%#mK5Kt7HXU1
z<zLiARK>ntEmRjK@7mmJB|_#h1wBGF{DF||+@bp<%b~lH96CHqT6nlUB=_U)y7=D8
zzcN$#|ACBe()z6QW32SSPn;3O{Fzu%-5&W}9`+yU<FLK%=vtC?{TTiV+d$vOHbhXu
z8<9k&eSXU^QQ69Caef$*fr)~oS(+`pM&yrcL?wFvfrI3+DH-unhK!&@10~!^44mip
zV-W5hmDNuX;T*jZhe+5tSsNp;7u?3}i$eaXh3C9a7EY|Do8cIG;f2Y9N5<Y9rTWvq
zH)U;jLwH{8mV*)6Am!^6VJ|p|8;VWrLxehmanIxyr_V$pdO~r+`px$8<Di7sIH($w
zs6j$^D|)0pLLZ-6jk;=cok+^4<Ru`d5#K~wo6!fo1(v*v9(boNQWn7g+$JKecImCV
z>!P-?bPBxF$i~vub&0aF$h5LDJPke;kybnfZm#G3+TYZfWn~ef<ikVEj)YX`Bd8?w
z!KIT02K4o<%zi6&*9k4pB?O-6GPD~Px%eMEyiFYj>Bkdg0TwK<OawVzjYrGhRv-iz
zmMb=;L`<H9kN+YROJBXIE@CMg{R0(JNwguz36x#c>$**KQRh)5kZ{-2LZFa-6URw-
z%@rXQ9w!SiFb&5Ii(sH1jvGe5C{I&ary<I=_6=z(n6%F}rWa1K@87tUySfgaZ>+22
z&)G5O)@)6!UvA#pROCV<Y3kf?#a1G&9IqA<R?UtPOI|IcHyOo}@#=tNB8k+#s8Ei*
zOsHFFJNm=a?Gf}7L600kes>ER@(9&Up35GLPbeqx&ij=*T5tju#L$rC5*CrNaYy1|
zoGJUVJnaJ})xeK4CG;0~7@XdOz10cHy;Gs0XY!>XYjCs_5p>IPR;1+Zo6?ehC!JKx
z0U6rEOIIjy@?3}EjY4?+exahxs(nj(Ut9B5kThbnw?4<RHXoYr7m@Umt0%H5IfAhz
z<Nkgj(j}-O*Jm!`LS1j+vBR#fo9r-T0r>7YN9#Ym)kMJ7`-O<(3<-brk>wCznf>}B
z8J^>xlc~6x<lKG9;xQy2LJU&2g#z;rBZ$YR#jFSBao8<G3JZ1BSkzPn0uPbkujCz=
zsY9vhkws9tbswU90(GA3fqauqu3t($#1T(=ft5f*Cb5?!cKjVlUS2O{gwZQSE0)VB
zkB+DIKO1rlsnJ$ESw`?wez2Art`#TB2u`v+3b!rud-GqtFV}7ev1S$hwBkU;rUh_X
zv}`zfB@9(t7H3P{#JN(SS2oZCJ&fnb2+ouO1G15m9HPQ&k5o&R3^+MXs^-uLS1kRp
z1GsO*(WAPImjkt-mtJ$&6Ip@1q(F<lw}2m%(*r$>=gA0OK%Gs_<RnAYhX$!X9(fuT
zNH{)mQQ7cu;nCy9g-4eSpH@bYjSusPwXRNTMKJUx#g)w|eHnGqmlY{C{rA(h#CW{9
z-D~7{EPD-0MO8G`bk-kIS+_KIshiUoeoSR}thpOw@+e_hN}N5~%?!)8iu5`9XNR#5
zX@591fqftx!Cu6;eUh!Di9gs-7eS-go-P_9p;qW|G$7Z+AyC`OSM(iHIVP4;kFBJ(
zHtCj_jg=8kCpO@Lbltqy<37%hiJja{dp#yI(Vf`qF-PG`?)6w*M>@F<b#h(V<#kCq
zeWU7a9R06Rfspmw#GWzrc7)1hVM+P{bw76t_D((E27Ev`t~|^UcovXR>5(unqBiUc
zC&k4Qy0KmvxSzYiN`N)6MkxU@XwEt~f+eHytb=hv1p7ts_%if2;)pWR1_!AF@$M9z
z2vFu932W_*e0PWxvo))+=$1Nr`%}jkJM0&?b$qeYe(`6KITT|^c+GxsYsVL_+b?eE
z_~H$Ifs}*SuD)p}yh-e{(@FSay=^y<5NSl?BbHMoFxl*YR0K<=w?FbnvhMk2!ojI$
z0XQIrXTdpPoM4YCwTM^;d7=Bzkh)(cB|N^@823+lnbLLt+4Dv=Xc2C#Cp!$99uRuS
zo-;0@2MY!E(1U7KLIsW_0>WxS+$Sqol$1-zk0JQc4Y&8QBUOe-IaOe24=GF8EZ6zb
zO9H464LORtMBfT@PehL__apYigZV@Hv1rI^xzJL1oXVk`q`W3FG7?xo`ZFKgVQN7?
z`gs(eI#gjCy|z3u<S%8b)K8<9Y()th&f%?xTY4ohOl=#%Udvfy1o=C#C`#oRQbb~8
zk#0LjFo8uD4we?re1omzidyh+X<@{EL=tJdY{3c2eF#z~@=0jfUZ-YnAACSWF%N1Z
z2=;!=XSQdK5rd>8=~V_pq=g5oqLsqgo?(JTRQiY0>6<YkEsofkO8=Nc`VEwx>)DJG
zrNyQ|D*a}M^vw_O)Su9!D4WU7U)L+9zQ;?wbJYqBcLaMLf$kI8pe<w#K2y2zCI<M@
zKd~H3CUTSTa|^w4Rw{`{p37p}Ph$Hd_GR4`+c0)dG~^l?B_{;doh3MiN`Zv~BsGXa
zo*yN$9+90<oWMh*#WBXZ`v~sT;#6V9;HNW*hsYScCCf73?s9RAM#<(~q>PDH1o>O+
z1J5quDRI(oy_<28wD4r*xZjgw*)u{Wo*dOJ`qE2Fl-nI@##5!mQF{i%136sJ=a=Xf
z^Kq|cJW*O$&cs!)iaekhqte2Y6up$854^lY;P`-A!{H<L*TZ;<wD4D?frr3NIRbl2
zc!x^uV=wifuHn<ec$Bnw>)C;_0z)0%9V;!~>zVnETS^b(aniyQ*&MFGzJ7#Y`pvJT
z#bM4uvXS5P?DS1$c_&GWCt{r59V0ECd2@O<L0WiBC+{Xpi`NtUr|(kuI=wqVS{Uu*
zU8+lUcxRzskEKP$-WfxCy=w<E#Tt8q+3}6ve$$3$NegE<eCZctM~}<OLJWAFCbh5+
zZ_pG+8A(oDA+-TMJZ-PkSE$risnjoU+G~W=M*Hx3u~+J=HK~pA(I>d<q?W{^p=GJS
zPyoRXw`&5Ahqu!Af8zVr^!;@j`Q0Bc6$k;pA1C+`0;+p9;~0o*QJ!8|s#`_ssUAm=
z<*5{O*_S$SE%vP<q03Pz4ynOG8|kin`O_g176|MCc@`c5H5UE?a<w{vhd?b~x2Y?T
zkZbu>;nYhnPJJ|tAR96WXlN&(!Os$DObrgMw!evEWC8ZjU&k@?5TyQ(|DZrtNbd`Q
zN5dU;DU4nfgxS66`{()ok@WpbcA&09rS8LD@VH(hHIFKuzN==ao442P<suv);R#X!
zprWO->lbI&uaiRVb}r<(tU_i`A+tI!<R<4rUP~2{UX2xLUx@Yjvvtkw3$c7^Ar>#g
zvZM5Ygo_^(0uQHaJ8qy1^Sn-WIK#tLgtUl#Ytu+{A5RYX#Pl;2;=`HNj~-B~qbOUH
zvYnKjZH;rbkL_$75s5n||FkPa-s%P-*ZfRGPN1qqv#ZwNOzS^05Sc{TPR`D@%sJcl
zognhVvyRFC-4!Cwb_0<+e<mU)Qq{_{tG36P*2^DkN8}{Rc1m`(-OkxoKIn|dXU@r2
zKiCB#8@qwX=Ka7U?>N)?#|OLSkvE;Qt?LAl*PWC9sVhWo>jomv|4c+CQq?A9SM51x
zTJO$4WHM#@Wp=h_oU`562_i}7<PUU($d%nd<lUc%h*M*4a;Ek13`Ei+q#4;ZIA?pR
z6GR?%PX2UPh%|Hqk+%IHNA7T@^`(8tkv}_Ud$kipZgEb&qbo%AJhN{^Ry_3c5Gkjs
zP0p^`)y}lGW*~A3W&2fjwzbaL{@w{9Yn+pR+!Z44bOVvA9{TV1nv0xi{bnD%Cgz;&
zyG{^U=A8Wdt`K>y8;IQg(0^aoeEEzct(QL3H6mX)XZ!s_&WP-GPQLP?E)dz&4Mdvv
z10wG^(|TP7A}3R}Q?s+Z?VRm~P7rz1Ir+M-5V@lph-}{vh`iuTYtudu+3uX}o=y;X
z#yR<YT_JLHHxPMyKOpj`Gp&zhAo459HYGb-vvam5IzeQEbMmLULgb=uAo9h2K;$lG
zTK~2WIdZ#mwwF6W<j>B@U+oH!FSqR*k=VokeMGKxruF>{L`=#yJv-Y~&e=Zf1d+AQ
z$^YIJBJXtrk+u5)kxQIu{VD^Isg!M6cD5DH*}m-rk(hJx@47<dg>E47=ly`l*V`Ov
zz4+m-{hBuCY?nRkjK~+x$$$TF7l=IC4MaBV2Sh$_ruCYKyXKL1owHrv2_kPhC%>U9
zMDFSaBG2pxL|$~J_09}Lrckzu>}=0FXItM1BHNvl-_sQ$*LDMuH}?Y~Tbya#oPo%1
zD4Us`ZL@Q>EuA3J?410Gt`NDT8;I=Q4~VRHruF#@M1D=#re<fm(>dFVogi|%bMlwF
zLgee@z7bjW$bTP^>z!$RHv<u;fu?JmvwhGBB3C&l|FA1WKIjG_YxV;ompRkgmVt=V
zAi~AY*}m=skrmF#zwHW<7rTMTE&BnHZ<CI+u6U&D@sY2bvt9CtGa_xy$uE1P3q-bb
z1CfXK10o+f(|Xk-U3+@(J7>GL6GYy1PJVq?h^+4hBFX)L$ji>O-u_6}z2<Mu+3xBD
zk>{P0ukQ+x>$`!->-zzbC!A?*ex&Q!iN~C?J=zH(o1K$y=?am{x`D`N`vH-AoN3+u
zNY}ci$vN8#ogi|jbMhCvLgd@O?i-OG_5&g}IMe#}K6vCh=WOqFg2*+_$v@}{kq^6p
zNPNS8ACccX)B43DU5}4k>YVM%P7t}+Ir-OJA@XuJ5V>hTAoAT`9chhi=vvo&<DBiH
z4bF&s<(&MI4P7AeL^lw5a6cgOcV}AHZs>YcvDG=-)tw;nzH{<xyF%oiZXmLCKOpj|
zGp&E#&~>kQ$vN8{ognfz=j3;Fg~$!vKxF5BK;$WBS~qOy+8%k_IoqaA5P8fw`J-JS
z^80Qe^2vTc<UVIwpV`p0uDRPe+jE^D(&U`{g{~0!ZtK1g`JerO$U0|Q-`s~B`J;2T
zcRE4jI_Ko?b%n^^yMf56jsJZ_RyxzVdmnP-a_4M&Izi-8=j2~@g~+SjK;*{#fXMe-
z9cf**u^o|9Dcf(dv;EUKTf;_YM80uOe$mD*5P7N_h}^#)5c$}d)-@Zu9u4@&Iop+;
zAkylb{OYa{xvv|D{AJ^RfA!`LXIgLB*tM>C#W~w;ogng(bMia7LS$Vx5NX*Dh&=5~
z>%$wnUSss6bGD70Ao93#@=aYKva%b9{9`{L@_;j~$&FoW-+P_2J=+N)cRMG4j+6J~
zuUsJYIL_;Q+4L>WMeN`rf?UKf8N(5smvC)X3F~+(*pcw~1A-6MxQ!R4+h*(5x~}#H
zB3VN8T@@2_ogIU19il!-a12d8<ypnSYuw5kq&UnSe7;dc_;FJ@2;R!AsUUd88A0$y
zNHeUWZ+*VeUg7RBc~hEOpT@gY0=(_)B-pV?kKpm()-61Pe~;A{<C%PQyuKLE;;R#~
zo}JBCC+dr_lCR3M(#_zjXx7^^J6uh4xH`!p-KpuTU#724ba-}3`s(EL)#UWmG3l%0
z(pOOj3XaRFWyie7cUcc7>Yd7SN;fHssx#7g&q!l>M!J+qkgHpGB;@H9o&y&z)-9|A
zpYFq%{Hv~K@$dN=&(CXr!dK^}uP(?)TgAWgGs;lc^Z0iz|IXpxv-x*MM%m|PJgLk`
zQ<+izxqE$a2KZViNeew~p@%Ivn|{utAAUPCodhI=nln_4a|dfRa|8~BkM0)&C+Z7v
zx?Y24>NPk42Iv<4TCc@9dMzHO*J3%LNSp$_Im!%ST+hG1qF?a+-~W%72q+}hV1@|6
z#zkuT+>25VXCjru`&Bn@6sClg3tR2bw3^!`M4#R+7q~RxatZN$zQ@Jt#pR;=5p(BR
zBdTVNIA=z!HFxgp>KWGXQ6ooG&7EtFsHv_RG5g%JM$A0>>=6sc9`?J#4jo=K<D6M%
zTEl0bJEvyhh*2X)oIB_2*)`|PaB*7uX2e<NTGd%kT;Xu~(sky%bHiu5TrO9&b<R06
zD#Npg3~SN68P(xgE{z|bJ2yPb1uoa@bI(d$E;{pq+2L8P9C}}M?wpzG>6z8lGpa0g
zt)7og7c%?Yv($^oSvBX*wuYZO=LnAOg2H8J@BRu@sFyZAr;N8jqAU+!o<O65LsO`@
zAmecu|D9Z{PV9F_IhxZv4olL<#9=I;&rOiVZNXpApV9mf4pMh(IqnI_3F;|t>kWVr
zM?*$biIpaYf6(N;91cR00uSZ@Yn)R%9R2j?Bo33N$%C;-1za=iv>sW(!HQDRMGv?R
z1r+jGa0_C1fD}!5@U}R5Hqw(CJ<L0x0*Bx)jzdFEPyua+!2;8z<zNf_P}Yk%)v$x`
z7w1tb6!7(htttYM7g1h;LKZ}@cYhooMLo(JMZMCGC~s=uU2iDMQOE!mPO&fjp%9Z)
z9U&(55C+v22VxNt+(N>&YMV9ncp(dL@S`{|ii4v#FoNDAQ9l7uLY}#TDuf5|@l{kR
zx+kKj2!&M9r?b90K8oQeH=U3@u@DwTQH%+NB)nZ0Yp=pZ{2AYoD1L*!lcMOUz`}`4
zti9(}@P2GDo^swQQaMA2@<`6=InqRN0(y?bG84skEISazObLIzutg>H%YV^@o6(q=
z^;gW4Z`<#hss4t}aoa}9X13~ti9)`Qqh)}>GLosFZuzYH>Fs(|xQY%lodbY~^%9J>
zR0V&jkHC{75i}z>JVI8%5va>BqMU}KD3gW7VMJ3-;~jxP3sKha=GtP8wvTQZn8LY)
z^qZk@SVAtfzo60!v1l5KacJ<bJ_!w}Pf)v-Td@B`92vzt8Bv=tqZp2$KZ1D?ViL7~
zw~#(DNg+`Y3WdYr7#2cJ2nFPsW>`Lm=w~jlu=q$UjbL#E^#}@Z$I-CUg(G+zET}}3
zmAv_xDyG|i!%|=$RipG}gWUi}D6Tn>z8sdHAr^6C8hR0ZLWQ2O!<V?vKv7{Twp|!f
zY+-SC8!aQ~iJ*5H_9aG(@_y$L5iE$HA<NZf?1%~;0~a)7PZdSxz-eg6<v3FMu~!)y
zaypY_$Z2?}6gYYk9y$g4N4QVWgZ@@3P7(I2<V%jdvouURaey99vvS`xG9jZ<>#stQ
z6Eo$i;4`RPh)L?6eFZUveri=Pre-@KKjN3EEJviW{EUQmXC|!eJl!+<PG@$rJhQvy
zp_~5bM<Qba`J6GtFEyB3X$#kxb^y#$X~~Lesejr2s}1vae3be{x15GJOzK~;+_MWk
zGn!SXkiTXM;?$a7xSG<fSuQJTreR1HVeka(w-5)GWAGO&mkwkGp5*s)usu<3`wO*9
zdozdSPybAFcs8}eGy1Z(t;2_dQs99#7@VloVQJ=<7V?+$aQ0U+?x$wlQ|X0G4yC86
zk}h`f&#8c?GV>ERaujc2L;ULw<W+PaFE8GCAM$1Qp^x_JLX#9j#WNUrQYPc={8=5t
z>~2r%cF*X*@$M{+pP$%^<D+uhMERxMRxO>l-kHZ|R(8(gAMM5Cq{;i%-~l$P^|yJW
zul;wZ{g-STQDgH;jhSvu(}7`}UQBg*K@|C#yCx|3-{t)SGU~TKc)yk-vWW5B<bBfS
z(^!&}T8bx5P&xZ{Olfk;AyVK`5ezn|#Pd5z+{B4TN`XBSU8ht8^i?KDmnroSC+$hq
z>ndGFca}Gz2a5D&8I=`?r6{C6lT<iVTaAr2bHeO!J9}QSl)s{~&y<^`rTCoGJ@OTK
z2HP-ikBa_6HpLZkQzwdGuWW3GMA0b6@I=z(6*7i-WJIRQx^kM-TTpDW`C_)!PTCVd
zPzB^P5>Y6${zZttQHG3S&5+8}zXKl39(FdV^$)aXsLag3-|!N4MSiM3EEX-;19Hh|
z)Yk>{a(zHLWK=&XOp{G(w;e)noD?`X!jJee8es$34yEK*QEl~*GF{`!yoG{hbr18^
zxrstfS8vD_P@dGWJj`iD)i5WxqwFJr+)TfIJ`)sRzToU2Y#+;u9=T@IwsZg(kGv@B
z`T!{!CbFY+faD-~%40f^WLBKRT~TVU$sg64^rlw3InEJstvcBsB^(%*x=(6{786+c
z0^Lv*MY18H;T8@JTO%5%+3hGshTOq6wrc)C)ch4$%};q2$%-<mud7&*c4|gchA{{y
z#t>mp8wO!o8}>Ukf=Es$M+<~Gt=xV)__xKT^a9a|9MnhxXnbX+uhcCH=`yra&bM9S
z@#3em8{6&qi08>oD@c<@Ow^lDfDy%`VFAHpghS**!6J(#dwYz_=`xOPZD0U#ikzg}
zj+D?3?L*d<##L0wK#G0ww{nv{Db2R|Oo+P)eXuCXK@j_g8yafcv1TWP?EEt;S&ABR
zz3ned&nyJp9747_$|1P&<92kdz0)$&#kePMc%&BgKzy8PQ!1vXd<{$QM4T$e2V}F<
zBIJn#(G3fuD9&Jt!ZrY>hyEkwmU1CohBjf2-Kb#|hl~*NAYLN%S|@ZC^SKTs;S@Fp
z5;jprW_Em^$dK>T5fQi4!puNllQ*t#R+X9++6V2Y%(ZC`iS7%sg82V)^?ZEZPpGFS
zo^p~A&y_pT1HJVo(ss7Slho}RN#o6qH#RoH9J7%JM~Y-Q&(nA&qF4SM`^kyuEteHo
zw2FkMS3<5HN-M~@X8Q-5mb7K*$7tF-?4azvbkva@5^d^+MpUXaTQ6Rap%*VfR@p@*
zthH)cYvm_cYxx7Ru~k-nL%oj_mTA{$P1YGg{nRAS-nwkW|KqyMWVEw&nWd9H`K`bM
zVKHl|!y@al)s*i4NqQ<4MuZD0rHQ!`ey95op|6Fx@H<jgeWOwvT&#M@uTg;COoWM!
zW6hYY#Yz+0qOWFYvDw|wV$B^D*t`XHKYE<cb+J3gNth=$w@2*T#CCX5RE^XeAiZdm
zmzT*3^j_1zCtZOhQmIjb*W4^m{7P2XQG3fdNFEY4uVGM5M1%T{XO$OGdU5b<L>Zl?
zx?UK)66Qx_x=!;%JL?XPu|?~aMW`RH#*m|_V8g@IAHQ<m3^|j#ikQxYEQ&hYzWJ)a
z5hS6GM6pdJ4rM0h4;Qv7J5Q;~1*9s$Fy$s)g$2!B%VUKRrL|({gIc984-7Y~$X1sO
z&$&&^bnQxfn%!H<+g0EwF3bmWDlr#)5h@n#_b7Ly0$%Ts0W5u=OURXe#EDYt=jV|)
zaxI~fN54TE5m5Ihs{0jLcWRsq&QWvZas_(}AbZj;u@P{pu)~ju9++WTwj1kf)-Aiy
z&X508&0Dy{=EfmHL0-a;R|`b&B&6QY5%3;lB>8?p*!JoGIRic~vKQdFd@xwVmT=ST
zA!2s=SEz?4s=IOOZkoFL!M@}4H`>A4JD?r5(H{5TK)Vt>FguNL9(Uiin2mE)+`+#M
zCI4?Bx8i>ZxyVmLu2|VXC(A}2lZmAd?P+0+Ag9ZiT*I$SsjFUUL{rsp)1P}$RD{Fo
zyT8z*_S%z$N&2JHcj0svEwAwJOAdsTSVRc7-y(r{>t3{QWul6pE7AnTq&|x;;!+>w
z4>-~Gx;;40#66WJuDZFMxZm;RD;-Jf*l9I%39<1wmkV4!y8bWBkXE04=A1b*s(#ii
zDP8?;Ue&p^XIeADvs6LO^QKPIqxUYeh1Z{S!JJgY>QBw5U^Pd+O|VuU*nr+Bh8wY{
z2|aQx_c4!L%(m5`$_zTc5|6a|2&;T)>oDm>Hw1a2%`2fcDn*p|WXIAdVi6WeKl-bA
z$}A|0u&AE3Mrr_=V~W}jswN@INm5`b+^7i*!kbIOldu$S(zv{_e2VW_&X{rr7TR_@
z7?xdRtvww@7ITe7q!hvROQTK7oh`zkEJlAFlT&2V&?PMac$aDUBheCo_Z2NodK1UM
zEp0}j%&>KSwW=Xcu2DyeCee^LQCdr&0e+o&Ng;KRLZXrXvYApHSLrMHXahG<Y+N9#
zcmUj(gaymckdxHNF?WV0mzIOA^dt32To9&a6q{7LB+(7kWbaw2l2L*$Uc%-OA(S!S
z%Fd|)^CN`U;x-iUwk1-{7F@6lizZIO;QFc+7=Y{ZqUeYBtT3U+rbkc~qJVqzqGq}v
zHH0jny3IZ?LH)_I=LrcG$TQ`WDBy3IU+UN>{B(U4`PqKEg-92`-FYHC6&wkNC9Kda
zYKnVM{3eF}b>yMzK6^-F4f_pf#5zo*O-{QHC_hRm9`YoD5+1LjdOYqS^$(k>$TcCZ
z2_V95kBLE8TV<mEIvxlpvJd$vl70(=70cAoDT>-@>Nt`u9zIlOOO@be_{<|zY;iH7
zQVk49Fr!3*OUp5sNlNY0*-E8;6Vpj1t9usaQN0*LJ**}H;)wD|yC;A<#(mXoVhO#A
zVKC)EtV03UREez4*q}P&^(pc(xQVF$Fq3+Zg!dHnH&hAqzz3d6yK&8!YS$zpjN)Ul
z&(g!>R=KpC9Ik{Bw`*dknyh1rOH-U$nc`Hs%hiXwv>Xp<vqJjukvR8h$NKosV4te2
zHo6cEd87Rmp+|J;32vPfK!G;IXKU4SwIOOfq$cfFm*BVAFe$;^Vi(YkbrJmqZ=7i<
zg}LlhdG(OpT~;vW`K**KNbrfbAY-=5hhlXGF2H%V!2$D32EpQrk=plAXDy^3Uo+R}
z0w0q+%*XV%*=}c{-o_c5+B3Ez(!?3h=Nwv?^Xn~IKOg48yaX|7Gw{*_<tydGKnn#-
zkD{?2#c(XRh&shT&`=JXZzqPM7^p$dhwU<{hR@$qhi0v0-XZxOXh1KChDN^EhO^^K
zW&<Xb1ghX{X$kaBs$EgSw{v0`kZ_Gxpnzc5WM9Jr)0@ae{m1D{injp`d373LK|W+o
zTrCkvdmvu>FCQ;ai5}U&{;gVbQi6FYNfzZYB+MqWORsckIV@Dqv&RK?*e&nYsVxeq
z+5yGKA-Rp+v=DVJ{tIX7F=o4vEap-T2vV+mK96gTcC^5N9Lnmm(xyERJZy_-$1q5G
zB_6~qQi-GNv(!tJU~HmVdt@UDcxO%*5-=#mv=fmrF0u{YpcHz<=9gQ%BC`{LPM`CB
z?9y`lgkrIFB+<cMd9al!)h<sTk)lLb-bKVZf4MLzg`R9vCm)SU9cIIoi74sKXE)06
zXdmCmoSw5r-A=LJ>iyJXd%iL!nUc9o?sMwyS7^v@?eVt|=E>ze9ThS$kDN*Hq#AuD
z_LEUGqO!qW(RDh%@PNOSbmn3{CQ+d0O?1QJ2zq8KIuE8lJNXo-X7rJkdlfzMa`I7`
zv8W+q-0fS?klLUkHgkx#(i|91b1(#AvN<KJW6?0l!{0SAH~LbC^XT`WfPvhI`4VzT
z)7Qpu3>3GjH6){Lyw~tdnjxVi#svgT>=Wmuzj~84)<01;NNuElqijGAxyC4kgh_EU
z0>w7--pI??+%YU=3#~M<9zB1=(#`0*5XVID7fJdph-Z8f3gc9}7DUJwQ7nZiCVKP}
z<)b|08H6?SqZokQ`K;3Bw~$H;z!&*3eicT9m-9^wKrhyVE9a9f=T}PO?39}Gnpjl9
zBjHMEJR=1wgFX2I#}G^jqRN0!lQ!0?P4HqqOwlF?^dzxVABAJUh~h~7fgL+^N>viu
zv**h_U$s>x7~fp@bG>kqf@!_Lz3nic-lRt=iOqSKj#YtI!V4~~pJ3(*!Z-7%{+Ab+
z76##;^DIPoF+YJpSU=xXFVGKP%?o2G{GlL5_1!bCoAotq&G1CNum=MhQmVmYKY?n~
z)=iJpn;lhCX-YLwi+$osqStQ|y=*=ay-X1uo8OV>WlZ!BOms{U{eAa|_P}lVYMfH6
zz!7So3MG{2k@P9OJV<KyUW-KbJ!A=Nm~Wy1$$aLD2j*v5M=vug-7~+Vb;LwWJ7+H{
zh*SQWFA%3I2Oi}Ss<TOW#nNMG$G6~S)Gc1<SHMS+#rfbcCeKpnC+(ruXO%~3cjcUw
zjDL=tiS}``J^3#QfE+%mHj0ICx`_h%E3vMVv@d;_b%sw)M`OO!YgvvM^U=K%J@V#s
z_lLOpm|kj+1~0DUuWE3C_Iuv*q1^Mf7`1GH9&gX7mT&;%w%J*0NmpswD4#Y|ZSNSZ
z4fPQYy9#x6&Kj%rQvF!WtwjN~Ci<uI__%H7wqI<sFSG%E<!(DzzvbBrOIkBlwD5T2
zR6AiqcDh7Hx`xbjUuLIE3w}ebj3B(lc=hn)6b;j`mz}2%r+UGqx2Q*OU%jcsYw8Uf
zWDnIxQ}&A?cVYnv_i8L?KsTTBlvl~G3gne4n}jhs&(~C{vI@DZ@}#27%M-<9xX@2Q
z96j<fRs}_0Vo$waxjuo<dy|mMJ8gQf;z+RmrysSz@N-v8Y9oBw0H0hWJ*Y2Y4`Kkr
ze~(-@RqE?x#d4`{o5rNENd+_1m`f`j!JKNPghd}AO<AGxbj&G6v@*px@O~YUdaEK8
z{7E&&Y+_LFk7H9}<SMnkP&ol!(#u5<RA=S%)Q0&KAu%?4MT5HgtGXlg^IKb48rmSX
zAM_*^)8AU=)zT{ZiSmmOcdt^Zub@8xhPag503NPSsKt}bEvyh;aYYmcFsOyzpVp#|
zXN{}V?sOklMB^4i>fbO-dBr^9-KuKlm2h)?3l<ggO72n<d&)*$Re6Aky=5bNKYios
z$Z5GAhug-;C}mRilt-fn0(#7@U&?{V<&S148D*m%<73EsKy$qo79E;D#D<0eFStmW
zyA#+`LZu$VKBR7Y>j}kzvG(OUH>jnfvchIg!Bh&<e$2f|Z%9oy`LqGHY$hw@c~_II
zKDO1h+3LeW4}9y2qqmrq`B=r(Tv!cy<=?QVn2mYuP#;O3fJJb}8Dt3+gs095lZ@#b
z(Mw)TfDb!*-9D}G8e$iAHV$HEgE~MUj=n3<BQ15Fv>I^m+J4n6J*-rZask^dEp31g
zizMW02MMj8KV9tLtYWXh0kFubWM<6&2U)Co3$vX7OFLXB?o9G)1KjK!<yESuFjqU3
zhh2F{q?Oa;>MNbv^kl_m0Q0m_ss32lrVaFQu?1XgKHJNBjJ>+xhny-ngDs6Al+LRS
zDQP#c2eq5nZCC_zwTp!+*!?+wae$9;a>E(gp+uxlPpX3*;m&&PAc3Q<z>$sXI7c2V
zBio)nn^&Qp%)p*-UA=aaP=`-KZk(A~n0#ND_5{k3DVvqDd7&>ewm*R*;g))BkTQL-
z2>#~M6~qNZT`?4BBSi-N9!be-)p6lHVSXHYOBmRy`js}why9e`=&g>p<hvWxom9MA
zAfZ?f+f?0NPoB6<7$=7DYNAVz;J^kP3CAVYq334q_&oi`uDqs(l<{EL=`v%yx#D2v
z8H|$(g=6$E3Rro5_Hagxgs+Q8zN|XW#G;jH|7prz{u83Sn^_$`3y=_f#zh9e6X$iW
zyj5A{slEamiUb}kVXj)wlLNQc^Da#!Tze#xgcz+K$ZzxY@ub*S%+;GP&px3H^T=DT
ziDN!^b#m3TvJ!Q)na+DuYAVq<O&b_so5!d^j~>AMBnmLJ(ZU|ci-a*B7KG44){YFC
zk+51DFX072#=M7|@TZmvwJihg)&v&7OG{(OCqS0-WNN{9JYYFHUsOQ}n>6BuVhp{6
zC~uN}EYxQ(Hu{$1WKA*V%3{QMQX5z-^U*jBbCc-S%8F1_n21mv#auA73Bqcz=zf7-
zNe|li1BJ@YyR1Gz=1nmQ_&aZX;-y$Cg+Lv?tZS-lgDd!C-b+xxM~e8)#($fzP(qxC
zYQI?8LP^vo{zU~qp^&9mScRc^RF!~?YKQtK${MK+_iv;>14?0WRMvJ{ClduPV}f~2
z+JpdkGh<n@ez;Wp{2}H--n<lq%a?>Fp@2VNls`4!{PGLT1$O{vK$yRq4PcF4x#ug)
zC9^RD!iylGEM?fbIMuojpun;4++sdQnxP_JbaDn(_E@<p;!kLwmX|Bx${xbR5PZ6j
z-rtJ?8hTLA@cY~CN~bHon&L&-khVITFgLDDQ?(E~gt_sCsq|!odXlsg+@$97YN>rt
z>PN^Z7V66or(xlph|_daF0^O**78RNMATW<kMZsbV+|g<42?<rD<?@y>fhK_qB?cY
zfZs*X1AQatj_~1#YG&ga8NibF(IY33+mnnU%EkN{_Zl=dsRco+c>9a7gM9lpUD|X3
z`6ScEsI!d=gp84yrVa4hf2MI`-myT0Q3Q2nkVhA{&p}wxpUxp`bmEXt7KA6YVlJ#N
z5PV2tE{u#TPbk9mRrS6~2GIWsp`jfS$iiYs1l>^_l4LPKJ;^f-$8JE+5jeJrq0oIX
zL^wekD==3ZTZ~3>GUh{BE4l0l|8&LBfJf?*m<!MG^@H^m^r9?Pq*4ud($%7d8gnHW
z)QcCiGRMW$RBw#=03~>M7?zT*O|Qx#+wmw13llut!-MkLaXv)3g_HQ8R|^{OS)J}f
zAFLG-5{)xWbr{%)1RC;k<sJ-)VKF;hp14{%qm}v4Q!j~LL$~qL+b}<dMg!*m6%E;N
z8upZ;4NGF&PYNhk1Pfz4Qs$FFJDwU-S37sS=U{;(`?gIT|4i@C@M#D8&;$3^Yh#35
zuhOl;0vRC-JcNZjoZLWa=Q)>lI#pQzH0{i=T$ft3SdENnVXC1;E+gE>TGWu>O{9h~
z>Dw@e6m_nC4HYyV1$;HPg97WoSmbwmv8dc?e+FL^wqX$Bb7Q=V%Ycgtd9eSxxzv)E
z6q@LP+Gfm$7FQd!*~WV9M0Kt?HKGq5cWFlm^d>Q1AA=sUXiVbK;cW>l4P*bKsJETR
zZa^XVA&oqvRYW$CSMFe|Vi1*n0CkikRdI8@9?lr6g{NKGDMI_D55B6?HVL6ptx)^7
zhy@RhD-Oh5#hJvSSJv}L%E56IaP7RVFe%!EL3&y)P0WW?g<QT5<|omcT!y(%q5)^?
zNf@k+5%5sGHbTHTarn@cL>*pq@qk1;Jy^*sr5)iTp3+xf{uG`!u#bhe-}dLXDD_3!
z)uOmvVo11uflw0BB8lkM%1bc!dt!*Oe#J@okn9o5tiA!8x!TkTJ+Q#yjvc`v&FDE2
zhrCRj-d}Hqhw59g81}g0*i)}S4{WSYq5+HI=(!pV2*sfy4ujPayc%AD$9m*iQnW#O
z`kE$8JOFN68bi-aEUrWkRr`Lf*jOm7L>*>XJaGG#M)t)kOO+1i)jmnm45LeI(Y=M#
z^R1e|5_n^23x?oNS_JWCEP>aT>XnFcmeNHlHR4R4D7F`Q?914&6|*5>)zSp1p>fiW
zI(a<fV0ILH>V6zojXlfl-~QET$eI8OGKescIz#z1d(5=)C(7zV34cUl{`VJ$S8#6%
z%0j~B6Rk}xFom-O4w6ETlMysbv|xdLeiI_xr3r1M4|CyfOVy5e!f`VhUT|I%1r&!v
zA<R99O#nmcn-nZi%acA0pbZhW_Kz)2wb~vO=z;iR-NNE#)nvC&J=^Hz$0=RU=NPkw
zUuM`EK3A5aU(IGaj4Z8d*Y+6$ORT}m75lbgZhYHR9{S_^M2Gth3V$aSR+&WI3K`W7
zBkAd7y;_}UALzL;d!T1fm|P}<MY~FHxtd1O&m&npT6v}t@}k^UeXb^fd!LAt=+VZJ
z4A=Vcn16ytDe5dWO3{km1bXDfoV_%LMUC{0=S3oQf-g#V#ub;^F{QA$Mb_H7YoXMe
z^@YEd`gWPG9bDW#ZnKWNb;4@z)=AZ^gK&EuuRIUwtvE(<*C}-x`B|q-iM1A+5^+AF
zc=_UFiotv8>v7zxI2L?S><M$N&iH!mUVM$g1<BMRo+7(N8!#yStQ!j9L7fslvmi`-
z?I(Y|umeN4bYSQf62JLmkHiT2??jAr0z#{+3BB;rQnFUzWkH<EXvW)5v~NN~USban
z^^Q}M%t)w#p$HDuLpY3&o`?Ra*&cZ@53d!PtWFM+0s|%%$woD{6~`jEo;N}bB~S5a
zQXxB*>TC*pFZ57qw4{hDZ0mF=(fSE{bOg?7B`#WnUf$Q9H6U_1f5WF8UDQ4T(n=LA
zk}z8jL!LGvHNHWqf;^ys!R>ksi^0-<A+RWkL2&C~9w#78sf{hr7O>q=3^TODgm%79
z8|cGf5YR>n41Na%+E}5-a6k<Pr(!Wo(GDS?4x+aMKE&WuZIVwLQi7%Mr#eEnD2k<2
zO9>u56j0ihfLMsdQX7(wgY|oHghf<r7lNsX3xUDU`ST-H(Nqjr^e6Z^j}Nr)hhu_0
z=EwOv>4Mkurmul?IbLcfktc<v5<Fx*5*3Lw5j`cm?P?-fb3w;t2-z}K`PP|6%FO{X
zQr<e>WG?Ip*ZA2;`DnJlo^YMtjA1FX)zJs_Y5chWb?SB61V0+EL1=?TdRe%=@jD+@
z)#-6kr(PJWhjAqQPCHDjL(h#;{|E(KJ?H1q=z&kXOyk-)B#1xrnpg~lCU;togjHI?
zHcN;3&=*5b1N#2T#-W=`pakZJ(UWYz{6*-QOUQjx7h|AH;XD(ELU9;}6Qbh@<L6yM
zwn*)G!d^Q##oufE#cWL%$u-zlU_U+yzRw)&9l@URW*kEP;K&FT!Qu!WcnXe|usBQ!
zsh&M$qdJ?LzOjX;XGcc#5E1fFy|4*6l?VxE5^@+dN7TZBFwms5(S)7!EK1rZGwD_r
zrERXa<nQb>(<sfL%rr+(lA|pN)ux@MlF|e-(>%lFJe*O^Zz)Z`%rsAOn#VHIOrbOf
zWu_TNNshN9eL|&~OKH5BX<p`X*4JC|S9Y3eO5@2)vxC#zQEy2YlPc-adP??`E1ixW
z4>dD#g(%Y*mV}yAp5rOYxXh9dqBK)1UdW=-+|T7c-&whPeI-C8%(f(4kSgJ5D&UCD
z=^98mrd#q1JN*X!VzS#`3{w6|OTuIIsZTDT5{%4>y}^*(N{|gprHWFj!!lEaDbcCz
z&`+imqcc;CrWBKj`-YmZFo7dsV5@GS7cLOmSTD)wo+Ok=W0Y26k<@2nU+E`;OD8hN
z50wIko7fYI!rDPT94+t4=npcg%_0-+_ccNr>qCS_BZfVpRcK>H9P^<UyADAKr|J<L
zF9X9zl;NS{vG+LaDL3&T#n1>IYG&XRrH=(+Rt$SKVV{edaU?ufC)S}C2DD;t39E%R
zf(*e=XSc5psX>HW15sPh6s^QyIr^vYkP8M?kdJK+1D(Aktnv$KlFuj_;}TW~TZEIF
zSsbg-SEE-}s7It&8}tSV|E$xKjd4WyTOEtCS4AAhOFtev9*36UcoPpTSM_V)`t_7G
zrJXTE40EBeh9q!9%6eUGkZU_KzM3RO6BjKMKozNc$Hno`N^*2xt`m*afIo=1J%!cZ
zhrt*YRbcQ2EaEkL*J5uaTfbPEKmn_}CBU0;G`#B-=poogYDWs~RIhfFAKj!ijuBW4
zTk8^}wY?4c2qN@Sp^c$Nd2e?2iuXdJk7^s!wEhCU@WWDVsJdt4eM`08WZUj<r)~Eu
z*>?YoZTFUrw)@I#+x;dK@W-6A?H*9vpx@ZRIG;?QTgu$#g?&-&5T8Ay=3avyxTiLe
zz&r^r8cJ2>HKCg<)BAY@M+z*CqnBLmd_98sa4xUHFV@K>^`rg)nVC|J>O8oFEyL|O
z0(0TPB_<lMJ;#Cvm*_EN0!NB@*B!jGSo|DQmY3jO-M+jyxB&eRJ9ucD(uz93=JcyQ
z$jZ56VVFFtzxNO^rn+HCvxATJpg|^WB_fO#6`cF7B?SNNIpm0GBYToHOKyuH^%~p6
zn2By#fQ1X9n7>Lpo2@ywHqy&`(<t@vel?CZAcpxcy-6G5(}wtPfaH~-0|gF%=_cm>
zhCC(r3M__#W-9%B>VR)o>pnE#CO5D2*ijvAH{WMUc*IQ=d#2jNqKT>coA!kli^?-(
z!bhsAH@kU@1U$->`g0Bs-?6DJlb8#Sa7)hIVSC|lZ%#ae8%C1o2<QncW?$m-YQ0qo
z91R{dF>YDKXq2W#9wC%O0r}~$Zz$j3QgyP#ZqkWIuWNVs)EMT_793=u2Yh<S9!x8c
ze@J--2bnl%6CU4&9=S&QwO`rdP3TR=(4!A0#6C%V+E8wyN3rMA3-nNGv9Fp__(oF$
z7P=IA)PxmFiM-3xWEwop{xDc*z%v(G$O9FZ@auj=_m$}3SXuNPkMuWU0lcOq=s{zh
zg?aR)IGzN#dIbA5pl>G@!(Uu_D|)Op^umi$$o0x%TZMj(v!sVGz$ScycA5%PRvgEo
z<TBnW2)W8|EVR%gKa`1-Bkh%6@{Bl2_+?WH$^5p|coE-$Cx&jQws2^ekZt#%i@>di
z(4$`?^&?WH`x4~Xcp9W$*8ahnQk&#MFVvDR<AGc~q>U<2s3zJ$h1=_S(dSr!;%GgB
z9@wde-upWah0{m~dZa#HLVxXW5tne;0#TgWUFMM&@$$|hS;IT?Jk{uxvlxM%Gf{=n
z`~i=*C(n!Q)v0P1g4bSXF2PN_YzQt1<=u*v;2~X)q6Y@(u{h?!0}FU0g4)sMLW7rL
z-U`GDeq}<Vyf?#jNAN^37pkLBXu&*^C)(f=8N?7QBrqtkig|Lc-d`4=@ipcqwQ?UX
zTlwxnVYAa!`}lihhrj!JpZzx+#{m|OAkkvz@8V=IT5xzH4rO7T+pGrHzFXRoTCP<z
zk)`Gzcvv*${s+skXnwon&r=P{a|HEv4}6s)v{7UR{c(xV#*o~DH!mc8cn_pI5s%~d
zl78&HoHtct2?}VcZ|`Ky<gwVD@2<MNCiGB(Cn@1s@=M{Nx~Q6?lJK+;ve?4h6^K<B
z`X7e+Mp=l)S0t=9Yl3_!L)MVg%Y`o&aT6B;ad8w2-~%m=gJJtp3kSq;a2uH-D4;dR
zZgEBU#VUxOrF0B$dU|h>mBPz^V#WY6TU=f&YOpZq$D-94D(5S;y6#I|@G_Q<mfE8p
z+DISfN6}3J@-h_g?Goq8V}A+%2C9C;g;uKi--BQdD;$meU&6u(*nb}4Q5f2VC>Q#r
zHlXA<SyL?aghEJaLjokb2%D8cFe@4o-doK2JxQW!?@3FgOR|Q@V}VtC8IVv$lH#~X
zh92RHmcU(tm*EYLp$C#Zw85&{S1sf*l_a|1?t0P;XT)$YtP*NG=i3~T{T)$(ycpR+
zO&9Kans++`^x%apDS)<ukR_G^<lYV=$C9Vi;qQxySGT6xT)@XpAKH7stSf+cnfqrv
zOAf247t~-7zPK=!BI`0D3k#Rii_mREn_ng_v4^t*+)~E`h>ceyO&kDCtaN!g=X$j1
zG>Ws>lDP7gMJ*k;QuW`eG-t-K1RhE^j3M<8QNS~*$kYxhWdIuYkzdBci$+vCseOsT
z3d~PxW+^PTu7btXrkYuriVSGTCwPc}+NDs!fn>OxX(2+WNmeWLYp_rst{UM=s;}OU
z<tbL7p&b&y+@v10Ow5N9N%Yt9Hmkc9kzP46i3RY!mS{!~+`d#`;W|Y>l{x^zdI$&e
z<S(2<R>f_~{H5l+VqePx(o^0^6T|REogjfpl0Yp1hlzS9b$O;9LIHoX<(hz%84@fB
zyV4Tu4|ScgP={|yXcf#RpXZ1c3_;@(%N~7yUvZ@0Un~PyxXiZDhb#HIfOz&#-L7Oj
zqmpDW)S7H82Vmz?>c7WCoJN0Zx}JhgkNzew4?Yu&Pd=}~c~PeD`Ct+IFUlC==^>u=
zy+XE6Gq8oAhj|%qTC=ib(xI9Bg*IM>qGE>W7pM{Tg_wUl|L#_!?WBd@S{y@!o6(Zm
zga85i#$sVlIBCOt%|s+o1F!bbMhfj9@^l1z=;8{eog{5Q$5jfC*_-!v+B>X5=vKR{
z3R0%c+o}$6W#e8{FVGM|3f)I$VXg#U4D$v3YZA?(S;ZbO<YOq{4Z&a6WeNJ0a!^jS
zXI_2Nc-D?Sk|$TGzY(70)u#I-?5PvVbI9;B@+---8z7ex9X*8_cK^68f(TcOh$LsF
zAAC|L&_|Enc12{YVjBtZb+z>1Jwv6*hhA}e{MoIIEJQ<o#h;4$5ar{kdguO`K1>GE
z12r9IQ+b{F%JvD>ZT5z}^3*1>Nvb<-&E+wK4K)G{NamWvm?&V=PcHB=Rp8@X;N!U_
z=AN!a$URyvNX6t6Y}!ztHk5nO#(L^Sm(^wtrSyYGjVJ*Wgr{pGnWHH+{&YXs%Xj)p
zef|qWz-d&2)zq*h_LO-4bTdxLXhzJJ+EjM?+{>CVA3ku2)D24bbG@(^I)v3ihuln)
z^wOFxNuGqk_2{3MNpnLQDAi+g;htPxDI(bzy+NctcZe_T$)Mb+9ww-z`;sYa{nUne
zC662CPK&)y_&QIl+s5qpm!-^(2HYuPdI<YLi_M=BnnetArFL*J;%>Q6k&@(9!>`q;
z<#EPB^c~N?yGh(hJ%;^YhBjWHFOCNE;{9TMV`@ZWCmM}iw*<+Lf4N$<F+K^GaRYR{
zR3)~8#LQERQ?q&GMSP|yvkKu}5W0y52?X*k;hn`o8{(q`&G4i~V)vVx1mRe;34`U+
zs9u-mwxEDLHTKXABTA-Zxf7(9DqjDFdHwQSlMLLK>v;EDgEDt-C!wqlkzcki5Ruwk
zuaXrB<pwse_l8m%U6@|M;eq+upuHBWw4~Rn7!nG!X##yv)rwx_glc2`Xn<D_wNlmV
z^-5*Ytysk4Ir*{}{fFbB7DiRf+n$oQj;IM!x5@tKIO)MYN8z}+i3kol8OP0~-~JEb
zprf$=afIz!DYT=gH~*-KtaVuHsHtkSskQ@0=Dp(P5$&slQrv7vZIGY3=uhV5PZTe&
z<?Y*_<&m{AKc@OF=0bim>dlx-9?GR8>MPKIe=d!s81*_dUPljHqN#HnJefO!+m;Hl
z|6sYMog%bhg=i$9rj<d5=a;BGONADCSxO5D&oA7!z2}keKo8Yh3dyJrKY@jd$P6<i
zEVghkSx>Eqk7GWZtPLamI7%BM)HiQgBL1sp0>WofkOfl+*DMz3Az@QUS`+?(Niwov
z6{~F9s`J4QE)v?5%%^O-P4yfl+R0+oS){+Qgk2f324Q=hcpeMk1ge&Y9MeKo$dP))
zw&(PL_PF!r96h8R?t}3*c~2~+r&}=21%1I(!5}I~xe(jao1tvOa6TJ`ccl%V#}}s!
zpW@bx;aZj?4<lQA&*TUU!NW`1Y=iG{HuzANK`g98-@FWipfO;7nC$9&)VCwbSt^P(
zkJ<FI7bIvy2!$=&GHw(5SUBFoLwKS)ui0jT;Xd@pE$h^jXoBNNsfCY?92U(Z$8+`)
z6Fu^m{D`O3RbX$gy&TW}YhrFsL}}SQjCa-ZT8aP)c(<yH9_Fx%f0Ejrc&*x5{$Z6;
z6}R(@JFKZDnY!B@krnGm3d02^sm6SGs77ERtcM5|!CiHX#-HjeKd(#mw@V!5z_?=$
zk|v6U@U<au99&#$vCMfVC38Fy?#fN|o}oV7!ojf7Vw-xXHd1utf^TwLRoVoPcciA5
z{rq==)K1}<@O-HaEJova%%6aUPO6PbOK{8Ox5pqCaDDYpLhx-jBY0yq`AzS-NfnGS
zd6f;^U!O!HDdB*mg!$Tdp^fxHp>~LX`PvY10~GQE#OGCdX5ie$wfcEn(}8NU7s}ao
zd*4cu-OE$wQFJ$9FKuuD^%dCra74LI4bZzsBgsHnhXbYHB_B1Wz1~Cjr2=P#yNG4W
z!CSuV<8p!PhyN47TjrfvRsAz#w`4|Y**lKQzGAn$+doIeZrPG6?46Vxl+(o0?Ht49
zP!+>v9FKyo#}hk=&0@%D=;58;O&s~GRQj>73_Wrh3iw``#XKZ9HG4j*A~m12f)}M-
zVF)u4<$x9QV#MqXWqf#pUrjZPXGw$dW~F}Bo<mTfg8>XXWCg(DsCx9<bbKVoU|#l?
zrv+qQ=)3JmjtxA#+tAP<-e(wdDWQ<?KXrOE#nQnMD5^0R3Yw5(`UT5T=o>NkAyw&o
zzaM+ZVig(Jb_LDsZIWNxK#CUblEmZ(f)z&}j0!8od8V*M>XmBC%sp6Cg&uhgd$At5
z&3?NU2T2iSiL1gEK!L>zn2a*14fUf}o&A;C#9EWy#F{5zs@gU>HlmE!E0j^kfl@tw
zKX0<8CRKkY*>MG1(=i6^sDVJe4cb(L7!rnvj!_#cD!B3TGXn{tT$I}VZiZC!K{!?S
z>G2kI%n3{*L~7bpQ(c~p7|xLkB`mN{HUT4yAr&QLg{{5@sEt@cZp5RUnO0tqI=Rap
zK{!I~|DTEaRGw(F&-Nhf2ip-126Dp7lsKA&`V=%~N(;R(Q4gu%yjK=<9M0=FW4Kvu
z4Z2GgP-Ci0Z*@1*O*&bM;}qmM63)^Fs%?BZawh+pycbX4QABVB9#w{eNd;^|0UH-;
zqd2fDpUUCU=iq^`xROnS9<qqov>#PDmS#m%af~s@(XwR(50k{lP|$1-Jggz1?Z?3K
zDCU=A;07LENt@vp*+Dh*a$9{>*aM&IRHYxS>rSOT5}p(+n^cnrdE4_kj-jCm9Bm(L
zlcxgF81hTC(84ffBX2kg{ss@2j(Kt=;^}Et<48ms>l0Wccc7<C_o-zKYRk39?jnVD
z7b%dxVY&(;_SrkIs9AlDxA?*kU7ec8216-{jS@m)o%Tz=HcU+&8dFh#r_yAj@r>rw
z#&YhA+tvQ^I@OC#QV+}3!{gP%1z8Wr+MRe7{{~c&;T-t`Cfe`TakNm5F87-vwP#$y
zB1`M%YatRUMf*7GiY#iLRo|#rcPFX46V%-Tb$58y_x<X_!&4u&VbhKcs3+t2b`Ad)
zs+Y6W)_L%osm=2?>#Du&Glia{2hHiN^#OaEt&niN;21ROpB<MHJ$xvRfCZIw8O!A0
zHC#JhNI+bCpcJj<|BtzMfsf-V55;Hp_?wJu$<foX96uB%G0ww^CBI`CP-NNBT9$+)
z$E$=ejCN<Gjdo`?GqaM`iEXk8kKPtgXn^vPf%IN3w@#qY#~+7BxxL(L3Y6Oi&L4UU
zx5ZE>q@||xbt(P-&Uen4IWxN}Ilc7%tNr_FXLiq=Ip;gy`QG1mFy@yNxi&`pwvoA|
z6tt4L6l^0M6?$o3g-zsJ3ag!<X){PNHIXk|K_bjUf!mf4L0YwUM?N>Rs+=t2_TB7O
z`niRyr`y2wF<){G`A?58(N8Sxlj6zPKO~r0xh$#+yzOybC}jgWDA!QIjeeeB4`H#C
zxA9^rCHj~D&K;U-POw{#H#xz3QG@$Uk^4{cJ4Rv1_lOGcmZzV5@+rQN1eN~kxeD76
zts40yRqyVMO>oE4(4s9PYigf@9Zx`uc7zANK7xC_MLVLk!7W43Qi5ANXgLA59EO%7
z^zSyx$V%EJEpcaub|Y*|?C!Wix9^+JtFS@qfQ_f9h)adpDcE?BUbj&(A(cu|0=OY@
zdkg!nL&I`2q*ArPo4DA0>qnrKjHh5D*;RpCk02M-E5cjD{oudahVj9jS_xiFzwq?d
zzCP&GK8QS`QyYR7tpz%?UxrSV>e-iI*NH52YAM*oBOiBZ>ftHaHU+y*V>Hq>O}&H{
zo3X(&+Er}|U2&Z$xU~YEecBWYfSQ86hoMuOnbNY_R2z<_gU2ASj9^L#@1UP0b~{Aj
z^xNkzA*h=kq7Z7Q5IP|s^s+!iWv}KWv}o@@QEu}CXg=tm<Jx=>)woT()5!G{Y@#n{
zp)cs<FG#ZT#afA<R*GuS2hLuF4)PwNYN?Bq*WIYLwLv?@aEtfJUG=xIYLCbOs{gFP
z`c8Po_G*Cq@1wmobff4*@$3m`c@ef*480PwsP(_|yozT>G?bw8*Qn^yc^Ddw(7!jK
z@<;LTzIJFKKUCDjE>=gSg;Mt;eu~O%UpklFbr?D{@_zLqE@FpP(w4}mx(ktZQPtXE
z!`q<gLD+CVtGs+Og7-OXSxXGHYt7I;47X#zL<d<+QQRj(%wE&-AO-ctL(sy5Z|Z`#
zQU%^yNoff-o~BscqLG%wt!mqo&_HfsB^&N|n!GLvo5(GF&`OriU!$Cx{8XuE?Xc->
z^u3$zXA7_mk?uKd`3JBuv8Nqc9?+iWN<1083>|G$SAQJCaO!4>=@;Y(!o<#2*rJhN
zB$RL7br`m2CD^9j2wQqC(M}Jl^~V57)c9ufEOfjLZtGp94{TOfAN2jfpeI-8y_LLl
zPVa*|$p2P+XeA#!?;}6J6SaOPaWyD})}r4Ax`moU3)Ut=Hc?`A!no9_#fr%2&$F5w
ziQW!=oFDFhUpaFLHfrQ=f$Bn=yR)ov-x8I!k`hmQknyzcAe5;I(}U>1--YpR9pp`C
zF8XjU`6p0y)We@RljMss3~i6f=KL4r<zamCryxprk+nR%(PvV|Wrk2E+1+_|x4`c1
z;zT3IE7Xz(HCCgRH75&L?RxeKbZRG{<uIP3R3CF$gcTh`V>e~k4NLq8w_jlcpQnqz
zt^^%V(CfAg){RUIw`qDSRs^JNPJ=p|>gwk5+BoA?6|Qb<zlgQL^(>c43|@3(4IjiB
zUg{_DFFHCrH|kwl8{GT>D##`tq%29*$dl(Vw~b@OH(owMe6S`${QYBSU?l%#jS6Zn
ztK|65a$S5_i=xPlS_d?J6a}6Xr9^-5SOuEN$JY3Ml0`Ls`LXLo1_rP<A~j85r3A9|
zBBPJ<(D^o`k{-RjDMK|TtgXK;(W~Ogdr$Aup3}S;T;D(lUYliS<h{N^UxmtH%L(YX
zm#Pl5VM~AraZR;>n=l)@p^2(0GF~pNfS0G@czKgr%Phc=GlzE<MVTd4zs%938Ed#C
z^ra*gAL-&U(L8MAI6{?hM$0dNO8zSql{(t#QZ1w9f-Ti+wRTwl2C8dn-O#B21;8mS
zv9AMz6F&AhV*3|Kikl)Z6&UHwo6h?G2H5qB9J}5PA$C2uB6hV`W7pL)6uaIJ0d{@s
z%*(^Bzmc(P+s_BPjDIzD_1puEhbe;Hx&nfI^#2;cE^`FShX~g4@(}E6iI<IF@5l5{
z^1l+*2)1-SU}#sMrT6E;&>A%IUF8z1Awf>?I<%u#Ulunzgxu_}7ccs7h&+7*=VpJo
z7^0X;K6%4M*hGGRu?semx89J1HuBet-4VPCstAALh6+Ov^P=EzZE+6A7E|vC*_hy4
zUBb{<srn|e#0ykNra1VoVsNe3!{9*GD5znJybS_g7qGgaOMGiJX{7TabZB3ctR1U}
z`W?HWMbl^4wU3pO$YnlyJ+LVlR|5pTlOeE=)n3T&D0&w~vuhL<m(C-s|C^#-hHd22
z=jq~JU<&;!lLC!X*M-I#$tS7e$LugmY{y`{`lUrZ6}TE+)Lzh@(R{6<C2rlo;!J$z
zbYMzyqJ$@@BrE{U0F~@e0opbF5;T(u71aDvmX7xum{0g85bU%oRe0NU4>V9HiBf@=
z=`AaOPX3F^GCWoC%wiJS$q#Qx;&rw=i+9~<toz5uRaUl7@1t}lM<2mLN#B2rKKhe2
z!P~Dz>>4_cWv@%<ph5di;5e#7+o(jNzcF~_*D-+cvdWSos$RKQ>j3=}G-&TcDt!}*
zi!-cJ$@c+GtfZ-OCCSbbV1ovI3YtD8E$t(8X)|JJKL(K262~dT8c9w?KiL-+=_tOf
zGS6&{aZoC#55vv(CX=aTaFEE&8EBY*b$Gbg%~aJ&En}c)!}99q2fd4GD^CDu7qp9-
z&g#2E1{xE6?Kq@QoufngzE%?x-T@75aFa$E*ab~ZV%f?~$q)b+t`h*w<TL}o?=K3(
znMgr9*`4eIm5lWv+U&+K{WDiVC4Z>YStoARW@gqmpI<S)l$%+b$=@mJCEE4H^X%nK
z8fm@8hw<6-bR1t$a3C+7XCwK7(v5k_tnnK`CBL{bu72?4;OcIQnU6~h@2yOtVk7(C
zXX&us7xF;NOcO?HmOB4R&4<Q^5WIUB1H5vU!S|&z0=~bA6Z?HOu}|=c{eEO(Z{bZZ
zV$&B{(~t6|FJjZHK~t6dT}Umml`0^BMjDs+GF;G9pN{4q%C!4;)WI#S9U7m6wlskD
z!Nf2Ud9);aw=CxH0UX$O*}&e*2lm~n#ra{K7i<gy!*O6N_@P;qMFb4({+q`G%SiJP
zXt1Dj2pV35o2aBPlQ`ZMH2jew9=^Z=)xV~wmCI!L9R2%ayuPT?zox1uNd+(e;~Dz*
ziSzXD1^ng(P%Bum<p<|jl4QdR(4lXGhAHScOi@Rl5pMyN{JP4J0|)StGd!m21hfvN
zk}14+0vfa_osLK&p8*w(C=HA^S0P}F)&`BIv7~YfU8L5_I(Gcyb1(Nfio_jS3O19!
zK8Kza@|%yTTH8~1L*odvnG_2WW9^CEn8=iZ_2d(vV)$n(`IYmkPO(+b(@k&{TFG1J
zH+q&lMX(L|hjXkg^L)R(tgdkKA-cYA->WD@`SHIC*SA&3`ToD@xh1vy-ETO>{oQY0
zr-mm`c02>>!7k`{HGnpysTv+|)dvmQ515;TpLvnusZ=Uy)LWsQ_~;LQX+8<i&Qp3y
z+(XSy^>|wYHty!f!u!nsh%QpB-G^SQW;_!ENJEN8CYSK2FLesKw!lubpyA<uUETZ;
zG%p1W&nCN*my#MOU1F6+RMO@{Gb!MR{<hwTn#r4SL~Y$&-N+Y%(+~AlXnnYkPQN`U
zrn8Y96<0#fFP`J_JoITQbR~ns4BMxm<w_C`<HT-+p*oIM(vrfEAF2Z09zP$XJDH^P
z%<aSX?C67i55cZi!j1#@Zn~xRO~Eb~nzZ>gXxG|d*J=Dk)i$M&zt3brC10Ia#hf=x
zK|4DOCY-rSzR*DDKSL$3&hD&6zMIGfzEIc=>iq!P2x5bN8>rKuzdH10R+woB7fpXH
z{fqUT{}9$`3()X%&?rkaBl=Ur6(zBzk^Wgv7kxebZv7Qj*OmTFY;WbK9{nTiB&9A;
z$vTQ9^ffvu(--OVnRTon=sLWnR6B8J2h}B70JM+sLuk6XL^aG38bnhl4Y%maRnvQh
zP45|2#5D=)v~NI*wh^hs!_cI?C^F?*gV`>L$+lmEb;S3B8W%0kLel|g>1PF(o3sy8
z-XKah^V1t((>s`MpizWqpkFr9KkF|CFuBG`9b@g&eXaBkPpIIN-yKdKtAn*BcB|p^
z!xLuuP~&*0E3#S?D{j}bu#-GQ7yb5b+Kd6}AuL>+O2Q`6p6y0uVvYU|`u92dXNarb
zCH9NP6u>n}rUNab0|P58FEHmQ(}@<?&%8C^t+VV*t~RDip3$%HHl5Ewi<W{7S{vLk
z1UDs-uV5S<dr)1*vu&Qizv*kR>8*5C|MPiWIyiTu{w7cl!p0F!wwM^)$qQq%vnZ0#
znB>@t)MgEp{^7OIt+het+mSv{;ka=(bU)yWjhX7|PBNqdQtk^-;0pH8u6dLR3s5g#
zC(f%_ZXD4)$<UpJ)o_%r)JA#s;Cf6=zxr5kX7|mvfa-yM1W!|K-~oA;pg}u{bcRR0
zwc^Ha(OaRJICPJ-Q~*y!CD~;F?L*K&nz$oery>*{Io#IWMd`#6r4y{^*CLOIL<j##
zyr%o5@n%rptdTe0kkaswoT;{UXwXuyrH@y?W+843+ANM~{XA^^Hf%jjWvVs-JxX#q
zkw|@zANfATWMx*se2h`jHg>+F*2Y}OhxyT=N5pAzxSIt<W`{XmVVM3Ha|?q;HY^2j
zx(ez$D_yXKjQV0}aRGH+MwT5m(60AsZ$ibCQS)D5Z)NU&Iu=~iA)Y6DLIg5t7ntpa
zO}-H=>g$)dH`~n$nt~;3*P)WVsQ0z8q8qHxFCkey#ZOsjzb3}DZW-E1S?}Y9jgCv$
zcY>@JW<)njapboi4^L)qxCPYH(C{Sav(S*iWL*l|S1{tYg&h$T1PlpOzA6qDYF>hM
zn%=`UkM^9{J#VMdq(o=b>?LS=iJc144WNBf5GcJvJ_C#ICPt!lpYDKba7VZo`0*}y
zdiA=ic*uN7zsjew1Z$6AHWM>NvU2WvPhhgq*->|EwUf}OZGfgbk#$kTYRp0BDNrBj
zVj@U62?rRyu(IH5e6~bqSbV`$aB4vpkBuv3!{fiNal2##kIHBcqcTo+*9;!yg2Q1R
zJUH~P2_AeW=EWhQY-f>!8-hT0mHZzi3>eJ*{~a*6@%jP=Kca>KgX{G+Zc6{2lHz(R
zxhVxI`SZu4^9-aHXw=Aihzja%jH|P=T;2GeVHomBK9uKi?`<V-I!|fgC8RsANZhpv
zwvt6Ew7s*fotr%=nIZ4g)GRyqwu4cf-LT_croxp`%l@3E!e;XM@-owU@R(sVZmAmi
zfYyhpC2j3N!m_4nC)y(!<4ieQUZ}l<OfY*NQDGzb<@0nWyrgt@btT#9>dykzXFs#T
zvn?9=NCF4*w+ij!m#~k&rG3!R7cWx|u<S!Kh4fQAV)D80uvzj)pl5^nnksqE%O59b
z<V)alQF|EHsTc)<hX?;S&>d13e)seWy>G-~*$oupORz3+un9Uef~CI57QK}Y5q190
zm3aX9WoXgPb6@okE=&uSZrH4~z)r?H*iq4{pv78}a|^nL&+{Nos+|9Zb`csroLokA
zV(t>C<k{;P=<jNmK_&m;dYZ2DnQ0ouniDJ>>V9_jN@&nNgg*{FkC_Em+xXBbxMWA@
zV<({b1JI&9%fzEF@U*#t8TI=ql#|e*eHb=q?a)HCw?kSRY#4%eJq0b=8`<q?tR_Nl
zv7ZVB@j`{iXbeFU0`WuaM?G0#RExYW#n{Er2kBHcT@+P6+Lqbg{W?*hf&ALzq5>RQ
zmy|YR8*Dj^$`XsxB}Y?{>G4^-;?2;Y-H#O|8hAyCCXMX88Wyg2D)Ja}j=Uh|(V~%*
z-YuX*sr==jFO|Fl^j1oJD4MHZgSEY&{uccU+7eHg&4M}x&6`2()kx_gt8T&1$oY*m
zKHcP+s(p~+_Im9*l`F803V@-~vz)lAwQ@!8N^Eb1b=unjo{4EF<nxcEP)Q-5T9eZK
zN@8bg<x1jCDwTciF%{I;Yvj9UFLLRJB53Ph!p(Oe3EalRLbq~N_7<)@HtD~^&%|n{
z^aU-&uuE&}hR!FD?C-*cb_b_MdX8lsU>4uzYtW|M2>L@5wrz)?`60a<fV|}#g1wPS
zepo<)og}NLu-M8UqPdOy8K|J{!Od8zfJzQY?T`WlRZ33c8@F7ArY}-R_R>{o$B9tQ
zOv^!&)`sfqNfzDH_%Rmn{Ta+8eeap*#zHNgHFy!DLpDZVED8a?5H1T=LDy7`+@uPm
z=JGvxP=!XagA%d_+3bE#=?h2xMmF+meB?Xpj{LM3`4!kjt|}}su1RZyU8kVwAx>0Z
zT&%;_&>ryywu^pUWmGQk0d8M_#z$d0-QhpsJB!7ox6`jaA+pie=}CO7`Lf;$P2@kE
z=hYvQd}N=1jpR&<lDYq;s2AxklaXK0=lpkUv2WCxL4Oc#$8xb`GfUBIP9lZcuBmWG
z3AX<lT0~)i2aIFV{qyJ45Oz;hU0!8}ijrTzGC&%|`#Z^p&#RaVjm2Z04rbkcnZEA#
zG40HU_2iT1R90H_6A5PQT}v+B;6pq4<3+s>%QW18`?LMQ02AJzy_#=p`r=QE;jCST
z&cyb1So?mK(6?4=hR){^AJ!q+@|U2ItiK3NN$sCFwF;<g>+;3Q6%2oGr*i);<f7}y
zqgWUpgXH_d%zz5C>RlCVuit}kYGP(Hv~_=eQH3p9JFF#Nr)-n_$1{2#Y?+7l`!CV?
z{1Ko~(H>&<8(^K*k3{VXY$ZQZy7ew-B=0$|!ulm>qBLjy65Og^gO=|AbJhHdaxolu
zrE--I98(?s`CK<0GtZ2=wE~AO!mUrjEA(4ny+(eZU|l43mR>V@PiA4C{vvcFgWBRq
zZ=d9`s~^+!R%q{smI?Ia{c2gP(gpBg3;8ykT)T@idl#Eoov9tBukU1ObuC$FWp(}6
z@oEuG+ArhhhAC*#l7W?AnSywCIM>U;T-y&r7nPr%YlC&<p>UaeF|)pKW=~_0)yUNJ
zQD`x7MqlNQ5}o{T%@x=}-t`#Pta*{Kg*L2>(8#vn)+F4Kidr3(xdKIQ)cqh;1pSQb
zt_2gTfn$;3zdnj(Px0Z;=trPMyAT`r9%wPqKlZ-I#8UiE+%O;K8|Hu9z(@Y`*fAC~
zk{ho;Q-vMn+RV!bQ@v}~5_HT^S)^Z#aKmzC8OJYe35t@h?+)g-gv)a`onMni8m=(d
zB%yT~n){%2sn)JSyV&y!B7YDM^P&Xo8(6MO4~}f`Vdn`fvBlhg$o`r%V(Uq0XyX+2
zEu8RhCbK~!XH@7MgC^}uv7uCI4TTCKCA}*$;r6G{r+9?9jy8}p7g>inxx*CB?do-O
zcoEv4Vs*-}=;{X8Ox0a2*&d=1ZVGLQN_Vfi2%9u=l)jrBxr7FmtxK@&IoNs{t4el|
zwM<^WORK<EZ5H-u`j6l)mANT9wHbur)+xAq2)1-%h&EQOO~TgfH65d$9%KQu8!NDB
z89GitJGr9|HjxLqp+o!5MEtj1^tbWazxB}HM({V{q~gDRUZFpK_B{S>#D6_Re>_(2
z*)QU=zr~&<ZB@VTqdzC>J^clI`cj=YAE7_qSMS-c;Ip4#&q9;-TNGr66FaJa)<N4n
zBASt-D4gG;C*$pIq3vFW?X(m|TdR0rVz~OvdN;II^rghU)+FjrUslwhYFJ=(<Gfi<
zp&Hm98kH$Q`_o0{zwFSHlyaz-mZ6n=AJoJvn4EhD66ZftRI2>8!EQ~hpr7v<XvO1M
z50m*MG-<DImv9`B@*=d7H=LLHAwN@8{Tlh_b1G~|+`2w-U+{uk(Tlo+NqkM$;2v!w
z942Q{u=yx-YR90Ztqpg|J$-OfAKanc4V|i%f*r(B84uL^LZIjsJ*#&oc41@@`OrBo
z4_2;1E7^qw^F9}WU=muFI0VU<sxQNO@~4V=4O+<v_P*{SS3yFS_|!5qQDq#@5Me)_
zkZJRFO<jhrB@`1{HikPI&sq8WS%k?|y_@)nyVS%EyoL>Af!-a(yTo01;_3*JCCX=C
z0~?kT_u`j-uBtH_L09bC=Txl8_p5YN>#oIdM9dJ{$&b(C<ldUVS6`tNhcqYd5O;Jv
zS~T*>vsLeIB_C7O3W}ajs`A{)+KMzsADXCGuYIr{o|4a;Rj<<d>U|YxB@Kz&RnnmM
zRmei(cD0hYy%pAz@3Iy6t}5f<4)VTpbb(sQ{|df`ro<i1iCbG?GkJljG>b_%jHxBB
zhQr$WEVO73x4}K^Oys6};hy0Thgdk_2J-)$S1XBE&>6lzfpyRSJD<;GXeEDrR=ukC
z!3Of#^J?V^9Y-sr$N1HtdKFrqUm{;n)C%zvufT4|m|D348%QZ}hf05?H;Fr%^$KmK
z<7TJm9^33&=w_c5n|%YhTTKkKQcR}pPbcoGdZ3d&kY&Wkt0G3X(_bG9yL;-qTDeNm
zYBSOZ8BWh2arvoAr%A4zQ!nEr-lnoC{w`gtR{fRi=@#<Bc{Q<@!r%`S)+6~?LaiVU
zvDKrfqxaEylHbJG%PH8X(S7k3JUrvG0x>!?a)wjAn<}vJFlA#OmnO0?@v8N(Nq-V<
z(tX%?*oRG1aMLnuJPbFz02>cqf_8HCT%QlE<eEYUkHvJKJ*QH_qh8aqba3BQ*r0Z@
zHKB+u7V&fE8Ma}KO;ylHI;zRboRw}QeV1U9_F1$rbZReDaaB#Fz`a?Z&kq%~a)m4e
zFWE$X=bTD*>lNbb71GW=_5Xl(i+Y7*=$(F!{-U45{}pH<?>&zNA~%pvsw&Qc?y(Ps
z+rCA6QoGiNMdAO)Iko1PT1dMJTS+?6t?JicEqPW|^(2Cbq!_65B(#uEomF8yDJ|1o
zy_NilN*lM3&(K#9C(*6qVGKVwC*$5$QqX;D_MLO8-bX%88|$xHB1<aWo118JJfh)i
z=hP)~TwQ`q<ew7ko%A&=q#2DZpZE03!cMGz5$gmc1Em-XUSic^xEZCBWz?^`@aIoR
zPOM@DRB~H)3T>zlb<<xi`z#@MSonYFB^D;l!Io11+AoU`pbg9%x>=mZ{9?#5PX;B`
zSRiO4i-*R$x3aqhcK1H+pb+uUZPIzfyXdH#EI)ZLiQX|4!;P9rF$pSZPIaMtH?tHq
z-UbFg)QZ+?s^5pRLW{h<lVyws&WTdsoM^!FyS8u}@68lxS=1t^<j)noTLQQ^C!~wb
zp8Lc5=m@yqk1Q@z@Bv!+WN`3vnupol+t}SayL&$e$81e-;Bofv4~DI3?LMxYTfs?k
zkHfkp9gF2OhTbh4@GxxA+F(7N9hy`UYcvW5t(*SoWBIC71{&qd`x`>HX=i??c8VpS
zkuoo?t6vOESh0zXu)AMkcZ=-qy?kPi)LUma6#;l`%^T^O`*a+Qbj@+1W^5hjWhc`i
zX2=XCe}X}XEl5N1=Qr+!Ws$_LlC?>;9*bH0j-lJaO2hm$72VW4)RGB-fH^B)rJF9x
zWFW2W#S;3+fNVekbqUm01CS|Hzc$iWpHhY0Z6oRQVJn&G1}qGS7C2DJ-Yk8f4^1_9
zAtRyPZ40|=(nyZ>G%EG<3fj|@+*4MgQXm}>?LotQfVZ6Ox^7a`bpewk18Ve^fEuwh
zD$-sN>C5YRC<Squ!)*;&-yQfI5zZ%HCdKNIDAq;j(r<??6*;M$XDKu@Y{0u|p0n^}
z5#diUkzU=;zW6k|+sf{S+1=e(yWNi?@m7k&(-eufa>6xLmvG&vcZKBiO&pwL?L`i*
z>R~TMhAq<mzf5K;5&>j+B<*?^;$(u%FC&U#63G&?hGs9-A%H)O5<t+#;*^5Y{RVdV
zZvj+dX9XQ<(1_uKO8)UNUPd#hjE$adItJ$9Zop&;(8&{Pvd~HX<*^i&wtr%c(DP<j
zqB<Mtg3Zze+n8cL@oznrr5!GdqxGL=`AB;5GBjx4e7TDQYc=wxk6rYAe+hR;yGEYE
zqYD1dV;8USH(XewGIIW%Ga)@+s~?fL>pE6M;engDtGa__<dgQGt^@vQXRd$d<G7W%
zN4oi{r&UnNQ|l0#xA279o&0kv|Gd4<eHZ_{g%>$*B0Kd89&LgN;8S76uMzR>Jt;W0
zgvsGdCPS3}U0;Ru8V01jQS~v!;u?ALT1u)O;x4ULs$~C_uY$UdZl6thUmL(C=5EO9
zt+0(eud;&ASI()>LN&RYSit~MhW@xloC=)ORM@E{0feFSbD|xqiSlNajByPb$$zIJ
z;#1I|`LIsE160y+g=ZQt!bxm?;xSqWZq4$+VBEdF)CO>q7#<p&|7tC-oE-zro5Z&}
zQ}C+G(4>8WMI>qDSI$)cI@-~G(8m9^YpOQP0UtWLIF(z+eRX}%^hN;f7ux6m61}a7
zds`E)XuSk$NlCv9TgkfaOLziu=^DRDQ9=1P0znyzW_`>5`C$eoJ&+&$e0yxt$VcZz
z5`zBdzu|>S-jYy7_ycHU^Kw`nJnDN3VtU(9ReXnf2~_gWYK&Gjo`kjMp>YA$eiXTD
zBhRb(r?YC!xBpjGGq{t3fREyCI*OOhu0D!SBeq^Vw{lDJ?FJuOD3N>@;!U4^DFr*o
zpDBsEsYZ0+d<r_qT2{gQOiH+)H!oqGi@Wrv;1(SVbv82*sId>$FF}ib1ey}tH!vSO
z_kC}#pr>r}dD#A{K4^F$r5y>XXYA0_#O_wiFMsyD&%gdObZG6f_YSAv7X7t8k`rb{
z|3_Ago8^RF=B;0Vh7K{j<_c`nKC_HD4qcl1By9N*Y^VFAi@40pL?vUErMg{10y3jj
zw8Wjv*uCTF#4o6=iCbIYF4CX4O@&)dV7hyjPPzg+{t8)h7Mh5c680=SEaM97IMN55
zr1>H=X%E9Ttqq#A{}&zAT_^C8w%+nIG@pj;WK$nBlWbq#C0NG}sRAs{t81OGYY=wp
z?Qrh`+(ycm=w@%@6o_)Ad)lA}Es`JSOzla2{Km&bTumEo(G0!MiAEKC48Oh+_C7B?
zdm`T16!b(odm4H*^&;#br>^RKmlCgTy_|S;Yhq`sz6{&bu%4XKyI?cfsdqsqd0ij0
zk`^DfllJTt{LP0ZJm|P7vHK=yC9TU?h+*gwJ6z<JCt$}bDQpj1hV2?@rTo|KgRU=K
zfo<2ID+$~Bpn){&-S7%>O24Z6u>J|X3wDt1tlkCN|LEGX-VF`<J+O_~%TGZQ$z6fY
z3pfV!1kB34ZhN`{J4pNT#md#}(z1RD+Q~c5FGEZA>1Aj?3|q<CZoM0}k*_NHCD=h)
zm-MbHebA86$Xm}ZQ%VfIS~Ki?KlDBich5ruo^G|Cd|sg&ru!=HmZcOlkVzckThUyS
zT3T9yM)Ii=-A&(ZSk}9Exia$Bc{LEm68>e_LH>B{C5+;F(*jFsX-s0o+aX+rS8?Qi
z649wa`w|w+X=H^pZ^f@ZCMxy6>Pcu>4$dZ}d*c?~V2ic^I^RpjPUmxzb|Y+g9vZZT
zAo5Ek-)IP<2PznRN{RCJN)R!(HCgNKl^728oR53`C#o+3T{JZXTgkN>C`Urr^ubng
zci*ypDZ2z~$$u`R@urhJeS=EjxHGl9ymT2_$a~IT1JIsDq6F<^K8xG^zm`?Gz$UBH
z^hxfQeU4A_xv<F_gLs=8St8|)J{HF7rBg~m(=hbj4^7(qlvaTowe`Ho71%-EbA!st
zxW0Qqg(eI_rF`?vx~gZFkwSJSj<@10nl$pvf+|}4qOM-OO22zS1Z45ZoM?y{UGQgb
zU^G_m(<@7t7&OEwB3sFenyO!AHUNq&!VEzFz7Xh?YsuHvEkQ#CHaxWiTgiLRslI;k
zA_BUCfWEqvxV=?hPV8*G3fsu{7AUpDWYc!Cy$^PfA1MA6y^^>KGrLZwpi8?E8sB(X
zL5WCdNW9_;3QLOlC{epHQRrI@ib9lc{<}yNaxF9SbF7gmSH$EsFfZ|(pl?!c%md8d
z3<rE@ECx03Kzkkk{4gar3seDV@S$l6Ze`W+NZE(mv^MBE0&5px3puj{I|pD3DN{Xr
zegoTVS+vG%;i)i!7-K}`hk2whY$qnx+Qmx04+}N1<uXg8*T{wQex#CXSTt`l|GZfQ
zr=X3CCFSKSa0g|G7HoM4ZZ5$=bmZTR=>)8<1e}B$KMtT>;`0=h+rL6Tvsm?z3e?>`
z94LYA!CLLzEPqyeHw!KNGS;3_sYK2!Xzjv~MjEcMf^BfKwgC=JLzDK1b_qH(^5@D@
z8&#s&Nus228Il?~rNW6BNDje?6L5gsnS}jQa3lqtebChlH{Ssr+8&e|@tDQW!#0g<
z=O=SEX=MK;ltG%&hraF#ilLj2z@2AcCn-~gQMw7wW!&LI^AP&5D3QGrhuP6h*Y;;;
zRd}@zn@J_%!;SR50uAKN34YF(_98Ceb{}?J#Dbffd5S7a4O^G$>VhWn?Z=nIk!+Mq
zwY>q>X<6vg+F+*->pl=MsgSm1tccOdg6YZcDk`2!b`@FkU9`;+xa%-9Xh)`CH<dJ4
z<@3Fo3a@-GbZX>t>e2=r#};OV$)dpV#d9h&eMMLxZq(j_ka@LFDP*Tcep}U(ST3l~
zf`J)!aBDA$<(n(eseK-ky-xN)Uls;ZunpZVR3y5IG^iBl!z#QI$GbnpN^PQs)NpAf
zkhf|l=_~I!3_VAn<6ewC>0xPKJw7URl!Wf^;m(Wnb-!`$BE{xD=+N$ggDe1SK$E|6
zy+SqKD@tMwT%k?YUqR&Q)GlxUyohqEs*z{Ut+r8a)5wde3OAFFp6d>F%qNM8EBN<k
zm!X^dk(z{-X_gH~JN>7}uW$Fw!bXk!EP>?#J1Pj~{v)vCFx=}y&j~j5$KYN~h5L>`
z&(INyiuZ`g_gsvDB7R2}mJn<$S_wMHXU{F+@CNAq*+%?sI7r+q43JGJR;*APfP?r+
z3@P|Op^@$-3>QvlDjcAneSoDbiPy&}tdgcAE^R_1UN`oYV71f|2=aHJpwg+0aL|8|
zF38)@sXp9B{zgT3{UTe0czw^?H1Z>rN)t;6dHmw9RMdW+IoF5h@VumAS`GOfRTTvs
z8Z`YLP|5E-9@MhlT!Lou>m&(n<SUPN%dcpY$Y3*ho?sNn&(2liSn{Q_*MTJ;OHeHN
zgR^lgY0$_w&h~M;X9?-TUF3)ACFne&FF_Oe)wApe${04DfK6{ens6I$zV_2-$X%;F
z%Tnqtuwtn-8*9rHw*OIOq;fz>ths?SF4K>0T-zH+Hp{=JtFDnBDoeN#RgFBi>J)cs
z<SRJEPX<%mNxqa|A(MY{R;@Fp6zn2@oKT^Y5@PbxbGnbO?7&!beh_Y_2<lNa@{@2N
zH_!J$7kOhsg*NgJXS-{Siqg|A@?-)dDlS3ir?k(Cj()o8jJh=PGu+yhU~6}gpQ;RW
zYf1Vd{a~P5D?qoFf)0-nuZS1Da6K>j9D?riIEz=}i$0S;D7^iA3Od_FU%wX8qua>u
zsXlZKKpT1f+zONbipmbxRZ|G_4)US1KA!V21GkZHC9vMo2k?wi<gIP6`LKBSHu5J4
z)#th4?>wi*bHSe`RK)wke-|R&f}8ulO$DzO>ze-?7wfvzP{z6SY0ZE7dE}|xCtwph
z$dt)rBeAm(N%Inh1Aum<9q>S0au0Irte%37o1oz)u8Vvan%Yr2r<xq|!#ssT#myv@
zr20;hGUHSQ8a~+8)<&7<jriOv=|jSE$1=jNK!f%tk<Lfp7HvJ+spl`lU0Np`Amt?7
zLe^5AIEV$hDaPE@2W^xN-3=WoG&~$U%&jHsE+Pe{+8-sZd+&k1U9k5E>^Y21qr14;
z`6>#QZg^D^_VwWxyLd1x78k#na{L`+FHUE;0zmFvhF59raAy)4?u9#t>0eZ+PGWS)
z)?{$p7X3WH^f7vQJO2tL+K0Q~Zek=WJZ}3=tsR=~g+?k&jDt!Zs2@JwPHv~9_^V2H
z7u-Uou>SHqX1Mk7w8V#{j5DIWfOd0C)g#<zM3S%_s}!?uhgqU-ANqg^g(m$}xp7~G
zTb`BPfg<C>D(vBkCZAXno@S_GeU?-gG?NdX?*f&4lisl1_}=sAV%EPV{awOMIaZ!5
z7cFC8)=JMQX{S&u`Buir=WI(cjAD7wm^XZ9&a#!fW6yNqpPcP0hA~!NG{(w9wr?DB
zox()!jAhWTu>wNQHVRfDT`2NCidkbXR!-Pw;KyF}b;&N~(sOysIBB|b%2;{Ob&cbe
zKe(74va=5TVliz@_)c-iw_MZDIksX?8+mUwm-R)@bi+nF$IjUJj$3}e@4I`BT3NG{
z_m#1-F*GtTK6s2iZDxAdM=$%>!#?)1kA1w0Av@;}nCV$7b03?Tr({gu?7_did=zs=
z&dyi?SSC>Un>42fZQm^iZ9L1(nfcrq%jI9$hG!hjxmMcG&0CWQ<)E$aT4sR`IK@Yt
zc8s)>u?#a~7HNCMD@{AutY`V2VvLoI5y!SBe7BVL6*HfA(%F)oR!pyKr;QoQHnKUp
z>fQbMoaqhD(}6QsQ&bpqT_@7W_ubrd$&dUnXB^8r3lr9(CCg4*gLa0EKJ6HGF>mJV
zw3W}#o35vfl_xAaGj4el{H%Be9zbE_?3~Y_p-lCk95zn&kBtqD95+Trj}A(2KWP?=
zIeTWr$yhPuDhj|3?=_|!CvQyWY^P{s9NR)FZrEnQ3Wn=inNr#^ti|fSCw$ZO85Hbk
z!?ZJOKx6&m6NAQm!=nQyg29~_oH8aR`zHq}#BtvYJI-9GsEm~#Fx}DVN366TjB0n)
zuyFnvCtWI7wr_a!y@o|!EJI_gY)lMJ8sme<21X`>Js98@n~v=WI9k%G%nP)^2@DTS
z4vzN^8xsTl!~NsN#N^cQV02%wc7rE}Ciy%k248b(aAaW67@8bB$!9uNK4s?+^XNW5
z=C}pZSEikko$=C0Gzvw-D@}W8H&>*1bTpUtjS*`>jLA2r!*3UTh2o_#w~%35(i8i5
zA-ak8)uIsL((!q+*$g-ti@_c@s=Vpqgy+D(7z5khOwKDho+b4;WBJCs<$5{CHkkQ_
z|L7MD-!<t^F-pTbQ;KDS&I%E(kY|X;sM%@LwK>Sb7cJy6{;YgYWf6X#rj*xq>Oke-
zz#yw(V;rywISOq$_x?=AwLEX!v}Y_OXM4VBr!6C$H$9K7@Uh|1)8X1qO!kjY8k3_Z
z21k^!@~~si82#Ra#|U^9XQKG#j6n%pfN=9>zGNANlII)KmSGA2d9!Ab&b5DHU}%Wr
ze~46rBS*z{VcirB&nWp>qi4S{Z7HUmo^@O!Z`m^eJp7_zTMM<p99b&QHv^y*EPvL?
zc(tGM9yM~5D5WjKwTf1-67vRszawwkd86oB+1#Sy<qE~TWz1P+BkkBe#ax_N|HxEy
zM^Tz5kvp+jj#~6XDZ0*d-YOW3QcF{~FYl!11OY`7#7L-LG%^+vaG4AZog5n;8W@^1
zj*bqTIypEp$ybp<SEj277lWe4knLM;(Y1Wboj_n=e@918-8VdFyyn#C<lxabZD0`K
zb&@y=k2oi-g5#DI-=#3jQO-<dXWLrz5m!n%+uze`2<C@Gfl@uwEsOocMrc#Gc+xfF
z2>0N6b*B}RvLnk=Tq|8-+t9TNX3h?G;_$&Ln#!2R;K|YPDPwSad~}?B6JWc<Pv#AQ
zG&QJ3*d}e}O$x_y-lB_}&E+l5O6X(vn;w!*&+<**cM$@CphS0#;O8DA@bx4hO3;jb
zl&mir2GSmbH_h3;acKX(J$nuw+81t|lC*J93d=a9>AV>BaL;Z^E6wy=&Ym%{W-f1K
z0vV0XQV{(K-!%sEmg&YAI}VF4z2RAY6`7)+E@R|DpA(ip<XZ(LYngt@6;$t-<)>$Z
z*9#;!1{~WrbGA2mEEx4c!*|PuWoIZUJ65vORLDayBqC^VP94Y@If~l0nP-D`Ei+@x
znsz2{xrQ&(njxD?w5Fe%&RYyIy;8w5b}t%>#=K|jR!W{lX?vQYn6%xZ1aoj?a(pU~
z0YajdF1glXnvuq8@NteEQiOi*)a0>){dR`R$_ghcbcaYnAH}(dIK;O3-~)prlaw?p
zSms<l=lL>uqQqi>E_d2Nx!rVKvn-J_Mt};GfpQ8EAt9`9Y4XAE1EV98ydBB`As$hA
zoUiY=ne(iEcg8Oj^VX0(Z{~9urC?BYqA+4k8&0K+`}&Ut6CFdQ&hRen7;_7boiCg2
zOxh{gGLaPIgR!ZId=+Pn0cY<yRJ5!)CRcG<z=#}Df`ZA`%M&sQE`~iF@QB5T@S8Sm
z$IhkA{EFLnzaiwyblIPE>|iTXnLnRpq&dSyy|iiD4sy}7W6#F~RDN4eYB4A}JDz0}
z*oHtd8rz~&_N~IY30a<@Eho(xww1=ple2UKF%}U%*L&a8<e+h4Xyhp0ZB_<V9?v(^
zbB6B}>#PHZ$aE>2rHdg*n_o1hP0vzX$MKDH)(vHII+_U-=OjTqYfPKzxd1qP+FW3b
z%H*;*V-(AVUnp|%RGBrs*&h7cE4_@deFb@ervyq_27yWO;=ZzPc}%NCu!${el<bmc
zWqK((<~&)*oued-ZLt{99We9x5vSjsQO3$AolGfj9ksH?eP$qe$}&+t0uxR)QT1Wq
z%cXH!rTuVU1bs?RN)$6HSQM<nwB>rWkt~!g12QJ-7WMaA5AHWVqQ3ScjAfO!?(@Ap
zOk!Xg)+!YJvVkP7ntdUwVciK$kjW;Dl8BW<_OW1khWDu9<#Xwfm(Vx!n+)CjAsmMa
zMaRXLaERt8rD5!Bf}*_iZVF?%WfZ?q<kUaZbv#tT>j<y~6bZ`)!~Z~@92^-KJvuaU
zoUTzeZ_ap1#$x@{;>&TGG>38r6I-h#^l->1YbbdqZRYu?{i4Ce7-wbrmUi-`f*r^y
z)$*pbn!eTB%T^f)mP>htVOukXGjF-syt5F<nr;C%<KSZ2Dx$$hvXpSedC<-bRuOl;
z|5wqPdiDg{y^7rndh$U3@TtM5+OoPF5ek^)d?-qyfVv7`dN^QwPK{+{n^WyfZYJk@
zilF&I9a(K(?sLrrwo0{#l9EF$I+$Y7q%s?oXD9>d39fn-PsnfKivz}g%0^N<Op%Ih
z!lJw(=8RBsV`~;Jrxh_LG1|*;9ob~Y%3FbgSD$$7qZo-u6=!+!FnKr5^dqs2$q}P^
zla*Ls5`9lQ8MdF$D(GA8v7DXrX2Yc~WvSjMZW#kCDW*Gv+JiIA7@+8ovAh5-l%7x_
zD3FYMBzYe3h?zW$G*woNqT_`_TP)^t>71{a1;eAFG#?^TG>S&`6@iuXXUXDHtjj8T
z4WX?X27SM2OPE=cmh7b>YE0vqlP!^wEi4m2lbIhPnmWZH-||A6m_#3hXfwE&HXfjl
z#*LaDmBIoUmhC_<XV2uRf*YvK%2;`%L|LXWWRFqlus@UGy^fb`KUc5>;|a9>{>gr2
ztjt$`)h%k^WCJ*$1{uXgH1jyqhDW6s<@m^{u7REdT|K+Id%JtOdUyBs?C#mKyKCpT
zmFc?Q^!X3FdV22Y+EwsNwsmC2vMo24?%Gu_-Sq5{#e@5I?cdwAYo=@0=$@`!*#*}u
z&Ufv~jtvb2fJEbey5zcaAIf}vzKZuu3vS9r9gvE;woL)3(*yVSk2CQS*=F8~nn+fl
z;Rg)5LmA(R$=e0RE!mdq*4ytAP7m)hOs=(XQsftLs0y>}a%IDw=0=E&g)OqKWht)Z
zmt5Nr)`yA7@xlI+s2DOfR7!ij^v~WZ1FK*%$A-oyCM9#Sq=1C4;{)yOtulH<iHIcR
zh1!HkG1VBh%z0~^*;D2%r2FBJYTA+lejxURS1RzuWdw*yx-}Ly6mEwo5Le@Rdqd{L
z6|tjMUXrnf_ZgOu0l022?DE6?LnA8~wfC$l-Uc!NV;p(Y^9{5;899mKa7%Dt&k0>U
z1x{}TsqR(K8sU~DV^D3Aq+mB`$M$^VjO98?u7FCtYh}668>pVN4VM9{g`lX@f{Av5
z%m*~fA9bnTeA;#F8RmjP(b%>8d0{(|c5IpM1jTz4`MjC4JxM+cMo<blAzQa9qi=v!
zaqBPNt1hFQHDB*51*4ExydERxg)EpO2v-1%6SlKp-%rWmJw?}%I6_^mSqMQPX3GYM
z6}go`(Vp@)FP+PA+CO3zV$LwxOI1@v4b7`_QNNU6-rQJ-ua1}zjflK8={P4%yNo=|
zV`H$V4X-rqyQXBrPR}}2?Xjl~bJ}zAB|nr&7iKNA(;cHK2wyyBnpq99RF*R`PS{a&
zeIo8e*Yk6}6}q0#3>7R|&VIC%lYF0cpexT<e$jP`wV=(=Sg3Kw2Pch*p$7*k8qRPu
z#KuApu1Sd`t=iZZx!WJPI}o`$NU1*M1yLJQJ&fA3yA}^}1HC+EwLPd9L!)TXC~-3g
z@>oN-Z>23u0l*EC#=@*AxREjBO_Zkn&@Ngm7o3b?Em~=VX|-v`STNl}sTeVwqAyIa
z28u;F&p;DhKr#Y<VqEEu`uB}oM0iIxm65a2cxp+u8rgCY6Z&ho>Z?6F0;<Ybd33_?
z?4p~q{Vbz#^Oj2qL^^Mou97zM`OqBAxQ{VnEd&dQj(E#|0EG+1S)k$`vo2(E>F8Wc
z&r{My(RH%9yyZ+k5`d+Uvx8ke+_Sd^OOhCOHt#sDk;%>HGU0YZZ+OTua-QM4C87Ec
z5A{!Q`)kq6xt>BvgOT<GqH|Y79UPw**1v!{97UJF39G!|xEU`l^NwRwJNx!JZQY@O
zGFCPwr^W^;yYj4jHh>Viu_P>;TgZ65O2J$-xGi^Rl-cK*jbDg=LlegMVE@r6uJ;G(
z{z<BZT3+aiijv2S<)vNE@~gZqaUY&ZWmif#OfR5e%3MzP_D4oJ*y->*bKYXRQX<`<
zFgI47q&O}jQe2l}l?YMc%pS2X6EVV>UYgP;*YceFJgO30`x?)sX9t`D9iqHvaH%D`
zMud&Z){W_$N4r5VvT0KSa?&c$1xCN2MA#6G*xzD#Q8ApN`Dn>fvNprARrHfXR7sN+
zfQWM%M}X?6uw)I~KPoIS_B7oI1t(M6ITqT!?i(NMKY{CjZg9jChWw$2!>jtnmkjJ_
z$Ici|nkg*laCgjE<(OU{F;&G}{*-_Q+ndph8V|GZ1<5cqd?@f>)f7T%gfSrN;I2q(
z(F};ykbNJzKM~1iIFe_jNG!hFs!h95kEiU`LB3PUGW0GO87HlHUha%#x-*eIB$=<-
zo2JXYB}|ABIB>g6XiOL|PT6#aNHJGbOhd+DdPtnvfKM`!n2q+-<guRp_YH=oPuV<y
z8Y>s)Pv`vEqanc_K2STVMhwqi%@iv{aLI^3Vd!0#3@NyyZ|1oCjQ1!#8L~-nocp44
zzEub<HFRYoL?PaVAF(ith$VZP@)pyNXo)Ncu9UO={d)}&cXPrjdz=BLt-Mgu0}nPM
z6DMUVF(2V^b4I~@B*rv~uH{*_FF40a(sD1|PoAAC7OilDP6SbJtOF0tnN-i<fgjdl
zn(v0XaaXcUHlV?yQJQaDr(oYJZ~7c_SW;R+d8T5zGe*($JS$`P3$o{+wogTt^XxgQ
zmvCl{lA2vAPzGkD{lJn{-;&m|x7vw_6qXTyp;6qQ5yWL_YJB$(jT~PwtOExryaL>w
zmh-~#nFYgKFmt|QTMI_PT%^o%-lEzkN?H-)%$z~rDQsT@X3?X<*U`{tQMHgU`GT!v
zJqvu?I1+J)Q+CK{8((-Piq#isSa<S^IoHluvDMfkqlP?HuJ~13yF>aJn1|^XOwL5(
zQb;LB99d0fqpE3w;mVF9QRoPYA;B_yIY=UxF?R3CREbSt_*P_6=vqfJy==Fc$U974
zqfEx|6=u+mhG*e8xSCj^@1RVP$5Ek5NEvaJV>htK2GU^Bca<#F7nyt<gfPV9AylZx
zrj8Ge7~_MJr^ZJ@Qc76@h7!)?ooO@gNfrue#h4MCtySJJ&^jGK>@e(1*s)hoP-5uf
zl>B1J7m+7Q!SM2q?<vfM*DFJ;PV^j(gqfLqb0(NuuuC0R7~OI<eN&F^`A18uu_{i2
zoTyZc@?eg_7In9b!JT>;N{UU-Gbpc8*dx(sgt<s4(D3dc!ZonfiHrS#RJ3Ar0P_L#
zM4bTW6B6QnR9iScIB5(IjvSx7zm}aT8m1ya-FF<LVA^F0Tu%})i@qDPlz8$ODD=FL
z&2T3iw@S$7uHg|Oy{=~1C_3m>2pdv0w}xpt&Gc!ef>L41v;0y~tVWS>6{;hmF=VWK
zAG#UFTqo@bs)0l!6tRXS5i5ipw^++WXRK_@n%=D8%K?*V$4;BR9I?lw6v~Rc_}7*U
z`!Lp>Vy*4?hEud`3z3b7VdCx$!hoZ((IH!pSzG5L63U!0UGh0SGHu77r2;DN1LHm<
z5{mILC>_Y-6aoO-GXf8oTfpeq9lP&|-S@`s_r&fG#O@Eq?hmc%Hs6mT74u9n-?>$c
z1sx(cU`C93Zq5i5<L;J~#9}_a-q`$mWApEg&A&G`|K7c^`+c$d{jvKPyn18s>OEAK
zb@$Yb-d;79DzI^KH!?;r$}!t4z@mzJOVW7JSzzuV(=%)|<%M3!TKOIIEnz&g2<`M?
z>~_sqr@BV9h*Mh_OND(u0?<9N1>Li!)<azJkffK%K*8ZTI%Utd3Ot^V(J;hODX5bZ
z&WN%mnY5VUI}mIPD=-81Pf&72=~ui>xIVE^R<?#1<jNjm-kmyjw0gY%WDqeKkDsSf
zwY2)aTe5`RFEHhfOKv=7O1+Qjt;bxaFzf`#DbyB8n44#eI230l`;RNGZ)9DkU`QfM
z{g{XYahib=9mcw*C38ZtjLv6fyown+lm!nN3}y#N;kZogK<zaYZ0YYTe=Kk^puA9}
z1&oXy6<QqaUx=2t0A3mcFCuZkl<yxK?ms@kM#s2!80c$H^Nkmn{UU6(PGlk%djjbr
zj5eRO%#7<eh0wMXL<z_tXLS;yPFQ8h8Y8TTROyiS>zomZ`IqhE!+ZAEb@a;4z_epv
z5T*#R#mInASQ;PfKN|5%M~DWu2T}QIKIi4A#FAFLS;zIeO177qv8_y3XzFJylIa#>
zWs#GVWjh?@$m_G4py16T{AA-bXIlk1HZ&65G$*1p3#L)>tc()H0Vzdgp4p|PZ5hcE
ztnUrx60h&@@i8ino~{Ve2X+u?Q79&@wjKBM)Q?xl*`DP_Y`J33VfdFPk}7MxpgzZ&
ztK}t5JLq`yD1>B!<rfV%m!3@vi?q<tc(7751#-Z_>>}S&5CeUu7)b@d#0bA=<e~;P
zl=i1x%bcqpi8SJ@Ze9waWw=THJ~KVXh!YEHlr>_CxUvnCyU|WMnOrs}LJ9gureZ!?
zhFF3yIn#z~Wz)95y7gvvIv-|})yD-nTq+W;Z&<ePmRZ=m5pL#z(UW8S1CuPShzZON
zWvdi&4@7kO`s`qj6nTkVpo6xQv;BjHuax}k!I+L87=@^;!`Mh5nCEQ6pN(ZuDY2Bs
zKxF4Yzu)wZ@%)ewDFP`)+OY-GcQJ-F@8^p7GH%5%6Y7D%@rj|)5##94_~5|g&;x^<
zrpbYE@dT@ClU*G56wkt8Sc_?v+hia$oGxV*!=rzB<hrNiEgOZJdDAr<k<-XL@sY3%
zBnk*<&RT7gIr1^iK8!J$i+JSb79_W1eSKiJ94x)6-Wj1#ev!FO>j|D!c{)`lHHm*u
zXX$%`FgLcV2Pn#pSPM!vW|f&Us4%1i940+$x<P83955Qk;u;n?5#e5yd@SKs$Svbe
zP(EUbN5|y4>s1<<YnH1FER%#eJ|d|W!+Q_L<2dVugiQ>c92*{tnYycehE$4Nec>bV
zhjYxj#4<P1vn6{@${MR9aZvghPcmj1O%b#h8aX;RGC4drF;UyZ8wfpd_hx<Hv;5$E
zfasX9=US$3g?W3&9CtDZKj85j#u&SyTFFt$v(s2N;I!#t8e!43<|)@j;g&h1xOj_j
z<*SNfg)_|rabZh27#dP=b34<INK)5{oSlhh)`vOqS=X{KKNLHoM13^$5eXPYQGJa0
zm67AI&BVAL67M;yEJFCt7#YvUfU2yJP-Suy#@(=pku<_kDX>sSnOW91q!i4EnG%7^
z!yqOsf50rof~$B`Mu7!OqLl9Cq!2o$;lv_PYGr#n*(|0c<D4Zv5yU$QXDo}U;!?nL
zB*mY0BniisnJL$GJV@#N4B;rP<>3@;TYJj1<%!ft+;5bW8NT9LI5f#7Ry1>NB-<6g
z@L5W!>-iC1IvS@KAx1y6@0v9%fM`lH3)QKe17<$o+wabJu?;s8O%IdOU*@Vp17tq~
z16D++oM*ctO6wwlp><+@vvRh}#6bVZNPzjpvLOZ8^Xv&B2;0-4AQ0USsQibUAvESQ
zyBOu8b5_}NBvb9ksGJB~TQl4vdoM$FDBRXmuJw$WG#1-98VR)s;y<_t0O>>RsLl}T
zn4wL@S!q><_tuN`rOz@RBy+SnEIn$>8?K>NTCU6Zfn;k~!IC6Kcc41Scy6JF_l8FW
zMHn+CT%nMbiLm@^&dx+Mpjc3)q{9Rj3?#mkx<o9YQPol8Lo#zG|B^dad~=$U;_-+H
ze@-qQlcTynPXRlgo44$Elu|G5Wz5$Sk24BdvNKjTXHx;1@`2Su+5^o7i@exg-Le=w
zZCpg97V`Z4IgjPc70ZJ9MnXnv)ESU#X@ogTbCF^c=rTf&I(nnB29K!Vd4z^nO3zj)
zfPwr|y=7UBT{?_fW5s@WrdJ`4QPW%j=O##nD@pPq)&|O<T57iMn%*prSuyga&#bf}
zi<&#NDGG<QbDp``%nZJfYqPd&l89BGsK2iJf+8bhWn*CU=-{c5p~*=0T#)4?l8Wey
zPT?LKv@^0%t@fl3)Xh9b2Usn$bzoSD#OnsCUu4J6@l6v>mhPsaUq^>9c#R^(aPpaG
z$N=+*Q;pn<Sq7xrs#Kl1`hKLaR>Iz%eFuAb_8ttFqG0xekCs9eq;3(HlXBRT(X&^&
z-X~q}XH*@Nw^5|@6l714N?ArUZ9)>m%z|a~#@A-$oXxoy8KwGFp=hRkK0nzN8H*#3
zEspcD{e}7H8Nx?meEU6vTbnTQp6O{y0fSe=gea=K*3)0A^Cs!UOT|ph$evZBGv<sC
zUWOs9inJ*E!^;EV<v|6@cSyB2YCEBEO#(A8W$J^hG?<794Rh(Fm^L1r#;}1Rm{c2N
zU^r)6F|A}Yp0gI@vaeQLXt2gs<jky4jGAnQd#Veg7<tE@iN(d1(A~wU7b9&2G&wob
zk2uqhpfT9B9xdfuD-(~65`_h#=J|=i;bWKwEyt$UC5VUU<_%P}Ai$p+lvg!=9IU2x
zQb0|;Bwo8zpc)9H@htT?NIN!NTxIk?<gsPJT#Rg-NLC!*MXVqK`zY2dol%`pRX4&!
zEVC!4h47ffs<c!VauVpSvQv#a#wa2W(t$;@zGNhlmWq+(I1`v)evi2AB$Bui6p#>K
z)G@l$wM!mw%?0$ZNS=Mk>xhei;*?_gzAK7qaajY?e*z<hvcR>lS<B2Qfn5sGSr9pN
ztM(U*VWjSG;GU<G3nSX5G5$#iwE|huN+1C`lAk<RRXJ~-rQq4qSWqNVWP?(ZFbrKX
z0n|4y@5eMysfv;7%i+3Ad-P>tEE+@`*7-u;<5>AV)3YS+U65+n6ToH<H~Q4bNb*<=
zu`~UM>CSK<M~cnJIKyjdFt4c4r6P#{SUarR?{{isU~*`5<a!NqfwdyWW4T4Y4v!T+
zJ!$#Ev5kz5MC|YN^6M~pyR1aY5Xs8&@fwD~6>N8$>Ilz^Fg!@}x=#CitZ0I~U5EGV
zlNSN$nN)Eg8!uTGi*LjPhlu<b&E~6_nKie-HZiNBqS%>S0i#ZHTq+k8Dls8bvYVi>
z$mdSV9F|mKTXJG>5(^cILUNKfP!1-GB*j{;;)u=59>{sj_fpHILh*G}tVNK4<rj^D
z>#!|+dVDAhhG3MzoHuiMSzXE27eC^8@KHA-eQj8h<TzRZM@*4BiM+^&=xWzlZHPh#
z4f1jY4G~n!<sDw_H2ylDXX8=Ho|jlLJugybWj@L%;vt~HOj#7cN-#RW9r{Knq#d{X
z3Cj=b-PBQ#SzWa-!jQ#Idtt>;)16@(CT5)v_uX;s!3c{U$)@u;PDeba<fbjf!`N92
zw3khKOyiB3J?E_Qin>(H=CTKi@|u!eM6xXlvR!S)X95Jr1qE4t%)BC-Uj-SI6tIHu
zUd1G=nBXoI3bo??*Qml1%J6s>DQzd`W|ktknI$UEqpTemx0!K&l#6gY3D#ObQxHmU
zISLpr;ykB%;{N>y_UzevXm53#ZFMw!v}%s+N8@6{GP1rDBPfLj8a=&rjm(25$0nz0
zXiIg)-h=ThEEa^F%Uen@o_@)3jM>*h%+2RmwNOFu_lCv20>wX~cJm<ERe4opr&kr|
z352759(;Oibogl9s*^~soR#u#>qb1ps$Rv34GT!E$`hk%P%bSCb!g?aqqWHbZ#I?S
z9p1dEI)JeBSO4G#r8F#FY1v3|O|wRDnVjv%*il{cW2DXt*WjW88Ont`CQ7IbA?chq
zFan=R+f|wd({vVGvuL^~g~v->Fn*CY{hZyys|KV^Uzk;c*l15qW?+ok6A)3-PN+iT
zgOmNotNi<QiXTMT38$J-5j>O$gV=8jYr(3Iq1kqLKhOM&Z34+wpLPrz-AmPFcX+IN
z#3vRS0JwbiXvsl&t;$j^$?}n^T3A4`Sn{j!T&{RVm#1iDj9iTjYOW)PiOskI1t){h
z4g^Ljs>Ncg=c<xdi>@`Fb4p$`G|^k3x>KFXB*VRX>o_>-7s=Tp7sx6UnY<wtoaVXT
z$1NZ81jD5&=1U$9ovMWX>g9L>b8S!#u0NAuy{}r&1mm>jsEoQz16x0<JHkZQTt;z<
zmQ7b9K#w$v6Ee8vRJ}TN@1tS#b!xQ)5oS^(YHe2%_Q~DPa(qf%3r{q{DHifLB0Kx!
z{%Vw4iH3#L)r=3KMM<ubzNj$4#Z&UO<B1}zk!-1`Q5hq*GSTf9xs&l)8Z^cm#tT04
z%44+xRpeTXvRlHoJRi4sy5x$8oq|c_L}W+8IvA?|Qke@`V)Jta>kQpcXw>0pQzL_^
zNxCIs#Z~2k!g(xC=FMYKCoG5M6w8KJw9<y}2q}<rBMOjFBy(n7)EQWHZybylWMzd9
zqDE?-SX(F>{<OlXM~A5_G3#1bStbNOH)F)AR^;VSYsTY)ILnxbI2ZA+&YNyTwyBvo
zg<~5Z>^~Z4fWoX34f(Bu1p%31AB@rrTk}?aG%BiBl}C*_*McYrYcX`Ng<;K1_=^;z
zU=lS>P@orz4OxRTIhJx9ma~Xvn8$N4Bbk0OClF}`fe0iDzdG40rY*;G?$CwEt#Hxw
zK!(x`(iA@xs<`K@kSE6?7lM9KcNZx#V^b;P_~_`-Xr-oj;zP|?hO}dZtYt1|UkCE<
zu2CJeszAzhmgA`HVyVh1r=&bu>8oy(i|9j=1Xq<i(fASuK}(58VcNR%MMN?~Keg}Y
z<3)?*v~8|x1zuJu@W;$#YE;Kys2DNa922LVP%01&*1+n=fw|8wqRpj#>YABH>t59D
zIL9gv*3DOsXE4X}T30HJD}@F0u%P0IwUk>V6{KBMru9Y20iH|{4Q3SEE|-be@_4NW
zR?W#;OtS-H%uw-V$>K~jsbe`E?ukmv3#;#iNU_Kq3ULg3rn81?<t@{*c-&&KEc;&S
zceppG{uxw_t1Vp$*DS-Rv{NHGXReldNi~JQ_R081kl!Vf;Ca){VOE_?f&-)bDeg~2
zam$%DSOtWl<9WI1d<4On;YBW#QNz<3;uQ;(xV~bOy@#s3XJciGQdrohfNWnGEB8~Z
z5Qh3tVu~siwNraW$7=?JM%}ux(A2P^WUbn_LFsLdbNgy(YBduYc}N0P+9kQQ%*(NQ
zk?LPPd!x6}x?w&0l?Zksr>sL;YXtGe!W-mbT#?$=k~wZ(h=C~N%LS=WYc1t$zh{4~
zVj+BW3=w09<{>mikCkJIcmc}{PL-%({~ooies^Z|?1$d4tg<~_9mda6PZ-Q7@`}Pr
zl*NoPgG?rVIFfYUSR^q?P8Sd_pj!}EB}Ac~xP_~(I>ua(JW4U{Lx`8R3S-;{QOFir
zQ>^T-R23sE63>L8da_$}a1@sG8nLX*NyoM1ihopEmrja87rLzf2d9kj8VD4#Vufl&
zkr*d#?Hb_G2~wG`TIWMm8Gmc!@UsvMuUD?+Xt9u-wBtG@9|QT^+zc-x$Bgh+QAE~q
z?TZy}bgDeAH43g&)u@OE;@Q)NZOvdhMqtxWOn0V-{^?bs6)I)I!L%Sc6AX#rrJc|;
z<UPu)A`IAdk^@)wMAl_;`z1elEEa{i!LZ6wRGf-MAkEdU*Ec7^jw1&>Dd}kJL%k|M
zb!|2WLUTxv-8p0VScWfSh%>4}cTDsYv)DO0mYrdBcs<LVk66#DN*s#vZ|wY;>bf`e
zD{9o_=8;V~RvtL!$~xh7)<KzzQRl3YMaz#Tl&##nRLj3ckr!TW*m^WDW(12Emd14W
z9Qrev$*MI*X8|P_lvGHb_R~3kHc;a!h*`>H!O0-**R)7dK;Vf81LzK$$>q6Z;FKcS
zkzO=PaxPYdfUAawBH}%>r1Epq1{dXeelm_miPVbmk-~!*xB~5IL&CIZYEk_pQNFac
z93^uddO{GBEFHhYq^7E)(RiUy%*8AerMTwW6N{G)UqOr5S4-~0aG1b>E>Z8`?5{u=
zi^l@Q3wp^u<wvB_p@Hr_>9VsX;u(7J*wQ)K8ZPI-GBb^w^?AP)NhXX`{TeG9^o{&1
zOqMiBu{kgfaF?xRXJX|+P`bi%Qke8RV_}I~)@rP595eHt=$Ac(F=bJaNv?CiH3!2|
zOqWqqCga3@_7&M@AH+9M(ZQZZjV6|s6|L2p%`I9PBaL}D)yKXe!#El}J|J(|id4?K
z=sFZXGI60WZ>?}DpLAyHxaIkdYegy?8@+Ws$CB6}QpufS8Uuxx5Jn~5&^K0{L_Z&m
ze&l*}7_#P{F$y`m<XheXRnzgH5qou8a?k$ync8!!#=)=F``*yIAXUhaNJ5RGJW=1M
zY-*Vo_VM(rnX{E#!KlV%vCWTH3yDFo0*M)ftIuL~x$4BjxLIG3>bf;`1(so)cf4r2
zZ{4Z~bxxe&=SM~3V`{fOSZmb+Z(`hs7(JON5&#{mdr;F$u-YmIWEu0sVyCvst~=?d
zlgPOza)3sy(nRxyY{&PFFy<gA#$yC!c!HP<KZv*RgIEhch_mpGpwNzSi0e49>WY%P
zv`Ri>nCMzr3mxm8QgB=<*&BJw^OPFN{>(NT<hYB{19HowxwJp#hfy$9WvMgPqI7I2
z74I^vxPh6;)UJaN9D^n7PIRP}=b1B>RMFO%e#9{L?2asnT-_>c(_8h;-Wqi`WIK7z
z_Jgy6=ygxkTYQD8lXj`dGNOFPi6bfVXwZ#0FQ=YYS43Lj1YM~h+0dwQY)Fd2ka_f6
zT@&C~**G;Y(ZfG``DYke6EP=;(P?tT)L40d=igE`$BpmqoZ(5=e$?R33^$Q%!+>+u
zvB%Ul#18K{Si6cWk53ST5VtJgn$r3(dLjmGrcQ`bfVC<&O$`r9ht2Vl252W@Bq~!X
z6azh(S59E*s$y+;5P=+!;`y$U6=j*@F)~Ua?mWy=fEFDua@-<63qZ0|xC#sIv;)A%
zhoTx*o%H!I^Q8J2sg_o>DxW||xiZ_T!M>6lUbih*pq%PcgJOzEtrLeu5MK2{h5<Ur
z=>(`bRx)c!L<nO#W9Z_N3%JK(NWzlJL!R(pWE3p?gobL1DvEf^18IemR4Q_nF?}<@
z-|(B5G8cy3&($i4TunGio>f&DHDb>U&PI^~9;Fy{VS$gOC(8a1&v&U{S|{ltQjI#W
z6PlS!Sm51B`<5T%B%|QH=wqoP4Ddq(ckFRY2ngJMMKk9{o`1y2*-DJv)#@e_^q~~2
zLcy8m`-Ups(YjTN84%wZGeKxX54xwqml>8tm(=mVF~P|+4(y(sb5A}ujRz}xZu;kZ
zWK=IdDvE-n1{}DF&MfA-(-AmEK@fc?@Zn5HA>(ql9o?PGmRKDmQh!N<Sacq;<oRx<
zRIEm>0Ek&k*r*+Zh4vE^HLy`uN{x{F#nqP60F>!);R<Xvtf6aJN>-%WQc=Y9F`>E!
zXs{}l9md!*fX3b;ogVXO$tqa_@p*{?D~&oGrbvztPEJk*=@sHMM;0e4KUHG~A{b2h
zWm4Wj;3UsmCTg|QdDD(YwPh_oJu96fr7X<me9J4EX)79W<63kJNd^BE-!*gj+PzX@
z79N}?f62rUwx?JiUX9_Puqx+U@n4x1Bn<jheV5#vVR>n@XnCS)lyneu<P9u{fsdp5
zXI@09`UeTPnOxfRV~t9->*Vu7$EX@03!td`R`xT?e5n2vA(wXYd5cGu#K{kRL%o=-
z>h5Z;PIwqZ1Y^7vT5`VU=CJIBlC#sURj8W18AY9HTw#Tvc~D06XzTpw`DR}3m<lgm
zkCBfzqpzs3rUFeV=B&J0EcVu`F)|So=k-><*78NYLJ><9Y?<or@SPF7Gz4d6Mdx{G
zeoPNs36|A3!2RPgvGQvJqB_>k>j`lI<By}c@@dyHJ&Pe{-kP`a*MYebu@c0k&aRR7
zMU8C}44c=R&*yy0HS-Ej;$~AQn2Vz8qVHyMSiq((31nkS&pL%-AldMCh}yBq^5yNO
zEYZr;C0r65R@~loNkh0XtAC3l0Wa@}XH=Ur;t<s87VM2-ewgo;<#W6gUI#j6T99hc
zE7eXR!?m&k{Io?iF46`ydyb5dOAPfJ(7hF@gjIb2a=}c`=4`9R%p+@kU4W_4ieu$!
z&9E~8R=QLS7xR`U9fMS_ckx^`5ofJx^i_8t0qa8lhwZNj&Y*D13jK(DejylpzMC!-
z5h+l~h+zk_4j_JDcim|gP`Db*>dk#6^sV<y6smMJ&@&iq={ji&P)=y8cjW4?ryVnO
zJ@7<&D?u{O%Eb_*T~~DiZS-lz4{9BcBzA%4yEa`OuV|%nCM%L<rhUt;)psQ3vc~Tm
zDh!-~C=}~S%z`(jLUWC-kWK~33@CWUg<Z-wBBqNPDnr!!LP1||SOFQA`HlFIDMd_`
zV!MQ1bJiPa$%{U+)9XZ1OQeNqoB8q?D<XK*dODy2Ig#2%HTsZ<R=t`Hk~6yqhDIP;
zi-aI!GiGzO=UodTQCy4Aj%uKBK3o$F)u*>szo*{Dk2GR&BW$c}D*R`m;6_nZru9OS
zk@cJCEFwZ5?c9?HHeHmom9a9$blC_MCAx6Z-73?nIs;7rh%Y1~9I}8I9bpDf6cm<6
z@lZNlDwOi3UkCU#7-_WEXi^mKHS4e_@7Q!#z>gXPgY}<v@|m#Xx_d!bY-|S=lz=WU
z(KE7qbum6_W~j3o(MEw>&U(hb{GCyey%vH+4%n_u0;|pt&*n?stP<8QskzeCN~-uh
z6gGKQXwA3QB0K^im|Hubkt@)dn!VH&&#DLt*OFPPdX0tS+s-MhO2Mi&jyNMeP=ydI
z^$=Cs3NanVx7-3<iNNmUnhR8wj~k!3`GNk*O%SuWnOSDZ>{VDPgYGm{fgL&|zgl8t
zZDfg6W?~2m@hiLOPAk!WAO9ch^PBurRZfY^zX`s2KwMr6z8VvkH(m}N6qjAWR}YBG
zTlnW1<;Uu&3*v5X*ifnaPmJ)7gLhB<acnrW*U1awt}*C!Qe1WfU%jRy_HOoU{H2ND
zwZ9nxrfO*Lo3Tb~lvf|U?ZWEqRAnsQW=&Niq7?tL8gItF*zog(^qMu&%^UuLeSY9C
zf{BaE()YzzuM?Ml|9$y&;_mN%5Hu8*M}8<b6nFpWhe1Pe`BJ2zxJ&$1(6Gh?R0Ip~
z&pOkX6qm=pC%$^ExE%hTSohr*#Pv_YW>@}_UH;`?245xlyv_wveXY3s$PdEKe#XbY
z@1>xbxEy&YZ1ygG{iU$kcV3Fm{I$vo|ElNv8gcpC!Lm(=%g;;8_L>Xg?xnEdOEuQ_
zHNpCZW13K2=D+H3j*H7;@cM^~HC{g+yna`(3=fM-u|lk&xH}Lm&cotTtQ%`6?tVRN
z`0F(gc054XQvt$0EG~Z*X(;YSf|Yz&T#7|z4Xc;@VR8ALNW*GGc({sOB@#$5>VsSC
zSBh-n`V%3%1qOWk`*k6!Di6n@MLUawOI02oj=_pHdpfqeRpsIM)}YPepi-5G<8Y$Q
z;($_>hvQJ9&EmiyH30KV5@5vj`vNG8y{`&Z4+vO&U3&8CRq%TtzE^4ui2eI0AIcvD
zTVm`FVxz0kUky^ehJLGZ9<frlAq9LuP`fXOUsaQ~2dc@~1J(HZKsBa5P-6*jh-z$*
zdqQF>E|1rs$>Asi0z4WL;L+H?>k#07EwN=oR{0R_42F^#jSYpqcRTO#_TVLB;xZgc
zYGqpaXB;>`3Rf_=4BkF2VDq}*t1)rugslV|T7#F5x5mapl&6=@|AgQCW7w|#06pIS
z8-w?p5|^L+p46#WtC3)>PKibMZTaP58Ga&vS?k3QR!wlSdf=0_o}8$9@>KPcr)uo1
zs&^)ok{*AQepf}D*N7({{9fG`s0yXv@8S)f{azKEUI+&lhf*!kG(l<I*S{B++l;u3
zqAC*~sp5e~b$5axhh05f4cpi7A7B6dx?(QdMc@Bk^Z`{d-uJH?n4;F`EcL#sCsWt=
z<aqUy<JGzWMNIK*o5Tgg^|7G8$@kS@nYB7pR_*kb5UApEx72KR)w{=D-n+w9`Ro6W
zz3+gNs=EGvGh0Cr5*xu16=PRev6r935__CwX9h`TcZ?cCq9`b!v|S6*6h#3=3@%{r
zh>9qnU;q&iK~ac?SWq;UXsp=(pZE5D&$;iOGjARXCMJK@Pr~<}_r3kzbIUpJ4NcvP
z8yXSlLg{9@$gBXlB{Rr<@_SZllST6?Ga<%U^Vg6+o5%OaZOqETF-yJDX2whgjdhRQ
z5Uh;1ArPlRJ+&Ay6P{OM79(%VcMI-`_X+KZ-;KK`#!l{J-m0DOf!NfFG6f~l%2R`!
zPvogB^Qe(|<n?-U9^3PAY<nkLzYmaaCGQYUP|jX@P4v3dA<gahgbTPYiBhQENmRX*
ztX`e6H!3M1yroj3eMEs$Znye0;A6N%$GqqEL9N>de#|)SQ(96=b7{*M&F;&9+i{87
zi4x`HsEFNR`zQrDNai55K@3vTQwk<$a|{w+Pn;-ESIS9BIW;LKB;_=;J{jj_#(9}>
zUS^z^8RxYv*AkQdKe&ly%$$C$<15`tY+c{yt*e1MypQQ}L81|X4$S+js7LiMQIG04
z_ZHQn-7;u5zU|7O-5#X;GLMKNq|lT#ynzGkX8vvAmFzyDEP$sO(J($q$U0=uqDxr>
z_^M1(|NCR%v9aVmF*e4&AKB|#a@8`qYMESh+~hJcxr|IMQ)thF1jkuAW1PsOD>8ZX
zJ$aom_Wj~pt72K*%c~gRT#GhWlqlES64`&}J0(hZX~5+qI&FFJ%oASvQPB;j$!<tX
zoz(gLu;NL27b_*bT}+@lnbcrsk|e!eN>c8OP`97U<B<4v>nt8<pBlLC{m7WVX;#c&
z7@5a?n1)vQS9G4|H7lm)^*0Z%jY|Hq;w1k2qQ4;xATr<q1Nf5Mz+(s4)&PWl!$iO{
zLd58-ODTF9umzW<g_2@gO|hk6bfCy7!0dpC-TU57<rGqq9!8{87KhaIH)@c%ZyQAQ
z1nkv7^9u07hN#9&7VKN(a_eALLcmW9rbc?oz{M;Ae9MXnyk9--YXFZYQR-v^yRr!I
z9F7P$rk>M(!r-Utv59E$eIo)ZIPPi#-?8EzWm@QW4F&gHB?X&j537>EUAQd(hmt6J
zwSix-2sLW3N(DTE+XC=v5@pc_<5{FtQM&`<I!qtL%;yb$+mZo)JgDGZP+5WIS!g8#
z{5&V~ypys|1NOKT0goY34Vr8)RlEi*HjG7XTPQ}Z@`$m2jMcfoUAb6*=UBxuus^c^
zc?478M_64n!Wq>GFEvJt-<o*iS5&e>sa%;=IpAM#v47zdyTrS8YD0rlqChAcIpr29
z;JJmWjMO`4S;ad`G;|8^YKsPZ3)5~9>M0Mnidm~f7v(i2Bl{yCuRp}5x<!FXe__=I
zxRjf<R47AI9pkM6j2Gq1MwPRM%9*MWMHg#O%Yr?&jg>ZV6&JorDEA!TZ<+O5QN>)m
zD(2#Jg{BKPbE<K-rHk%%G^C}n*0N}=(2q58qws{B%#!qUaZ=KHyxN|IsCQ-5oJ)AI
zXi0k9z9HfYuXS-!k{<5U5V4K=d2v#b9(HMnxRu$jILZH;WcH8K`qL%~khYc)+fO@*
z`zeVu;7k(b02lSQx1b2EX5wlkd%0H)Zhw+<oJ9SxiukWnk}1Fs`xo^)nJ!A6a!a1@
zvVebO7T~A-BYMvB=E%fk>6C#HgXI1#d)*xRUZ<`FJnIc=2*5wQVfQvd*D(=rT!@I!
z6HEl08zLgK?u}T!KV1CxsrYHYUs4*ifOo%Pj~0X;W#XessnS%cRZLvv6twVJDY~@P
zfZI~qHGm!8z=-I#V@IV1)l`ES9C?OPgKDb53M<JKN)@UjtMGv-Ya7Zg1$YLDvKSSk
zSv1ZmeZtEE&g8UY=Vzl%U}(&f-r#8sd^Y#g+0M{ScqzcK%o^*A+k}@I=M+c3f&b2w
z;=9)io`=flVe*ajAZht&Nu>(!U%%Uk9Tuy1P^$7bB9>%4Y`H$9q*v7#C#jTvdb11l
zZ)**dYRkgftRzIRhq9Y#a3vaJNG8=3H=q`Jaygk?F1GfDK0cOv;#iSGEpnLjMuh8y
ztvfkxjVxV_ES(s3WffZ%@3N$oQ&%}|E{<-?q!p{^0()`X1vYxwNxf=r4_~D<9&ieY
za)58VYNw3QdrSoUBt%50@--p??)+N(vT|w9q#V<LmyoCiaP+IRqO}{X)F4eYc%LJ`
zuhbw-H7I?JlPp!LP<Wlc*QD?`Hx}T`S9z;w;B(9ZT=r^&0}=n7WoZ4G4mg8ES>*F9
zi<UVpl<=~EA8}e}h@D?6yw@!0Wk|hVEj*p*VW0IO=?kAsDq`X5wGkUAMr)LWN_MYR
z4>vtu<|Y_rL+ewxBKK}+sd+Qir?57-H#EtYsXAf<r#`Z}o$GkJsACRUuX?q};&O?I
zTO-@2Mz)W#8uSrkPF)S|jWx8qcz<h}{^`7ibT!~DB+3Hb&Md$?*4QnM(6(<<T)-XP
zw225E&qTnJLPUgqPs9x1MIj<WPpvK11j%G%Qyfc`Oal%iQO!W5-f61$R#eKGt(1DF
zsouvi@i?X4X{z@bL`(zD4G|Hle2Y>9%)Dh25z0~n)d2ostxZH|6cYiTS{t=4B_mpO
z!Wz~-XsvH785(AfH?8B9)6v16)Zo>Y4ESAYs}w5x##>DL)ZlH`vJ7}{s%vVHQ~hWQ
zzhCECr;Z6P{en})gqL<}nDEl5%nBCWXbSlNb!S>D_xcr5`)g}T_Dd>ZHQ+^Su+H>)
zhX(o_TZjOvS?2YtEbq_*9hRp0R0IC@O)L6uok?Bh_4T78cn*fNKe0RbPtcutYL#j<
z(CoLYgcms79thEXTduW)2%u3-4bZN`ZSHWVu?<%_`kCfvwI<R@07GZ*!WyTRHO?JQ
zTPM64G{=oR=O1utp73f=?@!+<xaOcF-9)zOK_=GK6gzdblWo$w_B1z>LId$k^ZY_i
z?m|%u>Fw77ZM65Af(|YfaY*(Xo<}(CUgGs>*LbWL{1>)sblW}<J|G6!h3$lL354z}
z4TQy~<}XEWRM$GCOL`Z!l><XeiiB5<De)4EUJ}aj!nSVt6J9k+KZHd?gxa~Vt<;D|
z2-T7<d`%*|!<q&cMNWf=G0)Yg86=l8IXDItAB!bs<B%lNbgi=&2-YHJCt$B_Ct0$K
z9M$j3*1j2Dw|$wr9{931lsTs@5`S=3ZT(%n;<c($YE`Aws!FL<l~SuJrB+o+t*Vq-
zRVlU7uIds=p7mw_JGFAOSy@O=@b)~tI@bOJ6{~;K^2|{-C8+E#-m-WpXP2pOUflWz
zQKJUyptTk;&NioM<R+4K%h)~MoO8@-v7gVzKCxUR+Ar%4mV}p;O_hB^tk+qo&a&=6
z(cVw3Eb&Ubip^@pI+8`jUSA^$$GhjO+&PFm$}7vfGOxuCng{*{iv4wsJ93p%k8*4&
zumd_w#7rUP*tLak$dVOrx}!vKsm2WS-i){z0jc86h)bUsDV4=Zsd6(stRRKfuWfOb
zQoUrQB+22ZG?XlPoRli!q~s-kB1kE@;>RGduG}Z8^FXSK>bw{!mBmRZQBf5qJAPbL
zUy1IDlSBE2<WSMl%|RQ0p7(!FYHB}%bW~J7LQM>Nv*3=DNps(f)JRvF$2W6^H;b6L
z!tshE-)J6;y>(PvP4G5|1W3@}4hilAhhV|o-QC^Y5(pN2a0~A4l3^ghEkJM^9D)t*
z@ZG$>Z@=Ah_K)3j?r>(f(|xO+s(QM+T1I7WyG)Sd$s^q{YG5-$7DQ%yxftdUoBQTV
z4|zK8lR*=RKoQbUGXgKt^XJ4X{5m*3Dl|90Df+cn09zX2R~8Kt7%`4jzS;<=l=E0l
z&+0~V1f)FzGV0;fLSzGiR=h-UR<l%?p(;xl#Hqz>rG9_Hl(N)bf|Tmr*VW2Dd_k8H
z*~SvrK4#0JeBLcM{u3o#nr!kkR^q%{Wqj*YK%#kcV^V6ZGjOpwL+m1Z&?&<^C+uKf
z$bg&K+Ever;w8sUhQwFVGf&h(dknT-Au-0Y@HPgH-}!a+Ek<{eUMLDCEdlhW%2EnN
z!3r4_g0rBg{h91JKKSV+TRdBwl)0EB>H{rBS5`tHgt@M?g#?xlFqF3OPmVC3A79N8
zD8vd`O!=7UTutKN_~H+~%CYZ%l{df*nP(w^smS1BxTa4jB8q@)86l#siV)_S3`kK1
zGXG2=d<cXaa>_~q)1FrsfJ>lKBY+(_2++A=mBJglOobA1V!*6oksq<s5nUe+8R($w
zbz2z_87_?aHYr4Kgk5NYE;qDaQUShpD<gC{ZX*LC_-#W03sI%j7ILMCNai#Z>O%R`
z+8faXnh|QE%MsRNNdk4Y$V6TVVwr-QY_Nr-<FF$6iVnUCTm$-SpY1}2-4qemLdd4z
zLae4jJ%F0yfs!|R9AT8EBv7D}v$E@72!G-!JQIpVrH=|@iGRbt67xnV*)Eg|P_;`D
z@o}IK{^b&x2?d%2Ae85aIQZ&Wcm{3|5cEzF(a>%xR21qC*Gj3v0srD6H2CVIj~j9U
z6s0MJS8lR}phc%4Jbtr4cs`Pjf75*&cjRdXeM5lZ`)&qKMvoh65S4~tIKTlf+G36n
zGQkZoqSHl->|J~#iFjl-6?zC1?vAuT5V7fhWenT}fOVZ!l0+1`rz?f`q1Q)sWf*+b
zy&Ur<kbMTu1i+}~S&<t;{_IGcgua#!7-!uLFiv#_<Yxx*ZIl#ZaJF5ji9R=!7q@~e
zG%|$&&G%k1{!Jh<Ad3Mvv@8R;y{{0yXLJW{W!F09jqk!Z8Sd@tQusWJsZe^ra`3Up
zLjP(_5TJw3#gX9>(QSmMBR!@9rpvGkr3S1{Q&<9*zmpOA(g>&n0Fg_l2dKl75`}yl
z02EFH3JU^-ahT~~>ZS0(K)pA)fW&MmnaDY`0Q~NNw?*RP-m;a#*EZWiSWDkxxGpoM
zMJDxX0j8S+v>64okpNt691wJv8!`zXQe{vMXp_i*rW=4Z_-cX+!xaRm3RrLykZ9Qu
z6T<3Jk`aosKEe@(Wkq6&1qc#m7kUHWPzIp?m}r6E>_$5HYV9v?Av^`(VGo=bt{GB@
zd9uxTP^$Phw<>_NGKz>R8{Q5ZANail0Y|I1g%IKbjs_G98~_{*Q2!sUKTh6}K(T#3
zV6=Y)G*#fIgVty(LYFiD!!><fjvM0b!-?T*0-zK!$^lOb=#u_FxITWIffEJXm-VF3
z9gf16(4>+0HoJ?T&NcpjfMqF#XKS&AxVQ_zg}C$ezY>Bv1BQD$0~Z2Bl?&j?Mg$nQ
zazMT7dl{ilr$FF{{)lAfML#m13S|dwzx}5)AX6EDegGg77GUe+A9H<XFvc4kj1NF1
z4{M`0V#vxH8KG!^SZJBZw;fW5YfmBoCjOK&p&9`Gn7bLFDL|;VeZX)9ZnAac+lCsf
zP6B!ZI10sCAYcM!pXb7W83Q5i1K8JcDs+_cyE~jWof<*?GU6OYe(!1~GXGd1yePmW
z{eZ|`Y$(uO4MsX>u!aB~>{$^}=w~5(f)xq$7>E&qDfQ47AY5xGw=*D46x*>FhzS7l
zd%zRaf#C@vaQgzlSP;<1Clh(WIjhB$C~%Xz5PlbkKO{h4UUx-E55N-tO5g%A#YRRU
z`~H>ym@5Ln0-g-lwHhDSmjp24R|^ETHo#|xIN$|^6*<aCZl_q*)`|Ex<YHb+Olx`Y
z2SM>I4dvk{vIm14p=C7k@Y-Vu=NX#gNG~ssFCkNu-*`<7t}&qb^&1GV55Ta)q)`zA
za_XT7sX3SvMY;WMMFtm~6^9u5vY8R8qc?vC(YXCc>G}rf2Zz+xPKBXdAPGUqf%b;N
z$|w*qe?Vt9G(Cv{rTvE&3dTw%dk4IO90<`6pn<iVx)OLSIyFof(jgV`EhV4>TIb9-
z{F;l=6T;+Hl?fySP#SyAiq)0cWDY?@qL2)#H%H3|g995Qb*D-SK&WdT<e}&$Q3$+=
z3@8h0oo262e(7X{_Pht`<N{pXI`H7NFB~A)Xtjelw1o_}o^^F$2kx|i?K*Vtyq^LZ
z06eqY3m@gt1{{NE_z8HxX*Kf)XzcAdx+^D8F4CY)4PtcHiRSti__VBhBLjJWA>o_y
z0kDX+nj`3(r{X|^|Fx|SMhNhAfXCGwh|r<<mU%fLKE5(ph6DfPfM;)G(+_pojwOKf
z0AlLe7`ejTY*b-GvH=`~eswy)iKMb~!9An^7?pSl!gbS|h{BZu_a1-8yfGXgL=GkY
z2bd-KS(pjXl&~H&=OT8Ge*_^;Zc7M24ajg|IEO?Sfx?tU@Owc0w+4r|s4Ll6;7~pQ
zb>Ht^$*)8*6DmWWWPuu^y{-}0;;_;~X91bPF8wrPgJO^$r#6F<i21FUu8=ALI#Z<F
z68BJzYHC6lx`;bGxR(PS#UPRf$`L4wkfQ`3WH-0*>Q+c(4lbTv4YR(<OBqfi42vq1
zFd2})qa_YyEu!r#w1-aZWPV~o#8rypmPY}(J6;)%5z?BV+s2Q4`uutdt_x^$W-^c$
zMhoGwY)GIqKumuDSPpP@K}E#NQUiL_FUv~wB&PI0a0t!7sk8ws1+ZZ=z|Sdmp&r2Z
znEodynJIT@halvXRwS@qMMOoQ9imV~?EVEr9#E}jEOK|EU1%NfUoS;ON5P*YF36`M
zUk0<ojDQ;K6cLYrmNXKmHyPl_UT%mL5XR)C@cs#UTjNmggfm~R`V=WdkvzN5GN4h3
z1>$|F5PlutY5^dm@d27^w1uQ5T=;Ui4i46wS^xi#VCFvwQvN?BXsSN5cJ0y=T0=hq
znCG7^2Y_tmrSS1U(+ChRj5?OiCDFZIET;34(TfewyOn^=6x><afB)4mP(R0UWR5x8
z(4&dbq|WhgRyM{<F3;G?IA+mA$2cTX_Z7b-|LWA!BBV2k<}Vk0;6@o3=25rxQVH(i
z7;{tBlC$B@D`Gl$Jy@eb+d_(a-JvO$&yShJWLL3OQ=WX{ZumxP`t9JP3hfR#y-=!W
z`PTcg<kn7(BXDW5h<o6u=Ct|XnF8(ViLX^fu>yHIV=BnwF;jC|EWRm8{@%`F0aunb
z2-<#7UK|mR6(`@>@8+r|cNKpVE&unV{cCyg6L}9t>Yv@#dW{Hq|M@dtRk;gtpI52e
z!)N%aa){&-VEK`c+TN*}I~foy^{RlrYrE9TRtq6*ITe94qg3uGj;_k$Sn}+0`ARqR
zG$uQf!L0IReIX*=tBPVia={#V|7nioisG4Zs=53*o}J?gwAhr9F%_n*owB`1Q}}B8
zSHV+{U77QOT6aMY64#ZF;2`Sox~z~k7_#4w?%Y8-CP60|8llJZ)JlWT#dq(YE#>4w
zpUvAZB4O(2-PW&7E{WT{UmxlIz=<2$bJ(S=`!H<SI}GpQhqUfa;>#Ng_u?Co`o(q|
z+D52m&6<J<GS{)3&X&4I-V*7~{dol^l()HS={~~T7(4#6Uq=!hG(Yx}M+a{uoTmF!
zt)l?Dn0)MK?pJ9?8)a^+bSzf>KHyY`A0tPhb!^?V4y3VHDZ16+H(7y;a>*Y@Zn9`9
zjKO_0kwF!UWlx@-uk0x8MpG8O(p{K_LB^@<@8r~XTKeD^nwCw#i8LDihF}{SIfvp|
zRqOeIBk{H#HmVZ0b1y16fAK65EAP{h`B+Q&AKL~J$(}{cDkDd`qis=^^7O;$UuY^4
zxa~)d=!VlHEakgKd_rjsH0|D`E@FUAUk!tBtlQRh?_W>nO$RbHjgIJqSjvZ_xLnGr
zFJkoVGBs5tyW9?eC{o!^WTzdbRhgR{tR|?A2W5&qa|1<XlC9+rYsXHU?!fVi6=i`K
zGRd{+bY_{W8s{x!nbT+IPNZ^wS&xS}yQ0sJNi)?^Jf<r<89#eAa*K=}v8Ayu4uQZa
zrxUW%&eP_sO;t&!(?g(VCX=M3;%!N@-L%DHW|Pb$Mq!rq@TB6|X<oJ_2Q%g3<rT7|
zX`b^4Lb<H>7=Jmt_;%1faF&P;-{{lWeQWL;J<0=}b_{{yQ|szvr~Rfq*_*Q8nb;&T
z9@|bVKPbn)%YAqJ#MuQtufflpo<Fz3lUtJd_-5!x{d@;6b6Vj%7gz4y*q>nN=sNlI
zJD@qJE=_iNbedeuTF3c>wzZpws-$Y0lqUHy>e4K6@dw*FLlWbY7?^=duBc?|%b0Uo
zpqpf=Cn%6oGI=6t4TrOfbo=2wXUXw+&8V@DWMVL_5sRfa;n4giOZmg?W%A_al*`e?
z#aycO>qN#M?@Trmi(QJjBFCJ4?$jd{4}$M%ztYrzDBf{);dlsMrF2oNle{+>PAs;Y
zc9OKd@wtons(8S1w;Mqdmkg%k>>Aw8CgLoi-a#Ws{v+|ReCTLkgpkcr{&;+K`Q%0_
zF+R<hm9y(&Cjg(bWODluC%O5HXGGFsE`v#aA|q>xi<Ini`gDl2^$prxTDal?#ohTA
znwmsqK2E{O6*XrOK=*=kauhlLPyT<0j*OE|g@!=E^d?q`#YxjYWUTp&z)SBmJ{p1>
z-pTc(i->V{IqZ<4bCx)LlSsTW|4ieR6feoy<*^fsn#`>MPI)JHIQEklO9mvDC7tTR
zKk$zBQK`5gUj*W9o1tzXwN#KAb)UNLu-i5wx}9%`BJ?>Jy@jBD^qr;Ze!7OGzuhN6
z_l^9BPYC2F?oXJU?QOJ(6dw|=i$fo<V%j%ux|uPYNCtE0%;)Sl4$+TQfVOxfEQzCs
zyTyK#qmA2jFbw+!ER!8Mi1CdGY8w+4F`5YTrqFD5lix}dIvl)3fqjP$WF26Cp}xNp
zl7`bsDF=>aFMMX!Y2=^PcdLxWi!Aa%3QU#ss$*jGj&rq6tjI(5C6Bg;qij$YuE8$A
zS2QfJ4ABoeLLr&3jLFM7+D-xTgH6bi-$VsFmXTpcT}s929%wbBh?c*GRIDfTrY}!N
zXt}51%0v|y;Y9AMg>T>br$vV<NJxe+vBzoAJxi#8q0_XA`hu#ZnX4E=X;Nh*3tyxN
ziF|2e2Z;F-q!|9964Y?Rln8z}K+9O}QF(Sx^;@}JNBc~6SnjaBBYIT3sYykoogOzH
z#hT3T{aTZRtGFxE_R_{<4)*-MlYNw5xA&u%tIp^>#T#y@K<8kc<jTUInY_RexJ^x}
z-SLz9S8C0iVtuk%W+!~+yt_${W3`73E$+<jy%hZ878mzD{EK8EI#ghCfeWQTii{A3
z5s$Xdx_O7x&S1Zz{H&8MqBcE`S9{v`Ii@6>0`tR5TEJ8HIcD_0rsCB+!x`+nuXtLL
zO#N=BUvB5pwcY5x@|Yx+3ysCMEn~2$BY~1n_`_-D5b?QclR0vN(zhOuu`Z==kwq7V
zQ-IX?8PR9LgWbKq+Ic=sPG;eA?Z3M46)eTza&`2~GvH$`eVOkS5(&2>B<832I5{yM
zL%jdyf`62I>`G+HuQUt4DV%#|7!8fE`p7b}*iTh1?OI{&v*zYiC)fKJtu*{u#`fW(
zM#zc>`*#vJWnI%Mfp7{lD(E+){z<c(nF`RSdrjIh?j282+*2KQdA@-<jTY@P`w=@P
z+%hJC;h%<ujXi!M&SJeM=P#VfU|_~%b+}+ig*@LGoEVH9!btw1>su#b{W514^V`3}
zl8_4^T}xronpcK{w}Z^KYKfR{Iwg*{Zax)>tgRlO2~1!S#$tYeu@DrL2kCkyg-Pgg
zPeU45vP_{hES<}c$n^e?sgJsyee0AM=@^tnyx>}*+3JkoJS<?F5Q*04#fEkN<wc+z
zCV7cVi;#((wxZ~y%g%!4*Nik9cRdfl&?gKiJ)F}mLLmUQ!Fe*-gFV*zd;%NILJ2O~
ziZ^vNi!!HT21n@7hFH5x#OD}EV#pT3GGO*D0XC=xV0s>Fcre&ENSXG<s6+)s7Td=f
z!=DP>h>nfPl{YN)XX^d=SQw=tN2cxv=C8=1$ZIKIsQ6_?pbH}z+am2qpwF-dd%10+
zca-XJJoU)Y4Q!El6i0LLew?fT{Pks=hr@UygD{gwqVU3S4Y0o6@-N*%ju%t&%jk)V
zE$e>t31zwgZN)=tsNR%ctKLdZM(^UV&{~3B#vzd4x^dPX!<klG{wI^;UgD+3us0Rs
zj^<`EYL5Ih?mtuKSX>V<-`2yo_s_IuN!aF>MZaD+IN&eC*}f#B<jvD?m)B74Qdd4O
zO3j&$J3G{@nXSljU&?i_Tr(P$6G#OG+2O1_9t<`0$Nn>ROI^wr9InO2lxQE==g)}1
zghQW)U2j=3hDb52qO6-r`aX5o(qrbP`$_6vp4NvO%O|0>Sm6Q<zFS6<)}r`Sr!n&&
zV2zC`$P0a}!ZE85ZM^51V;rK*iX&x>NyT0;bU-U_IeTtQoa7;8IZ<L|g-5K|qZfKs
zr@n<c$?V__PK}n-<GOId9>Ts`l#fTxfeu9zI8)5W<X^hzsf*XVbfm8ADPN@fruN|B
zFOF445fBr%UCO(&^97lHDxRvWX3>V1|B<%Wrn$D2OwE39wHj2w^?l?qe!srU-~Iz}
zbJ5pPxZM~`L&>#xs<Ji>szXFRsy$~Z6la4-;y|7GBz&Uw@rilL_VKYcJ1EupwYDYH
zKHiY^{5J|)@<VFsN?pz_`x#SLIU*mEds_w~pYp%Q8C`}QUQ0|Lc3BA8eB!}aA)n0_
zk~rvHeeLTq6&5?RcMcKOiLS<4iOM-;_~@$QlhKQ%&fkcD*tU3gkJy%Z$BSVod15Dp
zoHv$4A1ibj7Q0>BmfW>w_l#3_F6#xAmI71nLgF++)$4Xt{`aGnYa_Y7XCXTac2L?o
zTw@;>-bk>q-ol!DMPrw+`eoPGv3R(E^HtT0DgD+(23JgKpaCq9_|XF>!h&5#(9oy-
z*K`QaCQ(tUZ95z%%SlfthJ`8^j&f&Qq8zRv1n<)=bUlF#>(1GuYcNe*(xuQT#v(e0
z{T9|qTlPPy4OpCzFS7SbV{=gk0`holYc*p|?z$#zPZ@Cf=OD}YJ*%UZSGS}%R`8Ri
z1kg-{qctg8qCupbJ~wz94m8*6<g1R<r&Fe&@82;j2$fH%5F=Tlk50(}HsmMG8jR#P
z4n%yA-1GYcP<e<<)}T@5*EwOnkCQ3c0R0X0*<cfTTICDSJW(8RC4t<rc9T(8zIXxD
zSN`Zm>Va<J0-uN5xhB4kN{4`%;Dz-yCw}{|h8l<fkcKes;r}xdI>V#W83gQZOlNoR
z7N>4Z2S47?b^lSNM`5+Lt7toW{+PR5-1ltytmI1!aoZEqMDrDn<_wL^L~0M$3mwfs
zy4}8$b1;3keMLnDHT&U6B~G3Bnx8{ba-W(GLHn{40l|57IX?FHgyO62NXeE^dPCDe
zDcg|<$yb5f;@MHZMS`MU`?^wQN2$g{hZX@;O7H>O6$yAk6;QPrgFragoXYeN%!^&X
z`k+o1T9#N&00XNUhFf!C!?xaH7yNyed?i%Yqa?Zi8<`4$V%8KF+urL<LI<U1V}I^v
zI|%%q1PHOYOew2WiIil!gLkA^Zl-x-F%j`GUefMU0B^A!?~%NOD8@n@kP2Ck*rejl
zj84hT`~xUJONRi)p`yBck1MK4XP!m38HE=0nx77soJ1O5AcGPRE=h(<b7H$X0@J>O
zz_cZu<fHU{Xih2ObTMLZza%6Nn7;dx$*-$MV5d%i#dT&T6T*#+tv~v!B?c^;0w!8a
z&z8x&u(O)jYZk~a6?h@Xh4(qK!NvZ#Zw_b@+yLmrK!-p<NJXV7^OsJitUSB9(Ahn!
zQ;zwsbT>3jvGHU3sN!+)d~~TmVWsF#kRlz<@b7#|Wg70>COySfO*KO!B+(iRSHy~X
z5{Lr}iL0K<@5WHk(_wDtC@>120+RFN+z{4D3li8`Gg1Y-5RixS0a9&nRrI0k@5gh*
z_gJXZ#;F>zhY?!$t#<5SQi@%&jxP2q$4aU`Urw!;R>gnXz#ClcW~lBC8gN4G)hl>@
zFV6#cg6ycYh`F^bgi^6n%z8^mdJ5Zw_#vAmHdF^l&Ecq*=#_75>Am8IiO0VY3b*C?
zJqkz%dr<tMJ;27?4)(gVhaKV}V^NQ1knHX+g{LFtSoMc1uY%b}L$Ro>(vir_r@jm6
z7;x?n*F30c+DfjmS-}?!ex|%4SYl?r0$r=ovjZ%PLu+>2*ry0f*TcH}pmC0nRl?(d
z@fam_lWjcELu(v+N_xYy8XAJQ5vI(H)R&-S)w4gyqd<aW?8Y(b&D*j%ZXec$9^BTG
z3N=H_LNG$s?W3UkJwp(KQKYl0)cqmw6%6YtUm)8~DWa|Z14zYXTBc%c0yxPB!=8B(
zxgvU^?_?&_CM#t05x+vhz-Q}3qlG!KG@v#-o#CuIN26Z8F5SlzR-@e($l5LDG@4CO
zAVsIox|udp*wybet7&-QnbxHA<{tj|A#)b&d{s@h?WJ_^)ze_c-@w<ahM^uzmqOcJ
z$kvob4ZUtI|AXM&47^L~zW(Mpm-qeG#AXW2e$~ShHaa*V54@$9W_f?3%X!0+1G8WG
z;tEsvG$F^oG21z4n!kGzhHE_DJK;P(H(c%LPzXA<S7=>Y?4|2oN&wX&v+bm?nmUNo
zBVaabo_~_@0_IwMmJeq_*R8Uu#=fkd?bB=V!4``*945RaTfZhO3AUnRcFOr|YvV0F
z1X;vsLf3!49eb8`OtyCs>49CBEiA<FB{nX7>MO5^BjagNE84}YYE#C}&6@qlQ;AYl
zQ|m^!9iHwrzXjc+Cylv*S}V!>b8*UPCN8ydk8z~^<(KwUe@@2Or#XUanM=rPx+|ZX
z_ZIQisPo=cY1lPc&zy=Oh)N#sPEJN$R*u$=n{JjneIeN@*Uv9I&^JvZR~~n1n`fE&
zDkIriFlW53*LW&PO0jmt>!@T9E!nhGU!v2v$2=hTUfE#jk>APwVyn4kd_BX-v21yz
zbuGtH+G^bXP`%E|iC3GMk7KLZrDDF3o3zSG;YV7<k+joHc)EkL2J(`At>wsh!QF=;
zo)63xO!=dm89nJ7D1`Bu-y5xU3r0OiDbDR#<?~<Xc@oYGX^pIk;TusaAEmI^LRdhB
z!KCjsjx^s%Wm@+s$gF5nt{aez&|fq966-WhDHyd9s~=A6;LAi%E^PmPisayP)Eir=
zACCE-3wByhr8%I+#mZNasbp`RlC@ZDomFGqy`5<uKR@JT$AZ&ER(+$a8b|74^4IAT
zcw>RId(rWJdFGcu_+}|4_OO+e`(pX8ERDn>$rZfKHAvc5Qb~9Fd5YO1rW}g_MU!jg
zpGzMS2$H^m-O`cwE2ZsbtEp<{KAL~WlW)){vZhaE^p43i?;GuSL)V>?oj2`ZMfzg|
zzlJniO_b28ekmga!_5aZme;hb-mc}Pq4pY=ujX2`a~5nx7WCUbMP#8Ei}&Em3+1KQ
zVQa0(?;IKKv_>qIcs$bgJD&v!q9-p8yJ%;&29{a<NClj`jZ9`tOmJ;ppUy@`ZJ%>?
z1ZtX(GY)A{IitEU-~NVM=v1*}H=eC#0?{wpM8AA6)rLXt(!)#|Y+F2+!WGuSf+9>-
z2aoJg>Y9w$ajYL392fJQpav|TsrAajX#Bkr-Oh;>3yrV(q*PXJff?#PB3~IZqhC}D
z+uOU<VPS7$m-$*}j2vWGQN(Sn7~ag1vsGF?(|Dp;caa7DQMe}zvbYOvFF_@<c);U3
zYKdaeNL4RoDpAyu&#VMyff=nT)rDMDlQ|+<vUPX|-lzH-#V?jL@T&xw{idy8NAIgT
z_O`)H^?h36>1<+n+j+t8)|q{U_n}222bMUx8bMl6{V8lNK;0m?)m=>gy}FL^#sh@r
z`RoqqR5bZAvF7Ay+XfRSrZh<oN!06zhs293ms@pQUWW0m2pl&hy_~FF>DQ|!_V=6D
z%f#Eo9YT^@s%Uj~)Rv5Ndk%IlQ{%so?muCE6^IvEQ@J<#Hue6}y@c1X>XZ7jJ{%m^
zd;SQ|jg(||4_awH{6^Ihy$*y7W7yhlWE*(@VhBa#$41(pVC|tIJU=pr9r%^p(N&{n
z1>;r)W42#CX>!9~6U5}{zMN&hPN<L;&|iYt_6}(w|3(vqz%j)UT>^W`5775N@f&zh
z`i$beUR6gDZ!<&+96?JTJ9TL@4YR1wsD<22Fs8A4DC~@`h*yBolK?nJG)q7g@{Io*
zXLoGYIw1*6j|OVH<K#;z&GTeqiIVoSx7B@BwuN<EM+)6vy+_LJZRhvnFFrBQQ{Wt#
zw0BzBPrPC8X*9`Mq}3UaP68Pcr)2aCWv8Z2<*v)siRlqr;4vN4@D%MY!y{d!m>jl`
zC%z~rbt2Z5=m^#3F8v-rAJ0$vDhJ;<ePC>de8?_);EA$L9CG{z8GZZkZ#2s7C*d<|
z?rv*@^#$=C(iswMYEtL6QM~HR+L-bD@YlR&Y~-r-KBJ#oF#O`lOgmnG+^L^uZ~LU?
zV9;?#=x1mHKskiuh&Ov0zrwrqjO}2ssPxrSW1}<e*L&LBBzzykCtYN<3XKz&<D2Xi
zapb;{UeZobhu@vip)~+h&YX{5@|`B*zw4KwJ40j_G9H<|@uCrC#qW+|wxkSqXAimi
z7>O_Lom^xJ-OtA)tMGao36<xV$Drqv_1Y=&w6Ndg8K7{(GS%=wv^F)p-t%X;8JSvi
zhg`Bh7i%YUWx^=Z)%F1~Q?n-3_R*378aYPPu{(ZiLR_y+3N!N%0&7I<8=5qGizLV3
zL`+<E9#V^F|0o5!hO<_CpUnN4&{4A=d^xmuEy2I{UYWwm_@$4Y1<zJexau>ua`aK^
z0IO~eF2Q;G;t1lcHrq{&a_bxRFDoL|?E6)T4B3_x$}zT&{Kes%n%iYKcA+6^zD&Tr
z+`2!^YHTFu%sU(=Yh2qViGzVoTj!~dWN@`>+W988Bs9L$(t&*6<^9fbPPbYU+C$kv
zh0jb~iVYe^csCmAD=KnsJsFJu_{<a_wgX1O>k`r*p*uB+`q_CA!Wtp(9zHa(*i#PB
z8hRZ4d<n@4n!0(>uwFl2l#Mlj#@W0XaJv>Yh4u&SI?`>{me3zOka^SbzoqLY^OpJX
zmv4o0g({wI!7+tyq4*82-RBo4rQeltRd2W{vEy3uH>szM9fR=(!-$HDc^>8hEXoGr
z+Qu*cw4ZtF=&$$+{wVFy$K5lG$^NKAlb$}jQ-tH7EOsB&&iHHfYmj6s_Hcy=RZx}|
z(zpz;tsVs{TjLw}bRf+l(A+_f{S3eA;f`6`Ggm1^AlBurR)eha?;`?ha|&r(?uY1%
z?~BMBVoirl<I+kJC-05xuDq}WdY@HsN#1XBH3oquhpw;ZvoSqDHt!^v^DLHUSESLx
zYmI@IHSlsq3y<WjE+bWFAZRhEN;sTz|6CHeGKUVvAlUe89wIU3ByY0YTFmZ2I-TBe
zyg#~PjSd#rZZ2dOY&LsZagJ#-OP&5Y<;+j7d#~I2@4c2hsWzjNZb|e1>qA!dTm4Fj
z$=7@Zn1CC5d7uDpyn2*exDqap>4|3t-P@|1{<P0D^NC+N5JlMwSDY>Knq`-c2DSNp
zmeGlvf7G8;hpk1rsWN{lLsHQl&?gUEc^Y#(RA+IljQ3rkO7$*+%o?x;r7t&yB^B0K
zHsmoIbe>^DEIlKTHd&CrLiIPl4$j>j&W!X?Q)9L-z-rzPUhJl)iXit{DYelC?a3#l
zZx-$9p|gbju-D>d$_+w1%5JE(>vCPRaULddLY&$ZkdSTn7qx%<7`utBNuQF8LHWfp
z;8g)SmLU!Dz@(q)k(O`uQA2@6Ni$RxQ(Dv-vk^1gz?L%lQF7Ur+m<xpRtgsIn>CEx
z0}VPVqNaU>Y}L<pG)e7Ir|$lLu6ZFJw#1)m{@d-v;(3B>DmN=`df0h_I{b*-u)(A+
zg#|`Mf>da}C+~W(3GvTXI>ePR_)LN*hWh`)CxJFQE<89+LH#4S(VctB-^6Kuc#O+-
z1pfB-Jvp)(vQaBO3EjhNM9<z*{O<NvFqVivx5zy7IkRRUv~77;?-c<j7ObW>t-!;9
z>-SA;V=ynPat3=qL!-FFHw)|$`wH$wNt29XCS?4h)l#0<eyuIsuRe^J)p0q8ZB~m7
z73HR)z}VYEdx*BRdj#FPyj8>ZCX{zKl)q3pmU76}?kTUhU0D!ImK3O)II{~lW6%4L
zyW?I3{8sXKnj^?GPfa!-yZWqt$j{JsTv{Z-<cay00Y_s(jIAPSd3<9+7d6m&WlB<n
ztFi08&B1d}^PQ)RR`@bT%x^1I^tSAuA-4_ev-cg!n1AmMf-hYEevhKHt0a=kS{`pH
z<;RWfSPis#U9+%(;Cg88%$G4psp??~$L!RWtvrFpzVD4&z-2t+DP0EK^U2mt(D+<2
zm@7oJ>a6;mp0%!<J{M<kG~A$`UjaB1)@%p<ku&|liXK?DE9Tr2<=*8t3^O4iYY6}K
zjuuo<*uH8SibbLM=UAFz<-%q3OOsIB-c2Hk&GFnL!rcW)yS8A74t86%+NKYGCCN@5
zFU)9JL~7Mpnz84o;0ZJQKSC2^X7tupKO*A-)^U2^D*ARDmjr40bS-8evA9J1k$w^c
zzVGD86~K2EOV?rbf;sxo_mU$P^q_=%b;Vuo5-2FZcGPBC<eLtUbiAF9j^};;wU_j#
z1>FG6n&S-38h13G(kA6Gjq~h4?yt_KSW7SM9HW6)*2qnG?ATvD^)29KMq%gf@!Wqr
zRyMUcux!HfRKx4GW<!~BBjxUwX(+<fu#2~?fz21u-qp}F>P#ijLMZB_jem(%XbP#`
z37gS)Cdk!Xy_|7)IG?OFO*<J&<9h5)yIQtzkFn;E3aFP=o~q6%bPN8@;y)<J(Ter0
z>pN1PRRg(2Yr86NaEr}PGK=pblT(4Ft@TQ3M#z%<1A&~t4LhQ44sr`i2}1Wcw`_r1
zr0R?lPG{2P9?DrVAL6zkr}+$47K!ZT&epCmdc=}0#h=i)J+`8j>XQ%D2CedTdaKdW
zt&XYFjc2*GmZRE?tOg~`|2}HTj}CYhiXAG&yBB62C88Qps1QUmrVp|)PDk&W$q1tu
zf2jS88Lp0h<uKnKal0xx8;#sC#&9Be0h2al-!`_Xku~agW$c6#L_HF{i^0*zL!U(y
z@fmmA!+NOJ%E4CZ1?Imuxk`;85*-r5dRXn;0B-Tf9b)U5fN;ux)S6p2a=UQvA0OS}
zVNaj$HZ;C)_ZvUl)vbP<Z_r^z1)pq|r<zpxFa6?=H7|t=Fd;k8o4FK5z$-1=p`4mw
z{2p|Cl*T=A^Ey$+gc%EpZFquRXms9a1gcu}&jjVPaL8`B9Dm1~G-8n+O%l>qW)cc*
z{6BrT3fGY)4qk4V{>9&tssDA{NIUVPF1CWL{_CtYo5k*{aS%+Mj~s4)NYCSEt4JJ-
zADt2QHq;IuoN$_`$9i<#{@?vG1PVb}SZ!>q@6ie!y`fa~zuwuNq<YNYM3Ol#GxL_5
zc@#GTv&BDN>Kfb6<Z=}j^7bb>w|v$`gc>2TX769n!T6r%Cf38J4}!CZtAiHbE$NKi
zI+XF6zRRD5@H!!~JJmZD&nTMONvI`|j}=f<BTT)WRH*UQ|I_Au&G%@5OmMa!mRF|R
zxs6vwc74A?z!2Yo?`K&p6gmk-$a`P8PTs*9cR#0`>!-{2p>Kuc%eMc~FLE8xG%?M;
zpn&)v_D@O%Bg)IrlCkm8)1@B9(HT3^cA??GO3=T{oJ|1qvjdSjCwRh3He$kQFXk7>
zBU^!K^KxdLI6iDJUhv(ph0L|ji+9{fJ$m>F<eTfg7&bE2w~fo0m&kk(cdPc%VX>>q
zPw_62fzpE)&$J`7Az^f9^cp$A{W-z4d|zP7SqF>|I}E9u;P0r?Z#fWs9loTV;>alM
zf1Kd_#9(ieSn8d|jpufMm-^mPV6Qqw2EHu66qf+?(%`VkpvOzzvX0xicQdCxQHCAx
zgkZyy;Q#4-?ea?UKN*@*82^6TfZG2bPw_vQhKh>Rm(L`0+YadrS%AB3hHQY|R})2`
z<%u?Umz2y9189OTHLQa-f<`ZN`6yjZl#z`YP9K#I48{&*N*Cnh8d8$Y%N7_<>WbTY
zk~g0@G!%UW_{2tq{N>lFltoFK{_B4&`iVx(U?s2m=D`!nO@_vuBD+3Hx1G3f?#N`F
zyJfN17tGiEoyMXYXa~rteT}>JrE9>eiua^_&PamBA*7$DxJEYvWMcG9>b!fGt<!(S
z*8olh7#r`*Yz`PiWIx+0<#@1fpMH<pZshE6{5QIkHTg$OgK8^(-2M^M18*1V@fd6&
z^Q#;(iIZ#{m1uoOTeL?;3v1vnkZBwb-HM*hEefwyOfCpdkP#Rg=WfEw$DlAUQoQ}Y
z2v|UBX1{edP7e|@C+l>2!F#Xbeez=}eIn^4zU1O%68{WD`4F?fIic#*Vpr}=Qu%UL
zu+&*2sCh;C5mb!`8ebMOzf;w|B%*l{^GKHlxHV!)V{5=5zq$QvZltv5j&1^VjjQJE
z|2?vw{Wm_Q+!<dkq7v}BXzg6o;-5xO!1cZ0onk0ApyqX9?Ia1F@2hO9Cbn-o#47cs
ze-`|6LQVMW0)}84^gbIj+xg{8>2%m#I*|m4{@VX(qQa$HTgH(g?XaQ(>{6KEerbit
ztMhT&4a}8-4Afhukz}k3hjFp|;){eF2BXa_;Z7|Gz79!}P_-}|u`oHZE<JM*42xUC
zbwt`<iL1Qb8Tw8ZQtED*cu*FE%Fbt1?mKyb+N!0ekgoaHOTd`qm=>7Wz+NhhFii~z
zVj2~c{rQ8vJl*2G^r^f0)!}R%?!+?Wq{7iViTOoC%DKck>k?U~vxDvjIMtZ~tVl*_
z@V@2#0@eD^XNtAqYs11jdeEEF<HC6rJKGR0#ojbm9r4xLeGS7lT}GDOG+h>)aX2=M
zG=TKmW2!LPm!>Z>5o)EK)gIZrM>l=SvYY1mht-RDx4LDGu1fv7;|*ZUpq318=@l1#
zG-5u)g-+O8b`07Z6?wKRl`_xZly<%SSs8PeJVJq2A?Cb%$9C%)f>K9}_F5rmO?7r+
z583)1I~7`|SU{$K7&G48yV=;VkIwA77tB*9`1pf9L%*{8f8NxueD;a9A2AgV>sw}F
z3m3_dAhlH+^+)F-!g}|MYxCF9js^saLDZFv4`AlzhqYTl+n}zTrTQOd2@cD^uSB!i
z|EP$4{$kX8r?SE}?fiykE^LH#!&uyiK}Uu|R&Erb9bBoJK&rwKV87yfFB?m$!beh7
z9qqxk{wtR`xhi#dR+@G$=kq1Ln?_UsNza&1maH=08E+LTJ~#hI!e_A`1a7i#6g&*Y
zo4W;h(7ON5c4yG`hLAbXU|kBcy*|tg*J)a69_tERjY$*e3fV>{wwV5r*{0eO@2tMm
z`YXnb@KDpXWvP!cl7Z2oK~GOAxm7Li>T3XV(WkRI_Us)p>A*#w(lmn`=Ew6|!Y`mp
zeZN#=Dww!aL3bvw>7WK=6Q-5-KK`$guikcN(UroLjUbaY>y&I}n#j+3_2b?mh><;x
zF~;S~U$B&6yOq0MrlB@nnI^p4_$fI@QGGCYRnUFOZ!LhdDla10!CE-`8O%HERlIF)
z6WgI{K<^KRjL)>vW#(VVXux$q1oS>?p;?GF9wQ;u>1Z7e2ADe(fvMsLO>W}t<(}$?
z8n6;(u~yO+J2#tTAF?ghY8H>wKQ1A}gU3WxskwJKsSv;%f9R;1XFpIOU=my7Vs|D*
zhmL+-mJHX%q^E**>By{p@{JBZ>?Lm!Xf528MFiG1DlxNyN(nl{^cgU8{RH}va=3p1
z6D?d4QLk^sfGG(+#aDrD<w}yTSCfGC41%g(%6we?={Bt3DXj^hTVwu)2Nm2`e?-g6
zrb8+JE&cv2E666kDuaXlA*ckHddOt%s6k(OuKaDYptwI)74_OSA=~q^Jz7AyvP~UX
zs)duG5`Hg<flnn<ZZ@v5r_w59$1+4~^m)YYNvq~kr{$=Q?E5OltUTX#vvaw2=le1*
ziI(#Tsp%9Kj4q{9m-j0I`kO|A6=uy`cY%e1lL&=^WeD$gCru*t#V=p$bKTM<&6tAG
zEd;oxV~%)rVZ%ISPN?Las%wO{OM4{JnFSx1cGJ-|zwOP`NFz~5Z8c*mbr#JQYay%9
zk?Zgc+o|Rwckkg#1`I;zWu<1v$w}s{-qf8)m5hh=09y~{m$+X<xSbD?v9J>E!gb2L
z2wY>aB_&=KjgTH$<8D6I-1rk42DNxK^R}PP;(3kCZV)HJ{{D(D`g580;u1Qg@TTf6
ztV5x)TtT@d1}g`g><4LLU327+uPXnmSCyxyc2g<sqwi4EL3UUVe1Gdt<$r1AUEyB-
zmZm#5d%KIRKXbc-6<$()0z9AmW?rZcF><y3wm9b7N$&4)_fNZ#6#Q}M(4y160usyk
znY#GwSNe3E4V8u!Oc}ZO;|;s0X=3z&&g0%==h4)<y!}vP?KdBO?CLinA@|^`srwA~
zjN5jg$eoo?c+MT+oc2j>O_Ul6rVz*<v&`*f5u0-;2fdqH02wMdY<E`Vs4+_fU^=oU
z8|Sy43Ur~E?4IBUW_F>#tjyn3O4^@d#Bt|$94h_F%V-l_yy4v(;9eupT$Etyk}62r
z;+5!s@#LcEelK2jG*1*cD?m`igj`jkGacX+MmRWXzGJAZCf5Bv=dY5i*6`VB2y>!E
za%=Zu71f%Dwr;LPec@ky3g+?i5&2E0kksm`WQ*R;wBPZDi(c!C-;e4~|9CI>*b5#B
zl7ezCaxv8M%1;`Y7mzKi{4C08Jrh2K{T5z+C4NJO`+Ai}Wz|I{b<Fr&^+Nzxm*Qed
zX)4D4_1rm`!{8M)iw08awoSUUXS2>VSETm-PgXXSC)d$Q$vkXI=fzp#Rs3N1QNd<h
z8(Dv7ygTsn^nbTU;J$h>y?<6m;AWxtsls1FnN6<FMNrSx@*(lAEqC6htD&R@{PO&8
zy8Pmw4n7X`QCG~Kj9RYC@m7eF59D}75g6Pk>hdVQ63uu6uIdlc4Rfg;<H_2q^TbMh
zn1GDmR&E)3{B<V6Kh(&3QbaYl5bx>=LrG*n@}+8W?q<qK=z%A~7cpaE_KYS}NVpG)
zB<_>bT>T@byuw-MvXLJoE`5+Bv>c{(_<K?$v-3FE>hUzOL+48{1;oaqW74}3pgul6
zFJPmSqCBrHdUDXuZ=7R0ji#T12C2{)9CXR_ebIBej4i%vlKU!|oOz$W4(IzwNQiwS
z=UmvkSCz{hv=}#H6a_YS9>W`Dei#mWH=$Hxq+U>`+Sy$^uX2Z4G8%K6cEMm{`zqi3
zxoW>G_!tzdF1qyXRUNtBcF}kdD%Qw8HiOo+VUnh@Mw#sMagyrd6GCbn>>;8keOf{>
z!`oQYLGFOCp_oS4$J)*$=(^iNN-MQav5mvSX<kh#M^MN`;48h_;RM-^@){nUi@^Gm
zSNBrxq*s<p*q#{z%ib0-r(nt~qWX!iS2%}jq1-08Dkjh#$4|M9*Ka1*eZhW(Rh0}s
zK`5{O+*kY$Pek#>N|v8m(3EF%W0?|;iV6N%QXP<2o0)Rr*FeXrI?bM+D*3C5`llh=
zbjByHF21IHRT7aMgMJ)Z^h;+@YlW1n-(CK=zY4WAUgx?H$Rp7Bs?n5^y)jfTpbqQt
z@VxK-Rpm0jf9?NH67gGGgu4iJZ%c%OLFq1;@X~;c;ww?Pi*|hf;VLXm&OWEYKP$bv
z8wEvFm%J2t+^GItYtzeDN&XMTYA3#xI+xc(YO|oyc#{taCKe>nC0i>ImEY%w=#So-
zNha1(1-ovd?=roL=47yMLqd2tPIe68DTyPF{em`*1yC=(^N3P<q7vP|0&7h3car)E
zS?`=>*oNaJKZB(5W4wXiab*eU6AGj%+}KLQ;ij02kGTc47@pu`<X$F^h;cAu#pvC9
zFaNlMe=lg{)nB1*D9dSS8o^T{hZ-;v`<{~A@HCLZedtdA3f$X*Rn4xXzF^`=8LwEh
z3kR7iG=9&B99)-(mf-NyF1b@Xr<^dpaA}IuirM<mI=g&z_nT9^w&G+==AskhXrNHK
zlrt&*ik{?4LB)i5<Oc|r97y8OYmb?*d8y)$zd-Za?jOw#Ck!FSa#tli$QqOF4}EWO
zu|p%aCv~ueS{wF8Zx+m*s3KOcc?@E7dwEvF<<3f<YRr->oRsq4rEy|u(EOn`{rY8@
zfkp1sOD=_5h~PSB4T8ypvpFBe8wZS04@Z?zIJC#NUKZX5_-5nDu*O>bhSP5*4T^2~
zn9Pn7PUGGTKCQ2M=B;3+!1D1X+Zzn_K#kQtP9j7f(q76g9vD@u_snZMhdgUopaSpu
zR7ebNRuJKY1w+8vYy|6k`njJ|VVH*QWwH6XG44;Wk(#=?tM0*1cA<sqCS+1rYO$O{
zRZar|cM;cuBi8rhnknQlrnWiqP?2%+u+}mNjl*k%NvdP@!^*?mZ+|xC7D!IM^@i)j
zzUPmXYNC<`emmOx_YlKg(UOY=I-d!FO*c|c#2$J(^yVR3V3UbD*NLOn-(U;1J%LPT
ziHM2!ZK1!>p;=8nw-0WON{rX1t69=XtrDbKYy}13TNS@yODcFt49Y2Z7;{nlzM0<>
zJYW5L3|F#%Plyvu<_L9wJ7OOF?aZH<x<;LgSS^MJj*UZp3;=c;)$L`>%dkX_0=tRk
zfaL|F#Bk11Ro1Mg0S<-;r~R=Gr|(a23=i!gK;{Ymd;Y>JDa1~uQGM>VJtQ31YX^SB
z{Jv(5U)Plc^)}&^Gr6?0R+<K!4Tt^_g{5%ov}&xTjO^8+-E(sT1`ZB8o%)A0^Xsx)
zq4ZfHd>8(Hse&idb_pY=%Y5SP%T~U=??r!Qh@89A(uLb#s+o5d(OkaW+O|D@&uunX
zFe2fjLhc`R^;hn=V0o_~ay2IpQ`m5~eEheB4?LQ%ry$qmZ?8NIVNg0JZE?pR=kQ8_
z=X0Wp7WV|T24m)EW0YmR%C{Lj)~F;Gd;}Qn^fMozY)yDeR^q~?aFl?cP;?wCI1{ru
z=7}VB-ImCq8p^LO4hjMAE)p^9NJE|V1g?bEX6;z&a}U`uNBbY3ZD#DFPT?cft0J5G
zy-ZDWTA97-75j>0YK3jz7%QYTLIZS}X0&SF)DdKP5kzw~<uGQz?Dque4MjPiOs%Fm
zZ^pAce6oTS{rGEVc|R`IPLp5M_&J!5=OB2<W*TI0x#*H6@cm+=?vVigm|<v}8n0=D
z+F+WI8vpvRca}Xr=MHtaRX!lG@*C8R?}`kfJr`1HQz_FedfQH#(C2JUsj73B(}{MB
zxPnx)(C{!H`19&8;{ge3MK-%Ce#_kvDf@#NbI<FH7v0P4D{S}D0Fq_(K}fOXtSy}<
zrc>q{O8^mu`oP$IUO+QPk(XUVHb{8Rqvu9N;aX*i>&{m=C1HlksZe`4IhiPEM$p|&
zF!A16;@&KJ7E9q*E11A&hT6SEpuS-bc6HbnYi`UDXwLYo^2^*+)?y_9Wzp=si^8es
z<F~aTTj$6{_JhaY<TiWwz;Eh4hZNEuKV~l%d6PKrJ<(L!jE<Nyj+BFyd=Dst*>*QC
zEi2~TKkbT6N0u0m+GSpy{7~3u$pQa5_>FVAbk-;58EadlnxKG2BGAfYK91h;SB1p<
z&8p5)?87M~H)rijFuQ>+u+XpU+5D=0u-aSi&RlWu9;3tXn|tf}eNXq}bIMxj7&ZG&
zo8dOi+*;|uv7s$6Ft+|SrF0^Fj0c7%_p7*t>q|CET3>Dlc1RCrR8kMi`W;rTq}cnd
zS(uM)B<MmxU8As}n>lBE4lYh>X)fk2zyHRunorqjQGSyp5j})Q!VVN{J=}e<RLH};
z76$3lBmLEv6k^>fY;iD(J4wUOd(9K6gj;%g$g^s%I20_$=5!>3xnzx5cMM_`h^{n@
z#$z*^Yo%|tTGO6!<qasUZ)J=LHn2#)Y>V=1tfeyYDK*ygo(Adlj&3!^l%6J~f{<R2
zUarB4`fYg2f{Iyn9%XiPvI_*Kq-=3t`Qj3_!5364{%LRS<odt2(M|JcFxJ)I`wgq-
z$GrF}7@Qp{Ga-Fzjgiu70@;_2?`E;2%+dW}s#oW)P&1AA>*W_NJ@^xCKC<{ZCNo)6
zET2==#)!g-Prdr%0%(F5`>v&mxddKWZhhubZRp8fq|0m=IIqs{ATupJ&+9y^QCU>C
zGjp&DZI5b>_rX}ZLvA*fPr))PHPadx;svR2>7jqgaMB-w4-O(t;EG=a5{Q}%%K^S5
zt6LzN1B_bF*v(Vnm2WLivUYct8${*hPj`(0hUyB34OTwdV+~8lW|`cOqb(wz*;5tp
zW=4y}WBerZ(i`;j1b$T%@tabCw|Sc@L@46(%S>-OMKmH3tb%e=tM<F*^o5TOZ+vPQ
z0!^Gv;+N;woXNS{>dYgL89CNRpIumbUW!ZV^ZzhSAh~CBis1cyi1lrkFjMy<!+CZ+
zn^3Oustw}UnC<Xx2L>y;RGWKAseYDL6ndGFg(FG#XA)GhL#N-FV*<r5hvKyE#D{sB
z@{S||*YKr`I}kSz)`m>p#U!QlGbFA|_37(SKS?`S;@cNHf1Gyv!%)vn$=Y4I)vRh4
zHf@d1K2J2v6Qte|j$C7PPeyZ`9`nNu%WfwnRq5V-rE{)@tY~}IL7S^Kq;R3sqWu<x
zq#)JpXhEZ6&NKMx+IXMwF?H4?zeD3zXYV^>0D1yhUhVpqowve)zQ5i{bT<}Y-@^sp
zbz#J5k_2ElDHA(JzRcV%U@ZjM_GagszUN2?88mT*Bje_tuB$4t&{FZ`X>1-@kzy6Z
zjLYdF@9#o)BPr5k)vc~Y59XuMyN@yd-CyuM&*wKxFL$I+!GcI_w3=Gl(_TL%gcZHJ
zCB`I=Oh4-8DJtrr_%y=h`$vJ29#ieJpYwm?GMwg^tv|0gvNW|GT@w{26I^WD^jeDT
z4Ns!R#;F144Qv(v`7G<OFI{D_+{f~qW41TIUtLL5UCwUmM8Uk*s-K0_;}+3loX_*L
z3?ugci0Heq_tpv?B`Ci3nI;Js!)<yQH^ed8coJKIkh?Q4kjd<<K+cl;bWCcybo8hD
zCL-HM0(JJRb@n5N$Rkzv$Vox^qhRP>5aY$6$b~GU(ao1;_n#q!sR|Nkwp5xs0o6>1
zlcmYUa4(X6bA@1PVDa3shq7ZsZ%7lcye?Qwt&FIhr^T4nbkK_oH-of8yGu*KcQBLX
z9ORU$kGCDLPH4Qb<whmOCfILNnlJu^D-p+-z%@oHdy_l3PXYeKJQdql#r^<~q-Uy-
z=VMJiOuhVIQTsTQy~UD}=n=_F78PcIGaGbxnM65rTpXT`aMV!inv$j;_eG7uJ;EEs
zZ@<7$c+7yoeo)Azh2NF7MXgr7+4=c3hwn$8k&V3huU*TXZ`j+$AhYscJPvoKl4W$q
zkqs4UvQrfBYQ<9ucPR~cP<HL-j)<$Wc-$(9eHV!z#Vmy#TD||``8M*;=#z4?&Q8pZ
zh$yM?sBwM&<KQPojQ>JYg-$PE<zzlLz;J9Ws%vN9Pb(0J@?JU9DL5y&?f(7pU9abg
zckl=Ds^(pl2{S7&Q;PC(bCWl8+nuu`M^X6)RNCB$3Rfe(UH8(DZp7m?MWcuYCi94W
zam$9q?wR^p%BR#*m3tYlxePjUYfHshy`SS;2Uj(oMSmwqqV5)KjLmG~bjE(pi^T31
z5*3HHP#K_VPC4t-W)sfn?Byzbqizq-5!7#myp#U6#bBM=g;|k@{v2|$#<*eC;N_nw
zwIDEl+s7P8fAZ2cmF!@TOJm_AWundNEo-w#h~yI^$6irFKyA(6)s%T#vobLEak=11
zmW@7Tba)#yx%$3>T{Pj{)K7M*!Jt@nNmdI@xdh^}%e?tD7#5q5>hWOYMd_7mQV~g0
z%lFx#&x~zu<*JA5R9UH%Z6<a8>6J*a^X6nfmwfUx11~acy%isoSnWQ_Jh!|uaT$W6
z(9f!mAAC)2BrgdW75`-}P*a*SUG;DM@XQ%V<KCCHtl4{ASHD?1ARKkM!n5dqG4&N-
zbp*?rxVr}p1PktN0fM``LvRo7f#49_-Q9v~aCZ%MaEF6C?Bw3}c9)N?o~hGPtuxbI
zfAykzvPjt(X`YNF)p7t=sgll%>~&3zMj&@da0Bh1KMYWENzQU0lo^#0{;v^Fmoa4u
zgF;IaD=8$Wza?i^b96q@<=_#e#=atnX1?gy8~FjxW8b+tXKODu&7*O#B>RXtn(Xxd
zt5s$IsUOrYRM=n7RtJS|9d?a4An!{tnw$jt`PW(l1z>wfCR$E`fq=@qbYU%CJdv>?
zpJTF+u8=^IXw<aQ4q`QB<u6<wnmM33T)+^6B%#otT`{ilADn=y!qIwCX1<!Ec$E%N
zvL@St#YWMx3&W~bh!@3kg2Y^sy(HLEHH!)BALt)-$|F?^X<>Q(jw~Ov@xou6@t?)r
z+!ZW_jg}0+?VHl~@H{rI^}GQ3@i|NVqh&`UW<~6)^y@e!iUOSfv-!%)-3f(+5iU5i
zBSWnr0{?Lmx#M@&$Nwpc@BbD>IiPf5cUB7a!L3qy&+cjU=Kj;e^Y8=1%P!#+9wY<V
zgrN{O_@dy9IfO#Zm(ibdy{DRT6atO3&)@^xVgfBRPq=o#R7@lL*TZ2aaTq-=rkm$M
z>iH`#3aGoT4QdLG)bN0RD3)wf3ZpkTKo#3r02A_CY%^fpq$4gY0A9W}93eVgM7$^T
zUm!pq`#uBE^Nw@?G`_Kb_uTGmDTW>gsYFO(jx?<RZp9`bA1-Pr1;7+hI$+L75s1{4
zHeST)c<~tr9~}JIO)q%TlmgTXXm8s&kW+x%09l2c`0F4J))j=6IU2iO9?l5K30&YG
z?I7Py6(Z1<&lK7@5adlLKtVtpbvc-|eI`J4{JT3QCO8Y=^qo^vfVO~C{5;6&Aeub`
zj*%aj!s`R<O8%x%{GL;zfHEMZpm0UUhD-?!LpXc<*p5w<>NQPGF&`Tqkn%GOLH`S2
zZD|33!n6XK<!=)G#Gnj7cRQ;@IU+!{B*Y>XQE*VarxjqyhNnVz9FW_KL*onKq~lQE
z&;dHzUdz-JH;a9Vh(-sJE!1$uq=?@G5cNmJdoln-*diMySRbe)_PKCak3X*byutS7
z6d>hTKzH20CowF543Ox1#-AF}56j<v0?V!{6#Eb~j(R=(sjz^ZwSb%uXA#TQA+4+r
z4`V|>rDLZeJXivYyK)p35dL>O73|QllmLKyXeTBp7*sZN=7ZrCf(@$&=#0A_%8eqi
z2+xfm1%<Oevj2f&%J}eCId%F}8&JLXOa`*jrG{$CvBSoE>Ru6td9edhO#+sTxd8q4
z1#EGcwM#^xjxpt6h%qQAI6}h%Y=F|}2#pXiLA!g;0!!8SnCt<s0EFl^uLWU!NWACA
zfs!F~Hb>}_m&EiEMqyY6Y-N_|!H?-3KsBC8T%49Sg${bziRt1PMZmL~1V2w0(BQ8F
zS}(pN454L670~dnNJDsV1jM+OgZWp2`8Q^9nA014K#Vj1J@DzjD*4rjn3zuhR)Bx1
zpbPGlD;BpR(04xsrvgzQkYR|2w+H`#R}4Pr$G)m-&y5d1S+E2EDEOzMF9+1D=A^rG
zXs#J#ECjT>9!B~S^?X)%z$?%}i~k2sK#~J=C2d7u-Q5e|oCD&)ry}ssi;G(_VM7Wd
z{WoiKWILdD;9pJl^>qC+(Z!DG_!Y>&5D<S~^jleA?(v7Wr?9|KVN;rj=_8;9iGk+$
zfDKs#h~5?(#@mC=!vtyrx>`B@<(JJK7rYhm;A#M&))|@E6kx>X0(tNg>+2ySHI&~6
zAmTiL2Dmdg-9`K3xDTa30a#_=vVc_3KOI*>&|t@}UBC)O{=+02hWs!_l}D0__zKj`
zzY<9R^6vriUwtb}4)7Kl8zP5}^<MnU3zNf&Kdnpn^x*@xb!(zKG@LyykO=}dq~bq=
z4{JpVfge2t5@|)5o$>=}fX-P3bXRYnlzUT7?H^irfnmij@C|@)2*)6M&<?>0u;Sq7
zT?3F0poxcd2br@7T29!$-H3tx$6*C*w55tNrWpZ~c-R1r!X0RUX9o8+l%R@a)%<|D
z<kfJB8+3p<mhFxeV)T6Q*nS2_`qYs{D=G<$ntnidRiH{U03SIO!DHfDVN49n;sW`;
z=S*&S3Dq5LZ8U^`3iZ*I7#q_2-zfeg-s26FJQ;%(zU2kBWRLtI0voo&B&06{bd1{}
z%;`89G0kk8HvKF<4oUiupFj&E**WaB*|Wji=Cz5yWX=Ri#D6>pMak@A=vlBo$MBiZ
z>&Y^3ZoxQx!g7MFFhF`GNJAtU7Vk0qmm2{6<2Q6ZM*9P`4^{2dib1J?h40v$goYnv
zFb+#xKWhbvAi;v~cse@0zZ_i53QPms$_PycUj-3b#^?-;Q3Z^Xut|dc5R=r-?1_SD
zOORW7_e7`nYewWPy5;?a6OYaz*w%|6-<?pIQ<tRX^wZ_sHxr_n;ScMM(7=>zqk9S}
zQO;Iuqpvm$n2_Bc#&VK59Ua)#_wF?0+^q&&Q|17VZC!t|e+>6Ok(pU9sQ@<h-1-tX
z_`urXS8+Q>+PT}OIemNX|M2yj5nsH$;IcUbg<q^ed*f|-tl*-No_hxD9CZ{QD>g7^
zJSQ_ePdKVi!1Eh0(*qVYAS>H}3r}Ev^A`-)3Mh%Eh4#R2fVcp5m|n-Be#=K#v3+LB
z8mC4XP)Vhh-C{C38#~KSg`G3QBOdSn6QRu_Z}A5mXk$zO@N;YSc^s0f_7Vde+l+|}
zRs`mAQbp=PVh|#5HEDwPks*R=qjBei^V%eRJd!(pfyKSR#6T{=^HP`EuObzH&dh-L
z>;AwR?LbE=^|c96J=H$MYP}~W*unymiwzn4(>olNCmTRN`k9rFLmK>pzY3?qdR#-#
z=c=AyYV~PMaz;qASEX{eq)W5QQ%~roc~qFp$|XoQKoeo|(^5}xq;dEU^>2Q*82Qa2
z3nwPQE?11(XQuG~ybxoyVdB8mk?quWeOCEm+&SP!`Qi{Ow!^P5ZhpZRskl34=}`%<
zY0HMJ3dJKlydjKn0VQ$=^k@TEY1Fc2pRj?E4~#gYZKMISH0p#s0XFUZ{m;~69BB;g
z_0e?|CiQa23FgyLvzBQt(aDhLf#&17#i@*QW=${gVIO)JhtE@2MeEFpN8&vhh-e{e
zc3PG`4^D7=;9iMOgI;@dvhg^tOl6oetM>^v?JoS!)tXIl(!N2=%&e`7oF#%TcPK61
z7>724|CgV`#2~V7z|3U9;`GzxuUvwa3kmkp=VG85xX>vh&Cf*!ey35-S@>}|P@<fU
zIX%-YPI74T%Z_lR(W_TxS=GCpi}s@!amTF6vj!B8K=AztXUBoIOh?I;u9x4BkAUQm
zhnqf^JFV8@pNnW@hewdLU<t+W2$s){rCl85(583K7;D!U-~jU2MV0IL0#xV-$0H{;
zq}`lZx?IBZuK`wQo*?m7%!o!d`Nh$%a(abY^mAramCwiyz#%h0MgOt^9+q6;Y!1lC
zW|NH~aA&bSWww$6>UCd=af!^%`G!CQlwl&0T&QkpQPEaxTruX`T0=hpUeC}t^zXA!
zt9r8Y`haf{fkVt7{Sp%upes1xVrzb;286<)AJ$8$P?G!C!DB48Ee8rysS~zUsF~Cm
zLagd>nrK|~(ZF>fd4XpHmskd9U=m=6D4I6>wTj4NlK<IelX{rG8x$k@QGT&nPp7W2
zXk?KqD!h+aR~H*IZ$VD4YI$nbO!zq&XjGY|aL6VKWjL^r1<5JF#<-`x*1B``0;AR)
zhDV@hK+_7nyhRP9+1)6_BJ<XDa$rg*fMJW;LBrPgooVq^7MWgW`a8nucyVJE3BQi2
zZLq>O3Q!d=pOdj-PIKiK;eOIN#~3of!%=QXE*jBk$~0xxj54w^hOsGcGQF1Z;9UaY
zf-xSjuipx_>SxVHynqL$U9xsTVYKOnbwu<uxotR92OIEcwxHgqTyB~*TMb&LD@BFs
zTjt`FV>Kxn34?`J#~=!HGlLs#RJE10s%N}4Gf^CB0uXkVBi9<pj81a0@@hzRP9<t}
z^hG1pt~l7SDyK45_4N9^{jxaiD(R;(wa~E9P9Y|cG6}E<i&+5?J<`lNjRGUAcLe&M
z7zBBjX0a*5dr<Z#9Bl>V5h-pEfliVkmu|~O6Q4x|zkEPdvF1xGCJz)o8?>y*qmfQc
zA!-N!_nMRP&WcT=5X%L{>)HxOj-l8kMZOvlu1Xg3a>W)e&w}Ef?+pSpq5Zs3liuT>
z9Fpk4)@@KVEtB~aMurZWktb&Xbj&Rkkp6;`+pjvU+tqlQYmn;gyVb?A=SN)M+ngu#
z<(Jl42GB|o1iXI8e=Y6vh>YkNz2w5pi?ySJx-)m@)OXty{*%8^qi3cW8F?BI5#T$d
zEAQU%o@uN6Ubc3nF~@kps>*Q8Ix6VExqfY7O9#a--&lq~!ncr5TE4cdJ{P@i2rw0e
zELC${&)1=jT_*K)uyON#lxVBLbZMEZb~{oVi@Z*)7PmoFQz@_On47p2h4b$7QN$=0
zn`;gntI^PyYxa<g9IG`Kuu-+sX_WBUiMkab^8O4rO*~poD&9dglPhokk`|?J#a3-f
zkt>MXKC8BtT&eJV6$o6-fyqqHuDnh)%5hr0oN)YGdO3-Di<s^A{Dg9`k!E_(*)W{S
zl0sU5z7-Uj5k;<D{GkkW_{qqul6$Agf3DHf9`gQs<vT*D44;aQiAgvjE~5L@l?vC1
zVtsxotCTjZy71#5yHiI#X&cfluo2I(H=UH&=WwXei8kFuaW13TKXw$+f;PQKt{;Ln
z<Cm3N*dO_nc-Z}nKG;&_uoLSDEo@t9xM$F*`RMCi&ragP>=KB-fxq8IjXW&OwPh&O
zZv~O_pp<&@_fwGKFafm4*(ZkfA<yv74}9H!)aSI_0!<;n=6#v;K88&dt)v$MKg?U~
z{XHaFq7Z1vOznk#9B9|?P1?0EdylqG-<h`*yp747G*_S+2(oA1lVw%xgIwVDt(%8z
zlRIs}{0&)e99ys1Mojj0C0cBH)93G$V{7yph2i)jKPM2!6y5B<ymAEOWE1UEtnGc?
z7dl<jePRP~`6CWF?C9yky?z5bhqkY^PT#cZrV@3bUH7ed9n4N2RJ+<k`+fimA@^Q7
zO>vLK?dYI4yZI5i^T)jYQGDP_`5yKjw^NVKt9PpCN6p}VG5>LBVY%n4@ndI<KkshK
zET55+*13V^mza|>^OzUsgC_)MJruiFTYz~X($(ye0p04Y2>s|6bHK8@F86>Qv({-8
zNUTW%&xAbYw8U!WsTDI8E-Xlvyu)V%MmFY+`5W6oki28|8u!T^efDkn&!xw{tTB^9
zUk<-Bu>qMDZgO`gT?e?Vd*H@FZ<C2FhNptY*)zZ)Gm31b)6M5~IoQx=Y4?22nCyKy
zKI@QR*!Kg<+Gm@zKWwhCRDEnW;ZzmQQS)6WaOMnOG+65h&#bFNvPg*PnO&j>G_bUO
zJ!wZ`;88M2;E~uMFXEhFCZ}*-VQRz_R4tf9nC@PiYw;du<49-jc1RL1jK*M2ra(II
zYElM%&wp3lj(cXxyhRu+>Dv#NtZp6gf<eY!L^#2;mAM6y2r9q}lT>>0_t6mu5_&%q
zy+o+d7NjEkgXR1{afyKB6X$bNWLj5Cx>c1?l^iDNF-84}?A9d;ez9ODQ`Y+gQ;kop
z^>(;Zr<t@>^JwwY;hp^zrok*hyIfPp%y@<{GbzdO8n<q&<Cm8tpJ4i}ABGsQj?w&1
zAs)LM15ejRG($P-`R(ori=XsZs|~0~TL~L?g>ySQr5CMDz<~*U^i#3g-{B3H9EvCJ
z%$*Xy*VgmKeC`^*mHXn|dHRs@uy(t!w4}@bM*G#bzOmwByM+R#+w-*4*bwfu{h-6K
z_1-nHX6kz*Q%m(|h!5G&<avoxvMI#9x%ni2<sXL@UJJXz$JA>=8}N^1i6zpr)2KYl
z6n<yTF;O(!_N)fzpMHWXaqXkH&YBIPG0jN#Zf-r*3PoAX1xn=Zjh}awinw|CjSgq3
zGP9~H#K}Y9<azjwN~b=NcoM@RR#%W5C7P*iuVV85oqhjv|1pNGdHA)u&YlV7E%8jG
z@5HGtlf)DecXbl%bx*gfIP1Ig@naiY3TVF%bhpDuVSsPxTR`P%hzd4^-sJj2LDv+&
zb?XSO$+kswl6_8Q?2kT$RAnHyHzfNV((?7hzn!Z8_9Tj*k-S<*cg-Bpsp`pFH*B@(
z=ze97!*6D!EP48SBw8>(@7v@bs>DB%f|i*2Q~M%^2Ki5Q>##f@+t9{@W;&md!?eoD
z{D$qh4}LOZnABDK^fMJ9M*R+P#Hh}&N32uW{D$nbcOTB!Pv>`Ekc=_*aKz4#*KPqX
zs)yKRkGy5K`p7Da!2MU(Ht&Rt2*HW!p_tM2RU>0R9g!i`9I<XcWvVH78G`s5@|Mt3
zA!D$i<u;-$0@<{S9eFjP=8EX)$0m<itTu&=Kn(BjihV87OfXuu4PsqG%LLx`w&Q9E
z13593LvzS-aEA@DldwmR;pv8J6D<%raqd7{^xl;Kp-$|GZ4;}_;AbEP_fKJcBkp>{
zo7#}&&JHVNC+&w2#{P}{DMek;rDkS~?dsY+QQ0uYDYBfp;B!XfkNrOn4k8)I&ryd~
zMfC{Z=I~73UCvEp4-N3)MAvXN80vzTsY&dS>m-lukk>ExU_{qw-24`?OvYSm82edo
zeibEyoxU~9Cl)uTA_bohn9MmFLG{^^SL4w91%g_ntmxZ9vD=Z`6FBGtm3hPm@{|oD
zS(4HXJ6lv>))GB!ylTSGOu)9wYk#)ZanBqZ5;;8Ygd(pd$k8=N)Rba>0eji;Ydl@7
zC#Q*7NuJ~)bueqY*%<Tk&(s$~I=Hl-=@^e&;OiCxr#4(PgpKNWNq5??0QjX4U<0SP
zK;$r+0NbF-h5`v~IOek?`-){T?wMl=$u^b&BdF}UYP&U*Z=w(jL*F~X;uB(6bs!~1
z+d)ULCbHz7|B3(%*p6Hn9~7BW7Z%am5sb6XN6!Ub*=5l?N!JQ$LGT&vU=A^Ls;Urr
zCC;V2rwm=wxu;D7aNDY8y%pcle*xRQ--eoY_jFF$CZ4q0B$AD~t-zZ+$0spZ@*a)V
zNT^J7#HfUFlm}oSQaf)<ZQ$+VBZaKv9rpv%m3GzHjz<>U5~Ku~+sB$2ox=%J?O^mw
zGcA~}NW${Z#BJP<9~QT-aY7pq(l67K;<_oSUQwM5POHE}a-N|i1JM|Qj-djAmU~e!
zUZ5w<Iq0RFbkY`0q#F>!P(~_gOA6#o&v(Zn_;bu0(v}kx!LXXcp>z$wY{j60kU^AS
zdmA`Wz%o5mGKR~=ebaQ7Z{W1ug~(yk_m6r^?w<-y*16Dv?VsU9n-QV&>g8hbA|3LL
z=FXhFA7m%r7#xN7GQlbVKh8lHfsqc67JJ-oM`EQzm*3>J_?&S3gXeGMz_Ly;*FQs<
ze;}=o&Sp&KabFG%>zOv#$%TZ1pY%QmS`RK6(p);kKzEBdoRvVVf?0gN)$*gfww%-6
zm{(Wdo1YI~nV%B?4g+uqfP(<s!;GKe`ggzHJIixBV)&NZvxo0DfBrDPpRbaWGvWJm
zwclQv>+)RqKC-#vZ;h>?{$TF&`=d*H9b1il=Sa3ORt8DtmLoT@KJw_}KD9r#mKDy-
zzqaD=z=i_Wj*Lk0xi(`HD3kTqTgr6&DLC4e3sX(*u#5w;exjBo<xci|f{^v&-nvPL
zKjn&<%Q<Ulq3#d>ZAvFXy(DS}Y_cMA=a3v8pj@>~j{hRFCQV7BN%&-SY<A$+036=1
z4zlmv;)u-{f0l0EzepjgOclqEtC@BuxT+bxV3Ero`}#Kc#eh$BKM9>!u6$_yqkrDV
z8lOlbtaYd>8n~;`AsFfz5~Co4rm3B#YV^*bY)ymQoWc%~oPWOf0hOPy;5++4!(Ygn
z(4C?b@KwNL8s60H+I8rp+`ZtgfYA{#JzaI*gYQbmRo5wHTg>*7(e<cJZNed2#HRfO
zy+gA?eg&=HGdudi(1q@P(mf;1OzTfW>2dlRN`-uHVn0rn*c6CvEtAX9obQ|cWAqN&
z@>nS>h|Dz|`rOi<?M(mt@M`OaqE-P=^%%oO^(4JLA~X83b?bmjEbhN>BV6H3R@I)_
zt1CU;cG=$bQXZar=C#t>=C#2o@OmcKXs!lNNWoWGH3A@n40uTnKQVg${A)Ii9+!K`
zuD2v+Re7vudH+m8kDLi_%`OAZ@aov*6`dC(=Zs&PI`QwDsG-@$>wjwQA5Ne&a2P&y
zoobuEhSdiclOUME85)n&@?;99nfHht#eC+Re+*BhUa*7mEq2rcjU5RF;uw8;ca<%;
zjxG*%2TTqRXnHEzG^6<N90km8O+Jsw_l?2q>pBH$I<F;7e)Ip)g0S`^Fa(?Z#f65m
z&(oBh!`;52>8NMUYPhJFe^U|#l{bpXE^>2`kR$wdd3qTdndkj|`5BFeH^THHyE8Yz
zOb!cO4(DSnD*>fQ0A!#uTEQxa-^v}`7J6`smVh!}p&rs@7hCG%HX_Ehh&U#tGY(i}
zm$DXhkRZe80}Hi)>G=I>>zn(M#?s9MY*2T}Ug){7;DWJ5dBwlKj1et#`&G*>Dwyns
z01Tvx+MG%0{3Y>VA&Vppi~HiI;SD*maIgLlG#fv@0~I$F<=>(n+K+?DVU8#}{a9NC
zDg3e-Ig^)+b{pQ<<cS)rInJ7_!dW}I10C;NqG6E%JZ})#3AZIK56zn_es6l)AH%5f
z<K4G4RX}A}??rSsLiW|1Z64_-+n8cmx|3spGQx3E9~9j+y5Q(0zF%NzC)+_GtNk5X
zx}}CNA_TWZhH+1S-8&^K<p3Q7mjqTxQ@;MHXlmwj+J{PlTRSGyB?eb4t+=0C-&e)B
z8IB_R)F@xfbqR^7y=h?2jY}}gdbh_>VOzjeSy<Fo@t)H%j-%*IjOQ8!1r<>#3K`8A
ztN&ecKP#kQl%vxLk^ZWas`i^Nk|j_^mOofU!M5@@%e^J;KB<-Q`Hb~GX-3AdqE(M(
zaI}b<P&}NTH}hw->$o&(CKW=kM*@zC{-FZ9jWl#MoAegD0z>X^mS!v5eJ(3w`#I}<
zE@5_;3=YsgWxK=vdue3$Tn%>U`njy%EbCUBb6IJztK9ip#1((Wod6RSoJe!|8tjZ-
z19FkG0T<QOt_$NgL_iHRQGZ@bZoU6{d%oSz1*B1~LDM9iI~#z$N=Irj#;=S!#gkC?
zo8^NIF14wZG20@Y+~91lS*3bvR8ff0r>b5v21dC-osbc&CtJ-t+y5_6KzE7j{|1C0
z{{I5%q((I&0cm0^<}Zx53$YqA&iZUt6f!vMY6iqx^BA@rUs<yoJLX(n!9-hMinC>T
z8<>8>O{I0g!lkB=%kLKtZlT5Mh69nUE`%LLk_`A|r@4qKe%{;TlNAp`&e_Mr+!(uw
z!Xih{BE)odG2Kn?!HI67y4gF&Ga;Shpjf+0_SiEzL=p`{=HuNjIsY2mlFRQ&X0}B=
z=ELEm@QO*!Wbjb|_rm%m?*o@u4;}m6f?Y=hv-6F^mea<l0F@8gB@l$N`{#SH0!qun
zqV<wsAcOCu&2GDhY_LFtmUvjCve{QO9-9}u<9Y@it+l7)4hgGpMJ<=Cr4~dYVcB4x
zhbRQ!NsJ2>QN4#3;=fPRs+R_+_k!{WPRd_VsC$vX9TIv*wRD(Qf%Fvp15M0>{433^
zRGnHvm5B%;RC}J$$XEoLT<6J``QAf6Q*4*tDL;wjUX2ttK29pyT>taU=KczRkl08o
zwZ=;tA1U*Nl^!XB{t=UZMD!n__(!1rk!>M>^mg53VTV15>_Pf&^ZmQ$Q}XN~7q3M#
zF3E$X6Xp+mK~*CKf23eQckURxk~Xu>y^^N<M|Q1puL9zK39SF5hgn<tL;;<oNb&I>
zA^k^){}ICH2VW;TFP{*K%Vr5myoB(66Sg?5(+(*HYV7a<Gm1Kd)ai;Nu>>`Eo;$h|
z{!-%^$_2=`H5JGWucQwgnn?RSCTx#7awfCLYJYHBfe6iqPu95Ea+D#FBZZEbza*w0
zCqI1F8|Dpar5#v?JU4}LApw~ssHKjZ48xbx!X7vk`Cv{ncSQ!s2SKL`$~DB)<c>MF
zA{?d^e(hO;ja_L77YHshWv*{<-bc3A!~C;bJDW=EBWjxfgBDU=ek^P)YcAR@s;cro
zPV*E=Ui$1m&Mm>5zX`Hk8VkNJ5g~B1fu1nHw5Hj3n?qokk`toKp$tN}Q7xb(W5*&Q
z!0b=q=b0es6^jwKaXfkHiT}DmTc;@8vY}e_1QE`TwDA^Wckx*dSRX-3rLUiZAq~+G
z)i7&GRHao_RKwSAq<p;t9XKKhzxE_8ULZN*H~1;9?Fk)7g;5XTR;c~(_VRM#CzpZ*
z+a;fJxx*HWTu##M!5UcEat$P%dwosVslzoLu6ur&q`vzAqOzzfXzAzOXoIXJ;g?e_
z@TPQ*^L9$Qf(muRK+?|$Z|`KPx3_xX&cFwoo<Q8yxePig|5e>4rO|`wh?OG<$Z5zn
z2nbF89t`YWP9dyb9%f^KbnOg!o-1PsKo^V)7wbt#?ai_F9FSc@ZDD||_xOl_O}}iM
z&`7bIX7sy`hTNH521{`#F%G|FuS`h4DF%HU$oqV6n0u^Vu9l$@Jjk*PLB~E>4SE+%
z_BE1FWtzDM#Eg5yrTdby8A1F;NXL85WcTIPQo9+*n*k@T6DOO@uZh${p7OK5-YNu9
z%i5ma$+Aj$%M|7_)o85GBmV0vlw)(!EQF_b^39+W3>8A=a7y#`Br4m@elGqCQ~pb-
z&Pt(tnS(~%Ha&rkYa)7;Pe+a~4{t70DRP8r&SVy`F?GKXI3Qj#(sR1a0wRWkPS&`v
zqMn0BO?y@-X^&Mb*?U}FJH3-`%(|d{SEHRy)<q?$Xr-cF>y<J~N!SYSCLu^sn0NeK
zN^pEZF}?Fi+K2=XqKZvLsyM39cXXKW<Ot#cyMPYI4^Y#cFfiX`J;8u1J+;^9p=&dq
zF7Xtwd?knQCalVZkm887DDWI_aJ|->C|IfRT(e)NhiGQ`D`t$Wd2Ojs>WSl%K4jaj
z>fTi0$>Gfzdtke90EE<@7MKlaPb=)Tuil@r<%m7vq6dX=orF}g&1On{uo{aE^oBOQ
zWkl(<v}Ndk6(W$`vny6x9c-QLo(VFb>)qd+eErp&uab9O3U}vEhhRx!XGg2}{0@Bc
z9ax@!k$)y%v4t0yw{L<@ypvGFcKB}OQ6(uf(?Z}DLj@zWoT(EBCy??BvYDWsuV)jp
zezWd(cKLQyL&a$PMm-h8xd?}X(aTvG9q9tqN2`DpbuIV@%+HVy>|%JLrs}`N7#NmJ
zpmFoNJ7kA9qBk`?D3on5m8xn$O%Aa$QqTrA@yFHXG&bVMH!q19cTJU*T#?M*D^|35
zls#Jxza(0LZpRIVF`jNSf^8Y+T4k+B*4cTpcC#j9uEP+V>bNiW;YhtOdA*VNUYN(9
zlt@4`^EF8LvQmMvsbe0}DKm});Re1DgU2ep41^9w3eo70@actRk(@6*l(>raGfv(*
zw#Gf0&8fW*7aY>6n3ond+lasP_0Adb1nHQHu|+d^yL(B+&^>5Z;GhK7&+VaJ9JX1|
zeG=D)VII&$;a*zFWudcM`r`%jFH!2V;n&RYE{-ocN3*JoO}Ih}CyZ&zVd!Aw4CVO>
z27SX0guoj654RkkdUNry*@pu2-Kw2!6*ftju8HM|6UmdZjdku{3Kf@h?4M8|b2y~G
zE7oH#%QBQ~LDXMZK=5yWR@w@;^;XCg?TM9A08KG|Fly8etgNsose`A3=?EB?DWXyk
zQjK;~u9LRHA=W~mSkpwH7(XcEsCA666@;j6UEtE@X)NrS6hK#dQkjzYsoor46B}uW
zRFaVi*sBuI=eY{L_<^8?(1Mz#qd5D((~c79I3$a(f`uo}s<gGK*)J(5v?^Cwl6?lJ
zuD5ph)A`V0QtNS8VHC36xnJf}S_wCw<d4wQHsN#L@Q|mAX;rO&O)eq9fr*vR8-X&=
zP40_G)DNA~(^VU%4@a{Yw8R-udK@$&im)A9ki9e~$V0hOtQ`UF{$XYkBK-+bxW>oQ
z_EG(wgArg!6%ZN!Zuei2Q*_j`i>F-p-?m>qg|-HYJn^#@K;z0l4*G;Ps(BLE$ygzf
z$TJe7TXzg<@$_;sSZK}fI@k#RJ(Fjt#b6N=0~nNbr9%xakp)mT!7av-WU=mxBqqK+
zE%#dCDCh0&@xPC0+Rn?o@kfwfz}Rk;-(#M#M%Tw>c=_9{etIb@^~GY`IT@J7=bD=X
zA77t>d+4LS(CTg3hNe9=mw32lzwL_{v=dR^z;drHou|Wfgz@-6FxQ#ME*lUWlQ{>o
zz6MJQ9O#4@m{%y&qw5cI_a<8K1{Li)yY<-S7DL%T=fBow?>KC*n5k|$-VFq^tTRv-
z6M^U%SCYnEv9r<!ZP@~mbeD~5sOq~ZSsK-Tagv!df#0AG_`nA5CGY8tB-@0q?t+|R
z3pZ!n9zNY!)?LdTup?vRXS_FD@fS1x-pzaGWa~Z}G+j3Kq*e~Si<cG+TFmj??1q&o
zx~yImrZNpv$A|mS<8F0zjrwXt6!rtO^m*J3`nI-q_)ReX?gCfgN9~<u|9B}o3c6&h
zLXBQIS3rzKhCdD9M_i!JUAHsgbm8a3r!0)o98_+&FfU>zGBv?wWJpzZh|>~;^BYp&
zy?o4wNWqQj7t{?7isNbg%HRPlDE#(j-dn+=MDzA{Ez{J2qN8_h47SVf5s5K28R6{f
zHkeA(JMLjqw*PLUP^`78Wfskb@NIz-7ecsG#iP8-OU3U^WvguQ*vhLMmz(Hp0!dJM
z!z&G}CY9MF=Rrrwq(?2ZV8d6qnz58#0=2d#*M%IwZ$KlkAfDB7%(qn*vzTyEOyua|
zr@9j~+LR%0`?a|_-O6R-5B0ry?0Cr|KxkgfdE;6JqD3beS016wdEY0CAI-TRgS#uW
zgl?I~!u!iqCI$Fsa~Td4Z#dq@GeR<?1P(0nmR(Yna~WtDAjvi<c3)CSta_HM)~fb~
zuy0jfCpwW+({ktSCMHO|=(@-3L?eIkfVlF$O4h1Ik2*V7d|8pF?DEL?C}~8l^;@*m
z1(O}Owz)Q$WI$%K_b2@rx+a|srm%V0X)#e;9$2V>Cb4t&wGkKc8`q7-&`L&VgG>6T
zwN5p*rWE()Ot|kkhCRh4zq^zdB)f6qUNEESV3z3Qhw;)n11kgb&3n=P3588=ZdaIc
zaNSSe3#`9^{UqmDe`op?^6AFXOx@z@W9!13eu7XU>SO<)H<+9Tf1*=plPvvC&cEMu
zx_@#iURj^9YSo7_*+|=tSTPai9kRp{loecOfKxKLmOV1LmY?%u=r<z~gMoPo)ofHj
zYFcS!<NL(qE@OK*!iAzV_j@k(W}N-q+)pavVdc9S!sR0)b6#Py(3j-(-ICYjPH4(I
zf2G|J)#dOW0JNN-p<OiheOnnFamtyE-8pG*w~2O<BDKIMJfAUrghAPy>?Y3n8oM*}
zw<#HBMMpeIfJDO;ZA&21R?Ky*B+MDr5Sl`P`6bUoAW|LT%j{6FLuhIvw-B`&4E;jl
zP)H{Caer)KhL5o4iu?}3O|WCag+4=jxZ^{TB2v{J4NS^jzhAFuHm<$N#RTdUk{1I5
zHF7q-bFbS~AAWG=T7=4AK1+$fZIBWJ3Vo*mj{Oz(&#{P*sy*1xG?h$59h7Uq8RG-Y
zi0O=2nw^w~{Vd(5za?4_#m3idg86d3ZOM(24xDgbqVf&A)3cYVaYtg`RHuFILQIaW
z>G8TO^?4?;>TWTl5q1yH0$Km)A6m2n8RLx!DUnk^GqlV3Xc3SrwCi=e7NwC3&5dl<
zTZA!B@YE(W!JOJeLj#7yfPce@%9q>K{+Qc|jFg&;;AVcrAu})Zov#?@WyY2X)HV;Q
z8T0*mSa0uHj@M#k(6~><eTG9(OZ;VLy&bn7_Up+Xgk6m$k1{k(dOcFIh)p)!w+q}Z
z)%pgwj@VEg>ZD(A&O}1aN6g6a-b+?O-i`>f?Gq-aYX_)XzZi?c1Uwe$lM1W!Z3>(*
zgseU==eeKnN_Zf4CQxwC%RZ#UObXDADusARdZMA6oNvB*snm`>h1QrvmITUhTNb@L
zZ<C_EJotFKqQ;t&hGfsmMmu0NTYzFGn>{71)$c1K8A-se__}Q?UVCSx+q&N9y5;mU
zTT(;oRi?-1wswq4u%s&jN>*LNc%?T!RdYiAuud>0UiM`Q#BRUyqCYo~>pmi>8RK_u
zd=Ci6!+ulf6J9P9u2ruS!F8C+E_$a%EA4?!Ua<fr=0i{LX?T3pEk{z@GU=QFAD`GE
z_<iFy@hH_W@V6I~_n*{gqVOm1u<NqS64)wj4Fx6g2J@K5n3o&>u8`lk9?6pdr@pW|
zRlR^0oz)qfi)UIMxtxh{buSUr()lHu4*Va6Nt#-O6pYfq_o8|%=VDr;qh~#VbdC*{
zxkv)`&bgwbFFZ=*lwg~?7g_saWVOK6O(^w%gk`pjepDwQ+%?g<?>Fw<Kl68K@;Zke
zg1DgDo51zfsc0+UM{J$k2uESB3tnUPXQ=kusMTpG^_xdBL38&ACwA>zBr$<ENoFlJ
zdqiY4V@P(VuM>O4RrRks?yFV$Q#6i@e^nZ@kbd=cXJ>t}yI18{%a`xlpaa%xLd^@k
zYYBX3F{y7SHdPnwG(<M**m>F9pmO*&r9Snz$g8}@{!TkxGW&)FMrvob3Te<Tt9=W4
zD6lu+&UiUCbdM#~o`3iPAKT9x6m@dIeotZbg0A*A`d*_YBkkZ2kKEs}845IKmV*W+
zW2)aN`>BqfagZ}GA1Q+CUl?sJnXoR<Q=%pI_kuH1`fhjJjL4C~Uqw$XPM)d9l*!#S
zrc3+}#JPV+8K6QhUEZBgMjl9)U9*K$ZwmK-DTcS5dm=dUWoeEh+tkiBKo$^IWglZ6
z4^PBU?xVMJK#7*GWkkC?eB8qZIWKAx<}Jih`)E9*gYj)KBk>uXF9h<G<|v|1{Y1Eu
zuQ%dq2r0Ey#<8yms+j|zwueq#{=v~BdR;t!iy=Ynomv$HrQV_0mokh-0pdo{et=t5
z!zuO3lzuaHrhXhCWNv7Z>p1`<xE?2=dn)F+yYi?PLu?tLOOZb>rs{87e(}n{erT6y
zAE)@cWD|_iQnJ7U>0Us10GW+J&|R-X3(^ioc`za3Wz`NC;8?PPR=>$gHJMVW>=qR2
z*`}xd4C9j^A#xz&k{j_dJtMN<lEka@by+p1d!;;zJ4Ny$j84ji{@B66>7HvQT22od
zT@4c~Cdw6%CIXEMHOVf0d%ZTHFcGcij;=Q2zCXrgF{A>CDMmdbbrBzf?t?@XZ0riX
zW1`j#*$^q=S{tfR5-z}kxX$pMoN6~u`f!rgt4S_vP`G{l_x`tWlfQ0WLJf(@zadd`
zTGvq<9@()~*>@AtMR1MrtEh<z0_;*Jpg<e$f3K4>SCl%5R2l*hXSd9PV0<E2eHNj+
zMEdqkDQ@w25kpt$K8flvv<%_21f(&pLgjC&+Q*@&A*52THqDN2(kPLSCknU6_QyLZ
zE(RVs3#@=)UtAitDoDY}&sIi$zLy9iV~iR9)|DDyy9T2&G1rau>##3L8m!>xg2SD8
zSH3i@38En^j-n2evVerpji+9t=1E`oOV65WzRYT%e~7eDHNCxSiQYZ4ofO#=ogFk|
zCJ@HvQzADiz*yO*GA7bCZ0AQI8nl?rGXHiMImWPVZi}xiey_S8g>C0xqQGOW?DQsn
z7k4|I&8e${PSo>yl+CI)Ugx^TOH;nX=jQms)yxa{60jSIVFg{Rs{ZPlnhc1#Sw$mF
zcEum@#^)DeQ`({<r)Ju;#Vd78blLax-&u1hAg_S;xkDrrxdhILF)r%xao3tRvqf)T
z7({Pd2yfTjocWYwS^2T6hJj+2XpAC6btl9P{R7CHx{MSI+eQ_g(;&VB^?qYDl<J4G
zqP3r0kE6j0KX}i5u6XyW2yELFUMW849+$*1c`)i8D*eT~)YAerniBzfVvu>Zwrq0i
z_BHz3tb6GtY(^iPR2{7D@E}vyN<|@~)dRlhUAT*-UHU3y6Wd^Hq9vp>Zv_OdTfuV5
z<uz$@+%ewspmKkgQ=;j3YS3O#5f>u(?a`I6j2RERV8~>sHxBwnm!}v3FJ>Q2m&b=5
zUpcT^@Doi4skl^PBfjhWU>r2DIG$v{0pZC&;-<9+j5ZNu*Pu9X28}KeReD$>q(>4f
zquh$bDpK_)7ah?3IE<T2X-N+D2r-&Rb+iov?L;3F3wC8DP7THk8JEtvMBwtqcvi7(
z_Zlx=Q>#<#o^<c#0mSphX|*~EOGC+L=w&&E@}Q}K!}P&eyA84i^BCHT0`B%dIGCB+
zdTd0{U2FX+D9rA?^nf}uqDvG0M5f(nq%9$Sqj>r-q-Ms-a-#MAGZv~D^s<@)k}|pC
zs<Y2ui9QWtli_0GUTWtVR=1(=-+m3Rsb`A`g{C4dCX)BUAV1j2-f`(lM{Ka>gw60I
zYNn<wC(^G?CvtQ79V5y=wxpTwk>dC2Lin2v7yI;UROH`(4*Apb6P@oG>fDA}TNPrH
zTon(LHI8D61Uff6uI0a;LZ8PGA#}i!aivG>m_80p9+%Fey12=#sGX;E;XQO$@#y~s
zpqgky*k5`oCHEk><4o`;abnCKaH(9O3HKq&di$2j{?3o$uXmo=tMw9Zo*Pg=zco@l
zb0TvSlzyJA_Ne~+6=h)kQ@*6E^X%?oI8F-NEmcy4^0%&Z*itnbwPIXxbDckHpP_J}
z?wYpFA!sti3}~4s^=Zpu*h3F_T(qWJOR@9>z90m?J9g=tJ85_yZ<qxhLg7AbPtV|f
z1jX9f^7Z&KeT+tCrd?_RwhAgK2(iKT5~k(r(ZG?j@Ii#%`IHM3+~-SmJhB9g5`ZJA
zK7U5TcfkIBV)t!@dbevPuzZJfM%n2blT!+1fN(Brsng8IeimS#nvh1<u;V*t8618?
z*d6?u$?xvJc*PhJo_Sa@NUL1)^{8i+CAn_W$7*ppReAiVpS-Xf{~k*V6&-35#vv0<
z7mG)(BtAmI)9r3_2bL$?keweBm10cSoXjJ&O?F7wH^%g$u*HHz7Mz4Zw9Fm;-C{Vo
z7c3`kz>pV2_;CM@s^*a>srWZXrzG!lG>Z;^t0pO`xVBVtQ0X;0R;|hvV&po;UWgQG
zX?U$QR31<YqTbj^&xxfZoQfOg=2SAq(zVa+Ejf=}%6XchHJr}%GfFJi>G^|>K)rbz
z&Y0p|E)fh?Orp^BUn0!wIw8IDH7vk6_d1)qWUZ*k{yr|Nwi0B)`O8vcCj>MTkC!CQ
zkEBL>BoR+BA3qGnzMApN(CU-L>2EnJ&zKUrwIa}0MvRAx5e$o}h3Dl8#{jIrg(n~~
zE&jrEi^hK9*j3hmQXev{5Et<Ak!>{;H>+^<p#tW%<X^?0Z7a4(!80vh(H{NexQ=!P
zS(8)**uH)W_8VzDcoPFH%5;3-bU^BYae_~;c!5f_2n<&`FvB<g%BJyK%)nZ_k}*W#
zESZWS)=li%7bFgE-Y^*Wa~p0|@HAXtIkYV`Z-(}-A0i=LM;GV!zmh@QE#BLjw9vTO
zl>I+<G2sERc2LB{2=bAqYeRgxJ?2RYwSF$2txujh#ia>8QM>nFuX9J95b-O@NY7pp
z?UOxxA6uXg)9Vbf!$MUXZvF{Z9^-%zood`mwfCi1b^wx_K$*WaaKa(Kg9V3~%K3Yl
zDQz~2<^v}%q4m*AIkhaOK5*KNH#x%5?GkZAs}D8XNDQpERlbP)vCMZA6gDkEcu2z#
zTXs0lVo3Eq_~7Y-GUAQ0`b1Fr%fSOhjbwA5pcDg4z!nNAG%#tb;AGqRwTrQygWDp5
zykOr1c~{05CO2Mi4|98Be)%M0fS5sE8;g|n0rmq#mr?r*6z)~0Z(zAB7g;L9IJ^$g
zqkWG^NC2vPTj0-c%PtncttC?Dw5i)GNa0Gwhih?tWcd&Gabu^luM^Ux;2(q5zA%R&
z<MGW;O5`7-(NJFScUD<HfOA|U0+0=Hwt%GOih6qId4F6uMIty|x?`2%^Z!l8$f)sN
zGsaZn`+lI_4o21bHTj$n)z!RGaBpww2BN)S7d2A@{fN)*bWag%Mz5`Loz9*zBQE_#
z6jjjC0@e+R6q0pZj5jBd1)CZA%qv#b|LWhhQ4g}5SW|~LDVB$Pw(+N7(cH02Q{7oj
z!AgQh8}?@x8bS3pl?>D@ZFSLgWL<qg;nwTZGnD-f;ovWLE9#hO$R3bm$b4E*FI0kh
zKC_1UV%f;0VIga%Oo88`OaXIH?Y@lto%7TjMjsmV<R0%H5P8NxvN?m(sj6oyt7x%D
zl$9?ol~Q#GS+PdXphVszo~3y7k&`Kxrt%7VC||sVD$7dm7vaN^2_{J_v09#&pD`K%
zk*p%WZ%URnA(j2vU+HwhN59fiIjK^0MQj-@8G~Flq^m;-I-ifi_MQfZ;MFcEI%{*~
z_yTbzxY3xd7hd_qrdqey>hqIa_8JO#@NIqL5_a`YXUQq$K1~X82~z^;Z>i%ik%gqc
zhi`J>yx`cLrg6MB>ZbYA<t_+3$g;-UI!%>73B$6;h-+$n#h$?>)&7bVQe9gbm!rf?
z3QMfqn|02-NPfYr@SeIkANCgKA8&^DG(=J6&tUDNWLQ~uH^`}wlGa^{sc-SbPKl|%
zKgHpc#&5vP2ERyhFCZ;0tRs)jnx1_NRpcs~5^67ZrF5tjDL2HIMLo#yDL(E(X(F?m
zh40O*hsc54ZJ7r4-M6EnQ4zbhG3X)(Tz<}86OnEbI3%oyFw}tkUYOUJ(|%bk@PH@0
z5v}j5&F*w`Q&re--5%bzxIP|Up>q3_KilGzC8{6`HQ015vtW}_j;EI;&J_+R?A4kl
zr``w}b^m3Rixe=MhfjuiG9x*zq*mrdqO=fHkr76JDSs*z0YtJ+;!QNcaJnVw*9)ar
zuOU|-^z=Z@)9X_xFIDS|P~WeNxa<#v4pmdbghw+XMpiEKI#V-83vbEtsM-L|`~(6G
zs-?}LYhbK<!1Ckfs@(Dwj-n(9oqdNdP6U?Xxr-PZPmhJ82fWK7Ug(qT<^n0B6pj*V
z`HK{LZxXv2))dF2X5ndl<FiGM5^msSHdhS3032?BLn;bz5=h3FE6Pvb?PYYWR~Gz1
zN=n>9M@lR%DzkZ@r5$WE*j6SK*ec`MJR@MQBoDO0a-;+nvD5q+q?{0s1`DsKz=ty~
zLt}CoKX`>cVXc0UHnP8Q>N+OE3C>i{nq0YiP9hTfcvS6wL~iQ?b&{C8Pwoemv@dko
z`!kGAWqEI-SMM4v``E1ArDq{s(T##`zWw4r&5h1ZQN2#vMV&ukUcZJ(7?DkBAjiu4
zjMXBm7QrJ=I{hX1=TvGT3W%P|RIkxA%UVp0f1OED!M(f+y5rEk-j$YU6>MpGR`9)g
z=CjJOl&aPuBg2@B1~RXzwFc^xj?9iHeMOwhQiUnK5?xCwydPlt^bymZ2f?_#xpv|&
zqxF|(@xU^N{eikS%Fiw?iv!uma6IrM3dv+nao!!3juM5AH+j1AIjb~Ca=!S6gwN-y
z`}^Cnrm}S51vysjgLM`M-@LHh-gKjOkMt(FFdwS9>TdFFaF-K#Hd4RV@2o?E_c>*v
zkM=2&ytv+aZ0}QCI!(-aGuB%uL<yjb+q-n<)6TGAi@R_&`|BM?*E+6|m`ldzH5v^!
zzllxOW|gyM&bDUSbwB<!@yv^+g=(3nG~Y6a^PBlppV-zvlIG-M5x*y=@{Lpbq?T3l
z*oe<}ez==2yP<fFSN3{Ckv~bbjB$I)!`+`ftCXJgQ_sb^7K7+8GPzrj?!4H4GG3~=
zjDl!++~+hX?p7s=(99TEyCJc4cSf0WXZp74fK3u?ZbMXQZi81zrKDXcfZ{VUcEiud
z%Wgj@SDz_;V*7kngO7>ERpF9goNqW47Bq6eCp(p3%=zAc7{~pg3H(QKP^P}eHo3BM
zqd;wIKlYSKCZ+UBs3ePNhGx7aN2Q(rI{71liJ+?c!p}W12Xa}d7E4Nv1BoFl!Q27P
z$ApC%&5?9LaJB`$7pdbf>Gbie@Ph3Y%yu<q+vU&<+&h7&SMN@vku|$R=*)#WmA|Q+
zK4T9M?&q3GZd@OwoS7Hy;3ZyY9O`ml<zG%cGxoWh+~@jHmzFu2!`qvGHya|_wJdoN
zt&gSSet3H1lg{m3s4T-I`Rf&<PsKZQE8kLsd3I6vlky5a3~NW@C8<rgOTN=ezh(IZ
zHeZ^`u2j|c*lr8EQIQHyBQG9DBkutzwnyXhY{mwg0du2P<A<vbN!a(~)rriN<S!WU
z713JOj_&JRE!hUBT1~dBkx!^vzdLNzEA0x>)vVT^3a_Xncz>(%R!GGp$W8u!PMxe>
z{;`|6nwMF$IC-q5aPOW)gsp<mMhl~gLs8J$zK1OOz(@{KtuLj!`dty!-_r4}_iYEH
z*Pa4~Y95Gfw`;9@ji|uVJo4l1xY#@Jk~rQ|IGq$-yI)lr+90(war_41ZyA5ZlJPp0
zI>i=XotG!0;RlQ$3B$iS2P-Q-Q8v?XHH$13)EtC=;Fl$2ajS;!+j_X!t_P+UIuuXE
zykg)=hXs}YxS9Ad8G{P}+{g&JHFZVzrO0fr>Z@T4!Y5o8Hn0kf`&Cd#;|7ji6PgIQ
zBqXrAx<tSQAT{*Xe`)Z1`=X`B$}sELyx&lQ@3pB?-)lx<PLy>JV8I^a#|Phv#@=cJ
z8LK67Xtr)#a?Zf^6)D{)n>kv*1<!-(tyW=AE{?d{l3E7!D)Xr3Rx)cmgThmRg>mxJ
z5EZh?N}bxt_<w=`n^s?UTkHeB1y#-0@Fg_}OmR-kf0sSbF?Lpj>+lX7va621#&i1?
zxA*l`k$ru(>RQkw6s||oih;5<soC{gT+ycC_b;OiQ)ad4w{ysy?9W#(hFX)4y`R~T
zwd~@r>>0Itj_?QT^{6WDOjYe3SZ$<bvXuHV;#C@~JqBi>B+9XHUm92FhtQ{Cm;Nr@
z=NZtxEtw-4kX<QqJ-Q@hQ8Wbb%I+=3!&bHlXe^YOEyOgjGD<Wg7tWs&ZY0iDY~zmA
zpyLv=2zN1Z@^lm$`&DXHD2S?+om)VT1t&?RNa;`{M<A_xPOaO^VQ9jD_OGu6D`0T<
z@5V?zVehA@uh}@PUl3h;3kjKx*Kq*ul736dy6&q0Mt5(2><xoDfkXPikULzteHFVZ
zYBQz+vn6<-uyqkGqcu581fz~un1Dm+`wP!>ST*vN1?fCE4cRu67Vn(-s)3+1^hYQ2
z@7RiOo0|>aa3Rn-!_4+Vqkwl=GDbqdf!3@|`X{4<X3)Dh^6}>KPO@L0KqiG^a0)-!
zgT>O~!^6waOb_=^UG8fjQYWM{SLa{UbBA?;V+pI&hH3&{HyDxJ<9Nx%vcs2TO+N&y
zTv5Lp%iQCKz=A-eN7e%1iz_q|c>R@(00?~ezf8#pOMj6O5|;A$safXsTG_k4*>HBG
z*iODmf8(B`2-{xefa=9XJX<AMS0sw>Y<Qua5h?PfL?U(#Ci-j`M$|uHH{<f1<6&xZ
z#BCjQ9V9H8OXk<{EqC_0{SxC*IXe(3rQP^wQ~GzF=5k^?b0i~~psJ+%-fU_(*=8E0
zfOrBCQV?0&hf>!ef%@!RQtfI7we^OW0`=jkE0lR0CsS~x*$mACB9P8wYZgGP0K!k0
zzb$~ZVM5l)!h0?>3ldukdwiLmvV;b|?kV3u<GwW$nM#M1^iMsZs0}MVpv))2x#!%3
z+H3hZEEiS``yCUlX+8FG9Ua+sj3sai45_S7q6I|K`N|vmSRO%Cj6=z+Q*w*@8T1)e
zM+jQ}K5L=C;}VwH{T3tfHcdE1ZB;@YmC=2-^^mo3HptZqOfc{8(VNYo85C<H3|LS_
zY{tW{rfa{R@2y$}sUiJj8txVirdL<Po&(Z`!l>Z!IdtCD?SH>*+B|f}#_=^R#z;M{
zYCS!(OP(}!rLq{jpFM3;$=+kR48@GDsu-fMR--+3{A>vSaX0-y@TQ%hmh#<qHJxZH
zvAGJhwz~?a+P^np?^18f<iSv)`6D&zN-Sf9?i~0f+~iI&M-}1k`)A}qGIPBA%bYh?
z&(k20kb<1gn}z>}v2Tu&ENJ$ewrzJ$o71*!o70%KZQHh{ZQIkft!ho%c5lu1-rL=?
zf9*L{b)xcSM&7(PGcqIM7nv)V5`SW5zZ4FkQQG^hx@u#ZD8Mfaigu;5ni4&RCGy^b
z%yI-juj<mFl=czLvc44#CUrJ&_G<JGy`)$xm?nEnU`@CQjSL2M3J<6YyCQAO;-s{0
z$^6ADlL>ZW<BurPE4Z<F^xxT7We+@Vj;ulAg%-&dp2I5`La5!r4f)yQ;nTBXMwgju
znP_;_=AhxFyAz7Nr5aB0y1aBT?84aFd_xgwxG1`t5&e{(bTi1(d4R^c*3!^uyJcIl
zyK7su8z6nBfx7?wCtzTj{fFNL@NX&FNAgX|%4<)HOw)A36VbhwPtGs9|L@P$SNN~m
zK<upXX@Ari>qN&d$s_Lc^eX3E(&?w?o*``HMES*HIlh7zl9OnC21P~@vK(C*@wB`%
zBV0KLoJo869_j!9`Rz>ohVUV$m??;#P5GuaFhFu^u?9e1!8fk0A8SM}Rldg7MNQ3C
z8LC0|rdJS{H)7{ju2_1OWtN9GF|8&QUPXY~>B!%(WCXXc{aB^C>#QK#_`2#u$yAno
zTXcl7N6XNL@y0H_771rN1o70I-!Cw1hjD5cu0DkJAS;ZXZm#x2@0i5$t^1L@=lYqu
z<7z80kD+@WHdK0ryR|KWNEweD7VT+BTq)zNi1HrM_hT<6$V+9P*l&_5LBQOacTTcH
zf0T$7Y&C9~jQ6-e{AtKc*L4WWi#FF!`Jm<2cZIWD{gY9oSIP@h<+T^}b(F6P7m$Px
z+!xGybA%6HgA?$8{<Nw5<kj?{A#C7hCCx$8-0kPn=u-4e<tk3QTTe}!DZXkbkxJ;i
z_r%mr`+}_d>|*E6h(jdJk#N2|`>)5ewxlPDFruxM6Br`r%tFWp*<SsYmPsVK^O&&L
zV#GAdJFmhbZ1MDk^Yr|cnB06C{&!f?2Y);pT<c*4lno|f`>i(K&&tYlPtcU3C2*P<
zD;QP66!cWDr+v}(Y;H$ef<w-`FzXp%0+!T~N1XTNg<p2&NSYAmUi@o`;onCXC?iVi
zuqbTxStp{V7mBt@r8@2CVk+=bM}8=3?0R*%=Ss+)|6Y1~FIe4T3s~><`QG8nvB0nn
zLg**NlT+B}AtU>VCwEQkknNthR=0<pc7&h`q6P3NBJeqkcorMyu*e#6K`-xP$r(P#
zb+&dW0DW46_<NRLJR-*VDX?|m1(C%~Tei30>i|MIadT_jv54b2sAG*mQgx>5YZZ8c
zf7_b={(@OLO1FdhpGi>H)vB`-S?R(<U4=KUnXFj8Y*&t2Zp(e>))^5a+aW>Yw0f~s
zV`C+(O!JD&!)NrXO^uh(Epif+|35wSst&D+x6x4b&ELldsV+6ybfAm6SYwDb)qsdb
z(<346t;JP7Z@P{0V7P~$!wnO-tQ_xzFnvkrtd9=Gb*<Zm;Hi_AnVG4K2f)B?yzZ@r
zBc_~Mo|w-*jvWxBjL*VcqPXedpWUlo%y{^DPs2Lh?LN;Ipel9kFQq+qer4@b&!<4V
zm_&8ewncUAomSL|uctuF1;gd^@0pZppe51c!&U~*a~tfra9N;SR%%M2rA?tS7`O~*
zFEL!y&_zT^_DjdtWd@OFke(;P3ve(f{<cT2q;({=%<bk>mq`up!EC?3=5BA2XQ)n+
z`GPu79uLpN`tb<;WAoi+1bB7#VUK&aS>C-GP5%oj7^?^de7a8NTt;w3W((KP*U9-H
zu5YYosRlri%#d4?SD<HbUR~>2ru2R@CUiiJN0Os~UiLlr!(|^++dF58E_Y3s$hB4G
ze7aI*d}Hpgy&SINzQ>irN$hsaqq{l9wtlMrtQuq6q_O-n=Z%-2lh5;W8K+~g+k><9
zOX5*(pzCE#ZhPODVV+C<xOd4iwc^F-4pSH42h(yjX|UKvOtpoY7Q?pID+|UPDsids
z^HSt<M)q^lOg=$N@R#^-wvG&D-P6ZK=9}ULfWGlP2iPA>SFTHn7OQae>#f&?A?)<_
z*q-DTkrsav((UKA6284|Zff<B$|`TuGfp7c$FV*A4y{s?YN(o@zq_M3a0~3G&_88*
z>aMW+Wcp;pPLsrxuvHR%Zqm>zp13e?dvSQ5<3d$xwaVJ6MsyY1*Dn2h2PpgLhC&sV
zYV$&prIl@X4UL?64t40?Ae>-O4;(Mi=hg&eb@PZXUg$xoRh@C4bxf~px%5r^e9EAI
zjQFE*;<Yc}(DWttoY^zxbQS!5wR^_;*DB${k-!q&?_Ch%WdW*UlonPMWhV9%RPBHb
z%CdqM%yAxUBr5vLQD5sKw`z>3AYa{`CkpR{67A!+*Zuhgw1|VScUO;31NlHkN@>;g
zu)jft)24;f9%~AmhG)q<lKCqK$&*@PqUl6{wq3pJqRu(YLZUxa*}67hb6rIlwP4;(
zz{e|*WI~X_=TkEfhxb;2_2mxj-%?cTzm}pNU3z|$syzMZ*s(u>avsgnT}7HjMZca`
zM-1YP{;{dJ%<j{@-YhZ$$ThRZZm$;KlLtpj(IK$Mr{CyGsIaZOPhy$$aDbFW>DwWj
z5&6z_=kcTSR<oU7GMSOnNkpa8_t0AMd)9@gJSu^99_hi)DL0Gn?CQDlZhA&PGjFTv
zcy1g!excw&hRtsIt?st&kk9Z`NIlYcRePme^o*l>M676LfPWmdE!8uRL83U_nSs={
zZmrQX!>yWQ)QLYj(k_Jwm54ba?>DC&z}AZJ7kGjg=cXH{_?9ZDxC62);)U#Ezw|N$
zRY||RDEvP8{)r#~x)flSV|4NAEWlm*TtmnH%xEqmtME{fu8q{7i?UR`?wshZDQDw;
zoJ~FaxdShpyy@W;xDxiRlm6aLpACF`KJ@=MT>swKXjUs+k2$xP#H;^*R`QFwyUl6}
z3#~`%D`9P9AD0$S5AE%Z{&E!5SD5J#n;*HZ*a&Qs4ObSJl}-2WU9c}X`E?c=?$%3J
zCs{=LyIjZ#Xk+WWI?4HxT}O~Jju?`goAwbS2Fv7U>ifd;@%nl&Mr7iUsC(ni<ONa4
z(&QG&Xe8MZZW5QPVz99Zte9e0{lY)B75asV^#>-gIw-pWCu(;VrqbM_rx=ttm>)vV
z(me@O+$dFA>-X3*-Q;zJy#-li=t!#Sd#<T{N~&!-rfX!VIw=lo+r)365L6Qc%<?14
z4p|#n^>|~{P|rXEk1}mXMoy~c%a+`Om5?av+%Jy1M%H(2e^2#$RSh*}zvZv2fc-Gd
zBCj_sArvpNLHn`p>8jmi(<9$hjb^jOqfhHna+rNbuk)pM^>yLVIFkPwSn_2p<psHP
zQM*XrK5wijCy1_kQEqp6LQM^$WTLRr>gQXWLuny@_GBMuL2*lDdwYcRZ&r|RRQ;!)
z5%F$b(h)2Xn!v&%8PQWu&3mX6P-9eT<|_XV+)UY4(Us{fWE;cZ!0apj=fW(Zjc^|l
zf80oGWzoC_tz3!@pK>qnmMK=BQQ}Fly`4{xs`$C1OfY9v{&HMr<#%=i?(P3xDEIkp
z{;wB-|7Qqo7WoWtSMbfEV-t>QEAN2;RXL6$j0talSV)G4Yaw|+b_1(xg-%8=Rk7)D
z7A0NGuW-TcLOb8KMKnVS7qyM4hnmRdB-KJ~IaGa!<?|OYIMDC!mlTQN*R2AbL1d2(
z!{fOIO=Q)TWN{v9#jN@&)G-=lW4D9`N_;|6O{Wb=jJ2FomEj2;U-Kj_9BsqS^rELW
zZ9GDDBA*X(pS=11M#_kCd$S3MpQ~GEH^P#77O04zs==uZaK_99&X`_!G|wwb`Wwej
z&VSy36Yg^_4<Kvjf#l1V!p~OVUqgTXS3~c%U2O`>T;1MYUCsV`P53`k?(;Sqkb%~#
zYm|>qILmtw)Vhz4?IqogOX}PvXrq4+k$Kph;(+j5E@s33o_2Z8aN}%%h9=t&hKa6?
zM=q^R@LQf6p*uIN!>yL9F|MB(W*hvrm(7!nHURS1ao2PNNq1Ah`ESp9Fcl2L&zSv&
zQA*XFm=W5M_*)^8Gg5^laE7r%b%Ro*$WebnL)`!9!60Vyx?cU&i`aUryo}v?YaUtm
z*=~&?)cflDML5tTbDuI6(Y-tt;o@kNll`3e7u?gWtaFpO;3{8&Eit!0qdPei49)jd
zvH`=N(QxMJ{#bmya0rp=q4HV$W&{a1Abj#8y9xv`Zq5s<dTDF5n(kR;knrs|-3+uY
zSeFlu)!J&SfD(Nw#@zKe+zsN}Qs@NlboD-dL9I1BPOB}v7Ds3mo=A_Yo=Ulni(BW4
zG%R?Su1Doc?*|h1hy*)jECJ64`;4RPQ1k0%k=2GyY(^Dz!-{9BF)A{In!qxL-}%2$
zaZmnmAr?w^M|r{fwp<89r!(r;GnOX+0Gch_>x&(&#z1|q%{xPdRJ~HE8F{1rd#xo^
zuEo}6v=$izE8o$w^*5cCZHyT>EP%KYz8$L-R2Y8I+WVO9_ME@i`o!w$?&ZHGn7W(+
zj*|*C3rD~cEBU!~Jr%Ta{E_1Q9$l6LR{vGj^`FYvYi-kz6faOp`mUju6H$q-OOkuI
zYBdkRRIiiHc)jftd)AzD%(y5(l%(}4?DU<0wCUa1L*~UpJ?5~WnpN@751#HLCF}f=
zFMcGF{GtB~Mq&DT<!R~r9~=dJifj7;4>7~JOnYl0E0_aks$(zRg%JAFrBr*$X_~WL
zLEFR3-)yKR{@XsZ8$jo+sowCE!VqdodMWd7igh>5jR4xWliq-FP<g`GBGw(ck5*+L
zY!e-Oms)ag?~-U_jY4r8;l6$<>F`Q9aXjI^cXJ^1$`p!x9nO@DtnpG0qzdbSluisw
zu>V_3VQ|~JZz2i!rV}dp;1WU-0?AI~81Qnp6_AQ;22wvtX}wABHEzHF_~y?PV4SOU
zA`W$Z95@3UW}3o%aB|9r!eO0}sBXXD-PGb3gZ=qrl`*fyWgsLy7>(WSNe6<4V!#O}
zu?gSHNhZG$8s35GtEOUUJORsk$pLe+0CTqU8n=0eoFIyUjQ|6aY%DuOQ0nre#z8;(
zltJcu;+cF5t4~<P`Z8~Tx1$lq5$rER0nFFUJBJKfBM^bQX9>4}5ar+eE4Yn&6%~}w
zD6zqRfevG*_}9?xsUt9m1QGb%YUpZvT|@<agrO#>X@LQ@js=+Ca|snxy%?CnF0E6u
zY+uPNtozU$?5~iDvNsM(YSxe>T})F=Kz{76*{=FUACsHLy{{A-$4k!a7C-izwwGr-
zvAg!>C>8!%r;vVax@rQ7Ce19TQxwuW^2EJeMbm&T;bt1UOt<e92+DRZAa@EY#^>Ie
zU_be_j3g5Rl4t6ve2I@>*DU34MVXjgH2^^~;-!NwBDjAy^_)5&ss2m6A)CjvU7`nv
zVvcT})HaH4#p;!LnTm}T#x8l@dvf<Em^c4>9=5y80E|c9E``OoeMu2G4brh$aMuL%
z%LlJP_b~K2wSQ@Xf_Loonh)SvD-n{KoxjPVZv>Ys8H!i`i(by)Xm3we1PhdXqskx7
zTs@q-PG_+eyEkRN&t4;`X$2e2Gx`)mZSWb-S(*|zH6AZ5y3V4{kNtEkxrcOPr<^ol
z@tb>wR3>QK3)NkXZT5y8dRmAI_sk_i;!bBc^-gh<XIML4tRxvc-nXy>e#XfYFa%p7
zb3r11cBS!*C0U<96epE$)r{7HSeiyj-z<>Ienkqgey<1VO@5@q+aUeH$Ih+txEWM;
z^n%+fKF|2G6lQ|GF@W=R*&9C=fTJ?5^wI3ts@7AwdCd5}xP>43qXS+*?dNj}=zzin
z?*JCh%(WQNK(EPIB9r&ruV*9X(7aRTf7G5I@j$KY;B^9PEojgce|9Adm^SA~^8B`o
zrm4SS+-ESB{}T(HioMqFofap5bIEFRp1YQU^J|@}T6MRffd|0DBD~r{D`4m5<2x-w
zVjf%T(d>rg<!^wvf=giLmg(1)g}Vn4W$Wyc0ye{P#KGTzA#MP^KEpT3KgXp4c;tr%
zuiRr}ozxQ^C=2tF^4`TNn>xBaW+9HvIa}ga*-Y|Xd=iv-<bcqUmM8a8Et&LFdD|OA
z8QU9Q8Qb5Lu?RUjT_cG)$8A_0t+Rd{GCZw}rJHlzY>Jd}&UQDSBDPX+v>kZGJ&_Fe
z+TK{}4HJ6DH0^MFXn>GqmtYryKknN_$~GlfE7&Tzgzihd#LuYFLprEzDDITTOJiV{
z4Cd)+iA^$VnrLO4j&a{#OR7QYIOgO6(y+yv>cj_n#Lwuy<#Hw-yWk4^8tpGlcf>6N
zB?5q^fbnLPmGsFVXhFNjO?fB?7cZMtc8prm`&+@RX`5LT_Z5o*-IZx5d{4|HusJ%r
zOt$x}p0<7x5A<ynb^&-j(jndFn)yyOFhzZTrKl;de~MtrV_%&v_W^Q$N`rY@1d@YI
z<NociFDp#JYEze&W0H|vM;%er_~t!G7UEy4?X+DvS%X#vy7Q)f0ae8c*%LVPY)pR?
z5)?89(wYQSK|F=!Z_sSwZ>O#E+Sy+fxG@T*wgY*KigV4d+|mTck_lDu9L*^9qPrgx
zP2Tt|eQ~`htlk|HWCn|ZR|BsB`I;%~j)|QfRu!a<=3+V-5;w^b#J-7bIL`F0ToB`1
z7M}{8;Zkp!G6u$9kw{+NBIO)BBHkB9XF4)CP`I`4Livtq%s%v)`IhgQBoknlxwE15
z0yvcZBk2y`!LuzAPt6*Nl;w9`T!TTn77qtG9S~41RyauoM<x6P|89}TydS}gfWv=7
zN^FA4=+N8?XX2%vx!5YshKk)439Glw`<ZyE@Uu`VB(vAOrpa=TLH&?j&V-|UWM^(8
z8uq~-TcJRksQ_PGJb57f5Vy=e)@<h`iu^5#1@rIMMYPxpu3@|s@s*589OpcrbFtU9
z9?sO8HTQ(%I<pyh<8{r*B+EAJ!Hv8!;WhGii@1yU55I(BP+gnyT&bVdu)q+>Ziv28
zIpv;6dLUrLmsVmj)IX@Y4*xt{>(5sO89<pFr=mh;zNVk@!Tt0bg;GKH86``CvZw3L
z3c~KYnA6vJx|S92=n$#nHb-po8jR)kO|j}d`&8B6xL{_cI2faHUpCG8654=og7+z9
zqR#0A6p53wt+6E$5<Hn2qinU|v6cEt->;%n(S!veq31GyAWgSAh(@XeT1H^9=$u;!
z#k?D{kJYOYo7_P*;jfXQo9193>>(W0b7&(uG3)0LBTSw0<8j|NgDd#tW`0D%Uvh8N
zsAetGdbFDR5V2M%oHZ^rJYW_(Nstw<XpiO?YXcbl2%sZP(|<D^ld0@wD+igXou2HQ
z)*wfF2&`aoXu<K?<Z<T$NOJ3(b+@9Ab=NfEggB?k*rJ`%&4!5ro2>fma?XxY6r+lR
zE~;LSru!A!em8Cse)^w43fCg39@hj0L$E8tFr)x%bqH$8juSsf%d><Pfalh2Pt|~e
zNpHgwaDcMv9-PShNN7siTd|=;b%|Ekl(Cp?^c6In?0ZX(aA`xz(uAr2QOsnLaav*`
zvw=Sg3b6dP87_O~&%xB#Yo9c>*<Ad`#l|9Dy~SMuPBo}$b?8kiAGhe?2frbls)$qI
zQtbmR4+p^+RbGw6GrD`SUKhbqwYT>DO*x=9e^rS;NAelHZTr@ud!TeE_Vxrkk^Rr^
zg3(2h``rLossfRHdc(2txJ9b9_V*Gxb@H7S1R5UhKUavY^brAM(~_@aU$T(CI|@}6
z$g{q;-Vy@sCiAcT-nZ9qBjYJh@0(VYupn-1QZIUF>9wFK3KV~C$H+AKVH%t2K?%e;
z=4x-4t$udPGS+n{chu3|m6RfRw33TZme->Rwu+!{9-&PAdUs&2IOlg*$6$ZL6Q$^c
zOc)CkDq6!9O}uqhzAK9(XRmoL>Fv|6`2HoWLrZ`oeC0!6S3Bbe4rZzgISCElc5G!R
zSWIYoxSyVH>)QQV?+_bs&PO`Va>eEQ3DH_+m0e);7*#NB)uC+`iQeLz-FRRG=fn>6
zKi+<tykSR7opUS&<Muy3jklEclpDJcp0Zth&gvSr<<-~LNh%!w+jD(d#SV#%J>j^_
zm7PWYJz}!DjLCLUr45IzV1H>vG&f&(DTkghJX><44PyGtBtY7Rv1?O{xa9|Cv$X4P
zy`zv{2M}*u2KKI_(B3ZDDyp&uqB$cj&C}@A)-BX@XP6X^V!4frSMKWVKfaqebd~;?
zb^%nq!+aK*xm#5mLSFj;S7omYe=QVpq`R*UCfm4J#vCciS%?7-Xe;|7_G!qNFHg>g
zwh)GV*&EMB2Id=AETwEobD4njWm$16SGMYmuDFHFG4m-0c9?39Ns9J!EyL|GGt%tR
zEy_=>(a>7EJ{^SU7$XrY0Vg6%4h|fg-n5v_M}fGycb2&qWrjJ>M}O+(PCPU+XwkxH
z%Pl3Qv`F};w$-4?f=7E(buevR9Tu(dRdZ&k1E)IWh`yCI7_9p`0xKJG?_o9RtiwrG
z2)8hhKor?%8AgqjbrW3X_A#dY2*>Bzny9!P$Gw9p@a`$fv2@jwyc6q0o!7SXG+*Ym
zl3g|eeXE5{w+62$Iu1pd1@IB!ru9rX#cik?OKHJLS%S%o*UoFrOIT&*iV1v?EKUZy
zJzPQEZB)|0dzY#+m7j;7z<~XE<jwZ%VysS)Qb+X!e5lneMn=~fcCH+>2rp-DGjyRY
z6)u_HtJ5*n3&ytyy<YT)v;?P8LuCHO?Kmxu7h7-qK<y;egQduTjAY#N1Ng1%Jzk^O
zX(j;sz?KFP8oU{zlY?{@r2(O*(kAsIiM(O8O!+XbehB^~WXKfGVYQllGir8XQFb6+
z-A*g5ZB}^&GRG4*&Cw;~L^mzx^yRtr{#g5lyW=JQQ})3QigP~GM`z`p>aTHCu^8UB
zcCXYeb|kyJGHz5Nsu$urMFd`NnS9)9QveZ$odtDwk#51fE)&u#Y1l}EQ9h!SaInG1
zUc4^%<{Hs)+&hUHZ&ZrG?^y5NKrAfs@rFIooZ2;33Tsm_b)e3+v@x?2a%$3wHD$!4
zJ-ALg+JnC5`s2Aprux&K6KN#TLB!r&IK*f5H}sEg31`OHFggjF=Ddxx4=yVysl?lo
zWHRbn&D5H*oq^q43kf2<b9Pc*ry6k4@^O^c!*G;(W35O{$B*gfL|-5(g?b;;`4+l1
zQ~<D5PI4}5@2I|Ye9m9v)+q#9kUv6dpL3V2dK13yc!aD*L0!%*B^98(j|>BV<N!oa
zo+boSi9NR5v*h#;hSv0k<c89?Bu+a-j%7gbZnb$6yjX;s+ne6?3Pj3EzaYj_C4{j>
zptc)V9dBc5q&2M-CA(VnOX4~RA5PSi-VfQja-hPznSw7n`b-fNL?$zVr6m&|k2$YF
z@9iL;<$sig+O3jRJ!cz7lRdcCY*kU-+0rd)=bz4)P4op+)EezBfcw(1b&@CzWN$B$
ziV?>1Q;l<to74ntZY*^jahIFD1ACO$W2_a-c!t%$wqEUSp|Nq$NQ$<jb*W=bsdCAu
zoFtFp_=7QDVt2Vu!Kl&}Onj<Ckb_54_%DLU_Q(9<+u(QY<sQrcOS@*4Q5`KAX>D*j
zX({6!j0tUU8cp`~Lb0l44g=hax$mgR#WX7od_kZ}2<>vN3DBMR_$M32G9&d11k;Jg
z5PYsn9Bwg`6=kbS4rXounZ(43q-69mFoN%fMvrzQB>Ketm;DCv_lV2VKF79?UhH$~
zyiW^$3P@J~xbETjuWW<1Qhr)P1vD(IYp$eZuub=$(r(E}LDo_2>l4VJh^$gteS}^M
zU2V8ctt8;@yZk_9aO2#H288ZX2F8KS(N6^0eee^Q$N^L>B_^O99t@yxf#BN*0HNh)
zfyGi`tF=&nIG6=Y8@Ev%HOTexANKynPz{6<4~OP{RNzUM!ayz-;UwT)6+ktbmX2iS
zj|fmP#6)77g7hu|CiS)k``e|U>{$*nia@V&Mx*YXqRT)(FYE&ATnGc|+DO1kn|}tA
zfLr4T!8kN8Ns2(Xok;@q?`|LxW;P-EN4$MdF~m7XBxYo#P$4|YPOwsyA{oBAI%rKS
zFamv=o^)_YDi!(KS|0-yQ&YPSQ$8x#ik^NavH^1ElmS>3^bd3xomloJ|ITRBCducJ
zVhG;Mh3~uIGH~wu=IffeTb3|DV6F(T9S+eX;8j0>{Qdy>)dCgW*FIFxPb+vYLb7b0
z=~+;Iwpidz90Bhu>z~$a8b|`p>jDb20B8a82f|ckNNO5cfY?#dqHDAQAE(+s4wFDt
zS)m9>jF5>yKO2yczt0d&DX@#UL0<n#QgzqDo?_`Y*SD9ri)PI<3!dX8jXA_&$s~Fa
zQGp>Q_|LU?@w;foOst|gUSn}5wo%BZmAVyT;PXM4sxw$s#NJ}*Ki2=o>rwadt^YWe
zsql?PrcD}{YU=zWU5G~oS^Oy)XG=q?U+urHDzlhlrNS0^4M$(vY4&pj&+(B)UqV<o
z&!o?N(8;)`GIp3v9`kQRUxuvxR{=;Mqi?qSfxs6hEaUz=AJQZmx2_wf9&Q89QgFBo
zB#3U8xCF8ZW$%<-#yu+^%p@9-aWXn8#IRp6k4faiA@!Qmuxuv%_b022J1*Yo2DF3A
zZ}P7An7h}9<I2CO_FQ<KY){9PKY(3_p%B=05Lv*icNy6&TY(%`Qm<F~<8zoq9&=K!
z<qb!t(@A)YAy<XPu^U)SNBJjF2`S*$a9B+Ij9>%|MO^WI^XOw0-EbQZpJ~wT()PRO
zFzve(;y}a2SYz7)Un^VcHLfB2bUM>BqKtbOBc$0RHoh!tu)j0>G_<k35N;65whDAJ
zsb;D8sMD%_Ixs$Wv~@x-s|5}Zfp+oz&;q+#{lXX~0C+G7$w8q;@~A`w)r|`~O-kh8
zxBDnCYuxK|u<O)A0q$xD4eUJWWN+2TihxN2&P7xPlYK!^=#1VQ#>8+q=!auYsTdAy
zd1$|J6X)bnF=uLyA_oGgO5;7w@#v@+iNvd+K?hN25}qvNX;WqP@4V44<EVykStX*s
z#nay-nVqyS$b}iY<<Mx;-NR8mN`EX3c=-T#(kWXe?}tlQ$3wYAB!9(sE~xeYN{i>O
z4}OS{X8Y<nDFJ)Wb%x#Xy9~1B&v1)qne0+%Dh>=OMJy?A12vZ6-4uU;UQm`!wqqK$
zEj-ZOOnp_6SfVNp6i~nyQsH7z?&&llEA9$(C>%7gNzR^FSLVuUE)JYwOiq!8_#DEP
zj;NG@{!2bhtX^<HN9|yMS8PnuJl&4*M`KXC`DeA*+x%pk=Q=i`l>$J4$gMR`szZMO
z&l+_H?k&T&#XNJ+TWXa~u^BZ?vWwV9>Llx>Czc?!xK<@e`h>0KXHcvh)eOl1`L!}j
zA$%Hl(&W3D*X@Z3A)^?-nLx~20xNu@>t))JQ?EH7hvjYptVe#-|ALMl$(`}Vz7HvV
zO#TzaOgjl`GCskcJL^=k&=|M}4l)Bd^A3!-#I)0fK6<>Bs>ckH>UK1nu`Z<Nq<N&r
zb@)>2tu7!@JUTa9ipJBv_HFQ}lH82BBFSgi8Xc$!$d2<TE>htd&VF;B?g?(rAcIlO
zp%pIy&9yZV2itj|u%OvlP>-g|O^uGjvqf$awylCz1#4AJ9`#pXTaJS4!%RZ&`6Iq6
z$o5T|rr-h{VJvuiF@|SL3D=w8uZRpqd5ZTbQ5j@j$qSqa=4T)fiN3;}U{M6DxTxP-
zgZ&IiHAn%kyFXECK(JRymx5ImS#`PH+Ew2&D}Siwr_-GvoA<6{QfRA0r-%Zd%6HJE
zodx30Ut^y`2Z|B0%H|5c8W(_AUxzAD$e01jI?oiiDp(;-m#jW%ikiqR+L}myhhM)`
zw&Y_YRd@jjaxVUztL4YiO6*f^CMrxB)-<ms3(%zDk-gto1IwV>%B5h**P0d+<c3Td
z%4_Z#%F|`pF_Okgj1sl%^CQPh<mV`zrWs9kab)4e5*adxX(-S{#qx;Pha_|M3=7+d
zX`}<q$r?vf+9(o;X<YS@G026Q#&i5@vr|R6A5xudF=O~MRHfWhEAC153TAqAD~do`
z$-A9(O4CX}h_FwmeT(#2<GtN?ltKmil@QH}LEfS%E|%OS28ecJ3%Rh0L5kzf->3i;
z70Q-ip5W;Gf6TTO6u%|wKY8|_wdB(7vQJ}Ck-dRJ2m;Wm!>+v@3}@EQ1&jUkq7<nW
z%nCIo1aN5>g;oW-K2*jw1XAP#fYH$KZ4xL^pw}-gSKs&*M*R&qOm@$vh0SrVN4u@3
z4J_VSrDRUTX7-;bX7X<`yY*bTQtD>QC)@CWTX@9?G@10pWne5KU*jYtLwaW%fPc;&
zvd&5e`#acBn<doK%Qb3?tv45&fLy5ZU&y=7d;e)s{VcSmF?eMpoGP3*CnVW%rJzP|
zCmVx#-v@(Vi_1vh!xci>sr++-kb$O|FYHFmiO_b2%xr1Zm8VsR01}p7#JeN<-6o(E
zu~~X<){#~mI0Asy)4mnFhWjbpZJVTTR~%AnChMxW_6p31=UmY`^7A>Z*+n2wXvJ2d
z-^J)IR0dyH*9?dxIAq?O8`0=-^1h2#!r%&+jpfSJMWd9luAEAnh~!up<6is0;9R#>
zDPW+t>5ZDh^UlT&gF!^0X`B|77n$@Ts^Zph;EV;lttNCK;f)mzbJ6~>=t0FVyEd1w
zk$tN&?5@63y#jB!6)Xl(AU5fv#A}G(m<CJvtSk%)z2vsToh?m;r17EANkUMCHlOmC
z<`1^R8#ziQ@C?~)J+JEqM&zZLjs7;XCX@`7+DTY;cy9Gd@j^}+^{2$GE!f2K>OB4N
zgj`a%5JZOX%w`1!e%_f!4z@iqoe!dc!n~t_p!H0Xr3O^|?Tdb1W!a4dTd)uJ+JqEu
zd63!UT5W>8C&z;%NwMufm`Lq|9#)|PBW`{H_kzKafn1%4Hg4CSo>l**n-@*p2WXWa
z1h|E^1lmEoeYXPLQ3v5xdEt<HYh{UNdsc7%lAQM!VApCS>WtczGi7>bVipDIwG1sg
zue{9kNYY}tid<@-b@hi49lpbe0NTjnDEjf9(P_&;W++YiqUdopT`n7?{1uY2`+n#&
zwDLI#SR8)VH?vY`aT@gMCenC#NqHsOktKMi3%*Ad8G<q;g!9W1%adDJaZ|kk#gPRN
ziy!2C?gxLU*8;s7cAv{H|3yc5e&WvGo1lz~-ieZ1%#?u^<xi0Fu_07fNQjEWX_d2!
zIT=8uXecz$&VJ&}UVC1St2Wh@W7V^|={@XVdWpq9J=q@sE3i-(mfQSb%fr{`=Zv^l
z!(BhLnGN8z5&E?uN7hd^*LhJl){^D@lHC-w;WBY+h}-lxpkI#P16p+yA^+DsvbI??
zaxQ{$`3zNQ$gD#zRJF=f(@W3Dx$Lj2;L5gN9PKqau4uTIu7x2`0sXHsClm&Ilt{O5
zB|j5&bSvqs;FHIqhPhty1sT$bSs@^&Q(@%!%`@COTi^9a6>lUe{Eor`^ERn`n1(XR
z5SQ$8<uYq`g|nLCnVNPc3Cj9m5r`UPN&s^UFZ76lES|n|j)^^-6X~G1`iu4m#rya_
zIPst=c5nwp>K4Fiew@43tepL@nNO^@xjwB|PlkAv(TF3J<8kV0Nseg^zA}H`b{8Ja
z5Z<=bO$=jHbh{pnLn9c-O7Q+N))@I5xv4#W2}uwYXr9pbZw&cWyYz+{W5K2aSE(p5
zW#h4~MLhAXr-5jUuFaHPZeQPA={o~rW9F4%Q2RwGRhv4yToBcJ%N!nyzd9TO6TiNI
ztRneLA-7RZ<vW|4Qw;2`wZ@!P=CGJ$eq`W)anix{stG<J*1{lOh9@SuV*pm!o+SHj
z?6L2zY;BZo9ZVE+&q4-G*?h|~(@7}*u(k<Kr3<dxH)<3|x47_GHos7gwzI10g*Jq0
z)g6TMF;EQHO1bI<-3U03x5&d~j_^<op0@0u!t$)ojw|gGR#CtDCbcRFZgmv1ygLd9
zOg~fm>+<39ZoQ56Ev?0~Q|ZP=s`7bS>Nc6~%3%nA@N$O9r%OqrUeU^zDy}i0H8^Eq
zj?9L2L5xPNb}2=?@Pi@a$lHw-Kt6Z2CT)y&CKs)|nX6XrxutADr%j+1@kP5EsAMKU
z#Yed_@mbYWGwo}jEpFD!Oiw!2T5>Pd!&!WF?gm)=xKvYnZbfiuCe33%r9B>PXK+54
zGwzsA@Z+MekkDrW{%kutmkN|Af8@kuacOByoQ!?^6~UjGZ#HEe{pM@^p|DlpdxD;l
zbU|Krm!?<EA_kjfYK+?!5`l8yF`b;LHqbbZa*)8nLDm9V9P0+C;{4@kQ>3Enl~uIc
zw!D;`weSM2Ms`F&FpiVnqOP?c|0ZR>upSWdGQ>aayNmtV1y#JpCeJu1KwtZwME@0j
z^@>qihW!aN48Wfl<p85%qEa<B`$azwxMaFU8^_-xvY(!x?+~7*q=|m&te_$(aSYAm
z)gTBQ9iqRWaY4CKnf+Yv7*Is=yWFW_AH)~EMyl@gvt9D&%QelQfTQ=B0-xzrm%f;B
zGTqG1FyTsC)RLp1bM3aGIc)D`4&idBwBpWbEF$TdEzc%*T^rMKtsJOWMNMjyH%goS
zOV{kWBL8=A5z_WSK~uqNMJOMn@ieXqjGaQmxN4&5UbkkWN7c7VN@wOpT(dIx%wIp4
zS-FlO-M(=$F5*H=t>|5@`>zbVPrx$KRVztpzPK&Z>_${-L-vwo=zoA^xdbPdo#kZ}
zsx>kO`nUO;vkm~XKoKZq3!n8Ft=Eg+P6rnv1G{H8K3!M4VRV$aX=ZU=NC7v=Jf=UZ
zNQKISvQN0@<Xo!sELsC5SU(VMhDuRU)IRkA?;m}dBBI4gPJY<6m+F)x{XYgafk&H<
z1a5(`Tae#rqqT$$<!+L#B<}Nv1dO*gA8cwnYRbKR+Q&Ht!TNQjnIVgzO+TWDA<}O>
zi2u~$e3J2gZUJD(BS5sa1?uQVhx$|ct!iTsxmu2P4h`K7zQ|uTy+O{~CN0<!SZJ8;
zf8_S2X@Cr0(01khxd?WMoAn{84@`dB=+36{3;E!~f6FcTI?^ZPe-B=x0xy6KVXL3_
z!-&M=DYGaTAWSoZoetjIB*wucLkl#)E~9BIaBlOs<QRFk8QmuQljRTH%X^oHs7gqP
z9CvYXeye9O1ph?#0IT1citjd0!9-$1&jlo(L@;<TXx?A82@!#f0dx}l@ltZ@MuFar
z>KP1MdG%Kj`9oi`gNa4zesiFZxz|sbgL`Z1P|rKJcOc(sM|{D~b+JqWt=|Pm?d}f5
zYEAPH5Xs)Lc|jF0f}nmv(D4nh!A|z{lZz}{Qtb|P?8<r=4jyyc38-((I=(NH|9k#W
z-Iki44R&5}C+JpKu$aillXAC#S2XCFpZw~>$Nf@9CTi2G)K7tC0T<F_A$aSnpg;5N
zcP@x9A6T#_<lt+%_u9;UC9R@`>O%wubY9&$?czBbM%gDPPb%SvHu~IeDN=FwL&-w?
zk-8?@Z>Y#AzF}t@jnxu3J7d7JK)4%9Jm2!#4YW5s2Xu7qIvUL==_4wO?B)}Sq-c)k
zLSU^C@yL{q^@(4t{btgV+GZ0f`H)<ri!7upWX4rupXHQ=<gjS!xa9FqJ&cJh@lSVW
zO?+5|S|dtOULT3i==j1@e!!!$8}JP6yH?ZpEK}>dqmZuKiB#xzoC3HmF9kU}Y^*&V
zAQ3cHi#S-{W48_=0j&}2QmYN%b|P*05Htusn))t(1)$-sZG(oTs8L}5e65kXxYS8_
z%Do<m<@I$p51_gcZ4n@rK4ADz`VK(DB){c!0uo99@iF#Ri3smBh2+tvd(nu^E8TlT
z=|^VsDnVS+T~Wiz;HGw=b$rU9jU-SwNuBrNW7m1tH?o>1wXY+9V6(^i9q+#9l1Frz
zG6LatZLtscSo|rnS{Y8YP_)0YwBGLhG%1JGt`W8LK_Insuz9BYH>ra}DrslPX-id~
zA^z<E6<f2gkWvHX4)2bBYH4gs{-I7z;>RfPVFeF~M)H@@sm%gNE>u0v)B~EWy)be2
z)6N*a+_GZ`b7mY>6F$#WLZ)fPAW5(t)V=w4LOe|)e4Z@;2=_jniZ9=IZ$E|Mrsp{D
zXMHYO=Rt%GUQQW0y;b$aL3e(}F0&=;az=~gU<r(nFJV@1D0G-g>Cylhc#6y}mJPva
zY;&jFy&tsRD5UX)Ej&Uiu8i7OP_{fe*XM6000{sd8{xc|#x;-@*N(cIl3r~AYCCli
zgtxE7t55S&|5RxM<dK#uTJOO}?(3tze$xPG_FUqJqA+f)4QZv(s&p$NV8ExOV(R1?
zdVDVkIdjq{4_#4vt?Q~7MI5lCDZYvHuINwGQ)n(XJYLllS5XteQQGw9U8I)9j^|S1
z0c%iB!sbygGX_4~?@ZDMy13+y{4uCprQ#9U8eYk()t+7!RpMC`L%l6DGo;R9C6pH?
zz;2Y({Jl6919BVhVe79kAJ~V8yh_NN2U_V3sFDyMn{ApUcm~~Fzitb{Z*j_FqerOE
zZP;^Lu4wYK$EhAgnq)@}jj#6m?b{;w2wp$k&Uc#5ONYaR-{<Fh3Got=sJFQh7ra}9
znLpF3J+Lbar3q*e(w64zBOqfaQB8TRPzX>x2D}G;#WhIqr!U$wR+1=^!0Hoz!3I?f
z+)oYgUU9)F5!;7&1?%4vaWC0*>EUbtjwD)<>3z!%m(=2*i9eROYe7SyK7$NHA^fvd
zdYI{1fyq^GvT$hygah7d*4QyTC9BqNuALrcY9=PD<`fn6fiKsI8rglZz}2CYK~_b-
z@AZjtaWwoXif{ZB?5!<+&6<A8i0OL7p_M0soQaC&BIQ?$IDGdom~rHMhkgS5c$}+9
z0)ndcAEs_@ME^y+MRxUMJRz6o9cP7IV0Bum0bgrb=5M>{>*Qo0#i<V9brp!?sNK?*
z_#XWS!sq}y&SzWxLn@ommLqZuI1AAPqbCU)N>NZy<Eq|zLP9^lBcI|BFR~E3Vq8u5
z=I+q?5|%TdR$H5OhW4^l@@XFnKJZm#K+UelnAMgGCM}M-uUW6xzY)jP(|{<M<jl6h
zvF{M<+zVY)?MYp&=?!hHt|imqo+b52xncYeg5c{=6q2*k7m_Au7eb}6xX93;jtwPV
zw@H_<mBhcOf%ZLytWTnlk$PFsLy-k$#iBWWq1O+%e<Y_lxwxYlYDFs8=1;OlT{A4_
z-D<!0Qc3c$lq=6`xD{(YoH7~OfAn-k6WAFh_3<Sl-LMI2>TnNC#pBQ%0~2vv$8|@6
zz9Y+O5*@&@naAbOr7+-yQN@)=A+Z$8pNH1HiIo%Hj3l*@<(-7Ml5U9~&7*5jk>eHA
z<lj`$rbb`++D=w~aPM5#TiU0OGV+Ek^|+v}(w3@JvV*OZ?NYj^ZuC)ESGCb*o?*dM
zpE4G82yO9@Hw^q8gVt<p&a+@x^-u8RP)HwaQAq3V)$Jr?!E930c>g|Sfg;y@;cl$d
z+W^Grp$tYPu2kACxn12=YkY_Syx+b7L~jJQ<$o8|cMOHa+++VZg+O%G=(%(f%jJcl
zx7=l$7;S{?W08u^Ws^N8*ME7fnO0=|yHfbhVvSmKDxC#h-qDj#@vvdB3J@m(*#szq
z5OM{i&&=ilnp-&f9w<;cgkFtKi-0VN*?X)cK$~26cu@26lPEj{1~)qDzM3&r`c7|P
z)O%*r(O*pa%!%1nZc-_<UW5s{B?<bnveJ-k`GG3}&&8Gp@R{+I;Y{EC8^Skz&;r#r
z{PgIp9?b0ulWP4uM8HSR=~y~{O6<wcR#7m%+RA%F4>f1SY-va_{RF$~&xW&dcD8fg
z?Z(??7Sc$(csEyAG)NQq#mn&({%C?iH5vxgLec4Br9Cf11N=@cxT8g?gu4o}zi>9|
zX5IxUwLTq6|1DKQnuYaWIs^gT=3QpaJ<}EyjND%v7F~j@l7LD1YxvzHh}<;w9>Nti
zek%a+j??~z7T&t}Q_|K{8yYBL=Hm3YMhwO3EV3zxTX6&J0J!$~c$$Q;x+E$yOL<P|
z8&S^Nug=Lk=E{N2+Yrc)gesYjgywL>h%Up6TJPVX3X%wUb-17y1v_&|ytD>+XWn^l
z>ODXtB&fz<mG^HIxhGc#^ANj{i5PUH-7yr*{xP^%>zF~R0@yAi^dop-j4Gzzu+08H
z;=Y^xmWJpU`b%W!F@$j6L~YmRanTOy@q|q^gV|f@qV!|c;tyO^2(?Q;WM6Hj$7*yt
zeQm>`Y9$(b8DZV8s5ejHG_e~x4I=D~@!YMq*?<lMtee$<`UFws!$TGVQrINqzj_eI
zOiwpth`ymdrLb(I<{p1`$$w+aw82xdaD%EYX8J=U)!Vt&MR+pd*pD8&VsFti^ukTx
zO&n(-9+ui3Zjt`Dz5EkJC=O7^V*4{pn$xGPY2>`K`Lq9+YZ;%h<INLXe5BEur;R}T
zswE6@5y=Hb<f7CW2aIFHIhsmVn2hmN5m>!A(Lj&N;4vD$KB_j;@Gs7%sq<5CFxn0|
zpcG9P2}2}2rKSc^qG@0%mG$nC2&d(5`S=>W6o$yQZ3Ppc$acDD(HK2O-E9iX9q8hb
zN#T~^yb|Ib`exR<$zIa^5!^K>h~XX(K$G8fHr&+s@Pc02maU_UIHbo`k`uG0aAK6(
z2oj!W%qH6L-EUhHLb)8yx##aAxN~2rd4l<4d&ydJ&231l+cM)!$+N=!)amZF$CTB)
z5FRt$BxdYod~A_>C;<ri4CMc*XJx}U=tSOutF;Y3^3BG}x=t9&sg#<bD`^S2oBp$l
zko`Gj+U+-W1ExI$J?fPHg)vxH_u9ZlM2vlwJ#(sac9JuA(mVeD;iog~A+U+i5$`5v
z$kkexZWqjZrA7MaCBNZlKKih~PJQW1X}4|@$yH%_!WoB#r$1*y+HF9I{Wn{YB72U!
zxw#h6b^QlxBW)jn@M<PMd;|R$vsuw34t1kDo#YpABRr>9yZnZKfPbhq(Jvb-;u`%r
z4-k%xNFdO1R=q^DPl<vW?z!|Io-%9-uI*|W=>IBgX(6|Keq!!_#3bF+NF0Ni$wSE%
z0OK^L1-f^tJVIsF-9w{2LeG~|6@kRTPYeS0(3ZT?uT)WxOfGw?EXc0fa;n}Rm6D0y
zQy8$+T(hI5-^3l}`Yv}12oq3BE@tD2Q<N**6w7Je4NQ*cZPqzsYRN4s*?gmls<#^6
zx02@{=bjZ4T?>Zul2~`7@9ar_rbvz3w7R@R!KfnI{blXPGo#!|%T$dJcx6!!Hy$U$
zUsYjdlSu3=aLXc?d+L9S$7=tZdMN?T#vfOtN9&!g5sb88Mf)@WkIFBbG&~c}3bdzr
zh1N3jBdW%-I5-buyiEqcf>Z`;(E9Z0NUmSN@C*GI#eaj5ZlL^g<`+-|@-^iA#{2a>
zVB8>a=Pwk^mjZ$p%vF!zJnXp_IL+Wu+cMeTS{HqvR|OaV^)_Ij<f@2B{#x3rHR8IW
zfz0PP>?-6lr04<V`K2qkt8@A8lWbd0avqc0t}_1KCg9HYsppSyB1hR$gLE<C+|_~o
zfadP*v}Up^6xv-(^`?x#lx1p{XaP^77DD$@!lQGAKz)7BIYn&&@O!?Y`%0eZspDCs
zUwrD~Tb$sv;(4HtM}CysqH3XddxP{VnuZ-ztwJA5!xLh8f$YM<%>L3vso4F|aLo%Y
zkfDdeQ(Y{vRpR7@r|7BUPHx_j=Z)V2=e^pt4`8XLw$gsnkRa9Wa3UFj_XBTjYx8-0
zw8nlPjTC~uBk<j==DH>yJ~WW|c|5gdk3&-NJyS9>f4*9dShX@Geh#Bcfd|(+I>zt2
zR}4@gFg4?itH+|vBtmqF9H00^FT0zqS<d(#^07LNxY<AW{J?7_Jyo%*^%o2|-pR-t
zLRt=JrI>Je=C2*}D?R<Ebj7916O`evHjhy_RIj4_SfXc~dAI>W=|Jyv6EHkLiZ!fp
z25Wiqd$@@blwaie%r;`Y-T0JG+=5j!cdbiQhP3tOo>^qKui=4WVk18N$}K*L<APsf
z-6m(}DoVq7Hg&rvW<$aqP;@@+su<SOfALwXs7E@f8>}_H&>v312Rx~gj1rf3nmiRg
zXjkBa&W9Y&04!xcsUls$FN8-2)l|qfXLO|_MdF}^yRot9e)BS#{;GxKhesvJQ6%DD
z_{sAR1sxA?ThM~buLq({^|gqgDR&U}XJpGi{Y!cxKrb?s$P^{ireXSTP<*az%&^L&
zf4=BUloHN9U*JG(Tc8qwa37@72CI>82=<Q}2YM}2NG3sh)WpLp^^L2DSL}_Gk|B6E
zltJ{FLxIIfM}S`Qc3{a>GyJKjN}FLIo;(a#>LHmNeA9@Rd{8Y9ri9I3g+ftSSI-m%
zM1U6Pk35J7MYgX1Lbh{F%fHoTOGXVW<pJHGy+DsR8#B-^2^9hq5*k{<eH%bd%|{2W
zONrAD?a_-z%))sS*ZeEu$F7~xix<qotrOR_z<-Zj@WdB<I1663Y~7Sjv}cqyK%9F2
zebgjo71Tcmt?U8}vl(m-u`%}_BzQYBUt;IL=o9dN9{MCoAT*o}n{eXW-o{8(nd%7!
z#s|R@zAcnZ*WEdIR_ZT3T15{*RrJOJRI|Cq51L+>TfZ5X+b;ptPqUS=FYwzh>#0|c
zjO`uwjAc~_8bzTL%eUSsw)}#kq(rqoDuOM?XJlG<--;W%(6y!s)=QBC1nx|-plxCc
zj1I~RmPqU#R^RlZ?%y{vBdbjdtoow!eKTpX%@%H!-p8C-j{w}S756O2%Z<Duf})#B
zvI_vNotO!=y}&>`$qr(wL>RLvqAFrGye}<Ai{?JgZ#gT(jkHNVT2-|s&vJoHgD`Dv
z=%Gi*5HeE1klcp{!g7ciNjmV!IyeyB`{G6a)Hn&JU9~omfhFTW_b;KT;&J@o9O;x=
zQR?E@IV4WIve|So?i(5>r^l{wh!n7btQkalB4N);F7_kZXyBHb*Zhy3uMQkIe?2Hi
z65Jf|y%c`Q1vUAtz{5dwiM&@cG(Sd76}x$jrr*k=adC6kc9wOH7>aLW>HpLvDiem-
zKWs<?r|yhEiGpAl96xr;nEa(hqHon^;Fqc<UJ_CndMniHFYgt;VY0E2tqy}xJA#o#
z6Yw_iseYfDoB;*7fp`xU<3^T<uACyRam*n=KL7A+STm?saWgXTKHnUALY)BOn@sBv
zhfH><6FA7n^LwxxsY;ZL;kq>j6&dsq$1Lp4;ilo0A`#L%j{btM1So2s6osk%!ioR>
z;qwW%2j3o-eyP^%&1b$RPkiJNnl_*weF>2zqAG6J#oJE($@$EF<1RUN>S@uV`1^~z
zK~;UCuoyQ63s;R#pl@K52N@D#d!q~(H@y)s4mF_ntAAuYagR~x=S7kvZt_K^)cRHx
z95{{aJQ!$-1eB&E_qXd}@siMEv|bje7eLJ4_q@lOFPu<1ztDlRlgk~Kh=?Dg7I_}&
z&kAHQXM+LKUmF8w{1o~IUKvI2d#iPJ(m!`Xf&)lWiAXJYJUQL%`u`wLu&krZ5Fwp$
zBgwq4Z|!+tNa_5&Hu^IX)hM}67ls380Kp>M@mZsT-88EOxkW6mQ})eDSRnpTMHddZ
zkJEHH>!e#(*c_;u<~jubzNKLC>5?wBe0O5RpTM{|Zk9Xgaa^9dCh4WK$?;Tb0(@H^
z1NVW)9(!cx9XOSzWHLa;yxS2}>0j5!#s%gcYCv8~IZyk~!pFA!iVEWo@8i+n58joj
z5ATTtz2l>HJ4J!7g>c)CerY!D&|_?cM1r+h>@v_vFXNcRToBo?T#HLZph38mc#*5A
z(xpVw5K1$tN+<mobI_>-7(<(@<_ae~O)%oI893Z-x7-Y~^Tvws*aksPJb(GkdYG^b
zpW-|V!QuRIs&HM;&k1hQ2~IHo);7SSjN?h+`WjTa*P_m>p6H>QZS_p#W<{Q_w1vTS
zg;XpHB)cDWwB1pdNBldhuS^mLc+*hEL%?6O^%vhO9yzJbnH1MN8GE>XT2H^aR=fSj
zqaYtUWqn1j-p(Fj2x=35dU&UkeySg&AMr7E0pmAoZSHjrwe#0nYQLZTG|f1(qksGT
zQWxlWtaDEHy8t<Z$Nqkj*{@T$$rjQ$(sl;*6yvf2frzpUK{HxLuKAADm_ly3Wq|#v
zs}s_X?`q_=<y#B@FdgOq_nHjLLuj?|PH0Sql)3$1M7;%69KH8HT$~nNpt!rcYg^ol
zyBBvW#p#3FQrvZME$*<myGwC*iu*hL{(tAZ=dgD|CX@TQlH8e0lA$oOOB4F<+yS@z
z6u-?|{!P{k<Q=EzEw$Y!o7N-G(EQR<UXaWu_7wq`5fRXTZemFvpQ+ISo7Ox*9S_fM
zgLNGxz_i~GWjaB{qL!Z@g29b8(fYqX$mWV3O8m-&@G`biO;%BPc;Zn|qN|9WG@Ehc
z;hc?B-7lzCU+nlwgd6vdbdKG_)fkvVQM#XfO6eB;b=DRN=@v=#*0sQi^y-FNRacu*
zqB$iOZ_9{Nv{~yGcRbYa<U$Q{LHjW2TS!o!_*Q-95lY69DPs3r+J;PzYy6Xtk5H<I
zIK?OV6-N|<(JAo}F>*HS!?ukkj4Z}ueChOli>KO3yyCZkwREVCivDTOoQLKoOq_3D
z6BKzRQ(!<6yq`fF!zAaF-R(0|y_hP^Ht(<-Iar;e(okvBI5@x?xRO&6lAq(Xux8=&
zf~*oYc&DtkLbee9gWeryd6kw<l$@=g?kINLWe-hU%r+M(RT#LJ9?h1ZPL$t_#WE;p
zrwu4vmHK|2Uku!grp8icFT)-I?Q;Dc5R>BeSRx~cub_E(^c1i0DNRgM9{LrBiKjK?
z4294vEqXh1G80g&C8^%2Xn1gLd`q09(QwPZwsI?02$PQ+sP1JesfkH|qpb$jj6rl|
z3G&fWa4L&{6}@q7x>B69w#l~Mh8}b-I=jv%RGVog-J_ix?)_P3P3`<uA4lN%f6@&d
zdvKb`=|y)hr!DlJNw8LYnmr0j6=erz!Op6n3bH9I)M?Q;q>@&yEYT2ducLT9L;f<q
z%&>yNGi<+{(>{Q+epB!`;*en(@kA_l*L57FV3EWY!ji-~Fo;%eTg88n`1ym^R-M;+
zQ_qyXqWh=Ui@iO>*fze2kcTZ=G84^`Q(anbtce;AEQ6jDj`1WnS=_t!^_Q3u3jV;i
zJ*%!Sn&2;}AMo~FoC7<tbecfav~ph{p^5AiSV<p-(ZFgcIgr@@W;OWmN6N(uvOZu_
z#)Pnp9xKmsm!oMB$TKRSF5ruR+H1U3XMnG#=>^_q^b*CXWR408OP=}XYUvC<M|ven
zUY&&rj}=n=9o(f=gvA+xT4kW((y7l#YFZ5W%lG~lqMAmK9d_bl*7CUyB~vOWEfS8A
z2>7i<^$5x=si^){DMe(N816GJJ@`7cxl&`&Q9%?o@NI6PQoNP7-z{o4d8xqOAaUVT
zqfKZjEr50dIe8f4^6VKlGWEG2>heI=8L^(0;8IH$T9q<NJfS$4b9?3F%;x0WDa_#V
z^$8(7JZ|zpC6KTxXO%4y57FQCH#92`H`?vQS%QVci&#ZoI%{&S5EEmwH61JCKkF|!
zGqazHWTmRagYQLT7eJ{VgBLqtsBC&6$t*jcM>}h9ruFsHB5TXF<5kr;ecUj^b-q#8
z`i-yu5*vS?oIs!6lk!EY{3gyk*HjVq)$o*YUMp9QDLzdzHGf9iw>RSE1H-9d;^fd>
zT*;80`?SsgWXgI#ulhsMkHrXg1O~8{Sw1(|$=XCtvfaJ!gEdq4@w#kz4fRmz?p@T-
z8pcY-!k=(`&G6z!GnZ4Q`E^$Ws*WS5W_g<?Gt<1-6}9I}$6!jiJeYUC{+kD7vPMUb
zrUV6(CaO3YekeJ9Xc7?}27cH)O=N|3iG*2({`kO<`w%6QCL<VpJt8jk=sv{Hq$%?<
zNdM|m$gIUzWj5^Mt`H8EVcXw+Y}wit)GSvg|Ik~j1F4Zk>0||0o*N@fo5&qRXoRiB
zA1bzBB5X>Uo@|B*qhcye6^I6}2Gl6gl5wd}++xaHZDW7u8VjPZgES~^beG>^a$9^E
zt;$z9y~PZBFijBY<u$B*CdWT@9o#|o4#QWd@E=e@U;Dz&{Oh$uHhPEDEJy?%F9pJf
zPaL}q>ss|o$alWu-C@ZPh*4nL+s-9_?NuUum>~w~Rz0?@(=zq9u&JN=C@E~JzfqrJ
z$3(9=#n~UzTTJDeCI-Vw9Jb^>Qec1jot;5PA~7){o%rwGVRU!jn6%I6v{~ORMoc!O
z&{*`}2(l=j;fA`cecw3>a%S>$lh}8M_x#n6oPi}sT11DriuY7h?fQNtv=d(_xqU~~
zC90a}cLaekhGYNPBvro!?)4x;e{b;nbAiB+@YB=c_uxfPj>7SrTXK=4iv%f6ivdPM
z-6!ziOq&p8O!?h(E$YT(z%4Jg>^Xw;z1HVK+ai2#E$$Uj5W(B67Aoafi*lQW#pBu5
zlgSqaasqabMk~?ZR8qCDf{OfJMdiAM+9EVtVIqiXlA#gk87yKlnnOA9lpe#&xY+(h
zL)wW)+hwQYX`M;8PSUf}=%m$_e{&Sfs<!`=BUeOrOCvns9y0Z&Et72l54zEjtbqs&
z8vwT-%o-YD4(7&7-rHjKrX7$|8Bhx6zpbG0{nHXLJVd6Pj^#Y;PiXex4_EW28huE;
z6Le1PI$X5WO<i?Hs(Om^DB+Eg;nV@}c#n7r4hq(iyzLZe2%OFr{W#)bEQ}Q{&kURa
zkbo|s^p2HDx6%W}=_LcG=vn!a+OxjgLSf!-@wV+uX{Tm5_r&aj0Pw8|x`xGg&^p&<
zz3CE{=l{B35wjXrFQ8$>{c9OZ?f0_r*!Ur$8K$cg39(t6yvXdB?YeFgL2}&vLq+%e
z4>r{z*#G=pIXLRNs(+d5=WI;$mRO%#&C#A#s*)y&S{~K3@}=|39N_P_3dNsr!Ypg0
z%;Rxi=lB^5;DVdBonwoh*BcJ{cu7){_g3`ZP%R%-u0P-F#-T`4FAVh>MYxkAKHS;D
z+;OEgYm8DU4gS<tYig?3Uu`*{Dp`?LNC=XO5yag7n4pJO#QquOcx(XSkMj?-r(E^$
z<3j7@n-j!ir(NpeWo>v9mFn>vlk+2eh=+?9Oi%ihcj#=t5kAG+ow9}j`Vtvuv;mkW
zD$lBrIJPtPfpeHjo`~nYlecl0RI#l}GCAW2ToIu>{<jvpG+?>SZTR3W%TOLu&PySp
z8s`GDI`6!Iy3e&>(HFVO6hadaX5f(CzEi_9t`3tPI7WZJj>Y15ou6Poo6+H~*Ip)*
zY-^!=t4`RtEQNnIVYxb?$S7}Xy(?cWv-uir<~WGpnmd!G4Dp^EJ86%DB@&z!*SS9%
z7T@|aKTv1x*XG{=XEiExn*ol(Ny!1(xZSdddfeZhrJ@Ov8i{i@giZ^~{7Ch5^47`4
zK}v{i{-uWelN{ZUsn6YdZj%(0K2z1d05@S}iKf!mP5B+DE2GEHvz2peDJ*NqG8Q$o
zyt|zBzmBmv)0dh8seVjtDIesWvmc3W$dn{GAOaNYyyK!Rn_t{(OFH@IPK~LmL^TJ{
zlv<n8O>Y@qLyv7lSI6+DIb1!rui^do3kEU%>V^k-fe}4F6wLoqLI{msrzF22fZYFD
zT%ot=)Ga+%A4oU|<NkOM=GF;#3NFe2-!o3sI_hBq4{Yth%z`<0DS}0c$vf}K3v<tw
zJ}6>41<CJ*rtFOwbHsPXa%d{X)MAyyfnp|M!N#1f!h94=v7(z>7C`t)C2htc_+pwz
z&FwWS7o_#|jIR%6`$c3zM8@Q_<}e>w`8KT4Pq(+^-fORV_-H80yL$LiSX*R?YEP{2
zR8B#<Iq{fqmx>%Q-cg}n#M*vqt?UOWX4Pg;7@?hUR%<!WV7uq;57Kg;uoSVSf)ubz
zK_g=+q8Ym<NvnR>IFa5PNfYSs+dE~IeCCY>UdmkM3<a()`?gZhb0mCFi!v9i0|xuD
zZu&mE$RyU%mR@VyT;q33RZ_>{&-3dXR!}01FU`@^xtQzAyK8TfJ68#xM6H)AW}~Zz
z)t7CclqPNcE7)V#N&(Jh<^5&!col2m^1zpAeFEpnFWJxtFU%PAh6ZFBh-0H?)Dyv}
z$=DIsq5N2hvMME*fz<2tnG+mX;D!9l@}H`0KjYRd5fr9Q7DJj`D8N*I;n-gOeEB9J
z3b&YBUzC_|^5toYbw{jJYIznkWYk~m5IJ3^<*9d7yPCsd>D%%WTu`msYS!%NQyn_P
z*KX7|Bw6IL?mCxM6|4mgPxQ0)45wGI&N6-Q>U5km+{tEq^D||CS${2i&3Av>Jy4!?
zJq<|5VL)2+t$p}U=u5JrN>sp~hO{VT_mxU~m?uX*0uW&-0gNLWJLPqR1$-NwiYYtg
zY;8V#Q~(PNE!7ty9;%Jss_~#)u|!5GXow4t+H>hc{$UgV%GCnS<+LkG1%X%eIAGUE
zjU|fnBTeCj3nGWYCTY?@7kR$G$+KlG4%pjc8&1mW<H`uo#o>#BRM4J>R#bp*DUj;d
zVvvGb!U2E|a`9ov4o!e^-ebu3CIAEUC);o=KTCgr=`p}-_#M@k32Q0nCQ?civWRPd
zDSX@SWPp`<I}X*x9~h}1()p+WzB^t5kj+_zP-T!Z;0a!aT(IC1TTaS^lQMjm^CL@6
z%DS3tQ}~nl^=}eZGX8zYO%v~c`Y++!&SRZ=J^@L8RQ0HUf>1z5H~i`xz*Y*ToRr*V
zVE{KVXxOB98puf;z~*ly1@#L>==efVDyqN%Ye;M?VU-Ig(61Okw3Q18dSwFW4@rYb
z3aVub2)c|0h-@GYKvyINBt;?xBz3z7{nN-lxd6|VmO_yFK%grk#{rwgDaih7cybBy
zk!m9mkPO#G3c4M`O#m7uEy0J`kLDl%wS12PAc+8wK8ztZ*_RK6eck2nL%zR+2V}^^
z22|1z4inC)?pkLGZzsGANE>dU?i2?Un~?P~O}@w(qLECxeS3L2U-y6e?mzcSMLvjo
zL&u8(=EwLx`7X>@u!JrPb)lnXRDi7H@Vi$v7QVj$=6Z_G$cn3__%JbRrO5(Veje#t
zux<LWoB<QQB~9-Z7*!FS%5}jz1G@7p*7Xj};v5$5#HO8L<iDplg9v|%bHJjj1G^$;
zrlDN0jv+L?DfJ=z2%t27S2e94us)+7u)>44VaG3m$GXAykpb>U2c+qpm<lkXw<sb3
zCL`gie!$)lTZN|ooQ+B{QieWYn7U6~u!cD@1kj?nX*P@>GN}ycx$(n*@NNKR%@TJb
z(%)LmKpyyG1n74>z)4G;kriPjbqh1?j}iy$D?Ok;PQcxYfm5AphR!gClWRDklTtud
zE|6vE2JkEbq`Hs=;HtX9-2RbwhPhP(WLV(F+gRYiGkyX`p!^O5%973N2gF#hLM;Uu
zSb?=j=^7zlA-b3QL@Z3Nb-I_GIRr3oc>qwoITtaE#d07O=Zk}9T=I``Zu2`!TUKZz
zP~}P*%I}zEgF(2o6-?`Tv?-la)*YBJ`>?v@kROU%upO1ag+qUE@HRLAm9)vb!mL#^
zzk50_YI=u655VLeL$Gp)$)CF&<ZC%TIwf7@ur`;l3bcTKCWnT7Rj!YTL*nMspSI~S
z4>KKomsP$En*|Ds1YD@8yGAEoGo2@Lj#R;~+Ps#wg4Z^QsUO(ETJVf1=_S3+{EZf4
zQ7cv-TAhaC^!QrHAEX+=0e7!Kf_D-1Nk7P8Hi}R8d)Ty1s8yK-eEC=J&#cB1SuGqi
z#Pc(NLa~8nGx!r|5dLCcIbgpF4t|q3C=LYdGz56}IM8lyfMey?C<3SyP+>n%AuiA&
zb|ZFRUnN}`7Ma-jh9}AEWs{JE83BvI_ocuHYYZT?v18)plG*l?={1~8+l)AbD}8&v
z(l-KEsZNb|akAEOMAP=$gPe);`j>^zV9i3Zrnhg|M>E6=5`YH;;Nf)#bca-rK%0zK
z1z3j*vTmqKy1?w0q4f)I>~&at0P=~VJfW>PLkQ21J=o{`Y`~XHkbpK_jg%gRJT@5>
zpoNGJDpe;+_k_0NFu?Iky24~FuLBZ$0}@LE9YxSG-5B-ayfx{C5Fm|V9u=&gvMY>e
zt~pHQf_^|1V0L@J<UOBi-yz?S74I9p4@JNS5$57^1#G+PLuG-M0zZbpPxTA-f6=WB
zHVT<#Ix1iS;F=~N!vX8(@eAm1Cb+3Krh#sx^Pd<4z;)|PaVY#YzX7yw1m#<>l^=lq
zT?=q(KLAk-jv1m;C>SM$U&2H0J%%dKzH-DzaWK>J31GMYGbqi4zcb9=hUKM?LunEq
zN6+OrdPjlrV>A~qA0E*ErUSjT2;k1i08rh3K$Q=hly$&d(?|SfS%N-;aBH~65(flh
z_ffn2R25(@Lp1=@Qs`lQ$?gWFy+G3-+^YcKj6&{Cu}I~lKwxmI0sPYjK!yVJ^8Xyc
za3Lz-G$a)W3dDtsuouRX!*J+my^{1r1Ta<qB9(Y1@`eFmtiON_{VKL$9VVS&#4vg#
zt?C3ZhvAe;fe?_E2LQ7?ZVI^h*@SG63zV60hVh<-$6ey&ZjrM5+Wj8jL;KIc6#!?*
z04h5A2tjF57(nph!A#Ch*o6s2!%(p2<W}N>r3D1u1)y2~>xCfA@Ahq2p(sFGO#}?e
zdk_|YaTFF1gXj|Z^$Fy4Yz{BRpimay9S@kK1~3T;`T~mhdn7UkAc_FNXdJMFTOklA
z_yIpQ2U^gNXfVpXF*)lOCV)d4aDlBmWxzQAyc6HLU-E#B>PA<#`|MxbASqT-xe9;-
zz(mhP1z7&`J3vqJfN$!TG;8XDJ!g(m?i>NP^9EGO0lAK1-b8@F>ZNeHwFCSp0De>v
zQ@fT!o=`AktO*%SUAos3$^p~QaWX03DCDM8CcYmEfc_U|%K$8RfP%1&+ypWBuLq&m
z)Zzp5Qh1Yd&M<6%q7RCI@V*HYWCOxrBY=n`9}G2s{xoy5m*=;SBEZWf0B{%v#F7o}
z+avw8b|-)P7u4+lU>E?4Ul7=Ie$ML~i2B33iGTh35upEhpuyh(?(LgP03+Z3?-qpw
z2-)87Kx-%_fKkR^r>x7aQ5b|nCj)}GTLK^w;6;;v03aR!QeMC@MYrKriZ~O9s+Qk5
zb^Y*dqu%5JjL!qq>kZWV0$8#GAMng`0Gb(qgbfgK4I2o}=ovYozVBmD*(te|Ia&f1
z0Ka}LNkVR72I^-7V5|Ng>;V`lhpspzVtx+x(4k2<>>DgwN<Md4CbeYN;s0nbn%1X)
z79!3~WvmEX;0o0K3}|S<rr(xDlh@kZ+%?&vEfRmN4v1R%T(GYkKpXHd2gjc)F}vvk
zw_z0oFqXg_%VV<zygoJnQ*!J+uMdm<Puu<pX<e*13y%vu2<1&+!D8=g*(h;?J%@Iq
zjsm_-;(KwM)~>Xg6r5RIg%36`Vu_(MekaN-baVAb`Gj<RqD-)C8foRoFVF0OH~UFE
z9u>N-ZyQd5H%PdN4Voo&f20Y^kx_}PYbdWnh8{yCc`7tY5A#(JkEtW&w93?5OyW`J
zO_Er3%37#f5+{b)Mq?WdZtsoIs#}%A2+d9X2a?l(*C~0?R*3V3_c}I{XOaaC$E49|
zCEnaNv1e1om(9|FnGXVpr^FWCS$&sh7<Y4a(8$>(r=;Z+Z@bxyRmcs6bOLEKVYqjl
z^x$SLRn7Izq#1;EiS+b~3-R`p1FgjrX|(Pqpt_TjMyhJtTdUciC5Vcxd5jcVya-|a
z=Ub~gY$nsUH31I%TPwH7F^CG6af}p;pYOiTw~=m$ijZN9l;Zc7LhAWuKkV4P`1O*(
zzXK4JD_x+FwFu$d)C*Yt#7u;cC-}xn-SXlg>}Q!Yq@f&;p~8!M1evn8(+9_Tg)C~a
zaxL~NUqyh4y#^(&A2%NMh>1;Iu|xkLM}z82Kv8kC#im)XMUW<b#_!;+lx?~|dHT-v
z1@i7`6K{{e#o$H3``*A^OFvVL%yCI9K74K)o(*X!^2SaT2^X*Pse{XQvIj0yN)aBa
z@uLC4x{jT?Kai>I??xNZJF_cv-{X3wXAKc!v+$lIh~d{)^@;*vPIlK2sYHBl!dIT)
zt9*Y{bIgvN*|Kjv-~94RizS6VMoq-IevJWzrY;cFxnp_Y=UC&@@1wE9`-KwAJxX{X
z9%4K1+=t5&E2F=)xmo-Y7kPtm@)VwT{|$N|b-~%=sH6<l5v2m>D~a`zZy6sV#D`I3
zONJ8mG798j5SU^fR);B<)6x+cf^p+(-)CQ1*A$&&+wRKv8`OW!7g`mKJ%fMhMN_q0
z;hZL)j_#QEqk-d+O642^rzd-~tk3JZ)C}x$R8p@1Ja|jk)$S!uKHlJ)VODo-k(y)5
z4;F?bkK>15nW0J98Tl+wQ~n+cixvqo*+%OpUgEq6U-)$j!^VrdHbaLWl~VDj#2uzR
z$C_4bX7(Z7v#t;(+qn)zFfulxu;t~V*At1>?s-TZ7(3?m_V)q(O5Lj{t2H3odG`A1
zTP{H^QR2^Pc}p@j&P*R+!c1@A=S93Z{l0+5Kv1nt_0Z`YIaycaA)77roi5c30dzYb
z`xDdtRqywK?fgJrCOVQOy%INk#{w{2j{{R8xV2(-A=M;Q+BbuM_=h@b_5_pOyE|VC
z(v9iM+3fYD+%~#%3m3yPXH)*n^6?@A)WXIRGs|T3bi>i2CE4O+L=s-0x>dV^>7TWU
zEk7&1i!hQ1>XqON-MB13rhnEX%1KLBp}Kvw+szj`s8DY?UzH;f4{6n8{6l76Fx@pq
zJg}$8F7WW0A)PtI+ak;;l@&^xsxHV*jTJ5;nBs<GVbil~%&BW&EMw-=EN(k`yni+X
z>c_KE!CsiCk0x&5=;kF{?DX~tcSPll^USv8JKkUJ=r2BZc*dmS>}a#Z;0kMfI-Lsa
zyr}A$7d!O@E82wz$=vfv6T5mg%KIO%Ut#rQCFy$}lCw^UYH<E79VU}=3lhT|K!TxT
zzS;duhG-a6GR^G&M>M2^<<cnO#t-X)vK_Ite3E=@v-QOCS~a|tVf*eIpXu}2Kp*M2
zM!zBY=_V<QG;_tv;K9uTNj^apRbh|lwz_HMF^6fE-rRt8A}CNv?C-YAQuVlY#8<OV
z*|DV$hKz28msSUB9wZjlW3)?&*}N^D7^Zn!Q?!^f*kVYt>b-R6R2CG5C&C<e7gi|Y
zpF^Zuvr^RWVJ(4uTeE*W4Ceg&sr(I6bprOjt%`4}ym~bh+=f0C6LFMO_u{UB7_1~G
z2p|+vU2IWPztZZw>SoND@De`6>5^}Xq`3)lkY1DQj$BsB9TJwjgtaG&F~|!`>KGIl
zFU)=WZIYm;QDN;GmI;;){9gSvbt8Xr+Q?=)c}KUSia^e%oU>k*<TI)naqJhzCfWGk
zn{O$!UApG&v@i~WtM{1ZY%Tf(h53`!S#$Ykz3_dY5}IDYUhELXp2)-k@ei8tRU{?H
znl=JrYDnh{8GVlP`RPNREmW%fEZ=9XZAvqPM7ZBaHb`^7Zy8TK`owvICD43b(<#L$
z##XjHIGc{;mnX}gs20f?`ycIft8B|7&2v0$wSA|^v&P!23LZjJ*&}1^bJ^(GP}MYK
zYGQgn^2Wg8j%qz;putkC`vd|qT1CC-Gk?HKE(kFL55jIeRr|~9_{bBX@;-8S))iMB
z%H8molhGpbg9lZa@TI?9@|@06zw(&-OQW(7$L?k;B@yEBQxe@A+NrI}Ci&Cp_|UN&
zK{l#38UB>si0!{!XZq_S`qgGu%57jQoA`A$d2qp|&wkwGHqO39T-PPQpXplUImT>5
z&;vdffaCP(UK4K&*#|88vDe!8%^?l#-nziqqGb9YjJZKCgv>ZY{ujmI#QQlamhHHS
zP$&~9FmXa#$$`%^N*&2v0{22Z5bcLInfRKW%i)k&ujUiI*@!Pq^Vkj_a{K6xeExD3
zRSgP_&-_l0s4t&51?iVc>W9F*-WVe8QUxK($kS)v+4^i|lBJh#htU*oze85{E(uCp
z&cc|-m7dV1=|*-wMEMI-Scc6Yg-+1>VIebrO*2dy=M*JNf(=CH2y;8T47Z6K)+W9q
z*ODZT6$#P*aJkKDb|+Zl#(MQo496h-t)z@T8)E=zt{>R3d8i&KCZyoruU|pNQo)Ek
zlhc>d;E<m((rj1Pd?34ktBma9PmbXXQTYXN@ZdZ)inrK^OM{4nGStm?Cycp1wUH&2
zIJSVREt^lU?@0pQ@1yAXlaJfhT{yD77^RQNUKsNRiiJKrqAdx`1+w^h;c_sU2X3u~
z7URG!6`Cl#1BMp6k7%jMeQyu2u~c%pYpVT^BpXV<)&20`M!e)@9q&48NT6SvolO)Q
zX6q;MnAs>D)2dZq37&Q_PgbzRd!Tow-0K4mDp7^>cF4)r(TK6mCHrhCnWCKZ^(&o>
zA)Z>87930W=g#4qd#6`W)7Bg6ZwQ*drd3dVuOTIxn|-D(uH3^Wqu4724|d3)s`++A
z_ae`MmfFLcOOn|&UUm0vO(l;wSg9CuC&I3(c(8kJB(j~~SNqk`$B2??kolUTRFk22
z|JU>I_LK9yqJ4F4JImg(o*7Kqvbq^I=$^Tty&$KA2Y;F9;ziC|-uaZpd}@}EB~5oY
zuY?DeSy#vGr>!wVslDeC<T1{^b`r!8*)prW!KfTjD%>zvPL_Pc*U&C4onP#Qo!7|C
z+1}S6d`rL*ArDb>wr0L2Ck%hv1O@jtwA@muMfaN36;nqeMCwjisWA~I>N=;d@#>9p
zN8`+K+eQ8`T4i*JnOuz_DR+y;nT@HV{XBP&>#>ky6E#g;shQ7gBMDKguu`|_qwFZM
zEdChHTc20`?&H?JmmUUVuNv*TnnW=26dqw>#|2M&qX&l?g(~jHJYWEm@8YEcjW$~{
z*oyh9dsl<&CYSEsbN`nlh22+8{_GK=C4Ev(XTD|Hvwqk=M;GB`Lj^?2JKjEf4&S&M
z?bFax<B9BDU8vIIeZ`J^R2{y>y9}bPYHLeXTK<S)yCi6;HcquCTCzLtYfxy6Za8eH
z{=Lt~Ax4L-AFRE|+1O^}*r1o=mlF?u{HY{-ge16AMs~1R;g@4p5B?ltaRW#4eGbD-
zLPKm)MdRhufHaWtdltiOQWeOMd-){I2xK?|8Nw=JlQ0r5pO8R61~-tg@l|XxQ`sQ=
zn=z2+`V5>wzJYrwoWr<o)fAhYP<#0#22}P!4P;=e0~udmE~<pqx!lGI|C9V^$EbbX
zL7Tp|p#IxRPZ1$<cvk&)v9uzuVsVM_lvA2rgnT?;K1S`?7@#zsRm~x+BEm@T`nUA^
z^bbixttG~(NkBrNX^0nz?<4b-eY|~#J)`jG{(Rwo=A`z(+kM3b&pM#gZJOPTp;{NG
zE6+#fTJ?DQBpXI;i+tLZsM%hN{OP<u&y9bb><sAa8Q-<(c*ZD9gU_p{vi7H}n7p~Y
zaCWAws64rsrAVWBWBq$V>VEmtgmC|ohMaCsSzX<KXU%sPCbUP2kxK7^Olkf$Y(!op
zgLaq)IU~I1XM3|}v*!xAbxlEwFoJvo9ZVf)=1W782woA09#nXvH>@Rhi5qy<mz76g
zU;F&@aSh15pWQ%*QwM(8(hv)h2Hih&vE=hgZ&@U0`b*EZbjwN@O=T{u2BEE~FLUip
zf}iwTuT2d<R~ifEp<nm~qBTKWzUw0)%U8}%$)q{he?<>IMrVc?`W!o5)<klWRR(@c
z_-?0T*_=16elU_DJFnva;r@s@DN1szWC8wojC;jItB3$!C*CbMf`Bc8W}6)3-sGC+
z`!uKHkj!23f`3|9HSS`WUlI`TU0aJUYyENKs*UQ18Siu2hgA{-5+0S?2h2(E%u(@F
z%>-YBKAf`zNrQSFS+$@|_KCFQr*w+hE-wXdXlV~YwCH(p?dq@<BYBR&?W_)~ja8;;
zyl%;YNrQG7?ymbRy+97;!Re#m2pUEOmDK{1`|M4`gfyEkf8MyuKBOc7`nCSOk!ACr
zDRus=RJvJ}8H?<5@|wo8FhSsP=87Vxaq77LVukddGz{V-JYfJZepP$#1r^tWfU`Uj
z{8<$^>uijlOT$^YU_xo6YupnRp*%2p$y1uR7u4-h%yFhAO@HD}%5p===6+(j?17Z1
zJ@q_{xjo4-8>=Ru7H!38qc$P=c}GX+kU6$~6e}75{!G^DI2pdZ*5D6nIbA$6ZM=BG
z%mZ`##ku1kCf_9xvcH!^wDiXnTzwrh7?R=z1+PZhedCHf?SN3#&<!-b+a7_;#Gk%K
zPRQ)j#l$LoZD8W~i5>W@_eEOzo8{eZA%0S7dF<G?y^8+xR7)6MSH2Pbc`KfT-wGDd
zcAQ*nJYY^`IH|s-Ss(&u0&BOOd_3JEYS*Dd)7BH~X*62IB(VtGcYhB_-u1+75S!7h
zbDHzkFwB_MjiyH1jdNF=&Jz~8C+XD2j-`=8%$M!dX9_)s$J$fOS=6k}DE3|e$jQqN
z2oF&MwFM^bwdTC`z&9QoX?lxhq<Ayav=}>W9sZknm~9hD<!UTH46<o8-r*WITX-r<
zXHm0(q^a8D(GcA{uy5FnL=T42>hM-Wz@e?vOAYy7;C&H#(*ot?-{AJQJ4-$OQ&qXT
zWH6#{K%rjEm%S`Jz}fh27J*0#+1n-vSU6-Lya2|n5s51uewf1)(NCj7rLR~0(#;)|
z`_fm`eE#3za_?3>qxlbLiJz<0#Ed|ss%UHU7(6I7b`(<*Z1u>oM<CW(Hsh1o&<!uF
z78_^Dsdeq{R&A5MO%fZOwpnBg88{r>^g0q6ZS~>><8Fizs0c!FS?p0%P>5qAR6iKb
z?8R4sM7lsFKXkt^%E>orR7BS{V)gyYun}j>TK<*CWTi%yQlvRI<T;w|Xh4k61zKt-
zMd}|*qThvr+}$Kkl`|zUF8asubpxnsoZa3@kA_XZ<F)o~QXGA=V3ec5FROYNWuC>N
zrXtvVXhV<{F^$=Oq;apk*TC_yfHS{dKsW6{K%sAnf;cuW@-ODxMuT?gXTFs$ZTb1-
zQA^2v)0nSg!%ze{f)r~tMBE_)|K_v@OW4;<lpagN1VN|xL;Z8wLaNcIY0!0=FJg`+
zkp*le=3{}zdoA0_55Ng{pZ=*T(b~In3qQF8#5Y}Y;d&EV4Wj36X$JK4S*hz$MTz8#
zD&v7E+Go`M89JBC>u`Ny-)?1IIf!;CcSNfE!(NwtH7^EnY-E|*qIzIdZ>1_)9P13O
zi^_60_e;$UcOlE@&hi)5tOj;2IlUk9^4^iwC|vf-UlK?!UX3B`_pM}HVq4?ztV|Nt
zsF8_Y?5-R$_^bScf!PwonO&B3)@Uk^&;mI!8N*@qAbtIhx!ytHde=MW{pruHD)Dbq
zHk#R<+%rfnyuKSb$XxEO=tYKc#Idzwn<}-ghGH_AmbF)-KWb}<c!b`x#e_&K9oAx&
zJf4X5_x$^C_v{~b*E?3%XLLVX)|+QXHvapO{eoLH9?kLz&Wuc>*CN29(uzfi0T06X
zEg9Cr+<n!`b`7{ANGAEorn>i60D9L-c!t(8JpvZ^G$TpDmphU9c~2__?f#v}J}mmz
z{GE3$?$aRFoWs6fMhD|ChL)ovt2SatP17m=X~i8Uf(P5NI1tiV?TY^-Q@I4lvvA#b
z)mKiybd+elImX$hf}IXUV5E26SrS>oU1t?ix$sVeT^|8QND46FC|%7+a1e%-`;2xn
z5*a{fXxW_W8QPNe3(n_LY#hcf?+mchLuN?Em=IOxa_UMbJwrno26#|~rq68K@>;;F
z+@uxzC@f<PLe(i1o8BdSs>uiE@9`@ucW^$m<SHXaJ(bv4Gd51grE?Z^b~tJ&b4I!+
zUD%SkHsB;NzGr&qcB`oaCWZd6g9_p3xga(BA0a0T5zK3;I%?Vpr0W%#k0ySpjA*8;
zblAgFbzK$W=mc$rt@cUqT`eBeYXD+F9Et@g`GVW>%v(Gslcijgxy}dX#-4|5z*!=x
z9`bd~QvVWZJ7sCnty=Sq+Bb=F#2XB{>%zh9&pUfda7qF#&gLy82c?xEJ5AD-r-fgP
zSjS*AnN(}iR{7k6yn8oi7pVuL6<yqnM)wN3K>}x5EdYE*cM0^1)xpR@ftC@AR)sBh
zguNyp-%$F7Hi)X2&DKwR4kQ4zPLeOHk6_V}KdTn(-UV0NlM1?M>8@r>jZ}gM(ag_k
zZ(g+QMdBg*zJ>i_%Jz4=P22W<CjFr1l_4R1(v{j#96IR<^f4OAa6{2W;<~@yRm~iu
zOCIj7G_E3X$7asWUKm^pLsLDHSK!fsG_*;#u9mQ7`XLxr4s@bq_C^{3XlNAh5%j|$
zmCV-GUBpuT#FV#ABJYrbH<+jB*4D=#dYzZmehwK_a@nz@s*k<=BUsrS<K4ZMQMze9
zGfnv@J|;*!LHc9or#2o5PlR{he?Hmn`}Z_ob>6swWC)Tye@=W=-lLm1@6ULv$R@HJ
z+Tx<btRKH1*e>UW?clJtMccj|d~BYmcdp-*2J1SOADOZDUp{VyQE$-oM;Nn}ESy)U
zzfkA+l`hx+;MEu78z1hnlpr6DkDS1F1pSJtMZVajz$|EbisGF!kP&H@C^?h;bc)oE
zz`S*3{-S?&MPuDeROjbFd?PX|UAk*J<+c0q6<@puQS>vz)**J2W6I62r%!CzA~1w<
z?fNrwqQ?!5R7&GJA9(nT?&l|vKgaQY|I~n<^e>am(gx=kn-_g}VEcBF_QEvJN&PC}
z6=~}gQL}`|6cmMi{>S<W`~s5+b^^$Am#{gfsHAW=e>Z}UUaXQ|y49uMEIl1Zx`I?`
z<5MqxTI&Qqdy?u|zsj)QQxB+b&LkW3)2^;4`Np-m2yekf$meC1KJ&*iexS21YQ>^u
z)O4f=Fy6lS+=;)iGe1$U&tgROkoP%33t!Adp_Bc1Uy5NmCMAk3?s!ks`5gJ>Q81pP
z5HAHV0{s?(#mg%Ha1($H41CIaVIq2)u#izf@(n|y0Fr2ZFhOH#GP25_{vc|m(B4c_
zxweW`!uK{bnf}vg-s?(8-_b$E%N0~#Cs|S;SvQvSXNp%Zp~1S;^-j*Ga~}QN(z}P%
z801?nd1xk?P>|HjK{8fHZ(kCIHJg`^Lm8nEsroIVn2N=DE;dQVJ%8w%T|^PMj^4fZ
zy3@Y-=nqzj2s1Z<{aP!FR=3_(DFKVzn6?GGDiR0S2_~{B-ZpilDp`|h9}Uo(m;4gl
z-^k**;hr8{K)AE1JhvE1IZ1i_f;>rvkCOUBb@b-BVd#@sT1ZymWpH()_01VSKYaa$
z>liK+**F?~Xi#X*3M*-Gi_24scgZ?~<zeBd!sQK$;bL*NyiL;P^2V^p+3#I-u`N^i
zQ~pEBy_Q+Zove?i^l8vkosY@JutBk_lSeoh4rTY=Saa4+sHn&k&L_9XCY8kowqdMH
zStpB%fiuOv8r=dzmw3sD)a2Y2OouN>${T{dK{q#THXrZ9{V*t)wup$ng8y?9`h0C~
z^gwmlF~f2s#3LrQl5Fu*Jbw{mBVQg<TK}E6OQ^Fo?Ak`UNj<#oFtR}%9WyUKNbiao
zYj&E~Y9D(igbYb0&p!h<pB%?>&}#elU;k~4K(nq3L=|#UN@5kHA5~q5Z3@-R0qLl`
z8>eY#PS-`iz)FhpN1_}7C$j|7{F5ww=(WZ6CPVndQr_abeWGoli(N#tdnuBS7Yx9N
zO1i1MDegg8RE0j&tnnxXTHC<Ta4!2}Bsl`Uc)hC9!Ow83k%!3Gf19bmPY^Ymc!JOl
z`lD+eBnuUf9<cj~N6(9QVHk*ZuQmqkN5zhZB&zi1@jEb^o_AyE(S?8G4vlxClc53U
zWXd+^G62#$a4c^dU`b?W$whS|2#qHhLu~uBluhRxcsds3%ueAvfTakRrJt7vduFTf
z)=o`oF&V-!;*JM#8pe<QnaqSOf_LE?c<TEXznW^bXVF`0?qtqYy6JifAOY?l1!*rx
zK9&x{JQ2vDT_BsQWs`hf6T4kJI355G{<ZaCHI8Y2AR3BK_?#PAwB*RQ7?5nu3+)6X
z0=_TDD}3Y^VUmUXta$UQ^-1w|&AWcL-Qy0+bn#%tDV}eGWE1w5D~jZh=mPBIuXsZC
zGO#gN3#4Jh4oF`Mv-oV}`KOx}*yDuh&yn#ibONJ0IQ}J!w^ghk@9U`aq0*=g>vH;)
zCp-qwgEAcVfEoAE!`AP5Gd`d|QU8BMxdNj_?M{J_o!?=NmC;)MkEA%S&-GNRkd*z>
zqdlV3T1vd%YHY8Qn=0*f-0#`A7X!}c?L6)xTsOIU*fQoN4bVBrRuKJkbqZUq(WC%{
z6p|gC_C5qr>7RL1BK$~pR`9{&pmh&IvFg}{5&pX3wVZXEGvO*k>7BWoD!f6WOPF)`
zNT@C3>H;&fOs1Ch=f@CCC2vrL#e!aq%7Wf-;)5kgPRCjta8pCf<VY?(1_(cfS9oSZ
znzO30gR^J`H+~?`L@=U8K8rg8svNuIt?#>*dJ;cG37Q*&a$Vat2HX+ZL5a9m5F>jW
zyk3uylg}Ex?4ZlxiC(4)K2|}ZT4!P9r>CHeKJlgFwoZ=4fNV88S*X3Bh0q8j^4eZS
znp%wRHXH0@@7MeD_@my3NuP)y!tY)WzuOR`?rZ@I^|x!=i5^N;(2#7BI(Y6zF7tVb
zt22vHGk75kb)xnOdo^Ewi0d3;XS8BDM8=!+X$f2w212qD^G(w5moeNMxo7z_w4~Sp
zqI8Y{>=_wAhkNp*vwKq@R*#I5MoUdA-cMKd_x8PVK#sA4&wXG$SO#`2H+!`y(C!!r
z1KjHhPbr=Ru7|-4on*25J0!6Ny~6HC71@O5jR#U9f@0F0hRFOz1MqEft}v`q`tm8R
zU)xu94(Qh2c{2ht1%$furW-iaO`ogEZ^T0F=6)&WQN9k1M4hH{?yoy7Mw0wm*y%i#
zXm3)#$Cx!;fV>r*(An8$jQN))=ZD@a`zPgBJQsnp>*K($Q7;Ke`G~JGf8y$r-mXKa
zPwxbttn;ZAcg5W4p4j`9jpEa(?;G`f<WsI6Y_Mr08;wvIJmT!}w~MfM5kI_2!Xo=C
zp4R94k$Wgyuxa~$;?*aPeU#`{ZC0E9tnZ_97$a}{Ox<daan^?4oV!BbuWTtlJ!g|n
zeG?LNe&mY}1$h~5^VhsgjgQ=#hk9|+4P}Ou44W%q0n;xM-q5{Cp7dX`IRBKhyF{Ty
zMBXdAWq02newOtrPY~E{mVeq`Vl-i^PyGcyD}+5PqTKkMnV_xf9_e*vV5i?Cr;VI+
zC96+QzLJJe%>EE()fhRfx1n3WyY`3U@G0zbBx~peo{bPi@M(~PK?=?Z+UkIRi{u&7
zhWqm;X@pC@M|+C4thcTXg;}<ptgb*CB8p&pc>N;oruBHlk!)L{y_p@vp43N0S18d(
z28<>vF?kKzU8SC=GcUyWi}5pN44<+uo;IbGrmKrtO%ZQFr=j6CPXM=20TFyYUUa3U
z?3e2d>h@v($HY}s?c7^b)kUuRCzvQAB$qAnTkLft8Rv7A2e0>4d$3NQapWDh={iQ0
zwhYEueev&*|9&gF#KztF=rtF;d#(1ujHbLk%3by)PU<rIx1XP+7)gDgwzd#upCjkq
z1MsR;FLD9RbcmTo*@RHc#8dE#x5+SOt+{l56LukW()T+uixM>EgK@%PtX|49lAHK6
zv;)_8DQ4}1j3NJSL5Dx=w3uZzWo1jsvl;zrCA&7q`=NSr5@Tv@)jt;-(!8Sejn$(q
z#G)y*x}vgwtLg})nR_4zobi~NIJ0{TM@rrpP-!MaFeU2KsfM$-pJ+yyzj^Jt>ooms
z5z+S~A*pOLB&uu^1&+7KT85p3m2I!g`ksIAE8Eb~wG5GhnX33g$};&cj~fzSxFc<|
zKsF{puZiy$I!P1r-=+p+16U#wA||JEzC|-(%#|DNq-g~Gb^A$e&?)aV_n|~fWM+ud
zVq<5If18;0%ffQ6J0lcp`-J98sxBp)6U&T8%cG2l^>5YOxBvplVavfX{GX;0#rmMf
zk6??+h=TX^il<B4g6QLNx0@dngDS7|Ok;P#p2cWR+;TeVXf{77MtqH<oXsv#eG$+g
zQJ^jvK@DuRKf>^T;v~!6++a76@qY=E37VhbRYb7RKc1WS_*;eLFqdzSbymich-{v3
zPl%Kinvs(!Grey_9NQb68BE2zj`Q7>&f49yCdg<ZpNqO}$EeutVq{0wFI0#i*B`ok
z(gCSMXbDobo~HeNC;0xV24zm_n;%*$b7s_}$#3^YsnZLZl2WH%a~Y8YPVaX;2-cE&
z6dLLO_&5#r+$&!pW>MEXI~1L6t-p<g054hK>b!bzQSWu_Q4sIzx)7f&#}LC<RMroq
zOs&#@-g^d-=t7H!Xk!8h*R8;j2>4%W43U44-4c$pM3Do=Uel3}5YY<iVIx#8)aZn5
zQIJQNWaM@{4XQk~r^AmHG1b<G5rcTp!endZ>#XdSS{i<7ZI*#o%zlQ`4CkVGR8O{Q
z?SP5u^`Ep0nCcL*oMMrF3(HOs7oe1{$Q9--B^2sLcuwllR4y+h-sHtZVR*w)+q%Qi
z!*wF-vH5T>Y|gWrC5>7l%xfdN8)nxz%#SW_sY9I9Fk0|b1_(gLr{4rqrD`VtHABO5
zfa1|BJIb~&It8KJ3sKQ(B4^{*DG!!*0gqsQ{RZ5P;*(W@{=t|(foWxyg79oL4<7@d
zLWtX+9y0b)+SRjQI-8R>g}-d=a}#Ya_k1O5npENG`wRZ;?I%47D?Ffmlp$U|M;r^!
zy};$RzGy4{Uir6n;U9-d2ReBQ;1M*NZ*ln?+s%Iym}lFAmW^*I`<$;U)*Nt7Xm=jx
zfk3heCby+t$Ba&C5ukj3Uug1jOREFu0ja5K)74D3F^3Gj6B9YZk)1VGyO_lm?*g+Y
z?F{qpU=G!)BM44teLRI_TfZghYVnLZ<Od)+B%5~dhGIl0=9JMiY#$lVDbGZaFP7ks
z`C-Ilrw84o<T5YD@6Q8v<a=H~X~h}g#Z5_X6SoO+TLph=bBz0DxAw!B{MMb+%X2A(
z4HJ=iJ<RtL{9kKf)^l+4YTr3>`Bsz*u#a<L2td8;tB~+dF{az6w#Eq@(uxTCJ$<^4
z4Xvs-A$Sh$FwsAf>j+K+x)GT9m@fmQt<GcI+U>4xw*X8PT@Bxpg_V}GvW80n!*m2p
zK?jYvurUPAKi8+`gJyXOsA^`p3ak~iP4#(L-+M?v8sF<fC8b6sH<J^X>UWK4RwRoZ
z3LC<KA&J*f<0qXaHTl!7X#`@&W`uU_bXr(Z<KH4sVeJ-Ph<FM%I+wwMgg{Z7+zLLd
z1Mgx0L}ZniVe=B0xu=(g(#k4d50P(KF%@jd_?9B56tR1VrPb}oZVJ0zx@hrd*fHEl
zbE7{&=SXE0)C>+~XA@#^-EJOo^H`_Z<0xFoOyy*kb`*hm)sC!f9^Y{kIJON(vh_$q
zs-<ew2}qAlfwrD?Sw{5gkYHcHlFaOdUS(rBPI16I*`&)m>>sKMDNFBE#yD*VsOwm?
zh!55KzIBJ~&Wo}huq~)SGQ5;H4Ui?9Z}baTzVON1S5nfzw9Z>?8#G8C!20$52EE9k
zxf30&(QjsYd4QZM_9FIqW~29c61-?H&g*O8RPiq415f4mWM`wd1E8Q<U?Qs-?6^w)
z=nY8e18Sr6xm=S*Y+L}6ZDW4xUYlEzi7$#zwMFawg%j1E5$V4~-H$tq(SNN3Wr=oR
zl~nSh`aG~a43GL<4b$MuxfR@gwlZM<q0VW5$ujqLeb?Vkgu0Bl_krg<zf`P6^pgE~
zF-mmGEaD>QY#8~x_~Y^#-oI(M;25WrM|VIQ>4LP+ay-EF$`zi49u-F>s}&QdjpVR`
z*{gQ^RoGPZ*i`AE#*I(C$T=+Q*L+m}eWP{S1>oFldjeI>Dv2#tjHum={tBgV9XeT2
zrm7sjO1cajDMW_gzNBRd^E=n2!EP9}yO#-}mY8WXT9pBm_R#!?|95gxCgND1aL-_O
zu?At4&lP2g%GI{ln*)TV2B${vY4+y8gX7-{XKVLr2bkicr9-`29w8QRC(V&k(;-Y{
zl>QzgiqKt~Ds~N8k2^+24vNN=C7=ILzs<55m+Ev&(yn_o+u!ij$0x!+XD#Q+!59|F
z$U=b${_=_bz&ph^D(P={>_ulKxueHFBF2-!GF`#FW;Ud<6|qjh?17HFeFkV|TG<yR
zdZglTnqYyw<VWa5^62^Zq^CtC$qa_zY?<I^ta${f-zc-PHiRc(vvM_x=Z?N|Z5q|P
z@1#qKCQ4#=E-SGvD;_Q2{f-ZiFqck;aXNWZyZ3roY&t1DQM}tY`;30cDSkVbDZKyK
zLF_NZ8Ek$yrE)G__#4(&DgIqHnK90@=XXWc;KU;_p7%_hJT@vR-D!uq_OAnunKUH?
z*;J~tm=jI7?)4oE?&#hQ9DUiE3YU$TYS)Z$Z--Z*VAa`(@h9FTh!lfD)43H^;h@Q*
z&KF@LH?ZG-m}&#`uMHb^iru{&nw?ZK+1R&NF>0sT3Ljo@<d=Ou5!^6*ydJ4XLm1&Y
z2T1%GKw3`#LiCTU9H9kMuQ%J!Ya1#$0z~E?5&uU-{}BOzWHJ6rA^#(A|Hy*_K&~C=
ziATBjqIPf2LjKz=_(wGU5rluF{xk&EmuH4f*Kq1z+0lPwz=7WBg;M-U*J#<OCz?PP
z<CDDHYu~`%1~sdd%bL^Gd(EE4{)*AYeg)xYE5VM4zakG!&L@b^uZEA9THWo@W{vGj
z)q1#-dki_PX(JZj_sOp85#UMr#$f`qYy!EVN{^m<N}%*>I^DCb3HI;pmO-60<+8w&
zU-ZlV;ifW!jViiRbu~h3%IT~{c32bXYyZ33*-a@kKAa!vYq|(06?Zh!eNG{Vz$2lm
zSrOK~b34oX#k}?Vt}ve2#UnzwhEC#Ggw<L$(gE+y$-QJ%rVbq_63grCJbfmwe4@#l
z1D&@5Es;CHqsR*sbt5z)VY9{YyKy<5NsY3!@W7A%{47CEEu>Ezdn=^s^Hp?o5JTm8
zWg5C|k;Dx6C_j9T_xSZSuK9BQmSnHXT`Vt6OcB8~g%0z2ieoh&aAQ93%n9+^C9%J)
zm{IxEJt&H<T|Ie1`}(^C*;nThB5o~{8TWa37buj8+>xU2$mJxTlnTa>S$Mv0CdXwy
zs80D=hI>&RBbs$yBi4lKGA?K9mws1q<PqgD_DL<sdpS@oTkk1mV=ra9!Qg7)etR;q
z-o4GEZp^*elXK13<9*n!YaLpjpXW30J%pq6&&V?VJ8+0W`<8X`5pMA2p7Xi$Vf{_6
z>Vm|f{}5f&Z1h~rdGyTZZDe5J<<*D`@9ydCGQVm4EdX+7C6D4v<UDwQ%%_m}rbu~^
zF%Bv@myx^;^}0g5(3C7SVAynhl0I{?H~wod=r}JW*x<{tV;4BC6U9B2!d99>(CcIK
zHo2?OO!NPis)`V{mS}-fI%R`sH;kHNG#Z81#KO);!*D;EQe6@rgb^oUPuM^xp$j-A
z^RcZc<~C(4Xp1FU2ewwP#Ts()Zm~PZNRqs@;||`Le;UlGO^}(ix;gbz>QAi|sxqzB
zy;rFA`r`&0VipjE*Cv$%(N(CH{Q`)Y4eWzaepFJ<ZN&zj4hu82XQo){q<hBUI2*Q7
zvP9S^*bHQ$t<`g5hy1>j(+)wYZJ>`ntS61Oaa8Fgo@A|&R1VYlb6eP=dxp+yBb^)2
z2rOerPrjm)wAhhmwg48_4@45sjk#>2etJ^O%pGN&BYi_9tgRX25Gio~l5Uzrs3-5Q
z!r>aZq$57Asno0AF3-`v`l_66YWiN2PAoEgZa;RH=t;*8yjGw!wHPj}|5TA@oj~w+
zA}WEbUL(t7MUu;)W6DSG=ef&hTf+J4n#D?4`&dJ;mtL19sjc4@?U-29LpEX+spNQ5
zV;l-ffBcs0iw{3A8C>1FAP6lY!GWCZL&#_olXl!N>-BYDWYomq*@yqrpk85+c@z6F
z@)t8NGmdB*vTV@R{B3NHX&djxWfu9}5ao*ByJp$VFya#h$9Y3`m~)N%WlI|UBAG+?
zUM&lm6=hRd#+i8<xX7_F&T;DhtCXnfU!_m03Z`DC3XqV|G0y$~)>wP8Dm1&E6&M#<
zfs=O)0_9`ct_>8$_8h_V56nL}IBGgGC0Nsd+r9yarR|C)R34|~miPVn*ZgaeUNdVM
z|MZ?X^$sOA64m@pidI**?<+~MK@=xM|FhUFAK}cg9(QSbC&ixZZtM$-A<^RFikARP
z=Spb1L=~D$#Y=@fM?2ZA>BLImy?io*UYdR6;foWSH#bY)dUs9XQbWoY1u8yImdx2m
z-_W+Y-{oT7fkrFkx<onl94};xB!M`5!u6U`E2bZ+f30evmqcOjyw^3%ZdWwZ%$*;$
z(o=XtvQWz2atv8!f+%tXYb!gL>q)N~W+R<{3q>6vXr^;bT27ZWBf3U+4;3Wg&A3`j
ztsSgo0uQ?We^k8%R2)svHi`we4esvlE+M$PySuv+AUFhD91>hZaF^ij?kw)^b~o?$
z|KGj$oayN~v(UTKQ`PlUb@x*tc-=2pbWVDYhnR|Lprn#S@s7j<Y7+t!j3RX4^m0Ry
zt<QV^HE#@4@ty?kXaPfGI#9~A6sh<}I(8ZqQ17xa9h(IjSn&X^2cdxk7ma0OpqOq~
znN{prP;R&D%L=%z>2@t!0@r=ru6`S~edMx?)hhE>i>1fEjnPWxrw2<3Rjl;#2a}!D
zB+z$ku{iufVr!)P$5v+An-$nFBxAGG$1q)6WcuZoXWD=NcSk^DEQ1$jMXo>FM()PS
zAv%NAR50IkzjYM1KwbU>INIS5jTd{<b8xKC368>_Fwox*2bcJpTrM-Ye^@C+%j13%
zep>Tx$EjhCJcq7sU~}w=OjZtkV7$%Bd4Bq;SFX2$IcwB0iYtS~5tnuPwOlrOyn_GT
z9ZN(cCu)o`%1K0O*M}ajJ24uQefikDgf?WDj*<q!MTTlTnrD3`>`aaIGj1E7JE-J-
z+h~)}y(R~}cRou6t^6i_d;Edzg0eU3<4f+rmGx}{AYp(-6xHcmRe=Q-)oI_0@;gri
z-awYmMbZ8&V{IUie|Pvgt)zBn_kBek#km`Tu#?%lveO5`Pk>5q3@S;p6uhH0@BZM=
z`(F})TETTwAJj0-B8oN1^XARm)fjU}9H;MEH*NtqvqRUXGf5BuMPnB$*Q7%2!oMx)
zvT>xhE9k>D`Fo7ifaFN@qX%+9my}w5K3z;}>`nfEgq#j^ZuTSH%ng|lwRq)5y4@9d
z)x>0)eccXk^>qUQa?JTSLbMr*8gC`otks><&lBx-bJxFBM%yGEv|F=y;4r?7&V-4U
zl!YiJBcG5x#<%_G;RDSD3^g4_s`)G{?pX-T8`gIIpZ)1G?NmYJ3`aEE0b-Qc$;3_?
z_vgtX!no6IBgE$N0HOn)q$4F?&!<_-1()(i2m_;jxWi|9VbMh`9o5wFN4<<0IA6*4
z;MfU-nxE0A?Zk2M?Fcobe8Cp3kaBA>@G9gMUelpWB(+SN+@RF3>b`7oDdudPE+n(s
z+a6w@=w5YAzTg0Se}oLy8?&*v8Y?020+!vPT?2j>2&JS&EtUcE`Pr51|H~5+&_m--
z!&(~4KDKd*hr)^6e~IT&5zl_rAj2uy5#m30f-QW!+&}H&XFSxrUd2B#hFWG83qq@Z
zY&p~%e-r6TK8(B-6_)j45SDFfG^fLegu1d{D7ByI@v5^f6Rc@vQs0wXSvCJIQPW5_
zU4v;tH9qBWrXdh|l80@<Q9R+zf&pA34?io7F2N-4O|u20v6t!O_A^eJN=r;4DQz3(
z_5jO=5XHy(#c_(Kd%1GLiWX}1yq_KmfBcXTTVy9LJ|D=7YZN54^ZB%J-Irgr6d}_h
z#qeY!xY1Im6)V9FQc}OV!N?dIo8B$5`zP!fRDC<zedGkg@v2bC1=5P`65Qj_O+Skf
zR&kc4xBgVs;4F)oH^P!+UV~RGOmDHY9#{LD8y$z)dvkcjaAtR~9ZffDWp0nJEe~H>
zo@<&l`^q?WrOP=P<a-|f`o@TO%e5!ZHfppmc74EBH}s^p(hBda7RP7eWLnLSZIE!&
z`k*;ocucfCliBoG;2LJ<vpRb{Q@DpGJ&F`jKk*gk$juz`_o{5MYldHwoil`3rvM?o
zlb~?Ium}rjkmTalH(yv8o@V5OvIwT$6LVj;MoGrrzv@j~rg*3b2M%%C-zQCm!##8J
zWPv;CX)@QAivM$bFS_E%7}$0At6PE)qNoO)Lyf1o`RLnJQ=9Wl|FlHtLeH{V)^1OR
zbl%Z8{eQSc7@NBoI9}GP0Cs;)q(2(y&v=GOg7BvkMgm9D$p_Mmq>HhlTRcCN={Zf0
zMeKoPm~m0-%7oAMZ$O^>5tWcYm$;<4)3m&lW`bmdrqkb!D2tiSt#{Gl8ihr2l4K?$
zHc-GHF4Mmq8Au2Hn*-^L9juDEAl6h3N7FpXp>KW!d1z)zcK(0I<!p4E(;UoXuAglO
z(<}M)vTib$a)yeqBA;y)5<l_4rh?OZVU@i4qY8Z!q4EbM_G7Q9=d&FXjYxH1Brw))
z6@w0&1FVOd156WL^k52!?J+-;V`$nin1p9RGVbEf%EGdF+Wsj6-?IK+q8p|9!(zdj
zvei;aoLW@*0reWQvM$-oUz;lx+<0;wv1K1jmOV*3g+GP^cHD__wnytDN7LuPVhgll
zE6krnRWe~yGSS~0LewWUdrdja;q+}TPX05e>q*Fx=kPa2dEFLh$hzh7o#57Io%BdC
zXl5gEoJR|>ML)<=X_P>+!f#MplH%P<<Mq`mV+eWcffGlG3i{FiB7fAH^2OmTDj;jO
zPfv2T(p%0l^G^U?9L&DsYPiL%!s@pKR=-U;<_GGw6DOQBdCmJ-PTpAq>uj-JNM=G?
zAI|eH9^M=eM|{~G!57n)Idgr6k_F<kb2rmEn5Chv2YE$4UgAK@b%4%pdr7VTI20<r
ziDGZ4G{B6hz-C>br$__5M`EFUyI<RCV=u!h-i|3(9W2YTUSV=4g6?=7;@Dfu4u35;
zWmTqyn)M|+t9cnW*q^oJ-+dsT@&)i3Tj6F=m<xQ4O-2tbGd7YO0HfBdTuw3Cl3#nO
z8zmSE(*Ep<2~3VA6@Br@pmf^*pJU3x-H7gGge9~=5ks}=iz--nb?otk?&WkF)!LF0
z#sMYQwK*fB*tN03iA6v5K{NW<7I<%Z%jjL}*fq7jz+0mV`uC*QtG&oT^?P=+Xk4R>
zMEO-rw=?b;r}iRN65vV2;~#ya{)oL&i(5GMB6@?t;MvZ(QEUEMUrzpd-_gS_jLG*F
zx5{*WmBeyS>Gn_20H?z=!06$$J}=9=_JH|OxXU$WL|LUP`U|HRaN4ZP{Kn+eCXS`R
zhmL9VkPb}yU^I)HtYKy6W{A;-(NYhk(iTr!8$0mR^*L=I)cg8I$Dxwq3Xdz6xiPl*
za~#-9A-Ths#L<ydb8%lYBw}~uiH)zr{x-)E3#xA9wRigS$elnl4LF+jPjRFbmNmmu
z_>?ayn8ih(Rey<sy`DnjIi99ofTXkT5LIS6s2Y^Y`L(M->kO!UY$5;Vr0Ye`*rJZ;
z(`?jk!O1Qt9fR9fXz7DpCm2J9wGN(}wh;_30w*)SB*ioPJS|{zTWY~s-EgXEC@f6J
z+oQ66j4gz=jnHc0JO27h@SS;6r1pt8O>E(K5}758=>lMe7xy?>_V{#=4i?;-%$SlS
z$XADi{{%PXy)T!X?+Q50$*_@>L2Yj&Nf9#Gg=`?{H*J(C(p9wzBDA4&mU(0%Dk+?Q
z@1}D}VPTmq!FlyOn^Lmsv0Eg$+ey4^^)PXI%Ps6L!^+liP<|(`YJwGxOQoI_4O3Ia
z9tv8Zl}c?#RJUk<h^lm$k7wDw>4>=BM_sZrKg8M^5tZ@M%YJCOh+k+&Tl*ypE7+2|
zA~G--{0Oc7`U*kK4((mK4=OWP1@nMKCO{4om%>n^QSx00!)9Vt@63jskwAZ5@{&3n
z+<J3vetoj<-v`kxR#`}J0~9G;YUm&!vqryVeaed3Ld`d1v`@72*V`xc4w=xezTOh3
zBg<&}GSDpd5M5A6H5$eXD-an}^1DOepMH1z*G<{FYsPTH8~J|yOq4W+)jxHvd?6H;
zHW+?%qfB>z$ewNpT0wq8Hnvk662ARA>=P%2TJ4JFu)2A&Xsbrok{w<}!Ac(cmwgBK
z=i56?==m|Xd_lp!on$$QxipGGl=WK1C#i!I5clAXz&PoAse;H>Ww-1x{?(t#IQ1%k
zDP)#uIlmU;I>chlE)4&qv3%9N^T*rqYXx2A_h8Ml3Dfj-$u7=n$eZu`odV(om8jf4
z`4BOI+{9{eP9lVvslnYu1Ma3Io1Xhg1cdA^4v^b(;_KBy&aX5$xgA!jIR+4em!zRd
z-z;L#to`dY8gX4^!L8oBO4x$E3?X$%e$#7>S6E@v#%>0t-q(Rdbz-R`3R~P{kD?zy
zks!62qN~SYDri%8kG{MrP+Q%<ep~+6Z!KXRt)TB79+Y||Fw`f~il6g4lPvpB7C24(
zw4|VHRQgim9(at{4N6YH>oi*pA)V&+S#1O4m1YuZ(j02<!wxuHJoNRy$5hnu>|&|P
z7yO=<RQ=BGVq@Xc<z_=~VcIFRuQxfg?GMOo)JiEj{T0FguC7dUfpGcrLEjsVC82jW
zrGq-ipDDYH5;a+^R^`2!?VF5!s>t~ii{53p9x`=Fr5L|;rE?Eezlp0X|0sz-1c#5q
zUF7Q%UOzVy>cu1hK`YG7`$h_z@cahtRnMtZXbdW+peL+z8~I)fIIt4`SE5*{@bb53
z#}l*6908s6=lf~so(*>}fwZ9mP_C;xIVET-d#}h-FTg#CO_FLzgZQ(MY)v-(&ctk)
zUM^k}eyX$)B@S&KrH!CaVE-33YLq^spP&OA)<nGSn17}P{3dS%#YDtv55OLPo3x_f
zTcl<GVuEzfy`>bC5d&S6uA@F(P@sC7ds*5^+xJ6{4K(xE2)S?Las^UcFCRnAK~rUu
zX(y2ttx}4fuN|;yUE^CT?r)9#x2}Gb`hrSY6*sr2f}+Ad5AnZ)C9oKiZt{~QgaC4+
zey{SAVbjl<Q#;%~!A3^+uqi_gx1=Lxv*csr79QT3h~m4{jvLyY@t<ciC~ML?0lupo
zwQWhhaa4Esa>rc2IXlL(Mb3y5&5!unh>~;oG-_}uJ_Fa_Qf#l`l(=<T3lAsDmhLa4
z`~FJN4}{Uzhh4AgtZm=q@%gk=p6-$8xy9cs)py`j#;RG!n?%1O{TT#5V6O7F+g&{Y
zo@sTV$eSp*;^GUy!}y4-9o1C2JeEQx5`VzF44Re5MR^yorivty$+5lq=Uuhfz%rQT
z3(D4oj+q&c%6^e!Mr#1KxQ;Crp>EF6C|7Hh^(OcgJ?%sZkLaO~7*LG!g+Zn-uuI;k
zGP%6_WaVL;=z4v#ZT_We+2b=%<G2n1;l*agQs?{E+m^gN6Pr=!;YL1=2@<A+4@(-^
z`X2w#M{*q*6d`%V7W=i<t}n0h&zlOjoRPie#+5RCHuK{hDCAYpdGMPBsc$HtGIr-2
z8A2APwOrOI(up4-74oJHoUyOR%AwLES`SgT2+n!Z1OqgN6dj$L92=xFO@9K&9r_j`
za;Ni?kwLk(dQPW56;7tDN1y!*O@#0rv_4V^XDatAM0f~TAg3koj2vkkj;F1YeK}Y1
z-+N;UzkvTnX;truIIgi+svz!Y+FI|ske#C5OwddMXQ9Iy^M{kbd!F?m;=EWFGg98x
zXrMy6Y=55_sw4A+Rfe@3o>~;|1CC;|XGbQ=4N`gLQQscM(cB&eo6lVZXQY3&p>lsi
zqbp@cE8~E9gRfV~;$cgQ7CM#%2Q?N*;_2i$8op$}X_!Q$GE(_RYaQQaPrcfHyIdE%
zT5<f_W7^Qjf&b7v>MHt;)Kkl=hDbHS<MYxG&OqS!l51A_KvMmKynkiaLODvG{R)-C
zAjuc=SOSmo;Fv*El*XT6>Cw`8xG^#pw{+x^jMtNaU5!cl>rM1yf9{pZzEBF^3(p3E
zW%kK%;FxOgBwWCl$xrnCQPjIXt<S_&J;*!2em4~2k$Q7>lR77?XMvwxlIE_akWEM)
zU)$X*8LT1a1=2putQ=ADUw-+eOaD?28Vk;$zxBjW=;_o$Fj*Znv;RUw+P|nFJ_%}E
zUgpMFwVW`J=@|I`C`Li!&vzmVrPm1HI)GVW4O~{iWd&T8TOq&0_-TmS2lpFaH;L>{
zs@)wx@z#;MLXQC&=`H8g5q@huB+w=m^(+~aNU2H?%A^vN7KW8x5JprC)P~;x<fdxp
zA&V#T)9u%j7Z1Y6jOSGIfExoR9N!D0!3rdxEOY<7tKaziN+vg@s$u->axpYqUPaRM
zPf6<ToI+z?LVUfco**&OK%gX*9#0{PylpmCEDnUya2?wR4zQYB^5~(W9~_Z=|E+9h
zKSp*><f{Nd)Yi2SP$KR9je0!sk4`eS1}x5E{Lsu@B}J_}0yu<iz=XY?UeI#?;P<Sd
z+qhZzVzq$s=TT4DVaXvM@7};w^ST3mHSn8*66yJh|Kfw%d$ODEFIS!}a??R$VH3nv
zw)Dv`9ZzIhwM3%OQJqPB<$3uo+C1qlx;);9yX{XJz;oMmHqn_ht-i--=FRmB;b)42
zf^7u(lzz?6JxHl4tB7~ki+1_k(7;-M-E_rdzIV-!NC|_#;H?_*f4Tex>lF|WMwyMO
zCA%oW8EPoJkUIyKT)|m>ZHD3@g`2C7*l<h(Yvp?XJb0DHx}+##IUo1o3cwDHu?;K+
zArJp-VGwo0w;F`7@$Z+0<}JC&F}q9Jxiej68yX_vz@YF%Hf7~27t!Zpa~*`(+=X9n
zJA@#d(QT5uNtH^)lk*J|yd|8c`A&xkVo|%g8U2UNcK!!+ER~efVJ3ALA;@nixhA2f
zsn1kW_Pxr2-3m8IgtZN3a+ZqSgdl5hnh000DLa*T+KJhgr*cWpPU6{1aB7U<4Dr(u
zj=THiOU{52?ppoMwnB8pQ~vlACvOgWi80=<HVol;VpPALc&aCBe9e@EQN3=X+0G4i
zxL1h~+Si18xI5(Fj`YgE_8|qcrDxX$UJnKWz;wz_#oE^gYFK){>1(0{Y^;*W<nPGf
zxK(J>7)0xTznoCyk99Kn@{z2uEB|oRVj(Ak;mvf|nL;#7{2BUmA<}LFjwd`x?G7uS
zh1Mv^RrTF+MUuDuJ30-X=CNfsn=|MK?s)X0(lJP6SlkjKZ(3h471?<3Ycw}QQh@s6
zd;u7P)y-5sVn<S%_|=hzya<Tz?kQalruFJo3W5#&ef;Yc(YhfM&@!%nKgFLp=v^?n
zO8#xlrW(Exv8F9Z8g}vd)%+(fGT#&_2!Ft>0~sXcns*Sh0Sibo&c!uGS4v~j!?j1p
z8R{0I2Bcju^Y@VoQ@yckp|C~1pxB|v<5{9tr-o1`M>1Gfl%s$MkHqf2ZNma44_P>)
z5>V0j>93-ki8y*GK^bd05d?j9=3Cc^uva*{`^`$H%<JaeZ^cUb<j_i4eRX@-v#A9r
zpxznCy;Z49EOyCb4l`s>9s8eI$_@V%K^@@{(s#$~`cV=m^cu^cKFWzK(zLG_$RIiP
z%NiMd3Xc^B3=|N_9=X}uH0%{w3&=VH^9oOW;6-=k<H7FfV)1&jx@hiE@%gN14*oWb
z1Qp3^nEGR{h9ejn>z|<yl=jWC0R65XdZ>q>A1}sB(IU4j=^#h@Ua>c6hM6TNvh+ia
zh{Gbb`XstHg3Zf&T8;>eelD|GLCxJ``qx+C`o}-7J7n``PSg0&-S!RH6z3+B<r6N7
z9+X*QnTUVdxZ7V_yW3w`*Dp%tmEQb^3A9zKYYGj`WQ2~@pEgzQFXzBsY9F}NgG(W}
zq*TEHr7uAp<P-H^uDKwQWRVZC8Y)PV^@^b)R6VRZ=9zQ9{%Vsn1iA1U^8Q41JgFpf
zh1g-&TDamov`E&fIuANSxDpN$Y#{%iTXaJ>HcE|wM9My&*kM&TV_j$I-9`&N5pumX
zZ=)|Kn+og`LSXhnVru68eyW17GhfL-I<r?vs~sNs^diro;Tu~5OU+@lE50{65mC&!
z9~oCp>;o_Kme>aGA%_u>JfpZo{N)JladVK1#KdM<&{wM!k3OPI?9k0k|GX85MG`~z
zEa+i=S>w;>!!&(VsbK%=RSu)k$&EB*+%NoP|Hp@>%yu3BF&e~ZI03BPigGRNrM2>6
z7onm5{oc`>_Doq#p_-WtjeqW&RvOKf6LSJZEhnCoxeYydgcY}+s7k%fC8Ai9=`+55
zmmJMYnD4;9Oo`ve%k94$({x)?M$|`wmBJiW6<AZI|6d~jj$gVFGG|52a4~*~krQP#
zAn7+h@n{$R%jK>u9-!NbT|J4LL=TcKKNY1~K1p_4K6WGg&tUNTYKJi-@ES25AU-K;
z4(A!oC{=XynYM0UMMnl1ytm85Y>Jx#Bg50MyfxYl1#ve1+<H85;oN#VLoXX6UJd%^
z#JZ?SoykZH@VYq{(xghT4^a3P52C8}UgB~HfkY|~E+hVV53c_PC(a*L6_FXl!_3oW
zpwCGdPQ@iUSC$^&(XUtvDu(}io*LV1zKHZbR!;q<>8ZqfV@dI}0(XLBQ>P&Q`tG&$
z(!>g<;_RU#P^zF!h1daQIkxs$!!uuY7ar%6?oSk)#D}gUDZ0eFDl^QeeXtcCZ>G@C
zyih*Nvs5W%oDjo40G~6zX8saqTr*ugUCX~G%~KE0xTD+zzFME-ch)so{1%F-PGsyU
zKpdwz<V5N>MD~gK7YqET&;7#Rvw0YW^Yu6m=d1Uz3Cs6ao#GeW!6~-lLS*?MR4Z9p
z1Sb#V%_rKRI4YbKu6rO?jlM@T<wc;(##>VROL!-)YjnyRe3?fk`XMLRluZ)2alW)v
zrcg?r(pn4eW%hP^Jip=2QPuRn{o`98%S-MT`Nnyx?JAbfhfU8Ijg?jcLnII9m>UTr
z_m=X2g29j^n{?CPM3S<(=r|fzfQNi~VUVGEztmbxc@M?~g&MC6Rp7M@<CU)*=nmL-
z!W6ZrXN1gWFe0qA2!g#g(e5<u6A)^@&*@v%=XE-D!%Hs085mY0EUq0vIh{?nP^15m
zb>V4xlNvwlwM*|~!^l#mPaD+EnXg67Y$4C#-O)FsMvkgx^C>-$huIZPW^pJk=N3dH
zbSd1cOeo}hHr;Rd{PT0%^s%t8ZWRhi)hX!E+s|moyY2pvcalrgHd*EMWeHAuy&V`3
zJkLhOZ#od*?{1*y@9y9*tV)gk3A9|PvRoK$WT%4DVhhiuToFo!rfhCz+fl=*O6Bln
zGQYsr(@VW;iGCeJypSSkr|72{YQh6N{K!nH1SfkLGnk!PKXZ7ByO~!ooW>h*2Q9(#
zgUU=$R9yyN=oo-*Xm{>yD6DtPP~<UalmdNs3u_~NwekbELcK5OOaEk7H`q#jl(%?;
z=WBwH=~`taYVA_Gck#h8n<`res*(o#-5T_twOhQxxTrq-q-wjCb%H#4_X6sTh<@7S
zjaFqb&u898-a0q<rWEIpJMd0$=OSd%-~=w>+i7V#SF&1P{#3T9v~t<1b^BJlo&R-m
zD3QE1JANoX{ebYNbiFuuD1ZVls~g>kWMqn`sIBJ&-{|S{rJMzNrEw=x=&y*yJNvlk
z8xp4B4DR*2{Ldw~!r^86S74df!B#8wCxM$_Qlh8d1Vm0m`U@E&|HSwf`rGZSOzT<y
zw~_0ceq+BClZvebi!#qsqAL(_y6}d8m`i9_?Zo!Wz@C7%E8xwhH08EDDSekI?|%<u
zrAMfYEh8DVsktvDIuJSg(C(QTrZM~BmE`R0b9jcw$SfX1`A?oevCJ4bHy5B4cbg1g
zonNXF$2WPxaUEY+{GFFmUp3#J)-0Ov*MMweGN#{|OyTLqak3J`orXVDX*CE#Gyp3P
z;<zHemQ$tJFaGz7n>G+zySBbNspu1sk?D{5@H^!J7JEl{PQie#uqf#URt^Pr(xTgT
zyBVXoJdl`xLMe(@z6i@WlZX2H*Qee6`w5jB8YAPI8SUJS*NoR1zI-^EOuS?Xv)IHE
zal+!6=+&rY+e5X?(nPGByAgnpbIG;@g3#p+LO=ErIJ#YXMmQ?jI7x%4V+@WF+JBel
z=MEAkn^1*U4RXK?qIrR+$P%$4G5(J=`(l^k>Y!iBl<`m5|H~rm7Ncm#M|UXS(D|c(
zeJuUhSFpi{dNCS2H^Tu$#8)G0Pe716|Is5`q2jk0J@@!y`@#;eX{8Dd5`yPvencCh
z=k^2$h7<LI<Am&=G5QOpd!x^)@_ni-ye_Y=)>Wk_)tgod4-%~Qc2GZ*oy41)pZWd-
znco;NkoencqKOozp(gndV4A7KKQ@8EqTavp`0PJe=kKpPEy0)6Q4`~tFXaki8Udrl
zPrM3CowQO=i=I*1Db*<=!s}F^1>1jc)aPmE<{w)02_hNJlY3A(YmztA*Kx6qrIvX8
zj3t6rDq#t+YR8-_3wv4iHHMomX}vtlo#Fov7los3XM|PlKLW@ds|Ji+N4|s6qSH{-
zyte&@ku3Yz!g#AbDqa^cc7YDygP`?q=U=cQPR{&;i(9k3|KQ^IN$W^*w)Z$#4Y|m`
z5xYuh(gvkI42GNC1iAYtLX_$>k<B(G=Z&s3@dW?o*(_I}%m9stuUwH=m_`8kS;WFH
zuG5KSuJSA*&0-ighvv{f_+wxoqHhd)$-uQeIi|Dgryy3eoLN>+$hLTf@dPnLbA2HE
zQm)%$R%>-?WNu}f73;Uv`8S6;jErN-SKW8+D_>|)Fo55!xA5Xm4V;vvqk`5^NqvQF
zk7uoxSM1Fd`MVu`;5!#M;`vzoABK2fc)ucF?gGbux_)GPldz0OFG5@Q+$Z25R3728
zQ46e_&$`E?TbhB<^vejzL);I{h~bwCpa@C9(oAyUF*nsj^3O;So&HHBOLC6j+5aXi
zwDn$Plqm%y5#-~^_^vWjEc@+*GyinRB#L@8MN$hXyn9PFMcQz~CaZaNz5+hJ%h%N`
zwRe%od~frp+b>GowsEni1AH(Wyte)GS3dveOH9x?%0-z6{XRK9_#c4otssrj$iwjY
zQ3c%Ay~)##-#WQeuhrh<g(s3?-9^%&M9K0bRl$-{(L=NTMdb+z-?(QY8*FL%QOw@e
zo<#&sj-}5j@)lWi$^jHd@FF2G-?-|NVY0H#y$v>7+bIs;c>E8MykZ8_$-Q-N<wTo%
zT0ELABj<rJjEs<lf|-KiWsag?r=zjIX!o%pfQ&3!p-+Tv#@2h$wPx^YW$C>0`xTeC
z)MKEEAM82-SiV6wRJ|y&D~#Q%sEq97M@tD6OUqij0mlx{DoY%D<F9q`kxO^kN~#ST
zwh*%xaFY7|QGa*g&2PpHCGM5pCJos=lnouNAaj>iODQpL^);q+mihubWB*1t{F<ea
znEPW!*>0D5^rkW7PgF^CGgBGn*h@A+ip9ehiMa^S!8E-uBnJtnWQZvCD_lj(Uai%<
zL|c>#3&#e!Joa*H=-FhM`P%$W>2Qd9|KS|6*H;?DC??2a=01~<Rb(D(NAdfSS1g-O
z%igOzRnMSfY_Er+Cy(M@fIIFV2M;#-i!7Fa8x`R2W*JQGeK?aYmX<EIEk?m3OitC?
zCsSM_jV0U?nNqfvth`ap(eqGhpQE?wk2Y-QH>__sTZgCPC`j%eTcsRsFhxV&b@mSC
z)B}k8sC7EVxQgToe0}=OMis-M<EBx*1eC0yLgtHcXW$!;(Z*@o-92dRBoxk`Osnn{
zv=qdE_XDB~aD+7Da_rJ7fOBE7@eo)^{Ye$DcCD$S&^rcm-S-hCO08H((S1(p6whJb
zOS~>g?!iL3<4L2+-b1jm`9+jiWZ@|e#O4Dje;8)0slL%~s{%37O17^##m?AS%%IfT
zt?4iwoHXh&limiJr*ujRk(s!=oB#&fGQ*eg%s6W#0cK(3kP~=-as<Dx^$dAbtr8t3
zDZMWV;{{?o5V~+)_=_K;=r5XBZTFhwtgg-xQ*EY*0ezUhg@WnXJY)-7fsOJ7G9p`Z
z;v->yiMA!)V*dsJhAa4*Zy5Dpy)f@j1KD67f&#{QL9%o&&w+sRkgJ^puQ)oLY&vu2
zt_@As)vb54nV;`l8-1<KR5T)ucNT^s6-AR#2XL5A(j~(?4Nhgff)CDo%ZjQue~@_h
zBFXoWjAYq5<`tF*{ec}ks)-OHggWAD7&CaXF|N@`1QdRw2+tL8*}~<K&2_tfXA|bx
z(y~%<E;@f#t3d_c43UEr`Q%%R_~k`H$aXmGT!Nc$Fdo7&XT3_JU&1*fE2lsZ0^%`x
z4B_^(J(rAwas@GKVm?Zagq|7^$md_u;TpC9#&_xDd#!TOIu-o^1`~V-6)l6G^qtiK
zE~~rZE`PYqNSF^QqI_Fn1TFO+VdZRamQ7k?qfIR6!Vc#%L+P%Kq|71GMuOz}X%vg`
ze&K*ADC0N4T#Zx#m=s%nV3z7!uM&C6&$X(Aa?~toAHK(nrcpQqoV!;{p|G!=BVL~`
z$2Lg!s)5c~)V~NLZl`;wWwXH~;%Q~q`;gTfOTh<s8ur04&$is)8Ce1?EnT~)h4?D!
zTvqGuE;X)1=+}<lgx!mNC+Xcrr7Odb=gNhYTYi!*m3{*oAE_ykyz8~byIrEbAr!S~
zdi=1_@6liU!rhUjC?OMgMlz0wPI2F}s6TfZPbtq#NWMTlD6f+uSl|CNlR<L@(^Dab
zItU-B6UW`tga1K^qnyzD_wg4Q(e(${;2=&gMVeka<f!Z!wc|Dk{fZe$0aVD#-9p1u
zR$z+GDvq~(ACC9;-)eL7U%@*tWDSCX17bfzlT^`z31up}QqEQ--a3kx4P#V__KJ!{
zM9r#2^4VYTQhnNs7W11r9gi9skF%YQtiHwyqM2|hTU9{b7JDQ%sN$4p(%(X=?Fx!U
z1glQJM}5{%%80CPQ?Czd7Z2EM%se)kLwrlun~j<!(wpTgP`YB*YOEPMlaN8JF6^Ug
z0k5vS&SD46eH$hzVP0wIcq1XkXnG4`xAa>1_{-+9`axr6nyM2S-w_&W(f4~aMs-Wr
zR~b%FG|~2|tmBvT5l?!w2^;&Pw(Q07V$=%8;_{<*TzN}lQ3h+6!(1x`4zR|-Xeu3n
ztt&~gfkcmdKPEs7<C3dad)^_&hcZuyk>gX-mnpR$@fmw;RcJwE`&yoK#Rb>=if9Y%
zIRiC#>=s4~gtpTl`_^O!`Wi1^`st}zfd>SQ%CFoCXh1Q=lYVtnCdS>Duh|^+l0LAb
zdO#~m@ihRWW4smBV84!iq_RZBy=#7>4D;4Xy#&u5X!JE#hur?8nr6tgr@+L*BhFCA
zr1VWY`OhEzMkQ}FX?Qtt!_<VNq67ydjkxNU@PxWOm-I`xfK%@rj#g)9@jziCdS-H8
z@4k0oC5ln-LMYB!L6lK#)T07FDR+XxhvW^#TkN&Td-d(!zJ{7?F~&sl-19T>j3t}z
z^S<G2nHCg-v&ewOF;KBLKs6>3%0Y-i%7ODCK0E8`CTU2vPS1nuLN&ZPru<U%D+&j;
zS7U#T1)0?e8nz9aDG;~c$6!z}v@*ETCU+oBq&=N2ee0(B#z-%<L}WCGC=oLI9#)#J
zyZ*JwV-@*VNFHTRYvg>3G3j=ede2dowxJ^I=~JyD?|ST1Q8le(_v<E@GG6$t%@k(s
zq6((*(WwnH<nDvjjN*1*MBTod<=v!Dax3D4(~M&76};IP9cy8P*7WUHC$oC08j>}z
zMKjeWm)`A6P}Ne(98$@DG&V-L%CfRSU7@Nx6GMHwHrSGBu3XpJ8@yL0vq5>(VJkM!
zEtc_c^xEhG=~LiNbvczTa}iOm*;sOqA7{!93oMF+*nK5NSIzp<N6iDZvntl&yZ8Ee
zh6#3K^JlGmTpUjxbmhpTgU?(-vqIzDx8JtD;iK!UeGA4%aft$bmeCiDi;f12%ZYx%
zQURn<4jkU#L3*i+0(P!zpTI<RFI8#}*{$<ly6UfQ98cn%8Uf|U>hoo4C5lWu)M^+0
zNAgrCXqNKD+<`~(8i_Q_%xZZ7;43YyrnIsQj!yexTU*<e(YZ>NoHA4*{`#~shEDfl
zTRXee(Yb8!z1G&&dv>l1Iji!{&dv_`@sF7dTWf1;7B!?U_hSCWGrUK7OnIVb{^{NU
z9pl}$;8cyG;~-#m%#?cpr?K;t<S>mWfl*FMSHr&2x72G3e*PV2tC_*=8aElAhNF4J
z=2xbMjTJ~YfUm3`aYi~ytGOtnWf9l24yokkj6^ZSu=0poGHuz!-TrSRO1qp!WVPUr
z85N&y#|vB;z+-%4_H`4Cb7#CPWTSN*os$T9AJbY`=3MG(RS~aa91vuFB8dCin#7wZ
z?(|6{aF_h}+Ho~OpzDN`pZ4*}8E1NFYjD;;JnfT+;Q_fW=Idi~%wfaUpaOIL#FwVi
z=iE?h=gXbxY4KtHTccb}T5gu|Cmb)8UaAK<!?~#+^-Q+5pt<_{kMK-Sm4zrq?B!Q)
z^BYj&c$Ac<gkY`C)sW=?#f!Z!V{P2k&_<NheR+87`}>GLO0I10F>i`KS^A80?5sc2
zS=lX;{rqVeXI^2YA672@eQUNPn%O5xjr9W{!o<zTpxNbvq;kh`+UmQ5GKPl31M%By
zmW@)CW6bO3JdnglcNV+FGj4Biz8ZG?wR~?du)0B_v9nlX>lWfYDL>x3043hPH>tnn
z%kGoYPod{YAzJGfl0#wIpJ=}A7Q;Jlq}N84FB)A$+ColhUpEQ1_MA>)(U5$dVHEC0
z7p^Cme!3k<o;<_2+3$x2@*Y`~FJV9iURmUfJ83rjjnF(Q4T8y^-a{d3FoSqeO{og(
zZaaQ1@`ZCgT#YYd^hZ7)H&(ZwI&T{L8Qexz5sOVsbm>z|ER<md{W!RY(i*^1{|VNK
zR51vDOO6LOth$RN-QWUaI~eU-l8AF`oP)v+OAi?xR<M&ZtcU*rSM;p*BEu)`l7iac
zO?FszXC+w#Z}cL;!#iua=Y1YpRBuQR{;dFhdZgyCQV0?%`tH}P6p;aSqh8;G=qk*?
z@GeZaS5}nB2s7=Y)xSj=jbH8K%*+DOLZ5`R!^_p*EM%-w_1hgubXEM9+gGsN&i0xK
z){KobP6GXm``dx#&uH8hKIIvcScz~MsVjWacSbBRRC}xSBQR^|uX-g((A8C_Hp9fa
zT#|x5&g#lyxsTbHmppNgeWz-7o|GpVT*kf!X%wTCHe2HNC#y-!zltNxXzsq1ODdFA
zEgKkaGfUhiI^Y+i+A=6EPbabenke6sae%XxeJwV-i)FHS5$~t&NDgJ6EUHaF8+lc6
zUv>y;g0Uf944AoBh3H|$Jf7q9kX+@M%=%`6ctU#Y5_0Ks;AMo$02%ZghTROpqPXrS
zWu3?d8Nsh~c~$}VOat_O_P$8&P7{RU2Uv^8FJo%LEDW!X|0!$u&6*vSZ4h*Ax&{RC
z))nziRD6t|DO|ZP@Pw*qbdYU1LLdFu7BZdE$qU{RU!WoVjK~$BwiwvD$F@uK&GWEk
z#3b>Z^|5AN!W~rZJgSTJSpKu@gJlK0O@v=ANSqgUUh0d8$I4H+PiuyHb#*vOQpQHT
zr#bjrd5+G%Z^aC&?zZg(HE_pVuhbzuZw)Z-tRX&13si&A*_5z~*%5BkLy*$XyhBuN
zWxJP@7EWHl#Md916-NzRZ3)<72dnBB(D|baYA+B4Gk5eYJeB0?D0l2ZbwqROl6Z@_
z77&|X{5Stb->HYBS=zuTt<%;etuVo=^k@f$L?kT4yyqUDUUb?2o~Sa-Ub8@CVChfD
z)~&ftpdanh{qu#suMCU6@3^`&J99-s6&Thr7lpChP**5ddenn@Oj}Am=av;KG`h=B
zR_vA4CX~!7k~Er5LiZBn%fnZ+_%p?-K<^j-H!>xx#%lGgJ@mKWJ;%J{P8@TOCD=jv
z8NyfXwXO8z-x&V7k%kC?{z0K;ioTQNz<jlie0%z=+CY{cR(E6?tig9A_{o}cjJK<#
zZ{|6|UMAoS7%Ft4GdwMFVV%RvD59~vDZ6D*h;7Q{EarAq=gVKPMOJZ_+qvE`!`Q3W
zq!s+Bc6zfddB6UqgNI{O9;l9G4?e&My^*+ct9=G85<4LrIz|1qV@Fl_=5g!S2M5!4
z_%g!ZIzlh|-VSC&pkRp-3B8n;s~Wpu>^J!A_j@UuZ{cta+bPzbNTVYiAhCQJBVmc1
zm4hLnfLL_=M_8%cW_|zK@PT3)LT+5T>@9J7XS$)P5qJu0ESiS?QU)HN9p8R^4Zpy9
zUHbSM;W+^(lKcA0tUmjd3@5<`=(E?lwb&-&PWvpNeRmp7%t&%>3sa;C3wqS5B2^1^
za-gp`#DSw6bw9T3{$Nx4V1j@3OYXhoy1O-1NQWi}Dku#~TO@i%brkg^N=1A;QP6gg
zudCu+nG;ISXo|x3B{rK<KgyovJtnpo;~9bIOnB^6s+Z%CU2UdYanT6yy4+ch|DN!5
zR|ls5I+A+8BA|YXN?nYq!KdL3)}#*)X|c?8`}iJq9oPG_A*Yar_W30Ed}->$?v?u|
zTV%}L=x?sB`8n+wvHI;{oFwJkYq~<sx>okK>VsRLLdgqtFJQ8Tso%v?&Lw+MmC&l8
z{l!*pUtMF9&^bJ)pjb@NDhH7-(S!c>_AFw0rI+9D{Wf!*$@Xm|7<9Zy<Tk$kHzCH*
zYmBS9ZlU3`2U4cbM??J8tASjec*`G0glF3_Lq2fgl6IvMjbe(+)*6^)io;Dvl0J8n
zoIZB2h7q(6^{Rb3y=YXOD}<PsQlaaX5bxikGliU^pmhxzmq5JqyD&RX|9n<;OpK1g
zkqL#%#d!cX2b~(ZQzeGC3GOgr8UF<He&6zLxjN?Xgj5|F3+&Lyc8#qq?BxbO-nM%h
ztUEJ}(kV?f2%qm)cTGaGs<StOJGRxw<GE%EXEL>uMNN?y5<aQCIqMaDW!Z*BZW)x1
zj=!+vv0tT`Q34B3g)6iWin3n<b*g7tR5`&pSTbE{$1Pe`J7h^<y8>@J%`!_-M~<#T
z%wQiwwr0iLZ7z4>NO+5*jC916nYp{ih)H-;ZOMNuR}D|WtobCfB`nPZ-kPLOskL-M
z3YM;wLz(SUxFVBfbruT$h;y^l#xuX_iLmgOpuMp$OTA~`=~chZ{>2*umvYsr0(<Fe
z>fBKpsHnLKV$da+s(zcQ@s9kmdlbLvqn6?Emuak$_4_XqH0LaGv9**|N>=#`L#z!L
zDcq7H{JB$_l0_JSgH_nJD_(J&Cq|K3#~=ju-tFPA6))xq6{1_}{_U+<f(sS>-d1CY
zws_EYSnomr4_7x2flKu#?@+))sBr+7sZf8}Aw?wY!(!!v0nGm9{2+#Fwvy5wZ&vO|
z$mkK~C+}tcF|Jwc$#g%w3dLQjyN79&irxSy>`l{vPr^+`2j{)wD6WA)8ucXXsDQUK
z{L9B?$6?9t)XcZ#o8raO4Uh8DAc_kGC9dm<SnrAc&2G$34f9zzVcv%LAfLp<Gn`jH
z0K=l%xSCFaU%AdgmCgba2!4!EMNHB%Epd66juVp1R-33Qu6#PC?RWh2UI0}7g$-!#
z;nZM5;a*&?{WPl4dl|#ws`04dEbr~x=Y-iYPDsPL%=QHTA3)F}twO0y*=X2EjW;s}
zdT@-URGy_=I?VUns4C{d9EO<G8*LDxPGMy?*S8_x)@oD3WFtx!52hr=xP=r$>ug4C
z1#U?5lW`ABxE6lTfO-?F$!Xjnr;!l<(`R-XHXl!YtPZ?i(eX?L(dx8|ezC`0bkswE
zZV6Zz=3VK0zVtW6>Vks<%7W!*60*5u^pwk|)yuo7BHR<N=YK!@*f#WXs~v}@OGa0Y
zBh85Y(eUl!>HXwQ-@rcfkZ|$Kbe5<i`t^h^)Hl&8{)UiGl3T*6DR0bi&+i;BxJX>V
z`??e#h-|bh+LFpf--|re@P%jRTfCDvEY19RKo;nSMW_j@SlgykpAg>GVk|HG0qXZH
z6Nkq!ILrs1U;^#|F44blOm;){$mzn0dHtg<!a}J#_P+FR%p$*NyN~aR^Che!?kp^y
zf?(GI{1m)NzxBVaZhN!d4c5Zay1pOSMnK|+M!x&P2?|&1)dDVq7Q#@JH*#`qcRP;C
zBsVfpq1{_)ORF~8N&9YQ&?jRUt%425NAA>bU>A0BZGj$kK#v$!Q6~&4b8}C;jGTUm
zaP$DbxLybemU}~tg3$;Vagn*cGLn_H_N@Q=j%#T~@P2M0$qFiP%))q&;<J-KkuvpP
zspztcKH)YH{6r6~SWICPtu~~%mACgGLs8bL?1$)3!KPzyjv=kpMaR0yd?k;nu;YQx
zqA_*t=k+m0(b4=-wf7wd;F`LmJpr-DhY#)3LO2u^XMwDoOQa<+N};Y|YDNf+*}}|K
z-lZ@9<87b3>3iHB_|t+C_R%8H_7flY`hQ<-+UY8?vNkzOl?(pQ!9Gq^bBFju>~B>w
zUNumHsn4uKAG6x9wAUhe?7T+189Rbf@ri2rb!~E%55HC+gkt`^RM#{}dIH)9lh~0k
zWboET#R05K)r9TL+u8<9o+Ks<IhU!k7hKD|FOcsc0J!PbHC8UNZ*7B|Tz?OGv^@H|
z_kDZ^1qb=A)#EvK%LpHrOW{l%Da@vSD~B4?1&4PSp(HS0x}C2$3#LCS@-^wBxSl_j
z_m;<g-Tin74mO^zFu6(ef&=-aks3C3SCS5ndQ2n}dTuDhqA77zTQGW;XQUBdb!>){
z*Tu@))NI^a=2+S^;IErTwCgVT+M!BQThGkF`1yIoSYJ2-&eq5C13p_Oa=0fd1S1(y
zF~rDu(K#02hRp76m_iYG%vM-b)?^uCg}OKtnUxo7V%yaWoF_?)ATnZ#FC5kXuQL9A
z`#CoB=_8>-))Ka`sLsUKo@9%N8z_K2;Km87Z-wtHD3S#sZoWuaXP30hwG4+*t79^U
z^JMQd=K#lMBc5R-D5YfK{XKW&6#c84c3mi9n*4nes|`mj>*nvkc^mV%1U@V|;Na-;
zv}PTg4rH!u9KtnGNe5|(KrG|#2gAsg7Ww4bP;>5OOhKKWvL#RP8ul*Mm&})i?<cM#
zqqEJS<2Ui;fx}SARcQojoy878Ip1)kpF6REbYWNLilLcrG#%psqFXRT_mbHbD7mM6
zX;>kb?(`rk1DIOje0czs!sQ8R=;mQWaAq}flEKG!wFp71!bhZ{z7x^3R+fbzYC}gG
zU_z<3TA)<>+6*I!CV(#4BW|H&c=uPK<Q0AX8&-q&)BM0#wc@P78}<Zm;I2jCx@6dG
z%Fb4cOX>4q{xMEyxgphqA(o5iz^k72Vlk?4*=(K)*kBooRH1rXcRW#vh8dEJbvN*r
z<6S;7TZjxQ$2TBvG4sDbZQ+JCjIFVKYk=B%;irdgE=?|m@-IuyAQF@ES_liq@#IDT
ztY~UALPS0{9T2(MhM~Dra0Zg%lQC6f!OC+Vh6QV#92Y}YFRH`^&(YfG6>uI)E-UcJ
z`tr#AyDVFXOZwf&DQk8rnF#Jj$6V@e2Y0<)h#-q0>De`-D9O=bNjoV2_JU%lS2rmR
zfv{2!w_1-Z^OJr1s?|b0FA4w@HGftZyvOwVj}z0Q@6_uk<wyZHJu@f@6A^1=!yn30
zM!}E0z@HM|+9<Y_)HOBwrx=UqA%c|BbW*ahATMlxrgX2`BG5sJslFBr%i9WSz?@D+
z4F!8my&1xc;hT4>MIt-5f<psI^83}6P={S_gj-E<%`nMe<PG^TmoXIlA(dPNp><R$
zxV0IZ(me-GJCOKLUrZoR;lY|rrBsA!!4Xp8I$8J2LdbZdD29w(OrN~V8<9-c8XiDG
zkZTKDSw+Kcox2*>yc+&z50Zs74CRr%>X)i6Hi`)}b;cO9q1BI$c{WD-_Z60IA(>bR
zG*T02!Fg#P+j<C9^*~>NPtGZ19Nio?#IWtFq<;0LU*59P%T<HZ2jwy#FT~6PGUywe
zmeNU%g9n}jADgoHccPCgDkhp+pO4FPY}+2vE5WD3vx^!SOaT}ul?v*LzySX=tAHi!
zrSkgk#~ZzqrHy`QK{+8;ml$v;c}Qh2%rdt~m@6Da1vjaU+%|jS86gcZZ2Za*r~}Fn
z8!Bkw*xmM*)gS4sP*&EhDpr3~c4u9L9Mx9#e?G}4RH@{#Nt_=Ha<%X^-*Y1T8g=4=
zcf#@%Ln5IJ)cswopklN))d<);x6e8^z}6z)KK*%tPXr^F>5jEUNR*mqX5+bK*czqQ
z!S5=-i1rAqb5m`16HN8;Pyi0qvZ<$*s5S~i7>c)s+fga)IS74vWlroMD7ZOBaf<5C
zx;U)8z%#fPV$;-RGPAgf9c9e%G^jkcZir3opQv#SmPxOg@~7)JiT0jj*VI>7Mb{JR
z-?J_L`&Ztiaxp>9_K6PPA1l1UFdwtc(ul5UU#`N%oBJrd;Jm`|Km~5V;ovj`5Ho8Q
z9#4Sf75JyhsFu79JHsI6Hc}&VW){mjAHYKNN5S6kZjP4VK|4fW(G!#x7N=3~!m`Nh
zqUx!E9lF|>fq=IXx{$75+F<-f?qorSAsHR$`X!@0p;GlIB7k022VebwRc%sjd`-5F
z`1LPnC--@X#h1GLoK8vo*(6GTNL!PlvF5h(veUc}uD^4dR+W1+Me~7|h2vN8!gXQe
zgDZx{1yWGH#BHMue3rxli{t}h;OXKP?lxOwPlbdoS>p(mft}LouI*;%S}Y#*+lPwg
zcRcT$`ipZQcS=8RZCpndevc!*Qrx#sUBzaFh!qRB51ittb*L_p?Z;Gq6Xf!vl3XGM
z8`vMg=}9MkCFE(%qIcWZDcqu8^7|7`1yzo>aad}M2EL^8;Z>SzT)9?6r4hXG0ihQY
zn+Zu#9+5KKx*fv@SsFh%>r0uDOZ|<=tP^0NaUJnWaaER*S_ymi(H>-{--ch-PHjNW
z#u>VlQol~n#uJ`w$Fv*OUMhxt*BNBr_=2u4S?iKf>ZqdGgv;a@m+uKSK?3+Ian)C^
z(mHL_v{h*Q0_tWBj&lQt=kmBB;N@hvOuBoe1~EmRNDd8k_e8c2#d1?}ccCHgd@Y>O
zHQAQHFwehh6Cn2bmW!<l2L5P`1wx_J13X{)gjZM(x&pP<$WvGLHo{thg`%;+;TpIM
z@;pn~6y>dkIDa%_o<we@7P-;WLK(F<&(+^`I048O-){FMQHG=D9Vojh7u4{!HY>*0
zDZ`SuGSM%m@RR@O%kUf~vGZuljvOZ0ddOtx%E>g|AmPTv>vj;7&kv02X$^-IHC}wT
zZF9M4`~oKzvuUJI0C+^ptY+kWjLnB=TTqtWa^R9HJCCJ0IdH|}2x3j&rb+_|o1G;p
zznm;Mr>Z@C8ZFZr4tU3ZR05@FeS8|NP`#5wi_}nEWjWB{zqtT9M$giWWEPaT3Vv1E
z^9}^?V`Qv<6{F;c;m!NT*)?yY)`it>K}7*rHlUs<red(k$dOph*F4aW0_r@QNK}5o
zD#BHRgtJO+g!JbtbU^nFg@^PyL6`beQ0OL8k!?puS0Lvb0l!(3va9+xUbhN){#Yri
z={FJM-CGeGc5u*FQy5gkeA@0fN!hIg8OU-}6QDjKYd_+B&Tggo=Gn*!#jpGMs%`p`
zb0nY{eK+ske9+%(aQrPCu8+R#ENzD|=c%?R3v?S*yMI_lIQggWOgj*Oh@N4f`0p8}
zAf?@~WEM2OHC38ZlDA!vJLuLX0he_!No_s!<J2HGi0zbHl(OSC=I$?!vVJ&mY&~VA
zuz>*2p8!xB)!@)!5K@r@?NuT*%-RdZo-zYMN5F}V;-t7`d7kAl83pR2%eV%jGX~p;
z4t>$-fOj<S&Cd<v<qR7y&q9YwKa@M%I)oZE5jjJH`TK^Mr^+|{InL*lqlwtAsf7FU
z4z{5KOIzgbDi5n&?|}t5MP9+(<A|5I<`<n!Z~D6*Mbj3`bfdeU3H4l4-@*V7Vd%Zj
z`mX1jrkEsbX)p)+^h}#;)RieQ{BKtSEK`U9sHM%Xg|djl59-|UTZ>Dd%bof*`)VA7
zf`+vn0Fa&nG8N9<4oci{lwr)gIv7yz^x~0I=Oxx+-Mxxz2mpTTcJNcWe8Y(xK7Hb_
zJr=p~%#11Zqqer~HdExNldxW~0ZT0iolJ}&68&<rB<dP)ho=JVnPF`iGlh!5MYe?|
z76vaQ9u_=G6Ak|CvkLU@q`Amv8Wrfk2lr%zFjN5p3@Bok)*);a5pvt^*{{pww|oF7
zO$Bx^y0A*3h9Sfy7eAyWhq2F~#FdzfPv+v<B1;~(2RzdOpbYWJ#jODVC}sozd3`)Q
zB!-&2SXg6DJ_4lQcX$9k_*)0Tb!!Mb<OL#t{1y=a)rn0mPAjB=0i~E_`<dLG4crDX
zxD8?elrXqH{D?$%&f)+!BANXQ0df)<K+c&359yapCl0RyJux>I{FRa`Kc3pQTT&*j
z6iNj;K6NfKQ+zI1Nyb*(gLkx2K&&lKLYFW24gAn3ybLqNAFahzqj&YGkf)U;Rr*$=
z^{Lad3z$L<d;bqvZy6QG??2$;THL*Ou~MM86^h&9?(XhRad(PS+#MG8;_fcR-Cgf|
zfB$>VeQ{qUC&^?oyL<Lbo;;tVNWG{sDjN*u4zButvjdrBh>+qk-w-jL3$tq-yBfyS
z3HXh&N{Um~!mTMRDMidlFskaugb4WIebmZ7*4&t!<i#e1I5GaoTB}+B)zBFKeUOr2
z@(Nb(+S9C}#<$p4EEvAlX%wuU5lg0+cb{foZGsSND%tI9ts-Y8%?teqF|th+o(U>%
z4>12}|F7r+38T~Se?@MK>6}e%qDN*8GlB^Su?=6|qEw#+X?t_Dl6=J&-ugwFm-24e
zG>_2c(>Xck{+Hbp3UX6-_7FR{b`fcw$QxzT{EfCq&%?O}WN~$}p}*tki7|9mPEzF7
zeCdo5y&5haPmr{(7uV%SEU(at<&23YBjadHw7fT)rG*K|7#|YaS%C_Tokc>sOm%=G
zNz!^qL^<&B_p`4PdW0^z26nrI^qrv+fsm>aLGV6@2}BR*#|lG#Gyu-4YN#2xp^P<v
z^Ps!ym)Uy?LihoCy69qs-NULfT&VOL;P3XzGC{w#y{8ODYyAoT@o~ti#koQBy84Gk
zPr=1S#c$JLdVQJ_KGRxKpBH({CT01$1}pk2pF-G11p#`;=m0_d>Of+W2AiSONCg24
zwaLP#$bzwS3?)U=aeK*;pm5X1WxytHmyDRJAov>JySs-)ap@I!`Cv_dgIK;aQY3;9
z#XU^R7c@@t-eOVo=F@AGR`hVe$69!fMFEklLy<Y~$vNlJvFNvS(CRmwQ!GamZ3-9;
zv9$^U@4p(%&(s{hmzoF-{g%VmTH=GJ+-Azy+t!;exh|C#IFPmxfDmbizw1gGUr)0~
z1~6PeCOZh8rFkrW*OZpIgwIQ@i822BKk)aWClYVxPmZQs`>&bJf6c)EUAgjKGo78b
zmkwsenI=LCl=dx=j>-BT^bctqdjd)f53D?1rrKHjvqkl01M|ylJIAMK4legH#S;SC
z&ViR<?*CWKRyC1Lpk_81RsR1qt95n_<(Rgu4;o$SQ^-R}W7<QDU)MbO_e*&kcBsaU
zz7XcU{+<dCB4<%y++WLzNgHA<K6AvMGR#thF<Cc`z5^XphzGIW+KMjT%&!8`AZZ=B
zFb~_E9fE(4E!Avq&3L8>6fUH#*r`Cg*2Y-Av)rh8ltDEACiiims!IVDn6xNbG>q#a
zal12<hKY??O@^p0mCtAh5g%uj?j$lep#${HTd}vo$c``}iVsWT{adcYY!&~AL*3JG
zVsAl^BoluAD}V<&by7Tay80_{fcdhA6|KpHXGD%?$GE#49ZdX(uA>^}@r~`1+!l5S
z@k@MigjJTPHUrL-P2+dmLVsKxC@J5uc>jl^5{fNWOwiEwuqLh+gyd;NTx}p7(xo|O
zTYlQo(-{HiGD7h(f}<z0SUZv<piVMYR=N3LSgBvign|omPb=o|f-UMDuJhNu6+Fvg
zT=C4|b7eHH^O(!m5W+C>^qtj-+8^fpc5FOP)r8XR5SvvbA9US4gC{$${^FLj;~MJ$
zXgmRq(7x9&S=g63A;E8;T638rCfGh(I04-YyaEWpd0?gVz)yrOKyPt}7S_E4ta|Ow
z8C#sxZG5m>m^F)#n)>56A2ioST<Ddd$R5$s<&|=Fxs8*E%XB{Nrio#uC~)MkcHpUY
zEo?kI-#UJzH|%jKU(@27t-*e4G0+vhad)hF9ro5v66TcY%)=awVy9V!izTUjb1rvC
zB&_*{Nq(2GvHvhz_@`z$EwxfoYpgnvg&{B@e=?yL4d?vzjItF>rl@j#>fOHJyCbgN
z*Wv;voweShlHVBNNGgLmA;%EDz!_?vodYkPMD;m;DnP_8M&#i{^k#ZCnfR_Nu0f8y
zoR_M0J4M$HE-q$E4I@_J^wn0A##H+3d3t5*+Uc2lPUt{4ZQN$MIYbRFd&+<(O#9~a
zXj<WpsXhOIb$bV@auzr|S(J+jC@lzybh4!&vn@VhY!P^d6_{o!_@drx{DYcDtS3q{
zq3$V=C!#QrrTL}7QcGakEl6Pa>6Iq@Dnl{KY~sfjk5T?M57^`10|!)A6akuhH5N)W
z6I9?Q;jO-*C+D|t12SNa)0B<RuiBcCA&U@I@2(;EZCgNpwz^o+|0J4#U}?6<67rI-
z@0_36vqw~cyPG#E$xTA*@d)C5{xkG@<`9I}F`eJsABc(XjL=(paVD3@rUZ|iTxceP
zyHXYphNJC@nMPUSrXE!trrg|Z$XA)``2`e2CJM%C2!px6O_~&DRtp#$vR$b=O`q{{
zSHy_QY#M5$6xZl2R>2W_f}sAJoMMO!8Y}|)a@VNhuO^|$e92JSrX?cknEX+a9q_yv
zyQOpJE$TX4&;j>fWq4-kTzw3<F$C602a)luav5B<2SeoM9^F0n82pW#m65j?GwxUQ
zONLR#pe~h1mmoGu^O593Ckc+x-8&Y1m`)0reK(@caeoF}l%}^{u-ou8v;#}E8Pd;5
z=A7?W#rUv4-_~sp@wW;Kj8ddX>eWwDF;MIK1=h57?d@tmJ@k7vw=Lq*b$_r{;sRUl
zT~1pNMHDvYNLd-DfW=e^g3ABGsUg(_yq2tG8S@}cEEqGHMed1SIe??(r4UgrD=;1y
zS2Zq`k=^E=$wE*rVJM*6$HA2~jrSX1h-~X~dVA*TmhvezEe+9bNMm;tV5Q8t*=HXw
zpc|IQW)#-?X=j%F+h2M2pGzaa{=;IWm$+8JW?H$<)S<F!wdNMJOA+;^LnjcDD*2hA
z!lVckWW1z{yG5RAUT?ziVumEBJx-I<yiSk|wW_izHX0QBkmIAuE{$q0S#|BF!|u6^
zE!8#oervbKWkT;p`D^4$e`x$t{>HY$ZL;!9$YuFe)Kc-PG7b|K!`jn`Lh8Exnl@PE
zPO-HWUHF2dkuMrQz8Epq5oFoGm}{!>TVBwGi-T|sntF==ENiUXrkak(&pug}tyP~e
z0~@QXD;shgyvL?McRuyQR*ovsy?JR`Vp-<vY7g`VHnm)Vk|3;m+H}Nk7A9>e`q;(d
z=Ja|Gb}7l7hPwsfHA)e|c=KX~@2iJd%e}^ukgl`)lDL;HeGwWL>Qz3b_^93UJ4a7@
z5HSl1mHuYYoTtyQJAFS#KayrG40zWz$Mi#*i|hOsiQdq>nU@zIkS_E&vfaMHy0;6#
zc?Zx~1#OKLed%7MC7@Y6OW`JQN6PX~>y07uqDM2AYwC_X#2=+_?Ossw=<dRp-&_iZ
z0PR6~9hMA`%8b1c-Znmx9k6}mw+MnI4;GQs-HJ>`tt(jEq}_~;W%jig;~_U4i^yfX
ziJyZdKJs1@loJ*<`DFvutz{w#R#TRPA~~}P_Ciz$YdVm;+s3=&Jz^8<P2W}NVpo5!
zw?{475^$rKG0tB05+t*h&3&c4WY@P!x_+ZdrAGa81<xfc&Mwu*;S|7CYwHnaNgJQM
z*RPfsofQ^6G9rTye4KwYOcxlL^wL=WZ-!6HQ*Ie|ok$lC+wj&n(%)=yWu}pO6_r3u
zO?5hiYf+-Hd0EL=SiH=fkVfAIAsEBobG5QiKL%^ylTm$k(f<broFOA#3bmvp&Tg2-
zkqTp4)9h#9b8j_Em92rSUp*Y62_F60yei_OLcoAXS^wZ-I?l>getMlm&AlgiRu`GX
zEay06tG2wQu<iov!mp0Ia)n#TQ7Wjl#Kts3SR>_QLdUO@Uz$j)D5&Bt8NqR`ayW(k
zbSVD*>uJX)K2hKz-d|kCK9jC)#L7i^Iz|ySdu!-h%`=By$lMREQl|=Cd7QmzW*@lF
z2@jlqhI&#5=35-A7tRNxTVJk^lysg}SM=kTq{0)gS63oZzvJ4lx)>xURh%sM#22Ku
zFA3j=Em5UJ<k`A!(GmEz?-Vrssf$8Vr0O$jE#Kh@sw7pc?b;As5b>RrSJbeac{-_-
zj1~jiOp^UwQ)wX4s6E?Xa`~n4j92msPutXVJs+R^pq#P@ykY4AFINh3AP<z?*>IL@
zP2s(-g(#`gu*{;vkpe~!q$F)#v5n1*6L&E@2PWJe8fHE}EX;UJU~CuUqQ1viox~c4
zjxwUu&x0L@8d7NMd}^0clJR|3y*u)&S7Q<e752h0ExTGA>M-Zm|D9Bx+j<S9p9(hd
zB^T20cW$IpL7zXhpo1Fq$vYX6>&y9SS)2w2x2Zy05U&;EZrWOdK7nh=GEQIBVG4c3
zi*0;E&sIF?JA!NyHFQf$3<;{pZ5l(873!`x4fts1b~PuQ>EzTgRK9E#?vUtRb!U$l
z0H^PCu-{#_kvR)D;9!K7Na>7%g&E<Rsp|ZA^h}cz*sdFAJ{b4V1UInGOlvVr@(+IC
z&^uRS_1}s2B@<7gv~lZH<vFsW0cI|7mm`|rPkOatZgy1lLGlqXV(yQD#vd*vhWm)T
zm!_m2wK^-2GX`MqXnIar+$Qa=sOOdzItkm`${JW_1?zyVBG{U2K7RkzOofHTJ8llI
zBN&R$ENUVI7l($C7d3=hO%GQO;tHGX71b$K<;F@~?Cf<qymS0?aKZCl;k|9#@V{i1
z&qM_LMegTaCX?NmUBiCvKG||NKe>Hdd$T{X%cGp|sx4M$WcyW|opfX^0E^w&)Y;5}
z^q_A`f@e{h;=9zCmxM^!|0AnzFZgpm?@p%P-$NyZk)Zf(`>eXF+0UYV!}0Y#N1=fX
zQfc25qo(L?9^mQp@DE<8#;0)#W#EuppxVyostz0;qiM@kh&v5c6u4cPIqO;ny`5l>
z#10uVAZ~VuEx)+O7&@7zePi`ZB^~;aezlW1$^PLcN{5yEy?h)VIqq1d3~sAshuG{c
z@L`M7ECrD=ABA?hDzQDv)@VOELXjp4`@=1v*}8p_Yp_W(X+`<JA?8JVjil)Bc96q6
z?_!V%cM{qGIUtxRe(;t07{{BYz1i`#<s6j0#%!myb;3MguSeEv+xFS+>R<=Uh7{8w
z#Z*Cq@bKnhax=`hjy-^Y$@;Y~i4T`IDaa;V{<XC0E4|CZxn?}~!P5nT0{twi3C{;<
zXOvcE;%|?FBsj|o<}*22+qdsq2RTi#6<H*A^&ig4yT=~`e{5_kDlF_?L9=2{M=q;t
zz7a+wL0y}gwy|&Bj%s0>ckImf=?@O>{MOP>BF0Bz@X^^{2pfy7=S-BenecULIxh1V
z+rxU>P7)&4VFj5Iawr}NK!dmg$hefhugjr}bc-W>tC4+?>z005!x`wiAgK7Uo6wf)
z{kZGmrS|MtgVcDt#~wTiUWHZQKvig)>plBWK#oz_^?dr$2dsdDlX4<n3i>flNnoXO
zXy>dT-&&P)Qkp(i1r2p@T-E~G-@Y$el*<z&8Nd-t<U%Jq8Hdb7l(U{cXw;nzp9eg8
zT(W)fEeH&lf_8XS?n-8G#@Dn3wJOvUb6xNjG6+IvDr1?ACCg?e{FJ{>S?W8k5e3H;
zgVB)I?!-~uaDCT0d_+pQL<s1l+ukJ_Vr|ZaNxc;PJe(e|Ets@VbvykFNDIkCVpS!L
zKMJD8MkqvVOov*Tc`iRri67I0K_D06Pk&=S%+ca)c4kskjOPX46w7r@jM>8K`tVns
ze)VB^v$iE9DJSMMWD>S1uFcq`h&)7Efm0~+ng#3EABR*=<oy7Hv1cbgmP~>^GPYeV
zKhS7nHQcMe&lB_$39+oD&wY@Tg|-fjJx#@`VYp#^QAy_#JoqS)mMC)nkGkGb*)6oX
zxOK~B^9t3bH{3e(kF^GOS=->E!aA5T49wYTeZjg+Dj88Vm8;h-JnX7gl8)nh<Nh26
zJ36PtZT#dEA$%TQKjMx5w*C1aClU9t<;(ZjQ-N6U`3a?loOH^pz6YvkZWP{R6rYH)
zR_xl51xKV$P4!gg)3pc~%K=<LT-SB6$TnA6i6`IFY~<WWU~(bPPxxlOt~c0p16k+(
zWM*ud_PE9_eXh;CjOhmZf`OD&lMvD^rD`rLTe&B?^fjNVEN(e}hh%UvNt0F&_HX4x
zC<$$f@*B*%rQ?ceA#;qcY+Mzu<~m_=VTEE-%}LV&mTl&c?~s^javj~PmLWf3NhhRV
zA7P-1QGN<R_ixr)pB{+pICeqwkg4Me8W?X%kudoa1X%?4YlKAf+;uTa;cj2b{)cgN
z_UIBwKl)OPI}QctY~B%Ls9Y_v=~wjbCvxGScYtj%2O(ep5EYU$3Nwo0SWg5c)f{Io
zY^6*^3HsiSJ?+OKDFuu+0YJ5EfD{i%cQa{VGUM0~F<LVbAgfU^D4e}@v7jc#fK@bp
zi6H;j|N4tYfZPOX=H&lqtw5e?0yOGaHpm}76aj-L0s&GB>6$lLXf8_x#U1oTD@YZC
zeCq@lO$Z(U`u^rghD~vcAaF4N1d)#drd<$7H7Q^!2uYp~&CpwY8)#to4!EYp!k*t8
z(h2Qb3dH90!U$_DWx~QgH;m%TB5*lH0T@sXoqdZvflz@Hi+$@1NFOlSw=SsJ^GK;J
zy91110sc0xwl?EmX*9n7!+dOM{C!<~jAQU<nZ}7Y!^Zn$mSfZS*4xQy;d944>yGhl
z6kC4(XHf_?AtJgQJa5I-vAAhA=-U?1Gt}&O&*Iy!sZ-TJXRzp|X+tN|KFUm<=$T2w
z%8O3V=eI1ATeI6kGUe|Q@EQYtVzGXo#Bv%UQ2IC&1)zLpHnqf5#G>ePobhOKYzhzx
z2MG%-BJE9s?0L=?(*24Xg7$Ka-ykn?QGQV{Mi5{JpTCu7M@Odq5zH$IOf!7QNk!DO
z&s?w(J&ZxV4Pz1(8Y95!@Cb`VN%2s|$hY!NyaKynaqc5^WUOw9j`JLwL3*d<eOsb2
zrDNMVY3NaFjzQ_dB(PVrImc;bb*dJDYnR}3HNYT>q-Nc^6XCE|c6SD3s!&rpYO=I!
zda6_lWr~x@kg{SV?>{L+{<E4)xCKQGr>IRng6MDhCmHn_jLe;~&J7>I%lM$bDt@`l
zazZJDtOGw~33AKK#t+9u24nfiLzEwb9CmwYqbLb%&~jOp&AocrL!2LjzCPjGV8*yg
z4DlqQ2MBOeoc2}hf~zrDBb!AK_}J{wDQfC-tz1o?2WhPh?v27PNjWqggAnv7E={5}
z{006oaww%*R#`?p`TQ(;l@96-Ny%XkL?eG$oaG3my0DdSbPBQRXWVr!QVq~3#i{4$
zi78&KyK>f2JqBCzt*1m&wgL1iUK^lSLzMu%Dp&yM73&EAxx()N$kpx%KrYSyAXoW+
z&E`;X{0`6*J<G@oyAvCdif9mf#)a%B7ZuYJe`N%2wFU$6ff7!N5>8h^|I6hYN$P#g
zzTMmY|0OZE^C?Z3OkF5O$lpF%9)H;T=D~hpHlasLJ2t|f_gNwwReH)9NGNSjD)r_|
z8-XUZzFqCf^SWWGeP+5iZu&PkJ>3A|t0&G5EeD9kPDAiLzvbT_XwvZdlstZ9Xag}x
ziSXW<;_QOs3+jbn6XXg-QwJ(~t}k0w>_fwy<05E$^2nluj@JwkzlLPkEl<ty@qXUX
zZzC&Ty<hIPv!T#?3R7M|dV^iH3n1LA^VCuxW(V--p!s+!hat$=#n$qLYm2|Nqp~P-
zTozIu_9R2xn@__+Z0JWd6a5WiKsD|gRX=N;cfzo57vj)m%#Wx~(@>z;aSbkx(5`(!
z>t-E4FQwQb43yd7^MU;APjY>$oBs2IOdCDYz3H79DuxXk<}xk+h+q~%KyuWt`@k89
z&4hjjvvB!Ku45OrTEGxXD;trt2JdI)Sxr0%#6!lg4EYaQ)XmB4Pu}Jzn&?V{3VoTA
z)D-Be#kvo|k3EVeUnilX_t=c3z77Oa77D4{8_<~tIiW;Dyduvabm<fJ=xu$z%&xtJ
z7x*UYwQs?VoYS51QrL_fj9i3cAJ4La7d~E<l<BCI3lX6S*?_xu?UAi3@G+*XWb|<2
z%ZB;fSA;(?8<Bg*cSMrK-dD(!po!7|b<ct~$$<mq<50?y$!zj-O^L3f%`lAFUL12X
z#%KhTyO0r1QoDZf9;6Jb$IDj99d<Y#5(f2=ErM;|Mzf<1FXCK5o@bQSHKGLDjTgO)
z;;yt}4he%9!U)Yd^~ynmrF-p8?_x>gi7i7_Ou3~vO5fhZq6I}JTu;4)8ZwTwCO-Mc
zquUCFbxY3*AZ30hB?|tNsk~?iw`?I_E`K;}8gQ+4-FHELOJJV8zDlvk-+d%CA=tdR
zd(5srQoPwy9mMf;w)@<QG84%G@|sSMj$dP}2*Ylo@cu_YHp(9l)y@hs?p};%xkOk!
zxg(+{+gP|$M!J;zsiL1wW+-#hO=+G^*0b;21&Q7~Fh#dmV=<#ty1JZnSggZR#H!Vi
zXt1Ixia&^0X@cn>yBF5Q1$T?|6A$tu*coH%U9-R8bh1G%Lj)#Zli>Ks&06(NS-Sei
ziOfQxC27Q==FcpM&EiJ6QJ<M=em^)hUI7LyCbqh4Us>VvQx5hyw+0T&CsZYQ-<6-l
z?|-Gm@fn3B`3=96il;u)5&WghPo6}tLxTv-c>aO|lTHi{)_H1>*qb#}5Qq%EzUpHA
ztV%;y<@Ji@im3MksphwA@ze}e*NmaH_Xa&<<kLzW*FX(p3`TYd_Leb8a_E~wb&MsX
zx4d|?C%wPlpD*309y^jRsMbH1F06~z`R1>|CZ$HJnK0Q^$@-(trbJKkp}1?U5;<W=
zTjBc?5N-vjx`}5fC`fCu-@oXu6bVhTsIqp~-~BSf-jW?8kPYr8N&o5s?^LrC#n;t|
z;5@I{T3Eg|l+7MUhJGcuG87ZwPT!yGE78}6``uTR@qX_$Y*LQ<0do?Kg4re^$J25#
zo5IIcs+6um<XH^caKf(6+jXRWG%X5m1k>wItuaV|k$vi;27A}~WIBb+1GY8g4#MDh
zWunF@z@mTQ@eL4c75oQ_qu+TpYU`ZJr^HHyiJ0hbkt&7P%d5mj%d9$G=3zz6orYvM
zk|~w7y=;;l^|F4=p1z3TdFPB@AkOQ7_Dxr>OY5*XgTq0?yGHeS#fskPH7(`VvI^TU
zOjk)l57@Ii)I3MO<s7c=l#hvv7OV;LlC(0x8)cb&Yzo6_CEp~(2>8ECsq52qFFGsZ
z+ILQyJ#a7hoJ6zyf@E1aB=3y41WJkW+58`hxV<ij-9$}yS}2qNwqv{)+0vmfaTe`=
zk=}Q>o|(BCa8W2b=e3Ne2FN($7I=?eR}ecQvu19UF)nrTJb#~gyO$wwji&YnRFiwa
zdV|Cpq0Viyu~*-kx#~UhO;mHL&0H2cC08GaW01XAefBW6DzekH>aF1(W+#k&rMuAo
zHOo}$>yBU&xG6n9X%yW(u@w~0JcpP0!Hpc}gm?(rQf=yDNjA~dH{scxOOBp3f7kbF
zd;@0$P~Na9XR_ZkNqMYQoo1W2yN(WV^BSeq<4u$#DHLwtT5TSJlnoLC!G(})JY@<i
z?P*op5)FH(n{pK8B_L&3>r)YHWmVJOp(s@<0I<B!mZ^^frE88Rih1YJOFT*TID~q|
zS!;MzpMK@XNx>;I5w&RZTa;EWVw$<F_nj`TOUgF&n{3$0m497gIBQ0AQK31_ao|H}
zkp4DZc(?W&p13-nuy(9XYmz#xtv?I$q@zNJq8_&!@u_aJ7RoI!tZhVH5<iWkgv}}?
zO#?Qwm=Tc;WQk{Autu%7Ph{;TfhM+Q(jx0w__ILN)GT>pMA5Sq%I$!7#;eJGedt2-
zP;z@p>;Nx}rY0X6L+^8|;wfze>7jhAO~zR|vDp+%av{kvMF>HHx_8|LJ2%)}xY(EZ
zJAba~gSoa^$$SQU#sln)JR{#D?<#7yt|jm3bL=mp*(xQq<*<I>ot~4(S|j}Z@H*$+
z{vO`va2TxNp)>aOWA)$9RRzC{&VPGap2pU*c;*KiCac`(3>!4rBiA%n$|+4@4#v&A
zm08oIZs3%+cP08SU-KhnO<-tYhr^q74O%!AE=siJOw$sRXT@dRa*YbVJQgiTVAX?3
zVP|^2PD5$g(GEIWc~Gnp(Sj>9wHZo2O5nM%J3A7s{{o1{`oeap4)d*c$M3msnXJuE
zjib@KTuM<R-81&%dt-g+6%(_Eelct#pKSSX%B*$Uicdca!3nFiZrn|WY=bcx*J_dc
zJ`+xXPRT3>v+?S4w$x3LgZC&h!G@gE<XJ`3jFcJq4tFliqGQq7=Cv^7O*(OG=?~wk
zk=D+=;Pp?;XOAgrpYrJ0(`~+K=<)m$x&JL^teWy$PE0zsGfD8(U3CQ*fu!=ilUm~P
zGV9KH!oQQ)1KQ0@0SASabPdSR`fWAa1<nFTmvp5a2ruHiy3On7qK5yWnSbJ!rrARE
z>!jiThi3HB@Hm${|3fpw(zdrKX{(1bV>Z7saJ##(<~LzE<KH`Jp;5ER$8Vza<rW`Z
zEQ1#JjNqm>uhS{(#)hAdGql~}UI<|YHKMd7oJ%s805%i&lD9_L_z5QMnw`aew_MX@
zF~zMGU^8>~Ow6aD?bfG}`WHrOJR%c0wl%&*Cq`*<m<kFPmK$RK1f~baC+s{bOTU=(
zN?Z{%4wCkK68v`ZnzHx;;1+y39`gl4w844}jf1B4ca{Grh#_xQojP8@66MM3E@%)y
zB|a`ITH1sRL()dD9ztW!(S<%nCZ-Q7l(H+{tq`TQi=`P57uH{2bgF*-A84Ui7ZOj0
zPtV%iv;5y(9q4t)#3G8*v-EO!I{!z9(wsZ6>2xh!eN}A@gXtUu4%0Cv=5c)ARbGZD
zP!M0qdp@;-Y0;kXnA|RExOhTr3pBo#{^Q$k`OfzBH(rl1$p2$ijEj`JKh~`=wnQd!
z4Qv8Nc<eF@+KJ43yy{vNS1uAgU&hp;D#eAjW{TE|?bkA${PjUA_V-b7Du)R#^jYh?
z<<hHgpIY(86Y*f`t?;vM>$LWGT?=Z;_?>aCkB!lL?xjm>mRP0H>*GOs_jG)EzJfR_
zjStU65!o=o9VK`90`$~MO#iYz&n}|Gc*<{-gx@F>f@4IMVW>%2r@?$>oHgh+zukVQ
z`jP%~$9zW=N{areZ2DcG*2EI$n0kli1toz+YlL(gZu5)s(Mo)bXm8<Zx*qVOtP^KS
zC_8r=eNk}9nT$?cxsMP{%J?(WPzd=N)Qt39O7|sR@gU9Oy>u45g)}AU+z)TRCNYSZ
z2JCs;ri~?SRZCumB6gVSYTL{OZQ-XUP&yYWbPSTD_NJFpkvkayX+D!dCEPV~N%U+)
zGEEaj;4Jnk*})$Pm^)OET<wUTQA+ibWAdp`3&#0aBzDHC&%ThIJSi76+FvO=L6wc6
zQhA7EyxSKzmA<*&D&ae?%$JEUNNW^s7#4R{`g+M3FCwxsoFMPn^?Ty~lp^kmLciL}
z(A_3ft0(rgaL`(CEcqlpXh%e%kt3&*14Le#I^Wvn71X&W^&VJfhYNsxW6lC*r&yfc
z^+U)A9x|VhRt+3R3F)`?C#GZG@Z^j?<YLCk8pj;1rR|94jF-&^%}lxC-^zJd%UPqH
z4sbWP*d70>3$Q3+8U0oEOB9n?Wno!O<N-HXTceGNsC~2?mifIjyW<cVsUALY;gp#M
z`(<R0ZnIx26KZryDV#tp6|Na=unSGxIa}byAu&<3z2%WDm!h#~J8ADa2@lK)FpDvN
zvOLK#VrEn?i<_hTP358NLGi*_oYLqf&$v3nPVMsVyp>n8XMAR7M3+*b4AiDuz_Z=#
zDsZ(+pKv`nG{$;nuzY7qR(tBHc=5y%GdUF$Ng}gj{%waUccOByf@*F~Q@7@gLGa6;
zNe8*6M}#LHe38mxD*^!pKEvi^-H(sD_f|pls9*5Tp^yTP=ssjr{>Y>pg0B8k$Dv0=
z9FX287yu%<V5USN?p|XBvgKjuHLLkF<ibD6=7apl0TfXLAc=k;-2kNKSir)uY0MNL
z#Ol@^l?9*)088`$Rp|RU3xHdOjezU$1ga1r{qDICiYL-J@N&z^(0s^g5Z=NQpgTz@
zL`rV3($VdUY5x;~fPPZ}%}J12xLf*X5W-tB&=(4z9o-<wA~dfe0fSiu45%ugNilyZ
zA|$grAf_DRP{4RI0T{$g1VOzGC@5K!l0{eoz=%BHB>m4#0=l^XG^79Qr6$i2DiQNJ
zrMX2&MnGHQ2}Xb{22xF-ApaBKNlJ?)tKn*HW`R++p_6Y30S`$742m5{v#Er;AAlw<
zUSe2Ku6_eRH{URzP?0exlE{U-<H>uO^B%g2?|k7dYePQ;9<oI4PnwT+y&D8NcZfci
zHJpc%K1kX~@#iN$&(MCFDNLEpna=lHkh*D$#D$zRhxF^F^6947CSckQ<+F(+HH?pp
zN<qG@1zDb4Mx9^APd1+m!(Cu_vb>!Afwx$P<+~-{(ZPa=@fdRVI?BBqJI8WGZmqmC
zpiFS9>Egw^-OY|QkB8)Y#GqvI^gc03!gY@|f%`{l4Q9rGnq)`RGuoaR;LI41E@d`l
z1B1dK_IEJJFQ;P(g2d}3n?w+-Z*Oqe82K%qx{G}cW~?4c)@%?RAo!Fsj5O3XCur)H
zE83)u56`rKv)mi+*e_XHtLwc#uX>IuX>6!vk3hW-9MWy=iGcaU1U=|ajti+*>V~0u
zMd;!oAAEla==6-?d}QesIr1gL2C@8elkvynla(DVg8S&vWMMIGc~!rsDHmoQYS8-?
z^PLL8y%*Ed(I#A;fGvxj@&<if$tYpJ*kyR-S13v^*UUcFKs;y8R33@xL>Q%$z`twv
z6@&dKF2@6)oG+(_v)=zr+%@g=DafIqy3)aDC<kOdt<M$=S6)_%IGi9`w9hzw5i&jt
z%5lg=d_%x;9g-T2z4o@z@lt<mj11OmQ-5^%j(kQOFm2>m!NM^xBJ`d1{Bt^%8~S)S
zZ`l44+%z$NSO|fUQ7SQ!({@ZWx5MB-X0wq|3@K4Dfe|!5GJDP?6j+1-qjNyjNWg%J
zjZ!+ujn!+Kb}fR*Pbx?hJadJJ(L8{k(mn8)wL{#MlOBZN>>Yv-5FH>Oj&^GR_wO6`
z<3U)D9)kd}N?{p2`ZHn(W83Zvs!bgBHUU+zJDj8tAr)+fHYdwsR54NpRC7Lu0Mb=d
ztT5kBKDzi2ze*V8b~gQA40{mHc34v}l0(p{QZQGZ&hZTXud~u$vK2cLHG4zmB$9Tl
z7JT;`Zvo~6?JA@CU$Z~$e-3m)AqeU&BrE3H8f}c){c0w_11f}Ex5<V+HMJ;=pG<m!
zi0VBFG7mc!LkWP77hi0|Jgp?6h~{WnD{06N`N~1`32>ZMlV^ET264;F46RBo1of?5
zfKWNt$O4GXDZrnI=Gkjm5Ad^P91F1XmOp@N&H(p20h19hioHWA4K$w#T?Y?w_YGj|
zY!nWZg7EK+Mh^|O^aeG?z37|ZZw|cZld)R4LUV=6J2OY$Nx_-fmFUOZ2Q&R{=E+&o
zY;=tAOa``gAN)K;_58`(k$`ABpsvipIVtT!*!>gGAM`zgr`dk9fEobz0;FW?&#Y)$
z4R<LU0d;y`pwPWM7O1n0=N_KT>nOdn_OH0o<f}Po@0rcaiH=u5DakmQj_IRZ1r*E=
z2A1*inkB^>*Qmzxo_ZO95TQxz?2)VRUM23xLblEKc#JW0m7YPd5$~^Dohjt}iJZ5e
zE(r?ECiJEH-RQ~fQ*u@OnQ1Da9&2JopsE(=itnH|Hm1IJ7sS>1_kF4}u!h_(#oi(f
zfrBKq{Az`cZ-O3UNI$GpTAQIlY0@G_A3yxopVWY_m0O6ZDcuM~IGP{q>5;_R5xr#J
zJ{1+D=a~I3I(3i_8*pbxZA+-PZg=FO;bg?jV;HzWg|{4J9^kU<Ez4>b+ECD`;!KQx
z<R{jxLJ_#L<|D+Tb_pU}rb`QkPt!tMFCm>z0<%KY(}-J7a0Hi(6oF~0x_zaIr35S1
zn00d7@5zP1*<71bSl#uKpfOX=UM10Pfsho4fqj4GPy}KFbf^P~tliY}OJEMk|C1Ji
ztYAErVk@&ygd;SK3K-n|e16x|Z;Kd3sq?tolWvlA4x<4jQS%rR+;L#x@yq#zOa>6c
zcUQ-SJesGij@wqthLA1AUT=d0!eIt>n*ET%T5Y*hKF(K9QNXYd@9)eN(t&YC;RfMA
z_?g8)e&{6PK-zJPA#I7SR7fykricY-5dwEj7lXZYX|V5zVbbPTnafxV$*PrGA`tC<
zvnXs4T*du5Yzq-7qJqt^y#1><-vvQ~l&(b>=OCCTLo?UdjtVp5=-VU;@YQrCejm!R
zMw<pihv^VQh-~2q$V+Oer-TN!d#LyNTt@$#Y0b}QhlJPJBZEYjbhh;F^dBkst55Dm
zyv&2H*|9bsecFch#b09@my-{6Iz;ZL^S$j4TACU~1{V3VN1X7Ibl`X098W0=)TVa2
z8S)lCeYd{xhmPvu{80g`*k8OIHSKM-k3t_0=~p$Zm@`P|`((gkdUw3CVyt+|7zCz7
z*Ql{!`Rurc`NWPpdYU6qqWojIJ;*P=Py^f8`@WDL)@M|E>@NrRar6;kb3JKEv_Cu(
zy9^sl%=Z~mI&bXg8S!ZZ_Z!8&RI$%hcNe7H(K8`-4NI4ijVN|Rm<{fB4U8Lj6E)F^
z49igmu_7(ax?IqZt2HHTI&WDyRb%GsQe^s7fAJe7hf&2q&=0ivRb7X#MP?jU#T>(O
zHg(R&eCwrX_$jl{y#Yy34cu}2mV4<?rxlBUlQPI>d;0~7lSt}uf3TlsNw@>i)ahkY
zY_w)|*L6|&K=s?ORidcwfw{-Jc>(N3`WQ>MEl*ivMqlJDvh2bwGR><EZ=_?ajlmi}
zaO7X?IKNkccHr(0rwr*86S`Gc*bF^*B)e9YPet{Ovch*cqdLhPUB+`1_!C`f(amaU
zdezDUuq<;j;W2jof7j(}b?#OM%CI>mr{tsq8BmsV`<u>w4-`MuVo%gOX%%ML;pMt>
zf{4rtp2yVZ4qge8>#FDKrF%pC{=!pA`QgC^J{s82;X-~C<P#d4Q{UN-L%4bmIKb}j
ze~vuJcJ%%FYpFSHsia~oD1JGbr`|Lz?d}AN&*Z<gGRZT&oF5~RKqH^+D)n)ji!uzy
z1G@9~kTU_CGs}4KFSNhOJwb+hi4$t55i(4xY>A8B^5qMKF>V`|lxKY!x;n3-e-5j)
z&V7}I=;molMkO1fp!lQ#8zpDQhrh>U121DQCEi6ju74TClY{q}BZh*5o`KE4_+IaS
z15r8l7)c1aDR3<n9}xiY6bg`(x18xTYTLH<uUFSezs)i<>m(=AQs1V`D@<|~zFU}n
zSz=36jMc1E|2JjK@E5lr?%CE^^$GHTRy)Ro_ZTC`K8=dwZ^7TWN@QQ{hab08RHclD
zL@8g;V`!>V`cZHuyI{H|Zg!9V`D%mqn7$I%GAxTOsIC|%j3lTWFm-`%qcK-?#kBQ0
z$Bk@xsr8BE?`NV@)M>P~FJirWEY-wu%Rzh0zUrCX#fJ4?z^)$4%rRf)`G-2-xt$?P
zw|-Sr3*4pT2ikM1a-ZOYd5X8~8*_7O^bpglQ%?Fsd5>L@Cqx_mmia!Wx;j!jtC>CI
zdbOUSveDtYLJ?}vL}J1p0e}fKV*pI-oz?7d4g>1Q$_TtORWfxssg|!zqVL<|Mr~H(
zE^ANdoZXP&W8eg5JmE5pv!d*KV(_Ukm^xWGQLnDq(that9-cCbPs{E>`*Oz#P0X#l
zpzaINQvf--9w_uR2ID}-F-6H4FOrR%J5z`^YvPZ_M8-eug>O7%!A6+T*e2ZK)UXiI
z;4PuSHp$GPciV(9dOZHS?TdRm#~mj0ZAC_qv7efSkjHRhbkkPGs=EuxURcs>L_wYL
z{N=|?7}e~OtM{a9-I#0fv@6o6>lZ=IzwSq3J7bB_Y+@V}MYJnQXUFonF3vm(xMj=^
zMcH4hU@7zEoMSNJ=u?sz&8SD0&7IW1D!O%9@T-01p}M%4;yqol_q}rq)ws0aU8^Q`
z$KBmgER9W%GLI_Ez1!$)+)}pa{1;r^!coyu<Rw{AkjW#C$f%P{Pl{IDzGfEqX@$C-
zWOnHMg@IC!v<z(eTVBbk+T@h_KZPde?5Eza<*sWF=3r<iumOj58<l74&D>y5wPmT1
zV#N{Z>xxh5PNHJwkY%QNom7ixvsVSvMRP{2Llda7E!8llM9`d0Fw#N;d+>9aB4^z!
z!NP+ocl=w2N?P(>$2`&Al|1+J<<7-#o|LZ%CGv7~>upJbRq{2&5m9dVSI9Z6?fVv?
zAlzh6^U|FGSH+L^b{}Jw^y6GR2_<Tm!ov~+C4lcR)w~kTK+Weyq%E>pAMEl9GTGUW
z<jVN*>E(|cC?$7|J*yz<F3jE&Z>jF1V1MHhWm{qmzB;vA^FQIwas8roc8e^v6f^M$
zN^$j&KBnL~%2>rY>DpU9LoO-T+L}pbGs3nW)nyVPz^+z<Tfd`PX~;xs3eBTr%x%g(
z^&iX6uMQIbG+KlDHWll9x2-#6%<A*x=WgaAoS<n}M#M8Wk2N*^=hdL>e0GZ4J{8Zb
z26g^VV=+vWTMolk<J*2kUEu{FPbytQU>zdU&7wHPo!wC=2rzFxDQk1Osw{8%+w&>R
zuX^W2Y|4Pob%UzK)s$l@d*Y@Q8fs@V`15hDRO)hp9)f0~*fzI?%KA!MAb*0cmb7R(
zxa(zt>RP+KPhqMqKrW3$kRR_gKLg>IUu`BBvBbm#i{DrZO8x#mb#!R_k2Cp-dYMQ}
zpJ5!#+?4&N-}D)$oUA%aOace=F%~L@!fWBkj^@kOwVsTSfsfEbB}yB6Vl(n0l`JRq
zs|yy5Q1c*rV&PlDQ2n9=O-wN`GtoLOSVFOB?j|Ew#8vOv&tLLlc|zsB4f0o7^S@Z}
zA6R*Cn&p~2=F*@E?rU#s9Sj1^z&@lKGpq3I9t(|3Idg&^Ek4F3s|U+W9X|4jT>`52
z^)5tYiN9-Y)Uvr_!TG1>Xmbi0DXzSHrfp1R73(X5Dv`nEPq<Z@jN0Q(4(xhPcWucg
zf=Y{=Uz`P7r#i`Y1_2#I{X_W{2BS<@Pipj~>AMrGOxFch@Cu}cjrUkB_}5sa%WyUo
zJ=^YkYatr<obkF*%=`||w0~{bNW*w5Q=3gf$QJ2O#_fqIKS5HB@q+kYq#@=#j;7~3
zs4VU3e4@!Is41Y`<cn(&*U9*?k>}}3kfDx<;^t77+5_r&?YZm&6jbV_I5MBU5U^yb
zJENoosauwx4vB|}vvsPw|MMTh*@_kx6zZ`J5ZI%w2h7SFssSTm`t7hrA42N|kQ|uK
zs}Ui815@f1E1-JGOAnZ|<5Iwk0dhkt5ay!?%)@ViXrlWKL1kxj9#=nEgj6&@k|4x@
zlKYPu$YOCo>q=Na+MyMSn&V(VRRPogTTXhInjJ_UrmZH_Z?hE62pCWkK&X*35Q{Sb
zT>IVIp9ZGg+aDMQ5WV636+i)~(10sZ1r6W`S4!dTNdP6BdBg!>PL6Rv<W4-`WdNga
z27;R>fZ2P4KR^XYj4>&`+XGGb{tL~bpn!Q*3PaCT17O2l55NL+LV;MV?YJpg@?TRb
zA_$L;K&4wadQIPdm2D(4I{4il03yHzkU<x4vw1QgI*OOn5R+mKP(9j!NB4|HfHXrx
zIokXD-LHfO=9LPd6N3idwV@v?4RZex2HgV)p|h{^u!)jB?UL1>?0A_8#avF2V3aBu
zEUQSsFIh<?{KF|><WTb1o?o&Mtx4v;LfK=G9xUQk8NfqwFv<ULKNvGQfmS#kjBnR&
za513Lm88T#bl;f@Y-WYUK*+H`lhRr?+~_Q@#c9;S5;W>ukblv@g!*?^!l}7xf=WGJ
zG7&OD9*N`NC{gAD8&C55yWVWi=3>ZkjD%@QV_JUU8D0%B3Da{mHUUD&;#<~*9)wiN
z0);5_oH-6L!aMw@M#+foa35L4AlnnGxDC_VXTm#wO>nhP>lnpibZ^nMq>ZXdKDf-+
z?~hPKcM>Gc5jMxiO94VEn^S&vT9;oOP|8g{<FpiYmPny5XCCb-{4$Lmh#kO94s^*b
zY1cUB8!bHIqnMG&iNyUN`Oq-tAMFYEw|y^>;+tQIWW-c&E*u@y{-ed*4t!w$ag!uf
z!U!7(4gVs>{mfm3Y{%rm$Gp(P@Eelp?Tl9*d=1N1skapb=)b*m%wEjtySt7{K5d12
zA|@RK_5d&Ozn?LUy6qkc-SGNZ>0(><srZ8n<S=JJq&I_fFN*JM(B8QigS0rHz0h+!
z?^{PflE$6)e+~zw?U~fqsc2OTH$wZCETX$)Xj>n|KeQoo^6q?f<zPLcX6IL)C#tb-
zevsNTkR(G=S@FeAw<P4L!e5HobnI^;Zq@YwhcyKD8O<wsM0MhL9uM`=yn;E#uDxI{
zAtO8^P~yV8*t308CBu9xKcpR<<d{-<UKeMUf)pYWji}+>704*sBt8Wa=X{Ye#)s$N
z)-nBib=2*5&4fP1qABl03w!w~0*X&uoL$;s0#dh5aL<odYbRy9CNs<Y?;BTl4yk$j
z57*DX4~h4)BjNFxvwjvtb8WdKVWXc+ViJ6d4q4*?<K8L95J|oFR6<;om<Tpe5|LBa
zkz11=<-Fqc6*Z?bedSMHO<|&xrVFV4T*t6PQ6~Z?6Znl5-T*bQhAT)n##Bk4j!gjC
zlYX!mP;4&QMO;xb(D_wh{%()?tx<Jb-3l|ohsEnr^i6?|a&w@Gd6Op0VD0G@AhUle
zAB0is*$T`u7E<JDF369t3$N}zS~5Q)<P6G*tJ7?0)?%ruE=FBQ?m>Z$L^sKuN^-DJ
zsC#iDi|f|94mS@?tvEp@kT%B$wxi#lwD@IBbqK?YCMxFGHO^rf3wLdQfJ~l#Rf@Qh
zD=B4<Y)ojoQr9*1^8OCq<{6XM4rMXfFFlP-vzt)T=p4HtgEu+h1DPDubGM5OsAL0Y
zX6inGu2{;~lr#huUnbp9qEr<R@Ez8O0g)N>(3x#=<3ks7lCDUcbM;mno<?w9%Gd-Y
zWz3M;H>9LtOOX29!{M*<vtF}(AT+?mklErw6E4MuhEzWaU!PUb$sasj8zeS}$r0*B
z9|}3^mU=>6Vtkls8!hVv1NO!{Lzl`T?B+#bBYTW}nd*q^c$V7h(P4dOcp3A&S3VYw
zRE?wm^Rc!LKV;xv>e&^bIAi%q@`bOv<CEk`|7%_$>jdI{D(rxAgTJh(07(Xel(RSP
zm+33&v_`WP8TrYZ-ZHWde;id>c7=J@3zpX<(s#D}unp$d8;qXGFw(l%s~U@(8Rq&l
z_&{orTa<q}v8cXcx9k6M(B2GIC&PT3@tE(UKkq|(b%x!0-UQVI#A0`86aO8%AQ^F7
znzqp}T;pF~T=7rQSRlI_7%GO}pO)U!JE~}`tjO{^^ED=HHMcWLfEQ4_;4+1TC!j}m
zZ&uYfO3}Sap*;)*w&2-{HD^Lw>Ok|+X7lg6qc;^3+_D%LfqSIL`VQ}2n5*W0Fl9-q
z^Clj68asxu1;7-$PqMF$U6+`^c7uG0rv%*|aLasP9Zka^?qdFA*i*~HrYh@?IVHMo
z1GwdHV6WrSr13X<gE145v3!FNAvPK7%%Xz+q=_acj0c@iCgZQCq@3H$FTKD8r~}Vv
z?&4?Ha*!JZ`HudBM2Y=Z(2pZ5dz#!|S+}!|$|XU25FZ9{kZMOJhDdC4l>?t#%GLFY
z_Mq6_TKc}U&4jfj*r<Ba!#?6KTlj;HOH5NOh@!{*KVn%|UF93t4~~+JknBSMQnX^-
z`5V|lBbbGIbUheb&*`}reXG(Uprvuib_h!Do1z^0$rR&Oei8vEn>5|WcxF@f2;^6m
zF}SVY>>9@=wI$=NxQz`Q<142qTbt9KIG4U8^Pj99Oh&9xR)-i(?!(o4i?$gJ_&@xp
zS6Np!!Z;8+gSd0p)b-N41DO}7mx40Fc;lO7--cb~78UgJ>Iw#f1O{sA0;;D6+;K0_
z`3LbJtG~%WZqa_%K#ePU+pay!yccBO_UAne=b0B8TNmwqiJ~J--9OJ8&#mF>W+rl|
zv<Bb(RyAB~dbIdBL`=B%u6G+uW#d;lW!mpG%qGFRR(6f(&+T4+ENm7}6Yl}&k{^Nb
z2c}#Iu^X#<nR$lVjt6#xe;eTq{iW~s>T}xtd5W#~feN=>f3ElNyivj0u%U1B=f!5d
z6k9&dT!)<j)4HG1e*$q>4Whpj?};gP*edOyBYp~%!lM3`P~+)_mN;Lh&}TL(JL}i(
z%%+FRHjaaw{9H#c#&UWB_Yd}KD<4}mkwf=-$kbqRh`pUdE|<u&v#zUq+=r~>2UF&V
zsE6xk*d>YLP{QR`K;_EWc&oz1a>KB1WpRKO6fy?=O)d2KSem-jpa9{RMvj+KJbccW
z2t=dX3pJGb3U!{BU)L69B)Y9`4?WH^T(bOSA*$prZ>9QYTFl`R2ILqQy9&{Bc_TS*
ze~)Y+4s0!lrtNL{->TwBupty9M7DVvL=MNc|K^mWl7ChdH%2O|WZ^d#4kF|6>9$Q|
z0P%?fKOU~i7|15}l#bQ=z16@Yto~mu-v(=qmIhOu1K{Iwt~p~`mOETfA1hb_1sQP1
zxK}^<%K9J7O1XEY&N(?kfrbNnxLZ1znrTiJ>Gn<x-{q=ZDt<i_K6&Y}_!TqcbRpj?
zUoR__4lYZ6+Z-m|qO_2LZx2F^(&;sQ3VL=B+(Hqv?arB@&$#GcF?;Xrk5S>s5+0H?
z`g5sWp|jRth37_GSu!~IjnLb!mg^;MTkL1JwYbA0IefkWm1s1!tB59P{Lod0t{)Yf
zRku=$ZcO8&#(=iZf_`Vc)~-@(afCmSvohhOQ{+vi>C^WukAW!P4Rl{$%3z!~86#Y{
zcLLd?>mT+=adN%|kRP!$zAe}ww+i<%xk*>XI*VsHqi5fMg>~i{oW|mroUnC&-xSL3
z?G0J+P9}6+riHo|HUcl##%fI>!p^NU92o}?zC(Ap`8gDE#X;4r{yz5og%NqpfI2Ib
z+g!aG!<O!T&rpXU=`V}wrrStjZSH}ooNkYq0e`f^k_GtGl)Lhf?(+~r7y-rd9@S2C
zE8ZH-fB*0WuXqMcYqfBSw5y~v84I5bhw-3)bF6v9_2^Zr!|P~1rTodcCyaDUuoB5Z
z4?t^7w|<W+mCTWY|5S+3o}n61x#V^#uHgS+lFj<YTr0Q?B6G}=u%KmaJSi5{|7G&D
zb8k|_Qx}Ql>x)2aTaoA=$z#K?#SOsSI}tc{wq#E>r|4(H?yP(P2KhBS3!PO@jM+T_
z5-3jd);ScJo|oXi+&i-aC`#A9blT%DNe+C)StGnyR*k>x22sheA7qS{VfaAI8Da)#
zADq~*kB<UkD(GRnXs^F>y+5QYL=>w6Bg&sg^Px}f%Jk<v_m6Luow#4LpVvX{+}Q1-
z*X-<-<E$hiZ6f~2a5E=hRHHj1ikGEYX=A4!DkymuW61DxUlw&^#|6Ltos#_-#P(&6
zhbQ$<G~N%#*C@v<8e(a>L8Qsa62vn;IOCh%IFjGbR09^d6Ek;uCma(iR=PHb9OELm
zYK6yY)GPex+oZfsInhiF4`IttKVx=R@@jg?zn|~@5Xy#Ust6}%(<z`l|A1#T@=drp
zi6gFm9j6mE?Mxm?NQ1|tziHx{nNJp<o104!6nOmzQ{}09P@~s!&db}AY)MTMG`cA(
zOSzB0%Yrp;$&t*Q%%0O@a-fna)qxMfE1YQhv7P?vQ0ZE}ZnON_guO;TYTnplKrekn
zU5$rK`b2CGFPW4OeNO}quzjnt{I<0xmubQ_QadU_1DbZVPX)h~1m!Ub=>@y{l-w{G
z8!wEerSaMPvb1HRs)NRS7GEi0Tp~JSt<6$SS{#Z@QG&e3Z51>AoxFUsiemK;?d?>y
zGIT0uW?C04U%cE<lgRX4E0c+?)hr}*_X(q=R5^)=L3H$AAl<1X1_*~~5Mmb+c)-Ew
z6uFMSE?kC8@B+5n-A{5ftX@^cL#Jz<F>3tN0<rhbe1y*>T)&NM?(+ZU|0H<Am8EH|
zjss5h5i<&---zVA*OF1T4!JjFi%JYi*B#Z6EGcbl*I$J<#RB4^N__G>O8b3+l^(*0
zDcK#u%H}A?NDK)i5{7)orA<vd>`pLRnwUfp1O>W4yV3@dZ#&Xwlo3}g_^;$wINxPz
zn%eyD9e#`1ot=w#fw>;MZ#%a~N@~qkJI9wM@A2S^*Su=4?$3<<{@m%V4n9>HyuP}=
z46V%5R=*X4dU*}aMQ>7q&R|~i{~x~IIXbf+Y8dTPOl{lN)NZGqdTQI&)V6I;ZMRR2
zscn0zscqh8e(!zPz286IS~*!c=OjBjJNqOj$wsQRFVOi62=90y$2Ao&8{NOQ9-Upd
zk~KNYApH=T*i~>aQLtZZ!NZ76S;qHe@O&)^Y4mYF+r$)CQ!{jLyq!35tl0G6?v_uX
z15Zn47r9WoxxIhg=t>I_>&iG=y@4R0zE})y@9t8`^%qsagy{Yz$v7gmHhnH-F6YDu
z^(g@mW^UMvF+oNB_x0DUp0RZ@ng?&R`deITO6}lAr3OCt->%w_P}z&~*W4$}LB#fF
z$3OnEgnus<7`FQf(#mhV8|zMpd&RB2-Q@e$%CAm%RwnZEx435A<VqS8w(0LwN-{Wa
zp*6LOUlDrYR25O8$uooA8}rZSsQPav#5TY$aZJXy&DC(#sTRVe`m@~nxg(iEz1J3g
z>-x1Mg}y(f(c-NVQW;7q$1S~J_2T7f^%CL=Jm?s$4WG}5)|O8X-V6|YFZRzuX(+{x
z!yaFxm-=B-U_P>b+~k@I>t!)$$ct#jUT)G)A5<rr*PGC*Lw{CpfwxLk6fwPPoWyzs
zu~m(~@=(nb$<K-u4BMA!>`y2U*OLz|Jq{)Xl*r))D`zuXj1EKG)L@sTj$)Vj9(e~y
zOS9)nHe8t-4k=w-MZ(!tj$&L_X<+doM;+@Xn(lTnp1Qg1nwlw3{QW}c;AsDXP|45L
zS$hympp?73ek~`j>Hp67RU1EtS*gTCI*RYl@)>JRNPX}NAzx&!$~?BVAmpdH>j`st
ziI7nnAk521_m#VwF@pHf3OV6D=r3!f(Oo9qK+6N_a>CJ}eL^1RgGxPiN5Wn?nP1ST
z($&&BNQM<}ZTNoBOWt%evfEwguCiKGS5gytovY7yA^*>5g{YDYv|}2*g30IiH@yRT
zY4Db1b!|od7b7ok!<+*_FXnM)V_?f*0o}+r%gId~pnyrTxsqwt^dHwHvjoQq<wx@b
zjkTgvLGmb&*|JMvWF|5EwRuf&O`T6XVAmijVv{Y5_JS72BW%9!f4%Y&Nkxtu7q)&a
zd760`xltFiC<ib*Vd0+Vw)QA^Z4v6uQ%@<U|Ey-e1PP(or)F@hulg{2za@a(b!O<W
z;%Ek%Jx1`4lW6g>_D;R~WSf49X8)cZQJzik{pBZ?x3dkjhk~v?r)Nq|{Iyr&Pk1k!
zLcDw<a)v}?@(?E&8)H`NYKV=>zX<o+i~dDJ%w<!LEa%|1jwQSz`q5VKNamKANPhL_
zx4Uee;-|(|DGndA<}OD<<|E&4_LnzC<U_q$39OXLC1gnAkMR0R(eJ!9^o>40LAtYz
z;lEp5;!8T@vreWO;3WvBS)INH=B)Xej+F>iwfl-bvelCbL~e}w-w7HkcDtn~F=HI=
z2l?^nFt+CD!9eM-4E)IgE2X}3_TEDiioN{%7JPX8zRxG0?e*$R$y(jDo63>;-CRJG
zmHFv;nF6Z^i?*7mru_HxZMZC}nWI_0i1I6s5K&~_w7q&)WpwhnEsIm^+3Gf>B2Z6j
zT4_x$uZdVD$x=Wyz8Gt_IJ)2d*#0lcpxY5RJBg{;`9oYFs~Z(-vPXt-RwG_#jhl-X
z*?t(ywBbkH9Chxw;A!e)N=}cKO_@>z9dpKyTxk``3hB??yTzU(jHP~IrqiExgAu9d
z1=up5CsyN|kphhN{yPMJt;msvxwlE@e`Xv|;l`S04zoL6+|csw4haF!>#tF2AApA2
z_0BF~bbdh%TBR4Q#MOM@t>m`;Yil!$1`rk|2nPB_H!5q3oL-17l_vur&q2+L?WbzF
z71m|e-^R{ekgDB<-8scqt)i3ql}Dl*IRdLaffe5LSmeM8n?l}ldEQMoj_a~4@TYBz
z5V*IMIhRugozHxPWxhc=)e?SLqSwnbi$(^<gWf}#6Z+bDY%PLl-PL|SRNs-V6+Q_y
zArp}tyf^Q)03>X3-|P({vJPS;Gu1<xjMBkQe48$8{Kwp~`vz(xlS_^T4=q@Zwv%sR
z)6wXwK4$-fyx2U(?LekGZKf?&a^-g@pWS8|ka1h_4oZ%wRvipF*YdDC9=2T<yLk&9
zKw_<9UUcK*_56`I#~EIvBhP-8-XFCz?9`1>cN0?ozN97-9>(!H_d`3h%kl_MmlIFh
ztG#Au347S@bmQT$+h03e;nk@*8n#|185LC3lx>dhmw4l>R6wUOF3VaCbo1Qmw#PA|
z<OzC&R#05qxEPv~NQfP2Jvl1aVI$tC-ojPpF4!aHCiK1)i%UL>+6Y`fL*C;9kRV`%
zh?WEks<d5^QELUv_BI{k+yDYwrp}tkSD*a>vE*ZkWwNHo>uB^@GjFB30#U@;YyX5A
z=d{hD{6F`;@akH1$Iaicww_Dbt#>Q~v8xLe?8h3Sm)5?Y?2QxRGTFf;W{GrSi|h$N
zTX7NBB98UMQrz<X*78(H$YDPhS!_?88?!o&E2=m;v$9H9d<uv~w;hHp&><*bg*a_x
zRIXJ@!?7>Y*b=QT)*;zO{?O>gWFSOG9&vj)kVdwb=0J$u&zIx38i4TD94Eg^9o{a+
z>@<!aj12<W29M3EoY2ZytO+8tA`p78AXbEY?670HKyR-S3>qhBB>t+=T@o%bX^voP
z54UC`nNg@1m2qAb!pQe|$TvL`x38&nInwf;gJ!}R@M0Ti&=HP+OspkQPee9XVwy7F
zFqUe~QFh_~J64*)r3cC3zLp{qrBg7=whS-Ez#FIk1{I-$ootfB>^#9LMt-v?l*PuD
zQel%M4=QD8H2;i+cf8;`+A4GRSQP`dK61*X#Ar5AN}N*~bpsn^qx9;VTino#uVmZ1
z2d4MJsdlcO2H-<hvKYX8d*n4W>5QuNE!ZFapJ*FM@Jt`HiQS}3=J`nBZq3AfO-R8#
zQ-}pcv_E@m3h303H2wXyiE&Rol=NwO2-YKMLial(Ij9i0v^Hjr&jX=Qm<?cFRBV&c
z9QUGwa<5Lny%I>iAzH%Bm1Z=V#J`?Z@V=C*>xom`6|6cCNCCG2DgIEStU@l~fW%UO
zG{s^ZwI#{wjhS9_!>_}B$2vdb@2jTjNJf#%!B*GHX_niZ>b$E({cRA|Uh@0ZRpie>
z*Rg#zN~qcDxY2M|#i0!;i_riFq`K-<DmmfCv|HRygj0Fg(f~F_H9+c^q>r5>?IQDH
z$vl#Ra0>^7U}52$e`S#0x(e05z3QEK3DCJfP9{6)&b1{db!-VbE10nXZNis<?4!y5
z+uf%^1^@6425suQkb`o)p%`|mO@L)auyLk5=1o1L@s(03S{Y6|(S>>G&n%gjqIv4*
z5$@o-;Fs88oae3cTJ-wH@WR=8wt|d{5{at#n}hsW^*$bNjQ~E>Kt~(CvMQ3$y4NzB
zd~Ge@trUfYxd;YIE$&EN9LWWt&~==Zh25CFxfoC@>i^C`#8j3c9RT9*O#a3$_J_V0
zz1lR=6Vj@_%alpLX@52@Eukfu?$3C{a3z9vyYP!-h8-z6G1o+k3x>>B_sxyfJx%0f
zr2=?C&Rs#Q%|!8*P7%f0x?H;AeO=W^{3(f4kZp~>_$Iwk;WntJrk{?;vjLhvcM!j1
zoc(6-y!wj)#cdB+oIM;`J(;JZtu3zGx^Pre>~vLaX2ogsk(Rqe9++Is-l~AGBaXo#
z1QKJyi1dys04XcwUw^<P;eOI*2~X!$hfqNomW_@q`Ak|k?)bLnzW*&4opxRzEQGQ;
zPu$u5!tva=zo`29LX4y{LWld3pw4x-w_3HEPiz~SSb-K*aicqEL4uctU*PEBp=wJP
z&=TF+G9a5_mG{xTF|*y<@<Y1UYL3X?%i>S^tWO*c_}(-MAXhFkjQ#~}H3{jxzETaG
z7POth3`SH?nAw(iEd)8y6kXczcX)>813M~R`dS6+iiwZ|t$)XtobpOWEHvR7OB~>f
z_O|}OV1{yJ6pgjxtA!r}Nnjms_$x=s#Jr*YFSaAmd_Zwiueun0XDkl-sL5SxnSpB%
z#<txE^;Hl>9tfM~2?!=u6UT&f$Xljs3O<U<OvtcfTxMh(^+?^uU%KCJnE;gIRNM2U
zjV8nUerX4DNp4cp9%8P!re+w>85PlsS;h$lY({(1L;ay9U_IXwufdZL^hZ!f@EZW$
zXyvU*YvohEBF?)C!7$AZs5hWSP=~g@QS{4IcCuIBfQ$wu_Yzw-B+E=iN)TMZ7OA!!
zJtL~Ox!U}BNTpR{!adQUY>Ke%Ml7o8Qo5@k74OCW9?8k>^oIsq&lCpwDl4<<s^kZc
zcv^x_$VJC4Cd<!=(#UIslY#{b+W%}1!Qk^Xf3GTvJi56&DeH3!fujRQqNoU9F&Shh
z{`@BONpf~yupm9ityM0=^U7%1xUefd=P63G6g8#L>=v>Z@rBJG3Z#<N$!&}<7eyF&
zYo2s9eV(1cszsy4D%<z=M%Ap$$540oBtdRR&gRCSvb!W75v`yh$n2;hvs}R{;nl&n
z&8hr0aHPt^SVYg^{jM-sH&vl@-$HqaRI4FX>WAImTcvdGMse6)1(|iuZ67>JW`Aez
zb1q=$8))e48j*2%1vea)A(>6YdQ5*#&4#?iqHPP<E2+yEo{aD6>20MQAmCcQd>0=A
z-4<VVnbF>|Xm-XTek@JRS=3(2$MiwT2nr|YnyVU*Gf0eysrG$09vhOMi@@z4KP(q8
z;T2An#St-w(~t9?f49tdbO+P_MWb1!<fWdT*pZoN)o@O?L2&3VRWS;zbbw#w<u0dM
z&)p9^e{o|q57BS$_WBCeaT-8VTl}5wG%EX$80Iq#ZN&7)HKyfaALpiGX43KxjL=PV
zO+&Cm<YlLAa5=^0<Z!{^p@_2@sSMRwA24)SU=>w4;8R6=Tux9}6$o_EE&yAw1Oja%
z391uET<M2XQ}zxT8G%w(BA~-1W}{p76`<~!Q?E0-6)-ooJ(aSAuY;H~LXK)o{t`}L
zE!%;3Uxd?g4#M)c!voasoDn2!1XGv!#2)r1ZDFq=n!QU5%7^5WM~huO`SG?s+mKj0
zT7|p+*Q=HKtHb6hE*4-p91mmTgGrcW2uIPwIMB=UDA)Cumt7P+YC)MWN&qe-q$xV2
zCPGw18Og6-BZ)hyY2Q#3bx_1nIa&*%$>17%db*wSoTsWQx}7y;-EVoG#dDS4RW>Wy
zTb7(plJD7bDa(1aUVp!uyG>v2z05>s5RbsvCQ<*@746|jj%^a=jc-WBvDjbQZ8@SN
zr(L$Ai#FG5Zke7yk7%oc<wB=#al!YT;9u+#i?h1zQ~eQ~-XnMD?XRRek=fkkKN=b$
z+^2F8*4iNXW+4H8yC%s(x)W2IT^f9~Vz~h!H}8~K>X~+=Il5H(VbD>^#&6*Cy5T_^
zQ1IBck>{a^ktj6EJfaLG?m-uq>hjD_n|s_pNN~qB?z`xbYD;t1BR5dyoM!41YI>{l
zVN|zvg4ckbOudx<2NyWVz~FiV9~E^<YNovPG+c0xiqwFKyP2=kxmNL8&19Xdm_kY3
z#<aW?PE|lP&j`5Bgf^aaPY}$?(41T>=ypxh2bEe7U0z5NCOP)K)ymSp+&Q*{JGSJw
zxy+EfOz!sR%5nB1Q+zAXE)hnP@z1cRYn%!yXTC+ESHD;8#_-a;v7W(#+^L$@a{L}7
zT!XhPnK_pMc}VJI{CkPFNAkg5-xjeizvbii{1k@`UlrJq8{CNO$$XMuH))aDS$d1W
z^)#=&ySEKh780X!HlUI|;fLiq+<sZK9+9N!9i+2sd&|@4#t`wC?GQTM<UZZ`!@b$X
zE+~AzIHPx}$&Zwd$H2GMz(O#`DKf!OI&$+J@?FSql-ufW`yHe&AIw0&6FQ^PW3@u9
z(YX=Bc8+JGKP7|^gprlGEK78qdhKowyfh8fT5Z=Fn3kM{&}BoeIXA7HnII}0WcZ<P
zy`-1Akwx+POwL9-PMTdSH(60}YG2s1SdXfzhvW_pMF~*YC<~V2E5bnsjDw4PU;c`E
zwFZVdN1TDfI3J<JXf`E^*Z{Z;YS14V@X;JA5U~%f5}<gsOt$36Mw~~Vu(i_JHYX5{
zizUrRfX={;UOl{&Cfq@f-3n)%U0)edtBvc8^PFTKTLP&BVYT0b+n?bm{@7`pBnw%T
zEdPFCBl8|QSlxr|h<_%o^Ip65cdMWH>y9x726Q&+6AbBlOoV?F2rEhsF~}-)@`(6Y
z1EVHcYOuJnh#B|yFK_mYUZmKxBD7s{XbFSIyD7V~ewc<Y$_<7u#(jceq`q$~8{lfs
z4usG?{)vi1#%7ufdr*0n!Y}A=e)tu36-6H7x6HO4M!-?|nF=8T$J!p4uCCKs3KUI0
z9#50t9*gPpF6Q6s&sv=kwK2SOQ8#4L5c)-o!kt={eyEfOFC7VsVgvRits3?T+E$-F
z2Jjq|y`~`Cb$Y~sDBp)|D9Lu-suN+3{VyY6R{nTN1vkY;`166<v)K~z!1aex4y>m5
z*FMNjGP=s#s><BH&3`E*6@Q8yM2zIt-y=Rwk4}1DXew)M8lKA<@T2kMAb^`xdm_91
z8FpJ7m1ACSvJ-24+XPqmI>oOAH}U4v>FVP>g^8Yr)mgubizTMgBC?s;ob)2H<2J|G
zciL1k$J(?k2{0iL#^Xhqe=enFZwvcc#y3n<E!XSRrs6d%q+Unw?kdqvk8J`NqSgS>
zn~g{$oy{$in``h<#gmr|<FDdo$XLv`JJp_;?Vf4^9krMDRxbC^ykm>bmR^6wo8Rpf
z6R?O<{}_vf2539RKmZGWu^S+p0k--nyM}4JdA0tOLq7)wb$>k}Cn^?<ynQ=WI4ujR
zDL{%J)g`Oy^;^15_1%R>#iCW%a!b>to|<=3QP^B+Elc4#{|0g-jwkeoFh@k_UbThJ
zo-^?#sD|B-cWHWdbUhl<);ZnVUfO1QC!&qbeYbn+mrJ7R$!2V3+@5f(atC=vTH18u
zSY6BJw@%HSpyz%8ck7GPjs7zPeKhtR<hIH$Z_!!5%}Mn&AYOWn{WmI$0a=dF8w~sN
z`%8(C48?*|P&Q10YMmi@QC|%%h>X>4!Fz)Ey{#{N50?2W-nCBEZ&dRtMp0_ai6Xrb
zQi|u!h@)eEe<}72eVY&ISO;i@X5T_0at}5ws5yUK9+p|Z>+^)G;nrFvyw@z=)$A22
zZqal-1GYCV9Bs!_?u*u#6zre-`&qkC7MP6EN^J8mo7{*$=VDvFm?EW&x=1w2pUAD0
zBt|B76nv^&z(w75$@JYWvW}0R8BUeY#9@WIMO<95=YHc@7Gyhxlun@;M`tKsRa4rw
z2r78ekUzYnew0SIj`FAi+ou=@;C~(WmVO?U5dX_g+h^=H_ZoA)@V`U8@}|rk^txQ+
zmA^f3e?o>7u_erY^4WAhrHPfQEVbBH_!m6(f||D5-%8BF(u8#jT-uM{Y`Zgc1GmoO
zYU24E`0NRnjT|Ngwl78b=GRx|ZH?!1?NZN1CyZul`U|=jXWJb^CY2l6;wkGTbg7of
zJf(H%TiIqcs<Lx!E=hRdf^ugjJJ#;(k6bRjM8iJ`4&G*`=kR6~jWABJ=IH5UHk4BQ
zw(<Ppm*(Sp#HGd+Ed^lLsZ&17ru~v{gl@d|vgl?tp-$f5wdHHF)XOAt^%we%x+4*d
zy0nZGqa+C%Q?b)cE3-^$@1RIkbDi0yYkR^xD8SyR?d`#s)~OzaNjO%CYD`&(65KVS
zESDShF|p|nY`>63%<dLK5cQ8E^nPMCeJ=J9V9wv#sybsYKMcPl5vmGOxusl-?xNC_
z(l9d%^=K@9a5Y6gap}8kD}7xXQ7Q`jTdCcGab{?{KwpznbW*Ewi0R=j77SqC85S@f
zrE9ptng`paUK^R}y$3d~S#;z+C*;H&_*uHDsuSL9<dE5vUR$O<u*9J+Gph}*GO<>X
zxjsr6LL1>HSM>FD(e@AQF-T8{xYV9QcuhSVtY|$X4V^M_>6_-Lqi{VsYf98M6I{{3
zNrUTk2pIH$d=NV6^yU*_JBX1m6}@sZ?KG~FTZ&9%Q;#vM%4#%Zw9Y1$LLOK$pbuMl
zjLoXQbZC#vk<4ZWgeeys|5=+S#Kg}Rpbon=1o-~K<_h1tSf!_{*wlpEzvfq@+mWt8
zHYrW}b<cW}B;iZtI8y|(sHUTpc^(SK&4(GNTfe*t>*ZR$xBr*#kjo1g?hI6uij~eY
zAEj|}iGt}6A1{B3r-H@1+D?Dq+7s8BN~sJ4A9F0Gqz9Tih|->Cn6r7({_ya~FCQCX
zBkN1*^SlVn^)zK3bNKC;8bp!GWoBL3!>Ltvj?THJAf+f3^6){Ja$(we(xkZ(N~f<W
zXfZzALDM(9uE7zTp1Ic1^X7g3S=)2#_0qlLm8fsu8_{(X3E4~UIj#*xvbmfU?r-}l
zO;$wxf`)ok35KfFNJj?FS(PgGy}BX-#@*Q;#u5P?pbixtAA2k*_N^t4LZrfsY$p&j
zr%Js?z#Kgw7ahsaXTYpDeEYS~{qq8h3|tSLL_}*stXBpa1otoW4duSz1}ce2`wJ5p
z_!i%HG*X@*(EMRmM<Jp$D%Kn71}%Lqvv)y7wi5*)D}ufxCEF3YND%vOjz~#nkd~ha
zQ;v-en8ss@h^GrfN4@$0)l5bO?u$<%@^Sz}25u(tovbKA7E%Wb^x(Zq43faP76iFZ
ztoHx}j#|R0<Ka)dVj_&?2@M&zAgENkD?2LSlV1Xjl+a5E6~ML091%Z7ASu>czDI#N
z#|Z+>rH4kE!yN#k3^B}4ukM9w02%lc0t%__BQ+U#_Z78N@EtBXpf-;tB3?q4f^26^
zDiLNhV`6eKEMgRdE*Cn0OCHn!L}CgugTK&}sB;Wd;5D!)q|GmEZV!SsuYbRVyv}*a
zLfX7wO9lUY(GQ2==K2=g6cyoLDnt<xza}Im*2|;}p&Q9ONJK?u@EHaIfkOqJ`w~te
zV)Y1v3SdS=A?0vS4)-?~q>G40lZ8CPCK1WxiwXB9FO?xHf|>{Q+=?*>l~DvT@P{l^
z_a<gW6SAFl5a~$SB4D^JOF)45qr&~MClbZJ!%~6ky|+?`wBI|Dfqxvrf^fP==Wl;;
zQ1XX4wwHx`WBL}nV8c0G<gLM}jYhgTAl7>fA}ysX<OYc5yf#Q6gxpzw#DNGUbwTX2
za%KsF&^PZLl8wv^heC>IPPPLCLrvt13-{l|0(BNGJgC9+pazFV_}^oLc!V5l$?<v9
z?=_KJP9_#|$3e?!AWS=z09MNh;TNT(x4-FV!Y|6<pr-wBAq!0>3X4(2xKx5`&s0ju
zz*GXsd1*4=rvJ&JE898Vu>XA~aqpX!)Bti50}oo$errYq*Z)Af>rM*yclr-l%=@#E
z_;@0@uuN>B1tqG`*nh>03DAc%|EstaR9VOWRFL!q74=6A1zJ;LYq}cRbrd6g1Y|XZ
zuRMLk)AawOLy<_ye(8`<SOi>2YLN^8mcN9@cN>uzj5>e_!2^=5Pt#UIgVmCnFxq7p
zmnIXYkJyvEQXNQ55erm9Q<bf1sQL%}3B=|H|GjN~ypbCc+`u3au>#e?ZIG1^;C3#P
zlL7N22KpR%&;iu3pl+*;+m%7~(fAaU3SPJo1oa%<x8R?E|Ahe#A^_k3oKzS-Sbx4#
z2<hn+#H5y26lCBvAWp6}B{R4L@v0^1<m;aQUMZ+o%u7*F9gIQn=|Ld=E0<*vfCAk~
z4uVRJ4hVw|kEdcoy?T?RL{-9_^xyN(GW#N^^S$v2bBeXp9X4~9(&7+HL8Ihfa?)g1
zb{vCQSh*7|Gk#EpLAeuB?z+ZgHzk!;FR;Yj&vaLx@xNzyGZ@TUy{v;WGZ?kENgFyo
zPX-_iSkM6q?$T(a@4K{Q;7sZGIPgBl=WSw;XMzf7q=-4gIbFy?x+D?t-KDg81Xtl9
z^5IHM78muJ>s-z%TH6SYDtL?@f*dn<7(JV|ze>`HYMZ}G7Ed~rPNHQ}sXjlaRvm6I
zcI$2soa|+J&ZhjXy$hKs#YPVhN*y?KTYx)o3;#B8llpkLa{2P4ocWvradE=9%XGZ=
zxalKKVix3fcK{g>CPfxZUy<$}!bx}+j@XQ=n+nsZj7DmJltu||{IG-CVR8FqI_Z99
z=kEb3B2?VtNwyC!mqPgC7jJaADSCi99Nw0Rm#1(F@DYZ;9(i^xRK-(0GgX~wX)CCZ
z4uBm#24yEbS&4?i$fO^mvxzN&otdB-+7;Mnk*NwBZW(Xx`)BW;bD!1GmAk5i^|mxr
zm{P%B4v?6NgPRKFPEwMX%1<QaGRZQ?H}{4e+ZhQPNmX!PPVp;Ft33yxNiPKPuIJ5T
z-G}%qUJA|@NIgL}BDbCSej!ES<%$F8WhKn<q=xREXkuK8&Dc^uLY&{tI>j%elzExn
zoN;D(J*6b0viN?#{7vh?Qg~m@*cyr2dDzt+GkAMLSiL~<^i;`z`wnYV+?tz~J$stx
z$hlD=OCRdb5+HknTQn)T4;*RRHuWJlZqdhk`PJvQRMR6?+yd1^thAw3rwu!G*yg+N
zqcaZYP5qzqO^)MB%jH+LFaWVa7HEiW-ZWySN2z&-ABG~j#TFhQx|$2i2p3p(ww&g0
zsR8~y84PhaLx^2hSdYKEduI#c(^>s$V`dopXOrcZEs>@IhSxIwU!D#wGK1#LJ0^MD
zCx@QOs@j)|#6w1Fg=NATmx}wv5k?<L?1hgq=F!G-Ko2(#s@=gt?kt9EfaJ0D&^K9z
zyP4ZBMkj=JBuVo_FInZrjH3lTIfA2T%K8FOxe=J?p1ZwqFgkpzi3~6MkEI&EHkW?2
zi+;d;EVvjfzxucExT`Tq2BDgVG!CIWvu9M9=pZxg$iOzAG-^g6Bf*}92Xcu}eIe6l
z#mjey6o00kV}2RCdrLbKO`H7(U4sZqB2^gn+|B|Y*762KWGP@yIH&fQ*y$bHp$#pB
zd$7eWgb#o6-AjGGR;8QDp@TEHswg@QyDoE2rUW;B3D*zMI=);n)hq*l5yzSQazB8R
zXDk%3%^@Y0TYK(p5^>lqDY5-HGIz&$1`>7N7zH_88KA?*cE7+79+-e@EMrj2lQ8Y~
zEo8hG5Rz>Sk~y_W=V==|N~&a#%hUBhHzDrfR^M01(=&~*u(42I{pw7cG5c31w<iY5
zB~F=Ai=2KX>=avDxg)St{`5t{(uRmd+W9s-YLa%5SBpv>UCu5fZhMF7aY$F<RZH?*
z21wbIFJB1BVq~plZY$Soq1qgRWNCCu4QrH4b%?rbMUQ#uX>BXiPafJ_7NZO~yHxPS
ziq0+0!rJU}ZlR7yQNQ1v>TZoHSyHUfOX<s6Ch^s9qJ?!*uSF=)>=KoWONk_cb(uvD
z=tkw=P4t}aX+~v9U?8!WvWBE}O~hKJbph}YPusdCe<}LUSA6^@F+4`y-gyr&C>t5!
zdSK9<?YA_Eg)1z5^tD~{8COx8(E92li8F93kq-ZEe)k6sAZ^mEXyywUp2DWM*(oxy
zLfXt>NXNh#idBIt42L3LaAp~yh@8F;`xF{uj+oqnd;wKck_HL19gO|VN5pIBYQ}=t
zxvbU8Ne7+g?vF;c@`yFilM`9#`zaG*H_DFL9E6(4mH&+zeo_Zj_O&O`m#KdT*PHek
zzL(feh*)t$sDV4>JNzM;0IAcvISO9LH!5}}|3y8-g__HG+p&>n6i0_csBh!9;%HsB
zG1WaGE@<hWtYzj3f=2d#jY!^t+LI=P5JHqrY#YOHbujDy&!{-8++N>qAs4kW<p%CS
zMzoywrE*cRRH(90-cN14M5xm8<u-N(Xmfqd#3~mF=o=b|g8!pa--3{ozjt}~bw_zr
zjM}xrtYEJg+At_wdpGNz_}jy0Jp}u!A2U-h;$wJgx5qR<l=}ijRHmif9s@H$GWe^+
zS?p0(ww{Tt{rvjLlB;4TWZn$#Ed#21_yV<XI!!owv-~!>$co9T>F`z=D8F6y4}@s=
zhc}{YmB~&4nFU*Qkm*dEVlV15sxM(Mab>l<0>rXw1@q)5mGZTA)KHA80!AYEJe{ZW
z&H4T0vB-*{zvBnUMJ(u>P<qdc#{hi{!jQgdXrxt{bWP)eYRK?p!9l@x;O^xVBI)<x
z?oDy(GBHrWh=DK&9S$JHj}lhR-RI1dR>`x{^RHgrf4uo!GT(@N{uCX{LWY75k`q;~
zf-Il3nnBvO7pon_fLzH0%Yn*{+r_~c4l>lcvC(rcd5QVdO{3NOg>`k<to*bku6>|Y
z_%eLYph&zVP#{>d4t(S%3nnrmxX6#0Y~HR0W?YneA40XD@fUQb#Z!WFWiW@MNQ48t
zg3W}_QAzpf!>6qdIf$-bVaUCL2*_W1ykwE_YtfsgFD2Ihx)q+^b{q=!z`MWY6bRj1
zhnV0Jbo^*Ua81VNl>QWnPBj&**+~G3;9C+NfPWZ;had035t-A69);rAv5O*L|A@`$
zxIoN|;T^N(QW7dTl)#lGJXi}=ip~W7cA(24bOxxyu2nd;7l*;G{IF;aSY4ZsVb$Xu
zi(%E`9fLx^2PZs`zy<pkeGq`6w|~*gzvzkJ06Y{?Db@+lFF_>PX1EtiAm1kuTRCbr
z1eMJ+6fVQTCN0^fC;<bChM*<e{0(!u3pZ$Vy9;%C>wGs9?UMC6^SdF6+FU+=FDYmj
z)Z_uhbcJl|tMh;}FQZExTg;y7I}sZl^6bkj+7^V$!&)Zr)#4`_yf*p8q8i(WsH6)l
ze%oj+AKf8`mq4oU`5+=iA?c%Xkol?Lf2njz@TlYc)S2U=YS_O*Ok|?p`cq<_GI#=E
z@?#^mQp?c07};l?#qnJxpVzT6d#X{Zf5z~vuc282RpaODV7AYLcD0v~ceqqkZ-_9w
zYplaG{e}#2ynENCU%0B?tNhy5rl0h%<(odD?N7#!m-6nJrCxEj$3UKaK}oS!O}{8m
z&W?FsAb#+uP-jZ{uACglmWus)79PvQOXG8iXIM}9)*t(dmUGo#;?_c0wPaVfr4qLH
zNR`z?L);jHkUyD+f1Q-^hW)#&vZnIe>1+@(sk*<cuQX`#)g4meINFrgL~;XF)Wr$3
zD=Nui85dPihf_}~!i{BIR0ryd+pU;~{{OdhyDLh%nEy(_;cE-(l7uS`rP?S^e%3Ci
zevma+YK()s^~|sRvcFzV>Kbf7ci%y=#$dpc3Aw3K;qxmK|6S0~6%NinLnN-xw>XQ+
zf#@nGey86(?v>{zm3G~BVzG{K4Z0kiv&fKW^v@xNa>e*<6hyjrhofzSxeY|GW3PC}
z#aF%=2azCIXm{_eloam1z{+1r$HKnQ2_fNh@5HWSZ2%XWZD|Q@Hwof^cCiq#7=-!9
z{p2-|F`Ajjzsa{KiqI#pwUiC?$cF)WsJc6BLwGzOV2cfLVXgR<s`$vDq+i%mCXB#Z
zz|Y=Td?NV(ljp;T_@65g@%CjtC9_}fwbsNnVv*pE1jz3wUV9YyE$Nk_f|kfNVL!Qy
z&tr?Fm@bGkD|fug&PMIwpUj+MQ6Y3>gr$0QF&fRCcPMvlsIE?1l&$<>c_-6kHRNws
z1^Z}9X$VsYN}g98R1h4f??0q^)5I>3-;__@laAiQ?#<V}PAZ2KCbnn6t>R!secgo5
zEll+H`4U-Jktqr%NeN&^Pwni*1@1!;d<Rt|-Zx>Ma5&PZDAjAXJ0i<986yrX5|o7*
zbQ776=c9vts=*-*P$)rVjX=HGFqDO0%8z*f{YnJ%tryQ_%W=~^RJ(qi0~Ky2rLzYC
zhX!dTNcB!bo!=(B0DaI<B*!}iG>P@)sizbDiGReyw+3kX2aQtZz&~Muw)8*0hH7vR
za0Ue?`uC95x-jjKfHrz!&9HX3;pqG%o!$P@q+vW8(=zr#(~N|0`Uy6IB~|r+5l9M4
z`7|G%<2|`k4MS$j2_JkeB$I+hhMt4Fekx_gQE>^S7G`IahH5k8_!wB7Nv&k7$?|_x
zppGx($G-A}lg_-j)9G!S0PhU-u?l8X#AZRf@_?h$H!8E;HKanCT&V+Q9QH7;_v25!
zZfs$(!E8<m;+GJ^x~iZ#M5UL2FYhU*`Bx7xs6MX$1^r6N1-d4=E=__o$sz(d6|<oE
z=!&hA_ZObDoOaXN)ovgD<*D4|r}>)aBM*=-_(frmRbI81gU62XGZ~)SAJls0uka2@
z=|lFcCD*jQ^8@T3?8bO`;NE$GiI>)bkc0=h6*<TgR9`ltETnoh3DB>^QE$a3D+UzH
zX*elkrE|(@4?FuC1arSNQS4YPZ3BEKt7<ta(LtkNn!+9_*cMy{2kQV_F*>skujQ*`
ztTcEH8jHFmJ%wa3m_jKC9eg+|zj9<_0!a5u;~R`zX4$<3u)N(e8K2hdpj7Kqb_Kw%
zOG6JgzL(Z)%>08)83|BNQ-8G%{8PXZp}H-;A3fXk-FYb8_J^QOUlnC0Z5)XGNEKYc
z7S7y@Sb_K+M~)qqS+=p#Mmaozi;ezg2PClWIM0WU06$S-sc-AR&E|a;YL9AQ5_M`l
z^4u8bmyuY^ME}VFDk9LaIf}e^J(;TtoC6f!f~KKGT9P4tSj=ial7Tv$wCmzTG~vOC
zq<3RPf(y&Dn*$(A@dw(KhnYZa1`Z!xc^;Z;GCb(?s2SRZT-6kX$$aZzO)zlzOh?p|
zXgN+|Z6Y&d?9F|t00ODx7sU>R8NkjQ%RpJJ8N#*jmkHP8%9tY4j*QalV<K?y52niY
zxQhzNh@uJnOV=OM{?_BGogLS}HWDt^pwqSNkth_Sq7?DAA|Dfn8C`~>fXiJdfgLkA
zX?srWJ8Cc?GOW8^h1)=)D||R<2+k6yciU=zX0#}8gDv>7jTSFJ%8TB&)Q1$H@mU$p
z4&55@cZekzXc>;h7fum`EA9H2UoX%tsQjBDae3&5E9~5&495ZMH;LWV^+gI0HK;N#
z97BnMU%1s6j*0KCoyicaU&uom&PVcJTwSZ8N&@dOj0Jt&ab}4)mo6=J`Lbd>Qh_CI
zDib<$r2zY;C*Co1I-wo;v)>2~xf&tNH`k|R6FSbrU~$Bgf;!&ZE=_evA=BwHLk>>8
zekG=EcvlpLM}i|7f~5e-IP*0~;%Ril+OR5R<N_BfgeyBZX#gi^$y1-}Bg~)|pkJ6`
zb;2?E*r5(Ukq)lGXq^=kWIpT%1akIj%nyOVulyz0xi^x6*$7kk0f<e5W*rX8{-q@~
zUdq11VdMhFpMiyH*=s&{0`|m_`8ce{rUp&h>n0|<Q)s!H_k~}ChRwfYrjrNpDc~1?
z>sN*yLi{30In^45W`!^?qRuumh~!dE6h;}3kM7HgR+*}nwH4;&!M7)-0gFvVmfo+J
zO@(vq(nDG9_-xDU1}iM=fBNb&>I}Gi{7V&P%zWp}p%mWd<eEKlOQG0H?2j$xTi6MI
zWHHmBJGW2G;Sede+8JdQdF4B*v|k2pgl)JFr7oG<#71_R$WG4XSuqXU3KlXvUJ;{Z
z$Df}E)1(d2n76y|Ph&CT0Qq=QHw2hyOFSRL%ZaWqa!=%D4_$I0Bw^B`A_%{BT6&7X
z<UpdfLQjKvS<DMuo?2IV*xmsb*=w`6L`f!&OnDUDvrNa_a?;0jOXVO4F+0c;g}+J8
z)9Ok_DYtu#8XTMD-U4cpeL2-bo>p~w!_WcvQ62_+AMLZk2v;n^UK2m~2KyG|ImoJp
zKq;_16f5eZbgO|TH0P03qi*i?AMk@<(6G%YKfme26QVevXR5hE@_Us1%nZzm8_+>-
zWuD~V0~chG9SFHf4aet%IH#MIGeT<D`C^3S**-YJpfidN(U~QH1U{9N3oBIDN~&Xa
z<YDB0z}_(d)=h4fR^miem{&D1C#x!p-~bO*4CWP!{!EDN)V)tWS3UryY|@wrKES?=
z|GVHw&q^p7woR20Hn$r5Lvu>){xqt=F+gEAD^i{n<0~NmT|^t;eQvU~w0uXfrR)_(
z@HDYU%U}S_6EdjsNL5dW%pd4_&KLXmM+^zv+o@s%E_leO0^XZU&c)cjQ!)=gKxqW7
zu$Mj`E%1V|^Nr;dDpxvbKQ`|5N(u@5t(1Qf_RkN;O!QVvxe`$R_gwI|;&9lF01Lv}
zhd=iOkSpeyPbj26(QX}fNZEDc5NA0j2~*maSBNihfS0<zxe!!wUbhHe#nTtOFk2>f
zAJALjx8)WFSCB5th>a(Q7Pxx4B!g}JrV}N#>m62jWK_z!e_r8%1*fNfLbw$^`wi;}
zo{bCp7yb=5kIqe6&pw@?9(1mEZxyM+@b{WHSbO~Q4b-e}xe*}_34=XWJk>P3;Ci%i
zqasIR{Jlhp(D_2QFImHO%OOM^2j|DJsprQoO#-%T<6QxJTLxMuHK+K%Uff~F;f!2v
zwWL~N8*cMG@Zo(AUFQIF2m(@%ROR2NFIwJSRaBS4)0yzZz`-a@+1TZK#Pzb8=}J<c
z02QwWy;nXJCe?=xiW*L;PxX?f9^AF_ARkADBqH>2ik-ji8IbNYj8-7$;HKIr_t@}c
zJFgzXKYQ9pD(acSUo1K{V<Qby<^$B&F$tT*V;_CQv=3F%$Ft$aS<SQSCq}8<oSVDp
ziRNo@u5@6YTSbKwl{H>$Fvjy^+I*Vd_T?4XVay{0?i-!*h<hRfb-t~8TBN{eLo;9r
zX`l#@^bvhMyE1waZ_->_Y|B}ZKYX<UfP~JXoL_g}PMBtszHuv7O~_B2&&LJn^p1;9
zj5~YX?fyd8Q8bc*_U5mB19OALs~be0ikL&63Td0Z{!Ey@M(&_?m*80M^KO+Pzy$}k
z&hR*fyVC^24>sKOZP)?q@<|@CCI_}%cT|}eppmi9iQ&f;Oh~X&8G}8@uBJ!$S)km1
zcNGv^ow12ANV|jq0786N)6r)RlbZrz)=K59({;wO5U%xAW}o~+KbxjGBUyUmXlbC_
z-`@*Ve*D^CT59Z_x46#y!cV=wlEzM9g8rNR*TOK^EpBv^M^q~O(*@)_qi)8PoQm1T
z41QKQk4f3Rcgi|>e~J+!{KVtaP~E<d!ps(%-F3`y%hT96qURhd_oDLr>VkZ+H!1A|
zc)%)G@PSBv`Y|3E;Yp`kmU|!P-tG<#);?EM$irmlfg!^{3#Zp@6o7~ZL!nnFqwl>0
zIShX7iuPqR6KBU^d^D2-`G#RGjB&uJC&X|p?MpV51xUmZOWP#<u^223zC&OK(WFSd
zelo0s8|KR4xC&OJ)hh~T$F%P&BDeg5HOorveWQ*Vi!hU^tswJVb7`RwWJn}zYx+d7
zkqOhFu>W2jio)Qag>nY;Q}h0+4l_W#&J5n+#0J%^z2su-&{TegYFv32zoI(*VnmVG
z@)LJeaS+VD<vA&}#SiQ=Q7s9xXW^pr-U-35P9p=*L%yh}QFD(OMe1XDShf-lV@<`}
zMWdduU%7Kbr5_CCyY7<{e<k`<{%Id^Qlpil)o^+>dgc9dDCdRQC7W<ChI;a{L5DP;
zSIv!dG3#CB?-S|t9P{RzK1!g>wsd1-Y{A+#r!_WXa)mZB{YiD__KPKv-hq8Sc6l%9
z?o!8nL4UwJ)Z<al(FGX0AGnMA7k~W0YKeA-x1YaJ-qU!e_AYW70kRW2b_v9ld<Oem
ztvVg$$$P<if<e8y5>33Z$mBS~;XFo!Vd3}d>`%&-{lkG5;E8$RJO^AqrQ{b|`@W~`
zFZ^i{&XXO9>xu23`HWb%dzhMp<b4$qG{sWma!;xDXsKyRKozxbT9qrs4yhRV)X#tX
zJo|i@+<xJcGww9RGVUBqWegC+BBYg{k|I3T#mZ_A7AJjab_JX2$QdfA3TDYt;X0`h
z&pODIGq=z-m6ELVAU*k3KL6^fV>g(67ti8WU}?iK>U2Ee&f-Q`E2nb1V439j(<Cds
z+-`m<*2KfY3?jtHYKOeNad!TQWO&c0;-%HBGUWh(4bP}}&Au6QWVtVVXZ5>7i*GXF
zAfH8_Zb2-~iZ`DD*}Z&+k)zW)TVhC|EBH%cTK*z;%tYo3ER=-M<O1z@l;`!-kMY@i
zyR{NGPJ#K!A<HD&bEihfaph!dqpb7e?t1Lh;d$Pqq_oGNO9|-5qQXq>u*)mguWs&q
z8m{i8Gf0=7^_6fs-%_aw;n?>~?E}D^lRLg-<!q@ma9w;=J%zS@WO_ro!kR_hG9ti<
zO>ncF<>Dl;dPrOGl8O9awZsYiS%(w45N|kwhUyk!SWN(7!_>Zg80zDQaD^n?(SP-4
z)$n_GnzbMeK165mITP4x9A<67=Suq|cc-V{H1-EA?}eXLjz_h;y|<m8r1A<k_EoTy
zci(WBWt%31VZ=(6rje((7WN5?7r7ARmD^1!mCgN%te0exr9FZJTV5U{zv7zsw^k7Z
z>E0X))IKYgNU+Oah;c|b1a_D~5LZ7qm2j-GKV(93KCET5DQSE2=f#Vo5w1h~s9$*v
zif|b%3K5fnkq#5Oko@uY0pDP}b`ZP>dHR8xnD!u5wSo?_>ridtp2ybjsFM4fLQ}PG
z*E_j!pqcm7ISxlM0Q>4<9K3&t8*_GbvHgc+WZE>QSo9+Kpa$X_h9=fPE-OQdvLW><
zk_Yepi;)M<kc!m6ioR@+19WeR61lw=!p}Mlgar+xCYL$_3vEg0we}DjWGT0;M)z?G
zwQ#n}w7%)YLBW_E(ZAuu4o^&MVVA7qSMM~4+lIITH_&5d<zosxx?U=F4Hw^KKCmd`
zB;Wm0GQNT=o0U&clc|;{P2;*LP@l84w@k2|Q(Jfy_rW^8Z%AU?LX;lxv=wFOpp9ZO
zPGoe5B&-0#`qAc%c~wf>G@%SG;=8T0FWn~Bj>~ykM>S)*<lG?DtwQBvohAkL2o^0o
zxxQzPQYLH&z>8Em`U7p6sm;{L$5bX$Gt4;D@N00Z#Cdg<5BTVe^|Djy54Ji#n58Gq
zkb71N(^oWy7Y+NNaUVVF<$20G-W^n&0v!J)-B+iB?2FH}q|kRsvZTCxzXeOaHSQkb
zceUe*78t~tbn>1!q<#1gVLABE^bRX8h=+j*E71(zX~gGrK77e5MjsLE$yJpptG9)p
zg@!!3_FC@;WfJrBVFz`Bgc>~pop?P<z{s<RjKy$PpJ$6HpIH8v1l>rDifgw_wwmn4
zC+&HVF$c=1LY++-R&$O_JDEf?Cn<`@Z|)p=HRnaE=xmj!rtR)pBg^jff1C%EVtNR$
z?nF`>@#y8!aIqv2u+pF&tk?w{C?@w4zhCJ8S#+-kvREigR7oV4&u7P5otd;EM`SfO
z-c9|I>B?SoFF3ZNs@R7263?~6S*2db+2TslfUkn99hq+?)b=tm6E9FH6~vmWQsBtG
zY~ngKzmNZQ+nJ5|{Oj0~x}p%(OI)5UyOipFuM)KMbZlntBrCPlUIWo2Qmnk>W-3TC
zK^d_}G&Pc-%ENv_Gl46syLbYkr^XU4x6qGWSC#S~mUf2j91nBs1pg>0mSN{bvG3J6
zdDUooO#Bxa&NF^OGp0~>Sp(Zr5|7{@6FSgYrSRC2-jXU!%qc9CIhe`<js%1!M}h34
z5Z;{7mVGNMTjWAER>!C4(2*bixa<jXDD;w3(t`T!Nn)*?u2pADf#>$Ckl!}jBk!__
zW~wJ;aCe*q9r0r9rj<aAQ1@?unUrjE;%Gy1(X1bkLOj@}w62iIYs-?y#-^ijVhJfw
zVLPf%zhymyc|y}&lJdR*v<k-7Z9R8+#T7JJMyf7!OAO(QQ?Lee($isM{z<8W+)Y^%
z_F!P0AtO4L&6$_PIiCGru(>;@EbeIP|4fav^sHO0lh4!P8lS5}dYR^|>d(yZIMd*w
zRcOv7prkEq4f`~Y@|vhOlbT8gWl~B^{aj7le{EY9_`zKPE?Mk3b6plmR01Ed=+l9x
zM?yDI1AVL~McD?LaA*I@W%@;VyPR6V+a^1nRBoKv?3{X^pYsUhvD@ezr4`kwUp!hg
zFxWnWHP?Q?H5XdNN^8AU)v|WxQ~uf9UFAcBK2d#l=9O_%K?`d-MEv?zu${aP-Cmej
zr{Loq|7YZ_;&<r$&2}cznEoLL7Vo@TKf>^y_pv#er0de*0}+#szrw-ffH_APDpuSQ
z7WD$w<s67vDu05QZfTRyoZPA=hA?Ge6URJ_bcixtY7^V>!PYu9fG~ysyEAyUoQ(6x
zY1w|pkcWSf@2u0q_^kJ`ne}4b5f^_JFWqyw<GS(Onc)nW(8wl=T;k@h4OzMjugu04
zKlhb5#OvYEC;eHJ^2NI`9!WMSU~?{GIdL7S@0GFWTRrIqHpc*&^O9vvkn9rj+K_Ly
z%g4&lN7NdQ>x)fnt?g8?ZEh@=7SsOtBG~=kaG;X1t+yms?ANV|RzpfRa<05Y&O8yl
zEbV#axeU~opn3NzH)SU~qgi0iXY1{X;+ThoJl&+ZN@hr9)8$OQLC@~~M4)Pc0e0+2
zhK>|%qSXeydE1TUTA!}9_$I~rVfH`N(p-Jdiv7-tKeJLPHi9Tbge<c#aVOM-4i6^K
zKD8#8U-xzXnE1K7#Tgw&;A}e$D{fC8M6^8$H452)Ml}yI3DQlpHNdi;;39QtqTp*k
zP#{vXgL*@!BWqz@a7eBwFLA8sP5InO>6Fv?>SW$0(IoeKS@xKE1UKUAJ^^`ykWQy0
z%dJ?nHH{e@3(|SN`cKW=RmcBoYf+k*NbrqTehJo!|L_Gpg4&Jl6wSu?R;B;rjJ223
z2XguY>TWen>JTc?^9{-4;&<F~Y@#ff-V*h|uTidy_5XPjkwl;q;;#N9@f<+^3X?04
z2LE81=n+sP*du!6hH~lYE8y>UgucsG|4_>H2zo=7e|a3`idw3Wm;FGzN^JE&W2Q$k
zW!M#hiEV_qs{rnxk%wZ<>_;@~MGW#g_5EaGYxl%w0Dn9Wa%Vs=(0uxU<&|}mKVioH
zslg+gLvxd_)W`TCO#fVQ!rRdy1i6x8lK!~bIokS>#*FA1Tm3*MguB8EV=n6>`aOux
z`EnR5WtZXlWn(FiQt|uXeb}OHvpO?edF#h+yTa8%ln7nTcIkyE!+k+KflI;RAhp6~
z)!8kv_{Qiye8X1FX!|EC^A9)P1E>?OU+w{lc`2n@xN!}-b4DFjgFpqvD|=7*T&ulO
z?}ShL{PyOeGVuTbQCl)~$D*|+>deY$#WCg9Y2^v#latc9`<e|tj4!lSN-SQm?GjFj
zR*qBVoI~O+>xD}oG%%=tTr}`B!rgb7aGvM-;=MzMxg@(;Dm1w!qk`~8cOm{P!w%Um
ziwiqacUf`zXdY@f<Oi23pME<}o)i`B!6O*?j?~EeWnSQ`g;3UD=ZpfiAcGqV{J^c}
z>bu`2>c#Px_eF{?udYaLmOlH?r^`g$2E1{QiG7NhQhhrRa#*Z=6gigEcan*(UfCJf
zcDjg>>*t@~H>Vr%bk4ZaqRB!w%Ud>Yk=t{_cLehIH|^@h6Vwv)Eg+VC^-6W(7E`I#
z8^`_{?_%B_jk;fSq0T#PtkZS;avu`Q;zu=mZUSfCf8lY{$!3V_L0RxfuiNr!Ye&?&
z3#or_^)CJZ<Kx5BgwM|GUx+R3WMzE3>p;Qm@e~_jSk6jXePbw0i7Pl?TcF9xGG!aJ
ze-qf&CGYoCZ69({8Tm^PP_%&eIs7PburaP!QQkA?z3)R>^x3Ac9S1z4{*9@5)BWRC
z{w;e=AoC!hVO(0GQ=Rr?^V<@ia#dPdI=Z~cbLOkl#kyhY=DFa!A8<0I@mx=0UxHVr
zzP2xDdM%2s-AP|HVNB6CirQMT?InreAXKNY+enQt^b`3R*(<sBz;j_l@&%lnr!b9X
zN;9(czrdY)9j3|CQQ2oyv~}Jcf2+8RQ#3|XG{fmK={sL?Gf0l@Xy;&i>D4x#RC~wg
zTkYlOkntqvUK*U&azRub>-j;od*7#M|EF1R#i|Q^!6tpgY3qphwML>)uJnWR^9Gnz
zk~zV(DHe9G>z-O1*)CR9@c5vLSx#`^mRyOwtyuF>G@^d7{#x^SP5hwU4RO^XAvotQ
z;^~{?llK4NIP2v5eLG|UKL+Wz;|4*=6hp}(YYe}ur-?SqyVjSTw`sX|I`5K*F)S`^
zhnUP|&x_2_a47Fd{`)vb!t8};v@4fx)9Jy)m#{=%Ww$&P`)Ch{j&r3OWAk)3cmme>
zyZ?u+w~VTzi550-*Whjm?h+h=2M-?H-QC^Y-9nJyuE9=l*Wm6D>_BjxChxu9w`SI?
z#gFRh+ETlARX2V5saD3Dr#YH@*QC}1!1U_!U+r`_xS5?)COFERsJNwf_bJaBnAx3@
z3xoMa{a<)}LPvQe=V!w4hxbmtjRp0O2lXq}Zd~pnO<M4C6a|a^xgH2{`Em#Tosob(
z^<Kgved9^rE}ho$S4P5-MxfHK#Lt+2&=OzJ=XJa8^7`jG(>j*<`TFjm{hMeXETWE~
z;@X7|3dF;60))A!U4H+XM0Sf;AEbR&?HkSgzAk9eNjl*59C6P@HOdlG=A5FrrK0e2
zql45E)VJC)H#GXCSt{qgdPrA-MxydN<YRf1YTPCN$XxU}kn~A~Is)eJCVgluuM?dO
zhX0bOi=)RvItk4L$L>0zF`ChB|M%xH0By*jU(`iuW8nFVTuqW9w7CrLCi~-Fg4pqc
zu^8U%UE9Uk^q*1$zsml|8_pwf?d}sMhtaRPT|cVgVye0##^FMfh(CU8)aaj-0`g?y
zf!D^rhAd^bwa)cs_(wd~`D=qNwt0IeVcY$}&h*3Xtn<Rksd1s&bhGqhY1Ej`nnIh?
zHPX;c%L_*uc-1fR2Dl5l0At2CaDS>wa&r5<a6j1{*txV}V8Z0vl&CWix6Jr;mGLVv
z>?4EX?L|yMe7MW+&(BwN6eQP<aAoXBWpOv|t1oLWmlC<R2aMbE0U86Lz|+?p_*OHe
zq)hAu*c?G-leDM`lsx2f$cw+*YlU+c-#=~ixPbC@`XWNL5vo5Jr~YnQ_Dv?8^wR9Q
zesF4NqZ(y!@{g#s@tSm+D?3$?6Xd^ScRlhG)R<(*H!b__OsPIS{#X)q87q+6yOE{m
z^WUW0=9OQnAv0)!b#?KBe?aF?Ati*~^(ngk({yh=@_#el@snLkp~Q#J&z-ds=o`x`
zhPnCDNVX~rz#yb5YVOM%VuWIAb+z1PU-G(ij#fJs%mw5l51ivx#YI5~_Pc<lclJ6d
z4igWr%#mt)u}8<rs>tvHSsD5M4o^9w4><*2Pz+p$-wBfn3H9-!C|j@#6|H3yO=Uqn
z3+t=gr|gLhgmWS$0~V+smF~e#{)9J4^2!$XXk^{5K1V~Bh&#tQ)Qtr8de(OBr&^N=
zA5q%cHis={Lq2-zOTeF1D3UX3oHDg(nGdUZ%T~`XIW@&OxvnQuaGWi7ufK>@-0xJ*
zU+$DP>fQ1lV9@H>$5nLeOBE*`89Ubu0*I1o_62Vz<H0Pq`@mhoQ4r8^ZJHA)TVzck
zYo8&^{DzpUC~>5!kcOK=v=lPlK;SL<@X^8WY7|UkQh$k>M{wsVS(?~wbRIi}OHfe0
z;)b9WNh<oonjE~%OF(J)@iXCBZz?*Ep1Pm)DI5n2#)9qcB>FQ{;$8zy$e1xR*uTR;
zbO<9Hdm<ZyJ)TXvfXns9PvtEt$kZW++j2l0CRXA{!qdGq7iB+67wok=2tUju?(K%~
z9kA*8jI?j#8ksn@W(+nq>ySjOa%Pg*lFoi`$LZv!(8598(8&MvwR&0Gsc9mq;wDX}
zs$tKHWUu_!6CgbM96qrf@0^xK1_WcX{qLWQ!EYY3ywxv$B&m`mlPKAP<YmlQqWf%j
z`_)<heA_bn^Qg2UnpOk2D$zDkTK2hUN~YDWy9_4$jK<&0=+FdG_|^B;!qo~QZ`e2b
z?7TS4qU&^EwG{7{mOWL|x`376d)nd4ND7r$wU>B%MHGV2gq{)L5H(p<3YK}Jn}Ic7
zrrydZ;+6%dsM9z*?;rR9)?1`8O!`B6v-0TeEFvwGhhHAhGf4!jQs&P-9o-A)GMA@)
z80nHLPh{?)zWkpJSNamBm)_4Q1#X<3pCY*`v(gpW$tjccuQ&PQ5vlm3(C`j-pgz|h
zwbg8-aoY|aNM>*EXr|FiOENy2KK?1rZj-5B3-(;+i!-nK);o8Bv%Eu++Sf}oJD%eR
zx?AP@ox^j!7AM^61}w^6x#1pH0-%UoPUJN4UwI#8r)k~OqGi6=u98>kd4j>5-G4s_
z>9Ccd8N>Irg^>l$*GB|H<mY1>ov<EJydFM_6%<1I`Pl#wbAyYh&7^{8&ZjTw*0>YJ
zBf!7z@;$D)nkPCOzkvLZ`S@jsy#DvA<GmOK$p_`Hcfg@h(w|aL+oL<|zKV37FRh7!
z)mxN$o}b%Aq+edXM0g7N>HPFA;`_6I{`g1}Xjac&*_KiCQ{DX0y^gKslc$#4UK`}n
z2cchv9`DXp#=^ElR`TLL)_l!um(dbu>};sf`<YpR>$BIP2N~yd^x)dnfmKVekr^2-
zJXv|rBs0QWV{sz<`mO9l-lROQ>B@nsE$45Pd(8h_p~eMpdN}et`TBgUil@mdHPW}Y
zXq2gy@3z;<3jQMXS@fP4C(o-hPBMOp2c9VMa{XBEeZREUm?=#lD3+)!uHDB8!gETm
z`$V$c?l1I|n8O?{pCtIhOnE*h$c=IqLeclV`49bXq+tJ?oJT0#WRuCV%oMI4-{g&#
zId|v{WpkNtNVcE;PA9a~B%kndCD-p`H!ft{WI1ZreE1>t;O7;WhpYU9Z#YkdgU(t(
z#JZmol&^?9e02H}?^_c3yG)_};J4gJmdaEZyKSlCbk~O;3y&HG?w*WA3a<a_$Hx#$
zu^5I$Cf?`1S4Xk4?9Tt=;e3FCb3ep=oU^RL`E?bg<Rqf!<NvXx4Qhl9BjS=(7<>?0
zgmxBlD*rzo{>Xr9HL#0Np<B_fkZ*d;Ye0<Nasr89r@#<5AZo7drYMGS0@z>!fY~7f
zZ-83???;mW??*oX{6g+6D)8z(I)<%rM{+tIEx$~<FP(8?rCG1u#f29pTt}c2A+$i;
zUzembnq%w9QI2&<#f$fw^nS{z7hy9)x5mU*88^)T=s870$GWs^tHkU-WS7%V?roEH
zlZX&;-@ftWJ<-B%u?^11MjW$HgxgzAPRTOpf;LKD8bR?jR+Fetr3d7{V=W_<?_Xqo
zJ>uDKQD5NN&2(W&^?OM^Wn5G5^YYIMIY{--TaQny+;h>-9OnHYSc=QaXAxh-lgwsW
z+m(x($>?YgAvPxy?pEFVu~DttE;%CMTSJ0#_NayLYf^M@fTwOPzrg;1&NiXuQmv^t
zw)^|__)_hReayr-aTa9)VU)S%Ljqmf-xZH|<Lw&HSbG)?F=LWVXzX1mh4RE5gra%<
zGM(s8k5uo>t=SrmKG^)wMMe^b60>eSyEqBccf@y48Brvxz1E-zj(yEfD90aBD-d1;
z?i?{>1&L`%Ll0bV`j4!zFF5J9U4D80QnnH3+S4FzF%5CzZtBWq{Hs;CDE&<Fv1LN$
zzSnIL*;_UQvZnB$Z=PT-JLVEi_SmPoYM@71;45$3j(qH;v(Mm?m%?4^_W|}O3h?dK
z&XC4K9CPXO1>6n;Pi$8ZDRu$TkNH_;9v?K?FPj(p?$aZ8%%W1dKJ}+hKXiI(j^6Dc
zM`oi^*?o*@tvc@oM<AWC$SiJnd_h6?(w)*<=wg=YUylNBGZng0nUs=0c_&r9yVLaY
zB3K`L47%w`D}+*esKYukzN(pa&k-ELcA|top>0ckqV=>nQA|a?E#H2J$zZpDnaHm8
z-OGwBwRmU5jnwP-l3965JK@?5R@=tA#U>y7)N=JiZjbkr#N3mAob-22syI1avBg|)
z_d)Z*OS>6AYGOb!e`zc<X}j12F1c>MIEV>=MmA0XUgj<rKvV7k8mM{cLuA7K*~k)l
z8J}zxgg_Khg20IK3{2`31GS$ion?>=U!F`BOpbyG;-`uKH#~YI8CwGRc$(z+NWf*~
z#WFdHJT&?w=hK$kt+pB5R&pb;M=`l1b$IWtsyx{-H!EXVmgwxWu)gXap7&Q~_eov^
zdVQ>M{QttESEHxA-N8>Y<i)=$7r1$cl!Mcj+4Gcibm;e3oZTUcmG}d=Z!4h@>`$Ma
zT5fubK6Fj6FrDLNGT|BSNxq?@4V;2CaZdj~<Y<LBz5{o)<J**m%Nb+@nd;1#N^Z?g
zBPj|F(XDFa82y$KknzPnC|iD=Q-bFZ$7lD<8`^~x>hk-sq?kjQNA`w}YLuotD2yrz
zx@zxySN~yVK0mY=y07RV<^L`Jp<Fwao6H}Co@MmnQk7p=-43v$D~k8)BeQwGu$;}o
zeZILO$Lxii-ELjF0n&D-K@2P``L`6k>o>)eC(2bzd?QTgmcxI?CTa`rr~|a828p4c
z{GWWGm%D0Zd8x^7tt>&<?x3;+#bj;ScVMHlFAz1@WDM(~?wIpyhor`7v3Ode?kGnZ
z4}VMN_5YU}B{c-NQ5>8$fEz`5Z28BH>Ta%`LNJLbq<(`G1~tMn2Db_6EtlXmGk-U9
zY^>)0)4+^72{rL$FIAU_LN@jVRZ~=GSCn059qq0~U4v34Eyw68cOz7;i*{o}BFisR
z%(T93x-!`dt689xT;?q5MWu~_aY7@s{L3DLuU1CYk>`F6((@tgw(fWSj?4p94XgZ2
zSEyo{ls&|>-!=?o9E~DMK8(8ekHeks#Gc#)Os&k{Yx)&@jNzrX6)NtiP?|o{2@CN!
zY3l&-XpBnd{n7ny{z1`|WtuDpl>;suN?<dFg!ixV=U&@E65j5ZjwHJQ7%t1TKy2OC
zZ*D79HO=xvG=xl4{lXrS#Dr-ces)Xcw2fxL)R)n2A##mOXw2{gz4?3e^#!iUm;JxB
z$0`-d+E<slsbYuK+jyhtTjbRkXK9@k4BKMw%$%!?k{;&et;ioZ>yiU&wvtyjenWZ_
z&pM|3P024d`wrhndjk+brHqcUYA-9+Pa;~1V!&@0Oj5<y?``r`UugU~6iW-qJi9LB
zQx7YlTwg+&Xcop9RH-IetPEZB`{C;JnCeRV3*$6Lwa4q{<m)va<`d{A+cFQFg|`zo
zskD?5<yj5r&c58<h>)k!(bz1^`iMi-$`zR_P2&C!Ke`}sAGon;IzZGY-wUS?dxcQH
zGV|AVZVC5)2+|kHGy0wIJ}OlOB|SYqzq;~gdkcaK`>sEFD&U`q#h+m(HCpEXKLqLB
z*APhiR9TV1A%Gyon!wqd7AIOFxT7r5H8JrsF*m-~&(fU}G%uqRxYfaQt4=ctq}Scb
z@JcmO%Q>a&r8jcVf1l2lc5P|6wVqNS#SyJ3THw`x6G*p`Zfw1j9kZZq*EMqalaoT@
z;ddf2EO-*Q>gEt029b|%w+4*zGH;FswkGK9v<9@NU`b#Z?F+EYB#noB$d1%Z6Zk-@
zXwQBj&!ouvAmi_jtf@sQ1iy)sV&N5f<093sH=l>)mg~!O7pS-TF0S3YrnJ<}oGxLI
z9^gkKb;yP$L`AeMc4=atD)+uMVU}05Hgc|@;yAbsAl|fgPADuk$db?qZ?JVQ=}{`M
zR3#CoR@a+gw`EcF>|5~Skj-cT%hyEX=|HrccH;spY|2h#TIFKiFVy0ze6z_l@<%Z}
zJ&W@Ciw@!~X+uGGF~!b$JX4<X%znG^%K;nPrtWD`+x*&TKba_*0n76ZrK8Y+3We-Y
z+tSO_z2Ih_4t`3Xj##ywh_W)l*U?E0;g{z-bCS*U$BD7@**oaF1ss<QQitbJr;y;^
zyEp*w*{%GJqDo6z93&4c@n$veFdd#N0;Ph%gqV=pUDN<x3E*Zw0QgXx8u%OoK%W^>
zZl=Alh&2Gu*|-4EjXb~!0FWfPg2RNg_ZE9cVQWHZa6u1%mZxtxsuzG(kz7z?LJA{e
zP?)M?Vb%^>0lN<*Mh5iT!(JZBs@Y>=I@kcTVn7Q(K0d7gU>iFY<N*M!`Zb3|1f0&l
z@om7(lNr#&{Tu@m{NN5{JCMF^Ou6X}c<gr$c>L53NWo!2>gzKA2xce1gN}IvdmWep
zJSZ`_=t$*Gd{4OGJgg9s{_>DGX!{nLER-eICqE)!7PvF}3n<rpvyXmve6bZx2H3mJ
zKv>)q0|3DJaB&zpfS$7h2+TvE*Bk(=N&skl#KVM)e@X{POn`z#hZg^wy8wh^C?1OL
zK{-1f=*Qq7;1Ph{P2P*YqY!*V<Yp$b1EQzqJ0cj0{(1wT1bpWl0N?o{_m1Kezzwq}
zfk-;%V_`Z-1t64pL1RMV*(Qj8KJXV22MOtarhI?>fxr7=t4;q6%gsb+<p8iwdn$K2
zAs@HG_o5H^gaB+;1#qhiJ`&=fGks}bDE0rMfWn7s0KH^D53i^J)NqRkF!>0e4dah#
z5dqdf=fiylq1(|XUlaf~bU+-02t-s3phks0g<M550e!axbQ%NV3qa>v<X}2nE8dHG
z`7mHY>I0)m0v2>H60&*j1o%^6JPQGREF72)DnKxQ+ls^3bjt(CA3%`i0K$^gP^7K8
z?<jQZb0Y${fzc&3qTGb#e~+nLLn02diVwi3E;N{sii>oS3G-~2wbRugo5^&ovu&kc
z;Ri54G7O4?hyVk#fHR`NeKZ#q<eUElua|u%IX&T>PyW`C2_IQ8Ye9g=+<f9N9RQ_z
zMMDiGgaZ)GK-bWL)(88Tn6=ixr#`iSTN)N<@uW*&sKmQ~!N`pazyrpa9)O{N&~oNP
z2A~6nFM!+vFuM6{n5;FQfIL?JBo0yqx@SfWwN3(HyFfPK0eUY)0Xq6CfD{V>L-|Yz
zB#sCsCgdy-OtE83OtASi04EbtL)p=$ihmBhjzsvXr4JC2l@yqe-kd4opL;V9JUplX
zDR(M>QN{pRXu$poV0Vxdu*ZQ8Bmx07)C&{PAxtdD?zhOVWkdx0;08!<I%+64fGCay
zre!Z+Pa^~2&JPF=G!~?=C1qqn7ALUr2b(;Q1jTYNl>j}83WU8C7>~blFg{!W#|v~E
z6&>)wob<CeXanf89xz}ufF>q6m>j<ZAXJ_hz}!Uupk>|+hShK>5<shhU`Ry3G2mb<
z8lXNq{EY)fqXM$H7wG7k@YepHUJqyK5Y?reaCEXa`kD!_`nHve1^`ZbH3IQIvj8&j
z%^kq+7~q66;EpihPG)34IPu%&D#F0r#{*d0832$5m~=v5p78=+`2%~x>;Ua=0Y&qo
zz`s$;LETbhF97B2f`bM52>5>n_}>Avh?av9s4NCd)qMc|(L%$ZXafR(gyH|2I>Zv+
zD>;k;@@^N&&DD0A_5J7GFZrA(7Z13oVnLiJveLa6`d0r{ixP%;L`w7~kfZhj*`Gof
z24jgo@!t2-lU#Hdg$Q9-q8zd1zn0*4So-xA`0t7gEySaOJ*fUWy(LF%_upwmEXd-2
z5?l5TQUBS|PY9!U3H?ubf01E?zRka;waJkI%Kt2a=W?X}(^L4l7ejdDyW!`AFhkt`
z)#MELDZKDsCG7uH!liSfIR00+B})w@^RGj`K*MwEf6AwVu;DLo|Fdsi`GNA=@3-EA
zfvoz^J0hTI_w;`{fz|7OTt2=lto^TV@<89L|MQ7gF30%)<8TGgi|+p-=Rkf0y&Vw#
zwu+C4gVKPJO9s}|H_Dk0OR<HP`(4rM;aJ}U?w({&3Q;`!g;KN=mB>h}eI^2JDiNZx
zUCuqrS(fje95C0&<etJMkdw%nhH!yNVDq-vB>ev12m;PUUeh~%YTL^FhI-Cm*~{-&
zY}(5&LbT5R5t!z4aUh0O%vCoRRbq!V1t1y49>ajfBpKgML9&*AnbAB_7L#S=!cs~E
z+jutHJb~+l)AD%~^vGHn%&CHF5z}`MsZm^|pyr6InJ|TpvgSb**$_@(aLnJZ_h?Ho
z8nl1zsZn>8+rrJgqwpOS2bG5b%Ra_wc^~At9k3g~z^s`x@s~5W_ZHlnRLiIl&?Byn
zJ@w3S&~7i0??tz9j8>aP<))D8jGg^L$H$wLgXU$VX8GQu(VFk#63zHHlK-^J&PZRh
zL-yE3azrHwDPss3&yLrS*{*vLXx<s6#7JII(cfAG9ZZF^2yWuk3^80kS)S;tM~$-h
z3b+@Oi}IYRQA6cFmXpWLnf+?g^x@)393MC<8rKxu_ObQ*LqhAz#G~caXSqBCz)d@A
zODscIdbwCzO>5NaaNy5cmhYvkScdq~kGrGX^{BNLS2X49X*_*H9$ZzGYt~Mn^-w2%
zcV^VUSBwGVA(FKOv_XC9M+h@ZkTfA%QowAt8KDDCmHqfmU31i=%6-$v4A{hlfM!17
z*p<FcH4Nqwyu_$^Ipu&;J<MSVZ+^Ot+-~Qojq!cfZls=#eul@s+F=<(+p7W(y!)4o
z^`x+SZ1NJMd#l~FF54#Qph9KV($ea!-EWG*J`CX^BFL@=A5mH{V^_;0v#h4P8AH@x
zAkt%zpGJcOs73ABOH(4h;M%bC!>2%nc!8pk4MC8^c>G7g!V$e^0<^8ShxeEl7rRtE
zC(dLo{8_!V!Qt^sf1-HqxDFC)!h*=$;QMZ_YYNdj*|p+T2u`!BIlXgaK*k%`_uvb<
z#*Db!?^QoZ)DU@Yb>k2_4t2X|d&1$T>#Hw$Y@ZKGWkBZQe_3fZQv=TZdK=xjdQkzS
zyZN2IpjlnA_~Ltc*E66=<aXhLt9M*EOkWYB>@1EOP}0$lw**y{nW{pG%BB?`5pqbW
z-AtJ|Y7&AO)jc5Hu;h_EAQ*l?oLlyA8d$gzt069)eJW|1O`(h{|84HK&MPGUAxVBb
z++8c{#zoy1;$_#M1oGCrAAS=`MEe_^7$9(WMIq;{r4nkA9fa=hMLX+PPA3XfN8Fd+
z;`%&MG6+EUd-Kc&q!TM}f-15&PU+=gw*g;knJb6pLr)tNECtbr=hT#beu($*Z7ef$
zO*Jjols7)+{q79)!sV{eJ<mtO!VIIWQRmP=E{brB4`7V7>VGgPLbyJ~<Ilt3eZ&+;
zFg*Q5C5rI)+qz;NZy+MxH|D0!TO47w|3FChaaE8q<Yhbfyv7$yirHguF^oPh<Qb2@
zSI9EKWp}Owy_k-=4^7y=W>MHmWQ*-SuCxkUiIMze6UBCA5Tb%^2v*>0%r;00OzRiY
z+;U8d2mV@z04bC?PhXe3v5?MU*SHsre230P1K}6F55v5vJgS<Z!E3ije_*+c;|yu|
zGrbtHW%-xqUkbQ8#;Pu}@Euw_2V2D10DsAwk7tvObRubR0ud#M%$rYea?oblL>lMG
z^_-jZC6FI+8X`-=a$_qLS?e1$vrc0HNO9mh19Vro85Z-V3){<aaA%=Tr~TiDceb^_
zubuJNnpr}N<{L*8B2=(#Zl4pFf{|Orrvet(QNa?^6o1}YgId4lKp6kprp2rM>=Fjj
zn7%vzqY}huTVe*0IG&Bp-H5?ZhbscxT(}yoJ-=3$c5-cFgl>kb{UDj6X>&y6Xja$X
z9N855u`Vsz4&4LC-MgZ(fmLsn)*1)ESUFJ61^(`DTJ=*c&oewoc1VR_H0OaMFnZFE
zfXItZ+u>PNK*Zyll5AoYR>D}R#MI)xoh`X1y(mo}c*+oib(9+-_Ips=Efh1mct*$T
zd!hJy_iG&1(IG?{we6&_xfsb7JH7Wnnk-^v)>j~R@_lD1iQeS{Guip~+S$+H5fqC;
zSL#Mjt3wA&;4R(33T+hn@N8LC(ogi`zk<@fY+RPpudh~`xj1apxyI|67HgTORc#0P
zE=N`sEa?d>+pv(@Hsf)ddjsF-=!Xx87nvygV`;ylbTP@9T35I|U83m-0^h3;JCtPz
zGjZ)J0!IXj#8V%owkGNPJc@W_1eS?Epy3PMM?kybCdW?<>{0<ox)HN3zh?XwCI9wX
zaK@A28gkYs(qp~E)YY8%dJK?y^PO<mN##2d>NlRm8n9uf6~evFhc3ta^S&Y>Ilbz?
zkj5lN+Z#)c_vdkp3%o33e7@0~I7RY!pD8~8;s5Y%%?{-*^NSj^zf>dsrfm`2_^O#w
z@bb?<+AK3EQ-}qXFDNBx0w7aX&^XQL0LrF=Y(7-3)<-#amjtFDbaRAdlyQV<B?6GM
zdStG|ILupd!U(#)p#W(Zg0wEnQpy4ijW`uDhr)t`bEns4-N$1>o6<h($gp|cr&VVv
z%{nYRZUmxa!%RzygWp9J&LQ}l?NkgJ@YS-D&M?bPu4FO53!;wRMz}0lXrTD|-ok%o
z3>7$U!+>jT8;e?oV({1`XKi1a#ctwymj@;+ZDV%;^pt)>of|^|+6frtdR%7_1)o&h
zZlQ=|7i8j_>35=!_AyqEEq)q>(4#21(7;dbL^04B+YUVcj%aYgJT3=P%A|V5F;&R$
zl;wXt=RzmD{W=+XYZx4F@rv?ryd%7gJ{OLh347N)1|^pe41woB4r>a5PJIr+ylGEI
z3w;OI01-W;{Rz$i1-32V)d1IkmlxIn^87pS%0I;}CJ5H%mY18Itl9|I-~#SN-N!>1
zXeOHhoADInF6zq@5yT!4o`eU12Np#df#@1$1iiaNN`M5IMCMK5OxVT14w%+}IqVcj
z;sHibBDSiKwlm8nu(Zf4AlG8G5k>UYf!2s&c;Wyx!p2mxpx5GWD7Zo_cH1`xz1c&f
z0my(oQwZCr@|p}d9t(~=qZD+qZE}zlT`4iY!t3f->UnRyecPq)VrVdg{r7K9HmZXC
zl|MM$5rCm0{hWuq3eBbeR$d>e)aH_UD|HQ2E^xBEmGVT;kXJc4@!raDX7d)~uYrZ^
z0ofU_9z1QlLl7@<K{_DqOjw>^O%Bf2w?-eyHQ?-^$9aQ*X1W=35`SYh0hH0njA>z&
zl7}AJ<DDm~gW`<OTbU<BQ;akGO~}q*9&ViIO$5)*e8qem=dFm&j_g3!a8;#bxjr52
z$|=YhjSggt#-&1^OfTH~!bgRnk{W(R2Vjd6dtmdq;bygf79>J2L<yu2tp&(A1MaT=
zTc=H{!{;Mr;`&C(tQI%`U4%zmCLeDAF7*MZI5h`>@s!r5*qb#lsCUXGka0Min^Ku@
ztzV~bt%V4QQ=tTw4GF<za?l;(Q_Rz=%slk4t+G=AM9FQQNZ=HK63B-3Fzn5>AUGf4
zS%`e>MjEbQH>qOgd13~S5?diVi4y5D^(=d6DYX(#7PvT>wJOajb1Z&sXZg2)Ac{_U
z1{EC00T*4)&GyJN$R~K~&yX9&xSN>$eNa!lz<}Bt;%;J?K{A`-Za$7d36zI?4e0&`
zWE>d~?ikI0(G1vDd5gdn0<BH#&Cs{(8Tx4ik{-)4@o;c}w2k`S`?U~dsM&%5<W$F@
zZFe$O0`bE^4uqQX0yhr40kL+vgS#t93GML#$ki4OWU!?fWY-uY2o5y@)`Jl+Ut@&3
zNiqhNGsy@#prwVq!<B-u8IWRyV8PM4mqo4eL2~#AYih<FQ;(PjWwREsQH<XHm(;`E
zR(rMmY<V!hmhTm7+%gOp$H4@|0`Hi8wq9T{;cS3tXOnFS8`+1tV~e}b*tdAAMbEr0
z*f)JE6%slJ&+FI#$?^49CDM5Jn|xsgmyC1u77#R9APkAB$ONEy?B4~s=qy{`WI1y~
zesG7dhO1;3W=8P>pFk`5;@Dw{?^*&ulqiMLlDOaWrZzgmHF3ZGtpqtn`0f69i21wE
z9ZEyqbdD=vsx?(pn@f=d$iwCma=coS205xZ?9JS<pR+u5yMIQkCckeC#-eQ_@zYuq
z=aD4)9I}sc#b|Q`MAOlBeRaMDJToA*&Vf)A&JZ^2rA@n1u3<k`>!qHDwHeK#2Tfq7
z1YTNwXiz5%YajqUn7luRdPxDMayKx%rejbi{grxIa2tSYu;EU1sIqG)21Fm%*~b00
ze=fxr>dgM3LF37FnLcyrJ>*8a6M}X1&{r|?jwM*`;#@&4=Bj`K=ES)<*Vc0wtRoy)
zR{<HEVAcmEkO|C7>r7Y=_y&l4U?ADeAaN5+Rp7u5AKjp0fYIhdiqbd#Ds2jZ=cE;o
z&k?<u2xJ`&Fzi5D0rT?T<U?(M=mun8`J=uD9H=B9d+;|vNCDI_T?51dJ2H4G{~a<I
z8_5Z>#u(SY-V9P`oDsA)2E|A@+JLgDc$Y(MkfZtWFY2b9&A_}oM~)+~ievu}9$`(M
zgkUzA7wwf{hQ9kCd?7n7l>m$~6YUVJ4e*NyLxyYUzT^-Pk6&YimG>A<fEZ>2t|eMX
zeKZc)KT7#rWa;LtHw}BY`L_<d=>ne638)e+Yl9q!L^y|a>pmwfKhee3M&`Bqxbd6n
z4Yp(caox8PjZ%Vl(munRc9aJ8tio?LEPr|*GhFlcKfKiyk3p@17(dM^yX@C?^Tf%s
z$61%H=$JvM*o0-ypl}nXPB(#29jCaW^4il<pKDHEUz_}=QsObQoHoNXRnQhgR5vX_
z`AH=m2Z*52kQ?GVrujT*(vk28NbTgCj&d9ajRGZjvwm-<4f^$DXD)6j;Km!V$TL3I
z;A?jApjCJ~Nh;h4U7RDdB8`^KgY{2BVZ=NBf&uvIO%+67xthNrqrg4~4PFkDf#!i_
z2W=LD2mzKI{LALlyLKOCLuICmNMP>}V1YMaQ9XEPA>uK9>TDX{`}EbFXP2ab(i@U+
z!RkWmz7_jy{YsXgGf{iw)%dGsI*`(g);)oIcXsS!+CCWAy5vsP!dG~1wTqt~)#F@B
zu6<$Zq6AM%fn9?LsgrZFU!U#NNX$1KPR_=NkX4(m1d<Gwk9%`a`T#eWusWM{6Hc!+
zGkUXE-)EH5Kqxf}F6X@khy|1BCaK_yEc6)$TcF}gT>LV=Of#p!o;xv?2kjuS747;=
zKs12pq7pj?7sSXylLBAiCIMfV7O6(-n$aH41o#3cGl`u`3L0ghyBLh1xXI<UQ4(-G
zEkO-^WuBYXy!%aIPAsTAl6^3GV{CXtNZp*9W|&xai|1|DtSJGOpv!Y!YA{3`F9^5?
zf;@=I03Gx0dx>dgzzKL{^HA>ZAb&o>YX^NHFM({2&H$l1j)kKX8xew0F|k?`I0M-}
zsdJV<`ZJ>>1oAtMDTH0Jq4LN9riR$?2$6<4H{B_z!HRC+(>#6`{zFa!nt~CSu5{yd
z>r(dFfBl-|**6dK;^<WRdyo=~SP9sIw&_z?a7F!Yp1HrnIVfknz7Fh<qDP<N3DT85
zz&kGIwRTTgk#&aLTe~_kPIs|j)A$>6RytChg)~mY?&AYpHfO|bVZ{Xy`yXi_qCbb@
zY8TzZf+Yu8Cm|$?cB3G-r@pywrYc||ts#TUiqs-=tt@P30t|5%VuKhW)*61Ub2CJA
zHeID%+{Vs%u;P4fZanRlFg%k6UR_w4wB4)2&1RlA0!?0Mo$!uZE&V-%*^;cgggT>(
z#DGJf1jFckhiulPpsuOnI#66{{W;2fPJv-oQ=6l(dSBm0O~j0=-P`1vRcPcN>9YD`
z%!Oao%#q)PrA?A2MZ+N6Dt(Q&9EFwX*~t~@V$_wLWmI9lV}P&xq%k3N*|TSp@XoA$
zG;Yl%!%72co!q82@G-f}4aH%A{(_R6@ttG(-JNC~K8)UE^sno%XE&tULe^q9QVHCJ
zI;Aj7;4qyv8!k_5ey)x;?3XK&Lr`rIoL?$qnQ;x_z#JVYw8x6@&bmG;&es-S`3Hm)
z0`k#?kdWjeFSPr6{)4Yly`p@u9?i9ua9yEt`Nl2y^HX%7?7kWNI|@BQVH1F0hZsa2
zHQ$sVtDU9j#pi>y&^Ffx7u+=(P^>A!85xq;9RWX@hOvl4r;HlRR`bHOMh7VeX!tX-
zJB1sb5JUUK0f$V&m`aYOgl8;&ZEjJC_V73VVy8d}+&Cu^+i~}*8Lu0Svogg&c6}0|
z1MPHS59d~_@ukVz{V>!8RC58~GuaYtlJ`6-ZyY4<RJABlt#fQd)LQtGkyH;STXo~<
z=ZyJYHjw+<b^ExcU#0g+h4Cp%gG|UqGMj)76qg;+K#1VmCy4<5EFEINA-vwBO%Y&g
zxk3f&v0|o#f>79(h6v6FsIOZif5=uurW2Kb?sdv-qx?;?eaIJy%a@=1R}t{5c{PmI
z_LZlj5a%V|us8KvqG$|0ywd%J$o6IVL9!gQT7gTZ_?XwuO;(-gSoe}gHQxhzE&AY$
z<goG)^Y)W%=J9o-&{<0^H;gZjdwWE*+NsnSw1D)3gcZ)VrtL>2ewBdZVln7S33H@g
zk<A0ormGG^o(w1*Y9lCrnZ|l~p{KZD2qN5QQ=$;G{v2X3*^n~p4Seq(R#=bh2t<J}
z3)5uZJ3KTf9dZsR!?w?8cg}I`OX1qQ2;hKsiNql(wSq8Rk#g9^+yu?Bbf6_*0vpA(
zE!MirK{n$Kgo93pCF>YZdl`WC&0gOTFwSs?A%#aA5AML0fKKM*;960}`at1*iJQSN
zF5?ddREFaSK1iD6Y0o|3-N5}f`_aR@9`QtCuuT+Ewrz%B2?Td!2B_a86d&3|WeD5A
zcuN%F&Rm?~u^4^D0mGmpkQOTBSlkH&&3lGGwmv8lFl*w3@uKk_{)u7`P^s^TVc;m1
zs8eUAmnjcyZ@#24K#fnGZW^G0z#zS8XY!8V*lbaw1j05gwqfypo3XdP4#i;&@;d^n
ziOu|1n7rytGOuN1GL~fVyVHr}un@4vlyn9H6#9FtUyGl5*+h{r+yd8?e+_oq(vw0a
zgZ$VXa?H-sV^N=~-uHBzqxZa^dC+Dar3!BL4im$)e)*XhNZvUN<!+Ro9N@0}CG#vs
zlCMIGg5)<y{aj{?ZCj?7odxbL<!TY$xl@9Y8O)E}0z3(`+a(7nA1%~eC9LYvnaNVh
zJ+7yrx%6~Eb-gD!1T|KFxf_A96IFLM4FE461H1SAh(H#|*@22ncchRrCEdhIx)qOL
zsafDTv(75W$HVI}AA??H^u!=$zhQv3A&-3~Cms+0;U>Xv*=*6l+_ezn)yfToei;@3
zO#pRn`)k#0+qWJV)U5VFM`UF`t$v!VWsGxxHD`_r&p4&M!gHud=zis3N``4tf~Ce`
z>NXK(A34C*CfHx^vkYmz!g=f_Qu1cNzKFo}AUPzWgiMo-9dw9H4(|BTN7Uv#io^AM
zIXjr4Q_axT@jrTpW#*7P?85YMi8WXjlG$+nT`vl=1l~a+g(gbE_@;7zIWf~Eaz%>*
zaZ|G4wK^hCq-HWoMGN*O(me!z+a4Jel;NyfGfD{J3MxAWu6430Im&On^uSsv>(7#U
zY@eE?WFebP)wO#`nP3-lHP=wR8?iSz&Ez>wrj-Nin=mp%?=|TNV)`ML$i5(fi7kuZ
z{x(#zf7$31hL8zc`+fJs$`{$;i_KxLzw2<@B;;LU`XF2b8C62&rF0k`pwZxm0LCjC
zFN2U<;uJwgmd5}?&BHLUa*5ok0~KE$7(dK*EGmz4PAcI{-Ca?gDo6;+Z|!i^SkUJq
zsqCp3D&5CWr7Fr6v_LA<64G8|+4X1?=ud9*#$8`nl@SIJ9)2wtyU&bIk7VtsEP*tk
z;im&3hbF--?qvk1eT1FNret;yRNsfFpUlHHa4&#^A{}9a%rE+e1j4b8iuuIt((JGd
z?K5gM?}UHmryMXUF4t4324#Z&i4HUwB7}5@KTi)?-;$4QP&P#m`HF6x3bE9nhy;E`
zta=Alt5o|r0^UxB8bk2@yg6-y&btg=d^_^R2HWn|(ZKN}2GK(t)Zh>$0<^tuX?=jO
zf!aKL7+ya1CVRmM<ros(r<=uO`gs@C!1m~nq(5gE*RzM{5-l)Wp9@&nJNNp4f1Z4&
z)v|sS-`=mEBXcnQp`i^C;2`Z4R6wcSpy^ON>GhZHoN?<l2aZpFR05Bu#PXv`{W*w_
z`Vi_L5W!iK;;I(a-@-0)_=vh(jNT>~l0)Zjvr|^$lRk*oaNq)>!W~f>jZ(wU1`<&B
zg4BBqjX?5UY7;$jt={sWfm_T6nvhA85MG&n)Hpmr1ZrZ`lmot)c@Fpc6tqt{sQKb>
zmRvLAgD)zwzuKPmnr(ood=_ts?mZ<P{8YRNruSF7QeNq5oJ*&P8O<X>g+oOjVej0J
z!U^1(_1VzD8RszQ>P@C5S6NUUDwhUg{MnuXWS>c|^!#z=D?kjIgRmJiTwkWln{cx}
zY({@=fLWBaN|Ur4$Xgexk3X(6Lj>EDX$ILIoM*!Gh+OX5jGlgZ6`yB>EGdRV%A(IM
zOm_kf)<1B`PJLP;)_KY!*6H)Jzw0Q4cq*J?gxrv_DvF8}@&TUJ9N<Js;3A3^K(D57
z$p)NUQ^GFl^uY+lTj1c`gW1ubI<&0P$OV{_p#8!)E@QUXsbIg-s)~T%>*x^@)+~x3
z;xX9*SKd`^zax7At|m39%Zvzu5>6mv-m_q#oDq=#|I}fTLwZhGkb43lom==;C>88o
zPy}K}l5sVsfO8Q<IKnj+*ky)GjS;*>30xPLNIJzVXaEb+>XaW)(TV6l*1(PHi+Bb8
zes3Z%%w5E9Gm)>ffIHDUeuusBya*2Aa%epgqBt-*zv!!xdgG;#9O{9qSG4g2yN`Df
zgnL8=D7>}{AtBehC@a(=>xEKH`3ob-2W(l8?dNFK>51@k;Nn4Z)Y+{P!5z<)gm6Ft
zFT3~7$Ms18u7_*zNVE;cCsLL97t6pW0tBw#kFoN2EAWV+vm#+sF-WtRlCTDNo_NaX
z)NL&CS;G$%nPJ^AQM_4HD3f*2erbfI#+<J>z+z}4?W5+bu*ExYdEuyx2y2e5h_H<n
zb{zRN<2aJ4c;M&&ey@w)klwP^NCovA3ul%~18XS*w6aU(06)rG<XDc-ZXfHah683&
zVpfyQ<?6;<$CM&FPZ56};j-U5-$6&;i|Y&5mubQdInTW9EGfJ62o29{k%r0_waP~V
zePm}2iOz6O+*j+_5ot~G4A6a#E{eW?efPTfh{jV9b^O|Pe!7D6Igv8r-KV0jU+Wkm
zsRs!CyY^0nmew@HF))n#AaIN5(#QyLVhN43W4W5Y8pm+m;MU=NIYBTIp)<n1_g`PR
zpBT$_KI>RAjXgd;|4Ze4wt7Cs>%2df>1AGtQ!j9aZJo<tFPhY)IM_L<b#JAodZgC6
zo)V4h<=xcB;pJ@&Ti({tu6d_R;N@w-*&x8F&xF2K;dndK-a9}3{lF~7Y+^ivg9u#_
zzvA<^h0Kc2JZDD2&ix2Kv~^72)-7{&5{1#e&hXpXRZkCvCy#$(<S~?|#UpYFXF?&L
z2(aLUcHHenH6vH>xLZc)3q*U&mX-eM!k5#Aedy`ziO3*GH1>({<fKHy+>Pphh%+e1
zq<X@@@L<x6eBM!S=BQI#fyDwwv%2dwKKS<!JkFrX`BEz<FA=ICW6nSL{|XgcfBviC
z=KO>Dug1w)4K7;DJ1g)ja+VF8(b0hw2L^+n?3LHlJEzM}R6};qv3~+m^Dw;xEns*(
zzhUmy5xO!0g+zS`O&0S*zT+hxpO+O`JDciv9C&@qv;;y$K4SK+gHvi=$uYS$WwbbK
znB%WauN-2=rv`03LI!#K@<L>0BqaIB?VyK=0DkN|e#kujvt0g_T>hb4{-#|1@45W(
zx%@u4{FZ`vA4mDrbNR(``B`)MNpks-a`|rsUU@N`{S!M;^Rrp^KCT_~oUC1~%2_av
z<!z5`DBF(fI;|YFNe@4j_GH<P*+0~kV75J9tv->rC<(nDMK?j`WuxrgRAv)Rl07F)
zTnaYO`;^CJr*cd}b&h2yw~Z~&5@F8Cf72jnRhxJG#!Gw%9a9zqU0Kxz6se&XOvdeZ
z9lkB#w{p!Fyqyh>xepJntZD#?45+KA^O8%%Xi|P9F_s}ITq_B^fn95$HM?=9T?d}j
zzof=aTcp-h)@b1zJnn38$L(KLU;w!W)YYYVzu&}YSC4RKzQ^PfPn||d>*M%_=Vqu|
z&OB2Ggssl}i!J)<+*^m^im0nU=9jX0i6;hDC-G^{&287mwpdlyCh;lGqz1C*<as`W
z-x=q)A-3ICYpqRtC$JgtMXcItR>3JTpsXS}wV5^%!e_2jq0!)ts3j}<w|m)VgBP==
zzM~?n=2})K+pb#gp}JIc1ZpyLi&mxT8*t8iJD-xBB+pk8K_ySms+hJ|s9{^a?3RA0
zkt9O!DmY_ide5D}8T7Q~-Dt|M?OQhwaT#}uB0Y8Kn2#uE<)_&AG71jOGFK-64gJ|>
zU<ix|uAH)_BA2S>n%4(^v9Ih7Ahm|N0Ffwls86N`5i47|_*}HL^NzzjSi3@56Bp%~
zT76;?nkj9QN*eD+E$#D-MOsRii{SjmO!htalfoannBWWYm|^s(?6P3a9rA15+}LUc
zCU>s$qk&(UJ7b?t)^aWGkblB91};JInK%2Am3UsXkWO;5?%dxu9C>sF5=>5N?A-fi
z>K3f(4IO!j?YKBe8c;b$-ubvj@`R<_%hNs|^?M1m9KupI7dZ&1exQ!N^n=cZ7dE*9
z3wrhNT!%OgVCmHe6fo$ob<?mhNN_fl-nagwek7Isn;Rb^*d=8;uWUNcKGHEKn<?tz
zR}3y^-`5d-!kyxn<vy2CsJiAinNeu>e5Dpl6_n*IHD*LdQDioI?-tL&re&KjE_-c-
zd+MVj6PGgiB~;gb?R<agRO0HZkM}w^20^#6kmuS=@NGj%FyH6KcI}pQZC@WDwsLKg
zzedk%M02P8yYmo|E$v$A+q^FPxun^G(^le8i5L7KDGN-38T@bd6u6Jif1lE+`{ydg
z{J~wynHw)y(cD#alx*3l%!VQPNg^|OWfqrp!;g^;$Z!b&GF0x9e-3`1qRr!n|C3o&
zxXmrKYoU_Lqbcq2>eTai{w~(yJ&nv|Re5gmX3hu@?X0H)M8$lB9UeoTtL`EHx#>)n
zuDBS!%H6YA<<Smq77w>;`Egs=Va7BAOS$82!BV5`1udKA^kon#o^bQ`Df7GzT0Z_9
zQ$6qZ)#<cY@`XVM+e}xoQn41_LsYuEr^?`F?e3i%ASV1@>w%cCK9IL`lNgM%Ttq6Z
zQD$qa^PafLIt8LEq-my?^0_?1bh7PpSWoi+k)$enld^o1y7EG9Sz~V8U%u-rwM!f~
zFDG_;L}~jHK7E=zKi+`0)+J)EzP$F}#|DT6PXc1?*>7T6&-QlykJVi0V>FVk(KcOb
z`?V`AL;Wf-c2e34*L*JCjGgGiFCm<ORN(<2MU?&~wfgeD#ZIwtKk5FTF-zw5T*>Na
zBbWBEpF4{MD{WWnwIAlWL4iY!XL7e@YctuvHV?skTrZn}3Tt_$RnFjlJu`1Txj}KN
zA}n0Ns*Elm`6(E?o}g}R8#7$Ca-0OG*K&o{%((ZhI?!Wbty^$KYjg{%@TbJbgSH36
zzeBK2F?ORHj2-eT1uF}OYo7kiH>hvXSAzzk&#w<eKV4*X?~JCyw(9o3I7Z8oxV2~K
zFby5L1-inviM7zot{}(Pf3$iNTY~|_gpB|(JguCwGn%o6d7c0IHY-Eo=1thPnmB#>
zs-;oN@3NA<KIk6h`XWZo?w9TY{#nfZVoC?^iaI2`_H%7SYjF3Um;Up=3|oY$7I4^q
zo?a_#b^b+Lvy-(S=}2Ao+yi)Tz#5)8U`?aj=i~;FU(@>0$4Iqh$jmjf7x>J##P`+K
zv7eP21uJw{VMA#1OQeBAce>wtkJHvgGK-0S;|Myh{uCV6(m42ME8czS^kNrEUa|##
zbWMQk9Cz-N)yw;Xvv2lBs$z%T(Q}68h=?w|YejoLYtOPV=-)`&Z44W>tR#;LW_s2p
zI)%@#+vCigB3}h5@6Yf9k6b<0W*ELSq=?}XKeRr!*nfQ#_%E+Cble`1+Pb-ZnOdr}
z?Q(x++Wp~pxyACk#llkIVZI-G+yA}a@1*a0_ne(u(|X;g;sfX9TwMZ3BuSbh6v${&
zt;ZwL^L}_jY+89k`_5}5d-ud`5Xl!}h;8xPQ@2rvH|AF(>Kodmo)Tyj@D--{bw)(o
zu~lyF;$dHj(f}7I6Dz8I^5mfD{Xw=lmgW|(>LaaIxXM_Lr*>`j@y_GhDU1tZZec!+
zilFNqKHG{~zhsSHAIK!@SCWGp#ew}&w<GC;{$emWPwrj+b2jH>N|m^O*JPILBTaGC
zb{zOtkmHqXtnO;@@o}zw%anv_m7DVKK_k!Kx`ax2%E+7=?b4u=7^0S<&O#Oi<PC*z
zACv2?kD5I^#uWk>1QwUfbLS(grgZ7!dZrdjaFi1FMHX->Zol9tP1CK(m5bce?JU<O
z25C!rsT<u)qJvwRl5~`dzPmmcGHBHZsSadqe~ZAM-c80HwmT>L*#6w|op-6Oj3;V%
z7zB8zMAzw?D@`uBb5};~+og)t8E>*yi9D1_Sy;v(`qMe3tK>vxWhr_{mrl;u2ai{>
zBJO8l4Olrp-BgUvZC$Ht^`Q+cT0~nyX;0}Fu`xf-YZy2*!@%8OJanC|`PiKD$;44p
zCUd<rL@_$c1*3~`S?|2}7u>F7r!UL~j_r4i_zO*?WV9X)iIw9fJ|ESqZ)iQ-65)rb
zm_Eu^&1gM%5`%}lem-9sMc}u*zdK*Y&<oKlE1}C>a81`-FT$;S@17C4OS5Rs6Y2XQ
zo_#n>;3NIJC>TsJE##F2X*(YHbI^VR@m&OCoW7UNT3TlRhYYN_Vp7e=`mj$Xr^z-@
ziT&jEWL!g|+Z~U28)e^qB|SBv$;dcGq4B9DY5e)N@}cbu{1zd%uemnvZ9{HBu)0ir
z;ZIYh_R#mYQzET-r;2=sUeZD(!7@<1g#@MFPTzYbpm`}K5xIOZzbE+B{HLdxvD!8J
zM=*2JE(zb^CntUF8}?($W*{ni%Lamvo#NGXK81KrwT|avo!xNSqsLdcgQt7g1NK*{
za1)M)<uu;lqa7x`!+fXBE3Nb?qN$~ekE@o9t5wPv3*7rjBVq2}UbDM5X<8nVwV#Kp
zUUt=Az3p&>96-(m!8AzQ15rB4r+rleeohs_ZFBjne-!PmyZ6;)kM8mmxRq4fFEWH<
z&;2hmggwXd1@`^Njg8t+@Gzd{@j<=gIR=bDWmvz2rwmtZ3k=VG?;CqGVChlf6rRIZ
zYk~ekgvV?r6cHzFf`=X@@O~ytZFxcMIwVE!B8%_7$KfUD`YwT!Twr8Qe$y#)f`V^9
zC1N0;&NeZH!^BE_p;PLj#8otfx_7uuZg-R+Tb|q42JL6%?Ek-iuinYR%j0ARE_^OE
zs^Yoqb&D2dj$VEFdMIl>7!l7tpZM0|uls%*Ut&ZTPlivZ?df&QmS<p64J`c3jFe$|
zV)TjRz1{w+-XDX{HZtdz7`A2-qlMEDxO1;tVKkEa%03Z@9E;;c{I34T%nWV9qu}}1
z;q<}CM$;rrssgx9H3Y{v5240}1aHUB6-JUV_)_H=u@R0jQA<M?W6ktteG!h|qcZcT
zjdN~%4%HV|qc@u9&5Fn;@^J|d6e;H0eztznyXy$tVKT7OrY2x}_f!3RNi@eg5B*eS
zUr%SbJR>oPC!U$JIg5OLL-j-}!CjCn<lNrY&(->0b1&&VmOvi#vfXz%tcrl<-#jdz
z^D$GJ&{>fPmYSH&H0MhC(NW96kf~~Gs!tI)NMv8+NMIV``6TRRc((@Kz_*QPeX&td
zsDJL-qSc844~KNS))7|Mex`mP<5~IngP$xyWrNS14Jy8IB5oMo&my-d4L#?xf>6cc
zR7h|0puHu`O)XmWFnqHD!M>6YUR8<4ijJL*yRmgohvs&3+|^b4gzjOR8;g6P)LHhy
zu)K+aM~iC$a)TO3o-gIqza}ukqV|j@CW4N{MisHJI4rh;Q#j~hEBQEWQPR6Pc=1)r
zGd4|+(b?^yVyi(NW;a`PwQ40=+rO5<o08s{wDi0nvq<VoWZ{-QlCWykDm*r3L(%k@
zFH>VXks8aS1!BYopJXz<GMclt|0uop0hu#&?0G1qs`pU;(*iNcMX8ss$f&^+GbU00
z+0uOX{i(R-hdn%uUzYj{@T%%fo)-;E^gf?V)wpqlnJRkTs?0AM3jS41;tC^{y;Y^s
z`<*F<qL)_wN#6dks(KeNQf`JVJX`#BZm!@Cks3$nTYb4~bpC?U7Bqdua{JxF3{a($
zzpr`k)frSwb_dG4Qg9aB(J+m%-`h}T(@e2HTr-i9;&HXX+WY-7ElW&F#u9If7-5fV
zp)8RVTBz+`$l=|~;JlM@?yLINm#YtPnh~X5f)%E$U7EE@K%1j~J!y#8lxx_8q_3c-
z^Q$!Z=OcPQdS=;MKG^C#eNF}PL32*NA06Xg)f~1kb72qsd&-UB^o>p;z6%^B7KU|X
z*#4OKeMd`?&<whfM^wgh?oz}TBxIif20k(Oj2Qpl-dl6UjhF7Y+|BT(kngr7?k{)1
zCy3MX)#^818<5M&UBq`?&QR>PMATet<BMH^b?Z$78IyY4qoGT(Mo*qQ0{NdzY(54K
zP0h8TWOS@eyQ0}RyCKGN?j@E8%xqq;^iz#H^XQZa=s8Bjw`Abz6g}j}#l<oD@nh9t
zsh+^#@Ix}&yP*gZzK82ae+0D!Q1sEgbLh&%R84VLJ&{Z}_s3|xY=*26M$vV`G%~+;
zvd6P{3cs-uXgCReY*Kihx-VeRo3tii+&#p85bKjqE01vAwN=L}XE>W}sbcIv6vnXB
zNfG*EjRWHpg;dU~rswZHN<H#LWc^2wmBaHNeAgN)uNYS<YjP_G-d)*j2J9i6Y<@J>
zK!u6dsXBRt?&J3sZH~_b^*@gn_)b(A@Y-0<aF?iMMg5{0z~-X{7Ty|Fr#Ii0jhxI&
zR|$rE3*WIjQzh~vw{gh)KXiR%SR75Wc5n&q&f*Ti-Q9w_1$PMU9^BpCJ$P^kwz#_m
zcX$6b&-1?LoIl@nE$q&0cTe@bcUSdPRZj!uLV(%9Yagm2X7AFwNc?*TYBUF=6!zYz
z!y;Bxzd7c`+>3svGM1^MsnWq&6ib%_zy_lu9KfUOH~HoQ21j}>+mJ;y=n5-Xbk8d=
zFm{jBCO*0^)bbL$fABt)d3xxL3gu|OkAAo?NJd*VJd0|?xQE7Y5rR@N6sMMH?Vxu(
z=tN`9VCUvjSD9Rz``kN?N54hsVPJ8S64a3SXLZjVF6h3h-SpWS&=3G0x>&xS+TNVb
zAD-@wH}U|e$WlGo>R~hs4)DaKd_OdJ5R~;-(>FG|W=n1ZkAAq3dG!pQ+`M0?<pyH9
zb#a*J7z6-?!fxi1ZPRZU5TQvwm-8H@VD5fxGYwAbbQxV)ovAN0&8FGo(;CJXOgAAh
z#Wn>fQ~U@m1Z62oD^`=|B@0qxlK1?QX{q|QHalM*xCJIl$Z#SBF7xak!Q~%+whAVO
z$jvxIx<NnOp31W#_{U!Vcquj5IwaSHSG~hG-}EQxF^qRmND#qGeE!^^izB03_V0iW
ztLy+#TkjRsccSZ@m%<kwLI^Q^)wOBH<haDBlQfd;F&7?$?X*Qfk&K4t=hnGm{Mv$a
z+hWpQpxR433u7Erd0tg@vXBX&r@M*ut);kB$b>`*w3`iBLUF4i=d#ZArpPerW?)##
zN)S2rF>3rG9wx6aYl_g|d+{5I`>TRM=#A*Htloq@Dj0>2(8Nkh+4@|U(7KK9z2w)A
zz{P_W1a&b~f5D<H01P85%VWZ6ACrd9lSG`)yYZi{gw98S64Gzx5A7#7VqLq11$Ku#
zaLcp5z=%j|m`hXv6G$QWfozfd>r*cHwWMK<)3j(&y6dUsBM^=Xm`P1dXkiGDOCs$g
zal96skl{6Rc84;uPWg5gbr@&1XCWK!Kr99qENR9$M3P!PwNuD(O>o?kiggrs-E&7#
zskgRR0=q-BzxZc0T_m`wynxr$nmh`QX1znzqB8_xDnb6CvgQIJ%ZW!lOZYBaMuX6P
z#D{?46#%M2o>ui?P4Ga+tBgjp<%gqPS8s&?wj1r8ar&SBejJ}-cwL+7kJgxOY*vo{
zw(BY0p07dQ1W9UbO@V?7`$fAwe>x=xJU&>=z=HEO_%GJZ<-2~t31q%ds0>YMAgn{;
z7O|V~3vgut#)Xae;IWgscCh6Ny8EDACjXV0Y2MDt03ee(`qna<4U)ON=^v~ws<!~O
z`gSJYe>k_nyh?5fedT<+nwTLbt`CntAbVyL)SVmB8UkGJk4CoT_o6v&I-WTKjMn`?
zqNm%?e-X~$eR*un?*;Ls?H|$GzPG;jk0{Fm>YLTU;{!g?bh;+h-(rN(lk=3vie#Hu
zg77US|L991xateDC?}J0%(sK};5QifIu%6`S68I}4i=04%(aH1Ox&@y6~aN4SA-1I
zdf~9=Y+^!*l?|C}efzB6J;$PnD*lPcyXp^M$j8Rya<^#)X@QmiD7k?5%YJVo>AZyW
zYm)CHw3`ZY{3iW*NQyKtDz<4fAS|_Z-Vnvyybn=0gNolvbd*D1Jhde`0+LK4JAn?u
zF$8{OMH@~G8vJ(A4t9591yQ)bNzH)5spc=_jjg+z3d5)ul47#iQVE}3M1d#N|DiVr
zs5syI&)_~pk~>pI&RfcV>HT2VUhWgXrN_c|U|j0gdm`BU59S}TeZqE4zkz@Jc1eY>
z`K6(+HTKDuBlY&0IQ63W3R`uK?T$&Vi;1yaL>Fa&K+Kgrq5iHx4EFvb3-4ekOBp_m
zx0+3N%sX2;OgM=eB0AMQFm7ciQ`>4tQV6iF^9q8o#ednNaI!Hqo3bymK9#B5=+=nu
zd0?#5IG0Th>dcQ0SCu++He)!GQ<da8NO!)iW0348g08>vW#OogARHIEWLM?SKKJ`3
zY?09YCAqZ@G+hB~kHYl#IO2?mB|X{#2_}_5z5(5mAB4!qX1loK>x<_lM5Lt}7%rlc
zGC)rd$o-9VBw*X8=D$d!W}RdOIh}V0E2-Dj{|?MrE6&@B;uIm1f5n!d&P~KMJfcC-
zl4=xt2uab*00EpT{jNdFy{&;Zt*nr+E3%Gq{hZ(``d4Tho#aSJcY4>mkhte~Is!Xt
zc_C@yxQ6@UzcPz0Q#m@VQ2o^?ng2mtxldUCCOp2^t9aH&_{BI5)d}~|aG61OZ5Zf;
zd=&cN#CeC(dO;<=K7|6;`hgDO__mIOJ?yr(wfE2`%b3e7e7yQAT2E^|{Bo%;j(WG@
z@8`e&m*k^!TW0B||6;y+xG}}?7js4JYvRJ)uvn6UV$ZmLg_ryfT{dP@=L3gOH0)u^
zk)QgvLY~nSXJB@#e0=^v96e!6qy@y5)PDgd%cbQ4k_oW0{L(}c?w%@CiF=dx>p%#-
zO<xzG4`yr2^bC7dci?Q)6*2R*^8QM(r)58eD4g}K2jV*$mFEN^1Bfft2CEW(Q6E;g
zOK;4@s-Qs8(xKzdC4)LFf-wcWROZo>ugE@x+}E>#RLQf<yP%3=zn_GdEF#5la2v@k
z`&Ie7d!z|{KveRHFs^%)^IzN@Q}I0`{SyQL=4W1&fAx4432x3y`E2)}JE(sZA~HxJ
z3g_bD_HTT6cpiWQz2yB6csCYRAt!!m{VZ;X5#AjYU^otWrzH{mkZUIhbI-2>VP1sD
z32FI$&Q1MtGFW-|`yaJ({FGk72k@&2{Eu3JvEX#}|Hu4HBe0u{jQ#v8_eMfNXXW}-
zd+tg>@nGUVkhhgbWas@=ieyb7rHJ0*{EMXMeNlnX?vUj_s=WRmRo-oa^D%a0aM@M^
zGMo{gylX;&bggKOl6A4Grg*W1&h5^1H3694Gt0xMJUIocPR^=~QMhlklsMU>MY>qm
zP{dB{PVob|nDFdiXKpVElH^z1F<tEc8J~-waX0?ITtNnD@c&4z(}{V^@Ye(#Iu3s@
z$;3PwfHWf2zZ%g;tDPjH4wB^_`7ETzSjj#VU*tGZ!0A^$!oR8|)$*@G+{@*pntO8k
zt6R?hg}i&_d)%UroynzZ`f6z-sgSQRE%^A+a0%(u8pB_bdqhrx6nQ?{^`C>kYDEKq
z6Vd?-2PAdU{f(2TD5t)7ZR1~kxEMIu6jV2d7WN-|U%rBvZS~LaysbJ%<hTB-$4x<c
zTyRmN3T0Z^kLn+u+=={$;a{gf3Ngp=FHNQ<3GFOC|BJSL<X^O}l1v^0S3xwX{8wg*
z<H{Y0ICKp>Tt0*6o$g~qRRDG-e%Yn;J@5Vml()|M;#)Dem~Z<pd~Fhv#~7Xi8NjyQ
z;JtX*O)`itGpAcm%tH|%<Ei)WOr^G)1cqDkzxr@v@g-!V1!RG$o&ow71<<XMb+O#d
zNv|-}+}jXg7BuYu0+0ccuULZn2kwjwPDrB7R)I3{V>(^CL)-tb<m?~0GfaND7mLEV
zKYbk)67Qmw_#t3W1`9xb{SDM_vEKvlX@Q4fxvLKFQt;(^jeY{V!n$tUZ6lHZ2wVy*
zzv1#Z*4q@%K5XBWg1S9FS$|(cylZkM6Kjl3nsUhf@p;(oSv^!(CMzKGb5I<**Wnl7
z(yq@bIQbH+&-rcVvC7YFqOyMZrDu3Ca1pV&^f<V<Oqaz)4Qb2!^L#}w9Ueq6ETfo3
zeW#9M)1kW0?NZziir0e=04*t7;iVF^ACgi*pQ29-5)1L9g~_tpLMgH7M3v*22sA=_
zYS=*<pH{hgvH8M^kbO7I8nsl~aS%JE55qZ%S-ZA@g8Sn0&{f3e-BH=@@3uLKOtm(+
zz)p{^zc=Q-$8|r?OkFc8?@^u1eDX-u!s7%gyHC&~M*VU<KB)RYd8#$w!bj`qD*ijL
z9<6zmA;r30A`1{l$<Pwm7!`uU%<;$J`#mPPT483$`OGPamfbP4|1}Y-m8)3jfW&8T
z2_3osDIx!%TP3zwEl+qcEHvAaeMGcOt&GpMSPRnAUGveuTMU*8ie;o7Nf<skwta2+
z#HK@IauP33$nYt_vwt3Z?Oy{?u)c0bs|_GZM#z1g*;2Z?-eiElw1j4#6{vI;r5;9C
z#~sq2OhRr+4^WW7q@P~_<F@Gx$fWZEb93diyB9jxX(p2RqwS%8U(-qG<}aoOZSXeZ
zphg0PIX~F#_hTij41w{P<@OWke&op&#1XaTL&<U$lkZxOO$*Of#dm0`?J}IEaj$fR
z9zjVDIE9q3Pj1F@khl+LXTLs`{jv1<m0-<(_cY(KX&&tSS!WWq-3|-0IS18sogUW9
z$E`0~Wa(tQi~YxXSIZFYf|rcey|U5ZLw!Gj*a%~{P|@kOv3Bz{$|#)J3P+YuQG72Y
zyQWOg*%(p&kXLF7+1=ep*hxAr@{{9TYRp1nV8p_Uso;obEJDr8%=DI~<n1vOZAHC{
z;7GH&j(t!HKIw$c9zi(ipxhb!MB*+*rAV}T81~+%h6XntU5D-(OI$<Rr;7${?09nX
z^i<I;fmR+DYfm!Z>>@tb8u~-_QOTvp$h!_t=_kN7OeH}!0leeBy+ix3fmnFQn3}Kq
zljW$;R|<M-Ng02jwFc%{n3#I#rZv~#uf@3b%((W@sriVYMTs&CIh}ckUZ6`<m;Vlq
zEJFbB-x-?fovN%AphZ;}G-0UL|JYoZ(LJR0G9UJH1MMR1Myg#wCC%7)<KOYFzFGFq
zEr<~<Hryo+Ue~*UcFY`EB_V{2W-;`?cOlK|a{?p_(jl8QuI|`(j`ER0;_VP&^(`^r
z*NyD^@I~IgMiKhOOIj??{9mW$ke;g}<<4}eZTB|$qkCHG@xOc7o7;*((=GnklpXPp
zu!2zXmHSHtSI1>&eOGJTva%7LH)^#I1iP+5<3oPUK+4+bGko&yO^X}AUg+Q#e334*
z#-O+>xQqOUKi?@7?&l8PHm!p(s(vLV|AGVEN=gZZVc#n6eoldgh!0kMI4s#Ck}VAY
zii}0xmMlinGw@>3&nizax7kIJXi4cwEtTw}5#=M&%u9zHlS5>86l27Jty+7A=<lk5
zx(-w85QWA0cV1mq_Ib&BJhl#TTHGNE^mD&^L_0~9?_}j;`j(T|E(il^4bVMHCB@cH
zA9dZ02Ltf>2vfeCM^;VcCI-BYYa5s8GZCAm1^lA7t!`thM%|5*G0uz8KdAws613O%
zD`!FrWp{U;ePTeiLw}7$Q>nqHsq+Me`zg;Iy-8WbmANZI4I4@QSOR)m*MdzVO(^SR
z8K)Xyag{NLHli^);#7TTLBy`d)B!;Z`qj63ody`>;sx&5CL!OFgdIljoH|1sRYdQ?
zqn#a~Jkcw&@%X376-yZgy}8^6E_O;ibXF$NiUO?qRivf<n|B8i_|Ef23^O54jqVQ4
ztd9_AzNi?_^CtXKGpkgHBVmO~GHz%c*~lHHQi$kXMIJjN42adjU)fIz<CV$W>u6^~
zTi91b0fpm>fIS7Ouuw0lApzdHP|UX4;^}-cRrI&MjPTnO#nN>N;0tPfLU#K5acp!3
zF$_+JbI?}_Gew%xV7%IWLhl<CM|#(L{EXQv0Da{Q3_6-`$QC$2D!l~tWX|rjqBW9o
z#Q!wYTpkjzR<K5Lg!6PA<|uiz`risepbF)T(ibUA7cSCPLGIF)%2h@F{3V8fTvzF5
zuOq+M%I`^C|82%KAtZpW`Zvi@;`LqwqqHpw6ODXCGR9AAHiTWH)FP(Q=F>Zw|I<3L
zB@R%5R#YQJw!c^HTDg!m^y~lBDFQWBHIhGDxjTANLBP`_+)>0vqpsXzH~S^d&rSNd
z$-8xf;(t1zz98Hy<a+og?iS^VWx7}CnIkMUiE=;&e#rt6!sD0hjP>qlcN_Wtwle)C
z?&G^OUNUx0s*AJK|Mcu`>Pwst4-dKgC~Nbev*XhLT!2HXPw4B(Zk%%<U(7)nBhvqN
zZWh$JbUlKEcRixq$4R@GnU;S<l~DHAM}kQXyK)Q#k~f`|<#UB$M^FyHLQSomBjwBN
z5g3~yhnCo&Fk#3?FsSr!fV!n~3(KJLj%~31%1QA7U4XRfLQ4&IT{Dm3qNcd`qqLL_
zW!DKxh>u}LD9!-u(-rvwH2@g2kS4@u%8s&o0q?)|hbv4B{yJuD4}OnPc20LmMtW%B
z@XHio(kF+w7prundK05ael(Kex}HBsZPGMM8)7olP_4Ps!jqb&s9{`EseE<yEV3DN
z2$nUE0$L}V7v#?mJYaEtD#CEzeU)JX#%t9`$WKMSb(34YXPfNR$jG7Yy+I=pD|h9)
zC5~7B*-ORR3`}i?gknlx{#BM$J@z3^lVzRsyEP>nlC-O5Htmcyg(;Lh7@8=|eXPQj
z8%K@YK><_D#=wIIFN!CD$AFvC;<{We*`qa(W8Z+Lpj>?X=0IOrbuSs$+Ka(vVLsB2
z%{5rfC0%QC1W5@MQ{#(^cky24jk$?3=+T>$$cmCd*gK*`@To0MmB!mGi`e6S_+5&&
zgg`GfMd)1!gS0c)95jQ7pW#+H;<iDUtf~48551bw;qg841{Ui<56uS0U#57eJ(L0H
z20VE9PqCtyoR(@!Q4sNU>0dk#&3=OC3gRq3K@1x;jcm_CpYv0$e(Ro0<vAB1dO9CT
z`HJL$H|#oN_B+iX7^QyM6?17(0>|R2*fqys<yihX$<S1(D{D}f#uZx_Ww%{o8ijY_
z$fKf2;W5y10EJ7Tlh1yy>a$FSL5_4)p0-wRuIi6ro+c={{clJ>MKCWb?7nb4E*-tJ
zQ^?^xYEz`E!mwa+ivg*ri1<I=#2J#*kF;c=8mJNuU$kv|)O8jx!yXrjpe7p^vH^<W
zt2txZaL={_ozN8MIBO82&9Y*qdVfr#GJ*Yp>abAKW6-OTJm?o>#^%cg5w=O&R{WT5
zR@hAWBLm>0WjI60PDHL}5ukWS5%eB}kI{`?`UOT4hh0tSb&T5J6S_bdOmQa~a$H#j
z+S!}iN&YzE1Wc$=m;sDq_3P@ITCd85MAIeG^@0R?*gq`Br!7O;m8D^2%psCJvG1W+
z7BmLGV&g0H2iQ+!2=R3$s0qbc!~46h+<$?B^q4ZFL{Vq}k)IGme*U5W0I`y=3m_Gv
ze_-~jv8rwyb}Vy%yLN2=fS1?~{A%vuJE)E)7>YtAXjCkMs?5iLnj4B?4{&c2gAmqN
z`qV$mjt6@k0uIRW<^2jK{FTrg{K`26Ixx!s^wlQlLQ`aNfSh|l5intWUC^l@Q0Z_`
zX@O~>xXRD|?#BZ9V8ZuA_8^&sAcPrdK5ZZAAgb;{f_k@s?tGSN@&PJ*KP43Bh56~q
zxePi`?(cgPbYRD?Phq7mpbIRZ%L8&;Gs@^v$tM{>)hQ7nJ#;`KUswZxc9I|n&fJT@
z13Q{P#bXjNP)ru3K@bQo3dM2$Z7CKykia_$u75U1k_G^j26b^9B-y$jD7}g8Ps<7s
z1$W0Msli&)0yeX;qF}prD<%BYk9*x2LWz@~wkLZcl~yJ77GthbmP^jk9~8ykT-%d_
z^7--7rww6bJ?ZB0Os9ny=7c|2bI@TYawurEdyFWQ#B)%6zP@F~b4{5~+5IgPtLiJr
zJ7WcK{4$klxip@zW|kEq-_&6PsCScfYz2d;?zCLEFL~-6Mh*T-gR=adf($EmKMfb`
z!iuttiT;^RqehCN^-(HY;4o8l9k?=20R!>Y5fVVpEz>82tbRwzJ6wSs0Ca7!`m`#_
zfR4KGz6yNy!dvij53+s36+D@2+<0bXRJm|Tdw+~$zH9BDW3A@ALoh$~b<K8IzEd<^
z#7)&>!mV|?Kx?1qshL!F&DJt(VhjMjZcDAsvHF(eT(RCo<(8Y*kbpii-zBi1($Hvf
zShkkGq`i6|@|;RYZ*JtJ@Yz!}0gg02C+IR9UZ{Oe;N-RH)g9cuP^8SY=^UmK{_2w9
z=Gc|$K^3a4w?I(!;J(_C2r%5|#$kUV2TCI1R6|S0l_5PfBumdr1-=F=AzQdeKdYq{
z8T|7`4zxzVsTPsWrNyA@yS;kQ3EtqWKsk(c!F*0r&2KcolxgXLFV-;#o^fmZ3Gbq=
zMs15+;q+yyt)y7Etx^$>yaEyQov#}8na2O;O+c-T4ULAbic44g(O)j3SdsJHLX&H3
znQfhovI>D0YF#hg2|mSkh5T@KUR43!?07^OSKT1PN0fZVH8GTeqT27|_RA{noAOjQ
zPBk9_5L-<Ve%A=|rr$U3L$6i^qO(lD82bAA-fv|9b6<LGcyzOltb^V7VrVZ)Nd@lM
zoa!hCc>J&BLcgrf5Y?ffG>eytUfmeLLPS|!p0yc9(6o=3!-!U!yE`d2R?a^P|I5@J
zJeK5#ch{DT@Mbj+gM&t{Hy!_EGiLgjti$?kWObK3K)I5z%Tsc%QU$O%g>GYy5}TuK
zG~T+G9mw8^6@~%yfVLrWcy&nK@zW{2Z)WGj3hQ53px0#FUq(L@c6sHfr6e=t#0`)N
z;L|J=Dq)A;)xvYZvb0hLEaJ)|9@bPKmcwxOSXc=mgY5Ck*O^T&nQLW!L)Rnnb{g3y
zc2hVFl?BPk+`Br;6~~{_>NkHc8R{$-M{I=wbispi?34&Nt)e;*Iv!-*n{`i-yt4y>
ze-KAEHwRcY2%OYLVL>@}+9?TrC9W38(fxvdHZ(5r0`@Gh?(45x8JGZQQRLsl?Gq-p
zy3G-uRFhZOXWBBJIZ#z}R1!7R;6rhUbCJkYlU%8SZqy2xHVfE@iZPRoGOH>qYA>5_
zg^pV-LhKw@z~%^0a@e?QIK$+%OQ1%PW{b?l`>7z^o>p%z|3stAZr{i`3tf_?)VoJ(
z)widvf{S^u&Vyfgb`bq*Qs=WfC~@+2|BEOXwvN0pBcooD>`V!BFvrEF#F(EBD5EVb
zsNYcs3EFc)v(P(-NQbKyGi;Y*$9o@q+f~+@qq0~c2(B&2>dOw!+NoWSE7iFDtC4j$
zJxFw7Lc`r&J3k0in5VdDawi6BKWlzk?B>)aki*2?Dp0{V4N?oViF=-lG0ue<`#0`1
zeoc5WG!wVJ@s*m?RjxsMHh_;$YAD~>C4NnetwA4|KT!>zh`0NS{%?iWw(j+4_%XHP
zV3Rk2V9&1pvLAUZv+J{G1b5Muq#9-72alLVfki@XqfC1mzRrvEI=<5!jII392@raf
zvPiq$v#Bk%%LA?TPMC9;62bw#%eSUAjvkLv4b0{;l+N9tb&POl&0-t{iS-W2x4MP+
z5YNi%(O|9GQ1e0k+h+Q>?rG+?HbMp!UL2{~>uF_N7ZJ<uOXELzrd%p=QA_n=JyUIo
z43{VmH?3D8Jp$k>y8Z82YQATjFyp?(w~-So3L_$G62^AqbUA9aUC0%ltIV<bM4Xs!
zI%xjlW#vK97~7aAgorm7Y*x2$GR&(hN}gOFkCAZ=x)0&hykkVUD{~=B4yuCTHq7cZ
ztT4uTC&p|6GZAbECiWD2%yVa2ms@3U(^tE9w(vz^I%=oFk^92P$c*PP^>!DAT|`93
z`52XaQ~$?sSS*MsWOU8hD*LGU3s%=4!jB*?U3R{^SRGrXjmFC_YdD#KHPgnM64GWa
zC_u|ZgyvZS<E05JA+612yoLRp`??ZaCkJ7W9j4OSS$Y*#PSCdmUrfZ+uSahcRddK)
z#X>wm=<`?($~C(2>#7N^ymQ0DeE6y?E6I?!OT`0g0@IM<`n@rKrC)-Xa*(q!FZ6BU
z(@egP>Uq(gUnl<2_j_uImU}+h1A*4`;a7e+W&BYDenxz2re}@BaDFEV+omlebsZI}
z)?aH8u#}m2(VlS6S<*Z;{IUJ=c<Fbd3KOb{UGk;0*2;rTC_n2WA&IW^?#^KgQz1N4
z&iBUZ_n$vgT0`UL;Y~Tr7Y_$!ed`gLoa4_;Z#-xay7OLRrH^J*a0oJN<&2A0UfZJ{
z!;N2f5XMUv0AfxENQohqZv#rp^5}sL1d*V7=0NX7|4!Kj_-$P`Xmk?RThN;Q1+#1+
zwj4W`?@_jvsD(FR+OenG0OT*<U^Hh*0>TtbO9X`c@;F<4zTLTlPg`6#j1EBh<ZnE<
z<~LoUgh_a@kYnG#)nlQ$Rg2ry9!LsJD1&mP4T$X1TKUb<!nlAFW}9#~)S}};&O`T{
z5YvQSBbUi}g6g_>TLOzmfVk|j2^A{IMe6`KX9iX8%67+1ZENhOU+!EZmz{YB<uS_M
zIeX0z)1R)b8ZLIVDc$7;Y`w>>A3-JlEVN*!>lGjmpZXG*v@T=K;==6%&cniv^Q+m>
z2D^ImukDM|t~;m+yY!wyHsmjV8t-kwGZ*K22X|_uj&|=EWmx#$bT$3arYX5?%QF#s
zFXZvsUotUM;Kdm`on&HT_1c;-F}vX4+$6DSdtFtkf<J~XTfA>}WTpL$lmnCyKlpYR
z&qj;&^Z9GR#T4AqH8qFUb%2)I=&F&1@gg6NWsvw~G_C<Y;xhProI|JS;*44<$3oQ8
zk%5;|9F2<g-CR@j9Y&a#my!Yit$IEJg;ejC?qC)PdHa^5dpxeJdYrx5xX@Ykt`6e<
zV?aJj`0bKnPCR&yC})a!zm!d!OjQh}x@3215i^;Qb}Jz}wuD4PaoDn@4K)ObgyQ(M
z_$5=@>p)e%dsW*m-azT_&-MVMZ2VtmFV&H_)K|o_g`V19-Jd{>9tHo}w1OcF)qTx!
zc0wCFhw4Uzd1V>u`XL(OsHlUN5=@27ie~Lh`8TciU3v0{()xRX4W_hWu#0`8U@GD?
zgC}(29S1=iRYhI~XhSu!z6OcyQU&LQZ{MrZrJA$35;%>Cs*Dzv`Qzf+?1#qYop@;t
z9^6QYPv#x0Y%Z0J(>%H*9z>YE++STsF8Af#bc(5Any@8b7c4jIb(|EujpjPy#|O|w
zCY>V7QavkijIHcv34c0sdOA%MG9$9K!z_KgNxtC{-n&%F*ONx_6RSPnaCs5i`0D!o
z>g42=ZO9Fpuw~F_+a(&_gq$!%)LF4#e6gIe=GL@#;m%Iy+4|8nLC22Q(9JFt89`Ia
zDx2P}`C?sYG{TEe6=RcObWE~9T#J8(qq)5o%>Z_Fz&TZP9O*;jruT?;R69nY>^d;!
zwjQZxZG;`T#Ez1oWO8{?Na#BV?J(P;t1Rx~x)ZBx4*bJfDC(txfq}})_C&6xYVP-e
zdR$d?twyt5DMQH1fhoy+T=p}^;0?7xlu6zp^7C2;bIV;u<`04~n;RGWx$W<7h-D8d
z^I)5W6-FcxEX`O%Ut+x1A6no{@YlO3d7$YXv1Cg+%k^u(%9qXJ|0usPb2&QpE9F;v
znp(u;d-XVfRdx-40cDT60hC=GoLcr&8JpFcmcR~Ji$I&e!HD;VQRWs!JU5#ACY|{+
z_SvdwEr|A?AR&+Y0Pw2IPs7sc>CSMorBaa7@fWb-*45-5;0#C^%H3|GF0bEG{2$NJ
z<!Sd=z<TcN?l9J!vVXrHxAKJLq$e5)AQ^T!<&lccAtA=Ve+znyL6ILxe|hkGTuXJ0
z2l<t_tT==*hc#0}h<S_&d1s@hePP6zrEO<wSW3K5))tA^QeoFPJkD2FrN=mHw}Ne)
zIP0?umN$Hi8wfv}W<sv^8}9CY8dvxEDfkF1=nQ}`S%EoWGDM=ZVP$K<-Q9^O6k%eo
zcBcL!pC~t*Rd!M0wzw%3bR{hryuqiU4;P}t#^nh?DCJYegtRTmMX0^c%ER`0DIdUy
zxHGD^FRGak8?iA!Wj^XHglg<E`beKvLtocsqc;`?TMz)NS`~R)s;4Q;sxk93@V;I@
zt$tF_L<1Mxf!_3zO+G5~=g38snE>lf*Pu~%nbCcEh?-w!?A6xIhITkds!)*)B?<bi
z+vu$Zdjgq;vr+y8TwT}9%XT*@I8}L%G_4+WY^hWrT*kLR_-X-ZJ)*7{)M(*uWHuf%
zyx_7t0~8kGhiRJaFvFUX<=?*rrVLOCGa2|c6SKFlwxiVts(`KH!+w&YNJTTu=$=hq
z0Rjw25jaQhGDl_a-)N@Os*Ev6`|YYDaG8ywl$j;BEW!yJ@=rp!b6#5hraCf94A{H|
zN7Wf{G%n`scv$>Rh&=M%QDqrh$1jam%0aEmQ)4Ex;&^XWwV)#k^NI{A2=rCgkrZCl
zG*}VuPudy?IeBi-eT$YGfWFhhdi4`PY3Hxwq$Rc>jz~dn6pR^#Svg?Xg*Yq3xDIGZ
z(A&kt2U0nnGEWaQnEN_6Q_8l~XOupDhw0K|P9b_6%qH*6M(sVjx#w}%|1hbM8L89w
zD7)+uDMzMO<b6>X<7)fu&RuDm2b~(9efX4|c7ZMbPW-6o1`)3?`C~$lgQ-Qo&j$NI
zVEP^EMwq4BM+&2;9d(4-md;eMTwwmde>ELZtbiewaEsS4lKg|>8NZK0jBQ}+_HuUw
zzP?FnsCZeqwEXp1YKW9Cp^XxKV^l@mrE9c}8mQ&<)n2j*hV+AG$0GFVdL|_xOXg99
zR~cNaixhpOI=muvu@PZc^*8331e{XPo`yD_w_W|+R!p)HS%^TcwT@>TrVG-eO^I`q
z@gNaXr8e|Po0oL)tqMW+h2^V&?bS<E@IJ)#1Hn$(W_})NdNt_5?!m8_v2cV$j-bP{
zWg=F5rRxW$bY^|Kc@{;~=v(XD0pzE<Y4SS((D&;V{AO6jxVzgHW+p~C7YDrX4&}f1
zO{qzJxwyUFUw|(3stM%D<Q|-cnQOV1u<56xBS}NYo~$Wf<fnH<T3jx~jHt?haAB__
zT#kFgb7Uf`o!290VM+};hp{CF$t(tOGifS7nq=~)`ijuV3x`@zHe%SdLvZc{Yl8ts
z|7MC*qLG~mV`*;1OdWHV)TV8R=z#mv4G1Kkwsk&1%DcC<gg1+XH(-1-H;TvRmH6PG
z2mxq?dUGIm?+L+4p5#s9D01vIJ~J_DO+hH1n(Br+ZGkd>kpg)WCQ4X8x4yZ-Gok2k
zdrl<9$LJl*NGkd?MyOXTEsK#vGvk7TWwSDH0V<Jz%#7Tn-+d?yx0z$a)Cps^O68@w
zkOwLrneYM!VaK$>6i|wWWcxP|6B_M?5Q0p$zYXO`yY<tx@CTX_ciknrcL|J`uy?y;
zVuX_(P^K0l&Ek4UI~0qV-}XOFZ=w?yz^9!znZB4#X1_#EOMUrn{dYt$LSSqgfEvs(
zu_ge+_aBF8UmM6hLe-uw#P=o%A?&&~2f2OpMg$LgJxT;}r^M&L!`53XfSfk#94bO_
z8n$NOSGP&ff!@_1uZvwLCdw|8S0>1{GAk4pi}C4-tw;eypm#^bxd~vv+^D_!qx6CU
z<X0kWC!>aQY#}n!<vS~tDZ(mZEFuR!Z<wul7WnV-(N(@CZ~L}ZZ#nAp?KVT3Xe6(y
zYEZVY%h_2A5!D7N53#mZ8#-ogJL-sbcf<e8H;qXi%G&(&mj8;6dGKa@Pp2MoeL$u?
zknp*|6#nRIN)j-LnxyBM5ieHTH#Yv9AFCEk2^TTrl5O=5$7(_zt|eW_CQp{&Hcf5T
z!iXu6<R7x^@Q3(1NPP}0>)<40%d@l1d^iRBqm2FXsdz#@%;&JZ?DQ@SU;Lur<Vsrf
z+QgZnWdAF+asu46HHQkkIQ42>*t(^PVpQg)2E7+Y!+z~iRHwRoGr795&221hLDjN?
z355f$;a}V{7uWG^RqN8(pJSAhGZ-s+7|v#je}Y4jdStUTNhS?bU`sp7Cb#Tvl0PXB
zHmb#nzz~L+G}(;0sYUw|>~hmmLtHE1L0ua~A6vSBgU2^!z6g<@g{)ij5;+`JFH>Q3
z#`R232SP`>HWDrWidmqO*@9~qe-)g5sIU*}($K2GjR<ioSBeVavEKZwz4!wIUJ3Ls
zLN+z<I8_y&f%g#K`2lLTdWAnoY#==1=G~2>TAT)>q6UE`PT_&AU|V=G4g=U-p2r1j
z=U^?^&KKyQ>p!caXBfYj5+!^DT1W_z=1?F`I@-4gT^!U`uTTHp^UWPCSXIZ;NKT^%
zrS}r#2reJv<7$?;4=RNOwOJvPbH7VqT6?#d_*S5i#u%-4@b*#5wQ0i%2xDK@da@^?
zdzJ$<FGbe>)QJ1#D_G!HJ!iH0=JNb(_~D{`d8L309dl}xniRs`*M0Eq@(RYTqAxG9
zD<u4(X{<|3H3fR)@_{q%MaN8^l$I{2gwShg{b{5cd{Cv>R>eN%J;wXEyhGkJHSfrK
zyNdP&YD8<jDLwtSUdm_duf6vg<N2=P?4|ytrWFLUfJLlNXEU~6F%*1M(@TYsXg(zn
zseMcP!K2Df3Vu<~={0U^32D|QQ1WftHt5UdvYBC5!&#rVxlZ`gxp(F3xLY%3+QsSp
zkhdhyC3X3lg($mt@#%b~uM5ZQpv(Oaq%N2HeI(s%{$J=S=B#qrovjcW=AkaT$2Q_r
zH4__a0hJAXJdQ4|nv(w<l{es){P!%23rFAFvLRtQnNFK4<EitHs(@2U1LCT0P1Je(
z?bx`2B<Hm}C;LM(jHD&Wt49u!^m`pL>Vw?M6dEumURt>1UgtAcEQ3cp`-+yCymoka
ztPe&Kl}7s-_9ju4&SUGQQ9f&YA8Qq9t(&$igQ7f?$J;`jlie*m`=q!#__mTdqcclQ
znX`=>^+qZCZEX0SoFvbT>+pS+@IEF(R&mGQ=D(+eE%sqnA?@@__OW8q3|Kg)GUk&t
zp%E(r?&FzuVv?d35w#T&Y%ZLWM3!;Fhc?U7uD`;yv?27EpofK`6a0Rvqh5!_GELT}
zcLZ~y_+wLD5?fqdh2#cl+KQz#_*fYe9&!TF^4UXs&|Pb&AH{I?vcU2j$@uiDm}u1S
z)S<G5)OokJhLknjqdzJvEW%K(W=)1l<B;HMRWh@acoR47#oTl+V&&zVNt6U;1J?M%
zD1RgyUzkpzq!zonW2?mA*H~+J$8KZOtVCx@#+2U%XRa|frcsoHP6<)W^Mp6Q)d$Aj
z>{6J|XPNO$q8#jUT0j$)E>|Fq{bAbS>wKFBqm9~_E^}=PbJr~MWD+yucj?R%nYp+a
zo9y-Uu}%4)uH6>?taPcFT|T4z)D_dHavsX(YC=yQkFQp0V`~>;xI2C>a&jP+P8?LJ
z4`9UO17B6LHZ?y9bra>Q$PUua=w)*AQ)F*nho}2781t>@x#5t%NUj%OPyUrmKZ$u`
zp4mQ*`P})&yIPI;ra^;c(2a+3&ZjB!;8=Z-PpnJs*7<(vvQ59#C5v3a#r#P0$+IcM
zkgwUD)jUPOPHn8iXSB7E(dujUxgPG0DCcB7sNGs0AkOMh8l6eh<T@WrGi?cqx%8`e
zXO?*AqQ>E_((1X>XV=6ihuRnrfR8JLH_f0rv1_JLi!Nh`X<_GQyHC0xn)%9_MzQml
z1xHO!k2{H18pGFRW1KII-!{UVQA6X8_NAGBR2mN${G@><HKxJ|i^?WyxS{U`xtmzj
zDN;(pgXIRuCLlX2z61bMN&<h7x8R3o<`s}zIF9vVC{DX(a(hf9*B)3J4<yZuZr$To
zbLG^G%(&jUTQ_`ypuLkWU!y99hiVh6?j>I2CMb4epX!^Wu22>W?Z9MdSstbvpU};a
z-9V658OR{(MolY368z**|GL_N6IS{+ZgK`C<oC6Spj3O{$Oy3`ZA*3Zj4K>-i|yuR
zUv<b~1@<gi!YQlAe3zip($OGNiSg8gPJW^<85e&h{u~L~7ba2zunl-HU0SqS%1_`E
zfq8;e%`vbzu@UEJa4JM~C6jirFYycqShz$alkzw_NHvv@F@0&|*h5ol&5tNr7A|gS
zZ5BO-;1g=aZlBsVj;LtTF>>loe#=~!wei2+1Q_6zX(Nc+ncC6xs5r-g2cGf)A-64c
z5FxqiLDsvH4aH<{0c7L#S{7D$$p1O_1PbERgW@vpT$-S;4#%%g)VU*}pa5!(D7<Sh
zuoN8>m7xJeQr?t6AtH59(5F%~>&0BD1hYcUTDXg+zll)oJWdtPTR`!lT5+izX~wW!
zI~XSn1C*j^M~N}O^lF#xBl4%YVN%bpev+eUaz>LLi;k<53MJt99p)JBg%#Ws%#SFK
z0sa<X3N9VTTaia!wM`fuDDA8cl?J&C${~9}@scXo-2pkl7Rpc?D153>o26!CT^PVx
z7rp^TA9|`?#tJEXQc$6Je+lEtUHeK4R0XL^J7y!TXsiqfkN7JCu*>px!ADEL<H4WO
zC3;D*5T;QXB4Ndjd89YWm6%XI=YOWBpx}O?o^Q@)5Y_1u>BAE`DVUrpn9Ms2wJ$cF
ziO9uW{;jNMEoSS2YG(1@mrd|>-!~lRZs8b1xrw_<MCGX)SqXHZ<cvV&MO+y@$u+w*
z*Y*IZ<%&tah4X3m-PrhOvB!7$#${Wf$C!|K{|ym#a)&rSb>VVB<h<qPOw@_*az{H7
zX=h~M@t{S3srb<)rd$D1Z~6(PCxAHfiaegxgzMwf+q_<$Q$QvB!S4mx=kKD+=;Zvf
zu)G5m1G@RDhCzBYlIyx`H9D1rm*>=F4AFt$or#QP*;Rof7rldhE)q%szPef#1V!fz
zMf!L+`apA>5bvBKrZspaNdt>zFZ~1;1~!!0rXIWrA`^1=<~@6G<`s^3zVnBEQi)v4
zr%b+@Vl&4MROn~6J*VwbEn6|xSoI7|z;>yoyrh#Sk=dd!PU=t2mmiw+W4k|WoxSiS
zV0dbx8NYUjVwofxa^-POQ?|gJMG#0-eL1QB?S??-J;c%~)UO9U<ZS$m`_s2*VDvf7
z6tF!<-7sfw>Sw=f0I1KpyCc-K@CgWO_g2*~rPo?YSS_h9jXRfm<w1@-4(oMlAY|vQ
zvuIQm8)=N(v8n8-R}L`^AgX1s=BukBm#WceQ0!#^2r_@m8*Ky&oLk>%T<4#7kSFKY
z8_N26%63+-(!d1uEJKEH8@=LcPrje!n%=PLI?K4q?qxlvywm+~oKDlgH~wXGR*H(-
zH$C-ku)Meg^zxx^(xvems{XBnDI!(?-<lb)rZXc=HddOsG*EeP=W~}!YDBf2dCj?y
z$g)`;eiAb)vRPi<>0HqEo|nN+CF8?pv+cuXyS*AY*#4G>$Ap@ELfh#~$igqQx?<ur
zZR1wl$@EewZyj{xZH#QKiiN7;sWjKT5C<SFxh)(BF}qs=%WropINoan`95N!ES05w
zTTniDQ^vH(kA4(qWFO}T3Eis;yS#N!R(+vaPF#s(R+y`o&cCb9#&8__B%Ul|js&~@
zAtwAfpvqQ`l|0j!D?`(mlsA)@Y$b^ebH%woRiv#d!|F#{Jf$2cqcFR(v<-Mq5zSDI
zlsVc3l@+r_EuQhHafM@=w1W$4e~Xr_5EtjZC@sJ+42{g8a&gM9OkyN=`b3nsW-&lj
zj)l1wEQo2kB$Jds7ka17<Jh<fScIcOCDc&(Lw*{bC`4Ws_)Gi^xZ}(bMwwzb_)$F;
zh<kGd#t`3Jv6CAvp0La7+9XV2RQm?QfjK1JuX=qaiycUdsWK`Hqf0y`U&5*A@*^lJ
zYnI2f6a!Ud<Y+@C&kk0BmUID_YJd#OFjD4;OSlA%BIuegJ<#VfxVXg{wPIOxq-~X<
zetX+jRFIfml1xbYR45u$h9cb9$TvE6wa#!PN!^govj>qbe1kX!i!0JuQHX>m2Q%*G
ziQpaN{ph2=&1};u|E=@ThLIJ0<ji5w0pZ~MV0gGIx>^2fSd!fK&w%{(nf*<G^>5I^
zuU}VmYKjcNlMpV~FCSUt$$J<z9`D}99uiUguEYh4w$esbzt7T8nXA`gMtl%7l_S!E
zLbxKn307#)emI!K`&;H*I@XM4|JlO@c>$>wW{bjhLCcj0jM<F?oBG0=5}nB3Ujt$$
zaP>jkV4(;~3MZ0^49GNbF^qm~Y?R*4gysqP1Bpp0ra~9|OKsa8vGxL^pF>|xS$C)S
z+xhsXxozSUrd<3(95q2n<?ByZPQ;U#*tF`$V6>RUj>kNBkrDeJX$;>_4zajS?RlC8
z+82Iy9$6H!+upgd<&GN`jIk<YQ8B7G2rTMRdzG34Sb*afEv}rm#Gb_xZ=<@_4REXu
z3$N|LHk~RvDflkD&ScBxL*5L}jdI(wz4?4(P<*)?nmMRsbwg@KE^N%rXAQ>tE8M)a
zoA)I93_*mpo3g46s_!SjYxddut-Wj=?haJ__d*Il*IA)-acjUywh6*yHQVedAN3A@
zeR82z-zb$f`1YzmhH3_WINwagshDd0q}|@-toxI<tWXDQsdU}4N3+^;cnV|kRZ55#
z68yG~QU-=`g6xt0*Ng+H-YEaN`74{Y`DuFtG8fpoi)_iFA}x)z@93ZFIFArLEFed3
zH`*JjqF<hTY_c?NWn-xG`4R+6o5=;6Ba^-dk`A=rQC8<KxWNPf9e1`TtHK*~aiF2m
zqrfiYW|l{vV<PQu(7s|k-6bA8o?$47!(IDgCVhI6D*A(>`gGd{9jL1evbe5FP>`*l
z6xHpc6^qByn6-S^-rQIV_5l4VNEwD^NO&;<^0Xh`s>ZLDpDFlj18hM7i_UOH1>rdz
zgeHGqsmeVP*#)6~V$1mJ6x^ercafpj-=agNgc)vG5wDxk*t*tS^C8M9oEN(ETb1MI
z&=6BFR?|Z7N;j`$#x1h+(~gGSNh||}p2*eY$ST4#aXYGt>yXk!wMqxl*PvDC%F_CT
zh-Y<bhx{276co?K(Ah6VBut0lJP+v7=d%DNW}`s68RkrSW01kc3f)MtTw)2Ojr|gl
zZbgI0pl8)nmT?G4hah$~9qQ?84gB;hmOYFvO_}JMF4xSF_+<O29wQ<sL=B7>Ww~ju
zqd!+t$^o3-1aN$K1C}H7MJlyr=@6(=Jme}EvY#ffW?VX~hR`OM8-p7u3a%$H#U{{{
zJfy`FZL7vLS9LS%n)@@UX<j6McCl6)9Qpfqvf3GhKM@CKvv7qD+?0hGe}lyrB-=i`
z+TLpgjW0T8w(_ZY9U<Z=#YS@bLqL*VtK%o>#*yx*kXU<}Ns7Rth@d5A!bDYzoQXH0
z8`XSe&Q}iy6waSJ2{Iwv`4_AT@vk2S?gMW@<e-fIee@sZR$1g4v(Nz!??pk%TKXQJ
zZJAQ1o8zAY_WcSA<_Q@}RM>&XBlVdLd)>CfsZ2VvL+`22^2}-^AEQy3PEiZSf%$&q
zZ!qi8tr<}aX-`CyL}1A^-c{+(`^=~UIi%Ef`UUWL$uUKzn^^(Z@P7i1Uvc875S15A
z0{NWcJc<x<D3O(f;tr5Oc|o3jIv`fr=z!cj24{!ATsEnAiOWvs0$+8ZD1?z#SNI}f
z6wK{Gdo^?@flde%DFK)WsuTelh#cI1EQ7!o0_S+-9C@nLc)Z0ysXpt2klW=SuJEvE
zR(IW>VrDJIVWOU`lAiCCBFdLTsVT>4N+f8^@RM6_Iij$va2SfX8Rn=NY)TvBHe#j&
zPmH+U+Iwb%Ym5TUyOY~YoZe3jhC?C7dtgl2J<Q`!xyF>`8KtK<kvaS;=^=)}Y#BhA
zHnn(0V$DrG2I5qy2gPHnHpQp=Si>(!6p8~OC6yr@g1UmLrB69>ABATK-*5_VD1x9O
zl#aQF{}h8u^pO`DW+)w;WgeZcdVP6@Mo1!)^)pL15O_aRmUXi?UbAAteVrMgmY_Gu
z6y|}O@}j<HzfAk=i~^*zC3H#}?on-Zq-)aDz^@Xv#?FB{fpLjLPOaaM&0zKc(+<}A
z#*Wp>)^jY?#~0gJ;iQ`Mp}l;?3Vn$?+I%C#=WUS&ei$2yE5t`oUkx2-x3=(UdkY)_
z_L+$i1vwJ&k5T2-2*lMTYhg{mh8-`2#Y=viM}w3YvF<1B;3oAmsFqT9i_QKQjKJ^*
zn$PGLD&&+Kr6zJ63SjB(xsDY*S4v!Bv=57~-2)WtT1{@r_DP&uM+oy9^UoMM;bpJp
ztr`KzVI!#{oe>pcssgI#YEqzaGT~UeO@o@;lH`Rc7hcxUwN@!ru-z}Lx@WUVxj0w3
z|IW8eYEb#ibY(65z;stePCQ>GDa}NM8GNHWfCaNG4pl5<SE#!l<$ttQG!=oo%($Ip
zi{*;UL0aP4{8HKarJZ<W{Ry{P$f~ayi61-ee9s<ajtbkWcq61sj86~2t-ZF}dWr?o
z89xM5j)W9b>kF~1%$Zc1U`AYIY{w#<s;cC+q882*T12#Y7jc^d4(qDVP~5IX&Q60X
z?uA;}xBIwDQU7?_$g=<b?riac=N(nQEW1;2o`||d!kg=WZAQuq0Gi%OhDumKv;_UP
z?P^rw3GV3E;QP8H37i<D=&6v7mCsELFeBL-xol1zdJ-?8w6zFBQys?;18E-qP-}cW
z;C4jcdTq?cy1#L-rWkzTHAxI6`7Iq3RY&`rW|4UvfbH04-~~=WZ1K>zbY=ew){Mz*
zX~8+dc>WuYQ{5bn?~C)T5z_fQ!h=<a7kgi4#+Lp#LU*srvXCTA_!7%!b<+ElP+uJh
zhcO;~I56=6lV?5Ls2luIwoym$6r{s>lgv_2!^|?!U%98S*XEzL-r^L^urOOCuP`gJ
zv=zL@<ejWzztJBCs_5inEVGd*7@&y+_MM)-k@&8hn(joQJVC`HXc>XpAjWDp`CC>9
zLz3BZj`hO$yRFPpaf$3T0w#uFUjhJyW(@Rzz@YOwNLVrW8`DkO+Q7E+DLIbQyufoD
z!^s;~b1Qd`-dB+lNczRX>OJ+fv@~^no<Cod!*2=&zdX<2C<TSIIgTS!Lg%#|jq%#O
zG%PE9jQjy>lQ|*WEzut4;5<jOCkaU?Dih%sikI483=+`^SD|}MMe<}^`-0_*9HO-S
zW#1by&3rf!xg#_)zu9yIW<_}q!nQSnEmXDsm7O`|Tk98{n%8qI*{WB)o)lHk5w#oH
z@UZGQ@c+L0*|PUCm076@Ph&X3?73(dNzLL&JYfR2btXEl>`l{sRL2enH0PuA<(sn)
zAS?$&14a89@Qt})NZBVVU8gyiz9tmd>hBs9aj@EMIQ5H}O*z$pBj=NDBU$oK+7OQ@
ze3YPne`b*OEehNwM(s}62zpFryQ8!0T7=}yty#x->=x%=B;x&%>c6D1owypBB1FIW
z?r*+OcA+JU)DT?<<=7;sNdX=U2aP<X(&VoqeLu_gBIY7&Q}4~q%~z{LjDp42^MN$p
zI1b-N-rsdC@J3c6y<}XN37M(!^^KU>&NnvN`6fw$y{|N5Yv-s9GgND9A7Io#ueg+E
zjwKz1d$W}HeUf3KevFdV?A|EC*^H?~%G@yrA1((!XBB63dG%YlN>>p1K$QBzNa{(m
zoBO#-(XKg54!+1d_YX7?Z_4qVOjH?q@$*CH1ABDM=1g+0v%}-s{UpFn1)CV&u=A|i
zt2r-L_1zPcZ#s~S=QALeFd*Rf*ku6t4-dy5HQ@@{;29H3DRbs|pNJ;$`GmUj_k4p6
zDP->wiesKJ!~INu^eK7ygPS4?bG4(D^qQ|Zkoz5Q62g@3Pb*OqLYHFAD3w`%@(#;_
z<dT$!o_mu|a61IBkLO`oAOHNkPt(Mr0&~6Tnddif>Q-!lpA_b@H5=NjdP=YnWcG)5
zt$%}Xt)B>zCT)pV)#`}I3GgGwx7QBaJ-WuM5@r&L6>-^Lh2Crb^-qw*67N{n7U5V{
zes+^?T6TjszO^Ymw%Gw4wwZaPfhJ>4r4^;dyj)F1x~>{)YlWGk+W2lo#;_WDA}DJ#
zG*Fkk8NNvaRaP_aCl<djnz6Ps{%+O)hEbrJaiNiREoJ+}KE#=JCUWD6t-w@Gt7&V-
zsDee{o6^>Ec<{)|{zmXU_Rrk&*YC-ab3gVRhx&_AHc?xDwNg%NYccP6l&#r0j(r(0
z>msjZxv$`(J~C&w>1=$RSoKoyxF;K%p_08O01e%tZQ?Mtd%~`YAc6WN7}B@POS9`O
zE6g8OE#5Fg-)0MwffwuXwTp*_uXuE3z%{d*B{Z8Z*8MD@2YiWkim935zSp6YKd9^@
zNX`n?MsaVA0=9N*OUll9($g}>U@Qk5Bz^gfzli6ACqs04p3gXDz-2@b+3aU;7#5($
zoqNwUGJS+uJH26QpJa4?=)$d_rHxy<6>>K{WsV<R6MCCb()=IA_x)fW@S@~Y<P^z4
zZG$v3DBdq;hBPC=y$@(<LSPdVD3*xF-_XXwWl0bZobOvB)B4Sga`dEs=ie+BnoyL+
z4TO>IG^Rw#rPvpetQY=6qAG@vno@7jH1vH-u+R2;vwniHnj*ojb97t9iYvU<F-E;N
zHaZ95et=YvU*|pZH&?YL<FS`ta@+G;`4m%pjZl*<p(l7R%@m=_SWDnf2)4aDWI-^8
z^V&W0<S$woK4uo}%Kwk3Zvc+0>!MB4u{kj&b|$uMW5S7TTN6%f+qP}nwr%J2_rI$5
zs_w1sN_XFM@4L_0IBTu5r;g|fZ_O)^5(xgin`WMl;UpRAefZfhS@>!hdKT$?&sLrB
zX06uxD_vO{pX*S0@}|_}#jVX|aJPLo7xqW(HE>*p9&*QFF&oqhMsbdmoe9;4g|Bv|
z5NB@wqncaII2H>?|BLGzad=@}vp|JJA<5_%)1Ayvtj5jrtfF*RpUNo#?c6O)`Ex*Y
zj<!mTl?L%H7(cw_ex7Ux52Av5I6VFP>4@O<rUy~9h+MzC_}n7u@71iJJi04ntDaa_
zRzYh(MjhbowZ6ZY{O1It7zFPS>deDzQvu%>E>9G@n_pJ`VV3ZN5|oYWB{J6vi~;k(
zI5y(oyC2w+!dcZ3Z2Ftj8t+K(q{f`Sl?NZb*qox32QR)@n^?_v4B)-`0bGcIQ-Lst
zjb>4Fbn21IORiZvdS1|{Z1{9}dgz$&aJ}KrkkYuS*VJ4R9pMWqyXouHui=bC9>=M=
z_opb%@sN;ok^&18Vn_FLawhYt{vxJJo?}}&6W}9Wx^n7$M5zpS_mRp`zgYCxlr_DT
zdwCIiYsVd0221s#jBa^qhZ?hcrOBP<<UwQFs3mK>y3HIKXZtkkse3jA?77f}II3YA
zGF!<=!STIX;q<iT+9DsJ1kG}TuB^-AG}KyRH?8{XtE7C5@2ctC{p<C*;4C6+*X8FB
z>nTi>PLqqQ2O_aUVJmrIW1YdAV?e{}@3GOMbW-<r#YapjkJ?~__#}RZ_a7JcctR`2
z$I^F980g&-z<B!G3!+m6%DEXBPnW79f%LgVM&#e^^mQQ{o(+7jkESs1a`NO}rh`sX
ze*<JwbFF3+l2+jY_Ks}#`O#nr@Zkw^-pwnY>sKI&Egkp8TJpGM!<V#?6n5$5B^dqJ
zdW7&BI5ud5y^&0Sar3a_lij-C3H=M#8!XwV^{xrx-L_$qu~=p?LT1|+S4)%cZyIMN
zXQQA#a|IhP9x?+T#u)p#=9u0;PSQ0OFaC>#ArbSjJ6r25!>4~8iRxr^8~?EdqDd%C
zz@G~#rKg(D4gy0V@Ph<Gq608<9#i;NI9nRt=b2<~b>S*VcYk+>LNBFW?eepLNT5u)
zPgwJY!?Dwazzd70?>{4|V`z(kcoi8v?%&+)x_mOsfL8*Rvze(i2q6@8rRtVG)?Jj?
zm#RS%+ur)<U1@>qiHWT>u-AyMUPHfLz=Iv#&dsjN(|PYD6TXP}_xeckdW(rIuK>z;
zo!4bqCzfIu*>kH&xiMTSl6LK^Z0aP9dIMXz_DXo9RTgEoMKCZ{4%d$=;<+HPv!bkT
zf(0R*yHJDy4S<WzRuM1Onr$4VXm3zWzD_jmpq7Z6JbTAis~&Hi^eV9aOBHoNQt)qJ
zpEEjK;<IN7-@;|)ANxP1+22%pTkIRNWt-v^=ORU_S`1{BcHxP*Ad>ssBDN9Wzxne<
zv<b9(?I0=u?laJV*XZNYf2a7lH>N<QE@kXnGe3T*k+<khS5`H<4Ge_sI?h<k4%tDV
zNE6o=)<WEy2leC^_X3>sDr>ubtP3pouMeO^ah^;bj8AH>8}bT(8d5tieD?Jm2dRt7
zu+5(aTA|^0%&!Js{Ni$>;K_S?sX@yW55A?7a6Xskx<@0E6_s>kl+|~-KsV4U4ixwj
zhKT%x+Ks)7r<W|0ejAjTNrADD;ycDZgf*a0f_HAfN=g0ncx9>_50@sW9zJU*`C*=k
zDh^aFYng<uE<SDeL!}-<L0GwB0?mmZ!e+V-|8v+1mGCHDsTD}zg>{N~TYGMq+ASf$
zA6~O7u|P^VZ;6o8&ER%44<-nWwOt)M_<d}A=A;`FKQ@`p`9Zww5No+QWn9jwuA+)P
zYs)Yn@)h7CK!)wxBNbO3^7;-xHV#*(VoM6=5hv#oH^_@DneI+celqMlF-_;+Hw9W<
zQj_q(O`<cy?9|2_DpI;mch#EmN6+{qKfmCeI#vlv%E7?>WOe+tT!xw^jB$do#h*`a
z+?_9$c~gnglQMUYH}u4un#<gUEBpvo0~X>tzxOLzWX#R7F%>RQCcp6@pN^5U|6*W)
zmHnMJEY6{YK%{^-Oo9_H(OmwBIw)z>C~NA3Bprw^m~~bZJ^nGKNlcAI`5ecDj7_+k
zvW_b~@H6h*jBM2XeFoB}<IstCuj8|o+^yr#<t`qwDIO+M5^I{Ha++7$#EN83Yyf@S
zTXev^d$%CH?+{^7nZ;Ha>-Azp-`&!B!|b$>X{gXRs-4Ly##U(p!83V|ExO2w+qrE}
z@PoCRg-Wbs{U6+7M~3loj{vE;s`Q-2pcAH{bt)eHy|7SGptuykdA+5b6lp;aZT!+D
ztFyC*fsxC+Nc7w+G+4z2$@U$Lv4Dee`*%{cyh06E%rnL%_S{ILw$U1M#DD?y-KN;o
zRg=NJE88%h(6)}q3HIG*h8?1@AhIKjtE=0B*EN&CL44#$j_rJ`EeX$5x`apXY>CoB
zqnN|8W_Wn0j#<d^2o&bCO>|S^7$qg<H*k@wsv@jZFM8aG0CN{$6tH(SLkT6p5!Yw?
zg*NG1?IlD8ea9dV-7j$C6c1z#wSt^XmnQA2jN6qRaxB(GW=xX(x8e=su#6`zh3xo+
z*4G%6|LVE|H|ZPgE$A<(TNHpwRPEcVf}CXoM6bAZ?&M1<`=O~4HxgB=2};H+m*%`U
zN60iv6|FmOtYfEIbQ+~qp_YQWSHeo^NE?+M8kH$BZI<qDjgF}Fk2%GOOe}HoYsDR(
z=G=S+^8W$NZbsp9EMCDGw<}avLECM*iy7$5d4#)TXP~AM9MWS^9-OB{0RR1*XA2Pk
zVr!8Yz#~zZ4&ojP8&23aqEc>DHfwK*_1}N>kX9#(`Ocq{{X~i_O^PoS8&xUaUt(ek
z`aOv{`o?QbTu%C$h)A7G<?J?_ulDIzi1@0RFX0+q$%v`$A<Eh-dPRf6KcC?mb1=0_
zX82+Q!}TP3c}@BnmIQS$2IhYAPzY=-?&}c#?19(8B2qVl2>j4KK6Ml;(j=S5<hsHH
z+CZ0SQYCD`??Wbi)>NcOQ?3YyY~BLjm6b#}rE@YaMcHZVn{t%@H0PYmJzn1X162C6
zC{m$-dvGb`A5CXo+79tH1IqVYhF-!!`QZ7!E_2$qiD`)gsQU_hJZshvkj_<a`l7-+
z_Wy3*ttBp7vNlo%`3S8t$(}BAMy5lEo#_On+7u#wmZC~XJn0@s=D+=l5z#3JR0c_;
zuQ&rFha%XqfQ-jDDwM3L1z=z6{6K)MleX{q)SehY#e5-vM+l-YswRcq5=$QQw1vpk
zdllHF(v?gETYac2pCAsx?WXO$%Vv^%GXSpr&`DKsjD*G!&8o%)0(a^(rLQ$-SjUn5
z%e9KyDo9}<mCi&ejj}it>rVy={~(U@gfc1siM_HI^W(t>_6JnzEF-g8OzJeV^8~Zx
z60^S6os}bw)dA##92Yy0Z+XDnLf1TzEjuc}yIKyufPUnmO61OIg`7VTCUwjPl6fYd
zwSKk$JRbR8kc9k16o|A?3Xog}pF~~Aqu9h~$yP_`qVAA0qj6jeYi+xlqSGY<(?OyA
zoz~sfpuwJPWc}NiFNRq)-S-4a3<X8etFe?!-{QMGP=QjXaS4iX@!z;f#Um|87~nQG
zxjId3EQsoFim5@x)m^t1*$E#+6`)nZv|ycP^592xNlqXcrzVs?&l!fgvR2D1!ACc<
z6ljB+s4E3&D{vh6<K+gN`Pjh3NW(weaxumvccQM9tuI#zO{By+RERQN=0Aepu~V1)
zIOv5a>z{WDJb&2hOLi!ff+y-37YE9`F8fb(?eCz#4PP?Q`f7H0ac#UwLzjqLI3piw
z43UbpFOxBhBr~)OQgGNT#`)##akN=;h0@lQ1zU1`0m6RgGlM#Ks=A!wlW{6R;fqS8
ze1aq_p<+0CxJ`sI?T*<2P-~^&(DSqd;07p_K)}&4x=j--TQFTC_ueQg|CxVR#mxAg
zQW7PfoxwS{3+fCiAE<5;OVoX+{zp=T)qtv#2ht5mbRSQs1RjPP<UwE4mS7~5^EAcs
z*0z4wE`!6N>QwO3j<~W~o|taZ5D1sHlb#4e$PxME{FM>7qUS34mzY?R!b6c0UZC@V
zh3*!V-FiVb{}xCu8uL$A`4Hmnb9o|QaK2?3h@+dW2IA;8AKFayV&lty9HdHBEu=<h
zH%e6r)Jpr~J+%RujBY>zq$cPMOPqf~_6#c#3iAUED2{6aK0C#D33>NOKK9TDEC1Oa
z`u(}3jq7SA|B%K;{|^a>LH@*pVwMt>L}f4|TMU(Xy*SUa96jkeF)06!PfKddd(-`0
zx5)Z`9j{DoufNn1H4Q3M_b@mUqp&!HA8c`KQ*Dgz%T)!feU-jm4|MQ_%)SvS1KDY{
zSm(u8hNPv+arQ~_7~5Cw#A)H{sbM^?gesWS%!lbwJTLic%&|%hTNScjfY`W=s7yE#
zTxx0>i47&j#tx^RM}K_6-HgHLxU;FUxv+e2K6ko~@*hFimg7aZ$KzJWzH?&!pbTDg
z3yKiL&JBlgLK*T@6@tBcq3##wQ8K+DS*K$O2(X-S`?hzF0J`9ym!g1e^srX_rZ{w?
zO}s^*oc|SiJxt#`RWT63fanM$lR{1a!H9uCa_ZV|fFOZG*)?iBjbkH`yke?!W}i`&
zn(-A!V(Wsv%#nrakq33EGH>d{V%bFGe<W2PxUr!c@@m{Hx2d$SwHowwb2NB*FfjES
zC-J*pjxooS5vN2E=jBox@TMhZ;3F9_#tBPG><I+%lZyr7m4>r}I_L=_<)_~``2mTk
z>cEwp|L&#=(7(hjcV;7W#c4WSlw4v?1~it;jDHKW+EE(*&QCOs1Wsj8|It}%AOk9B
zfFxK21n^WkkUjGVNFdU{$Z38E-I8}iOI~e$shR0Wr&{V<LKQldBz3M#y^!@cfP%SD
zwOXqD-`JlbIAzVpvWBL`9_#<T*q97?HCR%y#Tf}nw#lU>FYV_eLPd}0utDXqp?^vO
zq@q<@qSx`>EzH<MQ%orbbL4C<?{(OQ#b58O8z*J=#Xn@r679!)xi)!Lp*U1BAAoJD
zHe%dXIfiOGW;kRT|IHLN&g>uMDh{pCT&p}jSrELgEZj_&YPVSulW4b5gBs7fx8z}g
zIyVWj6{DOG%!~!h44>fPF%PqiJ6RqgiL?c(PTno2{GM~%hW<O^6aJI?M7r@J8Ff{;
zGMRU=_imnZMNs4^LE2@+yZtBoiD}~oa90FA7VfCnSuzDLpfsRUf~qkEiT(_4!}h6t
zc;%SYxoT=-xpplHd9j9f5Z=}mEjTe^U9aD33$1c$7jde=Bl{evPUT=3d7KF%(b+_U
zZYDP2s&vbbQ=@#*xCgYcqdlT`<)7Y@H8wUUSaf0o?nB5>4<VX(F`06=WkArhaYEf-
z%fe2znNCEkawtPKfBR!$(#fC4xfil2J>-4!9MN-7Se5VA-o!X4N@NyhC(cnQbVgl0
zLl?q7BgrjoNd7kgq7ehO%<J9*9&4Ldo_$Vx&*_t_2HuwzX(WAUMQFa-&84C9uPVcB
zahMVm?F#Ikp|y{txw6_KZvIYnZO>_<@SC2-h++32i6tWZd}L1jGDKU{h}2K*s#DyR
zs`v8FM7F-dt6U=#stWic#Xw@Gv~7wbjoX{RFhr~7FogRKF_3OvM5_d(g8%1qWnfGG
zJX*sLuf+i^Zf!aMLB5=L!0RRPHAI{p{<0E&aY+;q_fw+Cz{FLh%Jn5O48bWonw~aP
zQkA5rb6F}vLRA*4Sr$8E+@wy6kPvPt`XBGfB?~3$gSNTP`Zo%}(6elxs{{1*D1?`~
z=5E5ZQIahYfm`RV;SCjQ_#CJ{L6pS4^fimnbV~1_nsS7B(b9=|)iE&(0o`ZF6oTbf
zfpG~iMPazMU{m|hM1qCCEYXb%rWANZOGme795jyt3y~y!Oph!^_KzGuda`WQ6Kfov
zGHkZQr7x;(7I9sY8|YDR?+9*C(BLDpK_U2o#`YDxU?2tuU&;?phV}WQJ}Y(H@z!zB
zPAi1toZSykY4UgKuly&n4^zso`5&h>=J4N|QT&~W{GrgX38T^TZQ#lFyK+1@!W~9#
z*x<4KW_t}I!zjpx|M-|*{R|F4@LNV^;}_@fiYK9{z3Da*lauB*6aY~la$OmFHIpOg
zU<MsYAu=e03X-dUf=h$zrv)6&dj#H4!Le(GIsI%2k456;KOxeL$j&YS{w4MEhDd1p
zae@5}^CB&ob}4~$GLKdy?-I9YB<1B25O`Oq21FK@-~h$;vX*FT`cc$4A|{c+3N?eZ
z)Z)GCo>1S;1G{_N+`z97y8OGxC@}+Wt;ZNsqKFlmMjtgz7)atq=F;WduPkznW~Pq%
zPD4Td6_foJD+S^vb+AD}3*HP&V$zi4(-Gr;7d#ZM^jG6)<pXaw2X9T3oXoLZNuxw>
zKBC;z-sWm}B!PntjApgebTP>cY;d6RwiZMq%|Pvfv@es`t!N^uB?qb{CaSnG>{1~M
z1AEH#I3*+nD#@_zW@-D4Q}{%1)wFK%z*T#tIZ@&^v#yIDdbq=n*D#dSMU3qVfpiDw
zKmQ4<;zoith;mShDeX0i*>4~cpuqohVD!v$O<-`P&HIHrYz#~w45+)UU2T;NEu!l!
z;QRglrCK&zl;~e_9BR7aY00-<shx|^uVOX57P_Fe2G>>YifKx|a#@;@Nh=w43CW_)
zP^NvA3<mvq8d+3SapT&*id9OLml9GK{H4pRP^~vJ_!LVj?=?T`ylb#Dn*u*A;jh8v
z@(C+h#Wn`*#GYt?S74$vy$WkQQxnkg3E7>(>J1}bc3Yx0%FA^Wx->X(xEVF(BKf<@
zIf3RLR9e#V(Ae<p7F}jSv74Atd^Tk{-fhDeg_wR`0#`~p{vkCyDs+uQZ2rOb-sES>
zyRNW*QAnTxA64RO0lG>b+k0@b2Fnp>cx-}@rgp%;P{UN-dbTnZJlr{XY-$wYZ7242
zwy1F`;L=iUf~ic8YNf`7or5v`^T`QM(mR<RuoNdLw2ig7)O}ZqRK#0m4@XJ3cT3o?
zjY_x_(pePLEgyt@1?sp$x?iW8C`T8IJ8Q?3I|0va+9lbZYsj#V_Nr&1@7w^T?;0am
zk&n^u;jQ!#NkyH{eO2cE8Tj=PdN5*WKq##caZ8?<%0^q8Wg7MgM4n>a2r(FaPXsPe
z-Y+(4>N!$s#wsk<yfEoJMZ>+gK{{%oy#Q(SyfDuf-c4`*W3^1rvUbQ%@9pPk*DR<v
z$7$Z@tivqNt4giKMc6OZco5gKVD3~QvJJI9?q+j1>6hKpWxzG;*ynP3X4v+}9^L&i
zUPtLiQcL+H(Ju^7HB}pi%I@py$h~1uTZL{v!>t=cUMVPZu^t#cv4pAl2)}W!2ukaP
z2tShMgjF<}E*D#H&wN?#A@m1j*2{>gzu9HGGR8js4RDT@yA&d=hUNc?cY`hACN?4=
zh+RoNenorc3Pk@wYJ^#6ViiR8XqlY(SNisXO9oUg;rv8MBk24a8O6)15lv>BFs?68
z6UE+0?spxpeZQIg+O5aTw=U&{&_Xst&%>o^fcUXi%-Z(7CVtsMHsLk;U8#7<W(LRp
zYZbH`MDxQNhtgvl*Q3}KZhqk%mqmN~SGPO>yV>0c<Xh?dQ<{9K2~|7IX=(Y$M%CTb
zu0=Iizm7_K%Qyc5Ws{PXiCvj?0kE})%aTB_9N|aN`I`$@XlR9wtZr9h2t5H|7$*~E
zHHI0&q+dAoHHdZyA30-i<|CAjtbQd|Khp~F5MGtvQQFR<G;fXUtUj5wdpfNQvEAiz
zZSlRp`}i4bOFYH1Ts1w3j*OvD!JCAWZ2NMHGlAWTs{VSl3X5+kVpDbJ;+;GeB&7Q{
zSLN@eaxveqrZUA4b_A6EEn55QS$=e(zujlJg}&uVT6!D8`*ZcZbytd&gorL0jD>>P
z+cvYON6j)nZP)fJf+WpjZWF{IZ}b`heDw{iX?hF8s4k<!Pov4y(tgP_Vey9{2U;Gq
zR}N0sH_s6Pvf3B9?I=HGn8EmV4Moh8O~COwCdWhP2CN65UoM)MuvMHnd@RG@xw04`
zjAw4eOobp1WsINV(NeYG+!NYs1P<gx91d-0f921ZYNg6(BS4VbAk=1Om_hcsGH!S`
zB~Bg2*sm__Xxsc|$4P@eZmljEyDUuUQc2Xarb|pqoa1duO!3BVdZk16t?CaRLb9c6
zUQf?``<)jAMo)o4$6Qz>IRs=DoMUvjYmH(|aFYaaraVLvv~_QZcXBRx(OvMM4}(|E
zgOj%(FsupB=JOKpr<tG0-u&kRW=PoaJWPIQn%CfHmRd0MvNB&3<zw;9i4tEwQ><W<
z57&i`-N!w4@twu)5fNB-y2B2@5Z#iaNI{^w&hd>BfU3ZL6sV&R8O5z2m=^RsgV#yC
zQ2rQN4P$<vCC+)-Id#(1mW*Kz23r)2h=24f@ULk??ZFvui5T@t_$pl=&1hCKB_y3r
z%uqAjdfWYxLRZu(R}&jz1)d!nwT=>>6E>Lm7&>m-yj!r+-mMKKs+XZYx-lw3Y;0~6
zPP%U^=cZoii<aE-zdh=iZ$lHBD{79!-IQNL(dmY}we~_;^rHk{RWLW@3->=uOa&}k
zqNE|pLp<+sr1Duwc5X$=fJl_JJf~tCxR(UrIlQYMb*4XVZ1fM#?by!NMfj94?tqV6
z!og9$)0I!s30i3zM(ZYv#EpSb(=L&ug&OpQC^iEM0+2BSN&6FE;Fq}ITBr1jh#V^>
z0X`H4k`(lsMCpRB7v$br(Ph_KUMnH$#mbPZPIZ+Uy?YI*JyE2II<;~yEkM`DBLYY5
zBZD=<0QJU&m<;3^=LkVL;j020lz(9p^y;Be)SNU@8tjIHR~b}(jbY-!k8WPFg*!8h
zN{m-Z{LI~{fT;B2!EXRu(h1}mugFmFf8X-ev{yB1r;K!`*F%$l7E8g$!wM&_Dm6G}
z8k9ts${y4O=L{b*A!{kZZ~7HW(Ly|F2o&m!0~C*m_CiOx8nikdlzt~fL`q<>Q(_T3
z!6R0Je&;+5&Td`7Rzu*Ok89=)daeDZF2BLqHHZr-s}g<?sGS)|)?&moEMR8_#EL}B
zG@X&0s^^L;r5#R<bI)~DUtDX^7RpkE9=Dg@EZpa#aZXL>4h53Mm##^9*F_ir#W@Yh
zldzKK*UfIIpI%&enj^w}6q!TVMaw!hvwjV#(2W(K8@DRa^keW-v^c=S@6F0q)R`<4
zN@?DVjj0&e877&v0$+$PVM~pqrCuPfM^Tvehr4T>6~d74MaFgDe|v;@WUgPIPO1Og
zbm&fwA|Mf8#^A?2qg(``r%=MX8RN2j5<E3a%e3#=4{^g*Yy%Gatpa75ol0TN_`N>@
zaShI(rl?e)s<tzvl&aN^B!7S+T0N)29jS0@)$`WNFl!-__C;TaI~XETIzQq4gaN<8
z79?a*A$xK`Q>yMyoD5}vTTxq9l|z&tphIydElTP`%i7}CaZ}l#<IZ?lq?X?p_XcK|
z0=_tFML{VL84dK?C_>T@rL>1SX4BB2aF4>jKp#7}^umR2<!Vt%x=YZM@IsLm+?6*B
z)ffl;-$J--rKtY*!(ErKTcHaKLnIJd2|wQg+U!DSFNKb*e496}E2ZtvIGh!39cPK8
zIQ*WGsUTj)1-J12&TR&Uq1<%!>WU@!$VWW-aXV}EJaHX^Exn=AO7*jl?2NQ6kxEtr
z(nd8g?O0<`e?20lf#(yD!)f<WgeJHJr0P!i{%VvmJ*MteNtVGc!G?k@YHMAJY+_pi
z?MRmxZ4a7tF>AQStEg7|JL>{GCT8WpeDYgCEJs&J{}6V<KcHN=x;T~?`ne)gA#&T2
z4DS8+?W}RInIj_rK2@!JgjP|G5ksvMtJvpME7;?WTSJfnCEDhV9bE$p-Tvo#JHoll
zR7*3dq89#0K`3dq;LJHa6qT_vuTO$X1pRIi73-O-4q)lyuZ^b`A`Ukn^c?|`yUU?;
zux{^vNDz8FgO*`%Vq-w?eq;JX{=HI%YulEWGR|qgoCRs2F-L~zNR~*oYcuUT(S1=4
zk65yV*?ERa93M}AQdKtAvw(k@?9z|p;&MymvIE^-Sx%=`Tr0(Pg^iOsURVSy(#`q5
z!H_}}D|g%Xtn$Grv?&37tE>{Lqdw!Y$=X?oN4Uft?B@O5AdfC3UReLAYxnAXHR;i>
z?o1uP_z4>les60%CRV4YK&YCn!`nD&Wh7T^Mam7D7+pR+<x_M~TjHkV?Ly5o5mw?c
zlbwrrq`?QN(jg~BU*ou1W)&iId0ydyv_KqYL~--;))m>p{#5T{V<lS*+3poYlMRG{
za0g!{!No$XN8USv5?@*|8S*0+QKV-c%40pxDc1yCyR03~_Qcw#1nvbgmdWq>YCltv
z(z^?Z5sZL)1{e@k<|Z<!H4fuck1dDp5z3j=M)+4;II;IYu7s(FK|7l`1FY=@uFbev
z*3{?ChO2*wt>?}*L7r*J0c34C59pGy@YQdUgts)geho}6DhU$+E(FC2JfLgwNi6x7
zA_(D@hW@U|fo91Rtc(WeFxFWnnPeEJq*-K!A^6SY-E;|~%jMhP${A8)yePD&-0O_7
zp!(Y6HONH<$XSAC;y`3BL36Rfa#fngJ(<PnroTyZGbs>WFlhS(zNq+a!x)C_9X>15
znmg5NCb1in(2b{;LH%%p6<ts(@iW&t7+X@S0eLug=KROddT*F2tl7G*0?D(fcb(wZ
zJO|WQVdCaBw}X(4he!VsiRaU27Vp#@&EUee5$}0kux{^jt7n#WL%9Q?47td+#X4Hv
z7RKtd&J8NwBhRN%@DY<$iSe`JRwWI`AmTZ|Aea;*Fc`&>x^=2B4xHoZ*#`Rx9(RH}
z-DPhnZ8fS1g3JHF8<(%!lB!qqfWaR0(lVb+kLNZbB;X(FBQklKl`8M2^s0+hIgQVQ
z@m{R;(OY8$srqkrtLo~~>MUbvA!G!TBU0ksnf)BQcHCCr^^wa%^IQDndDljNI#GAY
zZf}fEGxnAs>EZK!%nb~HvS0@xm}^eh!f5(2n_rC%@2$aK$vNn$&u|#s`5+n}@Hvvj
zu@l3mE33FxfDOw2j-~ik|Af3V?%hY&EVx`Psg79#c+5B<IysB0g0dV6gwWBMdqf&I
z`4XI2v~H|I{6lfZxhgrc_)|xIIieV@jjP}sZQz9G=gC=v<}%hF{Kt$cG^fbeDkQTZ
zsFW&;Fu_~Jy$D`vN?gmvIt0JKlH&y;!Bt45C!a~T?h-3PbUos!;AC)P+<|5>p}{Zj
zf>(~ekIEiRYT-j9LvYn;>TZPit2`@k-6%OX;0FJ|w(_;MNZLs1Qctzt9#3ZOoRHXW
zWatQPbn%a#!}l!vLx;EV$UY1*XF#rJ98qqlCLvyiJI9O-LswdoSpr;Zd^F=DiyzgN
z-#aDgdfG$Lp*A+wlZ{l(!BWwoc$Q32rT7<`09jq?FIMn6>Tw42J6yzMOE7J11?Pk;
zBsuEp$xfMN%3msi>dlL7Tz=<a3EB)NXE9aT=0nrqI{0&oi~2{fZCsU0tdK7PwwXo{
zI)(-3j0Hk(SU&*NxcP2%Q?C?oV?&yiR)C$)PUkp`1ZyJWXmSiC@qc4ag10Q0_wr~7
ziS>*s8w*-#(F%JHotoK^#kF?R#bg6Byj*qeHJDfMlpkQgfD=tbf+ik%6^b`*#gGYn
z&&#AEz_)S`Kp?soFCO-vDcHZ+O0HEqxBk^3{#oXwG6a3voKFu`ILmb;`s1sIC~``a
z$q$P3%$T=Of(<&~spSg53brQe*Y3d=kpl5Ra2&1q909=ee0BW|o5RYq8io#THPVn_
z9s=+0+qz<nbOho5sdR_d%MlX6of;tx#s#dh<Yps^p>^#>;QF0$2<hE=e=^`zV@G3l
z>|89}41svYcb#qtZ48Y7yq&kMXa=k!;LGPZyQ8p8w9I?L(k%1-s9H5wSb$uJsukvZ
z>vAOmu4D@)wk8S;(oUlH^gYZuWUwkAaVio_WME7Z-&J|%3&eUbp9<<n_1HU!{;C;H
zEi}biYMEJ6ua6|s-6YN-<EUuR6^OPq7X?}2qO65O$(pSj%bQ2`6BT<l`#@~;pz8Qg
zy)^f2I?3&u(*yIFa9}>e`?$8M96{H6H^;wR!1~#oV~&*R`c|isU<$~}Wrf&KzJ_^5
zXRSoYH^<EmUiK6L*v{qkJ5g%0KGXVq)l*cu`k|yT*!QIAZjm7u7MOs`0LK`YI>W8s
zKj2)gQ;rR~{AjUx2G{TMw9veVVO6ZY?Gm6*kDW9ZLDl;!89u!{`K5K@*SZu))si+a
z_t3sgLv@k4BAe`EIj6Y56RmEdIMaXBCBV5+P~zoEaPMovs}da@w<CKsz_;^rMH>b6
z5_1IQ+pgCp5*XO`I3dKu8UGU7Z}*TQ=uCgC=bjeTRI_G(ybxorL%b=vYRCiQ6DsiN
zq2~>St1(5Y)>2pldV?*{D_H(|C4%uNy%XGEWnU|%Rbhk5pJSgbm7K=8AE091z!Dc$
z|IwvJ%s-{Xyh$Yh<{`So)dhM6Pvye;s$3f4Gra+D+77+wlN^I~g5^Gt<4%78FBHUs
z-=rLUKgB=N@OD4eZe;OhaG?<)`b_R*@oumQNu;hVhn^uQxDEztJv5^+GEQR9_R|<`
zI2gO$5hEs<$<^l~QnCKfVJB5!kgG?KFS|{0=%#2h>N}8uilb7oDcMOyWH`i`@Qm6?
zIXvUd_24VDu-mp3fZn(>5W?yfv&1O>`Qwif6jos0FJfX1%sU9py9gN#0fdBp?zkQj
zRM^6Hn$w%Dr&rF~eKsEUfUXp690+aMf&mMXi@A;A*QuRWEoZg1%t@YgDL|K4!HK1q
zTVcqr>Y#3RUo2^+w;!yOgf90R3sXiUgiIc{TOGy3TbZs9V+U6kTRhOp?e(7bL>Zf#
zzP1F1>22?cLhcGk^tk8)Fq${eFkS4?o~J>viflHEobELD;=4X?A!6_Yj9Y;L%#|_9
zgYYMmMNUZG%e>efNUIB~))8%U0SGTYWAS>LJY2z6a<y8uh>&mP)XlqcEg#Tq-qBSn
z<z_7aRdW`At)f<t>nly0acC5FMZ;(E+}aLfk$oD`boE-FK3nYd*}s)g6;1uR5T`>`
z3mRO<<py4T{}!yB5fqKfG%R;_DgJ(YafkF}rCmcp*b>hrIM8T7<tLYTq%5TsO8S}3
z!wh@%9h+;;69*-q6(v)-1%@EJZSLptTDnp0K!i8S?890*Ax83(u7S3G*C5hV)Pi<z
zVgO|-KTPwevn4At9N~rWvEC}kOZ8~$_~r_t9}F3(D<^6ZuQP=ewHP`^;NL%$d6JTG
z))&We^p=(Wf^<n0aO`YbblyhK6{n%p%o8l&1E;vL$xQRITc%35ow2o=$n?_Mby}7r
zq?LD?sQ3n>9=G44W?m6VUJ)}INga*#9$AvokQa)$<f}P>(cJM)J>O1GQsSjz<-bWJ
z;ube@aJnUw&OpDHI3v<dc62MrcZB&^6+Psb`6z%dXXJC(%vgZgP?nS9RL{mOLq`VM
z&Mr__ku*B>7<$e9-_ZhhC@aCGQSMPgG)g9^%(9OzsFZ3u;G`rk=S1ub`n@n(PA^4h
zCf0)woH#8S03h71i0uPHmD{l_&#nQQ^reqUCSKAC<7AE0jm^{$jeYLtC~-$T#3hF@
znzm*`?BI=fO6Qi7&?l<p6FSU`dsw_|eiSc5kcIQW>^~KFP5Q+MKN_weK037ww1*WL
z<OK)G$_SGQXp7c@CDh3l5ry&xBDr&oj}K$<I)oc_{LZG_hddK-pdt)Pp**nW#>DUU
zfV0??&1`Xn`|mT3X}6q$bjb^E#U>xcIcglXn^Kt^&9D}n1xw0lw^V|3AqyVj%v~fU
zhkupM$<Ih#;&ap@7TzjNJ}UovvQ~uM3}XSYd0MHe{>e*22?=r@x&Xpal;@?9Gt9TJ
zacTIV!SHyJbgIbi3KD`w#ixD3X!fhk`&bQA&9V_r*W`RMFW|po!!7x`523Ia_$#l4
zb#?_`9vA#QJO8usv-!|FxTFoVFvIM+PY-ukLW?r;b<9gK>;8Oz8^w<J()aME)o;be
zjBoQdO9=2&OLqGno6pY9JQg8edo(+l@43Bt&+^Fatv4eI#V^EpIM%`GOIA{p8gZ!4
zh=c%M?w2d<(z#z_boM=;UU1-2P?lmn9-S>9axjf86N;K!Wf;H$VQ3vxN*>sB<X>tK
zo0BgAJW~XaCX@0OVH2W}ChDfTlmPdn(bVag<#Sf#(q#q{0|tf6Tx?L&<-a<^xl2UW
z>qP&vvA@ZOe@>FLMP?qhJjw#>aiz~f*u1>L_|Hbf#fXsqjIO4{Ob*dFR<SQtncYZ|
z4A`2TI(JCO0`@n3Zy56)noPjGx^+$_Q}#9lGFx!L8?}|r6(?Ux{=2C4Y=jngqZHDf
zA+@ygY!m3y!)oxH*(CIfH*gA8oP^fcu40W25@>WKF(TYKM&WAOkPCWRL%M`O(`M37
zF~K8G*@=T0HXqstN9%KM3g@yf`_CCIb4>6k|MO09iy;z-#(<(>I13bS+3HC@>qlLL
z8lBKg43CYnXBt03i=Td%V^<V<zi_yf_8lN?ijNq3ps`azp&=oyd-YzYbktT@%IV)u
zbU~w+wHSKhy*vpM$brT_&1I8B?usU0?g?z<gM#bRLFLn7PHJ|jAdu;i^az1+BhD;k
zAcnV3d_`e0<~}5~^fZ8CW^792QT)Y7o`MC(W<UKs>fccDbr#{(!N&)6A=W&!=jYt@
zZb6BkYuf`VN9zc<V$fNrxSlK9v{C6?G84m%gVvZ&YJjlXUMdHdqA{lm1?ZyOGUYi1
znt*p?OFa4^iS}`{{odr)QWnJr*-|X5Hb>u3IlM$GBw7FK!2+3AmG7g|!(INcm`*fC
zrsxZ7$r7Gi@%=)VYLNR0bz?(JcKrk00X!(quieSD9X=>-H!)0S*a)4XmWq665SYFo
z1VF2Lnx!)}!^4@2Ij`ysL+pHU(Sr=X?12>$0&P-XE>uMvUR_O~-2-SCMnWEFC-tc^
z$)E{!6%Hk=3UO#58vprQ99Sx@a;ccY?HxLQQ4TVeOKr=TMBc-R?Tjr{WWlz!#swqX
z2osZmx~h4I0}9W|kl~2HD~oh>dZI%U-XxF@;&P-=6Tm7EIR%irGmJR>xI+`ReulbA
zc;TXE+mM7Jbs;ln;sLy(C2pU=cNu#}Yi|s2K(;BA_PhmU0*Q)#R>TaY2NB=`55R+3
z1g{e`*wn%nC{H_+h>!x0=a~i|qukKCY9?Q+XxN|23&ix?oJs3MF)EyEkTC&A9CW&j
zw*H5;D(?C7L+Y=c_by&`sce;m)a+=g;BBA{OucyX9*XC9rxX|evEc3m<yOI}(Nt+U
zLHXf&<L5Y4n}Ba<tDzQD%(H_m!9*6OtYF2-f9@W_yse-5L0!pmLfqtZc82FaRDXum
z4j_s?zM*|CI`mk+6UAsP(F^W|bTtp<I!y^6(ZI$K8ksjm>&XpB8Ii0?@O-GlSy{S%
zRbA{SZx<0YvuWTfG?h<3y{080NW&%)ZI$VA&&zc}P-R8>Jviv);)m*$PDiP59-GtP
zg1QUv>+&+_A>0`}{uW+bg*Ib<+7BjTB7b6cf-qO|-GWXq@@>;DjWi{>SG}b$(IeuW
z(W}870DZR;%*o*IIYB9~goNe|(BPjjQ=is7D+&53F^qV~n!|#`+6Fj%$_>CFTI+X<
z&cWlD0KPX^UnrW0p4|idP_14(=Ev1AuK%2K%Pe#OAQ;ZVFNJO0-zjqeaX@R*g~&Q?
z&A(;U3Tp0Li5nSdYugNJuI#f_SwOJv?(t>w0QX~a<jx|9l^UueXzMF(wGTDidJqJ2
z-ntb%`=BYY_u`9}4!Kqyqhs}+fR_){ng*~UP_SYEu?gBncBAt^+_{nq_;h5L9>NUb
zL2#?`*}MaTV4qE|V)iY)mzP=}yID=ShJR5{i<D<v55HYC)WYVozN<2xA8casLps-^
z^Gue_?D*j|wW4+evj2Q);1vvf#`UAP31k1(TnoGBG0pPx%S(S6d|PrWbA%^V?L*WB
zG067>6YaAfdNKk#WHeA?W>xLTgybmB@86>qHfBAot(Iigx;2gA73Yst&a5eGno*MB
zCZ<VR(RH;s_>2jEu^rOMp3xNl_yd@wCMJ^@Qg^P#$_Q*y$)0uA<x5)gH8s>5^|W(!
zTG2JNJ7<y|CMeuoqc7spNSEzx!t{tSZhoYfQ{DLX`bCHHII99<$FFW#>AzOgFd7)T
zel^vNG=ElLHxHK>0^3+x#?NVCpqEy6=<h#)TdyZSCBM0_@3cKR>BF_uc3$_1B|@Hx
z6M~4p5qJxf8Xnu3mIcev@5oCOFUW&uYR{QtohIOrpB%t)6>1j81Ki+F6Iw-QMt^3C
z#mJ?i1jt3@C>J?%4T3lpC^J!<pp#?<$H<NT43J|KEH;`!?Rgxn{@ueKCj=8pAd`ny
zguE*r!k{AG_R&Z(8MxLHW@6`Bqgi29Ko%F-upsqLoBQ0)kF@C-7CKbFf$;X*tVide
z#0Rxz?U@cXq3D^~bD;`?>~Vh5uhZhx!d(^(Hv7G+BXVwQi{WqHuTJ$55))wvaRvRx
zk^qv@8cmg6^F&z2ssQUkQV4@!u%^Vgfn?v=X?-b!2Ii_i%&%}?l=GE3S$LCTbF0wH
zwd8t<(MwKjLRIU4Wz^TLJJy_r)qV;n{d;$$EkCUjjDFe0O3nRCNd2DWaKIK3!i%PT
z&!H=_ta2RR{I-0+p-pv<duf-6vDTB>AWxu8c9WIaSZ1LVpxv|7JE83T@kVJ{z0jJE
znpR_NUK*iV{Jk%S)|UDut9-xwK=YNl)uBtOD!-bkqb!JOOqCY7)dGT8eU!aF*`wIo
z4a16N6r-k+6cgxJ^czia+6^&!G?UWy(Wv4Vxyf8RESnqhvP$e5dgnp~%PXBPQkJ!u
z!h-7w0kX*!bI*&*yzH~=A<CYV|K3lZ(|YcD-!@5$4ykP1XSj{2|0+XcdE^bd?O+&r
zp%3vdiPrNDRWw&pHuFvoMNZHE`2?H(2j+LZ%mC{r?nEmxsS(;oLc?NiyT6EXlxg&y
zQ{`i9Suw^b=!p#U$Ho&zY1w*F1`Pv)Lb3QZ3wf7AdQFz94i@wJKilI%xkF_ecvc|C
zh{hl|yj9-s9OvR}JGzbmX)*}3cEGDF_CnfSDM04T!sEj*N1PI4&nWO^YCNfz-JR$f
z^=wQ75Oy~3c_Bw=m|0iFyH#LsPIL<wj_af@*osRVIK;P+AY{%d&_R3;JO#iCAy{(<
zHwtazz{nrtp(O<)XhNx8Hzq_cwz}7(a$n-5ri&;uw=w;hD#z+mr7?YyKnn=fZpCsk
zG!NtZoF5++)0A1~br5$(RkP@pMg#is99CF$)zEzwhK9?e{;j)dD8A@xG0;feuX|`H
zmV~<fR`ej=(-+kbiN+`dths9_rkr}-;gP*G^;kgqMlwCLP^TqX2NshZ+vsH^`3s97
zJOuL10yGHk3J&519P4ey9+lS;)VB`kQLGJ?-~V2>U2rFem39sie+rQAl)ky^^!)C6
zKcwU>#Rk;_CS>UI(H0=&H2u8o#$UVU3s{|lKl%GD6=n7~P0CMJt-urJZ*OYLBuz+&
zK3l-#=+zn*Oh|GvfBP#)pF2h{ry70~<JGS)qY;D=eG0}vuhqv5n5Kq&q6$`4vycX`
zw9X|!YZ?|3)y5*Ip2p)5XqcWC7lG<k=E&5v!UQ!x0)F@*YwXZCn<A35FDz*(?+~6I
zulO2?*pD9-StMl5McnL_r-8e98Q=JH_BB09i}F~|-IX+sC^)l}dN7FI3CgNv<Aoz3
zzwYp057twAZT#AI=TA+~8_}PrU1y=G3ZasqVfR8w@PxOKzX&>e+qlt@9)?v5k?NLZ
zRXd#b*TLB+Y)EY5WA|D%j#@u1x!huS(9#Fhn;WKNsC^#6L?f5FK56pHegpO+U9T0m
zMm<{n7|xr!yJ$}iVLe*obgP!6yIHYoG`q*}6)dwUiyM7#D*-Q>4BoIrl>5+fQjJTZ
zwR+HBp)g;eo&B^7OnD1B-RF3A6+Y8X%hE$k(csztnnc<1ULyL+u+_q(tyS{oamw!s
zrvuoGf_@a&*^nf~M-JRcGf>jd$ut?rvf%z69cWNjy)P^mUYASN<bC+P;}Yta?Ddwi
zxsj^;(V>sX3W4Xuwn+fS6AH`%RpEf`lS#1a1d&rjU>;2wdj|U4oz?;p{a^1^`aBHo
z#+!H%(DZ4(^I0hsJ=#1q`>&s?aLD&Z0#|igvOSEyv1e{2v~GbV5A|QiSN>x(%#3z9
zZcM36d-_-tnw4iTpu$-IgZZ2#?9dN1^SXd%%Q<0KHHM!`wh;WSp%QvjFNb7YT=c5V
zm-LIx4;b3cK;>>qjcuU<Dp<s}aEbmZ3)u#3cYOOw)f-xT0n_U5D1)&lc%tC4xwP(n
zvE5%dQq3w_lWItAFRNsP5v$K$h1ah`BbjY2BICm7zWc8;O`BEP?rftj>vcutXGd!0
zxelck^${$o^D$aO6X6=N>ojE~!fyv|-4HH6Rm-Ot65hF{NmxD7W?v4|mcSRMtLXKW
zRNZ^?UDa>Q)sr6%K^Cti7rxOS_|rARuPru|RiC?YXe^r8QoENfrb(C4X^M`LdFs;*
z7qxKIGsUHsYrpAga{_#q+_Mf@(yl#|X5-@{S*)AMTAQ3>sG7fh0qoTo+<*AAmKfn8
zox<6oPnrm6TCQKoAcvc_l&D;Gh%?917I#>Z6%Tk8k8VX*v}H!cHmnMM;tHz0Z#s)D
zW-XVeqb}pB&fx_ch+9HrtJ8h^c!w5?2A8@F)85HU7^WO~5I7DxBP?qz+j)Z>eF-Jv
zsL>*}R@a+QPNn{{M@ZdXSj-DWByq2cj~1lQ%Pb3%;)nJsE0y1gnmYKA=|c;b33Rwx
zTd7Hw!DO2!EBXAO>yx72>X+taWCN{3D~FgWgy?Jybe2_VSV(7=BOHz8C$l02n2YH;
zG)pL@odMp<iHWxfXE&{6Sld*ux86~sw-d<p)5?Q~Nh#_{&UE!vLuJ~!7CCBqJGRT@
z{5Y$cTal(f+&_ci#2vDZ$=fE+)$bA>r}4Nt>_1@!t%hNy4qLrE6~|1jHC4M`i>yj(
zb(N2kLj+DeYs5TCw%=^!8Mj_3+D+MKXD9!D!6LjW3fw0C%lR#=e*j#o{jx_1ZvBaC
zzPgZ5?Ws$3zo@xovEb~(>Ks|IL^n1kJ85^@5sYWmX<HfcLRsG=z{1TV(#UB{Cwd&E
zGz;^!qDca8SW(VoZUk<aY?$CUYDuGGx0|;YRXD)sy4k$($bJ-hzNEbh2Ra_iHe<Y{
z#1+0-OZrSxBo_-CS#_)UJoU;-snm)pYT?Fvx2)UC*D4m@@=}9X@~bMK751`nk6lBv
ziGEZ}SAFcm5Wh%Me?M%`mvZ#Sx=1}r%-ng<mB3$X)}*R^u{RtCNAJX6AL$4}WTBTn
z1|_hlct@5LgpAH=a%--owe=w8@UOKRi*>D3xS%L<S1HxBMma)_RHuo!iza7cTw>@~
zO;qZf2UBCgwgK0Zj8}0-;hEp(^)s3OlJm|NG&<V++j!`2u-13z^Q&jvVZ1q;a~P^H
zVhh+#GACForIfyP^-L5k_2);MiUj($Sh|aEBz{!=us)Y0XZDp$p>Cn0`4an?^hMx7
z(;`>-xdH&c*r+n0gTt+S>kH`fyivK$Dzi5GRa_d8{6-zDjixr)iqMKTFJvp;g4&CV
zG0vs*$W%ym!8(dH=>7){)zHUO;on|tL%zcz3Jd0}+@eU~qiaE_{0&uoFC9_}@3ldr
zd@EMJuN|T%ZpOf&x&GRkS};3CK~t^sxK+94kMAjUYX?kEwn{VJPc9^spvL7yd@D~b
zG(DdhI?uelOsC9iR43GVQN4hGx*IOTT#b<fSKzph9DYP8D)lZXwZ9=N!|&^CvW2<{
zceqCNCjVHP>jCWG+=INZ$-Wf^@J=x6XSl4YL7F-NmXb!g6wdiElR3ayR|gW0yUXgn
z$&9NR)+m!ulHK;;AX+4bF?m?+v8&xZBe$<m)upny5tCT`N2#xV0%0YkSP2a3o~2mH
z|1>*P_*g`#2{VZkkzzWc=_*}Me+3L>{c1b;4*6v<9*xUmj}#=|0UpoQEwhw&q8(6*
zJKW5IXJYW~rMk;Rof&x}aibd0vY@qE=WU;hD$+uwq(G_%u<dk(s0KaUR)@w9fTlP%
z*;sB1Zr5J!xwoy}W#t+0Ccg(NBOZjQo8vc^g%(xb8UIF~)-pa&ifO7qW!pT~)gtBd
zwq7+9_!@WONxH}E!P>4IXF+f~X7bp&tR7!%eK1Z#=zlplOnY(-8m?Mk;VW^+d9HP$
z)4l92W8T717{ja1GNtM8JF)}-r2^(GR=cpCI%=evA-ddH8Lu=V`gqG(Np6yL#Rd*5
zeoS)w8?^9`4Kep0A!!guzza#qaIGwwG}JfHdh`RD`tjBE>h>*W>XWC!kss-NW18&P
zho1BKK5mM4d4IzZ;kZpdqnw@6lm33X&Ei~7Pe<MQcZx}|?osi5DI{06P0l?PRGZUi
zJ%#k%C2gX^q|-$ytZllram(*4474AsYQea`LaxfM1>wyjs4d=`)0&js8{aK*qSaek
zrex~*h1lshuWPt$45MxQu=ma3is=nDGkGT2F`4664`DEdp{9Q1q(1VuPiv7r`gXg}
z{I3XBy0oF@b$6WXTHsmZj-wY*sMlBiu%i=vWeC1G9CIbDZn0)o=y?Gv8^{~2S884)
zXXsGqHRfDbNvb{y%*jdCr5u8QiTY!0WkGAYOd4iG5dU0(2`902Y~xVW#TmZ+`+>kk
zF3qLEA&R#H5#mfD#^9LY+W}Dgh0{gmA2nQ}Ait)@ig&cem8*2)V|CkkxpUXc`=Jll
zGvtZg=n>7QQ`VB;u{+*_+SwYn!15Mo+Y{nUqpM$4C&1})Q&Y$L^e@c?u$cJg=~!}A
ze(?5A-HK9puLUD*MPn$J5y2_Vq^&;9y4>23W7?u?K%Je}rr}Cvysp@5x|q=}LygH*
zjj-KXa?QJ3@}9K(ms9I_!}tN?e}8miz%sw?OI$d-VE~&B<!}wV3}1O9*lnkG|M*K9
zxl&%InZz*q6KwlIF}4gz`>^m%)-HC;wL{dR{K4$U<NrTwA_=-U_Re0YTh)NoPDXXy
zxdweDc!>q@R^|Zjt!7i=?wFgLpGjjvo9BQ>buD!>q%9<;>n=J4#xKI4s_9Q+r{%n+
zYZ_%PZBZS$7wQ}6ZQ?Hm&6A(qd;KnYHBnMJza^BUFU&ccUudbT{#@tLtO`3Gw*IXu
zv;I{{;|%LrTGsIxrxYE#I$dVLGlF-7{*4*_oSghJm8{_Pgz6KHG{#TQC>Qh9d$4~{
zD*3h5qf^vI*2Uh_I^F?I{jFYZV<2DD{{84DKhqDLz4FMJpbPAeUVozZuQDOD+>sjq
zA~p^#kqSY9iwIN0D;{v#qhRVaJs7kppdXDUfCtT;I0(;Jh%4Oyh+YOh4*~D5(YwF2
zu)a;ms`rbx{FH=ltBP1wjxNkmz3s{Pd{27AqNRubJ}YG~@!v&iBUhkc?(Cr~eR}X|
z*T3pZ?Za-4H}t!J0?aRrUf`^t7fh%H9Dk-`v6cq8e;g~EvCiREQ6el%f`+`L<+Cg-
z;}yn|^soLoxdwA7CWzaFkky%UsxiT%{ja)j6+DYjqD?k`1Rahd4gvA8O;~nH_yX?F
z9gY9jyW$b-;pqZczbZ`A@2n|0akb{c1ZBT#=0D`vd=e?EW*xsdJ<A;Zcq}<Ho&e#w
znMsKhIAqO_C}Wj*e0nW&U%wP0Q(u~=m+16_r^A7jHCP?dUX-4v%r6V0TG3UVT-Q&h
zc9~HBp+c*I`|bw|Z_J~;(w+0RDJZOj<TeG0&g%z<coU2*g&Fx%tVenX2+mrwwJLG@
zE4S{H0y0IBiFywKY*m~Z%u(6b=ET#SB>al*`aev41yCHp@^`QhJXnGUcXxLW&f)GJ
zAh=6#4esvl?iPX`?(Xic|IK@^zWS<e*zW1syQyVnwtKpNJ=sI!ie%@$Nsim&8&c-W
ziLZgBmAJCjB=MHle*)4wAH#jO1{L%8XmH?3P`am><txlD&`1w)6rympPt7BIve|gP
zo!>oP5)@Mlc@CK0W#*o6CC(=w?<tPr8q6)#gt@F>t!wf`VHeG7DilUC%`I8T@Xsx|
z`N@YzFtX8K)=P#=((io5MP=3kL-0p6CiqUn!VWqqxY*aVH81M$a&l?SZPM<*qiC>U
zOyQlcD8mp%r>YS0eea}IZIJmZo@sJ9+e6JeQDW&9;l`anw_tIwrf#l~6}gi4^mL4s
zcT^=4dRHnf1J1-$vv4ARY{=Z;Y~A}%j<qjaL@7&9RK<#M;%0qtjA{Ov3`x7Y4kf?m
z<BjD;>_<MSU#{|npcvEwX9;wYjbx+t2ucg62+p#4I$Y_j!qtyDQQy=|dw3KZ9?i=s
z8gg!Rw|V<JlIaTQVeSmK`tpmA!<wAa8Te+IbsXIxO;$Kb_#%z2M)cr8$v8>P7@szE
zTP3p%P$A6+{fM>=yXO7`js+knTf!d3`5A}QR76mb9CXh#mc#Urdt=P?i=k^-<(^_z
z?AD*C3;%R1a-%+H-FRfG(Th%+u;65Xd0)Nk*xD~Vujym^EXO(F(A?N+*UYYbc(LW0
zcXS@+c+(?3dm3E2=$)*1+tD}Mmx~@z+J<?^QfGOFdc^tqDX;WC<_J5EB(fA!q6FDT
zAJh|*gl`100p&}KmfDQIW|k@;{5<UHDvJ@gcz%-lywTSwKmF+<^n99Z%`4nu2)k+-
z5(PWD5qab0GP9AA_rxNc>9tn`iop4I5fi)-@>GP~J-UP&R#S0rn}l0ttKzo(Gz#k}
z7{2QcO5O;g(F5!8@2<st9T5%dAN`JVvfPW%BDRZp-9PM>Aw2lFFP?H@#r7S;ER||C
zLiH7-K^IH*sYtHeNCvet<_S0fyhuh9udqEv`dU)_&~EJfz$VrX6u_Lldyd$QmH`}p
z!rGRacc-iR+P7nQZMT+gcN<B0Q>oEo9^)!rq=yiZ;=@pQ;=D!GREnnFa34%@=ei13
zc}F*PePixr>FfL?Gbr)7e^tK!ssw>5<7A-9cmcTKkN?ECi&=6yS+<Qx*7C#1-UBGx
zX=`4$kKp2L!rwtWCkx{W55l*LW2r`B&bLuF-!vca1RS&eR<3bbSQq%ki&xBi)^QT0
zDk<*J^}4H0om-l<I+1+O5zBtapG*i+!fA>mD>N@bt*LmYem*7-XbB!{`A#1rJWuBR
z!`~rXtKUVVvaE*M>Q}?=3RweYD}4^#K7F0aan&DvoZUa}-DS~vd{i3^gKkw~itf&6
zOpyEnLqIUv!L|s#rBIPjejI`;(qVkF_{0!dMkYxH8W@hd#b2%$Tc4lo6M_G4#iff&
zc)1kNpZ;wX4l|4GiB%5c^zbuNS@?Dh{pG}l1S%yX6RU8E&%o~BUoEptQ4LJ3Uy(T9
ztU;KEzf(YOyx`3KTRNYf7lzq)pQvjc#yoTRt*@imH)+P&jQ7Bt$k<=JlL!j_uEXeK
z{G?#lV6ynB(C6To|G~E5$8)v6yd1R$L`0P8F`R!C!JIOL(7F_?*ZlU#_%D5Idu8#J
zcvKD(Ea&=5{l9MS>NA+SOn!zpoM4;yKfOYDYJJKuPW-H8f=fb1TIH50za#Au_{RL%
zgLI;{pIQRRnJW56;v%SjuVn_X^c$*dB3{}Q8c0~JscNag7EQoOpMD?OzV(fk5R!)A
z$G<hTiti)^9;lkPjExq_GK^<@s|+voUuP+2*x)5d%SCZt)l!4c<@5%l*rX&*QT}RN
zCMRiC?q`mWSVq6?pc^7{+N{{5_(4adSa&XtQS=0KW+d4{W5@%o0|Ojh_K_WQ1t)8>
zaI8=1`gvuNBFRb*YfUNn(fX@NK6;d+A|vdoy7!tGI<PDS1nV=-NZ3brM=eTQ1jd#i
zVtW+kRT4c&;(G5A670&BeO6*VN6p1#q$7G0=OpH~??XjyfhXmy+CI!fKg!&@z@Vo*
z<q%fMj^5ips*9+!&8{bZO}>_Bd&Ug^$G$6wVljcum-*i(;L`I@IiRap^l}gG({*q7
zk)r25^oj1&kpf11w4C5dp~cj%yDIc*)ol9INMFu3QC)1XxL|;MJkG^Pb#b&O#dRcc
zpFp16ZH!{NcPSxOKf2s?gHX*IYYtKf$J4StEkV)}@AyaQh8Xd~dkU)ctp4#lp^(h-
zs^Kpq463yE9AZvRf25w!l6ZK!5R{IElaftwi!QwAYhLAgj?qO^nOi>ju%t*nvtewa
z;Dpo*_f(|bY>Q)(D~C9S`D?LS<icNnE6QFtSP{O}D)f;<$KBAI)_ivopx*jr{$&8j
zG=}_HZk}#dD@QLY2PS!%>Oq}8chr~5Z76Q0W-UQVcDaD{IBSx1V|=<k2wwL^Wb9)(
zi)cFd!*Uo&_rB$n3cPo=lu^9$2HtX5p8$oqz-4z+#X~r}cb?R?N(lJLKD5lA^;#@a
z<x%>=Eui~#87$)PeI!PqUAg5I6|C@~>vvAt$10kKNOC7762=(uUccyXWZ!svjDIlT
zNm2P!5q9y|T|r(ILs4`UNEOE6TOh#l_)smdYgu^oQ2k}Ou6T2(fZ+O^SO&JVs$^R~
ziW7MxS@R9X$GKR@`&d}Il8IAR>$7qFjOG&R%IHOAEzgLS^cK?k!plfVcBT)5_=AbC
z3si4larD#aBI0xNe!%`0Ou@Uhd&i@n4t7b9_vsfaWOr0rvy`(LLTaME9Ao(rkgoeO
z=LJO4V-CXjJ1M!^-Qe+je6kH9(p8xD6v@yum_ThIqQk9f;d-2(RdcF&ZDyv4HC07N
zg_*74Ic*sKX2QN%Vk>fab$K3!$hOS2B{FMqNhQ=iCI`9pcI><#rs{wq3shvMgK4O8
zXK$WEn86<za04Mc$LP+W&x-rwRE;6`G-ZE^K8z=%URk&VMo}F7?GcQAcKs+TJ&jiK
zi(D!7g-mts+6?Ez)YL|z(ePZ(VG54j>V93QF_;SXQfPHx>}<=_<<fUwk9Gv7qScz2
z%~KXU!-1)tm++S1Z`&{&rQb8~U68&_a(62nR4EiQoIrV5SnvV1U-o|=U|tlsD#DRD
zXXf1F@E{E^E1VRhq#~s{@qeH8t;!UWb%58byX7N=xlgIkg0$jcslGNrSsn>G#h$)X
z<&}4=slENf!uY8CI264lKi-WYzd5Ez*x~fC5>J`hudptrDVYZ$fli)*3iPu}9KQC7
zZ6%?TUnpSSkwt-f^h>IfzT90&Z%4)Rj@<q2P)AkTrO*W>)ybYs8SI?J?P7~7Rz=tE
z4@iUK$ojthsaz0<rUYebUKOdbE$mND7e|6GW{TBfU_%{{`t_fLuNZqh9=9B^D<G6+
ze@UtCFC%Sn!iQdCpPHu!L#EW-r<mbft4~ct56yWlsJ<SeaOjrOHQCW1?&9Q{!8^uR
z-Aqj{enNZ<nasK8T$bOr^e0#wV(O-hQBvG9UJipKIK5P&z0eAHo!MtTB8);_n<d3!
zOZCL#SS3KYZvV2<j=GOMSFFt*`wly7^M(E>cL4tLS#B7p1~OpK{8Ly8%I>MIJ29@%
zqlm4919(iF-xw9EW^bHo&iAM9={fxF`SO}JE#gmU@5Po#KV^nshU@28a-T?*#q9JH
z8nBL`oM=L+z?_~3w9IkV6;%4>^R80-pGLR@9>OEH*W+a0$R{-hJ&h^KPYzP*xx;;_
z`T{oE#$p!MxF}Yfk$8gg%N0b+e*zkplm2$PwoX+w+n8i3T=2<0)rawLqO%TF>n!C9
zR>60mLpa~adq5V3V!+^u^<{F(^hA&wV9lAMZQy6F&wBp-6zThop&X<HtK?&$EV^_;
zkB?!(P=fp}F7TEzDld!itYT<Mj!<Q~(JMGessBlkLv7-+bl2d9WNj;*ff)>19V@xw
zoAuj*QF$prR?sYsDB>P<^Px7Xtf8L&Xa+Zq&+2u0jM?YjHAVThqJR@G(MRcp^iK*#
zQcZPeGVC(cU^uDBELlv8#osu2!zlJec=CwDmrnX@#Hau4RZOR!<kfDY7zV^GkOF(@
z%AJjr8GOD=keM9afW|-uRqqd<*=U=hfi<o{zoC64^s{n<R?RLEVIc-l&KV<pH?~fD
z>;Px{Cz)BxPPxNh*dYgKvljn4?P-mnxwSWDoxKm4QkfxHRL!HP+It`P^Oqsrb@qOb
zL=nCBN29)M|Mq!`TfBVp_rdECK;8)Rd*V;?KmPbHxV{L$l(khQp^}|mx+Z&!Je}k2
zt{`$zI<@$(lc;erK7nK*wQEpRk6^556q;kT*<F;C&oot@5|S_jU+X<8RWF2OAw5lf
zoBFy+l*n2r;MI91NQ|nfWr#X4HV#F9Zk$Ls+1i!WRTXg@+U-Nk?x{iXsr3flll@};
zsRzyx=G_nzM`1KQ^!NxF=jwgmZ0MnwcAYyp72|@&P@3b@Adpzn3ns~au=fFrm=CZh
z{HDI^nc6Pp`1<LX<F=}WCTST0Az|qB@y)upl0!A%jN4Ju_DuDqy#bdF)%REHF{~j5
z-rQ<idp2t#)-l9;*)pW+Jt2K}BVYS!4r?<-1I$WQQ4(rF4PS#c%;5dg++CZmld(vx
zT=hEUi3>yp0r!Q6-LuY+chbo>VN<f;Pj_wpuay=)2MNPBzEBHEh~f8`yc?eg>^^`e
zY#@A2t-_}`Qc)+4zXrcB7Z-Uy30{PgJPa_sq8akFXr*+)S|oC-_i)tbD3swwmO;5H
zpvb3+ZB`Sk#rwokdzEN?t8nDgDC+|C1iK&YS0je^ueg*b-PE3Sj=EsuhM@_(=RSXM
zh*Z(QO<qMjQ(BZg;?_iMJ)X1He8v#CI~8exyx8M^N-Xtny1(4Rjz62Wff&3iX!H&K
zTtZOY`V9bGo$M$0PGzK`UO)ien;&-#VuwQ=T~I~MzPO?BE0mlAnCV-oa#E>s_7Eh-
z>deHP17t-j71-zO>08or_Ao`HTKk{O^m;5Ms+TrZ%aF<qnxQ^rghgyNHat@i(MbJx
zQ44CyK*#U|#clNS?=ZpI84Acd3mYg2*gB`?N(<!9DRyJ7&Dq^Q_kV@8ZfXj)ZKlR+
za0z`adap`5DpC_5t?o67phP|iMzU<R`xF=H`x6#Jf$h>7I^QEgJbUFh36jM9+~x*G
zIg_<)l&;bQKY!tjZIQ#LEfd)G^7!1es5BC=$h@)EVuGKijuXnZWbSy7-M4ODxsJuW
zqtkjD7<OR$^e{(_VMB`igvz482qRr-_-=Y#0C*a(+h^40#`)izQ4!WLxA_vZH=R=r
z&0xY;Eh=dY93G(?P&pIWp>KU{4_6sCU_08aK1pXCHTv$KNZCMqMJ*w)Gql};<gIB^
zgOol8W_bnx@Ow$BqLY4KJ?60sLwJZ<Bkm&k|DSL)SzqiRyqx_I)w#u=d&HvVSY_=V
zs-ZcqUM`jDCDd}~=2<cEX*<}@+zqCIJj!s7d22a7Ca%jGB^&gz{^)W4p09;1nE6+4
z*xDNAnY&7Bpr!;w)>UIr8|?44ZC{C#-Ax`9O!@_y8~A--@4@|fjsQdcaO^9M!rGw?
zEf%4dJ}cyImNyk6abwctSDD9i-JH3CI?QEQ^5-bq`8XRgHxvk(^hIWaMnvt+RE+N<
zx=)EMlR3YTyC$^tu$UoLn=h%YQC6p$dUIU+Gd%;LV3f0W;P3hVXd9`>)qO9w%e%j6
znx<K~N30=JZJsP#u<tSCa#=L)%*o)UwviZt-YC9vyhgWk^f({(n<6^BWlQm=u`Hq6
z*lk#Aq@+8VJEEw~z7ol=MR4^%+C>qp8m2GNUX8(m82pDCYm)1SdGMyNb)nRe-220T
zG3qq5GNu!PTCJwWKq9@wU~kp*KHB5-0k*zKYd47%>2uILYS27{=jbv{pcjv;Rvv3b
zT`*=K1-FNWVyzWldE<se@JsXbNLVj$+Ny?P>e@hG7-YJhvDo3D4qrJX?b(ru*r5~y
z4ZK&Yn}#BHO&W0XA-`(;7dMRx+gr0JFGM>vBq@s@OJt*Q$&7bQ-5RHS6=rZo-{Sss
zYT!L5v)+wuEex8U*xuCU+6717BD2V(4lssF8BEazNy)&+nKH>3DkZaq8=%GY=4&9v
zC1a3}^%&%``}-*6dDHIxA^kIWR6Oqi6MZbHV{7i-^Y@oj#JpnsWvr*RHBAag4qxh!
ze#q(T9ae%#W9_Fy5v!YP`cLa`r+m>!MDEcRRoDjC4*0A{4}npce<-bwi?RLIiGsx-
zYM?QeexC0v!yB|Y!Qna15u~C%obXA0+R)YEwNdnSxVAw}&1-YV3bbSTR#JL(b}^IJ
z#P0A=Lx%T5>rm;8zkB<~2JBF{MR$-~YK0$NLt_H+_B=1rkA~KR!GzWaon*6Zg8B+p
zmu#DYu@JUQFH4fZvQzsa)V2bh6zbjKKE6ucbg?>{f)D2;=j0za&`SuA-(v<hyKUq8
z&~0&zep{Ymc?uh(KlNiJiZ&Za8K?(MSCf9Yl`LRXVlmHG@^uJ}PqvCEy3Ak$NB66!
z;Z75sP?AeWZbkE1z&t2rsD8M`lY;2XhP{JH^t{SAJ$t~=MH;$_upyH+!M0XH0CVE>
zq3)tfxUb`kp+>tb&pcdvL^c%rY+g2~vqR$Wt}j|XdP=cR)$+ZsN0BXl$|76)6I{n@
z%eu$4zU+#7-7uNVv#7sOmebQ67v0m%XUVAkp6BzfIK5ToEEz8M)|(c_maOAeWoo6x
zHC~oh8<W`Z_@2mdX#eKNIG&9^5Ak(Q5#;9>`(&+m(xeV&xT1$m2l8)jhPso{%maFG
z6)5b)irX@Q$k)YJ{2=&=Z^GG;^#tN@9UsO+@TE3SA0_138SNCpO_E}g;CGS>d^Iel
zn!<B&6V6VV|5DzTX4gw`>BmP7p;N_69*y^PCuY;Su2;3v-lGV0de7zXunfLvYuPdJ
z+8Fke*20X^6k^klU5wgAyy{l<UUD(ImACk&IS=j?`;285C+Ei}S3nz!QE@@(GlLKa
zi%kLu>RiJ~f-P5nPXh%H5bdf6p8RhPm<EXfFOQIIx2zPc*HaW_%t6P?N7MoIRy%>r
z?#fqQZ;Y#Yy#-Mf`=4rAj2M6;K6#{)fUj4uwY7}NoP%l#-<yeY%_yWLSjWx1A5l4<
zY1Pv!hqDs*+zPLa_4bC0R@wW#{)k9<{b$r_Ma@-Ct`Nn-n45jm-aE~UXmBZ~ikI^R
zqcKTQ?U>54p-tl*VgjtGi@#p38*|vcqu~o-`aGOlyMm(YB#QZWZYgSC_nL8a5bl^b
zJ&-+pU9dBUMZ4d{MI6Pm>T9#m;VfG=Y$pO~(?vzg<SinL>5EQM_~#Q0=gCKLsJm6O
z>BRO;>+7A`7C8C>5y~>ZED8VvC^<zY+xM6LMX(8?QNHLnJcux(sVuu<rp>e4{z>NJ
zh42`R0LlrDD^grn2v=`&m}Kg+<6)F(L#8Cljo1+4oKC@PZAqw$I^oqDb$M-$a;Fqv
z<91}HJ>~jNc^D}QzF$B}dt%FgrwlS~8^G1$yrbHk7yFA3)EPyWVuG#lrPc*@`)wGR
zP3>A{^v;gs@l2Ya^rnUiXj|$IsusK1kj7VTqqH``SH^dKub;2#gQ!+Qm%)!nvz}u+
zkFBC6k!6%QqE&_z>x~I}Eq#Tyh;=HqandR%v-&nvo>d3~5?0yFo%1lmW^C#XP+jvT
zi@4Z;TGGOI;GskAlKlO<<qhku_PxcNeBdk)dsWZe^h#a~)oA+kWWcvEFzfgW@gmIf
z9A7-1!1{ZHZ*<cw5Zy9Ge?!Ni%<$C?@I-4<AMD2JE&~Da!J<DQd}Nm>eCW*2;g^El
z$??DB|AmCT;1HFDaHq5T>kpP(#n8WR1kgHP;!vr&Z&87@9~nCaQl{~mIXAx|VU0%&
z+dgILUG>#wAp;(nY!|(H|7$Ar121-`KA_3E86BV%KJVh5Nf!jCM9(@9Q}V9|38-K3
zDt|?BF|I{DbC93i9v#V~K2wuVXyG|8G_NCm>+lwtn71yAmy5B~GZm?^Vgp-en?Fl?
z8qFGx0>ME>J?rYbE9*z9t#4_0oyfP!PnsY;{e2+}Xy1;HZpui~BLEfw2hhKC|EY^6
zBESo87El)2O^ci8q@NM<8hxLERnV@V(N-%y{S~kr!hm?3!&kt1;FfQKX$LjIXdeML
zu53O*>-7u(cWN`QEPpBZHieQw{^4unT(las>!vwy^A8|F0<LGo-20ROv^kqtJOYsK
z;P6b?w-qCs#8Io8#%Y-*GTEsh*@?>32iRu*F>3?i@GBI-4n0P@JHe?Rrr8ew-Q$ad
zAY7mlxA^W)^h-hM3X^`dOW4yi8Rb+<wWl9zmIZW4gjIa~Z>a(F`uH(ZPJcj71tmvQ
zAU;(VNCM$$IwV&};OmA`t!kMDbu6OVSO>wA5x%mmZRAEvZBz9w7E4t?2s!xh>_d||
zefLmb0}}i=X)Hpsf&(3EZ5WLSW>W1i8{p0I_Bldklp_6lfj9=kspbH|Zb9E&03-y6
z+=FZv0`OtEEgyV<L=f-5^&LP5HCfSjN3(t1;7CQNmVO`Q)Bj3b0C7K~?aS>|1hJ1k
zlmVV<vMGR=H?L$9KBK?QJAXfaf6KYL-LKEFduKp;*TZ@1Vtw(kc<|A|SzB$l*lX^8
z*FkuV)<J;FlZ4VRJmhjwpfOX+fX@!(9+mr65M%+elUekZtzQuBAR;jsmP}@r_J-T?
zD1E0QrGR&RB1~VSRo8-$l8DQv+=xIW=){)EqqZ6^EX0eqB-k}bz{JVJk;Cy5i8p4C
ztq_~U{tvZfO0pQzN7|^&7UfvzaMxt;McH>K{?jn}hzcV=v-Y}@;GUlkLf3TmMGgsD
zg(l3!!embqN&BO@+XeUK-wQ^!DmmOSz#Gh}RwU}I{Ub!yk;#};1{+RUJf-S-#auEh
zcX|D&8fN7TNehGjCh&B=bS5o6400~=raq|9Bbpv}Em5b!Ihf6<(+pYR1hg+;BLjr<
zo$5*4|3yH-EdN0b`qdu6Jvv8T@QvKVwmM4@i#1g0MM+CQg)ep?m*m)Wq(oQ*EHbbD
zmtd;IN&DjLQl$g?H4kSav|@Fnz4%Jr$!<Y2Q3o?$*DyWjd+!XHeGn0+0X#kCh>Gr|
zz<uFnT*8J%emAJQp^w*-vOEv-#a~vog$Hy9VTteMs{t~%Sz^Wf=n3NgwLiPxNwc#k
zvuTx5L?va0cunStv5#_1`XIyK12&^}f7<$S3rfj*va}P}O(}q;U?lUmjXI`L*sOJE
z={yOTKGtf384P<jyg1ACx5ynJm#GOQ7ZLA`SG;?^I;YmKkyOR7+tHV2%waUG=79ND
zAWd;N=Znx$A$yxQaZ7LemwyP6@{#PwmQmrCS5BB=a1Sp?$WM=t=ntP7@l&Y{^o-y0
z>Bl<8GqkwmxphTry#vI{z{x2%_%bvK@^hpgySo{rBxa6@58;za)yEKdI;^glK|B+1
zE;^yIn<ON|GD8VL0nnreXK1D_WTxw2P*T+aCeFn*xBNxkG<k;@q~}DNnEP)yhH>y*
z=KZU5sCPU&O<>WkqGxUtL5`M=YXEXU(ec5M@NKaRJLFQG(~U6^pM6TCZ>!jOYVq8V
zxZs-vKHrm&ya^`3l<<In(|P~zNZ+S#6?U6`e>9t~{ZVrl5R#jC+)DQ&hQ$TDpnG;o
zz~`*6QN!X2P1;^_dtL|If@7GiNm_0U#a21G@Vrrbf@AJ;BjoZ7#~L8Vn~P6hRc14f
zR}!p!smmw1HdrhO@;@-KQJ0gU@^ip<CI9tjm)~Z>y)j9zEIrQ@VN5mC3hZF}^cp;|
z#!Y-$!T0p)5R&-*iDxC209s^^%3kyZOjN-ugpjBAmOEljwG+3FeYykNR^Eis=ON-*
zw(C*e(fJd$;90?yPfIJr`8wC2>@bv3W(!BHqW?C(ua<J-B*!m_{%MPQrN+H^dx&Dj
zWalt%SX)BRNK(?8qxF08YA8ZKl(?DlSfcXo$oxJiO#tPVZ^wTNSL9KIKHHO<wO@oD
z%(#bB_A?Iu;WxrQz5Sh`hLs5Z(fbN-{hyfrs@qH0C{kfO<SMrR%{gE+nU;AK5mANx
zh@ODO@-6Z}VN~FB$ak^n5=^L^u7Kch*AkgV|BmnD`}wR=Ds&l6fFWZqlZE?xIg=)Q
zrsuLbM?-yElWEvK^s`)9FE;DOF96rfpU)pYI7R7|y9`O6EN26u2AHB3WMi{W9+l@*
zV**N9vw>NDLvy)!ily~5Q`d2r`P;K*k)@U;W8#8VjA?$3sZZ8brF%;)*3kVdqt1jC
zCMrN0lYH6fm*Kp24X?(UEw?MvJ)i1p)DVn?>sq0bjI**(Ad;7s(egp^a80mf-W+Ne
zT|A9qf$*4pE1!CWxqG39?=b`ULOhK5tEqfi<zgXIon`qj0*%VJPB#edg}v^{>Id!B
z>YOAIg6jzA_m;1V{H+{(ye^Q@$`-&DA0?N<zgy>(q#!(e2M|0RsV(`7efa>VMojij
zO?ez!dwvK+)*dxxF~{w|vH_VLexPHxNM6E9#$Njp4q5Cb{~@(t>XEGphRN!O&gx%7
zp9xENXdFCy>q#z%R9TyL!BAr}9Bw(1G{dax%qX?5LnRR4Ech3x+)>2OgYgHwA^QxJ
zmEm}r>uCzTnn~R7(J4V4;iy4*r&H)XMWKr`Dbn|iCdXTf9v8yv86)4Z6mZIvXHb`X
zw5%#IoyP<o<&Dw6T()@8aF8FrO=&sjftm~^2JEG(B5SdWl<c|TP<eRiOTV)~O$I~@
zFG?16CgE0SKe{NP4Qc}9EuB<J(?WY({8rsW9tK!}pg`~`x)`H4CO;b^WS+dBFnh0G
zQz7QtOGD2!KJy@1*#SYEKTGTa8f`UkoBRF`rCl>tnhn)IVOL*M8$eTT)<0uT>xSy7
zA>Ru9<`}z+aN5K1rIAh6IrY8rfSs>voRP|~LVo(}Ci$c%nIkb4ix8=Jw3-A_PTzgD
zL`^r%v@N0o;MBl?s4bQ_KDdsHG;1*9_Hqdh2QCEF)P_6}kPAeJf53MwujgC9P_J#3
z-%?Z0w`Z6VLeu`j>`VeeteZz+FMf+(oifGXef|j_`jU@Z=((2J{8VgSv4H^gUEw|~
zTZ{kr*AF)7Eul!(kBFhU_vZ0*u&)>5LSCPZa?KTVN=iodvW>a2_%bE8>xwfH2*ba>
z%$A;Tq&s)s`f?nPF>dHk*?J3F7^GrBFvxgdE0&JM%aTr*(ZabvfGLz9FY4+!nmkQI
zqym_9!he1^Cso>$>v0U0u_d2o8S_7k(s%z4hQvoae+Qf_H|xfLvZCO3^_Z`6<tbE_
zoUKypqzR<4AXBoe*eLmUHA6f_)gU=hA~YfOK)-blvb`l`Z*2oB9E~GO6HQWFg}xDf
zu?<X#rynK#{lmZ`$dInMspw^zCnKx1iRD}rWYYL0evHbeSE?)k`YA3~L4l{JKvTh^
zaJN(F8|ln`62t@w#?kfA=Nk))9^=noOcf}n&>2TK1k_VH1yux`-8g}RG_jm){x2IS
z6Ilq=UvI#q1#WMb&~igY0#0bmH^K4#5PHu!{LKm%k>A`|Xrwdbfv^=mIRNFydKX_y
z1;nh8ZYp-qhsOKvXdW>d41c~pC%?5C?2`Z8;Tv6gssvacEu#n?lOuIAKsGA8)6dGj
z6eZx^a8N01rxHXjXbd4a<3tCf;4TRyCgbKBoeVSKE4p!y14Tj-$aauNC914Smlm=y
z#JAf2ESn-!%a2PK7XPB<Q2ug8oDgYO0eXd;`Gs8NOfyHrSBClZ{!#y--42%*rL=>t
zI2Hvii9g{nr)`Z8(`^Q1+!sO>;eN(*7J$3xD-qTenmH`~(0rX)P~#)fawCdUf_Tzy
z`7?!1NNb?Fh`^+qn|NSy)g%tetkI_LppASw^rU{cyG=ixr{B@KlA*S;yhsY^0XqiG
zS8vY40bP1<@<sAP=I;vt|5yhgg;S!LW?C|0TZ3jCAlAv1UTlPnl34jeFhZe(ucfVe
z3gLf<+vhcwK<>h{^64W0NcA$-c@_VbAC(P3+`f9BsU8FMi$#J6<f%!czuLG*ST7Z8
zaKJBp%tF+wFn;w1R4Yq?S*Xg1Ax9W=Bdy!EI;wz|$lK0mKHL<|(<|eqiyb^k+Zt*L
zT(|H*B~cX<65ibEKuVB5C#Av7Cp1Xe`@bSp<lo#&qa^etF#Sq#cIv56@-5&FG|E$#
z<442=d1nETn?<{h_d7Iz!f10?NY8eD^rFndKc$5|eW1OJK*^%ZXefhXZhXze@s&S@
zQd12bS~*ylr_2$Mia!`KhIhKh<QaWE&;;Hgq+XW@oLt*uk(6w}aytST47-5SLMIO!
zqUsia<9-ED0q%vKh5S0N<nNfrR3;Go^#qSjZ$|9!c|TQz<YSj0bk<vR*L|Sh$U?&*
z`I`x}G9DQ~An>}PBA@=--iuG*D#DJ>$syu{!|LKZ{8`qtbvKFBE#*eB_C>`c{IN@E
z9o;cholYQ3Xva@KnTqFSR^?Np@mypGAIW^g4bL%{W=#i(#`N7t==eFHhcOy6U+icB
z--<1u<sX~5k!8;qumd3(5<oJDGY7zk`2d(){FN;qo=3^(yTivx=)0doK`0Mldyp^x
z5=_j9YWvFn+bAD&+8s}`=IJMF^ZgzI<a0sH`rgM8E>6V%9SbH&d=u+R`vq%H=9ZdX
z1xNlZBHHYYmRZ-BlV&_a#hCRKbN>y#E(e}N+48RuGGV%g#h9LMPmz4VY<+ugy5P8H
z&uSE-79PJ=Sj1j{{hwMl1>+s%oNUr8#3M0dYkmv>w8J)N1g14G&cMr}3cT|QsB!w~
z*@~h57(f-WrCiueHQ;B|FXX2Z2EES{8lb~+$mlXJLxQF%9aF6o5|E4m$3%o?s6^Ty
zAQ>VR^Er;#pa2VwiR!=dh<|dLfq#-}rLcemCDL*X5+ZW3UTG#Y!}X_EP)HCQs~i&g
zXnVD0SkSC6E34$>1fi(NFAOB4|1yG;cDQsgNKGjawVH^(Kf?dci9f{+N@c3k3`+rw
zU)G&br$(W$<d0#=Z1wc4AKq?wqffGMjwOC!&>{6cO%e`BiyW%g^qp1Xj49ftgXgx}
z+r<rLa0?V|F~mDi?GmHyJ3b>sVj!R>)3Wkg|LMhH`hw%I$6ktR^q4^IWl|Wx7LQg9
zLFpU<;T`d@a&m=}Ej4cr>xX0~+#2#BpY6(u@E-&713I~^_eVOp3%DVUoW{3aIrpZf
zvF&$`A89lVNhhnJ(S1&yGS(`8({<^M12#VQX1DWIe6zMue(hI{d_N=`^l5_C!dmn_
zCb0P_7FacYXT555yNC1n`&}lGzvO$c4v;(Yh_6+miFm;_#OC%Ob-T<xkd54od(^K_
zjzS5eTFPrq)1hM0p+fTAOCpl;E;1F@RBdv;>%mgn0AH}=OBUJ8ZeG0F*N4wIg_J>u
z30y+0Ifa&$b4Vm^Fp-KFWv6keH>9{L?eN{p;Az#%&4kVuQ;pa7Z{*|1d$p&i)}nwi
zwQB=;9umO_r7M%&Xi~wUoc<g9xqkkz9^+`rtMtfnd?gk(2)$Y^Q})_tqCt%Feo2*g
zyVAow!F^b}v;C8Yo_PK#yquO$J_5#xJy*=Q>ctn?C#~>SEicR%IYqk$a;M=hn>`xD
z9p(D3IK(MmOv}$tY*VlLP|dc_1RL2iBePvs7MrcoDl*LWYf(RwKR+sJpHt*D$GAZC
zdU<<e=-tLKF|RUQ$0(khQW#BeS6u*9i~k{HFQKj2CKaj}=Y&=bX;LKNNAIH~-z^($
z$WLi4(4R9m(fAD%3rQ~|m5m8(!XiR=uBqkE0exym=1W-Ex6K8Tkq3`zPL-FCS&q6<
z-Oq0+CZ@LvimSFrRuH`xY~?U0-ej7Zw>ID-js&tW&sylUq{4O<<(}`XhhSRhYdTaP
z4tk14`3TkxTICB(*{!9Kl#W}UjJ=Xzs{PHvsTVd(t5R{K$djWCsLLFOgEnKUR0XbW
zf8xvN?*YRisp0*{X@SGKUrVhL5CVszF)w4n1BQ<oRM$n@)QeB*L44^opyHLBkU8d@
zt7l7AIbC{CXKw6=SidT?L%iz+wNO;Pqn{<am||N6YVZm2R9j_AyYpe3KN1uk{ZqS>
z|8`1`TFRK|krk5e<yN7E|NU0=g}MvWFH(t0Ew9qARxr#)oqFD-io-0%>sq1UR!ck{
z4;;0z^|6H675OG@zBI7wHg2Rb*S9Y;o?zTm19*!!hJq_0W5A_A0Zy3*=K>`YD5*e6
z1WGJWqJR<xlptb?G#D7-=r_n12`|6Dc^!f~in@eX2lSuaKwm?6QxQZ71_1F|?y>sJ
zmk?e}fG>dAazS-IjjS%)Pg!YX=Iynn>DwLwh*p3w`bX4W@hE*!1A?j*O|-BHlpo7f
zzbFFSr7^(Cy3v364lptQ7>R#v{t+Sof%=aS0EkH-#GZiXUz<1=<ZxU7N?lx2ff$W#
z0IP?|jlb(6IB6YFl+VkR5t+?tkhvy_xn_E8Ciak4WGLl*4AblJ7Ig+<YC6QzmNd0W
zDjtLr645Rte^tpx)EE}^Wi%~`?#jR!<x_QgxPF%X%(xWxuF4jaRvY1ij%z%?V2d{L
zh@DwhExzlUmBV#-2D(5;!Mzw_mDd@acAzJW<&xKt8K#t#o==aj<bu)}?G~~4*t&=4
zIEH;-_z^h=`yh3CY(R7=m^{{s8?lO#S=LGah|9RNE|}R~o_W@f-s?69yY=OExSK+6
z23(=lNW|II_LkOb8^f$9N#GpA|FcC(3|_dj7bmR^G<JhI@5@eqfiJprRIqd;B=g&b
zi_s>Y-M&2rDx(VrFkHBh<=I^`?SAuKxCAcK<#xd94~nVRCDIP(e4h8*ul_XVGOvcs
zazHGLOX^zBfKbl+?LwWIZCG}!jwtTEpkOpf6qZ`$SaO$ggDCul*C<FulWwGI0RGi4
zb%uhryU|f-)3v&quH*TIdR_2=x~Md+iY6^Uy1cKeOR{(+HzY}y7DUWq9Yfva6UrUb
z4l3?1<u@r&c#IjQU)Q4t5vzkcwTt^L`lpplmJ`IbbZG*I`!MV?KyDFB*!sa6W&O^Z
zB|sheOshSZI_JtptXzu@q+1-~B9*Yf=;_v=5Q^VDWECh)`y!A;{Y&Jm%wbr2$@kL8
zFapv!Sw0S~dimwtSXh0|S;YEv&^mEJH3*CZ3>Rzz0Bnx}jK;imU^MPsrzw0n1cuY4
z4KS`|0iwnlAbJ48-U=Wp0D=jC0uZG9Yhw-&f&bc=0fhY{5?we8@Qnv(jY&4;?@2zq
zw6lo`!G%kOmlw3w8c9IfK0;%@mlA8}0bJgf@atun&p)oO^ByDwum?!KJp851+@K&y
zUguet5Vzldl==F(9KrL2lHiackMj_64(Zb^uxgq;3?=J2q<R|j4`5(Vmp>YQ!yfql
zYRnIXiCxF&6dE0|6-{sO(a$cb$<Q7!Jq=Qt3;`4LF_5@@3s^)|=^+B5fkl*>-URJV
zEubaoi8R}Ftw09y(+GnJnqafv_l-~~sf{72n3(LSu9a!oH|~Ac#1;$zux{8WOENJ@
zxUBY&JM1Q{fI!$a*SlvTGNyohXjnwO>p;S28ew@`EEkf7!yUDr1SP%p05_z;A@v;U
z&r<<6gwLIObgtCm!}^EnF>cbT#+ivRkojd(VPU_iFu9m~7U9}c5}$Uq;rY)DpuCmq
zh|-V>3b=+Gf^Epg3b-uj$D|xA<cO(G<i9&iX{W~RO{KHWZ|1ikQ;a!r0!QshIZVo?
zhX0t-c8r^vlnH#$e>_8+dv(_f@|*N1Wc^t94M_&au6Q5E_5jAyDuI2F!6r&?39qZ3
z%iF@?|M4rD1!F|AX(FlY!K^mO7EAwlMY*)Rban|Yn;#WZdvnzPE)}bYV+wg~21Ivn
z;WumFz~A*(yb?IKGnPm}TQy-Kse#hk-S@2u#r-)KgGywECL?0PWVw4!;epc7--`-_
z$$m_B{Y+5^odAwxEEfHZN3KGw9n~USEGpUFAzj>$zsNQZpMZ6$SB^>jJ^G3{bwshd
z?CV5b7Y{YP!WDh%oCxjgW>rbw1B}f6YV-EMugUAb$ij?1i#?FwYYZ^a6FC$LGcX1x
zYAX;?ieE6%5J&)S16UGKumM8wAAtf8+0_66vphV?mY%ZN_m;tLj(%oKj-2x4iNHm$
z=2-Y{1^UzT1Mtc|242}c^5W2VcAdcB6540UA;df0m#`1air7+V$NfC__^8;vEH5rY
z4h%|+qNkxx^C&OI7y=fCt-kskbrg<*2TP*_GD0^3vnO%BTi0X2V6(M@BlH|4(`T;e
zns}E<p#IVRTR^$s)4k4LQs0Z6KpDuaG-=4JtgzAjVq&9Af+HVzgn>K;;P3#y>V9za
zmeM#%?<p`B&Uat#Yuj@kVt90$(_4@N=#p5@FJ}B7Km%!NwNZi(1JZMoR$&)4T_hL+
z+xUJHd+>9UAv7;3vQGVVX~frvMSpom65Ml3cTC{)a<1C6H)85L^HG#OX8}>>5_Lpy
zV|;qHlMyDAHuNGE4%pI0d!%eb+Cfu$%<=3=IjktQ%hFi}<ud<7X(I}$3>#A%IemII
z@mKG5Kdq0l13ic2d*+K`s+4{0eBP*y&K^C@elrJ?njlLJ<Hg3eut=te#Qu+8!OkDe
z5c*fmMM~vh_Pe*e#n<^GmBq&Bs{e&y(>irgS9|r2!<c~b?0))p9v)s7MspVqkAvxJ
zM|S#4J1=1Q(FUJR;4-Y3zDWvP_`&kg&lepu``tJ2@BKM_LcgI$nAiV$#A2iUt0OyW
zx!a*Q<3<F>6>S^z`Ve>+gP7UBkR#=KVwkelZxAr-<MyKU&R3BB_R`Y16Sg(7UkgI%
zWe29b04G>N{4(HLor6&3@;c8oCTq0s!wNMt|3%gLx9U$l?m4+e7tFwlggTNOMu=A%
zaVjUsX@RYE`h~hT(i@I)t(VN#jv?to?|Cyc!JITCijCObX2su6moa6F;?U484bk5Q
zNcZJyTXG*BJr#{dQySEmIDD%wsZCF>!!DR@A$phFVaN^kaIy{%)6(p4)BZa|uH8!i
zdR8WSt}VZFf^9X>#uyB`!ODh_UZop8<FhSz&A7Y63oX`X7~YQGWz*%&-NJx)irg1$
z5zttkG4?N#=v?bB+iS4|NLAGDbbo%UQW)guBE?o0rmFrjR)cA?jBODlWxD-31sM}C
zHhrs639w@@#2SO-p}^_{LmaB_lbI<Y4QM|~KTBGKNyjjWEh;|`U2yr-O*O^dIDO!m
zK(BO2`$>6H@%SMajmkO9|CsgbhHPt-Sc{g*ruP`^1MXN8X>c!kD#``SSQF<xN}poX
zA>}?F43PPY+-KXl^3fmjnvd<$2bZBB6xPen<;Mk&Ykfq-1wEd!xOi-hSi_5T;^fcy
zlkP;!8?l>Kjhn!>F(JKXmKLZ^yLrQQBFd;Lp*Ig_Y_&j-&EJa|2MJvziCO6;^`2zS
zCIuCAH|?CkKFd0cIk|+5^ba<Yt!)vDI*T?s*O8W!?J?XRJ;Np8y6*u`87znUdV9dX
z^m7xMRU9v_4fF1R4-scR*jp^MqyymrIVScTYpE^vt}?p=L0w3ij0XBtN9ftuwIZXz
zpFb))8fu~WZMn1EbWk2tBv6n8i6@*7y+M?UZ~+25cHbQ!#@|X@A`~@?mmxFHfn@fP
zXQ+%n(Hmf_ec}MWrw5Sr==|T-HR;&xd(AzA9ecw0yFh1?2)Uv%Ro-7wIegYI$xz2B
zH%3t|87}c)B5CgA;*c3p<eZ4Q-|53d3376wifCc+Q=BGfioNeWyj2}$I#xP$cfHTA
zZtp(P=dZ3a*K0}hUafOZ>sA#W6&(___<7VrQ6Z(I&$=M8#oTSEcN?~Q1IZZcqL30X
zilkr4?Re>E_7`!Jwes$qoCAG5RIzk8*y`cA1jursoSaATUt%)|m<nWExC+D=C0G$X
zZrXDsz_`-R{mt#dkE~QvML}_(toEYlbc2Ed`9X1p2$Pfj$nd57oan0s)!*+1=^b?m
z_r&a3zVEEu8ji=0!P^pw31@OLsHv=BYANDkrHLoksLIMiclZe|Xv0M|iaEwE5@m7L
zQF-N_(qWl?q#gy^jwD&F9d3AetsGO47(<;{ObxD+Mj)yf#nTXYmuB&VEw<A5zr~dy
znJJYQSSn$I#hN=DQCh@E9P!po9KX`>k0N*2ieh56i5D?R@=!(Zj*F#h*CR$f6n3WP
z%r%C7IDFcjUZ2Dv^SCTdMk&7O{GOkPF;p3mtXb}O%Rf+dPZhIfCNW~_al=25cTaV;
z))dk)kJRSMI?XsW`c`b$Wx3~C1+lX)krndhTx={MCL>G6<L<a-M3J>8HX_|<Y?@zg
z%rF%3=1I5sM=`-zOI#(^CLyIs@$p8uzTEhkE8xmPv|fBjmz`WmwYGtzkUaJjQ$@;I
z68Mj04dM-EDLHxYiPhSQ$<VD`UARm4A3NllkS+5v&wLrvd6T)kGL!Dl^2#%Lc7I?Y
z+X6F9;tV#wEDG1oOUO{oxAD#re_5{&c^kDwK#^dL;M~e6R;Zl{*Us@Q#Xc15OD&Zb
zDv~GGBE~1yB9SG1{@FhRs;%mb;b7dI-T@xY91bcK&EhdJ(5VU@Vq2%H5*?t=Jlp|S
zC1yaMqrwvtPRfDjsTRQ-rQqU0Emm74dY_<sc>$8{SKiJuA=BcS>iE*2lPP_9^{)y)
z*M!H_m6~j;WIvaUfBy=EFf<-ry7%91uApM;_3`lHO)_qUaO4ROMd8M%QD&`0-jr;%
zmCE-B^VQ(HNS+dJ5-xg>6eh;ntkT<d4;2LizrsVP$sTL-tpk?K!|M59-I>Tk?YW)q
zZ;{_*ZR{(XrfTgnzRB+Ne#VuX5_X%G(%IF8P*^aEQa#Ggz$*(c5al8+iHL<~UNEi_
z@s9%xOzFFV5Gt|SbDrVhqOr-^G`^RFt<5UmXx&wQtApLTAcFs1P_tgKfVPEqlU)tl
zn{`2`Sx!;#WXoej@$wxcy+Iv(yo-!mLs_|OZ#$bqL8$Wl(@ezi<(wRiQmt7%YXlZG
z365J$#Zsxy%_9Aziv#%iE%VIok%{ubB)wl^PjL<{X@;UglQq*X2|3<SQb%+bF0X=S
zCY$nBumlnp=2dK!hooO6&a;Ys>)~6J9ey)D79*}ZB&>Dd7W*#EkJBwXmUemJj;UD`
zFeUs80g0Y8%g2I39wvGT7nz<k$mVp1!5Qy0xE_#6<*!cbzK5$X)h7w)-Knoo{X*dT
z;v)SBh}>H2IxKe&ewI^TF7cvRDNZW%DBfj3hvi6jT8}4<%Zs?GdR$5$_t=B~AVr~z
zWZYeCTrFf>B~a>|vwqK?JK12=8yr-WtLxu8#mC<h_dGdaZIi%0^;W-S#<MK(z(Q`A
z=|Bk9Jjx6dp>wM0%}H#P&^1e~zGP+5p4#o{xvc2mbseSkS~+GN8MK2PR72U_CX=g+
zC@q_&CE@AF>!bY!KEv{o%bc^i+2CY~cRt$P4s^Q(M-kvr1bxqNe^jTddP|x7wcT&$
zAu*_4F>qz=sZil{bMF27mD+L&88JAvAfpxkw5#h&r#gONZjQhG9fOSS2{LDsc@1~J
zm<Y`Ll7n*%kN#?II5($Avw5+;Nn4WUsYU@mJRsa(?wGLzQ{Q@0;ZQ#m>6jqa(cqQl
zRq}-e!55}Nxs(_^{G#T1!S1iMArT{8CN{JrT4cAm)(sslf&o@K0sBuRS;VhE<usn!
z+SOsYbB#^g^rM%}j&aiSeB#cv0IJ8ak@I8v5_@#V>;@<HUx{J**C?y~`r{vAe9jac
zvDO_SB_@2kJ9d;BwfptqyAp5m605vQLPjO}KW0dO!Ap3qESx%5Nwidw{_xgb!H~w`
z<2*a?F+5yUo$K6L@%h|W7vp1|@{D5mHw4c=@z-`N?BLM8o7<`EziXfy&C!&R-HI@#
zpM4I!Maw&JBIIehiWq-W-0j1{x{~9!oy1HZGB&(KDB$#4W~t|eYuz#<ZyvJDef|bw
zaDJ+!vwHuGbS=XEPKNrG#bx@z@}zMSXF!bnxfo82bxKG{g7JCs`NK%C=Mkp>as0_2
z7`MQL&cFDIvkby+<%7q87)@VO-Q9==`VeG0+JB>6_U42ziq$GIu-;w?hXwyvHjO})
z*`*lo5qb-6^u*|1-Id<WqlBJEK(WkY>F#&3uNWu6>)H`dajnbYb<-%iw8lkbxqNse
zPjV=q6snkVHc{iUsuCU1bl7L$jn02EUBN)nY||wh^46>9{ffiG^fbJvo<v7w7=HIY
zoc#37Np(gDsY7iEavYPR(3U0~mmu}?>k{N5jAEQ)>*`L3RIQ$<Y;47ab3e$En#V<%
zgna1j=EqKxx#`W)aPV8*HP&ul>S9c9EFBX?v>d-SI?|}SaoX<eP%uR<_YnPP+4MCJ
zcuVE5gSR#I{8|EPJ(@erdb7pN@hazJCFG2+cI4`4?s_w;SgtmDd?fF9AeductZP=*
zSzb58lM+`)iy`A&+q*YM6&%yyBGf+<WSvwjRa=XPZ$-FwT5b2cqs|aG*NTJcr!2|h
zR9v11Wo(z*&mD@fpYW3Ht6Xf<?aBiiOgT}##1exJ(vRto+-M~4gh42#5@m0KVh1&)
zP7&gkpZj29nxzx16S#n6_{DboswKz=k_Ftw(R0~(+{B50b(198<;0$A_8i+KEPp4T
zKYM4c(z2mM&1Rbk=YQnGjhf3Y5)myg>Q}7EL`SX3{3<cvZYbJsNXaBXo!BmuYy>r_
zyjQHSH~PTacxg$1Pg8C-rI?c`9YYV3#?37IBZ{`0ssN-AEJB4gKH0!jkQo+bM>){3
zRdDd>Q?Sy?u}&D??!i=IZnOz!e622i%|BsKf%Q*1HL9~+>VXdJf_g>d+n0*r?6R2U
zj`wrpyLUNL2uMm@7=_J=jfeOid+rd%kwICvQ6$*G0=exb{UWZ>tC|g-C~5M`%k4wt
z+mwEz6c>C`xanIKygeosF7TM+%&PmBE==~39D0Fe?BisodgUQ`v=;|FOZ@BNb5;9j
zO$mNW{MTZqm%KTL4-J_x#cHJ~zM5c|8F&8dITpx<Ow8ijcEO7MkCuEq3dh*~8ep_h
z_d@-|=<i=SQ*S!&dET%|5YC>YCew&gXp>|jmq^zMYvDQKhLr6!cRW69&mzJFYu+2G
z%48BSN!?`}PNs1T`Jg5Y^@nDvX}$O4Q*pCAO;Z>@i^?)5nM%m+CJQiU_2$emYmkqR
zUmGb}O5;7#SzftFBwo#(m38G$o?&*S1UMDl=P|>r)$NJf#L6e*-b(me_1HGfI;kYG
zE_q!h0DlhSSv3u-^az&Qb~tuwY>4!{g=U<eA<b3@8l)zihmDSRG_TU=oODR~ub@sQ
z2b*KEbl<9=uL_F~zp7bt#4WrrSuSnC-<zVH8Ijnp(018nVJAr4ZSykUW0>z{LXNE{
zXQ#;cG5v^3H;9@$&-^kL<)g{^>@&U9TqMSVKOT4s3bEIj|2pAT)YHs6EqFCAmfKPS
z?HVe{%8_t#doGINC;D(DdBC1<()1YgLm6%rEhgKVI){hSa>^bDnawHKV)}gO4VCS%
zENg+J$$~b<W2TS+6t%SD?xnGV)>-mw%42c!gw+SqQ+^1nRC{n5GIAJ9J<f<%j=IJn
zHZNyO{nB#rZT5R^#SM>J1e%svXWC#f$zif0eHJ(^Wsq``mAXoC%R)>yPZZRl;TFMh
zxw+Q<XV>$AyGk*)>g9y@&vs;&Q6R8IQRyilANW4Pba0#TOiW?->;mb>Nrx7)x;|tS
zFSx?Y7p=(u@<rn@*2e+%q+YUnEn%J#!eerjR~&BPqMTQ}V+o&S7)f7Tcl)OcmfSU>
z$k2Pd8fDWjH+JE|+b|~mqKp&Yj5`7R>Ot<}Jo>YDa>IQw;=3c4E37Kjq9eQF8soP8
zSvT66>-NM2H(gX7Fpc59o7f3&RY=Cy&;<n3eWpKHfRNZ(w;Yw{+*snI{rxs1V?S&`
z`Q4V-xpp3hhYKzAxp1H9OnDO<nal%ve@D`8m<^bMFTp&z6dnV|##OEvCzw@n9jXgM
zHGlrY;#sxJ@h@I-Kl<?LQnYO~9K4IwM@5Sszn<?ft^FTW-x=1_616L$B2sb?kPheA
zP$@x?4vC7wQJR1hrGtWk(tAmes?=jaPzVuG=@3Mu6CeW8K}sS$L<o>T0wE+MB)Qw~
z-sj%u{-MmCJ$22RcdhmAnVJ*hK(l&n^ymG~D^TiRXEBZqZMhcd%}c(+-}cJxkXQ0^
z2hs+&YLBciUn%4fcv$|BRuv5^HYIiWTFs46kNaY3On=2<Q(^U;w9aJLi;bfyN2H?F
zvW42-^d{Gu;IGx3bC&j#P&fQ#-AIKS9g}MQfWq;H)(ka|Ki~K>?x1Xw6F*k6o55E!
z+tjaUo)R;-Tr+mcQ?u=)_PC0trjh;7isIHg8NXKV=x#sn%B^=%UkF+>pfj2-TlWm*
zcjw21QwQfPpN~&ReWUxed}CGI@N5V!#8r`_)yk$<4L<7;_DU^M*R1m^OS(^Dix@Yx
zqaRJjRx}?o`c`k1F_bS^AN8bM%4RI|4pGv4v$1SNOlQ)hrD3vSxuwcgd*oYl45;m$
zDeeyK=nG%PnAJ(c-O-9Da*+cKXI!%)=DIobVVvfI_jH*#7Bpdr#6xUg`H{+(@_D&u
zt9R#Qly?++wxDqjVF*9Zvzc#b=C^iU|D4xycy-e1wB>V4bG@*~nX`)8JmU@NRO6vD
zfV4e)5Dn6k_l1}sg1d@VHkFSL(brZUK48U)i)v*rKL&n+dUqB-?DZLzB^eL#8kC$b
zN3@Y?aEVIBvQ(wR^#pqRuA=e@!Kr;K)#K>yQ`V74(W$^yNJQm45f&YeG_a?H^!nD1
zZJQV0K7EuzOS6j;lMtPgnlb*yw)C%@XP^}-7&2p}=w!LQiF5|n^u|0d;DVb`>BWn_
zOJ{fnpRdEQ&&b@;HH}|&C&8C5XSUkN$K5*5<rw-Ncl&IrSfi7JEt@j6*dD%9^J5^<
zqPr>o!`ZDTXBZ8Bh3W6U*FE`=t*q0GbnKT3ERPlYqUgD@6`-rl`xeY@$eBS`&2pbC
z?*^!BQSOdO>CJJUoZ-fSS<#>W-;)NoQxj*Ve`CSk|9`*4v9Ub&dRbI2o0+B-?3pf@
zJ)g8OAE}Uu+n3K5m}}d!qZa|7a_-uSln^|Ofg6}}(?}a-@6kutSI$@jsYxiln(><M
zxrcC2jk#Xd(mY*W4uDjP#}1R>I%KUaf$`@aFKRA@3M#NgOQkOr*TAD;T01!2{qpR*
zmz0xht~k%C;Sh_!5w8Zhoiy9acc}54`si%>d9>fh=vafs8~HzUZk}P^`#$0L#d!KR
zC!sX<oeW^p7^U8ZEPs8z)f+e4cIyS1BxakAHHywTzBb7$4Qw^7u{qgxPyWgM+KS?f
zu_Wx=uauV?lV@3{;P=_4=6x>}B<w`CrEM@j{`0<(TxXavp>gSBcCpJIPU|!h=`gS)
z@Hj0Z>w41tk*qvfvu}5ZtpfKT-B1a!Ti?DLM*$XDC}5F22kq^vc0IqmR9$tv-evr5
zc#UGdLx-DpbM4QY8;G3pvP}t5k*olHT}z1esys*QRWGJkp!a!EnJrkUS8r%LsJz-l
zm`3AbH2);y2U>Yl@@i*Li$=lTf5nGoVqcD{D)||`E_rwG&+~sK%W|_7lx!3vF$7Q<
z_xsZ9b#?GNlld$DCx0=7o|V<!my$TTtXIChhP@_MbiYBeU*)w`vE}olXY!+NxfaD<
zi1fXF?$;$TTk*a(23i5X95FXdW-nY?lIR=G%xGM5&K4`VZW0^a`Rw)=$y1*t`usDQ
zpVsU_=#SU;x4plEEf#jDW@)Kz?{4kRK0Ckc3_?f3;}$kD8!$yb6uxA9dD2<B@o1a>
z)VGiS)_5b2Pgb3T$Gj+ga%j(rhC5c?9=!omw4gtttUQZ(b!JA})At3%|Jec(lAYo5
zx_4KoFE=~s`j@X*wQ0$|w1{C)n4po&1xB>)=8vd)^>wi{gJ4%F$QwB$CF}67t@lAa
zHr)5eQ;quunWOX9#tP9xDw6|3rcYk-+5<nXg6|8NdV-q}X>DEs@Q^`8wd3_SxqBxs
z?nE1X2qB!@`1jkbf>!={wK$W`vF)wR(l08%o(7Fgo#92_Is5CEnC+>)>JeL;?fl|1
zXIfO$Q;NPf6VGnlF|snOw|fyhah9)EKigs(Z7Ldks;}SS-&@4p+E~8mUuPyxZI{ii
z?q6H_U??y}av!+vx-53!)b^oxd0Q~iB)8P0P{oR`0omWXT9O#`SozZ6e##x{#D9B(
zf4}*ToCT?6RdV`XaxQrKp8OSXvW;^5<vciJ*t)MeEe|kK!tf7o_64N<usO}H8{EE~
zdz*1vZ?CZ;@LVt(XLP6f-Wv2ZsjEn0%O?Hg3+~t3=~s0puJ7Alwwydy*Hp$8csp)X
zT!$)ow}QVd{uZ5HT;5%Mp5vI%+fbP`|3ixUF3Z(p>YF>P$YJi(PPyr|0Gq<mnH8}t
z*CIx#3XpK(>%RB6HDY1AP8I`mG@Q_q$c?maGXR&%M*MCaW9P_O3K_kTgtd)I_HwPW
z=eDwGlLvn@O^t3%mMfx)$ye(A4Y<}V9b4IZZWF(W=@<6)KHP$}m%c=T%YRe;zkeh5
zPExd2g0aEYPj-CkwUdl3POC^AK5RS}llcbJZ5cGQt63~=H$sz!;VHNay<(2CO~<TU
zWv6nT&$DhP8J`b6U=M)Df0WXzo3hLHq(wiqRym7_e)_Q$J>Rx&BzJeorn!7?jn4m<
z$KBuX^QRRJ>Cdn)o*&gQF=!dH+pP`r;GG2w;}waEyFIhMBTk!3%n#Rg3dGY(i_oQj
z4)iUU)XTmwhY&KG%}FjvYECvJ%zfHPyP69;Tul7Np0$hKp~`TBexHX3xFpq>g1@;%
z<j@UQo1X(3@ojib{d67H>aS_zH0I8|q?+qB2V8@4=;V6;4?x*!nzGKml)0jV!O!tQ
z%0bqU+(TmtQr*A!$j2o`BxA=yznbPKX1$Snn@Wh4SL@mxdr=RR9s2cuUT)oZShY*8
zpEbA0)&&2i^?x>D8`|YuW>w0alfBS5D*7lQVm3}46%TiQwIDY20ccIcv?<QzlW7Z^
z*$by_<)ohb<#q?qy{B42HZRP<D>a>wH~!W_Po9@Qb|Wdm)S;xs<$;mtr<Ok*kxR?V
z_WP>e<FcrE(&fp?Upgm0_q<dP>u-@chx`IK#s0@#sfUmK{QdYPr)zr__j3nTj=B7)
zbaG=g!r_<hs=_1RiMW?>`udK25b<GBj?YB3yDp&LZRM}+-TAxOLG@QcR-5Nus4t*p
zKm5^H+J79xR{(dT=;7@--q6Oq#&}Zr&DqiO+u**$KG+GZ=OlFcyVLBr-_^xVr+KzJ
z?|C0Z?>)WUfYSB#--&kkf=ns~v_O8~eLvNSGj}W@)tRsTPya$<g5h!IcdNcif4kxI
z^08&%o7UM+3L!iG9?$(W93ss(TG4JF{PfPe4ktHn7(>8<Hz*;Wrc{a%IXIG(R^L!p
zSLsdp`U}4IN(`6wNZYM%6^7exY|Elr@+VE;l;CUi|6*zSCJ{TOmP$VZON;J*>h0ym
zHngxs=H`^Tpq9d>_SwIJRuU>E6)Q}KrREKp$qe7)Xk5Nvx>Xh=s8&Y>c{=W=XTX&H
zO;#4JrQ@G8{Rdt=;3Bc_HxaU)0S9MP)-QWKf2E0!Nok+AQI_j4coR*c^v>JXW-py9
zj<rH=>)$j|>bfxy`4T<o1T}c?8k)bD@nASuze=!FYECS#Y4EOPNgN;jgUS%vM>XWl
z_}c7)&Yce}vY#u0^<89cgPT8VSmcbK*Lx3vH39MconXQ;Ke^%jH+!<jYxGb_tEJ6|
zoCeJ-i;+9ea^PRT(Qv>!c1@Ld4|;I@2Ez!r`UEI{5-8u`z<7J;oAF0hSK3yG@e8)-
z&^IA-1;EF1;AR!~FBeM2Kk?D^-1PSZW_?!EYur!qf5v1;&a;GoVj@J$ZI?sK#el|`
zpo)R43ViehkA(y9gkLGHWVXkCzjI;3Pbahr&^ulS)nWErhbJ|oCL^*N_H>_p%cn&@
z=P1zGWYncr30J|IODyHxeD^G0Y}h`~UhIK+5jjkZhgmV)lX6st6mA#&H&713!-1(A
zd*rj+ayR6FcUgE?^glpqO~*e}kvzd(86Z_bJ;6<y)yGGV(c3h2ud;I<sotLADcp8D
z%9hcPnfF??5-9~gZL3^2{Za&$yv;kbTS(Qzjf|$pNf*56j)Dw0K{bFPPc2I8@>wQQ
zWI5t&Qw`05U)7c&e}+!b`ItjTz~ViiSv*Pa`+75BE(?by($(cQQ{Y|j#eabG>|*YY
zs!vOG6|vGidJJ)7B!Sp<Nn`9Bc-PGRov%a5F<{s$j`?*|co;<{TDy`XI`80yM|F;t
zx+QW9m`3}*fVN1PyADOyO*`?NfO!dCbd5Z~70Q<8h{ss3*ECH3s`hJhQ2?fBiE17x
zs(RQA7!Fs#vz@Xj+^%@m4J-XU8D~*=LJRWpra<({cCaJ={KR<U{My>k=M-3om2$+t
zF;-C|126cY@TXQXtYE8{I@b6+3ri)OW1f{4Q0|gRL8r$J#p$#PorP~yAyeWE_7zs7
zSra9Q*aN#-J#{O;oc)u2X$&&~(sg^^vayE3ZsOsoNKL-8=M@7uf+l+f0iJ#hieyoC
z!AF)eThgzfKtM{Cwd}WDVkw70a@2@YdDYC7hWTaQhyAOOj?)*{Ll7V|-TREAjO#&g
zYJCPPcuGI2PhVM$<N66bJK9SdBpXKZsS2ocMpG?uqL8CXDK3(Actu<`tkq-36#Gha
z!HzERX<vqF$kd2EmX$p2`54UKez><A$JOio1)H0nZ*6L5;7$R*`R5PM$Sw=)?5@ZG
zf-1gf92czjCA+~jR5QjPY(S)K6++&a;5=Eq(a_jnE5&OCo>W8|gyjggtxnOy*Vm<4
z*;9H=hhTp46a<b~MKo;a%vbQx2f8S;ACVXlWAUiuNybLgE`@*n6QXyDxUeu}viF|V
z`>2E$4cuou_!KU?{Asp>zL#6KAM-5u0h1BkZ?!4+Z@>xGJg$a4pKmA3q2pRGp?QK1
zm@w1~s3~?^fWne3GSloQeVo}7d9&Bq=MVku20L%g#54OxQXN>U1JZQ2hpTK)3MjSX
ze4v=K?`zPL&@UQ>VZ{yms^lDrijH!WcBMc-N(06OCDS_cuqMqKu4YWZ7W(l*i*+=G
z<9d2<%<84(d`thh^u=%{Shf8;Z+Ct!4;of(Y*dCiRq%KM8fD9k6{x;FE5hh(ff+W@
z1MKNiMO-uZAi7O5f4hVfl_hJH;A>hUP+KB1Q6{(hNJGdQ!;hNvCctvwND-;dPbM)p
z^AVMNHQMWFnHYyWQFe#0uAq7{6eG`6Hax(4D&Vn(%wUTkx2rjF>o>RYb7^ie8_Ehk
zab+kadA?ru*9eBy-gp@FIR|wW%f*dY7V??x7oc59{;3$eaHE8x#`>$^Om|tb$LbBN
z^BPN*^<T6aSoFk<C%NRwmbaNMKa4-0(;s%AfUgeE*G-*rK9Mwnk!m<X8u?_xBQbXv
z_Zc;E%Y{i+D)7d_T>mX^<!)sO(~br}AzaN2Del}zBkp&>1S>(vc+#SMB3n|3vwnZH
zk!m1H#9Ssc#x`r^p`BPvQi<ALHk=Kv&BW9|?PKgY)x=z7X>f4scqXAVn|MVD?v}i1
zA6a4z%d+NLNh0-OOLm5hh1s{OpLK4PLl9qGr<Ihv*wGL*JKFiVXA4hF;wE81HtSA7
zFV~%lSS90==;bf}#0o=b`3+n(vN(Q*dZOJwSiqStVCKbu4<3(jPTlBVzRf(dFL{DF
z*TSj#DmA=YZKb?6qC1IfiI8_=Gi*k@0+HFUzng`1@6b)Bl>~_8+{S9+d4`BHs3jnT
z6}2Kt*`68Ixeonl3iZv`De3xj1U>Tx9%t({k?#NI=Y!tT1#&UC)+jf(a|5*^s(i+O
zoxJ0HsWpcXo*T5UZoA=P*)|yw*-$Zq?Yj`L#$f>$G4F(Ig!>fy+k{=LMhpiz(fY%9
z4=2zEx%`9-Ze}-E%=w^0R}DV8I98ne1V4`$4(rz9@vkd=pSRe1R8s^${T{-NP##HT
zbY!8F2IFax*bDxNXpC_WD?Hn`2Dx+($#Qwr@XEtcx~KC{_bm;<`Lalz$46#>>@)t9
z&5xAuZ9V2evVf_I<x@>z*a4|NW^jS(L4wDcJR$mYZ{G##rMyEm@%0{{?p%+v1s@uZ
z0>XJ-(O#7+&@14&m%0^uZ4!<vfnZ^4N|y7-C`o-Nu~sQjhk_$goy%$Y9@@f`pzVX*
z1MX_L$m|H7P6Z20EgK1AqkHpX+`EvL%}Z=6<vNM<O}h8nw%SQ$vQR3<ycqg61~F*e
z8i~{)k<+Un_|v)|^-DdPNyOJ8u778_=SsEG;qReGL5Ed&|Lj^V=BDY_ujUV!;t%O6
z!T5z3UI?e}v2MRzkapF=m3%XFnmTxwh(8y(Ffboo8<7&X_}ihC4o3IuAM@!Ps)+^;
zpZpzsK>jH72XzVySIgb-FxB1BB1B>TE)?&QbI-jx&*I0K(L~5XiwcQt^ab|?5HBUi
zl`&=2%hht`7ZTo@LML$)nCi0+S7$_*TLsvdDC0JISZYvv^2Xw#$2^OcLfqDO1VJv%
zI-x-^=V4O#*hrGxJWG`vgLk8T5bNO_+O-SRGW1+^lkbZXw@j2X0RWOxH~kP<XhCkd
z3cYKwJA>!fAXo&%^)&=XiB$3%pqHx_5;@N8u80Ex+AsyG3K`x3#V5b*p@GRNi?^6H
zMHI~xx@@}$T8>Z^prxJLhNlHiIePKD<k?{;EqUGHMmPD9D21sMg<iSbI^0NMN4r$3
zM?wQkZ+F2%wAKAX1MJ}L1F9Lbp~wpP9VS(96l;EIirCjgK8#GHSZePIEUf4YeT(NT
z>`o!|l4-{(1!pX_rYPSPp<1~<ozb>!bTbqszGZQ5JcE6coQ}6)<`%(M6n5S4x{WM_
zfVjFfL(}+?u1Di-bcgl<j^txeb~~vG8g~TCM(M}8r_?GXwK2^LV><OU+vrHIk(3#a
zF4X|eLo%`xyogL`pOp_dJ9M#H2NjW&-B}{Sd6wO#Cvak~>n0+4BP955`TNfBVPJ;L
z^{=!lQm5ePk^KBj7RVDy0I%o_G6$TL7!De7GGwW)bYWNFklle~OBBmf4SuFsKad8q
zv!p~6wH)@|hyc*$8+7Y0S=ggMe)*P#d|K?Z--a#H&b2?x2Ds}_U8QFm#u|c0g_L;4
zgvpD0Trf8X^rZ8id?%H$5gY7!2l=_Ei|gZ~Mgp%U8$)HII{F&$p-OF2aUUCJ-M{S+
z1C)`s2b0nlk!hyxv(N&tq{{ivT|=nV&i%JXRWKxwEY{dJ){2=yeCBzk7(K}i+C4S)
z&<$HNKswD`ILzqsgd6laVIJ0OE?CYV2-ur(;{CU6oV7Dh3P07Xw$AL4BRqHLb;%0I
zDyqrk=yy-RJq_Bs0zkSP$S-NQ&bo`BLj~-XbN$l|j|dF(6>n?hE8KHD-9M!WNf~#;
z()Brmw__EuY=9<8KvNgGFljzq(p<a06}DvjF_~r;^D70i<)*CC=?!@-XwX#%Aq#1`
ze_l%MVFq-}-_B9;Uk!sIscYE4Nf4T~!{qd^i$<80EMO<1@WO(D>$FU3!cryE6}P<~
z<dx|<1ZfH@tms?Usy{wJu_eFH6BN&;%1@*M8*c38vj*r6bA^>rQoRlrNOTc3V88JF
zT0_DvhaKm+9jU+=i0bvu%ss5Z{-ez9XisgWkH1!WS=vx&4VPiLxGF5%_cH8TZyeaN
zxU^1rzInHM5L2t*hS%$-{OVy6Z&TKGh=Zqwfw9O;6vxMy@ajM@Aw)cG=fl9o9XNXj
zOK%0myjhZECN8b~Yvdsy)ETlEmL`&kwlAI;r?2fOH=~QbI{X?f@stXW$HXzu76?l*
z0|f^Y@+Cns98w}j%MOMp!g2~o<27OBN-+A`7CV#i-=D#FBhAX%e@!~2!S9{YM*l!M
zhP=%DYCZq6?fo=DxK6_OaIlP9M+*$i`WRba4H0XhUecXQrF4GM5b{s?1u=Z@SnICt
z*LlA?Tw`caJPnM&E;18pGtoyXpD;<@<gONXTVvkoa1SLMc9dbqgB)mIFUIPdL65T^
z5_FI9k`Ggz3iKf&uaR!*(v@wFB<!QsG-HK;YGUy%q{3~A6a}`W7UWXv&fVCXgm<h4
ze7WehnOw$4965*FJMPD+ox)n?U}+JpR(mqI<hsS!#sjc}&}6$~%a;VF66o%fYx5g%
zo)e6St3G@8af2o8CvjFfEJ8E1S6%+lLi``w;zZ%SJlaw7_~+E8UGp267uTKKe%yr!
zPHmS_box22KU$#G90zh&HT5P=93l{dd7>ep_#exv?*YfQbtY!GG@$*05=cCD-RW9W
zjy-&5|AV5(DV+Sg5G57V@jyeUIx*j)>E!&zT)+e)<pPo)#GKH14oCX$n3kMg7jxyO
z*vo&?6;e+~mxL#vyB6HDIztErWC`Njg8k}@3dED?^?Ho=JTOf*+w#ruPbb2R0O*!p
zPsA}pwc!~MV9iK|XAGb@?>D;d@g9}8zHT`>mDpFVNQz|TG)!mf^fyg`$zA@`N8M5$
zM+!=Hv88aa@N^`m2Jg+x^?YILRpGYI?q9Vsq&uqe4RoH4tXncF>9I#oIP?I*)POq?
zp1c-Vy7W<+l*>}o-qAz}<zjMDxCtLTtnA~5+<QOFFW<;LB-e4@7#?(`?JN6Sto-if
z9Z$HTx?0a(QC<+_s&c`>1+8_rXK{iV#q)=XxeH^GdYPQ(OS4cZ##HVV2iZ5Nl2)`S
zw=@^czR`sgBT4UZN@OwAf`1)(C0CR!Eq_$Jti-+p(2n3{eBk|yKF))>2s+3=X~t5g
z+M&#6{n2n^zjhYy&L^pMKY3&_PHk6ZGvgHEO_8{Fr<O^K=R)W^TH{$+x^iixl)b$K
zbRg(vGPq!Khi#J=#(G{KQIF>xDTiL23HZ0^O}FQGgjd1HiHLP=Syt8R5|c6IqgyuK
zw7Qv`Jci&0r%rkpAz43bg^;PIB$P1}vp{)fVgP-3XxR(37u6KIW=Prn$c2@+H@<R4
zj?!ZlTsk!om1T{lTYqIh)0uiReIxEuzvf}S@6QniwR`R^$5OaRNu_Y=HOGtdPHvKH
zNvbdIuPGbO&oZrM0Rn<B6Z@^!wKzuXEIu{5XDd?wJvS_ru!Ly7Z_G2f!Z8m`clQ+Z
zL5D^|-^1QA#r)$19_%yg-{9R88oEyUM3Y8()d53IHo8{1^F{_i$jeYGbMKUM(TbPv
z&1x^RXl%r(<)jA8{bIByT59+lp4{LEJ%~Ul#EzDt1;RbRxL&{j{(JBR0XWbQ82qmv
zEIr|DbE4tk#ia*&&01ezW7#1Y-2Kl}Z8v=puY$h!I?h|6dwtp_NtLbvRjkk`Gcc(M
zby_v<O@k|0(nFunuhA2s)*MYefjj7Z5u`0gD-vohaX-6Zt}#7uMMw5?PT;O>$v=E_
z%6q4ywr08mYnN5t!}OZzK6==-JI3e>@3}sqGw!0Ze)0jeN|1r50?ka8+;N{W6su{N
z#^ICpk*9nvZ$-8%H2eD)gbAj!+g{<kT4f<NT3uhj)^;9W;hd{BxP+Iufw-=7b<Mk@
z?^Cc|&FhFg#%P?VR8HuyG2+Cb33%qF@|wd<A3a37Q0YSECW=}0v93S`#=l<SQFB=H
zmj1xngmg?uo~WC~4%%};2u;xC+?TJ};G-Wt9=zdmRyWK*IPOI}>&t36@HbnSbAyl0
zKPo8DStJNxK;SunYh28Iv<mq*aF_6`2q|+LEj-tJsATgFf&1ja6^{LyX@YIUx1t5H
z+ip3#Ew6*uk9!<;ygOIZ_GAK^8ts~J_ftVo<*Ql7XSq<Lg(Zl!qnxO{{4r%rfF$EQ
zw>Zyny3b4^Ahj>>9mt_$NW<x3QO2u!cO#r@Eod;lLQ=@>Kj;8(YAW3w-d!0#8}^j3
zHQu`xzC0qCR{t8xI`@VqGop^<t}_3EH>eUevb%i?^q+H2L^^bAe+W=2<~p5f*O6wQ
zM|<$*@&u-0&lN4joy%|t%D)OFItK>NfE}k>+D|Cskazlx9>2!ktPzNY`0UAp(c9HD
zg<Tzwtkn#z#cfj7>XHb@2}kVOyRhj@9FJ!`ShbfWz1C<kM{U31zWibcO)L_Ufs(DW
zXxH?-pxMD~9{l}UEu&7*6Ntbf&xPyC@T3^`HX%f)3)E)h?yBafMZ7KkaihcuuUMbX
zpMm1D9vN=^H3@!JD9Cv<u?x2&5H}sN0a8veit_)^&~6w$G$0uu3CC!m1UP2sQ5jQ}
zeuQI8eFitnuyfbc*1z1^wZwZ>G3mLK{(0JauZ(5Rj^9M<UoIeHx5S`%K8Fh3i8WR{
zE2g#~fgwj0L$!Vy=~Nfa^-)?rsmwk%3>fBw3%|D^-Fj(Gl74pg6%zW=_$9ISg4%^k
z%Wd>r5A-otff}8ijanhVe<B<gLGDt<Yo>5T$QAttoVRy6XQ1|b-OFC%yiCi;Lnm5)
zM7kYg%b>z;C=<Iz+&#~*K(8cA&Z#H+d35(%4wo%`bmN_1?U*(YqZKWUBt1^jPs?yC
zOIIumn`wX>#in~9qfXe|y#UmqgFo%H{{bwdazqu(A^}_D$AvCeU&QF6zryjib-PT#
z&0}f$LmE>hRw5i7oDPOxvY@w0iY%bhp%$nzD;m)kbhc2@e*bp&95Sb%m*br$?BLJ`
zZ=;dWZoJUx%Bhg&A$O4v<c%`6(JWy4he2^Fy1jFP;fYoq=FFG}KF;?@Pgj*Y*Z2m~
zVNn^ZvJ7KgV+6yQ?bowMjW4p&9?q`Hq<swZyg>{yO9glF<!lGk&~KJoA;BLDA6-yS
zXHDcknxHr!-Qb_gXn6(7>oUZe1v|q&{e1f~-)NKO$lcKLn4oITkw`hfLsmK*Z8z5v
z>l1n+ELt$;?5wlMoMaDe2yo4<w%>Msu;Zh$dm(ob+;bPCp6u2&87N|2+8L8i{amrv
zuJl+$scpI??oosOVEN}B;24?J>csSNy@9pU%}ySm(6tn<N2tqnkfwXq_p2g=Xfec!
zQ*I=Q=;bCdu3iGqjUh=1Ow`y%<E_%_!C_OH2ilJbbei`V@q14VE}J)g6r~7F>D6-g
zVK-6R3$iQ#Xe&?iH0TmK>*F`4CtJ6E?sF>j<j;!3%TT5k0lN-_p9N0idX_^QVcSaC
zZafZaW}yUX&;GgT66k%Laq4Cd*Pz)uS3fLYBrYa&&OLL$5$kTzKX+*SZYsM|hAQsJ
zxYb^ASiHgjdl$VM7Sqg?<DUZ4cM~*qEoqB3>vOT)TR9Of*-H)K8ujl&6sFe1LPyT+
zq6e9A{A7Y;i42Q@0^2)#ucqG-F>n;_aTsy~H=lM?n6jHV?>Y$=t0Wgg1<sZShl$KT
zoKU8}POC-d*zu~LTf@t?2eiuFtS}0dLINHpPuk%Jh+Wx!atmPV-p&BSpPT7{S{wf5
zYgJNns*!S>)dMk;;kz?o+>+UBYH0PVVV&ySFJl|Y0?SNIUbqXUeO#-D@oChqeO9kp
zp@(@vrR}q2P^GP%hlvO=>Sq`<$+9kaDYW~ouL8RE9Zf&(K&(i+=(wLQdr}+<N)WFe
zT4qzd8V^;+S5zC-Zhh4phPuS|$c4sMb8Oewo&b{N%4XkZTdngXH}^pe%0z2DN?+7v
z&Mg8XdsHDIeRR3wtE}a&1J)qlSMTncuX67B>Z*<3%2?gI<<+l*B*4|g`=eWp)g@z+
zw)#z*qXdRrjaFfQSSEu|J&2A&Tz9Zh!1ncQt=}2HIR~F}Lk#acvQi$iyVHEbVTCfH
zP!3he<i6f5b1OOWb^Q1@hmDqbM)L*oVnra;ZjXeFAHnbi3eO&P(hO+n@WF>rdr852
zLcp@b#9{Ra{dCxY4MUM}J9NtVEE^7>8cU-?qYy{Vq4(Ch!EC%<rBJRcR_cR_m7(%d
zwv)Rbj;2qDiWmxPpD26P49ba8XI~o^UJnbXyT=P&{Hj0yn!VfS%VA4%9U0$Qa$n)S
zGf25SY}d@<Tzv+ShD%mk<UpdUNPr7i+*hynEk7^iurv^y#QQgb6ytNKm<`lFtqYB4
z^g@YSHKQ11WlLIu7=xSd-ir7>3hn?rOy$D@)x=Mgn68)9Sg$z9!0268I!XxekOIZF
z9GprrT0AA68_GN$D<hg<yskSk-q2y-p@}>4E!D-t>J+zvwPUNi76A@ZboN=jp>ur=
zro9v3sl;ExD&VDyF_x>tvS?aft%7`X`q*40Zo093W1tzbtMAkHDw8GfK1MRjX5waO
z;vXMc-p}r7wAGlJ{r=cP@N<$YJ`9z;q}$z>rsIl)&U9UFtb>sLt_)0krE`A%GxPOQ
zdYadwu;Y@6as}po<Bi%y3$kYCy@uZ--Dytl+T_rRR~(Nc^3}|#CzgO`tCPB6`OTrA
zEOJx9a>~{`Spk2x8>6vlne_@pQqg`|hT^$cdUy3{tobVkSkHczz7_uEqo-Z><!)i!
zL;iM#A069@wm1;2fJ=H@rLIF^1^%Dgd-{4<snx2L(x}!|Qg126Ymf));cWdyF3t$+
zx(9|N=X>0kN`^7d^IM*EoqtMOjEE?l<qlr%X`r2EfKyqbleFrQu>FS(vgRhazN<C%
zB>y(2g5^-(iYcGFxyfD=(f3@ckY6m1HI&k8(Dx{i+oZeY_u!%`Q;fU7XThu&MJsid
zBNvAysdBjDc3SM{mI;vse^CIEHZ{mAof`ArIW_0lTS>3fa<0N^aoXQn@p$7K4j&P+
z^fuBMeNEyHcw_c9^c%2N0uHVRd`85O3^=t%{FCxCw{5B)aP|l8a_Q+{EKMMk(QyK$
zRe7c9f=N_GfxjEpi>{0aVx(qY%8u?RSv(RcNGlg7AGB)u71gFewj|O!f3_3^(Ow3*
zEJnmpA^Q^5NpczV;#66yFjh?FRrGdmMNQ1hb@){U(1sh9qu4AN2)NP~ie}A=TkR|x
zYDl%LS7dQ0Z-eQ0g>4qFUG0FSDBjj+`&zgAS-Q8x<~ApK`d8SiaVRYZZZEg|$$8jf
zI2c(T{05HpaoMYFXVB9uS==uISOw!nn=trkY<Jlk^cVm|_}@rz3TM2=No-Giw~jO#
zo5ay4K&G3K{uP_Kyyng*mkW%G`FB&{$$Hd9gmMEkGjmJLu#e+(-N;RbzV?wJx5H_%
z{5e9+9475vF6P=!LT<dA_8BcxCCzeBr&O~b>97Y2>#b<si8l{i+HO?Up=Xz!brxD?
z*zMEJ==NVebF;qRV;-=O_fgv}md(|SEL%4Y^bXGg(n~~dEPx)u_lD-_>ns=c2p|3D
zaC5$w9FnvbaD~J8TF3S-fw$l0{(AU2H#o*W{Ebst|6Q(y1I=ti8Ie-#bkL#0j;hjM
zrQPqe9LjE1tbl%cKJX<F+WLVH4HhJIL{q_y`C*?WiCD~6TkGzoS%**Mak{_Y`S;0~
zyX>G`S$5DrEW7WEPn{4GYmxL4PU<>%?r+={(~8YF2B6U$+1)Xb))}!k8q-4Mx#9DV
z{+fvlJ64XoYJk)U+^slmp0u3Fz14I^WE<?GklodwM?@9|=({{qm(hMYw0N*T?*8kB
z{<YmOBYU{L&1S<)0ck?1Cz@`2g|qNQU1r2O=?g{CFUpLky6e$kzz)N$E)4L|1B&zg
z4H;tUZAOk!W^UPy;@U|=?q;~*XCqRzARGB3rkGljJvAIWk*FPPqdd0p%o^N`UW8Hu
zGnT{jpluUQ@o?zj6RAXucHlMJLcj*2YD&XFBLnzu>ZQoxxbG^lBBH5Yi}#u8`%DNS
z&Ui8ay>&t-^v(QFM8Imd6$q2XJR{<orL;chH3;p0&{6a!wz`nGRpp3uio!C)nm05g
zUBEc0cHuhwa@8K>^-?BEP<8hJ982IM#6_;pi176L=w@-Bye1qTDpbZHzGvfm455DO
z1ycIYhd+>DvTQpIiy?7@x=5+j4Xpjv#bT%tijgof&?wUOscwh0;FeOew_5M7W**Sj
zEUJm0(MTldOL%t$1&Zy<_$RV6BmWDBCzLVtvJ)-qZJBM7kwUGfx|v1_#@NBph#rXW
z+4{vcuynT4OAjxc?6>6XXA7G?NIHxVCD#0sn()dQa5Na0a76fKK=<0iI#?-Xgrc%>
zeR3CKNY8E73_eXYFn-cH5b%ChyRk{Icg_(B69xj+e2y|MUy67}Ky>)VJKZn^5l&G&
z5Z|rnx%+EWN~jbq?4p*(r|A)~qz!~?RAT!{r<;3j>0m~&pi(IpzfVs0SMv`~q*vGd
zd?3U62E>44uB}bUu)fB#9xu7;%nI->E@6Il%V85wp@e!no<pL?hMv-dIjOj0WJfo!
zF|m)qL`M8f<U<r&MYIzvHbYz+-lXPs%2JJ(BF_D-cMoGb+Nc4JKN`7C<naK+eR-))
z^C`lOp-e{8m|e2W5MtSxbG6~%*&;vp)f)`(<CN;+Y}ZEF>L=c09S^C^_?EbxdyJBz
zT$t2tg1I&eE!pxJ0{*<<7t4z$6@u>RV&^XQunaWca~(owBnX+Lr{C}Fj!0B=R^aQ)
zdRUolwVs+d(eTUtpiXspA!S*X^{s}kMc?9m333+*uMA<mr5fojJOrZqcl4l~*kU)c
z$;Mkj`vIOVO#<IiKpm#;Qb0e1B04@eqY->6nA45}jqU93t0h{HwTP&&xz>qiK4W$X
zb{_nV*E0v`jr?<SR7Knhj2O3f#$+#RRUh+}jlfz|)3jj6As_)cZhm6iizO+lO5TIl
z&^k4?Bh>`3za1`^w5_Tq<lsMDe1l!y-?0feUMX7hw4v*T#@^K_DVz-CVBO+Kpuw!j
zz{jBZR5?62FnbA2C9C()0{^TNSFcsowofgSqv^=A9fx`lM;V=smOV77ezjy3yl<oE
zW<t6mhLSDA_FC<)CosbZZT~V4#mahP23kTCj?^UU0Io?dobYaRLEPKkOwxn(1rZ(#
z0DSb^ENizS_H#P%I;lm)ofGU_lTxo3I&6!mwvV<zY<6-r%zYr1mYTb0{`J%%xia1E
z)sYt5LaI_n_WxNl&_pv}1|3?BuqA^7CK{5Eqnf(a#vVXCKex*bFWM-;6-k%gQsw*`
z|LD;$;e)M1s8yFMb#J$4fpRHSCItw6Oa_XPSSF2MRY<3}&m9bvT#xx(+LX)OGK;HN
zoc^<F8cO^gvl97cu#f7uk)JIE6}m)W`$sp7`ope)hIvLAY`1>9r!oq9{tB5ysXr`-
z!`SD;j_C3u6X~08L@iwsifY6Gwn&V=Zg11DGzH*`WIt2#FbeIXl1&RH)`9?9%=67T
zAY*xv(jQt$wt;TgqZF7Wz=6;X3tayx!ubNMxQ+G2i3idwHJ}2v+}RIimv&+RW`@JR
zYrZlp3?KdN;H#Td1>J!>=o|HcQFK=r?JwPf?GK!-ob=6VcyX!)zl*WWYk}Icg0J)_
zpSyIct*jD>9hU-+IFAiQxjs5Xd5XxO4V^~9)=qO~LF0}NKQrk!Lh-{HBr(7_!}=h1
z?A7R`<_=h3V&od*rca6b<miY<DNhgq7^-7>@V3=(3>1Ggvd_3us32F_NY*LNhWl&`
zc5_{_5HtXJ4MeK@<ydn)jk|K37eP}g&zVhM@Dzcuu+))`&|)aqQ|Y6wa8~N8jBScL
zvW6)(n6MzdECiJgr>aJ7VtQydK2><3+O4^U<SrqP!$4HU?&5UV+(>z_9bPh}J*}wa
zUZ$Vw{?jnB)!mW8MfMz3I8u}>;P#Z#F&U^fE5b{@kwKbM$$;JC{s*&)!8O%r{Bq2`
z!Qk7MfPs*=2|sU!IxUJuE_(R1D9LR|xfe>N+)&zT&oaNfLNFx1W3`|B<%m{X;g*2R
z-y?J7IB}QW!{nQ9rUfgN+8Qlg$vfyIyEUfB#-z=Oa88oV@X)kswjEi;6OaJ8MnSH;
zSJZiiOGb2Agv!3lT6RZE;cr7$sJc?BNZ~SjgUW|f42Qj4C`vHGFXm<v6TdbX^>71p
zSWnh?7eh^j+cH{Y%t?KF#~|Nz$B}e(-nr%Ij!+!&CV^t-{(r~K4<)42VFBn*$<4L<
z7o``*pDFbVf;v&zFu7SFkn{%W^m2H2DfB(-K_<z*Q4c|h>iXyq5_QHrIlF_8D%q&>
zigX5GKj^2#U5}iXrf_dTZKCxF7ckFi!d794cSkhTjnNl@O#n_0U6+++Apkj4*_U8{
z8qsAhPX`E<T3wG2-_Hpnb&U7W>HvAwis~;**I|YHq4G>amM6~0vSI*+69Z>!>GHA&
z{)cT;W3)U0$kYhHB-)%SDF7U;&`UtF8<6}-mbC}eFthdAHrIO<Ed*>tP%FK#wG@al
zkVDYQAWSBueRTW}Ic)t=iTe0x?w>3cKnOr{g{{R$FKcVGj5qU$ZEk3Hxx)ECjI0($
zr$7yT3P82F>qDH$f9Gpt9<`$5)x}&7sdVaS;;{XJQ?wlG1^Vll1NMsDhDys-QZ5F}
z|CX*!8-0lE_bZ6-*uoZU%({PN$kTTd`4=nNGAUr`X7fmn<1VA;hzeL<0tFe1JB+nl
z<jS>cCo^O|OOwQwVUp0rhCyrwV;MNgR7;6PjbOU#6C!PUG+$7fEO*qQw{x%)kC?Pp
z&>^c&h|`W?#}_bpzg@UOcCNN1zol^41WKltYnPR>Zgx6pzog%<S?34S;4D?uk#&O*
zB^{2ZQ!R~oe}xbA;x(y<i(5a*iHw_y`xIwVoQh-Q)IDMFLOgJR>T9=~P0+>lhDN36
z0UUTe-EA@Hs$sA6{e4A?D;%R${hhFNi1v=!!FA2ixT9zygmA#ww19GXiDPW%I$po<
zGn-gJ)y|t5X|goZpVAw#$=v-kn;saF5`u_GM*s9%zq58`vt}`rwRI+T<4G1_W`5cB
zPLu`W3o0N1ib146s-f(LKq=x_T+iN}(3>dzN<s8cAj^9Fyng{t)}~r+mUm=C$TX6a
z`XNT#GCqKzv;Q<sd|zhs@=g#xwf6uqth?b2bo5N;I_hjJ7}J#XuTe_|3wV)qpk!hA
z;=Xe8CJ=U!(*;hVij;bMD8F^(amkmldA|t*`K+X30coPKu@1kbPa(`u+c64{i>E*L
zCmbL~p{K7C!}?<h(Kq@xWENX3-+DOLkgcOFu-udE*Im%X_FNj)Z|*I>o+U;G8%T(|
zABq(T&5BVo43Qo2`z!;8=LB1Lm=23u$q<Fc!W360L^O7cM;~RSh~qP!_H5bnAQ)40
zR$Tq|AodRKi0eq}lcO^j0aJbKRt{CJQO5tNQzjkqJlwZqn%W~=f;=L}y>LVRY}YpG
zcx)OiIDmODwhyQDb^S$HcR5kAxSf3-D;A!TorVa`20~;(#gGccrfk%DRDUVuRR2bN
zst?UDMzmL)tKEy^y?5rzvYLD`+!$nJB_}bQtH03=n|7~8dz^PX;;M;b#+-&Mhc<&+
zP+E^kz|JtNAu_B$ZUy@vbn3c;Q-mB+N_N3}PkpMQT1EafuZ!6AkOlaM7)an{d4o9|
zdPgRg#QBS?)D=ecG3M!n<NtA7r0>)3MO-jc2!A@aC=O8Lo+6j9T2uih;arIuhH@Kf
zC{?JJO%dw2^=J0|Fmj7SD80uQNAkcmM5rY;_PaVjuVSs%Z@&MklZ1{q6ha;N$B}6<
zKafy@IgUDQNU<PB(T_*AeOGIh(|)(I6XF8I&#HhT1Pt1}DwTV5jg4FBmp0E*Q;P;$
zih5{=LaRL7LTkFPcsY~3z1QNfqfmvHz&7-zGY2KRVVA1qA&@ojimJzKja|{*Nv^?&
zp_GEyM`DF6lgIJqOv%AZOB`Ed(CQs;M_i|nN4LiwsebcP<l)%hybz^R0*dhh9(e%N
z`eJo$)*?xBk&PN^*`L>smCQ<3>a?2If{iScEL1bDq8LvH8r5C>oR!l37d42$8QV<J
zf(Ng83Bg?t0+&(1m@(A$#imNy^4<CK5*B7Ke-NP>jHl=g?5F7O9$S0P${k-&@|6c_
zQgw!Pb}<=2k2QMS{@vtx$gA#}Z~-VTG@`llpjK!A)BnejBR}=D27_QW{XK#w;D4bc
zR7D25j-mbzf?ZG*Quz^^*Bvdwz?`DSRy%;>r7#2Da%hLg85PZVkPPu?<I!qOAPjz|
zc_@W@3^-=ep>z7wHa30J1lKXT@Z1IWmo|OO&&3QU<DVR}2*EuiuvFy_xIK0FgWDoH
zOaf<}r}!KB{FB&tXh<geN$~<mn!w4R6$GAl-tq>TT9qs(%&{Z`E6WYos1%Y+h2#Di
zHn#9M&X%U*p8yO;>2E1@O*Q!-XyU*`+`<~=BHAO$QECc4qN})5aoBnL4NdQ<A5@Xe
zAE>y009Lv__Gq1nO4MA8A<(et{^y-NRvo;+BeYL$&t}kz9@2%KF?H0(jeO820H;J$
zejlbT)n&CPo5#<KU0@m=WZ4~_=cnitras>c{zQ7b8siR^{QNUpIfHAcbepH%{3{J9
z%h`JqH;6!8qR;zI@PG(clVO9dRc-lJ?6L<L+(BE2_*QH?63=?EYNBGP!=m-yuO^%|
z=zZ%u0X_MiD-=2)fwj;s^znio0@+aR_C&WUzi$_2XGmR`(%4lZc?EF4X{rmz5!zJV
zb8iAJ;CAnwlCC?|bx9d@ITz<u4z3%#CspQMoMf`E;)v#9thOv`-V7i8*J}8M!bfDZ
z4zU^h<V{GyTqbMg@PyC%7#HhmV;71O${)(-R!C~i3NoUAN|jRlKQ6@*V)GmSCcA4n
z3QaxLQPY^m_RiaF3F3rywfjeUx&O=-twt+mab8K&KREH#ExwZ;AO*t!z@o6v=l@g>
zwJzXn8ao)dc&YKAH+YF9nF1j|j?QoCVM9=dAM+b@eI3ap>Xjp5gc;92rUJmESjw&N
zXv>Za5I?b>#E^tuYzN=c!|Up<CGG<?R5gnFU+TBQs5=++JF$LIy_j#u+AVGTUH@RD
z=Oc}`)bG3SUbC$u*`9@|n4v(BYHJebu<nLgkAPIy$f8XiVD?ekFLSxi@eY2im$HI|
z5J5J-p5<<?Mt490B`WJP*vk)kC{NzA?@c=m!_JfWq`J-k#H+5x^eT;N<QP2xT<9KW
z1A7bvMIak%r(rlzpTA7apjw3^#X@mEIOj<B+D0;HlKMmG9$Jy~)E)}06po%YT{s$}
z?D$qU;M;d*+hjbeVKmdO;L#3IlMIxeob5`wfGYg<Pjw5%$2|ZC5{>7_R|NhgFKVS+
zc&p<A^|+&?eImAV1*H`$9iH5_7y?i`kETkKQZs1V*#*7-4CyMSj|!UB`QIOiN{xE?
za4>fS;3N+IZbj7pV8&$tnCi(3+R5fnW3)Pefnp%R>z730!U1^Ir36UalU0Vmg!20e
z5%IAzoet=~UC|m-QvYLGe9J~ON2j#=13C3!<cTwKtR4Vbk@!R0e~d<m0I*5rmQ=th
z8?e&-zxVzzSCr&$Lkps6%CO1T3H#wf#EW<r)R@m7{U?_9Bh2BaCxMYMnz=vNG%S+z
z+)NMJX^MXpXh2$pc^Tzw=eSRbS6cNioG5OuwTh|cfR{lQ2pC3vUtx0#P#zzG&~&YE
z{5@tHFkG+{J?e?6I^iYH;|2W0t{Z_`gFOLg48KMpZSP>C<Yv67d(rYR$raJA!{X#$
zbd~8v1YUB!Uy1$TS2;!ROKI2Hm2&5S3y6mi5YPEam!;O>Jn!$oS=n@W5!>|Q*fZjt
zYJ;S?Ma?NXWcO*Bu`nk97tuj$5B?bj&-RbVh#uqcgD?l(y6s(aY2#*XB^@8A=8h)-
zYuLdWs`|2<=AHNL9mxx))P68G4#SXIoPh=@9U^uHz_vGQHcJ+m!<YX!kaDyDX;%zn
z-dd50MFd&7K8b~91RG150<N16W8BMR%6av8v&G=zeHgjRSflk4U@cv!3jK1S_2)S^
z=@yi#Dy0~F#H@?v5ZzGo>UDayHN1U2SF1YJ-E^r@AT~fKNEq8$MGatrTLVDsRg?(%
zU`r=)SDL-BL)gk0*3I|%KBFJnMQUGx{q`g5C;1yV_Zwzwt}n;~#w6N7Ka4KS*^FmB
z^UwK%r9lD{4p$=N%spHC?#{D(0ZC|y$g#zajV>qv*##W*!i<FDNPw^zHT9Q~d{&kI
ze42r>vz!YwUigE(#ep2JL^!2Dj=1*zvV5OapFj9LAINdi7_Iug{RAoHv#Z0GO!}D^
z5w^!da2xDd7*}HioPOem(E`%GqptOJU8$}9?jw}XxrTWUYG9Fbp&hQJ4PexKw%qdD
zYYU6y+i>QGen8Y@?#kM1x^_>Y_{m?VB6$Z|RxTSuEjaAUN}T$ITG5VybYd1kG%wsl
z9SOz6#Mamjf3VcUnbi<lUH@*FA6R_dWr<!ty{y{2beMfv_jR~8rvCfD?llwOmXUYW
zk$0_HJMIo9+M#p^vc4IVdw&qOIl!r;ebqd2%fL2c*B;2Gf9A=eo+>#siGjzT`Z_-I
zuqOFJ&DwNLPrJCi2yrULpz>dX`pn(%@;_POBMcw>$k&k5<N~5o=5C?=vX%?h375|4
zph;xSSWwR_ZCjjzd@8ts_=(C+(35Xi`iE$!`}nKQEx-s^E68kB7PT@s(=gvpjh&LY
z8xh*<nu87P*4#Cw7P~QHo}eR1W{;QH{2I?`*v!;zY_1*aUW)7blS5JkZw-bii|^_}
z-o|}nFp)qFSPtLrHE1vrqt7_L|MkC+x$&F*cSAR@?r<5)vsvx&YP!RZN+KH=Ux41|
z!`;DcZ($d~U}1w1wqzBpcO|er6aht9C0e}A&F)+dYT9_5ra7zx%n%8d6!$9S_PWv0
z7Ub}j;aubVZJ?73GhA{q+#9+|1OSb)A;0Uv><&+-jD?Vu1<KR<M%Tv&OEibAGPiCu
znZm+{Y4o00`1Lg{7xp+V*$E%6#EE7WTW>zI<{oFwDTvMuaE=!A={NClk4DInd;->G
zO838XQ?0scoCUfn+!Z2?9&;+T*xmqujTUSP{9FEyYeQ%8bfd^w?hwPxUBpqSKkNxy
zSGZl!@AZ!dUN{Nu)M7JY@R5Rw#sli9Zk?4s=X?GByI9>I4F93a=z6P1p7|}kz_=bE
z{kfPVAkcNyWN+OGBRZ83_HCsG+boB#0tkDX#AX@wc%`n?r4Y`P<ZdDdKR}&~Bu3T$
z)mw4YQ1Zl*ZUO&DV$NbW)dqK9-d`TA4<St4>@kuUju#T<_>#K<@J9f@1?N!1Egp;z
zXBMerZqyNT0i_&!#Pa*d_+l*cV(VvN#w*l6j}KE)pLpn#ZF^?Wa<M)5cUC~$ULtE>
z4c<1Dnf%Iq>~VFzhoN(C^B0B9r|d=8RE{y~94sxBUz%}F_lRYxCSE@8F#6)Y)=wY#
zYT`(SaU|&R3j_dtr#rH!W{t<aJG}*(vXfjqA|emN$_`T!0513AgXmt60bYr!A?)_w
zKmwqXBAy1J*EQ7<!}BM?0a{VppW1U$bMOb4#|Go;xgJniz#Y42_x)ErO3eJJg+~Z(
zbKe;vicH`v9?<=(U8DpN;2gltFe?c_3853AOu(}(G?>y5Kx`Aw6GpPrDHR<rsA^0w
z7IBzrb<hy>CglPC)pu(+^Md?gQ_MxGapR9?Xr<Vm<!D}NkYH-3^~@hzOjlQ?@LM87
z3IA5(d(@(8q@pT68ln>6Oj@i76euvBjpfV5P!^9gig87FT1!t}kLZTp@{sTHMlELn
zl8HS5ISRy10<|i8!^}@bf*%W}hqMK2R~`gE&Fwth_`2~fNT*YQ8j;7Jo-?#8^Pr7`
z{psUe&G`@EAt3Jl7V&2bJn4A2UDz$Trt`*ehd}<>qsx$>^RtI^Fi3n2)p@D(IPg`M
zNKG=f6ZnYh6t|xV41g9cnY3u~XYLO+bQ**QDG11Q4ORNZ0KtpD2EE<ZBOISaMIXyZ
zEa^;tUg76%6sc^UlDT*am0mml<d31X$4@veni{a#?^Y8=z|Wv?6tYi8oja(Sz`|S&
zJgS=Nb^#+xmBkfCF#xA)`yn8X&{Y=Le9>)TM<&(MLOK;NlIStq=qf(}gU%ZF6Z^7?
zi~1kWVMBZXW^3U7_L~CGBKr@ZR@cj>3C<pEz_<kJ7-mLA14TIPWen6K+YHF==Oa5e
zfgyC@a}^fo64sR-##jyDu~aAAarD=xkElUgr-JH$NIwY=qMAnjrKr8M@xN&L@_?k$
zsQt<<bD`BG7p9z2vqG~HH<-!NN|VZR$py(Vr!;ZN1!YM~opPH>({iCQwbER&as^aU
z3l}U)+!2+~Pytcd;m3U6_xq2_a=G`t=Y8LE&htFyY*I!~@AX=vRHR>(++Tl&Zlb<q
zhYn(kv1i-4l!oc#s6Djn_|D5*|E4<<F%D5ENgrZ7sZ;ex_1P_eL&aGxm4R6<LJg^v
zxzhAZQq|<s@(uf?y}VSP_TAjD^;7Q{2m^-<kt!@hzqprg=c_TCmdy+CS4OYuzzpYU
zc2r?KX{CS)4&=~-Vd;|ykP;2AI4gMg9G?>i)*4WTGLvpxTi<(vuEXgC9Y=G#kRw3d
zyI$ZR+vyChZQ|Lhhuu3b*6meVN1D#`(!HskkQ${qiSI{m_91^rUQt@3x{Jaro}pK`
zq+Ea|xm!I%kN8Gdxz2K$1Ofcn<sM~Wtmb$G6m%EV;lqHJ`-XvW`M1jvhZ1$#bf?gz
z0^XP7-5+RNrT-Ts)J8ACW@WaEug?k`lwg-3lhkuqx=lW#JadE#Nvo9$5EdvsCf$xr
zP8ruV96LReOQ_jJo!(rm(5eTep<VD7bc<ekblvYP28DaX*JwB;j)AGmkCw}O!vY-A
z1ZgG*wKJD{l_peaByOnJa_{`6j25i`R^+3F_vm3AYFrl~qzADlK)ax0SJW=!&gds9
z5^GLSh703l(^hOmAN3n#Hi|$>kwt?y=Nwsmk$h#rmCWPbERzaG(x9Di^y-yHm7ncT
zCy?@_8#VBCvRT~*Dz0~iwS~L;zelr%Fe_9C-kEfFpnXXW))M}P-VE84++LYAE6AjR
z;~qxSQu+}^q%4wh1yL^#2RM?CmPu{f5^N0OJ*Q>WsvKV1&ht>C$$+k|Zi%T<oS{yC
zHf884gQ|bWU-_LD6i|O_8xpf?F)kC#4!rsuZuX3LtmXLqz-;+yCqy;!#T3R>rn2c5
z-Ng<b{rW2&S<kusp&4@Bm*W3lSa-dR7Lz`s)-5?&5KJ<~_O!_fFB^&1{*cM$$1LM*
z#eCy+g!R4-d*rR%2IryrlN$GXv*iK3;?em_m2}75a^%+Y^j(v)_d&%s+NifNM-KLZ
z-Hm23N=Bt+%dY!$BN?iMPsw{Rki<4v3se7I`)8x)g{eEV*S~YR;PFpmr}S*4aL6;c
z=PjLGUfBX3uzO15F^E~*<KS#~9;!R}dzT<vj!wtOt`DI6N4SbNx5cEdCKnHS_xUTS
zYRs-;R+n9t*h=*~J-eoUM#U9p+9f|>6K0%eCskbfL#BEQX*Hm{iCyc5{`=~=?nIi#
zcl|l%#=ZAhMjX=R8GBgCPznEd*DD3(w)pY<vd>~<Tdi+8>wr%u$labJ38a~CTr(Mr
z^IpVNG|Hn(&4}oav6HwjuSf}h$RzW67Bx0g2{p=wXCI=@TC$qrTJ}C8I=6V<e}^m^
zy1EE0o;7CeER)x&{DLuv?_RxFtZI?swn^N$ab1k4oU13)%<(=G<-Wwd)KiFKO`COV
z7w4S1;_l~H&Bbh$4re^iEUB&%J_2M0&dl}SAIBsPlzSe(Tnzv5g}#&8Jn=;g@$fRP
zN*u{3*l$02h35tQY4N!B=N!1p<vuNdF-L%)uS6FC+yfWpB7oScM3*>@=y!hTPLDUA
zq<bR)!cQFUnddit1g~iYN;JFCZ#NsYj~@WDX0L?=ZK?FhxjEJ4py*bzx>_?!u&3Yt
za)#Z7`efe>QY`_71wOzz4M4u|V!5ih1y(`m96Vbt1?PrsTHKtxyN8;8`0&4=%=V$f
z>xc2dpS+GNs@PsaV>UHhYV+fL_@yx8<v+_QSkGl+$vq^j{QDOw$-$(Sl-vnoxRU8L
zvZyl1b5G~&Sw|yzMULQ@f;sE_Td?BR3cEI3u@06f%(QKD8W?Fm_&|E2E9QhU$|9=B
zYsTW7Nj~f==??IPCV2UPTa6@oHVL)0cw?APR1G^izpXYi&C04L-o%K#wg?8R)T9|g
zXs<hky&<ihPE+hISXEbi;CupRzJ>1GF<bVC&Wl+}0J3=QcXK;gS+nJjYTWn{zAM`~
zEB9Qb6DksS=p`qNcEcsKAMe(yUkY5e*9!;87|<c`=PV4WXdZS1;(py~lgl)wQh`O}
zQVP|9X|SdlC+-24o~g_Jx{PBd;=K>~Dgq><5Lp}n6k9CAZSzdwGq&S-&Nsgc-ap6f
zk_3Y<eW)68zG2dPo@Hht$oMYm{vh8ixuAhik{9Kdid*nOVT({%ko`vt-dBLT)^V!9
zL9lU-Xh|N?*gkwO8g9;&=hQ=Ey|W|-v64d$p(WG2Z(lgVg<EYswwe$v+pO72<&8BQ
z^=MP}V|};{W-@JL?bSs)(B#)uv<qG!#r;lv_?`Dn9!&tv&cdO%mYl|1T%1D?4z31I
z3&|rT7_fE(=2m$681^)36u-$4<S15n#C`w!xIBBt6_h%A^wx@wo?xU<&zNnCoy@85
z{82|skGn()5V+r%?7hUYbp{>2z_OxAHh0IqFlVrTH9ufu4lL3vFcr^{_Xs-0vtEj_
zk=CjtmO;`e3wGqykkO(GddrR*T&I@wdU%$n7bWmg?-$!}N54(`hX+X5*HoBN=JYtq
zatZ6#n~2k#v@X1o+f>VXi@)#54<tjQeRu?W@SP;m?J7pn$aGSv8<`PxaANp2i>Z?(
zzz<I96#bVbA%<s(E74=I{rXHG<A)E5jqJvnd)SNw@N7l^%AuyM7<SV?qqYTY1`&C4
z>#U6-=sU0&MfwFQxC}yD1GR7vM_MkqC;%;+j-fb)-G=;gw>s~w5k!{8iH{!XL`J{6
zsA3Ll{c)yb=6a*&IhGS{BT=1x+xDMv!gkVX)!!JFlf~cf&6!FnqvwANV}^KS)n9o%
zfye`j&9$`)Z%JCoJ4QOEW%pqn+D*CxO~Zzj+i7dTDv9P1x{gzcF%sGr1I}kf6wb|y
zbEynVlkICcbgYDbw11GzuP=53W#qG02-Pj!{HEJUlcjmBH6I%SRLan6|8o=`8339{
z^=x=@)v>D}c>Tka_74V_Cb$MI{M_<5$*WF28ChMsgceslf-B-yjB-6`HZ@}Iemqb2
z4YMsWvl6JO1X)!Z5U<%>rDIoiJ<LQZ7#>OF-So`KKq?fUlR3gyZ;nMIzuLQ3bz4^c
zW{ZwZ&(Bz#*syTu^sfBh@BXpZ(q)V4pPNtL`^}*Ilv<YBON;KDkxg4(?Cnn7^wHw+
z=Dp7~@6QYFU=D>kH{d<gomp*k$ue{xu8BZv5RZiyjHWP?coHu#UD^toodCFLMWz~w
z>w^Sd%hXbY<dQ{*MD;1&Y2ZC(oNPT-|L9vOq!zh)5PksDZI-0omy&r>vCO$HsI~NY
zInUXzV91w!x>tzs?iC98rNlLg^bH$!g?>p{o<L9O7F&fRXL--$dUyByzWRiF_<}B~
zFrMgt{-Y%1MG3`n$$#)Ez484=+K=Bt<<fsRTeW{(#hcF|(4>yoE@jJNiSPVw%ulFz
zmTUMYsx2k5X_wvsY#HuH_f+HD0ZGBqMls1wpfxroQLlZ6`};1a?X8I&{2m?r2d;^0
z^f8>h%*n3dnf&6JPN-!v00HK*(SB#_!RX)JteCtP;ftT*yz~=8?qcBOK$=xqzC>fk
zKd~CcYAg%pXc|^$Nfr&1v@v3*we;jAm^{f>Va=VJ<D;~$KZ~hPJ3rP{#W-IZC|av&
z6r5|O$Y0w)zUZbB)Q0*{Ew;1TrmY=8K7A-?Q+Tk*&TF`K3QIA|g?~}p^`o~u4k|r!
z6(6#0<ATuZOSfW}*KHpD3wvuX{-7|h_FcU<vM82;i2^7=cku`dgLB%`^rt;=z?r;m
zVG)x2zmLY*sPnh6x2A1R;+x#B0}S0Rn(oIlqBa%p6~|`G!@O$hAPP?fCF#1%B&d6(
z#wrAbneu5@)J*G^%Ld*PFTbL%)oCmOG#=MGds^^d7HkFTQ?u&uF6O@(*IC+sjxNWZ
za$LGF*4y`J+tN~8b8;9{qSn`&;V?q$AEjUih3_#P{);N{@m9_RMo3itJNVe`$R@wJ
zT2VRdu|Q=X#(sU9{>c&c_p_mdBaoZ$7#+#KIg{=%WTIwU01EPb_hcR6Go0^^KZpeE
zlWDGwP0&qTNjcu)#v48DQXO8Pj*->kluh00Q^m#gKMx`Bk@5DJ8imSg0-2_@e%XL-
zsr(36mRM?2*U-ObP>a40I>f?g&lq^`ogAfzZ2&SOaAq{o;BY8jycxZn_-qkwMGuB%
zh<~Xk!!2{8=Q-`0Rt_yjviO?P-SU@nicNf}PvJkvivS6vXN#~HzkaX>{Cc<_oAbgM
zx+U`<vfd1RIm+r_>K?nXgIk^UgE6=JebmRQ9Y0^w=s0j^)Q$Wk71qu|3~nu|x87D`
z`~r<j6(72@O*X2(o*?L5f1SqJK2jv^23Ytf;pA^Skt;ULKE4+;_q9gEACN=SdQC20
zNEdF)F>@h8E$Lg_0(SP%Y#;Z&Q9i42FLoa~Ou|!qrLSMdis<2;V^}F`3w_@U)5cEf
z69BYhDNA8CXgg90SONRwxqmEjx?#oqCaowgL)gf$Cl_$DMS#i+x%;Bj0@TP|ZKV`&
zX=PT}EN4Tjdf}ANE$=Jx*8?qJDyXwcV|<O<jC)gEpmsL7Xsuz>QW5B9Nr2mjxQ6@q
zxFKur>VlNVZl>J{rhPjW{t{Vfzq4eU^>X;whj=Nv20y3-k96v2ry6Q@Wv)c>yrzsO
zzCk$AmyniM1@`bDts?T{x@-&DiLdk(r|Z62LF(jBZJ!NS=!fV}9#`th{z|m0wmUDv
z8nz&m3wJJDJl44xjCtmKSiQqP`1^0IL5C1VBc@Z+Vc3scFI~L+1pZL>TE>04Fy<~N
zwhNz0+zC1Svz5B0CL@N_5#U8{z9;zKmfsO#w`pIL(q9-&VYO%`QHP5GW*M<?mB*P^
z6*^(vBY8a~3Tq;11$v@5EcjEDV~wRx&P8I6?4_U?2g&0dRx(g-N4w;c^zTFpEzkkH
z+CS~k>cr_Dq!MzbG0amTG~`~nKQ|DHeMB|dJ88ZJ>NP_+JX45<?p*jq|0H|<pxV67
zYH=eF*w6VgJ;cicMBV|m5871Q)tM}+WwawgCVCY$7bD*i&N<hlq0GRf-1At)J<#@_
zS#?7qC%`AWKckKmYjRr7h%lx}HPaWHc0*pjq-RGa4qMl-GV+({D!F7Rq91XbiTJhz
zDpTk`fTbbg?L)=EiBGn3VB6f>?NrzA|7_D7ng%CcHfEh0+1r7zN;I0aR_gO2z<{Z$
zEFZ6&ZPs_u<QJ2&?gVqEYs1&Okmv@6QzEF(T$af_=4&yNZo#8%4KvcdYI@g#kFX;;
zbHft1{){di*$gc!$?f1rhRB-FHJAQ2aLR6|w%W0=V<&jqz}<w7^lF!oXZlmRl^w>3
zJcH!Pm1a_Atxbdo)MLjJ7kq^tY?oqcK#_;x2beaS1CQ*!W?Qo*j~9v-)r}rnj@W27
zNlDg<O3v%Ymwjs6*5mtt?zp$qDTwT|td~3$zjN)t(Z43Jnz*|fc|7#-XsR7AV_fn(
z>T|peQ?7T-b(9}u>Zr2XEA?oxE=O139g1XOc_q12K7NDpM$NRl^q&h`HRkPzh5ixn
zmovca&*+Q2{lu|Fvdb=9<ZZc$@W9j!PVAH|JMJJg8DT!6qI;Lj*pW3}kjD$3DN(CZ
zDD}i`Rg`(8X|R07dMUnU8pYk4`1)PYcQ=x2on?g1xaC66v+%s0zkWVv9E}Y;-gb+$
z+Mm|TfC$Yb(%HIAl9!aa-P-9U;M|0aJJTLujl*fZ2yALHD(nEW4fYyuDfr4*hwSqh
ztu@|7>*`isFBL(*nrPbgN3)!;X;PV^TkHX0&e+5^??oKVN(%|z?r~=}c%w|Hj@H-f
zJT10St02GTnkK@FR|wIRC;OMR<}BAHE!OWmgiuL^jliC<*`Kzd(zYGXNL!Z9pBoI&
z=q;1ITG4ats3|)uaEAj8G#Wbzi$k96XY*ROC_~RC14w)k!L#NXUU=l7GV>Y8bqs}$
zUbbXqpOr!W!V|*Y6Fl_~u-AMximSfq{!lYIAQ>J0v;eTmsTX{OtmzCw_2B8#PUTX}
z4w3U?U{3m;5I-2g(}8aphywop2hIp>5?r}qDEE1>Vcl<Oa`y{Z_-*9g;!T_s-dr+p
z^<U(_4{@%y<%YuL)C7&fsXV?;M=rxgXms$%(sVi0b^=u*5;VQ5ubp=4xHD*5%HM5l
zo5DHL?z0Q4@hB2x1l);+Sx4;U^m<$c#%1*HA9QSv=-Uxt+eILGOUd$w86-KMhezPL
z$@<feqnBl@2BHN|Tce|>+meL5)IH?FRq_43+egP>Z+FpgB1BC33*D6|U%3u!4ia65
z<CYd0fGa~ph@`<bg2UvhR__^WrI=7SUHOUWE50?W909lUUOdjHd6qOz2dVl(@Un9J
zir5JbCa*x%GJ`dpw&3oBc~Px`%Ph-jP}mn`Q(yL=UAx_><~iQKzJmLoL>>c~xt~N7
z7Ut0K+SxPf#FwW>@dkAJI`wKTGp}a+(;J)}C-P*SZ#Rk`akJAFHdfd%jrSTLDOA*<
z-9O1E3X6UXe0aU?FqcbKE6{vQeF>?%ULhgA99~+E&;p!0XavIl6?^-cUr&WKfU_%r
zk%8Zwl+VLVLKlH}$sMfN-85_r_aw@8!e)v<nzISG7iOTbBaiQ2aRghM3MW70ttY<G
zs@0oyH-cr$aSo+NPANXGbDQP7p;Gx6%v3(+r91)AhwR8WAx!-niTVtF2;qcT%ARZn
zZWqZbC5?f%nGZ5ZE2039td|KLN~Cu<d?IWQ(jo_IB-&;@4M;*kF04pSUeCpU&F!S0
zRE|rYuetjtk>@~_>kRs*Ey*4<p=s8(j_PD7rAG-J%~7vM6;VOLLqDe6?pjLjfi|sj
z$O#)vb*%}OtoRPj^Ma(Xd;F`K+McmtAqG$Uj(h5%&()c-TCGQb%iAQ6H>dGtT7CdC
zw0>@W8aEW+HnIQj;S^<1)qSbshTpPmZ34OoLJ8SWRPlA(&rS}b-a{bgqp%g9Y>PK?
zE)EnlQxcPakCny0ZHNx-L08+Z&xUgq`(~|tRtqAOL#lxtqrsCYWVl4USWB%V%px{Q
z&%YO(XG)I-+_MX4R&1?Z<s1+;&vTwDnDWxC!J;`vZQBZXXa$x=ZO`W3Y}$oY&+VMW
z{=&bRD|j=J`y?9zJiMLxut#!r(w6_K^aw~jlb`Q&)|ZuQK1zEV6pFDU#(bG5NMVsr
z4~y<ur%HZ3pvczzRaVUz?rDY_D*zS6YY&(BS8^`GXSLF3?H{8|M9b--Imw%cii!=g
zao$oYT(yv>!d%?Q|Af&*8NlI*WzS%^XD~hV_MaCA%CE1-e*U23&}=!F;?@`I#4GM*
zp=;(8f5eP_gZ`>)g9u=<Jh<up<)LeB?I&Em?Xp}*n2~J4YT@i;4-hmj({7&!lJaAW
zQ&FK$opUf#m7PAPAU->s{QJtBkik64)2Y1HGxwdT=GR6fw;2@d^za7R8R12Q>+OZ2
ze^z!M_gRJu{>;4-)P3sl5lFh)JdA8-I#pwB)s^#TM{wJ_3OnLx-Gw(8Jl0{!$w;rm
z*)YB}_u?215?#<Sf2*}b8F^Io3C}hTi6GPUJ<%WPkHfdI$w0&9YTJQp|Ex%P5jJos
zGi(g@F@*S#V*y=y0)srP-TV}LRG_){+Y<lMg>Gmj>3a2wz*UZrOU~fX)yYXH)q22p
z-yKsM%orxAUctu$%!D4pPnbY$(1mY}CrCkgpesB$NV@F>cE#ckyNS(qO5xVYsQF9F
zTAhCv+GZzOBOOEozfF0_B?kv;M<;-{-(D-oHdEDNai_SGZMDi?+gK>t-8vz1L20`R
zr%>GK<fXnCB%bizO?~NsbJgm)A-Hl?EbgVxg<0f|c`eD0$pps_UJws`avYMgm0FE8
z+D`GF<Ym%0&PPsO=RTo^jX?bBbeDF%d0*h<YQb~u_Z|?;8wGEZs;KwZ_kO*VGl>)6
z5sH2C3^B<4J>C*oWKR*8t5oBRF5r}NAsM|v;zjcHeUfzi!Y|3=?VLlQ=tA_3tqMwW
zJTYtx_^$Yh0=*+x4iSJ9WTxYg5c%KSX%6k>9NRY)epc4_LccTjByojnSJUrQ{Ng2T
zK*G^fhc%3PTc3%l239B;S&W1jg45*BAE`IhY}GicWDR9Xt{ND*L%RF1g*1?BH~{p&
z*1{?JxCN{C8^8r1xt}<nrX}N^f#yjb^Abjj7c&3{0yO!ux{ipVx1S)qf1iCsE<$S~
zJiH4xR;qt4=RP>H5|>ug`+0IpuY+Q?@_>N)Rp0XiEBsRlg~Q+xG+hj!h|y)aAa9MO
zQtp)e)ykuR6+5WS6mU0+!)L0T`!Oa*+ajKtnE&3M7<!Jr72a@tnSIY`>;PL?E}bHf
zbvZ;*wpHYrf1!#G0~V6cSNDuds~a=AlFVtA&BV{5)=TFHKsf%Xs!Dqt<`AXGPT5`L
z!`fQ@5hd$!g|c#;i8}QpH@YvJd~%-9a0{2pEw_~0&u0do|48usOct8n29VELUnwpa
z?l{D~3x?($lUpUU^zczrcWVc$GryZ%e4Wd~#8(myyIRQK^gS9IT59@wAHH0s4JxW>
zqxy8qhR+Qx#UZvk6~$}rSh|!*gZ9?8UYycZSStozvhB(uuwI;zg?OT%uTB8JW?U5W
zK6NP=z7Jc0mo0ijC0&X2ibs;Y&A6{C1)?WH`M09@#Nc#-qVHli>ufzWM~^8$VS~D5
z9}CuQZbwH|1m+au3`h@Sh=in{&|Z=z@nh&}FMC5Xs6Z0iOfUUa36+%>^juio-7qPj
zL#XCq8b3)p>CA@7TCKUYKmCTnv9a)k%oBLoq%-r-aLQXoz1mCvS5nz=^h1^93q*~(
zH9WwI=9N#JufS;%^n6m=gDCCQ10tV+J&>$t*st8nE1-bHYYUiC(sY#;S#M+ky^Q<M
zIb64ow{N?z49>8#>_;JzcRO(`rTbV=7$S+;srXm<($2DHooOkr-zd&Tdgd(k`bfQ0
zR*mStjK_VR3H8;Lr)Z3gpzC!h0&dIqqUjy@U}o|XYU%RNgjn?3;AF6YX>y_9lxZ{!
zm<B6zTK)qM(9-`W?!0k=+B|L-UA-eAe`WEcopcj+N$Kl#MFAJlKmj5ah1=%chUYkU
z{HA1YrFYat?Gs=axm<ID#`_#vr(`;&NxkL{n^C3YQ7s%0h_OqRr4aUxwPlqCJzIdj
z6?+G9&tU6_C#wO%$V~Z~xpZsAnkedqwN7qyc_r9jpg6!W>hJ)Y45ZjcZ9{J*Y9tWe
zpsBafyF0rTOzAnSvrm4%0@l0Z@3sYH{ItNzSZ?SE?6}%mGMmREKD~u6T7}ubgU>@G
zU1-7T{y>|9pFhx2vOig(&x$a>g_=St=j0dG<}CD6p5pzA%<9{*w6B08_-W)P&5PgM
z9vs%2Qm^cI{j#X?CH@X<rBt*mzpPw+_Alj?u$OT*e<;)$b`yt{BG<ca!FyQ!-tXz|
z)U6tilOG6b5i`e!XKyO1o#=glgR=cyiXWr^`PCT{Y`b%*)BE^*CkXv;<x9gJerY`G
zP32P3=^#y`j%(cPf>B^w1kFFjFkmBoOwSh+D*Frbmq_Ih(y!O&0me%wcCz6c1VkYV
z`{FKsKI>RQUE52Gv$TH5?&~{6kum<W16V*$x|Lk>KRZ}BF|Pkw$kLdHwha<>a}(Q%
zx&=MvpEUg<@Ci>lqkc|q1#izunVl}7NVUx)Vc@^(3AGR1EZ7mT^~-t|Y|e*`;*58k
ze2?u?&%yVztiCcNBbT~T(#lH2uIdSR(<=U`<&F3>5P6f3F^uz`x+iF@#J~DpIVV?m
ziq6Tsru!7ps2s@x3?;p%C_W<Yhy1PHW&}|$aHhr$@hO}$TxT6x#|feHg6@C&Z`J#|
zd{wqMjcou0*&yK;iM1{*TGOH2q!Hde#~i1YnIVf@)m2MwTi9Zpo2lVOu@58pRMee|
zrTz2ioDRS)Mc8~v!I4tKMmGk&&PjGz%{$}6^uD^$@b4N^f$e-R-wj#}C4SnZv21m|
z25%V#Oq5=4HNn*2c{+YKawW4AAxVXPuqnHVZpnjo3c4<iC!FUQ(P?!CNspta%BENm
z=dtjV+I?9gp9M|`anS@T(MvQ1U1;ebT5B$2@35cQ<&o^}E2od%v)Xi7A+?e8N{T)7
zhoV48+~)KwkEMT$yrWL)LJ<^x?djC3Z7^*oMr~-*>~8lp(3oWyfFJTt?5%D|lbF^W
zTilr30kPh$d;1Qf-#<^%`#ogu;_8dZ0SF6<wl#exK|G#OYDhxC`EinzxU;yzc<L;{
ze3%KyTN4GKA0FdR$O@i^drW@fJNV|ZQ^WJvclN&w-#Fg+CzqDsYfit6h2_Fx?p~Dd
zyp^4Ak#GnsbY8FISW>l4hY9yh=qQ7E{#h7w*FcKaPTa>Cf32Q+YO~iUXJ-stS$fpi
zG~La>hndfd*#vKPThKSy1V?`{O@L6VxH@+<Yokayo-8N9=Wq%Kc*bt`esY9Y4sDTN
z;k4XUdBGI+9C?H{nj4QEo>au#mdk{?nvZdPlgQNuB?Hup=T1MB3ZdqnY8wk(HG&5w
zvO?Bd;-P2*h`NuGyQnkp=mX;vcl*fpDeWE8C&9qO7Y7<E0%94X)G^ubfLVWOApv0T
z&m-OE9BN|vNgP~Fe>~<Fo4UT^v|b*i(t6BCqncL)frH0957r6tANhsxrw%y>ffqL*
z&#!RqO#yV%zgYieOV=E)Zd0UiqMP&}I(&RRM@u|G>T2xxguo<w+T)I2>A-IMco*Y6
z!g@Y-R-)Z)ZXc1hLh!vs){J^MLv@93(68s9RIt6MHz)1kgfkA=PjOlkmKM3r^XX8s
z%YFJh6WGXMM|z3*zPIIi!ZES{|FL!)GX-iFI4ue^Nyt043<BPQ?qW8%`vLaZjGd@W
zmxRT~C&N+DEY@kaX%1KVqdK#8jJh@#ZAt7!SY+MSfj0`6EAuHJmGz%32Xu%4fd$Qf
z|Kve10HSGh^L;IOj<*St4G};G1>|$oalyGcUf^xH7Ojr7E270!RC=&Qnb_)3CcIiY
zPdBN%M&q#ui#M2)mBK7#h26FY&Uhucth!e});Vrpn{GNeM`@dh?kKqTYd282ydsE7
zj-!stW^D0X0<oJ|`_Yr9&v4x21rNr_Qdb0arPFAQ+Bv6h0rvRS9&`J7O{U<({BFDY
zTG0k#SKJSc@w2&hTlRNc+NbbXb)3G{q>Am0<8EXoCE630xUs??JJumhmG6LJT{>2&
zsFcoxGG$rjqSlAjdY<TSMBOW|0s!ZF%%8|!t`N4~BKI(EbSXB8T@xe92-HbAk+3WY
z0RHP)_7kdVRrA3zH*-*jO-{d0dM@Oo`&h}NRtrC@L&~>F`oopFUcL2HL0i9Q<MIoj
zRRigIe-lSjBccIs70$fgIGh7j++?B*m~VZ9y{vFP7qF<p72vMw>P6bslagcD0b*?c
zK6*%7Z)c2Lbej)0R?X=21#hV!hfN<As!2`ds(^NSa5=ya3BBr^`UAQjTDUo^-EBH|
z3of-s%_^dDa(b8b&LEA-PPge&So73a2j-8$Ew<B3TwP^W<~CsI{JPs}?}l>R9M6Jy
z%$n}RN~(!iiv8og`_{E;9gw_W%>2}K{Ph<Y^m4{OV(B<fv6NUru-hCd8zB(p>erwX
zaEO5Ygd+)dpIMjtqTs4{mP#^~a_bJ`yn#+n=XkzQ5%1(RaAQk2cA7X9mmWBseO1<a
z*-!C)jn+C$<j9-e(T#RJqYEqASL4<(SUkIOgRDz9#+Spre)gV=QZ*L5jv?W1tugZJ
z(*8*(c{nvUF0+)hahYxuj?D<m&^zr|o{T=SNdg%jNm!EjLfBu8)*(r<<H^87xxbZ4
z3`+rb@>wa#^!IqPTgg;x&TqNGbL+8>#>N*}`<1Q(Ed)kB$9>zs9{YIstk`{&6~O<9
z3A&+a77SyeKRmkCRd<Bgzz}i9S<a}V(<sl_5mVQ;5SHV~GxS7r8a!3g+DNIl*r6@T
z5_mzwOvHLJ$0?jFg|#jDER{4m@NFnVuYq(B(x6P04F39&Sa8md>PfGYV`hVvtyCq2
zVvD7R^|YS>9hlU7?7M|Ea%k!vXu$w6)n70!{nNVa<t@m8riDKiq<=;YbbJ%N3?{o!
zWDsQ~XA38y7YeUQ*ghLP7`d#m>^*!ZaCw&HU3jL&F@AiO5jHO>l?HFtmIN7c&SISt
z@(;;2K$(wv{zfZTq?-jR7_U{w_|c`uuRp=>B5j?zr4I7!R)t$A_8NJwuXYu>Lk2b2
zNQiP=y2Q?S*Kc(bdu+UC&8}FDlm2I4)zm&kgggr@<P7A}2kM-S^6H&c`l(^Kgml@3
z4gBkhY{|qpoh8rPPK~k;SbMaR9I_h1y}F{aZPv^s3*a@7(3SW_2#sjl`Oo?>rYsS^
z;{5E$N4LChrohZ~?kE+HkT_`#{atBzHd!=*JU`?7Cd>R0)zo+Gb_oX^ZCcC+326KG
zDJtq3FP8cMET}AHu;o0I$evE%T1&|=EbIWU^pY57Cidsvd{9f}dw0v!BoP$UphvY<
zL!RipM|JPD$$sgHMHu2Z8lZ;_!H4xbOv*CeE$#Rqo3V=mMRY;xO%C2(b6<=bp%c%K
z19Q%gNnYDV;Prb)ASpl1b8T<JL0J_hUis^JZt#7jjNcL;y(2zF`*bECp3ifvPU4DU
zJa@_zNI|2|``j-`F_ww>b!50Q{UUzh1q8xgG92b?ZOcnKp7Iv(I7k7^ON3gm1<_?Y
zYNdZV!j(v3lKc6O<91h#-(MUv&qUShsmBIJ)yH7CHpB$tobzt<+h+OU>7*8e;h7|R
zZP)gq^%i(SIE|j$UfUIy2pZ<^p~yK}lvW>ZSg5mwpgfSIh!YK2_Vj@!l}^bOaUaf}
z@Y9YNAPgNH>j_gBJcAaXONHMe>Bv)(^~+<lm&w1}9ZMGQM65Wh70(0Z-Vqv21Mc)Q
z_J1S1eM$TFMH*`S)(Lu^V*<A!HV2`_$pTb_Shi1CbEHN#32I$6Po6w3_#nT_vS3kn
z!$+AictO~1rY|=?IlvI^4&}o=YenbmfwDIdOSAkorAM=6#ZQqxNksm$eyH|+?HR!@
zpZJ!ydrO9)7-?1*Y9bw}8K6mP$Gn6->oY%8(g*MUN{P)&!ufq7W?(q!zzM2L1-&-)
zE$$udPZZFv6@Rb?gDJ<b^+uTzB#ZtKt>aH#KSdGj{0cmLz#oM!%}~ZbqB;F$n%6Kb
z45K@UTtPK_jwJo!Zc2Rct#tpS|EcoIA+gyPsxYr70!>w_ze2&qx6JZZuQ)s*WtHVu
zN@>M#1enF%911nQhg_k3ME*Mizs<oGY5*l;O7G)?bwQI=zK}C5F}TM0I3$_?boj`P
z9G4xsaQ4J1Qa#3hCkeGY41Z4L$1Q8c-E~I5!Kb4PJW^2Rg-G)}!JoXhkiR5TwhI&=
zaMxs1=PBJVavFD!Qgd_%!hZk;b<*Ta;r^+bl~BH<7iL;f5_Efy8_HDsoby>qYbCDa
zmc}z)iGK%TTlM9y4EF+iv__<o4;&L`;$6!w#orUCNJa1*<jm!_zQ;)<=^SEgLA4Lk
zElsO1-Lq?Q$OqEbqUQ53a)&l#{7izDv2rPgyBK>DC!C3A;QB!#!0eON63RS>X%1Cd
zYtu$=QFi=oRDQ`V*rj+FJ>!;F@ZXnvXlg&(?Sfm?l_kKRN2wO;a&As5|GClNu%uwN
zD3M+DxSs?1@8?fd?)dq*Jb&$mxGY%JI^AgKIvj;QW8G9i4vKPh$;g~0N9mve%Qs$S
zh0T0V^O64tPk0{d{V6EGJ9#)_5=Vl}``YZ*{;63gmD_$RNxm!7;{T?jHyqOh&?R&u
zHhE+`LYSggb_=8)(#X2n&m4TW9WSyf;Q!zFiIEb1$KaND=XZH)FHINJI~TQ#=`r(~
z*NQb-EA19uAa)HqHyp0r@7bZYys+c6;I}MuyrK2{i42{?w_wO`&bkes9Kc0j)L9Y#
zj6i461=85jl(~p`;N;PQKPL+xW1rX(z5f6cdbY)t6jc&iKP%DmX0-*t?4d=s4j~L=
z5#4LKpX_7mlf}P(%g(UEF^SG?kK$sswY}fYe0}R0Pno=H2p+DDcR+b;8APHpvGu*t
z9z42<a@Tz90w8YfQUoib_++{MxDrY6`7gN7#nofJ-dC*s2MEpUj~A2+N!rR^GIQ@^
z#pjxd+Jp3+aQ6{i-J>*<YAXgsd}KTPAd6(Z{zbHF2{WZ%cd|N}6}T{9r8Z6$(;T$#
z93vYC=~eXkQ0$a+rJ>vdblL@U!%oH33phWz;+E{dzsPfm<#-`PQocd9AKx+vm(6W^
zMKTq=Pp!c0zQ6wZ?fcv_H1*><m;A?J65U<1emQVFD?w=bUrmL?yQ@8UqL<~5M7`iE
zsJ<o-himYRA9n;#F#e&*^xc4lk&K_;-wD1#EhHg31ZNWuEp7s`T4eT2F=i_f(&L94
zsB{kQP0}?(bX7G&GD>Re1s~u?<5(Lz8j5UcYGOw=t^d6g6%{U6@!a)4>kyD>uL}^~
z<HSOL|AX{}74eHxi-mBsROf45Aq6f&5TDHTg|h!Hctg;kvBq5ddiJWVDf7WUoIjOw
zJLTr-1j550cXNJ0^!t^<=p@^|Yg0vWzh$xIp2zam?%paxC~-}@Sm;98R>5i}w_j2s
z3p1hgt_|H6Pxz!g@~tfBY|efSbs{x8x~Q2=UlWVWz|O@I8^$to(t;u(9fpNazUron
z?}2jvP>yBk|BWR;ly$oTGqr8$(SKv9uR-6oRJ2ry$rTyqLe|JM!}ttm#_n%#FMkVP
z_)C5y$J^A_v!Fe{Z&rUAyRJzh#{>v`hD$5Avh0ONq?;kI;%th1HWp2HsU7vP5cH@=
znH)CMNvH>iRrD?~n$<nD>rv0r`UU=Dc|8ayPnK_2C{a&8f+O!gE59tC7JRAGYumkE
zhL5};u2LhO^gUsZ^;!-ypo0yr4yaIM@BM^7+a=RCMjm4V6GCx<gG8hU_Shmn$7y}q
zG2)lm^7xn81av7>G_a@I(pO)%<-UaN)7;Z)3b$+eS8^%WLQv&8Yowwqya-NXXSL?D
zvqi$AkPQX0*AtvS?9e)q=cUN!IMse4;{7`unCA8T(hd1j>yv{ltZECweZ-Y#M9`3C
zqoN<jK<ixoOK_=Zbe;sKu!o;e*22|^p{A0SuscVfSxEZ;EgCu20_hwoH=;Y5CKnT5
zX3=OWt0XgN`gopPv^{WkZ>i%Hpn&{=yJuiLye2kRQMBOJ0nJ+}zFc$Sb#X81n8xAP
zNPLFR#~2~nN+A66Q}b3O1Gv{xpg)Mu2yv{3rD!S9?M=#M)DQYk!--EumBMpGBgQ}R
zx?bbW5-lD^S!8Vox6<`J&Wwq&=a}6k>(+UpB=#P!-Vqae>^6K1EuMOn<-;$Y*E7&E
z@3ef`>VF1mLeJc_$nqGah<I^mB-vxYXOzN!eq!D5;WZ`w#^h)7(7vqJmb#7Fm%Bp@
zSTeo3LyLRC8|2Yy?5uaClc}&HE>TaX@1I?dJ^bY#ttHkU4=eDnfJnH&^ZC@!6*cc5
zvM>0`DDWKL3y2a{;i<AC(6xNGXKR4(IB!C`RDZTgi+yi(CGmcI^6Q6_hcS8UHjswg
zV}c)<(;;EexSiMyRyN3i)HTKh%C7Dt$cMmDVcvA~$on!f!X%&1G<=Lx_=Q^Go{2;g
zBqy?%w1t$aK^ZZHS@KFR4%ih9(o_6T5m&6&Cj3XShfCgOfo8`6fDZVyCf_(i{x=oF
z38Kh2nY=SW`$o=2fu%Ehli^Rh;ud9G=P8vpoemhNz~=E?4e!#HFiWbtG!JH)^4R>m
zqGp2(It$&L`_C$b7XCea(QiFjl?jR#7~!8ZUJFX^tg+rcr4CF5_|$W(CQdfT1e5=H
z7yYkt^U>hf6u+Yv#iuh#Ras2H(f?2}S%|V1MN`(2&FOne?7?O}sPMqbS~LBua}jxe
zR#iMjND0L^szSEF)BEl5ZWf$y;yu{PO(v!vHh3)P3;OSh03fG3%vW1rDS9H<3Qfm%
zxLjUBUGX=B9izUUrZ}*gB<!;AiF1z2q_)-7=XIJ9&*y0B1n0#~Wgg=6b<|1IS?-ys
znmIeIz*%NB?%eLYQhB5@eQ{wWSrwzEqz1+1U?vl4VxVug;=5stu(NXLi*Pg{1yh>W
z0}^UOUkxN?oZ^oEDzAj<T3w!X{&-_qzVc%Nqr)iPuNzxrK|>11E;VqBZh9>P<2q<6
zuAPWf9`|@DJIAM#lhb8x?;lk^-TPxva`j<uz;${;esN+x2ETevcv&NZert1eTl$lz
zhu`3tvhQxD@?R`IngYWxxBV?sSp#huB<-eO5xzgoiG{qF{Mb?XcY#mdx@b2Y_G2*~
zeU@hgR|3Z2#cXb1Y2)JG&)afyVDFv>YjqScz{9PQ;E<ouKEl2HUxI5XOx%}d3f~0E
ze9)u2A~VJ^E1k^lJ&LIbti4Q;wYBmNrJ8ZeEtFg128cF1b;y!NI4hd!ZX~u4a>q8;
zmf?}<RGw+iabb|r6g(9fz!?Zk)tG*>K2e+I?>Hv$KpAiQpAAEm$@NaiwVIU#<f<vX
zMvt1HkK!+8=M|S${Cp=P@#ZHbZMDipxxjzYGi*$Nfi5|YP!scden*SA`-EE}Tw2!8
zCjFn!8Zx!R7hu<35~a_nmpzjP&AOpm?<}&@!=^#!76r%qWAhTGx7M(CAd-v{22yel
z1kk&QFrPGD%)k6GJVo?2{@*~kVu+Gp&TO%J6(Q<1JFncqo<Do{!_9P~<VzUl-$@AW
zW5YO0zZ~Py;&W&5Rs{yf8zPdWSw497F?28EhEUbXQw+_M5gvQ~1kL`<w3%Jsa8Uar
z-RL;&hfY2_oF6oB3#<XzLQ8)K)Qy9YHsa^5F){eu!DEn9_Hb{C#DoY$XjUhga-4al
z%N14mN>BAnP;_Z4$*`q+?7h2e@Y_&h>Jq|yA8C1>z}Ns*Cw@vCsm`j^=k6*FgZkjS
zn&~`UqF`Dh3b5Fo+)T(9!~&kgSBH`+cUHF54sM3?udHM4$5YmlH*yF>O?p}@WAwd?
zNx3uSN6j>a@?lc;Vepu4<X@a*X0#g7)mnS~Zb@N}EMH`N2X@5M5_v#*8MHBy?bmO)
z8IKr8_mLu2TN&sk^{KHwB6T_z+V$ye2$c`W69w&}H`ncN+v0f@ZVMZwAMMfi>cK9P
z&ZDND-UhwRkxhiXT9>k}N{9<zs}|{&!ZzTo>uNp&JNh!%)4kl-WtBCC==>(mmqf<C
z2|?s0GU8+<&bzeDUBw*<*1Tr9AdvU2jl$Yy<0fZC#Uu+_Yrz<er;@ieXNHCc-H@o0
z4Zvs5K#SwR8~4}OcwQLxnH`!cdU}GeOsH91{bIc<$7?`?Kd8gmAqvMXJYojEc}b6M
z#=s%(o)B_`SxPN`ZB-a&D4~O~D7hHCZFVj!(Li34h2OM8UsqWQxQJl^c17VaTd50W
zzs3cAl~!vukR|8$l2<gBx5`xP_HOb?CMIQJK7DjAt{;SX*QS-X`eXM9b>H!?kwB}Z
z#+DQeT#@!u>2*3OCEUn}@0~>5^-)d~{A-kv^mH?QUh{(hb<O0-i@wHEp?bP<#BZoM
zc0`^P)6e*1%eq9|O--4C&!m)Ogr*Z>%GPH_aN{pdNK*PZt$8IejX&xww2|)ohzN*J
zB?SN8w#(IOHbI;9C97(Qj+j(+>r`b5{7S=@Fat-?f&=nB!mBkOFj~_tT$_Ee+Lu-B
z92~ZM5}OhBpyugAIp*8aU8B>2{b(SzdbKBLJ=?91<J(+AG!9ZJIzSt@0#oP64{oA>
zx)q(goB4Ew4ZzBV^t689<K1m_nK7gq1Z#_)fBSMtzRXe#PSgn4?2_cr_OWsWdyEJ`
zoCK9-c07nW+Ly{{C&+}8H=#_iA^jj2)V|tHYRSTS<<<tDu|rS#;ZHixUGQjekDN~U
zL>PsU_3CzI-37D*_Kqq}9v~HbvQyOsSQB{kAXn0BH?t-cJ@V!Y06aSuO(PG~K_mW<
zxONg!eTJ5AB5nc18zYU{(LgR|4!92Bvq3Y8U6siT@_D1hn3I|D!f<1XWET6a*K7y<
zo$@VI{)%%B=ZVo`6YnhA_AoXzW7<9t46^1t%oim<AldrlmcTqw3S{e)Dl)AkxupT*
zr0$X=YY>KJ7o2e*zm7`3NJ{=%5Le$5>Iq<?)FIhV752i%&y=jg7Nzhlxl2J%CN`6I
zDlV-4TeA-CzjF%H#G%oYO=Wg|3@)Cu=$<^%WJ(;WU6tl0)X%0_$;SfSLA6wwGX+kp
z?H_&t2@Hl^P)2&<Lt6tX^6XCLHST6s>ttAC%cjLs@vZO)YNUQ_kTahDMYE}i)PE<{
z4N-2?Ojju)D{;Z<Ph!UnhrNbFaBB~koHO<nn<*=#S9vrRX3H4+Z=_(IhYC8;y1#R$
z(0XFNQs$Ao&uWPoE3=&GU0tyjA(!AEh5oWUTA2Kq-7>Nur2eAmtgY-P(y1_dN>#5u
z()+@CqmSx;fN0&bjFJJC?9m1pXQuU4Q6Tl^S&TauzfYQb0K0>>sAOXDeNCw|$vS$`
zrB(}<#pt6)S!e7)v%$~7xdY4LLw#@;dsx4;`ehanClXna&J-LT;BPxCLuw6z__hlb
z?dS`UD38s`gGUQ<h=K6jj$_>H<#kk8c8q-VK5W*F>&28d17rpPUz&V1#%&^7PqpBE
z&@~B#3A>NsHb)$^$TdnDq3zmXN!t{PUE3-@2$f&>K5ng9aX^xWna>c9Mfb-s4va0F
z6PAK&g^R#5f;XoXZOUZ7_g`rA=0>uKvhz(GRN^odMi`%~uc5B&ugl$G9NpT#x8t8P
z$5~q{&ee}1TlzEYMkAWO$kxY3xhG;BzdLE%wXch@7pw~KoT$*71IRcqvcuVWb(3Hf
znm!m=VD_CA?}kahLBuTU@{Iz&-A$5Nh6@+bM44Q+JVKSd;*@i@l*|3l=?s)`@5Hnm
zrB2<G-f!dk;e}Gmi5_vOgP#&4vV5-6_ZtL$nIv(Ii@c~zhhG5+xS^+YdW|KBSMwa}
zL`U@2pB)@TVE3P@i<?*h=ab}b5eXwar{x|p4Dl7E7+>+;OL}8%5TsW7I<%lxXLUFx
z*X~KogeK=QrPcU9wJ!C(_;Z<DZC%>t`5FluG19&3B75J{I1lZd?bi25?l{~*LAP}?
zsNAh>%U2R`{;Q^SpyIbe^3xIR43(!%5-oBBRvmD+S%NzSt+kv59KVa`_v=BZx0N*~
zw{bVft`IHzeMwJ8nV-{r8qbearS;b+>vL=$h_x8eaLs7#(NYHQE0)(oC5PvOT5#IN
z8aTZL^Ef8vVPtuaq)cV@U?(DM<eakgPqO&m<>R$!U#)91$Vtv7$8R4BR?S*oFeO2w
z)8!d6&Yo?@>Rx5>%<_aJ;TaHM$TNJ}ox4k@HZeI_<D+}<c2T}^ViygOog?=|jP*KW
zPlAeE7}~xD_oncCdykYS*0rP~kTdXmil8do=uGGVUd`I0Akzv{(8)38#DnQ&Y6qzr
z$lkb6x?{ops$YVuLx2N?A-+)FQya5`<uk(9%gAl-VK@j`QI4d<6(cRqon!<boUw!m
zYf}CA98F+6yAUsGR3ekd)=qo>vZcaA_^hi?!~P^lYW&?l>lL1|Ydx|sc7v<6;_<t#
zA&R5fz$9*$Y|=D7eNr`<{H1KvC)<17O7nPbM|xxQR7%e?^9M3;fHv^1sLuMUGpT$2
z5Q252yVqx?OL&IEZ==Hq9?cDH6nW4YXlPddLX<8#BFjW!>#M5&5<H<wN@KQ_7gTBx
z<xyMP3|+~|7bk{le_tkQ4>O{xHI#J9cmkQBQn&Kgx*B)zs5IeSX-uGEdvTmTf9rZ1
zUbdqRWk?-o_~kYgB-k?FmQck1c8dmJB6bI@311Jy9)GZ&zVADS<~YG8rJ+L@E>UU`
z?XrKJ>olUx7+Ys@?q0rL>kxHp4VUyJS$>2RKNtJxAwG*^i#uJg(Y(ESe6p7vOZZL9
zNHx@jr^hXaOs0|!1w%mE2ZM$T<HbAo5e$3MCl^@7n#=OYtjs)*ar2&g3qGhqY>j#M
zSHBmN*T_}xJ_CLpk=u1>0jHDH^*WKJ=W8;WNyA%|<*fHNvpAqBUy5S8b{Lk%AWp7p
zm^_BhaE%iewhIzx&)`)GI+%|pW&7c_pn}j*w)>CdQCi0ju9`21hA<zCE&1CGC;DK9
ziKuC%uU0+LzgApZbVhP08csFc#dmmWgth`6zz}SCwR^C!h3fpzARw`N4zH2huH3~l
zHd#?cFWDfluV3xsxoDgpx7R6DdZ?bAU-=&I4L}t}gQ##er>-Z?q<i$C#!__TN+4ko
z-vw0P@hpMzq$_;i%onrlIIO5--RWPJf5Y<M3oJZBZ1S?G4@F9>kcjAXr}c!XSCxI#
ztt&S*%_<7sI+2(o%qQ!hd{(F5B7a)f^wPu$;)ST+`_j^4eJc@}t<50&0v?p+OrnRy
znihsM@Qo9239F;20t<QfXuR`Z_C?APZKv#M{SD()?5j1I!TTrPHLb22yB6<D1yExJ
zP{Kd_jOqGQ%h;g-lVE-DT4aKvuXU0w1EXVVCXvYV150(AKel8n+0I6l801bR=db;M
zDfw@|4VZS^5R6u%@G&@Ci$qSG$@(U9pB~#V<il#dv{}0KDZViYaaj6*<(ZMsg2DL3
zuP=ngo?xv*CN}ZkL}6!BW)Fq6_V{1OkJf=_xK*`C+*XXO-tQKvK7f3lR2(A~Bu-tv
zRKnir+s-eGVxsy!u*Mc#Zsaf9@iI?Jw{{^Z_2uep?X|++e_h^ShBA%U>f5_~VxPSH
z!_97G;q}0}XCE)(gNxQsQRrQZn{7e2U_jIZWqkoiqIP;vAEqyJa;WkJCv6{AiYgdU
zmM?3MDfosfI6yT&JPX;0*3)a>-qc)^EIvN3OqIvE3vwB##O-|y`-IZzN8HenlPJ0D
zVDvD#qz?QED<=Y$GcJP?avR6zV%261JX8Im_V=YE9KAZ3(J)P@TfbaPM+A;+j&FX-
zjvfI_sXm(a1)F-NMLXGf+_sF`Wc>BgsN%fb1N;x`pT>^#>@R?vpD6kXCMx)v;duC-
zgU#CsdjzqT$c;|5^?^CG=`|-(wFlvf#hRn5^o`EVfgAJ7cFY5J8LL#!ru>+=T}wyR
zA^{D(Optu@Haa}%(P7S6$G}fN;+xg)#T>d_I~a*PUN4DmT}RVk*pzPDXb%$ZWb^%e
z7VTQV9DiouUieb9O;DB=s_@p6?8WF%G4Dh8QjBl{xEFK(;Z!9yyDvMTHK<~uqQuo|
z>5+S@Ugu@n81v}t)caOL!I<=T^o!d1o{j_M#2$4=qvyTp;H<kt8BNH4pK8ahCMF86
zWw54xEmQBsuCm?i7dJbSPa9~tkyU*+By@tNed<(+1;PCO@rmAsM=MeTRw>CTi?h`!
zEH4n~2k|QPE;Dg$-#55}Q>SmdrRP&C3wWgaYxwUD+Ucl!%kuP%V%Re!c<$jD4>lUO
z!$+LIuWUm#!nXdanmk-LAPeoKeqwJh%NLe0^d7+1RacrP8Dh&-#ZG~=;2!vGK3I?m
zzJl3%8oG5#JE6j%_|X#gMXRwMd45#aywf4pxT2F8MI-ELp1NAxY3z$3l9dV<@ZTw9
zD?LZ!))9jAR36{Dy42ON!g1B}R#V(Na=c%bxq(xDyt1m=_z-t;!5Zj|U#QbMm{RJe
zTU$mDcbJ4mG!9rN)sPMO#zeJ*PC7#9tgFR2L@4<XKiM+KK-Nv}%`jtlHr<ZLnLcj+
z*!+FR{!Tw@5RE|EJp|o$J!}|yY@wj4B7X`iXiw*#MZ!k0<m;9BXOo}&zn;E48p`jF
zKPf`lw=5$RAtq$aAZuBxA=!mbs1QO1GbOT{EJc=KW{R?=WM^b8+sqI`jD1Fy!HjK;
zncsYW=lp)>%z4f{f86KZ`(9qJ_r1@3-tWEl=O$S7CsRW=_I4%!J#~GP*;3<i><Ud~
zgbrN-?|$d(qIg5Y^hS*4+7E;KX4i-L7wOi|XPzY%`2AUgiqoCbj)wd7znn&dH*}>w
zh;BR;QQ%55APqIbB%qv<E4qc;6Dy7IFukB5UH6Yv?A0lCj^3`;?LEljsmU~-$>C5C
z?=$JFW8d*hqrivm8f$gVktYKqC#xUMXf00FjcQs&gX~&b&+23}VC_TQ&Vk48XjTvE
zKN>cj(*HA!)xAn_Lqyhvlezz!$zCfA;M}0ot{lQR;K@7dYCiNGD|+p^=~pkrAEK1N
z5r0%nGSmO-1`G49WP0+ic4o~SH+44H=2!z-wq&fn9-F5SmLBiLhRP_yZ3ptoSnECS
z_o1e{vMYQBk{m`K>ag+|tRsJ?gW_+%@7m>Y>ijUdPyG~4FX_8XhV)*?$Olx?5xxM1
z(}VfYM57Kt@#eVQa~TPfPY1a7ck&uN7M6bO4s1NzRtXFeIP1Q=)u~lC9ab6qMcjjC
zu=`r9b&hp3Pv~{)PkKUdSJBn~in^4ZD$xaBw=S_Ve@NOTbon#!YcoftN3r(b`<m?T
zA2Kas%aTHn=`C9#d%C2y{59+6!Vv!&%J`p+1*G&aWF9kZw+)^8MWE+w+`0U3tp>{I
zC)dOnuAzV0m+m{moTiU2O*_@IUM4YDs_xOO>l(0->zBXmUM(i1r!VQbDz{4aQVLah
zL_30iwV!&u6Qc?+JX4&IaCO8W_?6^?)5}rQ4;Nq@tUC2XAl&HrtWz?*{D(d(6g|1d
z-M`37J(@dt$EbL}_!D;KDZuUdyB3TxRvMca?)6G}lK~~k&tJ~_a3EH~O65Q2(t`oS
zvj076bdPRM;+zvWXjuSyxotQ3V-`&SMO*tXkG<+fWLErySHcY`5>qx|Mnc+tfVwzo
zFVR6YKWwhx^8Pz$1~(!Uv9%KfiL$S&@c1Eg4{uvT`t^CS)M+Q)eZJIbud-#t)@T5{
zUhcH*doFYoyZ5{`2;yj;Q~@3KG*YkMeS{bs5^<-7fe<D-ZOz0*<+pBB3B((TAjliV
z^?N#PrHX$Yjj%%V<r6#4BFC`%r!1RRzq`YxU4DT3z}H4>F&*G*eYSk}da(&9&`gwP
zB`NnZ?PCh`J?h9%(NIrQ8Ny3f+RavpiNfl^j!zZoNE-~{Km~!Z;t<>lX0$jzizI8}
znG8^%^5NuhQIv_W0|#f|7OQMW9mcsfZa@zbiS%?FP6iuGY5t8~<P&2E(;ozfJkrU%
zK++?X_Bf%4XnP&_3!HrYmuugsQs#V+L`Z&dd~R70A)IlHX!@S+@#XDak4z%q>yXDu
zO+1>=aBOW;XhI~U4t?Zneor<Xl+WL>J38y`+kgeoSF+jZ-klUl1}dQ*V{y7K*zlIu
zyB!PC%IGP4&Nugj><|VbQeik<r0`%Hg?TNYNMi^5$Om&k*qWn+Vw<*M{%d4pfxSHS
z2J`$(jNE+m_)(}x(asZrjW9!+KAsoZ3#5*dPMeV703bD!gf}U6%RD>~aH7`{y{WBm
z*1qry1iYOuHgP*Rk^v$Zpv>S0-G`B=sO5?*bb-A^%y7UQgi4nl)S=@^2&`@oc(?`k
z%`lQt6a)})^p;A2dOlc)`5}L2p*0S$_mM&#!13VaF`*3G{pdXjBZB{Zmrb(j>aDh|
z$27j<xc;S<0#!a&lmaP%Kv7Pg>~|=|m>mXp7w^8JkOQ71ENoeFGdD;#BByB}l4E>3
zHz=&OD%gTgwmk~H0qz%~eggsQ@@Sh4M<3^%b7W@dU%gI1ZYER6E_Kts)Fk$LhAxD9
zgGdN2*eOYr{(7_>N&VSX54hWdA1bq|-vO`Qb1bA;B<-!=NeEXM#(&dY=ItW8dmULK
z`*=ViAQx6uu0(E-80aqPF;24w@)a->hN%)mISK4ez4EwBR|JmP^$0NdsU$bo;FnOF
z?$vZdhXWs+bv!eIYNF2TR1zt+v2_I!@1GcGA;tjWQWKz3AUBd@#a%mOA}Wy!Bn7gp
z?jj*Oi!%Un)K!wJ+4V{bK2gRlX~z6|OdQ}Moq&!u(_@;|$kDZik?ox@>1NA=7F6OH
zm>{k8upY_@Y5x=qfFy4b(TOPs38bD*&-nJcIp1Qm_GCL@02(iH!W1YB(WH8-4+onQ
z<mk6Zr@u<$Cb(kNAnli#cfo)r-V#4<W*=(|OjSrLjt?E3;IZvCWl0i4M#s;d0^KBm
zaPVYkt4LeQRv9|?4D$-r8)=j>>rMg|uT>HSCNmHNQ4bP-IaOL46%H_blfJ3{TF3@}
zF9!o_?X=C|r7}a|KVJMR#MJAbA73`Iso2aZ^J;cSSZ+o4>vdit$)GHK^*f2ulYZlK
zG0n4hS4w##4;5vRF$+K9#*=36Tf$Nys>W~<nY5cki8xp05rv91G=-P6%dXs$4lxKX
z(v6;Ex(WFXPuN8>2Ft{PZt%?uEdXohe_8<F6A#uxvBaJWWiuwF$<VXj?Wv)g=2%h6
zf)4dc)8^O*&y_#Bk5UneR8oE#r#h?;?Ib{pq28|D1f>9E$Fs%oAh}^}s?UBh<vIi@
z&g{dpLfm|!I>xN<HcJeI7YM}#J_}F91x2J-vhFB8@(hR%WK+p*kCqYICYS()L)y&<
za#R9t(fp{`bpRjMbI^3M&A2-tvE7bjibtE%eW_9cOf_oEBri!Nfx!)l6o3`{a_VOC
zg6z8wXMQ`8eh@W1&6pmk2$d;}BqSqA^KZ8RZG&_u2j!*l3c$`m-X(n#0D<?eLqr5%
znC;X9$H!sqLLq9Fa5360X;N<3i|RjbZz7{iZLyKUd%{at9%W6MNob$R0e9;q0c7cZ
z6AuU~R27`2dEpuA)p?mXfHL(OHAcWs7Lv4O^b&A|s!CcjE0n>%if1kfMwJs1pj<Rj
zfwI#qQ;bH+v`ma!q7zefCrOt&nf#DioTmj@4O>Ps?}YKkCgLhMM=^54-$@CbFm{?K
z(h_Z%qMME9iHFJ3^pQsC0Of_&WCW02jI0r+-2nsCG3D+*^%dy5_^^aowl?D&q5@TF
zejnw>a~woP$_<B7ugt?vgTSQgxKy*kSdzzl&2s^Y3rUuA-K=m8hfcuo(QYFZ^A1o&
zib&Q}W2l=ZFm9H}C*xUDEk-Bu9E(GebZd%Y)i<sz=os?}g-oFmxns|;M7wCtC%|wf
z{V;(E&#<I@0(A4h$h=05YFg?cXSZv8KR2GqP4&^MpA~4k-+eyKgXK*uIBmi4m>(I$
zdt9UgOUV4RL{gO8FjUC%K*h7a`63m<($w%S>2#+Ne{2!1jdTMQyQ#gMz}nw@YXXx7
znRQPlBNXYENKGa+5$6{@*MosK2y*|Xg+Z3xs~HGY7DlU>7bcUOJ7F@AQrrZJb6}UQ
zLDau&?ZzqHA#-uh9ntI-3<zO3C#?P82>+bh$awV9XidBZu;q4v1NQE|Os@npgh*Hs
z+q1@-Lj9x)VoyVUkR#~w7R=F%u&6T=WJKt_LJyMcvUIG%1ag*t%99$*%b;^FR}y&&
z@L|eRv|!S#RsHNz=w`4}{jLD%fu9~kvR{*Z#<fQPQV=fLW=twZaTW!xDYB$LTLRcM
zfo1f~&it!2{JCaEpOwg9UV>T~orYzQ2<9X_3Y5#TfCFHOjL>2^jwEMy2eir4Gl{*<
z3m(4O{wol%=yta_rY9yKgM~21xHeQ_0O=B?TR+X?3bpTFn9&CW7(tE#P&1X_{tdyn
zuI{j6Gzn=^Gx=iImgI!u<N=+G{q%GHAxpeiW4P#UzR$v$*aZA?tiiLIE!Ybd>lNct
z%`u#wKWJAL8q9!#j2}){0dj?VH9yPv6z2Jajtyl%4kUY|Uvi9*Igo#GPmy{?pse$4
zp=G>>7zo@=e$j5;EtBMNnR<#UZBm@pe%AwoCJsQaL6O16SRq;&OO-}R0EJ%1kFRq)
z4}cad|6jxL#Lr5y^lypI9TeH$z^5i49{0;rzn2=Az$8I;mySeOaR&1>K$co^yZ05Y
z#sbKH7-8nANOi@TniV=wy^vUQK0z9q#eob7NaoLdA6DOl;AeQUA`T=6t+J@3$l3W&
zy#>mOwt3nVAtJSKi4>OO-XT3e8D!&36WYaNi}E~G@L|3!NI#xfMaVncKH87F?VsZy
z7;h-c!k$@CkUi;`<#mW8ggiBXG-=|Qg1AKW!)qqApPNyk2IChK7>bY&xW}GDbU}zX
zBp%1&As!G1$cD6tH%)-bK$39(Q^4^#>IEd3#aPrX5&-Gc_Bupuc+sgO_e`5A3miDn
zVq72r7B2W9iDzP!AoaKjq#swTB+IyAX7G2%8HNrdG4}zMa^jJ}0uUheB(krhMu>Ki
z8iOPxw%;Y$qljFrF5Hl?<V_LU1L||+g#Vzf*xJ~CBoCzLXx`dqj^PBnWQ^cH3wo2c
z=e3g{SCWry4C}p@DN8#sRIes%@cKFyw2mF}^uKSZC-17e{CDt3kB}eJ(@xT5Q6SL2
z^FRRNLq(d9C*#-JZz_6H-jQ{wSE)80;jltob8l&=2x|h7C7h{ypT#YXc#f5+XYgcc
zTvq~A2vUawvtou=ZAg;1ViPH|6C>Kzf+O&vW1p*Ug&B%OoP=fS^4$yW55Ejs`x*1A
zjvc~AbBt+TuP@E9Oe?mb3f^Hvk!1geq<M|x?I19Mr*Co}lwu>LZkNH5ZreT0{xCSn
zlEpre=0IUqjbGPzLpG3GJMbmoV*j_ZZ7H}3baXs}ji#PSHl&`(By(lg_%p-uN6B(_
zAePkx!#(6^k552eZV_IyNJtY8LK*Pb#HeEc>dV3qXjm`N&QHptqk`75mB_<1M5o5U
zEcvoGM&piO;eaMs(QQdIF?nzG1wv)T$%uMV!0#H1fi$^5CI{pj`)6V=K}3+4pnj!(
z3LE5$xRJSPVU*ZV>mtzRdBz-8;Mle5(uO?sHuVZJ(ikgD8)E6K4AsZO%FIxQ%SH2v
z&^V|!kz`}C8q0VDOpJ*7y>D@nsKj4U@hnn$z>3vnQdwr*M7m)D``=VOEm>V&r>Tbk
zuBdPK9DK&5M5$6K>1w@!rc^0pqzP7Rxrr<GBTf@XiHGVys#yjq_H&==qK+ujZ$1RS
zBo~fgcYQaPh3>5!JF-kEx1?qojE4kcyc^MplyhSeE6_6#HApxmh7E*iM1?cICE^cl
zOAmP-ZId!dD`K{j3JiOZD#GetxJMFW;)qC^L>bhebLkyrPX}9#`9yZ7f){vTZ^v^y
zNxA4~3~^L*#qb2ni4sd><UJ{3JVN+a=24qw*u!BwR_BPDDmXPnA0#`1St|jaPyZuq
z1_tF9+ok9~81?PkhSC&94}u^OJV+`%2gxSD57NV$tVY0n$GW{XO?;SnA*W4Le7h)%
z9wqUh7U>!Kav_Mc-O1#Hu+W!hN}qOn9y3Mq27I?9tI>5(VyRG>^i7e&he$F%BZ2h5
z+ie+5OoC3vd6=hF)ZpME(=;F{6J?+^m05!`#luJ7D^BlKS&{I;YMh5n%X^?4-wm?b
z6h)i*6iIm54o)kcWYI8-%`CSHit*KEMi;3>oHcGpreD>#=HS}~Oswr>^WidCk+dAo
zd`vYmZ#O~~^V9B77fpb$Hninc*bo-N0>20J0?+4r=2+pirJK~CZXHaeohhHt8YPB$
zMSXTWZzoB24bNj9)o#p3@W~~fpo!w)B2${f`;!n`>IHRR^^IWF{!vkoM;dmPg!E=u
z6dZWd?Tvwd{rcV~x0@H1i6Z$#4h{duFl#tJAp$)vRuiImr)Gl$=zVo~cU6WoF9%KM
z%>h?xp2MZ~&~T!$-+ne+hkVK_(?N^H1m^nbLy)>KP#oaO6!SDSi@eS_?pQj?c4q|R
zYDAX}ycSX;F3bF2*sj++GS_9iiH&Ichh*g!q6`puNn$B6M<{!-<L5k(XSJZ}5xh>)
zZlE&ci$C!+X{}o~Mm+ZG&wVAT4HA>WsQkGvO}!uhQ-o|AMi;^oJ$BmMYm97KlEcw<
zmX`J+%K<N-_5RouQgSCjpsjVw5+#;&D4q_u_k?V(fuBgGthiB?qc^tS`O%{{LXOh5
znZElIlB7ez^ieYq2j8frsNV2Yp)H@HZ5OZ8?yZ>}rN#g);0%0qFqrx_dLz716C$E6
zlgI+#4Lu2vCkyDqx(&BHz<}|@>Xn$69<6<9%xIFwu>4BoHYdKTyS>4}uUB;~?NGx+
zoTiS4OQ&Q0Y~~i=B9nG5qF}%&m>kWjwtA%mF1Q$Ro)%OKcS%Rs#}0{|uYVt!LSsed
z0t^WqU7E5wRP6><h|(-Tb3%E{lV*AtNFW4xzi%N;ZG7VjiwcaA+D(^QBtTB<oE|r@
zqBL!)KYq9v%_l?yJgaFm)NkQAzT8VmAhDYlz9z*c%nBZ};Tc7^hNKX!Gi}C&Frk*G
zp5}DBe|u{5_PnDLD+7yqq|=dE@{*%O9GazG0Tzz~X8Q&-j_ie)YL<N37<=+RhBSPj
zW#@0Ay{%R^3<NPOzCir0iuIzNG`ztOgfu6IWuvkG$+O~zpD}TT=R(@?=mTG5l*bE?
zcm~h*z9i_iy*|2lCY?~zv-9~bh1G<MCUVe%PTcyn)#tx?ifUqL%Seub^MZ=)ec%hD
z8`d^bhVD^--6^krN(q`(x1r0N&vk*M!;f)^oC;Jb*4M;nn!{H{(-T(cNq}BOiDFs8
zHELGkp@TBb`x#~Rs;2!!M5GKK@cqGpkPon6=M0Ny5jf1o@NrmgS<|qx-p3<o12GOj
ztw{o7`fg#!`!N08r$AVwklzc<6H)FXn!;_qCFlaoWsoQ+^bMNeJ8N%>wG0m2Yg6Eb
z#D)RZe>6Yq_Q*9f=DY4)%$bURmGNi78HUQ0s^6auhkP}ZsmH=6P(+#fnxi1&eN+MP
z=x-Vz>W`YeG9)i4Obo)`e5i2;0Qn``LI>uD0=_Oj(OfoQZG=RU^b*%0$3gu-`gh13
zhUp$-Nf|9uiv>&LO}7dd5-A?faQGq5l3O>h*Zn=qux4;W|32pwKm^VZZj=akh6^G_
z+O~799}x0l`2K9ev<^`Pm?WX!1rX$fCQ*x;CD;;MZHd);LeAwtiM{)?0h5G4liPxS
zX@pp<L!IL{Rcoi`xu`b<VDgar$slM%3Fq5CiyMAa)N#a-!@6n9M#J<x%5Zbd^p)Y@
z<Mx-0Q<aJ&JeUQzrx*OGa@5E7o&3<8wvkl*E0rp^t`%K<PsCnps>f5lH9pD4;G;ZB
z5*mAfK`t%i)2H3g-$AvL9!t-}5K2`ccyI>e0>l6^KAHj5BrZ4gG7IJD9q~~o+n%PP
zC%Ty-o)l?i%b&|8v<r}7fF-u#$-ece>zBV_4a$n6F@*&9&Tk@kJqL3M@<$|tp}KrN
z2{7^#e>6ILp5#2iT4+DHMz(<S`Vm;^nrsRqG8hsxJ1~Mbrdjm(6a?yLxa!Pu{`(15
z<E=c&&uW6vHy0=Y*s0}pUA-6?Y#KAjN@@|<;W>ak1ZnJiz`Q2D&S)om4x{iHE$<&A
zX7j+!<bCRhd{M=@!&r=S=DKyy{`N}oNG#@CgYu5ABw{i7W`qQySm$}YIU^RhK=o-r
z$!LcJg)a<hPdFdX9E&N@#!{fMFh%InQ$>dAN~|6_k|?y`cE498WRt|)&(k|@wA>~t
z(S(*HwHxEK03MF?;>)xKt0?Ft=&*lFyV%UZzSi(+U${<lAGwlr9Q<rS>_7eO8cmF+
z>3(ZxY`EIiL!{X6#h7m0UychkoyBiS-LP}ahds<Dlo)|DYlsmt%GzVDH7%Xk*Udfq
z6h7+vLP(J;s+e&Ia1Xv@cZDIhqlM+{Q)09TgY5AWDm1?o51S~H%UDkgk0fam<8@&f
zUP}z%=^@;~A6<rA+orrP`=*C|sLXIqX}^!Bh{VbtiY6U4o&))RMHi6YO5a{^0Ccw&
zEFEYL?GM?lwi7(t1Y!5f7YXT@p$q%l<B@No+e5mQwx%et?-pRjcqhR!-y|Ww`14LF
zOd)fo2Oh2rdHbVIvv>yv=P6I+XgMlSfe?ReZfLu0!xcTr&&%3#M;MXl#1GdYPJ1E)
zZ*_r6hwWttMquizCCT^R`#u}8Ieu|ya#>+|Vq;%G87VditkIdQ`RA|SJ$j@P4JEs|
z8*8$Sv1|8O5rfI%zBz7_yNeaai8Cq8H+K==UN;}T5^4L4@~k1Xy>2E-YW-G%QE!*g
zC5K|qUK;+5+$1hb^<d2K#bD}CO1m{4=J0R#`fiHU;%^o1woTj3kbEUbS;2i`vd^Xp
zuM=JApe@anl6&Zf<g~4un6}K(wO`!t)?=vXVOl>Q7+u>YEZK|BG3~aQpGn^nYljI-
zOVI^~o8woPTR)SIUpMVrU)iRB*JBT^P^I<)R$3Ydat^S{Gz&0;-LBA?zB(w^<B1}{
zlp#NdHX%Od@W#nDX$~burp~wGwD5jHZ>vr!K)VO8hz}ab(X9}UZ9~C6k$O^~_wg!(
z1rI`MaLB$Vnl#^Vn}FY=x1B%s-Y(jDerZ@b1)7Tjf~jS~$I|9ZH~hYGGx1*JG2PX<
zPn>V%&`zia)`r?|-(6~2Jqb@Ffb(YD1-DIm^|udgUihU5`c?n0v6%3&syXxE-u^bY
z@&F#Np<NjM`~$e=`jBBnV+&^N=|05;)+19z^7%Dk+CDUN6p+HaK^Jf<`y0HX1evee
zi~4XonerVa<3KeM0bNcxj;f4p`+M~tIT|@`xR*oNXRQb>*l|&EH!>CV`ay)`|Babo
zPd_s?N$**S>0y?lV0MN6)$)VIj6Y=upgTg|S%Q*%5EQCaNCVxvh;}IyM!6tH&@R;E
zThc;fG0)r}4lbc_6Oy^r;;!KtX}4@st<xXrX~+&0WQisQKXYr=(dt<f)zVY=e70KP
zJldk?BW*tlESNRQ)F_QcXDyluT#vkEb(1-*p$2*wuLJt-VDFZt6KmoCd99;fUDshZ
zW}W`n`EOidWxS%Ya;V8ehoyL^d{AntE&QKo?yNcp6mAUp=gIsSY%!A5`1=#!*Xr@z
z=(3A&KvsU10j;;OF0GsTQmD1;ZK$uCjkmYelh0$|z^`@HYF25NwAIxtf(Nq`$gC$_
z($pR<K)lIvgXq6+OC{E=SfyHHw=6#PrVl2ir&`^-u2pT3rK{I}80nxn$i6VbS=N_!
zP+?>*VN+8iXrJ#5ZWTg}w1(8)Syj4oOG#dn@ikiU;>WbK6x;OFTX4$7o{JYPizLEl
ze>YND!;H^N@4BjR>`tTp&I<|o91!yHJEEnpOjfvHW>~GOEZ8dd_wO8sT#oBi=Pmj^
zmVGR)oFE9MOXRMi5A(ehKlCxjY87{{5uRJnrenSufU;VZKCh<xfU`#JY{?jjJ8By9
zrKM#x8jA9N#k1dtDxSP=i`P?7$8TVYpAevB7QQy#HH}=0;JcQkO}(py8X9Wl!GE7m
zFm*5M$?h$|$Qs)63V2W~YY?A;xE2?(nE5ATy+?c&7e^$beeSY!7m;dB&dGd}hj{aM
zpF9@Q?Rf`svCJ~uCe_Ni5u~Q<UY@M<3yoh-*|*ME%hPw663QB#arx}r_ZuIeCjZ%T
z=O?&p&fy>^WHr{#HZ>?&N#0w~US;j(6=};1sXPfGNgX+b@v~uNSoB@ZtWhDxo?>^Y
zWs%e<m(s8Ff+Drv-tOMM^fU>v>^y;q#?^pVm$lVp_0*JQ50{>N(bS#fEXz8SHmX|4
z5~L&g^S>KJ&05=?KTn*PG|)Cwi?Dg$YU^6sn+D%O&=ZXwS7Z;@{Snu!uuw8oba4oE
zdkAs(+t|27)i^wUZ#VGAd2c~u(Hm{oR5`ks#I+g{a5-T0GuJOPdc?=#!bR4k6N>hj
z1&BSS>$Sl1vvmQfTcaP=svnQFMx~Cc+GV?VPJE4`Y>lhhOR_17&5klA71fk3g~vJ1
z+YO2P@ix(Ovl-c`-knKlRNaP))y!?*^6WCFhEsQqR;6P?an0{z8C~MR4i*k+0S!67
zvzb6O1tn$K$%0Ji&Xac%I@(=@C+s#&QFiuug$vLAd*tvpKwa9?fihZj{+CY{xL48g
zV_90Vb%vEuV8vXXYs-84^h;u4qhByHiekInckI+HvgEWC^z<%)9+|m0Jh9r*&8+`?
z5UDxwPFHKge%wfHR8p*fF~K$S;gMRtY)10N2(PVc(Wb5atz@f|TL}KQ08M>c@h(-L
zLDHv#yrs<KkUO`|2b4YXu~N+X{_a=n=Mc1@#_`3+q7NMn^t25xjd^C3YA6~(D*}rY
zcC%4U2a!D6<acHJF}^12dEMZ}h~K~b&)2TrxfP<gUlwpD;C$`2+-mp&p{g6xWnW-i
z*8hlXJLuf0#`;pb(511Exof8zTeAR)$^gaA-@IAB5^#4ga2#VlV6n~zwhydLcwWvh
z%qBQ<Zlq&BkB<HVo4HtIy|FLwu;{<Jhe(N`Dd68fDl134%gUrp@UHuYhWkZ53a1|x
ze=O!(|Fx*9_2rwpT3|!@N)LCA;M>qg!N_~)w0UoEmR-;(v_)z6!;5d{fA{4peBGBc
zRMl2cSJ<TrwGuAAe4g#yI-4z|^yXSXh>zw%mQPihT|^^!nZ)dy8m;^J)%WfG;jAv-
zQaZQ%t00TtA;y)T*Z=*i4h=ur>uVW$wjbDhq~Gdj6Y<a?67p4JV6d{?9Xj8c&?sTn
zU9{MlZe;A1(g=R~RP>)o%!QvX;+h47skdVO>rFNga7=AVEpUGyV%L3`q)Y79%XHrI
z5^vm!y0ujPFStrq`MKm%lgd5F5M}hq_rT{xiV0iMRV(o$Ui}xZzizl9R%$ko$Th36
znRanc&A6*RdtN!N?eDKYYsAfsp{kc5e*YaVk#;&g0<TU5v3<k=P%l(}@f!s#rJq=N
zb>iW)x{#Vr@@+!-b+*4pY=4F7-nqJ{23^+T^P1)HvS3TdzkM@+T6JRY1^=R6r-$<N
z{dwNz7KY)%3o{>AR7}Z&%PM;#yGDAZ&CsB!_eKy0<jhTN#D!S5vDW$j)-L}Sse`jL
z?yXhz2?&=cIJxRasJ}Hco9uUu_To(+g{^*6gR&^WIzU>V5S2Ay5J*u3bcpcJ{t=x`
zu1|3#NpYHKA@~nEb2#EP>JxU#KizE{d-!CU{}`1-3=>=Z__gdo;dYE@M-*w{EM5xB
zck<Jd<U*0LmYJIw#3QysAx>h3FlYV!m0G{N2c7Jp?}t`za0m>aG<iR1a;Q%@_2tx(
zdO<T1a>Cx2<J+&>=2QCDKAqV2Q`>Kt=iWNTtsLFSR7{t_K6o*csNDkp&>(6oJa>Q`
z+HP5reQ~LS+{G1fCFSC^!V@)ofgaYLV?O8YRE@@O$apc?0?yMLc~8pe>Qbv#*kagj
zN!hH98N5)vkohXP!k^86?WI&V`!5du)Ax<cD;sj1joJfV9FLlw^nBw!dV*307S7%0
zi8$f@;%M|2zx(qiYyvic0!iW(=aZJo;jL1wY{~0j!ENs;zMtOAr#Gt;{Kb=O-$&}0
zH^;YbcYhjdcCT`6JMugFK>pV{gE*VysL{b2=Qt}DkY6?V@-QXr>{@X2Wx1i5{C}s+
zA6MlvdTXV+>;j42XOQoduN(a*_vqo^>|p<Cu&<h;Pk>`(?xlfxg`fq~m4^b?E7?9N
zbp==fZ7ly>oNYsUP$}+5vf5mK6&RpI<MZ*}OM4M<<Z0Js{Z-3Bfwv{%cA5E#llM;h
zTme$vA>De9OPBL(vRfNo-3hP_sWw^mm~o%ia$UMNW%ya<RQbc-dSh&X$)l(muMp8s
z9d~tZB)>2WdS}k%I8ZJEY%$|7kxT+K&%H$4Pc%#r`YZV7(<Z&m_VWr<$XBu?O-Bi+
zd5==6jCf;raY^X6CGipO^;IeBk0)-;eEkoT<#Q#>NHpiKv%{K(&m_cg>2uy3L?twH
z!giqiT2Gu!g@#b%M7V0@1V6rc@IVe2)hjrEDsb#e)9urDF$!$^4>WeyobDziH~i2q
zRk+#WwaupDAB#A3c5?|wC@z$J-&WXi{HKTzhFS)x$z?X*NDo<YIw!RpegbUN(Y|q*
z``#(L*()zE)8{J~^KU+>z93!*cp~EMxsKn2uAKFG9F|k+VfYD#tn`TKPU=Iel$8$q
zF1DddFh0&_e9#}#C21<?BMPOGCtg@LUuyltv5C-IeCr;Z@^sx!HuRGwrtaZ~x`zxk
zzYliy$AfuUX12$s`6Jv*G9x)sBki6q_im|e9EtcBJCwv4ojbaC?g%QecS}M6Dxq-k
zoRHBup{&=*o==7DJ{2;;3uTd#i%DF!sEA@x+xfO{;(xB7_kB-Fp8YUKcbigdsw0vg
zz}FvO30;7hu8VKJp}@i~+amPu^O^lA3UM27L+?^HNsA>i|C*^E&u(cr=soI@QdWPM
zpuE7Ly!%ec$YC^4Z`*=bCAd>}c8xAF1?O9@m=h`C<XT5Odu)86Jg-rHCoxmwOYqJP
z()ciF9eLpRU&cSE&1n(qvsPdg+0@H2clhgrzFQaMI3E3c+)#az??<q`zuzd<_?ovx
zIb_{wSIwSCVy|Vph^F0$9frKUG+QM7ah@`>&tCt;;4QtVsJApVX~}*1u_18uQIpja
zy?xGI^-fnWcKtm_%RTd>mbLd(M^E;PO?&?tzTcwV&mGrqoNO!Uh87s$y3P*jJb^;q
z7(dHUR>_Ze)ih9gP2lCzvyO&WQvOMI{+r{%c{}ZD{mg#yCU=sm_Soy~`O2=xy#saq
zg;{!{<i%nzeKezK^h0I8fi1URpk+$|d8hKb^+uM-Q#10guEmR)2?I9aWTZg9D^^Y$
z>ngGh=6fDcyd(Z@!}&DA|1K_z_qS<xE$79Od36x{<SuuJ&DygP4p{*9)*Iu`Hw;Ss
z9+#jl07jQMQ#cmXZJ{L^|MzBx5tc<WzALj#O$SWst3<whqUwp#9?@N12H#yO{oRBt
zi#C3!uKLZm%05jckCK+IXt6uC`XLQyllnk{_qCGOg|AJ<x$W%E^b?2}o%jKum-R2s
z#xcm8gXT%+_ov%Kl}l0sI&u$BdA{U12&<U`eq}2^%R^c>JjH$S!u@$Rr1!ZqVuc;m
zL8lv+MdyC$p3KZ=5B@52J6SWtgFQ*Z=t7LbpIUM0ByY>Dv3$17)YlI*gp<5al_<;n
z$Ti_m*5qcK(tggp^+HYOM6=<!n2)@36&dU*yr&x8uya^Gc%e(yxYEdWeLVg~rpll8
zl#NgKJ-Df|?9`(`ufT3+=-Xw7U4Y0s<P2wh@g262L$)U#UIUqYTfVl1LijHrUv|0g
z9PDMhx1kdBvh_kK`NrjM#tyA<!0V?XGPn!%?}<OJ-h2lt5e(?~Ztx{+X^nQ$Sns`Y
z%Lgyw`3K^h9m7qfUTR!P-<0@uMHdk(r`NS#tWEg`mwhFL!f2zrFS^(YbvWRC@u9e@
zX*?Z<E1aZHyd|#;NVX?&GW+93Enbo_#O{u;4Bp$)XXm(|87HQ8aQ!K&QrVIcJNeIx
z|16)>kGb0djedz8u+TFyPn{YnuYu;+*<RQ`XOC)^<gn~|d3ljTv5Iq;jctpycm+A0
z>7qURqogG<=oe%?`zpFoItjf&YcKf1QI_;l|M%%(!I9w14ql?5?6Yh95xU4T5$k6o
zkiv5&kPC2dT-oI=ShX;n2xcP>{kZzkV9)?vc)p}7p5Ksz>(!<4*@+VlCph*pWyKM4
zCuwdASq*T<@y2b*$0_BS?#;GaPlRST%&mQe9{<O$9oO(Xtj#84<mRkq#lyP_Ju6OW
zT<BshcXPgr*el<6LADiNMJ(c<7v{eIQWTV1(QFkpdeGb|R$Hpqw4cX=ebEadX#q#`
z70(@Cb*_q+lzUzHo+Q}7KQTLYd-kN>(-gSi{U91&unM`e@MyrbovNk5$^CYdPcmTk
z$&HULr=NZ<@3hbrDr6%(k>s5@6=_<3{-a~2dBBYJ2BcQ}<DK5ej5j(9Q7ys)kxHuJ
z_i8y0?YQ54cbxg+do0Dp`F&2+DcDce<%_w;%9YP+zFm!H2GQoKtw~SX+=AqKD?J}Y
zjs@jchHBah>x^%BmqOQcZ{!tM-yMdQ2=jvkhA*;R2wq%Cb0-we&ct>O&w5A`iZD&y
zHkVS8r@^#6!`NsO!Yn$tZz-^8+U_p`->@1oFcZ0;Z95G3e?LTGp}MUBs3T9ourwJS
zu;9ZNlz;I5Z~pfep%7}KQ+lgRsf?>^b??(vRkM8kolV`5>hkx~`iA~fALhp6CQ8b*
zJnz}Zd;v)Oxu(?ev`SODGN*<rQU6S}^!V(1?ekh%*W$v976tB^zpTtZ_eEJyVEI-h
zX|=g-Zcs9Hor7n#6#nS5eFcg?$MNGC#BqAnZK?B-zkim7CGx6*uRkI7psKz!6Ms$z
zuZOeyuyTvs=l?fkkOO=nLEQt)^zL~~7CcbtdzV;nu5$g0X-hKqIqA~N@WQcQ*T0>=
zWD8dHlz$!(_AIL3uEx%nSL3lVx_f;oy8=BxSxl;h*UWw$ooHTN%PvT&Z5i-kr*8KY
zI9ZCV4^2*PtV*|BhlGdp*UenJR{qJVN1#(~tvQ9^=;jyx-Js&%e<Kz%u9ZPi(X)qo
z7UZakhQlT8;oTLvV3&v<g86uKTaX!D+&$Q?7#z_O;L`4Jqc!!@bhX4)?dI9SrDOge
z$HCf9da%Qt#Z-z@-;>}voqP+L`GXzXDB?2e-`uHi!HTwX7cD=`Dkxmt2mWoIb+elA
z-27=_>zcb7nh>o4J!Aha)G4sTIszK`3j$o*+_`^nKQdHo9ulVLIVFd$P$z7aRy_j!
zv?KKRua!Sa<gO0Cxdv|$=HmACeby<q-a5Eji01*wMn<^Qx3<r(HV5q}LJNh>pS9^_
zXB50yF$r4dzjD7{N77=vK%^%1;<BZ)LU*?Bsh`H-&(7RxeO?3R*x24CzRPuf)^>;7
z>SO6#N~&|%{}dG+sokQb>lx@Wdo%W4Lq@;NqgTff^;r{9<<Z9$vxeM7tHvMSxXqkT
zJB-kMxCrAh+0DERx)tAn$^5;%`c0hU`uywU6!9M+3FGG~t|W6wIlb*aAQd;Xj(M$w
zwB-yP?OS*RtCjEEs5Nanjs2qIS|hbQ`dEiIR6j0whq~S9Ql0g3M8Wytc*o7x9C;~e
zsa__7<#D;2)UnVFk2i{!kRrBK<x9Tc#{=mQErg3(wN4*Ikmq>JK|zVCzZ6^Mg&m$o
zK18UfB{3@32QSQx*xDVGuLQ`w;d!azyYRAT?N<Kl302pNQR;J+Ovs>X6G*}0>B3dF
zFkyn(U-kD_Bi!BwX64$}Ee*VG2#U;&QM&iIDm{*ieb&p=#LDLr?^I;tY-`hhwoT=f
zukJ~Xw<{ZK;%|FU^7;I1{rGVzqS&3g8>-x@o5YNu5XbKVqud)=6KhZ(CD;s--vmEy
zm5{DQ)XqCFeH!F-?pXo4_d;puuZnWzYff+;wMp5k<;+4qZxh_TmE4J#q4cSg-GwVk
z5>OSenSc+U^<tCyxU(pdf;eqg7bR>RR(9Lv62V~GMfd7M#?67KPM*)(asS3jW!ziI
zNt2qu@6L_$17?kw@AEtVy<JW%^y5yo8M{6AJbbsRBBwXt+}K$dI^w6M?@MayYP@1k
zYV&>JwUs+tZaXGe=-%#Eh*P^=zU2d5;PajC+WER8<KKVo|NUq#ap^zXTbdR3jNpsf
zREZB=ILRI%HMP#GR_B__t<c7%FsSp`-*s?g*Y)7df8Xo!@5YEZo?dgrcvYmjd;=Z`
z0rgEk%xkp_K2KZ5h4F!}SX_pDv-Ibg$-uZh{!je7)s9`_m@mJw8lm$Mb$T$vCt@~F
z>(biy`M}8~zDw8-_nze;KKi`5=4NV5_WG48_cVOs)Ox1)V4D$g#<E5es-_|^_O3B7
zuKRZNvYBXktU~-s<7VAVdDXp<FFBv8eBb2AyRZdi4uz!@)`1E4R9<>cH6dGRZh9_#
zRrvel*?ZS%SDb2;w8DR8adB^F|F^?3uwUiQkvxdsLzI<>Sc39|L~6$YbhGtpp#vM%
z#KPxQ$AaE}PPfSJXD0){3_K_|v(d5H_!BVyd9Fi9;#tPC-eOKx9_6M|s|83{Oud?;
z6rn<V{+0H-)PKzj+U^Rp(dyeWceoViNA?8b{m=z``dWv@R6T+A5{E#)dZK$w++xfl
ztIKN<RdLsT<an-o>rqlxN0-ZI&T^tc7xyY*uG~!ax+jEp`(w?6YUS6It`ysG0x%BC
zA8RMFTJWDHuS_o)N@xXERl`?mzCJo6A>H7c6H%GRF$nXW3H1GwmXoDVw5`JfAMbXb
z`mo1$&k~(4mhAtD=^_$%E$gqucW+sVTSSP1lk<oIKFR1`(OzHWCQRwf_vPvfgM^b-
z7XV{#rR=^Aj`~w?f8Q}0E9i_NT*F_kdiPcNVb1o^F1z)=4>5D;hwpi2uEICTj~Twu
zUmB;68$R48RNtkP^-_-y_JwGYOXT<D-qyq#BhZ1uXUYuXatdSZ8&;W}IkdmETeG`=
z8`=@W96Gj3XGCCL%3$C%1UkN*AST*+n6Yb}KHULZ>)YDpGwM8Udy26KnB)D%5BiK=
z)nHg<U_eBgb_$C5ZH~FFa-g3<+Kwcsj9|~w_uJ!YU{_Ixek7n4U4;T7H5|~!;E)5L
z;1(9*R;<bHGQS27&V(&?z@idrFo#G=tT2%#$xCn0IiN*~k+Zi}2*G+=D=n!jwE1`2
z%#7DMba*?(uo)V;5`*b~$#mzOjq#gs0~(5LGN*azxtJ}sW@tF}5Q<`FD(<Ycw?XsB
zJ8+=Ug=yGq6C*&_-1Ezvp9HjCp6*H7mV8ceU&wWx8^U1lUp2Q@j(Tde=#d^??Xk1?
zSC~i|QxN>r6N0WLOlvS;&*oal08iM9-#<8+Kwf&;`?w>j-QwZo7Y4ncckIU+Ssg~J
z_(!XPcWyC1AIV(bKS!UCgB)v4FlEQh4nZrP;4S91Tq_iM5cit7J|RM{SmJ!O<w@<3
zIUeOhlJk$|VEyb&K4!%nb9d<I#z9S6$>Dx(?mz1snPX@k3^TXN3}!n2fbH)?b^kCw
zb28w?V-qM3#!>W*=XDX2gd@mpj&&?}_efEGSII2$n28&YJv#aV`#8reNH}E50}hO6
ddjE9<HIT4O_7f+VOt$}B<fLMi8?_Wp{2y%t5;Fh*

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/composer.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/composer.py
new file mode 100644
index 000000000..6d15cb40e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/composer.py
@@ -0,0 +1,139 @@
+
+__all__ = ['Composer', 'ComposerError']
+
+from .error import MarkedYAMLError
+from .events import *
+from .nodes import *
+
+class ComposerError(MarkedYAMLError):
+    pass
+
+class Composer:
+
+    def __init__(self):
+        self.anchors = {}
+
+    def check_node(self):
+        # Drop the STREAM-START event.
+        if self.check_event(StreamStartEvent):
+            self.get_event()
+
+        # If there are more documents available?
+        return not self.check_event(StreamEndEvent)
+
+    def get_node(self):
+        # Get the root node of the next document.
+        if not self.check_event(StreamEndEvent):
+            return self.compose_document()
+
+    def get_single_node(self):
+        # Drop the STREAM-START event.
+        self.get_event()
+
+        # Compose a document if the stream is not empty.
+        document = None
+        if not self.check_event(StreamEndEvent):
+            document = self.compose_document()
+
+        # Ensure that the stream contains no more documents.
+        if not self.check_event(StreamEndEvent):
+            event = self.get_event()
+            raise ComposerError("expected a single document in the stream",
+                    document.start_mark, "but found another document",
+                    event.start_mark)
+
+        # Drop the STREAM-END event.
+        self.get_event()
+
+        return document
+
+    def compose_document(self):
+        # Drop the DOCUMENT-START event.
+        self.get_event()
+
+        # Compose the root node.
+        node = self.compose_node(None, None)
+
+        # Drop the DOCUMENT-END event.
+        self.get_event()
+
+        self.anchors = {}
+        return node
+
+    def compose_node(self, parent, index):
+        if self.check_event(AliasEvent):
+            event = self.get_event()
+            anchor = event.anchor
+            if anchor not in self.anchors:
+                raise ComposerError(None, None, "found undefined alias %r"
+                        % anchor, event.start_mark)
+            return self.anchors[anchor]
+        event = self.peek_event()
+        anchor = event.anchor
+        if anchor is not None:
+            if anchor in self.anchors:
+                raise ComposerError("found duplicate anchor %r; first occurrence"
+                        % anchor, self.anchors[anchor].start_mark,
+                        "second occurrence", event.start_mark)
+        self.descend_resolver(parent, index)
+        if self.check_event(ScalarEvent):
+            node = self.compose_scalar_node(anchor)
+        elif self.check_event(SequenceStartEvent):
+            node = self.compose_sequence_node(anchor)
+        elif self.check_event(MappingStartEvent):
+            node = self.compose_mapping_node(anchor)
+        self.ascend_resolver()
+        return node
+
+    def compose_scalar_node(self, anchor):
+        event = self.get_event()
+        tag = event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(ScalarNode, event.value, event.implicit)
+        node = ScalarNode(tag, event.value,
+                event.start_mark, event.end_mark, style=event.style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        return node
+
+    def compose_sequence_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(SequenceNode, None, start_event.implicit)
+        node = SequenceNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        index = 0
+        while not self.check_event(SequenceEndEvent):
+            node.value.append(self.compose_node(node, index))
+            index += 1
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
+    def compose_mapping_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(MappingNode, None, start_event.implicit)
+        node = MappingNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        while not self.check_event(MappingEndEvent):
+            #key_event = self.peek_event()
+            item_key = self.compose_node(node, None)
+            #if item_key in node.value:
+            #    raise ComposerError("while composing a mapping", start_event.start_mark,
+            #            "found duplicate key", key_event.start_mark)
+            item_value = self.compose_node(node, item_key)
+            #node.value[item_key] = item_value
+            node.value.append((item_key, item_value))
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/constructor.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/constructor.py
new file mode 100644
index 000000000..619acd307
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/constructor.py
@@ -0,0 +1,748 @@
+
+__all__ = [
+    'BaseConstructor',
+    'SafeConstructor',
+    'FullConstructor',
+    'UnsafeConstructor',
+    'Constructor',
+    'ConstructorError'
+]
+
+from .error import *
+from .nodes import *
+
+import collections.abc, datetime, base64, binascii, re, sys, types
+
+class ConstructorError(MarkedYAMLError):
+    pass
+
+class BaseConstructor:
+
+    yaml_constructors = {}
+    yaml_multi_constructors = {}
+
+    def __init__(self):
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.state_generators = []
+        self.deep_construct = False
+
+    def check_data(self):
+        # If there are more documents available?
+        return self.check_node()
+
+    def check_state_key(self, key):
+        """Block special attributes/methods from being set in a newly created
+        object, to prevent user-controlled methods from being called during
+        deserialization"""
+        if self.get_state_keys_blacklist_regexp().match(key):
+            raise ConstructorError(None, None,
+                "blacklisted key '%s' in instance state found" % (key,), None)
+
+    def get_data(self):
+        # Construct and return the next document.
+        if self.check_node():
+            return self.construct_document(self.get_node())
+
+    def get_single_data(self):
+        # Ensure that the stream contains a single document and construct it.
+        node = self.get_single_node()
+        if node is not None:
+            return self.construct_document(node)
+        return None
+
+    def construct_document(self, node):
+        data = self.construct_object(node)
+        while self.state_generators:
+            state_generators = self.state_generators
+            self.state_generators = []
+            for generator in state_generators:
+                for dummy in generator:
+                    pass
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.deep_construct = False
+        return data
+
+    def construct_object(self, node, deep=False):
+        if node in self.constructed_objects:
+            return self.constructed_objects[node]
+        if deep:
+            old_deep = self.deep_construct
+            self.deep_construct = True
+        if node in self.recursive_objects:
+            raise ConstructorError(None, None,
+                    "found unconstructable recursive node", node.start_mark)
+        self.recursive_objects[node] = None
+        constructor = None
+        tag_suffix = None
+        if node.tag in self.yaml_constructors:
+            constructor = self.yaml_constructors[node.tag]
+        else:
+            for tag_prefix in self.yaml_multi_constructors:
+                if tag_prefix is not None and node.tag.startswith(tag_prefix):
+                    tag_suffix = node.tag[len(tag_prefix):]
+                    constructor = self.yaml_multi_constructors[tag_prefix]
+                    break
+            else:
+                if None in self.yaml_multi_constructors:
+                    tag_suffix = node.tag
+                    constructor = self.yaml_multi_constructors[None]
+                elif None in self.yaml_constructors:
+                    constructor = self.yaml_constructors[None]
+                elif isinstance(node, ScalarNode):
+                    constructor = self.__class__.construct_scalar
+                elif isinstance(node, SequenceNode):
+                    constructor = self.__class__.construct_sequence
+                elif isinstance(node, MappingNode):
+                    constructor = self.__class__.construct_mapping
+        if tag_suffix is None:
+            data = constructor(self, node)
+        else:
+            data = constructor(self, tag_suffix, node)
+        if isinstance(data, types.GeneratorType):
+            generator = data
+            data = next(generator)
+            if self.deep_construct:
+                for dummy in generator:
+                    pass
+            else:
+                self.state_generators.append(generator)
+        self.constructed_objects[node] = data
+        del self.recursive_objects[node]
+        if deep:
+            self.deep_construct = old_deep
+        return data
+
+    def construct_scalar(self, node):
+        if not isinstance(node, ScalarNode):
+            raise ConstructorError(None, None,
+                    "expected a scalar node, but found %s" % node.id,
+                    node.start_mark)
+        return node.value
+
+    def construct_sequence(self, node, deep=False):
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError(None, None,
+                    "expected a sequence node, but found %s" % node.id,
+                    node.start_mark)
+        return [self.construct_object(child, deep=deep)
+                for child in node.value]
+
+    def construct_mapping(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        mapping = {}
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            if not isinstance(key, collections.abc.Hashable):
+                raise ConstructorError("while constructing a mapping", node.start_mark,
+                        "found unhashable key", key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
+    def construct_pairs(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        pairs = []
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            value = self.construct_object(value_node, deep=deep)
+            pairs.append((key, value))
+        return pairs
+
+    @classmethod
+    def add_constructor(cls, tag, constructor):
+        if not 'yaml_constructors' in cls.__dict__:
+            cls.yaml_constructors = cls.yaml_constructors.copy()
+        cls.yaml_constructors[tag] = constructor
+
+    @classmethod
+    def add_multi_constructor(cls, tag_prefix, multi_constructor):
+        if not 'yaml_multi_constructors' in cls.__dict__:
+            cls.yaml_multi_constructors = cls.yaml_multi_constructors.copy()
+        cls.yaml_multi_constructors[tag_prefix] = multi_constructor
+
+class SafeConstructor(BaseConstructor):
+
+    def construct_scalar(self, node):
+        if isinstance(node, MappingNode):
+            for key_node, value_node in node.value:
+                if key_node.tag == 'tag:yaml.org,2002:value':
+                    return self.construct_scalar(value_node)
+        return super().construct_scalar(node)
+
+    def flatten_mapping(self, node):
+        merge = []
+        index = 0
+        while index < len(node.value):
+            key_node, value_node = node.value[index]
+            if key_node.tag == 'tag:yaml.org,2002:merge':
+                del node.value[index]
+                if isinstance(value_node, MappingNode):
+                    self.flatten_mapping(value_node)
+                    merge.extend(value_node.value)
+                elif isinstance(value_node, SequenceNode):
+                    submerge = []
+                    for subnode in value_node.value:
+                        if not isinstance(subnode, MappingNode):
+                            raise ConstructorError("while constructing a mapping",
+                                    node.start_mark,
+                                    "expected a mapping for merging, but found %s"
+                                    % subnode.id, subnode.start_mark)
+                        self.flatten_mapping(subnode)
+                        submerge.append(subnode.value)
+                    submerge.reverse()
+                    for value in submerge:
+                        merge.extend(value)
+                else:
+                    raise ConstructorError("while constructing a mapping", node.start_mark,
+                            "expected a mapping or list of mappings for merging, but found %s"
+                            % value_node.id, value_node.start_mark)
+            elif key_node.tag == 'tag:yaml.org,2002:value':
+                key_node.tag = 'tag:yaml.org,2002:str'
+                index += 1
+            else:
+                index += 1
+        if merge:
+            node.value = merge + node.value
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, MappingNode):
+            self.flatten_mapping(node)
+        return super().construct_mapping(node, deep=deep)
+
+    def construct_yaml_null(self, node):
+        self.construct_scalar(node)
+        return None
+
+    bool_values = {
+        'yes':      True,
+        'no':       False,
+        'true':     True,
+        'false':    False,
+        'on':       True,
+        'off':      False,
+    }
+
+    def construct_yaml_bool(self, node):
+        value = self.construct_scalar(node)
+        return self.bool_values[value.lower()]
+
+    def construct_yaml_int(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '')
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '0':
+            return 0
+        elif value.startswith('0b'):
+            return sign*int(value[2:], 2)
+        elif value.startswith('0x'):
+            return sign*int(value[2:], 16)
+        elif value[0] == '0':
+            return sign*int(value, 8)
+        elif ':' in value:
+            digits = [int(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*int(value)
+
+    inf_value = 1e300
+    while inf_value != inf_value*inf_value:
+        inf_value *= inf_value
+    nan_value = -inf_value/inf_value   # Trying to make a quiet NaN (like C99).
+
+    def construct_yaml_float(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '').lower()
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '.inf':
+            return sign*self.inf_value
+        elif value == '.nan':
+            return self.nan_value
+        elif ':' in value:
+            digits = [float(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0.0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*float(value)
+
+    def construct_yaml_binary(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    timestamp_regexp = re.compile(
+            r'''^(?P<year>[0-9][0-9][0-9][0-9])
+                -(?P<month>[0-9][0-9]?)
+                -(?P<day>[0-9][0-9]?)
+                (?:(?:[Tt]|[ \t]+)
+                (?P<hour>[0-9][0-9]?)
+                :(?P<minute>[0-9][0-9])
+                :(?P<second>[0-9][0-9])
+                (?:\.(?P<fraction>[0-9]*))?
+                (?:[ \t]*(?P<tz>Z|(?P<tz_sign>[-+])(?P<tz_hour>[0-9][0-9]?)
+                (?::(?P<tz_minute>[0-9][0-9]))?))?)?$''', re.X)
+
+    def construct_yaml_timestamp(self, node):
+        value = self.construct_scalar(node)
+        match = self.timestamp_regexp.match(node.value)
+        values = match.groupdict()
+        year = int(values['year'])
+        month = int(values['month'])
+        day = int(values['day'])
+        if not values['hour']:
+            return datetime.date(year, month, day)
+        hour = int(values['hour'])
+        minute = int(values['minute'])
+        second = int(values['second'])
+        fraction = 0
+        tzinfo = None
+        if values['fraction']:
+            fraction = values['fraction'][:6]
+            while len(fraction) < 6:
+                fraction += '0'
+            fraction = int(fraction)
+        if values['tz_sign']:
+            tz_hour = int(values['tz_hour'])
+            tz_minute = int(values['tz_minute'] or 0)
+            delta = datetime.timedelta(hours=tz_hour, minutes=tz_minute)
+            if values['tz_sign'] == '-':
+                delta = -delta
+            tzinfo = datetime.timezone(delta)
+        elif values['tz']:
+            tzinfo = datetime.timezone.utc
+        return datetime.datetime(year, month, day, hour, minute, second, fraction,
+                                 tzinfo=tzinfo)
+
+    def construct_yaml_omap(self, node):
+        # Note: we do not check for duplicate keys, because it's too
+        # CPU-expensive.
+        omap = []
+        yield omap
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing an ordered map", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            omap.append((key, value))
+
+    def construct_yaml_pairs(self, node):
+        # Note: the same code as `construct_yaml_omap`.
+        pairs = []
+        yield pairs
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing pairs", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            pairs.append((key, value))
+
+    def construct_yaml_set(self, node):
+        data = set()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_yaml_seq(self, node):
+        data = []
+        yield data
+        data.extend(self.construct_sequence(node))
+
+    def construct_yaml_map(self, node):
+        data = {}
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_object(self, node, cls):
+        data = cls.__new__(cls)
+        yield data
+        if hasattr(data, '__setstate__'):
+            state = self.construct_mapping(node, deep=True)
+            data.__setstate__(state)
+        else:
+            state = self.construct_mapping(node)
+            data.__dict__.update(state)
+
+    def construct_undefined(self, node):
+        raise ConstructorError(None, None,
+                "could not determine a constructor for the tag %r" % node.tag,
+                node.start_mark)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:null',
+        SafeConstructor.construct_yaml_null)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:bool',
+        SafeConstructor.construct_yaml_bool)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:int',
+        SafeConstructor.construct_yaml_int)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:float',
+        SafeConstructor.construct_yaml_float)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:binary',
+        SafeConstructor.construct_yaml_binary)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:timestamp',
+        SafeConstructor.construct_yaml_timestamp)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:omap',
+        SafeConstructor.construct_yaml_omap)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:pairs',
+        SafeConstructor.construct_yaml_pairs)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:set',
+        SafeConstructor.construct_yaml_set)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:str',
+        SafeConstructor.construct_yaml_str)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:seq',
+        SafeConstructor.construct_yaml_seq)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:map',
+        SafeConstructor.construct_yaml_map)
+
+SafeConstructor.add_constructor(None,
+        SafeConstructor.construct_undefined)
+
+class FullConstructor(SafeConstructor):
+    # 'extend' is blacklisted because it is used by
+    # construct_python_object_apply to add `listitems` to a newly generate
+    # python instance
+    def get_state_keys_blacklist(self):
+        return ['^extend$', '^__.*__$']
+
+    def get_state_keys_blacklist_regexp(self):
+        if not hasattr(self, 'state_keys_blacklist_regexp'):
+            self.state_keys_blacklist_regexp = re.compile('(' + '|'.join(self.get_state_keys_blacklist()) + ')')
+        return self.state_keys_blacklist_regexp
+
+    def construct_python_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_unicode(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_bytes(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    def construct_python_long(self, node):
+        return self.construct_yaml_int(node)
+
+    def construct_python_complex(self, node):
+       return complex(self.construct_scalar(node))
+
+    def construct_python_tuple(self, node):
+        return tuple(self.construct_sequence(node))
+
+    def find_python_module(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if unsafe:
+            try:
+                __import__(name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python module", mark,
+                        "cannot find module %r (%s)" % (name, exc), mark)
+        if name not in sys.modules:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "module %r is not imported" % name, mark)
+        return sys.modules[name]
+
+    def find_python_name(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if '.' in name:
+            module_name, object_name = name.rsplit('.', 1)
+        else:
+            module_name = 'builtins'
+            object_name = name
+        if unsafe:
+            try:
+                __import__(module_name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python object", mark,
+                        "cannot find module %r (%s)" % (module_name, exc), mark)
+        if module_name not in sys.modules:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "module %r is not imported" % module_name, mark)
+        module = sys.modules[module_name]
+        if not hasattr(module, object_name):
+            raise ConstructorError("while constructing a Python object", mark,
+                    "cannot find %r in the module %r"
+                    % (object_name, module.__name__), mark)
+        return getattr(module, object_name)
+
+    def construct_python_name(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python name", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_name(suffix, node.start_mark)
+
+    def construct_python_module(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python module", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_module(suffix, node.start_mark)
+
+    def make_python_instance(self, suffix, node,
+            args=None, kwds=None, newobj=False, unsafe=False):
+        if not args:
+            args = []
+        if not kwds:
+            kwds = {}
+        cls = self.find_python_name(suffix, node.start_mark)
+        if not (unsafe or isinstance(cls, type)):
+            raise ConstructorError("while constructing a Python instance", node.start_mark,
+                    "expected a class, but found %r" % type(cls),
+                    node.start_mark)
+        if newobj and isinstance(cls, type):
+            return cls.__new__(cls, *args, **kwds)
+        else:
+            return cls(*args, **kwds)
+
+    def set_python_instance_state(self, instance, state, unsafe=False):
+        if hasattr(instance, '__setstate__'):
+            instance.__setstate__(state)
+        else:
+            slotstate = {}
+            if isinstance(state, tuple) and len(state) == 2:
+                state, slotstate = state
+            if hasattr(instance, '__dict__'):
+                if not unsafe and state:
+                    for key in state.keys():
+                        self.check_state_key(key)
+                instance.__dict__.update(state)
+            elif state:
+                slotstate.update(state)
+            for key, value in slotstate.items():
+                if not unsafe:
+                    self.check_state_key(key)
+                setattr(instance, key, value)
+
+    def construct_python_object(self, suffix, node):
+        # Format:
+        #   !!python/object:module.name { ... state ... }
+        instance = self.make_python_instance(suffix, node, newobj=True)
+        yield instance
+        deep = hasattr(instance, '__setstate__')
+        state = self.construct_mapping(node, deep=deep)
+        self.set_python_instance_state(instance, state)
+
+    def construct_python_object_apply(self, suffix, node, newobj=False):
+        # Format:
+        #   !!python/object/apply       # (or !!python/object/new)
+        #   args: [ ... arguments ... ]
+        #   kwds: { ... keywords ... }
+        #   state: ... state ...
+        #   listitems: [ ... listitems ... ]
+        #   dictitems: { ... dictitems ... }
+        # or short format:
+        #   !!python/object/apply [ ... arguments ... ]
+        # The difference between !!python/object/apply and !!python/object/new
+        # is how an object is created, check make_python_instance for details.
+        if isinstance(node, SequenceNode):
+            args = self.construct_sequence(node, deep=True)
+            kwds = {}
+            state = {}
+            listitems = []
+            dictitems = {}
+        else:
+            value = self.construct_mapping(node, deep=True)
+            args = value.get('args', [])
+            kwds = value.get('kwds', {})
+            state = value.get('state', {})
+            listitems = value.get('listitems', [])
+            dictitems = value.get('dictitems', {})
+        instance = self.make_python_instance(suffix, node, args, kwds, newobj)
+        if state:
+            self.set_python_instance_state(instance, state)
+        if listitems:
+            instance.extend(listitems)
+        if dictitems:
+            for key in dictitems:
+                instance[key] = dictitems[key]
+        return instance
+
+    def construct_python_object_new(self, suffix, node):
+        return self.construct_python_object_apply(suffix, node, newobj=True)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/none',
+    FullConstructor.construct_yaml_null)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bool',
+    FullConstructor.construct_yaml_bool)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/str',
+    FullConstructor.construct_python_str)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/unicode',
+    FullConstructor.construct_python_unicode)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bytes',
+    FullConstructor.construct_python_bytes)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/int',
+    FullConstructor.construct_yaml_int)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/long',
+    FullConstructor.construct_python_long)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/float',
+    FullConstructor.construct_yaml_float)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/complex',
+    FullConstructor.construct_python_complex)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/list',
+    FullConstructor.construct_yaml_seq)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/tuple',
+    FullConstructor.construct_python_tuple)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/dict',
+    FullConstructor.construct_yaml_map)
+
+FullConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/name:',
+    FullConstructor.construct_python_name)
+
+class UnsafeConstructor(FullConstructor):
+
+    def find_python_module(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_module(name, mark, unsafe=True)
+
+    def find_python_name(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_name(name, mark, unsafe=True)
+
+    def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False):
+        return super(UnsafeConstructor, self).make_python_instance(
+            suffix, node, args, kwds, newobj, unsafe=True)
+
+    def set_python_instance_state(self, instance, state):
+        return super(UnsafeConstructor, self).set_python_instance_state(
+            instance, state, unsafe=True)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/module:',
+    UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object:',
+    UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/new:',
+    UnsafeConstructor.construct_python_object_new)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/apply:',
+    UnsafeConstructor.construct_python_object_apply)
+
+# Constructor is same as UnsafeConstructor. Need to leave this in place in case
+# people have extended it directly.
+class Constructor(UnsafeConstructor):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/cyaml.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/cyaml.py
new file mode 100644
index 000000000..0c2134587
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/cyaml.py
@@ -0,0 +1,101 @@
+
+__all__ = [
+    'CBaseLoader', 'CSafeLoader', 'CFullLoader', 'CUnsafeLoader', 'CLoader',
+    'CBaseDumper', 'CSafeDumper', 'CDumper'
+]
+
+from yaml._yaml import CParser, CEmitter
+
+from .constructor import *
+
+from .serializer import *
+from .representer import *
+
+from .resolver import *
+
+class CBaseLoader(CParser, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class CSafeLoader(CParser, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CFullLoader(CParser, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CUnsafeLoader(CParser, UnsafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        UnsafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CLoader(CParser, Constructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CDumper(CEmitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/dumper.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/dumper.py
new file mode 100644
index 000000000..6aadba551
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/dumper.py
@@ -0,0 +1,62 @@
+
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+
+from .emitter import *
+from .serializer import *
+from .representer import *
+from .resolver import *
+
+class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class Dumper(Emitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/emitter.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/emitter.py
new file mode 100644
index 000000000..a664d0111
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/emitter.py
@@ -0,0 +1,1137 @@
+
+# Emitter expects events obeying the following grammar:
+# stream ::= STREAM-START document* STREAM-END
+# document ::= DOCUMENT-START node DOCUMENT-END
+# node ::= SCALAR | sequence | mapping
+# sequence ::= SEQUENCE-START node* SEQUENCE-END
+# mapping ::= MAPPING-START (node node)* MAPPING-END
+
+__all__ = ['Emitter', 'EmitterError']
+
+from .error import YAMLError
+from .events import *
+
+class EmitterError(YAMLError):
+    pass
+
+class ScalarAnalysis:
+    def __init__(self, scalar, empty, multiline,
+            allow_flow_plain, allow_block_plain,
+            allow_single_quoted, allow_double_quoted,
+            allow_block):
+        self.scalar = scalar
+        self.empty = empty
+        self.multiline = multiline
+        self.allow_flow_plain = allow_flow_plain
+        self.allow_block_plain = allow_block_plain
+        self.allow_single_quoted = allow_single_quoted
+        self.allow_double_quoted = allow_double_quoted
+        self.allow_block = allow_block
+
+class Emitter:
+
+    DEFAULT_TAG_PREFIXES = {
+        '!' : '!',
+        'tag:yaml.org,2002:' : '!!',
+    }
+
+    def __init__(self, stream, canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None):
+
+        # The stream should have the methods `write` and possibly `flush`.
+        self.stream = stream
+
+        # Encoding can be overridden by STREAM-START.
+        self.encoding = None
+
+        # Emitter is a state machine with a stack of states to handle nested
+        # structures.
+        self.states = []
+        self.state = self.expect_stream_start
+
+        # Current event and the event queue.
+        self.events = []
+        self.event = None
+
+        # The current indentation level and the stack of previous indents.
+        self.indents = []
+        self.indent = None
+
+        # Flow level.
+        self.flow_level = 0
+
+        # Contexts.
+        self.root_context = False
+        self.sequence_context = False
+        self.mapping_context = False
+        self.simple_key_context = False
+
+        # Characteristics of the last emitted character:
+        #  - current position.
+        #  - is it a whitespace?
+        #  - is it an indention character
+        #    (indentation space, '-', '?', or ':')?
+        self.line = 0
+        self.column = 0
+        self.whitespace = True
+        self.indention = True
+
+        # Whether the document requires an explicit document indicator
+        self.open_ended = False
+
+        # Formatting details.
+        self.canonical = canonical
+        self.allow_unicode = allow_unicode
+        self.best_indent = 2
+        if indent and 1 < indent < 10:
+            self.best_indent = indent
+        self.best_width = 80
+        if width and width > self.best_indent*2:
+            self.best_width = width
+        self.best_line_break = '\n'
+        if line_break in ['\r', '\n', '\r\n']:
+            self.best_line_break = line_break
+
+        # Tag prefixes.
+        self.tag_prefixes = None
+
+        # Prepared anchor and tag.
+        self.prepared_anchor = None
+        self.prepared_tag = None
+
+        # Scalar analysis and style.
+        self.analysis = None
+        self.style = None
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def emit(self, event):
+        self.events.append(event)
+        while not self.need_more_events():
+            self.event = self.events.pop(0)
+            self.state()
+            self.event = None
+
+    # In some cases, we wait for a few next events before emitting.
+
+    def need_more_events(self):
+        if not self.events:
+            return True
+        event = self.events[0]
+        if isinstance(event, DocumentStartEvent):
+            return self.need_events(1)
+        elif isinstance(event, SequenceStartEvent):
+            return self.need_events(2)
+        elif isinstance(event, MappingStartEvent):
+            return self.need_events(3)
+        else:
+            return False
+
+    def need_events(self, count):
+        level = 0
+        for event in self.events[1:]:
+            if isinstance(event, (DocumentStartEvent, CollectionStartEvent)):
+                level += 1
+            elif isinstance(event, (DocumentEndEvent, CollectionEndEvent)):
+                level -= 1
+            elif isinstance(event, StreamEndEvent):
+                level = -1
+            if level < 0:
+                return False
+        return (len(self.events) < count+1)
+
+    def increase_indent(self, flow=False, indentless=False):
+        self.indents.append(self.indent)
+        if self.indent is None:
+            if flow:
+                self.indent = self.best_indent
+            else:
+                self.indent = 0
+        elif not indentless:
+            self.indent += self.best_indent
+
+    # States.
+
+    # Stream handlers.
+
+    def expect_stream_start(self):
+        if isinstance(self.event, StreamStartEvent):
+            if self.event.encoding and not hasattr(self.stream, 'encoding'):
+                self.encoding = self.event.encoding
+            self.write_stream_start()
+            self.state = self.expect_first_document_start
+        else:
+            raise EmitterError("expected StreamStartEvent, but got %s"
+                    % self.event)
+
+    def expect_nothing(self):
+        raise EmitterError("expected nothing, but got %s" % self.event)
+
+    # Document handlers.
+
+    def expect_first_document_start(self):
+        return self.expect_document_start(first=True)
+
+    def expect_document_start(self, first=False):
+        if isinstance(self.event, DocumentStartEvent):
+            if (self.event.version or self.event.tags) and self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            if self.event.version:
+                version_text = self.prepare_version(self.event.version)
+                self.write_version_directive(version_text)
+            self.tag_prefixes = self.DEFAULT_TAG_PREFIXES.copy()
+            if self.event.tags:
+                handles = sorted(self.event.tags.keys())
+                for handle in handles:
+                    prefix = self.event.tags[handle]
+                    self.tag_prefixes[prefix] = handle
+                    handle_text = self.prepare_tag_handle(handle)
+                    prefix_text = self.prepare_tag_prefix(prefix)
+                    self.write_tag_directive(handle_text, prefix_text)
+            implicit = (first and not self.event.explicit and not self.canonical
+                    and not self.event.version and not self.event.tags
+                    and not self.check_empty_document())
+            if not implicit:
+                self.write_indent()
+                self.write_indicator('---', True)
+                if self.canonical:
+                    self.write_indent()
+            self.state = self.expect_document_root
+        elif isinstance(self.event, StreamEndEvent):
+            if self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.write_stream_end()
+            self.state = self.expect_nothing
+        else:
+            raise EmitterError("expected DocumentStartEvent, but got %s"
+                    % self.event)
+
+    def expect_document_end(self):
+        if isinstance(self.event, DocumentEndEvent):
+            self.write_indent()
+            if self.event.explicit:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.flush_stream()
+            self.state = self.expect_document_start
+        else:
+            raise EmitterError("expected DocumentEndEvent, but got %s"
+                    % self.event)
+
+    def expect_document_root(self):
+        self.states.append(self.expect_document_end)
+        self.expect_node(root=True)
+
+    # Node handlers.
+
+    def expect_node(self, root=False, sequence=False, mapping=False,
+            simple_key=False):
+        self.root_context = root
+        self.sequence_context = sequence
+        self.mapping_context = mapping
+        self.simple_key_context = simple_key
+        if isinstance(self.event, AliasEvent):
+            self.expect_alias()
+        elif isinstance(self.event, (ScalarEvent, CollectionStartEvent)):
+            self.process_anchor('&')
+            self.process_tag()
+            if isinstance(self.event, ScalarEvent):
+                self.expect_scalar()
+            elif isinstance(self.event, SequenceStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_sequence():
+                    self.expect_flow_sequence()
+                else:
+                    self.expect_block_sequence()
+            elif isinstance(self.event, MappingStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_mapping():
+                    self.expect_flow_mapping()
+                else:
+                    self.expect_block_mapping()
+        else:
+            raise EmitterError("expected NodeEvent, but got %s" % self.event)
+
+    def expect_alias(self):
+        if self.event.anchor is None:
+            raise EmitterError("anchor is not specified for alias")
+        self.process_anchor('*')
+        self.state = self.states.pop()
+
+    def expect_scalar(self):
+        self.increase_indent(flow=True)
+        self.process_scalar()
+        self.indent = self.indents.pop()
+        self.state = self.states.pop()
+
+    # Flow sequence handlers.
+
+    def expect_flow_sequence(self):
+        self.write_indicator('[', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_sequence_item
+
+    def expect_first_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    def expect_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Flow mapping handlers.
+
+    def expect_flow_mapping(self):
+        self.write_indicator('{', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_mapping_key
+
+    def expect_first_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_flow_mapping_value(self):
+        if self.canonical or self.column > self.best_width:
+            self.write_indent()
+        self.write_indicator(':', True)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Block sequence handlers.
+
+    def expect_block_sequence(self):
+        indentless = (self.mapping_context and not self.indention)
+        self.increase_indent(flow=False, indentless=indentless)
+        self.state = self.expect_first_block_sequence_item
+
+    def expect_first_block_sequence_item(self):
+        return self.expect_block_sequence_item(first=True)
+
+    def expect_block_sequence_item(self, first=False):
+        if not first and isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            self.write_indicator('-', True, indention=True)
+            self.states.append(self.expect_block_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Block mapping handlers.
+
+    def expect_block_mapping(self):
+        self.increase_indent(flow=False)
+        self.state = self.expect_first_block_mapping_key
+
+    def expect_first_block_mapping_key(self):
+        return self.expect_block_mapping_key(first=True)
+
+    def expect_block_mapping_key(self, first=False):
+        if not first and isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            if self.check_simple_key():
+                self.states.append(self.expect_block_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True, indention=True)
+                self.states.append(self.expect_block_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_block_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_block_mapping_value(self):
+        self.write_indent()
+        self.write_indicator(':', True, indention=True)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Checkers.
+
+    def check_empty_sequence(self):
+        return (isinstance(self.event, SequenceStartEvent) and self.events
+                and isinstance(self.events[0], SequenceEndEvent))
+
+    def check_empty_mapping(self):
+        return (isinstance(self.event, MappingStartEvent) and self.events
+                and isinstance(self.events[0], MappingEndEvent))
+
+    def check_empty_document(self):
+        if not isinstance(self.event, DocumentStartEvent) or not self.events:
+            return False
+        event = self.events[0]
+        return (isinstance(event, ScalarEvent) and event.anchor is None
+                and event.tag is None and event.implicit and event.value == '')
+
+    def check_simple_key(self):
+        length = 0
+        if isinstance(self.event, NodeEvent) and self.event.anchor is not None:
+            if self.prepared_anchor is None:
+                self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+            length += len(self.prepared_anchor)
+        if isinstance(self.event, (ScalarEvent, CollectionStartEvent))  \
+                and self.event.tag is not None:
+            if self.prepared_tag is None:
+                self.prepared_tag = self.prepare_tag(self.event.tag)
+            length += len(self.prepared_tag)
+        if isinstance(self.event, ScalarEvent):
+            if self.analysis is None:
+                self.analysis = self.analyze_scalar(self.event.value)
+            length += len(self.analysis.scalar)
+        return (length < 128 and (isinstance(self.event, AliasEvent)
+            or (isinstance(self.event, ScalarEvent)
+                    and not self.analysis.empty and not self.analysis.multiline)
+            or self.check_empty_sequence() or self.check_empty_mapping()))
+
+    # Anchor, Tag, and Scalar processors.
+
+    def process_anchor(self, indicator):
+        if self.event.anchor is None:
+            self.prepared_anchor = None
+            return
+        if self.prepared_anchor is None:
+            self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+        if self.prepared_anchor:
+            self.write_indicator(indicator+self.prepared_anchor, True)
+        self.prepared_anchor = None
+
+    def process_tag(self):
+        tag = self.event.tag
+        if isinstance(self.event, ScalarEvent):
+            if self.style is None:
+                self.style = self.choose_scalar_style()
+            if ((not self.canonical or tag is None) and
+                ((self.style == '' and self.event.implicit[0])
+                        or (self.style != '' and self.event.implicit[1]))):
+                self.prepared_tag = None
+                return
+            if self.event.implicit[0] and tag is None:
+                tag = '!'
+                self.prepared_tag = None
+        else:
+            if (not self.canonical or tag is None) and self.event.implicit:
+                self.prepared_tag = None
+                return
+        if tag is None:
+            raise EmitterError("tag is not specified")
+        if self.prepared_tag is None:
+            self.prepared_tag = self.prepare_tag(tag)
+        if self.prepared_tag:
+            self.write_indicator(self.prepared_tag, True)
+        self.prepared_tag = None
+
+    def choose_scalar_style(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.event.style == '"' or self.canonical:
+            return '"'
+        if not self.event.style and self.event.implicit[0]:
+            if (not (self.simple_key_context and
+                    (self.analysis.empty or self.analysis.multiline))
+                and (self.flow_level and self.analysis.allow_flow_plain
+                    or (not self.flow_level and self.analysis.allow_block_plain))):
+                return ''
+        if self.event.style and self.event.style in '|>':
+            if (not self.flow_level and not self.simple_key_context
+                    and self.analysis.allow_block):
+                return self.event.style
+        if not self.event.style or self.event.style == '\'':
+            if (self.analysis.allow_single_quoted and
+                    not (self.simple_key_context and self.analysis.multiline)):
+                return '\''
+        return '"'
+
+    def process_scalar(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.style is None:
+            self.style = self.choose_scalar_style()
+        split = (not self.simple_key_context)
+        #if self.analysis.multiline and split    \
+        #        and (not self.style or self.style in '\'\"'):
+        #    self.write_indent()
+        if self.style == '"':
+            self.write_double_quoted(self.analysis.scalar, split)
+        elif self.style == '\'':
+            self.write_single_quoted(self.analysis.scalar, split)
+        elif self.style == '>':
+            self.write_folded(self.analysis.scalar)
+        elif self.style == '|':
+            self.write_literal(self.analysis.scalar)
+        else:
+            self.write_plain(self.analysis.scalar, split)
+        self.analysis = None
+        self.style = None
+
+    # Analyzers.
+
+    def prepare_version(self, version):
+        major, minor = version
+        if major != 1:
+            raise EmitterError("unsupported YAML version: %d.%d" % (major, minor))
+        return '%d.%d' % (major, minor)
+
+    def prepare_tag_handle(self, handle):
+        if not handle:
+            raise EmitterError("tag handle must not be empty")
+        if handle[0] != '!' or handle[-1] != '!':
+            raise EmitterError("tag handle must start and end with '!': %r" % handle)
+        for ch in handle[1:-1]:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the tag handle: %r"
+                        % (ch, handle))
+        return handle
+
+    def prepare_tag_prefix(self, prefix):
+        if not prefix:
+            raise EmitterError("tag prefix must not be empty")
+        chunks = []
+        start = end = 0
+        if prefix[0] == '!':
+            end = 1
+        while end < len(prefix):
+            ch = prefix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?!:@&=+$,_.~*\'()[]':
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(prefix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ord(ch))
+        if start < end:
+            chunks.append(prefix[start:end])
+        return ''.join(chunks)
+
+    def prepare_tag(self, tag):
+        if not tag:
+            raise EmitterError("tag must not be empty")
+        if tag == '!':
+            return tag
+        handle = None
+        suffix = tag
+        prefixes = sorted(self.tag_prefixes.keys())
+        for prefix in prefixes:
+            if tag.startswith(prefix)   \
+                    and (prefix == '!' or len(prefix) < len(tag)):
+                handle = self.tag_prefixes[prefix]
+                suffix = tag[len(prefix):]
+        chunks = []
+        start = end = 0
+        while end < len(suffix):
+            ch = suffix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?:@&=+$,_.~*\'()[]'   \
+                    or (ch == '!' and handle != '!'):
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(suffix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ch)
+        if start < end:
+            chunks.append(suffix[start:end])
+        suffix_text = ''.join(chunks)
+        if handle:
+            return '%s%s' % (handle, suffix_text)
+        else:
+            return '!<%s>' % suffix_text
+
+    def prepare_anchor(self, anchor):
+        if not anchor:
+            raise EmitterError("anchor must not be empty")
+        for ch in anchor:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the anchor: %r"
+                        % (ch, anchor))
+        return anchor
+
+    def analyze_scalar(self, scalar):
+
+        # Empty scalar is a special case.
+        if not scalar:
+            return ScalarAnalysis(scalar=scalar, empty=True, multiline=False,
+                    allow_flow_plain=False, allow_block_plain=True,
+                    allow_single_quoted=True, allow_double_quoted=True,
+                    allow_block=False)
+
+        # Indicators and special characters.
+        block_indicators = False
+        flow_indicators = False
+        line_breaks = False
+        special_characters = False
+
+        # Important whitespace combinations.
+        leading_space = False
+        leading_break = False
+        trailing_space = False
+        trailing_break = False
+        break_space = False
+        space_break = False
+
+        # Check document indicators.
+        if scalar.startswith('---') or scalar.startswith('...'):
+            block_indicators = True
+            flow_indicators = True
+
+        # First character or preceded by a whitespace.
+        preceded_by_whitespace = True
+
+        # Last character or followed by a whitespace.
+        followed_by_whitespace = (len(scalar) == 1 or
+                scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # The previous character is a space.
+        previous_space = False
+
+        # The previous character is a break.
+        previous_break = False
+
+        index = 0
+        while index < len(scalar):
+            ch = scalar[index]
+
+            # Check for indicators.
+            if index == 0:
+                # Leading indicators are special characters.
+                if ch in '#,[]{}&*!|>\'\"%@`':
+                    flow_indicators = True
+                    block_indicators = True
+                if ch in '?:':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '-' and followed_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+            else:
+                # Some indicators cannot appear within a scalar as well.
+                if ch in ',?[]{}':
+                    flow_indicators = True
+                if ch == ':':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '#' and preceded_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+
+            # Check for line breaks, special, and unicode characters.
+            if ch in '\n\x85\u2028\u2029':
+                line_breaks = True
+            if not (ch == '\n' or '\x20' <= ch <= '\x7E'):
+                if (ch == '\x85' or '\xA0' <= ch <= '\uD7FF'
+                        or '\uE000' <= ch <= '\uFFFD'
+                        or '\U00010000' <= ch < '\U0010ffff') and ch != '\uFEFF':
+                    unicode_characters = True
+                    if not self.allow_unicode:
+                        special_characters = True
+                else:
+                    special_characters = True
+
+            # Detect important whitespace combinations.
+            if ch == ' ':
+                if index == 0:
+                    leading_space = True
+                if index == len(scalar)-1:
+                    trailing_space = True
+                if previous_break:
+                    break_space = True
+                previous_space = True
+                previous_break = False
+            elif ch in '\n\x85\u2028\u2029':
+                if index == 0:
+                    leading_break = True
+                if index == len(scalar)-1:
+                    trailing_break = True
+                if previous_space:
+                    space_break = True
+                previous_space = False
+                previous_break = True
+            else:
+                previous_space = False
+                previous_break = False
+
+            # Prepare for the next character.
+            index += 1
+            preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
+            followed_by_whitespace = (index+1 >= len(scalar) or
+                    scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # Let's decide what styles are allowed.
+        allow_flow_plain = True
+        allow_block_plain = True
+        allow_single_quoted = True
+        allow_double_quoted = True
+        allow_block = True
+
+        # Leading and trailing whitespaces are bad for plain scalars.
+        if (leading_space or leading_break
+                or trailing_space or trailing_break):
+            allow_flow_plain = allow_block_plain = False
+
+        # We do not permit trailing spaces for block scalars.
+        if trailing_space:
+            allow_block = False
+
+        # Spaces at the beginning of a new line are only acceptable for block
+        # scalars.
+        if break_space:
+            allow_flow_plain = allow_block_plain = allow_single_quoted = False
+
+        # Spaces followed by breaks, as well as special character are only
+        # allowed for double quoted scalars.
+        if space_break or special_characters:
+            allow_flow_plain = allow_block_plain =  \
+            allow_single_quoted = allow_block = False
+
+        # Although the plain scalar writer supports breaks, we never emit
+        # multiline plain scalars.
+        if line_breaks:
+            allow_flow_plain = allow_block_plain = False
+
+        # Flow indicators are forbidden for flow plain scalars.
+        if flow_indicators:
+            allow_flow_plain = False
+
+        # Block indicators are forbidden for block plain scalars.
+        if block_indicators:
+            allow_block_plain = False
+
+        return ScalarAnalysis(scalar=scalar,
+                empty=False, multiline=line_breaks,
+                allow_flow_plain=allow_flow_plain,
+                allow_block_plain=allow_block_plain,
+                allow_single_quoted=allow_single_quoted,
+                allow_double_quoted=allow_double_quoted,
+                allow_block=allow_block)
+
+    # Writers.
+
+    def flush_stream(self):
+        if hasattr(self.stream, 'flush'):
+            self.stream.flush()
+
+    def write_stream_start(self):
+        # Write BOM if needed.
+        if self.encoding and self.encoding.startswith('utf-16'):
+            self.stream.write('\uFEFF'.encode(self.encoding))
+
+    def write_stream_end(self):
+        self.flush_stream()
+
+    def write_indicator(self, indicator, need_whitespace,
+            whitespace=False, indention=False):
+        if self.whitespace or not need_whitespace:
+            data = indicator
+        else:
+            data = ' '+indicator
+        self.whitespace = whitespace
+        self.indention = self.indention and indention
+        self.column += len(data)
+        self.open_ended = False
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_indent(self):
+        indent = self.indent or 0
+        if not self.indention or self.column > indent   \
+                or (self.column == indent and not self.whitespace):
+            self.write_line_break()
+        if self.column < indent:
+            self.whitespace = True
+            data = ' '*(indent-self.column)
+            self.column = indent
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+
+    def write_line_break(self, data=None):
+        if data is None:
+            data = self.best_line_break
+        self.whitespace = True
+        self.indention = True
+        self.line += 1
+        self.column = 0
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_version_directive(self, version_text):
+        data = '%%YAML %s' % version_text
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    def write_tag_directive(self, handle_text, prefix_text):
+        data = '%%TAG %s %s' % (handle_text, prefix_text)
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    # Scalar streams.
+
+    def write_single_quoted(self, text, split=True):
+        self.write_indicator('\'', True)
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch is None or ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split   \
+                            and start != 0 and end != len(text):
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029' or ch == '\'':
+                    if start < end:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                        start = end
+            if ch == '\'':
+                data = '\'\''
+                self.column += 2
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                start = end + 1
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+        self.write_indicator('\'', False)
+
+    ESCAPE_REPLACEMENTS = {
+        '\0':       '0',
+        '\x07':     'a',
+        '\x08':     'b',
+        '\x09':     't',
+        '\x0A':     'n',
+        '\x0B':     'v',
+        '\x0C':     'f',
+        '\x0D':     'r',
+        '\x1B':     'e',
+        '\"':       '\"',
+        '\\':       '\\',
+        '\x85':     'N',
+        '\xA0':     '_',
+        '\u2028':   'L',
+        '\u2029':   'P',
+    }
+
+    def write_double_quoted(self, text, split=True):
+        self.write_indicator('"', True)
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if ch is None or ch in '"\\\x85\u2028\u2029\uFEFF' \
+                    or not ('\x20' <= ch <= '\x7E'
+                        or (self.allow_unicode
+                            and ('\xA0' <= ch <= '\uD7FF'
+                                or '\uE000' <= ch <= '\uFFFD'))):
+                if start < end:
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+                if ch is not None:
+                    if ch in self.ESCAPE_REPLACEMENTS:
+                        data = '\\'+self.ESCAPE_REPLACEMENTS[ch]
+                    elif ch <= '\xFF':
+                        data = '\\x%02X' % ord(ch)
+                    elif ch <= '\uFFFF':
+                        data = '\\u%04X' % ord(ch)
+                    else:
+                        data = '\\U%08X' % ord(ch)
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end+1
+            if 0 < end < len(text)-1 and (ch == ' ' or start >= end)    \
+                    and self.column+(end-start) > self.best_width and split:
+                data = text[start:end]+'\\'
+                if start < end:
+                    start = end
+                self.column += len(data)
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                self.write_indent()
+                self.whitespace = False
+                self.indention = False
+                if text[start] == ' ':
+                    data = '\\'
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+            end += 1
+        self.write_indicator('"', False)
+
+    def determine_block_hints(self, text):
+        hints = ''
+        if text:
+            if text[0] in ' \n\x85\u2028\u2029':
+                hints += str(self.best_indent)
+            if text[-1] not in '\n\x85\u2028\u2029':
+                hints += '-'
+            elif len(text) == 1 or text[-2] in '\n\x85\u2028\u2029':
+                hints += '+'
+        return hints
+
+    def write_folded(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('>'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        leading_space = True
+        spaces = False
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if not leading_space and ch is not None and ch != ' '   \
+                            and text[start] == '\n':
+                        self.write_line_break()
+                    leading_space = (ch == ' ')
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            elif spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width:
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+                spaces = (ch == ' ')
+            end += 1
+
+    def write_literal(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('|'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in '\n\x85\u2028\u2029':
+                    data = text[start:end]
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+
+    def write_plain(self, text, split=True):
+        if self.root_context:
+            self.open_ended = True
+        if not text:
+            return
+        if not self.whitespace:
+            data = ' '
+            self.column += len(data)
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+        self.whitespace = False
+        self.indention = False
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split:
+                        self.write_indent()
+                        self.whitespace = False
+                        self.indention = False
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    self.whitespace = False
+                    self.indention = False
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/error.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/error.py
new file mode 100644
index 000000000..b796b4dc5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/error.py
@@ -0,0 +1,75 @@
+
+__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
+
+class Mark:
+
+    def __init__(self, name, index, line, column, buffer, pointer):
+        self.name = name
+        self.index = index
+        self.line = line
+        self.column = column
+        self.buffer = buffer
+        self.pointer = pointer
+
+    def get_snippet(self, indent=4, max_length=75):
+        if self.buffer is None:
+            return None
+        head = ''
+        start = self.pointer
+        while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
+            start -= 1
+            if self.pointer-start > max_length/2-1:
+                head = ' ... '
+                start += 5
+                break
+        tail = ''
+        end = self.pointer
+        while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
+            end += 1
+            if end-self.pointer > max_length/2-1:
+                tail = ' ... '
+                end -= 5
+                break
+        snippet = self.buffer[start:end]
+        return ' '*indent + head + snippet + tail + '\n'  \
+                + ' '*(indent+self.pointer-start+len(head)) + '^'
+
+    def __str__(self):
+        snippet = self.get_snippet()
+        where = "  in \"%s\", line %d, column %d"   \
+                % (self.name, self.line+1, self.column+1)
+        if snippet is not None:
+            where += ":\n"+snippet
+        return where
+
+class YAMLError(Exception):
+    pass
+
+class MarkedYAMLError(YAMLError):
+
+    def __init__(self, context=None, context_mark=None,
+            problem=None, problem_mark=None, note=None):
+        self.context = context
+        self.context_mark = context_mark
+        self.problem = problem
+        self.problem_mark = problem_mark
+        self.note = note
+
+    def __str__(self):
+        lines = []
+        if self.context is not None:
+            lines.append(self.context)
+        if self.context_mark is not None  \
+            and (self.problem is None or self.problem_mark is None
+                    or self.context_mark.name != self.problem_mark.name
+                    or self.context_mark.line != self.problem_mark.line
+                    or self.context_mark.column != self.problem_mark.column):
+            lines.append(str(self.context_mark))
+        if self.problem is not None:
+            lines.append(self.problem)
+        if self.problem_mark is not None:
+            lines.append(str(self.problem_mark))
+        if self.note is not None:
+            lines.append(self.note)
+        return '\n'.join(lines)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/events.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/events.py
new file mode 100644
index 000000000..f79ad389c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/events.py
@@ -0,0 +1,86 @@
+
+# Abstract classes.
+
+class Event(object):
+    def __init__(self, start_mark=None, end_mark=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in ['anchor', 'tag', 'implicit', 'value']
+                if hasattr(self, key)]
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+class NodeEvent(Event):
+    def __init__(self, anchor, start_mark=None, end_mark=None):
+        self.anchor = anchor
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class CollectionStartEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, start_mark=None, end_mark=None,
+            flow_style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class CollectionEndEvent(Event):
+    pass
+
+# Implementations.
+
+class StreamStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None, encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndEvent(Event):
+    pass
+
+class DocumentStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None, version=None, tags=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+        self.version = version
+        self.tags = tags
+
+class DocumentEndEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+
+class AliasEvent(NodeEvent):
+    pass
+
+class ScalarEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, value,
+            start_mark=None, end_mark=None, style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class SequenceStartEvent(CollectionStartEvent):
+    pass
+
+class SequenceEndEvent(CollectionEndEvent):
+    pass
+
+class MappingStartEvent(CollectionStartEvent):
+    pass
+
+class MappingEndEvent(CollectionEndEvent):
+    pass
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/loader.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/loader.py
new file mode 100644
index 000000000..e90c11224
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/loader.py
@@ -0,0 +1,63 @@
+
+__all__ = ['BaseLoader', 'FullLoader', 'SafeLoader', 'Loader', 'UnsafeLoader']
+
+from .reader import *
+from .scanner import *
+from .parser import *
+from .composer import *
+from .constructor import *
+from .resolver import *
+
+class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class FullLoader(Reader, Scanner, Parser, Composer, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+# UnsafeLoader is the same as Loader (which is and was always unsafe on
+# untrusted input). Use of either Loader or UnsafeLoader should be rare, since
+# FullLoad should be able to load almost all YAML safely. Loader is left intact
+# to ensure backwards compatibility.
+class UnsafeLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/nodes.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/nodes.py
new file mode 100644
index 000000000..c4f070c41
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/nodes.py
@@ -0,0 +1,49 @@
+
+class Node(object):
+    def __init__(self, tag, value, start_mark, end_mark):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        value = self.value
+        #if isinstance(value, list):
+        #    if len(value) == 0:
+        #        value = '<empty>'
+        #    elif len(value) == 1:
+        #        value = '<1 item>'
+        #    else:
+        #        value = '<%d items>' % len(value)
+        #else:
+        #    if len(value) > 75:
+        #        value = repr(value[:70]+u' ... ')
+        #    else:
+        #        value = repr(value)
+        value = repr(value)
+        return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
+
+class ScalarNode(Node):
+    id = 'scalar'
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class CollectionNode(Node):
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, flow_style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class SequenceNode(CollectionNode):
+    id = 'sequence'
+
+class MappingNode(CollectionNode):
+    id = 'mapping'
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/parser.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/parser.py
new file mode 100644
index 000000000..13a5995d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/parser.py
@@ -0,0 +1,589 @@
+
+# The following YAML grammar is LL(1) and is parsed by a recursive descent
+# parser.
+#
+# stream            ::= STREAM-START implicit_document? explicit_document* STREAM-END
+# implicit_document ::= block_node DOCUMENT-END*
+# explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+# block_node_or_indentless_sequence ::=
+#                       ALIAS
+#                       | properties (block_content | indentless_block_sequence)?
+#                       | block_content
+#                       | indentless_block_sequence
+# block_node        ::= ALIAS
+#                       | properties block_content?
+#                       | block_content
+# flow_node         ::= ALIAS
+#                       | properties flow_content?
+#                       | flow_content
+# properties        ::= TAG ANCHOR? | ANCHOR TAG?
+# block_content     ::= block_collection | flow_collection | SCALAR
+# flow_content      ::= flow_collection | SCALAR
+# block_collection  ::= block_sequence | block_mapping
+# flow_collection   ::= flow_sequence | flow_mapping
+# block_sequence    ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+# indentless_sequence   ::= (BLOCK-ENTRY block_node?)+
+# block_mapping     ::= BLOCK-MAPPING_START
+#                       ((KEY block_node_or_indentless_sequence?)?
+#                       (VALUE block_node_or_indentless_sequence?)?)*
+#                       BLOCK-END
+# flow_sequence     ::= FLOW-SEQUENCE-START
+#                       (flow_sequence_entry FLOW-ENTRY)*
+#                       flow_sequence_entry?
+#                       FLOW-SEQUENCE-END
+# flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+# flow_mapping      ::= FLOW-MAPPING-START
+#                       (flow_mapping_entry FLOW-ENTRY)*
+#                       flow_mapping_entry?
+#                       FLOW-MAPPING-END
+# flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+#
+# FIRST sets:
+#
+# stream: { STREAM-START }
+# explicit_document: { DIRECTIVE DOCUMENT-START }
+# implicit_document: FIRST(block_node)
+# block_node: { ALIAS TAG ANCHOR SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_node: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_content: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# flow_content: { FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# block_collection: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_sequence: { BLOCK-SEQUENCE-START }
+# block_mapping: { BLOCK-MAPPING-START }
+# block_node_or_indentless_sequence: { ALIAS ANCHOR TAG SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START BLOCK-ENTRY }
+# indentless_sequence: { ENTRY }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_sequence: { FLOW-SEQUENCE-START }
+# flow_mapping: { FLOW-MAPPING-START }
+# flow_sequence_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+# flow_mapping_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+
+__all__ = ['Parser', 'ParserError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+from .events import *
+from .scanner import *
+
+class ParserError(MarkedYAMLError):
+    pass
+
+class Parser:
+    # Since writing a recursive-descendant parser is a straightforward task, we
+    # do not give many comments here.
+
+    DEFAULT_TAGS = {
+        '!':   '!',
+        '!!':  'tag:yaml.org,2002:',
+    }
+
+    def __init__(self):
+        self.current_event = None
+        self.yaml_version = None
+        self.tag_handles = {}
+        self.states = []
+        self.marks = []
+        self.state = self.parse_stream_start
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def check_event(self, *choices):
+        # Check the type of the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        if self.current_event is not None:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.current_event, choice):
+                    return True
+        return False
+
+    def peek_event(self):
+        # Get the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        return self.current_event
+
+    def get_event(self):
+        # Get the next event and proceed further.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        value = self.current_event
+        self.current_event = None
+        return value
+
+    # stream    ::= STREAM-START implicit_document? explicit_document* STREAM-END
+    # implicit_document ::= block_node DOCUMENT-END*
+    # explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+
+    def parse_stream_start(self):
+
+        # Parse the stream start.
+        token = self.get_token()
+        event = StreamStartEvent(token.start_mark, token.end_mark,
+                encoding=token.encoding)
+
+        # Prepare the next state.
+        self.state = self.parse_implicit_document_start
+
+        return event
+
+    def parse_implicit_document_start(self):
+
+        # Parse an implicit document.
+        if not self.check_token(DirectiveToken, DocumentStartToken,
+                StreamEndToken):
+            self.tag_handles = self.DEFAULT_TAGS
+            token = self.peek_token()
+            start_mark = end_mark = token.start_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=False)
+
+            # Prepare the next state.
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_block_node
+
+            return event
+
+        else:
+            return self.parse_document_start()
+
+    def parse_document_start(self):
+
+        # Parse any extra document end indicators.
+        while self.check_token(DocumentEndToken):
+            self.get_token()
+
+        # Parse an explicit document.
+        if not self.check_token(StreamEndToken):
+            token = self.peek_token()
+            start_mark = token.start_mark
+            version, tags = self.process_directives()
+            if not self.check_token(DocumentStartToken):
+                raise ParserError(None, None,
+                        "expected '<document start>', but found %r"
+                        % self.peek_token().id,
+                        self.peek_token().start_mark)
+            token = self.get_token()
+            end_mark = token.end_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=True, version=version, tags=tags)
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_document_content
+        else:
+            # Parse the end of the stream.
+            token = self.get_token()
+            event = StreamEndEvent(token.start_mark, token.end_mark)
+            assert not self.states
+            assert not self.marks
+            self.state = None
+        return event
+
+    def parse_document_end(self):
+
+        # Parse the document end.
+        token = self.peek_token()
+        start_mark = end_mark = token.start_mark
+        explicit = False
+        if self.check_token(DocumentEndToken):
+            token = self.get_token()
+            end_mark = token.end_mark
+            explicit = True
+        event = DocumentEndEvent(start_mark, end_mark,
+                explicit=explicit)
+
+        # Prepare the next state.
+        self.state = self.parse_document_start
+
+        return event
+
+    def parse_document_content(self):
+        if self.check_token(DirectiveToken,
+                DocumentStartToken, DocumentEndToken, StreamEndToken):
+            event = self.process_empty_scalar(self.peek_token().start_mark)
+            self.state = self.states.pop()
+            return event
+        else:
+            return self.parse_block_node()
+
+    def process_directives(self):
+        self.yaml_version = None
+        self.tag_handles = {}
+        while self.check_token(DirectiveToken):
+            token = self.get_token()
+            if token.name == 'YAML':
+                if self.yaml_version is not None:
+                    raise ParserError(None, None,
+                            "found duplicate YAML directive", token.start_mark)
+                major, minor = token.value
+                if major != 1:
+                    raise ParserError(None, None,
+                            "found incompatible YAML document (version 1.* is required)",
+                            token.start_mark)
+                self.yaml_version = token.value
+            elif token.name == 'TAG':
+                handle, prefix = token.value
+                if handle in self.tag_handles:
+                    raise ParserError(None, None,
+                            "duplicate tag handle %r" % handle,
+                            token.start_mark)
+                self.tag_handles[handle] = prefix
+        if self.tag_handles:
+            value = self.yaml_version, self.tag_handles.copy()
+        else:
+            value = self.yaml_version, None
+        for key in self.DEFAULT_TAGS:
+            if key not in self.tag_handles:
+                self.tag_handles[key] = self.DEFAULT_TAGS[key]
+        return value
+
+    # block_node_or_indentless_sequence ::= ALIAS
+    #               | properties (block_content | indentless_block_sequence)?
+    #               | block_content
+    #               | indentless_block_sequence
+    # block_node    ::= ALIAS
+    #                   | properties block_content?
+    #                   | block_content
+    # flow_node     ::= ALIAS
+    #                   | properties flow_content?
+    #                   | flow_content
+    # properties    ::= TAG ANCHOR? | ANCHOR TAG?
+    # block_content     ::= block_collection | flow_collection | SCALAR
+    # flow_content      ::= flow_collection | SCALAR
+    # block_collection  ::= block_sequence | block_mapping
+    # flow_collection   ::= flow_sequence | flow_mapping
+
+    def parse_block_node(self):
+        return self.parse_node(block=True)
+
+    def parse_flow_node(self):
+        return self.parse_node()
+
+    def parse_block_node_or_indentless_sequence(self):
+        return self.parse_node(block=True, indentless_sequence=True)
+
+    def parse_node(self, block=False, indentless_sequence=False):
+        if self.check_token(AliasToken):
+            token = self.get_token()
+            event = AliasEvent(token.value, token.start_mark, token.end_mark)
+            self.state = self.states.pop()
+        else:
+            anchor = None
+            tag = None
+            start_mark = end_mark = tag_mark = None
+            if self.check_token(AnchorToken):
+                token = self.get_token()
+                start_mark = token.start_mark
+                end_mark = token.end_mark
+                anchor = token.value
+                if self.check_token(TagToken):
+                    token = self.get_token()
+                    tag_mark = token.start_mark
+                    end_mark = token.end_mark
+                    tag = token.value
+            elif self.check_token(TagToken):
+                token = self.get_token()
+                start_mark = tag_mark = token.start_mark
+                end_mark = token.end_mark
+                tag = token.value
+                if self.check_token(AnchorToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    anchor = token.value
+            if tag is not None:
+                handle, suffix = tag
+                if handle is not None:
+                    if handle not in self.tag_handles:
+                        raise ParserError("while parsing a node", start_mark,
+                                "found undefined tag handle %r" % handle,
+                                tag_mark)
+                    tag = self.tag_handles[handle]+suffix
+                else:
+                    tag = suffix
+            #if tag == '!':
+            #    raise ParserError("while parsing a node", start_mark,
+            #            "found non-specific tag '!'", tag_mark,
+            #            "Please check 'http://pyyaml.org/wiki/YAMLNonSpecificTag' and share your opinion.")
+            if start_mark is None:
+                start_mark = end_mark = self.peek_token().start_mark
+            event = None
+            implicit = (tag is None or tag == '!')
+            if indentless_sequence and self.check_token(BlockEntryToken):
+                end_mark = self.peek_token().end_mark
+                event = SequenceStartEvent(anchor, tag, implicit,
+                        start_mark, end_mark)
+                self.state = self.parse_indentless_sequence_entry
+            else:
+                if self.check_token(ScalarToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    if (token.plain and tag is None) or tag == '!':
+                        implicit = (True, False)
+                    elif tag is None:
+                        implicit = (False, True)
+                    else:
+                        implicit = (False, False)
+                    event = ScalarEvent(anchor, tag, implicit, token.value,
+                            start_mark, end_mark, style=token.style)
+                    self.state = self.states.pop()
+                elif self.check_token(FlowSequenceStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_sequence_first_entry
+                elif self.check_token(FlowMappingStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_mapping_first_key
+                elif block and self.check_token(BlockSequenceStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_sequence_first_entry
+                elif block and self.check_token(BlockMappingStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_mapping_first_key
+                elif anchor is not None or tag is not None:
+                    # Empty scalars are allowed even if a tag or an anchor is
+                    # specified.
+                    event = ScalarEvent(anchor, tag, (implicit, False), '',
+                            start_mark, end_mark)
+                    self.state = self.states.pop()
+                else:
+                    if block:
+                        node = 'block'
+                    else:
+                        node = 'flow'
+                    token = self.peek_token()
+                    raise ParserError("while parsing a %s node" % node, start_mark,
+                            "expected the node content, but found %r" % token.id,
+                            token.start_mark)
+        return event
+
+    # block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+
+    def parse_block_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_sequence_entry()
+
+    def parse_block_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken, BlockEndToken):
+                self.states.append(self.parse_block_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_block_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block collection", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    # indentless_sequence ::= (BLOCK-ENTRY block_node?)+
+
+    def parse_indentless_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken,
+                    KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_indentless_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_indentless_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        token = self.peek_token()
+        event = SequenceEndEvent(token.start_mark, token.start_mark)
+        self.state = self.states.pop()
+        return event
+
+    # block_mapping     ::= BLOCK-MAPPING_START
+    #                       ((KEY block_node_or_indentless_sequence?)?
+    #                       (VALUE block_node_or_indentless_sequence?)?)*
+    #                       BLOCK-END
+
+    def parse_block_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_mapping_key()
+
+    def parse_block_mapping_key(self):
+        if self.check_token(KeyToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_value)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_value
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block mapping", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_block_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_key)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_block_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    # flow_sequence     ::= FLOW-SEQUENCE-START
+    #                       (flow_sequence_entry FLOW-ENTRY)*
+    #                       flow_sequence_entry?
+    #                       FLOW-SEQUENCE-END
+    # flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+    #
+    # Note that while production rules for both flow_sequence_entry and
+    # flow_mapping_entry are equal, their interpretations are different.
+    # For `flow_sequence_entry`, the part `KEY flow_node? (VALUE flow_node?)?`
+    # generate an inline mapping (set syntax).
+
+    def parse_flow_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_sequence_entry(first=True)
+
+    def parse_flow_sequence_entry(self, first=False):
+        if not self.check_token(FlowSequenceEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow sequence", self.marks[-1],
+                            "expected ',' or ']', but got %r" % token.id, token.start_mark)
+            
+            if self.check_token(KeyToken):
+                token = self.peek_token()
+                event = MappingStartEvent(None, None, True,
+                        token.start_mark, token.end_mark,
+                        flow_style=True)
+                self.state = self.parse_flow_sequence_entry_mapping_key
+                return event
+            elif not self.check_token(FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_sequence_entry_mapping_key(self):
+        token = self.get_token()
+        if not self.check_token(ValueToken,
+                FlowEntryToken, FlowSequenceEndToken):
+            self.states.append(self.parse_flow_sequence_entry_mapping_value)
+            return self.parse_flow_node()
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_value
+            return self.process_empty_scalar(token.end_mark)
+
+    def parse_flow_sequence_entry_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry_mapping_end)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_sequence_entry_mapping_end
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_end
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_sequence_entry_mapping_end(self):
+        self.state = self.parse_flow_sequence_entry
+        token = self.peek_token()
+        return MappingEndEvent(token.start_mark, token.start_mark)
+
+    # flow_mapping  ::= FLOW-MAPPING-START
+    #                   (flow_mapping_entry FLOW-ENTRY)*
+    #                   flow_mapping_entry?
+    #                   FLOW-MAPPING-END
+    # flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+    def parse_flow_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_mapping_key(first=True)
+
+    def parse_flow_mapping_key(self, first=False):
+        if not self.check_token(FlowMappingEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow mapping", self.marks[-1],
+                            "expected ',' or '}', but got %r" % token.id, token.start_mark)
+            if self.check_token(KeyToken):
+                token = self.get_token()
+                if not self.check_token(ValueToken,
+                        FlowEntryToken, FlowMappingEndToken):
+                    self.states.append(self.parse_flow_mapping_value)
+                    return self.parse_flow_node()
+                else:
+                    self.state = self.parse_flow_mapping_value
+                    return self.process_empty_scalar(token.end_mark)
+            elif not self.check_token(FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_empty_value)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_key)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_mapping_empty_value(self):
+        self.state = self.parse_flow_mapping_key
+        return self.process_empty_scalar(self.peek_token().start_mark)
+
+    def process_empty_scalar(self, mark):
+        return ScalarEvent(None, None, (True, False), '', mark, mark)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/reader.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/reader.py
new file mode 100644
index 000000000..774b0219b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/reader.py
@@ -0,0 +1,185 @@
+# This module contains abstractions for the input stream. You don't have to
+# looks further, there are no pretty code.
+#
+# We define two classes here.
+#
+#   Mark(source, line, column)
+# It's just a record and its only use is producing nice error messages.
+# Parser does not use it for any other purposes.
+#
+#   Reader(source, data)
+# Reader determines the encoding of `data` and converts it to unicode.
+# Reader provides the following methods and attributes:
+#   reader.peek(length=1) - return the next `length` characters
+#   reader.forward(length=1) - move the current position to `length` characters.
+#   reader.index - the number of the current character.
+#   reader.line, stream.column - the line and the column of the current character.
+
+__all__ = ['Reader', 'ReaderError']
+
+from .error import YAMLError, Mark
+
+import codecs, re
+
+class ReaderError(YAMLError):
+
+    def __init__(self, name, position, character, encoding, reason):
+        self.name = name
+        self.character = character
+        self.position = position
+        self.encoding = encoding
+        self.reason = reason
+
+    def __str__(self):
+        if isinstance(self.character, bytes):
+            return "'%s' codec can't decode byte #x%02x: %s\n"  \
+                    "  in \"%s\", position %d"    \
+                    % (self.encoding, ord(self.character), self.reason,
+                            self.name, self.position)
+        else:
+            return "unacceptable character #x%04x: %s\n"    \
+                    "  in \"%s\", position %d"    \
+                    % (self.character, self.reason,
+                            self.name, self.position)
+
+class Reader(object):
+    # Reader:
+    # - determines the data encoding and converts it to a unicode string,
+    # - checks if characters are in allowed range,
+    # - adds '\0' to the end.
+
+    # Reader accepts
+    #  - a `bytes` object,
+    #  - a `str` object,
+    #  - a file-like object with its `read` method returning `str`,
+    #  - a file-like object with its `read` method returning `unicode`.
+
+    # Yeah, it's ugly and slow.
+
+    def __init__(self, stream):
+        self.name = None
+        self.stream = None
+        self.stream_pointer = 0
+        self.eof = True
+        self.buffer = ''
+        self.pointer = 0
+        self.raw_buffer = None
+        self.raw_decode = None
+        self.encoding = None
+        self.index = 0
+        self.line = 0
+        self.column = 0
+        if isinstance(stream, str):
+            self.name = "<unicode string>"
+            self.check_printable(stream)
+            self.buffer = stream+'\0'
+        elif isinstance(stream, bytes):
+            self.name = "<byte string>"
+            self.raw_buffer = stream
+            self.determine_encoding()
+        else:
+            self.stream = stream
+            self.name = getattr(stream, 'name', "<file>")
+            self.eof = False
+            self.raw_buffer = None
+            self.determine_encoding()
+
+    def peek(self, index=0):
+        try:
+            return self.buffer[self.pointer+index]
+        except IndexError:
+            self.update(index+1)
+            return self.buffer[self.pointer+index]
+
+    def prefix(self, length=1):
+        if self.pointer+length >= len(self.buffer):
+            self.update(length)
+        return self.buffer[self.pointer:self.pointer+length]
+
+    def forward(self, length=1):
+        if self.pointer+length+1 >= len(self.buffer):
+            self.update(length+1)
+        while length:
+            ch = self.buffer[self.pointer]
+            self.pointer += 1
+            self.index += 1
+            if ch in '\n\x85\u2028\u2029'  \
+                    or (ch == '\r' and self.buffer[self.pointer] != '\n'):
+                self.line += 1
+                self.column = 0
+            elif ch != '\uFEFF':
+                self.column += 1
+            length -= 1
+
+    def get_mark(self):
+        if self.stream is None:
+            return Mark(self.name, self.index, self.line, self.column,
+                    self.buffer, self.pointer)
+        else:
+            return Mark(self.name, self.index, self.line, self.column,
+                    None, None)
+
+    def determine_encoding(self):
+        while not self.eof and (self.raw_buffer is None or len(self.raw_buffer) < 2):
+            self.update_raw()
+        if isinstance(self.raw_buffer, bytes):
+            if self.raw_buffer.startswith(codecs.BOM_UTF16_LE):
+                self.raw_decode = codecs.utf_16_le_decode
+                self.encoding = 'utf-16-le'
+            elif self.raw_buffer.startswith(codecs.BOM_UTF16_BE):
+                self.raw_decode = codecs.utf_16_be_decode
+                self.encoding = 'utf-16-be'
+            else:
+                self.raw_decode = codecs.utf_8_decode
+                self.encoding = 'utf-8'
+        self.update(1)
+
+    NON_PRINTABLE = re.compile('[^\x09\x0A\x0D\x20-\x7E\x85\xA0-\uD7FF\uE000-\uFFFD\U00010000-\U0010ffff]')
+    def check_printable(self, data):
+        match = self.NON_PRINTABLE.search(data)
+        if match:
+            character = match.group()
+            position = self.index+(len(self.buffer)-self.pointer)+match.start()
+            raise ReaderError(self.name, position, ord(character),
+                    'unicode', "special characters are not allowed")
+
+    def update(self, length):
+        if self.raw_buffer is None:
+            return
+        self.buffer = self.buffer[self.pointer:]
+        self.pointer = 0
+        while len(self.buffer) < length:
+            if not self.eof:
+                self.update_raw()
+            if self.raw_decode is not None:
+                try:
+                    data, converted = self.raw_decode(self.raw_buffer,
+                            'strict', self.eof)
+                except UnicodeDecodeError as exc:
+                    character = self.raw_buffer[exc.start]
+                    if self.stream is not None:
+                        position = self.stream_pointer-len(self.raw_buffer)+exc.start
+                    else:
+                        position = exc.start
+                    raise ReaderError(self.name, position, character,
+                            exc.encoding, exc.reason)
+            else:
+                data = self.raw_buffer
+                converted = len(data)
+            self.check_printable(data)
+            self.buffer += data
+            self.raw_buffer = self.raw_buffer[converted:]
+            if self.eof:
+                self.buffer += '\0'
+                self.raw_buffer = None
+                break
+
+    def update_raw(self, size=4096):
+        data = self.stream.read(size)
+        if self.raw_buffer is None:
+            self.raw_buffer = data
+        else:
+            self.raw_buffer += data
+        self.stream_pointer += len(data)
+        if not data:
+            self.eof = True
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/representer.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/representer.py
new file mode 100644
index 000000000..808ca06df
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/representer.py
@@ -0,0 +1,389 @@
+
+__all__ = ['BaseRepresenter', 'SafeRepresenter', 'Representer',
+    'RepresenterError']
+
+from .error import *
+from .nodes import *
+
+import datetime, copyreg, types, base64, collections
+
+class RepresenterError(YAMLError):
+    pass
+
+class BaseRepresenter:
+
+    yaml_representers = {}
+    yaml_multi_representers = {}
+
+    def __init__(self, default_style=None, default_flow_style=False, sort_keys=True):
+        self.default_style = default_style
+        self.sort_keys = sort_keys
+        self.default_flow_style = default_flow_style
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent(self, data):
+        node = self.represent_data(data)
+        self.serialize(node)
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent_data(self, data):
+        if self.ignore_aliases(data):
+            self.alias_key = None
+        else:
+            self.alias_key = id(data)
+        if self.alias_key is not None:
+            if self.alias_key in self.represented_objects:
+                node = self.represented_objects[self.alias_key]
+                #if node is None:
+                #    raise RepresenterError("recursive objects are not allowed: %r" % data)
+                return node
+            #self.represented_objects[alias_key] = None
+            self.object_keeper.append(data)
+        data_types = type(data).__mro__
+        if data_types[0] in self.yaml_representers:
+            node = self.yaml_representers[data_types[0]](self, data)
+        else:
+            for data_type in data_types:
+                if data_type in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[data_type](self, data)
+                    break
+            else:
+                if None in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[None](self, data)
+                elif None in self.yaml_representers:
+                    node = self.yaml_representers[None](self, data)
+                else:
+                    node = ScalarNode(None, str(data))
+        #if alias_key is not None:
+        #    self.represented_objects[alias_key] = node
+        return node
+
+    @classmethod
+    def add_representer(cls, data_type, representer):
+        if not 'yaml_representers' in cls.__dict__:
+            cls.yaml_representers = cls.yaml_representers.copy()
+        cls.yaml_representers[data_type] = representer
+
+    @classmethod
+    def add_multi_representer(cls, data_type, representer):
+        if not 'yaml_multi_representers' in cls.__dict__:
+            cls.yaml_multi_representers = cls.yaml_multi_representers.copy()
+        cls.yaml_multi_representers[data_type] = representer
+
+    def represent_scalar(self, tag, value, style=None):
+        if style is None:
+            style = self.default_style
+        node = ScalarNode(tag, value, style=style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        return node
+
+    def represent_sequence(self, tag, sequence, flow_style=None):
+        value = []
+        node = SequenceNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        for item in sequence:
+            node_item = self.represent_data(item)
+            if not (isinstance(node_item, ScalarNode) and not node_item.style):
+                best_style = False
+            value.append(node_item)
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def represent_mapping(self, tag, mapping, flow_style=None):
+        value = []
+        node = MappingNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        if hasattr(mapping, 'items'):
+            mapping = list(mapping.items())
+            if self.sort_keys:
+                try:
+                    mapping = sorted(mapping)
+                except TypeError:
+                    pass
+        for item_key, item_value in mapping:
+            node_key = self.represent_data(item_key)
+            node_value = self.represent_data(item_value)
+            if not (isinstance(node_key, ScalarNode) and not node_key.style):
+                best_style = False
+            if not (isinstance(node_value, ScalarNode) and not node_value.style):
+                best_style = False
+            value.append((node_key, node_value))
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def ignore_aliases(self, data):
+        return False
+
+class SafeRepresenter(BaseRepresenter):
+
+    def ignore_aliases(self, data):
+        if data is None:
+            return True
+        if isinstance(data, tuple) and data == ():
+            return True
+        if isinstance(data, (str, bytes, bool, int, float)):
+            return True
+
+    def represent_none(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:null', 'null')
+
+    def represent_str(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:str', data)
+
+    def represent_binary(self, data):
+        if hasattr(base64, 'encodebytes'):
+            data = base64.encodebytes(data).decode('ascii')
+        else:
+            data = base64.encodestring(data).decode('ascii')
+        return self.represent_scalar('tag:yaml.org,2002:binary', data, style='|')
+
+    def represent_bool(self, data):
+        if data:
+            value = 'true'
+        else:
+            value = 'false'
+        return self.represent_scalar('tag:yaml.org,2002:bool', value)
+
+    def represent_int(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:int', str(data))
+
+    inf_value = 1e300
+    while repr(inf_value) != repr(inf_value*inf_value):
+        inf_value *= inf_value
+
+    def represent_float(self, data):
+        if data != data or (data == 0.0 and data == 1.0):
+            value = '.nan'
+        elif data == self.inf_value:
+            value = '.inf'
+        elif data == -self.inf_value:
+            value = '-.inf'
+        else:
+            value = repr(data).lower()
+            # Note that in some cases `repr(data)` represents a float number
+            # without the decimal parts.  For instance:
+            #   >>> repr(1e17)
+            #   '1e17'
+            # Unfortunately, this is not a valid float representation according
+            # to the definition of the `!!float` tag.  We fix this by adding
+            # '.0' before the 'e' symbol.
+            if '.' not in value and 'e' in value:
+                value = value.replace('e', '.0e', 1)
+        return self.represent_scalar('tag:yaml.org,2002:float', value)
+
+    def represent_list(self, data):
+        #pairs = (len(data) > 0 and isinstance(data, list))
+        #if pairs:
+        #    for item in data:
+        #        if not isinstance(item, tuple) or len(item) != 2:
+        #            pairs = False
+        #            break
+        #if not pairs:
+            return self.represent_sequence('tag:yaml.org,2002:seq', data)
+        #value = []
+        #for item_key, item_value in data:
+        #    value.append(self.represent_mapping(u'tag:yaml.org,2002:map',
+        #        [(item_key, item_value)]))
+        #return SequenceNode(u'tag:yaml.org,2002:pairs', value)
+
+    def represent_dict(self, data):
+        return self.represent_mapping('tag:yaml.org,2002:map', data)
+
+    def represent_set(self, data):
+        value = {}
+        for key in data:
+            value[key] = None
+        return self.represent_mapping('tag:yaml.org,2002:set', value)
+
+    def represent_date(self, data):
+        value = data.isoformat()
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_datetime(self, data):
+        value = data.isoformat(' ')
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_yaml_object(self, tag, data, cls, flow_style=None):
+        if hasattr(data, '__getstate__'):
+            state = data.__getstate__()
+        else:
+            state = data.__dict__.copy()
+        return self.represent_mapping(tag, state, flow_style=flow_style)
+
+    def represent_undefined(self, data):
+        raise RepresenterError("cannot represent an object", data)
+
+SafeRepresenter.add_representer(type(None),
+        SafeRepresenter.represent_none)
+
+SafeRepresenter.add_representer(str,
+        SafeRepresenter.represent_str)
+
+SafeRepresenter.add_representer(bytes,
+        SafeRepresenter.represent_binary)
+
+SafeRepresenter.add_representer(bool,
+        SafeRepresenter.represent_bool)
+
+SafeRepresenter.add_representer(int,
+        SafeRepresenter.represent_int)
+
+SafeRepresenter.add_representer(float,
+        SafeRepresenter.represent_float)
+
+SafeRepresenter.add_representer(list,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(tuple,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(dict,
+        SafeRepresenter.represent_dict)
+
+SafeRepresenter.add_representer(set,
+        SafeRepresenter.represent_set)
+
+SafeRepresenter.add_representer(datetime.date,
+        SafeRepresenter.represent_date)
+
+SafeRepresenter.add_representer(datetime.datetime,
+        SafeRepresenter.represent_datetime)
+
+SafeRepresenter.add_representer(None,
+        SafeRepresenter.represent_undefined)
+
+class Representer(SafeRepresenter):
+
+    def represent_complex(self, data):
+        if data.imag == 0.0:
+            data = '%r' % data.real
+        elif data.real == 0.0:
+            data = '%rj' % data.imag
+        elif data.imag > 0:
+            data = '%r+%rj' % (data.real, data.imag)
+        else:
+            data = '%r%rj' % (data.real, data.imag)
+        return self.represent_scalar('tag:yaml.org,2002:python/complex', data)
+
+    def represent_tuple(self, data):
+        return self.represent_sequence('tag:yaml.org,2002:python/tuple', data)
+
+    def represent_name(self, data):
+        name = '%s.%s' % (data.__module__, data.__name__)
+        return self.represent_scalar('tag:yaml.org,2002:python/name:'+name, '')
+
+    def represent_module(self, data):
+        return self.represent_scalar(
+                'tag:yaml.org,2002:python/module:'+data.__name__, '')
+
+    def represent_object(self, data):
+        # We use __reduce__ API to save the data. data.__reduce__ returns
+        # a tuple of length 2-5:
+        #   (function, args, state, listitems, dictitems)
+
+        # For reconstructing, we calls function(*args), then set its state,
+        # listitems, and dictitems if they are not None.
+
+        # A special case is when function.__name__ == '__newobj__'. In this
+        # case we create the object with args[0].__new__(*args).
+
+        # Another special case is when __reduce__ returns a string - we don't
+        # support it.
+
+        # We produce a !!python/object, !!python/object/new or
+        # !!python/object/apply node.
+
+        cls = type(data)
+        if cls in copyreg.dispatch_table:
+            reduce = copyreg.dispatch_table[cls](data)
+        elif hasattr(data, '__reduce_ex__'):
+            reduce = data.__reduce_ex__(2)
+        elif hasattr(data, '__reduce__'):
+            reduce = data.__reduce__()
+        else:
+            raise RepresenterError("cannot represent an object", data)
+        reduce = (list(reduce)+[None]*5)[:5]
+        function, args, state, listitems, dictitems = reduce
+        args = list(args)
+        if state is None:
+            state = {}
+        if listitems is not None:
+            listitems = list(listitems)
+        if dictitems is not None:
+            dictitems = dict(dictitems)
+        if function.__name__ == '__newobj__':
+            function = args[0]
+            args = args[1:]
+            tag = 'tag:yaml.org,2002:python/object/new:'
+            newobj = True
+        else:
+            tag = 'tag:yaml.org,2002:python/object/apply:'
+            newobj = False
+        function_name = '%s.%s' % (function.__module__, function.__name__)
+        if not args and not listitems and not dictitems \
+                and isinstance(state, dict) and newobj:
+            return self.represent_mapping(
+                    'tag:yaml.org,2002:python/object:'+function_name, state)
+        if not listitems and not dictitems  \
+                and isinstance(state, dict) and not state:
+            return self.represent_sequence(tag+function_name, args)
+        value = {}
+        if args:
+            value['args'] = args
+        if state or not isinstance(state, dict):
+            value['state'] = state
+        if listitems:
+            value['listitems'] = listitems
+        if dictitems:
+            value['dictitems'] = dictitems
+        return self.represent_mapping(tag+function_name, value)
+
+    def represent_ordered_dict(self, data):
+        # Provide uniform representation across different Python versions.
+        data_type = type(data)
+        tag = 'tag:yaml.org,2002:python/object/apply:%s.%s' \
+                % (data_type.__module__, data_type.__name__)
+        items = [[key, value] for key, value in data.items()]
+        return self.represent_sequence(tag, [items])
+
+Representer.add_representer(complex,
+        Representer.represent_complex)
+
+Representer.add_representer(tuple,
+        Representer.represent_tuple)
+
+Representer.add_multi_representer(type,
+        Representer.represent_name)
+
+Representer.add_representer(collections.OrderedDict,
+        Representer.represent_ordered_dict)
+
+Representer.add_representer(types.FunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.BuiltinFunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.ModuleType,
+        Representer.represent_module)
+
+Representer.add_multi_representer(object,
+        Representer.represent_object)
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/resolver.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/resolver.py
new file mode 100644
index 000000000..3522bdaaf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/resolver.py
@@ -0,0 +1,227 @@
+
+__all__ = ['BaseResolver', 'Resolver']
+
+from .error import *
+from .nodes import *
+
+import re
+
+class ResolverError(YAMLError):
+    pass
+
+class BaseResolver:
+
+    DEFAULT_SCALAR_TAG = 'tag:yaml.org,2002:str'
+    DEFAULT_SEQUENCE_TAG = 'tag:yaml.org,2002:seq'
+    DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map'
+
+    yaml_implicit_resolvers = {}
+    yaml_path_resolvers = {}
+
+    def __init__(self):
+        self.resolver_exact_paths = []
+        self.resolver_prefix_paths = []
+
+    @classmethod
+    def add_implicit_resolver(cls, tag, regexp, first):
+        if not 'yaml_implicit_resolvers' in cls.__dict__:
+            implicit_resolvers = {}
+            for key in cls.yaml_implicit_resolvers:
+                implicit_resolvers[key] = cls.yaml_implicit_resolvers[key][:]
+            cls.yaml_implicit_resolvers = implicit_resolvers
+        if first is None:
+            first = [None]
+        for ch in first:
+            cls.yaml_implicit_resolvers.setdefault(ch, []).append((tag, regexp))
+
+    @classmethod
+    def add_path_resolver(cls, tag, path, kind=None):
+        # Note: `add_path_resolver` is experimental.  The API could be changed.
+        # `new_path` is a pattern that is matched against the path from the
+        # root to the node that is being considered.  `node_path` elements are
+        # tuples `(node_check, index_check)`.  `node_check` is a node class:
+        # `ScalarNode`, `SequenceNode`, `MappingNode` or `None`.  `None`
+        # matches any kind of a node.  `index_check` could be `None`, a boolean
+        # value, a string value, or a number.  `None` and `False` match against
+        # any _value_ of sequence and mapping nodes.  `True` matches against
+        # any _key_ of a mapping node.  A string `index_check` matches against
+        # a mapping value that corresponds to a scalar key which content is
+        # equal to the `index_check` value.  An integer `index_check` matches
+        # against a sequence value with the index equal to `index_check`.
+        if not 'yaml_path_resolvers' in cls.__dict__:
+            cls.yaml_path_resolvers = cls.yaml_path_resolvers.copy()
+        new_path = []
+        for element in path:
+            if isinstance(element, (list, tuple)):
+                if len(element) == 2:
+                    node_check, index_check = element
+                elif len(element) == 1:
+                    node_check = element[0]
+                    index_check = True
+                else:
+                    raise ResolverError("Invalid path element: %s" % element)
+            else:
+                node_check = None
+                index_check = element
+            if node_check is str:
+                node_check = ScalarNode
+            elif node_check is list:
+                node_check = SequenceNode
+            elif node_check is dict:
+                node_check = MappingNode
+            elif node_check not in [ScalarNode, SequenceNode, MappingNode]  \
+                    and not isinstance(node_check, str) \
+                    and node_check is not None:
+                raise ResolverError("Invalid node checker: %s" % node_check)
+            if not isinstance(index_check, (str, int))  \
+                    and index_check is not None:
+                raise ResolverError("Invalid index checker: %s" % index_check)
+            new_path.append((node_check, index_check))
+        if kind is str:
+            kind = ScalarNode
+        elif kind is list:
+            kind = SequenceNode
+        elif kind is dict:
+            kind = MappingNode
+        elif kind not in [ScalarNode, SequenceNode, MappingNode]    \
+                and kind is not None:
+            raise ResolverError("Invalid node kind: %s" % kind)
+        cls.yaml_path_resolvers[tuple(new_path), kind] = tag
+
+    def descend_resolver(self, current_node, current_index):
+        if not self.yaml_path_resolvers:
+            return
+        exact_paths = {}
+        prefix_paths = []
+        if current_node:
+            depth = len(self.resolver_prefix_paths)
+            for path, kind in self.resolver_prefix_paths[-1]:
+                if self.check_resolver_prefix(depth, path, kind,
+                        current_node, current_index):
+                    if len(path) > depth:
+                        prefix_paths.append((path, kind))
+                    else:
+                        exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+        else:
+            for path, kind in self.yaml_path_resolvers:
+                if not path:
+                    exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+                else:
+                    prefix_paths.append((path, kind))
+        self.resolver_exact_paths.append(exact_paths)
+        self.resolver_prefix_paths.append(prefix_paths)
+
+    def ascend_resolver(self):
+        if not self.yaml_path_resolvers:
+            return
+        self.resolver_exact_paths.pop()
+        self.resolver_prefix_paths.pop()
+
+    def check_resolver_prefix(self, depth, path, kind,
+            current_node, current_index):
+        node_check, index_check = path[depth-1]
+        if isinstance(node_check, str):
+            if current_node.tag != node_check:
+                return
+        elif node_check is not None:
+            if not isinstance(current_node, node_check):
+                return
+        if index_check is True and current_index is not None:
+            return
+        if (index_check is False or index_check is None)    \
+                and current_index is None:
+            return
+        if isinstance(index_check, str):
+            if not (isinstance(current_index, ScalarNode)
+                    and index_check == current_index.value):
+                return
+        elif isinstance(index_check, int) and not isinstance(index_check, bool):
+            if index_check != current_index:
+                return
+        return True
+
+    def resolve(self, kind, value, implicit):
+        if kind is ScalarNode and implicit[0]:
+            if value == '':
+                resolvers = self.yaml_implicit_resolvers.get('', [])
+            else:
+                resolvers = self.yaml_implicit_resolvers.get(value[0], [])
+            wildcard_resolvers = self.yaml_implicit_resolvers.get(None, [])
+            for tag, regexp in resolvers + wildcard_resolvers:
+                if regexp.match(value):
+                    return tag
+            implicit = implicit[1]
+        if self.yaml_path_resolvers:
+            exact_paths = self.resolver_exact_paths[-1]
+            if kind in exact_paths:
+                return exact_paths[kind]
+            if None in exact_paths:
+                return exact_paths[None]
+        if kind is ScalarNode:
+            return self.DEFAULT_SCALAR_TAG
+        elif kind is SequenceNode:
+            return self.DEFAULT_SEQUENCE_TAG
+        elif kind is MappingNode:
+            return self.DEFAULT_MAPPING_TAG
+
+class Resolver(BaseResolver):
+    pass
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:bool',
+        re.compile(r'''^(?:yes|Yes|YES|no|No|NO
+                    |true|True|TRUE|false|False|FALSE
+                    |on|On|ON|off|Off|OFF)$''', re.X),
+        list('yYnNtTfFoO'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:float',
+        re.compile(r'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
+                    |\.[0-9][0-9_]*(?:[eE][-+][0-9]+)?
+                    |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\.[0-9_]*
+                    |[-+]?\.(?:inf|Inf|INF)
+                    |\.(?:nan|NaN|NAN))$''', re.X),
+        list('-+0123456789.'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:int',
+        re.compile(r'''^(?:[-+]?0b[0-1_]+
+                    |[-+]?0[0-7_]+
+                    |[-+]?(?:0|[1-9][0-9_]*)
+                    |[-+]?0x[0-9a-fA-F_]+
+                    |[-+]?[1-9][0-9_]*(?::[0-5]?[0-9])+)$''', re.X),
+        list('-+0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:merge',
+        re.compile(r'^(?:<<)$'),
+        ['<'])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:null',
+        re.compile(r'''^(?: ~
+                    |null|Null|NULL
+                    | )$''', re.X),
+        ['~', 'n', 'N', ''])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:timestamp',
+        re.compile(r'''^(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]
+                    |[0-9][0-9][0-9][0-9] -[0-9][0-9]? -[0-9][0-9]?
+                     (?:[Tt]|[ \t]+)[0-9][0-9]?
+                     :[0-9][0-9] :[0-9][0-9] (?:\.[0-9]*)?
+                     (?:[ \t]*(?:Z|[-+][0-9][0-9]?(?::[0-9][0-9])?))?)$''', re.X),
+        list('0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:value',
+        re.compile(r'^(?:=)$'),
+        ['='])
+
+# The following resolver is only for documentation purposes. It cannot work
+# because plain scalars cannot start with '!', '&', or '*'.
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:yaml',
+        re.compile(r'^(?:!|&|\*)$'),
+        list('!&*'))
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/scanner.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/scanner.py
new file mode 100644
index 000000000..de925b07f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/scanner.py
@@ -0,0 +1,1435 @@
+
+# Scanner produces tokens of the following types:
+# STREAM-START
+# STREAM-END
+# DIRECTIVE(name, value)
+# DOCUMENT-START
+# DOCUMENT-END
+# BLOCK-SEQUENCE-START
+# BLOCK-MAPPING-START
+# BLOCK-END
+# FLOW-SEQUENCE-START
+# FLOW-MAPPING-START
+# FLOW-SEQUENCE-END
+# FLOW-MAPPING-END
+# BLOCK-ENTRY
+# FLOW-ENTRY
+# KEY
+# VALUE
+# ALIAS(value)
+# ANCHOR(value)
+# TAG(value)
+# SCALAR(value, plain, style)
+#
+# Read comments in the Scanner code for more details.
+#
+
+__all__ = ['Scanner', 'ScannerError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+
+class ScannerError(MarkedYAMLError):
+    pass
+
+class SimpleKey:
+    # See below simple keys treatment.
+
+    def __init__(self, token_number, required, index, line, column, mark):
+        self.token_number = token_number
+        self.required = required
+        self.index = index
+        self.line = line
+        self.column = column
+        self.mark = mark
+
+class Scanner:
+
+    def __init__(self):
+        """Initialize the scanner."""
+        # It is assumed that Scanner and Reader will have a common descendant.
+        # Reader do the dirty work of checking for BOM and converting the
+        # input data to Unicode. It also adds NUL to the end.
+        #
+        # Reader supports the following methods
+        #   self.peek(i=0)       # peek the next i-th character
+        #   self.prefix(l=1)     # peek the next l characters
+        #   self.forward(l=1)    # read the next l characters and move the pointer.
+
+        # Had we reached the end of the stream?
+        self.done = False
+
+        # The number of unclosed '{' and '['. `flow_level == 0` means block
+        # context.
+        self.flow_level = 0
+
+        # List of processed tokens that are not yet emitted.
+        self.tokens = []
+
+        # Add the STREAM-START token.
+        self.fetch_stream_start()
+
+        # Number of tokens that were emitted through the `get_token` method.
+        self.tokens_taken = 0
+
+        # The current indentation level.
+        self.indent = -1
+
+        # Past indentation levels.
+        self.indents = []
+
+        # Variables related to simple keys treatment.
+
+        # A simple key is a key that is not denoted by the '?' indicator.
+        # Example of simple keys:
+        #   ---
+        #   block simple key: value
+        #   ? not a simple key:
+        #   : { flow simple key: value }
+        # We emit the KEY token before all keys, so when we find a potential
+        # simple key, we try to locate the corresponding ':' indicator.
+        # Simple keys should be limited to a single line and 1024 characters.
+
+        # Can a simple key start at the current position? A simple key may
+        # start:
+        # - at the beginning of the line, not counting indentation spaces
+        #       (in block context),
+        # - after '{', '[', ',' (in the flow context),
+        # - after '?', ':', '-' (in the block context).
+        # In the block context, this flag also signifies if a block collection
+        # may start at the current position.
+        self.allow_simple_key = True
+
+        # Keep track of possible simple keys. This is a dictionary. The key
+        # is `flow_level`; there can be no more that one possible simple key
+        # for each level. The value is a SimpleKey record:
+        #   (token_number, required, index, line, column, mark)
+        # A simple key may start with ALIAS, ANCHOR, TAG, SCALAR(flow),
+        # '[', or '{' tokens.
+        self.possible_simple_keys = {}
+
+    # Public methods.
+
+    def check_token(self, *choices):
+        # Check if the next token is one of the given types.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.tokens[0], choice):
+                    return True
+        return False
+
+    def peek_token(self):
+        # Return the next token, but do not delete if from the queue.
+        # Return None if no more tokens.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            return self.tokens[0]
+        else:
+            return None
+
+    def get_token(self):
+        # Return the next token.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            self.tokens_taken += 1
+            return self.tokens.pop(0)
+
+    # Private methods.
+
+    def need_more_tokens(self):
+        if self.done:
+            return False
+        if not self.tokens:
+            return True
+        # The current token may be a potential simple key, so we
+        # need to look further.
+        self.stale_possible_simple_keys()
+        if self.next_possible_simple_key() == self.tokens_taken:
+            return True
+
+    def fetch_more_tokens(self):
+
+        # Eat whitespaces and comments until we reach the next token.
+        self.scan_to_next_token()
+
+        # Remove obsolete possible simple keys.
+        self.stale_possible_simple_keys()
+
+        # Compare the current indentation and column. It may add some tokens
+        # and decrease the current indentation level.
+        self.unwind_indent(self.column)
+
+        # Peek the next character.
+        ch = self.peek()
+
+        # Is it the end of stream?
+        if ch == '\0':
+            return self.fetch_stream_end()
+
+        # Is it a directive?
+        if ch == '%' and self.check_directive():
+            return self.fetch_directive()
+
+        # Is it the document start?
+        if ch == '-' and self.check_document_start():
+            return self.fetch_document_start()
+
+        # Is it the document end?
+        if ch == '.' and self.check_document_end():
+            return self.fetch_document_end()
+
+        # TODO: support for BOM within a stream.
+        #if ch == '\uFEFF':
+        #    return self.fetch_bom()    <-- issue BOMToken
+
+        # Note: the order of the following checks is NOT significant.
+
+        # Is it the flow sequence start indicator?
+        if ch == '[':
+            return self.fetch_flow_sequence_start()
+
+        # Is it the flow mapping start indicator?
+        if ch == '{':
+            return self.fetch_flow_mapping_start()
+
+        # Is it the flow sequence end indicator?
+        if ch == ']':
+            return self.fetch_flow_sequence_end()
+
+        # Is it the flow mapping end indicator?
+        if ch == '}':
+            return self.fetch_flow_mapping_end()
+
+        # Is it the flow entry indicator?
+        if ch == ',':
+            return self.fetch_flow_entry()
+
+        # Is it the block entry indicator?
+        if ch == '-' and self.check_block_entry():
+            return self.fetch_block_entry()
+
+        # Is it the key indicator?
+        if ch == '?' and self.check_key():
+            return self.fetch_key()
+
+        # Is it the value indicator?
+        if ch == ':' and self.check_value():
+            return self.fetch_value()
+
+        # Is it an alias?
+        if ch == '*':
+            return self.fetch_alias()
+
+        # Is it an anchor?
+        if ch == '&':
+            return self.fetch_anchor()
+
+        # Is it a tag?
+        if ch == '!':
+            return self.fetch_tag()
+
+        # Is it a literal scalar?
+        if ch == '|' and not self.flow_level:
+            return self.fetch_literal()
+
+        # Is it a folded scalar?
+        if ch == '>' and not self.flow_level:
+            return self.fetch_folded()
+
+        # Is it a single quoted scalar?
+        if ch == '\'':
+            return self.fetch_single()
+
+        # Is it a double quoted scalar?
+        if ch == '\"':
+            return self.fetch_double()
+
+        # It must be a plain scalar then.
+        if self.check_plain():
+            return self.fetch_plain()
+
+        # No? It's an error. Let's produce a nice error message.
+        raise ScannerError("while scanning for the next token", None,
+                "found character %r that cannot start any token" % ch,
+                self.get_mark())
+
+    # Simple keys treatment.
+
+    def next_possible_simple_key(self):
+        # Return the number of the nearest possible simple key. Actually we
+        # don't need to loop through the whole dictionary. We may replace it
+        # with the following code:
+        #   if not self.possible_simple_keys:
+        #       return None
+        #   return self.possible_simple_keys[
+        #           min(self.possible_simple_keys.keys())].token_number
+        min_token_number = None
+        for level in self.possible_simple_keys:
+            key = self.possible_simple_keys[level]
+            if min_token_number is None or key.token_number < min_token_number:
+                min_token_number = key.token_number
+        return min_token_number
+
+    def stale_possible_simple_keys(self):
+        # Remove entries that are no longer possible simple keys. According to
+        # the YAML specification, simple keys
+        # - should be limited to a single line,
+        # - should be no longer than 1024 characters.
+        # Disabling this procedure will allow simple keys of any length and
+        # height (may cause problems if indentation is broken though).
+        for level in list(self.possible_simple_keys):
+            key = self.possible_simple_keys[level]
+            if key.line != self.line  \
+                    or self.index-key.index > 1024:
+                if key.required:
+                    raise ScannerError("while scanning a simple key", key.mark,
+                            "could not find expected ':'", self.get_mark())
+                del self.possible_simple_keys[level]
+
+    def save_possible_simple_key(self):
+        # The next token may start a simple key. We check if it's possible
+        # and save its position. This function is called for
+        #   ALIAS, ANCHOR, TAG, SCALAR(flow), '[', and '{'.
+
+        # Check if a simple key is required at the current position.
+        required = not self.flow_level and self.indent == self.column
+
+        # The next token might be a simple key. Let's save it's number and
+        # position.
+        if self.allow_simple_key:
+            self.remove_possible_simple_key()
+            token_number = self.tokens_taken+len(self.tokens)
+            key = SimpleKey(token_number, required,
+                    self.index, self.line, self.column, self.get_mark())
+            self.possible_simple_keys[self.flow_level] = key
+
+    def remove_possible_simple_key(self):
+        # Remove the saved possible key position at the current flow level.
+        if self.flow_level in self.possible_simple_keys:
+            key = self.possible_simple_keys[self.flow_level]
+            
+            if key.required:
+                raise ScannerError("while scanning a simple key", key.mark,
+                        "could not find expected ':'", self.get_mark())
+
+            del self.possible_simple_keys[self.flow_level]
+
+    # Indentation functions.
+
+    def unwind_indent(self, column):
+
+        ## In flow context, tokens should respect indentation.
+        ## Actually the condition should be `self.indent >= column` according to
+        ## the spec. But this condition will prohibit intuitively correct
+        ## constructions such as
+        ## key : {
+        ## }
+        #if self.flow_level and self.indent > column:
+        #    raise ScannerError(None, None,
+        #            "invalid indentation or unclosed '[' or '{'",
+        #            self.get_mark())
+
+        # In the flow context, indentation is ignored. We make the scanner less
+        # restrictive then specification requires.
+        if self.flow_level:
+            return
+
+        # In block context, we may need to issue the BLOCK-END tokens.
+        while self.indent > column:
+            mark = self.get_mark()
+            self.indent = self.indents.pop()
+            self.tokens.append(BlockEndToken(mark, mark))
+
+    def add_indent(self, column):
+        # Check if we need to increase indentation.
+        if self.indent < column:
+            self.indents.append(self.indent)
+            self.indent = column
+            return True
+        return False
+
+    # Fetchers.
+
+    def fetch_stream_start(self):
+        # We always add STREAM-START as the first token and STREAM-END as the
+        # last token.
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-START.
+        self.tokens.append(StreamStartToken(mark, mark,
+            encoding=self.encoding))
+        
+
+    def fetch_stream_end(self):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+        self.possible_simple_keys = {}
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-END.
+        self.tokens.append(StreamEndToken(mark, mark))
+
+        # The steam is finished.
+        self.done = True
+
+    def fetch_directive(self):
+        
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Scan and add DIRECTIVE.
+        self.tokens.append(self.scan_directive())
+
+    def fetch_document_start(self):
+        self.fetch_document_indicator(DocumentStartToken)
+
+    def fetch_document_end(self):
+        self.fetch_document_indicator(DocumentEndToken)
+
+    def fetch_document_indicator(self, TokenClass):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys. Note that there could not be a block collection
+        # after '---'.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Add DOCUMENT-START or DOCUMENT-END.
+        start_mark = self.get_mark()
+        self.forward(3)
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_start(self):
+        self.fetch_flow_collection_start(FlowSequenceStartToken)
+
+    def fetch_flow_mapping_start(self):
+        self.fetch_flow_collection_start(FlowMappingStartToken)
+
+    def fetch_flow_collection_start(self, TokenClass):
+
+        # '[' and '{' may start a simple key.
+        self.save_possible_simple_key()
+
+        # Increase the flow level.
+        self.flow_level += 1
+
+        # Simple keys are allowed after '[' and '{'.
+        self.allow_simple_key = True
+
+        # Add FLOW-SEQUENCE-START or FLOW-MAPPING-START.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_end(self):
+        self.fetch_flow_collection_end(FlowSequenceEndToken)
+
+    def fetch_flow_mapping_end(self):
+        self.fetch_flow_collection_end(FlowMappingEndToken)
+
+    def fetch_flow_collection_end(self, TokenClass):
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Decrease the flow level.
+        self.flow_level -= 1
+
+        # No simple keys after ']' or '}'.
+        self.allow_simple_key = False
+
+        # Add FLOW-SEQUENCE-END or FLOW-MAPPING-END.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_entry(self):
+
+        # Simple keys are allowed after ','.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add FLOW-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(FlowEntryToken(start_mark, end_mark))
+
+    def fetch_block_entry(self):
+
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a new entry?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "sequence entries are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-SEQUENCE-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockSequenceStartToken(mark, mark))
+
+        # It's an error for the block entry to occur in the flow context,
+        # but we let the parser detect this.
+        else:
+            pass
+
+        # Simple keys are allowed after '-'.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add BLOCK-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(BlockEntryToken(start_mark, end_mark))
+
+    def fetch_key(self):
+        
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a key (not necessary a simple)?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "mapping keys are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-MAPPING-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockMappingStartToken(mark, mark))
+
+        # Simple keys are allowed after '?' in the block context.
+        self.allow_simple_key = not self.flow_level
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add KEY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(KeyToken(start_mark, end_mark))
+
+    def fetch_value(self):
+
+        # Do we determine a simple key?
+        if self.flow_level in self.possible_simple_keys:
+
+            # Add KEY.
+            key = self.possible_simple_keys[self.flow_level]
+            del self.possible_simple_keys[self.flow_level]
+            self.tokens.insert(key.token_number-self.tokens_taken,
+                    KeyToken(key.mark, key.mark))
+
+            # If this key starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.
+            if not self.flow_level:
+                if self.add_indent(key.column):
+                    self.tokens.insert(key.token_number-self.tokens_taken,
+                            BlockMappingStartToken(key.mark, key.mark))
+
+            # There cannot be two simple keys one after another.
+            self.allow_simple_key = False
+
+        # It must be a part of a complex key.
+        else:
+            
+            # Block context needs additional checks.
+            # (Do we really need them? They will be caught by the parser
+            # anyway.)
+            if not self.flow_level:
+
+                # We are allowed to start a complex value if and only if
+                # we can start a simple key.
+                if not self.allow_simple_key:
+                    raise ScannerError(None, None,
+                            "mapping values are not allowed here",
+                            self.get_mark())
+
+            # If this value starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.  It will be detected as an error later by
+            # the parser.
+            if not self.flow_level:
+                if self.add_indent(self.column):
+                    mark = self.get_mark()
+                    self.tokens.append(BlockMappingStartToken(mark, mark))
+
+            # Simple keys are allowed after ':' in the block context.
+            self.allow_simple_key = not self.flow_level
+
+            # Reset possible simple key on the current level.
+            self.remove_possible_simple_key()
+
+        # Add VALUE.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(ValueToken(start_mark, end_mark))
+
+    def fetch_alias(self):
+
+        # ALIAS could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ALIAS.
+        self.allow_simple_key = False
+
+        # Scan and add ALIAS.
+        self.tokens.append(self.scan_anchor(AliasToken))
+
+    def fetch_anchor(self):
+
+        # ANCHOR could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ANCHOR.
+        self.allow_simple_key = False
+
+        # Scan and add ANCHOR.
+        self.tokens.append(self.scan_anchor(AnchorToken))
+
+    def fetch_tag(self):
+
+        # TAG could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after TAG.
+        self.allow_simple_key = False
+
+        # Scan and add TAG.
+        self.tokens.append(self.scan_tag())
+
+    def fetch_literal(self):
+        self.fetch_block_scalar(style='|')
+
+    def fetch_folded(self):
+        self.fetch_block_scalar(style='>')
+
+    def fetch_block_scalar(self, style):
+
+        # A simple key may follow a block scalar.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_block_scalar(style))
+
+    def fetch_single(self):
+        self.fetch_flow_scalar(style='\'')
+
+    def fetch_double(self):
+        self.fetch_flow_scalar(style='"')
+
+    def fetch_flow_scalar(self, style):
+
+        # A flow scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after flow scalars.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_flow_scalar(style))
+
+    def fetch_plain(self):
+
+        # A plain scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after plain scalars. But note that `scan_plain` will
+        # change this flag if the scan is finished at the beginning of the
+        # line.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR. May change `allow_simple_key`.
+        self.tokens.append(self.scan_plain())
+
+    # Checkers.
+
+    def check_directive(self):
+
+        # DIRECTIVE:        ^ '%' ...
+        # The '%' indicator is already checked.
+        if self.column == 0:
+            return True
+
+    def check_document_start(self):
+
+        # DOCUMENT-START:   ^ '---' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '---'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_document_end(self):
+
+        # DOCUMENT-END:     ^ '...' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '...'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_block_entry(self):
+
+        # BLOCK-ENTRY:      '-' (' '|'\n')
+        return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_key(self):
+
+        # KEY(flow context):    '?'
+        if self.flow_level:
+            return True
+
+        # KEY(block context):   '?' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_value(self):
+
+        # VALUE(flow context):  ':'
+        if self.flow_level:
+            return True
+
+        # VALUE(block context): ':' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_plain(self):
+
+        # A plain scalar may start with any non-space character except:
+        #   '-', '?', ':', ',', '[', ']', '{', '}',
+        #   '#', '&', '*', '!', '|', '>', '\'', '\"',
+        #   '%', '@', '`'.
+        #
+        # It may also start with
+        #   '-', '?', ':'
+        # if it is followed by a non-space character.
+        #
+        # Note that we limit the last rule to the block context (except the
+        # '-' character) because we want the flow context to be space
+        # independent.
+        ch = self.peek()
+        return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`'  \
+                or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
+                        and (ch == '-' or (not self.flow_level and ch in '?:')))
+
+    # Scanners.
+
+    def scan_to_next_token(self):
+        # We ignore spaces, line breaks and comments.
+        # If we find a line break in the block context, we set the flag
+        # `allow_simple_key` on.
+        # The byte order mark is stripped if it's the first character in the
+        # stream. We do not yet support BOM inside the stream as the
+        # specification requires. Any such mark will be considered as a part
+        # of the document.
+        #
+        # TODO: We need to make tab handling rules more sane. A good rule is
+        #   Tabs cannot precede tokens
+        #   BLOCK-SEQUENCE-START, BLOCK-MAPPING-START, BLOCK-END,
+        #   KEY(block), VALUE(block), BLOCK-ENTRY
+        # So the checking code is
+        #   if <TAB>:
+        #       self.allow_simple_keys = False
+        # We also need to add the check for `allow_simple_keys == True` to
+        # `unwind_indent` before issuing BLOCK-END.
+        # Scanners for block, flow, and plain scalars need to be modified.
+
+        if self.index == 0 and self.peek() == '\uFEFF':
+            self.forward()
+        found = False
+        while not found:
+            while self.peek() == ' ':
+                self.forward()
+            if self.peek() == '#':
+                while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                    self.forward()
+            if self.scan_line_break():
+                if not self.flow_level:
+                    self.allow_simple_key = True
+            else:
+                found = True
+
+    def scan_directive(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        self.forward()
+        name = self.scan_directive_name(start_mark)
+        value = None
+        if name == 'YAML':
+            value = self.scan_yaml_directive_value(start_mark)
+            end_mark = self.get_mark()
+        elif name == 'TAG':
+            value = self.scan_tag_directive_value(start_mark)
+            end_mark = self.get_mark()
+        else:
+            end_mark = self.get_mark()
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        self.scan_directive_ignored_line(start_mark)
+        return DirectiveToken(name, value, start_mark, end_mark)
+
+    def scan_directive_name(self, start_mark):
+        # See the specification for details.
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        return value
+
+    def scan_yaml_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        major = self.scan_yaml_directive_number(start_mark)
+        if self.peek() != '.':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or '.', but found %r" % self.peek(),
+                    self.get_mark())
+        self.forward()
+        minor = self.scan_yaml_directive_number(start_mark)
+        if self.peek() not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or ' ', but found %r" % self.peek(),
+                    self.get_mark())
+        return (major, minor)
+
+    def scan_yaml_directive_number(self, start_mark):
+        # See the specification for details.
+        ch = self.peek()
+        if not ('0' <= ch <= '9'):
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit, but found %r" % ch, self.get_mark())
+        length = 0
+        while '0' <= self.peek(length) <= '9':
+            length += 1
+        value = int(self.prefix(length))
+        self.forward(length)
+        return value
+
+    def scan_tag_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        handle = self.scan_tag_directive_handle(start_mark)
+        while self.peek() == ' ':
+            self.forward()
+        prefix = self.scan_tag_directive_prefix(start_mark)
+        return (handle, prefix)
+
+    def scan_tag_directive_handle(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_handle('directive', start_mark)
+        ch = self.peek()
+        if ch != ' ':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_tag_directive_prefix(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_uri('directive', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_directive_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a comment or a line break, but found %r"
+                        % ch, self.get_mark())
+        self.scan_line_break()
+
+    def scan_anchor(self, TokenClass):
+        # The specification does not restrict characters for anchors and
+        # aliases. This may lead to problems, for instance, the document:
+        #   [ *alias, value ]
+        # can be interpreted in two ways, as
+        #   [ "value" ]
+        # and
+        #   [ *alias , "value" ]
+        # Therefore we restrict aliases to numbers and ASCII letters.
+        start_mark = self.get_mark()
+        indicator = self.peek()
+        if indicator == '*':
+            name = 'alias'
+        else:
+            name = 'anchor'
+        self.forward()
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        end_mark = self.get_mark()
+        return TokenClass(value, start_mark, end_mark)
+
+    def scan_tag(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        ch = self.peek(1)
+        if ch == '<':
+            handle = None
+            self.forward(2)
+            suffix = self.scan_tag_uri('tag', start_mark)
+            if self.peek() != '>':
+                raise ScannerError("while parsing a tag", start_mark,
+                        "expected '>', but found %r" % self.peek(),
+                        self.get_mark())
+            self.forward()
+        elif ch in '\0 \t\r\n\x85\u2028\u2029':
+            handle = None
+            suffix = '!'
+            self.forward()
+        else:
+            length = 1
+            use_handle = False
+            while ch not in '\0 \r\n\x85\u2028\u2029':
+                if ch == '!':
+                    use_handle = True
+                    break
+                length += 1
+                ch = self.peek(length)
+            handle = '!'
+            if use_handle:
+                handle = self.scan_tag_handle('tag', start_mark)
+            else:
+                handle = '!'
+                self.forward()
+            suffix = self.scan_tag_uri('tag', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a tag", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        value = (handle, suffix)
+        end_mark = self.get_mark()
+        return TagToken(value, start_mark, end_mark)
+
+    def scan_block_scalar(self, style):
+        # See the specification for details.
+
+        if style == '>':
+            folded = True
+        else:
+            folded = False
+
+        chunks = []
+        start_mark = self.get_mark()
+
+        # Scan the header.
+        self.forward()
+        chomping, increment = self.scan_block_scalar_indicators(start_mark)
+        self.scan_block_scalar_ignored_line(start_mark)
+
+        # Determine the indentation level and go to the first non-empty line.
+        min_indent = self.indent+1
+        if min_indent < 1:
+            min_indent = 1
+        if increment is None:
+            breaks, max_indent, end_mark = self.scan_block_scalar_indentation()
+            indent = max(min_indent, max_indent)
+        else:
+            indent = min_indent+increment-1
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+        line_break = ''
+
+        # Scan the inner part of the block scalar.
+        while self.column == indent and self.peek() != '\0':
+            chunks.extend(breaks)
+            leading_non_space = self.peek() not in ' \t'
+            length = 0
+            while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
+                length += 1
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            line_break = self.scan_line_break()
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+            if self.column == indent and self.peek() != '\0':
+
+                # Unfortunately, folding rules are ambiguous.
+                #
+                # This is the folding according to the specification:
+                
+                if folded and line_break == '\n'    \
+                        and leading_non_space and self.peek() not in ' \t':
+                    if not breaks:
+                        chunks.append(' ')
+                else:
+                    chunks.append(line_break)
+                
+                # This is Clark Evans's interpretation (also in the spec
+                # examples):
+                #
+                #if folded and line_break == '\n':
+                #    if not breaks:
+                #        if self.peek() not in ' \t':
+                #            chunks.append(' ')
+                #        else:
+                #            chunks.append(line_break)
+                #else:
+                #    chunks.append(line_break)
+            else:
+                break
+
+        # Chomp the tail.
+        if chomping is not False:
+            chunks.append(line_break)
+        if chomping is True:
+            chunks.extend(breaks)
+
+        # We are done.
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    def scan_block_scalar_indicators(self, start_mark):
+        # See the specification for details.
+        chomping = None
+        increment = None
+        ch = self.peek()
+        if ch in '+-':
+            if ch == '+':
+                chomping = True
+            else:
+                chomping = False
+            self.forward()
+            ch = self.peek()
+            if ch in '0123456789':
+                increment = int(ch)
+                if increment == 0:
+                    raise ScannerError("while scanning a block scalar", start_mark,
+                            "expected indentation indicator in the range 1-9, but found 0",
+                            self.get_mark())
+                self.forward()
+        elif ch in '0123456789':
+            increment = int(ch)
+            if increment == 0:
+                raise ScannerError("while scanning a block scalar", start_mark,
+                        "expected indentation indicator in the range 1-9, but found 0",
+                        self.get_mark())
+            self.forward()
+            ch = self.peek()
+            if ch in '+-':
+                if ch == '+':
+                    chomping = True
+                else:
+                    chomping = False
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected chomping or indentation indicators, but found %r"
+                    % ch, self.get_mark())
+        return chomping, increment
+
+    def scan_block_scalar_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected a comment or a line break, but found %r" % ch,
+                    self.get_mark())
+        self.scan_line_break()
+
+    def scan_block_scalar_indentation(self):
+        # See the specification for details.
+        chunks = []
+        max_indent = 0
+        end_mark = self.get_mark()
+        while self.peek() in ' \r\n\x85\u2028\u2029':
+            if self.peek() != ' ':
+                chunks.append(self.scan_line_break())
+                end_mark = self.get_mark()
+            else:
+                self.forward()
+                if self.column > max_indent:
+                    max_indent = self.column
+        return chunks, max_indent, end_mark
+
+    def scan_block_scalar_breaks(self, indent):
+        # See the specification for details.
+        chunks = []
+        end_mark = self.get_mark()
+        while self.column < indent and self.peek() == ' ':
+            self.forward()
+        while self.peek() in '\r\n\x85\u2028\u2029':
+            chunks.append(self.scan_line_break())
+            end_mark = self.get_mark()
+            while self.column < indent and self.peek() == ' ':
+                self.forward()
+        return chunks, end_mark
+
+    def scan_flow_scalar(self, style):
+        # See the specification for details.
+        # Note that we loose indentation rules for quoted scalars. Quoted
+        # scalars don't need to adhere indentation because " and ' clearly
+        # mark the beginning and the end of them. Therefore we are less
+        # restrictive then the specification requires. We only need to check
+        # that document separators are not included in scalars.
+        if style == '"':
+            double = True
+        else:
+            double = False
+        chunks = []
+        start_mark = self.get_mark()
+        quote = self.peek()
+        self.forward()
+        chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        while self.peek() != quote:
+            chunks.extend(self.scan_flow_scalar_spaces(double, start_mark))
+            chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        self.forward()
+        end_mark = self.get_mark()
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    ESCAPE_REPLACEMENTS = {
+        '0':    '\0',
+        'a':    '\x07',
+        'b':    '\x08',
+        't':    '\x09',
+        '\t':   '\x09',
+        'n':    '\x0A',
+        'v':    '\x0B',
+        'f':    '\x0C',
+        'r':    '\x0D',
+        'e':    '\x1B',
+        ' ':    '\x20',
+        '\"':   '\"',
+        '\\':   '\\',
+        '/':    '/',
+        'N':    '\x85',
+        '_':    '\xA0',
+        'L':    '\u2028',
+        'P':    '\u2029',
+    }
+
+    ESCAPE_CODES = {
+        'x':    2,
+        'u':    4,
+        'U':    8,
+    }
+
+    def scan_flow_scalar_non_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            length = 0
+            while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
+                length += 1
+            if length:
+                chunks.append(self.prefix(length))
+                self.forward(length)
+            ch = self.peek()
+            if not double and ch == '\'' and self.peek(1) == '\'':
+                chunks.append('\'')
+                self.forward(2)
+            elif (double and ch == '\'') or (not double and ch in '\"\\'):
+                chunks.append(ch)
+                self.forward()
+            elif double and ch == '\\':
+                self.forward()
+                ch = self.peek()
+                if ch in self.ESCAPE_REPLACEMENTS:
+                    chunks.append(self.ESCAPE_REPLACEMENTS[ch])
+                    self.forward()
+                elif ch in self.ESCAPE_CODES:
+                    length = self.ESCAPE_CODES[ch]
+                    self.forward()
+                    for k in range(length):
+                        if self.peek(k) not in '0123456789ABCDEFabcdef':
+                            raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                                    "expected escape sequence of %d hexadecimal numbers, but found %r" %
+                                        (length, self.peek(k)), self.get_mark())
+                    code = int(self.prefix(length), 16)
+                    chunks.append(chr(code))
+                    self.forward(length)
+                elif ch in '\r\n\x85\u2028\u2029':
+                    self.scan_line_break()
+                    chunks.extend(self.scan_flow_scalar_breaks(double, start_mark))
+                else:
+                    raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                            "found unknown escape character %r" % ch, self.get_mark())
+            else:
+                return chunks
+
+    def scan_flow_scalar_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        length = 0
+        while self.peek(length) in ' \t':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch == '\0':
+            raise ScannerError("while scanning a quoted scalar", start_mark,
+                    "found unexpected end of stream", self.get_mark())
+        elif ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            breaks = self.scan_flow_scalar_breaks(double, start_mark)
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        else:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_flow_scalar_breaks(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            # Instead of checking indentation, we check for document
+            # separators.
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                raise ScannerError("while scanning a quoted scalar", start_mark,
+                        "found unexpected document separator", self.get_mark())
+            while self.peek() in ' \t':
+                self.forward()
+            if self.peek() in '\r\n\x85\u2028\u2029':
+                chunks.append(self.scan_line_break())
+            else:
+                return chunks
+
+    def scan_plain(self):
+        # See the specification for details.
+        # We add an additional restriction for the flow context:
+        #   plain scalars in the flow context cannot contain ',' or '?'.
+        # We also keep track of the `allow_simple_key` flag here.
+        # Indentation rules are loosed for the flow context.
+        chunks = []
+        start_mark = self.get_mark()
+        end_mark = start_mark
+        indent = self.indent+1
+        # We allow zero indentation for scalars, but then we need to check for
+        # document separators at the beginning of the line.
+        #if indent == 0:
+        #    indent = 1
+        spaces = []
+        while True:
+            length = 0
+            if self.peek() == '#':
+                break
+            while True:
+                ch = self.peek(length)
+                if ch in '\0 \t\r\n\x85\u2028\u2029'    \
+                        or (ch == ':' and
+                                self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
+                                      + (u',[]{}' if self.flow_level else u''))\
+                        or (self.flow_level and ch in ',?[]{}'):
+                    break
+                length += 1
+            if length == 0:
+                break
+            self.allow_simple_key = False
+            chunks.extend(spaces)
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            end_mark = self.get_mark()
+            spaces = self.scan_plain_spaces(indent, start_mark)
+            if not spaces or self.peek() == '#' \
+                    or (not self.flow_level and self.column < indent):
+                break
+        return ScalarToken(''.join(chunks), True, start_mark, end_mark)
+
+    def scan_plain_spaces(self, indent, start_mark):
+        # See the specification for details.
+        # The specification is really confusing about tabs in plain scalars.
+        # We just forbid them completely. Do not use tabs in YAML!
+        chunks = []
+        length = 0
+        while self.peek(length) in ' ':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            self.allow_simple_key = True
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return
+            breaks = []
+            while self.peek() in ' \r\n\x85\u2028\u2029':
+                if self.peek() == ' ':
+                    self.forward()
+                else:
+                    breaks.append(self.scan_line_break())
+                    prefix = self.prefix(3)
+                    if (prefix == '---' or prefix == '...')   \
+                            and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                        return
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        elif whitespaces:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_tag_handle(self, name, start_mark):
+        # See the specification for details.
+        # For some strange reasons, the specification does not allow '_' in
+        # tag handles. I have allowed it anyway.
+        ch = self.peek()
+        if ch != '!':
+            raise ScannerError("while scanning a %s" % name, start_mark,
+                    "expected '!', but found %r" % ch, self.get_mark())
+        length = 1
+        ch = self.peek(length)
+        if ch != ' ':
+            while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                    or ch in '-_':
+                length += 1
+                ch = self.peek(length)
+            if ch != '!':
+                self.forward(length)
+                raise ScannerError("while scanning a %s" % name, start_mark,
+                        "expected '!', but found %r" % ch, self.get_mark())
+            length += 1
+        value = self.prefix(length)
+        self.forward(length)
+        return value
+
+    def scan_tag_uri(self, name, start_mark):
+        # See the specification for details.
+        # Note: we do not check if URI is well-formed.
+        chunks = []
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-;/?:@&=+$,_.!~*\'()[]%':
+            if ch == '%':
+                chunks.append(self.prefix(length))
+                self.forward(length)
+                length = 0
+                chunks.append(self.scan_uri_escapes(name, start_mark))
+            else:
+                length += 1
+            ch = self.peek(length)
+        if length:
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            length = 0
+        if not chunks:
+            raise ScannerError("while parsing a %s" % name, start_mark,
+                    "expected URI, but found %r" % ch, self.get_mark())
+        return ''.join(chunks)
+
+    def scan_uri_escapes(self, name, start_mark):
+        # See the specification for details.
+        codes = []
+        mark = self.get_mark()
+        while self.peek() == '%':
+            self.forward()
+            for k in range(2):
+                if self.peek(k) not in '0123456789ABCDEFabcdef':
+                    raise ScannerError("while scanning a %s" % name, start_mark,
+                            "expected URI escape sequence of 2 hexadecimal numbers, but found %r"
+                            % self.peek(k), self.get_mark())
+            codes.append(int(self.prefix(2), 16))
+            self.forward(2)
+        try:
+            value = bytes(codes).decode('utf-8')
+        except UnicodeDecodeError as exc:
+            raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
+        return value
+
+    def scan_line_break(self):
+        # Transforms:
+        #   '\r\n'      :   '\n'
+        #   '\r'        :   '\n'
+        #   '\n'        :   '\n'
+        #   '\x85'      :   '\n'
+        #   '\u2028'    :   '\u2028'
+        #   '\u2029     :   '\u2029'
+        #   default     :   ''
+        ch = self.peek()
+        if ch in '\r\n\x85':
+            if self.prefix(2) == '\r\n':
+                self.forward(2)
+            else:
+                self.forward()
+            return '\n'
+        elif ch in '\u2028\u2029':
+            self.forward()
+            return ch
+        return ''
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/serializer.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/serializer.py
new file mode 100644
index 000000000..fe911e67a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/serializer.py
@@ -0,0 +1,111 @@
+
+__all__ = ['Serializer', 'SerializerError']
+
+from .error import YAMLError
+from .events import *
+from .nodes import *
+
+class SerializerError(YAMLError):
+    pass
+
+class Serializer:
+
+    ANCHOR_TEMPLATE = 'id%03d'
+
+    def __init__(self, encoding=None,
+            explicit_start=None, explicit_end=None, version=None, tags=None):
+        self.use_encoding = encoding
+        self.use_explicit_start = explicit_start
+        self.use_explicit_end = explicit_end
+        self.use_version = version
+        self.use_tags = tags
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+        self.closed = None
+
+    def open(self):
+        if self.closed is None:
+            self.emit(StreamStartEvent(encoding=self.use_encoding))
+            self.closed = False
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        else:
+            raise SerializerError("serializer is already opened")
+
+    def close(self):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif not self.closed:
+            self.emit(StreamEndEvent())
+            self.closed = True
+
+    #def __del__(self):
+    #    self.close()
+
+    def serialize(self, node):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        self.emit(DocumentStartEvent(explicit=self.use_explicit_start,
+            version=self.use_version, tags=self.use_tags))
+        self.anchor_node(node)
+        self.serialize_node(node, None, None)
+        self.emit(DocumentEndEvent(explicit=self.use_explicit_end))
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+
+    def anchor_node(self, node):
+        if node in self.anchors:
+            if self.anchors[node] is None:
+                self.anchors[node] = self.generate_anchor(node)
+        else:
+            self.anchors[node] = None
+            if isinstance(node, SequenceNode):
+                for item in node.value:
+                    self.anchor_node(item)
+            elif isinstance(node, MappingNode):
+                for key, value in node.value:
+                    self.anchor_node(key)
+                    self.anchor_node(value)
+
+    def generate_anchor(self, node):
+        self.last_anchor_id += 1
+        return self.ANCHOR_TEMPLATE % self.last_anchor_id
+
+    def serialize_node(self, node, parent, index):
+        alias = self.anchors[node]
+        if node in self.serialized_nodes:
+            self.emit(AliasEvent(alias))
+        else:
+            self.serialized_nodes[node] = True
+            self.descend_resolver(parent, index)
+            if isinstance(node, ScalarNode):
+                detected_tag = self.resolve(ScalarNode, node.value, (True, False))
+                default_tag = self.resolve(ScalarNode, node.value, (False, True))
+                implicit = (node.tag == detected_tag), (node.tag == default_tag)
+                self.emit(ScalarEvent(alias, node.tag, implicit, node.value,
+                    style=node.style))
+            elif isinstance(node, SequenceNode):
+                implicit = (node.tag
+                            == self.resolve(SequenceNode, node.value, True))
+                self.emit(SequenceStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                index = 0
+                for item in node.value:
+                    self.serialize_node(item, node, index)
+                    index += 1
+                self.emit(SequenceEndEvent())
+            elif isinstance(node, MappingNode):
+                implicit = (node.tag
+                            == self.resolve(MappingNode, node.value, True))
+                self.emit(MappingStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                for key, value in node.value:
+                    self.serialize_node(key, node, None)
+                    self.serialize_node(value, node, key)
+                self.emit(MappingEndEvent())
+            self.ascend_resolver()
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/tokens.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/tokens.py
new file mode 100644
index 000000000..4d0b48a39
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/tokens.py
@@ -0,0 +1,104 @@
+
+class Token(object):
+    def __init__(self, start_mark, end_mark):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in self.__dict__
+                if not key.endswith('_mark')]
+        attributes.sort()
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+#class BOMToken(Token):
+#    id = '<byte order mark>'
+
+class DirectiveToken(Token):
+    id = '<directive>'
+    def __init__(self, name, value, start_mark, end_mark):
+        self.name = name
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class DocumentStartToken(Token):
+    id = '<document start>'
+
+class DocumentEndToken(Token):
+    id = '<document end>'
+
+class StreamStartToken(Token):
+    id = '<stream start>'
+    def __init__(self, start_mark=None, end_mark=None,
+            encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndToken(Token):
+    id = '<stream end>'
+
+class BlockSequenceStartToken(Token):
+    id = '<block sequence start>'
+
+class BlockMappingStartToken(Token):
+    id = '<block mapping start>'
+
+class BlockEndToken(Token):
+    id = '<block end>'
+
+class FlowSequenceStartToken(Token):
+    id = '['
+
+class FlowMappingStartToken(Token):
+    id = '{'
+
+class FlowSequenceEndToken(Token):
+    id = ']'
+
+class FlowMappingEndToken(Token):
+    id = '}'
+
+class KeyToken(Token):
+    id = '?'
+
+class ValueToken(Token):
+    id = ':'
+
+class BlockEntryToken(Token):
+    id = '-'
+
+class FlowEntryToken(Token):
+    id = ','
+
+class AliasToken(Token):
+    id = '<alias>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class AnchorToken(Token):
+    id = '<anchor>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class TagToken(Token):
+    id = '<tag>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class ScalarToken(Token):
+    id = '<scalar>'
+    def __init__(self, value, plain, start_mark, end_mark, style=None):
+        self.value = value
+        self.plain = plain
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
new file mode 100644
index 000000000..9d227a0cc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
new file mode 100644
index 000000000..dfe37d52d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
@@ -0,0 +1,93 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 2.1.5
+Summary: Safely add untrusted strings to HTML/XML markup.
+Home-page: https://palletsprojects.com/p/markupsafe/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/markupsafe/
+Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+MarkupSafe
+==========
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    pip install -U MarkupSafe
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+Examples
+--------
+
+.. code-block:: pycon
+
+    >>> from markupsafe import Markup, escape
+
+    >>> # escape replaces special characters and wraps in Markup
+    >>> escape("<script>alert(document.cookie);</script>")
+    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+    >>> # wrap in Markup to mark text "safe" and prevent escaping
+    >>> Markup("<strong>Hello</strong>")
+    Markup('<strong>hello</strong>')
+
+    >>> escape(Markup("<strong>Hello</strong>"))
+    Markup('<strong>hello</strong>')
+
+    >>> # Markup is a str subclass
+    >>> # methods and operators escape their arguments
+    >>> template = Markup("Hello <em>{name}</em>")
+    >>> template.format(name='"World"')
+    Markup('Hello <em>&#34;World&#34;</em>')
+
+
+Donate
+------
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://markupsafe.palletsprojects.com/
+-   Changes: https://markupsafe.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/MarkupSafe/
+-   Source Code: https://github.com/pallets/markupsafe/
+-   Issue Tracker: https://github.com/pallets/markupsafe/issues/
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
new file mode 100644
index 000000000..9063eb12e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
+MarkupSafe-2.1.5.dist-info/RECORD,,
+MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-2.1.5.dist-info/WHEEL,sha256=s4nCzmeJHzzKs_3mY44pZnIB7xTTMwwgEpWpc7aab8A,154
+MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
+markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
+markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so,sha256=RkdkexQSewKzJi93ZG8LMOk_Kk2BHITY1pBWLG4V0TE,107968
+markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
new file mode 100644
index 000000000..c6d160f28
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.42.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-manylinux_2_17_aarch64
+Tag: cp311-cp311-manylinux2014_aarch64
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
new file mode 100644
index 000000000..75bf72925
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
@@ -0,0 +1 @@
+markupsafe
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE
new file mode 100644
index 000000000..2f1b8e15e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ingy döt Net
+Copyright (c) 2006-2016 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA
new file mode 100644
index 000000000..c8905983e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.1
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.6
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD
new file mode 100644
index 000000000..42eb09908
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD
@@ -0,0 +1,44 @@
+PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
+PyYAML-6.0.1.dist-info/RECORD,,
+PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.1.dist-info/WHEEL,sha256=Bu_ZgMyqfUEL6K8HKTcKpjq7RNrV9wcyW-FmVu9-j44,154
+PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+_yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
+_yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__pycache__/composer.cpython-311.pyc,,
+yaml/__pycache__/constructor.cpython-311.pyc,,
+yaml/__pycache__/cyaml.cpython-311.pyc,,
+yaml/__pycache__/dumper.cpython-311.pyc,,
+yaml/__pycache__/emitter.cpython-311.pyc,,
+yaml/__pycache__/error.cpython-311.pyc,,
+yaml/__pycache__/events.cpython-311.pyc,,
+yaml/__pycache__/loader.cpython-311.pyc,,
+yaml/__pycache__/nodes.cpython-311.pyc,,
+yaml/__pycache__/parser.cpython-311.pyc,,
+yaml/__pycache__/reader.cpython-311.pyc,,
+yaml/__pycache__/representer.cpython-311.pyc,,
+yaml/__pycache__/resolver.cpython-311.pyc,,
+yaml/__pycache__/scanner.cpython-311.pyc,,
+yaml/__pycache__/serializer.cpython-311.pyc,,
+yaml/__pycache__/tokens.cpython-311.pyc,,
+yaml/_yaml.cpython-311-aarch64-linux-gnu.so,sha256=5h0eqkdV6nKXFbJVfHksfaxDW32ec39xhBgazxaEbSg,2519832
+yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
+yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
+yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
+yaml/dumper.py,sha256=PLctZlYwZLp7XmeUdwRuv4nYOZ2UBnDIUy8-lKfLF-o,2837
+yaml/emitter.py,sha256=jghtaU7eFwg31bG0B7RZea_29Adi9CKmXq_QjgQpCkQ,43006
+yaml/error.py,sha256=Ah9z-toHJUbE9j-M8YpxgSRM5CgLCcwVzJgLLRF2Fxo,2533
+yaml/events.py,sha256=50_TksgQiE4up-lKo_V-nBy-tAIxkIPQxY5qDhKCeHw,2445
+yaml/loader.py,sha256=UVa-zIqmkFSCIYq_PgSGm4NSJttHY2Rf_zQ4_b1fHN0,2061
+yaml/nodes.py,sha256=gPKNj8pKCdh2d4gr3gIYINnPOaOxGhJAUiYhGRnPE84,1440
+yaml/parser.py,sha256=ilWp5vvgoHFGzvOZDItFoGjD6D42nhlZrZyjAwa0oJo,25495
+yaml/reader.py,sha256=0dmzirOiDG4Xo41RnuQS7K9rkY3xjHiVasfDMNTqCNw,6794
+yaml/representer.py,sha256=IuWP-cAW9sHKEnS0gCqSa894k1Bg4cgTxaDwIcbRQ-Y,14190
+yaml/resolver.py,sha256=9L-VYfm4mWHxUD1Vg4X7rjDRK_7VZd6b92wzq7Y2IKY,9004
+yaml/scanner.py,sha256=YEM3iLZSaQwXcQRg2l2R4MdT0zGP2F9eHkKGKnHyWQY,51279
+yaml/serializer.py,sha256=ChuFgmhU01hj4xgI8GaKv6vfM2Bujwa9i7d2FAHj7cA,4165
+yaml/tokens.py,sha256=lTQIzSVw8Mg9wv459-TjiOQe6wVziqaRlqX2_89rp54,2573
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL
new file mode 100644
index 000000000..0ac102d32
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.40.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-manylinux_2_17_aarch64
+Tag: cp311-cp311-manylinux2014_aarch64
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt
new file mode 100644
index 000000000..e6475e911
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt
@@ -0,0 +1,2 @@
+_yaml
+yaml
diff --git a/lib/go-jinja2/internal/data/linux-arm64/_yaml/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/_yaml/__init__.py
new file mode 100644
index 000000000..7baa8c4b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/_yaml/__init__.py
@@ -0,0 +1,33 @@
+# This is a stub package designed to roughly emulate the _yaml
+# extension module, which previously existed as a standalone module
+# and has been moved into the `yaml` package namespace.
+# It does not perfectly mimic its old counterpart, but should get
+# close enough for anyone who's relying on it even when they shouldn't.
+import yaml
+
+# in some circumstances, the yaml module we imoprted may be from a different version, so we need
+# to tread carefully when poking at it here (it may not have the attributes we expect)
+if not getattr(yaml, '__with_libyaml__', False):
+    from sys import version_info
+
+    exc = ModuleNotFoundError if version_info >= (3, 6) else ImportError
+    raise exc("No module named '_yaml'")
+else:
+    from yaml._yaml import *
+    import warnings
+    warnings.warn(
+        'The _yaml extension module is now located at yaml._yaml'
+        ' and its location is subject to change.  To use the'
+        ' LibYAML-based parser and emitter, import from `yaml`:'
+        ' `from yaml import CLoader as Loader, CDumper as Dumper`.',
+        DeprecationWarning
+    )
+    del warnings
+    # Don't `del yaml` here because yaml is actually an existing
+    # namespace member of _yaml.
+
+__name__ = '_yaml'
+# If the module is top-level (i.e. not a part of any specific package)
+# then the attribute should be set to ''.
+# https://docs.python.org/3.8/library/types.html
+__package__ = ''
diff --git a/lib/go-jinja2/internal/data/linux-arm64/bin/jsonpath_ng b/lib/go-jinja2/internal/data/linux-arm64/bin/jsonpath_ng
new file mode 100644
index 000000000..ff096a950
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/bin/jsonpath_ng
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-linux-arm64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from jsonpath_ng.bin.jsonpath import entry_point
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(entry_point())
diff --git a/lib/go-jinja2/internal/data/linux-arm64/bin/slugify b/lib/go-jinja2/internal/data/linux-arm64/bin/slugify
new file mode 100644
index 000000000..7c99c7075
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/bin/slugify
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-linux-arm64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from slugify.__main__ import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/LICENSE.rst
new file mode 100644
index 000000000..d12a84918
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2014 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/METADATA
new file mode 100644
index 000000000..7a6bbb24b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/METADATA
@@ -0,0 +1,103 @@
+Metadata-Version: 2.1
+Name: click
+Version: 8.1.7
+Summary: Composable command line interface toolkit
+Home-page: https://palletsprojects.com/p/click/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://click.palletsprojects.com/
+Project-URL: Changes, https://click.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/click/
+Project-URL: Issue Tracker, https://github.com/pallets/click/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+Requires-Dist: colorama ; platform_system == "Windows"
+Requires-Dist: importlib-metadata ; python_version < "3.8"
+
+\$ click\_
+==========
+
+Click is a Python package for creating beautiful command line interfaces
+in a composable way with as little code as necessary. It's the "Command
+Line Interface Creation Kit". It's highly configurable but comes with
+sensible defaults out of the box.
+
+It aims to make the process of writing command line tools quick and fun
+while also preventing any frustration caused by the inability to
+implement an intended CLI API.
+
+Click in three points:
+
+-   Arbitrary nesting of commands
+-   Automatic help page generation
+-   Supports lazy loading of subcommands at runtime
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    $ pip install -U click
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+.. code-block:: python
+
+    import click
+
+    @click.command()
+    @click.option("--count", default=1, help="Number of greetings.")
+    @click.option("--name", prompt="Your name", help="The person to greet.")
+    def hello(count, name):
+        """Simple program that greets NAME for a total of COUNT times."""
+        for _ in range(count):
+            click.echo(f"Hello, {name}!")
+
+    if __name__ == '__main__':
+        hello()
+
+.. code-block:: text
+
+    $ python hello.py --count=3
+    Your name: Click
+    Hello, Click!
+    Hello, Click!
+    Hello, Click!
+
+
+Donate
+------
+
+The Pallets organization develops and supports Click and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, `please
+donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://click.palletsprojects.com/
+-   Changes: https://click.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/click/
+-   Source Code: https://github.com/pallets/click
+-   Issue Tracker: https://github.com/pallets/click/issues
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/RECORD
new file mode 100644
index 000000000..dcffbf004
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/RECORD
@@ -0,0 +1,40 @@
+click-8.1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+click-8.1.7.dist-info/LICENSE.rst,sha256=morRBqOU6FO_4h9C9OctWSgZoigF2ZG18ydQKSkrZY0,1475
+click-8.1.7.dist-info/METADATA,sha256=qIMevCxGA9yEmJOM_4WHuUJCwWpsIEVbCPOhs45YPN4,3014
+click-8.1.7.dist-info/RECORD,,
+click-8.1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click-8.1.7.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+click-8.1.7.dist-info/top_level.txt,sha256=J1ZQogalYS4pphY_lPECoNMfw0HzTSrZglC4Yfwo4xA,6
+click/__init__.py,sha256=YDDbjm406dTOA0V8bTtdGnhN7zj5j-_dFRewZF_pLvw,3138
+click/__pycache__/__init__.cpython-311.pyc,,
+click/__pycache__/_compat.cpython-311.pyc,,
+click/__pycache__/_termui_impl.cpython-311.pyc,,
+click/__pycache__/_textwrap.cpython-311.pyc,,
+click/__pycache__/_winconsole.cpython-311.pyc,,
+click/__pycache__/core.cpython-311.pyc,,
+click/__pycache__/decorators.cpython-311.pyc,,
+click/__pycache__/exceptions.cpython-311.pyc,,
+click/__pycache__/formatting.cpython-311.pyc,,
+click/__pycache__/globals.cpython-311.pyc,,
+click/__pycache__/parser.cpython-311.pyc,,
+click/__pycache__/shell_completion.cpython-311.pyc,,
+click/__pycache__/termui.cpython-311.pyc,,
+click/__pycache__/testing.cpython-311.pyc,,
+click/__pycache__/types.cpython-311.pyc,,
+click/__pycache__/utils.cpython-311.pyc,,
+click/_compat.py,sha256=5318agQpbt4kroKsbqDOYpTSWzL_YCZVUQiTT04yXmc,18744
+click/_termui_impl.py,sha256=3dFYv4445Nw-rFvZOTBMBPYwB1bxnmNk9Du6Dm_oBSU,24069
+click/_textwrap.py,sha256=10fQ64OcBUMuK7mFvh8363_uoOxPlRItZBmKzRJDgoY,1353
+click/_winconsole.py,sha256=5ju3jQkcZD0W27WEMGqmEP4y_crUVzPCqsX_FYb7BO0,7860
+click/core.py,sha256=j6oEWtGgGna8JarD6WxhXmNnxLnfRjwXglbBc-8jr7U,114086
+click/decorators.py,sha256=-ZlbGYgV-oI8jr_oH4RpuL1PFS-5QmeuEAsLDAYgxtw,18719
+click/exceptions.py,sha256=fyROO-47HWFDjt2qupo7A3J32VlpM-ovJnfowu92K3s,9273
+click/formatting.py,sha256=Frf0-5W33-loyY_i9qrwXR8-STnW3m5gvyxLVUdyxyk,9706
+click/globals.py,sha256=TP-qM88STzc7f127h35TD_v920FgfOD2EwzqA0oE8XU,1961
+click/parser.py,sha256=LKyYQE9ZLj5KgIDXkrcTHQRXIggfoivX14_UVIn56YA,19067
+click/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click/shell_completion.py,sha256=Ty3VM_ts0sQhj6u7eFTiLwHPoTgcXTGEAUg2OpLqYKw,18460
+click/termui.py,sha256=H7Q8FpmPelhJ2ovOhfCRhjMtCpNyjFXryAMLZODqsdc,28324
+click/testing.py,sha256=1Qd4kS5bucn1hsNIRryd0WtTMuCpkA93grkWxT8POsU,16084
+click/types.py,sha256=TZvz3hKvBztf-Hpa2enOmP4eznSPLzijjig5b_0XMxE,36391
+click/utils.py,sha256=1476UduUNY6UePGU4m18uzVHLt1sKM2PP3yWsQhbItM,20298
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/WHEEL
new file mode 100644
index 000000000..2c08da084
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/top_level.txt
new file mode 100644
index 000000000..dca9a9096
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click-8.1.7.dist-info/top_level.txt
@@ -0,0 +1 @@
+click
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/click/__init__.py
new file mode 100644
index 000000000..9a1dab048
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/__init__.py
@@ -0,0 +1,73 @@
+"""
+Click is a simple Python module inspired by the stdlib optparse to make
+writing command line scripts fun. Unlike other modules, it's based
+around a simple API that does not come with too much magic and is
+composable.
+"""
+from .core import Argument as Argument
+from .core import BaseCommand as BaseCommand
+from .core import Command as Command
+from .core import CommandCollection as CommandCollection
+from .core import Context as Context
+from .core import Group as Group
+from .core import MultiCommand as MultiCommand
+from .core import Option as Option
+from .core import Parameter as Parameter
+from .decorators import argument as argument
+from .decorators import command as command
+from .decorators import confirmation_option as confirmation_option
+from .decorators import group as group
+from .decorators import help_option as help_option
+from .decorators import make_pass_decorator as make_pass_decorator
+from .decorators import option as option
+from .decorators import pass_context as pass_context
+from .decorators import pass_obj as pass_obj
+from .decorators import password_option as password_option
+from .decorators import version_option as version_option
+from .exceptions import Abort as Abort
+from .exceptions import BadArgumentUsage as BadArgumentUsage
+from .exceptions import BadOptionUsage as BadOptionUsage
+from .exceptions import BadParameter as BadParameter
+from .exceptions import ClickException as ClickException
+from .exceptions import FileError as FileError
+from .exceptions import MissingParameter as MissingParameter
+from .exceptions import NoSuchOption as NoSuchOption
+from .exceptions import UsageError as UsageError
+from .formatting import HelpFormatter as HelpFormatter
+from .formatting import wrap_text as wrap_text
+from .globals import get_current_context as get_current_context
+from .parser import OptionParser as OptionParser
+from .termui import clear as clear
+from .termui import confirm as confirm
+from .termui import echo_via_pager as echo_via_pager
+from .termui import edit as edit
+from .termui import getchar as getchar
+from .termui import launch as launch
+from .termui import pause as pause
+from .termui import progressbar as progressbar
+from .termui import prompt as prompt
+from .termui import secho as secho
+from .termui import style as style
+from .termui import unstyle as unstyle
+from .types import BOOL as BOOL
+from .types import Choice as Choice
+from .types import DateTime as DateTime
+from .types import File as File
+from .types import FLOAT as FLOAT
+from .types import FloatRange as FloatRange
+from .types import INT as INT
+from .types import IntRange as IntRange
+from .types import ParamType as ParamType
+from .types import Path as Path
+from .types import STRING as STRING
+from .types import Tuple as Tuple
+from .types import UNPROCESSED as UNPROCESSED
+from .types import UUID as UUID
+from .utils import echo as echo
+from .utils import format_filename as format_filename
+from .utils import get_app_dir as get_app_dir
+from .utils import get_binary_stream as get_binary_stream
+from .utils import get_text_stream as get_text_stream
+from .utils import open_file as open_file
+
+__version__ = "8.1.7"
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/_compat.py b/lib/go-jinja2/internal/data/linux-arm64/click/_compat.py
new file mode 100644
index 000000000..23f886659
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/_compat.py
@@ -0,0 +1,623 @@
+import codecs
+import io
+import os
+import re
+import sys
+import typing as t
+from weakref import WeakKeyDictionary
+
+CYGWIN = sys.platform.startswith("cygwin")
+WIN = sys.platform.startswith("win")
+auto_wrap_for_ansi: t.Optional[t.Callable[[t.TextIO], t.TextIO]] = None
+_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
+
+
+def _make_text_stream(
+    stream: t.BinaryIO,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if encoding is None:
+        encoding = get_best_encoding(stream)
+    if errors is None:
+        errors = "replace"
+    return _NonClosingTextIOWrapper(
+        stream,
+        encoding,
+        errors,
+        line_buffering=True,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def is_ascii_encoding(encoding: str) -> bool:
+    """Checks if a given encoding is ascii."""
+    try:
+        return codecs.lookup(encoding).name == "ascii"
+    except LookupError:
+        return False
+
+
+def get_best_encoding(stream: t.IO[t.Any]) -> str:
+    """Returns the default stream encoding if not found."""
+    rv = getattr(stream, "encoding", None) or sys.getdefaultencoding()
+    if is_ascii_encoding(rv):
+        return "utf-8"
+    return rv
+
+
+class _NonClosingTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        encoding: t.Optional[str],
+        errors: t.Optional[str],
+        force_readable: bool = False,
+        force_writable: bool = False,
+        **extra: t.Any,
+    ) -> None:
+        self._stream = stream = t.cast(
+            t.BinaryIO, _FixupStream(stream, force_readable, force_writable)
+        )
+        super().__init__(stream, encoding, errors, **extra)
+
+    def __del__(self) -> None:
+        try:
+            self.detach()
+        except Exception:
+            pass
+
+    def isatty(self) -> bool:
+        # https://bitbucket.org/pypy/pypy/issue/1803
+        return self._stream.isatty()
+
+
+class _FixupStream:
+    """The new io interface needs more from streams than streams
+    traditionally implement.  As such, this fix-up code is necessary in
+    some circumstances.
+
+    The forcing of readable and writable flags are there because some tools
+    put badly patched objects on sys (one such offender are certain version
+    of jupyter notebook).
+    """
+
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        force_readable: bool = False,
+        force_writable: bool = False,
+    ):
+        self._stream = stream
+        self._force_readable = force_readable
+        self._force_writable = force_writable
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._stream, name)
+
+    def read1(self, size: int) -> bytes:
+        f = getattr(self._stream, "read1", None)
+
+        if f is not None:
+            return t.cast(bytes, f(size))
+
+        return self._stream.read(size)
+
+    def readable(self) -> bool:
+        if self._force_readable:
+            return True
+        x = getattr(self._stream, "readable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.read(0)
+        except Exception:
+            return False
+        return True
+
+    def writable(self) -> bool:
+        if self._force_writable:
+            return True
+        x = getattr(self._stream, "writable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.write("")  # type: ignore
+        except Exception:
+            try:
+                self._stream.write(b"")
+            except Exception:
+                return False
+        return True
+
+    def seekable(self) -> bool:
+        x = getattr(self._stream, "seekable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.seek(self._stream.tell())
+        except Exception:
+            return False
+        return True
+
+
+def _is_binary_reader(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        return isinstance(stream.read(0), bytes)
+    except Exception:
+        return default
+        # This happens in some cases where the stream was already
+        # closed.  In this case, we assume the default.
+
+
+def _is_binary_writer(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        stream.write(b"")
+    except Exception:
+        try:
+            stream.write("")
+            return False
+        except Exception:
+            pass
+        return default
+    return True
+
+
+def _find_binary_reader(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_reader(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_reader(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _find_binary_writer(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_writer(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_writer(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _stream_is_misconfigured(stream: t.TextIO) -> bool:
+    """A stream is misconfigured if its encoding is ASCII."""
+    # If the stream does not have an encoding set, we assume it's set
+    # to ASCII.  This appears to happen in certain unittest
+    # environments.  It's not quite clear what the correct behavior is
+    # but this at least will force Click to recover somehow.
+    return is_ascii_encoding(getattr(stream, "encoding", None) or "ascii")
+
+
+def _is_compat_stream_attr(stream: t.TextIO, attr: str, value: t.Optional[str]) -> bool:
+    """A stream attribute is compatible if it is equal to the
+    desired value or the desired value is unset and the attribute
+    has a value.
+    """
+    stream_value = getattr(stream, attr, None)
+    return stream_value == value or (value is None and stream_value is not None)
+
+
+def _is_compatible_text_stream(
+    stream: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> bool:
+    """Check if a stream's encoding and errors attributes are
+    compatible with the desired values.
+    """
+    return _is_compat_stream_attr(
+        stream, "encoding", encoding
+    ) and _is_compat_stream_attr(stream, "errors", errors)
+
+
+def _force_correct_text_stream(
+    text_stream: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    is_binary: t.Callable[[t.IO[t.Any], bool], bool],
+    find_binary: t.Callable[[t.IO[t.Any]], t.Optional[t.BinaryIO]],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if is_binary(text_stream, False):
+        binary_reader = t.cast(t.BinaryIO, text_stream)
+    else:
+        text_stream = t.cast(t.TextIO, text_stream)
+        # If the stream looks compatible, and won't default to a
+        # misconfigured ascii encoding, return it as-is.
+        if _is_compatible_text_stream(text_stream, encoding, errors) and not (
+            encoding is None and _stream_is_misconfigured(text_stream)
+        ):
+            return text_stream
+
+        # Otherwise, get the underlying binary reader.
+        possible_binary_reader = find_binary(text_stream)
+
+        # If that's not possible, silently use the original reader
+        # and get mojibake instead of exceptions.
+        if possible_binary_reader is None:
+            return text_stream
+
+        binary_reader = possible_binary_reader
+
+    # Default errors to replace instead of strict in order to get
+    # something that works.
+    if errors is None:
+        errors = "replace"
+
+    # Wrap the binary stream in a text stream with the correct
+    # encoding parameters.
+    return _make_text_stream(
+        binary_reader,
+        encoding,
+        errors,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def _force_correct_text_reader(
+    text_reader: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_reader,
+        encoding,
+        errors,
+        _is_binary_reader,
+        _find_binary_reader,
+        force_readable=force_readable,
+    )
+
+
+def _force_correct_text_writer(
+    text_writer: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_writable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_writer,
+        encoding,
+        errors,
+        _is_binary_writer,
+        _find_binary_writer,
+        force_writable=force_writable,
+    )
+
+
+def get_binary_stdin() -> t.BinaryIO:
+    reader = _find_binary_reader(sys.stdin)
+    if reader is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdin.")
+    return reader
+
+
+def get_binary_stdout() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stdout)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdout.")
+    return writer
+
+
+def get_binary_stderr() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stderr)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stderr.")
+    return writer
+
+
+def get_text_stdin(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdin, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_reader(sys.stdin, encoding, errors, force_readable=True)
+
+
+def get_text_stdout(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdout, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stdout, encoding, errors, force_writable=True)
+
+
+def get_text_stderr(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stderr, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stderr, encoding, errors, force_writable=True)
+
+
+def _wrap_io_open(
+    file: t.Union[str, "os.PathLike[str]", int],
+    mode: str,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+) -> t.IO[t.Any]:
+    """Handles not passing ``encoding`` and ``errors`` in binary mode."""
+    if "b" in mode:
+        return open(file, mode)
+
+    return open(file, mode, encoding=encoding, errors=errors)
+
+
+def open_stream(
+    filename: "t.Union[str, os.PathLike[str]]",
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    atomic: bool = False,
+) -> t.Tuple[t.IO[t.Any], bool]:
+    binary = "b" in mode
+    filename = os.fspath(filename)
+
+    # Standard streams first. These are simple because they ignore the
+    # atomic flag. Use fsdecode to handle Path("-").
+    if os.fsdecode(filename) == "-":
+        if any(m in mode for m in ["w", "a", "x"]):
+            if binary:
+                return get_binary_stdout(), False
+            return get_text_stdout(encoding=encoding, errors=errors), False
+        if binary:
+            return get_binary_stdin(), False
+        return get_text_stdin(encoding=encoding, errors=errors), False
+
+    # Non-atomic writes directly go out through the regular open functions.
+    if not atomic:
+        return _wrap_io_open(filename, mode, encoding, errors), True
+
+    # Some usability stuff for atomic writes
+    if "a" in mode:
+        raise ValueError(
+            "Appending to an existing file is not supported, because that"
+            " would involve an expensive `copy`-operation to a temporary"
+            " file. Open the file in normal `w`-mode and copy explicitly"
+            " if that's what you're after."
+        )
+    if "x" in mode:
+        raise ValueError("Use the `overwrite`-parameter instead.")
+    if "w" not in mode:
+        raise ValueError("Atomic writes only make sense with `w`-mode.")
+
+    # Atomic writes are more complicated.  They work by opening a file
+    # as a proxy in the same folder and then using the fdopen
+    # functionality to wrap it in a Python file.  Then we wrap it in an
+    # atomic file that moves the file over on close.
+    import errno
+    import random
+
+    try:
+        perm: t.Optional[int] = os.stat(filename).st_mode
+    except OSError:
+        perm = None
+
+    flags = os.O_RDWR | os.O_CREAT | os.O_EXCL
+
+    if binary:
+        flags |= getattr(os, "O_BINARY", 0)
+
+    while True:
+        tmp_filename = os.path.join(
+            os.path.dirname(filename),
+            f".__atomic-write{random.randrange(1 << 32):08x}",
+        )
+        try:
+            fd = os.open(tmp_filename, flags, 0o666 if perm is None else perm)
+            break
+        except OSError as e:
+            if e.errno == errno.EEXIST or (
+                os.name == "nt"
+                and e.errno == errno.EACCES
+                and os.path.isdir(e.filename)
+                and os.access(e.filename, os.W_OK)
+            ):
+                continue
+            raise
+
+    if perm is not None:
+        os.chmod(tmp_filename, perm)  # in case perm includes bits in umask
+
+    f = _wrap_io_open(fd, mode, encoding, errors)
+    af = _AtomicFile(f, tmp_filename, os.path.realpath(filename))
+    return t.cast(t.IO[t.Any], af), True
+
+
+class _AtomicFile:
+    def __init__(self, f: t.IO[t.Any], tmp_filename: str, real_filename: str) -> None:
+        self._f = f
+        self._tmp_filename = tmp_filename
+        self._real_filename = real_filename
+        self.closed = False
+
+    @property
+    def name(self) -> str:
+        return self._real_filename
+
+    def close(self, delete: bool = False) -> None:
+        if self.closed:
+            return
+        self._f.close()
+        os.replace(self._tmp_filename, self._real_filename)
+        self.closed = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._f, name)
+
+    def __enter__(self) -> "_AtomicFile":
+        return self
+
+    def __exit__(self, exc_type: t.Optional[t.Type[BaseException]], *_: t.Any) -> None:
+        self.close(delete=exc_type is not None)
+
+    def __repr__(self) -> str:
+        return repr(self._f)
+
+
+def strip_ansi(value: str) -> str:
+    return _ansi_re.sub("", value)
+
+
+def _is_jupyter_kernel_output(stream: t.IO[t.Any]) -> bool:
+    while isinstance(stream, (_FixupStream, _NonClosingTextIOWrapper)):
+        stream = stream._stream
+
+    return stream.__class__.__module__.startswith("ipykernel.")
+
+
+def should_strip_ansi(
+    stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+) -> bool:
+    if color is None:
+        if stream is None:
+            stream = sys.stdin
+        return not isatty(stream) and not _is_jupyter_kernel_output(stream)
+    return not color
+
+
+# On Windows, wrap the output streams with colorama to support ANSI
+# color codes.
+# NOTE: double check is needed so mypy does not analyze this on Linux
+if sys.platform.startswith("win") and WIN:
+    from ._winconsole import _get_windows_console_stream
+
+    def _get_argv_encoding() -> str:
+        import locale
+
+        return locale.getpreferredencoding()
+
+    _ansi_stream_wrappers: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def auto_wrap_for_ansi(  # noqa: F811
+        stream: t.TextIO, color: t.Optional[bool] = None
+    ) -> t.TextIO:
+        """Support ANSI color and style codes on Windows by wrapping a
+        stream with colorama.
+        """
+        try:
+            cached = _ansi_stream_wrappers.get(stream)
+        except Exception:
+            cached = None
+
+        if cached is not None:
+            return cached
+
+        import colorama
+
+        strip = should_strip_ansi(stream, color)
+        ansi_wrapper = colorama.AnsiToWin32(stream, strip=strip)
+        rv = t.cast(t.TextIO, ansi_wrapper.stream)
+        _write = rv.write
+
+        def _safe_write(s):
+            try:
+                return _write(s)
+            except BaseException:
+                ansi_wrapper.reset_all()
+                raise
+
+        rv.write = _safe_write
+
+        try:
+            _ansi_stream_wrappers[stream] = rv
+        except Exception:
+            pass
+
+        return rv
+
+else:
+
+    def _get_argv_encoding() -> str:
+        return getattr(sys.stdin, "encoding", None) or sys.getfilesystemencoding()
+
+    def _get_windows_console_stream(
+        f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+    ) -> t.Optional[t.TextIO]:
+        return None
+
+
+def term_len(x: str) -> int:
+    return len(strip_ansi(x))
+
+
+def isatty(stream: t.IO[t.Any]) -> bool:
+    try:
+        return stream.isatty()
+    except Exception:
+        return False
+
+
+def _make_cached_stream_func(
+    src_func: t.Callable[[], t.Optional[t.TextIO]],
+    wrapper_func: t.Callable[[], t.TextIO],
+) -> t.Callable[[], t.Optional[t.TextIO]]:
+    cache: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def func() -> t.Optional[t.TextIO]:
+        stream = src_func()
+
+        if stream is None:
+            return None
+
+        try:
+            rv = cache.get(stream)
+        except Exception:
+            rv = None
+        if rv is not None:
+            return rv
+        rv = wrapper_func()
+        try:
+            cache[stream] = rv
+        except Exception:
+            pass
+        return rv
+
+    return func
+
+
+_default_text_stdin = _make_cached_stream_func(lambda: sys.stdin, get_text_stdin)
+_default_text_stdout = _make_cached_stream_func(lambda: sys.stdout, get_text_stdout)
+_default_text_stderr = _make_cached_stream_func(lambda: sys.stderr, get_text_stderr)
+
+
+binary_streams: t.Mapping[str, t.Callable[[], t.BinaryIO]] = {
+    "stdin": get_binary_stdin,
+    "stdout": get_binary_stdout,
+    "stderr": get_binary_stderr,
+}
+
+text_streams: t.Mapping[
+    str, t.Callable[[t.Optional[str], t.Optional[str]], t.TextIO]
+] = {
+    "stdin": get_text_stdin,
+    "stdout": get_text_stdout,
+    "stderr": get_text_stderr,
+}
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/_termui_impl.py b/lib/go-jinja2/internal/data/linux-arm64/click/_termui_impl.py
new file mode 100644
index 000000000..f74465775
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/_termui_impl.py
@@ -0,0 +1,739 @@
+"""
+This module contains implementations for the termui module. To keep the
+import time of Click down, some infrequently used functionality is
+placed in this module and only imported as needed.
+"""
+import contextlib
+import math
+import os
+import sys
+import time
+import typing as t
+from gettext import gettext as _
+from io import StringIO
+from types import TracebackType
+
+from ._compat import _default_text_stdout
+from ._compat import CYGWIN
+from ._compat import get_best_encoding
+from ._compat import isatty
+from ._compat import open_stream
+from ._compat import strip_ansi
+from ._compat import term_len
+from ._compat import WIN
+from .exceptions import ClickException
+from .utils import echo
+
+V = t.TypeVar("V")
+
+if os.name == "nt":
+    BEFORE_BAR = "\r"
+    AFTER_BAR = "\n"
+else:
+    BEFORE_BAR = "\r\033[?25l"
+    AFTER_BAR = "\033[?25h\n"
+
+
+class ProgressBar(t.Generic[V]):
+    def __init__(
+        self,
+        iterable: t.Optional[t.Iterable[V]],
+        length: t.Optional[int] = None,
+        fill_char: str = "#",
+        empty_char: str = " ",
+        bar_template: str = "%(bar)s",
+        info_sep: str = "  ",
+        show_eta: bool = True,
+        show_percent: t.Optional[bool] = None,
+        show_pos: bool = False,
+        item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+        label: t.Optional[str] = None,
+        file: t.Optional[t.TextIO] = None,
+        color: t.Optional[bool] = None,
+        update_min_steps: int = 1,
+        width: int = 30,
+    ) -> None:
+        self.fill_char = fill_char
+        self.empty_char = empty_char
+        self.bar_template = bar_template
+        self.info_sep = info_sep
+        self.show_eta = show_eta
+        self.show_percent = show_percent
+        self.show_pos = show_pos
+        self.item_show_func = item_show_func
+        self.label: str = label or ""
+
+        if file is None:
+            file = _default_text_stdout()
+
+            # There are no standard streams attached to write to. For example,
+            # pythonw on Windows.
+            if file is None:
+                file = StringIO()
+
+        self.file = file
+        self.color = color
+        self.update_min_steps = update_min_steps
+        self._completed_intervals = 0
+        self.width: int = width
+        self.autowidth: bool = width == 0
+
+        if length is None:
+            from operator import length_hint
+
+            length = length_hint(iterable, -1)
+
+            if length == -1:
+                length = None
+        if iterable is None:
+            if length is None:
+                raise TypeError("iterable or length is required")
+            iterable = t.cast(t.Iterable[V], range(length))
+        self.iter: t.Iterable[V] = iter(iterable)
+        self.length = length
+        self.pos = 0
+        self.avg: t.List[float] = []
+        self.last_eta: float
+        self.start: float
+        self.start = self.last_eta = time.time()
+        self.eta_known: bool = False
+        self.finished: bool = False
+        self.max_width: t.Optional[int] = None
+        self.entered: bool = False
+        self.current_item: t.Optional[V] = None
+        self.is_hidden: bool = not isatty(self.file)
+        self._last_line: t.Optional[str] = None
+
+    def __enter__(self) -> "ProgressBar[V]":
+        self.entered = True
+        self.render_progress()
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.render_finish()
+
+    def __iter__(self) -> t.Iterator[V]:
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+        self.render_progress()
+        return self.generator()
+
+    def __next__(self) -> V:
+        # Iteration is defined in terms of a generator function,
+        # returned by iter(self); use that to define next(). This works
+        # because `self.iter` is an iterable consumed by that generator,
+        # so it is re-entry safe. Calling `next(self.generator())`
+        # twice works and does "what you want".
+        return next(iter(self))
+
+    def render_finish(self) -> None:
+        if self.is_hidden:
+            return
+        self.file.write(AFTER_BAR)
+        self.file.flush()
+
+    @property
+    def pct(self) -> float:
+        if self.finished:
+            return 1.0
+        return min(self.pos / (float(self.length or 1) or 1), 1.0)
+
+    @property
+    def time_per_iteration(self) -> float:
+        if not self.avg:
+            return 0.0
+        return sum(self.avg) / float(len(self.avg))
+
+    @property
+    def eta(self) -> float:
+        if self.length is not None and not self.finished:
+            return self.time_per_iteration * (self.length - self.pos)
+        return 0.0
+
+    def format_eta(self) -> str:
+        if self.eta_known:
+            t = int(self.eta)
+            seconds = t % 60
+            t //= 60
+            minutes = t % 60
+            t //= 60
+            hours = t % 24
+            t //= 24
+            if t > 0:
+                return f"{t}d {hours:02}:{minutes:02}:{seconds:02}"
+            else:
+                return f"{hours:02}:{minutes:02}:{seconds:02}"
+        return ""
+
+    def format_pos(self) -> str:
+        pos = str(self.pos)
+        if self.length is not None:
+            pos += f"/{self.length}"
+        return pos
+
+    def format_pct(self) -> str:
+        return f"{int(self.pct * 100): 4}%"[1:]
+
+    def format_bar(self) -> str:
+        if self.length is not None:
+            bar_length = int(self.pct * self.width)
+            bar = self.fill_char * bar_length
+            bar += self.empty_char * (self.width - bar_length)
+        elif self.finished:
+            bar = self.fill_char * self.width
+        else:
+            chars = list(self.empty_char * (self.width or 1))
+            if self.time_per_iteration != 0:
+                chars[
+                    int(
+                        (math.cos(self.pos * self.time_per_iteration) / 2.0 + 0.5)
+                        * self.width
+                    )
+                ] = self.fill_char
+            bar = "".join(chars)
+        return bar
+
+    def format_progress_line(self) -> str:
+        show_percent = self.show_percent
+
+        info_bits = []
+        if self.length is not None and show_percent is None:
+            show_percent = not self.show_pos
+
+        if self.show_pos:
+            info_bits.append(self.format_pos())
+        if show_percent:
+            info_bits.append(self.format_pct())
+        if self.show_eta and self.eta_known and not self.finished:
+            info_bits.append(self.format_eta())
+        if self.item_show_func is not None:
+            item_info = self.item_show_func(self.current_item)
+            if item_info is not None:
+                info_bits.append(item_info)
+
+        return (
+            self.bar_template
+            % {
+                "label": self.label,
+                "bar": self.format_bar(),
+                "info": self.info_sep.join(info_bits),
+            }
+        ).rstrip()
+
+    def render_progress(self) -> None:
+        import shutil
+
+        if self.is_hidden:
+            # Only output the label as it changes if the output is not a
+            # TTY. Use file=stderr if you expect to be piping stdout.
+            if self._last_line != self.label:
+                self._last_line = self.label
+                echo(self.label, file=self.file, color=self.color)
+
+            return
+
+        buf = []
+        # Update width in case the terminal has been resized
+        if self.autowidth:
+            old_width = self.width
+            self.width = 0
+            clutter_length = term_len(self.format_progress_line())
+            new_width = max(0, shutil.get_terminal_size().columns - clutter_length)
+            if new_width < old_width:
+                buf.append(BEFORE_BAR)
+                buf.append(" " * self.max_width)  # type: ignore
+                self.max_width = new_width
+            self.width = new_width
+
+        clear_width = self.width
+        if self.max_width is not None:
+            clear_width = self.max_width
+
+        buf.append(BEFORE_BAR)
+        line = self.format_progress_line()
+        line_len = term_len(line)
+        if self.max_width is None or self.max_width < line_len:
+            self.max_width = line_len
+
+        buf.append(line)
+        buf.append(" " * (clear_width - line_len))
+        line = "".join(buf)
+        # Render the line only if it changed.
+
+        if line != self._last_line:
+            self._last_line = line
+            echo(line, file=self.file, color=self.color, nl=False)
+            self.file.flush()
+
+    def make_step(self, n_steps: int) -> None:
+        self.pos += n_steps
+        if self.length is not None and self.pos >= self.length:
+            self.finished = True
+
+        if (time.time() - self.last_eta) < 1.0:
+            return
+
+        self.last_eta = time.time()
+
+        # self.avg is a rolling list of length <= 7 of steps where steps are
+        # defined as time elapsed divided by the total progress through
+        # self.length.
+        if self.pos:
+            step = (time.time() - self.start) / self.pos
+        else:
+            step = time.time() - self.start
+
+        self.avg = self.avg[-6:] + [step]
+
+        self.eta_known = self.length is not None
+
+    def update(self, n_steps: int, current_item: t.Optional[V] = None) -> None:
+        """Update the progress bar by advancing a specified number of
+        steps, and optionally set the ``current_item`` for this new
+        position.
+
+        :param n_steps: Number of steps to advance.
+        :param current_item: Optional item to set as ``current_item``
+            for the updated position.
+
+        .. versionchanged:: 8.0
+            Added the ``current_item`` optional parameter.
+
+        .. versionchanged:: 8.0
+            Only render when the number of steps meets the
+            ``update_min_steps`` threshold.
+        """
+        if current_item is not None:
+            self.current_item = current_item
+
+        self._completed_intervals += n_steps
+
+        if self._completed_intervals >= self.update_min_steps:
+            self.make_step(self._completed_intervals)
+            self.render_progress()
+            self._completed_intervals = 0
+
+    def finish(self) -> None:
+        self.eta_known = False
+        self.current_item = None
+        self.finished = True
+
+    def generator(self) -> t.Iterator[V]:
+        """Return a generator which yields the items added to the bar
+        during construction, and updates the progress bar *after* the
+        yielded block returns.
+        """
+        # WARNING: the iterator interface for `ProgressBar` relies on
+        # this and only works because this is a simple generator which
+        # doesn't create or manage additional state. If this function
+        # changes, the impact should be evaluated both against
+        # `iter(bar)` and `next(bar)`. `next()` in particular may call
+        # `self.generator()` repeatedly, and this must remain safe in
+        # order for that interface to work.
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+
+        if self.is_hidden:
+            yield from self.iter
+        else:
+            for rv in self.iter:
+                self.current_item = rv
+
+                # This allows show_item_func to be updated before the
+                # item is processed. Only trigger at the beginning of
+                # the update interval.
+                if self._completed_intervals == 0:
+                    self.render_progress()
+
+                yield rv
+                self.update(1)
+
+            self.finish()
+            self.render_progress()
+
+
+def pager(generator: t.Iterable[str], color: t.Optional[bool] = None) -> None:
+    """Decide what method to use for paging through text."""
+    stdout = _default_text_stdout()
+
+    # There are no standard streams attached to write to. For example,
+    # pythonw on Windows.
+    if stdout is None:
+        stdout = StringIO()
+
+    if not isatty(sys.stdin) or not isatty(stdout):
+        return _nullpager(stdout, generator, color)
+    pager_cmd = (os.environ.get("PAGER", None) or "").strip()
+    if pager_cmd:
+        if WIN:
+            return _tempfilepager(generator, pager_cmd, color)
+        return _pipepager(generator, pager_cmd, color)
+    if os.environ.get("TERM") in ("dumb", "emacs"):
+        return _nullpager(stdout, generator, color)
+    if WIN or sys.platform.startswith("os2"):
+        return _tempfilepager(generator, "more <", color)
+    if hasattr(os, "system") and os.system("(less) 2>/dev/null") == 0:
+        return _pipepager(generator, "less", color)
+
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    os.close(fd)
+    try:
+        if hasattr(os, "system") and os.system(f'more "{filename}"') == 0:
+            return _pipepager(generator, "more", color)
+        return _nullpager(stdout, generator, color)
+    finally:
+        os.unlink(filename)
+
+
+def _pipepager(generator: t.Iterable[str], cmd: str, color: t.Optional[bool]) -> None:
+    """Page through text by feeding it to another program.  Invoking a
+    pager through this might support colors.
+    """
+    import subprocess
+
+    env = dict(os.environ)
+
+    # If we're piping to less we might support colors under the
+    # condition that
+    cmd_detail = cmd.rsplit("/", 1)[-1].split()
+    if color is None and cmd_detail[0] == "less":
+        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_detail[1:])}"
+        if not less_flags:
+            env["LESS"] = "-R"
+            color = True
+        elif "r" in less_flags or "R" in less_flags:
+            color = True
+
+    c = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, env=env)
+    stdin = t.cast(t.BinaryIO, c.stdin)
+    encoding = get_best_encoding(stdin)
+    try:
+        for text in generator:
+            if not color:
+                text = strip_ansi(text)
+
+            stdin.write(text.encode(encoding, "replace"))
+    except (OSError, KeyboardInterrupt):
+        pass
+    else:
+        stdin.close()
+
+    # Less doesn't respect ^C, but catches it for its own UI purposes (aborting
+    # search or other commands inside less).
+    #
+    # That means when the user hits ^C, the parent process (click) terminates,
+    # but less is still alive, paging the output and messing up the terminal.
+    #
+    # If the user wants to make the pager exit on ^C, they should set
+    # `LESS='-K'`. It's not our decision to make.
+    while True:
+        try:
+            c.wait()
+        except KeyboardInterrupt:
+            pass
+        else:
+            break
+
+
+def _tempfilepager(
+    generator: t.Iterable[str], cmd: str, color: t.Optional[bool]
+) -> None:
+    """Page through text by invoking a program on a temporary file."""
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    # TODO: This never terminates if the passed generator never terminates.
+    text = "".join(generator)
+    if not color:
+        text = strip_ansi(text)
+    encoding = get_best_encoding(sys.stdout)
+    with open_stream(filename, "wb")[0] as f:
+        f.write(text.encode(encoding))
+    try:
+        os.system(f'{cmd} "{filename}"')
+    finally:
+        os.close(fd)
+        os.unlink(filename)
+
+
+def _nullpager(
+    stream: t.TextIO, generator: t.Iterable[str], color: t.Optional[bool]
+) -> None:
+    """Simply print unformatted text.  This is the ultimate fallback."""
+    for text in generator:
+        if not color:
+            text = strip_ansi(text)
+        stream.write(text)
+
+
+class Editor:
+    def __init__(
+        self,
+        editor: t.Optional[str] = None,
+        env: t.Optional[t.Mapping[str, str]] = None,
+        require_save: bool = True,
+        extension: str = ".txt",
+    ) -> None:
+        self.editor = editor
+        self.env = env
+        self.require_save = require_save
+        self.extension = extension
+
+    def get_editor(self) -> str:
+        if self.editor is not None:
+            return self.editor
+        for key in "VISUAL", "EDITOR":
+            rv = os.environ.get(key)
+            if rv:
+                return rv
+        if WIN:
+            return "notepad"
+        for editor in "sensible-editor", "vim", "nano":
+            if os.system(f"which {editor} >/dev/null 2>&1") == 0:
+                return editor
+        return "vi"
+
+    def edit_file(self, filename: str) -> None:
+        import subprocess
+
+        editor = self.get_editor()
+        environ: t.Optional[t.Dict[str, str]] = None
+
+        if self.env:
+            environ = os.environ.copy()
+            environ.update(self.env)
+
+        try:
+            c = subprocess.Popen(f'{editor} "{filename}"', env=environ, shell=True)
+            exit_code = c.wait()
+            if exit_code != 0:
+                raise ClickException(
+                    _("{editor}: Editing failed").format(editor=editor)
+                )
+        except OSError as e:
+            raise ClickException(
+                _("{editor}: Editing failed: {e}").format(editor=editor, e=e)
+            ) from e
+
+    def edit(self, text: t.Optional[t.AnyStr]) -> t.Optional[t.AnyStr]:
+        import tempfile
+
+        if not text:
+            data = b""
+        elif isinstance(text, (bytes, bytearray)):
+            data = text
+        else:
+            if text and not text.endswith("\n"):
+                text += "\n"
+
+            if WIN:
+                data = text.replace("\n", "\r\n").encode("utf-8-sig")
+            else:
+                data = text.encode("utf-8")
+
+        fd, name = tempfile.mkstemp(prefix="editor-", suffix=self.extension)
+        f: t.BinaryIO
+
+        try:
+            with os.fdopen(fd, "wb") as f:
+                f.write(data)
+
+            # If the filesystem resolution is 1 second, like Mac OS
+            # 10.12 Extended, or 2 seconds, like FAT32, and the editor
+            # closes very fast, require_save can fail. Set the modified
+            # time to be 2 seconds in the past to work around this.
+            os.utime(name, (os.path.getatime(name), os.path.getmtime(name) - 2))
+            # Depending on the resolution, the exact value might not be
+            # recorded, so get the new recorded value.
+            timestamp = os.path.getmtime(name)
+
+            self.edit_file(name)
+
+            if self.require_save and os.path.getmtime(name) == timestamp:
+                return None
+
+            with open(name, "rb") as f:
+                rv = f.read()
+
+            if isinstance(text, (bytes, bytearray)):
+                return rv
+
+            return rv.decode("utf-8-sig").replace("\r\n", "\n")  # type: ignore
+        finally:
+            os.unlink(name)
+
+
+def open_url(url: str, wait: bool = False, locate: bool = False) -> int:
+    import subprocess
+
+    def _unquote_file(url: str) -> str:
+        from urllib.parse import unquote
+
+        if url.startswith("file://"):
+            url = unquote(url[7:])
+
+        return url
+
+    if sys.platform == "darwin":
+        args = ["open"]
+        if wait:
+            args.append("-W")
+        if locate:
+            args.append("-R")
+        args.append(_unquote_file(url))
+        null = open("/dev/null", "w")
+        try:
+            return subprocess.Popen(args, stderr=null).wait()
+        finally:
+            null.close()
+    elif WIN:
+        if locate:
+            url = _unquote_file(url.replace('"', ""))
+            args = f'explorer /select,"{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "/WAIT" if wait else ""
+            args = f'start {wait_str} "" "{url}"'
+        return os.system(args)
+    elif CYGWIN:
+        if locate:
+            url = os.path.dirname(_unquote_file(url).replace('"', ""))
+            args = f'cygstart "{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "-w" if wait else ""
+            args = f'cygstart {wait_str} "{url}"'
+        return os.system(args)
+
+    try:
+        if locate:
+            url = os.path.dirname(_unquote_file(url)) or "."
+        else:
+            url = _unquote_file(url)
+        c = subprocess.Popen(["xdg-open", url])
+        if wait:
+            return c.wait()
+        return 0
+    except OSError:
+        if url.startswith(("http://", "https://")) and not locate and not wait:
+            import webbrowser
+
+            webbrowser.open(url)
+            return 0
+        return 1
+
+
+def _translate_ch_to_exc(ch: str) -> t.Optional[BaseException]:
+    if ch == "\x03":
+        raise KeyboardInterrupt()
+
+    if ch == "\x04" and not WIN:  # Unix-like, Ctrl+D
+        raise EOFError()
+
+    if ch == "\x1a" and WIN:  # Windows, Ctrl+Z
+        raise EOFError()
+
+    return None
+
+
+if WIN:
+    import msvcrt
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        yield -1
+
+    def getchar(echo: bool) -> str:
+        # The function `getch` will return a bytes object corresponding to
+        # the pressed character. Since Windows 10 build 1803, it will also
+        # return \x00 when called a second time after pressing a regular key.
+        #
+        # `getwch` does not share this probably-bugged behavior. Moreover, it
+        # returns a Unicode object by default, which is what we want.
+        #
+        # Either of these functions will return \x00 or \xe0 to indicate
+        # a special key, and you need to call the same function again to get
+        # the "rest" of the code. The fun part is that \u00e0 is
+        # "latin small letter a with grave", so if you type that on a French
+        # keyboard, you _also_ get a \xe0.
+        # E.g., consider the Up arrow. This returns \xe0 and then \x48. The
+        # resulting Unicode string reads as "a with grave" + "capital H".
+        # This is indistinguishable from when the user actually types
+        # "a with grave" and then "capital H".
+        #
+        # When \xe0 is returned, we assume it's part of a special-key sequence
+        # and call `getwch` again, but that means that when the user types
+        # the \u00e0 character, `getchar` doesn't return until a second
+        # character is typed.
+        # The alternative is returning immediately, but that would mess up
+        # cross-platform handling of arrow keys and others that start with
+        # \xe0. Another option is using `getch`, but then we can't reliably
+        # read non-ASCII characters, because return values of `getch` are
+        # limited to the current 8-bit codepage.
+        #
+        # Anyway, Click doesn't claim to do this Right(tm), and using `getwch`
+        # is doing the right thing in more situations than with `getch`.
+        func: t.Callable[[], str]
+
+        if echo:
+            func = msvcrt.getwche  # type: ignore
+        else:
+            func = msvcrt.getwch  # type: ignore
+
+        rv = func()
+
+        if rv in ("\x00", "\xe0"):
+            # \x00 and \xe0 are control characters that indicate special key,
+            # see above.
+            rv += func()
+
+        _translate_ch_to_exc(rv)
+        return rv
+
+else:
+    import tty
+    import termios
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        f: t.Optional[t.TextIO]
+        fd: int
+
+        if not isatty(sys.stdin):
+            f = open("/dev/tty")
+            fd = f.fileno()
+        else:
+            fd = sys.stdin.fileno()
+            f = None
+
+        try:
+            old_settings = termios.tcgetattr(fd)
+
+            try:
+                tty.setraw(fd)
+                yield fd
+            finally:
+                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                sys.stdout.flush()
+
+                if f is not None:
+                    f.close()
+        except termios.error:
+            pass
+
+    def getchar(echo: bool) -> str:
+        with raw_terminal() as fd:
+            ch = os.read(fd, 32).decode(get_best_encoding(sys.stdin), "replace")
+
+            if echo and isatty(sys.stdout):
+                sys.stdout.write(ch)
+
+            _translate_ch_to_exc(ch)
+            return ch
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/_textwrap.py b/lib/go-jinja2/internal/data/linux-arm64/click/_textwrap.py
new file mode 100644
index 000000000..b47dcbd42
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/_textwrap.py
@@ -0,0 +1,49 @@
+import textwrap
+import typing as t
+from contextlib import contextmanager
+
+
+class TextWrapper(textwrap.TextWrapper):
+    def _handle_long_word(
+        self,
+        reversed_chunks: t.List[str],
+        cur_line: t.List[str],
+        cur_len: int,
+        width: int,
+    ) -> None:
+        space_left = max(width - cur_len, 1)
+
+        if self.break_long_words:
+            last = reversed_chunks[-1]
+            cut = last[:space_left]
+            res = last[space_left:]
+            cur_line.append(cut)
+            reversed_chunks[-1] = res
+        elif not cur_line:
+            cur_line.append(reversed_chunks.pop())
+
+    @contextmanager
+    def extra_indent(self, indent: str) -> t.Iterator[None]:
+        old_initial_indent = self.initial_indent
+        old_subsequent_indent = self.subsequent_indent
+        self.initial_indent += indent
+        self.subsequent_indent += indent
+
+        try:
+            yield
+        finally:
+            self.initial_indent = old_initial_indent
+            self.subsequent_indent = old_subsequent_indent
+
+    def indent_only(self, text: str) -> str:
+        rv = []
+
+        for idx, line in enumerate(text.splitlines()):
+            indent = self.initial_indent
+
+            if idx > 0:
+                indent = self.subsequent_indent
+
+            rv.append(f"{indent}{line}")
+
+        return "\n".join(rv)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/_winconsole.py b/lib/go-jinja2/internal/data/linux-arm64/click/_winconsole.py
new file mode 100644
index 000000000..6b20df315
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/_winconsole.py
@@ -0,0 +1,279 @@
+# This module is based on the excellent work by Adam Bartoš who
+# provided a lot of what went into the implementation here in
+# the discussion to issue1602 in the Python bug tracker.
+#
+# There are some general differences in regards to how this works
+# compared to the original patches as we do not need to patch
+# the entire interpreter but just work in our little world of
+# echo and prompt.
+import io
+import sys
+import time
+import typing as t
+from ctypes import byref
+from ctypes import c_char
+from ctypes import c_char_p
+from ctypes import c_int
+from ctypes import c_ssize_t
+from ctypes import c_ulong
+from ctypes import c_void_p
+from ctypes import POINTER
+from ctypes import py_object
+from ctypes import Structure
+from ctypes.wintypes import DWORD
+from ctypes.wintypes import HANDLE
+from ctypes.wintypes import LPCWSTR
+from ctypes.wintypes import LPWSTR
+
+from ._compat import _NonClosingTextIOWrapper
+
+assert sys.platform == "win32"
+import msvcrt  # noqa: E402
+from ctypes import windll  # noqa: E402
+from ctypes import WINFUNCTYPE  # noqa: E402
+
+c_ssize_p = POINTER(c_ssize_t)
+
+kernel32 = windll.kernel32
+GetStdHandle = kernel32.GetStdHandle
+ReadConsoleW = kernel32.ReadConsoleW
+WriteConsoleW = kernel32.WriteConsoleW
+GetConsoleMode = kernel32.GetConsoleMode
+GetLastError = kernel32.GetLastError
+GetCommandLineW = WINFUNCTYPE(LPWSTR)(("GetCommandLineW", windll.kernel32))
+CommandLineToArgvW = WINFUNCTYPE(POINTER(LPWSTR), LPCWSTR, POINTER(c_int))(
+    ("CommandLineToArgvW", windll.shell32)
+)
+LocalFree = WINFUNCTYPE(c_void_p, c_void_p)(("LocalFree", windll.kernel32))
+
+STDIN_HANDLE = GetStdHandle(-10)
+STDOUT_HANDLE = GetStdHandle(-11)
+STDERR_HANDLE = GetStdHandle(-12)
+
+PyBUF_SIMPLE = 0
+PyBUF_WRITABLE = 1
+
+ERROR_SUCCESS = 0
+ERROR_NOT_ENOUGH_MEMORY = 8
+ERROR_OPERATION_ABORTED = 995
+
+STDIN_FILENO = 0
+STDOUT_FILENO = 1
+STDERR_FILENO = 2
+
+EOF = b"\x1a"
+MAX_BYTES_WRITTEN = 32767
+
+try:
+    from ctypes import pythonapi
+except ImportError:
+    # On PyPy we cannot get buffers so our ability to operate here is
+    # severely limited.
+    get_buffer = None
+else:
+
+    class Py_buffer(Structure):
+        _fields_ = [
+            ("buf", c_void_p),
+            ("obj", py_object),
+            ("len", c_ssize_t),
+            ("itemsize", c_ssize_t),
+            ("readonly", c_int),
+            ("ndim", c_int),
+            ("format", c_char_p),
+            ("shape", c_ssize_p),
+            ("strides", c_ssize_p),
+            ("suboffsets", c_ssize_p),
+            ("internal", c_void_p),
+        ]
+
+    PyObject_GetBuffer = pythonapi.PyObject_GetBuffer
+    PyBuffer_Release = pythonapi.PyBuffer_Release
+
+    def get_buffer(obj, writable=False):
+        buf = Py_buffer()
+        flags = PyBUF_WRITABLE if writable else PyBUF_SIMPLE
+        PyObject_GetBuffer(py_object(obj), byref(buf), flags)
+
+        try:
+            buffer_type = c_char * buf.len
+            return buffer_type.from_address(buf.buf)
+        finally:
+            PyBuffer_Release(byref(buf))
+
+
+class _WindowsConsoleRawIOBase(io.RawIOBase):
+    def __init__(self, handle):
+        self.handle = handle
+
+    def isatty(self):
+        super().isatty()
+        return True
+
+
+class _WindowsConsoleReader(_WindowsConsoleRawIOBase):
+    def readable(self):
+        return True
+
+    def readinto(self, b):
+        bytes_to_be_read = len(b)
+        if not bytes_to_be_read:
+            return 0
+        elif bytes_to_be_read % 2:
+            raise ValueError(
+                "cannot read odd number of bytes from UTF-16-LE encoded console"
+            )
+
+        buffer = get_buffer(b, writable=True)
+        code_units_to_be_read = bytes_to_be_read // 2
+        code_units_read = c_ulong()
+
+        rv = ReadConsoleW(
+            HANDLE(self.handle),
+            buffer,
+            code_units_to_be_read,
+            byref(code_units_read),
+            None,
+        )
+        if GetLastError() == ERROR_OPERATION_ABORTED:
+            # wait for KeyboardInterrupt
+            time.sleep(0.1)
+        if not rv:
+            raise OSError(f"Windows error: {GetLastError()}")
+
+        if buffer[0] == EOF:
+            return 0
+        return 2 * code_units_read.value
+
+
+class _WindowsConsoleWriter(_WindowsConsoleRawIOBase):
+    def writable(self):
+        return True
+
+    @staticmethod
+    def _get_error_message(errno):
+        if errno == ERROR_SUCCESS:
+            return "ERROR_SUCCESS"
+        elif errno == ERROR_NOT_ENOUGH_MEMORY:
+            return "ERROR_NOT_ENOUGH_MEMORY"
+        return f"Windows error {errno}"
+
+    def write(self, b):
+        bytes_to_be_written = len(b)
+        buf = get_buffer(b)
+        code_units_to_be_written = min(bytes_to_be_written, MAX_BYTES_WRITTEN) // 2
+        code_units_written = c_ulong()
+
+        WriteConsoleW(
+            HANDLE(self.handle),
+            buf,
+            code_units_to_be_written,
+            byref(code_units_written),
+            None,
+        )
+        bytes_written = 2 * code_units_written.value
+
+        if bytes_written == 0 and bytes_to_be_written > 0:
+            raise OSError(self._get_error_message(GetLastError()))
+        return bytes_written
+
+
+class ConsoleStream:
+    def __init__(self, text_stream: t.TextIO, byte_stream: t.BinaryIO) -> None:
+        self._text_stream = text_stream
+        self.buffer = byte_stream
+
+    @property
+    def name(self) -> str:
+        return self.buffer.name
+
+    def write(self, x: t.AnyStr) -> int:
+        if isinstance(x, str):
+            return self._text_stream.write(x)
+        try:
+            self.flush()
+        except Exception:
+            pass
+        return self.buffer.write(x)
+
+    def writelines(self, lines: t.Iterable[t.AnyStr]) -> None:
+        for line in lines:
+            self.write(line)
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._text_stream, name)
+
+    def isatty(self) -> bool:
+        return self.buffer.isatty()
+
+    def __repr__(self):
+        return f"<ConsoleStream name={self.name!r} encoding={self.encoding!r}>"
+
+
+def _get_text_stdin(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedReader(_WindowsConsoleReader(STDIN_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stdout(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDOUT_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stderr(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDERR_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+_stream_factories: t.Mapping[int, t.Callable[[t.BinaryIO], t.TextIO]] = {
+    0: _get_text_stdin,
+    1: _get_text_stdout,
+    2: _get_text_stderr,
+}
+
+
+def _is_console(f: t.TextIO) -> bool:
+    if not hasattr(f, "fileno"):
+        return False
+
+    try:
+        fileno = f.fileno()
+    except (OSError, io.UnsupportedOperation):
+        return False
+
+    handle = msvcrt.get_osfhandle(fileno)
+    return bool(GetConsoleMode(handle, byref(DWORD())))
+
+
+def _get_windows_console_stream(
+    f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> t.Optional[t.TextIO]:
+    if (
+        get_buffer is not None
+        and encoding in {"utf-16-le", None}
+        and errors in {"strict", None}
+        and _is_console(f)
+    ):
+        func = _stream_factories.get(f.fileno())
+        if func is not None:
+            b = getattr(f, "buffer", None)
+
+            if b is None:
+                return None
+
+            return func(b)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/core.py b/lib/go-jinja2/internal/data/linux-arm64/click/core.py
new file mode 100644
index 000000000..cc65e896b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/core.py
@@ -0,0 +1,3042 @@
+import enum
+import errno
+import inspect
+import os
+import sys
+import typing as t
+from collections import abc
+from contextlib import contextmanager
+from contextlib import ExitStack
+from functools import update_wrapper
+from gettext import gettext as _
+from gettext import ngettext
+from itertools import repeat
+from types import TracebackType
+
+from . import types
+from .exceptions import Abort
+from .exceptions import BadParameter
+from .exceptions import ClickException
+from .exceptions import Exit
+from .exceptions import MissingParameter
+from .exceptions import UsageError
+from .formatting import HelpFormatter
+from .formatting import join_options
+from .globals import pop_context
+from .globals import push_context
+from .parser import _flag_needs_value
+from .parser import OptionParser
+from .parser import split_opt
+from .termui import confirm
+from .termui import prompt
+from .termui import style
+from .utils import _detect_program_name
+from .utils import _expand_args
+from .utils import echo
+from .utils import make_default_short_help
+from .utils import make_str
+from .utils import PacifyFlushWrapper
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .shell_completion import CompletionItem
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+V = t.TypeVar("V")
+
+
+def _complete_visible_commands(
+    ctx: "Context", incomplete: str
+) -> t.Iterator[t.Tuple[str, "Command"]]:
+    """List all the subcommands of a group that start with the
+    incomplete value and aren't hidden.
+
+    :param ctx: Invocation context for the group.
+    :param incomplete: Value being completed. May be empty.
+    """
+    multi = t.cast(MultiCommand, ctx.command)
+
+    for name in multi.list_commands(ctx):
+        if name.startswith(incomplete):
+            command = multi.get_command(ctx, name)
+
+            if command is not None and not command.hidden:
+                yield name, command
+
+
+def _check_multicommand(
+    base_command: "MultiCommand", cmd_name: str, cmd: "Command", register: bool = False
+) -> None:
+    if not base_command.chain or not isinstance(cmd, MultiCommand):
+        return
+    if register:
+        hint = (
+            "It is not possible to add multi commands as children to"
+            " another multi command that is in chain mode."
+        )
+    else:
+        hint = (
+            "Found a multi command as subcommand to a multi command"
+            " that is in chain mode. This is not supported."
+        )
+    raise RuntimeError(
+        f"{hint}. Command {base_command.name!r} is set to chain and"
+        f" {cmd_name!r} was added as a subcommand but it in itself is a"
+        f" multi command. ({cmd_name!r} is a {type(cmd).__name__}"
+        f" within a chained {type(base_command).__name__} named"
+        f" {base_command.name!r})."
+    )
+
+
+def batch(iterable: t.Iterable[V], batch_size: int) -> t.List[t.Tuple[V, ...]]:
+    return list(zip(*repeat(iter(iterable), batch_size)))
+
+
+@contextmanager
+def augment_usage_errors(
+    ctx: "Context", param: t.Optional["Parameter"] = None
+) -> t.Iterator[None]:
+    """Context manager that attaches extra information to exceptions."""
+    try:
+        yield
+    except BadParameter as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        if param is not None and e.param is None:
+            e.param = param
+        raise
+    except UsageError as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        raise
+
+
+def iter_params_for_processing(
+    invocation_order: t.Sequence["Parameter"],
+    declaration_order: t.Sequence["Parameter"],
+) -> t.List["Parameter"]:
+    """Given a sequence of parameters in the order as should be considered
+    for processing and an iterable of parameters that exist, this returns
+    a list in the correct order as they should be processed.
+    """
+
+    def sort_key(item: "Parameter") -> t.Tuple[bool, float]:
+        try:
+            idx: float = invocation_order.index(item)
+        except ValueError:
+            idx = float("inf")
+
+        return not item.is_eager, idx
+
+    return sorted(declaration_order, key=sort_key)
+
+
+class ParameterSource(enum.Enum):
+    """This is an :class:`~enum.Enum` that indicates the source of a
+    parameter's value.
+
+    Use :meth:`click.Context.get_parameter_source` to get the
+    source for a parameter by name.
+
+    .. versionchanged:: 8.0
+        Use :class:`~enum.Enum` and drop the ``validate`` method.
+
+    .. versionchanged:: 8.0
+        Added the ``PROMPT`` value.
+    """
+
+    COMMANDLINE = enum.auto()
+    """The value was provided by the command line args."""
+    ENVIRONMENT = enum.auto()
+    """The value was provided with an environment variable."""
+    DEFAULT = enum.auto()
+    """Used the default specified by the parameter."""
+    DEFAULT_MAP = enum.auto()
+    """Used a default provided by :attr:`Context.default_map`."""
+    PROMPT = enum.auto()
+    """Used a prompt to confirm a default or provide a value."""
+
+
+class Context:
+    """The context is a special internal object that holds state relevant
+    for the script execution at every single level.  It's normally invisible
+    to commands unless they opt-in to getting access to it.
+
+    The context is useful as it can pass internal objects around and can
+    control special execution features such as reading data from
+    environment variables.
+
+    A context can be used as context manager in which case it will call
+    :meth:`close` on teardown.
+
+    :param command: the command class for this context.
+    :param parent: the parent context.
+    :param info_name: the info name for this invocation.  Generally this
+                      is the most descriptive name for the script or
+                      command.  For the toplevel script it is usually
+                      the name of the script, for commands below it it's
+                      the name of the script.
+    :param obj: an arbitrary object of user data.
+    :param auto_envvar_prefix: the prefix to use for automatic environment
+                               variables.  If this is `None` then reading
+                               from environment variables is disabled.  This
+                               does not affect manually set environment
+                               variables which are always read.
+    :param default_map: a dictionary (like object) with default values
+                        for parameters.
+    :param terminal_width: the width of the terminal.  The default is
+                           inherit from parent context.  If no context
+                           defines the terminal width then auto
+                           detection will be applied.
+    :param max_content_width: the maximum width for content rendered by
+                              Click (this currently only affects help
+                              pages).  This defaults to 80 characters if
+                              not overridden.  In other words: even if the
+                              terminal is larger than that, Click will not
+                              format things wider than 80 characters by
+                              default.  In addition to that, formatters might
+                              add some safety mapping on the right.
+    :param resilient_parsing: if this flag is enabled then Click will
+                              parse without any interactivity or callback
+                              invocation.  Default values will also be
+                              ignored.  This is useful for implementing
+                              things such as completion support.
+    :param allow_extra_args: if this is set to `True` then extra arguments
+                             at the end will not raise an error and will be
+                             kept on the context.  The default is to inherit
+                             from the command.
+    :param allow_interspersed_args: if this is set to `False` then options
+                                    and arguments cannot be mixed.  The
+                                    default is to inherit from the command.
+    :param ignore_unknown_options: instructs click to ignore options it does
+                                   not know and keeps them for later
+                                   processing.
+    :param help_option_names: optionally a list of strings that define how
+                              the default help parameter is named.  The
+                              default is ``['--help']``.
+    :param token_normalize_func: an optional function that is used to
+                                 normalize tokens (options, choices,
+                                 etc.).  This for instance can be used to
+                                 implement case insensitive behavior.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are used in texts that Click prints which is by
+                  default not the case.  This for instance would affect
+                  help output.
+    :param show_default: Show the default value for commands. If this
+        value is not set, it defaults to the value from the parent
+        context. ``Command.show_default`` overrides this default for the
+        specific command.
+
+    .. versionchanged:: 8.1
+        The ``show_default`` parameter is overridden by
+        ``Command.show_default``, instead of the other way around.
+
+    .. versionchanged:: 8.0
+        The ``show_default`` parameter defaults to the value from the
+        parent context.
+
+    .. versionchanged:: 7.1
+       Added the ``show_default`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color``, ``ignore_unknown_options``, and
+        ``max_content_width`` parameters.
+
+    .. versionchanged:: 3.0
+        Added the ``allow_extra_args`` and ``allow_interspersed_args``
+        parameters.
+
+    .. versionchanged:: 2.0
+        Added the ``resilient_parsing``, ``help_option_names``, and
+        ``token_normalize_func`` parameters.
+    """
+
+    #: The formatter class to create with :meth:`make_formatter`.
+    #:
+    #: .. versionadded:: 8.0
+    formatter_class: t.Type["HelpFormatter"] = HelpFormatter
+
+    def __init__(
+        self,
+        command: "Command",
+        parent: t.Optional["Context"] = None,
+        info_name: t.Optional[str] = None,
+        obj: t.Optional[t.Any] = None,
+        auto_envvar_prefix: t.Optional[str] = None,
+        default_map: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        terminal_width: t.Optional[int] = None,
+        max_content_width: t.Optional[int] = None,
+        resilient_parsing: bool = False,
+        allow_extra_args: t.Optional[bool] = None,
+        allow_interspersed_args: t.Optional[bool] = None,
+        ignore_unknown_options: t.Optional[bool] = None,
+        help_option_names: t.Optional[t.List[str]] = None,
+        token_normalize_func: t.Optional[t.Callable[[str], str]] = None,
+        color: t.Optional[bool] = None,
+        show_default: t.Optional[bool] = None,
+    ) -> None:
+        #: the parent context or `None` if none exists.
+        self.parent = parent
+        #: the :class:`Command` for this context.
+        self.command = command
+        #: the descriptive information name
+        self.info_name = info_name
+        #: Map of parameter names to their parsed values. Parameters
+        #: with ``expose_value=False`` are not stored.
+        self.params: t.Dict[str, t.Any] = {}
+        #: the leftover arguments.
+        self.args: t.List[str] = []
+        #: protected arguments.  These are arguments that are prepended
+        #: to `args` when certain parsing scenarios are encountered but
+        #: must be never propagated to another arguments.  This is used
+        #: to implement nested parsing.
+        self.protected_args: t.List[str] = []
+        #: the collected prefixes of the command's options.
+        self._opt_prefixes: t.Set[str] = set(parent._opt_prefixes) if parent else set()
+
+        if obj is None and parent is not None:
+            obj = parent.obj
+
+        #: the user object stored.
+        self.obj: t.Any = obj
+        self._meta: t.Dict[str, t.Any] = getattr(parent, "meta", {})
+
+        #: A dictionary (-like object) with defaults for parameters.
+        if (
+            default_map is None
+            and info_name is not None
+            and parent is not None
+            and parent.default_map is not None
+        ):
+            default_map = parent.default_map.get(info_name)
+
+        self.default_map: t.Optional[t.MutableMapping[str, t.Any]] = default_map
+
+        #: This flag indicates if a subcommand is going to be executed. A
+        #: group callback can use this information to figure out if it's
+        #: being executed directly or because the execution flow passes
+        #: onwards to a subcommand. By default it's None, but it can be
+        #: the name of the subcommand to execute.
+        #:
+        #: If chaining is enabled this will be set to ``'*'`` in case
+        #: any commands are executed.  It is however not possible to
+        #: figure out which ones.  If you require this knowledge you
+        #: should use a :func:`result_callback`.
+        self.invoked_subcommand: t.Optional[str] = None
+
+        if terminal_width is None and parent is not None:
+            terminal_width = parent.terminal_width
+
+        #: The width of the terminal (None is autodetection).
+        self.terminal_width: t.Optional[int] = terminal_width
+
+        if max_content_width is None and parent is not None:
+            max_content_width = parent.max_content_width
+
+        #: The maximum width of formatted content (None implies a sensible
+        #: default which is 80 for most things).
+        self.max_content_width: t.Optional[int] = max_content_width
+
+        if allow_extra_args is None:
+            allow_extra_args = command.allow_extra_args
+
+        #: Indicates if the context allows extra args or if it should
+        #: fail on parsing.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_extra_args = allow_extra_args
+
+        if allow_interspersed_args is None:
+            allow_interspersed_args = command.allow_interspersed_args
+
+        #: Indicates if the context allows mixing of arguments and
+        #: options or not.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_interspersed_args: bool = allow_interspersed_args
+
+        if ignore_unknown_options is None:
+            ignore_unknown_options = command.ignore_unknown_options
+
+        #: Instructs click to ignore options that a command does not
+        #: understand and will store it on the context for later
+        #: processing.  This is primarily useful for situations where you
+        #: want to call into external programs.  Generally this pattern is
+        #: strongly discouraged because it's not possibly to losslessly
+        #: forward all arguments.
+        #:
+        #: .. versionadded:: 4.0
+        self.ignore_unknown_options: bool = ignore_unknown_options
+
+        if help_option_names is None:
+            if parent is not None:
+                help_option_names = parent.help_option_names
+            else:
+                help_option_names = ["--help"]
+
+        #: The names for the help options.
+        self.help_option_names: t.List[str] = help_option_names
+
+        if token_normalize_func is None and parent is not None:
+            token_normalize_func = parent.token_normalize_func
+
+        #: An optional normalization function for tokens.  This is
+        #: options, choices, commands etc.
+        self.token_normalize_func: t.Optional[
+            t.Callable[[str], str]
+        ] = token_normalize_func
+
+        #: Indicates if resilient parsing is enabled.  In that case Click
+        #: will do its best to not cause any failures and default values
+        #: will be ignored. Useful for completion.
+        self.resilient_parsing: bool = resilient_parsing
+
+        # If there is no envvar prefix yet, but the parent has one and
+        # the command on this level has a name, we can expand the envvar
+        # prefix automatically.
+        if auto_envvar_prefix is None:
+            if (
+                parent is not None
+                and parent.auto_envvar_prefix is not None
+                and self.info_name is not None
+            ):
+                auto_envvar_prefix = (
+                    f"{parent.auto_envvar_prefix}_{self.info_name.upper()}"
+                )
+        else:
+            auto_envvar_prefix = auto_envvar_prefix.upper()
+
+        if auto_envvar_prefix is not None:
+            auto_envvar_prefix = auto_envvar_prefix.replace("-", "_")
+
+        self.auto_envvar_prefix: t.Optional[str] = auto_envvar_prefix
+
+        if color is None and parent is not None:
+            color = parent.color
+
+        #: Controls if styling output is wanted or not.
+        self.color: t.Optional[bool] = color
+
+        if show_default is None and parent is not None:
+            show_default = parent.show_default
+
+        #: Show option default values when formatting help text.
+        self.show_default: t.Optional[bool] = show_default
+
+        self._close_callbacks: t.List[t.Callable[[], t.Any]] = []
+        self._depth = 0
+        self._parameter_source: t.Dict[str, ParameterSource] = {}
+        self._exit_stack = ExitStack()
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire CLI
+        structure.
+
+        .. code-block:: python
+
+            with Context(cli) as ctx:
+                info = ctx.to_info_dict()
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "command": self.command.to_info_dict(self),
+            "info_name": self.info_name,
+            "allow_extra_args": self.allow_extra_args,
+            "allow_interspersed_args": self.allow_interspersed_args,
+            "ignore_unknown_options": self.ignore_unknown_options,
+            "auto_envvar_prefix": self.auto_envvar_prefix,
+        }
+
+    def __enter__(self) -> "Context":
+        self._depth += 1
+        push_context(self)
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self._depth -= 1
+        if self._depth == 0:
+            self.close()
+        pop_context()
+
+    @contextmanager
+    def scope(self, cleanup: bool = True) -> t.Iterator["Context"]:
+        """This helper method can be used with the context object to promote
+        it to the current thread local (see :func:`get_current_context`).
+        The default behavior of this is to invoke the cleanup functions which
+        can be disabled by setting `cleanup` to `False`.  The cleanup
+        functions are typically used for things such as closing file handles.
+
+        If the cleanup is intended the context object can also be directly
+        used as a context manager.
+
+        Example usage::
+
+            with ctx.scope():
+                assert get_current_context() is ctx
+
+        This is equivalent::
+
+            with ctx:
+                assert get_current_context() is ctx
+
+        .. versionadded:: 5.0
+
+        :param cleanup: controls if the cleanup functions should be run or
+                        not.  The default is to run these functions.  In
+                        some situations the context only wants to be
+                        temporarily pushed in which case this can be disabled.
+                        Nested pushes automatically defer the cleanup.
+        """
+        if not cleanup:
+            self._depth += 1
+        try:
+            with self as rv:
+                yield rv
+        finally:
+            if not cleanup:
+                self._depth -= 1
+
+    @property
+    def meta(self) -> t.Dict[str, t.Any]:
+        """This is a dictionary which is shared with all the contexts
+        that are nested.  It exists so that click utilities can store some
+        state here if they need to.  It is however the responsibility of
+        that code to manage this dictionary well.
+
+        The keys are supposed to be unique dotted strings.  For instance
+        module paths are a good choice for it.  What is stored in there is
+        irrelevant for the operation of click.  However what is important is
+        that code that places data here adheres to the general semantics of
+        the system.
+
+        Example usage::
+
+            LANG_KEY = f'{__name__}.lang'
+
+            def set_language(value):
+                ctx = get_current_context()
+                ctx.meta[LANG_KEY] = value
+
+            def get_language():
+                return get_current_context().meta.get(LANG_KEY, 'en_US')
+
+        .. versionadded:: 5.0
+        """
+        return self._meta
+
+    def make_formatter(self) -> HelpFormatter:
+        """Creates the :class:`~click.HelpFormatter` for the help and
+        usage output.
+
+        To quickly customize the formatter class used without overriding
+        this method, set the :attr:`formatter_class` attribute.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`formatter_class` attribute.
+        """
+        return self.formatter_class(
+            width=self.terminal_width, max_width=self.max_content_width
+        )
+
+    def with_resource(self, context_manager: t.ContextManager[V]) -> V:
+        """Register a resource as if it were used in a ``with``
+        statement. The resource will be cleaned up when the context is
+        popped.
+
+        Uses :meth:`contextlib.ExitStack.enter_context`. It calls the
+        resource's ``__enter__()`` method and returns the result. When
+        the context is popped, it closes the stack, which calls the
+        resource's ``__exit__()`` method.
+
+        To register a cleanup function for something that isn't a
+        context manager, use :meth:`call_on_close`. Or use something
+        from :mod:`contextlib` to turn it into a context manager first.
+
+        .. code-block:: python
+
+            @click.group()
+            @click.option("--name")
+            @click.pass_context
+            def cli(ctx):
+                ctx.obj = ctx.with_resource(connect_db(name))
+
+        :param context_manager: The context manager to enter.
+        :return: Whatever ``context_manager.__enter__()`` returns.
+
+        .. versionadded:: 8.0
+        """
+        return self._exit_stack.enter_context(context_manager)
+
+    def call_on_close(self, f: t.Callable[..., t.Any]) -> t.Callable[..., t.Any]:
+        """Register a function to be called when the context tears down.
+
+        This can be used to close resources opened during the script
+        execution. Resources that support Python's context manager
+        protocol which would be used in a ``with`` statement should be
+        registered with :meth:`with_resource` instead.
+
+        :param f: The function to execute on teardown.
+        """
+        return self._exit_stack.callback(f)
+
+    def close(self) -> None:
+        """Invoke all close callbacks registered with
+        :meth:`call_on_close`, and exit all context managers entered
+        with :meth:`with_resource`.
+        """
+        self._exit_stack.close()
+        # In case the context is reused, create a new exit stack.
+        self._exit_stack = ExitStack()
+
+    @property
+    def command_path(self) -> str:
+        """The computed command path.  This is used for the ``usage``
+        information on the help page.  It's automatically created by
+        combining the info names of the chain of contexts to the root.
+        """
+        rv = ""
+        if self.info_name is not None:
+            rv = self.info_name
+        if self.parent is not None:
+            parent_command_path = [self.parent.command_path]
+
+            if isinstance(self.parent.command, Command):
+                for param in self.parent.command.get_params(self):
+                    parent_command_path.extend(param.get_usage_pieces(self))
+
+            rv = f"{' '.join(parent_command_path)} {rv}"
+        return rv.lstrip()
+
+    def find_root(self) -> "Context":
+        """Finds the outermost context."""
+        node = self
+        while node.parent is not None:
+            node = node.parent
+        return node
+
+    def find_object(self, object_type: t.Type[V]) -> t.Optional[V]:
+        """Finds the closest object of a given type."""
+        node: t.Optional["Context"] = self
+
+        while node is not None:
+            if isinstance(node.obj, object_type):
+                return node.obj
+
+            node = node.parent
+
+        return None
+
+    def ensure_object(self, object_type: t.Type[V]) -> V:
+        """Like :meth:`find_object` but sets the innermost object to a
+        new instance of `object_type` if it does not exist.
+        """
+        rv = self.find_object(object_type)
+        if rv is None:
+            self.obj = rv = object_type()
+        return rv
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[False]" = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def lookup_default(self, name: str, call: bool = True) -> t.Optional[t.Any]:
+        """Get the default for a parameter from :attr:`default_map`.
+
+        :param name: Name of the parameter.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        if self.default_map is not None:
+            value = self.default_map.get(name)
+
+            if call and callable(value):
+                return value()
+
+            return value
+
+        return None
+
+    def fail(self, message: str) -> "te.NoReturn":
+        """Aborts the execution of the program with a specific error
+        message.
+
+        :param message: the error message to fail with.
+        """
+        raise UsageError(message, self)
+
+    def abort(self) -> "te.NoReturn":
+        """Aborts the script."""
+        raise Abort()
+
+    def exit(self, code: int = 0) -> "te.NoReturn":
+        """Exits the application with a given exit code."""
+        raise Exit(code)
+
+    def get_usage(self) -> str:
+        """Helper method to get formatted usage string for the current
+        context and command.
+        """
+        return self.command.get_usage(self)
+
+    def get_help(self) -> str:
+        """Helper method to get formatted help page for the current
+        context and command.
+        """
+        return self.command.get_help(self)
+
+    def _make_sub_context(self, command: "Command") -> "Context":
+        """Create a new context of the same type as this context, but
+        for a new command.
+
+        :meta private:
+        """
+        return type(self)(command, info_name=command.name, parent=self)
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "t.Callable[..., V]",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> V:
+        ...
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "Command",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        ...
+
+    def invoke(
+        __self,  # noqa: B902
+        __callback: t.Union["Command", "t.Callable[..., V]"],
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Union[t.Any, V]:
+        """Invokes a command callback in exactly the way it expects.  There
+        are two ways to invoke this method:
+
+        1.  the first argument can be a callback and all other arguments and
+            keyword arguments are forwarded directly to the function.
+        2.  the first argument is a click command object.  In that case all
+            arguments are forwarded as well but proper click parameters
+            (options and click arguments) must be keyword arguments and Click
+            will fill in defaults.
+
+        Note that before Click 3.2 keyword arguments were not properly filled
+        in against the intention of this code and no context was created.  For
+        more information about this change and why it was done in a bugfix
+        release see :ref:`upgrade-to-3.2`.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if :meth:`forward` is called at multiple levels.
+        """
+        if isinstance(__callback, Command):
+            other_cmd = __callback
+
+            if other_cmd.callback is None:
+                raise TypeError(
+                    "The given command does not have a callback that can be invoked."
+                )
+            else:
+                __callback = t.cast("t.Callable[..., V]", other_cmd.callback)
+
+            ctx = __self._make_sub_context(other_cmd)
+
+            for param in other_cmd.params:
+                if param.name not in kwargs and param.expose_value:
+                    kwargs[param.name] = param.type_cast_value(  # type: ignore
+                        ctx, param.get_default(ctx)
+                    )
+
+            # Track all kwargs as params, so that forward() will pass
+            # them on in subsequent calls.
+            ctx.params.update(kwargs)
+        else:
+            ctx = __self
+
+        with augment_usage_errors(__self):
+            with ctx:
+                return __callback(*args, **kwargs)
+
+    def forward(
+        __self, __cmd: "Command", *args: t.Any, **kwargs: t.Any  # noqa: B902
+    ) -> t.Any:
+        """Similar to :meth:`invoke` but fills in default keyword
+        arguments from the current context if the other command expects
+        it.  This cannot invoke callbacks directly, only other commands.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if ``forward`` is called at multiple levels.
+        """
+        # Can only forward to other commands, not direct callbacks.
+        if not isinstance(__cmd, Command):
+            raise TypeError("Callback is not a command.")
+
+        for param in __self.params:
+            if param not in kwargs:
+                kwargs[param] = __self.params[param]
+
+        return __self.invoke(__cmd, *args, **kwargs)
+
+    def set_parameter_source(self, name: str, source: ParameterSource) -> None:
+        """Set the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        :param name: The name of the parameter.
+        :param source: A member of :class:`~click.core.ParameterSource`.
+        """
+        self._parameter_source[name] = source
+
+    def get_parameter_source(self, name: str) -> t.Optional[ParameterSource]:
+        """Get the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        This can be useful for determining when a user specified a value
+        on the command line that is the same as the default value. It
+        will be :attr:`~click.core.ParameterSource.DEFAULT` only if the
+        value was actually taken from the default.
+
+        :param name: The name of the parameter.
+        :rtype: ParameterSource
+
+        .. versionchanged:: 8.0
+            Returns ``None`` if the parameter was not provided from any
+            source.
+        """
+        return self._parameter_source.get(name)
+
+
+class BaseCommand:
+    """The base command implements the minimal API contract of commands.
+    Most code will never use this as it does not implement a lot of useful
+    functionality but it can act as the direct subclass of alternative
+    parsing methods that do not depend on the Click parser.
+
+    For instance, this can be used to bridge Click and other systems like
+    argparse or docopt.
+
+    Because base commands do not implement a lot of the API that other
+    parts of Click take for granted, they are not supported for all
+    operations.  For instance, they cannot be used with the decorators
+    usually and they have no built-in callback system.
+
+    .. versionchanged:: 2.0
+       Added the `context_settings` parameter.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    """
+
+    #: The context class to create with :meth:`make_context`.
+    #:
+    #: .. versionadded:: 8.0
+    context_class: t.Type[Context] = Context
+    #: the default for the :attr:`Context.allow_extra_args` flag.
+    allow_extra_args = False
+    #: the default for the :attr:`Context.allow_interspersed_args` flag.
+    allow_interspersed_args = True
+    #: the default for the :attr:`Context.ignore_unknown_options` flag.
+    ignore_unknown_options = False
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> None:
+        #: the name the command thinks it has.  Upon registering a command
+        #: on a :class:`Group` the group will default the command name
+        #: with this information.  You should instead use the
+        #: :class:`Context`\'s :attr:`~Context.info_name` attribute.
+        self.name = name
+
+        if context_settings is None:
+            context_settings = {}
+
+        #: an optional dictionary with defaults passed to the context.
+        self.context_settings: t.MutableMapping[str, t.Any] = context_settings
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire structure
+        below this command.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        :param ctx: A :class:`Context` representing this command.
+
+        .. versionadded:: 8.0
+        """
+        return {"name": self.name}
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def get_usage(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get usage")
+
+    def get_help(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get help")
+
+    def make_context(
+        self,
+        info_name: t.Optional[str],
+        args: t.List[str],
+        parent: t.Optional[Context] = None,
+        **extra: t.Any,
+    ) -> Context:
+        """This function when given an info name and arguments will kick
+        off the parsing and create a new :class:`Context`.  It does not
+        invoke the actual command callback though.
+
+        To quickly customize the context class used without overriding
+        this method, set the :attr:`context_class` attribute.
+
+        :param info_name: the info name for this invocation.  Generally this
+                          is the most descriptive name for the script or
+                          command.  For the toplevel script it's usually
+                          the name of the script, for commands below it's
+                          the name of the command.
+        :param args: the arguments to parse as list of strings.
+        :param parent: the parent context if available.
+        :param extra: extra keyword arguments forwarded to the context
+                      constructor.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`context_class` attribute.
+        """
+        for key, value in self.context_settings.items():
+            if key not in extra:
+                extra[key] = value
+
+        ctx = self.context_class(
+            self, info_name=info_name, parent=parent, **extra  # type: ignore
+        )
+
+        with ctx.scope(cleanup=False):
+            self.parse_args(ctx, args)
+        return ctx
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        """Given a context and a list of arguments this creates the parser
+        and parses the arguments, then modifies the context as necessary.
+        This is automatically invoked by :meth:`make_context`.
+        """
+        raise NotImplementedError("Base commands do not know how to parse arguments.")
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the command.  The default
+        implementation is raising a not implemented error.
+        """
+        raise NotImplementedError("Base commands are not invocable by default")
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of chained multi-commands.
+
+        Any command could be part of a chained multi-command, so sibling
+        commands are valid at any point during command completion. Other
+        command classes will return more completions.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        while ctx.parent is not None:
+            ctx = ctx.parent
+
+            if isinstance(ctx.command, MultiCommand) and ctx.command.chain:
+                results.extend(
+                    CompletionItem(name, help=command.get_short_help_str())
+                    for name, command in _complete_visible_commands(ctx, incomplete)
+                    if name not in ctx.protected_args
+                )
+
+        return results
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: "te.Literal[True]" = True,
+        **extra: t.Any,
+    ) -> "te.NoReturn":
+        ...
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = ...,
+        **extra: t.Any,
+    ) -> t.Any:
+        ...
+
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = True,
+        windows_expand_args: bool = True,
+        **extra: t.Any,
+    ) -> t.Any:
+        """This is the way to invoke a script with all the bells and
+        whistles as a command line application.  This will always terminate
+        the application after a call.  If this is not wanted, ``SystemExit``
+        needs to be caught.
+
+        This method is also available by directly calling the instance of
+        a :class:`Command`.
+
+        :param args: the arguments that should be used for parsing.  If not
+                     provided, ``sys.argv[1:]`` is used.
+        :param prog_name: the program name that should be used.  By default
+                          the program name is constructed by taking the file
+                          name from ``sys.argv[0]``.
+        :param complete_var: the environment variable that controls the
+                             bash completion support.  The default is
+                             ``"_<prog_name>_COMPLETE"`` with prog_name in
+                             uppercase.
+        :param standalone_mode: the default behavior is to invoke the script
+                                in standalone mode.  Click will then
+                                handle exceptions and convert them into
+                                error messages and the function will never
+                                return but shut down the interpreter.  If
+                                this is set to `False` they will be
+                                propagated to the caller and the return
+                                value of this function is the return value
+                                of :meth:`invoke`.
+        :param windows_expand_args: Expand glob patterns, user dir, and
+            env vars in command line args on Windows.
+        :param extra: extra keyword arguments are forwarded to the context
+                      constructor.  See :class:`Context` for more information.
+
+        .. versionchanged:: 8.0.1
+            Added the ``windows_expand_args`` parameter to allow
+            disabling command line arg expansion on Windows.
+
+        .. versionchanged:: 8.0
+            When taking arguments from ``sys.argv`` on Windows, glob
+            patterns, user dir, and env vars are expanded.
+
+        .. versionchanged:: 3.0
+           Added the ``standalone_mode`` parameter.
+        """
+        if args is None:
+            args = sys.argv[1:]
+
+            if os.name == "nt" and windows_expand_args:
+                args = _expand_args(args)
+        else:
+            args = list(args)
+
+        if prog_name is None:
+            prog_name = _detect_program_name()
+
+        # Process shell completion requests and exit early.
+        self._main_shell_completion(extra, prog_name, complete_var)
+
+        try:
+            try:
+                with self.make_context(prog_name, args, **extra) as ctx:
+                    rv = self.invoke(ctx)
+                    if not standalone_mode:
+                        return rv
+                    # it's not safe to `ctx.exit(rv)` here!
+                    # note that `rv` may actually contain data like "1" which
+                    # has obvious effects
+                    # more subtle case: `rv=[None, None]` can come out of
+                    # chained commands which all returned `None` -- so it's not
+                    # even always obvious that `rv` indicates success/failure
+                    # by its truthiness/falsiness
+                    ctx.exit()
+            except (EOFError, KeyboardInterrupt) as e:
+                echo(file=sys.stderr)
+                raise Abort() from e
+            except ClickException as e:
+                if not standalone_mode:
+                    raise
+                e.show()
+                sys.exit(e.exit_code)
+            except OSError as e:
+                if e.errno == errno.EPIPE:
+                    sys.stdout = t.cast(t.TextIO, PacifyFlushWrapper(sys.stdout))
+                    sys.stderr = t.cast(t.TextIO, PacifyFlushWrapper(sys.stderr))
+                    sys.exit(1)
+                else:
+                    raise
+        except Exit as e:
+            if standalone_mode:
+                sys.exit(e.exit_code)
+            else:
+                # in non-standalone mode, return the exit code
+                # note that this is only reached if `self.invoke` above raises
+                # an Exit explicitly -- thus bypassing the check there which
+                # would return its result
+                # the results of non-standalone execution may therefore be
+                # somewhat ambiguous: if there are codepaths which lead to
+                # `ctx.exit(1)` and to `return 1`, the caller won't be able to
+                # tell the difference between the two
+                return e.exit_code
+        except Abort:
+            if not standalone_mode:
+                raise
+            echo(_("Aborted!"), file=sys.stderr)
+            sys.exit(1)
+
+    def _main_shell_completion(
+        self,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: t.Optional[str] = None,
+    ) -> None:
+        """Check if the shell is asking for tab completion, process
+        that, then exit early. Called from :meth:`main` before the
+        program is invoked.
+
+        :param prog_name: Name of the executable in the shell.
+        :param complete_var: Name of the environment variable that holds
+            the completion instruction. Defaults to
+            ``_{PROG_NAME}_COMPLETE``.
+
+        .. versionchanged:: 8.2.0
+            Dots (``.``) in ``prog_name`` are replaced with underscores (``_``).
+        """
+        if complete_var is None:
+            complete_name = prog_name.replace("-", "_").replace(".", "_")
+            complete_var = f"_{complete_name}_COMPLETE".upper()
+
+        instruction = os.environ.get(complete_var)
+
+        if not instruction:
+            return
+
+        from .shell_completion import shell_complete
+
+        rv = shell_complete(self, ctx_args, prog_name, complete_var, instruction)
+        sys.exit(rv)
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Alias for :meth:`main`."""
+        return self.main(*args, **kwargs)
+
+
+class Command(BaseCommand):
+    """Commands are the basic building block of command line interfaces in
+    Click.  A basic command handles command line parsing and might dispatch
+    more parsing to commands nested below it.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    :param callback: the callback to invoke.  This is optional.
+    :param params: the parameters to register with this command.  This can
+                   be either :class:`Option` or :class:`Argument` objects.
+    :param help: the help string to use for this command.
+    :param epilog: like the help string but it's printed at the end of the
+                   help page after everything else.
+    :param short_help: the short help to use for this command.  This is
+                       shown on the command listing of the parent command.
+    :param add_help_option: by default each command registers a ``--help``
+                            option.  This can be disabled by this parameter.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is disabled by default.
+                            If enabled this will add ``--help`` as argument
+                            if no arguments are passed
+    :param hidden: hide this command from help outputs.
+
+    :param deprecated: issues a message indicating that
+                             the command is deprecated.
+
+    .. versionchanged:: 8.1
+        ``help``, ``epilog``, and ``short_help`` are stored unprocessed,
+        all formatting is done when outputting help text, not at init,
+        and is done even if not using the ``@command`` decorator.
+
+    .. versionchanged:: 8.0
+        Added a ``repr`` showing the command name.
+
+    .. versionchanged:: 7.1
+        Added the ``no_args_is_help`` parameter.
+
+    .. versionchanged:: 2.0
+        Added the ``context_settings`` parameter.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        callback: t.Optional[t.Callable[..., t.Any]] = None,
+        params: t.Optional[t.List["Parameter"]] = None,
+        help: t.Optional[str] = None,
+        epilog: t.Optional[str] = None,
+        short_help: t.Optional[str] = None,
+        options_metavar: t.Optional[str] = "[OPTIONS]",
+        add_help_option: bool = True,
+        no_args_is_help: bool = False,
+        hidden: bool = False,
+        deprecated: bool = False,
+    ) -> None:
+        super().__init__(name, context_settings)
+        #: the callback to execute when the command fires.  This might be
+        #: `None` in which case nothing happens.
+        self.callback = callback
+        #: the list of parameters for this command in the order they
+        #: should show up in the help page and execute.  Eager parameters
+        #: will automatically be handled before non eager ones.
+        self.params: t.List["Parameter"] = params or []
+        self.help = help
+        self.epilog = epilog
+        self.options_metavar = options_metavar
+        self.short_help = short_help
+        self.add_help_option = add_help_option
+        self.no_args_is_help = no_args_is_help
+        self.hidden = hidden
+        self.deprecated = deprecated
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        info_dict.update(
+            params=[param.to_info_dict() for param in self.get_params(ctx)],
+            help=self.help,
+            epilog=self.epilog,
+            short_help=self.short_help,
+            hidden=self.hidden,
+            deprecated=self.deprecated,
+        )
+        return info_dict
+
+    def get_usage(self, ctx: Context) -> str:
+        """Formats the usage line into a string and returns it.
+
+        Calls :meth:`format_usage` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_usage(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_params(self, ctx: Context) -> t.List["Parameter"]:
+        rv = self.params
+        help_option = self.get_help_option(ctx)
+
+        if help_option is not None:
+            rv = [*rv, help_option]
+
+        return rv
+
+    def format_usage(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the usage line into the formatter.
+
+        This is a low-level method called by :meth:`get_usage`.
+        """
+        pieces = self.collect_usage_pieces(ctx)
+        formatter.write_usage(ctx.command_path, " ".join(pieces))
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        """Returns all the pieces that go into the usage line and returns
+        it as a list of strings.
+        """
+        rv = [self.options_metavar] if self.options_metavar else []
+
+        for param in self.get_params(ctx):
+            rv.extend(param.get_usage_pieces(ctx))
+
+        return rv
+
+    def get_help_option_names(self, ctx: Context) -> t.List[str]:
+        """Returns the names for the help option."""
+        all_names = set(ctx.help_option_names)
+        for param in self.params:
+            all_names.difference_update(param.opts)
+            all_names.difference_update(param.secondary_opts)
+        return list(all_names)
+
+    def get_help_option(self, ctx: Context) -> t.Optional["Option"]:
+        """Returns the help option object."""
+        help_options = self.get_help_option_names(ctx)
+
+        if not help_options or not self.add_help_option:
+            return None
+
+        def show_help(ctx: Context, param: "Parameter", value: str) -> None:
+            if value and not ctx.resilient_parsing:
+                echo(ctx.get_help(), color=ctx.color)
+                ctx.exit()
+
+        return Option(
+            help_options,
+            is_flag=True,
+            is_eager=True,
+            expose_value=False,
+            callback=show_help,
+            help=_("Show this message and exit."),
+        )
+
+    def make_parser(self, ctx: Context) -> OptionParser:
+        """Creates the underlying option parser for this command."""
+        parser = OptionParser(ctx)
+        for param in self.get_params(ctx):
+            param.add_to_parser(parser, ctx)
+        return parser
+
+    def get_help(self, ctx: Context) -> str:
+        """Formats the help into a string and returns it.
+
+        Calls :meth:`format_help` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_help(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_short_help_str(self, limit: int = 45) -> str:
+        """Gets short help for the command or makes it by shortening the
+        long help string.
+        """
+        if self.short_help:
+            text = inspect.cleandoc(self.short_help)
+        elif self.help:
+            text = make_default_short_help(self.help, limit)
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        return text.strip()
+
+    def format_help(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help into the formatter if it exists.
+
+        This is a low-level method called by :meth:`get_help`.
+
+        This calls the following methods:
+
+        -   :meth:`format_usage`
+        -   :meth:`format_help_text`
+        -   :meth:`format_options`
+        -   :meth:`format_epilog`
+        """
+        self.format_usage(ctx, formatter)
+        self.format_help_text(ctx, formatter)
+        self.format_options(ctx, formatter)
+        self.format_epilog(ctx, formatter)
+
+    def format_help_text(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help text to the formatter if it exists."""
+        if self.help is not None:
+            # truncate the help text to the first form feed
+            text = inspect.cleandoc(self.help).partition("\f")[0]
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        if text:
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(text)
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes all the options into the formatter if they exist."""
+        opts = []
+        for param in self.get_params(ctx):
+            rv = param.get_help_record(ctx)
+            if rv is not None:
+                opts.append(rv)
+
+        if opts:
+            with formatter.section(_("Options")):
+                formatter.write_dl(opts)
+
+    def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the epilog into the formatter if it exists."""
+        if self.epilog:
+            epilog = inspect.cleandoc(self.epilog)
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(epilog)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        parser = self.make_parser(ctx)
+        opts, args, param_order = parser.parse_args(args=args)
+
+        for param in iter_params_for_processing(param_order, self.get_params(ctx)):
+            value, args = param.handle_parse_result(ctx, opts, args)
+
+        if args and not ctx.allow_extra_args and not ctx.resilient_parsing:
+            ctx.fail(
+                ngettext(
+                    "Got unexpected extra argument ({args})",
+                    "Got unexpected extra arguments ({args})",
+                    len(args),
+                ).format(args=" ".join(map(str, args)))
+            )
+
+        ctx.args = args
+        ctx._opt_prefixes.update(parser._opt_prefixes)
+        return args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the attached callback (if it exists)
+        in the right way.
+        """
+        if self.deprecated:
+            message = _(
+                "DeprecationWarning: The command {name!r} is deprecated."
+            ).format(name=self.name)
+            echo(style(message, fg="red"), err=True)
+
+        if self.callback is not None:
+            return ctx.invoke(self.callback, **ctx.params)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options and chained multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        if incomplete and not incomplete[0].isalnum():
+            for param in self.get_params(ctx):
+                if (
+                    not isinstance(param, Option)
+                    or param.hidden
+                    or (
+                        not param.multiple
+                        and ctx.get_parameter_source(param.name)  # type: ignore
+                        is ParameterSource.COMMANDLINE
+                    )
+                ):
+                    continue
+
+                results.extend(
+                    CompletionItem(name, help=param.help)
+                    for name in [*param.opts, *param.secondary_opts]
+                    if name.startswith(incomplete)
+                )
+
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class MultiCommand(Command):
+    """A multi command is the basic implementation of a command that
+    dispatches to subcommands.  The most common version is the
+    :class:`Group`.
+
+    :param invoke_without_command: this controls how the multi command itself
+                                   is invoked.  By default it's only invoked
+                                   if a subcommand is provided.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is enabled by default if
+                            `invoke_without_command` is disabled or disabled
+                            if it's enabled.  If enabled this will add
+                            ``--help`` as argument if no arguments are
+                            passed.
+    :param subcommand_metavar: the string that is used in the documentation
+                               to indicate the subcommand place.
+    :param chain: if this is set to `True` chaining of multiple subcommands
+                  is enabled.  This restricts the form of commands in that
+                  they cannot have optional arguments but it allows
+                  multiple commands to be chained together.
+    :param result_callback: The result callback to attach to this multi
+        command. This can be set or changed later with the
+        :meth:`result_callback` decorator.
+    :param attrs: Other command arguments described in :class:`Command`.
+    """
+
+    allow_extra_args = True
+    allow_interspersed_args = False
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        invoke_without_command: bool = False,
+        no_args_is_help: t.Optional[bool] = None,
+        subcommand_metavar: t.Optional[str] = None,
+        chain: bool = False,
+        result_callback: t.Optional[t.Callable[..., t.Any]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if no_args_is_help is None:
+            no_args_is_help = not invoke_without_command
+
+        self.no_args_is_help = no_args_is_help
+        self.invoke_without_command = invoke_without_command
+
+        if subcommand_metavar is None:
+            if chain:
+                subcommand_metavar = "COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]..."
+            else:
+                subcommand_metavar = "COMMAND [ARGS]..."
+
+        self.subcommand_metavar = subcommand_metavar
+        self.chain = chain
+        # The result callback that is stored. This can be set or
+        # overridden with the :func:`result_callback` decorator.
+        self._result_callback = result_callback
+
+        if self.chain:
+            for param in self.params:
+                if isinstance(param, Argument) and not param.required:
+                    raise RuntimeError(
+                        "Multi commands in chain mode cannot have"
+                        " optional arguments."
+                    )
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        commands = {}
+
+        for name in self.list_commands(ctx):
+            command = self.get_command(ctx, name)
+
+            if command is None:
+                continue
+
+            sub_ctx = ctx._make_sub_context(command)
+
+            with sub_ctx.scope(cleanup=False):
+                commands[name] = command.to_info_dict(sub_ctx)
+
+        info_dict.update(commands=commands, chain=self.chain)
+        return info_dict
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        rv = super().collect_usage_pieces(ctx)
+        rv.append(self.subcommand_metavar)
+        return rv
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        super().format_options(ctx, formatter)
+        self.format_commands(ctx, formatter)
+
+    def result_callback(self, replace: bool = False) -> t.Callable[[F], F]:
+        """Adds a result callback to the command.  By default if a
+        result callback is already registered this will chain them but
+        this can be disabled with the `replace` parameter.  The result
+        callback is invoked with the return value of the subcommand
+        (or the list of return values from all subcommands if chaining
+        is enabled) as well as the parameters as they would be passed
+        to the main callback.
+
+        Example::
+
+            @click.group()
+            @click.option('-i', '--input', default=23)
+            def cli(input):
+                return 42
+
+            @cli.result_callback()
+            def process_result(result, input):
+                return result + input
+
+        :param replace: if set to `True` an already existing result
+                        callback will be removed.
+
+        .. versionchanged:: 8.0
+            Renamed from ``resultcallback``.
+
+        .. versionadded:: 3.0
+        """
+
+        def decorator(f: F) -> F:
+            old_callback = self._result_callback
+
+            if old_callback is None or replace:
+                self._result_callback = f
+                return f
+
+            def function(__value, *args, **kwargs):  # type: ignore
+                inner = old_callback(__value, *args, **kwargs)
+                return f(inner, *args, **kwargs)
+
+            self._result_callback = rv = update_wrapper(t.cast(F, function), f)
+            return rv
+
+        return decorator
+
+    def format_commands(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Extra format methods for multi methods that adds all the commands
+        after the options.
+        """
+        commands = []
+        for subcommand in self.list_commands(ctx):
+            cmd = self.get_command(ctx, subcommand)
+            # What is this, the tool lied about a command.  Ignore it
+            if cmd is None:
+                continue
+            if cmd.hidden:
+                continue
+
+            commands.append((subcommand, cmd))
+
+        # allow for 3 times the default spacing
+        if len(commands):
+            limit = formatter.width - 6 - max(len(cmd[0]) for cmd in commands)
+
+            rows = []
+            for subcommand, cmd in commands:
+                help = cmd.get_short_help_str(limit)
+                rows.append((subcommand, help))
+
+            if rows:
+                with formatter.section(_("Commands")):
+                    formatter.write_dl(rows)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        rest = super().parse_args(ctx, args)
+
+        if self.chain:
+            ctx.protected_args = rest
+            ctx.args = []
+        elif rest:
+            ctx.protected_args, ctx.args = rest[:1], rest[1:]
+
+        return ctx.args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        def _process_result(value: t.Any) -> t.Any:
+            if self._result_callback is not None:
+                value = ctx.invoke(self._result_callback, value, **ctx.params)
+            return value
+
+        if not ctx.protected_args:
+            if self.invoke_without_command:
+                # No subcommand was invoked, so the result callback is
+                # invoked with the group return value for regular
+                # groups, or an empty list for chained groups.
+                with ctx:
+                    rv = super().invoke(ctx)
+                    return _process_result([] if self.chain else rv)
+            ctx.fail(_("Missing command."))
+
+        # Fetch args back out
+        args = [*ctx.protected_args, *ctx.args]
+        ctx.args = []
+        ctx.protected_args = []
+
+        # If we're not in chain mode, we only allow the invocation of a
+        # single command but we also inform the current context about the
+        # name of the command to invoke.
+        if not self.chain:
+            # Make sure the context is entered so we do not clean up
+            # resources until the result processor has worked.
+            with ctx:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                ctx.invoked_subcommand = cmd_name
+                super().invoke(ctx)
+                sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
+                with sub_ctx:
+                    return _process_result(sub_ctx.command.invoke(sub_ctx))
+
+        # In chain mode we create the contexts step by step, but after the
+        # base command has been invoked.  Because at that point we do not
+        # know the subcommands yet, the invoked subcommand attribute is
+        # set to ``*`` to inform the command that subcommands are executed
+        # but nothing else.
+        with ctx:
+            ctx.invoked_subcommand = "*" if args else None
+            super().invoke(ctx)
+
+            # Otherwise we make every single context and invoke them in a
+            # chain.  In that case the return value to the result processor
+            # is the list of all invoked subcommand's results.
+            contexts = []
+            while args:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                sub_ctx = cmd.make_context(
+                    cmd_name,
+                    args,
+                    parent=ctx,
+                    allow_extra_args=True,
+                    allow_interspersed_args=False,
+                )
+                contexts.append(sub_ctx)
+                args, sub_ctx.args = sub_ctx.args, []
+
+            rv = []
+            for sub_ctx in contexts:
+                with sub_ctx:
+                    rv.append(sub_ctx.command.invoke(sub_ctx))
+            return _process_result(rv)
+
+    def resolve_command(
+        self, ctx: Context, args: t.List[str]
+    ) -> t.Tuple[t.Optional[str], t.Optional[Command], t.List[str]]:
+        cmd_name = make_str(args[0])
+        original_cmd_name = cmd_name
+
+        # Get the command
+        cmd = self.get_command(ctx, cmd_name)
+
+        # If we can't find the command but there is a normalization
+        # function available, we try with that one.
+        if cmd is None and ctx.token_normalize_func is not None:
+            cmd_name = ctx.token_normalize_func(cmd_name)
+            cmd = self.get_command(ctx, cmd_name)
+
+        # If we don't find the command we want to show an error message
+        # to the user that it was not provided.  However, there is
+        # something else we should do: if the first argument looks like
+        # an option we want to kick off parsing again for arguments to
+        # resolve things like --help which now should go to the main
+        # place.
+        if cmd is None and not ctx.resilient_parsing:
+            if split_opt(cmd_name)[0]:
+                self.parse_args(ctx, ctx.args)
+            ctx.fail(_("No such command {name!r}.").format(name=original_cmd_name))
+        return cmd_name if cmd else None, cmd, args[1:]
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        """Given a context and a command name, this returns a
+        :class:`Command` object if it exists or returns `None`.
+        """
+        raise NotImplementedError
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        """Returns a list of subcommand names in the order they should
+        appear.
+        """
+        return []
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options, subcommands, and chained
+        multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results = [
+            CompletionItem(name, help=command.get_short_help_str())
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class Group(MultiCommand):
+    """A group allows a command to have subcommands attached. This is
+    the most common way to implement nesting in Click.
+
+    :param name: The name of the group command.
+    :param commands: A dict mapping names to :class:`Command` objects.
+        Can also be a list of :class:`Command`, which will use
+        :attr:`Command.name` to create the dict.
+    :param attrs: Other command arguments described in
+        :class:`MultiCommand`, :class:`Command`, and
+        :class:`BaseCommand`.
+
+    .. versionchanged:: 8.0
+        The ``commands`` argument can be a list of command objects.
+    """
+
+    #: If set, this is used by the group's :meth:`command` decorator
+    #: as the default :class:`Command` class. This is useful to make all
+    #: subcommands use a custom command class.
+    #:
+    #: .. versionadded:: 8.0
+    command_class: t.Optional[t.Type[Command]] = None
+
+    #: If set, this is used by the group's :meth:`group` decorator
+    #: as the default :class:`Group` class. This is useful to make all
+    #: subgroups use a custom group class.
+    #:
+    #: If set to the special value :class:`type` (literally
+    #: ``group_class = type``), this group's class will be used as the
+    #: default class. This makes a custom group class continue to make
+    #: custom groups.
+    #:
+    #: .. versionadded:: 8.0
+    group_class: t.Optional[t.Union[t.Type["Group"], t.Type[type]]] = None
+    # Literal[type] isn't valid, so use Type[type]
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        commands: t.Optional[
+            t.Union[t.MutableMapping[str, Command], t.Sequence[Command]]
+        ] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if commands is None:
+            commands = {}
+        elif isinstance(commands, abc.Sequence):
+            commands = {c.name: c for c in commands if c.name is not None}
+
+        #: The registered subcommands by their exported names.
+        self.commands: t.MutableMapping[str, Command] = commands
+
+    def add_command(self, cmd: Command, name: t.Optional[str] = None) -> None:
+        """Registers another :class:`Command` with this group.  If the name
+        is not provided, the name of the command is used.
+        """
+        name = name or cmd.name
+        if name is None:
+            raise TypeError("Command has no name.")
+        _check_multicommand(self, name, cmd, register=True)
+        self.commands[name] = cmd
+
+    @t.overload
+    def command(self, __func: t.Callable[..., t.Any]) -> Command:
+        ...
+
+    @t.overload
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], Command]:
+        ...
+
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], Command], Command]:
+        """A shortcut decorator for declaring and attaching a command to
+        the group. This takes the same arguments as :func:`command` and
+        immediately registers the created command with this group by
+        calling :meth:`add_command`.
+
+        To customize the command class used, set the
+        :attr:`command_class` attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`command_class` attribute.
+        """
+        from .decorators import command
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'command(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.command_class and kwargs.get("cls") is None:
+            kwargs["cls"] = self.command_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> Command:
+            cmd: Command = command(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    @t.overload
+    def group(self, __func: t.Callable[..., t.Any]) -> "Group":
+        ...
+
+    @t.overload
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], "Group"]:
+        ...
+
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], "Group"], "Group"]:
+        """A shortcut decorator for declaring and attaching a group to
+        the group. This takes the same arguments as :func:`group` and
+        immediately registers the created group with this group by
+        calling :meth:`add_command`.
+
+        To customize the group class used, set the :attr:`group_class`
+        attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`group_class` attribute.
+        """
+        from .decorators import group
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'group(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.group_class is not None and kwargs.get("cls") is None:
+            if self.group_class is type:
+                kwargs["cls"] = type(self)
+            else:
+                kwargs["cls"] = self.group_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> "Group":
+            cmd: Group = group(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        return self.commands.get(cmd_name)
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        return sorted(self.commands)
+
+
+class CommandCollection(MultiCommand):
+    """A command collection is a multi command that merges multiple multi
+    commands together into one.  This is a straightforward implementation
+    that accepts a list of different multi commands as sources and
+    provides all the commands for each of them.
+
+    See :class:`MultiCommand` and :class:`Command` for the description of
+    ``name`` and ``attrs``.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        sources: t.Optional[t.List[MultiCommand]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+        #: The list of registered multi commands.
+        self.sources: t.List[MultiCommand] = sources or []
+
+    def add_source(self, multi_cmd: MultiCommand) -> None:
+        """Adds a new multi command to the chain dispatcher."""
+        self.sources.append(multi_cmd)
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        for source in self.sources:
+            rv = source.get_command(ctx, cmd_name)
+
+            if rv is not None:
+                if self.chain:
+                    _check_multicommand(self, cmd_name, rv)
+
+                return rv
+
+        return None
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        rv: t.Set[str] = set()
+
+        for source in self.sources:
+            rv.update(source.list_commands(ctx))
+
+        return sorted(rv)
+
+
+def _check_iter(value: t.Any) -> t.Iterator[t.Any]:
+    """Check if the value is iterable but not a string. Raises a type
+    error, or return an iterator over the value.
+    """
+    if isinstance(value, str):
+        raise TypeError
+
+    return iter(value)
+
+
+class Parameter:
+    r"""A parameter to a command comes in two versions: they are either
+    :class:`Option`\s or :class:`Argument`\s.  Other subclasses are currently
+    not supported by design as some of the internals for parsing are
+    intentionally not finalized.
+
+    Some settings are supported by both options and arguments.
+
+    :param param_decls: the parameter declarations for this option or
+                        argument.  This is a list of flags or argument
+                        names.
+    :param type: the type that should be used.  Either a :class:`ParamType`
+                 or a Python type.  The latter is converted into the former
+                 automatically if supported.
+    :param required: controls if this is optional or not.
+    :param default: the default value if omitted.  This can also be a callable,
+                    in which case it's invoked when the default is needed
+                    without any arguments.
+    :param callback: A function to further process or validate the value
+        after type conversion. It is called as ``f(ctx, param, value)``
+        and must return the value. It is called for all sources,
+        including prompts.
+    :param nargs: the number of arguments to match.  If not ``1`` the return
+                  value is a tuple instead of single value.  The default for
+                  nargs is ``1`` (except if the type is a tuple, then it's
+                  the arity of the tuple). If ``nargs=-1``, all remaining
+                  parameters are collected.
+    :param metavar: how the value is represented in the help page.
+    :param expose_value: if this is `True` then the value is passed onwards
+                         to the command callback and stored on the context,
+                         otherwise it's skipped.
+    :param is_eager: eager values are processed before non eager ones.  This
+                     should not be set for arguments or it will inverse the
+                     order of processing.
+    :param envvar: a string or list of strings that are environment variables
+                   that should be checked.
+    :param shell_complete: A function that returns custom shell
+        completions. Used instead of the param's type completion if
+        given. Takes ``ctx, param, incomplete`` and must return a list
+        of :class:`~click.shell_completion.CompletionItem` or a list of
+        strings.
+
+    .. versionchanged:: 8.0
+        ``process_value`` validates required parameters and bounded
+        ``nargs``, and invokes the parameter callback before returning
+        the value. This allows the callback to validate prompts.
+        ``full_process_value`` is removed.
+
+    .. versionchanged:: 8.0
+        ``autocompletion`` is renamed to ``shell_complete`` and has new
+        semantics described above. The old name is deprecated and will
+        be removed in 8.1, until then it will be wrapped to match the
+        new requirements.
+
+    .. versionchanged:: 8.0
+        For ``multiple=True, nargs>1``, the default must be a list of
+        tuples.
+
+    .. versionchanged:: 8.0
+        Setting a default is no longer required for ``nargs>1``, it will
+        default to ``None``. ``multiple=True`` or ``nargs=-1`` will
+        default to ``()``.
+
+    .. versionchanged:: 7.1
+        Empty environment variables are ignored rather than taking the
+        empty string value. This makes it possible for scripts to clear
+        variables if they can't unset them.
+
+    .. versionchanged:: 2.0
+        Changed signature for parameter callback to also be passed the
+        parameter. The old callback format will still work, but it will
+        raise a warning to give you a chance to migrate the code easier.
+    """
+
+    param_type_name = "parameter"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        required: bool = False,
+        default: t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]] = None,
+        callback: t.Optional[t.Callable[[Context, "Parameter", t.Any], t.Any]] = None,
+        nargs: t.Optional[int] = None,
+        multiple: bool = False,
+        metavar: t.Optional[str] = None,
+        expose_value: bool = True,
+        is_eager: bool = False,
+        envvar: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        shell_complete: t.Optional[
+            t.Callable[
+                [Context, "Parameter", str],
+                t.Union[t.List["CompletionItem"], t.List[str]],
+            ]
+        ] = None,
+    ) -> None:
+        self.name: t.Optional[str]
+        self.opts: t.List[str]
+        self.secondary_opts: t.List[str]
+        self.name, self.opts, self.secondary_opts = self._parse_decls(
+            param_decls or (), expose_value
+        )
+        self.type: types.ParamType = types.convert_type(type, default)
+
+        # Default nargs to what the type tells us if we have that
+        # information available.
+        if nargs is None:
+            if self.type.is_composite:
+                nargs = self.type.arity
+            else:
+                nargs = 1
+
+        self.required = required
+        self.callback = callback
+        self.nargs = nargs
+        self.multiple = multiple
+        self.expose_value = expose_value
+        self.default = default
+        self.is_eager = is_eager
+        self.metavar = metavar
+        self.envvar = envvar
+        self._custom_shell_complete = shell_complete
+
+        if __debug__:
+            if self.type.is_composite and nargs != self.type.arity:
+                raise ValueError(
+                    f"'nargs' must be {self.type.arity} (or None) for"
+                    f" type {self.type!r}, but it was {nargs}."
+                )
+
+            # Skip no default or callable default.
+            check_default = default if not callable(default) else None
+
+            if check_default is not None:
+                if multiple:
+                    try:
+                        # Only check the first value against nargs.
+                        check_default = next(_check_iter(check_default), None)
+                    except TypeError:
+                        raise ValueError(
+                            "'default' must be a list when 'multiple' is true."
+                        ) from None
+
+                # Can be None for multiple with empty default.
+                if nargs != 1 and check_default is not None:
+                    try:
+                        _check_iter(check_default)
+                    except TypeError:
+                        if multiple:
+                            message = (
+                                "'default' must be a list of lists when 'multiple' is"
+                                " true and 'nargs' != 1."
+                            )
+                        else:
+                            message = "'default' must be a list when 'nargs' != 1."
+
+                        raise ValueError(message) from None
+
+                    if nargs > 1 and len(check_default) != nargs:
+                        subject = "item length" if multiple else "length"
+                        raise ValueError(
+                            f"'default' {subject} must match nargs={nargs}."
+                        )
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "name": self.name,
+            "param_type_name": self.param_type_name,
+            "opts": self.opts,
+            "secondary_opts": self.secondary_opts,
+            "type": self.type.to_info_dict(),
+            "required": self.required,
+            "nargs": self.nargs,
+            "multiple": self.multiple,
+            "default": self.default,
+            "envvar": self.envvar,
+        }
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        raise NotImplementedError()
+
+    @property
+    def human_readable_name(self) -> str:
+        """Returns the human readable name of this parameter.  This is the
+        same as the name for options, but the metavar for arguments.
+        """
+        return self.name  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+
+        metavar = self.type.get_metavar(self)
+
+        if metavar is None:
+            metavar = self.type.name.upper()
+
+        if self.nargs != 1:
+            metavar += "..."
+
+        return metavar
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        """Get the default for the parameter. Tries
+        :meth:`Context.lookup_default` first, then the local default.
+
+        :param ctx: Current context.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0.2
+            Type casting is no longer performed when getting a default.
+
+        .. versionchanged:: 8.0.1
+            Type casting can fail in resilient parsing mode. Invalid
+            defaults will not prevent showing help text.
+
+        .. versionchanged:: 8.0
+            Looks at ``ctx.default_map`` first.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        value = ctx.lookup_default(self.name, call=False)  # type: ignore
+
+        if value is None:
+            value = self.default
+
+        if call and callable(value):
+            value = value()
+
+        return value
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        raise NotImplementedError()
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value = opts.get(self.name)  # type: ignore
+        source = ParameterSource.COMMANDLINE
+
+        if value is None:
+            value = self.value_from_envvar(ctx)
+            source = ParameterSource.ENVIRONMENT
+
+        if value is None:
+            value = ctx.lookup_default(self.name)  # type: ignore
+            source = ParameterSource.DEFAULT_MAP
+
+        if value is None:
+            value = self.get_default(ctx)
+            source = ParameterSource.DEFAULT
+
+        return value, source
+
+    def type_cast_value(self, ctx: Context, value: t.Any) -> t.Any:
+        """Convert and validate a value against the option's
+        :attr:`type`, :attr:`multiple`, and :attr:`nargs`.
+        """
+        if value is None:
+            return () if self.multiple or self.nargs == -1 else None
+
+        def check_iter(value: t.Any) -> t.Iterator[t.Any]:
+            try:
+                return _check_iter(value)
+            except TypeError:
+                # This should only happen when passing in args manually,
+                # the parser should construct an iterable when parsing
+                # the command line.
+                raise BadParameter(
+                    _("Value must be an iterable."), ctx=ctx, param=self
+                ) from None
+
+        if self.nargs == 1 or self.type.is_composite:
+
+            def convert(value: t.Any) -> t.Any:
+                return self.type(value, param=self, ctx=ctx)
+
+        elif self.nargs == -1:
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                return tuple(self.type(x, self, ctx) for x in check_iter(value))
+
+        else:  # nargs > 1
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                value = tuple(check_iter(value))
+
+                if len(value) != self.nargs:
+                    raise BadParameter(
+                        ngettext(
+                            "Takes {nargs} values but 1 was given.",
+                            "Takes {nargs} values but {len} were given.",
+                            len(value),
+                        ).format(nargs=self.nargs, len=len(value)),
+                        ctx=ctx,
+                        param=self,
+                    )
+
+                return tuple(self.type(x, self, ctx) for x in value)
+
+        if self.multiple:
+            return tuple(convert(x) for x in check_iter(value))
+
+        return convert(value)
+
+    def value_is_missing(self, value: t.Any) -> bool:
+        if value is None:
+            return True
+
+        if (self.nargs != 1 or self.multiple) and value == ():
+            return True
+
+        return False
+
+    def process_value(self, ctx: Context, value: t.Any) -> t.Any:
+        value = self.type_cast_value(ctx, value)
+
+        if self.required and self.value_is_missing(value):
+            raise MissingParameter(ctx=ctx, param=self)
+
+        if self.callback is not None:
+            value = self.callback(ctx, self, value)
+
+        return value
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        if self.envvar is None:
+            return None
+
+        if isinstance(self.envvar, str):
+            rv = os.environ.get(self.envvar)
+
+            if rv:
+                return rv
+        else:
+            for envvar in self.envvar:
+                rv = os.environ.get(envvar)
+
+                if rv:
+                    return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is not None and self.nargs != 1:
+            rv = self.type.split_envvar_value(rv)
+
+        return rv
+
+    def handle_parse_result(
+        self, ctx: Context, opts: t.Mapping[str, t.Any], args: t.List[str]
+    ) -> t.Tuple[t.Any, t.List[str]]:
+        with augment_usage_errors(ctx, param=self):
+            value, source = self.consume_value(ctx, opts)
+            ctx.set_parameter_source(self.name, source)  # type: ignore
+
+            try:
+                value = self.process_value(ctx, value)
+            except Exception:
+                if not ctx.resilient_parsing:
+                    raise
+
+                value = None
+
+        if self.expose_value:
+            ctx.params[self.name] = value  # type: ignore
+
+        return value, args
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        pass
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return []
+
+    def get_error_hint(self, ctx: Context) -> str:
+        """Get a stringified version of the param for use in error messages to
+        indicate which param caused the error.
+        """
+        hint_list = self.opts or [self.human_readable_name]
+        return " / ".join(f"'{x}'" for x in hint_list)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. If a
+        ``shell_complete`` function was given during init, it is used.
+        Otherwise, the :attr:`type`
+        :meth:`~click.types.ParamType.shell_complete` function is used.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        if self._custom_shell_complete is not None:
+            results = self._custom_shell_complete(ctx, self, incomplete)
+
+            if results and isinstance(results[0], str):
+                from click.shell_completion import CompletionItem
+
+                results = [CompletionItem(c) for c in results]
+
+            return t.cast(t.List["CompletionItem"], results)
+
+        return self.type.shell_complete(ctx, self, incomplete)
+
+
+class Option(Parameter):
+    """Options are usually optional values on the command line and
+    have some extra features that arguments don't have.
+
+    All other parameters are passed onwards to the parameter constructor.
+
+    :param show_default: Show the default value for this option in its
+        help text. Values are not shown by default, unless
+        :attr:`Context.show_default` is ``True``. If this value is a
+        string, it shows that string in parentheses instead of the
+        actual value. This is particularly useful for dynamic options.
+        For single option boolean flags, the default remains hidden if
+        its value is ``False``.
+    :param show_envvar: Controls if an environment variable should be
+        shown on the help page. Normally, environment variables are not
+        shown.
+    :param prompt: If set to ``True`` or a non empty string then the
+        user will be prompted for input. If set to ``True`` the prompt
+        will be the option name capitalized.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value if it was prompted for. Can be set to a string instead of
+        ``True`` to customize the message.
+    :param prompt_required: If set to ``False``, the user will be
+        prompted for input only when the option was specified as a flag
+        without a value.
+    :param hide_input: If this is ``True`` then the input on the prompt
+        will be hidden from the user. This is useful for password input.
+    :param is_flag: forces this option to act as a flag.  The default is
+                    auto detection.
+    :param flag_value: which value should be used for this flag if it's
+                       enabled.  This is set to a boolean automatically if
+                       the option string contains a slash to mark two options.
+    :param multiple: if this is set to `True` then the argument is accepted
+                     multiple times and recorded.  This is similar to ``nargs``
+                     in how it works but supports arbitrary number of
+                     arguments.
+    :param count: this flag makes an option increment an integer.
+    :param allow_from_autoenv: if this is enabled then the value of this
+                               parameter will be pulled from an environment
+                               variable in case a prefix is defined on the
+                               context.
+    :param help: the help string.
+    :param hidden: hide this option from help outputs.
+    :param attrs: Other command arguments described in :class:`Parameter`.
+
+    .. versionchanged:: 8.1.0
+        Help text indentation is cleaned here instead of only in the
+        ``@option`` decorator.
+
+    .. versionchanged:: 8.1.0
+        The ``show_default`` parameter overrides
+        ``Context.show_default``.
+
+    .. versionchanged:: 8.1.0
+        The default of a single option boolean flag is not shown if the
+        default value is ``False``.
+
+    .. versionchanged:: 8.0.1
+        ``type`` is detected from ``flag_value`` if given.
+    """
+
+    param_type_name = "option"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        show_default: t.Union[bool, str, None] = None,
+        prompt: t.Union[bool, str] = False,
+        confirmation_prompt: t.Union[bool, str] = False,
+        prompt_required: bool = True,
+        hide_input: bool = False,
+        is_flag: t.Optional[bool] = None,
+        flag_value: t.Optional[t.Any] = None,
+        multiple: bool = False,
+        count: bool = False,
+        allow_from_autoenv: bool = True,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        help: t.Optional[str] = None,
+        hidden: bool = False,
+        show_choices: bool = True,
+        show_envvar: bool = False,
+        **attrs: t.Any,
+    ) -> None:
+        if help:
+            help = inspect.cleandoc(help)
+
+        default_is_missing = "default" not in attrs
+        super().__init__(param_decls, type=type, multiple=multiple, **attrs)
+
+        if prompt is True:
+            if self.name is None:
+                raise TypeError("'name' is required with 'prompt=True'.")
+
+            prompt_text: t.Optional[str] = self.name.replace("_", " ").capitalize()
+        elif prompt is False:
+            prompt_text = None
+        else:
+            prompt_text = prompt
+
+        self.prompt = prompt_text
+        self.confirmation_prompt = confirmation_prompt
+        self.prompt_required = prompt_required
+        self.hide_input = hide_input
+        self.hidden = hidden
+
+        # If prompt is enabled but not required, then the option can be
+        # used as a flag to indicate using prompt or flag_value.
+        self._flag_needs_value = self.prompt is not None and not self.prompt_required
+
+        if is_flag is None:
+            if flag_value is not None:
+                # Implicitly a flag because flag_value was set.
+                is_flag = True
+            elif self._flag_needs_value:
+                # Not a flag, but when used as a flag it shows a prompt.
+                is_flag = False
+            else:
+                # Implicitly a flag because flag options were given.
+                is_flag = bool(self.secondary_opts)
+        elif is_flag is False and not self._flag_needs_value:
+            # Not a flag, and prompt is not enabled, can be used as a
+            # flag if flag_value is set.
+            self._flag_needs_value = flag_value is not None
+
+        self.default: t.Union[t.Any, t.Callable[[], t.Any]]
+
+        if is_flag and default_is_missing and not self.required:
+            if multiple:
+                self.default = ()
+            else:
+                self.default = False
+
+        if flag_value is None:
+            flag_value = not self.default
+
+        self.type: types.ParamType
+        if is_flag and type is None:
+            # Re-guess the type from the flag value instead of the
+            # default.
+            self.type = types.convert_type(None, flag_value)
+
+        self.is_flag: bool = is_flag
+        self.is_bool_flag: bool = is_flag and isinstance(self.type, types.BoolParamType)
+        self.flag_value: t.Any = flag_value
+
+        # Counting
+        self.count = count
+        if count:
+            if type is None:
+                self.type = types.IntRange(min=0)
+            if default_is_missing:
+                self.default = 0
+
+        self.allow_from_autoenv = allow_from_autoenv
+        self.help = help
+        self.show_default = show_default
+        self.show_choices = show_choices
+        self.show_envvar = show_envvar
+
+        if __debug__:
+            if self.nargs == -1:
+                raise TypeError("nargs=-1 is not supported for options.")
+
+            if self.prompt and self.is_flag and not self.is_bool_flag:
+                raise TypeError("'prompt' is not valid for non-boolean flag.")
+
+            if not self.is_bool_flag and self.secondary_opts:
+                raise TypeError("Secondary flag is not valid for non-boolean flag.")
+
+            if self.is_bool_flag and self.hide_input and self.prompt is not None:
+                raise TypeError(
+                    "'prompt' with 'hide_input' is not valid for boolean flag."
+                )
+
+            if self.count:
+                if self.multiple:
+                    raise TypeError("'count' is not valid with 'multiple'.")
+
+                if self.is_flag:
+                    raise TypeError("'count' is not valid with 'is_flag'.")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            help=self.help,
+            prompt=self.prompt,
+            is_flag=self.is_flag,
+            flag_value=self.flag_value,
+            count=self.count,
+            hidden=self.hidden,
+        )
+        return info_dict
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        opts = []
+        secondary_opts = []
+        name = None
+        possible_names = []
+
+        for decl in decls:
+            if decl.isidentifier():
+                if name is not None:
+                    raise TypeError(f"Name '{name}' defined twice")
+                name = decl
+            else:
+                split_char = ";" if decl[:1] == "/" else "/"
+                if split_char in decl:
+                    first, second = decl.split(split_char, 1)
+                    first = first.rstrip()
+                    if first:
+                        possible_names.append(split_opt(first))
+                        opts.append(first)
+                    second = second.lstrip()
+                    if second:
+                        secondary_opts.append(second.lstrip())
+                    if first == second:
+                        raise ValueError(
+                            f"Boolean option {decl!r} cannot use the"
+                            " same flag for true/false."
+                        )
+                else:
+                    possible_names.append(split_opt(decl))
+                    opts.append(decl)
+
+        if name is None and possible_names:
+            possible_names.sort(key=lambda x: -len(x[0]))  # group long options first
+            name = possible_names[0][1].replace("-", "_").lower()
+            if not name.isidentifier():
+                name = None
+
+        if name is None:
+            if not expose_value:
+                return None, opts, secondary_opts
+            raise TypeError("Could not determine name for option")
+
+        if not opts and not secondary_opts:
+            raise TypeError(
+                f"No options defined but a name was passed ({name})."
+                " Did you mean to declare an argument instead? Did"
+                f" you mean to pass '--{name}'?"
+            )
+
+        return name, opts, secondary_opts
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        if self.multiple:
+            action = "append"
+        elif self.count:
+            action = "count"
+        else:
+            action = "store"
+
+        if self.is_flag:
+            action = f"{action}_const"
+
+            if self.is_bool_flag and self.secondary_opts:
+                parser.add_option(
+                    obj=self, opts=self.opts, dest=self.name, action=action, const=True
+                )
+                parser.add_option(
+                    obj=self,
+                    opts=self.secondary_opts,
+                    dest=self.name,
+                    action=action,
+                    const=False,
+                )
+            else:
+                parser.add_option(
+                    obj=self,
+                    opts=self.opts,
+                    dest=self.name,
+                    action=action,
+                    const=self.flag_value,
+                )
+        else:
+            parser.add_option(
+                obj=self,
+                opts=self.opts,
+                dest=self.name,
+                action=action,
+                nargs=self.nargs,
+            )
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        if self.hidden:
+            return None
+
+        any_prefix_is_slash = False
+
+        def _write_opts(opts: t.Sequence[str]) -> str:
+            nonlocal any_prefix_is_slash
+
+            rv, any_slashes = join_options(opts)
+
+            if any_slashes:
+                any_prefix_is_slash = True
+
+            if not self.is_flag and not self.count:
+                rv += f" {self.make_metavar()}"
+
+            return rv
+
+        rv = [_write_opts(self.opts)]
+
+        if self.secondary_opts:
+            rv.append(_write_opts(self.secondary_opts))
+
+        help = self.help or ""
+        extra = []
+
+        if self.show_envvar:
+            envvar = self.envvar
+
+            if envvar is None:
+                if (
+                    self.allow_from_autoenv
+                    and ctx.auto_envvar_prefix is not None
+                    and self.name is not None
+                ):
+                    envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+
+            if envvar is not None:
+                var_str = (
+                    envvar
+                    if isinstance(envvar, str)
+                    else ", ".join(str(d) for d in envvar)
+                )
+                extra.append(_("env var: {var}").format(var=var_str))
+
+        # Temporarily enable resilient parsing to avoid type casting
+        # failing for the default. Might be possible to extend this to
+        # help formatting in general.
+        resilient = ctx.resilient_parsing
+        ctx.resilient_parsing = True
+
+        try:
+            default_value = self.get_default(ctx, call=False)
+        finally:
+            ctx.resilient_parsing = resilient
+
+        show_default = False
+        show_default_is_str = False
+
+        if self.show_default is not None:
+            if isinstance(self.show_default, str):
+                show_default_is_str = show_default = True
+            else:
+                show_default = self.show_default
+        elif ctx.show_default is not None:
+            show_default = ctx.show_default
+
+        if show_default_is_str or (show_default and (default_value is not None)):
+            if show_default_is_str:
+                default_string = f"({self.show_default})"
+            elif isinstance(default_value, (list, tuple)):
+                default_string = ", ".join(str(d) for d in default_value)
+            elif inspect.isfunction(default_value):
+                default_string = _("(dynamic)")
+            elif self.is_bool_flag and self.secondary_opts:
+                # For boolean flags that have distinct True/False opts,
+                # use the opt without prefix instead of the value.
+                default_string = split_opt(
+                    (self.opts if self.default else self.secondary_opts)[0]
+                )[1]
+            elif self.is_bool_flag and not self.secondary_opts and not default_value:
+                default_string = ""
+            else:
+                default_string = str(default_value)
+
+            if default_string:
+                extra.append(_("default: {default}").format(default=default_string))
+
+        if (
+            isinstance(self.type, types._NumberRangeBase)
+            # skip count with default range type
+            and not (self.count and self.type.min == 0 and self.type.max is None)
+        ):
+            range_str = self.type._describe_range()
+
+            if range_str:
+                extra.append(range_str)
+
+        if self.required:
+            extra.append(_("required"))
+
+        if extra:
+            extra_str = "; ".join(extra)
+            help = f"{help}  [{extra_str}]" if help else f"[{extra_str}]"
+
+        return ("; " if any_prefix_is_slash else " / ").join(rv), help
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        # If we're a non boolean flag our default is more complex because
+        # we need to look at all flags in the same group to figure out
+        # if we're the default one in which case we return the flag
+        # value as default.
+        if self.is_flag and not self.is_bool_flag:
+            for param in ctx.command.params:
+                if param.name == self.name and param.default:
+                    return t.cast(Option, param).flag_value
+
+            return None
+
+        return super().get_default(ctx, call=call)
+
+    def prompt_for_value(self, ctx: Context) -> t.Any:
+        """This is an alternative flow that can be activated in the full
+        value processing if a value does not exist.  It will prompt the
+        user until a valid value exists and then returns the processed
+        value as result.
+        """
+        assert self.prompt is not None
+
+        # Calculate the default before prompting anything to be stable.
+        default = self.get_default(ctx)
+
+        # If this is a prompt for a flag we need to handle this
+        # differently.
+        if self.is_bool_flag:
+            return confirm(self.prompt, default)
+
+        return prompt(
+            self.prompt,
+            default=default,
+            type=self.type,
+            hide_input=self.hide_input,
+            show_choices=self.show_choices,
+            confirmation_prompt=self.confirmation_prompt,
+            value_proc=lambda x: self.process_value(ctx, x),
+        )
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        rv = super().resolve_envvar_value(ctx)
+
+        if rv is not None:
+            return rv
+
+        if (
+            self.allow_from_autoenv
+            and ctx.auto_envvar_prefix is not None
+            and self.name is not None
+        ):
+            envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+            rv = os.environ.get(envvar)
+
+            if rv:
+                return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is None:
+            return None
+
+        value_depth = (self.nargs != 1) + bool(self.multiple)
+
+        if value_depth > 0:
+            rv = self.type.split_envvar_value(rv)
+
+            if self.multiple and self.nargs != 1:
+                rv = batch(rv, self.nargs)
+
+        return rv
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, "Parameter"]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value, source = super().consume_value(ctx, opts)
+
+        # The parser will emit a sentinel value if the option can be
+        # given as a flag without a value. This is different from None
+        # to distinguish from the flag not being given at all.
+        if value is _flag_needs_value:
+            if self.prompt is not None and not ctx.resilient_parsing:
+                value = self.prompt_for_value(ctx)
+                source = ParameterSource.PROMPT
+            else:
+                value = self.flag_value
+                source = ParameterSource.COMMANDLINE
+
+        elif (
+            self.multiple
+            and value is not None
+            and any(v is _flag_needs_value for v in value)
+        ):
+            value = [self.flag_value if v is _flag_needs_value else v for v in value]
+            source = ParameterSource.COMMANDLINE
+
+        # The value wasn't set, or used the param's default, prompt if
+        # prompting is enabled.
+        elif (
+            source in {None, ParameterSource.DEFAULT}
+            and self.prompt is not None
+            and (self.required or self.prompt_required)
+            and not ctx.resilient_parsing
+        ):
+            value = self.prompt_for_value(ctx)
+            source = ParameterSource.PROMPT
+
+        return value, source
+
+
+class Argument(Parameter):
+    """Arguments are positional parameters to a command.  They generally
+    provide fewer features than options but can have infinite ``nargs``
+    and are required by default.
+
+    All parameters are passed onwards to the constructor of :class:`Parameter`.
+    """
+
+    param_type_name = "argument"
+
+    def __init__(
+        self,
+        param_decls: t.Sequence[str],
+        required: t.Optional[bool] = None,
+        **attrs: t.Any,
+    ) -> None:
+        if required is None:
+            if attrs.get("default") is not None:
+                required = False
+            else:
+                required = attrs.get("nargs", 1) > 0
+
+        if "multiple" in attrs:
+            raise TypeError("__init__() got an unexpected keyword argument 'multiple'.")
+
+        super().__init__(param_decls, required=required, **attrs)
+
+        if __debug__:
+            if self.default is not None and self.nargs == -1:
+                raise TypeError("'default' is not supported for nargs=-1.")
+
+    @property
+    def human_readable_name(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        return self.name.upper()  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        var = self.type.get_metavar(self)
+        if not var:
+            var = self.name.upper()  # type: ignore
+        if not self.required:
+            var = f"[{var}]"
+        if self.nargs != 1:
+            var += "..."
+        return var
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        if not decls:
+            if not expose_value:
+                return None, [], []
+            raise TypeError("Could not determine name for argument")
+        if len(decls) == 1:
+            name = arg = decls[0]
+            name = name.replace("-", "_").lower()
+        else:
+            raise TypeError(
+                "Arguments take exactly one parameter declaration, got"
+                f" {len(decls)}."
+            )
+        return name, [arg], []
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return [self.make_metavar()]
+
+    def get_error_hint(self, ctx: Context) -> str:
+        return f"'{self.make_metavar()}'"
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        parser.add_argument(dest=self.name, nargs=self.nargs, obj=self)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/decorators.py b/lib/go-jinja2/internal/data/linux-arm64/click/decorators.py
new file mode 100644
index 000000000..d9bba9502
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/decorators.py
@@ -0,0 +1,561 @@
+import inspect
+import types
+import typing as t
+from functools import update_wrapper
+from gettext import gettext as _
+
+from .core import Argument
+from .core import Command
+from .core import Context
+from .core import Group
+from .core import Option
+from .core import Parameter
+from .globals import get_current_context
+from .utils import echo
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+T = t.TypeVar("T")
+_AnyCallable = t.Callable[..., t.Any]
+FC = t.TypeVar("FC", bound=t.Union[_AnyCallable, Command])
+
+
+def pass_context(f: "t.Callable[te.Concatenate[Context, P], R]") -> "t.Callable[P, R]":
+    """Marks a callback as wanting to receive the current context
+    object as first argument.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context(), *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def pass_obj(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+    """Similar to :func:`pass_context`, but only pass the object on the
+    context onwards (:attr:`Context.obj`).  This is useful if that object
+    represents the state of a nested system.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context().obj, *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def make_pass_decorator(
+    object_type: t.Type[T], ensure: bool = False
+) -> t.Callable[["t.Callable[te.Concatenate[T, P], R]"], "t.Callable[P, R]"]:
+    """Given an object type this creates a decorator that will work
+    similar to :func:`pass_obj` but instead of passing the object of the
+    current context, it will find the innermost context of type
+    :func:`object_type`.
+
+    This generates a decorator that works roughly like this::
+
+        from functools import update_wrapper
+
+        def decorator(f):
+            @pass_context
+            def new_func(ctx, *args, **kwargs):
+                obj = ctx.find_object(object_type)
+                return ctx.invoke(f, obj, *args, **kwargs)
+            return update_wrapper(new_func, f)
+        return decorator
+
+    :param object_type: the type of the object to pass.
+    :param ensure: if set to `True`, a new object will be created and
+                   remembered on the context if it's not there yet.
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[T, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+            ctx = get_current_context()
+
+            obj: t.Optional[T]
+            if ensure:
+                obj = ctx.ensure_object(object_type)
+            else:
+                obj = ctx.find_object(object_type)
+
+            if obj is None:
+                raise RuntimeError(
+                    "Managed to invoke callback without a context"
+                    f" object of type {object_type.__name__!r}"
+                    " existing."
+                )
+
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    return decorator  # type: ignore[return-value]
+
+
+def pass_meta_key(
+    key: str, *, doc_description: t.Optional[str] = None
+) -> "t.Callable[[t.Callable[te.Concatenate[t.Any, P], R]], t.Callable[P, R]]":
+    """Create a decorator that passes a key from
+    :attr:`click.Context.meta` as the first argument to the decorated
+    function.
+
+    :param key: Key in ``Context.meta`` to pass.
+    :param doc_description: Description of the object being passed,
+        inserted into the decorator's docstring. Defaults to "the 'key'
+        key from Context.meta".
+
+    .. versionadded:: 8.0
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> R:
+            ctx = get_current_context()
+            obj = ctx.meta[key]
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    if doc_description is None:
+        doc_description = f"the {key!r} key from :attr:`click.Context.meta`"
+
+    decorator.__doc__ = (
+        f"Decorator that passes {doc_description} as the first argument"
+        " to the decorated function."
+    )
+    return decorator  # type: ignore[return-value]
+
+
+CmdType = t.TypeVar("CmdType", bound=Command)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def command(name: _AnyCallable) -> Command:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @command(namearg, CommandCls, ...) or @command(namearg, cls=CommandCls, ...)
+@t.overload
+def command(
+    name: t.Optional[str],
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @command(cls=CommandCls, ...)
+@t.overload
+def command(
+    name: None = None,
+    *,
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def command(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Command]:
+    ...
+
+
+def command(
+    name: t.Union[t.Optional[str], _AnyCallable] = None,
+    cls: t.Optional[t.Type[CmdType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Command, t.Callable[[_AnyCallable], t.Union[Command, CmdType]]]:
+    r"""Creates a new :class:`Command` and uses the decorated function as
+    callback.  This will also automatically attach all decorated
+    :func:`option`\s and :func:`argument`\s as parameters to the command.
+
+    The name of the command defaults to the name of the function with
+    underscores replaced by dashes.  If you want to change that, you can
+    pass the intended name as the first argument.
+
+    All keyword arguments are forwarded to the underlying command class.
+    For the ``params`` argument, any decorated params are appended to
+    the end of the list.
+
+    Once decorated the function turns into a :class:`Command` instance
+    that can be invoked as a command line utility or be attached to a
+    command :class:`Group`.
+
+    :param name: the name of the command.  This defaults to the function
+                 name with underscores replaced by dashes.
+    :param cls: the command class to instantiate.  This defaults to
+                :class:`Command`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+
+    .. versionchanged:: 8.1
+        The ``params`` argument can be used. Decorated params are
+        appended to the end of the list.
+    """
+
+    func: t.Optional[t.Callable[[_AnyCallable], t.Any]] = None
+
+    if callable(name):
+        func = name
+        name = None
+        assert cls is None, "Use 'command(cls=cls)(callable)' to specify a class."
+        assert not attrs, "Use 'command(**kwargs)(callable)' to provide arguments."
+
+    if cls is None:
+        cls = t.cast(t.Type[CmdType], Command)
+
+    def decorator(f: _AnyCallable) -> CmdType:
+        if isinstance(f, Command):
+            raise TypeError("Attempted to convert a callback into a command twice.")
+
+        attr_params = attrs.pop("params", None)
+        params = attr_params if attr_params is not None else []
+
+        try:
+            decorator_params = f.__click_params__  # type: ignore
+        except AttributeError:
+            pass
+        else:
+            del f.__click_params__  # type: ignore
+            params.extend(reversed(decorator_params))
+
+        if attrs.get("help") is None:
+            attrs["help"] = f.__doc__
+
+        if t.TYPE_CHECKING:
+            assert cls is not None
+            assert not callable(name)
+
+        cmd = cls(
+            name=name or f.__name__.lower().replace("_", "-"),
+            callback=f,
+            params=params,
+            **attrs,
+        )
+        cmd.__doc__ = f.__doc__
+        return cmd
+
+    if func is not None:
+        return decorator(func)
+
+    return decorator
+
+
+GrpType = t.TypeVar("GrpType", bound=Group)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def group(name: _AnyCallable) -> Group:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @group(namearg, GroupCls, ...) or @group(namearg, cls=GroupCls, ...)
+@t.overload
+def group(
+    name: t.Optional[str],
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @group(cmd=GroupCls, ...)
+@t.overload
+def group(
+    name: None = None,
+    *,
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def group(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Group]:
+    ...
+
+
+def group(
+    name: t.Union[str, _AnyCallable, None] = None,
+    cls: t.Optional[t.Type[GrpType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Group, t.Callable[[_AnyCallable], t.Union[Group, GrpType]]]:
+    """Creates a new :class:`Group` with a function as callback.  This
+    works otherwise the same as :func:`command` just that the `cls`
+    parameter is set to :class:`Group`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+    """
+    if cls is None:
+        cls = t.cast(t.Type[GrpType], Group)
+
+    if callable(name):
+        return command(cls=cls, **attrs)(name)
+
+    return command(name, cls, **attrs)
+
+
+def _param_memo(f: t.Callable[..., t.Any], param: Parameter) -> None:
+    if isinstance(f, Command):
+        f.params.append(param)
+    else:
+        if not hasattr(f, "__click_params__"):
+            f.__click_params__ = []  # type: ignore
+
+        f.__click_params__.append(param)  # type: ignore
+
+
+def argument(
+    *param_decls: str, cls: t.Optional[t.Type[Argument]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an argument to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Argument`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Argument` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default argument class, refer to :class:`Argument` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the argument class to instantiate.  This defaults to
+                :class:`Argument`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Argument
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def option(
+    *param_decls: str, cls: t.Optional[t.Type[Option]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an option to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Option`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Option` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default option class, refer to :class:`Option` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the option class to instantiate.  This defaults to
+                :class:`Option`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Option
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def confirmation_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--yes`` option which shows a prompt before continuing if
+    not passed. If the prompt is declined, the program will exit.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--yes"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value:
+            ctx.abort()
+
+    if not param_decls:
+        param_decls = ("--yes",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("callback", callback)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("prompt", "Do you want to continue?")
+    kwargs.setdefault("help", "Confirm the action without prompting.")
+    return option(*param_decls, **kwargs)
+
+
+def password_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--password`` option which prompts for a password, hiding
+    input and asking to enter the value again for confirmation.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--password"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+    if not param_decls:
+        param_decls = ("--password",)
+
+    kwargs.setdefault("prompt", True)
+    kwargs.setdefault("confirmation_prompt", True)
+    kwargs.setdefault("hide_input", True)
+    return option(*param_decls, **kwargs)
+
+
+def version_option(
+    version: t.Optional[str] = None,
+    *param_decls: str,
+    package_name: t.Optional[str] = None,
+    prog_name: t.Optional[str] = None,
+    message: t.Optional[str] = None,
+    **kwargs: t.Any,
+) -> t.Callable[[FC], FC]:
+    """Add a ``--version`` option which immediately prints the version
+    number and exits the program.
+
+    If ``version`` is not provided, Click will try to detect it using
+    :func:`importlib.metadata.version` to get the version for the
+    ``package_name``. On Python < 3.8, the ``importlib_metadata``
+    backport must be installed.
+
+    If ``package_name`` is not provided, Click will try to detect it by
+    inspecting the stack frames. This will be used to detect the
+    version, so it must match the name of the installed package.
+
+    :param version: The version number to show. If not provided, Click
+        will try to detect it.
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--version"``.
+    :param package_name: The package name to detect the version from. If
+        not provided, Click will try to detect it.
+    :param prog_name: The name of the CLI to show in the message. If not
+        provided, it will be detected from the command.
+    :param message: The message to show. The values ``%(prog)s``,
+        ``%(package)s``, and ``%(version)s`` are available. Defaults to
+        ``"%(prog)s, version %(version)s"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    :raise RuntimeError: ``version`` could not be detected.
+
+    .. versionchanged:: 8.0
+        Add the ``package_name`` parameter, and the ``%(package)s``
+        value for messages.
+
+    .. versionchanged:: 8.0
+        Use :mod:`importlib.metadata` instead of ``pkg_resources``. The
+        version is detected based on the package name, not the entry
+        point name. The Python package name must match the installed
+        package name, or be passed with ``package_name=``.
+    """
+    if message is None:
+        message = _("%(prog)s, version %(version)s")
+
+    if version is None and package_name is None:
+        frame = inspect.currentframe()
+        f_back = frame.f_back if frame is not None else None
+        f_globals = f_back.f_globals if f_back is not None else None
+        # break reference cycle
+        # https://docs.python.org/3/library/inspect.html#the-interpreter-stack
+        del frame
+
+        if f_globals is not None:
+            package_name = f_globals.get("__name__")
+
+            if package_name == "__main__":
+                package_name = f_globals.get("__package__")
+
+            if package_name:
+                package_name = package_name.partition(".")[0]
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        nonlocal prog_name
+        nonlocal version
+
+        if prog_name is None:
+            prog_name = ctx.find_root().info_name
+
+        if version is None and package_name is not None:
+            metadata: t.Optional[types.ModuleType]
+
+            try:
+                from importlib import metadata  # type: ignore
+            except ImportError:
+                # Python < 3.8
+                import importlib_metadata as metadata  # type: ignore
+
+            try:
+                version = metadata.version(package_name)  # type: ignore
+            except metadata.PackageNotFoundError:  # type: ignore
+                raise RuntimeError(
+                    f"{package_name!r} is not installed. Try passing"
+                    " 'package_name' instead."
+                ) from None
+
+        if version is None:
+            raise RuntimeError(
+                f"Could not determine the version for {package_name!r} automatically."
+            )
+
+        echo(
+            message % {"prog": prog_name, "package": package_name, "version": version},
+            color=ctx.color,
+        )
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--version",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show the version and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
+
+
+def help_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--help`` option which immediately prints the help page
+    and exits the program.
+
+    This is usually unnecessary, as the ``--help`` option is added to
+    each command automatically unless ``add_help_option=False`` is
+    passed.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--help"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        echo(ctx.get_help(), color=ctx.color)
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--help",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show this message and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/exceptions.py b/lib/go-jinja2/internal/data/linux-arm64/click/exceptions.py
new file mode 100644
index 000000000..fe68a3613
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/exceptions.py
@@ -0,0 +1,288 @@
+import typing as t
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import get_text_stderr
+from .utils import echo
+from .utils import format_filename
+
+if t.TYPE_CHECKING:
+    from .core import Command
+    from .core import Context
+    from .core import Parameter
+
+
+def _join_param_hints(
+    param_hint: t.Optional[t.Union[t.Sequence[str], str]]
+) -> t.Optional[str]:
+    if param_hint is not None and not isinstance(param_hint, str):
+        return " / ".join(repr(x) for x in param_hint)
+
+    return param_hint
+
+
+class ClickException(Exception):
+    """An exception that Click can handle and show to the user."""
+
+    #: The exit code for this exception.
+    exit_code = 1
+
+    def __init__(self, message: str) -> None:
+        super().__init__(message)
+        self.message = message
+
+    def format_message(self) -> str:
+        return self.message
+
+    def __str__(self) -> str:
+        return self.message
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+
+        echo(_("Error: {message}").format(message=self.format_message()), file=file)
+
+
+class UsageError(ClickException):
+    """An internal exception that signals a usage error.  This typically
+    aborts any further handling.
+
+    :param message: the error message to display.
+    :param ctx: optionally the context that caused this error.  Click will
+                fill in the context automatically in some situations.
+    """
+
+    exit_code = 2
+
+    def __init__(self, message: str, ctx: t.Optional["Context"] = None) -> None:
+        super().__init__(message)
+        self.ctx = ctx
+        self.cmd: t.Optional["Command"] = self.ctx.command if self.ctx else None
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+        color = None
+        hint = ""
+        if (
+            self.ctx is not None
+            and self.ctx.command.get_help_option(self.ctx) is not None
+        ):
+            hint = _("Try '{command} {option}' for help.").format(
+                command=self.ctx.command_path, option=self.ctx.help_option_names[0]
+            )
+            hint = f"{hint}\n"
+        if self.ctx is not None:
+            color = self.ctx.color
+            echo(f"{self.ctx.get_usage()}\n{hint}", file=file, color=color)
+        echo(
+            _("Error: {message}").format(message=self.format_message()),
+            file=file,
+            color=color,
+        )
+
+
+class BadParameter(UsageError):
+    """An exception that formats out a standardized error message for a
+    bad parameter.  This is useful when thrown from a callback or type as
+    Click will attach contextual information to it (for instance, which
+    parameter it is).
+
+    .. versionadded:: 2.0
+
+    :param param: the parameter object that caused this error.  This can
+                  be left out, and Click will attach this info itself
+                  if possible.
+    :param param_hint: a string that shows up as parameter name.  This
+                       can be used as alternative to `param` in cases
+                       where custom validation should happen.  If it is
+                       a string it's used as such, if it's a list then
+                       each item is quoted and separated.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message, ctx)
+        self.param = param
+        self.param_hint = param_hint
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            return _("Invalid value: {message}").format(message=self.message)
+
+        return _("Invalid value for {param_hint}: {message}").format(
+            param_hint=_join_param_hints(param_hint), message=self.message
+        )
+
+
+class MissingParameter(BadParameter):
+    """Raised if click required an option or argument but it was not
+    provided when invoking the script.
+
+    .. versionadded:: 4.0
+
+    :param param_type: a string that indicates the type of the parameter.
+                       The default is to inherit the parameter type from
+                       the given `param`.  Valid values are ``'parameter'``,
+                       ``'option'`` or ``'argument'``.
+    """
+
+    def __init__(
+        self,
+        message: t.Optional[str] = None,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+        param_type: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message or "", ctx, param, param_hint)
+        self.param_type = param_type
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint: t.Optional[str] = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            param_hint = None
+
+        param_hint = _join_param_hints(param_hint)
+        param_hint = f" {param_hint}" if param_hint else ""
+
+        param_type = self.param_type
+        if param_type is None and self.param is not None:
+            param_type = self.param.param_type_name
+
+        msg = self.message
+        if self.param is not None:
+            msg_extra = self.param.type.get_missing_message(self.param)
+            if msg_extra:
+                if msg:
+                    msg += f". {msg_extra}"
+                else:
+                    msg = msg_extra
+
+        msg = f" {msg}" if msg else ""
+
+        # Translate param_type for known types.
+        if param_type == "argument":
+            missing = _("Missing argument")
+        elif param_type == "option":
+            missing = _("Missing option")
+        elif param_type == "parameter":
+            missing = _("Missing parameter")
+        else:
+            missing = _("Missing {param_type}").format(param_type=param_type)
+
+        return f"{missing}{param_hint}.{msg}"
+
+    def __str__(self) -> str:
+        if not self.message:
+            param_name = self.param.name if self.param else None
+            return _("Missing parameter: {param_name}").format(param_name=param_name)
+        else:
+            return self.message
+
+
+class NoSuchOption(UsageError):
+    """Raised if click attempted to handle an option that does not
+    exist.
+
+    .. versionadded:: 4.0
+    """
+
+    def __init__(
+        self,
+        option_name: str,
+        message: t.Optional[str] = None,
+        possibilities: t.Optional[t.Sequence[str]] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> None:
+        if message is None:
+            message = _("No such option: {name}").format(name=option_name)
+
+        super().__init__(message, ctx)
+        self.option_name = option_name
+        self.possibilities = possibilities
+
+    def format_message(self) -> str:
+        if not self.possibilities:
+            return self.message
+
+        possibility_str = ", ".join(sorted(self.possibilities))
+        suggest = ngettext(
+            "Did you mean {possibility}?",
+            "(Possible options: {possibilities})",
+            len(self.possibilities),
+        ).format(possibility=possibility_str, possibilities=possibility_str)
+        return f"{self.message} {suggest}"
+
+
+class BadOptionUsage(UsageError):
+    """Raised if an option is generally supplied but the use of the option
+    was incorrect.  This is for instance raised if the number of arguments
+    for an option is not correct.
+
+    .. versionadded:: 4.0
+
+    :param option_name: the name of the option being used incorrectly.
+    """
+
+    def __init__(
+        self, option_name: str, message: str, ctx: t.Optional["Context"] = None
+    ) -> None:
+        super().__init__(message, ctx)
+        self.option_name = option_name
+
+
+class BadArgumentUsage(UsageError):
+    """Raised if an argument is generally supplied but the use of the argument
+    was incorrect.  This is for instance raised if the number of values
+    for an argument is not correct.
+
+    .. versionadded:: 6.0
+    """
+
+
+class FileError(ClickException):
+    """Raised if a file cannot be opened."""
+
+    def __init__(self, filename: str, hint: t.Optional[str] = None) -> None:
+        if hint is None:
+            hint = _("unknown error")
+
+        super().__init__(hint)
+        self.ui_filename: str = format_filename(filename)
+        self.filename = filename
+
+    def format_message(self) -> str:
+        return _("Could not open file {filename!r}: {message}").format(
+            filename=self.ui_filename, message=self.message
+        )
+
+
+class Abort(RuntimeError):
+    """An internal signalling exception that signals Click to abort."""
+
+
+class Exit(RuntimeError):
+    """An exception that indicates that the application should exit with some
+    status code.
+
+    :param code: the status code to exit with.
+    """
+
+    __slots__ = ("exit_code",)
+
+    def __init__(self, code: int = 0) -> None:
+        self.exit_code: int = code
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/formatting.py b/lib/go-jinja2/internal/data/linux-arm64/click/formatting.py
new file mode 100644
index 000000000..ddd2a2f82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/formatting.py
@@ -0,0 +1,301 @@
+import typing as t
+from contextlib import contextmanager
+from gettext import gettext as _
+
+from ._compat import term_len
+from .parser import split_opt
+
+# Can force a width.  This is used by the test system
+FORCED_WIDTH: t.Optional[int] = None
+
+
+def measure_table(rows: t.Iterable[t.Tuple[str, str]]) -> t.Tuple[int, ...]:
+    widths: t.Dict[int, int] = {}
+
+    for row in rows:
+        for idx, col in enumerate(row):
+            widths[idx] = max(widths.get(idx, 0), term_len(col))
+
+    return tuple(y for x, y in sorted(widths.items()))
+
+
+def iter_rows(
+    rows: t.Iterable[t.Tuple[str, str]], col_count: int
+) -> t.Iterator[t.Tuple[str, ...]]:
+    for row in rows:
+        yield row + ("",) * (col_count - len(row))
+
+
+def wrap_text(
+    text: str,
+    width: int = 78,
+    initial_indent: str = "",
+    subsequent_indent: str = "",
+    preserve_paragraphs: bool = False,
+) -> str:
+    """A helper function that intelligently wraps text.  By default, it
+    assumes that it operates on a single paragraph of text but if the
+    `preserve_paragraphs` parameter is provided it will intelligently
+    handle paragraphs (defined by two empty lines).
+
+    If paragraphs are handled, a paragraph can be prefixed with an empty
+    line containing the ``\\b`` character (``\\x08``) to indicate that
+    no rewrapping should happen in that block.
+
+    :param text: the text that should be rewrapped.
+    :param width: the maximum width for the text.
+    :param initial_indent: the initial indent that should be placed on the
+                           first line as a string.
+    :param subsequent_indent: the indent string that should be placed on
+                              each consecutive line.
+    :param preserve_paragraphs: if this flag is set then the wrapping will
+                                intelligently handle paragraphs.
+    """
+    from ._textwrap import TextWrapper
+
+    text = text.expandtabs()
+    wrapper = TextWrapper(
+        width,
+        initial_indent=initial_indent,
+        subsequent_indent=subsequent_indent,
+        replace_whitespace=False,
+    )
+    if not preserve_paragraphs:
+        return wrapper.fill(text)
+
+    p: t.List[t.Tuple[int, bool, str]] = []
+    buf: t.List[str] = []
+    indent = None
+
+    def _flush_par() -> None:
+        if not buf:
+            return
+        if buf[0].strip() == "\b":
+            p.append((indent or 0, True, "\n".join(buf[1:])))
+        else:
+            p.append((indent or 0, False, " ".join(buf)))
+        del buf[:]
+
+    for line in text.splitlines():
+        if not line:
+            _flush_par()
+            indent = None
+        else:
+            if indent is None:
+                orig_len = term_len(line)
+                line = line.lstrip()
+                indent = orig_len - term_len(line)
+            buf.append(line)
+    _flush_par()
+
+    rv = []
+    for indent, raw, text in p:
+        with wrapper.extra_indent(" " * indent):
+            if raw:
+                rv.append(wrapper.indent_only(text))
+            else:
+                rv.append(wrapper.fill(text))
+
+    return "\n\n".join(rv)
+
+
+class HelpFormatter:
+    """This class helps with formatting text-based help pages.  It's
+    usually just needed for very special internal cases, but it's also
+    exposed so that developers can write their own fancy outputs.
+
+    At present, it always writes into memory.
+
+    :param indent_increment: the additional increment for each level.
+    :param width: the width for the text.  This defaults to the terminal
+                  width clamped to a maximum of 78.
+    """
+
+    def __init__(
+        self,
+        indent_increment: int = 2,
+        width: t.Optional[int] = None,
+        max_width: t.Optional[int] = None,
+    ) -> None:
+        import shutil
+
+        self.indent_increment = indent_increment
+        if max_width is None:
+            max_width = 80
+        if width is None:
+            width = FORCED_WIDTH
+            if width is None:
+                width = max(min(shutil.get_terminal_size().columns, max_width) - 2, 50)
+        self.width = width
+        self.current_indent = 0
+        self.buffer: t.List[str] = []
+
+    def write(self, string: str) -> None:
+        """Writes a unicode string into the internal buffer."""
+        self.buffer.append(string)
+
+    def indent(self) -> None:
+        """Increases the indentation."""
+        self.current_indent += self.indent_increment
+
+    def dedent(self) -> None:
+        """Decreases the indentation."""
+        self.current_indent -= self.indent_increment
+
+    def write_usage(
+        self, prog: str, args: str = "", prefix: t.Optional[str] = None
+    ) -> None:
+        """Writes a usage line into the buffer.
+
+        :param prog: the program name.
+        :param args: whitespace separated list of arguments.
+        :param prefix: The prefix for the first line. Defaults to
+            ``"Usage: "``.
+        """
+        if prefix is None:
+            prefix = f"{_('Usage:')} "
+
+        usage_prefix = f"{prefix:>{self.current_indent}}{prog} "
+        text_width = self.width - self.current_indent
+
+        if text_width >= (term_len(usage_prefix) + 20):
+            # The arguments will fit to the right of the prefix.
+            indent = " " * term_len(usage_prefix)
+            self.write(
+                wrap_text(
+                    args,
+                    text_width,
+                    initial_indent=usage_prefix,
+                    subsequent_indent=indent,
+                )
+            )
+        else:
+            # The prefix is too long, put the arguments on the next line.
+            self.write(usage_prefix)
+            self.write("\n")
+            indent = " " * (max(self.current_indent, term_len(prefix)) + 4)
+            self.write(
+                wrap_text(
+                    args, text_width, initial_indent=indent, subsequent_indent=indent
+                )
+            )
+
+        self.write("\n")
+
+    def write_heading(self, heading: str) -> None:
+        """Writes a heading into the buffer."""
+        self.write(f"{'':>{self.current_indent}}{heading}:\n")
+
+    def write_paragraph(self) -> None:
+        """Writes a paragraph into the buffer."""
+        if self.buffer:
+            self.write("\n")
+
+    def write_text(self, text: str) -> None:
+        """Writes re-indented text into the buffer.  This rewraps and
+        preserves paragraphs.
+        """
+        indent = " " * self.current_indent
+        self.write(
+            wrap_text(
+                text,
+                self.width,
+                initial_indent=indent,
+                subsequent_indent=indent,
+                preserve_paragraphs=True,
+            )
+        )
+        self.write("\n")
+
+    def write_dl(
+        self,
+        rows: t.Sequence[t.Tuple[str, str]],
+        col_max: int = 30,
+        col_spacing: int = 2,
+    ) -> None:
+        """Writes a definition list into the buffer.  This is how options
+        and commands are usually formatted.
+
+        :param rows: a list of two item tuples for the terms and values.
+        :param col_max: the maximum width of the first column.
+        :param col_spacing: the number of spaces between the first and
+                            second column.
+        """
+        rows = list(rows)
+        widths = measure_table(rows)
+        if len(widths) != 2:
+            raise TypeError("Expected two columns for definition list")
+
+        first_col = min(widths[0], col_max) + col_spacing
+
+        for first, second in iter_rows(rows, len(widths)):
+            self.write(f"{'':>{self.current_indent}}{first}")
+            if not second:
+                self.write("\n")
+                continue
+            if term_len(first) <= first_col - col_spacing:
+                self.write(" " * (first_col - term_len(first)))
+            else:
+                self.write("\n")
+                self.write(" " * (first_col + self.current_indent))
+
+            text_width = max(self.width - first_col - 2, 10)
+            wrapped_text = wrap_text(second, text_width, preserve_paragraphs=True)
+            lines = wrapped_text.splitlines()
+
+            if lines:
+                self.write(f"{lines[0]}\n")
+
+                for line in lines[1:]:
+                    self.write(f"{'':>{first_col + self.current_indent}}{line}\n")
+            else:
+                self.write("\n")
+
+    @contextmanager
+    def section(self, name: str) -> t.Iterator[None]:
+        """Helpful context manager that writes a paragraph, a heading,
+        and the indents.
+
+        :param name: the section name that is written as heading.
+        """
+        self.write_paragraph()
+        self.write_heading(name)
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    @contextmanager
+    def indentation(self) -> t.Iterator[None]:
+        """A context manager that increases the indentation."""
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    def getvalue(self) -> str:
+        """Returns the buffer contents."""
+        return "".join(self.buffer)
+
+
+def join_options(options: t.Sequence[str]) -> t.Tuple[str, bool]:
+    """Given a list of option strings this joins them in the most appropriate
+    way and returns them in the form ``(formatted_string,
+    any_prefix_is_slash)`` where the second item in the tuple is a flag that
+    indicates if any of the option prefixes was a slash.
+    """
+    rv = []
+    any_prefix_is_slash = False
+
+    for opt in options:
+        prefix = split_opt(opt)[0]
+
+        if prefix == "/":
+            any_prefix_is_slash = True
+
+        rv.append((len(prefix), opt))
+
+    rv.sort(key=lambda x: x[0])
+    return ", ".join(x[1] for x in rv), any_prefix_is_slash
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/globals.py b/lib/go-jinja2/internal/data/linux-arm64/click/globals.py
new file mode 100644
index 000000000..480058f10
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/globals.py
@@ -0,0 +1,68 @@
+import typing as t
+from threading import local
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+
+_local = local()
+
+
+@t.overload
+def get_current_context(silent: "te.Literal[False]" = False) -> "Context":
+    ...
+
+
+@t.overload
+def get_current_context(silent: bool = ...) -> t.Optional["Context"]:
+    ...
+
+
+def get_current_context(silent: bool = False) -> t.Optional["Context"]:
+    """Returns the current click context.  This can be used as a way to
+    access the current context object from anywhere.  This is a more implicit
+    alternative to the :func:`pass_context` decorator.  This function is
+    primarily useful for helpers such as :func:`echo` which might be
+    interested in changing its behavior based on the current context.
+
+    To push the current context, :meth:`Context.scope` can be used.
+
+    .. versionadded:: 5.0
+
+    :param silent: if set to `True` the return value is `None` if no context
+                   is available.  The default behavior is to raise a
+                   :exc:`RuntimeError`.
+    """
+    try:
+        return t.cast("Context", _local.stack[-1])
+    except (AttributeError, IndexError) as e:
+        if not silent:
+            raise RuntimeError("There is no active click context.") from e
+
+    return None
+
+
+def push_context(ctx: "Context") -> None:
+    """Pushes a new context to the current stack."""
+    _local.__dict__.setdefault("stack", []).append(ctx)
+
+
+def pop_context() -> None:
+    """Removes the top level from the stack."""
+    _local.stack.pop()
+
+
+def resolve_color_default(color: t.Optional[bool] = None) -> t.Optional[bool]:
+    """Internal helper to get the default value of the color flag.  If a
+    value is passed it's returned unchanged, otherwise it's looked up from
+    the current context.
+    """
+    if color is not None:
+        return color
+
+    ctx = get_current_context(silent=True)
+
+    if ctx is not None:
+        return ctx.color
+
+    return None
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/parser.py b/lib/go-jinja2/internal/data/linux-arm64/click/parser.py
new file mode 100644
index 000000000..5fa7adfac
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/parser.py
@@ -0,0 +1,529 @@
+"""
+This module started out as largely a copy paste from the stdlib's
+optparse module with the features removed that we do not need from
+optparse because we implement them in Click on a higher level (for
+instance type handling, help formatting and a lot more).
+
+The plan is to remove more and more from here over time.
+
+The reason this is a different module and not optparse from the stdlib
+is that there are differences in 2.x and 3.x about the error messages
+generated and optparse in the stdlib uses gettext for no good reason
+and might cause us issues.
+
+Click uses parts of optparse written by Gregory P. Ward and maintained
+by the Python Software Foundation. This is limited to code in parser.py.
+
+Copyright 2001-2006 Gregory P. Ward. All rights reserved.
+Copyright 2002-2006 Python Software Foundation. All rights reserved.
+"""
+# This code uses parts of optparse written by Gregory P. Ward and
+# maintained by the Python Software Foundation.
+# Copyright 2001-2006 Gregory P. Ward
+# Copyright 2002-2006 Python Software Foundation
+import typing as t
+from collections import deque
+from gettext import gettext as _
+from gettext import ngettext
+
+from .exceptions import BadArgumentUsage
+from .exceptions import BadOptionUsage
+from .exceptions import NoSuchOption
+from .exceptions import UsageError
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Argument as CoreArgument
+    from .core import Context
+    from .core import Option as CoreOption
+    from .core import Parameter as CoreParameter
+
+V = t.TypeVar("V")
+
+# Sentinel value that indicates an option was passed as a flag without a
+# value but is not a flag option. Option.consume_value uses this to
+# prompt or use the flag_value.
+_flag_needs_value = object()
+
+
+def _unpack_args(
+    args: t.Sequence[str], nargs_spec: t.Sequence[int]
+) -> t.Tuple[t.Sequence[t.Union[str, t.Sequence[t.Optional[str]], None]], t.List[str]]:
+    """Given an iterable of arguments and an iterable of nargs specifications,
+    it returns a tuple with all the unpacked arguments at the first index
+    and all remaining arguments as the second.
+
+    The nargs specification is the number of arguments that should be consumed
+    or `-1` to indicate that this position should eat up all the remainders.
+
+    Missing items are filled with `None`.
+    """
+    args = deque(args)
+    nargs_spec = deque(nargs_spec)
+    rv: t.List[t.Union[str, t.Tuple[t.Optional[str], ...], None]] = []
+    spos: t.Optional[int] = None
+
+    def _fetch(c: "te.Deque[V]") -> t.Optional[V]:
+        try:
+            if spos is None:
+                return c.popleft()
+            else:
+                return c.pop()
+        except IndexError:
+            return None
+
+    while nargs_spec:
+        nargs = _fetch(nargs_spec)
+
+        if nargs is None:
+            continue
+
+        if nargs == 1:
+            rv.append(_fetch(args))
+        elif nargs > 1:
+            x = [_fetch(args) for _ in range(nargs)]
+
+            # If we're reversed, we're pulling in the arguments in reverse,
+            # so we need to turn them around.
+            if spos is not None:
+                x.reverse()
+
+            rv.append(tuple(x))
+        elif nargs < 0:
+            if spos is not None:
+                raise TypeError("Cannot have two nargs < 0")
+
+            spos = len(rv)
+            rv.append(None)
+
+    # spos is the position of the wildcard (star).  If it's not `None`,
+    # we fill it with the remainder.
+    if spos is not None:
+        rv[spos] = tuple(args)
+        args = []
+        rv[spos + 1 :] = reversed(rv[spos + 1 :])
+
+    return tuple(rv), list(args)
+
+
+def split_opt(opt: str) -> t.Tuple[str, str]:
+    first = opt[:1]
+    if first.isalnum():
+        return "", opt
+    if opt[1:2] == first:
+        return opt[:2], opt[2:]
+    return first, opt[1:]
+
+
+def normalize_opt(opt: str, ctx: t.Optional["Context"]) -> str:
+    if ctx is None or ctx.token_normalize_func is None:
+        return opt
+    prefix, opt = split_opt(opt)
+    return f"{prefix}{ctx.token_normalize_func(opt)}"
+
+
+def split_arg_string(string: str) -> t.List[str]:
+    """Split an argument string as with :func:`shlex.split`, but don't
+    fail if the string is incomplete. Ignores a missing closing quote or
+    incomplete escape sequence and uses the partial token as-is.
+
+    .. code-block:: python
+
+        split_arg_string("example 'my file")
+        ["example", "my file"]
+
+        split_arg_string("example my\\")
+        ["example", "my"]
+
+    :param string: String to split.
+    """
+    import shlex
+
+    lex = shlex.shlex(string, posix=True)
+    lex.whitespace_split = True
+    lex.commenters = ""
+    out = []
+
+    try:
+        for token in lex:
+            out.append(token)
+    except ValueError:
+        # Raised when end-of-string is reached in an invalid state. Use
+        # the partial token as-is. The quote or escape character is in
+        # lex.state, not lex.token.
+        out.append(lex.token)
+
+    return out
+
+
+class Option:
+    def __init__(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ):
+        self._short_opts = []
+        self._long_opts = []
+        self.prefixes: t.Set[str] = set()
+
+        for opt in opts:
+            prefix, value = split_opt(opt)
+            if not prefix:
+                raise ValueError(f"Invalid start character for option ({opt})")
+            self.prefixes.add(prefix[0])
+            if len(prefix) == 1 and len(value) == 1:
+                self._short_opts.append(opt)
+            else:
+                self._long_opts.append(opt)
+                self.prefixes.add(prefix)
+
+        if action is None:
+            action = "store"
+
+        self.dest = dest
+        self.action = action
+        self.nargs = nargs
+        self.const = const
+        self.obj = obj
+
+    @property
+    def takes_value(self) -> bool:
+        return self.action in ("store", "append")
+
+    def process(self, value: t.Any, state: "ParsingState") -> None:
+        if self.action == "store":
+            state.opts[self.dest] = value  # type: ignore
+        elif self.action == "store_const":
+            state.opts[self.dest] = self.const  # type: ignore
+        elif self.action == "append":
+            state.opts.setdefault(self.dest, []).append(value)  # type: ignore
+        elif self.action == "append_const":
+            state.opts.setdefault(self.dest, []).append(self.const)  # type: ignore
+        elif self.action == "count":
+            state.opts[self.dest] = state.opts.get(self.dest, 0) + 1  # type: ignore
+        else:
+            raise ValueError(f"unknown action '{self.action}'")
+        state.order.append(self.obj)
+
+
+class Argument:
+    def __init__(self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1):
+        self.dest = dest
+        self.nargs = nargs
+        self.obj = obj
+
+    def process(
+        self,
+        value: t.Union[t.Optional[str], t.Sequence[t.Optional[str]]],
+        state: "ParsingState",
+    ) -> None:
+        if self.nargs > 1:
+            assert value is not None
+            holes = sum(1 for x in value if x is None)
+            if holes == len(value):
+                value = None
+            elif holes != 0:
+                raise BadArgumentUsage(
+                    _("Argument {name!r} takes {nargs} values.").format(
+                        name=self.dest, nargs=self.nargs
+                    )
+                )
+
+        if self.nargs == -1 and self.obj.envvar is not None and value == ():
+            # Replace empty tuple with None so that a value from the
+            # environment may be tried.
+            value = None
+
+        state.opts[self.dest] = value  # type: ignore
+        state.order.append(self.obj)
+
+
+class ParsingState:
+    def __init__(self, rargs: t.List[str]) -> None:
+        self.opts: t.Dict[str, t.Any] = {}
+        self.largs: t.List[str] = []
+        self.rargs = rargs
+        self.order: t.List["CoreParameter"] = []
+
+
+class OptionParser:
+    """The option parser is an internal class that is ultimately used to
+    parse options and arguments.  It's modelled after optparse and brings
+    a similar but vastly simplified API.  It should generally not be used
+    directly as the high level Click classes wrap it for you.
+
+    It's not nearly as extensible as optparse or argparse as it does not
+    implement features that are implemented on a higher level (such as
+    types or defaults).
+
+    :param ctx: optionally the :class:`~click.Context` where this parser
+                should go with.
+    """
+
+    def __init__(self, ctx: t.Optional["Context"] = None) -> None:
+        #: The :class:`~click.Context` for this parser.  This might be
+        #: `None` for some advanced use cases.
+        self.ctx = ctx
+        #: This controls how the parser deals with interspersed arguments.
+        #: If this is set to `False`, the parser will stop on the first
+        #: non-option.  Click uses this to implement nested subcommands
+        #: safely.
+        self.allow_interspersed_args: bool = True
+        #: This tells the parser how to deal with unknown options.  By
+        #: default it will error out (which is sensible), but there is a
+        #: second mode where it will ignore it and continue processing
+        #: after shifting all the unknown options into the resulting args.
+        self.ignore_unknown_options: bool = False
+
+        if ctx is not None:
+            self.allow_interspersed_args = ctx.allow_interspersed_args
+            self.ignore_unknown_options = ctx.ignore_unknown_options
+
+        self._short_opt: t.Dict[str, Option] = {}
+        self._long_opt: t.Dict[str, Option] = {}
+        self._opt_prefixes = {"-", "--"}
+        self._args: t.List[Argument] = []
+
+    def add_option(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ) -> None:
+        """Adds a new option named `dest` to the parser.  The destination
+        is not inferred (unlike with optparse) and needs to be explicitly
+        provided.  Action can be any of ``store``, ``store_const``,
+        ``append``, ``append_const`` or ``count``.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        opts = [normalize_opt(opt, self.ctx) for opt in opts]
+        option = Option(obj, opts, dest, action=action, nargs=nargs, const=const)
+        self._opt_prefixes.update(option.prefixes)
+        for opt in option._short_opts:
+            self._short_opt[opt] = option
+        for opt in option._long_opts:
+            self._long_opt[opt] = option
+
+    def add_argument(
+        self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1
+    ) -> None:
+        """Adds a positional argument named `dest` to the parser.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        self._args.append(Argument(obj, dest=dest, nargs=nargs))
+
+    def parse_args(
+        self, args: t.List[str]
+    ) -> t.Tuple[t.Dict[str, t.Any], t.List[str], t.List["CoreParameter"]]:
+        """Parses positional arguments and returns ``(values, args, order)``
+        for the parsed options and arguments as well as the leftover
+        arguments if there are any.  The order is a list of objects as they
+        appear on the command line.  If arguments appear multiple times they
+        will be memorized multiple times as well.
+        """
+        state = ParsingState(args)
+        try:
+            self._process_args_for_options(state)
+            self._process_args_for_args(state)
+        except UsageError:
+            if self.ctx is None or not self.ctx.resilient_parsing:
+                raise
+        return state.opts, state.largs, state.order
+
+    def _process_args_for_args(self, state: ParsingState) -> None:
+        pargs, args = _unpack_args(
+            state.largs + state.rargs, [x.nargs for x in self._args]
+        )
+
+        for idx, arg in enumerate(self._args):
+            arg.process(pargs[idx], state)
+
+        state.largs = args
+        state.rargs = []
+
+    def _process_args_for_options(self, state: ParsingState) -> None:
+        while state.rargs:
+            arg = state.rargs.pop(0)
+            arglen = len(arg)
+            # Double dashes always handled explicitly regardless of what
+            # prefixes are valid.
+            if arg == "--":
+                return
+            elif arg[:1] in self._opt_prefixes and arglen > 1:
+                self._process_opts(arg, state)
+            elif self.allow_interspersed_args:
+                state.largs.append(arg)
+            else:
+                state.rargs.insert(0, arg)
+                return
+
+        # Say this is the original argument list:
+        # [arg0, arg1, ..., arg(i-1), arg(i), arg(i+1), ..., arg(N-1)]
+        #                            ^
+        # (we are about to process arg(i)).
+        #
+        # Then rargs is [arg(i), ..., arg(N-1)] and largs is a *subset* of
+        # [arg0, ..., arg(i-1)] (any options and their arguments will have
+        # been removed from largs).
+        #
+        # The while loop will usually consume 1 or more arguments per pass.
+        # If it consumes 1 (eg. arg is an option that takes no arguments),
+        # then after _process_arg() is done the situation is:
+        #
+        #   largs = subset of [arg0, ..., arg(i)]
+        #   rargs = [arg(i+1), ..., arg(N-1)]
+        #
+        # If allow_interspersed_args is false, largs will always be
+        # *empty* -- still a subset of [arg0, ..., arg(i-1)], but
+        # not a very interesting subset!
+
+    def _match_long_opt(
+        self, opt: str, explicit_value: t.Optional[str], state: ParsingState
+    ) -> None:
+        if opt not in self._long_opt:
+            from difflib import get_close_matches
+
+            possibilities = get_close_matches(opt, self._long_opt)
+            raise NoSuchOption(opt, possibilities=possibilities, ctx=self.ctx)
+
+        option = self._long_opt[opt]
+        if option.takes_value:
+            # At this point it's safe to modify rargs by injecting the
+            # explicit value, because no exception is raised in this
+            # branch.  This means that the inserted value will be fully
+            # consumed.
+            if explicit_value is not None:
+                state.rargs.insert(0, explicit_value)
+
+            value = self._get_value_from_state(opt, option, state)
+
+        elif explicit_value is not None:
+            raise BadOptionUsage(
+                opt, _("Option {name!r} does not take a value.").format(name=opt)
+            )
+
+        else:
+            value = None
+
+        option.process(value, state)
+
+    def _match_short_opt(self, arg: str, state: ParsingState) -> None:
+        stop = False
+        i = 1
+        prefix = arg[0]
+        unknown_options = []
+
+        for ch in arg[1:]:
+            opt = normalize_opt(f"{prefix}{ch}", self.ctx)
+            option = self._short_opt.get(opt)
+            i += 1
+
+            if not option:
+                if self.ignore_unknown_options:
+                    unknown_options.append(ch)
+                    continue
+                raise NoSuchOption(opt, ctx=self.ctx)
+            if option.takes_value:
+                # Any characters left in arg?  Pretend they're the
+                # next arg, and stop consuming characters of arg.
+                if i < len(arg):
+                    state.rargs.insert(0, arg[i:])
+                    stop = True
+
+                value = self._get_value_from_state(opt, option, state)
+
+            else:
+                value = None
+
+            option.process(value, state)
+
+            if stop:
+                break
+
+        # If we got any unknown options we recombine the string of the
+        # remaining options and re-attach the prefix, then report that
+        # to the state as new larg.  This way there is basic combinatorics
+        # that can be achieved while still ignoring unknown arguments.
+        if self.ignore_unknown_options and unknown_options:
+            state.largs.append(f"{prefix}{''.join(unknown_options)}")
+
+    def _get_value_from_state(
+        self, option_name: str, option: Option, state: ParsingState
+    ) -> t.Any:
+        nargs = option.nargs
+
+        if len(state.rargs) < nargs:
+            if option.obj._flag_needs_value:
+                # Option allows omitting the value.
+                value = _flag_needs_value
+            else:
+                raise BadOptionUsage(
+                    option_name,
+                    ngettext(
+                        "Option {name!r} requires an argument.",
+                        "Option {name!r} requires {nargs} arguments.",
+                        nargs,
+                    ).format(name=option_name, nargs=nargs),
+                )
+        elif nargs == 1:
+            next_rarg = state.rargs[0]
+
+            if (
+                option.obj._flag_needs_value
+                and isinstance(next_rarg, str)
+                and next_rarg[:1] in self._opt_prefixes
+                and len(next_rarg) > 1
+            ):
+                # The next arg looks like the start of an option, don't
+                # use it as the value if omitting the value is allowed.
+                value = _flag_needs_value
+            else:
+                value = state.rargs.pop(0)
+        else:
+            value = tuple(state.rargs[:nargs])
+            del state.rargs[:nargs]
+
+        return value
+
+    def _process_opts(self, arg: str, state: ParsingState) -> None:
+        explicit_value = None
+        # Long option handling happens in two parts.  The first part is
+        # supporting explicitly attached values.  In any case, we will try
+        # to long match the option first.
+        if "=" in arg:
+            long_opt, explicit_value = arg.split("=", 1)
+        else:
+            long_opt = arg
+        norm_long_opt = normalize_opt(long_opt, self.ctx)
+
+        # At this point we will match the (assumed) long option through
+        # the long option matching code.  Note that this allows options
+        # like "-foo" to be matched as long options.
+        try:
+            self._match_long_opt(norm_long_opt, explicit_value, state)
+        except NoSuchOption:
+            # At this point the long option matching failed, and we need
+            # to try with short options.  However there is a special rule
+            # which says, that if we have a two character options prefix
+            # (applies to "--foo" for instance), we do not dispatch to the
+            # short option code and will instead raise the no option
+            # error.
+            if arg[:2] not in self._opt_prefixes:
+                self._match_short_opt(arg, state)
+                return
+
+            if not self.ignore_unknown_options:
+                raise
+
+            state.largs.append(arg)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/py.typed b/lib/go-jinja2/internal/data/linux-arm64/click/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/shell_completion.py b/lib/go-jinja2/internal/data/linux-arm64/click/shell_completion.py
new file mode 100644
index 000000000..dc9e00b9b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/shell_completion.py
@@ -0,0 +1,596 @@
+import os
+import re
+import typing as t
+from gettext import gettext as _
+
+from .core import Argument
+from .core import BaseCommand
+from .core import Context
+from .core import MultiCommand
+from .core import Option
+from .core import Parameter
+from .core import ParameterSource
+from .parser import split_arg_string
+from .utils import echo
+
+
+def shell_complete(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    complete_var: str,
+    instruction: str,
+) -> int:
+    """Perform shell completion for the given CLI program.
+
+    :param cli: Command being called.
+    :param ctx_args: Extra arguments to pass to
+        ``cli.make_context``.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+    :param instruction: Value of ``complete_var`` with the completion
+        instruction and shell, in the form ``instruction_shell``.
+    :return: Status code to exit with.
+    """
+    shell, _, instruction = instruction.partition("_")
+    comp_cls = get_completion_class(shell)
+
+    if comp_cls is None:
+        return 1
+
+    comp = comp_cls(cli, ctx_args, prog_name, complete_var)
+
+    if instruction == "source":
+        echo(comp.source())
+        return 0
+
+    if instruction == "complete":
+        echo(comp.complete())
+        return 0
+
+    return 1
+
+
+class CompletionItem:
+    """Represents a completion value and metadata about the value. The
+    default metadata is ``type`` to indicate special shell handling,
+    and ``help`` if a shell supports showing a help string next to the
+    value.
+
+    Arbitrary parameters can be passed when creating the object, and
+    accessed using ``item.attr``. If an attribute wasn't passed,
+    accessing it returns ``None``.
+
+    :param value: The completion suggestion.
+    :param type: Tells the shell script to provide special completion
+        support for the type. Click uses ``"dir"`` and ``"file"``.
+    :param help: String shown next to the value if supported.
+    :param kwargs: Arbitrary metadata. The built-in implementations
+        don't use this, but custom type completions paired with custom
+        shell support could use it.
+    """
+
+    __slots__ = ("value", "type", "help", "_info")
+
+    def __init__(
+        self,
+        value: t.Any,
+        type: str = "plain",
+        help: t.Optional[str] = None,
+        **kwargs: t.Any,
+    ) -> None:
+        self.value: t.Any = value
+        self.type: str = type
+        self.help: t.Optional[str] = help
+        self._info = kwargs
+
+    def __getattr__(self, name: str) -> t.Any:
+        return self._info.get(name)
+
+
+# Only Bash >= 4.4 has the nosort option.
+_SOURCE_BASH = """\
+%(complete_func)s() {
+    local IFS=$'\\n'
+    local response
+
+    response=$(env COMP_WORDS="${COMP_WORDS[*]}" COMP_CWORD=$COMP_CWORD \
+%(complete_var)s=bash_complete $1)
+
+    for completion in $response; do
+        IFS=',' read type value <<< "$completion"
+
+        if [[ $type == 'dir' ]]; then
+            COMPREPLY=()
+            compopt -o dirnames
+        elif [[ $type == 'file' ]]; then
+            COMPREPLY=()
+            compopt -o default
+        elif [[ $type == 'plain' ]]; then
+            COMPREPLY+=($value)
+        fi
+    done
+
+    return 0
+}
+
+%(complete_func)s_setup() {
+    complete -o nosort -F %(complete_func)s %(prog_name)s
+}
+
+%(complete_func)s_setup;
+"""
+
+_SOURCE_ZSH = """\
+#compdef %(prog_name)s
+
+%(complete_func)s() {
+    local -a completions
+    local -a completions_with_descriptions
+    local -a response
+    (( ! $+commands[%(prog_name)s] )) && return 1
+
+    response=("${(@f)$(env COMP_WORDS="${words[*]}" COMP_CWORD=$((CURRENT-1)) \
+%(complete_var)s=zsh_complete %(prog_name)s)}")
+
+    for type key descr in ${response}; do
+        if [[ "$type" == "plain" ]]; then
+            if [[ "$descr" == "_" ]]; then
+                completions+=("$key")
+            else
+                completions_with_descriptions+=("$key":"$descr")
+            fi
+        elif [[ "$type" == "dir" ]]; then
+            _path_files -/
+        elif [[ "$type" == "file" ]]; then
+            _path_files -f
+        fi
+    done
+
+    if [ -n "$completions_with_descriptions" ]; then
+        _describe -V unsorted completions_with_descriptions -U
+    fi
+
+    if [ -n "$completions" ]; then
+        compadd -U -V unsorted -a completions
+    fi
+}
+
+if [[ $zsh_eval_context[-1] == loadautofunc ]]; then
+    # autoload from fpath, call function directly
+    %(complete_func)s "$@"
+else
+    # eval/source/. command, register function for later
+    compdef %(complete_func)s %(prog_name)s
+fi
+"""
+
+_SOURCE_FISH = """\
+function %(complete_func)s;
+    set -l response (env %(complete_var)s=fish_complete COMP_WORDS=(commandline -cp) \
+COMP_CWORD=(commandline -t) %(prog_name)s);
+
+    for completion in $response;
+        set -l metadata (string split "," $completion);
+
+        if test $metadata[1] = "dir";
+            __fish_complete_directories $metadata[2];
+        else if test $metadata[1] = "file";
+            __fish_complete_path $metadata[2];
+        else if test $metadata[1] = "plain";
+            echo $metadata[2];
+        end;
+    end;
+end;
+
+complete --no-files --command %(prog_name)s --arguments \
+"(%(complete_func)s)";
+"""
+
+
+class ShellComplete:
+    """Base class for providing shell completion support. A subclass for
+    a given shell will override attributes and methods to implement the
+    completion instructions (``source`` and ``complete``).
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+
+    .. versionadded:: 8.0
+    """
+
+    name: t.ClassVar[str]
+    """Name to register the shell as with :func:`add_completion_class`.
+    This is used in completion instructions (``{name}_source`` and
+    ``{name}_complete``).
+    """
+
+    source_template: t.ClassVar[str]
+    """Completion script template formatted by :meth:`source`. This must
+    be provided by subclasses.
+    """
+
+    def __init__(
+        self,
+        cli: BaseCommand,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: str,
+    ) -> None:
+        self.cli = cli
+        self.ctx_args = ctx_args
+        self.prog_name = prog_name
+        self.complete_var = complete_var
+
+    @property
+    def func_name(self) -> str:
+        """The name of the shell function defined by the completion
+        script.
+        """
+        safe_name = re.sub(r"\W*", "", self.prog_name.replace("-", "_"), flags=re.ASCII)
+        return f"_{safe_name}_completion"
+
+    def source_vars(self) -> t.Dict[str, t.Any]:
+        """Vars for formatting :attr:`source_template`.
+
+        By default this provides ``complete_func``, ``complete_var``,
+        and ``prog_name``.
+        """
+        return {
+            "complete_func": self.func_name,
+            "complete_var": self.complete_var,
+            "prog_name": self.prog_name,
+        }
+
+    def source(self) -> str:
+        """Produce the shell script that defines the completion
+        function. By default this ``%``-style formats
+        :attr:`source_template` with the dict returned by
+        :meth:`source_vars`.
+        """
+        return self.source_template % self.source_vars()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        """Use the env vars defined by the shell script to return a
+        tuple of ``args, incomplete``. This must be implemented by
+        subclasses.
+        """
+        raise NotImplementedError
+
+    def get_completions(
+        self, args: t.List[str], incomplete: str
+    ) -> t.List[CompletionItem]:
+        """Determine the context and last complete command or parameter
+        from the complete args. Call that object's ``shell_complete``
+        method to get the completions for the incomplete value.
+
+        :param args: List of complete args before the incomplete value.
+        :param incomplete: Value being completed. May be empty.
+        """
+        ctx = _resolve_context(self.cli, self.ctx_args, self.prog_name, args)
+        obj, incomplete = _resolve_incomplete(ctx, args, incomplete)
+        return obj.shell_complete(ctx, incomplete)
+
+    def format_completion(self, item: CompletionItem) -> str:
+        """Format a completion item into the form recognized by the
+        shell script. This must be implemented by subclasses.
+
+        :param item: Completion item to format.
+        """
+        raise NotImplementedError
+
+    def complete(self) -> str:
+        """Produce the completion data to send back to the shell.
+
+        By default this calls :meth:`get_completion_args`, gets the
+        completions, then calls :meth:`format_completion` for each
+        completion.
+        """
+        args, incomplete = self.get_completion_args()
+        completions = self.get_completions(args, incomplete)
+        out = [self.format_completion(item) for item in completions]
+        return "\n".join(out)
+
+
+class BashComplete(ShellComplete):
+    """Shell completion for Bash."""
+
+    name = "bash"
+    source_template = _SOURCE_BASH
+
+    @staticmethod
+    def _check_version() -> None:
+        import subprocess
+
+        output = subprocess.run(
+            ["bash", "-c", 'echo "${BASH_VERSION}"'], stdout=subprocess.PIPE
+        )
+        match = re.search(r"^(\d+)\.(\d+)\.\d+", output.stdout.decode())
+
+        if match is not None:
+            major, minor = match.groups()
+
+            if major < "4" or major == "4" and minor < "4":
+                echo(
+                    _(
+                        "Shell completion is not supported for Bash"
+                        " versions older than 4.4."
+                    ),
+                    err=True,
+                )
+        else:
+            echo(
+                _("Couldn't detect Bash version, shell completion is not supported."),
+                err=True,
+            )
+
+    def source(self) -> str:
+        self._check_version()
+        return super().source()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type},{item.value}"
+
+
+class ZshComplete(ShellComplete):
+    """Shell completion for Zsh."""
+
+    name = "zsh"
+    source_template = _SOURCE_ZSH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type}\n{item.value}\n{item.help if item.help else '_'}"
+
+
+class FishComplete(ShellComplete):
+    """Shell completion for Fish."""
+
+    name = "fish"
+    source_template = _SOURCE_FISH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        incomplete = os.environ["COMP_CWORD"]
+        args = cwords[1:]
+
+        # Fish stores the partial word in both COMP_WORDS and
+        # COMP_CWORD, remove it from complete args.
+        if incomplete and args and args[-1] == incomplete:
+            args.pop()
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        if item.help:
+            return f"{item.type},{item.value}\t{item.help}"
+
+        return f"{item.type},{item.value}"
+
+
+ShellCompleteType = t.TypeVar("ShellCompleteType", bound=t.Type[ShellComplete])
+
+
+_available_shells: t.Dict[str, t.Type[ShellComplete]] = {
+    "bash": BashComplete,
+    "fish": FishComplete,
+    "zsh": ZshComplete,
+}
+
+
+def add_completion_class(
+    cls: ShellCompleteType, name: t.Optional[str] = None
+) -> ShellCompleteType:
+    """Register a :class:`ShellComplete` subclass under the given name.
+    The name will be provided by the completion instruction environment
+    variable during completion.
+
+    :param cls: The completion class that will handle completion for the
+        shell.
+    :param name: Name to register the class under. Defaults to the
+        class's ``name`` attribute.
+    """
+    if name is None:
+        name = cls.name
+
+    _available_shells[name] = cls
+
+    return cls
+
+
+def get_completion_class(shell: str) -> t.Optional[t.Type[ShellComplete]]:
+    """Look up a registered :class:`ShellComplete` subclass by the name
+    provided by the completion instruction environment variable. If the
+    name isn't registered, returns ``None``.
+
+    :param shell: Name the class is registered under.
+    """
+    return _available_shells.get(shell)
+
+
+def _is_incomplete_argument(ctx: Context, param: Parameter) -> bool:
+    """Determine if the given parameter is an argument that can still
+    accept values.
+
+    :param ctx: Invocation context for the command represented by the
+        parsed complete args.
+    :param param: Argument object being checked.
+    """
+    if not isinstance(param, Argument):
+        return False
+
+    assert param.name is not None
+    # Will be None if expose_value is False.
+    value = ctx.params.get(param.name)
+    return (
+        param.nargs == -1
+        or ctx.get_parameter_source(param.name) is not ParameterSource.COMMANDLINE
+        or (
+            param.nargs > 1
+            and isinstance(value, (tuple, list))
+            and len(value) < param.nargs
+        )
+    )
+
+
+def _start_of_option(ctx: Context, value: str) -> bool:
+    """Check if the value looks like the start of an option."""
+    if not value:
+        return False
+
+    c = value[0]
+    return c in ctx._opt_prefixes
+
+
+def _is_incomplete_option(ctx: Context, args: t.List[str], param: Parameter) -> bool:
+    """Determine if the given parameter is an option that needs a value.
+
+    :param args: List of complete args before the incomplete value.
+    :param param: Option object being checked.
+    """
+    if not isinstance(param, Option):
+        return False
+
+    if param.is_flag or param.count:
+        return False
+
+    last_option = None
+
+    for index, arg in enumerate(reversed(args)):
+        if index + 1 > param.nargs:
+            break
+
+        if _start_of_option(ctx, arg):
+            last_option = arg
+
+    return last_option is not None and last_option in param.opts
+
+
+def _resolve_context(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    args: t.List[str],
+) -> Context:
+    """Produce the context hierarchy starting with the command and
+    traversing the complete arguments. This only follows the commands,
+    it doesn't trigger input prompts or callbacks.
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param args: List of complete args before the incomplete value.
+    """
+    ctx_args["resilient_parsing"] = True
+    ctx = cli.make_context(prog_name, args.copy(), **ctx_args)
+    args = ctx.protected_args + ctx.args
+
+    while args:
+        command = ctx.command
+
+        if isinstance(command, MultiCommand):
+            if not command.chain:
+                name, cmd, args = command.resolve_command(ctx, args)
+
+                if cmd is None:
+                    return ctx
+
+                ctx = cmd.make_context(name, args, parent=ctx, resilient_parsing=True)
+                args = ctx.protected_args + ctx.args
+            else:
+                sub_ctx = ctx
+
+                while args:
+                    name, cmd, args = command.resolve_command(ctx, args)
+
+                    if cmd is None:
+                        return ctx
+
+                    sub_ctx = cmd.make_context(
+                        name,
+                        args,
+                        parent=ctx,
+                        allow_extra_args=True,
+                        allow_interspersed_args=False,
+                        resilient_parsing=True,
+                    )
+                    args = sub_ctx.args
+
+                ctx = sub_ctx
+                args = [*sub_ctx.protected_args, *sub_ctx.args]
+        else:
+            break
+
+    return ctx
+
+
+def _resolve_incomplete(
+    ctx: Context, args: t.List[str], incomplete: str
+) -> t.Tuple[t.Union[BaseCommand, Parameter], str]:
+    """Find the Click object that will handle the completion of the
+    incomplete value. Return the object and the incomplete value.
+
+    :param ctx: Invocation context for the command represented by
+        the parsed complete args.
+    :param args: List of complete args before the incomplete value.
+    :param incomplete: Value being completed. May be empty.
+    """
+    # Different shells treat an "=" between a long option name and
+    # value differently. Might keep the value joined, return the "="
+    # as a separate item, or return the split name and value. Always
+    # split and discard the "=" to make completion easier.
+    if incomplete == "=":
+        incomplete = ""
+    elif "=" in incomplete and _start_of_option(ctx, incomplete):
+        name, _, incomplete = incomplete.partition("=")
+        args.append(name)
+
+    # The "--" marker tells Click to stop treating values as options
+    # even if they start with the option character. If it hasn't been
+    # given and the incomplete arg looks like an option, the current
+    # command will provide option name completions.
+    if "--" not in args and _start_of_option(ctx, incomplete):
+        return ctx.command, incomplete
+
+    params = ctx.command.get_params(ctx)
+
+    # If the last complete arg is an option name with an incomplete
+    # value, the option will provide value completions.
+    for param in params:
+        if _is_incomplete_option(ctx, args, param):
+            return param, incomplete
+
+    # It's not an option name or value. The first argument without a
+    # parsed value will provide value completions.
+    for param in params:
+        if _is_incomplete_argument(ctx, param):
+            return param, incomplete
+
+    # There were no unparsed arguments, the command may be a group that
+    # will provide command name completions.
+    return ctx.command, incomplete
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/termui.py b/lib/go-jinja2/internal/data/linux-arm64/click/termui.py
new file mode 100644
index 000000000..db7a4b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/termui.py
@@ -0,0 +1,784 @@
+import inspect
+import io
+import itertools
+import sys
+import typing as t
+from gettext import gettext as _
+
+from ._compat import isatty
+from ._compat import strip_ansi
+from .exceptions import Abort
+from .exceptions import UsageError
+from .globals import resolve_color_default
+from .types import Choice
+from .types import convert_type
+from .types import ParamType
+from .utils import echo
+from .utils import LazyFile
+
+if t.TYPE_CHECKING:
+    from ._termui_impl import ProgressBar
+
+V = t.TypeVar("V")
+
+# The prompt functions to use.  The doc tools currently override these
+# functions to customize how they work.
+visible_prompt_func: t.Callable[[str], str] = input
+
+_ansi_colors = {
+    "black": 30,
+    "red": 31,
+    "green": 32,
+    "yellow": 33,
+    "blue": 34,
+    "magenta": 35,
+    "cyan": 36,
+    "white": 37,
+    "reset": 39,
+    "bright_black": 90,
+    "bright_red": 91,
+    "bright_green": 92,
+    "bright_yellow": 93,
+    "bright_blue": 94,
+    "bright_magenta": 95,
+    "bright_cyan": 96,
+    "bright_white": 97,
+}
+_ansi_reset_all = "\033[0m"
+
+
+def hidden_prompt_func(prompt: str) -> str:
+    import getpass
+
+    return getpass.getpass(prompt)
+
+
+def _build_prompt(
+    text: str,
+    suffix: str,
+    show_default: bool = False,
+    default: t.Optional[t.Any] = None,
+    show_choices: bool = True,
+    type: t.Optional[ParamType] = None,
+) -> str:
+    prompt = text
+    if type is not None and show_choices and isinstance(type, Choice):
+        prompt += f" ({', '.join(map(str, type.choices))})"
+    if default is not None and show_default:
+        prompt = f"{prompt} [{_format_default(default)}]"
+    return f"{prompt}{suffix}"
+
+
+def _format_default(default: t.Any) -> t.Any:
+    if isinstance(default, (io.IOBase, LazyFile)) and hasattr(default, "name"):
+        return default.name
+
+    return default
+
+
+def prompt(
+    text: str,
+    default: t.Optional[t.Any] = None,
+    hide_input: bool = False,
+    confirmation_prompt: t.Union[bool, str] = False,
+    type: t.Optional[t.Union[ParamType, t.Any]] = None,
+    value_proc: t.Optional[t.Callable[[str], t.Any]] = None,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+    show_choices: bool = True,
+) -> t.Any:
+    """Prompts a user for input.  This is a convenience function that can
+    be used to prompt a user for input later.
+
+    If the user aborts the input by sending an interrupt signal, this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the text to show for the prompt.
+    :param default: the default value to use if no input happens.  If this
+                    is not given it will prompt until it's aborted.
+    :param hide_input: if this is set to true then the input value will
+                       be hidden.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value. Can be set to a string instead of ``True`` to customize
+        the message.
+    :param type: the type to use to check the value against.
+    :param value_proc: if this parameter is provided it's a function that
+                       is invoked instead of the type conversion to
+                       convert a value.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    :param show_choices: Show or hide choices if the passed type is a Choice.
+                         For example if type is a Choice of either day or week,
+                         show_choices is true and text is "Group by" then the
+                         prompt will be "Group by (day, week): ".
+
+    .. versionadded:: 8.0
+        ``confirmation_prompt`` can be a custom string.
+
+    .. versionadded:: 7.0
+        Added the ``show_choices`` parameter.
+
+    .. versionadded:: 6.0
+        Added unicode support for cmd.exe on Windows.
+
+    .. versionadded:: 4.0
+        Added the `err` parameter.
+
+    """
+
+    def prompt_func(text: str) -> str:
+        f = hidden_prompt_func if hide_input else visible_prompt_func
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(text.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            return f(" ")
+        except (KeyboardInterrupt, EOFError):
+            # getpass doesn't print a newline if the user aborts input with ^C.
+            # Allegedly this behavior is inherited from getpass(3).
+            # A doc bug has been filed at https://bugs.python.org/issue24711
+            if hide_input:
+                echo(None, err=err)
+            raise Abort() from None
+
+    if value_proc is None:
+        value_proc = convert_type(type, default)
+
+    prompt = _build_prompt(
+        text, prompt_suffix, show_default, default, show_choices, type
+    )
+
+    if confirmation_prompt:
+        if confirmation_prompt is True:
+            confirmation_prompt = _("Repeat for confirmation")
+
+        confirmation_prompt = _build_prompt(confirmation_prompt, prompt_suffix)
+
+    while True:
+        while True:
+            value = prompt_func(prompt)
+            if value:
+                break
+            elif default is not None:
+                value = default
+                break
+        try:
+            result = value_proc(value)
+        except UsageError as e:
+            if hide_input:
+                echo(_("Error: The value you entered was invalid."), err=err)
+            else:
+                echo(_("Error: {e.message}").format(e=e), err=err)  # noqa: B306
+            continue
+        if not confirmation_prompt:
+            return result
+        while True:
+            value2 = prompt_func(confirmation_prompt)
+            is_empty = not value and not value2
+            if value2 or is_empty:
+                break
+        if value == value2:
+            return result
+        echo(_("Error: The two entered values do not match."), err=err)
+
+
+def confirm(
+    text: str,
+    default: t.Optional[bool] = False,
+    abort: bool = False,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+) -> bool:
+    """Prompts for confirmation (yes/no question).
+
+    If the user aborts the input by sending a interrupt signal this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the question to ask.
+    :param default: The default value to use when no input is given. If
+        ``None``, repeat until input is given.
+    :param abort: if this is set to `True` a negative answer aborts the
+                  exception by raising :exc:`Abort`.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+
+    .. versionchanged:: 8.0
+        Repeat until input is given if ``default`` is ``None``.
+
+    .. versionadded:: 4.0
+        Added the ``err`` parameter.
+    """
+    prompt = _build_prompt(
+        text,
+        prompt_suffix,
+        show_default,
+        "y/n" if default is None else ("Y/n" if default else "y/N"),
+    )
+
+    while True:
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(prompt.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            value = visible_prompt_func(" ").lower().strip()
+        except (KeyboardInterrupt, EOFError):
+            raise Abort() from None
+        if value in ("y", "yes"):
+            rv = True
+        elif value in ("n", "no"):
+            rv = False
+        elif default is not None and value == "":
+            rv = default
+        else:
+            echo(_("Error: invalid input"), err=err)
+            continue
+        break
+    if abort and not rv:
+        raise Abort()
+    return rv
+
+
+def echo_via_pager(
+    text_or_generator: t.Union[t.Iterable[str], t.Callable[[], t.Iterable[str]], str],
+    color: t.Optional[bool] = None,
+) -> None:
+    """This function takes a text and shows it via an environment specific
+    pager on stdout.
+
+    .. versionchanged:: 3.0
+       Added the `color` flag.
+
+    :param text_or_generator: the text to page, or alternatively, a
+                              generator emitting the text to page.
+    :param color: controls if the pager supports ANSI colors or not.  The
+                  default is autodetection.
+    """
+    color = resolve_color_default(color)
+
+    if inspect.isgeneratorfunction(text_or_generator):
+        i = t.cast(t.Callable[[], t.Iterable[str]], text_or_generator)()
+    elif isinstance(text_or_generator, str):
+        i = [text_or_generator]
+    else:
+        i = iter(t.cast(t.Iterable[str], text_or_generator))
+
+    # convert every element of i to a text type if necessary
+    text_generator = (el if isinstance(el, str) else str(el) for el in i)
+
+    from ._termui_impl import pager
+
+    return pager(itertools.chain(text_generator, "\n"), color)
+
+
+def progressbar(
+    iterable: t.Optional[t.Iterable[V]] = None,
+    length: t.Optional[int] = None,
+    label: t.Optional[str] = None,
+    show_eta: bool = True,
+    show_percent: t.Optional[bool] = None,
+    show_pos: bool = False,
+    item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+    fill_char: str = "#",
+    empty_char: str = "-",
+    bar_template: str = "%(label)s  [%(bar)s]  %(info)s",
+    info_sep: str = "  ",
+    width: int = 36,
+    file: t.Optional[t.TextIO] = None,
+    color: t.Optional[bool] = None,
+    update_min_steps: int = 1,
+) -> "ProgressBar[V]":
+    """This function creates an iterable context manager that can be used
+    to iterate over something while showing a progress bar.  It will
+    either iterate over the `iterable` or `length` items (that are counted
+    up).  While iteration happens, this function will print a rendered
+    progress bar to the given `file` (defaults to stdout) and will attempt
+    to calculate remaining time and more.  By default, this progress bar
+    will not be rendered if the file is not a terminal.
+
+    The context manager creates the progress bar.  When the context
+    manager is entered the progress bar is already created.  With every
+    iteration over the progress bar, the iterable passed to the bar is
+    advanced and the bar is updated.  When the context manager exits,
+    a newline is printed and the progress bar is finalized on screen.
+
+    Note: The progress bar is currently designed for use cases where the
+    total progress can be expected to take at least several seconds.
+    Because of this, the ProgressBar class object won't display
+    progress that is considered too fast, and progress where the time
+    between steps is less than a second.
+
+    No printing must happen or the progress bar will be unintentionally
+    destroyed.
+
+    Example usage::
+
+        with progressbar(items) as bar:
+            for item in bar:
+                do_something_with(item)
+
+    Alternatively, if no iterable is specified, one can manually update the
+    progress bar through the `update()` method instead of directly
+    iterating over the progress bar.  The update method accepts the number
+    of steps to increment the bar with::
+
+        with progressbar(length=chunks.total_bytes) as bar:
+            for chunk in chunks:
+                process_chunk(chunk)
+                bar.update(chunks.bytes)
+
+    The ``update()`` method also takes an optional value specifying the
+    ``current_item`` at the new position. This is useful when used
+    together with ``item_show_func`` to customize the output for each
+    manual step::
+
+        with click.progressbar(
+            length=total_size,
+            label='Unzipping archive',
+            item_show_func=lambda a: a.filename
+        ) as bar:
+            for archive in zip_file:
+                archive.extract()
+                bar.update(archive.size, archive)
+
+    :param iterable: an iterable to iterate over.  If not provided the length
+                     is required.
+    :param length: the number of items to iterate over.  By default the
+                   progressbar will attempt to ask the iterator about its
+                   length, which might or might not work.  If an iterable is
+                   also provided this parameter can be used to override the
+                   length.  If an iterable is not provided the progress bar
+                   will iterate over a range of that length.
+    :param label: the label to show next to the progress bar.
+    :param show_eta: enables or disables the estimated time display.  This is
+                     automatically disabled if the length cannot be
+                     determined.
+    :param show_percent: enables or disables the percentage display.  The
+                         default is `True` if the iterable has a length or
+                         `False` if not.
+    :param show_pos: enables or disables the absolute position display.  The
+                     default is `False`.
+    :param item_show_func: A function called with the current item which
+        can return a string to show next to the progress bar. If the
+        function returns ``None`` nothing is shown. The current item can
+        be ``None``, such as when entering and exiting the bar.
+    :param fill_char: the character to use to show the filled part of the
+                      progress bar.
+    :param empty_char: the character to use to show the non-filled part of
+                       the progress bar.
+    :param bar_template: the format string to use as template for the bar.
+                         The parameters in it are ``label`` for the label,
+                         ``bar`` for the progress bar and ``info`` for the
+                         info section.
+    :param info_sep: the separator between multiple info items (eta etc.)
+    :param width: the width of the progress bar in characters, 0 means full
+                  terminal width
+    :param file: The file to write to. If this is not a terminal then
+        only the label is printed.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are included anywhere in the progress bar output
+                  which is not the case by default.
+    :param update_min_steps: Render only when this many updates have
+        completed. This allows tuning for very fast iterators.
+
+    .. versionchanged:: 8.0
+        Output is shown even if execution time is less than 0.5 seconds.
+
+    .. versionchanged:: 8.0
+        ``item_show_func`` shows the current item, not the previous one.
+
+    .. versionchanged:: 8.0
+        Labels are echoed if the output is not a TTY. Reverts a change
+        in 7.0 that removed all output.
+
+    .. versionadded:: 8.0
+       Added the ``update_min_steps`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter. Added the ``update`` method to
+        the object.
+
+    .. versionadded:: 2.0
+    """
+    from ._termui_impl import ProgressBar
+
+    color = resolve_color_default(color)
+    return ProgressBar(
+        iterable=iterable,
+        length=length,
+        show_eta=show_eta,
+        show_percent=show_percent,
+        show_pos=show_pos,
+        item_show_func=item_show_func,
+        fill_char=fill_char,
+        empty_char=empty_char,
+        bar_template=bar_template,
+        info_sep=info_sep,
+        file=file,
+        label=label,
+        width=width,
+        color=color,
+        update_min_steps=update_min_steps,
+    )
+
+
+def clear() -> None:
+    """Clears the terminal screen.  This will have the effect of clearing
+    the whole visible space of the terminal and moving the cursor to the
+    top left.  This does not do anything if not connected to a terminal.
+
+    .. versionadded:: 2.0
+    """
+    if not isatty(sys.stdout):
+        return
+
+    # ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
+    echo("\033[2J\033[1;1H", nl=False)
+
+
+def _interpret_color(
+    color: t.Union[int, t.Tuple[int, int, int], str], offset: int = 0
+) -> str:
+    if isinstance(color, int):
+        return f"{38 + offset};5;{color:d}"
+
+    if isinstance(color, (tuple, list)):
+        r, g, b = color
+        return f"{38 + offset};2;{r:d};{g:d};{b:d}"
+
+    return str(_ansi_colors[color] + offset)
+
+
+def style(
+    text: t.Any,
+    fg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bold: t.Optional[bool] = None,
+    dim: t.Optional[bool] = None,
+    underline: t.Optional[bool] = None,
+    overline: t.Optional[bool] = None,
+    italic: t.Optional[bool] = None,
+    blink: t.Optional[bool] = None,
+    reverse: t.Optional[bool] = None,
+    strikethrough: t.Optional[bool] = None,
+    reset: bool = True,
+) -> str:
+    """Styles a text with ANSI styles and returns the new string.  By
+    default the styling is self contained which means that at the end
+    of the string a reset code is issued.  This can be prevented by
+    passing ``reset=False``.
+
+    Examples::
+
+        click.echo(click.style('Hello World!', fg='green'))
+        click.echo(click.style('ATTENTION!', blink=True))
+        click.echo(click.style('Some things', reverse=True, fg='cyan'))
+        click.echo(click.style('More colors', fg=(255, 12, 128), bg=117))
+
+    Supported color names:
+
+    * ``black`` (might be a gray)
+    * ``red``
+    * ``green``
+    * ``yellow`` (might be an orange)
+    * ``blue``
+    * ``magenta``
+    * ``cyan``
+    * ``white`` (might be light gray)
+    * ``bright_black``
+    * ``bright_red``
+    * ``bright_green``
+    * ``bright_yellow``
+    * ``bright_blue``
+    * ``bright_magenta``
+    * ``bright_cyan``
+    * ``bright_white``
+    * ``reset`` (reset the color code only)
+
+    If the terminal supports it, color may also be specified as:
+
+    -   An integer in the interval [0, 255]. The terminal must support
+        8-bit/256-color mode.
+    -   An RGB tuple of three integers in [0, 255]. The terminal must
+        support 24-bit/true-color mode.
+
+    See https://en.wikipedia.org/wiki/ANSI_color and
+    https://gist.github.com/XVilka/8346728 for more information.
+
+    :param text: the string to style with ansi codes.
+    :param fg: if provided this will become the foreground color.
+    :param bg: if provided this will become the background color.
+    :param bold: if provided this will enable or disable bold mode.
+    :param dim: if provided this will enable or disable dim mode.  This is
+                badly supported.
+    :param underline: if provided this will enable or disable underline.
+    :param overline: if provided this will enable or disable overline.
+    :param italic: if provided this will enable or disable italic.
+    :param blink: if provided this will enable or disable blinking.
+    :param reverse: if provided this will enable or disable inverse
+                    rendering (foreground becomes background and the
+                    other way round).
+    :param strikethrough: if provided this will enable or disable
+        striking through text.
+    :param reset: by default a reset-all code is added at the end of the
+                  string which means that styles do not carry over.  This
+                  can be disabled to compose styles.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string.
+
+    .. versionchanged:: 8.0
+       Added support for 256 and RGB color codes.
+
+    .. versionchanged:: 8.0
+        Added the ``strikethrough``, ``italic``, and ``overline``
+        parameters.
+
+    .. versionchanged:: 7.0
+        Added support for bright colors.
+
+    .. versionadded:: 2.0
+    """
+    if not isinstance(text, str):
+        text = str(text)
+
+    bits = []
+
+    if fg:
+        try:
+            bits.append(f"\033[{_interpret_color(fg)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {fg!r}") from None
+
+    if bg:
+        try:
+            bits.append(f"\033[{_interpret_color(bg, 10)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {bg!r}") from None
+
+    if bold is not None:
+        bits.append(f"\033[{1 if bold else 22}m")
+    if dim is not None:
+        bits.append(f"\033[{2 if dim else 22}m")
+    if underline is not None:
+        bits.append(f"\033[{4 if underline else 24}m")
+    if overline is not None:
+        bits.append(f"\033[{53 if overline else 55}m")
+    if italic is not None:
+        bits.append(f"\033[{3 if italic else 23}m")
+    if blink is not None:
+        bits.append(f"\033[{5 if blink else 25}m")
+    if reverse is not None:
+        bits.append(f"\033[{7 if reverse else 27}m")
+    if strikethrough is not None:
+        bits.append(f"\033[{9 if strikethrough else 29}m")
+    bits.append(text)
+    if reset:
+        bits.append(_ansi_reset_all)
+    return "".join(bits)
+
+
+def unstyle(text: str) -> str:
+    """Removes ANSI styling information from a string.  Usually it's not
+    necessary to use this function as Click's echo function will
+    automatically remove styling if necessary.
+
+    .. versionadded:: 2.0
+
+    :param text: the text to remove style information from.
+    """
+    return strip_ansi(text)
+
+
+def secho(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.AnyStr]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+    **styles: t.Any,
+) -> None:
+    """This function combines :func:`echo` and :func:`style` into one
+    call.  As such the following two calls are the same::
+
+        click.secho('Hello World!', fg='green')
+        click.echo(click.style('Hello World!', fg='green'))
+
+    All keyword arguments are forwarded to the underlying functions
+    depending on which one they go with.
+
+    Non-string types will be converted to :class:`str`. However,
+    :class:`bytes` are passed directly to :meth:`echo` without applying
+    style. If you want to style bytes that represent text, call
+    :meth:`bytes.decode` first.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string. Bytes are
+        passed through without style applied.
+
+    .. versionadded:: 2.0
+    """
+    if message is not None and not isinstance(message, (bytes, bytearray)):
+        message = style(message, **styles)
+
+    return echo(message, file=file, nl=nl, err=err, color=color)
+
+
+def edit(
+    text: t.Optional[t.AnyStr] = None,
+    editor: t.Optional[str] = None,
+    env: t.Optional[t.Mapping[str, str]] = None,
+    require_save: bool = True,
+    extension: str = ".txt",
+    filename: t.Optional[str] = None,
+) -> t.Optional[t.AnyStr]:
+    r"""Edits the given text in the defined editor.  If an editor is given
+    (should be the full path to the executable but the regular operating
+    system search path is used for finding the executable) it overrides
+    the detected editor.  Optionally, some environment variables can be
+    used.  If the editor is closed without changes, `None` is returned.  In
+    case a file is edited directly the return value is always `None` and
+    `require_save` and `extension` are ignored.
+
+    If the editor cannot be opened a :exc:`UsageError` is raised.
+
+    Note for Windows: to simplify cross-platform usage, the newlines are
+    automatically converted from POSIX to Windows and vice versa.  As such,
+    the message here will have ``\n`` as newline markers.
+
+    :param text: the text to edit.
+    :param editor: optionally the editor to use.  Defaults to automatic
+                   detection.
+    :param env: environment variables to forward to the editor.
+    :param require_save: if this is true, then not saving in the editor
+                         will make the return value become `None`.
+    :param extension: the extension to tell the editor about.  This defaults
+                      to `.txt` but changing this might change syntax
+                      highlighting.
+    :param filename: if provided it will edit this file instead of the
+                     provided text contents.  It will not use a temporary
+                     file as an indirection in that case.
+    """
+    from ._termui_impl import Editor
+
+    ed = Editor(editor=editor, env=env, require_save=require_save, extension=extension)
+
+    if filename is None:
+        return ed.edit(text)
+
+    ed.edit_file(filename)
+    return None
+
+
+def launch(url: str, wait: bool = False, locate: bool = False) -> int:
+    """This function launches the given URL (or filename) in the default
+    viewer application for this file type.  If this is an executable, it
+    might launch the executable in a new session.  The return value is
+    the exit code of the launched application.  Usually, ``0`` indicates
+    success.
+
+    Examples::
+
+        click.launch('https://click.palletsprojects.com/')
+        click.launch('/my/downloaded/file', locate=True)
+
+    .. versionadded:: 2.0
+
+    :param url: URL or filename of the thing to launch.
+    :param wait: Wait for the program to exit before returning. This
+        only works if the launched program blocks. In particular,
+        ``xdg-open`` on Linux does not block.
+    :param locate: if this is set to `True` then instead of launching the
+                   application associated with the URL it will attempt to
+                   launch a file manager with the file located.  This
+                   might have weird effects if the URL does not point to
+                   the filesystem.
+    """
+    from ._termui_impl import open_url
+
+    return open_url(url, wait=wait, locate=locate)
+
+
+# If this is provided, getchar() calls into this instead.  This is used
+# for unittesting purposes.
+_getchar: t.Optional[t.Callable[[bool], str]] = None
+
+
+def getchar(echo: bool = False) -> str:
+    """Fetches a single character from the terminal and returns it.  This
+    will always return a unicode character and under certain rare
+    circumstances this might return more than one character.  The
+    situations which more than one character is returned is when for
+    whatever reason multiple characters end up in the terminal buffer or
+    standard input was not actually a terminal.
+
+    Note that this will always read from the terminal, even if something
+    is piped into the standard input.
+
+    Note for Windows: in rare cases when typing non-ASCII characters, this
+    function might wait for a second character and then return both at once.
+    This is because certain Unicode characters look like special-key markers.
+
+    .. versionadded:: 2.0
+
+    :param echo: if set to `True`, the character read will also show up on
+                 the terminal.  The default is to not show it.
+    """
+    global _getchar
+
+    if _getchar is None:
+        from ._termui_impl import getchar as f
+
+        _getchar = f
+
+    return _getchar(echo)
+
+
+def raw_terminal() -> t.ContextManager[int]:
+    from ._termui_impl import raw_terminal as f
+
+    return f()
+
+
+def pause(info: t.Optional[str] = None, err: bool = False) -> None:
+    """This command stops execution and waits for the user to press any
+    key to continue.  This is similar to the Windows batch "pause"
+    command.  If the program is not run through a terminal, this command
+    will instead do nothing.
+
+    .. versionadded:: 2.0
+
+    .. versionadded:: 4.0
+       Added the `err` parameter.
+
+    :param info: The message to print before pausing. Defaults to
+        ``"Press any key to continue..."``.
+    :param err: if set to message goes to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    """
+    if not isatty(sys.stdin) or not isatty(sys.stdout):
+        return
+
+    if info is None:
+        info = _("Press any key to continue...")
+
+    try:
+        if info:
+            echo(info, nl=False, err=err)
+        try:
+            getchar()
+        except (KeyboardInterrupt, EOFError):
+            pass
+    finally:
+        if info:
+            echo(err=err)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/testing.py b/lib/go-jinja2/internal/data/linux-arm64/click/testing.py
new file mode 100644
index 000000000..e0df0d2a6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/testing.py
@@ -0,0 +1,479 @@
+import contextlib
+import io
+import os
+import shlex
+import shutil
+import sys
+import tempfile
+import typing as t
+from types import TracebackType
+
+from . import formatting
+from . import termui
+from . import utils
+from ._compat import _find_binary_reader
+
+if t.TYPE_CHECKING:
+    from .core import BaseCommand
+
+
+class EchoingStdin:
+    def __init__(self, input: t.BinaryIO, output: t.BinaryIO) -> None:
+        self._input = input
+        self._output = output
+        self._paused = False
+
+    def __getattr__(self, x: str) -> t.Any:
+        return getattr(self._input, x)
+
+    def _echo(self, rv: bytes) -> bytes:
+        if not self._paused:
+            self._output.write(rv)
+
+        return rv
+
+    def read(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read(n))
+
+    def read1(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read1(n))  # type: ignore
+
+    def readline(self, n: int = -1) -> bytes:
+        return self._echo(self._input.readline(n))
+
+    def readlines(self) -> t.List[bytes]:
+        return [self._echo(x) for x in self._input.readlines()]
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._echo(x) for x in self._input)
+
+    def __repr__(self) -> str:
+        return repr(self._input)
+
+
+@contextlib.contextmanager
+def _pause_echo(stream: t.Optional[EchoingStdin]) -> t.Iterator[None]:
+    if stream is None:
+        yield
+    else:
+        stream._paused = True
+        yield
+        stream._paused = False
+
+
+class _NamedTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self, buffer: t.BinaryIO, name: str, mode: str, **kwargs: t.Any
+    ) -> None:
+        super().__init__(buffer, **kwargs)
+        self._name = name
+        self._mode = mode
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def mode(self) -> str:
+        return self._mode
+
+
+def make_input_stream(
+    input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]], charset: str
+) -> t.BinaryIO:
+    # Is already an input stream.
+    if hasattr(input, "read"):
+        rv = _find_binary_reader(t.cast(t.IO[t.Any], input))
+
+        if rv is not None:
+            return rv
+
+        raise TypeError("Could not find binary reader for input stream.")
+
+    if input is None:
+        input = b""
+    elif isinstance(input, str):
+        input = input.encode(charset)
+
+    return io.BytesIO(input)
+
+
+class Result:
+    """Holds the captured result of an invoked CLI script."""
+
+    def __init__(
+        self,
+        runner: "CliRunner",
+        stdout_bytes: bytes,
+        stderr_bytes: t.Optional[bytes],
+        return_value: t.Any,
+        exit_code: int,
+        exception: t.Optional[BaseException],
+        exc_info: t.Optional[
+            t.Tuple[t.Type[BaseException], BaseException, TracebackType]
+        ] = None,
+    ):
+        #: The runner that created the result
+        self.runner = runner
+        #: The standard output as bytes.
+        self.stdout_bytes = stdout_bytes
+        #: The standard error as bytes, or None if not available
+        self.stderr_bytes = stderr_bytes
+        #: The value returned from the invoked command.
+        #:
+        #: .. versionadded:: 8.0
+        self.return_value = return_value
+        #: The exit code as integer.
+        self.exit_code = exit_code
+        #: The exception that happened if one did.
+        self.exception = exception
+        #: The traceback
+        self.exc_info = exc_info
+
+    @property
+    def output(self) -> str:
+        """The (standard) output as unicode string."""
+        return self.stdout
+
+    @property
+    def stdout(self) -> str:
+        """The standard output as unicode string."""
+        return self.stdout_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    @property
+    def stderr(self) -> str:
+        """The standard error as unicode string."""
+        if self.stderr_bytes is None:
+            raise ValueError("stderr not separately captured")
+        return self.stderr_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    def __repr__(self) -> str:
+        exc_str = repr(self.exception) if self.exception else "okay"
+        return f"<{type(self).__name__} {exc_str}>"
+
+
+class CliRunner:
+    """The CLI runner provides functionality to invoke a Click command line
+    script for unittesting purposes in a isolated environment.  This only
+    works in single-threaded systems without any concurrency as it changes the
+    global interpreter state.
+
+    :param charset: the character set for the input and output data.
+    :param env: a dictionary with environment variables for overriding.
+    :param echo_stdin: if this is set to `True`, then reading from stdin writes
+                       to stdout.  This is useful for showing examples in
+                       some circumstances.  Note that regular prompts
+                       will automatically echo the input.
+    :param mix_stderr: if this is set to `False`, then stdout and stderr are
+                       preserved as independent streams.  This is useful for
+                       Unix-philosophy apps that have predictable stdout and
+                       noisy stderr, such that each may be measured
+                       independently
+    """
+
+    def __init__(
+        self,
+        charset: str = "utf-8",
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        echo_stdin: bool = False,
+        mix_stderr: bool = True,
+    ) -> None:
+        self.charset = charset
+        self.env: t.Mapping[str, t.Optional[str]] = env or {}
+        self.echo_stdin = echo_stdin
+        self.mix_stderr = mix_stderr
+
+    def get_default_prog_name(self, cli: "BaseCommand") -> str:
+        """Given a command object it will return the default program name
+        for it.  The default is the `name` attribute or ``"root"`` if not
+        set.
+        """
+        return cli.name or "root"
+
+    def make_env(
+        self, overrides: t.Optional[t.Mapping[str, t.Optional[str]]] = None
+    ) -> t.Mapping[str, t.Optional[str]]:
+        """Returns the environment overrides for invoking a script."""
+        rv = dict(self.env)
+        if overrides:
+            rv.update(overrides)
+        return rv
+
+    @contextlib.contextmanager
+    def isolation(
+        self,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        color: bool = False,
+    ) -> t.Iterator[t.Tuple[io.BytesIO, t.Optional[io.BytesIO]]]:
+        """A context manager that sets up the isolation for invoking of a
+        command line tool.  This sets up stdin with the given input data
+        and `os.environ` with the overrides from the given dictionary.
+        This also rebinds some internals in Click to be mocked (like the
+        prompt functionality).
+
+        This is automatically done in the :meth:`invoke` method.
+
+        :param input: the input stream to put into sys.stdin.
+        :param env: the environment overrides as dictionary.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            ``stderr`` is opened with ``errors="backslashreplace"``
+            instead of the default ``"strict"``.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+        """
+        bytes_input = make_input_stream(input, self.charset)
+        echo_input = None
+
+        old_stdin = sys.stdin
+        old_stdout = sys.stdout
+        old_stderr = sys.stderr
+        old_forced_width = formatting.FORCED_WIDTH
+        formatting.FORCED_WIDTH = 80
+
+        env = self.make_env(env)
+
+        bytes_output = io.BytesIO()
+
+        if self.echo_stdin:
+            bytes_input = echo_input = t.cast(
+                t.BinaryIO, EchoingStdin(bytes_input, bytes_output)
+            )
+
+        sys.stdin = text_input = _NamedTextIOWrapper(
+            bytes_input, encoding=self.charset, name="<stdin>", mode="r"
+        )
+
+        if self.echo_stdin:
+            # Force unbuffered reads, otherwise TextIOWrapper reads a
+            # large chunk which is echoed early.
+            text_input._CHUNK_SIZE = 1  # type: ignore
+
+        sys.stdout = _NamedTextIOWrapper(
+            bytes_output, encoding=self.charset, name="<stdout>", mode="w"
+        )
+
+        bytes_error = None
+        if self.mix_stderr:
+            sys.stderr = sys.stdout
+        else:
+            bytes_error = io.BytesIO()
+            sys.stderr = _NamedTextIOWrapper(
+                bytes_error,
+                encoding=self.charset,
+                name="<stderr>",
+                mode="w",
+                errors="backslashreplace",
+            )
+
+        @_pause_echo(echo_input)  # type: ignore
+        def visible_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(prompt or "")
+            val = text_input.readline().rstrip("\r\n")
+            sys.stdout.write(f"{val}\n")
+            sys.stdout.flush()
+            return val
+
+        @_pause_echo(echo_input)  # type: ignore
+        def hidden_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(f"{prompt or ''}\n")
+            sys.stdout.flush()
+            return text_input.readline().rstrip("\r\n")
+
+        @_pause_echo(echo_input)  # type: ignore
+        def _getchar(echo: bool) -> str:
+            char = sys.stdin.read(1)
+
+            if echo:
+                sys.stdout.write(char)
+
+            sys.stdout.flush()
+            return char
+
+        default_color = color
+
+        def should_strip_ansi(
+            stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+        ) -> bool:
+            if color is None:
+                return not default_color
+            return not color
+
+        old_visible_prompt_func = termui.visible_prompt_func
+        old_hidden_prompt_func = termui.hidden_prompt_func
+        old__getchar_func = termui._getchar
+        old_should_strip_ansi = utils.should_strip_ansi  # type: ignore
+        termui.visible_prompt_func = visible_input
+        termui.hidden_prompt_func = hidden_input
+        termui._getchar = _getchar
+        utils.should_strip_ansi = should_strip_ansi  # type: ignore
+
+        old_env = {}
+        try:
+            for key, value in env.items():
+                old_env[key] = os.environ.get(key)
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            yield (bytes_output, bytes_error)
+        finally:
+            for key, value in old_env.items():
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            sys.stdout = old_stdout
+            sys.stderr = old_stderr
+            sys.stdin = old_stdin
+            termui.visible_prompt_func = old_visible_prompt_func
+            termui.hidden_prompt_func = old_hidden_prompt_func
+            termui._getchar = old__getchar_func
+            utils.should_strip_ansi = old_should_strip_ansi  # type: ignore
+            formatting.FORCED_WIDTH = old_forced_width
+
+    def invoke(
+        self,
+        cli: "BaseCommand",
+        args: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        catch_exceptions: bool = True,
+        color: bool = False,
+        **extra: t.Any,
+    ) -> Result:
+        """Invokes a command in an isolated environment.  The arguments are
+        forwarded directly to the command line script, the `extra` keyword
+        arguments are passed to the :meth:`~clickpkg.Command.main` function of
+        the command.
+
+        This returns a :class:`Result` object.
+
+        :param cli: the command to invoke
+        :param args: the arguments to invoke. It may be given as an iterable
+                     or a string. When given as string it will be interpreted
+                     as a Unix shell command. More details at
+                     :func:`shlex.split`.
+        :param input: the input data for `sys.stdin`.
+        :param env: the environment overrides.
+        :param catch_exceptions: Whether to catch any other exceptions than
+                                 ``SystemExit``.
+        :param extra: the keyword arguments to pass to :meth:`main`.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            The result object has the ``return_value`` attribute with
+            the value returned from the invoked command.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+
+        .. versionchanged:: 3.0
+            Added the ``catch_exceptions`` parameter.
+
+        .. versionchanged:: 3.0
+            The result object has the ``exc_info`` attribute with the
+            traceback if available.
+        """
+        exc_info = None
+        with self.isolation(input=input, env=env, color=color) as outstreams:
+            return_value = None
+            exception: t.Optional[BaseException] = None
+            exit_code = 0
+
+            if isinstance(args, str):
+                args = shlex.split(args)
+
+            try:
+                prog_name = extra.pop("prog_name")
+            except KeyError:
+                prog_name = self.get_default_prog_name(cli)
+
+            try:
+                return_value = cli.main(args=args or (), prog_name=prog_name, **extra)
+            except SystemExit as e:
+                exc_info = sys.exc_info()
+                e_code = t.cast(t.Optional[t.Union[int, t.Any]], e.code)
+
+                if e_code is None:
+                    e_code = 0
+
+                if e_code != 0:
+                    exception = e
+
+                if not isinstance(e_code, int):
+                    sys.stdout.write(str(e_code))
+                    sys.stdout.write("\n")
+                    e_code = 1
+
+                exit_code = e_code
+
+            except Exception as e:
+                if not catch_exceptions:
+                    raise
+                exception = e
+                exit_code = 1
+                exc_info = sys.exc_info()
+            finally:
+                sys.stdout.flush()
+                stdout = outstreams[0].getvalue()
+                if self.mix_stderr:
+                    stderr = None
+                else:
+                    stderr = outstreams[1].getvalue()  # type: ignore
+
+        return Result(
+            runner=self,
+            stdout_bytes=stdout,
+            stderr_bytes=stderr,
+            return_value=return_value,
+            exit_code=exit_code,
+            exception=exception,
+            exc_info=exc_info,  # type: ignore
+        )
+
+    @contextlib.contextmanager
+    def isolated_filesystem(
+        self, temp_dir: t.Optional[t.Union[str, "os.PathLike[str]"]] = None
+    ) -> t.Iterator[str]:
+        """A context manager that creates a temporary directory and
+        changes the current working directory to it. This isolates tests
+        that affect the contents of the CWD to prevent them from
+        interfering with each other.
+
+        :param temp_dir: Create the temporary directory under this
+            directory. If given, the created directory is not removed
+            when exiting.
+
+        .. versionchanged:: 8.0
+            Added the ``temp_dir`` parameter.
+        """
+        cwd = os.getcwd()
+        dt = tempfile.mkdtemp(dir=temp_dir)
+        os.chdir(dt)
+
+        try:
+            yield dt
+        finally:
+            os.chdir(cwd)
+
+            if temp_dir is None:
+                try:
+                    shutil.rmtree(dt)
+                except OSError:  # noqa: B014
+                    pass
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/types.py b/lib/go-jinja2/internal/data/linux-arm64/click/types.py
new file mode 100644
index 000000000..2b1d1797f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/types.py
@@ -0,0 +1,1089 @@
+import os
+import stat
+import sys
+import typing as t
+from datetime import datetime
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import _get_argv_encoding
+from ._compat import open_stream
+from .exceptions import BadParameter
+from .utils import format_filename
+from .utils import LazyFile
+from .utils import safecall
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+    from .core import Parameter
+    from .shell_completion import CompletionItem
+
+
+class ParamType:
+    """Represents the type of a parameter. Validates and converts values
+    from the command line or Python into the correct type.
+
+    To implement a custom type, subclass and implement at least the
+    following:
+
+    -   The :attr:`name` class attribute must be set.
+    -   Calling an instance of the type with ``None`` must return
+        ``None``. This is already implemented by default.
+    -   :meth:`convert` must convert string values to the correct type.
+    -   :meth:`convert` must accept values that are already the correct
+        type.
+    -   It must be able to convert a value if the ``ctx`` and ``param``
+        arguments are ``None``. This can occur when converting prompt
+        input.
+    """
+
+    is_composite: t.ClassVar[bool] = False
+    arity: t.ClassVar[int] = 1
+
+    #: the descriptive name of this type
+    name: str
+
+    #: if a list of this type is expected and the value is pulled from a
+    #: string environment variable, this is what splits it up.  `None`
+    #: means any whitespace.  For all parameters the general rule is that
+    #: whitespace splits them up.  The exception are paths and files which
+    #: are split by ``os.path.pathsep`` by default (":" on Unix and ";" on
+    #: Windows).
+    envvar_list_splitter: t.ClassVar[t.Optional[str]] = None
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        # The class name without the "ParamType" suffix.
+        param_type = type(self).__name__.partition("ParamType")[0]
+        param_type = param_type.partition("ParameterType")[0]
+
+        # Custom subclasses might not remember to set a name.
+        if hasattr(self, "name"):
+            name = self.name
+        else:
+            name = param_type
+
+        return {"param_type": param_type, "name": name}
+
+    def __call__(
+        self,
+        value: t.Any,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> t.Any:
+        if value is not None:
+            return self.convert(value, param, ctx)
+
+    def get_metavar(self, param: "Parameter") -> t.Optional[str]:
+        """Returns the metavar default for this param if it provides one."""
+
+    def get_missing_message(self, param: "Parameter") -> t.Optional[str]:
+        """Optionally might return extra information about a missing
+        parameter.
+
+        .. versionadded:: 2.0
+        """
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        """Convert the value to the correct type. This is not called if
+        the value is ``None`` (the missing value).
+
+        This must accept string values from the command line, as well as
+        values that are already the correct type. It may also convert
+        other compatible types.
+
+        The ``param`` and ``ctx`` arguments may be ``None`` in certain
+        situations, such as when converting prompt input.
+
+        If the value cannot be converted, call :meth:`fail` with a
+        descriptive message.
+
+        :param value: The value to convert.
+        :param param: The parameter that is using this type to convert
+            its value. May be ``None``.
+        :param ctx: The current context that arrived at this value. May
+            be ``None``.
+        """
+        return value
+
+    def split_envvar_value(self, rv: str) -> t.Sequence[str]:
+        """Given a value from an environment variable this splits it up
+        into small chunks depending on the defined envvar list splitter.
+
+        If the splitter is set to `None`, which means that whitespace splits,
+        then leading and trailing whitespace is ignored.  Otherwise, leading
+        and trailing splitters usually lead to empty items being included.
+        """
+        return (rv or "").split(self.envvar_list_splitter)
+
+    def fail(
+        self,
+        message: str,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> "t.NoReturn":
+        """Helper method to fail with an invalid value message."""
+        raise BadParameter(message, ctx=ctx, param=param)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a list of
+        :class:`~click.shell_completion.CompletionItem` objects for the
+        incomplete value. Most types do not provide completions, but
+        some do, and this allows custom types to provide custom
+        completions as well.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        return []
+
+
+class CompositeParamType(ParamType):
+    is_composite = True
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        raise NotImplementedError()
+
+
+class FuncParamType(ParamType):
+    def __init__(self, func: t.Callable[[t.Any], t.Any]) -> None:
+        self.name: str = func.__name__
+        self.func = func
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["func"] = self.func
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self.func(value)
+        except ValueError:
+            try:
+                value = str(value)
+            except UnicodeError:
+                value = value.decode("utf-8", "replace")
+
+            self.fail(value, param, ctx)
+
+
+class UnprocessedParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        return value
+
+    def __repr__(self) -> str:
+        return "UNPROCESSED"
+
+
+class StringParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, bytes):
+            enc = _get_argv_encoding()
+            try:
+                value = value.decode(enc)
+            except UnicodeError:
+                fs_enc = sys.getfilesystemencoding()
+                if fs_enc != enc:
+                    try:
+                        value = value.decode(fs_enc)
+                    except UnicodeError:
+                        value = value.decode("utf-8", "replace")
+                else:
+                    value = value.decode("utf-8", "replace")
+            return value
+        return str(value)
+
+    def __repr__(self) -> str:
+        return "STRING"
+
+
+class Choice(ParamType):
+    """The choice type allows a value to be checked against a fixed set
+    of supported values. All of these values have to be strings.
+
+    You should only pass a list or tuple of choices. Other iterables
+    (like generators) may lead to surprising results.
+
+    The resulting value will always be one of the originally passed choices
+    regardless of ``case_sensitive`` or any ``ctx.token_normalize_func``
+    being specified.
+
+    See :ref:`choice-opts` for an example.
+
+    :param case_sensitive: Set to false to make choices case
+        insensitive. Defaults to true.
+    """
+
+    name = "choice"
+
+    def __init__(self, choices: t.Sequence[str], case_sensitive: bool = True) -> None:
+        self.choices = choices
+        self.case_sensitive = case_sensitive
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["choices"] = self.choices
+        info_dict["case_sensitive"] = self.case_sensitive
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        choices_str = "|".join(self.choices)
+
+        # Use curly braces to indicate a required argument.
+        if param.required and param.param_type_name == "argument":
+            return f"{{{choices_str}}}"
+
+        # Use square braces to indicate an option or optional argument.
+        return f"[{choices_str}]"
+
+    def get_missing_message(self, param: "Parameter") -> str:
+        return _("Choose from:\n\t{choices}").format(choices=",\n\t".join(self.choices))
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        # Match through normalization and case sensitivity
+        # first do token_normalize_func, then lowercase
+        # preserve original `value` to produce an accurate message in
+        # `self.fail`
+        normed_value = value
+        normed_choices = {choice: choice for choice in self.choices}
+
+        if ctx is not None and ctx.token_normalize_func is not None:
+            normed_value = ctx.token_normalize_func(value)
+            normed_choices = {
+                ctx.token_normalize_func(normed_choice): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if not self.case_sensitive:
+            normed_value = normed_value.casefold()
+            normed_choices = {
+                normed_choice.casefold(): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if normed_value in normed_choices:
+            return normed_choices[normed_value]
+
+        choices_str = ", ".join(map(repr, self.choices))
+        self.fail(
+            ngettext(
+                "{value!r} is not {choice}.",
+                "{value!r} is not one of {choices}.",
+                len(self.choices),
+            ).format(value=value, choice=choices_str, choices=choices_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return f"Choice({list(self.choices)})"
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Complete choices that start with the incomplete value.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        str_choices = map(str, self.choices)
+
+        if self.case_sensitive:
+            matched = (c for c in str_choices if c.startswith(incomplete))
+        else:
+            incomplete = incomplete.lower()
+            matched = (c for c in str_choices if c.lower().startswith(incomplete))
+
+        return [CompletionItem(c) for c in matched]
+
+
+class DateTime(ParamType):
+    """The DateTime type converts date strings into `datetime` objects.
+
+    The format strings which are checked are configurable, but default to some
+    common (non-timezone aware) ISO 8601 formats.
+
+    When specifying *DateTime* formats, you should only pass a list or a tuple.
+    Other iterables, like generators, may lead to surprising results.
+
+    The format strings are processed using ``datetime.strptime``, and this
+    consequently defines the format strings which are allowed.
+
+    Parsing is tried using each format, in order, and the first format which
+    parses successfully is used.
+
+    :param formats: A list or tuple of date format strings, in the order in
+                    which they should be tried. Defaults to
+                    ``'%Y-%m-%d'``, ``'%Y-%m-%dT%H:%M:%S'``,
+                    ``'%Y-%m-%d %H:%M:%S'``.
+    """
+
+    name = "datetime"
+
+    def __init__(self, formats: t.Optional[t.Sequence[str]] = None):
+        self.formats: t.Sequence[str] = formats or [
+            "%Y-%m-%d",
+            "%Y-%m-%dT%H:%M:%S",
+            "%Y-%m-%d %H:%M:%S",
+        ]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["formats"] = self.formats
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        return f"[{'|'.join(self.formats)}]"
+
+    def _try_to_convert_date(self, value: t.Any, format: str) -> t.Optional[datetime]:
+        try:
+            return datetime.strptime(value, format)
+        except ValueError:
+            return None
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, datetime):
+            return value
+
+        for format in self.formats:
+            converted = self._try_to_convert_date(value, format)
+
+            if converted is not None:
+                return converted
+
+        formats_str = ", ".join(map(repr, self.formats))
+        self.fail(
+            ngettext(
+                "{value!r} does not match the format {format}.",
+                "{value!r} does not match the formats {formats}.",
+                len(self.formats),
+            ).format(value=value, format=formats_str, formats=formats_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return "DateTime"
+
+
+class _NumberParamTypeBase(ParamType):
+    _number_class: t.ClassVar[t.Type[t.Any]]
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self._number_class(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid {number_type}.").format(
+                    value=value, number_type=self.name
+                ),
+                param,
+                ctx,
+            )
+
+
+class _NumberRangeBase(_NumberParamTypeBase):
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        self.min = min
+        self.max = max
+        self.min_open = min_open
+        self.max_open = max_open
+        self.clamp = clamp
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            min=self.min,
+            max=self.max,
+            min_open=self.min_open,
+            max_open=self.max_open,
+            clamp=self.clamp,
+        )
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import operator
+
+        rv = super().convert(value, param, ctx)
+        lt_min: bool = self.min is not None and (
+            operator.le if self.min_open else operator.lt
+        )(rv, self.min)
+        gt_max: bool = self.max is not None and (
+            operator.ge if self.max_open else operator.gt
+        )(rv, self.max)
+
+        if self.clamp:
+            if lt_min:
+                return self._clamp(self.min, 1, self.min_open)  # type: ignore
+
+            if gt_max:
+                return self._clamp(self.max, -1, self.max_open)  # type: ignore
+
+        if lt_min or gt_max:
+            self.fail(
+                _("{value} is not in the range {range}.").format(
+                    value=rv, range=self._describe_range()
+                ),
+                param,
+                ctx,
+            )
+
+        return rv
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        """Find the valid value to clamp to bound in the given
+        direction.
+
+        :param bound: The boundary value.
+        :param dir: 1 or -1 indicating the direction to move.
+        :param open: If true, the range does not include the bound.
+        """
+        raise NotImplementedError
+
+    def _describe_range(self) -> str:
+        """Describe the range for use in help text."""
+        if self.min is None:
+            op = "<" if self.max_open else "<="
+            return f"x{op}{self.max}"
+
+        if self.max is None:
+            op = ">" if self.min_open else ">="
+            return f"x{op}{self.min}"
+
+        lop = "<" if self.min_open else "<="
+        rop = "<" if self.max_open else "<="
+        return f"{self.min}{lop}x{rop}{self.max}"
+
+    def __repr__(self) -> str:
+        clamp = " clamped" if self.clamp else ""
+        return f"<{type(self).__name__} {self._describe_range()}{clamp}>"
+
+
+class IntParamType(_NumberParamTypeBase):
+    name = "integer"
+    _number_class = int
+
+    def __repr__(self) -> str:
+        return "INT"
+
+
+class IntRange(_NumberRangeBase, IntParamType):
+    """Restrict an :data:`click.INT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "integer range"
+
+    def _clamp(  # type: ignore
+        self, bound: int, dir: "te.Literal[1, -1]", open: bool
+    ) -> int:
+        if not open:
+            return bound
+
+        return bound + dir
+
+
+class FloatParamType(_NumberParamTypeBase):
+    name = "float"
+    _number_class = float
+
+    def __repr__(self) -> str:
+        return "FLOAT"
+
+
+class FloatRange(_NumberRangeBase, FloatParamType):
+    """Restrict a :data:`click.FLOAT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing. This is not supported if either
+    boundary is marked ``open``.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "float range"
+
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        super().__init__(
+            min=min, max=max, min_open=min_open, max_open=max_open, clamp=clamp
+        )
+
+        if (min_open or max_open) and clamp:
+            raise TypeError("Clamping is not supported for open bounds.")
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        if not open:
+            return bound
+
+        # Could use Python 3.9's math.nextafter here, but clamping an
+        # open float range doesn't seem to be particularly useful. It's
+        # left up to the user to write a callback to do it if needed.
+        raise RuntimeError("Clamping is not supported for open bounds.")
+
+
+class BoolParamType(ParamType):
+    name = "boolean"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if value in {False, True}:
+            return bool(value)
+
+        norm = value.strip().lower()
+
+        if norm in {"1", "true", "t", "yes", "y", "on"}:
+            return True
+
+        if norm in {"0", "false", "f", "no", "n", "off"}:
+            return False
+
+        self.fail(
+            _("{value!r} is not a valid boolean.").format(value=value), param, ctx
+        )
+
+    def __repr__(self) -> str:
+        return "BOOL"
+
+
+class UUIDParameterType(ParamType):
+    name = "uuid"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import uuid
+
+        if isinstance(value, uuid.UUID):
+            return value
+
+        value = value.strip()
+
+        try:
+            return uuid.UUID(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid UUID.").format(value=value), param, ctx
+            )
+
+    def __repr__(self) -> str:
+        return "UUID"
+
+
+class File(ParamType):
+    """Declares a parameter to be a file for reading or writing.  The file
+    is automatically closed once the context tears down (after the command
+    finished working).
+
+    Files can be opened for reading or writing.  The special value ``-``
+    indicates stdin or stdout depending on the mode.
+
+    By default, the file is opened for reading text data, but it can also be
+    opened in binary mode or for writing.  The encoding parameter can be used
+    to force a specific encoding.
+
+    The `lazy` flag controls if the file should be opened immediately or upon
+    first IO. The default is to be non-lazy for standard input and output
+    streams as well as files opened for reading, `lazy` otherwise. When opening a
+    file lazily for reading, it is still opened temporarily for validation, but
+    will not be held open until first IO. lazy is mainly useful when opening
+    for writing to avoid creating the file until it is needed.
+
+    Starting with Click 2.0, files can also be opened atomically in which
+    case all writes go into a separate file in the same folder and upon
+    completion the file will be moved over to the original location.  This
+    is useful if a file regularly read by other users is modified.
+
+    See :ref:`file-args` for more information.
+    """
+
+    name = "filename"
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        lazy: t.Optional[bool] = None,
+        atomic: bool = False,
+    ) -> None:
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.lazy = lazy
+        self.atomic = atomic
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(mode=self.mode, encoding=self.encoding)
+        return info_dict
+
+    def resolve_lazy_flag(self, value: "t.Union[str, os.PathLike[str]]") -> bool:
+        if self.lazy is not None:
+            return self.lazy
+        if os.fspath(value) == "-":
+            return False
+        elif "w" in self.mode:
+            return True
+        return False
+
+    def convert(
+        self,
+        value: t.Union[str, "os.PathLike[str]", t.IO[t.Any]],
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> t.IO[t.Any]:
+        if _is_file_like(value):
+            return value
+
+        value = t.cast("t.Union[str, os.PathLike[str]]", value)
+
+        try:
+            lazy = self.resolve_lazy_flag(value)
+
+            if lazy:
+                lf = LazyFile(
+                    value, self.mode, self.encoding, self.errors, atomic=self.atomic
+                )
+
+                if ctx is not None:
+                    ctx.call_on_close(lf.close_intelligently)
+
+                return t.cast(t.IO[t.Any], lf)
+
+            f, should_close = open_stream(
+                value, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+
+            # If a context is provided, we automatically close the file
+            # at the end of the context execution (or flush out).  If a
+            # context does not exist, it's the caller's responsibility to
+            # properly close the file.  This for instance happens when the
+            # type is used with prompts.
+            if ctx is not None:
+                if should_close:
+                    ctx.call_on_close(safecall(f.close))
+                else:
+                    ctx.call_on_close(safecall(f.flush))
+
+            return f
+        except OSError as e:  # noqa: B014
+            self.fail(f"'{format_filename(value)}': {e.strerror}", param, ctx)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide file path completions.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        return [CompletionItem(incomplete, type="file")]
+
+
+def _is_file_like(value: t.Any) -> "te.TypeGuard[t.IO[t.Any]]":
+    return hasattr(value, "read") or hasattr(value, "write")
+
+
+class Path(ParamType):
+    """The ``Path`` type is similar to the :class:`File` type, but
+    returns the filename instead of an open file. Various checks can be
+    enabled to validate the type of file and permissions.
+
+    :param exists: The file or directory needs to exist for the value to
+        be valid. If this is not set to ``True``, and the file does not
+        exist, then all further checks are silently skipped.
+    :param file_okay: Allow a file as a value.
+    :param dir_okay: Allow a directory as a value.
+    :param readable: if true, a readable check is performed.
+    :param writable: if true, a writable check is performed.
+    :param executable: if true, an executable check is performed.
+    :param resolve_path: Make the value absolute and resolve any
+        symlinks. A ``~`` is not expanded, as this is supposed to be
+        done by the shell only.
+    :param allow_dash: Allow a single dash as a value, which indicates
+        a standard stream (but does not open it). Use
+        :func:`~click.open_file` to handle opening this value.
+    :param path_type: Convert the incoming path value to this type. If
+        ``None``, keep Python's default, which is ``str``. Useful to
+        convert to :class:`pathlib.Path`.
+
+    .. versionchanged:: 8.1
+        Added the ``executable`` parameter.
+
+    .. versionchanged:: 8.0
+        Allow passing ``path_type=pathlib.Path``.
+
+    .. versionchanged:: 6.0
+        Added the ``allow_dash`` parameter.
+    """
+
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        exists: bool = False,
+        file_okay: bool = True,
+        dir_okay: bool = True,
+        writable: bool = False,
+        readable: bool = True,
+        resolve_path: bool = False,
+        allow_dash: bool = False,
+        path_type: t.Optional[t.Type[t.Any]] = None,
+        executable: bool = False,
+    ):
+        self.exists = exists
+        self.file_okay = file_okay
+        self.dir_okay = dir_okay
+        self.readable = readable
+        self.writable = writable
+        self.executable = executable
+        self.resolve_path = resolve_path
+        self.allow_dash = allow_dash
+        self.type = path_type
+
+        if self.file_okay and not self.dir_okay:
+            self.name: str = _("file")
+        elif self.dir_okay and not self.file_okay:
+            self.name = _("directory")
+        else:
+            self.name = _("path")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            exists=self.exists,
+            file_okay=self.file_okay,
+            dir_okay=self.dir_okay,
+            writable=self.writable,
+            readable=self.readable,
+            allow_dash=self.allow_dash,
+        )
+        return info_dict
+
+    def coerce_path_result(
+        self, value: "t.Union[str, os.PathLike[str]]"
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        if self.type is not None and not isinstance(value, self.type):
+            if self.type is str:
+                return os.fsdecode(value)
+            elif self.type is bytes:
+                return os.fsencode(value)
+            else:
+                return t.cast("os.PathLike[str]", self.type(value))
+
+        return value
+
+    def convert(
+        self,
+        value: "t.Union[str, os.PathLike[str]]",
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        rv = value
+
+        is_dash = self.file_okay and self.allow_dash and rv in (b"-", "-")
+
+        if not is_dash:
+            if self.resolve_path:
+                # os.path.realpath doesn't resolve symlinks on Windows
+                # until Python 3.8. Use pathlib for now.
+                import pathlib
+
+                rv = os.fsdecode(pathlib.Path(rv).resolve())
+
+            try:
+                st = os.stat(rv)
+            except OSError:
+                if not self.exists:
+                    return self.coerce_path_result(rv)
+                self.fail(
+                    _("{name} {filename!r} does not exist.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if not self.file_okay and stat.S_ISREG(st.st_mode):
+                self.fail(
+                    _("{name} {filename!r} is a file.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+            if not self.dir_okay and stat.S_ISDIR(st.st_mode):
+                self.fail(
+                    _("{name} '{filename}' is a directory.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.readable and not os.access(rv, os.R_OK):
+                self.fail(
+                    _("{name} {filename!r} is not readable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.writable and not os.access(rv, os.W_OK):
+                self.fail(
+                    _("{name} {filename!r} is not writable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.executable and not os.access(value, os.X_OK):
+                self.fail(
+                    _("{name} {filename!r} is not executable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+        return self.coerce_path_result(rv)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide path completions for only
+        directories or any paths.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        type = "dir" if self.dir_okay and not self.file_okay else "file"
+        return [CompletionItem(incomplete, type=type)]
+
+
+class Tuple(CompositeParamType):
+    """The default behavior of Click is to apply a type on a value directly.
+    This works well in most cases, except for when `nargs` is set to a fixed
+    count and different types should be used for different items.  In this
+    case the :class:`Tuple` type can be used.  This type can only be used
+    if `nargs` is set to a fixed number.
+
+    For more information see :ref:`tuple-type`.
+
+    This can be selected by using a Python tuple literal as a type.
+
+    :param types: a list of types that should be used for the tuple items.
+    """
+
+    def __init__(self, types: t.Sequence[t.Union[t.Type[t.Any], ParamType]]) -> None:
+        self.types: t.Sequence[ParamType] = [convert_type(ty) for ty in types]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["types"] = [t.to_info_dict() for t in self.types]
+        return info_dict
+
+    @property
+    def name(self) -> str:  # type: ignore
+        return f"<{' '.join(ty.name for ty in self.types)}>"
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        return len(self.types)
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        len_type = len(self.types)
+        len_value = len(value)
+
+        if len_value != len_type:
+            self.fail(
+                ngettext(
+                    "{len_type} values are required, but {len_value} was given.",
+                    "{len_type} values are required, but {len_value} were given.",
+                    len_value,
+                ).format(len_type=len_type, len_value=len_value),
+                param=param,
+                ctx=ctx,
+            )
+
+        return tuple(ty(x, param, ctx) for ty, x in zip(self.types, value))
+
+
+def convert_type(ty: t.Optional[t.Any], default: t.Optional[t.Any] = None) -> ParamType:
+    """Find the most appropriate :class:`ParamType` for the given Python
+    type. If the type isn't provided, it can be inferred from a default
+    value.
+    """
+    guessed_type = False
+
+    if ty is None and default is not None:
+        if isinstance(default, (tuple, list)):
+            # If the default is empty, ty will remain None and will
+            # return STRING.
+            if default:
+                item = default[0]
+
+                # A tuple of tuples needs to detect the inner types.
+                # Can't call convert recursively because that would
+                # incorrectly unwind the tuple to a single type.
+                if isinstance(item, (tuple, list)):
+                    ty = tuple(map(type, item))
+                else:
+                    ty = type(item)
+        else:
+            ty = type(default)
+
+        guessed_type = True
+
+    if isinstance(ty, tuple):
+        return Tuple(ty)
+
+    if isinstance(ty, ParamType):
+        return ty
+
+    if ty is str or ty is None:
+        return STRING
+
+    if ty is int:
+        return INT
+
+    if ty is float:
+        return FLOAT
+
+    if ty is bool:
+        return BOOL
+
+    if guessed_type:
+        return STRING
+
+    if __debug__:
+        try:
+            if issubclass(ty, ParamType):
+                raise AssertionError(
+                    f"Attempted to use an uninstantiated parameter type ({ty})."
+                )
+        except TypeError:
+            # ty is an instance (correct), so issubclass fails.
+            pass
+
+    return FuncParamType(ty)
+
+
+#: A dummy parameter type that just does nothing.  From a user's
+#: perspective this appears to just be the same as `STRING` but
+#: internally no string conversion takes place if the input was bytes.
+#: This is usually useful when working with file paths as they can
+#: appear in bytes and unicode.
+#:
+#: For path related uses the :class:`Path` type is a better choice but
+#: there are situations where an unprocessed type is useful which is why
+#: it is is provided.
+#:
+#: .. versionadded:: 4.0
+UNPROCESSED = UnprocessedParamType()
+
+#: A unicode string parameter type which is the implicit default.  This
+#: can also be selected by using ``str`` as type.
+STRING = StringParamType()
+
+#: An integer parameter.  This can also be selected by using ``int`` as
+#: type.
+INT = IntParamType()
+
+#: A floating point value parameter.  This can also be selected by using
+#: ``float`` as type.
+FLOAT = FloatParamType()
+
+#: A boolean parameter.  This is the default for boolean flags.  This can
+#: also be selected by using ``bool`` as a type.
+BOOL = BoolParamType()
+
+#: A UUID parameter.
+UUID = UUIDParameterType()
diff --git a/lib/go-jinja2/internal/data/linux-arm64/click/utils.py b/lib/go-jinja2/internal/data/linux-arm64/click/utils.py
new file mode 100644
index 000000000..d536434f0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/click/utils.py
@@ -0,0 +1,624 @@
+import os
+import re
+import sys
+import typing as t
+from functools import update_wrapper
+from types import ModuleType
+from types import TracebackType
+
+from ._compat import _default_text_stderr
+from ._compat import _default_text_stdout
+from ._compat import _find_binary_writer
+from ._compat import auto_wrap_for_ansi
+from ._compat import binary_streams
+from ._compat import open_stream
+from ._compat import should_strip_ansi
+from ._compat import strip_ansi
+from ._compat import text_streams
+from ._compat import WIN
+from .globals import resolve_color_default
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+
+
+def _posixify(name: str) -> str:
+    return "-".join(name.split()).lower()
+
+
+def safecall(func: "t.Callable[P, R]") -> "t.Callable[P, t.Optional[R]]":
+    """Wraps a function so that it swallows exceptions."""
+
+    def wrapper(*args: "P.args", **kwargs: "P.kwargs") -> t.Optional[R]:
+        try:
+            return func(*args, **kwargs)
+        except Exception:
+            pass
+        return None
+
+    return update_wrapper(wrapper, func)
+
+
+def make_str(value: t.Any) -> str:
+    """Converts a value into a valid string."""
+    if isinstance(value, bytes):
+        try:
+            return value.decode(sys.getfilesystemencoding())
+        except UnicodeError:
+            return value.decode("utf-8", "replace")
+    return str(value)
+
+
+def make_default_short_help(help: str, max_length: int = 45) -> str:
+    """Returns a condensed version of help string."""
+    # Consider only the first paragraph.
+    paragraph_end = help.find("\n\n")
+
+    if paragraph_end != -1:
+        help = help[:paragraph_end]
+
+    # Collapse newlines, tabs, and spaces.
+    words = help.split()
+
+    if not words:
+        return ""
+
+    # The first paragraph started with a "no rewrap" marker, ignore it.
+    if words[0] == "\b":
+        words = words[1:]
+
+    total_length = 0
+    last_index = len(words) - 1
+
+    for i, word in enumerate(words):
+        total_length += len(word) + (i > 0)
+
+        if total_length > max_length:  # too long, truncate
+            break
+
+        if word[-1] == ".":  # sentence end, truncate without "..."
+            return " ".join(words[: i + 1])
+
+        if total_length == max_length and i != last_index:
+            break  # not at sentence end, truncate with "..."
+    else:
+        return " ".join(words)  # no truncation needed
+
+    # Account for the length of the suffix.
+    total_length += len("...")
+
+    # remove words until the length is short enough
+    while i > 0:
+        total_length -= len(words[i]) + (i > 0)
+
+        if total_length <= max_length:
+            break
+
+        i -= 1
+
+    return " ".join(words[:i]) + "..."
+
+
+class LazyFile:
+    """A lazy file works like a regular file but it does not fully open
+    the file but it does perform some basic checks early to see if the
+    filename parameter does make sense.  This is useful for safely opening
+    files for writing.
+    """
+
+    def __init__(
+        self,
+        filename: t.Union[str, "os.PathLike[str]"],
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        atomic: bool = False,
+    ):
+        self.name: str = os.fspath(filename)
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.atomic = atomic
+        self._f: t.Optional[t.IO[t.Any]]
+        self.should_close: bool
+
+        if self.name == "-":
+            self._f, self.should_close = open_stream(filename, mode, encoding, errors)
+        else:
+            if "r" in mode:
+                # Open and close the file in case we're opening it for
+                # reading so that we can catch at least some errors in
+                # some cases early.
+                open(filename, mode).close()
+            self._f = None
+            self.should_close = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self.open(), name)
+
+    def __repr__(self) -> str:
+        if self._f is not None:
+            return repr(self._f)
+        return f"<unopened file '{format_filename(self.name)}' {self.mode}>"
+
+    def open(self) -> t.IO[t.Any]:
+        """Opens the file if it's not yet open.  This call might fail with
+        a :exc:`FileError`.  Not handling this error will produce an error
+        that Click shows.
+        """
+        if self._f is not None:
+            return self._f
+        try:
+            rv, self.should_close = open_stream(
+                self.name, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+        except OSError as e:  # noqa: E402
+            from .exceptions import FileError
+
+            raise FileError(self.name, hint=e.strerror) from e
+        self._f = rv
+        return rv
+
+    def close(self) -> None:
+        """Closes the underlying file, no matter what."""
+        if self._f is not None:
+            self._f.close()
+
+    def close_intelligently(self) -> None:
+        """This function only closes the file if it was opened by the lazy
+        file wrapper.  For instance this will never close stdin.
+        """
+        if self.should_close:
+            self.close()
+
+    def __enter__(self) -> "LazyFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.close_intelligently()
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        self.open()
+        return iter(self._f)  # type: ignore
+
+
+class KeepOpenFile:
+    def __init__(self, file: t.IO[t.Any]) -> None:
+        self._file: t.IO[t.Any] = file
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._file, name)
+
+    def __enter__(self) -> "KeepOpenFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        pass
+
+    def __repr__(self) -> str:
+        return repr(self._file)
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        return iter(self._file)
+
+
+def echo(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.Any]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+) -> None:
+    """Print a message and newline to stdout or a file. This should be
+    used instead of :func:`print` because it provides better support
+    for different data, files, and environments.
+
+    Compared to :func:`print`, this does the following:
+
+    -   Ensures that the output encoding is not misconfigured on Linux.
+    -   Supports Unicode in the Windows console.
+    -   Supports writing to binary outputs, and supports writing bytes
+        to text outputs.
+    -   Supports colors and styles on Windows.
+    -   Removes ANSI color and style codes if the output does not look
+        like an interactive terminal.
+    -   Always flushes the output.
+
+    :param message: The string or bytes to output. Other objects are
+        converted to strings.
+    :param file: The file to write to. Defaults to ``stdout``.
+    :param err: Write to ``stderr`` instead of ``stdout``.
+    :param nl: Print a newline after the message. Enabled by default.
+    :param color: Force showing or hiding colors and other styles. By
+        default Click will remove color if the output does not look like
+        an interactive terminal.
+
+    .. versionchanged:: 6.0
+        Support Unicode output on the Windows console. Click does not
+        modify ``sys.stdout``, so ``sys.stdout.write()`` and ``print()``
+        will still not support Unicode.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter.
+
+    .. versionadded:: 3.0
+        Added the ``err`` parameter.
+
+    .. versionchanged:: 2.0
+        Support colors on Windows if colorama is installed.
+    """
+    if file is None:
+        if err:
+            file = _default_text_stderr()
+        else:
+            file = _default_text_stdout()
+
+        # There are no standard streams attached to write to. For example,
+        # pythonw on Windows.
+        if file is None:
+            return
+
+    # Convert non bytes/text into the native string type.
+    if message is not None and not isinstance(message, (str, bytes, bytearray)):
+        out: t.Optional[t.Union[str, bytes]] = str(message)
+    else:
+        out = message
+
+    if nl:
+        out = out or ""
+        if isinstance(out, str):
+            out += "\n"
+        else:
+            out += b"\n"
+
+    if not out:
+        file.flush()
+        return
+
+    # If there is a message and the value looks like bytes, we manually
+    # need to find the binary stream and write the message in there.
+    # This is done separately so that most stream types will work as you
+    # would expect. Eg: you can write to StringIO for other cases.
+    if isinstance(out, (bytes, bytearray)):
+        binary_file = _find_binary_writer(file)
+
+        if binary_file is not None:
+            file.flush()
+            binary_file.write(out)
+            binary_file.flush()
+            return
+
+    # ANSI style code support. For no message or bytes, nothing happens.
+    # When outputting to a file instead of a terminal, strip codes.
+    else:
+        color = resolve_color_default(color)
+
+        if should_strip_ansi(file, color):
+            out = strip_ansi(out)
+        elif WIN:
+            if auto_wrap_for_ansi is not None:
+                file = auto_wrap_for_ansi(file)  # type: ignore
+            elif not color:
+                out = strip_ansi(out)
+
+    file.write(out)  # type: ignore
+    file.flush()
+
+
+def get_binary_stream(name: "te.Literal['stdin', 'stdout', 'stderr']") -> t.BinaryIO:
+    """Returns a system stream for byte processing.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    """
+    opener = binary_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener()
+
+
+def get_text_stream(
+    name: "te.Literal['stdin', 'stdout', 'stderr']",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+) -> t.TextIO:
+    """Returns a system stream for text processing.  This usually returns
+    a wrapped stream around a binary stream returned from
+    :func:`get_binary_stream` but it also can take shortcuts for already
+    correctly configured streams.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    :param encoding: overrides the detected default encoding.
+    :param errors: overrides the default error mode.
+    """
+    opener = text_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener(encoding, errors)
+
+
+def open_file(
+    filename: str,
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    lazy: bool = False,
+    atomic: bool = False,
+) -> t.IO[t.Any]:
+    """Open a file, with extra behavior to handle ``'-'`` to indicate
+    a standard stream, lazy open on write, and atomic write. Similar to
+    the behavior of the :class:`~click.File` param type.
+
+    If ``'-'`` is given to open ``stdout`` or ``stdin``, the stream is
+    wrapped so that using it in a context manager will not close it.
+    This makes it possible to use the function without accidentally
+    closing a standard stream:
+
+    .. code-block:: python
+
+        with open_file(filename) as f:
+            ...
+
+    :param filename: The name of the file to open, or ``'-'`` for
+        ``stdin``/``stdout``.
+    :param mode: The mode in which to open the file.
+    :param encoding: The encoding to decode or encode a file opened in
+        text mode.
+    :param errors: The error handling mode.
+    :param lazy: Wait to open the file until it is accessed. For read
+        mode, the file is temporarily opened to raise access errors
+        early, then closed until it is read again.
+    :param atomic: Write to a temporary file and replace the given file
+        on close.
+
+    .. versionadded:: 3.0
+    """
+    if lazy:
+        return t.cast(
+            t.IO[t.Any], LazyFile(filename, mode, encoding, errors, atomic=atomic)
+        )
+
+    f, should_close = open_stream(filename, mode, encoding, errors, atomic=atomic)
+
+    if not should_close:
+        f = t.cast(t.IO[t.Any], KeepOpenFile(f))
+
+    return f
+
+
+def format_filename(
+    filename: "t.Union[str, bytes, os.PathLike[str], os.PathLike[bytes]]",
+    shorten: bool = False,
+) -> str:
+    """Format a filename as a string for display. Ensures the filename can be
+    displayed by replacing any invalid bytes or surrogate escapes in the name
+    with the replacement character ``�``.
+
+    Invalid bytes or surrogate escapes will raise an error when written to a
+    stream with ``errors="strict". This will typically happen with ``stdout``
+    when the locale is something like ``en_GB.UTF-8``.
+
+    Many scenarios *are* safe to write surrogates though, due to PEP 538 and
+    PEP 540, including:
+
+    -   Writing to ``stderr``, which uses ``errors="backslashreplace"``.
+    -   The system has ``LANG=C.UTF-8``, ``C``, or ``POSIX``. Python opens
+        stdout and stderr with ``errors="surrogateescape"``.
+    -   None of ``LANG/LC_*`` are set. Python assumes ``LANG=C.UTF-8``.
+    -   Python is started in UTF-8 mode  with  ``PYTHONUTF8=1`` or ``-X utf8``.
+        Python opens stdout and stderr with ``errors="surrogateescape"``.
+
+    :param filename: formats a filename for UI display.  This will also convert
+                     the filename into unicode without failing.
+    :param shorten: this optionally shortens the filename to strip of the
+                    path that leads up to it.
+    """
+    if shorten:
+        filename = os.path.basename(filename)
+    else:
+        filename = os.fspath(filename)
+
+    if isinstance(filename, bytes):
+        filename = filename.decode(sys.getfilesystemencoding(), "replace")
+    else:
+        filename = filename.encode("utf-8", "surrogateescape").decode(
+            "utf-8", "replace"
+        )
+
+    return filename
+
+
+def get_app_dir(app_name: str, roaming: bool = True, force_posix: bool = False) -> str:
+    r"""Returns the config folder for the application.  The default behavior
+    is to return whatever is most appropriate for the operating system.
+
+    To give you an idea, for an app called ``"Foo Bar"``, something like
+    the following folders could be returned:
+
+    Mac OS X:
+      ``~/Library/Application Support/Foo Bar``
+    Mac OS X (POSIX):
+      ``~/.foo-bar``
+    Unix:
+      ``~/.config/foo-bar``
+    Unix (POSIX):
+      ``~/.foo-bar``
+    Windows (roaming):
+      ``C:\Users\<user>\AppData\Roaming\Foo Bar``
+    Windows (not roaming):
+      ``C:\Users\<user>\AppData\Local\Foo Bar``
+
+    .. versionadded:: 2.0
+
+    :param app_name: the application name.  This should be properly capitalized
+                     and can contain whitespace.
+    :param roaming: controls if the folder should be roaming or not on Windows.
+                    Has no effect otherwise.
+    :param force_posix: if this is set to `True` then on any POSIX system the
+                        folder will be stored in the home folder with a leading
+                        dot instead of the XDG config home or darwin's
+                        application support folder.
+    """
+    if WIN:
+        key = "APPDATA" if roaming else "LOCALAPPDATA"
+        folder = os.environ.get(key)
+        if folder is None:
+            folder = os.path.expanduser("~")
+        return os.path.join(folder, app_name)
+    if force_posix:
+        return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))
+    if sys.platform == "darwin":
+        return os.path.join(
+            os.path.expanduser("~/Library/Application Support"), app_name
+        )
+    return os.path.join(
+        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),
+        _posixify(app_name),
+    )
+
+
+class PacifyFlushWrapper:
+    """This wrapper is used to catch and suppress BrokenPipeErrors resulting
+    from ``.flush()`` being called on broken pipe during the shutdown/final-GC
+    of the Python interpreter. Notably ``.flush()`` is always called on
+    ``sys.stdout`` and ``sys.stderr``. So as to have minimal impact on any
+    other cleanup code, and the case where the underlying file is not a broken
+    pipe, all calls and attributes are proxied.
+    """
+
+    def __init__(self, wrapped: t.IO[t.Any]) -> None:
+        self.wrapped = wrapped
+
+    def flush(self) -> None:
+        try:
+            self.wrapped.flush()
+        except OSError as e:
+            import errno
+
+            if e.errno != errno.EPIPE:
+                raise
+
+    def __getattr__(self, attr: str) -> t.Any:
+        return getattr(self.wrapped, attr)
+
+
+def _detect_program_name(
+    path: t.Optional[str] = None, _main: t.Optional[ModuleType] = None
+) -> str:
+    """Determine the command used to run the program, for use in help
+    text. If a file or entry point was executed, the file name is
+    returned. If ``python -m`` was used to execute a module or package,
+    ``python -m name`` is returned.
+
+    This doesn't try to be too precise, the goal is to give a concise
+    name for help text. Files are only shown as their name without the
+    path. ``python`` is only shown for modules, and the full path to
+    ``sys.executable`` is not shown.
+
+    :param path: The Python file being executed. Python puts this in
+        ``sys.argv[0]``, which is used by default.
+    :param _main: The ``__main__`` module. This should only be passed
+        during internal testing.
+
+    .. versionadded:: 8.0
+        Based on command args detection in the Werkzeug reloader.
+
+    :meta private:
+    """
+    if _main is None:
+        _main = sys.modules["__main__"]
+
+    if not path:
+        path = sys.argv[0]
+
+    # The value of __package__ indicates how Python was called. It may
+    # not exist if a setuptools script is installed as an egg. It may be
+    # set incorrectly for entry points created with pip on Windows.
+    # It is set to "" inside a Shiv or PEX zipapp.
+    if getattr(_main, "__package__", None) in {None, ""} or (
+        os.name == "nt"
+        and _main.__package__ == ""
+        and not os.path.exists(path)
+        and os.path.exists(f"{path}.exe")
+    ):
+        # Executed a file, like "python app.py".
+        return os.path.basename(path)
+
+    # Executed a module, like "python -m example".
+    # Rewritten by Python from "-m script" to "/path/to/script.py".
+    # Need to look at main module to determine how it was executed.
+    py_module = t.cast(str, _main.__package__)
+    name = os.path.splitext(os.path.basename(path))[0]
+
+    # A submodule like "example.cli".
+    if name != "__main__":
+        py_module = f"{py_module}.{name}"
+
+    return f"python -m {py_module.lstrip('.')}"
+
+
+def _expand_args(
+    args: t.Iterable[str],
+    *,
+    user: bool = True,
+    env: bool = True,
+    glob_recursive: bool = True,
+) -> t.List[str]:
+    """Simulate Unix shell expansion with Python functions.
+
+    See :func:`glob.glob`, :func:`os.path.expanduser`, and
+    :func:`os.path.expandvars`.
+
+    This is intended for use on Windows, where the shell does not do any
+    expansion. It may not exactly match what a Unix shell would do.
+
+    :param args: List of command line arguments to expand.
+    :param user: Expand user home directory.
+    :param env: Expand environment variables.
+    :param glob_recursive: ``**`` matches directories recursively.
+
+    .. versionchanged:: 8.1
+        Invalid glob patterns are treated as empty expansions rather
+        than raising an error.
+
+    .. versionadded:: 8.0
+
+    :meta private:
+    """
+    from glob import glob
+
+    out = []
+
+    for arg in args:
+        if user:
+            arg = os.path.expanduser(arg)
+
+        if env:
+            arg = os.path.expandvars(arg)
+
+        try:
+            matches = glob(arg, recursive=glob_recursive)
+        except re.error:
+            matches = []
+
+        if not matches:
+            out.append(arg)
+        else:
+            out.extend(matches)
+
+    return out
diff --git a/lib/go-jinja2/internal/data/linux-arm64/files.json b/lib/go-jinja2/internal/data/linux-arm64/files.json
new file mode 100644
index 000000000..6a1992bde
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/files.json
@@ -0,0 +1,888 @@
+{
+  "contentHash": "03f895c361713063cafe2a3e5fdc700249064b2bae1be315776267e0a9024d81",
+  "files": [
+    {
+      "name": "MarkupSafe-2.1.5.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
+      "size": 3003,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
+      "size": 1202,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
+      "size": 154,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "size": 1101,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/METADATA",
+      "size": 2058,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "size": 2785,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "size": 154,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "_yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "_yaml/__init__.py",
+      "size": 1402,
+      "perm": 420
+    },
+    {
+      "name": "bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "bin/jsonpath_ng",
+      "size": 260,
+      "perm": 493
+    },
+    {
+      "name": "bin/slugify",
+      "size": 238,
+      "perm": 493
+    },
+    {
+      "name": "click",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/METADATA",
+      "size": 3014,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/RECORD",
+      "size": 2582,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/top_level.txt",
+      "size": 6,
+      "perm": 420
+    },
+    {
+      "name": "click/__init__.py",
+      "size": 3138,
+      "perm": 420
+    },
+    {
+      "name": "click/_compat.py",
+      "size": 18744,
+      "perm": 420
+    },
+    {
+      "name": "click/_termui_impl.py",
+      "size": 24069,
+      "perm": 420
+    },
+    {
+      "name": "click/_textwrap.py",
+      "size": 1353,
+      "perm": 420
+    },
+    {
+      "name": "click/_winconsole.py",
+      "size": 7860,
+      "perm": 420
+    },
+    {
+      "name": "click/core.py",
+      "size": 114086,
+      "perm": 420
+    },
+    {
+      "name": "click/decorators.py",
+      "size": 18719,
+      "perm": 420
+    },
+    {
+      "name": "click/exceptions.py",
+      "size": 9273,
+      "perm": 420
+    },
+    {
+      "name": "click/formatting.py",
+      "size": 9706,
+      "perm": 420
+    },
+    {
+      "name": "click/globals.py",
+      "size": 1961,
+      "perm": 420
+    },
+    {
+      "name": "click/parser.py",
+      "size": 19067,
+      "perm": 420
+    },
+    {
+      "name": "click/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click/shell_completion.py",
+      "size": 18460,
+      "perm": 420
+    },
+    {
+      "name": "click/termui.py",
+      "size": 28324,
+      "perm": 420
+    },
+    {
+      "name": "click/testing.py",
+      "size": 16084,
+      "perm": 420
+    },
+    {
+      "name": "click/types.py",
+      "size": 36391,
+      "perm": 420
+    },
+    {
+      "name": "click/utils.py",
+      "size": 20298,
+      "perm": 420
+    },
+    {
+      "name": "jinja2",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/LICENSE.txt",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/METADATA",
+      "size": 2640,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/RECORD",
+      "size": 3697,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/WHEEL",
+      "size": 81,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/entry_points.txt",
+      "size": 58,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/__init__.py",
+      "size": 1928,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/_identifier.py",
+      "size": 1958,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/async_utils.py",
+      "size": 2477,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/bccache.py",
+      "size": 14061,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/compiler.py",
+      "size": 72271,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/constants.py",
+      "size": 1433,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/debug.py",
+      "size": 6299,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/defaults.py",
+      "size": 1267,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/environment.py",
+      "size": 61538,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/exceptions.py",
+      "size": 5071,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/ext.py",
+      "size": 31877,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/filters.py",
+      "size": 54611,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/idtracking.py",
+      "size": 10704,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/lexer.py",
+      "size": 29754,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/loaders.py",
+      "size": 23167,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/meta.py",
+      "size": 4397,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nativetypes.py",
+      "size": 4210,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nodes.py",
+      "size": 34579,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/optimizer.py",
+      "size": 1651,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/parser.py",
+      "size": 39890,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/runtime.py",
+      "size": 33435,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/sandbox.py",
+      "size": 14616,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/tests.py",
+      "size": 5926,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/utils.py",
+      "size": 23952,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/visitor.py",
+      "size": 3557,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "size": 11358,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
+      "size": 18072,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "size": 2549,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
+      "size": 69,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "size": 12,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/__init__.py",
+      "size": 116,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/bin/__init__.py",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin/jsonpath.py",
+      "size": 2057,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/exceptions.py",
+      "size": 146,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/ext/__init__.py",
+      "size": 605,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/arithmetic.py",
+      "size": 2381,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/filter.py",
+      "size": 4312,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/iterable.py",
+      "size": 3680,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/parser.py",
+      "size": 5351,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/string.py",
+      "size": 3261,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/jsonpath.py",
+      "size": 26402,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/lexer.py",
+      "size": 5231,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/parser.py",
+      "size": 5883,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "markupsafe/__init__.py",
+      "size": 10958,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_native.py",
+      "size": 1713,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.c",
+      "size": 7083,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so",
+      "size": 107968,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "markupsafe/_speedups.pyi",
+      "size": 229,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "ply",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info/DESCRIPTION.rst",
+      "size": 519,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/METADATA",
+      "size": 844,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/RECORD",
+      "size": 1211,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/metadata.json",
+      "size": 515,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/top_level.txt",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply/__init__.py",
+      "size": 103,
+      "perm": 420
+    },
+    {
+      "name": "ply/cpp.py",
+      "size": 33639,
+      "perm": 420
+    },
+    {
+      "name": "ply/ctokens.py",
+      "size": 3155,
+      "perm": 420
+    },
+    {
+      "name": "ply/lex.py",
+      "size": 42905,
+      "perm": 420
+    },
+    {
+      "name": "ply/yacc.py",
+      "size": 137736,
+      "perm": 420
+    },
+    {
+      "name": "ply/ygen.py",
+      "size": 2246,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/LICENSE",
+      "size": 1103,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/METADATA",
+      "size": 8469,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/RECORD",
+      "size": 1489,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/entry_points.txt",
+      "size": 50,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/top_level.txt",
+      "size": 8,
+      "perm": 420
+    },
+    {
+      "name": "slugify",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "slugify/__init__.py",
+      "size": 346,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__main__.py",
+      "size": 3961,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__version__.py",
+      "size": 325,
+      "perm": 420
+    },
+    {
+      "name": "slugify/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "slugify/slugify.py",
+      "size": 6180,
+      "perm": 420
+    },
+    {
+      "name": "slugify/special.py",
+      "size": 1222,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/DESCRIPTION.rst",
+      "size": 1199,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/LICENSE.txt",
+      "size": 6535,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/METADATA",
+      "size": 2422,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/RECORD",
+      "size": 937,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/metadata.json",
+      "size": 1299,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/top_level.txt",
+      "size": 15,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/__init__.py",
+      "size": 484,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/data.bin",
+      "size": 311077,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "yaml/__init__.py",
+      "size": 12311,
+      "perm": 420
+    },
+    {
+      "name": "yaml/_yaml.cpython-311-aarch64-linux-gnu.so",
+      "size": 2519832,
+      "perm": 493,
+      "compressed": true
+    },
+    {
+      "name": "yaml/composer.py",
+      "size": 4883,
+      "perm": 420
+    },
+    {
+      "name": "yaml/constructor.py",
+      "size": 28639,
+      "perm": 420
+    },
+    {
+      "name": "yaml/cyaml.py",
+      "size": 3851,
+      "perm": 420
+    },
+    {
+      "name": "yaml/dumper.py",
+      "size": 2837,
+      "perm": 420
+    },
+    {
+      "name": "yaml/emitter.py",
+      "size": 43006,
+      "perm": 420
+    },
+    {
+      "name": "yaml/error.py",
+      "size": 2533,
+      "perm": 420
+    },
+    {
+      "name": "yaml/events.py",
+      "size": 2445,
+      "perm": 420
+    },
+    {
+      "name": "yaml/loader.py",
+      "size": 2061,
+      "perm": 420
+    },
+    {
+      "name": "yaml/nodes.py",
+      "size": 1440,
+      "perm": 420
+    },
+    {
+      "name": "yaml/parser.py",
+      "size": 25495,
+      "perm": 420
+    },
+    {
+      "name": "yaml/reader.py",
+      "size": 6794,
+      "perm": 420
+    },
+    {
+      "name": "yaml/representer.py",
+      "size": 14190,
+      "perm": 420
+    },
+    {
+      "name": "yaml/resolver.py",
+      "size": 9004,
+      "perm": 420
+    },
+    {
+      "name": "yaml/scanner.py",
+      "size": 51279,
+      "perm": 420
+    },
+    {
+      "name": "yaml/serializer.py",
+      "size": 4165,
+      "perm": 420
+    },
+    {
+      "name": "yaml/tokens.py",
+      "size": 2573,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
new file mode 100644
index 000000000..c37cae49e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/LICENSE.txt
@@ -0,0 +1,28 @@
+Copyright 2007 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/METADATA
new file mode 100644
index 000000000..265cc32e1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/METADATA
@@ -0,0 +1,76 @@
+Metadata-Version: 2.1
+Name: Jinja2
+Version: 3.1.4
+Summary: A very fast and expressive template engine.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Dist: MarkupSafe>=2.0
+Requires-Dist: Babel>=2.7 ; extra == "i18n"
+Project-URL: Changes, https://jinja.palletsprojects.com/changes/
+Project-URL: Chat, https://discord.gg/pallets
+Project-URL: Documentation, https://jinja.palletsprojects.com/
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Source, https://github.com/pallets/jinja/
+Provides-Extra: i18n
+
+# Jinja
+
+Jinja is a fast, expressive, extensible templating engine. Special
+placeholders in the template allow writing code similar to Python
+syntax. Then the template is passed data to render the final document.
+
+It includes:
+
+-   Template inheritance and inclusion.
+-   Define and import macros within templates.
+-   HTML templates can use autoescaping to prevent XSS from untrusted
+    user input.
+-   A sandboxed environment can safely render untrusted templates.
+-   AsyncIO support for generating templates and calling async
+    functions.
+-   I18N support with Babel.
+-   Templates are compiled to optimized Python code just-in-time and
+    cached, or can be compiled ahead-of-time.
+-   Exceptions point to the correct line in templates to make debugging
+    easier.
+-   Extensible filters, tests, functions, and even syntax.
+
+Jinja's philosophy is that while application logic belongs in Python if
+possible, it shouldn't make the template designer's job difficult by
+restricting functionality too much.
+
+
+## In A Nutshell
+
+.. code-block:: jinja
+
+    {% extends "base.html" %}
+    {% block title %}Members{% endblock %}
+    {% block content %}
+      <ul>
+      {% for user in users %}
+        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+      {% endfor %}
+      </ul>
+    {% endblock %}
+
+
+## Donate
+
+The Pallets organization develops and supports Jinja and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, [please
+donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/RECORD
new file mode 100644
index 000000000..e9bdca35c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/RECORD
@@ -0,0 +1,58 @@
+jinja2-3.1.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2-3.1.4.dist-info/LICENSE.txt,sha256=O0nc7kEF6ze6wQ-vG-JgQI_oXSUrjp3y4JefweCUQ3s,1475
+jinja2-3.1.4.dist-info/METADATA,sha256=R_brzpPQVBvpGcsm-WbrtgotO7suQ1D0F-qkhTzeEfY,2640
+jinja2-3.1.4.dist-info/RECORD,,
+jinja2-3.1.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2-3.1.4.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+jinja2-3.1.4.dist-info/entry_points.txt,sha256=OL85gYU1eD8cuPlikifFngXpeBjaxl6rIJ8KkC_3r-I,58
+jinja2/__init__.py,sha256=wIl45IM20KGw-kfr7jJhaBxxX5g4-kihlBYjxopX7Pw,1928
+jinja2/__pycache__/__init__.cpython-311.pyc,,
+jinja2/__pycache__/_identifier.cpython-311.pyc,,
+jinja2/__pycache__/async_utils.cpython-311.pyc,,
+jinja2/__pycache__/bccache.cpython-311.pyc,,
+jinja2/__pycache__/compiler.cpython-311.pyc,,
+jinja2/__pycache__/constants.cpython-311.pyc,,
+jinja2/__pycache__/debug.cpython-311.pyc,,
+jinja2/__pycache__/defaults.cpython-311.pyc,,
+jinja2/__pycache__/environment.cpython-311.pyc,,
+jinja2/__pycache__/exceptions.cpython-311.pyc,,
+jinja2/__pycache__/ext.cpython-311.pyc,,
+jinja2/__pycache__/filters.cpython-311.pyc,,
+jinja2/__pycache__/idtracking.cpython-311.pyc,,
+jinja2/__pycache__/lexer.cpython-311.pyc,,
+jinja2/__pycache__/loaders.cpython-311.pyc,,
+jinja2/__pycache__/meta.cpython-311.pyc,,
+jinja2/__pycache__/nativetypes.cpython-311.pyc,,
+jinja2/__pycache__/nodes.cpython-311.pyc,,
+jinja2/__pycache__/optimizer.cpython-311.pyc,,
+jinja2/__pycache__/parser.cpython-311.pyc,,
+jinja2/__pycache__/runtime.cpython-311.pyc,,
+jinja2/__pycache__/sandbox.cpython-311.pyc,,
+jinja2/__pycache__/tests.cpython-311.pyc,,
+jinja2/__pycache__/utils.cpython-311.pyc,,
+jinja2/__pycache__/visitor.cpython-311.pyc,,
+jinja2/_identifier.py,sha256=_zYctNKzRqlk_murTNlzrju1FFJL7Va_Ijqqd7ii2lU,1958
+jinja2/async_utils.py,sha256=JXKWCAXmTx0iZB4-hAsF50vgjxw_RJTjiLOlGGTBso0,2477
+jinja2/bccache.py,sha256=gh0qs9rulnXo0PhX5jTJy2UHzI8wFnQ63o_vw7nhzRg,14061
+jinja2/compiler.py,sha256=dpV-n6_iQUP4uSwlXwGUavJmwjvXdyxKzJ-AonFjPBk,72271
+jinja2/constants.py,sha256=GMoFydBF_kdpaRKPoM5cl5MviquVRLVyZtfp5-16jg0,1433
+jinja2/debug.py,sha256=iWJ432RadxJNnaMOPrjIDInz50UEgni3_HKuFXi2vuQ,6299
+jinja2/defaults.py,sha256=boBcSw78h-lp20YbaXSJsqkAI2uN_mD_TtCydpeq5wU,1267
+jinja2/environment.py,sha256=xhFkmxO0CESA76Ki5tz4XWq9yzGu-t0p93JCCVBVNps,61538
+jinja2/exceptions.py,sha256=ioHeHrWwCWNaXX1inHmHVblvc4haO7AXsjCp3GfWvx0,5071
+jinja2/ext.py,sha256=igsBH7c6C0byHaOtMbE-ugpt4GjLGgR-ywskyXtKgq8,31877
+jinja2/filters.py,sha256=bKeqjFjjz88TkHVLSyyMIEB75CzAN6b3Airgx0phJDg,54611
+jinja2/idtracking.py,sha256=GfNmadir4oDALVxzn3DL9YInhJDr69ebXeA2ygfuCGA,10704
+jinja2/lexer.py,sha256=xnWWXhPndHFsoqzpc5VTjheDE9JuKk9MUo9DZkrM8Os,29754
+jinja2/loaders.py,sha256=ru0GIWHo5KiHJi7_MoI_LvGDoBBvP6rd0hiC1ReaTwk,23167
+jinja2/meta.py,sha256=OTDPkaFvU2Hgvx-6akz7154F8BIWaRmvJcBFvwopHww,4397
+jinja2/nativetypes.py,sha256=7GIGALVJgdyL80oZJdQUaUfwSt5q2lSSZbXt0dNf_M4,4210
+jinja2/nodes.py,sha256=m1Duzcr6qhZI8JQ6VyJgUNinjAf5bQzijSmDnMsvUx8,34579
+jinja2/optimizer.py,sha256=rJnCRlQ7pZsEEmMhsQDgC_pKyDHxP5TPS6zVPGsgcu8,1651
+jinja2/parser.py,sha256=DV1iF1FR2Rsaj_5zl8rmx7j6Bj4S8iLHoYsvJ0bfEis,39890
+jinja2/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2/runtime.py,sha256=POXT3tKNKJRENx2CymwUsOOXH2JwGPjW702njB5__cQ,33435
+jinja2/sandbox.py,sha256=TJjBNS9qRJ2ZgBMWdAgRBpyDLOHea2kT-2mk4PrjYx0,14616
+jinja2/tests.py,sha256=VLsBhVFnWg-PxSBz1MhRnNWgP1ovXk3neO1FLQMeC9Q,5926
+jinja2/utils.py,sha256=nV7IpWLvRCMyHW1irBAK8CIPAnOFfkb2ukggDBjbBEY,23952
+jinja2/visitor.py,sha256=EcnL1PIwf_4RVCOMxsRNuR8AXHbS1qfAdMOE2ngKJz4,3557
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/WHEEL
new file mode 100644
index 000000000..3b5e64b5e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/WHEEL
@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: flit 3.9.0
+Root-Is-Purelib: true
+Tag: py3-none-any
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..abc3eae3b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2-3.1.4.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[babel.extractors]
+jinja2=jinja2.ext:babel_extract[i18n]
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/__init__.py
new file mode 100644
index 000000000..2f0b5b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/__init__.py
@@ -0,0 +1,38 @@
+"""Jinja is a template engine written in pure Python. It provides a
+non-XML syntax that supports inline expressions and an optional
+sandboxed environment.
+"""
+
+from .bccache import BytecodeCache as BytecodeCache
+from .bccache import FileSystemBytecodeCache as FileSystemBytecodeCache
+from .bccache import MemcachedBytecodeCache as MemcachedBytecodeCache
+from .environment import Environment as Environment
+from .environment import Template as Template
+from .exceptions import TemplateAssertionError as TemplateAssertionError
+from .exceptions import TemplateError as TemplateError
+from .exceptions import TemplateNotFound as TemplateNotFound
+from .exceptions import TemplateRuntimeError as TemplateRuntimeError
+from .exceptions import TemplatesNotFound as TemplatesNotFound
+from .exceptions import TemplateSyntaxError as TemplateSyntaxError
+from .exceptions import UndefinedError as UndefinedError
+from .loaders import BaseLoader as BaseLoader
+from .loaders import ChoiceLoader as ChoiceLoader
+from .loaders import DictLoader as DictLoader
+from .loaders import FileSystemLoader as FileSystemLoader
+from .loaders import FunctionLoader as FunctionLoader
+from .loaders import ModuleLoader as ModuleLoader
+from .loaders import PackageLoader as PackageLoader
+from .loaders import PrefixLoader as PrefixLoader
+from .runtime import ChainableUndefined as ChainableUndefined
+from .runtime import DebugUndefined as DebugUndefined
+from .runtime import make_logging_undefined as make_logging_undefined
+from .runtime import StrictUndefined as StrictUndefined
+from .runtime import Undefined as Undefined
+from .utils import clear_caches as clear_caches
+from .utils import is_undefined as is_undefined
+from .utils import pass_context as pass_context
+from .utils import pass_environment as pass_environment
+from .utils import pass_eval_context as pass_eval_context
+from .utils import select_autoescape as select_autoescape
+
+__version__ = "3.1.4"
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/_identifier.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/_identifier.py
new file mode 100644
index 000000000..928c1503c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/_identifier.py
@@ -0,0 +1,6 @@
+import re
+
+# generated by scripts/generate_identifier_pattern.py
+pattern = re.compile(
+    r"[\w·̀-ͯ·҃-֑҇-ׇֽֿׁׂׅׄؐ-ًؚ-ٰٟۖ-ۜ۟-۪ۤۧۨ-ܑۭܰ-݊ަ-ް߫-߽߳ࠖ-࠙ࠛ-ࠣࠥ-ࠧࠩ-࡙࠭-࡛࣓-ࣣ࣡-ःऺ-़ा-ॏ॑-ॗॢॣঁ-ঃ়া-ৄেৈো-্ৗৢৣ৾ਁ-ਃ਼ਾ-ੂੇੈੋ-੍ੑੰੱੵઁ-ઃ઼ા-ૅે-ૉો-્ૢૣૺ-૿ଁ-ଃ଼ା-ୄେୈୋ-୍ୖୗୢୣஂா-ூெ-ைொ-்ௗఀ-ఄా-ౄె-ైొ-్ౕౖౢౣಁ-ಃ಼ಾ-ೄೆ-ೈೊ-್ೕೖೢೣഀ-ഃ഻഼ാ-ൄെ-ൈൊ-്ൗൢൣංඃ්ා-ුූෘ-ෟෲෳัิ-ฺ็-๎ັິ-ູົຼ່-ໍ༹༘༙༵༷༾༿ཱ-྄྆྇ྍ-ྗྙ-ྼ࿆ါ-ှၖ-ၙၞ-ၠၢ-ၤၧ-ၭၱ-ၴႂ-ႍႏႚ-ႝ፝-፟ᜒ-᜔ᜲ-᜴ᝒᝓᝲᝳ឴-៓៝᠋-᠍ᢅᢆᢩᤠ-ᤫᤰ-᤻ᨗ-ᨛᩕ-ᩞ᩠-᩿᩼᪰-᪽ᬀ-ᬄ᬴-᭄᭫-᭳ᮀ-ᮂᮡ-ᮭ᯦-᯳ᰤ-᰷᳐-᳔᳒-᳨᳭ᳲ-᳴᳷-᳹᷀-᷹᷻-᷿‿⁀⁔⃐-⃥⃜⃡-⃰℘℮⳯-⵿⳱ⷠ-〪ⷿ-゙゚〯꙯ꙴ-꙽ꚞꚟ꛰꛱ꠂ꠆ꠋꠣ-ꠧꢀꢁꢴ-ꣅ꣠-꣱ꣿꤦ-꤭ꥇ-꥓ꦀ-ꦃ꦳-꧀ꧥꨩ-ꨶꩃꩌꩍꩻ-ꩽꪰꪲ-ꪴꪷꪸꪾ꪿꫁ꫫ-ꫯꫵ꫶ꯣ-ꯪ꯬꯭ﬞ︀-️︠-︯︳︴﹍-﹏＿𐇽𐋠𐍶-𐍺𐨁-𐨃𐨅𐨆𐨌-𐨏𐨸-𐨿𐨺𐫦𐫥𐴤-𐽆𐴧-𐽐𑀀-𑀂𑀸-𑁆𑁿-𑂂𑂰-𑂺𑄀-𑄂𑄧-𑄴𑅅𑅆𑅳𑆀-𑆂𑆳-𑇀𑇉-𑇌𑈬-𑈷𑈾𑋟-𑋪𑌀-𑌃𑌻𑌼𑌾-𑍄𑍇𑍈𑍋-𑍍𑍗𑍢𑍣𑍦-𑍬𑍰-𑍴𑐵-𑑆𑑞𑒰-𑓃𑖯-𑖵𑖸-𑗀𑗜𑗝𑘰-𑙀𑚫-𑚷𑜝-𑜫𑠬-𑠺𑨁-𑨊𑨳-𑨹𑨻-𑨾𑩇𑩑-𑩛𑪊-𑪙𑰯-𑰶𑰸-𑰿𑲒-𑲧𑲩-𑲶𑴱-𑴶𑴺𑴼𑴽𑴿-𑵅𑵇𑶊-𑶎𑶐𑶑𑶓-𑶗𑻳-𑻶𖫰-𖫴𖬰-𖬶𖽑-𖽾𖾏-𖾒𛲝𛲞𝅥-𝅩𝅭-𝅲𝅻-𝆂𝆅-𝆋𝆪-𝆭𝉂-𝉄𝨀-𝨶𝨻-𝩬𝩵𝪄𝪛-𝪟𝪡-𝪯𞀀-𞀆𞀈-𞀘𞀛-𞀡𞀣𞀤𞀦-𞣐𞀪-𞣖𞥄-𞥊󠄀-󠇯]+"  # noqa: B950
+)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/async_utils.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/async_utils.py
new file mode 100644
index 000000000..e65219e49
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/async_utils.py
@@ -0,0 +1,84 @@
+import inspect
+import typing as t
+from functools import WRAPPER_ASSIGNMENTS
+from functools import wraps
+
+from .utils import _PassArg
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+
+
+def async_variant(normal_func):  # type: ignore
+    def decorator(async_func):  # type: ignore
+        pass_arg = _PassArg.from_obj(normal_func)
+        need_eval_context = pass_arg is None
+
+        if pass_arg is _PassArg.environment:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].is_async)
+
+        else:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].environment.is_async)
+
+        # Take the doc and annotations from the sync function, but the
+        # name from the async function. Pallets-Sphinx-Themes
+        # build_function_directive expects __wrapped__ to point to the
+        # sync function.
+        async_func_attrs = ("__module__", "__name__", "__qualname__")
+        normal_func_attrs = tuple(set(WRAPPER_ASSIGNMENTS).difference(async_func_attrs))
+
+        @wraps(normal_func, assigned=normal_func_attrs)
+        @wraps(async_func, assigned=async_func_attrs, updated=())
+        def wrapper(*args, **kwargs):  # type: ignore
+            b = is_async(args)
+
+            if need_eval_context:
+                args = args[1:]
+
+            if b:
+                return async_func(*args, **kwargs)
+
+            return normal_func(*args, **kwargs)
+
+        if need_eval_context:
+            wrapper = pass_eval_context(wrapper)
+
+        wrapper.jinja_async_variant = True  # type: ignore[attr-defined]
+        return wrapper
+
+    return decorator
+
+
+_common_primitives = {int, float, bool, str, list, dict, tuple, type(None)}
+
+
+async def auto_await(value: t.Union[t.Awaitable["V"], "V"]) -> "V":
+    # Avoid a costly call to isawaitable
+    if type(value) in _common_primitives:
+        return t.cast("V", value)
+
+    if inspect.isawaitable(value):
+        return await t.cast("t.Awaitable[V]", value)
+
+    return t.cast("V", value)
+
+
+async def auto_aiter(
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> "t.AsyncIterator[V]":
+    if hasattr(iterable, "__aiter__"):
+        async for item in t.cast("t.AsyncIterable[V]", iterable):
+            yield item
+    else:
+        for item in iterable:
+            yield item
+
+
+async def auto_to_list(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> t.List["V"]:
+    return [x async for x in auto_aiter(value)]
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/bccache.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/bccache.py
new file mode 100644
index 000000000..ada8b099f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/bccache.py
@@ -0,0 +1,408 @@
+"""The optional bytecode cache system. This is useful if you have very
+complex template situations and the compilation of all those templates
+slows down your application too much.
+
+Situations where this is useful are often forking web applications that
+are initialized on the first request.
+"""
+
+import errno
+import fnmatch
+import marshal
+import os
+import pickle
+import stat
+import sys
+import tempfile
+import typing as t
+from hashlib import sha1
+from io import BytesIO
+from types import CodeType
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class _MemcachedClient(te.Protocol):
+        def get(self, key: str) -> bytes: ...
+
+        def set(
+            self, key: str, value: bytes, timeout: t.Optional[int] = None
+        ) -> None: ...
+
+
+bc_version = 5
+# Magic bytes to identify Jinja bytecode cache files. Contains the
+# Python major and minor version to avoid loading incompatible bytecode
+# if a project upgrades its Python version.
+bc_magic = (
+    b"j2"
+    + pickle.dumps(bc_version, 2)
+    + pickle.dumps((sys.version_info[0] << 24) | sys.version_info[1], 2)
+)
+
+
+class Bucket:
+    """Buckets are used to store the bytecode for one template.  It's created
+    and initialized by the bytecode cache and passed to the loading functions.
+
+    The buckets get an internal checksum from the cache assigned and use this
+    to automatically reject outdated cache material.  Individual bytecode
+    cache subclasses don't have to care about cache invalidation.
+    """
+
+    def __init__(self, environment: "Environment", key: str, checksum: str) -> None:
+        self.environment = environment
+        self.key = key
+        self.checksum = checksum
+        self.reset()
+
+    def reset(self) -> None:
+        """Resets the bucket (unloads the bytecode)."""
+        self.code: t.Optional[CodeType] = None
+
+    def load_bytecode(self, f: t.BinaryIO) -> None:
+        """Loads bytecode from a file or file like object."""
+        # make sure the magic header is correct
+        magic = f.read(len(bc_magic))
+        if magic != bc_magic:
+            self.reset()
+            return
+        # the source code of the file changed, we need to reload
+        checksum = pickle.load(f)
+        if self.checksum != checksum:
+            self.reset()
+            return
+        # if marshal_load fails then we need to reload
+        try:
+            self.code = marshal.load(f)
+        except (EOFError, ValueError, TypeError):
+            self.reset()
+            return
+
+    def write_bytecode(self, f: t.IO[bytes]) -> None:
+        """Dump the bytecode into the file or file like object passed."""
+        if self.code is None:
+            raise TypeError("can't write empty bucket")
+        f.write(bc_magic)
+        pickle.dump(self.checksum, f, 2)
+        marshal.dump(self.code, f)
+
+    def bytecode_from_string(self, string: bytes) -> None:
+        """Load bytecode from bytes."""
+        self.load_bytecode(BytesIO(string))
+
+    def bytecode_to_string(self) -> bytes:
+        """Return the bytecode as bytes."""
+        out = BytesIO()
+        self.write_bytecode(out)
+        return out.getvalue()
+
+
+class BytecodeCache:
+    """To implement your own bytecode cache you have to subclass this class
+    and override :meth:`load_bytecode` and :meth:`dump_bytecode`.  Both of
+    these methods are passed a :class:`~jinja2.bccache.Bucket`.
+
+    A very basic bytecode cache that saves the bytecode on the file system::
+
+        from os import path
+
+        class MyCache(BytecodeCache):
+
+            def __init__(self, directory):
+                self.directory = directory
+
+            def load_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                if path.exists(filename):
+                    with open(filename, 'rb') as f:
+                        bucket.load_bytecode(f)
+
+            def dump_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                with open(filename, 'wb') as f:
+                    bucket.write_bytecode(f)
+
+    A more advanced version of a filesystem based bytecode cache is part of
+    Jinja.
+    """
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to load bytecode into a
+        bucket.  If they are not able to find code in the cache for the
+        bucket, it must not do anything.
+        """
+        raise NotImplementedError()
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to write the bytecode
+        from a bucket back to the cache.  If it unable to do so it must not
+        fail silently but raise an exception.
+        """
+        raise NotImplementedError()
+
+    def clear(self) -> None:
+        """Clears the cache.  This method is not used by Jinja but should be
+        implemented to allow applications to clear the bytecode cache used
+        by a particular environment.
+        """
+
+    def get_cache_key(
+        self, name: str, filename: t.Optional[t.Union[str]] = None
+    ) -> str:
+        """Returns the unique hash key for this template name."""
+        hash = sha1(name.encode("utf-8"))
+
+        if filename is not None:
+            hash.update(f"|{filename}".encode())
+
+        return hash.hexdigest()
+
+    def get_source_checksum(self, source: str) -> str:
+        """Returns a checksum for the source."""
+        return sha1(source.encode("utf-8")).hexdigest()
+
+    def get_bucket(
+        self,
+        environment: "Environment",
+        name: str,
+        filename: t.Optional[str],
+        source: str,
+    ) -> Bucket:
+        """Return a cache bucket for the given template.  All arguments are
+        mandatory but filename may be `None`.
+        """
+        key = self.get_cache_key(name, filename)
+        checksum = self.get_source_checksum(source)
+        bucket = Bucket(environment, key, checksum)
+        self.load_bytecode(bucket)
+        return bucket
+
+    def set_bucket(self, bucket: Bucket) -> None:
+        """Put the bucket into the cache."""
+        self.dump_bytecode(bucket)
+
+
+class FileSystemBytecodeCache(BytecodeCache):
+    """A bytecode cache that stores bytecode on the filesystem.  It accepts
+    two arguments: The directory where the cache items are stored and a
+    pattern string that is used to build the filename.
+
+    If no directory is specified a default cache directory is selected.  On
+    Windows the user's temp directory is used, on UNIX systems a directory
+    is created for the user in the system temp directory.
+
+    The pattern can be used to have multiple separate caches operate on the
+    same directory.  The default pattern is ``'__jinja2_%s.cache'``.  ``%s``
+    is replaced with the cache key.
+
+    >>> bcc = FileSystemBytecodeCache('/tmp/jinja_cache', '%s.cache')
+
+    This bytecode cache supports clearing of the cache using the clear method.
+    """
+
+    def __init__(
+        self, directory: t.Optional[str] = None, pattern: str = "__jinja2_%s.cache"
+    ) -> None:
+        if directory is None:
+            directory = self._get_default_cache_dir()
+        self.directory = directory
+        self.pattern = pattern
+
+    def _get_default_cache_dir(self) -> str:
+        def _unsafe_dir() -> "te.NoReturn":
+            raise RuntimeError(
+                "Cannot determine safe temp directory.  You "
+                "need to explicitly provide one."
+            )
+
+        tmpdir = tempfile.gettempdir()
+
+        # On windows the temporary directory is used specific unless
+        # explicitly forced otherwise.  We can just use that.
+        if os.name == "nt":
+            return tmpdir
+        if not hasattr(os, "getuid"):
+            _unsafe_dir()
+
+        dirname = f"_jinja2-cache-{os.getuid()}"
+        actual_dir = os.path.join(tmpdir, dirname)
+
+        try:
+            os.mkdir(actual_dir, stat.S_IRWXU)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+        try:
+            os.chmod(actual_dir, stat.S_IRWXU)
+            actual_dir_stat = os.lstat(actual_dir)
+            if (
+                actual_dir_stat.st_uid != os.getuid()
+                or not stat.S_ISDIR(actual_dir_stat.st_mode)
+                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+            ):
+                _unsafe_dir()
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+
+        actual_dir_stat = os.lstat(actual_dir)
+        if (
+            actual_dir_stat.st_uid != os.getuid()
+            or not stat.S_ISDIR(actual_dir_stat.st_mode)
+            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+        ):
+            _unsafe_dir()
+
+        return actual_dir
+
+    def _get_cache_filename(self, bucket: Bucket) -> str:
+        return os.path.join(self.directory, self.pattern % (bucket.key,))
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        filename = self._get_cache_filename(bucket)
+
+        # Don't test for existence before opening the file, since the
+        # file could disappear after the test before the open.
+        try:
+            f = open(filename, "rb")
+        except (FileNotFoundError, IsADirectoryError, PermissionError):
+            # PermissionError can occur on Windows when an operation is
+            # in progress, such as calling clear().
+            return
+
+        with f:
+            bucket.load_bytecode(f)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        # Write to a temporary file, then rename to the real name after
+        # writing. This avoids another process reading the file before
+        # it is fully written.
+        name = self._get_cache_filename(bucket)
+        f = tempfile.NamedTemporaryFile(
+            mode="wb",
+            dir=os.path.dirname(name),
+            prefix=os.path.basename(name),
+            suffix=".tmp",
+            delete=False,
+        )
+
+        def remove_silent() -> None:
+            try:
+                os.remove(f.name)
+            except OSError:
+                # Another process may have called clear(). On Windows,
+                # another program may be holding the file open.
+                pass
+
+        try:
+            with f:
+                bucket.write_bytecode(f)
+        except BaseException:
+            remove_silent()
+            raise
+
+        try:
+            os.replace(f.name, name)
+        except OSError:
+            # Another process may have called clear(). On Windows,
+            # another program may be holding the file open.
+            remove_silent()
+        except BaseException:
+            remove_silent()
+            raise
+
+    def clear(self) -> None:
+        # imported lazily here because google app-engine doesn't support
+        # write access on the file system and the function does not exist
+        # normally.
+        from os import remove
+
+        files = fnmatch.filter(os.listdir(self.directory), self.pattern % ("*",))
+        for filename in files:
+            try:
+                remove(os.path.join(self.directory, filename))
+            except OSError:
+                pass
+
+
+class MemcachedBytecodeCache(BytecodeCache):
+    """This class implements a bytecode cache that uses a memcache cache for
+    storing the information.  It does not enforce a specific memcache library
+    (tummy's memcache or cmemcache) but will accept any class that provides
+    the minimal interface required.
+
+    Libraries compatible with this class:
+
+    -   `cachelib <https://github.com/pallets/cachelib>`_
+    -   `python-memcached <https://pypi.org/project/python-memcached/>`_
+
+    (Unfortunately the django cache interface is not compatible because it
+    does not support storing binary data, only text. You can however pass
+    the underlying cache client to the bytecode cache which is available
+    as `django.core.cache.cache._client`.)
+
+    The minimal interface for the client passed to the constructor is this:
+
+    .. class:: MinimalClientInterface
+
+        .. method:: set(key, value[, timeout])
+
+            Stores the bytecode in the cache.  `value` is a string and
+            `timeout` the timeout of the key.  If timeout is not provided
+            a default timeout or no timeout should be assumed, if it's
+            provided it's an integer with the number of seconds the cache
+            item should exist.
+
+        .. method:: get(key)
+
+            Returns the value for the cache key.  If the item does not
+            exist in the cache the return value must be `None`.
+
+    The other arguments to the constructor are the prefix for all keys that
+    is added before the actual cache key and the timeout for the bytecode in
+    the cache system.  We recommend a high (or no) timeout.
+
+    This bytecode cache does not support clearing of used items in the cache.
+    The clear method is a no-operation function.
+
+    .. versionadded:: 2.7
+       Added support for ignoring memcache errors through the
+       `ignore_memcache_errors` parameter.
+    """
+
+    def __init__(
+        self,
+        client: "_MemcachedClient",
+        prefix: str = "jinja2/bytecode/",
+        timeout: t.Optional[int] = None,
+        ignore_memcache_errors: bool = True,
+    ):
+        self.client = client
+        self.prefix = prefix
+        self.timeout = timeout
+        self.ignore_memcache_errors = ignore_memcache_errors
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        try:
+            code = self.client.get(self.prefix + bucket.key)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
+        else:
+            bucket.bytecode_from_string(code)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        key = self.prefix + bucket.key
+        value = bucket.bytecode_to_string()
+
+        try:
+            if self.timeout is not None:
+                self.client.set(key, value, self.timeout)
+            else:
+                self.client.set(key, value)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/compiler.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/compiler.py
new file mode 100644
index 000000000..274071750
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/compiler.py
@@ -0,0 +1,1960 @@
+"""Compiles nodes from the parser into Python code."""
+
+import typing as t
+from contextlib import contextmanager
+from functools import update_wrapper
+from io import StringIO
+from itertools import chain
+from keyword import iskeyword as is_python_keyword
+
+from markupsafe import escape
+from markupsafe import Markup
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .idtracking import Symbols
+from .idtracking import VAR_LOAD_ALIAS
+from .idtracking import VAR_LOAD_PARAMETER
+from .idtracking import VAR_LOAD_RESOLVE
+from .idtracking import VAR_LOAD_UNDEFINED
+from .nodes import EvalContext
+from .optimizer import Optimizer
+from .utils import _PassArg
+from .utils import concat
+from .visitor import NodeVisitor
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+operators = {
+    "eq": "==",
+    "ne": "!=",
+    "gt": ">",
+    "gteq": ">=",
+    "lt": "<",
+    "lteq": "<=",
+    "in": "in",
+    "notin": "not in",
+}
+
+
+def optimizeconst(f: F) -> F:
+    def new_func(
+        self: "CodeGenerator", node: nodes.Expr, frame: "Frame", **kwargs: t.Any
+    ) -> t.Any:
+        # Only optimize if the frame is not volatile
+        if self.optimizer is not None and not frame.eval_ctx.volatile:
+            new_node = self.optimizer.visit(node, frame.eval_ctx)
+
+            if new_node != node:
+                return self.visit(new_node, frame)
+
+        return f(self, node, frame, **kwargs)
+
+    return update_wrapper(t.cast(F, new_func), f)
+
+
+def _make_binop(op: str) -> t.Callable[["CodeGenerator", nodes.BinExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.BinExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_binops  # type: ignore
+        ):
+            self.write(f"environment.call_binop(context, {op!r}, ")
+            self.visit(node.left, frame)
+            self.write(", ")
+            self.visit(node.right, frame)
+        else:
+            self.write("(")
+            self.visit(node.left, frame)
+            self.write(f" {op} ")
+            self.visit(node.right, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def _make_unop(
+    op: str,
+) -> t.Callable[["CodeGenerator", nodes.UnaryExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.UnaryExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_unops  # type: ignore
+        ):
+            self.write(f"environment.call_unop(context, {op!r}, ")
+            self.visit(node.node, frame)
+        else:
+            self.write("(" + op)
+            self.visit(node.node, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def generate(
+    node: nodes.Template,
+    environment: "Environment",
+    name: t.Optional[str],
+    filename: t.Optional[str],
+    stream: t.Optional[t.TextIO] = None,
+    defer_init: bool = False,
+    optimized: bool = True,
+) -> t.Optional[str]:
+    """Generate the python source for a node tree."""
+    if not isinstance(node, nodes.Template):
+        raise TypeError("Can't compile non template nodes")
+
+    generator = environment.code_generator_class(
+        environment, name, filename, stream, defer_init, optimized
+    )
+    generator.visit(node)
+
+    if stream is None:
+        return generator.stream.getvalue()  # type: ignore
+
+    return None
+
+
+def has_safe_repr(value: t.Any) -> bool:
+    """Does the node have a safe representation?"""
+    if value is None or value is NotImplemented or value is Ellipsis:
+        return True
+
+    if type(value) in {bool, int, float, complex, range, str, Markup}:
+        return True
+
+    if type(value) in {tuple, list, set, frozenset}:
+        return all(has_safe_repr(v) for v in value)
+
+    if type(value) is dict:  # noqa E721
+        return all(has_safe_repr(k) and has_safe_repr(v) for k, v in value.items())
+
+    return False
+
+
+def find_undeclared(
+    nodes: t.Iterable[nodes.Node], names: t.Iterable[str]
+) -> t.Set[str]:
+    """Check if the names passed are accessed undeclared.  The return value
+    is a set of all the undeclared names from the sequence of names found.
+    """
+    visitor = UndeclaredNameVisitor(names)
+    try:
+        for node in nodes:
+            visitor.visit(node)
+    except VisitorExit:
+        pass
+    return visitor.undeclared
+
+
+class MacroRef:
+    def __init__(self, node: t.Union[nodes.Macro, nodes.CallBlock]) -> None:
+        self.node = node
+        self.accesses_caller = False
+        self.accesses_kwargs = False
+        self.accesses_varargs = False
+
+
+class Frame:
+    """Holds compile time information for us."""
+
+    def __init__(
+        self,
+        eval_ctx: EvalContext,
+        parent: t.Optional["Frame"] = None,
+        level: t.Optional[int] = None,
+    ) -> None:
+        self.eval_ctx = eval_ctx
+
+        # the parent of this frame
+        self.parent = parent
+
+        if parent is None:
+            self.symbols = Symbols(level=level)
+
+            # in some dynamic inheritance situations the compiler needs to add
+            # write tests around output statements.
+            self.require_output_check = False
+
+            # inside some tags we are using a buffer rather than yield statements.
+            # this for example affects {% filter %} or {% macro %}.  If a frame
+            # is buffered this variable points to the name of the list used as
+            # buffer.
+            self.buffer: t.Optional[str] = None
+
+            # the name of the block we're in, otherwise None.
+            self.block: t.Optional[str] = None
+
+        else:
+            self.symbols = Symbols(parent.symbols, level=level)
+            self.require_output_check = parent.require_output_check
+            self.buffer = parent.buffer
+            self.block = parent.block
+
+        # a toplevel frame is the root + soft frames such as if conditions.
+        self.toplevel = False
+
+        # the root frame is basically just the outermost frame, so no if
+        # conditions.  This information is used to optimize inheritance
+        # situations.
+        self.rootlevel = False
+
+        # variables set inside of loops and blocks should not affect outer frames,
+        # but they still needs to be kept track of as part of the active context.
+        self.loop_frame = False
+        self.block_frame = False
+
+        # track whether the frame is being used in an if-statement or conditional
+        # expression as it determines which errors should be raised during runtime
+        # or compile time.
+        self.soft_frame = False
+
+    def copy(self) -> "Frame":
+        """Create a copy of the current one."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.symbols = self.symbols.copy()
+        return rv
+
+    def inner(self, isolated: bool = False) -> "Frame":
+        """Return an inner frame."""
+        if isolated:
+            return Frame(self.eval_ctx, level=self.symbols.level + 1)
+        return Frame(self.eval_ctx, self)
+
+    def soft(self) -> "Frame":
+        """Return a soft frame.  A soft frame may not be modified as
+        standalone thing as it shares the resources with the frame it
+        was created of, but it's not a rootlevel frame any longer.
+
+        This is only used to implement if-statements and conditional
+        expressions.
+        """
+        rv = self.copy()
+        rv.rootlevel = False
+        rv.soft_frame = True
+        return rv
+
+    __copy__ = copy
+
+
+class VisitorExit(RuntimeError):
+    """Exception used by the `UndeclaredNameVisitor` to signal a stop."""
+
+
+class DependencyFinderVisitor(NodeVisitor):
+    """A visitor that collects filter and test calls."""
+
+    def __init__(self) -> None:
+        self.filters: t.Set[str] = set()
+        self.tests: t.Set[str] = set()
+
+    def visit_Filter(self, node: nodes.Filter) -> None:
+        self.generic_visit(node)
+        self.filters.add(node.name)
+
+    def visit_Test(self, node: nodes.Test) -> None:
+        self.generic_visit(node)
+        self.tests.add(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting at blocks."""
+
+
+class UndeclaredNameVisitor(NodeVisitor):
+    """A visitor that checks if a name is accessed without being
+    declared.  This is different from the frame visitor as it will
+    not stop at closure frames.
+    """
+
+    def __init__(self, names: t.Iterable[str]) -> None:
+        self.names = set(names)
+        self.undeclared: t.Set[str] = set()
+
+    def visit_Name(self, node: nodes.Name) -> None:
+        if node.ctx == "load" and node.name in self.names:
+            self.undeclared.add(node.name)
+            if self.undeclared == self.names:
+                raise VisitorExit()
+        else:
+            self.names.discard(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting a blocks."""
+
+
+class CompilerExit(Exception):
+    """Raised if the compiler encountered a situation where it just
+    doesn't make sense to further process the code.  Any block that
+    raises such an exception is not further processed.
+    """
+
+
+class CodeGenerator(NodeVisitor):
+    def __init__(
+        self,
+        environment: "Environment",
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        stream: t.Optional[t.TextIO] = None,
+        defer_init: bool = False,
+        optimized: bool = True,
+    ) -> None:
+        if stream is None:
+            stream = StringIO()
+        self.environment = environment
+        self.name = name
+        self.filename = filename
+        self.stream = stream
+        self.created_block_context = False
+        self.defer_init = defer_init
+        self.optimizer: t.Optional[Optimizer] = None
+
+        if optimized:
+            self.optimizer = Optimizer(environment)
+
+        # aliases for imports
+        self.import_aliases: t.Dict[str, str] = {}
+
+        # a registry for all blocks.  Because blocks are moved out
+        # into the global python scope they are registered here
+        self.blocks: t.Dict[str, nodes.Block] = {}
+
+        # the number of extends statements so far
+        self.extends_so_far = 0
+
+        # some templates have a rootlevel extends.  In this case we
+        # can safely assume that we're a child template and do some
+        # more optimizations.
+        self.has_known_extends = False
+
+        # the current line number
+        self.code_lineno = 1
+
+        # registry of all filters and tests (global, not block local)
+        self.tests: t.Dict[str, str] = {}
+        self.filters: t.Dict[str, str] = {}
+
+        # the debug information
+        self.debug_info: t.List[t.Tuple[int, int]] = []
+        self._write_debug_info: t.Optional[int] = None
+
+        # the number of new lines before the next write()
+        self._new_lines = 0
+
+        # the line number of the last written statement
+        self._last_line = 0
+
+        # true if nothing was written so far.
+        self._first_write = True
+
+        # used by the `temporary_identifier` method to get new
+        # unique, temporary identifier
+        self._last_identifier = 0
+
+        # the current indentation
+        self._indentation = 0
+
+        # Tracks toplevel assignments
+        self._assign_stack: t.List[t.Set[str]] = []
+
+        # Tracks parameter definition blocks
+        self._param_def_block: t.List[t.Set[str]] = []
+
+        # Tracks the current context.
+        self._context_reference_stack = ["context"]
+
+    @property
+    def optimized(self) -> bool:
+        return self.optimizer is not None
+
+    # -- Various compilation helpers
+
+    def fail(self, msg: str, lineno: int) -> "te.NoReturn":
+        """Fail with a :exc:`TemplateAssertionError`."""
+        raise TemplateAssertionError(msg, lineno, self.name, self.filename)
+
+    def temporary_identifier(self) -> str:
+        """Get a new unique identifier."""
+        self._last_identifier += 1
+        return f"t_{self._last_identifier}"
+
+    def buffer(self, frame: Frame) -> None:
+        """Enable buffering for the frame from that point onwards."""
+        frame.buffer = self.temporary_identifier()
+        self.writeline(f"{frame.buffer} = []")
+
+    def return_buffer_contents(
+        self, frame: Frame, force_unescaped: bool = False
+    ) -> None:
+        """Return the buffer contents of the frame."""
+        if not force_unescaped:
+            if frame.eval_ctx.volatile:
+                self.writeline("if context.eval_ctx.autoescape:")
+                self.indent()
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                self.outdent()
+                self.writeline("else:")
+                self.indent()
+                self.writeline(f"return concat({frame.buffer})")
+                self.outdent()
+                return
+            elif frame.eval_ctx.autoescape:
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                return
+        self.writeline(f"return concat({frame.buffer})")
+
+    def indent(self) -> None:
+        """Indent by one."""
+        self._indentation += 1
+
+    def outdent(self, step: int = 1) -> None:
+        """Outdent by step."""
+        self._indentation -= step
+
+    def start_write(self, frame: Frame, node: t.Optional[nodes.Node] = None) -> None:
+        """Yield or write into the frame buffer."""
+        if frame.buffer is None:
+            self.writeline("yield ", node)
+        else:
+            self.writeline(f"{frame.buffer}.append(", node)
+
+    def end_write(self, frame: Frame) -> None:
+        """End the writing process started by `start_write`."""
+        if frame.buffer is not None:
+            self.write(")")
+
+    def simple_write(
+        self, s: str, frame: Frame, node: t.Optional[nodes.Node] = None
+    ) -> None:
+        """Simple shortcut for start_write + write + end_write."""
+        self.start_write(frame, node)
+        self.write(s)
+        self.end_write(frame)
+
+    def blockvisit(self, nodes: t.Iterable[nodes.Node], frame: Frame) -> None:
+        """Visit a list of nodes as block in a frame.  If the current frame
+        is no buffer a dummy ``if 0: yield None`` is written automatically.
+        """
+        try:
+            self.writeline("pass")
+            for node in nodes:
+                self.visit(node, frame)
+        except CompilerExit:
+            pass
+
+    def write(self, x: str) -> None:
+        """Write a string into the output stream."""
+        if self._new_lines:
+            if not self._first_write:
+                self.stream.write("\n" * self._new_lines)
+                self.code_lineno += self._new_lines
+                if self._write_debug_info is not None:
+                    self.debug_info.append((self._write_debug_info, self.code_lineno))
+                    self._write_debug_info = None
+            self._first_write = False
+            self.stream.write("    " * self._indentation)
+            self._new_lines = 0
+        self.stream.write(x)
+
+    def writeline(
+        self, x: str, node: t.Optional[nodes.Node] = None, extra: int = 0
+    ) -> None:
+        """Combination of newline and write."""
+        self.newline(node, extra)
+        self.write(x)
+
+    def newline(self, node: t.Optional[nodes.Node] = None, extra: int = 0) -> None:
+        """Add one or more newlines before the next write."""
+        self._new_lines = max(self._new_lines, 1 + extra)
+        if node is not None and node.lineno != self._last_line:
+            self._write_debug_info = node.lineno
+            self._last_line = node.lineno
+
+    def signature(
+        self,
+        node: t.Union[nodes.Call, nodes.Filter, nodes.Test],
+        frame: Frame,
+        extra_kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> None:
+        """Writes a function call to the stream for the current node.
+        A leading comma is added automatically.  The extra keyword
+        arguments may not include python keywords otherwise a syntax
+        error could occur.  The extra keyword arguments should be given
+        as python dict.
+        """
+        # if any of the given keyword arguments is a python keyword
+        # we have to make sure that no invalid call is created.
+        kwarg_workaround = any(
+            is_python_keyword(t.cast(str, k))
+            for k in chain((x.key for x in node.kwargs), extra_kwargs or ())
+        )
+
+        for arg in node.args:
+            self.write(", ")
+            self.visit(arg, frame)
+
+        if not kwarg_workaround:
+            for kwarg in node.kwargs:
+                self.write(", ")
+                self.visit(kwarg, frame)
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f", {key}={value}")
+        if node.dyn_args:
+            self.write(", *")
+            self.visit(node.dyn_args, frame)
+
+        if kwarg_workaround:
+            if node.dyn_kwargs is not None:
+                self.write(", **dict({")
+            else:
+                self.write(", **{")
+            for kwarg in node.kwargs:
+                self.write(f"{kwarg.key!r}: ")
+                self.visit(kwarg.value, frame)
+                self.write(", ")
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f"{key!r}: {value}, ")
+            if node.dyn_kwargs is not None:
+                self.write("}, **")
+                self.visit(node.dyn_kwargs, frame)
+                self.write(")")
+            else:
+                self.write("}")
+
+        elif node.dyn_kwargs is not None:
+            self.write(", **")
+            self.visit(node.dyn_kwargs, frame)
+
+    def pull_dependencies(self, nodes: t.Iterable[nodes.Node]) -> None:
+        """Find all filter and test names used in the template and
+        assign them to variables in the compiled namespace. Checking
+        that the names are registered with the environment is done when
+        compiling the Filter and Test nodes. If the node is in an If or
+        CondExpr node, the check is done at runtime instead.
+
+        .. versionchanged:: 3.0
+            Filters and tests in If and CondExpr nodes are checked at
+            runtime instead of compile time.
+        """
+        visitor = DependencyFinderVisitor()
+
+        for node in nodes:
+            visitor.visit(node)
+
+        for id_map, names, dependency in (
+            (self.filters, visitor.filters, "filters"),
+            (
+                self.tests,
+                visitor.tests,
+                "tests",
+            ),
+        ):
+            for name in sorted(names):
+                if name not in id_map:
+                    id_map[name] = self.temporary_identifier()
+
+                # add check during runtime that dependencies used inside of executed
+                # blocks are defined, as this step may be skipped during compile time
+                self.writeline("try:")
+                self.indent()
+                self.writeline(f"{id_map[name]} = environment.{dependency}[{name!r}]")
+                self.outdent()
+                self.writeline("except KeyError:")
+                self.indent()
+                self.writeline("@internalcode")
+                self.writeline(f"def {id_map[name]}(*unused):")
+                self.indent()
+                self.writeline(
+                    f'raise TemplateRuntimeError("No {dependency[:-1]}'
+                    f' named {name!r} found.")'
+                )
+                self.outdent()
+                self.outdent()
+
+    def enter_frame(self, frame: Frame) -> None:
+        undefs = []
+        for target, (action, param) in frame.symbols.loads.items():
+            if action == VAR_LOAD_PARAMETER:
+                pass
+            elif action == VAR_LOAD_RESOLVE:
+                self.writeline(f"{target} = {self.get_resolve_func()}({param!r})")
+            elif action == VAR_LOAD_ALIAS:
+                self.writeline(f"{target} = {param}")
+            elif action == VAR_LOAD_UNDEFINED:
+                undefs.append(target)
+            else:
+                raise NotImplementedError("unknown load instruction")
+        if undefs:
+            self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def leave_frame(self, frame: Frame, with_python_scope: bool = False) -> None:
+        if not with_python_scope:
+            undefs = []
+            for target in frame.symbols.loads:
+                undefs.append(target)
+            if undefs:
+                self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def choose_async(self, async_value: str = "async ", sync_value: str = "") -> str:
+        return async_value if self.environment.is_async else sync_value
+
+    def func(self, name: str) -> str:
+        return f"{self.choose_async()}def {name}"
+
+    def macro_body(
+        self, node: t.Union[nodes.Macro, nodes.CallBlock], frame: Frame
+    ) -> t.Tuple[Frame, MacroRef]:
+        """Dump the function def of a macro or call block."""
+        frame = frame.inner()
+        frame.symbols.analyze_node(node)
+        macro_ref = MacroRef(node)
+
+        explicit_caller = None
+        skip_special_params = set()
+        args = []
+
+        for idx, arg in enumerate(node.args):
+            if arg.name == "caller":
+                explicit_caller = idx
+            if arg.name in ("kwargs", "varargs"):
+                skip_special_params.add(arg.name)
+            args.append(frame.symbols.ref(arg.name))
+
+        undeclared = find_undeclared(node.body, ("caller", "kwargs", "varargs"))
+
+        if "caller" in undeclared:
+            # In older Jinja versions there was a bug that allowed caller
+            # to retain the special behavior even if it was mentioned in
+            # the argument list.  However thankfully this was only really
+            # working if it was the last argument.  So we are explicitly
+            # checking this now and error out if it is anywhere else in
+            # the argument list.
+            if explicit_caller is not None:
+                try:
+                    node.defaults[explicit_caller - len(node.args)]
+                except IndexError:
+                    self.fail(
+                        "When defining macros or call blocks the "
+                        'special "caller" argument must be omitted '
+                        "or be given a default.",
+                        node.lineno,
+                    )
+            else:
+                args.append(frame.symbols.declare_parameter("caller"))
+            macro_ref.accesses_caller = True
+        if "kwargs" in undeclared and "kwargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("kwargs"))
+            macro_ref.accesses_kwargs = True
+        if "varargs" in undeclared and "varargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("varargs"))
+            macro_ref.accesses_varargs = True
+
+        # macros are delayed, they never require output checks
+        frame.require_output_check = False
+        frame.symbols.analyze_node(node)
+        self.writeline(f"{self.func('macro')}({', '.join(args)}):", node)
+        self.indent()
+
+        self.buffer(frame)
+        self.enter_frame(frame)
+
+        self.push_parameter_definitions(frame)
+        for idx, arg in enumerate(node.args):
+            ref = frame.symbols.ref(arg.name)
+            self.writeline(f"if {ref} is missing:")
+            self.indent()
+            try:
+                default = node.defaults[idx - len(node.args)]
+            except IndexError:
+                self.writeline(
+                    f'{ref} = undefined("parameter {arg.name!r} was not provided",'
+                    f" name={arg.name!r})"
+                )
+            else:
+                self.writeline(f"{ref} = ")
+                self.visit(default, frame)
+            self.mark_parameter_stored(ref)
+            self.outdent()
+        self.pop_parameter_definitions()
+
+        self.blockvisit(node.body, frame)
+        self.return_buffer_contents(frame, force_unescaped=True)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        return frame, macro_ref
+
+    def macro_def(self, macro_ref: MacroRef, frame: Frame) -> None:
+        """Dump the macro definition for the def created by macro_body."""
+        arg_tuple = ", ".join(repr(x.name) for x in macro_ref.node.args)
+        name = getattr(macro_ref.node, "name", None)
+        if len(macro_ref.node.args) == 1:
+            arg_tuple += ","
+        self.write(
+            f"Macro(environment, macro, {name!r}, ({arg_tuple}),"
+            f" {macro_ref.accesses_kwargs!r}, {macro_ref.accesses_varargs!r},"
+            f" {macro_ref.accesses_caller!r}, context.eval_ctx.autoescape)"
+        )
+
+    def position(self, node: nodes.Node) -> str:
+        """Return a human readable position for the node."""
+        rv = f"line {node.lineno}"
+        if self.name is not None:
+            rv = f"{rv} in {self.name!r}"
+        return rv
+
+    def dump_local_context(self, frame: Frame) -> str:
+        items_kv = ", ".join(
+            f"{name!r}: {target}"
+            for name, target in frame.symbols.dump_stores().items()
+        )
+        return f"{{{items_kv}}}"
+
+    def write_commons(self) -> None:
+        """Writes a common preamble that is used by root and block functions.
+        Primarily this sets up common local helpers and enforces a generator
+        through a dead branch.
+        """
+        self.writeline("resolve = context.resolve_or_missing")
+        self.writeline("undefined = environment.undefined")
+        self.writeline("concat = environment.concat")
+        # always use the standard Undefined class for the implicit else of
+        # conditional expressions
+        self.writeline("cond_expr_undefined = Undefined")
+        self.writeline("if 0: yield None")
+
+    def push_parameter_definitions(self, frame: Frame) -> None:
+        """Pushes all parameter targets from the given frame into a local
+        stack that permits tracking of yet to be assigned parameters.  In
+        particular this enables the optimization from `visit_Name` to skip
+        undefined expressions for parameters in macros as macros can reference
+        otherwise unbound parameters.
+        """
+        self._param_def_block.append(frame.symbols.dump_param_targets())
+
+    def pop_parameter_definitions(self) -> None:
+        """Pops the current parameter definitions set."""
+        self._param_def_block.pop()
+
+    def mark_parameter_stored(self, target: str) -> None:
+        """Marks a parameter in the current parameter definitions as stored.
+        This will skip the enforced undefined checks.
+        """
+        if self._param_def_block:
+            self._param_def_block[-1].discard(target)
+
+    def push_context_reference(self, target: str) -> None:
+        self._context_reference_stack.append(target)
+
+    def pop_context_reference(self) -> None:
+        self._context_reference_stack.pop()
+
+    def get_context_ref(self) -> str:
+        return self._context_reference_stack[-1]
+
+    def get_resolve_func(self) -> str:
+        target = self._context_reference_stack[-1]
+        if target == "context":
+            return "resolve"
+        return f"{target}.resolve"
+
+    def derive_context(self, frame: Frame) -> str:
+        return f"{self.get_context_ref()}.derived({self.dump_local_context(frame)})"
+
+    def parameter_is_undeclared(self, target: str) -> bool:
+        """Checks if a given target is an undeclared parameter."""
+        if not self._param_def_block:
+            return False
+        return target in self._param_def_block[-1]
+
+    def push_assign_tracking(self) -> None:
+        """Pushes a new layer for assignment tracking."""
+        self._assign_stack.append(set())
+
+    def pop_assign_tracking(self, frame: Frame) -> None:
+        """Pops the topmost level for assignment tracking and updates the
+        context variables if necessary.
+        """
+        vars = self._assign_stack.pop()
+        if (
+            not frame.block_frame
+            and not frame.loop_frame
+            and not frame.toplevel
+            or not vars
+        ):
+            return
+        public_names = [x for x in vars if x[:1] != "_"]
+        if len(vars) == 1:
+            name = next(iter(vars))
+            ref = frame.symbols.ref(name)
+            if frame.loop_frame:
+                self.writeline(f"_loop_vars[{name!r}] = {ref}")
+                return
+            if frame.block_frame:
+                self.writeline(f"_block_vars[{name!r}] = {ref}")
+                return
+            self.writeline(f"context.vars[{name!r}] = {ref}")
+        else:
+            if frame.loop_frame:
+                self.writeline("_loop_vars.update({")
+            elif frame.block_frame:
+                self.writeline("_block_vars.update({")
+            else:
+                self.writeline("context.vars.update({")
+            for idx, name in enumerate(vars):
+                if idx:
+                    self.write(", ")
+                ref = frame.symbols.ref(name)
+                self.write(f"{name!r}: {ref}")
+            self.write("})")
+        if not frame.block_frame and not frame.loop_frame and public_names:
+            if len(public_names) == 1:
+                self.writeline(f"context.exported_vars.add({public_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, public_names))
+                self.writeline(f"context.exported_vars.update(({names_str}))")
+
+    # -- Statement Visitors
+
+    def visit_Template(
+        self, node: nodes.Template, frame: t.Optional[Frame] = None
+    ) -> None:
+        assert frame is None, "no root frame allowed"
+        eval_ctx = EvalContext(self.environment, self.name)
+
+        from .runtime import async_exported
+        from .runtime import exported
+
+        if self.environment.is_async:
+            exported_names = sorted(exported + async_exported)
+        else:
+            exported_names = sorted(exported)
+
+        self.writeline("from jinja2.runtime import " + ", ".join(exported_names))
+
+        # if we want a deferred initialization we cannot move the
+        # environment into a local name
+        envenv = "" if self.defer_init else ", environment=environment"
+
+        # do we have an extends tag at all?  If not, we can save some
+        # overhead by just not processing any inheritance code.
+        have_extends = node.find(nodes.Extends) is not None
+
+        # find all blocks
+        for block in node.find_all(nodes.Block):
+            if block.name in self.blocks:
+                self.fail(f"block {block.name!r} defined twice", block.lineno)
+            self.blocks[block.name] = block
+
+        # find all imports and import them
+        for import_ in node.find_all(nodes.ImportedName):
+            if import_.importname not in self.import_aliases:
+                imp = import_.importname
+                self.import_aliases[imp] = alias = self.temporary_identifier()
+                if "." in imp:
+                    module, obj = imp.rsplit(".", 1)
+                    self.writeline(f"from {module} import {obj} as {alias}")
+                else:
+                    self.writeline(f"import {imp} as {alias}")
+
+        # add the load name
+        self.writeline(f"name = {self.name!r}")
+
+        # generate the root render function.
+        self.writeline(
+            f"{self.func('root')}(context, missing=missing{envenv}):", extra=1
+        )
+        self.indent()
+        self.write_commons()
+
+        # process the root
+        frame = Frame(eval_ctx)
+        if "self" in find_undeclared(node.body, ("self",)):
+            ref = frame.symbols.declare_parameter("self")
+            self.writeline(f"{ref} = TemplateReference(context)")
+        frame.symbols.analyze_node(node)
+        frame.toplevel = frame.rootlevel = True
+        frame.require_output_check = have_extends and not self.has_known_extends
+        if have_extends:
+            self.writeline("parent_template = None")
+        self.enter_frame(frame)
+        self.pull_dependencies(node.body)
+        self.blockvisit(node.body, frame)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        # make sure that the parent root is called.
+        if have_extends:
+            if not self.has_known_extends:
+                self.indent()
+                self.writeline("if parent_template is not None:")
+            self.indent()
+            if not self.environment.is_async:
+                self.writeline("yield from parent_template.root_render_func(context)")
+            else:
+                self.writeline(
+                    "async for event in parent_template.root_render_func(context):"
+                )
+                self.indent()
+                self.writeline("yield event")
+                self.outdent()
+            self.outdent(1 + (not self.has_known_extends))
+
+        # at this point we now have the blocks collected and can visit them too.
+        for name, block in self.blocks.items():
+            self.writeline(
+                f"{self.func('block_' + name)}(context, missing=missing{envenv}):",
+                block,
+                1,
+            )
+            self.indent()
+            self.write_commons()
+            # It's important that we do not make this frame a child of the
+            # toplevel template.  This would cause a variety of
+            # interesting issues with identifier tracking.
+            block_frame = Frame(eval_ctx)
+            block_frame.block_frame = True
+            undeclared = find_undeclared(block.body, ("self", "super"))
+            if "self" in undeclared:
+                ref = block_frame.symbols.declare_parameter("self")
+                self.writeline(f"{ref} = TemplateReference(context)")
+            if "super" in undeclared:
+                ref = block_frame.symbols.declare_parameter("super")
+                self.writeline(f"{ref} = context.super({name!r}, block_{name})")
+            block_frame.symbols.analyze_node(block)
+            block_frame.block = name
+            self.writeline("_block_vars = {}")
+            self.enter_frame(block_frame)
+            self.pull_dependencies(block.body)
+            self.blockvisit(block.body, block_frame)
+            self.leave_frame(block_frame, with_python_scope=True)
+            self.outdent()
+
+        blocks_kv_str = ", ".join(f"{x!r}: block_{x}" for x in self.blocks)
+        self.writeline(f"blocks = {{{blocks_kv_str}}}", extra=1)
+        debug_kv_str = "&".join(f"{k}={v}" for k, v in self.debug_info)
+        self.writeline(f"debug_info = {debug_kv_str!r}")
+
+    def visit_Block(self, node: nodes.Block, frame: Frame) -> None:
+        """Call a block and register it for the template."""
+        level = 0
+        if frame.toplevel:
+            # if we know that we are a child template, there is no need to
+            # check if we are one
+            if self.has_known_extends:
+                return
+            if self.extends_so_far > 0:
+                self.writeline("if parent_template is None:")
+                self.indent()
+                level += 1
+
+        if node.scoped:
+            context = self.derive_context(frame)
+        else:
+            context = self.get_context_ref()
+
+        if node.required:
+            self.writeline(f"if len(context.blocks[{node.name!r}]) <= 1:", node)
+            self.indent()
+            self.writeline(
+                f'raise TemplateRuntimeError("Required block {node.name!r} not found")',
+                node,
+            )
+            self.outdent()
+
+        if not self.environment.is_async and frame.buffer is None:
+            self.writeline(
+                f"yield from context.blocks[{node.name!r}][0]({context})", node
+            )
+        else:
+            self.writeline(
+                f"{self.choose_async()}for event in"
+                f" context.blocks[{node.name!r}][0]({context}):",
+                node,
+            )
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        self.outdent(level)
+
+    def visit_Extends(self, node: nodes.Extends, frame: Frame) -> None:
+        """Calls the extender."""
+        if not frame.toplevel:
+            self.fail("cannot use extend from a non top-level scope", node.lineno)
+
+        # if the number of extends statements in general is zero so
+        # far, we don't have to add a check if something extended
+        # the template before this one.
+        if self.extends_so_far > 0:
+            # if we have a known extends we just add a template runtime
+            # error into the generated code.  We could catch that at compile
+            # time too, but i welcome it not to confuse users by throwing the
+            # same error at different times just "because we can".
+            if not self.has_known_extends:
+                self.writeline("if parent_template is not None:")
+                self.indent()
+            self.writeline('raise TemplateRuntimeError("extended multiple times")')
+
+            # if we have a known extends already we don't need that code here
+            # as we know that the template execution will end here.
+            if self.has_known_extends:
+                raise CompilerExit()
+            else:
+                self.outdent()
+
+        self.writeline("parent_template = environment.get_template(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        self.writeline("for name, parent_block in parent_template.blocks.items():")
+        self.indent()
+        self.writeline("context.blocks.setdefault(name, []).append(parent_block)")
+        self.outdent()
+
+        # if this extends statement was in the root level we can take
+        # advantage of that information and simplify the generated code
+        # in the top level from this point onwards
+        if frame.rootlevel:
+            self.has_known_extends = True
+
+        # and now we have one more
+        self.extends_so_far += 1
+
+    def visit_Include(self, node: nodes.Include, frame: Frame) -> None:
+        """Handles includes."""
+        if node.ignore_missing:
+            self.writeline("try:")
+            self.indent()
+
+        func_name = "get_or_select_template"
+        if isinstance(node.template, nodes.Const):
+            if isinstance(node.template.value, str):
+                func_name = "get_template"
+            elif isinstance(node.template.value, (tuple, list)):
+                func_name = "select_template"
+        elif isinstance(node.template, (nodes.Tuple, nodes.List)):
+            func_name = "select_template"
+
+        self.writeline(f"template = environment.{func_name}(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        if node.ignore_missing:
+            self.outdent()
+            self.writeline("except TemplateNotFound:")
+            self.indent()
+            self.writeline("pass")
+            self.outdent()
+            self.writeline("else:")
+            self.indent()
+
+        skip_event_yield = False
+        if node.with_context:
+            self.writeline(
+                f"{self.choose_async()}for event in template.root_render_func("
+                "template.new_context(context.get_all(), True,"
+                f" {self.dump_local_context(frame)})):"
+            )
+        elif self.environment.is_async:
+            self.writeline(
+                "for event in (await template._get_default_module_async())"
+                "._body_stream:"
+            )
+        else:
+            self.writeline("yield from template._get_default_module()._body_stream")
+            skip_event_yield = True
+
+        if not skip_event_yield:
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        if node.ignore_missing:
+            self.outdent()
+
+    def _import_common(
+        self, node: t.Union[nodes.Import, nodes.FromImport], frame: Frame
+    ) -> None:
+        self.write(f"{self.choose_async('await ')}environment.get_template(")
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r}).")
+
+        if node.with_context:
+            f_name = f"make_module{self.choose_async('_async')}"
+            self.write(
+                f"{f_name}(context.get_all(), True, {self.dump_local_context(frame)})"
+            )
+        else:
+            self.write(f"_get_default_module{self.choose_async('_async')}(context)")
+
+    def visit_Import(self, node: nodes.Import, frame: Frame) -> None:
+        """Visit regular imports."""
+        self.writeline(f"{frame.symbols.ref(node.target)} = ", node)
+        if frame.toplevel:
+            self.write(f"context.vars[{node.target!r}] = ")
+
+        self._import_common(node, frame)
+
+        if frame.toplevel and not node.target.startswith("_"):
+            self.writeline(f"context.exported_vars.discard({node.target!r})")
+
+    def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
+        """Visit named imports."""
+        self.newline(node)
+        self.write("included_template = ")
+        self._import_common(node, frame)
+        var_names = []
+        discarded_names = []
+        for name in node.names:
+            if isinstance(name, tuple):
+                name, alias = name
+            else:
+                alias = name
+            self.writeline(
+                f"{frame.symbols.ref(alias)} ="
+                f" getattr(included_template, {name!r}, missing)"
+            )
+            self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
+            self.indent()
+            message = (
+                "the template {included_template.__name__!r}"
+                f" (imported on {self.position(node)})"
+                f" does not export the requested name {name!r}"
+            )
+            self.writeline(
+                f"{frame.symbols.ref(alias)} = undefined(f{message!r}, name={name!r})"
+            )
+            self.outdent()
+            if frame.toplevel:
+                var_names.append(alias)
+                if not alias.startswith("_"):
+                    discarded_names.append(alias)
+
+        if var_names:
+            if len(var_names) == 1:
+                name = var_names[0]
+                self.writeline(f"context.vars[{name!r}] = {frame.symbols.ref(name)}")
+            else:
+                names_kv = ", ".join(
+                    f"{name!r}: {frame.symbols.ref(name)}" for name in var_names
+                )
+                self.writeline(f"context.vars.update({{{names_kv}}})")
+        if discarded_names:
+            if len(discarded_names) == 1:
+                self.writeline(f"context.exported_vars.discard({discarded_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, discarded_names))
+                self.writeline(
+                    f"context.exported_vars.difference_update(({names_str}))"
+                )
+
+    def visit_For(self, node: nodes.For, frame: Frame) -> None:
+        loop_frame = frame.inner()
+        loop_frame.loop_frame = True
+        test_frame = frame.inner()
+        else_frame = frame.inner()
+
+        # try to figure out if we have an extended loop.  An extended loop
+        # is necessary if the loop is in recursive mode if the special loop
+        # variable is accessed in the body if the body is a scoped block.
+        extended_loop = (
+            node.recursive
+            or "loop"
+            in find_undeclared(node.iter_child_nodes(only=("body",)), ("loop",))
+            or any(block.scoped for block in node.find_all(nodes.Block))
+        )
+
+        loop_ref = None
+        if extended_loop:
+            loop_ref = loop_frame.symbols.declare_parameter("loop")
+
+        loop_frame.symbols.analyze_node(node, for_branch="body")
+        if node.else_:
+            else_frame.symbols.analyze_node(node, for_branch="else")
+
+        if node.test:
+            loop_filter_func = self.temporary_identifier()
+            test_frame.symbols.analyze_node(node, for_branch="test")
+            self.writeline(f"{self.func(loop_filter_func)}(fiter):", node.test)
+            self.indent()
+            self.enter_frame(test_frame)
+            self.writeline(self.choose_async("async for ", "for "))
+            self.visit(node.target, loop_frame)
+            self.write(" in ")
+            self.write(self.choose_async("auto_aiter(fiter)", "fiter"))
+            self.write(":")
+            self.indent()
+            self.writeline("if ", node.test)
+            self.visit(node.test, test_frame)
+            self.write(":")
+            self.indent()
+            self.writeline("yield ")
+            self.visit(node.target, loop_frame)
+            self.outdent(3)
+            self.leave_frame(test_frame, with_python_scope=True)
+
+        # if we don't have an recursive loop we have to find the shadowed
+        # variables at that point.  Because loops can be nested but the loop
+        # variable is a special one we have to enforce aliasing for it.
+        if node.recursive:
+            self.writeline(
+                f"{self.func('loop')}(reciter, loop_render_func, depth=0):", node
+            )
+            self.indent()
+            self.buffer(loop_frame)
+
+            # Use the same buffer for the else frame
+            else_frame.buffer = loop_frame.buffer
+
+        # make sure the loop variable is a special one and raise a template
+        # assertion error if a loop tries to write to loop
+        if extended_loop:
+            self.writeline(f"{loop_ref} = missing")
+
+        for name in node.find_all(nodes.Name):
+            if name.ctx == "store" and name.name == "loop":
+                self.fail(
+                    "Can't assign to special loop variable in for-loop target",
+                    name.lineno,
+                )
+
+        if node.else_:
+            iteration_indicator = self.temporary_identifier()
+            self.writeline(f"{iteration_indicator} = 1")
+
+        self.writeline(self.choose_async("async for ", "for "), node)
+        self.visit(node.target, loop_frame)
+        if extended_loop:
+            self.write(f", {loop_ref} in {self.choose_async('Async')}LoopContext(")
+        else:
+            self.write(" in ")
+
+        if node.test:
+            self.write(f"{loop_filter_func}(")
+        if node.recursive:
+            self.write("reciter")
+        else:
+            if self.environment.is_async and not extended_loop:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async and not extended_loop:
+                self.write(")")
+        if node.test:
+            self.write(")")
+
+        if node.recursive:
+            self.write(", undefined, loop_render_func, depth):")
+        else:
+            self.write(", undefined):" if extended_loop else ":")
+
+        self.indent()
+        self.enter_frame(loop_frame)
+
+        self.writeline("_loop_vars = {}")
+        self.blockvisit(node.body, loop_frame)
+        if node.else_:
+            self.writeline(f"{iteration_indicator} = 0")
+        self.outdent()
+        self.leave_frame(
+            loop_frame, with_python_scope=node.recursive and not node.else_
+        )
+
+        if node.else_:
+            self.writeline(f"if {iteration_indicator}:")
+            self.indent()
+            self.enter_frame(else_frame)
+            self.blockvisit(node.else_, else_frame)
+            self.leave_frame(else_frame)
+            self.outdent()
+
+        # if the node was recursive we have to return the buffer contents
+        # and start the iteration code
+        if node.recursive:
+            self.return_buffer_contents(loop_frame)
+            self.outdent()
+            self.start_write(frame, node)
+            self.write(f"{self.choose_async('await ')}loop(")
+            if self.environment.is_async:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async:
+                self.write(")")
+            self.write(", loop)")
+            self.end_write(frame)
+
+        # at the end of the iteration, clear any assignments made in the
+        # loop from the top level
+        if self._assign_stack:
+            self._assign_stack[-1].difference_update(loop_frame.symbols.stores)
+
+    def visit_If(self, node: nodes.If, frame: Frame) -> None:
+        if_frame = frame.soft()
+        self.writeline("if ", node)
+        self.visit(node.test, if_frame)
+        self.write(":")
+        self.indent()
+        self.blockvisit(node.body, if_frame)
+        self.outdent()
+        for elif_ in node.elif_:
+            self.writeline("elif ", elif_)
+            self.visit(elif_.test, if_frame)
+            self.write(":")
+            self.indent()
+            self.blockvisit(elif_.body, if_frame)
+            self.outdent()
+        if node.else_:
+            self.writeline("else:")
+            self.indent()
+            self.blockvisit(node.else_, if_frame)
+            self.outdent()
+
+    def visit_Macro(self, node: nodes.Macro, frame: Frame) -> None:
+        macro_frame, macro_ref = self.macro_body(node, frame)
+        self.newline()
+        if frame.toplevel:
+            if not node.name.startswith("_"):
+                self.write(f"context.exported_vars.add({node.name!r})")
+            self.writeline(f"context.vars[{node.name!r}] = ")
+        self.write(f"{frame.symbols.ref(node.name)} = ")
+        self.macro_def(macro_ref, macro_frame)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, frame: Frame) -> None:
+        call_frame, macro_ref = self.macro_body(node, frame)
+        self.writeline("caller = ")
+        self.macro_def(macro_ref, call_frame)
+        self.start_write(frame, node)
+        self.visit_Call(node.call, frame, forward_caller=True)
+        self.end_write(frame)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, frame: Frame) -> None:
+        filter_frame = frame.inner()
+        filter_frame.symbols.analyze_node(node)
+        self.enter_frame(filter_frame)
+        self.buffer(filter_frame)
+        self.blockvisit(node.body, filter_frame)
+        self.start_write(frame, node)
+        self.visit_Filter(node.filter, filter_frame)
+        self.end_write(frame)
+        self.leave_frame(filter_frame)
+
+    def visit_With(self, node: nodes.With, frame: Frame) -> None:
+        with_frame = frame.inner()
+        with_frame.symbols.analyze_node(node)
+        self.enter_frame(with_frame)
+        for target, expr in zip(node.targets, node.values):
+            self.newline()
+            self.visit(target, with_frame)
+            self.write(" = ")
+            self.visit(expr, frame)
+        self.blockvisit(node.body, with_frame)
+        self.leave_frame(with_frame)
+
+    def visit_ExprStmt(self, node: nodes.ExprStmt, frame: Frame) -> None:
+        self.newline(node)
+        self.visit(node.node, frame)
+
+    class _FinalizeInfo(t.NamedTuple):
+        const: t.Optional[t.Callable[..., str]]
+        src: t.Optional[str]
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        """The default finalize function if the environment isn't
+        configured with one. Or, if the environment has one, this is
+        called on that function's output for constants.
+        """
+        return str(value)
+
+    _finalize: t.Optional[_FinalizeInfo] = None
+
+    def _make_finalize(self) -> _FinalizeInfo:
+        """Build the finalize function to be used on constants and at
+        runtime. Cached so it's only created once for all output nodes.
+
+        Returns a ``namedtuple`` with the following attributes:
+
+        ``const``
+            A function to finalize constant data at compile time.
+
+        ``src``
+            Source code to output around nodes to be evaluated at
+            runtime.
+        """
+        if self._finalize is not None:
+            return self._finalize
+
+        finalize: t.Optional[t.Callable[..., t.Any]]
+        finalize = default = self._default_finalize
+        src = None
+
+        if self.environment.finalize:
+            src = "environment.finalize("
+            env_finalize = self.environment.finalize
+            pass_arg = {
+                _PassArg.context: "context",
+                _PassArg.eval_context: "context.eval_ctx",
+                _PassArg.environment: "environment",
+            }.get(
+                _PassArg.from_obj(env_finalize)  # type: ignore
+            )
+            finalize = None
+
+            if pass_arg is None:
+
+                def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                    return default(env_finalize(value))
+
+            else:
+                src = f"{src}{pass_arg}, "
+
+                if pass_arg == "environment":
+
+                    def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                        return default(env_finalize(self.environment, value))
+
+        self._finalize = self._FinalizeInfo(finalize, src)
+        return self._finalize
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        """Given a group of constant values converted from ``Output``
+        child nodes, produce a string to write to the template module
+        source.
+        """
+        return repr(concat(group))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> str:
+        """Try to optimize a child of an ``Output`` node by trying to
+        convert it to constant, finalized data at compile time.
+
+        If :exc:`Impossible` is raised, the node is not constant and
+        will be evaluated at runtime. Any other exception will also be
+        evaluated at runtime for easier debugging.
+        """
+        const = node.as_const(frame.eval_ctx)
+
+        if frame.eval_ctx.autoescape:
+            const = escape(const)
+
+        # Template data doesn't go through finalize.
+        if isinstance(node, nodes.TemplateData):
+            return str(const)
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code before visiting a child of an
+        ``Output`` node.
+        """
+        if frame.eval_ctx.volatile:
+            self.write("(escape if context.eval_ctx.autoescape else str)(")
+        elif frame.eval_ctx.autoescape:
+            self.write("escape(")
+        else:
+            self.write("str(")
+
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code after visiting a child of an
+        ``Output`` node.
+        """
+        self.write(")")
+
+        if finalize.src is not None:
+            self.write(")")
+
+    def visit_Output(self, node: nodes.Output, frame: Frame) -> None:
+        # If an extends is active, don't render outside a block.
+        if frame.require_output_check:
+            # A top-level extends is known to exist at compile time.
+            if self.has_known_extends:
+                return
+
+            self.writeline("if parent_template is None:")
+            self.indent()
+
+        finalize = self._make_finalize()
+        body: t.List[t.Union[t.List[t.Any], nodes.Expr]] = []
+
+        # Evaluate constants at compile time if possible. Each item in
+        # body will be either a list of static data or a node to be
+        # evaluated at runtime.
+        for child in node.nodes:
+            try:
+                if not (
+                    # If the finalize function requires runtime context,
+                    # constants can't be evaluated at compile time.
+                    finalize.const
+                    # Unless it's basic template data that won't be
+                    # finalized anyway.
+                    or isinstance(child, nodes.TemplateData)
+                ):
+                    raise nodes.Impossible()
+
+                const = self._output_child_to_const(child, frame, finalize)
+            except (nodes.Impossible, Exception):
+                # The node was not constant and needs to be evaluated at
+                # runtime. Or another error was raised, which is easier
+                # to debug at runtime.
+                body.append(child)
+                continue
+
+            if body and isinstance(body[-1], list):
+                body[-1].append(const)
+            else:
+                body.append([const])
+
+        if frame.buffer is not None:
+            if len(body) == 1:
+                self.writeline(f"{frame.buffer}.append(")
+            else:
+                self.writeline(f"{frame.buffer}.extend((")
+
+            self.indent()
+
+        for item in body:
+            if isinstance(item, list):
+                # A group of constant data to join and output.
+                val = self._output_const_repr(item)
+
+                if frame.buffer is None:
+                    self.writeline("yield " + val)
+                else:
+                    self.writeline(val + ",")
+            else:
+                if frame.buffer is None:
+                    self.writeline("yield ", item)
+                else:
+                    self.newline(item)
+
+                # A node to be evaluated at runtime.
+                self._output_child_pre(item, frame, finalize)
+                self.visit(item, frame)
+                self._output_child_post(item, frame, finalize)
+
+                if frame.buffer is not None:
+                    self.write(",")
+
+        if frame.buffer is not None:
+            self.outdent()
+            self.writeline(")" if len(body) == 1 else "))")
+
+        if frame.require_output_check:
+            self.outdent()
+
+    def visit_Assign(self, node: nodes.Assign, frame: Frame) -> None:
+        self.push_assign_tracking()
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = ")
+        self.visit(node.node, frame)
+        self.pop_assign_tracking(frame)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, frame: Frame) -> None:
+        self.push_assign_tracking()
+        block_frame = frame.inner()
+        # This is a special case.  Since a set block always captures we
+        # will disable output checks.  This way one can use set blocks
+        # toplevel even in extended templates.
+        block_frame.require_output_check = False
+        block_frame.symbols.analyze_node(node)
+        self.enter_frame(block_frame)
+        self.buffer(block_frame)
+        self.blockvisit(node.body, block_frame)
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = (Markup if context.eval_ctx.autoescape else identity)(")
+        if node.filter is not None:
+            self.visit_Filter(node.filter, block_frame)
+        else:
+            self.write(f"concat({block_frame.buffer})")
+        self.write(")")
+        self.pop_assign_tracking(frame)
+        self.leave_frame(block_frame)
+
+    # -- Expression Visitors
+
+    def visit_Name(self, node: nodes.Name, frame: Frame) -> None:
+        if node.ctx == "store" and (
+            frame.toplevel or frame.loop_frame or frame.block_frame
+        ):
+            if self._assign_stack:
+                self._assign_stack[-1].add(node.name)
+        ref = frame.symbols.ref(node.name)
+
+        # If we are looking up a variable we might have to deal with the
+        # case where it's undefined.  We can skip that case if the load
+        # instruction indicates a parameter which are always defined.
+        if node.ctx == "load":
+            load = frame.symbols.find_load(ref)
+            if not (
+                load is not None
+                and load[0] == VAR_LOAD_PARAMETER
+                and not self.parameter_is_undeclared(ref)
+            ):
+                self.write(
+                    f"(undefined(name={node.name!r}) if {ref} is missing else {ref})"
+                )
+                return
+
+        self.write(ref)
+
+    def visit_NSRef(self, node: nodes.NSRef, frame: Frame) -> None:
+        # NSRefs can only be used to store values; since they use the normal
+        # `foo.bar` notation they will be parsed as a normal attribute access
+        # when used anywhere but in a `set` context
+        ref = frame.symbols.ref(node.name)
+        self.writeline(f"if not isinstance({ref}, Namespace):")
+        self.indent()
+        self.writeline(
+            "raise TemplateRuntimeError"
+            '("cannot assign attribute on non-namespace object")'
+        )
+        self.outdent()
+        self.writeline(f"{ref}[{node.attr!r}]")
+
+    def visit_Const(self, node: nodes.Const, frame: Frame) -> None:
+        val = node.as_const(frame.eval_ctx)
+        if isinstance(val, float):
+            self.write(str(val))
+        else:
+            self.write(repr(val))
+
+    def visit_TemplateData(self, node: nodes.TemplateData, frame: Frame) -> None:
+        try:
+            self.write(repr(node.as_const(frame.eval_ctx)))
+        except nodes.Impossible:
+            self.write(
+                f"(Markup if context.eval_ctx.autoescape else identity)({node.data!r})"
+            )
+
+    def visit_Tuple(self, node: nodes.Tuple, frame: Frame) -> None:
+        self.write("(")
+        idx = -1
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write(",)" if idx == 0 else ")")
+
+    def visit_List(self, node: nodes.List, frame: Frame) -> None:
+        self.write("[")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write("]")
+
+    def visit_Dict(self, node: nodes.Dict, frame: Frame) -> None:
+        self.write("{")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item.key, frame)
+            self.write(": ")
+            self.visit(item.value, frame)
+        self.write("}")
+
+    visit_Add = _make_binop("+")
+    visit_Sub = _make_binop("-")
+    visit_Mul = _make_binop("*")
+    visit_Div = _make_binop("/")
+    visit_FloorDiv = _make_binop("//")
+    visit_Pow = _make_binop("**")
+    visit_Mod = _make_binop("%")
+    visit_And = _make_binop("and")
+    visit_Or = _make_binop("or")
+    visit_Pos = _make_unop("+")
+    visit_Neg = _make_unop("-")
+    visit_Not = _make_unop("not ")
+
+    @optimizeconst
+    def visit_Concat(self, node: nodes.Concat, frame: Frame) -> None:
+        if frame.eval_ctx.volatile:
+            func_name = "(markup_join if context.eval_ctx.volatile else str_join)"
+        elif frame.eval_ctx.autoescape:
+            func_name = "markup_join"
+        else:
+            func_name = "str_join"
+        self.write(f"{func_name}((")
+        for arg in node.nodes:
+            self.visit(arg, frame)
+            self.write(", ")
+        self.write("))")
+
+    @optimizeconst
+    def visit_Compare(self, node: nodes.Compare, frame: Frame) -> None:
+        self.write("(")
+        self.visit(node.expr, frame)
+        for op in node.ops:
+            self.visit(op, frame)
+        self.write(")")
+
+    def visit_Operand(self, node: nodes.Operand, frame: Frame) -> None:
+        self.write(f" {operators[node.op]} ")
+        self.visit(node.expr, frame)
+
+    @optimizeconst
+    def visit_Getattr(self, node: nodes.Getattr, frame: Frame) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        self.write("environment.getattr(")
+        self.visit(node.node, frame)
+        self.write(f", {node.attr!r})")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Getitem(self, node: nodes.Getitem, frame: Frame) -> None:
+        # slices bypass the environment getitem method.
+        if isinstance(node.arg, nodes.Slice):
+            self.visit(node.node, frame)
+            self.write("[")
+            self.visit(node.arg, frame)
+            self.write("]")
+        else:
+            if self.environment.is_async:
+                self.write("(await auto_await(")
+
+            self.write("environment.getitem(")
+            self.visit(node.node, frame)
+            self.write(", ")
+            self.visit(node.arg, frame)
+            self.write(")")
+
+            if self.environment.is_async:
+                self.write("))")
+
+    def visit_Slice(self, node: nodes.Slice, frame: Frame) -> None:
+        if node.start is not None:
+            self.visit(node.start, frame)
+        self.write(":")
+        if node.stop is not None:
+            self.visit(node.stop, frame)
+        if node.step is not None:
+            self.write(":")
+            self.visit(node.step, frame)
+
+    @contextmanager
+    def _filter_test_common(
+        self, node: t.Union[nodes.Filter, nodes.Test], frame: Frame, is_filter: bool
+    ) -> t.Iterator[None]:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        if is_filter:
+            self.write(f"{self.filters[node.name]}(")
+            func = self.environment.filters.get(node.name)
+        else:
+            self.write(f"{self.tests[node.name]}(")
+            func = self.environment.tests.get(node.name)
+
+        # When inside an If or CondExpr frame, allow the filter to be
+        # undefined at compile time and only raise an error if it's
+        # actually called at runtime. See pull_dependencies.
+        if func is None and not frame.soft_frame:
+            type_name = "filter" if is_filter else "test"
+            self.fail(f"No {type_name} named {node.name!r}.", node.lineno)
+
+        pass_arg = {
+            _PassArg.context: "context",
+            _PassArg.eval_context: "context.eval_ctx",
+            _PassArg.environment: "environment",
+        }.get(
+            _PassArg.from_obj(func)  # type: ignore
+        )
+
+        if pass_arg is not None:
+            self.write(f"{pass_arg}, ")
+
+        # Back to the visitor function to handle visiting the target of
+        # the filter or test.
+        yield
+
+        self.signature(node, frame)
+        self.write(")")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Filter(self, node: nodes.Filter, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, True):
+            # if the filter node is None we are inside a filter block
+            # and want to write to the current buffer
+            if node.node is not None:
+                self.visit(node.node, frame)
+            elif frame.eval_ctx.volatile:
+                self.write(
+                    f"(Markup(concat({frame.buffer}))"
+                    f" if context.eval_ctx.autoescape else concat({frame.buffer}))"
+                )
+            elif frame.eval_ctx.autoescape:
+                self.write(f"Markup(concat({frame.buffer}))")
+            else:
+                self.write(f"concat({frame.buffer})")
+
+    @optimizeconst
+    def visit_Test(self, node: nodes.Test, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, False):
+            self.visit(node.node, frame)
+
+    @optimizeconst
+    def visit_CondExpr(self, node: nodes.CondExpr, frame: Frame) -> None:
+        frame = frame.soft()
+
+        def write_expr2() -> None:
+            if node.expr2 is not None:
+                self.visit(node.expr2, frame)
+                return
+
+            self.write(
+                f'cond_expr_undefined("the inline if-expression on'
+                f" {self.position(node)} evaluated to false and no else"
+                f' section was defined.")'
+            )
+
+        self.write("(")
+        self.visit(node.expr1, frame)
+        self.write(" if ")
+        self.visit(node.test, frame)
+        self.write(" else ")
+        write_expr2()
+        self.write(")")
+
+    @optimizeconst
+    def visit_Call(
+        self, node: nodes.Call, frame: Frame, forward_caller: bool = False
+    ) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+        if self.environment.sandboxed:
+            self.write("environment.call(context, ")
+        else:
+            self.write("context.call(")
+        self.visit(node.node, frame)
+        extra_kwargs = {"caller": "caller"} if forward_caller else None
+        loop_kwargs = {"_loop_vars": "_loop_vars"} if frame.loop_frame else {}
+        block_kwargs = {"_block_vars": "_block_vars"} if frame.block_frame else {}
+        if extra_kwargs:
+            extra_kwargs.update(loop_kwargs, **block_kwargs)
+        elif loop_kwargs or block_kwargs:
+            extra_kwargs = dict(loop_kwargs, **block_kwargs)
+        self.signature(node, frame, extra_kwargs)
+        self.write(")")
+        if self.environment.is_async:
+            self.write("))")
+
+    def visit_Keyword(self, node: nodes.Keyword, frame: Frame) -> None:
+        self.write(node.key + "=")
+        self.visit(node.value, frame)
+
+    # -- Unused nodes for extensions
+
+    def visit_MarkSafe(self, node: nodes.MarkSafe, frame: Frame) -> None:
+        self.write("Markup(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_MarkSafeIfAutoescape(
+        self, node: nodes.MarkSafeIfAutoescape, frame: Frame
+    ) -> None:
+        self.write("(Markup if context.eval_ctx.autoescape else identity)(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_EnvironmentAttribute(
+        self, node: nodes.EnvironmentAttribute, frame: Frame
+    ) -> None:
+        self.write("environment." + node.name)
+
+    def visit_ExtensionAttribute(
+        self, node: nodes.ExtensionAttribute, frame: Frame
+    ) -> None:
+        self.write(f"environment.extensions[{node.identifier!r}].{node.name}")
+
+    def visit_ImportedName(self, node: nodes.ImportedName, frame: Frame) -> None:
+        self.write(self.import_aliases[node.importname])
+
+    def visit_InternalName(self, node: nodes.InternalName, frame: Frame) -> None:
+        self.write(node.name)
+
+    def visit_ContextReference(
+        self, node: nodes.ContextReference, frame: Frame
+    ) -> None:
+        self.write("context")
+
+    def visit_DerivedContextReference(
+        self, node: nodes.DerivedContextReference, frame: Frame
+    ) -> None:
+        self.write(self.derive_context(frame))
+
+    def visit_Continue(self, node: nodes.Continue, frame: Frame) -> None:
+        self.writeline("continue", node)
+
+    def visit_Break(self, node: nodes.Break, frame: Frame) -> None:
+        self.writeline("break", node)
+
+    def visit_Scope(self, node: nodes.Scope, frame: Frame) -> None:
+        scope_frame = frame.inner()
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, frame: Frame) -> None:
+        ctx = self.temporary_identifier()
+        self.writeline(f"{ctx} = {self.derive_context(frame)}")
+        self.writeline(f"{ctx}.vars = ")
+        self.visit(node.context, frame)
+        self.push_context_reference(ctx)
+
+        scope_frame = frame.inner(isolated=True)
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+        self.pop_context_reference()
+
+    def visit_EvalContextModifier(
+        self, node: nodes.EvalContextModifier, frame: Frame
+    ) -> None:
+        for keyword in node.options:
+            self.writeline(f"context.eval_ctx.{keyword.key} = ")
+            self.visit(keyword.value, frame)
+            try:
+                val = keyword.value.as_const(frame.eval_ctx)
+            except nodes.Impossible:
+                frame.eval_ctx.volatile = True
+            else:
+                setattr(frame.eval_ctx, keyword.key, val)
+
+    def visit_ScopedEvalContextModifier(
+        self, node: nodes.ScopedEvalContextModifier, frame: Frame
+    ) -> None:
+        old_ctx_name = self.temporary_identifier()
+        saved_ctx = frame.eval_ctx.save()
+        self.writeline(f"{old_ctx_name} = context.eval_ctx.save()")
+        self.visit_EvalContextModifier(node, frame)
+        for child in node.body:
+            self.visit(child, frame)
+        frame.eval_ctx.revert(saved_ctx)
+        self.writeline(f"context.eval_ctx.revert({old_ctx_name})")
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/constants.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/constants.py
new file mode 100644
index 000000000..41a1c23b0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/constants.py
@@ -0,0 +1,20 @@
+#: list of lorem ipsum words used by the lipsum() helper function
+LOREM_IPSUM_WORDS = """\
+a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at
+auctor augue bibendum blandit class commodo condimentum congue consectetuer
+consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus
+diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend
+elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames
+faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac
+hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum
+justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem
+luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie
+mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non
+nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque
+penatibus per pharetra phasellus placerat platea porta porttitor posuere
+potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus
+ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit
+sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor
+tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices
+ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus
+viverra volutpat vulputate"""
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/debug.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/debug.py
new file mode 100644
index 000000000..7ed7e9297
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/debug.py
@@ -0,0 +1,191 @@
+import sys
+import typing as t
+from types import CodeType
+from types import TracebackType
+
+from .exceptions import TemplateSyntaxError
+from .utils import internal_code
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    from .runtime import Context
+
+
+def rewrite_traceback_stack(source: t.Optional[str] = None) -> BaseException:
+    """Rewrite the current exception to replace any tracebacks from
+    within compiled template code with tracebacks that look like they
+    came from the template source.
+
+    This must be called within an ``except`` block.
+
+    :param source: For ``TemplateSyntaxError``, the original source if
+        known.
+    :return: The original exception with the rewritten traceback.
+    """
+    _, exc_value, tb = sys.exc_info()
+    exc_value = t.cast(BaseException, exc_value)
+    tb = t.cast(TracebackType, tb)
+
+    if isinstance(exc_value, TemplateSyntaxError) and not exc_value.translated:
+        exc_value.translated = True
+        exc_value.source = source
+        # Remove the old traceback, otherwise the frames from the
+        # compiler still show up.
+        exc_value.with_traceback(None)
+        # Outside of runtime, so the frame isn't executing template
+        # code, but it still needs to point at the template.
+        tb = fake_traceback(
+            exc_value, None, exc_value.filename or "<unknown>", exc_value.lineno
+        )
+    else:
+        # Skip the frame for the render function.
+        tb = tb.tb_next
+
+    stack = []
+
+    # Build the stack of traceback object, replacing any in template
+    # code with the source file and line information.
+    while tb is not None:
+        # Skip frames decorated with @internalcode. These are internal
+        # calls that aren't useful in template debugging output.
+        if tb.tb_frame.f_code in internal_code:
+            tb = tb.tb_next
+            continue
+
+        template = tb.tb_frame.f_globals.get("__jinja_template__")
+
+        if template is not None:
+            lineno = template.get_corresponding_lineno(tb.tb_lineno)
+            fake_tb = fake_traceback(exc_value, tb, template.filename, lineno)
+            stack.append(fake_tb)
+        else:
+            stack.append(tb)
+
+        tb = tb.tb_next
+
+    tb_next = None
+
+    # Assign tb_next in reverse to avoid circular references.
+    for tb in reversed(stack):
+        tb.tb_next = tb_next
+        tb_next = tb
+
+    return exc_value.with_traceback(tb_next)
+
+
+def fake_traceback(  # type: ignore
+    exc_value: BaseException, tb: t.Optional[TracebackType], filename: str, lineno: int
+) -> TracebackType:
+    """Produce a new traceback object that looks like it came from the
+    template source instead of the compiled code. The filename, line
+    number, and location name will point to the template, and the local
+    variables will be the current template context.
+
+    :param exc_value: The original exception to be re-raised to create
+        the new traceback.
+    :param tb: The original traceback to get the local variables and
+        code info from.
+    :param filename: The template filename.
+    :param lineno: The line number in the template source.
+    """
+    if tb is not None:
+        # Replace the real locals with the context that would be
+        # available at that point in the template.
+        locals = get_template_locals(tb.tb_frame.f_locals)
+        locals.pop("__jinja_exception__", None)
+    else:
+        locals = {}
+
+    globals = {
+        "__name__": filename,
+        "__file__": filename,
+        "__jinja_exception__": exc_value,
+    }
+    # Raise an exception at the correct line number.
+    code: CodeType = compile(
+        "\n" * (lineno - 1) + "raise __jinja_exception__", filename, "exec"
+    )
+
+    # Build a new code object that points to the template file and
+    # replaces the location with a block name.
+    location = "template"
+
+    if tb is not None:
+        function = tb.tb_frame.f_code.co_name
+
+        if function == "root":
+            location = "top-level template code"
+        elif function.startswith("block_"):
+            location = f"block {function[6:]!r}"
+
+    if sys.version_info >= (3, 8):
+        code = code.replace(co_name=location)
+    else:
+        code = CodeType(
+            code.co_argcount,
+            code.co_kwonlyargcount,
+            code.co_nlocals,
+            code.co_stacksize,
+            code.co_flags,
+            code.co_code,
+            code.co_consts,
+            code.co_names,
+            code.co_varnames,
+            code.co_filename,
+            location,
+            code.co_firstlineno,
+            code.co_lnotab,
+            code.co_freevars,
+            code.co_cellvars,
+        )
+
+    # Execute the new code, which is guaranteed to raise, and return
+    # the new traceback without this frame.
+    try:
+        exec(code, globals, locals)
+    except BaseException:
+        return sys.exc_info()[2].tb_next  # type: ignore
+
+
+def get_template_locals(real_locals: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    """Based on the runtime locals, get the context that would be
+    available at that point in the template.
+    """
+    # Start with the current template context.
+    ctx: "t.Optional[Context]" = real_locals.get("context")
+
+    if ctx is not None:
+        data: t.Dict[str, t.Any] = ctx.get_all().copy()
+    else:
+        data = {}
+
+    # Might be in a derived context that only sets local variables
+    # rather than pushing a context. Local variables follow the scheme
+    # l_depth_name. Find the highest-depth local that has a value for
+    # each name.
+    local_overrides: t.Dict[str, t.Tuple[int, t.Any]] = {}
+
+    for name, value in real_locals.items():
+        if not name.startswith("l_") or value is missing:
+            # Not a template variable, or no longer relevant.
+            continue
+
+        try:
+            _, depth_str, name = name.split("_", 2)
+            depth = int(depth_str)
+        except ValueError:
+            continue
+
+        cur_depth = local_overrides.get(name, (-1,))[0]
+
+        if cur_depth < depth:
+            local_overrides[name] = (depth, value)
+
+    # Modify the context with any derived context.
+    for name, (_, value) in local_overrides.items():
+        if value is missing:
+            data.pop(name, None)
+        else:
+            data[name] = value
+
+    return data
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/defaults.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/defaults.py
new file mode 100644
index 000000000..638cad3d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/defaults.py
@@ -0,0 +1,48 @@
+import typing as t
+
+from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
+from .tests import TESTS as DEFAULT_TESTS  # noqa: F401
+from .utils import Cycler
+from .utils import generate_lorem_ipsum
+from .utils import Joiner
+from .utils import Namespace
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+# defaults for the parser / lexer
+BLOCK_START_STRING = "{%"
+BLOCK_END_STRING = "%}"
+VARIABLE_START_STRING = "{{"
+VARIABLE_END_STRING = "}}"
+COMMENT_START_STRING = "{#"
+COMMENT_END_STRING = "#}"
+LINE_STATEMENT_PREFIX: t.Optional[str] = None
+LINE_COMMENT_PREFIX: t.Optional[str] = None
+TRIM_BLOCKS = False
+LSTRIP_BLOCKS = False
+NEWLINE_SEQUENCE: "te.Literal['\\n', '\\r\\n', '\\r']" = "\n"
+KEEP_TRAILING_NEWLINE = False
+
+# default filters, tests and namespace
+
+DEFAULT_NAMESPACE = {
+    "range": range,
+    "dict": dict,
+    "lipsum": generate_lorem_ipsum,
+    "cycler": Cycler,
+    "joiner": Joiner,
+    "namespace": Namespace,
+}
+
+# default policies
+DEFAULT_POLICIES: t.Dict[str, t.Any] = {
+    "compiler.ascii_str": True,
+    "urlize.rel": "noopener",
+    "urlize.target": None,
+    "urlize.extra_schemes": None,
+    "truncate.leeway": 5,
+    "json.dumps_function": None,
+    "json.dumps_kwargs": {"sort_keys": True},
+    "ext.i18n.trimmed": False,
+}
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/environment.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/environment.py
new file mode 100644
index 000000000..1d3be0bed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/environment.py
@@ -0,0 +1,1675 @@
+"""Classes for managing templates and their runtime and compile time
+options.
+"""
+
+import os
+import typing
+import typing as t
+import weakref
+from collections import ChainMap
+from functools import lru_cache
+from functools import partial
+from functools import reduce
+from types import CodeType
+
+from markupsafe import Markup
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import generate
+from .defaults import BLOCK_END_STRING
+from .defaults import BLOCK_START_STRING
+from .defaults import COMMENT_END_STRING
+from .defaults import COMMENT_START_STRING
+from .defaults import DEFAULT_FILTERS  # type: ignore[attr-defined]
+from .defaults import DEFAULT_NAMESPACE
+from .defaults import DEFAULT_POLICIES
+from .defaults import DEFAULT_TESTS  # type: ignore[attr-defined]
+from .defaults import KEEP_TRAILING_NEWLINE
+from .defaults import LINE_COMMENT_PREFIX
+from .defaults import LINE_STATEMENT_PREFIX
+from .defaults import LSTRIP_BLOCKS
+from .defaults import NEWLINE_SEQUENCE
+from .defaults import TRIM_BLOCKS
+from .defaults import VARIABLE_END_STRING
+from .defaults import VARIABLE_START_STRING
+from .exceptions import TemplateNotFound
+from .exceptions import TemplateRuntimeError
+from .exceptions import TemplatesNotFound
+from .exceptions import TemplateSyntaxError
+from .exceptions import UndefinedError
+from .lexer import get_lexer
+from .lexer import Lexer
+from .lexer import TokenStream
+from .nodes import EvalContext
+from .parser import Parser
+from .runtime import Context
+from .runtime import new_context
+from .runtime import Undefined
+from .utils import _PassArg
+from .utils import concat
+from .utils import consume
+from .utils import import_string
+from .utils import internalcode
+from .utils import LRUCache
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .bccache import BytecodeCache
+    from .ext import Extension
+    from .loaders import BaseLoader
+
+_env_bound = t.TypeVar("_env_bound", bound="Environment")
+
+
+# for direct template usage we have up to ten living environments
+@lru_cache(maxsize=10)
+def get_spontaneous_environment(cls: t.Type[_env_bound], *args: t.Any) -> _env_bound:
+    """Return a new spontaneous environment. A spontaneous environment
+    is used for templates created directly rather than through an
+    existing environment.
+
+    :param cls: Environment class to create.
+    :param args: Positional arguments passed to environment.
+    """
+    env = cls(*args)
+    env.shared = True
+    return env
+
+
+def create_cache(
+    size: int,
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Return the cache class for the given size."""
+    if size == 0:
+        return None
+
+    if size < 0:
+        return {}
+
+    return LRUCache(size)  # type: ignore
+
+
+def copy_cache(
+    cache: t.Optional[t.MutableMapping[t.Any, t.Any]],
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Create an empty copy of the given cache."""
+    if cache is None:
+        return None
+
+    if type(cache) is dict:  # noqa E721
+        return {}
+
+    return LRUCache(cache.capacity)  # type: ignore
+
+
+def load_extensions(
+    environment: "Environment",
+    extensions: t.Sequence[t.Union[str, t.Type["Extension"]]],
+) -> t.Dict[str, "Extension"]:
+    """Load the extensions from the list and bind it to the environment.
+    Returns a dict of instantiated extensions.
+    """
+    result = {}
+
+    for extension in extensions:
+        if isinstance(extension, str):
+            extension = t.cast(t.Type["Extension"], import_string(extension))
+
+        result[extension.identifier] = extension(environment)
+
+    return result
+
+
+def _environment_config_check(environment: "Environment") -> "Environment":
+    """Perform a sanity check on the environment."""
+    assert issubclass(
+        environment.undefined, Undefined
+    ), "'undefined' must be a subclass of 'jinja2.Undefined'."
+    assert (
+        environment.block_start_string
+        != environment.variable_start_string
+        != environment.comment_start_string
+    ), "block, variable and comment start strings must be different."
+    assert environment.newline_sequence in {
+        "\r",
+        "\r\n",
+        "\n",
+    }, "'newline_sequence' must be one of '\\n', '\\r\\n', or '\\r'."
+    return environment
+
+
+class Environment:
+    r"""The core component of Jinja is the `Environment`.  It contains
+    important shared variables like configuration, filters, tests,
+    globals and others.  Instances of this class may be modified if
+    they are not shared and if no template was loaded so far.
+    Modifications on environments after the first template was loaded
+    will lead to surprising effects and undefined behavior.
+
+    Here are the possible initialization parameters:
+
+        `block_start_string`
+            The string marking the beginning of a block.  Defaults to ``'{%'``.
+
+        `block_end_string`
+            The string marking the end of a block.  Defaults to ``'%}'``.
+
+        `variable_start_string`
+            The string marking the beginning of a print statement.
+            Defaults to ``'{{'``.
+
+        `variable_end_string`
+            The string marking the end of a print statement.  Defaults to
+            ``'}}'``.
+
+        `comment_start_string`
+            The string marking the beginning of a comment.  Defaults to ``'{#'``.
+
+        `comment_end_string`
+            The string marking the end of a comment.  Defaults to ``'#}'``.
+
+        `line_statement_prefix`
+            If given and a string, this will be used as prefix for line based
+            statements.  See also :ref:`line-statements`.
+
+        `line_comment_prefix`
+            If given and a string, this will be used as prefix for line based
+            comments.  See also :ref:`line-statements`.
+
+            .. versionadded:: 2.2
+
+        `trim_blocks`
+            If this is set to ``True`` the first newline after a block is
+            removed (block, not variable tag!).  Defaults to `False`.
+
+        `lstrip_blocks`
+            If this is set to ``True`` leading spaces and tabs are stripped
+            from the start of a line to a block.  Defaults to `False`.
+
+        `newline_sequence`
+            The sequence that starts a newline.  Must be one of ``'\r'``,
+            ``'\n'`` or ``'\r\n'``.  The default is ``'\n'`` which is a
+            useful default for Linux and OS X systems as well as web
+            applications.
+
+        `keep_trailing_newline`
+            Preserve the trailing newline when rendering templates.
+            The default is ``False``, which causes a single newline,
+            if present, to be stripped from the end of the template.
+
+            .. versionadded:: 2.7
+
+        `extensions`
+            List of Jinja extensions to use.  This can either be import paths
+            as strings or extension classes.  For more information have a
+            look at :ref:`the extensions documentation <jinja-extensions>`.
+
+        `optimized`
+            should the optimizer be enabled?  Default is ``True``.
+
+        `undefined`
+            :class:`Undefined` or a subclass of it that is used to represent
+            undefined values in the template.
+
+        `finalize`
+            A callable that can be used to process the result of a variable
+            expression before it is output.  For example one can convert
+            ``None`` implicitly into an empty string here.
+
+        `autoescape`
+            If set to ``True`` the XML/HTML autoescaping feature is enabled by
+            default.  For more details about autoescaping see
+            :class:`~markupsafe.Markup`.  As of Jinja 2.4 this can also
+            be a callable that is passed the template name and has to
+            return ``True`` or ``False`` depending on autoescape should be
+            enabled by default.
+
+            .. versionchanged:: 2.4
+               `autoescape` can now be a function
+
+        `loader`
+            The template loader for this environment.
+
+        `cache_size`
+            The size of the cache.  Per default this is ``400`` which means
+            that if more than 400 templates are loaded the loader will clean
+            out the least recently used template.  If the cache size is set to
+            ``0`` templates are recompiled all the time, if the cache size is
+            ``-1`` the cache will not be cleaned.
+
+            .. versionchanged:: 2.8
+               The cache size was increased to 400 from a low 50.
+
+        `auto_reload`
+            Some loaders load templates from locations where the template
+            sources may change (ie: file system or database).  If
+            ``auto_reload`` is set to ``True`` (default) every time a template is
+            requested the loader checks if the source changed and if yes, it
+            will reload the template.  For higher performance it's possible to
+            disable that.
+
+        `bytecode_cache`
+            If set to a bytecode cache object, this object will provide a
+            cache for the internal Jinja bytecode so that templates don't
+            have to be parsed if they were not changed.
+
+            See :ref:`bytecode-cache` for more information.
+
+        `enable_async`
+            If set to true this enables async template execution which
+            allows using async functions and generators.
+    """
+
+    #: if this environment is sandboxed.  Modifying this variable won't make
+    #: the environment sandboxed though.  For a real sandboxed environment
+    #: have a look at jinja2.sandbox.  This flag alone controls the code
+    #: generation by the compiler.
+    sandboxed = False
+
+    #: True if the environment is just an overlay
+    overlayed = False
+
+    #: the environment this environment is linked to if it is an overlay
+    linked_to: t.Optional["Environment"] = None
+
+    #: shared environments have this set to `True`.  A shared environment
+    #: must not be modified
+    shared = False
+
+    #: the class that is used for code generation.  See
+    #: :class:`~jinja2.compiler.CodeGenerator` for more information.
+    code_generator_class: t.Type["CodeGenerator"] = CodeGenerator
+
+    concat = "".join
+
+    #: the context class that is used for templates.  See
+    #: :class:`~jinja2.runtime.Context` for more information.
+    context_class: t.Type[Context] = Context
+
+    template_class: t.Type["Template"]
+
+    def __init__(
+        self,
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        loader: t.Optional["BaseLoader"] = None,
+        cache_size: int = 400,
+        auto_reload: bool = True,
+        bytecode_cache: t.Optional["BytecodeCache"] = None,
+        enable_async: bool = False,
+    ):
+        # !!Important notice!!
+        #   The constructor accepts quite a few arguments that should be
+        #   passed by keyword rather than position.  However it's important to
+        #   not change the order of arguments because it's used at least
+        #   internally in those cases:
+        #       -   spontaneous environments (i18n extension and Template)
+        #       -   unittests
+        #   If parameter changes are required only add parameters at the end
+        #   and don't change the arguments (or the defaults!) of the arguments
+        #   existing already.
+
+        # lexer / parser information
+        self.block_start_string = block_start_string
+        self.block_end_string = block_end_string
+        self.variable_start_string = variable_start_string
+        self.variable_end_string = variable_end_string
+        self.comment_start_string = comment_start_string
+        self.comment_end_string = comment_end_string
+        self.line_statement_prefix = line_statement_prefix
+        self.line_comment_prefix = line_comment_prefix
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
+        self.newline_sequence = newline_sequence
+        self.keep_trailing_newline = keep_trailing_newline
+
+        # runtime information
+        self.undefined: t.Type[Undefined] = undefined
+        self.optimized = optimized
+        self.finalize = finalize
+        self.autoescape = autoescape
+
+        # defaults
+        self.filters = DEFAULT_FILTERS.copy()
+        self.tests = DEFAULT_TESTS.copy()
+        self.globals = DEFAULT_NAMESPACE.copy()
+
+        # set the loader provided
+        self.loader = loader
+        self.cache = create_cache(cache_size)
+        self.bytecode_cache = bytecode_cache
+        self.auto_reload = auto_reload
+
+        # configurable policies
+        self.policies = DEFAULT_POLICIES.copy()
+
+        # load extensions
+        self.extensions = load_extensions(self, extensions)
+
+        self.is_async = enable_async
+        _environment_config_check(self)
+
+    def add_extension(self, extension: t.Union[str, t.Type["Extension"]]) -> None:
+        """Adds an extension after the environment was created.
+
+        .. versionadded:: 2.5
+        """
+        self.extensions.update(load_extensions(self, [extension]))
+
+    def extend(self, **attributes: t.Any) -> None:
+        """Add the items to the instance of the environment if they do not exist
+        yet.  This is used by :ref:`extensions <writing-extensions>` to register
+        callbacks and configuration values without breaking inheritance.
+        """
+        for key, value in attributes.items():
+            if not hasattr(self, key):
+                setattr(self, key, value)
+
+    def overlay(
+        self,
+        block_start_string: str = missing,
+        block_end_string: str = missing,
+        variable_start_string: str = missing,
+        variable_end_string: str = missing,
+        comment_start_string: str = missing,
+        comment_end_string: str = missing,
+        line_statement_prefix: t.Optional[str] = missing,
+        line_comment_prefix: t.Optional[str] = missing,
+        trim_blocks: bool = missing,
+        lstrip_blocks: bool = missing,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = missing,
+        keep_trailing_newline: bool = missing,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = missing,
+        optimized: bool = missing,
+        undefined: t.Type[Undefined] = missing,
+        finalize: t.Optional[t.Callable[..., t.Any]] = missing,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = missing,
+        loader: t.Optional["BaseLoader"] = missing,
+        cache_size: int = missing,
+        auto_reload: bool = missing,
+        bytecode_cache: t.Optional["BytecodeCache"] = missing,
+        enable_async: bool = False,
+    ) -> "Environment":
+        """Create a new overlay environment that shares all the data with the
+        current environment except for cache and the overridden attributes.
+        Extensions cannot be removed for an overlayed environment.  An overlayed
+        environment automatically gets all the extensions of the environment it
+        is linked to plus optional extra extensions.
+
+        Creating overlays should happen after the initial environment was set
+        up completely.  Not all attributes are truly linked, some are just
+        copied over so modifications on the original environment may not shine
+        through.
+
+        .. versionchanged:: 3.1.2
+            Added the ``newline_sequence``,, ``keep_trailing_newline``,
+            and ``enable_async`` parameters to match ``__init__``.
+        """
+        args = dict(locals())
+        del args["self"], args["cache_size"], args["extensions"], args["enable_async"]
+
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.overlayed = True
+        rv.linked_to = self
+
+        for key, value in args.items():
+            if value is not missing:
+                setattr(rv, key, value)
+
+        if cache_size is not missing:
+            rv.cache = create_cache(cache_size)
+        else:
+            rv.cache = copy_cache(self.cache)
+
+        rv.extensions = {}
+        for key, value in self.extensions.items():
+            rv.extensions[key] = value.bind(rv)
+        if extensions is not missing:
+            rv.extensions.update(load_extensions(rv, extensions))
+
+        if enable_async is not missing:
+            rv.is_async = enable_async
+
+        return _environment_config_check(rv)
+
+    @property
+    def lexer(self) -> Lexer:
+        """The lexer for this environment."""
+        return get_lexer(self)
+
+    def iter_extensions(self) -> t.Iterator["Extension"]:
+        """Iterates over the extensions by priority."""
+        return iter(sorted(self.extensions.values(), key=lambda x: x.priority))
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Get an item or attribute of an object but prefer the item."""
+        try:
+            return obj[argument]
+        except (AttributeError, TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        return getattr(obj, attr)
+                    except AttributeError:
+                        pass
+            return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Any:
+        """Get an item or attribute of an object but prefer the attribute.
+        Unlike :meth:`getitem` the attribute *must* be a string.
+        """
+        try:
+            return getattr(obj, attribute)
+        except AttributeError:
+            pass
+        try:
+            return obj[attribute]
+        except (TypeError, LookupError, AttributeError):
+            return self.undefined(obj=obj, name=attribute)
+
+    def _filter_test_common(
+        self,
+        name: t.Union[str, Undefined],
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]],
+        kwargs: t.Optional[t.Mapping[str, t.Any]],
+        context: t.Optional[Context],
+        eval_ctx: t.Optional[EvalContext],
+        is_filter: bool,
+    ) -> t.Any:
+        if is_filter:
+            env_map = self.filters
+            type_name = "filter"
+        else:
+            env_map = self.tests
+            type_name = "test"
+
+        func = env_map.get(name)  # type: ignore
+
+        if func is None:
+            msg = f"No {type_name} named {name!r}."
+
+            if isinstance(name, Undefined):
+                try:
+                    name._fail_with_undefined_error()
+                except Exception as e:
+                    msg = f"{msg} ({e}; did you forget to quote the callable name?)"
+
+            raise TemplateRuntimeError(msg)
+
+        args = [value, *(args if args is not None else ())]
+        kwargs = kwargs if kwargs is not None else {}
+        pass_arg = _PassArg.from_obj(func)
+
+        if pass_arg is _PassArg.context:
+            if context is None:
+                raise TemplateRuntimeError(
+                    f"Attempted to invoke a context {type_name} without context."
+                )
+
+            args.insert(0, context)
+        elif pass_arg is _PassArg.eval_context:
+            if eval_ctx is None:
+                if context is not None:
+                    eval_ctx = context.eval_ctx
+                else:
+                    eval_ctx = EvalContext(self)
+
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, self)
+
+        return func(*args, **kwargs)
+
+    def call_filter(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a filter on a value the same way the compiler does.
+
+        This might return a coroutine if the filter is running from an
+        environment in async mode and the filter supports async
+        execution. It's your responsibility to await this if needed.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, True
+        )
+
+    def call_test(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a test on a value the same way the compiler does.
+
+        This might return a coroutine if the test is running from an
+        environment in async mode and the test supports async execution.
+        It's your responsibility to await this if needed.
+
+        .. versionchanged:: 3.0
+            Tests support ``@pass_context``, etc. decorators. Added
+            the ``context`` and ``eval_ctx`` parameters.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, False
+        )
+
+    @internalcode
+    def parse(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> nodes.Template:
+        """Parse the sourcecode and return the abstract syntax tree.  This
+        tree of nodes is used by the compiler to convert the template into
+        executable source- or bytecode.  This is useful for debugging or to
+        extract information from templates.
+
+        If you are :ref:`developing Jinja extensions <writing-extensions>`
+        this gives you a good overview of the node tree generated.
+        """
+        try:
+            return self._parse(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def _parse(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str]
+    ) -> nodes.Template:
+        """Internal parsing function used by `parse` and `compile`."""
+        return Parser(self, source, name, filename).parse()
+
+    def lex(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """Lex the given sourcecode and return a generator that yields
+        tokens as tuples in the form ``(lineno, token_type, value)``.
+        This can be useful for :ref:`extension development <writing-extensions>`
+        and debugging templates.
+
+        This does not perform preprocessing.  If you want the preprocessing
+        of the extensions to be applied you have to filter source through
+        the :meth:`preprocess` method.
+        """
+        source = str(source)
+        try:
+            return self.lexer.tokeniter(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def preprocess(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> str:
+        """Preprocesses the source with all extensions.  This is automatically
+        called for all parsing and compiling methods but *not* for :meth:`lex`
+        because there you usually only want the actual source tokenized.
+        """
+        return reduce(
+            lambda s, e: e.preprocess(s, name, filename),
+            self.iter_extensions(),
+            str(source),
+        )
+
+    def _tokenize(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Called by the parser to do the preprocessing and filtering
+        for all the extensions.  Returns a :class:`~jinja2.lexer.TokenStream`.
+        """
+        source = self.preprocess(source, name, filename)
+        stream = self.lexer.tokenize(source, name, filename, state)
+
+        for ext in self.iter_extensions():
+            stream = ext.filter_stream(stream)  # type: ignore
+
+            if not isinstance(stream, TokenStream):
+                stream = TokenStream(stream, name, filename)
+
+        return stream
+
+    def _generate(
+        self,
+        source: nodes.Template,
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        defer_init: bool = False,
+    ) -> str:
+        """Internal hook that can be overridden to hook a different generate
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return generate(  # type: ignore
+            source,
+            self,
+            name,
+            filename,
+            defer_init=defer_init,
+            optimized=self.optimized,
+        )
+
+    def _compile(self, source: str, filename: str) -> CodeType:
+        """Internal hook that can be overridden to hook a different compile
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return compile(source, filename, "exec")
+
+    @typing.overload
+    def compile(  # type: ignore
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[False]" = False,
+        defer_init: bool = False,
+    ) -> CodeType: ...
+
+    @typing.overload
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[True]" = ...,
+        defer_init: bool = False,
+    ) -> str: ...
+
+    @internalcode
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: bool = False,
+        defer_init: bool = False,
+    ) -> t.Union[str, CodeType]:
+        """Compile a node or template source code.  The `name` parameter is
+        the load name of the template after it was joined using
+        :meth:`join_path` if necessary, not the filename on the file system.
+        the `filename` parameter is the estimated filename of the template on
+        the file system.  If the template came from a database or memory this
+        can be omitted.
+
+        The return value of this method is a python code object.  If the `raw`
+        parameter is `True` the return value will be a string with python
+        code equivalent to the bytecode returned otherwise.  This method is
+        mainly used internally.
+
+        `defer_init` is use internally to aid the module code generator.  This
+        causes the generated code to be able to import without the global
+        environment variable to be set.
+
+        .. versionadded:: 2.4
+           `defer_init` parameter added.
+        """
+        source_hint = None
+        try:
+            if isinstance(source, str):
+                source_hint = source
+                source = self._parse(source, name, filename)
+            source = self._generate(source, name, filename, defer_init=defer_init)
+            if raw:
+                return source
+            if filename is None:
+                filename = "<template>"
+            return self._compile(source, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source_hint)
+
+    def compile_expression(
+        self, source: str, undefined_to_none: bool = True
+    ) -> "TemplateExpression":
+        """A handy helper method that returns a callable that accepts keyword
+        arguments that appear as variables in the expression.  If called it
+        returns the result of the expression.
+
+        This is useful if applications want to use the same rules as Jinja
+        in template "configuration files" or similar situations.
+
+        Example usage:
+
+        >>> env = Environment()
+        >>> expr = env.compile_expression('foo == 42')
+        >>> expr(foo=23)
+        False
+        >>> expr(foo=42)
+        True
+
+        Per default the return value is converted to `None` if the
+        expression returns an undefined value.  This can be changed
+        by setting `undefined_to_none` to `False`.
+
+        >>> env.compile_expression('var')() is None
+        True
+        >>> env.compile_expression('var', undefined_to_none=False)()
+        Undefined
+
+        .. versionadded:: 2.1
+        """
+        parser = Parser(self, source, state="variable")
+        try:
+            expr = parser.parse_expression()
+            if not parser.stream.eos:
+                raise TemplateSyntaxError(
+                    "chunk after expression", parser.stream.current.lineno, None, None
+                )
+            expr.set_environment(self)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+        body = [nodes.Assign(nodes.Name("result", "store"), expr, lineno=1)]
+        template = self.from_string(nodes.Template(body, lineno=1))
+        return TemplateExpression(template, undefined_to_none)
+
+    def compile_templates(
+        self,
+        target: t.Union[str, "os.PathLike[str]"],
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+        zip: t.Optional[str] = "deflated",
+        log_function: t.Optional[t.Callable[[str], None]] = None,
+        ignore_errors: bool = True,
+    ) -> None:
+        """Finds all the templates the loader can find, compiles them
+        and stores them in `target`.  If `zip` is `None`, instead of in a
+        zipfile, the templates will be stored in a directory.
+        By default a deflate zip algorithm is used. To switch to
+        the stored algorithm, `zip` can be set to ``'stored'``.
+
+        `extensions` and `filter_func` are passed to :meth:`list_templates`.
+        Each template returned will be compiled to the target folder or
+        zipfile.
+
+        By default template compilation errors are ignored.  In case a
+        log function is provided, errors are logged.  If you want template
+        syntax errors to abort the compilation you can set `ignore_errors`
+        to `False` and you will get an exception on syntax errors.
+
+        .. versionadded:: 2.4
+        """
+        from .loaders import ModuleLoader
+
+        if log_function is None:
+
+            def log_function(x: str) -> None:
+                pass
+
+        assert log_function is not None
+        assert self.loader is not None, "No loader configured."
+
+        def write_file(filename: str, data: str) -> None:
+            if zip:
+                info = ZipInfo(filename)
+                info.external_attr = 0o755 << 16
+                zip_file.writestr(info, data)
+            else:
+                with open(os.path.join(target, filename), "wb") as f:
+                    f.write(data.encode("utf8"))
+
+        if zip is not None:
+            from zipfile import ZIP_DEFLATED
+            from zipfile import ZIP_STORED
+            from zipfile import ZipFile
+            from zipfile import ZipInfo
+
+            zip_file = ZipFile(
+                target, "w", dict(deflated=ZIP_DEFLATED, stored=ZIP_STORED)[zip]
+            )
+            log_function(f"Compiling into Zip archive {target!r}")
+        else:
+            if not os.path.isdir(target):
+                os.makedirs(target)
+            log_function(f"Compiling into folder {target!r}")
+
+        try:
+            for name in self.list_templates(extensions, filter_func):
+                source, filename, _ = self.loader.get_source(self, name)
+                try:
+                    code = self.compile(source, name, filename, True, True)
+                except TemplateSyntaxError as e:
+                    if not ignore_errors:
+                        raise
+                    log_function(f'Could not compile "{name}": {e}')
+                    continue
+
+                filename = ModuleLoader.get_module_filename(name)
+
+                write_file(filename, code)
+                log_function(f'Compiled "{name}" as {filename}')
+        finally:
+            if zip:
+                zip_file.close()
+
+        log_function("Finished compiling templates")
+
+    def list_templates(
+        self,
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+    ) -> t.List[str]:
+        """Returns a list of templates for this environment.  This requires
+        that the loader supports the loader's
+        :meth:`~BaseLoader.list_templates` method.
+
+        If there are other files in the template folder besides the
+        actual templates, the returned list can be filtered.  There are two
+        ways: either `extensions` is set to a list of file extensions for
+        templates, or a `filter_func` can be provided which is a callable that
+        is passed a template name and should return `True` if it should end up
+        in the result list.
+
+        If the loader does not support that, a :exc:`TypeError` is raised.
+
+        .. versionadded:: 2.4
+        """
+        assert self.loader is not None, "No loader configured."
+        names = self.loader.list_templates()
+
+        if extensions is not None:
+            if filter_func is not None:
+                raise TypeError(
+                    "either extensions or filter_func can be passed, but not both"
+                )
+
+            def filter_func(x: str) -> bool:
+                return "." in x and x.rsplit(".", 1)[1] in extensions
+
+        if filter_func is not None:
+            names = [name for name in names if filter_func(name)]
+
+        return names
+
+    def handle_exception(self, source: t.Optional[str] = None) -> "te.NoReturn":
+        """Exception handling helper.  This is used internally to either raise
+        rewritten exceptions or return a rendered traceback for the template.
+        """
+        from .debug import rewrite_traceback_stack
+
+        raise rewrite_traceback_stack(source=source)
+
+    def join_path(self, template: str, parent: str) -> str:
+        """Join a template with the parent.  By default all the lookups are
+        relative to the loader root so this method returns the `template`
+        parameter unchanged, but if the paths should be relative to the
+        parent template, this function can be used to calculate the real
+        template name.
+
+        Subclasses may override this method and implement template path
+        joining here.
+        """
+        return template
+
+    @internalcode
+    def _load_template(
+        self, name: str, globals: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> "Template":
+        if self.loader is None:
+            raise TypeError("no loader for this environment specified")
+        cache_key = (weakref.ref(self.loader), name)
+        if self.cache is not None:
+            template = self.cache.get(cache_key)
+            if template is not None and (
+                not self.auto_reload or template.is_up_to_date
+            ):
+                # template.globals is a ChainMap, modifying it will only
+                # affect the template, not the environment globals.
+                if globals:
+                    template.globals.update(globals)
+
+                return template
+
+        template = self.loader.load(self, name, self.make_globals(globals))
+
+        if self.cache is not None:
+            self.cache[cache_key] = template
+        return template
+
+    @internalcode
+    def get_template(
+        self,
+        name: t.Union[str, "Template"],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Load a template by name with :attr:`loader` and return a
+        :class:`Template`. If the template does not exist a
+        :exc:`TemplateNotFound` exception is raised.
+
+        :param name: Name of the template to load. When loading
+            templates from the filesystem, "/" is used as the path
+            separator, even on Windows.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.4
+            If ``name`` is a :class:`Template` object it is returned
+            unchanged.
+        """
+        if isinstance(name, Template):
+            return name
+        if parent is not None:
+            name = self.join_path(name, parent)
+
+        return self._load_template(name, globals)
+
+    @internalcode
+    def select_template(
+        self,
+        names: t.Iterable[t.Union[str, "Template"]],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Like :meth:`get_template`, but tries loading multiple names.
+        If none of the names can be loaded a :exc:`TemplatesNotFound`
+        exception is raised.
+
+        :param names: List of template names to try loading in order.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.11
+            If ``names`` is :class:`Undefined`, an :exc:`UndefinedError`
+            is raised instead. If no templates were found and ``names``
+            contains :class:`Undefined`, the message is more helpful.
+
+        .. versionchanged:: 2.4
+            If ``names`` contains a :class:`Template` object it is
+            returned unchanged.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(names, Undefined):
+            names._fail_with_undefined_error()
+
+        if not names:
+            raise TemplatesNotFound(
+                message="Tried to select from an empty list of templates."
+            )
+
+        for name in names:
+            if isinstance(name, Template):
+                return name
+            if parent is not None:
+                name = self.join_path(name, parent)
+            try:
+                return self._load_template(name, globals)
+            except (TemplateNotFound, UndefinedError):
+                pass
+        raise TemplatesNotFound(names)  # type: ignore
+
+    @internalcode
+    def get_or_select_template(
+        self,
+        template_name_or_list: t.Union[
+            str, "Template", t.List[t.Union[str, "Template"]]
+        ],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Use :meth:`select_template` if an iterable of template names
+        is given, or :meth:`get_template` if one name is given.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(template_name_or_list, (str, Undefined)):
+            return self.get_template(template_name_or_list, parent, globals)
+        elif isinstance(template_name_or_list, Template):
+            return template_name_or_list
+        return self.select_template(template_name_or_list, parent, globals)
+
+    def from_string(
+        self,
+        source: t.Union[str, nodes.Template],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        template_class: t.Optional[t.Type["Template"]] = None,
+    ) -> "Template":
+        """Load a template from a source string without using
+        :attr:`loader`.
+
+        :param source: Jinja source to compile into a template.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+        :param template_class: Return an instance of this
+            :class:`Template` class.
+        """
+        gs = self.make_globals(globals)
+        cls = template_class or self.template_class
+        return cls.from_code(self, self.compile(source), gs, None)
+
+    def make_globals(
+        self, d: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> t.MutableMapping[str, t.Any]:
+        """Make the globals map for a template. Any given template
+        globals overlay the environment :attr:`globals`.
+
+        Returns a :class:`collections.ChainMap`. This allows any changes
+        to a template's globals to only affect that template, while
+        changes to the environment's globals are still reflected.
+        However, avoid modifying any globals after a template is loaded.
+
+        :param d: Dict of template-specific globals.
+
+        .. versionchanged:: 3.0
+            Use :class:`collections.ChainMap` to always prevent mutating
+            environment globals.
+        """
+        if d is None:
+            d = {}
+
+        return ChainMap(d, self.globals)
+
+
+class Template:
+    """A compiled template that can be rendered.
+
+    Use the methods on :class:`Environment` to create or load templates.
+    The environment is used to configure how templates are compiled and
+    behave.
+
+    It is also possible to create a template object directly. This is
+    not usually recommended. The constructor takes most of the same
+    arguments as :class:`Environment`. All templates created with the
+    same environment arguments share the same ephemeral ``Environment``
+    instance behind the scenes.
+
+    A template object should be considered immutable. Modifications on
+    the object are not supported.
+    """
+
+    #: Type of environment to create when creating a template directly
+    #: rather than through an existing environment.
+    environment_class: t.Type[Environment] = Environment
+
+    environment: Environment
+    globals: t.MutableMapping[str, t.Any]
+    name: t.Optional[str]
+    filename: t.Optional[str]
+    blocks: t.Dict[str, t.Callable[[Context], t.Iterator[str]]]
+    root_render_func: t.Callable[[Context], t.Iterator[str]]
+    _module: t.Optional["TemplateModule"]
+    _debug_info: str
+    _uptodate: t.Optional[t.Callable[[], bool]]
+
+    def __new__(
+        cls,
+        source: t.Union[str, nodes.Template],
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        enable_async: bool = False,
+    ) -> t.Any:  # it returns a `Template`, but this breaks the sphinx build...
+        env = get_spontaneous_environment(
+            cls.environment_class,  # type: ignore
+            block_start_string,
+            block_end_string,
+            variable_start_string,
+            variable_end_string,
+            comment_start_string,
+            comment_end_string,
+            line_statement_prefix,
+            line_comment_prefix,
+            trim_blocks,
+            lstrip_blocks,
+            newline_sequence,
+            keep_trailing_newline,
+            frozenset(extensions),
+            optimized,
+            undefined,  # type: ignore
+            finalize,
+            autoescape,
+            None,
+            0,
+            False,
+            None,
+            enable_async,
+        )
+        return env.from_string(source, template_class=cls)
+
+    @classmethod
+    def from_code(
+        cls,
+        environment: Environment,
+        code: CodeType,
+        globals: t.MutableMapping[str, t.Any],
+        uptodate: t.Optional[t.Callable[[], bool]] = None,
+    ) -> "Template":
+        """Creates a template object from compiled code and the globals.  This
+        is used by the loaders and environment to create a template object.
+        """
+        namespace = {"environment": environment, "__file__": code.co_filename}
+        exec(code, namespace)
+        rv = cls._from_namespace(environment, namespace, globals)
+        rv._uptodate = uptodate
+        return rv
+
+    @classmethod
+    def from_module_dict(
+        cls,
+        environment: Environment,
+        module_dict: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        """Creates a template object from a module.  This is used by the
+        module loader to create a template object.
+
+        .. versionadded:: 2.4
+        """
+        return cls._from_namespace(environment, module_dict, globals)
+
+    @classmethod
+    def _from_namespace(
+        cls,
+        environment: Environment,
+        namespace: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        t: "Template" = object.__new__(cls)
+        t.environment = environment
+        t.globals = globals
+        t.name = namespace["name"]
+        t.filename = namespace["__file__"]
+        t.blocks = namespace["blocks"]
+
+        # render function and module
+        t.root_render_func = namespace["root"]
+        t._module = None
+
+        # debug and loader helpers
+        t._debug_info = namespace["debug_info"]
+        t._uptodate = None
+
+        # store the reference
+        namespace["environment"] = environment
+        namespace["__jinja_template__"] = t
+
+        return t
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This method accepts the same arguments as the `dict` constructor:
+        A dict, a dict subclass or some keyword arguments.  If no arguments
+        are given the context will be empty.  These two calls do the same::
+
+            template.render(knights='that say nih')
+            template.render({'knights': 'that say nih'})
+
+        This will return the rendered template as a string.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            close = False
+
+            try:
+                loop = asyncio.get_running_loop()
+            except RuntimeError:
+                loop = asyncio.new_event_loop()
+                close = True
+
+            try:
+                return loop.run_until_complete(self.render_async(*args, **kwargs))
+            finally:
+                if close:
+                    loop.close()
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(self.root_render_func(ctx))  # type: ignore
+        except Exception:
+            self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This works similar to :meth:`render` but returns a coroutine
+        that when awaited returns the entire rendered template string.  This
+        requires the async feature to be enabled.
+
+        Example usage::
+
+            await template.render_async(knights='that say nih; asynchronously')
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    def stream(self, *args: t.Any, **kwargs: t.Any) -> "TemplateStream":
+        """Works exactly like :meth:`generate` but returns a
+        :class:`TemplateStream`.
+        """
+        return TemplateStream(self.generate(*args, **kwargs))
+
+    def generate(self, *args: t.Any, **kwargs: t.Any) -> t.Iterator[str]:
+        """For very large templates it can be useful to not render the whole
+        template at once but evaluate each statement after another and yield
+        piece for piece.  This method basically does exactly that and returns
+        a generator that yields one item after another as strings.
+
+        It accepts the same arguments as :meth:`render`.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            async def to_list() -> t.List[str]:
+                return [x async for x in self.generate_async(*args, **kwargs)]
+
+            yield from asyncio.run(to_list())
+            return
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            yield from self.root_render_func(ctx)
+        except Exception:
+            yield self.environment.handle_exception()
+
+    async def generate_async(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.AsyncIterator[str]:
+        """An async version of :meth:`generate`.  Works very similarly but
+        returns an async iterator instead.
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            async for event in self.root_render_func(ctx):  # type: ignore
+                yield event
+        except Exception:
+            yield self.environment.handle_exception()
+
+    def new_context(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> Context:
+        """Create a new :class:`Context` for this template.  The vars
+        provided will be passed to the template.  Per default the globals
+        are added to the context.  If shared is set to `True` the data
+        is passed as is to the context without adding the globals.
+
+        `locals` can be a dict of local variables for internal usage.
+        """
+        return new_context(
+            self.environment, self.name, self.blocks, vars, shared, self.globals, locals
+        )
+
+    def make_module(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """This method works like the :attr:`module` attribute when called
+        without arguments but it will evaluate the template on every call
+        rather than caching it.  It's also possible to provide
+        a dict which is then used as context.  The arguments are the same
+        as for the :meth:`new_context` method.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(self, ctx)
+
+    async def make_module_async(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """As template module creation can invoke template code for
+        asynchronous executions this method must be used instead of the
+        normal :meth:`make_module` one.  Likewise the module attribute
+        becomes unavailable in async mode.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(
+            self,
+            ctx,
+            [x async for x in self.root_render_func(ctx)],  # type: ignore
+        )
+
+    @internalcode
+    def _get_default_module(self, ctx: t.Optional[Context] = None) -> "TemplateModule":
+        """If a context is passed in, this means that the template was
+        imported. Imported templates have access to the current
+        template's globals by default, but they can only be accessed via
+        the context during runtime.
+
+        If there are new globals, we need to create a new module because
+        the cached module is already rendered and will not have access
+        to globals from the current context. This new module is not
+        cached because the template can be imported elsewhere, and it
+        should have access to only the current template's globals.
+        """
+        if self.environment.is_async:
+            raise RuntimeError("Module is not available in async mode.")
+
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return self.make_module({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = self.make_module()
+
+        return self._module
+
+    async def _get_default_module_async(
+        self, ctx: t.Optional[Context] = None
+    ) -> "TemplateModule":
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return await self.make_module_async({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = await self.make_module_async()
+
+        return self._module
+
+    @property
+    def module(self) -> "TemplateModule":
+        """The template as module.  This is used for imports in the
+        template runtime but is also useful if one wants to access
+        exported template variables from the Python layer:
+
+        >>> t = Template('{% macro foo() %}42{% endmacro %}23')
+        >>> str(t.module)
+        '23'
+        >>> t.module.foo() == u'42'
+        True
+
+        This attribute is not available if async mode is enabled.
+        """
+        return self._get_default_module()
+
+    def get_corresponding_lineno(self, lineno: int) -> int:
+        """Return the source line number of a line number in the
+        generated bytecode as they are not in sync.
+        """
+        for template_line, code_line in reversed(self.debug_info):
+            if code_line <= lineno:
+                return template_line
+        return 1
+
+    @property
+    def is_up_to_date(self) -> bool:
+        """If this variable is `False` there is a newer version available."""
+        if self._uptodate is None:
+            return True
+        return self._uptodate()
+
+    @property
+    def debug_info(self) -> t.List[t.Tuple[int, int]]:
+        """The debug info mapping."""
+        if self._debug_info:
+            return [
+                tuple(map(int, x.split("=")))  # type: ignore
+                for x in self._debug_info.split("&")
+            ]
+
+        return []
+
+    def __repr__(self) -> str:
+        if self.name is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateModule:
+    """Represents an imported template.  All the exported names of the
+    template are available as attributes on this object.  Additionally
+    converting it into a string renders the contents.
+    """
+
+    def __init__(
+        self,
+        template: Template,
+        context: Context,
+        body_stream: t.Optional[t.Iterable[str]] = None,
+    ) -> None:
+        if body_stream is None:
+            if context.environment.is_async:
+                raise RuntimeError(
+                    "Async mode requires a body stream to be passed to"
+                    " a template module. Use the async methods of the"
+                    " API you are using."
+                )
+
+            body_stream = list(template.root_render_func(context))
+
+        self._body_stream = body_stream
+        self.__dict__.update(context.get_exported())
+        self.__name__ = template.name
+
+    def __html__(self) -> Markup:
+        return Markup(concat(self._body_stream))
+
+    def __str__(self) -> str:
+        return concat(self._body_stream)
+
+    def __repr__(self) -> str:
+        if self.__name__ is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.__name__)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateExpression:
+    """The :meth:`jinja2.Environment.compile_expression` method returns an
+    instance of this object.  It encapsulates the expression-like access
+    to the template with an expression it wraps.
+    """
+
+    def __init__(self, template: Template, undefined_to_none: bool) -> None:
+        self._template = template
+        self._undefined_to_none = undefined_to_none
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Optional[t.Any]:
+        context = self._template.new_context(dict(*args, **kwargs))
+        consume(self._template.root_render_func(context))
+        rv = context.vars["result"]
+        if self._undefined_to_none and isinstance(rv, Undefined):
+            rv = None
+        return rv
+
+
+class TemplateStream:
+    """A template stream works pretty much like an ordinary python generator
+    but it can buffer multiple items to reduce the number of total iterations.
+    Per default the output is unbuffered which means that for every unbuffered
+    instruction in the template one string is yielded.
+
+    If buffering is enabled with a buffer size of 5, five items are combined
+    into a new string.  This is mainly useful if you are streaming
+    big templates to a client via WSGI which flushes after each iteration.
+    """
+
+    def __init__(self, gen: t.Iterator[str]) -> None:
+        self._gen = gen
+        self.disable_buffering()
+
+    def dump(
+        self,
+        fp: t.Union[str, t.IO[bytes]],
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+    ) -> None:
+        """Dump the complete stream into a file or file-like object.
+        Per default strings are written, if you want to encode
+        before writing specify an `encoding`.
+
+        Example usage::
+
+            Template('Hello {{ name }}!').stream(name='foo').dump('hello.html')
+        """
+        close = False
+
+        if isinstance(fp, str):
+            if encoding is None:
+                encoding = "utf-8"
+
+            real_fp: t.IO[bytes] = open(fp, "wb")
+            close = True
+        else:
+            real_fp = fp
+
+        try:
+            if encoding is not None:
+                iterable = (x.encode(encoding, errors) for x in self)  # type: ignore
+            else:
+                iterable = self  # type: ignore
+
+            if hasattr(real_fp, "writelines"):
+                real_fp.writelines(iterable)
+            else:
+                for item in iterable:
+                    real_fp.write(item)
+        finally:
+            if close:
+                real_fp.close()
+
+    def disable_buffering(self) -> None:
+        """Disable the output buffering."""
+        self._next = partial(next, self._gen)
+        self.buffered = False
+
+    def _buffered_generator(self, size: int) -> t.Iterator[str]:
+        buf: t.List[str] = []
+        c_size = 0
+        push = buf.append
+
+        while True:
+            try:
+                while c_size < size:
+                    c = next(self._gen)
+                    push(c)
+                    if c:
+                        c_size += 1
+            except StopIteration:
+                if not c_size:
+                    return
+            yield concat(buf)
+            del buf[:]
+            c_size = 0
+
+    def enable_buffering(self, size: int = 5) -> None:
+        """Enable buffering.  Buffer `size` items before yielding them."""
+        if size <= 1:
+            raise ValueError("buffer size too small")
+
+        self.buffered = True
+        self._next = partial(next, self._buffered_generator(size))
+
+    def __iter__(self) -> "TemplateStream":
+        return self
+
+    def __next__(self) -> str:
+        return self._next()  # type: ignore
+
+
+# hook in default template class.  if anyone reads this comment: ignore that
+# it's possible to use custom templates ;-)
+Environment.template_class = Template
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/exceptions.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/exceptions.py
new file mode 100644
index 000000000..082ebe8f2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/exceptions.py
@@ -0,0 +1,166 @@
+import typing as t
+
+if t.TYPE_CHECKING:
+    from .runtime import Undefined
+
+
+class TemplateError(Exception):
+    """Baseclass for all template errors."""
+
+    def __init__(self, message: t.Optional[str] = None) -> None:
+        super().__init__(message)
+
+    @property
+    def message(self) -> t.Optional[str]:
+        return self.args[0] if self.args else None
+
+
+class TemplateNotFound(IOError, LookupError, TemplateError):
+    """Raised if a template does not exist.
+
+    .. versionchanged:: 2.11
+        If the given name is :class:`Undefined` and no message was
+        provided, an :exc:`UndefinedError` is raised.
+    """
+
+    # Silence the Python warning about message being deprecated since
+    # it's not valid here.
+    message: t.Optional[str] = None
+
+    def __init__(
+        self,
+        name: t.Optional[t.Union[str, "Undefined"]],
+        message: t.Optional[str] = None,
+    ) -> None:
+        IOError.__init__(self, name)
+
+        if message is None:
+            from .runtime import Undefined
+
+            if isinstance(name, Undefined):
+                name._fail_with_undefined_error()
+
+            message = name
+
+        self.message = message
+        self.name = name
+        self.templates = [name]
+
+    def __str__(self) -> str:
+        return str(self.message)
+
+
+class TemplatesNotFound(TemplateNotFound):
+    """Like :class:`TemplateNotFound` but raised if multiple templates
+    are selected.  This is a subclass of :class:`TemplateNotFound`
+    exception, so just catching the base exception will catch both.
+
+    .. versionchanged:: 2.11
+        If a name in the list of names is :class:`Undefined`, a message
+        about it being undefined is shown rather than the empty string.
+
+    .. versionadded:: 2.2
+    """
+
+    def __init__(
+        self,
+        names: t.Sequence[t.Union[str, "Undefined"]] = (),
+        message: t.Optional[str] = None,
+    ) -> None:
+        if message is None:
+            from .runtime import Undefined
+
+            parts = []
+
+            for name in names:
+                if isinstance(name, Undefined):
+                    parts.append(name._undefined_message)
+                else:
+                    parts.append(name)
+
+            parts_str = ", ".join(map(str, parts))
+            message = f"none of the templates given were found: {parts_str}"
+
+        super().__init__(names[-1] if names else None, message)
+        self.templates = list(names)
+
+
+class TemplateSyntaxError(TemplateError):
+    """Raised to tell the user that there is a problem with the template."""
+
+    def __init__(
+        self,
+        message: str,
+        lineno: int,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message)
+        self.lineno = lineno
+        self.name = name
+        self.filename = filename
+        self.source: t.Optional[str] = None
+
+        # this is set to True if the debug.translate_syntax_error
+        # function translated the syntax error into a new traceback
+        self.translated = False
+
+    def __str__(self) -> str:
+        # for translated errors we only return the message
+        if self.translated:
+            return t.cast(str, self.message)
+
+        # otherwise attach some stuff
+        location = f"line {self.lineno}"
+        name = self.filename or self.name
+        if name:
+            location = f'File "{name}", {location}'
+        lines = [t.cast(str, self.message), "  " + location]
+
+        # if the source is set, add the line to the output
+        if self.source is not None:
+            try:
+                line = self.source.splitlines()[self.lineno - 1]
+            except IndexError:
+                pass
+            else:
+                lines.append("    " + line.strip())
+
+        return "\n".join(lines)
+
+    def __reduce__(self):  # type: ignore
+        # https://bugs.python.org/issue1692335 Exceptions that take
+        # multiple required arguments have problems with pickling.
+        # Without this, raises TypeError: __init__() missing 1 required
+        # positional argument: 'lineno'
+        return self.__class__, (self.message, self.lineno, self.name, self.filename)
+
+
+class TemplateAssertionError(TemplateSyntaxError):
+    """Like a template syntax error, but covers cases where something in the
+    template caused an error at compile time that wasn't necessarily caused
+    by a syntax error.  However it's a direct subclass of
+    :exc:`TemplateSyntaxError` and has the same attributes.
+    """
+
+
+class TemplateRuntimeError(TemplateError):
+    """A generic runtime error in the template engine.  Under some situations
+    Jinja may raise this exception.
+    """
+
+
+class UndefinedError(TemplateRuntimeError):
+    """Raised if a template tries to operate on :class:`Undefined`."""
+
+
+class SecurityError(TemplateRuntimeError):
+    """Raised if a template tries to do something insecure if the
+    sandbox is enabled.
+    """
+
+
+class FilterArgumentError(TemplateRuntimeError):
+    """This error is raised if a filter was called with inappropriate
+    arguments
+    """
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/ext.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/ext.py
new file mode 100644
index 000000000..8d0810cd4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/ext.py
@@ -0,0 +1,870 @@
+"""Extension API for adding custom tags and behavior."""
+
+import pprint
+import re
+import typing as t
+
+from markupsafe import Markup
+
+from . import defaults
+from . import nodes
+from .environment import Environment
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .runtime import concat  # type: ignore
+from .runtime import Context
+from .runtime import Undefined
+from .utils import import_string
+from .utils import pass_context
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .lexer import Token
+    from .lexer import TokenStream
+    from .parser import Parser
+
+    class _TranslationsBasic(te.Protocol):
+        def gettext(self, message: str) -> str: ...
+
+        def ngettext(self, singular: str, plural: str, n: int) -> str:
+            pass
+
+    class _TranslationsContext(_TranslationsBasic):
+        def pgettext(self, context: str, message: str) -> str: ...
+
+        def npgettext(
+            self, context: str, singular: str, plural: str, n: int
+        ) -> str: ...
+
+    _SupportedTranslations = t.Union[_TranslationsBasic, _TranslationsContext]
+
+
+# I18N functions available in Jinja templates. If the I18N library
+# provides ugettext, it will be assigned to gettext.
+GETTEXT_FUNCTIONS: t.Tuple[str, ...] = (
+    "_",
+    "gettext",
+    "ngettext",
+    "pgettext",
+    "npgettext",
+)
+_ws_re = re.compile(r"\s*\n\s*")
+
+
+class Extension:
+    """Extensions can be used to add extra functionality to the Jinja template
+    system at the parser level.  Custom extensions are bound to an environment
+    but may not store environment specific data on `self`.  The reason for
+    this is that an extension can be bound to another environment (for
+    overlays) by creating a copy and reassigning the `environment` attribute.
+
+    As extensions are created by the environment they cannot accept any
+    arguments for configuration.  One may want to work around that by using
+    a factory function, but that is not possible as extensions are identified
+    by their import name.  The correct way to configure the extension is
+    storing the configuration values on the environment.  Because this way the
+    environment ends up acting as central configuration storage the
+    attributes may clash which is why extensions have to ensure that the names
+    they choose for configuration are not too generic.  ``prefix`` for example
+    is a terrible name, ``fragment_cache_prefix`` on the other hand is a good
+    name as includes the name of the extension (fragment cache).
+    """
+
+    identifier: t.ClassVar[str]
+
+    def __init_subclass__(cls) -> None:
+        cls.identifier = f"{cls.__module__}.{cls.__name__}"
+
+    #: if this extension parses this is the list of tags it's listening to.
+    tags: t.Set[str] = set()
+
+    #: the priority of that extension.  This is especially useful for
+    #: extensions that preprocess values.  A lower value means higher
+    #: priority.
+    #:
+    #: .. versionadded:: 2.4
+    priority = 100
+
+    def __init__(self, environment: Environment) -> None:
+        self.environment = environment
+
+    def bind(self, environment: Environment) -> "Extension":
+        """Create a copy of this extension bound to another environment."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.environment = environment
+        return rv
+
+    def preprocess(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str] = None
+    ) -> str:
+        """This method is called before the actual lexing and can be used to
+        preprocess the source.  The `filename` is optional.  The return value
+        must be the preprocessed source.
+        """
+        return source
+
+    def filter_stream(
+        self, stream: "TokenStream"
+    ) -> t.Union["TokenStream", t.Iterable["Token"]]:
+        """It's passed a :class:`~jinja2.lexer.TokenStream` that can be used
+        to filter tokens returned.  This method has to return an iterable of
+        :class:`~jinja2.lexer.Token`\\s, but it doesn't have to return a
+        :class:`~jinja2.lexer.TokenStream`.
+        """
+        return stream
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """If any of the :attr:`tags` matched this method is called with the
+        parser as first argument.  The token the parser stream is pointing at
+        is the name token that matched.  This method has to return one or a
+        list of multiple nodes.
+        """
+        raise NotImplementedError()
+
+    def attr(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> nodes.ExtensionAttribute:
+        """Return an attribute node for the current extension.  This is useful
+        to pass constants on extensions to generated template code.
+
+        ::
+
+            self.attr('_my_attribute', lineno=lineno)
+        """
+        return nodes.ExtensionAttribute(self.identifier, name, lineno=lineno)
+
+    def call_method(
+        self,
+        name: str,
+        args: t.Optional[t.List[nodes.Expr]] = None,
+        kwargs: t.Optional[t.List[nodes.Keyword]] = None,
+        dyn_args: t.Optional[nodes.Expr] = None,
+        dyn_kwargs: t.Optional[nodes.Expr] = None,
+        lineno: t.Optional[int] = None,
+    ) -> nodes.Call:
+        """Call a method of the extension.  This is a shortcut for
+        :meth:`attr` + :class:`jinja2.nodes.Call`.
+        """
+        if args is None:
+            args = []
+        if kwargs is None:
+            kwargs = []
+        return nodes.Call(
+            self.attr(name, lineno=lineno),
+            args,
+            kwargs,
+            dyn_args,
+            dyn_kwargs,
+            lineno=lineno,
+        )
+
+
+@pass_context
+def _gettext_alias(
+    __context: Context, *args: t.Any, **kwargs: t.Any
+) -> t.Union[t.Any, Undefined]:
+    return __context.call(__context.resolve("gettext"), *args, **kwargs)
+
+
+def _make_new_gettext(func: t.Callable[[str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def gettext(__context: Context, __string: str, **variables: t.Any) -> str:
+        rv = __context.call(func, __string)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, even if there are no
+        # variables. This makes translation strings more consistent
+        # and predictable. This requires escaping
+        return rv % variables  # type: ignore
+
+    return gettext
+
+
+def _make_new_ngettext(func: t.Callable[[str, str, int], str]) -> t.Callable[..., str]:
+    @pass_context
+    def ngettext(
+        __context: Context,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __singular, __plural, __num)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return ngettext
+
+
+def _make_new_pgettext(func: t.Callable[[str, str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def pgettext(
+        __context: Context, __string_ctx: str, __string: str, **variables: t.Any
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        rv = __context.call(func, __string_ctx, __string)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return pgettext
+
+
+def _make_new_npgettext(
+    func: t.Callable[[str, str, str, int], str],
+) -> t.Callable[..., str]:
+    @pass_context
+    def npgettext(
+        __context: Context,
+        __string_ctx: str,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __string_ctx, __singular, __plural, __num)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return npgettext
+
+
+class InternationalizationExtension(Extension):
+    """This extension adds gettext support to Jinja."""
+
+    tags = {"trans"}
+
+    # TODO: the i18n extension is currently reevaluating values in a few
+    # situations.  Take this example:
+    #   {% trans count=something() %}{{ count }} foo{% pluralize
+    #     %}{{ count }} fooss{% endtrans %}
+    # something is called twice here.  One time for the gettext value and
+    # the other time for the n-parameter of the ngettext function.
+
+    def __init__(self, environment: Environment) -> None:
+        super().__init__(environment)
+        environment.globals["_"] = _gettext_alias
+        environment.extend(
+            install_gettext_translations=self._install,
+            install_null_translations=self._install_null,
+            install_gettext_callables=self._install_callables,
+            uninstall_gettext_translations=self._uninstall,
+            extract_translations=self._extract,
+            newstyle_gettext=False,
+        )
+
+    def _install(
+        self, translations: "_SupportedTranslations", newstyle: t.Optional[bool] = None
+    ) -> None:
+        # ugettext and ungettext are preferred in case the I18N library
+        # is providing compatibility with older Python versions.
+        gettext = getattr(translations, "ugettext", None)
+        if gettext is None:
+            gettext = translations.gettext
+        ngettext = getattr(translations, "ungettext", None)
+        if ngettext is None:
+            ngettext = translations.ngettext
+
+        pgettext = getattr(translations, "pgettext", None)
+        npgettext = getattr(translations, "npgettext", None)
+        self._install_callables(
+            gettext, ngettext, newstyle=newstyle, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _install_null(self, newstyle: t.Optional[bool] = None) -> None:
+        import gettext
+
+        translations = gettext.NullTranslations()
+
+        if hasattr(translations, "pgettext"):
+            # Python < 3.8
+            pgettext = translations.pgettext
+        else:
+
+            def pgettext(c: str, s: str) -> str:  # type: ignore[misc]
+                return s
+
+        if hasattr(translations, "npgettext"):
+            npgettext = translations.npgettext
+        else:
+
+            def npgettext(c: str, s: str, p: str, n: int) -> str:  # type: ignore[misc]
+                return s if n == 1 else p
+
+        self._install_callables(
+            gettext=translations.gettext,
+            ngettext=translations.ngettext,
+            newstyle=newstyle,
+            pgettext=pgettext,
+            npgettext=npgettext,
+        )
+
+    def _install_callables(
+        self,
+        gettext: t.Callable[[str], str],
+        ngettext: t.Callable[[str, str, int], str],
+        newstyle: t.Optional[bool] = None,
+        pgettext: t.Optional[t.Callable[[str, str], str]] = None,
+        npgettext: t.Optional[t.Callable[[str, str, str, int], str]] = None,
+    ) -> None:
+        if newstyle is not None:
+            self.environment.newstyle_gettext = newstyle  # type: ignore
+        if self.environment.newstyle_gettext:  # type: ignore
+            gettext = _make_new_gettext(gettext)
+            ngettext = _make_new_ngettext(ngettext)
+
+            if pgettext is not None:
+                pgettext = _make_new_pgettext(pgettext)
+
+            if npgettext is not None:
+                npgettext = _make_new_npgettext(npgettext)
+
+        self.environment.globals.update(
+            gettext=gettext, ngettext=ngettext, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _uninstall(self, translations: "_SupportedTranslations") -> None:
+        for key in ("gettext", "ngettext", "pgettext", "npgettext"):
+            self.environment.globals.pop(key, None)
+
+    def _extract(
+        self,
+        source: t.Union[str, nodes.Template],
+        gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    ) -> t.Iterator[
+        t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+    ]:
+        if isinstance(source, str):
+            source = self.environment.parse(source)
+        return extract_from_ast(source, gettext_functions)
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a translatable tag."""
+        lineno = next(parser.stream).lineno
+
+        context = None
+        context_token = parser.stream.next_if("string")
+
+        if context_token is not None:
+            context = context_token.value
+
+        # find all the variables referenced.  Additionally a variable can be
+        # defined in the body of the trans block too, but this is checked at
+        # a later state.
+        plural_expr: t.Optional[nodes.Expr] = None
+        plural_expr_assignment: t.Optional[nodes.Assign] = None
+        num_called_num = False
+        variables: t.Dict[str, nodes.Expr] = {}
+        trimmed = None
+        while parser.stream.current.type != "block_end":
+            if variables:
+                parser.stream.expect("comma")
+
+            # skip colon for python compatibility
+            if parser.stream.skip_if("colon"):
+                break
+
+            token = parser.stream.expect("name")
+            if token.value in variables:
+                parser.fail(
+                    f"translatable variable {token.value!r} defined twice.",
+                    token.lineno,
+                    exc=TemplateAssertionError,
+                )
+
+            # expressions
+            if parser.stream.current.type == "assign":
+                next(parser.stream)
+                variables[token.value] = var = parser.parse_expression()
+            elif trimmed is None and token.value in ("trimmed", "notrimmed"):
+                trimmed = token.value == "trimmed"
+                continue
+            else:
+                variables[token.value] = var = nodes.Name(token.value, "load")
+
+            if plural_expr is None:
+                if isinstance(var, nodes.Call):
+                    plural_expr = nodes.Name("_trans", "load")
+                    variables[token.value] = plural_expr
+                    plural_expr_assignment = nodes.Assign(
+                        nodes.Name("_trans", "store"), var
+                    )
+                else:
+                    plural_expr = var
+                num_called_num = token.value == "num"
+
+        parser.stream.expect("block_end")
+
+        plural = None
+        have_plural = False
+        referenced = set()
+
+        # now parse until endtrans or pluralize
+        singular_names, singular = self._parse_block(parser, True)
+        if singular_names:
+            referenced.update(singular_names)
+            if plural_expr is None:
+                plural_expr = nodes.Name(singular_names[0], "load")
+                num_called_num = singular_names[0] == "num"
+
+        # if we have a pluralize block, we parse that too
+        if parser.stream.current.test("name:pluralize"):
+            have_plural = True
+            next(parser.stream)
+            if parser.stream.current.type != "block_end":
+                token = parser.stream.expect("name")
+                if token.value not in variables:
+                    parser.fail(
+                        f"unknown variable {token.value!r} for pluralization",
+                        token.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                plural_expr = variables[token.value]
+                num_called_num = token.value == "num"
+            parser.stream.expect("block_end")
+            plural_names, plural = self._parse_block(parser, False)
+            next(parser.stream)
+            referenced.update(plural_names)
+        else:
+            next(parser.stream)
+
+        # register free names as simple name expressions
+        for name in referenced:
+            if name not in variables:
+                variables[name] = nodes.Name(name, "load")
+
+        if not have_plural:
+            plural_expr = None
+        elif plural_expr is None:
+            parser.fail("pluralize without variables", lineno)
+
+        if trimmed is None:
+            trimmed = self.environment.policies["ext.i18n.trimmed"]
+        if trimmed:
+            singular = self._trim_whitespace(singular)
+            if plural:
+                plural = self._trim_whitespace(plural)
+
+        node = self._make_node(
+            singular,
+            plural,
+            context,
+            variables,
+            plural_expr,
+            bool(referenced),
+            num_called_num and have_plural,
+        )
+        node.set_lineno(lineno)
+        if plural_expr_assignment is not None:
+            return [plural_expr_assignment, node]
+        else:
+            return node
+
+    def _trim_whitespace(self, string: str, _ws_re: t.Pattern[str] = _ws_re) -> str:
+        return _ws_re.sub(" ", string.strip())
+
+    def _parse_block(
+        self, parser: "Parser", allow_pluralize: bool
+    ) -> t.Tuple[t.List[str], str]:
+        """Parse until the next block tag with a given name."""
+        referenced = []
+        buf = []
+
+        while True:
+            if parser.stream.current.type == "data":
+                buf.append(parser.stream.current.value.replace("%", "%%"))
+                next(parser.stream)
+            elif parser.stream.current.type == "variable_begin":
+                next(parser.stream)
+                name = parser.stream.expect("name").value
+                referenced.append(name)
+                buf.append(f"%({name})s")
+                parser.stream.expect("variable_end")
+            elif parser.stream.current.type == "block_begin":
+                next(parser.stream)
+                block_name = (
+                    parser.stream.current.value
+                    if parser.stream.current.type == "name"
+                    else None
+                )
+                if block_name == "endtrans":
+                    break
+                elif block_name == "pluralize":
+                    if allow_pluralize:
+                        break
+                    parser.fail(
+                        "a translatable section can have only one pluralize section"
+                    )
+                elif block_name == "trans":
+                    parser.fail(
+                        "trans blocks can't be nested; did you mean `endtrans`?"
+                    )
+                parser.fail(
+                    f"control structures in translatable sections are not allowed; "
+                    f"saw `{block_name}`"
+                )
+            elif parser.stream.eos:
+                parser.fail("unclosed translation block")
+            else:
+                raise RuntimeError("internal parser error")
+
+        return referenced, concat(buf)
+
+    def _make_node(
+        self,
+        singular: str,
+        plural: t.Optional[str],
+        context: t.Optional[str],
+        variables: t.Dict[str, nodes.Expr],
+        plural_expr: t.Optional[nodes.Expr],
+        vars_referenced: bool,
+        num_called_num: bool,
+    ) -> nodes.Output:
+        """Generates a useful node from the data provided."""
+        newstyle = self.environment.newstyle_gettext  # type: ignore
+        node: nodes.Expr
+
+        # no variables referenced?  no need to escape for old style
+        # gettext invocations only if there are vars.
+        if not vars_referenced and not newstyle:
+            singular = singular.replace("%%", "%")
+            if plural:
+                plural = plural.replace("%%", "%")
+
+        func_name = "gettext"
+        func_args: t.List[nodes.Expr] = [nodes.Const(singular)]
+
+        if context is not None:
+            func_args.insert(0, nodes.Const(context))
+            func_name = f"p{func_name}"
+
+        if plural_expr is not None:
+            func_name = f"n{func_name}"
+            func_args.extend((nodes.Const(plural), plural_expr))
+
+        node = nodes.Call(nodes.Name(func_name, "load"), func_args, [], None, None)
+
+        # in case newstyle gettext is used, the method is powerful
+        # enough to handle the variable expansion and autoescape
+        # handling itself
+        if newstyle:
+            for key, value in variables.items():
+                # the function adds that later anyways in case num was
+                # called num, so just skip it.
+                if num_called_num and key == "num":
+                    continue
+                node.kwargs.append(nodes.Keyword(key, value))
+
+        # otherwise do that here
+        else:
+            # mark the return value as safe if we are in an
+            # environment with autoescaping turned on
+            node = nodes.MarkSafeIfAutoescape(node)
+            if variables:
+                node = nodes.Mod(
+                    node,
+                    nodes.Dict(
+                        [
+                            nodes.Pair(nodes.Const(key), value)
+                            for key, value in variables.items()
+                        ]
+                    ),
+                )
+        return nodes.Output([node])
+
+
+class ExprStmtExtension(Extension):
+    """Adds a `do` tag to Jinja that works like the print statement just
+    that it doesn't print the return value.
+    """
+
+    tags = {"do"}
+
+    def parse(self, parser: "Parser") -> nodes.ExprStmt:
+        node = nodes.ExprStmt(lineno=next(parser.stream).lineno)
+        node.node = parser.parse_tuple()
+        return node
+
+
+class LoopControlExtension(Extension):
+    """Adds break and continue to the template engine."""
+
+    tags = {"break", "continue"}
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Break, nodes.Continue]:
+        token = next(parser.stream)
+        if token.value == "break":
+            return nodes.Break(lineno=token.lineno)
+        return nodes.Continue(lineno=token.lineno)
+
+
+class DebugExtension(Extension):
+    """A ``{% debug %}`` tag that dumps the available variables,
+    filters, and tests.
+
+    .. code-block:: html+jinja
+
+        <pre>{% debug %}</pre>
+
+    .. code-block:: text
+
+        {'context': {'cycler': <class 'jinja2.utils.Cycler'>,
+                     ...,
+                     'namespace': <class 'jinja2.utils.Namespace'>},
+         'filters': ['abs', 'attr', 'batch', 'capitalize', 'center', 'count', 'd',
+                     ..., 'urlencode', 'urlize', 'wordcount', 'wordwrap', 'xmlattr'],
+         'tests': ['!=', '<', '<=', '==', '>', '>=', 'callable', 'defined',
+                   ..., 'odd', 'sameas', 'sequence', 'string', 'undefined', 'upper']}
+
+    .. versionadded:: 2.11.0
+    """
+
+    tags = {"debug"}
+
+    def parse(self, parser: "Parser") -> nodes.Output:
+        lineno = parser.stream.expect("name:debug").lineno
+        context = nodes.ContextReference()
+        result = self.call_method("_render", [context], lineno=lineno)
+        return nodes.Output([result], lineno=lineno)
+
+    def _render(self, context: Context) -> str:
+        result = {
+            "context": context.get_all(),
+            "filters": sorted(self.environment.filters.keys()),
+            "tests": sorted(self.environment.tests.keys()),
+        }
+
+        # Set the depth since the intent is to show the top few names.
+        return pprint.pformat(result, depth=3, compact=True)
+
+
+def extract_from_ast(
+    ast: nodes.Template,
+    gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    babel_style: bool = True,
+) -> t.Iterator[
+    t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+]:
+    """Extract localizable strings from the given template node.  Per
+    default this function returns matches in babel style that means non string
+    parameters as well as keyword arguments are returned as `None`.  This
+    allows Babel to figure out what you really meant if you are using
+    gettext functions that allow keyword arguments for placeholder expansion.
+    If you don't want that behavior set the `babel_style` parameter to `False`
+    which causes only strings to be returned and parameters are always stored
+    in tuples.  As a consequence invalid gettext calls (calls without a single
+    string parameter or string parameters after non-string parameters) are
+    skipped.
+
+    This example explains the behavior:
+
+    >>> from jinja2 import Environment
+    >>> env = Environment()
+    >>> node = env.parse('{{ (_("foo"), _(), ngettext("foo", "bar", 42)) }}')
+    >>> list(extract_from_ast(node))
+    [(1, '_', 'foo'), (1, '_', ()), (1, 'ngettext', ('foo', 'bar', None))]
+    >>> list(extract_from_ast(node, babel_style=False))
+    [(1, '_', ('foo',)), (1, 'ngettext', ('foo', 'bar'))]
+
+    For every string found this function yields a ``(lineno, function,
+    message)`` tuple, where:
+
+    * ``lineno`` is the number of the line on which the string was found,
+    * ``function`` is the name of the ``gettext`` function used (if the
+      string was extracted from embedded Python code), and
+    *   ``message`` is the string, or a tuple of strings for functions
+         with multiple string arguments.
+
+    This extraction function operates on the AST and is because of that unable
+    to extract any comments.  For comment support you have to use the babel
+    extraction interface or extract comments yourself.
+    """
+    out: t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]
+
+    for node in ast.find_all(nodes.Call):
+        if (
+            not isinstance(node.node, nodes.Name)
+            or node.node.name not in gettext_functions
+        ):
+            continue
+
+        strings: t.List[t.Optional[str]] = []
+
+        for arg in node.args:
+            if isinstance(arg, nodes.Const) and isinstance(arg.value, str):
+                strings.append(arg.value)
+            else:
+                strings.append(None)
+
+        for _ in node.kwargs:
+            strings.append(None)
+        if node.dyn_args is not None:
+            strings.append(None)
+        if node.dyn_kwargs is not None:
+            strings.append(None)
+
+        if not babel_style:
+            out = tuple(x for x in strings if x is not None)
+
+            if not out:
+                continue
+        else:
+            if len(strings) == 1:
+                out = strings[0]
+            else:
+                out = tuple(strings)
+
+        yield node.lineno, node.node.name, out
+
+
+class _CommentFinder:
+    """Helper class to find comments in a token stream.  Can only
+    find comments for gettext calls forwards.  Once the comment
+    from line 4 is found, a comment for line 1 will not return a
+    usable value.
+    """
+
+    def __init__(
+        self, tokens: t.Sequence[t.Tuple[int, str, str]], comment_tags: t.Sequence[str]
+    ) -> None:
+        self.tokens = tokens
+        self.comment_tags = comment_tags
+        self.offset = 0
+        self.last_lineno = 0
+
+    def find_backwards(self, offset: int) -> t.List[str]:
+        try:
+            for _, token_type, token_value in reversed(
+                self.tokens[self.offset : offset]
+            ):
+                if token_type in ("comment", "linecomment"):
+                    try:
+                        prefix, comment = token_value.split(None, 1)
+                    except ValueError:
+                        continue
+                    if prefix in self.comment_tags:
+                        return [comment.rstrip()]
+            return []
+        finally:
+            self.offset = offset
+
+    def find_comments(self, lineno: int) -> t.List[str]:
+        if not self.comment_tags or self.last_lineno > lineno:
+            return []
+        for idx, (token_lineno, _, _) in enumerate(self.tokens[self.offset :]):
+            if token_lineno > lineno:
+                return self.find_backwards(self.offset + idx)
+        return self.find_backwards(len(self.tokens))
+
+
+def babel_extract(
+    fileobj: t.BinaryIO,
+    keywords: t.Sequence[str],
+    comment_tags: t.Sequence[str],
+    options: t.Dict[str, t.Any],
+) -> t.Iterator[
+    t.Tuple[
+        int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]], t.List[str]
+    ]
+]:
+    """Babel extraction method for Jinja templates.
+
+    .. versionchanged:: 2.3
+       Basic support for translation comments was added.  If `comment_tags`
+       is now set to a list of keywords for extraction, the extractor will
+       try to find the best preceding comment that begins with one of the
+       keywords.  For best results, make sure to not have more than one
+       gettext call in one line of code and the matching comment in the
+       same line or the line before.
+
+    .. versionchanged:: 2.5.1
+       The `newstyle_gettext` flag can be set to `True` to enable newstyle
+       gettext calls.
+
+    .. versionchanged:: 2.7
+       A `silent` option can now be provided.  If set to `False` template
+       syntax errors are propagated instead of being ignored.
+
+    :param fileobj: the file-like object the messages should be extracted from
+    :param keywords: a list of keywords (i.e. function names) that should be
+                     recognized as translation functions
+    :param comment_tags: a list of translator tags to search for and include
+                         in the results.
+    :param options: a dictionary of additional options (optional)
+    :return: an iterator over ``(lineno, funcname, message, comments)`` tuples.
+             (comments will be empty currently)
+    """
+    extensions: t.Dict[t.Type[Extension], None] = {}
+
+    for extension_name in options.get("extensions", "").split(","):
+        extension_name = extension_name.strip()
+
+        if not extension_name:
+            continue
+
+        extensions[import_string(extension_name)] = None
+
+    if InternationalizationExtension not in extensions:
+        extensions[InternationalizationExtension] = None
+
+    def getbool(options: t.Mapping[str, str], key: str, default: bool = False) -> bool:
+        return options.get(key, str(default)).lower() in {"1", "on", "yes", "true"}
+
+    silent = getbool(options, "silent", True)
+    environment = Environment(
+        options.get("block_start_string", defaults.BLOCK_START_STRING),
+        options.get("block_end_string", defaults.BLOCK_END_STRING),
+        options.get("variable_start_string", defaults.VARIABLE_START_STRING),
+        options.get("variable_end_string", defaults.VARIABLE_END_STRING),
+        options.get("comment_start_string", defaults.COMMENT_START_STRING),
+        options.get("comment_end_string", defaults.COMMENT_END_STRING),
+        options.get("line_statement_prefix") or defaults.LINE_STATEMENT_PREFIX,
+        options.get("line_comment_prefix") or defaults.LINE_COMMENT_PREFIX,
+        getbool(options, "trim_blocks", defaults.TRIM_BLOCKS),
+        getbool(options, "lstrip_blocks", defaults.LSTRIP_BLOCKS),
+        defaults.NEWLINE_SEQUENCE,
+        getbool(options, "keep_trailing_newline", defaults.KEEP_TRAILING_NEWLINE),
+        tuple(extensions),
+        cache_size=0,
+        auto_reload=False,
+    )
+
+    if getbool(options, "trimmed"):
+        environment.policies["ext.i18n.trimmed"] = True
+    if getbool(options, "newstyle_gettext"):
+        environment.newstyle_gettext = True  # type: ignore
+
+    source = fileobj.read().decode(options.get("encoding", "utf-8"))
+    try:
+        node = environment.parse(source)
+        tokens = list(environment.lex(environment.preprocess(source)))
+    except TemplateSyntaxError:
+        if not silent:
+            raise
+        # skip templates with syntax errors
+        return
+
+    finder = _CommentFinder(tokens, comment_tags)
+    for lineno, func, message in extract_from_ast(node, keywords):
+        yield lineno, func, message, finder.find_comments(lineno)
+
+
+#: nicer import names
+i18n = InternationalizationExtension
+do = ExprStmtExtension
+loopcontrols = LoopControlExtension
+debug = DebugExtension
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/filters.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/filters.py
new file mode 100644
index 000000000..acd11976e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/filters.py
@@ -0,0 +1,1866 @@
+"""Built-in template filters used with the ``|`` operator."""
+
+import math
+import random
+import re
+import typing
+import typing as t
+from collections import abc
+from itertools import chain
+from itertools import groupby
+
+from markupsafe import escape
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import async_variant
+from .async_utils import auto_aiter
+from .async_utils import auto_await
+from .async_utils import auto_to_list
+from .exceptions import FilterArgumentError
+from .runtime import Undefined
+from .utils import htmlsafe_json_dumps
+from .utils import pass_context
+from .utils import pass_environment
+from .utils import pass_eval_context
+from .utils import pformat
+from .utils import url_quote
+from .utils import urlize
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+    from .nodes import EvalContext
+    from .runtime import Context
+    from .sandbox import SandboxedEnvironment  # noqa: F401
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+K = t.TypeVar("K")
+V = t.TypeVar("V")
+
+
+def ignore_case(value: V) -> V:
+    """For use as a postprocessor for :func:`make_attrgetter`. Converts strings
+    to lowercase and returns other types as-is."""
+    if isinstance(value, str):
+        return t.cast(V, value.lower())
+
+    return value
+
+
+def make_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+    default: t.Optional[t.Any] = None,
+) -> t.Callable[[t.Any], t.Any]:
+    """Returns a callable that looks up the given attribute from a
+    passed object with the rules of the environment.  Dots are allowed
+    to access attributes of attributes.  Integer parts in paths are
+    looked up as integers.
+    """
+    parts = _prepare_attribute_parts(attribute)
+
+    def attrgetter(item: t.Any) -> t.Any:
+        for part in parts:
+            item = environment.getitem(item, part)
+
+            if default is not None and isinstance(item, Undefined):
+                item = default
+
+        if postprocess is not None:
+            item = postprocess(item)
+
+        return item
+
+    return attrgetter
+
+
+def make_multi_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+) -> t.Callable[[t.Any], t.List[t.Any]]:
+    """Returns a callable that looks up the given comma separated
+    attributes from a passed object with the rules of the environment.
+    Dots are allowed to access attributes of each attribute.  Integer
+    parts in paths are looked up as integers.
+
+    The value returned by the returned callable is a list of extracted
+    attribute values.
+
+    Examples of attribute: "attr1,attr2", "attr1.inner1.0,attr2.inner2.0", etc.
+    """
+    if isinstance(attribute, str):
+        split: t.Sequence[t.Union[str, int, None]] = attribute.split(",")
+    else:
+        split = [attribute]
+
+    parts = [_prepare_attribute_parts(item) for item in split]
+
+    def attrgetter(item: t.Any) -> t.List[t.Any]:
+        items = [None] * len(parts)
+
+        for i, attribute_part in enumerate(parts):
+            item_i = item
+
+            for part in attribute_part:
+                item_i = environment.getitem(item_i, part)
+
+            if postprocess is not None:
+                item_i = postprocess(item_i)
+
+            items[i] = item_i
+
+        return items
+
+    return attrgetter
+
+
+def _prepare_attribute_parts(
+    attr: t.Optional[t.Union[str, int]],
+) -> t.List[t.Union[str, int]]:
+    if attr is None:
+        return []
+
+    if isinstance(attr, str):
+        return [int(x) if x.isdigit() else x for x in attr.split(".")]
+
+    return [attr]
+
+
+def do_forceescape(value: "t.Union[str, HasHTML]") -> Markup:
+    """Enforce HTML escaping.  This will probably double escape variables."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return escape(str(value))
+
+
+def do_urlencode(
+    value: t.Union[str, t.Mapping[str, t.Any], t.Iterable[t.Tuple[str, t.Any]]],
+) -> str:
+    """Quote data for use in a URL path or query using UTF-8.
+
+    Basic wrapper around :func:`urllib.parse.quote` when given a
+    string, or :func:`urllib.parse.urlencode` for a dict or iterable.
+
+    :param value: Data to quote. A string will be quoted directly. A
+        dict or iterable of ``(key, value)`` pairs will be joined as a
+        query string.
+
+    When given a string, "/" is not quoted. HTTP servers treat "/" and
+    "%2F" equivalently in paths. If you need quoted slashes, use the
+    ``|replace("/", "%2F")`` filter.
+
+    .. versionadded:: 2.7
+    """
+    if isinstance(value, str) or not isinstance(value, abc.Iterable):
+        return url_quote(value)
+
+    if isinstance(value, dict):
+        items: t.Iterable[t.Tuple[str, t.Any]] = value.items()
+    else:
+        items = value  # type: ignore
+
+    return "&".join(
+        f"{url_quote(k, for_qs=True)}={url_quote(v, for_qs=True)}" for k, v in items
+    )
+
+
+@pass_eval_context
+def do_replace(
+    eval_ctx: "EvalContext", s: str, old: str, new: str, count: t.Optional[int] = None
+) -> str:
+    """Return a copy of the value with all occurrences of a substring
+    replaced with a new one. The first argument is the substring
+    that should be replaced, the second is the replacement string.
+    If the optional third argument ``count`` is given, only the first
+    ``count`` occurrences are replaced:
+
+    .. sourcecode:: jinja
+
+        {{ "Hello World"|replace("Hello", "Goodbye") }}
+            -> Goodbye World
+
+        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
+            -> d'oh, d'oh, aaargh
+    """
+    if count is None:
+        count = -1
+
+    if not eval_ctx.autoescape:
+        return str(s).replace(str(old), str(new), count)
+
+    if (
+        hasattr(old, "__html__")
+        or hasattr(new, "__html__")
+        and not hasattr(s, "__html__")
+    ):
+        s = escape(s)
+    else:
+        s = soft_str(s)
+
+    return s.replace(soft_str(old), soft_str(new), count)
+
+
+def do_upper(s: str) -> str:
+    """Convert a value to uppercase."""
+    return soft_str(s).upper()
+
+
+def do_lower(s: str) -> str:
+    """Convert a value to lowercase."""
+    return soft_str(s).lower()
+
+
+def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K, V]]:
+    """Return an iterator over the ``(key, value)`` items of a mapping.
+
+    ``x|items`` is the same as ``x.items()``, except if ``x`` is
+    undefined an empty iterator is returned.
+
+    This filter is useful if you expect the template to be rendered with
+    an implementation of Jinja in another programming language that does
+    not have a ``.items()`` method on its mapping type.
+
+    .. code-block:: html+jinja
+
+        <dl>
+        {% for key, value in my_dict|items %}
+            <dt>{{ key }}
+            <dd>{{ value }}
+        {% endfor %}
+        </dl>
+
+    .. versionadded:: 3.1
+    """
+    if isinstance(value, Undefined):
+        return
+
+    if not isinstance(value, abc.Mapping):
+        raise TypeError("Can only get item pairs from a mapping.")
+
+    yield from value.items()
+
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+
+
+@pass_eval_context
+def do_xmlattr(
+    eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
+) -> str:
+    """Create an SGML/XML attribute string based on the items in a dict.
+
+    **Values** that are neither ``none`` nor ``undefined`` are automatically
+    escaped, safely allowing untrusted user input.
+
+    User input should not be used as **keys** to this filter. If any key
+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+    sign, this fails with a ``ValueError``. Regardless of this, user input
+    should never be used as keys to this filter, or must be separately validated
+    first.
+
+    .. sourcecode:: html+jinja
+
+        <ul{{ {'class': 'my_list', 'missing': none,
+                'id': 'list-%d'|format(variable)}|xmlattr }}>
+        ...
+        </ul>
+
+    Results in something like this:
+
+    .. sourcecode:: html
+
+        <ul class="my_list" id="list-42">
+        ...
+        </ul>
+
+    As you can see it automatically prepends a space in front of the item
+    if the filter returned something unless the second parameter is false.
+
+    .. versionchanged:: 3.1.4
+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+        are not allowed.
+
+    .. versionchanged:: 3.1.3
+        Keys with spaces are not allowed.
+    """
+    items = []
+
+    for key, value in d.items():
+        if value is None or isinstance(value, Undefined):
+            continue
+
+        if _attr_key_re.search(key) is not None:
+            raise ValueError(f"Invalid character in attribute name: {key!r}")
+
+        items.append(f'{escape(key)}="{escape(value)}"')
+
+    rv = " ".join(items)
+
+    if autospace and rv:
+        rv = " " + rv
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_capitalize(s: str) -> str:
+    """Capitalize a value. The first character will be uppercase, all others
+    lowercase.
+    """
+    return soft_str(s).capitalize()
+
+
+_word_beginning_split_re = re.compile(r"([-\s({\[<]+)")
+
+
+def do_title(s: str) -> str:
+    """Return a titlecased version of the value. I.e. words will start with
+    uppercase letters, all remaining characters are lowercase.
+    """
+    return "".join(
+        [
+            item[0].upper() + item[1:].lower()
+            for item in _word_beginning_split_re.split(soft_str(s))
+            if item
+        ]
+    )
+
+
+def do_dictsort(
+    value: t.Mapping[K, V],
+    case_sensitive: bool = False,
+    by: 'te.Literal["key", "value"]' = "key",
+    reverse: bool = False,
+) -> t.List[t.Tuple[K, V]]:
+    """Sort a dict and yield (key, value) pairs. Python dicts may not
+    be in the order you want to display them in, so sort them first.
+
+    .. sourcecode:: jinja
+
+        {% for key, value in mydict|dictsort %}
+            sort the dict by key, case insensitive
+
+        {% for key, value in mydict|dictsort(reverse=true) %}
+            sort the dict by key, case insensitive, reverse order
+
+        {% for key, value in mydict|dictsort(true) %}
+            sort the dict by key, case sensitive
+
+        {% for key, value in mydict|dictsort(false, 'value') %}
+            sort the dict by value, case insensitive
+    """
+    if by == "key":
+        pos = 0
+    elif by == "value":
+        pos = 1
+    else:
+        raise FilterArgumentError('You can only sort by either "key" or "value"')
+
+    def sort_func(item: t.Tuple[t.Any, t.Any]) -> t.Any:
+        value = item[pos]
+
+        if not case_sensitive:
+            value = ignore_case(value)
+
+        return value
+
+    return sorted(value.items(), key=sort_func, reverse=reverse)
+
+
+@pass_environment
+def do_sort(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    reverse: bool = False,
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.List[V]":
+    """Sort an iterable using Python's :func:`sorted`.
+
+    .. sourcecode:: jinja
+
+        {% for city in cities|sort %}
+            ...
+        {% endfor %}
+
+    :param reverse: Sort descending instead of ascending.
+    :param case_sensitive: When sorting strings, sort upper and lower
+        case separately.
+    :param attribute: When sorting objects or dicts, an attribute or
+        key to sort by. Can use dot notation like ``"address.city"``.
+        Can be a list of attributes like ``"age,name"``.
+
+    The sort is stable, it does not change the relative order of
+    elements that compare equal. This makes it is possible to chain
+    sorts on different attributes and ordering.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="name")
+            |sort(reverse=true, attribute="age") %}
+            ...
+        {% endfor %}
+
+    As a shortcut to chaining when the direction is the same for all
+    attributes, pass a comma separate list of attributes.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="age,name") %}
+            ...
+        {% endfor %}
+
+    .. versionchanged:: 2.11.0
+        The ``attribute`` parameter can be a comma separated list of
+        attributes, e.g. ``"age,name"``.
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added.
+    """
+    key_func = make_multi_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return sorted(value, key=key_func, reverse=reverse)
+
+
+@pass_environment
+def do_unique(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Iterator[V]":
+    """Returns a list of unique items from the given iterable.
+
+    .. sourcecode:: jinja
+
+        {{ ['foo', 'bar', 'foobar', 'FooBar']|unique|list }}
+            -> ['foo', 'bar', 'foobar']
+
+    The unique items are yielded in the same order as their first occurrence in
+    the iterable passed to the filter.
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Filter objects with unique values for this attribute.
+    """
+    getter = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    seen = set()
+
+    for item in value:
+        key = getter(item)
+
+        if key not in seen:
+            seen.add(key)
+            yield item
+
+
+def _min_or_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    func: "t.Callable[..., V]",
+    case_sensitive: bool,
+    attribute: t.Optional[t.Union[str, int]],
+) -> "t.Union[V, Undefined]":
+    it = iter(value)
+
+    try:
+        first = next(it)
+    except StopIteration:
+        return environment.undefined("No aggregated item, sequence was empty.")
+
+    key_func = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return func(chain([first], it), key=key_func)
+
+
+@pass_environment
+def do_min(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the smallest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|min }}
+            -> 1
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the min value of this attribute.
+    """
+    return _min_or_max(environment, value, min, case_sensitive, attribute)
+
+
+@pass_environment
+def do_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the largest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|max }}
+            -> 3
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the max value of this attribute.
+    """
+    return _min_or_max(environment, value, max, case_sensitive, attribute)
+
+
+def do_default(
+    value: V,
+    default_value: V = "",  # type: ignore
+    boolean: bool = False,
+) -> V:
+    """If the value is undefined it will return the passed default value,
+    otherwise the value of the variable:
+
+    .. sourcecode:: jinja
+
+        {{ my_variable|default('my_variable is not defined') }}
+
+    This will output the value of ``my_variable`` if the variable was
+    defined, otherwise ``'my_variable is not defined'``. If you want
+    to use default with variables that evaluate to false you have to
+    set the second parameter to `true`:
+
+    .. sourcecode:: jinja
+
+        {{ ''|default('the string was empty', true) }}
+
+    .. versionchanged:: 2.11
+       It's now possible to configure the :class:`~jinja2.Environment` with
+       :class:`~jinja2.ChainableUndefined` to make the `default` filter work
+       on nested elements and attributes that may contain undefined values
+       in the chain without getting an :exc:`~jinja2.UndefinedError`.
+    """
+    if isinstance(value, Undefined) or (boolean and not value):
+        return default_value
+
+    return value
+
+
+@pass_eval_context
+def sync_do_join(
+    eval_ctx: "EvalContext",
+    value: t.Iterable[t.Any],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    """Return a string which is the concatenation of the strings in the
+    sequence. The separator between elements is an empty string per
+    default, you can define it with the optional parameter:
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|join('|') }}
+            -> 1|2|3
+
+        {{ [1, 2, 3]|join }}
+            -> 123
+
+    It is also possible to join certain attributes of an object:
+
+    .. sourcecode:: jinja
+
+        {{ users|join(', ', attribute='username') }}
+
+    .. versionadded:: 2.6
+       The `attribute` parameter was added.
+    """
+    if attribute is not None:
+        value = map(make_attrgetter(eval_ctx.environment, attribute), value)
+
+    # no automatic escaping?  joining is a lot easier then
+    if not eval_ctx.autoescape:
+        return str(d).join(map(str, value))
+
+    # if the delimiter doesn't have an html representation we check
+    # if any of the items has.  If yes we do a coercion to Markup
+    if not hasattr(d, "__html__"):
+        value = list(value)
+        do_escape = False
+
+        for idx, item in enumerate(value):
+            if hasattr(item, "__html__"):
+                do_escape = True
+            else:
+                value[idx] = str(item)
+
+        if do_escape:
+            d = escape(d)
+        else:
+            d = str(d)
+
+        return d.join(value)
+
+    # no html involved, to normal joining
+    return soft_str(d).join(map(soft_str, value))
+
+
+@async_variant(sync_do_join)  # type: ignore
+async def do_join(
+    eval_ctx: "EvalContext",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    return sync_do_join(eval_ctx, await auto_to_list(value), d, attribute)
+
+
+def do_center(value: str, width: int = 80) -> str:
+    """Centers the value in a field of a given width."""
+    return soft_str(value).center(width)
+
+
+@pass_environment
+def sync_do_first(
+    environment: "Environment", seq: "t.Iterable[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the first item of a sequence."""
+    try:
+        return next(iter(seq))
+    except StopIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@async_variant(sync_do_first)  # type: ignore
+async def do_first(
+    environment: "Environment", seq: "t.Union[t.AsyncIterable[V], t.Iterable[V]]"
+) -> "t.Union[V, Undefined]":
+    try:
+        return await auto_aiter(seq).__anext__()
+    except StopAsyncIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@pass_environment
+def do_last(
+    environment: "Environment", seq: "t.Reversible[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the last item of a sequence.
+
+    Note: Does not work with generators. You may want to explicitly
+    convert it to a list:
+
+    .. sourcecode:: jinja
+
+        {{ data | selectattr('name', '==', 'Jinja') | list | last }}
+    """
+    try:
+        return next(iter(reversed(seq)))
+    except StopIteration:
+        return environment.undefined("No last item, sequence was empty.")
+
+
+# No async do_last, it may not be safe in async mode.
+
+
+@pass_context
+def do_random(context: "Context", seq: "t.Sequence[V]") -> "t.Union[V, Undefined]":
+    """Return a random item from the sequence."""
+    try:
+        return random.choice(seq)
+    except IndexError:
+        return context.environment.undefined("No random item, sequence was empty.")
+
+
+def do_filesizeformat(value: t.Union[str, float, int], binary: bool = False) -> str:
+    """Format the value like a 'human-readable' file size (i.e. 13 kB,
+    4.1 MB, 102 Bytes, etc).  Per default decimal prefixes are used (Mega,
+    Giga, etc.), if the second parameter is set to `True` the binary
+    prefixes are used (Mebi, Gibi).
+    """
+    bytes = float(value)
+    base = 1024 if binary else 1000
+    prefixes = [
+        ("KiB" if binary else "kB"),
+        ("MiB" if binary else "MB"),
+        ("GiB" if binary else "GB"),
+        ("TiB" if binary else "TB"),
+        ("PiB" if binary else "PB"),
+        ("EiB" if binary else "EB"),
+        ("ZiB" if binary else "ZB"),
+        ("YiB" if binary else "YB"),
+    ]
+
+    if bytes == 1:
+        return "1 Byte"
+    elif bytes < base:
+        return f"{int(bytes)} Bytes"
+    else:
+        for i, prefix in enumerate(prefixes):
+            unit = base ** (i + 2)
+
+            if bytes < unit:
+                return f"{base * bytes / unit:.1f} {prefix}"
+
+        return f"{base * bytes / unit:.1f} {prefix}"
+
+
+def do_pprint(value: t.Any) -> str:
+    """Pretty print a variable. Useful for debugging."""
+    return pformat(value)
+
+
+_uri_scheme_re = re.compile(r"^([\w.+-]{2,}:(/){0,2})$")
+
+
+@pass_eval_context
+def do_urlize(
+    eval_ctx: "EvalContext",
+    value: str,
+    trim_url_limit: t.Optional[int] = None,
+    nofollow: bool = False,
+    target: t.Optional[str] = None,
+    rel: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param value: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param nofollow: Add the ``rel=nofollow`` attribute to links.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior. Defaults to
+        ``env.policies["urlize.extra_schemes"]``, which defaults to no
+        extra schemes.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+
+    .. versionchanged:: 2.8
+       The ``target`` parameter was added.
+    """
+    policies = eval_ctx.environment.policies
+    rel_parts = set((rel or "").split())
+
+    if nofollow:
+        rel_parts.add("nofollow")
+
+    rel_parts.update((policies["urlize.rel"] or "").split())
+    rel = " ".join(sorted(rel_parts)) or None
+
+    if target is None:
+        target = policies["urlize.target"]
+
+    if extra_schemes is None:
+        extra_schemes = policies["urlize.extra_schemes"] or ()
+
+    for scheme in extra_schemes:
+        if _uri_scheme_re.fullmatch(scheme) is None:
+            raise FilterArgumentError(f"{scheme!r} is not a valid URI scheme prefix.")
+
+    rv = urlize(
+        value,
+        trim_url_limit=trim_url_limit,
+        rel=rel,
+        target=target,
+        extra_schemes=extra_schemes,
+    )
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_indent(
+    s: str, width: t.Union[int, str] = 4, first: bool = False, blank: bool = False
+) -> str:
+    """Return a copy of the string with each line indented by 4 spaces. The
+    first line and blank lines are not indented by default.
+
+    :param width: Number of spaces, or a string, to indent by.
+    :param first: Don't skip indenting the first line.
+    :param blank: Don't skip indenting empty lines.
+
+    .. versionchanged:: 3.0
+        ``width`` can be a string.
+
+    .. versionchanged:: 2.10
+        Blank lines are not indented by default.
+
+        Rename the ``indentfirst`` argument to ``first``.
+    """
+    if isinstance(width, str):
+        indention = width
+    else:
+        indention = " " * width
+
+    newline = "\n"
+
+    if isinstance(s, Markup):
+        indention = Markup(indention)
+        newline = Markup(newline)
+
+    s += newline  # this quirk is necessary for splitlines method
+
+    if blank:
+        rv = (newline + indention).join(s.splitlines())
+    else:
+        lines = s.splitlines()
+        rv = lines.pop(0)
+
+        if lines:
+            rv += newline + newline.join(
+                indention + line if line else line for line in lines
+            )
+
+    if first:
+        rv = indention + rv
+
+    return rv
+
+
+@pass_environment
+def do_truncate(
+    env: "Environment",
+    s: str,
+    length: int = 255,
+    killwords: bool = False,
+    end: str = "...",
+    leeway: t.Optional[int] = None,
+) -> str:
+    """Return a truncated copy of the string. The length is specified
+    with the first parameter which defaults to ``255``. If the second
+    parameter is ``true`` the filter will cut the text at length. Otherwise
+    it will discard the last word. If the text was in fact
+    truncated it will append an ellipsis sign (``"..."``). If you want a
+    different ellipsis sign than ``"..."`` you can specify it using the
+    third parameter. Strings that only exceed the length by the tolerance
+    margin given in the fourth parameter will not be truncated.
+
+    .. sourcecode:: jinja
+
+        {{ "foo bar baz qux"|truncate(9) }}
+            -> "foo..."
+        {{ "foo bar baz qux"|truncate(9, True) }}
+            -> "foo ba..."
+        {{ "foo bar baz qux"|truncate(11) }}
+            -> "foo bar baz qux"
+        {{ "foo bar baz qux"|truncate(11, False, '...', 0) }}
+            -> "foo bar..."
+
+    The default leeway on newer Jinja versions is 5 and was 0 before but
+    can be reconfigured globally.
+    """
+    if leeway is None:
+        leeway = env.policies["truncate.leeway"]
+
+    assert length >= len(end), f"expected length >= {len(end)}, got {length}"
+    assert leeway >= 0, f"expected leeway >= 0, got {leeway}"
+
+    if len(s) <= length + leeway:
+        return s
+
+    if killwords:
+        return s[: length - len(end)] + end
+
+    result = s[: length - len(end)].rsplit(" ", 1)[0]
+    return result + end
+
+
+@pass_environment
+def do_wordwrap(
+    environment: "Environment",
+    s: str,
+    width: int = 79,
+    break_long_words: bool = True,
+    wrapstring: t.Optional[str] = None,
+    break_on_hyphens: bool = True,
+) -> str:
+    """Wrap a string to the given width. Existing newlines are treated
+    as paragraphs to be wrapped separately.
+
+    :param s: Original text to wrap.
+    :param width: Maximum length of wrapped lines.
+    :param break_long_words: If a word is longer than ``width``, break
+        it across lines.
+    :param break_on_hyphens: If a word contains hyphens, it may be split
+        across lines.
+    :param wrapstring: String to join each wrapped line. Defaults to
+        :attr:`Environment.newline_sequence`.
+
+    .. versionchanged:: 2.11
+        Existing newlines are treated as paragraphs wrapped separately.
+
+    .. versionchanged:: 2.11
+        Added the ``break_on_hyphens`` parameter.
+
+    .. versionchanged:: 2.7
+        Added the ``wrapstring`` parameter.
+    """
+    import textwrap
+
+    if wrapstring is None:
+        wrapstring = environment.newline_sequence
+
+    # textwrap.wrap doesn't consider existing newlines when wrapping.
+    # If the string has a newline before width, wrap will still insert
+    # a newline at width, resulting in a short line. Instead, split and
+    # wrap each paragraph individually.
+    return wrapstring.join(
+        [
+            wrapstring.join(
+                textwrap.wrap(
+                    line,
+                    width=width,
+                    expand_tabs=False,
+                    replace_whitespace=False,
+                    break_long_words=break_long_words,
+                    break_on_hyphens=break_on_hyphens,
+                )
+            )
+            for line in s.splitlines()
+        ]
+    )
+
+
+_word_re = re.compile(r"\w+")
+
+
+def do_wordcount(s: str) -> int:
+    """Count the words in that string."""
+    return len(_word_re.findall(soft_str(s)))
+
+
+def do_int(value: t.Any, default: int = 0, base: int = 10) -> int:
+    """Convert the value into an integer. If the
+    conversion doesn't work it will return ``0``. You can
+    override this default using the first parameter. You
+    can also override the default base (10) in the second
+    parameter, which handles input with prefixes such as
+    0b, 0o and 0x for bases 2, 8 and 16 respectively.
+    The base is ignored for decimal numbers and non-string values.
+    """
+    try:
+        if isinstance(value, str):
+            return int(value, base)
+
+        return int(value)
+    except (TypeError, ValueError):
+        # this quirk is necessary so that "42.23"|int gives 42.
+        try:
+            return int(float(value))
+        except (TypeError, ValueError):
+            return default
+
+
+def do_float(value: t.Any, default: float = 0.0) -> float:
+    """Convert the value into a floating point number. If the
+    conversion doesn't work it will return ``0.0``. You can
+    override this default using the first parameter.
+    """
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def do_format(value: str, *args: t.Any, **kwargs: t.Any) -> str:
+    """Apply the given values to a `printf-style`_ format string, like
+    ``string % values``.
+
+    .. sourcecode:: jinja
+
+        {{ "%s, %s!"|format(greeting, name) }}
+        Hello, World!
+
+    In most cases it should be more convenient and efficient to use the
+    ``%`` operator or :meth:`str.format`.
+
+    .. code-block:: text
+
+        {{ "%s, %s!" % (greeting, name) }}
+        {{ "{}, {}!".format(greeting, name) }}
+
+    .. _printf-style: https://docs.python.org/library/stdtypes.html
+        #printf-style-string-formatting
+    """
+    if args and kwargs:
+        raise FilterArgumentError(
+            "can't handle positional and keyword arguments at the same time"
+        )
+
+    return soft_str(value) % (kwargs or args)
+
+
+def do_trim(value: str, chars: t.Optional[str] = None) -> str:
+    """Strip leading and trailing characters, by default whitespace."""
+    return soft_str(value).strip(chars)
+
+
+def do_striptags(value: "t.Union[str, HasHTML]") -> str:
+    """Strip SGML/XML tags and replace adjacent whitespace by one space."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return Markup(str(value)).striptags()
+
+
+def sync_do_slice(
+    value: "t.Collection[V]", slices: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """Slice an iterator and return a list of lists containing
+    those items. Useful if you want to create a div containing
+    three ul tags that represent columns:
+
+    .. sourcecode:: html+jinja
+
+        <div class="columnwrapper">
+          {%- for column in items|slice(3) %}
+            <ul class="column-{{ loop.index }}">
+            {%- for item in column %}
+              <li>{{ item }}</li>
+            {%- endfor %}
+            </ul>
+          {%- endfor %}
+        </div>
+
+    If you pass it a second argument it's used to fill missing
+    values on the last iteration.
+    """
+    seq = list(value)
+    length = len(seq)
+    items_per_slice = length // slices
+    slices_with_extra = length % slices
+    offset = 0
+
+    for slice_number in range(slices):
+        start = offset + slice_number * items_per_slice
+
+        if slice_number < slices_with_extra:
+            offset += 1
+
+        end = offset + (slice_number + 1) * items_per_slice
+        tmp = seq[start:end]
+
+        if fill_with is not None and slice_number >= slices_with_extra:
+            tmp.append(fill_with)
+
+        yield tmp
+
+
+@async_variant(sync_do_slice)  # type: ignore
+async def do_slice(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    slices: int,
+    fill_with: t.Optional[t.Any] = None,
+) -> "t.Iterator[t.List[V]]":
+    return sync_do_slice(await auto_to_list(value), slices, fill_with)
+
+
+def do_batch(
+    value: "t.Iterable[V]", linecount: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """
+    A filter that batches items. It works pretty much like `slice`
+    just the other way round. It returns a list of lists with the
+    given number of items. If you provide a second parameter this
+    is used to fill up missing items. See this example:
+
+    .. sourcecode:: html+jinja
+
+        <table>
+        {%- for row in items|batch(3, '&nbsp;') %}
+          <tr>
+          {%- for column in row %}
+            <td>{{ column }}</td>
+          {%- endfor %}
+          </tr>
+        {%- endfor %}
+        </table>
+    """
+    tmp: "t.List[V]" = []
+
+    for item in value:
+        if len(tmp) == linecount:
+            yield tmp
+            tmp = []
+
+        tmp.append(item)
+
+    if tmp:
+        if fill_with is not None and len(tmp) < linecount:
+            tmp += [fill_with] * (linecount - len(tmp))
+
+        yield tmp
+
+
+def do_round(
+    value: float,
+    precision: int = 0,
+    method: 'te.Literal["common", "ceil", "floor"]' = "common",
+) -> float:
+    """Round the number to a given precision. The first
+    parameter specifies the precision (default is ``0``), the
+    second the rounding method:
+
+    - ``'common'`` rounds either up or down
+    - ``'ceil'`` always rounds up
+    - ``'floor'`` always rounds down
+
+    If you don't specify a method ``'common'`` is used.
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round }}
+            -> 43.0
+        {{ 42.55|round(1, 'floor') }}
+            -> 42.5
+
+    Note that even if rounded to 0 precision, a float is returned.  If
+    you need a real integer, pipe it through `int`:
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round|int }}
+            -> 43
+    """
+    if method not in {"common", "ceil", "floor"}:
+        raise FilterArgumentError("method must be common, ceil or floor")
+
+    if method == "common":
+        return round(value, precision)
+
+    func = getattr(math, method)
+    return t.cast(float, func(value * (10**precision)) / (10**precision))
+
+
+class _GroupTuple(t.NamedTuple):
+    grouper: t.Any
+    list: t.List[t.Any]
+
+    # Use the regular tuple repr to hide this subclass if users print
+    # out the value during debugging.
+    def __repr__(self) -> str:
+        return tuple.__repr__(self)
+
+    def __str__(self) -> str:
+        return tuple.__str__(self)
+
+
+@pass_environment
+def sync_do_groupby(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    """Group a sequence of objects by an attribute using Python's
+    :func:`itertools.groupby`. The attribute can use dot notation for
+    nested access, like ``"address.city"``. Unlike Python's ``groupby``,
+    the values are sorted first so only one group is returned for each
+    unique value.
+
+    For example, a list of ``User`` objects with a ``city`` attribute
+    can be rendered in groups. In this example, ``grouper`` refers to
+    the ``city`` value of the group.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for city, items in users|groupby("city") %}
+          <li>{{ city }}
+            <ul>{% for user in items %}
+              <li>{{ user.name }}
+            {% endfor %}</ul>
+          </li>
+        {% endfor %}</ul>
+
+    ``groupby`` yields namedtuples of ``(grouper, list)``, which
+    can be used instead of the tuple unpacking above. ``grouper`` is the
+    value of the attribute, and ``list`` is the items with that value.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for group in users|groupby("city") %}
+          <li>{{ group.grouper }}: {{ group.list|join(", ") }}
+        {% endfor %}</ul>
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        <ul>{% for city, items in users|groupby("city", default="NY") %}
+          <li>{{ city }}: {{ items|map(attribute="name")|join(", ") }}</li>
+        {% endfor %}</ul>
+
+    Like the :func:`~jinja-filters.sort` filter, sorting and grouping is
+    case-insensitive by default. The ``key`` for each group will have
+    the case of the first item in that group of values. For example, if
+    a list of users has cities ``["CA", "NY", "ca"]``, the "CA" group
+    will have two values. This can be disabled by passing
+    ``case_sensitive=True``.
+
+    .. versionchanged:: 3.1
+        Added the ``case_sensitive`` parameter. Sorting and grouping is
+        case-insensitive by default, matching other filters that do
+        comparisons.
+
+    .. versionchanged:: 3.0
+        Added the ``default`` parameter.
+
+    .. versionchanged:: 2.6
+        The attribute supports dot notation for nested access.
+    """
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, list(values))
+        for key, values in groupby(sorted(value, key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@async_variant(sync_do_groupby)  # type: ignore
+async def do_groupby(
+    environment: "Environment",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, await auto_to_list(values))
+        for key, values in groupby(sorted(await auto_to_list(value), key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@pass_environment
+def sync_do_sum(
+    environment: "Environment",
+    iterable: "t.Iterable[V]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    """Returns the sum of a sequence of numbers plus the value of parameter
+    'start' (which defaults to 0).  When the sequence is empty it returns
+    start.
+
+    It is also possible to sum up only certain attributes:
+
+    .. sourcecode:: jinja
+
+        Total: {{ items|sum(attribute='price') }}
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added to allow summing up over
+       attributes.  Also the ``start`` parameter was moved on to the right.
+    """
+    if attribute is not None:
+        iterable = map(make_attrgetter(environment, attribute), iterable)
+
+    return sum(iterable, start)  # type: ignore[no-any-return, call-overload]
+
+
+@async_variant(sync_do_sum)  # type: ignore
+async def do_sum(
+    environment: "Environment",
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    rv = start
+
+    if attribute is not None:
+        func = make_attrgetter(environment, attribute)
+    else:
+
+        def func(x: V) -> V:
+            return x
+
+    async for item in auto_aiter(iterable):
+        rv += func(item)
+
+    return rv
+
+
+def sync_do_list(value: "t.Iterable[V]") -> "t.List[V]":
+    """Convert the value into a list.  If it was a string the returned list
+    will be a list of characters.
+    """
+    return list(value)
+
+
+@async_variant(sync_do_list)  # type: ignore
+async def do_list(value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]") -> "t.List[V]":
+    return await auto_to_list(value)
+
+
+def do_mark_safe(value: str) -> Markup:
+    """Mark the value as safe which means that in an environment with automatic
+    escaping enabled this variable will not be escaped.
+    """
+    return Markup(value)
+
+
+def do_mark_unsafe(value: str) -> str:
+    """Mark a value as unsafe.  This is the reverse operation for :func:`safe`."""
+    return str(value)
+
+
+@typing.overload
+def do_reverse(value: str) -> str: ...
+
+
+@typing.overload
+def do_reverse(value: "t.Iterable[V]") -> "t.Iterable[V]": ...
+
+
+def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]]:
+    """Reverse the object or return an iterator that iterates over it the other
+    way round.
+    """
+    if isinstance(value, str):
+        return value[::-1]
+
+    try:
+        return reversed(value)  # type: ignore
+    except TypeError:
+        try:
+            rv = list(value)
+            rv.reverse()
+            return rv
+        except TypeError as e:
+            raise FilterArgumentError("argument must be iterable") from e
+
+
+@pass_environment
+def do_attr(
+    environment: "Environment", obj: t.Any, name: str
+) -> t.Union[Undefined, t.Any]:
+    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+    ``foo.bar`` just that always an attribute is returned and items are not
+    looked up.
+
+    See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+    """
+    try:
+        name = str(name)
+    except UnicodeError:
+        pass
+    else:
+        try:
+            value = getattr(obj, name)
+        except AttributeError:
+            pass
+        else:
+            if environment.sandboxed:
+                environment = t.cast("SandboxedEnvironment", environment)
+
+                if not environment.is_safe_attribute(obj, name, value):
+                    return environment.unsafe_undefined(obj, name)
+
+            return value
+
+    return environment.undefined(obj=obj, name=name)
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@pass_context
+def sync_do_map(
+    context: "Context", value: t.Iterable[t.Any], *args: t.Any, **kwargs: t.Any
+) -> t.Iterable[t.Any]:
+    """Applies a filter on a sequence of objects or looks up an attribute.
+    This is useful when dealing with lists of objects but you are really
+    only interested in a certain value of it.
+
+    The basic usage is mapping on an attribute.  Imagine you have a list
+    of users but you are only interested in a list of usernames:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ users|map(attribute='username')|join(', ') }}
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        {{ users|map(attribute="username", default="Anonymous")|join(", ") }}
+
+    Alternatively you can let it invoke a filter by passing the name of the
+    filter and the arguments afterwards.  A good example would be applying a
+    text conversion filter on a sequence:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ titles|map('lower')|join(', ') }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u.username for u in users)
+        (getattr(u, "username", "Anonymous") for u in users)
+        (do_lower(x) for x in titles)
+
+    .. versionchanged:: 2.11.0
+        Added the ``default`` parameter.
+
+    .. versionadded:: 2.7
+    """
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        for item in value:
+            yield func(item)
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@async_variant(sync_do_map)  # type: ignore
+async def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.AsyncIterable[t.Any]:
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        async for item in auto_aiter(value):
+            yield await auto_await(func(item))
+
+
+@pass_context
+def sync_do_select(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and only selecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|select("odd") }}
+        {{ numbers|select("odd") }}
+        {{ numbers|select("divisibleby", 3) }}
+        {{ numbers|select("lessthan", 42) }}
+        {{ strings|select("equalto", "mystring") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if test_odd(n))
+        (n for n in numbers if test_divisibleby(n, 3))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@async_variant(sync_do_select)  # type: ignore
+async def do_select(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@pass_context
+def sync_do_reject(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and rejecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|reject("odd") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if not test_odd(n))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@async_variant(sync_do_reject)  # type: ignore
+async def do_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@pass_context
+def sync_do_selectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and only selecting the objects with the
+    test succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ users|selectattr("is_active") }}
+        {{ users|selectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if user.is_active)
+        (u for user in users if test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@async_variant(sync_do_selectattr)  # type: ignore
+async def do_selectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@pass_context
+def sync_do_rejectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and rejecting the objects with the test
+    succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    .. sourcecode:: jinja
+
+        {{ users|rejectattr("is_active") }}
+        {{ users|rejectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if not user.is_active)
+        (u for user in users if not test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@async_variant(sync_do_rejectattr)  # type: ignore
+async def do_rejectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@pass_eval_context
+def do_tojson(
+    eval_ctx: "EvalContext", value: t.Any, indent: t.Optional[int] = None
+) -> Markup:
+    """Serialize an object to a string of JSON, and mark it safe to
+    render in HTML. This filter is only for use in HTML documents.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param value: The object to serialize to JSON.
+    :param indent: The ``indent`` parameter passed to ``dumps``, for
+        pretty-printing the value.
+
+    .. versionadded:: 2.9
+    """
+    policies = eval_ctx.environment.policies
+    dumps = policies["json.dumps_function"]
+    kwargs = policies["json.dumps_kwargs"]
+
+    if indent is not None:
+        kwargs = kwargs.copy()
+        kwargs["indent"] = indent
+
+    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
+
+
+def prepare_map(
+    context: "Context", args: t.Tuple[t.Any, ...], kwargs: t.Dict[str, t.Any]
+) -> t.Callable[[t.Any], t.Any]:
+    if not args and "attribute" in kwargs:
+        attribute = kwargs.pop("attribute")
+        default = kwargs.pop("default", None)
+
+        if kwargs:
+            raise FilterArgumentError(
+                f"Unexpected keyword argument {next(iter(kwargs))!r}"
+            )
+
+        func = make_attrgetter(context.environment, attribute, default=default)
+    else:
+        try:
+            name = args[0]
+            args = args[1:]
+        except LookupError:
+            raise FilterArgumentError("map requires a filter argument") from None
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_filter(
+                name, item, args, kwargs, context=context
+            )
+
+    return func
+
+
+def prepare_select_or_reject(
+    context: "Context",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> t.Callable[[t.Any], t.Any]:
+    if lookup_attr:
+        try:
+            attr = args[0]
+        except LookupError:
+            raise FilterArgumentError("Missing parameter for attribute name") from None
+
+        transfunc = make_attrgetter(context.environment, attr)
+        off = 1
+    else:
+        off = 0
+
+        def transfunc(x: V) -> V:
+            return x
+
+    try:
+        name = args[off]
+        args = args[1 + off :]
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_test(name, item, args, kwargs)
+
+    except LookupError:
+        func = bool  # type: ignore
+
+    return lambda item: modfunc(func(transfunc(item)))
+
+
+def select_or_reject(
+    context: "Context",
+    value: "t.Iterable[V]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.Iterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        for item in value:
+            if func(item):
+                yield item
+
+
+async def async_select_or_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.AsyncIterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        async for item in auto_aiter(value):
+            if func(item):
+                yield item
+
+
+FILTERS = {
+    "abs": abs,
+    "attr": do_attr,
+    "batch": do_batch,
+    "capitalize": do_capitalize,
+    "center": do_center,
+    "count": len,
+    "d": do_default,
+    "default": do_default,
+    "dictsort": do_dictsort,
+    "e": escape,
+    "escape": escape,
+    "filesizeformat": do_filesizeformat,
+    "first": do_first,
+    "float": do_float,
+    "forceescape": do_forceescape,
+    "format": do_format,
+    "groupby": do_groupby,
+    "indent": do_indent,
+    "int": do_int,
+    "join": do_join,
+    "last": do_last,
+    "length": len,
+    "list": do_list,
+    "lower": do_lower,
+    "items": do_items,
+    "map": do_map,
+    "min": do_min,
+    "max": do_max,
+    "pprint": do_pprint,
+    "random": do_random,
+    "reject": do_reject,
+    "rejectattr": do_rejectattr,
+    "replace": do_replace,
+    "reverse": do_reverse,
+    "round": do_round,
+    "safe": do_mark_safe,
+    "select": do_select,
+    "selectattr": do_selectattr,
+    "slice": do_slice,
+    "sort": do_sort,
+    "string": soft_str,
+    "striptags": do_striptags,
+    "sum": do_sum,
+    "title": do_title,
+    "trim": do_trim,
+    "truncate": do_truncate,
+    "unique": do_unique,
+    "upper": do_upper,
+    "urlencode": do_urlencode,
+    "urlize": do_urlize,
+    "wordcount": do_wordcount,
+    "wordwrap": do_wordwrap,
+    "xmlattr": do_xmlattr,
+    "tojson": do_tojson,
+}
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/idtracking.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/idtracking.py
new file mode 100644
index 000000000..995ebaa0c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/idtracking.py
@@ -0,0 +1,318 @@
+import typing as t
+
+from . import nodes
+from .visitor import NodeVisitor
+
+VAR_LOAD_PARAMETER = "param"
+VAR_LOAD_RESOLVE = "resolve"
+VAR_LOAD_ALIAS = "alias"
+VAR_LOAD_UNDEFINED = "undefined"
+
+
+def find_symbols(
+    nodes: t.Iterable[nodes.Node], parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    visitor = FrameSymbolVisitor(sym)
+    for node in nodes:
+        visitor.visit(node)
+    return sym
+
+
+def symbols_for_node(
+    node: nodes.Node, parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    sym.analyze_node(node)
+    return sym
+
+
+class Symbols:
+    def __init__(
+        self, parent: t.Optional["Symbols"] = None, level: t.Optional[int] = None
+    ) -> None:
+        if level is None:
+            if parent is None:
+                level = 0
+            else:
+                level = parent.level + 1
+
+        self.level: int = level
+        self.parent = parent
+        self.refs: t.Dict[str, str] = {}
+        self.loads: t.Dict[str, t.Any] = {}
+        self.stores: t.Set[str] = set()
+
+    def analyze_node(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        visitor = RootVisitor(self)
+        visitor.visit(node, **kwargs)
+
+    def _define_ref(
+        self, name: str, load: t.Optional[t.Tuple[str, t.Optional[str]]] = None
+    ) -> str:
+        ident = f"l_{self.level}_{name}"
+        self.refs[name] = ident
+        if load is not None:
+            self.loads[ident] = load
+        return ident
+
+    def find_load(self, target: str) -> t.Optional[t.Any]:
+        if target in self.loads:
+            return self.loads[target]
+
+        if self.parent is not None:
+            return self.parent.find_load(target)
+
+        return None
+
+    def find_ref(self, name: str) -> t.Optional[str]:
+        if name in self.refs:
+            return self.refs[name]
+
+        if self.parent is not None:
+            return self.parent.find_ref(name)
+
+        return None
+
+    def ref(self, name: str) -> str:
+        rv = self.find_ref(name)
+        if rv is None:
+            raise AssertionError(
+                "Tried to resolve a name to a reference that was"
+                f" unknown to the frame ({name!r})"
+            )
+        return rv
+
+    def copy(self) -> "Symbols":
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.refs = self.refs.copy()
+        rv.loads = self.loads.copy()
+        rv.stores = self.stores.copy()
+        return rv
+
+    def store(self, name: str) -> None:
+        self.stores.add(name)
+
+        # If we have not see the name referenced yet, we need to figure
+        # out what to set it to.
+        if name not in self.refs:
+            # If there is a parent scope we check if the name has a
+            # reference there.  If it does it means we might have to alias
+            # to a variable there.
+            if self.parent is not None:
+                outer_ref = self.parent.find_ref(name)
+                if outer_ref is not None:
+                    self._define_ref(name, load=(VAR_LOAD_ALIAS, outer_ref))
+                    return
+
+            # Otherwise we can just set it to undefined.
+            self._define_ref(name, load=(VAR_LOAD_UNDEFINED, None))
+
+    def declare_parameter(self, name: str) -> str:
+        self.stores.add(name)
+        return self._define_ref(name, load=(VAR_LOAD_PARAMETER, None))
+
+    def load(self, name: str) -> None:
+        if self.find_ref(name) is None:
+            self._define_ref(name, load=(VAR_LOAD_RESOLVE, name))
+
+    def branch_update(self, branch_symbols: t.Sequence["Symbols"]) -> None:
+        stores: t.Dict[str, int] = {}
+        for branch in branch_symbols:
+            for target in branch.stores:
+                if target in self.stores:
+                    continue
+                stores[target] = stores.get(target, 0) + 1
+
+        for sym in branch_symbols:
+            self.refs.update(sym.refs)
+            self.loads.update(sym.loads)
+            self.stores.update(sym.stores)
+
+        for name, branch_count in stores.items():
+            if branch_count == len(branch_symbols):
+                continue
+
+            target = self.find_ref(name)  # type: ignore
+            assert target is not None, "should not happen"
+
+            if self.parent is not None:
+                outer_target = self.parent.find_ref(name)
+                if outer_target is not None:
+                    self.loads[target] = (VAR_LOAD_ALIAS, outer_target)
+                    continue
+            self.loads[target] = (VAR_LOAD_RESOLVE, name)
+
+    def dump_stores(self) -> t.Dict[str, str]:
+        rv: t.Dict[str, str] = {}
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for name in sorted(node.stores):
+                if name not in rv:
+                    rv[name] = self.find_ref(name)  # type: ignore
+
+            node = node.parent
+
+        return rv
+
+    def dump_param_targets(self) -> t.Set[str]:
+        rv = set()
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for target, (instr, _) in self.loads.items():
+                if instr == VAR_LOAD_PARAMETER:
+                    rv.add(target)
+
+            node = node.parent
+
+        return rv
+
+
+class RootVisitor(NodeVisitor):
+    def __init__(self, symbols: "Symbols") -> None:
+        self.sym_visitor = FrameSymbolVisitor(symbols)
+
+    def _simple_visit(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes():
+            self.sym_visitor.visit(child)
+
+    visit_Template = _simple_visit
+    visit_Block = _simple_visit
+    visit_Macro = _simple_visit
+    visit_FilterBlock = _simple_visit
+    visit_Scope = _simple_visit
+    visit_If = _simple_visit
+    visit_ScopedEvalContextModifier = _simple_visit
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes(exclude=("call",)):
+            self.sym_visitor.visit(child)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_For(
+        self, node: nodes.For, for_branch: str = "body", **kwargs: t.Any
+    ) -> None:
+        if for_branch == "body":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            branch = node.body
+        elif for_branch == "else":
+            branch = node.else_
+        elif for_branch == "test":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            if node.test is not None:
+                self.sym_visitor.visit(node.test)
+            return
+        else:
+            raise RuntimeError("Unknown for branch")
+
+        if branch:
+            for item in branch:
+                self.sym_visitor.visit(item)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.targets:
+            self.sym_visitor.visit(target)
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def generic_visit(self, node: nodes.Node, *args: t.Any, **kwargs: t.Any) -> None:
+        raise NotImplementedError(f"Cannot find symbols for {type(node).__name__!r}")
+
+
+class FrameSymbolVisitor(NodeVisitor):
+    """A visitor for `Frame.inspect`."""
+
+    def __init__(self, symbols: "Symbols") -> None:
+        self.symbols = symbols
+
+    def visit_Name(
+        self, node: nodes.Name, store_as_param: bool = False, **kwargs: t.Any
+    ) -> None:
+        """All assignments to names go through this function."""
+        if store_as_param or node.ctx == "param":
+            self.symbols.declare_parameter(node.name)
+        elif node.ctx == "store":
+            self.symbols.store(node.name)
+        elif node.ctx == "load":
+            self.symbols.load(node.name)
+
+    def visit_NSRef(self, node: nodes.NSRef, **kwargs: t.Any) -> None:
+        self.symbols.load(node.name)
+
+    def visit_If(self, node: nodes.If, **kwargs: t.Any) -> None:
+        self.visit(node.test, **kwargs)
+        original_symbols = self.symbols
+
+        def inner_visit(nodes: t.Iterable[nodes.Node]) -> "Symbols":
+            self.symbols = rv = original_symbols.copy()
+
+            for subnode in nodes:
+                self.visit(subnode, **kwargs)
+
+            self.symbols = original_symbols
+            return rv
+
+        body_symbols = inner_visit(node.body)
+        elif_symbols = inner_visit(node.elif_)
+        else_symbols = inner_visit(node.else_ or ())
+        self.symbols.branch_update([body_symbols, elif_symbols, else_symbols])
+
+    def visit_Macro(self, node: nodes.Macro, **kwargs: t.Any) -> None:
+        self.symbols.store(node.name)
+
+    def visit_Import(self, node: nodes.Import, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+        self.symbols.store(node.target)
+
+    def visit_FromImport(self, node: nodes.FromImport, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+
+        for name in node.names:
+            if isinstance(name, tuple):
+                self.symbols.store(name[1])
+            else:
+                self.symbols.store(name)
+
+    def visit_Assign(self, node: nodes.Assign, **kwargs: t.Any) -> None:
+        """Visit assignments in the correct order."""
+        self.visit(node.node, **kwargs)
+        self.visit(node.target, **kwargs)
+
+    def visit_For(self, node: nodes.For, **kwargs: t.Any) -> None:
+        """Visiting stops at for blocks.  However the block sequence
+        is visited as part of the outer scope.
+        """
+        self.visit(node.iter, **kwargs)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        self.visit(node.call, **kwargs)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, **kwargs: t.Any) -> None:
+        self.visit(node.filter, **kwargs)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.values:
+            self.visit(target)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        """Stop visiting at block assigns."""
+        self.visit(node.target, **kwargs)
+
+    def visit_Scope(self, node: nodes.Scope, **kwargs: t.Any) -> None:
+        """Stop visiting at scopes."""
+
+    def visit_Block(self, node: nodes.Block, **kwargs: t.Any) -> None:
+        """Stop visiting at blocks."""
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        """Do not visit into overlay scopes."""
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/lexer.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/lexer.py
new file mode 100644
index 000000000..62b0471a3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/lexer.py
@@ -0,0 +1,868 @@
+"""Implements a Jinja / Python combination lexer. The ``Lexer`` class
+is used to do some preprocessing. It filters out invalid operators like
+the bitshift operators we don't allow in templates. It separates
+template code and python code in expressions.
+"""
+
+import re
+import typing as t
+from ast import literal_eval
+from collections import deque
+from sys import intern
+
+from ._identifier import pattern as name_re
+from .exceptions import TemplateSyntaxError
+from .utils import LRUCache
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+# cache for the lexers. Exists in order to be able to have multiple
+# environments with the same lexer
+_lexer_cache: t.MutableMapping[t.Tuple, "Lexer"] = LRUCache(50)  # type: ignore
+
+# static regular expressions
+whitespace_re = re.compile(r"\s+")
+newline_re = re.compile(r"(\r\n|\r|\n)")
+string_re = re.compile(
+    r"('([^'\\]*(?:\\.[^'\\]*)*)'" r'|"([^"\\]*(?:\\.[^"\\]*)*)")', re.S
+)
+integer_re = re.compile(
+    r"""
+    (
+        0b(_?[0-1])+ # binary
+    |
+        0o(_?[0-7])+ # octal
+    |
+        0x(_?[\da-f])+ # hex
+    |
+        [1-9](_?\d)* # decimal
+    |
+        0(_?0)* # decimal zero
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+float_re = re.compile(
+    r"""
+    (?<!\.)  # doesn't start with a .
+    (\d+_)*\d+  # digits, possibly _ separated
+    (
+        (\.(\d+_)*\d+)?  # optional fractional part
+        e[+\-]?(\d+_)*\d+  # exponent part
+    |
+        \.(\d+_)*\d+  # required fractional part
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+
+# internal the tokens and keep references to them
+TOKEN_ADD = intern("add")
+TOKEN_ASSIGN = intern("assign")
+TOKEN_COLON = intern("colon")
+TOKEN_COMMA = intern("comma")
+TOKEN_DIV = intern("div")
+TOKEN_DOT = intern("dot")
+TOKEN_EQ = intern("eq")
+TOKEN_FLOORDIV = intern("floordiv")
+TOKEN_GT = intern("gt")
+TOKEN_GTEQ = intern("gteq")
+TOKEN_LBRACE = intern("lbrace")
+TOKEN_LBRACKET = intern("lbracket")
+TOKEN_LPAREN = intern("lparen")
+TOKEN_LT = intern("lt")
+TOKEN_LTEQ = intern("lteq")
+TOKEN_MOD = intern("mod")
+TOKEN_MUL = intern("mul")
+TOKEN_NE = intern("ne")
+TOKEN_PIPE = intern("pipe")
+TOKEN_POW = intern("pow")
+TOKEN_RBRACE = intern("rbrace")
+TOKEN_RBRACKET = intern("rbracket")
+TOKEN_RPAREN = intern("rparen")
+TOKEN_SEMICOLON = intern("semicolon")
+TOKEN_SUB = intern("sub")
+TOKEN_TILDE = intern("tilde")
+TOKEN_WHITESPACE = intern("whitespace")
+TOKEN_FLOAT = intern("float")
+TOKEN_INTEGER = intern("integer")
+TOKEN_NAME = intern("name")
+TOKEN_STRING = intern("string")
+TOKEN_OPERATOR = intern("operator")
+TOKEN_BLOCK_BEGIN = intern("block_begin")
+TOKEN_BLOCK_END = intern("block_end")
+TOKEN_VARIABLE_BEGIN = intern("variable_begin")
+TOKEN_VARIABLE_END = intern("variable_end")
+TOKEN_RAW_BEGIN = intern("raw_begin")
+TOKEN_RAW_END = intern("raw_end")
+TOKEN_COMMENT_BEGIN = intern("comment_begin")
+TOKEN_COMMENT_END = intern("comment_end")
+TOKEN_COMMENT = intern("comment")
+TOKEN_LINESTATEMENT_BEGIN = intern("linestatement_begin")
+TOKEN_LINESTATEMENT_END = intern("linestatement_end")
+TOKEN_LINECOMMENT_BEGIN = intern("linecomment_begin")
+TOKEN_LINECOMMENT_END = intern("linecomment_end")
+TOKEN_LINECOMMENT = intern("linecomment")
+TOKEN_DATA = intern("data")
+TOKEN_INITIAL = intern("initial")
+TOKEN_EOF = intern("eof")
+
+# bind operators to token types
+operators = {
+    "+": TOKEN_ADD,
+    "-": TOKEN_SUB,
+    "/": TOKEN_DIV,
+    "//": TOKEN_FLOORDIV,
+    "*": TOKEN_MUL,
+    "%": TOKEN_MOD,
+    "**": TOKEN_POW,
+    "~": TOKEN_TILDE,
+    "[": TOKEN_LBRACKET,
+    "]": TOKEN_RBRACKET,
+    "(": TOKEN_LPAREN,
+    ")": TOKEN_RPAREN,
+    "{": TOKEN_LBRACE,
+    "}": TOKEN_RBRACE,
+    "==": TOKEN_EQ,
+    "!=": TOKEN_NE,
+    ">": TOKEN_GT,
+    ">=": TOKEN_GTEQ,
+    "<": TOKEN_LT,
+    "<=": TOKEN_LTEQ,
+    "=": TOKEN_ASSIGN,
+    ".": TOKEN_DOT,
+    ":": TOKEN_COLON,
+    "|": TOKEN_PIPE,
+    ",": TOKEN_COMMA,
+    ";": TOKEN_SEMICOLON,
+}
+
+reverse_operators = {v: k for k, v in operators.items()}
+assert len(operators) == len(reverse_operators), "operators dropped"
+operator_re = re.compile(
+    f"({'|'.join(re.escape(x) for x in sorted(operators, key=lambda x: -len(x)))})"
+)
+
+ignored_tokens = frozenset(
+    [
+        TOKEN_COMMENT_BEGIN,
+        TOKEN_COMMENT,
+        TOKEN_COMMENT_END,
+        TOKEN_WHITESPACE,
+        TOKEN_LINECOMMENT_BEGIN,
+        TOKEN_LINECOMMENT_END,
+        TOKEN_LINECOMMENT,
+    ]
+)
+ignore_if_empty = frozenset(
+    [TOKEN_WHITESPACE, TOKEN_DATA, TOKEN_COMMENT, TOKEN_LINECOMMENT]
+)
+
+
+def _describe_token_type(token_type: str) -> str:
+    if token_type in reverse_operators:
+        return reverse_operators[token_type]
+
+    return {
+        TOKEN_COMMENT_BEGIN: "begin of comment",
+        TOKEN_COMMENT_END: "end of comment",
+        TOKEN_COMMENT: "comment",
+        TOKEN_LINECOMMENT: "comment",
+        TOKEN_BLOCK_BEGIN: "begin of statement block",
+        TOKEN_BLOCK_END: "end of statement block",
+        TOKEN_VARIABLE_BEGIN: "begin of print statement",
+        TOKEN_VARIABLE_END: "end of print statement",
+        TOKEN_LINESTATEMENT_BEGIN: "begin of line statement",
+        TOKEN_LINESTATEMENT_END: "end of line statement",
+        TOKEN_DATA: "template data / text",
+        TOKEN_EOF: "end of template",
+    }.get(token_type, token_type)
+
+
+def describe_token(token: "Token") -> str:
+    """Returns a description of the token."""
+    if token.type == TOKEN_NAME:
+        return token.value
+
+    return _describe_token_type(token.type)
+
+
+def describe_token_expr(expr: str) -> str:
+    """Like `describe_token` but for token expressions."""
+    if ":" in expr:
+        type, value = expr.split(":", 1)
+
+        if type == TOKEN_NAME:
+            return value
+    else:
+        type = expr
+
+    return _describe_token_type(type)
+
+
+def count_newlines(value: str) -> int:
+    """Count the number of newline characters in the string.  This is
+    useful for extensions that filter a stream.
+    """
+    return len(newline_re.findall(value))
+
+
+def compile_rules(environment: "Environment") -> t.List[t.Tuple[str, str]]:
+    """Compiles all the rules from the environment into a list of rules."""
+    e = re.escape
+    rules = [
+        (
+            len(environment.comment_start_string),
+            TOKEN_COMMENT_BEGIN,
+            e(environment.comment_start_string),
+        ),
+        (
+            len(environment.block_start_string),
+            TOKEN_BLOCK_BEGIN,
+            e(environment.block_start_string),
+        ),
+        (
+            len(environment.variable_start_string),
+            TOKEN_VARIABLE_BEGIN,
+            e(environment.variable_start_string),
+        ),
+    ]
+
+    if environment.line_statement_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_statement_prefix),
+                TOKEN_LINESTATEMENT_BEGIN,
+                r"^[ \t\v]*" + e(environment.line_statement_prefix),
+            )
+        )
+    if environment.line_comment_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_comment_prefix),
+                TOKEN_LINECOMMENT_BEGIN,
+                r"(?:^|(?<=\S))[^\S\r\n]*" + e(environment.line_comment_prefix),
+            )
+        )
+
+    return [x[1:] for x in sorted(rules, reverse=True)]
+
+
+class Failure:
+    """Class that raises a `TemplateSyntaxError` if called.
+    Used by the `Lexer` to specify known errors.
+    """
+
+    def __init__(
+        self, message: str, cls: t.Type[TemplateSyntaxError] = TemplateSyntaxError
+    ) -> None:
+        self.message = message
+        self.error_class = cls
+
+    def __call__(self, lineno: int, filename: str) -> "te.NoReturn":
+        raise self.error_class(self.message, lineno, filename)
+
+
+class Token(t.NamedTuple):
+    lineno: int
+    type: str
+    value: str
+
+    def __str__(self) -> str:
+        return describe_token(self)
+
+    def test(self, expr: str) -> bool:
+        """Test a token against a token expression.  This can either be a
+        token type or ``'token_type:token_value'``.  This can only test
+        against string values and types.
+        """
+        # here we do a regular string equality check as test_any is usually
+        # passed an iterable of not interned strings.
+        if self.type == expr:
+            return True
+
+        if ":" in expr:
+            return expr.split(":", 1) == [self.type, self.value]
+
+        return False
+
+    def test_any(self, *iterable: str) -> bool:
+        """Test against multiple token expressions."""
+        return any(self.test(expr) for expr in iterable)
+
+
+class TokenStreamIterator:
+    """The iterator for tokenstreams.  Iterate over the stream
+    until the eof token is reached.
+    """
+
+    def __init__(self, stream: "TokenStream") -> None:
+        self.stream = stream
+
+    def __iter__(self) -> "TokenStreamIterator":
+        return self
+
+    def __next__(self) -> Token:
+        token = self.stream.current
+
+        if token.type is TOKEN_EOF:
+            self.stream.close()
+            raise StopIteration
+
+        next(self.stream)
+        return token
+
+
+class TokenStream:
+    """A token stream is an iterable that yields :class:`Token`\\s.  The
+    parser however does not iterate over it but calls :meth:`next` to go
+    one token ahead.  The current active token is stored as :attr:`current`.
+    """
+
+    def __init__(
+        self,
+        generator: t.Iterable[Token],
+        name: t.Optional[str],
+        filename: t.Optional[str],
+    ):
+        self._iter = iter(generator)
+        self._pushed: "te.Deque[Token]" = deque()
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.current = Token(1, TOKEN_INITIAL, "")
+        next(self)
+
+    def __iter__(self) -> TokenStreamIterator:
+        return TokenStreamIterator(self)
+
+    def __bool__(self) -> bool:
+        return bool(self._pushed) or self.current.type is not TOKEN_EOF
+
+    @property
+    def eos(self) -> bool:
+        """Are we at the end of the stream?"""
+        return not self
+
+    def push(self, token: Token) -> None:
+        """Push a token back to the stream."""
+        self._pushed.append(token)
+
+    def look(self) -> Token:
+        """Look at the next token."""
+        old_token = next(self)
+        result = self.current
+        self.push(result)
+        self.current = old_token
+        return result
+
+    def skip(self, n: int = 1) -> None:
+        """Got n tokens ahead."""
+        for _ in range(n):
+            next(self)
+
+    def next_if(self, expr: str) -> t.Optional[Token]:
+        """Perform the token test and return the token if it matched.
+        Otherwise the return value is `None`.
+        """
+        if self.current.test(expr):
+            return next(self)
+
+        return None
+
+    def skip_if(self, expr: str) -> bool:
+        """Like :meth:`next_if` but only returns `True` or `False`."""
+        return self.next_if(expr) is not None
+
+    def __next__(self) -> Token:
+        """Go one token ahead and return the old one.
+
+        Use the built-in :func:`next` instead of calling this directly.
+        """
+        rv = self.current
+
+        if self._pushed:
+            self.current = self._pushed.popleft()
+        elif self.current.type is not TOKEN_EOF:
+            try:
+                self.current = next(self._iter)
+            except StopIteration:
+                self.close()
+
+        return rv
+
+    def close(self) -> None:
+        """Close the stream."""
+        self.current = Token(self.current.lineno, TOKEN_EOF, "")
+        self._iter = iter(())
+        self.closed = True
+
+    def expect(self, expr: str) -> Token:
+        """Expect a given token type and return it.  This accepts the same
+        argument as :meth:`jinja2.lexer.Token.test`.
+        """
+        if not self.current.test(expr):
+            expr = describe_token_expr(expr)
+
+            if self.current.type is TOKEN_EOF:
+                raise TemplateSyntaxError(
+                    f"unexpected end of template, expected {expr!r}.",
+                    self.current.lineno,
+                    self.name,
+                    self.filename,
+                )
+
+            raise TemplateSyntaxError(
+                f"expected token {expr!r}, got {describe_token(self.current)!r}",
+                self.current.lineno,
+                self.name,
+                self.filename,
+            )
+
+        return next(self)
+
+
+def get_lexer(environment: "Environment") -> "Lexer":
+    """Return a lexer which is probably cached."""
+    key = (
+        environment.block_start_string,
+        environment.block_end_string,
+        environment.variable_start_string,
+        environment.variable_end_string,
+        environment.comment_start_string,
+        environment.comment_end_string,
+        environment.line_statement_prefix,
+        environment.line_comment_prefix,
+        environment.trim_blocks,
+        environment.lstrip_blocks,
+        environment.newline_sequence,
+        environment.keep_trailing_newline,
+    )
+    lexer = _lexer_cache.get(key)
+
+    if lexer is None:
+        _lexer_cache[key] = lexer = Lexer(environment)
+
+    return lexer
+
+
+class OptionalLStrip(tuple):  # type: ignore[type-arg]
+    """A special tuple for marking a point in the state that can have
+    lstrip applied.
+    """
+
+    __slots__ = ()
+
+    # Even though it looks like a no-op, creating instances fails
+    # without this.
+    def __new__(cls, *members, **kwargs):  # type: ignore
+        return super().__new__(cls, members)
+
+
+class _Rule(t.NamedTuple):
+    pattern: t.Pattern[str]
+    tokens: t.Union[str, t.Tuple[str, ...], t.Tuple[Failure]]
+    command: t.Optional[str]
+
+
+class Lexer:
+    """Class that implements a lexer for a given environment. Automatically
+    created by the environment class, usually you don't have to do that.
+
+    Note that the lexer is not automatically bound to an environment.
+    Multiple environments can share the same lexer.
+    """
+
+    def __init__(self, environment: "Environment") -> None:
+        # shortcuts
+        e = re.escape
+
+        def c(x: str) -> t.Pattern[str]:
+            return re.compile(x, re.M | re.S)
+
+        # lexing rules for tags
+        tag_rules: t.List[_Rule] = [
+            _Rule(whitespace_re, TOKEN_WHITESPACE, None),
+            _Rule(float_re, TOKEN_FLOAT, None),
+            _Rule(integer_re, TOKEN_INTEGER, None),
+            _Rule(name_re, TOKEN_NAME, None),
+            _Rule(string_re, TOKEN_STRING, None),
+            _Rule(operator_re, TOKEN_OPERATOR, None),
+        ]
+
+        # assemble the root lexing rule. because "|" is ungreedy
+        # we have to sort by length so that the lexer continues working
+        # as expected when we have parsing rules like <% for block and
+        # <%= for variables. (if someone wants asp like syntax)
+        # variables are just part of the rules if variable processing
+        # is required.
+        root_tag_rules = compile_rules(environment)
+
+        block_start_re = e(environment.block_start_string)
+        block_end_re = e(environment.block_end_string)
+        comment_end_re = e(environment.comment_end_string)
+        variable_end_re = e(environment.variable_end_string)
+
+        # block suffix if trimming is enabled
+        block_suffix_re = "\\n?" if environment.trim_blocks else ""
+
+        self.lstrip_blocks = environment.lstrip_blocks
+
+        self.newline_sequence = environment.newline_sequence
+        self.keep_trailing_newline = environment.keep_trailing_newline
+
+        root_raw_re = (
+            rf"(?P<raw_begin>{block_start_re}(\-|\+|)\s*raw\s*"
+            rf"(?:\-{block_end_re}\s*|{block_end_re}))"
+        )
+        root_parts_re = "|".join(
+            [root_raw_re] + [rf"(?P<{n}>{r}(\-|\+|))" for n, r in root_tag_rules]
+        )
+
+        # global lexing rules
+        self.rules: t.Dict[str, t.List[_Rule]] = {
+            "root": [
+                # directives
+                _Rule(
+                    c(rf"(.*?)(?:{root_parts_re})"),
+                    OptionalLStrip(TOKEN_DATA, "#bygroup"),  # type: ignore
+                    "#bygroup",
+                ),
+                # data
+                _Rule(c(".+"), TOKEN_DATA, None),
+            ],
+            # comments
+            TOKEN_COMMENT_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:\+{comment_end_re}|\-{comment_end_re}\s*"
+                        rf"|{comment_end_re}{block_suffix_re}))"
+                    ),
+                    (TOKEN_COMMENT, TOKEN_COMMENT_END),
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of comment tag"),), None),
+            ],
+            # blocks
+            TOKEN_BLOCK_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re})"
+                    ),
+                    TOKEN_BLOCK_END,
+                    "#pop",
+                ),
+            ]
+            + tag_rules,
+            # variables
+            TOKEN_VARIABLE_BEGIN: [
+                _Rule(
+                    c(rf"\-{variable_end_re}\s*|{variable_end_re}"),
+                    TOKEN_VARIABLE_END,
+                    "#pop",
+                )
+            ]
+            + tag_rules,
+            # raw block
+            TOKEN_RAW_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:{block_start_re}(\-|\+|))\s*endraw\s*"
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re}))"
+                    ),
+                    OptionalLStrip(TOKEN_DATA, TOKEN_RAW_END),  # type: ignore
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of raw directive"),), None),
+            ],
+            # line statements
+            TOKEN_LINESTATEMENT_BEGIN: [
+                _Rule(c(r"\s*(\n|$)"), TOKEN_LINESTATEMENT_END, "#pop")
+            ]
+            + tag_rules,
+            # line comments
+            TOKEN_LINECOMMENT_BEGIN: [
+                _Rule(
+                    c(r"(.*?)()(?=\n|$)"),
+                    (TOKEN_LINECOMMENT, TOKEN_LINECOMMENT_END),
+                    "#pop",
+                )
+            ],
+        }
+
+    def _normalize_newlines(self, value: str) -> str:
+        """Replace all newlines with the configured sequence in strings
+        and template data.
+        """
+        return newline_re.sub(self.newline_sequence, value)
+
+    def tokenize(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Calls tokeniter + tokenize and wraps it in a token stream."""
+        stream = self.tokeniter(source, name, filename, state)
+        return TokenStream(self.wrap(stream, name, filename), name, filename)
+
+    def wrap(
+        self,
+        stream: t.Iterable[t.Tuple[int, str, str]],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[Token]:
+        """This is called with the stream as returned by `tokenize` and wraps
+        every token in a :class:`Token` and converts the value.
+        """
+        for lineno, token, value_str in stream:
+            if token in ignored_tokens:
+                continue
+
+            value: t.Any = value_str
+
+            if token == TOKEN_LINESTATEMENT_BEGIN:
+                token = TOKEN_BLOCK_BEGIN
+            elif token == TOKEN_LINESTATEMENT_END:
+                token = TOKEN_BLOCK_END
+            # we are not interested in those tokens in the parser
+            elif token in (TOKEN_RAW_BEGIN, TOKEN_RAW_END):
+                continue
+            elif token == TOKEN_DATA:
+                value = self._normalize_newlines(value_str)
+            elif token == "keyword":
+                token = value_str
+            elif token == TOKEN_NAME:
+                value = value_str
+
+                if not value.isidentifier():
+                    raise TemplateSyntaxError(
+                        "Invalid character in identifier", lineno, name, filename
+                    )
+            elif token == TOKEN_STRING:
+                # try to unescape string
+                try:
+                    value = (
+                        self._normalize_newlines(value_str[1:-1])
+                        .encode("ascii", "backslashreplace")
+                        .decode("unicode-escape")
+                    )
+                except Exception as e:
+                    msg = str(e).split(":")[-1].strip()
+                    raise TemplateSyntaxError(msg, lineno, name, filename) from e
+            elif token == TOKEN_INTEGER:
+                value = int(value_str.replace("_", ""), 0)
+            elif token == TOKEN_FLOAT:
+                # remove all "_" first to support more Python versions
+                value = literal_eval(value_str.replace("_", ""))
+            elif token == TOKEN_OPERATOR:
+                token = operators[value_str]
+
+            yield Token(lineno, token, value)
+
+    def tokeniter(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """This method tokenizes the text and returns the tokens in a
+        generator. Use this method if you just want to tokenize a template.
+
+        .. versionchanged:: 3.0
+            Only ``\\n``, ``\\r\\n`` and ``\\r`` are treated as line
+            breaks.
+        """
+        lines = newline_re.split(source)[::2]
+
+        if not self.keep_trailing_newline and lines[-1] == "":
+            del lines[-1]
+
+        source = "\n".join(lines)
+        pos = 0
+        lineno = 1
+        stack = ["root"]
+
+        if state is not None and state != "root":
+            assert state in ("variable", "block"), "invalid state"
+            stack.append(state + "_begin")
+
+        statetokens = self.rules[stack[-1]]
+        source_length = len(source)
+        balancing_stack: t.List[str] = []
+        newlines_stripped = 0
+        line_starting = True
+
+        while True:
+            # tokenizer loop
+            for regex, tokens, new_state in statetokens:
+                m = regex.match(source, pos)
+
+                # if no match we try again with the next rule
+                if m is None:
+                    continue
+
+                # we only match blocks and variables if braces / parentheses
+                # are balanced. continue parsing with the lower rule which
+                # is the operator rule. do this only if the end tags look
+                # like operators
+                if balancing_stack and tokens in (
+                    TOKEN_VARIABLE_END,
+                    TOKEN_BLOCK_END,
+                    TOKEN_LINESTATEMENT_END,
+                ):
+                    continue
+
+                # tuples support more options
+                if isinstance(tokens, tuple):
+                    groups: t.Sequence[str] = m.groups()
+
+                    if isinstance(tokens, OptionalLStrip):
+                        # Rule supports lstrip. Match will look like
+                        # text, block type, whitespace control, type, control, ...
+                        text = groups[0]
+                        # Skipping the text and first type, every other group is the
+                        # whitespace control for each type. One of the groups will be
+                        # -, +, or empty string instead of None.
+                        strip_sign = next(g for g in groups[2::2] if g is not None)
+
+                        if strip_sign == "-":
+                            # Strip all whitespace between the text and the tag.
+                            stripped = text.rstrip()
+                            newlines_stripped = text[len(stripped) :].count("\n")
+                            groups = [stripped, *groups[1:]]
+                        elif (
+                            # Not marked for preserving whitespace.
+                            strip_sign != "+"
+                            # lstrip is enabled.
+                            and self.lstrip_blocks
+                            # Not a variable expression.
+                            and not m.groupdict().get(TOKEN_VARIABLE_BEGIN)
+                        ):
+                            # The start of text between the last newline and the tag.
+                            l_pos = text.rfind("\n") + 1
+
+                            if l_pos > 0 or line_starting:
+                                # If there's only whitespace between the newline and the
+                                # tag, strip it.
+                                if whitespace_re.fullmatch(text, l_pos):
+                                    groups = [text[:l_pos], *groups[1:]]
+
+                    for idx, token in enumerate(tokens):
+                        # failure group
+                        if token.__class__ is Failure:
+                            raise token(lineno, filename)
+                        # bygroup is a bit more complex, in that case we
+                        # yield for the current token the first named
+                        # group that matched
+                        elif token == "#bygroup":
+                            for key, value in m.groupdict().items():
+                                if value is not None:
+                                    yield lineno, key, value
+                                    lineno += value.count("\n")
+                                    break
+                            else:
+                                raise RuntimeError(
+                                    f"{regex!r} wanted to resolve the token dynamically"
+                                    " but no group matched"
+                                )
+                        # normal group
+                        else:
+                            data = groups[idx]
+
+                            if data or token not in ignore_if_empty:
+                                yield lineno, token, data
+
+                            lineno += data.count("\n") + newlines_stripped
+                            newlines_stripped = 0
+
+                # strings as token just are yielded as it.
+                else:
+                    data = m.group()
+
+                    # update brace/parentheses balance
+                    if tokens == TOKEN_OPERATOR:
+                        if data == "{":
+                            balancing_stack.append("}")
+                        elif data == "(":
+                            balancing_stack.append(")")
+                        elif data == "[":
+                            balancing_stack.append("]")
+                        elif data in ("}", ")", "]"):
+                            if not balancing_stack:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}'", lineno, name, filename
+                                )
+
+                            expected_op = balancing_stack.pop()
+
+                            if expected_op != data:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}', expected '{expected_op}'",
+                                    lineno,
+                                    name,
+                                    filename,
+                                )
+
+                    # yield items
+                    if data or tokens not in ignore_if_empty:
+                        yield lineno, tokens, data
+
+                    lineno += data.count("\n")
+
+                line_starting = m.group()[-1:] == "\n"
+                # fetch new position into new variable so that we can check
+                # if there is a internal parsing error which would result
+                # in an infinite loop
+                pos2 = m.end()
+
+                # handle state changes
+                if new_state is not None:
+                    # remove the uppermost state
+                    if new_state == "#pop":
+                        stack.pop()
+                    # resolve the new state by group checking
+                    elif new_state == "#bygroup":
+                        for key, value in m.groupdict().items():
+                            if value is not None:
+                                stack.append(key)
+                                break
+                        else:
+                            raise RuntimeError(
+                                f"{regex!r} wanted to resolve the new state dynamically"
+                                f" but no group matched"
+                            )
+                    # direct state name given
+                    else:
+                        stack.append(new_state)
+
+                    statetokens = self.rules[stack[-1]]
+                # we are still at the same position and no stack change.
+                # this means a loop without break condition, avoid that and
+                # raise error
+                elif pos2 == pos:
+                    raise RuntimeError(
+                        f"{regex!r} yielded empty string without stack change"
+                    )
+
+                # publish new function and start again
+                pos = pos2
+                break
+            # if loop terminated without break we haven't found a single match
+            # either we are at the end of the file or we have a problem
+            else:
+                # end of text
+                if pos >= source_length:
+                    return
+
+                # something went wrong
+                raise TemplateSyntaxError(
+                    f"unexpected char {source[pos]!r} at {pos}", lineno, name, filename
+                )
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/loaders.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/loaders.py
new file mode 100644
index 000000000..9eaf647ba
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/loaders.py
@@ -0,0 +1,667 @@
+"""API and implementations for loading templates from different data
+sources.
+"""
+
+import importlib.util
+import os
+import posixpath
+import sys
+import typing as t
+import weakref
+import zipimport
+from collections import abc
+from hashlib import sha1
+from importlib import import_module
+from types import ModuleType
+
+from .exceptions import TemplateNotFound
+from .utils import internalcode
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+    from .environment import Template
+
+
+def split_template_path(template: str) -> t.List[str]:
+    """Split a path into segments and perform a sanity check.  If it detects
+    '..' in the path it will raise a `TemplateNotFound` error.
+    """
+    pieces = []
+    for piece in template.split("/"):
+        if (
+            os.path.sep in piece
+            or (os.path.altsep and os.path.altsep in piece)
+            or piece == os.path.pardir
+        ):
+            raise TemplateNotFound(template)
+        elif piece and piece != ".":
+            pieces.append(piece)
+    return pieces
+
+
+class BaseLoader:
+    """Baseclass for all loaders.  Subclass this and override `get_source` to
+    implement a custom loading mechanism.  The environment provides a
+    `get_template` method that calls the loader's `load` method to get the
+    :class:`Template` object.
+
+    A very basic example for a loader that looks up templates on the file
+    system could look like this::
+
+        from jinja2 import BaseLoader, TemplateNotFound
+        from os.path import join, exists, getmtime
+
+        class MyLoader(BaseLoader):
+
+            def __init__(self, path):
+                self.path = path
+
+            def get_source(self, environment, template):
+                path = join(self.path, template)
+                if not exists(path):
+                    raise TemplateNotFound(template)
+                mtime = getmtime(path)
+                with open(path) as f:
+                    source = f.read()
+                return source, path, lambda: mtime == getmtime(path)
+    """
+
+    #: if set to `False` it indicates that the loader cannot provide access
+    #: to the source of templates.
+    #:
+    #: .. versionadded:: 2.4
+    has_source_access = True
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        """Get the template source, filename and reload helper for a template.
+        It's passed the environment and template name and has to return a
+        tuple in the form ``(source, filename, uptodate)`` or raise a
+        `TemplateNotFound` error if it can't locate the template.
+
+        The source part of the returned tuple must be the source of the
+        template as a string. The filename should be the name of the
+        file on the filesystem if it was loaded from there, otherwise
+        ``None``. The filename is used by Python for the tracebacks
+        if no loader extension is used.
+
+        The last item in the tuple is the `uptodate` function.  If auto
+        reloading is enabled it's always called to check if the template
+        changed.  No arguments are passed so the function must store the
+        old state somewhere (for example in a closure).  If it returns `False`
+        the template will be reloaded.
+        """
+        if not self.has_source_access:
+            raise RuntimeError(
+                f"{type(self).__name__} cannot provide access to the source"
+            )
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        """Iterates over all templates.  If the loader does not support that
+        it should raise a :exc:`TypeError` which is the default behavior.
+        """
+        raise TypeError("this loader cannot iterate over all templates")
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Loads a template.  This method looks up the template in the cache
+        or loads one by calling :meth:`get_source`.  Subclasses should not
+        override this method as loaders working on collections of other
+        loaders (such as :class:`PrefixLoader` or :class:`ChoiceLoader`)
+        will not call this method but `get_source` directly.
+        """
+        code = None
+        if globals is None:
+            globals = {}
+
+        # first we try to get the source for this template together
+        # with the filename and the uptodate function.
+        source, filename, uptodate = self.get_source(environment, name)
+
+        # try to load the code from the bytecode cache if there is a
+        # bytecode cache configured.
+        bcc = environment.bytecode_cache
+        if bcc is not None:
+            bucket = bcc.get_bucket(environment, name, filename, source)
+            code = bucket.code
+
+        # if we don't have code so far (not cached, no longer up to
+        # date) etc. we compile the template
+        if code is None:
+            code = environment.compile(source, name, filename)
+
+        # if the bytecode cache is available and the bucket doesn't
+        # have a code so far, we give the bucket the new code and put
+        # it back to the bytecode cache.
+        if bcc is not None and bucket.code is None:
+            bucket.code = code
+            bcc.set_bucket(bucket)
+
+        return environment.template_class.from_code(
+            environment, code, globals, uptodate
+        )
+
+
+class FileSystemLoader(BaseLoader):
+    """Load templates from a directory in the file system.
+
+    The path can be relative or absolute. Relative paths are relative to
+    the current working directory.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader("templates")
+
+    A list of paths can be given. The directories will be searched in
+    order, stopping at the first matching template.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader(["/override/templates", "/default/templates"])
+
+    :param searchpath: A path, or list of paths, to the directory that
+        contains the templates.
+    :param encoding: Use this encoding to read the text from template
+        files.
+    :param followlinks: Follow symbolic links in the path.
+
+    .. versionchanged:: 2.8
+        Added the ``followlinks`` parameter.
+    """
+
+    def __init__(
+        self,
+        searchpath: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+        encoding: str = "utf-8",
+        followlinks: bool = False,
+    ) -> None:
+        if not isinstance(searchpath, abc.Iterable) or isinstance(searchpath, str):
+            searchpath = [searchpath]
+
+        self.searchpath = [os.fspath(p) for p in searchpath]
+        self.encoding = encoding
+        self.followlinks = followlinks
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Callable[[], bool]]:
+        pieces = split_template_path(template)
+
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+
+            if os.path.isfile(filename):
+                break
+        else:
+            raise TemplateNotFound(template)
+
+        with open(filename, encoding=self.encoding) as f:
+            contents = f.read()
+
+        mtime = os.path.getmtime(filename)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(filename) == mtime
+            except OSError:
+                return False
+
+        # Use normpath to convert Windows altsep to sep.
+        return contents, os.path.normpath(filename), uptodate
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for searchpath in self.searchpath:
+            walk_dir = os.walk(searchpath, followlinks=self.followlinks)
+            for dirpath, _, filenames in walk_dir:
+                for filename in filenames:
+                    template = (
+                        os.path.join(dirpath, filename)[len(searchpath) :]
+                        .strip(os.path.sep)
+                        .replace(os.path.sep, "/")
+                    )
+                    if template[:2] == "./":
+                        template = template[2:]
+                    if template not in found:
+                        found.add(template)
+        return sorted(found)
+
+
+class PackageLoader(BaseLoader):
+    """Load templates from a directory in a Python package.
+
+    :param package_name: Import name of the package that contains the
+        template directory.
+    :param package_path: Directory within the imported package that
+        contains the templates.
+    :param encoding: Encoding of template files.
+
+    The following example looks up templates in the ``pages`` directory
+    within the ``project.ui`` package.
+
+    .. code-block:: python
+
+        loader = PackageLoader("project.ui", "pages")
+
+    Only packages installed as directories (standard pip behavior) or
+    zip/egg files (less common) are supported. The Python API for
+    introspecting data in packages is too limited to support other
+    installation methods the way this loader requires.
+
+    There is limited support for :pep:`420` namespace packages. The
+    template directory is assumed to only be in one namespace
+    contributor. Zip files contributing to a namespace are not
+    supported.
+
+    .. versionchanged:: 3.0
+        No longer uses ``setuptools`` as a dependency.
+
+    .. versionchanged:: 3.0
+        Limited PEP 420 namespace package support.
+    """
+
+    def __init__(
+        self,
+        package_name: str,
+        package_path: "str" = "templates",
+        encoding: str = "utf-8",
+    ) -> None:
+        package_path = os.path.normpath(package_path).rstrip(os.path.sep)
+
+        # normpath preserves ".", which isn't valid in zip paths.
+        if package_path == os.path.curdir:
+            package_path = ""
+        elif package_path[:2] == os.path.curdir + os.path.sep:
+            package_path = package_path[2:]
+
+        self.package_path = package_path
+        self.package_name = package_name
+        self.encoding = encoding
+
+        # Make sure the package exists. This also makes namespace
+        # packages work, otherwise get_loader returns None.
+        import_module(package_name)
+        spec = importlib.util.find_spec(package_name)
+        assert spec is not None, "An import spec was not found for the package."
+        loader = spec.loader
+        assert loader is not None, "A loader was not found for the package."
+        self._loader = loader
+        self._archive = None
+        template_root = None
+
+        if isinstance(loader, zipimport.zipimporter):
+            self._archive = loader.archive
+            pkgdir = next(iter(spec.submodule_search_locations))  # type: ignore
+            template_root = os.path.join(pkgdir, package_path).rstrip(os.path.sep)
+        else:
+            roots: t.List[str] = []
+
+            # One element for regular packages, multiple for namespace
+            # packages, or None for single module file.
+            if spec.submodule_search_locations:
+                roots.extend(spec.submodule_search_locations)
+            # A single module file, use the parent directory instead.
+            elif spec.origin is not None:
+                roots.append(os.path.dirname(spec.origin))
+
+            for root in roots:
+                root = os.path.join(root, package_path)
+
+                if os.path.isdir(root):
+                    template_root = root
+                    break
+
+        if template_root is None:
+            raise ValueError(
+                f"The {package_name!r} package was not installed in a"
+                " way that PackageLoader understands."
+            )
+
+        self._template_root = template_root
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Optional[t.Callable[[], bool]]]:
+        # Use posixpath even on Windows to avoid "drive:" or UNC
+        # segments breaking out of the search directory. Use normpath to
+        # convert Windows altsep to sep.
+        p = os.path.normpath(
+            posixpath.join(self._template_root, *split_template_path(template))
+        )
+        up_to_date: t.Optional[t.Callable[[], bool]]
+
+        if self._archive is None:
+            # Package is a directory.
+            if not os.path.isfile(p):
+                raise TemplateNotFound(template)
+
+            with open(p, "rb") as f:
+                source = f.read()
+
+            mtime = os.path.getmtime(p)
+
+            def up_to_date() -> bool:
+                return os.path.isfile(p) and os.path.getmtime(p) == mtime
+
+        else:
+            # Package is a zip file.
+            try:
+                source = self._loader.get_data(p)  # type: ignore
+            except OSError as e:
+                raise TemplateNotFound(template) from e
+
+            # Could use the zip's mtime for all template mtimes, but
+            # would need to safely reload the module if it's out of
+            # date, so just report it as always current.
+            up_to_date = None
+
+        return source.decode(self.encoding), p, up_to_date
+
+    def list_templates(self) -> t.List[str]:
+        results: t.List[str] = []
+
+        if self._archive is None:
+            # Package is a directory.
+            offset = len(self._template_root)
+
+            for dirpath, _, filenames in os.walk(self._template_root):
+                dirpath = dirpath[offset:].lstrip(os.path.sep)
+                results.extend(
+                    os.path.join(dirpath, name).replace(os.path.sep, "/")
+                    for name in filenames
+                )
+        else:
+            if not hasattr(self._loader, "_files"):
+                raise TypeError(
+                    "This zip import does not have the required"
+                    " metadata to list templates."
+                )
+
+            # Package is a zip file.
+            prefix = (
+                self._template_root[len(self._archive) :].lstrip(os.path.sep)
+                + os.path.sep
+            )
+            offset = len(prefix)
+
+            for name in self._loader._files.keys():
+                # Find names under the templates directory that aren't directories.
+                if name.startswith(prefix) and name[-1] != os.path.sep:
+                    results.append(name[offset:].replace(os.path.sep, "/"))
+
+        results.sort()
+        return results
+
+
+class DictLoader(BaseLoader):
+    """Loads a template from a Python dict mapping template names to
+    template source.  This loader is useful for unittesting:
+
+    >>> loader = DictLoader({'index.html': 'source here'})
+
+    Because auto reloading is rarely useful this is disabled per default.
+    """
+
+    def __init__(self, mapping: t.Mapping[str, str]) -> None:
+        self.mapping = mapping
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, None, t.Callable[[], bool]]:
+        if template in self.mapping:
+            source = self.mapping[template]
+            return source, None, lambda: source == self.mapping.get(template)
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        return sorted(self.mapping)
+
+
+class FunctionLoader(BaseLoader):
+    """A loader that is passed a function which does the loading.  The
+    function receives the name of the template and has to return either
+    a string with the template source, a tuple in the form ``(source,
+    filename, uptodatefunc)`` or `None` if the template does not exist.
+
+    >>> def load_template(name):
+    ...     if name == 'index.html':
+    ...         return '...'
+    ...
+    >>> loader = FunctionLoader(load_template)
+
+    The `uptodatefunc` is a function that is called if autoreload is enabled
+    and has to return `True` if the template is still up to date.  For more
+    details have a look at :meth:`BaseLoader.get_source` which has the same
+    return value.
+    """
+
+    def __init__(
+        self,
+        load_func: t.Callable[
+            [str],
+            t.Optional[
+                t.Union[
+                    str, t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]
+                ]
+            ],
+        ],
+    ) -> None:
+        self.load_func = load_func
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        rv = self.load_func(template)
+
+        if rv is None:
+            raise TemplateNotFound(template)
+
+        if isinstance(rv, str):
+            return rv, None, None
+
+        return rv
+
+
+class PrefixLoader(BaseLoader):
+    """A loader that is passed a dict of loaders where each loader is bound
+    to a prefix.  The prefix is delimited from the template by a slash per
+    default, which can be changed by setting the `delimiter` argument to
+    something else::
+
+        loader = PrefixLoader({
+            'app1':     PackageLoader('mypackage.app1'),
+            'app2':     PackageLoader('mypackage.app2')
+        })
+
+    By loading ``'app1/index.html'`` the file from the app1 package is loaded,
+    by loading ``'app2/index.html'`` the file from the second.
+    """
+
+    def __init__(
+        self, mapping: t.Mapping[str, BaseLoader], delimiter: str = "/"
+    ) -> None:
+        self.mapping = mapping
+        self.delimiter = delimiter
+
+    def get_loader(self, template: str) -> t.Tuple[BaseLoader, str]:
+        try:
+            prefix, name = template.split(self.delimiter, 1)
+            loader = self.mapping[prefix]
+        except (ValueError, KeyError) as e:
+            raise TemplateNotFound(template) from e
+        return loader, name
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        loader, name = self.get_loader(template)
+        try:
+            return loader.get_source(environment, name)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(template) from e
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        loader, local_name = self.get_loader(name)
+        try:
+            return loader.load(environment, local_name, globals)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(name) from e
+
+    def list_templates(self) -> t.List[str]:
+        result = []
+        for prefix, loader in self.mapping.items():
+            for template in loader.list_templates():
+                result.append(prefix + self.delimiter + template)
+        return result
+
+
+class ChoiceLoader(BaseLoader):
+    """This loader works like the `PrefixLoader` just that no prefix is
+    specified.  If a template could not be found by one loader the next one
+    is tried.
+
+    >>> loader = ChoiceLoader([
+    ...     FileSystemLoader('/path/to/user/templates'),
+    ...     FileSystemLoader('/path/to/system/templates')
+    ... ])
+
+    This is useful if you want to allow users to override builtin templates
+    from a different location.
+    """
+
+    def __init__(self, loaders: t.Sequence[BaseLoader]) -> None:
+        self.loaders = loaders
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        for loader in self.loaders:
+            try:
+                return loader.get_source(environment, template)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(template)
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        for loader in self.loaders:
+            try:
+                return loader.load(environment, name, globals)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(name)
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for loader in self.loaders:
+            found.update(loader.list_templates())
+        return sorted(found)
+
+
+class _TemplateModule(ModuleType):
+    """Like a normal module but with support for weak references"""
+
+
+class ModuleLoader(BaseLoader):
+    """This loader loads templates from precompiled templates.
+
+    Example usage:
+
+    >>> loader = ChoiceLoader([
+    ...     ModuleLoader('/path/to/compiled/templates'),
+    ...     FileSystemLoader('/path/to/templates')
+    ... ])
+
+    Templates can be precompiled with :meth:`Environment.compile_templates`.
+    """
+
+    has_source_access = False
+
+    def __init__(
+        self,
+        path: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+    ) -> None:
+        package_name = f"_jinja2_module_templates_{id(self):x}"
+
+        # create a fake module that looks for the templates in the
+        # path given.
+        mod = _TemplateModule(package_name)
+
+        if not isinstance(path, abc.Iterable) or isinstance(path, str):
+            path = [path]
+
+        mod.__path__ = [os.fspath(p) for p in path]
+
+        sys.modules[package_name] = weakref.proxy(
+            mod, lambda x: sys.modules.pop(package_name, None)
+        )
+
+        # the only strong reference, the sys.modules entry is weak
+        # so that the garbage collector can remove it once the
+        # loader that created it goes out of business.
+        self.module = mod
+        self.package_name = package_name
+
+    @staticmethod
+    def get_template_key(name: str) -> str:
+        return "tmpl_" + sha1(name.encode("utf-8")).hexdigest()
+
+    @staticmethod
+    def get_module_filename(name: str) -> str:
+        return ModuleLoader.get_template_key(name) + ".py"
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        key = self.get_template_key(name)
+        module = f"{self.package_name}.{key}"
+        mod = getattr(self.module, module, None)
+
+        if mod is None:
+            try:
+                mod = __import__(module, None, None, ["root"])
+            except ImportError as e:
+                raise TemplateNotFound(name) from e
+
+            # remove the entry from sys.modules, we only want the attribute
+            # on the module object we have stored on the loader.
+            sys.modules.pop(module, None)
+
+        if globals is None:
+            globals = {}
+
+        return environment.template_class.from_module_dict(
+            environment, mod.__dict__, globals
+        )
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/meta.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/meta.py
new file mode 100644
index 000000000..298499e26
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/meta.py
@@ -0,0 +1,112 @@
+"""Functions that expose information about templates that might be
+interesting for introspection.
+"""
+
+import typing as t
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+class TrackingCodeGenerator(CodeGenerator):
+    """We abuse the code generator for introspection."""
+
+    def __init__(self, environment: "Environment") -> None:
+        super().__init__(environment, "<introspection>", "<introspection>")
+        self.undeclared_identifiers: t.Set[str] = set()
+
+    def write(self, x: str) -> None:
+        """Don't write."""
+
+    def enter_frame(self, frame: Frame) -> None:
+        """Remember all undeclared identifiers."""
+        super().enter_frame(frame)
+
+        for _, (action, param) in frame.symbols.loads.items():
+            if action == "resolve" and param not in self.environment.globals:
+                self.undeclared_identifiers.add(param)
+
+
+def find_undeclared_variables(ast: nodes.Template) -> t.Set[str]:
+    """Returns a set of all variables in the AST that will be looked up from
+    the context at runtime.  Because at compile time it's not known which
+    variables will be used depending on the path the execution takes at
+    runtime, all variables are returned.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% set foo = 42 %}{{ bar + foo }}')
+    >>> meta.find_undeclared_variables(ast) == {'bar'}
+    True
+
+    .. admonition:: Implementation
+
+       Internally the code generator is used for finding undeclared variables.
+       This is good to know because the code generator might raise a
+       :exc:`TemplateAssertionError` during compilation and as a matter of
+       fact this function can currently raise that exception as well.
+    """
+    codegen = TrackingCodeGenerator(ast.environment)  # type: ignore
+    codegen.visit(ast)
+    return codegen.undeclared_identifiers
+
+
+_ref_types = (nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include)
+_RefType = t.Union[nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include]
+
+
+def find_referenced_templates(ast: nodes.Template) -> t.Iterator[t.Optional[str]]:
+    """Finds all the referenced templates from the AST.  This will return an
+    iterator over all the hardcoded template extensions, inclusions and
+    imports.  If dynamic inheritance or inclusion is used, `None` will be
+    yielded.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% extends "layout.html" %}{% include helper %}')
+    >>> list(meta.find_referenced_templates(ast))
+    ['layout.html', None]
+
+    This function is useful for dependency tracking.  For example if you want
+    to rebuild parts of the website after a layout template has changed.
+    """
+    template_name: t.Any
+
+    for node in ast.find_all(_ref_types):
+        template: nodes.Expr = node.template  # type: ignore
+
+        if not isinstance(template, nodes.Const):
+            # a tuple with some non consts in there
+            if isinstance(template, (nodes.Tuple, nodes.List)):
+                for template_name in template.items:
+                    # something const, only yield the strings and ignore
+                    # non-string consts that really just make no sense
+                    if isinstance(template_name, nodes.Const):
+                        if isinstance(template_name.value, str):
+                            yield template_name.value
+                    # something dynamic in there
+                    else:
+                        yield None
+            # something dynamic we don't know about here
+            else:
+                yield None
+            continue
+        # constant is a basestring, direct template name
+        if isinstance(template.value, str):
+            yield template.value
+        # a tuple or list (latter *should* not happen) made of consts,
+        # yield the consts that are strings.  We could warn here for
+        # non string values
+        elif isinstance(node, nodes.Include) and isinstance(
+            template.value, (tuple, list)
+        ):
+            for template_name in template.value:
+                if isinstance(template_name, str):
+                    yield template_name
+        # something else we don't care about, we could warn here
+        else:
+            yield None
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/nativetypes.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/nativetypes.py
new file mode 100644
index 000000000..71db8cc31
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/nativetypes.py
@@ -0,0 +1,130 @@
+import typing as t
+from ast import literal_eval
+from ast import parse
+from itertools import chain
+from itertools import islice
+from types import GeneratorType
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+from .compiler import has_safe_repr
+from .environment import Environment
+from .environment import Template
+
+
+def native_concat(values: t.Iterable[t.Any]) -> t.Optional[t.Any]:
+    """Return a native Python type from the list of compiled nodes. If
+    the result is a single node, its value is returned. Otherwise, the
+    nodes are concatenated as strings. If the result can be parsed with
+    :func:`ast.literal_eval`, the parsed value is returned. Otherwise,
+    the string is returned.
+
+    :param values: Iterable of outputs to concatenate.
+    """
+    head = list(islice(values, 2))
+
+    if not head:
+        return None
+
+    if len(head) == 1:
+        raw = head[0]
+        if not isinstance(raw, str):
+            return raw
+    else:
+        if isinstance(values, GeneratorType):
+            values = chain(head, values)
+        raw = "".join([str(v) for v in values])
+
+    try:
+        return literal_eval(
+            # In Python 3.10+ ast.literal_eval removes leading spaces/tabs
+            # from the given string. For backwards compatibility we need to
+            # parse the string ourselves without removing leading spaces/tabs.
+            parse(raw, mode="eval")
+        )
+    except (ValueError, SyntaxError, MemoryError):
+        return raw
+
+
+class NativeCodeGenerator(CodeGenerator):
+    """A code generator which renders Python types by not adding
+    ``str()`` around output nodes.
+    """
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        return value
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        return repr("".join([str(v) for v in group]))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> t.Any:
+        const = node.as_const(frame.eval_ctx)
+
+        if not has_safe_repr(const):
+            raise nodes.Impossible()
+
+        if isinstance(node, nodes.TemplateData):
+            return const
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(")")
+
+
+class NativeEnvironment(Environment):
+    """An environment that renders templates to native Python types."""
+
+    code_generator_class = NativeCodeGenerator
+    concat = staticmethod(native_concat)  # type: ignore
+
+
+class NativeTemplate(Template):
+    environment_class = NativeEnvironment
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Render the template to produce a native Python type. If the
+        result is a single node, its value is returned. Otherwise, the
+        nodes are concatenated as strings. If the result can be parsed
+        with :func:`ast.literal_eval`, the parsed value is returned.
+        Otherwise, the string is returned.
+        """
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                self.root_render_func(ctx)
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+
+NativeEnvironment.template_class = NativeTemplate
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/nodes.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/nodes.py
new file mode 100644
index 000000000..2f93b90ec
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/nodes.py
@@ -0,0 +1,1206 @@
+"""AST nodes generated by the parser for the compiler. Also provides
+some node tree helper functions used by the parser and compiler in order
+to normalize nodes.
+"""
+
+import inspect
+import operator
+import typing as t
+from collections import deque
+
+from markupsafe import Markup
+
+from .utils import _PassArg
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_NodeBound = t.TypeVar("_NodeBound", bound="Node")
+
+_binop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "*": operator.mul,
+    "/": operator.truediv,
+    "//": operator.floordiv,
+    "**": operator.pow,
+    "%": operator.mod,
+    "+": operator.add,
+    "-": operator.sub,
+}
+
+_uaop_to_func: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+    "not": operator.not_,
+    "+": operator.pos,
+    "-": operator.neg,
+}
+
+_cmpop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "eq": operator.eq,
+    "ne": operator.ne,
+    "gt": operator.gt,
+    "gteq": operator.ge,
+    "lt": operator.lt,
+    "lteq": operator.le,
+    "in": lambda a, b: a in b,
+    "notin": lambda a, b: a not in b,
+}
+
+
+class Impossible(Exception):
+    """Raised if the node could not perform a requested action."""
+
+
+class NodeType(type):
+    """A metaclass for nodes that handles the field and attribute
+    inheritance.  fields and attributes from the parent class are
+    automatically forwarded to the child."""
+
+    def __new__(mcs, name, bases, d):  # type: ignore
+        for attr in "fields", "attributes":
+            storage: t.List[t.Tuple[str, ...]] = []
+            storage.extend(getattr(bases[0] if bases else object, attr, ()))
+            storage.extend(d.get(attr, ()))
+            assert len(bases) <= 1, "multiple inheritance not allowed"
+            assert len(storage) == len(set(storage)), "layout conflict"
+            d[attr] = tuple(storage)
+        d.setdefault("abstract", False)
+        return type.__new__(mcs, name, bases, d)
+
+
+class EvalContext:
+    """Holds evaluation time information.  Custom attributes can be attached
+    to it in extensions.
+    """
+
+    def __init__(
+        self, environment: "Environment", template_name: t.Optional[str] = None
+    ) -> None:
+        self.environment = environment
+        if callable(environment.autoescape):
+            self.autoescape = environment.autoescape(template_name)
+        else:
+            self.autoescape = environment.autoescape
+        self.volatile = False
+
+    def save(self) -> t.Mapping[str, t.Any]:
+        return self.__dict__.copy()
+
+    def revert(self, old: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.clear()
+        self.__dict__.update(old)
+
+
+def get_eval_context(node: "Node", ctx: t.Optional[EvalContext]) -> EvalContext:
+    if ctx is None:
+        if node.environment is None:
+            raise RuntimeError(
+                "if no eval context is passed, the node must have an"
+                " attached environment."
+            )
+        return EvalContext(node.environment)
+    return ctx
+
+
+class Node(metaclass=NodeType):
+    """Baseclass for all Jinja nodes.  There are a number of nodes available
+    of different types.  There are four major types:
+
+    -   :class:`Stmt`: statements
+    -   :class:`Expr`: expressions
+    -   :class:`Helper`: helper nodes
+    -   :class:`Template`: the outermost wrapper node
+
+    All nodes have fields and attributes.  Fields may be other nodes, lists,
+    or arbitrary values.  Fields are passed to the constructor as regular
+    positional arguments, attributes as keyword arguments.  Each node has
+    two attributes: `lineno` (the line number of the node) and `environment`.
+    The `environment` attribute is set at the end of the parsing process for
+    all nodes automatically.
+    """
+
+    fields: t.Tuple[str, ...] = ()
+    attributes: t.Tuple[str, ...] = ("lineno", "environment")
+    abstract = True
+
+    lineno: int
+    environment: t.Optional["Environment"]
+
+    def __init__(self, *fields: t.Any, **attributes: t.Any) -> None:
+        if self.abstract:
+            raise TypeError("abstract nodes are not instantiable")
+        if fields:
+            if len(fields) != len(self.fields):
+                if not self.fields:
+                    raise TypeError(f"{type(self).__name__!r} takes 0 arguments")
+                raise TypeError(
+                    f"{type(self).__name__!r} takes 0 or {len(self.fields)}"
+                    f" argument{'s' if len(self.fields) != 1 else ''}"
+                )
+            for name, arg in zip(self.fields, fields):
+                setattr(self, name, arg)
+        for attr in self.attributes:
+            setattr(self, attr, attributes.pop(attr, None))
+        if attributes:
+            raise TypeError(f"unknown attribute {next(iter(attributes))!r}")
+
+    def iter_fields(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator[t.Tuple[str, t.Any]]:
+        """This method iterates over all fields that are defined and yields
+        ``(key, value)`` tuples.  Per default all fields are returned, but
+        it's possible to limit that to some fields by providing the `only`
+        parameter or to exclude some using the `exclude` parameter.  Both
+        should be sets or tuples of field names.
+        """
+        for name in self.fields:
+            if (
+                (exclude is None and only is None)
+                or (exclude is not None and name not in exclude)
+                or (only is not None and name in only)
+            ):
+                try:
+                    yield name, getattr(self, name)
+                except AttributeError:
+                    pass
+
+    def iter_child_nodes(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator["Node"]:
+        """Iterates over all direct child nodes of the node.  This iterates
+        over all fields and yields the values of they are nodes.  If the value
+        of a field is a list all the nodes in that list are returned.
+        """
+        for _, item in self.iter_fields(exclude, only):
+            if isinstance(item, list):
+                for n in item:
+                    if isinstance(n, Node):
+                        yield n
+            elif isinstance(item, Node):
+                yield item
+
+    def find(self, node_type: t.Type[_NodeBound]) -> t.Optional[_NodeBound]:
+        """Find the first node of a given type.  If no such node exists the
+        return value is `None`.
+        """
+        for result in self.find_all(node_type):
+            return result
+
+        return None
+
+    def find_all(
+        self, node_type: t.Union[t.Type[_NodeBound], t.Tuple[t.Type[_NodeBound], ...]]
+    ) -> t.Iterator[_NodeBound]:
+        """Find all the nodes of a given type.  If the type is a tuple,
+        the check is performed for any of the tuple items.
+        """
+        for child in self.iter_child_nodes():
+            if isinstance(child, node_type):
+                yield child  # type: ignore
+            yield from child.find_all(node_type)
+
+    def set_ctx(self, ctx: str) -> "Node":
+        """Reset the context of a node and all child nodes.  Per default the
+        parser will all generate nodes that have a 'load' context as it's the
+        most common one.  This method is used in the parser to set assignment
+        targets and other nodes to a store context.
+        """
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "ctx" in node.fields:
+                node.ctx = ctx  # type: ignore
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_lineno(self, lineno: int, override: bool = False) -> "Node":
+        """Set the line numbers of the node and children."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "lineno" in node.attributes:
+                if node.lineno is None or override:
+                    node.lineno = lineno
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_environment(self, environment: "Environment") -> "Node":
+        """Set the environment for all nodes."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            node.environment = environment
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def __eq__(self, other: t.Any) -> bool:
+        if type(self) is not type(other):
+            return NotImplemented
+
+        return tuple(self.iter_fields()) == tuple(other.iter_fields())
+
+    __hash__ = object.__hash__
+
+    def __repr__(self) -> str:
+        args_str = ", ".join(f"{a}={getattr(self, a, None)!r}" for a in self.fields)
+        return f"{type(self).__name__}({args_str})"
+
+    def dump(self) -> str:
+        def _dump(node: t.Union[Node, t.Any]) -> None:
+            if not isinstance(node, Node):
+                buf.append(repr(node))
+                return
+
+            buf.append(f"nodes.{type(node).__name__}(")
+            if not node.fields:
+                buf.append(")")
+                return
+            for idx, field in enumerate(node.fields):
+                if idx:
+                    buf.append(", ")
+                value = getattr(node, field)
+                if isinstance(value, list):
+                    buf.append("[")
+                    for idx, item in enumerate(value):
+                        if idx:
+                            buf.append(", ")
+                        _dump(item)
+                    buf.append("]")
+                else:
+                    _dump(value)
+            buf.append(")")
+
+        buf: t.List[str] = []
+        _dump(self)
+        return "".join(buf)
+
+
+class Stmt(Node):
+    """Base node for all statements."""
+
+    abstract = True
+
+
+class Helper(Node):
+    """Nodes that exist in a specific context only."""
+
+    abstract = True
+
+
+class Template(Node):
+    """Node that represents a template.  This must be the outermost node that
+    is passed to the compiler.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class Output(Stmt):
+    """A node that holds multiple expressions which are then printed out.
+    This is used both for the `print` statement and the regular template data.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List["Expr"]
+
+
+class Extends(Stmt):
+    """Represents an extends statement."""
+
+    fields = ("template",)
+    template: "Expr"
+
+
+class For(Stmt):
+    """The for loop.  `target` is the target for the iteration (usually a
+    :class:`Name` or :class:`Tuple`), `iter` the iterable.  `body` is a list
+    of nodes that are used as loop-body, and `else_` a list of nodes for the
+    `else` block.  If no else node exists it has to be an empty list.
+
+    For filtered nodes an expression can be stored as `test`, otherwise `None`.
+    """
+
+    fields = ("target", "iter", "body", "else_", "test", "recursive")
+    target: Node
+    iter: Node
+    body: t.List[Node]
+    else_: t.List[Node]
+    test: t.Optional[Node]
+    recursive: bool
+
+
+class If(Stmt):
+    """If `test` is true, `body` is rendered, else `else_`."""
+
+    fields = ("test", "body", "elif_", "else_")
+    test: Node
+    body: t.List[Node]
+    elif_: t.List["If"]
+    else_: t.List[Node]
+
+
+class Macro(Stmt):
+    """A macro definition.  `name` is the name of the macro, `args` a list of
+    arguments and `defaults` a list of defaults if there are any.  `body` is
+    a list of nodes for the macro body.
+    """
+
+    fields = ("name", "args", "defaults", "body")
+    name: str
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class CallBlock(Stmt):
+    """Like a macro without a name but a call instead.  `call` is called with
+    the unnamed macro as `caller` argument this node holds.
+    """
+
+    fields = ("call", "args", "defaults", "body")
+    call: "Call"
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class FilterBlock(Stmt):
+    """Node for filter sections."""
+
+    fields = ("body", "filter")
+    body: t.List[Node]
+    filter: "Filter"
+
+
+class With(Stmt):
+    """Specific node for with statements.  In older versions of Jinja the
+    with statement was implemented on the base of the `Scope` node instead.
+
+    .. versionadded:: 2.9.3
+    """
+
+    fields = ("targets", "values", "body")
+    targets: t.List["Expr"]
+    values: t.List["Expr"]
+    body: t.List[Node]
+
+
+class Block(Stmt):
+    """A node that represents a block.
+
+    .. versionchanged:: 3.0.0
+        the `required` field was added.
+    """
+
+    fields = ("name", "body", "scoped", "required")
+    name: str
+    body: t.List[Node]
+    scoped: bool
+    required: bool
+
+
+class Include(Stmt):
+    """A node that represents the include tag."""
+
+    fields = ("template", "with_context", "ignore_missing")
+    template: "Expr"
+    with_context: bool
+    ignore_missing: bool
+
+
+class Import(Stmt):
+    """A node that represents the import tag."""
+
+    fields = ("template", "target", "with_context")
+    template: "Expr"
+    target: str
+    with_context: bool
+
+
+class FromImport(Stmt):
+    """A node that represents the from import tag.  It's important to not
+    pass unsafe names to the name attribute.  The compiler translates the
+    attribute lookups directly into getattr calls and does *not* use the
+    subscript callback of the interface.  As exported variables may not
+    start with double underscores (which the parser asserts) this is not a
+    problem for regular Jinja code, but if this node is used in an extension
+    extra care must be taken.
+
+    The list of names may contain tuples if aliases are wanted.
+    """
+
+    fields = ("template", "names", "with_context")
+    template: "Expr"
+    names: t.List[t.Union[str, t.Tuple[str, str]]]
+    with_context: bool
+
+
+class ExprStmt(Stmt):
+    """A statement that evaluates an expression and discards the result."""
+
+    fields = ("node",)
+    node: Node
+
+
+class Assign(Stmt):
+    """Assigns an expression to a target."""
+
+    fields = ("target", "node")
+    target: "Expr"
+    node: Node
+
+
+class AssignBlock(Stmt):
+    """Assigns a block to a target."""
+
+    fields = ("target", "filter", "body")
+    target: "Expr"
+    filter: t.Optional["Filter"]
+    body: t.List[Node]
+
+
+class Expr(Node):
+    """Baseclass for all expressions."""
+
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        """Return the value of the expression as constant or raise
+        :exc:`Impossible` if this was not possible.
+
+        An :class:`EvalContext` can be provided, if none is given
+        a default context is created which requires the nodes to have
+        an attached environment.
+
+        .. versionchanged:: 2.4
+           the `eval_ctx` parameter was added.
+        """
+        raise Impossible()
+
+    def can_assign(self) -> bool:
+        """Check if it's possible to assign something to this node."""
+        return False
+
+
+class BinExpr(Expr):
+    """Baseclass for all binary expressions."""
+
+    fields = ("left", "right")
+    left: Expr
+    right: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_binops  # type: ignore
+        ):
+            raise Impossible()
+        f = _binop_to_func[self.operator]
+        try:
+            return f(self.left.as_const(eval_ctx), self.right.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class UnaryExpr(Expr):
+    """Baseclass for all unary expressions."""
+
+    fields = ("node",)
+    node: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_unops  # type: ignore
+        ):
+            raise Impossible()
+        f = _uaop_to_func[self.operator]
+        try:
+            return f(self.node.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Name(Expr):
+    """Looks up a name or stores a value in a name.
+    The `ctx` of the node can be one of the following values:
+
+    -   `store`: store a value in the name
+    -   `load`: load that name
+    -   `param`: like `store` but if the name was defined as function parameter.
+    """
+
+    fields = ("name", "ctx")
+    name: str
+    ctx: str
+
+    def can_assign(self) -> bool:
+        return self.name not in {"true", "false", "none", "True", "False", "None"}
+
+
+class NSRef(Expr):
+    """Reference to a namespace value assignment"""
+
+    fields = ("name", "attr")
+    name: str
+    attr: str
+
+    def can_assign(self) -> bool:
+        # We don't need any special checks here; NSRef assignments have a
+        # runtime check to ensure the target is a namespace object which will
+        # have been checked already as it is created using a normal assignment
+        # which goes through a `Name` node.
+        return True
+
+
+class Literal(Expr):
+    """Baseclass for literals."""
+
+    abstract = True
+
+
+class Const(Literal):
+    """All constant values.  The parser will return this node for simple
+    constants such as ``42`` or ``"foo"`` but it can be used to store more
+    complex values such as lists too.  Only constants with a safe
+    representation (objects where ``eval(repr(x)) == x`` is true).
+    """
+
+    fields = ("value",)
+    value: t.Any
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        return self.value
+
+    @classmethod
+    def from_untrusted(
+        cls,
+        value: t.Any,
+        lineno: t.Optional[int] = None,
+        environment: "t.Optional[Environment]" = None,
+    ) -> "Const":
+        """Return a const object if the value is representable as
+        constant value in the generated code, otherwise it will raise
+        an `Impossible` exception.
+        """
+        from .compiler import has_safe_repr
+
+        if not has_safe_repr(value):
+            raise Impossible()
+        return cls(value, lineno=lineno, environment=environment)
+
+
+class TemplateData(Literal):
+    """A constant template string."""
+
+    fields = ("data",)
+    data: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        if eval_ctx.autoescape:
+            return Markup(self.data)
+        return self.data
+
+
+class Tuple(Literal):
+    """For loop unpacking and some other things like multiple arguments
+    for subscripts.  Like for :class:`Name` `ctx` specifies if the tuple
+    is used for loading the names or storing.
+    """
+
+    fields = ("items", "ctx")
+    items: t.List[Expr]
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[t.Any, ...]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return tuple(x.as_const(eval_ctx) for x in self.items)
+
+    def can_assign(self) -> bool:
+        for item in self.items:
+            if not item.can_assign():
+                return False
+        return True
+
+
+class List(Literal):
+    """Any list literal such as ``[1, 2, 3]``"""
+
+    fields = ("items",)
+    items: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.List[t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return [x.as_const(eval_ctx) for x in self.items]
+
+
+class Dict(Literal):
+    """Any dict literal such as ``{1: 2, 3: 4}``.  The items must be a list of
+    :class:`Pair` nodes.
+    """
+
+    fields = ("items",)
+    items: t.List["Pair"]
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Dict[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return dict(x.as_const(eval_ctx) for x in self.items)
+
+
+class Pair(Helper):
+    """A key, value pair for dicts."""
+
+    fields = ("key", "value")
+    key: Expr
+    value: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Tuple[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key.as_const(eval_ctx), self.value.as_const(eval_ctx)
+
+
+class Keyword(Helper):
+    """A key, value pair for keyword arguments where key is a string."""
+
+    fields = ("key", "value")
+    key: str
+    value: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[str, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key, self.value.as_const(eval_ctx)
+
+
+class CondExpr(Expr):
+    """A conditional expression (inline if expression).  (``{{
+    foo if bar else baz }}``)
+    """
+
+    fields = ("test", "expr1", "expr2")
+    test: Expr
+    expr1: Expr
+    expr2: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if self.test.as_const(eval_ctx):
+            return self.expr1.as_const(eval_ctx)
+
+        # if we evaluate to an undefined object, we better do that at runtime
+        if self.expr2 is None:
+            raise Impossible()
+
+        return self.expr2.as_const(eval_ctx)
+
+
+def args_as_const(
+    node: t.Union["_FilterTestCommon", "Call"], eval_ctx: t.Optional[EvalContext]
+) -> t.Tuple[t.List[t.Any], t.Dict[t.Any, t.Any]]:
+    args = [x.as_const(eval_ctx) for x in node.args]
+    kwargs = dict(x.as_const(eval_ctx) for x in node.kwargs)
+
+    if node.dyn_args is not None:
+        try:
+            args.extend(node.dyn_args.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    if node.dyn_kwargs is not None:
+        try:
+            kwargs.update(node.dyn_kwargs.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    return args, kwargs
+
+
+class _FilterTestCommon(Expr):
+    fields = ("node", "name", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    name: str
+    args: t.List[Expr]
+    kwargs: t.List[Pair]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+    abstract = True
+    _is_filter = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        if eval_ctx.volatile:
+            raise Impossible()
+
+        if self._is_filter:
+            env_map = eval_ctx.environment.filters
+        else:
+            env_map = eval_ctx.environment.tests
+
+        func = env_map.get(self.name)
+        pass_arg = _PassArg.from_obj(func)  # type: ignore
+
+        if func is None or pass_arg is _PassArg.context:
+            raise Impossible()
+
+        if eval_ctx.environment.is_async and (
+            getattr(func, "jinja_async_variant", False) is True
+            or inspect.iscoroutinefunction(func)
+        ):
+            raise Impossible()
+
+        args, kwargs = args_as_const(self, eval_ctx)
+        args.insert(0, self.node.as_const(eval_ctx))
+
+        if pass_arg is _PassArg.eval_context:
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, eval_ctx.environment)
+
+        try:
+            return func(*args, **kwargs)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Filter(_FilterTestCommon):
+    """Apply a filter to an expression. ``name`` is the name of the
+    filter, the other fields are the same as :class:`Call`.
+
+    If ``node`` is ``None``, the filter is being used in a filter block
+    and is applied to the content of the block.
+    """
+
+    node: t.Optional[Expr]  # type: ignore
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.node is None:
+            raise Impossible()
+
+        return super().as_const(eval_ctx=eval_ctx)
+
+
+class Test(_FilterTestCommon):
+    """Apply a test to an expression. ``name`` is the name of the test,
+    the other field are the same as :class:`Call`.
+
+    .. versionchanged:: 3.0
+        ``as_const`` shares the same logic for filters and tests. Tests
+        check for volatile, async, and ``@pass_context`` etc.
+        decorators.
+    """
+
+    _is_filter = False
+
+
+class Call(Expr):
+    """Calls an expression.  `args` is a list of arguments, `kwargs` a list
+    of keyword arguments (list of :class:`Keyword` nodes), and `dyn_args`
+    and `dyn_kwargs` has to be either `None` or a node that is used as
+    node for dynamic positional (``*args``) or keyword (``**kwargs``)
+    arguments.
+    """
+
+    fields = ("node", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    args: t.List[Expr]
+    kwargs: t.List[Keyword]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+
+
+class Getitem(Expr):
+    """Get an attribute or item from an expression and prefer the item."""
+
+    fields = ("node", "arg", "ctx")
+    node: Expr
+    arg: Expr
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getitem(
+                self.node.as_const(eval_ctx), self.arg.as_const(eval_ctx)
+            )
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Getattr(Expr):
+    """Get an attribute or item from an expression that is a ascii-only
+    bytestring and prefer the attribute.
+    """
+
+    fields = ("node", "attr", "ctx")
+    node: Expr
+    attr: str
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getattr(self.node.as_const(eval_ctx), self.attr)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Slice(Expr):
+    """Represents a slice object.  This must only be used as argument for
+    :class:`Subscript`.
+    """
+
+    fields = ("start", "stop", "step")
+    start: t.Optional[Expr]
+    stop: t.Optional[Expr]
+    step: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> slice:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        def const(obj: t.Optional[Expr]) -> t.Optional[t.Any]:
+            if obj is None:
+                return None
+            return obj.as_const(eval_ctx)
+
+        return slice(const(self.start), const(self.stop), const(self.step))
+
+
+class Concat(Expr):
+    """Concatenates the list of expressions provided after converting
+    them to strings.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return "".join(str(x.as_const(eval_ctx)) for x in self.nodes)
+
+
+class Compare(Expr):
+    """Compares an expression with some other expressions.  `ops` must be a
+    list of :class:`Operand`\\s.
+    """
+
+    fields = ("expr", "ops")
+    expr: Expr
+    ops: t.List["Operand"]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        result = value = self.expr.as_const(eval_ctx)
+
+        try:
+            for op in self.ops:
+                new_value = op.expr.as_const(eval_ctx)
+                result = _cmpop_to_func[op.op](value, new_value)
+
+                if not result:
+                    return False
+
+                value = new_value
+        except Exception as e:
+            raise Impossible() from e
+
+        return result
+
+
+class Operand(Helper):
+    """Holds an operator and an expression."""
+
+    fields = ("op", "expr")
+    op: str
+    expr: Expr
+
+
+class Mul(BinExpr):
+    """Multiplies the left with the right node."""
+
+    operator = "*"
+
+
+class Div(BinExpr):
+    """Divides the left by the right node."""
+
+    operator = "/"
+
+
+class FloorDiv(BinExpr):
+    """Divides the left by the right node and converts the
+    result into an integer by truncating.
+    """
+
+    operator = "//"
+
+
+class Add(BinExpr):
+    """Add the left to the right node."""
+
+    operator = "+"
+
+
+class Sub(BinExpr):
+    """Subtract the right from the left node."""
+
+    operator = "-"
+
+
+class Mod(BinExpr):
+    """Left modulo right."""
+
+    operator = "%"
+
+
+class Pow(BinExpr):
+    """Left to the power of right."""
+
+    operator = "**"
+
+
+class And(BinExpr):
+    """Short circuited AND."""
+
+    operator = "and"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) and self.right.as_const(eval_ctx)
+
+
+class Or(BinExpr):
+    """Short circuited OR."""
+
+    operator = "or"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) or self.right.as_const(eval_ctx)
+
+
+class Not(UnaryExpr):
+    """Negate the expression."""
+
+    operator = "not"
+
+
+class Neg(UnaryExpr):
+    """Make the expression negative."""
+
+    operator = "-"
+
+
+class Pos(UnaryExpr):
+    """Make the expression positive (noop for most expressions)"""
+
+    operator = "+"
+
+
+# Helpers for extensions
+
+
+class EnvironmentAttribute(Expr):
+    """Loads an attribute from the environment object.  This is useful for
+    extensions that want to call a callback stored on the environment.
+    """
+
+    fields = ("name",)
+    name: str
+
+
+class ExtensionAttribute(Expr):
+    """Returns the attribute of an extension bound to the environment.
+    The identifier is the identifier of the :class:`Extension`.
+
+    This node is usually constructed by calling the
+    :meth:`~jinja2.ext.Extension.attr` method on an extension.
+    """
+
+    fields = ("identifier", "name")
+    identifier: str
+    name: str
+
+
+class ImportedName(Expr):
+    """If created with an import name the import name is returned on node
+    access.  For example ``ImportedName('cgi.escape')`` returns the `escape`
+    function from the cgi module on evaluation.  Imports are optimized by the
+    compiler so there is no need to assign them to local variables.
+    """
+
+    fields = ("importname",)
+    importname: str
+
+
+class InternalName(Expr):
+    """An internal name in the compiler.  You cannot create these nodes
+    yourself but the parser provides a
+    :meth:`~jinja2.parser.Parser.free_identifier` method that creates
+    a new identifier for you.  This identifier is not available from the
+    template and is not treated specially by the compiler.
+    """
+
+    fields = ("name",)
+    name: str
+
+    def __init__(self) -> None:
+        raise TypeError(
+            "Can't create internal names.  Use the "
+            "`free_identifier` method on a parser."
+        )
+
+
+class MarkSafe(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`)."""
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> Markup:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return Markup(self.expr.as_const(eval_ctx))
+
+
+class MarkSafeIfAutoescape(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`) but
+    only if autoescaping is active.
+
+    .. versionadded:: 2.5
+    """
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Union[Markup, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        expr = self.expr.as_const(eval_ctx)
+        if eval_ctx.autoescape:
+            return Markup(expr)
+        return expr
+
+
+class ContextReference(Expr):
+    """Returns the current template context.  It can be used like a
+    :class:`Name` node, with a ``'load'`` ctx and will return the
+    current :class:`~jinja2.runtime.Context` object.
+
+    Here an example that assigns the current template name to a
+    variable named `foo`::
+
+        Assign(Name('foo', ctx='store'),
+               Getattr(ContextReference(), 'name'))
+
+    This is basically equivalent to using the
+    :func:`~jinja2.pass_context` decorator when using the high-level
+    API, which causes a reference to the context to be passed as the
+    first argument to a function.
+    """
+
+
+class DerivedContextReference(Expr):
+    """Return the current template context including locals. Behaves
+    exactly like :class:`ContextReference`, but includes local
+    variables, such as from a ``for`` loop.
+
+    .. versionadded:: 2.11
+    """
+
+
+class Continue(Stmt):
+    """Continue a loop."""
+
+
+class Break(Stmt):
+    """Break a loop."""
+
+
+class Scope(Stmt):
+    """An artificial scope."""
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class OverlayScope(Stmt):
+    """An overlay scope for extensions.  This is a largely unoptimized scope
+    that however can be used to introduce completely arbitrary variables into
+    a sub scope from a dictionary or dictionary like object.  The `context`
+    field has to evaluate to a dictionary object.
+
+    Example usage::
+
+        OverlayScope(context=self.call_method('get_context'),
+                     body=[...])
+
+    .. versionadded:: 2.10
+    """
+
+    fields = ("context", "body")
+    context: Expr
+    body: t.List[Node]
+
+
+class EvalContextModifier(Stmt):
+    """Modifies the eval context.  For each option that should be modified,
+    a :class:`Keyword` has to be added to the :attr:`options` list.
+
+    Example to change the `autoescape` setting::
+
+        EvalContextModifier(options=[Keyword('autoescape', Const(True))])
+    """
+
+    fields = ("options",)
+    options: t.List[Keyword]
+
+
+class ScopedEvalContextModifier(EvalContextModifier):
+    """Modifies the eval context and reverts it later.  Works exactly like
+    :class:`EvalContextModifier` but will only modify the
+    :class:`~jinja2.nodes.EvalContext` for nodes in the :attr:`body`.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+# make sure nobody creates custom nodes
+def _failing_new(*args: t.Any, **kwargs: t.Any) -> "te.NoReturn":
+    raise TypeError("can't create custom node types")
+
+
+NodeType.__new__ = staticmethod(_failing_new)  # type: ignore
+del _failing_new
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/optimizer.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/optimizer.py
new file mode 100644
index 000000000..32d1c717b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/optimizer.py
@@ -0,0 +1,48 @@
+"""The optimizer tries to constant fold expressions and modify the AST
+in place so that it should be faster to evaluate.
+
+Because the AST does not contain all the scoping information and the
+compiler has to find that out, we cannot do all the optimizations we
+want. For example, loop unrolling doesn't work because unrolled loops
+would have a different scope. The solution would be a second syntax tree
+that stored the scoping rules.
+"""
+
+import typing as t
+
+from . import nodes
+from .visitor import NodeTransformer
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def optimize(node: nodes.Node, environment: "Environment") -> nodes.Node:
+    """The context hint can be used to perform an static optimization
+    based on the context given."""
+    optimizer = Optimizer(environment)
+    return t.cast(nodes.Node, optimizer.visit(node))
+
+
+class Optimizer(NodeTransformer):
+    def __init__(self, environment: "t.Optional[Environment]") -> None:
+        self.environment = environment
+
+    def generic_visit(
+        self, node: nodes.Node, *args: t.Any, **kwargs: t.Any
+    ) -> nodes.Node:
+        node = super().generic_visit(node, *args, **kwargs)
+
+        # Do constant folding. Some other nodes besides Expr have
+        # as_const, but folding them causes errors later on.
+        if isinstance(node, nodes.Expr):
+            try:
+                return nodes.Const.from_untrusted(
+                    node.as_const(args[0] if args else None),
+                    lineno=node.lineno,
+                    environment=self.environment,
+                )
+            except nodes.Impossible:
+                pass
+
+        return node
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/parser.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/parser.py
new file mode 100644
index 000000000..0ec997fb4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/parser.py
@@ -0,0 +1,1041 @@
+"""Parse tokens from the lexer into nodes for the compiler."""
+
+import typing
+import typing as t
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .lexer import describe_token
+from .lexer import describe_token_expr
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_ImportInclude = t.TypeVar("_ImportInclude", nodes.Import, nodes.Include)
+_MacroCall = t.TypeVar("_MacroCall", nodes.Macro, nodes.CallBlock)
+
+_statement_keywords = frozenset(
+    [
+        "for",
+        "if",
+        "block",
+        "extends",
+        "print",
+        "macro",
+        "include",
+        "from",
+        "import",
+        "set",
+        "with",
+        "autoescape",
+    ]
+)
+_compare_operators = frozenset(["eq", "ne", "lt", "lteq", "gt", "gteq"])
+
+_math_nodes: t.Dict[str, t.Type[nodes.Expr]] = {
+    "add": nodes.Add,
+    "sub": nodes.Sub,
+    "mul": nodes.Mul,
+    "div": nodes.Div,
+    "floordiv": nodes.FloorDiv,
+    "mod": nodes.Mod,
+}
+
+
+class Parser:
+    """This is the central parsing class Jinja uses.  It's passed to
+    extensions and can be used to parse expressions or statements.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> None:
+        self.environment = environment
+        self.stream = environment._tokenize(source, name, filename, state)
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.extensions: t.Dict[
+            str, t.Callable[["Parser"], t.Union[nodes.Node, t.List[nodes.Node]]]
+        ] = {}
+        for extension in environment.iter_extensions():
+            for tag in extension.tags:
+                self.extensions[tag] = extension.parse
+        self._last_identifier = 0
+        self._tag_stack: t.List[str] = []
+        self._end_token_stack: t.List[t.Tuple[str, ...]] = []
+
+    def fail(
+        self,
+        msg: str,
+        lineno: t.Optional[int] = None,
+        exc: t.Type[TemplateSyntaxError] = TemplateSyntaxError,
+    ) -> "te.NoReturn":
+        """Convenience method that raises `exc` with the message, passed
+        line number or last line number as well as the current name and
+        filename.
+        """
+        if lineno is None:
+            lineno = self.stream.current.lineno
+        raise exc(msg, lineno, self.name, self.filename)
+
+    def _fail_ut_eof(
+        self,
+        name: t.Optional[str],
+        end_token_stack: t.List[t.Tuple[str, ...]],
+        lineno: t.Optional[int],
+    ) -> "te.NoReturn":
+        expected: t.Set[str] = set()
+        for exprs in end_token_stack:
+            expected.update(map(describe_token_expr, exprs))
+        if end_token_stack:
+            currently_looking: t.Optional[str] = " or ".join(
+                map(repr, map(describe_token_expr, end_token_stack[-1]))
+            )
+        else:
+            currently_looking = None
+
+        if name is None:
+            message = ["Unexpected end of template."]
+        else:
+            message = [f"Encountered unknown tag {name!r}."]
+
+        if currently_looking:
+            if name is not None and name in expected:
+                message.append(
+                    "You probably made a nesting mistake. Jinja is expecting this tag,"
+                    f" but currently looking for {currently_looking}."
+                )
+            else:
+                message.append(
+                    f"Jinja was looking for the following tags: {currently_looking}."
+                )
+
+        if self._tag_stack:
+            message.append(
+                "The innermost block that needs to be closed is"
+                f" {self._tag_stack[-1]!r}."
+            )
+
+        self.fail(" ".join(message), lineno)
+
+    def fail_unknown_tag(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> "te.NoReturn":
+        """Called if the parser encounters an unknown tag.  Tries to fail
+        with a human readable error message that could help to identify
+        the problem.
+        """
+        self._fail_ut_eof(name, self._end_token_stack, lineno)
+
+    def fail_eof(
+        self,
+        end_tokens: t.Optional[t.Tuple[str, ...]] = None,
+        lineno: t.Optional[int] = None,
+    ) -> "te.NoReturn":
+        """Like fail_unknown_tag but for end of template situations."""
+        stack = list(self._end_token_stack)
+        if end_tokens is not None:
+            stack.append(end_tokens)
+        self._fail_ut_eof(None, stack, lineno)
+
+    def is_tuple_end(
+        self, extra_end_rules: t.Optional[t.Tuple[str, ...]] = None
+    ) -> bool:
+        """Are we at the end of a tuple?"""
+        if self.stream.current.type in ("variable_end", "block_end", "rparen"):
+            return True
+        elif extra_end_rules is not None:
+            return self.stream.current.test_any(extra_end_rules)  # type: ignore
+        return False
+
+    def free_identifier(self, lineno: t.Optional[int] = None) -> nodes.InternalName:
+        """Return a new free identifier as :class:`~jinja2.nodes.InternalName`."""
+        self._last_identifier += 1
+        rv = object.__new__(nodes.InternalName)
+        nodes.Node.__init__(rv, f"fi{self._last_identifier}", lineno=lineno)
+        return rv
+
+    def parse_statement(self) -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a single statement."""
+        token = self.stream.current
+        if token.type != "name":
+            self.fail("tag name expected", token.lineno)
+        self._tag_stack.append(token.value)
+        pop_tag = True
+        try:
+            if token.value in _statement_keywords:
+                f = getattr(self, f"parse_{self.stream.current.value}")
+                return f()  # type: ignore
+            if token.value == "call":
+                return self.parse_call_block()
+            if token.value == "filter":
+                return self.parse_filter_block()
+            ext = self.extensions.get(token.value)
+            if ext is not None:
+                return ext(self)
+
+            # did not work out, remove the token we pushed by accident
+            # from the stack so that the unknown tag fail function can
+            # produce a proper error message.
+            self._tag_stack.pop()
+            pop_tag = False
+            self.fail_unknown_tag(token.value, token.lineno)
+        finally:
+            if pop_tag:
+                self._tag_stack.pop()
+
+    def parse_statements(
+        self, end_tokens: t.Tuple[str, ...], drop_needle: bool = False
+    ) -> t.List[nodes.Node]:
+        """Parse multiple statements into a list until one of the end tokens
+        is reached.  This is used to parse the body of statements as it also
+        parses template data if appropriate.  The parser checks first if the
+        current token is a colon and skips it if there is one.  Then it checks
+        for the block end and parses until if one of the `end_tokens` is
+        reached.  Per default the active token in the stream at the end of
+        the call is the matched end token.  If this is not wanted `drop_needle`
+        can be set to `True` and the end token is removed.
+        """
+        # the first token may be a colon for python compatibility
+        self.stream.skip_if("colon")
+
+        # in the future it would be possible to add whole code sections
+        # by adding some sort of end of statement token and parsing those here.
+        self.stream.expect("block_end")
+        result = self.subparse(end_tokens)
+
+        # we reached the end of the template too early, the subparser
+        # does not check for this, so we do that now
+        if self.stream.current.type == "eof":
+            self.fail_eof(end_tokens)
+
+        if drop_needle:
+            next(self.stream)
+        return result
+
+    def parse_set(self) -> t.Union[nodes.Assign, nodes.AssignBlock]:
+        """Parse an assign statement."""
+        lineno = next(self.stream).lineno
+        target = self.parse_assign_target(with_namespace=True)
+        if self.stream.skip_if("assign"):
+            expr = self.parse_tuple()
+            return nodes.Assign(target, expr, lineno=lineno)
+        filter_node = self.parse_filter(None)
+        body = self.parse_statements(("name:endset",), drop_needle=True)
+        return nodes.AssignBlock(target, filter_node, body, lineno=lineno)
+
+    def parse_for(self) -> nodes.For:
+        """Parse a for loop."""
+        lineno = self.stream.expect("name:for").lineno
+        target = self.parse_assign_target(extra_end_rules=("name:in",))
+        self.stream.expect("name:in")
+        iter = self.parse_tuple(
+            with_condexpr=False, extra_end_rules=("name:recursive",)
+        )
+        test = None
+        if self.stream.skip_if("name:if"):
+            test = self.parse_expression()
+        recursive = self.stream.skip_if("name:recursive")
+        body = self.parse_statements(("name:endfor", "name:else"))
+        if next(self.stream).value == "endfor":
+            else_ = []
+        else:
+            else_ = self.parse_statements(("name:endfor",), drop_needle=True)
+        return nodes.For(target, iter, body, else_, test, recursive, lineno=lineno)
+
+    def parse_if(self) -> nodes.If:
+        """Parse an if construct."""
+        node = result = nodes.If(lineno=self.stream.expect("name:if").lineno)
+        while True:
+            node.test = self.parse_tuple(with_condexpr=False)
+            node.body = self.parse_statements(("name:elif", "name:else", "name:endif"))
+            node.elif_ = []
+            node.else_ = []
+            token = next(self.stream)
+            if token.test("name:elif"):
+                node = nodes.If(lineno=self.stream.current.lineno)
+                result.elif_.append(node)
+                continue
+            elif token.test("name:else"):
+                result.else_ = self.parse_statements(("name:endif",), drop_needle=True)
+            break
+        return result
+
+    def parse_with(self) -> nodes.With:
+        node = nodes.With(lineno=next(self.stream).lineno)
+        targets: t.List[nodes.Expr] = []
+        values: t.List[nodes.Expr] = []
+        while self.stream.current.type != "block_end":
+            if targets:
+                self.stream.expect("comma")
+            target = self.parse_assign_target()
+            target.set_ctx("param")
+            targets.append(target)
+            self.stream.expect("assign")
+            values.append(self.parse_expression())
+        node.targets = targets
+        node.values = values
+        node.body = self.parse_statements(("name:endwith",), drop_needle=True)
+        return node
+
+    def parse_autoescape(self) -> nodes.Scope:
+        node = nodes.ScopedEvalContextModifier(lineno=next(self.stream).lineno)
+        node.options = [nodes.Keyword("autoescape", self.parse_expression())]
+        node.body = self.parse_statements(("name:endautoescape",), drop_needle=True)
+        return nodes.Scope([node])
+
+    def parse_block(self) -> nodes.Block:
+        node = nodes.Block(lineno=next(self.stream).lineno)
+        node.name = self.stream.expect("name").value
+        node.scoped = self.stream.skip_if("name:scoped")
+        node.required = self.stream.skip_if("name:required")
+
+        # common problem people encounter when switching from django
+        # to jinja.  we do not support hyphens in block names, so let's
+        # raise a nicer error message in that case.
+        if self.stream.current.type == "sub":
+            self.fail(
+                "Block names in Jinja have to be valid Python identifiers and may not"
+                " contain hyphens, use an underscore instead."
+            )
+
+        node.body = self.parse_statements(("name:endblock",), drop_needle=True)
+
+        # enforce that required blocks only contain whitespace or comments
+        # by asserting that the body, if not empty, is just TemplateData nodes
+        # with whitespace data
+        if node.required:
+            for body_node in node.body:
+                if not isinstance(body_node, nodes.Output) or any(
+                    not isinstance(output_node, nodes.TemplateData)
+                    or not output_node.data.isspace()
+                    for output_node in body_node.nodes
+                ):
+                    self.fail("Required blocks can only contain comments or whitespace")
+
+        self.stream.skip_if("name:" + node.name)
+        return node
+
+    def parse_extends(self) -> nodes.Extends:
+        node = nodes.Extends(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        return node
+
+    def parse_import_context(
+        self, node: _ImportInclude, default: bool
+    ) -> _ImportInclude:
+        if self.stream.current.test_any(
+            "name:with", "name:without"
+        ) and self.stream.look().test("name:context"):
+            node.with_context = next(self.stream).value == "with"
+            self.stream.skip()
+        else:
+            node.with_context = default
+        return node
+
+    def parse_include(self) -> nodes.Include:
+        node = nodes.Include(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        if self.stream.current.test("name:ignore") and self.stream.look().test(
+            "name:missing"
+        ):
+            node.ignore_missing = True
+            self.stream.skip(2)
+        else:
+            node.ignore_missing = False
+        return self.parse_import_context(node, True)
+
+    def parse_import(self) -> nodes.Import:
+        node = nodes.Import(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:as")
+        node.target = self.parse_assign_target(name_only=True).name
+        return self.parse_import_context(node, False)
+
+    def parse_from(self) -> nodes.FromImport:
+        node = nodes.FromImport(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:import")
+        node.names = []
+
+        def parse_context() -> bool:
+            if self.stream.current.value in {
+                "with",
+                "without",
+            } and self.stream.look().test("name:context"):
+                node.with_context = next(self.stream).value == "with"
+                self.stream.skip()
+                return True
+            return False
+
+        while True:
+            if node.names:
+                self.stream.expect("comma")
+            if self.stream.current.type == "name":
+                if parse_context():
+                    break
+                target = self.parse_assign_target(name_only=True)
+                if target.name.startswith("_"):
+                    self.fail(
+                        "names starting with an underline can not be imported",
+                        target.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                if self.stream.skip_if("name:as"):
+                    alias = self.parse_assign_target(name_only=True)
+                    node.names.append((target.name, alias.name))
+                else:
+                    node.names.append(target.name)
+                if parse_context() or self.stream.current.type != "comma":
+                    break
+            else:
+                self.stream.expect("name")
+        if not hasattr(node, "with_context"):
+            node.with_context = False
+        return node
+
+    def parse_signature(self, node: _MacroCall) -> None:
+        args = node.args = []
+        defaults = node.defaults = []
+        self.stream.expect("lparen")
+        while self.stream.current.type != "rparen":
+            if args:
+                self.stream.expect("comma")
+            arg = self.parse_assign_target(name_only=True)
+            arg.set_ctx("param")
+            if self.stream.skip_if("assign"):
+                defaults.append(self.parse_expression())
+            elif defaults:
+                self.fail("non-default argument follows default argument")
+            args.append(arg)
+        self.stream.expect("rparen")
+
+    def parse_call_block(self) -> nodes.CallBlock:
+        node = nodes.CallBlock(lineno=next(self.stream).lineno)
+        if self.stream.current.type == "lparen":
+            self.parse_signature(node)
+        else:
+            node.args = []
+            node.defaults = []
+
+        call_node = self.parse_expression()
+        if not isinstance(call_node, nodes.Call):
+            self.fail("expected call", node.lineno)
+        node.call = call_node
+        node.body = self.parse_statements(("name:endcall",), drop_needle=True)
+        return node
+
+    def parse_filter_block(self) -> nodes.FilterBlock:
+        node = nodes.FilterBlock(lineno=next(self.stream).lineno)
+        node.filter = self.parse_filter(None, start_inline=True)  # type: ignore
+        node.body = self.parse_statements(("name:endfilter",), drop_needle=True)
+        return node
+
+    def parse_macro(self) -> nodes.Macro:
+        node = nodes.Macro(lineno=next(self.stream).lineno)
+        node.name = self.parse_assign_target(name_only=True).name
+        self.parse_signature(node)
+        node.body = self.parse_statements(("name:endmacro",), drop_needle=True)
+        return node
+
+    def parse_print(self) -> nodes.Output:
+        node = nodes.Output(lineno=next(self.stream).lineno)
+        node.nodes = []
+        while self.stream.current.type != "block_end":
+            if node.nodes:
+                self.stream.expect("comma")
+            node.nodes.append(self.parse_expression())
+        return node
+
+    @typing.overload
+    def parse_assign_target(
+        self, with_tuple: bool = ..., name_only: "te.Literal[True]" = ...
+    ) -> nodes.Name: ...
+
+    @typing.overload
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]: ...
+
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]:
+        """Parse an assignment target.  As Jinja allows assignments to
+        tuples, this function can parse all allowed assignment targets.  Per
+        default assignments to tuples are parsed, that can be disable however
+        by setting `with_tuple` to `False`.  If only assignments to names are
+        wanted `name_only` can be set to `True`.  The `extra_end_rules`
+        parameter is forwarded to the tuple parsing function.  If
+        `with_namespace` is enabled, a namespace assignment may be parsed.
+        """
+        target: nodes.Expr
+
+        if with_namespace and self.stream.look().type == "dot":
+            token = self.stream.expect("name")
+            next(self.stream)  # dot
+            attr = self.stream.expect("name")
+            target = nodes.NSRef(token.value, attr.value, lineno=token.lineno)
+        elif name_only:
+            token = self.stream.expect("name")
+            target = nodes.Name(token.value, "store", lineno=token.lineno)
+        else:
+            if with_tuple:
+                target = self.parse_tuple(
+                    simplified=True, extra_end_rules=extra_end_rules
+                )
+            else:
+                target = self.parse_primary()
+
+            target.set_ctx("store")
+
+        if not target.can_assign():
+            self.fail(
+                f"can't assign to {type(target).__name__.lower()!r}", target.lineno
+            )
+
+        return target  # type: ignore
+
+    def parse_expression(self, with_condexpr: bool = True) -> nodes.Expr:
+        """Parse an expression.  Per default all expressions are parsed, if
+        the optional `with_condexpr` parameter is set to `False` conditional
+        expressions are not parsed.
+        """
+        if with_condexpr:
+            return self.parse_condexpr()
+        return self.parse_or()
+
+    def parse_condexpr(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr1 = self.parse_or()
+        expr3: t.Optional[nodes.Expr]
+
+        while self.stream.skip_if("name:if"):
+            expr2 = self.parse_or()
+            if self.stream.skip_if("name:else"):
+                expr3 = self.parse_condexpr()
+            else:
+                expr3 = None
+            expr1 = nodes.CondExpr(expr2, expr1, expr3, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return expr1
+
+    def parse_or(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_and()
+        while self.stream.skip_if("name:or"):
+            right = self.parse_and()
+            left = nodes.Or(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_and(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_not()
+        while self.stream.skip_if("name:and"):
+            right = self.parse_not()
+            left = nodes.And(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_not(self) -> nodes.Expr:
+        if self.stream.current.test("name:not"):
+            lineno = next(self.stream).lineno
+            return nodes.Not(self.parse_not(), lineno=lineno)
+        return self.parse_compare()
+
+    def parse_compare(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr = self.parse_math1()
+        ops = []
+        while True:
+            token_type = self.stream.current.type
+            if token_type in _compare_operators:
+                next(self.stream)
+                ops.append(nodes.Operand(token_type, self.parse_math1()))
+            elif self.stream.skip_if("name:in"):
+                ops.append(nodes.Operand("in", self.parse_math1()))
+            elif self.stream.current.test("name:not") and self.stream.look().test(
+                "name:in"
+            ):
+                self.stream.skip(2)
+                ops.append(nodes.Operand("notin", self.parse_math1()))
+            else:
+                break
+            lineno = self.stream.current.lineno
+        if not ops:
+            return expr
+        return nodes.Compare(expr, ops, lineno=lineno)
+
+    def parse_math1(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_concat()
+        while self.stream.current.type in ("add", "sub"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_concat()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_concat(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args = [self.parse_math2()]
+        while self.stream.current.type == "tilde":
+            next(self.stream)
+            args.append(self.parse_math2())
+        if len(args) == 1:
+            return args[0]
+        return nodes.Concat(args, lineno=lineno)
+
+    def parse_math2(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_pow()
+        while self.stream.current.type in ("mul", "div", "floordiv", "mod"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_pow()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_pow(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_unary()
+        while self.stream.current.type == "pow":
+            next(self.stream)
+            right = self.parse_unary()
+            left = nodes.Pow(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_unary(self, with_filter: bool = True) -> nodes.Expr:
+        token_type = self.stream.current.type
+        lineno = self.stream.current.lineno
+        node: nodes.Expr
+
+        if token_type == "sub":
+            next(self.stream)
+            node = nodes.Neg(self.parse_unary(False), lineno=lineno)
+        elif token_type == "add":
+            next(self.stream)
+            node = nodes.Pos(self.parse_unary(False), lineno=lineno)
+        else:
+            node = self.parse_primary()
+        node = self.parse_postfix(node)
+        if with_filter:
+            node = self.parse_filter_expr(node)
+        return node
+
+    def parse_primary(self) -> nodes.Expr:
+        token = self.stream.current
+        node: nodes.Expr
+        if token.type == "name":
+            if token.value in ("true", "false", "True", "False"):
+                node = nodes.Const(token.value in ("true", "True"), lineno=token.lineno)
+            elif token.value in ("none", "None"):
+                node = nodes.Const(None, lineno=token.lineno)
+            else:
+                node = nodes.Name(token.value, "load", lineno=token.lineno)
+            next(self.stream)
+        elif token.type == "string":
+            next(self.stream)
+            buf = [token.value]
+            lineno = token.lineno
+            while self.stream.current.type == "string":
+                buf.append(self.stream.current.value)
+                next(self.stream)
+            node = nodes.Const("".join(buf), lineno=lineno)
+        elif token.type in ("integer", "float"):
+            next(self.stream)
+            node = nodes.Const(token.value, lineno=token.lineno)
+        elif token.type == "lparen":
+            next(self.stream)
+            node = self.parse_tuple(explicit_parentheses=True)
+            self.stream.expect("rparen")
+        elif token.type == "lbracket":
+            node = self.parse_list()
+        elif token.type == "lbrace":
+            node = self.parse_dict()
+        else:
+            self.fail(f"unexpected {describe_token(token)!r}", token.lineno)
+        return node
+
+    def parse_tuple(
+        self,
+        simplified: bool = False,
+        with_condexpr: bool = True,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        explicit_parentheses: bool = False,
+    ) -> t.Union[nodes.Tuple, nodes.Expr]:
+        """Works like `parse_expression` but if multiple expressions are
+        delimited by a comma a :class:`~jinja2.nodes.Tuple` node is created.
+        This method could also return a regular expression instead of a tuple
+        if no commas where found.
+
+        The default parsing mode is a full tuple.  If `simplified` is `True`
+        only names and literals are parsed.  The `no_condexpr` parameter is
+        forwarded to :meth:`parse_expression`.
+
+        Because tuples do not require delimiters and may end in a bogus comma
+        an extra hint is needed that marks the end of a tuple.  For example
+        for loops support tuples between `for` and `in`.  In that case the
+        `extra_end_rules` is set to ``['name:in']``.
+
+        `explicit_parentheses` is true if the parsing was triggered by an
+        expression in parentheses.  This is used to figure out if an empty
+        tuple is a valid expression or not.
+        """
+        lineno = self.stream.current.lineno
+        if simplified:
+            parse = self.parse_primary
+        elif with_condexpr:
+            parse = self.parse_expression
+        else:
+
+            def parse() -> nodes.Expr:
+                return self.parse_expression(with_condexpr=False)
+
+        args: t.List[nodes.Expr] = []
+        is_tuple = False
+
+        while True:
+            if args:
+                self.stream.expect("comma")
+            if self.is_tuple_end(extra_end_rules):
+                break
+            args.append(parse())
+            if self.stream.current.type == "comma":
+                is_tuple = True
+            else:
+                break
+            lineno = self.stream.current.lineno
+
+        if not is_tuple:
+            if args:
+                return args[0]
+
+            # if we don't have explicit parentheses, an empty tuple is
+            # not a valid expression.  This would mean nothing (literally
+            # nothing) in the spot of an expression would be an empty
+            # tuple.
+            if not explicit_parentheses:
+                self.fail(
+                    "Expected an expression,"
+                    f" got {describe_token(self.stream.current)!r}"
+                )
+
+        return nodes.Tuple(args, "load", lineno=lineno)
+
+    def parse_list(self) -> nodes.List:
+        token = self.stream.expect("lbracket")
+        items: t.List[nodes.Expr] = []
+        while self.stream.current.type != "rbracket":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbracket":
+                break
+            items.append(self.parse_expression())
+        self.stream.expect("rbracket")
+        return nodes.List(items, lineno=token.lineno)
+
+    def parse_dict(self) -> nodes.Dict:
+        token = self.stream.expect("lbrace")
+        items: t.List[nodes.Pair] = []
+        while self.stream.current.type != "rbrace":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbrace":
+                break
+            key = self.parse_expression()
+            self.stream.expect("colon")
+            value = self.parse_expression()
+            items.append(nodes.Pair(key, value, lineno=key.lineno))
+        self.stream.expect("rbrace")
+        return nodes.Dict(items, lineno=token.lineno)
+
+    def parse_postfix(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "dot" or token_type == "lbracket":
+                node = self.parse_subscript(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_filter_expr(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "pipe":
+                node = self.parse_filter(node)  # type: ignore
+            elif token_type == "name" and self.stream.current.value == "is":
+                node = self.parse_test(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_subscript(
+        self, node: nodes.Expr
+    ) -> t.Union[nodes.Getattr, nodes.Getitem]:
+        token = next(self.stream)
+        arg: nodes.Expr
+
+        if token.type == "dot":
+            attr_token = self.stream.current
+            next(self.stream)
+            if attr_token.type == "name":
+                return nodes.Getattr(
+                    node, attr_token.value, "load", lineno=token.lineno
+                )
+            elif attr_token.type != "integer":
+                self.fail("expected name or number", attr_token.lineno)
+            arg = nodes.Const(attr_token.value, lineno=attr_token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        if token.type == "lbracket":
+            args: t.List[nodes.Expr] = []
+            while self.stream.current.type != "rbracket":
+                if args:
+                    self.stream.expect("comma")
+                args.append(self.parse_subscribed())
+            self.stream.expect("rbracket")
+            if len(args) == 1:
+                arg = args[0]
+            else:
+                arg = nodes.Tuple(args, "load", lineno=token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        self.fail("expected subscript expression", token.lineno)
+
+    def parse_subscribed(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args: t.List[t.Optional[nodes.Expr]]
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            args = [None]
+        else:
+            node = self.parse_expression()
+            if self.stream.current.type != "colon":
+                return node
+            next(self.stream)
+            args = [node]
+
+        if self.stream.current.type == "colon":
+            args.append(None)
+        elif self.stream.current.type not in ("rbracket", "comma"):
+            args.append(self.parse_expression())
+        else:
+            args.append(None)
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            if self.stream.current.type not in ("rbracket", "comma"):
+                args.append(self.parse_expression())
+            else:
+                args.append(None)
+        else:
+            args.append(None)
+
+        return nodes.Slice(lineno=lineno, *args)  # noqa: B026
+
+    def parse_call_args(
+        self,
+    ) -> t.Tuple[
+        t.List[nodes.Expr],
+        t.List[nodes.Keyword],
+        t.Optional[nodes.Expr],
+        t.Optional[nodes.Expr],
+    ]:
+        token = self.stream.expect("lparen")
+        args = []
+        kwargs = []
+        dyn_args = None
+        dyn_kwargs = None
+        require_comma = False
+
+        def ensure(expr: bool) -> None:
+            if not expr:
+                self.fail("invalid syntax for function call expression", token.lineno)
+
+        while self.stream.current.type != "rparen":
+            if require_comma:
+                self.stream.expect("comma")
+
+                # support for trailing comma
+                if self.stream.current.type == "rparen":
+                    break
+
+            if self.stream.current.type == "mul":
+                ensure(dyn_args is None and dyn_kwargs is None)
+                next(self.stream)
+                dyn_args = self.parse_expression()
+            elif self.stream.current.type == "pow":
+                ensure(dyn_kwargs is None)
+                next(self.stream)
+                dyn_kwargs = self.parse_expression()
+            else:
+                if (
+                    self.stream.current.type == "name"
+                    and self.stream.look().type == "assign"
+                ):
+                    # Parsing a kwarg
+                    ensure(dyn_kwargs is None)
+                    key = self.stream.current.value
+                    self.stream.skip(2)
+                    value = self.parse_expression()
+                    kwargs.append(nodes.Keyword(key, value, lineno=value.lineno))
+                else:
+                    # Parsing an arg
+                    ensure(dyn_args is None and dyn_kwargs is None and not kwargs)
+                    args.append(self.parse_expression())
+
+            require_comma = True
+
+        self.stream.expect("rparen")
+        return args, kwargs, dyn_args, dyn_kwargs
+
+    def parse_call(self, node: nodes.Expr) -> nodes.Call:
+        # The lparen will be expected in parse_call_args, but the lineno
+        # needs to be recorded before the stream is advanced.
+        token = self.stream.current
+        args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        return nodes.Call(node, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno)
+
+    def parse_filter(
+        self, node: t.Optional[nodes.Expr], start_inline: bool = False
+    ) -> t.Optional[nodes.Expr]:
+        while self.stream.current.type == "pipe" or start_inline:
+            if not start_inline:
+                next(self.stream)
+            token = self.stream.expect("name")
+            name = token.value
+            while self.stream.current.type == "dot":
+                next(self.stream)
+                name += "." + self.stream.expect("name").value
+            if self.stream.current.type == "lparen":
+                args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+            else:
+                args = []
+                kwargs = []
+                dyn_args = dyn_kwargs = None
+            node = nodes.Filter(
+                node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+            )
+            start_inline = False
+        return node
+
+    def parse_test(self, node: nodes.Expr) -> nodes.Expr:
+        token = next(self.stream)
+        if self.stream.current.test("name:not"):
+            next(self.stream)
+            negated = True
+        else:
+            negated = False
+        name = self.stream.expect("name").value
+        while self.stream.current.type == "dot":
+            next(self.stream)
+            name += "." + self.stream.expect("name").value
+        dyn_args = dyn_kwargs = None
+        kwargs: t.List[nodes.Keyword] = []
+        if self.stream.current.type == "lparen":
+            args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        elif self.stream.current.type in {
+            "name",
+            "string",
+            "integer",
+            "float",
+            "lparen",
+            "lbracket",
+            "lbrace",
+        } and not self.stream.current.test_any("name:else", "name:or", "name:and"):
+            if self.stream.current.test("name:is"):
+                self.fail("You cannot chain multiple tests with is")
+            arg_node = self.parse_primary()
+            arg_node = self.parse_postfix(arg_node)
+            args = [arg_node]
+        else:
+            args = []
+        node = nodes.Test(
+            node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+        )
+        if negated:
+            node = nodes.Not(node, lineno=token.lineno)
+        return node
+
+    def subparse(
+        self, end_tokens: t.Optional[t.Tuple[str, ...]] = None
+    ) -> t.List[nodes.Node]:
+        body: t.List[nodes.Node] = []
+        data_buffer: t.List[nodes.Node] = []
+        add_data = data_buffer.append
+
+        if end_tokens is not None:
+            self._end_token_stack.append(end_tokens)
+
+        def flush_data() -> None:
+            if data_buffer:
+                lineno = data_buffer[0].lineno
+                body.append(nodes.Output(data_buffer[:], lineno=lineno))
+                del data_buffer[:]
+
+        try:
+            while self.stream:
+                token = self.stream.current
+                if token.type == "data":
+                    if token.value:
+                        add_data(nodes.TemplateData(token.value, lineno=token.lineno))
+                    next(self.stream)
+                elif token.type == "variable_begin":
+                    next(self.stream)
+                    add_data(self.parse_tuple(with_condexpr=True))
+                    self.stream.expect("variable_end")
+                elif token.type == "block_begin":
+                    flush_data()
+                    next(self.stream)
+                    if end_tokens is not None and self.stream.current.test_any(
+                        *end_tokens
+                    ):
+                        return body
+                    rv = self.parse_statement()
+                    if isinstance(rv, list):
+                        body.extend(rv)
+                    else:
+                        body.append(rv)
+                    self.stream.expect("block_end")
+                else:
+                    raise AssertionError("internal parsing error")
+
+            flush_data()
+        finally:
+            if end_tokens is not None:
+                self._end_token_stack.pop()
+        return body
+
+    def parse(self) -> nodes.Template:
+        """Parse the whole template into a `Template` node."""
+        result = nodes.Template(self.subparse(), lineno=1)
+        result.set_environment(self.environment)
+        return result
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/py.typed b/lib/go-jinja2/internal/data/linux-arm64/jinja2/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/runtime.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/runtime.py
new file mode 100644
index 000000000..4325c8deb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/runtime.py
@@ -0,0 +1,1056 @@
+"""The runtime functions and state used by compiled templates."""
+
+import functools
+import sys
+import typing as t
+from collections import abc
+from itertools import chain
+
+from markupsafe import escape  # noqa: F401
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import auto_aiter
+from .async_utils import auto_await  # noqa: F401
+from .exceptions import TemplateNotFound  # noqa: F401
+from .exceptions import TemplateRuntimeError  # noqa: F401
+from .exceptions import UndefinedError
+from .nodes import EvalContext
+from .utils import _PassArg
+from .utils import concat
+from .utils import internalcode
+from .utils import missing
+from .utils import Namespace  # noqa: F401
+from .utils import object_type_repr
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+if t.TYPE_CHECKING:
+    import logging
+
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class LoopRenderFunc(te.Protocol):
+        def __call__(
+            self,
+            reciter: t.Iterable[V],
+            loop_render_func: "LoopRenderFunc",
+            depth: int = 0,
+        ) -> str: ...
+
+
+# these variables are exported to the template runtime
+exported = [
+    "LoopContext",
+    "TemplateReference",
+    "Macro",
+    "Markup",
+    "TemplateRuntimeError",
+    "missing",
+    "escape",
+    "markup_join",
+    "str_join",
+    "identity",
+    "TemplateNotFound",
+    "Namespace",
+    "Undefined",
+    "internalcode",
+]
+async_exported = [
+    "AsyncLoopContext",
+    "auto_aiter",
+    "auto_await",
+]
+
+
+def identity(x: V) -> V:
+    """Returns its argument. Useful for certain things in the
+    environment.
+    """
+    return x
+
+
+def markup_join(seq: t.Iterable[t.Any]) -> str:
+    """Concatenation that escapes if necessary and converts to string."""
+    buf = []
+    iterator = map(soft_str, seq)
+    for arg in iterator:
+        buf.append(arg)
+        if hasattr(arg, "__html__"):
+            return Markup("").join(chain(buf, iterator))
+    return concat(buf)
+
+
+def str_join(seq: t.Iterable[t.Any]) -> str:
+    """Simple args to string conversion and concatenation."""
+    return concat(map(str, seq))
+
+
+def new_context(
+    environment: "Environment",
+    template_name: t.Optional[str],
+    blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+    vars: t.Optional[t.Dict[str, t.Any]] = None,
+    shared: bool = False,
+    globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    locals: t.Optional[t.Mapping[str, t.Any]] = None,
+) -> "Context":
+    """Internal helper for context creation."""
+    if vars is None:
+        vars = {}
+    if shared:
+        parent = vars
+    else:
+        parent = dict(globals or (), **vars)
+    if locals:
+        # if the parent is shared a copy should be created because
+        # we don't want to modify the dict passed
+        if shared:
+            parent = dict(parent)
+        for key, value in locals.items():
+            if value is not missing:
+                parent[key] = value
+    return environment.context_class(
+        environment, parent, template_name, blocks, globals=globals
+    )
+
+
+class TemplateReference:
+    """The `self` in templates."""
+
+    def __init__(self, context: "Context") -> None:
+        self.__context = context
+
+    def __getitem__(self, name: str) -> t.Any:
+        blocks = self.__context.blocks[name]
+        return BlockReference(name, self.__context, blocks, 0)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.__context.name!r}>"
+
+
+def _dict_method_all(dict_method: F) -> F:
+    @functools.wraps(dict_method)
+    def f_all(self: "Context") -> t.Any:
+        return dict_method(self.get_all())
+
+    return t.cast(F, f_all)
+
+
+@abc.Mapping.register
+class Context:
+    """The template context holds the variables of a template.  It stores the
+    values passed to the template and also the names the template exports.
+    Creating instances is neither supported nor useful as it's created
+    automatically at various stages of the template evaluation and should not
+    be created by hand.
+
+    The context is immutable.  Modifications on :attr:`parent` **must not**
+    happen and modifications on :attr:`vars` are allowed from generated
+    template code only.  Template filters and global functions marked as
+    :func:`pass_context` get the active context passed as first argument
+    and are allowed to access the context read-only.
+
+    The template context supports read only dict operations (`get`,
+    `keys`, `values`, `items`, `iterkeys`, `itervalues`, `iteritems`,
+    `__getitem__`, `__contains__`).  Additionally there is a :meth:`resolve`
+    method that doesn't fail with a `KeyError` but returns an
+    :class:`Undefined` object for missing variables.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        parent: t.Dict[str, t.Any],
+        name: t.Optional[str],
+        blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ):
+        self.parent = parent
+        self.vars: t.Dict[str, t.Any] = {}
+        self.environment: "Environment" = environment
+        self.eval_ctx = EvalContext(self.environment, name)
+        self.exported_vars: t.Set[str] = set()
+        self.name = name
+        self.globals_keys = set() if globals is None else set(globals)
+
+        # create the initial mapping of blocks.  Whenever template inheritance
+        # takes place the runtime will update this mapping with the new blocks
+        # from the template.
+        self.blocks = {k: [v] for k, v in blocks.items()}
+
+    def super(
+        self, name: str, current: t.Callable[["Context"], t.Iterator[str]]
+    ) -> t.Union["BlockReference", "Undefined"]:
+        """Render a parent block."""
+        try:
+            blocks = self.blocks[name]
+            index = blocks.index(current) + 1
+            blocks[index]
+        except LookupError:
+            return self.environment.undefined(
+                f"there is no parent block called {name!r}.", name="super"
+            )
+        return BlockReference(name, self, blocks, index)
+
+    def get(self, key: str, default: t.Any = None) -> t.Any:
+        """Look up a variable by name, or return a default if the key is
+        not found.
+
+        :param key: The variable name to look up.
+        :param default: The value to return if the key is not found.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def resolve(self, key: str) -> t.Union[t.Any, "Undefined"]:
+        """Look up a variable by name, or return an :class:`Undefined`
+        object if the key is not found.
+
+        If you need to add custom behavior, override
+        :meth:`resolve_or_missing`, not this method. The various lookup
+        functions use that method, not this one.
+
+        :param key: The variable name to look up.
+        """
+        rv = self.resolve_or_missing(key)
+
+        if rv is missing:
+            return self.environment.undefined(name=key)
+
+        return rv
+
+    def resolve_or_missing(self, key: str) -> t.Any:
+        """Look up a variable by name, or return a ``missing`` sentinel
+        if the key is not found.
+
+        Override this method to add custom lookup behavior.
+        :meth:`resolve`, :meth:`get`, and :meth:`__getitem__` use this
+        method. Don't call this method directly.
+
+        :param key: The variable name to look up.
+        """
+        if key in self.vars:
+            return self.vars[key]
+
+        if key in self.parent:
+            return self.parent[key]
+
+        return missing
+
+    def get_exported(self) -> t.Dict[str, t.Any]:
+        """Get a new dict with the exported variables."""
+        return {k: self.vars[k] for k in self.exported_vars}
+
+    def get_all(self) -> t.Dict[str, t.Any]:
+        """Return the complete context as dict including the exported
+        variables.  For optimizations reasons this might not return an
+        actual copy so be careful with using it.
+        """
+        if not self.vars:
+            return self.parent
+        if not self.parent:
+            return self.vars
+        return dict(self.parent, **self.vars)
+
+    @internalcode
+    def call(
+        __self,
+        __obj: t.Callable[..., t.Any],
+        *args: t.Any,
+        **kwargs: t.Any,  # noqa: B902
+    ) -> t.Union[t.Any, "Undefined"]:
+        """Call the callable with the arguments and keyword arguments
+        provided but inject the active context or environment as first
+        argument if the callable has :func:`pass_context` or
+        :func:`pass_environment`.
+        """
+        if __debug__:
+            __traceback_hide__ = True  # noqa
+
+        # Allow callable classes to take a context
+        if (
+            hasattr(__obj, "__call__")  # noqa: B004
+            and _PassArg.from_obj(__obj.__call__) is not None
+        ):
+            __obj = __obj.__call__
+
+        pass_arg = _PassArg.from_obj(__obj)
+
+        if pass_arg is _PassArg.context:
+            # the active context should have access to variables set in
+            # loops and blocks without mutating the context itself
+            if kwargs.get("_loop_vars"):
+                __self = __self.derived(kwargs["_loop_vars"])
+            if kwargs.get("_block_vars"):
+                __self = __self.derived(kwargs["_block_vars"])
+            args = (__self,) + args
+        elif pass_arg is _PassArg.eval_context:
+            args = (__self.eval_ctx,) + args
+        elif pass_arg is _PassArg.environment:
+            args = (__self.environment,) + args
+
+        kwargs.pop("_block_vars", None)
+        kwargs.pop("_loop_vars", None)
+
+        try:
+            return __obj(*args, **kwargs)
+        except StopIteration:
+            return __self.environment.undefined(
+                "value was undefined because a callable raised a"
+                " StopIteration exception"
+            )
+
+    def derived(self, locals: t.Optional[t.Dict[str, t.Any]] = None) -> "Context":
+        """Internal helper function to create a derived context.  This is
+        used in situations where the system needs a new context in the same
+        template that is independent.
+        """
+        context = new_context(
+            self.environment, self.name, {}, self.get_all(), True, None, locals
+        )
+        context.eval_ctx = self.eval_ctx
+        context.blocks.update((k, list(v)) for k, v in self.blocks.items())
+        return context
+
+    keys = _dict_method_all(dict.keys)
+    values = _dict_method_all(dict.values)
+    items = _dict_method_all(dict.items)
+
+    def __contains__(self, name: str) -> bool:
+        return name in self.vars or name in self.parent
+
+    def __getitem__(self, key: str) -> t.Any:
+        """Look up a variable by name with ``[]`` syntax, or raise a
+        ``KeyError`` if the key is not found.
+        """
+        item = self.resolve_or_missing(key)
+
+        if item is missing:
+            raise KeyError(key)
+
+        return item
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.get_all()!r} of {self.name!r}>"
+
+
+class BlockReference:
+    """One block on a template reference."""
+
+    def __init__(
+        self,
+        name: str,
+        context: "Context",
+        stack: t.List[t.Callable[["Context"], t.Iterator[str]]],
+        depth: int,
+    ) -> None:
+        self.name = name
+        self._context = context
+        self._stack = stack
+        self._depth = depth
+
+    @property
+    def super(self) -> t.Union["BlockReference", "Undefined"]:
+        """Super the block."""
+        if self._depth + 1 >= len(self._stack):
+            return self._context.environment.undefined(
+                f"there is no parent block called {self.name!r}.", name="super"
+            )
+        return BlockReference(self.name, self._context, self._stack, self._depth + 1)
+
+    @internalcode
+    async def _async_call(self) -> str:
+        rv = concat(
+            [x async for x in self._stack[self._depth](self._context)]  # type: ignore
+        )
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+    @internalcode
+    def __call__(self) -> str:
+        if self._context.environment.is_async:
+            return self._async_call()  # type: ignore
+
+        rv = concat(self._stack[self._depth](self._context))
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+
+class LoopContext:
+    """A wrapper iterable for dynamic ``for`` loops, with information
+    about the loop and iteration.
+    """
+
+    #: Current iteration of the loop, starting at 0.
+    index0 = -1
+
+    _length: t.Optional[int] = None
+    _after: t.Any = missing
+    _current: t.Any = missing
+    _before: t.Any = missing
+    _last_changed_value: t.Any = missing
+
+    def __init__(
+        self,
+        iterable: t.Iterable[V],
+        undefined: t.Type["Undefined"],
+        recurse: t.Optional["LoopRenderFunc"] = None,
+        depth0: int = 0,
+    ) -> None:
+        """
+        :param iterable: Iterable to wrap.
+        :param undefined: :class:`Undefined` class to use for next and
+            previous items.
+        :param recurse: The function to render the loop body when the
+            loop is marked recursive.
+        :param depth0: Incremented when looping recursively.
+        """
+        self._iterable = iterable
+        self._iterator = self._to_iterator(iterable)
+        self._undefined = undefined
+        self._recurse = recurse
+        #: How many levels deep a recursive loop currently is, starting at 0.
+        self.depth0 = depth0
+
+    @staticmethod
+    def _to_iterator(iterable: t.Iterable[V]) -> t.Iterator[V]:
+        return iter(iterable)
+
+    @property
+    def length(self) -> int:
+        """Length of the iterable.
+
+        If the iterable is a generator or otherwise does not have a
+        size, it is eagerly evaluated to get a size.
+        """
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = list(self._iterator)
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    def __len__(self) -> int:
+        return self.length
+
+    @property
+    def depth(self) -> int:
+        """How many levels deep a recursive loop currently is, starting at 1."""
+        return self.depth0 + 1
+
+    @property
+    def index(self) -> int:
+        """Current iteration of the loop, starting at 1."""
+        return self.index0 + 1
+
+    @property
+    def revindex0(self) -> int:
+        """Number of iterations from the end of the loop, ending at 0.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index
+
+    @property
+    def revindex(self) -> int:
+        """Number of iterations from the end of the loop, ending at 1.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index0
+
+    @property
+    def first(self) -> bool:
+        """Whether this is the first iteration of the loop."""
+        return self.index0 == 0
+
+    def _peek_next(self) -> t.Any:
+        """Return the next element in the iterable, or :data:`missing`
+        if the iterable is exhausted. Only peeks one item ahead, caching
+        the result in :attr:`_last` for use in subsequent checks. The
+        cache is reset when :meth:`__next__` is called.
+        """
+        if self._after is not missing:
+            return self._after
+
+        self._after = next(self._iterator, missing)
+        return self._after
+
+    @property
+    def last(self) -> bool:
+        """Whether this is the last iteration of the loop.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`groupby` filter avoids that issue.
+        """
+        return self._peek_next() is missing
+
+    @property
+    def previtem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the previous iteration. Undefined during the
+        first iteration.
+        """
+        if self.first:
+            return self._undefined("there is no previous item")
+
+        return self._before
+
+    @property
+    def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the next iteration. Undefined during the last
+        iteration.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`jinja-filters.groupby` filter avoids that issue.
+        """
+        rv = self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def cycle(self, *args: V) -> V:
+        """Return a value from the given args, cycling through based on
+        the current :attr:`index0`.
+
+        :param args: One or more values to cycle through.
+        """
+        if not args:
+            raise TypeError("no items for cycling given")
+
+        return args[self.index0 % len(args)]
+
+    def changed(self, *value: t.Any) -> bool:
+        """Return ``True`` if previously called with a different value
+        (including when called for the first time).
+
+        :param value: One or more values to compare to the last call.
+        """
+        if self._last_changed_value != value:
+            self._last_changed_value = value
+            return True
+
+        return False
+
+    def __iter__(self) -> "LoopContext":
+        return self
+
+    def __next__(self) -> t.Tuple[t.Any, "LoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = next(self._iterator)
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+    @internalcode
+    def __call__(self, iterable: t.Iterable[V]) -> str:
+        """When iterating over nested data, render the body of the loop
+        recursively with the given inner iterable data.
+
+        The loop must have the ``recursive`` marker for this to work.
+        """
+        if self._recurse is None:
+            raise TypeError(
+                "The loop must have the 'recursive' marker to be called recursively."
+            )
+
+        return self._recurse(iterable, self._recurse, depth=self.depth)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.index}/{self.length}>"
+
+
+class AsyncLoopContext(LoopContext):
+    _iterator: t.AsyncIterator[t.Any]  # type: ignore
+
+    @staticmethod
+    def _to_iterator(  # type: ignore
+        iterable: t.Union[t.Iterable[V], t.AsyncIterable[V]],
+    ) -> t.AsyncIterator[V]:
+        return auto_aiter(iterable)
+
+    @property
+    async def length(self) -> int:  # type: ignore
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = [x async for x in self._iterator]
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    @property
+    async def revindex0(self) -> int:  # type: ignore
+        return await self.length - self.index
+
+    @property
+    async def revindex(self) -> int:  # type: ignore
+        return await self.length - self.index0
+
+    async def _peek_next(self) -> t.Any:
+        if self._after is not missing:
+            return self._after
+
+        try:
+            self._after = await self._iterator.__anext__()
+        except StopAsyncIteration:
+            self._after = missing
+
+        return self._after
+
+    @property
+    async def last(self) -> bool:  # type: ignore
+        return await self._peek_next() is missing
+
+    @property
+    async def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        rv = await self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def __aiter__(self) -> "AsyncLoopContext":
+        return self
+
+    async def __anext__(self) -> t.Tuple[t.Any, "AsyncLoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = await self._iterator.__anext__()
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+
+class Macro:
+    """Wraps a macro function."""
+
+    def __init__(
+        self,
+        environment: "Environment",
+        func: t.Callable[..., str],
+        name: str,
+        arguments: t.List[str],
+        catch_kwargs: bool,
+        catch_varargs: bool,
+        caller: bool,
+        default_autoescape: t.Optional[bool] = None,
+    ):
+        self._environment = environment
+        self._func = func
+        self._argument_count = len(arguments)
+        self.name = name
+        self.arguments = arguments
+        self.catch_kwargs = catch_kwargs
+        self.catch_varargs = catch_varargs
+        self.caller = caller
+        self.explicit_caller = "caller" in arguments
+
+        if default_autoescape is None:
+            if callable(environment.autoescape):
+                default_autoescape = environment.autoescape(None)
+            else:
+                default_autoescape = environment.autoescape
+
+        self._default_autoescape = default_autoescape
+
+    @internalcode
+    @pass_eval_context
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> str:
+        # This requires a bit of explanation,  In the past we used to
+        # decide largely based on compile-time information if a macro is
+        # safe or unsafe.  While there was a volatile mode it was largely
+        # unused for deciding on escaping.  This turns out to be
+        # problematic for macros because whether a macro is safe depends not
+        # on the escape mode when it was defined, but rather when it was used.
+        #
+        # Because however we export macros from the module system and
+        # there are historic callers that do not pass an eval context (and
+        # will continue to not pass one), we need to perform an instance
+        # check here.
+        #
+        # This is considered safe because an eval context is not a valid
+        # argument to callables otherwise anyway.  Worst case here is
+        # that if no eval context is passed we fall back to the compile
+        # time autoescape flag.
+        if args and isinstance(args[0], EvalContext):
+            autoescape = args[0].autoescape
+            args = args[1:]
+        else:
+            autoescape = self._default_autoescape
+
+        # try to consume the positional arguments
+        arguments = list(args[: self._argument_count])
+        off = len(arguments)
+
+        # For information why this is necessary refer to the handling
+        # of caller in the `macro_body` handler in the compiler.
+        found_caller = False
+
+        # if the number of arguments consumed is not the number of
+        # arguments expected we start filling in keyword arguments
+        # and defaults.
+        if off != self._argument_count:
+            for name in self.arguments[len(arguments) :]:
+                try:
+                    value = kwargs.pop(name)
+                except KeyError:
+                    value = missing
+                if name == "caller":
+                    found_caller = True
+                arguments.append(value)
+        else:
+            found_caller = self.explicit_caller
+
+        # it's important that the order of these arguments does not change
+        # if not also changed in the compiler's `function_scoping` method.
+        # the order is caller, keyword arguments, positional arguments!
+        if self.caller and not found_caller:
+            caller = kwargs.pop("caller", None)
+            if caller is None:
+                caller = self._environment.undefined("No caller defined", name="caller")
+            arguments.append(caller)
+
+        if self.catch_kwargs:
+            arguments.append(kwargs)
+        elif kwargs:
+            if "caller" in kwargs:
+                raise TypeError(
+                    f"macro {self.name!r} was invoked with two values for the special"
+                    " caller argument. This is most likely a bug."
+                )
+            raise TypeError(
+                f"macro {self.name!r} takes no keyword argument {next(iter(kwargs))!r}"
+            )
+        if self.catch_varargs:
+            arguments.append(args[self._argument_count :])
+        elif len(args) > self._argument_count:
+            raise TypeError(
+                f"macro {self.name!r} takes not more than"
+                f" {len(self.arguments)} argument(s)"
+            )
+
+        return self._invoke(arguments, autoescape)
+
+    async def _async_invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        rv = await self._func(*arguments)  # type: ignore
+
+        if autoescape:
+            return Markup(rv)
+
+        return rv  # type: ignore
+
+    def _invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        if self._environment.is_async:
+            return self._async_invoke(arguments, autoescape)  # type: ignore
+
+        rv = self._func(*arguments)
+
+        if autoescape:
+            rv = Markup(rv)
+
+        return rv
+
+    def __repr__(self) -> str:
+        name = "anonymous" if self.name is None else repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class Undefined:
+    """The default undefined type.  This undefined type can be printed and
+    iterated over, but every other access will raise an :exc:`UndefinedError`:
+
+    >>> foo = Undefined(name='foo')
+    >>> str(foo)
+    ''
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = (
+        "_undefined_hint",
+        "_undefined_obj",
+        "_undefined_name",
+        "_undefined_exception",
+    )
+
+    def __init__(
+        self,
+        hint: t.Optional[str] = None,
+        obj: t.Any = missing,
+        name: t.Optional[str] = None,
+        exc: t.Type[TemplateRuntimeError] = UndefinedError,
+    ) -> None:
+        self._undefined_hint = hint
+        self._undefined_obj = obj
+        self._undefined_name = name
+        self._undefined_exception = exc
+
+    @property
+    def _undefined_message(self) -> str:
+        """Build a message about the undefined value based on how it was
+        accessed.
+        """
+        if self._undefined_hint:
+            return self._undefined_hint
+
+        if self._undefined_obj is missing:
+            return f"{self._undefined_name!r} is undefined"
+
+        if not isinstance(self._undefined_name, str):
+            return (
+                f"{object_type_repr(self._undefined_obj)} has no"
+                f" element {self._undefined_name!r}"
+            )
+
+        return (
+            f"{object_type_repr(self._undefined_obj)!r} has no"
+            f" attribute {self._undefined_name!r}"
+        )
+
+    @internalcode
+    def _fail_with_undefined_error(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> "te.NoReturn":
+        """Raise an :exc:`UndefinedError` when operations are performed
+        on the undefined value.
+        """
+        raise self._undefined_exception(self._undefined_message)
+
+    @internalcode
+    def __getattr__(self, name: str) -> t.Any:
+        if name[:2] == "__":
+            raise AttributeError(name)
+
+        return self._fail_with_undefined_error()
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _fail_with_undefined_error
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _fail_with_undefined_error
+    __truediv__ = __rtruediv__ = _fail_with_undefined_error
+    __floordiv__ = __rfloordiv__ = _fail_with_undefined_error
+    __mod__ = __rmod__ = _fail_with_undefined_error
+    __pos__ = __neg__ = _fail_with_undefined_error
+    __call__ = __getitem__ = _fail_with_undefined_error
+    __lt__ = __le__ = __gt__ = __ge__ = _fail_with_undefined_error
+    __int__ = __float__ = __complex__ = _fail_with_undefined_error
+    __pow__ = __rpow__ = _fail_with_undefined_error
+
+    def __eq__(self, other: t.Any) -> bool:
+        return type(self) is type(other)
+
+    def __ne__(self, other: t.Any) -> bool:
+        return not self.__eq__(other)
+
+    def __hash__(self) -> int:
+        return id(type(self))
+
+    def __str__(self) -> str:
+        return ""
+
+    def __len__(self) -> int:
+        return 0
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        yield from ()
+
+    async def __aiter__(self) -> t.AsyncIterator[t.Any]:
+        for _ in ():
+            yield
+
+    def __bool__(self) -> bool:
+        return False
+
+    def __repr__(self) -> str:
+        return "Undefined"
+
+
+def make_logging_undefined(
+    logger: t.Optional["logging.Logger"] = None, base: t.Type[Undefined] = Undefined
+) -> t.Type[Undefined]:
+    """Given a logger object this returns a new undefined class that will
+    log certain failures.  It will log iterations and printing.  If no
+    logger is given a default logger is created.
+
+    Example::
+
+        logger = logging.getLogger(__name__)
+        LoggingUndefined = make_logging_undefined(
+            logger=logger,
+            base=Undefined
+        )
+
+    .. versionadded:: 2.8
+
+    :param logger: the logger to use.  If not provided, a default logger
+                   is created.
+    :param base: the base class to add logging functionality to.  This
+                 defaults to :class:`Undefined`.
+    """
+    if logger is None:
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.addHandler(logging.StreamHandler(sys.stderr))
+
+    def _log_message(undef: Undefined) -> None:
+        logger.warning("Template variable warning: %s", undef._undefined_message)
+
+    class LoggingUndefined(base):  # type: ignore
+        __slots__ = ()
+
+        def _fail_with_undefined_error(  # type: ignore
+            self, *args: t.Any, **kwargs: t.Any
+        ) -> "te.NoReturn":
+            try:
+                super()._fail_with_undefined_error(*args, **kwargs)
+            except self._undefined_exception as e:
+                logger.error("Template variable error: %s", e)  # type: ignore
+                raise e
+
+        def __str__(self) -> str:
+            _log_message(self)
+            return super().__str__()  # type: ignore
+
+        def __iter__(self) -> t.Iterator[t.Any]:
+            _log_message(self)
+            return super().__iter__()  # type: ignore
+
+        def __bool__(self) -> bool:
+            _log_message(self)
+            return super().__bool__()  # type: ignore
+
+    return LoggingUndefined
+
+
+class ChainableUndefined(Undefined):
+    """An undefined that is chainable, where both ``__getattr__`` and
+    ``__getitem__`` return itself rather than raising an
+    :exc:`UndefinedError`.
+
+    >>> foo = ChainableUndefined(name='foo')
+    >>> str(foo.bar['baz'])
+    ''
+    >>> foo.bar['baz'] + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+
+    .. versionadded:: 2.11.0
+    """
+
+    __slots__ = ()
+
+    def __html__(self) -> str:
+        return str(self)
+
+    def __getattr__(self, _: str) -> "ChainableUndefined":
+        return self
+
+    __getitem__ = __getattr__  # type: ignore
+
+
+class DebugUndefined(Undefined):
+    """An undefined that returns the debug info when printed.
+
+    >>> foo = DebugUndefined(name='foo')
+    >>> str(foo)
+    '{{ foo }}'
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+
+    def __str__(self) -> str:
+        if self._undefined_hint:
+            message = f"undefined value printed: {self._undefined_hint}"
+
+        elif self._undefined_obj is missing:
+            message = self._undefined_name  # type: ignore
+
+        else:
+            message = (
+                f"no such element: {object_type_repr(self._undefined_obj)}"
+                f"[{self._undefined_name!r}]"
+            )
+
+        return f"{{{{ {message} }}}}"
+
+
+class StrictUndefined(Undefined):
+    """An undefined that barks on print and iteration as well as boolean
+    tests and all kinds of comparisons.  In other words: you can do nothing
+    with it except checking if it's defined using the `defined` test.
+
+    >>> foo = StrictUndefined(name='foo')
+    >>> str(foo)
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> not foo
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+    __iter__ = __str__ = __len__ = Undefined._fail_with_undefined_error
+    __eq__ = __ne__ = __bool__ = __hash__ = Undefined._fail_with_undefined_error
+    __contains__ = Undefined._fail_with_undefined_error
+
+
+# Remove slots attributes, after the metaclass is applied they are
+# unneeded and contain wrong data for subclasses.
+del (
+    Undefined.__slots__,
+    ChainableUndefined.__slots__,
+    DebugUndefined.__slots__,
+    StrictUndefined.__slots__,
+)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/sandbox.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/sandbox.py
new file mode 100644
index 000000000..0b4fc12d3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/sandbox.py
@@ -0,0 +1,429 @@
+"""A sandbox layer that ensures unsafe operations cannot be performed.
+Useful when the template itself comes from an untrusted source.
+"""
+
+import operator
+import types
+import typing as t
+from collections import abc
+from collections import deque
+from string import Formatter
+
+from _string import formatter_field_name_split  # type: ignore
+from markupsafe import EscapeFormatter
+from markupsafe import Markup
+
+from .environment import Environment
+from .exceptions import SecurityError
+from .runtime import Context
+from .runtime import Undefined
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+#: maximum number of items a range may produce
+MAX_RANGE = 100000
+
+#: Unsafe function attributes.
+UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
+
+#: Unsafe method attributes. Function attributes are unsafe for methods too.
+UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
+
+#: unsafe generator attributes.
+UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
+
+#: unsafe attributes on coroutines
+UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
+
+#: unsafe attributes on async generators
+UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
+
+_mutable_spec: t.Tuple[t.Tuple[t.Type[t.Any], t.FrozenSet[str]], ...] = (
+    (
+        abc.MutableSet,
+        frozenset(
+            [
+                "add",
+                "clear",
+                "difference_update",
+                "discard",
+                "pop",
+                "remove",
+                "symmetric_difference_update",
+                "update",
+            ]
+        ),
+    ),
+    (
+        abc.MutableMapping,
+        frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
+    ),
+    (
+        abc.MutableSequence,
+        frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
+    ),
+    (
+        deque,
+        frozenset(
+            [
+                "append",
+                "appendleft",
+                "clear",
+                "extend",
+                "extendleft",
+                "pop",
+                "popleft",
+                "remove",
+                "rotate",
+            ]
+        ),
+    ),
+)
+
+
+def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
+    if not isinstance(
+        callable, (types.MethodType, types.BuiltinMethodType)
+    ) or callable.__name__ not in ("format", "format_map"):
+        return None
+
+    obj = callable.__self__
+
+    if isinstance(obj, str):
+        return obj
+
+    return None
+
+
+def safe_range(*args: int) -> range:
+    """A range that can't generate ranges with a length of more than
+    MAX_RANGE items.
+    """
+    rng = range(*args)
+
+    if len(rng) > MAX_RANGE:
+        raise OverflowError(
+            "Range too big. The sandbox blocks ranges larger than"
+            f" MAX_RANGE ({MAX_RANGE})."
+        )
+
+    return rng
+
+
+def unsafe(f: F) -> F:
+    """Marks a function or method as unsafe.
+
+    .. code-block: python
+
+        @unsafe
+        def delete(self):
+            pass
+    """
+    f.unsafe_callable = True  # type: ignore
+    return f
+
+
+def is_internal_attribute(obj: t.Any, attr: str) -> bool:
+    """Test if the attribute given is an internal python attribute.  For
+    example this function returns `True` for the `func_code` attribute of
+    python objects.  This is useful if the environment method
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
+
+    >>> from jinja2.sandbox import is_internal_attribute
+    >>> is_internal_attribute(str, "mro")
+    True
+    >>> is_internal_attribute(str, "upper")
+    False
+    """
+    if isinstance(obj, types.FunctionType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES:
+            return True
+    elif isinstance(obj, types.MethodType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
+            return True
+    elif isinstance(obj, type):
+        if attr == "mro":
+            return True
+    elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
+        return True
+    elif isinstance(obj, types.GeneratorType):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+            return True
+    elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
+        if attr in UNSAFE_COROUTINE_ATTRIBUTES:
+            return True
+    elif hasattr(types, "AsyncGeneratorType") and isinstance(
+        obj, types.AsyncGeneratorType
+    ):
+        if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
+            return True
+    return attr.startswith("__")
+
+
+def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
+    """This function checks if an attribute on a builtin mutable object
+    (list, dict, set or deque) or the corresponding ABCs would modify it
+    if called.
+
+    >>> modifies_known_mutable({}, "clear")
+    True
+    >>> modifies_known_mutable({}, "keys")
+    False
+    >>> modifies_known_mutable([], "append")
+    True
+    >>> modifies_known_mutable([], "index")
+    False
+
+    If called with an unsupported object, ``False`` is returned.
+
+    >>> modifies_known_mutable("foo", "upper")
+    False
+    """
+    for typespec, unsafe in _mutable_spec:
+        if isinstance(obj, typespec):
+            return attr in unsafe
+    return False
+
+
+class SandboxedEnvironment(Environment):
+    """The sandboxed environment.  It works like the regular environment but
+    tells the compiler to generate sandboxed code.  Additionally subclasses of
+    this environment may override the methods that tell the runtime what
+    attributes or functions are safe to access.
+
+    If the template tries to access insecure code a :exc:`SecurityError` is
+    raised.  However also other exceptions may occur during the rendering so
+    the caller has to ensure that all exceptions are caught.
+    """
+
+    sandboxed = True
+
+    #: default callback table for the binary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`binop_table`
+    default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+        "+": operator.add,
+        "-": operator.sub,
+        "*": operator.mul,
+        "/": operator.truediv,
+        "//": operator.floordiv,
+        "**": operator.pow,
+        "%": operator.mod,
+    }
+
+    #: default callback table for the unary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`unop_table`
+    default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+        "+": operator.pos,
+        "-": operator.neg,
+    }
+
+    #: a set of binary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_binop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`binop_table`.
+    #:
+    #: The following binary operators are interceptable:
+    #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_binops: t.FrozenSet[str] = frozenset()
+
+    #: a set of unary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_unop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`unop_table`.
+    #:
+    #: The following unary operators are interceptable: ``+``, ``-``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_unops: t.FrozenSet[str] = frozenset()
+
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
+        super().__init__(*args, **kwargs)
+        self.globals["range"] = safe_range
+        self.binop_table = self.default_binop_table.copy()
+        self.unop_table = self.default_unop_table.copy()
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        """The sandboxed environment will call this method to check if the
+        attribute of an object is safe to access.  Per default all attributes
+        starting with an underscore are considered private as well as the
+        special attributes of internal python objects as returned by the
+        :func:`is_internal_attribute` function.
+        """
+        return not (attr.startswith("_") or is_internal_attribute(obj, attr))
+
+    def is_safe_callable(self, obj: t.Any) -> bool:
+        """Check if an object is safely callable. By default callables
+        are considered safe unless decorated with :func:`unsafe`.
+
+        This also recognizes the Django convention of setting
+        ``func.alters_data = True``.
+        """
+        return not (
+            getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
+        )
+
+    def call_binop(
+        self, context: Context, operator: str, left: t.Any, right: t.Any
+    ) -> t.Any:
+        """For intercepted binary operator calls (:meth:`intercepted_binops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.binop_table[operator](left, right)
+
+    def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
+        """For intercepted unary operator calls (:meth:`intercepted_unops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.unop_table[operator](arg)
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code."""
+        try:
+            return obj[argument]
+        except (TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        value = getattr(obj, attr)
+                    except AttributeError:
+                        pass
+                    else:
+                        if self.is_safe_attribute(obj, argument, value):
+                            return value
+                        return self.unsafe_undefined(obj, argument)
+        return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code and prefer the
+        attribute.  The attribute passed *must* be a bytestring.
+        """
+        try:
+            value = getattr(obj, attribute)
+        except AttributeError:
+            try:
+                return obj[attribute]
+            except (TypeError, LookupError):
+                pass
+        else:
+            if self.is_safe_attribute(obj, attribute, value):
+                return value
+            return self.unsafe_undefined(obj, attribute)
+        return self.undefined(obj=obj, name=attribute)
+
+    def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
+        """Return an undefined object for unsafe attributes."""
+        return self.undefined(
+            f"access to attribute {attribute!r} of"
+            f" {type(obj).__name__!r} object is unsafe.",
+            name=attribute,
+            obj=obj,
+            exc=SecurityError,
+        )
+
+    def format_string(
+        self,
+        s: str,
+        args: t.Tuple[t.Any, ...],
+        kwargs: t.Dict[str, t.Any],
+        format_func: t.Optional[t.Callable[..., t.Any]] = None,
+    ) -> str:
+        """If a format call is detected, then this is routed through this
+        method so that our safety sandbox can be used for it.
+        """
+        formatter: SandboxedFormatter
+        if isinstance(s, Markup):
+            formatter = SandboxedEscapeFormatter(self, escape=s.escape)
+        else:
+            formatter = SandboxedFormatter(self)
+
+        if format_func is not None and format_func.__name__ == "format_map":
+            if len(args) != 1 or kwargs:
+                raise TypeError(
+                    "format_map() takes exactly one argument"
+                    f" {len(args) + (kwargs is not None)} given"
+                )
+
+            kwargs = args[0]
+            args = ()
+
+        rv = formatter.vformat(s, args, kwargs)
+        return type(s)(rv)
+
+    def call(
+        __self,  # noqa: B902
+        __context: Context,
+        __obj: t.Any,
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        """Call an object from sandboxed code."""
+        fmt = inspect_format_method(__obj)
+        if fmt is not None:
+            return __self.format_string(fmt, args, kwargs, __obj)
+
+        # the double prefixes are to avoid double keyword argument
+        # errors when proxying the call.
+        if not __self.is_safe_callable(__obj):
+            raise SecurityError(f"{__obj!r} is not safely callable")
+        return __context.call(__obj, *args, **kwargs)
+
+
+class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+    """Works exactly like the regular `SandboxedEnvironment` but does not
+    permit modifications on the builtin mutable objects `list`, `set`, and
+    `dict` by using the :func:`modifies_known_mutable` function.
+    """
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        if not super().is_safe_attribute(obj, attr, value):
+            return False
+
+        return not modifies_known_mutable(obj, attr)
+
+
+class SandboxedFormatter(Formatter):
+    def __init__(self, env: Environment, **kwargs: t.Any) -> None:
+        self._env = env
+        super().__init__(**kwargs)
+
+    def get_field(
+        self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, str]:
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+
+class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/tests.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/tests.py
new file mode 100644
index 000000000..1a59e3703
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/tests.py
@@ -0,0 +1,256 @@
+"""Built-in template tests used with the ``is`` operator."""
+
+import operator
+import typing as t
+from collections import abc
+from numbers import Number
+
+from .runtime import Undefined
+from .utils import pass_environment
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def test_odd(value: int) -> bool:
+    """Return true if the variable is odd."""
+    return value % 2 == 1
+
+
+def test_even(value: int) -> bool:
+    """Return true if the variable is even."""
+    return value % 2 == 0
+
+
+def test_divisibleby(value: int, num: int) -> bool:
+    """Check if a variable is divisible by a number."""
+    return value % num == 0
+
+
+def test_defined(value: t.Any) -> bool:
+    """Return true if the variable is defined:
+
+    .. sourcecode:: jinja
+
+        {% if variable is defined %}
+            value of variable: {{ variable }}
+        {% else %}
+            variable is not defined
+        {% endif %}
+
+    See the :func:`default` filter for a simple way to set undefined
+    variables.
+    """
+    return not isinstance(value, Undefined)
+
+
+def test_undefined(value: t.Any) -> bool:
+    """Like :func:`defined` but the other way round."""
+    return isinstance(value, Undefined)
+
+
+@pass_environment
+def test_filter(env: "Environment", value: str) -> bool:
+    """Check if a filter exists by name. Useful if a filter may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'markdown' is filter %}
+            {{ value | markdown }}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.filters
+
+
+@pass_environment
+def test_test(env: "Environment", value: str) -> bool:
+    """Check if a test exists by name. Useful if a test may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'loud' is test %}
+            {% if value is loud %}
+                {{ value|upper }}
+            {% else %}
+                {{ value|lower }}
+            {% endif %}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.tests
+
+
+def test_none(value: t.Any) -> bool:
+    """Return true if the variable is none."""
+    return value is None
+
+
+def test_boolean(value: t.Any) -> bool:
+    """Return true if the object is a boolean value.
+
+    .. versionadded:: 2.11
+    """
+    return value is True or value is False
+
+
+def test_false(value: t.Any) -> bool:
+    """Return true if the object is False.
+
+    .. versionadded:: 2.11
+    """
+    return value is False
+
+
+def test_true(value: t.Any) -> bool:
+    """Return true if the object is True.
+
+    .. versionadded:: 2.11
+    """
+    return value is True
+
+
+# NOTE: The existing 'number' test matches booleans and floats
+def test_integer(value: t.Any) -> bool:
+    """Return true if the object is an integer.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, int) and value is not True and value is not False
+
+
+# NOTE: The existing 'number' test matches booleans and integers
+def test_float(value: t.Any) -> bool:
+    """Return true if the object is a float.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, float)
+
+
+def test_lower(value: str) -> bool:
+    """Return true if the variable is lowercased."""
+    return str(value).islower()
+
+
+def test_upper(value: str) -> bool:
+    """Return true if the variable is uppercased."""
+    return str(value).isupper()
+
+
+def test_string(value: t.Any) -> bool:
+    """Return true if the object is a string."""
+    return isinstance(value, str)
+
+
+def test_mapping(value: t.Any) -> bool:
+    """Return true if the object is a mapping (dict etc.).
+
+    .. versionadded:: 2.6
+    """
+    return isinstance(value, abc.Mapping)
+
+
+def test_number(value: t.Any) -> bool:
+    """Return true if the variable is a number."""
+    return isinstance(value, Number)
+
+
+def test_sequence(value: t.Any) -> bool:
+    """Return true if the variable is a sequence. Sequences are variables
+    that are iterable.
+    """
+    try:
+        len(value)
+        value.__getitem__  # noqa B018
+    except Exception:
+        return False
+
+    return True
+
+
+def test_sameas(value: t.Any, other: t.Any) -> bool:
+    """Check if an object points to the same memory address than another
+    object:
+
+    .. sourcecode:: jinja
+
+        {% if foo.attribute is sameas false %}
+            the foo attribute really is the `False` singleton
+        {% endif %}
+    """
+    return value is other
+
+
+def test_iterable(value: t.Any) -> bool:
+    """Check if it's possible to iterate over an object."""
+    try:
+        iter(value)
+    except TypeError:
+        return False
+
+    return True
+
+
+def test_escaped(value: t.Any) -> bool:
+    """Check if the value is escaped."""
+    return hasattr(value, "__html__")
+
+
+def test_in(value: t.Any, seq: t.Container[t.Any]) -> bool:
+    """Check if value is in seq.
+
+    .. versionadded:: 2.10
+    """
+    return value in seq
+
+
+TESTS = {
+    "odd": test_odd,
+    "even": test_even,
+    "divisibleby": test_divisibleby,
+    "defined": test_defined,
+    "undefined": test_undefined,
+    "filter": test_filter,
+    "test": test_test,
+    "none": test_none,
+    "boolean": test_boolean,
+    "false": test_false,
+    "true": test_true,
+    "integer": test_integer,
+    "float": test_float,
+    "lower": test_lower,
+    "upper": test_upper,
+    "string": test_string,
+    "mapping": test_mapping,
+    "number": test_number,
+    "sequence": test_sequence,
+    "iterable": test_iterable,
+    "callable": callable,
+    "sameas": test_sameas,
+    "escaped": test_escaped,
+    "in": test_in,
+    "==": operator.eq,
+    "eq": operator.eq,
+    "equalto": operator.eq,
+    "!=": operator.ne,
+    "ne": operator.ne,
+    ">": operator.gt,
+    "gt": operator.gt,
+    "greaterthan": operator.gt,
+    "ge": operator.ge,
+    ">=": operator.ge,
+    "<": operator.lt,
+    "lt": operator.lt,
+    "lessthan": operator.lt,
+    "<=": operator.le,
+    "le": operator.le,
+}
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/utils.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/utils.py
new file mode 100644
index 000000000..7fb76935a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/utils.py
@@ -0,0 +1,755 @@
+import enum
+import json
+import os
+import re
+import typing as t
+from collections import abc
+from collections import deque
+from random import choice
+from random import randrange
+from threading import Lock
+from types import CodeType
+from urllib.parse import quote_from_bytes
+
+import markupsafe
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+# special singleton representing missing values for the runtime
+missing: t.Any = type("MissingType", (), {"__repr__": lambda x: "missing"})()
+
+internal_code: t.MutableSet[CodeType] = set()
+
+concat = "".join
+
+
+def pass_context(f: F) -> F:
+    """Pass the :class:`~jinja2.runtime.Context` as the first argument
+    to the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``Context.eval_context`` is needed, use
+    :func:`pass_eval_context`. If only ``Context.environment`` is
+    needed, use :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``contextfunction`` and ``contextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.context  # type: ignore
+    return f
+
+
+def pass_eval_context(f: F) -> F:
+    """Pass the :class:`~jinja2.nodes.EvalContext` as the first argument
+    to the decorated function when called while rendering a template.
+    See :ref:`eval-context`.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``EvalContext.environment`` is needed, use
+    :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``evalcontextfunction`` and ``evalcontextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.eval_context  # type: ignore
+    return f
+
+
+def pass_environment(f: F) -> F:
+    """Pass the :class:`~jinja2.Environment` as the first argument to
+    the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    .. versionadded:: 3.0.0
+        Replaces ``environmentfunction`` and ``environmentfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.environment  # type: ignore
+    return f
+
+
+class _PassArg(enum.Enum):
+    context = enum.auto()
+    eval_context = enum.auto()
+    environment = enum.auto()
+
+    @classmethod
+    def from_obj(cls, obj: F) -> t.Optional["_PassArg"]:
+        if hasattr(obj, "jinja_pass_arg"):
+            return obj.jinja_pass_arg  # type: ignore
+
+        return None
+
+
+def internalcode(f: F) -> F:
+    """Marks the function as internally used"""
+    internal_code.add(f.__code__)
+    return f
+
+
+def is_undefined(obj: t.Any) -> bool:
+    """Check if the object passed is undefined.  This does nothing more than
+    performing an instance check against :class:`Undefined` but looks nicer.
+    This can be used for custom filters or tests that want to react to
+    undefined variables.  For example a custom default filter can look like
+    this::
+
+        def default(var, default=''):
+            if is_undefined(var):
+                return default
+            return var
+    """
+    from .runtime import Undefined
+
+    return isinstance(obj, Undefined)
+
+
+def consume(iterable: t.Iterable[t.Any]) -> None:
+    """Consumes an iterable without doing anything with it."""
+    for _ in iterable:
+        pass
+
+
+def clear_caches() -> None:
+    """Jinja keeps internal caches for environments and lexers.  These are
+    used so that Jinja doesn't have to recreate environments and lexers all
+    the time.  Normally you don't have to care about that but if you are
+    measuring memory consumption you may want to clean the caches.
+    """
+    from .environment import get_spontaneous_environment
+    from .lexer import _lexer_cache
+
+    get_spontaneous_environment.cache_clear()
+    _lexer_cache.clear()
+
+
+def import_string(import_name: str, silent: bool = False) -> t.Any:
+    """Imports an object based on a string.  This is useful if you want to
+    use import paths as endpoints or something similar.  An import path can
+    be specified either in dotted notation (``xml.sax.saxutils.escape``)
+    or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+    If the `silent` is True the return value will be `None` if the import
+    fails.
+
+    :return: imported object
+    """
+    try:
+        if ":" in import_name:
+            module, obj = import_name.split(":", 1)
+        elif "." in import_name:
+            module, _, obj = import_name.rpartition(".")
+        else:
+            return __import__(import_name)
+        return getattr(__import__(module, None, None, [obj]), obj)
+    except (ImportError, AttributeError):
+        if not silent:
+            raise
+
+
+def open_if_exists(filename: str, mode: str = "rb") -> t.Optional[t.IO[t.Any]]:
+    """Returns a file descriptor for the filename if that file exists,
+    otherwise ``None``.
+    """
+    if not os.path.isfile(filename):
+        return None
+
+    return open(filename, mode)
+
+
+def object_type_repr(obj: t.Any) -> str:
+    """Returns the name of the object's type.  For some recognized
+    singletons the name of the object is returned instead. (For
+    example for `None` and `Ellipsis`).
+    """
+    if obj is None:
+        return "None"
+    elif obj is Ellipsis:
+        return "Ellipsis"
+
+    cls = type(obj)
+
+    if cls.__module__ == "builtins":
+        return f"{cls.__name__} object"
+
+    return f"{cls.__module__}.{cls.__name__} object"
+
+
+def pformat(obj: t.Any) -> str:
+    """Format an object using :func:`pprint.pformat`."""
+    from pprint import pformat
+
+    return pformat(obj)
+
+
+_http_re = re.compile(
+    r"""
+    ^
+    (
+        (https?://|www\.)  # scheme or www
+        (([\w%-]+\.)+)?  # subdomain
+        (
+            [a-z]{2,63}  # basic tld
+        |
+            xn--[\w%]{2,59}  # idna tld
+        )
+    |
+        ([\w%-]{2,63}\.)+  # basic domain
+        (com|net|int|edu|gov|org|info|mil)  # basic tld
+    |
+        (https?://)  # scheme
+        (
+            (([\d]{1,3})(\.[\d]{1,3}){3})  # IPv4
+        |
+            (\[([\da-f]{0,4}:){2}([\da-f]{0,4}:?){1,6}])  # IPv6
+        )
+    )
+    (?::[\d]{1,5})?  # port
+    (?:[/?#]\S*)?  # path, query, and fragment
+    $
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+_email_re = re.compile(r"^\S+@\w[\w.-]*\.\w+$")
+
+
+def urlize(
+    text: str,
+    trim_url_limit: t.Optional[int] = None,
+    rel: t.Optional[str] = None,
+    target: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param text: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+    """
+    if trim_url_limit is not None:
+
+        def trim_url(x: str) -> str:
+            if len(x) > trim_url_limit:
+                return f"{x[:trim_url_limit]}..."
+
+            return x
+
+    else:
+
+        def trim_url(x: str) -> str:
+            return x
+
+    words = re.split(r"(\s+)", str(markupsafe.escape(text)))
+    rel_attr = f' rel="{markupsafe.escape(rel)}"' if rel else ""
+    target_attr = f' target="{markupsafe.escape(target)}"' if target else ""
+
+    for i, word in enumerate(words):
+        head, middle, tail = "", word, ""
+        match = re.match(r"^([(<]|&lt;)+", middle)
+
+        if match:
+            head = match.group()
+            middle = middle[match.end() :]
+
+        # Unlike lead, which is anchored to the start of the string,
+        # need to check that the string ends with any of the characters
+        # before trying to match all of them, to avoid backtracking.
+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
+
+            if match:
+                tail = match.group()
+                middle = middle[: match.start()]
+
+        # Prefer balancing parentheses in URLs instead of ignoring a
+        # trailing character.
+        for start_char, end_char in ("(", ")"), ("<", ">"), ("&lt;", "&gt;"):
+            start_count = middle.count(start_char)
+
+            if start_count <= middle.count(end_char):
+                # Balanced, or lighter on the left
+                continue
+
+            # Move as many as possible from the tail to balance
+            for _ in range(min(start_count, tail.count(end_char))):
+                end_index = tail.index(end_char) + len(end_char)
+                # Move anything in the tail before the end char too
+                middle += tail[:end_index]
+                tail = tail[end_index:]
+
+        if _http_re.match(middle):
+            if middle.startswith("https://") or middle.startswith("http://"):
+                middle = (
+                    f'<a href="{middle}"{rel_attr}{target_attr}>{trim_url(middle)}</a>'
+                )
+            else:
+                middle = (
+                    f'<a href="https://{middle}"{rel_attr}{target_attr}>'
+                    f"{trim_url(middle)}</a>"
+                )
+
+        elif middle.startswith("mailto:") and _email_re.match(middle[7:]):
+            middle = f'<a href="{middle}">{middle[7:]}</a>'
+
+        elif (
+            "@" in middle
+            and not middle.startswith("www.")
+            and ":" not in middle
+            and _email_re.match(middle)
+        ):
+            middle = f'<a href="mailto:{middle}">{middle}</a>'
+
+        elif extra_schemes is not None:
+            for scheme in extra_schemes:
+                if middle != scheme and middle.startswith(scheme):
+                    middle = f'<a href="{middle}"{rel_attr}{target_attr}>{middle}</a>'
+
+        words[i] = f"{head}{middle}{tail}"
+
+    return "".join(words)
+
+
+def generate_lorem_ipsum(
+    n: int = 5, html: bool = True, min: int = 20, max: int = 100
+) -> str:
+    """Generate some lorem ipsum for the template."""
+    from .constants import LOREM_IPSUM_WORDS
+
+    words = LOREM_IPSUM_WORDS.split()
+    result = []
+
+    for _ in range(n):
+        next_capitalized = True
+        last_comma = last_fullstop = 0
+        word = None
+        last = None
+        p = []
+
+        # each paragraph contains out of 20 to 100 words.
+        for idx, _ in enumerate(range(randrange(min, max))):
+            while True:
+                word = choice(words)
+                if word != last:
+                    last = word
+                    break
+            if next_capitalized:
+                word = word.capitalize()
+                next_capitalized = False
+            # add commas
+            if idx - randrange(3, 8) > last_comma:
+                last_comma = idx
+                last_fullstop += 2
+                word += ","
+            # add end of sentences
+            if idx - randrange(10, 20) > last_fullstop:
+                last_comma = last_fullstop = idx
+                word += "."
+                next_capitalized = True
+            p.append(word)
+
+        # ensure that the paragraph ends with a dot.
+        p_str = " ".join(p)
+
+        if p_str.endswith(","):
+            p_str = p_str[:-1] + "."
+        elif not p_str.endswith("."):
+            p_str += "."
+
+        result.append(p_str)
+
+    if not html:
+        return "\n\n".join(result)
+    return markupsafe.Markup(
+        "\n".join(f"<p>{markupsafe.escape(x)}</p>" for x in result)
+    )
+
+
+def url_quote(obj: t.Any, charset: str = "utf-8", for_qs: bool = False) -> str:
+    """Quote a string for use in a URL using the given charset.
+
+    :param obj: String or bytes to quote. Other types are converted to
+        string then encoded to bytes using the given charset.
+    :param charset: Encode text to bytes using this charset.
+    :param for_qs: Quote "/" and use "+" for spaces.
+    """
+    if not isinstance(obj, bytes):
+        if not isinstance(obj, str):
+            obj = str(obj)
+
+        obj = obj.encode(charset)
+
+    safe = b"" if for_qs else b"/"
+    rv = quote_from_bytes(obj, safe)
+
+    if for_qs:
+        rv = rv.replace("%20", "+")
+
+    return rv
+
+
+@abc.MutableMapping.register
+class LRUCache:
+    """A simple LRU Cache implementation."""
+
+    # this is fast for small capacities (something below 1000) but doesn't
+    # scale.  But as long as it's only used as storage for templates this
+    # won't do any harm.
+
+    def __init__(self, capacity: int) -> None:
+        self.capacity = capacity
+        self._mapping: t.Dict[t.Any, t.Any] = {}
+        self._queue: "te.Deque[t.Any]" = deque()
+        self._postinit()
+
+    def _postinit(self) -> None:
+        # alias all queue methods for faster lookup
+        self._popleft = self._queue.popleft
+        self._pop = self._queue.pop
+        self._remove = self._queue.remove
+        self._wlock = Lock()
+        self._append = self._queue.append
+
+    def __getstate__(self) -> t.Mapping[str, t.Any]:
+        return {
+            "capacity": self.capacity,
+            "_mapping": self._mapping,
+            "_queue": self._queue,
+        }
+
+    def __setstate__(self, d: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.update(d)
+        self._postinit()
+
+    def __getnewargs__(self) -> t.Tuple[t.Any, ...]:
+        return (self.capacity,)
+
+    def copy(self) -> "LRUCache":
+        """Return a shallow copy of the instance."""
+        rv = self.__class__(self.capacity)
+        rv._mapping.update(self._mapping)
+        rv._queue.extend(self._queue)
+        return rv
+
+    def get(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Return an item from the cache dict or `default`"""
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def setdefault(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Set `default` if the key is not in the cache otherwise
+        leave unchanged. Return the value of this key.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            self[key] = default
+            return default
+
+    def clear(self) -> None:
+        """Clear the cache."""
+        with self._wlock:
+            self._mapping.clear()
+            self._queue.clear()
+
+    def __contains__(self, key: t.Any) -> bool:
+        """Check if a key exists in this cache."""
+        return key in self._mapping
+
+    def __len__(self) -> int:
+        """Return the current size of the cache."""
+        return len(self._mapping)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self._mapping!r}>"
+
+    def __getitem__(self, key: t.Any) -> t.Any:
+        """Get an item from the cache. Moves the item up so that it has the
+        highest priority then.
+
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            rv = self._mapping[key]
+
+            if self._queue[-1] != key:
+                try:
+                    self._remove(key)
+                except ValueError:
+                    # if something removed the key from the container
+                    # when we read, ignore the ValueError that we would
+                    # get otherwise.
+                    pass
+
+                self._append(key)
+
+            return rv
+
+    def __setitem__(self, key: t.Any, value: t.Any) -> None:
+        """Sets the value for an item. Moves the item up so that it
+        has the highest priority then.
+        """
+        with self._wlock:
+            if key in self._mapping:
+                self._remove(key)
+            elif len(self._mapping) == self.capacity:
+                del self._mapping[self._popleft()]
+
+            self._append(key)
+            self._mapping[key] = value
+
+    def __delitem__(self, key: t.Any) -> None:
+        """Remove an item from the cache dict.
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            del self._mapping[key]
+
+            try:
+                self._remove(key)
+            except ValueError:
+                pass
+
+    def items(self) -> t.Iterable[t.Tuple[t.Any, t.Any]]:
+        """Return a list of items."""
+        result = [(key, self._mapping[key]) for key in list(self._queue)]
+        result.reverse()
+        return result
+
+    def values(self) -> t.Iterable[t.Any]:
+        """Return a list of all values."""
+        return [x[1] for x in self.items()]
+
+    def keys(self) -> t.Iterable[t.Any]:
+        """Return a list of all keys ordered by most recent usage."""
+        return list(self)
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        return reversed(tuple(self._queue))
+
+    def __reversed__(self) -> t.Iterator[t.Any]:
+        """Iterate over the keys in the cache dict, oldest items
+        coming first.
+        """
+        return iter(tuple(self._queue))
+
+    __copy__ = copy
+
+
+def select_autoescape(
+    enabled_extensions: t.Collection[str] = ("html", "htm", "xml"),
+    disabled_extensions: t.Collection[str] = (),
+    default_for_string: bool = True,
+    default: bool = False,
+) -> t.Callable[[t.Optional[str]], bool]:
+    """Intelligently sets the initial value of autoescaping based on the
+    filename of the template.  This is the recommended way to configure
+    autoescaping if you do not want to write a custom function yourself.
+
+    If you want to enable it for all templates created from strings or
+    for all templates with `.html` and `.xml` extensions::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            enabled_extensions=('html', 'xml'),
+            default_for_string=True,
+        ))
+
+    Example configuration to turn it on at all times except if the template
+    ends with `.txt`::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            disabled_extensions=('txt',),
+            default_for_string=True,
+            default=True,
+        ))
+
+    The `enabled_extensions` is an iterable of all the extensions that
+    autoescaping should be enabled for.  Likewise `disabled_extensions` is
+    a list of all templates it should be disabled for.  If a template is
+    loaded from a string then the default from `default_for_string` is used.
+    If nothing matches then the initial value of autoescaping is set to the
+    value of `default`.
+
+    For security reasons this function operates case insensitive.
+
+    .. versionadded:: 2.9
+    """
+    enabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in enabled_extensions)
+    disabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in disabled_extensions)
+
+    def autoescape(template_name: t.Optional[str]) -> bool:
+        if template_name is None:
+            return default_for_string
+        template_name = template_name.lower()
+        if template_name.endswith(enabled_patterns):
+            return True
+        if template_name.endswith(disabled_patterns):
+            return False
+        return default
+
+    return autoescape
+
+
+def htmlsafe_json_dumps(
+    obj: t.Any, dumps: t.Optional[t.Callable[..., str]] = None, **kwargs: t.Any
+) -> markupsafe.Markup:
+    """Serialize an object to a string of JSON with :func:`json.dumps`,
+    then replace HTML-unsafe characters with Unicode escapes and mark
+    the result safe with :class:`~markupsafe.Markup`.
+
+    This is available in templates as the ``|tojson`` filter.
+
+    The following characters are escaped: ``<``, ``>``, ``&``, ``'``.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param obj: The object to serialize to JSON.
+    :param dumps: The ``dumps`` function to use. Defaults to
+        ``env.policies["json.dumps_function"]``, which defaults to
+        :func:`json.dumps`.
+    :param kwargs: Extra arguments to pass to ``dumps``. Merged onto
+        ``env.policies["json.dumps_kwargs"]``.
+
+    .. versionchanged:: 3.0
+        The ``dumper`` parameter is renamed to ``dumps``.
+
+    .. versionadded:: 2.9
+    """
+    if dumps is None:
+        dumps = json.dumps
+
+    return markupsafe.Markup(
+        dumps(obj, **kwargs)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("'", "\\u0027")
+    )
+
+
+class Cycler:
+    """Cycle through values by yield them one at a time, then restarting
+    once the end is reached. Available as ``cycler`` in templates.
+
+    Similar to ``loop.cycle``, but can be used outside loops or across
+    multiple loops. For example, render a list of folders and files in a
+    list, alternating giving them "odd" and "even" classes.
+
+    .. code-block:: html+jinja
+
+        {% set row_class = cycler("odd", "even") %}
+        <ul class="browser">
+        {% for folder in folders %}
+          <li class="folder {{ row_class.next() }}">{{ folder }}
+        {% endfor %}
+        {% for file in files %}
+          <li class="file {{ row_class.next() }}">{{ file }}
+        {% endfor %}
+        </ul>
+
+    :param items: Each positional argument will be yielded in the order
+        given for each cycle.
+
+    .. versionadded:: 2.1
+    """
+
+    def __init__(self, *items: t.Any) -> None:
+        if not items:
+            raise RuntimeError("at least one item has to be provided")
+        self.items = items
+        self.pos = 0
+
+    def reset(self) -> None:
+        """Resets the current item to the first item."""
+        self.pos = 0
+
+    @property
+    def current(self) -> t.Any:
+        """Return the current item. Equivalent to the item that will be
+        returned next time :meth:`next` is called.
+        """
+        return self.items[self.pos]
+
+    def next(self) -> t.Any:
+        """Return the current item, then advance :attr:`current` to the
+        next item.
+        """
+        rv = self.current
+        self.pos = (self.pos + 1) % len(self.items)
+        return rv
+
+    __next__ = next
+
+
+class Joiner:
+    """A joining helper for templates."""
+
+    def __init__(self, sep: str = ", ") -> None:
+        self.sep = sep
+        self.used = False
+
+    def __call__(self) -> str:
+        if not self.used:
+            self.used = True
+            return ""
+        return self.sep
+
+
+class Namespace:
+    """A namespace object that can hold arbitrary attributes.  It may be
+    initialized from a dictionary or with keyword arguments."""
+
+    def __init__(*args: t.Any, **kwargs: t.Any) -> None:  # noqa: B902
+        self, args = args[0], args[1:]
+        self.__attrs = dict(*args, **kwargs)
+
+    def __getattribute__(self, name: str) -> t.Any:
+        # __class__ is needed for the awaitable check in async mode
+        if name in {"_Namespace__attrs", "__class__"}:
+            return object.__getattribute__(self, name)
+        try:
+            return self.__attrs[name]
+        except KeyError:
+            raise AttributeError(name) from None
+
+    def __setitem__(self, name: str, value: t.Any) -> None:
+        self.__attrs[name] = value
+
+    def __repr__(self) -> str:
+        return f"<Namespace {self.__attrs!r}>"
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jinja2/visitor.py b/lib/go-jinja2/internal/data/linux-arm64/jinja2/visitor.py
new file mode 100644
index 000000000..7b8e18060
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jinja2/visitor.py
@@ -0,0 +1,92 @@
+"""API for traversing the AST nodes. Implemented by the compiler and
+meta introspection.
+"""
+
+import typing as t
+
+from .nodes import Node
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class VisitCallable(te.Protocol):
+        def __call__(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any: ...
+
+
+class NodeVisitor:
+    """Walks the abstract syntax tree and call visitor functions for every
+    node found.  The visitor functions may return values which will be
+    forwarded by the `visit` method.
+
+    Per default the visitor functions for the nodes are ``'visit_'`` +
+    class name of the node.  So a `TryFinally` node visit function would
+    be `visit_TryFinally`.  This behavior can be changed by overriding
+    the `get_visitor` function.  If no visitor function exists for a node
+    (return value `None`) the `generic_visit` visitor is used instead.
+    """
+
+    def get_visitor(self, node: Node) -> "t.Optional[VisitCallable]":
+        """Return the visitor function for this node or `None` if no visitor
+        exists for this node.  In that case the generic visit function is
+        used instead.
+        """
+        return getattr(self, f"visit_{type(node).__name__}", None)
+
+    def visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Visit a node."""
+        f = self.get_visitor(node)
+
+        if f is not None:
+            return f(node, *args, **kwargs)
+
+        return self.generic_visit(node, *args, **kwargs)
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Called if no explicit visitor function exists for a node."""
+        for child_node in node.iter_child_nodes():
+            self.visit(child_node, *args, **kwargs)
+
+
+class NodeTransformer(NodeVisitor):
+    """Walks the abstract syntax tree and allows modifications of nodes.
+
+    The `NodeTransformer` will walk the AST and use the return value of the
+    visitor functions to replace or remove the old node.  If the return
+    value of the visitor function is `None` the node will be removed
+    from the previous location otherwise it's replaced with the return
+    value.  The return value may be the original node in which case no
+    replacement takes place.
+    """
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> Node:
+        for field, old_value in node.iter_fields():
+            if isinstance(old_value, list):
+                new_values = []
+                for value in old_value:
+                    if isinstance(value, Node):
+                        value = self.visit(value, *args, **kwargs)
+                        if value is None:
+                            continue
+                        elif not isinstance(value, Node):
+                            new_values.extend(value)
+                            continue
+                    new_values.append(value)
+                old_value[:] = new_values
+            elif isinstance(old_value, Node):
+                new_node = self.visit(old_value, *args, **kwargs)
+                if new_node is None:
+                    delattr(node, field)
+                else:
+                    setattr(node, field, new_node)
+        return node
+
+    def visit_list(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.List[Node]:
+        """As transformers may return lists in some places this method
+        can be used to enforce a list as return value.
+        """
+        rv = self.visit(node, *args, **kwargs)
+
+        if not isinstance(rv, list):
+            return [rv]
+
+        return rv
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
new file mode 100644
index 000000000..86be119bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
@@ -0,0 +1,379 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.6.1
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+License-File: LICENSE
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.7 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++-------------------------------------+------------------------------------------------------------------------------------+
+| Syntax                              | Meaning                                                                            |
++=====================================+====================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
++-------------------------------------+------------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
new file mode 100644
index 000000000..20fe88195
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
@@ -0,0 +1,35 @@
+../../bin/jsonpath_ng,sha256=_vbWgaZaHk4PSatDYj_Vl1etT8NE46RCsPoozVTHofE,260
+jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
+jsonpath_ng-1.6.1.dist-info/RECORD,,
+jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
+jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
+jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/__pycache__/lexer.cpython-311.pyc,,
+jsonpath_ng/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/bin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng/bin/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/bin/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/bin/jsonpath.py,sha256=C4PCWjxSRskALh_Z7ILOFpvHNjP5HLBmRnxbzrbgg98,2057
+jsonpath_ng/exceptions.py,sha256=WbmwVjhCtpqp0enN3Sd4ymlZGP8ZZUkvT9uq7PXiEq4,146
+jsonpath_ng/ext/__init__.py,sha256=oxAHiz1-xcRsDX_KGDCiBh6LGP2zHZKzvI3QxrFTh6E,605
+jsonpath_ng/ext/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/arithmetic.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/filter.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/iterable.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
+jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
+jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
+jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
+jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
+jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
+jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
+jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
+jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
new file mode 100644
index 000000000..57e3d840d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.38.4)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
new file mode 100644
index 000000000..e1985ff19
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
new file mode 100644
index 000000000..30b75c567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
@@ -0,0 +1 @@
+jsonpath_ng
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
new file mode 100644
index 000000000..ed6553b2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
@@ -0,0 +1,6 @@
+from .jsonpath import *  # noqa
+from .parser import parse  # noqa
+
+
+# Current package version
+__version__ = '1.6.1'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/jsonpath.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/jsonpath.py
new file mode 100644
index 000000000..386f87c59
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/bin/jsonpath.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# encoding: utf-8
+# Copyright © 2012 Felix Richter <wtfpl@syntax-fehler.de>
+# This work is free. You can redistribute it and/or modify it under the
+# terms of the Do What The Fuck You Want To Public License, Version 2,
+# as published by Sam Hocevar. See the COPYING file for more details.
+
+# Standard Library imports
+import json
+import sys
+import glob
+import argparse
+
+# JsonPath-RW imports
+from jsonpath_ng import parse
+
+def find_matches_for_file(expr, f):
+    return expr.find(json.load(f))
+
+def print_matches(matches):
+    print('\n'.join(['{0}'.format(match.value) for match in matches]))
+
+
+def main(*argv):
+    parser = argparse.ArgumentParser(
+        description='Search JSON files (or stdin) according to a JSONPath expression.',
+        formatter_class=argparse.RawTextHelpFormatter,
+        epilog="""
+        Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw)
+
+        atomics:
+            $              - root object
+            `this`         - current object
+
+        operators:
+            path1.path2    - same as xpath /
+            path1|path2    - union
+            path1..path2   - somewhere in between
+
+        fields:
+            fieldname       - field with name
+            *               - any field
+            [_start_?:_end_?] - array slice
+            [*]             - any array index
+    """)
+
+
+
+    parser.add_argument('expression', help='A JSONPath expression.')
+    parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)')
+
+    args = parser.parse_args(argv[1:])
+
+    expr = parse(args.expression)
+    glob_patterns = args.files
+
+    if len(glob_patterns) == 0:
+        # stdin mode
+        print_matches(find_matches_for_file(expr, sys.stdin))
+    else:
+        # file paths mode
+        for pattern in glob_patterns:
+            for filename in glob.glob(pattern):
+                with open(filename) as f:
+                    print_matches(find_matches_for_file(expr, f))
+
+def entry_point():
+    main(*sys.argv)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/exceptions.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/exceptions.py
new file mode 100644
index 000000000..a592d83cb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/exceptions.py
@@ -0,0 +1,10 @@
+class JSONPathError(Exception):
+    pass
+
+
+class JsonPathLexerError(JSONPathError):
+    pass
+
+
+class JsonPathParserError(JSONPathError):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/__init__.py
new file mode 100644
index 000000000..1e5c325fc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .parser import parse  # noqa
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/arithmetic.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/arithmetic.py
new file mode 100644
index 000000000..0ba9e0ca8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/arithmetic.py
@@ -0,0 +1,72 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+from .. import JSONPath, DatumInContext
+
+
+OPERATOR_MAP = {
+    '+': operator.add,
+    '-': operator.sub,
+    '*': operator.mul,
+    '/': operator.truediv,
+}
+
+
+class Operation(JSONPath):
+    def __init__(self, left, op, right):
+        self.left = left
+        self.op = OPERATOR_MAP[op]
+        self.right = right
+
+    def find(self, datum):
+        result = []
+        if (isinstance(self.left, JSONPath)
+                and isinstance(self.right, JSONPath)):
+            left = self.left.find(datum)
+            right = self.right.find(datum)
+            if left and right and len(left) == len(right):
+                for l, r in zip(left, right):
+                    try:
+                        result.append(self.op(l.value, r.value))
+                    except TypeError:
+                        return []
+            else:
+                return []
+        elif isinstance(self.left, JSONPath):
+            left = self.left.find(datum)
+            for l in left:
+                try:
+                    result.append(self.op(l.value, self.right))
+                except TypeError:
+                    return []
+        elif isinstance(self.right, JSONPath):
+            right = self.right.find(datum)
+            for r in right:
+                try:
+                    result.append(self.op(self.left, r.value))
+                except TypeError:
+                    return []
+        else:
+            try:
+                result.append(self.op(self.left, self.right))
+            except TypeError:
+                return []
+        return [DatumInContext.wrap(r) for r in result]
+
+    def __repr__(self):
+        return '%s(%r%s%r)' % (self.__class__.__name__, self.left, self.op,
+                               self.right)
+
+    def __str__(self):
+        return '%s%s%s' % (self.left, self.op, self.right)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/filter.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/filter.py
new file mode 100644
index 000000000..e0bd48a4f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/filter.py
@@ -0,0 +1,140 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+import re
+
+from .. import JSONPath, DatumInContext, Index
+
+
+OPERATOR_MAP = {
+    '!=': operator.ne,
+    '==': operator.eq,
+    '=': operator.eq,
+    '<=': operator.le,
+    '<': operator.lt,
+    '>=': operator.ge,
+    '>': operator.gt,
+    '=~': lambda a, b: True if isinstance(a, str) and re.search(b, a) else False,
+}
+
+
+class Filter(JSONPath):
+    """The JSONQuery filter"""
+
+    def __init__(self, expressions):
+        self.expressions = expressions
+
+    def find(self, datum):
+        if not self.expressions:
+            return datum
+
+        datum = DatumInContext.wrap(datum)
+
+        if isinstance(datum.value, dict):
+            datum.value = list(datum.value.values())
+
+        if not isinstance(datum.value, list):
+            return []
+
+        return [DatumInContext(datum.value[i], path=Index(i), context=datum)
+                for i in range(0, len(datum.value))
+                if (len(self.expressions) ==
+                    len(list(filter(lambda x: x.find(datum.value[i]),
+                                    self.expressions))))]
+
+    def filter(self, fn, data):
+        # NOTE: We reverse the order just to make sure the indexes are preserved upon
+        #  removal.
+        for datum in reversed(self.find(data)):
+            index_obj = datum.path
+            if isinstance(data, dict):
+                index_obj.index = list(data)[index_obj.index]
+            index_obj.filter(fn, data)
+        return data
+
+    def update(self, data, val):
+        if type(data) is list:
+            for index, item in enumerate(data):
+                shouldUpdate = len(self.expressions) == len(list(filter(lambda x: x.find(item), self.expressions)))
+                if shouldUpdate:
+                    if hasattr(val, '__call__'):
+                        val.__call__(data[index], data, index)
+                    else:
+                        data[index] = val
+        return data
+    
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+    def __eq__(self, other):
+        return (isinstance(other, Filter)
+                and self.expressions == other.expressions)
+
+
+class Expression(JSONPath):
+    """The JSONQuery expression"""
+
+    def __init__(self, target, op, value):
+        self.target = target
+        self.op = op
+        self.value = value
+
+    def find(self, datum):
+        datum = self.target.find(DatumInContext.wrap(datum))
+
+        if not datum:
+            return []
+        if self.op is None:
+            return datum
+
+        found = []
+        for data in datum:
+            value = data.value
+            if isinstance(self.value, int):
+                try:
+                    value = int(value)
+                except ValueError:
+                    continue
+            elif isinstance(self.value, bool):
+                try:
+                    value = bool(value)
+                except ValueError:
+                    continue
+
+            if OPERATOR_MAP[self.op](value, self.value):
+                found.append(data)
+
+        return found
+
+    def __eq__(self, other):
+        return (isinstance(other, Expression) and
+                self.target == other.target and
+                self.op == other.op and
+                self.value == other.value)
+
+    def __repr__(self):
+        if self.op is None:
+            return '%s(%r)' % (self.__class__.__name__, self.target)
+        else:
+            return '%s(%r %s %r)' % (self.__class__.__name__,
+                                     self.target, self.op, self.value)
+
+    def __str__(self):
+        if self.op is None:
+            return '%s' % self.target
+        else:
+            return '%s %s %s' % (self.target, self.op, self.value)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
new file mode 100644
index 000000000..40ae1eb5b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
@@ -0,0 +1,118 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+from .. import This, DatumInContext, JSONPath
+
+
+class SortedThis(This):
+    """The JSONPath referring to the sorted version of the current object.
+
+    Concrete syntax is '`sorted`' or [\\field,/field].
+    """
+    def __init__(self, expressions=None):
+        self.expressions = expressions
+
+    def _compare(self, left, right):
+        left = DatumInContext.wrap(left)
+        right = DatumInContext.wrap(right)
+
+        for expr in self.expressions:
+            field, reverse = expr
+            l_datum = field.find(left)
+            r_datum = field.find(right)
+            if (not l_datum or not r_datum or
+                    len(l_datum) > 1 or len(r_datum) > 1 or
+                    l_datum[0].value == r_datum[0].value):
+                # NOTE(sileht): should we do something if the expression
+                # match multiple fields, for now ignore them
+                continue
+            elif l_datum[0].value < r_datum[0].value:
+                return 1 if reverse else -1
+            else:
+                return -1 if reverse else 1
+        return 0
+
+    def find(self, datum):
+        """Return sorted value of This if list or dict."""
+        if isinstance(datum.value, dict) and self.expressions:
+            return datum
+
+        if isinstance(datum.value, dict) or isinstance(datum.value, list):
+            key = (functools.cmp_to_key(self._compare)
+                   if self.expressions else None)
+            return [DatumInContext.wrap(
+                [value for value in sorted(datum.value, key=key)])]
+        return datum
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+
+class Len(JSONPath):
+    """The JSONPath referring to the len of the current object.
+
+    Concrete syntax is '`len`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = len(datum.value)
+        except TypeError:
+            return []
+        else:
+            return [DatumInContext(value,
+                                               context=None,
+                                               path=Len())]
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __str__(self):
+        return '`len`'
+
+    def __repr__(self):
+        return 'Len()'
+
+
+class Keys(JSONPath):
+    """The JSONPath referring to the keys of the current object.
+    Concrete syntax is '`keys`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = list(datum.value.keys())
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value[i],
+                                               context=None,
+                                               path=Keys()) for i in range (0, len(datum.value))]
+
+    def __eq__(self, other):
+        return isinstance(other, Keys)
+
+    def __str__(self):
+        return '`keys`'
+
+    def __repr__(self):
+        return 'Keys()'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
new file mode 100644
index 000000000..756b72c69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
@@ -0,0 +1,174 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .. import lexer
+from .. import parser
+from .. import Fields, This, Child
+
+from . import arithmetic as _arithmetic
+from . import filter as _filter
+from . import iterable as _iterable
+from . import string as _string
+
+
+class ExtendedJsonPathLexer(lexer.JsonPathLexer):
+    """Custom LALR-lexer for JsonPath"""
+    literals = lexer.JsonPathLexer.literals + ['?', '@', '+', '*', '/', '-']
+    tokens = (['BOOL'] +
+              parser.JsonPathLexer.tokens +
+              ['FILTER_OP', 'SORT_DIRECTION', 'FLOAT'])
+
+    t_FILTER_OP = r'=~|==?|<=|>=|!=|<|>'
+
+    def t_BOOL(self, t):
+        r'true|false'
+        t.value = True if t.value == 'true' else False
+        return t
+
+    def t_SORT_DIRECTION(self, t):
+        r',?\s*(/|\\)'
+        t.value = t.value[-1]
+        return t
+
+    def t_ID(self, t):
+        r'@?[a-zA-Z_][a-zA-Z0-9_@\-]*'
+        # NOTE(sileht): This fixes the ID expression to be
+        # able to use @ for `This` like any json query
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_FLOAT(self, t):
+        r'-?\d+\.\d+'
+        t.value = float(t.value)
+        return t
+
+
+class ExtentedJsonPathParser(parser.JsonPathParser):
+    """Custom LALR-parser for JsonPath"""
+
+    tokens = ExtendedJsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        lexer_class = lexer_class or ExtendedJsonPathLexer
+        super(ExtentedJsonPathParser, self).__init__(debug, lexer_class)
+
+    def p_jsonpath_operator_jsonpath(self, p):
+        """jsonpath : NUMBER operator NUMBER
+                    | FLOAT operator FLOAT
+                    | ID operator ID
+                    | NUMBER operator jsonpath
+                    | FLOAT operator jsonpath
+                    | jsonpath operator NUMBER
+                    | jsonpath operator FLOAT
+                    | jsonpath operator jsonpath
+        """
+
+        # NOTE(sileht): If we have choice between a field or a string we
+        # always choice string, because field can be full qualified
+        # like $.foo == foo and where string can't.
+        for i in [1, 3]:
+            if (isinstance(p[i], Fields) and len(p[i].fields) == 1):  # noqa
+                p[i] = p[i].fields[0]
+
+        p[0] = _arithmetic.Operation(p[1], p[2], p[3])
+
+    def p_operator(self, p):
+        """operator : '+'
+                    | '-'
+                    | '*'
+                    | '/'
+        """
+        p[0] = p[1]
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'len':
+            p[0] = _iterable.Len()
+        elif p[1] == 'keys':
+            p[0] = _iterable.Keys()
+        elif p[1] == 'sorted':
+            p[0] = _iterable.SortedThis()
+        elif p[1].startswith("split("):
+            p[0] = _string.Split(p[1])
+        elif p[1].startswith("sub("):
+            p[0] = _string.Sub(p[1])
+        elif p[1].startswith("str("):
+            p[0] = _string.Str(p[1])
+        else:
+            super(ExtentedJsonPathParser, self).p_jsonpath_named_operator(p)
+
+    def p_expression(self, p):
+        """expression : jsonpath
+                      | jsonpath FILTER_OP ID
+                      | jsonpath FILTER_OP FLOAT
+                      | jsonpath FILTER_OP NUMBER
+                      | jsonpath FILTER_OP BOOL
+        """
+        if len(p) == 2:
+            left, op, right = p[1], None, None
+        else:
+            __, left, op, right = p
+        p[0] = _filter.Expression(left, op, right)
+
+    def p_expressions_expression(self, p):
+        "expressions : expression"
+        p[0] = [p[1]]
+
+    def p_expressions_and(self, p):
+        "expressions : expressions '&' expressions"
+        # TODO(sileht): implements '|'
+        p[0] = p[1] + p[3]
+
+    def p_expressions_parens(self, p):
+        "expressions : '(' expressions ')'"
+        p[0] = p[2]
+
+    def p_filter(self, p):
+        "filter : '?' expressions "
+        p[0] = _filter.Filter(p[2])
+
+    def p_jsonpath_filter(self, p):
+        "jsonpath : jsonpath '[' filter ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_sort(self, p):
+        "sort : SORT_DIRECTION jsonpath"
+        p[0] = (p[2], p[1] != "/")
+
+    def p_sorts_sort(self, p):
+        "sorts : sort"
+        p[0] = [p[1]]
+
+    def p_sorts_comma(self, p):
+        "sorts : sorts sorts"
+        p[0] = p[1] + p[2]
+
+    def p_jsonpath_sort(self, p):
+        "jsonpath : jsonpath '[' sorts ']'"
+        sort = _iterable.SortedThis(p[3])
+        p[0] = Child(p[1], sort)
+
+    def p_jsonpath_this(self, p):
+        "jsonpath : '@'"
+        p[0] = This()
+
+    precedence = [
+        ('left', '+', '-'),
+        ('left', '*', '/'),
+    ] + parser.JsonPathParser.precedence + [
+        ('nonassoc', 'ID'),
+    ]
+
+
+def parse(path, debug=False):
+    return ExtentedJsonPathParser(debug=debug).parse(path)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
new file mode 100644
index 000000000..1cd27632d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
@@ -0,0 +1,117 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import re
+from .. import DatumInContext, This
+
+
+SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
+SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+STR = re.compile(r"str\(\)")
+
+
+class DefintionInvalid(Exception):
+    pass
+
+
+class Sub(This):
+    """Regex substituor
+
+    Concrete syntax is '`sub(/regex/, repl)`'
+    """
+
+    def __init__(self, method=None):
+        m = SUB.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.expr = m.group(1).strip()
+        self.repl = m.group(2).strip()
+        self.regex = re.compile(self.expr)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = self.regex.sub(self.repl, datum.value)
+        if value == datum.value:
+            return []
+        else:
+            return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Sub) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`sub(/%s/, %s)`' % (self.expr, self.repl)
+
+
+class Split(This):
+    """String splitter
+
+    Concrete syntax is '`split(char, segment, max_split)`'
+    """
+
+    def __init__(self, method=None):
+        m = SPLIT.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.char = m.group(1)
+        self.segment = int(m.group(2))
+        self.max_split = int(m.group(3))
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = datum.value.split(self.char, self.max_split)[self.segment]
+        except Exception:
+            return []
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Split) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`%s`' % self.method
+
+
+class Str(This):
+    """String converter
+
+    Concrete syntax is '`str()`'
+    """
+
+    def __init__(self, method=None):
+        m = STR.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = str(datum.value)
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Str) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`str()`'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
new file mode 100644
index 000000000..19e5a9eb3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
@@ -0,0 +1,815 @@
+import logging
+from itertools import *  # noqa
+from jsonpath_ng.lexer import JsonPathLexer
+
+# Get logger name
+logger = logging.getLogger(__name__)
+
+# Turn on/off the automatic creation of id attributes
+# ... could be a kwarg pervasively but uses are rare and simple today
+auto_id_field = None
+
+NOT_SET = object()
+LIST_KEY = object()
+
+
+class JSONPath:
+    """
+    The base class for JSONPath abstract syntax; those
+    methods stubbed here are the interface to supported
+    JSONPath semantics.
+    """
+
+    def find(self, data):
+        """
+        All `JSONPath` types support `find()`, which returns an iterable of `DatumInContext`s.
+        They keep track of the path followed to the current location, so if the calling code
+        has some opinion about that, it can be passed in here as a starting point.
+        """
+        raise NotImplementedError()
+
+    def find_or_create(self, data):
+        return self.find(data)
+
+    def update(self, data, val):
+        """
+        Returns `data` with the specified path replaced by `val`. Only updates
+        if the specified path exists.
+        """
+
+        raise NotImplementedError()
+
+    def update_or_create(self, data, val):
+        return self.update(data, val)
+
+    def filter(self, fn, data):
+        """
+        Returns `data` with the specified path filtering nodes according
+        the filter evaluation result returned by the filter function.
+
+        Arguments:
+            fn (function): unary function that accepts one argument
+                and returns bool.
+            data (dict|list|tuple): JSON object to filter.
+        """
+
+        raise NotImplementedError()
+
+    def child(self, child):
+        """
+        Equivalent to Child(self, next) but with some canonicalization
+        """
+        if isinstance(self, This) or isinstance(self, Root):
+            return child
+        elif isinstance(child, This):
+            return self
+        elif isinstance(child, Root):
+            return child
+        else:
+            return Child(self, child)
+
+    def make_datum(self, value):
+        if isinstance(value, DatumInContext):
+            return value
+        else:
+            return DatumInContext(value, path=Root(), context=None)
+
+
+class DatumInContext:
+    """
+    Represents a datum along a path from a context.
+
+    Essentially a zipper but with a structure represented by JsonPath,
+    and where the context is more of a parent pointer than a proper
+    representation of the context.
+
+    For quick-and-dirty work, this proxies any non-special attributes
+    to the underlying datum, but the actual datum can (and usually should)
+    be retrieved via the `value` attribute.
+
+    To place `datum` within another, use `datum.in_context(context=..., path=...)`
+    which extends the path. If the datum already has a context, it places the entire
+    context within that passed in, so an object can be built from the inside
+    out.
+    """
+    @classmethod
+    def wrap(cls, data):
+        if isinstance(data, cls):
+            return data
+        else:
+            return cls(data)
+
+    def __init__(self, value, path=None, context=None):
+        self.value = value
+        self.path = path or This()
+        self.context = None if context is None else DatumInContext.wrap(context)
+
+    def in_context(self, context, path):
+        context = DatumInContext.wrap(context)
+
+        if self.context:
+            return DatumInContext(value=self.value, path=self.path, context=context.in_context(path=path, context=context))
+        else:
+            return DatumInContext(value=self.value, path=path, context=context)
+
+    @property
+    def full_path(self):
+        return self.path if self.context is None else self.context.full_path.child(self.path)
+
+    @property
+    def id_pseudopath(self):
+        """
+        Looks like a path, but with ids stuck in when available
+        """
+        try:
+            pseudopath = Fields(str(self.value[auto_id_field]))
+        except (TypeError, AttributeError, KeyError): # This may not be all the interesting exceptions
+            pseudopath = self.path
+
+        if self.context:
+            return self.context.id_pseudopath.child(pseudopath)
+        else:
+            return pseudopath
+
+    def __repr__(self):
+        return '%s(value=%r, path=%r, context=%r)' % (self.__class__.__name__, self.value, self.path, self.context)
+
+    def __eq__(self, other):
+        return isinstance(other, DatumInContext) and other.value == self.value and other.path == self.path and self.context == other.context
+
+
+class AutoIdForDatum(DatumInContext):
+    """
+    This behaves like a DatumInContext, but the value is
+    always the path leading up to it, not including the "id",
+    and with any "id" fields along the way replacing the prior
+    segment of the path
+
+    For example, it will make "foo.bar.id" return a datum
+    that behaves like DatumInContext(value="foo.bar", path="foo.bar.id").
+
+    This is disabled by default; it can be turned on by
+    settings the `auto_id_field` global to a value other
+    than `None`.
+    """
+
+    def __init__(self, datum, id_field=None):
+        """
+        Invariant is that datum.path is the path from context to datum. The auto id
+        will either be the id in the datum (if present) or the id of the context
+        followed by the path to the datum.
+
+        The path to this datum is always the path to the context, the path to the
+        datum, and then the auto id field.
+        """
+        self.datum = datum
+        self.id_field = id_field or auto_id_field
+
+    @property
+    def value(self):
+        return str(self.datum.id_pseudopath)
+
+    @property
+    def path(self):
+        return self.id_field
+
+    @property
+    def context(self):
+        return self.datum
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.datum)
+
+    def in_context(self, context, path):
+        return AutoIdForDatum(self.datum.in_context(context=context, path=path))
+
+    def __eq__(self, other):
+        return isinstance(other, AutoIdForDatum) and other.datum == self.datum and self.id_field == other.id_field
+
+
+class Root(JSONPath):
+    """
+    The JSONPath referring to the "root" object. Concrete syntax is '$'.
+    The root is the topmost datum without any context attached.
+    """
+
+    def find(self, data):
+        if not isinstance(data, DatumInContext):
+            return [DatumInContext(data, path=Root(), context=None)]
+        else:
+            if data.context is None:
+                return [DatumInContext(data.value, context=None, path=Root())]
+            else:
+                return Root().find(data.context)
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '$'
+
+    def __repr__(self):
+        return 'Root()'
+
+    def __eq__(self, other):
+        return isinstance(other, Root)
+
+    def __hash__(self):
+        return hash('$')
+
+
+class This(JSONPath):
+    """
+    The JSONPath referring to the current datum. Concrete syntax is '@'.
+    """
+
+    def find(self, datum):
+        return [DatumInContext.wrap(datum)]
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '`this`'
+
+    def __repr__(self):
+        return 'This()'
+
+    def __eq__(self, other):
+        return isinstance(other, This)
+
+    def __hash__(self):
+        return hash('this')
+
+
+class Child(JSONPath):
+    """
+    JSONPath that first matches the left, then the right.
+    Concrete syntax is <left> '.' <right>
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        """
+        Extra special case: auto ids do not have children,
+        so cut it off right now rather than auto id the auto id
+        """
+
+        return [submatch
+                for subdata in self.left.find(datum)
+                if not isinstance(subdata, AutoIdForDatum)
+                for submatch in self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.left.find(data):
+            self.right.update(datum.value, val)
+        return data
+
+    def find_or_create(self, datum):
+        datum = DatumInContext.wrap(datum)
+        submatches = []
+        for subdata in self.left.find_or_create(datum):
+            if isinstance(subdata, AutoIdForDatum):
+                # Extra special case: auto ids do not have children,
+                # so cut it off right now rather than auto id the auto id
+                continue
+            for submatch in self.right.find_or_create(subdata):
+                submatches.append(submatch)
+        return submatches
+
+    def update_or_create(self, data, val):
+        for datum in self.left.find_or_create(data):
+            self.right.update_or_create(datum.value, val)
+        return _clean_list_keys(data)
+
+    def filter(self, fn, data):
+        for datum in self.left.find(data):
+            self.right.filter(fn, datum.value)
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Child) and self.left == other.left and self.right == other.right
+
+    def __str__(self):
+        return '%s.%s' % (self.left, self.right)
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Parent(JSONPath):
+    """
+    JSONPath that matches the parent node of the current match.
+    Will crash if no such parent exists.
+    Available via named operator `parent`.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        return [datum.context]
+
+    def __eq__(self, other):
+        return isinstance(other, Parent)
+
+    def __str__(self):
+        return '`parent`'
+
+    def __repr__(self):
+        return 'Parent()'
+
+    def __hash__(self):
+        return hash('parent')
+
+
+class Where(JSONPath):
+    """
+    JSONPath that first matches the left, and then
+    filters for only those nodes that have
+    a match on the right.
+
+    WARNING: Subject to change. May want to have "contains"
+    or some other better word for it.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data) if self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        for datum in self.find(data):
+            datum.path.filter(fn, datum.value)
+        return data
+
+    def __str__(self):
+        return '%s where %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Where) and other.left == self.left and other.right == self.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Descendants(JSONPath):
+    """
+    JSONPath that matches first the left expression then any descendant
+    of it which matches the right expression.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        # <left> .. <right> ==> <left> . (<right> | *..<right> | [*]..<right>)
+        #
+        # With with a wonky caveat that since Slice() has funky coercions
+        # we cannot just delegate to that equivalence or we'll hit an
+        # infinite loop. So right here we implement the coercion-free version.
+
+        # Get all left matches into a list
+        left_matches = self.left.find(datum)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def match_recursively(datum):
+            right_matches = self.right.find(datum)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(datum.value, list):
+                recursive_matches = [submatch
+                                     for i in range(0, len(datum.value))
+                                     for submatch in match_recursively(DatumInContext(datum.value[i], context=datum, path=Index(i)))]
+
+            elif isinstance(datum.value, dict):
+                recursive_matches = [submatch
+                                     for field in datum.value.keys()
+                                     for submatch in match_recursively(DatumInContext(datum.value[field], context=datum, path=Fields(field)))]
+
+            else:
+                recursive_matches = []
+
+            return right_matches + list(recursive_matches)
+
+        # TODO: repeatable iterator instead of list?
+        return [submatch
+                for left_match in left_matches
+                for submatch in match_recursively(left_match)]
+
+    def is_singular(self):
+        return False
+
+    def update(self, data, val):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def update_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.update(data, val)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    update_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    update_recursively(data[field])
+
+        for submatch in left_matches:
+            update_recursively(submatch.value)
+
+        return data
+
+    def filter(self, fn, data):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def filter_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.filter(fn, data)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    filter_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    filter_recursively(data[field])
+
+        for submatch in left_matches:
+            filter_recursively(submatch.value)
+
+        return data
+
+    def __str__(self):
+        return '%s..%s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Descendants) and self.left == other.left and self.right == other.right
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Union(JSONPath):
+    """
+    JSONPath that returns the union of the results of each match.
+    This is pretty shoddily implemented for now. The nicest semantics
+    in case of mismatched bits (list vs atomic) is to put
+    them all in a list, but I haven't done that yet.
+
+    WARNING: Any appearance of this being the _concatenation_ is
+    coincidence. It may even be a bug! (or laziness)
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        return self.left.find(data) + self.right.find(data)
+
+    def __eq__(self, other):
+        return isinstance(other, Union) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Intersect(JSONPath):
+    """
+    JSONPath for bits that match *both* patterns.
+
+    This can be accomplished a couple of ways. The most
+    efficient is to actually build the intersected
+    AST as in building a state machine for matching the
+    intersection of regular languages. The next
+    idea is to build a filtered data and match against
+    that.
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        raise NotImplementedError()
+
+    def __eq__(self, other):
+        return isinstance(other, Intersect) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Fields(JSONPath):
+    """
+    JSONPath referring to some field of the current object.
+    Concrete syntax ix comma-separated field names.
+
+    WARNING: If '*' is any of the field names, then they will
+    all be returned.
+    """
+
+    def __init__(self, *fields):
+        self.fields = fields
+
+    @staticmethod
+    def get_field_datum(datum, field, create):
+        if field == auto_id_field:
+            return AutoIdForDatum(datum)
+        try:
+            field_value = datum.value.get(field, NOT_SET)
+            if field_value is NOT_SET:
+                if create:
+                    datum.value[field] = field_value = {}
+                else:
+                    return None
+            return DatumInContext(field_value, path=Fields(field), context=datum)
+        except (TypeError, AttributeError):
+            return None
+
+    def reified_fields(self, datum):
+        if '*' not in self.fields:
+            return self.fields
+        else:
+            try:
+                fields = tuple(datum.value.keys())
+                return fields if auto_id_field is None else fields + (auto_id_field,)
+            except AttributeError:
+                return ()
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        field_data = [self.get_field_datum(datum, field, create)
+                      for field in self.reified_fields(datum)]
+        return [fd for fd in field_data if fd is not None]
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field not in data and create:
+                    data[field] = {}
+                if field in data:
+                    if hasattr(val, '__call__'):
+                        data[field] = val(data[field], data, field)
+                    else:
+                        data[field] = val
+        return data
+
+    def filter(self, fn, data):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field in data:
+                    if fn(data[field]):
+                        data.pop(field)
+        return data
+
+    def __str__(self):
+        # If any JsonPathLexer.literals are included in field name need quotes
+        # This avoids unnecessary quotes to keep strings short.
+        # Test each field whether it contains a literal and only then add quotes
+        # The test loops over all literals, could possibly optimize to short circuit if one found
+        fields_as_str = ("'" + str(f) + "'" if any([l in f for l in JsonPathLexer.literals]) else
+                         str(f) for f in self.fields)
+        return ','.join(fields_as_str)
+
+
+    def __repr__(self):
+        return '%s(%s)' % (self.__class__.__name__, ','.join(map(repr, self.fields)))
+
+    def __eq__(self, other):
+        return isinstance(other, Fields) and tuple(self.fields) == tuple(other.fields)
+
+    def __hash__(self):
+        return hash(tuple(self.fields))
+
+
+class Index(JSONPath):
+    """
+    JSONPath that matches indices of the current datum, or none if not large enough.
+    Concrete syntax is brackets.
+
+    WARNING: If the datum is None or not long enough, it will not crash but will not match anything.
+    NOTE: For the concrete syntax of `[*]`, the abstract syntax is a Slice() with no parameters (equiv to `[:]`
+    """
+
+    def __init__(self, index):
+        self.index = index
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        if create:
+            if datum.value == {}:
+                datum.value = _create_list_key(datum.value)
+            self._pad_value(datum.value)
+        if datum.value and len(datum.value) > self.index:
+            return [DatumInContext(datum.value[self.index], path=self, context=datum)]
+        else:
+            return []
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if create:
+            if data == {}:
+                data = _create_list_key(data)
+            self._pad_value(data)
+        if hasattr(val, '__call__'):
+            data[self.index] = val.__call__(data[self.index], data, self.index)
+        elif len(data) > self.index:
+            data[self.index] = val
+        return data
+
+    def filter(self, fn, data):
+        if fn(data[self.index]):
+            data.pop(self.index)  # relies on mutation :(
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Index) and self.index == other.index
+
+    def __str__(self):
+        return '[%i]' % self.index
+
+    def __repr__(self):
+        return '%s(index=%r)' % (self.__class__.__name__, self.index)
+
+    def _pad_value(self, value):
+        if len(value) <= self.index:
+            pad = self.index - len(value) + 1
+            value += [{} for __ in range(pad)]
+
+    def __hash__(self):
+        return hash(self.index)
+
+
+class Slice(JSONPath):
+    """
+    JSONPath matching a slice of an array.
+
+    Because of a mismatch between JSON and XML when schema-unaware,
+    this always returns an iterable; if the incoming data
+    was not a list, then it returns a one element list _containing_ that
+    data.
+
+    Consider these two docs, and their schema-unaware translation to JSON:
+
+    <a><b>hello</b></a> ==> {"a": {"b": "hello"}}
+    <a><b>hello</b><b>goodbye</b></a> ==> {"a": {"b": ["hello", "goodbye"]}}
+
+    If there were a schema, it would be known that "b" should always be an
+    array (unless the schema were wonky, but that is too much to fix here)
+    so when querying with JSON if the one writing the JSON knows that it
+    should be an array, they can write a slice operator and it will coerce
+    a non-array value to an array.
+
+    This may be a bit unfortunate because it would be nice to always have
+    an iterator, but dictionaries and other objects may also be iterable,
+    so this is the compromise.
+    """
+    def __init__(self, start=None, end=None, step=None):
+        self.start = start
+        self.end = end
+        self.step = step
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+
+        # Used for catching null value instead of empty list in path
+        if not datum.value:
+            return []
+        # Here's the hack. If it is a dictionary or some kind of constant,
+        # put it in a single-element list
+        if (isinstance(datum.value, dict) or isinstance(datum.value, int) or isinstance(datum.value, str)):
+            return self.find(DatumInContext([datum.value], path=datum.path, context=datum.context))
+
+        # Some iterators do not support slicing but we can still
+        # at least work for '*'
+        if self.start is None and self.end is None and self.step is None:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))]
+        else:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))[self.start:self.end:self.step]]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        while True:
+            length = len(data)
+            for datum in self.find(data):
+                data = datum.path.filter(fn, data)
+                if len(data) < length:
+                    break
+
+            if length == len(data):
+                break
+        return data
+
+    def __str__(self):
+        if self.start is None and self.end is None and self.step is None:
+            return '[*]'
+        else:
+            return '[%s%s%s]' % (self.start or '',
+                                   ':%d'%self.end if self.end else '',
+                                   ':%d'%self.step if self.step else '')
+
+    def __repr__(self):
+        return '%s(start=%r,end=%r,step=%r)' % (self.__class__.__name__, self.start, self.end, self.step)
+
+    def __eq__(self, other):
+        return isinstance(other, Slice) and other.start == self.start and self.end == other.end and other.step == self.step
+
+    def __hash__(self):
+        return hash((self.start, self.end, self.step))
+
+
+def _create_list_key(dict_):
+    """
+    Adds a list to a dictionary by reference and returns the list.
+
+    See `_clean_list_keys()`
+    """
+    dict_[LIST_KEY] = new_list = [{}]
+    return new_list
+
+
+def _clean_list_keys(struct_):
+    """
+    Replace {LIST_KEY: ['foo', 'bar']} with ['foo', 'bar'].
+
+    >>> _clean_list_keys({LIST_KEY: ['foo', 'bar']})
+    ['foo', 'bar']
+
+    """
+    if(isinstance(struct_, list)):
+        for ind, value in enumerate(struct_):
+            struct_[ind] = _clean_list_keys(value)
+    elif(isinstance(struct_, dict)):
+        if(LIST_KEY in struct_):
+            return _clean_list_keys(struct_[LIST_KEY])
+        else:
+            for key, value in struct_.items():
+                struct_[key] = _clean_list_keys(value)
+    return struct_
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
new file mode 100644
index 000000000..b2ad5ee6d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
@@ -0,0 +1,171 @@
+import sys
+import logging
+
+import ply.lex
+
+from jsonpath_ng.exceptions import JsonPathLexerError
+
+logger = logging.getLogger(__name__)
+
+
+class JsonPathLexer:
+    '''
+    A Lexical analyzer for JsonPath.
+    '''
+
+    def __init__(self, debug=False):
+        self.debug = debug
+        if self.__doc__ is None:
+            raise JsonPathLexerError('Docstrings have been removed! By design of PLY, jsonpath-rw requires docstrings. You must not use PYTHONOPTIMIZE=2 or python -OO.')
+
+    def tokenize(self, string):
+        '''
+        Maps a string to an iterator over tokens. In other words: [char] -> [token]
+        '''
+
+        new_lexer = ply.lex.lex(module=self, debug=self.debug, errorlog=logger)
+        new_lexer.latest_newline = 0
+        new_lexer.string_value = None
+        new_lexer.input(string)
+
+        while True:
+            t = new_lexer.token()
+            if t is None:
+                break
+            t.col = t.lexpos - new_lexer.latest_newline
+            yield t
+
+        if new_lexer.string_value is not None:
+            raise JsonPathLexerError('Unexpected EOF in string literal or identifier')
+
+    # ============== PLY Lexer specification ==================
+    #
+    # This probably should be private but:
+    #   - the parser requires access to `tokens` (perhaps they should be defined in a third, shared dependency)
+    #   - things like `literals` might be a legitimate part of the public interface.
+    #
+    # Anyhow, it is pythonic to give some rope to hang oneself with :-)
+
+    literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
+
+    reserved_words = { 'where': 'WHERE' }
+
+    tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
+
+    states = [ ('singlequote', 'exclusive'),
+               ('doublequote', 'exclusive'),
+               ('backquote', 'exclusive') ]
+
+    # Normal lexing, rather easy
+    t_DOUBLEDOT = r'\.\.'
+    t_ignore = ' \t'
+
+    def t_ID(self, t):
+        r'[a-zA-Z_@][a-zA-Z0-9_@\-]*'
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_NUMBER(self, t):
+        r'-?\d+'
+        t.value = int(t.value)
+        return t
+
+
+    # Single-quoted strings
+    t_singlequote_ignore = ''
+    def t_singlequote(self, t):
+        r"'"
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('singlequote')
+
+    def t_singlequote_content(self, t):
+        r"[^'\\]+"
+        t.lexer.string_value += t.value
+
+    def t_singlequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_singlequote_end(self, t):
+        r"'"
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_singlequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing singlequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Double-quoted strings
+    t_doublequote_ignore = ''
+    def t_doublequote(self, t):
+        r'"'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('doublequote')
+
+    def t_doublequote_content(self, t):
+        r'[^"\\]+'
+        t.lexer.string_value += t.value
+
+    def t_doublequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_doublequote_end(self, t):
+        r'"'
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_doublequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing doublequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Back-quoted "magic" operators
+    t_backquote_ignore = ''
+    def t_backquote(self, t):
+        r'`'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('backquote')
+
+    def t_backquote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_backquote_content(self, t):
+        r"[^`\\]+"
+        t.lexer.string_value += t.value
+
+    def t_backquote_end(self, t):
+        r'`'
+        t.value = t.lexer.string_value
+        t.type = 'NAMED_OPERATOR'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_backquote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing backquoted operator: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Counting lines, handling errors
+    def t_newline(self, t):
+        r'\n'
+        t.lexer.lineno += 1
+        t.lexer.latest_newline = t.lexpos
+
+    def t_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    lexer = JsonPathLexer(debug=True)
+    for token in lexer.tokenize(sys.stdin.read()):
+        print('%-20s%s' % (token.value, token.type))
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
new file mode 100644
index 000000000..87e353ebf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
@@ -0,0 +1,199 @@
+import logging
+import sys
+import os.path
+
+import ply.yacc
+
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.jsonpath import *
+from jsonpath_ng.lexer import JsonPathLexer
+
+logger = logging.getLogger(__name__)
+
+
+def parse(string):
+    return JsonPathParser().parse(string)
+
+
+class JsonPathParser:
+    '''
+    An LALR-parser for JsonPath
+    '''
+
+    tokens = JsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        if self.__doc__ is None:
+            raise JsonPathParserError(
+                'Docstrings have been removed! By design of PLY, '
+                'jsonpath-rw requires docstrings. You must not use '
+                'PYTHONOPTIMIZE=2 or python -OO.'
+            )
+
+        self.debug = debug
+        self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+
+        # Since PLY has some crufty aspects and dumps files, we try to keep them local
+        # However, we need to derive the name of the output Python file :-/
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+
+        # And we regenerate the parse table every time;
+        # it doesn't actually take that long!
+        new_parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule = parsing_table_module,
+                                   outputdir = output_directory,
+                                   write_tables=0,
+                                   start = start_symbol,
+                                   errorlog = logger)
+
+        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+    # ===================== PLY Parser specification =====================
+
+    precedence = [
+        ('left', ','),
+        ('left', 'DOUBLEDOT'),
+        ('left', '.'),
+        ('left', '|'),
+        ('left', '&'),
+        ('left', 'WHERE'),
+    ]
+
+    def p_error(self, t):
+        if t is None:
+            raise JsonPathParserError('Parse error near the end of string!')
+        raise JsonPathParserError('Parse error at %s:%s near token %s (%s)'
+                                  % (t.lineno, t.col, t.value, t.type))
+
+    def p_jsonpath_binop(self, p):
+        """jsonpath : jsonpath '.' jsonpath
+                    | jsonpath DOUBLEDOT jsonpath
+                    | jsonpath WHERE jsonpath
+                    | jsonpath '|' jsonpath
+                    | jsonpath '&' jsonpath"""
+        op = p[2]
+
+        if op == '.':
+            p[0] = Child(p[1], p[3])
+        elif op == '..':
+            p[0] = Descendants(p[1], p[3])
+        elif op == 'where':
+            p[0] = Where(p[1], p[3])
+        elif op == '|':
+            p[0] = Union(p[1], p[3])
+        elif op == '&':
+            p[0] = Intersect(p[1], p[3])
+
+    def p_jsonpath_fields(self, p):
+        "jsonpath : fields_or_any"
+        p[0] = Fields(*p[1])
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'this':
+            p[0] = This()
+        elif p[1] == 'parent':
+            p[0] = Parent()
+        else:
+            raise JsonPathParserError('Unknown named operator `%s` at %s:%s'
+                                      % (p[1], p.lineno(1), p.lexpos(1)))
+
+    def p_jsonpath_root(self, p):
+        "jsonpath : '$'"
+        p[0] = Root()
+
+    def p_jsonpath_idx(self, p):
+        "jsonpath : '[' idx ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_slice(self, p):
+        "jsonpath : '[' slice ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_fieldbrackets(self, p):
+        "jsonpath : '[' fields ']'"
+        p[0] = Fields(*p[2])
+
+    def p_jsonpath_child_fieldbrackets(self, p):
+        "jsonpath : jsonpath '[' fields ']'"
+        p[0] = Child(p[1], Fields(*p[3]))
+
+    def p_jsonpath_child_idxbrackets(self, p):
+        "jsonpath : jsonpath '[' idx ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_child_slicebrackets(self, p):
+        "jsonpath : jsonpath '[' slice ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_parens(self, p):
+        "jsonpath : '(' jsonpath ')'"
+        p[0] = p[2]
+
+    # Because fields in brackets cannot be '*' - that is reserved for array indices
+    def p_fields_or_any(self, p):
+        """fields_or_any : fields
+                         | '*'    """
+        if p[1] == '*':
+            p[0] = ['*']
+        else:
+            p[0] = p[1]
+
+    def p_fields_id(self, p):
+        "fields : ID"
+        p[0] = [p[1]]
+
+    def p_fields_comma(self, p):
+        "fields : fields ',' fields"
+        p[0] = p[1] + p[3]
+
+    def p_idx(self, p):
+        "idx : NUMBER"
+        p[0] = Index(p[1])
+
+    def p_slice_any(self, p):
+        "slice : '*'"
+        p[0] = Slice()
+
+    def p_slice(self, p): # Currently does not support `step`
+        """slice : maybe_int ':' maybe_int
+                 | maybe_int ':' maybe_int ':' maybe_int """
+        p[0] = Slice(*p[1::2])
+
+    def p_maybe_int(self, p):
+        """maybe_int : NUMBER
+                     | empty"""
+        p[0] = p[1]
+
+    def p_empty(self, p):
+        'empty :'
+        p[0] = None
+
+class IteratorToTokenStream:
+    def __init__(self, iterator):
+        self.iterator = iterator
+
+    def token(self):
+        try:
+            return next(self.iterator)
+        except StopIteration:
+            return None
+
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    parser = JsonPathParser(debug=True)
+    print(parser.parse(sys.stdin.read()))
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
new file mode 100644
index 000000000..b40f24c66
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
@@ -0,0 +1,332 @@
+import functools
+import string
+import sys
+import typing as t
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+    _P = te.ParamSpec("_P")
+
+
+__version__ = "2.1.5"
+
+
+def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
+    @functools.wraps(func)
+    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
+        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
+        _escape_argspec(kwargs, kwargs.items(), self.escape)
+        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+
+    return wrapped  # type: ignore[return-value]
+
+
+class Markup(str):
+    """A string that is ready to be safely inserted into an HTML or XML
+    document, either because it was escaped or because it was marked
+    safe.
+
+    Passing an object to the constructor converts it to text and wraps
+    it to mark it safe without escaping. To escape the text, use the
+    :meth:`escape` class method instead.
+
+    >>> Markup("Hello, <em>World</em>!")
+    Markup('Hello, <em>World</em>!')
+    >>> Markup(42)
+    Markup('42')
+    >>> Markup.escape("Hello, <em>World</em>!")
+    Markup('Hello &lt;em&gt;World&lt;/em&gt;!')
+
+    This implements the ``__html__()`` interface that some frameworks
+    use. Passing an object that implements ``__html__()`` will wrap the
+    output of that method, marking it safe.
+
+    >>> class Foo:
+    ...     def __html__(self):
+    ...         return '<a href="/foo">foo</a>'
+    ...
+    >>> Markup(Foo())
+    Markup('<a href="/foo">foo</a>')
+
+    This is a subclass of :class:`str`. It has the same methods, but
+    escapes their arguments and returns a ``Markup`` instance.
+
+    >>> Markup("<em>%s</em>") % ("foo & bar",)
+    Markup('<em>foo &amp; bar</em>')
+    >>> Markup("<em>Hello</em> ") + "<foo>"
+    Markup('<em>Hello</em> &lt;foo&gt;')
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
+    ) -> "te.Self":
+        if hasattr(base, "__html__"):
+            base = base.__html__()
+
+        if encoding is None:
+            return super().__new__(cls, base)
+
+        return super().__new__(cls, base, encoding, errors)
+
+    def __html__(self) -> "te.Self":
+        return self
+
+    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.__class__(super().__add__(self.escape(other)))
+
+        return NotImplemented
+
+    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.escape(other).__add__(self)
+
+        return NotImplemented
+
+    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
+        if isinstance(num, int):
+            return self.__class__(super().__mul__(num))
+
+        return NotImplemented
+
+    __rmul__ = __mul__
+
+    def __mod__(self, arg: t.Any) -> "te.Self":
+        if isinstance(arg, tuple):
+            # a tuple of arguments, each wrapped
+            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
+        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            # a mapping of arguments, wrapped
+            arg = _MarkupEscapeHelper(arg, self.escape)
+        else:
+            # a single argument, wrapped with the helper and a tuple
+            arg = (_MarkupEscapeHelper(arg, self.escape),)
+
+        return self.__class__(super().__mod__(arg))
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({super().__repr__()})"
+
+    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
+        return self.__class__(super().join(map(self.escape, seq)))
+
+    join.__doc__ = str.join.__doc__
+
+    def split(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().split(sep, maxsplit)]
+
+    split.__doc__ = str.split.__doc__
+
+    def rsplit(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
+
+    rsplit.__doc__ = str.rsplit.__doc__
+
+    def splitlines(  # type: ignore[override]
+        self, keepends: bool = False
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().splitlines(keepends)]
+
+    splitlines.__doc__ = str.splitlines.__doc__
+
+    def unescape(self) -> str:
+        """Convert escaped markup back into a text string. This replaces
+        HTML entities with the characters they represent.
+
+        >>> Markup("Main &raquo; <em>About</em>").unescape()
+        'Main » <em>About</em>'
+        """
+        from html import unescape
+
+        return unescape(str(self))
+
+    def striptags(self) -> str:
+        """:meth:`unescape` the markup, remove tags, and normalize
+        whitespace to single spaces.
+
+        >>> Markup("Main &raquo;\t<em>About</em>").striptags()
+        'Main » About'
+        """
+        value = str(self)
+
+        # Look for comments then tags separately. Otherwise, a comment that
+        # contains a tag would end early, leaving some of the comment behind.
+
+        while True:
+            # keep finding comment start marks
+            start = value.find("<!--")
+
+            if start == -1:
+                break
+
+            # find a comment end mark beyond the start, otherwise stop
+            end = value.find("-->", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 3:]}"
+
+        # remove tags using the same method
+        while True:
+            start = value.find("<")
+
+            if start == -1:
+                break
+
+            end = value.find(">", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 1:]}"
+
+        # collapse spaces
+        value = " ".join(value.split())
+        return self.__class__(value).unescape()
+
+    @classmethod
+    def escape(cls, s: t.Any) -> "te.Self":
+        """Escape a string. Calls :func:`escape` and ensures that for
+        subclasses the correct type is returned.
+        """
+        rv = escape(s)
+
+        if rv.__class__ is not cls:
+            return cls(rv)
+
+        return rv  # type: ignore[return-value]
+
+    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
+    capitalize = _simple_escaping_wrapper(str.capitalize)
+    title = _simple_escaping_wrapper(str.title)
+    lower = _simple_escaping_wrapper(str.lower)
+    upper = _simple_escaping_wrapper(str.upper)
+    replace = _simple_escaping_wrapper(str.replace)
+    ljust = _simple_escaping_wrapper(str.ljust)
+    rjust = _simple_escaping_wrapper(str.rjust)
+    lstrip = _simple_escaping_wrapper(str.lstrip)
+    rstrip = _simple_escaping_wrapper(str.rstrip)
+    center = _simple_escaping_wrapper(str.center)
+    strip = _simple_escaping_wrapper(str.strip)
+    translate = _simple_escaping_wrapper(str.translate)
+    expandtabs = _simple_escaping_wrapper(str.expandtabs)
+    swapcase = _simple_escaping_wrapper(str.swapcase)
+    zfill = _simple_escaping_wrapper(str.zfill)
+    casefold = _simple_escaping_wrapper(str.casefold)
+
+    if sys.version_info >= (3, 9):
+        removeprefix = _simple_escaping_wrapper(str.removeprefix)
+        removesuffix = _simple_escaping_wrapper(str.removesuffix)
+
+    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().partition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().rpartition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, args, kwargs))
+
+    def format_map(  # type: ignore[override]
+        self, map: t.Mapping[str, t.Any]
+    ) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, (), map))
+
+    def __html_format__(self, format_spec: str) -> "te.Self":
+        if format_spec:
+            raise ValueError("Unsupported format specification for Markup.")
+
+        return self
+
+
+class EscapeFormatter(string.Formatter):
+    __slots__ = ("escape",)
+
+    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.escape = escape
+        super().__init__()
+
+    def format_field(self, value: t.Any, format_spec: str) -> str:
+        if hasattr(value, "__html_format__"):
+            rv = value.__html_format__(format_spec)
+        elif hasattr(value, "__html__"):
+            if format_spec:
+                raise ValueError(
+                    f"Format specifier {format_spec} given, but {type(value)} does not"
+                    " define __html_format__. A class that defines __html__ must define"
+                    " __html_format__ to work with format specifiers."
+                )
+            rv = value.__html__()
+        else:
+            # We need to make sure the format spec is str here as
+            # otherwise the wrong callback methods are invoked.
+            rv = string.Formatter.format_field(self, value, str(format_spec))
+        return str(self.escape(rv))
+
+
+_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
+
+
+def _escape_argspec(
+    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
+) -> _ListOrDict:
+    """Helper for various string-wrapped functions."""
+    for key, value in iterable:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            obj[key] = escape(value)
+
+    return obj
+
+
+class _MarkupEscapeHelper:
+    """Helper for :meth:`Markup.__mod__`."""
+
+    __slots__ = ("obj", "escape")
+
+    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.obj = obj
+        self.escape = escape
+
+    def __getitem__(self, item: t.Any) -> "te.Self":
+        return self.__class__(self.obj[item], self.escape)
+
+    def __str__(self) -> str:
+        return str(self.escape(self.obj))
+
+    def __repr__(self) -> str:
+        return str(self.escape(repr(self.obj)))
+
+    def __int__(self) -> int:
+        return int(self.obj)
+
+    def __float__(self) -> float:
+        return float(self.obj)
+
+
+# circular import
+try:
+    from ._speedups import escape as escape
+    from ._speedups import escape_silent as escape_silent
+    from ._speedups import soft_str as soft_str
+except ImportError:
+    from ._native import escape as escape
+    from ._native import escape_silent as escape_silent  # noqa: F401
+    from ._native import soft_str as soft_str  # noqa: F401
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
new file mode 100644
index 000000000..8117b2716
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
@@ -0,0 +1,63 @@
+import typing as t
+
+from . import Markup
+
+
+def escape(s: t.Any) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(
+        str(s)
+        .replace("&", "&amp;")
+        .replace(">", "&gt;")
+        .replace("<", "&lt;")
+        .replace("'", "&#39;")
+        .replace('"', "&#34;")
+    )
+
+
+def escape_silent(s: t.Optional[t.Any]) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
+
+    return escape(s)
+
+
+def soft_str(s: t.Any) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
+
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
+
+    return s
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
new file mode 100644
index 000000000..3c463fb82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
@@ -0,0 +1,320 @@
+#include <Python.h>
+
+static PyObject* markup;
+
+static int
+init_constants(void)
+{
+	PyObject *module;
+
+	/* import markup type so that we can mark the return value */
+	module = PyImport_ImportModule("markupsafe");
+	if (!module)
+		return 0;
+	markup = PyObject_GetAttrString(module, "Markup");
+	Py_DECREF(module);
+
+	return 1;
+}
+
+#define GET_DELTA(inp, inp_end, delta) \
+	while (inp < inp_end) { \
+		switch (*inp++) { \
+		case '"': \
+		case '\'': \
+		case '&': \
+			delta += 4; \
+			break; \
+		case '<': \
+		case '>': \
+			delta += 3; \
+			break; \
+		} \
+	}
+
+#define DO_ESCAPE(inp, inp_end, outp) \
+	{ \
+		Py_ssize_t ncopy = 0; \
+		while (inp < inp_end) { \
+			switch (*inp) { \
+			case '"': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '4'; \
+				*outp++ = ';'; \
+				break; \
+			case '\'': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '9'; \
+				*outp++ = ';'; \
+				break; \
+			case '&': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'a'; \
+				*outp++ = 'm'; \
+				*outp++ = 'p'; \
+				*outp++ = ';'; \
+				break; \
+			case '<': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'l'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			case '>': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'g'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			default: \
+				ncopy++; \
+			} \
+			inp++; \
+		} \
+		memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+	}
+
+static PyObject*
+escape_unicode_kind1(PyUnicodeObject *in)
+{
+	Py_UCS1 *inp = PyUnicode_1BYTE_DATA(in);
+	Py_UCS1 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS1 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta,
+						PyUnicode_IS_ASCII(in) ? 127 : 255);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_1BYTE_DATA(in);
+	outp = PyUnicode_1BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode_kind2(PyUnicodeObject *in)
+{
+	Py_UCS2 *inp = PyUnicode_2BYTE_DATA(in);
+	Py_UCS2 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS2 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 65535);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_2BYTE_DATA(in);
+	outp = PyUnicode_2BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+
+static PyObject*
+escape_unicode_kind4(PyUnicodeObject *in)
+{
+	Py_UCS4 *inp = PyUnicode_4BYTE_DATA(in);
+	Py_UCS4 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS4 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 1114111);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_4BYTE_DATA(in);
+	outp = PyUnicode_4BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode(PyUnicodeObject *in)
+{
+	if (PyUnicode_READY(in))
+		return NULL;
+
+	switch (PyUnicode_KIND(in)) {
+	case PyUnicode_1BYTE_KIND:
+		return escape_unicode_kind1(in);
+	case PyUnicode_2BYTE_KIND:
+		return escape_unicode_kind2(in);
+	case PyUnicode_4BYTE_KIND:
+		return escape_unicode_kind4(in);
+	}
+	assert(0);  /* shouldn't happen */
+	return NULL;
+}
+
+static PyObject*
+escape(PyObject *self, PyObject *text)
+{
+	static PyObject *id_html;
+	PyObject *s = NULL, *rv = NULL, *html;
+
+	if (id_html == NULL) {
+		id_html = PyUnicode_InternFromString("__html__");
+		if (id_html == NULL) {
+			return NULL;
+		}
+	}
+
+	/* we don't have to escape integers, bools or floats */
+	if (PyLong_CheckExact(text) ||
+		PyFloat_CheckExact(text) || PyBool_Check(text) ||
+		text == Py_None)
+		return PyObject_CallFunctionObjArgs(markup, text, NULL);
+
+	/* if the object has an __html__ method that performs the escaping */
+	html = PyObject_GetAttr(text ,id_html);
+	if (html) {
+		s = PyObject_CallObject(html, NULL);
+		Py_DECREF(html);
+		if (s == NULL) {
+			return NULL;
+		}
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
+		return rv;
+	}
+
+	/* otherwise make the object unicode if it isn't, then escape */
+	PyErr_Clear();
+	if (!PyUnicode_Check(text)) {
+		PyObject *unicode = PyObject_Str(text);
+		if (!unicode)
+			return NULL;
+		s = escape_unicode((PyUnicodeObject*)unicode);
+		Py_DECREF(unicode);
+	}
+	else
+		s = escape_unicode((PyUnicodeObject*)text);
+
+	/* convert the unicode string into a markup object. */
+	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+	Py_DECREF(s);
+	return rv;
+}
+
+
+static PyObject*
+escape_silent(PyObject *self, PyObject *text)
+{
+	if (text != Py_None)
+		return escape(self, text);
+	return PyObject_CallFunctionObjArgs(markup, NULL);
+}
+
+
+static PyObject*
+soft_str(PyObject *self, PyObject *s)
+{
+	if (!PyUnicode_Check(s))
+		return PyObject_Str(s);
+	Py_INCREF(s);
+	return s;
+}
+
+
+static PyMethodDef module_methods[] = {
+	{
+		"escape",
+		(PyCFunction)escape,
+		METH_O,
+		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
+		" the string with HTML-safe sequences. Use this if you need to display"
+		" text that might contain such characters in HTML.\n\n"
+		"If the object has an ``__html__`` method, it is called and the"
+		" return value is assumed to already be safe for HTML.\n\n"
+		":param s: An object to be converted to a string and escaped.\n"
+		":return: A :class:`Markup` string with the escaped text.\n"
+	},
+	{
+		"escape_silent",
+		(PyCFunction)escape_silent,
+		METH_O,
+		"Like :func:`escape` but treats ``None`` as the empty string."
+		" Useful with optional values, as otherwise you get the string"
+		" ``'None'`` when the value is ``None``.\n\n"
+		">>> escape(None)\n"
+		"Markup('None')\n"
+		">>> escape_silent(None)\n"
+		"Markup('')\n"
+	},
+	{
+		"soft_str",
+		(PyCFunction)soft_str,
+		METH_O,
+		"Convert an object to a string if it isn't already. This preserves"
+		" a :class:`Markup` string rather than converting it back to a basic"
+		" string, so it will still be marked as safe and won't be escaped"
+		" again.\n\n"
+		">>> value = escape(\"<User 1>\")\n"
+		">>> value\n"
+		"Markup('&lt;User 1&gt;')\n"
+		">>> escape(str(value))\n"
+		"Markup('&amp;lt;User 1&amp;gt;')\n"
+		">>> escape(soft_str(value))\n"
+		"Markup('&lt;User 1&gt;')\n"
+	},
+	{NULL, NULL, 0, NULL}  /* Sentinel */
+};
+
+static struct PyModuleDef module_definition = {
+	PyModuleDef_HEAD_INIT,
+	"markupsafe._speedups",
+	NULL,
+	-1,
+	module_methods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit__speedups(void)
+{
+	if (!init_constants())
+		return NULL;
+
+	return PyModule_Create(&module_definition);
+}
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..76b01450112dcfc7db54cadcddac0d602f492d3e
GIT binary patch
literal 18869
zcmeFYg;yO-@FtAA1iLr{cL~l#6Wrb1-Q6uX!QGwU?he7--R0u$`tkmDzukXg=bV}8
zs_N;U>1VpCPoH{-BjLdQJ0L#K-hI5aRT>4NyQjEW6C`9=(s)a3B&mFCEhr^Q<t6<K
zkA*ZPCDw9Pp1IPDWz*wEq=Bq7e|Xt`F)8<YX;A|jS9e8hW@4H>%K^gMq=r}>$sh=5
z$o%~8s^B&?=Wn`JIh|9PUo8XtHmBbAypoxm9(29<&KnnXy>eJX=NP2a7!oMpAu!*-
z=1-OHeams49Mg-j5EcAYrTdjdPlbK|-kRuwk35}1*dHZE^Epe7wp=JVzx7K}=8Qi_
z+jo&=ZnikG4lGQx625(ga&LNOMUR&U>GAj_Ak{t?N7rb#$9iCSTlpp+wc0;yA1pO$
z>+yFx4-dCUQg$ZM`}W){sP(<a2@tfHJxZYl`_eG|^|>E0>DFsK<GZ@nO!(|1n>RNx
zgcAVo@yU6u2cgP+j<AAwDj)xt)d&6>XB-W#9yA@sZ8-%?1jRZeSX|(GK=!0Se)jX;
zk<f7ZGWeHrUx|1e1$pdqg7Q*smOX5UUKTvA{3Z$>?TOwtd7rX8u0G>n^|FStgFO!K
zGk6{IJ+5>Ck7vB4rcZ_)S_$FZ>ZBbJKcly3VITsKA#2UQ#~}?S1b{*8m~({->T%(T
z>WeHL1jGWCIDTVDFl@Sbc##7Z+5-8|WQfQ3(2q6<$iaKXpOo-`q18vvg^L+T6;gvU
z+}<W^>-dNk0Sl|_IMXnmu%T$;MoX5x)6Bq7>><NA!KJHQ(V&2Z+P_VVxWp$i`A+UC
z^ld+hPY84Y;m`^B{R<7SWN{`!Gn>X-fX;kSg3UE@_}#W6!%DKTYwF*7%DDz%L{ZXO
z-GnT<d<h039Y757SHJx;$VUXacrmc6WSX)6D#Ah%0t5}^=Y9zV6`Bw9=+kE-9i@yJ
z<>iGX7j4ECepTDkWG<Z$BVT7tJ&UpGjTJz<<y7cS(F7SimtjS&LEgSkV29NdmHT^#
zAW-9euGx%^=<x7gl5SQ@rQOT#1UHqYUSa^=sJFUNw65~IQ`X3?5UpCh5q%RM#TcGs
zWj{lpy9*V&vun1OmLe=ncYnlPDgoZilYA>1w>vX8&3bdTpH=|gbdOWN5I6ZGx-X=z
z-<RWBV~Ck|CSI3GFg9)a1g!h8Gfq?B^-TMSe|%~C6fnB_eiO6rl(XE3=A@iWKXQQE
zVr<4K#LPZHV0111=A0Tc>%&gJs+Vzhvan*=S%~sXAIx~4v+PSry&|OS82Ww5wj(9;
zbWhpQisF`Wl|<>?4X<a@hnjwMIO~0~8v2l<SW^JG>~XUCx%yax?jC(LRPAH_>9Fm-
za(rO4xx~1!lTgCTIZ(n&_i>q2(<yCBcsr_ZRB>rZcq_|(AE`Oi5h>#%cbeKfG|yy5
zc)MwSqShSk(QSDmXH9s^Z+Mb32R!tdn9q@XDRTCsJm$Oy#rrC4$-T(DKNoJz3*_8o
zyhMt3ZxTaC8#zC#)7f7gD3^u289%_1TMvafg_0Y1y@xps74>AGLh4jQ44vj^@B^Sw
zh|~(bNaQ@CpO=5>q4M(I?<be6MF{v<y^l2Ud?0c?;n{m%UmqCpMX7PPOKg=|5gR*r
zi4CX+|32T~WbCX_=?hKG8cL4&0|u+H=GGhCu2iZc_I2_{Rh)Otc<k_4o-Thqv|^Us
zU#na;$eW`e($>5=1618w0J?IDPNhr(RWEx`;Bm;hvPzXFO07_T;1g^v*19c9ylyGj
zUwRRzJYM$xe)<cmL#FGofyv3yl$>uBfsL<4^>u^97YnGOjpAi5Q{H%;Y-@VI^zpv_
zP+B4~eR$*BS?`8T*u9^dS>UO6k*2dGY)6^YYR<iwsGiK-dm2_U)~l&=*(n;Tt#tvm
z6>kQ!hnD17IS`IAZG`;U5LD|4_(SOI{b)EuB;s*9SE8ijRkE{9BpubQ3aoQwvOg_X
z5?yTa5a7GkQ!LfFq-kk(Awh9XX^xiZEqvMl<<b49cd=%={9N)l0&>;6RN#@xoh#68
zuKV$~=_1(Zyf*8ae9lZSHcrWP+ng^iM87lHzOS!h>wZa%tlemzhIjbaOv2r0Ti&-z
zdjizYt{nt_$zL@~@=j;lYp%PC^XaJ71U}LgeJ=khdR(@a&R3zezAWnZ4zIdltxL7J
z`rw3;GciiHm=j^yMGya*^V}(FudVe$XybRHT@dl@;XZ1+gW_0xoffHcjVEBtaHso1
zO;0^UsP98fuBdG|#_!Z-OODM*jcFw(ww%~crBuJE<*Ul!(;Hvyd{`W7(rR#bAwMRq
z9U;b#<d4h~Lx=L&JpipG;o83adK>hD-DqQRi;UgI_*v!RUQ;E4PNbIO(79UO&0*7A
zDWme<HrxPRquIGI5nV@?VJ+!r!WNBa^<>>YYs$8Zj1{2kuhJH^zG0>Ac)HDXfsBn=
z!Y3i4-X3;nGOGoOv7_j-9{hT3ND)HMcKak>7dJ*86=-EylC{a7ONn3OvoLa`X>T|-
zS1|h9i=yb}dMR<#%g-6u7<nWC+m@VlLzC3}Ql)F}*k^tA_u4S^P^Wy>+j47N09r?0
zGqmJvP;^V!c_NQ1R)BVf{Q!!i3y7wp)cS^q^{grpNBp^ZJkJ=<2Lfbz^CXp#2>7+Z
z>F}*j5xer(BImwLh(*l#+G@>uhP}PjL{wS08OVf2Fz)Oz;PNMLt-Api*fsz8c%S6m
zd;%+9-R~N$iKRfsFHZ|?4KckwZ)qb(q+6;t-dkE_ATJ-9HrlODl72UZ4Y#$^q*1Nf
z?IG+0q^$*5EylBd(TE)_)lI)1*QRKvDQGGm6*dLVel8(oKUS7yKiUi&#UroW?CrP5
zFn1g9BzzSkeV}t}JtCj&3_Bjt&fsK|T&4SE^g81AJh^OXZQph~xsP=Dv&szGHl<zi
zaCjC=?z-;kHa{7NQM*bWA4?S38*Dd~XfMu_wT8BPqHS@FT2Hdo>l*+T8?(SH7hvOQ
z<e0s<WRc~#Oa6zmYt|EbHHIHwR+-0SFyUqP<bLURuM;-t`Tbb=4?Ad`7j(E8m|&$?
zidSxD@NoWXquH%kk)3Ub=SyRixy5G^aocgmwUrqJax={?w$9%9avp5}J>H~Mk<-id
za_mg<*8#k{qOX_o%Ss3WVP~2(1(%Qxct4X*yc@LcI&^sTpEsC-JzxKh(z@5=-q|G1
z8m&lDRw~VoSmr<LOW4=T-F3)ZcH~*Nz_lCK<hTkQJb?5oe8<Mv+lbK@Gc0Q$BZ=|;
z;jTGE=nchlkxhH9?w_T1cG&Vt)EnKYR78kz70g7$pEdC+kJ6S-0OZBgisHRT^d;o3
z1X-V3tZw-g=KT22he1bo7l=RlzPwf%DT1SX0Jv`O?Dsi);`AWJh`fxR)rS{=O;7g+
zMqb;Vw^nux#E3~uzTJ;UH?>Qa57O(9pbV|f^UIjUv$PhRR5~g3n%nY8!hNCQB@wf*
zruUMn_v<bmxgtx^qzJFA@}6aEx#PyaYXL!+8B^Jk=WSZHga!2>Qvp<uqd2!CT&eau
zxhk77C5r9TOF@pOI5V@WRxaDyURaez4V1t6ecn|zUa!CAxUwD%X!>N$VdBfH#9bPl
zsX#wQXNvn&qm#+KQzVr=AARX<)lPBRG>3AdbOoDS9eGBQU*(Ei<9ytlI>!gQOS;5>
zfE>wlPsXCDOT}c)HbUcsn&3P6PY>Bg7skt)<0uXUg5J}yp=Iv5;41H0gf{zF!#iLM
z_CV3n*Ld82eLjPIS8M9-q0Wu(aQoAHCqfpXb9XabH;+sA)Y#5rCnJG($@jHOR>vow
zYS!kh+XF$012Fr{^U~0-I9f96K*KsPz*#(Wfch0wc&O$aR_IP0p8F+yh`dY)&PK6P
z9`9QSc+ytyx5l?r9=q&W8c#v%k5g!VBB#qr9b1zoZ>c9(F>`xo^l#g~rdwflumb`6
zjkH|iAgBBiO^weQyP<a~rS@Sa=ca16?U6+x9K=x^FD&6Tpr})EJ-28Pq1zU7-9v3c
z+h)*LJ;y%+?(xp2W*!bqW?eB-0;Z>OD8dlnGsJL%)kJvGP_JyAe%z-S*B^IA6kwY9
zoLqmwtr~m9Yt(KjUfK2R{FsT(WGt_LSGRkax;^shxw%F9whDKT=Swl;-MF~PonJfz
z7eq1jW(z!5!Bf5Z5bC5<TYh)x`rYIp9{FGi-+eg>MFU6Wy~Dp{Z#|5?&=AXndmG#r
z-YaguoHEZr<umf3Kg;=Tb2{hlelUMTpX)>l>HZ<35<x7@+fQL8g1?x1Fgxh^B?w-R
z`Q-EhpnH7rfNVbUp>CedlzA77(Y2{ho*$fg{11C6Ug-L-of0!k;fy_V91h;J4T9*d
zCNtaF>5R8Eo=<Iye49Bl4l2qMdZf3FLLLy8Y;;rIIRPN&2;WCiDD&tvtk)pE)H=L$
zs5OrdPl+Dcc8}v?_7qdG$2-p8`!W4%2pWAS3?Kucj@6}k%W#4p@xXYpIMn9DCnTZA
zQU#rW+5NRRUfeiGq;!sh3>q=03L7Y}qt2&`LZ<AmHD}J}A^Q=-WjNx?;48zGS8HxF
z9e>E|<~BvTQs36@vvg<W34;@j>G>`qlA`ShpEF|JH$gL7!lMPsHo^nd*Tqhx3n|I{
zdx;MaW?{VP(0ODF<{<>{-`nBm+nmvmKojq-j%2Z8uA*poqGZ@XJiPVe6`w2Sjf(JR
zNt4i%t9i84k&|OayEs6)^$y4Rql*zO>>W=2em>*fuuVOO?)f5*qK!f3<vAOGYzr4s
zurAVe$_S`RUv)J375SRZlm?{Yvwku*CHIKq=XVmi$w#7^lqKJ*$Gy*NKsAGbg<+Ds
zm1oL`@#4x@DT{g&z?icqV*Dp99Q#isH5~a(@(DUM{5uSDSQ=O{I2URU#9+#W-tg<s
zGOaU><jokc-1V-oN6yrjS@HwYwi!C|mu4lJ{Eb&vT6PHiyK`krD*s}EBE?X!h7Xz~
zAjJ2(66F&YFsYAZ$;Q#1qj2RDMqC_kfh4>nR==qP{zgFb1V}s~qJ&wS!9T%Ix+q<`
zJ7%2hZLL%}@_Jn1bHiois|ZW7%G<@n)0I!(C8Ya4Iwn^?6p&;L+q`1%+<5>5d$%i5
z+-)Aee*q`R*pe+0MNI8LJ09DtPHfuRS<#sFHM<5aj792tJg<PVeFuX$8f}_yrK*N?
zg4-ijyVb9tAA4p%*xgURhH6t*k<h2Ygfst%8~zer6KzQ0VM@rPJD`}vim30u9s$L4
zUFDbeH}*Box~zQu2;2Rw`%JN93z|)dX2?55_qE}9P!waNXpgv{eG7bzgccS;Xx9TC
zp4rF7C)M4ulnNaku^KHQo}Cm-HFrM!T5}JSFfaaxRTa&#WKxx6V@!XnLu0N7d@u;G
z5_mvAnAAeIzu8c>EcxfXc4xArmKk|zf2Pc@dpA1PCWpO6<M*`Ux_Qesvz^5<(<rd!
zQ1Z5uZ?=Xs`gKv(hab>`(fmx8w4rL1l5t#Owg|a0@iZ!BO!*7ENEG<xn9L_-wa<aO
z{LrjySx%FZyg{O;dUv<0ru&eqV*^6=`TJ*;V_824`Tt%1?-=xdy5*LtcSo1K++Wdz
z>rn9f;@gFN*luoHr|J~yNx6S+;JpI_9#I`U65O{YsxhAL4fu7<aQ!ZwX+@Xzv~v>n
z9=Y$zBOiV0d=E^wc`~!*U>o1cu1@i3vi$4wa^}=-e8IaH;a=C%o*=8Fc{;V_^F+3e
z6Ky|TWpj3Yc82ykK7a7@558u9=5Y~oQ@qC<Dp<{YPTpIaHP&#{=j<|D8uvX-k36R+
zn-2Q<*qHu`QPsE!+LODovT`_V@tR#(>F((CiL-n7+BccJX6Jkcy=M5_W*l;Ivga)A
zXLPC}J_7?K_@}4Wd0}s(Fx|}l^8Gyoe3lVUt0imYCo<@sLdi<C;vNtKAfl<P7z<qv
z7@xu*xSGWM3uMYVGwq`T%P|Gx*7>pI_aQ1%J*!G9K)eSqnJ8vl>A!bfH+LblZJ*^y
zw%;}jt;|bX?O^w^3m`n#&O2sAAoaeVKVm~v1w^3fylMu+5EW5S+qptO%QWf;yA<G4
zn^(PZHRi+x1m0Q>b9jVc*l)4zWXyL39JUwSJdT?V?USM(#Y*|-zl->{+vmMPz{?Av
z%eVZsk6lPQE<7e(bja<|p#>ihrjVoT+HG4vmlr<wbt!t4F#H6s)lqHjm0D6m1anb2
zUi#}?b_oDKIjEQ`)IEimUm#*J&1?H(UVT+Yl&f;i1T{Zd_8a?1o{2o0T{i{)NO_B*
zuJJ?yyGD0|9P*@X*OYS_`I!M*URm*zB~8etdUe+o9r{_mGj+<e4pN>;A&u<2U)4A2
zoB5;>L9|An0Z{uA+Em}Kbd%>LXVhWA>pqqkZ2NM#Qo-wB6Y`026pR&-s0zT1+F$yV
zMQCxnMzfT^7j_8^kq80tyDXHI#zD!#5)#*h<dx(<3FWSdn6??<2Rs!NM~5vJ&~~p`
zgnVMRm>?oLTpq{#LsuPzz~z;7U%8Ic4|D4X9J__u_!Z%XeKxmP#{{&HhVg0Jw5^*O
zWpn@5F;YMl&FS>$#G948(#Z-YVfHwc+`^PioN%LWKl5@H3?RF^{&3*Gzl5IW20hXz
z3l#6ZQ(Rhd4&2}m_?tDW#T=-Oj54L@oENK4=EYSf`mD&*b_Cs>mA)9k58NOI`-5z!
zSZyOr2;+PzU$W41wRFlMva6S(YYSf(j-N$k%AjzR@k?)IrvBnDSE$DN+a>WGLx|1~
zg@Zm>EY{}n#iyFb+*$(8Edvj4i4Q_IdUQ@0=AUhg<{-~hatcR$ssoen`R~oxT8V2c
zh~+Jo9^Yy*<1b<*y}CiY=#p)r3v>kjpg5M&Z(J22=EVXAbNu-naonL}hgc9|3qHoZ
zQ=>F7q6=<epm0aY3(k3n+1tn)7F2ufb9;#FPsZwNFshE6yf`v?&Dajkx!>9Jo&JVY
z9&T}^a!E`yP#y7Z;2L+%9%dx+bRL`-2dth^<d?E6?;2Ao!9CU^Ucb-WtL~zI<x1RC
zQFei(%zYRVJ1UK@6i_R3R7ch%6?OIN&tf}**d9pdHfcO!rlE8VJMZH;rCDNXb({AY
z@@YE8J>TOWnF`;r7V#51P-DCFY6({8J=CTNbm>aU*hoFLifflvmN`bWB=LNeRurJD
zQ{)#lG&RIoBt1i3<TVG9!6gm(a)d1!FXH3F03sI18I5XuI$(*5b+VN&EdI0M*1fOu
z0+NEq<cn!liZ%?DN_Ix@Z#;Nu+D*$M@C3PWPU>cPFChqtvIbeI_W&yS6C;3gZqIux
zQVWy*Kw86y+njypud%=Wl|6Nu9=Wlq=vpd{^Fjpjdd`rJ(wx{gKtn?1BW7~HKJeif
zRln?!^>c_(i8oFiL1^~xZqqqA%AfvdZ{pv0Y2dgPglNADsJ^olyfo$l(|!&}d=^2)
z`e~jpepi$OmzTXr)7JlXR`BB6;)z0LP7YD`8qd}%Cf+wyrpgjH2~kB)4o9p092fal
zk?#W6SUKZ&w%=IpE(GE*U-y-Fc-$s~_$AY@!Mm04%h>D?&M`)ybHn$96U^2J@nfy1
z6Q;ljK!fZ6izG_?TsA#JN#~r->7nuj3|2x}!b8HUSqC=jtShIyMClkTXvF`m;?c;u
zCIhD06~B0XcH2p1siyaIV_ky>iK6)j+GQ-wl$t`~LCWx_nA9U{^yfEI!pZIJzRMy3
zro{NY{XOMZy^4J4_(%DhPUU+5#x*wjHBnO1ub|r4hY%wbieO>EqC^e$YUchu>$yY$
zu^C^DlvhH>emYMt|HO~72t`@n6iV*0wQG&p_p(jjocRvbBx6f{ig|fH!{AARIzr*k
z(=xuOJFCDu{-8t(l?CwpHjS!c6P0u4*x(z!I?$hAxu%p^(N=aYkXn|a1kUQN^dxE*
z2}wi4oXtuT+}+Bwq{z@B>(yPP2C!DO+}JHV=Bg!s=XJKTrf>iN@QPnW;Uu5GoBR>W
z+i(VkB3foLkZBh!nRivTyOyD)uOzY~5rYQ&+ft-8&)zB5JelagdCx2MRQC$K;7{FE
zh|iIwG)h$eD3<CD0{K-O!Ltvnu`?^XRH58~k^*Cvt2q)q2#XqjInY)l7cEpkvDssH
zn$<+P@tqNWoXgbWxl>qYP8V(^jx86DRkw;Ju`1@Ob)`Ik8fNnM3EAuw^%@jv9*Zm%
zWR~FPq^IiV>&3E#af}>wI`7D>=lxM2#>Uw3XSmZd6+Lpq#rjEp7x3^8>Qe%F&e@Oa
z9~^T+WjWqg4jeZ%Z5ggH<?5gsPk+%5)Kdb5&kPi#9Q~{UT8cud9$>+VXFR|-i*w$>
zSnJEGmSHY-YLbPqNu0n<!p9%)hBb3v%iTh8DS^IOEhc{Bn-K+fN)rFwYa~jJmJ<`)
zBr98d2S=nm_K;QnR}sLHGnjm|U_+EYEJ^9lec4ii8_d@b`DE|g&dUX!G!GYC)0Q>V
zF96ej1^!_xtz>I0Op!eNb)Uf&EF<k)-j-HukDRaw?tv|1P|qSSt(62)3I?Tsoe2H&
zW@tVoLiZwUwu-{k)%z*3hWMOde1ja3fY67KzAb)!f<Agug`S(axGg9l3ZBP^upFXs
zc)PCtL^%7Pbkip@9x1OSzOTAbbP`nfqNhGo-X*QuvQppjJFDt=u-_>%o*I0#BYO(7
zOEP}d+%l)qyE>LUOANDlagyG!WaCwQ#AY-m)nm)R&!QKrWoUWp7WYu)A;lI0VOgQm
zpYZcw!a4tf&M)nJc79X-gM1D0?}pw32AB!Tfh;J6x91<MvEZ{LJE0Z94R@-0tS$8A
z((5R>wD%M;HR`dC1t}%J4ji?>;X8cllgkP5;k#yTg~T!STV*Km_r$fV7jQ#?4e8C^
zDW2P76kD@nud|L@j*THch3UgQC>lrbQ6}Dh0{GAusw`gqa35MER%5`#62vJcXyxGF
z0!r7(p~0EI1;&1JmaYxwf>vlO@?Id~2u;W;WA$?Lu#+%|^y9TW7Cdxl<guergghz}
zXYC!aHl9D)GOrSJ$nWlN@JlNdUpWufBsGBE!$N+bn(l;=GT8&Q;4StFyh<{}ypLgc
z>TU*g?NRjRRw#Mjk~b?F`^nEDb?)U(w}kx{AsTrnvZTFqMeOej()osZP68YGMx%C^
zxfSN5Srf%?iV&k7ue`AGI|eq-e;{&O0&TiP#FkgnL7k&xLb)8&o^W{U{wGYxvm1C`
zyty2ncVs0QKpBd}L;k0`J(BA&a%me?N>6wpw;|{Y2HjeCPgYbi0Vgnui!y`Vaz{vt
z;G!*K@2%^btP{{?)WE><Nl>tVA#-@}Xl|hZbebf$&pM*C5h??7XHt`pL>a+7dYU@|
z+dBkqEMB36Gq&De>%${l{NZfR(&XQav=}eT$Y<kzDglxL_$Txj%Nixen6Gupn{<DF
zB-oahA9@atW{kG9Vxb0JhNdd$3YJnVe7nzPaUd%6?ujZlKXVD+F!S5`#{DWwC9kE+
zf7>1DfAT&af<4M2i^gh8Ayj-?+--)dCFwFy8H1IA&-#K5l;oYNnH%N4CKz`Qmo;`-
zhd&r>V9e!h4>qVKr+@87MUJG<zaYbm6^Z|68~Eh3Q2C}1-@u~_p2@>O#z(#<j`qD#
z9NLN2-(%i_Iz7$T@bL4Bep`!u_c})ox=``i?Lg4T959XgUHJ3?SN7LWi)7$I2H5!4
zXdI@n8Z<t&viB~o?wl>ZcXaO@eI<=@`YbByl-DnDYS^l8=)(DIQdWuikC^oCW5P)Z
z5X72!V6*UtSl6*OZ97T$v;ns?oP`)k!q+Nbdf@gyA!fsme|uo{NGZp6aU!ad5)EZ&
zYR|ty+o^&5iJ5@FqsR@2{*8Dl%^NY}SmL2c8!#AY3a*1*qY8odUhjWOzO6)FXau-Y
zfnOdgw8?~a21NRYB{K^HX;9-E80!70$hSfNoD9NHl>!YE{zAom{PQL`FNb0@RQjBQ
z`la2lA#u)4zXmvG0xKjwNn}?Eya_$97$uf1a(yS>@V_fS=tR1^WtoomztjJ*qq&>$
zoo{$?bzms`uGeC|YkyZRAy7^I7=r(f=H%S$<o7@UG^seMEG#3O7|D5c$ssxJQv%eJ
zl_^99>+W}-ITt&uX)ZHLdu{NKTrf~JOWep&p?n7e)&*tTtVWLr%Jwf<f2sE87zky|
z?QS0!`{AnxxOYBzav2D`Pal|?5%6ikJ6=5Vrw1hcP>hyEc(!!`$d(ysYe#V8m<h0>
zuzhMUyzF%Fbv?Lgi?W?0+@2(n9xM_6&(Sms69gcI;EV9e0K4E`NLo)fHn>-W|6-`L
zv24M?x9-l0I0TFZ!Mz05fRqS-Y;!wHnMo)jcFLQ-Nu^S>A4ESkc$Gf6L2OuoYi1Cv
z%KCWcoHoWA@hl_;?NHQNidd{RMUrM7`q#P`e+(P`P4SItj;uXxqzOtx!-RccVRX)!
z!^;Dtg8vMeLGY+-yM9P}?>w^x^oP8MGO)%$ByhwJ0ZkzuOM6hmY)Fnv8PF2*O~}U=
zp!LXz6z?Mt2*`*4e}X9tyHJ(b3@?VPJlN(91!)gwz8Oc%u!sdss?g(UMF!wUim)Z)
z)TJaEixqSxi|u6$^l(Oau=#2sb?DOPJJj?&X^3)&6f{8Pw&MYie-_|WR+!%<gMF6#
z788=^{-dhO_E8V@gu<ETQQBYA9qxM9+b1Bmt?O9}<zDsMOCq*a8p(obBE6?m`2xIy
zXs3v=UrL9&12em)(>VY(H;C|dR)uKW=*!R_k^(cK`_cfryt|_dw01wX=V$WSfL!1E
zKN8;sxbL8q#4E8Wn3u^m2qPeb(+o_csAr8x|AU0T9Q&>3E&N5aC5eL(B-4WHGBK<9
zY^v{DL?yF0Fud4e8*)i0jfE*Cjp<PTeKnGaPuo<H)$+ufuX?h0^oC8t7X8VBv#nA(
zaX|sWFXtvD+#A;N3IgO=TE=m0vH8#Z9W)6RPlSfeWHY(N;OU4kz03j$=Mf;w#2f>I
zmplcwm~!lrZ?J)+|C5`!oxmJ!9Bh*jwo5Ln+zc$T49pK}+I|9QJC1fcfHph-S6U!h
zp|#V>BrrRF(=xXuz2xtACp?B!#XC@fdxWbp<XD+Vgsz#iaKku_ruLAMb1q&>TYAaS
z`9jZwWn8|CsKz}|n&u_Q(!Y#FY6e(Pv3NjNK2#QfUG5RFh-=cwsHc%+>95>aS`m%&
z5TkBNiYy1z9vV9t$J6)xqyAQnUvF0OW^>U@<up}Q3a&bDKh<RmCD;%llbyw%=Jnvk
z-s86jH<it7oHM+$(lxSPKV<1&z`kD3-YBS2d3EMsbRCn*x2B0mUv`kqXG{OF_YC-)
z)ZEsyYBh_&kNkA+8u;{NxYDdF70zZm6A;vWkv2HMtc{ZfL!h*0f@etyCpj-l0@*V)
z%7Lv?!ZEc<4G@ToofWN3?&zN6fZfS#>%Oc*Z7;(2Nev+}5psGRw`2H2Vzi`0<LUyF
zr=+Ijz_PQxexUKI*;;R1AUC*sPIvpP?;KJO2<jpSg3US$T$>p!l?5$TKs~)mNKJOe
zYQ{{RVKt=ElVKG>+w-5W>oL00dAi^1{Ij<%xQq-|+C5_il*|zCF>vsLQIVz%)!i9r
zU!k1X`xA&uOmFG!3Y_MLH_wI|Co}Fpa@Ln5lvjjh>tH8zFF@fE&BB-qsFsBxO$dM)
zLfQ_d>0uhd-o)*(B%a>cYjqwEbHpGVw_`f30<|`*!LA?dwUQ5Oi;iiJ@n7z>-bJCh
zk5V}vyO5>mPQ^)y`S7L;diQL3^QKIe!k(OnFtXz|T2Gsd7Cm_8R%U|~6BNeMZx-r4
zJaeo6uQas)*}Rxxxq=_^ZubTD#t#cKzG{=LN?4S6d|2G-8XqQ)hw_Wp633}7ZB$+@
zCKMK3gD&$ltCefdi<PF*o+71SvuYOO$mEs!+mZ+sAQqg=LH7HXW7+sJSkVRlR;V}2
zNk!o0Nb*vhrWU0etM9Vt`Dd|SA2@2!P{+%|g&Zc!x=?4^@5{7N^X|2C#CB1nGw07!
z?C}4CePXdL)tw3RW|)4Z`0q-QJTzrdZco?K4eu)D%Yso1$vzjHLJ*PyM3mNTGX_qx
zWO<DkxR1n5Np;QzY&&02gziv?@iW<EpsbG*(=;qifQcgbdlf?>Czyc=WTSXH0hvFw
zHl6>J=43Y~x5`j8NC_QkHqFf+kI?CV7+|cJ-NdsaAJTf9?Z_yVa~8~UM=H?}Ds6w*
z($pL=&^oT&n?X8fYDqpGu9?krdPs2r;f`Hhv}o+F<4H9gJYO$<39gQ;GSudg7xJv^
z1w=wRv)(_WKk!@*)F1o1#=LpG$4%ZAnkG~oy5^ZCNKBaCiwaHDY?@l~53IJOTgg~f
zv6eqq$lt=1wo0n8QqF6eDBi-~1BGM+?O542Dk{t2)93F}7pyTYfnfs_$cny;<4}x5
zB%QW{p(f?j23zsVx4glY%Qws4N$~D=5TNB>3d7Hk%jgE|bDZ<|-+)_fcDXx+I2Va;
zFINa{&&S*SUIX@_4PhZX%X1f4@gG(Fb##$nMSte_$<5aa5uFv3<*;&;hlm2YNke>Q
zMP9D(;N{DnuV{W~Gn_@GfJy!!uF4n)jU2dgiv)YVWVwyI+0p2Un8IR}_DMlhukD!t
z61RO59IB`No)f<!#issD?Vvi6G%CudTorG|nn&j+sck2jG-_jbBqKqr$+iu(&*PHg
zX9uWZTZDX;<#0!v^9GSVD30el5&Czyu(%|aK<zAwQXbU#Bpo+nxkWU)yQO3zvTdrt
zzZt_^72pc)$<YQxnnKi@LX`W8A(ekf`!NY<z(0+&T{tI|oOmu{Wg}N?aw3|)-O%Tn
z0_52d)o=JPDg*bR{okGqANFfa05#?Sx+UYqe$kPe)|I`E5|Cp#$2bH;eTzzWI`o?(
zfH~$b-f%<pBn-a*zWH}V&?I>A6gb}SG=r1>KY|bECzt+hwD`}$-OT<R6dn-7tah%2
zfy&|Bjvty_a%6cFi0<F3SF6mGE)csV%>7ZtL_otd#-JTpcZMY!)S=DH7Ag?ZY0AjV
zrp6nBm55SsAbb1fj^c;Z?!|aD(E9e{tiUNi?C@r&#xE7I<L7LZy&5<gqY-$@H9RR@
z1w`2t^ym~cV3wd6&ov_1{aw>j#v*$R)c&HaztAc;cR|pVo>L(y(4+HX$zFI4ZfHq4
zEi7jn+#?TZIgv8kFKUmN9`YiU4kx{cT@mB3y|r-HaT^R@yPs&dIw{@0)PC`6ldzZ!
zki}U`bx%4L_BjRYzKL!S#h#w;_1L7_lRN4h6#5vm{VUx)+`gd>Y#?L*(4t^=W~_-@
zoJpY#7@CCc@?n&-7HhnIiX1)Bi)ecFVC?2aeOlqoJ`k`5^PLu?y84y9>}Ln|vDky5
z<vdGQvmEQy5nI{AImKSxgZdnB`{oUepc&kW$)vhH^w#6qT?>J&ivI~Nh^7^w_R?yT
z^8mSoSnhWS>$?woh=#>_hw(>Hjg0f|Sacivk2mzBEyPLs6K&flb4z<zWslb3b;XM-
zhP@re`60W9>b7c-o84DK0)P%XHt=eU%d&J{x~t#4Uim;P=noqry?`#$?M%~J2<W1I
z^EB1%S(q+}6b{Jq32$f=Hb^zjTP$}m)|vv13PCZMLj(ewZMv&G)9uhN^CE7yUU;$v
z^oJQ_&gE8mz+-wqF*LU~dv^<ECj_ybcy-TeIsu)%go`J1wm8PrWtnVs4{f&zbhL7b
z+O+pq0l};m%UwmL3hU`_xWG<xRnN>x2i>=<1}I|oKpIWmok9T#Yl_7QSjtIQ)j3J+
zt0;*qen@?pG$hR7GXe3q(L&s81eI&)n?#8N=uJGqs*qicLft~$zg2(15|8B<q?8Bx
zlUeW`PRL~WcVV=P<W+M08QJ!;;oC4Lq2!fGXoyr6C?v7`H4PPO<e?*&^yeuk<kw9*
zN+2RiOd#Y(g}LTPJ8(%e1vP?=RTXq8Cemy21Jki&DLdks=c_gK)BhD=h<i5*wFy)7
zyRa!NjEC%&Dg|gRQiD?}i<=@+rZdPdpf{>hBv36FFDsa3qcgXX_cwyL$OnuTcufMr
zMVqJ8pwp4%?T8Yr0!rfxryMo;RF&DvdYo_X!i+=o+MELg<5B^KA!#t0>;+~fil@UX
zzNr=?h1`iLPL=sI!J1ZX45r#3+2nM(MafVAPj!VxweS2h8b_x`nX?J<bPd=9mg58}
zU<vF)`j-lowR15|I=@o^d6L8gmf)?KUE=qp3w3S8acuK^0lCZdR`<Y7J^hn8*Y9am
z83sqsvh`{%f3Ue^0`^*hL$dy5H{JD3tyA|-H&81j#KdXukHdM71x7Wrxc?kHq9}vX
zE<>aUuT<?^PqNWKfdPPWp;uK(TX#qC3^n5qto2J-`!h|vVPtQSlAZ9n9(Vx8iGf&?
zQ5TZ+P+6ZW-Se5p4=RZe4gVNRU}{!J7}fq}#+n12S_ssIo|jojPG&kq@8d62uOx8o
z#r+-=1>?yj1f0af-R<@SnSJl4^+}gY@_ulnS|j}~_)6VG7RB>|4NZ8jHShQMI5ho)
z{<C9lXG~qlexm-%S0CnQ9_!#MzR+s1F+D)Sd?e(sc+j0b*_uG|A3oVm_8@X+=bv8v
zj^@udXk-V5d17e};l7!?i9ZuEzgTc;<>xSDDOrAm??^*^6GyVtG&g77xuk&o=gD7s
zPx<~H8<1z-!U>o~N`xSf&x>6IU4}x6qo7*C`w3(o7e^}mE)doMLqb6v+|^cR;mtk9
z4C)sqntefk85X2x!<-q9fNe1Lqc<M>-5_kY9>t8$&b7`uzf>~dq{RRkr|ulox`h!b
zGXCBrPM^v~)(2_Pk1^uT)%G(-zJ@9;3Kp5wDDU62e!8Q*dgPFi1Ak?5cAh=?%C~6U
zd;!yVdFsd|<wT75{Y1LV`0{ZQ9;)_4t>&l9NraUBMD0;M!uUB24W(mc9bK~n<r5me
z&P7n7juK&Az2b9%Fpi32a(f{lbU#sNl!5b`S+J6Wj4Pm(JV(hfPabfoMg3VjFkQ?A
zqU{dZBH^Yu7}N4b8PM2KB#L{NH7lx@eI7+dXAMG?LK!$#B}($~)tTsDk|N)vdCe3d
zDJjH!eUlw1vbJ@Q9BmdCD-v>0rST(yq|0;}#cE?K(XzPV&Z;ssONu8~7J<gtb6z-Y
zGfr`QMJ}|?cZ?i|%be4WpCaK_Ij~!rbN3MuDcYxZm~a}cqD<L$dbUf<<QJG2m4InA
zZ3){tR+N=MFa3A`P=<!P(aCLmZ)}K#<i2M!1(oBv0zvV6>yio1FiM|UX_`e*rnNZ}
z!k4W-9p48U9gAWjqW5oJb@)d>ZjCLA?QaZ>(Mj6;Is29lmCmvjGh`*aFe8`r$`@O^
zx7-vb$8()>4?K}BdfZ8`Y1Qc>QJ72KC57}qb{*Nov?tkC?5<nh6zcw&3?UQKGj=Bz
zB18mBt@s29V^+OH=@U#6B7NeXdHKWcm3+!G`#J~hYkG8B6_pPh=+W@XecoQjHayLe
zT(=JwjcRM+tKrJ}ToK!!7_FDeX=S}k@XE>@I-E=)mG}yjD0RQbaNl!Z%zwV3a^HJ6
zmTfi89=J6=wO(otmx^Y;&dKT==i@0KD0WduO!i5dC86&D+n*p@J(HY@?u8X^KB=J7
zO5UzuMh+fZy(Nje8K<l1o60Fv4L(I?=qiFnvu;4Aa9UMw8M_6J<;+M7BUBa=ql^b#
z3=GMQR=OMXIpc6CQ$^CT6{QD?l#*%L22mQa<AdMqh#TMe$%2D7=_|%cqzk!HX{DfB
zDSokc%w8rYHTo{Oq9qOuB1=Y2Jx;-m;nI9?dun>~CxcaQet%9HqY$u(AKkm+K8T2r
zEZM)|;;WP`ojgvvaGo{gStH@0OB_r4J0h7_g)+juRm6)h3LA6NlYHNRnaCm$F7cul
z)Kl8hH30}Id{TYM6p`dq;yiL1-M{>WJ(eljq>iQ5S>GeVf|!&u(y#!a7HG-7sm(Uo
zD`=ol#fX`ka5Wq#T6gQ*cdiYtQhp6vqiN@0KCw&t`|eA;Hj>kpE#XG<NmA{6P4F>z
zuWa}=J?>c%CACdt)jE|bsnRgs3O(y?{xHn848>ztnV15tmf09hDQT)ojpbKAKH0SP
z>7CizG^r2LOyo|IzgmjynkuC|U8yy+L>#do*|0=p^5riUb@a$0Dykp2Ow^{3ZLQ0n
zJ<cOd6tH$Vtf?GF<H+)N9(eswGrXI<k2)r!^H?1>u((Ad9?Lk6S2Dfx?ba=(c9v~C
z@S||N`%HSlB<|KV{E?sQ6L<^+@2sE}D5)1W!P-F?ZfGWK%|>B_H5RZdc`PfHT{tkS
z>Rg!FjZJ*4y5}}NPz{x{!=PXVnZmLToyR|U+?{gPFmo4)n(bhQo+;|aYifI+Ssnf;
zajvBoiii2i{TE-03J|ojw#UipS3BWE48S^tI9Jo&Tv^-<-Y<d36OOl4izPt1gT;71
zBIwH8D1iFksq}JOcu}a2$Rb`d+;2PjZwRiJJ+@fCG$FG3fuuFsQcV;I*Dhy(FHu_i
zdw77qZ)Ad?9zFjzX;QRsiW%+>ZK<lcc&P?{@&;q(w5Xxf=m0@E<~))-k(c4(SU{Ap
zVQ1I_RNu^h8D)sp(F15pfqCj|EYjq?!usF2xWqMKAv)0*aHviK^jU~D32<;C$oqrP
z(*3jyxmLZnn<=<)!eC(8oPC|2XBPq*rP`~s+wu5(0$Knwf$%cjBfmgbKn6U`a*7br
z5oy$>N-MqEz&Fls(I^y+|JXH2C4LQP+spiy#3t?t+1jzM|D6Dt)tH57y>I{nk5n^J
zCUe3*0l-P8S@Tq&BL$gKson{d)gNh8E1qlRE{}m?WF7voof~3K%`2!_Jrk%V))!8W
z2fOzJP$KBRkr7-F0B)1(W{-m}Jr0QmAZR;~9t`zNsO9PwLjK*rU&lreNgCT^c8^u=
zaRQax;L@1JKKSy2jwjO2RAnLl6-*OW1%W)PL2<)%dFD(K9si3oK@YQzGndGOC?+(W
zLt{>2Jv;pOE61(xj1WOA0W^V1jz$1S-e5kQ3Fws<?{<+jmk=d5-6?JO@ogp_KmMJP
zVJyWJT9rYkv!fhRp@}!2FF<{rp0NrU$^v{KF6^EHGTb<GL-TbxC(oR;gQP6jdxsj)
z)UKvk&q#x6mVvJsXE-kCTAgVs`1=8gxeGHZ4b`$WCzS)cOqY}UkFn%Q_X^IRtjM|;
z^G>3A2utMg*LP8>1Nr!O6<;vJ7=_!jbVvw^;vsHWm>K?;i${_x0Gm6odOtH+^u_b|
zk15i|l??}Z42^;M`0zLg0~6$cEL5ETt)<RKhqZeWv;^&KQmNb4MOQ9r{KP#&d?A(o
zV=<}yrxfLVBdg#kZ7Li&2Ml_geYGjVUvV)5+gvBEn%_$(n#n?ZopJi4y$ArAO9Z3C
zaN#E<&F}qzUx6He`nxZqkK~V7yd%%8hepA(g(8R<3;IxabS7B&G4=C1Q4EO$_{IMs
zp=iXN5CBX9R1wuS@FO2!65yZ{ewv4GZs!8FQ9U3M2_{-&Z=Fc6kDl%S0L<Wx995j!
z{zAp~2fZDm#ld=^*AB}o8cB#rSX6mf6OHZGg6r;J;0M=c^{1TPt6?q$fIZJQ=$fa|
z>-iK_cRmN!KYx#_Hu#P%OG%~~1V9cBQqb!ctfBIDFur<&?g~Nf3Za|4WxvzGKt-{=
zVZU>!GUw!|q|nsUC$wS8=nKC~$NwVgG`RP%rG1fh*tYKQuyIFgJVj4#rC|CMSV5~r
zHd6eSjNw*|`sV6Py!h@rBT+CKJtyC!2AxZn_6Q@L9FuFyjTCGM%m3lvU|MCm_Nv<r
z5@08EfOiEUH%Io38sZ>d$FuYVemi|Ot^g(UKEWLR`Q4TLM2bL(?oEPx^s1NxkVY8@
z9@){Q3{Z)7Cnbo4iSI=&Bs21n?`)owoZ``hp8&zecVN=%v_C{NzGP<~{h7<pm!J&s
zMDM)5(nrrnU@=GxQ1BUmQmwGnYj?(Vcn}H1M^|2!Q8Kzk2!(hb34l}g$e)w&qt7<B
z80yQM-py!;)h#7MQ{n=ZEJ0NFH&C&3#{*YKhkqo(hZ{4e8;|a3>e;cucVf!di5ZUk
zhI0yplJD>&tA%=Yq+V%`4IEm8A$0p2ZyDt9FC;$b>^mzG5n_`GOjN`?cSoQzz6(sR
zupO5)_>$QORWECb@kz!@E|GeFt#mdG{2d%jnqB-giHvYObZnFTo;7+j3QUwuGD<@6
zzbP&_XOwzK1y8gY5(b&qxQFPb#$AGX*)^_05ij;VY5>tRKUSn=2Ma7PFx-R}wKR;$
zq<4x-yl_Fd5&37+4n=$~dC?C&8tZ|C`cO}d+v6z+XOwCp(h7O2vmIx7Rw_GTz0X9{
z@E#aV)|uGlQi~1yTapfPZ#)D$ys%nw#9*%hkFZDT<TGwB!R{lew1W`!!@~lkN`qDQ
zCx8^bdb~+-7Z{S+7w0Mt=VZo(;@=D-W$Il&^I8)u3@!`0bV$L3H>JWM>Rc&%C)dbb
zHos=Uae|dHQ~Ej|2}3;6jZ3lv0gH{PgN-~QrNziJKcrCl6%OGF%OnMO!cs%n3WbKp
z=oCWnt?Cy8ElOS|%yOw_B*ajNFAnMEpFHZTOux3YMF$mtRR!81v|d5_`)b0WaU>1S
zmVVV;xV><srtP=8Kcoa3T$s`ItVmecgT`+|&2Iv5Z!MM`S9IwTkPBY;b{EnGT}7t8
zCUS<K+~$X`bYP@r6xJP6aCl6a1xjos_(GTBSzd#m2zl3rNQ+^I4GsS+xXG(VlBs#>
zqBIgjl=LYaa~q9bvRUUwmXDegTkHO6FCV$etWlYGX>=GWhIZsVegEz~69=G5M}u6T
zOV406B=NM}!>{Pf*PzOP7qN@5rbe59MN+Odzfc|ja@bBdzw<rD4Ja`?W9PnOPW*&i
zph+KrV68s-gNf6T-@5R<<9IrmFTc4`u;U-ca;um#it#XJC+sYX$gMd{-ce^ZCFVo|
z?r+g4pOD4|`HDwp`62iKxk)-%SNevq@%kI5UX7B_prJwz!q%0JR^~q^+Y>4liExJw
zAOV5Yc2@1r3jw@uX`Qd%A>&tM*8VL;AY)fyOn611LQoa*<=>XDW!dk<HK>W)rjo1M
zt=5S-%Zl%Dx#%=0Eoo%Y<}ICIz;~*KX69AdftDo6mPl6?h3hKAjkPc&Of@jj7JJ}?
z$?3lN)6+%t?>Lj*VoaQ+bDQQ>9PoEcUYQ)V(JPl=73s^bCP31Fe$m1>THzfplL4EH
z;wHbkHeV%}@dnyVvUYgP>u;QV83sfNe)aWdAftu~-zGb6tPf^1bIZ&MgR<F9`858@
z(nUN|z$#7#D<kbUXHs^DP5vwyVaj)6vzeUvucLwSk$^-e5-dn=OAayTP3DYSQPq=>
zIyD*dxASKmU%oWPZYl=7hveLF)2z(KsiGvSl~d8NCb6+93k_(!5%t;jKhTQ}Vhwt7
z85y19^#>!z6NXwZ({V;xHI6_;4lRxh0^#@$b}jdZQadfcOdA1cj&-dt6FF{<A&lTT
zoFIgu`G9j>!9KA$I(iRcFX)Eq#%^@?WolWZK64i{LN3a#NC+tPS_gSFX*$vQ_hUrq
zl{og;8PQ|p?X_G;cB*kPwLZC1!%E{3|H4|&Vr8tDMa#Wu$*MlgF|nb(MuHokw8Sf8
zz=u0**+44Zcx4>~%WQDqNu$%SXl8TZli#`_Ou0H$IFemU&=E%ey1qbVd97+x`e-w;
zYOoYR=-NJ4$ZExTjxhl%ZH#Js?&u@NaGx_=v5;-QGKmpdU7oqeFi)>;-^A&>%YW|v
z5+aK^x?+*kXInis-Y)lc3cww@Qh{#0ICk}$Zm$zV94u!V{JHrSBY9<;@&n|O?~!Cp
zuy^o<YY|)4l}xSSGD&(nva(;3(V_++S>DzO7W{j8-Kbdi0<jrat=q7w)k|IF@mNza
z(^`6$wbhHORwiTKr8JeR+F|PkZ}QJasOFA^8eaNzi~pdN_2!O^))r3*I1?w^@DeuD
z(yTZC(9*nh-Rv0Ce~<E-($VNeMcm3}TPFm_3?%tV4`vK7Ca}#&gi_G=-Pq&Z+XKqx
zA`Ep$0-X1MwIS_eFea!8gEkrt-RkADR59l=A&-ZHopHr6Q`sVAfmr=3r8q=(SZ4>V
z4NN|Dn<<UV4QDF3Ce;uOT8+t_2o38)ktk9{d9w_wJabJZ)zg`wHVWlhbB#bTl}UbU
z#4hL?uF&&j>z$R7kVX1@g3$B-4c}|(LAb$We^ZS~xc8vb9p5u&JM6ySsA~aNaJ1JT
zCun*lJ)ZD4Y@LQvb)bXkwf*4EgTdJPAUE@;lL>GGcCw>$CO~8S9-i9@jR@zmC-c0V
z0QRtdrLVs8Ll~eCjo=L6pfMBLcfRDmE!8{}1Fp;`O9LW;;IRm2vTc;R*$wHmO-M1$
z*Jh2^7<dTc2%C8$6KVzxR@%a(G3SCTSZe2ZjlS%hv&NU2qs;XT<tWu72WV1)lMiNa
z3Zc@E_q#J<Vt5p$%}jglbQPJ|3V1~Cx!rgj_u!~?uTSel%z=%nY{cx7)DA;LGZIC|
zzfpm+w#UO|jqfWc>Q*lPzkN^7DDJdMd_!1I!3WCPn6zB<nojuh+PHl17@E`zwoOOi
z2DCo6OW7~e8pE|R+2~QJ>gBB}sG;!*y&S)9w8jqnj}zG-1I84yM;^){D}xL+c`a*v
z2irmBs)hZ1&0TjIa%?3<Q=W4kP61=&GR{?!^}0#Hnnof&u=fSqoJb;(jsKZA1{_(-
zS#4(jkA8wX_CkBu5VCct!oyCLHl$vymkU-I_R-q`s5qeUbEXbMcWg1=1mv1se*`Yo
zsxSB5{Z;sdgUai`<#07t#9$+(3vE*2S3T$ch6blJ_hkN~G2+x_?4t=<<;26C#`6F8
z2%oocSk+L2vF1e9Y>|!V4xWUmYq^ylm?hIYu2EL98~-5>rN?1)kw|O?urtoY->Mn6
z$*eyTP%EDExf@>t6m_LqC6IjqPk2e6{sp|*jK_b#ZzhT)7A$85%Z#pk<KBqLes)dC
z5}=?trC&AXHkY44JHK$g$Ix2mz(_L}i0#ZGWQ_}_)yU|SV_+j>5osrrq2x#^43}=G
zmP)W`PBb9JaA~RAj<UNABi{EuCO#CtE#%p&gu3=sFwms5+f;FXxKuQ;tYmGdLYtU4
zZYC0Tl1i6k6I(w_sT97<X1nC$rmP)I{fBOZ-kIN8IW0}?$uswx$7!77m5*uUYX8?G
z7yCPX*uOpdAFVS{_5@S7g+N;^KT+YT*U(+IXeBY$Oi$jD@?aWn?TwtB-qVj(aOR*I
zH$7nMqeihHEM(+6rIcDxf=|-G69LSDj;Wme$W-CEJLOokyjyaJgWurRBzJcrfHoa=
z<2W=-BVkV1xVUfvFcBPlO#D_yS#mHczq1RuS2jNIEbK~N#~0g4i%Cp;cR;1MuA0Ao
zsbD%c(n52}HyTJ!i)}mlOjNWIoKoCLm%g#r>Nt`XzWg%>bt?hDlrD1u%g}Ec5Q-dN
zC0sxGv^3}?Qr|t?@gRKJ#+GNkX`K7Dv{*#aooQ!~p-$&vg%i0{*9<pTEi?T!b6cc`
z0GOb>x0VWV;C<F}9Q%B;rm;fBG(EjwbB@UoM@evl5+DRtthf5YCSO5;2nfyYvyssz
zcA<!MbAChyi4Z$;XAToD-{bajKYcP|1w(h`-}R0gCQ7`YT9hp@0MeZ0)TU|_7<M|!
zXLnUiXpp&;%R?MEX*od^;)qxi9x##^UGG1?P>U%nl?`*pDQg_97&-X=0@w#9_}p%U
zKWC3CEEngJY`157Ajd{^h|?b`8fT-j66M>dtaQ0IDl64^8<p_t^J#~R=82+l9CGZ;
zM6yvBb{37d2<P!@lh`{g*A|hMVog}yE&rhMtRP<Rv%c%*;PS;AkmCJf>)UnKSMscH
zC0bv4vA#ZOeH|-lc@4?>?$W!Kw<z<?N4(&7CVR6=`v;`AzV>&f`B>qD(p%q4+ja(j
z<$Gc5Z0Us_kq_4RohcrxEP2pr$%lMzJ8idIcUyjeuwKPOKWiRZ-ypEQK4AULYImNi
z^;ghG3&yu!{N{Zod-MG?f4212AIuMYKzlzZz4d3_Gx;mu@2_V||AZy}A2go%er|l%
za<%%|dUfQfYx(SG;@1{_U1IU8^=f^x`R*C)7tgWJWN*I5?Pp7GeF%OukG*ddjQ>>m
zZ0W6!ZqMYee9u(RmcGfd&OT^7-#SCQeD3kD3oK8;@;!nQj|i+!7OaoE2KhB<d88zs
zVPxeKm$TRMsOvx;efgg22>ZIvU{6*(;rJ&k*HO!Lz2!D@Grx{lZXvC=VEObtYPtTu
z(*H!^_}60=z4>m`ggxS(VR{~Ym3+LmDD$3bw&e)xP{+R=T5qAN%tPN~xyM_;uPyxA
zYWXjjt^XOb6|Um=Zhj5%Yd^n6KA^mDL4kzBQZBrV<2mt4&V#rD2lhE~;hp%HD;M5n
z{HC3WFTjDEcsKh;O0w~VMqo4XMQF{5SJA2F!WZM+nq2r2n7-9-!h3+px$vb}pA+xJ
zp;J;0d>J0ji7&_DocIbH$%(JT-c&Ap72e2+ug2ya?<OgzLAR6(Uz;a?Cgj0S%!8kl
z2Va*5KRFNnoILm`$aOpKz@JlAy#7xpWaq;Kb~BsCS7y*>=bMht&Yzj%>Mg{AJaSH2
z<Xm(H`v)!dFXQ%G@f{q$*Mk2z`<tC_pWyVP7WyRfX*y4&3_02P%>Lc(9Qbc=`Ax;S
z?8#m)|H(gEV8!e7rR*PX%*JQu^HXQ=XRF1YSGb+lf4cs69B=*C(sjMrb>pv`-uf?9
zof3Yw{4+d4&bGQ-^D4oCy4>^ax6D_S^mqxpD5F&zKWM>!oO{DsAL<x=8sE?HevTjI
z_z_E7j!Ztgd=~VzzD)eZOnx>VdE{Ki=(F>AJ;VPwWv!n<*3GWxNj@)Y{)})r)_SYw
zPxij^d5Kn6Htd(u|H_LQ?w5cZQ^j+6=zpCD|GorF&4I6ybJN%7!TV*hKfAsy$V1=C
z=v54Idhwsku90)kt2>XJjd}35<iUR_5B^Xd{7>`XpU#8-RUZ8NdFEBA<ffmYkbkoG
zk#qCVgZ-Nlem`B#U(nbaPlo+5Oy3Ol(V=U!;MIY?Xf{#QA46|EnMe-x_4#`d(&E~N
za3ZP21Id9vZzLAg5||!BAP|ZLHbi1Q!AKyKjKvdy;Lv9FDYA%`)I$EI+!TSna5NkU
z#^b@^fEG>0htU@g4rqbU(7?bj0s&KxeVr|X)co;5;{%nJ56|%r%VmC~h<_=~-(-Bh
zEbD`xmM=dB0?XF6UA{E1boG)zfTog&1^R>0P((vu$wybWUB03nfxz<BR|b}LaMF$?
zYY_-^UEVI3man>EaoeiE70Z^bTiO-qYFoT&X#n~MNn2Z&uUfIVJuu(jd_ney^#Uup
zE)S#~-*tIAxxFjc6VWn1SDEKKw1GhH=AiLuD61~x6OkET)MA0Le5%p%CAL6d!$2$=
zNF;;tWFV0J(cIjh`^xnZvvI$WYWXIh`5Un2FMp2nl}6^jJl?Z>lvDo%VCF{>;ZF<?
zB!fNhCz5gf+AmtsSW@$Ehz|LChQg6hLpTK1V_y;WhlZnx;Q{@cjO!!(D}ouFKpg(K
z76}p|Zw*G0@H1Qd?3<Z>77l+r#y*Pa*ZTR&=nuuyJ)J{eB07g?6Bh~g$79T#;6S(+
z{tdAt`=e{qCHEu}@b|_B256o5Lt4+!hCnbLjBd~pq8pC(#f+hzp18J2^djM?CfaPq
z93ATwO)lx50h9QDS|@f@asMf<({udxoUtF#St^x^34U>(Dy~h&y#O-KH8A}!q?+{m
zEI%-9lhb+?6TdjlwQ{`R7x%s5`W-3z{=<3>Pnql&_s8OTzQumoa=jA3X%oNo9dVz@
zZ&Hr=hxnM_7x&xZ>Xmc*Ps~5c`4{uPxGxvieksjgm4kmXw@cjS&$c|EsXRmc6Bd4P
z-V#@@#o^XH^#%*SxX%;Udy2>B-)i9(=OS_Sp27aln*JLpMqitGwf^v7m3O;^-#EAO
zYu6d{@3ruY=N01msO9$Gnm_mIr)48Q#QoTzQ@QEgmh1P~DL>6G?h7A2Oa4c={eoYd
z^ADeaU%)SU>;%8KA2`DKk4Tw*b6etY)S_S92kcFy*Y|k#zii<b&u8A?{M*mK|62>c
zxF6fhE6p2cnEzWGC-}wvO*j9pSnV13|1934ww~iTe<O0&KXH9O&u1V0jq^8Q{Q6la
z<>r5g^Z&*_K7Umn{(G8q>`xuz^H0mefAxoS>{!Y8{Ebp>|ApFh$}g0R@4rQP^q=a~
zv5V)AuYYMC{!4GtvDW8CQjU1!dKcrszw&j=AK2GZP0dmN3r)FahQYgZ{tK1y^_S)0
g-~T0@a@`sB-~S%~009600RRC1|2pX&g21H#04>p}c>n+a

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
new file mode 100644
index 000000000..f673240f6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
@@ -0,0 +1,9 @@
+from typing import Any
+from typing import Optional
+
+from . import Markup
+
+def escape(s: Any) -> Markup: ...
+def escape_silent(s: Optional[Any]) -> Markup: ...
+def soft_str(s: Any) -> str: ...
+def soft_unicode(s: Any) -> str: ...
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/py.typed b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..5e826bdf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/METADATA
new file mode 100644
index 000000000..25ed5ab69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/METADATA
@@ -0,0 +1,25 @@
+Metadata-Version: 2.0
+Name: ply
+Version: 3.11
+Summary: Python Lex & Yacc
+Home-page: http://www.dabeaz.com/ply/
+Author: David Beazley
+Author-email: dave@dabeaz.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 2
+
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/RECORD
new file mode 100644
index 000000000..b4f331424
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/RECORD
@@ -0,0 +1,19 @@
+ply-3.11.dist-info/DESCRIPTION.rst,sha256=nnBY1Nj_GhIsOFck7R2yGHobQVosxi2CPQkHgeSZ0Hg,519
+ply-3.11.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+ply-3.11.dist-info/METADATA,sha256=pYZ9p1TsWGQ8Kxp9yEJVyvs25PkR5h3gIDuTOCsvJGg,844
+ply-3.11.dist-info/RECORD,,
+ply-3.11.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+ply-3.11.dist-info/metadata.json,sha256=s7M7va9E25_7TRpzHfNCfN73Ieiy5iKogF0PzXtMxMI,515
+ply-3.11.dist-info/top_level.txt,sha256=gDYBHRQ7Vy0tY0AjXyJtadvU2LDaOsHqhhV70AGsisc,4
+ply/__init__.py,sha256=sx6iBIF__WKIeU0iw2WSoSqBhclHF5EhBTc0wDigTV8,103
+ply/__pycache__/__init__.cpython-311.pyc,,
+ply/__pycache__/cpp.cpython-311.pyc,,
+ply/__pycache__/ctokens.cpython-311.pyc,,
+ply/__pycache__/lex.cpython-311.pyc,,
+ply/__pycache__/yacc.cpython-311.pyc,,
+ply/__pycache__/ygen.cpython-311.pyc,,
+ply/cpp.py,sha256=KTg13R5SKeicwZm7bIPL44KcQBRcHsmeEGOwIBVvLko,33639
+ply/ctokens.py,sha256=GmyWYDY9nl6F1WJQ9rmcQFgh1FnADFlnp_TBjTcEsqU,3155
+ply/lex.py,sha256=babRISnIAfzHo7WqLYF2qGCSaH0btM8d3ztgHaK3SA0,42905
+ply/yacc.py,sha256=EF043rIHrXJYG6jcb15TI2SLwdCoNOQZXCN_1M3-I4k,137736
+ply/ygen.py,sha256=TRnkZgx5BBB43Qspu2J4gVtpeBut8xrTEZoLbNN0b6M,2246
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/metadata.json b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/metadata.json
new file mode 100644
index 000000000..9f472a327
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Programming Language :: Python :: 3", "Programming Language :: Python :: 2"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "dave@dabeaz.com", "name": "David Beazley", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "http://www.dabeaz.com/ply/"}}}, "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "ply", "summary": "Python Lex & Yacc", "version": "3.11"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/top_level.txt
new file mode 100644
index 000000000..90412f068
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply-3.11.dist-info/top_level.txt
@@ -0,0 +1 @@
+ply
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/ply/__init__.py
new file mode 100644
index 000000000..23707c635
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/__init__.py
@@ -0,0 +1,5 @@
+# PLY package
+# Author: David Beazley (dave@dabeaz.com)
+
+__version__ = '3.11'
+__all__ = ['lex','yacc']
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/cpp.py b/lib/go-jinja2/internal/data/linux-arm64/ply/cpp.py
new file mode 100644
index 000000000..2422916c9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/cpp.py
@@ -0,0 +1,914 @@
+# -----------------------------------------------------------------------------
+# cpp.py
+#
+# Author:  David Beazley (http://www.dabeaz.com)
+# Copyright (C) 2007
+# All rights reserved
+#
+# This module implements an ANSI-C style lexical preprocessor for PLY.
+# -----------------------------------------------------------------------------
+from __future__ import generators
+
+import sys
+
+# Some Python 3 compatibility shims
+if sys.version_info.major < 3:
+    STRING_TYPES = (str, unicode)
+else:
+    STRING_TYPES = str
+    xrange = range
+
+# -----------------------------------------------------------------------------
+# Default preprocessor lexer definitions.   These tokens are enough to get
+# a basic preprocessor working.   Other modules may import these if they want
+# -----------------------------------------------------------------------------
+
+tokens = (
+   'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'
+)
+
+literals = "+-*/%|&~^<>=!?()[]{}.,;:\\\'\""
+
+# Whitespace
+def t_CPP_WS(t):
+    r'\s+'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+t_CPP_POUND = r'\#'
+t_CPP_DPOUND = r'\#\#'
+
+# Identifier
+t_CPP_ID = r'[A-Za-z_][\w_]*'
+
+# Integer literal
+def CPP_INTEGER(t):
+    r'(((((0x)|(0X))[0-9a-fA-F]+)|(\d+))([uU][lL]|[lL][uU]|[uU]|[lL])?)'
+    return t
+
+t_CPP_INTEGER = CPP_INTEGER
+
+# Floating literal
+t_CPP_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+def t_CPP_STRING(t):
+    r'\"([^\\\n]|(\\(.|\n)))*?\"'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Character constant 'c' or L'c'
+def t_CPP_CHAR(t):
+    r'(L)?\'([^\\\n]|(\\(.|\n)))*?\''
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Comment
+def t_CPP_COMMENT1(t):
+    r'(/\*(.|\n)*?\*/)'
+    ncr = t.value.count("\n")
+    t.lexer.lineno += ncr
+    # replace with one space or a number of '\n'
+    t.type = 'CPP_WS'; t.value = '\n' * ncr if ncr else ' '
+    return t
+
+# Line comment
+def t_CPP_COMMENT2(t):
+    r'(//.*?(\n|$))'
+    # replace with '/n'
+    t.type = 'CPP_WS'; t.value = '\n'
+    return t
+
+def t_error(t):
+    t.type = t.value[0]
+    t.value = t.value[0]
+    t.lexer.skip(1)
+    return t
+
+import re
+import copy
+import time
+import os.path
+
+# -----------------------------------------------------------------------------
+# trigraph()
+#
+# Given an input string, this function replaces all trigraph sequences.
+# The following mapping is used:
+#
+#     ??=    #
+#     ??/    \
+#     ??'    ^
+#     ??(    [
+#     ??)    ]
+#     ??!    |
+#     ??<    {
+#     ??>    }
+#     ??-    ~
+# -----------------------------------------------------------------------------
+
+_trigraph_pat = re.compile(r'''\?\?[=/\'\(\)\!<>\-]''')
+_trigraph_rep = {
+    '=':'#',
+    '/':'\\',
+    "'":'^',
+    '(':'[',
+    ')':']',
+    '!':'|',
+    '<':'{',
+    '>':'}',
+    '-':'~'
+}
+
+def trigraph(input):
+    return _trigraph_pat.sub(lambda g: _trigraph_rep[g.group()[-1]],input)
+
+# ------------------------------------------------------------------
+# Macro object
+#
+# This object holds information about preprocessor macros
+#
+#    .name      - Macro name (string)
+#    .value     - Macro value (a list of tokens)
+#    .arglist   - List of argument names
+#    .variadic  - Boolean indicating whether or not variadic macro
+#    .vararg    - Name of the variadic parameter
+#
+# When a macro is created, the macro replacement token sequence is
+# pre-scanned and used to create patch lists that are later used
+# during macro expansion
+# ------------------------------------------------------------------
+
+class Macro(object):
+    def __init__(self,name,value,arglist=None,variadic=False):
+        self.name = name
+        self.value = value
+        self.arglist = arglist
+        self.variadic = variadic
+        if variadic:
+            self.vararg = arglist[-1]
+        self.source = None
+
+# ------------------------------------------------------------------
+# Preprocessor object
+#
+# Object representing a preprocessor.  Contains macro definitions,
+# include directories, and other information
+# ------------------------------------------------------------------
+
+class Preprocessor(object):
+    def __init__(self,lexer=None):
+        if lexer is None:
+            lexer = lex.lexer
+        self.lexer = lexer
+        self.macros = { }
+        self.path = []
+        self.temp_path = []
+
+        # Probe the lexer for selected tokens
+        self.lexprobe()
+
+        tm = time.localtime()
+        self.define("__DATE__ \"%s\"" % time.strftime("%b %d %Y",tm))
+        self.define("__TIME__ \"%s\"" % time.strftime("%H:%M:%S",tm))
+        self.parser = None
+
+    # -----------------------------------------------------------------------------
+    # tokenize()
+    #
+    # Utility function. Given a string of text, tokenize into a list of tokens
+    # -----------------------------------------------------------------------------
+
+    def tokenize(self,text):
+        tokens = []
+        self.lexer.input(text)
+        while True:
+            tok = self.lexer.token()
+            if not tok: break
+            tokens.append(tok)
+        return tokens
+
+    # ---------------------------------------------------------------------
+    # error()
+    #
+    # Report a preprocessor error/warning of some kind
+    # ----------------------------------------------------------------------
+
+    def error(self,file,line,msg):
+        print("%s:%d %s" % (file,line,msg))
+
+    # ----------------------------------------------------------------------
+    # lexprobe()
+    #
+    # This method probes the preprocessor lexer object to discover
+    # the token types of symbols that are important to the preprocessor.
+    # If this works right, the preprocessor will simply "work"
+    # with any suitable lexer regardless of how tokens have been named.
+    # ----------------------------------------------------------------------
+
+    def lexprobe(self):
+
+        # Determine the token type for identifiers
+        self.lexer.input("identifier")
+        tok = self.lexer.token()
+        if not tok or tok.value != "identifier":
+            print("Couldn't determine identifier type")
+        else:
+            self.t_ID = tok.type
+
+        # Determine the token type for integers
+        self.lexer.input("12345")
+        tok = self.lexer.token()
+        if not tok or int(tok.value) != 12345:
+            print("Couldn't determine integer type")
+        else:
+            self.t_INTEGER = tok.type
+            self.t_INTEGER_TYPE = type(tok.value)
+
+        # Determine the token type for strings enclosed in double quotes
+        self.lexer.input("\"filename\"")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\"filename\"":
+            print("Couldn't determine string type")
+        else:
+            self.t_STRING = tok.type
+
+        # Determine the token type for whitespace--if any
+        self.lexer.input("  ")
+        tok = self.lexer.token()
+        if not tok or tok.value != "  ":
+            self.t_SPACE = None
+        else:
+            self.t_SPACE = tok.type
+
+        # Determine the token type for newlines
+        self.lexer.input("\n")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\n":
+            self.t_NEWLINE = None
+            print("Couldn't determine token for newlines")
+        else:
+            self.t_NEWLINE = tok.type
+
+        self.t_WS = (self.t_SPACE, self.t_NEWLINE)
+
+        # Check for other characters used by the preprocessor
+        chars = [ '<','>','#','##','\\','(',')',',','.']
+        for c in chars:
+            self.lexer.input(c)
+            tok = self.lexer.token()
+            if not tok or tok.value != c:
+                print("Unable to lex '%s' required for preprocessor" % c)
+
+    # ----------------------------------------------------------------------
+    # add_path()
+    #
+    # Adds a search path to the preprocessor.
+    # ----------------------------------------------------------------------
+
+    def add_path(self,path):
+        self.path.append(path)
+
+    # ----------------------------------------------------------------------
+    # group_lines()
+    #
+    # Given an input string, this function splits it into lines.  Trailing whitespace
+    # is removed.   Any line ending with \ is grouped with the next line.  This
+    # function forms the lowest level of the preprocessor---grouping into text into
+    # a line-by-line format.
+    # ----------------------------------------------------------------------
+
+    def group_lines(self,input):
+        lex = self.lexer.clone()
+        lines = [x.rstrip() for x in input.splitlines()]
+        for i in xrange(len(lines)):
+            j = i+1
+            while lines[i].endswith('\\') and (j < len(lines)):
+                lines[i] = lines[i][:-1]+lines[j]
+                lines[j] = ""
+                j += 1
+
+        input = "\n".join(lines)
+        lex.input(input)
+        lex.lineno = 1
+
+        current_line = []
+        while True:
+            tok = lex.token()
+            if not tok:
+                break
+            current_line.append(tok)
+            if tok.type in self.t_WS and '\n' in tok.value:
+                yield current_line
+                current_line = []
+
+        if current_line:
+            yield current_line
+
+    # ----------------------------------------------------------------------
+    # tokenstrip()
+    #
+    # Remove leading/trailing whitespace tokens from a token list
+    # ----------------------------------------------------------------------
+
+    def tokenstrip(self,tokens):
+        i = 0
+        while i < len(tokens) and tokens[i].type in self.t_WS:
+            i += 1
+        del tokens[:i]
+        i = len(tokens)-1
+        while i >= 0 and tokens[i].type in self.t_WS:
+            i -= 1
+        del tokens[i+1:]
+        return tokens
+
+
+    # ----------------------------------------------------------------------
+    # collect_args()
+    #
+    # Collects comma separated arguments from a list of tokens.   The arguments
+    # must be enclosed in parenthesis.  Returns a tuple (tokencount,args,positions)
+    # where tokencount is the number of tokens consumed, args is a list of arguments,
+    # and positions is a list of integers containing the starting index of each
+    # argument.  Each argument is represented by a list of tokens.
+    #
+    # When collecting arguments, leading and trailing whitespace is removed
+    # from each argument.
+    #
+    # This function properly handles nested parenthesis and commas---these do not
+    # define new arguments.
+    # ----------------------------------------------------------------------
+
+    def collect_args(self,tokenlist):
+        args = []
+        positions = []
+        current_arg = []
+        nesting = 1
+        tokenlen = len(tokenlist)
+
+        # Search for the opening '('.
+        i = 0
+        while (i < tokenlen) and (tokenlist[i].type in self.t_WS):
+            i += 1
+
+        if (i < tokenlen) and (tokenlist[i].value == '('):
+            positions.append(i+1)
+        else:
+            self.error(self.source,tokenlist[0].lineno,"Missing '(' in macro arguments")
+            return 0, [], []
+
+        i += 1
+
+        while i < tokenlen:
+            t = tokenlist[i]
+            if t.value == '(':
+                current_arg.append(t)
+                nesting += 1
+            elif t.value == ')':
+                nesting -= 1
+                if nesting == 0:
+                    if current_arg:
+                        args.append(self.tokenstrip(current_arg))
+                        positions.append(i)
+                    return i+1,args,positions
+                current_arg.append(t)
+            elif t.value == ',' and nesting == 1:
+                args.append(self.tokenstrip(current_arg))
+                positions.append(i+1)
+                current_arg = []
+            else:
+                current_arg.append(t)
+            i += 1
+
+        # Missing end argument
+        self.error(self.source,tokenlist[-1].lineno,"Missing ')' in macro arguments")
+        return 0, [],[]
+
+    # ----------------------------------------------------------------------
+    # macro_prescan()
+    #
+    # Examine the macro value (token sequence) and identify patch points
+    # This is used to speed up macro expansion later on---we'll know
+    # right away where to apply patches to the value to form the expansion
+    # ----------------------------------------------------------------------
+
+    def macro_prescan(self,macro):
+        macro.patch     = []             # Standard macro arguments
+        macro.str_patch = []             # String conversion expansion
+        macro.var_comma_patch = []       # Variadic macro comma patch
+        i = 0
+        while i < len(macro.value):
+            if macro.value[i].type == self.t_ID and macro.value[i].value in macro.arglist:
+                argnum = macro.arglist.index(macro.value[i].value)
+                # Conversion of argument to a string
+                if i > 0 and macro.value[i-1].value == '#':
+                    macro.value[i] = copy.copy(macro.value[i])
+                    macro.value[i].type = self.t_STRING
+                    del macro.value[i-1]
+                    macro.str_patch.append((argnum,i-1))
+                    continue
+                # Concatenation
+                elif (i > 0 and macro.value[i-1].value == '##'):
+                    macro.patch.append(('c',argnum,i-1))
+                    del macro.value[i-1]
+                    i -= 1
+                    continue
+                elif ((i+1) < len(macro.value) and macro.value[i+1].value == '##'):
+                    macro.patch.append(('c',argnum,i))
+                    del macro.value[i + 1]
+                    continue
+                # Standard expansion
+                else:
+                    macro.patch.append(('e',argnum,i))
+            elif macro.value[i].value == '##':
+                if macro.variadic and (i > 0) and (macro.value[i-1].value == ',') and \
+                        ((i+1) < len(macro.value)) and (macro.value[i+1].type == self.t_ID) and \
+                        (macro.value[i+1].value == macro.vararg):
+                    macro.var_comma_patch.append(i-1)
+            i += 1
+        macro.patch.sort(key=lambda x: x[2],reverse=True)
+
+    # ----------------------------------------------------------------------
+    # macro_expand_args()
+    #
+    # Given a Macro and list of arguments (each a token list), this method
+    # returns an expanded version of a macro.  The return value is a token sequence
+    # representing the replacement macro tokens
+    # ----------------------------------------------------------------------
+
+    def macro_expand_args(self,macro,args):
+        # Make a copy of the macro token sequence
+        rep = [copy.copy(_x) for _x in macro.value]
+
+        # Make string expansion patches.  These do not alter the length of the replacement sequence
+
+        str_expansion = {}
+        for argnum, i in macro.str_patch:
+            if argnum not in str_expansion:
+                str_expansion[argnum] = ('"%s"' % "".join([x.value for x in args[argnum]])).replace("\\","\\\\")
+            rep[i] = copy.copy(rep[i])
+            rep[i].value = str_expansion[argnum]
+
+        # Make the variadic macro comma patch.  If the variadic macro argument is empty, we get rid
+        comma_patch = False
+        if macro.variadic and not args[-1]:
+            for i in macro.var_comma_patch:
+                rep[i] = None
+                comma_patch = True
+
+        # Make all other patches.   The order of these matters.  It is assumed that the patch list
+        # has been sorted in reverse order of patch location since replacements will cause the
+        # size of the replacement sequence to expand from the patch point.
+
+        expanded = { }
+        for ptype, argnum, i in macro.patch:
+            # Concatenation.   Argument is left unexpanded
+            if ptype == 'c':
+                rep[i:i+1] = args[argnum]
+            # Normal expansion.  Argument is macro expanded first
+            elif ptype == 'e':
+                if argnum not in expanded:
+                    expanded[argnum] = self.expand_macros(args[argnum])
+                rep[i:i+1] = expanded[argnum]
+
+        # Get rid of removed comma if necessary
+        if comma_patch:
+            rep = [_i for _i in rep if _i]
+
+        return rep
+
+
+    # ----------------------------------------------------------------------
+    # expand_macros()
+    #
+    # Given a list of tokens, this function performs macro expansion.
+    # The expanded argument is a dictionary that contains macros already
+    # expanded.  This is used to prevent infinite recursion.
+    # ----------------------------------------------------------------------
+
+    def expand_macros(self,tokens,expanded=None):
+        if expanded is None:
+            expanded = {}
+        i = 0
+        while i < len(tokens):
+            t = tokens[i]
+            if t.type == self.t_ID:
+                if t.value in self.macros and t.value not in expanded:
+                    # Yes, we found a macro match
+                    expanded[t.value] = True
+
+                    m = self.macros[t.value]
+                    if not m.arglist:
+                        # A simple macro
+                        ex = self.expand_macros([copy.copy(_x) for _x in m.value],expanded)
+                        for e in ex:
+                            e.lineno = t.lineno
+                        tokens[i:i+1] = ex
+                        i += len(ex)
+                    else:
+                        # A macro with arguments
+                        j = i + 1
+                        while j < len(tokens) and tokens[j].type in self.t_WS:
+                            j += 1
+                        if j < len(tokens) and tokens[j].value == '(':
+                            tokcount,args,positions = self.collect_args(tokens[j:])
+                            if not m.variadic and len(args) !=  len(m.arglist):
+                                self.error(self.source,t.lineno,"Macro %s requires %d arguments" % (t.value,len(m.arglist)))
+                                i = j + tokcount
+                            elif m.variadic and len(args) < len(m.arglist)-1:
+                                if len(m.arglist) > 2:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d arguments" % (t.value, len(m.arglist)-1))
+                                else:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d argument" % (t.value, len(m.arglist)-1))
+                                i = j + tokcount
+                            else:
+                                if m.variadic:
+                                    if len(args) == len(m.arglist)-1:
+                                        args.append([])
+                                    else:
+                                        args[len(m.arglist)-1] = tokens[j+positions[len(m.arglist)-1]:j+tokcount-1]
+                                        del args[len(m.arglist):]
+
+                                # Get macro replacement text
+                                rep = self.macro_expand_args(m,args)
+                                rep = self.expand_macros(rep,expanded)
+                                for r in rep:
+                                    r.lineno = t.lineno
+                                tokens[i:j+tokcount] = rep
+                                i += len(rep)
+                        else:
+                            # This is not a macro. It is just a word which
+                            # equals to name of the macro. Hence, go to the
+                            # next token.
+                            i += 1
+
+                    del expanded[t.value]
+                    continue
+                elif t.value == '__LINE__':
+                    t.type = self.t_INTEGER
+                    t.value = self.t_INTEGER_TYPE(t.lineno)
+
+            i += 1
+        return tokens
+
+    # ----------------------------------------------------------------------
+    # evalexpr()
+    #
+    # Evaluate an expression token sequence for the purposes of evaluating
+    # integral expressions.
+    # ----------------------------------------------------------------------
+
+    def evalexpr(self,tokens):
+        # tokens = tokenize(line)
+        # Search for defined macros
+        i = 0
+        while i < len(tokens):
+            if tokens[i].type == self.t_ID and tokens[i].value == 'defined':
+                j = i + 1
+                needparen = False
+                result = "0L"
+                while j < len(tokens):
+                    if tokens[j].type in self.t_WS:
+                        j += 1
+                        continue
+                    elif tokens[j].type == self.t_ID:
+                        if tokens[j].value in self.macros:
+                            result = "1L"
+                        else:
+                            result = "0L"
+                        if not needparen: break
+                    elif tokens[j].value == '(':
+                        needparen = True
+                    elif tokens[j].value == ')':
+                        break
+                    else:
+                        self.error(self.source,tokens[i].lineno,"Malformed defined()")
+                    j += 1
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE(result)
+                del tokens[i+1:j+1]
+            i += 1
+        tokens = self.expand_macros(tokens)
+        for i,t in enumerate(tokens):
+            if t.type == self.t_ID:
+                tokens[i] = copy.copy(t)
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE("0L")
+            elif t.type == self.t_INTEGER:
+                tokens[i] = copy.copy(t)
+                # Strip off any trailing suffixes
+                tokens[i].value = str(tokens[i].value)
+                while tokens[i].value[-1] not in "0123456789abcdefABCDEF":
+                    tokens[i].value = tokens[i].value[:-1]
+
+        expr = "".join([str(x.value) for x in tokens])
+        expr = expr.replace("&&"," and ")
+        expr = expr.replace("||"," or ")
+        expr = expr.replace("!"," not ")
+        try:
+            result = eval(expr)
+        except Exception:
+            self.error(self.source,tokens[0].lineno,"Couldn't evaluate expression")
+            result = 0
+        return result
+
+    # ----------------------------------------------------------------------
+    # parsegen()
+    #
+    # Parse an input string/
+    # ----------------------------------------------------------------------
+    def parsegen(self,input,source=None):
+
+        # Replace trigraph sequences
+        t = trigraph(input)
+        lines = self.group_lines(t)
+
+        if not source:
+            source = ""
+
+        self.define("__FILE__ \"%s\"" % source)
+
+        self.source = source
+        chunk = []
+        enable = True
+        iftrigger = False
+        ifstack = []
+
+        for x in lines:
+            for i,tok in enumerate(x):
+                if tok.type not in self.t_WS: break
+            if tok.value == '#':
+                # Preprocessor directive
+
+                # insert necessary whitespace instead of eaten tokens
+                for tok in x:
+                    if tok.type in self.t_WS and '\n' in tok.value:
+                        chunk.append(tok)
+
+                dirtokens = self.tokenstrip(x[i+1:])
+                if dirtokens:
+                    name = dirtokens[0].value
+                    args = self.tokenstrip(dirtokens[1:])
+                else:
+                    name = ""
+                    args = []
+
+                if name == 'define':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.define(args)
+                elif name == 'include':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        oldfile = self.macros['__FILE__']
+                        for tok in self.include(args):
+                            yield tok
+                        self.macros['__FILE__'] = oldfile
+                        self.source = source
+                elif name == 'undef':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.undef(args)
+                elif name == 'ifdef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if not args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'ifndef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'if':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        result = self.evalexpr(args)
+                        if not result:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'elif':
+                    if ifstack:
+                        if ifstack[-1][0]:     # We only pay attention if outer "if" allows this
+                            if enable:         # If already true, we flip enable False
+                                enable = False
+                            elif not iftrigger:   # If False, but not triggered yet, we'll check expression
+                                result = self.evalexpr(args)
+                                if result:
+                                    enable  = True
+                                    iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #elif")
+
+                elif name == 'else':
+                    if ifstack:
+                        if ifstack[-1][0]:
+                            if enable:
+                                enable = False
+                            elif not iftrigger:
+                                enable = True
+                                iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #else")
+
+                elif name == 'endif':
+                    if ifstack:
+                        enable,iftrigger = ifstack.pop()
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #endif")
+                else:
+                    # Unknown preprocessor directive
+                    pass
+
+            else:
+                # Normal text
+                if enable:
+                    chunk.extend(x)
+
+        for tok in self.expand_macros(chunk):
+            yield tok
+        chunk = []
+
+    # ----------------------------------------------------------------------
+    # include()
+    #
+    # Implementation of file-inclusion
+    # ----------------------------------------------------------------------
+
+    def include(self,tokens):
+        # Try to extract the filename and then process an include file
+        if not tokens:
+            return
+        if tokens:
+            if tokens[0].value != '<' and tokens[0].type != self.t_STRING:
+                tokens = self.expand_macros(tokens)
+
+            if tokens[0].value == '<':
+                # Include <...>
+                i = 1
+                while i < len(tokens):
+                    if tokens[i].value == '>':
+                        break
+                    i += 1
+                else:
+                    print("Malformed #include <...>")
+                    return
+                filename = "".join([x.value for x in tokens[1:i]])
+                path = self.path + [""] + self.temp_path
+            elif tokens[0].type == self.t_STRING:
+                filename = tokens[0].value[1:-1]
+                path = self.temp_path + [""] + self.path
+            else:
+                print("Malformed #include statement")
+                return
+        for p in path:
+            iname = os.path.join(p,filename)
+            try:
+                data = open(iname,"r").read()
+                dname = os.path.dirname(iname)
+                if dname:
+                    self.temp_path.insert(0,dname)
+                for tok in self.parsegen(data,filename):
+                    yield tok
+                if dname:
+                    del self.temp_path[0]
+                break
+            except IOError:
+                pass
+        else:
+            print("Couldn't find '%s'" % filename)
+
+    # ----------------------------------------------------------------------
+    # define()
+    #
+    # Define a new macro
+    # ----------------------------------------------------------------------
+
+    def define(self,tokens):
+        if isinstance(tokens,STRING_TYPES):
+            tokens = self.tokenize(tokens)
+
+        linetok = tokens
+        try:
+            name = linetok[0]
+            if len(linetok) > 1:
+                mtype = linetok[1]
+            else:
+                mtype = None
+            if not mtype:
+                m = Macro(name.value,[])
+                self.macros[name.value] = m
+            elif mtype.type in self.t_WS:
+                # A normal macro
+                m = Macro(name.value,self.tokenstrip(linetok[2:]))
+                self.macros[name.value] = m
+            elif mtype.value == '(':
+                # A macro with arguments
+                tokcount, args, positions = self.collect_args(linetok[1:])
+                variadic = False
+                for a in args:
+                    if variadic:
+                        print("No more arguments may follow a variadic argument")
+                        break
+                    astr = "".join([str(_i.value) for _i in a])
+                    if astr == "...":
+                        variadic = True
+                        a[0].type = self.t_ID
+                        a[0].value = '__VA_ARGS__'
+                        variadic = True
+                        del a[1:]
+                        continue
+                    elif astr[-3:] == "..." and a[0].type == self.t_ID:
+                        variadic = True
+                        del a[1:]
+                        # If, for some reason, "." is part of the identifier, strip off the name for the purposes
+                        # of macro expansion
+                        if a[0].value[-3:] == '...':
+                            a[0].value = a[0].value[:-3]
+                        continue
+                    if len(a) > 1 or a[0].type != self.t_ID:
+                        print("Invalid macro argument")
+                        break
+                else:
+                    mvalue = self.tokenstrip(linetok[1+tokcount:])
+                    i = 0
+                    while i < len(mvalue):
+                        if i+1 < len(mvalue):
+                            if mvalue[i].type in self.t_WS and mvalue[i+1].value == '##':
+                                del mvalue[i]
+                                continue
+                            elif mvalue[i].value == '##' and mvalue[i+1].type in self.t_WS:
+                                del mvalue[i+1]
+                        i += 1
+                    m = Macro(name.value,mvalue,[x[0].value for x in args],variadic)
+                    self.macro_prescan(m)
+                    self.macros[name.value] = m
+            else:
+                print("Bad macro definition")
+        except LookupError:
+            print("Bad macro definition")
+
+    # ----------------------------------------------------------------------
+    # undef()
+    #
+    # Undefine a macro
+    # ----------------------------------------------------------------------
+
+    def undef(self,tokens):
+        id = tokens[0].value
+        try:
+            del self.macros[id]
+        except LookupError:
+            pass
+
+    # ----------------------------------------------------------------------
+    # parse()
+    #
+    # Parse input text.
+    # ----------------------------------------------------------------------
+    def parse(self,input,source=None,ignore={}):
+        self.ignore = ignore
+        self.parser = self.parsegen(input,source)
+
+    # ----------------------------------------------------------------------
+    # token()
+    #
+    # Method to return individual tokens
+    # ----------------------------------------------------------------------
+    def token(self):
+        try:
+            while True:
+                tok = next(self.parser)
+                if tok.type not in self.ignore: return tok
+        except StopIteration:
+            self.parser = None
+            return None
+
+if __name__ == '__main__':
+    import ply.lex as lex
+    lexer = lex.lex()
+
+    # Run a preprocessor
+    import sys
+    f = open(sys.argv[1])
+    input = f.read()
+
+    p = Preprocessor(lexer)
+    p.parse(input,sys.argv[1])
+    while True:
+        tok = p.token()
+        if not tok: break
+        print(p.source, tok)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/ctokens.py b/lib/go-jinja2/internal/data/linux-arm64/ply/ctokens.py
new file mode 100644
index 000000000..b265e59ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/ctokens.py
@@ -0,0 +1,127 @@
+# ----------------------------------------------------------------------
+# ctokens.py
+#
+# Token specifications for symbols in ANSI C and C++.  This file is
+# meant to be used as a library in other tokenizers.
+# ----------------------------------------------------------------------
+
+# Reserved words
+
+tokens = [
+    # Literals (identifier, integer constant, float constant, string constant, char const)
+    'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',
+
+    # Operators (+,-,*,/,%,|,&,~,^,<<,>>, ||, &&, !, <, <=, >, >=, ==, !=)
+    'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',
+    'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',
+    'LOR', 'LAND', 'LNOT',
+    'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',
+
+    # Assignment (=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^=, |=)
+    'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',
+    'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',
+
+    # Increment/decrement (++,--)
+    'INCREMENT', 'DECREMENT',
+
+    # Structure dereference (->)
+    'ARROW',
+
+    # Ternary operator (?)
+    'TERNARY',
+
+    # Delimeters ( ) [ ] { } , . ; :
+    'LPAREN', 'RPAREN',
+    'LBRACKET', 'RBRACKET',
+    'LBRACE', 'RBRACE',
+    'COMMA', 'PERIOD', 'SEMI', 'COLON',
+
+    # Ellipsis (...)
+    'ELLIPSIS',
+]
+
+# Operators
+t_PLUS             = r'\+'
+t_MINUS            = r'-'
+t_TIMES            = r'\*'
+t_DIVIDE           = r'/'
+t_MODULO           = r'%'
+t_OR               = r'\|'
+t_AND              = r'&'
+t_NOT              = r'~'
+t_XOR              = r'\^'
+t_LSHIFT           = r'<<'
+t_RSHIFT           = r'>>'
+t_LOR              = r'\|\|'
+t_LAND             = r'&&'
+t_LNOT             = r'!'
+t_LT               = r'<'
+t_GT               = r'>'
+t_LE               = r'<='
+t_GE               = r'>='
+t_EQ               = r'=='
+t_NE               = r'!='
+
+# Assignment operators
+
+t_EQUALS           = r'='
+t_TIMESEQUAL       = r'\*='
+t_DIVEQUAL         = r'/='
+t_MODEQUAL         = r'%='
+t_PLUSEQUAL        = r'\+='
+t_MINUSEQUAL       = r'-='
+t_LSHIFTEQUAL      = r'<<='
+t_RSHIFTEQUAL      = r'>>='
+t_ANDEQUAL         = r'&='
+t_OREQUAL          = r'\|='
+t_XOREQUAL         = r'\^='
+
+# Increment/decrement
+t_INCREMENT        = r'\+\+'
+t_DECREMENT        = r'--'
+
+# ->
+t_ARROW            = r'->'
+
+# ?
+t_TERNARY          = r'\?'
+
+# Delimeters
+t_LPAREN           = r'\('
+t_RPAREN           = r'\)'
+t_LBRACKET         = r'\['
+t_RBRACKET         = r'\]'
+t_LBRACE           = r'\{'
+t_RBRACE           = r'\}'
+t_COMMA            = r','
+t_PERIOD           = r'\.'
+t_SEMI             = r';'
+t_COLON            = r':'
+t_ELLIPSIS         = r'\.\.\.'
+
+# Identifiers
+t_ID = r'[A-Za-z_][A-Za-z0-9_]*'
+
+# Integer literal
+t_INTEGER = r'\d+([uU]|[lL]|[uU][lL]|[lL][uU])?'
+
+# Floating literal
+t_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+t_STRING = r'\"([^\\\n]|(\\.))*?\"'
+
+# Character constant 'c' or L'c'
+t_CHARACTER = r'(L)?\'([^\\\n]|(\\.))*?\''
+
+# Comment (C-Style)
+def t_COMMENT(t):
+    r'/\*(.|\n)*?\*/'
+    t.lexer.lineno += t.value.count('\n')
+    return t
+
+# Comment (C++-Style)
+def t_CPPCOMMENT(t):
+    r'//.*\n'
+    t.lexer.lineno += 1
+    return t
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/lex.py b/lib/go-jinja2/internal/data/linux-arm64/ply/lex.py
new file mode 100644
index 000000000..f95bcdbf1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/lex.py
@@ -0,0 +1,1098 @@
+# -----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+import re
+import sys
+import types
+import copy
+import os
+import inspect
+
+# This tuple contains known string types
+try:
+    # Python 2.6
+    StringTypes = (types.StringType, types.UnicodeType)
+except AttributeError:
+    # Python 3.0
+    StringTypes = (str, bytes)
+
+# This regular expression is used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+    def __init__(self, message, s):
+        self.args = (message,)
+        self.text = s
+
+
+# Token class.  This class is used to represent the tokens produced.
+class LexToken(object):
+    def __str__(self):
+        return 'LexToken(%s,%r,%d,%d)' % (self.type, self.value, self.lineno, self.lexpos)
+
+    def __repr__(self):
+        return str(self)
+
+
+# This object is a stand-in for a logging object created by the
+# logging module.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def critical(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    info = critical
+    debug = critical
+
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+
+# -----------------------------------------------------------------------------
+#                        === Lexing Engine ===
+#
+# The following Lexer class implements the lexer runtime.   There are only
+# a few public methods and attributes:
+#
+#    input()          -  Store a new string in the lexer
+#    token()          -  Get the next token
+#    clone()          -  Clone the lexer
+#
+#    lineno           -  Current line number
+#    lexpos           -  Current position in the input string
+# -----------------------------------------------------------------------------
+
+class Lexer:
+    def __init__(self):
+        self.lexre = None             # Master regular expression. This is a list of
+                                      # tuples (re, findex) where re is a compiled
+                                      # regular expression and findex is a list
+                                      # mapping regex group numbers to rules
+        self.lexretext = None         # Current regular expression strings
+        self.lexstatere = {}          # Dictionary mapping lexer states to master regexs
+        self.lexstateretext = {}      # Dictionary mapping lexer states to regex strings
+        self.lexstaterenames = {}     # Dictionary mapping lexer states to symbol names
+        self.lexstate = 'INITIAL'     # Current lexer state
+        self.lexstatestack = []       # Stack of lexer states
+        self.lexstateinfo = None      # State information
+        self.lexstateignore = {}      # Dictionary of ignored characters for each state
+        self.lexstateerrorf = {}      # Dictionary of error functions for each state
+        self.lexstateeoff = {}        # Dictionary of eof functions for each state
+        self.lexreflags = 0           # Optional re compile flags
+        self.lexdata = None           # Actual input data (as a string)
+        self.lexpos = 0               # Current position in input text
+        self.lexlen = 0               # Length of the input text
+        self.lexerrorf = None         # Error rule (if any)
+        self.lexeoff = None           # EOF rule (if any)
+        self.lextokens = None         # List of valid tokens
+        self.lexignore = ''           # Ignored characters
+        self.lexliterals = ''         # Literal characters that can be passed through
+        self.lexmodule = None         # Module
+        self.lineno = 1               # Current line number
+        self.lexoptimize = False      # Optimized mode
+
+    def clone(self, object=None):
+        c = copy.copy(self)
+
+        # If the object parameter has been supplied, it means we are attaching the
+        # lexer to a new object.  In this case, we have to rebind all methods in
+        # the lexstatere and lexstateerrorf tables.
+
+        if object:
+            newtab = {}
+            for key, ritem in self.lexstatere.items():
+                newre = []
+                for cre, findex in ritem:
+                    newfindex = []
+                    for f in findex:
+                        if not f or not f[0]:
+                            newfindex.append(f)
+                            continue
+                        newfindex.append((getattr(object, f[0].__name__), f[1]))
+                newre.append((cre, newfindex))
+                newtab[key] = newre
+            c.lexstatere = newtab
+            c.lexstateerrorf = {}
+            for key, ef in self.lexstateerrorf.items():
+                c.lexstateerrorf[key] = getattr(object, ef.__name__)
+            c.lexmodule = object
+        return c
+
+    # ------------------------------------------------------------
+    # writetab() - Write lexer information to a table file
+    # ------------------------------------------------------------
+    def writetab(self, lextab, outputdir=''):
+        if isinstance(lextab, types.ModuleType):
+            raise IOError("Won't overwrite existing lextab module")
+        basetabmodule = lextab.split('.')[-1]
+        filename = os.path.join(outputdir, basetabmodule) + '.py'
+        with open(filename, 'w') as tf:
+            tf.write('# %s.py. This file automatically created by PLY (version %s). Don\'t edit!\n' % (basetabmodule, __version__))
+            tf.write('_tabversion   = %s\n' % repr(__tabversion__))
+            tf.write('_lextokens    = set(%s)\n' % repr(tuple(sorted(self.lextokens))))
+            tf.write('_lexreflags   = %s\n' % repr(int(self.lexreflags)))
+            tf.write('_lexliterals  = %s\n' % repr(self.lexliterals))
+            tf.write('_lexstateinfo = %s\n' % repr(self.lexstateinfo))
+
+            # Rewrite the lexstatere table, replacing function objects with function names
+            tabre = {}
+            for statename, lre in self.lexstatere.items():
+                titem = []
+                for (pat, func), retext, renames in zip(lre, self.lexstateretext[statename], self.lexstaterenames[statename]):
+                    titem.append((retext, _funcs_to_names(func, renames)))
+                tabre[statename] = titem
+
+            tf.write('_lexstatere   = %s\n' % repr(tabre))
+            tf.write('_lexstateignore = %s\n' % repr(self.lexstateignore))
+
+            taberr = {}
+            for statename, ef in self.lexstateerrorf.items():
+                taberr[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateerrorf = %s\n' % repr(taberr))
+
+            tabeof = {}
+            for statename, ef in self.lexstateeoff.items():
+                tabeof[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateeoff = %s\n' % repr(tabeof))
+
+    # ------------------------------------------------------------
+    # readtab() - Read lexer information from a tab file
+    # ------------------------------------------------------------
+    def readtab(self, tabfile, fdict):
+        if isinstance(tabfile, types.ModuleType):
+            lextab = tabfile
+        else:
+            exec('import %s' % tabfile)
+            lextab = sys.modules[tabfile]
+
+        if getattr(lextab, '_tabversion', '0.0') != __tabversion__:
+            raise ImportError('Inconsistent PLY version')
+
+        self.lextokens      = lextab._lextokens
+        self.lexreflags     = lextab._lexreflags
+        self.lexliterals    = lextab._lexliterals
+        self.lextokens_all  = self.lextokens | set(self.lexliterals)
+        self.lexstateinfo   = lextab._lexstateinfo
+        self.lexstateignore = lextab._lexstateignore
+        self.lexstatere     = {}
+        self.lexstateretext = {}
+        for statename, lre in lextab._lexstatere.items():
+            titem = []
+            txtitem = []
+            for pat, func_name in lre:
+                titem.append((re.compile(pat, lextab._lexreflags), _names_to_funcs(func_name, fdict)))
+
+            self.lexstatere[statename] = titem
+            self.lexstateretext[statename] = txtitem
+
+        self.lexstateerrorf = {}
+        for statename, ef in lextab._lexstateerrorf.items():
+            self.lexstateerrorf[statename] = fdict[ef]
+
+        self.lexstateeoff = {}
+        for statename, ef in lextab._lexstateeoff.items():
+            self.lexstateeoff[statename] = fdict[ef]
+
+        self.begin('INITIAL')
+
+    # ------------------------------------------------------------
+    # input() - Push a new string into the lexer
+    # ------------------------------------------------------------
+    def input(self, s):
+        # Pull off the first character to see if s looks like a string
+        c = s[:1]
+        if not isinstance(c, StringTypes):
+            raise ValueError('Expected a string')
+        self.lexdata = s
+        self.lexpos = 0
+        self.lexlen = len(s)
+
+    # ------------------------------------------------------------
+    # begin() - Changes the lexing state
+    # ------------------------------------------------------------
+    def begin(self, state):
+        if state not in self.lexstatere:
+            raise ValueError('Undefined state')
+        self.lexre = self.lexstatere[state]
+        self.lexretext = self.lexstateretext[state]
+        self.lexignore = self.lexstateignore.get(state, '')
+        self.lexerrorf = self.lexstateerrorf.get(state, None)
+        self.lexeoff = self.lexstateeoff.get(state, None)
+        self.lexstate = state
+
+    # ------------------------------------------------------------
+    # push_state() - Changes the lexing state and saves old on stack
+    # ------------------------------------------------------------
+    def push_state(self, state):
+        self.lexstatestack.append(self.lexstate)
+        self.begin(state)
+
+    # ------------------------------------------------------------
+    # pop_state() - Restores the previous state
+    # ------------------------------------------------------------
+    def pop_state(self):
+        self.begin(self.lexstatestack.pop())
+
+    # ------------------------------------------------------------
+    # current_state() - Returns the current lexing state
+    # ------------------------------------------------------------
+    def current_state(self):
+        return self.lexstate
+
+    # ------------------------------------------------------------
+    # skip() - Skip ahead n characters
+    # ------------------------------------------------------------
+    def skip(self, n):
+        self.lexpos += n
+
+    # ------------------------------------------------------------
+    # opttoken() - Return the next token from the Lexer
+    #
+    # Note: This function has been carefully implemented to be as fast
+    # as possible.  Don't make changes unless you really know what
+    # you are doing
+    # ------------------------------------------------------------
+    def token(self):
+        # Make local copies of frequently referenced attributes
+        lexpos    = self.lexpos
+        lexlen    = self.lexlen
+        lexignore = self.lexignore
+        lexdata   = self.lexdata
+
+        while lexpos < lexlen:
+            # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+            if lexdata[lexpos] in lexignore:
+                lexpos += 1
+                continue
+
+            # Look for a regular expression match
+            for lexre, lexindexfunc in self.lexre:
+                m = lexre.match(lexdata, lexpos)
+                if not m:
+                    continue
+
+                # Create a token for return
+                tok = LexToken()
+                tok.value = m.group()
+                tok.lineno = self.lineno
+                tok.lexpos = lexpos
+
+                i = m.lastindex
+                func, tok.type = lexindexfunc[i]
+
+                if not func:
+                    # If no token type was set, it's an ignored token
+                    if tok.type:
+                        self.lexpos = m.end()
+                        return tok
+                    else:
+                        lexpos = m.end()
+                        break
+
+                lexpos = m.end()
+
+                # If token is processed by a function, call it
+
+                tok.lexer = self      # Set additional attributes useful in token rules
+                self.lexmatch = m
+                self.lexpos = lexpos
+
+                newtok = func(tok)
+
+                # Every function must return a token, if nothing, we just move to next token
+                if not newtok:
+                    lexpos    = self.lexpos         # This is here in case user has updated lexpos.
+                    lexignore = self.lexignore      # This is here in case there was a state change
+                    break
+
+                # Verify type of the token.  If not in the token map, raise an error
+                if not self.lexoptimize:
+                    if newtok.type not in self.lextokens_all:
+                        raise LexError("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+                            func.__code__.co_filename, func.__code__.co_firstlineno,
+                            func.__name__, newtok.type), lexdata[lexpos:])
+
+                return newtok
+            else:
+                # No match, see if in literals
+                if lexdata[lexpos] in self.lexliterals:
+                    tok = LexToken()
+                    tok.value = lexdata[lexpos]
+                    tok.lineno = self.lineno
+                    tok.type = tok.value
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos + 1
+                    return tok
+
+                # No match. Call t_error() if defined.
+                if self.lexerrorf:
+                    tok = LexToken()
+                    tok.value = self.lexdata[lexpos:]
+                    tok.lineno = self.lineno
+                    tok.type = 'error'
+                    tok.lexer = self
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos
+                    newtok = self.lexerrorf(tok)
+                    if lexpos == self.lexpos:
+                        # Error method didn't change text position at all. This is an error.
+                        raise LexError("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+                    lexpos = self.lexpos
+                    if not newtok:
+                        continue
+                    return newtok
+
+                self.lexpos = lexpos
+                raise LexError("Illegal character '%s' at index %d" % (lexdata[lexpos], lexpos), lexdata[lexpos:])
+
+        if self.lexeoff:
+            tok = LexToken()
+            tok.type = 'eof'
+            tok.value = ''
+            tok.lineno = self.lineno
+            tok.lexpos = lexpos
+            tok.lexer = self
+            self.lexpos = lexpos
+            newtok = self.lexeoff(tok)
+            return newtok
+
+        self.lexpos = lexpos + 1
+        if self.lexdata is None:
+            raise RuntimeError('No input string given with input()')
+        return None
+
+    # Iterator interface
+    def __iter__(self):
+        return self
+
+    def next(self):
+        t = self.token()
+        if t is None:
+            raise StopIteration
+        return t
+
+    __next__ = next
+
+# -----------------------------------------------------------------------------
+#                           ==== Lex Builder ===
+#
+# The functions and classes below are used to collect lexing information
+# and build a Lexer object from it.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _get_regex(func)
+#
+# Returns the regular expression assigned to a function either as a doc string
+# or as a .regex attribute attached by the @TOKEN decorator.
+# -----------------------------------------------------------------------------
+def _get_regex(func):
+    return getattr(func, 'regex', func.__doc__)
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+def _funcs_to_names(funclist, namelist):
+    result = []
+    for f, name in zip(funclist, namelist):
+        if f and f[0]:
+            result.append((name, f[1]))
+        else:
+            result.append(f)
+    return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+def _names_to_funcs(namelist, fdict):
+    result = []
+    for n in namelist:
+        if n and n[0]:
+            result.append((fdict[n[0]], n[1]))
+        else:
+            result.append(n)
+    return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression.  Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+def _form_master_re(relist, reflags, ldict, toknames):
+    if not relist:
+        return []
+    regex = '|'.join(relist)
+    try:
+        lexre = re.compile(regex, reflags)
+
+        # Build the index to function map for the matching engine
+        lexindexfunc = [None] * (max(lexre.groupindex.values()) + 1)
+        lexindexnames = lexindexfunc[:]
+
+        for f, i in lexre.groupindex.items():
+            handle = ldict.get(f, None)
+            if type(handle) in (types.FunctionType, types.MethodType):
+                lexindexfunc[i] = (handle, toknames[f])
+                lexindexnames[i] = f
+            elif handle is not None:
+                lexindexnames[i] = f
+                if f.find('ignore_') > 0:
+                    lexindexfunc[i] = (None, None)
+                else:
+                    lexindexfunc[i] = (None, toknames[f])
+
+        return [(lexre, lexindexfunc)], [regex], [lexindexnames]
+    except Exception:
+        m = int(len(relist)/2)
+        if m == 0:
+            m = 1
+        llist, lre, lnames = _form_master_re(relist[:m], reflags, ldict, toknames)
+        rlist, rre, rnames = _form_master_re(relist[m:], reflags, ldict, toknames)
+        return (llist+rlist), (lre+rre), (lnames+rnames)
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token.  For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+def _statetoken(s, names):
+    parts = s.split('_')
+    for i, part in enumerate(parts[1:], 1):
+        if part not in names and part != 'ANY':
+            break
+
+    if i > 1:
+        states = tuple(parts[1:i])
+    else:
+        states = ('INITIAL',)
+
+    if 'ANY' in states:
+        states = tuple(names)
+
+    tokenname = '_'.join(parts[i:])
+    return (states, tokenname)
+
+
+# -----------------------------------------------------------------------------
+# LexerReflect()
+#
+# This class represents information needed to build a lexer as extracted from a
+# user's input file.
+# -----------------------------------------------------------------------------
+class LexerReflect(object):
+    def __init__(self, ldict, log=None, reflags=0):
+        self.ldict      = ldict
+        self.error_func = None
+        self.tokens     = []
+        self.reflags    = reflags
+        self.stateinfo  = {'INITIAL': 'inclusive'}
+        self.modules    = set()
+        self.error      = False
+        self.log        = PlyLogger(sys.stderr) if log is None else log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_tokens()
+        self.get_literals()
+        self.get_states()
+        self.get_rules()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_tokens()
+        self.validate_literals()
+        self.validate_rules()
+        return self.error
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.ldict.get('tokens', None)
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = tokens
+
+    # Validate the tokens
+    def validate_tokens(self):
+        terminals = {}
+        for n in self.tokens:
+            if not _is_identifier.match(n):
+                self.log.error("Bad token name '%s'", n)
+                self.error = True
+            if n in terminals:
+                self.log.warning("Token '%s' multiply defined", n)
+            terminals[n] = 1
+
+    # Get the literals specifier
+    def get_literals(self):
+        self.literals = self.ldict.get('literals', '')
+        if not self.literals:
+            self.literals = ''
+
+    # Validate literals
+    def validate_literals(self):
+        try:
+            for c in self.literals:
+                if not isinstance(c, StringTypes) or len(c) > 1:
+                    self.log.error('Invalid literal %s. Must be a single character', repr(c))
+                    self.error = True
+
+        except TypeError:
+            self.log.error('Invalid literals specification. literals must be a sequence of characters')
+            self.error = True
+
+    def get_states(self):
+        self.states = self.ldict.get('states', None)
+        # Build statemap
+        if self.states:
+            if not isinstance(self.states, (tuple, list)):
+                self.log.error('states must be defined as a tuple or list')
+                self.error = True
+            else:
+                for s in self.states:
+                    if not isinstance(s, tuple) or len(s) != 2:
+                        self.log.error("Invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')", repr(s))
+                        self.error = True
+                        continue
+                    name, statetype = s
+                    if not isinstance(name, StringTypes):
+                        self.log.error('State name %s must be a string', repr(name))
+                        self.error = True
+                        continue
+                    if not (statetype == 'inclusive' or statetype == 'exclusive'):
+                        self.log.error("State type for state %s must be 'inclusive' or 'exclusive'", name)
+                        self.error = True
+                        continue
+                    if name in self.stateinfo:
+                        self.log.error("State '%s' already defined", name)
+                        self.error = True
+                        continue
+                    self.stateinfo[name] = statetype
+
+    # Get all of the symbols with a t_ prefix and sort them into various
+    # categories (functions, strings, error functions, and ignore characters)
+
+    def get_rules(self):
+        tsymbols = [f for f in self.ldict if f[:2] == 't_']
+
+        # Now build up a list of functions and a list of strings
+        self.toknames = {}        # Mapping of symbols to token names
+        self.funcsym  = {}        # Symbols defined as functions
+        self.strsym   = {}        # Symbols defined as strings
+        self.ignore   = {}        # Ignore strings by state
+        self.errorf   = {}        # Error functions by state
+        self.eoff     = {}        # EOF functions by state
+
+        for s in self.stateinfo:
+            self.funcsym[s] = []
+            self.strsym[s] = []
+
+        if len(tsymbols) == 0:
+            self.log.error('No rules of the form t_rulename are defined')
+            self.error = True
+            return
+
+        for f in tsymbols:
+            t = self.ldict[f]
+            states, tokname = _statetoken(f, self.stateinfo)
+            self.toknames[f] = tokname
+
+            if hasattr(t, '__call__'):
+                if tokname == 'error':
+                    for s in states:
+                        self.errorf[s] = t
+                elif tokname == 'eof':
+                    for s in states:
+                        self.eoff[s] = t
+                elif tokname == 'ignore':
+                    line = t.__code__.co_firstlineno
+                    file = t.__code__.co_filename
+                    self.log.error("%s:%d: Rule '%s' must be defined as a string", file, line, t.__name__)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.funcsym[s].append((f, t))
+            elif isinstance(t, StringTypes):
+                if tokname == 'ignore':
+                    for s in states:
+                        self.ignore[s] = t
+                    if '\\' in t:
+                        self.log.warning("%s contains a literal backslash '\\'", f)
+
+                elif tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", f)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.strsym[s].append((f, t))
+            else:
+                self.log.error('%s not defined as a function or string', f)
+                self.error = True
+
+        # Sort the functions by line number
+        for f in self.funcsym.values():
+            f.sort(key=lambda x: x[1].__code__.co_firstlineno)
+
+        # Sort the strings by regular expression length
+        for s in self.strsym.values():
+            s.sort(key=lambda x: len(x[1]), reverse=True)
+
+    # Validate all of the t_rules collected
+    def validate_rules(self):
+        for state in self.stateinfo:
+            # Validate all rules defined by functions
+
+            for fname, f in self.funcsym[state]:
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                tokname = self.toknames[fname]
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if not _get_regex(f):
+                    self.log.error("%s:%d: No regular expression defined for rule '%s'", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (fname, _get_regex(f)), self.reflags)
+                    if c.match(''):
+                        self.log.error("%s:%d: Regular expression for rule '%s' matches empty string", file, line, f.__name__)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("%s:%d: Invalid regular expression for rule '%s'. %s", file, line, f.__name__, e)
+                    if '#' in _get_regex(f):
+                        self.log.error("%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'", file, line, f.__name__)
+                    self.error = True
+
+            # Validate all rules defined by strings
+            for name, r in self.strsym[state]:
+                tokname = self.toknames[name]
+                if tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", name)
+                    self.error = True
+                    continue
+
+                if tokname not in self.tokens and tokname.find('ignore_') < 0:
+                    self.log.error("Rule '%s' defined for an unspecified token %s", name, tokname)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (name, r), self.reflags)
+                    if (c.match('')):
+                        self.log.error("Regular expression for rule '%s' matches empty string", name)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("Invalid regular expression for rule '%s'. %s", name, e)
+                    if '#' in r:
+                        self.log.error("Make sure '#' in rule '%s' is escaped with '\\#'", name)
+                    self.error = True
+
+            if not self.funcsym[state] and not self.strsym[state]:
+                self.log.error("No rules defined for state '%s'", state)
+                self.error = True
+
+            # Validate the error function
+            efunc = self.errorf.get(state, None)
+            if efunc:
+                f = efunc
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+
+        for module in self.modules:
+            self.validate_module(module)
+
+    # -----------------------------------------------------------------------------
+    # validate_module()
+    #
+    # This checks to see if there are duplicated t_rulename() functions or strings
+    # in the parser input file.  This is done using a simple regular expression
+    # match on each line in the source code of the given module.
+    # -----------------------------------------------------------------------------
+
+    def validate_module(self, module):
+        try:
+            lines, linen = inspect.getsourcelines(module)
+        except IOError:
+            return
+
+        fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+        sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+
+        counthash = {}
+        linen += 1
+        for line in lines:
+            m = fre.match(line)
+            if not m:
+                m = sre.match(line)
+            if m:
+                name = m.group(1)
+                prev = counthash.get(name)
+                if not prev:
+                    counthash[name] = linen
+                else:
+                    filename = inspect.getsourcefile(module)
+                    self.log.error('%s:%d: Rule %s redefined. Previously defined on line %d', filename, linen, name, prev)
+                    self.error = True
+            linen += 1
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None, object=None, debug=False, optimize=False, lextab='lextab',
+        reflags=int(re.VERBOSE), nowarn=False, outputdir=None, debuglog=None, errorlog=None):
+
+    if lextab is None:
+        lextab = 'lextab'
+
+    global lexer
+
+    ldict = None
+    stateinfo  = {'INITIAL': 'inclusive'}
+    lexobj = Lexer()
+    lexobj.lexoptimize = optimize
+    global token, input
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    if debug:
+        if debuglog is None:
+            debuglog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the lexer
+    if object:
+        module = object
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        ldict = dict(_items)
+        # If no __file__ attribute is available, try to obtain it from the __module__ instead
+        if '__file__' not in ldict:
+            ldict['__file__'] = sys.modules[ldict['__module__']].__file__
+    else:
+        ldict = get_caller_module_dict(2)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = ldict.get('__package__')
+    if pkg and isinstance(lextab, str):
+        if '.' not in lextab:
+            lextab = pkg + '.' + lextab
+
+    # Collect parser information from the dictionary
+    linfo = LexerReflect(ldict, log=errorlog, reflags=reflags)
+    linfo.get_all()
+    if not optimize:
+        if linfo.validate_all():
+            raise SyntaxError("Can't build lexer")
+
+    if optimize and lextab:
+        try:
+            lexobj.readtab(lextab, ldict)
+            token = lexobj.token
+            input = lexobj.input
+            lexer = lexobj
+            return lexobj
+
+        except ImportError:
+            pass
+
+    # Dump some basic debugging information
+    if debug:
+        debuglog.info('lex: tokens   = %r', linfo.tokens)
+        debuglog.info('lex: literals = %r', linfo.literals)
+        debuglog.info('lex: states   = %r', linfo.stateinfo)
+
+    # Build a dictionary of valid token names
+    lexobj.lextokens = set()
+    for n in linfo.tokens:
+        lexobj.lextokens.add(n)
+
+    # Get literals specification
+    if isinstance(linfo.literals, (list, tuple)):
+        lexobj.lexliterals = type(linfo.literals[0])().join(linfo.literals)
+    else:
+        lexobj.lexliterals = linfo.literals
+
+    lexobj.lextokens_all = lexobj.lextokens | set(lexobj.lexliterals)
+
+    # Get the stateinfo dictionary
+    stateinfo = linfo.stateinfo
+
+    regexs = {}
+    # Build the master regular expressions
+    for state in stateinfo:
+        regex_list = []
+
+        # Add rules defined by functions first
+        for fname, f in linfo.funcsym[state]:
+            regex_list.append('(?P<%s>%s)' % (fname, _get_regex(f)))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", fname, _get_regex(f), state)
+
+        # Now add all of the simple rules
+        for name, r in linfo.strsym[state]:
+            regex_list.append('(?P<%s>%s)' % (name, r))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", name, r, state)
+
+        regexs[state] = regex_list
+
+    # Build the master regular expressions
+
+    if debug:
+        debuglog.info('lex: ==== MASTER REGEXS FOLLOW ====')
+
+    for state in regexs:
+        lexre, re_text, re_names = _form_master_re(regexs[state], reflags, ldict, linfo.toknames)
+        lexobj.lexstatere[state] = lexre
+        lexobj.lexstateretext[state] = re_text
+        lexobj.lexstaterenames[state] = re_names
+        if debug:
+            for i, text in enumerate(re_text):
+                debuglog.info("lex: state '%s' : regex[%d] = '%s'", state, i, text)
+
+    # For inclusive states, we need to add the regular expressions from the INITIAL state
+    for state, stype in stateinfo.items():
+        if state != 'INITIAL' and stype == 'inclusive':
+            lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+            lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+            lexobj.lexstaterenames[state].extend(lexobj.lexstaterenames['INITIAL'])
+
+    lexobj.lexstateinfo = stateinfo
+    lexobj.lexre = lexobj.lexstatere['INITIAL']
+    lexobj.lexretext = lexobj.lexstateretext['INITIAL']
+    lexobj.lexreflags = reflags
+
+    # Set up ignore variables
+    lexobj.lexstateignore = linfo.ignore
+    lexobj.lexignore = lexobj.lexstateignore.get('INITIAL', '')
+
+    # Set up error functions
+    lexobj.lexstateerrorf = linfo.errorf
+    lexobj.lexerrorf = linfo.errorf.get('INITIAL', None)
+    if not lexobj.lexerrorf:
+        errorlog.warning('No t_error rule is defined')
+
+    # Set up eof functions
+    lexobj.lexstateeoff = linfo.eoff
+    lexobj.lexeoff = linfo.eoff.get('INITIAL', None)
+
+    # Check state information for ignore and error rules
+    for s, stype in stateinfo.items():
+        if stype == 'exclusive':
+            if s not in linfo.errorf:
+                errorlog.warning("No error rule is defined for exclusive state '%s'", s)
+            if s not in linfo.ignore and lexobj.lexignore:
+                errorlog.warning("No ignore rule is defined for exclusive state '%s'", s)
+        elif stype == 'inclusive':
+            if s not in linfo.errorf:
+                linfo.errorf[s] = linfo.errorf.get('INITIAL', None)
+            if s not in linfo.ignore:
+                linfo.ignore[s] = linfo.ignore.get('INITIAL', '')
+
+    # Create global versions of the token() and input() functions
+    token = lexobj.token
+    input = lexobj.input
+    lexer = lexobj
+
+    # If in optimize mode, we write the lextab
+    if lextab and optimize:
+        if outputdir is None:
+            # If no output directory is set, the location of the output files
+            # is determined according to the following rules:
+            #     - If lextab specifies a package, files go into that package directory
+            #     - Otherwise, files go in the same directory as the specifying module
+            if isinstance(lextab, types.ModuleType):
+                srcfile = lextab.__file__
+            else:
+                if '.' not in lextab:
+                    srcfile = ldict['__file__']
+                else:
+                    parts = lextab.split('.')
+                    pkgname = '.'.join(parts[:-1])
+                    exec('import %s' % pkgname)
+                    srcfile = getattr(sys.modules[pkgname], '__file__', '')
+            outputdir = os.path.dirname(srcfile)
+        try:
+            lexobj.writetab(lextab, outputdir)
+            if lextab in sys.modules:
+                del sys.modules[lextab]
+        except IOError as e:
+            errorlog.warning("Couldn't write lextab module %r. %s" % (lextab, e))
+
+    return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None, data=None):
+    if not data:
+        try:
+            filename = sys.argv[1]
+            f = open(filename)
+            data = f.read()
+            f.close()
+        except IndexError:
+            sys.stdout.write('Reading from standard input (type EOF to end):\n')
+            data = sys.stdin.read()
+
+    if lexer:
+        _input = lexer.input
+    else:
+        _input = input
+    _input(data)
+    if lexer:
+        _token = lexer.token
+    else:
+        _token = token
+
+    while True:
+        tok = _token()
+        if not tok:
+            break
+        sys.stdout.write('(%s,%r,%d,%d)\n' % (tok.type, tok.value, tok.lineno, tok.lexpos))
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+    def set_regex(f):
+        if hasattr(r, '__call__'):
+            f.regex = _get_regex(r)
+        else:
+            f.regex = r
+        return f
+    return set_regex
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/yacc.py b/lib/go-jinja2/internal/data/linux-arm64/ply/yacc.py
new file mode 100644
index 000000000..88188a1e8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/yacc.py
@@ -0,0 +1,3502 @@
+# -----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammar is specified by supplying the BNF inside
+# Python documentation strings.  The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system.  PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist).  However, most of the variables used during table
+# construction are defined in terms of global variables.  Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing.  LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book).  LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style."   Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+import re
+import types
+import sys
+import os.path
+import inspect
+import warnings
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+#-----------------------------------------------------------------------------
+#                     === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug   = True             # Debugging mode.  If set, yacc generates a
+                               # a 'parser.out' file in the current directory
+
+debug_file  = 'parser.out'     # Default name of the debugging file
+tab_module  = 'parsetab'       # Default name of the table module
+default_lr  = 'LALR'           # Default LR table generation method
+
+error_count = 3                # Number of symbols that must be shifted to leave recovery mode
+
+yaccdevel   = False            # Set to True if developing yacc.  This turns off optimized
+                               # implementations of certain functions.
+
+resultlimit = 40               # Size limit of results when running in debug mode.
+
+pickle_protocol = 0            # Protocol to use when writing pickle files
+
+# String type-checking compatibility
+if sys.version_info[0] < 3:
+    string_types = basestring
+else:
+    string_types = str
+
+MAXINT = sys.maxsize
+
+# This object is a stand-in for a logging object created by the
+# logging module.   PLY will use this by default to create things
+# such as the parser.out file.  If a user wants more detailed
+# information, they can create their own logging object and pass
+# it into PLY.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def debug(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    info = debug
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    critical = debug
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+# Exception raised for yacc-related errors
+class YaccError(Exception):
+    pass
+
+# Format the result message that the parser produces when running in debug mode.
+def format_result(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) > resultlimit:
+        repr_str = repr_str[:resultlimit] + ' ...'
+    result = '<%s @ 0x%x> (%s)' % (type(r).__name__, id(r), repr_str)
+    return result
+
+# Format stack entries when the parser is running in debug mode
+def format_stack_entry(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) < 16:
+        return repr_str
+    else:
+        return '<%s @ 0x%x>' % (type(r).__name__, id(r))
+
+# Panic mode error recovery support.   This feature is being reworked--much of the
+# code here is to offer a deprecation/backwards compatible transition
+
+_errok = None
+_token = None
+_restart = None
+_warnmsg = '''PLY: Don't use global functions errok(), token(), and restart() in p_error().
+Instead, invoke the methods on the associated parser instance:
+
+    def p_error(p):
+        ...
+        # Use parser.errok(), parser.token(), parser.restart()
+        ...
+
+    parser = yacc.yacc()
+'''
+
+def errok():
+    warnings.warn(_warnmsg)
+    return _errok()
+
+def restart():
+    warnings.warn(_warnmsg)
+    return _restart()
+
+def token():
+    warnings.warn(_warnmsg)
+    return _token()
+
+# Utility function to call the p_error() function with some deprecation hacks
+def call_errorfunc(errorfunc, token, parser):
+    global _errok, _token, _restart
+    _errok = parser.errok
+    _token = parser.token
+    _restart = parser.restart
+    r = errorfunc(token)
+    try:
+        del _errok, _token, _restart
+    except NameError:
+        pass
+    return r
+
+#-----------------------------------------------------------------------------
+#                        ===  LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself.  These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+#        .type       = Grammar symbol type
+#        .value      = Symbol value
+#        .lineno     = Starting line number
+#        .endlineno  = Ending line number (optional, set automatically)
+#        .lexpos     = Starting lex position
+#        .endlexpos  = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+    def __str__(self):
+        return self.type
+
+    def __repr__(self):
+        return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule.   Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined).   The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol.  The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+    def __init__(self, s, stack=None):
+        self.slice = s
+        self.stack = stack
+        self.lexer = None
+        self.parser = None
+
+    def __getitem__(self, n):
+        if isinstance(n, slice):
+            return [s.value for s in self.slice[n]]
+        elif n >= 0:
+            return self.slice[n].value
+        else:
+            return self.stack[n].value
+
+    def __setitem__(self, n, v):
+        self.slice[n].value = v
+
+    def __getslice__(self, i, j):
+        return [s.value for s in self.slice[i:j]]
+
+    def __len__(self):
+        return len(self.slice)
+
+    def lineno(self, n):
+        return getattr(self.slice[n], 'lineno', 0)
+
+    def set_lineno(self, n, lineno):
+        self.slice[n].lineno = lineno
+
+    def linespan(self, n):
+        startline = getattr(self.slice[n], 'lineno', 0)
+        endline = getattr(self.slice[n], 'endlineno', startline)
+        return startline, endline
+
+    def lexpos(self, n):
+        return getattr(self.slice[n], 'lexpos', 0)
+
+    def set_lexpos(self, n, lexpos):
+        self.slice[n].lexpos = lexpos
+
+    def lexspan(self, n):
+        startpos = getattr(self.slice[n], 'lexpos', 0)
+        endpos = getattr(self.slice[n], 'endlexpos', startpos)
+        return startpos, endpos
+
+    def error(self):
+        raise SyntaxError
+
+# -----------------------------------------------------------------------------
+#                               == LRParser ==
+#
+# The LR Parsing engine.
+# -----------------------------------------------------------------------------
+
+class LRParser:
+    def __init__(self, lrtab, errorf):
+        self.productions = lrtab.lr_productions
+        self.action = lrtab.lr_action
+        self.goto = lrtab.lr_goto
+        self.errorfunc = errorf
+        self.set_defaulted_states()
+        self.errorok = True
+
+    def errok(self):
+        self.errorok = True
+
+    def restart(self):
+        del self.statestack[:]
+        del self.symstack[:]
+        sym = YaccSymbol()
+        sym.type = '$end'
+        self.symstack.append(sym)
+        self.statestack.append(0)
+
+    # Defaulted state support.
+    # This method identifies parser states where there is only one possible reduction action.
+    # For such states, the parser can make a choose to make a rule reduction without consuming
+    # the next look-ahead token.  This delayed invocation of the tokenizer can be useful in
+    # certain kinds of advanced parsing situations where the lexer and parser interact with
+    # each other or change states (i.e., manipulation of scope, lexer states, etc.).
+    #
+    # See:  http://www.gnu.org/software/bison/manual/html_node/Default-Reductions.html#Default-Reductions
+    def set_defaulted_states(self):
+        self.defaulted_states = {}
+        for state, actions in self.action.items():
+            rules = list(actions.values())
+            if len(rules) == 1 and rules[0] < 0:
+                self.defaulted_states[state] = rules[0]
+
+    def disable_defaulted_states(self):
+        self.defaulted_states = {}
+
+    def parse(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        if debug or yaccdevel:
+            if isinstance(debug, int):
+                debug = PlyLogger(sys.stderr)
+            return self.parsedebug(input, lexer, debug, tracking, tokenfunc)
+        elif tracking:
+            return self.parseopt(input, lexer, debug, tracking, tokenfunc)
+        else:
+            return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
+
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parsedebug().
+    #
+    # This is the debugging enabled version of parse().  All changes made to the
+    # parsing engine should be made here.   Optimized versions of this function
+    # are automatically created by the ply/ygen.py script.  This script cuts out
+    # sections enclosed in markers such as this:
+    #
+    #      #--! DEBUG
+    #      statements
+    #      #--! DEBUG
+    #
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parsedebug(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parsedebug-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+        #--! DEBUG
+        debug.info('PLY: PARSE DEBUG START')
+        #--! DEBUG
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+            #--! DEBUG
+            debug.debug('')
+            debug.debug('State  : %s', state)
+            #--! DEBUG
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+                #--! DEBUG
+                debug.debug('Defaulted state %s: Reduce using %d', state, -t)
+                #--! DEBUG
+
+            #--! DEBUG
+            debug.debug('Stack  : %s',
+                        ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+            #--! DEBUG
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+                    #--! DEBUG
+                    debug.debug('Action : Shift and goto state %s', t)
+                    #--! DEBUG
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+                    #--! DEBUG
+                    if plen:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str,
+                                   '['+','.join([format_stack_entry(_v.value) for _v in symstack[-plen:]])+']',
+                                   goto[statestack[-1-plen]][pname])
+                    else:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str, [],
+                                   goto[statestack[-1]][pname])
+
+                    #--! DEBUG
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    #--! DEBUG
+                    debug.info('Done   : Returning %s', format_result(result))
+                    debug.info('PLY: PARSE DEBUG END')
+                    #--! DEBUG
+                    return result
+
+            if t is None:
+
+                #--! DEBUG
+                debug.error('Error  : %s',
+                            ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+                #--! DEBUG
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parsedebug-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt().
+    #
+    # Optimized version of parse() method.  DO NOT EDIT THIS CODE DIRECTLY!
+    # This code is automatically generated by the ply/ygen.py script. Make
+    # changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt_notrack().
+    #
+    # Optimized version of parseopt() with line number tracking removed.
+    # DO NOT EDIT THIS CODE DIRECTLY. This code is automatically generated
+    # by the ply/ygen.py script. Make changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt_notrack(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-notrack-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-notrack-end
+
+# -----------------------------------------------------------------------------
+#                          === Grammar Representation ===
+#
+# The following functions, classes, and variables are used to represent and
+# manipulate the rules that make up a grammar.
+# -----------------------------------------------------------------------------
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# A grammar rule refers to a specification such as this:
+#
+#       expr : expr PLUS term
+#
+# Here are the basic attributes defined on all productions
+#
+#       name     - Name of the production.  For example 'expr'
+#       prod     - A list of symbols on the right side ['expr','PLUS','term']
+#       prec     - Production precedence level
+#       number   - Production number.
+#       func     - Function that executes on reduce
+#       file     - File where production function is defined
+#       lineno   - Line number where production function is defined
+#
+# The following attributes are defined or optional.
+#
+#       len       - Length of the production (number of symbols on right hand side)
+#       usyms     - Set of unique symbols found in the production
+# -----------------------------------------------------------------------------
+
+class Production(object):
+    reduced = 0
+    def __init__(self, number, name, prod, precedence=('right', 0), func=None, file='', line=0):
+        self.name     = name
+        self.prod     = tuple(prod)
+        self.number   = number
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.prec     = precedence
+
+        # Internal settings used during table construction
+
+        self.len  = len(self.prod)   # Length of the production
+
+        # Create a list of unique production symbols used in the production
+        self.usyms = []
+        for s in self.prod:
+            if s not in self.usyms:
+                self.usyms.append(s)
+
+        # List of all LR items for the production
+        self.lr_items = []
+        self.lr_next = None
+
+        # Create a string representation
+        if self.prod:
+            self.str = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            self.str = '%s -> <empty>' % self.name
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'Production(' + str(self) + ')'
+
+    def __len__(self):
+        return len(self.prod)
+
+    def __nonzero__(self):
+        return 1
+
+    def __getitem__(self, index):
+        return self.prod[index]
+
+    # Return the nth lr_item from the production (or None if at the end)
+    def lr_item(self, n):
+        if n > len(self.prod):
+            return None
+        p = LRItem(self, n)
+        # Precompute the list of productions immediately following.
+        try:
+            p.lr_after = self.Prodnames[p.prod[n+1]]
+        except (IndexError, KeyError):
+            p.lr_after = []
+        try:
+            p.lr_before = p.prod[n-1]
+        except IndexError:
+            p.lr_before = None
+        return p
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+# This class serves as a minimal standin for Production objects when
+# reading table data from files.   It only contains information
+# actually used by the LR parsing engine, plus some additional
+# debugging information.
+class MiniProduction(object):
+    def __init__(self, str, name, len, func, file, line):
+        self.name     = name
+        self.len      = len
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.str      = str
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'MiniProduction(%s)' % self.str
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+
+# -----------------------------------------------------------------------------
+# class LRItem
+#
+# This class represents a specific stage of parsing a production rule.  For
+# example:
+#
+#       expr : expr . PLUS term
+#
+# In the above, the "." represents the current location of the parse.  Here
+# basic attributes:
+#
+#       name       - Name of the production.  For example 'expr'
+#       prod       - A list of symbols on the right side ['expr','.', 'PLUS','term']
+#       number     - Production number.
+#
+#       lr_next      Next LR item. Example, if we are ' expr -> expr . PLUS term'
+#                    then lr_next refers to 'expr -> expr PLUS . term'
+#       lr_index   - LR item index (location of the ".") in the prod list.
+#       lookaheads - LALR lookahead symbols for this item
+#       len        - Length of the production (number of symbols on right hand side)
+#       lr_after    - List of all productions that immediately follow
+#       lr_before   - Grammar symbol immediately before
+# -----------------------------------------------------------------------------
+
+class LRItem(object):
+    def __init__(self, p, n):
+        self.name       = p.name
+        self.prod       = list(p.prod)
+        self.number     = p.number
+        self.lr_index   = n
+        self.lookaheads = {}
+        self.prod.insert(n, '.')
+        self.prod       = tuple(self.prod)
+        self.len        = len(self.prod)
+        self.usyms      = p.usyms
+
+    def __str__(self):
+        if self.prod:
+            s = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            s = '%s -> <empty>' % self.name
+        return s
+
+    def __repr__(self):
+        return 'LRItem(' + str(self) + ')'
+
+# -----------------------------------------------------------------------------
+# rightmost_terminal()
+#
+# Return the rightmost terminal from a list of symbols.  Used in add_production()
+# -----------------------------------------------------------------------------
+def rightmost_terminal(symbols, terminals):
+    i = len(symbols) - 1
+    while i >= 0:
+        if symbols[i] in terminals:
+            return symbols[i]
+        i -= 1
+    return None
+
+# -----------------------------------------------------------------------------
+#                           === GRAMMAR CLASS ===
+#
+# The following class represents the contents of the specified grammar along
+# with various computed properties such as first sets, follow sets, LR items, etc.
+# This data is used for critical parts of the table generation process later.
+# -----------------------------------------------------------------------------
+
+class GrammarError(YaccError):
+    pass
+
+class Grammar(object):
+    def __init__(self, terminals):
+        self.Productions  = [None]  # A list of all of the productions.  The first
+                                    # entry is always reserved for the purpose of
+                                    # building an augmented grammar
+
+        self.Prodnames    = {}      # A dictionary mapping the names of nonterminals to a list of all
+                                    # productions of that nonterminal.
+
+        self.Prodmap      = {}      # A dictionary that is only used to detect duplicate
+                                    # productions.
+
+        self.Terminals    = {}      # A dictionary mapping the names of terminal symbols to a
+                                    # list of the rules where they are used.
+
+        for term in terminals:
+            self.Terminals[term] = []
+
+        self.Terminals['error'] = []
+
+        self.Nonterminals = {}      # A dictionary mapping names of nonterminals to a list
+                                    # of rule numbers where they are used.
+
+        self.First        = {}      # A dictionary of precomputed FIRST(x) symbols
+
+        self.Follow       = {}      # A dictionary of precomputed FOLLOW(x) symbols
+
+        self.Precedence   = {}      # Precedence rules for each terminal. Contains tuples of the
+                                    # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+        self.UsedPrecedence = set() # Precedence rules that were actually used by the grammer.
+                                    # This is only used to provide error checking and to generate
+                                    # a warning about unused precedence rules.
+
+        self.Start = None           # Starting symbol for the grammar
+
+
+    def __len__(self):
+        return len(self.Productions)
+
+    def __getitem__(self, index):
+        return self.Productions[index]
+
+    # -----------------------------------------------------------------------------
+    # set_precedence()
+    #
+    # Sets the precedence for a given terminal. assoc is the associativity such as
+    # 'left','right', or 'nonassoc'.  level is a numeric level.
+    #
+    # -----------------------------------------------------------------------------
+
+    def set_precedence(self, term, assoc, level):
+        assert self.Productions == [None], 'Must call set_precedence() before add_production()'
+        if term in self.Precedence:
+            raise GrammarError('Precedence already specified for terminal %r' % term)
+        if assoc not in ['left', 'right', 'nonassoc']:
+            raise GrammarError("Associativity must be one of 'left','right', or 'nonassoc'")
+        self.Precedence[term] = (assoc, level)
+
+    # -----------------------------------------------------------------------------
+    # add_production()
+    #
+    # Given an action function, this function assembles a production rule and
+    # computes its precedence level.
+    #
+    # The production rule is supplied as a list of symbols.   For example,
+    # a rule such as 'expr : expr PLUS term' has a production name of 'expr' and
+    # symbols ['expr','PLUS','term'].
+    #
+    # Precedence is determined by the precedence of the right-most non-terminal
+    # or the precedence of a terminal specified by %prec.
+    #
+    # A variety of error checks are performed to make sure production symbols
+    # are valid and that %prec is used correctly.
+    # -----------------------------------------------------------------------------
+
+    def add_production(self, prodname, syms, func=None, file='', line=0):
+
+        if prodname in self.Terminals:
+            raise GrammarError('%s:%d: Illegal rule name %r. Already defined as a token' % (file, line, prodname))
+        if prodname == 'error':
+            raise GrammarError('%s:%d: Illegal rule name %r. error is a reserved word' % (file, line, prodname))
+        if not _is_identifier.match(prodname):
+            raise GrammarError('%s:%d: Illegal rule name %r' % (file, line, prodname))
+
+        # Look for literal tokens
+        for n, s in enumerate(syms):
+            if s[0] in "'\"":
+                try:
+                    c = eval(s)
+                    if (len(c) > 1):
+                        raise GrammarError('%s:%d: Literal token %s in rule %r may only be a single character' %
+                                           (file, line, s, prodname))
+                    if c not in self.Terminals:
+                        self.Terminals[c] = []
+                    syms[n] = c
+                    continue
+                except SyntaxError:
+                    pass
+            if not _is_identifier.match(s) and s != '%prec':
+                raise GrammarError('%s:%d: Illegal name %r in rule %r' % (file, line, s, prodname))
+
+        # Determine the precedence level
+        if '%prec' in syms:
+            if syms[-1] == '%prec':
+                raise GrammarError('%s:%d: Syntax error. Nothing follows %%prec' % (file, line))
+            if syms[-2] != '%prec':
+                raise GrammarError('%s:%d: Syntax error. %%prec can only appear at the end of a grammar rule' %
+                                   (file, line))
+            precname = syms[-1]
+            prodprec = self.Precedence.get(precname)
+            if not prodprec:
+                raise GrammarError('%s:%d: Nothing known about the precedence of %r' % (file, line, precname))
+            else:
+                self.UsedPrecedence.add(precname)
+            del syms[-2:]     # Drop %prec from the rule
+        else:
+            # If no %prec, precedence is determined by the rightmost terminal symbol
+            precname = rightmost_terminal(syms, self.Terminals)
+            prodprec = self.Precedence.get(precname, ('right', 0))
+
+        # See if the rule is already in the rulemap
+        map = '%s -> %s' % (prodname, syms)
+        if map in self.Prodmap:
+            m = self.Prodmap[map]
+            raise GrammarError('%s:%d: Duplicate rule %s. ' % (file, line, m) +
+                               'Previous definition at %s:%d' % (m.file, m.line))
+
+        # From this point on, everything is valid.  Create a new Production instance
+        pnumber  = len(self.Productions)
+        if prodname not in self.Nonterminals:
+            self.Nonterminals[prodname] = []
+
+        # Add the production number to Terminals and Nonterminals
+        for t in syms:
+            if t in self.Terminals:
+                self.Terminals[t].append(pnumber)
+            else:
+                if t not in self.Nonterminals:
+                    self.Nonterminals[t] = []
+                self.Nonterminals[t].append(pnumber)
+
+        # Create a production and add it to the list of productions
+        p = Production(pnumber, prodname, syms, prodprec, func, file, line)
+        self.Productions.append(p)
+        self.Prodmap[map] = p
+
+        # Add to the global productions list
+        try:
+            self.Prodnames[prodname].append(p)
+        except KeyError:
+            self.Prodnames[prodname] = [p]
+
+    # -----------------------------------------------------------------------------
+    # set_start()
+    #
+    # Sets the starting symbol and creates the augmented grammar.  Production
+    # rule 0 is S' -> start where start is the start symbol.
+    # -----------------------------------------------------------------------------
+
+    def set_start(self, start=None):
+        if not start:
+            start = self.Productions[1].name
+        if start not in self.Nonterminals:
+            raise GrammarError('start symbol %s undefined' % start)
+        self.Productions[0] = Production(0, "S'", [start])
+        self.Nonterminals[start].append(0)
+        self.Start = start
+
+    # -----------------------------------------------------------------------------
+    # find_unreachable()
+    #
+    # Find all of the nonterminal symbols that can't be reached from the starting
+    # symbol.  Returns a list of nonterminals that can't be reached.
+    # -----------------------------------------------------------------------------
+
+    def find_unreachable(self):
+
+        # Mark all symbols that are reachable from a symbol s
+        def mark_reachable_from(s):
+            if s in reachable:
+                return
+            reachable.add(s)
+            for p in self.Prodnames.get(s, []):
+                for r in p.prod:
+                    mark_reachable_from(r)
+
+        reachable = set()
+        mark_reachable_from(self.Productions[0].prod[0])
+        return [s for s in self.Nonterminals if s not in reachable]
+
+    # -----------------------------------------------------------------------------
+    # infinite_cycles()
+    #
+    # This function looks at the various parsing rules and tries to detect
+    # infinite recursion cycles (grammar rules where there is no possible way
+    # to derive a string of only terminals).
+    # -----------------------------------------------------------------------------
+
+    def infinite_cycles(self):
+        terminates = {}
+
+        # Terminals:
+        for t in self.Terminals:
+            terminates[t] = True
+
+        terminates['$end'] = True
+
+        # Nonterminals:
+
+        # Initialize to false:
+        for n in self.Nonterminals:
+            terminates[n] = False
+
+        # Then propagate termination until no change:
+        while True:
+            some_change = False
+            for (n, pl) in self.Prodnames.items():
+                # Nonterminal n terminates iff any of its productions terminates.
+                for p in pl:
+                    # Production p terminates iff all of its rhs symbols terminate.
+                    for s in p.prod:
+                        if not terminates[s]:
+                            # The symbol s does not terminate,
+                            # so production p does not terminate.
+                            p_terminates = False
+                            break
+                    else:
+                        # didn't break from the loop,
+                        # so every symbol s terminates
+                        # so production p terminates.
+                        p_terminates = True
+
+                    if p_terminates:
+                        # symbol n terminates!
+                        if not terminates[n]:
+                            terminates[n] = True
+                            some_change = True
+                        # Don't need to consider any more productions for this n.
+                        break
+
+            if not some_change:
+                break
+
+        infinite = []
+        for (s, term) in terminates.items():
+            if not term:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    # s is used-but-not-defined, and we've already warned of that,
+                    # so it would be overkill to say that it's also non-terminating.
+                    pass
+                else:
+                    infinite.append(s)
+
+        return infinite
+
+    # -----------------------------------------------------------------------------
+    # undefined_symbols()
+    #
+    # Find all symbols that were used the grammar, but not defined as tokens or
+    # grammar rules.  Returns a list of tuples (sym, prod) where sym in the symbol
+    # and prod is the production where the symbol was used.
+    # -----------------------------------------------------------------------------
+    def undefined_symbols(self):
+        result = []
+        for p in self.Productions:
+            if not p:
+                continue
+
+            for s in p.prod:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    result.append((s, p))
+        return result
+
+    # -----------------------------------------------------------------------------
+    # unused_terminals()
+    #
+    # Find all terminals that were defined, but not used by the grammar.  Returns
+    # a list of all symbols.
+    # -----------------------------------------------------------------------------
+    def unused_terminals(self):
+        unused_tok = []
+        for s, v in self.Terminals.items():
+            if s != 'error' and not v:
+                unused_tok.append(s)
+
+        return unused_tok
+
+    # ------------------------------------------------------------------------------
+    # unused_rules()
+    #
+    # Find all grammar rules that were defined,  but not used (maybe not reachable)
+    # Returns a list of productions.
+    # ------------------------------------------------------------------------------
+
+    def unused_rules(self):
+        unused_prod = []
+        for s, v in self.Nonterminals.items():
+            if not v:
+                p = self.Prodnames[s][0]
+                unused_prod.append(p)
+        return unused_prod
+
+    # -----------------------------------------------------------------------------
+    # unused_precedence()
+    #
+    # Returns a list of tuples (term,precedence) corresponding to precedence
+    # rules that were never used by the grammar.  term is the name of the terminal
+    # on which precedence was applied and precedence is a string such as 'left' or
+    # 'right' corresponding to the type of precedence.
+    # -----------------------------------------------------------------------------
+
+    def unused_precedence(self):
+        unused = []
+        for termname in self.Precedence:
+            if not (termname in self.Terminals or termname in self.UsedPrecedence):
+                unused.append((termname, self.Precedence[termname][0]))
+
+        return unused
+
+    # -------------------------------------------------------------------------
+    # _first()
+    #
+    # Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+    #
+    # During execution of compute_first1, the result may be incomplete.
+    # Afterward (e.g., when called from compute_follow()), it will be complete.
+    # -------------------------------------------------------------------------
+    def _first(self, beta):
+
+        # We are computing First(x1,x2,x3,...,xn)
+        result = []
+        for x in beta:
+            x_produces_empty = False
+
+            # Add all the non-<empty> symbols of First[x] to the result.
+            for f in self.First[x]:
+                if f == '<empty>':
+                    x_produces_empty = True
+                else:
+                    if f not in result:
+                        result.append(f)
+
+            if x_produces_empty:
+                # We have to consider the next x in beta,
+                # i.e. stay in the loop.
+                pass
+            else:
+                # We don't have to consider any further symbols in beta.
+                break
+        else:
+            # There was no 'break' from the loop,
+            # so x_produces_empty was true for all x in beta,
+            # so beta produces empty as well.
+            result.append('<empty>')
+
+        return result
+
+    # -------------------------------------------------------------------------
+    # compute_first()
+    #
+    # Compute the value of FIRST1(X) for all symbols
+    # -------------------------------------------------------------------------
+    def compute_first(self):
+        if self.First:
+            return self.First
+
+        # Terminals:
+        for t in self.Terminals:
+            self.First[t] = [t]
+
+        self.First['$end'] = ['$end']
+
+        # Nonterminals:
+
+        # Initialize to the empty set:
+        for n in self.Nonterminals:
+            self.First[n] = []
+
+        # Then propagate symbols until no change:
+        while True:
+            some_change = False
+            for n in self.Nonterminals:
+                for p in self.Prodnames[n]:
+                    for f in self._first(p.prod):
+                        if f not in self.First[n]:
+                            self.First[n].append(f)
+                            some_change = True
+            if not some_change:
+                break
+
+        return self.First
+
+    # ---------------------------------------------------------------------
+    # compute_follow()
+    #
+    # Computes all of the follow sets for every non-terminal symbol.  The
+    # follow set is the set of all symbols that might follow a given
+    # non-terminal.  See the Dragon book, 2nd Ed. p. 189.
+    # ---------------------------------------------------------------------
+    def compute_follow(self, start=None):
+        # If already computed, return the result
+        if self.Follow:
+            return self.Follow
+
+        # If first sets not computed yet, do that first.
+        if not self.First:
+            self.compute_first()
+
+        # Add '$end' to the follow list of the start symbol
+        for k in self.Nonterminals:
+            self.Follow[k] = []
+
+        if not start:
+            start = self.Productions[1].name
+
+        self.Follow[start] = ['$end']
+
+        while True:
+            didadd = False
+            for p in self.Productions[1:]:
+                # Here is the production set
+                for i, B in enumerate(p.prod):
+                    if B in self.Nonterminals:
+                        # Okay. We got a non-terminal in a production
+                        fst = self._first(p.prod[i+1:])
+                        hasempty = False
+                        for f in fst:
+                            if f != '<empty>' and f not in self.Follow[B]:
+                                self.Follow[B].append(f)
+                                didadd = True
+                            if f == '<empty>':
+                                hasempty = True
+                        if hasempty or i == (len(p.prod)-1):
+                            # Add elements of follow(a) to follow(b)
+                            for f in self.Follow[p.name]:
+                                if f not in self.Follow[B]:
+                                    self.Follow[B].append(f)
+                                    didadd = True
+            if not didadd:
+                break
+        return self.Follow
+
+
+    # -----------------------------------------------------------------------------
+    # build_lritems()
+    #
+    # This function walks the list of productions and builds a complete set of the
+    # LR items.  The LR items are stored in two ways:  First, they are uniquely
+    # numbered and placed in the list _lritems.  Second, a linked list of LR items
+    # is built for each production.  For example:
+    #
+    #   E -> E PLUS E
+    #
+    # Creates the list
+    #
+    #  [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+    # -----------------------------------------------------------------------------
+
+    def build_lritems(self):
+        for p in self.Productions:
+            lastlri = p
+            i = 0
+            lr_items = []
+            while True:
+                if i > len(p):
+                    lri = None
+                else:
+                    lri = LRItem(p, i)
+                    # Precompute the list of productions immediately following
+                    try:
+                        lri.lr_after = self.Prodnames[lri.prod[i+1]]
+                    except (IndexError, KeyError):
+                        lri.lr_after = []
+                    try:
+                        lri.lr_before = lri.prod[i-1]
+                    except IndexError:
+                        lri.lr_before = None
+
+                lastlri.lr_next = lri
+                if not lri:
+                    break
+                lr_items.append(lri)
+                lastlri = lri
+                i += 1
+            p.lr_items = lr_items
+
+# -----------------------------------------------------------------------------
+#                            == Class LRTable ==
+#
+# This basic class represents a basic table of LR parsing information.
+# Methods for generating the tables are not defined here.  They are defined
+# in the derived class LRGeneratedTable.
+# -----------------------------------------------------------------------------
+
+class VersionError(YaccError):
+    pass
+
+class LRTable(object):
+    def __init__(self):
+        self.lr_action = None
+        self.lr_goto = None
+        self.lr_productions = None
+        self.lr_method = None
+
+    def read_table(self, module):
+        if isinstance(module, types.ModuleType):
+            parsetab = module
+        else:
+            exec('import %s' % module)
+            parsetab = sys.modules[module]
+
+        if parsetab._tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+
+        self.lr_action = parsetab._lr_action
+        self.lr_goto = parsetab._lr_goto
+
+        self.lr_productions = []
+        for p in parsetab._lr_productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        self.lr_method = parsetab._lr_method
+        return parsetab._lr_signature
+
+    def read_pickle(self, filename):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+
+        if not os.path.exists(filename):
+          raise ImportError
+
+        in_f = open(filename, 'rb')
+
+        tabversion = pickle.load(in_f)
+        if tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+        self.lr_method = pickle.load(in_f)
+        signature      = pickle.load(in_f)
+        self.lr_action = pickle.load(in_f)
+        self.lr_goto   = pickle.load(in_f)
+        productions    = pickle.load(in_f)
+
+        self.lr_productions = []
+        for p in productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        in_f.close()
+        return signature
+
+    # Bind all production function names to callable objects in pdict
+    def bind_callables(self, pdict):
+        for p in self.lr_productions:
+            p.bind(pdict)
+
+
+# -----------------------------------------------------------------------------
+#                           === LR Generator ===
+#
+# The following classes and functions are used to generate LR parsing tables on
+# a grammar.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+#     F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs:  X    - An input set
+#          R    - A relation
+#          FP   - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X, R, FP):
+    N = {}
+    for x in X:
+        N[x] = 0
+    stack = []
+    F = {}
+    for x in X:
+        if N[x] == 0:
+            traverse(x, N, stack, F, X, R, FP)
+    return F
+
+def traverse(x, N, stack, F, X, R, FP):
+    stack.append(x)
+    d = len(stack)
+    N[x] = d
+    F[x] = FP(x)             # F(X) <- F'(x)
+
+    rel = R(x)               # Get y's related to x
+    for y in rel:
+        if N[y] == 0:
+            traverse(y, N, stack, F, X, R, FP)
+        N[x] = min(N[x], N[y])
+        for a in F.get(y, []):
+            if a not in F[x]:
+                F[x].append(a)
+    if N[x] == d:
+        N[stack[-1]] = MAXINT
+        F[stack[-1]] = F[x]
+        element = stack.pop()
+        while element != x:
+            N[stack[-1]] = MAXINT
+            F[stack[-1]] = F[x]
+            element = stack.pop()
+
+class LALRError(YaccError):
+    pass
+
+# -----------------------------------------------------------------------------
+#                             == LRGeneratedTable ==
+#
+# This class implements the LR table generation algorithm.  There are no
+# public methods except for write()
+# -----------------------------------------------------------------------------
+
+class LRGeneratedTable(LRTable):
+    def __init__(self, grammar, method='LALR', log=None):
+        if method not in ['SLR', 'LALR']:
+            raise LALRError('Unsupported method %s' % method)
+
+        self.grammar = grammar
+        self.lr_method = method
+
+        # Set up the logger
+        if not log:
+            log = NullLogger()
+        self.log = log
+
+        # Internal attributes
+        self.lr_action     = {}        # Action table
+        self.lr_goto       = {}        # Goto table
+        self.lr_productions  = grammar.Productions    # Copy of grammar Production array
+        self.lr_goto_cache = {}        # Cache of computed gotos
+        self.lr0_cidhash   = {}        # Cache of closures
+
+        self._add_count    = 0         # Internal counter used to detect cycles
+
+        # Diagonistic information filled in by the table generator
+        self.sr_conflict   = 0
+        self.rr_conflict   = 0
+        self.conflicts     = []        # List of conflicts
+
+        self.sr_conflicts  = []
+        self.rr_conflicts  = []
+
+        # Build the tables
+        self.grammar.build_lritems()
+        self.grammar.compute_first()
+        self.grammar.compute_follow()
+        self.lr_parse_table()
+
+    # Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+
+    def lr0_closure(self, I):
+        self._add_count += 1
+
+        # Add everything in I to J
+        J = I[:]
+        didadd = True
+        while didadd:
+            didadd = False
+            for j in J:
+                for x in j.lr_after:
+                    if getattr(x, 'lr0_added', 0) == self._add_count:
+                        continue
+                    # Add B --> .G to J
+                    J.append(x.lr_next)
+                    x.lr0_added = self._add_count
+                    didadd = True
+
+        return J
+
+    # Compute the LR(0) goto function goto(I,X) where I is a set
+    # of LR(0) items and X is a grammar symbol.   This function is written
+    # in a way that guarantees uniqueness of the generated goto sets
+    # (i.e. the same goto set will never be returned as two different Python
+    # objects).  With uniqueness, we can later do fast set comparisons using
+    # id(obj) instead of element-wise comparison.
+
+    def lr0_goto(self, I, x):
+        # First we look for a previously cached entry
+        g = self.lr_goto_cache.get((id(I), x))
+        if g:
+            return g
+
+        # Now we generate the goto set in a way that guarantees uniqueness
+        # of the result
+
+        s = self.lr_goto_cache.get(x)
+        if not s:
+            s = {}
+            self.lr_goto_cache[x] = s
+
+        gs = []
+        for p in I:
+            n = p.lr_next
+            if n and n.lr_before == x:
+                s1 = s.get(id(n))
+                if not s1:
+                    s1 = {}
+                    s[id(n)] = s1
+                gs.append(n)
+                s = s1
+        g = s.get('$end')
+        if not g:
+            if gs:
+                g = self.lr0_closure(gs)
+                s['$end'] = g
+            else:
+                s['$end'] = gs
+        self.lr_goto_cache[(id(I), x)] = g
+        return g
+
+    # Compute the LR(0) sets of item function
+    def lr0_items(self):
+        C = [self.lr0_closure([self.grammar.Productions[0].lr_next])]
+        i = 0
+        for I in C:
+            self.lr0_cidhash[id(I)] = i
+            i += 1
+
+        # Loop over the items in C and each grammar symbols
+        i = 0
+        while i < len(C):
+            I = C[i]
+            i += 1
+
+            # Collect all of the symbols that could possibly be in the goto(I,X) sets
+            asyms = {}
+            for ii in I:
+                for s in ii.usyms:
+                    asyms[s] = None
+
+            for x in asyms:
+                g = self.lr0_goto(I, x)
+                if not g or id(g) in self.lr0_cidhash:
+                    continue
+                self.lr0_cidhash[id(g)] = len(C)
+                C.append(g)
+
+        return C
+
+    # -----------------------------------------------------------------------------
+    #                       ==== LALR(1) Parsing ====
+    #
+    # LALR(1) parsing is almost exactly the same as SLR except that instead of
+    # relying upon Follow() sets when performing reductions, a more selective
+    # lookahead set that incorporates the state of the LR(0) machine is utilized.
+    # Thus, we mainly just have to focus on calculating the lookahead sets.
+    #
+    # The method used here is due to DeRemer and Pennelo (1982).
+    #
+    # DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+    #     Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+    #     Vol. 4, No. 4, Oct. 1982, pp. 615-649
+    #
+    # Further details can also be found in:
+    #
+    #  J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+    #      McGraw-Hill Book Company, (1985).
+    #
+    # -----------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------
+    # compute_nullable_nonterminals()
+    #
+    # Creates a dictionary containing all of the non-terminals that might produce
+    # an empty production.
+    # -----------------------------------------------------------------------------
+
+    def compute_nullable_nonterminals(self):
+        nullable = set()
+        num_nullable = 0
+        while True:
+            for p in self.grammar.Productions[1:]:
+                if p.len == 0:
+                    nullable.add(p.name)
+                    continue
+                for t in p.prod:
+                    if t not in nullable:
+                        break
+                else:
+                    nullable.add(p.name)
+            if len(nullable) == num_nullable:
+                break
+            num_nullable = len(nullable)
+        return nullable
+
+    # -----------------------------------------------------------------------------
+    # find_nonterminal_trans(C)
+    #
+    # Given a set of LR(0) items, this functions finds all of the non-terminal
+    # transitions.    These are transitions in which a dot appears immediately before
+    # a non-terminal.   Returns a list of tuples of the form (state,N) where state
+    # is the state number and N is the nonterminal symbol.
+    #
+    # The input C is the set of LR(0) items.
+    # -----------------------------------------------------------------------------
+
+    def find_nonterminal_transitions(self, C):
+        trans = []
+        for stateno, state in enumerate(C):
+            for p in state:
+                if p.lr_index < p.len - 1:
+                    t = (stateno, p.prod[p.lr_index+1])
+                    if t[1] in self.grammar.Nonterminals:
+                        if t not in trans:
+                            trans.append(t)
+        return trans
+
+    # -----------------------------------------------------------------------------
+    # dr_relation()
+    #
+    # Computes the DR(p,A) relationships for non-terminal transitions.  The input
+    # is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+    #
+    # Returns a list of terminals.
+    # -----------------------------------------------------------------------------
+
+    def dr_relation(self, C, trans, nullable):
+        state, N = trans
+        terms = []
+
+        g = self.lr0_goto(C[state], N)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index+1]
+                if a in self.grammar.Terminals:
+                    if a not in terms:
+                        terms.append(a)
+
+        # This extra bit is to handle the start state
+        if state == 0 and N == self.grammar.Productions[0].prod[0]:
+            terms.append('$end')
+
+        return terms
+
+    # -----------------------------------------------------------------------------
+    # reads_relation()
+    #
+    # Computes the READS() relation (p,A) READS (t,C).
+    # -----------------------------------------------------------------------------
+
+    def reads_relation(self, C, trans, empty):
+        # Look for empty transitions
+        rel = []
+        state, N = trans
+
+        g = self.lr0_goto(C[state], N)
+        j = self.lr0_cidhash.get(id(g), -1)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index + 1]
+                if a in empty:
+                    rel.append((j, a))
+
+        return rel
+
+    # -----------------------------------------------------------------------------
+    # compute_lookback_includes()
+    #
+    # Determines the lookback and includes relations
+    #
+    # LOOKBACK:
+    #
+    # This relation is determined by running the LR(0) state machine forward.
+    # For example, starting with a production "N : . A B C", we run it forward
+    # to obtain "N : A B C ."   We then build a relationship between this final
+    # state and the starting state.   These relationships are stored in a dictionary
+    # lookdict.
+    #
+    # INCLUDES:
+    #
+    # Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+    #
+    # This relation is used to determine non-terminal transitions that occur
+    # inside of other non-terminal transition states.   (p,A) INCLUDES (p', B)
+    # if the following holds:
+    #
+    #       B -> LAT, where T -> epsilon and p' -L-> p
+    #
+    # L is essentially a prefix (which may be empty), T is a suffix that must be
+    # able to derive an empty string.  State p' must lead to state p with the string L.
+    #
+    # -----------------------------------------------------------------------------
+
+    def compute_lookback_includes(self, C, trans, nullable):
+        lookdict = {}          # Dictionary of lookback relations
+        includedict = {}       # Dictionary of include relations
+
+        # Make a dictionary of non-terminal transitions
+        dtrans = {}
+        for t in trans:
+            dtrans[t] = 1
+
+        # Loop over all transitions and compute lookbacks and includes
+        for state, N in trans:
+            lookb = []
+            includes = []
+            for p in C[state]:
+                if p.name != N:
+                    continue
+
+                # Okay, we have a name match.  We now follow the production all the way
+                # through the state machine until we get the . on the right hand side
+
+                lr_index = p.lr_index
+                j = state
+                while lr_index < p.len - 1:
+                    lr_index = lr_index + 1
+                    t = p.prod[lr_index]
+
+                    # Check to see if this symbol and state are a non-terminal transition
+                    if (j, t) in dtrans:
+                        # Yes.  Okay, there is some chance that this is an includes relation
+                        # the only way to know for certain is whether the rest of the
+                        # production derives empty
+
+                        li = lr_index + 1
+                        while li < p.len:
+                            if p.prod[li] in self.grammar.Terminals:
+                                break      # No forget it
+                            if p.prod[li] not in nullable:
+                                break
+                            li = li + 1
+                        else:
+                            # Appears to be a relation between (j,t) and (state,N)
+                            includes.append((j, t))
+
+                    g = self.lr0_goto(C[j], t)               # Go to next set
+                    j = self.lr0_cidhash.get(id(g), -1)      # Go to next state
+
+                # When we get here, j is the final state, now we have to locate the production
+                for r in C[j]:
+                    if r.name != p.name:
+                        continue
+                    if r.len != p.len:
+                        continue
+                    i = 0
+                    # This look is comparing a production ". A B C" with "A B C ."
+                    while i < r.lr_index:
+                        if r.prod[i] != p.prod[i+1]:
+                            break
+                        i = i + 1
+                    else:
+                        lookb.append((j, r))
+            for i in includes:
+                if i not in includedict:
+                    includedict[i] = []
+                includedict[i].append((state, N))
+            lookdict[(state, N)] = lookb
+
+        return lookdict, includedict
+
+    # -----------------------------------------------------------------------------
+    # compute_read_sets()
+    #
+    # Given a set of LR(0) items, this function computes the read sets.
+    #
+    # Inputs:  C        =  Set of LR(0) items
+    #          ntrans   = Set of nonterminal transitions
+    #          nullable = Set of empty transitions
+    #
+    # Returns a set containing the read sets
+    # -----------------------------------------------------------------------------
+
+    def compute_read_sets(self, C, ntrans, nullable):
+        FP = lambda x: self.dr_relation(C, x, nullable)
+        R =  lambda x: self.reads_relation(C, x, nullable)
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # compute_follow_sets()
+    #
+    # Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+    # and an include set, this function computes the follow sets
+    #
+    # Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+    #
+    # Inputs:
+    #            ntrans     = Set of nonterminal transitions
+    #            readsets   = Readset (previously computed)
+    #            inclsets   = Include sets (previously computed)
+    #
+    # Returns a set containing the follow sets
+    # -----------------------------------------------------------------------------
+
+    def compute_follow_sets(self, ntrans, readsets, inclsets):
+        FP = lambda x: readsets[x]
+        R  = lambda x: inclsets.get(x, [])
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # add_lookaheads()
+    #
+    # Attaches the lookahead symbols to grammar rules.
+    #
+    # Inputs:    lookbacks         -  Set of lookback relations
+    #            followset         -  Computed follow set
+    #
+    # This function directly attaches the lookaheads to productions contained
+    # in the lookbacks set
+    # -----------------------------------------------------------------------------
+
+    def add_lookaheads(self, lookbacks, followset):
+        for trans, lb in lookbacks.items():
+            # Loop over productions in lookback
+            for state, p in lb:
+                if state not in p.lookaheads:
+                    p.lookaheads[state] = []
+                f = followset.get(trans, [])
+                for a in f:
+                    if a not in p.lookaheads[state]:
+                        p.lookaheads[state].append(a)
+
+    # -----------------------------------------------------------------------------
+    # add_lalr_lookaheads()
+    #
+    # This function does all of the work of adding lookahead information for use
+    # with LALR parsing
+    # -----------------------------------------------------------------------------
+
+    def add_lalr_lookaheads(self, C):
+        # Determine all of the nullable nonterminals
+        nullable = self.compute_nullable_nonterminals()
+
+        # Find all non-terminal transitions
+        trans = self.find_nonterminal_transitions(C)
+
+        # Compute read sets
+        readsets = self.compute_read_sets(C, trans, nullable)
+
+        # Compute lookback/includes relations
+        lookd, included = self.compute_lookback_includes(C, trans, nullable)
+
+        # Compute LALR FOLLOW sets
+        followsets = self.compute_follow_sets(trans, readsets, included)
+
+        # Add all of the lookaheads
+        self.add_lookaheads(lookd, followsets)
+
+    # -----------------------------------------------------------------------------
+    # lr_parse_table()
+    #
+    # This function constructs the parse tables for SLR or LALR
+    # -----------------------------------------------------------------------------
+    def lr_parse_table(self):
+        Productions = self.grammar.Productions
+        Precedence  = self.grammar.Precedence
+        goto   = self.lr_goto         # Goto array
+        action = self.lr_action       # Action array
+        log    = self.log             # Logger for output
+
+        actionp = {}                  # Action production array (temporary)
+
+        log.info('Parsing method: %s', self.lr_method)
+
+        # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+        # This determines the number of states
+
+        C = self.lr0_items()
+
+        if self.lr_method == 'LALR':
+            self.add_lalr_lookaheads(C)
+
+        # Build the parser table, state by state
+        st = 0
+        for I in C:
+            # Loop over each production in I
+            actlist = []              # List of actions
+            st_action  = {}
+            st_actionp = {}
+            st_goto    = {}
+            log.info('')
+            log.info('state %d', st)
+            log.info('')
+            for p in I:
+                log.info('    (%d) %s', p.number, p)
+            log.info('')
+
+            for p in I:
+                    if p.len == p.lr_index + 1:
+                        if p.name == "S'":
+                            # Start symbol. Accept!
+                            st_action['$end'] = 0
+                            st_actionp['$end'] = p
+                        else:
+                            # We are at the end of a production.  Reduce!
+                            if self.lr_method == 'LALR':
+                                laheads = p.lookaheads[st]
+                            else:
+                                laheads = self.grammar.Follow[p.name]
+                            for a in laheads:
+                                actlist.append((a, p, 'reduce using rule %d (%s)' % (p.number, p)))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa. Have a shift/reduce or reduce/reduce conflict
+                                    if r > 0:
+                                        # Need to decide on shift or reduce here
+                                        # By default we favor shifting. Need to add
+                                        # some precedence rules here.
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from rule being reduced (p)
+                                        rprec, rlevel = Productions[p.number].prec
+
+                                        if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+                                            # We really need to reduce here.
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+                                            Productions[p.number].reduced += 1
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the shift
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                    elif r < 0:
+                                        # Reduce/reduce conflict.   In this case, we favor the rule
+                                        # that was defined first in the grammar file
+                                        oldp = Productions[-r]
+                                        pp = Productions[p.number]
+                                        if oldp.line > pp.line:
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            chosenp, rejectp = pp, oldp
+                                            Productions[p.number].reduced += 1
+                                            Productions[oldp.number].reduced -= 1
+                                        else:
+                                            chosenp, rejectp = oldp, pp
+                                        self.rr_conflicts.append((st, chosenp, rejectp))
+                                        log.info('  ! reduce/reduce conflict for %s resolved using rule %d (%s)',
+                                                 a, st_actionp[a].number, st_actionp[a])
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = -p.number
+                                    st_actionp[a] = p
+                                    Productions[p.number].reduced += 1
+                    else:
+                        i = p.lr_index
+                        a = p.prod[i+1]       # Get symbol right after the "."
+                        if a in self.grammar.Terminals:
+                            g = self.lr0_goto(I, a)
+                            j = self.lr0_cidhash.get(id(g), -1)
+                            if j >= 0:
+                                # We are in a shift state
+                                actlist.append((a, p, 'shift and go to state %d' % j))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa have a shift/reduce or shift/shift conflict
+                                    if r > 0:
+                                        if r != j:
+                                            raise LALRError('Shift/shift conflict in state %d' % st)
+                                    elif r < 0:
+                                        # Do a precedence check.
+                                        #   -  if precedence of reduce rule is higher, we reduce.
+                                        #   -  if precedence of reduce is same and left assoc, we reduce.
+                                        #   -  otherwise we shift
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from the rule that could have been reduced
+                                        rprec, rlevel = Productions[st_actionp[a].number].prec
+
+                                        if (slevel > rlevel) or ((slevel == rlevel) and (rprec == 'right')):
+                                            # We decide to shift here... highest precedence to shift
+                                            Productions[st_actionp[a].number].reduced -= 1
+                                            st_action[a] = j
+                                            st_actionp[a] = p
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the reduce
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = j
+                                    st_actionp[a] = p
+
+            # Print the actions associated with each terminal
+            _actprint = {}
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is st_actionp[a]:
+                        log.info('    %-15s %s', a, m)
+                        _actprint[(a, m)] = 1
+            log.info('')
+            # Print the actions that were not used. (debugging)
+            not_used = 0
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is not st_actionp[a]:
+                        if not (a, m) in _actprint:
+                            log.debug('  ! %-15s [ %s ]', a, m)
+                            not_used = 1
+                            _actprint[(a, m)] = 1
+            if not_used:
+                log.debug('')
+
+            # Construct the goto table for this state
+
+            nkeys = {}
+            for ii in I:
+                for s in ii.usyms:
+                    if s in self.grammar.Nonterminals:
+                        nkeys[s] = None
+            for n in nkeys:
+                g = self.lr0_goto(I, n)
+                j = self.lr0_cidhash.get(id(g), -1)
+                if j >= 0:
+                    st_goto[n] = j
+                    log.info('    %-30s shift and go to state %d', n, j)
+
+            action[st] = st_action
+            actionp[st] = st_actionp
+            goto[st] = st_goto
+            st += 1
+
+    # -----------------------------------------------------------------------------
+    # write()
+    #
+    # This function writes the LR parsing tables to a file
+    # -----------------------------------------------------------------------------
+
+    def write_table(self, tabmodule, outputdir='', signature=''):
+        if isinstance(tabmodule, types.ModuleType):
+            raise IOError("Won't overwrite existing tabmodule")
+
+        basemodulename = tabmodule.split('.')[-1]
+        filename = os.path.join(outputdir, basemodulename) + '.py'
+        try:
+            f = open(filename, 'w')
+
+            f.write('''
+# %s
+# This file is automatically generated. Do not edit.
+# pylint: disable=W,C,R
+_tabversion = %r
+
+_lr_method = %r
+
+_lr_signature = %r
+    ''' % (os.path.basename(filename), __tabversion__, self.lr_method, signature))
+
+            # Change smaller to 0 to go back to original tables
+            smaller = 1
+
+            # Factor out names to try and make smaller
+            if smaller:
+                items = {}
+
+                for s, nd in self.lr_action.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_action_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_action = {}
+for _k, _v in _lr_action_items.items():
+   for _x,_y in zip(_v[0],_v[1]):
+      if not _x in _lr_action:  _lr_action[_x] = {}
+      _lr_action[_x][_k] = _y
+del _lr_action_items
+''')
+
+            else:
+                f.write('\n_lr_action = { ')
+                for k, v in self.lr_action.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            if smaller:
+                # Factor out names to try and make smaller
+                items = {}
+
+                for s, nd in self.lr_goto.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_goto_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_goto = {}
+for _k, _v in _lr_goto_items.items():
+   for _x, _y in zip(_v[0], _v[1]):
+       if not _x in _lr_goto: _lr_goto[_x] = {}
+       _lr_goto[_x][_k] = _y
+del _lr_goto_items
+''')
+            else:
+                f.write('\n_lr_goto = { ')
+                for k, v in self.lr_goto.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            # Write production table
+            f.write('_lr_productions = [\n')
+            for p in self.lr_productions:
+                if p.func:
+                    f.write('  (%r,%r,%d,%r,%r,%d),\n' % (p.str, p.name, p.len,
+                                                          p.func, os.path.basename(p.file), p.line))
+                else:
+                    f.write('  (%r,%r,%d,None,None,None),\n' % (str(p), p.name, p.len))
+            f.write(']\n')
+            f.close()
+
+        except IOError as e:
+            raise
+
+
+    # -----------------------------------------------------------------------------
+    # pickle_table()
+    #
+    # This function pickles the LR parsing tables to a supplied file object
+    # -----------------------------------------------------------------------------
+
+    def pickle_table(self, filename, signature=''):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+        with open(filename, 'wb') as outf:
+            pickle.dump(__tabversion__, outf, pickle_protocol)
+            pickle.dump(self.lr_method, outf, pickle_protocol)
+            pickle.dump(signature, outf, pickle_protocol)
+            pickle.dump(self.lr_action, outf, pickle_protocol)
+            pickle.dump(self.lr_goto, outf, pickle_protocol)
+
+            outp = []
+            for p in self.lr_productions:
+                if p.func:
+                    outp.append((p.str, p.name, p.len, p.func, os.path.basename(p.file), p.line))
+                else:
+                    outp.append((str(p), p.name, p.len, None, None, None))
+            pickle.dump(outp, outf, pickle_protocol)
+
+# -----------------------------------------------------------------------------
+#                            === INTROSPECTION ===
+#
+# The following functions and classes are used to implement the PLY
+# introspection features followed by the yacc() function itself.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# parse_grammar()
+#
+# This takes a raw grammar rule string and parses it into production data
+# -----------------------------------------------------------------------------
+def parse_grammar(doc, file, line):
+    grammar = []
+    # Split the doc string into lines
+    pstrings = doc.splitlines()
+    lastp = None
+    dline = line
+    for ps in pstrings:
+        dline += 1
+        p = ps.split()
+        if not p:
+            continue
+        try:
+            if p[0] == '|':
+                # This is a continuation of a previous rule
+                if not lastp:
+                    raise SyntaxError("%s:%d: Misplaced '|'" % (file, dline))
+                prodname = lastp
+                syms = p[1:]
+            else:
+                prodname = p[0]
+                lastp = prodname
+                syms   = p[2:]
+                assign = p[1]
+                if assign != ':' and assign != '::=':
+                    raise SyntaxError("%s:%d: Syntax error. Expected ':'" % (file, dline))
+
+            grammar.append((file, dline, prodname, syms))
+        except SyntaxError:
+            raise
+        except Exception:
+            raise SyntaxError('%s:%d: Syntax error in rule %r' % (file, dline, ps.strip()))
+
+    return grammar
+
+# -----------------------------------------------------------------------------
+# ParserReflect()
+#
+# This class represents information extracted for building a parser including
+# start symbol, error function, tokens, precedence list, action functions,
+# etc.
+# -----------------------------------------------------------------------------
+class ParserReflect(object):
+    def __init__(self, pdict, log=None):
+        self.pdict      = pdict
+        self.start      = None
+        self.error_func = None
+        self.tokens     = None
+        self.modules    = set()
+        self.grammar    = []
+        self.error      = False
+
+        if log is None:
+            self.log = PlyLogger(sys.stderr)
+        else:
+            self.log = log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_start()
+        self.get_error_func()
+        self.get_tokens()
+        self.get_precedence()
+        self.get_pfunctions()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_start()
+        self.validate_error_func()
+        self.validate_tokens()
+        self.validate_precedence()
+        self.validate_pfunctions()
+        self.validate_modules()
+        return self.error
+
+    # Compute a signature over the grammar
+    def signature(self):
+        parts = []
+        try:
+            if self.start:
+                parts.append(self.start)
+            if self.prec:
+                parts.append(''.join([''.join(p) for p in self.prec]))
+            if self.tokens:
+                parts.append(' '.join(self.tokens))
+            for f in self.pfuncs:
+                if f[3]:
+                    parts.append(f[3])
+        except (TypeError, ValueError):
+            pass
+        return ''.join(parts)
+
+    # -----------------------------------------------------------------------------
+    # validate_modules()
+    #
+    # This method checks to see if there are duplicated p_rulename() functions
+    # in the parser module file.  Without this function, it is really easy for
+    # users to make mistakes by cutting and pasting code fragments (and it's a real
+    # bugger to try and figure out why the resulting parser doesn't work).  Therefore,
+    # we just do a little regular expression pattern matching of def statements
+    # to try and detect duplicates.
+    # -----------------------------------------------------------------------------
+
+    def validate_modules(self):
+        # Match def p_funcname(
+        fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+
+        for module in self.modules:
+            try:
+                lines, linen = inspect.getsourcelines(module)
+            except IOError:
+                continue
+
+            counthash = {}
+            for linen, line in enumerate(lines):
+                linen += 1
+                m = fre.match(line)
+                if m:
+                    name = m.group(1)
+                    prev = counthash.get(name)
+                    if not prev:
+                        counthash[name] = linen
+                    else:
+                        filename = inspect.getsourcefile(module)
+                        self.log.warning('%s:%d: Function %s redefined. Previously defined on line %d',
+                                         filename, linen, name, prev)
+
+    # Get the start symbol
+    def get_start(self):
+        self.start = self.pdict.get('start')
+
+    # Validate the start symbol
+    def validate_start(self):
+        if self.start is not None:
+            if not isinstance(self.start, string_types):
+                self.log.error("'start' must be a string")
+
+    # Look for error handler
+    def get_error_func(self):
+        self.error_func = self.pdict.get('p_error')
+
+    # Validate the error function
+    def validate_error_func(self):
+        if self.error_func:
+            if isinstance(self.error_func, types.FunctionType):
+                ismethod = 0
+            elif isinstance(self.error_func, types.MethodType):
+                ismethod = 1
+            else:
+                self.log.error("'p_error' defined, but is not a function or method")
+                self.error = True
+                return
+
+            eline = self.error_func.__code__.co_firstlineno
+            efile = self.error_func.__code__.co_filename
+            module = inspect.getmodule(self.error_func)
+            self.modules.add(module)
+
+            argcount = self.error_func.__code__.co_argcount - ismethod
+            if argcount != 1:
+                self.log.error('%s:%d: p_error() requires 1 argument', efile, eline)
+                self.error = True
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.pdict.get('tokens')
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = sorted(tokens)
+
+    # Validate the tokens
+    def validate_tokens(self):
+        # Validate the tokens.
+        if 'error' in self.tokens:
+            self.log.error("Illegal token name 'error'. Is a reserved word")
+            self.error = True
+            return
+
+        terminals = set()
+        for n in self.tokens:
+            if n in terminals:
+                self.log.warning('Token %r multiply defined', n)
+            terminals.add(n)
+
+    # Get the precedence map (if any)
+    def get_precedence(self):
+        self.prec = self.pdict.get('precedence')
+
+    # Validate and parse the precedence map
+    def validate_precedence(self):
+        preclist = []
+        if self.prec:
+            if not isinstance(self.prec, (list, tuple)):
+                self.log.error('precedence must be a list or tuple')
+                self.error = True
+                return
+            for level, p in enumerate(self.prec):
+                if not isinstance(p, (list, tuple)):
+                    self.log.error('Bad precedence table')
+                    self.error = True
+                    return
+
+                if len(p) < 2:
+                    self.log.error('Malformed precedence entry %s. Must be (assoc, term, ..., term)', p)
+                    self.error = True
+                    return
+                assoc = p[0]
+                if not isinstance(assoc, string_types):
+                    self.log.error('precedence associativity must be a string')
+                    self.error = True
+                    return
+                for term in p[1:]:
+                    if not isinstance(term, string_types):
+                        self.log.error('precedence items must be strings')
+                        self.error = True
+                        return
+                    preclist.append((term, assoc, level+1))
+        self.preclist = preclist
+
+    # Get all p_functions from the grammar
+    def get_pfunctions(self):
+        p_functions = []
+        for name, item in self.pdict.items():
+            if not name.startswith('p_') or name == 'p_error':
+                continue
+            if isinstance(item, (types.FunctionType, types.MethodType)):
+                line = getattr(item, 'co_firstlineno', item.__code__.co_firstlineno)
+                module = inspect.getmodule(item)
+                p_functions.append((line, module, name, item.__doc__))
+
+        # Sort all of the actions by line number; make sure to stringify
+        # modules to make them sortable, since `line` may not uniquely sort all
+        # p functions
+        p_functions.sort(key=lambda p_function: (
+            p_function[0],
+            str(p_function[1]),
+            p_function[2],
+            p_function[3]))
+        self.pfuncs = p_functions
+
+    # Validate all of the p_functions
+    def validate_pfunctions(self):
+        grammar = []
+        # Check for non-empty symbols
+        if len(self.pfuncs) == 0:
+            self.log.error('no rules of the form p_rulename are defined')
+            self.error = True
+            return
+
+        for line, module, name, doc in self.pfuncs:
+            file = inspect.getsourcefile(module)
+            func = self.pdict[name]
+            if isinstance(func, types.MethodType):
+                reqargs = 2
+            else:
+                reqargs = 1
+            if func.__code__.co_argcount > reqargs:
+                self.log.error('%s:%d: Rule %r has too many arguments', file, line, func.__name__)
+                self.error = True
+            elif func.__code__.co_argcount < reqargs:
+                self.log.error('%s:%d: Rule %r requires an argument', file, line, func.__name__)
+                self.error = True
+            elif not func.__doc__:
+                self.log.warning('%s:%d: No documentation string specified in function %r (ignored)',
+                                 file, line, func.__name__)
+            else:
+                try:
+                    parsed_g = parse_grammar(doc, file, line)
+                    for g in parsed_g:
+                        grammar.append((name, g))
+                except SyntaxError as e:
+                    self.log.error(str(e))
+                    self.error = True
+
+                # Looks like a valid grammar rule
+                # Mark the file in which defined.
+                self.modules.add(module)
+
+        # Secondary validation step that looks for p_ definitions that are not functions
+        # or functions that look like they might be grammar rules.
+
+        for n, v in self.pdict.items():
+            if n.startswith('p_') and isinstance(v, (types.FunctionType, types.MethodType)):
+                continue
+            if n.startswith('t_'):
+                continue
+            if n.startswith('p_') and n != 'p_error':
+                self.log.warning('%r not defined as a function', n)
+            if ((isinstance(v, types.FunctionType) and v.__code__.co_argcount == 1) or
+                   (isinstance(v, types.MethodType) and v.__func__.__code__.co_argcount == 2)):
+                if v.__doc__:
+                    try:
+                        doc = v.__doc__.split(' ')
+                        if doc[1] == ':':
+                            self.log.warning('%s:%d: Possible grammar rule %r defined without p_ prefix',
+                                             v.__code__.co_filename, v.__code__.co_firstlineno, n)
+                    except IndexError:
+                        pass
+
+        self.grammar = grammar
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build a parser
+# -----------------------------------------------------------------------------
+
+def yacc(method='LALR', debug=yaccdebug, module=None, tabmodule=tab_module, start=None,
+         check_recursion=True, optimize=False, write_tables=True, debugfile=debug_file,
+         outputdir=None, debuglog=None, errorlog=None, picklefile=None):
+
+    if tabmodule is None:
+        tabmodule = tab_module
+
+    # Reference to the parsing method of the last built parser
+    global parse
+
+    # If pickling is enabled, table files are not created
+    if picklefile:
+        write_tables = 0
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        pdict = dict(_items)
+        # If no __file__ or __package__ attributes are available, try to obtain them
+        # from the __module__ instead
+        if '__file__' not in pdict:
+            pdict['__file__'] = sys.modules[pdict['__module__']].__file__
+        if '__package__' not in pdict and '__module__' in pdict:
+            if hasattr(sys.modules[pdict['__module__']], '__package__'):
+                pdict['__package__'] = sys.modules[pdict['__module__']].__package__
+    else:
+        pdict = get_caller_module_dict(2)
+
+    if outputdir is None:
+        # If no output directory is set, the location of the output files
+        # is determined according to the following rules:
+        #     - If tabmodule specifies a package, files go into that package directory
+        #     - Otherwise, files go in the same directory as the specifying module
+        if isinstance(tabmodule, types.ModuleType):
+            srcfile = tabmodule.__file__
+        else:
+            if '.' not in tabmodule:
+                srcfile = pdict['__file__']
+            else:
+                parts = tabmodule.split('.')
+                pkgname = '.'.join(parts[:-1])
+                exec('import %s' % pkgname)
+                srcfile = getattr(sys.modules[pkgname], '__file__', '')
+        outputdir = os.path.dirname(srcfile)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = pdict.get('__package__')
+    if pkg and isinstance(tabmodule, str):
+        if '.' not in tabmodule:
+            tabmodule = pkg + '.' + tabmodule
+
+
+
+    # Set start symbol if it's specified directly using an argument
+    if start is not None:
+        pdict['start'] = start
+
+    # Collect parser information from the dictionary
+    pinfo = ParserReflect(pdict, log=errorlog)
+    pinfo.get_all()
+
+    if pinfo.error:
+        raise YaccError('Unable to build parser')
+
+    # Check signature against table files (if any)
+    signature = pinfo.signature()
+
+    # Read the tables
+    try:
+        lr = LRTable()
+        if picklefile:
+            read_signature = lr.read_pickle(picklefile)
+        else:
+            read_signature = lr.read_table(tabmodule)
+        if optimize or (read_signature == signature):
+            try:
+                lr.bind_callables(pinfo.pdict)
+                parser = LRParser(lr, pinfo.error_func)
+                parse = parser.parse
+                return parser
+            except Exception as e:
+                errorlog.warning('There was a problem loading the table file: %r', e)
+    except VersionError as e:
+        errorlog.warning(str(e))
+    except ImportError:
+        pass
+
+    if debuglog is None:
+        if debug:
+            try:
+                debuglog = PlyLogger(open(os.path.join(outputdir, debugfile), 'w'))
+            except IOError as e:
+                errorlog.warning("Couldn't open %r. %s" % (debugfile, e))
+                debuglog = NullLogger()
+        else:
+            debuglog = NullLogger()
+
+    debuglog.info('Created by PLY version %s (http://www.dabeaz.com/ply)', __version__)
+
+    errors = False
+
+    # Validate the parser information
+    if pinfo.validate_all():
+        raise YaccError('Unable to build parser')
+
+    if not pinfo.error_func:
+        errorlog.warning('no p_error() function is defined')
+
+    # Create a grammar object
+    grammar = Grammar(pinfo.tokens)
+
+    # Set precedence level for terminals
+    for term, assoc, level in pinfo.preclist:
+        try:
+            grammar.set_precedence(term, assoc, level)
+        except GrammarError as e:
+            errorlog.warning('%s', e)
+
+    # Add productions to the grammar
+    for funcname, gram in pinfo.grammar:
+        file, line, prodname, syms = gram
+        try:
+            grammar.add_production(prodname, syms, funcname, file, line)
+        except GrammarError as e:
+            errorlog.error('%s', e)
+            errors = True
+
+    # Set the grammar start symbols
+    try:
+        if start is None:
+            grammar.set_start(pinfo.start)
+        else:
+            grammar.set_start(start)
+    except GrammarError as e:
+        errorlog.error(str(e))
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Verify the grammar structure
+    undefined_symbols = grammar.undefined_symbols()
+    for sym, prod in undefined_symbols:
+        errorlog.error('%s:%d: Symbol %r used, but not defined as a token or a rule', prod.file, prod.line, sym)
+        errors = True
+
+    unused_terminals = grammar.unused_terminals()
+    if unused_terminals:
+        debuglog.info('')
+        debuglog.info('Unused terminals:')
+        debuglog.info('')
+        for term in unused_terminals:
+            errorlog.warning('Token %r defined, but not used', term)
+            debuglog.info('    %s', term)
+
+    # Print out all productions to the debug log
+    if debug:
+        debuglog.info('')
+        debuglog.info('Grammar')
+        debuglog.info('')
+        for n, p in enumerate(grammar.Productions):
+            debuglog.info('Rule %-5d %s', n, p)
+
+    # Find unused non-terminals
+    unused_rules = grammar.unused_rules()
+    for prod in unused_rules:
+        errorlog.warning('%s:%d: Rule %r defined, but not used', prod.file, prod.line, prod.name)
+
+    if len(unused_terminals) == 1:
+        errorlog.warning('There is 1 unused token')
+    if len(unused_terminals) > 1:
+        errorlog.warning('There are %d unused tokens', len(unused_terminals))
+
+    if len(unused_rules) == 1:
+        errorlog.warning('There is 1 unused rule')
+    if len(unused_rules) > 1:
+        errorlog.warning('There are %d unused rules', len(unused_rules))
+
+    if debug:
+        debuglog.info('')
+        debuglog.info('Terminals, with rules where they appear')
+        debuglog.info('')
+        terms = list(grammar.Terminals)
+        terms.sort()
+        for term in terms:
+            debuglog.info('%-20s : %s', term, ' '.join([str(s) for s in grammar.Terminals[term]]))
+
+        debuglog.info('')
+        debuglog.info('Nonterminals, with rules where they appear')
+        debuglog.info('')
+        nonterms = list(grammar.Nonterminals)
+        nonterms.sort()
+        for nonterm in nonterms:
+            debuglog.info('%-20s : %s', nonterm, ' '.join([str(s) for s in grammar.Nonterminals[nonterm]]))
+        debuglog.info('')
+
+    if check_recursion:
+        unreachable = grammar.find_unreachable()
+        for u in unreachable:
+            errorlog.warning('Symbol %r is unreachable', u)
+
+        infinite = grammar.infinite_cycles()
+        for inf in infinite:
+            errorlog.error('Infinite recursion detected for symbol %r', inf)
+            errors = True
+
+    unused_prec = grammar.unused_precedence()
+    for term, assoc in unused_prec:
+        errorlog.error('Precedence rule %r defined for unknown symbol %r', assoc, term)
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Run the LRGeneratedTable on the grammar
+    if debug:
+        errorlog.debug('Generating %s tables', method)
+
+    lr = LRGeneratedTable(grammar, method, debuglog)
+
+    if debug:
+        num_sr = len(lr.sr_conflicts)
+
+        # Report shift/reduce and reduce/reduce conflicts
+        if num_sr == 1:
+            errorlog.warning('1 shift/reduce conflict')
+        elif num_sr > 1:
+            errorlog.warning('%d shift/reduce conflicts', num_sr)
+
+        num_rr = len(lr.rr_conflicts)
+        if num_rr == 1:
+            errorlog.warning('1 reduce/reduce conflict')
+        elif num_rr > 1:
+            errorlog.warning('%d reduce/reduce conflicts', num_rr)
+
+    # Write out conflicts to the output file
+    if debug and (lr.sr_conflicts or lr.rr_conflicts):
+        debuglog.warning('')
+        debuglog.warning('Conflicts:')
+        debuglog.warning('')
+
+        for state, tok, resolution in lr.sr_conflicts:
+            debuglog.warning('shift/reduce conflict for %s in state %d resolved as %s',  tok, state, resolution)
+
+        already_reported = set()
+        for state, rule, rejected in lr.rr_conflicts:
+            if (state, id(rule), id(rejected)) in already_reported:
+                continue
+            debuglog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            debuglog.warning('rejected rule (%s) in state %d', rejected, state)
+            errorlog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            errorlog.warning('rejected rule (%s) in state %d', rejected, state)
+            already_reported.add((state, id(rule), id(rejected)))
+
+        warned_never = []
+        for state, rule, rejected in lr.rr_conflicts:
+            if not rejected.reduced and (rejected not in warned_never):
+                debuglog.warning('Rule (%s) is never reduced', rejected)
+                errorlog.warning('Rule (%s) is never reduced', rejected)
+                warned_never.append(rejected)
+
+    # Write the table file if requested
+    if write_tables:
+        try:
+            lr.write_table(tabmodule, outputdir, signature)
+            if tabmodule in sys.modules:
+                del sys.modules[tabmodule]
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (tabmodule, e))
+
+    # Write a pickled version of the tables
+    if picklefile:
+        try:
+            lr.pickle_table(picklefile, signature)
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (picklefile, e))
+
+    # Build the parser
+    lr.bind_callables(pinfo.pdict)
+    parser = LRParser(lr, pinfo.error_func)
+
+    parse = parser.parse
+    return parser
diff --git a/lib/go-jinja2/internal/data/linux-arm64/ply/ygen.py b/lib/go-jinja2/internal/data/linux-arm64/ply/ygen.py
new file mode 100644
index 000000000..03b93180a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/ply/ygen.py
@@ -0,0 +1,69 @@
+# ply: ygen.py
+#
+# This is a support program that auto-generates different versions of the YACC parsing
+# function with different features removed for the purposes of performance.
+#
+# Users should edit the method LRParser.parsedebug() in yacc.py.   The source code
+# for that method is then used to create the other methods.   See the comments in
+# yacc.py for further details.
+
+import os.path
+import shutil
+
+def get_source_range(lines, tag):
+    srclines = enumerate(lines)
+    start_tag = '#--! %s-start' % tag
+    end_tag = '#--! %s-end' % tag
+
+    for start_index, line in srclines:
+        if line.strip().startswith(start_tag):
+            break
+
+    for end_index, line in srclines:
+        if line.strip().endswith(end_tag):
+            break
+
+    return (start_index + 1, end_index)
+
+def filter_section(lines, tag):
+    filtered_lines = []
+    include = True
+    tag_text = '#--! %s' % tag
+    for line in lines:
+        if line.strip().startswith(tag_text):
+            include = not include
+        elif include:
+            filtered_lines.append(line)
+    return filtered_lines
+
+def main():
+    dirname = os.path.dirname(__file__)
+    shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak'))
+    with open(os.path.join(dirname, 'yacc.py'), 'r') as f:
+        lines = f.readlines()
+
+    parse_start, parse_end = get_source_range(lines, 'parsedebug')
+    parseopt_start, parseopt_end = get_source_range(lines, 'parseopt')
+    parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack')
+
+    # Get the original source
+    orig_lines = lines[parse_start:parse_end]
+
+    # Filter the DEBUG sections out
+    parseopt_lines = filter_section(orig_lines, 'DEBUG')
+
+    # Filter the TRACKING sections out
+    parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING')
+
+    # Replace the parser source sections with updated versions
+    lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines
+    lines[parseopt_start:parseopt_end] = parseopt_lines
+
+    lines = [line.rstrip()+'\n' for line in lines]
+    with open(os.path.join(dirname, 'yacc.py'), 'w') as f:
+        f.writelines(lines)
+
+    print('Updated yacc.py')
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/LICENSE
new file mode 100644
index 000000000..82af695f5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Val Neekman @ Neekware Inc. http://neekware.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/METADATA
new file mode 100644
index 000000000..d02e1c298
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/METADATA
@@ -0,0 +1,246 @@
+Metadata-Version: 2.1
+Name: python-slugify
+Version: 8.0.4
+Summary: A Python slugify application that also handles Unicode
+Home-page: https://github.com/un33k/python-slugify
+Author: Val Neekman
+Author-email: info@neekware.com
+License: MIT
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: text-unidecode (>=1.3)
+Provides-Extra: unidecode
+Requires-Dist: Unidecode (>=1.1.1) ; extra == 'unidecode'
+
+# Python Slugify
+
+**A Python slugify application that handles unicode**.
+
+[![status-image]][status-link]
+[![version-image]][version-link]
+[![coverage-image]][coverage-link]
+
+# Overview
+
+**Best attempt** to create slugs from unicode strings while keeping it **DRY**.
+
+# Notice
+
+This module, by default installs and uses [text-unidecode](https://github.com/kmike/text-unidecode) _(GPL & Perl Artistic)_ for its decoding needs.
+
+However, there is an alternative decoding package called [Unidecode](https://github.com/avian2/unidecode) _(GPL)_. It can be installed as `python-slugify[unidecode]` for those who prefer it. `Unidecode` is believed to be more [advanced](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki#notes-on-unidecode).
+
+### `Official` Support Matrix
+
+| Python         | Slugify            |
+| -------------- | ------------------ |
+| `>= 2.7 < 3.6` | `< 5.0.0`          |
+| `>= 3.6 < 3.7` | `>= 5.0.0 < 7.0.0` |
+| `>= 3.7`       | `>= 7.0.0`         |
+
+# How to install
+
+    easy_install python-slugify |OR| easy_install python-slugify[unidecode]
+    -- OR --
+    pip install python-slugify |OR| pip install python-slugify[unidecode]
+
+# Options
+
+```python
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+  """
+  Make a slug from the given text.
+  :param text (str): initial text
+  :param entities (bool): converts html entities to unicode (foo &amp; bar -> foo-bar)
+  :param decimal (bool): converts html decimal to unicode (&#381; -> Ž -> z)
+  :param hexadecimal (bool): converts html hexadecimal to unicode (&#x17D; -> Ž -> z)
+  :param max_length (int): output string length
+  :param word_boundary (bool): truncates to end of full words (length may be shorter than max_length)
+  :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+  :param separator (str): separator between words
+  :param stopwords (iterable): words to discount
+  :param regex_pattern (str): regex pattern for disallowed characters
+  :param lowercase (bool): activate case sensitivity by setting it to False
+  :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+  :param allow_unicode (bool): allow unicode characters
+  :return (str): slugify text
+  """
+```
+
+# How to use
+
+```python
+from slugify import slugify
+
+txt = "This is a test ---"
+r = slugify(txt)
+self.assertEqual(r, "this-is-a-test")
+
+txt = '影師嗎'
+r = slugify(txt)
+self.assertEqual(r, "ying-shi-ma")
+
+txt = '影師嗎'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "影師嗎")
+
+txt = 'C\'est déjà l\'été.'
+r = slugify(txt)
+self.assertEqual(r, "c-est-deja-l-ete")
+
+txt = 'Nín hǎo. Wǒ shì zhōng guó rén'
+r = slugify(txt)
+self.assertEqual(r, "nin-hao-wo-shi-zhong-guo-ren")
+
+txt = 'Компьютер'
+r = slugify(txt)
+self.assertEqual(r, "kompiuter")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=9)
+self.assertEqual(r, "jaja-lol")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=15, word_boundary=True)
+self.assertEqual(r, "jaja-lol-a")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=20, word_boundary=True, separator=".")
+self.assertEqual(r, "jaja.lol.mememeoo.a")
+
+txt = 'one two three four five'
+r = slugify(txt, max_length=13, word_boundary=True, save_order=True)
+self.assertEqual(r, "one-two-three")
+
+txt = 'the quick brown fox jumps over the lazy dog'
+r = slugify(txt, stopwords=['the'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'the quick brown fox jumps over the lazy dog in a hurry'
+r = slugify(txt, stopwords=['the', 'in', 'a', 'hurry'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'thIs Has a stopword Stopword'
+r = slugify(txt, stopwords=['Stopword'], lowercase=False)
+self.assertEqual(r, 'thIs-Has-a-stopword')
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, regex_pattern=regex_pattern)
+self.assertEqual(r, "___this-is-a-test___")
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, separator='_', regex_pattern=regex_pattern)
+self.assertNotEqual(r, "_this_is_a_test_")
+
+txt = '10 | 20 %'
+r = slugify(txt, replacements=[['|', 'or'], ['%', 'percent']])
+self.assertEqual(r, "10-or-20-percent")
+
+txt = 'ÜBER Über German Umlaut'
+r = slugify(txt, replacements=[['Ü', 'UE'], ['ü', 'ue']])
+self.assertEqual(r, "ueber-ueber-german-umlaut")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "i-love")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True, regex_pattern=r'[^🦄]+')
+self.assertEqual(r, "🦄")
+
+```
+
+For more examples, have a look at the [test.py](test.py) file.
+
+# Command Line Options
+
+With the package, a command line tool called `slugify` is also installed.
+
+It allows convenient command line access to all the features the `slugify` function supports. Call it with `-h` for help.
+
+The command can take its input directly on the command line or from STDIN (when the `--stdin` flag is passed):
+
+```
+$ echo "Taking input from STDIN" | slugify --stdin
+taking-input-from-stdin
+```
+
+```
+$ slugify taking input from the command line
+taking-input-from-the-command-line
+```
+
+Please note that when a multi-valued option such as `--stopwords` or `--replacements` is passed, you need to use `--` as separator before you start with the input:
+
+```
+$ slugify --stopwords the in a hurry -- the quick brown fox jumps over the lazy dog in a hurry
+quick-brown-fox-jumps-over-lazy-dog
+```
+
+# Running the tests
+
+To run the tests against the current environment:
+
+    python test.py
+
+# Contribution
+
+Please read the ([wiki](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki)) page prior to raising any PRs.
+
+# License
+
+Released under a ([MIT](LICENSE)) license.
+
+### Notes on GPL dependencies
+Though the dependencies may be GPL licensed, `python-slugify` itself is not considered a derivative work and will remain under the MIT license.  
+If you wish to avoid installation of any GPL licensed packages, please note that the default dependency `text-unidecode` explicitly lets you choose to use the [Artistic License](https://opensource.org/license/artistic-perl-1-0-2/) instead. Use without concern.
+
+# Version
+
+X.Y.Z Version
+
+    `MAJOR` version -- when you make incompatible API changes,
+    `MINOR` version -- when you add functionality in a backwards-compatible manner, and
+    `PATCH` version -- when you make backwards-compatible bug fixes.
+
+[status-image]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml/badge.svg
+[status-link]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml
+[version-image]: https://img.shields.io/pypi/v/python-slugify.svg
+[version-link]: https://pypi.python.org/pypi/python-slugify
+[coverage-image]: https://coveralls.io/repos/un33k/python-slugify/badge.svg
+[coverage-link]: https://coveralls.io/r/un33k/python-slugify
+[download-image]: https://img.shields.io/pypi/dm/python-slugify.svg
+[download-link]: https://pypi.python.org/pypi/python-slugify
+
+# Sponsors
+
+[Neekware Inc.](http://neekware.com)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/RECORD
new file mode 100644
index 000000000..e0c9abc7e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/RECORD
@@ -0,0 +1,20 @@
+../../bin/slugify,sha256=P9S4g7Rn4Gf4RwlkqewQU86tDBIc-LQWxLdrxn2Yp44,238
+python_slugify-8.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+python_slugify-8.0.4.dist-info/LICENSE,sha256=MLpNxpqfTc4TLdcDk3x6k7Vz4lJGBNLV-SxQZlFMDU8,1103
+python_slugify-8.0.4.dist-info/METADATA,sha256=FI0O_4c5wefK7aGhDtE_gmVk35TFPWWsQRAv9qLC74I,8469
+python_slugify-8.0.4.dist-info/RECORD,,
+python_slugify-8.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+python_slugify-8.0.4.dist-info/WHEEL,sha256=k3vXr0c0OitO0k9eCWBlI2yTYnpb_n_I2SGzrrfY7HY,110
+python_slugify-8.0.4.dist-info/entry_points.txt,sha256=s_Bxn3Nd2lsHTQ4PFCQ2z3o3xMgzQTtPPx3UGsUnI9I,50
+python_slugify-8.0.4.dist-info/top_level.txt,sha256=D7zuR7zxISqlCxArlOOOuLsWObz1_3jgosq5XhlSpew,8
+slugify/__init__.py,sha256=Q-9bKCQv89uf3bJr_yHxMPhBWXN8YCzlxQwK_kdpefI,346
+slugify/__main__.py,sha256=1kv8A15Tg_3-lrwRSVuHoYuA8_ykvra3OhCA0xYo1cY,3961
+slugify/__pycache__/__init__.cpython-311.pyc,,
+slugify/__pycache__/__main__.cpython-311.pyc,,
+slugify/__pycache__/__version__.cpython-311.pyc,,
+slugify/__pycache__/slugify.cpython-311.pyc,,
+slugify/__pycache__/special.cpython-311.pyc,,
+slugify/__version__.py,sha256=Dh3y4MnWAjNJGbaoRm3dfiytyF-iD5d-3OCfGyl__Y8,325
+slugify/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+slugify/slugify.py,sha256=MQPsw0u2g2LU-8BBT7K0DOlGtAhIxoKHQD4fWltKllY,6180
+slugify/special.py,sha256=8bHAPGnZ-1keuW4x2WZdFXVb9LFoS7i9Jo4ty_2D8hA,1222
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/WHEEL
new file mode 100644
index 000000000..09b796edd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..3031584eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+slugify = slugify.__main__:main
diff --git a/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/top_level.txt
new file mode 100644
index 000000000..f4843f722
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/python_slugify-8.0.4.dist-info/top_level.txt
@@ -0,0 +1 @@
+slugify
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/slugify/__init__.py
new file mode 100644
index 000000000..6d3279fb1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/slugify/__init__.py
@@ -0,0 +1,10 @@
+from .special import *
+from .slugify import *
+from .__version__ import __title__
+from .__version__ import __author__
+from .__version__ import __author_email__
+from .__version__ import __description__
+from .__version__ import __url__
+from .__version__ import __license__
+from .__version__ import __copyright__
+from .__version__ import __version__
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/__main__.py b/lib/go-jinja2/internal/data/linux-arm64/slugify/__main__.py
new file mode 100644
index 000000000..4cc461622
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/slugify/__main__.py
@@ -0,0 +1,98 @@
+from __future__ import annotations
+
+import argparse
+import sys
+from typing import Any
+
+from .slugify import slugify, DEFAULT_SEPARATOR
+
+
+def parse_args(argv: list[str]) -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Slug string")
+
+    input_group = parser.add_argument_group(description="Input")
+    input_group.add_argument("input_string", nargs='*',
+                             help='Text to slugify')
+    input_group.add_argument("--stdin", action='store_true',
+                             help="Take the text from STDIN")
+
+    parser.add_argument("--no-entities", action='store_false', dest='entities', default=True,
+                        help="Do not convert HTML entities to unicode")
+    parser.add_argument("--no-decimal", action='store_false', dest='decimal', default=True,
+                        help="Do not convert HTML decimal to unicode")
+    parser.add_argument("--no-hexadecimal", action='store_false', dest='hexadecimal', default=True,
+                        help="Do not convert HTML hexadecimal to unicode")
+    parser.add_argument("--max-length", type=int, default=0,
+                        help="Output string length, 0 for no limit")
+    parser.add_argument("--word-boundary", action='store_true', default=False,
+                        help="Truncate to complete word even if length ends up shorter than --max_length")
+    parser.add_argument("--save-order", action='store_true', default=False,
+                        help="When set and --max_length > 0 return whole words in the initial order")
+    parser.add_argument("--separator", type=str, default=DEFAULT_SEPARATOR,
+                        help="Separator between words. By default " + DEFAULT_SEPARATOR)
+    parser.add_argument("--stopwords", nargs='+',
+                        help="Words to discount")
+    parser.add_argument("--regex-pattern",
+                        help="Python regex pattern for disallowed characters")
+    parser.add_argument("--no-lowercase", action='store_false', dest='lowercase', default=True,
+                        help="Activate case sensitivity")
+    parser.add_argument("--replacements", nargs='+',
+                        help="""Additional replacement rules e.g. "|->or", "%%->percent".""")
+    parser.add_argument("--allow-unicode", action='store_true', default=False,
+                        help="Allow unicode characters")
+
+    args = parser.parse_args(argv[1:])
+
+    if args.input_string and args.stdin:
+        parser.error("Input strings and --stdin cannot work together")
+
+    if args.replacements:
+        def split_check(repl):
+            SEP = '->'
+            if SEP not in repl:
+                parser.error("Replacements must be of the form: ORIGINAL{SEP}REPLACED".format(SEP=SEP))
+            return repl.split(SEP, 1)
+        args.replacements = [split_check(repl) for repl in args.replacements]
+
+    if args.input_string:
+        args.input_string = " ".join(args.input_string)
+    elif args.stdin:
+        args.input_string = sys.stdin.read()
+
+    if not args.input_string:
+        args.input_string = ''
+
+    return args
+
+
+def slugify_params(args: argparse.Namespace) -> dict[str, Any]:
+    return dict(
+        text=args.input_string,
+        entities=args.entities,
+        decimal=args.decimal,
+        hexadecimal=args.hexadecimal,
+        max_length=args.max_length,
+        word_boundary=args.word_boundary,
+        save_order=args.save_order,
+        separator=args.separator,
+        stopwords=args.stopwords,
+        lowercase=args.lowercase,
+        replacements=args.replacements,
+        allow_unicode=args.allow_unicode
+    )
+
+
+def main(argv: list[str] | None = None):  # pragma: no cover
+    """ Run this program """
+    if argv is None:
+        argv = sys.argv
+    args = parse_args(argv)
+    params = slugify_params(args)
+    try:
+        print(slugify(**params))
+    except KeyboardInterrupt:
+        sys.exit(-1)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/__version__.py b/lib/go-jinja2/internal/data/linux-arm64/slugify/__version__.py
new file mode 100644
index 000000000..854038e50
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/slugify/__version__.py
@@ -0,0 +1,8 @@
+__title__ = 'python-slugify'
+__author__ = 'Val Neekman'
+__author_email__ = 'info@neekware.com'
+__description__ = 'A Python slugify application that also handles Unicode'
+__url__ = 'https://github.com/un33k/python-slugify'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2022 Val Neekman @ Neekware Inc.'
+__version__ = '8.0.4'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/py.typed b/lib/go-jinja2/internal/data/linux-arm64/slugify/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/slugify.py b/lib/go-jinja2/internal/data/linux-arm64/slugify/slugify.py
new file mode 100644
index 000000000..09c7e076c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/slugify/slugify.py
@@ -0,0 +1,197 @@
+from __future__ import annotations
+
+import re
+import unicodedata
+from collections.abc import Iterable
+from html.entities import name2codepoint
+
+try:
+    import unidecode
+except ImportError:
+    import text_unidecode as unidecode
+
+__all__ = ['slugify', 'smart_truncate']
+
+
+CHAR_ENTITY_PATTERN = re.compile(r'&(%s);' % '|'.join(name2codepoint))
+DECIMAL_PATTERN = re.compile(r'&#(\d+);')
+HEX_PATTERN = re.compile(r'&#x([\da-fA-F]+);')
+QUOTE_PATTERN = re.compile(r'[\']+')
+DISALLOWED_CHARS_PATTERN = re.compile(r'[^-a-zA-Z0-9]+')
+DISALLOWED_UNICODE_CHARS_PATTERN = re.compile(r'[\W_]+')
+DUPLICATE_DASH_PATTERN = re.compile(r'-{2,}')
+NUMBERS_PATTERN = re.compile(r'(?<=\d),(?=\d)')
+DEFAULT_SEPARATOR = '-'
+
+
+def smart_truncate(
+    string: str,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = " ",
+    save_order: bool = False,
+) -> str:
+    """
+    Truncate a string.
+    :param string (str): string for modification
+    :param max_length (int): output string length
+    :param word_boundary (bool):
+    :param save_order (bool): if True then word order of output string is like input string
+    :param separator (str): separator between words
+    :return:
+    """
+
+    string = string.strip(separator)
+
+    if not max_length:
+        return string
+
+    if len(string) < max_length:
+        return string
+
+    if not word_boundary:
+        return string[:max_length].strip(separator)
+
+    if separator not in string:
+        return string[:max_length]
+
+    truncated = ''
+    for word in string.split(separator):
+        if word:
+            next_len = len(truncated) + len(word)
+            if next_len < max_length:
+                truncated += '{}{}'.format(word, separator)
+            elif next_len == max_length:
+                truncated += '{}'.format(word)
+                break
+            else:
+                if save_order:
+                    break
+    if not truncated:  # pragma: no cover
+        truncated = string[:max_length]
+    return truncated.strip(separator)
+
+
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: re.Pattern[str] | str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+    """
+    Make a slug from the given text.
+    :param text (str): initial text
+    :param entities (bool): converts html entities to unicode
+    :param decimal (bool): converts html decimal to unicode
+    :param hexadecimal (bool): converts html hexadecimal to unicode
+    :param max_length (int): output string length
+    :param word_boundary (bool): truncates to complete word even if length ends up shorter than max_length
+    :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+    :param separator (str): separator between words
+    :param stopwords (iterable): words to discount
+    :param regex_pattern (str): regex pattern for disallowed characters
+    :param lowercase (bool): activate case sensitivity by setting it to False
+    :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+    :param allow_unicode (bool): allow unicode characters
+    :return (str):
+    """
+
+    # user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # ensure text is unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # replace quotes with dashes - pre-process
+    text = QUOTE_PATTERN.sub(DEFAULT_SEPARATOR, text)
+
+    # normalize text, convert to unicode if required
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+        text = unidecode.unidecode(text)
+
+    # ensure text is still in unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # character entity reference
+    if entities:
+        text = CHAR_ENTITY_PATTERN.sub(lambda m: chr(name2codepoint[m.group(1)]), text)
+
+    # decimal character reference
+    if decimal:
+        try:
+            text = DECIMAL_PATTERN.sub(lambda m: chr(int(m.group(1))), text)
+        except Exception:
+            pass
+
+    # hexadecimal character reference
+    if hexadecimal:
+        try:
+            text = HEX_PATTERN.sub(lambda m: chr(int(m.group(1), 16)), text)
+        except Exception:
+            pass
+
+    # re normalize text
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+
+    # make the text lowercase (optional)
+    if lowercase:
+        text = text.lower()
+
+    # remove generated quotes -- post-process
+    text = QUOTE_PATTERN.sub('', text)
+
+    # cleanup numbers
+    text = NUMBERS_PATTERN.sub('', text)
+
+    # replace all other unwanted characters
+    if allow_unicode:
+        pattern = regex_pattern or DISALLOWED_UNICODE_CHARS_PATTERN
+    else:
+        pattern = regex_pattern or DISALLOWED_CHARS_PATTERN
+
+    text = re.sub(pattern, DEFAULT_SEPARATOR, text)
+
+    # remove redundant
+    text = DUPLICATE_DASH_PATTERN.sub(DEFAULT_SEPARATOR, text).strip(DEFAULT_SEPARATOR)
+
+    # remove stopwords
+    if stopwords:
+        if lowercase:
+            stopwords_lower = [s.lower() for s in stopwords]
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords_lower]
+        else:
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords]
+        text = DEFAULT_SEPARATOR.join(words)
+
+    # finalize user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # smart truncate if requested
+    if max_length > 0:
+        text = smart_truncate(text, max_length, word_boundary, DEFAULT_SEPARATOR, save_order)
+
+    if separator != DEFAULT_SEPARATOR:
+        text = text.replace(DEFAULT_SEPARATOR, separator)
+
+    return text
diff --git a/lib/go-jinja2/internal/data/linux-arm64/slugify/special.py b/lib/go-jinja2/internal/data/linux-arm64/slugify/special.py
new file mode 100644
index 000000000..918cb2add
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/slugify/special.py
@@ -0,0 +1,47 @@
+from __future__ import annotations
+
+
+def add_uppercase_char(char_list: list[tuple[str, str]]) -> list[tuple[str, str]]:
+    """ Given a replacement char list, this adds uppercase chars to the list """
+
+    for item in char_list:
+        char, xlate = item
+        upper_dict = char.upper(), xlate.capitalize()
+        if upper_dict not in char_list and char != upper_dict[0]:
+            char_list.insert(0, upper_dict)
+    return char_list
+
+
+# Language specific pre translations
+# Source awesome-slugify
+
+_CYRILLIC = [      # package defaults:
+    (u'ё', u'e'),    # io / yo
+    (u'я', u'ya'),   # ia
+    (u'х', u'h'),    # kh
+    (u'у', u'y'),    # u
+    (u'щ', u'sch'),  # sch
+    (u'ю', u'u'),    # iu / yu
+]
+CYRILLIC = add_uppercase_char(_CYRILLIC)
+
+_GERMAN = [        # package defaults:
+    (u'ä', u'ae'),   # a
+    (u'ö', u'oe'),   # o
+    (u'ü', u'ue'),   # u
+]
+GERMAN = add_uppercase_char(_GERMAN)
+
+_GREEK = [         # package defaults:
+    (u'χ', u'ch'),   # kh
+    (u'Ξ', u'X'),    # Ks
+    (u'ϒ', u'Y'),    # U
+    (u'υ', u'y'),    # u
+    (u'ύ', u'y'),
+    (u'ϋ', u'y'),
+    (u'ΰ', u'y'),
+]
+GREEK = add_uppercase_char(_GREEK)
+
+# Pre translations
+PRE_TRANSLATIONS = CYRILLIC + GERMAN + GREEK
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..a17ced9af
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
new file mode 100644
index 000000000..5ed2d0fda
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/LICENSE.txt
@@ -0,0 +1,134 @@
+text-unidecode is a free software; you can redistribute
+it and/or modify it under the terms of either:
+
+* GPL or GPLv2+ (see https://www.gnu.org/licenses/license-list.html#GNUGPL), or
+* Artistic License - see below:
+
+
+                         The "Artistic License"
+
+                                Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+                                The End
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/METADATA
new file mode 100644
index 000000000..23bd3d45b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/METADATA
@@ -0,0 +1,73 @@
+Metadata-Version: 2.0
+Name: text-unidecode
+Version: 1.3
+Summary: The most basic Text::Unidecode port
+Home-page: https://github.com/kmike/text-unidecode/
+Author: Mikhail Korobov
+Author-email: kmike84@gmail.com
+License: Artistic License
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Artistic License
+Classifier: License :: OSI Approved :: GNU General Public License (GPL)
+Classifier: License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Linguistic
+
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/RECORD
new file mode 100644
index 000000000..c6de40859
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/RECORD
@@ -0,0 +1,11 @@
+text_unidecode-1.3.dist-info/DESCRIPTION.rst,sha256=6Fgx54K_UeXRByELmqkfLcHlbXhsvNNJdkPFT0VF0J0,1199
+text_unidecode-1.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+text_unidecode-1.3.dist-info/LICENSE.txt,sha256=OTjnU1w-TvfmNj3ptpP-O6_jxKXl9JJc1IN1CW_nr9U,6535
+text_unidecode-1.3.dist-info/METADATA,sha256=B9j-1l4-yN9P5e8mpBrXCqAQsRUnA4Izyy0hG7Jyrn4,2422
+text_unidecode-1.3.dist-info/RECORD,,
+text_unidecode-1.3.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+text_unidecode-1.3.dist-info/metadata.json,sha256=vYPs2_8Q45eS8mrUw0qzf1NeShHDuX_lpyh8S3yqg9U,1299
+text_unidecode-1.3.dist-info/top_level.txt,sha256=SQH9SRjWlLrD-XgHyQOPtDQg_DaBt3Gt6hiMSNwHbuE,15
+text_unidecode/__init__.py,sha256=_hESqlvGR_cTy0oryPuoyrVntCOIID7bHDA-y22I1ig,484
+text_unidecode/__pycache__/__init__.cpython-311.pyc,,
+text_unidecode/data.bin,sha256=eSRmbaTOCtJNS4FCszDm2OiUZc2IOTRyTNnkt9gTDwk,311077
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/metadata.json b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/metadata.json
new file mode 100644
index 000000000..3d8b506b3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Artistic License", "License :: OSI Approved :: GNU General Public License (GPL)", "License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Linguistic"], "extensions": {"python.details": {"contacts": [{"email": "kmike84@gmail.com", "name": "Mikhail Korobov", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "https://github.com/kmike/text-unidecode/"}}}, "generator": "bdist_wheel (0.29.0)", "license": "Artistic License", "metadata_version": "2.0", "name": "text-unidecode", "summary": "The most basic Text::Unidecode port", "version": "1.3"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/top_level.txt
new file mode 100644
index 000000000..2f7a53e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode-1.3.dist-info/top_level.txt
@@ -0,0 +1 @@
+text_unidecode
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode/__init__.py
new file mode 100644
index 000000000..80282c74a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode/__init__.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+import os
+import pkgutil
+
+_replaces = pkgutil.get_data(__name__, 'data.bin').decode('utf8').split('\x00')
+
+def unidecode(txt):
+    chars = []
+    for ch in txt:
+        codepoint = ord(ch)
+
+        if not codepoint:
+            chars.append('\x00')
+            continue
+
+        try:
+            chars.append(_replaces[codepoint-1])
+        except IndexError:
+            pass
+    return "".join(chars)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/text_unidecode/data.bin.gz b/lib/go-jinja2/internal/data/linux-arm64/text_unidecode/data.bin.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfae7c3bfe5368bae3efc7b8fa8ed47bd3e79a2d
GIT binary patch
literal 70243
zcmc$^Ra9KT(kP6(ySuyV;1UP~3BlciLvVL@2u_edfS>~e3qA}CZV7HPNPs|K@FCcr
zbMC``@5}uj?_OQ2tE+c+byfGOs$IPqQ?Zc#^Ps$(J|#w)OXf?Zl<%D1g!kXweGD7y
zZQJYCXftqf<{;Kg{$`?`^37Caf`-J_Dv69aH_p+eJ^1DC15_-kQ#5zlVREDYGtzdb
z<~9mlsnv5N{3Y=P=~)Gl2~|jVL3=hp%t6ng3W+Z$&svBU=wQMN#<Mx%96Ffzg8cjn
zQ4WnvctL+QM(jW%6JJoDbrFNmmjrqQmV81a<_p6!!!vRKj9@cf7s?QZa|c5P#JvJy
zK6oQ#!mz_I%10>S?2kCl#1Z&|(K{exxHz3Mdc9sOt5kxF7?itIk<@HHfdCLIa1AB<
zD-?AIM@bNh5!Qy%BIv_#cZL;)wS>Ge4u#NhTWm1UrMjb}`Jg2EP#BKY2+lGv8p#Vv
zvkk)E1SyQ%!3E){j|%X_=iMtqM&&NTmuFt87mR_#2uAq?*~7r$p_WK|M&wP?t@sC_
z4$<yF#&Um36h9a#g6wu^#48dvl#p>`dn8;c2thRvGxF$<W+=70Vi2(epE$UoC>!>T
zNVnA+3c=@yG?l`f5`?sH%lGv$#3T;2(5{ksqbAyXGlYdTEZL;|!8#3XB4}?~jzZZm
z@ILP%^``Vjp`4GCo~}esy)(niUk@k%mMYZ}%nj8BplyS=8^7Jy_Ag-o7jEf5m>WdR
zws?|QfUfmrZw&IfA?klB92Sj0(8xcM5kTG0CXMwHWyrj|J&Uo-ajACc6{^g`aJH2w
zn{C2y9)N^T7>&674M9)BeM2XEd9)WVok=ebaI~@^C;Sz-T-eLMLW{t1C9T^6T~nBG
z&VP>@MfcOG@I{`&Ep3+icG1QdGTZV4%%C=&<&x6H&-$8jP@`ZtIBYocV+8FWuXFBk
z!Ph+BiPG^KNBP}$b>PtuS(zLr<3Al~n_uBF4E9H{yF*cGoZ)|Q2z&(0grdYZL6X+t
zsZA(zFj;^KTKx)~riDK8jTQ_K@Hr+4Zy=$?-_T+x&Dw_pN0sD4n&P^6h$taRFu&Wq
zjDA>DDq(5)giMEcTcCn4e3eN#n7|7v+pXUHU9GTq$QV%%TG5MUReev1^|$2$aZOQ^
zyXv(JJRYgRX^{b%jO<b*s3305`+5-H=W!uF&Os13NdS!f_Cj?qVFwflN7)eAOiYB!
zBFLVxBQObJ#&D!TN`+p`I~Y13ss(0%K$cH1pi-iz048+7^O$-l;j{>oSNFQ_W#PCl
zPbha}y7olk>TFcQRZ&_d!x-B`8+QYJxa9+pF=2-dj6Gw_kF2a0-7k0#hj6?ymgol7
z=#n9QRj6*>fcT2WuFl1V>i&0hG2El(i`u!1*}Z;Dv~%j1TmID~@TZ)fE{!9WB39)<
z!=b*Y2JxWBFAxerABxCV)%*2Pya>$jsAr62TGd>+Ap9p@6Kkcxr1yL*LmXv70!K-_
z_4rbPHc%T<FI)6O?~5zsgRk+m46c-VgHcsUNoAl_WR|{Jbi8GBF+p!M*DiDd7%nv!
zg(EG6G?$4F<kPn_OjEDc_YmP@g_LG1Ija>_8^^jmE=1v-n#6QS5oa7k&KT65LHIr6
z<wDhm-pm`h6xn$=xX^0ol*LnbugH_-q*W2nZ%QdNIJ8i{O_8)u6uyo)_(q<oaC4zO
zBR;+2v)-~SwX53bndQJ+zZtayeGF^6J6fpH^@|5@VFvBz_9JvQL^c^Aj)S-jmUZVK
z_ug`{UT^bLkOQS>U}X>P72(Y%OOrEYXNn2mK+5I-YNo%v!0q^90r!AplvCxT@;{)y
z)p#YaPl*&|uea6d?@+WVSK?Pj8GUKFA?EO<{ek29wpWAW!{b<A+Oy3Tq9SGlWvr{E
zRd=_)n2Rt=|JfW+rh8;W-?m2Kf9lwfFq4Tvo&_1azaVi{W+kwq=WM{YKLWGg;MI?6
z9f7b*DdrO?g`y0o8m&P@-vul0Nw{k*c2|J7gfLbF*+2{?z*(B49T-e~I58YkutAq1
zWhq*kqSYPkXc56Mn_A#ao@|Hg7KB=oG`J!NqiMDRJ+cP{q2JQ9z>&^g<X^+(gV+A1
z0%DcEx%f;8?cxDx6`mQ8B5tngNEE!0y`U6~B%WE+8C;1b8RB5)Ugdn7H@mMN*AsPa
zQ6BN7955p&+MarV7srhFhA#+YJ8X;qSO_K5Ns<7vk{y~tr^A{7A*(@e%%Zk_l~g~B
z!~rMy&B!og3^%**M_z%eI6UVQ<wNsrn4)5tkxoHpx&sG<$#s#0gir$wDKg#eRIe2v
zt<4>V1nsJOipE=8BIlN<c9a0tJd5oiv9`fO^wM%lp-(w_t;xDF>G*fXV1vmM6qmw2
z3_Y(Q;eqX;293th`P32dL=G`l22U2}9i_Eu0{#g9>-ee8Zl#M;H!5}J$qlX-*bC7%
zQ#AG7`z>%$Fi~rrKx||If695MNh=|~@nDo0nCu1VP5^tCK|U@K&K-uvI2?{3laG&#
zYk^`SoDq}^hO1w`2&+WM=^XHjWwi`Mmna_wHBD8$z`ocP5`Zav9$snu)Lg%bDis>S
z3elh%NDO`90p9iEuYF{1gyNYAC0Yid7QlIwH*2EMr&;uxZE?D!hKTdZD2d~6+4f7u
zan$57Yk<+_LDa%<x9$vkHx`k!ti5o$ZCW@K|FMA%JgB$9-P^|7+xF14$(*}LM8c4q
zrt+B{N@ivw3yzY7)4#JVA?o?XB7&#p5IM{G^gSw-g+#(>w8p@pC11-<D7)PP^r0v1
zQDy(<tVWHA+BU9uWGZ@}(s#<WG!_GtKLep!wY7|WwQO(Xy!Pg-21bGg5`y)I8k5ih
zXwE$ihj_btk~!U(=ayqWCCUP?;ILUt(+12)k<oiO)bNn{9S~;jCk4m8z4IOV^C0(D
ze*;DuzrN9OpIC+C;~nQaqXsE#AGc7N2*%jn_4p+%DND#pe<JXOh=2jKmk4a{@{M#p
zX9jFO;6)4`Elo%-KQiw;<!wdGTf6eicGlP_wMP$S{<wJH+^yZ*n~RzF#%1KE)e_N}
zL=jC>@eDm0ZpR$lFCIEPVavMuWF4VdNT>tW9aU!R>)_YEuB}LQpLnX|MzABGJGz+9
zF{{bWyR~n?%XWzSq~mQ}6)govf(YWu{Z~#l58OXK-=*YVdO-nT{5FhvZTE27`;1co
zu(U!x>HEt0q{_}i)$HTBo*ji8n@8@H>d?^4v(b!)S9i~8xCbK!*QxxZMY)V4#*C#T
z>@bB;`Lic*5#m_upnwE6<ubk=<8>e?fiD|re+9Q!24_x>^dgQ6)O8{c4s7_S?04b;
z`z;5_2hm-K;V`TG^VylvON@L;%JaE}57M6oB=x6`mn|&I!WGdbINe)=5+5Gt$vhP(
zi{p;|T=yTkKH0Hq`Sx7d93Hk1(#=0AWE@KuFI~T21i_CY@6XPt)AxA)V8L}4{7+~M
zucRX2Bshp@u?vi8_RO4kB6GUByL92aUF3?bWk_Y}3&UA!e<eQfY9jHAEm>|L!`QQz
zeotzZ&gBe+Ih%4m!-M{Y$hz`-lq8k)vN$j^d(eQ6vUpW_LDY}zxv@9<Jb9Xz!143p
zm~^O{Cz|E9R{p}RE{J)QBxP!l{wd^RG&q`+`ByG|)I;NYTgR!{r`4_0Ev(FR#2*+z
z*!P3+Yo(59($!En+ASj>Iu=tGdJ)SB-ybGLoc@Eyf3Q1D+Wi8>-i+0qe?uNIRPsPE
zaE~#N&icTt{IUBNW38&RlS-`c`c!S#d&ShtYXN0Q4BR}L$<}7TN_0G|u78f3Ei7H5
z2_OIOSf;GglVcfYXsMeeI_v8F(vh*x?=l$L-_@7d7f;N9GeB?e)wA47<W9u(p8ND=
zEb6m8tBy)2zr#F~oP=+cZE*mT)BLSqD{}APoaFAvYU#@EC8<d`N~-Qq1c>z0kdQ}S
z&4|MO#1#sMP|$sb*Jiceoz#bgujk5yf6+rO-&z0jPW5{HHfWslQLNY4ROIl}BhDSg
z%iqDMUBKY`4Bah{N>Bg&X3>rK6`!)Xe`f!g#4`~4Unqi3W&^`$hIt@wM=0`kUm-6J
zk`{pQ?hB5|jJ!4f&icnybqfhV>3#vDd2Mb*+LES33ukRQ9Qvo~NvTJt2uf$5?%3X)
z3GFv{v&*zn=H<g{GH2F9Yv`q)M%FN9o1u-U&d&5Eb2j~PH)PBIq6N@jyk%!m6V^5}
z>!H7N%f2RFHsR!q($8<afxDK?wj}3pI<IC_O2oxIfB<7?iQ2-yf~(?=byj;kZ=0%H
zn4&Qg)md&+wKUuVx?V8?Nl!#tSsv+#cf*uKc8{XPB$y5-{1p*Z((Pk^wi5(=mJeVK
zxCjk`Vq_v7mLUX>PeI8KKAc18gN$BGw-h_O^w7-5a7@@h@{Dq~E+^ha7xS|~gdZuP
zJ!3EJ`oJ*#V*)B|m-|qt&mC&_1BON4=ic*Zg4NYZEjPg0)dO<bP9Xg89utBGbLdQ9
z=M%J{*55^;5H+y??c!|#C4t>BYD!GsIEc(<nG!43P@LTS;?wlLB^;pTmtbj?1T~BE
z<pT>rcCl3cKGbsq38SX&#M8|-tyUv;D5=tXA>PulQ|K|<Gy*Gb-K9eZ(iRk0DXCaa
z#%gG>SdIoJf-GTbh~x@6!3xw*;(i<`yjolo*~GlF5oqtdJIF9nkm6%OR9ubmAZ4Wp
zPh8YgBwS2fdmCGRK0ZDGUo$@0h4V$=MIu7$(dE$tR>{?jZ$Z<I=Y0%ar0V`gA;51D
z(%mNk97yLM`nx>(r`z7+)F%AIHayhB#?gk{=D@}gudy*cFFr5P@UbJ>KdK|v|IzWW
zGQK0x|FJHKf9SinkL($EE_D^qxaZL?0hbwa!)!^9URegY;kFzHTU*mc1o~_Yotz-<
zJKkXQfrd_4hE72L7?BR@gU1fJ_Sw_`TG6%KaDZCCXHisV<XO5>YE<WCP*J=nq4NsH
zHdPQQG(A>wY>3tkmL4z3ux&xRO0|l%Dz!?5O6z88Z@Xvf>jB*y3Xbx{JRBS9>G1Z1
zZI0Y`M0a6qV+5T*n}p%ZW<hQ+{;fae18ZF?0-m%%wCC3z0aaS4Q%G8vTJ|<B{Cxa;
za(pfLd|r0Az&@Y<O5|mC1?=mQ0J_-}tj1f~+pL(ab^uRo@79MlhX6yH!<$rv=D5DN
zzTcaqca|U5M?Fxlg3PZ@JAZlMPw!w94*LIR7O%ea^f~4^iA+LCNNvg9-ptiu>bS6~
z1C>H%x%y8H=O7oTV^jfw6%DFjQ+xr1)#9rz3{TWenWQ0F+q-2@QzBM(mzq1WCoW~z
zp3Y-m(#(hlT4oX(@%flis(nCg9W}Z<>JKCXOaprxSAK1NZ8_~0eC<8wixC8OL|QpS
z5bOnRv7qY4@`gb{RNX)d0X~bM?rsSoQ6XF*Um;Npr)AJID6Ls~FS^*Wx7)*p0%Dtw
zzsUD2^9*=q(2a6Vs)hQx<DizX4AuN+pH<;}|Fn{<8*T-rfcE{DBE)ZZ<;^ho!SElY
z{y!8GTG?(MfW>Hw`*JJ#YNO?5hU|s%$tu8|g=BSejKaqEWH(?l*}5k^{p>a`+8EhN
zI>-^PuZ_aWH0S_k*oTg4jND9TF**flFz>$fCf8p~kDj7MZSkDW6j6{p;`y5i=S3{F
z1VDL%5OCDev+b%-;L8yM9pF1=CgWBtXXe?k^FKKJ2bBMyAoC2F2K$yF{4c}|``Mje
zZLTj_QCt#BQvk&vE=y8FkB@{b^Wy>jB5|r8m{ln__S-Ov2RvJY51)*9p%7&uRRxdK
z<{rZ;F{zoqkAT1mldwf4Y6XVBhy;Eh(2tC|Dd`T7@L5o8lo}2C*e!sfy))!zYZE&I
za)Q~k!-1w~t9;u+s-_8CbMrSC!l-SUD-8NzT8l1<l_m)K<F7-vT|TNk4R2-J^#?9v
z*|+(Y<~??ghrf;$+!CG*L<yR0DJ6tByJpxe+HbFDW?{T0QEHj*2hrM9qcS9kZ8xRS
zJazFkyGPiGqF>fO_%43CTKp!u*eSE0&61r$ndUbo&1O<Y!y=UEz%TH_ZE8mI$E?<m
zS&fa~Hl!^SEo6f2!W!>(M_E7l2#^%^96BXkT9|w46bD!p2dJ+bVP3fvZlL^Xj_MJ#
z@x-YfyZ~jh$tHeV^%YgEZsC{Yd?PFPMwZp1AvGt=LgPZ&M_k%WzpR9L`{aLH$#(<~
zm&UNV(GZNs|Jz$RNfm8S$AMF|hyOSqWfJjjFpHUY91TEH1@Exq;8(TF;TIR@YR$x!
zB<5W;mSXQXo_}4Zd;fozhyO)94qUqNa0SQ!l4*|jkDK#HE4YzvtI1zm4EnIIz9*e+
ztEMi#jUFiAZ+dP}aKqvM^%a1e5x~Ox3Tw(&6ddrsOZZAKu~8Zavmt0=yj?bNT1JPf
z?b1hGdw=`Oh%sC51!p#iY$DrgX!UHifVCSWEza>4r6eG`KZy!inrI);+|D3@kbNYM
zpd6&k+%Z|*lv>>kTHWND`JmdxA|b{`GP(kIjZ5$a<M4Agd_D9d8%rQziCQ0+#mbIY
zu$2oh0~<dk`T&n|8qfSR%)Pa04m_Qw7>C3v*9u?&r}FK-8N=n@^%zU#-%S@t2}_a(
zh<K0vl&$sPVErB^gsuC_Z*!;-ONbXRjYDgGN;i!|@&ho8Bq!?gv)TdZM~*t`ABELV
z4AQ4dLCV0R|B!A~W5U3s^VWus;cyPejPrS#l{)p5dVzOe4$#Juze<dH#WK_f7ZP-L
zZ}k-t#G9_#BrX?{=Y7p^k<2Pr$hraZQRKtN(QIW{Xk;&oUk&`(%yh><9qiDD`e7sA
z#Oqa>lm&R?BIprGAsHg5(RrJM$?x+Dqb3#UM||QjXpG{Yf~P)X0S+W2rlN?Xi=`s)
z0<hvGhCkbKKt%WK;~$tWMypmyzK|x8{7bi8OAK8vk6bVR8;1GAJf~Z3*Fejn0BgN$
zcp2xE<(ZjdQq<ltzLx}hNOUI?1t|p;I9v|(g1@@veKdXC!eSV5vruat=}=9@HYVlg
zw9xIYh``b9M0Ey68IKE+zyAYBT=B-Po9T%sPk2DL5IlSzGs1M-<sA>Zy)UvFrp5AZ
zSGHs?I@$G_kuDOuaAdvfh>`xC0VlceZ(@G_=sDyQfnv{Ep8or7XJeT?a2BJ+Tir+z
zsG65O%YTt(0JoXJDYdT5Kz&&WvPZo9%OIj6$TwsA=WNe$S0645eEPXI24`+VADzd4
zT_?JSIryx97>rukU;y}HAu9)=Hqe@EZ4R+K?*JhUQl?oA(ZMU-^msh|!t#t;xJQy4
z75G2;(2z`!!&EVbF&%W0ruMew#7J`8l&-GnGvgI%AEray+z(IaSA*eD<l;)k)1j7C
z4UD_{C>qhoSr2yRXKFwu3D<`M=Rziz1S!Wi!+8e9OSIZ@mpIOV*HhlO=$p+fb3Uot
ztan{H-Tne{6He(^A2O1Q1U!XAZu1w(wrr-KK8!J1O^gakrIT9ukn8$teHAc*^LRdg
zv~?fCN|;ah6idG<EhV*z99yec_-0uj%^-lntYu=84t;V%8Ts+E;xj9Xc*1$}ig$#{
z4xV=`@gTbuLR4KdzscQ^*L-c#sIx8a|3n{*X;*B7q<g;sB*VAmKh~BlcGf;#2j@Bf
z-%QtN{MqWe_UQhZe^^)Bc)oEw)$1M4ulx3;QuXGXqv54B?nV%b-^pw-xS|fHDB;LG
zG#bKC`MfHP{@1P0ll}gM`;Q80Q5T`(!V~u&NZX}>(_=}~ZPmKX)$9rUQ^AbY<w(_O
z9=fb&f5vujPoS0VPVoIH`(apq|Gr7kp&It^&iRvUi}QIO-XT)KB|%xL^#00=wEb13
z^E3CIV#~)MQ>)&>tXoV3BGDb*CD`^r5)f#6he>bHa~>A9@Df7#5;?CV8*dO+fI?LZ
zztBPiQCc}+8#^#{dX)~gqbl5{MBW|5zwAU3zQj#f$&cdoGLF=igCGvHk7)Au{D3IT
zix*@-)L`u3gDf}E<y|K9oKY@CA?>BGTH$#x?tI<@N{TpQMI7;V6TYC`!DJEpxw^Zf
z44@}3sQIMfBY6bO_b321+XbK58kDNZlQNF_v(N6$7!k{Ena`->`MLasMAGM7IKdLd
zJ7e!KJpOJ!+#|)nSm~~W`C}FQjIwfNQVc!wr={c{<qc-Tf)*aOzW0ZMz=|{RP(s20
z8)wFc{zP4G*;~w2g|UcpnDf8f0NOv2HMG_mn!OsC@w7ei&mFuN1pP&^8cMB&?{at6
z!u`-#spR4pe$>u`CY3xcQM_CGqa~>{_JGpfUNC+PkQ63v<Fhw*psQXlZs1v1<lPw~
z^7lJfsK?;QcUnT?#DAv9p?quQ&pBy6?CJV1fz{ACRMG^p7jgRs@l5MJIMKO((=X8z
z0ibDl2@mkvxXZG-g9ZLe*A9q5{(BCI75{S(t%2Pu)`d^cT0VD?Uj`MXv<If#Cm;F;
zFL}4-%0mRRg&91APl6u;6)yZ=oP{P84#IXWPP*1k&<7(v^~>MqTAy28t%crQzT&?d
zJhJ1?_FQ{@uX7_9oA-iO%fB-8z)WmoLpW<g`3p#hi=deu9_9_gDgY+%BB=Q26p^iC
z66b8tcWjx4@gh>y9IfrSTR8vaeh85Vq9ox+&kO_6k%V_p{xGzcs5M%Kk#i{VCg{)`
z^BH>}#x05K3F8dp1uZ!~+yP1ckUPC|DcL4?pSXP+oVmmJgQ5S=6~iDSTww5gYQP;(
zX&JI{C>NmswT##)2ww}Des~-Zd}#Aw!gR2=&OBOn{-*2o&<8ok?3+4&XcMH(3@+cf
zbF`Kq*pG5QJt5u-0bwG-t#2Lo6bZ)11{fBaARkmEZf}x2>5rJV)^#C^zbLyipX5D$
zY#{%c-;h7Qc(7lu>I&c9yF=YRxC>t^Nay^f^?&8?H|_S=qx=r>6cu>?Urxg3R}TZH
zQ)AI|S?S?&pUrg<NdJ|EZX9`Sb%pi&jY-D;S_-OMwfV!b$@*g{!T(~7e17@gk@nk%
z|7DFT%|!bUqS{pkNB*z$Qdy{Ntu3$oPFm@*|2s8ih(_1#kJfMZ)QqtIV+6w#@qc;w
zS0wtmDbQ<`=<a9zS06I-D&ITGGrr6~LbU%oG&qZ(X6EVi{knjge4gdn|4_CD2b$f#
z7|dETqD<u>ywKu5?imI+8V5wi(oG8bXUZ~Be^yBF(kZ(gjL(EI17fU4yaJ&s|1KV$
z126}o|Ka5@>i}qptoPjpJ%UC(jEtA~eCX4^X7kw-5LHmv<mHDh?1WG??8gq_Z%0CF
z1JB?8Nm32>KdsXD8T8|bIY*&RpQleC18jPdi=umCi(-SLOrxYJxJyC{ZF};~QQa`R
z2$qpOQ5##2*4IaxAZ@xBxbo6`S(G+3Kpe7sNXc6ln#2xzV2GtH6i+LhoM0A6@|GCN
zH)I%vqIF?uiw_nhG=8TBu_eZ8v<|Ae*{H)nTaxrK!9dj_`w-3n$=lC|bA-)nKJQ5x
zm`)}{8lZ|mlv%y-5}fVBRp_$_1qX5bD)AwDvB-WE=>G4OQFSUXSqsG~)}ta&b!<@#
zk4BgQ|Ly@@hhPR$AvlS1ur*()(;<CK0$G2lls{x;Am5<BbXJPB1UCeau*(V)-P<Re
z$_C|>>DSrwfhW_?E*+*{)cK7lM?Zfy;9-^-F0OpX?*}??HK<(2ZPb47G+h@pu^vKu
z+oUJJ^Wgc%=+27VDACby3zL3}ch2^bOs7owNt%v+Sicr^u57qn2eYgUWE*zk2MrGM
zQmM5{9O;gvBBbktnbMZ||Gwa*KLR0fc7Du$Mq26?{b$kg17Wk*0{^*Blr8v&u32`s
z5B#%ppiim2-iMC@n?*bEvL*k}-vXQ5|ENXDgQ;6$0S&8`V`qE;C#$0Y#JyLmGxlA{
zTZX4Nk7Dl5ue;j=12NA|A!kehnf7;V0p+7-SF7Q~y@K{#cU-r7Hhbo*2*k2rOzQa`
zq6gBhG%wUm=}|%s^s}_^ik7|14NvJ2!CkAR{T+8|fKNJs1bj8AId~VZZ1B|%Bw`=I
zx}I$Ps{Wp`d~5I*_}AS+*!s@BdD*H2!^ymM00JT)yHwabI!Gg}Qd`}VcV9-9PjH9(
z9QHQo{_}8n2!R|oLvG8XQV<Q~Sr<96U*fb2R)L?n0k6g{?|@xNge@cpZUFD<@IymA
zRyVvx9?<3K4&#ei355wQtOC=uM`XMg_VGVpmki~_?KtD&IH1>YTw`KIB8WrI-_mc<
z3mH3g^n9DbFB~<r9kQ@m%R_H(gXU{>l}4MFQF{L=uvs~@{XJaT!iN9?x}d3Ag|vZ@
z2hh#NX^hz!P)liiktyFJiPNvk#i422X!EXb7_+Dmbendr#zKL(nOp9T0zP|-o(M$8
znmbY^#M61Nz<U6vYq<$9Z5-hO+icteHh~t0dIry1ppU=8Y+;)Ml4m4ZR{Rtf*l?s<
zp_{G%Y=hnap_|lrQzgK~BA?uJK?G{Nf4g0K0&g$q9I{|KQe@h6iqc$a3fbuWaL9c2
zDO4&|m!#!lvT>Ts%CtAS9Vl>$V%0Q#Nrw|UkQ^KAxWdqEwRW&LQvqz4;kQ_mN-%b!
z=;=<6<~`4+4ceom<$5G(4l~iI6iP)Wi|B~c3LLofKBk}$m<dKMa1u|{YPXP`V;t)m
z1?fjR8F{-nWAq}j#J)*7i600Qvh!I0y1h*nA12LA;@jin^ZMiRx~68P1(2P0^^rr-
zPbt0ihW1d($l#{P<&<zWWNQi_rNTC^jn`mQe=N!^110dTI;wvTXZ4{ks$cM5)fV;i
z3jGvvbxH}0)Ej!<L!sFk87E?t&m6&fMz{Dh*yTX8+|(5NoKCocfic$P6&BU$Pf1WF
zFvmEw#LP$NLN<LsZovS0B>F}E-nhal*#`S+)slYXvTz_EjWnSI%dtSTaIV4!_iBv)
z8*P`K*CwdKN6Wg>=exy_AMzD?-}kr!_HgBqkYMb?0-?dUsj2f@7$Bf^#%J%c7jiL=
z43_wphCEpv*hp;t7mh3Tx>an86P>#_))21zjO-#bJ{h;%{jz+!DOj8Rr7r||iqek=
zc5sP4ZLRq40|Vbyx|+~?T_912Q8^Ur%6XLio4qrGg?!Yco0LN0756*FS!cZ)LL0N_
zzi+@i=>pyCVvJ&pitYGU_-#M6Oc2z3+bmiq6yC>_-b+ypLCv0B_*(`hEfp^q3C`GZ
zI<}EGm<B<BcuoU^J5ISSER{P<I==sv!Rkf{X#1J$mY@cB7lae4`>$FfyOl2oZBrVo
zK77D=$gBY}&b2GVKgDvNDwKhqbGc6=CE}mvYJo4KWVeH*py4WRy3;pWTN?k9xB4I5
z+5f{Awszc&I~6tqY)%6ze&x5*zo!{QmFq%%0)d~hMFE8#gQ%o3tCCZH1WUW=>*DCC
z66xRfB3!oqH7MjY6u6ZE+r9yq--9BKLj+D0(Ocv@W%X`+8WO@8b?q(`A1NX_4$>H?
z9{g<R=5!B__o72g#>{bL^|~(h5TTDYZ=q{@mgV3F>CWq$pcvO-uU4-f_HAkTkk#mf
zwP@SN3X0xJ|FB22mi3fF+>47{X;geScY2k%5SRN1U<p}}aoIquJs^2c7(6#kAO<3!
zE1`dH+J7KmRhO!};Cs<^p><=ksCYqZ8Ooh|xWDM*xhIrKH%l+y?E@&qZ-+8o@7d!w
zkHl~uqcO&+&zvg$n8ZZ<aZaUw4{87Q9=_|MGeVFSa}b<7vXDu*BzzG=9Pwy}nL#0|
zH`)LV{w;PbAfK~mDZ@Ssrovp^O?wDZi|NLe^NFdeBA;aqFJ8}4Z-Cfq=Tay&W>U6m
zov~D>mB!%pLy)Od-_z2Vaker-F{SVm4vUd$qXT~uJX!$e{YH^dQ~AoTHA@Su!sb()
z=f^hc7Lb@W)$~-mWzz#wEc@E?vuSCkn4r$Ye(!B{iIDPT=a<+`g};BkAhp2#7Nvvz
zk?2>3Tnoa8ZumJpnKZ5TqZa;Rat5kg?saU?2tHtL=&Hzt{_>jScQWCzcfPYsS{Vju
z!Icikz(;RmZG`sz(!^*~#9W}y%4HxOz}75dc5}@YBtSE?*G+wXBn2TS#{2HG$;!3l
zJ?Vz*gQPIRm0@F0%cL_|i9(Y;B@8lzE;O4!3}_W-_bErddO^q02OPwuM&E?1$)_|n
zDtaUo1;f3UkGNmiPDmE(Q4VvK)sSLc{<g)G$)G{8K|d57f7B)l`HMd5P{IDLwXM)w
z{d*tHUjQDd(r&kuUE<MabzkzNkn1c0=o6$TFswwpXGt^5QOQ8g8!f=6XF-s7{jU^F
zS_CV6_q>>)oCldjo_>LijqPG}9t#Nu6hlAr{zaSQxc9~E;u$U2tmjjTj~K+GHb}(o
za|)^551>|=v8tC`-(RHYWT3{9BW{o?0y~kKu~D<?fXcp$WYR}=9xp+Iij)QX6jauk
zwxfadi&@~8#v<w#3kVBet3xPEJud&dt|&u`e?4w8cBIAMxcfb-saS1zbAwUcyIk&%
zJ|fukEkT^k*$EKRhqRalY41xcYi8H96=`hcif#JOSOfGit=$l=q!m53;3WijS_6FX
zelbZLRd8u&O1gQ1qG^JOFnS~<aFuCRnMg`-LLld!Nh2%5n=a1Pm`L*?WO!lZOA?hW
z9agCi`;Q+aAp4)XhahUmo(OtaE7nKOxL~;*%<w8@8*<2RDUcAXFNuc$9erV(&jop*
zr9MWnRPh{5U%ZT0YJgR>F-S|Bpsx{gw;FzmI;J6FpVZ@ap^6F~LoS!(>JH>zFr;%t
z{$5tK@RgQ6Ky~j4dhL{)ZO=!uf;vpOJrURC=o3g63up~Uax_blfv55}_-eZ!#SxW8
zVTt-JiA|HDowgphu~z*Ud2ndUixz*f)5emlGF)Q8k{fZRp4=Bw%ea#yDqVfUDLt$1
zenkA8*oBqr=D0XXnkaM8Riw=i3x$tGG6qjjDzAb_Q25qm3D?)makW`0;yum21gR-=
zO8$jL+&v93FR#{vsZBnPY+qh7jJ%mOYQON1s@18y8r#aXJ0ojlEVn#lII<RWxwLo3
z+F&A_j3yjK{L9g^+nUPp4VFMKIhxf@P~tZ*7JeFe#)A@dmIg9UG76J*ELBc(GLpWJ
zmb?!pCz>${$#sR4Q;Y%Z$7d!e;QIA#@|~I<TTCNf)`yRV=n#w%?r^n(FU9un*hS|Z
zKUDK^lB9@<uu>}^yIHaLX=#)BbM>?MgF(4NcwAN@d+?9m$q3VS5J-rwl<3tMA8{tq
zutU0}T&h%fL)gDe>M#Aj8Tzg(B%ZwjR9!82r`U2@wCscpfVOPR6CQc?ORD?Qfq4fu
zHu`b~JMGhqS-e&TRZ8@egeK=<mlCeYSB1$Y4`gej+I<{OQ5Q7Z>~9Qdy*%r}bmzGD
zSo>__p7O~r>C+a!ni1^^>o-@O$BBO_s>(~YQ%CdqPE$600;)_@aIC`ug!3zPlPbqr
z89_{pQLsz0rKu-hbFhHD#|mtqtO?VcG1Ewfsm5+*+wVmcD&`n<Gt0sFY%!=cbM~Vx
znvIQ)DC#qq7_AaBd3mwq#rnf4X(qacA5KjipHzK@+e|(w<*Z=N%FObH3(aGa+L`*W
z6qlk6yJs8uw=|Eug)d+m*f5e<$?GfS8FR{mxpgqI=~;D+YBwmS`T2?+=NmEG!%56=
z$4yy&(SLo-by*o#4guepaA>cYQHu_)bJ8ou*y*ov)o^mq_WaH7AuF3&oa3c-0)2T)
zxuEl^iI^;mNKR}Kg~}X;{GFwYnWWAUzQj^*n`82oXj^?CksROuZ8$%Ac=<j^0S2QH
zEjZ3U!R~_T8O9U4a<?xzY4Sl?@N~G`L0gOdg>SxyH@z1-X-wm5UX3nl@ZP+=QawH<
zx@dz;8?hmI(b&$ruHA(wt*}>qml8+><&+(LcCE8Wav-Eu&2J+XG2DIy7F?yzOGcTS
zQLU<1nm^VfW9#_lN~2V0yv(ka)fR)NFY1hLcl|*`Mvh#83QM%ogt<m}UE-LB1u&n<
z1OCKbH!S|nc+8}EO?8tz$cQz;?w3eJKd0I2;_?~`T+`}$u6ggbR9s1+4v3M1<lVeH
zbi;IOm3Ye^Im%xT7sU}}K|LpT=3!=J0^hBOBj&#BX!||EDvS}H@J<n(xS$Kt14iC5
z1u0@j4F%_li$kzJ0qV}GPtc*3|J0`I4+lxV9G4(Wr64-8<vtz$3#B)|!sM)@O=*;=
z5_EL}w?BMnw}g1d`7#X#9K%Ei-u+TH3eDjnQ!~cixp-g2wqy5&O-YG;0n0%*LFrqo
z&T4)QI~x;8iik(`%|BhB>-VP}$av(1QhRzABp|I7RHsqXz|x8DM0w<V+JH3qtuoQ|
zZ96{28#+G+*gl8`e!?bulg+BLnxa_DpCHXb%$3r~ryEc*A$DQLcZ&NhO|4(}+h@hB
zS~pC2;VYXo%Mg&!jDxz%DMWLRl8^P>cStk|-<Vv!bNn}NW>i_SrKDFm)HgDeuHd0q
z4TC&ZSJqGGg|tT4wuw8eOZ>d$qRhK!!hN-0791`0D3>agqUxM}8bOn7M7|j(310zB
zApjac1!)z)*FZY6C`MVOTKw%5vEUw6vhJl9LvCmKfpQxf8l=(wP2~74cB^Excg&_#
zyPhRvU9K-fpEg@)3hnZ9KluR?x1Yw<NQE%jY{zFln1<h!l$cb%N*)QP(!BB_bZ<XU
zBsxAyVb@op92-@qzJw`9YCBk~$@0-XDKp_iysAeQs=_oP+yd@lw!-p;*qzyi^%(cB
z38zw}KU=-)W5)ZoOow~!%=*vl5mI`~l=v3-?b--e_m5vGwBxA0m8kAvG_+wOo87xZ
z<KoPW@D}_zG|pq3>!=%2Y)hxA?0c{+s<}*-a;8Ut18lQswyB<Pr35JQ7ju)`6)BT<
z8aRF0IEkn>uB4|##q)SMizo*FMxW_5GTYbGPIr-d?6T(sg@`<>-NROa#Yt)u@k%JZ
zEhiZq%R*f-IC<ZR)u_&vcOT1lS3?fkPo^Kfk*tX5u}E`UynSY|lXNxc<N@NiDcsu4
z{J}wE6+e<)<|h&dg3!yj8in<3;O?Aij$0{uZ(j2)FR?Z#nax-4bDZ_Ss9y+TlyPEM
zKXZRXVTob;vmh$&oZ_du8<<+HZo5Q`!<%eVXUZ=W7(GIgKRwKFfkG{$<iH#wU8im~
z$Yw)8eV;qrV1J*luJf^uE1Km;D&bw)pf%?M)lN{VAJk_^&q&%21mtdRz*Vz3shRtz
znO|)Z;o9oU3YOnPR-+Cob&>KuD-0tzzI1qioclGIEV8`y#Ett@f0nJSXayAaAW-$;
z<gp`>=3wzpZuSG?ToRajfU{~R0W=%xMBQ~o;KP+a?E0O^7bRt;83JpRi2LLr?DjRF
zJ0Zv7ky@0Z*y}raF$c?f%#c_8?s3^hzn+Gc>w{iPP$%8jL3mPG4gG{RQwrZ7-*2!G
zvErpWvM<Q}Y$7Sg-g~W^+CdDiP?czjUhUQBrTcj+Bo;$p4w7V8RIM{iIA!OP<`kl#
zxvVLq>iF6Qi=o`DT%A(ok`xp6D<CIc$KnQ?|0xj{En~3&eo^(q9WTg`v!{vCq4Bh1
zSt<?ucwIC76i`T;B)aiV7S|0WF7*=`3KHM8G2Wb_mOFVIa?E(|egKH?y-kgKqwAf_
zo`uC5d_&RPO2sjn3j`AzoQOyKZQfO!B8N~_@-ur3k!u+_x%jXt@mj}>G6(+P{5Ln-
zXVYP=N!b=kvJOF1s$#=;=~0FH7J^Ac!jvS_`2x)cWLk9fP20G->gpmLGB@b^6A-4P
zFVy(`ek(n98OHd*GZU+<nhMj0zGLq_xPm_V@$P2)Aax`A$`MyUdlk~q?eO(3x!@RE
zG%ktr>XFEpO9kZ)jN=s#?r=jmhc{TLB*ul!{WVyEwey>zozkSbg)y7r#i|Nm>WrDN
zeXKDQ?IzdBbAYu5@pgcvmf$F0@mh^^v4td3oh7uv>GVVu!5C8&RjTEE$rw@-SD^^a
zYg%#UMjPVWyo>L3!NCsd=f4dfj*~S57*DF1m%j2C90p(PqHDnEQ#C(eevh}lN>8J*
z&vw_6;<OqU{lI`#pWYQYUYJw)y~Tc$5Sw4bI6Af7qwr7#N4YT<fPwttV#DDv-q6(G
zVECv|NMD>3Yo0n?%2In5Psv)AdLs}vA%Ef+q`If_ZmakWExmd+{ceTJ1o8W?byP)1
zDuzk#Vv!;@uEOml^~Mbc^nbRhCZ+*nrn#oxFz{?~5P$MB)z*6Tn{<V#bwTt{y|l~F
zUDR&5-3fhfVeX@G3vGv{iH{d`yKm)!xo5B6n-La<HvS~!Ud<+<56K7~)K}j0B&;k3
zALw%U(;{YU#O4jRZyQym?Aq5`+h!0)q`59y4Q*q@@d=KeX}1%MK+YAfuZ4Q{=H36c
z4HZ`(i#Z6D9#Z<Dt%Qr#Q0r(URcxa8nJG;@Gj1~3o9Ky6lPFvMT?v;}5my+%#n``Q
z{IM!So=>fI^OXP?NK?V98@0FPql{%H_PH-Wcl5g&OO&mSUG;J&sc<W-3qw;z+X`Yh
zvRnTf5A5+(h1at1O$#D5tDz2`cB~Fr`<-hM-o{&r3zM3>M(^<ee^T6d-JiFgAMfJo
z#x(DxDJ0DQ?DGHn3vcpMPEtPlfxPcqRqMuLHtq(sw}lJP16vO82(ZVpqo0)3^^Kgz
z;U{5wvjP=n5z+ACSJGOnNeq~Si<;|O$h?U;u~y^S)~BzdQ$eYpQ=ZP=A$|REbR3vq
zw`aSP%^vxMvP;J@C;MKCy3(6>zt+J98ZS=qd2*V2GTQYw<t&pl5?=0P6$E5-hNtvI
zY$+-()3J1+U7#hm%`TchG2yD-MU4zUPBD}jAKFX*S@erg&4p7ZN}Th%xX-M1TG9Hu
zK&Ur^gj?U)7yZsb9tK=Isz23&#^^Z)grn>yc%eFI?qorl4{|nq+{>)jM@km!WIAa8
z^d`NwY`bLA8<_n)i);;7&uB<tWnls*S8kvjuNg+;zC*!C^zZxZ=%ycUsymVZHV|RB
z-zR0hha#>ba>LiML?c51##(^}{Hh~-2|PYDxUNoEr^?#z<3l@t;!oqJ_BOuJLHUjC
z%XQIUSo@k*UzOCm>QP5Ks=i3nxvF?_$^Z7(>(@8z$KT+=Sn6(ZzI>v004BD#blIvC
z@-<dLEFbNQ9t@-G-3}~%q9nS~Pmgk4QYqKSWmJFvDH$iTIBvM+Tl&T5^Iu5gtZ{-@
z^_itO=Ph+EKnd(oJ`<x%+L&~eSF!W;LCc8hF1OrCqgf)mG#C7il(LQKHzQ~WPxmvN
zc!c}`ob4eQ2&`+hR5WQDVecKR%xTRDn;!2b`<Vcys^Db+kS=-LOr)q1ZR3G{|He7)
zb~q+2HaG5k)=21?eV=}Mb1K?%01oA%6=zYk0w{i1__)Pr-UsiS6j#0JE42QZ*v=ty
zL%R4;q^8MP1$N+6G|s5`EzvA!H|d+lF0*U24{`%Zm!08HkBlnAoNzOY`cRdi*_O?p
zP8Ly`I_VBVGhqX|78%P)%v6P904rmy>W!zYdosebak9sQ=)bM0HClYgV#eeFzXI*f
zhl|)NoeFE>pr(v>dL1YBqf4j-M;r4g{V2jP*q7}1(W*(x6<PLx?$O`+K6xKVVBngp
zEQ@?IwoRGa*oLIUO>Huo`bsgG2QhCu2Vk3+ItYVJQ0^~(1IPOAZv~1@Kf42&M^Xw;
zX)CTe8`)Ntm8|*MS&W4D61n^>W2mK{JL7~MEEg|0egZTi=wEMAH6O7q7u?}~v=L1A
z=2IU>>y6g>rdp84-m&?^v$4C4WyPHx6RB#JrM8HXVol#Sez=m<v9j*3&RPjJ^N7p=
zznKyw_$yzH&xQm1-P2O3OdEcqh4g)cVVb&*COlm`TOV@*{3<;jL##<vl59ff^{fWK
z2;bk(xJ0+)CL~0$)kCgMpEodAnT-@Xc$6Dm(JC(}#y+{(rt8`Pp!3>yDI9O6Gtoq0
zze2=_e)+0I{KwgMF6s%romt_Q5RzpRWC@#uN$wUX$?iK=P0OaM=`qb93iBWrjbbG`
zGL6Tc+0wp`bb&JjbYIzfh(CJM2&do0Aih=X-T8c|f!b7(3CE;m5Pm2tlY&*aezg;2
z%%m1&i^Jg!=poMybYJomf6d2dd8`*>kuagj&p;~z3CJOe*M6<hfQR|VgjJtpjrH$1
z19P<^81ly>xCuB0tZG(Duf|cJNKsxtHAt4BDt16CbYL*_SRjIakX|nAYb~xwl)(KZ
zG7;ZY^kb|wgfG_sjXSY%ohJ58!5^vU><l!UEFq|>bk4Ws;kqFqhhx0ppEM;GGWDJm
z?4rVj08je>RBUB8pJ)b0aLpkbRI`6A11mXQ$|9{u*e^?ox|Uv5maS7D9V9zL)~Tv3
zw%ydM&&kuLV{tZ~P#<f+8?qif_bB;yx87JXSx-Dx2Dvph*BP5F@B;|CvOmW*jd8Uq
zarMX{&7TyhxbZbqg!<$i2_r9bp)P&PXq=1RkS>?4PExG9;h>0A{>@+foS@!du}qqX
zICfZ&0kXx<Yy!1M&PeH{zgLUI{0dF1`7l`}MbantB1YXuB^6Y097md7otQ!{Z=L%u
zt?p@lajLkGbz6M-gCojICYw(sA*@{X6~wWsYMF4x#54i3H_L6L%jHJt2^oZ>zH9-8
z>JN4Ar8qjnxvD=2#gdcXF!@euHfNhwkUv=VZf56lE=eifPwkU4hGo1pOE$~>tg4s@
zW-0z-Mgg1emT3H$cl1fj5Ovv$=aL#n9bjnrSFyAlg2I7%9Z7*{3kuzx8M7C|n>Z1{
z3YViWS9ycanub`HxZhdCqpvs8T@Ag!a^<vKh+Dvilrn#&XQLe3$K77hsH*h0^Rl_!
z*CRtA51!v|60bD;rAGS|hkH>n#3zX}JUW+IUwN6La*(=IMxQF5`uGeo@#0_F<CkWr
z`{UJu$U+UW+8BGg$*Y4N6+>d)Kps1*Dc6th&56wHt_&4_OCeWmMkb9SvJ!tLzj_Br
zIqv4K*;AKjqc7RS-$*dP`5B8L5?UsF`Q5b^Qe9T6mdi1yG+aqztkR}I^qljj4lAbC
z&TIS{?0y0?AJ}6Zh4&?)8zu7^1Rh4L=3C}OdvS}tGuVmrkFvX7YZXC36(&xmuH;ci
z>eA++VD6t(zT6cLX{ubmS#AG0z4oZ$RzfV1d!KKxWWbw>mHqyUgEH*F<A8MpY>-r^
zzq!0jL?!3E7}>BukWTM#0iSHe8GYqkGav<h7xy`p*?f=V?`MT~@hYFB`?A05CgroT
zdmkAzqp=FG8I}uqE5zSaJQtvjX09DzSQ6^pjnmmoC7l^fGm7?TZyZ;Zhb#boni?Pd
zjP_|fb4w(t+{=TO@-(|3$in7Ie~F|<G#_Z!>0&D+#ZGCgu6{*r1{yVDuwuE?f0FKL
z6OVcPkoA}#O~Re&a`vV0H}NauuijaU8f;#4%Auy!OJC>wWIQ0Vfipurx>)CiOSOk!
zb~j8?z?1%*V?9j+V54;`RkI?EM<b;Ek#0(+U|a-WjQLaf(NwWJ_o842`|~whotE6j
zNP_FN1E(Oqm&2hXFSx$Q0>kVyYjFBd(HRKAi%#h9nN4JJ9UVB*bpvBh+Qua}>%Q*J
z$|*Ftu$}u<%2}l5^qFA0nuew8fS*;!r|<|g+T{7R&M0fm$;teqO4&foaOnBxaFIOC
zx>3F_5d9BAI$@{q{sGSqpTf@klr;T*a%xunJ}DlH&5ya<eFI7+fqH$auujgbGxK3?
z1~TRNME5fd^PD!n^W8XUZE&zs{!}FV`~7RI8y(MfSBm@9W>V)}d)|84Uy-Xoo?w(l
zZxH8YUM?^%Ji#*g;2~a0HQ?i=<7SuLXvP|r_4eDaCDQZ-J-jHsjU<s;L4YiGckKQ?
zRqmgdt-S=1lvnk>q!$5=>q)MYgNweut)^j&H`Ain9$M=8>T0EAoZO4|s*x8NOA|85
zcsblFbc&@fV5}RuIz`otvN1;*nt=w4meEetA%eD~9v)bUA&K4T7oG-`D|J*S!p6FI
zqtlu-vcp2wfqo|S8j4(6vyzDso_KB?9Dw$uice=Ci5RN_)o;>UgXKn}%L%eEBTZI%
z7HmBFud8T3_f|<eQ1x~+@40h$nP@%2bd*fqSa<RGIiC?^*f!@~uhLyq{cJ2iWV>b$
z;^Q@FWPbt>gEGw&I7ui2NCVs)<Rm*nCJj|S8AfKBX~gEH{SsTl&*d``8)NY&s?B%j
ztbQpUr^!d+8g}6}TxOd}Ai8dJsnhpVHoPBlOfmj!THgS$Ls|X^Z)<(K5aJo=61V?6
zQ*X=B!E=BKGd81XFJvJ~f>uxSCvi(nE?X4)!}68wA@3b}Gaz(TBhgu$KTn+QvpzUs
zC!XuEbyT)ly9W><SLC>GHQ4QHpyV7>{hr7~F;%dK<g72I`l-2dG(&h?%+RCE<?Gng
z+co6I@@X=Hv;4e%I~o2+dh4^>5Tpcd3}OdcUud3P_oQC29mG!^^Q`&gEIE+mn`cMv
z?N5mt?Fuh|k+f+{!sVUB{6C5i*DaKM3SONdU`)Bbmif~WN6V@HwtS5aB+Zo>%`O@6
zQ)I$%pN&h3-mTtU_NSguy6O!{{VI;8LGJNbJCJ&DFoawr7Q_ESLiivZm?vag^acH@
zk$(SCb+~p_TYB}IFUrbUho2z@FW7#UP0PSglYqTQ6mAk!$oCg$Uf8jIRn+_@ZM@ID
zxTQz?RMrSmQyqR@Jk7C+wIPlEX7V_Ot(9LN*K#D9@RX(dXUVP7<~+6Hy1dVbWv!>g
zHD0ZfSBA((4TApZigCWW!W4BK-#V(=A9>yNn%Sj8(wd)t03455{SqiRe|7E`zeju=
z&wPuKv^Y^qMS2UdVZHG%ab1jS)})vymU7Br5RewqQB5)M*D-ImfNp^|Kq?%e3~yeu
z^Wky3#)eqDp10cP`gr_Pe}Bg`Z=5%6O{2+m$->z{arna&ZC!4Uj-kkKni#qN0V?f;
zrAOlg1GwF#LKEp^<957L-PY~rTYkQ)B(Ivq(v_HWQhp9}_nWunx)2W0F*fySVX(Ib
zPjs}d3twi_hMC7c@hB0Og$2K;UK{EwOVA#>q8@tLx5s+56ujmn!pX{UlO7DOtVM;^
zbu+4{)-k23oexW%8%G+<u7-4ZfCB!4QMKwv%`LXzTI~v&&?F=BHhnf6gWPM^k0<=q
z^Zw$$$LTL+Xj5S6hu@FqMo}wrKKh)BUJyv*noBpB1pZ!B>>w)~^PIww*Fb`Hg^9?j
z`=$DqLwhs>S;>I4wlb%kwas8xW`FEYYBhZ=cARJ2ghqGVUlabWGbC=ZyAy#;|FEh3
z_QolQi^x_dRBbTz{r#u^<0<o)79woYn3GyNiH{&x`uO7|FWZJXKc6UD?x813W?r$T
z4D@vySq+_1&St&Wr|M5RfJCQXQVZa5m%7)YzJP40*Yd@SwpjLNgulI*KU^?<wdDBi
zTvn>lKGwtA&t%>z%Yn>;TS-o-hJiKn82!7^^H;*ZU}3TP*!fVMlVdd+Sh&>`R_q$9
zF5LgQIpz1G5SgU=MLwfb>8lx`Jaro{6LDZ$S5j6><-`X{ne=j}4Dr-)PJ8CzuS-D5
z^qimm+S^5@7-RVhapBy*%%7gKw+$`SaSW^J&FFJm)&FLYY@N%b|86mroAknZC0?Q#
zW>mPLeUlkAuX9|kF5sB^TQfuHl9FuBd&-qi=k9Y)lI~`}B<0NlwTY|0zI9fB1Qw+j
zS+C?(3nbZ}Uh2*2VnFb++$avGKzq$=rfs1$xqC|P$BLZ)4=+H_zu2!{3j9j$DB+!)
z0*#O|S9P2MnP~9TJsrJ&O!Cq&qQmd&y*>+Bmd2pk7*%`{ZfesC636CAg4`x~G;-3{
zPNsf{3}!{5YwN6ip)3}fY(W`6P24+nnP>Yk4`$aUHf0>dyh{!}k|MK`g27d-UiI7B
z=b1X&CWGQgTv3~TW$a32<eExE%{)8msZA<bm!+R09|Tr7wS%%8R-Sbr!97G&Bu>5Q
zl{adrCNr~o_t}}D=TdmEV#~BxDF#`L5l%HIV$BiU$ZM$+82ucv8Dfwp2J<O@$Vl^D
z1S|7^zIQcYRE~C_c@x4GKBgo&Dv6Q-`rUji;~*?$GiZ)K5->v+7dLVm)xw&RhNflh
zk*1g3l2zH!5Jd!XYHDt6WXTVExvR8V%!ervyt+p=GDsSy3{M;}(qR=1YO^>Auqs?A
z8;w^Ej}kQpuPfZJ6I)X9)x*1~*=mx=u$fI!OT?(A`XF?iu!Fp!)R|i{(5K8vV#tx4
z-=frMNUUiV1Ug`cgAV5<nTbmTMjy+448%tzkFYsnr^lp~*>-0|r9d_hHBtHEyjC^7
zvL2FGnF5riSwQx}C0$#UJ;OOkxQt`fCX%L3)q_mB($t}&WPqt#oli-kI%c{v%0f)r
zE^`%ZXV2M8zNW}Q9tmEj)JCj`83#$7U^Sns#Bq$%&GsoRk+QbQPmsJDf@(3wVVT^l
zd!jY!=N3OP;BvM$qlv7YRY${&W2%yWrWzC~5?DD-Szd5l$5~)WOT6<3%0gEe8TFEH
zW+QW>q?5N(!dqlhs~OYQ=FCbA+3x+!CqWd&1Dg~en(<W3=<NhpWVqC%pAF4-Mu_`a
z$Wrc!Je9JfasZcV0>rkhF33HXoIGm6@wUkINw|+*azRkVWi@4R*X)!oCD%^g+#z|U
zJ536g)P@tQ{B6r6Wk6G@h%A8QOv`B%Sw*O*fPHhF*fvE4URCMfSXC4$!580rL!Nb%
z_@|TXafgBo=#*hAL9E1#xlDGYk2@-q46^Kr>59x<8r6{3yqb`y3k=;&b^j+m@6c<q
zBSw*Zn+(KG5V!c55E9jJtC2HmQW8UhQOD&&-KvQ}t}Rxwwq2%DCysGJM`QFkMZ73A
zH0^jY(;kbvNn1>svYLnzv{S|cdJsZor<tPs#Hq8q0<*$TM?6mkNxH3@6iQN0>FiUw
zCkb@wCm)Sb7C0pFFLf0}dRgeHR$Iv@P-CFt>a|WYUQ2d3d5&ffk5h43%C&9jf|Mg7
zY~|G!BW|(;kCJz$amlJEP14b{B&w$&2?0~Ki%O=?*0?j1O09^j+Ysf;IOS*>h)+f#
zJYkFNc@<7;LIpQaO<^vHpEWLX@=}#XQ!P`?ZDTR{!ZCelN}9Mqvcyc35k`?80k)s~
z>N`$E0!~Ngm5&tXW8zsERu6s3u|_Ir;vGb-;j<ufVKDRjW+bAVXucw`Q=CZPV$Wr<
zqE?B`P^6Y|mgLH?W(|E1DP>6ttnSM4>WU@%kd?iIl*O<W67+IX8HxEyel41vo`Pz+
zBAAVnzI>7b7%P$lqLT%}Rtp(3!(>tIvty%`4wMZo#9V$HlA$YweH%7JcQkrCdrm1y
z&|)8C5i)wp#!<}#$!>(*Ax{eFQ@UoE@_9*Ory4t2oCMWaCQgx*hsj>au0&q4n;21{
zAim{T|D<w2_MF(ET%hT*7p10wZmPb5JU~RQ>59*#Ae8vn6|XMhMiKB<>?sTJmbAki
zpY(Zk)pcMhR`p#K9|X<$BU#hXOBREx!n$y)Aj6sY`w7SnBynITMW$}~0-Ol3rx*}s
zI0s5vs#5cU)awJMl{eU&6C}S!GntlKnwYYi7bI}W46VHEP`O0JF2`BU2(6ZZ+}FTs
z;ATUj+!=zrU^}DeikyS2mS?a+`^UQem5N~+#E@KXS>Z-GM1pWD$m3SBeAmo1XxQ>l
z9j&{P@{?z;?Sy(CYxeHIKOM4n@CnD$+hl9!WW?&e9yo@lV`MdU$Pg?^8in<#=B04@
zq;uDlrgftx<UVUyj0|F?n&!%8%%b-ko7K7+lG|giBPCBpZO%3eBCH3KDQx>i=1tL}
z3J575pG{>ASbT4$#QtNo`cEV}V33)ukV&f;m-3LahYiXD4RdDl0%)8qGq0}Vh3oHT
zp*fwDFjyQI6CV(i=149hQhA?xM%<K0$cVf8NIX(~COC7Pi3-C>#ZO848aC0hai(`5
zm);;A`6CWG8FGHLY7s=uIgrTvq&seE>Nr|jGF}a?QZ~!{QMKL?aln}-V=TANk!M1s
zQcjJQM$fXFq-0Dc-wL0SlVuS;z2t4(3pPbtD7V#D$K;Bn`6j-R190(<CDGhi{V|wl
zR?W61rtCRMM<}s5bOx2|+D=lo1!24UMT%9^sPe9|F*WwR8VIL1k&JXBXOiY1@dJYl
z#*Wz0F!-$`+&Id0=9`a%`)(S=HKh4gW`TTlH4#$ZXoN{nrxI1SizQZ>kz<=V7f2E%
zE{u{y;4Ir$J*Bx;6C=;CQO~t3&$nc!HY}N=4X>SI3+q9B>v8Z7bqXoXu|}dby+{vz
zq6=9(K_2`t5<D?WB}kG2hCxp=mz?O;5vg^ZbS*8+HgYMzrl|>$H1YFxvBbV%8r)E)
z`JUTyDPSVhaamc&+_NBL#2c$CY$u2#^y$TR5>)i2nXU-=A)&q^q+OHOX(_#K$c^+J
zm-(4mDV>u%aRx>uc;kiZILV6dalIp9h*}|00da`vYBW_!*H3u}jZdcRg!{;u)M@I^
zn#f>vuKZcaxXiIlUb<o^ZwqQPE@g@Fq7ZD6$|(K(G$gO74#V<^;}u5SXWeQ5q7~`K
zry^Ry2~hStBTI=^i-<zR|0hJ>BJv?3NV4)sxSg;<EynPTWQ$4}oVL>9q|KJ*J>yUn
z>$W9*(hI1rpSYPIp77#-I>{3HB#M+G-G*kH>m=`H`A#R<AX5(Ro;VzI#VwgAdecaf
ztGd{O>Zz7RB}LMTO;LSBnqGvRAv=aPwv<zC(Hzw+mn#Y>`<li@NJZ5Y@ywX-P(+vX
zvs#LE>o~OsXIZc`fk|EGp(#4vnj|o(dCfP+6&6xjh;efAZL8VyP?dID6%jS9hagH$
z{1&o`Hd+$MCjDR$e6HT9NbF4(fJvz_C|jFkp)|5I#0638Wn}Bn*=m{O3@n8heM*Sl
zO5rJujB2NXtSTpXmdaU_6=U_-C6t%+JH0%ZdMP1~oV`;(FHh;&bK7NlsfbcgIr%ub
zx-?Q!$in4L=j|JtYU*yq)L|h2>#~v#$LX9QuSO?|cuM@9^p7FsTE{qqb#ix^6k?(7
zCM~RZBpY$h9EW6`PENy~vW&4Oh_EmdBgwP}DRY1nKNv~mMniS@HMKFSFO6o~)l>n)
zR0XT8xvoi5t#t@0nsa_)Raay+WrY>1_Hin^R?lo{qpYG&Lvv$mV9;1?zRFr_t-nE1
zfSstRb&_1=Mp;<sh$RSJauPwHZt!ijmA8GKEWMF*T5QxwnaqPGYp@J8S%IygRn_OA
z)+IX396GX+LOk>m=%^7djbOGc;mXk@jK-0s;;Y)v%_ogy;H_u*mHUNB)$FX6M|OEF
zo)gu#$sMX|Zl(q1`K<&^fo!u#7Cxn>`531BJ-m*Cy03Oas;a4}44kMTlm1va&?Jvd
zG!i5C&(4C{hb9lYi#Mh!^ifC`GWkeo<tMVbsEwhPB`}sdqnS^hSsj)B#+iL{oF!ac
zW|d;SrX=$zsgh!(hRO3k9_AiesJNIUW1f^SX{#x!lhg)W!NO|>v&{QCk0z@n%+^&W
z!GRc!$64rt)YlRQtR?z_K^Eh9tg(Z%gc^b#M|qBfjJ8!WO6oKNs8z3JF@}tENV}<$
zN?J*{B9rTRLpa=#`pVPt>#&!bPlYg2y~eSYiC`xOn@Wn1bUc>WZISY-M!4gSKl3Z8
zpGc7f)ugElVg?<B?c|n{Sf(qE3rMC;GX+RRoRQgu&9YI0VgW)5Lk+5!Ze_9WCtC<N
zTOWgj=uX7I=~9TsFvBaYq$+3AlouzOT8hVMi*zHElJc_C6!~i<P1Tl0wk8ox>Znge
za5NLH6Nh4Sw>>(;5U`0!*?NS5si*v6MjaA0W9~4ITjpSK@hLmCs;;E;|7j^@g(t-3
z!j7j|&02(pdWO~8evZ1!OH2@PUPw*fewaCRw$Y&fwk8E0bAa}?PYNZ4@R|;3oK`T`
zD&sH%F1#oSZ^TNeh2Z;MVXCi*9myD@()Wp&#w2yu&?qg-l4?rr<c_A~3R$B0QBXa~
zn8Q@q*+kOf5bV`eCtvlM;b$I{36&i7q{%`Yd7F7da@qjQC)&$1VRce$wa_#%t&i0u
zQoYo&AZ+aFVoB223M+}vTqaD^5^J73**YQzTB$3T75_!6WHm*aaV!UwQ4|yWsm8mv
zQ<;^%S34I`uT+~|Ej*JTw5gMMa;sMZYkrLS?Fc1iE8nqdRVx}CY*{BX5r@u})A*W+
zRII=cQzE9i6amkJpr~T2CUQ;LKpOr=&@`Tqi=d_;EY824@>8Pr!rX`tODkzOC`>mb
zLsHMBG$<)mu{tM-Z&zP})SHQ;Jhciz6)8<v(QHgrO~<C85|cv5Zz8ouV<W4-hOji%
z^+ICIG((M47pdD+8BS8Xr=$&<C#I29bOX_x3qEe9a-@gMpPYo0*+h~=vpviwbl*3r
z&lEi;PNII<jwUh-Tj|zTNl4qQ6XF*`SSMLdYbMKdC>hmLf!r)+g=R8nja>3=vTDKN
zDutqFQ0*FGnnB7WKGGblB-^QT&QMba*Nx<h6c7Ed6>HMA8kf|{%B;zq)|AN{2*x_(
zYQq&4z#5YDBiZLG)@7=9wPp=-qlZRUE1GI$o*&48SdpaqKBe6os-Gm|(yC3#N`e>L
zO)kJm@eGv|kF%=Gvf5ZN9WMQb1edwH6abtkp=)Ky!K7@WoS~Ph%@--tHs|MbxzAOV
z;?I(AxRnZ&CPj()u;nu-j`=cXDJ|((bGvO7eII0AF~c;OPUF5Zx0GH=airP0byfBA
z;-%^f*wgiP9I_N*6VlA98iW-0$2yf&Mp`MVcBm<9TOluLK2AC7)nU+Tuw-j1;DpIQ
za48>F#ky@()5L9sWJrKjazt;2C9yI7(p_lw-nw}8)>MTrU+nuifyz|0mt>kpXF|?p
zYhDS?=w{<h0mMNxVw!mJSWC;0!YZiO%9b;$OUZunP!x?lO$oThA*<^&^pXy%q9r~k
zsE4C_STn432CcZQHbYua9B!H=ksRow)BUxD!dHvTM~MT<YzlVMta1qx^?lM2jIx|t
z6D|;7w3fL*i3A|_^?9p0h?J<zWnXV<{H)~i3R+7?4E+srOB&(L8uKimOGZ1aJS!ju
znR-zJfb245+vuCQnTuMo>$bFus-HWSTu*I9;-_9RLZ2iL7qjJ^Q%P~CW6c!Uc2baq
zuAxhaMWec=t7HEy!)22CVY%f>dzy4ZM5T!sE>ls&EYneze8(_MuqGwmvqXB=gCr64
zlJu0g`ejzfle1PJc@SQm3rcy-Qr=T_NM_uUNgjpd2I#kfsTyWoC||1Sdbb#wCVl1E
zN-#u{@T96pD|z^jGqhe0KCfIV0cM6sZeQy!arqT5;V3T4l&k8nv9RFv<R_O57gf%D
zljU3%BHgknW3*Mm({ft6Cr{*coU|KtO{_#lTdAYZxV7yxb+n|(ZHkIuAdYZejCLy3
z6eewHph4S90-bRtPAadF6~iLB)5w^IEby%1=V6^ZGY4j+`3<!K{v_2(nxq1d-H?ls
z&7^!I-<*`rK;z_UoD!DTPupvHL$CQtmRi0b31p{XxupwFPCo2w9+n!xY12|_XI0Ft
zu4i>994P#qi1l8}eR+|KPD85C!%@;UD>m-6C}BfXIkZ6W8CtqR5uZ-NI<mK6YRO#L
z7g%8dRxFIkA7iX0+kTe7d7%2tPF_1-jc>XNx5^0A1^-Qg7D$vLBbu`MI2o{OCgn|J
z6K%z95qYv5H`Q_FL~(M@sRX*^16&g|U&Wa$xLWjy!UZ5g%2GlPjMPg>Oy9t3elx9@
zEsUWGwW2=F3g<_l&Pt5;oaBScED#}gIHr<N`p_K9uW|LF8b}z77QNVlwV<=QTeQ`4
z=UI@YE-0#&atk^oFhK&%#fRh4=Ql%n0z;+_o}_ePlKiQ!3DY~`9nD!j)Y`|&k839h
zu2R;JvCCN{O)22Apw5nFY3C><0k@RyQ1XseGcQhZ+E0ZV)E#BpR$WUD>PMGikWNVw
zCA$=+U{;$Rr;}QTxxz-(ZRMI2KEJ2&A)}BoiUiGE=CXR;Bc_cbF>TTUXsP$U5ZVzd
z=0)|_2wHV+Dc@|G?aivx8ZhdKC-*v%dF#2Puo}DMVl+@n_Kb<*AU&;=#!5knBPqIM
zHPJcgw8iCq9JUKRu|%L*8!AE2H~Xzi_0N+mWv!!N3*C@}8$ol;NU`QIFBFb4m#&}H
zzqiRlXe{nR)sPXuWLm6ciK#~+&%KvIQ@Sp5mDCt3RW7zvGC0<SK9+E{M#zhHk8Mgq
zD~@6uhbFO(xfPCrNZ2VyB0yC*tfji;S%%b#<D(It!#ZrG27I<{;bxnGpg_v85^UyR
zcaq3)3PP<*L0ZXy^Gt58mYc)8xMiqdqJqJp*h*_ze4VszR^*|Y4C;y6bwlnUP1T%?
z6l`mY=8`Jhty1iXAewg2U{X;E>)8fs<~<2{<R&IiQ1Ov#7i95)1Bs(dx$gUl$E8%X
zPm+ez7YQo8s<Y}O5806t+%-)ARFhygauip^SJzohx}S1JCRBlp$f;xxC$|k%_tvtw
zwVum31xYG86MH1Vh7iV7-iM#Hm-(=;h_;l}K>f@`xRNWA#bID$F5N9lf*qHtZizxN
z`3&})EE&wZ!->NbN^6Sq*ugR{e5P6`&CM_fK8>W7n$;MH#&(SFP_cv~WoSK5K}Hpd
zY5Ad%CM%wr)USyF8EY(m?hc3CB>91PHI(*LX5cFS$r&%Nbs%mlNmtq6ARQ^Cacnc+
zj-F($9(tX!WHB12A~aHJLknw%rN~hdnB5L}n(~3kGtNt{KUIRT{?%!AD$OWA5pzk>
z=ufQhoKhzoJ>RRDc}DXnw#6HRcwtc}r#KZ|tSx5h#+(G@Sp9kid3r3vYFAM`^V~N>
zp5#e$eX@!}F;m9GR5aIxQ`4q;9<{7i_mgR_ix||_5}#^vs=B;xXJ0e#O5P$e!HcP(
z=cMQ%JG%s{(w|kIL{a`&i3L)}orDHXR1PP^Ua^`VGZla1?Cv}wU3LdONx6R}S`l-+
zl?`T+31{OJTki89J*n={XK{kXPpPk9q{Otkib-aUChI2>#ne*Yhs!*bc-srJxSf*c
zMA8s*4ixp7YWP$@Dfr}%qbUpGn8*91=RVb09A$YuatWcaWo7r|Z`q@gGm`9IbBw1*
z$Ru2(6vICAwox&mik8GhE|rNDPMDTP5N184t7|EMbFw*&k4-i2+G20<no^Xlf0`5}
zrQ7bRc+k=u4=tmyye&0m9H%VLs$o60DMdqaE$~`FU-V6qs3pZQ^)oQ*T9*O@ESp=<
zc+pLjjFVT3*8LZ!-GLVB&uzm*tXQBLqy&If%Y0tTDP2@Cuu!{OE#&!ATUj9muU<w{
z?*jq&G-SpRtrvY9wo^-x?tl%M6f>AbiH<ct>rniB$aleu6>;b_b#Im~L&}YD2@@lZ
zD76%(CAAzRwM9Jz@Q98=Xr$NZvPPDdObdb>Co<cT{4=DjRkx*<bz4D~$4R|C(8}pr
zUby2#oD_9aW}Hg(Kb$BOdnzH1HF~lyI&!VCKQt-%zvDsLQYR!|wsuNbr&-o3cDqR3
zsZG968pPDJqOa8eo_^uZ0uRlEEhn6~Q;|7^o-UPpO%KrLJn<oka$(ykZ5+1jm_5#~
zC#lXkU~<T<rkNNm=Z(~eOHH;>Pkcth=N_H(eC<?BJr(ki3}nf*pO^$4>5dVtOrHxU
zbyZ*8+Oh`{r^3ok!E4o2`nR2ApSBmjNtTiGaz%}h>@rzox2hsjw5q0{Njf@_fY{-i
z6C(BVbR6W}%rdb}QC_s5H0|FYGbcBKmcj0*Z#E@N67M~?<?5JhS%UW_PV>;EygH=H
zME{tkrc6rl{w+zcSXYe^Np0e}$le7Bj{E6GS(YY;+GNk=p`bdSj)H2ie2<e7aea2`
zpQ##LYe=)jrK=^E#SAQbK_0I)5jm@`rSYtUTX7Z|8EdJhkY!%!IMKqgY%o;TmeoX>
zbTUtw+?HzjENN$XqedJZUrRMng&c~VDHZG|{ijvMNo703T3r!Y-Dv3bq)7P&?A9C;
z9JIubzm@8LR@^d!+`iaWDlU21B+rXx@+#^VY7B34d_^lWQ*!1L70`suOo>)RW7k#x
zg|SJiK*AkT+QC-J;zH?TyqX({+cJ598G-+-e!17m8-xy`^f6G^&5_H~Vzj+JVI#qE
zOQL03d0PEh?mFC7YhqR%2#J^k9B(JAPEnkr%#7u?@>o>0(2Nls#vtS2=_EesY#WKw
zBiF-_r*q!czl^r?2M;C6ft|7_>R1zjhrAj?*JzGKweK6h9n3Ux$=7z2>aT0z5;64j
zHQ+_kCn#H4bDBqZsZq$OAR-wyY;w>PS%?fYTQ!KPSx@#iHEOj~K#9Co-)31Wa=(#A
zP#ER(I98p5mU-M@zsOjhrD_+I;2n$Ns$o-l?-VZ?$LpCIzgsDzg4`-4FHHFYh7u2<
zD&v;Z!q8guTcLBD<uI%!0I#WMz+t8WPT3dRIuAAVpa=>vgfDxNm`ogdj2f-#>hVtg
zNH()IaY{TsN#7^ulFZ<tQA;gVx^M_a*tP+so(+O-DXKO0S~pym2&L5FR+=kP)dnY~
z1NB00X*9$k%RBUpl=$8)#ZI5qrsE>^;{MLU^jujnqGG|T<s+-#FxIrIef85wfd^?t
zl3<=#ze<*Ix-F&QIqz`T0`7Xq&1sx>I&4+=c_-&@E;xy|n9Gau5Ifya@jSCQ;gB8+
zht=9<DWn*e2(WqeNHxB;Tvj=iH6L6Yz-VaXNy62~d7Z9t7DRTOWq+{ZBwAJOEO$;g
zHe0F2#)+!mXwYzGwNisz+ocHf<#vE&7QETesw!IftHoTNtm;-!SM^aM3iT~FvxY>*
zwOz{XU9%a8q;SB7A|WXckb;Xjh|K)I?7iD^B1zLN7?1M5$(VowJ_Ixp{9C}-Tx1o|
z5RxjAMnp^0(~tRSxl{kXor|$uW}VRm%1k07<Fx#+7U(`Ojzysg^TjUY$vI#1QhHjC
zoTrsVKqLNSWzMw~9>6}D@b$?vqJ`bta}p-asS2ZwCC0W!_MVYt^MlH^nbxu~IuE*-
zZ!j-z@zB&hxDq<o)?dLpz3C9IxQpplfLz>~BOmN*=W-i{ye^OpiPdQyvkKjH=k~|B
zMJ9zb(_Xi<TX)*NG{fOLWReN#oonInTjiIa-2xKO`%_S@6$?v`G@24f<TIG}Y<DsC
z2-KbZHQ3K*MUgP#gT^f`wlND#!;oB>jcr1!?CB?watkH}+tXVbSu;&t4fhY}_Xq&A
z*XClhBM&?aRQEb|D;fjbZ?kqsN9og+vf{)Ps-aPrPGNQ)H{(<DJ?l8T-hqXmG|+PO
zVL(Klx!}IuA*}1!OeT}&9F4(=B`?e$(F<`IO!K`Wm}!xAmMWLsd%0~<qxFs$!Ns{T
zC<7DY23yBvb8|&NwPvPwT|o5_bVl`=wMneG;K*>-xXb`AP_tBbaJjQf?@xE38tk4Q
z*d%I9rm>j@&d0uSY;0+q{50k}@Ra0jq?~Tr%+nmcFuLdti;9UNVkf*P?!LzSD`ViV
z{#Uyq>K+&=a4##=gVEpiqL#(LFl+2+bax*?zxVW<X_TRV=z-IbZunP|fv<0Gfu&IK
z)=<fyd@0`svS;^4$H`Os2AIX3(N(r3@Lsf_&g1#Qnw+Sfpt*~_7KHf8u#oU;zjdo1
zeRL}b_DBn`yoUYFt_7u^IWn;Kk}7C2saqq2wGhNWxZhl{0b*A+MQL88^gDjx%Z7dH
zGZuzN^qE;yN_GWJtDE$SXKel!mX!HyaprSn(bGw_b2=hqWX<pO@^=14;bsE;$FnQG
zg&mnh?gc-UO-K>3dt{LQviGGO;?_1F?Pq@L>QBxRTy=r&Jdmh1%Qbz$mfa%=$ELz&
z?3Fu<uh@scCy6+_BW9O09VDdcUwx-}L{xcKv7Ptna@DB`7~DL)Z7z(GGMn3G(EDkO
zBxEnt%ukR(^!VQ&r=s?5+x;y-skSi31!pZRI`>E~EWdc-viL?D#mnA01pb>VG`qA}
zGrA(#R(r{oFSEv|rl4=djTvNHJb7i+LzW&UFt)fqHH49lEc?MDmTgUi?Y)6aum$>Y
zAybi*ezhsU?kM7K9#yNBnE$-xYRX!o9h@x=21(6ZBxPteR&mNl;1=p(zB0|s(kX79
zhYG^PyB+Yta{nID6Q(A1uQDici?a*kmOI3#cqAthc?UUQ{G~^zub>$yZut8|<dyoU
zA3zDyJGrM?5LUgtQBO;pHjqQA!86BXWVLHqXpRNj_xEnYkwxnncS2wfMZ~^Z>O0pt
zgGeWY5ZBEGd<Jkv?GUjyx2O^`;z+|3u)p?3V=ApNa7CJV2Qz1gmwjwbMT|9h;an2C
zavzqrL)@%pEQ56HVmhC5dpmoi^}cxI?@RC53)qe=usO0nxgP}yd!CRn?IDEW%2NyE
zO6;7Ru@4F7a2iN5t9=}qLr&fucBH$&YuTJaWN`<TT)`pi3?4M$ZVCgc$_r%=Rnx5m
zjDfqLiqN|xv8zw5KjjRkwVE{x;}bB{Trg8Id^&t==<X}nUzR;64d$Q&o!Fvkk>Y-n
z1xy~(1~%=vTXLQdz8Xjk_ravTQ&-1}$4gB*GrJjC=M1=Tgy4w@Yy~?D{b(^|eFBA&
zu@U=<`Kr^F*QlqA<z8`$y_6R>|48<c;g*-MiI1aZ?h-var2ttK&s7;W$0NEv7G$({
zw$iTj`^T(X$hA|OX!o-V76r4=+z1Jrq}cWf-JRPaqMvyQ#tfG_oH$F%)-^-67FxJA
z>$ZdwL(ODhGScR-#Kb(!$bSibh5<q&)k?y97W25iWEVS7k_ro!GoyI37ZcKL5u$ic
zEV9EA_7tX4q}71$+?+6;2|9C2?^*=|$_K25FK)12xo_451a=|aQRmv1?C(@E13d&<
zX=-x`wtg8x-*iq6Of1rIU(8%O413dEhd5sqKnCNiZaFpE3$#_^4!{i55i^%$u*rCl
zk*A=k#Kl!cieX$Q%jO4s4mua=v2J&%w=oXOw_)6MGyu36v|0l90?JG+ja>aEb7b-B
zvfO$oO;sbXs;<SL)5WGUEA^%eY5Vu|KDM21K{wUz{$Td^&0QWUo^TiyAWXmoO!V_|
zm-+luFj+jnfw2hDI4+?Ys4q<kaioC*ygPS#nx_UCHCNfw7ryqE<mYwE*SPa&trkRc
z<*yGGSPjaw-}$2_t;U=uO$*NoGdJbVuQW4l3?U`e?WyGz&293Wx#mCvpU$MSz^75O
zd=%@GNb7hiPEs-PWPmP48+r~%pgoKnK@gO22B!wy2B8zo!A2vYLj_Fe&*)&xdYIq3
zW4m-e+nx5F@v&vl6{;w!1+9+q$Enzbi*mugH>bYFjj)TZvMVXSwQGOmbl4e;T4t|Y
zcbD!h+Y4M|q_6MQaPB0-`%@2oy>+fXq%uk!g2-?6=NM`9Uo8Y;IERq1=7AId@l-E4
zxYDrbYmP;RnQl{HH-!x`dkl0iFIp+Hg=gn+G71PfjM;k(H_RXkoCguNU0A(AE#%An
z@@{=Vwlr@$H^Gp;hnmL#S*jKmjyOu)RPGSPK5ovo9#}A-z9jo=L?3e|Lw8nOKQlEa
zaZoIM7m<U*RnrX?sx~TVh9=%Q>M-vpuOt6sC3yCugQKkr@}<Vr4o<?Ir6UYYXxX}-
zQ@y@~8s8g>1r5wiP<43fFpFPhG&Dp6dJL<JTw%113?g%&(g^N(4VG}-m<~qJ5wvPm
z##*SUT@<7_MO~nK`meM!1+ZO6^%cEXBZ}75#b6+kMs~)hddJ5+cE{4nh><2{Ru~pU
zlIw#h%cs4*4f0iIB@lRp3~Sp~b&)~nPTpx&q9|G*YuTA!$5p*XPEasJg8I~CCl=uM
zjDB8~mum)<S1xkb%&9#0WOs9=y+8xE1CM>&x$jD3bHD~_gEad^r=3TY@~l}N?5hD(
z;>`CxQW7Z$ehrPxLh>UUx|c@mJI$4XSoL6ZPJU@|#5-dFQlS!~jhew$V4lu3XpM#@
zGdMwnkfNa=8SM$APM##q#hq2jXgkdd+Jv3Rzyg?!oyHiatc%{u;~S;1Y;*M9#sfZY
zMu%KI4&r#HA*$NILH6HMp0@?>Z3OS*)Ewpmf9(*-gVgV?1w*!JyoL<VHIz=~1#|iw
z7L=8F=Z4Nuu=PoKA0(9K7SAzPN6H(<+BUdOb|x*g>k-$fzv}FObEJXrttXZ@Jnn20
zIPRic%9GK8iNC#r?0L3Os(il<90CkYI#5+3C@bR+57OnQ@URSQ)>e}uoG3yW*~4-&
z4OWzW*1<CMNP(Rud`vxx?xFnV(wk#{HT8%wn*vu7TF~3V!&~cNt4?`gI(8OVV>_EJ
zrs<3f**Fp5uE89qzoD#4k)U&`{5J#BFqvl1t_EkK{bgrSuw$^K@-B1Lfup#EWK(s4
z+~xQgYTbIojraKnXwPAB8X+BTqLb*N-DmG_G3_q8kTYky?+rTd5sdfxwpVWF9<?BP
zdkl6B^Di#Eu4>_Ty=Y1GR5A@4D1RBy+eJF>oli$oVQ;hr@6pw1O{dCtfeWLE)PM=!
z1ucqYMyP4fD2?{Th}JaE(m=_eIOzu5l_MBYaf5FcYYbyd2x(wqFY`V2CU9=-EUd~5
z<Xz~6{y4J+2hOy+%kePH0Rgg|*jfU;?$$(A=Uusv3f#B?=8FrvtOH5gT&!#*ijf0Q
z8{(Q-!n%Di3R$}gqrX}Pxp^@ibYSS+*+~nFuh|xdXVpCwzgh8Yk#z%x>bvy{3l_bm
zGLCJXT?B#8N6WVpZ1U(MNC{uFE^sQ~(Yvq8!yo0j_c_3MTL=GY7WwPMV{-_bEV_^v
z0$rwsuP)D$Xp|wC)+0#JmIRBPZq?O2T=v2&EnAqLC3_9r!&{HfM3&tt$iO44;R)#v
zCq&dQ%RO1{v>`Ho;pyfJm?tq9q6Ik;=tjQRiEC(XJ&;pFprcP=2B!8Mf}Mu8=|-f#
z?awS>&@8Yvhgi;G*JH<NPTQ!PIc+@zhX5L$bThdxffROQl!s5{UN+oFgkjrWgCTQf
zPyz(eO9<XS-cQz#*p7_VxVr01Gtc%&Ye<M_uNZ;iX$M2i7(0uF&3jKRaA<f^><B#n
zGKW1FzF1h7oFn~si6q9=?-{3a-2)8NKCW-3(}$g7q79x<rl-Di$F3T!n0j$N5$UnH
zK;$<|{VK|x@?yLK^XAf?n0q&YU=ecp)1ZW8@;wm!%H{6!V|Hxw<RPS*tB5TrVkT|r
zmFN7Ahp2J!4XK;HNPDCx_m)R9<jT)8tJyrzwa6>T&f@A)ZOTpP3DuI+H+1sAknS%?
z+uUrUf*AWz@H|XaAm+hl|0j<RALJ6lpN;8bjumHQdFqyI`2@D@=V<=U_VXhfTOoXT
z0I&O?ID@(qfCdwEXAX#^Z+d6g6KsHt*ZEB=6Gq9_qjsNKj-Dya^b^U?Aru-AOfqoY
zqo5InRF0unc59+*bKgNJ__S8!5iZP*F!UoC2IJivb`N+?^U^&AH`mbSL9NLE=`sub
z|FHemDTW@7Geh*)+!l#__DErmwo;ts{xfrqb~^TDG>r<V-ZAll*cBKt=rHYI&EyC-
z%~v(7_n09MV(>J?RKfJHa=B$~vI4a<`;q77n{tWmxeGQIZQbrS$pt5I+Mhy%$r!z8
z<x%fG?<wE8PLb;nj$uJb&NOf;L1FgUW6;?Jy4D`dTnimS1ASwN)x?5aj_6@N_wJxb
zfy^k`y^f8u8uBE?3^=ZLVT!n*6R`a10-4d`zGH<QFCdy<6~z5pLJ$(jz$ut5X>F~#
zi6Eqybhh;!8TJwx$@^4eaGlK|qhykVHR{N@jMV@c?#exA!Ini0z*8U5V<ghPv=DKx
z^U%)nOxGo3Z12PLwL^@>M1sUEC1{~ipPF~&gt6{dS%W5L(?K~4lu1hnIe-;E1k7#V
zImzaEF~hG5q&}HdX4BOFx;D1qO#`B`>;mjK&G6{1+~PDKyrY?dneQ>*r9n?%THl*a
z3g-jE3$1Z6$a>kU6JpRIYpD-GYY^~M;0bz&{ppS-qy&yQb7Xsx<kV<G&;wi;>^WEG
z@86#+nq!H)E$~mwVHuNDQ_I$V1ZA`fvRWOW1hfXv?%Z-SdH>!l;7-zIHKNa$9sE%R
zB8E-EBcwUi?iV6F*g1gtVT+C5On0w?0!nEo?Ajw<U>Iy3FU}pdFCGB04anVkC^Wq%
zAVr)s_YD{LaBRQ4z=&Ps8fK1pGh)`e=w`9U#3!2?DPK%2+X9J2B4gt-$L;Zs*EUbc
z=vo?6*}yW}Hm!j0%W=k}_t^+5;d5ZnfNyi#Odwds66C$~pO4sssu~JxE8r$>I%4Ob
zC6R?xRV6zM3fZ}I^-Jd@0KG5a&h6z2*1<Zx6D8D;M|-;C%GpLh%!piqZePrN^oWcb
z6DwL{7JqE!Z!mYd5)O14vDl1R&I7SRg~a%?gO^RWxy@y4<k2*~(vnpi2*@HG6Fi3v
z_RPHtC_Y7ZJ=b?1E#cWzXUr%z?gJej@;jao@;Zs?QO)Md*}b;6u5P_^Y(<r^V7yrW
zMldBe53V8S&{9fK%X6EF<IOWU)~ApRHVk{ip~eruvh?UtcP{6`U=dN4qE6r{zI@7m
zUq9OS-lAL}q0rf0WEKLc5H+X{9G5^r=&^P`lgSyB$nHJrJvm5CjRGrdVqbO;Mzy4F
zlY$<2H(To@In3&zU1jsY7TW|H-@sCLSt1bvC*C9@BMJg4Oj~~Q=+Cg5T=(rQ+c=&#
zON4uBQ8h2<ybOHqU=P(O$7~yf^>AB0t99+M`AgYg&oY87Z|DnwDC2jYOAV@6qlUD=
zc$=11U5w(HHD^h7>A4>7Lnj=K2tYGQzX}1DlHrZoX;eaQ8>NZ+JRZAa4?YsA)L-`;
znw|~obo-IFaFSgy7mJ*W;7?raIQuYD7Bq9F4InXqFk&91<LKacjQXE`j^s*CLIl=O
z!=_zA-zekft%tlSk~3x@1#3|7@)1VkVG;XNzE|h-w%7bx+n&5Y`F;z|hUm2l^etm2
zC9z<W5O%+hb7EE#A1~&Mz#yPgG*57EYKTR4)W$cy^2R5S7<+DRisxatEcyQJ%cMTh
zOinXX%!}<)!Q&=feTW9JVAI~S!HcQW&&?uhiXKCc<y7v6?0|pOVVxP-R(*kZeoN)o
z81NmKWTBKgbn-aRuW3vbNHNr!whR%JGPt@AX8cyVazy%dwTqHA3qv`9d}8EAAeRGj
zZM;zjOWP<i<E)$69QOVeM(AsJ+se^+HEuNUSC1my@c>b7ynB1h_cFS3XcXyK?Cy9J
z9-ZqmBT+qDCf24{uzeo`?xaqe7(FF7A0vK!uP%yLbfL|i8AsVfTOVDRLJ4NOf%@UO
z!SkqImIL{qlfwpOR3t8}3!(rpKrEZtJYZOgvN7z+KcTxmcN(?5!ZUW-B7Kma^QXnm
z8&nokXNP=C4fNK%0}R7Mk$8XWewGi;E;FbXUiT^x{Vqeqn~5=Pip#=j{AAerFpACI
zZq21(9ZZ>>Fude-duu;k6lGgnU9VGuA47C=Q%0L(hiZXBovXviuZE2nkLJgo`^Xxi
z!cYN#u9vKm<_p^+k$L6{(L;#U>Ds%rV3>(P`(S_2<W_mUA@+Dqn{O2wXX6!li~(DV
zK2~^X*~jy{s4iKB2Vf2n(@0?KUAp%B(l*U|^HnTeuy*d$ZL-cN=$`ap&mrjtHcE%S
z_HH3X;I{m!<rF+;3vhP?xzwH9Miz^v`}bLalH;kF3}Z2y{?v^LGs`F0K`n5Ez}+?U
zZr5NSc9w<5QZ4d!Y&N-Ji5g;4mp;>BX+{W)TeWV1M>48G^v)Earix9lw7ayrF8bkR
z?L8lV0J>!pfD+aeo)l*;hc<OFn;EjFb$M<U48vYCxPLSeLl)}{qRp*{<N&KSL}bjJ
znPE`whv_8$#>~74xmF-3d1}sXX1)rAOm1i1mOyya@|`Zv%;N<X#Y6h$ZYOzyjK?5Q
zLMV+k3|JFwt!AP8?Vf=Y0i+(r(9G^LZmzZ;Q_}Q>jp3eN_iv)VhV1TAL3MGbQxfwJ
zrQ^6-xQU&=L}sThM2W+6ZBG~lvj(<ox@MP+gn4uA4+Fo0j4VgB{{@ym1i(3;*xr)V
z_lQlxyi~C#jA<eJ9>Mi<onvXae8<H7*nMz@@YapoGdQhGpX6SU%&6FVXGKHwLeK^p
z7@$<z>kz=6oyTiY?qY}$%{b|sb0ub&;d);`cHo8E6diSYMEMM3Ft$==y95%fear5%
z`>*uZq5p6L?mGD2i|YhhQe$UqLaQz?0!u<p@4YG{ooZNavm8j%L+S&P48DSAb4+vy
zn%%;Qr}hHB!?eHj+Sdlia~xs=(Fa!aeWV!;lCcYTTr4nhrJD|0oVKCa+_ScBCGZZp
zXi+g<L*FYt1=7`Z{%JX=m=&HK!cCj2@#K5ExBhGw!z#vIh%aeIeK1pQg#IoPpMT2I
zLu@O#bsnAn*5Feh#9|r}ku?)Zh<oQPF>RPWYJ}{}nF}5Xl^}1%hmKb;H;gWNvGACz
zawH`1nSI}aGjC_Rr?8m~_-Wp}Ldc!HL&qXW-e7^*!tWB|b&Wq9xsbM8_wXG}GemTC
zZUoslwj<#E=$))_WsD{hje0k?Ko26@adzH5MDDp7#1hNU*6HQ3Uz}r=cM-gO*agTl
zKw;Xp31&&0dFI(5$ga(7;ePHcx_|2ZX5!4`k+wUK4Jyq;h|ridWJ5ylXk+GwO>ytT
z+}Yx`V8<`N@gh&!Zz+I_u#OF~FNB_x_7ujstWZe&Q;z%M3&YVtF}ko|N?TD~SAJc<
zJmr9H>jX0DDM#So94m&dWY}bmm55wDm^tLqOnkV{OC(Pd5yyfI>Uq9TgIgeQZ0i{o
zDm0bDuK%fE*jt{Vuwih|>1|UZy;uz6%`_SxyY4Mt)T*^o@=EgtOuFB>{GJL-hUNth
zl#oHS6<5qNlm=mgd<k2VxJ{V?v&>D8b5V@{&0HrI#x}8#uZcoRU2HdquN)(h-0g<@
z=8Lj<m4qlqb3&G$`=XH!3rngIItatiozo7g%{;g`kt{d^|FZl(KiCS=U4gUCm}?;k
zr-r<pPo_Hu^&O<fZQVD@T^A4Z1UQL*bRE5W-}1BbvPu#5MEel*$d&mxmD<H9J*c~9
z%s!Ehc<YNX(5+={qtnZ^%djNt%HRpv<u~Se@p<=1qZvZyactqIE6W+5ca{g}$<5GK
zZh;IZ<T#pO;*&G}1|GjPK!T3J5q>?}?6^L4(Q+B>!E4QltU=G;exz^CJ~g!z*cJRo
zmL%*fJNlqfQI-j}w>5P+x)B_Ab9cTW1A<LZPnM7Gh3AHSyU2WI+iv=7y5o3_8>nwj
zvXgFkV8TkHxg_$uAl68gZl@M~BwYQb2PeJhFSDvHQM(m5rsrmam?L6E_%C{MnTcFP
zhGcZsEtQ37VSipCz3Mcqg?s4Fc#fPU3T6lWE|4iS#lLYwBYjfo0(M4X#B-9qQV?94
zoQOIJ;eQOO)stos0b4gnn>q8XyV}d%z~VVn=Gnq*OqZ_m{Qu|~*(Q*H)8@gdE2lho
z<xC0yXA9Rk8gg0g;sG`x6Lj83*=O}O2Db2ZGx>U#*?$HhS~mH?rV*+`lVKfU(N^pC
zuH4DRKRYEO_(CR8xfW54FRqy|u^D4(Ys(n)f~L8Hy$3demfA?0$EndNDX^G?+^Y(?
zTitj*-4U;iv*|HQ57=}eM7s~(=wOsmQ4t@<NDmumqV^N~_G-55j18>>_4y@IpZ5h)
zHpdWtSrrVeatZ0cpn@`{DvNA;%z@8;>nywK+86Y17JCW*Fei=~IaPwsRDso9IPzg;
zk;8pZZ(_NBvrow6yUdudqK>J@P6?R>@XZipzbuPnAwhqAFSo9Hb6I^28|!R2elp0l
zK#0rS^|J;xf|cafwFqXvYda6cCX+oM1rERA$r<&wCKw_LKn=Th^M6FPwWS$3M&KP2
zh1+F+bE-=29P{E_<sE_&EdMtsjuh9_h38RB?-~eVv%^N;L-E*(><jjTS#vF8sf94g
zS%Zp)Q}vFJycoEfB#!pQ2$7y!px%(z3<K$3x>0&S#QV}BTr~1$2_uh=Jbpdj)D^aA
z7|21J-)=E;R*!-6NsR;j7A#M2c5NB}-V^AdUpn=9X>cR3$|NM*&EX@4cK5_`<_4x%
zsdbo}gv<(*dBv3h+;k0J#5Sz`=&w73gG$&dJ2{6Z*L94U154wk3at8p#D0@uA~e%4
z;LnTY6+Z`;`WmcKyMm-qVI3TKEa$QZmGRtJP@UxvYMe?%*1^ai<o4C2z%?!1D1e@g
z1$rNL#)BZM@`yX`tl7f(P$#sH)*<#G?p#^;oRw<tZZ7)<ZMAe>ftlk_cW?PZt#P6r
z+3)H1&6WhslxT6!KLoYd&ZAMc;8Y6%u-oEU_BIo()$vKUIP@1+-!{a!MmU#7mzg<g
z1t=+G5_cl5ux-ACBu~VmtYHIFf44s07)jE4qiJAU93TLFnm;&sM902bSOWo;gv?~M
zD+~}IG`XYx(YGJsAGT3Pa^LmN<O`cmvuK`;+gSvGB8_YbUCwD_EsOT)1<XQ1m+NBm
zu#gVb*=mXDLOIf3EId)U4f?-ZMT!6*{w`=z*Sj3Ir$BrL2?%B8taq+VBwbpJ(HMJM
zCs!VJ=1H~fppuFd&8=B><vwsyg6*6+Y8PVa1*V&p#1p!>=g4Vz*QSM>lLdy{6uF$X
z0kNp-v1yixcvA~$1Uj4f$mYdP3^Q<mnuBC!BF0aM!h<b9?Z}Flcu;ULMtT5GZWEW(
zZRP}fuuvNjhce;DXH(9I(k8~!QCxfCqYH$btD;-1$gC5{bZlcUwSV>u+Ks=eQLxp4
z_g2+1R26fTZC^P7<<<^r(Nc|PODB{tLuje{93aw?A%rgnF+I3^M<530F|$M$aq-B7
zZJ^ds(;;||#MH#?JBFUy0_c07-tR^4@r)qcm<6Py=o0{*qnLM*m3)#d({>Jz&Q4vO
z9uM0gWo&0#Lnb9OT^Xpb4>M+Uu=RoF6sDJ17-D09xrU_(#%GazJE<A%S$Wj)6N@h9
z2=w>LBij}zKe{`I^r&;Tl)%H{8)(}3KfuN;)byVBw+YmfzcJr+@V1{U300@>=T4RR
zB@z%eq9=rFN$|O=TG`$R+a%|IUc+U$a1DT<88Gr(V%w&(y*WpgkAVt;?<{*~)1u-x
zJdZ{LH?TBmkEa>ii(B-Nw1=Z)1ZFliY$+e0Tf1kjN$sy<R*<T>MQY^Ek;};QhhGqv
zD#}&O(idLb0IL2JAG4nS@y)bEEzNgntWS^74b+X?N%dy_`=dJ+C-?5}1on3dJ%88+
zHc~(got4RHIWbqLT~E_V=AFkVy?~csDP9_VcdKT}(7kTM#}*v{elm6jn0KlK)(dm9
zDn8q&F@K5-1knQuUPbL7vK%%itb>(&)1hC8B-%Z%FrWEQe~&Kc4X4kVlWf+wm$PkL
z@7#`4gVh_Cd(`-Y;L{vu<4<@(4_i6^`Ur`>({?Amuz}O(#X@*h&G6cNFBi6aX>u%A
zFGm?$NmO)pfnE1n?z!YcsdnKG1}RU@i(3iz`)xyL@zMfLU(g0yfX0<?+a4ryJxn5!
z_oA9u9=IUR>82?S0~pR=>3*n|e*jMj>@6!F)G`%WY43LvC-`j%EKQS)&7TFeVI!J#
z^Dc9CnB$%tDi3<7{MlB<FiybEE~Y;WdeATKW`1;q^QlRFtZmaZceDG>V?!2j0k6$j
zqVRU2k^2(5xAk=ON9bZk_VIb|N`;7Pgrwy96ihYcF3MuwnXyay+|;tB*P*A(i-}_g
zsIGh!#^d_ZN5)Rg=d)>c*N_t<Y&%c_GGMjrJdHnw)gkK7l0<lmCEL4i>g1XtVZ_*D
zG?~I2#1=;gEb|<EI+M;)yA1={iur7uSz9+(?jTPzDEHw=oo;G|S(R#BzHJ7{O0@W{
z-3wqLCu>u%MYBx_B;_7{Gl*}C>%%mp)HYj;R9mGOU;$1t>&GDE*bSUAY~I}dvIyc<
zwkWThWOQmy>UFck+x(kIq-pOg5W^i(={3S=>tl(=-a~IxJ{t0_8#7*VR-tn69xQz`
zG{e3oXeq7{9r4((51k@<*(Zbr%%|(V_HR85eWSj)Pr|}UjEZ$$V08miy<3tNAQ06M
zEaw8B6>#8iF}IMfrvg<16Cbpl+78susst-7|BM#+20K<p9Ai_L_Om&2Ra&=MJkYLF
z1|EZLBTw>1n54@l&0YFM!^1rf-!_-?5;!$thV&FST=u^y*Y8^O+~}#r5KWDP%oz>Q
z+(Tau<_&;a(0SyZ^w@WBhg)c$@z2Y)eB(Zi0k%AAx8039uq22?kcZ`BZF`h(G!u&3
z!d@p7JjED`)<78}C41E;TZWhve(TTBOx@UyWZz*oEE6C5M-k33@sO-7b|m923jIF9
zl0FETl#Aj*WUg-;!10q)6!6RctHrRqImB)dL*gFsxy$a4oYDZneLJJPn>MFi@??vR
zYy?WEN#|NaE$WR;-~dJn!W#O$50;;`?|Nqf%P#e8Y&tJ3j!xM+LY>jXo)#Y7xUx{Z
ztvQlCUsn0Uro8`OdziJmcd4sC!*}Qw&sn>7hwh5^;$491o8HBNoZaQg5Z&0KLOda6
zZp-RO17NQo%qZ-f7-G?J&zdWj>{WfOD~4Y6?io3wb4$g4v>bUgv3bl*E`fa<vVlMu
z14%Sfa%B*?wm2Wfj9XpvhX!Z1%_Xg;7OWSHbLN2<K%~f0anVMDt_CeRH5)vMYKr+f
zlo-M3^@L!*c%lvD*wk{@!$7gfW<*(oJj2*Pje4TP94E%LZ?ah(o{H~eAvEv4n}PKN
z6<bg{-gD?gpjB?*wo;oyy%T!eDbMr*!V%+K!2%&kcaW7FTNvxi!VV?Ip~ocVuBS~l
zs~FPPEW^#10uYrlYi=`m?u`6-0`Fh%oGExcg93ttiCy+&JC%)VYE6u7bkZW*i^cYv
zMA9UiKCBfBm;-j;cXk!IUBCzEb~Yofu&0`K)=P@D@8Y)!R}|UZ-OL-RZ{MB7!Yo9_
zC}TnK*-a?DFT<U2QLv$eb2PqbGp}9$aUA&ToG8T_IlJ12r~M8Jw)%mu+hPIk?Jywb
zo3^{S^>rWiFEXuITEeb@GqiIff9G2iq!(D0hpw7^WayYew7<JkE)ryKY}qDm54Ea-
z_~|7SlT7IjnO?ys{7t8i5#DN$QQdiRSdfOLRq|28Os4QJEG$@h;j2Q)ka~_`CmvM#
z3{>dsHVirO-Lt1C>^vJ61ZX>Fnly%K4>s1o`@6e`32ok)CJtuH3;`5~z8DR<>||>&
zAN$tLk~rbEviCeRb-?DaLuzhA5c6{%qm+%@tZ5H;GAsU|xLeQ2ti1(LT+Q|`iaR91
zf)kPe!Gj04;0}YkySuw3I1KLY1PJZ~clQAjba0uV1H8$XbIv>WzJJwwx9U~(?pnRN
zd(Yn8YyH;h-aXw^nX7gsn!&F0`fmm=s6G9&;Y2P%Vke)e+=jQ!(O7>dPtOFvV=vHr
zGSnFGY*+Wt0*lJ7XMV(*pL^%xbCl&vV#Q1IzBq2qiX|(e`OHac3%0FgPcBHO)w6#4
zEsX*b<1#@xGpWmA4T9MO))f0W(RLZ_3+jvM+69s&NwqFM#DGqZB_Y22i-H%ize?&J
z;<*L9YuLFir<Iw^13fC5er7+8_#RAVG1=VcPC(Z79=KYps56F~230SZ4<nTaMvXpf
z<O(mae?;UD$##0Pvm~4%4$mXqn5;DxmCKD*{7AEeZAd%!#GIM!cJkA*VGoR_bP+~4
zf@i!IE>$}7>6r|e&>SQjh<$vluft`z8mu29JW(hBZd!K|6}+FM9v0GWVIZuK-&#)N
zabIy`t69ici!j_o5M^Du39vprCtcRJUkX0w#npkM{UlW9g;vj2ZaN{j@SXLv#)FQ?
zLm=e&BHHO8i(%*bC+NIYuWeH-zyjY(0<C8d@0jE3kGBngiF#C!WNqMBpJ}6bg5x*U
zq;g_6%k2=<>z8pBAK#xwBZ>d&9KXbEaLpn4g&>dhDKqEifUX~M$3$<bc_xX1mcg=c
z{sy8+4*UE_)=c{IMcspzpu#S#*kCiRp2NXj+{E|h6l7-Jr-7k(Q|=d^#|lC>_yw&a
zN-{&_PeuX@+!!9LsI3VrmPmeV%{%@KhftIhiv-;(o-MAutfheR;xYsubG^Qe@0rD7
z`ayVLiA5cwEk#~0=lKzMf$<#qaaaDrukWMlX`UfHB!G3lR11edS0?1(2=x8U4?TWA
zKuNO$aL~Q=nudj&E$ibUR@R|HVY<v|y-Q1%eF@ojk<jZl7uoH}2_Y%nX&fF8!kX6Y
z?w$$(`n%ZOivePRh{@Vnsz+x-Pw9<c<?U{HoRuPdl<9cvk+EqM<9RQvP{J#61yG0I
zK1ptok-XJ#Sn;tAMXjaVFK`EBe?Xx&g{_Yz>YAkOO#8T>*I;Egy{V<YN0l~~&XG=_
z1-KD1_3SGqS-$oVZqj=hd!1K;oe~9KfP#{ZPUP91d1bb>w~db57h+(meEf~OBV4Wj
zYK?Hfi(yM*RvEEf^!z;!#Zu`rO^E#Woh>2*B$loI@g50`SjkAFTD0F^MG8a{ZTO^f
zn<RE~+UO$J<)dTtS`p7P%u`NU7UZjiBI%ji9;UK#jg4$s*Zk2&G~PI$E))ja4RiDx
zoA!sSi|v%xUaMLv*?vVvVnQ6qV^+&{-Li9%D6(AoL~#2v<7=YWp0`f$@NZ_vx0y~o
z=p1Srgz=_W9z7qRVK;bvU#5EsZHbZ3ovP}XK;O%f#{!_{IUJUC*UC%vZw243nLDPR
zeNW)1sPgzRr_R0BY40ENB5y9;nUqV~rr|*@f#T!DO>)9XPW{LZd69<v{P*)6l9w)_
zg2&&?3=jm$(rCEO4rNwzc|V>T=0TXN!zF!ZiGz4H7>NPPjKV9iu6K5o9y>{MSVikR
zxUA{LR9I><;P9}qvhVYFR!<MQ{BR)g*w+*x%JW@sh@`x8RC{N-EMDSb-U^KO5*4%#
zlg&en8R(ba`DV6;k3mS8@59eEZS}=+noF^Xe2g34*F=yIFH)6kVdf{s$ahrMkZ6xY
zZN#)y{VuV8n(+%giFt*^@O-V>?h#T&8qKN`cSV$w9HPax5c7h(kLyR$npHS0t#x(~
zBBJgI3$ahZ%Z$PmI;}$29NUZ208CMW6pkX+4@+O|clnCWMSj?QwTv;uRJpVHs`lhA
zsT`zxPT(nFPJM}chS?Y1OkHq{y0gKEIOycu{07K|t$UnQ^<G%9<agbevbh0zllOGb
zWY6yJ1LXl+x5R*?h~pE3?u25N7&0#q{|3>b^D%j>2M0NSw*y?bdyUA+$Fo>Z0~hCe
zpS8(?+f&8}0Kt`IX5u80JmX^zq=NGUJs+|zWbnn=yjhi^eeYq{WK;F9f_PjJ?wV>^
zS$GZXs5yxj-j>lEm=<edR?6?R;c#vUjZEY+6;SKIzH!UbkOt>m%lFs~-?7?J#~mwi
z(dpf(3v7xHI!UE?{Y%k$ax>Bvm?2KhIr8#|5jv}fb}7m6lkT|^LXK-UHS7aBPx_u_
zuZOvG`P@%U%)i`5ls}&`pWED{AY9l{pVH*G#K=WY23@WX7@Fwad{ggbA~s^@?l(BJ
zFa>&Kt9OCPiZI7`)52R^V)W?D&y<H%<Ht^!l8kk-CP&kCBqVxyI&@OxU7R#d>F!}@
zew0+3d0K$J^ILUiQ!Wc6W&5?dtpIxAKS3_Tn2TM4NA|i&RFKDpt&c_S5|m17Rf2kp
zI<L9mibF=l<zst@`sSW>Jhu+==~UFZRK;ligHjFQr0qkI)ltEBvBkTWbEn)_D($;w
zwdj_7R~n4p7Hv6sJwiKJE{MuHYQ8G-1ZAp%O-lzYohCh<C!2wG1s<oSD-l5VU?V}d
z>*aLSPWkOz+X+$T)%oz5b+0TD<5!`?5;=veA3UyqY(2S8GNrl`1vC1abYebF1FPnw
z1|3p}i2LMXj7Q&&<z`$>e9dk?67%KD%rf*8C)xiV1TqO7{?3YYoPf`;*Gu>5mXpul
z_^z*=B4<wAp(bTd`FtS?fpD<}lii(Bo~^NWHL|-FGU4l@&`QOKs(K@sX^B{sVas_4
zcg)qq=$*wNsdr9FDfZb2K~T-#U3#GT&Jy;OzAKvpautNCC31cnIm7fGGyF%mp=;Bp
z+gACpUt^H!)s2pZdI^)qZPja|yzrNP(^rRlYX0x9bV#Xur2?`&K1RRkljo*J=+{v2
zuKSI;5Qw$?ZQ0ZH=XuVd(xbpTv6H3`Qf)lOv)9?k@(hpa`=7N|Xe2;dfvlMgnm3Nf
zQR3rx62^;FjF6Dv^PEmnkL#NPEgOpybbRxqyefo%-^0dr&_g@JsNB$oPM@|lmtQ}l
ze0tKQ(0P#^Qg5c!L{ix|D36-vSu6%D-X3`-eOq>Xp%?hH{F&wEj`@wDwVe2rgnEnQ
z^>R@|`Ta=DJ$*t2TJOOsCmrs_5_~<BmY8N6+nHi8=-y%d9N{9v<EaTsP=m;_grxg*
zd4w6UA9P<KG+~4o?`EgO;^u&Pw$3Itv}`748)B+MO}ncUfOKp!{g$FYGQ8M*(N<Pa
z#rwPPUN<{prWBoV<Ca~tW)eRtw$*h~&${icaD1hgM_rVk^@`s>kb$y`SQfH-EthBf
zh#311H7fUMp=IG;C=S-O(9@6_54Q;A1}h(E=C_q);Q3-USAPY2H1UUsj4%$ibLP`J
zO(L8A;o$);sVQPYH*EnRvm=KW&c(76x<w7jeC3KFU;lfJ7m-}rpY!sRU5r!|;no=1
z)zL&kMGL9My{?Y&NyDu}FVH;@IjiCQJxvKaw8-2tQASBFgm#7(nbMll?ZNj*A=tls
z@AJ^Gj8mA6pHe9jP|rV3MFY&t;Ufo8g_`lRjk787^QUi2NlpogG{ez|613QgcFqtB
zpN0u)-LW~W&}=rvpFb2F*-AArYoFU`j@vGCf0%s7C6N|2Vcu-j;vb4tXV*LCY|15y
zLz!U(&-wf~QcjqMZQ_ck&ah&z{DQyfK)}b@y)>*eW*j!JAAFqBCTv>Cvm+5<ltB58
zYc^vd6d_{u1BF6<l<G}VA4X&9>sKp;1bgj)2ok@}=TAeovR-Wslnj`?gbcR0iQM7Q
z3tk=vwkEBh?5}L7Esbl~GfU*Bp8k4IRyNmpa&eoXvJ-pfCg`4O+rfE|R0Dli66p&b
zkGoXzB^q0MIy*vT@UfIgg+qNjtwZefao_-u+P-!N)wNep%Ywh}VEz;wMp&km@;%?$
ztQLXibaq#;!A(YX`*J}ozYUi<%qfXA>Qa+8Xc^m5Vz?qwi~SS%1@kw;`-zY^f5%iI
zF0=?S#>31#x?KLSEDcJ~5x<w`Dh5w8FVobP<;=R#41keYa+S2U>av_ScbpkX7U5o#
zH*wN!d+)Z(fyO-CZukkO`JELN<9w3&>?&WVWVu}Yj<tJGKgyk?sNI}be|{G!sh%>b
zfk@xWI@p%mS0T0)3NdfUnxY{BY3KU&;&^ha+4sB5)89BWc4E`{7tqMUOONSwnR{n-
zUb504#0F2UGOwOCiE<;`^6hK>K2A`>nT>JTHte8$qoZUkhzc;0sM((`wew+jxXGS!
zM&t|^Yd1Lv-^e|-0zGlOkTJbeFfs(+nUSD=<<R(S&M`4Zsr~kP{MY>=EoSa&YiLDl
ze)b0ii_oamwQ!R2HivIk&i>){HJ%Q<j!I;*SNS3BMeEO?P$Me6Wj>eGR^?@-#V!}-
zV;A>=mju;x`_D4ZJnhiPYSd@aoaj=^g-njZ;Y1{2o56H@JOS-F+;Ved_+viIRL_}D
z2@W5pobhD?CWIz<yD@E4;5C0X>8J2<)xuUm4li<!H@pVNR&E^9kuGDgNlF3s8`!&F
z(~8Y3AHeH+jMX4<;fol$>}*{K8lC9($)jEtm&+U17i(lKY-Lbzpjo=7Bz42vF2EV=
z!=>c|CAX}Ef}9OXcT!O>Nz!<)aY?kZzn~aeT7OA9I<4k5tI*9akFylto#c$^)}tJ6
zee()|HLXaRu%UYsnP23M)6%If@jD`852q4=m26!_^e)#^yUoB`HFzJLHn@RkPD@iL
z&5M0@2SIo9f;B28rCIIF(`Dh!pHxRpHUmwC5o&UQ&=9Y(h;aD}gzJ}YDS;otYXOdf
zy${D=?v$=lr<rAr$$|;_+4h&v2KNG!^xFPcQa_B9gA4Mf6g+##J?$n~3QsNLpN@ku
z$O;}`XU_!ihwU)1pL4Fo)HT|X%~z*n&q<18t2Sh05>o=fn<EakjVJW=*U81=!=}-%
zOO{5Si!l`vvgOy}Xqa>h(68#WBogW^y*P5@BMaWElA+jRw=t8N%5etQxnNx{0k8Bu
z3@5(5v4RA*GK-`<u)=R!x0I?}-6!)+lVI7FZ>)6u0!LN;Vq4J^<j#XF=1iWPkMecJ
zUat^jTkgiB3nrZI7RzF!O?(l|Zn`HxRQ<ZQbHJAmaibuO^>F3Q)Q0|MRcqomGgJkE
zXLF@-B>Q|z7Y!znt#(p#-}zX*bZ5+d?hld2?6)_Gk3eRAM*S8a`8k`QPiOg<ha>&%
zj-?%5KZCInP<{CC-XBoR|C&2rJPC3v{1Vq|r%L<Li#{Lq_<?WD;PfS0Q{dZ`#ichp
z1=a1%x(~UJ3wk%qm&NiHaFywZCI#RuhGiMpI>Y0=E)(UmnxXAL_pz&JMPi&y?ECAt
zNAY@mP8Xv{ZY6rr<T~MSd9BFsGK+xy>iJ%pdXXP#@Jb*KQl;n^QS+TeD-5?yoQFr5
z{Dsvff>A411kTCHn2#?U4;1){Duru64{J5)2sJapl6p6Ur8IS4ZkmkN2`qBbj9#)}
zmYi3U5+aBNg_$vnbyPkN7Oa~|VYl;vAU?(JW2H`pXo)n<8M2>iU8T>FWjFO#1g$bA
zF0pn|XeNX3LOtvXr>)t##4i=IDfjr6iK%<$1zt>I+}I{04w&GJv4JH{Mr1t!&sR?L
zu;XsUtT2sfqJ1|)tiNAD%=^$eyo_R?=2!?5x}<y>H$<+i2qGmyuQn0(Q9teXl<{Im
z$xj;ps+B^Y{lfo@PqQm&cKbXDiF$7RNTf&6emcSCimlER(|%}5B8Z0__<^~<T~&1;
z?@F$!F)H0Cgr8oj=_AWVHr~*0|D})owwaa4SOuz1c39fW5>)RmiqI^OE8<Ik)syRq
zqy&xOrjb*G2L}-kQu`9pnCfuj<DuQP5I4NW-jOsHHE1_DteZ1)Q!m)Ci5?Lbe*0k1
za2Cp#Xr$hD+jdhL-(w~y{~m232Hm(+H7n2OeLg?%8y?wxD7n{~`n5Bl@cYUROUG1B
zovm4jv5ke6)xak>x0JfP)~J<^GW0tCNMNCdzut(&z2%TXVV(p<=lOaSszBT9@}eDj
zV)C4bD+N?8i7%v;Zi|sE(anID9qU*)_;*3&PaG?1QroSPgEf+3vii`7QwNaFrw%sQ
zf;TC{IyD)9E&Imj3qejGSKa3*qk|-N#iL8cHlX_%fwqn1g#gAYuK6<uiVyGYU;a>j
zK(UZmUY+`4lM%!JmFRe2k6@MufuU*bT*J?W2S=wgd)z|Jm^q`sZP1VARR=hpblcT8
zGEp6~Lb)AVPt|0*cfUrcOQ=!sy|PbE&s+XQ6teTt9IV~##fX(&@5FR<FKH4>-H_86
zo|4_VhXp;3=BTCC*S2_O7+w3g>EVHz+oGyJPHI|$h>5(vl24*A&A*eG952{}Y}QBH
zF>VA{Yj;X23aUKb4GDiJyX9B1dHeIMoT&2$2W%sT70LFSA~~P6S{$EE$}>4{U&3TP
zPWm4XJmTLM(U{vh!%$E~{V|t*wg<mB?!^*aEm&r(KPwTFQ~TItiy0oiZb!!&D`Gyg
z%hcGcSU=DsO-rt6_@u4(`6#cef!jdI)_5$LRp+ry%e_~7p6M{#z1FQ?u;j?0ZHpFL
z^!V#!_}db#HR3ARcfrtvV)l$w{epKl!@PLu3w!2qUP?*c->NFaDWjznl-Wh0$J5QN
z-XIfGb|RA9XzX#}VFKs+L6I-MTj^0(8}$d_R1a=v**2E!@4D}p++~eHZU~}gVx5!+
z4Y<ZvtV<%0j-_0E)T`dY-LNTf-^OO53j#S2_*FsVumbteO%V>;&5ElD3%zj3$k_D=
z%k8|Gw2Ar3IrQ~_^<M6QzF#iBPs(}cey-f?k{eaMcH7eA?S#%<4<E5T$Ggiv*~!GJ
z_M&y=C$!f#n194T&K8&U5qubCZ!M*QpiEjteGRWP-WoZi&oP!}f<fPsp03f-<@z4A
zZOdu$&0-2a$q40Q@466dcak0?_>Q3cy|Ya2A=|xqa)>@{fB(ivja@=57i4DYcQW>9
zQdr2i&e^4ZBw$GxHFQ>!Xy8nE>Q@TE!?m?^LbV8{+~*pBFeH|ka@PSnMDw*^;hmsY
zn_q9e+?ur=)TJ&`QGz`kQfY0|3>d$ivO1!mGa?k8<cTRYl$NF;s;ojY`8VM##Oz+Z
z6h>pitP&xWJ<N&-CC9VmR-bPFOn}TQ3lfaWkbT`_+Cyk`Yw7NX2^Py{R&;EMMi5MU
zm!>xS%&T*E6GSfDOmM0Wf%N?zX-V}cxoU{akUb)^!y{~XnKFbr_Fe4hZatV@pV87K
zDLb0Egw6|v_01batheWSwwprzg5Ft17w6Qjds&>Mwhy_&E6-aOG`LuZzt!{6r)XR=
z-5MT<(1Lp_z&2eI{J%Fo?J*KEq`68`F`0x<>}((fxCI~jhH0(6&)2E_$YHwn{nVuG
zr3GgtNaIc1E>Ua)-7(|0RHB0iy|%RVan7;Sk|FNjc{kZ7%$|aNr+&ydvW>@Z&e6l7
z=PFl^Vu(w@cm*7VhmlqbKL`uBC5RE%G?z{jN2i$*4mKaT{DNQQg|ys<NOSV{(s!Qg
zp(z?-5?l;0S_ET$tRW`&jy^8b#$*0c%3n*yj6A5ZR_N=mhl{Vu@mE`VZHp815fe79
z?~Xc4R|rwOo0Ax^B5~_Be^mDgHFA*z^ZXL$YC5hIg9lhEsI#(gzNc_6neTMzRKR9S
zYa&uMQo*KbrsVfySvfX+5qUr-@dkFnqRS8dx3tdpwz2EqwuDGLW>gy@FW%w)m~ehx
zHtfho8XXvFU+<>6tdlUZwBxO=`0>46ur6fZ&M+TCJ!;=wF`GYTotsU$u=b8L_j|A>
zzQ79+0Ta-U;t6%dOSz^c9yYzSQ~&$fohXuq)^8V{mq?U0_tH(_DP{E!h6G7b89Ilc
zMW$Sq31=}|o>iWPWA3zjl*omE@pCc(A2=w+%D3&wnacYZ;m@^W+uSjTi!0&Sz`~a%
z4~Fn9@;7XVrfFL4(2i%&6Cc9Kd_kO?s%8gMsGqUUPw5EZBRiKHHK&zrC$aa8->XA%
z)<y@PYsAs}d(KUEBud!y-^HPS|0SuED@peId?&i6W}y|`^_i-52Fxwib>sqDaj}7H
z!noWcim*4y{QiCIKpVPAWCRIrGh0zT6U%U`0?l<6i}|JJ2giJ}vpG(=To;=g+^ERO
z9+HUA=z8?DR`(yU&zU1na<jOQl9v44JU)*hezFSl;{wGAu5wwO+#G+|N8BfzZwe#?
z{qsYC=h7T80;^P8FUay9CdU!5UAc3h0t1PSU6}*}<DQag9pVbKwKIL(N}Ph$n>;RP
z9HkkjgoEb0ddpcX6)~qcO*Gz)RJ5#5TFet~`#;Bta`a)^D$&d|SPFjTQ=-6+Yu7d!
zVvkT(%8^~`eebF7EG5jeKz8C6;!lj_5mbIw97Z1SvShWbShGmtUdous*M&G9ALQj-
zy5JD#v6D<Q8FQpMKb-tZ!$_Y)BZfAUw4F@D<drVS1$Iui_RF(RI_7Y{V&kq~yP)E{
zRCTa&3VEabh>s-ARgCH4dQLEuWFAD!uFr)+K3C{6)v|Rvs*=r}v)VC6Bll%zG5ts&
z#?=Hm`-EDU=4xcvUx31YIFA`~MCsP1bn<2@tYvqLT(eahQu4gQ$89w29KqHvrdES>
z@q+)l^fZ-z&$`PC{jE0Iz$y}E<#EY?bItK<@{+zF5`K;kR`!gpQ+{9hy!Wlr-_9A&
z7*EE`sITmI8&aQf9$Uj*Oako$P@BFkw-|<$B)FEGZw*#x;TKW3p?$oRb}sUj>6N=o
zoT%pI>SzD4cthP@<GPGcZm8t4>Mh`AT%Pu1I$0vnQfS;<(IXzjE64Xjy4G|5L}8ZY
zqtS$|^omFPz*ZOrhV|T=OJ-I~3cET6PSeE-PNwKSwLpQy#!n{*CKKw#F2OU8U}mgc
z<Wn1@!5Cq|#^4bXG^)hb-CgO1fbD1f`XmB34`zUyFM(sPO=2F%D!OPj-oyT-Yi!*a
z{0BmRPP_9pku?{@HZN9@p3)teatfPWzB}SiS8Ac0Qd+N7-!WZRwVA*x7v4Pv;%r5B
z7OtK2RlJr&Y^XFV(`ezpD?qGkL@p2@aM7_VY~we!$bpAL&5^5TlVU}U_jdkadmuCS
zJOhljfDRm6ynDAs(Ly`)FiUo{ThWb|-)PH<#B`Vo@!pS-81!o8Q;ng?V6A5lk+y|6
zu$ou_I!362SvDJID&ExEWPy4vmWrQ0iLdy`db0@>1WD^o&MZu9St#ct{ze^!P6s^&
zfPOq6E_z$G^lNlGTg>$IiN7n(XBt29HSnV5#=g_lKT8jHt$JlUc4P1u_b?Xh+s)yV
zH*}s;XQCHBhsYXLy(_f(<(M@RcUXs!-FO`|(io(!8_bWwm20cCmfuRSNUg0aiF;;_
z2ca?L%OF1Tq-`Qjv-ilyN57*_nw-o@nPcG0ayDFZ8MHkjd|Mz6SD6056@RN`?lE1r
zpyeB4zE}*U{;{Fh*=m%N-n1n%z7>1OnB(%rGKBR&kEVpK9mjnwXhkdG?I2TSZ|)$2
z381idgZqQXmQv_--urKHd#^Meo3T>&g}*ksNTgatihy!?X+c9zZWgD5d~^DaZj9MQ
zCP<@qF*>W<65^4upFY=k$Iohoh#T91tV+L~^AOd4d(&#>8wiKn;65G4m@h}Gtd9f2
zj&oae#<TIk=2yFp5{WC%7hg<p8&=Ulk=E`^)gaI=8PsJ}Qk=xsQ=oVhu^XB6uQlgK
zD<E8!Bs|n2wx}W~#KmU94V}+|pE}0(ZMTq3XTE0eaV02X$MQBc_Sofi=X<r|6qEq}
z3)d`24;kD++%J<kmWFcD;MEiVRtu{Ewc!4-cWXn>wJB(&how*%afRT<%nHZ0mHqX^
z{%MRM_fJKYe)}$3g4CHWwSElsk>#qYcyUR;EkXbz4n(%=$1e;+Y$L_?PR=U=?>?7k
zDjNEai=_6D_o1!i1kvmxGunv}e7&iLeoEaW@+mQITmI~Z52a`4y=haCe*2<cYtipq
ztPNgXy>4=|XHiQ36+vwY=g)1li(gXl5dP6>t9Byv4wCe6dl3rWLSuAdkWMJZ@4@#-
zs>uc9nkc3N<5c>@v9;L`&Wc?PAi6`4)O?u0#3bKi$K4gGapIzvX*zMnULJAX#W6rT
z!;QtnZCcV8`(<yeohy~JjApGshqC1SVnDwMur+2+^P7gql0aGF@i#yB&D!5Xk~;w>
zKC(3=-U{F+Q_Qv1`+c#1*KBQqcWd~l29dlgHz!>eO~_am_FG7G1fO^)UkX>Puyq!X
zGB^`i<w3tA>StTx1jGL7YH6!}{+r(%ogb7AJzl37vAZDSp7drZi4yu4l59(`-x*dM
z4K>SHay5+lbXg(Jw%{~a`0Rp%gYBgwN@{;`o1$te%8@hHQ);=9K+LJ`7+LR{>4Z}i
ztzc!;`mO`Pq(|NxI*ioIOGr4oLa6&m=c^lp1X*C`*o~4Ol)*{<DZpGon^nzcw5m+U
zio#aU*P-<tyNt+d;gmz$I$9TtIe!%eVGphmwr0pVu$A`yD#bW-Y5%j~J5z%@x|Awg
zsqsrZ^NEJGUP6m;O!G>u2e)6`-=)%MU&eBc`BGR~Ucaq$GTNsnp_=kF2@h}g-F&_2
zg{3%f5z(p(*d2AD<TuKUxynO@x;y=<T9h22r@nnKCuxe65YFko?)NJ;Vxdu0(Mzz2
zdk^n~uNgX6|FH7-D{@Heg-OQ!e4CGj>|E!%sz_ogPpEl<k{i-SlAePoBE$5ct=<AT
z;KJt$#5N#&qrJf^#vOz<(2rfxX<?i0-&_*mexvg$^4i{;n`~9^W`L&)1-pR8JPNPv
z{;6-2K?4&p*U>&0$>Xihkk5D*I}@A>JyXN(yu$nDO&YHc>$cPJERj>`nI&+q@ow0l
zHwk)5lw^=b`_1+^ys-{`_wEcdqf?HBK2eTwqJopg@qq=&6E%T!;ez8*2?1M~ZC$yl
z>Gjj@7zNIP*2MQ^S&W?6?U}_)nnIt=kJSwKb)L|)1RNn4JT<hE)|#;(r)wSFhwnVi
z6N1lO_2rhz?X>z?d>&Bpv*y@*ho%S$(!2Dqx)uFcl%)baZ}kBG6u+KgpCjF|p|?gn
z=&I_KH80j2xFsSNdbk8LiN+yhml8P`NISRtHK6kLw;ygrPQI!3%Z{(#QiMKwyXq9R
zx0MB{5)H0*TawP><7(m6&#ncQY!uMEDWZ|EL4ABs2l-*GMK!cX;xg6ucKJ<X_#H6~
zI?wV>L64*5?M^xf@EEaemL5LNIDTKg2VlH7bAME#M#^+rSfdHZ&GfUi{|Ve$LYs-l
zvy}uLan^HzT1{{sdp={MY<)6F;X5Br`t_+`xLo?cPS}BZjQHTzl6O99$am@U<i1Uj
zcMj_jUQ%UhngpLp!5f-!)x;0$V)(nUb}MA5K3+z<f<$(~rqnN*IaVEuj85eByiM<G
zB0+R7l{sXuxlamB&I}cqh>B1*_9?v!;U#S)Uj(lk57q}gc%yvml}V0|K(S?d!}I?5
zG{IERNog-Uks6C>d)S@Zl1h9^!@o|J@hd2XQZLCLvmnv^)IK-kslTPy(cJ;x*d+o<
zYn{QhS`<LiFXx_fkth&vR%JCN6WhsZb6f9aT}q?!h0Df0IlKq%!{9MyNwlE0Qan(|
zNv0}0!uidiuwh9Rh2;C(54}DOw<(jijAP^{cUX2OqVZFE2g-{ic+|laJ1#is6*v9t
zBnDbI9n#AXhqq}qtmEr)grRx8S}BRQ&Z#Sc-*{9%2~4kjH#$w{>k?mlwqozX`S$r~
zzq<YVJIRdB-4`J2no;t`X~bEQn4iP!BJ54*eHv*d9}gs2%RD9)OIizjyinshyW@uP
zS{?zXRq(gpxwU7N&n{jF3QZ&r912m!5UvbeE{-<xIl7~j-2&KZmT~*Wp2P;+WwoU<
z?P(A@xUKuuPx7q+T-vRc*L{#FCieWceXpyT*sNkctXH5KKpW=B2bLO9z6phTn;D`h
zrTc~+lC;eUuxV_M8T>1MHv*pvQhx2Gej3v$X5Rg#lR`1vI$^^(FSrqZRyzoS4v>Qx
zx)Wk(5x=!a?%f1C(1^J1b7jL`kylILSM)Xkt5Yn@xO2rJ%lQ~-$1_qQ1w&cu-k6no
zuYJZ4II#Qjqp68A7yETh!*r#Y$j37Tx2BhGkaD&6BC$!m2d)GqHjcI3?UY}rHjWq*
zFL>mU?W4B@fO|;20}m+}*WZ0!kd03n@<_|qEY&-T=g|xo>1RCc!L3)b#mPd&tw}XU
z@sFeQ*mM5)v1@sq%H$HhDH%#ytxa}1naIAt1vTf`CV9&|^OFe+VeYkEie`wNr$kfj
zO!tJ?5{9$n-aQCqGE>j<WW_+6qj?hJ<20k|xY1F-)N;8L>Nk!k6yd`4mxvMd>@9E1
z^Xv@*JBQHqUfnbTwouDTNI5m8T;X3z6L1gGZ1=NY4-&5{xum*~txD+-mB-8#_FI<L
zDI*Iu=8YfMq_@tLvGCUd++S}KK7TvV?MD1n(>H&%x|k#Hh{e-@Hon@jHL;kqRk|`4
z`HfnQ={<w{@EAF<p-LNMqd!-~gxY&_lKESM(n>b=xj3_>=V#(K#-zbn@lGp25%=(!
z?00k@IQMWlGbNeI%wk;7-1o4L`?O}lCoIFo9l6?C2@P{peyQO3S~A-egwwyfQgX)n
zrr!LCAm*xb`RAwyBnf9^GKaA3;`KY9WL<&tnS*fUC~Vt`qr8(-02L{c5bR%V8}m)7
zd^&<$)L&LlgyGp8F+@Jgf=5fP(TP#$(^o}3X@-BlF@5tBuE99;YK9FAb!8SQn2(HW
zeXCwAnZhj^H0@(CG3Vmf_c}*IW7_L8TU-4#WU_H@-bP}#K&Y7;zTIqa=Q?%#H;Ytt
zU(~zQhu6H#r>Ec&^{?qe%LnG4TLmeu$kE9j&t)Ad59lqss(raKBi?JrD1Ik{!z6m%
zglZu|<qkBre>Q|^%Cq+`x!OH<Ki59*PhC7eUKo_?s@};^16}CvGGv})s7n*4%G*m$
z8QjYGN*4o)7fTm&RRiQ7H4aq+6z&*yAuF>t&hndM8u$7zLSYjuxCxfnlr7oL>hf5E
zbUw&zwnIAkO3z%o&#Fsd%$p@hcGtn2$Gz0+JxDgQ4Xn&eIoPK#?)Ci*wO_a1+|8QC
zy}#_H!#?CuVsn!jtXl)t?V4>Za^WduU-+rZM!xTQS_5A9D|Shp1o32-<LocaIVtQv
zWlTcEb0;BndULHao3LvL^YI~Zve|}rvupM)WwP0YckV^5Ln<UYGjJ`CBuGajLu56G
zR8%`SGk7hSBt%CnBV<jCBvdCfGjuhSG)yNfBWx{<G+ZY<BYaJQBtj=5Gh!`*BvQLf
z<&l1&)}O`oTq9k`ocZ8u>?HVLEEea!qO{f<7KL<KL(~duNywoKVM6*U#kn<*x!(^l
zIQK^}&))4tb5qX6zrJGdP6AAy(pvLaczH_;S@?Jl7_2GjVM%Y^i0-1Z+e!%oPQf^w
zr^7x<aD)S-mXsV4LHhjDT^c}DF*TJ~#-&SKfvFK@ElO~=LR~R9wP=6`OZ5@tdn<AJ
zUq{hjB-KntRfuxlt>7+%REjj-dbQJ33{UA4SVQ${z-O1hCuZ=OvqAu@i#%?CPp7k+
zAf881Kymj2#3Mi<pxNfW-LJS?=f3@KGd^|c&22W<LT;EI{rE})#yB5!x@NnnA9W5)
zN~Y4ghF!Dfx<Q<eYktK6?GOhKh3D%fh{H4R>13|^k>^pibXMym<H^ndyqWT32e}Y^
z?kWm!Sc06LFg*ImKF>}mzkBj&FA{4l5xbL#NW|IA!hs}3B!WMcih0OKoHCHNxgJb{
zg(o~L{dgfuu6Y4-LQ`Pjr5)EihE+~-l58MOjG+F(W~wXGk}Hz|SbMfHYYynYr~OA%
zPHMobe#JJaH6R{6u$msYx#o`))<CfRW=a|SiYi^&W*cKBi&f_u|Gp^>)DUV4v4q-Q
zIznA9J)yqPKu9Pw@-iA4k9xn0D8wMdD8MAdEW{%4QHWKDO^989L#UCTOTeSp8c-o2
zfd98&Rf{nI6~Y3puG0oq)3av_Vv4AK1N(Dej%n}>{iD7B2k&hqW<W=gYO#p6Rs5pp
zQ2LkgO|vI97ZHOwrD_g<jU=qRSmP{=mSPAff}J>T+?K*pOg|km;{yEL-Pc^&el-DZ
zYLs<V?V<(MtGLYCfomEST@BjoCZg;|Z;DE-%V*gy-p$~3&ixZ!|3}^qv^Kz68-E1O
zKgGj4#Usak<Br{LN6{Cx4c<WUYRYFD^I)r%8Jb}2SlB)L9^zjZ@-&(>{cw_4<_&1S
zNi4HJn_t!ys-RekrI&Q`Im2Bz&Tiv|C5GI5N*xZq3M%iyits2;lo<nRZ&J$Cb?GYb
z)S|2*{;~kd8k~ha%^I*~*KA#p2~X*}g*~Z8o)ozu9`be@UUviVa<Perf@H-+g0+jS
z0Ic_l{@jop{0<a+8b6m%<KQZoofG@Fvmxp=;A-FE=ERLrp3a%LE+FhKoo-8zMZe-^
z=1#YLh(!0zqBrj(xVpQ9`@TTY0m5o9N2-?vyH;T}XTY%QABc#BmO-l^-!9{!$(L!+
zENC922wHYob@>hY{jvqx0queGLx-W`&}qm#bQ!u1-Gb~u4=#@(=R$Y;<#Iych=AD_
z&;0H%6;OPV{-eT{V4llV2zkH&cis`Zfe0-}*Oz}3nFS0H7yI=!yk8@KTTXoMj4dF&
zHLupn(08Wi_V6IDwv3<*`YRFhKBIe=1<d#K#X;hx;9?|BiuyGKSzaHK_j`Fp#9*eA
zL5LYxPI1Q`u%qaTvl)IWN>D`mQ${trydJQ`oLyF;t6W2?mSiKnIsMv?cSf@9W2vfO
z>C|b4V0$fOrFiNzOAuT?^#?L@A^D2AkSQoo(B*!7A5y71S9=Nc2SO^Rhvc3oVeeCW
zn&Ize0M<zLhc)Nd)0@iQf0$1h{xh%r?!_s=eOdl9W+xf`oV=Wm)_>L70EQfH4>H~M
z;H48-uIHm$dlBVshJSJ`q!31A`A_RWMF{ScVX6r!Y%ie%Y242gQ^K$(?+ert*5i=E
z?h;BEj{8sld2mWsEm)Zt1$iM7zmDl{7Vr@4*Vemc<8<zw_(~}O36#yU_XE|v6Cx+Q
z*q2|euVh!lNF}txGs9tv3Sfv$8loMN8L}4g52}Z(hLC>NhN1f!4BfTEGR0TJNJ>=v
z=od<#=v}kQhoP)6?NfSDlre8WP7Wcs5%5<1{rdT9+d4~EEVB(%lJ|BUGoZ+zFq>te
z_^EA1Bw!at?H20JN#4m&Qu`&l+~-;QCc~uA&vgkh<5wKV?B}`<5$S%O`6Gp}_j&=7
zLP|&i^Ef!<kJ+0!n1@~4VNZV2l(1H7fz{BtZ^@oRRr?ik*aO_sR^n`-P<d4o1qeIp
z1Lm(fy0xI_B3B@41lx!#Y<WA1x6l9xYA~0A7(^Pktfd6X-ga9iKNT3=AI;A=DRg_r
ztBfG~i6HLu8_aq@34T+PeCt+7$LWghvi7C>$2QHLDcyWhzWD??$m@2#`83m#uMN%9
zhJJE`_411x7Jo;*vYp_rJ%>Bl``GRRWeK-Cr%~7Q0bc@gDEN<Avh0D`nk;)5#(7OE
zaWbc#e*NOwIz6S5&Yb!rgA9Wd*iQeZ_w;ib=`h<kqY=YW5YpXtF4=Y#^W<F^$IW|C
z%l*U<6NCBN=N{}0KKN8B)2+cGKn|gsL!UolfmQl)tpV}*J^L4qPNg1m{cH9A{9Nnv
z+?k(}NdPQl@xt0RBr{!x`2h3KlJ+UFYrB@sPrUOa8N4-iP&t@7+iReA`|c6Pjo<nx
zZVqOJ89eyyk4`gMTH8M>GGZ&7$O}!`DHuSaNV76{Y3(hoEv)xaS`u1g%A?A|%7YxD
zGE;SK+@))GGxWzayqUl-)50(jRLe1~|HsAAFVF3qo$7ANiFNTV{)1JWvqKWJ)0=ZP
zfBl)xjT-RpYoNXZ__w=4EhMuRCa<Nsb3(fekE*jmyID{9o6rdVtK2`fF5rOs8I~;l
zqhvz=*r$L4lR~_MGuRP<lq`@l+53HW`Dd8)3pGQgPX1QSNuo^7O{M_ms!^!tq)=+)
zXygDX|4^y9sT66sX_V=?=@c2c+7y|&nUq<%Srpkhu;<mdzq{9lwJKXc>fP8lvfqR%
z@1t)qWlb$KLFmHZF3$D5^pA0p>DB^sA07SEW>(f0-i5i{GgF%w<QDY*sVEcxW3q;}
zDpT7-sr`lwX13a3ZcD670Tao|beBxQBeBDjr-wu)`$pykPBfR{_p5@KrPq&FSzY!^
z5ExDvG(+6}wv=*Ad0%s4S(~m-4dVi^(z{ThZ=rbA*{r+<u%MG$Rsc|}*sG?l*oo0T
zT4V;hx0kG)Fo5jA?tG=Bk9#NXtqt6Qzn3^zz;(KFiS!>kvghs#i_lLFY3{NJspY|S
z`^~Z>z79*@52mb^O4Zs+=mZW*+DoJ(NMq5y;jB{2TUNFd-P>v3A7z=(r(ZvER@*Oe
zJg$`LwU#_DFkAVx6+Z)~tTv0arf$+YH)e~vONf7`rV7SrYtI4LSa`4<tfcHdGVXH}
zr|8Y`OK4PEd6VQguU-*Gba{_ITM$J*;|F{Z8p!>ncu{(*3Z;AcKTSRhz0SIJEDHG=
z=Xy*}UJJ;Yt>Y^)xlurUe0-!O*euUu--I#C^HjlckmfT8x8SY2D;4NelGoiK!$D+e
znmRr9-D{Ouf>!5?QR-ZA;P9F5xs`6*IKhZ+(zx1)Zt6I2#1|vC_xFg(@Z%kgZ$Jg0
zMBA(j-XK6`NJnxg0h3OstV*}TdBlRe%yU0jvG5D1CCq;PGq-&qDfes)>_CzWI^RJL
zK{1S0q0P{<=a4Vl^tUL!0tPv)pJd9Px4*goFV&uCX<d-7+LN7|=3(byHO#ZgayHDf
z%ZfK-eb|@QYe=~daTdE1sd3yRv1m<SKT3{mE!`dtOQr;<GwZkRG~fU_TzX5D<y{mB
zCLZ|=L>I;d7T9jie6e%;EPVIbi{c-y<ZqvZ$~+5$9eS2>--ksg{L*$RE>qB@u6d;v
zdH7@D=c=Pw3$rdk4Z23?lT^UA_IYn}Atu-z5X3z}USLxeRIX*e&dhC<mic`=CUcL*
z&LwHE)#+%x#mjzHklQLR^ZT@X#sQ6;Ym!8pGy|w5-F{tx+p3JTd0sx_kjBn!d$7&P
z2Gr7Ozpl@1|BbYHIi`*BMiA^fd((0xJ(UzY^cdTo4dDg5&h8hDNyjDO&_2erliqNF
zZMFWk+Z1rS?E?GuKIy#$Ie6>WJMwbuR^-;lvfpJVExRqCmW7symVuVemd3K`vf`F(
z@BehO%9^7(k)Dgp&{XW7j`mm5YW3VroZ?lwm_*K%_<g$r{*_evRWXNI(5vlFqG4P0
zHu}sr9N#&h3w`q$mB0aTj(zLh#qZ*jtnxhcdY^u`5~`@Mhq32Dw`*H&k|JYXZkA$g
zUT%@{#hgcZGO5j+={M?b_+^Oh&vDL4XZF_Doq=+H<fQzuyh}i%d4Kg9u#$7Q>Z0aT
zV>Lx^(wZZn(Xg+5tve!kMdyps4Pp#i&vod#Db<j3J7V7qtSx1hK};E{#L^(H=GQc<
z8dcg&7)4YYEXPtME@qQ5iynOmd^L)gJXDG`rT@3F6ti<tY2sulQs$qvd7Ivm>-rX%
zRJwMkhy(~0nfR23JSj9<0n#PhtN=g>PAfoyL_kruG7|}<FJD`{{mnb_wM-g;Sx(5F
z6~)7j*RkqeonrcspclnM^4~<xe<xr$X8+0gTkKzTV8#CCB<<HJ{;dPc`B%b9_xxMD
zGF3?MP$(8U@hko}p8Ug(@iT8iL<WPgkcrXRUV4(9e~ed-Fa9gMx;!<cf7)UUlU$Oy
zs0dSb_ZLuB@GHIgM(fsGi*Xo(`u`o>;tPf_sQ*jq0d=AT48Dk6Ic=7Oe{^P^r@Ro<
zQVMFR1eMi-${Ii|&7hWcP)j$c<p-!`2-GqLYMBC&z%<8k-{D^>e+ZqwvyXwP&fM(U
z!6#=b>T1}YE#m}Zx^;2{WB;Q5N&Y*EQT)m7srT>d+Uw=UtuW#B_O22ABM9KA1GSCY
ze*%p75B-<(pBUrMBYY*G+j;WEgDoo}>KxViNqYX9Rytg8ws%01S0%eeM)zIC%Y}%_
zAB{gp9rar1b@6J@7D6g|8$bA-pB#v`f#O_?Huo8A+xASsL$GFp=GFg$a&CFQvM~i?
z4ym@prXzY@^im=S69s)ldWF^Z=Ce{{&&xq7tj|PImNFa$Q>hlru_}kpx4(3YeSyy-
zBf7m%=He_Sw{evb#>R1#3C7>!Dl?3<qh2aYRmD$v>q`Fd3|Xy%TJ|(I1v;-(UX>MS
ziuZoWBM4*oqJi`c%~*N3AWdB4YXM;x(-$557BuHq2L;RGJzoo6hp_}3AoZXHze0OQ
zBq1D~M-;{yZh|%ZA(8ciiKawvbOCV)d$<MGG*JPolu6p4a7+P77-zT*{xVTLt7YM`
zL~l$1X&Cnx2mGy%eXk-5i6lj0^T@(@zPKPApv@|m6>3WM#uku=@qO{YKS%rZYPc{>
zQaG-FB1|CI2k92=^3}n+WyzknqRXoh6_fIhOBxjnjk}}Hdc_qgs^w+#sugsN$ugI8
zzTxvq|3)Mq#7;PaDVC^A)w~3wcZiZ-VzDTQ1yurz&_>=Q8ofu94o}3QAy#0^E0U7V
zPc))NmJLtAVy4qq=_!horb;rVL6(osK;ojaSJ`?$ES;ZZObf3VoP#e&=dS`+j3z^s
zZ2SQkwg44Lf-V;KO|g_rezGAQylQX>k^*`Tt}yk^i$9uh)Ou39TMTMlXq_k?DDEt7
zEUqptF3v87efMe&EB5pGm;9*3t^v^KZoS*Grc-*D26Ql5keujtRK}_EWR+6;m<RMQ
zI`F;dAS%bjTe8!sJuCwT2tD{gbVztuG;idT(t1Aj8X@!}MbY82GnyO9&7}3R{xHE9
z#!n!A&n{=4H?EZ4%l5+zWgI`9j)UE{WNUmny_bE!0%ICKpYF42bjh0-<%}MV0V|Ao
zq;fidY88#4{B%Yi=YS2yGJYMMsp@!1p1e|K57&Sl0&IT;I#;}7nl1V1%pUGu2ZSx6
zUi45^tkO3MN?CoM2AmLfkVfc|RT)bS6=t&fcm`ZB4v=Qhi&W)k^Awb``*?fZ5RQ>n
z(7)r^(rzi-s>SL`NiWSkslUlF<VW#}zC_wXpTx_fl~T;hF%*FJiM}Q}Mc**#p^a30
zLun$2;un3Nd=*x^pEGdvU0CRcKgtvSBQca6S_-H1Do;fCM<5CUHZlno2bra?QbL}n
z$d6zQ6l`n~G5~*Bpwg>+QPF`=3=Cod3`T%%S&veDzNpwhI06nbIXyqXw+v4CRe|W|
zfk+HoWNHjKK-LFg<%9xJn1Ub>A~Rv=;&*%qOn6l&EHMy`L4wRlZwpxe(4!n*C@MJ+
zi$OskK<^8HmcgmKEE1L)h(~x!AWk2RPev!K5?>@N-J6I&LoAPx1>i3aRC!q}Dl?Fb
zK##0OUj@)D?@>u87L^@H!C*#)^)tYi4o>w|iKtv}8Uh=#8OAt%7M*ZXLW!{aKn4aE
zvK{?8po1<@^<}B3!ax=VFM%8VF<`yCM>W1wSaBc+L6E?Y9*Pg8g9E%Q6ISZYLl7kn
z!@yD_s}Kgnmx(G56d*_-$Iz3h@mB-_UX_cg3>0C=AOkTN)pY55014%ys=ct|8IZFv
z_z8UJ;naw#{^=hVzv4C(n18#ZRzc4R{30VzoS`CH{(dQ;@&hO1za1~KC3($8m<!<8
z@{bF!P&0cWgZy|GZ~g!7?NxwuDnM$Q+q`Y>=bUy#W!m0q{Np*5;okj0!lQ)Nx9K*C
zt@P<fiLGquF!XK_{FmdQ2pk1ej&pAvDVA^W^1>eWPQ>gV+jAs5!1vmhL@heV!faiO
z*j-&B8z^EyJ+6iBtS*rSgtIW~&?2^17tI9rm{V72p<AnqW&i`tsk5|*&DBNH)r8H>
zqP38X)kV^P@aAT|TFCn9BB^RUW(2lc$lB^6DQbacX1cJ`h}A`aKoK(nIW1%rb%|sk
zyqOul7O{f5L=v#qbVA^dHT>UT-FkG)Vt1h7a#qXhXH|!-x;6&`Q#$bVxXhT@?m+#e
zik4M=)pt2{?e`2!37qUKMgh3SqP$Ty1Hb}aCt!;NY#Q~2Mug1|;LkQkwH6xPSNHE8
zV{Cd+H)ENL)|8PCZfZrthW(;5!l;Z0K5HVsR38jc+cG5J&?LrE9}HH@GbDJgiHxS+
z8>D7vNPw@2jHEso2&6J3K++_JQ|}E>+cGeNXb?ly2K|Bg24*`N#J3BiZbGMivv);j
zPD@ESwB&IQ<Q{xrw^?w}lyqtm1ueP4J*fxxsom^K{a>#vmtn|l`;RTm&*cAO3oGWs
z*Mryn=e_6M*PYkx*R9vh*NxZp*R|)>=T+7f1pe*Vs9BTlwHDbZl>588!nOvx3>h6A
zU`X{{4Eo~1e9KXR8qzeHR?TKw8NE!8*d*gwjjLN3y+|L_II3CA2B-|3r-yHp`BaT7
zR~b4>AM{;@sG99_W$<(b-1pJjDh&S0;7R(BhSB9J435g+@d~&G`j#pT#>(K)iop8O
zv?{jumBGXGi1qZIRTyNI(S!6Mb)%Y9Z1|PY{q%@+s}_G`OZr6dw;7r`agZ8<A@E$o
z>{gA~PYuNYSf^ojphoPahN2I2)SzBgBX(0m&;zn+m<_9;JE<Y)0?*Z{Th!3)7IGvR
z8{o-X;}dylU#JsTvH`q`E`@<k^gjR+<yb1jg>0YALNDQVFX(<Wq>7$SasPZ!-QN$Q
z!xHy>lqOP(b9KB(u>QBFxViz(>sGb1>{hpGR=28Ew<=Y)%2g+QOn8!LwEVY&0a(ja
zY5nUfnhXPwS=Hd>fEOwREdXRDH56H3oeDu20GUn=UPjGPg&+-pOsxhl4P;d@iv%E3
zsi8=zohuV~0*J}gP$YqM%4U`TVq!HEiQh?s$S*L73D`b($_>ZIzv@K{9ty!iCB|kW
zGG!cAicffh7&HX`0+AT`e;plow{=Yaqut*Cf3@3q_m6h}w{HmZ68~tovG~6{Wda63
zUEd$=9`td8;lg3o{0z}5K!OVxC{L}cO1ub=-~@`uo5`sX&jKVkfbjCv{Ho}a010+r
zkDM8!D)A^llnodtM@?p;tLrPk)EV>7XmV7Rz~okixD$ZD0{kXxcA!Gs3P527I?0+X
zs}MH=P?&%pWvPc%i0c3djKB*SvlbQfY5)QQ@S6;EnF@M20D*p#&mHzS-fz8uSjzP8
zl4anEaRtk<6zL0-Mz@OCxXQ8Q>E9)d_7veVmm|s27beQ&6|vEjV@cCfCCUUA;Zm?N
zb96nu51o|cZMl^K9`>vKB2f-26VxTI!PW>r>Qnof;V5240l=;i{~6*S`Fi%mA2z8m
zB{%CjA)Pk(j~w9W6>kGE?ysoG+dOy=&d!9&Z(*=~=U@Cw4mn!}He&EA?Y{UsN)(#S
z_fh@g(iYA<@<*={YleYeHJI-hD?a<fM#S6RrZrM~8KyNddu^sQa(k+`ST%|%|B}99
zwgvht*tkxWcm01xSNNfz{|<0NL9hVh{Ehz-f0_Rs!w-qT{Ryy={~`WE|K<EA{(Jxb
zXW_s6zcJO#{{$FxEMlnoVK^OV<eu2P=eVwU1P8*H(?LtQh)hDL`hGYaw`7(lJkzr-
zdBA;P%qc4NF#iBt9KZh~u<cu&`UAHA^&bDfywFbxP@GS$t035C{ddv6^w75d5J<s0
z+m#pWGP_$eBps3TGzg0E$#iY{*Kl-y)CmNew|JCJeii!%CUE{gVlH`^on~TC4Nvh8
zi~ni1#QWpcr~eKww?4rFjPp1COTg&=Ex`C_|AhZ0V8<7Me3~J`?n^h`bT6o=bops+
zFmFYT5yI1Z;+>46o$@M+z$$8$I?B@i&OMVhQ}=!WI@=eQ%XP0qKiQ1fSo<8StDQ9{
zo)kXb9l?_&^|BKGuMvDKx}zM*5Yi`_5EHgfG(D{UFak{w$ndt(1RG%A-OKJ74F0gC
zx6+XQ6#iEp+@Cr<tmtG(|H}M_5oCh<iRNF?{dAqR=KaFSp?$FysM21I7bxMD+a?bx
zwpY0+)0roi37O5cpNb2a+J8B@v|GvwmR(i3Ig^{an|~Y4k?l}jk{4IXk<G&7S7Xaz
zAy3jkBd?VdUM0=G=z1vTSHh@3IAm2A%V5Rp1Fd|wTDaNq6bm0a@_)7W9Y9en+uEcV
z(hyWKL(VxT$sjrBAUS7H6cEWtB}vW-$dEyhAW2CoAUR4#I7kLX2?{ds&kTro?tSOo
z<E^^&*Q;AK)q7X(-g~cJ-|Ftw-QSu$p9VUuk<F>3f3wETrCbi!-r<=ck3CfC=^QW)
z+qUN2JoxH~XRtn^38DB)k=J9}p=S@!WNF;|(1E-;zAv|-<T2W@q~>t#v9?uDRI4@p
z^SB8aE9?gx@RN2rF=?wPL=_FJqAp(-4uUp5DTHgar#K3DL4ki#EJB5F?ZQw%>ZJEj
zMY)jhXB%sT<juWM2EpryP&fjvGe{5!BFZB!o@0jq5Rt4o5BXjO?_F6l!2CTC&`)*;
zb)vY3Az6wKqLbpj&`?y-klv&r<fXZ^l*`{`WqBh@aJ@c((O>dpIeve1!~FQpW$?W}
zG6(OA39!7t5GxRi#@l#xR4EC<M?;Zz!N<1>Pooh=yH6eeZT$Ykz<&Dnt>}|C%LiK%
zM=eL(nEhM|l3QSVCK1t|Nyq+vSXgK^)vjm%?N}1?Ra9s=y;$Ps%~yUYu?f1Wu<^#?
zjWOoaFar=#6hqf#JItCe;}DL8l%S|3tHv<X=+r@#?Kc5D7VIQfIwE+i%F--)m(s9#
zY0{&3Q*BZBa?_*uU<(9;CQlj^J=2$E)QT7lJsTJ;Jl`%qQJY}&xYCF@7v_#4jM4cT
za}n)kS(b&maOdE&TOn61AGNAGFx6j~!`wC$W7J6NT*cf&ySqvGs`CqvzYEo3=SdC`
zo~SjGYP0(IWCDA`RXzLlYmW*?Zl$OvDEPFKUj62WyWp2VSGRar_tLMBrO@%#<Z8Rt
z>gpduOL<7z7;Ch{wh(Nk)C5jOQ}xCi0&Of-Q++IUQ{%>Z0y8Y`@U#$B%L1t@PQ01z
zYRF7IEUN@wypPKY=XJiZAQ6UO$%N;kXz3@B62|gEWVEGOu6L(Z74)*)?aukq(!5VE
z>?B$1y=3ZLqTXkEV|;qdtK8Iad{VEVLw8~iDvS_~K|u}5)&9(UI-kRn?FHd{Regww
zC1+mGI+j;>6N(v4MUKG)+qSKLy7>YZDmxkxT6J4AH(M{L`W1*rg`L^UXtUkWVe^lP
zrDsS+_cv)LZL6?tQ@c4+OgWn@h<LFxOa-yCOs_Wi5J_O?gb#)|Sk_39Df5lA!=lGk
zIEsk$`QDY)&Kvu1v=UiiSA|caxawz461nls$iP0YGu`J?J=ZJry)Q`CgVBV96W{&~
zV6pv1L>2>a5_S(@S;n)iVcR6A{|Vn(`z?9XB2Gj5aZ<08M~?Q>q~6B{xY=k5TjPGt
ze@yyN<1MA%@p_zVzn1R%{PDAU`}2=qqJLwTNW|L-mKY^I`9k}>!RY9bAe8gF={Ibs
z=~2@WF%k&b4DAKThh|%Q{!MF7Ffp2Jh;&;|NN}4<C^7o0P~>)e%Q$XT66R~+c9!+r
z77nC9oL3PYxwlEgKvY0{+56J3xvi*&l=-i`dJtiy$W!FNMi%w%NrM9yS@iuO8xS9m
zth~d*x*o=11c%02cD7ot@_Zu+07)6gG1`y}-v`M7>9!PQhZFc2T$QXZt7RlEyhX~F
zBZYu;$ddJKD|t;wD?vs;j#nwcDjUNuK;~p=G`-XXF^)FI>2?K=935!Ybok0hCu#&k
zGZ)lCNB#iaj1WP6l-qA%U(Yx1cqikrrN$!PF6mK?B#tKbC|a#_j3$9oM1(BrlN1L{
zes-s5<Gi+^ZHFNKYh?5|i9qFY?P`7#r?d#w(1Pd1H=G`26z&%XuLnx+!}`jAFSi@}
zQ*7Rj6<^h1S{Hj%P<<=mgJNXA$Bpd+aQlIB?95TcR8`AicDt|BCHX0;(}AEy(#-hq
zsFu|RAbxO_KoB5ag12Y%&YnGXM4rN6_;~fRyNBb$=e_Wb(W}>8hVDyJLYg@mCEdgH
zYj(WpO16xt={9zh3z%QhDf}evc{C?vB#-qXZ&o;-_&SJV#>#$%ci<TWW@wZ;R;`|$
zk3=_Tv{rDhdZ&95i+I0oz|In#n^{=qbp6=A%<25`$ug(o$B<=C`;Xk7b-dnmo}Fn;
z4;rqgiMGysUUD=0_-@I~<m2-tH{*{fOKyfA>u=smZqjQA?Vc@|QR}AA`WSSxGf^~a
zX6OSh<JW_{J$hl>H$u6W?l@`tT=G#(|8h8U=g!9$SG{4x+KN6?u0GR>-bcjCPsf+~
zdv31iHEhT=YzQ=LFf?osHVho?xMi;gzE{JGCsbl#(x#<jfcPoib5V>iQ4CjAyhgRo
zS7ib3jfEL<K1m*Nb>HaJB~q-v9@ZpXzt}blo+)pm0DUy{5CV9scnG0+i+Tv5db4>5
zp?HJpWm{)aW{~IIPPUfc#~yoa*IBnv9By^FqX&FXeM(g~kUHS~uyiGJC93n~;?%*r
zgW-ezgYJWlgZ6{w8?*JU%`Vl5fsaY#<|5L*!AYsV21mPMlanH#IJ=~9N=sy2eyoU;
zFwaa^rB*w?Xyo3T8&gG#%2Rse#|=_j#f~S(gRoKRmr+A%I(E{l>p9(Xips4oQ=Ct?
z99)Utd6hkvtu@u22Gp9WPrs=#Rh|y7F_oXDnR3hB0#3yac<s2<^?P|dx2~S$pXR8Z
z<(}TEnq{9ZubO3^=9$EO>lNjKZqp?GJkwf~Y`SeC_Kg?wbGl~~_qVc*U}L*3G?@!+
z`qBhv(AJl6+!n9h+RzG$yIX_K3TC3)Q%g@xH>b45Id5&HIo~sBdR>cc()6M>>UvX6
zZQ!b*06TQu>vr96*+;!P)<?>DjT*BBAGL*w@4_NZar33uH0oA5+g3a=RyMwjr0p`e
z7Jv6Hfcn9$exOcYXRuReY9KX5!ay)%+)K^5$*$Hkaq6jvtK?p;gboo?)MAZRXL3!p
z__3Vo){whdU?=s68_yPSBsSH{)3GkatFp#Ae^z&jBY#$NY6~)}I#mvtRh;4(#*O#F
zc0^Zf@~_EM5WPCpHWVA<<xoSHM?tdnevG&#ys2GHTBDv}<`O>|bl%HDsGf8N+YR6y
zLLMxUgEIrT2&(h<Coto6TKvMuPpiT5Y)NjO=kj$$7n*0`uZiF%3zr^KKYN3yBHJ^$
z2OQwm0Mj8IxW}|KDi<m!S~UsCG<`a0*%#~NrCDvAK{32}-wvI>Nvt}GPc&mPJe{Iv
zQ`0Wh#!K2R)!K{4F4fA5#x7f<oT*LA-HZWf?zLNm&DFG7C7Vjou-R(c$sy`8snvsP
z?3HdyY~=O23Y%TjY;vKSvwX9?o3nKDNjGQlW=QvOExgGeKG-b{V-}T}1SFYCOfI~Q
zRrm6!vQDJP*zB@FXKXU5ieeCDoeWQ)NZgFGNmcX;wn<g+x?z(l?`3IYKK!(%D-x1)
zg(W`zvbF?7R*+tn6C%S%|3oYaXvBWjD?R-*KE5%Xn(<D-m<n$C8;j**1iPP;-gT;|
zWVh&tm*p^--)k?(QGfy3a~OSU{>D_|<#?{cl&<Nuk70vS+WRp14=fBkEf`|*lzb0*
zZFm#ARXO?I_KLM%`M@W7Ixq{c!Txw)!hGa#@6RpfHBu**uzu?^lvqNKGL%kMkFp?Z
z!qW`Bc|$<#F9~v|lSdg4enY6Wz-ghec|)AoUlQcg>i}?R+cPpS+q@wn<LnJP3NUQJ
zk?{U^6tYdboyNN)Q1gYz_zq_Ii%@+t>C!o=QZp&GPuY4E*~xVSuvNXWCi}5c`>{;>
zu_*hoyY^$w_K!wNl(iK~ipaF3*9+H+y>w$6wFI2x-xLv#X_xD=tn*h3tCQc(x;*&R
zIdQ+Jl@<F;#Glf)!URJ|_cKAr39DTYykeo&fL{dPQyG6az0$MN)H$}(xASIk?#7ni
zhTodsir<poqThnw`+Bz-LG$O62s=&$H{3w_?rbdSsK-!Dr>BckOueVGrz^^;Fk3_>
zkY_a-<y5R+LU8-A5-z5RQmIp3cM)ev_t$$cuV0t|4rj5_0<57dA)f<-z$6$ZRp~{f
z5OAF(KQTd64FM<c6fOj2KY)W*9adKaW*318vW6nY#`Ow6M0W5GD}b3r&<}O6!c7GB
zCb%T9hg`IdJ=x9@%Qb_#(xzm)+ZBy^Yr14({_BFbQyZ0L^W3z&nQ@c@8^tAYC9-9O
z%~P{GAY6_rvn_n(EAUx@Z*y%%h{R*qv1YfSYACDLsn=M*ww$a=zt3=^7;i7VO4tZo
z7<2V0WN*_^yjJP%Zsz!Vo--6tPR$P?Cjz@)61cu#=6Ml&gl^z<+VI{3xGp^P&>6hq
zhUtxlBQ04^F@xg<{2Fq-?a{n^4xR(5ciZOtj!4*!QtS+DW;WFf?-!=(Utq>`=_tG0
zx#Sal+Krv{XFg#}iY{kfii?&NHhQJG!R{z*jJhpydkE3c{;pbK&2I(K9cCIlK)%pK
zf3;6oDZuGPL|cX}wYEO{nFMgaot^+%DC=(_3wwBK4J$_#Ez8n1WgAFX65d)I&f7Tb
z;yBC)%y{|IMA&Bo&HDGfy~F+df+NL)&#)PK(wSqHL<O6n9~%=^g*^77z{(7v9J_bO
z4*Sq8Vsg$R>D&FAote(@KRRYXbf~c)Vcz+!AUbTY(dmKI!=^PJ5X<gi6MUM9qCf;M
z0#p#Za0sF!2Tz`6R<*_B#Ja%mLjF^c^M?;m!A6)H%*}8+NNk7A>ARE0HJ3S(?qJ%^
zNv9iVz9VPe03_Wxv3VK5>z>`)!?ZD*xVQe+cgN<XPt}~LQN<&%!m_{FiTzsw2d*97
z`0jV$_qE=)`A)OXjOf!x?vJ=0eafoHa?j$*`b0h+Grim+csg7p&<WvM1gae*R<SBk
z6hHaj{ITwm7}mVTBG&g*Fgsh+^t(b9U&t6v9Nd|N4oBcjX=hqTQ2>Hrh+Kf83XTp)
z7@_s^!x=t5pa_MbgTN8zXGsLgXAeJj#4aFz4i^06$4lUt0^ybc7YC7flxsa!xm!9t
zHmh9SXfRuHi#29l;&x`E$}HrgR$Y;35-?wK_AwP=NvEPm!+JQiCjaC6^e^y5sH8J5
zta}AEUbB(+85vpYze`FMu(9nkJQ%%qsA`mTI?`)P-0dzDbbJ`Fb0`Y@_p16I^}tYn
zV1-aVTy<wB2<0K4Hl(w*cCJyepQ}$lTHdMJ&mV%&KLQ50dHmWkzl_5@#&xFQip%E>
z_wU@EP&G`;mY}T;xhAiyco2s>83$^J!%C04|3#C`=GobpYxKUNV!UpnhXJ?C(vyUu
z=+$PWXb}1rZgCg9#aD;ilACy_Xu(qW<Y-}rG<F!c$h3-RkrtP@L*#qow-tk4(_$us
zDMeo{r8m6HiJ2Cr8p3Fq*!tkM)#ES?P!hf}{u_B7?J@$sH|jjPagoKB^)br~+1iq~
zBipQ=p&7Na2d8MNR5Hw5_IPHZnpzq4`LZu&^8^<#8erW%!7U$6cqO_4>?zGi@2Rz1
zrE0;*?|EbSOD`Zpg`e1wbHt<wa}3Rya~#cubJC;+a~jP}MyM@wTMY?)Ax+paODZ<`
zN-yRL$<-8fO{TId6PR0Q-tD5ulu?}@Fn37Ab01qgoVEUDC{gfm%lb%Ba=Y`GCkQ_d
z(*`w|n!pA)DIF2VV1qR&(}7PGBD;@IU3FiTRuwH$^AdZz+@yEL%?$a}7*23_EGMO@
z1QvC894D=*d}G`#mNhHb3OcqjO@7X>ZGP);etwk7LOznteU>f)J1qWO#%h)s0*|V!
z5OqtY#kam#65-h>nlwe!x+JXlwsPrO3(T^t^n^)O`Oz%S-C0$IAl3(1+LOBSgeAPC
zo2(Y$WvXn`-St&Zd)dBsx5^me_jI5b>8GTJR|gRdhZq}TyX5{KTX7nucv1ZcBo=1>
zzb-hTfA^r;u09G0NQH79g&%Vsn;v5$MIdpZm;qnl`><?V%`dfLhtRa;%-goL&gZv9
zg)X!qS>ESXBw+**Jdvs9HX-4z0fk0b$}SFG1yM%eq28x?O>ITO6X(E?@nGSaEDwZ4
zw}voA&UwhBh8RcwwF7SiDQb+qbtTV?gRpU|bZ4dYJkKtPA4n2N&7pXO7vy*?f;KeX
z3qs?ll#%cp!t;Q!@9nlt(C`zGb_7d|aw)GN=~Iwl1bb+TWlwAVZAY^RE}UL`JN%Ij
ze%^9bzL9=@{`i7o(sv*i<IJ|c?SeMP8$gj)S;769_LY1yq}w%OY6F#ppGglv0aMw)
zB7jrKRE|6|mVoT5Tx2a3er7Tv0r~Qwc?TbUDKc7|ga{?neEni0GEM<i*#c>u=~3ZY
z^*){Nqf*J5G$k=kkSDr)W9ons#WCGly%;^`F_T&Y9R1f=My~pUPPG~3^@R1b2CI>#
z;p3kb7vX*lKjqoZ1La@%HI8DwWWVXxjC}h?zoyl5z8_f>eI1<R*_9>x0es&RBMa3X
zw_XI&N8^HP<as|sb{HJ89LI;=3)Wxe=0)!SGcH$hqql;;-Aqe;)d=obs^qxmD8k-j
zX^3kgVzE@oie3a3T;gUye*zA=IsX=!2|WXBakKZI_%$o@OCmnEam}(q$Cn3HJXe!N
zd@ONaa-wtfw3Xgml@r;`0Q)N8zNEcp7AITL$y1p7_xu`qFwp`x20A5pdA<^eP69Uc
zNDFy&85}WRiF%JzxUAI@4HqO#Jzt50js)I+&wT<sB%gP;XhDVozmT`O`~8MrvzQq1
zFZnfO|Fd7?K%V9*^*ne2XhHsE3V$4EOx`}#>V#T?qvVR=B&$wtH5E4;5hrL<gFF-w
zE(od#9*DRjSXPbP4-_OXn5^uLuoT>^vP{7#bs@1uO~g?YWUoT*iVzp<eHPpSBq29+
zk$MLE?@oO3bH4_S9K!{}LiU(!+c~EKxf!@mHt0-Uf&3z3M&R|+;KqnS0q*f26WKq=
zP{!lxBI*So<)44gujxQ+uJxa;E|H!2HO{glQ-fuK{KYtZj*A!lnqlF)WaoZOdc+%k
zP(g5NL<4_WK5`0BpR8cGGASaLe-mQKh{NVcqJ&C^bDy6bf*cp&&)=ID919dCn{bfI
z3yubIll@2inovR1Nl=?zmjLQJkS?E8Un@WAFz6Z|QeT{XgfQPAtTzItkZRf~^2)}M
z-t5J<jv(L*OXE5BYnnm3ykV&{O`uiYxE>@<)H=`vuVxPthpZhbZI2YYtOco$ZEG@3
zImptsi&a*aG@%<`x8tW@^8^&ei<U%_4f5d~e2c_{nhA2?jeCp4D9cG|^;U{OmYFoo
zMk;|O9u#cTMJEd;9qz)H??{OF7yKI8|N1q5->-S~U%%!*wv+Z>zvllxzed4VEKwe}
zkNlzcFeH~}kte^C&9QONA-6$BHk=VF=1K+wrL*q`$fZAWPaMATi5vSS?XIrffOMu%
z3WzU5FoQn_O-h9#>mbtwFC*iis-i?A_acFiUO?~c?aYm<n7jL#ef1sRd9uP$Ven$^
zlW)UD-_!BNxi#~L^os3@_$)Fgir<*UB4b-G35LjbVUR4)8WIo!<kFbwWv&G=Q)1nF
zl54?CgcVLpL(PvKBhBo9kr7Odk3tr-oc-DUkTk$9dkFmiDZ2rEUsYTdZ#h`(KKk}N
zMSZ5E5|{9t+l#4Pv&H-la<vM+mpwl5pNSR;JHAJy61#JnUH7$L3x6}MT){f0^8&IP
zF}$JliScFHuKqBaqxueCF=a`|k$OqkI=6;n0E3>CWJ`cAbo21-p65p4<8l5KNVfO8
zz?$#r%PGqV%a51o`mPUu@;j!_v9%*L!tZJ2t!O2z;VtWB&FhBn7WJ}NV<{uE@L^p`
z*8~#yp=b<Z3b!#1?g}skV{!&FXkjw9(bFhhLs8tu087(ZphZc=E7Ie)(O6<&A=B_E
zVq6YJqyDV$?Eo@>kZa|UF6P(*U;Y4FG0Ne=-pGdixW?1$>ymr+YS~%4I{~{?TLA?c
zD%lAV;{LI)zho#Z`1FvzwUv0Awh@VVg0|*9dl2Ah5MdFDt_7CjB`q`pAKEObD;BgV
z7!0%zq-bL?=$>HU^T<ZyV^{^HQO%?Jl2F>+8?wAf0$z@IhAa>ik&eu(3PMFS3&M6l
zX14$oed|@q3A$n-lZ14cTjoAK4HB9k65b%Pa4T?-nim7)A#E6hB_*wjfB703va}dJ
zZnK0EcMu>)iXI8gLy80+5CpRrWPBtf?qj|q=iTx7fr*OT?D*_p^Tp-}|CmFvU4doi
zF3FJtRWcTSjjT@)B^m42BKbSX{NfI`24`||rLTl`0Q#_2GWxUlX|oO=dP$B<4jT<m
zj@*HGs=&BGW2B?v1$PzguYC>r_&IAKYiK64q4Or*66IU*xVzx5-2Ke`)E{}WXlCf@
z(LFlcBi!ZPf$kk{5g$K!4!8Ez_f?i_WlCrAT$g<=?*eq`aE@@6cLq9lI7K+cjFJ_R
z77D2HDf1~hN58`_zhsPB(_xP@@IDpNmi{a~*NBb}m2a^s!ZxNG)E)g6^ftN+)D_(c
z>LiO1AmJl&X11fZqkbn`W@(sL3ABu9BMWKihajhYPF*m_;|k@nu81&;c>#J6-2`fi
zZUi+(H-H+*ZV1ft&N<cF*4S2#8J6bi)0G2_W2(vQR`?v_Y@==Ok74v6^?WN?(92^B
zWwU0JWus$5Wm{x@RU)s4QxaWFrcJ6vswwc;NqEemq)pelIAXYh!I9b)Y)dl6+)dq0
zQbMCk$BfFn$n=USk13SNnn|`$UL7YZI+IM0RDhIUz|N^_^nNk2&SHK<4+F;l#QhyH
z*C$BDSRJR1v6+&2vHK|T`uE-2hl2i-RRs)8{v%J|T?YpT2Lp#Vhl26*n$c0pV)4hu
zVewOETV7L(`S}Cpr84@1i50SzI)izKn%TDg9e)VBj^1FXRnXYVRh!D=K+w%7cHlIj
zeEMbB5@VM&V|==*op$<LTgLQs1)mVVQ}R^>#Lia06SfWGWRCZzrCQ}^>1rNFLHWLp
zvPlxb%!0mx8`V7Sf;d?*52|@?3if5G$=Z*MPV##R_B~PywIBH~Ng|$UKd`(|&Eqfl
zFuQNZ-WthOHK&ixVFxrN7AB~X+h^^t1D+DQFUUC5!8|1vB^WWZ>{xRL?An_b6I{a+
zFDO6Up*lsPJbeUbRbAY#Rz2{X`*z{CyYgaf;LhT}ossOF4#clOaz!n$Kl3<C2rA-!
z=s5=~(N|oYFdENV5}_M+SnOLuk(}qI8<U~Mvo2Sw%cd83wGXl8SctX@oq~w7R(7`w
zPm2u*;?=}Fczy@s`q+_N*44VimC`wLWoo(Y`JF0PO4m&L>E(szJhOrw)5{0XdFBN*
z>ig*2tUFvm4KXZrJj;U1GaWh8&9|WS{>^^PcTL3Ki<ygkq!{n7>rd_X?l<Tc>L>31
z8ne;ix?`J(;7>@rjVDL1Y$@1RQcH%!>S_r<LPj;lbhe7XxAUAvqa(GrO7e}1wMW-p
zokA=yCZDWjs+;`j&v12zS~l=-2z4xVyqF<L%Vb<Gh;QKG6T<0>DQ@5q6zc0!3-uiN
zFvEXUsIOn`mFLLr3`ut8%E~fwBagJu!@)kjTh{m8REPSkZ|#6*#T11!hWqkv?Xb^^
zsR|XWbqLRjX$S$=mmf6Vfw=XK#^g5g=m~YKcbLqQlug^egTbX2xYXk_n^utt+$_Ls
z;;|C4+w6#&O{*fe_OkAG15K$VdW{s#rqyOfY<1MklGJ4`ZxsYLIsV~B){trUasT&b
zVN>u~*y!0T%;{_vrl7W?HR3nQPbJW&uyt`3rY(Bc>BlUrqkc}TLI`g&=E2K5Htvrn
z$z|_aJGoO%XRhoox4pb`)17iQ)Bfx7!b_f)LLFb14_@-L3TbTj(ZT-h&K>kQhNYRO
zLumP12le~^EYT5_4A&t<DiMv0z`-ylI5+}G26phtK@MTO#2=qy8Nx`wuRCZVors-b
zF-RZENX9>zgNg1c0p9?Bc_*3VngdBLCZ?LQ19$F17?6NW+d(teG8{;hQ8V~DJc2l*
zbr4@R6r^V7AS0VdmN7B-A%ao3rUF6C)PR^X_&I#b#l%+&aln6Kc^^ni7U{tKWZ^!L
zK7)Sf+Jgv&4DO-9YoS-v9y_4OB{F9y4%tL9>ees_<jd*P=l?aoF{9bsyuy7vRRtXP
zYMJ}0=DkTvZzQ}AmcA2|9ryMu116||7%0Kif*2UjWP0(zDA(dJ2-;{Z&|=c)7UGc}
z$X%w#OeA5@SE{5pxy+53j;7Ym7<^^pwHRhL2{TO+b!3bc#E``<@{v^$HK7he*=56L
z`XOu!grRS&Fss6hP&jf^EL7?l=B*miI4y}68FnxGJu?T9V0VN)vy3KTV<hnuSq@QE
zTz=APo8GGGu>42wQaUz&ssrb+NkN0=l@iQ%CQmUZOsX0jt~|$_33Ce(TF6AgZRfes
zE*uPIV@kWy&vT3YQI5JHQ{|N@%#UH-C}Knp-(Fef@s$y8qipKje&(l2HQo6wK4AVK
z)EbF~`brlNMVh$_R22%MQRyP63Xi7YN4vL4BV}_b{aP9ZK`yOfSX9O*{w4kxPI6OW
zEDBSxMn3{6EE>~mjnTJg*0hJ;z(S>olVp^o^Lvzo^Ho%cQ`=RL3-EQ~Sb7N@WYp|*
z>RIM(L;#Q4)jJaR2>h@l0XZ_7(nZ|5)ZLN1dF@&ex{9pKwko7L?~+7pHAr<Y6GEzr
zqgi!r^(XaOv5eC7pC{k2HBC3zPYw>Rq)v$eRF$#wVcR2fKmfIsL=!UCm-T(vT5WFt
z8rn_dQ^yE5vAh8<WXz;1Dh=j)4tZPJ&4Gp(>=<^Tq?Y<=q;~g6tx^m%H>)PXpAAmD
zdDdf%T!lX=SJh)f+|8M6%HCw+)y8f^#NXsXB;0h%>odC_krZ|=V5r?8m_Ny`AbbSH
zDaBZmqs*?%$hoa{+c=2hHIWT=HDIbtu$p7Wu0DJw#O-<JXS<i_?)#a@_vTgWxlO41
zBe6Te7eOK_oXo^2*uCM)A)X5jNRQ;~hr`#R8#PTU`=9c`z6L+i|D5k5MAXOrJ*f}I
z!0YPIQk30%JDXy%1H*iKF5=dBTW#WZ@wScp7^#*~{fqGS7bNEG4*>tAHU3>%BWtdV
zF8P?ET(MorBP`wcl47S)veI`Y4NetgW%miIrpj{0oCL1lVDpfBI!M@rRRIfiUo4g*
zDHfYER+FaEC>Hw*Vx#t*U0q7pFh9lX3}+_rv>=!XRsk?(f|%Xq^tU#Q$>}C`3F&vj
zn7Zt}PWh8g`ucqEq4~={l7WKk+a3YDh(?X1?BhkEx{UDcF9~DMv3pc2X3D`npI~=M
zAPQoH)<<hklx9@cYh^<eZKT?3Wl0odv~A176?NMvy2t7|(MXkH%9~2|`l{A$D?K7j
zBbRO~ZK7*NNVaW>0CggMqgI=A$v<xuvs4VU_f&7Mv%e6=uIPJ`YB$7Iz1`04Yf5C6
z5^i8S6jik<V6>aS?kh+1k~+%lp{=^yU-}h}c0V|c<BVHc!FoiBhV1QD_(Wocy=_)F
zMBIjz7Ce9`218Jr6*>`LrD5<J40e)Asa7jwA|%7j7OP{zU4vHhwgA8(;Rk~t^Mm2N
z#r=aX2On?j`R(|9uJ<+(eSg*b>U$A$k@v#p!taHilGpX6x}Iv7Ucn9AdYsYCM5vc=
zRa<T>4oh27Pop;P=4ecb79Xqp%c2ygd}Xadyi?+Yt}eNr{B140X33hzXq~y=;8Zy^
zEH0FXEO>+Z+}DF$0M7_p^*_|oJ|(Qt533Cs!_s9-FupVznWg`_hBlv&ro77m@PrV%
zoWuc;O}JBLXb;FDbkSF>wn`^_RW@P!hMi5{h^HHiku9#w&;}4kc(*Lg8W2Ostq-fV
z72p9Owf=b=2Zlbr;icBdBfWV8X>))d;ig`WfwURGhp?gazA4}~VQ#6#Q<R3t*LrAA
zY268Llqz0d`aR-L@($d@vre~Cbo<X(jFAPkPmIbPwAnI7x_{yQ+}zhyhjHGZ%X{7+
zUc#ti5>)^fp=Yt73V@xkOjkAEiiJ?NctYuoDyzOWPXd-aD}J$|B7mCkdr_JKfP&CN
zw^A!u9zaTHq5GfpYh1CaSVGj|ow3STiVA`<LL9LmEcXkLGH3?~ZWQFC)Akau>*T1$
z+eA|9d`P41AYduL;ITdTYy4PN^D(&OyjTYFsZ&u*u-sTG^K(*Aj3axsucd?-Mz(5i
zD+ja58MCx2$LmEFY11du7A5`kYp$_i<YO?)Nw91~auQM0u>@HLA=HT|s*xtzuM<L)
zBQ>?Tm4fNzXjxE{;uRu=wIT5^N&^Gozu?zIBK#V2r}c-U2;w62^E)T3Lmy@6=i%X%
z3OyRO)wkohl`N}T{zU^-64s}|9*22_$AgSpLn(09>}c!(oKUTOc?ZUx`M{IdrOL=x
z-1~tyv9}i%5hHQRAvMshuF4Pzf(q<a{Fxlb02IDDzZ#T>8jCC3*g6C_Js>NfgH7jG
zQ51+zGdVqO1;dKCdE5&9d4S!}HiUDUNe-T!Uj@SMqWDvh^M@b)<D~5l&h0swN2!`C
z6r*<lw_gS~nn^wSsxiJ%xU;|Z!mn{o+_d8HQz4D<sKSkxBYRV8p6ey_w;_=wG=z|V
zlE+R8OGV^*d3L(dzFHh(%E?dE`4Ig83$lL;j3R<nR)zHM3H<k|*W;s-#if5ar}Q^G
z<=;J>D&j4PD)|D<{Szns4iXH3Go_tr9d>9PLjDB`Y&beWc?hkaAI|VOgF*<74je}q
zFc*rPKl~U$dmS@BK>3OMIar93vzK7QF@;+OLL5XU)m42Qm6k@+*>e8UyJO|bg~LT3
zb?S<nM%C6SZ$~xCI%*z{Y#p2u_!^J+8U2;6uOB}u&W3Yyp?=N+0DrOkfHRKbn1J1F
zH6v45{qg8A4ValHy?J{&lijN>3~)-^Ulpoou|BWBS&jc@RZab+uh+B95bTCsZ>Nx!
z9mI1(_YTc$dpWP~!Bl@~6?LlBl=}i@tK~TtoaraXi3o4Fd>t06K=*@ajbJFk!W%AM
z2P488E?-ZYXorQT5sJenQKssq{O4G~m5)%}*-3C7LY44_bk^2>YILU<PS)uweU0>^
z<^6i^nf^~3C=8unTV~)-X5#PM&Q;9zzta*&_n?Qq{@=AnJ}Y*@-KsU87pG*?&pwW8
zJL4sBgu5R$G$#mlizG(vjk2Gel5#uq3KxHK#p!A@<)57!l6hgIPGn)+)*DE%vh%`d
zv8Wzkl+z3h@V(X>7Zdb(VNmQV_zjjGVBl#X67apY8y6E;A;k5dMQ&l-&_yILBIE20
z*2jMiSSffBfjcLI&XpVLJ=n&!I!L}c2>Vx0sORdQ=k~sc&jHx?E7*4r?7IW@{S5Z~
z1oqtmdtTL5T3000lVw$e>WYuWc54Zh$oCbI>^(6qNoJLMWQX8y>YyA3z=mZ)LtEri
z5r0Y#6DIUjI)sQn<pjZN4}{k)=oi6%XDh#xiQ=!jR;p8)>6)giF6o$@-oZacjGP05
zz=Q@a75)XJ5ODoSeqw^C8XQg-QV6(yCWr^ZF+pH<5g6DT&NuYo0K#5&W(7!aot&uy
z4Q?Wci|~wJti$j3B1RVB5hGX6R+Fxt`C8SuF-G?a%4B8V<&tg)UyK;Jl_gH`V>t<U
zhGOff`61*)V0SS=*c}Pn2G1<_%n%WE`u4Orhhv7&4a>KkV<9$&W);0Iw5hFc-pqro
z{>lu-F0$)9XWE4&L-T23c=QH&Dm>mv`2h#a503vCE(?pBeYlPGfa8=${(wW-WdUh_
zBl0o4-{UOgB>OG3Vt_mSoM6)@-yK$-i%s-b`$RNSMEgY`91J&;^Cb4C*Y&$1B;fuF
zju)<fOS9Sg=FuAQ;e8)?9MBmVsYd)SCW*uQtB!Xa689Z?%HY8`okxgZoCgQ67=tfq
zN;Zs%>AH3|)0OO&VZk`rr$G#C#YRSb@JY<`f981!wmw6S#qn?nvc4iL7;KFS&OFON
z>16b9xtIWj1w*a*gkd+3f-~Dr?*ew(dAM9mV1?k<$>%3Pv3>IsNS%m`vo~b^lc{2E
zOx<9Iio+sB&1bBsUEtI%%9PKEi!apWg}<PgMCP1$rkQx=oLHurSmvB)rkUt;mf&B{
z#L^L=HAz9u=9x7L0DU8*QxShkj|>+KA>GdeA!jJO_HC!qUliQDF<?f*T;jd>)5q?Q
zxhTKJI<H(`QCSgPVOt?z!Cv{^aeMLkK~*2Zj<Y{>#lWL;_LVaKC1TRl|2$zl2L^!&
zCS0dz7mz~0^&>gQ1W`2voG_#iaQ#f+4@6*s!0aM0sNnMja%?z&nCDgy1k(xZ#Rzo-
z!%YN!5s~qWb^M+;<|vvC+ctW>a~di2d<V8|lpM2Mre^)FfW>(vuGX<*O8ufc=4!7o
zT@2ehIt~B-QB{Qb!R16?_e+AXJ0RQ!&n)-M5D|6y&(0oyORXrKg6Bk~3r+L~AQxLI
zqW!`%)Zk|FGugTj{{K73qI5oos5$=gc+)$~I8}ycvk5f>U5QIzOrhjqA(18I(C5_0
zKKv`!Y;Q=%|2I3c^>Nuhg`ZtU1;Z8xTD6cB0ARiOB9zlZP##JwtA}oI9@c3lp>PSj
zh=6cO+s^|4JT_khJk7+3b@I>+h24eqry}PMzx~ggGFJE8Zk3`hxFs(_O6H{WxN^F`
z7q0K=-1)9+CZYG~afyM(SZ3k+8=bwmV&AP%5xu|JiTzsw|4z(XNw%)uUwVxaXW<Zf
z|Fb&=L*PtlXIdu|W}Pnz`UMIA9GzAzgx1dwXZV~!K?X+$jw1}13q{T!{xjO`C-UcD
zAx_R-0)Sx(697d4Ar3rq6px}bBHw)W=|}yHv6t)m`8tleUyG+lP1hN3KWvnn&E;o?
zuI(S4{wIQI09j%)gyZ%}zwQ9s#Lq(Aw8hPh4^1W=`b)^FOA5+LXiA+rN(x~!knTTh
zPFG9TCv|>Cy8U}q{m*(}Kd^!;AECO_6Ics^s}j+W&f3~fjUK>*<o1^Jtj=5BFZZ75
zA8|k+_-o5-A%c61lJNn_zjb@6ZZeTke9}!?23~EM?t8boB5b<Cb-Ti@CEXjQjtW1G
zx-B^j@PFCtU%ciW2>tqTkIK!z=@rFCk9(ps3%K6({})fUPZqadbrLT?k5U4J163rC
z99|N1*X_Rg)I-?Z{}pzklby9ux2r)JSQD`OZSmwQRr&D=crMV+Fi?8p*hh0Y(D#UT
z`@Lk~(AY`uHltYJjibZFh3^L|*!CwzgAecCoX@@-s3IEhx+3R<{Y6VYm4DyiHw7xF
z0kl7$#!p4^aSOrR`{9Qz_ot2)KOKJS?5W$mvK3p&>IeHI&8)_<+QP>5!?)hayG%XT
zr5|!k*X@epl^<8<a0CVmpUCN-02ZL17+xIrRvtTAE(Wc%41C*TYL|qj1gz|=m|p!*
zH}<rp56|oPj={;|0u;M_gBZ<!R`PJ?q_ETXgwz?@PzxP8#QE6czM6VW9+h$&xR={{
zQc<GYqIVlJkjOEy+xECz*)hOGGVGWG%1EUEVF}o2+K28Ra6p$24h|%fPTDgMKApH6
zOa?L>?Z{=9MnqlTV$!pR?u3V)w82VQdkL3JxP0&H^gNhcTN$7#@;p91U^+HD2}O5>
zeOKj`&dC<S)NWVYg*H{VuN6wFNtzC8n6DKcnoIiU-&lnyw)&m7@k$Nn+Sm7vTYJP3
zJGGGAZ^|cE^I675N7%|8)f5h|JC5>$Dc9n))io#&pu6r9K9Gvh$()m(&yVJgK5@7P
z*sV%7sf!GM3e;8?cU?<9et(kP0&4009(as;Ja97JQWjX}d0cg(cgS}Wx}QqZaI(Sm
zVl6dL1UiqthQ4N=ADDdXdr1C%xJ51S8wb>FcwlFI<o&mo?rR1C4A7|xf0dSm0FL96
z6G7-gwtkwqa!XQxNPbJ^vHIcOuE8+gE&2gx=-BS~@O#xjHmH<+zPZ|(dBKS=lxgh~
z^vSDl=7A56eU8`#!dnuK^L7p1LM!r5lBl#K-*M$rLCn<yMWOa<k{Ty+hg>5tNj7%h
zLtt<6UTe_^WP;A_vaK16ROFj$1ad*~)&f;q;*SFkvxg-WPq?9WhYD*{g;WJp`6nXK
z#9fV%ha-|ICn|?ZhvmC11t%O(ufvr!@8K3jn5?#kFLzrCVb8zq3&~Q>7|sgFcwAh-
zQ0rs;a)ils?PRc&kz!4?CA+!sgb((~o5W++!_eJ(lHQU5MlC(NDr@cqpR#uqRj!V}
zzO}It-`u~ur_`B#{B8hx@||vvVUKT5WKV<aA%6;gKmRhn#F`JpdML$Oy_4xB)!IwQ
z*Yr70-#~4DNF&6z;A-Ka(uQosAA27j9eKX5mmF?}KvlnI?Q0w!E4r_zJYG9c9muV7
zQu&loz^~@0QDN^}zLq@V3>l9%yFTS?tfMYcD7M>A$x=IN%vxMX=eqW=<$!99XJ_l7
zNMAPp$q+Ml;Bacd>ZgahP@ckp0smbk`$LJq;jbe8=1Jf7-ugL(86Hmv9c{f=lsv|C
y-9}&Y4iJFuSA02vq8_`Kw`3fzWjAR+zpJo7-y<O*otz-UlT_sVB!(6=r2hv{fc!B4

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
new file mode 100644
index 000000000..824936194
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
@@ -0,0 +1,390 @@
+
+from .error import *
+
+from .tokens import *
+from .events import *
+from .nodes import *
+
+from .loader import *
+from .dumper import *
+
+__version__ = '6.0.1'
+try:
+    from .cyaml import *
+    __with_libyaml__ = True
+except ImportError:
+    __with_libyaml__ = False
+
+import io
+
+#------------------------------------------------------------------------------
+# XXX "Warnings control" is now deprecated. Leaving in the API function to not
+# break code that uses it.
+#------------------------------------------------------------------------------
+def warnings(settings=None):
+    if settings is None:
+        return {}
+
+#------------------------------------------------------------------------------
+def scan(stream, Loader=Loader):
+    """
+    Scan a YAML stream and produce scanning tokens.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_token():
+            yield loader.get_token()
+    finally:
+        loader.dispose()
+
+def parse(stream, Loader=Loader):
+    """
+    Parse a YAML stream and produce parsing events.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_event():
+            yield loader.get_event()
+    finally:
+        loader.dispose()
+
+def compose(stream, Loader=Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding representation tree.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_node()
+    finally:
+        loader.dispose()
+
+def compose_all(stream, Loader=Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding representation trees.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_node():
+            yield loader.get_node()
+    finally:
+        loader.dispose()
+
+def load(stream, Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_data()
+    finally:
+        loader.dispose()
+
+def load_all(stream, Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_data():
+            yield loader.get_data()
+    finally:
+        loader.dispose()
+
+def full_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, FullLoader)
+
+def full_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, FullLoader)
+
+def safe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load(stream, SafeLoader)
+
+def safe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load_all(stream, SafeLoader)
+
+def unsafe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, UnsafeLoader)
+
+def unsafe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, UnsafeLoader)
+
+def emit(events, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None):
+    """
+    Emit YAML parsing events into a stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        stream = io.StringIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break)
+    try:
+        for event in events:
+            dumper.emit(event)
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize_all(nodes, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None):
+    """
+    Serialize a sequence of representation trees into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end)
+    try:
+        dumper.open()
+        for node in nodes:
+            dumper.serialize(node)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize(node, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a representation tree into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return serialize_all([node], stream, Dumper=Dumper, **kwds)
+
+def dump_all(documents, stream=None, Dumper=Dumper,
+        default_style=None, default_flow_style=False,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None, sort_keys=True):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, default_style=default_style,
+            default_flow_style=default_flow_style,
+            canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end, sort_keys=sort_keys)
+    try:
+        dumper.open()
+        for data in documents:
+            dumper.represent(data)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def dump(data, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=Dumper, **kwds)
+
+def safe_dump_all(documents, stream=None, **kwds):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+
+def safe_dump(data, stream=None, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+
+def add_implicit_resolver(tag, regexp, first=None,
+        Loader=None, Dumper=Dumper):
+    """
+    Add an implicit scalar detector.
+    If an implicit scalar value matches the given regexp,
+    the corresponding tag is assigned to the scalar.
+    first is a sequence of possible initial characters or None.
+    """
+    if Loader is None:
+        loader.Loader.add_implicit_resolver(tag, regexp, first)
+        loader.FullLoader.add_implicit_resolver(tag, regexp, first)
+        loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first)
+    else:
+        Loader.add_implicit_resolver(tag, regexp, first)
+    Dumper.add_implicit_resolver(tag, regexp, first)
+
+def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper):
+    """
+    Add a path based resolver for the given tag.
+    A path is a list of keys that forms a path
+    to a node in the representation tree.
+    Keys can be string values, integers, or None.
+    """
+    if Loader is None:
+        loader.Loader.add_path_resolver(tag, path, kind)
+        loader.FullLoader.add_path_resolver(tag, path, kind)
+        loader.UnsafeLoader.add_path_resolver(tag, path, kind)
+    else:
+        Loader.add_path_resolver(tag, path, kind)
+    Dumper.add_path_resolver(tag, path, kind)
+
+def add_constructor(tag, constructor, Loader=None):
+    """
+    Add a constructor for the given tag.
+    Constructor is a function that accepts a Loader instance
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_constructor(tag, constructor)
+        loader.FullLoader.add_constructor(tag, constructor)
+        loader.UnsafeLoader.add_constructor(tag, constructor)
+    else:
+        Loader.add_constructor(tag, constructor)
+
+def add_multi_constructor(tag_prefix, multi_constructor, Loader=None):
+    """
+    Add a multi-constructor for the given tag prefix.
+    Multi-constructor is called for a node if its tag starts with tag_prefix.
+    Multi-constructor accepts a Loader instance, a tag suffix,
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor)
+    else:
+        Loader.add_multi_constructor(tag_prefix, multi_constructor)
+
+def add_representer(data_type, representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Representer is a function accepting a Dumper instance
+    and an instance of the given data type
+    and producing the corresponding representation node.
+    """
+    Dumper.add_representer(data_type, representer)
+
+def add_multi_representer(data_type, multi_representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Multi-representer is a function accepting a Dumper instance
+    and an instance of the given data type or subtype
+    and producing the corresponding representation node.
+    """
+    Dumper.add_multi_representer(data_type, multi_representer)
+
+class YAMLObjectMetaclass(type):
+    """
+    The metaclass for YAMLObject.
+    """
+    def __init__(cls, name, bases, kwds):
+        super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds)
+        if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None:
+            if isinstance(cls.yaml_loader, list):
+                for loader in cls.yaml_loader:
+                    loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+            else:
+                cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+
+            cls.yaml_dumper.add_representer(cls, cls.to_yaml)
+
+class YAMLObject(metaclass=YAMLObjectMetaclass):
+    """
+    An object that can dump itself to a YAML stream
+    and load itself from a YAML stream.
+    """
+
+    __slots__ = ()  # no direct instantiation, so allow immutable subclasses
+
+    yaml_loader = [Loader, FullLoader, UnsafeLoader]
+    yaml_dumper = Dumper
+
+    yaml_tag = None
+    yaml_flow_style = None
+
+    @classmethod
+    def from_yaml(cls, loader, node):
+        """
+        Convert a representation node to a Python object.
+        """
+        return loader.construct_yaml_object(node, cls)
+
+    @classmethod
+    def to_yaml(cls, dumper, data):
+        """
+        Convert a Python object to a representation node.
+        """
+        return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
+                flow_style=cls.yaml_flow_style)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/_yaml.cpython-311-aarch64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-arm64/yaml/_yaml.cpython-311-aarch64-linux-gnu.so.gz
new file mode 100644
index 0000000000000000000000000000000000000000..8cecbb872c866b85e71bc8ad165c0cc5438d443e
GIT binary patch
literal 694195
zcmX6k2RzjO`{oxZitLq$GDB7lm7+=6dvheD3uoPtBIB~MIY}WiEBow~ab%oL4wrd2
zj^nuh=YIcQFYkMv_p|5CL}Hj}sQ>6Foy|ePm&d1=&ISe~-oIvb7Nx!HCuVqG+PL1m
zbik{%Gg`&Q^ogg3A18OzosaeQ&+XE$c#aqkUT<*owAnGNEdTX_o6%$Ioodl9Z-$ua
zgYjo|50<X=$}%zI4g*|=oYBIr$I}b=IFZxI<zSpT8iGQTkhrY$R}#gmLyfvA;y=%B
z?3}Zgt{-?+eBSQ$Oeai$%e9T>`Cq#0im$3#Neeyjw=Thq@y8Tx0h+zzr=W6qX{^W0
z_k7>Khgb4)29BROo=PYLZFp$pIfe{6G}~;pWS{40(GMLcpK$AE8<X$E!+j&8KH8<a
z>U5hGFR-(Z$qz($pUKCCT=)sq4_HeO#TIuWFrEV<cls`<zN3U2A66vcDAKRD#_<%)
zc1x4h$<Uzum$?sWekrM8x(4hI)j92Vc33cV=OAN(sZRvXBcI8cP2@j<p^fAFTQ8^^
zJ%PNDy5j#FJ<FuqDvr71Zk%Fgd2$8BJRm~B(-OJl*J*Zc(tys<#L?dQY!gIB1EZ%=
zpqcFb37*2>Xs)o)py^vhXciwtv@p<Q(k^n*O#Vj$X9&g6ETU<C3eot{v|7>Z#D)C@
zH~7Pq_s@3b@bc#HE%td{lKJAOS#3H00nZvDn#JynWG7-b-t@9LD+o(B1$jcuwi6-`
zWnCcH9b<~Ws|p1}F%3dG+aVCW^#d@h`f#jovTwB*Zs$7_I&#Q`Pshx09i<9Rrm9hT
zC^d`Ok^5`f$9ro850$bsi<Vp7&>p=GZy|qlX}Mn6%xN4~aZcGWS@BH|)5&L4;*mzA
z9C=<$`&GFHbaxty%#`y-H=h}3EZk@;uc~l66<DB5T?5Yw;I9-5TN)>rt3V<9o#7NN
zWaGb`g2rvsD+4bqdb<IR@u;<_Ssc;pQPs}@HNCOi`}@F3L`|`Jt+{qv8g9R*LrKlQ
z%*!0Wy0!Bn{;f+<l>(Ffdqf=8!rgO^V#@Zb7Q-|>vrs;Xm9N{}^<p~dcMc+t3kC)6
zUp(<)d-IbL?i|;m*($7!HouEIYy2bX?IcL1_{M9Vfg?eizB}+AI%hq%mt|>a9;h7g
zOc9AKZ+d5>*@$4lrLs3W^lSm2G>#~elh{X*b>QsPIZ?DNQ#R#~gD|Tg*-ZUk(?l5F
zmkm3$ZV!JGf2wBZ|8ZtDJ||P??SXHZ=GjM`Gs<!(Wma^XoJ+(WYWyQ{Flmy<+9-#D
ztGkbwv`>WgzT6%-31TB&V>^Ot3}DS8Ne!cIXxhl#>ukZ4zxFL7qG)!tSiLueL2<YL
z`L%R3jj1m#wjOd6gmmV@V3;;oNk>zU;2ze87oEg*v>>!(TDOT?F=RSjz<o(li6k9&
z=CTF<Ta?`VsSn5A#N#w}enW<>lEXtPI-vjE?riR%ZRu)*S9LT!eUrA}71<=@_i+Yy
zv9?<@r=Bekq7h4QVIqGHr#y}f0mtgh$-VBScneKn?U|Z7Y0-Wk8{0&^2||0p6AmbS
z^;n7{lXj~5BxPJQhw^rZ5Y_?O_UrACiM(Ck=>Rj+h%M-I2nktj-MGr6x%svim(13L
z^yfu;3oU8=TP&Cq&0!KEFDyS_kn`=Gfkhsi+>=`hzoMY8FfAGpN7u>JA($iGfy$mT
zIB=e3=YO^2qAsD8_Sf6|=rt$2+mdHWqRiI*7(WO;uv6Rx>q?y-FjGneoR>sv6L)7<
zZbt+$kedZL4cL@-xg!i*u|N9y1krI*(EPK(&Vtp-5KrcQgM_HVO5C~8$PB2=%OyO|
z%{fJFWw?ESJ+|c&q5yoy6=qtwTe}SYv@l36t{Na$|C|{Sn1pI&xlPOeLKd8-;bmi7
ztXI^)sy~s$2F0#W9&M02mLwu8$Ul9&9L_X(GLOo6=R0?l7YvU#vR}Z{a(>9<e3%HB
z%;34p&YBK$#AViHlF+UMVS?+DQz<#NH>*c-5^5>;TM*1b$Px5d5>aXjBY8VC3_7T}
zkam~Bs|3eYFol<sGQ8Ba)c#!p6+x=c91MzH+j-`y9ZB+MAJ`{o4;ai`ld%0wZqkZJ
zRNd)=e)1I~j4IuP2$%mPTe~fBrsY_rhdl9e)hbS>5MQKksJ4>}U%_xUgT)D)9ILxp
zDI$kQPbrU7>~dPNNVD6I^WhiYD!xa6U*27X!rJ#2U^PFM15+aV(<y!`cHaliL_LHf
zT~`ajyGlh8>*sS^kCehc$KrB*ifu3SkLe&^u%kn4joZ38od{Yne@}Sj5o-l4Rsp2a
z{uHxR%y^{7Mt^^9Q&B^a@NXUy6SKRdnzoI89^IE>wWj0adN0E<Jn}ZSLM#!|DY^q5
zM6=)00v-RZG*zz;F@H`im1%JZ@O6fTc<Q)lelFdQ+_<V;SSM>}VJB>D!5LPWTw=oU
z<8T~<xi|H@9+A8PxvE@~@cVVh_};q62an?7BJVENnwpi#2G@YC%Ga7z_vIlT9;p~b
zdcRBb=&1LpayGVoUDxGWDsGz#lvz9S>8(ribo}0_{JxUlVsdbhFunI7;d{a{bEELb
zv2powgfq16*EWB*mjk~%o4n1-wi?WsoSkczN-*ZV$Ht$s!PnAP#}Crmyjm0T!U2C0
z_`eOwk-t<{=Kh*s#=w6B!@dcp-<SIHYE^F?r($Yr)$FEDADyb(UbA-hzal9f9(g-c
z&N9SNs=VDf7wMP|W#0==#8y=AZ--VULyDv}M*3<F5?pXk2gt{k5N>EO>>`-1v`C77
zT`4~g-inFbkmk`_|MJS^wU4KG(`#5roz}ad+*d0#<3J=C(+@+w{Sra>u|a~iDl=AU
z4w}%UgyXYTjJ#bhb6UqUoofk!f>H+GZW~&exU-bb{%wydTIUfE>hCxGTK5|#Ylr%l
z+wG_&S^0UTrw)3$_rWBlsHFY|`z>RPnd}BSbfn{H*`x3Zg-A8|%Bz*t@JT|^y3CBd
z&NIrl*K|)t@pxk`9wVNQ#wueICZ!*57ViZl>_mV3xOB8yUQ!$<!x@43i1aEcE3!u2
zG#p}hM{j8x;-UVMujQ{yu&?TW<>@QMwrV0~(5c^!4Bj7S75pupojx8KGGFMw+Aozl
zKKXLkJg;r~zhX6eLdMRYhPM^=A!VgH(oJ6VZ1>w)%_`r1HZJ{WJkxuAZT_M@`orBG
zGk+&voAJ`|gb%ToEl=$qeDfRmv*Pb;Ub)^GsNmuBX_5<)2vr&wCpQ#nh^_DyRZWau
zxX>?kwPpolDj$0*U$a1i*RdyNRqgi_`6kl}#zej)ui=(;t(s1KM0fvsy$P)2&0D``
zp3wAbqIvp99m!9AKN0I5uypUFJ>(f3SbKJoxnP%89w*Z=P?Zr~x>0`>%=Mg{@q!pD
z&-c*ArEZ#GJykx+xS;<EN5c(6EARwLWI(>Wxa>!1QJGz*38g*_MEQOEFgyKq9>=%w
zUI=G-h4MeEx?$^3T>PfIbP7+NqDeuBPwMLZohQ>D)RkA1r3Ly^)42+Z%7QKGiW+9^
zExm#tv40hBFQSn)BwHW$C@Pz}ra<%N&40_Iv<zFIq<bnIC2gH)>i1MKyD+zm&G<DU
zzuUd__nad~L<e%-WNl3UQH_-KCE~`%V%pXw9)^(4sn}e7ZYwDf+ke&cLq_r`;d<<h
z@fD>N-|&JYDT0051T3(pf7t9B3RnpFx%0x$*av6*fE-xaHvXwDEiOmAPfgY<;;EFq
zE#^w$kh9`1i#_6YoXQcYZx%JQiAt_&(6To197hTiOQ)zB%V*U#DK?E+j|9^YI$b!g
z%04tziOs+k|A;b%;4V02oQJcfnyJX>$g>G6Aq1g(RywD986F#AH4c7zy@htKcK&`h
z`FlH(*Ejj^_rI0}F{X)UbJtTpc)Tns@;<FqIsNo1-MNmWYVCba-t*(@B*$^Nk>n3~
zZ&Osq4yB`eii>!3i#&HUinu4_wRp-30pGJ&%_53Z&CE<9QjtMF+N`<VNsL#`O}TYn
zBJzw(Lg4NWjMpj)1s%-a<7CV)D?sHM@_rSev~|`hZTdxwdB%0Go+{c*KBr%qP~~<L
z|5YK}RVPzfB4?Q6v+`@jWSl$n<U-Z0_!)t#7cQ0ID_5j<{6wwIcz%@1+g&cRT>ojw
zV<L;lg4{5)sSkF5hp71@OO&_Ys&9R6nZ(zWq5RyxS(<}B6-R4N9)_E<7W>Q(eeg(?
zuWjbGt&5ixYh-;&Qb|o)>XOzSd{~|)RU-LIVj}tni`lrVb3?AHsBn)oKeuf3n4{s2
zOpky}yFlTdOTUNMs;O<H?)a&xsTYr|XQ9>kC&f}P*AX3*@4o%=+0k2%$zK0`9%!7f
zvxZH5Ur2YKOZ&aqvadb$7s9!4K2@mfHziDO{vNl?3T3hf{#*B$vIajq|4dsoYCX;c
zYd*pDAr`HEW0ThIM0yiqPgkZeE4FCb7!!i(YA-m84@pXnlB9HMEl4Z|G_PW6=;qHN
zNHq^y<F@Rzb9i>foU59RTK#REe+4lHuiqfteWvdxAw1m;Wj&f!BxD}YY5i4BiK9(F
z5+p8qC5C#;OyTAjnl`Ll8y~cCTCA!$(IKaQuS!dDnoX${oP+ik%XrhlVi8I=7Cp<W
zd|05E`&F9mUv9?5Wgh2TTV$P5!>}G%<|n0vifHtA-&jNpXaSrdn~>Xd$c8qu#I?mT
zf#rSnbLzpTE3O&_tpa?u*B6bz8J=;WXvZUQS~ET^lh!AET2EU0d2J<*TgG0=U+n4F
zi4Qe!gd*q{bZO%T6=yO+y&aD%X}z7GF`?crM}f2kiXe$a4L;PP))~HeiNzp3lu4`6
zd4qFMo{pfd;L3wU)$5%2=68dQ06W!9L~6RHNi`*k^z32l49e*j59^VHYl~^Czv2nE
zPnK%tLUj~O&Vh8PhvY=aY^Fo`7ftC$sZ~X`-4k-c_FdXRGHw#u>5$H61<}O2giJ-+
zh0aYLW+-cw_vM|-qxFCX@ZamPfH7hw0|*aZRn_RKGaB$~48=Q>)-LU+xGqR98d<>3
zMKYhTVK*-AbPcpfO)E7gpMwe$TFhIm(kT42c+#bl`Y)lWij)n;rY#9VW+~l#FIlpy
zZb0kW;+BlI4V_lZnmV}fd3oCW9z!r~KiZf!r)v|;0zE;js<JYGBBvr5f~Bf346_}Z
zm~&8pss-^yO&M*^C1@IQhOsGToYG8(JpVHX!V2XRU_Z~f-?xvyv?Hw2lEeV&+BcF~
zl$w$M&CnDxXod*IyPOFyg5uUZn?qA84tP0tx~(Qr@{1c5Au~6+U9f8$JN)^z!V200
zTJi=v9eZ}y7p>AyWoQjxnd5L;GhEfN{G!nmlp9F%D!eolr*K-$4AtldXNK1PBztr1
z91KuwN3=5+KD(ibV!U#j8m6Z_J2e9oaawt&;DU2U;;wcQi;q;!80qG_k5r;zlSj(5
z^3G>Ybf_p25S4O??bhWT;o>t^sD_oiCY@F?3D31-Xj*<wkGal-!Wf(a98JST6uSBL
zy(;t80?PxtR*#Zn`Qx0n^%kI+HhhXh3(|xW=}^hzIiEjP9n4%?OiByUNBz`K4?%{O
zyBudpEyk1rQ6L6jVWIR`0U+RRGtM1Qeq;@uZEttWqt>8ONJ(f<8pV$m?SMlAO>@S*
z0nu+iO4qDo)VvuK7wTQPZNv~PUnS4AV=-z01nB2#CpN8wLeQa-rpkF<CzImTCnX;Q
zt-=dJCDTJvsioIsBL;{u2CcR{Z>?24v7oc<CKt02MMsb%JDEk#0a$6My#1M#;N}cN
zaJlap&knaAY!Ya#sk3AbA3v?I7sNw<^{Yec<Knb-1N-VGtxlUwHWG{c0%$tg@`@n}
zot6iGF$HMk19g?(XQ-g0(DGW~cD{Xc2B<coK(88n@}fLcweqy^XX_biMr={N1X)NY
z?0EKsQ7}!I8|a)-9mL0~)3WcaX8~P-wB8P+DXB#d3(cqJjwFiDV(O?)bxn|3o)3#=
zE`We?o?wh=7y9;;p0w)7XtUlAQbERt;%=fWb59A;HFT(XYLT4A;Y=rfv<ttFwz+^d
zK$!_j3TVf26NOY@aiKU19Gup!fAh(M*+AiIi=w6mFBz;|Hkx0w3QQeg;(o!AoSZv?
z`H{<RC%AhWjKLhmz^IfdXznu~(G{P?UFvoRTGDP{h`kCJjMXPxJ3nN!MQNE_fw?10
zo?<O8fe-a$=}@hKXJU&sB``0po{otVTUvZ`+BiHxK2sjc6L3VXA`M=8jaUOGezXEw
ziRUK81?U1Tc+;I$k2H!dt=+3^py58OD5*@G1*}Sp#F<cfrnT{&JUha!3u3^gTCk;!
zvp~a#s^DImmv$8M4GusjxWeyrsL(Y?MQE)#pwwiw<v}YXZGM6knhLb9U|NV_tI>d#
zFY**}Ag93o3Z#x>g{5f`fYB#to3sX%;MVC-6F~aPDi1g~c7D8qj{w8F0x1P%j5H^{
zs2=N`3CuCp8z@K#5||G~>K1B#MZT$TUO=6<&(vBO0x5zV1-uWXuPVRvntfC!FBJ2W
zTp|Ld5Mt6o4=V$amv`>DwipR&kHRr(CpqE!AJ5W5=AkD!RhQ2}ZxowV0mUE|g&zJ4
z1ZG4oAJ^q*y+LXT#oPo&{>XTPEDsD8>{m3_nNVW}goiZxO3AU{l-krA(9&ylnjqP=
zhD{l8?Z|c4K5d1R;3#yqzln{ywBFQio%hhB@SOf6zv2M$*kaTwsX*DHn;%-O)oW#)
z3f$z{xqPDTnrqfeFA%5KDp^4;1U6<ju*f_&1F(*?><TCRwB-&bPBH%?|9_F4WS0VE
zTUEWWSXDx32?bK9{S|I1@+O*r0yxrHiqn2T)LzJ<?gAvR-hUhrjA-$WffEeDMbunn
z4^Sj%(NxFEfLbzuI`^y0T7xFZ#B<OX6N>!By}nh9*rM_PEHSiJiSnIil0vS2+A2xq
zZ5lf!Rfh6dqT%<oUp4mtow%2NIiO+}e|e|of2IL<a0(|)EbYMxln->so{19~TD(i3
zDPvRQinjRT)+=ornZ*yWcuQJL+L;xwRz~5Oz@8#n32hz%b*M66Inv)CQ9iV5wQoY?
zs%vw^7jL)%ZIU!W5E+@L_O?|iV529kSz^(%#I{SWnv&HjL5r_kr+gshK-_qIsHI{B
zG6L+_DIWdHOO?miOFJOyt>ysA7^n@Q#SOh@B(`XuUCsci&RR2WO+uvS(68hAwe&{B
z7Fib@u*WHj3&*n`LW_k;gqe>VHz3azIN)9`Fs&kEU{FHRLp=iWPaSE!or%hHXR$rx
zreRB3bb1f*8LhWQ*Q!OUe<fP1h6Vc08Fsdj6?{(ZC)#M`DaXF|iczZ$lerdS)8Oxd
z&_hA+!JXD5Qvi*flIMPXV3}e-Yarxs0K6JVr*P9op33BW6>(jVm{y`_Jg^-=*$f!4
z_qV7a4O8GFXq*g%hs9^AUe2IZ^ThlNSbNm=%g_gC>{ardJ1Y6;E}p54D&1=Bjy-rn
zvzFEUlhO2?yiE+wFvY+p>uHWAFmbzw(E;|}6Vh2SKqJqKEqZ<?aRLKoC$%&Hs{nR1
z5T6zT0SvUx0Ic~R++!7IaI(Qwh3D8Alb(=|m_eI;3dPIcB4Fz$VJHcfy1?cik@2DU
zQrDAr^tNJ)HzHK2uVt(R$tC`+PHbnY>PJj3VJP!A7I*{afTbM=L1fQga*#CevPvy7
zNUbTpL(=DnB&e0#A-}X^A*l7C!-Os8_uub=XF_c9*d292RA>k84fJEj6SZK4NW1>O
z%G4VH^`@*2Wj1!mktLg5=U-VtR9XiH0#%OeQEQ6mQ1v<55}fb;>nn&#?#Nl%5sxfi
z-pLk(sYcd9>bn01sgt$X41A7G`Em|b4`dn#{NEEdQaW<5zWsm60*2?*v*7sR$PSX~
z6aA$f+9oe`P$Wh+QZHcc4OFh&icO>wU}hpTtn7#aG;$np1YZa4;Rt|>fX^FIBdbyg
zEVi|RNHoBU1+dvc0MOe5gusBFqw7@KGGLDppk<Xi0WK*3S6UezjcUQ?BM)C6nX}<n
zb_h_?6L&JE=}bLXupG`Ng5JpKARXQgP@C-sAl02?-0QQ`%qlf9oh?OBD-5F@Y1a!7
zB=?SSJEedW*@}AjQ{_1Td3Zd)VX%6D{+k(a3OVYc5;*|LGf&`v-2gZ+)O#1|{Tr%A
z1eG5L@GC)2A!-z@6*;z?KEMEY7cd|VJ?(cVKc>ptQ02L(79s!%cpPvL<Ykb*|C$j1
z#wkFb^$MUx3t-!(s-s#CW(D|hXmw>l*aZNRr!p*1iQZJ@8-T$h5LGuFKx{z*8oieQ
zA~oinNUE3YRE`|rfbszx6j9({rxLfQy0yyT*APrpHUt$Fpz4SMbWlD5hxQN<0(<~C
zys5d+{!2Zm=C!fFQA<@q%>$ImYevPWF%Gpjz66?pYV?1Zbph^dyQn&-LQkmohQJjn
z77&uBhG9T0f+aPA1;B+SY6Smto~!B1#+}Rt5ay}1!Y>27@I~P8r^Zd826;#|`ae@r
zRQc<G_x}sNm>N(sH6Uun?0NukJ1W06)m{r#M+;S(H`Q_t)hM-osu1Xc4cu$X=+44w
zgl~wy=fY>>--kPj>-8Jx(k;d63))uq_HKhWgagRPUEvk{1RS_zPc=!D4EGsy0~d>z
zfAqi=iKEdqkwxO=?>yq3Kbn78ruq0<fIvNwH+gw$aT;r!i0P||xrzGhWzczK9i-Te
zn@)8ME(_rU0HvE+7!(H<vQ@00g&{fxtIwhS12DW3K&J=jw6W+K@Af0>6IUwGc4Xa1
zhm~F<UZr9k0LBk6TLOrgJs=<n2pj@HGe5TR&z2qaN*lOh2aKKG1b{dP0AK)smM*{#
zv2OI^+8jWM#;4tSA|9|0V*#|KQUNXizyQE}*lyM6RxS042e@hh6g0B}fF^H_2Za*=
z3;_SPJCEr9Y=r|?BHe(ePXKpXr~uVc0YKM^*{%PzDHiaCt@bSBe+fH&h|KX|KS*dg
zSEkvnw`U63dZCqAo8S?*o6sa=9h4Qf?E7ZxYOHp=6$Q|0KviZ4Xq5+?4f+qzYDP_;
zG62A0bNWl+RD*Fq3>N@qCTc>dabyBcqZk3;T&(uT|LIwX*sb@YO4R^-<*k5HeLxZq
zBsEC6TV&vWdhk8K^<Cilf1xM<Kn|6$7Lf4nJkqH<0POe)0$LY<3Y~HQ%78aEWv5aA
zP!0gi^jP+l32M^u)TFBd^8VDEF#!^A>J1A(%I1ah)}8_GX~hCgrvj?s2moLKm<<5t
z5N<5QbIM?E8RT_(^2qiQX6PUZq>T|?mki*t4tk%nT)H})M;7-M!w6#~12pQ0YTA7p
z%hL~d;cEZWill1&4rsLl;w7F3w3Y*Hck&VdPI=)B|KmB+0{l<~8bpX1odiJg?mlvD
z#Ft^LG+f-;lx9Xqh8qeGqE7->6Gz4D=Uy-_DTK;;4by21{rTt0!ZAg&&DJG!7|uQU
zCPg>y#!bHK*?fs6baF>m#OYaRUp=}(+8qJA-}+uBDUyx%*lP5M^x^J=D!MiP*}Z}^
z{8q;>UH0GOJW)OlA;oI@P5o=yNW)nld`0~-_v1VVi)*$#!534)#B=@g4HU7%TKtT|
zbo4Z{4%{c7qY&|ko+-;Kkn`m=mb-CMWqm#HtF^*r-;P)wMEPHT6HIwE`6~}C$ok1!
zsdfL`dC#9U??Kme{5h^n=Eg=Bd`{Ta?-DBC$Q#K!_jJOX?H1p|0p3gvRBfCtgmzY!
zLgb+PlGu;_Q~2LaS&{12KUKG)od%dZ??3KSed9}(Jexo@&O1Au8d1y#eeN}F%OLK3
zdK{7SeFO;O<Q`0MhEd*&iMdELJ=VW1MnIgo;qJ_V4$UDnzCn|N!RNdXN441Yvz324
zD0O6B$Sq5{Mg6|vrS0q|95gK55A@`uY>jlgukl$n<>LSOAB_BCVO$#4<3y*;VrN{E
zq1HQhE8%B)T_Qam1@3e>r}N4u->l>RJ->o7c=t=6Wm-z7zCk;sIFG{eg;BWRR)%pP
zm}qCPx(?(0W<}D?1Tw3TUbTDv&uQ+{OglsV@o&`#-%>+?ZzoCNZ+YCpf}VR1YY@^B
zMfA3I_=#CxB0g~+^6`Hvz^z<xvb~)8*sphZ$y-`9`MZ<_;~Rg@J3Dm4bcJ~Q;RxMW
zgMxo}XmCtv!R6MJZ|7xGxTlZZj2YAXCO;;LXy1N#%{}|90=}*NITu`eUbZl-Cp!P1
zq;&E`Qre+{l;{)dQq`>QFX9-igk>|nVw!F4sl*zw97}6@tlA{o_s7xB7Um4kTw^#P
z0j-zg@{cY1ds{+U5KZk=`4w28T8Y@X&YH0JBjbqe3p!Woa(nlqjvvV7hQ;5kcz0yh
z;b0@*&Bq*NqWJa+PyrdJXUF|yakoH0uUMrQ*Mz|C`*n0lN#M1&W6oM`jk*roG_%>~
zIxj4=Jb$FV9&!i&bTfR*?05in<6pK9UuaOW_2h-Ai)0TGghZ7+>zjagT|}Fb#O#j2
zS&wl0Cr?BWM7zwdiA+CUbSz~su*60Yc{|`Kx=xSrPpjLAoHDNG1HqSR>iqlTp%rnu
z%6v7p7b%`12qe?uYC!CNo@SzMjsGbGU-n?XxOutkRD43VZ|ot{OaH>hP3!hT6Pbba
z>oSN>44(Jp@6cT~D*s~cQFilenvegKsWs*9z4HT6kyAm(TY5b+L&N`ALhmQK=h(HB
zg5CD7-)S%V<qguwWBJjd&#R2?csXB=9=^WKnbz24zVRuYaH9B~@rH{t9HC)hG5a`W
zz<sN6LpJ{~)v7+k?TubVNmYibx^GxXPFep;&Ai^-p~n{5rPqC|=?hPdqNVjemmH<r
zfop{`E-WLo_~$-uxHE{yYHkW2T&j=LeUVdfX%*z;l@MtrkSh&#yQM6cPw&<k2-q)^
z_Wfp`DwvxzdaJ1ZS))AqXW%OLCWv%wR^UE{jaZx3To*e*^EO09-q(<|(|(<y>qN?L
zfg>GmU*1Y29k=L@x+#j}N8Xtkhehb3?X44->JHdn2aDMU;+`h&V~ecd>?iDzYZ1uL
z6+ZOr^#`^3qu2MbPESFr6O`Z#-Ek1Bi09IcTGWM8_VBgrg%xs;?t113<$2n?dS-`?
z*a6S5_R@-=u)q%r+bMh4+7FUcTL|1l1mRfv=)$}E>v|G?;G8}s6=sg?%yCblZgq#Z
zpeen)0w36acj-a`jl>S(^fP}Ioo5+X!4IXKB_`Hm(r_OMORB_?e>WJHgjqO5e{tVC
z7yr2;qNlq>?OC3A=IgmVjE?&1fx?%qX?TXNk0-)mV`eY}jvP^$$f#I7Hyk%OJr$Cn
z%Ub2ouQ&B`rGob7O1I$Tk}$KC7VyV>r`;<X1<;MINwo#eD*T(Cm>#_qxYZIh_sBhL
zt|rcNCyqB_i@knBg!vcTW$W;|?4pN3;`2NrdG!`zspc{^D={q8r}WC%q&t5|%pW?`
zP+{{}p%Qy`{)o1b<wYlqqvFLaaa#dCyPyo++836snDlQIs*TuZ1@3Q^Y@M7&E?=>?
z){uwc0P(g$Ri`D#W_26Y+8TVBKO#dXxrF_AJJIT7oALC>z`7KknhVw$xqSLBxJxZF
za863yB7J;XoNxNvz<>U#!Pgi|k2jxv+9)3s(9Z-9WjHJfhk?HpT$@wt;hz@aIt<sd
zyY3$Lc$iM$&dfo<D3mzrcg?#vjSE%kn6kha$YI~0%A&oGWD;{V2%XWUXSStVL|*vG
zfaX~Vc>Qfn<^qfr?aWav0@e9*&53=4?xM79`ZSaDnyC3B|0ibey;#wSNjn|8R)77<
z&$k7+r2R7B<64lvJHsERr`=%i=ljUC+?e>M5s|%r8wR6pk%=Pmbe=qA-&qP9RePU~
zHBmskFSKaA%ITP4kKAdIzK$`?RZVikU~JvcuszR9`f8g(%w(HPWxZQ;*;YJ9p0nFj
zmChdpcD4Dc0=HY2X})g9b8!1D@bO;&sLvFUH)eN_Uxea9njii5M%y-%wzH6a=KK9i
zh2q!l3UoHzUM*z~eftI7|1|TWchcjT%?Fv%VVgSIk8b>>t5W%(`@<Q*x*y$dTzN4R
zs`;Sdulys|?UdZoG6F}lt?8p-#;Bc_2hq`Xg=X(7O_mq~_BIJ$xSg3J@Mh(1bZIIp
zu|9HFI(A^<7)<n`i~udiIk(2gQ#FD#hX<P{G95!rwNrt=J7XJYrNZEkqCyJXFQfM>
z;E&rH5MSW;+-X<22q63|M8v%5!#xqh_VBZc5YCGSB8K-Gw{vaQ*&Xe8#Qc=vCv9&e
z1P5%%`I>BQ6klp&WZq2X`0=a2uWe!yV|K-qR(wC<^Ua|`5rKwzZu&IT#^-?5(O-{Q
z#_mB2AKwIX#TdVlUPu1n>k)U;sQ9Y>v&=0PMN{4C|6iCuh3^AlAv_;mN0wIn^=9sj
z@t&D#39AYHZf`vA`NetjTU|eOG>?Jyqg+OG4`smYP-0vDn^#^(zBJjB+-#x4Gdi$N
z&yJ=2;tNypFA@(^Ii#U|%$Ykb<=#P*4|M~(Ukz>nT;TcgOZe$YKrDeiyj2J`SuKF@
zi=%zyups$#05RzuR`}8LR)xbyO(yXPJ<h*%Q7c!8L04KGEIu|fh`){CSHCMmu6%rb
zsH6CfV}bisa)W!&xeB2>G!?baHq{*QbS&9lqjnaamM~S==swebf0$;j>PTT&y1U8A
zsqxWV@?vSKL_5>768egcJBE^g{P(Dk*h$Qtv7}qOqGb+zmd3+=r7@}Tn&qh%n<!mD
z#WrsK?S(B-`Yy(TxJz5}dgRL&59&r*aF=3m7RiewG4UtjZ(}8XBA^@<ucE}`{@i~+
z^eu(1{wR6gSNsw8nBmi(`_Mx4&$%}ly6lUVlnjYm!*sU8bX>H_-}W44<k^R=<zCWC
z<fmEwqId;m$9It(v6t|f?i+-+j6&;Ef=h<xEa-41I|Va1nZyzjUMIwnQ%Do2uPkxj
z7~8*kuNE&H-dEzr2MN!M1mERUJ_`#xuWq*{W+66adJTg)X6>ioE@Nc3nbOb7xx2T~
zf<esHt+)2!X%bqAxw0#0Ob9SUEY014=@p8le?^wx2@qiIIpx^d#fA%ZSTX6r17*$)
z@8$D|BJkRP%b9g^pk5hjR{J5l+48yuO`sg@zuj;%O7h#V`SZg{d|$v(-tW#r7Sx*0
zeF@>XgMKiB#z2Cd4md)8+0j%B{XRjS`Ayx|q#Lfh_+@LV(&0E``SmGXDDg3GF}}2S
z!cLgE6zT;%yyvE=#$nk}e+NnVHP%1~{^3ix_`{d^Q`~U6xj+)FNWBnx{QXepuD{fW
z-JNVL!{~!b9`(!J1=+bT4CJ%<wgtbP&`wv1|JyAl9ap)~@3V01Z_>M2B?%Uo{eoMu
zgX!-!YHIu^5M-DjU@3V%#WIK)(av&PDXTPbS>BkVQwi@Qy;=x8x+_wDbQzKVDLp`1
z&1rUF;JoIhnB?bRCy~t7ZPg_9N8Nmy>N?kEM2HDI`XhybTooave)PF7n#y|u7z|LK
zf*6mdchll#9}G-q28I$;+x3L?;8k0vHhm{CF2{|@q;NZ*Gl}C~v`@<kvbiPdy>2G(
zV(-DI@sb5z?5s`d2Gc*bCl{N@k3^=jPzGZaBHNdc+#)Qinf1M{TVKcQ=Q0IL`tzQW
z6KV_{vwgIYBHq*g#3&jJ6Ms+5_RjSYQKJvs_I3ECGbc5h4*5jfMcR?2GD#fdsnJcN
zi`r8jpM>!Api$#@A*i_eOm}omV=A`c(c*EF5@zHoX87V<G26%jpZii{=C}Kt*mX}r
z0wUI9^G#40+yQ$NDiOS_(9P*pgCj{MfPuHA@i_m@08}qwR%$1BFdbJQ)~PP^H7H4E
zpNSXUk6(gHgg94p5oU-Wk);6CnwYi=NK-Tjc^C~^*iX=WuR9*I6)@jMn7y$RypWEo
zx{4lt4%i>ZDIw#=AfTC$Wy2U;?PkDyFM&L)7tL#M&_e{3a|OWui5Xl)vu*{z;&An5
zi=+xA^flZ7?m3W}qBvJjoE#RKAG|zi-#zMqhRC2HEpcxzsGPp1BZ49i{`|Y$ZIqdt
zm>;fX7zXN@As7daDz`39UweHzo4zpyS$&(fZ4$YbQ<v`Ny;4U!>Q(7B5%54O`zB%o
z2lQ-z*4cv52OUZ6S;B+_?@Rm#vA=K)1aZ}ZW;(Re5Xj&>4-Qc9jBPZ>0VKlW18Orc
zwE*c&6M{eC*7lO9rk&6PmV|<S1Ju9oFAPwcXr=(9`q@)t_~|E*9cMtq-rMqwf`x9V
z@To$N653$Z68LVDVEvo$_N0$17Q7im1nFEgsLgq$i`3Z+_%8tYfeuZ`3MkV8YZ2ah
zD;nhdh7RSRclVF_uEgN(1R+y*L6S!-LY+f0N}B=tmjm>7l9GENp_*s~5c&}v`bkzm
z3Q{Sj!?*mlwRRhEVvtZrXm^3_wO#2ps=!SJ-BXi)N=Q<bEi>Az_sh9hr%y;K4syRN
z9#octT&x@7sIy%e@a<KH+_pZHh}?iXTgMHptiCPE0d?0!9B=0IQPvn#3yN}P(a?N}
zDMIjz<sZjUtO3aFniUdImrt!#W9hhUP*}n3dxwF#|DMI-$W!Sc_{&|8JDOmN#DTPL
zIDv9|kvO5N=m6N>_9OleSRyEO2h`7iybDIg#ekf|-j=J}ldq`OkWK<8bP+ykqCEnT
ztYqiQ*fl;6G$H6Jni2Nr9jK)eM-oEf3>cB3VC2eGgI-MYk4wiFyOk)FPmwnDvEW)w
zv;zqJ0k-EOr@>Rd6(A+~p3r_(yPhQg=87gP`}}SCX};JnmcGG|;BnpVu!wXl=l3ZM
z?jwQW;Wax5)x@yJL99K<&f#6YA2l)AJs;Fdcath4-EWP%qYrAZvsn|YAc5=vVPT1#
zr>h(D<|q_$cNQd?1kUav7zH5>c0hPyk`*8N`7fX)9w7Zs9`&&BKMQ$<hA5+rIH6@e
zt5Xtt`*ptZbq7|wXtGZ_sQf4NtOE)Dh^wD4Kn+4)UVatu-vgw_>9T(>Bu*1;h{TmM
zAZ3R@W*<Sywc8i!4_IQsHg_cqZpZJ=dZHm$(U9yML80EE2hBuK&qol3)Tg*S<%Nb^
zM?;!h36H=?vnY^}*Iee?jmW9_1`T;a(@shkp_~ZP)^;6>{sk*j(4Knfqv?n~7<Hn<
zq~%!qz0*y?PebNHVzI}ut-eW0W{;MOK8-aa6OKiAG340+_2wL(gC-~RL6_5PmKI*}
z@Fudag9ysu3ILGi9`{?Md`)yu0Me5V{ay*}9}#`>@8MiAVoZP+efwGxIK2zfsEO8q
zBCSrH*|6!;U^FDE7gC(l1WZmX&SHoV{A@A(?J6m>ms59be(d3CV~QX8&VT3^+-U7-
z0$CVMc&6Rw0{ROF7Kh$4DL<#=F4Af%z!q3v|G$8O6Tohtw@vicIIsbvsHaE~+)bp_
zW`Gn3?WgSyeAE3^lL#^p<{DycBrl)z60QXy=k%z{<2bj~w_FKxFTvx@=WPVy&w?xN
zV?()Oy_dc9Uv{Fkzwk;OY*RAM(wfqP-0;x*pnf`O5Fu1BGD#p>&wP3V$>4x)`>&Gv
zF8YYb4mUslLW$m;olEW`n8tvM|F<A)V0)b1Msx0HNKJ25zrh(SR@Vs)tc5lL*?Msb
zJ3!z|C@}pJq{A2(y4%#Gl!U95MH<Wy&hLTZNKvV~=RJY+NbP}EC0lfn3PDJ-T~H7s
z5}Xw<FR}NO>)*U{m~AgqYp?t%Qjh5-vZVs29)V-&S{|nHlM5V2;+`i+UQW8X7u=34
z7$Cgm0`Cpn@PnO6?isWCmKQvyyx%I-(|#XIXjh2=k0HV99)Fu|)}?{Gedb=FeGf5o
zn6@tGB?bQRi77}3&f}8@vUPlG;NZv}2zIR5GWYBjHjuQSh}#$LRvrhMX{x+lT~<b-
z23U3hLDUgvjp@Vbxf=%!BXRT~G=Tvr3`W8)2eiA*WlD_|^P=_U|3dYzOF(3hhcg80
zc0!i%Q&$CKA9yPuB?ctPm6RHfvkXEK0+6Z9pn}_kR~!K^^L)MCs<pcQcqt}<%eo*4
zO*DQ7RKS%~HMMEIZxw{(iKb$@%k|SpoEs7+6NWPx0zJ8p{4vs?s&1)0M4TX%yY9V0
zyMpi)xPU!oigig^Qy;WFklGRN3GZ6ctPvpmFC6d#7$6yXi<avHzCU|Sgz|zko%YT6
zFnTKBHzA*Wo~cYjLJ+vy<!Q5EpYg5wUqY915L}!q*AWq>laP>AX3DFli+pca>pkMl
zW4iy@dd8M1AoX(4%OuViaH%GG9E4`<T4stZz`=r$()W?9(S3HP{E_ECJTp+FHWxGk
zcxK=UXg8nB<j=EnazCtpinNWv83rN01FNpfSseRg9@vpm3AlF0y^DKIgGih)66Y9(
zGXx`RKZ10efTsmhkpZX|OezVNE7J{0&_w5g&>4<<<uZP94Kv6BnZ1%55~^3xAArHw
z-$8dVAQ3|#$&a8UCtvSZC8(Heu{{yo5G!X)A1gOHzJt&roM&474G1zRt*fRDxuK!C
zR8`@qxaz@g;$49|)<YIcytcs(98_8FK7}K<KM?k>V{cRb4yc#9SUaiCKth@#;VPz2
zxfPI>HNa%tM|#9OT4zQSv2F&a?1JFec3%0cl9&<-{E*uhvI{7&yR)-deUOwcB{y_c
z7OuW5&AJ`h4ZM6&w_64fP$Y<+2zmlVZZIMZfX=uWkUuoq+(+1FmDxJW!tzN=fNf%N
z7l<JF<p3?CrzpP)$P3`f$Snb<)a86*FAG>e%xFkbD<J@kT;K|b7{WBKla9f!yh|G;
zlW>{bXdu&bc0Qn)=sweKr30r(9Ndlt_aQa9&!v~ZPsP4_gtjS*zMfkj;JRPdNAUID
z3_d-K-B{I7te@|xdkG6F^8^8JD*NCT*7QW{9Ma>oQ2^@`=07MTT4UfYFg95U9gV_O
z+;A&)q7?nLnZ$Ks?IZh5JI1dj?(J7}@m9$E2^XR}XcGTr&TGPM(_<N?r!Y0AllP<e
zJ<7s$;kexGEl22y4$Cx#3o+u|P^|uwraIIntEk-Vmg%hrsk2fn{qdphQjciG6FI8!
zMzg#6-(SCpRD7xUK6-yV++nW!>y3tWQ<mQN_&e8Dys(4~k%u(mGHodWEni2%Xtr4c
zW6^iLqxyz_*}U`fE-a+@D_Ehvj>x8!zmVc%e=VL&85`6#8Q9&fpCLcR1rF1R7+Qu-
zK08dClzGHTX73=DC|1}$Vr}aG*;9Rs$lak^s#0;!f>pc}B}mkh?&jy#nV^%m0zUug
zwyky~zYAG4o}fbmczQPs+-2_Jh^XYAbUSF4N1S#?j|?3BwzO{^Pwfz{a0J;qTDi#X
zd>KD%yXBX|g%#zTk@g5vHeE=$_3L+ZZk2VP<)VHuzQetwExO{<%AFB9Wm7vgE5|Nq
zEES0<L5<wv{^eK#R)1dIYEX)bE2t2$P(a!P=$+Q}lZ{(`&0JVj8K!9N>ov!3%qzIC
zH&W;yuv&W_Aih^fm+%Uhvt5?GIk?`afOrOYGk9zH4_#6z3jM8uwUifKVO?Jx+Oyv8
z;8e<+X<lY+Y5#e=RvB@j*0Ixqiv1ivY#E)Tk?tnQn90dru?n$!=oA9Bh}HfH2;PzJ
zAikb_5iz%awLkd@Yq0x4$PGkD_s<@cDuCJwEB3yM2zl8x+5RT^JL4HZRY#o8MOP%R
zNIhY#whB?-)RgWnmNB!iT=Xo)i;PbCNq2kv4^=M4=lq$JHjTwtlvP%@J~3U;E~wxs
z;hnKy15k-#`AALAE@=45l_#v^iS-j#{-D|DUGDz7zqrl82O$~=P3JCX<jNH*)>-d^
zIiNybUC>l2>IP)Cu|IlO>wl~c2d5tVjdRhvswv^Gu!qNkC`uAAvyRnD7hF8T&K2XC
z+&96dv2!wJQ<nB&Ks8sb6wZd;B$qOJ{XE`&<b<(Q&~jAg{ld6v9&(spF=ZMH|0#HW
zn9j^Hgp%H!Z>6B+N~Pv!n9m5aHKsY_X}PnNSZV6#Fk0GQ?Jy0_I6Gy)TUg%I@nBn=
zf6EgZ)V01!v#pJw*-pjWVtO6tPV+kF=mCW0Fu{`MF!m&azRpZW?_?F=VR|xh7Pd+=
zL6)k97pjN)hFqG~o)v7JwuvHcWYC-E=(thLAv7L4=wVn0gl1!N(2cSIu>TRsJ@p3Y
z^5Je2V}QQIJ_6GL=<^rcC{F==#@CHv4d7-sroCUX*&{Myh`WH8sP=TruwbjDlE4-P
zcno~QHQh2P*qY(PIPLAlW^a=gMwC}&dc9@$iD;EcUxzCAdRjb4Yu&M+dx8O+)|bpX
z%>nMYTRsqHfX8`>FQ)<k-N?2YUaTIv;VL+df5o;q%^O3+t1vyMd~l<{AT-Ka99xtL
z!8<~6cTU(d=nKak+*%sdLjwh4iEwYWFRMFQkfpp;n)P$&BBiq_!8=>m-6%c~nu9Q0
zKRaT9T_Dd2_f*#54CS`XbE_dYZmmF~G+C05$Q${9kEj@_Iq*|ckVw<v_41*Uhb&ys
zuN)}vc13slDQxC(MCl?-wRFC+Q5qpz>-ZX1J0qj9P3ErHtRq<U@;@;;wkC2G%lpeU
z_APa1x53;<*dZ%|4E(SF{o-1R_O{?kE!hX0kGD9hBaF!OFNm!{&?~_GEab;ZoCem~
z8Q@pqlz|)Mqi<kk;j`*4vA}&&Y&F>j7YFKJs9J+`UFjF`FYEmU=wa^L>&fOB%5pe^
z<!CWwIZs~S7Ti(p@LD30<#~y`wJrV@XSR><Gbb|eS=4FNO598y#esw+V%cTkefwG`
z+9}#zIU$(6o~<9=fJdiF?xd3^fp+9PfRo1#un@Eu1F*CN&F|GpH^-e00h~?(fLq7|
zfqs!%?b2HEsdO_Q<mf=joc9-Yo;>fhP>+soD_v6tyWL%|Ih)8M#8|~qob@;Qe%F^8
z_x(wFOcHLg>j*Lry?0tWSA9i7hZSUZ&p5PGUaNp{AfL%T8g(~9SpMk<IGlv~azU{g
zib;vTdFQKM!qSzv1t&0`5nBFlplA-&_H1xo38nXoUR>q(@X~_aJ*imK8~6hCtADbF
zt4jYcXJV>d?&F(tyjD+GMrb&?52tV0;PXeCKkI6CpKgDaKJp(l$1jl6{?MI;Wa%!H
zUSq(6o8^XgZBuF~EoC~N0*92Z8)t8!H4ZZl^k1kKCZ1DQF|zeWiQW4!739bvezR6U
z0j~Dx^bXku5|u^&joJ8Wsd~$}o!i-VZMCa)@p9tF1KU3Zz?Za5{a?0<f~(#`57F0>
z4T{7WstyHR0~Vdixg8}xOrD_!>nc^AAJ%^v$0b@K6bd;KRv&iq_ozlu(w~uq3|)im
zcQ4GV-w{uB>?E+Ct@@z8R^Rda(P>xY`fp<eU3%mm!l$kG<_AO1*Yn-G;^0Mc(A}9D
zop&lNDc^Mlf<IMYA^cm<?cY4^i}Q}Rzg@1p8BRRmx`txMv@2cf#PyA6a9#Tpf<MjD
zCE*klZZ2%Jo!n_LtldR@uqjX*w8Rq=t)*_9E9&Gw?6yve3i$=o&&xi!gNM@ZkBxpo
zAI}Dtr|mYKSFY7v9|Y2St`oNAebBfVeva=U4w?)KOw-k2GD&10kcNuFX9?M~@ysE8
zHYbW9gQ*vyhB31><)fG;i+JYj#j@;&c1hL%v{aV;*lr_U^wMwQ_i~pfYcLM+_9+R;
zfppb~fFMYciNA_S{s`Rvw1s{2`g-}nO+@~6*`qlJ{?m_t-htUi|1DgXg&zMT$+6=z
zrC3A?q7EC}#~@kydhmd`TNxnTf^^7%Yxl`Sr}~;RMA0rSX>JZT)HgVHi+^44i@*B7
z;CD6ER3B2^)8AQ{e6uxthO4vIeKw7T09st{VfG{)g2k1Qz7N#bM>P5ks^(+{P<mzu
z93WUQB(Ji*K4WmuWOf!BH`>|mh4oKH)VGnwhSD=Jp1Az0{aKl41$=$he-OryPk+l0
zm-f{^HL9=)LP9<G11trZSky0;OUp2E^wYkXdmSwy*It2CtTz?Of1&2$^9=7pKH2Bk
z)C~V=cddsI20DJp;;zQ*98N;solQFFSt$P=W)2zLaEtRm{e7|tDcd5_zT3h`xgSl>
zPh`qYBA-9%U<sO$NVN}oeC<NPrl*gv46xEOx5N&nINTk5m7SVgvz6zQp&${0D{5og
zKPMe;c6s+gPC8*{416mZ7qJkmn@7=cZ!6c%8xi`<4LajPc;!Nofy$@0<&KZE1H+tA
zm}0{}2G`#-8S%L{^%t9k9X)!WI8PbLt;324=D%oiZRTV+W%9AL`S~3Z{g})lZpc&o
zO(y}%sh#)2WGy@D=w;~pbE{~5W17U{l$TlIN00|ST~h9J53OmWe!LBX(bCX%_3})K
z()Vqxs#W<j9n2m4`XSb}|H$P^&h+vN!vUY{@c#IR&(wMFHwjwpa;87hPcFUx^R7N;
z#EtzsV;AsXMj>4(#rZ1k^9CZ<pKOp6*R)3o=SAGpL_?G`fsd{)m_1&2iZ(lW*fIV`
zb+l?hkDm-Y5|p(J;e+seT%HXv@a${<7{ovI2M*ovR8wSK@gVq1|DUR7Ly$WD#1p(n
zuX=D#;Wvi?RqGb4v7t8GnHZ{EZ6_pQ_mmzhz0MLK)REC&CuFv)Rwicco$)FQUVxo^
z_Uc<$z(oP@S=RXq;f=X;8Mz5>AHiP==@DIN3XJ)Ax}>zw$>enNhY@Rq>cUFh8;98%
z^B%#Jg`P$`UtxUedOh~kQq#XlatzWF^jo53in0c^>xV{`9Be-yb9frz=R|IX^u+)r
zl`@80xpWlU3~>%6L8d~wgJ8PdMvudGVdK);PI$sVAGu!fll1r4Xz)a(>Ir&tTaMqi
z;S-qT8#!=zD{yl1we{dD>o0efIDr4!{R&Zh)5+RPMNXELqx)2xf^0Ba4O;&s{JW`T
zSbs#8a&g{0^3XKz&dkcd_nThU+V}Ik`SAte!W-bag{`k6!;fy4UaYn`u(|acS7y`~
z*La6ja9gp*0-E9F&UtJ%`yg-q#_g>%LtcDEnfk0#jAiGE(v8AIHZ$~7J5zk@@H45f
z5+q-m)fl)ira8_~VF7VHoOD*3n=^8KBHhV#8{xn6L+;_zBvBvlUytwI1%8*IsZ`QT
z`mS>;dN*@YBfUb{lZkMe({wf=@|E$cu*QxxxG9bVybjipXxZYZzOwou_x3zHzvX|)
zP4HeQ*p18+>9!BIkh>Y_hJSWJ<<-dc{nUWD-%RtPR~H0Kl3%^J(pEnHjX{>CV}C8u
z?Xq*)r{EG$=kiq0@OFe8|D30ry0+XW%AOo?ik^joRFdNsz94|FM{OXUmB0P29$4dW
z+if*XMALa23;eomE2pEMNqSI?X*I}T<tQp7akp$?URC^bc{EW!rOq;HDLMzm+w1-y
z+9+f0F_^y1clgKU&cQ>$Mr@7EE&e12{&{KN0pq@P(Rj5ly}RL$Vb-*-TMnda4snX&
zj$aaYulTCI;13q)Mn%F57fe`=qvupAFnj*2#~XR0=z!FvuHJxxwkfP33xmnmm3-GM
zN4&A=8)L)IPACzJ<SYN+54W~H10VQwCttrXUlJR_?$qtoSjmHTcuv96df6?#`;y{8
zyvxP~UQ01~468MJxA^_5HxC28fo9)iZ*u!H>$~m~4U5<<u=_<qi$TIt_HQ@f4Wt0@
zp>y6~>FSx<(t=MA=^{eHV6>Cs;=dZNPTa7**r`wqcB9m_7YKDH0KW@yk`w5`Uzh!d
zcERVS=dV5sDhESbR?Cn6!`cS*)=5skbDDbW9%jIIf-EZhMrf3pf@ap5o&IU!uAQPN
z`1jqtXgxTj7R|a5e)$kDE6Qo@I)BIoQeM3g->AWg<gYrnNL2r@p4}(I{5U`={X(9H
zQTUZYL~8)A4Qsflc|y$bP3?_pP1bjRbEQTizRJEexW3=KF16n*<#PAtt$Wv=i5Y)g
z?juy~ksBp}#~eDBC=6rU?#*9*9W=}l5{@kuHA3{Fleb=6E4F^!D9Q7#_|2l9GS9nn
zg)<VN4Hr&6xG<+QE`H2lYy+c>MCPHj<PDLk`rDQ}V`*(PURbh(j)8jXmX)onXuLo6
z#)T^%n?M1o$aNa#rG_CUS^MVVIZHfjnC=<Vp#PCXm1vl{M`CUd#gb*$OG*@bce`7y
z*tu?w5oJ`?Bw*kfFM7R6>Hh$lKxMx^f&TGKcDYTA@i3-#;SSJ4MUoD%=85gb`%T^P
z*#~J9`~8d3g3?3gyXX&7TJY8Z8uc8bGx9+j@gcKK9-z_GQ4_<n?Q9rRyJiRIO+}LK
zg*8w7fzkp6)GH={dc{lT_bVrWx)O2hgK@TV&)bY=he4HeX7$dHgDTmW)ia}rVHH`u
zGcE|K<btf88K|X{1VQC_mF$xsu`ov^PXQeHLV;jq2#j}GVqJO)pj%ZSSkV~j#rwC}
zAa{o;4SGNe7-s~{)QU!FFh=PXV{d%3#K2MoPmMA67l?Z`^e=U*XK8Q)rCXkYf!(P-
z8a(6zeY`ZFd%FxlU_PfDqy?SyqZyNOR5D(IBiB<JED8a8uPV65OHy|VAXwZO?#2Cg
zJShER!kptg4*+e~MQ@gnIgPjWHn~*d4XR|r89JjWsFLuRlQYJHt2;$#Fzb1hWSypo
z=W<l?DZr5jPSfDCT&zzqPp4?`X%_1#E>@D7@08ylLp%TX6Flx~i1GZU6z_%IaoMP^
z=027$rS~xFImm2NBk}nxf1QfktSvA~hm=`ciVm^&(R2Oy=fODd7{55El6zgr8FG$F
zaD8dG&T`<0CPA<q;K)XRM6(P*%g@e(hK_cLzF}VRMfr{SaS_iiRJVzkCPVuM33~ED
zd)TXu(jj4vdHVqxMcw<Rs$_!#39qV>umTAW%-(a1ogbTIXveX8cb1TH-1j61A}?GU
zf1xyr=b5AI3}n1(_>}ps;Y9~%bT_317}x75(62mYu66Y+-GbwIpVESFAEZ&H$@KWt
zg8q8__yO}i(k_RUS;-msIjZsQ+Ep?f!FgLIL2y;JnbTFdaHIn@>yW2ax$t60HtdbR
z{eXEps^ni+caQqWH_0h}pHieawv~glz>0HJ$$w9@{ePR^9d`L8W`2hrFy9?*<+qb$
z<`>V{e?Rc=^Xof6qpu40=eS>4e>cMe+O8PZ#4Jc`$Tr7;^>>Dv{#zIILxG&Ydk+bE
z@QnEUei{uact*@;XT*{5q-^rV`ikdc{$3(!oEgvkdl8t!zwfvITM|zlFuA5ANVq}U
z^*N;lZX=eRpOJBEEMB(Xq|9@%krV!W*|(oY|H0`^VtT`xtmGtTNI7`UgZONKBONYC
z{8fVBY!@8yWI=Ft4jgI1eH@A}@-#vm_muHTPdDya>3xaSlN@-_WA=TqLrH5-w6lDr
z6nM|_7wa?5MAm$c@Wu-I*YjWZ)93+n-wBAmn1(a3lp@E22h9BseJ4-R;CL6jDD~0c
zH3w)kd4}S7eMCE@1>UJDX<{1oaT-p^=V~}CA!m2|_i6o3w)7i2Y3lcu{igOT{a%)-
z-w~TBEx7Oijl!7>{f^-EtM8}L)^qd=#(Q*8!zWP7iX8uHKaHvb%)f1rlvUD{ZR$6P
z<B?UeVkq=$+IW|`tdfQi(68|s*=c<r+ef1@7q4%(p>JF-Lk`ergOaIlRrs3^nz6r(
zwAK6Q{WO~K-uAO*uJVm_aBiRf-EZET;yM_~-eEtItvS)QgZ*tF9CP^rv)>+vb@1K&
z=5sv$=Yv-5HGY?Bno2ymkZ=uF$^L=J&wM80#WVO$^K8+S2f=%DRT9GeKL?I<$q=l}
zheXpDb=xWzya);yI)<JS<8130#M-}N?K}tur>SIJ4kXqLRmq$jNNgC~`wHf%M{%+G
z`lj*xW>pTn=p6<@ExY(4sZomKxH}Z-JzQTf(DYk@bIxLEa%QaUXJ~N4;NF)*xhlB;
zpt(~~;&}dSbwRLlsM1_FSS9@L7NqOD`E0|N)%!A@(^Zg~(cfpXc}~B)G1U9-`r#OG
zZ}$&Y3C@9ek5y>g+hBbc?IqA2#yw}yesisO2AO9SJj3kTXP!}-*xwc6_u_l^nR_wz
z#c_T_X#t)~F;DYQTLZyZV_}vf<Gh%Y&JnipK4983l^i=wjrqW_Jad{RR?8}>IBNdQ
zqK@%E@Ep}KUM1?l-dDT;&1m}wJ4@sJLKo94oS}&?_8C9(j&GDzqOxZwNyR+V>y#FB
zDw6T@Zk(4VDJ@u)14m+D)|O9L-(RAJ*}N~Mv;fETAk(!q-yt^NcxLRM^Dk%+*8=+f
zx%qcijPcLfXWknihZ?h%?pnkA{?hzvyyw4y^~2idO_UHXsHAEijcRA<v^VzADE70~
z*6M7PcvFQsBuk9nTfzB#Y(I@wvvFcvtA;lsukprx@HE8R_R%Qj5HX)o>&*3t^=*p`
zZCi?_7(WxTYM(q<B`3!MIjKl-%uj5FO7<~rY?z@E&tR3LWFWg`AoHcn-<j!uE`#^R
zW79wLL_Qu$x5O?}GtSMcxpVX7XU#f|XJezDaA)J6>^GmAFWYa9WA_=l<#>O6d8NO0
zZ<e9$m?BR;U6<8*chMB~w``=z>7R8eak9kKx@w>KEU@XjD%mgq5~nYa^;3$hlYNrj
zsf>+x7=N2(bbJWb)9<Qez<wIt$Mz~5Pt$Cb$j0vvN!{Lw5Ns+|$&)w_g^+mizfte!
zb%Vt8|C*_PaG~y`_#~|V3QSA=vZS@ML?u7%q|qG!Zj94Zq7v(~Av-QIbA#svc@(Zw
zIo>%FNZ~#j?VPC+bs|hxaV!|a1s|vYM4M#RQtxXe1U8v*lV_-T9%S*<P8tmrP0@)m
z@;YUnO5PX-32bMzsM|KU;C9zY2!`6d&5)yR8xNzGEE#Ctx6KB){e6I748Wa>>%j%X
z$Ah%wHVJ|g0Ipke_nbj4*P1~U?Gu{)IqJ4@7`^1LXKAoQaZN_M?z1$A*qUe7jQKOT
zmb{P+!8Lc^{YVI0{jsEM2;Q-HVK4hVC>?cHXZ)_zsCb7`5La;B%uva<I@#|q$&heQ
zf^F}0(x~0<PTkm<`P>=zIs3m&@)vUt<$RcXXF+@p#xmA-e%y!O|C|1u7sz^tBI~Jr
zl77!V8g0me=_%tGVPU*eaZkp2W&Ga!Y?a(G3=$oKN?RL>rs)6bpwZY3D%sXcr^QA>
z;<<;_ZEv{Xhn<Qtd0$TNOsV~XW^azVZMGsU`Ft3j5w*Z7HXpMA+{<zxxFH*cmxHwA
zuLB@>BS_b6x#z|~(_N1aa<xxyUSsriEqV7W4R$IcC!fID$c=UWKGgTf$vDo967=9%
z#UC53Lu$0Hb(r-wIS>-xV>L6DgL*75IBjK|Hn4po*8ewXM#hhKn4gV!sFOy+MN{<E
zGPL_Ql@QM?m3Zf<WDCw4)8!K#rY;Rl4mLGO6!+wjpam>#&h4hbiX3&D3$(y8N()>$
z>NdQN`bK_R_B=Y~Qy97Ai);vPxaaOi27uJuX>ga9c!oj{$KYM3Zu=CZC2BSVmG%po
zJCy9n*uPVeCVO4*!-a0TNp3G{p5unr*)Vd+JW7pzZ@XYP>f<B;Avv&ZVhe1uH2Ndq
zZ|Ru&8yVlyL8Ca=;?E6zE=Z(`ZEyt=sS=f>4%5t^86T!w!no%u*^_w=9a#{Z1=4V7
z)!mPrKn)$F3A{d_eR}i67IoXKb+FAd4~UTyLW8KOH*h{WX!IbZ1rK!4=qI=bm8fLj
zOdv&rRkFC#oa22nRZ;;eQ3tC;`{jVvoo8_kjE-CN5$EQuP8uzxv;Z`1*Ep<eoiu^9
zJ9YyQPfbZ*hpdtU05UoUws~Ekci?&X`_MOt(gGY~oYDgJxdEeog+8KNo|K`j>Ay<|
z*1L|GKo)k;sPVk?EG>{1hkFYadwYE>H$DI&eTrI><2R#D&(ebZoivIybMskRfOQc4
zeUb5bHS=$tDLL#sx)1bY>~B_8y3Eh$#blU<=UuG=bUbrBWUhh9!&%))%CKd+0@E}Z
z+HkLjttH02E&ubP^x4b&yGNZ5YJqTcZ2<T6rzL2QNzh*D8KXmJjQ)eOG<uBE0{I~=
z(6oMS0Da;bZOS$OE)Sj!tox;;42g0=qfNhF8xZ~YAJPI>oi*>7xStUTKT~;^-7mP~
zLpsc}%HJt1D0)Z>bUbdx{wO0~>|QoUCEiKt&ntOYo<gU5+s5a>?RY;L&Sjq=bDQG@
z1rq${ftqA!Gd^Rr73cT=A@1MfqbRaIVEoKXNCLzJ$)y8CnMnW<FQ^GbE-Rgj1a)1s
z8F5jcbpq;o+kIqF)RmPU5&|o`YetmzwvQ9MW^`9}=~2SX33o*?1PCA?lc2zguDIM%
zB$@hsPE~cLdu9@Se$V@U-oFSv-BqW~<y+^RI#p#0u-eHaqjr+N)266OWBNkt*usN-
z$q`<AXl^fmnyQpsxKKIs6X|s(33`)Yw%-nJq+7OuyPK}HJ=4|w&O1H7<7rFr<ssG?
zd>G035VG-pzoJyC?5b8a+^WXNZisJ3SN!-|VWE<*s4?RUcKdH<3T(bsQOhHFz}L?1
zY?GKTHzG{698i_h4j477Rp_k^g1eKTsP!g{<+B4e2Na!brCLieTxhJ9=7#wlv(v>l
zYJ}>ouU09`C#vzf8y@2GcSYlj=$h?zM*sd+s)e4Gm(nnA%b8@-#h7<({gG$67F|dE
zd83_bt*=!nvHiA9R26TRRo7izJYKmy+%rve?^G$vf2Jy*Q7V=EPnEJ^BHyzc<?n}4
z{yKW*@7cpq{`QaMZ&{STdJKP$ALjgxgrofRUa>%#IVu5vJ$b$<3Hi(YjlT;1zTGQ-
zKkk*kKX0d+_o@X-Y`@D#vHc<m`AZM?OjF6Y1<K6JIDcEOT%ar%70ciC*7fuDl7<jK
zQ4z~IS??~cY)kQZW`b{y;MqS=u679O5jv*Z#>9Bo_#L3<wo}cjD|x;J52;Gyn>EUr
z&X_ucPJZX?_QO<brBrHMUZa#gq$*huW1rzX-_cH1%P+a!s8MD<q$=mS<Bt!z_2ujl
zV0Ypgu@rc~SALk!9Sg!#lN}IbGVdpo>?A0%55PExulE{pketlxIr_D7T0>x!X%xRR
z1AmQ?gYld9{VFB@x&->9UgXm|srD_4L;2id&cl6tj%wb2#@L#Ak#FX8s`6H+RTnBd
zxGv1=frduCN?CB7svJf=SW%^vUZ*MtO>6IrUmN53<rMrHn}}bjJ@e~}a8LZ&*3GY5
z<7nl-x#R^(+hqy(1sD77?}cA~I7c;CS&Z$##lHN@RppKz_;pneG*n){Kq<YP^UGVZ
zK(SwL@N2EbUcxLcx3e7kEPH9gOgo>4X4-*NrNWq`!=k1r3v|y>nbg@~h3mbN?zplo
zlgE`fhSQlW_qqb{%~f4N)MT-Kp9=05(`E8vD!=nq>&N3UV0U*$V>5HEQD*l{=d#*T
z#JP9RQ_bd($yu@XfZwX=pijThdd`J<f%Pt2e;UszARZvDbmu|)fo{34vLDO)$KBtJ
zJl^{yuT5EQgQik{zHhJKiF%F(>z;c?$^UzdeTVXW|7LfQTF<3`E{+cyzvOvw<dy4q
z1>=ziz<nv|Xetz;pXMAOH-uAi$Bs>sNx1LGVl7=J*gimp@9{5<x);uykbP3iIY(9i
zc~g6sYRk^i;O`IfGb+%htg}IrIiGs$OP<#qyX+aIo8QTxBY#>QIiq67Qu=pQVfVM$
zWrAbs9*?+V``It4X69w+43F3T_+|9|cq>nH0t>#R+RH2smICv?q#Do3<p$<`Nwp<t
z<7{kM0UXyn!t*N&5mTRiMrr$-s=R@^%yB$0lTvB!^Uo+dMPBcrFR6xO!8t<$wfUcv
zN~axCU?bE2H5UCh?v5`V2*G7`Sb^hcTwTF*^3m%`2#)79yX{1%AGrPf*x4YAr?58O
zN4Lamsj;}h??^_Qs1r6~pCbJ66(yu?Ah#ooea{U9z1@+`>eKw3=grJs7TMa90J2Uy
zG6VDN63Zjj^^?gY$T{&@D!4PBn%mxz3_fwszOT{_L`Q$XJm-oWe*TxpJKj!f7j-YS
z!-~rF6~rm(uAMRCLAx^BnKKo1<SG7t&iV?1Is_@)rVKm7@5169*yJx`af<V!d)`fp
z`Vr1FzHh@)b87>=WpxF4^g0`P&7O0j?i5>hS^@9G%i(`0mA*N|V<7VwkiMS2v0#V|
z^xcG7)=6Zs&bj*#*DcgV95?a+b$G`ip4U0;um>=HeDDyfP5I$B-%<D30-Lz+-R7h7
zlj?bXAX@9?0JZt-msATSK~cB>`{cDl;Rvf8T7kHOHe4zfu(c+a^Fm)H%lpb?<Y7+F
zy&`A)-XW@O6@S+s;&xSdnCDa;q*TIpZQoWaZMSq|)(So^7qB)%=c)D!oS#~&mC{?d
zUvi{CCbIy7_-!%I5!WuaF<e>EO;adJlS9xXi?vIy9ct0$Fiu0e%bZw3=G$#7r<r&?
zLaaBY@_I%?H;kG+HAXio0raKU*$Bqv5964xvypEom0q{Oith2jFyHd2s#3SBT3K|S
z<8N%e6!wL*i8`X%y44koPP8*Kon{-c<OA)X2Uk~+7p}9hTA)OAg)ELVjR!;y*dO6o
zI`NRnPE6n7voVLLhV5gY*vGNhF{;CS_Nl7k-Bzvq;ymA5^CNgyYr(tmJ>p&M{}JzM
z|G&n&qX*;guJ->;y!+(fkKkQW4Bn0J0q@3J@UFHey!-pX9`UaB|AKcf9!!jP&mFYl
z-IWLbcX+q@P>*;Q#TFPIhj-r|vf|w%2cvlRn}Zzh&K<JiUCE*<#Xf=IUDQ_O;jGPS
z!tt(TUX?O){7=9;gC-N+Z9ViOcz5mp67P~?@NRqpyc^H)?kXJf_yl+t8t&ULPE}fe
zTczAYdcnJE{~y4+@jrrhNj>8o9PAnI$N>}HjZc7g@(5r4I8|w!Riz9h2HvfU!@KNo
ziVyYUhC@7;w!jXx?2hVH6{H}S??3avq!u*^bo`ygW2StYrw<h2_u~#xt@9xF{hi5t
z|ENVSHqg&HvRF;hW2H8Z5jN|73S)d54p8lk@K--NVBJ$;ywi4@s<g@rl^h;Nnq)h|
z*V3N&o66FKihX*Fu7^hWK51w9rDns%_fsm>l`m9Er^n_4t@;52xa|LVfNE+g=teD;
zn!}&JcYyom;S|t4pf+E7P~@RfL0`~M#`&bS73Hj#kTS7XuMB|9Y_ZkP%>j~ki2Lv;
z<I|`crnNP-JN`~oN0k+reIRi?7CZm<0FQB;5x%x-w7a{=tAuPgj?(&8N7ksB{aAj+
z%3seVzNg!xZJXP5qulN+t^WbB?;5Z2ee7C|ov+mt6?&B$#Jfjh-a%Wz81>OYuVTch
zDvRfH0u#kIC?9MC|85cZHs%1;{v&jp)y+Cb`wUrS&g1(fvXe@PCs`(0GQaB{$AmHC
zH(wZaLfPGWB~-Cj!f}vlnIhMB*C`(7?OymycbtdxBCi&JNw3t4eGt0DSJW=@%n9tb
zub`LLgz$dv5&Gfpq(Rg-_rhnCe^Dy!IM7`iSc^D|&&@IG_ybfs{9|K>#AAQ=3#zF-
zjD6DqMh_eNMaI~ljvsqz?ASdceP_<~JoZn%h#&iK)7aflKcgUK*T#<fY3sN<zu>rL
zw$C2Nzd}wp{)c)Qf3<1+hyKIIuYXwc<FbcKeZgMF|4f4Me|;c2{-O_S*!XXW89zQZ
zkALm|X8i9Z9{**%jKAD8{=XXIUs3bp^7mird#so7-<V+hZ<@!yf{%Yd?D$t$$3HJ_
z{5*db-UYt4Q{Zbo!gHU^`>7T#RvT8~SnbjMQsD_|!^$s2EhCO|lG^b87otwj!7+RL
z7gX~kgPz%BtIy5?5}U6%o9b0s9XX>G*kXOCQNAL<1M~Y9AHl)TVjbJptMvJT*E^u!
zGPkeSnj3S(*ChtQnxpdoueUfP@bHKIyuJNm9{p}V_enqK>t&dNed6ysg&e-#PqkyF
zdfHR{f$ZK-waW~-7`a~4npqpDijBsM+ds;8_N?$*;?5`FZ9^7cEBtDI&u!<Ys!Hq4
zUTfRV%Y27>Xxq~M0N(zmy|iynRTbNmnD+gb`L_O)_S1O#dN1v_rKpOll(k>$w?QqZ
z|8n2^y|&*Fv-g(gp6A-(<Qaz}a1V>8SnLo8t*#*Cp``liB=FrkxrE$f2l5fX3Fr&%
z%I8WO2H||Nth6B?l5V;ivK}g(Cogrcc>d+AWC-eZAk~o7|DI*`h9Xdv*TD9W-vMqB
zEAGTtvCam11Ay*w@MkUu_u<SrOQSBQ>#42XwmogXVcUZOx9qp(IAh=6AojS68Ur7z
zF)+t@19+T=G|ruDBl{?oo|s%hL_G|v^>H}F83#%Bc2{WFlDGF!&AiuD?gu*Z19`E5
zQps~o3F(;Ar~XwtG<gd~vszi#?lP9IFTIe*-R%wt{PIHXTTR$cwe#qM4FtUsu{A{|
zu4<l_ZcG8UEkh>W6woma7}DPq3phlK;6VG0(xdhRy^Ynp4PiAGYftl<3*rE_&Mhaw
zPW;~44|G|4Cp&<IQa~r!po?~Qdc-r29ZtGZWCHs{EofhiPv9gx&;Q?g0k~0y$Y<m+
z%F)c@x@6Fu{biB_s?ss%`ubJ}jB0bhs3#}ei03(b!~A9ThDSvH`QSdP{f$xy`C!h?
zmwrJt=mSNz{yaDDPs$xTE=eY#jFH7dGFWb&?MbcON44+;IM?v;I~|i+aNL3YR2!GZ
z$J^n^4H#qgx1--TIIw;n)fy?4*6yR)JVwiqK!bRObRi#u`#2x#DV6@YkMFk#J8XgX
z_fhTdEN6~=<_56+_fJs``+Y~~>0kEoec7Hg(4B(6PLx|el&h)`M{dBDA`{Qc_6BT!
z#25Vi$0?Q2&h~_Alt&*{l{QD#s8&bzD2vVeFZX4Es{G>&)sVlJP%33N)+neG_{|`m
z&*A&BBYY3{f_+rOdEnK8(Z1*B%VgOanXMOP%Q6|m>)RPWC+=f&)0kFAPIrB~-#)1Y
zV~*SQQ*F9fulxH+s-aJP+x8kI>o;oDuRhQH>ihOl4d;QP{d`>n^`|aoKX2VWs+si>
z=bJMdYLp#}hl2z7w|gJeKA}_^0%~)W;O*3XRC}LNsogPzy|aPIBB#5){q6lcMhcy$
z!9AaF`cPhbHrFWn!>aNw{w<!T?PurxB&6@jeau&oj5T6oe~c05(y2hkrphG$5(pkn
zh94@g26s^!$5X_ECuV}rYnKU~pHk1(?vubr=cm@w`F-oXb|8KCQw=VGBFzp>XY)t1
zy~-UMZ9d|#`}Rzi$$3`KIw)Z1_Um?;%s+2yKx}&54&=?fR6`jywv-Vg*Ee%G$D42k
z5P5h^ecDB!hbPE{R>Yr$;kp=o6`9Zp@xOU5;`MHHQiAXDK&NFa4m*i9jPuI;m+cK8
z_Hlk>hZBg&Vd=HOLjh*LVJ|uV#=z3^u1s);QlSX>gZPQOL7rIX9Rm8J*Vu@;ruY86
zR9lcNlW_iMAL6TRUl|*BTQMJZs{;b9Q-Qdy<Y!pfd7aNrI{+yiB*rlnNaa{t{CP8y
z;6YjZIO}o*?-KC9n+-bh?Z@UGTQ=w+_KuCrzY)ik$?(GlQ0ofWd{^(MT0TG)^0F$K
z<L`W&e+$4(@<;n{Jo(4UdY#*5j<pd3tMOa!XmIz&W7~y1Z-9J8TD%Luchg>~Z4l?x
z^wd{nf6yCOSCGo_Hg;Bxxt_{$9!p<7-_E_xM*fIcT>)&*UO0#6bIkIY*_WLmp`d=^
zoL*UKv*d^&)#|hQ`|veX#K5p4XH<NRMRwqpeN+p5OUGh+%luwtmrGUNutDuw8`Op?
z;%hivr~@~}Kd;ONJv=qR``H+;<cz9v4)(P<GDoQeSNL*39eCqus*O31afXRru^(gT
zUY1L;_%OT<nbR%prCJVR`d+I2gHkDTFV)@@KKOvWRQrfhDSa>1S}SCtQ!4e}OSPet
zN`3cIErU`iWiQpTD3$u`r5frH>dfycm27)?y(ev<nj3Mgg=#lZDs{9_Z3LwfX`$LL
zDV5H(P_1>UOvX?uoo=Dp6RdXC9%ylajyUJ)2X0rI%xgTS0$I|+bJ5?90JnjCr>Dv!
z6rs||7OLeu>s59+RV5qLW`p;2lu8fmqgqRZN{D@-xiT4tcy<XC;XBCBQkSaKz2H^w
zedOy`#XwG<qFUQ5yRWs(?h6;#ePh0(+E>LgabD71+_I&Nh+2g1y<Oew3qyEqZk%1G
zad{`gL~nmCb9z(!Z<YN(52sYrpK;^_+61QDu#al%BUJj}W3RGuSX9qY_Z||t@n!w^
zz8kdBqmG=wn_}P3n<1MI=lJC~$NR7Fl{&|=eLy%T4Fk2=6}rOLcOTVke~k72ukg)u
zstW4d-%e5OI!YzvQ%wu!%QW%-1>*m=iT^(>{(rrQ<z}{U+e9BGEXCNF9rV)ze-^ZH
z{6T&t!i84g{>^E}pg=*2Oc)-$Y;QOap;BcF)$sdv(dU1)@cqYkws0SCMhn&6pj5iO
zg=(+hI|<~~n$feoN-}zuS6w>j=kiDUP)^~wGWj1IZ+2AI^7B=t@=dF*%|Kl%5V|(Y
z?tA%L&NDT;y}0emGIsV?Pxx5UkJB<U!93&bC&n-}o=(I|9CxBIl=KC?Ev2F!$By&Z
z-}X{%R)k90US9KE8le)7@zm2YIrkTyo5_)7(vlMO?>6nBnllakJE=Q26B4<ZLoHOB
z)(`Yk6@0B^%)e15Wb1rk1AT0xSIIQ#w}IFHj8N(L9;&qqtonKn)e6|(c2<Mw-9t66
z9Zs@66prkG>(dfev%aQ<(~npZPKKS0M=8Vg6A>!y-a|FyHR{Js{GL+j^F36np;Y>8
z53gO>zK3e>Q7V1BhvVheJyiRkI~T;qnZK9oH>)!wH26WtItHYF0b<dIUS(Q=_4&LA
zs~xI!$(cTUeuVj&*#TE5%ZFH0?Hud7^WRi+?xSPt7I~FiN~O6iJ^Q^!kiL*tK_B*m
z7re?em#S3T;N+_|IEk2ox`&uDW-rySe`dE4DouaMtITonHM6;IdX>Wb=yz@6JJgFy
zOy5;RsMJ#LRi@?h@2tKo1fY}EQ(x_IfE(;E=9I{9vGtfeC>LHwzkUy|>yuk}enK7q
z!N+o-2yGqbFg0Rp@Ytd0r_|CvZ@&BS+vr_Rt?A${JXuDt|5G{Ey=j$pXhMB9;$%4k
z-1zMI{Lwy)8=pU0#-4)%+$&o!HsR+KvAgWVonScLQ;wX#X$Q*1v`04?^eP*iRBdpQ
zuisqhYkN*rT)TO_|Ly<bYXlgVREk<LXV=iNV=x{~8Cg6xT_&p7AN=iZsyVx;=sSnS
zPS|g93)LRYwC)XtB%Tkr^E>OlU%vx%?7va;A4^-|e-hVh;<Hq=m*-R^_8Vg?!^Bu#
z5%$r!o9FqF4zfG(w+0>A;@dw_D&>IMypd8V_TAE@s#3C#zu#B9uTm;Gvr0+6I@IU#
z4E25fgE%Yg0thDJdu8)t<@^s+`yHjyW9c&4bCR;W<lKJIJ=*4Z-f|aJUw*$8uV>2%
zEI3<6o)EIP>@)qI*A1-QO|_?b*sI}50sZv1R4X~KIF2U^ma59mA9~rVVUbH#VEJy&
zi=QDcu9C@^tWvg@vViTS%nlUv0o^0kY*!v<@n}<<BRk-Y*-M$)LbaZF_O~B+AHyh>
zrthIzShVAf+26f!H`Qbz|9QKqrYDf&%%!SQw|}wnqG%KS%C0?JZu`(5ywhGk#8lsE
z%at1tQzj+BY-b;E<L{I5V0O3<@VYVQXkTWvOtM3!HG=`58+LQ?ZmRhQBwjNp-b1xH
zgE?<&W6rvk2gKN}JleP5aaHk7U!*+n1K)>>^e5PRy(06L$-VCDh5<5B_lVll3|?#N
zavFDqM{&!R0q&yCGO|0P+izm$1|UAECd`5hIc6DoE`JiZ7w@5(C&{QS%?g|w0wnKy
zs-1IW1$e$z3Y;4vlWBc`t>0n$r<6tAb)=!b7=L7risiw~$5rK0F@8%7mBiOeBfDZT
zgpb*%g;hI-jx9`*iJCI9c$o>`bo{P^jxp@ZBV@E=H`V5(Tm444k99pk?xcF6KFw=3
z*9sl;pXBS6w&{x$lxOVta9lr}<huDsq01ldqFSPNQ5W$2uf_X+5O}w47xx$N@724g
zwnyOFX2gT3i<HvGRi%xcEmlhM!$W<Aw=Pm#p`pIl1fIyJslG_qb77L%o-+egDcqj%
zz1`m%_MFM=8QVd7W_ArS$=pM=XDOAC&pF>ywpNXLVAO4g>^;|QhjFf8XPo4)I-#F^
zPqhu=%othZ<ig+aoSb(T)gGo)nu_*+CNVaw-9@$6DU~LpJ${?`ot3+&_A9}+hj;Py
zva`E6Pd1xs;EdV@wl*`(R{w`x{2etPbbq?c)*7DJ#dG26Akh5-dG2h^E}jbw4+cF1
zYBSv>Y8;%PzcE-QFWF&*vtYFE^?ov00O+5Vv)sc10J8jIncR~O<Q|ZTngqUKNiuo#
zL3{lZgIRu&$RLwh7XztsN6$N+nGeK~9UkjXmPH;dJFq;9=abGlAdu4!^heQ_S67h3
zb~q942W}^*&HHzW{lFK2jy!J_bu38B20M_m=|E05i?NvMzn-`VbQloh3uJ(P%8?sz
z6&QE)mq+pCB5+@uT26jh!0Y*qT7D0x&8rL=T%a#cmdUt+(fr(7P@Bup2fI631Jafb
zmOM?XVy_qT7t0I1DdgkK=d``}rLEp3>im}GupA$oUq1kA%|G<xc^LFLt@R<B#rh;P
zK@-;<c^B2d1x3iuCwEcJyV_b4h&=vau*~@E0dOP#*H9|?F>Z#O6Si~I{lUfjcNe8@
z<d?HZCi!XQ1dKaDv%x)nKsh;|)4kr|lLfyX7X0#LNBJfH6kZKPJdf5rp2`6-!{FB-
z&aaohv~}-yfOEXw>WyYTzcSo&<OclBR9htK@c-IOwfXGtoWRS?*4mory4L3IT-HUq
zd0zW2RwEb10FO9F^pDLZ-$1?C2jS7a<)A9IyS=RD=FRVUT%b`ZO}pExSa2knpWlk_
z1wmCL<OyE~+gauSGRpz_D(KcfwzlB0gZ?2{>o&m=osZktp7hL71}zJ}r&`g!sea0l
z74SssPIo>i)?8*Z^SwG@$Kb&9W~zO~>K!u!*)~<#b)Q$^=VD2Lsm**{dFkC=c86!8
zF*p9ot32>M)$S5F6+5=;nyI#pQps*p71w=UCAN(_zUTJ@Kqu8>f5UGY@AE3Re$Vd^
za84{C`LfgJayosv-;48jkI*2}9!Hx^Ra*bstCW6Ewe`lgs?+E4IDLJ;=UCWgQ<b{M
zyo#rT>eB=da?y{msmiIxyvoaB&MBH$Vw!WZ0!M@oiEXUz_93(4e8|UlQO)RMgJ?f!
zQ<cI;yvkzHcCn>xDe$_Tx6Rfu4;pPtacz5c@iW_uHkZ!!Dsy7SFzs=#@&KjM0|Mt!
z=J$ztpgDm&H-M^?%<?K{{>@_oV@;c%3t|h{#9nY?zHyD@a|?0U`M%-npvZr|q@iO@
zpZcL$FgrX7-1F?vv~*2{#iobm!tAgO+(YwVwsRP`hYo|;bvAJO?Ipxx1HG%6V~0N*
zg6ABWfx4#_GQVQx3{|<<23hRAEC_0AD#*)rSW%ZO6B+S*icD-p<!oNraJ^~&RypWT
zVJw_16VD>Pw(1%W?pM=g(m4)v)ghB*!Us?t)|kiQXI;bVO2#yceWc?+F9o&P1#0uW
zbRZj(Wm1`LTY|PbGu^)AQ8_w?I2|&%HjSTk<#Yg<kp{#)iTUMh@6)wAspc#-pLdnR
z{BorK)@G^|m09O8^@^DNV3%8cLKp=)$^v;TkK#P`j|MmD2J%021-LDIyO#59!KCO}
zGb^tH{i#J2ERGloLr$~~1^1)rGSP?fzKl3g?IlihN^I?YMF{<K)4DU_HAqm@DEwf5
zPA>O@CygxL!~I~!m;W?T4Q@1Y4B5;NCJqRsHB)W>jn*-TvaLJ`U1VJoc4mTp?Rbu@
zr}<j7d9NPBReu5K9doX)x76%pVoa19=&2UsR-v!qaWOKw2=rIhR1j((a>D-&b^A+8
zn2q1MlWOuc?ZrcrV73jP4=y1Cc8ar`ZvowZaS2J=Nwshx5QcFI=>Gf?lCqP}gZ^pU
zUt79UoGCsH^q1{WTT(FE=O0@_#!cb%yZI@mbGdie>OBsbOhcVa<+Tm_n(g%m{_Ut=
zSsK;DWldBI-)3Hy9@HIsyuXubnbTwRZW8DvhA-ue`cicYxW^7FCu48#exI)ulybat
zT`QBy8$i!bl1csz7+XnfuWE+_0teinSEiVBb0q5KkbwPHTsKkvgMMYLr*KYW^%N@_
zlVt+c+{T^%1#T78<{Jdx;Aarb1GRYwsLgx+vQT;A4plh>98dg*sD5~-kmC=O<IbZT
zckDA*tka}+@B6;mhjZM!-%;&2Ko<HO)lF2JEY{7vO;o#&t(EiK)PfVdX2E=Bm<K>_
z_=X1WV&7*49&Mu9xNm6im*W4Apd5P9Iiz`|pf@yvpP7!lUERdb4t{q8xZx6T``c1{
zjXSAk=6h=a=lk-4DBn@f_Kl9&8`7WKLJ6-MvFz#85w9FjWaQ~W_5ovyl4KHcjx2u6
zWWV+%s)Yu@7@IgRPZjo?x07n)9H5_NdGV+|sck%lx~hq47g8!A_S|;tdX~pHJwB?Z
z-+s>UBQB4DZTHzpwHaMJuKjlt+DK*q^~!$>=xFzb4xnsbczdDp;+?8;r;y{oCaPr$
zUnZl8Y6gbdTBv(@KR!p}I7*!|G58kRLxWkOy)piU%C&d$yIOG^k<Y32a)kS(9iLNe
zX@s}k{yEit6EV)ylme$e=QSqogW@iL9^`JJAumdUe`l12$NsudX}^Qt)oOWvSoD2o
zQ}q2a%NHt7+{y21ZM}J+vSB)}9na-CQH$RH`&+6N?WMuJ>`WT9`K%)=FuO^_jR1N+
zsLd$rpGBx-@OhB%3A0~XsI0m}RV?_C#B0^eIPFOSeGSCecM|ApfzQ<pml3y<m=Db8
z<9FU?k22`o^exq5eP;Bdmk#C_ohy7|7DL#%o<G_|gLNWKsQsL3UkH2t^XL2?62zcq
zKIdlvq0AP2Zurrefoem3J7}<$J<AKs|D2zNz|Vx_c=|<?!0<*IyaXVN>C6k9FP~8=
zMa1vBx~PPDi~4HlsF|Pm-QOvd8s{%mme1gO^7lrlL>!rc$6n^`8Sfi%Ue5f(+`yhU
zd3*n$RB98l>l2|;K@-)`PMjBkj_sK3#AwrpHp%yHuJGERsniKR__l($)T?~mHc-D%
zS#_tXpr86d6V)_vUS>xGc_9U^Kf(RcuOj?8_RaA2Hym%5|58=nh)}8ImW7J_c3#_t
z@kQgU3zhua`B-0#PzmSF($B>@NfDnnult<OiOwQEXO91zW3RuM&zW03=VMgI^Enge
zn7XkgWS$*XWKH4q73!J_7LT$ueE?GVxvd`O(>bzCT&a9MoqNn)@2PUspSnDXNn3YN
zO&*7sG^D$x%a}XEpHpql#2B3(WSTp(OnHd0;GU3MPM#Xy{XUzok?%M!8uOcHET7-b
z{A!_s`r3XwJ7*;TdBAKN<u^JehE>1gwGpTXdv{Rn0de+X<-H4){9mfd<Or4O1W!Gq
zt^Sp>g$92R_OWdT)$9=}p&g-oIwIUYHte9<#o`Ps!-u#?=$O2o24gYdu|*4&eKS-A
zzdz&13ET&2^Yx%M4`b(!tIc;5jP_NfJC?kiER*W=q$MSz%gMs@K1<}na#E9?yaeTS
zR*vQmD%1G-@JneB-Orf@mi+UsG$0@JkIHQZ%FSiIZ-bwujC%7s)SrTw8g6?`{k9$b
z!$E<KM{!P+NuzI}GV=~ztH=D#^~m!<f!0~j(DvWZ@Z=7vwa$_o+WuQ^_@;}`2aoQc
z+6l3qJ9`Jm6_<CR(l$d?TD!R2JpK*W-Bn%O1_{q|HX%<zMH|fUnQayAZ}|?Yp)EbO
zV4;$GhpON=hHl`y9fdNfix}q;@Yn-!XN9nvm)@ko!U&auRST7C?@*PKluBo+xy&qU
zX`^^<1lup!f%48__>m?0SQIh*AwFNfDB73L&|oJ!;~_g>VAYvg?widOI(5Yks*S~X
z`KuC=?{xWG;PU03;C8<3Z!~E8Bj>l)MI}R@V)cy0j}a<;vqRj4aDv6wD-8Y_c~|2b
zqaEbotvjeTEkdQ+o>{28C~(zi_vQ$vOBVO$;5=~;%X6vC`Qi-IjzS=<g)&joVacm&
zDhTTI@FbZmNVhNXI%I<S9h7B~mj*;0TFx-W>j0+jccp>lejQJYE-y_3^1=mCU4H8`
zsyXvuOt?^-xzE-m__@g+?Vwt4P<+h^(k60)JNaHnes*%kQGWhKYvn?v?RKuuY@gTL
zd`-{L=gpr*^?9t&=g?=o<|OQ}1=fAW^|?aG{K76Oz3|LJ<!_Wq2hwHIv79oT+tV+K
zb;7>PYmhw0o(;Mm)MmGkqhA8O2Gr(zL2WJvwYdP)=2y~z{73j%1{Qbj;1~qEY4EWb
z3zc8qt|}i!m>tz37J6;4BG!(Kc^7q{=`*S|cTvgERn$+^Q?rhJ(nTfLw1vt{#Nke!
zi+Rk==d>4ZR~1?aq!4*xl1<AFaqrP78brIxuH^3{mXD-Vx^4%z`S4MuueC=1NUuSw
z*=CT|H$S7=+g(%&-nLL#b-VSfmQXtAv3|j;98YSoP4oK0($B2x<?;?{@t+O;{Hcpd
zXQp$Wer?!k$mw(WoxUptW=;5n25on8J^EWGl?)kR|F=b`G&e&gAAHQ$WGeed<Hgp(
zn0>mY`7_*y>%z{@giZGWy&BZ!S)ewTg4*l^wRu@O5SO6o_G6ruLzGI#KciZRuNSd#
zBR$60kuDtnw9lw^WrRwH(56oDch7RnU6E<h6_i=K_-68FR9hY4zMJtJ-wj6iym|gp
zs@)=d$#b7lt%-6!d61aL@qNV0;x6vX;ctkg29AzleqlCyZp5&ccX1yyR<4IXrP}Z=
zV}G<BSC4Y$PJ8{(B)Hn&7u-XWV0QRIa6e{;lXXVT$SqNy#5)1ph3;~)^yavFky>-T
zi2oOC?X@;2>P7TB%K38}xG&j3HIFS?FLG{{qkhdXjA7Bwg}^C?6xcnVuW?)mkY&V{
zYJ}H-gvWN*fbji)pHfYp0dX}T3qPaUqyH6i|J!A}2IPy_v)?ZTz4SR%DcROt1F}Nx
zK3n4&-#`BqyMFsAi^B{);TW{!5>hy^oKSn_3Ahy8PuQWBJd{)q2P(*sWSPuNmRXJP
z5$UzT$V>B`L}~`O!{Qzy&n$kw5dN*=-~D9L)=wrcC6_Q6lw^S0lP;6in0tx5>Aa1~
z1oslvUBK@pa@`N^u(+4V^=oifihGH|5Au77;34b1M6Lb#y+nS9-b+-7cF-TjoN^2b
zlz^(twez~I3v7^O(VOz9-js|7cj1(BGOeU{z44UB=*=&pdh^m}@p^MbjNUx|o1XQ?
zGu)~-hqhBqzA;{J&>pjHw(5;1m+Q^XWAsMOVX>!0SM1NJig%-^|LH+*kY{%T%>H6^
z1qlzl<Gd%8-{V9aQou9tj`Q9j;P&T__DOO%ndFd8_)k+e>QR1*%yh}5KPQY@f7Byq
zIk=sfLXT#cbm|Uphx^GSzrReD3O(|sf;*fplY$Jcm-h%gYE0p6v?kD_)?}_njdy_C
zc?s8}#u?yl6?z1};(Db1%Bn}MKJj`~_bIQ%Fze7ffUIH}ZD{a`&_HmvCCh|31_zK{
ze+jsG4r5TD6jbH2?INDI8T46psGVtt+Q!utWY*dWQp)bMa-29Py*8M#JFQC3Ck-e$
z-*_Xq0Zi+_H-V1)kp2tCFn)Wu{f4gx#&5LQ-uMj{M{PAUHOlYsRDPFO*kreLnc$w4
zE)(RrncuAgc^irNZ5zn>-8waTpP1{GD8IuB=eK8?mER=;;`x33r&LojxZPHocs^9*
z8gJW9H9N0Iv*@#-%d?MD?PihZxN$qxCW`!6#dfNdCiu?4(pkr;Hc5OpaXZ!g7}JaX
zL+nfrIH9upDN5N{v#zYy2A`T`^WpoCd>XBZd~!RliR=(^_Y8yJ3&WwPWpxERqvo}U
zts%r}F>(UkbsPz756A2TRcUp=DAjIn__{kcBQd=yHuTC4I_ebSk@=pqs7{rfPa1H?
zdD|GPPKDC=o?zQ{sy&|8J~j>?YE{Mi7UxagaelT6(sVY$>tSvb|F%R#9iKnn=Th^1
zhs3>D{!KI(+a~hAb@O5+^*GhO68RsT?-56Xzd{VjJ|Ul^?%V?v#F-+KI<}UR%XE1X
z<eq3{|HAAf#E_yWhWM`ox8Kn3pYb!33=BcsWp_Kc!0k_$i7O-Ko;(+Cr!LVwc}{Up
z-gQwNsrwnY>x5pb*KxhZ{w??9UCi}5Jd*1*>JaMoU$*mn_ZjK6!5`USHtILd2dGQP
z+xsZjIi&mXpFt7Z??S1B-{W^|pU^=0yniUW7i>22FFa5_4`->{sB1>uSn-L_J^N3`
zoVqJw^kXpBk0(E&+T(-c^`o>_Rb20K{doRZR6l-e=!2Z^b2;;UGlV{bH^=J(+Oex~
zu~L1EYMzK#zqZssW(AI18LffL{3rKo#rpLM^BVKk?Nqx5d6h1cx&ILLQnMWOkM~e7
zWu7<v1)v96eJHP&T7E}4IVtXw+92vf*;?TWp6@UEglcM6VtO5yM(LflzGr%0*-o{!
zg5D3-{qN`vT@*v_FUrZL1oZmXa(Yugp;}uPTSK?-f2L1WybWB21ww|AuEce(Fbwpu
zZB+BFT^xs@%YCYndCXe(+6sxzE&jB-_VvieiOw75zX!K2R@~3U#DX@^jeW0)eBV<?
z6Z<guY}?0F`+-vF%!b8E)^jR5^TBLW&P@4y*uiZI=N+`E&?f3mk5I{FnuDH>P|2XJ
z>JzF#M>Hlg$D$`c=KEZY{+{@RYJS4cz(L!-eIG4C+s8H^h)@aV^j)hfh%v7_o46m<
zn#{4v)k@tc@BOPQ2;$^N_CY7$bB>dKfsyJC>gIVd?svTZvA_Ta=w)^|S!#!qu^3?B
zkbwcMV8sBZ4Rnkb_C%<J<HdQcQmhMlx@(Lw1CM-6wLKAv7*VSldyoW1v<i$^ax{t&
z_jXYU$3NW;C-MIyBUF0m6Sh8RX<yz>gSSWc`o)oLR8wE2W2cMtsl(f-=6RLx;lp_f
z=d0NMvESc_ey4O%NlDO$F@{MWQ|+7{KL%{K<ZV8NJ4|CJ>Y@_TkMmI@)1i{{o(<HE
zI^`c&a=z{qb)zo1gq*(@aqsYt`C1|Vo&Pb_+9Le^(0ew3uTtC}y1A1|Lt*gmzS;o3
zu(+pmT_?{|*C8L?qGMYql`c*&9)B|pJ|}p#4Bvf|j@>T$du|)moGa+qKa1c0vW;r6
zf{y)TBzj-zd!5nyO6xm0ZAeF}pzW$IPTR1J;Byvm+D3|J=6hA=cg27Ehb}737IRZW
zgi5~^e?Jr9x#S0tz72HjZ^c^HecPxeH`1{WqVKbMv9iFYDvL~at7djZ|9-eDO7{h(
zzwZ-tys-g%b%KryBk^PCYvMshB>H_?Bx=Vf`vWEn!2cWTSnE6a+>Nq+w99%QHOuAY
zmJs9Kc($i|PM`YL2|(6u<9QzWa?m{&mym{SR6B}xI|+18ehE2R3`F0?>!6Mn%fwU4
z*M?AEkBDc$>TRG2oTGh}V@t>kJDfDuhZZIC^#<pf3UWpkYee7jHKO~D+v|-rB9H2*
ze_;g6&9XgVM~Z=5w~cB?ie;j*S|5jH@BcXm1g3w?e?RBKIZxmQ0Pzn6-IH8GU?AJ8
zHf~Zi`a0mYCCTF|FNC5MAM-Uec^c?Q*UX&K2BfDT349I!ayQ0kE^wc5K;Z6Fm|bE6
zH{uu4i9YTbhdp3E$E@xmaZf#{&3m?r`pZ(z6Pr<+|41~>Z!H6N!K3A*?1pZ-eXI`H
z4ks&<qH9+2_2Bk{+KjwF{5dP`P?4Pw90F?dU{IR}T~(u;n#J?%tHFAfhCdbb*CB>C
zsqt&Wp40?u$k{mGu^N7cN3D)Qe7#uZxK{ji{F<>pQ9Y(3{tO?d19Tm%x%IF;zJ@oH
z5kH4V??*DuV3z_Xw^FT5)N6jXmDgyZJ%6*6-${cyb8IWWr#<W#9ANz1%5`TId*%on
z-pcQO3_J1y2e)$Hs4`h5hF(89u(W~I*W6Ri;-%%KyuJo);PqHp-*1w2Ik-nWTuzdw
zpxp@H3V^(p46~s>xKZZtP6g?R*`F4x3w2k4dtRDM=3T{QH#aqL4W3!np36X2L2X7G
zp0<tW&e2}gt3fyNzAjLk*QNtOJE%*yE!mtbljZ65C9kJDmgurfMu;^PISt5Drgg&S
z$3|_{y_IVI>&^8gydDp2>^Iw}cJ1VtJr^Uaat<Hie&W+xsg@_!OrP2s@1MoXen?>U
zR;o=GGW_jUs-fL`!ZhfkRARhc8_(N%N~Kv_`F`}Pw{a|BIFk>$VOK_NZnmiH7}vi>
znN!K_Yy_oJHy*qbj|Yv1Y4A9UmmS^bf1u92wT;&xVPBz6YOzc83mW{K%`J)hmq2YM
zNj1t+K|>!(B^+0$!x30$%HzAlI$E+rCY}sfQkh{}GBd-zWJ?nGk{v*1WjL1Ho6%=U
zja??WX<Y93Ta6t^O^QrfWSJDD0cjOAsI7J&w+kKcnAeF-Yfiy5AT2pjeQ4T3HTg30
z+I}8eBS!rC*H)^{z0!&`{{B`x3iac-+&Y2#pMC(hr?iB$IdTF|ZlRjz>h|J!Z7Du%
z_qJ{EcjI_QLeUUV6?QL=6K4C1!0nkYFa6zCK9Bj+L7&x+-<!*0n9RVeTz*dz+OsD;
z21gyBV@#qBl*yzd^@KAdpC6S3Zj@hs68NgqqZnTGgsXi)Kj@Y#i1S3BN`VW_G&(!z
znEjJ#l+1fowk~GK9cBBMNED|UwouLJ8}-KM|FTZ>x4C}ddsDYkZD<l)&2(!Br|qz?
zi+8pd`ziARZ*JlD)1vJx-$J$JVojwty&IQYqpYk{6|>A#8|afuIHnB|^+AYh;q7S4
z$&99Fws4HSL#$07eKxs%;TEbLeReWCJJaYlQJ+ty)F`_uRpp3yFVQ;<soW;N5NGjV
zTl**0D7)_AHZn27pAY(3^jUF)N`@^D>1E9L?&WM9en<fMhI;(LR#7kW4GnH)`M~VJ
zty`$}S%mW$arR~$U$IP<M>zg?#XjpHVht>|Kcod?9s^svf@c>*qGK|?X&6<b>=JW*
zp9qya0^5&F0&-wW6yJ|bl8L_v^s^2}AYZJn+dyqz6rqxHMH$KW7x-Lifp4I=vl2#d
zf5PZ%+~rZ9;zSpfjyQ4xX1b9_GxBPbT{BhXDU4;)WYV&l=Md(ln(DzF(K*VDbs-n`
zA^*OG`<`$m=x<_74QlgDP@7A{dgR;;AUi}}X6%YGQ=TIy;BfLh2ij}d2Q(<NJMeP?
zUeg`;sDox1<G7I5#@Ox<KEOY_jG7K!gEMifI4A29UKiQn$PUEv0A)AmV$K6>tFDVm
zPYOL7VzT8|y5i+%d_TigqhtzNd|gz!aVz(!zZKsk(#<EOXrI+gHhF=Uu8GPEzezT}
zqg0wPzD8MkPdvsv)+KboQ{Z#S1<c?6OIvg<lyjp#rkREYQ~&p19KD6d3u+eVNQ==v
z(qPc_A0b2RV~mjFFtNwDItzW2Ni9c3zmq>?vSj;=D^2@2Vr7{n&fPZnVy5dWVM7zU
zsI-4fjZ&Ck{A0Rs{^W8s<d}%x`0l7KDqXTg)KGlS>BH|TO?wcLK5WluBU{jC){$p6
zbGmZ6sN@+@LVmTG%Ud1*x@S}gYh%V{K1VSb;PWd>h<h`)6XO}$&f(3R@A%9)fY)=Q
z|LGZ9LJCDq`?xg~Y`&hEEE87O{wG_#(;<^GQP=Kt0Qurud;R{e9Q9@WK=+9Kw20G(
zH*p+;bQp7F0?I16yLQ+kYR}JZ=I<Q1pa8-^J-^$xWphBt0eUD|CY5$rG2S_v-GA%&
zInL2Jfs&`nNkM;ZyOrY1MYT_Rais%DD?582FW}k2&v7%aQ5@~$7<*<D)qaRjY5o?@
zI~zqCfWSZ4@5zDhHt~D6xQz0wGI}Ms-mnqWO#=&tp&VYBTt6j3r3bb|`TAd!O89qn
z7oWdcHt`zOhKd@c@Ln!chsoxyW%EUHcWoGA^Q8jgkWb;WG}z%t4jA9eFty|BjN1I5
zk{V^2c)mnDpHW()%n{FOI;r$hS&gz({C`0wpCk8|^Y(HgRGPDyYVR-~F*#uLW3m5E
zD*bMAG_IFBxL)Hs_zm*SsM%n8X`&VRws#ZP<yoB^gE~z3XpTwmH0T#J{x%Yyn>g*T
zCCpDO+eEcaQCsP`xP&~niOU9V5xI#%Ab;LOwXbmug)#v*w~eohfk?t;j!Kj3!?$t!
zF!B@GQ%W$tYRU(hye;w*u&RR9MzZ|GDUqMhO!<i_M}5nsQ5%sqQB8H5eOz7#iTHWd
zW~x0gJSLtl;5iA5t7CH#-Yh6uvRTylJq$Y1HZ!NR0cncOOQ^%Zea@PfXfpB==VIaz
zn=6`^cz>g~bNBWrR<KyL+ElkP1Kbl9my<g^)>>Mm$6QM*-^KG1>o*DiVHn>l(nshQ
z;%C*<HOj90RfU~-jPbv~2S3IR{o?Zt;eMbm2aKtscegtG$LA{KT%MO`bvQ<$EM}oR
z<U-#p=U|qXxUiLKu{j8Tp9FRDed70tI{U=uD#A(ec?pj_K7Zk~gC3WEx$vjtFLDB*
zjYe&JR$$#ms{LE!GFES-TC>PSez=ipyG1R%zL9FidGP<($T2DG=o4rw1ajmdXn1cU
z)s8$QH?$SX<SpUr8^672`t1#I4$_fX(C`{QpCvcE5zTurdwDD-?=kZ>p7%i8dg`_q
zU7Bagd&~g$2(_Gy_?0#9@li6&_VBz%6TDMFI^**m7G3j}fqQ0#OiIhRZp`f;-6L<w
zdzjCQ9WU}8{gdmnH}RPJX#dIeo^sId75*^B$!+Ppzt(iylC8-yX-ju3L7O|0-e<{~
znB2!aQ|x=@#wZSCZ={;%PV?DSyha9X`N~aH8+TXC-E?DO_JoCb?qkwMs@X+;YU0M9
zlKaSGa=Ti{ZGw>V6&raDBz%wt|03o=SR2o0)QkL$R3i~8o!rQ=$5Y7b9nE%Z_%f2H
zyL){`jWX>%ZrA;I9;C_0gT&%b$w3-CCiK+6$$K|(ACu)j%=oyM2Af12*IWPSlg*k|
zqs$RB{3}AG^Nt|_9ABb5$Owl_)C^eS&9E(5Ao3t196+iv97`5v^jY$jT_%IlxE|nd
zZ`pxNPT}`2x5zRXgF4_4d~*Q#WrAFYd7bpbG$3<_NA=^+8>r@-g!+*u^kZ;$F61q=
z<I<SiN3In^!V;ekke=7<a3UmfA+3(A0LD9GHc$;J+KWAHDZX$qkP9~@$cIdXB5WfC
z)aGM_z+%w6RTYHgM@GVIIThSIACecB4?&;zSfNZpPSD>*ycGBxMq3?d<WaKXzGHi1
zobi|l?Cfc^dGtm;Z+r4Nj@F5F=j8)sc4rFehMopwQqqDG#yqrU01#)W^!$xEIREh6
z%Nrv1g7eD4CtU5zMeYUvA5P=B7o-byq?;eZ`Q6FK99aS62lBwyPTlB}Ke>U^g<}ri
z!2R;CCjgnVf%_Bq{Obwgw<}A?Z#Hlr#rzz7kaHWjuVOq8-C*_6(QeRBFI&ayr%<Qd
zvS|<M^R{}7nGc+_*RwsS0A%Bz9Q9dcQQbn?k4^w`x{+$w&(R4oQ7cf_k^|@)9h(5e
zyx$M$?7NX_=qnwYAd`s|R=+*`Gte7N*pKa_P89rHCblQang3o;&V6_6&nx_Q&(GS6
zy$&GWiJ*szWrE+K@BZ73+>gh14V*shNC^yz@cGKVfod-@d`Jn<MymZr;9qAW)gBjr
zlSboQsJy`0MyidYRI-cO-5<k=*WESB()(1!VqZ4U-zwwd&NJt&R`a~o*Zq_0kIaFF
z1C3NWGDmLsy8q<*rY_$9Q7O5;Z32)ZPeH>j{QW7p0sYIi2{JihqN_KWj@(wGth`TE
z4zT=iAGXKi>p~!RZ{Yd6uM1`3FW~z93(;n8?G@b4@pvnxl7Y>6KY=&c?#nFikrzNd
z<NqTY_&#dHCeHyH{13}<Nr4v|`JN7z!|R`1|9m6Wa6Y{xLM4=Eo=F}B&(tVOAK=)$
zpo{zb`26)HHOflyd|nrumsa!<^GT%*n!00+S<sLteE7j4)`%Sgj`71rKJT$RMT%we
z>n=VI7_=1pxklL~`tx)}_gBX9rQpdLWu@>_r+0~*S|N~>4Z?3gd0YkhS;vsT^<vM2
z4b<lUbWzE<wv6P<!+b91FyEvvxi9Q-M)ysd`+EKNQGa+M%RS@-63GbVv+=<iW#z9`
zMWIxh^=yrD>VfDUojyW#mv!-d04=ZcyxZ?h`v5HG%b5KladuHtBgZV~sKj}<Wf?%O
zG4gI}WAbi;xcws*-uW7f8Mz#PU!&lB1mOyT@^nEClO@X0h#AdeMPB@VgH?uSJNe!%
zBM*1S2JV-@2Rskg>5u|F@eTE&>S4||w%*c7rMUvLr<?S!C!08OZ}i*UojvP|@y*8n
zu2D{j_qTPTJO>9H-l&ZGh@61=+b<(jdVNuiGA%})#yj|3uv6$24D-3d1-|-2oCl!+
z@iCT}o`U<L^uN(brKcLjI&>Q79m2k2X)@?tC48uYzi^u|XtRsFgjo-U2|f6#e>87*
zUtLrWkdFV29vJkWYor>J!z{VM7zgUa>`p3`Ro5t)52(sYN+m-F3|aRkQ*5KMlS<b%
z^4J&t9i<b$kHsBq`)iiR%L&BNiEUzkFNLf+dqXG3#i=2xT}r96zme<QII%u=btlI<
zGykzq<b9>MlNtL)8DXDCwd8v2w`~#-l+7PRe@C^+^=*@6a&v@Ap+@doEEoBycSY_C
z=iMtp+!siX@Hq>gjTFxY3A`@TYLv_eIgf{!=o%ZFzY;#g69O*`zrnMf20I<e0c^|o
z{>ZXun@OG4dExci8l_PD*3}XH?TD{NnI@i}6VD5l)+lqtv;T-^`1h>mdHWYcsI*p$
zC(QPkaXO6t%^2C%L8W6ulIvH6gikkQa=m<>>j1uQe2elh%i?R1Yi8%*J*X;qF*5(O
zgU`#g5pMUL2{6f={|I$(JXzmi>@NyN@2f`}&EsbU8M&|X4qKpOPM`XgkErG^2OW7Y
z7s#afBVMl*x*l}-5}EAyh|f{-6prh6gm`SFa$mC+eYi$mkJG(hyT(+Hvq$8+Y$D&4
zc{rNyf+|OS_9W(Ovb~abend6-2J|g+Ep<4EF^`6*w)<*p&Lw;m=<;PUc~j5`H-IjW
zmPy@5;w-9bK$i<;@>ek?n9Ij-X^86@JZ>FBwxHiB_M5*Y_M3YTbK3Ws_M5->xxHSk
za@3zIjnaSFM^p<xW{$(M17We(vpht#GjpwRn0hUXTN;LD!EDbwa6ga<?x9YY9eNzx
zeFyO~g4A2V&0+_Y-9=N|od@~Ww5R8{;GTH0oXqQI)6MH)sDoZpo+FfOb7Nfeua87M
z*2@q~F|9{tn$|uL+um7Ot+d^&DwHPIQ<_pwX=;63UC&t1SK6$5beuL`Z+L7fkha&M
z;rP4I;QWYcZLiA>$KRD3j!l(GY+g*hG`_A!y(B&!^j{A8EE_Z-&s!a-yj}>3SYGb3
zgH(&nnaRWA^KCFJJ~znDY$=vW9q{{yy7%7V^GWf~<^1@3ANJKcA^zRa(D?kGJRJ1a
zviNty*hWSCa}}T8l;C+@eEjQl^_COd&hN=eh1ucR;I1D4?xATg+cPDqU(@=_4NS-0
zG39Mr!9DT4a&qt-Sahs#E{u`IJ@v=p^K2IV^ITwaqwjmH7|0Z%gU5<x68<X$d(y$<
z&T1w9daDlJO{p|A7iK#z<7bw+ehu!zH5Eiok=eOs7_-kr9^VQ&;upI&w9uxTYe?Y(
z(AhWr*%}fFJp%ehwBIry@^~B5XPdact2GGv?fuIx#qaJ;g4xc!;2yuGg4~@7v%Ne&
zz5?T$5(m$bpO48=RRRP(>!~L0KZx4!?kImN3AiWjD<^qrRvV_tFuU%zESLF{cr0hz
z+#$i^@7G6p3@=-GjJ)0UbhVOyli=+nAjsQPjDxR-qM=DJyYen@BNmqQ$9aikx*dQ_
zN`={>$>5%ZdNUi`*atiR_>mZlsx{?mcY=H3^W`M(IP{KD$ARfcXg$@!#Xt;v^8Xfs
ziS%RJS5-<|iK@`~DfR4*p__p0jqu#IV?EWLh)`+gdhVO~OF>VG`F@D-=Z<fwQc5RT
z_3U7TN<F>5?c*vXU$(x#J;L|bf4z=sL&RSDwslmqiM;#abyPbf>VOZfquOEd{{D4T
z`%cho#>`#oteCk@)HIvl`6T9@_r+Nso4WfN5@=jUwU0$#>(^23Q&Ib~W?gSN;O*UO
z2me^dYTw!Se_uzned6zT*HP_2gy&Y;UV(<=uS3IINY5*B!|~VUhGpG*{`q`P*YkKG
ze2QA<@kSbaUgTevt)tom!S~!Ac#r<iJE1CNW{kWZF?}cX^6l})DrG^;w>KKTtckaC
zVt70GC(t!=W0kTzrtQLB^a#JXe^b2fjffaIZSG5~5IPL&Y49BzWEuL}Tf64=F8vYO
z7jLUl>@oVB7ok!jTt(mTiS-;;{V7&l^*>|9RrMF3|7JbMRcN>R385O$<wYg+Gi|V<
z)SvGgvYy{n;s2c1=9Lu64YyCd{!$C}q`_?UHE>Un!Ht;Xe+}G-M|ERu?h-qkWapHx
zEob+WwB3~Wu9lKVSibvYH%@(On&-X*_r#`ha_}pN!{N$uhQqaqaCm+)%q}tgel8ZL
z1tveUj{BmB$!Z6qqZaY+*I(M|4GaW_%^e1{dHy<a*2EvJe%fFmyD4{7D{WJv`2A8>
zVtIv&K~EF%a(015UY@6|@(Paw-6rJaaaiZUlBccnVEC_b^I+|d&4d55md}G0{vR}*
zQ@94)6T{`?u3ho`FDdSYzk-k5zQ!(K^Wc^1sFuR&4Itorh|ht>{CC`6t(4wuo&TnE
zQR!OLJ#5P%lj#L=gB^9x0i^OucE?WxSu6IXo(3Ix4M}Rl>9r!?72#_S1J?2Ri=6`q
zHimbFC)v5uJ8cdit-?-b^k=znGUIB{QQqN6K>S@Xd)})-pXMm3rxSo6-9sVs1SIjh
z^V=PR0xzr+Yir(kA3Agm=$>Sm{K?RzMTvdX@YVbdIDY5cpa8xfdZxWt&XCERQt)+5
z0D}Eic2ako{QRbQ{yexRzEMs(yR7n?`zz)rGTEK_5!r<(U;F=Pt)ThEc>PEGN*!3O
z%q+*bpU?aIJE?@YVa7M?YY5Ay$^_+X^l4z+nNBKUOn26i8JO2aB?ChyOe`m&cF0#5
zbI)h%DjNKD4b?XD9CIzwR%zNFhy4s@_?uF1&;hLf)Ow@^=NRW&su>uLb4w%A{(Kq9
zS1<9oJeT-3?c-xVP=m4gkiefid!9p5w^u2pG1&c1FYizJv`T4<nQxx$q|&w>{CRIN
zq0xr<+ow9I^n{R=`g`tU_4d8dkGYKpc@8V8Q(u`dVIH_A9xo^JUWoG@EqWur0xZ70
zTF~OZwD<Tn_1$V^c}#pe1?fnUNocKz8`PM&VueZ9p9S|sy`0Q@uXnoq?{J^Czo090
zRbsl3ru#3eRu;s>I|YI_#$6)P8__$ia&Bh%2X>A||20$#{VD#AE9`UFTB<$uKNuGd
z3H)If)iCzmwyIh&;$Jxf^!#5$WgjauGd(%6vU<@Zt2yAF_-Z+s_m|#z0?%_<ZCN9D
z;_6*i+rFz(@=L9JIn+U=NdsUuc)&d=3ub%ILevM?R!(SF)V3=k(ZBa~Q3+DP*Io?d
zHC{tq3-83w>9=%JsUQh_r^@&q2Aunh8Yx>XW%Hd;mr&KqyRBQS?~d=K&p&lWe~X>t
za13;6N_|}~-+$TF^Y@3lsDv^{9XS39G$5~6ucjLE`S>exgIV5&E|~fKVh5FQd`r7{
ztn%(^sy!fLfp=C@4gK%X%cTwBXXzM2Kd`R}e<~+`i<q$0Q%>sHnM`>Ba~;Lk#WLBH
zER!m`O#ErEWU0)3hblXex-{F8tTZ6Y)9g#k`$ABU$B1*hQIGFT12S!5)FvjcrdoIz
zjA<>FiBUUaoB?_F8mbk(#q&OvoKGgt)eJV)Ztc7d!QhXXC--*naTsIRn9TRYEU?R@
zGQ+lHjyMZ(fgK3aZ>AmTo>mm4b;xR}$;-_3eo<PB)=+KN%P~1CTRferjniq&i5B~v
z1Y}$Xj|nHP=KICNqNeiN)%>pU|I1i*6-LK$yn$-rza$=u4aY)g@Wg8FBdI$<Kga58
zasoZ!&;9SkWA&l)|2KN)ToI*rZ3ERjixShjXEoKPou<K$1ikXdptqaoO%!X6{5~G9
z{&7Ca?}H8eP8t^fH}G>E+8ucT<D5bpsLe?!d>km_nHhFw59V|5$EE?P%y29*&V0x5
zxrHqxl1Wtq)#N{$$C%qa##dKUZC9;TzaTZnmrMqIut~Qb5c*=K8SNKoR%2*J`etP~
znC%vsXuK^A$gk6YtmLv_d%I?!EEXh|#qU;A?bI<Eyi3T!x%$U-=bilc9O5s|Q|YM&
zsy*Gwu?)X?yn$-Q*sc+^Zog~b_s$YWUf>;2n-_xGY(7sC$9!pwoQ{_9F&CD|BqYWi
z0z+O&OYX_&v&5)Xyf-72@oKW*gIShlKFJQ5ydeHBJAkZC1G4n8D9_RwsOEge%(Lh@
z@xxbBZO*coTG*J}bqGL5zMK|0qoM}mKFdJ?<i}OWn+hP`MyTWz`$=Q{`1CH$r+QGE
z7boCTNZ94qWl=pwej$H;ozZuR-@>ERB_mV#dzmHdK2)aj*QWt_{C~lx^JwR;D4#a0
zqMHBd#C$r?K($k6X>fCcz@_)m_Z}2D<roq$`zGCf?CbII<0`_>A^2())jsYpY7O{W
z=cLslo>@tQiF9?!s%i!2U9+C95$!dtqMC7M$2%ST*>=;jo6qxSTTIXTb@FG8;u-oU
zJH#0cYfaB~cNu%ocuhq1YH_~Nr!<Im6+8Y|`$`SQuM^EBM(q)A6IMshOzO#27atY5
zT+zn4Vji>2B3AmoYY=U1rNRG+SbsYzehY1(!G|JTAGd+p{5Gh~)d^}hH{1D~fj0YQ
z68JXTf$8Y*6q)3tp<T$`I(kn=Qn%fXKzq$dS<+e|llwDLm!SVJ4RK61-RXq-o(81#
zCfTB|&ztlWzdK{xLjpi-7XUeRT~uFlR>fjrR9{CoP_3{kW}mB_+qK~nplydg;^!UX
zv+Gt-t%KQVZk!C5ER(C1wz6nUJ%n&PxN4Pger#soid9rQ*kR@SV!?M<LxZn&%Y^5B
zz2Z0LXEb<>VRddmGWFd(XI>E>`+U{T{Kh8c(}&7QzYf#?SCx}w^Zz%M6MF~Gfgzoa
zRo!<c`rhn_&wnmXsaEW!{6V<gpnDLbdzzqIZlS?Q#QNLM#c!THG|1<lLEZf9o_D<Q
z>nkhTsg&BcTFEbukF`1`@R|UFp0({9Yejyc`z~EN0SLZh*dxm=4DDNQj+s(d@miPe
zSi2b59sb9r%H&zmZlxUv;`sR(93Rxt`|nc;m7Md+NWOfD&*i+t_tI{0rff3LRSfQ=
zlJn<fB;PaK=aPr}eB$>54*vV8_Qbj9ZSTk9$Wut`$TE`eALetZ!+cNg7TDZ}*DO4O
zv=o(*{O~ZJD>TeESM=4<hxawJGjU&w^WuF1PY-mBd^_Ivye;NkL*~baS1U7P+P$%d
zc8`bS*RCe@^zOgn{mG(s?lUe*FxRSLuI-Z&#U2C4j5(9fvnfl=zF1qa%<c-DW5O~S
zfaD{NO_D8V|9aDaWR^y;>cj_B3*VF2zf4+1wWYtdVwK0n{YwL@*u6|5elgoYT06&}
zj1Q@HnnwM#{vT5945gBmA(Pulgw+!)>mRL?x7-_LuFtLH_eQ<_p~zXy1>LAid^`il
zvmzHadME#VXb0El%f$bGL8;{YCF<mGpGzI?+rNuHUt{Asr*?4r7%JW$PpO1+JI>pv
z%Y$}u9iB?#b!hP=@ff)J9F<<okjXD4zHVlW5ga{_(Q_x?pYq!ed0(N2K|kVvfVl?q
zi8LSuIM&5wBp)vExxyoSZ|$<$PyTssU*C$mC`M5#EzOY0u6roUQ5&>)df~T!I_LLI
zg5RNENBKP`1IT@yiEZhf@zu(L$tL`~3CQE;sN{U4jO2$#_+0)GzTXRaCnRxti%j;z
z`1wk_k9OZVt~1iZ^r!30R6d5mVho;ptU6QKY3=v^C*!ey$~o&CvgSiEXKpa&#X*7C
zH6G-{;=8TuJVVb>DbJAW-)PX7BT&b1o-pbS5myYJvN>XYD$7S3d4c1vK*O<VK>qLn
z)sDX+H=yr%Y?@3iKF4Le@;{NEEMxg5u5ZVRf$aPsT6f^Q%X$tB%KPz7&i}`6=lp-s
z#DDWWpO*Ho=k2c+Z98wXwu>?->g0A=B6Kwm?ev~9lCO^NxjZ9$-#7E;PYFBiPq^-n
z5$~5#u3J}&|38$#KHqU$WwGlll@?{l<n7BTt5bT(7z^+_=8XI0EOlR{poayoYD~P6
zr-A-4_L0C>{dESA6`g!MeFc3xSgmSK!0?+5T4QskvHtY4XK~)(F|(1UNJ)@)?J0*e
z|16b^nA^z9nEO6SsdP&GZo~%W_~E#LA>VNQddZ|;J@RZ^lxO42`c(n?Hn#sWo@c0Q
zgF2(M8hHRSt(z&8Zuo%PlK(|!OKcBQiD^%_;cppZGW;#Gt-cqeTEdt}_*~bVO^k7=
z*H$Yt4UGGo%jvqaDA(KoVuIll$L7Ti*}O!lH0T4qZYaOdJN-y|uE}4-c2Fn&V4}S{
z1}o-tC!M8|P4LILoVSm3S=yhUQjhc|@=48OofV{-F&=FDyEE1};qec|IjZXu#|egC
zusF-Q?swpfp>Kl%MoezjH{>bKwXwXve|oiIzaeVNAD=OFWl+HI-Oaj!?fi`Ly95&Y
ze%Dkh_Q^3dL1%h?f6Bep%JLhm?|;<G`}Z%ZRyN#ZeShVd#Or*ENtI$RQ<Zj_%w%G`
z|MnR%_jPf9=_M2P_GEkV#h`;tZN4)o&QiG?^y8p5Zw0majRbo;5Q|6kFsI-DV6|eu
z(W>tY&Ln<!@t>-d{GVIjef$iS{wpZ*u+K;J9pzPGI!^#~(vYRG_L?i^JZvB5y^nN0
z@3HlcoA}%}MbMHc&#~=%m6D%;r}CMeYio|%s+9#8Pfv~d_>+6-BegTJ-15&*$tjnS
zeCKeV3x@k93g7Z6;B(o?1aZSVX;wQKd4@`cpJDhEvAD7@!uxqd+;f6hZ4>+sujc$V
zY#-Y~ejDwX@sOQMBF4n#%lRqw$6tqrW48lodj%RidbCdL*zGd;=CttR;ivlq;l8|{
zJE#l2%mF=7o(J`DZKpBz+<<`}iPjp;amVJ<ye902l~nVJ{dxahNwpt3`QIm2Qtd|Z
z{P;?$4HJKVy^?Bsx~Q~L7d2A*qqvFv8+wX#ARo<q!~V@OGkAvl{HLgq!#VKNl~lv|
z@Aa<ev#sLUzf8|Ih-X)e`nL5esdj;AXU$5gt)MK{?{UsJmtf8_c=i2Co@21&*u{J|
z_jK>=w#T$<wuSwscDvV6M7y5T|Nqmw(bR7DdXi}O#-7@ppTg#Sv_Zo^$F`461!B$x
zzqgWV#@vJLjXllhaKk23+PSZ0o|g`ti$1&IjP?DBb5si71Y|n%1)_1mz%%^+#(RG_
zYi;+Mn11@7=KnXouRqPdUw@WLT~B@Zlg@9wc_ptsbY9EPNV#DpuXPGv%g;!;ekDKS
zB|MJX<Ia_0KiPQDe`$vmP{7Yb$(m9^oZ?IrSjG2P)QCM6uDyJZ#U9fhi-{-f_0B3s
zeefF4Ww9T*`JYttOoTD5B8D>W5kZXlW+m00zdWWcKNs}>A8FqnA4PTc|IBU(7-P8P
zG9f{-8&n{Gs0j%QmPrD{zG`cSQCqJYQD0kaUoBW|wRUm?0-{+GJX{nuc!4ZlKxUPA
zsSDU@y&`yRYuN-)5w(Q-fn=ZG=gc{incZwc`1w~hGiRRjeV+52=RD83JjZulDa{o)
zm5ceAYgyoooXgKyr*9JbQ)hBMRtvtB3NS1lvK&18-I3SjGjYzP`CHCM>kj*zOQ71_
z@^YcgL-UJB;Ii0UmJz|jD-8et#GO|d4~8$Ll$J?wpfatLmId<t+c$CB5}wX;zJ!O`
zIbS?OK^tO-GcnhK!SGfV@LVtPdnus|v^&n@dnuJtzL&D}*PuzGCi<tm*2f;G^TEg-
zHPJ7XC=_ry^``PXift93Wx8k3%%67iz~{MLu)W!F7jWQz_#UsBmM%?%kXxLq8ZP?m
zoP%}h{XSid$?KX2#%s6ny(O7q-pHI|Fmqgw2=0~#w$#0dWVc+=(&Jo2Zh|u#!@-Ep
z9mAf*=d|^V1f$KJUeNB&E-07a0BcM0>`9==zxYEWYz&E%DCRm^{C<LPX3tzMf%F79
zU(yrgi%CzA$7Wc9Gc9soXFmQR_Hqvo{^Ug@%!iedl#APbz)6*?O-4=hKagM6`rvu7
zd04hi=XqFIA6QxrhGgB1dDyXE_NSm-e0)0n;__~}n*QTo2EsjUBS7<r+#vCD$g2m!
zJ(YR(`@ISF%kG^9^sg`S99(;+DHN{Yy3F+GPfhlI+0rSXJ)Ne|0aJK8u1m4=HGm|1
z2dR7gpX<?ud_H0KlLK4!RsenKMUnsP$%>Y}6$*t*z_``nL)<nP=zsyS>%6xPPFnP`
zqR@-Q`VDKtYf^#MqyjCOYWMeVrU89wBa&~XDKs$CIX^nc?DwpnzV;%2FIU9v@fgp1
zZ?Oi?cxb~A`|iDsNK(W-uDQatTY2RQU#(M*-=M2`9``3!pSo0>LHO%NB)5otAFpoY
z`wk**Ik<Tvzau;1&JBh(BDq8CO?Yu5l3$2*VAi*u-^lw`p~wfcdkWAN_H2s6@6vPU
znB|@l<<3Er?|G5iRbLL@KadFXtj%?5_6@rFvB>4ZXfz5MN#fa~8~Zx1z;%4u5V$9t
z%lCsx<-(4=J>AUl7;(FU4{bz}hSs?RK8AepqKI!#Vr>4V4=_|H>b`p;lGRa^hdcZ<
zC;s#o>(t3N@VNO&kz?0s%X;v;sZRZ+DF1dewtRfqMx#!>UzB~_Q8vEZ&JdR&E4NA9
zZ)c4$0nrA^`xtryAj8AP<pgUxIf(M4jY#SRuZh~~P-~s~`3<`IYed;<x8B;7VY!+6
zm}Y(P{XE&+_mUZ$mtYNJz(9po4VD%$dssc#W!}kY#RN5j-DW>5Nd;OpIB8Ms;N(Tl
zK4`6DSnC(&eiX;P0oKQg9Q(#rrUE^ZYW7+4Ea&D8NWwYJvz*yM>)y_fHX^w<FZLXy
z#~r&@Msb<8YD3QE3L2TB&^*X7^Xjy@A=vKD4EoAS>CGFE_`E!?&eRwA-JXZsnL%sJ
z{GB)x^w9<+-wU7pgAF|2IHO%E!S)=-U8(W%XKllLRn|U98<BKHd)kXRuhps9H|pxq
zD8EayH{IIwdY!uY23^gMqHOl5&C@CE62HUK=~3(Vo73r`F1w#N>)W}dPW|PLy85pu
z%7tN0FTS6QNKiLKtsEkJp6L6H;w;Qz4DEK02p(}~2jgiRI?R2CjxLmcv61^qN*)-e
zs?Wl;yGz(1F+SYA0f{v>{9f#lVRrpD8@SyjQIuhAId!?m_@&*W{o4D&cifC2tFFc$
zIHr}XY@tH4*E;iFWCv?T@Vpo1c>9tWGj3?-@#1!K4|$}5dLhg2q{Z5I%SI&gqA0(T
zrqDly(DZpWr`Y*9obhwaJ;_-jm*EEPgN28K@l1mFdBtF$XCu#BvU?iPFE)s=l8wp3
z!T83V8JzCux5eh&(Sy44w3>MhKCe?Z-=wRHMLt>9W>y=;w?}PPPdnSVgMWWT6y@cj
z{r{Cf&o+HoryjpaSIf*c8q}Q=jJ4Ix8@W%++AH!VhEBM1gAAurCoFxK^G{x1Wf#g@
zHi(?w-|;qK_y_Pfu{*cJ-oXP~7*Ez-f2R(fy8+4G!4)k(>q6P{R5{HLkM?^5qy6u`
z$MJa1>goGhICcuYr*)xRc)U*C?9)}N%o!qoO371BJ(7dFQ@9?n*yf8(9J58g-7TAW
zGfG9?42C<$fw{Y{ih2t+a_o7I{5EEL?Bwr<i<~%2j+V?4$&-DP)`jvnQ-J<f=-W3_
z6dE}ci;vM^GA$Lk5*R*4-#MRT)$`#C9NY0u-dE?pfaD5c8!dYAZ8Y35Kjp+`_4`)@
z&E1_S;|8v0XPf)~Ab2_BbpwwXgCh6F8=Xwovtx9~id%McqRgKCMEGg{?&P@{czy;R
zd$U;E%vCUi=VxH?w=+M(?_NL>84ZRxcFPL=%?rZzjRix=Rp{+6a9IW>@V<QT1+o9>
ze15hJJS;{lr5C$kLsndVgEy`F^mp)>waF2C-+R#2;;VMIX!-V-c<6Z~z6;rym>zQn
z1JmKu4M?sX5qoY4GQd#s6nd$^2n^FGg<dQ$dNO#9iAgVrd9o)s4_jUk{^F`w9<2Nf
zPdV~StQ2u~)j`ff<3H`VTd#Jv<c_iNZ+jkz@<i;t@;*1ullSizkQA?qjnTrnB0qx$
z_neW&&z_C&O!PO-SLo8!{0v5hqEIbQ>aHWmWVBv##P&Qd8q<|+FCfYNyJVih81WWA
zgHfZ^bf3ZStOBEKGQXeL${}p6CtG83vhb<m^DubQz}N(_@(-jjdmfvAEijD5vF-wf
zx13>CCYgCn_f7%&uXm9!J>5H{XMP6Hpq}xnC()fQgL=l(>{)!=9U0j3tePh^aSnz^
za)KNOXYxDI`;K?hgVoO?Vg4td(@XYye(Afv5@3jDoo5k1-lvIV%>01azp7TZPS90L
z-cN}*iOK1=&m&<ndQHSp?AaYL&vMOYvtynO2;TfWlD~>r>W1f$ghh<?tLKrtE&RK$
zrT}e!bnsZ_bIf`kN&BNeAN$o5g)+Zmf!KfNEb~8cWontN5&cPji09hujmMg6s@3-K
zHjj6Ty)~1bN3u%9au+?%Vy;ukIXT!q2U>Uk1zPu(13i~vnxnMt{)^JOw_KsOq7{p9
zyYc52#JG17WA*hv7-|%;S;q57yohpNeZk6^RDM;p>T<Nz#fWmUnAbnmw>7`0R`VzD
zn2FitnEQexFh1FXvG>aC;dkvj+hE^wv28G1@Zc;Hi7WH117lzKwyD)>nZWmj_@=M&
zZjHAoEB}6XUQ}-H@`PSQKF5$#KAFAHoPATZS}p2+MYKh4b&vXGwYtX92A@Y!w)E>%
zZD4)#uGm{{=lY$|J<sGVmb4;$2Gt&vEF0|?IguNx9P^6dr98*Y1<#9pB4IcsukI7o
z>efQer;c$L=Gqu48HW33(76xvjY0W6$1qr6(4RRqhS?p}YPG;{b3BH-Yz(EBN?Os~
zGw8?n^^E~)IEEjd6LNU&)EKsXQ>~T>3_pp-aI1}>ZK|Xd-7$mC{lC631XPaUeG9`~
zr^YZUQmwiKhO^@_Om)a%nxqveGpKggDdeDY49^M-zDN6^520#x>xCRcXS_}pIplDT
zq!mq`L5-_UA&09thD8EHprIf7@NBhOEin8m9>aKtPL7bYq6=owrd#{Q5cxlj;Wq*U
ztm%h7JXx)l2@J19`MKB=&+$BGo{5s7oT<>gB|win$9>|xB?=AuBqIi^$HrRqfTR_j
zGlL#}Bo?b8a&eYF$NfS^2cD6PX6CE9prJaM&lfcVnEZI%3cW3j=XUVAf&OtAnDpTV
zNz(<b3k08xmi{K^HJ;DeE2`D@3pjt(g1@cL@!Vm7j5t0XceJ}t(ux8z=;5lqW$t;1
z=Q}#f(*G9{%iNOp?z|e+HHqW7DZb4gcF0kdw4#O?^sw4@{rYXZ&A)$E=-vENw|V)Q
zHELNA$8c#phFXW-Wk_1lf*Ca9!c*w}?Ht2<0s|~RHHIf$HL6Qs7$Mr_2BCLh5PCNS
z=(W%Bd0XaVDL*yat0CV74c=EPD2O{?-*DU${}hy+cxp)LiRQ_mDH2S&_|=M-Jufjn
z>rpWFx`zj2_<zdgf6MPBt!Uj0sy&%Nm!|-2cvk2#i*eW3y1cuD>oU`6OP?#j*5^t9
zI$P+oZw=QUM(;r(KSnR`Mq+(7b6Z|eqi&s~s~>cstjt$h%0zCJH=h-G`>4pRk{g%P
zDHZO4zkxPrvRDiJ8(#~oJSk~jac(yqboG+grqfcfCRiG`Cg{BcV*AXq4tbSGTG56X
zwCToJd2N~mMIMnC;;Xp1;U4{|S~AxRzbXMb`C0qU6W<dMa_UpJF8{1XZ7<<^w6H5q
zmv3;4C4(ic$Tx!)jX1?vGLh@@a8b8XdTL#+`K(&qdJ)I)>v#-TIBZIqq!nE?gJ#I5
zuqo$o49C}tvt$+h=+l3%R?7s2%i=Liw=qcHfmU?c3_3UC6l2LH9K&Y<L!hu9efsrk
z)g>^Dj>nMUXbXlRdj|b@VqCvEQ*T|lUYy7AN`^96Zzb!+yu!~UGv~^t^*m>3;5u##
z80MV^>~+F$H6I_C{;XT?(4Q5t`qN_^TvV;P#5i%hGY)&IL&x`lRy1S=HHMtRCT4T_
z%@-Iv)B52L{JC1)I+0`eOyoI9l$TBS@Vso{JUcI2;B0f9)yACUz}yB}(V!Xh@F_5R
zMDD)p)^j@?`AOfHXV0xxs|DWmj=U_^`y*~J=TIeaw;wBK_51dd+~)6EFKpJ1IJ?s1
z&=-%S6)l@VGs;fklmCR{FAy@<@9cXlo}F2vt`TF<1MzLHIpUHpK`Z*@4EiyJzWYok
z&v%g`>JOiD>Nel~LA6>f`pk74Lqn;^Gc!Qs_+>Fxe0&8$rdAwi#pNtUuMYCqoYif`
z=f6G4=O@b7^Z5$TTUfk%bd6d)De+vCH4k<3Nt6@Cbx&Sbt+qR2!K+WAe8im<>??NN
zeZ3uPp3{l46?^t4PR$ba4DCeu)1Z*=ufaIo7+31#`9wSqi+m#6;>NzWr_)mI6Pfun
z;>RnE#k^XLnO|e~9B5^Ax3?fM^AOKbTH|F{Hkq$|SaLe^B+8$*Aek6NSz1}vTG@`1
ztoo-s-1}Y}ZySc*Zb32-QT94=Y#es}KXp1iV6L@h1g&)%w>Y;R5&IeDD6!{YO5*l4
zG(K$3rJA_}?ruR6xm@aT){FJ)`XG|bpG)SwQ1SP9#-I06BrxLJgvp}q1fNG+(t_lW
z<ILA1E&L4FkKrSIk;#X7X6+{}NCM|3=Hpt%#|aFT2D#0Hha_{a?O}Izu&=or_Z#+D
zch|`uhjr5*ZLH}nNc5j1#yUQTBy<=<SpsWhsbm~-VC`)VX7}f|e^UA*u{J(pWBq0w
z5>I|&tWprk)&IrN{ubfW_fxLr+iiQ8^&_z!T5Mx|eH{{gWMZtWKOWhKp|HRj`Az@i
z`s7=-&$a)=kHmVXjdjU7B!SGtSl728S-J;9O9fW_hW=sQ_K@vcgauaTK8)mnikW|h
z;a!vJTC_6(-sV*IBIi9>*Esf8Oi2Y=c!$jci_d-Qkg(XC^D>|ZFZZ|b_n#C<F>49F
z32`~V$MHQyPM#PaAJHG#?|x_Foy7EGL}Ho$jOoYc7@90(?z^pjGN1jDJ;yZrN9sqq
z18d4UBoRoAbrjQ&oftaH(vM&CuitHZ&Yp{!{3EgMyurr0Yb_EOk{Ijpbx0<CfT8wv
z9INs`Kd~OP=TXo4kyr~ISdFzv0`A0E-(QF1leaPSvcMYoeLrnPsy)}z{v-9Z@p>C;
z{aPepDKXYH>yX^L4MPtLta?A~*{E;rx#5?8B-S~%+E{O5ay<bFvEH{1N#<WMRB2(I
z)laNX+w+zW|46K}uCuWgGPxd4jP;6jNJ5)2R4lN1F7KxuIBBmvRQ^b;g;&{F2dzco
z`z|q7?>Zz`Z^F=-0;_L!KmD2{dtR=Xa-XbVEzchpZ-4JO&SQ%FwMd%GJS?$e%DI9!
zX3H6GR;~flrn?k6*^%4I;`dqyzs1a!Tx0Y5-ZMx%E~!VJ6vpq~wMdqxN<DH9#Owo?
z_&5^phfWi@2M#=A<sKLw{Qeovb9~vN<DAbK4n9Z4@i`|Up9A{jbJmrP@t^T|6cX~e
zel3zC$1${Yt*}F7mJSY&(ZLuS<hAFVw;V?qTyP-Sih*ycR#}Y6;-gZLe}t7w7cr)_
z=4;-il{=_~#aQ1y!{f^w5noz*u{Za!mKGtOM0Y3-bn`qsOjb-zUnhZopc`m*D$k$A
zWOZIDP_M{maogYliwYHmCX$)rR_Gt%a%IiB%$8y4Gf4CkiDh`*S|piWv3nYnI9>5b
zV8pk5=or_N+n?b%Da^cCB|vX^#y)ez%CA3$@(FiF@P9$yp@_S_7zVEkwomm;^xr-h
zO#Vv;Dkk6hxEW@ip(2H^wZ!a^Pvtr^NAPON;xmUVj-~=VJl*Eq^$ho`eALN*j=4vL
z@t?Dnzdu6ba&?>;yZ<75hV6G*GMIae+b_o33~?6J$=htfn>0|Nto`&n&KqmTM10*I
z$JfhoeC?d#=>Jb6fsVxXZtpWlK3RmJ51$df#5w(pjTYPUekYDu_xJNX3|FibbDwR|
zP;dJT+**ywVtgyUPd~=@RP3Ds^xse0cGHsI-YE(lCG?23_0FexTdWcB?o5YWvHA&<
z)9k^?iwaYLN}_Kt`n~lH)-N_Ku;up9(|pcH>1C{V>>2+4lka-=38x?KlVbgF#?yhL
z_FkBPsK<)s*|U{T$BrGjV((G=QFGp6L-)MPo73rT8uu(bo&JZSobQ4SWuA%tLvE?y
zy3Nz+7c}-vdHXZsPU;6Rbh`2IpO3}T`cTmF{jq<voN?7}j#>H8I4#z`uL^psjU&r2
z)af43=NLTd5B8kuHF4P130nGGM(5OHc}<(W&R!lzYpI~+`F;OrIeqR6;%HS{^8dg7
z(Q?k6oE=B&|1A0cwtw<>`qwFOv~Ccz;LiTha>i@Nj>gjZsh}0OqkpuVzVx0rTE&8v
za(h2z?}*Jlila43(2C6Nr|cd6-CyHq4YBmAvVXLkb2aPZXmvd;^y}t+%HH84FN>q~
zt)LaYp`SY8n3t)GqxG4f<-4w*?dXUzet$GJx6hjvt!FJ-{qw<madcj^WEHgJK0HS5
zF?eKq&EjWAx&KY404;rr+ukeV^4qNxv;&)a(vH!wtL$~u$#F7UXvzPoe%e>Zn0jtE
zEq-_8eNWr=(DRywDW`{?nfB{(d+$d2(Zu@%&HB!%QOhRTWAH^sV#~&08(gDS7ujV;
z_f>XMjp{14%Z@mLvgem&G+!U<_xi^AKMsqWVA)_CcIO6197EajO&QIH@qTY)oc}%X
z{(%wvJ!>z|gJm>dDe!we1^ze1`+p7K?^hr19n0*T8nxYln;u5lb88vR50CYG17rOg
z1+Cl^PU~}4*T32Oaei-LoWDi9KRJ}Yzk<ELg1sN(_XfuJo5lMnY5e^Y$5HkaF|1?!
zUe6f+a&h<J-%P9nf*r?u-?zD~mD_g<>jw<0!sIr_@AZxG&$F-&<aKRib!}(w$NRm$
z@&1Rz`|F4B_iXI)yveYP_j^6#{eQ6Jn#teaz}`18UJCr)K!N{v;{8g|E?G1&)|$Kd
zSlhk-_i*n#)vV(-*ebi6@wAy?9_RP^#`%9?wWY-C%sko$tv_;~!J;*<k9v3S;p2!^
z_5oIJfXQN<-|HFYFSP0%%<IkWqux=~ykA<h?l|0gpBm+_R@XSn-q@FHzURJyRaWhb
zpVi!+T4gI3KX<b}Q{eYT#`;m*8JC;N`5Dj$KeGq&vEQOq#ArRsXpQrGBL)8N-iU3J
zx?_FF<|rS3ELz?^czALr_aCjYS*+d#Ocx6LUSEO#gSdJZ^il7&Xtg;WTeRGL)H{1C
zAJ?q1#}D;hw*24R_p{1=-$z;ZyL=qC%C`4WcGO1hBUxoXJH-3um*U=wT;#I&Lj3;*
z^1k_r^Zm1B^ds^Aa^yDgeewV6QIs3g6guZQo;Pe+ik&wsCP$2O5BDQHZ{PSQMZC5f
z3}=3@H;!|fg>LLOO??rkDfdG2BFgRWYJq!Al-szK;{ShGe7w+qK9mK#&J%0I{)M*K
zIuB7!^U%T5kWDQ=1HX3-x8H$xVsq+kN(EX)xvjtJHC|?Z6y?X$6x#W(sCoXxsz-PC
zQO}<__IEAp+imO*4hA}ua+(i*-G7>%KXIBb37Wp0u{1|hzE{4_wf~xGHDCA;uEQL|
zh>!Y@LBEe<SSm0me~ZOX$HuPga+<GC@Oym|{2z+@7_T2=?>FkUeV1_`%j!FW4)ONf
zxw!xB>6^px++*R{8ml8qY40|D_IWkxEy7RQcaV>{{}p$$oEzoi%6{?xT~Y4Kd@cU}
zu#4O2-QxdcQSJ-v692!^)w5pH?_E-@Zgq?!?;hlS$4BD3Jzd;Sd0+hhc^4m7{~`V#
zA4S=%)u@};cZb;+Ki=;RjQ8Iw<b2W#p+r7Y%~0+qTlGG7FxIF2WR37crzq5SKZd>%
zer<2Ed-5W_=kgwA@1UIK!vw!KGTuK+;F!`24)+M|_ggp?9Tc|cZ>Q0RZ{=-%xLLIM
z=GZoGJ;wEVYQt&tSCJogm!KJWCRVR&MSmUf=l;_S`#8;a1WjKsmgaOp^YIm@LGwCJ
zGi34pY%I+r3#Z<Hnt@+&ngKyme<GIV@5Fd9XL<kI$a6KPxk%9Tgksxhp1^s-Z%zZJ
z$f^4Wi}#hWIA>Df!+Xa1y)f2XbARD=dr$noCPI&S%km~3Q(5}>bqBX!--~+-c0^Hr
zs9CHT{Srgqf(>2?wzEEH<seAZN6IG0?n47m=#58FX8sQx;dZ(=8~tQ$wOS@@^m5TZ
zc5V@QLsNRm8|oZ4ui#_ccp;~7pl3eX8!5LRn*^T+qa53RkBG6Zinq&hN4xY^pXaB%
zz9Ck9elTux)W_Q90m|(J5%nDx^&MdLBek67D---)&jfQGx9oL$-}jU=xzG5&W)3fI
zldSnND@N{3j!b?(J!pSt%^UUSyD10x`Q?Q1e4RapUMTFhxxeETTi0$A`C!d@AF|_{
z5vQp4YzJOzKB+%=2OqTSv*vsHQ=fD&@%XrH9JlX`Mt%pw#OG<P`PjZNnfre_9PK6M
z*!siAmmLm1Qtf!=RD68s_|BT6>d$vuoZo$G$Cju1Zj<9XYp$+8-#zV+i#3PbAGr``
zeJ|ND$EoV8?+`xnpHIVnh;#K{l>p5R*n7q!)nGiGAonS=C+{Cm?0cH?R!#Q2)ol(w
ztaXR}@Num}Zq_`0zxsa%w=+*2L^(BJpV`u{1><zq9!gmKtHn4l9*omnZy4Rp_wb-K
z_nF+wK5PqnP6x{K(iEEfi>P^?eT8VdF!1$WYpvJWcHjZSJTF3$Tb^Al+K$X@3H%9+
z`JnIcIr0tNJ{aig<Ca{92d%l(c)7;oI($Hk-KXITMREnM5}@-|+d2jJaa^~Fwc&g*
zUTiqd#|1VXq_o=O!GqD>V;plne>}Ha?+T2s-PnJOK3T+uQ-I#M+OE@cD;T%Ojb~pv
z<YvtkJLMKHv$Y3MzDwv&<PuAN`Zuq=>;TF)if_ZidVbs6y!FBZj=r|op6fbQUwiO?
z#am9$nsZLn*R1k)A3%B1YJP6PTxZX-FrIoIyYc|aR;*#g6zP4m@6`uT&RH$`@f3xI
zM}pDcSY_q`en$P0RY=b7<iAT+A-SfD|1MgEWUTmo;VL9UM49tfAt@KX$E`wgtN1-;
z6_SfY`EyqxIUt_ruR`*<_?@>3$rGZ?h*d~l62FJ9LPABEtW{P{-Hc#5`}QRNJ!BP<
zC&llxRv~#^{7zYgWP$k2`cv{MB&;trio54o-<Q}kGP9*CYM1MLf|na9&gvh3g0GR3
zqqzrWL$X7E%=|GTAB{N&HV0ZeMNS&#(|#onYGFFaWL~g}@Aqh*!}Ch-{)^K3m3&#t
zxBqp}6+TcRx`%qu%?`45%vi<O${F2kLDy<iMt_HczGZ9shnwpPlSg0lUvc6WzT@f8
z-*XE3YdHOeWXBqvpueF%@_FwR^cOnlTRw9l`n};dPC@_o4*FJ~?jQXelm6ol`cA#M
zLC|IW+UmPby4D^nhLh1{G@X5a-V;c&6VRRMz-#$Xrz7vXPa%)<9rP{V{dDC0%Tv(L
za^e?0=jq^APC-BVgH7M^p-+eYm{ZXI%0b^6k4}gFkW<kAz=>aspZ$|Rw`0d2x9JZT
z^ex&iJ7`<}TmP^RH?g<%K|A1-i|~n0M=tL?-nU#9IOQUITAssxfO#I#S&ws%Bcs1J
zm-nrWkN4c;xHtE*mV2DEMf`L+*jJtc`>&jG7xCcf(62cK{Za>gD;_(YK6~dW=#O>K
zx8mT_p+D;s^oRby;u|{-IaO|t0sScN%z;6_?+1NHE}8Eg<xh1+w*7mQPq=~csZKn=
zz8fCwE%tEciTJo5n4EcC-tI?v=b81_PQgQb?wSq#pzq8v@l=1xJI=2!bCmBb_rat6
z!0bGaUh};z?^B%xzP}%MooBW0>IW8Q&KsY=(pN5nYx_add3N~n{<NVZ-^{fB$j_0Z
zqtGm$6YML$N`au6-j6f(dEcW9N$_*${RD^IQt*%)g3kL1B5wC{kx}}k#e)>ObqIuZ
z<v>SOE@&6)r7ijTmZ@HS>r{`vZEE{KUe1-I&{9pI#c;<G@0f70G)SS-lAyzLmYM6K
z!<P!$G=Pp$35;<gK^y%z&zH3;88&VK(B4>y#5Vy#S)ea*0c2!>z9TY4p%&c|xMNA%
zc$;n@h0`_v3c8n%0Bz{wJpUOAx-Bb_L<%4z3%W9+JI$s$nc=<AL3fa#JIJPcXAWp5
zSMs<sZy=}J$nX|JC|l5F^7gtF>Pz8!t&hyQti>C5mbl6dMzc$yf4oj=@#QG=zFS-^
zX6_wVY`HBiFsfV%y*CG_ZzQKz6<4NG0s}x-=Z*v#pFhsZ9k*fyl0As>vK4&a{9`Nl
zJ+oOOlvc=ATC?uY3a(}UXDh8wBg%5N(%Q=YiudyUaxjD_XJ;#||6qT`^X&VxgMUMm
zkGNgIU1`vv3<mAtvq0OG3>`ihv|TCCQ8@^->UpIt5qD;=ePD7+whInqt>A5Aelq~H
zD_x+m=eveMM|c2eyRx9eD}k0hYNDTgC%rX;=BFz3GS-F_Kt1EYIF<|_p$j^mO#_X(
zXSUqJa4{Mw&=HV8D;@xb`F}EWY>A?oqny$58l2Xol_DSc5KgQ6{bv4t0((CNXn0)Q
z``7sUb64{Fz`|qV-iP`7v)TJ{o<otne;-l)RDw{%?FxRnob%7{S>LfT-p|X;Z`0Vf
zg+P5LF!Wf8LV0YG6+Bmh4e(S2eL67IKT3iP`4ViH9hl%R^A!8pSkA`yH<|v0C-|4H
zMB>e@Qdv0<E9c4aLu8VF%^+R9<YgoP`mni(GLv-xKx6%y>9fb9P$px2q(T{fH$Vn!
zm$s9r={X8zJnLBsWwKew<M;;dTV(mcs4)GxvK2i4d!lz!Rv<aMmv==gkc>x^B^PY)
zD(U`nB-pUqofS0Y3Yq@)8p&VlDfW{Wk@yZ^aaDGe`nI6OWW#u6vSBh}a$)jebujrb
znXo$Mfxd&u=*pEyO64kb^J#v6p7{RKl}Mz_Ds>&A>`hfDYgg8uZG}K@674%1Q7*ke
zq0PBqcol_K=7Qk?eg_HUf|2Qh1}RCQYu>4#)4;WViwm?okNXpkrcixCxL8k7Xdbgg
zNucEof)3pcS{^`$&jrSvBS4F|0HZ)$zcYfLtq^%Ao$HpLV2HhYd^wU}6lJdj4PKAz
zzx#P{_sYj;uzJ5jlw;O<Kjz;(vK+~iQIz%T%EvO>5JP(>hW0TVlB2YqV7%v4ssGFP
z%&Agu6Z}?Yaelp7oL^=y!<k?lk>Efge)Bbj-r@-tOJ@q(o5XD|<CodqN*5U8vKhbG
z!Ii>xNN!;R-9X#6Gu+uh-*P0i4t|TC=eF9j-R9T%og}_fmm~Re6lLk=^06iN%dxaS
z;QY$DoL|OYX&UEGO0(NDa8~d9vGxq7hl{IHdgpJ^VBVgySBQKpPMN>Q+hxphB)2&D
z>wHeM=exbM=ezv7oaIQaXYF}Q`B-MNV`#s_`CBI1vofbjJrqSbBEf-kC1@BWK|@@h
zVEwki*(aV6ed7KVNTlp4b@yq0f4lhpjul9%vZ~abr}_O%@%=AXAlZ^xrEZI&{M>RR
zf!8s_=$P_SWRnIf&*bq{7s^j9M*>?Dml?Vo$r(|US1w25`D@}bgO(%twu@sm-#KiV
zv>Zvy8docCi<g%nd8?Oi4lj%S#`8M=Cb*2_P4vyz%aAzrb<1Y1(@!izvaO5fE{9Ao
zBt@ZHGQeQ;n9iDaG-ZI%{7!}G1KkYL{x%nA%0PumnnFwS!o|v&-2NzTZhrzUZhx4M
z696#oOlLZq6MSho*IDP;HTag{$O%5M49S&f>+H{;<9Xi0ofu-igEE`zWCx=B%Uq@P
zzsNBwXK~EZSqyV_(CTM;YER61GRM3n!|r1Y^E82(^)cq}H3Jyy&*c5AUf5{nUoqJ+
zzpC;}F7KZ$L-LKIpXG~w#xOJgNWZCkEc1yNW|CuL)(3FRr2}j^vpT{_JuycF=F*gK
zaU><NoU??S_q!QpIe5czkz3Z0Gg>iim>l#jL-H2~<|EH?{ut()5ao!l<qY#tfqBm|
zB$00u>-H~}A-M`|on!vEQ}2Gd49R~G<(<orz;}shD9e!i%0WYpqcM3Ik^rK-br}-n
zo5VCGE<-ZKK_fek#^`1It{q_VcMJKunf&Eo_t@hCBlJ#%nZJJ;WbUt&_*inmi@fhJ
znR=}J*hhH(d7mJ8#-X>(BDbFsMKd;8jVL#9{Gk{bIk3YrBuf)wv-@CTY&pR*UPMyr
zR_HN-jrFO3=u^)SB&q}3pPm(Wu0_#|Z!Slae;bEQj>Gl^K~gHPDM_NQC4q5r98gvV
z!)NY!a>wE;HSy&J+cqMpbSw0@z-OKJJ~>XIQHLJR5_$Z5Q4Fznto@FPyFKO-B<$J2
zD9Y?F(-&}H&W^+UEJ5;h)XwjZ?sGosdH~G$mBp;)S+ma4Ru;>$_%$yHE`*_=<t4#A
z;cU=Yd<&rO_|IcJ$6eqjV6YgMN^syftMiQt+AhI?zz+&NIcGpi9!UG$>nmuRygH|B
zvzcS;o+Kzgku;?2gtr7VW>eb6!K90=?+z+7dwm7XgW>yGdG;Ou=9lI-l|`UQBcbS(
zgNi9*XO73Q%Xr_;OM;F1??H3g(m(|myIii0@qYl#{8oYkM<qA_4_DCAfePJvkmo-;
zhvBN?-<tQD7TV{t!v`y<dB3Ox2dF#A&uq&XpznasD@<SBd|nO|nkq~mKT@dB@Gl^w
z%vW04OB9+1uKmr|f|lo&_Wx!UXv$!Pj=2B+<JkkjFLLCYYuzmXhDY3`<&l8u7lOg$
z!t}>GS)tMtFh(aS^sP(4Fz=fYdNyTN&)oNL0T>GgD*SFA3HApr293q+?040*pfSu<
zHQ>Kvph8)U&3Iw&lqvij<Awdd<$BP3HQ?Xp9uYk1&JA8%4t`Hf-to5(<qQ{WugVuW
z=iYYYUY!bB;d?V^`t<I6|K=W+HVF>+k`?N$W$i5O_ssx}J!{IJ==Xk8L7R@2^XC$1
zW0oQDNc=8@h&w%a#GM{|Z6hB`GS-4|$ekG+3XoBmqEOEer8OMQE1s03(7@O+C4Wd$
zs7IV1{@r6pd_S}3WOd)gxPTxztj69)pq$I?%a_k{UxIwMKt0-|tKB}uATY<crH>)`
z2|z{+|Jxn;Zzq9P`0)%nr?_wa!zFS2|7?0U|KE_F{68r8pS!wu{(at9{?C65NuZ)9
z|CbRY+7)s4F`Ui$e?stoZN~z&c&UT`<7l+IvkKbWazO^@JD7jT>M`SEU$KAACM4|p
zt_PGB=X?sf&+&)dH-DPz*i-HTeaBNfN?VW4cKLU^hX>o-vWf2pf<*Z_6t%gtf}3vv
zKO0Z#9y7<|f`NqFYS17QNKxpu*F%wOkU}|cnL!1neX86DMQc)cKWER~n=2@LcUh`J
z+uiOUNYg&mZ-AoaPfJ@_egAw6Nt+obX9w?m%#?4z_m3gbZ-CI@8=<I7)ET)MjKEPP
zc8*B~<CUX8FBWBV8H~V**fQRkU@$DNoB;a93CUcOkv3OQW>3W(5`GT=jcJD=V8q{_
z5gFR^E{nj>p7&0K(|H@lw}Evhg4Gr;|DaH22e&ZWmaLe1r%&Yi=zW;$XJjyFP^3^r
z0mGH5P?y4e1IgU~!^hz3t^&jId!^aJ?*-_9GBDm7V)|qoJ>}*&vaz`oG$mJQ?R3NC
zs|Uh`fuXUsS|1Mv!`0act)F(|%Gw_}KNgpMiNIAVaFudgUI(s!UTNcMzSG7PC<EiJ
zG>$7QaFv#Uc1^C*deohD`L1NRP#GMH3&w+StlZ^4N}yGXqTFoi3>4_^VzKisq`A02
zz4|d-Jp&+PnJ5!}JFd*p1?tkJy4vQ>C}?+Q7Py(MweITl75mq`h=ld67=8FJ^Ig(|
z_bo;8CvnHd+@(l9iSpm~EJZTRe11mocT17X5qIm|xs?005%-AT9ZQkiE$;rfZ7Gu9
zBg$+XWBvsDYeZ50?9c-Bnx(orkd;eOsD1$$C(@Ld{cClI^3_X`lrj51rCwdSLRa4x
zcX9lDY2yALuY1g24`0Cjb?HLTO5NpSJ@-Sf(+vfAVb6Zgf02zr+a=cK0lC{>ePAh)
zWYITAfIjRVM48d@6$@HLHm#$Amfn$=7L&)JrAWfJne*ktYLVaJR<M!#T;qh?TuaS%
z4C<w^{ZStahA%~-w-00S$GrUzo_XSbrhs-Hi*1v@|LZh`{yho&=K;`8w-ogL(R2Kc
z6rf|06gpD)aQmA$ZI2RnN6iJC_Wzo+=kJGb#ff(=0d2H{_SZ?^9}PfH#?c-c<!$j@
z6OyeghRrCW`M&f0CEqSky~_E1HlBU5QTT8lp^+OEWdi5>kNvPf_3G#QnazJsl+m}N
zp^AIFCS{a4?(xbD?w-o;@nYo)|6%%`+uPllK_+WP%eoKF978~%(;h=|cNAqdK3(%R
zn*PeY);>vB_uX&i-GWa2k4ylAjgf6)KC}8~)9J4_@Ud{K%k;rbpGSF%^^>gNb4^G}
zdcpi;iH*7O)mY3-Miyps+y{jYdkjgr!2HrH{l^>_6NmX|Ih~pSbD))D)|-&L)5UZU
z%=6~^DuA*$qSFn*eH9Azynvy7g+OO6MY6BZ9N&#L3ATGbW_bDC##>a-SeY|K8K(_X
zE&$`CJ1f}fJ|oy(u2653_i^7)Fd}IR&4Ji{zDVfNbxlZCvKYgi6>K`IUd<%B>ZI!f
zo>%2PQJ($2vI)uCEY@&K`@cPjnld<h5%YCNq$<?u?@sUH7+4?PHw-irM^Y?~M+M!<
zP5ge-WBa*J#{8j}dv9Ll_uib}gygd>lwUr;eV3zRzZ`fb`ZFF>Xx4Ux>d6YtR1|vk
zC@?_WfxD*>i9U+?Nm()XcC)yms|m?9W7rsz6};wIBuocB&a78Mg!@KjPRV1u9n+eS
zY(^XBKbw#QPH;Vw9QU>}-KuCp@&VddKWsvxPz)W3$NagCc~YK@`Q=6=zP!Ykw>Keq
z>|Bm{tiXIYuU@@(nT<KzfuWsfx4}P>K|3)lR{j&CD1Xt2<ijqMS^TFqiE~FoSPYUI
zWaIAeChq^RnAVDCl{c6?a)a+QA~`1R`){iN`u9d8Z50aL80EQ{Gsf1dla}l1dyPn@
zL{YvWS81jEE<cra@wWFjnR(Prd#?Ny%`sd05Ve{nB;gOxcp!?hW%na)c-JZ$c@4GS
zF*^YIj&quLj0k5j+*u~>{f!*=78l2D+K|8Uc6_`M$$z_0J`DBhy^rat<-4-DpW)WV
z)vH%8*VQyWeyWEB*4ueKX8nQJ1=jaa`z6ErE*i7ruv%r6*HF7AiZb&<c6IUbfywJn
zLS7F>9Xe5~(5$y@o%kff)`^Q6kw9ioonUt7@+KsQJ={NhYJKc{seTsk$CjUR*j2AC
zeN0zB?LwLPv#f7f^De%0FtqdQ)uqdIb;)`p?{{&TSl=4Q7O0`6x@ykVy3>O{ZA8)_
ze3hAvNM4De+;l;`8d|Qaf9*oqxUgRRWVx=s8b?Q?3)D}R>S~C!Lt(v|xk6W86f~J^
zb~Yl(OM(lTe3TT>*f`6^z?q#WH>YsS%r;uMVKf+ri|f^^SLo`k>yfN>&<Z<f`38Y@
zQqa1z6Xl|d>(zT#=xU>A<J*M3N6rBQk`xMeD>PCF6wWnsMK3vg5@l^jy?Qm#)sT5N
zEYmlB$Cc2JVBkv(X~Kp)8%23;PQ9ABOjldt%3mkShubhTSM=Y2*e9H*y?$7N<kwv&
z-`~W?@0=*g_ln=sg)L=c#GWOrA7=&GIKjpPHZDBgi87Pn$3yGYdx@^jGwr?<Je*sv
zPFkj`)lrl!%uh8U34fT_t_^KOa$nTC!<y^im?l2<dA`F?j6W=JPwhh4;%{*ylE`~}
zZN(U0uim>{SBtvDTwsov3(R49oMX=u4+o=Dg6*y(g;u>=Va^pdJLZa;^Tb>+K!=_T
z#=|Zi1Hb?t1GFWB7RlkUiF1xPyn@dWFI$3SXD7-guO8Wd*IGVD3|$zyzKi>zx|oBm
zN&>CT73<Ubx)S@Le_w*cSs%3U`W{?@WCrsGTs`d?oJ8$=M7c9ZY5j!RZ<l#jsA|#h
zE#)-sT!Lg>C%+d^X|!!9P;Qs1PNK%_g>n*&U5N6;MsWwuA-i3j_cxDlv=_rpmLU0{
z6XnCAzgsr)xM-`$Fy2<p!(!XYGc0jiwIwSwUsLFsv%<w~DW*@;v1K4{t7(H^qn>Qu
z{jzaO5@<(rc)Zpo)*#wkK)p*i-xHP~dBo9HlB2EMT_{gWf{ut-<EV7mZFTe%ZFPNo
zTdm^t4PAoddm-nqme}^+bCS!sxeK+=mmu+Vp>aU0A?(1|w(X8rC~9q@O|u+rsxRVo
z9rYvmRVT_#!ZunmU)hDSHmP2nv_e;Z-D%&2dw5{IdgL)(y_MOqLHxJ%%_ChXzsPVc
zb@XG$oN?X~Bu{ms%<RSH_1vd~=WvqcM>d_w={+dc$~<TA_HG+wuOXQ8*Mq=d?QE^#
zREl}<)aUp-IOE;&8}ttDH@xOYQjc~UHasKF5l1n!8d0uYf&`W%#@)fb?c_S>6Ke-v
zcPyrW3ykV_t+{zuH>R(j<(N91n09eY#E*nVO-$PvraK*&1|!NhFF_J$Gcj#2%Q!H-
z=SPx^C||>L==;QFw)v6V;qV<VbNI2$7NnnW-p~7rId?A&;`j1ed(XUM_;{zJK#{L~
zp#Os<NGi>-Fg<9!gA^z_Hrw5DOo9!SCrVonzfwV+cY{nD1o!xoK<oZ4gMVkPpSk(I
zDr?=ZIT?(2`g#@=`A(F!<_&^-N(X|*d{2+Le<v$A(~soX?D7`&+nOWjdf@Nkp3bb8
zdpxb@N8K60ubEtCm$$Irv%Ga`2IxB`X}ao`U_0;_uAt4GUcmS26#K7w9?2huLMWq<
z<IQ4rOknnQ^0mrQek6%;WCTa}k-Q`3Nap17`j*bp)ji_brnC98PiE;Vvz@-2QaaAh
z$GE`RVE9Is($RjAzl{B#UrOnnNi8SG0rmR%nJCX-es=RYKVKh<j07Xc1r4R6Ci;EF
zrL^#}Qgbfx*eez0TE{JHECZmhQ)*%MK~oe8gLwYY%&%Q7@-BDF+-%bqH1GO-p#e!?
z1oH*6WA6H87~l3Ind^zmk$DyvtZs8Y`*X(~Ho2gc{Cfs18PR>`u36`nWQ8iM{ACK2
z#!RP7mhE|9DB_Oz%sg}Mb3>c+o|`<-j=SZc4*HIgt9A8vek6^Bbt;ob_zVce#B>9C
z-pdOEz_?!mBNOx;PVBlHj1Yhk|Ghc)G)|%IZrRiiOJ6KK`TKKRADwF_z8`oDu(E;A
znH?I%+xluvS6SKFB1dRr1Crh14%3DPB%g@9x{Di-WS_(kv*X7!UEMjRPL0`{kPAkJ
z*kAgl_+D>7(i_Gn1V)ROPelE58jv(0%D0Prw&#Gp!_9ogQ4{^62D=vx9H`K91}7~l
z-93YzJ9xk%<?9*ryurzf@<E}86n-z0dB1il-xs+w)xP5>kP0z2;p0@Gn+DmsmEC|O
zGKlHc@R*#eY@EH&kA!5z<s^2+>RQ;v?Q!)wKBhJn*Qt}Pw#Pe=z;N=MEM!~UfaC{p
z*KuJ(tX%l{x$NMC1|<8$JgKGo3q;@4zroOO(033`R~yIIsYl$ygTF(RXPsB4hD7`B
zkH+o=@(tnZK8>Tf9(<<hYDNQ+JIy)6;dcH{Kld|~;}~LenSO7YRHt5pD6{&~3+mK|
z5M@?>hIz--@Sug`N<`VSr<CSL&i5CdU#EJ*=lhvFz7=~B0>{ueN9>g-+*9h9(@GDz
z&*XDjtlWLO`PkC#P7kv2h0(I+v`qPeLT~iP%I$?H${QMlO*&?eO$?vq`&l^6d+r<f
z-N&pS&zV@KUVF8!jzE;J7xvDDD4$GI=)WRp&TAgG&auax=XLs0dJ;c#{2PHI0$|J&
zXN{+eJk(PL1N|wpwQhwn*)qG)o$vQQe2jknQ6&F0<CctIwvh7)MA>SKKQx&89~1Iu
zo~L;f$+uCiUn?I)@-IaBT+yyAh%%$c^nmHWeld4`WfbME2U=s-(zBKBwRF?&&l%9d
z#zXxa&<45qy84zp(7*)^=~vC9&UHejw~6nwe#;!6AQgVWzJL2{&`wCOp}9bz+N)v=
zAH@6XmSivj=PPvHqdfM5YrqIxq|oX|#Xgwpzz7s8^r1(Q>|yPG6CaEA6aqb?LF6|o
zRA}UOFeDc=1d2;($@mJ>PP8Z6xv+g7N-eD3S&Civ9~xaPb9cI18h>uvi_}Mvz^|P-
zoMqEqus(Ti0}|uzxV5b^FqBs-V%OVB!3YdfsAoJFfsqRRxxgOqff2}8D8v3gk2<hd
zf)O}Rp)(%k?Z=)ew{SkU3%Rgo`fWCklLe2ift<%{Uag?NQuw&*TOyg`!~_3vwJ=`I
zeAWMSx6mtXK6gBVBzza+Grij`dfd}KWjek8Q6$R?;?`Wpf-&pW3R)@Vpx86t7%;AT
zwSoo;%snqOJRXec4V;I_FJjmGB9pjGrZxy4Vg~2M>zU|ZlcThHiWCZL98ZONd>4Y2
z-#LTd=Xf1xg)o!utc+cwX8oelc^BY~VBSesEA+;b2_ZeFT1^u1#iX&i8kr5PPM*Sf
zU}TB;B<rka%-)1yU~Ga|IY3U&wM_Obe$A6Ti(eaM&z@q>#63JZ8^3bEXq&CHI{ia)
zJk?A5|5%UY@Hl=SUb?vJ%bWwt?CEdl8DP8&-F}a0s{*ND9B;>1->IGNeR|{(=2M=c
z|GJ<7JQMxtwF=E_Qm8Lkp&5!oKR(;mBZbkCnI2`v_-;&RfAuJmO<8RGOb@>J43d~V
z48y<(c&g1dxq7VL-A>u!E^}+_VQs?fne2jwHfs;VH;%hDM}t=U-3)qkO!vMLzTT0g
z(0d*c>qq05P0?Gwe1y-31%_~4TrT<`>!(bgwm9z@90%qdsRth6<1xq(@_k)p;<WY#
zTzwwbDGRexcNF29?I{6T_z03cB?|qm@CPP7f@FnxrXoFfn<ICI1p1Drk`=lojo($W
zHO;lC(Q#MFwlw!5UEEi)C5_*8p^JQ3n#fHLBB#>*;(w+a7pDR}biUnYI~ODI{LDG`
znrYfNCadorK{D%Sv3qpF*|Gj=MDD($k>>}AyVoJIpYc9Ccw{k>>qTCGgNu>O621<T
z$q$RUOeTmmS@vvS%(Gnc*`AnZBg|*J9M77W4l(~}Hne`R7zvkgQt;EoND2^TW}B(w
ze!-8UHiq{F9b|q~dzIOi_nz0cE*_7f{HUc9ZZJHaYW3%Wuhzv#DtXN5e?`<|EJpHT
z6y@qi#N5tRU{H5fP<Pq3Da%pUC!@JeeaiPoZ(wEeJ=H4n0n9U=`e1+iY%tIHG9I$U
z9U>M^)|VL0e+u6I8AbV+J15v2wfs!pPk#`7!?PPhADTW=mU*AZt#S8>tSv63$MPro
z^)y&il_o8!PIE1)O-owz4JfoOZNQ?h4$h#127vz?06J)(LI<V-4TC}pQ-P+JD)c(*
z&IABDFBRyk%s)>yb<w>4@Pfri0y5wC<MhuNwx2$NBz;7zt_8l}G4V}{k-QT{IsY&p
zCrYP)R(N~{ZJgR;oM>>46EKyJ6DJmn`RcPF<QZzW#gQ>w{(p$_99GYWx#+URNUn<V
z7--sJBntAq3sV;(x!CltGrIk2B4n$az|bD{d|#D%RGb~ob)1RJaM%#$3yxik<e*qn
zId3uFckVGtX})iw->XdY4-Im?GuMZ{z!0=mCDc_$lhwuOUMJR<3yoM`yk;`@#Tl)a
zJ~jQ!21d)>R;4nZocZFC1RIz?zI!&bGF{6Rx)$FrSbe{Lgx}A}bnen9%1WDUD{~#^
z6y*fGv;Gkl{m+9a|2s{gQ$I#??EJi!96K@N^f>M-)h!lhB_{KnQnhh8r5;ZMdWEpT
zmVY;1^kv^h3^Cu7`Dx5QVSSalGlI(TDs|FmTb{{Llzl0-zJ$iu@30GHI9R2!@8a9#
zY6p!YT_`*C!fG!|PU#LAvGR9_c+v9Ja50ZPU=xPE?_P)D{rdP~;YaVl&`Ebz@Q^z*
z7#P9vW;y(zzjmRl97>G!USWemT_|g!uJAstBMf)@zA9#qHaP7O<AdqQ2*<s-IgWOI
z>0xe<CNW!knAhv9bE&9vSr^LTfz>LrSx#I_9ddrU%N{$YJI2m!X-SLN*vZCFHg=lv
zx?}wO{~bFw4YTc4(!)sL?8IZ|*=&saJB9`>7C8&^!Pq0(KuNDwEn9Edm>XFebXJ+q
zfAwlbcfUH~(3RgXc^u*LvffV;vbwShWxcCP%@*IYcbN`3UC+La+V3Yh-f7IXd|XPI
zjGxS^R`cNkzc(_myRRQzhlJ^h8KaaaG`tB7#$$dL%8ZuPFWC2o-NU=FS@frhasbup
zQMVkl@~Bwj+omp*Z%tF^t!vQqhpoLTrcd0<UKP`46tUmJhq?V`aS`N#5q}rfn`uCw
z6Z8F(J}!;fTQhs8y|-rP6SnPRa%gvF_G$YjiSe~qjIXXPlovfL#`eKrSh7hHddp;E
zwOM!n?~LuUXNo@SGcYt4QMUYpPe$treFR41gHFEJ#p>Uagb$r1-v7N5<=Y<Sac6iJ
z=W)#l(~sC-%_Fo6-Yhy<4j$iG#Q8Hi`8Zd-2+3MDmb_U?^TQMU-oQlvZ`X-D%t;VZ
z&f+%ah(pI-?d0WOc$$|xiYPyjrqJ9s`FzX0j`@~e_b0h|o2QBPj->FmcKRv*N&_m1
z+?YvGW?St($MEDj<f3;9|F00}m5j$ih2DuMe=6u-YOVh-Leh>XZ-1D#%^&#r6jM*i
zj`y^G*}@-V?aXAzWbnsDNSHn_IWj%CuhXVc?W*oUgNk^;(lx8inI7CO+T$uggYj6F
z-jfF7o6)e^lJS47__nkYWfsFQTb&da!+hAu<d+$=d?Cw56^Z98mUhO`=Xdfo9_M`0
zQ3)EX90OZksi3P}(th7LpdDf3>1=n4&f5E2FdEa8n0cf?PTYRwTrgPKO*vrh_o+V@
zw8mkv-!PxfqcOktjwO0UxY#H521RoC+P0D-&e2L>jJp&x)}{j<j?EYF#3CdxJvLu}
z@ZUeGbn$)D49Ck^KpD+_qd{xT>I28+HjZ#E$KlE4I9LpI`9&PZ?nO2ZeKbEm>a16?
z>P-WhmkJ&G&I7G6r}uh2SK0LjvU$Cb&Fc+hg0cQ$Uhm(W^`6(W-nMj6?=YZwL!e_H
zll#cHwn~X@tF~dHtx|yIWkAOnOh)-}-;9j?rqudoq}je3J>x*j%Z85kQ$RZ=!GTEr
zM85>nsV7OHpefWdK2jV=R;cSTzE|d!^ZDA1J^_rFoD2D2G$$*ReQ&Pyz;v^G`#4^n
z_2cw$VEB?1Gp6D6(t~ZuGwChk?DZh0{Rs^M13Vlr!`Lzow5Icvm^Fts2^s>9^Ag@+
zplwc5=<%U^E#c*q9&^d2KN7PBbPgD8?(AT@8Ar&$e?865tsQclThm9y#og&(6#g-8
z&c_=&UlsO%@#!lS)LP5j;!?~U5-djD;sVOo6Zw4484Ho*i&!>!AwN6j6Xzf=L6q;y
zQCcS>%DS7cc^L05RCh``ix&#o+!+OKW{V`)Fk2t#2mNCI@U><Rf*tm{<y&IiGClZ1
zJ(3DUSr&WM*t320NPObib%^rbdL+LV?^s=J^+;HKtnS^2@|X2Ue&@hAQDB_lcy^h1
zHdEMdW-pt<3stXYvbmn!C~<q8wvg{}WO&OLiuDnRwF#JeoKhC@aiC4if0}!4hJsP}
zPYit=UZ^$-T(2YF$9GWz8nnJA4HyE(rY|s5wAH5ZEQ=>4Xz+f+^~ocFmbM5<1g!Hh
znZaZ3%;1`*IK2mu?<4aJQCb1>iVKqzstg%Z@^YF&L7cC-hRHV9`d;q#S?^wmq;WXc
zD@L<>E$Mq6XV=yv`Cmj?0eweTeNUd=Ou$q43@~PWh9Pa6&C`9%ueo!2i?R@jN91VP
z#$qYZcYK|I?(+%g`UZkA>vIgvebc5}Dd-j~L=qUy>AuTi4A6Iclz{HCL~Sqtj9Fh`
zsOfJu-OCZ>8TClM6aGM1Jrazf%zTko6VR<rK$rP0g`Z>S@ZW8^lSKS^em#<V#P4zS
zNd6*zkEutpQT#r)9?6^HcYZyR^pj`=Sgb6;0V(c`_)YalT0~j79?6_eG}c6UUt+Y2
z{;^QqBrs%%K6O?--zUPpNvTJ2P|R-(tVi;th&hw$k?eNVneom-)f?u0XOrkV)9U#;
zT{MdFTwxQ~|0h^Gh<?McEEaShSjgAko{6G-|3V~>^up8FdL%M?2l|eignXII`F_20
zQ$8$qcdkjW_f0!7)b!p$mDyK@rF-5IxZSem0N-DL<l`tB4TA4~EZ}^+*9)Ej^+;|<
zlpn1}0uqGmGWNP$=K>^bT#Z?m1u*7*uu%QCm<wgUpI?CFb3}RW)`hCmUh4pcr7J;!
zll{L&V0&83=lHV4exYoBzLk};&O-ZSFuo9ZD)Qg$nWw^+7cK^I?msYq`wJ0q9zEg)
zW883lcDhyQd8DL!?!_F36c^vG@O+oK$H+VbtUkflbr`Q!o(fiGZ5PULGq=S~8hoEk
zcJQtRNLaa*tekV50(c#dcX2(uMU-3C#q)H0FV>iSLxmiMCXmCBo^oh*$N@&#a!`aE
zbRh>e#;qU5<#3;ngA*SJ89eHc!B8QC@aH^N$Jf|5?-K-15B0+P1A_NaqTGEB-kY{9
zRDX{s8*eUD@3!(Oq=+-#DLrMOoY7MjRW8uXJTw`7%VAt9m&2q!<Z!1$4j(=)&e8Ae
zpB(nj=losQiyW>Ma%dCfW;x`*{$IZUNuU|+{^;1Nmc0N;au+YxyZ{Njm$+Qo0wlkR
z@^WMW68-(e<&qX4xvdxb&@~@PjBLK)Yi*kZ?meA}zx!|8cj3SD@17Rl74}kJTl{x#
z@$ZQEZi=uKdY0IWoMq?PI3e=&c;8K&8>B6__uL?|m9rv)=P`I;ffx^+XC(i_^BByX
zkEA1N>&9h|+qpqP%&)lF&a-i?BR5DmjbpA#v+@;WckhV|pB0On**2e*(`0D4*e7uN
z1a6-@7WbKF@jaAP0(bm<%qPbwv;u9+xsQwcdpdc3gD1uM)TQ%zZiA`J$IMk)e_(#6
z;Ag+pCzC~=Ozz2tGN5-psxrgHl_FPCSnL7zxMTC2EK1^h{9N!+DRRVAx`CDoK6W}}
zzi(wMAF~A?X9_;vj@tOY7d$aO*t;F`c^;8OePY^to=3!b7oP*9WImEF1fB4FB)(qg
zOqh@4iazL^JD=y;cws)0@SempM$AW&*9VP^`ADuwn6D!@CSS+J-Ft3_cjxOkySZn+
z4$lu<&tI9xV-ZW%kF1Q%*TH<~s`)%$M+`Ox_V4E*xv`)5I-K~dd>uyud{6MP1o=9K
zJFxxl%Gi7z498HR3k&9PT{ug$mo}g0>*x)0cpehh|EE0v5$Gw;$UZL5+vjmzurOZ|
zC(jv(@`O{!bNM`;SLTRYHhr!KyHM_W;IA#)BsgH^!#oq{P6-aoez=0(`U)EpllGsJ
zq|n+S<tM7#p#AhDl86L`3(P%;AGrW%z63_)D;4z6nF@`#rC>hT`xCn!*lNbNCG(IR
zW7zd7HQ#0K{cT`zm>CyGF7eNLQpCk)D&5~O9$XSM)TAo3Ou5A5!Q|a{iJAXu#e5`f
zf2mTxLwgSw-%l-d=kmnA3~0eZpv8j}nm-XjyV9Uz%Mj2!8T{OjN8d8FB-M-)X++j9
zHGKh1p=&C_#TkPXy4nRDngquCXM(mm89J17&{n5Fhj%<^86qEK#{C&V=0BOa{tFe#
z^u;`XJKM~Swmo2;B~1^)pi+9}JbuQ&bHVYFm^q0dU}O!2qEP-sf8c*gX>-<0(*~AZ
zrqJp_d#<K%HW*vta#2)zLAy6ip_9CPPr}?3d*0YNClj-0C!57-nZb55cSA<7wi!vY
z%gza8&cDcD6c@(Lubcx0YZusDLG#?OKP-V}>e@hs!oz$$*?SpiZSHI{C&cR~kOU^i
z>PveD-%D}GofS0q?0WcqnArW}d|qUA3TzA~o3h_n<pC`tTWLM)&bYkkA*GQ$t2~U_
z-Sdz{E{0Hs$WIh;yMj~dkQ|X<Lv#K_|1lAdnz<$?mzudI=df?a0rhww^oJCMvi1v0
zu>C7{R&X!C0W06+Zh!;r00+!`lll}>@7e$k+$!=-(s@WqpIoTs1HVs$m5;FUOs|!x
z{wLP-+*4%n=G33V?u>UCKW*Qm_8y|l_`FNRq<7RIx#qt($piY1?`yekg?|BtrB}D6
zDbzJ+CM^er&Q1b<IRLE&ppZI~=0Cyb@Rjpo=fHFi7+aDR%4m$bOrhz6W}17z8NKpx
z_MX&hNAtNf4=XR`MYp(smge!8^Zhy=Zz=^~giJgT3=Eq|Kbt4^5{w0-#%1FAsKy1f
zd?XlqTne){+h^BS(Ap&M?{NXm1NZ*G7|^yzu-%&DiMT;qIuA*}&DR!LOn%rc2ge44
z3>@p-o@_AE2SBL#`Gqn2wIc)g{@=ErLu*zYlD3~KtpxxXOs>P~kW3SMxChrEVfOQ^
zI-a|0Pl`fohA6G&oq5HLNeXq38dGvOO=0n}c~<kST6@it(YNM~+Uk(Z$^~PaOQ8%a
z<9nM6=&1DAvlo?O57>oIAi2e*Q0;|<D(fG&xPaa=l=aPwf_Pop3c7m68YIqhQ<4Nm
zy4YiuNXMAW*!$0Fx&3v@*CT;;={#!=O*V7Y9CoJ%KU&S(PC}F`9dl?!NeYFbV@mFI
z$f2$liD#JgeWp00kZ$hBSXGCl_&*rZHZ4?-fUeG~LlPKd&Jk>9eaJaSaHy8&<zYJb
zY;Es-#ytO8i)2?6<v$7CWBtbaF=|ost~*z7R|<4Q&I0W{H)t>ILSt7lba>lPv+|X;
zjRVST!$q~+M`SjF(e)N_+i+JMlE_3p|IBPgNW5>ph`+zJj_0Y3jI{IdKAZ&FG53s?
zyQ3(xF{b%T)L32K1*I)*XAWqo%u;AuA<#@w=ONa|*DX|+f*v#1;R7)9h1^+-grAG)
zsRyh*=Qks%5%$4Xi)60Ydvha`BX8#eUM1bX2jIYNp`%{N^0${u{#t#CKj{f1`Uxzq
zY+k5-B<56pR*U3h6y?wBc>lUh<RZDO7RdlHk2a$gNmQH<EvrRxmYBbpR?B^pOwf1y
zk?GA#3)Ohs`I4^ws+pf>@7}u^Mfs3BBWUT!>%xAs_Q|g;ZD}7kpyllvF0)mLa#3)h
z8UkJ2geV`ZHFY<kKHXd^&ds~!AhQYGc48ObgUIZ`uv%^p4)a)YJ8b9Q-c^glmkyI+
z_AW|b#PhQTbhRqD(6sxbnz@h7Xm{2iVejJ0TV=DGkz^ps57lwL)<*f>^nFp3wPzQq
ztlw2VyHNcgit>>(h2Hxan&bN6UdHv9wT>ZRw3~K3(`@rcRwH@R#n()jEqapK;7@tJ
zg&j3WUWlUHyk?<#RTO3K1qzi0^Bk{RM2=T;4L%Kwk0sd7e52}j>^UQkrqDoIxS07H
zrk^wbjQ3oof3%U=ZnIw|fi^eC9<yV7kgYs7&W0K!XGKvq+t4HXYnO?6%`J9*SLS=M
zSdaN$RT5}EwR|iaH)H4-7-GJl^^T3Hdqf}kzgn>mioJLCw--5vM{AHYbfL_!?&q=6
zcIF4LHgx7;WxfEz$$SB49#-ZL9A)|xSg3Y&@$XsLQ4ZhL<WKmn`)iSuzO+y+5p}h@
z(}U*w$P_=kC(bj}BDwiAv79Hc?5suN4J=gu*~R<qwKY8d(7Clp^q0`?Gmh9`NevQf
ze@I{;k6S7S@^Q)|)&V2QU{t*m8=nWnIc@L2aIqnDp-2MbF5X@nA&KikX%c9LLl<J!
z`u@vxazYJ~`_R?}X&IjvXYqMVyKUg@=B+`ZcX9n-z9`cVNdhe(bl_`5IpEL->&(~w
z8m<q!5M_qxOGNoUHAq-JiDYv*dzUb#<GB@%ikPmcJ7;8ui0QI|Pd|ZVi)o9vZyo0O
z*i1XrQH|uU4u1begufO=)1Q4AQQlnB9n+b(GU8&ob6C3}%JKH58gzBbT5fYruI9Ns
z656m9UgqFxBtIl5)6U9l<Yo4)MzYt88J~09p8!EPu22?l9cQ-tdRNO)w-jVLVx6Bk
z>2?RpCM$Gn0T^Y>juhB2&CUXI9(KFu)e8C-7wq>;G-HbG<{s70c}x*LpFjIkHTa>4
zKWn=PH2tVTnGbfX+SHQ*{et5qc}Z|j=^3CM9p(17xpT}o<oX&U%H=#aoqh}WcUAK^
ztg^;DTOSPk8A4fAP~_Z;>fB$%V#t_1IC%;3yyb(@R;bWsV7622{RW_ckv-2L_(p=U
z8Dh`Xc}Dik1sOTJ=edT!**(u&_|EQm-oj(%1k5Z*e4b&a=})m3fQ_{QYk$Cd<z^h<
zn$FwD%#Be7##W|#Om;^VTJ~B6eX9zIZ|?DuDiK4N-xf`$Y|OdkkNjIUwjG;m#*5pX
z=Sa5{fVMkLp*008&QR!HYtIvtmB_0XfY@=(m(A~_-c6EQwpa5u+f8P+_{Q3IQ`ZdU
zYcf@XrA1FB+4~Es2fG$AxlB$4dcR`tuev@J=;RB)uzcCQB|tx_LbA6+p^?X!Pdh^F
zXB-d&H|J+xHGf~SJhtt9`Ctg_ADP(mW7`|@!DzP5YGlu}^KJS;n>u19ow}6Mlajz+
z#m~f2j~9$cp+fUu#C~NmXx-mmW`AGxI%rd`m`OX|==ptQjQzdmw~p^`u)lBK3fffP
zOgiFkJ-=6q9N#Ymt+&1rqXUz<4zzFMI<VIb!Kb%!9gu1(XdsE_E0jiqwkB1fThC+V
z6lx3-d5a*{w{gl;A8F2gY}b<&YQ-@6NYL6#fSy@{q`gF;Fp{;K%k+KN^Hq=Y=S*Kp
zfv<_OI#~Z55s91IsEzB-HDF8vzIRU&enedrpWBPLrC@axk`&<=|D_5^syN&GU=_ay
zg7u?6Rv{Vk|2X^d@F<G(|F@?n2?7E_LWd;EOu%DN*Ml6gxTcd}#&g|m8#$E;AR;Id
z4!KDO&`AQUjDoFzn+c*g1MZ@BR)X#_0oV0hSrm_5S0@RF5D!AmnjH0es;fHPlT0Ar
z-yb|r=;=D%>+`;Eb=6z!{OglNMy<c3z~Ukr1BUqIz``Pu?_AhULwrhLP7$roO~xa3
zFtZ4&#0GwY>E6kCFVVQ^t>d_2q=P?x2`I<nKsgrMZI8WGc7!&0Wr<YrCq*I{N7}tg
zFo^LzNOai_+8%;m>{$rtcl_=(Z$&$aJrhX2ax?@4FXHLBEyr!%1W=@@f5K|Raa{2x
zs~_cMc}HRq!{B|9YZL^(8u*kzQJjd1^mpR|XEFheF2d>=Vxv0$VgqN&V*Mk@v$8z@
zm#mgzauHUEPhV18B2|<rQeSyNco1a!V!CR0g)B9^UeWPFKQr{cf>n6EXT2su%lAcC
zz4Z-(zbS!RUc@TVtH$*u($X?kla*jb8;Jo@0><;76|8>A&h!v0I;&8uG0wD}Qt0_u
zf=9KAp$jR2kb>3bPP!kZgy0u11jrm<7pEEfzz=p}p)WjGvb{t)?o%Y92d_XRrujI~
zM*V_y%+_T@p6P4-eBjicSpVrPKz~!PdTLLe|8$m!7GOG8{kLc0{C_omd&cGenf*p=
zbiYDv^b(Tyu=R#eHLZ#32wao7ldd=DJSXqZW$!EHhOMV`@x7>s{x&^GaRr#Y2SZrD
zgJzpz*l$YUSp};H7(WfHCw%|0h~{OwA2^CDPVp%LgLix{yd%2v#SY55H);O8-@qu5
z2buI+!+cB72I&L`D^A@`&ko+kb?Fp&??xtf#}4Zm!WeyRh0u5h>!;lY8j({Y9}^(C
zVtGHxJ4c70uhj&%Uz1re(BvKIdj#uSd;!uqwpZWi_h#1b&JJ9WZ1}<7bDC9e2>p$V
zOQqxc6lpobL{TBQL+w=Uz(V}S5~-<7k@6I}cdoCt*Z5qCw9ThTp-wEkT}0Pds#*QH
zs}-z1*olQItFLj;HA~wbGv3I21+)l%G@JS(+g{TjJ+;T;i$`00@!KF@bxj_cbEpgd
z^fOw<n5WcOzuxD-Y<=9EAnmi3-Tgi5@4BDcUv4*Jo$MDu-ZM}{aW7K*e24itf}t!{
zqkFxre(sO-e(Y0avHsdDKwA}xkEhD={IyxS?6ik1d%Zn_L7yLqdmf1s^>_ywMfB9*
zn2oKXh^}HaB67Rch-iJm#IolKvFiShHRegyW1dhZpnVEf&t{6K^kk%e^c6?On~I0v
zU4OkEbPg!e*-SwHE2Q^nllJg6Xd?3$BJmfSDZl>9!G7*t7b5ZhA>iur_qtGxP?j_U
zprB?xRPKiC@a`dExV#kPh!|^QbXn(|q;fgSLttL5Mb_7uvaYHF`ByjQA^#<u;lsSd
zhZ(Xyb8TFNtPdko)@QDD`H!^Fxo5{%;@ZO?=UpnIrw>#8x&0DThpcg}l?O^Wll9ec
z{#v1*e}p0Ht6lzD;SRs!6VM*9$ogp}>!%0DZQNt0u`bEIh|Gzse-%a6K@#VFZp!-P
zctAoSy^|USb3NkRRvrR3DD?MRhI0`z7hj6>3GSVs(Y4=1UFP|PSS5T{F5@C=hU}vJ
zBC<_kvYx@E)U^p^NrgNVOyIJ^6D||OMLv+N{Bi69ZQMI9gl!}0g1_iFAgxKm@<NB5
z)1TF>18>cETF0L}FG}I$2&`aooSDq&awIe!7{Tdt(!X7?{zRbt8U1jUeo_XAh~_yI
zcXF<#eUW^<IhE5Y^>yOm0q6KUbl(eD9SKlS=ip?w9b^|M(#iQ^B^t$hYsQP{6rVii
z1fMd7=BFb9{Ce>Ic`a6hH*smz{0Kcq%_yXG-wqVg^JdD8T!n$3t9Rq{BE5D~d{>=B
zqBr7fPD@d-n)Y)^M9j186-6rTz=HD-t@U%YF~2lUcD7;JnMG-GvgdcFbFv#iegqWh
z7{-G02yHil{l4*5PIh7}J9BBfVeI*}x6*bVP^9-T7P@%y&k3kMduQ)`oXnB7F51>^
zJfBS4?g2%rAY*<^$81;W?*k^&F|P(idL3gy-drLj_!Oz60}D&Gl}Hu7zQ=j4j*I&x
z^4`|xsZSr@L1Pmuzx8hbD?lTBKlD6S`!cq?r9_(Oqp|i?9a!inq_IXudvxEntJL&u
zlQu`kyP40KzU}rGEO_^OOP*K;^3`%4a{ak0j@NyVG3M!RzHQw;6Yox|dH&qjd-}Gj
z1t9weil}4(%>xYIMsTz@-{yOW;@uhM+y1wf;@uhM+Z+obeOt+3KxABkb8`&e_O46!
zZC{Hby4r$wJ`3heUTNapw`;H(`g?TW*0h%TwvYbNE%%!m>Dz)+diu7j)|$S}_jaUj
zb3fR-Z)+9Gl1B1SVE8p|TBKhiJaXum2X)FzJuxq|2TaV%G%>I0e-Mdzlc^4^`^u7w
zAE)zL#c+6>KChIz5SbH@IZX@i9x^42co>sCFLGYuQqV|joy9}JiMX<)&?w$p%O~m>
zw!sdUg|YypufZyufVAo?5fKavxd7SM>i9M0>9uS>><>_Z8X+wjJ|Au{=XzzG$wOW5
zHo4Hu2J_CBsu)h6-&sDU>nx={&lf>+H@J|E+MyK61=PL-Dzb}2e{HUavVgCvUI+3F
z9_r>j39@*ph(;`5**Y~2ylkCKKj*p&B6A4H1I=A1K1XCf*dqJjGSD{k7ZI@)`t4<e
zzW#7>Z>)dAKoKc~p1pZ~w*qNaemZ^&+NwCXtcD*E_?mr3dwdO6zi*>4ud((pcMVpn
z!&q?a&PA!A8@<lpjo$mWQ@c^@P|+9M+4@q6)I{*H9SbC%F>;lQ<uwLgu4$*=1#a1$
zYdJTX7&!7Y-77%mvU9y@L%(msLVqT2J&)L?uU~Jm=2D=z5E-``==saqvRJ<{2LKVB
z*%9X_b2;gvXZPl<q37w1x!0EE`OoZd`A@n;G_e=_w5>7mQ&<xnKWj=%or@{9;OA@;
zKe^{XzG`kBdR6UPZcwu=GB-H#oUY4TB65RAS#I!X-*bbY7?~SvUK5!cgy!|k4am3=
zxdFq^?zw>#KVMj=<EMVUd(&#HiU)h*Cz0(dYp{CDp-Ai$$46qP`!|s>;@7LG?Ks|w
zT>pj~%A@~su;pTyS)LV%O^!QF%ybm%__)Q2nc`0RtUG3AzaJelQ~zP{sYmF%49s*!
z!OS)u#_S%F9j<z?8<x+dm|1uM%zSJOR+Wz}n0X(dw^!?X`^Jo0!}g8;3n~u&J3400
z{M?-DKaPV&`1c<Uw)pI#j+fcbxb%Ch>_f7{MYYg{nK%;=&L#Q<D7cBzH~^Gm`3){q
z?E(Z}xDc^Z(!Tm`K%r@XLb)PxKSi;$#zpI|R%eQcQ}ungbsu>sp2jTCZ*>q|&Wy}`
z$egP0W^2IDgS@Msh-UPIdZ!oUgFj~bt@Z1BvjInx^+>lJw7meDoB3cj$sI&`Mv-9h
zsCQh5@Z3I-#&BoHgO1B*$BRhZ4rvs>lNf#{(>-wvyU9Dsc1Ww^lLM#uq`)Dzc6E9@
zpt@`O`(ZU!PmdQ--L-f5|AXl|W!-o{XYU7uR$;Ynyok=;FCv2Rj{UhP)qS(qDc<a@
zd4byQPRn<sq2a!*muU4RQpGEZv@J~gOn#pB^%IV)K|YS*LvR}Ilb=|^)*?xKy0(vV
z*;-g4rL#5#WIpfaqEr~`b%t*C`lHZz2KAA~8%m{#enpzj`mEVz(r9f@d_vkHx+e99
zFcz*^L-C~sVZoqB31cB*J<ti-Nj^SctYvjy<I?M%g{hp0zxS-7abkQY-Q#j?8(q66
zzbWjuD(1JzvsLWbfi|`V%J6#WDy$k<?P<e8_G-G$<!GS((K-*}9}VAliup#}FJ=Mi
z&aanOVbv->GRB!K5nURl^`!TQ>Ao5=H<``t(+)bflbL{~t)@8^@zon;kV6Ek=0oLf
zeg6IRck))zHNoc?O*yNu>SKQ!@%(RB(RFx2Uu=iTqf9pD4IL(rZf4I&9^@uI?U`8r
z$t*x$uVOy!nLPi=ED?#{fY!#x1X5Y8R1TD56WXwFl26uSiD>%MxTi!~TCPa<g-se$
zEi~3W403B+SyF0;N#7tw-_Q<vpHPU^!<oC9u4y>t;)*kTN`Q=O)s^0IN6k;?@M|`Q
z=9O6O-`BjeyhNH<u1GHt9bQdy#1F%)2G~lhUdPt{t5;(6%Faj~`*x+NV@-V=FaBjZ
z*CNEupE6l2WwJQUWTE`4rz~D*$HLvrr~AWHF1?M_7%q_#UR9(%W56Fvq;#JmO+%&}
z_ph?ZaV3>w2Rjc%e&4y0%JHWTEIhi3eh&zBi{*nHwf{TA`u>_NhMgJv$39z0+gaNv
zow(wpepc9~k7Hm5;a}m($o!wzza@z1FUGvb16sF==0PWk&)J4E(gv4G6ZiDQp5A1%
z6H#3?)(U45IkR=bUzm<PxDu-=42Q^=Q&!S-ykX2vC$7ZmUprVXA>QP5I&RXx3uLKO
z&c=5I5~t^cBkkbTRn!iGPt$KAhW%aayNK3KW&T(<nfKO4X1eHR^b%h^mdTv>;`s|f
zZi_2RY7SGGlix?K#47piG~+|^N~})Q>zWMEe;3&A?HyR~t)lj{uZ{A7(0}(<lm4K^
zzw~OKY>t@-3!7G9)rj*k>Z5%(mPk#nDAFsfjK+<zeudQ<J-ac_@7RPZYWBwZD~TTN
z&GS1r{oD5z>zz^gZ-PwTS<T+Du0MplpfzWSh{U=iMjXEqt05QNE8|#6^>Eipy4Q&4
zx#M}Lm=b_A#M=Va+GLlo`TcVRR{s>n!XH*qJD=0myDY7Arj0I@w!KEbCzf80wQP>=
zUC!nJahKx?U7y+aL6YaazQX)QNb<VxTO)nLA67>C24!DQJbJIakC@j?^>RY1X`?T$
z)XxFwHX1C)8EN;HN=*Sp67WU*%`K%;g<p~0YQ@3~9_j)OSQal$+Bh{1ydwsR$hxj@
z_9DE~@9JQDdka(g&s-blugwK?8KeKqwJv=vBea{~SpR^_QuC`7u{hIrv)8HItlPKi
zc~ievUmCe)(5oFX{;X|{#DU!_**eaazWGBP1AasKGoSH#><X+NY{$aiR#ICW(MOqW
zy}4A{=2xVzTCm{b;9Nw!6mp>&J~2=Yu*C_(yJDs!OWf4mzm%-Rs<Ad=#7w~!EU1jn
zAGcwF<Vs|Wm|o@;|5k}qQLadLU@VZFYGfN0489mKKyhc^uutEQ5uk0-FcwbpDFHQ%
zg~cl=#++93{4cSXpUCy{=S;blGTgc#|CmfKX*FZpqswU=Hny#gc9TYB`D6<g?p;ao
z;LWyf-_gedN@99KY$<d-t{}7!US4A1K};|D@`Xlu+R%xGt&ATTY#+p?<&<Xkquusc
zO$M!neTO~}#=^W6Oi$m$6+~C8x=Q@KF$bbA$;MqdAfg_+%Vb!)Bi4Ufjq{&z0s7~1
ztk&+x^Pg5-{xdESRkZYtcWHm7bY0zoh0Yb!pMKTKawc)C*XbCm+v~J#rd+4<eY965
zmuFk39)8r;2S3KzJk>(i1@CFY!q+QIe<rojxsf@od)A!OfARl8pF60|DV;3tP;T-%
z-8XrOUv@G&iErLHq$i!d+1wJw$N8Of-ny-^IK$}U^{zV^X$*1thW>sBTPM+Dg&Xej
zE30tD>A%GK&+`5J-z~@L>A&Rp&*q9q;Xo_r;2iNmR-fx!39|lvE}%bI-naT*m`8mt
zd5`$sYnEd*bRYG-*~_W#J+hqoUeZ3a5Gqh9q_yz_0%1NbFoMxIrkU9&nfo#tzo>0k
z*vk01r~?acET=lIyhU}~8kZ3rkF)5wb&XZWLp9D%_<G7kadGH!tPbxMv*~NBs>^@M
zC8G9bEEuwhxlp{vWMl8d!tG3#h`$=!O6_;&GG@OIN7}D40HQ!$zrnQM1csq0tysY0
z0c|FJwI9^qBZ9ncLhIXv)){uFCv*~?!A?pmp|cj?oYQxicUF+o?RgdyZ6~~?Jov5m
z^qyFKUHPmU=f7lyN%K~BsnoPrkqq5Cy(iCqR(1K0bzp(W{_Hv8)47c?14VRa8y2cv
zbRElgBgjVlKy>Wv3_u?*$LcADeMHaB&JdCKK;*Y`@lMdH>>>*Bv4K;p?X3$%MB0;B
zFidRF(mr@MXyje;TU)o^91obkwRii?y#y*wS>`sH%+31y3aGH|_j5c<;<DJT^{qRW
znd@7rEM_J;xz=mi?qyN%Af_9R#y?UjCG1nAwH+6KH*IdIl)g`q7WXlKZ5%{%sed<N
z;kD(|C*6*S?@kQ#8K=fmEPR0FlINeK^o4GZT&MPp1+A6oX;TZ;>C^1p;O*UX`q!pT
zf7xP*3s^j~t{n^dncuY{DnBctf@f$yj=Mn{^9<cL*tK8qCeY+dN~NY(FaDidzay-P
z#t+2j8vgW>K42?po6v!Ut&AU&+p(Z7qj;t4|Nrx)))>(0N1L9+>aROVY~6P`EvcZi
zeBFcvt-_>>wEYlcAwHp0I=)AdUVRd)e<g8yCZI>y{Pq0q9ZG{W9<kC8W5G*8!^vkT
zW}ezZ@lwZ*vVQ*epJd;o7;jHLljlFR$K^j;c8C8T?M6J5(6z7d%VnnjY~*7Cp++po
zLaEfWN0Bz+KI-{BEFWpY!q3a7o_~!Zbtv>lwx2c=v={#vsY9Vu&}3Jsv@M`WPxNt2
z?ebD->1&D<ZoKgO`uzS;A|2nQNWU~<;r(UQH(k{dIllvJexXsI6?B_lFa@+FRVC84
zU5ezwmUibw6fo$z0km1&+WC?}i~qDln)vdCZG+75gGMaG-(M;%-K$8KKZ(`rF&1_(
zUe0Rmxz9tN>#sn|`y*CKf7br3ealIuQu=F(w7(Gx#&?bUkFe|;D59jtME{2f3-ZKL
zY1>{!8iKKq_C<-*bb<MjxxRD(p6fpA-z8GT%Zl_|BgLWrEhYIB#haFvUTDb%ZP>+V
znOrIz->XP#h>kMb`DZg0{=oP&2Sv%h%<s80*4Pp2H`d6A9i84obNtq&EOy>QbNo|{
zea!u)QvW=;(Hz^bS>pdm96<UYzP<|JTn>wKoWWc5xfuPCc^LlwtlH1tZy8oezs8)-
zs(1L0w^4qUSonF4#V;Ey&+?nGK*l9wcE>NP&Ka@Ap*C|J^YD{2{wH_<W9fagDGNn(
z>rFIHNCM?qfTWEdw@`mHXDP8KI_{)qETq+yNE2UC^jcSqKa@!6uPD-^OR@SG+uuxl
z#gwI3UDAiW-;MTCsp3^d;u`6CPfaGEyOz>5&;@Kg(Xh)2OR?%^>(9jI#HB`!%#?tE
zE#sGBbyBBEtH(ksvHPyOcXI)SoRnS;lxM3m0ReCu|J#a%#xF{wTZ}#A;{jc@G%{{^
zqXP?Hd|e`??^dK6^cvB&Kr}kLVv1jtN=>gR(gzKF;75?s`nLvpHaFrtgab4^2gm~S
z@1-mU$P!WT3Lt*v=ovmKP!<dIvEB5tik{&-N@7zzE)8;C5}VfW@c~0;Nql;$jOyx{
zy>b5hC(ZaY?P01zhL6(MEB3nlV@OW$4dug6omg1%zY=NbZbdqK5xHw0lt>9LE7FEO
z@FV_jCDO!QinOAkr@r&i^4wW$t`}KT&=O0fgx3^lRs$B&Ksoj*rus+t8(2bl`}#%J
zhPHk}abM~K9be>8{dD!^-F`IIy0tI*l2a;83@Fk~4bd@|*pZtDtzr|!UH!a+rB9-}
z#+qx|b){0eUy-h8h>k50YZLQJrKS56X_#e>x1!!{f%Lz1OsSOMSEN|hW*fpn&E8o5
zum4Ebk=^&=^zQAu$BPlNPNnfdvE_U5+hH?TytxevY2Q(uyuA|(y6p)4{6qi9Y)81m
z?|urWUkpdP)}Llj-Fhs1@ihn?d#BO&-QoYkngwf<)u8*Dqwod&F7)sc)7}*h(q6Ls
zpJV5d3~UH5Hh*jEB(Z-|z{v4qEw<Am_hELP7REw+O^H;oTaj7_*0H}EJNibqb_JD7
z>i>c6C9DnC(6dd$`HR@{1Eo^MUPW5i?Y*r(mPkuqQKWh2>3#G@ZE9y6Xa-)^^2vdi
zKKSvIWu_mmWqv$ucByn~Z$JO=rPPm~EX(uP?s54~?Y+Zai=x}3zV5<<_V0~YCH;~A
z8}S6;g|?tns@SJUhE9_C{N_9sLeoTD4{8@j`l6r>(vp@$KD)LZ3k1vS_Qv^_EvDaO
z>-M_*M{w_Utz+%urP8*2igd+!sxyQ))_KHqlN+I*(ES=R>d(K?bv9e$;AjI6f%OMn
z$f${h=G*;Yo(r@sj`8DXF7eks)8AkF%m9DwGXwp#&s^%ST?Qz<pNMR?L&c#as8?oy
z{OKr=4_yWI!EBH}y$a+*W1wES7UV;}hWh-2AWs@AqFd5v9i@pkh-muNA`-6^Q79A8
z1EWMVWu%CvC5uQDL=+kiNE{}jP!^yGgGID*CV2Jxu5tmTFUIPLToE~BNGk#nxlhr%
zqly3`>ZNmI=-yBgKY-%~@9a~63T?JZZfjmwjdVo{WhizL#ppH7?SY4<k~kyl%g~g_
z8tM6|pgHt9EVjxbUPSKLY&s?%IcD`$pskMOPz^sUK<4Yjc)v4vwfB?7SS5P=E(b?z
zvqS{%y3o44E>s9mS9H*YjD2FWAtyY0NOstH1<1kCkggnbp_=h@e<AQ7i*{N^fh!DV
zi2dk&_l{Yhy?(iV=VX28W?H*3J0D~*MXbzD6e}IeAyCWiA1}X=)^RPg!%c7#$kjYQ
zhRm~lF;>Y~g*?>xEcFz*5>^)ypx&Ji+T+P=oSWEP_%lGx=jlD?)ohHa8}xhJZxU~$
z_39p9LTM-T61oY!Sv+*@jT_D9ghvm{4(E>m*?j|~?>Oi}-`kSwLUAC6az$NsBVNcu
zS^V(2U@XWlb8xgORz&WvT_`n<uDMnVWl3281>z7fTts*`l+1a=B6tF1$1wW0_yov@
z`-{jifSqf;9OSA&B619-eT+`bK4?$OK3JVX+dGGe$Uek&f9#N)&#xR}yZ;c_=W{6_
zkA&n!&IKR`uOjV|7damX*?F~y%Ir`;#whCt1-=51?I2cO31TH_mz@Oi3_H{Z0p#~n
z#Agq$w(Xd;7^{R9_XtSWbp;eDV+pN;O!!6qUz;hS{9|0@#q_0m7|0?(TH!ISlC(_)
zMJn3sLNmXlZMPnDp+h#4=eup$;oU>!aDF^%_a#?ZZ4;6EXKG7&-6-qb5~D%mco8l8
z8Ib!tyC1Z>?vDa(`FTK(FJ|{-=Y!^Mj=aNw8wJ{uW<ayqJ0Uk{?r`Kg&Q#FgRNM^!
zinJsQ$lVDY(a$}9rk{I0GzjW_SAe{k1GzR6(4nDF-^%lW7M>3@@qD12=L5|=A3!`G
zfd65c;LNE`EF6l3dS4vKhx$W(`Dl=PYtzQ_f!b$c{oj%{SI}C&hf<-w{5g;bep%ZQ
zEF-w~iJsT+fkBJ08mz_{>lP_e(IAiX8-VzZ0<4l4d}Kd(LmZ~t(;Fe)7O2VvSxgiw
zYk9ak5!2s&@$~oX2_WYui<Q+pclWQ@S@D)dSXEBpjGV=aR5ZdPjRJ@#b0IkUS|=8)
z^QvX@dbQj0Xmr+Q0eZO;3j}MA6;Q1Gb0-!)E5Pc9>|Qsbn^!N!>er0UFBV}He#9B;
zmMBuuwI1mRz_}p6IeNA`%X{LFdhN!c7m{O$PY4_)G}YmZnk9<lywM~5jP-T(0>`jv
z;VRLB2fjS?y=_FDcrC~T2M))IXmlL4YvWv?GDHmfMuWWJpbMQC59GH3$FK=uXO5+x
zowOe%7UcY|T__kU>X@R}mSeUe4#^HzjWaPN_y-eHLVo}`*k44cI!4;+vTLv$93&#=
zVA==46F2C1_(py;?!uLrA-4NRGfXKDVI5P7=9!pM^r(p`!Fd!@Li0e50kQHb5G%ij
znEBP;VI5O^0P=<u@!55&Z99Iq2&<0ou#PABph&5UsjgXlL5PQs4Sx{)49h+a_E+gS
zr_fdJ^@Regj#`9OaWYi!pbUMo6AQVCV&$SvEEsrC`Y|wHIU2p6rwg!p*&?jEAAkxD
zl%cCh`(&|lxkZmYT!hv27QG~~0qVGjo@N4S?!dyB0<8Y06ARZAV70mv3s)7;Gw-7d
z=sEai-WDM7iF+u>n+AhSutMwy@?*sAW1(LBEwz7+2fY@XUQf((iC<et_Z*P-H;)9F
zU`l8--5*Zk32cM<*9TBN;vDS!+Uh*L_S?w<tOjFg-M7#zKsNxySLijnZGk_reyd1a
z!VjnQCO@Gy<Gw1uYUn;dp%kc?I6y>%pGN(jLu9;bK|TU-^dA66X9aKbzT&&gJDXFE
zog#JvaFp;q$C07ed78cmtJUpKONRmC$=rz!iX%l7ngK{m7WIAF*&DO{)f+F-zdvRR
zBC4JQ=t+a_B&g3G8cFZ<_HOhllwN;<USo~Y`v^TtV6@q6>(*uiZL^c`=o;2$KA;#f
z&nuwb(TR0ztr`+J_G9e6pA+lv^plt{G>OKDq4_j^Y<uKxfAivd{7v8A>u+5qq9q+z
zAhD>(QNKW9QDP?~7UkxE>_`()Xc-`JtcXI30f{$=DD;Fm5B=R#s4tpLF`mp(yjnzr
zK5>+Yh+Ow!EIhvutGfym$;o@9Bb|C4NNs@K^+06zkA+yZEm9<BKaX^<6AK28_^z|y
z$aRsi3HM(tzsF*eGJv`bEH=sh5AHQK$^VApi1Rv2Y;vuMBT62_5m#hvQvMaik&q=e
zxwSx#P4)-B#ObtdZBif`6lu^RtbP;4Hfvc7Kez)6)eEtj*+KoquRE}CeGJVD+({t+
zbPnsXsNy2!dv86C)RQe#Plgs?)o19|GWzaMzhJqX#7E*V?|T48YxO#IL?4HHYi8NJ
z8yp$l<HcC@{fsk;TAtSTl@YrM61!pkD78S5vNltnbcX24AgHejVcALK-yiBl8^sEx
z9m^FpSR+{BY{#-bejV25uFo}>?wxZ!M(2BKp~V*NkF<sB&vv76A#L-Gwauh%_VYux
zHcM!mPpoaGMYj3rRJS(EX`4d}v8wzB(>5~zecDO)d%v+z|NgGyxLAhucq9KaEWf-E
ztB%jGwzd-sJSb9AJKbCS%0jFfxF7V<_nk+vtdco>hP4fyB!^cdt^*4smLJLdx7&~9
z5Ig&p1B&$h6ZD$_4AJ*d>`x`R!Cra}1(A53hXOlfhwVeAg{v+F8NhOP=^)V1t2ixB
zzsGZgE`QSJM^Dgm(2oAJPol#lZg##)>ueZ#f*o@7ev9I0zim7>#;BbYj00`Q%Q*dH
z2NsCloCMfED|DOpl_2LG4a%|I-Nt;KjVbms$2>7!L{@r?GwhU}3E`p`lOFx<=NQo1
zPT+LC7N1pi#Z-2`x61p8NO?d0RX2HWqHS^)V%2?;$$K%N(HIN!7Sg?oPF_T0o(|(4
zbiJnNh`<9+P`giV#TmO6D^mUy9%*w27N%dM-5so58^Reiixr7W^+<&sSoqySx|gMj
z-8B>Js$V)hFrM(O9%rO3QKa%KJ^FY2nM)O^I>RF^?7+ghrHWK_i${9A0}EYsS?>e%
z=>qDbE@$<VDi$!T+JZAaXR+~q_DtD=GybK=kV%WKJOW<lD9-DIr?ziv$HGWRTJ(=p
z&Ko=oULPpiH?un%%UN5;=Q!h2*56L{EOZQKe1NfF2XWk$AdV|(@7eb&oviP};0>m7
zUVx{zzr^aKmM*}m<Igzb2<!Lh1z3eY<BUVJ&lOjKxME2=tsxjnp)~}{Q$QoMJ0R=J
z8lu}NRL^R8E>Jrj(C810dV+TSE{d*uT2g`;+5Pm~w!W$#Xg}KY`w-sn#n5=PDAvq3
zvRVF>P4cfoS_h|gF;pH~fYsW?Vr63+7IeSn5WKIf$10fz{Ds!uJW2R#xo@G02RR#P
zjA-BrbVQF2YsLfWSb)`<@sa!J9sB4U-dupyhdQue^k<D--C-=(VH%enWi??*e`}sF
z@r?BAKoq06b}TP=f{x{D!`cZ<&-)N;>)OA+%%uG}M*G`sSg2W~NcqD&(nsxBNL{Q*
zPQfGnlgUY8cWz`4GVAvn_iYe4)$p7?FT$&w4`^*vLr!`f`6PB{1weguoGB+alM@$f
z=6*AIS|fcX52$7dnQL;OdNEYaU4Yf<#bV_yi=4)<r}q`W?npU7ER|C>-*fGzH#u!x
zfYpfen&outyB1)zUq|$uz!%2yPpp1f;uEIN2r+q7wPU&e6IfN+v33Syf%MNYS?IM1
z7nt<j$mn~ljph%3x7grk9X)OE&Gw!)7-%<b>~IGbVn7^s6^P?rZ`c1`aTSOw$U7$q
zt=skeACwQ4I-1e~tbWptg>Q-7s?p!Ma{*T0U}vF$-Lq6RgxYXT7U=8CCwK_dWQqDc
zcGcrW6k`{W^8<R8)yadbuywww%Yqq-vCel1XxGuZS>6c7&~<_GSdbNF!wRz>h3IiL
z;hkOAV=`vwajMH?%ouFy$eZivUAN@9yB$}I#8}Ypw_<m|l=C1Lb+hGQd!&w#{E+C0
zG1dte=zNG<V2*jhMb9=CMX_TsjO8CO7S<<<m7nSQVh@}c5a-{xz_jBN16+P!dPCx{
znqhJNRRlMNx%|YI$sB^1#wmYicgO&{3#7_&uSN~K2ZZpPXFM+?aREp3KVqlf6;oX$
zIFSn?avPX*f?@;F$4!q@eN3Ue+)sEpV;#lCU<a;9$5^<Z=+P-%N4DtiSnvOM9IMx1
zERgZ;WcUYPM}N2Car*m#PAsHz$}#fJ5rF;wAaP0XHm`9H0m%i)`>Po)xntNJUonJ!
zd*DPCpc)s|ziJ)=C$dCT<I?@IR?Bp7mac<*T|UX%crH*qAkI(Z`6A)T0GFT0gUIqq
z5Rs47E){<yeBpFm%X>Uh=F=?vA+!!(r}H*I<OUsBUt5p}ABM&G;|zJ$n|vU@8@#aU
z*IbMRoIC2@9jl=09^EFM3(&JFfPAqcV&68-6{X(bZJEXUZFkUGvmrh~|E}TuBp21>
znl)zc&jGE-IM=`1JlF5c1$p#qd1%9Q(28h%Nd3O;BJwX0v_hM`4n~07)pnnyUf6Vy
zNAJ%=CuV|vUpL3TQ;_x!CvB_Dvb5DKZJi*GK9Gm(-kxp6t7%(@XlWa?)N*+q<k9ct
zq4!?s+1C9VHs`69wjWsPeI5XL^e1`f#K9<YPN8js&sf@iVQKpX$fLi`L%SFCY#W+L
z+xoUy+J-Fk6Y4=8eIgIp8=}x#%*H)nY5RkPR}CPK{xJ{DZtmF@wy<%(wzNHG8Mg)G
z(T#b?-Vue~H)&fDTiUi-_#Dg0qucY)gk-KKy^qqiTs$X-GDVaIiuC8luxgwu8E*MD
zn#{hfM%1=U=vhD5Jv>Sc-{Dc}{|<{%|94o=+QE)tJ?jpKhW4yGOxlL{_%R);M1Qn3
zT%0?~OV@DiffM5aO?V8eBnKk&XP?G$d8~*Oqb7lpNADwMHQ0#%IZ+E5`CYhm0>VVj
z?*Q>JTS8fYitMyTLrtvtt%vYFWaM&*;!5{mkd+~HEyXbp<dE_G=TVT?^%GI3Kdb3B
z2;?G?OALzq=EDu5?W>21h#z9RKW<3Q=T{A}-TyuC^PQKnZ$9^OvND>ktCZi#$<<eh
zsL&1t!8M#**bfTCEu74Et<UoF^9RsxKJE&TPp62_628=|w(U6i7(J&*_|qbkC0YG8
zJPcZ9e@L4IiWIg%yur_N^C>?YJDGnR52%hkBR<F>=AzVKy4UGT*VjJu`|I6M(VMPm
zYdliLDn)AN?fSh$)qMOI;!}b^;?)FNlhv2yjVF13F;+jX!&-c|dng=rw7&X>^Xc7S
zB%gVIK2~S4`n5;qV|6ym(Sq~o9iSmz2>fk6R_C(4U<c>ZJ0XaFetSMvf5+<MYF%w9
zt@|0RM>?@k$-x%Fzj5!lkTPUSxZDM@m509P>3!Bc^ev7v^(}^@`X*9+gZn`aWr=;$
zwZE9Urp(~Fbj|k|7olrKo1^Pm)u!Hct$HKXwd~ENu4Qks=-M8tYoWIzb<J7IzAxSr
zscUy#K-Xv<ZVybEk5%<YoF0v5wiuIV_E^R<H{;pA`_41*9gBU=vG8nuB+t0tMdw-e
zy}k1+{~pS-s*NVks!C0si9TkZZ$$E}{4U0`k0N>2F~4`7DR+SO_MMQn3>0ao#XkEn
z{T$PYh2Ct=uJ7^mNKGpgDHUVE^BAqgT+@LC$2GYqRZRCf9qHba9%{diq~7f}ex^rC
zSV{K?N62jxm0QmHCbqu!p1y}>OF0Kys`)to+Z=3xcU`C^;L_KYiJY7V=sMj7$kFS1
zZ5WarF5ehwSD~9htGoizu?tYdm|N(WhtF8XJOf%a@A8u|$XKL*V=OX`J_h83^>O|Z
zIgXeC+KA1N7HtgMtrmT}m7{TOE+F50x&}w`gA=(T67x7YG9Lmhi?`KZCv!4@a%}WG
zcD~5XY0<{XnM21R`SY|noJKH*@Gw74M5zrfc8{5@ZuAf_T)mZ(i9c@TlLNT$62G1w
zBR%)uLS*J>aOr2KoL{?8D6YRhl*`j~;~9Fr<Snq(MeF9=Cn81QD!BEczvg~cH|K5<
zRb9d9b#v}Y<YX8uqGY3P&fSsqZ@T+?$3cinTWTVuEzCpUHv*@LaU!bblLK&zh=SjP
zX0wZE-S@=bCk2e!l}5kAlQ~Vlr}X-sF-P!A(A=c2N$mUSX^^X@(Z8#%;dFnVzaG3b
zxfCys#EK{zK;P3KBI@r6FUbG1f6d9&xgrX#18<m54j_Jbz+u<x_2|5-U^!mqHP%{V
zLg3{$Xst0_KmJ1Fb*CNvoj`0XEf=LK>0YNh-8+!km>Ac)jcr}wk(RDfq)dy?9W;;H
z`R_WgKyr+&sW*6S`re_0K+)gxP|c^N4b1+8+TAW@d&CZMUW;yXjm+lqlOk<Fxg0bS
zJC@m?fZ!^LA&vRIJP)f+u)A0?(yV+K9^gMU`7rw<8rPCOYud43#G;-@vHD;~bo^M?
zZlR+Sbp2OIzT809(S18WCNw!W(f<dJfDCCO^8F7q+dvV`{2$FZIZ%!f`_%i&r8V~3
zS*+Y;@7qCB*nXp`7pgK8w%;i9J!scGO4mD}nyz;geGl^XWU(^LC*4irmKkwyQ|M8U
ztueCW1yk?CA48>;u9^KTF+eP*jcafrMZa%gL>-iaT*SdSgC@r(lqT^PN|WsuN|Q4R
zP1DmNX$rk+(!{-J(&RV~+Q3DOrY1^LRXxZrCX1DbA8~gUp=VJfJ@6`Mp;5eEClP%H
zmF1muPef?wl(2XJ%VbVQ%}Ju8C67{UBYGOz!)b)3b%ZXae?7m0ObJ*2oqmsKVc$XY
z8f|-N?RnDY?;oXl|8@Xpq(AJD<dswpt+`7?Y>@<-)us|-Bl8I*hTdWQn@6$wE1-Tf
z^HHph`xK{5x5RxnvvL2-*3&X(N9uX*NY1qPBvS^n+s!_%pQrCN8bkVVoWvQeygjh(
zut$;=Md~dNi>ON+###*@Kc<>bATjcmAix$QKGyeQf+Ah_G*-uT&@p2k#p*CdgY8kQ
z-rI=<D{ma-bZt(L@#kW-2ac@EL%TMZ_P2WjMCcZXpegKrO@bwk`#}!caw<pKp`c}W
zSrW1DYF-#aY&>-yRw*x%0^iTY>T{O4{LId;5FX8*OZn`39%mF=`2P@lu57~@>)7*8
z=VDdZfzz*M^nN%OtLoc0Jq{o~T6|eG7pqZY%gan#+%TBMmeW~m`K1|KCKA7?$Cin@
z-j0OCh}bgtlo?yXG&8mgPU#kpFX<&7UmO`*#tzB({OTdL`!R{f7tz>~d&G<_^Jkf{
zrDHjbEtNGiw!9j|O480*z+%hK=r?u3%fqW}JLWuk@pybG;qU7>JrfjZ1>^a`xpckI
zkjrCCF7LE4yAUJoVpPDy{|)DG1<{upet4jY)xCg_3!TUW)ZO<H4CtOCen@OEQ$$PK
zyZMTvES_Ms_4RmS57o_VOTBFOGLUtBHR^7^1^RkO_ImJk&c!Mmf;6jN8{W+pbsF!<
zMX8PquM;x7mp?^)H}Jjt?j?sjQi7sLcUW*>B;(l{gJ<_d^6ce9me}EMrp=9Qi%z%g
zh)MVMDoS@~JRoA1GkB;AZKHHsc>#Oqvm8ARveY8~1|ru;9L!%Gg|7PHPaXv=G+xyE
z|K0|5@G9-A%38znE&A;6I`G!G%>JEq-TK$-LM8-Kt1b61ea~pf0#qHP&#royKbn2j
z^cPXh-9T%ef6MX!n`zg(xk$gLY&K~i*rjakHZRsk%?PuP_YyhnMGnqc<B!mLk-i$f
zr@k8cbGolSd<kd9ANMg|eINDJtFMWiljAVGgC(?%e&Zf#hns?<xCkHY3wDd8**s@D
z=sfipz{%o?I2uogpGD3w7-n-E%;q?V)5j(8gi&vP`8AQX^nL##b4v_VuA|@4$=n>H
zI62}@uur?qEsgQ;GP92T*Fz}2rreT;%J{^(P%On)8`I4q%ihT>7N5>A@O2i*VC+-6
zm6H|rH)L_LZGearwr44O4#@mq5h;U3J%*pn@U`e++J3_@imx$4az1~W<?iLPDZW<!
zj+5bP5tWg@@8#s8tJ!+T@7Q|B!xUdfgIHNcaCs(l?R|VDMSOPGYTJ&%bFu1}3F$6S
zr0M~8_)qa8#+-OgtUSplk0E$dyAHhH&B3Z;7^mZn6=QaVBYm`Q8THXaAHnKDf)|r>
zQK~z`>l8D*9qTWSKU+WWNEM1AUDIab51vEu=dm!upUIK<v;J)hX1`_PPimO<@yi^n
z-eu{pj`i2k5gnh_{nf;$q>7&S<lER2pTu(dY|47`4!!K}qhnLfKTT|E{zoJ>xqUsc
z$?+HZ>|4wIeEB~_xBr}4GybvHfF8rD`us&yodx>dnreOh!d6GdH1^kQfb8&wA!4}v
ziO4+4{Um5T;;gB8sOGF?4f-r-#3ot-E|mDL3z4zPAhC`+VD7iq^E8;GuUk|XMUDX;
zGgmtiSC&-ECy%M&Q}q2#8|-jd%fna|TOxg(RR=jHXOdeek5GFj`9)|k&N!}kq{dY}
zWA0HM^n0!NBs-7sB*;bVTYT8~-u^tMvLL?S@=d>N4pzrJg4NKkxQZlDhW@2J(gs2S
ztdSUXGRZMPky>~d6SUbX=XPMhItQZrdX3;H`Ebr&QwOK+?aAL6d{6#P;3tJA49gCe
z-v+XEJwy2eXti;7_z8arpGiD(LMTi6<`Jxl@AZr!h&}E@Sa8hFMXA9IuhW;|9mH%m
z_$S=^+W3DwQd5y4jSFLe_#Nw7bLcxP8@ZSAUC-QW%p5cKQpRx_$-9W|=Dh1d&e!N(
zFcSA+o3R&cN|+0nd%^Vj3zC_4oqw3x_#_EuOq}D9cC}M^ht^SfR~MS{MuxmMN0;}g
zIavMk9IPtWaTOy#8Tv>s@!a797MZ=>6E~nV3T`|f1vmcPOH5<IjlXusjcq+~L)qUG
zH=N%^$BkY8wyawm{lDWz^&^os?dSzJW`1uO=llN~ZWOKVwyvsN7&jiDgH`u;IDOT_
zSe2DxY1`(W_+ba-*k+{b>rtz|D$kkv>UgfFzOH@P)Ysr>U0;tDad7m4`dS{Tui!HE
zHIM1*vOJuzZJtNk8fBfJxy{76yg3$}yANkHm3ky?b<Z|uh!0*!a)3;)6EeLiY~RWT
zF#Y6{t-Y_k%hwc3=^jOzfM`FH3u*gvxc4@Vvpv$pm9&26&N=k`FI%zTC?>H$rq?NE
zdc#FM=P~O7^N4?-SXx@DNU5k>ys?GG8zkpznvK=AHagC)**t&1SWx<j$d?0}GEhV*
zAR-ngdWj6KV>~@I8>`o|S`4+bv3eWnXLT-0^<{dUN~ZT;QRbU>f%$&1zF4Z*tVqqR
zSeV9m@NHY~?`uzZq~j|U>1=BxeM$zUZy6}k-)3X=$OZb?s(7TPRf_aYD;92JV}6Dx
z9cS0l{~sm%(C@?+0_6bb`kK=k-%aA@(402diiIoL7)!$D+Gy)+tPXFb>n7gWSp9XF
z@}FSuhra_^mw`P}2GB;|e|$FcG5?BOj}NT^EzH{kMRpP0+Kz=6n5`!2wmLbi{9@SZ
z<gnwHp0@hjY|~c7!F{pS$zkqDq^&BeO<SEdo7!s2Dx6U<-y<bpEI792qSR2P*BQ+8
z<}zJ5VbPV3TBx4gGaIWPgfCz_o?@wKvm(uHrMf82#_DHb%AY$Qrt5KzDxA^ECj}Dz
z>XDWdMy|y<+OSYPUSBgUNI&30Fl=I2<U!WYbq$*s4%tAa^+xG^5%(~jyZh<uokt08
zdSCCH7|y<m@}<dG?<6*O6=>;y!s*-e`=}BF<$s@m=B#0NT^#{A`z0)w-$wjQV!+Lw
zZ#)iNcVN{Le|mU={`+M1`}}jD-$zxRL)%I0dEL*@bqCgQ((ZlQ?k=NWOxtZ`b1BNp
zL%BxV4(PfA>-}~t6n#Y7jyHY>^A4=Plb9~`1~1`>lkgE(F8WuHcg2cGfBv-#<;o;y
zn|*!)iEAqeZxaGfJWOjdy-*3-R-=y}TxjcBde^D`9bhoX=?`PoJs8qMe0-pqPYis-
z?rU;f)@={TI+|y9tctA51cji*Z!VT5{;_BLX7z8!Td01XSwm$#m0=<zfwpsCq%Hn{
zsIKjrh1JC!7w`**J<>!)k^bI-g;5XFexF5D$Df;p)rMBOuVKq9tlo(X%o+ZF!W`o}
zQp;?LIWM<hp&uLTMTCVI_V-&Cz+tV_BUP+cq^&I%@GWzwzuMS>g>%dv-fzJI!6Op8
z7x5y}*T9YMB-vPdI~!-ZTPUw)71Hw<F$fDJo}X^`>H7fveil|w+$SP$n|c4La*p1=
z>MOe@bL$`x`Pd!Vm(0Sd?`=pYx?sKUcGPUF?)(K;TsoWXOLqJm`HjG!W9g=1N&cfE
zjkI9yuSS8qb4a9&cOxwPmC^Z4iy2egG@Grl=89<k5?Tj*P5T9OV4g?Xwo;LP+oI<+
zQZgvgzBVkBvA*|*v9NQte%DH%JLXySbIHdZsYy|!Yg_1kmb#g=jq+yXel2koXvzQ)
z6%8Y_71cp7JN(hJAZPO;;_cwwFqodN&gKEN@kxR0%N?y^oQT#B0JN`_()r^|tlra(
z1rnDx&7wHoL}bkFuePoySI@-i#BXp${E%Yl_*3S(2bnXpU;)_otovtCxe&g=4$x>_
zRC{2=ENajBM1OK=|N4DrPP#w)!<qDqaDQfVug_%r7yRA6M=v$~-=Q!TunW+C*?k2E
zW@0t16${&w#mWIlzx!DlfT-^%nMLop(a)JW=pNvr5-hKpg;lWxYxfZhwCq1O-gS(`
za!xxI2zG5-E28IXL_J517e%yn8)$~UJ~$Jr!F|>{n(2MFp-eze&Z0K^-s@}+Z6=^k
zSJGz@-!K<}w)L1tT3Qr+9h>m_m1deZziwH>d3u)lZOXTXew(Ver&#);g!)5k3{3Ag
z7#^57lbttuEpjhka8Xaa3Y38C?50;v9#AtsBJkpJM=Q~(QE?)2wwm^nKg+bA0Sl=8
zyu;Sfe>W4W|7@f47|Y}wDvO*)XfbHbOwJF6v2ZVu?N=V@_yu_LP&54&bp`8FDT~~b
z=vV|=i>1&19~?Hm32b9B&2GlRtF!2M_OQOjq1%CXrfCQ664MSQ&5Ujbjv>?z;+P$*
z=@$F?zU%CYeLM59YDc|e$kzXPr1W))l+=ucLaO(HGYAW-**q_Ar5LrG#Z`xAvUOpi
z?}OO>cm>PaOss|qv1Vs-3*}?=cNf6Gv~?aSVYMQ)H(}w$WU=z0)<~N&#()7>KEvYN
zxAIxc^+Keb`yMv!{3mv|Ok5j1qjBmmc&k%6uM?i${zj8gdpWV|%uMJ^XT?)9=~*{D
z-mu<fZ~)}HW@0rWrg#oCf|1QLMC5LxXFi?|f>&{HUVx{!Z)?JWL2tqikF<4-B9*ja
z;TpzUvBk8-muH%`2<xdWE?rqH#c%Fuiw6Ho^RXIc@q#BGt3M;^vx2ur&(mrU#ejot
zv|exkVHpN<8<Pi$Xg~`VPVh;AiEN(NF`F#N$7*XE7TRV~|Gd_sKUUq*>O4~VdPUmU
zbOAYU@JQ*a6=_`)7EUu;Be9R7pHtH9>1dzh8n(t=HIv%Y<4qJ7u4j7Tdnyta#F-{8
ztPNw~pKScwFW^(tt}T|9dKBq_CM>+e{OP@6is{N)5f#;l`h5_(zj+EYg4qwR=!wsv
zX`scQ@<_+m^^QTmZK8VJ;b!@p+HL>zL#AHe-bVF$MjICNy&ZO_zf%NR87!hiyNH;M
zdWnv1LUd0nc4PH<=F{5USS>{sI*y5G)e1^qs1UTY6~wNG2O|9EB+x2e_DE@KBXcDZ
z7cXJF*%Kx@loGJg_(g?BT3V<`F-$MI;;eNZDSkDr1)tbmms&ki!UjcZZNvick1ad|
zT3fL&mC4N6e1UjslSewfT9M8)TIl<ah;kWyN(pG~%X`x2lR!KEx<_j4M&C;<)TSKQ
z_KfofAuLqnM~`nq6S21J0i2o3<VtM(Pi`738FHN38r_!UamCWoVnsU8h=t3U-Tf1p
zSdqy3arip*b=g~6EVP~#Q9q`Wp*2(|gUfsBq;C>vX^kG~`1<JUc`r6%VcRB;^hK2Q
zuq&<OofpxM%h@-n4RpNS(Z+iKv@ftn+O{FGKQh+Z#{WMIFxJY0`E<O;8nN()-sJHR
z)|Sn{nb%zapO(z0vG~+REF5AuvZ4hG@3Oz+S}4ZEGaL1->V`4DGcjgy*xcW;Zw8eY
zJV)hqv>6LLJO7u^*gO6-PA--zN);)i5eqx=ss4@+n|km(>sNWPGvmE57KXa9+W3w~
zA~x7m*fXCUZP>)qA}abwL~9MXEu(VFh$1(*3$(3&^hiysFPtA=+K2_>v!doy8$43l
zYDM~}+2qM122ZwjW^C(*sgv2fLXXjT4T&-@hYK`qY_XJ3+&iZJ&_MAnI0LJF$??B!
zh{U3;vBgsQQ;PIu0~W?J9jIfqZuic>>W^0ZjR*OKVUgH-eH8m%;wqMwmMBtH0~W4g
zeV%T;@V@Q%=RDHHHHxG)M8}KxM~bD2jf%9dLDwt&ENNi_76#>0?06qh*;KfSr6o~f
z``OKr_|dwI`Jm~P|NECk@oBe$_C<EFlu!~KKS~;~@Uxr7vY$2f^a}=!Teo_orE3&v
zO#{mX?*nvn28)636A?@@V_>51T`}-|W(@3Z>eOT4ycu+zU{4DcK4Uf-h$e%3ilyTv
zisWvH)VqU>Zbv?)dr=g+#ovOqB)?dixUqM=yQ_ibm8mnZdS!dh@za(TOBI_GNo>Hv
zD{P)iSpIq<3s5|vBg^y?!&-XAuR9xh#+zFkXda==pgCG-gu%O%fNKU_Pb2wQSN()@
zoqGL*)`zfK#A4B=hp>9FTykhPJCXYpOB0_`q=5}sC}8y5+(LD3>C$3J+tgF%{@G-H
z$JN&_E-jX}J*7x(=ds{+)448Uczg6AtUlV_lLxOw;eoFK3*`N+Qn56#G`eoqoR8G^
zTbbNNnaaKK$)0jo#)G!?iDGHurs#csdY;ae$Zz*URDOmpc*nrKy8*pKe!E*lMn3sr
zvnluIABvRw-&(M6Ipb$+l(;)>WwDg7S&{yH9t*?V)HXVsv9RSKtbQ@NSW56juD9$y
z-!s;d`xi?~pHifk&SQbtkN9n;*2v@;QTHA|OR=;i{XBb~;;T{X-FQCxA*^mZPx7lI
zUH4!HR!7?5CU+LdBwrHaL^Oi=3!}en{fZ^|DMiX|!ouhoSPgyKsWtU4mX<sfxmRXf
z6Rme`Z^Oa^GkWp$w_<JCZ*k@aO;o4Fhp>9F`1`^0R1WD6VKuJ<3tJgq4q?+*|HC5V
zYrDz#(H25)LZJE~s=E^V-r#%)tMfX{KDY)`-bvl$eP63l+a)FN)<cwM!3>a_`4NFp
zaU%MvA$qKk_Aif=UZhCZoj3E%?mi@K6ZL<iEIN>4iNp6dV&RJ@YjnbS<Gx;cPsF`5
z*c!?F$UO{Q>%a^<E;&yz@Fs>kFdp<e5N=*X&V?eXz7KTWDjElxURV8YK!0d3<AWIw
z()b|sN~ivPXmhI>_e^HL`F7Lao^FjEd!$%mkG+kw{ofwM>V@Lo|JIu_e)GXd8F#jr
z{x#=3?a%)pR(p$UKd7hg_#VV+Ut*|t>&^a`vHraeV)bHi&Y$bCV60ouXLPP7^SXe4
zF0YTSOIo!@+O|%SUaY5hd%6p6J=<#=u|V=BqfPpsJkl3y6iIGm_t8wpDjeyIy4L$t
zJr=b1VkzP2$mfOi6vI7T81C8rej~+|@1|ol6pY?qL48j={Nfjnv~9g2&0~Dec@V1?
z^VKuzBQbGFn@5_sL6N4^V<G+`e(?A8k^CU?ocNkY+PYSe1~+2i{DUlx$rMrO8qh9e
zFTagK&ywF3OUH{9DWjh9mtg0m4`Q`>hKSy4COV%IIL_?%r(Uo@zM)t;?op&Gdy)6n
zlN1*(??y{H%k}@)K<hb(Nwl5=mqfp#8Ea<B2z{+=i;dN@m;qc}zFyBFIdJWAtddwQ
z%)^+jSZxlC)&4sjt2Z`ap`6uc_)7uhmDq_ZRyI@l9h;8T3;Eo0=P0gT4dS?*Ml6&;
z(xReKoOi<!@H%0`_Gg-?Zp9t}FN~t`fv1VK84cpN%}uOU#Yk4GVx&nM$+dh}^hR4!
zpm7;ivw0CAMw`e30-d&`!0zc-z1~9G@&dNr*NH0*(cEvv)gZ1&u=v0fiw{(y#Q9nS
z#jLl^_54j{cE0Z%7UU7d(!_2y_Ubt-EJ^5Td%kltE<esNvU{F?Z9}9^Ol0dLlY8?+
z45v!ZVS(r>X<Jd|ks8-TuBqJ7fQ93JkEC^5Ysu-Q-}ncMrG$-&v?L1cY4eMvgiVU{
z__=N|DZ}JP&RyV}CBx*0y0s-ay1Y`6>bk{C#-5^+=cCWF(M_@Du5SGqXO_M?kA<J6
zV^uuRS)p*SrMz3Mm8sLQ`c6|%8snJ_r0McX4s6@zk(R76Wm$EeKJS`8`~98sRM$p>
zxZ+qN78)-vmbP`%fsyC15TDdjXGV0Rf%sWM`>W@%@X1oF`dm1j$k@u)gcs?!N6(wF
zy@A~^=dhq%(Q|zKi@x?ld7%u}&oqJJLRQ`y7)f|^*>oD4*IU{N#(iFj3t44s_(al<
zpN`eQc`R(6j@95h(fJ>qhSjf{u+XvUKv#YGMiRTUih6DOW}XWe_37Id$M|j2vFf;@
zHM5C_F-llOhhm{1n+KW1InG-|#5qArwTtMmgXCeu14gZvvDbrUtz{qz`aZ`kaKMEM
zZBVBO1Y;7$M6Xx;fnKk8oqnErcp&G13k{rxRT$HnSrscHeZQfxFY%LHy*}jOF=m~a
zVPin6Hfo9VbD4EWZUi}fpbJgB2{fOL))FbV0rHW5!$B*wCDcJO$X#uRm~FGif}9@j
zLQB(nwpHx3t<MfJp*h{Cv1J1kYQ+`CT@WFDSb+RCaT-?N1<*)L?<Dad4~VmY_IwN0
zs%-RGl?@Qrg7rFncTU6V#dt+9J!=|Pf6>n{B?NArhSmRKECgdk)Y7%La(JM6P<B^M
zo+cgwO}U`Gz`>U79BlE$ipbXBLfOyIy-xNa+2Nu)KqmCI@d>)^;jxV7M9_9}utopI
z-Qdz|#7=$2rLScwU%B*q1wvy*Bwh~{`Rhf0O(s2WU49G5Sv=I8{WZw$!6HgnzM^$p
z9C&?HSG>9`^t~@hb=fz7ysJOG!z()t<ahs*?YFK?vvo;tP?rO{(~;;JAEmy^P|$Wm
z<T*cgB53RSi-_)XiVx)U6ZLZ}zBEXq&xc1mcc($x34VBh#3UawK9g9zdMb_8YxQTt
z0{@$eRjaO7{eWd9oLvcaxJ(Iim9ScT&OMFRCJ5e4&oEc>!vgTb1T=3t{TAT9InsXM
z3ebrCkvY}yLf{TE#@N=(h<grC5`7T@f18TcU$OZeoQl=EFczlVULqy#P^4iNOeZ>7
z!zYfZ=0}Wq8DPK9sNX7rHvtssvt?L)3qZ?fI+<?+<m5ohJd3qz_N>|lsQe5aw~UQN
zc(8LSR+}-+t6q7M(%RM;T^|qMWa{Jbo2Wh(S@e;f@1gqWi~+gaCZZw|Yc{yh!I|JS
z?%^2e;E$L0C%ThZR~-*>7L2I7_g5hM28l>mzM_@!%1e0Fy-rUsmg+(?F9e7_R`WuH
z?8SbNM&|PatDi#TK8wkH9^>_lsaPG){@yo@-3faey=QC0LJ@tFMX|%s)1Zy+&xr$w
zr}`E-recRQG8UPWgQsW6d}BcSYbTDZG1N(MB5NvEe>UuYDpt?1+A!m$VwLDCy0=6+
zz;vJxW1%vyM7m{%BCTfU9&eb6)mt$ZM%-5-eZ51Gp2S%AE7Q}xomgn%69eB&E|G58
zsqf+G(jhBN1PfRFgf-n)(zCnAtb20^%^I;o)<z+1Y@k&@BySuXXuqk$k>9<~Vm<bZ
znTl13(P?9PM&fNe#h^Jp&^`sLb?hB9g<_$8AG`Y&?~A`Lk(}Z!-qsz8RP!WOiQc(S
zV@<yog3V!7Cp|-S%YN$_qQn57O3x6HHWi)vxz8;%d}4t3S<)|rT*wK-^}h9bhSRV*
zn%TrxQ?NQ%ua!EYZgV`ylU7CQ<TT9gp!VJ3T`|2xaw@lYC+}3GN;XHa26ypjrZK;F
zBj-2k^4{l1`ZVT8`X%!lGYzZloyI<aWL>Wvti8Ve@HwtHF&5BrqU&QtT`t5nt@{SJ
zF(8w7#<O=K_F|2oIM&SD1MPfbz`!%#Ke0x9;caB>OuE<6JxGrU^f`PxmExejZ(fMh
z4R-=))v*LW=sHUJLJ=8z;PmyB;Uvcq^nG#7?3p{se5S9XB|!ygo5O6_odOjR_n7~S
zVj6kp(JAzu`JMFs<9+=>t{K?+wwv95Tn@11Wq@<A(}j#Xj|r`_plCaxoA8;uGj2AK
z>2JNucha2T<EdD^iRc3lb@Q6B>>fN~Bf*}8fg-Z{!&^JCP&uzedV#eg*#6D@66pZ@
z|CLP7v!>9q?gu-u@Zy~%(()aO^ptM5!va=&CHDUf`~5OZ?Ye~@9<cJ*7Yn+4j5dXx
zSQvK~Z8J>27fJ|NZQOW|%*T$gVEFB#W~}3H%4E@hStk~DO{KbA(}9I?50yxS7t=ej
zKzP}%W1XGo>K2`s!CSpKpd2H7Gk8XLxn?R>Ydf*<4C`xgCl;niB~s!}MY^*S3r0WI
zc3*W;9_e{MC=!`#!(^<I_p7F0HPnK&d=Ab<?1#A&WP>*wreO5|<8%5{n#YF*ftDXf
zWu>q8jiu{-`Imw=0+eU}+Cks{W-`^E`!N<~vN_iiU1EO^XZS^I=wFkm4UNSn9pB8M
zbiCS0*M+Tm>Wc%7wA(U;wo?W`1>t2`Y;?V>;p26^)OiddBKk<$U&Cy-kxvO2w))Ln
zI<6sS!pF^>^p3#qF&1n<YvtMiP)-bJWL(lOkr|O48JF};#u>u;5A#Bxi60(_80QgF
zPD_cLvgrL@b&PNBPMkKH*`UB`oRNOlGhPKT7Tk-l>N}6q4S8Ah{hJ4<ZamP51=4OQ
zYxf1l!nhf9Y^(m>(}@M^{}I#EyiP2%kU02$+Fur?dTZQEcZl^HYQkx)?C+N_7D((o
z<^B?h%uT;9Y$w$}()UelPB$)Mv>eCjhTJP>ntZvglin+4{NsSzNH8;%1NjUtlWZW4
zvvId%63igFyPgNVrqLZ3%MMT^k|X5yOCDMXe1T{OId@>n&<O)!=p&#=g$iF#WC!^a
zA2+5S#BR)jes$|PkVonHE5uJov=1nR*g6LXvTg3HTV~n8d%HbpXihu~Jp{G_z*q)0
zMp-*o5Gu}D83K^Y+D8_IigQ;g05To|1q$4`^21InhxmShZ!i}6^#kvOAuyDT$9H1c
z1&WkMVp5ES+##0_Ee!Gn*&SG(&<}=sK#{)2CJ#DR{VgJY4e?xHL#)f+Gz?G^&j+%=
zUKip(-T>UkWnim&Zp*suHT<x^yh&J9ZX^0NY@>1;ptne@0g9yOR>MTpvFeDPPmyPZ
z0I2(ObNs(|jZfkuNEDGBMC2Zn<DUigj{)o(3&B=5ivzilw*~H*gw^~cQ6DQ6L?lD}
z#x&M{$Ew46-!(iR$eD!InNR2Vfz2ru02#k`AG49?b-JCP9GjIv^^f>*cZP_HY=Asd
z=swesP?lsJhs?j0hXCo1v?qPe8X}^G0e~8Ko8I5IlS$iQ`Z@K60V1-t)#D_9{oot#
z?Ro}KIRO-DG(hFcph&p@mDcx10@Oo%+4f_Ts0_0J>Yedr+eHBFSCffNbAgX1nervi
z%O+#N=!5)!$0YOrR{0ZN7;6_zyiNDFdcAdkkDaZBpQA}w1s*h_CmgG>xXUJ@9Dt7%
zn{DGagy%LY8$JI9+s8#VZX?OT$@6mKSuD4a<oru)OfRP8_zk@<<Yj%<vFcrmj`D%0
zKt!`ZM1>GjC&qx>K<2C0)wSz&bz71FweYq;3_$#KL{E80TW=H5E94*WAJ4Xlh~$2!
zY$Vnjrr(e7KG;A09%AY?cVf9lzw4aW_Yv%W0ITa6O@!8bonHQ9GCwESHnt>_XNLa0
zr_Z-*eIc31`@JqZu)brpzuLuxZ$|1P<$VrN-p&BN?sWhey857ep*G3|vRey3e|8ep
zS%(d@S(f>dxu$|`<F5b5+`Gp|S>1`l-{*NI$&iE)!oVOzG82%S-L}evkb0Su00N4E
z43A+~+s#aZh}y0lvDFfmJh>=T{8b;dPQ`8$z}qu*cdZ7?blY_T-L}?lS7O`k%{ns)
z7aOnK4<tG7=X=hXnI{*}ecj*ZegDWOGjq;!F5mm@oJR$U{D*CA>E9jd&NdZn>ram>
z?qC<|`|&7VQTW<Ww~P7JC_ks8fgS`w4-EhVaR7a!JP`YCRngv5q7C>Ah&WFTD6cox
zvxt$Q5qLdKN7W!`1;;?xw~m5!BZz1GpboSS^7o>=-d6?`>Gj6-ED}_qyOBRfXkVG2
zKa}~cqi9l*^Mru#-}!G2WoHP0qMeO?AHx4vjJY%NqX4L9B6OdS{GeWK^iD?}fgQbD
z>RBXsGf>1yR{?ZGF)@P=6j%V?=?!fJdN;OTC);zN8$M6WVD1D9x{TgX0O%dq{(x+E
zKsSKP4CYR@z-jb`9tDc<3Vsi0T!U@}6f>l{ELdywei48F7ofm@&o@KrH2zFI{{ADN
zM3w#9+!lP^=v|Ay{}QO7;P1I+sO=I9JVx*J`1|j~{6-FRtKcvZAC0*)t;+yhp_>JM
zf-1xipXc~~2yNL`V6`*?JzdWtEyGSL_yD0TwLp*a@5NT|dxW+OPqyCY-=|o?e<8Hx
zS)hOA-=|u^9}(K}3eY3?eVf|~{*us^13**!`z2QJcZ9a|0{si`KZDEnmcIbC%U1i^
zP(SVkcw@JS%e>eG6HIUXDiab{nT^wo!0*?y$WZgE9G?gS?K6b7Yp}0cg>K{<4d9Wc
z_$8)h<XFm%TuZqc^+*q&2gk+nGGhlJGj`h?Bha&+MK0JUc(r+8juF^@u|9CMxo3_M
z_}BH~U5kPr#af91-Rfrut<hkgq9T6ak(x&?HC0@v?;>kVWY?IQYXrVC-u&r4#?@x|
zJR|V%#rnY2raI3EJRsMYUS9$PEc;a0w;O3|M~-!2xG9-6l`k*?o5zKT>=V4kY+PUj
z?zmVVxZ12)U<5)o+{OXA)i+3Nj{+6S8xXtTTH@KYsFxdowd2i`?$dR(S$??@STO<s
z$Ury0KUvuT1vc5R*yx>HFJ!~!n^+_`OY+tPDI0Pf7J)~4Lkof4iS3`2?GEV1-#q|3
zgSoka|GxmV5&K*Z)JXGx+XM^VFnYgulTGfZC^u#Zxr5Jb1gc~E9sIpK^0|qe-)r&r
zuZ!p64#Dq@xsxm|!|l8^Yb4(f^0gvQYgWr#pl5GFzRa<L*Av>Z80bm-zHNdPyqVCJ
z0MHNl_W~<;2g-^<>s|hRq80o)p)Gd<J;t9e5`4XF6kprsP71z$QR3y1F62|9O8j4A
z?)i)nNY;<!ZHJT44$0g7jD6S<pJ_Tku@t9jY18@ro_4+&Id)fe?6xW+@XLBm7vuLa
zt}zc(8G)XQ_3>O|?x`{Y`)zCFJnhW#bc(SLYvQv^71vmNk+pfW%-YnejlkaV=1uo8
zt~P6~HUhgY*2i;=S$?$<Fl}q&{Oq*xvs1Ay46E#VYOXZ`E#tyL%kXpCwMO9U7whA>
z#%#RS2z;e}6hGf5`T4#P{5*0DaAej}PK>}8$D1eJr|TNCh8Tf$^;v%I0_gSwgp+xl
zGnB2u7RNQD$H28@#xb&U9jG<})%D_h&}=8v)gV24Ang5o+YH6{m~kK{3%{jC;B(`w
z$J^C;v(oV~;{>zg99U)qF0B{usLSkU$HzP$x2@wkBQOzlJV3Yd(8oMSa<lWUFaqqR
z@#Q1hHQeU|5-VE`VYCO|Q9v(S3t^&yUZz7hgf?O>p(!2Z1XwNG6su*MYPD?Btd?yK
zYlKh5ePhteRzf&9%=D9tx$)UIbruQc6ME<qjA5q@1K`7^F1Z)aT(f4C5%|?jNP}7b
zF`g&)@VA7<bSc}=4r&CtPfy!Gbr#w{{QfsZyiZ9XiW&MA(5F#;K2T?2TZl0o?WO1R
zk+#xaeWb0_sgJakp3+C!N)dgetrYr;j0-EEd)BsC<pd5j{srj&(OD#+xuQD}KEETG
zen}o%P@?zq_9;=cYtiOLJ%(^<(8rOzkeAV$2WA?9wwp5Vhwe^k5G~sZT$d1lShW*k
z4O<nfVXJC2Y}KrWtq!YUYmU|Md9-K8rz?(&pqwK($E?wf!0k8j_jU8SWgH)QOvD8s
z=HIGV{;jIz->O;utq#k-HOKOQ-1y+kj$dyC>Nu{m`Tg`e=lQ$lS+2$WK*0sw4FDf;
zzf)79==Yz}wCGvQv2eq5axUQnT~VML6r=ZR>%_aHgOi{;sgea}G*`4$g#|6@)B(>V
z&`}S6c^!-Jx?&BYiHWGc9p?GHipk$|e^4=LpJFD~<ym<EE`@-Z^aI^o1E%Y%V7;nN
z8Gszn?@<YLO@!{Pxr7c*<nP0X&Rr+`L;Sq-Jc}6l;N$g6ncqvJ*PLgO_yqjj75!d%
zt+|9gwNBIv-;)E~BuCtrj&!07qOUw7D(X;YMy+)$LLA^r_z7QAdVT4&Ri9@%y>pq>
zS4n6tfD8TF>H^TcXV^Xkj9v|l-nX}b)hO}!_BPczphE1wzXeuL5zyb4L+tHsn)UWJ
zhxPWh9P8~Xv+;v7O-o1Q@o}Dn=8ob#p4EcpQ+}XttP?c-YYt~Zlm3x3|BH2kC(`)+
zDgRy?J+O|ygEMfU`ATK{9_LLlapo=||GUBHeTy-7pPcXK<Jm4<lJ*S0S@T6B@RB~B
zK9qeDezWn5M!*`?N64!z4XZaB0i>JGi;V@>n&q<Jw{;eY+xWFz;$i8h;aM^vv!3!s
zBd}E;DL*|q(0x)<qCJ|Bqlkm%K$cd&bB^n*ifruTfUMJSMNi3o9>%&+uJ4iSZB!u^
z$^|-F&bMsKv0APi87mwGmlvB7a=ir1#tlYb?RYRwWcO6F!3eC-?fUIU!d@zbZoAAl
zqiIouabLcOpPi5~w$qwpA=Ppgp3`y{p4IXeR`Yj&DbX)vU@#@R{v3;d3Kdgj&Ix~;
z#p!Ztv{cY#?~HNi6KQd%`DYSdQ=(Qt)=CVq?tKc*Gd1eT%riB5%{i{$`8-Euj^?`o
znb#d;-RCa{`UIR^jC@rR;OB)F{%IR|48JF}nbE&NTxsBo=fY&zN*=2U$oHmdC^OvA
zlr}T^=Q<X7`;M!YbZ!HyN8+n<n`X7D5PR%*U_J4^Vm*0B&Vuh;39-&?4y$upj@3De
z&w0(x<*2j8-thCkjpeBqn}YcgPhggBG6J~%Kd&1HpP7DhOm!2&FpD={zjZlKlozAp
zVZ6^wpov^TyC)@1&uH30#A}Z#aQXAPEIs#AUei*+^G}*9`a(e9FB%wyKU?e&`yoA?
z6m_B9Uz51|L0uMizs7Ngm=8aHPT~xP1Yaa2oI@(a?)e>9_ui~6xDa2Ao_j3qXJOU&
z4@O|ex{*3qRX(K-HVQK1AGq5He03eli~l*y@36sq`zV;NkubmUV_^PP-B_6GHkgNP
zFz>A!33IRVsbKyH!lf19Lxa~66=vnl*NnjB>ummj-TwKX!Tymn>@)Mkv-9lvh7p*&
zZj`N?YqQs<LpYcN`YN<%OCcOYyL%3VTNPoipRN-&_sKdIL0hG)5W)%U>&n{n@70ZO
zkB=v(v466TMeb3ntxgpN$PnXpw4oCEcnz3;tYZ<Qt>NtNao!@->8=4U+SB=jzAgQL
zLvl_3CHwqm9g8G{+!zV(;KVE(nvKAJ1;+7TP<N$m|58GKgnJp*EFKG)3-pz`k#Ufh
z>SP=wceT|L5WYYHKv%jHGt>z5fdGqOTgDH#nb2qIM#f5Z*Nu#ogtm=i*KY$FsS`HL
zw{f3eCz*a}8|PvC{nzMQ6j?3XfbOi5cK+g#cK)q(V_@@PQ+#69C%nQ4><A!@{BQ(+
z_PZx8U@XsKD}Z{WeT=dc?O~LsC%E3zqRU|Ex!o?%`I&u9i9+1yePOLQkBENNSrB&f
zb8A_I<UzNZM;4sbAgVghW}Y@c3WUwvxt2u|eql3vq|JP8wrZlCKG>(2=QY(#taD~<
z<`vRr*1>vPoibn)3Y)omB6NQ(m(ZIEh0XkTYqK)s>t|Uc&TZzY(RFLHGT^IcSp@Qh
z&3tHW)@J_oS|JZkI-xu6L>^sfvzcc`)92m(yp~1cdEiT|AoLH6xzlwZ)48m=Bsz!V
zW_q+7|N99|t`Id9hV&ydw(Sa_mq<LiZGG){pIn!=Z3S*7)(IP;pzcDp!)u)PaGcrN
zbTj2AG?lAb$va6bc_qY9)+FyDF<Jx`ZB(q}Vu-O}&0@n2iw);k7a9-u_!?tww4Z-&
z+cSPYD1Yx~<ItX`C}aPs+l|0GbzGN^-^cKqsRxWeVpJay=PJs^k~@rmy-xc#7aJ3<
zHQPFj0QUQ3UD_VV=1+~hbi9{Pa0=KH74%b6fV$x3{feO+nhLj^eLNTHz_|HrC?6=&
zduKj`cQ{1N*7IvwB%~6Ga*E$gJIwS`QwZI&R>&+aFY|$ZZ!OBg8X*f6(9?48J8Oj;
zd;<GVv&q2{Ld~_GMBW}8ql1LMkcR!0X6jo;;KA|W+LeWC>LDY5`!<lq6zJ~bdc)}T
z1B7o>K!-vj&<KQjw|bsx;&qzJPOqUH;_p-fWv9o}x$8o@O2iu`W#=-Dz($FWI6$`@
z{+{BG87G(>=fGn|0QLJ&^F9$XF3Q^Q+{S3qtUZO$eOlV@CpB&18O^b<)gf$-8`orQ
z_B+mSyQpHi&1S!1t>ER)tsTp6L(Q*e?DSXH2s_;~%)04pppSE#dup^|jkx#cNp5pb
z<$gDgzvc{&Ggi>qgdSnc{W8EKyH%ria~qiGcN)?jziExArHv1>?xZ#~n$j+bo~>n(
zvOBAmoLs7ytR=_tf)R*6NUY9ns)crW+6GUqgV>3_9E(;0J+m2N4FCf{4fME5Xtkl3
z9n-2U55ViVhMs(&N6MC4*Oh_=gUcUV=2EP_6Us|XH+}o~1G8$Z>q=D%wrVpwrY*IW
zxiss6S<9^JN*z|mwB^<^*GRdMhRcC+FnemiOlZ@h53ga7uCvT{AfM3D`kUi4F)3sB
zs}UoBF#OBfap*N+qoF58+5NMDqC6jJer1Gi>$3T8r!{q9t5e|q*R@&P51bbEX4YSu
z8hvSvkj*cy8HxL$=3i#;UM=yC_9i%u-gj!HO*zcETOTBrsB1txIV=FhTna{@Zz;ss
zHq~O=G>dI>SSSA5VX<vFR^oF&Pb~s^`cA}^$j=)RSFQO#5g&*z#7Y0OY723MxH?j{
zOyF&+HuH$YRlmg35s9b%(RkvvtJp_|_EKQ}gfVwpIhd^+Z?33!4fikknE<3qd@eQ~
z{({BX+`vB>0o?aLtWC??Plk^>Z1~td4nArnK2~1@A8*y#@KJ2^-hWYisAkjupYc(n
zjKRlGYCj=95?Oqd?-lsSUprR+p}g;Miu}UF9MDf`>O!^92xwf+mp|oj5^kdfLD|^}
zFwm!gzQ|Ax1!2n0(5B7%{Z0tC=79dH3gN$TfWD`w{Hab*2M%hWs~y#rA5>mDS6&RJ
zS}f|#Dga`mYs=Iin2G^BhSO2YBEXoB*U7__ok}sGAC60NlVuJ_F;mYOf!;Oa$cuEJ
zxMsFJZv<YuXdl(AdEN-bFV+Wj&T~fKhimNq#ZN}iw~;U4`JXwU=M)+NgsFqW^RlN@
z2~Pu*ohXm@Is`lon6k4K;aLdbP@aJ2#9YvKmt6J~(%#-2&`)dH!WIy4-cXFcJI2D<
zV}tYG!h+FtS#~%t{G@P(5(yuNx##;v;J)$TlkStqGuvJ;0(V`sPp(<>f)Utw(LOn*
z`hpSo(#86qtognX&~3O#*Y_ze5DMMG9t*0%?k)$Od-TmIB((7!!td!n2%wic3El8j
zLTjMdM3}bWZw?Ym0aW+_V%{!MSE>wW>q%KV9KyBCaaCJ)fDxEqOlTXxhZ{?4Ev0Lw
zdHa2Y)_6+II{;!RtNJ5gH9CN9ELE-B9h$Yl<*+u*2g=%k*Ac4Sgy->z@umI9-z5H}
z{RTh<&evdEx<5T9+P2Fc-^S-$X*8T|2l#MqX|1Jp%`_L>M`)9$)LdwrbG8HM+)~wA
z;MA-+E{8SWHfI`M1KiH5j!gt3&;?Kt{05<+y4D!(`8{{%jL=QhF;UkA73tc(gjT?7
zCmSc$TB(OsEA$OQlVw2f`azxb58o#ASB%F$eGe&<UhhAuzV!5yPaelH9vWKqSfWx}
z(6o=xhpHS;y*mYHf279R@c6aXk<Mys<9DyIl4XR3jIy)o*h)G+>(Iq}_tQ0x;+_0z
z)KLK4u$oW}NL5oD>O!SZ;-3TI9fhEy+^bZ?d-MtcT>O2ewLs@MpnG)xUpPQNlM5ep
z<$%7Sp3n{l9BRCq&<*uKLtA*gx7m0%(8u##1zrc3p)Ek~akvT;AXU{v{>A0anI#RN
zh0(?;FDxx-Ftl(Y2Xt@or6p=HnEtpHCSdI1^AC#mTYJIi{po5J3Fd+?SUYwP-#pKB
zl<~h&h3}T-XAwsQCz!ut%>C>vVj+L*%_r2`RcdaSR%;<WZo+kwOU>KC2p~;tn5J4A
zXF0gOxm|@=V=mB5xti6q&|cRm$1VhOA7gG@<5RdsW&Aa+R0O;b*3U?t1mmprqH9cK
z*O*=xt`*mY>&5l`K2zVge`Ni!YV?X4SYhv<)s%(k8&XY+qJ7L30c~H+B8kg^-{;Na
z3GF#n*;cTE^@JLQ(2e^-Jo-Bz3=YuCGzhmzU$O?uOfY6~`2)pmyS%|NvuO*VO{!*X
z0wa*PoX|}w#C|%BSfN~?Xya~}=CC%-s<k%GQmw{?NaMLy$`AC?8(BobXEbHuSYKP@
zrTVrnx5`~$wtzbD&UDaK2bi-RVD>En+E~la6jXTts&MT{pZwf~q|abI@OyZXPLVzn
zCD2{T+IvqeRm_u3iWz~#@pJ8piEwPJ<+Z|9p8IB$fJ3Q+QYb0g0O8jhpnJMOeE$W6
zU&{j>;o_MLI_~wpDd0=PDg^vIbX89Y_<knwdl2!PC>x32U>V2ng>ZYMGuP_#1Klsr
ziy_So-@qc|1gpR~Ut-MN*S_2W4i^}BM+3dbv7|Dwh|p>Wn3{x7s22F1lurtuGg&@N
z-M}KAGh)6ca2<2wyNt7Wi*a6s&#MeP&tpL@84H>kRaUbIDF9y@maXUgi#^VnC1s$6
z69~t`(vmVm<8fD%11JNk&oe!}Zd|Y805iELyKZa?)e?$$Pb~skj_a)j>iu78{}Jx(
z0`q@(k+!6e1w1}pYs1syH?T<JT~_gg#8Dbn3kpELAa1r0+E_2nd4=vKG>EvkT%4)l
z_(7R_H?G+Tcr>6sCf*apYuGL)^s|h)Q%#DQY*)<0QpN1NLD({BJ`PP<l99(KgVXZZ
zaAfhI9ASELk$@Azr(D7-&0qhw@lec|`(pDS`vmQF82mlr;WXp4NPtv9-jc<Nb7qNO
z(xOsWTH=?q2*sC{l*P4h&x!wUX>r@9phaxkBw_T!Vf*<Q`~41%sNG(uS48aaZ#`hH
zCm?DxG&PF4;{4_uYo?)@rC<acu3D>O8d$1MXt01#BOho=h3=<S5<?n8d9ne(*9pp<
zUzq|r>ckcU!rmOvZ><-1p*P)4=rayDbZb4(CjMQ>9PF#9;=B^t0{=0Tl|en%vq)l)
zRg4$gwbw3ebj~b!8?-Rm{2L2POWroLFesom6<=DCTMTAPTnop+*o8ELHo_77UkGMD
zWA08(x%0bwTW3673>7VNAe<-$y~PLN4b!jR5?4WQacbfC6wq6CXkns&-Z2#_eyl<)
z7^sewLFt_Z(@^HaWaP))D#U)rm>YF~AJp*fVWxwVRF!q9BER&s8b-SrdA-2_AKhLI
zdUZSDavbf;Zx(=#^x*+gRpx_mS1#yf^C29^|4uFJDF(f4hZar%@G*jU#4>WhO5@}y
zlnV}0RR(HUVNCZpNfiW@$y|3iAiQaq>7;;U=nm<yrXWjyIQOS%Z`lGgq}E!vHk4hB
zQonGyrWRShNw04{gu7JWYe71$E&w`BKHpR;WMLD3rq)W!Kpdl~7ATj6YLV3=afkGS
z_<M{ocePv_uE}FtPi9Ofm|iECHBLD6F3JmSdQ_aXpAijQ&mx|atRgMbH{kf7-1*NR
zFdgY4^a0c7mJti}_ND?tQMb=7Ak-W5WORE?!egd&dfL9U>-CG@+c70t4MwlydKL+O
zz$%s^jUudEYS?(6=^Nf<zKH-XkNi#fkX;;pPB34Tdg5a9c4`oQcbMs3X@?;VUpC@=
zU3W%)Oo6m*>4=J&5H(|4qP#e-K{R<A#12;iZ3pO1Xj*jtDiMQ1yEL7*>02f8UB>67
z{i!*vvwezrN>j~~vsDvqQ4PTL9`^ez`1&7SVWoJy*v0R#Zvw~bEih$Z0%LkhE_}2=
z0sWp_IONR(God-6Xp`KH&#pk*+qE;X0%&kOp~1g_?%zP`qv!e*^CbJxajL22+1aXj
zvgO$E4Qmjmq{`Ew)XnY?_Fj{;0TbIhXSB^dxT^-Bq-7AoDyR#|=ZzWuvq~7IlP&Sj
zfS%G;3O;@u!d(;i`;!J%X`p-2E?YrpE7J2CDYsVupNsR<dO{mFi#s%e&B87Vt>@>5
z&Bo0@gUvuU=Ypx67w<kmx!AmlMT~Q-BH<_W2LP^=c1cvc17=3FYZZ%-%fOf3k9RO@
zg9W`=8!X|?>i#6!U>8{<wuRP6y|qH>tu;2i_9@$6Wz3E6`UM~yvwQgp;&2xDPAyfr
z9zvg@-#x*K=M&nM4-{cn1K^r-zf#vx3MHK`2p`J_y~atZNF3^xJCr(SDU>{ec)Se4
zT|1U<u>f?^A?<q?gf~q9-TNh_&Qn;r?o}6rcT5Dm=Fd>KvJ^@HoCVmgv<NCZt|gVp
z6+*t?9y}6v8#WU<A7x!Lq1#c1ts!)|1I$h9f!?+m=&j8_bAVJWpCokLawnMEonX#)
z!lB?ApriXeQz-h?6oT1N2&T7C^h281uo-A$Gf;lUH(%<^H9$*0U_QSSKKkZF&>PnX
zd#CJi2)C-BuX2zoZx7VX$x-UOrBKo#{ZwPe@+~V*GY+d2_su9lcpa7SI$8=P2s`G2
zFv1SLxoXP<2k8CoRTfjZFZhN5@J3Cr+=PVJL_e?<;Eg@#>%_~=re;E$G|jpVWs0BB
z+cb!6npbOu@_=rdr&=4_4y*BU^aJy)R0GhbR*j#(6>{oVLQc6LyfP1T&s$Ij5?8Ms
zXL@yqQdjduv9}uB+jI!8{QQm?Y21DBIP)ov86~KXy#=6uHxKH*#h81Ub7n~=Xko|$
zeOX~?NvENOyYfJ<DZaGCQ4D57Tnigu?0TLt_jAsfB@BeE_*`LW2}AoL7xZU}FD=O{
z2J_W8>SSZrW469%Tc`U59b@}$lV|-yVDxTZ$s**q;OCz(=0<u(dTho0;Jyc#z8>ug
zX}_ZGOxv#pewKXf%>#Wa7=e0e=iDX#-z)!zq}|gX|KBG6W527x2&`nx{Y5YW*WubO
zAP)*J(l#{A+~d&)(gu$eBxajPBS=U0rhOO<Vz}>?v_GXmY^#I~e_!`X776wW*nFLR
z%=jcbKJGDb8;K<Ve4Z~Wb^aG24EN0{L7H$(CtHkOroXJhzGPZ%XXKA+CTFW=qE9hz
zT*)GdbIf<qIgL3c%B2JOgw~)<Q7O*&B>m_E1HFNtw-h-a)Sc6yI`%saDl+k!wbikc
zniBQLJp(tYJm(N?%++}eo8*gJLF2Pr-oz5k<fTp(2EL+-v#H_?)3k-7b3gcfG1uqQ
z7TSLw@3#j^iN#uSEW=6Yk+M81^q`1c^{s>0nWc)!wkcL(DbORGPAjnn=sf`?7JQW7
z|MmlJmx3}7p8$I3TZA4ys=n0p1feP@uRrtTlgDwsE>(Md15ACrW^mbK{H}N>?5ruy
zc?#a$`ld#dLmq&gHBNP>7qp!<?{0nbkrgZwe1gyo57b#*D!iVWwA{jHj?JyHjAGd7
zC5qWUt=dux!8$T)spW7fR;p;3<(#8hxuu$=7K(UY=uu&Bp>AnZbIeeAju}ij%)S*6
z>z@bovxwVM%!hV--wG1zpGRouSwf#i+Xs{Z5AqdJOdJQ-fb-#gQbjm7&RJurg{qY*
zT573<8eap>jdSAsyBTvg)i}(?HisE%beO?%hxv~yW!&&lLf;vu{c9^lJ`3Alkg>xD
zIQ@J-V}tRUAPu7R=eS+9Fb+_W(57%25c2Z3;tcdHs)aV!x7St2I@c>P){<|rmI8~l
z6k4ohqQzQ@EY>o~GFHeu<2s=6dC(06%*6J5{;Yp1Sof`9kwk+yR|k`2dtPCt{j1o1
zr))1yKR+?kz6sm!1?rh3Y`w?YH4|+|wDa8Yj$X7M_vOOmnaDHRB&!nQ$CC#YZUYAM
zg<sR*uC<btK>OW!oEG~dPRm$NXjvhAw5lHT)-{B-H4DFK55T^%ZU`qDK`+}6;rQQ!
zUiJ`#$$HSgUSI@hpK6}fG_%Zr@FwK<x$#{oH&mj3Ww?ZYMW%rszX^P8T6L@eAe_qU
zoKbcR!podwi*YIFXoIVRP*?UMgi+`8yE|tzoQ3eQ)#9!U4Wh?2`0Me;IS07S*aqst
zn$=K&W48iuzYKk}L>=hO6QCk_FQJJRk)MexpdUV{nf-m5*|%3SQ+ri2c~CVI?W#E$
z?Y;u=C3e>G8n;9X@bmTGM;x|apOIs)O#t0kBVs>2`AaI3w+P#-ZH<hZ+>(u(7|n#X
zZkBiHH4A^Obu&<eZ(|X$c)T#5(6%D5TJ!OD;O~I==FI}`GkI+;sX}^9t`oA)(8Srw
zXE^N;inKQci~zd@Xx9oBVXVMP+({_A4d{3Ad&@*CaWA24Gtlp>;CbzgOtaH8j)m(+
z|FL=^=r{&`5Bi}Z)qXvXwKae;u<APQlbgv~P(K*~ZiDW;LBQ-b0kgj!1+yKenQn*m
zudn0sf#;mk_6Y6^_xKuP?sPoOxWbm-@Y~{=r<i^*xF>EQv^8xL-y+)EY&P);1zhD0
zQq|y6!wD61J1sW8&wNOGj^g?)#%j=&`(~8*?@_`Y0(#lIN;vc$(}&Z~qun#i^l~Su
zYLIb=hNsnV>k!jPsS#*fPw1YN(0y*HX3{3jJln3B^@<TFn*-sLyK@He37Jl|ROf+S
z=7X?f`t@77@<lu%K3njM2kA|#js^Qz1=7>2D%?4-kLhnI;5yf?n&%IyoQ@Oxtj)~m
zVQqS}f3{}!X_rJ(i-6v;l11VtnJ=}7P;5WiKq&S-+@zWP?V8!QR5Op>2DEM^ix?-E
zZ!|6k5LX2^ir+Si-;P`-?%+edZ9UC6&*EO3^FU9|jqmDN43(aKR?)41D^0WO7;|4$
z1ip@Deg{PO>5^qzRxbw~d7%UGvsvC%w;s5k*0vdFM>EiJAXTYLmQ-@ySpyXPW^h0^
z;um@2pKWoOp3@>OV~+`WPcuFTf47PT`kyrLCEIVz(B`UXg4fb<p~Mss7wVcU@i0T+
zA?^@sC4=JK!)QN!xSU1e=UGLXhLL_RVdBp5YA||_EoTuAW4@;bS;c6%^6l$TH>}Re
zl~L;;Q^h)hE*YPiDc5l+=vN_3*Ax2hw!M4LkBv#~ILGwFW|E<Q&JUYyzT;*apKKn>
zC!^a309^eAYpfa<n4O>w+^&L7v?Y}&Uq{T*k{turnZ|9a^uZCwUWwz@W}pwDZFf*J
zlYN?**sGa8L%6-od}(;Vkbki%WrC*|bXCfPE|)F7JjnEmtpnRKdubVGub;C0XNdRB
zB4(7_EMi8T%|JWW5SpR!yjm{v5eB&bjx|E&x8)UCH`wBLJwr@SO1vT5J#s93J~N((
zwV};-=sg~9%lh_TU(O=IcUZ;q!!}<mH|vWT`N9{QBYm+}Xx)XpwJ^N~ml_WJIm<Vj
zjxhZOVe?a@J-)}=fS*-Mui49(o|Nr;-M0bl<?GVS<ZR7M^r`0B<t&mo#wyx|ZSx!!
zG<rd}Il+7h{THX;e+Abu4xXPt9r-DA!c^Ou6kOA&z5Ws9ol^_<{8-8u?DrF<Hv_o5
zg<@@g93Fpdx7qnLH4dL9#eC`Ka9&lyFhhU0+17vCIQ023?P>Z!nA+tm=fk`r>-)pZ
zZPy8Qef`VpSfuL!^NrR68<w+(GR)klFO@f#p5*VkffxJTD=dJ^%pLP;t)_fJ%bh%?
z`=Zyl%)AYZz>ayU)!}wn{qABbwG(Jses0$w)|v;jUDK?#%YmXi{g0tfhu1bKk6Xd$
z?O4VlhQ%r#A7*a*{-VoRr0d_95660Kh`Bw5LWdYqhxGijI8Sm)bC|59*y>V^Kwl-H
zuWnPUd0+&Nt>gC=#ZtErdUU1|!~NHQ^Yvppi>*ygLi?6F&3<=@b?hmiiR~+`V8@kK
zTRx$w=YZY<;M=}liJ|@V`Q;<+x6dpeX}`^1&LXWl2{j&*?=5!-KWdT9j%s}jeX6zG
zr`jX^sXfx4+9Um`J<^}LkS)k<oBa?D?UuI9eh4f0xsX&f7!Y1H0rUo^7H*w@KD4l-
zdODfDpD}m)Qis{r?l4=M9HuebVY-(KUn=1MAFlg15+A5PJ<C|c^Ruj+e`Scd`P|(Q
zZv7`YcQ=H+|HSm9<iCVN=)v75q}>5(xcWra1|!{!+hDto3mdF+D65Yh%LE<UZR<A&
zMXW^F)l;KCU(O=-IGHgh?oLIzMw%W$&xy-S#5L0S^-QiEVevlGTZfptf9`=@8{W^W
zOg+IW!i>2a&_{WK37DZQz|StRZqIvS-L2nd`o>KCN%zS6<JXE>sc0VPCk`rRdyRv~
zJx(uG%~N|-Q`V$JBW)VbH|{ETm{p26lknX(hxt^a!*l_-45FCEqd<eX#A<t%P{RRM
zFt^$=9E!EP7!Cz<Yb?W|TEX0<mf_H>VD2)@a5yXyZ`gnTvp|i25-U6C8ThLT`jJ`0
zYS{)>>w|>;Y!+A@j}rRqEU*&!grBkP$_E<H2TC_XtP_+0FRyDT<+dv7s=i8~-&)3N
zaDB*A`26n~bB~TyX75N7F-tEPfzf?hRZ;Jm?laW<iZ#K|%+WPn>U}((d`SB$q1QRU
zTsVQyGF^$mYC>;yfO%Uz&|~djZrlQN<E&ci*1Lh`PY^NWBW0>}I5!(_-Y8<uhk~_0
z@wtt61HE;N=zFU(8*gqBF=yUyLp{)@yMZ=t5%J~&Iig>>&OSA%#_HUrSgA>QR`~=%
zlj|UsLVYrU(9}|(8y+MS#|b@(eq^ncde~|C!7%`NpnHg724!5OyinY$&{kA!l@}^j
zTTzWwUZ`4aMN6&nLd|L`T4t5YxJo)^^{mYIcIANnY&zd7W30I{#u^7>R}W+E^j(*6
zdDmr&p@oC0uq`xcTLi(_^-IRw>2W<;cHB6O9e1CMo4zdn|C{{(%s4R}K>4A758-e?
z#$lh5|M$xO-?!D0{EWwY_Stw!S%~!T$5Sj~08|J#h%*HtwVt2JLVrx@0yFdq(6X&y
zDez)Rqgov++p1V)#XuWCxijt*b!l^Pp1Zk?JGp6#$jt|9MSb6<E#gkRCI^@t|673G
z+NPO}suD{b1ao7(5<^-G-3@f56L@^#NSS7}Is|Q;YDe10wVrkgz0>p{q5bOx4V-L(
zSdEj=)D1w7lr6Q6lsT;p(`qfGk^aa8%MTjA3o%O@*JWs9kED$~k~a28+Sp^G4N*TW
z;4<5Gzv*m=bC0Zb(PZr*;`}!@xM$Dji!mD8a?H@495dLMW6oa6BJpA73%)|=v*X}+
z`%)3N!+pLX#}xPdLF{pf<Cvt8AKK!<nHVrs$Kn9K##gxAQx{Z~80msT!B>zE2|e5n
zX5-xgM@{M4ty+;I-!!+@IyO(WHnwTz&z+(^v+-_$yOw$-_MB7jZ=>VF{CmKe<=;Kd
zi}P<>`}F*q=1JtkG*2R*jpoVUN|?Pl4$K!W<@YLZnEzSA_%$0o`!o9K#SySh*F@%?
z5@(S_{M5y53~^rP4ZcQ%oyb{Fu-JN_i)&aUu?8raDdL!@yY6k%%%qlYo!cwpmGy*%
zWQ|>;<gKP!fv+R^ga+${JVm-k9=fi8-`7~xAIY^^CoHLKk~I#&OQ0Kd=K0HkR<ZWp
z(@m;*s$Dft?o~~+37&++@z8j+iq4U>inkYlp3qb?#cMEYE!7FM-|e)nnhrj{0pa;>
z(A9WHZ#l$|*UahJb)XCuvz7wu)Irrut|7E+4TOU;LGO=TXCXgdry7COq?Oi@mmvmD
zLK7{x2SSq#Ktssu?ul0LQ9_Sw2AX=fh|8v+TiAa-Faqg&4@6A;hEHh!xfYH*PbKh^
ziN8(F#^2&o1&=pM9$yOWyI$b_orv=_01SLn13lzeQkhs!XvhJkD(k6I>jf@8X{}^1
z54xN4U^3$OpU`)j7vI%21s3C6={Tfw2<?b;-NLkJteQo-CV&s0!MT#Q`p9^0HaAc5
zvT?-S=b4^fYo_kYwpQMjt|?nTPR-e;Z2yU^w((2VED}7+Di9ZGTqf2KdU*|txOi@9
zEFWEH?Yw5~0&TrEK7L2$3GH+8yw@5+Q?|7&#<k^u5BUb+i@d|{)OTv(-Fb*}QssB4
zVR%RQNl4pm;?9OgYCQ8y=$dP`^1IO6c6p6?W?w#`o4^Rv6o`7}Bc0drdgcw&RI5o9
zH9d_BQI{21sV3m}cZ`-%N{x^)37PY`7W+8C%wx>W@Ap|l=nwF>LNHav+{j~RUxpa+
z8}ivad!45?HTqhOu=~?+=;e3WkHg=T`TRSyaJ3@$4QjacEYm|yQswVb!-)jb{ZFgm
z<Qb+r&?gv#x|&ibX*etD*F#|RD)9XAYKR|K;Mj5RoCCX(nm6hNC{f;KK3uc^7=(|V
zVtP3ky{hBDan(p1ub$JB>DTiX^F22zcZIf0I)C--iHqm2I@e42dx5-FFUjVu$eOWv
zt6!3A-l}Wb*u2#NlFeInO&y!J`VkR%tGG+Z`}DcW@3d>?nS+X%)F$zod3)@zUB(X4
zcSBj8S3r2|ti4&}u-Y~QJ(@4##r^I)OZ}#Z8BdFM^dc=TMmcO$nyE^lJdRulA5CZw
zxtz9Uk<Zx!u+QHO;owft{re#t41(VJJ@B=zC)DqNk5)|w9s3>DAbNuBDnU8_jstY$
z123<i7ychy0(v(<g?|TxAqRB-SCz0)4SL_s>v`<71=NApCV{@Y_+#=%pCES1^F>p{
zJ`RiX<yE+@P3M_@U~bQ@Juawhb%C$@JoEX#3%nkQ*HC^J!tonGZ(C1jc@VlgHjBDK
zgmZ@jOyv8v^*|dz+1arfXj{5ArfW&10?N))n#1hZZm?KOv2}Evut}W-gu^xjM!*NI
z8(Jan^`})M(61@6)T9;G(e1@na;eiqe4U)B#NNp#G&QNjdgm#ia~{9aI`$mU4>;`*
z%2<KLZUZ_%M#eynl94fx;C&-wApaZjkI}g{LGL4TZT~?=#%g*-t@9@&n`^U=ZI3$@
z5*F#YAAIS2;_eT!XM0G6t(N?ntj-F3@ab}2pSJxLTYlq3KZ^vHi}im2<<<@@-19CI
zd;n@Vd6enusN7ifQO0Qw;n=nsx;s?}FLfA!euoigf{qz}(C+LSVEUdfLpR!i2$%Cq
zHS=7PW+GkFcFmkKebttm6eAFHit~1UAB5*jzkW-X<i##8=(ra2H6L36z7e_2a5lGT
zY#o`~eC;1UKDRlKun3O}tta$@;cPu}&*0d4Wba@$hCU$|^vzR7=APcUB%4ddJ)k}3
zpATV}D)teaCHIjFI?5n#4)FIUWu7r`->bGLXPN$T5mfZa+ziT>2~N<H&Lx$}mQl3Q
zlBJbaDPOz}IAo;dtE`Vi`C>E!-95<m6#%%>IA7#vkvL@)JRWL`zaY<4*kXGN{PN7_
z8bW_-tK06OOjn$w${SQBdrP6j?||@pD)Jp8*16e6)BnRfRfz&Fdp_w(KZ|%KW%(?0
zCd+3itJ8c2rCC1no?-gMVE2DJpY$YSZp2T!#1HDICW#-!Q@c$j?~!pP1E2qZ?dwE5
zjLJ8D!#^tDm_L&C$OJ)q$Wusrq(snO&?RUO<!kl3Y~PMid9JB4w}4||KMnVx)mmPe
z=fZWhuK|kdZqte^?_b%zd(-vT^C7(Z0=cftcutWU_B!E^aWA1YPA~_!-;upr@<-RQ
zNc^y<CqS8fvn@8&H6iN<cNLEHgAryg+v~woOn>Yztm3l@xDvOCeW!Ck|6yBqI^VU(
zmhU<=D&O_^wJef2$twP68^0$xGT$|Ioc+F-=9jcwOUna^6ORk@RD0I%TA+aLodb3L
zA1mScC7>rN35CB6-4_BV_B`*|2~ajd@B9O<s}6kkuOW1|gH(OQvN7;w!@}Q3xO{~%
z_r-W%&Bx^2zA~KMck(@v<FdoEN5&v<uE594^%<KCX&o3VLyrAb;3NIK9WNQ4{olx;
zX|)!Y#b}dBUgYvpE3&HJWc%X77l(;wn7Qpb$C{kgIZ3H=49WL-lJ9SocJDF=nA_I_
zy<gTw%t2dsg0ORuFPdaNxK-wr(=q~W;<n0c4aMdm#Ie9jTm^kZebf6)N54(@YYR=U
zv5@;fS^=TyT*o>97sB5!>tCR7q~2>CVtU7VLOY%C(W>h~Z{192o76G05iW9Vv-!Km
zw4JDDx`0%5EniaEh2Pfz-Mgu2NsAA{UDtu$G9SWZwm2_j+#t>i#l4`{tc3224BG+W
zgvInlAnq$YK9tS-J#Y<+#JhxVjrt08)q_LKeZO;N$*X8<Re^qgVQI;$h88AQf!<Mk
zX~|{9V0Ol}@NQ_`WijSfWln5&r?hGIL%140%beJ2SBspO_gc_ZnG^GVkLd_AgeSrc
zVT!PX;CvI|=}pWZHy@f_=Xm+hFAj~&T{d6CBE}-%xyyfG%zdHyw!cGt{NHR$ecOp^
zSmakj%sqw27=-Tr!Zj??bz10dwAB#4Par&RA=InL+%(!q098}L=)GU&>QPQ>(pN!R
zZC?)@-{?P}pSBlB)zV9rR6gU#oE75qdVjhOLi#kj(H5R2`eECt@38JNm^#p22KsK8
zx>ExqfcD28AXUraP)8g}-S$%8^~Y=ugki_>Ew@h@brxY3=uKZPUAOFuN*#{d4qAa9
zat4w^Ob^18g5=PvC1rzU;YOo+%gRd7Q@8N<6_zY_fY~yrgq@dwe)txkMDpkTn+a`S
zL#U<Z>`ZAn(dPhm?r0`72f)=NbzTEZ7%*I*r|X%j!MU>^)YrX`^Lod6vDXlgs@7ru
z;yJQTqiZtgb7Y+caS3~5gN(VgL;J43aye)O5EtKL%zYCWy}KE6hZOM}+6}wq=O-9*
zSIf_jp*<l#KZ5-=@%jJYc=GoLQ3iwfyqyVr@5wVtk_AQy;+dbXy#;L!;V0PX0BN8F
z=O_@*-z%Trs~IJ!Nk&OezER?EfZ2ZwP)*Vewxce`IjSd#Iq<h5jJea#CG(9E{Ouz-
z9`;Gg%Q87{2-lq>=KVX|vxHAQWA3Sn(Tl%*8;sudjJY)jscJ#F^%tgVPEyq(<yH&I
zt+$xoelNE*%r+++LOI24u1Q4}@&(F&4M^3&IZG-56fURU9%gQ&D^6no`m#Sm-6qD|
zcG}zVF4G%rb&ZKaTU@nR;CPS3@p8C-*HXsZ8zeoD0?;?4&rnPf=PsX?=PvJu`*(d-
z#=SO-lY3usjf?{oi`@I-LFNXS`ud6US^J1gwB_!Kg?%(z+D9R1-Sy&m5kp&Tv+b|E
znnk*P%X}zjQAR{?To;sV@Ll&NfLf=NLP^VDS@`*U!80A8)GZr_W<HyitKASz-XrB|
zH-ua7VS1FmFLf%v2XWffEaK^9++G33+(Cd3LjWIg{REef(NEtW&h8KL$J&4P{h>bm
z*YnK%j1$a14U7MM!_0l6T{Y=m)jWmrQ=1YM^;J`&hc(UQ^_6|9>A03ff-f-N(FQ`(
z?bvs8ZRNRZSj6-Fv9*<tUp=<A^5LslWYZvXKT`;1&#?HvZ&=hn-FTk44HuN$wt6*(
z^D)*La3HL~dFOnGfb~%W>Q;<`wPPIE|JU%yx`%IGldXF=agMpYg<xKBK3jLSQGPx$
zl#Ll<-*nyXE9aRzxV2;*t^o+tp`1*(pakV8u63!D9r*hnm>B=fA@Lu_uRVX^`lBeq
zZ}-^xqh(jK$n?RH`tXNWu}HjA)bdOmWbT7=5A5nYm{)lq#40Www$V;-zUeg<jG>*<
zVNs`19b`g}gBngYFkO{(8b*(()2MD>`h;QT&U4NzSqerk11;?N5!3SuOG}#YJJMT>
zW$F|A+?~6cPHubi7ekWf(f9eYlsAQ7wiUu5w7Z+6ABVCB<qpc6pGjLL1V-;V++R%a
z0@_&C5Obr=GkI9Z4D``?z2Bdh9+Kyn;+l{fC^M4o&RyP<+unR*coZLXjpd_13`u$E
zQp3BunI0Qv?rM2XDyV>7EypK{;Hw7P_-D>BH?H>;d<Kl(6Y~2<=j`WS|Cz_H6{wEc
z@7rkws8GOol$_ytc^~pr?|b4N!>Qa(nQA+i^Cpk0@iVhcs(D|VW;WFmin6J33-_51
z$(%gT>!J<pC=fY}CYdvAsaIl+MIvw5pD%LnsfQ<6$(h2hPCdNJq6bwonJ@CTsYwMq
zmhCM7%2=Vr?gE-~6^kHW^LI1Mlrish6Rpl|B6pdX4&94cd+({)nt5`mW<CLl<L8<*
zem_ccEukUp<8zJ+ia<Yk8=;B22<=p1Ao2I0`wa-MoB=w-J9<43KMr$xcEvA&#fVpa
zub%NYrg}AtKpFT9l~k3jRl?p<(2ZPDRpwB_Ju^W!@<~-$sS*z1=OR+&nF$q%?W-(Y
zYhrsLUq8D6DDHoEK2Uzv0AODfz}1`wW^*mjgbTWZny3SJOkcI7dJgEHB-e-gPTKA?
zicibx#;$2H=Qu^^##`X2U5B}kePhP=U6l*EH*ZNL!X%Vu%Q@a9#{R_jvz*A@jj-hl
zEaExADmbh)7k|&K3yj_wVDzp)JZm$f%lZEq(WO_3dvlR43I9BG;rRE_3p$O@jqf6b
zuo(A{_5oL(8+q5u17Bc~-~{lc>B37t{;rqgS*E99kjeSkV8GkbxyZZ5$yI*J_UF((
zxWN1$UZgE)%QKdKfkhHWSj8T@t)yh>Ay_u{j;l*-dA!GMpC6TV3zKc*JHEgo#!La%
zn;3K3dC6ENW5+j&7z<eqdh#&y9VxrPLOIFn3IIMt`3S+!nC0ldb^VRG35>ud`A&(k
z`O6|J)eQ75#@x*XU@pf0lfd*b=04K7ijT|X4#0=~`C{B092c(O<Ia>cmmVL->u(0y
zSfpCF%6T>{1o}nX<0yVj^D6S`EE}H&wUK=4b^O2MQ#)Sb%J_VmhWoQsERrY|a8F8D
zyd`1rC%*R8Rw6IgI^C|Ad-DlRYSW?z^MR%o3EOMeyDX9@g3O&e{{0Xpp9MXmzq(3I
zZ}79`v$KfxbUvX7Lxk(Ujv5==QrfiWPxFEHEfr&X!3gBOC+_d&cXVB8yQ53S*ITcY
zc?S7C<N!TXPiWKKA`T?=j2WsI@gRF`-yS7<|4K;QKV0>`4K@u3o80W)j@n|Eke9Vx
zN#5Al<$!H}<zNJ!%_sC{`9S-%Y0<;n9#t3OJQ^6iw|*erzkz!sKIqQeg(7p9Wlk;J
zx>%gQD|4w_&K&7njWqg(q<ww{9Xy{Cu?zC~Pel8P8+ffPr{lA@*INiZUBx2*D&vel
zV$7XxN1H!=7aaaCA7*YP-qGuY_;K%?_^xVz%HVlcak^bISxb@C21cMSpU}6rDOTT3
zpnaOtJa+@3sXmAyKP2*st@F1KdhUZFE0|kr1v{>=5_tudT0m%d0nk(gXi(e@#c}Si
z-P;$^1g<hUmj40H5q}4U{EL^%^X@f>LuoT{Ii`UAsyqX4=aWA#5$B0EN!a{F!r{-1
zx&1zIKFvQL!hLz2GipG~_df(-PY&pflflR1!!qyH<pI5?h}T|4pQ>V!(1U~qAC-4r
zPZ9aj3R}&1wr;4F=S>gDyy*d%H$5QprUx>4)3NqfdJo@U!XohV?EP5w{G6vy$k>D?
z)(K9~ljoT4lfv}?WO=D|ka7IHW8;^EGs`b9aV)<aPsfm5YB)5=xZEpqz()%%0X@U>
z^C8@&NL?^fth48o%$b844xJLQXTOXa_@7q8Jtvvom|JV{J7UEBI)|F1{N#5z<`(fh
zX6v-<`k%DLvz4=B#|)jx{^pq|eoGW0Pp-0#bQW^HM4f?riG1iat}s!5Je?0*{-ya6
z<={P%o?eo4gt*u}0kZp_Y}>yNc<l;b+k6ODQ?WPho74;Ym+#Xl_E_Tt(<Ajn@asUE
z#;MhrR>ki|UYIBpwK_pb*WbdvQuj33bWhVL-NSR^&a^GQ+Dc8zwNOXwmG(H-6;hs0
z8ekFQE#^zhh(`1mwy&~KMxdPOd#r8&%7ujHH2bDpx&Y-4$`F(pC__-zIUc{l>UWQn
z6Q_qoy;EX>pb78cEKT(E+j76}F_HW2XZj`^Zy&B?5%Qm`;>W`8dIRx>veeu4IexDK
z%2brMIDgdMC-@oDoA?ZuxoC5sJ%W8wL$-6WPMa>CFxEzT*-mTkGyM)*KC1OSre8av
z7HV4bfhrcU%Z8^1#XiuFd%2QDy546Me%t)PT$_!SJN`YSZ`pD|)qi5T*9M#KRkDcj
zI;;5FaF##4e`NaQjJbn(@@(hJOb-?a7<-<SFn*coKO2;N&_{iV=?4Y{t$&>{ci9dt
zoO~^NPNem<?D^2de~K}ZzhL^8rQW$++Kjl~AIRVE^S=zI>s>AGucqs)pgVo0Kv}35
zU)mo6@G0>x?e|WEiZbKU{XQ@PkEd&`o`V=;6D`JyEXF2Tj1^n#VW9U`vPj}CQ7aWp
zpYhKt%G65Th3(Cvoxi_?*HTT&wBLs9+kuioQA>q>@Z;^8nbam*XZDKwp6q%4bRCr;
z>!`Np6P}wLT}P$z+Sz>Tz~pRhxu-<b&hlERG9xhi1*mHQ^^Rn|s3Y>f0O9t{{2sj#
z`DzCkCH9<ko2%pIR13toeN>VifA`Ho=T^j_ZqF<zX_y0HYYOO7WxPM5i>Hg6^e4%U
zA8^^mpP043)Q7fNsYxZ=uE{eR&fX420Qc|dnrZH67IJk8%2iLP`AwOJ>2Ryo4o$P#
zCONF_mjfMH-}B$1cIYlbAD4AQKjye26!FgMhVBLW!%7xmEt9Ooc0yS@P~@la#=$W@
zV9afY#q&<k{c#9`F5ulRYqmP%{@d0Auia{w`9a)kQqS(c@o&ZcpD8l}^Im{D203@M
zt_L0QmUMT{@B@T#oDQM44k=)icpa@bCtDzv&e^5MZMD@Lq|}jhDNopK*c_Wqt{tnB
z@36&{zq^=4;+m*4#j!Tp+P=M*MPSI5!@G-6^f?g@tOa67BkCaAchWX@u+|paZWudv
zljQeRjJeZeqTh%xPOKaW<5nAty%NT)5*9sY{EIW^BEFP87m@hV*mDsGuWs8KJ&FxJ
z%Gfmq<QmsXomqPkTM&vtFaNBt1r3+1-&h8Es|zaRU2>+8PiWhuTFZlaZBn82TL7Q2
zt~yo*{NBKVsa@Zmaq2mU9eeJ2>#U}lhw}+NH``&Je@r!x&2w6P+Vp5j-ZjwA>n}>9
zIR!wkLA`q^_>A?0dai};#6itG-K3eP+BGw=2xy{DGZU4_GY&Ix6;Rd;F{7E#<Z~qE
z2e@<h@@zdy^>XmN3{Zi*gFM_YU-)}{?(3|Rdo{EFD)bRu(G-ujPm7i>VUe!SfG<(7
zM#P8PMSS?ji&^CGQis{!<S_fR8Bu$^_*Ar0F9%;@=UVa1!{V8LUCbhxbNJFnPPsd0
zq?#d?zN5h?5&n{qC-00b20bwue0>GAnfj}5=7A0cODYrhjyex~@Bi#<e4;#i*FnO@
z4~HsPr0Xcl)HK=cY?vkN*E9{pr-QD1$b6qvW;WVnzTM7FpKmnsLAUSq7aEMH#s6Ie
zi+DVcIoJ8`HhY5<gWeyxp4+cG<_W*DoyR^rJpPP!>}_BK(z)*)^Hi%{(|CTo?Q)>~
z?h-5Y6wu*e=1$)U5X{fs2@ucE-U*<bV*174k8PQHk9)_d2l<rkJJK*i+v9ZhjH)4P
zA(N-%d+KD3;O#R&Pqweg-dQ?z<ed;6c{c_60i6Ei-4uzLB0hn<%6T%EWcU>Fz!GOI
z1)r|_D~pi+aq9Q(B6Qs_bB_nFpR)0Pf5k56ZN67m@mM+b6`SwXGmx!|d~KHC`*f|R
z-Txw22>Px5W7gJA{$Z@IRQ(60x8>FHTuJ+S;Y+ly&-!0&dBXql&dSpDPi(cD)knvU
zx%<dC^ZYey=fgQ+KUV*i>HjHZv=8CbPH1(yMxtHh+W5L;Ed}Q}ZRFjn?dg1vR%AVF
z^U+%KAp<9*g%NP_L3sD+te=KHB)?z62`0h-_lWbNpN6nV`)Rzc^Io9;IGmLw|L$Xv
z#GhHkR{I?kl<CQKS(n$It;@r;XZB*d^Yz!b_k!!J<W+?J&c`C;ui1LMjZ$~Li$0VA
z;Z!q;p&f@dhZod^)rVL`ayy|Y+mUxd3RI-DS}yA|by8kgCv~r_Hka4!8-Y{{p=p`#
zuV9h(;cSiab{~rb53`Ep^1O;MNzhd5&$Be;{W;SgwB3EtbC~HLi$|yMUo-bQ^pA6|
zL!TID1mCpV<VU+rezcDxUp}TijSpN8(o@<t0ZwB@)}Rf?%Y7{3c_pha>~`fh_lufr
zw4qWzVEgtCWuL3`u}D`Bt2ib7q2WR9o4yzVcoAi`mt1M0{6^W0avf#*BR2TYleF;Y
zkj)2ugXs$xb6+OwufPTRWwQRNOV+&PNSmn(j9qm@g1^oTW_`}ClB~~3ri}GDk^X-=
zl+`=Rex~;gGdJ3b?+<48#}=_j@Sg=-ux)RdxVH&mH0K4V>jdo%#bOy78TBXH+Z99n
z0GvQ$zpjs1nFFo}YM`HN(#+HCnt5uk#^0Zm(x!=efj-Ub*BoZwLCri{!6Lz<%$IB-
zF{E9jS-(TP7gg9N(_{^SE1I@j22jrzf)D)#v{CT6lkE=k=v{>FMtt3i>n^bt!IT@S
zA@B9hZHo20Y6K7$N4J+)$#$oinzY(FHd~yxIB}H{o6mE+F6*7|11*1Ok#+2cKuweZ
z=##Wevd}O2KRy;Qb`sk9n7lhp6=zcyjXHO4@beY{epVIzm``$6)$Zqvu36dX6E!PA
z03XiX$Lw_qu4qHW$om;O2eWzw@w83S>6ZtY+isKmU=fQLe_}q=WAEE)To1{3!T!PQ
zZ;OYrb*Zlniq9_&W`Fyv#67O*b0hA9|JM=cVO{Z#Ui8O*Xc)cj;^&UTBZTt%8jh+j
zEdis~2l3->=s*6-lTRK;xgPqKfc5SLA~pwk(EW{bB=(2TfUmKh&<g1Xx4EG^xP{Po
z4(!Xs?S8C<cLV4?B^$%8c4TAN{9bdlI@SnK(O6#{E6;@r{~QP>b3S=oyJpD0I8#@x
zW%a$Gjn(%!zju)B!}X@)JaZQD96pZ?|IrrznYD;T;%8aKB|Nu($vE#TIh1(^%`c@c
z`31`Jhh)9F)R&1V!fuGmxUEqNI?nOLVHWWWF<(%vj&%W4gtid$-J|nAV3FV;<2ez2
z-{BGw2gP>WZ~2wr^Uj5R4Ua?ESPObXH-zJrp!2&?E)(w~@$ZLl>wFNl!hQ&Q@pGYo
z`KqW`&+g|zSBhm^YaZz7b>JElFdohQfJHoK8LxBr&S4gbpAnyXzzD4QfJMj|#^a{<
z*<g0)N)|Crj~{0@&ae@2c8?SEo-_Y@adxB7X6qGwe4IUfC;vM+!cMiv+DV>_wHHZ$
zb&`Nj;ux#=TD=lGa4egbfBZ@oNxaW|>34c`!ASZ?8?^krZ2uisvPjpvtl|z^{4;rG
z9J}sJ)~@SH+jZ|}*Uj%ylkv~ZSF%X_uLADaj&nNzT<N~A4Kq%UUYfPd(4K9|6*gaE
zy@;Rl^XvF0a|62_S(wKeb2rJDdyTwXB>h~IwBwp&ynUavJ-?ma<GZ#!4yxhSGfbED
zFPV1+gzg4<pNy-wPS4I;bDDKuBKfP8G52iS{T}I<2EurBOaq^N%;w{T`kCHtqk-0s
zm>##`Ak@e7r|tFpA7*h9KP}JCe!%pXZF}nZLv~Ne51IbDEmnJv<csh2vq<7C<_rD{
zp^dK)S_UeA|E&Tfwj02wIS36sL1+so1Mpj>Ll>CXhriDOj6m>8B}O$^cu^T7W5Vkh
zbBEM=O9i8(F`&fw`+O&gyFyNB8ow{3oWG}_mfzJ8dX(_{L(=z#u$DqA*h^xsZd0tp
z>kvblP920;zq`mvGz0CAOtKo!K`gNyaj(Supbc~tX77jCQ$)DV{kZ!(?i^<BhA%7p
zY+1v*O1NtQ=neNM;ov;b8%`==&wS7uUW9PGOvtyc)u1;F0zYHYa16qU&w<|XJcQwX
z&>Ox3VNVC>4ILr|+3=wfCiwhW2=5Mn9#X4g$vW^YeF*C2fDvdag_4%D5KhiLD9<iC
z^1Yw$n1RpDnNGHZh?p~UE$HCL##?s#L2oRo<?p<@bqk>xdoxjCdX2><KQpeW(W9Cc
z4dntwy|HnYsEI(_H5NInTgQ1PL>h<o`$x1ZStOVT{QeQsPV)t}`%NZ}PxHQUa$UEe
zjB<#(Gms}+0lI@<7k9u0hl{MyvVZ$~EJA)E<ozW`zdvU_q#vXYg7ovCI9rS3B@P0w
zQ%g-MvXEYoPErp~vXDkvIE^?4ln<CbdQFS3<nK*i7(6e0GLh%GFpc9{TEXaDas`VR
zKW7y)hGiXKH-v))ptl$h-jM@($J~RvmH||@f5<Ah%+7_1Z`4=EzL5hJ{Qen!hGdb6
zy5@-Hh#u8)qD@E_D#U`hK>0h%wrSReX`*I88P4+bTf@xVq*lk8rb7jv+ko(EQ^gsO
z<d;CyZoAa*?su6U1#qSL^1p^<u1YZiIq$Pb@F&c7#V~W@bGxs~K9~F})8Aywy>V8p
z)!(j|NM}dNa?ys3-tPq32Sz{z<I!WsScLqWz|Rl*SS0Zy<~zSRhu_OWm#RD`y0uL+
zN7ov56c8G$S7Pa!!*s1-y3Q~)X#$t~a|(dA`s5uynr0qQi~!=kGJVFT8^W!JS;nTY
zt`z!Gxgu**wDz+xHpNHpvWT%yth>FBMLhB|`V3!qk43t=nQvf7z^b`V(1)k{e}8YG
zh1tEO<lc~;QP!1DBAk{tO8MAUAo97h3kXd$h+J%cB;V?j@-Vd>s2_3%yfa`7jsN2n
zlE&wVcUhv3fpq?5xyPD57J+{jFbF9|;PiVeV!Xh7QQ7_lY=1$*NHGHMWBd1+Z;xzm
zRg6IRJr+qsneU(EZ);DnNHEHLPY$6jsE$?to>io4icX#7cMbZ`@8x{*x3Cy_BL+~x
z`6981zuTtjA~dKef(BO{V-e4DVr|8JEE0cK*s^IHA<oixDgy{3p8DOLGlKGdoF*A-
z+EA~=5O){DSI=63uWzZ~LjIe*I?I0xiUt3LR@?aR4W^^6{k#8%ySI;zsyY+LpL_3Q
zG9)1+A<2Z{B{N9~5X35-K%%xe6QI6SyJft!-MZb(B%n}S^dh#3F1ZO2k+kSob++g_
z6GY{v-PYQ$Wx8#dfLbkWw?u2Zwv|ahLE{VWaPxM4pXZ!2nVU(l+ScD6Uq2r|WX?VJ
z+~+*+=Q-y*PZSOk{cC$j0Wcm)>af90O2{Vbex&)pVI@S`HX4b{T!ZKh=a1}%SRflr
z)^^_%BOv&oUT-*GpACH7c@3yd+lX0~NlXtY2Lg{0(=)X6J2sFH)B_w~IV|&vAFFrB
z?d08iUMX`(?Glj=20>~M0I<CGJ)fdsd>?V#^e8b`b}l!TfN~&eCq|P)X|F8x8BgUY
z?brCE5aK*)10!np8Bv>L?5eCcc2&rXCc7$^7`rMIV^`%;V^@XEKw5dG60^ktCjR^N
zhrs;vQ5udf1uxPgxt6F?Acp$6N!05~o_A<-67&f}o0BwI2PV=qxB<)~PEM1`Y%rx<
zP7@EqBQW{t-48KOHZg<QV4@r~P65N3SE_XiG3uv)p=T45WTTzPG7=4lQ(M2D#r+8M
zA()&z1m;KaCB8DmdAaR)=HjN~)N4oILI>@orJ%M{?%VE*XD&iH@a&`2=tKB2b^p>l
z--eEE;S1}atyZ}H>XtxF-a(AUxqm(L7!4;LpxzgTs1s%7yRwj#sF%sg+7X^(pkqY%
zf*@-?>;1!DaNoUSn5xHzsZ+1)-X8yX=HiZ@Q|~cKoyeES14tW`IVNY>T;`DO_p*Fm
z`a^4u(r|PUc#;2;G;9W*vm5yuc^Y{c{j&B6e1NZBLc?*9m+ooHS=Oi}rvp@vk6CRI
zv5sjL{dL6<x4q>fmT_#Bactwqc}n1^`^S{q2=uw}??UclM}NzG?C$5Nx^9FzH&u3T
zSALthxc4{I8ycSY>@AVTe@7LumivX>zEAxAg7|$c+TAUR*78Gf*9v6KgMa6Udsn}p
z{NB|MIK7Y_&zz&-cr*1b9iq;L$3g2Y<!gA<sY~Cd;lxJj{fsz|@@}ut`5U?2LfK(*
zcLOnLv%}!N(j=oLo0y(#?jx~0;M4g!pZT1}ft?$3XA*Xf^2{bFRDt$KDeByr1?FLe
zpDU6;_utb;!}=8P4lE%iQAllR8)zO0RFX+*6YQRXtMiqMX_zR`4#yj6@OdJaj~%sx
zaaeJ6R%R3PX?8}lsPoNoKDG?HAIBd$Lc@9vcoR#A`Cp%+VFG&32N%<DVhNb>Z0PbN
z<K9cyo<MEym3(iAOonQlbKeqT_GUW_ea6@`tVS`Hx!?@pXBWy^qL`hZeK5#;w9=4=
zT*A&YZ_4I1UQj-2faP!R`K^E<nh9N{0JYe*Lc|j86S0Jq0PQ!i+N98a^9^9G6lb@(
zfz<Y9*DQVkpuI`l`D}B*!IkXnIF6Ibg&AKJsDVi}i@9H5XR?a;>Hw)d_ysT#Uz;85
z+yy(+ig-i5_`wkxj>|mvR{%(D>3Lx1S1X)^`JgPXBEW+<Kb-3(R$H!m%=uOHMVsW5
zFM7n8WAv>76LF35c=e}v&9f^%MZ+kYHw;o|lCDV0Bwdp<O~QwC-Hh-J^ElIYDRtt%
zZ0?qPc5P^{ZUD0$r1lj8AB{k2Ta}u{K{5ZWl<#@^K<{C9CC<{(T18PMweOj{gYyFs
zV@E#Pi}HMmrtS{Nsk;LSXJk8^-uOzGrtbG7{>uHHKT&?4=Mi=vPw&|xe*d2G`#!JG
z)S0o$i)mOtLaYCaa(y5@kkSVo+fw=fe!}&Ew2i8}hpDq+3uw}BxNSf@E=B+AU#a&q
zgF?3hEXH*``a*Tjf@X7&4S~0*n)E$%S@$C^u{HL7h#@T#H>1CkYalPM^T}5dGqHx}
zWJG<9_7d$R&&!x)B-dAHH-j&ZUt1lznCqbE@2qR9qR!odPkud+irF1mK*QuPtzIK?
z<@g3tdr%#R$L}plhxy(j`d3LG5B;pA`q%cf9iZN4hJ}7@v*_2h6h6t1g?`;c)$lNN
zChf{I1LJMhe_c$&?q5@8vv!L3_Ytx0Vm)gZx7Y;t1U3P2FU#D|w~KKGMXbie^>s6?
z{_L=@Pa7@vX=BPh!Iy=7`gf}C9^m$=>4wb3zJI6HKN9#1%DO+$Ps4#PP;X4M`DERH
zV?PbYucO|s0qSgU@R;~$4vL>q^_@X}zpr<LW&iJIDcnoHpla`6^1R<KM&tQlhptnK
z)Y)x^uDW}G<zue9M>6W}k&U{06r=7Qn;{L6m`8zX2}rD0hHB{&U#wRFufC0#EsqjY
zCQ_(%8<=tqF&cBhKwnVK@fnS|lF=xWn60qhSWzq+w!$UGiekmE6)t7^sO3>GBMYTi
zg9EfE@cL9d=jXoBT*xgW?95q}wf%9V=@6|xL#cBKz;PeIaRTtWCb&H0A&WzhxI9$$
zHQhh!Q#5RO{_N;;cV(#lYr4PqQ#8!+5wqr->*Vz+p>yi1#N@d@<<6o%6SG+^V!2Gu
zDN2=D4yLKtIu(FIY){Cb24#M)>h^jF-H7&*;=0LM^#>bNqt4z0x*z2e;qkx~q34Tb
z!z?G}ei>rjb};w3#>RGr@BSs5FZRK4zp;Sj24wXtZ(l&er2r>RDbU&GA_Jg+8n@qQ
z;MxM%o)(1SZ-D8&7L4?Ip2=~?#7WADnQY&;&mQXTvxnk4>>+Id4M!!u_KeGXuj*$D
z*xA0$pDq|*gD*Ko_Z!4KB=V_NNN~JOUl2;>RozlS44&Ux32mO?Gm`sCZH4s)xb>bF
zXGsR)rnjBfG-vtzZUpn#oXJM-MKsLnPECQX;6h(a23x3aQ<mY&1uxR-&TYiJa|(2w
zQRGk|=&V-Mz<!yZZQUe?2A`Bevj7UcQ(-q`vwcp@mkTOPAu+JQa{T?$WKcoUdtSVV
z;~R3IOHzFET4b2lxQ*|z1Ro{l65FypEbja$n9UB*8n=Pj>x{U9BM@s|D8)`9?(E=Y
zFxjCC6cUqiV0oPlv|S3Qr8%I*2dN5~^~}~fk8-=KfbP$nPRwVrxKGflIN3ez8z>FC
zZQ$+QbPdnp44|@Fs5gS?Tmi=au{(s*#eKUOo$>-2j!)(}G|p1$EZPL20YwfW&&G3o
z=K~Jt!nNWN#nt)ZEMkyMFv>yqKb6JjxGWpYUd7(or(||6rZgNF;pc0txyg|q?C4Kj
z+ia8(IM{b1m|npj3-RCUiP?K2zoXGRf;La;oC>;s{(`YJn?`egDpNamBHm8WYNX#W
zafZ>FFCE*_9`#b{#J}<R8<aY2&U%9Y9G9k}KlGVUtEi`YB%E#Z-khq(fa5fZSY6Ns
z=KrEiU(DjMUHESyfZ2OFF%k9_8M+XDlq<Il)V|A!NdU}59r~eQV*gL0Y)H^$9sgxY
zod^r)SA-BQgz3+eI^Vm9hLilvaz7}AoyRV+oJ+rbnekJxUb42~e4oPpbu1QQA|4UO
zIso&JmNEa#@@MWDtsQtqkvdUdql}$ZWR@44QpKQi!0ep_-u2sv*=2{W*Bs#8B$HUc
z0n3puk4*&?c{(}?)XlT%jk8OnP@9XGhs&i<pCW~N4+HZDpU(pGt<nr5lhUwm18-oV
zFQ#YmaZgLorOPB%S_mxPLu)RlPm7C~5dBQ34e2B3(3mS5NQ=G)>_%@Ln2Azi?m$`3
zT*`9-OK2Y&&i^O2%^@b}4d=Iu=N<wFd*|@D3i8;)7md|R$-2c$ZOisFJ<9U;Xh)n8
z*NPE{HQ6A9a@&M5yikf|ETCcc2<7k((=NnGAKPo6+SyzJT4I>0NT0!rXxM$0R=*|u
z!E+b!Jhwgg8*TVjDYkbb7`;kSC(;sqwY?i<WA8@A*t^kY?A@4Q>|F?Ed7H8abxK=t
zy|MFA#Xy~cc&>1O+4krX18IP|W@mARao8DgwN(;x=R&d1HUcq(Jt$y*9(~o;FEe~W
z2B=aVgjS%R{=^dFt%%*&R7uR>J}_ID{|>PgTcsGnhj4NjIeZ9DMVqqch;tc(3Gwzq
z7RTFc2bf1niHUld!DR>YNI5ZaO?hMvF?Z&I`Sh#|<^v#(pIiv$iZnR4qwm+35emxo
zP+(t1=#TSh7&5>c*hkEye=XJ-Jrd|Ww~f%Seu8>O=Vs$`v(5$Q5e1I-CgAa;3Q@cA
z!*Gwh{qz%xvB^cuatD~mqsX5-%OJKRH^b;y2rU0l(g*%(8tle=QGanCG5=)AK^z=Y
z58IkgoXcbKuEpW(oOzxsem4A(2Z*`55V|^K605rkv}ie~?Ee2IUUM34+0(P?jkh8W
zV~2~FeOX}2*(iTmM%}f%##h}Jfz?(k7IzP)f!=dD;-QJe5YD<9&=QrP)~TRHr-{6b
z3qY;A1Xx|V#LXn8+re8m12k9&YMmRj#9~n0N^xgmD(q&y3;AqF&SrY>_^!%&14v!y
zNf$A<g6@ASa+Ogm?v>-Ww<>`8fS-5GRE*7~{JiU1rIU@m+rd2cOs;Xb8THw;&Zp<|
zJLfy+^E>D}*uTY{(fJ=%>zCUN=S95sUb3I{8Nv>^0`~Z4LkHPC<!s~dVL7y`UJ5<^
z#1f<LW-wdAX!mAx?x^JP%&vEc5up&<@&G;qGxBLE_SP&g5buW<gE=sthT~=6MY=sw
z23=8^#Lg<NPMmk?wV>&xpn5;WbYQL94&KN9K+Nrjh}o>T`q6(cl%VkLB@n{j?lMpV
z3P1n->-pSw3}h1Xjw%`+U_M`Q=fLG)YE`@rI#HlKv6$zyd_38w47!4u#2mbwnCJ(5
zwu*-P>iE55qD*hU4BuT$%!W1Y8pQK80>23Jl{gof)FRIy|CIu0gU*O+ov2yTDQwke
z=F{+NBXl?RaS7g9O{o)c_*A_VO2=W$PE5q%y%rqyWpSSE#Chg({1xR3zDNG`r1%%d
zU(V&Pr?HCrW9~d2ujy5$cJ@7RmGKhj{`>axIu!}UUiEe!96TCt*mM7WFz;)ZV$B=D
zXx=Cr%^MYCF4MOPzXRvsxgYwbTw^rmW-z|G>vb^J=Yn~66~t~@2(jQop0^D7?dy~}
zJ6t4&b4B>0mBdVB@w0BE1l0eY0$qs1(l*e7+31gxS_kNU#3lNLt^0}jrZTnjMOLFn
z_g|R@2kYYvd+ys0X6q=N(kQH*E)p}g5u^11Vm{rb>_OSO=?TTKXA|>j2jcJ=<K8ea
zZ<>{1e9pFP&+2WGamWGM+gZfKd7!-rmSxQAutDhS3n8|8VTuNuD8yPHNabY1`7NZ>
zi7+BwpAs;BPQbYN0x&jjv>DACGmPeiV9st+_Appy)f>C)#C)=nm<aDO+p;}RyNFro
z;4-$?0UF})O=rY~-(SVzRNQ7XEd=vk0b3H*97>%@en7o)#**Xb<Op>-L_BI2`dpIk
zNBEgcqc2-YOub!-q5f+YHX#XnS(~y4`6tN_NK?cG@&)4W?gC{V!nJZ?YF(DDcjk(3
z-!Eif*N4c!M0(`yDsDfR?tg>s#(DmHgwGfC$WKT3xHzY{r2DONS}JIS^EyCzJ*NSs
zxHGAn%N@joL|q8^26gkXXFkv3g*di{Kxk{)U4#qi=I@SBCytBX!gmqx53@X0Q#%8)
z?k|&cKf?Gr(&-r8jr3T?)*@3oGsH8*6Y|5oY4YepKO=mVvEot1kSsLtC23H`Y0zYm
z!!3vtW(T<rABT6ejW>fis>fgda6P`oLW4(o=x&@V&hy3*>I_);3FkS=Pd9UZx`lGw
zpzgX{;Ai#-`rtnu6H`d$06L?{RcQbBDc}v}gZCTTh#74CXXe+$3qVEROA0{f`Qm!!
z3kG|@v=zdrAGqJea;cgq+ir^w7!bY{`c7&U&nYz42Y!+9t3;_cxQ&<|O1s=ZVx<=W
zJNvX-f$GvLK+`io4fJqZKDVOYPy%q!{`f|t9^kl5Z#Z8chtTX2&R-IdLSGkgX8hKw
zO4(SMr5JCO@_Y$L%8`e7E{~?3lnf<dDJ7sm4yZ}LE-;Dvb&5EPi~e1&l=Sbo4~}EV
zp!;!*&SC0oe3Y0TB88e+oM>uiJ+8;Mf!QeVkzd8n9pao@&WSk_(1-(6oV#a;s_46+
zkKfco%#1uZ2=RtJHc9t41>oSyePE(biM)?<h-?H_11GXkHX<7pBeKzEL^fs^k%eF`
zZBzC%q3>K+Z?rwC7%Obc_8_j%Z(imAv*O_;hNps<2y<I;hJpTZ%R+XZHN@5;79Tks
zSBK{D`^m^(>(hKt$Gnse`mFFlLHMCM_HDF>g01#Ypxz!Dp3C!BBaK%w87=Gtv0f>c
zbU)6o67-(WLHs1n6X!kAT$g-|xo*yd(fK}4CzcJAi9T^hvO5#JcUa`You876ofnV`
z^gj__e@!;NJ&%Ut7THMR*CXV@mz0Yd(BckI8+(YkBmf6XD}bE`M!rYc_?(c56%Jz7
zC!`R{3i3VTK+@$9j-Ql`q+DD`CXz7RG>?YKd0JfrdQUf{&J}_$QHLTOHs`^?ws^yy
zoA!Z;Yq!6~kIOy+jhOsYd^CPc!in!OUA7-W_<lK&LO4b}Tk|Pw|G6Uz%w{o0QWh_s
zCt?KKhzS|c1p?2ulB+i)Y$-jU%j5NcX97J?CiK9rp|L!^bS|&EhdjP6O;$cLm)C$o
zSve|v+eoth7Jf^H7^}4=e*Xuh&K<eLI9o1-I<koAmbk2-Kic<z&FIbo^JjB-U6Hs9
zU5AyzPV`NYF3*GRFJtl}83{$MO44Wr^W~Nro1ajO=d(E9u0Y=?7tGcwh_x<+*ydRo
zM%zMQXQPwyoP_W8zd?q`KTw8#HuodS5cwD~<W|PYP*nMwWayE(6U)%D|3_r#YskMs
zhTKAiB*J6Lwk;FOQMpBqIwp{#K1HcQxLz9^D@W_*q~u6TlcP0r#>>$YX>zpPB1hpg
zIf_moNAFaAa&q*|3FK(qXuY?O@2f=%|1rMW+jBmKujc)jzM9*X^3|fYzuQ-fPqOgV
z<Wvl<Tjn@T=PO0%XY|+V2LHOR_Vk>IeKoLyigUk^ueS6P^3^_$Tw8Iqe$H55t=zV3
z56&0IW4s~uiP-#+C&V~6;ru@k^Z$U)U%qozK?A#=zkCBxQuvSCQ~2+Yb$>L?&)ZZ<
z!$ipL4QaA_Pi4wqd?3wVY@pOxmQ!z>DVIW?5@MokMrGZPx+p2HAmo&c(2p&rJF|#+
zAsHoUaQZ80*gZ%YoG*-tr>6F66aU0>x13U>&fpjL9`>0D_OR>j$uR0J0kd$3#9oz9
z-bhTBpgOwM7c2c2V0-?hUjfY_fy&~9ZhOf6mB5%<6JATbI!<rC*BM>tiv<>gw*&P7
zP10><LBmCyZh8%<9fEGrC7f;@=+nqaT|AZL$5i;)Y`=AUZGbvQ-(8w|*C+Hi;=}qr
z;{Q0MPK1eE%3%r)2w7SRTE~1)k+;t(QfS9GyTfvzb)qibI|8vMw}H9iQ84!|lwx};
zX;`lXZ*&_m6X)nSyF=<ya}0bY1!s$Z6KzluPP8|_6fn9k=3|mGw2SAul|ttgDJ19A
z8+}u3h7Cxp?|}?MDj{ZX7MM~tn2{3DqL+Y*^oYJj%#Jts{-Q4NdsyzT@V&?#Z-AL!
z$zz;TDrq>`H@QzF&hhv=wo0)U5l6Acwxl*?Pv4ZKEIuS<6H{`4naDz!ST-6jT%QFo
zFS}y{=3Qb=Fqh-K<9&{IaKQ4?JkVY`N!92+VxDc1LMUUXzijb_Jt$LL)-sqKd}<$<
zJGV-)%Gopw4(RGrrZO2r`1XslVF>4GMXE}|x`f41ma#a>{w!iHaex`f1v6O1VwkZN
z#XN@cMattgNQZP@J9$3!4Ee}R&Sw^<k^30CGZ#ae2j($3`5mLv0~v;`gqUtUBZPSD
zkRcYegSjJDHg>we{InP+Udr*(`zGx|9I$gt;(eSy&OIu0%+U(w$L&U49+e?hCdP<P
z=VNpqw(#^YRd)#6vUh}^Q$l|3u<$R^-`z*~_j?6h?wnPCb|pGUQ@lIh!n;B~OFjf=
zCx$1+S)!2ROn-xRu{gD)`*&=WVoM~>XI??WiQ=f`ZOR^YX68}FP)hi|6yh0W0QoMs
z5X?751U?ElK74;l;e$*A74b`C9uvI~>|Y)n54-iZweOLk3y+gCbm4KZ@B2x8lr8B0
z`_vk{CG&67M~|Uw6mc8}Ug7!(Dqwl38?-I2QPtzsd)yWA?e5ny7bW!yk#zsQTw)-P
zb!TyTLtaC@^7#rHj+T6USv#CX*tvoW$=mu7>SVkw@tEk7`}o-ko22`Z2Uh06!KQe_
z9+defw|;nh-PWe;sStcoUc!A#lpnX?3)DehVfTcJI<KEi!_m{US{1+lX*LZfdTI3+
z#qZA}{`zV4wc_`c*#Eb*`YQ2z$!r=X@6qa|;&<I_o?nHC-<Qv(Vf`gqeTDeFcs32k
z57O!y@%z*Gy+6=uulW6`*);4<(CSM@sFTsViPO8(0a_)ILPwnu*C^e?8AiFx)@waT
z`)5WV_Oyleh$rNY-uYnurJU7&*?o3|Iy=N!G~2^V3><^yjHuvyG{`?Ywt?9p##lE(
zoqtVd$T-J1*BQQeQfJI8U@_A-Q#vEzu-IjxGqOk6*%bfjVd_Nta#)$#iL~W>G%<aH
zZOWb<+lYy>pXnemly`dxF;|E^c=S#2S<r#=Am+_koX>E5fpfiSA(&65&GXe^>fF(n
z5$cfbq3FJh&~P~o2YyezXoucNdv>;**Pac$%AZdeNu5JM9o#)koyf;Yd0IfnzW-M8
z{T}}Q@6*PAqnw8IgZx=n+Pi-!r{U=D__OE;JJ<I+v@dRe<4p;B$U`zh5U2?4DB|Cr
zGn<|5V|@s~gQI;Cmxo%5a6Q6nug;uJ!^3y~e9ZnkKSL*Vo|y_JuJLA+)9_rnsplpc
z+TT>Bb{<ura|<L+9)hXN&wdg}?TR~H1#LEIdD{#qh^zo@wG3)g7c6IYL0<yxejBKJ
zWzdL#3EY!H9^we~p$^H@x1)dEDnqQrF4k78_WXY4KOUBA7A5PV#AO(*ZxEGveS@f|
zi;@BNZb$#-5M=ZR2dVm<SyNej_K|wA2C<B(%-+9!(_rSJr)&^9O?mx~la$xpK>u(I
ztnti{hh$C&>+e~t>3>Gg6P;D0PJZ^0<M20SG#t%<F2pV43k5p8-y~*DGcik*!v2H=
z>LYg4c}1Q3%2*DJ&R(UM*#;_4?Y|#DMV)(lIgd3wTn{09FE~O~oYSI1MTWI52S2Cy
z0-K{Q6Vv?+n6JrG+fT_;4|JCCbqV(K+{oYi^p7ojcb0c?t~hs(J1bPCK+KcL*Tw1m
z_<G~#<KqKU!K?<kU2^+kJ{hVN+ft)U<PDpb11hff1C?Nc4fPn*+5rj!mApP)uoBFc
zVp79$_|Njizy|q&SyF7TT-dMU8e3jEnk(yS8>sC3z)0O9Nt|Ji+F<m2d?F)tJ|6ub
z{Kmrt5E}i?z6Sms>$iI*XzQDx?IdsegE*7(5X$Ia>Wqbz--4C=j4I2YUkRpML2AkX
zYOy`p)@moUD0|qxk5VUtHP-^`$As%glscOq0@FPKJU5rqaD0Gz@%!ntc=7`AQ*({Y
zs0F#b3BZeVmGZz_rxf<bZJ;9W-vIhUXB+mOJloKF5_x@(P4_$Py8jWG)OKu^mPa3g
z<sMP5t8N8oz4t|2rSF2~aDW=GjBf{k0yjXFI}f~88s9I2TBOu0{%ib!uyhPjH7N_$
zx$}F@FOHs}oP+X|4PJ!pOT%@GqFKDoLNo)^XfD4ik+6fhyI^L)-hB$I^ZH5f&hJpy
z3`m;0glq_&r|Kj5HKVY^^HQ(?{$0TNxcfX+1EBi{=YzQzpz!1J){p-IytRYX)Jn<p
zBze3{TWRwR5d%fKzyvheU&hY#Fn&aT80UuX4%&79_I>X5*#Lz}7)k(Yo8+ZNaF#FT
zu|a-tmK2i(99L(6x_6_j$u<b}KJ=Ii=kCe-QnvIV?@Ura-JJ^s_|D!c(D0q!g^#&*
z%Tjhx+B_n%t3RNCihR>3FEt*v!)UHD#~@!bKUl`jgnJQh$@6;cWi$+;Et&g$bD4-U
ziGE<w<Ad{w`4ff*VqU|}%5r-Dk2q_GfA10R;NQE)#D9J^PIeRG-2NFwsXD9Js>Hed
zs@WbI4$IK~A2#p?%6u_mgKC^ta!&V8=K0qU@5%gYR(w#ou)h~=a;1;O74ImMVs!vo
zZ)U{xnk;2~qcRo$<LBR>AJvCRe$k6b4f2bXHaKozn5vETrG`hqg1Wv%CbgcCR9%#~
zr7jBCQ+Jy_X<hFuOVjle%<tpKWcNQnCZ83s9rw^M8KjJ_LQI$Q`z+E<VxGzdlld4D
zbjiDjnLk3qQ5n3!9}u%whOWlvNb;VYzj=h+q0kbU5!b0~v>p6@iS&J9wn)(B19;Yk
zK2bC)l#HzfDGj?N5wEwr<4*e>-1;RW`JI&`G^~&Cd+wuS#`&1IKE9Tw;CO@0XFPv<
z9K=MQBbmQ-t{qfK=QSj7o%@JPOkILSD_cn{c{Urr^Hd!2lizvsFx1kcP<sjGH8Wc5
z#B8oYelF^V98f(rIEeC94y3kEkvj4B3Y)7S0<spMRBiTxwxZ;k4ak$t4qkr?=i^Ca
zg;?!U2fx#b-%WnA$TGK-jpjUrFtdE0cAoFEWiXY~+%uTUX&x~7y|I=7s=kD}!bWP7
z-z^onm=Nv;DC$R_**DZs<F>g9aGWTmqj|LABL61(Oh~V~EsBPIv@e;z5C2ZDS1>?T
z)J=gZDTd$Vciyr?);a#!!biWf<Xe=^Q1x*EFPqajs*<#POf6@r+B15mQ1C_~#TzeJ
z#(p+AR-vo~26=9u?=gP)`I!7{P~nTMmwmB_4BEpxA}$@ki@K){3fH_RkM%DN2dIH<
z{2q*30TtKdWD>ud;!}X>m>rVt_er{6u|cS*lGn+^c3H?d%H|Zb(=w>2V_}$jdlh&t
zXz@>yei^>kA@WZq-wn8YF$v{ymc;e03+<4!=DlI6BF`7ubpIraeN4AmrBJx0N(R-c
z*LR8d?wf8J4#?aFec1c+NAO$3Ow!^HZkC_Svd7KgXEtmqF$aY{^QFz@Hxtm~G|QuZ
zosnE`vNJ7;*uPl^W>CiYLk#~7O6M0Rl%lHL0M(7HgxMS)NZCPo{2EUM@UCwqvGp?F
z^Gbi-*r<eptx70RuY_o+u*K_$*=ISY-amo98NL6u-g5u#9&!Io=J(%{_ufd_y|@2#
zTkgF9R3lHbb)`Eyv`^e~o5-Hv`@bkn-EaG!(y{m3@H=t)Ke795L=yMgHeTp{+w<Zc
zn-c2oQ$q0_N@#EC_<L+wZhlY6;hyLo8y};4Bll;LcWRO`1P_oH#|?DW<$#uuQMUlE
zADEnTd<r|mAS)1)GWopu*!(_<G}jlycW}*zbG{7W$O5m2$G-g1_aJr(^@#)z0=byq
z=UF0!PAhVioI{MhDH%r4PE0w+XY9z83^}LX*pVw6y#QThK;|{rK$C2sChxWFLV3<5
zCa&M_$|B|>x~b<;NSv%wfZeHBtRNkooqwD~!+kQeH-NL>JsH%5IMW=+5c)ov!(s)9
zE1Vy$moGHOQCvi`LrMQH+4pCZI-|M1^JFq~?JOn+;(+fH**g1_jLxr8c2=$0x-S1A
zyN50GBup8#%XbgcFv;R}`DxUXB2PgSEc9?s4xt~~Yv*+U>Ok(_p@3RGL40SPG&a7o
zI>RzfbaDv&86~4;QNU8aE+G6gw2w`BGYi}zZX-d<c5a`f{#`><b!QT@c^0b)&{g5&
z^HwbLo<Z4NA}`Xab_s+^VOl?&qoee>%|ai~DQcNtPUta8o%<{IZ+~(ibCJgep~IBd
zH|-U*Ne>D9vHp5)D2dl3O}>nN_IxRZFnxW5hDkri|8h#5T>xHaCb9Kp{C>d0a>Ny|
z6B8WJ1@nEe=p-)h_^!u2Wz<F@eWni6aQp=IVt?62V#u2$hvSs>4~*@fiS#^<K2u5O
zRU<T<_<(xvkbTBp8TtbbP;UTu_O;e2p=khxT|)m<&7xtRKcDN6hX!fb{XX?}*@?Nk
z9$5ZbkEKsJ+s`fO93G_M#Jl`k3(!}4m*c(^{h|y|dAzEm(+c0AAsQw_wECYZbtd6r
zd-C&9heI{~?j4|Np#t8ZIH#S&HOe*OcxZ&vg3TYs&i|J<{xJ@d1LuE~<BrkhG~JEg
zJj!fUNhgf3`hwokv7%$g>KdZq#G91SE;`7^JcamulY0M;T3{fl_nsM|VfSfT?GgO&
zYs>me`VV4CQ=kj&9KKr*@GR;^h4^CifxM7M&tu~>186vwFRx`g-%sN9@WCN=c4(Y!
zUB8|CxOY53%tz#+_J~~6-y(tP{fMzMk}=k|xj$ok>`c!{#m<mkpLFaj9Y*vq(MC5<
z;2WVWip`?ozyPhrKDhq<xa+L{`3J1CI>j11761HiX8S6E#F9ROL~J3XWm!($yoy4Y
zcW4H`E4s=C>Y+l=h#k~JC7|`9{n<%O^krKXk{IMdS70NFx$~hK*U|36h-)Q)w`qef
zw!{t9bvDo(vq25meX-zAi3x6~4z&7W(Q@!gZrHuDoZIlmJn*(uk(ehBsso#SG2H`R
z{bCYx*MS%P^}7KI4^@EH3!tjF-pRD`+pnxK;0Ha?{7|FiY?QUnGD^c_gn9$TzL+k7
z*Xm=gp7r6egP@-<8kgn4K~KD4Pop2qU?;?^<1e6mEsM1O0?O$C%DFEVwL>-HDPV_c
zeHMwKUykelpnR<XARQ=;N+-U}awd>iDdOG+YEYbU#BaPP{MgzdwvW!ngbY4r+?E<M
zV7tJW6`+9vYKLXaA0co3fS7QS?$(P5%L5ucL3bk#xn0Z~#Ut8a_bL)Ab%W*`<m<Bz
zNR9PG^7&lQdd2#!*Yf;Po`1!^atc(-5_nrKCb4b+cK_T1aJ&rk9#7!%P;hIZ5!lAh
z(!Gv)@Hofi;2;g_;_qZW9oI0oBY|zc7_M*J-vRZdX`rHS1grSkr}uqaSHW@AUsAl3
z`4>1w8Sp)&JBocVbB)dT#yd9{|2jy+@#ElqU3Rq}l3o3Q4?vv;d|#Kvhb7(rWl8rB
z-kxC$D#e{MK=&^ID6E?cTEZD|p$)BYT(^Pbin<W_BER!IP`_IR)eVpH9O_n{n|C0^
zbG;MsoJIe=T*K}Z){={OY`IsN-kDshlogU1T*nP6QYXHTa3g%pmD1=~4a)R>I0kA^
zVex>fIvq6609AFRs45O9cO=Hwm9XadeK!tB1k@&ZsWBR>yaa9Mg}-?PJ9joC8^47<
zc5s6))^VJA%M_?a+HXZ3*yxMJ74UW_(ADY&uU<uB#LZ<sA%Pe90p-2#1L_4zol+h@
zleFr6ss^|EVlBA#wfkaEfmHRvd(?~Lw!Tl9u1E|~_MKaVtbBDQ4JY2<aiuIuo%MgA
z>^p4z?Tom<0r@Lgy#?U$^3A@Odx%!=7@*#F(Z5o_UkcLK*&4SR)L<DgNB40Qjz^@u
zZUeQY{IAf&<%?O@!?mFM*H=pHY<jXToNpTEjbzQ}Rl|JEJ9j1xlX>7xey?MQj<Jhd
zfX8WO%@pT*#rmIopUXhtdwl&L?F2O)j=M8?joZ>Z(Da3%mKFl56@s#XdH}~=|Jn_P
zC!RIN2RVHum=6umu)7PqXxq<RKgsCbB!&7OxQgY(!uPxmFnxnG3_l*bKQiyRRE&a5
zk{FEfT#3OLls<Zl0_W1Jz;o951Rnwu{fxjANnIrFi}QWV;;OGmx*ugdCh7iJD7Owp
z3y6H)?o3eiT&QL;F-6oJ*ZF$GDi=9)to&X*B_+QT`7t155Md(ccsv+s*yoJ68ic;+
z9;9kqhAIH?HvoLS_kTGK5MRi1EUu%Z-o>?vZ{`K|m(u8q`uCfaQY=BK6a9(?kTq!%
zsI6JN#!o=h_z613@}5KR-u*LZSbqt;$#45Ez<bRz#`2!~e?;u*r=0in*m&N1*bbpT
zioJqnaW<i4#8OKUaW85qlA}Dn21luS*B`hYScEnq54?>EsWnE#{0e0)Zc-H_UXOnP
z_Sq-k7j^m0IwLOYTybsKo6GU}ZG>lpR*%6&E}!G)X3(%Z&c`~9x+%GT8?yMIds04V
z_bc27y?biPcMI+x@23S{nV{|P1Z}5y+ZM!?Sf>Uau<R%NB(<N=^5;+H+rJfgi<KGT
z-hx7Eqi1ST{&;H&7lFqtHLm{mlYysEz;kFi4ZDAts=JrG*Za-k6t3LQSa9`%1y_Ba
z%vxc@N~fn&-;V$P^zFtnVvg1&`aY<^ZTzff^m{zE74HPKE(bK|1T`pRlkI1@q}Z|%
z>Li(Puvvlr#9pd0nbbkk_j0}P<pFjc%^OtWwa5eAJ?9s@LGQU+fp+u*-W;Y*)VoO=
z^3A>*43C~a#)h1`5=_aYVSOWb&&wt4=Nrb`ki`x#pEYSX@b77R?DwQ>i2g^eYZ8Bg
zf0zxSa!G%n4^;FsPb*Rt+Qa{rbpMwm-Ou7@qQ+h{o7XraIegCpeSz*<pn43fYk15p
znq9M)um7B>^<N=h|D98S`A|}t&xUZcSk4HrwbD9b;#y>hxXa%tOR@AdNz*zoV?)&0
zCv<*rkg9!YI=_2h?0)4W8Pq`5Ux6`AhkJw{^P2FvhFvrqSOH#!qq(593{Pw?PPxX~
zi$I647dwQ#=ooJ=&e<V!gi@y!=GC~?K)W<R)%U2FZ=tO9o}%i@79Ab$u;`^9rSwwp
zG?%|~7WwO)K>m6skiXsu<gZuA-?uH_CXZXb{XI*J;>;)W?J%Xz^{qFs`)I*3vA!v0
zd5YV6C6=prH(Nhuj$Qv={j(2W|3>6#{ecWnU7-7`#hU0RlJ5VCSQAYbb$@i3>xx7c
zuLGE@*=loKw?P**0RvOGyaW_bZ=5k!Uap?b<2>=)3!kCEZ@JQBrA{gA_Y6^$okzHR
z*=T-;=7+#sNU5{MF6wv;QMDy&?7m>{;8<CBSpqeh`_X)?%R%?wA$%<4?JHa~96vz4
zx{!hH3&_C2G#Mb%guh-Q{B`HVJ`>77Ty|AOm9cBK1xm_qjm!KS@13XNz%MEDSx`TB
z+*Y&rVHw&l1Kr<+vZR0?=U4~w*IV+&u5k>Ls>wNYoTDnrc$46lW{~>tpER-Wdl_2?
zy4X7Ku_WFLWv%--RiClQMWDdqH(g`#6;6CIHgTQh+wMHenLEq3J)h9GZx_6=dm69J
zfOw7mFy%Kz?J0Q3<tcbt&U`ZPJSyM`O{3xH5nBD6$ZH)uPs7o}wE73bWBrG#m!<p%
zeTncN>V*GLH{O3(`!~coH4*Df!s<+ey#%24iV6BG{u{pa!N|vdM`m$U5laf>kBcRt
zK15x6SFta4=W90@zdB39(SHSRky6xNsucB;Oi+2Auo9Lh*lE}OXYIQGVTIJ{t+1Tc
zW4u$++O}S^A)X0pBumlUZcz2Jz-u+`1Z@(w|F@z=D?p9>RADunBEL}By$c<Ew0C8V
z+y-jt5MMv(*`yX6salV#XMq~nN@DSu;Kld4i&O9Ep0V-vNeZa1UY(``ohdoTIgHu{
zrKrE#q$<zpI37nb=>E-TY1n-Ocu_xpSNQEGN@zH+gL)AMZz65Ck{B7J)vuP+ERIxx
z*5<lyLmWVjtdlfi)BSA)WJ9kF)K{G~iyzB`kkx*@Y+Z|IPhh_mfkrL?^_U&hNF``+
z1*nDt)X2r4MK1$2vJkXxTiW{mj?|dlIo!VCxI@ZxM#C}t0hBr;t-$K#dK9UuJ1wSW
z+y5^Ey-j1se|dogW(#il9ZreqPy@%U0!?~g?7R1`wZJx6_rH$)ie=4xIjDvWRLE%a
zM`TzNzZ6ur_`4(RT*dvjT5Nun?nj>~G7B{KrJzR2K<nO`7O%V|)!&z+`+v^nENdML
z$M&0~S>l@6y8p-6Z!2hIHm9X0Ee`tjO=D??b|SJCw3hqQ;JrE3uOmnI|EJJn4J9<}
zevrrdn(^I5$UE0;h`&#n9Qh={=ja<AqwMd83tZPfmJJ~&gn~jS%>Fk9qrz(S=pqJ@
zNISp1`W>q3;*4wji=aMSFtZ@CPtjVAay|XHWqsQ+!TPpkg7t071nb)tvA(UO)X8AE
zN7k<DqpB{>+QL8z4m|@@U7WQ|csRZWl^LCdD1%A-vKqV>mW?qq4p?}?&ikhGx((sV
zCbg(%f^SguFBUkD4N&#yh<F~AwYWGN)qRH7GI}@{3LcvRp+>$x(9^OeP{Znm6heWw
zq%gYyV9hO*s*^_b`t%Rg(T$m;c2MZ(e-$~l|Kz0Mz{9C{z#S%UH&6$ChgJ{#1NPNk
z7#?ejO49nFZQ407zE5P}<IgMmZ+NF^;P0Q~Y*r8V!uFW`7P@>R;(QZ7Uw}BDW_~i?
ze^dA>jZT(Bee^uZ@Oj?;FW7!7*9EVLzF&6Iuv@h4G^x|d@5T~~PRrH(TSmq{e|eeZ
zxlQ-$V!riG8rE;2UR@!ziJ--oyUeoQ`+Ulm^Bw$Tbj11*j_13lSYm4*GmiG4Nu3X8
zLBV5Ff#q3t(Xlvq+h@_wlXQPw8jjxnOzOEONB1vI$Khu!wklWme=6<yJYpF?SNG4c
zJdcbh+Eo{W%JlzL7Tq+3>m~xa-+C4sY_Qz5e%AFl0ELnHpeZ&8^*#5ftEm#q#}zqy
z20-msr-C*{pUvcZU5{73?s|L*6eRb&9OB&JFN<l|{WZ=%{b{(lda-40lXU<2Vd_lk
z>5ku0mCNmn5BD=ON$rr3TO&=cOq)RN77UE<Gk4(Q`?S9|dCdeOYIV3DNY&oZFCSlf
zLmT?|-}saH_w(n0^MC&sr6zTL7x=!woHH~W{Q~tSV+C$;2F<!hj6UoCouc9RzjHfc
zu32gvK9{-|g1--)OX;VH^gsSK2FCZ<DeTmx#WWnahV#{b4DfuHl8B=uV~nhp#XaOZ
zr4C;2q;!j-xox11)}gE(>!Td|G*v?;b&`yl#V8Z{uYxu2QR-}!<@V%x<9M2%Yt*FH
zcW@bB-??k~`Yup2etq}PCLeE!P1HvjrfR)oY<$t@1yvR`IB=aJi`pzcld7IP4%aV5
ztr+CJjuEPQ9K5}opKoJ-|AJCy(%*h-Xe{3s1Js@!7~htDKKQ*+*>HX+-}c!Fi*sW8
z3xC5q4+vNuxA5u5)#t|0-)}b$olp5^Ee}%lj$!JI+TmbCfqr<L>$ICr)3CmXdUX-o
zkCuYkqQq;_p7~rnp8vQ4?YI`%@(+ON|ISnAVH)vAWM$2<B2eo<?r)rK@#k~7KG)Oq
z`L{;b>K|Q){!qYs&I0epjiW9b`1{Am7IMD0h=$$sxtzZ!>VhpSqG7#?w<Uz1vY?2D
z6Z3f6{i5I8A{r*5ty{E}7twHZE^m8Ww9P7_VGwQCi?(S+G#r@2+x}O4qp*mE<CVOv
zMf973@QJou;ooE-e6xAmkm#3z@Kx}(C88f7e4;ILWUPLCRruZK3TfC~&ilMC;5b=G
z!+IHSyF-lsULg%9JmQ<fmiT>6%BOPYq<pHRU1~J{ez_|XFhoz$aN>8=+akwnb(z$*
zWOG?~ScdkT^VEraTc2g&+bqtvAdThQH!ScIOMEXd0sNJsKGk;xzkIKdh6BImc$hBu
zF#VoI{G5QdkcLSK?;9JQxbNo#9Ueja7W2Mk={{cOhsRIM5w=&~GdRLw%`o|I#hm!=
z#Jmf%KXi^d^<PnMK=99P2!8>G>3fzKE!w(KnoHwxhV<Aa?D1tLhY8!BJjda}zoX}<
z6KxXwlJav7FHyBx_{+aJ%isB>fa42=Gz_^Mj$eql!qtU5X9Tv@jHK-Nv<s|-7ERFS
z(h*+sBwyg;(*xX|t#6}Vn>Y*GJV>4ECEcH-$FgDT{m5U8yFXU1K(z-*tj-NuM;53-
zyDuhc<}VN0rPzv%B(^dS4hG{5dsvM-S&CIS@E!OayYrMN7<1<-a)O4zZaq_(tl0#=
zD`#f`3qpO0Qibn4e1eAKBV*6vEk4ETYy|ASSc^<zvJLVZ?Gl48o(XDTBVl!at?{sL
zi+zyiPqMSu-eBw1V`^Ol{a|*(`22<$EDznjT?k9LfdBJnsPn_mXQt-E@9PyXKQDNK
zpUuaycbueQI7h4Zvime+`+fNY4JS-my@%yxlS9E)ITWauLo=s}dpLf6CpLKx=ZBO!
zgX@SHuuCy_9vlp;1JfOE*b|VYSj2M2aSTmuP!0E77*87zJ{x#PX$Vut?5AIhG*n;|
zkE3^z{9sDbh4ENn;RExuW$rL_^xm5D1Pzm6I*vcAxOlxFg^NB*jg3=j^A&ffI_o9y
z%6Yz6D}Wa&__@43XT+7PqlffJ0C-u=88@&RqWG-lWcqpY6m2WSeY-xzR+YT3dF(h1
zM@LfprCadQB7HRe`tfP%Y+T3r>!a+wUkFDb3yuz1_~p0s!{uF8INj6f@}uMYK3sBc
z3CrBNKO)WVIZd61Py7{}!qhQ1{Z1NAgF{rc&hyKbdH&hL3&+sk4-k{(8x&`qk*-(C
z{On;M1Ju$I&^!vLWq116`MG)ts>>cHX8A5+x}POxJt*y-J;Vf%+5zPDQjkw1?u)qC
z`SuE6vEK3(gq{6v0{K95R64PMQnh{+i8agxO_xAT-u=UW)BFBrSoC#+796Ik`*C8H
z?INb<S?njb<9B6%LTn%N?GK?}V^Uww1udBS(e(9FtG*^v$LQ-%AE#lrou8k+pw4zr
z9o5-$j*r*bzdCUNojn(rkHXHYXN=WF?+O`wfYPu#BgJ?6q!iyxl-qf>;JYJAMpbeS
zZ=CwbI{R6xE<XK1N@rK2UOvlpHd{}hpke(S^|EvE0~BS3-|-EM)s=@opkZ=0#lKNG
z1;6hj%FPc>F<m(Zw%_n^s~=0V6W_@f`4s%bd@JqQxAM8{S@U*&3;jVq_lGWINA9BI
z>pv!S>plglnckcW8p+@^d*?U}>oSjjlu{ZFWLj*6JvIN{k4V3@r+7XGE3G8`I?fN7
z<L|?=+W+$T#X)ut7P4^;Nf@O;s{XC|wON*8FQnmgaXz<|h{IoTd;TobV}Y@HEcgMl
z>l52d`J?f{MW^uFsk^x)6VUS~NY8bI<-@STIXR!pWzuG*=R-~9E|xl_e<3EU;JGoQ
zw}Wbn^4jPtZUS?CBQa%B8(kK)(PdE^T^6;`<s6%_BX^l0=VTZi3yCRR0%imX``x$k
zx>Plw_mn{ANw!D*g_fQf&~?&WV>713+j?ptezFAKIXOc=d2*9XV$CzSU)Nj#><o2t
z4ruPlpf+!uY5=uBO20IZ6dKJVMMm>TvC&+@pI>bQ72gQ}f5#((+F~bW2S8U+CuO}y
z!wCtzEm_3$Nc>(=0H9iTai0kLEq{;YDrffu0-Yp=^DbQqnjr%__fw2M%xEpc;&HiM
zn+t)}VsEkYyb-7i-hEf-LCbi%hN+4?<N00TxV*7C6doug%88szlq;nQ`2*pv1ik0p
z9eU4|%k>^+3+96M5`Y?a$G4Y4#ycJf)KbWNr{31;+IN<EJy9tX0g2tYb_0o>rqo$)
zgXKKmBIh|A*MYj$q+Wzg-ywwpjlklso%uApzTjFTBHQ|dr|9T;_lfIj@%b~@qtc1%
z2Ix3ieV<Y%d!DeJxXv8^{9%5UXAI5$^IaMyrzxWuwlhCJ3##>EVg|CHtMwtD(fClY
zu@r3W4Pfh!XMsw9)RuOE7QY_U(mkL>vp}`afT{5|zK3F8#n*qZg0KHFZV_jMzKpUd
z;?cK)+A#xIJKULSci)|ACo4f!@@5uDx6Ld#sz6n9T+w_0>Xmt<mO2zI-kj=-?_IF(
z7DbD%0~O`Hdj@cLa83Ws)cb)Apk|8qk10?^#rs#~k=oMx6)mv=)EC9Ohd|NX-vITg
z8Bnkn;S}({sX$eocyC!Asoe{p4LBpN5`aRMuj^eJP8_4&bey)Fp=v^b=bBrcM)OuF
zb{VBkpN-VMsYq3IdqC3z9KQ&EoetWuFM>LIPWSeVFT$eBK=;oD-T%I#R2@|uRlSPb
zIf>W3@n?bV&jZ~*8Fc>?(ET}}`?Ep!qYku#?*9qsJ)Z@==S!Kozd`8y{2^Fg`YdRd
z&VquI&WNjS0JN7}pytmxxcyQY3YN?HRX=ip7yT254$B=gp`i3GNwaOaW<vt_*}%j+
zP#vcspFMjDw5y6ijZdptv}!Afl}ezk$-mFV&fHe>SU6PiSU6OGivFME1l2C!#JODx
zdQZSrv)BXq?M&V-V)9m7FaxHNikiij+DL6(D`>0BL9NSDH0cUZFLjVw#7$kXthr69
zvOY4W2hO$oJXQ1Gm6ki&_#AM)by=XDxG&;*XwFO9{W27kN|H8LE~v`CH008N&l&Mt
zIs}?6?@Jqe^Fe+69Q7VnTvhKYuBxA<$^FO>4F?jm`d1^VcGOq45gLvjqSeo*wVxbf
z_noSLF*0_Xjv*R$zd@__r1gIc$NvkhelD&5KM&Dx^v|^V`)U2J$MOF}tDjEmzjT;}
z-G8Fh(X{@b9j4*H>$G}%TK``U(s1<uX!XNs{a+lU;lv+l^|le}WPU*&Xz|Y@t>9Tm
zObzu4zO?GKpr|)`?+A5{`f{JMtnWnpAcNh<=ijpWfuF&3?eA%|mImXUAJDM=Dy?3V
z2IIO9XgK}~tzIc$Y_5{{8T1+sC&CE&)X;1EtQh}I3PU|;+q)Ev%tf82XwkQ+TKY3Z
z>umsau8q`|z9(yePk~xGENk7zs5;j{Y8{g#E&~~$%{@ld`C?xPdHVr?LX@*$HmJx~
zrQZVWgfrqQmGZw%-lXa%uZcaRmbWOA5!AnxX!8_%74k96#P35W>a1BD0Z0Ee`S-a{
z@640#b=jwZw^GQ_F~wema+G+pZc)BtdO;!TXj#z$`Jfi$%qYmeWkx|mtD@;{Pz&;A
z7BuWr*m*LPw|E|?m(79#l(&XW3cFYA!an;IEl|#%VLMc&+T#mS?SWcQr{6ZS0G|!s
z3b8>2s<0242WoS+qQP8HFP{Yk%{X=qsQGy_3kFb^?o+hDTu>X@6)oTg6`w=x*yqtX
z{JDEEf1W7k@SnhM>{GO0f~uG1ky;7qcMP=d(;T;7J(H5#XDD@E1Y8Hswn6BF{QF!H
z$msvC{QF#$3V7dC>{VwKdlll)&hra77tT4j-S6W1_eUetX~k(Y4^+fwa{e7>sk#C5
zp37HlsKNftn?PGJ{pt;YSE>3VN}aPAeKM+E9HCCeOaCrwTMB{k3x2P(NM`Ff{5L)w
zeGt$XO`Q=}OuWPTNwVglocBsQWG%1&)Y7M9?OXZxxv-7(>5w&;&fDWIP+33VzkS10
zP0k~!dvQL}2mC(pa?pE{I#_y@ssY&%x@ChD>r>!4NuE-5jWoGRjyunLAgf9yCFfhv
z&x<?HUkBhtyY>zIccT<*-UsG9DZ6U5cwS0M&R;A3ULyKj{6p$(Zk1x+97eeVt>f2J
zZBRg4GIf*d3sbkb&_+5O(+f%^o`2JkGozriMbV=9oImE~K?wQ7A+>Bzmy4T@^19jV
z9D5a)C$vMpGnC7+Bx}8=IUe^=3x13Ey#$oQiv<4BUcKdvxa<;_$Bx5Py##URfY1y|
zoyQe>RSBieQG3)1T7~QC4f^v`t*gSnuiN0pzq1rAPzh??Rz+(8P%q6vdnL1d2YeUX
zrC(9?;aN}+krgd57u4xOZXW`@2YFwIl<c0ApV+=|)w-GnS=M|<DU+`siGFe5IP!zu
zgE%?}de5cuL)$N1r7`}jds@~y-lXc_Fm-C6_mquL=S^El>=1C<eIrfr>FRE-*A9$O
zX9)Bj=LmHotU*b@jo+6*ea?M;G0usNzeCpapK+UvbYOGaPe=QA?4#;v-=}5GvyZBO
z9H!3gp!a;r>Kk=|=KBd%mpMr7-Y$OL9_<2qwnfpTE|EVBWUb@JRP~85m(9@qbvtEE
z`Y~01G)$dyb0CB=JVr+6ql{j+f&7H3za62@q&%Puyn*kaj19|LFvjQKK0=)c^U-1I
zL_P?<!ujB<xc&#d$G0k2gRosDe7K5|t2dD6s9HBnodZAi)uKKeke}E-`hBOY1^+<R
z?Zec0c^;|#?-A;}ERWRwT>QI#ggRe5PZy!D{rO?)T*UK=IO`mW*5Uy+Z}zQ1S?m5D
zRZ)(b`s7e!nGy=hN+_^T4*hB}4WCt@Dn1juft!f=FGC#1d)eJ@66*k{Zpk9C?%7b?
zt3Xv?1H=NYqJF{*&{hNRTx_in3v4E_MBe$ujjbeBYLnM|yO7`S!u22PvkhW0=mqHK
zHp)`0xi#NlXVKHnvrckZ&IieQfdo+7>d*@$hh7k<B<6?R1;h0fi&J(&?CBxuWPG86
zwzK5w4RHn3y<YtLnhgQ`8)bhMsC!ZFBb+yoPkNuAsxOb!GG99?YaqkuGbzfSF}x!G
zbWqhZOr7kxL(w`OqiTzwHR9d#7-jtE93C4p0D*Us&*K{}40HPvM%w0(+J<aJYxyNr
zkrww*-d2Y;CqWl4rea=uK<hY0*}4Gv9c`L9#QR<$_QU@5T^bJDOTBs)t0V6XRQVV^
z+#-J-_Gy_+!=#OR1K%KKJ?Q@6Mq)O0LX5?Lwo=voMP9q3aU+;zlX*R8_hcHz{@6EJ
zyW{F1t`ks~-XLTFeQ(d}RDFAhIsu+72yBMf-M9t?z2^#=vY9wfv@=BFI_;+xJ%v8Q
zjiC3Se7p{N&sUYlQZn+StdZ?h#dj00QTFb+VexHQ)&eruLGmzlLYD5w@88H{Ne}Y<
zm$7+ye)|p$C+?=+W`UdBcX@2`^+D>qG%ux(qK|T2_3jXLdS*bulL&uY(VA?L?MqfQ
z)v)t4-=ZqEEdjl!o7v4x+mku~`O5b#&KnO7O`sp<qJFq;0|`;}GefDI?@6CIAVVxR
zn2O0Kl%me?WE$=o<aE!OOvBMT_@3v2B)_0O+)CB!1pbeR_AjH(*rI41e-U~VWX<=N
zl&(ZrgRfEb<{`o7TNJJPUM>eH6Ty3_+5vjc%Q#*Rsa;~}*Rna)&$F5L!+DO%&t|GF
z7dU)I;P9v|vi-_cH`h>*wU#!H!_ST4aP#)#bS%z;w#fDhD!y4LYrQ(h>t%@74G?>E
zgxiaxUASb3It!%pi<7n{a6qgL(FQ$0)dpe5lJ*qsB-+Rm@)OKH;yclosrt2H>SX@B
z7c~7zs$M%}-T&eF29>W6lRCka0;xQx%^<OSzMzv>LV;@3yNv)U%F&VxP#gc1m>y6L
zNFW_(vga7}ARSoIy39EIB!qORdo3=5x7SHbd=Efs58MQ1hXlLXK2$66f>g!xp7I<<
z@@ULa?nggwMJtKfhN(A|AC>oOT1(8OJRVwr^5F>-g;vNA3vL6W(FL(FV}f)bp(vfj
z*)-gg^?4&GUu(QV$IpK>|K&x*goV&`T9G<~tt95lf$G2w2vcEyV-BmC7K>(qH@Nj`
zBk(yMA1%+}=Zi=gsMt3mL;uyKpa!z8HE=HaWKfUNh=20P-h#LLxBI_OH~Dwv>HdDY
zz2KeUy#*QiV}3h4=5OjDv84b9nr*;*!=QubBYCM1)QAmEkXfKMJ9z%!K4--Ber9C*
z2hPZL>8fCjd{tvjnOn~G6&4rNLB<-G2kH{!U9hjw9iaLu_*hG~T(`kD6V%{ZVjfnM
zs<nQkjnZBYN_(IY%%-(qKA!<0-wY^d7?QMI*`Tgq`+HD}^9kO->mmnl07j?a09Bct
zwS#wbe+BKFA5h=cTKgB`I?@3r-krwx2!fP`12e&kcy45QgyaJfrQT8-ocMJK&$Aln
zf!I^*?8vo713-VrDem8==f6Vy_nqQ7KfeUhfj*_E^SfCzj5Ly=sQt`TVg|NOVl_D<
zIdI}72^ib~7vI-P((V3y4%=mvhV>Hg;+*lj(n+emNU3uQOli-B-1go{r1tqqq_)K^
zWmgmy7epXqji(gU`ikP~Jrz*k1F32g;)0NTpDr)2gGp=VP6HM3{ehxXArB*t5!V1y
z+M8g?DE>W#P(Zw&d&L7X%L(5wRH_}z;B)|xmdBA6e&J8}xj*q;N}UqVy<63Bylzps
zV|qa|C@gMXo-?DMSywbt0BU*O%!1~)qIHyjig>un$?*W^sTW~l@{}kJCFKj{itQ^T
zWy^x|<er3&kmYqSdCltgSRDJorEEWNdI-lu9SDU`u;kinUjdNWy|V_$Tywt+YW+P0
z*W;Y(2`t|yL2XkZ6g2vY*#z?Pr8WrRvn2qv*tP_HDL<G5#?Kx7R_xoP!}9$SuzVRz
zUQDX~6X-qlc~EdznNsBey~hqv*j5My$dj!la&{d|=}+W<YFibo*=BPU9Fk-WC{+V%
ziCG5lAj(jEz!~xYw6lF%8Dfo_!C2vfSO9&`wZu%EYkrR1*XgHfnV5fle0oR$y#U`?
zA>L_nLF{@;orrJ!UAAAyaRt*th-<{xPWF6~@jluD9hTSKDQQdft2XF;R9(yR?UB0<
zABy<vKw0BK9$rh#dIyAjp!*ve!2}0{f;|umtOfHABh<N{^1j5z?)#nyyh+u>zlZ&G
z0BfW-MNZ)%S?f5$=UkryAy0CwoYYv)kMRAsa>T6zPON^Ps<$F;b2x4dq=Dccu9sb*
zB))<Vao#D!xe0iK6TtgDoO2EGQqG!}-=gZ*DRrU_3T&xo@miFFz?LN&(AG8QfkxoU
z4KK6Yn%UWPL#0~1e$9rL|7hVsy@c`LKT+y@0AY1-ST_p4iuaku`h1R3XOo~gqhFvn
zG)lW|U<6$dJ2FC@jcbWn0q`I`Ym2%<I2WAbimklQpGK&&9AyaLK{vpIP3{>XPqZim
ziK0+_f$m5BbYC_NkA6Sl9Hss2w6iOu0J;<hVYc{i9&{DnNn%}7z$?ulrd&ZxX^YKZ
zvG80_BX-dA98e=!puJ5a{-e&w_O~)4+vOT!P6jAs^^8!CE5RhI=F|i(BWA{`%9>#7
zQls%QPLsyVn9lBxW`H^yNbSmzx<%1sP7w*zXfmfrCa6(yKF*y5YDRMJu@cO;MGoty
z@?6)?b@2Oc8IX~^suIk-Flo*GHc+1;WO?+Sg6p5WC+m8M!g7SC;~vNL2$SbQSgx$9
zWbgrGwo4AE<$v4TGaOJm3U6Kt-i`sPHpxCCcrmUEqyqt{do3zK^*$btJ?@FloFGRZ
z-_MO+an&nN&42>7S2~NBjazLj?*)z(+-x_jeV@vK0$hIwK<_CBzVBACs;Q>Q1|ifb
z_m*U2Hv{xHQK~+VdN0QU&mi>%XW^JOBUuM>bX*6p7?2Kn&pYD$iuJhya2)3Wte(-#
zkS97L1Y~AtpH26l&Z6N7pC@L7cGz_PyJMd}JNg_x6Kb{T{v%m5Jbd?F#&g4WcZ)pL
zss9=pR<B*((BNLTa{V3a)~;OPUVH1>1*_Mtch6ma*KI4^voBtF$tAbXyV&hkSFLmh
z8&}`5di`DQ^|y-t?%-PY>b1A853X%m>Av+QchG(N`gN<D*1K=Nqp|6h;O)0#BaXKE
zcK3>vx2;>*6kNY@#YOJm+7<493*O~!T<Ko7^51U##>y4$)oa~B_f2=Kzhm7>_cvCq
zyM6VoYw_hT-nD+!t!poahKAV}dv8w%6x+r^nw;0wYuB$_ciXy^>sPLGH?0b;y?Ld3
z#me<7o7S&f;a=cgziRdE?ti;=#T~b-bT<Xpx^G>33j^ksTZ1bYEbDJ|-@0}s{xLer
zZTSDXTmL`y{s%m&<GLHiKYMp2tycf`3azvlfiFlx!WLK<FtPw!`$tFu0Rn_A3`SbC
z3tF?<T~;d)HnwR(8WKAxDH4(p5R$kFdFv!JAqh#Gl(wWHt&`FkAqmM2Nk~fjx(#ie
zgw)H<@0q!CckixtwNBsm_kQ2!(e?A}oilUh%$ak}oH=La%5=E8yO&V8G2B2~n>?Nj
z(fU1Zk4vcqd;#}fx0lxY9Uc1|dzB`?BjEA|<@#V}6u-M?x6D^tx62Xe=xp=&Ivhc_
z&)Y4xZ}U2Kdt6ilZm&D&c6i*+yClE6W1q+E-7D?!1*9^D+2Qc8nzAiYcc-t%<CHob
z2V7C<#VO9}=yuihcDVd>s7lG}3rb~MD4l@A-R-K8TuPfHtF^1AJ4glQh|zQm6`5b@
zV5gf2S!Tz<6)O35Kj-QQ0voqAHAw+icaJA19drjfeLX?R6$tnO)F7G<ZDMF`HiyR}
z(<|$)SS0QB1*NVYPtfi6xTFIPPmimcO?{v1&_Q3oDLDdrd%9fSpj2MAt(^B`=25Xo
z!HG_RTC8_37jKll!z=Z8UA=zUWRg<u@U=MtdpmqRRGBjD_jOZyim9gc`wmX6ruAN`
zVo!Gj?hZOS_I10TcX4=+#}Q$V!W}-ROMZL1gWW1RjxLuP?|>r^t)g@SF4qA^AOd%|
zJRUXdaeG}sYF$k4F2Bdo;R2<=CQFwvH4CR}kK5~VM#gb?%Y#yf&wIcX2ufbpUPsV<
zfGdSsDV;}K5ODJuGrJ4A_PPR;V8FG%#~q;5lny@0;|T0!T@|9t))je`%Ze=L2BdJ+
z-Lt#9BjEN&`0sFdY5g8IRTb~TmNjF*>FQlfIddw^;E<!s^GF;0UD6@jfmBh}T~p@d
z9!1seKh!J3OJvwq*X0fdU4bR8F1NyFOnb8<(CrE=+3O0nd8zJ_w0Cs6I`%0T3EBgW
zgKd6VMDq6T4u>}xeYta+*VP+ra~*KWB29{yd>+w3sK1g|kFO`t!MbdaooYGjQZ98m
zx+RAv;Bq*re|32!cbDH62)dk0q%E$+iVN#z9xkd&KgXeZa4sox#_*xocbDJoaRuF7
z(e0v)IU(-W%gdH5Wm<RoTr%A*N3f$)3iNp6Ix%{?d)%I&+Z$a!%uTg%Z0e^K4B1yx
z)+H5F^1c@%FJDj4-xF->ba<T}x;4mjnUW*oPi_YsB|*F2<%&{BVrP*7WMV<zK9_g;
z@i<Dd@e~S4#)}M)$X=+feBG`#r>}!K&p5mdj=;VpZEf8_x|t?gS8Z+Gu3&f25p=b2
zwIss}xSTy5Dy+o(Bp{a<Zz?%89-TM0qGa`L^72S9-wvOrr^~yft&L*0O>L*nINCb3
zo%t{of~wu^ooaT8=SPj0haRq8M@P_eD7sGu9s69}QrVK~ZmH~fr{wo_yXhizcp`gX
z*^;HyNj~qC_PP(ayo;ucqv)l><4fpIB6@Slg*LYFPr>8%kw6(N?&@%OqyvtCo5e-t
zW!>dcz_rH}aCtjiPHDGmk1ybo9NpdSy<WxkQrT(5Nhjgg=XZHO2%T=%{vOJPn&5Q!
zT@JtB?cJMnd<CB^?zW(>O$nk>@zLS%I07=+M0jlRCa1^cuQHY-a_M#j<bX7}pXhdb
z_j=R<NxJ{USOZYL(dTuw9P+zT?EIaMZbvW}s901Z(YJedPtYZ?ASO26OE8bNHvggC
zwjM8wrd@4x+RRn7F<-&)gFSv0VALs*VcC+Uk9AkFkWpSc$?P|Q(_#77ltH12U*zpl
zo<P~wl>7oTg6eX34=G`B&?ohHY3d<WM1t9}=be!}$?I}Cr7pTgf}IX8Tk5PQTilV(
zN!D#d;ZcP;f>M{SJ4oLim!ms4oxP}SDq*{<X=<4X<CO@W!`sp63&gA&B~(a&&)S{t
zZn`$0#B9o%R(zG(mJ{2lTpts30f^ZQX`ZLvJUPBPzKYqb6?|1iOi;-2)$@#BRB?6(
zwogz$>Gtw`g6=ys-r2K<&cW|vIj&5{>-PIy!3f>R<`xULsaMcV?U%Km(C*Uyt>%Ae
zKBno^tkD*04Z8P*dd)&jn&vhdgmU4RTCLy~z9}HV)9v!?S;7S3l&39m%irx%5&)Nz
z8e&}L$nrfU?^V&;<LmJ{C1;P{<L+<-U6O1XtE4^dKzC5`b#(Lu*w&!nM;3)clEo+~
zQ3_2!gPqJ@xEx&yzJvP@$rs=)65DTMvzh4A=%rrR5p>hti7B(Yr>k44sOl~2l@74N
zvOSLFD|SCtDOL48y3(=Iv7&<(S9DbEaaONfB(0GuWMx%KvhphB1g27=I;~{Bp;F>{
zT(l@ozRk+ffNu}wx2Gd0b-B8By8_)(cTY#B<mi@|3iuWr@sh4yDnWP9bBImL)lFqY
z6LhK8(G&Ew$xf%DCD7wq6su3ZZdiV&g#L7O$#Mxg_DcSMYmd8EeTEP<DB3QEE{WTB
z_fXYS9Xq_fV5ch}siR7je&mGG-7P5^PQ)KIv?y<KeoE~n@!0gSdVC%Gw(^aAYtRu0
zwy0LSlE)_Pj<p`&!D+h7^f$<XK%#be?mb?fhD#2Q+tH0!`qOl0@=eZNynL89jIn2l
zE{g?a-3w&%lggZmSxPKVQ_ru?>x>^>&0nHs^mzAqeFwb~bD2``kl%%b?Xs_!+Mdi$
zMe;hzb(`DU77RE#T)WxcrhZ~{Q>Svw{IPRuODNp<_5}UAT^&BJGl3(DoW~}P2b4#x
z+XUp{^-0Q7j)|X?$LZ?saCx0=0av%rbHFvFeJk^6$z~VRo@jWebf2(&i_0Hyb-Spq
zs!PP5BEN*j5!;@SzRl;A-JCBm{bX@ito)hRbR{C-^+|Gg%EjyU9&mWvPHvB7-SOi&
z;>5i*vc6>M(X}8?hpqoQZ!mC3o__qf)9N0tyTj*H!q_KN`xx`rG*}G;6+K0z7=gLe
z=sHvl1G_um>Ik|IxHxQ4f@dy-NL(3I9Y!*FCC<wn9*^%}8)ug3h2<g<rSN%1lpKGK
zB<n%hFjez&d7WxI+sI>~tu$;<*%XiUB5)vTcM0R0j;P%*c=hf>LA8*#vK%UEk}@1M
z!7VO_Q*F}m79_`vQFw!^%NIDLf@M2UrUMJxhguSx+bHL5jzF-jE8-raep_wF2Uu1_
zl_JCPK|6Rn*tR?1a`66psJgm?hdkUNJw^91)e2;=YC*{JkFX01-G@~83|6hsp5UIv
zOCMXTkXPW{u6R3g^)efh`Hf~?9S*P0>+W#y>0`TPLz8-a($r85tJZm2R36d&!rdj?
zQ`C<4#^5XV7Fl0jr%Kus?(jKPy9>{?BkrQbu{Xwlt#=)Yfn$;p8aHrT?3V2q++jrG
zbMDlkBp*F~Cld|ZC%f7DVNq&Cj(i~oT=Kn?yq~apr*8S4ipGsm=SM?I`94ZcIh7W-
zv#e^F6JY+Wdusk5$4kJ$fSYORpxYVjRN^46=W1rJvT6Ap!H!PmN1g0uqRZ`NI_q*g
z$KFc5qHJDmZR~a_!l<$W+S-DyZq<2&;+E)qnV)uaaX-@KaI2iWk_WBc<Mz0opzTg~
zhl&ohD|tQ2x(+(_a{KVQ4z{%+#~|bJ7jhJRTk6?cama`Hdx3I(5w|Zq$=@0PwE(J?
zJi25B^_zY-yMR#iG+!<(eu7R+b*RUZ4!UmL@{)?+#TlkzH}iR6@e@o_5lZqQHB{}f
z1S*1#y=_iqbLf`07ir-_DX!k-buN+)AC?m1uUV4_pUXE|z4!^4t*P~L%7Cc7DfSg~
z?5&Yc+XH(mAFZl-w5B^4NL=sQpRm5m;b;C+-cO__q$)Z+C97Ec1hdp7@;n}vB6zFU
zOu-5I{7Beuhtg~D(r1^j+v+uIBx-4GTkAG&tJ`R+YumWVUdPs3(AAZS2Zobme13+Q
ziiCoegbI?(gLj)UjSZIO=EjZnky!xyT!&KeKv9y8FXvGyD9A`jX(;|eIZ%w=n8((4
zyMk@<p?Nf8NZhWhwj}Kd>f`qb)~=j)s~C!@rycq2k-|~3c7>xP?NjUH7@E=^x6w{%
z=NrY8dhYnA)JH?W#PoO!!s_LNXs65L3c3>LPu;-k<xNlaG5l0qt>bt+x`!vm;&_S~
zO+zsjFF8eq$CC5J2r^&t!F<wjA{PiL_=(`9;77S&m_}eRc+&_>)+1}1sxL*qs+L%}
zrILTNV{Co&^mA%`z~_s*UyrssoK7z6#N)AcF2rQ*TqueA`~6f_5j{{3Jq?~BU%$hx
zFeHB_!=gX=JDF}8p}MG(<nd*X$0^C5G<cnnLoKPiraW=~GU}M6$QBxVe&p&623%b(
z&mqa<^X`q@g?oFtc1O;~6OA?%amu(s$6ocQiQ1FXFP~o?BM-Xp6Ox@ucQ;KarHGRG
z8KD$(?3Ow@9RWv2&=rslcDe#C<r5HZQ2y+o+wbU@a#9#Sep!p9e(Jnp_?s%XZCe^8
zS9gcQ?{Z4Mj-V?T;fr$6;R{f5lE>ws4q4jPvUYLxG<d;)!|jPjOe{w#t!-Nx6UoW%
zak#zla#DTi#0@I3{DPg1pmf0P^EiU8ZnY4njN_G*NG-8_d-=&_V*VW-f2U)&E9mZ!
zd;w~0u7JBE%15Gk?eFo?p320g%u98w?{s%Klstb5p3CdxXXPxPiq~`8Fp>WJRFWxM
z&1mBJb-H?;t`2vX!=o%EnT~Rrw2dF~L?y3KR{YzP`NysFWd0(8CdnC+lJ88BgV*O>
z994tE6C?d(^K!cPx`R|@<x9$AJ52RYu?s3Oy@Q?Zpo^`~$oXXoJUTc#nC5XstbXEW
zpNw9IuZ!7A95KYK%cuv5n3Uw&-{bH|L7!B``Q>g&$r@bVV8HF_mK*^W8<riD$zQ*+
zZ&Eva-k_^Dh)5j2&vobnU`O%!wQtHEG4l>~x>P>+iSnuX+T#l_EU&9KD5>u^WqHJT
z2!4ephw1FlFw%pcZ^$3n0T4B>;Di6yt$79CN!sI*=FfgFYSI5**Svx+XkNjYNdND}
zP&&n+PiS7j$2A{i<)fNEh#TuA4!@vz1)}D%rdRU{4rpTX0o6V6eC0hqa()q)mnOc?
zjNgZ*w8w4xieFLPLdqC1w`R%K!Rm<DWV(D}sy~$NJ9;A>-@eD=JE&?-GLDxyJ8GK>
zNAYwN67lz6(fh(_##e=QN#c&ma^|(3Ek~00L!M`c&*Pzj^?9e4TlwPhxP2xuy=Y9C
zn2r+tC7G8hB%OX<FGl9&=imIL(7U|-EmpJ+d>7xsSMf2lU?Dc45cQf`%_hy`n)RB8
zu|l&%la5l2L6fc_xP`xq%iGl7JFs0}Qr(jByM9-fKX@p5|C$tGN`GoKG@@a96^|6u
zyHz*)xIY2i57<$4Z<?HIVE$^voc}H6?}rsRCtbnH`KxM$CWzhR@5SR8h;NsDFT1d3
zL3MmP4RfNcQ`<kNbmH&x<M~>$WQqJ;Jr6XNE?LUprAr=_>-oXy;>C+&zsIm|vTfT?
zx3OjM))vc_7HY*?Tej3$HY~2&Xb0Foa893vk?)w?>}vqZkJlHFl=FRweLc_i!*0K;
z!@b8X$M*~3&S@j#ZnasOEL$oi<z!ACzf$5yTngw5NS3BX%T`5yJNUbjzn|rA?#A%~
zf4>-a{u>=vo*g5fP!96ERW38w$y~u6y6wiu=0lppngg0Wn(dmcnhlzIjYYFcvqJNT
zW|3yDW;RMRMVgOm<d0UOSH$u?LDVlKId;aczVqkYUgbzNVe%5OXPU*Uo1&gr>7OvE
ziJ|Y^8|;+-wn#>a&C`=c%rWaK!pG9b;xJSZFWV`40s-G%_Tf;#<w)2+ilR#2F+CM_
zzZeYoVir(bjHd9*KPF;-3gL@AZ{Yq^zWZrYu3+T-A>a<G^_S$hA4!h+<^C#rh&jjE
z<LT+{1T=HBt2)zxHvugF&HE&n3B2~3_sL);Q1RRM$s3u#_20fv?qmX<-@Q*R7=UZP
zd!Jl40GC7WlhfJ2a!rWb5`p$7L!_z{IQnFW97zW*J{cl?>A-tWhRFGJz+M|7Z>9q+
zwIOml9SGKj$h~x+uQo)oGl288AtGe}S879Kc?K|68zK!EK#L_rIx~RlmJm6X0aRN<
z<UFmnhR7QkfX)^o?`8ml_7IWu!1A>r(xL}S>qF$29vEy0k;{7Ey~YsHWdfb+Lu7R(
zU~dYM0t0ZVDMT6!K<9=KIcxyT8$-mH1&nP9k@hU$y-gt!%mQ?qL*#lEaA|XhRAdA8
zmJqp>4FsPGk>xqS?WaSeAqQ}_hDdJ?aDID;T+RXXJ3_>m3z&C?NNX-|_1O?PmkX4(
zg~**;;NtEOS)B(Q?FbQn9&pheB3JW(+s}oF(FpYI3y}sR5cGt|5hHNDD@3jvf#tps
zsSp93KSY{EVEO(K8599$AVkdhbbktwzI@<%Z-`(P5Ihtj6|;br=R>4@7I5Xo5P5SJ
z;Cv}W-kSy3Uk;JV0^sP85D69l6(0(b+XX=BheO0@0!ojD$ZGojNQiXO_aBBxp9$#v
zXo!SNz?F}NNJSw~dMrd*3W1}?LgYvxaQj$@yj}=Yd@@7|ih%b9L!{IU*w2K>c{9-Z
znGh+R4P5#{h@77d9Q{s+9DM+2cr!$bi-FsdArhqTUxmn<#ejaneNs9XIJ)#cIXoA5
z?L+s;^|^raQ};>5Jiz?L`=sSTp!AFPN#}#W#S8aIvjph=>OOf*0xpi+Ck+dL-W&Hx
z?*ib?&+n751;EkyVNz8BG}MI2u@a#4NSKV30JlF8CiYU`_9w%nwG?pvQJB113XJ_x
zn7mO6lpYV0TeSXonCQxY;PEgqmjQjp!=$ndc<p$Y)RqBPj)zH08F2l0m~@r_w~vR(
z;WFUZr^4i78Q}cmFwrjrbSJ{3b|GNy3zOc3z@7duIkyn#I~gXI7Xr%%!sOOM;L1Rl
zpd45}7$#CVaAhb=n#+OCQ(@vS2Xw<>a=aYq8xE5T6h0j$*UAC==`guN>raOXDuC;!
z!^B(x6r2f@stTaxOqeuO0Oqq{(pv%8KOH9LDuCBM9VVA50NuGTxmE$Z_t`M<F9KRW
z7beFR0n1+tlQ$Lt1)mR-)eiv`UkH=K4*|!%5GH*O0k548lj{!wx-W*wyAJ^c|0_%i
z9tJA@G)z`M43vI3Os+i)G<+pYvMYg$UkQ`aO5omC!en(Np!;f=T&M*4z7{6gi-FRw
zhe_vRAoz_i>01owE``aJ#lWRYVKTWGSpKard2car{aayDumrgMoiOQL0_grSOfD?}
z?0+35rH=r|eiSC2M}Vt;7bcUB0M2*9WUvZ&?I&T9y%f0g(=e%C3Jm@{OpY!EbiW9b
z*OvlE|2a&KJ_^`1gdAH2yq8BvXc<r-5mK-MxV@5)_f`P!RTEPA7|>Ef$fd`CD{BbZ
zxsv)dLS9`7G&B;@Sq(Uw2zjF#IKPRI)sF-3Z6V~1$AQ<LBE(n&TyH1jdJRypn~>~P
zKtTr~o>jmdCn2w`0$%GR#J(E1_#7d}Rs%=(5ptQrU4*>58nF8asagZP=Od(Z4Pf3+
z$Qx^b(gTFpp8yJa2|4xzaOE?E)LMYS&k=Ii0vvmdkP8;z;-3)mt_A4(JRy=52!4T(
z<yPSK7YR9R1up(6Ay?@8&k1?e23)*M$Q2u4{{bO7J784q$DiK<UGF^2oa_f#of$x=
zIz*K76(f(i%#Vl2YULY6ey47KJVYAU$0)hd8Qoc}^@OnTowwi0rBwwqCZ}=E;~}C`
z-OC$!OxXE&h?rG%$7zflSN9r#BaeqjfvWCOf;zfi9#hp71GvTOdS(8MXN0qw7Q;Jl
z=faXz%s&jc{dkBRR<&<awM!bnUK1itRr@C1PRFd(0LN;g{8AaUXn^B2A#y%eCYudR
zD3+{dr2v4+_oxOit_qPp4a2WJqd%KrKann2Wjt%vTBWd+y=k9I8o<9gL{7)`u}{<I
zT@5g{CPdy<@nt_DJS$_`vg(w=23dQ{>HGzt?}-oz%Hvd>Nk5xrJ)!H<+WQ58b{Ki<
zI-QED$ZVoj0Ioe5BCT@2_A}XMv#ci!eVMj?{mBgbK>A>s+wjiYqhljC<X+FjKy2*O
z0&u7H_Zyq`yDk8w)({!P)PByy-Iy(BYk^DezEAur`PfbfeVV7=d7I)<oGLA#`<M60
z(RiGlGEN26zZP)*%lqVYM0I05k=~bP?bn^uy54zPo+ZOQq6KdM%ll+dHAfrewO=@?
z5gZX*s=wE@K!r6#f(hoeIXW2|FR?ziv_PjdL@p%g)1IVHfeyI+d-S1lY0v=||Mh)&
zove%4e3Rk_ssVU(z<dAtKDjF}y3J<{XEUuQ^nDq&{`8Y+)&bq1);1)Z(g+vcd3*e(
zVhjMyXU|jTVGEJVvG(4VMnyUx3~F}9*iU^7^jxfM(RF)I2l(yLb-R=5KMm-$hlnxW
z-WvOb9flE$tYJ%*HB!v2qRmWa2BmeaT(HV*{Q_+Tn(6%0fQq^hxu}w>tzWS9X;0`j
z8Lq!&edp~FMj=wnt&;oO6i`hP)J`v_0mte><d`heBbqbDvw7ANxqUgd{_K-kwgJOn
zrfo=nD#JRQ-eGv>?TM&hEm;TRD;nb~rgWiedwDugeD{44)Uh$oY0ea!on<|d-zVDo
zjVJSL!-mtDbpyGBIYZf}vb4FHcix_uRO^$<qBkAbSsx-5LY&<n?iU(I>@o6{C%ko}
zE+XT)e!*rKv1HjsTKWa+h~od#f$GK(@oS>K_!iA&)<yh#biFo3h;5Jy0L|%*8Nlsz
zA!64g#kWV<NKnV^wKW5{wLV1J<LNX<FxMsMtumu1Mamb=t?o7@uuUs<6m15@QOF&Y
z@;X&np5NUJ;L?T=xe(9S*2s8`k<ymL^P_aC^?<Y~;@_kE*eE~Gsm5(e$`7@JBQ!T`
z4w2*9=(@Jib?uCd*cR1Pq_jR#+S;$Pj6B<~TQ{<^UuPeo{_DCP@NW%~H`V@^`U&PR
zYy$$F*JzZF76AH8AiE_*D$-e><C-)1XGQA?V_%+aSbsXh+Mjze$2yQbm}MI>oXQkF
zVu&?rOV*|-HB3(JnZWJsAyT1HtrZ(xD~<iehLMJ-)ccLhq_?RY4YzT+r=8CP-h3uD
zrm&w7HYlM)gHl)*4K8TETQsNM5!nlse$7+*ZH@M$dNCV-cXveedqH!i@T|$&pMO%c
z4HyUW>?aEPX0^w-)paq@_E?uI`#%G4Z)b!imob&BjY`%|rTzQRET#U>0O)o_bgk?=
zeVY2%^>fDnyuK?$s?>V0GIvFl@pO^})UGyIN~bCd=xdA6;r^DnTIzH^5FM(Q-YlT$
zSMQU`Cm5Z}g5^x<*%E8Nbn-#li3NT0Z3FWL=W37Sz5PzqZ_*g{0$s=LAp&h&Y|%gs
zeAA$2K-e=jx;`>mZmoKgWUFg*tc8|cW23Fppluo*YoKMDVQkcrg-+^Evw^F-L&UF*
z+rO=J|9(a_McbfuKzDF#v{6;pO857t7`3|5v3iQ}G=tWSjW)5pUxBDz2eW}UT_JKh
z)^7VWQSZd$csU!e?+KAxnCgeNMPro>>R6A?<z6=M?w<eu%*B}l+;yj(%d0s+=X1Z`
zT&PW6$pMV}LZmw3-r!X6-H^mD10EXx<N|t6h`bh0XYEN%ztCp55%o-UYGB=sk@ayK
z_DK!f&~J>e?Vy2TXEm{3EBj@!@8MivbytXlRP(iSz8$JbQrz>oK(;qT?tK7Ux>#;~
zKwRVj7k#O5X<S>G2ORT9Vgt7J>gbxO>q|S4zDbVSZm`uvYiaZPNR6_-Xl;Yx`df6z
zpuaZuThD$W=LCIufOCI{w8r|h`iP6?K{ds_oCoy9;o43JYZKwVn+II|fVgHO5c&YP
zR4#TSP!$Lfdm6*_pUFL&V?B}Gmu2fWoXoTj=m#_Ehtf}_?J}t2dU+F9!)>Rv!#ZK@
z<V54J?zDE-#H5wJeTK;iOIEf9c-;tO9}JN<4e@cOojUThgE<4ameZNTh7G5(hO&jf
zx;egXY}7J2VUN1Ga~g_Hv6c9g2CI~g{pR>yhHd#E*lWjc+9<qpbZq?Q#N_(O(2cbA
zg`4A+iAl@Y=yuwV_GzNk!XF!Mjx&!z`&en8rm<0rn)VJE<L0<!bZla>N!_&7aC6+6
z)x>^*BLLnIfvZPCq<KmlUVk#L-`I3xBpPBi(i#_AdoK0bUC*jEvfuSLMmEvO`qT(E
z*3`;=TiCB{<c5V(WBXBUKG1hGL<)3qd71U3wqMtAV<Z~UHYh$KW-aU*5b8!-)g$gu
z1I;pL?AJXYJT<yyK(LMS`R4<b$3mn%UFE~6`?gU>UUy0}B-ByYEO^I8EjPziX3$I#
zC?@sQH07jSg^dP=7d3z^`{>xFo8uM*tD9=BL4iPHs@hqA{*xhcb(YHZsm0sr0-*M9
zqo!ZSO#8y*#JU)h&-E)<v<pR~7EfsieG`)n9}ss3TOq<TlN0qHut)2}<a$~T8YU;K
zS)16e&?1xB%U*pNptu0IcP>P(808p6bH;qO$a<o%&t&f}I613rP#nl#J2tvEX0xPq
zr}Bo3&odj|so+Fqe_2B*Pyz$_gW{0!R30TOtYwxj?3BCFrfp-Rjj6g(wbF7s)7)02
zNw70&^6zu3%}F_VdUR|XeYdminQh>zcuftd#-rnGQO9-4C>t2B%?c=w_5wGeEE@wi
z-5hVEYn<b3QCipE9IvMpFHn<;P;8)X#ds=j=lD%Ig0QLj+Ha1_xynToP<kOmP8;KM
z{<Sm^r71tn_=nR^rwJFPq$R>jQ!^ErZgwHic{xNv`SEn?r_jALmF_2!(RCIA#<xPG
z^wIcSqK>8!G@lsCJ(Xh}&OV(b+@C^4o2i*fnbLiu5SY~6C&9e<oNX;lDrinYlQo*Z
z3I9Ho-%H8(EhwTt_ldMwO_!3Zqr@p~O4rH=|9C3l?Fk68{HF-G>by@b(T&rp=C@wW
zui%Z_7q!{iVSTe<!jiRi!aA(C(UN5XpgHB`B4By<eR8o#)>*#g%sJugrv+>OY2oCs
zP<P_2(04`{I3)}Y35}-)grPxU?dg7D_@p2lqPvjrN;Jcu-DP~av)pTFP&hR}JDlzp
zWZFVIHSNg>i>hmu;G^W$s<E4BO})CNB~iy6j1P|*PiUZZ8`M?L(wgQNq_0jHQD~h~
zrFCm)9bGE#nt?Yyc0Y0tahv|k1}=W=J~^HdJ*T!s&Z*Z8rVXUGjg6|dj&|Be+Xm7H
z(<rt*){EF;(yA%gw$ZV5w7l+=c1UL#7MR1EXc!x<r?qyv+|vishIFU2!@{%NSxi{6
zo{tvSMvEKAZ%*(`L+;^=wh8OTZ%)`p$M|{Mo!P+7<M&BZzG|PMTf<tqN2vFQ%~K8f
zS5po8oCa9^0MPo``{Y7AO&0vE9n2We3%3koqxGt!V{CLoR5~&H6Yag3O{QsdtdZ6<
zGf4goQps>GEjPzo;y{M8js3Q(%Cc}=?6;o%I@qsWPTfwW4W&QJ+;ju`ZIq)gL)3j+
z$8R#MoeXMD)ZR$jcO+@I-5hV^JjT2?uvYbNU|6@4Epht8mU!Jn-IThuG&XLeKMfO`
zhjn`?O2jkhxMx^5tlK+&b3#7<oC7$&cAs2{jpJLCIKD}B7qt_Bu^71bwfn@MlPH#_
zA{Try$1n$CAYm{D?2dt`Z}k@g`oFkO2G_`YfpBKw*)r>i(!LVgfHe4^wSU3M`SziC
zr{)e9pPnPQrrP2^CEg3J76VP;`{at5(Y>oVGw<wN>xtsNIcxhLI5~U3JXkbTc*<lQ
zE;v0)TRwF|5%y1|+XO(G3tTD;lgT<p_nK%qb4oZnBv|`T3Mc!8x)Xy!-+)j*&?gL@
z5QhF(IQ1!E__%QTj|Abm;q7-~39|Xm1?)S+<YG?3^Lo2_lif9y%XNwNEb7~?&IKyw
zgosgfA38Y~7<7l_+?L-p-kl2^eJ-rrhsNCPG^_5$l)D{jL#6Y8YtMz1d#C6b+vZ4Y
zU$2~@OLPyN2NdiJ$KMI}X*Ndh(R$|rtM`RTHT$3OM9xI&mHQ&f|LJ)^>%K6_R?X?c
zJfLM?IOcx%$~>Sw4sUE8urm(t-FZM~93CD7oT|FzbnAamruP~Wou}+lg@TcNf%({`
z2Z1;Dg~|2!d%t>`3)u#Q?S>m8)=^vJ9_hx2Wz-Ur6|n<4MV6G8a}NS7p0ILu6ul>j
zrgoNop~*1P5CPeF@z{gF8=f#J(8Tdl*RNY2)$>;MSyCyLi3ALGg~>HdjPBUIsp2P!
z0aQystuG=Yb}!zfx;Jl?fH!>+zFGS^ReP@lH2K5ixT?Kg)jlWzZ}`KcQ`Nqfw^N(E
zBmvp`!{m4@pFxGqU2**0kpNF1Ilub(z}-M{ek<k!p6=xQHp~YmyA$(U0HAX|P#Fx9
zTJ}F@lG|zhk@-MNkgt`7X#L=P;MD~97v=*O6VzX&;|KYAvdi_%|IY_>J>eMtZ#^Mw
zP4q1S)BgfsuqUkCS47wDi_x=6I$rex;PinoX{U5IM)_!70NjqNr!wta08}0fD|f%L
z->av7Pf0DP$J=o#V@MykIo?XWoGL8Us1X(SNGVuujz9B3aoJw1Kb5g%{AQzp4rIw{
zq%SrfeF<>*P*}dd-X!x){iRd_Ts;(7(@}Xu@1i!V@5T;O|5pO|pAVBs)wd6}zRVK_
z%gKy>y@ke<RvP|oH(Y<qa%04zoI0>8w_%|zrh0-m&~06?ymfu#20K1#jHPGc;UrcA
zxLyKWdm(o1tM1C5R^NW@ioFVBvM4A8UOODCLrS-@6nOXWf1R$U6uA0gEM01IM@s?Y
zOJSmqx4B(W$x^)6OM!bYMaGZf^+xgN`n+BW+<rMs?g{GrtuOC{(Q-1UKX>h5)<CxP
zROXOj$LWk=y=P*wJ%J)NC8%Q=pM{-|*x0XJ-Xb69HB!13O4mZ^S|%nN>0AExp|cEV
z`cRmZs?XN@v?p}+{X+A|GuPjehfrU5H;y#+3si2el>y5?%zaC9bgjKn1|0ivnAmB3
zy<G37^DhG~emG3B1y#On>zj3=z;aUT&$kZd4H#RZ)05{`H<Y`6ylyCWr(t|^TvPpc
z<4~?*dW{h}7D~r5l#5pCx)uUW9|@CJWA4}b#1r}KtZ*wIPA0f+AlE6wd<fM^D?5uF
z$ZZ&1H$eA5O8d2iz>z=v@26eC|A#RbKN=<tQ@_7ySMQC~msXYoW5>eeXrga*_QYJL
zFnixw4pe_UEPwCuOs=#gSFR711J^&!<EeFWJ>5fIrTDLe$vO5v#*x?8Gjt9B=$d)G
z9JusKM6c0Y)yi_!f%N@`(Yh!Xn^cLHIuT``VvVjJNVksKW0<CE+*koPKM^M8^n~%L
zl{!@`^`c#IhZK<S)tV~+`-w2A)}{C!#YWw-duoI`^}y=cL@_V5`8O&6^FWx`Gvd!D
zt^EZjXITgG2Sw|U@l>95IQMjpwlKjl61(@(EdmP8hDoh3<!+c7*;YgJW+%&X{ViE&
zk??P-iLD*T^^aPwzh$A7O#`{j)IdiqS(``Y?-qlLfZLxAlfhg$rx4CObas*LL`7fu
zuyp#t2F4|i<xZCMFWfs=GEizeHGgP<5TKrB+l>)x1SR*HKs)v?JXtnSI#@Ea;M9Cd
zgi>si4+Csj0z0?1DeVX4dTW+;gGMf{rHKVAZB*0F5-f&@2h5VcH>!FFxbmeisnx{G
zy#C~@{sMOXYde)UWVD^m8P4sBbf271!rlZYxl}!j&Qx@|MqhgfIR51@DNyUjPK7Jf
ztM^_SLtT3a=)Djow_?6qI8o3yEBZmrQ~mi~)mIklRUa1B_vf!Oj9BIUrubnX`>SEn
zsfoW|IUMOg;{yA`K=aqa<cNI#bwoHLoqf=HVqV`|>%aqpvm00v%&%ci6%CnNPtNHt
zwhR{r>Gm#5oVVv55okBsYsh@6h|*c#Uwm@TaG|j6#s~`s>f@1VyV7B}kapQPa%24F
zgpD@Hl~&%@M!`Bdx^=kFHF9IZ#%`0W@(}9`9E}N60~A*R_r4h>mkL#OYNh68jW<*m
zHB<{VRN+%&qZ<=gsA82*B{N+GL1?0;zK3xp)J6=@nkD?h_|2Vk53;GPef{{&2Ks(+
z{HEYA(60P;dTi91wO1~z&8nv;8^>>Ib2SvjI({=qYud+e?&2e4HOd8BRx@qcHhz=Y
zyR;a%_@gj+Jy&&JVLMUUSHg}e)R*X%!3PH<`>DA@^BRVWg&{*Uev2IBzNS%XH$`iO
zUq?^vKx3P}#lYQ(Ffq&L`*(#iOU^E~4ws%Tv7M;wd)PTxK2Xtma#8<7`>8axsnoDp
zRkrp&baK%^#bCL2<VG{au2-beJaWS}HX3O^aH?!*p|F4aX4}xhQ)QdRZ*HS+VY5o~
zP2)GWQmmc4ar5}i1`2nL-?UP=jVfW`sj{B&n;Yr7j#?lafYEFkzxgzMzZ@aCDaz+Y
zm5;G=diCQs>*(9Y-@qi@|CRvv{y9wEl+U`43uhLboo_uM^*v}CC?1?+@1J*a?%JUT
zPR(X+A?5^K(!|vW{`iXcK0@Q^qG9v)iOF5`9hjVW!9WY!vNq9|uy1nW1zOlQIbk0*
zpDtQIF}aDpw@ys%U<kwVb=roB$t|@0IR-XQOj>Dc-NfX2T5DysyCx>t_aBb{cQk}#
z$H%vO5`1yU&nu1rxbg^aSs-MmChp9R9md)Q^n)2|htjtg#_QFmahCBG6&Qb4NNLz<
z+?xc0wl~Lpk458_<|?31OXTlrY}^+zS7f8kYRlm4fd}fS6SST-4HpVq6?eZ?wUFwf
z?(DQFvLV=Mt#xeFqHb+8M4Gd<M9P+|CRN!QDO<Bx9QR%o(4J1nF>S(cxL#HVMPoEC
zUJ6{!B;>t}c>ivrJlLs2T}vlsqZ1P%S%b<4%C4GX)4prt8)AL9j3hMEU7He9w;nQ#
zjjombbXHGf;ZTfcZ;UjmF?SfoM(Y`-dPjds)xVh<(4)YZk&t3-qVM$8-<9rGm77)N
zLoqQV%YPpQ&dnmk9#6B5=Bt}-j6`$ib|ol?#HZ{^W#on{f?}neo-y2ro^Wl7d`M*F
zpA&62+!(3PvfUVA<6nOia268M@ZUH7jt@FMm1)Z|plUWD=YKDmZi<wxaWcIO;QTV+
z)nY=b45~HWmvtiBdNQ-$urnqF+7<)7Fqko*_l%A1kEs>b#ekj|s38Wj$3UHwT<h4V
z;Gk}xX>?3rcQw|rQM-XQS+jQ0mxXRk4U{(v1=(4qXE|`Mj3}{VvcD^6QRiJdY5Ye!
zmlNeXvFLXm)*+#;FXM#XGN>KU(TvtUHfnw6?QuCeuOAz=Uw_M{z`4z|%aA~OH}XpP
zj8(S+I9E={^#tECvp>QaiGB>PFm@Wi>J`B1MTA_OqURyqDQ!Kq8#}waef3)#&)0T>
z7cW}ey?C*rZE<&Z30mAWKq(YjT!K^FDeh8Sg1dVtF2VKX^L_q@_lI0NJCog+xzCw%
z_L?~&VR={=?a2AY5t)VKc=78yqW5~O#Vcuv{EJBoSaFql*Rs=p&hXZS77Jp2c{C1p
z_Izds4-rb(GtfxWoM0}jRSB2WW1)o}ePcN2#!-GEBj4xFaeqTIZ+;rXuhcAFBZY%!
z3thW^ch-;hxfJgwMZ|-_@4OgbN?C+!GFj5g+P{?br|#&ud!!&jQ;Ikb?<;QV2etS!
zC+!Bwfij(CB6tv6a9#}Ft|8-zlLzFdz6EEsdCo06uFU?uiCh4HrlpQWh)XF*p!6ab
zi>da$wh?o`aphfg^nA(Z2Z)B^Qs+rO+DK0L<)PD0-TwI@t6<<Sa#Nb+CibWoqqQA*
zQwIi`Q@aIYsO3~|$KKD6je(o7G#7hBdY(NI4E8!4Yb|0I*TPNA0Chg+OP9}MoRKeq
z0YR5Nm9qQ$vT|n`&_e-z6)P+&0c;rN&XTe<HrY4nKwqK#n3v)c<bs0e>qC&yf{wp(
z^Iyt!v+dp;<$I#*;&|yO(nE%&mCA{F)%ev!Z{fp<{2X*nH3Iu@t3|X&o`dU%!+ti8
zxB6;%u^^LW?t3EnoZ#!@%nX~I^=s~<&)0+@MsoZ|=p<%r3UiEy{nG5`Uqt#CK7Ro>
zF>aROCkQWuhv6rX{WEy>tX5lFoL!jYg?f`3FfoSJ*O}(!xwFouGcgKGdtn6Cj`Mo5
zRfID!CTOe(a4*WPSL9jXCwOcN%$JfK?)<1M$V_Z0((=f&c<avAlMQi*l$0n9o}2FP
z{~^aHsDMyi4WFwf-Ej8nEt0X=r+AC6)fQ!B)pfDnSrPw|b>sM$8swKh@X>=@dB9#5
z*>IWSoNiKVnHItxw?<|@Al!o9wDKwOv?DJd`!&nUkB7ze&PoIkW!e`bRB;?XH$v58
z+FrWe$wi^#3}IT24CTLeIRTtBPW|Hrd?6%HrM&VFdVHB|0MAO46L&mUC+*xeOW|J_
z4*%_kEtk~&z6`L)(-w+Vxd@23f9UI(JTp!*5-<Isxm;5hRJ6IiSSmaZ&-3-jJd2U9
z^7Zhz6l-$FqNZTvUXPg1oH*9>Z0kn~@~cf73&L{V<Dwau-oB>44kLasEH=><rj>lT
zmA`fAG$o0<a(+G1dNTVQa(+*skN@~qZ)W0PJE1q#8kXt<%KHCyc|py#Ur$_@xix6X
z?q7S%Ci*Tw%zdUn9{sqCpnR9vW7aD5tYZygJI+`m$3DD!06z1>ueX}6O~QY~bevuU
zPkRTr{eD#5JF|Lzsp4|JMcPxjGx^N?!hs;uLqV&7CusQhJSj*)JhU^4;PGqq)c|q-
z#o~R$<JeC!PDRV-C-Q7(-MDQd>~)T$&2<-Vb+~xmUgU!<Z$Ea<un;`UXS~gN?Zv4*
zDf~<(IN>X?R{Cy06MyCNh1ZMqW9hjuI#MeK|H&=e-P4*$AlH2(rF=|q6^H!G)8lhc
zzkKPF!AtFfB2PQHee$leazq7Z!1l}3_jg6a4}_FB&wZ$efkh%uFE+PPw$<@19{VrR
z#&*rdKV5u<o{wLg{_ToZreLf;fPM9Dg9?eaRm-U}UV40m`k!X~%t+??>TfQtF>df1
z*O!>*|M8=9p9enjHoe#8XeY1KXXz}vYfbJXyKVKcGWXHu+<dxgHJ9`4J|EK>IfXw4
z1b1?t-&j3&46o1M`u*&5I={(0xWus>*SK|<V<_*u5!|B-Yrhm5KKJ}*eo@9u$HPRN
zeBo2r)jE8BBAOR9#I$`rrZeo_zHHUjM(=H*WoS&!Dez|Pt=P$`cE?)6h7s)Yq~Z0^
zzbua~ZQJDI8Azu@jZxK^Ef9Zh%2T`nUa_*MA>QrtXz}i2hCY8z=QdU`6Ye+0!r3y`
z=t7Nd!d!(pUWRe&)6?60&c4K1@#i3hzlT~o83?DO*-m_oWf}C|p)1(>8qmhHZKLJF
zC?TeZfoZok)@U6FlFF7hv0xU<n>8b`b$gbhQ|udsl*U2tV0toRUaA{A^oQ1wD;KuD
z*A&Qs$I6jc!i5VMjiHb9-lHogeqQ_LV}6DIem#U%6KvlnUByL;b95@OoN;i%9=f$j
z#*-w+wES1#EdNLdp9*!U2AUsHG$yz2-zjc-ow^7MCWjdFX3I!LdbsQ9b+W+J{@(Ex
z<#=UH!;5tHyo7@0)fa3Di{@j^GX<OjG>f`;-FydLrx5wt-o-24e;l^l?ii_e{uFw6
ztX}#QS`~vHZ7tjI;@W1xa#WBIvz(5A<4^faf2flh9(OpJ5z^@=GA1;z|3+>uJ!^n7
zl;y1JJlaj<D_$FXh3Y56@1oc;<G;r-+qUtWEG|aq&vrVBF+~$)T3dYtm!#VNmF-ox
zCI~Lm{#S3Wy|qkmssFz+*|w)|#;KE)+*xT;Q03Oc?knE%Z2>G&D>FmKyW}xFJn?-A
z{)R#Ex18pvBh6y!w`>gS?-aRDT%xTNx!1Q>POrrhygSgd;<Nv0l#h5a1TFE28uQK@
zxS@+z?&!Tv`UX-{Rd^P(CuD3L`BV{km?sn#)G@rb++lz3Qgz{S#j@qe&`G997+%n&
z@wm?*7GuHkZ(k_rMlfi9XbY{QlR}{Yr?SzrgM*j>uH#Q}Rk)!t<o5a$A_HfoY_$s2
zrmy{Kk~bxKP<zIIJt%FtR?2gmIEz@si%9(Cz3^`23(H(nd(?j=)v1|SOeV|Dz?I9+
z;{LAdx9$4EiS*|051rN;y>AU)X>15%SPmi#$p0h0+Xiz)_v<LVJ*U63>lJ6)6Jfc)
z+07{A3u`Ced#>USTc2<fZb~qx-0*Hx-(cC(n`MEyL@g^E*0Ma}ri@e@O+VD@_bF#*
z8IO4-K8Xy86>sd{iS(;O8xtPtVFcH%F>o(-<aUGMW)pPZICvMqv+<TMyiqy(g>^6d
zMtzrxyvl6g^3YHyysgo~_a!&Og#RdGEz4eLZMCRS9JRUUxYT#x5`M<ESIKfz7joFh
zA0~FWQdz2gOG7sx+!){+0N!3*<POLv-t#g3f-WAIaf)%{sqDmw<=^3@v7zPcJD(*l
zf@4LI+Pu2HwYO)VaJwoj-;v#2b#>vwdFB?|EZ6^a&-<Bv&k%hL*%5V=y?Px>DHU~I
z#^V)Z^{uhF{o@(vE7L=&Tmwzwx}Ql2#5+Vuf<#o*F8&e(%8s8$(+d$t^llq=dNqqh
zChP*qtAxVD9wW0AKdCf_7t2-$k|nxj6FitAo5-lMc8=T$Hw4`K!`@NNHwD~3$&T-n
zB=qW_uZcS9cr_};c>OxXfNA>BHFj203|%mb#SnPMiDYdXDSfKqN6z|unjBxnSUrtK
znX+C$aP1$xZ6xcOMe)06#jW5hX!vO{j9|OLRah_^;WXOyG`>6Q)Kw$^z0)OSoLKG#
z{<75W(Tc;p$B^QOzukE8Ahw5tx1Q1fzh26w{hcA4^l)aC_U-AZ?J0uW#gEe|NC^*b
zYF^;{VdX^;x~>(N?RW0=<4)m<89q?ZdpUl7eQiST*x9vw`ux%5!D?+SBfq^tt+M&b
zN!EMKTWRyuGycJ$;AtJNab4@SGrj3aA93$xwRbyo0C8#@|3=`#^JN^bQDHbhWWI_c
zHSo*y;Z66$i`0{^;0sHKLh)+(4#_lU6N;6XrLXVkE2hZCYy$>aA)TIKYeCaDgqay@
z6;9^*?JNBDg|iCBD4U)6Dcn^Yuz;w}Q*VzK_S-9dgI}6zoi59?wzjkJGAZwqC@Xy3
zZD*&fwAA~EQZ($Gk$if#3KWPpe?^qd3`FcQXRqyYoQx$}SaLe;ok?MLQtkz!HuJ4+
zQzTVgdY<f!Bs}aD<~(8_n6G;5;$J+hI#Hjya0RiFydcv5f}g4+5WD{UGQCM<qqKKB
zKoxhsF3Lj@_?$xcNJnh>Xs|oIsq(1#*NJNS;xK;yjFV${<F=m7>J#}m1p7t4A|&Ye
z4T(52eZTmpsirrF?VN-Ni=6wxog9UMLJcxQdsL{GK_;4rri-)y{(ycToIeMrX~1?V
zi#6FpcM_8e0ROM&F8r>VuXXZ+gB68Z`|T>K%*XcZV3icuHA?jnATOce+ted2#SR}^
z?A?KbcHqz(%RqB%_J=EmM*U!D6|YU!^Rj7Zn<DBRf7xat5%&hC%}sVa!uLwOJ=?`X
zR7{-@1SLD+yWq`-G@K!g+l+8eE*tO@gCM4*)+omm!2UBQz+$m;GUyASmue1iv2#?g
zYilDkNy3vEPD_~j&lq62ZVgt;FhaBpCov@os>dH>#EeCMws@oDz=v7NENF~wX>VCv
zx}i)G%RZ>;@wYumqCxw+9mXYtgl8HiAHgjZQq8ngadVD0Vr(YOmkQ)gU-ZGT8G`3<
zKppYp8Fg%C0n2SBz@5m!k92TslI!^iS(q4cF&7gVV`&b!So=XJJD*18Q#Rrt$JCB+
zF#~a%9ZJn;TAMO}iWTzes-IOci4VMW{@YmzsM)i-xTx!@4#AeU`ptMsP!A1RpZf6p
zRtdJZ|B(|-qgej?7-7CG_^5!#y@NXabIkBWSco2hej&FigE8w_gv2#^>i7sU&K_`)
zjn6lMs41k&q4eA43Lh~M5Oy^FZ@;c@ePVc==dHy1yraNqISJ0dRV2%x;5Z)htY<$2
zt&g*Cb30LYYz4a=4Xr|FZG*y@vClvLkPepcX!sdRA1ZXT;tcBPEADEV&mszqL>51#
z7_y_fYLES1mH&oKebZArU|VEuQ}oD6eWQU~=P<p`k*I+<6TpVA>$VE~2QR%cnL^kS
zMg_N}DK0Jr+5j)Kxh2AV?qh6%PdK@;F8~&v=Y;Hkz9$R!dEEO_PzTnK;?5J3XDhW<
z`H|qJU##VNGCj9o;tFu($gd=0MUc6%@Xl`iA;T3QiBgiNSg3i2o32!3jfk~1N(^+V
zos32O5Vf8Ra8V!{B{7gHBE)S3RShC8spVE7{S<=RPPKkd>YKeMW)>b*LEIu0BeN%>
z7K^*`X~;}`e8BF47(A*ig(nw04qS>`226n;lkS|V#R9M-0_$%Pd9`+M4uT&CqzYxv
zRdHfFBY&r=U5pk1ER4_53ZzE}YilkGY{3v1638m*=hFA~N@~!q<x8KTMCb2xgyu!@
zG>mrwf&mneq=5;jxdA8F$l$vqRrPyX(+@;C1wd?lj{OzDJNRhw2UDeW{Vry~E60y>
z-CE#31F{9^uaP>bk1}V|dO#0Mi(nUR7o1}_9BYQnVKV!7z(*yCzjJjsyAxuZO~E0_
z<tdR18IjhA{UKYNg}}ciqDo#$8rdD6#)VVweTo)^0n>70_j_=_G{E8$o(CBVR}2Cn
z?JBQgPd~el<_iN3uy9&h@5Lky6*3mlAyWDh)(74%zfFBD3B@25s-$-#YrdrV0jI59
z2QG@A8`%*RgVc+8fyY~%#DK!_bSy@@h$1q;G;!ol#xBlhX9m;z>6K+4iK^QM46b&L
z=pBGeuTwi3q@%Z(0>A16RncVZbR01{ismg>0K?0uh^gvhFd0`sea-|@2EO<wgATE%
z$}0Gl>&IiK8e0?G@z?QtU6lMb#v^M1yygWc{%uTz#RuN!?E66HtmU75aUH;aY`=xQ
z<f>K9gJ7|hE8TV3^EfNLkt|q*%GI8#LflJno?R>%l-SvYv_hyOiVO+NFfl_onLQds
zR-A`?|6Oudv<H}8->b;IpPM;?BNhe?I&mRLD~&QyA}TuVHogPa78ceKa~Y+0<d?8O
zuprW|%fBST3Ssav;PkIHAf0MK$ztkjwVQ}^j=l!`T_5>KfqkX6Mr}DZ*RNVVej7VV
zV?>B!&15<spM3+c@C{16ogKobt`9>wo=T&gVmOdBkZMsOOr;huEsS|#Z+F2DEX?L2
z+n=3z+%)gHto1)wing&6n?-;));3tArK!GREcMs(tzhM+ALl+@HfhVbsB;q+yWQ>g
zKNKBH!u*tK3b5yR!Pp?8m#1?y>L0bkv=U*uoOu+cSqD^<mH;gBlqeY;De!B)HxJ2)
z(!L-cZiI587iwXInMkMdp8(HuWCJ7{TqaK`Fk|(>BHG0Jsk3B6_FM)!gu2Lw_is&$
zyziaA9eTPHupzid!g=VxCeSl!u<?1GFkRQ%^B_J+u!VUOF9JDnwmvZsrLS|y9I$#g
z{^Rs0%GueNJbACjQ}sNG6lH?_9#5VNhl_~liEh<Q#51RbS>+`oxGaAV(m?yGbjOlI
zm7d7o1KXqI;YdR5`SGDoQ#^YGjbL;*;mYk!DyJBHcaH9&#HVV>Gx4=XUBnZ>%xc+X
zets61Qyc+QkhCCH{UCfQ{Z=&$&#p+??Jp2<Vw&hkx~RWR>V>5R>j}=$)mE|L=Efr4
zS%Cyq;g;Z>`-%Wn8Goj|n%L?jK!913V1U#b5xE+9b96<1qe5FrsDFqb0-zL_%!IYt
z2p}eFgFytSBZ_9EH6;>s+-jJg2#O3f-qwMsE8MS-BY=XQ3xsC8J>R23A4n#sVdJP!
zpwF)#h%o?|qtA~YFDuv(oIy54L#Y8FW=^j2^ar3@Ra-~zBOmy#FSlyE;Jb6;wU3Yr
z|2Gd{*CXoBObc^;Cevr<EC;ktOMA?4pHOpRWU(=@+tvtn*P~sb1DY2p0M4YFjj@&O
z1BCC@vO~$f>jU7#3m{KD|I`NmxT|K?$_!M<OX5{CV@DqFRXLj~`Zoc%f>MEvy~ZE2
zt9Be`5WM)CGP#11l1?LW)S68Q;87*K{<pSWkH11rp;nIN@$#4H{VC`WvWGs;F8?2&
zX4BGi*Z^=G^sjEIWN<ZT=g>%o0tK;rKM!F0D1>*hE12I)Aj=`kC|2%n;ZLhI4k&#=
z<j>#62O%g&V&*YQ%t+Lt6f~Q(@8_>B2VO+zmW)!@5o(i_e-ko9G~A#+lz@56oTm9!
z@*|gDWfOlmX;0E#@FM)3Dtn*-A~Y}-Sid!o)#dQRWdiKu+X7Bj!-nnafp3y%O|Sir
zt!r(uR+qCsU>K#&z^fUUyxn#gZdN%Y&W4V1Eh~s{AD4`TB!(J|QNFQ-6}=mE6Y7$e
ze`XW<fR>M4w=>-e+<XXIH$w~hP5qM@jof~kT;leyJDaCGNb}D>grDXvny6Unfw3u>
z3Tkk-;3Q2ExEmeX$ULBXw!070j6^EO-yjd|GzHj=qeMpXS%HJ9oR{Yv#&`Lw6$G@P
zbTUibaklM@h`(D%FJ`FJkIXmIm{%$UGp7t&YfW!)pE*vQ-W~8EUwJydPp%}zt=wI;
z((P3HV^d6R!5ziQEePB^g`>lnwOuF&^xyt9*R+~pvj=XrOm?dt!ojQV8auz3q$J*P
zpP2trUivo@_2*)a4(!}>iD3U2D#B6zJV;GU@`D!#vAg((U330NeBA!mxH`W6N@j<n
z5Xy{OH({WeNDO-A&awh<v+#$$`p_|}1cYnViazj*+^Ze%2kI?~@D`xi6g{b)vE`1T
z7KsJ@*yr2$Fj4SXgQ8a$CGJ|>NKpylW3QxA<xV;VU^5vy5cAro(d=JAh#Lqxu<B{c
z$NWN<*)}KGXZ#A<xKg%7v5BT?C)p<}>Djkym}t#usQ>g2Z^e!;!avg(S)fk4CmL<?
z(cE}ROZc|O!y4C}5jYjZy#S=;cKCqJwj2sR1croB@P2ihe;l?oQFClcB)UeqyTll7
z`ac4yMO273>DTfvd1yy#l%YT41&+b{E(uX)NBDP`Vnlz<3#8uej!ql6g1^M~*D>;P
zVc@RktEJ7}5)uhK9UFF8T7Zoo$qO7_zcmddzjS{@fk?@)nCg!J<Q~Pagbwxo7|}e>
zVL(VP#D>UM#Mn&jEG6o1736&>5bgRnr<%Ol$<-r?>APln_0#&Q09;>9^9}k!0H#ZW
zU{7ut3<y7Wj>gdnCM1nygZL#O_bcdCg$}xQ)rF}E(>{}6MK|)u_$ofC3z^!Pu@Cgk
z-vA1WbhAI5+b2#IkvJ<qHlT9V^K7)qP8&>nq8Q>He<1YvK6)81Xp9B%{F6MgCBVF&
ziP^;3@p;iF893itN8VKz1+>^=vWcGT2OH$>ASq&_th`+>x*K;ySs^6bLo9r~FRQKu
zC@SlTr=<z(0SZMOuzi(Ac@t-q^}f8Wc^k>oWUc&9Kb$a3eU%?%XwNKbhZ1a=0lhd{
zfWk`h11}o>QzS*>%HzE<Kmup>N5j0PHB`tWCRdb&bXT2;vU*<z1DM4$*Rk<)d7hlS
zfPD!bRnBW7G1({UdR@g53e$Z1zU)H8!qA`ki1M&$_gtNasrM~TsafOYMgC8BC|#Eb
zdn2WYis3>g>r2QG;|wX$rnd|aL<of`bz#U7Kaxo&-?|w9>+N)af8r}YwcM1oy+P(y
zQ5jK@FT}BWW}sltW-OorsekkSSx6>h6&HDk0i2e3XG-vr%-9(OX{`q{4At5$U8x;U
zB5cUz?OUY2D6{Bg0Tih?Ws4Nl9xa(nef!$fEq~nJPyrRI?1G>R4+_@`#4950!AXaU
zr=7Ly#O{}kAAUVQtD*`r9(5gb@*&_r&6M|sB7fE?cK&cWBiR?B2`3pGWL_Nj9NV@k
z@qJAq)b$NRj2MFDj&1e_AVWh>SBB`FHmPuV?r!^C%;W`+{t3ZIUDrWbYp{@*4_9V`
zID0$pf^j^C%{b9in<5jm=h}o5P`93Jc1-RN^kggXu*XyG16WQOL#_+z+gx1eaAC`7
zA2#DXvrKBBadV@|{(c?fV;9><`szt;Hk-}{{A!XVQnXD7z8?KKuQYQB6GyQLN>q5z
zQ5BbN&laVac-B>D4ygI`pbfKTKHp<LKdjB-$nV8UyhWokW_aG}0edDQTg+}zsrp)!
z7Z5QJ&m%6SFGYXe@M*s;vVGA-Yuh-Z47s*;=<(n`L8=oUFS;5tss$b&`=_x83ftTf
z-@T{}Vpfbx2E|mb_b|3x)`<^g800&9l-=_FEL$`JU#F0muv#i?H4@y*9G{{GTOY7X
ze2<P)G$@c;*G7^>9d+OT<qP<gn2v!qRn>_2vE2CfovMSWJe$uD7J&#fu??z*l-Q;U
zB+!iP%(=s>xV2Q<xple96YW}gL|w7%I`~1&<&|t0Xv51@CEI`?my#@}!CJ_cY3|BE
zBw=mZoJ<n6UvqDj=qUFb3g%FFn58wnn&8>^i{RK{YnvJa5vusWSMfnKYHrlrm?;(%
zKhCOpVZ#}#U5qvT<1s*px<F0=!cqmyzuc+-b)DA}7fZ?MrDkg|D=e<$K9`fmUNlLu
zHy}*CPnL)DxnWE25KeN$-<CN@ux4FJ)jFt^K^@G}N{k2*rwqTAk?00M0Xuuc>SIU9
z7uG{>HEhIVoy>m^Cd}@Wq_SDN@lRc4{Q7N9Et)`a`mQexS)zr;L@Ysf0zKb)cSPuv
z%?*5c<bS6aqKU9CbkvrI&fu4VxZk{#4GHEu5m_>}eT?9VZqj9oL1d%m7<#yM_&65M
zd?s6&k+LI>8lffRKu(_QhPKrC4G%xX?rZI0qDNQ404xPW83<0uGU+cmn@{R`46`kR
ze0g-WN8*ZdmIlbxIYs~ox7xMd=E#fa69P;7o?6gU*~F&FfTX=u(_*_KyH9)6T%93B
zZLJ63yD0DBLtR8@P()GN$UGvP3dX{jwEQT~*l1jRZ)N&?Vc7C6I_LGo3<%e;6&Frl
z8VNaqHYVzE3~tu8dE)BErZbISoFjLIw2Am6Q)MH*=ep>5P0fZ7_e(7}UVI(t{op*M
zA3(RF9)MwKkzMrCi0Vy{%+JJsX>x<Bs^0tg8qb7IRWM3ui?5R%2n{ota!N&vaJMB0
zOwG3J)OkY?SODh#*Jtt-6`hl-E5hf#pzbgZH8`@nibQ3y^7I2RjMzu#i81Hw@FK3G
zsS}m?5e4ybs~s=rEFIa6Bs2cB5EzzHSK$VpT`vR5yWM_Z<Oz=NK?S-wt|bZ8!JJ@c
z5m(BV<|dgvblO5~{x!porXWvl>NOK&NP%7*rpq@JJosp$oG7e1Z#O=CKcCo!rG#(f
z8W9Blysf>&`|3%l;5NLl*|7cwl2V;O+g^MHgzZW#H7B0)rJJCnMNx83@pE%hFzf4I
z>Y*ObTqCJo7H8B&&9h5P@>DL<GO5;O9A0~{sn&&5Gye!h1?LVd+-V|{6&I)d(q~vJ
zLynw-emu<~awq{tW(_8)Jk~S-rBp~ejsQnnopKUt?85P-_(3%o%r!g$a=hLjt9<T#
z`rM}rG>m>1?DFMfbEWB!&O@zk2*J(DM0vM^99@Pcie$xIif+O2=5M(K>}-8TgGAoQ
z!mj#NCbJaZE8+M@X4)H_AVA4#Y<sKLaWC)8)&>D|%Wly0pEZYBMeCBbmDm6nh@E}h
zBHR<cptdLyz*tsYy$+1LD>LeP-@YFt4oI}D0D`PwziQ{Qp}W#9PL7H@eTsosT;Q5t
zApKh3G8|_6xDoL(q~V5<T@z2B)%fskl3OrOxM5%(A@eeOiukMe@EF|f-@SdA^q|<#
zA{=>Xyje-ki1q#Q8Lt~l&Jp2_oa|>O;OBp`s93SFl)fp-5;Hl>x}T(^q>x{Kk%VL+
zgnvT_FZKT96yK&4{d)+i^#i#%#@+<rj6=u9o;|%lp4Tf0M)~8a<CLheVhW;rR>1vQ
zc2W9H3DIn3gej+Joyl>6%Ts#56J2KOP%r8wDgxd1PL-n<Jz~3WBEni1Wbh{5wqOhi
zVf%gduq+S(zdU<LeIOYj_(#8T>2%-+ToUGAmkq$&YX>BRguHzcH8o0VRmL}I@^&;H
zZuZowjv0z5(n>~y7=bxF{t{$eoj+^jg0xNaPgN$Q*E&T2?_|H~q9K9az4;1O<NP^2
z3;V`dWLGv_oW>nnN;qVfq7*;t+K(8_(9c||o$<Sj9Vh6EHks5cws(oX9D`Q63Ff=!
za}w}$CuGhh=v=Vt_|y>1JJ#0&1$V*bLj%ya!U($;)iDwij;MA@j}UB-Ur$qdOiukr
zZ_#W9>?pB;Z51xN+C+}#z%52E@>SbT1m~N{R#BiI+ISXHHyk9~4G#@JYjeWQ@<{=5
z<VWkhLAri-9%!1#D_6EawI;#3R+1!Md__Ze{1J$qZybk&Wc)$Cq<bE@rJHRtMgw^=
zlr^!T5Zyw15dBS<#0I;Cs8-W&Rh?Tde+Tr9Y+X4*WzXN}q55wJ2bjk%*FXG_=-^I7
zIUds_twT7-d6{(XI&?}!|8}d=1Xg{~Dgf_yb^_4gOce<Fw@e<u?x!0L1lmUoYe3wy
z6dRcNB_5r6DM*eKcl*Vhdjl?xkJXzypn=4#`EL9!__K9R0h(SK!Y$DX0@9Y0eGNm-
z1eq)zjey!GaeOrTC?rneIzk#@k56eF5tx>du@;)tSk3KP8*J?;XqIflQQfx^S!m}C
zyZ3kRrT6`FRBv}?9zHT629ME(!T94zk2yZOmc+Z4XMKJiM9;n~UyF3b`xZ!R>2L5|
z71~n3o5b~P>Q>^Xv*<F>KhZ;d>Ir#>h6Z@e12I^F%<MI|eg_Oh9m}Ce8bXLsI7d72
z2{LoMHeZQ?VDwGS=r|y8X`fE<K=o8`ieD9iM8IHH&^0K5@zypU59vTPKY~se91~(^
z`sWN+yUJ-AftpKEGEVq50Fe&dg(l@871PN1TaXU3+fQ%AO39eB+g=^`l05?nTHvWE
z36ZnZC{n5^v9=p5Bvl_Q6xkjsTvKLBA1<R!Z<(Y|_sti@jiek&0S0SzM<^x{xm2L(
zWe*d%WHv+$c2(r|C1}RBCTD0`;sz_v)|TQn8L1JJb}s|Mp1ZJUcbM>!>D&_rsS!HZ
zEit_!(CoSnm+KMGRtgGZh=|cM!^XPWY4fE>b0Qn{+?1sM7=1%3mQWu1vUG8Q5EB`j
z?*5mfEGHqOfvMb92i9Pq7B{?d&FmI+Gn+thtigU4AY8m!M3_{lc&=v^nQGaIDmjSS
zQk@b)>K8_qFoDBL7$@IH6DM!hFT=V<KvOZL*SGwMH5#czkTicwbn@DzB=-a71hZk;
z)Z(`)V%Vc*&P~r@aMx=0ib}7}JTUkn%!fbe*MphaR2M6LpfcnGq@Ake4H`KSBbMoD
z(mZ1Dt3^14<WMeygpuj52ocB_qklm}ncOVn<L@(7@%Q-83q1N(-Px>m^uC7GNND~X
zuLM{Gi+t^FrPzE?Kz$S^nEn$)Db46Vqrm7N7Mh$xDdZ!u;S=uip5h<(xI*<p+zcxq
zamG9NqDvV2v>ZSud|)HDRBq<K{(DY2Y}(A*6EwjkpTY5kc0@x^G?Mfi<xO<K!imi%
zI%8McApJ2DH%T#Ez(=Jj<B%@1aQ%rSmiEm*+Lx5m%!J<4X74e;j5qi)gCzik0N9^_
zMtp2P|A+3s=j>u<6?syJnAa7j<Ry~29ao{bZJErR7#Z3G1s5|npMy5+Wd?Ce^<~(O
zRHD)B$V<a`v2ESXXS!d6^vkE%Gu-kk?d&#Hr1aP`bO`Ftz;>JEbl<*@dm%Ott-t<%
z%x*IX+cy53`3f~!*f87rk59lpS2iY~-NXTa&?yMjWF?Vh;DWNreKPZ>?so38<SAs%
zV|Ytc_)ba>VooRp=|<pr$3Rj^Ys9x`V}T(ZDCMK(I*rM*!9{oBg2!juVnCWT&frf1
z(I@%J%+*)cm1yp56L9{(IAK{pa&V(#@{fQTS5@;j&u`D~t24Ej{8wZ{=ECn#J{_L>
zGdBlMZv9eZn}6b%9(JbNN$~G{b}RHp{Gj}-kP+WH1%`G7{T$3X2COgnQlHhE=^1aK
zQ9H}4DVs2{KKxbPk9T7JbSL-ehh&VAt;B|P&#fqaQ#qHu->M$nqq}fd=ZWh@i?GO!
zM-K;075v*|_qi%EJNay;?Iv@YG=@x$06V$c_sMRxxh$e+W2wZSi8JavTfEF9&3p;*
zaTdocBzne@LugCtJT<@5;^S0bE7_JccrH}L<)xn$h9WxSuM3~0;K72I-eKDNp2`-^
z!Z|y;S|8Aw#|A^L$(e*dYB?SykXQt394lxw3JWzapH}5U|Jpt-D(mZ3@LHPr@hA9N
zFCQk<rz+|s&NtfO;X+D^W#w^7Gb@*u5!<UWu#iAPqqMYvSr|yLk94GRUw(`KS=hf<
zv^PF*C^2uEX){!NHPWrQNs5fTT$MX7_@s88zhzf6lHJETC$!yZ&+}qWXjRgrtd<;!
z6&cS;>CwVkA89luNc)~pg?ae!!I>V}KuYTV)lz*Sk6GWHMfA7U=zfa=o9_@wAg=x-
zTV##lc}}k7%*QQvis_{2j|tIy_0L(k<?>X_k&lf<X^<B|qs>LbD|>66x7xE#gjQNl
z%4(Wdb)~-j`=sS%&j$`dO(h3<QhHi1Dr!7-w^p;_nU(b|2R=ojc8__?Wvqtr@$C+q
zuE+C9w1#pI=}S@SiCQeuYBQ9n$BB@VF1fe=wtxByqMl(D=RHo4+<dRwdXvY3>ORcb
z+t$Iu^ZZ-6e(}8G7z^n;8%E4cW`5WXUQrSi=nmY)tW{N36)1-LE^j!}zo#n4D33Qd
zE&U&vFbbNc;4UZoZpRoL+$B;JzVf?L<LZbMiKvu_)L%{qA$V39M=v1HiH{-Bo-p~i
zLpWmT-(_s|sk+>z(wMG1ddzL<cR;W~(vHjSk4BdFOaU>IfyaTf-9p*bXlM>PGj}V9
zzY>2jqto7udPta7O@A5NAZ#{K%z0F>9VKYq9#Ct@{RWqGETW}8OPkinMs_D`P9g($
z9hSQ153VX$TqV;EM6Mi_u_(Cs4%RV6uDpCl3_i`wim3q$(R$H+WmFb6h%@4gToEH^
zdvW&lU+j{OV@pBWyfBQ%av*M=SAX7g^BD}pj#$b25a3do9J2=)K#p%8w^m0g3M-Tu
z)})?TvTBRPx?Gq|1+?h5rCU@WtnV5ALEos+u>B~}xr?5ijBy(@UI1tpj6%3Hacyi8
z4@bBxrbnO9!)KAu;mid*9k`-TnCNJLPlPiOE;rv2<nV&jz|RIK|5~&Oa!#v?0PW>C
z$p0vNm?dI75!L?1Wnm))dXXSi_O>ISVLa|ft|VdHqHr*nxahIPV)nf>l@r>0WGHbi
zQ~gO<Es5Uf;!}C~x&=2_mH#PC$ImPNr&9-FVw_cLh2p;ged^fl=qI6R^bTMn8%Ip2
zQ{}QhM@pzuhXLyPnB%;a&r!V5>h;F*>Q|f&(f<m|s|5ZJ%|>2!gnf>FXY4M^p{LZ1
zqPN&CZfC!6G+T{i>Lc~N$X?gORb&l9kGqtbX-*0IB`U1h=m$mf0fHC#D_=`R)@)sy
zOX<1zmE<xzYA74Oqte~?{52m*x^msr-v2db*?v{YrFHVSMO&w(|0_=D;p#P)cY7-f
z=81bNw!0;U_YA4qI*$Om$cZdpx@-FRx7M(GNc#lU!nP;LT^r5%K+=|9Y`7c4-S-W>
ztl~Nc`Fkxr5p-Te&SoPvxKMUrnAV{GJ$2bTu0&5=?N%|@$*#l5i@TGG+)G2X^N#zW
zx?Oe6curdaT)|xC&S9IF76T3KtnVz7nZZW1xChbxe`0&Q>Xs=x0vy@=RT#dUx8loj
zO*MA1;mUf9bdjAd%Lv~hG=>}gt@8gJv;2jBO$&Mcw<8V-T$0dGrpe0L=%^J$irb`k
zH|J_1D}oEzX+ZGwT5?rXo6%qQb!~N(;=4yLZb$dJyx{Nh&BpZMU7@VG`Xxqk4r;|8
zL~nfHv1LqY79D^y*Nt@f7Az-B#eHu58A!H5$y2GpI=uD|24>&BVUKi=Trnu_Os`<3
zc3qxA_h_Z<kv#drEnyl(ODE+hQsM5!GR5S&OV;T}K*H&|E8O`&kV@~`Ivuf6CEGdp
z6ly9`Joq8bPlE(^;rF0o+ynpJUV<Y|s%O^VSGnZ7kmWDZ!m>O4SI7thuN@D3jC;Uj
zH)7IU{Y5MA^Yb-vWSicOu`<i1&dGuddhjT%7dzi&1?#F^-}C7z&$Uz0!izk1Utnai
z=o;ok$H>>%AtF$uI5`bTCRo{x`q`O&=oJ0qXwlw#Tft1wq+2#=DD-=w$>Zib8u6r?
z)dZvnx9EK00^4T+X?0}Df?Hn`+7i6nrQ88DnxQyUbRc}yTSCNakP79?Pu{s76fj(K
z@u4G;L!7nIz}~gdBSp}7ZhyA9rw+(OK5CK@L}k7@9S$((tUY|c?>rzYaino{7Htb&
zaQZfh`@PByxMdsFRECK={;qoF_{@nHa9+Mimy7s>Ke>4STbKIrkPz(s_w1<(U)7a|
zk{M41^VB2L7EXo{;e~ZIT{y0V9Fh0^5t&#0gt(WRPP6@xCKUgaW%!iN5C4>nRpVpP
zt;Fm|!la3Rad9Q&!c4}r?2EsxH<Q;U(Mu1zF$}3!M_R^9$8Iv8zk@&b8U{FTCL>1J
zBKy)ICB)<^FzFCbHj^yuidv4)%OW)=^h)b*{zZdA(JQG1;9KLkD2geLKAcDg=bes4
zd|YwXn#s5aHa_>I*dY13$+*@~+~@qkbc$wcV!)QQl%r=(K7FKXu5M8Z*TcuDu10rh
z%v0&rH<@oD1f_fesLGKf+jw&u$UIIyEK0L!5uHBNAyVUIye(^;bf%=lijdSw-uH_*
zU=X5f@XXshT0+IG$b75fl{aWj0HD=Vlj@Ms2ju?BMY%g@RUg~N^eH0yTAHxyt#a3o
zD*3TD`}<9JrO0CtGS-U^owy0DgVgnH<J%`o8mvz8)1Vn@3cO}I8|ZV<_sxhwLXE+?
zjCg;Qok9V?XTgFqm$(O<UyWbln4~yp0cOk>iII5SC4;=L%y<MX(9G1Jk!m9JG2Ss&
z>OWMYCvQ%@0-u$(7^BLIy;1#kxN)ie>Ngq(9(0k8IC144ly%Fbc|Q3-)(i*6?P2b(
zW#0RW0dXlZX*62O>cA*6&p$<8jSxP)Q0ukG)->7+locmO(e8M1FA9HG&_2XVjivXq
zb{*0-n!2R1thuq{2>e+5ZfFg)MQ{H^n4cWA1qcF;DjQf^^R(h_HxWwaCwIzTb25<4
zB|SgI&8n_j#o4Wg?Cm=edf~82*9demXoRpWO%i*cLbdP#Y8ywNw<*oZt2YRwBO48A
zZah)_$rJ$R4GK@p$9_2!)N3v-{SV|MYj0Dk%Y{`h(o?jXyo}Z~G@a)0&_8Dgq|_Hs
z_xix?33Arl3Sx7Jhm7q8kCbRG5OwY?R^JRsVz)f7-1apaC?`&O<a$U--M$wWDliZ4
zR9u^pf17k{onYT=<!-dtj5^VOjL!Wyr{@UUwlw&<s$I7>Ji6l!lw_^-;$G%P!L@~o
zbsfe20Lxlmzl~ZACdw!F`xjw!=8e;}!h?wm^ui?k_RjyhH1XBdEeJ*PjATemwua;c
zGOeCGZo-#M?a5fSVWBy?7qJ?>=ucYe6R~idIvSpqHV~27cVy&Aj^U>-h)JM%g9J?*
z0mL0g{|><o9Y5ux3rEOBEZf+&AEh_n<MOLDf(w@~28R&Kx-kyHS}fM$(gc>QUd;7y
z&;zL#?=4+Dyr3rP$tt$IodvQ>aew(1v@TDqN}O}4i-=97v5+J?gukPI#uNiDD;6ZR
zffwD5ShZ`>IniP9kxz?YX7_>e<eFX2MH$_>Um?PB*UQb|e>>4WlEW8wKSA#+>@u5$
z#J-Q0pJGLDl&7jp^AgvgNa`fRdQPC*6@bZKi~bFeX8VuSExhS5?|E8h5pq!vVfc~I
zs-b(o8u$EmUIjmc%r~F@)~zLy&jNB&{x_BdD=JexVsuA_MO7Zi+6e?T|2<W&?X%Qm
z0Z#3m$QNE#d|W9gY#TVr&jS88;vj}KVYrJZDGs8V56^kqDqeecB<xo4Cc+#9SJQ;m
z*EwLC@@GF<NNbd;cRPsv8-NZ1dnG`pQ&XV;?ubSIqi7#a_JvTNxjRiGx91NMm}dM`
zzV_F-yAI5?cMiI|S<=q$YVRV{;kbGS&LH?uvMXLqWVsxg)F<<|rbN>RqTLi<kZHb)
z)z{!y0aE^;i}_Ez=1Rn+Tl{=mE;*g^mZWdW|1zgJBtCT#3d2VlowfjSe_!;E&0Lgt
zGpZ|{J6^FYA=_X5fl3(USm+-pQhS&9p7(XvlaVVOCzHn-ir6a|jUKmDXk*l#xahB0
zaktGQVc72=HaTJVkrKB63JX1iTIwS+a;J}%@TyGGD}wl`)-AL0Ry@#SsMiC{uo)Pv
zpfH6u(33hUW^4Xz563kU?1&O5j1D}?pSYpLm98?(_n?ZdJ>($vZr(pFzYH?EH!06X
zGCN)q&qZ)~j0(v_LCjtHZ<Z+8C3ZyW_u6@*!Hb;}D>E002MGiUws;4+Z>S8du_=)w
ze6dOVm0K6<MX3w9(_>@==3_$@tsCZ}m!{W0f6d*%`JDNATDa%`-u1|Ag`wMkjIREG
z2z!G{4QjDK&wrooYV#2UFeefi2#-#6*+H#M9kmWmrD{a#B|mBEAO#6X)ip!s1pfNZ
zP~pNM6`ZWzaq$~>(7C-yFM1iHE{A}}$BA9A?w~_}ofDDLUs}*%kDl$nzFiUI&?7pY
zoCVT2X99Ot6li7-uzKPD#$jTs9WTydHhS;fi&dwkKkN_?X?i#W*6nu)kX=C2S5H1n
ztsaZ~fI7w65VGi>^j+_h?WQ~ku0#xql9wnq=QnXM8^c7DM6A7|#Bj6Xlqd)Bo5+~W
z5dzJzYVWk)xY7K&CWOL9XrS6aiE=BpP2S$o<DGV$nh#X<Un@^BB3=P!B1<P50B+fV
z;Ga@qW=o`eb~mP;3h2N?$mqNZgl`wz^vW_(-xfprAM`=+%}Ef#SD!h!;YDgG2!{uH
zsGAmJ_u(|x|Iqh@VV&CYgyv<n%b~+&;4#X)M;Zhdx|k|-WUF>yMMplAN8{W5D9~h4
zOx?S|D>JIE&+KSP=%4uePM?O_(R{{#J5KLY>cc1$hT#iUSq5wof#9P2FmiOaMxOMl
zb}lv+h||>E=+UfYaC&N{?Wy9ZL>X@!^E+`|uJzv(Ltjtcv7&L)UU|nFtdFsp>Qskn
zN#<<ut52ph2zoVHc*+v`qb3LiPbIQLVP)1(dHLWIOaApsv;N7zM-C7?_#P&Gk=9B=
znSJ9RW(P25Q-D|Zz!vExR(g1Qis14yR-u<eEXXOCx&9gEXYK#%?Dag$jaly?V1?S`
zk0o{yy;V9TBZ%o0%s>#lUKWH>fQQ4C?i9*RtcAGs2?XC|g&`6kH1MXMQgfT+)On%S
z-VMKX(?+4DH0RHDck;D0xc$>Vdc<D$V|9qG`{oKVuZkA%O?Z6ZC5>}Z`BE(zreU*t
zyDGXs+G#`J@D39~rOtl?`JdeC*dG#UAi!;fj1mi{!daR`#vD3O`$eP-=9pf|hz?;t
z0G`voE^l{usvdY@)In@zx-IVUoCO5e%YuFV4PNL8*eT1hv<6{Tf874^H=hQaDuc0S
z{69U?dQ_9H*T9EPD%U`vG%w}_1+k3CWT(H#R6B^5ZQ#3(VqU<DQbngK?{wzKqe3_f
zV4h&_ehPS5;;upwG_EemFL^P}lQ8qUKC6B%bpW%eSTc6R-U_!SuKAg$H3-WrFl*8O
zDRHqMD}op@TI4N1N~Y^Zj;<XC<9yQx^n#+Wj0ohVa@V<c4ju`463XaFiJ%+P65gn?
z!sCTu#fcQQDNo^6_^N04L(igbaXDKpp5to#ff0A+l+?y%p7};n>t@N3k_7JL(q*(H
z^JV`>y7xx#MP><dOMa>!Y+B`3gmTQf60E*cuzfx+s6I>U2uEv_RhjCaB+FV3)Lt4d
zC<lvyWy({c)n4v~Qv6p6#E6~~h)ThG6F7radk_2K2Z9W`MT3ukEsy_UMs{2i_CEbb
zNZn@L*fmlw*$Lz`%gDSSq<!$qnx$u!QQvO4IRM>Gt`BMHZ`*Ekv*GZ?n`u~8B6s^J
zXW;FYgqw&J>gm5mnYs4QFp{Oe<YxRP7&iTJ>Fpy99mo^pGM^4!HN=!SuMZ=2G<W*x
zEw6a4SVz&iV)f;F9O||Cmeh7gzPKsB$%1vDLey0_6!vfjMT_JbNFAL&Pd&Xt>6K|o
zff`F%TyWRk)rh*;f1nndbf7H7w*Z`%%#BXPOkQvEg5aY*FlG6CvH9)MDGhso%jeD@
z3;OZN5V!b6f2=GYh;{`hWL2xymh+0C_AXu+&T_CD1R3>OO4VRadWl^056kpP>^_`_
z!pIJxFLa!@uX5y5=3-RxjZ;0|$u7GkZqX}mj;D6wJ_vuseg7m>p}%gwDq<U>(Q+Gl
zB4RMxg9tdMtGzoAgli3-tJtspToy;e6}K&`!M^9~Q~~ymLt%a!Q2xZ;j8}LbK*pKq
z5hj-eyeCSF;9D&PH%{w$ge?IOoWc=iU&k(7<~O7i{Tun&3oF*cDW~~S90U(@0I>^g
zP%V+^e$4(Dq^yE?NGU0|5#+(C=Zn7itdY)m<4W>%<;9$TJrksy!y;Cd^yjiY6L8*`
z+~7#StD*t9lX+n9diJV0eX;G_X*N`0Llq%cfrtitq(*ubzr65wo1R?hoZP(abut34
z$Rwv?t8ZEIo2Y@L-!At#bi_d~@s}$+cprH5D@9&u)DQh=?)OTfs8lK@L|Vz(<{>G1
zieZNi5vYjNR3WJLQa>Ksg5LxS^h_n!IN^}o5trYSI!YXrs=VYRX~VDJ#IP^>DtU}y
zIs~9x$Y`T?s<`?Z-l#)I-N+F?5iU0rCfowmuoM#$wG|1eH~_qT<)+|~3|Wp@b(|y*
zaPu8+U#Z}#0;Lm<RD?GO?x7DGSOreX*DlKWTZX=Q)gv{phUNaWwRev1Yk7rC<0)BB
z9%Yx}8|P|!l*TBqBP>C1DIM5Xg5zZyVY6$6I^MIxw>!o#^?yo}pmAB+!Kh_BezrFg
z-bHr&UPW|YBc~vvI;yFi>X&l!|GlBm$Uq`p^e}oDS@Qce#q}MNt<uO$`^>hI?9x8>
zCQAngD(-Rp9ap?s-9OMP(}(cf7^6oxe8pYy5s-?&hQiXbp#B$k<REyTG7L3eSf`b(
z_NDNba@GlU6}>Ys_m!2B8R2H~32={Z8{<^!EeN?1+c4w8M1)+`ZP4}38}PqghYqtL
z5v4^V>tn1H1#yp#s0RF#UAbYSRy*O%^XKrIEk|Ei^AI5cU#tDP*}nY6cS<O%H3sUo
z4VcsrezSbT#nWKCMD1PdnGDQrq|^mjPhL02WKo<bkE%)#aHm(X@TjO>FX*H*BKrH&
zP~Y3aH*IB^5hQ~|g)#p)e4vixlW@F9dj`MDK~2WG!(~Tc@a53Eu_gT*OiE2BB<Ch1
z`yf&~AB%-O*WaHRl)_K`<?@JYStWH!RTK_2mPQo*x#(XXbH{^Ru<1Jmp`Z=gny~0T
z8fW(Ckc@eQ<A7R|5C?_X`#`OkUsD|_T|j>3pZuJo8$|SrO>W^{l7j>opiuW8q*{AQ
z3rPH&miN9JKgEnVUn*SyqV@sJL!#Gz?ik4HGTDLOKQX4l3Ve}#rq&9ux~*E^AGOsi
z*=G3%<@MQtz4R1wsiIk+K%Uw=7^xeg)B{V4+{tchqJ8pys`WLid5XR5T>JE!|Goqb
ztf4G*)|C^Pd(G~u==vq2;ZGNWRx?_@rm0VFQUmHwuw#apLV;>|1L=z?35aucp{B3l
zH1#tnKh05ms@13h^1M3xJbn-r7U`qX(9N#Q{N^D;jA;Jdm`ry_qULXEi}3p=RU&GT
zZRgCGC?;;L$4@KN^4}36G6TAlr>$QA+&Th7M+J#=<I}5V*Vz{W=*Q|%j=V&hU~FWl
zm<)i}j(@u{_qJVj4;R|Of{FV&a>@l?eN!TP3yW(!bI!?qBAnS6g6`ylMKj@4C9-s@
zk9G&D5~)+JqjP{1;MONm;c`Fh>PGv}jq|`C$v-KUydY1ayP-Jy=X16~zixVb+pcuJ
z?W72M?4^n(d6LA~fT6}>IJhwf-rY?G9!R|wAMd$ZDXP6}QD>SNtEuJ-hmQXC27X4>
zc->t&Vyged)ta@?di8<J?@e{~6x$CJ2u_5kZ}A5S^V3<2Tp*rbHa0RTb@k1mhcP1k
z_4JbRYm0cE8$VX;!uY{%_Tpj0Q^qv~XkGef&w~h5-Q$J(fZT`uQVYOEeNS75i_5A1
zE#U~p5H(1@Wfk>LxtA@H>n5SWOSHpEd2tn2S#wFl?zn#80rG^P_2f|AC+1i!j7y?Z
z**U@e@}q#_$veBqa7oKg;V6J<qSY`c*4$XR`M_x#-z|UPx2HDUxO)G^&FzA)k*i=v
z+iI5de$O}Mgw{d9Gz<HOLf0qz+&dAej0eWs%2;_7tFwt|2~obk>iT;yrFW^&yEmCZ
zvFj}qf7nE|D#fq46>J4mKTdiXvS8`f_t>gcrP{EB&1(yDX$1*dwb)Fb{gX5qDdDly
z*E0zZRyMuWe7cGgis<gk`cdI4R~@i2NR3WBuB7PS7u)mJZg%V+lHo`_Rp=d?*`1~N
zp;e8i&h%FbxlWPb=U?(j_ZTvoCe$x^VG`2%N1T8)2)g8v4HoswS8-fImYC^VbJm~`
zofS90#;u}c_H6m1mwGUCOzaMohww3l=OV`P;)N4&@O`4xJ|T2e_z3Z*!mn=@0AKAt
zS#1PNvHx&u`l@>iFXRT(vycTZX4bV-oba3s(R&;4E41&yd}*1Te!y5F+AskfU8Z?z
zDz;!xnu;IZ(XU~;P-wg3L&P}AMg0h3Cu{kVc1`r&)Sa?aKWe-DEsAKMdk=TS1XNRm
zQEQhCN6Cp!pgP}bF}3IzGpjx-cy+zy%njGk4_BuR3P6aRmDeu8C=F@jK*2rKwy1BI
z3fyA27_mkuk*l#WU>Fa7<XM)oh-;+B9(3G`ML-R?BI2aNL_#;(dUw80Melb51N0e5
z1A`U9ZmZ+PKaW0m65`r85BYJmX(hL5dEUH#H84mj*yp*!vN`t<qjnDc;$C8|{X94%
z;hTK4|F4u<@=H}T$`tSaqv<Qd+IpUF6M__X*HT=IJA@W@cPsAh8le0N1xoP(L5df5
zw^Ce!ySqCShnxQIz4<WbJbBLUj=VG3oZX$tv(eTsdg6Nye+nQ5$WPegl+;a#?Er-9
zu#22sN;h9bkWz`)L`mOV`$Q4*RU9RHeKMoM`EiVweboKszOwUuog&NkERtuNnTWMQ
ztoHvLMc=kq-9!jpSqnnIDP*x&Gom$qson@R*d_85MwFtz9}_~sc^`F{D|bVOqJJSH
z3=_cr^T-Y`-p7gN9=LTv8&MKN+te*W!I>ph?eb&$zBFnj^Zgu!MWNT*D~Sk*Uz2U4
z)6u0fwliLurDl%_6#gr86ffHC<{EzN_}(Y|iwZBFtd|l2+_i<97^V73v+!v7_I;fT
zU|@l=z3RUr`ZGODoQ(2Cebc<>95=%6S8dy?rOkffUqicYKQ!F8Icrj-#iwQf5MNZ2
z+fDPzuSVo@lnsCFD=E8TSGd5>WHFmwP9GM&x&h_gE>cOsM+~RmG-$+VZam8|XRp*r
zacuKs%pKYDG=6Rs3DQ*cy&K-0Hpu%lx`hFH^ZA#*&%VDz0Rpb-VMtOswgDjOEK<<^
z92JwL(wO9XJD7B1gTecTg+@eYfCK7iuFD3XXtpnYwKX48M51s?O1Nu5&og|Hs(I?T
z1npIL9e-06PxEP^HVZ7cHqj`$!OB9T>&SmU_G{}s1GY~Ju`7YBG6I5!SZ?*Vek-9-
z%W4s#H`D$-I-|Pk{B%jnOYi>jZDDhVc9FyhPR4|&65x;=;})e~P$z}Z?&4PX?@H(m
z{1p_QK+j)eM0w|ensz7QEF_u67Spzs2aqi!tJ-`pGi>rhT8~t>P&XJWl{8t<=!(xR
zF{&sX_%v`PjBo3gorC10DTY18wcpGs5ZZ(Pp`uCku!UaZY&9N|7ap1645*xQAb2MV
zHjgEH;JG2jXtx&}6C#qkW>L$sBO5!pf*8deOZM@KXn9S#ueJx%w5J|!uG<A3dy4E!
zhg@HYLE2z=t}i!S;7#Eu%NA#g>n->;397KjpI>wbuELyiC&Q~=!`sT^!3})Qamwgq
zhfhnbKzXj3{TVy5m25GfY<kIsv}^3c7<%aS{{GXUKh3Y?w)DM_sp}lEX=GPH?M}R+
zs~Wbw%9kS@a6j(EeYO#TCk2Oei}Kzo24&qFxm)SDj2BMD;Yc+aF$VwBYxLBVpJSE?
z2cO`X9m7knk5TgXq}M1%VALHr1FLUE{(9EtQkz4LTP-L0UlC|uZE?RtS%yQ>oH1wU
zwu3a0ELFKIeGEq4RJeCw$Z3#TvJjTXH&j=!f6w~)An`HI$kT=9G3jGXKhn{lqCSA`
z#ZFGzBcooO1X!m&2%F*YMZRKefh@oO<@gwr!?Tg>x06kZMAs{WpS#Bw`DD-dJ(;QW
z+2+3$#bbHd55VsoiVb(2q~1$epWCDrLwjy#Z0TSaGA%r)=Z*0<{)mKwA6?^L*WS|%
zbAnEb(}Wp~ML=?K3H36jAI{BpJYI5lz}GnUfnxHEy~w|`P%RtHX;@8i{XBO&M-I-#
z!8$(rFMmg91hjYfEFfjhHSuR*LtKl5NOdly=F2z=##6~NjnEs;qo;96NM1SKKKGF+
znF0rB(MI0skIezo<pTi?i;6p|jom^<5irWZl2=cNm8oo7RvLhcHtjU}_0;GM9b+lY
z`{?G6OS=dM?77%5G_0a`_>f{H<|k&t2?@Esr#z4(4nR-Alt%Hm>j?5@Wd^HI(6&Mf
zcOE`XpW)8S0{9UvH$Y)ab)lI6C(Dj`x{Yg$<wog<^L9fc-X~pjiqDQqYJm5?-#TsM
zwinPXz@E<XnfeE6<h&ib14eyz1}RFuCmARb`|!DD#zyYUJhxyqKMkk<C<vxUWAu`_
z(|=QwEq_(A_c2g|lUx#>`>i18mq`bbV6&<5RAXjk>xu?9v7D!XLcBTNM#c>OnvdMB
zl!hM)gxr?%b?Fl^?0Bv*?-aY^S))yZdeQ-l23pyQ!w&FsC=Zx<OAI^RL-!tgQ7pL8
zI;i-_;fV`o1V)l$HLEc|1`*y<iEnos0L$VJgW)$lMf#Ky7c<{B_1cf5HEwU;5>w%K
zVU<jOV_^>#zQfbH@DGai@POdpdGYBL)G>QU#(!f4_$IJ1^ycI@YrR+S^o*Q%E8}Nc
z3gVCf|LlD$6G5^XTr%)hhP*RM9gFL~7f`;E0hs*t0r8U9;?#&QBjB)AkyRgx5ZQin
z`Rzmg@<)7$ToY>@b5IlqP0M$x_~X%i#C(h!1lp+tu3g}Usth34IH;J;xdjpDWJa1_
z{^pvAlCRCGX8Vz@I(kI7)a2zR(E6^4AF{7Q&2f~?m~m=CO~s?y@g>J(GVexKIYGth
zfiHhq7cEk*)Z^VA@T7Ea^qor72$gE;@TS`&lO~=6;6gVutiy{c^;LUL5lz=d-aLu-
z%0KeT>+=16zWz1IyEA4*1HeW}T>Rnp1W_EE&Y53*oinkoIs!(A=(mHL@(Gc;Jx0Hb
z9)=c#ZyH0HDf@t%?25`o_u$80Qa%M$id4@!E9+5{SG%MC`L?R`r6?iz*1`G#akIUH
zG@p}>rhpeEGlR@24Z26%`b(u=E0&_F_f=sdohp9!OIM+H!G+t`Is16Q{<t)!rO`&R
zJtb1|`HHk|Bs5fI(Rz}#sk{L?d_A>ZmlzS}R=nL~B^94d#SwAFW`5=Iecv?sFp;a{
z#q-zQ>I?PUQ0J3Yd1f&@bDjgEy{7K|>`R`40cRv~PoZ%9^BOLs>6Z#YXVEgvpIRKX
zpC^t^2oVi2mq_5I<4NjzRL!k{$qFUMTu2O`!Di*+?B$~n{U>#BA3ys>S*@ZT!FM+`
z#kw~Mwm<1r?4qVym@+;~<FYG)ywpPkk_`x$=bIv1Q?!d(W-Z>9j{H*mF*nT@jlj*|
z5Vb5Eu*Z%zpjSYTc4$y(XFm@gA)robET`gT+BiU85#!Ay7x?JTKrse>^Wo^6%{&TK
zQkcP(@}y46@B26Ra*K+T;>ze;1JZ(?cnzZd)~Ol-g)i$Z3%L!$=R%Wr$}!XUTzMRa
zqlG$bUz39C-^dy8dLj383zN<y5J|F?L~CL(Q-0FUY<px2<Pz#GX=zaYHm<hEC@Yt)
z+YT_V$IG+VSo7bJkVm(Mg*H{FAd}3IqQARmD95~9-Ap2opz)q#X>7lA_g-45Um=3$
zfOYZ7fA*I3ub4e;kaci!4yc>mZRodOa5^(Vj^yFH^ft6O)7WXSv2WpPJ~`uSpt%T$
zWtV$u?AvXKoBldG>Etv0HAXCYq3|QSPpn=UCG&u>p{>tJF@0{>GM_^05ea)d4qbc>
zJ&}FXG)<Hid$qixXK8(Fsk9yIfxd%}ZZs{@y<)RNP<cgAr8d#r;>rwMp;h#Y@nOOe
zU>|W=MU0C2)+lKp>AU)#{hW%}S>uc%dWCS$BzsB$ho}-7N^OIFDt0a&xqhYct)>(`
zf_#hkS=`zrdYu^-pXUJ7*3#bJcUxyB%OB^a7saM?<;JuX7d}>&CqHssj^EUKW49N~
z?*43?UKG8aHOTnlT!Q&`Jiy`4oGo^HrH-HNs`?B^^QXiwEd$rJ4hEWNE`g07{FJ<v
zD;eSr^zc{Y1C;vHy)*0jJ!=9+eE3rO1C8Ht_qg+yCXiX_1f|*~7FUzU!kJGtF!zlO
zVqrrYXwp!O!A>Blq^Fw3vy#NKGT2mPudb4Lkn77B_7!Hw>LaF7|9G=fhhF627Q2$n
z_Vrq;d|kY<>S5VVsBuQk!iWAJ4sD}mB=c$v;)d|p-K=6)KEn~&^ik1>dV253D?57%
zFC)y;aZ*^tHmY1wxWS&%97*x`&1Ch*Be@woRm20|4@V?9^jW{6Y7VNH#Cpc&=EeGQ
z<$iY%9&=UB4Dc)rSYXY}i|wwEW%RchT3r3e<KvGL(!oFG%AOmTYEJ5h7OPWv^l*a=
z<m&p%{Nw(XNN6`kK1n58xA+y!7vjoM>?iat^l#5Gc9|l`U5~|&oKEkmqnww4<l0)X
za3pk#aIfe=^A><8=C=t8u_dY=2p^%~dF|f1GVNgtF>!YwXA`8#PaSesU|_O;UP^w~
zhxz%26eH5Kbf-MKRJ3b{sw+_8rOAlh!>u3FYgaC9Rkxqn|J(gyLBd~F|BJ}4zqE1U
z`MUkCgw1};D1&4#?FP%f1vdh5u**OlSAc9^z{R%kx<6;tB>LxsA8uxp<06Rr3a=p!
znU0M|{g<5{Ey1j>t@DDdSWSG0wiv+0NC(IzLXIcldbzNjQ#JFe-P8e@nFa8DGw{8z
zDaaEGspcba?`vk)psH_ePz^-q=OF=37rRJk=FhIbYKv5-h#ja%9T-R-<VWVK@y|2B
z33ew7`muis$J6JJYwk>S^aK75E1BiW3mGgDm)y<RxmT(z?NzDzjZx~qiIkjqn@L_4
z^p}vKsvEJ*MwQ<wcf-wquTKY%%3Eyf@kdIa?NPk3N3PZ88<O3!r&&FoM_FEZ-4@y6
zN0ADowrKXW148)GOV#vi|Fzmk=P97eMG^mI<jl|+5AdugTOb(#d*w&?BfcZaRD|`c
zPI)n65B_lk$zwP#ME$H0h1-c`ONmVP9}t;d`?(vE`@T!R3hPJyj3Yf?bjhfUhGqlS
z4=QA>FB3zZSo6fl#|-9O!s~PI*NfiMBps6Q%mRhBca!8f^ihl^5cEFuXdeM^v7R_?
zo4I~|F}_n614&$nkXM&2(r;q7R&h`?2^+OrFN6$4+>JF2;f9fDZynYl<5W_*f6^7K
z;-Rp;s8xochA?)yrM;6<IlJBH64-z+p4Ao}IMvFGPR~Fbe%t&$Q>mC`_rOGv@kWsH
zjCFX|ND&Em!qpjO+xrmSzJr9@1%1=CWaa>L)p)=7ON8Fk{7IjZCx9JZH5eg)7V?D_
zz*UFK6ou$7i;(N{?p%$|l@pheJTyfeB7pXW9!bXQU6llyuOQm{T|NZO+|Y>$@N$Vv
zsX*mE!*eDxX|eZcd-vgJ<3v|TZYas&=<b*w#Xa+2I{bKl2*!5`P?L8Mm8iGwVf9jA
zSbqi7Kt%gQ_;)#GB=Di%)q&CX_>Q^5&tb|OBD}B|6=FB)(RDbta|5YP+50Y9rS89O
z&{f;jy-<s=|I_kAOfUUY$uJ%!*CDS1hTSc%-pwQ{gv-IJv?4>o#XfO~yj<t)UW?3n
z6V*}dbbzk%0HhR9U5-0X05Xzo9w?NdnM7#{0y9OC#t9(k-a)j*yL>xveP>XP88=<u
zsga>$e5-%@J8dKU#v9nvXJ5OoFzixmh!C2Rvc}<n%I0Wye{#egs%wDoQ%m;2$(#ZQ
z-{$^A+pTL-aM;DL5A?~M1-jiB%jjFqocoum%zH*NV7pScAEcXLnQ=xI`X5KvEGuy9
zQD!~fcYVXRE7>w)w$^=DCW62FNcHLg6k(V0a>BTP;T`{SGsBKm`;vFjg*&-+7%sEk
zM*qY5MtqN@>n<Pn?j6;g*lG>S9<k`lQx89zbA^sh@-&*9Es}3y2fX^JL-Y(-D&p(?
z&r7Syx`P!)J=PY4&5#-P1{13V&sQCAwvLYIe9_Kj%i^)GG^-hEz2K##nkdbTOV;=X
zR4cEr*R;&vg>_wCCrGMv)mHaek#(K-7ZpMNqH;;+WJ#y}?xzpabwB*;XOvnIY2N)N
z>(p!^4Zh^N9l}NJszSV1@c&-_RgAGRw2sZg1IhKz%#c_`g1C$dx6JnMKk@#`NL5?*
z&wY!3B;#i%8`)kky|ixr6WTTvVEZpsEIQ@GSkG7n%hS~vp%J+%{~&MjQ7<WT9DL2z
z$4gOR15wDOO^G18#F;*BJPCDEbB6TNRy~d6^p}oL?7(MNRWC4=5HtSob{1R=P6nh$
zErTNW2A5K#hl*3=$mAJzME3QION^%EnUewzKhfo(!xt?vJJ|6(PHD-_@R|0^2Dg67
zUOS)G@YO2!z=D=WpoJGy6ke%Mv|5aYU$;>W)pIC0-}BoH&sVaNQK1>i0^x;SBP9KL
zp~^-7)F&+#_z}~YCDS3kEvu!1ndjmYUq2>eyBm7EmT7&1ptR{U#nO2?^oNlL7TWFM
zhx|kR1lw{l5+MqldmRv{0=Q`fPYJP-dTGJ8e?Rl509IS~fv9)_BbC(Sr}Thlvs%IM
z2DdJUR<pbB@B(Dth@I1SB!_M0DVYc+KJ)h7Ht|>Kr}py^yxs=!)%y7Xj5SSK%~__K
z1o0zu37SQwF2CBOaf4^Y>0O7=p86dPIvR=p<N&)2fT+j+6s=!C04zoTCnLbFmX$_B
zi`sw@p*qTuL4W4Mf8nvU^REqk8tH~7Ut4A`r>vs75~Nrus-XCc7ET?_e7H@l@nH*P
z=pn=!5+B&-*v}JHdKR@?Ia+5GzL_c_nlLEGzUB_{B%tKt>AA6=4af@hFvaiT<VjN*
z@vy}o*<7l`QpDNYtSD;U8zfUq%6pWX?of#42M8cUVXLIlo@^Tq(XF3J(I`9PV{6Nk
zXJjE7B_MvT9|HDlum~0U)FaO}B6l~8>s)#DmdPPA(1Siv4yvrGjSwe>%0@2CBjC8O
z?1no*$QJ>h)`S5UDdwxED6@~DRr+;<freZtMF2`oNL8n8%9{E}wNq%YQ)pG29Yiqq
z$B9Ph4=tK9;<WqLucWESQu)AzkOU8Dt!Shx?Xy}|<{AFdUb*PEAfZ&W=j}aa2mO=7
zpiC>8=t&5Yoeqs@#nJf`(!mU+U6+$x()0*+)}~Cmuv--9-4*~>_hfOfygdn7bgcYj
zy8NU~&mp7`xK~`Sn_l0ba(hL%LMCz0E7Gw@*tBZjtSme(ykdX<-T8jJ*MLI><)Hvn
zkvMA5q0ktp(HL0cH(Xv~Y}mZ>;F*(R_@dDGG}CL)Ax^2M%ATG5>T)W_o;}B&?Xv3r
zp`P_q_{?SELD$wYH_^VQ<!@;N@hq%BFnd4e8)yChIL7>kj}BQvpD_I&w-&6ouorTw
z{julovQ*i_ydP?vlE)T4S2&j(qh`#}g)}OQFKveSgQ^;%&e&`22;PW#U8Q#q6lvJ<
zj%N5&_fngn`U=1t9-R7WS7wdw`WWh4_xPOF#46_(Ic)JR1MMB0_hnqY&z>h%DR!6A
z(Q6}53DBHIW9!kY*IsOptKcOdq5~{Lj{1FF7Q+gu-Z>bC3^8f>ioVxO9+_apdaJU`
zEBAGK_$+ubv~x04>RzaKwIsObm>AH4ENFdNny`l~K@9kd45_kV0-RMQtQkmI0<tiM
z*FvC!vrKVc{R@WX-NUUyYk43Cq$x=LH?-ZV#Cq%Dq+QRXkl|Ms#rVCcH09dsX-wra
z&vuN^!a<}`=Te1w!^G&w0Tc})pQ07H<OkBylUVTM0^w97kJgLP%YYm_x5WtRb}H?X
z_P(;gdz8(eB_#Lc-r;wjHJSrT3?h>(rZ;|RUq<7r2fV{Eol<n)j+nY|cP-MniAURE
zoj@zVVXjO;=ysWT+K?goTROuUe8eI@K;5=!>Xg(&leXrVGeRf*3pKU8zCIEwNj=}7
zhdL=VU%%%$pS^u3<&#P=p4<YsR8i52hxUbmCQC<YqNW7QZ@8v{M}H~s!sRzTv&J&R
zc@T7#jv7hLiXR)SrJUvcVzC2YUbu~)h1?Z#PyBGlcepRC(Mu_4;|xiztHWp`wUy|6
z$K|gUeX_SVb!E2ju&J-%o+MnE={{M?x<gAP?vz5e8D;zYhP|qvRr+YP9B`puFkl<P
zgF`iekK>~|q)ONw;({Joo_uK2k06<-%PirEc~%%HNXv~^yjipX@h#Q}RwR2VpiS7>
zb4nYcGbyR#K&jhrWNYt7nN%<x%(kmzBtNk5@+9^0<e!+lUmVNr7e6e;h|E>6!q-O`
z__Cy<a7FRh!Mzz37Ic@b3^u>@WTx%>`XC7M6$8m(WU!~<NBYS!xH>U>Cn@+*-vgb-
zBALK?BO(%}BvrrXjQu39v=BQzl+x4IEH*w*HLxl(wbHJU6k@g$Q+H<aA|Bw1dqR21
zY8>QJ{dWab9~?-8N+ba|4mSOQh<B_(Dt@N3s3;1!9z*cA0_I)<*HhTcK)74ffQ}&q
z@iBxCzrIyJ0dr``_rGJ398m#gEkVPz<&AC2;Hkvm;m7RDJ8YNg)ys}#%(i&tpId~A
zY+l0WA&q)xo>;E$F)3`ibm7??3YR^Sw$O^FrvoMv<e(}6m)MSOEfcg^Sy(ZTb3+v;
zDFYU@W$%L%43VL+D8}=}D93Lw^&|_9a4_d#;T%utn9xB6bn*QUMkq85AR1?({STE`
z;5aNW(+t;NO3$AaAhlJ=u{rB<Lf(Oh<O);g`rRWll=Wn+<tKi2J*luv7Gscr{^;vC
z@U9|!CeRWKC(D9wO$dc)1PB+;G1wl<)$W^fuuUT2_gPqSg-}M>uIT_UYk1@K#MJJ0
zIo*8y<jnwsgW`oU*0~i{`5S7ZCfb1^n~eXyvG|mF28|_8xrgQ(b<Ny_qvMm!nU`)l
zxogM_5$48+xt8rT^k(=)M3x_~)P3mDDN!xA1jm(^jk8J(E7X6uX3xpAma@uK?@050
zNlsu%F|{tdvj%L=q17WB%kHQ<55}+2HDn7{rbJe=&|d3fL~0VcCpRrTtO#hxB3@x#
zdNdNmoAR!}tEeQSdnOvFXk*arHi?><Q9a)K5Ki8|4uOJ)w<6Em&2_vH89eJ4T-Mb8
z-XsFQo)T7IHR>ncI?1jdeLFrnqujZ;wE=7veLZJxH0+>C!~VQ$*kKZntu)ja_<Rw#
zz7gp6DQV}33Ggxk{~`gw%r$i9=pO`D=1e<AFK?F6A)`p!N2Zicmp7a)tzC0tlrtTt
zZJBG6$oInVZKy%x@bz&43Wv*^j#q<)`kVRQpcQ49w-h#s!~wRHs%}$O$BKI!F&bnK
zjjjK&1aMc=<=!^_q07+r-l*t9&d0YR;a4O_&N+j3&D}TsCn-G38gG`>;6)0)8Sl$i
ztjLCE{(SeHn;QW~mR)nSC0zN&Ryrj4&mH_dnO|vOGDnC>GOK2Ahk1;Wr2iz@Q&<g8
zy=#ZsTV3e+Rvj{Raio82&F`co=5{{~{kG~`EblHxR!f!1VE-FD+J_6>->s~hv=)P!
zWVUA^aV3qzmw#iC1BUi)fh+mB0W4_p+n#UFW!`>g(o78?*u2jSb;}H`irWObRU!m5
zp`U9J(;P>1K$<E)1ZUmL>8_tvfESe_od_>}R(B;igWUwW<QazFKmpRHPK5GP4SLr8
z+CFCGPgT<r<agJg=gU+?A1$fO)<m7zg|3&=u5YJcreu<KYY<NWKr;Z)_kE!&BmmHP
z4S?QKc-!%DK<W4<rbKal5Z;badP|DB%}1b$g}RA_eqM9zrh4vq^;jlj;Nmz#Wjm3F
z@^4v#;wd3Vr-(5ZwV{+^p{)T3GCPj&9lYZW#OuM&Rp=7IT@ANeD5J;1-Udg#)0L`N
zt>;plX1bhRce_>SjQ+s0TiWeE;x%eB{1LWxlO1uskz}@{hXSL%&nm<DvbV@G*T_ao
z;w|TmRB==0S-*fCZJG{V()<qc&lu7Scz@sCni2EexJqw#JpwjXksS{(dH)uQ29l4@
zqv(yJ;BYNLkfgzWxHK;<*u{tF81Fs`c~DmsQmajjrPI!yNKrZE6Y1VjH4TePQ(vR3
zo?_>}TH||fSvpVEd2%9OM(@;3yMSbNf$~0}zB;Ea<KC|FUT{Xl5+u<N{3e-g5&20I
z<4GT*C)mq~`T3xtP|Sa^U#A!<`F6)*$z`UrSC0zw#l3KJ+zD(VyFOSB;c_P*_XDU2
z0$e-Y#v|CNYbc%Ws}`OrEB0TfS0H!SIp_r-h$0H0uMx%AmIP2n0igR1bmQAXK!V-9
zw-dR=2Aq<cEx?XIkdGkC3juh|@0Ak#Fd<4{bz$x(_H_QmS9A$%fC@ICr#aO)k{xKS
zP)roMy2`twQ_gJ2p0lC|si23OU#?D55i&>*7XG=D&Y_=(>&y&vo=bkSJ51k&POs2l
zalmgj_vN=l0!gB6iUQ<{e)eqjQQR_dkMX(1%Sjr&8Mz1xQ3F}QBm-*+!b2H)dW$e|
zzXb4EkR<+gbRf7ID4e2o&Drr~c0Zg0gX~QbM!xcpB(XIXVj*^2;Z{@Dw_P-&UnR8y
zScv>sbq~!xH0McD+xfeyhvM54xt(?0ov9g5o;2qd;IEGNI<0*)>mi`>P_cz==6hwQ
z8!E(Wik{@+--nW2(~>D{`T*T)^KUcTbGLd#RbDu*b2K!c*#MLQP9PP&?EhAmARoga
zy2$!dt};FwN>_Gz&dMNU&?^%LmqQ~^y8i}i(Eo5yn}y}+tw<yA?IXN$SuLg<HAem<
z)zhp~SJm&XoZsMU$@DJHNDnCE_v}l(x#O=@6$EK73&>^U7)J62!Ar<(q9neb-kW`1
z#x{H78eDaQ)@k%^i}4xe>Kjpd6Qm<|B8<2%`nhIn>otK}wdRL_@)l06NtIf<C7~FD
zL|%N<5;JA<y*#6HoOTjN=a>O5BQ{Xsiy9avzIxqv^zHF3Ru{GNqUGLKlVMlP?w6x6
zy03m`;4A)Lx7tpPgCVl-+~3?6kaUJV;L9vsA`wb+Hy0Q6<JNWbQ<F07^bM|+aWewV
zKlQ$s_w+_EkEi8kqG1@N{c`zBV&(@*bs4QnJ7}P|Q9*Y}p>lmvNx_tiHG#=zKq(#Q
z<|Li);DDAd%4fI`Ep;CeQInhdSzSjfCYg!8N&&q9QKumCe2xK>D?`s(vvNTAWSzU>
z3dYb$ONeYYWu`WokY~x3iGx=&>G_U!<dobgL8HMkosnyG3%U>(5>PD>eW?$I$d!K&
zF~FC|N5rusJd_nnt3*or@i6oLW2k+m40#*}VQzgRC5^w%o9pKv4a#YnhHn;idSvMp
zS?cX7lZCYDL(y6G^-ohb<Jgms@@A-sMuAeTzZ!0hj*7lwjDf&+xWx6`+E^d@sBb|V
z4u=4BUhN=>AEX=tA3hdcF4L<OG;ZT+m*8>#k^Mf9{1xMjls?K*-m&7lRDeTd=Qm&v
z@s9lqzgSn)1@TUM2HqCukZf_xUw8kk<s{+|{fdO`pv-M##>1dyd?T?pIE~4}q;ewT
zPb=dGly&$@DYPfL50IOWkpJF-b19mZh5~S=BnZwiky<7It2*LP-_|b(OJ5LnMONh1
zn_rsFm6Gxk@3y*cALU!xZ`?M>-uB-<ySvSP*a|-TjxIoLMhy49IeXRQ)&_C8XOZm>
zXP>}hpLBk#1Va8GO1S;-it+qB@ZL}e<A<<PV~ufRO}ig!z>x9ji4JS*A4q9aa%M|%
zCb7d#{HLxz%H^V^hJFq32ZoJ#nv(PWK;A760au1Xqw6pG->=_(dYI$hi}ugVKbe)?
zshDdpbQw$h0z&;$PVLeT-;3D&w=Zzh)$G`{tM#rIT^wKDKVGCNUMs}t)V}qPM$ne)
zy1&lJTnYBPcBc@9pj648QE`h}srbhd31**ivzb#|h{flEmQtOQxVm2)WWZ|*pl@lI
zR=^N8Z&0w?*td1QzPB>Nm1Vnn+<B!C-B;tj)^&(efu0MlaS7n8i0HzPQ0S1~@6@vS
zYeWS0h2dS+&ZU>alaQaA?mdn^cc&Cy@;2X)=3~lLdGI?7nw=9wFr9%(=k{AdJ^bO;
z3)ZzBcfzjHeK(B$c{)XTv;q>^#qOGexAY{&S(OSQ{D6&`B<iZ9)}huKcinpc{e1j~
zi85}&l3Q_%p154FK&w*3;j2m>T^XB3ijhLbWwXv;<tNAwU4~Z~(HB`Xud89pVx5g3
z$ux{JmRwE^ud>c2CWje<RZd;6>Ffgzj_6$P?lH`Qd`(;yj!sPmgMQ8Rke^D$1?vUe
z4$Ojj4BY$@7<Ae&D5$z12IT3-MnlEopsc{Hy#cGyIW!hcXh&>4BWH#%aXP&1_<1V%
z@|5e^&q<=_P|_XSvGS{y-ip0vAd^jS9M4e+r6-5mOXU0_s!q>fYy1)qj8Pr=C^PB*
z>82qag54N7p$O#qVE0j>^a8SPP*~{ItHNJhVMUqoAy@!iXGnLtzl@u2IKcaIDXy$$
zvv4j>-^${ey#JW{rjP3=jXw!BiD5YVmB?@n>3VnPQ=1~qMYf8D)XQ;|7h;tyB2I%1
zDviD3PMm-CH)IZS)X$VO)|uv6X+Q#1c-?rbmYaf0f!`gh5NB4%dq1z!I*t4O`6XR|
zVHC5=VrB*1I~|0qWbjdz<>%ayfzu>VWEHo?F&1kfKLPMe6ybA_4pyX%!j2l73F?Re
zs&9yq^)qU}QdeT*^21hLTGy%U-JDp{5c^9WPexHeyvGAVs>G1#HI$QYnpkYl{rG>k
zW%z({578BZ;XkvkF<Xq8FPagu<&8hr$`Lz^nM301dj<-P#Mn3MFx2z9uV;FHwJu|E
zEy|pEfZ`1w5uB(jpc{#7(2Hj8|6PMcU>;<9&AWns7)f70K{rYvRob6<F44$gBdi?%
zUCHr4`%(AeJGvamin86jF}n|Jpwiw@#>#Q(JJSh_qL2i)6AL0(m^N58>IzC}v%MI-
zAv%SzC)6Dk+;wam!;|f%g3+BeCOCW|h<%Z2@F2f6l5I(FT;r-@gcOr1s9I6KA?l+J
zB^UcGC=dV{XbT1}Z^hL9aO1%0)*lfhKNj>c9u&Nn-(t(M4D1%vEkj6=hkmK3+Yt5J
zkv^#<g#~@CZKFO9>l4aybH?iaN9(ti-IIekJ+*nDTa2W-qRty_K7>`;o6AATn0pzz
z#?#^%8=@+L0)IjF*=A6$7!Ok%m~fw8*Ef%onV7_EURaB~%q%_;Y)%JQsQ@*sXxLZ|
zy7}K&9-ptk5;U9gea%U3RM_2cnpL+2of!DXpONsOV4q-!5mF$hTZL2I#`2`E`r|c!
zttuyuUm<ms?v~M*;26>doW|Sy5%Q+o+GdRPc&4*hNF;(4Bh%!Dy2A8q{xo~9{6DD@
zy^F0{N%xF}gLfC)RtvU@C~d|ZNEjvTpgzjn8a{@CA_9O2yuEn`M?o7S5A{dK|E>f#
zC>E&CMSBH(4(>=ld!&BL_J*d-ajOJR3c}m0nn4RNy9)4ZChGa2_?7L&LHvLGzPa*W
zqfku=nwmr3g}Zk22r@3Z$yC@tpYq*0cn9HWJ|k*>0`-{PtScHf*bG9rps{b^cKQzx
z-}(T;|N9<xOJZY;1E+fw{~tzc8J2XX)vl{+fMrHE850{*fy!1ASox@{Gb5Do5%fAG
z*!c;HDfy4a{=?DK(XQ91YcS8CZ<<@jDu5zEaBKnI4nEXl`i3Z2@LhB$$}Km{Ll}m#
z0Z%K}M!A<U$Ma95F=g(;vwGK;WdJlqu(M_LzpE!{H!8b-YG7kQ=2++#{K#l1=!3L@
zk?FXxY}4Ny0Q#qM9?u%w+Oh5fLrkek2B?d3)y9+kpI+B2`~R*mHlXlX@lQ7fF4#v&
z!9<chToD*M`Ati6H7P8Au#YFEcF8^`x~DlHFKA`imkWyd^S2=RN9I>H<kQtLK@XC>
zK^mw~%vBQQ-Xi&Ri{D2cs8C|;&@&N?xinNBZ!d-X_-GfC_)l{)DXjeSl^oambGttM
zo`0xdGl%ZmnhLl~AMM7Dx)Le#j}*Z(iIgGhC_)`v>MAn?OgzQx|MQ^U=mD(T#Cq^<
z#T?uA3#GgDExD<*MY&xj_6hmdT+nSTcaZslH=!Phm^NF=#DDyXNn!6k^SA)24oLg-
zdj)yIU3Iu%q9U-|4AOr{(oT$>v|)p~lq0Wx7i3&@{3Eot3wPfIj6LRVeR07472B3k
zk6?6|D~CBW{8*63W#VX;ebkjB-H~L>KrqA@6B;iV?Oa`%(P)IR*K93Ft~4Zp0$8($
z#>RM<<G^J4^qu=j{Yp&)T%7)^b*s5}zZGK$>KU4{;&!QrH!|U^<jL6a`h3*|F#F>X
zbLHJ9#Q0|KB*vqfa?daJD$oPksLJ0bYO|4#>FN_T)j0ScPry{KtFz009>g1>Jb?X6
z(XHh{LGp0dQ%flMiD2hq{%ewxCJ$7EkvxP8_R9gn9d*@4S>$rn>q=$&-xbcrbt-_7
z7q&;bH%kK@<AI%c!vQdRw7Y99n4RsoeA^arRl?V05Oq~L`q%3!S1?ZCk6(i8H#T5J
zaHt#AC+K6CE1aUhW71mT+~^V<pWF*14`C5k8+=_@QCFi&a05FLk4nJfi>x5I0%RE!
zbEVklNB3qgHRh^`axZ1+ro}IS2WqOqA8Y}YodvikLR(!L;i@p@eZ_D{3HeX`MIRxs
z*e%NnS`_9Ar#8oe<Y#98+%YTDaoMe_`~Hz^T_DQih>{=rc-mz90=JcSw_gpS-VN=R
zr)sq;?b^2~vEJ^3(Z&sEZNxuh9Aueahs1XRIuIf|!(92Dt2drPW?`airJK*MXOBV@
zzP^Y(l&MKWLFj~y(>;`gg!t6omEDJpxRl*u@sND9{_lr{g^!(Yq`j=T>@Kk8Qq$T%
zOH0RqqtgMFmc~Qj+wpwW%E2jWla)5N%ww}^bNc9*n6WkSTDPFzbBsX&;0=(SC#5^a
z;IOgzURB#{Z!^L#<l<brK$=wi%yfL*OtSxJKCMkTQ=rjrI(`&ZIs&T#c72(IrF6qM
zc8(pHk1;e)FqSy>Mo;)f3>oZ?);7Gq8Dhk69mgzGz%rJ^4hO9FoUCmw0cJ3}Pc}ZE
zY%GODTG2%;v_uTgaJ;{=+cC1brY|)+a(#E6U-0>2Zu5i{Cw$p>Fpzzp4T8wne9rtB
zk%>RNAfz>)R<@|mqdU*ske~SxzuqMxlamt}4MW6mkH!1%=uPpvjLiEH*e0;c&(0>H
zil-i$Dc=pln1QuU!dksW67lK@ZJIK(*^tG#kIR}hGX;G7{|Q8E&Db4!U=xu!h9*)w
zyl`Ju#iLt)wWuQGa$2`=@0dHg!Pa>7*L+>|53IE$lh4O5X3Nn#<-N$q?oi>q&zW}J
zux@wnLR68s5^s}5`n^%(zeV|Y^_-tGu?v7Vv9ekfCmMUoao(#{3;KP>N@ysnDc;Tm
z-X=^odorJFs_pkCR=QQH=}(q_6tj!>pB!f*e<t-NI@39Bt6s98AU2EMLiq7YiX|Fk
zGM~nI+-3lS1%BGYoPjNi-g~8r!X=I}D7{*S6-_}d{>zlTA`pqb676&27x75Tl->Z(
zpm)OrA~GA{aurtLQ%?JN#6bma=Z^z<)E}kho4GOdoafV8WithCegBC?W#yd`0dkQO
z;Y1Y)7cTZT!ShBg^=3FrzS=d($V|nnzb9_WtSkgpl6YGmYwwM=Q+Zj|)_z_f6~!S5
zQlGz1uHwmuW}2dkv=)2!o#Fqp?w)ScVjgjGW_AHE6;s6KMDy6Fc`WZ6T!l!0Pr*+O
zrXClzz0zH0&j1KC&ueS+Gw-@ex-a*q&cMGuIcdF5xg&Tv8+cu$HJ!_esN~iFNspaU
zHZh<=>{as<$GW+Q@!wHEUHyG@-A5kCTSbVtBH&~iV|^BHU3jUP7c^f*pjS&U{=x&g
zb7nrj(a4#&AqBgun*C`7r=DSIY~*q@#>D1D2Xb8bXDB0Bcb2Yx@ickgL4;4>9K>$T
zOhK?yD)gr}HM#O)QhYbui@>~HV;swse_a9_+CwW=z;NG=acHZBP>OfBp2Kv=VA3a_
z&e-|3=fTPb>V0M$Z256AwBdl(;_HZSvXv-F5noW8O^gbP%s`9~w}lxAn6uaJk5pg%
zK^IF}wVXAE1*vJ&l!jE_?PTZ`n?-cC(PxdUYOR>gxy?WZBZNayS6qXUAHcMaMlA)`
zdf8oy0CwyCx8V^(5T3|2UXB3dbJQJ?GjY(eFZNR{E$n@ks5jYq%%({6JWQ(N>VfAN
zl7Aug$_%bmeA@3~RFn_iOz^eoPOGF7i7OT99l~l$*LwSz<9l|A`O2jVbnKTRB>H6f
zz$juJ!_e$tB(3Ch`<KX<B+9PgMzoD4DU`nm`%2KUS!^Kj(l5<UwBLIOW9MswU1D|}
zs%Z&ES3zmV_2UZ8R`e*$gYD(pvkI3?tU^liDh&x1N!y;ReqR&XRuojU6R-^j^%XAZ
zS%pmHUuG4=E9hRG=!sbeXT-k`&LwT{>eQ^!viiMObsp1d)e4p^sZOv;Pp4OIi$BFL
zwA45MotLyt@vpNdVbxPWwif-pG3za9R@+Ob@czf6wht#1-}pia3|db}DG4-MEAQ9d
z|20LqGg7yeq#jZT%Wky&qh){+K05;{f4m}cLg1Xm^)LCr!}4DBQ_OUQJKlQoA#MIe
z*vlJ>caP@KG2Pzd>s9pe+2%K+Jdi?CNW&j#l60U{RVD)QCmrN-M`X3VAJOZHgF->s
zz_#dn5p(lT;&%jME<tLQpQ@k2AY=4dS?vh>T5O$fHWHKUH~u3U<}?>f^z-lBIo3+B
zm$Y%WMP5%#vzOG>iwNRi9beJ0f;q5UHz2f|>6Zkwn@N_R=~T({T_d@<;}~AztD5%M
zjf!uohPey^YIp!*n-O2nqDgajQ59;#JL0AikoHe7))7HFz6i!CIm6!LXKssJz?KwX
z;2&^77Wjhm>!7KlJkBOxe?P@`E5^A#@_wz!HDD+yM@d93dJY*~ZOIDkfIJjZy=eo)
zRGWytTu=~^i<_%KwC&+G69gsu)-VNDSIIfbtKImXC;}Dqkw>g^@_VVk%y>!WC^KK@
z(u2Dtmr{U+q)Z;wUkZ0PiIj&M!w-8LrjYhCt-!b-Lcba&I%Pe&2D)OmHg7FRhbeMk
zKX}8A3M`M8WQoETJ-5$|a?g%pGz=7@AN@GRJ+=L1>Ntn!Vvz=D-$>yb6M8A8Pf#cI
zzaBK(8cZO|!=X&bX!@H6=Zb1gl+%1Bt+e2)RFDTLlU>x8!U8s2WyR|7mR<*C@tvII
zoi1<Wp=(Rrl%dq&)J5>d#Ud|IxRpY16fCJIMj4EXRvnJq@8I%g9D6vF9D|@^`r}kW
z%8+dSNzU5~GV!gP5>~(~;qiGuO|h1NmOV;up92Vq$rEWjE3|D=3__NV{(U|n=d-U<
zCLq=TD8-{@+w!GQIzPHldR{VbtDY0lb^^@|2#US3oUpQ+uoAIVXq&zBz*=lam>>LS
zAQMsqxMpnq+xWF19Ay9)ms&UmwlezY_o;YF-ghP<v|x#HK(J*_BnCDSWhxP6V>nT-
z12$sugTmEsg6A4WwO@$Ii;|o@4jc3o(|+{h@u6)gezpeTR=IZOieW_k4h~36!Sp!8
z;Ge^ydP$8+dPz1YR(%eyggL}I2xC0sZmK!Mc%BPb2Go^e57bzTt#|_#IU1_USMbS2
zTJtjUB2J|;ZqBU^0x@avZ+C2>aw85l13Q$HuX9-FY6}YMHpoL)h%5;?v?8{uZQiC3
z`*H;PGIO32cWh<WL}k|6@V~tdpqF9ExJrbU_uoAtiqgCzpmw_R;4ho?N<gx9G&!>z
zCDoij)S<@k)yTP*cVN3x2z)Hth%bf7WjM;L)#2ZI9pVCiOFrrXA4!Tw5~bx?ca&Nu
zk%fsXm5Fk&b%3cPOjZSqvWj8cCppm<i*JDsL4@b5pq<L=ZQJssZz+`5CT-rTkT4xk
zy>9KFv%%bRZTCWBD^PNe!*ivpTHFj+09nCc=O3EBQeI29HON5v%8(OCm^_jhWgU_|
z>yC3cx9ahL3Z|HBpK@qbi6Y8Ucuwre_rLg_Y;Xz{oAJ3qLc4VXgrEN5`I(?n880VJ
z2Sm-SHe|2*ZPxz4c0sbU$DtB^Ji9d15F-iB0kXrkQfnV_3wh-VVa|gCq{U(Wmv=0R
z+Gj*KY_K=$gH7Gk=E>Gkk;xkSK28yp#Zzn6g)>PSvV*tg02ZW7!->)+Y4G)dx=;kX
zx-lf%dor5vP%=w@K!k!?F{Ku}B>Ia18+{|PZ&WBPw-~RJQK9Xkph&Sy*xwj{u?Z+}
z1dJ}Kuf@X7QXd|MUpI%i4<lQLFIyNK9h_Gte+enaytWPd8wcPULDak5|LGtmWZ+Pc
zXNAHiKmK5{lOvu6=0qmj8_XS^%pLYtdqi|f1}KjpGQ3y&#rS<r*zay`0ZfTsH->1d
z%}^B<N>+9SH$)=b5Ys}E4%ZS`{_OZna724$QLx)hxQP_Igz>9G#K#cDt#XF5z*cx#
z)+m^A<0gbTt!Z6r7~4i?Kka@W?Ku2*<dhSNy10gLeQuC5VE{g>S)Ed9HG$Q6e;1KF
zy23=cF-5<&f*U9Y50#}lT!!A370LF}V4W11<!YMOCgsWAJOz^=H7AG#oaPWZgFyh@
zu`3)+;3=o%<&t!`V@IJhL2rYB@3X+tcv_Yy$|~boL^-b&ND3sybi;{x^cgzVD9Xy?
zXh{3N4c4hZLIS?&b^-%w-r<<MoRY2Yz_D|{xH1c#az?cd#GNHcbo{#2IYHZXVKV@T
z(CK{J*6I5{ECz-(e1H^|^H9so42$X~)v3ek$enVMQ5UU%2Ax=X!(e9ee_?5;E_{~G
z7CWe4Qg#j~OTrYA2ghRGKP=XxE+PUS+$qnI{ui9h6QOnj3*aUEI$gwp-$~V3nf3yH
z0QT=WNZ#Wx#FGX9pCLByr<^ins&x3zO2<2AloOS4f8)KJ$eS)2WZ|vB+;K;tDeEP0
z1nQzYFuj`U2Mmn6Kn32SvxQP#`-lCF0yr6ATXKzuIbtgh55c2*O*j^#EoR4FPU9@7
zpQN}eQ5utfIL*5j^I9d0-vm-ofzn}~Gd`My)%g$2Hu!a^NOEHcb!^^u0s-!I{ED)}
zSi;#k&-7sSTF5R&(#{}lCA)j!iaE$wWxU(jb-aqr><x%-{(s@UnDW{$tU(E4Z3P_T
zR_h^x`xDVWe|nW47bnUY)$d|JHdr6b)v#0lMd>LfSsIcUu3`=BCmnDoMNvD~xv%dm
z=N}(Mbb<ncGLW9)LR%bf#_I;kbM4~2$Ky~J6%l%1_p9W9pj^gig?wpx@9`7F6IGyn
zEzq_XY?TFuQ2_A_@vc?FX0K2#CaN*PbReWXUt5DziitW7@9}m-_K%QVM?jWE&H#lf
zPkCMO0G2zwJvFKt4A~4FZXSeWd9^gk?d;;2$M|p+C%~#T%^p8o2L1zEr`pgG273#n
z{RiZAGLYB8u3g~@gN=bmv1G0e4Op8Wp@V!u=?GPeR+8RZEl=tM8;G{>rp_vdTUFV^
zIrZDDH~IdC)Jc>E7Fjbc$#3xQC9%=Er5z;)lzQdqNhI4<8OZ3Ye+Q#lJR;$O<OyEA
zIdHKWcfJoyzXbQ@8apd*wJ%cTr>Yd5*6+@-KteunF#Ev4`~{OBr8pKhCxbln3?66j
zi@{-N$2sCri;_UJdBi&>cxcDMR&K5N$b0gYa+*`Ul^#sV4?H2+PhpJi+ZjsZpF{TN
zRzJGnLFsiwSjMQMnFBE?hSePB#78Y^01cW@e~f{VnyJ#g8FYD1VkikRi-VZJt^B}d
z4A0&~X<QL_XrDqROD#rvrqwx{M}%7CxQYDp2Lm${vCLvIdT>DogqnoOp$P5{MgQEv
z2Cp83pv6vJoIZ-x$r$~?XE4n>6_Zy){m~dAZ1v~7=Q`5(9~5J2!*?0%SB3?dILJwQ
z!RX$8?seYsa4e>07qjE$Ogoyvrz*ZR#lM{oY)=|Ox$)|;5p7lZt1?1A_yho?71Z)6
z>uA+WuUJvqGcb+Ja-v$rc-g%g1Ifm)43dlKQO7wKx>PZeP6lahvY>WXjydd6i^0H>
zX42x0v`qUeQAmrN8nKA2Vea1yfY%C!r*+PND7JFO55{!<39QBVVz0;8a6AFf1xC{0
zU@o_vdK#tH_u>N7@y*dLbd2rgt-*=Kca-H~{Nt=qi;oCNouu=_VB^2O?sb3V;6nKG
zsh2*BptN_A`o@Ja_}3Im8EBcKWGYR|ppUy`gmS|}Afo#zJhWG0da|ew6XysULJSP&
zH`b2e{jyTBi|l*m{w)P~ts#iQ!0`caEKTOpiWCc~2Rsp>h}9#JjDqR^UuX_WC}t<h
zDKLcaBD<f$Bl}6>w^?!W{VA!F1OVkS!m&*b$D`<I-QzYKi$RISGY{e6UmF3`@5f11
zb6D{_d$Ark)D;PGBpLvnJmc)}nZ_`&GQQ!g#mA^cabQU!;hROY{n#rpWAgYMI+6W3
zsd6QVzcZ5md$q5OYTpo}*zcW2TB8i+B!q02b<8k8lqHCkfkY=CIz(r%5C^ynmTnne
z*%oWc!4Eps0QHVL@8gI-Y{j2#ZG=o_$;RdR+_ep-m4mYW`c8|s<+G-34XTX@)KQC4
z;+)Mh^CpI1to2mT{zavBO~)_Qb)%z<-Jc;BWA;Q?>#CfOygzJ$L<7%FFG&|pugZ$-
z8D9#-%P0`C2jHoT8WoQvR5m2A(vTe=6@wwujEO})S;!Qx(Gv9n>Y~yo9&-2h=ocPe
zpYB;+oB#5zyG(q=xTu|K?($E7F-A(5d*6PfRCf8pTlV+C3-ad{82G`YD&@&<lfQ@C
zN*v$sfk!h`UdBH^JFx700=*-!n#bbPAFYUs+-|{=_a+rxP3qs&%ihD7V~UB(lifR7
zoY+f~e&)aWEg5w0-$fHKu7B%AHFVr@@$cWHV?9t^R-X+saCBQnEAmTE4oUBhQlCs^
zfhOA#*|c_}8kz4%<hphzU1Jl#%IJyqTDqIdw>v9c(>d!W9bTQ>Hd76t4Ize52Zfgx
z_$B>7$3M3lRkcyDmJmiy|7suMp)0>u>iU734JIGq!SrY7HLbh3F#om8H7rFRo)(Zz
z1;))9@+X81{&f441QE(GJ4`Jiv0-^gLUMybdy<$Lsu5AEzCl-6b=g_w>YjY<fwp&v
z7JZf69i{&(CL|*9XFkfZwrBO^CU1M`zIihD%Na|H+T;ovqf2scTA^!trA}YxKbaa?
zp~<D}Fx&`Dk67*(LKRc`=az1HeG9i!R%olj%i=AY%8?Rl`-xa|Vv?QP!<we&&uvvL
zLB2VIgIYqBJA>$2gAF5%%QJ03pXBRAG)BwJ-g~7D3WFjz6CNMsZ#!Jv$jTZ8G0zO4
z%Qr)Joi1))ldpfG^|KCdDya#Q>JQ!N3d$y5$D$Q!ZM2oSCI~QXnQm;e9GEgghsoJs
z*=UT`dE775OmOBi#ML~j)ze<7^q?IXNf(u_*31V}1S&5K(Y0FebU*(SNOv-h2|D5!
zeHGgMt687)6|JZ;A=q>y-?2fkUNVIv>B%Y9vm%;(=svrMyk*|p4UZ7UNB`;=fnTRB
z^vVj2EGM$5>}J-v%+?YdP=~#uG4l3rK9#wCW4Ui1++0?hBv0tIs~X+(q>WB&RsPq#
zo_uzWYg>aMR2q%Zq7|+|m^%HlRfJ}VD~uVcFY=Gg%cN@wLX|<R-d8t0=$(<(lL#A3
zf&LlwOE2?~_7io)luyyWc5L)Pzq$w4e%(o+72R-HJ+VT4>7PLniOq@^Ap|O;EB`dL
zq2TW{y2&<QekYOME1AXp!WWI7o6pDsb@TiBn&;}wbg#<_%@G^AH{FmrR)_bkS+@PE
zv|(21{-P`RGl1~5UvVNLq4Q^IE;@aCVrp)5(7$Gvf0^M*H`0N_io&L2^OXtOaj&Cv
z-jKGY%X)FM%Nbw*lx#z|TSgEhKEFmJTDD|OJ7uYlO!aW#KwR8!OL4qc_~qNk{>S$V
zAEvAKf=iH%A+hOoGP-G00=P8WAIK|M;U*A5V<#NKBOl!Hg2edqMPw_6tz9n#CIoJ!
z$T@1dz}MUS!8!%GrZD4*){NEWd^duPWI7P)<}p&aQ7dEqE@j@IeB6_K-G}kF9PjKj
zv=!6WIpYrC^?|}K=tOan1T(ZANQSp3GLiv*8J0dJ?HfdXKE&UZ*3FYe0ut1`hiw!A
zp1VB_TU)Oih@RYyr`5TQ#WA>7{)Ty38kwaFq@8uYG+{P1E1S?MrZnayI1vlvZeHK&
zza?ryaYjLC0QtMR-**N5YEp2O4@=NP$KSek7PmB^-*2MaugWx~$GLCY)`@Vyt6mBv
z(OIb9R;ZA_Tiz{?4nUT>eCy!GYszl@^-XuX@5F5uf`)Hl!SP6nW5iRMc#1}@uQ2($
zvr;vW_Yd~}ho`R$YqJT~4pQ9RrC5>Tl;RXGUfkV^hT<*_!3va8Tm!}3olx8f?(XhZ
z?8|$;>zqH?YiDQYnQV6NXLqtQ^U%J-KHg!_upF7|dH(qeMr%eQ5vK+wX%bgP9ubYY
z{suw)dDyqGo45JEuuyCJzom+Q@p7~?c>o@Q5<3AAT-JtkH~~16wFO!&{p3gPZB^8I
zP1Hp$XgPiv)dX@Ap6e<}_d{25n^V~Uv}J_*6TqQbrUfIXMP#=p07>6sR90>iL+50S
zx>F}<>Au4cSMw|M1fb{@;enhT!6*K6m5X#giJkL!(3P`c+qzENwWGMhe}HE6P3$(J
z@74iva>_+B?<j>#a|feN_BR;t#LJgJeC%Mhv19yRXW!_mj^9{+rsT}sTDvsd@(3{9
zb8K94@>c6B34(fUlQ6XFev=qFMsWT-1rUhCv>Mb?{`w5Sh~-NvV;8e9#Ch9)^0w*h
za@%dH=jadTi!iI)NHzvuZ>s4IE&fNO9Fb~&7v+zV(98C4(*sPHga27wG@hBi&$D{j
zh1d;XEBYwhGKQ-HmCV#Y!s5ju(7c^rr#qstAJJWM-A@7u##x;_tlDEJW9^ZLU_jw;
z3w9yi{5?}mLF0V;Q8HaF6)F%9ZSM>$l?Rk>LT`RS%W3l=Gpw_k0Tw?fFx1jcvYFIw
zQV~EEQ~D^DgKKAQAza@=`f3Z9zyIqaTgy;eLswoy=T}9!iT-+{rb`z<${j>1k!>Q*
zYDy~hRU{iH0=-2mY~7)3)GFhpBI`G%fAwD~nmmE4twJb8Ye-4!Lm_j;=lvPBAy$_G
zXR~$ZPI4oyQ%%AVoV}&X_kI$=D7~UYr@9r+(8iq|vm|rij|Ri(%nnLDjzgT^Ia(6=
zr<$!Hgk`5WQ6Aw#Z^N*}7z<WYFFm~CJ(8=jq%G^@UfNEBJduJTTUwRWtDqWQ{h~R>
zH0xMpdS1Uc2oA<~t5W2<o`z?{RA(~>d9mUq8lqYX_Ye}UyjKXBiWJKIf@rG3XHLrW
z?iBU^{D8>!OpBRxoGR;kDFD*hE$f64+D=`rf-7ZL^a*|w<xD@rXmU<zIwPYzXcJ|5
z$rq`os+59@ma=C8jAo5TcxC$S<k~0vg7N*l+hqw5J*pGy{erd2Rw-RdZ#FmT=mGV-
zJ2J1>be0=&Iy}3IQnd@a>kbH#!-exUL~d%7KTzvqc~mj5e|>UNeq;Xh+Z>=BcQNjt
zPzhs@^(g?e4jnSz4vTd@h!wopr{qJIF*DXMk(ot;aS_qAb1eWRv<!2Y!sl((rs0*O
z{9m8ScpRbhrd$Ie=f>2wtH0Iw+rAp&9Ye?hw6zh%o+@IaAA_$(KHVAsC)l>bq{34#
z_=i(GzQ`|#=eW~K4s#ybCE(Us#FozuCQ)!gS;HmRXSn5DNELFF-V2DP;>zqI33#$T
zxHmKD4(9a>usIf+tBRi+iRUDrQ+;O!R)z~H$aO1PEfDy1Q}pf=BKmZHy9{~%kZb<7
z6gO0W&r+4nW&Xf_{ltHj`xy0fk1|>h`t^OBCXwA(fCEcSvx^gN`r~Xtr+(j+d*+Bu
zkpi}zR?Iz%Cru<z$Lo}%#QA=pIL$?p=$)Mn$(7DtAf36ydfRi7Fbz^PKb<}ztw4z3
z9a1`SRS0s@R~r(f`-8xB1{4l<T&xR3)z4;@gnBmsb$IMeX$8cDwh@k9>3P)PK-3hA
zAtbl<;KP|WRgvgM{s3<iKptb&{P2hcK#d9z%d<Xn*(pg)#vY=gvTlkRy!M7$A0Aen
zFZ#jv{!`BAr%rthnv@cxaK@@s^bCJI?|*ct6~8;BRz@tuk6iKQ2ZQB@5n`BZukstZ
z=7TGVx2~)`cuD6UFX_&EKYh^2hMHMl|1$hmHXC*E)%d&Q64ySEC?$}kyget+2LV<G
zfZ^1zRs+b4=nh8%m5|k~N2Ygq{tZyHtuDOjtbNlLBV;l)kKQ>=G1(j^+=B_#lNR=k
zXc-|CWQ`Ob+j{DjAPm;!2sKG4lo0$IC1bE+-f{eFXE~bbDnE+FI;k(Bp8)e98HTa+
z(SFnd5D@{4vn@VHmMM292QPAwQ{+BQxan&wDoGwH?FwCds&iHKe`H!mR!YMOJ!m!x
zLciZ-x}cuS+azLa*e>oBWVW+W5pp7@HQmxLdHd@@2Z0B>)(UJ;{M4W9Q1ZeZmSY-O
z)UD@7Q66Xmxrnl}Y)}xh_Ud^0K63RGwcnpwKWd6X(Z-QcnK&Uw$k_%r-a3A8*LEL9
zFb=`21oWG3ln*7a`$oP$@Gp<Vq0lQ`wleZo6qXDDSj##1)ZbfCX`{)ITwVk!NNLVk
zcj=HK4r49|ZDnF4xJGhl48V?ZX@w0tPT6Ztd6Uco>PU>z=K>&j9~lli?B9RUQ7K-!
zU<1O}be_eE$(aIb5rrgWF6B*$afS1q$RvUV`3E@%q1@BcN<?Fm9goM)>hT75$GRc5
zrq;H(aF`l++lLXbFcG8ryHZ4JmRf^4XLQ0qo!Z1}qf|1as5KgyNn7{uWkY*ixU}_;
z#mYsE0<*MBOvO^YYI941)k-giv}#=v)1mVd1>O@yrC$az1gzn;=^%OR5M0}2u|i&>
zpnx6RATKCtRG4v9uQ8iB!h0O?A+z#$E|}wsO95!R<R<Wm;vAv$ZeL_4vod_1)v17$
zB?^Z(vodu;40I*H=lc`bVIvoZH#S#hci=B(%Z9dP>;#C4xpf&C*A>$EU5%TX`$M1_
z+Y~jUGW}mPpOT;`@<-h2g=I=IUA2#<mU+V>|Mwwe%F{2q)SD!F78f^b?9m*zDU9_I
z7n4@j>PD)dF_ou`^X|(cHOeB@uJ}-0cPCNaZ-+mzk^MW|X8FuAM|=9kIq|}?v?#MQ
zDE3cO);qNgWr>c6{4JFETl?ng1LmE!7~@~~N#2zyb-~kIUtITXjU<+kuFZmUKPXX1
z46kk$=H0aB_L|b5bo_izq95=hh{N*Hx2@NNqf?^GaQO%gmcVo$A#P!k+G?_6vM{t&
zqD!)gL{-5;75sSujKqC`#(j!LTO@R8#`KV)KVlmY2Uv;&jFl1Y1kliSwsrtiKZNMU
z0+<lJwGg8NMmSKaZYd>i1Oa<Pa3o;Cdmo~yY_?4)*+WU?4TpjZI2OI%77WhEO3|T7
zIYho>0+yhQUZJQn23r&8?eo`?bw0WPg80@$FFSczfbxiishyniA+Ws7ZC|OZ`G8Rl
zl=FqW&bqu{Hyt0dUtHWpApljukT>!n{s@koA*mg3`PSiioq||o9=V~qv&J9TQdsHf
z7j12jPN@Y%QTRVHx7D0}EAwoOn*rHndr<%@%f@+f=6FsM#oVyG|B>Ad>ChtS&=B5$
zv+zvxdH4i`3|_xXKlbsgdn8S;JT>hke#O-{(P!kMy8gMD$aK~7K`~ct6@8ff$QJ*)
zi!jmKdRPzlTClyQblF9puD#|QT%bEE(IR*?^zsqq$$jK{=$}00@K$UfVMO56f0e?j
zKeaB1g{%B(Nl5p_x9`_q(hGD+oLl%uR}pCfqQ@Bo;v(HN+1%>D@~A6*MHwu!_bKN+
z82Tt)?%iPQd=}5-rImch3SqR6&MG10KQc+dWjO~1pW?Kddh?i(gct0_YR5fI7X)+{
z1Y=D-4bgOk2Iw0{AI$T$cCBOp>d+6t@?}opHm!bA7ldr+n<l-I+c6F5PyGnH1dnRk
ziarb}_1hlF5@JxT{)ny4s;%JYe0%of!vRs8D!yrk^yEW@&HNuXj(M>|0&TI2V=$Li
z{;h`I-mOj_AsfT?6~Y_`n^tM|x>lvCg;NJ-OIf9YhsiCQ*2?BBz1F1+fI$Y}seQ@=
z9Y{CjJvM!ko8wNMpb8*V1#l*n2z;KaK0~fbPh>N(PrUq4u>rGBmI$cT>K9}QuGC{q
zDtWHalFv(!d`{?O@Jc@1FKuXzcJw0kYi&ID?9V`6X0dJ^=NW%wlUT*Q_u98^#iaeP
z6fom>cf}I&z%uG-DzFsr#0b1*T!#u8!-wKqA>dk~F*>&3sL74sev5J4qIhw^ojP+B
zWf6*f@1?Hjlb$cv`V{b(e?)g{+qcv?-6%W3GUd_s^Z~f;BuSZBvDM!gayCEq+nw4t
zIyhD~_=BKv|MA;({f1h8<NkEn&iJ?M@izy;B<F`TgI_$`I#O-wp%jRPHH7)4hsWXQ
z?hX{^w)ntOG+^wOPeF_&j^r)U(O91A$x|1d&)gR`6|ZWa>4o7Y(_i$uZi4>;UeJOo
zQl3rpAZzIo_P3A3jjpwSHdu33S!>rSo8+ql<3!%bWFtO3+U^sqOEU63DK$o0@VZ-N
zBi5)Qz=t<x9CmTQy3U|;nBZReyHTI5XXosZ`pD~+<(!(#q(lF@(Vbd)6#=CK$qskY
zgChu4!BQlUTsWmaAoXN=6!ztaU;TtXM_?2NcdO^V<Udyk$D-DifqLnB{s`py{cO^M
zh3=;P{D8lDMyZN)q=q!cxAX70p?%Gz=$Xdm)=$s+`Nc>&SaBo}7kS~ISY!3V8Plma
zM|b2@XZ4f~G`Y!AANm?Vaeu|X9wa6W|9!Zzb6%T_-9@D3_xL2k`Tm=T|9Giu#{h%2
zfY($-R+n0$=BI#Ut9`oLy+ppwPx|i0;MhsN&KSPn1_o*Q=-SRaTZD2t>Hdt`PUQwS
z4(WbKtt9=DP%>oeR)2j~e?4A}*WG<@M(msH0?$8VG7ap(k)QSzC4>}Lfw*F*brPr_
zDX&Crp#A4!3uj}06`{I(kL|YB&#N3HIm0$kRNaqI8$q7O=Nh5at#JgNy^%nuW9;4N
zUNH6^;5B5}9X`i<ylXp8a+|D$#YIs4{c(WRT27n1)B<Bj+T%zs0>3p@6)f^A?*C~f
zSPO%*P*E~bjX1O&pvwJGSCapH*5k8=-9bfrbA6Xji}Qhj?HdkRrsEl?t3q5$C&|b#
z{YLz#l}&SlNXNSo8=KbgmYBrWAPHRmAQPj7k9!|n*o^_ZrreofSEn{*3gywkXR?9T
z4EuHGGd)Rl2f3}cc`C!QEir1tc;T|?XD#)zDn5T&uijRj<erl={ibFjcMWvKzkhnW
z-Ue)u`a?+{4Vp&Y|0QB4|Ior<y)wwr{pft+^2Mv%E5!aR>L`QYcj>Iyv9Z~CYjACm
z#R_YU0*`dieuW`azxkbCNSR0#iDa)c-;l{IXO+x!Ivc%t{cm42C}!K};V73b7lkmT
zJ0cAyH8Koe5PGpN@}oYkiI%kb7XJ=_??CG+AEoz*-3TY9^%HHiiy;0!yX6u#f6VY!
zO-$P59u%zBUPC%<bBK+2wmB$C4i-79CL4Y8!=AG%M5+-VXW0^JvN_tu)E&Z@48MWH
zvHmC-eurRtIC#mEhWU{$q%y6O{0vERjkFPA=ly^MoX5X^FTjizso*y%iVng{eCM3<
zy4M-fD`Dp>0hvxOeDg~g0GNIS0Q)k^@Tz_f$b~EbVJA~fZ*Zw{B>-}PbciJJ6H3m5
z!8<uiwl<hFRUG$#lsg1mJ<kBZc3>w`(iJVhRs!$FQ-~EYNz3N&$XQH&+VB=ZeTes;
zk%;*lj&K7#1SKLa|LQP;s*%k|Q}~88m8Cp*M=d&MFQbgn>?;ptj^mY9de6$E>o<;-
zuU}C(7EZG`%)UO-!>*<I%mzLCYj_uE5mRZ?5R@7og_7J~rPt4JNAVjMs9cSsL&kb-
zI%|4GHJON!E_yd(_jr6P(|j&km+MWP^*PP($^G&70q@3*@1#>9vxqNSqe-{H`2!?X
zG6D$u;qh_~e6(I<P+}d@@_+yWNT5bZyfpz|>mRatJ*??h^W6BRjKs%%!u1C=fCN+)
z@cePoPUUDkWH&pycQ=TaFj@k&FMyLI{nh7B>6`Ta3V;_B@U&_j3H`zU$M{t#XDm5*
z%{oc%123Hpl3Wn_53@+q>K@b4j7BK3b5#!|$Auu@#a3l7ZU^F1pk*X9y<XlQyQu@^
z>9nTD&?fgzuyf`WA#n8y@UL5$<DNwCp<M6vMJ+-9QDpth!Q%N5Do3Ga*<*s5)x<dq
zg*xqu-iZO%{Vv@5FdA=RuAV>SnjWO?kCqK)32jVKlLXw&fRv$YTgM8@-{#D2)|wHX
zT#?XzIBrYoJ8Wt$YBh2_)_1F{SEn1DB>R56pW#nRw&s}@zhOQfQIX7^U;1+Dn$9#E
z<7Dy+Z$wem^KsUxn^tkjjc`6dQ+Y{NG*8-jko8;C(wq_amKnHF5TZJagd@fY>%BwY
zKB;Kg<w2w#Mhb+YKe-d;go@^@;Rats#$+Cj^@*BI;dU<40!WeU_AY~uBmlZWfVMS}
z!eNZE_dYaf`~`uf4ahCuROR>MBp+!JP9EKaZ=cX)UeTug?sBz9^byvHx8+TZrY{c0
zJ6R-<7H^`3|GgqEzob4J-6e>wV{tKLy)jr$$}t{8vUx=r`4@Ay^kxCmV)(F;#|G;3
zj6MI9e(}|B*5$KU*n8`;wZ0$dA6gDF*MbwEe~&vKp$I{*eUHZ%Yay!8EAjMak@MrT
z;ArBCv40~+K|Y;C=-7dhIR}<c8uNdf#$%_>BoWwO{Akp#NbtNdfz^&_XEbz|B;5NX
z>((P@VzLfz$!!M6#9nw_9N}&@ox6s?fyK#rU4Ec{h$g^i#*5D6@8I-GvO~fLm&yoY
z^$}^aHgAqNCAQM>o!POdf8x+L{@*Zx%wpy<wy|xzCW_MZ?AoKo9zZ|wOZz8;``5qn
ztM?MY6G7)DzoAto{#&@~GZOHDC1V(WR09NE#<Q@U#~U6FED?6en@neSCcsHvhiYbH
z+5X#+78Mu(o=eVUgt3(khRUtA&Nwfu{>Oh`OWh^&XM)B{=EnB-1982dXhaw?XL)vM
ze!8puSXpYQUaF<0Z6&`8&W8u@ZD;R4HCD5{%lGU2>-X(=chFqtNs_!Z`3#{K-iqCZ
zd%v>RPUA|81|9bk+Y<ljnSJmaBJ2szFcafWW+_-FM%%h~io|kuRlRhLa6W+4?dO_e
z={15x_kuvHWV=0&ZJt7Jd7X3X&(VGf_;?S1DX~$u%D(o`zpsi}@!b97Z%MO$y!*5I
z7m`-Du|NT82<I5mix0s6t}`N;3dT8(RPi172KglDD%duHI}L4d{3`e?@|+3(@QDw%
zXiI?h+{Pp!r*%82t#{cr^i21p88va8u16@s&pB{KhV))rqeunyw7Gqs?vL=m^)k*!
zv<Dnsu|`~K&>eY2{Hs4541TRsJya(^960x>X@}0c_JVp^<sJ8c$wV-EeNuJQJRNNw
z{x5#`#VNL!Dj9~H(~bwpWal0E<y0Kxax?MsJh`S~{A=#4tzE`p*U}{i@t;pJ54jRG
zxzDNXCLjP8;-WwrE{C^N#&h%Qg10zqA{rKA%@b$-*=54~GY)Fe4JceL?9!5KPnK*)
zwrC8;)WdVWq_+EJKthpc3kaE*2$RI8+MoTNLv4s=<sE-<4E1!TSC?gZ+LAq2OvUlO
zA)az%E<Ha&_aOCRgk2tV@?@U3r~<1^>#*S=rCdV0({pxIQM=mF%^mmh4?0^{L2q3`
z=f<Li)9#34f_DKc0ey{M<wMURqlNeDqlH@@@o4Vo`5%l2%jnhJI;$tf$>h`?@Z=t=
zoQsJ^_(WGHd^JSE3)=;#$*lk2-pz1c6ISY?VgvQgFhG~o4<r7r5<ZFD`&ZlxZ_G!Q
zUsa0!eeqh|JMu^SDvnJ0*b7rZWr3t79PI|MZ2X27tfpNGrrLsXb@cnI3YXu=x>si+
z9d_hRyHrde#PJil&cz1ga0(Ml77gfH?(T{&+}xx?U<~q3hA9>#BdrL#m6rkWNm`q9
zx~${E@5+l3yEB_~0zL2pU0uuhi=>M5W$mmj)-G+YYE+HbuS)PVO7O0?J9g@S(bs(|
za`C~RJ{YO5$-^)=B!&=I1}56=C=+*yX#dgSMTs!?oEe@T`Ze~{^sF8R%v0Pk!0#n0
z-?qo0IvlIln2B3I>#v_&iG!`iIWRFAVf~g|nI1AUZqhNiVW7HZXqx8&>zw|>f4SW<
z_`0cPw>@58Gm?ECDlw;M)nq4A;%v`U9bJ-0`2sq60r^7NQw5rt3Rx>CUjb5y0BOMu
z(cxNS1<ors=H<!JMNVS(EvmBpf{XQ_36)>Ru~IA3qx_I`P6W_TKxp){#Xd7j@K54S
zkF7FAN$raC?GjL=Hv5QR=;`}LEg`IvA%SaGZ7El62*kBUuwPrl&QP}k0xcnUDH;-(
ze)scSoo-HjO;YMi5&}_hLCp%vaIo{G+enqHfUsUFD5F;vK}3w3!BL3lEJ)2@XB2`C
zY$A#wEG~(!An`E)B7+!M2gRpx9Ii^pj+At7L#}I_8+J^ITto#kzdKVK0rvY6IX!h1
z`=ST43G>v|0x+leSe&_uKv#u*qJsjFCO@(ZDi{;H-82T+K{2QP{SdS`(+sY_CZX2d
zcCz39Bv=6%oI&3zB{VuFm6nz-O}Mzug+QRCgn^}F0(Chk8w(Uh(qm{75!|$z(ycAU
z6#tr0Aay8nKL^SN-?xJ8rx~?MzuKXR4#zt);)JMqgYqG2t=ceH8JeuLKK^Ss_=iKo
z<h7N}KS4tOR<Awr%`E}+OnZWBSNxrT9^w&Ptlh|Cx}ly9&%s@T8FDU@oq@k>4ciWU
zYs%b~_qGlMzx3<FyM}cg{5e03Q?EB;Y)wi=WvF2KM32~&Gn-4RgpTiYkjz5EJ?vXb
z{|Hu3-sB+-rJMU3OK}~YEMVnXCbXdQt-A-?x71^cdH1iDes1bE__%{E-|KQzRrFSt
z1jjt=sJV0&ck9Av&H#i{Kk#EuXZkINxd=zieGSQmTSNET=ze=bgK6d_vd)M-k{RYd
z)69HXO7Rsf^BPDcds*uj%lV5SFNXy3@tZQ~`}_~77a8w%4H4)zo8R1^T^(L%j&t3h
zi5$j9?8%V7DwYOqq0@}lJ1f{N{2cK<9R!00z&%^d)6P3$!6jloqREp#xm)Q|FO1UM
zU#D7pBK8^t7#*$Q*{+n(6E4J$eDKFJ;Yktf2XGN6@J~N%x39M2LzEa+k62^SYANuI
z%BqOR^TP&nR=@VSnV5@aiA+YE^Rka^HZT4K9sWfo9k%IlQ$rzq8#+j(u`t;nRY*R*
zvOgF;9c$J#YZe+<UgOQlKH?^tOray5<=`?}nfmRgk@bxLP}hk&B|AL`i`jpO!y1}$
zvD^((!o7O9*^oyUkGp*E(6f~4?<3xwQzjp`)*(o1r|R3AyHG*1OpkaFP@;jADPpW(
zZe1N+GJ}3F`v(S;qeH6DvrQ#jr0(k?Q%p6Dar{@J$16=#(7n>n9|Uy!+?o@6-12-c
z9y~NOyLt-zf4bNy>dk14RLVBsC(poHp@K|Li@$SB&xyuoj`chC4cqUZD5ig?x2C3;
ze)rSih2Gl9?awNYRhqQ#+@L25K^yi*<2L4PK!s`A;!t1hAA4Q?)ZW|?<CUqSXiDi9
z5A||xp|cs|m4VMP{g5ajXzYIX-kjzrx{Ck{9BulZC}5%M_J8;021r2XB>sWVO>Z`&
zFvX$Z>x2X?Vz<EO+D2jMt<&fIm0$gC^pnBUY&xQM%1T{R?_-4Og~rzpEqmRXpUZ^m
zWwSBd>{BSldtVJjNmtdzB(;^H?%i~&dkgQ;*$sK2br^FhTRI@$@+Rlo`nQe_y&hA4
z1R#M&7#A5iet84qKlWah!X2y~9J+RArP$x*RW57PPv&yXDSmP28k{v^7c?NOXxueG
zx0611V5rmB-IGiVG-6*_#1pRDFo^suMzc_vtCMuSW3aFQuFAun8_NFx;&TG&{CZ5J
zJ(mq=)-h;c;&)MkY5s#xJ`AUj#XC3+T+f8{mAx+XCDG1W$FQr`DPJcF1+5(PkZwS}
z5J%hi-U)rdi5;#(uQw-bJcJ06sOf~xviPmsE)M_2ez;zPTixBL23nj*{M-x=J}0Ml
zN%prlkf-i)!4fna=UT3gwlQXD#2zh;<|f^w6NNgIGrcygxb#w@^MXeIMAH>8VF6Ey
zS@W2CvxpzMNZ!)iS$lozBBWyeonu9G1{&&2f~Db}AhvJn?&gt$<$|QVB1-Q*RY?tz
z7a>_i0j?ao$j>jt9u?^Lg$DUmq=%iLkJndnuc5UxE^F+-fPgvJ+zGmA11Uudv)`2g
zQ&<7cI>qIoB+z}G!hR(LR)aJLJI4W;Q-i=5NK|Ab{~;rixhHA`M8k(s5mjdz){9^y
zeda~iHW%WsKaK;c!I6><`99<@z@Fhyr27tH`|cAig_emlI|%&CQPwcb4O<0`=?5k;
zMViI1jh&tBJ9GV_Y4tI>33F?N0`Q0ME6aQPcN>YYApyoHRtiN7;JP^k@=LvIN4)}a
zNR5s_-3+d={zz;zGYt!ezcs*~j36(@|6YpV22V!E!vTS7S^2I)IG3;ITldo*0e3AF
z*=B7OY%vk_8Q85VC_~jqT0S2^UaZHhPy}DqgO^`xpq7JLVH59uS$nft42j+D9WWvn
z@{|6RU_4P_D!MdnB5sZDlwoyWrfD@YCs|GltL)msP}G)@hWeW8ug>>R->Oj9{_4z(
zf!H$9eMfSlAPm>Pf}%G_27DN0dT|bv_vcdAHJ8V`0{I7osaJF+T?`I<_49d*zQdUm
z|1_o!jd%}~$54!jT;-2}p3B0LMSFqPykK^#Fj^1YXJ0g2I%iL2|E1J^;7SXgu;<1^
zPYEaJno~3l9$J4x!Z@WCZ@{vt!5DqC^^&YYxn<8f5&4TTgEv-V4!gODE=~9Id}37|
zd)&s56_)NUJ-Br#^W4iTuqAc*JFF=D$N!M^Z?699K=*^2>qkGZwF|A;{4KcEDSAUZ
za-C;6jJvCuo2Gju5p|=YknFUOyDQEdu3yrIj%yA<_sp>@+Ho)LCo3)~8LrhMc0YVx
z-wP8cEE-rq`nMOukY||~T~>e(+{z8=2d=iG-}zmTIZL^8rL2w&miJjU8MmVgwfkV{
zGFvwNw70?1<p$vvoB9$49;?8H+2AAe8b?;qL(=V`emdxptjnVxpt7u8*>`^B8Yd27
z4nX6)jpixDIa9KmOCB$#y<uouj2ka*N5P|^QNPGC^72uu@asLeSb+Ge8q=!kQF5Na
zrQB_^vAWy8%hrqo6UKtBgl_CVZj=JW3lEXd7bW36z(}p(7ee*Vl2XGVoBu0B=mui$
zuR2PjF#qu<?&TB`x(oL2yX}@_T34R#`-~yx0=e&KzItA`JVtJYSa(m{;)S=gGW#M5
zBgK%!USI+$eik|7-gIQZwpcU8ZpObU?m(<LoVR7<S`Qg)QN?%LB|<=9@OUu`Dn1VO
zrkj2CUy$ebhYX5o)76Ah^RZ$N@RiUEdnho7`#=2Ho!-C)(c}O3r9SE5|J|E5kVex6
zp9|Id1;O<%5Gw2-FCHsCkVaDipOdLt&En}zMQx;L;9&9WPN-*Xd{<xx51+Y==1Iuv
zq{y?B@E9#Zdx7yam|ga19sBPf>0IG>;#5-b?LO8D2Zf^9_Z655j5~CVyCOZ*9JFjs
zZ1M5aot(ydKJb!whC{w4BR#){ovhV$qG5?nAjMcc0qJKl;=%fwkH5~P80Usw6uLST
z;Cdw?(TWe&U+OcGKik?d$=!M@zeX95-!slB-fe*T!`;e7#WJ{kn_!BHua`*TC!Z@4
zYrD}4!wIjaUuZ0v@*38U*AtA`C9qhQ$vEpasnjE1^>03hz9wj}H(FzP)h87vwlLhg
z9^ErSx)Tx|c08Hxw(W&s#&%3EpQT3NJ(sc>%ltH!)qV<EAUePSoTRsY(jA%J8*~vS
zP?1Q^fHox$EZ_b?XBD$<@Rdxqh@9z^WuS<mzM(jAO|Hmb@W<P-Sb{r3tL^n`yl(2)
zw{0}mt7>?k)PL{r=VR5mPcfE+I*%3cEYHAKb|`$c=`BsiNbm336G0fGn)&LRo&Uu$
zy3-DNXny?lQ{vYV^MDGPyKagLoRw7T^T%5iqB)qTAbsz9{%Ofuo9~Jk^^}7Gb=@lS
zySo&^XUrKMZrF(}=n_pkV$H%h(?B=unMh`>=v@kXjyRbuMT;hFhGsCc93iue8+LgN
zb6Erl1qQ8NAjp(#P{5rj?R?EHlt!rP7g=m1gP)lX_H$PhZ-_e920|%>I>Df#97Wn@
z)B;V#;t#lDkc_i7witpeC;`Uj0e#|0bl5lOCByNcy5~%Du(QE3_r;onDe-`wd5okt
zX5rctfM@01uvdQ2`%_B)H)*gvC}iy<q8#jQ-$`A*tAM=5zV#P{S99B{$w;j1i!|#>
zAQjc1v1%h}!h8ga;R;BPo|JzX1j3kQtzJjmO^nsRf358P2AjC}uD%lIC7Fy<IxUOJ
zN=~A8Vp-mZO39l(DQ6F>f)T7lZS)x{{O>D)qwL_{G|E57hNu?ke)`&}NbJ!Yh~2Mm
z(wX<-Er|UXl7Iq9>zb2mUCt5Js`Ba<^~q)K?LOYtJVy4}L6IA8^Bc*H<`C=;XK5&U
zMfgNxVS=$arZ+_0D#x5-Ht}UZ2d|kGSJ7aFXa<g`EuLjtSJ3818WsLH7Eyxnyhxu5
zkp2ZS+`huI-0R(S;7!x5^82)TUgLX_U!FIXE=!0ydq_WUiU2K+1->4MuF3&;Jj>t-
z&`sXML4iB}#=aeScO>siqRtv$Qa@0j53eL<gU4u&2Q+3WgO$A8?vK^T3UA2k$0O)F
zCv#2`MXPP`i`ba#!!w~`ux#3G2Z;@OB$A!3lXZ3QJmL9EfX`3JR*&LhnfNJ&{Q|D_
zq?YwUqlp_Vn$*!p%N_cF>|1cWcj7Sb)`J5(rBYLORIQ^N)|>|wr28XHci7#pIlaR)
z9;0tmv>HnN_$E~HurnQ!?wgYxAu#5Fwm2BG9t=$La6A-}q<21%$nD5=1#NAijn!a`
zBkv9Dvw#v0k1K?Q<Gq$wTtO237u6!}qV)cvXT8f8p!ZuoTrVH8)P=LwEdZ9sw`r35
zA41}czl6jsYoLx-dy9L{Dbtmub@rdmpo8X^&#TiJ^7^T8E$`YRLD7W03})kafm!eR
zE8Y>Rf4zC_xvD<mOU+T+wQL-<k}4gvINn|8JB>gV_mo#=#>yV)ckZBSeaPx_9<u5>
z9{hG(Fm!>huSVV~!c5qpx*NV8JqQ|SxiYEb3sbkmIJ?2uMC&f7;*%5eIIj3@DOjH+
z<k?O5FmEgpR^^C6+X_{sf9in`Ro}c5Un0zrjkdLUvZ2d&cit&;pntNh7_^{??t8VG
z_+usG)$-V8zRy|S;g}||f0wPaGTm^A?ofn3QT=1$I@WP<tnr7ssGWK2vNHg-yRJv<
zZg;Ue+eUctNO8p(cfZ!&S5V0mn#z0%TM~=bZ7Z4lTp?kF3TfE9nSHYIxytTYJ<b54
zVm`#YY)HXtCQuFE&WHpUfU;3aj!cpGrbk?f?3yF`h0NZUWIf|EaD;J6`h8+j@}j(T
zWp&5byykFW3ug0s<qb%ZVqR~OChPT}-6^DCgmENmP;7cR6?DSa9PaDPyn)s2<0K4N
zPGV?C5y*elTWe!Pq!tD|eMmUxlRlOJ)Md-siAS$Pt2)`Xd$e^1xLALF!w43uMH8{b
zw^KnlU*YH?twrNZl3g+d^oYwx_{KIqH%wnS`7Ig7;V7zXI*kX#R^169+CN;7I@J8?
zX>{6X8$n%L_&iI8@%!u;`2#Q*CGO_gg@9IuR$SiuOemDEIaxSj9$zIsjyJqoL#%)H
z=$c3(LcA9JpJSl+(in4H#%Qb^5^6~;Ly7HDC000AqDfe-!a#QwEZW0F0hd)(M?0f+
zQ9y_IsB?P(#9HfvN;1ZLY^`1GD2MtXRoad}+{-M&e`f&EfZF?zbv1-<56@=AoO(Xf
z_VJpv6bU!+NV2<)>@&N~E>lzKdz$XiCEoBVR~*5!S|QM;5VCGH_t^xIR34GD$q#<6
z0)neweGx3@nrN=9BW;XXPP1e_iG4nhHlO43v0uyU;Z!*j&h2(s5^Y~uLDNK`9XZK)
zm(~N5SwE9C^ft7ePvWbe-fSeWf&?`qTJzM<<cs&|!*6m=Pl&qS>mc|Fv+4VecrzA-
z1FeuKg(bI^XD<7%YQ6W3q?Vff-x>=i{}fKno>bZ;5YHM`J8;^=rx>>^%m(|veV-yf
zFQO*;V@6tmD__1hb%ZB2`{5-^zDX=j?N8h&izvUT=#SoL?P35Pi==_1H+Qz$pG*=w
z3a%=ezD?^A9fN>1SO2#joQ&RF+k{`2!a%c_y)tRDc~3HFe6ebOzF?xOal#wGTCQ@q
zxP%AGVIU#Q9T{IG@iu~G^;88nQi5+Jm(oCMdWaSM*-eftC@tE%vXvD7E$M#;d4c%c
zxL~;t{4A68TMsh6Kz#G@x8m_H?GeCeV%vouk?!+Xppfya$hv~Icj=3;425jUaa5<V
zE70+te${H>X38Yeqt=Ibif$F?QtOk<;-F{*N7m>eeOtMd&f3(e{0mKGUu|+Wi~o}-
zG?0z=F}Dcf@q7*M56xnMWEft0|M~DO*rw^`9^FXjZ!rj^*hr{x`<~1B&pVb6iR-FN
z`?bEh1S#YJAeL=@nqz?2(JZd=dO#gh;?GpY^HgG+#IaP#&8_`0rGV+H=7}w}h$$Ji
zJh8o5C@KFdDOv{?-u1nr5osRK@~a{}yXaE6U|<?4%{d|jmz`>%^_Sa^3j}-pdp7pA
z5#!dishtjupUiy7632jYcZWA>R~1ILh~^uZR^l(d&2io#nvMdEl_Kg_vQnMV$a}{1
zNF(+=LPH^1I-~ZDB;4`3d=IixUC~bw^`{K9f4pUcEXI0~D|?Z}iq))L`kAef1h>;|
z&Eq~w4xTo3en$3%`+>B=Z)R8^ilt+hnJVk`0#!H<Yknd%m%&bWI-;2g{2!|z3lF)m
zl_Z1}95yPO<g`_8(7X6r;n3|9?rJ8nY!S;RQ$YhSo$w^N9RA(4x<w5Bq_B#be=jte
zS8=vz{C4ax;TYI&>(grDlx#U~&X{KQxQ{uqE^j#h;E(;muX8m-sAK{?I@<Q>nB5a}
z{bWLRsdQ^8>s<Ur3J;fkK|8=!>Y>_S!vwl!8YvmJ_29=%sGZNlfx(}fRP|#mbLLAE
zNWBV_8A;<I`FK+nJIMq(DtqVOa`i1v73DH(12dlJW<y{$YF#4RU#={pOO;fa{>xMH
zzXSwZIocfz&8+9#ff@11fC(g@YVC!0xFEio^fwo*J2lzaZ?4n+=w#88(4MnyZ@uhF
znVm8^`%S7l;3x8TtVUgUBpWqH*!ZgrcOHL!`j+Ze)V57!v#{X^8(#d|owxAG&ZeVT
zO^}%|G|PKPfqYOS)a2OiSown|82f|gqzN*fRa?uN<F?7IQm5Z2g1vLc4UJjb!CL4U
z8P`?gwn(4SQ~5*e#bqGnmG&KAEC0E{zu#N`l_zV|`?CZH&a~IKCDLbjb0W{?K<Q3a
zT;_x)tf9ZOo)Et%-KTW*N?k0_`Y{#HtnHnI^`DDe|0|Tf=!+?N3a&n+(NWX6n6iSW
z7V|%G59|ac=ZO2I@A9VFz-cR~$6VrGRj$~Oj)`bfS!^?X6iz00BgLY%M<IrZ`?tpa
z!jP}RkeBsHxlQGy`$OKYC~IViyftVnF9k(=D9r86-|_v|(l4sBuWIFtGL?+?<oz2#
zHe*m70&(+5xjBDAYxmBK8PG*(WDszD>0MqlxQyQ2Q2OaR(%eYKGcWoHZ)8x&hDgGK
z|9i-Vfz(m!C%_DKahQA>wsX4^jpU8I{nxh}4U{=@4E4&ZOd-WF)L>2Row?6|l^-SD
zEq%Jt+YW|W52Ls_w7Dgx#?rtt6^ypUo{+DD$P%w1fJ8a%xS3#m2lUSl=z-SK2>)2w
z>_SmQn`2>K)Tt9rX1_mbG75TBam1Nq4+XT<c!09!@Zr|t?g@wLEOkq<IA__<EALn{
zM4%j@>`FuyG$v4vF3YF%yVW^d#4kL#iq$i+8590;Izpl`lB1ZxyOd}uf_O!N2;A;S
z^r0unMIu^&kwr=Gq?2V~G{*(WfmKPEFbRP41KwD5=IR^C1r(_Rl+cb}a}Os(f#Qlu
zroq0Gx~;-m`t&xNW)5K~I5-psr7Fkl8q3pJf_o*7W7>Xhc2<dX2W>)eE{yIA1L+BM
z@jsj51?5kFro{-@9>_^8%B^NdQ=(ToZI3qB#H-iD=b*;?d!5ek3|7OVjaex`6q?F^
z-I@w3oXf_b(wJ<O*MHz*J^1oP=fy$s9|zNO#V?a0pglADP3(5^jQAXnVgcnSkubOT
zb=r0gejhLY7o7x$WEwLTiTyb_17P)H%-k;_$sY9swkn9JgH?CQ6?)xQ9K4!Hm^UH(
z7(3xPiZJH%mTE-?W|E3DGRQ2NpaP2>N1$0%E~-vd-`k|h8S8huKl$|OF3IrQ>aEXW
zvduZ*=42E^n7;G=7IJBC%oO(4_B@(v&57B+HPzJrVoj>3Cd}0TD>MwRCM;M^UL$zZ
z24^H7DW^RV@yDuE#Ohn;YTU%e`4i%sz!sgqSb=`$dGA5Ejpynot0Y~tKa3ksjOeV3
zPC|;wk;}V{%&v8$x^$9Gq%hQl%ly4>1cz?}F{(V+&1>UFT{waKHKHfxHXilOoeSll
zDY*t(jo{(<9qL+O(n&JWdU!dAlEbj|S99kHegmq0M+PSHE*|2yl)e6-(d@1lPXl4x
zcb4Ho0W`4p;V}B}9P3e}+g-ed?TE+FiA!GvH&na3DG%L|?YlRI&J6r(a`2PYkH=6o
zX9ld5zB9~<B{{w3m^IQTH_DAYr>BnfCc6hmTeqtYv$IrtDuHhz<~^P?@{uDH80m(t
z(`_f9-zVTJPay-J7ayCj$3Xf#qDl^n=~vgaxJU-s4|i;QPUBPBUgKMv^U%yHClNR6
zbT`+!rB8PC-=i%LaHI}#IAecNgW|l3Ho3Ee@ZDXA8h~V$t^YVUBMO>9ea%vM|6`GT
zb1@C4{A~t>G#laZxuNrYYo`0KNAO_><CBroM(5&Q6W!_{Q^v?ns6t|UI)(8UJQf?*
zPs`&>%cDD?b~Op-=c+uDZh6CT*ABJ!3TpG8BbHd*-Pl{6=F2Xr=2ZTvcKynf!VBTq
zc{A}M#2GOqf?oK;(eV%JQjLoB!n_@{Isq8K^2vq9GR6~Mp~2E1Dxx|PbTAM^3K`-g
zXhC!S>oH+Y3R&T-i0&~)zJnJ7UoK}=l{85UZQYECPTsaPM<3)e&B-RNAg`?$kwRM0
zoxI$Pt<IROPIp@rXqY@ECZ~Hr3niQ{iz@e)f>6^e4s1Nb+s7U3OSGHIACEhPK1n{c
z<+k+|u{G|sKAvw@WO~?IQpp~<T0T=Vxoa*@POD_VRG^|#<D&onFE;kLD&e@JT^pK>
zCDDp>XFoLRJFOHg<P}5b;%~t54GM#X@Sh#>cJEYfZQ%CV+mQ_lUmskE8SWg+)(<WD
z4v76+8xFLMgQ@GWql&9+P}sL6<FzF_*yW27u*+*t<K+XfnNFA(Pj@I3*Oc_ybnS}F
zw0y7y)ZlXbxHfuBAds}`omy<A4T_fL<nw2EeSQ9NGbOW2VA_gyV<JFGn!drYvH*yU
zy(o{iCJ$@vNt%NZKp<7~iv0WmwC0E6#gLjLBkA;8{MoZDihp*r8_xko(wY`Kc+S@L
z1GY4CKZC^ovSdF@l{bMcuFy~YD<JP5KxOda@c|@p)eP3@8%m}%NTm?w)}2xB3Y1z7
ztbim=0;;X&V9}50#gEw7`4=24dqbGd;=R>L;EoK#PttQ**gn0_!+b1nCa>3LabT;3
z0gq!_bN#m`EXNCKuxJZv;-r=7EAO|2xeD7{ezb`#M245vXYFd~$$vOcSlWi?d-K?u
z8GExCS$|$xFgA|9dz=gG;(A0Ex6LiDF&)<=xsR!ye65-E=+XIBObhgtWz(f-Gs%`2
z_#JD&St{iHCn#YCSy&{J`xao{gMgT*`qo`s!TXvnq$5kF$W#)BiPk}@X0ht%fLbS#
zfOcZ~cKJP>-D(2**GhN{V0t?NW<nGHMD7#qP!iG9sxyJEqB%5!^g$3|I65jWVO>AV
ztHkV!NLz`;BW=GapM%TTX9PqDn?2rkOcVt%JwLhteVF@(32S^T5reF{0SNF(Qu<4C
zC>arPdlA0+moIsAh`A{F$Y^*6Op<g6h{*S1wRa=OnF+vW(eblK`K)8U+QpGF{n~<Z
z^Z93{?rc-IZ$28>+>{68-zz!DK-L!ocf1zFx*kCT%dPSJb~4MEU?7_f8m~I{LrLQg
zHTUL}PBuarqWTNlU;(#C@Jt5<Aa}P9%X1U440YX7Vj5qXA&U+D%~CFYxU@n^`atrr
zCVm4ZhY}Pot=Wfo=VD>k6d7Vdj%hUCbKZD=v8%U!l})bmG-Ae?bX^kXZiCESBbcUF
zP>8${s_Cr=BmevLQI7DtAfIS$YRGfdM2|>1`6`LTtRsJXW2*U*4N6dm^aG{J@(reR
zw<*~O)#u6>F_8pHp(Js8R8bY+;cuzYLIvtGc=NALaSGF3iu2zyl7VUgo-%afO2y5d
zQOnYX=a}73rrR`&@ch6}m(h0j@;fwX&0!%<@qTs>Ep<4bY;m1-h=kJIm%Cu*m`H7d
zti-p&pj6h`odLq!wj=@zRgd)4PljYDj`5sjh#$V(7j1QoEp%}k!urJw<++i?`Ys-|
zP!>Og(%WKoAHG)>r^hQ4{6f2B7Of!~uW8-XlVC^|i%Fp)vmxhNVix0HK<nrlWg8_`
z(ve7S#*SogLjL#XZHiqxKGyq2UXXL*@Z9LuHCy=lgKt#7ecps2dDhC1S%X?x$?M`q
zXnoTH;*A6=k+4d|&&tK2DvfG&AW9UiTlr7g)ghpIRfKYxeb{o;QO+>=zmKSfNm6+Q
zpPB6IVjzD%pw#k5>iQnf*f+bsHz|=cNgz1y=Jy(Aa<NocW;RqsAe^M}GC1vZ!Xj+o
zVH#6>uiB7vFB|3aIWnO=#(d!eii>})AG<97tgvyn52Aw-#!4n9<+~utZs$*HCF3^~
zc<+VgUx*adl5g~{biqeURsn2FU$A}N8{haG>Vhqy7;ztqFFTZFaZHfK{{F?#*st0=
z-}eOjH7Mawx_`RL0=hP}Wo~SGqPW>=?EFRVYfo31{tRnXFaN0LA4Pu4i*(en(9;d&
zsk@H}sb6t?dmso#zSxQ%Wj1+=G4FEe8mQmQ=^15SeTFORqAccqqN2W{8}K#YEY%{`
zS6^puVU27IjYDKnF|@%$>h~X_tF2^fhna^=`h71HKIVK3%xjnworaq-;lLnk{RcH$
zGak&4?KSe;KwC3vQbdtJ+xh!epebno)d20s(|7X$+K~@d@djY2Pd1%7|6G)l!N*Gy
zWF7a?6g3n+SaMk@-x_{_9c^g3e~W${AR_N(O12!3Q-O2AEr=7MDAOnJ|JtbO;+iWR
z9j~1KUh45l*coSLK&b8XI;c|Ss$^QEUbByxM$RuR?wAx!v@pr$G-NPC{l11XLxC|(
z3n>@UJ0s$A1Uts`dvc4megCVh)I18_<Sy4PMtm@3-SrL={f64j9U}TJzeZJuFz-kv
zMsz~g2j$PS@CWJGI(9Gaw$|?p-;cAXv7pC4zaNVP@wVL-QdvE|_Tt@<eoxI(_xV|`
z7I5%koS+NmGtb%R&n}cRtD@$FzZq~3@CgEs^t`Z9;sI&Rk$o)v><JNa-(#!E7N<$J
zFC2jI!sSO#@KQ_ui4|G9rh(uaBW#FytcPC!OLuOjvXi{?TudrO-`~DJqR(R-&D5!_
z3FgnL&D0C-q|$lD-$cH(aypu%v{UN`6!?jJ`^O2sHpW`*LS8!=*p_Km&eHP{sku^a
zrheGq1mAfTpA1aP1PB+$v{R?@C^^gTo><H`z{}OzbjXIYxyIta$v}K7Irt=LDZbQ`
zudUV4S>9xE6lmVK9IJ(u!FA_p_41!E7!4TpuIOaoQ_H&xr{j|W;o5Cat4kX2y%^TZ
z+y2E^qo(kUM6ubZ*&Z2Nk;@DH#0CaFYtLhjxydSZM;D!32ay`lUV#U@^Xb?5SPqq<
zChB7J#Wcf$L@r|@OQR@#VI}+19WkuETW;@AqclIeq(GZB$5*YLQ`;D!Pc6<EZzeKX
z`F$Ix++H%rf2MHtXV4j6TsRq9j)DEbHxF1@Bo!g`caH5~=Uo<Ek0b@4GeoGcamTDx
z<DHsoN76X(i|gt0@6C*@-DO)Y>9h8(%)pY8301QS#c5k&<ZyIWn;T_)bC+Xly?0f7
zrH6;J-$!HF8n?{23R1pc2)S@|dxkh_35Z9IEx!FsTZTWNq=8Zw6!urmU8gkR-<f4m
zgPNzto00gbvC}^eyepY?SK{FF0Ibz>#x>PNme1%5EXChg#Nt^+4qyRT-|vc5g_RkI
z8*4?rTGD6i|Iyj=_n_@&e<XX7ZI}@fJhPmyQ}Z0FeI!#oNyxl<z2)Oy;1Vf(d+gsV
zvUe|3<953?4)cN@W-xdhNG~mAUR}XyV~gY50TSP#1J%N|r-5MX$MUh%tZnzPHlaje
z+oTb3G5K<W0lt=1>(3Qq&BB8-LXC{iabu|&TH1R=mg{1)v1STR<K|=5IWr7o6(_b$
zZKkS}QCX9^5i$t!`S&V*va#fG#M~f~qOZ~inkCHB$u#Klh4<x}3hfwV8ps-@mGa!%
zQ6&#H$lcS3;A9M|>`z=X1aGs&k}d91Z{A=XVSsS|RkHc3w;Fz!OGoTQ^l*$4a<4c}
z>V1Q?M-;v5n<-rPz0`14tP{^)azxozo5$%~1|HLub$85TX*4y7l8^G-N-3ojm)oCz
z?u6bNG0Q@TJs^<rr^8;2{04e_U-c6%VVF)0u;}o;0U8i$c+L_3z{(K9o0^T_ttF`T
zJk=9$HQlAqF1U)SXV-pr9F(p9y8fl&xtO(6^Xkvoo8GTnKk6@qmcJw&)3q6pf1<`n
zJ@9+S$kO}w5yB?t<d4Uj{SB`|>u<zUf+q4Rp}6;vk$2q4YfwMt!A_m!<kQf}N6hmw
zuZPm9-C@~gCNbm3ZvDfQ=)#AoSSnL(*8YSfs`mlg5w07Vl>}S`Y!9RSq$buGJ|wC~
zQ6DcwJA|b_DV%ivJyn1(RSpqiI^lAIsLjqvg=QneUQo&Y(fni~A+iy`)XdZy_}Iy9
z%m4?!%{(M5S{h)co_fT~KP8uowRov+lLW&jD6QFiprrE!{4m<&4KI&q9R+~>pTH=n
zJ0wB(pTI1*@EG9}sN`}qzYU+Fad|mJ--#aFzq&Nsp9oAI-!JL-zxA6g?4wOHK)qiV
z0EaIb2)wAb9(E=l3d*m+!U3}k3%;U7_rDF^=ob21u30tJ%IaeNnL!0K&{_?M4FGNZ
zjoEn)wA^ym=)v34SY8!=eTr1B62VB}WG})!cx3Bu^t5VjF1?^q;2tTkB#%MWz7^C1
zz)8fLffu=^3efuzaA|Y7h9&)?)9-3=!Y3?^%O~oVGKl(R({X@0oP0J)=15t)4f`PI
zH)Qb(Gp)?$D*9}(p`RQC<$OAko|`$ASQq`%)euHXvCWUt>05{M>NNq5`;)F<!v2|R
z2odFFEg=@WD!0$1y%KM|cO_}(s$v02;fX=r8vBD-s=>hC@6eju;3LdwKPFlxL)3B&
zRo<RVD>SxP#2V6~J4GE9L)1#0EGxZ04IHW~)zZ13H)Violvqp_^06!;%PDfL%Ykin
z?ZTVd1;nc@tMS=4-_+Y)iMn4iEiO+&uc!W1k57rK`92FSSkhmM_Tsrk9l&pY%DLhO
zW2+SuU@{$47m{U>{+#{wY5uD<wiF2KjA`!45z-<7jM|9N{5EK|#|m!K#Cky-G2kt7
zP5b*=XT*y(^+Xjq_UqHFRI?SHPa5R$D~h+9^-b%n_?8-bKpbhV|4*telIFdXJXO9Q
zAK&k#T(rz;=4Ch~h82?6s2*9uj@;jb%OG*Eq@r;CvV5H@B=7k6K3)AUxkB{+<LD}*
z>S%f}?oiw*rMSCmad)`5ySqz)3lz8F?(XhzaWC%f?rtCN_h)A|XEw7ZXE!sGJW1R#
z7wNet96lNxMj{;2jsK;)v^qnDHje!5l=PbamTB1X8R;<MTXWCTC$GCD9MHj#ibA!Q
zYmN(pus0$w?3L%NN(wswb{1oD(x{Pi-pPt&pB-na;xHdev`e!(z=|Yhj?0Ikd$Md<
zTc3b_+_#i^M1_RX4?)M6+NGYsi^beP8=o=ex(*y_<LXxLXKMb_D|^4aMW~kLBW|gX
zwsocHv}wN?YYo|r&HScAwg_{<HKur2k>Mu0V6+ckPzUb!*nN@Zh9oe?bVV1$DFeYX
z8$E!p=G$6K^sbjY8x5FbG09S!jXq<QZVmJTrMa1OlPtmr2##HiXtr`V9DD^d)&D2!
zG(R@(p?^;q8GfRf#z%hg@`5ar%mvvAv)=}Ko}Cl~rS+3%V~`JVySR&sh-qDwK*6el
z$Z$x$BJzUK8OB^L(Y^Y68nZF&ldNof_Hu#?GJMSMf4uW&?u;YGzkh_hHq^M5${c)+
zfOzgp^ZPqOtR^q0J~CMCp{iLT#F%SrDg0zRg85c7SD|-^7e6U8K{I<#vejTl&o#yL
z$rqHWuNpjZ&zAVY<;r&Tlzu`~3$;y>SR?A8KIXFx`QTN5Q+ky8n^M*(ngFK5pqK1r
zx=hmd={fQi<+$B`RBJrUr4{o9PgVt4XvNuK3%%m`*U#q|X5WoT8=qt7-|Tf$uXQct
zNXSj0n$#)-f9!~Z?f!Pma9{ZV>P~xZ`A4d5M@jy>L?!4RCSJ<9WdcxSDEL|$z<aEg
zZ5DMKO{o{{hq1nZ7RBTem3yM#H>aK<`jf2BWm=Vc=3+($%t1=y|N7#~o9GeB5Ua)G
z*id<(3|te+>u2p*B5BQVb;o<EI!3OvnfnHfn7zM4h~moN3N<D%k?9y5xdjAV=z$!r
zAo}dCcYDc^))`s&JmUgDNlZSTaoe*INcZjZhD>dKU}qg=4a^cuzCT*c-n5bE&LOuh
z&_iIzk!-eLg|y)N>UV}zh`}}!nS69XTZ|4CH?TeP=ppgwFlo2osG6hyT2)cP!@*lM
zMre5BSGFQPOHj26kr1Wvwy4`qTtJzh*XO_q2f2rHB%P0#x;d|Cknr}so-<GWS4RBn
z3AmhPZ8gwT`@u<ddG&f%_e!%%6?FuFj^-@aB<(Yau)2%d^r=o2_ue`&6gfs1GhxPl
z<7G2Jx&D+r+fQk&&)n~r*SZdcYlG2>edGe?Q?Kl0Ag*8}Pk%{w+akW4mQcaTH5fyx
zs>*?7WFAYNytNHfNd^k)j)vCgnxK{#)hcQSwKl5(h84nbeiRlW4HP1|%gZ;R>!XG#
z=oon%#h)N}Czt?G-zEQ(J*EM))I6U4=+y&x2qz=_IWdChoDNMx_q1|IoeYv#GVakw
zArdPit8DAIP-PNJM(4PL?AuY@-`q>AkiWD@_q)l`=Tq%Pjrv!uDXR5{tIDtbU7)Kz
ztkU=UF<h%esdHl0!B{Pd2LF<|k298#=Fx(OY(`@)HHt=k<{vn;60eI42`ifqG$KoC
zx$l(K+$*1lb<!*P7Z(1<bu^93Ef+H%4X4o$oWAYSPm!k#=lY)S#0`Q+Z3})%hRN|3
z7he-*w~qdMqzPI+^uk)HMh$+b_J92v^41pf!1?E9{$q&7@-qnb0&J;$dZEKHLkB@)
z=GXBa5g<{%i-2FzCG>U?Zv!)Ild}n(Qq!IH#8Gr^yTy5`Q+?;>Df9$vtE=$&q@Z$T
zzk=vanFQB|PYS7lSW60vD6DPQw;X7hBIqsxgqp<Z2OYY|d~IBbE!M!1SGS#2BCa-<
zEjS%!v6d&dot{a;xm3~`WAER-xI}xMuz#YrQl>LWuN-`TSJq*y4m!SVB#ez5OStX4
zkVPj-5eA$NEIrlAu~Me)R+>cjz-JE7jmYbygKB>Slm44h7@x~K9SR0>f82q?^e1tL
zJWDtVIVR}|)+6+f=zqQjdu40uJtXO=?&KD@oIul1mh&i_R<HKm+a$dIoIraT1!Eql
z!T8Fa=D0aa7?2=Z>2F6lc{GN$m`v)BP_o7DW+X&2B=OD-Q9X}w3(L!FhAOck6x{<D
zF!9gKd;&Q{^Yn2;==(z$=r4suNI1HDA3)>M8h7q)z{vK<+D&GQ?h*WiuBkrjSJ~w*
ziac~e=-#M`En;+Bdq+=Jd9t?|woc#@j}Wy+_^d?ccK$9=+^QqL&AAk|y0N{~kTFL6
z=I*wWqQEWh2ii|B+FWHz=-ztrqffR^`!JxadQaU2Q7~+>O*CSR`S1RDiyGsU^Z%N8
zbHLG>^1m@AlzuHSyJvdQJ(GDU1o@RXYTDlqxSlvA3@RkoFm-P$PlQI8qhq2Sp&qcq
z1XsiMDY?Vtom%H=ma#vcsH4@2TXd|R$XD>;7qA^88F!pY4I_}BZ#|=z54p88Nc$G0
z8m!XRFE7IVHCzJ8tZLQ9MFdWc;fYD?$=5MQ=YCGspJ=9DMOZX$dV5jO{COmRs3<5l
z&y>cU{bqo?!zV_wtsm%R7N5GIPr)}sWbjB1jig0|0po(XA*(EO>~W!W^F$q{E=a0i
z7V@x%`&p$m*MetDZ*|u-9On}^CZUn7gm?j={#zr&Zd)uG!042M7gW9kgE)FTKK;($
z`1i&((l!75F@jK=!3hf5b(<@{)sNVC-J!i0m~R-im$nIT#HxYl-*92v##ILyCKao@
z&h`73hspWgcTP_d+K5EzXFl$E4UM8lyUVobNH1>yY^6&WJOAG3M*6DwTEh=9LV*7|
zUgzSwWQEc}g3wTkTuuNJq_L*AkBU06ql}1uLIa(dSU(!e2sWA)b+P5=;W|gfU+BO~
z#2J|NSHsL?0VIE|w?e0M#|I#5AhS{LTWE}KGddl$&iBMCM+X<K=?y8R5Nbly%YDK)
z14dmlFbWC%lbyVYiucK*|H%;kw;3A3^9|cwmRbAWfc0ff2(OQ3wJ8k0bqw1Lk|8Wf
zC+VfAHnEcFTlH>x{U_n7R8yCX)u=<Fr}4R>p8L_#e_b9cUa){2%+go<N;g%+JES>K
zz%nr@@EVs$B&q$qfwogh9&!?0w|kKjEKnJPd*KA8gLJ`|(?Bt$9sKgo{Sxw0&-(8X
zk-x(yGMrmPwOO^7V=#9*2TY94Js8{rXy@;bsWBefKK*0XVD@{e1R`^&fx_`z;=Vav
z3JFVX!X^L42*2qZz)36Yl)Qrn`9d~m+Wa1F^qMFlDO-fYjoUZZg`Y|t_T3zq!pmb6
zh5uJn3w|yTyPx8cx;rpdmR>=eH}&{}{n51qhDh?tGITTM#_1WJza3hZG*qUAQmQy+
ztVYl2zUcJC<V)+D@-4r%Hmg&*Et}EVrooEay+~yYocLwIsY`(#hvT>V4WT=I=;O}Q
zsfgNG!nu}!d+KgM$^MxhA%>u8Bj1GD7<Zp4JtA(L>7vu~o^)e}O$y2lrBHD{OvRI8
zQvNztGzUPHzM8Pe%CpdZyLePfz7sTk8Ll=Kyvy}nr||61QoCsxz-6Wr_rQ9J<@>{h
zuvv)i^?4U7`m)L)Ww)-ZCi@rnE|-}_8yY`-yU#nq5SEyGY!R&i^dGUuFqUYEF|P5v
z3L20o)PRHo-%Z?1__O1T$3s;P*6nV=wXCakaC5gnz~W}H(ZNvaAz);MP;HPoPu5}}
z1c$KF;w`RP-GsfO1WN`Vbeg%ffN;0JRBft@LCNl+0j;^%FNG}cJciFBJyO=yP+`5p
zCnFeN*QGXC+aKTfJQiKitrpL|DzTu3ygh)_T+!;wt@o)BQ|FijV^6pHR24}|RX{AU
z8j}d)Pkd<M@IW;m4k2!`jGu9DM2?)rDQ*81CDv!D)6)}U%59~y57$w~=5b9`*c;)C
z_^F#w*&Cz3?{QaF*t=}ZJ?U4$cK+cZ)8zj}J1LuMxWQ{nj@rlmQ)n4c?PQ|6&lIFr
zE*-?2Wc=ih2Qd|{DIEoTN!oNwG+tFh$sfVZaVg_q4YX4fc9{BPshKneyJSb%#fSAa
zLi+cNKa{Y@)xli73I|;**Q3ofkJZ?da)5x2rOFk%`_Er3^@LKR)BJ`#I&6`v%)fI$
z^pcIp&-zERPzBZmW3^*NE5+D4rCjzT-X4#yqEA%5<e%9(VFD5=#z5l>tHNp(bdyc#
z>YV?#qb{e`1sB?JUB1@Rfq0!-P0qKcgcDVWz7ttnN2h=1yI$HhB=nsLK-#Lg_Rz=&
z7Vly4_v=v0&2==xFLr@v+A?c(MN!j-Mng~k-5-X>v+wgr#FJb5g^-@UXRG1|`I<~v
z!(9%i+G*axIO{x#-dBE7X!u&6xPHAocc5^nL&tU4iFP&xmv6a4<U?|(1MS#_wkw6&
ziT3Kyk;O5Di>q+Yx9njjo6gDWG1vKKw`e6_>tg$DL8+S8h1OF-vBh&{4?>9;g~ab1
zvJEEX+LKD<IwwmZ%PR_~>K%r8>&-i(+<9Z%<8w3;p&hk^g8pSM3x%TP_7l{HDVhwg
z3pJW6mRK&;WHA13rDxg%W88jJ$-bxJ+(YwDD3>7!zO-gZ<@Rz}`xn}pmV^oiOmk1n
zL<Y_1l?!m=MC3G#rCBK#t{uJCPsk|7tLhj8gQw1MQ_kQ{fcz=kw+DOnZAN7);!P`>
zi4_68#=w`EL~T;)AKR?UKMCv|-aLY23VbGhY~qxfDfiF?yWGGGIR=<i5)jQx9t)Rw
zNr9gNRg=6-I<^G5Hf_)pd9-02G5`IYYmtq$ZG|iGOCa5%2*t}f-u+oTNR89#W&UfI
z-L?}NIm?AILLZ9HErC>Z%YEXe_nT{`rpLHbytqS0a}vo_4DZ0*Y}M&BCwErch+&2%
z++1otKEF8`taXN}^YbCnxIfy}4t?~Yons9FVgNxi*W|_y6Fwb8+T^r5nYd$(co0N{
zb4n(=Q&_YyWt}w4h9g&KFRx>mv%wm#eV7b)2mN77wTou*$j00^hsXm1WSD36R~`QF
zZ=ly79sqjBc@I~mcw~H9HG_EqOpC;yK(q@pljJ;JQWsMbK(#PaECnh)%1wQlI}|CB
zITWkIh@fiqUk(-G1Wc0)S%jsJ)|rSrXa?%au;mb0S6K<)<1o$q0vMa9j1+nU;36*g
zJXA!LGiLmYRc>q=8MKQgDea+*xW*9N#xG|dNas>9=xAXQllp?+I9Lnd;!CtONuAq+
z=uzBuxhUn2gs|3Gs;vG|HivVZceR&?XKou!A-(AjA?2B~n-0y+FT(D;5dtjsxn1xk
z3HBS7m1m@`+$1R&<DlT?V^TLC(#iOXf(ABTsqB-Hp8Q8n^Aa2+kECHMJyuK)ugXR%
zYr5e~E#!$CwZ4hI76iOP`9UA|!9O|NJR+1oseF(m`dmkinkDP_LLV|v2S*+V=Md!C
z;WWUFJW&`OK)B$>=fPGY6d{u5+<OinEBPz4ZpCTm;qQIdX$LPg6ZdSCgaDmR#u5jY
z|8^WY>F6Xtvc(=87eZyuML*FePPC4RV)Z>O+>z^Q#<`Xkv-n1qhIqJ$FjUNqpxvUR
zV|wkPVkBV&ksI2h>Olr@TA?$@92mpQUsrbc8kQOBGy3hS5T;V`o1eZU$S$?NxXfb-
z&2L{$WuUuIrv2m3$aC8$NS4Tcd95h_xV0?o*CgUv%ARJoho2cshS;Vc87HfOmI<&)
zs2L}FLS%ZmRL<!kJL4F+m<>mANBbMOh}`15h*PH^s2p{r$PRI0r&#>fWpF~(iAM!E
z>C!^*?br}dsK2%Bq@XD1z}4m59z)=qDMLdqkMqqE2geBKZLup*Bb6-?58siJW8RZO
zQKv1s@W!HIs20~KqRN`X6v=j>va1k(n$Gj^Po}2`&wAk2c(;)4oCq|#!Nw>_>YNsB
zH7n~nIpX|o6sYA(&iFU0N}NkC>I|_^jvwgFZ=z2Xb&u-hG2A7?vnrCZO_H)9fOQ#v
z62xwm_&1gUp_Mr-$%p(KiOn5q*R5nC;etfWoI+chP;4^l5qXMbX>&U@Q*8`KSzuog
z8P7XbQ1+IAU|bP3tZM_cc7CAdo`_>s5to7r(&cckpL|}{Y2i4tp0IoMU(ed2jD>0P
zTV6eoKX5#O)`<yw4^GDPR-@F@1o3-%0+qxy)dPAsW{g^zL{|C`q#w}C4~mubzUdK~
z9Tw<ZqaR=Luo&O>Lr}OZd#~n~GaRzJqsE1Vhm3<phL+l#bgyCiK`afIjZ~gvxJVbV
zVew9EF}F!8_uK>J+!bZYa;e(-G%6tid#FyYp*8xsI-$`UeB4KTpVCC`(u84>pkdoq
z%}Qt=;Y6;gGu&~1ZxgxF5@)<fm7rnJj$#pazq^xT%Yi}*9an`y<qoo2L=d1lt{4%e
zn_^l!Tx1MP*y1-n)Lou;bb8+r7^of`%2~w<t6D~*eE!<k^~j-jJ2OSgwkxrGz8nIM
z7IIjxQUFhg3s>k0$6&$A^(&IMTF6ppw=w6-7uwji(LD3}gERI@DTgV?muv}g^Q2sK
z<E=L_kY;LjPMFuZ#+AA8Cegzm2Ho%5-<|m?`73qGuWwPNV|gB)5s<tyF}pKSF5JQR
z*Q31*<D-nBU;Afoliw+n%mk6<alD6{zA4*mu*a$Kg>7T6ZAi5m<zF>QUhH6qs-kWm
zW2H5fAO`@lVSKr%9Y=uQ3fZfj&RMi&odYDKcIUF_B0g}E9gfbsK5UyEPGlfvku%++
z62{OE8KQF2#z+?#g#T*|KLPTUdKG^oIB0*!qig-g&|W7yoHv~iiRd2~S&ZMWMtpvo
zQiGh<sH4`XZ&1b&h6!oFL3a2Lh=m=kO6**3IqS8P7w~^w*=~){jX})4-~1V;c>c0c
zWLU~RXoh|~qQ_s5Kk?s#Z!sEFvZ7F4k`s0%pRuCYrlEef{i&^i=GL`lPN?@9-K#Li
z#CQFkvC5zA2ROFrV<I=8_;{1|iasq?$Jm|WbJZfL%yym{O5po*I*UB`*xak}&~eJ5
zIDOmPjbx(cnNoFgS4DUx6ls3*SU0+9Bka)`);`L~M&dII{BLd=|3d*#?$>`@jV+&u
zX!UB$cj?cl?WImDEKVEG8X1;mTMI@Pc}@7C$KSskex*bksL7Ob(_=1JoF6CB=2+9m
zZ1(S)6^a^1k2_0!LG~-NwHw)B<omBWp6PH0(Ha_jhjf`<Ue{*0@GXNw<8c6{)9wPW
zT?<3jc*}OLVpiW3L>G{OW&V*Dn{6j|L>{~Ptqs|!P8=nC&)^uoD2_Hx-(F7RN2~%$
z6@+F=9bM-N4r441*}NAcAgxYN3&YQrUQTm@DG*Qm>nlv69)ly5MNSCMD)co8&7uA9
zuVORx4?(*D0jaeqda)0AiYg}irHgD#{ok>>QSBXPI+LB&i_WZYx0O@wzI2<EkbJ?e
zlE6mDl_Y_(d1wUN0NeIMcczQNnYgE$hbjT+io+zE=%WI8`~ANT!^~eaQ+>_16N$&=
z?bs$@`)WLWJ;cKgzVIM#jV%emHq(oRq<@8#e>K5hNd!jYo|l_|hPJ`udiG_P<iqEX
z_t^J6qsc!a{Qefl>08UBFj{C7$KAr7{Ml4`ARqo0b;EWO(gb9;9TA9HD<ayScFWrp
z9~q1Nw3P7ZBw8+xdu$+mBk|+w#yt9$b>-n*r$9;zGnxF#c5|1#XSt`ailN?2>51Pe
zghS3a+J*G|uJFaM>H$b}4*%ti<cV6Vfh5TZD#27Z78=s|{!}_+X;OVg130G}+acF@
z__mSrtLikCBtaLu=5g=Sk%)z?G5j=^L&`ITNsYI7n$X5G{&`mX9`_flusrNBCN&qv
zA4hJnplq@`ulOx^SJ&G{0-`Zwd$WN|(O(svW@#9Gz3ODC%^aguQ@rSQ0#Z!3Gj`6q
zoD^#MIM~CN6sZa}@xz(C=pY{S4vE<{@fn2ro5(Dmey5ttcq;1zx<ddFyfyEr6NPol
zl?H&D(S<An>u)C{%>WniT_j30t)zdps5#~_Y#;n5PL-K@noCpq-IfE0bsNh5m^D#S
zVXoj7>X<mb<aH|kj&~ba7=C9WhtIED@EC&O20w#LBTb(X`U~<dTulMR&0O{hI5Fc{
zvKgjWpWyPn$n~czsvz*zp#a0spE9t!r#9oypGjbJW+BG4lsV`%v(Q!zX?S4N@h5^`
zQWJX)VsAAfc-9DH#)jkjq4cC^()a<Z<KjU$;JMJa#^m={B3$ZL3wo_u-=VyVE9qs#
zn?Lbi9d027FtOluqFv2q%@bV<98jMw+`&VcxQlhY>}qWe7s`Vz`ufUQ7Qy56^R{DE
zYpuI$Fm#Sp;GCqb&m5qnY!O+C?Et5gm|7Q3N_RNgI;m)+yc)Yp=}rGcIAtk#Yoe^>
z0Q0Mo8lU7PU_diSL3q^`>8z@-C!7J;+&+9Q-s=c8fOu)~d$US^ZFeGo0oWNhbn>fe
zy4R@IE;efceohb;IJY^vMX8~RbJF%JB9`*z+c&rd)kZ^r@OqW9no1iwdK--(phuJD
zMGF90t5Ozgb|ZgVQ!6X^Da~*b9WK9=_r8`HL^$tbEJHp|r@TMe!>LW<Rr#W7SGxN9
z@%tHqcDGkneks5{$gax!{Ncnhrh22d>}EdsyZ$$nk`1-FB3ykX-N<rRnA7zDC=@pf
zAtGzpLOY;#9?U?>31eMFZG#A>aJ!uo9noA=?224;;aEG`#tFrcve?|SQ%qrcFq9Ep
z<Iq1Ct+fg$Z=_BtuzuW=uTw!pEyfiP#jUJsp-I}<43PTX!vO#TSK4F_%6w7RGk!Mk
z)seYEibURMm-C8xUWemtm#VJ)<t`j`0p$;F_Eku;9mC8$*-E8K%pHzLZ#Q|hz;typ
zv!=QI3cvHFX1d9C^6l+NCh_2q<i$c=@h7Y`Dgoa$fcksPkF_&~fm6a?a1lTLzw}lA
zgv*wYycWJAp$yF-)f=r==3|W)iWBa@Mz?vYj#f$ME{*rtWoxt{(aT@jdRZ;>p#KR!
zL0afRN(vA86aHgax}%#E{`HHn+u*TVhFYx}_9*!cB*G8$I7T0DUoY*9EKT&e@Dy>O
zBPP+4w3+Q)E&M#8d;{<T_fgr8Q#cD|>H^l6&-VkB<>Y*!kEsf4AKzPa<w+8}QPI7J
z_XBafQ7P_X$Dl9oesrvhFyPpn{CX-4)q-XUp;_UUBCOD^(4W{O>r~-~qx5PiF8HMc
z?4b(m{@wV;mssrRdm#WE#MWr^i=Ly&?&;F$he9~1=#bRulL(=qZ3f}+?hd@}&esAu
zR2T2P3-3Q5L;LIik*gVK!!*#7-@T@O^S)^kG$He&BmM`>&2X-K^7@@Nx%IMni5?c$
zN4i&R69~!wpW>pBz!CWn-@<FB^piMVRe+DtpkM_Y8&Mgh`3NE1&xOnRP1Ae-ETJd5
zUfuV03^-m4APeQ#i9bV}!&i;D#-uc@+#GDIQ$S8hrf0arNhw0qa)e?&PH(rO(rXFM
z_O;&R3rLYau*jiiSVQpkTWgntKCy6ufR(Rdff)e<*sjq#&nHP|T#5j2SOCg-q<>Ym
zlhS&REg%E+G_@$!{GLP>XBZEIw%TchphKjQfHpS4h(G%+7n@SNZR!?xJsXz8LfsRB
zhnwRm{P)Fs2X3y)SBarpAv<CaOfQ@A4h~8%Yf!9Dgv<OEHA)itX)B|`b*4^0HIsV4
z3z%8SZ$AMJ50xx7b#Z-&7ir`9M#fxQ{lIRp`pEf3UwG?R>Gf}O5_m*`(Y0D}l&+hz
zF$ND9gJl6wuRo`13kg_gmS<Gu=mCE?zqo9nP;d0T!+pC;*onH3z@1Zw6qW8EeTRd6
zk-AoH^e9#PgVQAv{%GM3B7G0`ASKthK^aOio2oLAp+uQ27w+U*il~(n+*BG#qRFv(
zIpt_-P*hRTUrAz!>a2dru50I;&yHQwUzw45hi809ZgLUx2l2ia(yy;&*OYeG6%M4i
zWyQL9R&36OZ=`+zRo>UvtKDdF#miDM9^=<96IF#x$}Yx9`dqgLHVDr;HM(Ok8`~h^
zdm-27R#3=*$e4W&_EP8P0l+TEMpHW;oe^w?5?@s9$1VLCmQ8LTDxav<L8=H`LWtzp
zcnCTJGRYGn;TQ`eu5=2os@4H07w9WudP@uQ{e8b_oai%t;&Y1$^xg+FMIpG*IPmjV
zs~f-WYc$RJNUopN?_GHKeo;3uX2#Xzxqi-+Hs!2&ICA^Z%LB_Tcg2X3M0C1nRBRLY
zWC+aaTa#n*!!<l(nuhv}mx~pQtT9PxDn<@Dt;GCgD^{UDDsQQ<D}m}2t@yyERxgM1
zyWHp<`{FN!BM1((ga*ZGGHQEfnI=AoHcUL^)kL*7C4nk{_v;EquC&39SI6E2v0}dV
zyK{0s4{M-<aLt{3WyhiU^1PZn`+ItjFFFBXv&^zuoYC_9t2jD-3|R_g@zc`0&QR6C
zF%1IFUxBE5+2z8slNw9A+)6cJdY81{0=U|jF}fFOpj=Y;Ac-<H;bP^_^9uAy0x1vE
zf(_rHdargl#SXO9nrl1Gfhh@e0ToOvCXz)l$45!fWSrOIy2pa~hcjU6Mc2K2-F@tX
z!(aU|xtM#2ls_ouEa~BKP!cpBH}m0!E9T*Y*{lCs^TB<B3Us1W2T8-SCa1W%xwc*h
zX~edDKxOE!EnSn@PW0Mt<469w`k`scy%X$l?zP})6w@w$K_F+rqO}kPQ57;*oXHc0
zFZYMA(wbXu(J3kC=`!oy9FX(0W&xrSWBwvFMeOWM1B0;#tn!jn*auWM>$>OaKSKDC
zWal0i^WpX3>GGoyM?`Z`jm4*6V)j^TUYk<5xY87vw4TKC%0!w|N?r*A_$Aylid5H2
zes12z5+xlkIRi<jsL4(z&e;MvqcWs6x#)EjiBUMJ&99Q5>q@5z(d3KK-b7ViBhFUx
z!p<$j?N%Js*v|8O8aWg>b<O-!F4>NA7HOiMo=NY$(ou~~bsR?ZsKsv&;pMWE@j1^t
zg}V>Gl;ikJ3*;2W10N&1eB3reV6;Zexf+E(()I_l@NTqp&4oA7wU&G(nO<vA5^4Wf
z7$Sq(4tX@m9U<v}Hdjb2x45jtUyrO>C=PYGs78-{wLi@wVaY5>v1|)z_+z*CLk~P3
z$}0`hI|HYyaNEAzOKmM%Vy^`r2}9@<(TO{@xH1~7>XBK#g&r}{q<mcR=M|^U?<l_{
zIvRYHJ1lqMR0cJ9Ptoa&vsJt)ivcIqed47bY2^Ld#EW;AzKL(-(5iC&>x25EvvYIF
z56KS$>x+ingeZV$(hgqv7a8p#G(SAb_rlv<IP)PX|I$eh;q&WJeVVz3-B-sNNJl?s
ztWJ(y_{yR7(8alHpup~br>&oEE_~Zj*Ipj?(F+k=fm((cn<wutsY=@r(9sJCD&P)u
zRTlve#}Gu>l3ZL$ZC?d5(c8MIbaT!b(Vg@$6K4HppuJAWh2LampkFR!fRB30C@&WK
z5T%UGh;yw%O(mOTf#&fJ0cp{0IyvSDG_690`HhHd`8lH_W=|H$kZexjyI_@-_}}Z-
z8EGayU>{-g?|n)IVR<nRAGg4l1->c#Y)IL&%Px=t0;NFN=Zvd|#Zo{V3QPZma%)Pe
z#2}*RTkj9BpzNFj#pg>^kc3JwMj}n=8gtautE%#M;esS;9Yt=m!^dOr<C2tFcpIMH
zwW}RlpZpDcZn+=X;kOw|!$idxEAV@2j2mWEsoYvq?9ex<Tnc?bqnu%$BkonL{iVF%
zx|le8S2<bMMbg<v1INJYK+A|^JHf@Zf_wZahnjlFEa<e$lVl&?JYjm%lHXmlT^n&h
z7q$1R$H401vD(IerQ_xqwT%uu+gmRDTFF-7mVrjEPaz6~PAY8Xs1_jw8fDZ)?NkCx
zLH~S09>PY&U!O#McTOJ#RC_6{?lQ6x5Q;E%f~pDQIXDbqNZdjiY7xy)&8ASDXUq$t
zDwBQ*g`CCxXL@q6Ihz!zlb|q1MTgc~KR`d*BN-Z8@GK0B!m1=FJBC62dg5v8doYr0
z!$kuU2#A#13u!`2Jo1BZ_(w`P<>toic|LUrVmRY~Hw9*yx*gNJyO?1FgWQ)MBOunf
zwAbV(GDlyT_&d*POJVpX``^M?R_sEty(X*4ugx|~ucoRXm0OWDSr4~eFM5CW*C4Aq
z^CZltaRya2=lB5OdU6OB>2<Y|rOzA<W-6X0|2Og;vV-bDrzX(dEUryPxr#bT@UT8Z
zpOE<GVbke*qd&IcB^`SV!W?H8Q*4lK*yGzvbJ=VatB<$5GcpllPW8Z|jYrE&OX+V(
zf3@$NQ6K4YKufFRz?J(aZ*c@G%XGP?h`%cd9O+H0r9Y4nXKc_dHj8S1pRKYv{f?L;
zbA}orxX#oQq#KJ`2Bzn&&7a7FiCcxA$iys1VVuAa8XA0Zg16Xn<c`=tG-iPHPf>`5
z6K7I@5tv~tgc0*og2}PMN3p;k^fw?}Uw1lhBU_#zTNW+sG<a+WacRs#b<0Z>I8Ka{
znV6t=^ijN6IYA!2r1ofKpz3&tTHPGTf)rAf6Urw@{+c7meJ5l0oFN1~aVsYf97X7S
zDTRb?-k<EAr-UFzXCMV<q5*F-S6ara6S;nMXHgPu|Cl^nmYZrgfG<>$O(GoU1tE8t
z7KB25z2P5xHA#DdnvPxVi?wslO*2628SJo)MWR;#CBu8tl6TBX6P8?9I`9oU+DG_m
zeW<|0eVlwQop#{$QAhYqXPXZ>Y3H3exyH4M$E)DW>nGfCD&5h3fOe5#PQ)K?z#hZh
zn9NrnPo%*vE(rFeoD%=J?A1!^N`tG->Nh)z1r44A_tXklb<%Hl(GL|^&v<?(@yT)#
z3!NlI%A(Yre!hisK9mBuOz;U$^7-N_&&m^ldi`Xs%H4HlR#{_etg}|<Te)K#Y_n3Z
zk>lh?Z=Qikw~e&;-0Io8*mF1NZ(o&Ix55W4+;B&G-N@&N+=Scm%5hND8Dgs}f`WlP
z!82I8jj=U0xhbFD6044kBjD(<r2u#PVnC?~lL(ssb|h|M{=5v@F0Vg9O=2J{BDMub
zv507ZlNe?6e3eBMhFV+Fv9WH|QA;ur;BKUBJ9NUeHLunAvlk1QxO`DdH26Jk>v11`
zSpWwcZIaQcS)p?P$P*!EPDrzAK42uAKCprnHP;wqNO(2{)qR7Js58x(go@3GHqS4s
zZ23kET9j#^P0KY!z*2o6dursSM%D{zhIiedNJ()a0JzkO%VQ0DWAHIj?e#aq^Fuow
z%X~?dGjbl03c}Mr(7aMO>yd**<;P;GPx^e@xx5;}ULbIbfHKjXMwu?#^mY}PO@~LZ
zzQIaAYo$j=MI?E}=OG<covY$Aw8*o2H<7eWSm9;VNnN}qAK=cNyW(_=No62><S<0-
zVZpuKyT8I}TSZ-j5KfOy@Szl7wBsb)k+-CyBI~S_QIo;s*ZLr<9eH~#Ym9!X&!^VQ
z8bw@;LkTsT8`g^`FO$&j!@XU(KeP8;M}Da_V~eqeE+PF6h2(*V{gt@b{BxHkeQmnf
z6jt{dWjoWoV!0bC-EW1tb^n&evnYs7mv5{$gc63Bo1TC6{1TO;lN9qsb9pp(83<bk
zZ|3uI&Ob{h$E>R8!!fOL8fmqE&-faBxZlQB3gKmL<S>b+$$wi1pSoP<)ntz0H;T=1
zr>V)GsgAl*sc6laX6cDF&-xizk+rCfdQe@nV7EuqiDjN~BIR8<^9QrQ9^nw~+Km$C
z>Syz4h4wFvdf~E22#(m-ihLGt0O~`<zbwm=B3z!0A=dQ-+?h5>FAGip>L`F}icM#e
ziVoX|Q1%XqLD|*IDan2cuQ)euu=hj0qP3}HhN<jJH?0q{PRz{-LpSz?J*x7S^Qpw`
zcoe0!3H{XdF2atzk*(y>$dh8Y-kyl2aI<n(U-*^a4j;8i9`?5~uFluq3y0k8yPNvA
zlsp9Wn8lbUxLkXRg{K>vLK;P(@9(CnRS-(=8<sDB_cTxzczT`hD#|_tur8p#9IE{^
z$dz3#bno`@R67}byyir9+Wc}@(!Px@M0WMudvfIt(UalI3042*lB*C|b8q*Y>mW!s
z$zA*b)JlVN&G3fPQdwW=o|G}^Zq~P{J;btK2&Q_y`e8G;D2E~sH^?JBk_|%WS|%*8
zSoF2E0@f&)bB;a3-lp4ukI*;qt0ae$?woA5mv~o^!U8u8+p$95-Ff#|qI9TYLm%$6
zt70!bWBy(72c{}P*YS5x%-pWh5qEZA>R(ph&V)yL#4x?_$4j1KQ<2>l#v!1edPa~d
zFL(n1(DB8s9ncR~s5zRouh($^Fol$Hx$g)riLH3ZbM*?_zB-|o6r-ym^PymU5%=#Z
z3Z=52Qx-qgDSE$$O04Jcu|sR9(CIeGW+w};<wo(RlMT+~_B0tCmI7Qe*zOfD0O9ii
zm#ZBX=xqPuiUy&z(}uQmi%`~(VfiFNxtL<4Qj)Gr#*8rlArPGms(iX!+8gVSd&tfX
z61**%eMD=}Zgp5}E5WUz7k;9I>~YS&*hM?X#eNTOFw}qIBk9C0JDc!2CQ)%lBzTy?
znU5sprx`J52)fqxE~|hZZ!q~z*-R%QE{ZZBJz@mD`nuJT<hWi+Q=5FQ;#`euk2`{M
zPD^mbbP0^=G%_8u-j@4kY=8&O#ClfUWp7&ZYB$qlwaJaW(JFmq>emw5cD2H@HjI5e
zS=BHV)>P8Wv{c2LZ|n)Yqth_}nFc@E@8?HDEAgvG>Pb3$TI{%7#lM@Dgp}bIWXQqH
zNBo?(kS+0F957&}Mh`OvztJR?JY$!ML2S%VwPG3+>L4Ghp9oy=OLV#PX~v&Rc{43g
z%VjI;rnwqt&dAbMDz9=%4N<u=RV@AcR84A?*Ss0xHl<c9p<FkmCOo8(@x}}5xr}e8
zt1ba}pA?P0Nzm*~xsF=lfif9+$j|+xv}@<2<el_0b==!^ZVA0dT>blIbx<-9VIZ9u
zEfuC_ozhftzCeoqxRO$B1t(0+B8s^QKOLZ`<=x|Bct;9Z3DZ4q;}JAt%yOOX*s=HI
zDi^NmXt9IM3&&5GaXs$pNKGf{Bu0T_SY_++PMx%}G3M(wp_hos?D`7XfQ&l;Bkja*
z%Gtz^07L<WBK-~1ozO9)`x$|n*ElCQ(c-V5*>2v<=4rlU*J{>H63y4}hyo`JsF7&E
zM=o)-v(oW-QT%Bh%WZZEW@`zZy9%|l((^rWiASHlYdC;Y?SraqN24UJnr99_>D}JS
zReRWTNW>H+pk|Q};`0L*A`4kl-r%pJ=>?+fFGQX58mj=vra5GFPVZVB1xKma`lYy>
zt?Y1A8ptzDUa0Xaa+HA2;7Hh@K?pjg(eT7f=Yc^jfbPI(m0I$c#&UpC>EbF_=mu$p
zZ;VOBSx-sWc^M?K;18b%fsv=l`TPoxerExSyO$J`-v{_^I|}9SDgX=!#59PCBH6dd
zt21-5J`LFAFvvyp4}1C%u!+XJ3aY-<?jL)8zgUEvYcjbGWQ2E;$spMlYcV9MDaooR
z@p4+L<ecX@fjpbBNdI)E<kzxgBuB}=$bNsZI9pfEgnP{5!P5vtHA&(*?MTKqg})ey
zq$?eBfJSV;7;PHPzC8gzh~4o>|9pxwJsvngfbKY?e`~|?NModP!=!jQ&kSF~Q9#o~
zWX8;!wyZBF3Lswp_{aetg}+!4&&}O%`fp+^*v@~DJuNA>d*tJlUJgZPbr<RtcJq#_
z{)B>aP^{R*ox;{kPJ@$<2;9v4ENAHXnFm={)!IkK_^0UY)CrvP5H8eH1iEVM&ll|d
zX0-)!(NuKghj*~8PQa<t=$)`^>Qn|b>F9VX!=Y@l8=ACRT;zwggG%-~*C>6@`aa9c
zSGhLfpmiw!IAgKT%(iqUPtIjT0)zz8*Ak+4cllPGr6&hY!vVY28l|>$MY>@)CTqjp
zZGIr^!*DRN*q}q$4xJ4Wb#i@#p*Nh!1FB-PMqsDvh3Ka(3GEWmJ3wWO_ayw|b>%x~
zjsI&7D~V5Ams5Z7&vl1ew`u=+{Ab{k4HQ&ivQvkT$Uv1gf$2citLwMzLw=K?s<GVy
zGTMCueNpIdtt7^a?8B6EBb2;ux<&%I<^sLxhOxA6x>cghMvFv=f@e#vo;chm>#EFA
z9HN@cQ5&O_CI@3&GTi%C{0cn?sHXxeJ)OY6oi|;1f$%~WVW(Yr?!>t^jJ*k-eW|(|
zZQC6&>Av~lVB~P&f`he(Ni#>J()kMN|Nd(t*70=<*xQBy`7xrYv-Z+adi61}^$M1E
zd)hpcL(F#IRc++#FFgXFD&POaXz9}a4&-<(6sMJqzS?aP7xa~}y32V7`hAi7yRxrF
z{HB?sWugS?vmK1O=Pdp&LkpKB`qJq~EYvhixTwi^1LkJJD3tPwX&JW0hFylJXzCxL
z*r;z}WtGzeAI;*$8*Q25=C2laG`Z6Q<b+aN%K6q3+W7qCznMCPtXxu)=tM1CGLN>H
z9JKSD5#b0B3dHqkf9Np$@Mur7ixTh}!-|?lY!(mA-lsAo3{Ynq6rcXOJix-`!b*yp
zcF?YbW44@wZNEaANSL1a%IQz=k3kRX3c?3`fo#zHV^N(Iaevp}DDHrQfSR!PFZ(st
zRsmwZmWAF-JX_&8q<^b6NQ5&*tj_H+%(y0TO2u4+5GmqTh<-M37c7*|u%k~p)(quC
zh9C+}FT)W2yyF#Ra_qdpsB!xzuBm{O3&Bm+c1;P<y8m;lQUpj2!5umMiL`<{i5126
zYd6b+*JAfuDBLFe8=L$mY6J5g<`8DWSWc9}lAPl`>h>^6T@Xi=y1mrTBQ{uXmNqlS
z9k+jj^}#^nV3sw*nN8qQ_ek_ovpf#NX#-KiwJ*ai_aH7!`Beka_@&(B_Bnk*rGZ}%
zQZkAs=Wm}tj->cJG^at7m6q(W@TrgVnlt-APKoJ%zX*^gxIZFkEsQ@lf$RPlZ=%$J
zVvRIHBL2ZtriuXs_8)RopXml1>_^!UoLbwkjs3@g?#)LBtz_Em$A+NJQ1}Ciyw7gX
zw-t$VQ&UGwL~+Aua85~exjRE)paG_^subn9<Oh1{U2>C;Z5{!inZxSM1edJGa}5G+
zs}yNzbrAwJACEyiNozHa?30iKBa|8uy_lyaA&D4ag^Wv&SMb}AA*dR{Gw*BPqF6ps
zutL{0T(*@aCmU_`vwU39R7qc}CqBS^j-9(hZ?@3aRkr!TG*;%7Z$#OHS;W%ZNzHeH
zMYVBCG*1@W`Gj2l#(~na--=Qb>nGJK;ShVmSZ%jN1N*}wpD<I*aIHRf=KPN@Od|V(
zf}n7UmngLL>>%T1#%tIMDeyi}UDFfGa1s@GOK3Tdd25mWyiW>@2!9^6_6mLG`@%aO
z<VwKPN0(9ArFkBC;@q0Ypob8Wdo-_=pl(eMZ&(<;V)=gGXM*+qL31=^wH7_ud_zU@
zO4WNA8dXG;czLBH+^h7T148(g-zoBHi#br!q0q@ffcMJi8mn{J1sKGSre>WNx*C8J
zN=%9*Kmp0v<sNx8$^4&X0D|$uH?rn2<qiQ8Z$|&3CxV~9&R&#|(uJ3yBT(r02I<Oy
z$b-3{qpT-Fy&;>WQ;@CzDT1Z@N^+mrH{<HeF%ZwCGrahLen{d~vlPP9NVU?0F*$cS
z8bkd%;J*gt`+tB3UbYo@;cAT0YigC<RFQv<KHu+0e||hdZRca;{YgcyNKZcH9}OhH
zdZ4OYe`oQX6!UPY&mV`@(`*t{K=l*+#gweZF0b`Uj?XROAvcsizKP|uB^CHc)~n;w
zh+tAarn4AD5sM?PQb3#>cQ235ll?dCw6m-^NWO*5eO3w-k^rSp647hyrz7a0Rs805
zjgJK*aRHCgM3vU1nvtIM6POX-OB!B%8m00)Kg{VNx~T#zRzQ=re?HIqL1Q<sNY_Fi
zT?F$HzgnRJyi=*mpm*gKQD_@&y~QL^a2W2;5^IpOo~kKlh<Q<Vs$0yr%-zBENZaz)
zN}^YGR?$cH8GAUg1d$fQo1M&;<&h%n>-nnDK1!juk<hdl{#L!%D25*?p2xz7JJ(^>
ztb}%h;~Mo@&Mv2=I5lbV|DE4Y&-HBAVE^yV35ZLs1WpRkVx7-_%C<c}>y)nxPB6@W
zY}4THm{#-9;HHYmHV{}YKyY5DM6wJ%bGYW77VEF|oFUdG9}$eZn9m0bVd8FJ4#z2~
z>t(MxO(cqkZwZ;n05g)V#J&pMHumoTDfb=^4@wa{;o}AwV(AhocM4DW^@^VDp77VZ
z`rLXpj8jd+1cg}!Nrz9!7Ne8Jj2TAxB&q-xX*DsmY#)d%eQ7bqk5}YLjTBzta|ciO
z8qY~SwrP<L5n2YDsEbljUHko~@cPeq@|e~l{V?<|996zGpVGSS&4U=QNvv*<*{dR=
zRo!xRo#vTU4EQ0YF0+sc*6=S=!}oYuL{|0c=44GEJ55t`m@58Ir5O{=DPr$=F3B98
zesc7-bZinGJDc1?ThD#6c(lfD@jlUn8DU7m^8t`t8RHDRsfVh6t{mkUahjvBqMlDa
ziKb&7ooxsq!*q-OcS6`Z-liv}!ArYRN%5DwAca7#-fH;cbB!A`dsxtDSpY}@Md&UR
z-Fku&4ucz8HPtE<IAJj?2MBHS*fLcKi?S$X`53u@8*?;=2Q}|}h7nsePZZTVM6R5$
zf|v*>xB1j%MSENH6jw$gx#b6_PQ3%$rAER=%)J>t34rS#jp-t;{rX!5)#9^W10>}s
zOw}4%BO7T!FJ){HHuMy4KU)gdD`-B-T&tRO?x$UPZ4Ff&hJIL*M?}Dj4U9^M+YCw5
zuwDGz(ijo{wIc17xSabdIx$0IS$fdI%TqXVKnWZ%aP7U~8Ctj=aYmZP05TYdkQUE7
z0M+-G_DEdX&ae|P?X#Ea@WGGe^&y=f1-gprEOJ3Gx|ofq`>pj!s+Y}-sCwN(S9ETg
zBUX(KwDx8!Wh-80NvDwRfk(Vb?D`e^46FBuz;c`dWTl?T<m!8*R>_vvyrwLK@o&q4
zUT$;iVvPm&XKr!-_J95t0=M9NCkCpCnDL?+7eZ9goT_F-@0yVWd42Daq-v3zyjdG{
z@|7%Jdo280ay8g!IxnCq>`^0{Nnz<CvMJQMozHA9Ht$>3<bsYN19uHEa)P*zPhAcS
z>O_}2wI1ubGJ-es2|Kezm=taDK6bK&->ydwOx0DhuOCHslSvfwJ+AX1oIkFh8B0Y6
zm7@D*3o9h;%5X2$SWH3oD$7|Vqg(w&AIHrexzQP5&N|+QdM@OC5pzEwrsEb*ME@y+
zH6$nN*iVj<gtPCd>qw|AjjJYoRdu*`8!Lhb&@f#y*Yjg9yJ#}dJlsr1=lH7?nmv{g
z#2FfN|CWE@#+{W2>%2Jlz?XBOl&VsVQjI!+oP}#Sq%02cZL!vJ0*r6BikHvm#DVf9
zy-}u|LsVW4oW&;14-@k;W4~4b#pEU9s8pMZ-O-br`((|51Gc*&|J8ckBsB{FZp@+R
z9y`uW<IECZ=BdnU@yn{wDOCW6DWa9N7Lazo)kg}xKnL<_YF(mjem^O<?Y=~xYtpa(
zL-KX@P+>s(U{G82oA_CzrGWky!>>*LW_$HBLh;+?7Y9l#g9%dn^A2q?6Mh_zp-ixL
z!JR5+x!=t#0UmZgwgQsD9)v_8d!w)milN=^A(w*CkQX_?yV#IBOz`1+NaZwac(2K;
z1BN<aASOn@ys1Dd!ZP2OP_YbtILtzVc`wN$l^AZFpTI!8^MQHy%de@f3Qetq_+)U*
z$!GjmL&I0Zj!nRd5{8q_p)-Jl6Q8&lgLBRBhvJ(iK@|OYKW!AUtd-4h)F9<qfBgiK
zjg8q?Umb0sX)WmhCW(`CPu$p=_xb}CS;x00mLSRyZQ;T=ITQ(s&*W<y2iii>)}91X
z0l(4LT@!~_lp>^f35h$x>T(!y2!09$dSxc)E4h#ScK;Akzo6N0CJ2SYL`w!Tjvl#H
zMPnuCqR#ET>OLpu>Jqn#W6Q~&j6|3p0NAda0>a(v=vpssNM3@O^3Nx85W}M#+`P>A
ztSyfU^{I!foFguz8*MTpI%q@MT}HXsnr@A#!@P+_H*(%+(L&y8<2f}mYGj|hXK8wq
zV&F@D8u-#eT5I7wpa(3kfLYu2e7O^4pop{yEEZQ{+kJbzni*T_x?|UbwDNGY2~z&8
zfSq8=)EFYS_(&3LfOu)T?@LPy5w7PphHn;NlHe^x%ht}zozpwf4CT#6iQ;!wn%8g3
zFY6Bh#BkE<BQ=#I$&68V;Wc{r&#jFC#M%UKqw6DAIwFl+50`M(j%VuDkc-*`Gg1}#
zA@pAeUb=`4it!!{LzwY6<Z>;F8Wiot>8ggFGotP0f?S*D!#*TF9J66q3D8N&gNnYE
z?gy5kAlHp}O2EKZ*ifk;3tfxK*RNKX+(&ctUt@`N$D(*@n)59m9?h(rx4>mH1n-GQ
z_Sn>U-Dg0M1<|1=Q<*U)1dj{XtmjLkcs)xJKz?hC^IFz9HGNZP(p%_InYdWRm9!zf
zzj^0?QEy=W&)V6^H#gYx!J*8UZry347p#Z9PI6yos113)iqL6O-E-k`=VWf$c~(|h
z__;STM!AY_vAOWOTe9)qN#p7>NN)kY>wGdZMz0FpEA<_x@3*)#WATy~cS~h}`3gQ9
zNFGLkv@rR&Nv~^mp=YK^nXx|5RmU(__gI<nv5CE=yb}BiD(l6~tx-+-InYxi{uIm+
zPp@B|8IX4VSI_L||6(bU>a>}k6dH3&(hE5=;#!il75ku_SwT5lo$Tpe!Fy0Qu_N*Y
zcff)4=BZm46nCP%nQ()_Ze%^H940zPdRv(M-F(b{5xT9u=x8f;Fz+acl>CY;a-&<;
z1|zCv4-3=4xn*g;WW9#>Vdbp*bu=6kIbYZiDt@SwW_`bZ8RHzkRxEDhWGd|hzkJ9E
zkHH=AAFB~@CbD&Yuj~w9#9Y+zpO^eU=G*_mU~35FD~tC8`@1&IqBaqd&ZR-m__s2r
z(=G?tzIS)p1H8DT5EqY`9t;I(keu~tEHiHkw2?x57TZ-eW$=EP{y?CC;zc$Rqjg)m
zP1|cW+f{O2det$)7Ycpac5zzhG#X~y6uB(z#ohn=pX=Gx&r`gml|N~#7Y7f%+1EtK
ze4Eq1zfxUXy!tFm_xSVTUs1qvKl+m8BFRzhS;M&T=b2sc$16%nKpsMq#2KS`QLXj7
zZ^LxtV!^{>>7N(lghJ<9#hJZ&o9KHmto4*Qi10kFvKu6U-HE3$Zjffaa)OZQkT?x4
zDs(+z?7I^R2EJ0cod10H>m1^5f8$^4d2kTvO4utdUe;&j&!>auboeDnx*Pg*dTyCJ
zc}_}9r{=_YWRjytDN-lDu!2Pc)-I;5faF+z@oz+^T|R`rR;{O?+lR6Vk_S)n+~mvR
z^FxkbP4V*k^3fqGcWvhSNYA*uk;iAqGREqBCX&zENDXBZ!fXxGe7~CnC8WOv8FOvt
z+K7-PWuGQCVX>wed{SJTLKdRZhpIUwGB1IXy+ta6@Sh`ZQqmwC&LnS<OkM(yx_ZM)
zWVs6)10(ZXrcD-a`=j(pm<5-l{3#aQ*|9g;OJx34jc5T9U8J>ju}Fba@};>!or#|D
zo)xUekOS@*r(>^SG-dh73g_C|cHcHv=6{6|HpI|66T#}WzFFr+1}UyY^Lc)%0QKCQ
zEF#VB(@wjSYFB2a?g-V6{I>guZdXiuT^vYjn{eHx6siTxK2D~ZwPEc1i+#7AvQAy3
zv*SF>Z{R%Wp<rwHnunnX74~k-id7o42Evmtp{@y4F!=8C!SHjKh|mLwarf5jjw+F7
zRyp1PDP~0#IyWW4`S~8Wh&-&Y^0=asuDchN%J1}ToN>_FOY=hN0JWN5_-xuO^&@DH
z45dE?0lLUOx&4Yg^Rc&`q~gB-kgsQfg$&><_b$1L|0C+FquOeozl#(I#Z%lZXmR(V
z#ob*>p}4!JrFe_GyHng9io08aySu)5zUOz&`$twjJ9qBpW;1tZc6LYQn3&yv*>BZ9
zw`XRotD^Gfi)4SXJra^T=kaeSY8dqivZb&p)Na_2vKP~xQ)O~2(8DS4EClDst!6Ii
z>2nx{V)IKjq8o2l-}aifidmfWFz~q&y_oY03Ss?6tEn|HPPkQ52DXCMpo_JBgB@f`
z<ZhAKwXXHkpQMOSP!xnQYBWKV+d32kAQi08U<UDR4l#M7%`a_T>I*_ac%nulMDvNL
z{E=;7`M$T3Az$FO7C=4yjtc!gg5>CP*!Ul$<!}v8RQPn_ZOn~9zYuf$q2qr~O-Da9
zkRYGX9i^zx)F*B}(vE7v;ci4GmsD@t7ikSSQXX+)@BVz+#=5l658C;IH0t(Q(-z^w
zcDC4B2I6HG%2l%XI=(f9s2aM)=ee8rJaBw;J#CFCh;6vmke?77BAtF9_PmjKcJvU_
zZ`PY^{;_Snb#q~~)s^1rg?jy2O}m1Q)W=F2@*`7-3MRt(eG6{SroJJ)ibD=y;;G=5
z&mFIeN6sWY0;Ws}%g5ptm33t$e7P`=^S8WX!LBm;mb;DCyW@NU3IL*b%&%azd|>Q5
zxY&1c0L6!olpkp+<l?F5Y2`F0S^X)b&N;tmXv`L0Q+*ak`2xVAftOS9{xd0|`ZjT#
znbO+Kd-3$<NtXHT?3DkT<wgqUUdB*LhDeN;!Iuf!>aq6=b>plV#S<*?j|8SY=Evei
z<kTcS3e76N$79zlTPL?}(pj#zx4`}}^7yEiPLyjThr<WrB{z#dK*CC%H%=$wdVr;d
z4?DBp@E`A;dO~ArKdkwtpAT+<#TYD`Ro?8u>uZZYL{6l2=A#UYn}~CY)0}fCPQ*WV
zuxK=kv`zxo0Di4D_|x<>mMbi?tuSQ!6dbm;)5n}<Xl3rv<FRH3yKmE^{EeUCFY<|!
zvn}z@(J`zF#m5iHJ$mx951-$^Eg6yFT~Ck|wmOvhCg^62>0!ETRIP`o6d-qxGLH3H
zY@Den4N{c&HkJwAn4Uf<-%?y3c3*qgdcA1ponUmlI$`#3=yrue{$3(!0N`a;3?0{w
z4qp`$9CMMO#f+vMER<`yJ$b?abZ?x|xbCkRPsMU5l9|lViOSO^nI`a_4^HOE5N-J+
zE#e-ZoX$pEwO*piM}v9eGY!BFcG_0(QB~!svIc<H8;7L~hvxuCErZroj;2nTCfQJ2
z?#U*}%|yv7gOOE!ac0i%7~8&YC=47H7CRK`c}8$rSdUsTUsHKHiBw+C^XEKcHoSOq
z_V1<a$kBOC@B4+h%7iptwpp!H<0OQI`Xw5M>Sh-dGHwVCVONx7Pl04G6BUAIA%2cA
zYjBwvQgu7NY3;L<NAs4<lykPKLr+M1Sf^&;2bs!ze+kA6D+tN^y=ze0Qku+XS_PEx
zo5<jlc7X9s;<%cRBobEIk@y!0gwsESUC?!y0s^@B#OTOBzu|SFPNwp7fkr{Q@T0T9
z*9=Le29q)$^Ye4EITfEI0&uh6dxJpj>FOtv!JxB3-GPMFS|~&$&fLs|yeCiu{5^Jq
ziF;=7-H#Q606p@aBQ@>mXIwv&tm{9l)7J-R6hisiLzSm+gk6~;VDhKm?L4Z~lIo3E
zXXv;R!@4s;Wqv49iHfuK@o@QjEsiCB;5=&4vgM4$b&P|5&m<pt!<~B5p0WPL2-BJU
zRm5fYgp>OeE1X6+o%DM)Y2&uVh~}Cn+mfgD5y$d+r_pdJ>D<fs$Zo~*-5q1Xb6k6?
zAyRcGtEsWEzdowELs{kZiqd9d`%;qQ+TXD78P32K&G_(^a8*W$pOT2>qwnD7zrCyc
zN+@>Y4=#N{seDf;7U~baeL>0LCk*8K1IJa8+X*o4KiW>8k_cwu;(<IeArLIZuqo&@
zC&HDV%G_6ycaxs8JC>8@WRqVoY`0h*$`uj2k(=#uTQ*i)BT`-ig88$<&rB=^F2}s6
zNl91yXMdCX*@?!slh%2lVX1$fC@<)>J0Q7KwLz%tVHew@L#fF6UCzDm{_Y2R;6@yH
zL>X(f-#ifM1%UemT;0{lp6NtEf0Zi65x^@}_hbG&U^w|&>+_y_xQvMuT!n_Ib4jmE
zu$4vS>K*=$oqIvj_PuZgqtrp0#-l@J*dJx=*sNHfHvcED@ZYx|yI+2gY-duHC+>cK
zibDA7-ZGh20_QQw2Wc!q8O)?YSyFG+P*JUn@c4`#*Nc<t2=c!wf;q(Po(e#$dw|M7
zmHI<Iie_=yo-1)6!l~X?pmG+-*EUR%6j|ZY8Tz1R`^aZ<Hv=|I)Vby}aZiYy=aH*f
zbm~ed0wjH^2^~a;&?y&*5T-J&yztB(ekZ>8PJC|vqHCCub_6X>t!67I84g?whxq2E
zN#fh1uxHF9?G>yt^Nq&eh;&BSf`rZD9i??3w^w{SgJO&r?76R!5E|LZtDoxDB4Jsg
zQGkb)a2W;Fi;pEcG6oH>H*X9}YQ4XGDT~{JJ9h2%`!4jGKk)qFUGUSPXV)8HPdgl9
zDjU(i;!25O7JLH-I_>u9(ZHjMDY0cvaAW45eCMPOr+3l_ok9}#4}`&jeq1Up6gk6U
z!A~PoT}KE2AhL7vaAoB;vgzG+Y`Cj5*zR+vSWgv#*AH<(>rKKPYApXR2pNqrvn?>9
z+{%*v{zY%L`pk|5{n%>2mrWZE8c>zEC1C)qZ+|y(Wm`}~(jnISho$WGY#X&AzL%F+
zvRL#N7JZfu#@hi!&)?6-=XXfh_84ZNXMZI3W4B%JO}R-hs^qXAhYwm^(rSBI6{*^?
z@=0EkrEhc?<YZuogCdo!tXZgNk|bYTABM3%8>LmX^Zg>Zq18q#X~&p}_*M7uIh|WX
zdim+md4+y;Zzp#$n-81dvquQP7()v~nOm-9zYFj9JOCZEN?cANQX?(9mo^nl`Wi$D
zehU4<exMieJ>In<K~14WJBbnuru=T8v!l7+jVHv?#s)rb`)I>B_`{rAF8afKGMfVm
zbd6F7^wCT62%0DaDkm1#;RHhhs(!jC@ag7lC!5f2>S0t7trb+IV`MGG`pj2JpbY+e
z4(VmGb5V;5aKFzrJU-u53AUjZ^nJ<!@8=w!Kh)nK?*-J6zBXzdpI4#NMiMjn+{YZB
zH%kDPB$l8rq1ch8$LD!Jv45hgx79Udk{maX`b#qv^}g{%R=W@gKD!yhx$T^sOZB1z
zpw*JRQbjP^7u?C;OG$f@_!}~jho0d;9q&!C-yr8&g??a+yuXLmLvZ!_oEa!Si7FSm
z!MdWk9|f@cc)toB0Wh<^8%Z=PqOQ~(*ZU-5Jur7y*`vp_C+Yhb*>-Hb>SsP#evVS(
zXrF@)rXpDk{rxMDHmLcsCnTRtdt^*q9^c9FuURftizRlrRUp(g4B9+A{tcj?wbLv&
zvxkByI_Q$nKY_jO7rn<=2?eiATo`=qbL@dYSLvp??7l3SPiU@3yWWP8_5xNyuMDIB
zX<yd1QpyZSl=wsqCNw$jnyUF@_ZV^G0JyP$i&no~M#Z4g*mmV}J*$?rpDDf*7UFjn
zmX~tFliErk(R_5y2d5!0`_Sn2hBAm*&Jra0xysgySVh5Kp2O6IBPO0M4$w)fpANa^
ziBS?O>Hqd`b8QI(FOBsqjb+fkq97y?JZXh^VPN8|!{8F+PmSUyeQsb<nfYP#lMT!H
zAxaMzJJCiX;i}E2Ej+iOr9N_(e<PF{g*+0%pB3wT#I%=w)~PDAw;~c;ZHGAVFdjpZ
zPTIZ5zzsDQ8+%}kq=_dUTC69Kwc=4TFLH&K|J1=2Uh}l@r6-P>u(gC55LW=Oncp`q
zh}Yd3qy~)0aJYZ=KFq1~wTx<&#&MSM-c=o}8?Jd1j%g8!b+o3L$m_|Z)9_vAj}a)_
zQ~f5NBEua6_0nkF1N@n|5;`2)1Jq{jd1>rkffN3#XI3t?tL>^n*@Ya_{W2XNy@GWa
zR_`!}ES*ZO=#QpktGqPSrOGaEgi2K~kXi*p(_^+E+HN1A9jailhrV3RG->P(qW-$W
zANVLCMkaciJO2fXP||Z7<&PO&xGH{DE0pXUWUJ77p@O#J<5n<EnwxxPkQ-a(s1UfM
z%7I7~Y7SVzOLJC~@}{0ctb}8hk9vaL70SG0K(54Nb)_npzkU>q=B-<g)O~-j>iIjh
z3iXHqZAWU=p?1>}jvqECl$GXV^{9QU7`{oBA+;H)V+8%cO2`F$ae~r@O>Uid26OTK
zV59#rr1EwiJD^u@&cVg`gH8AcM3i||_GinFC#B!ac)W~l7BN1}q_s^64B&~c6{&i)
zt>>|4R_skL3}8P7Z!$N9iM;3pj+jfE3E?9xRH*c@=p<u-ozWZlRWYPpp^VCiO2a42
zdJdd~l4oS5m!P9Qk$1aPSE|T7!`P<KbQPN}b7HPH_wrSIAt^<x{e{DHeng?HvQ2^S
zjw5t3KGmD7exguwa9L2oYLh@bhFzg7zFObdYo^r69L0P<r;ag2Dty^zSM>+Ca9yc*
zIc9~P=E~=?%hv^=?=3&6{j!8(QgcaO^Vq>s<}@R#gRqFq%#;?)g3pmP;34xRC~FjL
zI?<8qJwy*9RJ#DhZ|8dLS;zf8a|>l{kRddyLN&uMd>Vmt5jqI-rWT4O^*`Y2dD>cp
zHbzt15*F>Lda;Zi{=*1xB7t7>x!-fGQCV~Qk@|l}cE4}f0!(c!L9>XJzYtZCh}2rj
ze!I^{5Pas{0vN|=V+2%L%95|m1d+ZLU4Wl2mZ3HYuJ_5&$LAh{Kzmrbaan$iH|Y|T
z+K6)2TS~yU0tdr*#N*a{Y*2cRQTHK-)Jr7s9F_7Eck@SFO}(5hAK?wE={D0cR5P#j
zI$;JHA?Q5eeTUoAY5ag3s=aLaqW5-u{^My8y3j7JbAu}QJg1Ek(AI-NURK0z?bXmL
ziZh6@;R&DfiYT7#YsUX<14OA(FbUn@3##^p7xX;|12Y1bpmEnis84pG8#6-(=jtFF
zkfKGX@-*%jMsu=yUn<ij$r0#N?Y}Uk%mZm@yO>_;@j<8z|DI~?+kz0Irgr;~zt1=<
z#@B)5sigS0WH5iHJHu5mpnfD>reelEu5N=priJ5=qbXH4YgOUk`cJ-zi2nJ@RZ&Q@
zLuI+<tq>!h&KYUk*OLR=`G~#8MxO+%8^-QYdONb4Z64q!@tZ6?j3$V8k^JH`B0}ZG
zibC5Xqv>%O;=(UGkb8&R;wvMiN_eyJhGma$)cIW*;@zqp=&?h3|AHunY`8G1SK#j9
zW9{XxCz<fHG4=BuH<_?|hxFntQOU%0=pj(lqQZy=L21xsUA;gSJSnSItrQ&wm-D?^
zDIwT=G>|~|1xy0817YhaQ#Iu}E1;!I5>NyPrJ9>9)ASt0p#-T7t_cqIh0B7KLApvS
zHbr5k%ZF@d_yjgc3V&!L7p=`EXnJC%_q#GcmC95G37}E8^hoc0{u^G^qob%=nGf&1
zQycVXZ2a2fb-v&uweMPpCk&xI77u~9hrnG_?;pd5z%d}s{YDV5Qb9|i0ZF*x<7Aqf
z<)ok@rE79ec1)_cr+qlQutdoEb~gIsOa|d~y*f%+5&h(XwP!5Ga(2K>%4boYAC4BN
zA*ZQw_dcj0uag?$Yb9W@67!(fdkyi05~6EnJMOZNlT|Rb>V-H)>BHHq>2jXRsca?7
zqCp)-E&1b!_OWNdHs0S{zT>}|pB9#Y(bf6a%rnNjw6sN52$U6QNwVbFt{4*=mh=;O
z<o0^;ho+I-d00!PB^iU%nz?9Y9*2wSkV?Rz>VVyAxq<{x#r9F>K>?X_w`OD6!xwEb
zc<&+{?=L4ub8>|67Mj2t4)H{dj-|Qw;<Dw96uIPz(iXXi{<#EY%?LF>z`q{%(1iNV
zPrCZDx0zFP?$(_}Ot3fP0?ZCaCz7z0Yh;4*I`n>F&#=coV6<9!$Ldai^3v_E@{Z@8
zTaW(bATaA)s}Y?=CrfB~mceZaiRK1{hHuERI)Cg21)5g~kX#eaUPd)jo&TrEfa`H9
zFUm&S=Rk7JTN-fNMY4zZKMCmbVscRApq%}?Ep;9$MnTM9WxM<d)Sa#mcyk#;lv-uH
z<>fN6VZ%v=@WEtzTCAQS=QG5Nilr(a3gx;xTM%6}g9AD~H$5SBA8Rc&y67$z9lb|A
z%AamE>?w3LKPFF={*^qi7y}FF<3(itcEZ&&Yz>B;v(j!O06paz5OETK)*M9owHSrV
zRvkyYTnrLE(ar!OisX+M_^aQJoXC$oe5zyiwHOm0l#Y`Gs+E~F*I8>?Ld7FbcjFr4
zwEkMtSe5m-g$f_TG}feWV~=l>e~W+}S>xH7nV(TIyR*?VJ`-?BxG(miEr)WVM0{hj
z3K*qG&*;uBfnSZz70T8;9M7&#k+l+54{i`#MbNuC70Jf^X*2og#)?~43mxCOE%Ome
zQ*CJrP(%hqls{k&{?jq;L0uS{!>JxNd{%PP&Z0<@C18t#bhf5K>$AB2rmib!jD7fl
zVaTX;)J^ZpA9w!ahq%NzZ-Dj3$-2<)0FJwn%@x5=1VbNBP$DBX`$1sXh48FR;?2X2
zGZ}Q}O<tz}FCz_&<fMD7rnvQ+{sHrZOlk&sc-DwFLvK*04`1z=rS67{Kk!_hb?+h7
zX)N>S7I2Oe?hSW`g#7pT4!M(XR4l)xDgMKd*cqMw-M#F#qlvF_d&K%gXIs(YgGfJ8
zl83ETNw;X`A5k+>(dS(xAIIkT+K&c>S0eebP4`u3PRXq9&*x>>hY!z}Az?q|sIJl=
zO&dI_4%s*Q{p>IG4_z~1<4H-ZDF#DVuDN$Jp?D=$ulCT0P0_H-==`7Gmv|d!7)OWq
ziGN@~Bi<wy1H5quJwg-kWyeCjUtI9f$|i)kOOw_^j`7v!%uPI5HQzYUKK?zo!9Z9b
zMbdi4M6iteE*;iB92?8UXiU5~Ga|M{|4x0%M428^YJX-p{_EWAr~H;rS^LPGpvNDo
z2Tp(&XV@K!_E|cO!_QHw_%x~g?<bEHrVcCpK&C~5FUgv!cih^!(8HaM-NW~*8#F|Y
zQL@#;ZZ~J<6swGu3O&DD?E)|7S@vrHu;g+cW6KGUxOAySxb+ZPpXUkxR_%_XyiGoj
zv8fFMT<+@;eUhr`%{_76sv91acFE`QHW*-M-)&sZ&##x<0)6CJ-F82<2W70?EMKdx
zfc9w58-}iT$L->-a6DJGQ9Gg@cPd`IB7o&DUN<&6t+|OHSn`f5nVrOucI9_IQtR=W
zU4H83EN3Z0EO0abU!X2{&=R{;`Os#Kgu#I)S<%y^VL4E^$N%ll61bkJNKco>8TAQ4
z(ehoTDqzPz`Id)boyH(b5hdP(I`oDI;_oq~aVOu7p6(M@y{8!LBj<pCyN5MAM%lD?
z&2#=p(nIlJuIhj=umaxL#aSi4<2hdy1P`uLHg%rZnM`#8T;3EN9S-cWm56fmh`QTb
z8-tFydgv|(C)&|x-!Li9MV&8aSGxB8+aG~lY7i%I=S}>tZ2!`Bjeo!aDjlaAII?fx
zrE8pF$6$TuhDSjo8}ua5y7n@Q1{D^c@>OEd)Ow#f>aKEfq_!&@>=l!hbkC(=R~r+Q
zztlyiOu%zyPmrsksh#REA<wq;#C~Sq6nOp*zMhn)I96>q-R?ujC89&<Nn_xo3mm12
zNKHd;AuGkR2b@EwW-3y6zGd2HXniK+q*@RktKkzYPr%0!#~)^><hojtqi~|kSrISf
zA4cOZ-Q;_#CP%(+#KW;<rJ-OB?q?K&E@7ng-yNS+<5u`}ET^_i2PmoOn|B(0xmTMX
zU&bXKG<&ONn!nylJYV~$uadJ}xY&c*#!tZ^*>2pI7HIQXJY$nCeZ=zN0{|KCGAlKq
zS}cxNSpI7xK92pT*)#;CeRri;JW&M#k0MbAjN;l~D(2V@7zDMy&Y!8)NwVY7KFSts
zQo;=>3-BTz8%r)W{(@wU24{}J>G}@Bw9_;M5zkm&<W&R7rj9Rm7>gANI2*zB{1DH8
zbrKa9_MAhrb&~U{ey~UcAV_U=ndE%PtVbro%caX90x*bowHsJ?1|({mNJG$o%VgTy
z4cvW!wdLOdsyeE8khiTrPFqy?6X0;Q!1|{1Dgy1j0|Z@$!T8@lfwMLmd63gBgk>u>
z4qyQeAp)XCQyV@mUBdomCsl;~!lOoY+vEioUtMs@N}}L6g^3ZiyZ#o(9)ff)xh22d
z1qNJnO?v`zUUBLXbUImf`H&K2<xzl%Sfi#nm1@pU1t9U8MIL0wPs(igZxKU}skC5+
zg4<`cx=%ajDs#88Y7bk8S9ApibznzT#-h;2XzTi~V)AJSzW4EP9vb8bG0e0=b@9g+
zJPo<0q0`4t065L8O?JC~YU0yso9}<I;Lh2UF$rU_$fE4$#9Mx%9sMm=A#lg8!iDVU
zabON9D*#U<aRmD@l^TJvM!s0TVS6(`x7ETv7pP&?5nIPr+V>fBC1jc;`lJ#wY$AwP
zV0unT4gKl3)O8Je3!FSa&`sB-ss2gZsSwS%A&M+?U-!D5w*l&4J@BUMaL7vGLO-9t
zxV@I{bX!%YVF);~K82*j*r=Ui7$llBdAB0q$1b=^aW~|L*krvLyX2}Uvun$J+KuA~
zPdS~mWrMt_bu)+V)*`&Je#PVG5@puBLe{_Xa~S)HE1W8tRLWl!$w60LnC`bq1R+tf
zd}qpZf8aMk@M!x-6IU1=>tXcGDo{wK-^jnPE}XQ6sbRL&Og2F%l_~2%v@N!IIOm|O
zesErIv*11Cb)r0`YjEY+cbTGpLSidU=()|TZET{I>zzTuCey%zmW43$`saD3LBW6C
zo^50GpZ*#p1n5|_6TMac^LCrB`R9%PYU(#%1bVBEx%%b7cDH<iu}g-1W^&q&v&zj&
z7{~-#ubVjY6kad)5+HL#kLI;gd$R~`HG23QK8sARmbKU;dx-F{<ZPl*wQ7h0fv2WQ
zC3rEE(ahK(x#6++Z>mAhVczg}xrkWxABnWg(%yxr%D3+f{N0Zbc^lLC1a%Z~{j>54
zQT;DS3;qpbq70E2mjoO8{%zx@%{X^%NoBlWss71KjmS(LA2$>AYd8E@vOJDNpd<Zg
zo)bxnl{(T$`acnBO`(h{jzpB4^x2a)1X9U8+2ue8=Dw5(2}08H7r);I1`9f8!)>XH
z*F0m3PIk#;;eh<)9Ph}iOnSb7@kObdkkPqR&Rlv3AIxXP5R$ZUI&@_nl}W51FI50p
zW8f+$GEwp6Cuk2Z;$2%15@R{l^DAk0hRCE?2sgM>8(8YgKPi^MjetHIRcBl>o*0BQ
zy>cG28iZ6Sa~1P~fWF;O8!($#k=BfTe}@HnMBoA)$_+Nk07nNx_&e5&<eTcXuwNhz
zsfG@J-^cxAo2sgfRxv02Pg4GR{cwabQDvT6#f9Ey|2M2-19ts~dF<(V_Ng~NQfLzw
zbw6{iv5Rodp*QFeCL_yo!(NBF6|S=kl=mBra9&!NwS*SW&r703Bs+5&3M+koz2@J5
zwHKIjHwsQfv0e^tlN0bY@urk9FCHHiQGhSoyN54oGzw!lhv@{HG>;?mKoNrpNn^l=
zeEUnRm-HL(@lERf#N0_b!zXDvg=aqk;0x0cU~istD!>^b=Lre)C^sZ_Y?-!yM|4Q@
z*i4MVPmJ;!k?I3{Io=JgDQ2RZ%Hod?do4f*e<1!iH8CT1kY<;gB^VjzzY_(9L@8W{
zI?$jke?f^i!<*V@{!?v74SYFQ1Wzg|T+7%}p{@5x8skEmopD}>dXx9h79|%uWU*g-
zqr{>A-I9Dj@-0RYe3ga*lY>&%#P*=sHCybL+A(3tw**tzBS<Fi6dX<4&-)RwUuAPf
z@%V7^7PMbwYZSY$%+!pKtVd5o_ACtfo@F8}G@{^rYT0u<77J`(2>H2Sm7@pJV)XdJ
zmZdt(p9T>9va`)oIo&w!F+*GQW#<)e`e}m0r{Y2wx^4;j2Xn&uva)GX&T3B?xhl>U
zv6ArD{WHQIoVkASdPe<w$NFEG8C=7GHn&2Ml~3TvPlyZoUR{CA;xVvjgkQ-Z>vB!8
zQYi5Pr+2$>&H8{12ihjs5uT!0H~|zI58h-dU)O}($7G4Z@|nB1zgaCF@1<8h++l)6
z10b^rvX5hQ^^OUtEovUbIpaJplrd7DuJhIOvIMz~T>(dijo1PX=0|eL*9na`_>I`o
zy7M*;8ORo2;a;+MA>%2?%<Iyg9>m>#j%1Dw#L&WLRX$8l#<WS^G)M;*<~>(hwNM&`
z{V`jOTGD>AT9y*2o_&`i0!ya>aIhB8X)(eOuc24O)HtrqaA{Z|xdIq)KX8rmNd9;0
z+Efw9WNx*O#6Zy6+t<4SxXI7{9o))o*4i%S=qFS+{Iy`#Trek1qtyEwnMzkKW9wm%
z1;T0P9vrX{Xtb>4h&+aj+6Y7~Cvw{`r7A8cRShqn8pxrHiDH8g)%8jik%&K$1nV6A
zb~$3YnOGaa{heytRqqlSw&08cblKLATsF;(<*BUvD1F*dnN6NQ9Zw3Hc0qZAO|dqX
zP0f5TOw;OAl(eeUWWG|mFhP`Df9ProW=Zg+NfbBzquiR;79ekHWLms=zyRX9V-25B
zXgm*5o;6QbO;6!M1X_C~BS^uPg7?&tf61UNuRm}K6(uB$h=$mN+e6N`F@DMp0sMBr
z2Q%1cGi{_`4-fieDlP@=f-YBk#NIl4WYaN>p9e{#;5@;P3X^P7&yc{Of3y@yrole}
zU%NF}lg>?8dJ)lq!@(u`EYKQ*p9kL2VJ$7MVWRIU$0SB7V%emQ+1Oc<*aVUwrA@tk
z(FQ$Q4-&_0s$O)Io^&-~U(lsf?Q(ZMeKk8)>WL6sk{nkOpI72h{feK{!*YN;w~Mf*
zm$>bVz70|F6FGlm>6tY|e0yd7^VkTupF1;o3s*oA5I&RTi*Q}lcFId9Nj{Qc5WBP>
zRS(swMcTn_MImhURC%?-&vC@Z9KL(`!WKY-DEFYkPaitmy~v5u=xxzqH@apbay}aa
z?hutD5+VQh{HJ<T=5J>R9&y2BH&0iBC|BJh{VRsvzP<RQ{g7&7_bbexum&#j06xDw
zNZkusX^kt!6PcubkqG^XbWPr$<M3eL6WR)}{2uSH%0>OKTLB$^L6{Mep>aANwl83l
z`}1D1KU9mfxBIBa9(Hg&VbLca6yr0~bfZOif{r9CdN=0u^6Z5Aq-yIb<w-`{f)K3+
z(z?_R2pZFX2>dO3mPU`gg{6<Utnh<p7KVo0Kg=IX?%AnYJ!Ua};K8;}NEBwRgPX^G
z;DaYuN4ZsuRnM>x^;40ayC*)r{#|UUD?Yx85o(KFC&$u;EEQ`}<f5aBczLf%q3(m*
z4<z3**OUobjNjAM&6BMx^YU@~|4CS1R!(j=eqWS5k2;=v;_m2uDHY9Wd`9Qn3<KpV
zG&f3SVU%N<at}`c<l8dH$Eg+z$6@b3A#q3Vp!5D1O6nL`17s@QB~_KGlF_8;<B_|n
zcLQ)e2?#=mjQouq&e1L0GFQbb`xH6dpSce)CI^t~Zb{vcqjpsr?>>ufekOA>=Kn(A
zp%T@S;ytT4>=fA|kBPG``Y+GEkj#y9gvhOtjK-G#|5ugCY0`!EQIup`Uak4v9U0$n
zdNo+GuzpXlG4SV9rL*-Huqj+TfR!Fl3oX#qof+816ikz)cY(22goOcn!1Zx$woh|x
zJN%}43Cj08S*CiWrh0mK3Zi>Jj6F^Td2R*yk>G<W-=20~8Aqa>k~a)Nz8mi_YWa2v
z@Drw!MT+Mywp}cl#8n9}IYtR2zO?&Sy<%N@m4eVUkaClbhaF1SGa_0OmLZDW@R}by
z^E^)r`-S95(o@MnT*3<H$_^)JN{RyB!75OB*wY5GA-ggYrdz@|6|L~Ng;MhgyTRfq
zo07Tik%ON1*f3j&F@f`BAlSg>2#NExdS9d;3ed)IaXd5<`^5@@xN7CaHTPmD9U1LH
zuHE3EwebHLLEjhoya#W>2fxv8Kt7U{>=g<gLtMAMVkp&!0?qtE$+d#<IO(YRNoYzA
ziG1<vM$7^nlVXxA)z-|ccw-9+b{+Umj_+xbm1Cg&xd2h%z*{+9#NX>wIl0PD_qRGm
z%zC$+rb81PzjiLoruwr0djY%sxy<c4@hLW}c=ZG$5mKfyD7ew*W>deZ!9g-K7R_xs
zb=N4SQ`kn#!_yH`x&_R5KO%SfbF-qcE@QB;5+}?sqi>k;a35IkNN47w6Y6zb?@*w(
z*!4OZ&u=w48U*U|W>dCR{kdHAI`OBbt2l+(V1b=MehH^ORq={ElJFVs6PDo{@aBCU
zSV`u_Otry&?^i}36En1cc+0DXeutj&fu0rb#WlYA36?X^BBThO^ye~crAJ6*#9(j6
zU_W2!d9&iJ%_wLY^5aKz5D!L3<wavllc`5Yy{66}p8ds-h>qOr&%KMrhHV1Dk5D3~
ze)f*UqVF&7&t>Vv5_s*2kopin+4l5-6))rEhsr%HFM$`*9`Dbs{I3U4ZSmEr?=|$r
z3F4GaN$omZ=0dD^?dMFUeO3Rhx#%%JZff^j8dvn^{?f|q&yBngiI7sfzqs3K$B&@W
z=f{gs62OaicV#gWV1OMyCCREeU;jOL=@^$x=u}YYTu_M(Ili81R=YQgA)$;eIWNKa
z*-0F^WHrAImy-Xo;g<$!xeDVOlL(hDs`@(rAfSqLZ>rITlCtHu%*M<Qu<-|&CO9bJ
z<&#b!<lYl{36eg1e6dnrZvo1Y7`O+Yj{|N|X^)ZIecH@!06iXbTsxZL{#Jii3fs2i
zb%fl5RUmfk?-(#55(22fuZ0W_kM@v9n!+~aXX*W0V)ga*PHbm?^Wn5}!JM@-1uyMq
zrTcx4!nR&2&B1E}FZ#27z^GBxi&E2NYi=6@(ep>+f`3nRf7R|~#dqSuhm@url`gf0
z35Xv1BrX5iDdXhUtCdD8mHg?r_J~#^a*qA&sy4Mz_b>L^V??sB^G!rH*(vtGVUi)(
zNp5Px*02@iWBcgysJZJlql8_UX=apEvBEDnowP9Lnc%fHpbow%`dGD65p@=Qz2k;p
z{MAU?GyMFBVb^WfI{2w>(`_krq2So*yhTO{c$j4gyV}dpUAL`r&szL$X7uPUchv|>
z#6py?qUS?h$m{OGW6@d7fkU$_+Dz;W7#1i9L`!#_04!9hVpl*`2Hs|AvEf=Jqsj$Y
z57?loUs(5y&7i4|ae@!OeN=c)R47iTKsteCHo^8^CHSuik^j&0W5S;$V!awFcnU5P
zSnC2?*`0%~FCll!*St<RE(>$tP>i!oPY*p3Ap#?-H(|BlzS{6tJZm-_JK(212H1`h
zoDP8zP#-`1cug4H1h#jk`gPKBe7=q#i2Y^FJGy#@q+7HpD(*Gfd2$t|%Z0irF-E)&
z^wWz?-wN!XExCZ>_B`KJx@2NGWg<hy_W&1ru))%y@W@22cg?#aWV-ED*vY>K*vR_!
zC`cjwZR5E9;B0wFA>hcE0(M{yO1v`jqu?n#wBQ5cTXM9>wTFG=xa5k>%*Ih1KT1WX
zn2ukNN#S6;c)-&@e17MQ??DxA@pGP=`+-OoH@%4Kpeu$(fDwg3M;D);@1N>>s;%pN
zTJd&yn00>(pdrtKy=!<0&~VFhtJ?U6Tq>-dZd&k64$c<kE2lT*P2KkDk-HK_QGA;W
zk^?+YGE87-)E5bS61hQ!0vsaXzIf=QzadkeV3HPJUIuy;Ib{o+BbzRelN6`IVoG?Y
zAk6iRfZ3DyRdx(O&yFbwnih4=3=;`-D($=p=HtdmfIF5lG2Ei=m@Ccj)q;33da709
z{CP_p?(~|c6NsxF<6sJl6c|i}oBk+M)-fXrdy~#7e=WcdN14EfNqiDR4nFiRJCM5U
zU%$2bx(^hvp^|@4mE_%`)NWV0t(T944jWp;t=xaetQEA_B}qR;w;ZW^&H7!Sn$F^K
zA6i;%5l(gFovvw+x$PNJw)w#5+_X__DvMP;Z0Qu^Zv~~-j4QFCji9R9Lrpgc6U8<L
zv=GLa7P(=U9nQn~Ryoh}Qfj`6$s5*H2jrrO4U=SV16m>X1XDF<abtc{M&At6RIdcK
zm(pMc_1<`0R0X$nljM#jx%*?r-gu9M>N{A2Z0|>>F1VSfGO&#{VId8=x|%MVW~($x
z=Kve6b#g3h?)btjzG4#%sgqj}y$B>tXKC;LL;FBv`j0!BnYa>L%W&%-j$;O-qcT{%
z5{Y_@XX@_|7Z3Zhfa$p#PtB_UwDriA>Kv)NDJOV_omG^8Cn{uSkr<rhfc4BOEf}J%
zLZ^(C$~ES4Xc47E8#0sT?EDFNouvj9%Z*#ss|Zy?-X05Y9RhbhiQdyqEc9-p^)r3P
z=YoOaLJn!KmAXyMZAJ0gG?J?IX4zz~xGhb!a-$?clfg3R48IZX8clkqENlRmd(PeB
z<&1p_ehb&h@=U-hi?hO9zF;&L7%W?Gzy@tlB`?(!^p(BV6nt73b?jqes;DoHIwYx?
z_MZR`e=91pL#z))=lJc7b#M6-?yfcj&9+TS$0vf*EN=Nb=AY6E9C)Hp$W6LUBZ{_t
zN#vqMJ7ZquHI>Q{IFP2`qme?ffr40B5;7sZ5K7Y^8pmWuGL~U^2mZR&O~At{?hs)O
zFaod@4%ltS_-fh5GB<}lj%>gVuslggS3g%|haQ=Y|1vDa4@hkIL`{8LWG3FhY_F-G
zbQXQEyn{^mYYcgOoC{LP_pd9fAH33!rtc^y+%)2iNQa1)GK5msrfB7_-;KAf)LmG~
zWlITw`;aiL-UxUpP%HcO8EN_o?(QW7t<67;?V&-Sy*MLSQN-g1hb^%Ka2|I4i`3WN
zc|~nr<x(vrwyfm-YQt8=Cg(I$b?5vlUy~1=62-ouCKxu_sJ6<((~c;PH?oca1;bVW
zp;&&Q#?)=??ms0kT7hR+1G?@jNtZ<aj6ho0sz_e#t4w(5un<2lAxhd<8Dj~|_?<_3
z5<m6kSyWuQgRZMExb&8nd{80OufSNJOytgPz1~mLaA8&XAZk7CZiV-fW%MbHThtrl
zJYXhnGh<;OZu4a_ZJlBLy&Va|I-zQ2kFjTMU5|dB{*NMWeE+qa2kVm5m_*GJf|%Vf
zHSV{sNe@38LG?FQS^;HTV}TrEMziyApVxLj<!yh1Jh#+c3HeR$9UQx7s%?C#pIvkJ
z+w)8yN*qrm@7x(0HCh^<A;)aH5q&hT%-hfAFTnMiW_h$b!#|x~&m+_hFC=v?x2vbU
z9v|?&E{xaP%;q4XD+!UgaxosmS=wL{^!yr-L{C|I&4LVh4Y-3h$QoE$+W4?ndVHq5
zRepSS&abR13epK%)MC63=Nr@-o7f~-+Q=H@|J$iO082U}T`U3uaQD6(y$X!~na?2n
zuLOdX{J5ieE!HDl^18(zd`k@X7J)GL1~vYvm{<KBN!F-Z=Um<mN?*TFl{N2_0w?96
zw2)Jr%#JeWT+!;Ic>kp8eU_ZnGZ(b$ZzJ{=vgQX)I|c&=2>y2{0UNYU_M`0Qhr&I@
zKF&&H07<Rn5x_L}E|KTHviN-#;$5!`y6szBwbZK>_d?f80JiumRg>Ttcl8@<kJ1CR
zQ)N(h0Pyie(NUChp(~*i@NGNhj|+MmBCyxA=VjOcq0wX$M`1QaWI+s1yLNoV1%37f
zootvhDU0CCcZ8<!O-6FR*1qu}TxPK^aqx|st9BbuN3QX&o9~l`R1+#tE$W@XdA%$^
zWJA!Xq`wi>6Pqo8KKXt0RxQ%0O{LMa;&!n>(0f>NKzgRiosgxM_Z{x-_nOa*;CEgh
zaqCJf_n5C99b1Id&&@xbBby$^MPslFy$w&~GlRXG5n}pvJFZKsSh<@ho@D(sejhhJ
zY@9R1U$huYH#HmY%Am)M-?W<Mrkgr<j>e?Yv_jG^L4|AIa$9z6A5;(K(%@%^Q;KK*
zN&c>X+f<2%C0mxD&9s#2n5b8V@R%r;UGqFl8QnqY4ZE+K1zI3-VneJQH{0t8)p@{F
zKRXDoFWJ}j8vAKC5Ce4DpNjHW41fp_eSO$kxd1)(rJ)e{ib4cn5o6c-`|8I*!HJ4U
z2Azw%Wy1Ek5O(0_6Z3ZqRjS>u^+CKo$@hO-!?HI@-&Jnij*%*-T0P{4Wk*%Ls}z6Q
z&HSdo>@^@c*>Vwh1h%V{jt#pCQ9ykEZ}<&Qv)~)zq|2``9tj0Rsabe~P8m(bsCQ(<
z->JSAhh;Yc;TDF9&mE`&&rLz_p(!Yj8hEaZ!_JQgy$ZImycIJw$}7B2!r#npYC&1i
zeghr4NAH2^(kZ?Ix4KWeCF~%9D0XaDMcCxzcC4W)rTC##qY9yEe1%tkf&*K0MshM^
zIPfUguXef>q&A~~*bYQ)Vp--L`NUP@5;PPtL;JMW$jnpYUNaPGW86Tyz{;+A<rjy!
z!19+it%B>%!;k;)8i(<xdCBWW5P7BFoK{uadLOZkf{4LW>ZgY(IN%m$vTxJv4gHbh
z$;6f7^#t#O;|a0qJan1;JxImm61vQ5mzEKoy6D>{`TMu<X`-ErcupAp2SpL5*2NCp
z3vigrWg++DM)Y6lx0TM6#k;g2I{S?pTBdXkr^EcADU<K%tx$ijDURhx9fv2~UUv?m
z$S9tq*Dl@;9~4JgskD@(TXY}6$$xwvy&if9l}k02tIEvYMVOG5su10}I0u7xL+FT(
zOKj}^36cS_*_h_xK<mZjj@cNMTQ90I=jLjS%?WY0;x6&MO~*3UN0O5UUc~o}PWC9M
z(e5k6!96Q{(FUiN6^|$pEz_L25UaaySDw;!dv#&t%4vu6=VOm3`42y7n;b;G0ay9$
za`)@PV9Lxeh`?{4?-wVC{C$V6-wW-gaPKh4(;P-)k-=UAjkNv-j2E<_f|Q5By!*cb
zT}5niXLRFY;5W))pJSix%j}1A#q&p9p!!6rm=1PCREk3}_2UcmrC+qcxM;EH1Wj2H
z2Z~lY_a90d>a%5Q#DvQcKIbKnYzpzPfGvNc-Vj=F+jlX?bswY#W)<`%eQp!UFr?KA
zqUw%XxS}JZ^wYJ#*1R?9jV&Z*A)C#G+EO@W|0-nxBNLrq>kmzEBN?1f5xNaGI9>?x
zo`QnFAbK$uy2Ynz;_4ZA`>v2Zg=79fbONV!$*3z3d_nSDpmGN9MW2_w*w>#VnipIq
zeK4wrJ;mp}Hrp;UJe!)X$&I2EW5`UPA?h{nDjpw^<CYiD=BwSdVJqA>{AY6nt;ddX
zB<Az)UE)iD3?I<*S=7)yWw}k_aQ>I&*TU7hB3OFyLJF)rLVkRI*=q}9+H*s&Jlg8Z
z?}A}fQmcXWEXl>b-I6ffpBobY0c6ykO~eNK-p5p}aMswokirk3c>@R%T9Z{zn-!Hx
zxGwtQL2lSBz9x(d(&(*S7w|(f9Gx-O#j;cxobK^}xH5t?*@d;3t@gYc9zPM=R&JQ9
zF0t2web?g2+hU-U&G7fGS|fBF8e+DqrXZh)*#pRmdFj8z$D7<RYJ5cz(&r|TZ?8@H
zmF&36%$qaay{sw4u0wUo$Y*{-k}>k2=PL&RW#kE=)BEMA)2;ED?inq@<R%?b>vrCO
z<v$POw7^={lw1BaI^L416**l7Gu6GkBn6U=zS)OkkRMMkW3NO;?<*VjWhj7?r!yXS
zf|cI9+@)xE&*}~hd1bq}CpYli7<-Idocl>@hP!_KH%vOI`TRBQW~s4^^oMA`Qs4Oq
zXtXIf_DAOsT|7DG<d&c2eSPwi1vJZ$r$&KLNjO)TUer>DDiIn;1uT3HI5S|NgF_m8
z{SE=z@m5xRZFKn)b}MDu2uc3S^tIsE*Si@i;7Gw*(}x1zCiW()KS5CWgtQI25&QK5
z@c;76eb+0W<*_rb)`zu*(@EOn-N6WjXSMuQAt4!`Ub9}DNP}T}GS_~vlazO#nfuj3
zRkG&^YHRZ}mrB#3`_%{e#W73+_L?WuR<DyXP^oc3UO$W~z>s_DjIp(uLn6A=b5+O#
z(E89;23l`tTx+9@Al2V=x+3a)Z1P%XeIy<^6I}J})dbpDzy{vRSV+K&4DZB>QDRz=
z7VE)oZJE5b&xY8`TPaec%^><>rzFBa{T7mfGmpu(2kJYw0%Eqxj3<bieOH;b;zvVG
z^d_sM*W&CxMi_dF3>$w{DJZR=4L1NU<k<$a-aPQ%e<q)$hS+fj)>>4V!sj1FT)pH5
zjH*h5t+Hq#M7P*eJqYk-|F7pn=VO>naH7rjR9h{!T?x#$-N>0p2Ch9taMVistOTr1
zT#(Eoko)lRzgBkyP{#crlESK{7DAyHH-u^_@P{bzmzS!`WA>A03;BmNHfTq8rZA<k
zS3`UPRpK{~Cez##bfD$rklH{u1SF5{`bC>`>-Ql61FgUS<s3VRPjEnIjeWq|BU0jI
z75{C7)O-^iShcD`YJR7snDcdle|DTSb)0l7ju@1<{+obhCtCHTFswRll|8;N=ojX3
zbj^#zDM6lns^=-lBl3n<vAlzU;Tn0By>gAq=>g<{_CK-U8W|(99X++57>3knF-UJw
z!%gljAbrb_6|H&~UzkYFCm_9{55jSf)q4m!B<NLoF&{)(*4G-;fzGjWd>#Dq(BHM`
zI>*jf*BG+@3Fxq<M!HpeNT8+_zDSPN`IYJ^5m4LzFfAb6=Y*hLx2CaDscO5)`jz(p
z|Eu<}9QKI4LQU8|GvMxxnuP486M|vVLDS0m;lHg2#WsUccWvud7$+Tf&IrZwc=r(2
z#LJ)yNE;^Fs!pMR^B~6RpKnR~|40QLWt3dpw-wg@aJCD=;M2L0ChDwDJWef(h|iaI
zKB@bo9KB^Jf7?<S8U>!2NUOP-OYzgaSH<pPJ|e{l=qzeA*==^Lpss8^7K6gN^D%fD
z3?0&bb=vjVde+qO$TM@D*EIMHH3*(Ggp~}Rf`LRU;=MRE$Mzj|X6<$QjwQ1^PgOxi
zBe)GIq=YL{wAEwB{}u}cYubxz+V`XEEM+|YIS<?p*Z~*p<!zBk&P`UVn|T|&j27`U
zLf;B;7A^6J?rocUAigpmLWn#Rz#FD$Q~~M)Utr?J^t_K0*nXDGX7j8{)NnwD*2EFN
zRwStFK69F!Ty{(*Sa7WOSJ~t5$!Uu@mCW**YcrSa)vFC;1nq}i1>b<X6u{P|pS>YP
z$@Zv9ZLyRo3WnZ&AdIYVT0lJ23&TPdUi43fM%m@yH+(DW4Y>PE*APZdbiXiIT6v;r
zxR6k6<D<F2{LL`*patWq(&mZJV=kt-^5!(vbF$QCn^M`3{B5zdQp(8fQzgb*TW@sB
zvW1GvM4OkhK}@B}Gka(xnTMi~dy>R}zK5bhr_Fy7o^tEl5Qu!n$Z=m0E<_fR`P*sV
z9D|VZPC=uIPC^<nBI8MiF72Lm8G=UWj`!5a__3h<TbCyL^4cR%>EExGZ@K-#z}>|;
zS^@O-G!eaGUyO=%NhQHMsn$WJ8~!_m(cgzlHp3bl6?2?BzLoUL?Rq8Tt=~53<o)bY
z4qrDIZX|~+-o77oRL&B=Sm&;1fksV<hc#km4y9sc-0b)4Um41jA7=UxON><9chu{>
zQzIMRpRBSn-S`EhE;7uu`WY8K7M{({vgl05-(#FQ#C!J{gGyh%_KZ%jsJH8s70KS5
z3A9ASKgtKBcp8;H?Zua@n<cOqPDed$t;STE+>pO=)X0`jtZNo}hifUv9g=RXvNGO;
z2c*&8HImpgB$l!i)qlU4jS?ym;T+Fs41S~GK6U^iyzN45`x*T*{aehxKaIhhGvcLa
zDn1<vy||Udchbn&^D>RE9doikdp1Dh#s9YtPY5OGiPD6{P=DU*vDFQb@)x}1box*V
z{*2{G6fF9sRG!{7v6=w>YzRlI{6ALWhT_$cZw>>^4y8C4;wD*)(0mq3_mn)aGfU9B
zq(J`fb_^fh-O6aX0T}**VJgdu=pK$hE22Pi6WGj9yrmYrU<e=g6#$%1bT{i{?hdFI
z(bi97qZ@DkoKQVQTdkFVRi{V(>*`M)n3yGq=`Z-eW<)?B_a{rvkPMQ6%hoD)2Ly+V
z8<B{>Kpf0MIi%ZzA_38r=u*(vM=hw8v&xnK5=Yxcx|f+Nr(=)eTP$alBmd7i@jQa^
zyq4KCK^st;6D+y>y}g50z8IfW&4m^@jL|+Q+};#9jBX8nZ4DmgRfLMux(3hxAH=0B
zrTv5yCTQ&VyI2|?N)uRJz^vt8K=-AOlpdP~X&gc8yG>0jvoHy%_p81V{FxNIo$Mn2
zFFVDcP({-{3N3tin12z>mDkU3Hyi6-6-AJ+tt?B7P86Df)*)w3z}(!Mo?}|1Euh|*
z^aNnO0^Z&k|Ig1p;Ei@cnPO16xbIvDU8THE#KTHwHA(3x=^2rQ{{NPuRRV%c0&-&e
z)H%>B0(xaPNuS^AJ$_gp+h+a!Dd6Kc0umC65H`gz%|-dUAauB%@jH<cd6>mIwvX3$
z=wbctJt`t1suB+C<uxhHWIZBRBAYE{E?;ti0lecHy=zP0`1y1GCETU+={@T8l$=hU
za)-Y8Jx%1BJVQGXJ=<qSUBK378@bG_n_KO4wpZQkF65vdC4!h{<?JE9V9p%#h5c?Z
zoU|wj2`#^|lu5x;;G%n0HD^vjy1p?#XU;@Gf68RQ2HklPm;G09kEwyV1WsTJbRivJ
z$onN*={JnB6$#*qfs+pK)2fml^tbio$T3F4A;6_MR<NQq-)G8F*!TJje<t^kMRK`a
zeVPDhXZd2H`1_nD(qraE`45{N5s@=joT&gAjU(5u|1%1r4p}6Z#sg89icAj6Ob_)@
z75q2|3zMDURd)yqyLS+g64cog7g%Etz}A-hK?gAKfT-}`YxlJjf6&A*yTS~&!pul8
zLsfd$x^qt)+q&^Wr%F$qmsPXghGWCsi8K7dFhFqS>EaUpV&_N3$&0^N(8JD;N3uX9
z>P_H?<Vg3hq?1=r+0Ig*IWFQRV|5rUF5<2xRytc|OW`)9*qL81V9T;PP*A5!G>Y~Z
ze9^LkmO=2k!<)%E*2j11qmxjdb)b_NOd~t5RuIOEfmcjED&hLQx~r^PNb(F5Z;_B0
zi+*Qhb%KUm?*VEjj+h#XA}IR2h83hs*)xvWnN;u)#LORHwO{VQFS;tK@h%4*=Jb(3
zo=L*U#;nmrE=s)q07bun*U#Z{wXzbsZ5(A1#l+RYW;7YFyD6}+#9j!z>iwkS>%pZ9
znDU;qq5@n|Pg%}-81z9^f`tECGPa80L9?31E~po}!|dF#I<%?=<b0|Io0I$pkF!0b
zg23UU7=;dV$log*t3#-9-}{%+r|iy8F9y{j0%c=qJF)lNt2S{;HE~cXY3}JOBMw<L
z4;kkLzdfwU!MiX5?u|W|*VzEw0w+~}lR;CI<P~N(mo~IP)CtMpSyW*0M-XgHiy4Q5
zRRMCs2BI8}gtF~ZQmSjS1NgB)jzS8tzbWw28iyssEAj7t|0W`{iG9x-fkE2-NA}Ck
zFuX>J&;7$NybPlYrg9b4c@`r~6bw>PX7s#Y{>ce=U^6h0ZNdbUv?>9cCv0&ppTE;7
z@?o<$3Z+{I<G3F&IiymQqN->rikoqXNo6h3SbPH<p_ifx86;FNnNDl3&jZU)uZv4%
zzx3@Pwb+~Ba5R^8C6_9Q+iT!9X(Y)0`!I)?SusFkVay$rF_#RcIm8jxCc~NbN52aD
zKKH(-j0uNBOxr%NN^M)GV78-0Y~?UqnZ_nLZs8&J_ryF~7J-(b$uBLUf+^zq@g(qb
zY5aOQ3tL$W6(w*!frc{2CIwtx!czTLAnx}rHzHYO&X<33hOMI$b~w|Pq%sQ=HYmPo
zA$dn~Yp+ZT57G-$HvBEGS`yjSKf^1_>Mk^oeDjWYVc6r`M>d=PN77ZtMb$lhK|o>w
z=>-Xq?(R~M?(XjHE<soXq`N^va_MfD?(WW|yX)QO_x?4XJLlXv_nw+LG2d}<v)5AH
zh)bt$xfQ9bWfJ!MK5xK<=rgwiEj3$t9HME7uB2mapqA96+HJlJ2g}-^GJ+32lOMUg
zP;^vDOHKKJ4#Lvm*XPYr6Ek5RajE#_rm3ehxU}FBqoGS)6FOEr7{g{ByI4EYIHHVd
zqB=R4P63j59s0fqs~!O~Z<4yjDd!9umI_Qk&Go<{UUXGGZB~Cx*^LYx4D9%dqnz7N
zdC}xbOC;y=<Sxbf)Nh<%CZ$epj$ecIhz2DUQc^)k6yw~Jmv!vUbq!s4OLl)?&SUM!
z+-y{$Mt&h*$O-0QRW{4bio*Aa+=*Yb>ursn2IataN{m~_j#V%OQZOxXkWu<{HXG=!
z5Bo9lJG2!~5zNV-X9Qk*0i=IK+6;|0Utry*Lk{~3nGR)7W%Q3SjD*;4?g)>w#@Ot}
zl?tDAtrKE%qvS*{kC2ZmDE{+ArQCV_fM6s1dBgC&6%%D}q3rFsb&8r?pNCz{>lQAk
z8xuJ-<2G4TRO002jf(vB=mtKO@sD@iLj}Fb;(K^mvr)CN{9XYQnR5(6ux|PM*I_<`
zGia<q2Cv@R#gDFs54?IjU<Rc|aL=7A#{BRRs-IE{q@LZB7vS^HeOsOwTsec+q^Aiw
z(!xJ#8pHv|yd2|zaq8<Swc9%;^XeO%n*yNUf@CmV44bZUVd9!u%!Db=C&l7p0|qx+
z6orCLZ+P_r^%XZFeS|k#-h4*KI%^>A^`m1yd<wI>c72GIo@{rXDp`bbHNY%NB^?;^
zbVRv5mB&s(c_BB@M|k_gT6ZeB$Dw5(75|{18}}xKm!Yp08W{7A^8~3HIgt8?s;-<H
zK0U<%Eu$3(F*rtq@%#!#{~o~xO19HWzeRLgjNligH!M8xwA=2KU(y${`|Kni;V%;}
zSa{wkHmND#JM{UN&iw&_TdbgzdX*Ll7XNm~rT|?!rhxB8n-uhVm3oHkdX6vI5ce?(
z_zcobr`3|6uNg@6dIX0{h=KNDN42`V81`15tBT<I^F&u)Ly!Eol`5Es!@%4hX>D@1
zCbaFJkA2p86YD~^m6Aa4#^`()y_~qeY>KxgexUg{JuYE|A@Se>XJWTw<DHKfa(Fpw
z^SZ7<#9@hv`$IGs{*y`@wV-Gxf8}|R8(RTA&4nRW5-ZxOMsi5OPDqE#Kir&NRzz;>
zbH@Us7O-)P0jgYW4X{Y^6AGtI59^IR<wR>-a7iSHZWv{{M*_Z*(<HUUDzzmMaXRo5
z3Zs1wtNSFYI~`h)eH20iw@b*8iT>N4$`hwmUxxmr$S4E_o-M6qaP?O+)989f9{ki<
zt<a-fbf1nC>#(D{#Bj7IL<KGj9D6c6s~6e~uYKj9w3t#SlIlFOrnTlIi2Fr8JP#S(
zxnoT?A@~Dt@a36q)+Yb69O33tVCR_2uv^H{QwFk{<3F)$S$PBlD;S-ZM-aCE@}JHE
z%wOi=fy+4YkgbO{ecV)oEHhl1z@3IyM{=-0K+i#to53RZPVOX*5jl)``3%_qQg7tA
z4AJP_tyazh*iW4FpWpXSIgcV3*iaiqFB!@-fvex%c=Y=1CTx+`flfD(+=eTC;(qgT
z8)(|Kl>6-8O0OiBzMU=jJO3mNEEI}Bp-UO9ZZ&ZYLLKGvxU*)SsBiw7i(6~r>EIef
zmhO72VF3vHrg$ve8D;9Ziw~cqGq9jPViIV7)pIKULAJ+Xk#nIKD`^&ojr?a#v-MKr
zN2_Vk&#>#L>C_dWUAjyNBkHX}@}}Ks);ZJ;y8>2`-LT+u*rpvRqwfst$ekKOf4oIh
ztg%wr&!APPlo`rNMV<hr#h4He>&#NKZRuEZ3;+8XBmO0o4JBC+oixEI8}$Bl(*ty{
zsR4hZBb_Qyz3_8ch_#U5zKc_1Sw3Obmz~;d&jVEA$q?jFVFvLZW@U1uI{(H1=X&s3
zV=Oa|Ut4}t3v``^i8#}M_tZtXSA6XLRAl#}A+BO8CD;4c6<EYwfvD49kxJcw4_wvx
zTqV_gEomE6TR~W4r|;!K$11+ZD#sQFuN;S6B#3{Myd6}sd?rkXG|zJ=q8MP=bz}E?
z{fRF^K@t@Zfy+vP*7mAl7i7||50Uo?i9aM{!&^SyXw=1{izOU%^b}Ir@GBrr?bvSo
zG$~<Z^(jEWyw3@E-KM`w^6X)|j9l(OvCbUdOS-t}-Rf&8+m=-jR=wnqT)sxbb~n1H
zyp``|j}Tplb=wF^WF<cn5K|S^Ozc|M_!E&-6kotZZGX9?ozwT->|}#8DeMozp+t$u
zK+F^&RLi{UM*a7CjsS4yR2g1BA7SKoen+5n!<uoShQpVn&hV0RH}DmS#dj3BNRx=N
zkk!YbjI97ts;VzThciE2<jky(q^BMm+3Iiih@1*{QWprQs%T^`U(}ISDtA+xNU5B-
zWH!3>1%%SgtkW?OnxjuSmAQ0sW$IM;+o!*`S_P$ANfs$)GqaDkR%`b5w0N?Ih~*<9
z$qLDqd}SzM$Re$yD-tVENhe`q<<PlN2yFjQD%GL)O>SW`Yek?l8vp)Fy6^t3Rgh}U
zl*-6q7Q_Srsn6-`dfvD8S$0va-iGFG%+VBq-PG)?yvL+jK&ZV|#W;M8&mBccY&lBb
zzRR7G+HQ&YJ@}0oF1jC?I0DP5y%hnvs*x+H%NGp8w|g}~iJj9h^3VkvpttXrfjn<C
z&`Z`V2{g|vbc2rU&2LP!jzjei<xB~+_TO3fXVZiAx8(4ugq!n@(!U(}Fj9ZECGgx#
zKS3yMz+ru9e4r*;_<(dkgjC74!H=WbJQp*@yi%F<HOFHmG~ot}8lyAF{A?o-gmQ9C
z>=e9ag2hmwX{F0m7;=NTjN&&Dou!A;8rRgfy|Z|N5KzVBF~r5DuPc{=PiDXDbrIu|
zo@u+KClJJ;GDYuGf<KZF9B0p9NUQAja0~zKq#0V+0^O+3{*%#2V6|k>DF@m&pCfXj
zs;^k`Xq+~AyM<SzjU>!Yan{OQG1#cTeKgnbHjvPfvtPb%UVUaKt0$0htZbvwcH|vS
z2+lhZ9T7TAUA~21UaoDt??ruHHTVqMxL9Ks)G)GQ^z1il$6{_yB(du}**k4w)YyP%
zEt05e9q&2BG|t?iLviX>f4L*+B`t*tHix}`1ZxEyYX!lMA5fvQ0>~lmA6YMcYJOF`
zL%2>_GWk;noE!7=#k@Pv<VXH}@R_bc@vCE#c)NP(3~G4Ef)fkmTK+>2ivX(}EIsq!
z^M6KgYW5Lr?2K|~8x#MI{Y5C95euZQG{38nq$0N8gzL`7Xo$HwC?r51qsOMzyT%94
zl-^*G#o7eP=}&&wW;8tb7r;n~CMY0lhm+?0ePKe^w}<Uhm;RVPyIr}wK?csjkOO=n
z5q-xlE@P=e3g4`(D}&6gEM7c?Mkr(5P4<{~VB6OdFWXS_??|!rYhNdX{{zkWn&K7I
z<P~&(a7dDB2Lu~{slT2`5PqHXdGA>uQ428gY3urQ0WS)wIetI%X(mbHdX^lE>}<R0
z*1N4M!pm5)&i?}5cMGv}@K@1HNDLg_D!3m_FR6vSN?rbAar|e)LhEIK(Oppd(U(&X
z!mq6eL8%Bq5$vE{GNtTdup1zQvmle?8XEygms=SI*5e!R&8?`=!0}@d1)c*3p(loq
z8Wp3gQC;)V9tPIqYmiM`;40^r^tp=tTbDm|e@{0;&<o0QgN*z=FxTnHJ`xAPf%<%T
z?wC=jz4oR-(ehnrSi8mDd-fmES%@YASIgOg<!c)H2aQ={jsk79UA4*bi5b~&GrXmZ
zQg*R=-csMYh5(<9{E;?vlHuB>wKpop;Qxcmaj*=^9GmLq1|q|tGojy+CX_x6CQ3+P
zqVUs`Y*Yd^BrJnuRbF(ECMqMpRx-Pgws!vz*f8B#Wrlb3#QLc5dZ4WC@2;+?-ud*=
z^(ugr*24p9VN$$Hjy|+At=i9ZZ2&uKQGtT<=xVz1<Zn%6*@*s0Pv|AdKa=M}5~Y1q
zPpqZ|@vgTmxcvbbo=$9s_=nUeST{ALkA58dQRW1gC@AX^(?^8g#ew1Jbd7=G$vp6!
z2x8#4g_zHC`VnD(IvX#i@N}z)r6JLXhiYVKMwp&>N1smgB62#W0QW=ZKgcl7yOI`E
zb0rm}*NgVj2NwQJjL?eH?c^2+HB<N9-~y*rr?T~M$gXj<rc}FL#KGZYKB#8WuJtc{
z-RTig!#o=pL?84H>70uG{)lb&DeN;U{2!i<K`i1Rc$HcCGj&|+?fLhh?r`{G9e3g?
zU)jMm{<mB>&kE<R#&Gzw<b@gMuHIED5~F<F3}Fo3Oj@S_>`2lN<-9hD_h!$IDvTb)
zPAtkB(NwqRUPdI5vzFBcm%BtU9}cgve?h5~xO@bwo~#DhO$*eHy>eYyg6<9AUlApR
zGOUd)E-LZz1<@Gfa|l1+k}@@W?2@u$c;%&ZUA32|MIXzTPU=6(MA?BUAZ1x&``I@+
z2JqJH2%_eHQIoRh)I7edkC}q5LWN1s%h%>+4tKmhYj}*RZU^18BWT=VI~kH->K#!z
zHK)9j2cnzl&jyhD-Y*ZTL(DM)Z8^`a9D~Aq(GZ4c{sYxX@IjM<GHoc3q1zoYRY|<w
zyKsJ-l>FR=`Jw(_na_o10^B?dROb^W-_NBPVfeS08kU&xgZtM&k@3+iZ*1jouDPP*
zWE~>P?{?(4h4wb+!JmH#c~H^cYT?N0+9Fne$g5lWV{ISK)i8%0Qd*c;=jV6*^Razz
zjpJ&CMse!3BXB3F*>#+c<8CC=d~77sQssk-0##L!jQ6}I9SLyG<D(v<bKF-2!z$U^
ztJ0X!mNU?M%&5m0!Fs?Ta@e@){`~=0_MWj;@)c?7Lw<P7?1R<hO#yIRK}5QJCTP>@
z1Jdf5v#`$r;*H$zTK+k^sS)M)bZV<)n;st7^kxzuDRTPwSj&fF!1{m~iOUeyfFmdU
z+@s}X)Y|F5xrO9q6q38yuR~fSTQb;6SAbpbP^u%2(zNlT+oObfK(gjJKbzVar5^<u
zyzP1IG|y%0=H90Vx)!*nlPYx^HM=Xk%cvH26Xdh+9h1EZfWQ24jx)_1Vy$C4pR&$I
zoXR;KB(hpr>rO?drKWDbJ_bzl_&nCS6A7LEJC`K5jG|-}n+y2sxI@sb#4h?E!D|$D
z{u6z@*cw3$f(%N=Iymi6w$H6QkJ8EXtXG>%8Bk0IcAq;VJV;~9s8W^XxLtmEkhc8-
z)R2tLaia|0R6_8^z>aFhiVc{0K?eC^6&U!pu(!?4PB1iL@>jQC+II|43D_->lYG-B
zJoGTH5)vrR_tgY}gF`m0LvzOar_-mBj9oM@g}#gpOEbzkWY2-X06K|EB^@svU+aS-
z#UFzygGc;pN#wN*-unOhhWTCZv^KCv3%lT<jDhB$1E9AR>x`1fmEv<d7_<r`a-&!i
zcQ=JD%3mmKdF?LyEf4p!60QP^+$q-VPx`8~V_BaY#8NIVmdD&oc~_&nQk<nP6_Qt;
z8~&~Wv)x=D?UO1?KF$XDy);~|63TeebXLfEf)rK>+x}o^y)<;$(jNzOT`%Jsl6Tts
zc!HWvcN$j@$6_fa5K}iBA0*imBPly8vJN8|wO<<8G^J9+zq7kVn@yO4ck{_~4WDQ_
znKshP)-`nL#;ppCrh0kQta~blk!U2@<$jwvxwXa4JATSyrcnoX`P3>`5Am7l2mUf!
zz!}`2S_1~?hLHk{g$5iMmJ{-n6fc*-*JiwH(}#__*){j}HF#hd4FWq+Zo1ircHrJ^
ze894oyN8>fuvFUOPUFd8Z|q#;bHi{ukoopY=ZQKCD5bq%o%(qxeSW~P469d(FXFku
ztM})<n`dXmkox5^zBn7Dc%0L5jL8BH)l0*Uo2FvfDvUpLYeBoJ`)I%TR}ax>2F4Ke
z<={MEBB{BW*CVOP&>SQ`n$O5{baWXwHE^Z!xTNPZbM@h%ytZ%>Y_@P8sHtogFau?1
zZMWF&3suHtq|Rj+w?dOP8xal0`yHQ3cpwjJLyp7hH1=kLhmHQuQ5JJoYk<I;*AJcY
zCP&fJZ^w;@eu@FQy}|&z$JllJ#W3<em=E?0WDJc5zSEAwEeZk4Q^J7AM`X<n-^=BI
z6NpnjEM5JPy=^V!xna?tu;`lVXR9Kg$mT)OI`?7A?8e&3uv06`gZ-1*2Q#|Lbq(J1
zJf*tL#uMsT?fI;LjDDQI>kXSN8SBZ{hLP*ZkL!UK%PyG#x-AEdcw^*T$~5WZpVPku
zUM>iwmKypUA2yCUPsypq)5|n85?!ptTg+R56oU7z(H`#Y*OA+I1s9oOw{@+aT%aGX
zwyZ!sR{YdVn{GQry3x`(zbyuSTR0K(?|3-zok-Tp-~S|OkVf}!UH_aCduKZF7$>_>
zLngKz05E_baYC8DGu4`o(G!*Kb0D``d~5l(bmSufDtif$ZA$4{T6Jm(sTglQ2`qf0
zrICn-8u*F%KcJgr<cs`l7x@{$_EwhMw_5d+UNY(H+1f;7xBO!Z^9v#W_20^;HWA44
zE5P93@~G_tYZct3!@{?EZEx0`m&%N5_f;g;?*P_Q5Z1ynPnKcho#tJuaYXufjK_ix
zC*#oRBwu9@93TN{f;_l`4M1W7{rK%52oQ?I?uA0UojKnT1TaJ|a5dOPV#6id3E(--
zZIOP+_Z}O5jT~mtK{wH2m0Cj=D28E^ju;Z(0Zi^)Vo@V=lmM4}R@qk(E_ngoA0gt>
z`tZKRDh7v@NNjDy1!LZ!q;(Yg7+F`PT&a0mM*RCXt45%#p9h(m%j5uKF=*y|13BPR
z*aTlC@$8@49l`yZX%;uLqs5P)zhXOll^;r7F<0V((N@0{T#6A6VI)a5WYckr2tWhI
z7_RY27HxzR$<@f)l~#P6Ctfn=f#IA+v|^okmzgQsv1K<4ezLEr14<x1F<5!^#(>?h
zL05w)j1p<53BmoO8wL`iC86Ks_COM&c&BuFZA{i`!-IFzKaByM=m{TS{)<~o7|mox
zHZQP@mn36KX1pXur97GBPECScJ8xljBX6<0?^N$L0s3LnaMUQKnpBPN<t`wE!h{MR
zQYjO|LVdE|%N>Prlz(#I+n?3B5qXaF9y{u6440<?ahL&UxTSfEWHh*E+vM#of0<YH
z%W#J>aEI<giZ)?cW=#m!BB;3iKMqeY!*D+w!IwQ1c0_o?tY4BBD2<OxclwG7s{uK^
z*ctyTiIn>!#{8an&Sk7D|1j{8{3=s(fP}xmT_Bm9CK<yTF~+EvBN)Sal&G84JVbCG
zFF!R1vd32`9p6()0R+c<#=encpCOf|#Fk+1iAmgV+rnsm)Dt*^wTp-(`%bi((};kX
z&_3StfOk5>RrHmER=*_T8v1et{=d91rv0{|XcJnt2({}CWx#uhxQI2u2;)&&V@Aw3
z2p`ME6z~47KziPU75_e$6Q@|^q}$k0n+|P18TYt%MXPLv&AbGM9`WdZ(`bgxY(Hxo
z7pNQSp>>&$MNjGWp~`!VVV`+%a?=!u6k|N`a_KB`{rl>zbH6Q_zA%Ua*0s531lIGZ
z8={T1SbUN#oWBxVC$lD*uGP1F^2VaiH%ZK$Zx25UJdHaE;0A3D0&7;gO$lwH@Q!9F
z%vu|x%oli*?Hd25<d;rs?*=?X$cE47wTxTyQI2nghTBhv9V|6L#2N=Y-|vt(>6Q+8
zQpglY`jw1{5ffn=`w`3XYsoGzsLFZhS09-M!~1W}775tHdbAis{U0glWQ@>x4+~Ox
zqm4Vh#f6$frBrYeE(4xG)KrQu5>F$o{cOiXH2y_SNvtf_#Uu?M<o&|dXgUlD`_Hd<
zw|o~b03F-Clp->IibUhAmVy^TdQ_Ka<23Kreec50=KDCzVhH?VD66vXn1rXfcsgQ4
z{&YyYDcb5hKRszMTa$4t2q*WWL`yMK={Bj|n1XmjH2iY@(psQI;AJFV`WqGAzxD&{
zsd~L5Ork@#24V<J&?9C69c0e>%uDG!H)yz=h>h~hXBu)B;~&9>s_U+pzlMi}E$**P
zw=N4~2o(ZHHmJG)%z>;yc{d1KmkzzVs}Hc*5zg6r7Xh@3gOD<fay;>#CWXUgrO8kE
zf>OiH(QSH5J)rS&CkzF!uJ}1yPfaj<-05=X76GJ-gPTG|3k$iswN+Hu*Q~_I8Q1Ol
zMcFTxwn&#2NzSa8OWB!^hb5)cPRHcoj9HI4K#h%R8e@60r~{o;<}L7xSXlVfTh0J$
z;Fq5%?>JuGc#-fW^^(nwHG&o1-tw;Bwt-)^5K>-Hj!(iAn8RMT`gThtlk&-1Jd3O+
zn=$ooxwnASy;zE{MpY|HprLaH*ly#dh{ez!e8hFlNNze5W#fq6EH0o8;-b{075;7N
z_3^KpRMQ_|_T93-s4TAkcm9F}N~CpZ(J<V`&j$lotF$CKE}(bi@p%+p*kbL{0E4Y4
z{MbCxS4z-n0(2q0#|@a;Rz&EQ#hPaPY!>b&pxS>h2q>dY;4vYNQEtEDvj}5iooRGo
zM!yN71FS3L<-Pi%LK5gq9^8I|d}h=@d8)e?K&~0K2S7bj3g|Jc1XiVZVnXR%GCMj5
zhtbQT+zJ=`GH#Ut#cMn%<=c*`gbwoN6S{gswXvg0Xp3sIX_P^0f_14cnBH>kL}C-1
z{}IT!HNZgn@`zNyv`HYUgIV2Q-$vNbQ$IjI{{TQf9c9iRB-G%if9mKUz;h7c5Dhhm
zoG_8hnHU@GIsmj6O^=Oc9RM`{PLIiV5&~8&C&r?D2J}Cyq;)%4BO%65CB;&b@OU~*
zy;dn49B>d8jTO*kfkP-Cnp|ZZvj?l3i<X)P`5pR4MXdIzZK)yQX#gf6c18gnLhxT5
zr+?AqBG!$4zW6`q8J8*u<0<;plgpQ>aNY`5)A?(G@D`H}@+sPYEQ`tLpWjU#5Oy5o
zR~SJkwY0@87Wj}u?L)O;Xr|w-PV|TgFK6T}+LlYf^HBV<!SIVV;Ld_iu^u6_YP-vH
z$?!tj$criHR&y#)8SdI}g@+eOxacLx2L%v>Qr9^p6qIKR?_cqKdKG!#CFvdkq=*f*
zou^?fmsR?!!yYhb>A9l?FD3!+e-duEGY>1^bRZuAw2qV6N}+y6Cvx?@qm_cnk^?tO
zzLjFLmQXmA3E?=z-IG!aOIpPEH2T<2w3Q;kg5!4@EM3!*Lk}AYKe9kVClr>~L%c+S
z()l;>MCficu2)gY)Q>Z46T%00jP<LLIyyPsT_hQ-I*mqHV}PnfDuP;cSvodXm0nf2
zc>^#YP(DC(Dsfqc1Es@|5&^Q}lCdqxkl3r3R_h+C9l`4F5jrEW7E=(vGG**?7=G(D
znTjpu9_tD$hFL|Q9w@?<uni$KZ*FeHT#GGbMn`himFC-Dou@;Qf;rMr^Lu}=lC3g=
z$FYb)J^odfd_^y9%iteh60u0GH?op?_A6k-7)3p|J1Hc@yI>AxxjDI#mek)~5w2w@
z+MFyu09yAFbQ0=>HUfv#Y-_W1X4BW<LGfr(71BnaAF2xVb6#*_5JZ^@@vNHdqrU}n
ze+XE=GZ|T>ZK>JbdRI9}O0KzOnZ&%wqB48KK?u;Kx}|Ab>9z6nb^@ilNwmA1tl;RH
zp3s1&OrPUo)DHNsuwzljXyP{Ozhgh-eh0OL+sLYKdF?Gf6TB5N%{qhwu)^yKiE;+c
zrT?r%M>nU%M6ARP#Kud>P}~-|csSzceu<%BH>2in%&$Fba**u2A}ASN`3?#TFJPuh
zglTp6=4--|;dp64Z-SIQx15Pp?Dw_=tC6T5YAMRn0HK6mo*ePOA}YEyY2r%1jLzrZ
zUX4`Y#;VvC%nae1YVj-49lkVVp--IQo6^`9r`;rj0@^OBP38pbi3V2Z;8dk1F*O}H
zZ5vAEl_W=~D2N(O`r+1a;A4AinokN!yMO@|R&3!rX<IL{v-CF#lFX)9<6F_G?i2!c
zJ-q?B8(ZC;a~JZGb?;Kk8nv-M0g<mU*E&DN0XGC}P`b`$nh!HL0j|oOMH6Y25^sAQ
z9QLH{8WGgev_Hr4{A%nNZLq`&tn3Cy{Su4gD3z@@+=7U)hVG<yb|ZnpI0Gm=t2jGA
zB3@0p5xpQm-kHWH*Qu_30yZ<IFX(!HY(G=(ag0Dn+3l&uOD0oY%?itLF-RBz3Pkt&
zy#NAyH1y}-t|cK)n~km~2LZ~pG<u-(5{9my)g;eJdb8M8eaL2DB;B)z9SWpTmiC$Z
zMims7^Pd508b-On0csS<CyDpYVWafhYY<ZrR7LDp%n+bVGStGmEExwX_(}Kzv9(kS
z+kAmBBBuA-9QCYaaU~v7H6tYPCCoD~!j`lTe99?Zq@{@|KHKAjL;<HO<byTuxkp#X
z!yhuq4_%kY`Cj=To8#7D1&=Bq8CmNvvsV?6HjGlL)k7KiJf*VRb4Q~iWeEdxU<emW
zC1drjlBi(VQM>`OxmSmpgU5GTZb`G2v)F5I=?oIQ6t;Vo1gW?P-?+3>0m>ZN0*zsy
z4s(J4C0iOe;_Y5`iJY+cxA6q~5_xmo@68eRX0aNT8)l*574nBGN7NS{ow1K?nWAqD
zv-g!FZkR8cFBzh5`6(Q~^_a!p=pwviihQAg6YIE-h7FmUSG%~6B2}5j>n?<kF{%R7
zyrw8GZ#9{leJ-dk{Uz;g+Ae4>0vfDUc({)#N@MZ5(9S(n&>;h(0A+^S+xxLp0m{O>
zG`qv5U~)giYUzJ$>NPb75Y3(<ZwBCAd90m`s-4Vmm^_*xR)z=IXrVfI;d&Ysbj3iK
zVS<}sQeo%Q5xiN6*HZ-SElLeu*y)VV`zK?f`rAZR?wg%Wb3D0Sp?R2D<6+<>p=%hW
zO4Z<7akMc5p^3)St;C}Y$WaqU<J1A!Wjh$sAXSDm%3uvyY%xtXfR;FAhhgveDE*hs
zE5x7MXw72rSqC<$<KH+urKtV7Sq*-yjn<vU3J$oRhOC59pM<VKG3R~HuXcp)uL#r_
zugc8>%~oMBZ5^KxUvgN0r2gMfTY7Ck)Mc;<&oAhSVym!Pq{fR2@;qB7;u6ROiGtC~
zjbI&?EUr6Ag#}L6KuZ2Ja&~P-!m+8>fjBb|Spwm8<}jimKmA>T%fop3Cn^tPr{C{C
z*a8=bkUlVaqU5f(Y}AOED6$^E2&TMXL8eOA*#_|vTe+`<7-`XDpT>wlhqeP#7>1Au
z$Ed10%fYEN9f*^CR9)TSox01_gK=VgZ~^N__c?ZiaxO-uAb<1uOt{id4%Jef+lLm*
ze4Eoe3<fgOj7X)!Iv@qxUAV>nvG;u_9he{?^$H1pY5UM3!bfG$-SV0&m>@RN)u2DA
zW_ey_Opv^K`mIk+f-$`dlOvAVxd*@RL1dbZJKyvB(;qbMJ~O{{ByX<iY`KiO1Cr+0
zyiizw4%^PNmFv-XvP74yMsA<#d3b$Hah+!q)U!M`_^8E)Ns}Vx*zD|Gw-x^8Envr!
zj+e7zyel1!3o@bWNtleFf!og#M3FW|R#4VcP{Pee5a(oZUkWv;#08PYn*{#>+UD^J
zg&NyLY+bgs>D@XSY$;+AF#n}5DhQYO#C@k<jFZw>#A+u;&b+Q@+!Xike<rD9g(bAX
z07QY8qI$J?$(q&F<}W06=tDs)ZKUc>lQO*O-Wr(-hHeFuH1v)72Tn>eJ-20Vj`$$4
zT=XfSIXV~>HwAqgZ&!1238ING`H{O&&}@(%rvt1D%6mgX>VFvaZe)E?D4vM#I$U1y
zWTD_Lv@?=g`)b$H9JG0fgv0`8QC0FF0iymCE+7AURdiyoNRhCb&Vd3F64iJ6KFHoe
zfjg>mzptn?!XX`M(7D%PkhxG7Kmj?7GTETa$aXLrSRKf%9AVb-m7tB_3pRP%^P#2T
zu3zst@1{nQY%TL%<a{kaU41hPv-dS!KgwL-bi@(+M{P1)Ee{ZJFgeFILdsZM8#&*z
zFiH5|+NQ>ujD}m>(E?hlT}7AORnwFp-{{a%P4{gw3VT)7_V_9K=K`lE2c&$|WFz1U
zH_7VAIm7}<=pYy^gVD48j^0N)cx|lj@#6=!k|})9d?PEAC17kH+_0fOJ54`98ymxY
z$Fw8ec32&ncZ9z+Tgn88Y-IH+l!dvQ4sEn2c~K26Fd<~MwH$pm5VtpnHmjf0$95U;
zX13Y*FUxm^=4hl91T;WAD!ea9vo-8FO&K6{6$Me0RY-3+SxZ*K8X$Syq<}~bTnJ)s
z%Bbv#Q=XR(14LSyO-K26jgntY(&l)DOlNQASpND@*hAKh+oU5(1l{1D$qm+ZEQ6li
zni4>vO8D@qDxt89`G2*OQmaB3U5K3mTXf)DZeD(X<w0Er4%y@A8HgJBw`J-@yN+kX
zm3qZ9wA>kMUHmlA$PTeLwQ7j+iZAsFj#S9*u``8s$~*JvE5qDR!tAxQO0YxAarYff
zQyJ)r7$WlUBU&5S3hY(&gcDPS(f-LG5V&k!GW8~UO+xor*K^RYQdsOwo2sIk^n3)w
z;!ghCHrluhJ^`RChYvU6ra10Gc2`4x4KFSeGCLCJjZszo7FA$=dfTJE8^>K`oNTW!
z?wD<pKD{9URDO@?`6PBKaB76S-ktkFk7*%dW<bT`AfBXQhP6F~NBVV&1R(3d$}0%o
zSC84$zAS@Bm`h__?`#j3xAbJqT>55rDQ)Uh@V~(<Uu_K#n<|jaC-TI0t2v0^skW9S
zf)sIf7a_y@?$|q9lQvb;$xKEOtO^k9eKJU0aAS_zEP%#&nO2otDu7T02(L@|5Ow1y
z#o6SQ1j&lV8RhIE)(1Z}CUnO+to~x<Ihf_L)>cui^h8@fL!G`mfyEM=Rj6)D&&-1;
zt_I&W+wr^;GMFBb#nJR+*ISfMp}y7!EHNAVFfWg0;5eR{6t@gRU1wB)L*el1!Ak4+
z9h1UDb_pr)`krilO_AN)E_6;d1Y&*6NHO##QUMx!DxZapw!Lq;(6fz24-YL5X<w+s
zN?5ERpY{CJyYK{#SN8m&TxGwwAL8>SQ*ghbYBu&m0>?yTCD&O9eFEto&whQ0)ihCB
z)C_a4Yo!#RmOYH^HS|Zl`a)zUiFqV-A8%ZgyQ%Dt_%Y9cT3o*xa@#4~yNrzA)(C%p
zDGRDFWM3evd>3(IL0h8>9A)sZ(${!Lc4}c&oAE8u0M4&E!??r?SPk!0m$5nKfVAiQ
zT@#&G)+Qtns_K;lRS&1&Ut5Pvc*H<wA0Yf+X8#sM8oVs@KgGX$zNw0y^aYySA%CLd
zzw9?AS-xYn!z$jW4$-t`Jum-74wtRt1FYBjl5Ie6!xn1VQhg}<ju_>-=-8+$&TY`;
z;xqYK@6SwD_lvJFh2K&;alr`kX~4=N8Swq@0H$j$VM-j&JJyvYNUmX9f@19aM_R7o
zm)esmbgMkWgaN!xlj3u{pTaK+!kfFyAKWSRHMFS^E{7!wb?|46KKUw1?q~wA4A~Zt
zNM|k<H35+w*#ENa!?<^IqiYS>GVde4Wq2w{CRGv+1<22bQ_4H!DNqoWr4XN#rOk&Y
z2aZ-<+b*r}-g7}-D|@Sa%nzlS%Q5W34Wed*G*K8k<wz<|%+J>t-Z79)R^Qc3HEW(!
zMNJ8jp>=u2K#N;b@@@@~bbqDl`4aL+hIvLqQ|nTUw+yOfnry=6UVlZ``x3_A5pBK3
zu?9uh6zB5m+?7+Ova_m6?iqj}!Aj$DB+-t*1s=eJ5L9U|^mWc2ZkoZa8qUd#Aw^6{
z&PK(~jt#wG0sZR)4`8;_xawy0o!<jG#NuMY`@Pb(E+}Fh^-b)W!{L3^sV)d_o!zRI
z=bd<m=|pFOb$m_XtOvKa;2YJ@nT+yO%*8sJ-zCZWroaYO_*YHNN`y8-smhaSWpHZU
z$30BDCHoV5I48~_4;lFJKZd(c9;_40f%gP~S|L<0Fo@pNnaxERcf(ppLlern>Tl|s
zy))okxTE3|(|CA#VP7~ATg910nO!aX%g?^T(&Sw0m(DX_c7WtGzZ02Qm+*f|O73XE
zAMo>bvhFp248rqdr6ZfZBD%^~v5f!MTHi|K=YBx?T+kDt%}L7iW9VaXo$X#7seWeB
z&CUxT;da>i#8o{l8padW$SiUn3INqVS?gGyTJpB!6x~2x0GPKN{~6{w1Oi<fzFiA!
zxYJ9D%1Kl=aQW_vXV{#*KQUQn1iq@a&BK96gF{H4Sv%>3b)yzgZhlg|@|pAyT?J5C
z^;nR?@Ed-7!+fiKN0M9?(8Oc#xpR7kL;TB|*AL^Iui3A@9T59x+LER1Q7q^#5kU+2
zWTgMN(vB~iZos(ZBvoumu_~1?&v6yHy<V}Xv}nMaFNhnS5EJcdc7QD69D<9B>NqL3
z_w5~E8o^~MA70?~dtN^gPfq$}61LEjFDM7WN1+>9(wLNu3(Y6;Hi(0s6>zA@T22VL
zpnZ4DYw$GI%e2|kF2c=Il(+na1I<IsCu=E7#)EHnavcX_zlicftb>F*jIR9;dF2wn
z-l1OU(NC7Wb}3zaKoUBQ3GUaU>XFBW;y?rglc6|)MnH;*PeNmut7@q+Y6i`c-nbSv
z`Pgd#1*|bIU9lHGl~S*uDQipD@7J!UGq0PTM>~8Iejtme6nctW=Oz%Ipvy0GtIB$%
z>_n~q>4`~u|06CwSxe@8E78cY=c7@>Lm&RTfVdiSM9g<{&77x_bQBoZA8uRQ!e1vB
zD<n@>9|ziXS&&Wb19PRUX_&5L-rdXaTN;#!oGWDCxjuK7S@1eaHL$OLy5qsrKJ-n}
z@Woik2%g`6grfsrL+3nwV?up<-!N{qUp;gs{f!^bsYpF^X`b{J?6X2|H&JktmS!-U
z(*LT~qTiy)&vth~p?oA5Z$ohP^otv`o>SJbUKm0>81G6G2dDA!(N54+=Ysg>;xb@x
zRGa=wqBL0=JjyRWy3JoP+Xp{?_y64W{=lH`UqII%_PK9Sg**&M?{r6aL<uh>>S`ws
zlcPu2<9n%a@ZUG^Z;&ump0#w6+Ix=<x3p(ldcPDs9jOf;C7)JuFjnTT8m`y3W$(T6
zr?xFCi2cCpvt@JcE}Z}5t|2L*%{MO-&_G&+n5bv@x@`RXo-A;2u$~w`n;{uaGxKJA
zh`*Vx9Tw54!bRbg;HxmhvUE`iibD>{`LD9EN9Hjf$!GOpt-m@ywveTeb$i?`U*cU#
z9UY4X$R2f4*)r`J_7jU1J}HDik_~p0UZ&Cb!Aa9fDqdNCmZzW*m5h3?hMnviMF{~(
zmkJj4Ee8eb1#O`nbwk0gMxjdYZbA$*)rxdWq^=l?kDqzy^Bwt0h-+2iJam*Ej@CPG
zl0y|HQStc|8Qs#=?=|`N1KlsnZ4vhYK$m6q_Zn*++}w*xshnqjs!!h5v^Gd+vhp?f
zr^e9u72mSPPFofD#SI!K;*bm{tS=usr=;8W3#NNzBy|G5S?+aCIsfi(G}ajMr<qh^
zP(Hv!{-gOS@=MqW+r2>8snkhw;|$+FTNab+3C{dE>2dO#0t5^<R@*$Ag9~S8FB-wk
z2r$EIOxvVq2R9_4ug@vney@VVzG{OzpT`7rzIAQ982fhJ8b}!jr94wWuE_}7+C^Y5
zjt-%HAPnFg*m#-k|8e49dwER`iV6d^O^d@~=k1PA0N5mfZ870Pm?$r_5Kl?MHd{?3
zyG?RG#vl8H08e&c+gTgpf-owb3r1JI9Ec$euvY8dHJAN4hHZtfPf55K-$;P?Pm&|<
z`-Kk7Nk5bQ_ltO3kE0ih<oqvtUiwFl(c>7C2R!{pI_y~ciB*Gc>S`*MXqI8ntM%N_
z$=PjyW;EJg7D2oL=EB&$j30&?Ge$=VsJsfS8zEY+BOmHEOTND0048Zt2`!USJrEe*
z*`fP9+*C?A&-LH{Y890-xt<Up;@>2G5IWDr(-1~v7q~Z2ZW|v&aEuXY#I5w5CjiJY
zIsZ)}%oYCO^DcsmwiC&q8q?A8Ti_69l5t~c(p28g@5?d+y2p3R&fw#b6+U5IvWQt7
z5TD68!9fYXL+?hfb)rL8=hpb(e<-S8S5?F#oyF4sU}7ss1?Feb5H@6)oe#>xFKJFe
zKim+60!4}g-zXtj35n5v5O2i7e&BuHI}^(>@!H1y8IZj;Of~KH)81s~Jv0ja0G@-c
z$JK<2=!EnyuqDTYH6{n?X^<^}ic1_H<VA$6s>s%pW5PbRl}D|9FW8lgud<_K9#Ly2
z)LZq6+pBGmZE}A`7g5{hnZCI?4YP*(f7Ol%j(!YG-(n<C;K&qas?Aq^pI%63nMqa7
z9@QC$FBZyJZAU9<l!Wx&pT4zM8y;Hk&tH_`cru;n>d+$}jPmbSty<CKiwA3!K;S)s
zNfMT&bY2+zHY1bFK(!P$;EDY^gKnsXazzdBUk&iOScSWB9h-+erH9_40BwhYe2Fs1
zPmM947D#PAsYa-;!i~+pewh&2JI0F32gx00I9Tce6jH|HCL~<ahr^LSg6TQ!m$Hqm
zTqUSM0ZO7nR`Icg-sE^fYju57rsJ#t0SXohY*w*Lc+2PKX%0Z-c=5f6%#ec_N<<Fm
z+CrV~H75XMd`1}YrYStEbjsNKMiozz7tXr%mcL%t_x3m2{Flh^2Cc%6F=YQ5lT=1+
zitCK^0_2yzTENlx5VC)%XavE@OQqt)lcREo@DU@Vx)wJt@P%0H!1cei#jgoWzW$G{
z(O<4J#@Nb*B(WafGGQBF#Ntr%_ha!~qU+a85fk%*<4P}WzbF3EG5^1z>AR(in|J1w
zP5vzSGsVmFJ2YX8V}#G~I}|g?ZD{neaplYP{=v;@V}Yu8@?xC+6dg;nS{bX^^G{Z&
zI?5=QsEF9hRP)qR^A<+{@}x=Wlv-y%_U4p#`eB~UNBDR~)%HC^kPQJ4hN=2sEl$Cr
zEKMh;EXu%)HaV|JB~9!UlvmkhkcQbX*-kD~_{f4_mlFzYBXW1VK?JE26#HV2y;nwK
zS`}~$+LWC9>PK2=|C}nAA|u+Q5j0ycN7r?fAhWqfX{5zP)KuO;f1K-mf>FJ^WNYxm
zIe-4sl*ibEh*E=tD$C4cU#w5b_k^qR>{4lSvoP})-{~*rstf!DcE>le$5Kh0d}`)6
zkxvD|t9=FD`4HYNe6z>khSWx`dqS|G(g5=2W4ncy=Zzf9gs?wrfU|SVn6Sk=UnXY~
z4>i=2+%~TAVr47Cv8Y9*g59j5vlGaz@{%H(L`diQ1#cI~Lu=PszV@=38yW<=pS4Na
zQGCYqETB6{bomnbD1-oB#~SqlnsSnDSPD`SVU~^Zl=O+E`1C=rw)5-}w>Mk7e%;qs
zT)fM;m}zObQ0w-S0b2=%rYh!Be^QLw!;v6Vbly{aK<S&_=iX20EO)#ws3gojXYgSa
zG(yP01nt}Ahh1%TliE2QaY0^Yp;4Q+J_w&2&TK)gWf_igXSV_GE1ox<y5`D*9QZq8
zh^(M&<#<MA)|aD}gsTmA3CsazWCvUG<z)2felIj20RrF<H<_uL#IGT30>UK&GumbD
zzG7l(`uAYgXYaJ`Wh4KJM~N6kJ@W<sr0!*4u;<8-VI^B;Ti=E~K>UaH!<{>5d7iK>
zioC>LBe|vfoIVVeE1lnB7j^<9vubwE4Jrm}FCG$rJOhl+xh3c)%8%V6^JbZl98J4|
zM~0j`*{>h}6Wr)yVZLP#a&Cml+AMR_aA<?Xdi^J>*QoaLsTJ_)Y^YG`z3X%Iy6OFE
zwq8WY3{PLdnIk|yAVD?`L|w4&58Cf!OGk?u86sjq@N}4;_o(FhP|!y|xwZO8#I4j@
zJNDz`n?F+)XoSY7oMhhCmiD^;a~Hl&XCjbak!daxpE=McGOyCmOo|MB>7RT;JAB{b
zroPrM>zGIJR_iXv6CmT1!)rg_-Ga~D-BBgn6B)am@4!c*j&82d&Hj2$FCG?zg`yc2
zav<9?7Gy#a@c1#9QDCOTMGS|#X>Dz}Y{D`PDoe`7hz%Wl$U7VU`Dz#{y#D=d4+}C6
z|Kb+_ZH~8RpWYC__OA{PIKdKY`08ml@<GU?;;1o389FTI#+1^XJe=DP9{tdM!#_WE
zrU5OJzb<VCIKq6<+#hoLD_regsznVQ|8(XIPiW+_3}OnoC)ggj!&5$L;P{&{i<N&B
zsiPyi&XfmN#3(@pU@$SRgu-~x@k=p9?XxAHbkVn^@9QbU=M`Vq8`nryx9_n?Smuf;
zu(pp)Of*W>bU7-&tPPkqWit?iojtCEO`1i3g0H#90Bltr)?JdGKY{G`&vbDPmWN(%
zilAH(`EQ#+oFV98@aVPz`O#O5HzbTV8H{4W3o3@DSvUddg|8_7`?exS1LgM4x0(Ow
z8Lwfre$s%^M_-)(H~GB7`me0;f(b8`&zuE~`|i9Ka%(XsybEG$K&4@moFjU}{UOmm
zQVvdEM!ly)A|zo8;Ahf5Wwug&BdmskZeXzSxG9LGSM2DJ2rOvPL`f=IYFi~_>_tUt
zqcMLzhXbNl1lqmMa<#pM<W+dlYUo3XX#f;G@5{i(4>+L0t<B0tuIKZRP2Y?2ue>yG
z#!W9F-Lh_Kx=Q+DNq+&3g60z%YV)i&bYhAZRV6JTopB(&py|Y|+Pu>pAw>M*+|(Ui
z<h8fznFZ;@%^iI^hvU02EcQ#8E$?}-@d+BziGe%1K_G{q-=NZ=wL3bVq56Dm!<3mC
zoh16GUcaGU(d`@cf^ivXIahgEw<_a+T*~b!`wfFSe6B_n_aElwy6#FKydfJeQAI=c
zFWY*Ab8T>qF><*@w|L(N>nd>;xV{b(;B7>A?GbjDY}*`&1<u8QO)o&4!7UuDjU4Ci
zFgJfS-%=-9i4kqHk!YhC%&zXD6$}6VU`C6VSNI)|VpP<Jel4e~t_6Y(ExG}3zYav&
zMm_s-g*wQsgW<SraL*}I7n>6?T-g2|)7MSu5(T3Veh5{bi7{A7msQT2Bi$Tqc<0!a
zzpd18K1u$Hnyyr2O7Z+L%;YI@lR{YBt?I`>ygje0csscoFgvI;>9E|9Ego#;M!mq>
zx5P^<ZK#F06+Rg*9fv*`KjgGr=a?4sEuD|I&*`MWxnPkuBI4WBw(4c(1M>Y>=1$`3
zna)o?)e?)d4h_no2IEHd+OfmO5qjWLLzEwD-AmSsZ-2R?Ma189TSvg2lJBPR78!%M
z_?x5-e24@oB;FbP>Ej&$8toSw?@w%Z47kR!bq~mxnnjN}VYp<HG~ji2%x2i0j}TJz
zQAD##^e^+7oUDw%+-SCu=bF;kmNvUD<hGLwI(O%^*d=5SVaoZzRYr)fuJ2kXuf^pH
z*+&13)nmX>clG?wqBD8SXkyIt4!!*ecZIY+Vl<0b#N~O#cfeFj!!d?D{>~L4F}IgT
zB0+Rr@{yluhYy1;^8#~1N46HF`#SuR=#z<Yygt(e;Q4tA<SJCt9~k`ol1N%HZ13ip
zRAljt{QKT*yGK_eX+hY&Msk7w`6~PfjfT@WAZ9?&I<YYga`~iRQ68uJSUl#ewQu2Y
zK=eu95nTgqZe(Q&(=B@44MXx=Le{}L>`lVb!CD59NpiYKW=?IwHrTopHx*vT<RHlQ
zl@HO)i@5N|ttqka?+m(J0`}+_LLSwxf9;i<bE(tlas#b$yIseex@2d7B{?Fy#Atjx
zsv?FP#D9As4Vz#6KS<ht;K{eu)}3)qQyiHY_b1ZIx1A;?RwZ8f4K^<Uy@)uIQm^l9
zENpDNlQH|)b&phMiX)O16z1qo?f1IkwH<%nyzMcpTmwS@ialQ(7;G0OiNYsQ_)QnT
zD#vl<Wa#Nc?CInc&I4*Az23R+OW3*5XNi_DpsWmQ<L$Vq89H)1EDUpYb&QnRVq0|h
zrSFBDmL4lg+#Om_689s!)GTRsmYlMz9o6}o_InL~*~k9hqLgLJsLpmwl;&JEH6%V1
zqa%me`oFgA$Q_1`IeMQgbyv)9y^*stk4{G?XEQRu`oTQ?G;1onFAXgbs=Xk}%<*=<
zSN5)u;(iBryku^4>6sTaS2bEjb6)?lGC)5!C82|MDn)r!;^whnRKQxSnU|7rbm~79
zkRz5>t~w|I)s>M}j{UcqX7y7$`QUl>KVn1tJtwcfI#-Z=2lqitM+I?g3%(g{^~*-&
zs|5+p95C))lUgbP;|#X0;@ac5Xx23fN`1dAu~$^c<Ij0sqIL;UA)i*_^}4|#B}eP>
zH1Abe+)Y}Q5QuCWTZljlvSiK|%9X1~rxAM5e=o(z{q3+vhQ_kmo{J)<MteKFQ;;w*
zx?htwz`yYD2V?U~K_{l9BAM7k0&;<;>8Q1|cQc8?w;0D`YUrRf{x?O%CxUN^%U}ed
zHQZ}Fl?j3;C%G%EU{b~4wV{;!G!~Rc8N=vtKj{gwN0*hGdQ_i#j7a0;3Rd+R*xglX
z%Il~Imk`_}(N5h9cTZs{+4R_nJLaLuGFp_E<3Gf;5%Cj_EJJZRYN-A`Z6rJy@e_tj
zL(X7WsxTMzQ$s77zXJ~T<A4eAYDC<`ICCFcb1LrR@d@}+vy=|yCDMfWje$C}V-iC%
z&v7a-<TYxGxRM}6G^Yxp4t?UH$_s4dm5kg{fvS2mar0Ng-q_e8evhanM1C!-3Jv>=
zkH0U4i;nUQGs~pEx`=Yc5O04$KNI5Y9H!oMcS@_(w0pj!Mz`=~g-OgB!<=BhNe{LW
zsB0q7cjh#vrkZK`H<tGbo45g+atw=#cPZtw^O$@BMG99h?tb>DR3=Z#hL&dVf34E<
z5J<(Fo&4DugKiK@E566uTsnGOCZ6}{OwEvc7I&Y0w0z62k+T0Jo^lL!UQX4RV@=zu
zT%1TgCX9eRF+x9f<-y<k0I_h`YP0@pE;S*}dvT#Ux^9$8|7gAfA*-48dF$v^NFmdY
z-3FP!KP0Db)lgDs1Q$FcU=;Gg%Q*82dT0fb!0mbbdecbSOL;W@?9S3VDgBvi$wu0w
zZT#_L=Aq1((pNZ!nFynFk_N|M|G%AoH4vtyE{^GY<5VJW6%9qA6#@#pP*e82b}iKf
zC+F~j3Qifd-3K&B^)(QJN*RJ4-W?eiI5i~iE$F4=jx|paTgoK-^VUe;wze*D@+(@t
zP)0k7$elz@5)TM%{bP-@*YV|--exJA2}H`Y%>b0|M_3Ywv8#>cM=J67SDY|<&%D6I
zI;Fov_@hLGxe;MB9PBwQ#Zvs-7D$(jXwJKr6u0*MC<<&WAU1f+45=;yc;m!*YapQO
z#{O$o18wiK6GsD&BEDj-LmzE9Txb7%)?ottxzYyuEpM&kBVo(NJT-=PbE@$BXh)}*
zOC9`X9G>iCq|5rHb~8LREnnzbU8o2AMI^Q;$S{0Sz(|*|;X>>_ByFx5Z7R*D!o96J
zOa6RNRFk$aRce==vVC7h%mjdi<ykox3k?eNjz--@N5qkR7tWN`&y`ciKRbMz>~Kic
z)xv0X=Qtc(csTuHnYtFd?ptuM&N7ark^R5Hd)t3W{4|s>kzCrfsT&mHVT2gnfmbf7
zYnoxM{aM#oD#w@^4XI6*^xr%l@2y%aX)waI8Wq7oKnenPD}4VhDrFUErR#zrO_2YS
zdvs}~Y|v<yv1HoZ4!N68);45*P)tfAQ&GX4VC7H6fY`!0zvR%-4tZuk7R8l2UEV<n
zn0+=EPuhww5JM#Jfc)OxH7T`NgYr!Ng^%b-_FMGQ-XZyjjd(Ee$@padI~;7H#!+?A
z98^~F!rB);i-&|n>RszA35NKolUL%BSK{cT<#H8%|BTkeIeee(9`1QZPPabq!06gP
zl0~0~gBnWW)noS?iWaX$0;4To-!^!p?Am)90`Z{>gp?CWYa6t0NGR7(9$rv8dHXLC
zde31w)!e&Aa+a<0PsHn;<bE4zlncUmd<JDw!K=AnBv&IS7Z~VW{B+_Fmj92XtBh)^
zX~GnOgyOVla4qic?pEB2Lvez8@nR|N?ykj)OK>Poad&tBc+dI%Wbd8K-RynN+3e0U
zvokb`g=1;ok=@h@%Z=7b2QO?SFUfrp2r1+}+mX)XK!%AZWbPP)`&>$7zhs?}A2zw{
z#e`N{DYY-r<zXrIzSSIh8KoUPV-CD(5Juq6RrOscQK3mgIm)jvW0E?rjPKF#<-EX_
zx;|m{i9CFoo9j&s#A499j5XYrF&*JPoobSQyICh12#i~aoamY6VJ8xfvDjxrIfW&x
zfk}k)P8H>Sx!+t+b*G3bvmyh;>9=G0kokTEMRMK$#5#Q`#)4+bEsyT~E@OlC41=<2
zBSXkiB*SmZG&Vfiktfn8hMr?dXC<=%?A@y=jU2K9{gkZ!AQ@g%8qH=!v}x}T*faK(
zDow9fF#mRM7@gWHT^~=XdTPs&6+88Y@mm_m-wxbMk)abB&2m-AM$!+Ca#hgPZ4cFu
z^r0Ie&v?`0^ks#ryK6;A*yhGvzet}R=wxlvBI}R-tjQ_z-L}_R)AaffyNg`eotW!k
z2*2a`j9Xf&y2FYd$Yymjfn=gqtxhwkLiWb(Cyv;!L%?yn8dxc*V(8jF90%Yypa+tc
z_$b9D*qK=MICADYrciX3-NbX+**|9HMNtm!Q{PFTs>(dn&<#vgs2)Tl5b!3N9Xocs
zY=7U%96P?O&abC_zxEnbB_jG<3!z`B@2SM;$_CAj**dzHfuHGGjm?7St9oKvfEHXl
z`5&clnm6fSspaPw9JBNQ%gQ)BmP2VTV^>xCMG6qy+{ZoPB?XAqnYbL}PL~s{+Isof
z2MARkdVCNUnjGEsIMdv+QjNwY%=<)`cWK<~7C^bc(o6vDvR*cmR^x=g&r<T|2$5Ph
zQt_^4S%bc5Zc*#yz~(KeiGcr%%<?cH-)A$N6XP6u#%;Bi4P2<Xh*3i$HD8p|?5Lqn
z_u|90S~qr(2nT2O`jy}&Ua3e#H+AXVB@p7;u7t@S6R9Lwa;t303r$xDcNup0uX5+8
zG9^lg#@>A`U-7obm1b)d6<D}n+arLJ=Wu4-k-^}*A|$zfF%>X@S;dumLz8Y0zcrRL
zbWz7$wk_q%Fm%y6zrL>)lyFeY$%8W=GpyeAIpve`AC9<9qLS{~CIs&I&Ck_C8wT;|
zMe9RS=E%D#vKLIDU&SC7oV+GB;Quydvd!A@TRw_tVRsfyB&cP7WX*3=Om}<eFECSk
z*&2ABt)2Ecx%T2=@4BVt6Fk^+nVL!yJfyOiIQ<Ut0tOKzi+m}gHCvC3>vciVl3)Lp
zUmgDzd<vG8WBx>y-Qu=T#6b(zSH<E)D8z5zDMFGftx6c3?i)xl+0l^u1IW}s{f$V{
zV*3T5O08ZKhLU@du8}6oY;KcBKe9KreW10_>R6qw?f}+C9*(i1{o^8%B+k`wjh#)7
zFT;@and2WUGl$BdbZ<fX#9<VQnhu+slNjyjwGFFtw6LuJLe09K2rO+VfmNqmh0~d1
z6qdHKeoYkRukzWfwyw+XD!+ZTz$mw!y|pJqX(QNhJfR4KEeuAe(5`B(Fy)hHqM+kh
z>z;9Lq9AypWe^;&pj7PxMD)};@r!9go9TH)&@5}p*K~?pE?xwz<z7@(J_LSiXWQ~h
zP|(7I+e{=Wl(dZty7+G!&!wXGZxtFZ0?nZ#s7xFpTG<NHIEpi6VU}!s4|pRAdL=Rd
z1r=KB`If%Vy$HxQo{xUAslLGhUO_=gLj9Lhh^Uk_F4X92#P)L0CwJ(&xilE1qhzGE
z?)~Vk+uq_<^-4G>Xv>w?uS6aqdL#m&4wzzXF8500Uvohzb8F;7_;0Rhj@--A;6h2~
zWf}Tc$WKqqTv2Wj!9KXOjK&pU6j+>XR}_;(Q;ery5YhL0lebw`kGx0RhAtNrp<^*f
zcclm<Lj;UM3HnNPv^TM@01<5=g|LZEv3le#oRgDqfll5<^`wv@(QUkI^v$1WamPQ^
zk7W#voKSWVoJP^ep`>cHRCVv5F#a_4#^6PWjS!55=S9E`<Qa$80l`%yzf9;F@gYRE
z#%R3p|J>5S(78GH0-eoLly|feL+iYzSZO;9Q-dU?S(`~^|5QLP*1RM(dmlk|huGoU
zk0ALYd1%g|mlm{(JrD#}ZG;wf|54w;6$Q4Dhv)}4c?Lu@k`bN<VIy6ATk!8D-VEAq
z3BJOxiz5rP%cxWVUOxa5;PIUYK|YWd2M}+1uEzo$GkS+XJ@O*F$n;zqz>9D~;P_|h
z$A7DO)J`1&D4T2D@wcNpN)p}sEB$prv38~U2yXZQEkx+i-P^;HuzPfeikuhe*9|Aq
z6O=6G?9UmR*&3p6(Bg<aFXH#qvPxV^cM%Nio`iy4QLnhU65~H($0?Xz{V7kcjTK3w
z`)p(z7*9nL7{3y&*lDk6dgUq(5kwtYka0xkmiTU4M+nxpFNsprjUx&d99r0q<}u`?
zG@Z`Jgi1#bE~s0Ns&=sAr!NeE#0lbSzvt?@BxMZj>T~0oVps8fK1Bl^?<);hd^Lrj
zMi<tGt5-yijzlGNNCvgan{FAyTbzHh;zm)JI5jg;;@ag|)h0+G8>;%-DY-J#C15ie
zyOe^WP)!XoNRxq!ukga^nB-uor>I1r)`@li*R_SVudeiW*{bz%QMK93O~q=$#jgf$
ziC~wiW|y3Qo9g+4Ak{Ig{>2}TVvSE8o-jpyw(~lqC_wf|6k%5h8}cnJCO}r>kMh{w
zm4kF#fM@#`>4&1Ju47Hxg-mq9vRhKP>AWw}S4Cz<2wXdOlj?O8(zS4r3<wsYUm>1~
zLtWdnjoY^LU0ptl38t1`*;sfZ1bLT`Sy*t>!Ot@@CPuequZRq6sG~2$W<<8Rpo#Q2
z*L{rP3qRU08g`3H5y9LP44XWJ*+bb98*yIEP^`mv6-ZdFnRXiImesNXK~jd9R_|0X
z4SrJi7>|%Wwf?PHxpAr`D=D@YAL__(Ac}mTu2T_X9bQty7*B_lR0Mk)K6J-I%?Y^~
z7B$l2J04CuFSOjkOuLnPZ+|iaMZQkgY4?3RBi`+UHOCI)7p~4|?=f^N42H%ahNxc5
zJ$r37uCi}K+O`BqI`1kz7y}oEcwrqJzl>AANckUhR`Yn`WOCjTA%Tu}MwQ4WyjP<?
z5SMvTXlHn%(@9Qn{Lm_jSzg8aA;~K{xNieSQR!C8mK&K`z{@dC2>D&f1*-jxcEtM0
zk)c-L97)&TtRIHrD(B*$JX6-Y<7Xb>cYKmvZ|@Vyy84$heWckC3Xf>2LeW1v0W{O%
zVkqa9tM<}GJk#X+Cv*ISj$*U1+^E~Ggs2-P0%tSxyLUzD2tZ@dbT7}JKEkb{?pziK
zobmFX@1(4$0bd*l?i<%>m&M5Oxlwf;e_M<8_<GZS%EOH-86xoISSTxkrPp)xnG5XI
z<ofKf5V%$4;lcPB$!-X9Dz4W;9v-J*JB5Zg%NE|gVY_)Qu2){=Bbpq%Em2T<q(9L$
z%}he8B}w@ye53m+OU)8r`Uiv+hal(e%P3v%F&nq6kHIAmvQ9?t<Z^=;%qOw2(2xM0
zhvN|95AiTd{iIt(It-&rp^Pqx3MS2=b)33*q@si{E<VZmH*FyEe!L|ngoaM7&mQMY
z(v2m{D@!FHZPcy~P0)y*Q^Lt>tSaw=s>XUd7wFZF=MOgoV4EDcYCj7@yPVWJm(=^z
z=JewP9OD#3-_8iN%$sTsbfp?>4&;2#W1VuxOI6ZrEtd4~V{7**qiWB9oouY{)BIT2
z=?3U5%-Mr*{u-?CJD0@C=N>ccj#JgMw?be!%hbRd?W`^DvPfs~HwBcCh}VGnslR}?
z92*MF<T0Rb`)sC9{qb=0Leo+ydB~5GjKp=f`ETlUNGH}!1Hph`C-|m8f3rzhiNTRe
zms-}NGAovHW10yRZouOsCJnQdXC4Pw^OA}S)-&L#a^2XaR<&vS!^UU?|FdQ7Q@1L6
zpt$n1tv&E!G)FDRV0HfnGez>ylUjP(?k)fm1V_$8C2M7tj9XzYYY=-^YDq1tjnU1j
zOxi{Bo#Wh1cyZ^4m%fXqG5|V`ba;ua=%&+!jFCU`i=5{)lBsFV&c3R1amQnjsTdW`
zwnbDo%x`AL+JLvrWyeKNr*0k%1<`ir$j1BeuiZ|E0k4;9VU-LIkx(yVQ=*pZj`m!l
zIC^6X4K<7255<*sTt@Yh>cm53#^>e4tqj}lUg|cGja_#Wq4b75$m^q?C<$R9OT6UA
zUq=VsF9v~r`F59Ou1PQ+y2>PT*%by$_MpmEC!Qqj&^5|7^;k&;qo=B@S5N=Vjo<d5
zudPmxJF6TwA$0}I7veX=*%&fJA?Rz-ra>ZX@zeB&9|9jYyju5Q4yO<7LC}60+zCrL
z0(^Di61O}6Tlrp_8H~Bg#qoHq`<?|tV$CT?vCa8CG<a)#c>5GY;$F;8kFE|SSy*N-
z8O0MRrciR(<C)8ZgMf+WY`+}uvWOQC0~6fG`41lqKXYWEz`gE|U&y$OiK_JGG2ZP)
zSK77xami-rC{<~XIP25aa;2i+jgX#7{Y*kN`n`5MQNLFPf)J~})29L^q~C6o5cE|=
z8T+#@1IdczxT4HJoRZeISUr`2oWz2>LXTLiK0?b;{#}$!V+^;N3BD+yMCVDPLpmvV
z?*%?SF5>Of?+17m%%{SCt>uuzU^Gy!7Kr)jHxsn=LJaZ(XO*&Q)v-!CQOlBQRcYBC
zi_jBV-mRz11})GA@Wx5=EjG6!N?W5deL2;z9mV>zG)tefA$FmU4q=bmH0+N7eeAas
z<jG3=6k=x1^ZAgri>n~(6)F-}aVf|<e48K!R*hCDfdLsR``chR<w+_-CbK{gU(Igw
zes&ig4q3ybnKUo!_A)|12pvA(rWaUYe`suNz;Hg^R8iUfm7oBdk@>>||02{2Y<68h
z!Rvp$?J*NSf<on2_MrXuVDqNcfj|sjj_!Jsb}=#?U#{qOGiCC>3(C0A3{{KJxVWH7
zd^xa}lm1cvMoI3@m<m=-sf%2icW7K=&=>J=;{IGor(u;T8P_TQ->JD~uNcEBYV;BL
z)}Of96BHsg@o@V$sJfz1sGxZ~5G38d^e}VjaP2Lrxdq}55Oi;6c5zt>^EQI-r}%RA
zC`Bk#&fd<WI1=yrxrbl#q~6CdjGl`^)#l}Fd&a1~Xf>>InZpe=2tZy{b+(}W&e6vx
zF3Zt=Dj<<{k&`e9AxonYAHqhL55*#RAz@1}v#G+D`y~4HqTt|iX}aGsp{zO)Bp0za
zCItHY<ajk{TMz~U=)}$EBw!uRhUH6>pb3ss2;UX-BN%0c&8)QKHH_axG!RIICt*E0
zDxCC=Nyxu*iy64+ncOh_PvAdu$-VOHc;QKpw>$fPlhebK+-`PcPUJ1bxN>yTz|^{O
zL~<6J=HDQDzPw#u1>RXZpAx;i!uIQbLU5hv4Hm9iz_MvUhVUd47t6fD%ihb7Z+UuB
zOp0&G67n>kmf!|p8mn&ZuZ`K{y*a}CIl^AMdIg`5lexT4>4|K@zSAwqcpLY7M6INT
zZSS*;C}1Oq!-R(%!lm)Phds>$t+?LRGY*t}!mvlm8X0-SE0{XT4=a=eM}<G4te*Q5
z)!3o3U1c8=Fkwg8qDElTf9zZ{i3)2N?;|cPQg)!eT_83aTBxNMjH{(!eE%@DjG;1x
z{v}17UE+kX9kQtZJ~3t}9FJ{j9u~_cEDfHNhAmL!kRGvmFY@3Y7laTo%=;JgHJ|q%
z-ixlO8+=HAoP6B1$PW=2Af2tZe{-mCJ}<F^^Fk}?{A44EbiE(Q5Vm0U#|A-8G;!62
zi!dbUh3EH|UQUVIz5Ru3aXl9O-rQHvQ(tey1_3Oh;|yMxs`a$vSVBX^9+<i?T&fdD
zce#TU*N_OuBSa`tck2iPUHL$1gKEli2z7i9IuxH9=y#0zNv6Y()f-DJUPnzh$)Lz<
zKIQ-zN;?yQki&&ktWdF#+1yAs5B>Y-WtR=9qPSF4+r5BQ(upiYB(tf%3d>d^wNPXC
zqE(smLFx+C@2>F`)jdV>Jo6!yUKc?Vj5DgRL1e=0zh)A?%*G}<$OTm3Jm;SAQdzeC
zy%G`kiPPi7zHYx*MEqe#In@6etHvaSplDTi2^(D((Suh`8`Tie!}H!WMfAXuA@3o=
zHh!Q)X1<K*kv1)$ML~L;9JFDLF<lUO2e>i!gQ(PLHZvmFmWWo8Oe!KUhC+4<?nB;t
z@yQUomtYUnO<Go&(boWx@>q)g<7@%7-UU%m5Q3A{m6Y`)g0lcF`iPV@o<K_enGu>@
zuMDadf^!DpsOsTJEcmulrT*J*cB+!W@xL5Ty`hdA#A5Yt(`2A<ajV-kP>++{&y*Lq
z@3&fb!yDWQ7H^ZeAh^)s#W%6BSKQP3&TXrQX*O}*4g%}ZSKRSM5{`eq|Ml28vj1%P
zCVzD7e~|G~e;JnjI>q<&?RDwcztp1BXyKalWWy@$Wj+k7k56auHu7xoCck&g%)h(#
zej`vXJYaV_@09*ByA%Pu)5^h|k?XY6%u;a%Z}9NaydfXc_vKEpK(OAoWqa3{uO>OH
zFG^@z_r@tGB7*1~yS~XAAfnI_m>Kzc@S-C`LiIZ!=aq|I+>}?$gcm-~FqH!r3Lb?d
z#!{x#sha`9gv6xcY>R$VLDo}P-!G4;&B9|rAyVKOmV)Z9F*v@^XKMDm8BUpxg~+`c
z@#q9#0=Pzd(SPWsLmKj+Ay#+F7Hcd>Y1}tMEk;vHXzcqU(?@iN3GXi@;3fgbYx-U0
zCD@zgBozVil!rzWDC|`e9WRb<_yBR1n<2PkPF*vj=}-8HFAc_A9*$G2)QrJIi5^W?
zWIR>M8rtpy1Jg8>Kj}J)5s4S~yK(r&;!5s3J5|J8S&C)mn!Jt@^*i}fN-q{gM-Ah{
zo<#ydoYamUXAej<iWOILB~7+68KZwa*uw7q!F1thLGk7siowTe!yCT!pN!Jgp(%8-
z(>&G+Tj#HB{6<fG6#_z$rsoX!UoveqcSm=AW{+(6uA_G0IA{tfZ{Kso_IhjM=8laH
zqbEB)cck<_*=p4qa?o2c@09#jAHVvp-V$fJDaSiunUYvq&O=ufcjZ&0!)rx^I5*@e
zG*VH~9&UOeh3}}yLVsqvXVqqapl_MJ_Bvt@DQ`3Ha)szDen*#17X+>PM+~=6do@){
zxbyt^_H)>idOOd7N6N2vV~iT6@qyZ`?Tn|&cVuHl-)9#V8~ktwlJ7{)OSaO~RN8C4
zY5&w-z!$pz@<0KtA}QQw<RF_M+0}N@MsTVISno{y6nkjZjiwg6Et;K;<6C6t@t{{3
zIaJtKDJkxX2xs$kI%!Sl;1Qfm>u7c}ko%T_X(js&^f@=r7}HZsrQzuCgj&VQ*arc+
zfTDB|SuRz6-LI_J6^s4F_o5XA@);lWe#SetW8t0Tq6?a47MB{4w7&NryYAPZRy#j=
z=NN`lKlu<Q53$n4_sajk?{3OW1ud}+&B?M6CspwTIoyVu9i3W&mq)fm!leM3;5?~v
z5+1iZXZdf-VycmE)l|Mte@#KvL|f-r4Hl1^!TbIS-!hiDl^;!baR#a)K_6IMCVr4P
zv9Xb;&Ho(rcZ|xvVMWWnw*29cf#S?vWh1fsUL@lF8Lxj0O|oR?k{ypUROsad4|-w>
z@-j;Bt{6d~ER-xsXo0OaHkgRvAvlSE@;?6>8GK$v;<fO;Qi_#w9UJs1-vTkh!-`Gw
zw@5KGLch~my7)))eh~h&GX9aukl@bZL-yoafHbnruW)mpW66-jTmC4mU4tcD14d(p
z`(R-}qYruihM2+Fr!WRwr)Cu`_Wq4L4N!!861GUvOp{?rxofrr3IRC7bkgYy+N-a+
z?n)T-dV;bHNJw}*)+6IT4x?{F7|KgbLgN&Z;ub8#)=zehjTMGW!}F{Z!-FE!&AJW<
zd(Q#TXZ!+$aMH+tDDlzdwK6u>pMc@LH`pL8Wh5sg${M<Co_?}r0}#O%>)Kxon_Wua
z1?6{EQTHoo^YJ;K=l5x*G^nm()A8>Yw2d@WY#Mo|!Kx$rfs%e%h!hR4&lCsY^Si9s
zaDL%t(J_wVfihg&&EfOXoGrpnGPGaHU;)0N+@@2l7#_20&F^9GyR)r-#>@y#4vTrp
zGUGO5X7wPc45eSdl}y|iJ<3i#j>8Kj$S;KV@~$o7IjpJ08Jl>n5&1Red1X>%?G2sA
zKk$fW2#a}#vx+9lFiU&#{Pq46VHWcuWbaO5d+mnTN#lcVWM2vK2$}WH%p3i#IiT*v
zr8hFOt?yBrQb%W&PQQop=JM5#bmrzP&7BlRHYby>UC;;Mh`GZ)To7saoN#wF<|)O_
zc>J5aCyO-o#|bkvm)@%iZDEd^QmxZY`V=`o|K;*MI615TA~`4KP|CO|k5pdhaBt!0
z6EH>W6J6HExp41>Op_YRu6Wg<XP0l+tpQQx(Wf+YyK%?ge7(RLeHu<Dz<Ms<zu+&{
zh>8`@WptH^R4__&U+P@xDxU|kHt@iqntsaTj?ZrIt@s4^T9Ez|)K~Xmg>NL*H%Zg)
zEOQG<kfzd@rUjc!el9V4LLKYvY~0DmS*hYVke}By>P*2^@1Y@o{x<dAs_aJke0Mle
zAF7lzSuM?N2@?x-b4CE+Zbw#}Mbq&N3}Qj{&kra~i-bHoE&Yk2m8Xs51@pG%cp)}>
zJhns9E*wG=s!sx8C({&senJyY_X1&!cRwKsA3>2!jyY+GjcfvI^M45xrq{pFdLheY
z1&XN#e7`Mf-VUWJU42%Oep0`+m{JC{`{k{Io>RAuvP-!InZUo>W!gQTu)@};77085
zwDW39^FRJ-kFAd`jXNBR<<ng}2)4Q2{3Q?SG|V#`Z6Ce3Fh7*+`wVff{%NRfS@Z9a
zM_1a0&0yR(KR@xxjiVld!{7b`l9ntvLrN_SV_SS=wNx~H+3vz6U2BUbSZ*Uk=p@zQ
z(|-jD5U8$lle>Y!EEETiOMAc$x!y=u!9=%~qFNcpyU)-1TF}B!6w6rd@Bo+GN~_*#
z@aHmH_H7|Ti)`=GFUGH#b`QkCnVDm(^m=yLQf^6Od&q}ca19^Xt-kwkr&DmICk-fj
z$?@nQ54Lfjb&g+jyP}1CV=hlN<-jgX8+s65$QEHVqUK~j<%5<S6?Er+&X~x?nc}Z@
zw#6=(aCf2*Y^?_?z5;CL;Tk04u3wHo?vw`?5iS*pE{PxrH<;&ondw1C|F2k}HJQ%u
z80?Z4CcXW{-oJujx+%rFgLREH3}IW-Aha-wp2{ow&))?QY`I|@&@C|!oOwaTR0n2~
zeCxF#E*pfPEN-6bYXNMRENjuKb`FVf96!_<w_%)r%j-yOqKp|@jFftM_s0m(xBTPb
ztvb5aw>xn5QKqQ6KCO2Hw*-LLLtD}reFWZpnUh<cgF$iGor*KRu7{icv-&b;@?au3
zU!tF*pJ)vJ4i)u|s&dWpG&6PY66W^dr8~^?RM2@mHI?0RJoRDK`wdE2;Kq1r6(QTq
zuoTlvsUNLQPwfQc#dQH;U{%QjJ&a=4{Zyq(Bl&(O8btQ`u>h3|f@=_efEm?@s3<vF
zN+=G=lh5_#em2OZ_^3iXsEzX@gOv*azpBK<*y0@p)das#n(5Efs>+-n(+L-vBs!ku
zLHHHKEapu*DvV{$ldzCef(c`-SCm@-P%5Gi$<2UoU%H=iC40K$`5q0Xauv^XM{(g$
zfU#;~qv9eh_@zZi!0*W}1;{|xf?$dA;OS(S3?r<#Hk`X505zGeoQx%wy<{14aIjpm
ztB2t(maaU|Qxj;%d}QUB+HbrP8QwekThHPli@_MZQb*{9J<F2PV2<^LZGydy`DnpO
zCybwh{W2<4%jJ)!B!GYo+l9?#7k^7=D_~$x%f-j5e~_JL5jT6Nod;Z$%{fuif(nn|
zjvfCctZ;?XCaL<W1zGnyt@|!T=9G5XzZ>7q`fQ-3VJs`pv;oG?IG9a(gVpLH7O4X*
zmx{K$bk;vPY7tZJzMU0ADb?8QZQ=0TQA2+9MH5Zgdh_AfS}vfro_V0Cg4vL3=KWCw
zq*%)Z^Kjc8`>2d|h^N7O?C?%#uRG*UgXpb&I4H76%k__QBJ&Z6{w(W0-M6{;>cjg>
zx{nI@XM1t(AEy6UDhgUt?=>BiK~S|^op-qIGg`_h?#j^IrEFNP+KcjgIK%l%{~7Q_
z7XO$kFIsiC$YtTKXtNR_r}$Z}bK(E(oaOExC(&N@1xwSGE74f>70X?ZD-pE%$kEa@
zip6~rmFUIcU1yJwZ*FaUjs~EfKxLEi<U!rkG0g4y2OJ;LqPmi4d`kcA6VRF8HCg(=
zwWG$*ZwDK5_x9MHS5En4FUoc+vbYmu$t#CWcpjJU!X=dVnJzD@cBZ^2>nVgYk8PlE
zLy_plp>FgIpCmarozKMKuu7j63qQGo)3uZNf%a`L2{PPNkq>f}m(JI#XoGLUY;w8o
zEQ}OS)-L@@y~R~iwE8Ab+|V9doiEpcHpbmp(#E~27Dq}?(>z{wpZ1TSyTqmgG9IO>
zc9$nKU(>+O=0R_yD^OWV^cJ^gh<)W6HGxb0x^6)B_la5Lp}a`*g?{y3@_`R$SC6oh
z=9{!;$A55gygGG22p{U`1-%D3Go7B=intUUpDr6AsZEv3T+4G8TXsaJwSh}JOMFVp
zNz0%(J%X(w32T1%CZM}ZRGaBelAAO%ke_dP8qn11?sD9^1==MhhaEFswvA0o((lvW
ze4AlCS5D$UW^#U;xp>Hqlea02-*XoEOVI!s(l4%oB_e~@%;dw}-`DQK3EIn8ih?CF
z{a7Gha}z^GzIFSjh>KN6<nQTW30SLO&^V4I7PD2-`YQh80|ZYt28twO_7GIxd}igT
zB|T$s%3pVOxZsrh1Sz_EpA^br{N<+ikjOiij1H);bo>(^!OC8TIFe&hMMwTF!zq79
zYxP#-)2Msjt>YsEtv=!&5-VsHAplO=S%llFZw_TnS?Jy57cj}}F#UdU-SWcNL2*LW
z(YsK5okT<}2M*iLPD^_f7J3hmKGODIbHx*gd4*N^Ei*=jq`WfkblLG<a#N0d$Tavg
z_FvB1#ZV+7U)I`uZsmai2L~4&4Zq#7gUH2C_2kIm8{++v7m=_e%~42fc>C!WxI2HC
zogkT$7!{{`I3ggr%d7b_XB<leCR$|0q$AfGo8K@T(VD>I81vSeN6ywT+^+Cjz=OHZ
zlQ@xsz|6ap*`vgCT%4$J?UvWmTILD*OyHMY{b18)FEr!yLYAH#H8$%@VCY+rKT5%i
z%f)v$sJ*g5p!k?ZpLHz*MUndMgDt$YC`LQLeKFxX)*0S;8w;8J<#LsNFHL+fXe=z2
zn(tMxwLw92S^>FGd@lRt`n*@m)DiA40{%>O#C_3jdF8Ol?N_l?32l8)e7=YBA+X`-
zVofmgb6*H^#cB;u=WTFX+<h`77)T(-D)kjie~M-%KDvKqMOT~?o{N1=38QZL<(lD9
z(VIET`W*Hs0sZ#NJiAb?&=h|joua|6-ZT5gKQI3bJ5ySgzVJS=s#5;v44r?khOAef
z=>T@s@IM+pP2r6)kZ<1BIW{rX%ZmgwpQdNdIU{I10q;GT&P!;z&GA<v!R$j)Y;Qf|
zI$U9Z3^OqPWQXld2*Qy3jJozM<4PUc6cuF2JWn)S)-JInDJ$joO)`m}oafl5%#?o%
zLnT<8Xebv_j^<1;qVbsI-2A8xH6I`=OFkmr8#H{+dePvkQ}FLxPYA|5>wxw}!2`mv
zsIM#;P{*Wp@?uAZ*in@HOiD<xfTd$U=e`^;?^#4~jPJf4nSGFQ6~%vE=6_IfjjJd2
zx!+|y{%wl&mie>`{iV?K?Avm{#}BOxIz;zD4lQu#epM9vyw2-7?HOo)Hr*vb_cw-@
zL5U5W^*I_Tv(CTtCr2LphXa(*Uk!nunb3bXJFeZmnkPHEF&od+8|eKeS8IPE;yz@W
zaP1Som3q;KM(iz@%;NH83GGP<?u0;8nfp36j}4io%`^%g2QrdR=*MFRIG`Hov$2Q4
zy!z>#hWpJ=fj05yO^~~{-G9dqdeFws7A}Xk{QPlYv2=AUyE&;cn{Q>&HBD-Dlnt`K
z)Dv6g492tH{?=ZQRE5wW$pxh7jsm*XF*-)R@C+G@lTc`^wS>6wYPHg}lBu1r-I=##
zOze<)wSH0Yi%_>5-&yTdB)caBP+I=DIY{a3goE{pl#;B~6_!4X-Yr#u-Gfm@79|Q1
z@$^NDDZ(hIBgu09ArP`2EVe#=SmH4Lfv*kow=;zR_Zg$})hd(0t=!wN;nh7rXH%+X
zFuG<rBR*u@d6$i7flY}E%<sq3_u#A1qMSO)u}V;?lmcCPNGI$j=7v4F{9!^4J9j1M
zJ#w9;A%s`TlnGslN|%GVwX_Z19^&#SLr!3iwJ!bCfoY-zv@YpeM#6L<_@mL^f;sh#
zYCj*#%JuP6y`3fA+*OB3u%v9q(WTRv^^00_YH<m`S;K@tyGX7k=*7s?-+-#Q0t|Om
zi}^e+1tXZ8jWhOwftPIJQldskSz5pIHD><dmvK<QLk2a9R}j;98R5f@?qokg{>2OQ
z(}f~*u3tzreSU0clhqOvC>SqoVvYc7SXzcXW#JP`7q)g24JQ`W#(G$BuXaAX#l5PO
zn9gOW@j$o8JR5NwPrWr8zLu>!`f~6?sImBKZwqxa)`x0XKhMgq39FUK@f`FTE`>}{
zKTEym@~RA5s^ecj6juXJ0(R<#U`4gawWqKxx~d@UrmM;~pK8j_6+X00^$OV<;*t`G
zauaUU&<olkl+X7EkxmA6ZK*JfsP~{;D^1q{Hq3!glfNu*k(?!<04?60TJ2Nnod{&W
zM|uoMKOK<;OvHc&rAH<ChBgEG)n;)u7NAp(2d6yB(@ElUpjP>RN;ZbaPY3~*2pdS{
z;9beLLqN3#4aity_0Pg+GHJX42ZrY7(a7Rs0L5`IMFm|NuBkYZ5+XLFrp(OHM=)+Z
zGVNXbXB5Y-RQ}x5pa)a4ItBOS2Fb8mny2SbqrNp?NR+tEinM|*J;9CuGnk7UWPFn*
z`>@Rzi0^<2sd@Y*`(TV6cu)P_OIZqTHYeGj5iV-5#w-h*v1=8tsI~KdU8W~Mb+MkS
zsoux9iU~4qpo^lY7!E0)NY}>HJd-SOO}m(6cn~-zR}_(J408&e%@B);J23_sCt8Fg
z^l{^!YA2YbGzu!{HK~wR{KJT{7w0LUB$IkP7l=RCelMHbKqm8De0}^h1*yCd@b;T*
zSF^h0Aap?hTkTTzzptsz?c{lS${4$UHUdtgMkU@Q+Dl2yG=b4$Wf9AV(el{;J;?p9
zZpVy|hA_Qo*a6SmjRE$HY|?VvRRvPH8^C-Cv$?*Ux?o#-RGy5An3X9ej#pDgHVxj`
z^}|A&jELNAaO!`0e@~DE*qLF1aDl;n9q$k%PC?e&+<a<zC-sRx8U7G8Vc>!;VS?<X
zMNIyE;`3v}_&T;@Jydp#n!m<?<>ZPYdVtqcOPM;hqg7~NN5MZDtSQ-t5nPM>6WL0a
zM<6#6UWSfm8CVG}G~tH-O?OK<sWxW~I(^p~(&eQwUS`YHP|o`(T8;(&U{{)g=-bQt
z+uA(WbCNqlynL$i%E;s^>t!D0(m!tfl|L!&D)V@O<E$pc6}I%Tp)J%KsZ>713ejYE
zB>!QFceQSU(%ph5gf5}TEs@E#*R3UgFW`|c*llz2Ab_`=McN_wv0UlGv*wRr_vWn+
zF%lP7B;B|tiw7_p(eng2-e7rUL`WmAzZtA)?n29kUPsv!{58ol$DLG#ALAX&T>+2P
z+rq1LPr_u+nkhc?smv?V4L(P!_i<lrAp9=-ju;q9ge2fx1xJw_;dw6F{Gn2JF2G0?
zQ3!qWUxa6u6@GYl|Cz|SG$L%=YVM%G&+qi;!a9kf8;{S0J}KW$WY%X@M}zFaH4?J_
z2A(#ki^@c$1HCE&fefwBkl;NK;-|M7@ISV!^V>6-$zqBRqS*5ZsT`PKiJ@>eRQh>+
z$CR~L(h#R}hMwHIZBjWlyJ`~6)34oR<rLl3Q9%ya^9B4x;S$SiW9ea~N68mTEwi!f
z2sZhmJhkCI=pQJefM0(x(I>djaK^H~0CHT=>9wrkm0RiE$!V9uQ)KV{C;`|P(UV-b
z4;3&LQyEEU?yC-p#sN0`*z5;YQz1D%xc1LtKbYj_3cM%5_Rs8X7(R0$A>E~l8M5wE
zm*lc{1Jsv&<~QJx-k%IHTfEne)Hr6Cy4o?4L3%vw=Y;+9b8$=0@>7|U62z*_jU|#P
z{~SViNRGtL#c_$>l27E;=MtfBN3B>sOYg1D3eublg@Ct$)#j#$UPx)Z)*ps3qA$_k
z3(C3ddS+mA$FfcVoo;*oV%&jQ?tA|#e3D5Y464Q;#DEcRB)frD>uDy18=VI>yWsZ3
zII2>`Fc#NqIh(1>m3SjP<tj-Z=D-v~{m7wqAi^z<Y|}br{3*ova5*s~?)0E4!VT@~
zUA2$SR3;T7Yy6_`FP6lr&7u8kAprIhh81F-0Y>aa;r(wfCVnE@!g5d*LKPi==+cf(
zlq{+Xv#Npa9X~M>;6mP~&sC^~8c2ExGwOLNsm>%Ar!Px%N2wQuLIB)HjH^*?jH9}3
zFAD_|pj<!J2i(E9#~s$wT1@NvI{|q=<|I<uq?Cm`gi82KTKHy@NVFS@`*xBK2aByp
zq11X2Lk~fW?U;x2Vx#$ffV;==dzq<?s1R3ee^_aM*b~|MO%<R*PioPn%mYf!b)?D}
z67cMf25;e8!IPR;g+|ZRE8zPJ5b3+2!~^UQUux|sN$x<!ZpFk64G*KXa7+bzWd%JH
zQ$2!Wl8%!Z2xDeL9YCWXrXSpDD6@|tJ;?=;Cmk!O&1jHG!IzHdqcoFB4*rET6c&+E
zZ`%)1p|9M)s@p>H`;0{(102!>8p0tBqmxe7r6mF;zB4Yx3{j#)s7QYVo*-cSCg`H-
zlL5kO0<+Ob?^9$4ziVRs{Gus$E(FE7LgLhtS>XI(R2+jrL)Dj2FXO@bWBp6KW08(5
zOwPNpPac0R8m#NUn0&q~5|{?p5?re$)~eA{695oLz_OZ8fB!kzIIPQ*;BHLovX~k#
z(r#oj<D!Ih&sFk`VUfU(3OyP7o1{_<nyByjN@qMp76~*vUimP~JET>11c}RUJ%8m~
zc{6AVPMFS`o?(J~elgD*v!y$-xeSyg&R^{Oqsi*x&+0Ej<w<=%+?T~(Z-D7BKDY~h
zgY4My_YP<4TZZf@xX85`^*B>k(E}!iqHzFu>VT|ifvlYG0<68FqJ^Id-9z?9?U^=s
z6>h6ovUP>E4NhV_0?{{H%0Kr>B<UNRyln#Gbk<VjH-mOf?69ctPYi(NLPv-lA`am+
z3!f%%_t`H1#aj<k`&>U^g6^mGg@5KCv>9cTF6L1QgnjoDR1jvqZy=VK1Y^`@^#8(>
zU~$0+;Lqnwu_KbGvBtnuEp-14dW!r3rcjXf$~9tT)8!xy!2A@ff$|oM7#Y7tgZCnY
zj^ogw?0D)+%m8`&VRVkjK-4lA)USnr?SZ!2z3CkUd_>v(zb#*LZ^zfvu@VGyL$&BO
ziMO(>Y5vkKQ?tORn>CrC(9~nMebra{Hwi9H?j&O)_tmua`ojt19(&Nz+eZQE-(n$m
zR3a^(i+(-SB5iK&8U-E&0hjTkS(&QQ$!OVwo58t1&GqfW4%+;;^Z&Rbb)S;Wsdfkk
zug_t?-f4G_J&D6kpocGn{)*=-WVOHRacQ~{xa2)26TJ-s=&GmZRZacai%Lk8ZXGW}
zG}fi>9^^{svZD>)Vs8a_jI-juZL=^6q0LKG;WEn*%B>5lr+D~%d<ZQb`Ee=Re0$`z
zdfzAx)J11B+Y|?eqMC;fnXld#iUT`{=-T3bCwP1rIH`9WbB5c~6b{I-4@}gvg%v#m
z?9#zE=>P%KSd`ojLyWObPvrVXjLq;U6z7B%J98FzqUFYb)9}EhZDRnimy&xeiTtO$
z<#JqaLm^=VUgW%EU_>u)c^W?1q8E6GlB}OspadT^GQaUpFn4-!1K^L+bhynG2t$z~
zkFjhGAuVAQYYpCG-2UecuM*eOKu7q%^1>BJ>K!b@5prq&(>(ZFs0}I?&Lxo|r6?ao
z3X!4TAoVFf@h{S5!N4boDg{soZ^#!K6bnd}uA4L5=rCQR4SdLNKAV)rrp<3T!+_18
zDnH|?i+zHi<pWKm*w_A+7EZe_uW0wV_cbM)XGEl{6SsW!3Z%*{?04t+$Kwm-@1K_L
z*Y*jk-0JLdrW-=TrfQiu_iS$Tz$OW0%?C<FyAdIv_vynY=xqG+6HVbuGs+URQZOq%
zVC!+{<*Z9pUNy)Ex<RNXvzq93{~~L8wpL_}(@g-i(j$hMrLYCe6F=&Hj`ouGjQ+sX
z^ojkg&Zey@G<j_p@8Q=6>u9nP-cXTf5ZpDf_+<2pl>ov5OQ;d!(_c4~oM@_hOO$}5
ziPS_^;cwDHh!?k1tA6@Ba+PK<1L__4Rf3pw?!@wwehdLgb7goEs`CZ}K6<j;e$g!#
z=g4sEJStXm+JO^LENogAKZb4+(^Q(yfdDa$0Zfl*3ThQvKal7$j|prDU_$L@y9I1W
zT%%*o<faqg;{YqJUo>3Ecr?Wz5sjsJrY2bVI1Tve(J9g~YYX@c#YX#N&8U~zizIEO
zKCv#6+qebP{YCTc&+GFDG(MKzCq{K1!1m$K>Uy`&e~2wXv2BTz0V=do@Af~vN{J)_
zBC-KUIR=_?yILHeL^?@>Au?jGfk#Vu_bu4f)tZW$tqM-guQ@5LJB-d2Hoz42L(B58
z7qPtn?4m9LbA@I$(#;u4ERqr_9#4SuLZFiPjH?YfPXMVMY(UavYl{9b(st2^oxW<^
zUdMD#dHWOgU7aO0Mn+Z_9IrWfw=lK`sb#i|iYYnz_M<Z8K6~srV|VPy4wI7id=rmU
zg8WOk1F%SeGKD|(hl1@{YblQb7=sGmLh~oByOQI*E4e83R*ZhIc-eN$VVU^sPw=X+
zGa5HFmcA({snLBUY4kfY(HW`;@TZF2^XSQxGnVM0Y>#4YkismUu}ARZ>qLm=M?J*9
z^FvWNh7v9CdJopB{#c@8vOW#ktl^~QSl<|}6{(T36y6O|yz+kcc%X&iZh8OM5WqA3
z!I})PUuR~(Sd&<d(_V~mozbHiIZTvM-cP6(S%DM#+{j0tJHxN{(b#*t!z>6b>4v;9
z-?<%6M=WHIi1DLTrqWv-vuAtzx!U|v8^;$GG2h0-r9GOjNJ42nCs)6|0Hli@pKN1g
zRD@%f_EsbU<-<*AR2*IWNI1n@ZM_$jj5>Z7`DodRk<S#^>8Cpgk>5X4R7FG8VVBga
z#_mf2LB+@keH?*u(|wTjpj#&Xz*x+~L%R?+Kz17)2q!nox3s5+T7D=_z1bp|pkt-g
zHI*~kXo;iBs?P;>?LhzU^fVAn0e2-7jY)R~qVnY6zt~|GkA_9%iLF8)QR3X>yvKcO
z8W>B09g~4pWt0Obbz&%=Wf5~|2nq_|@>i%iHAO@4GDi>%!3Uwtd`A#H!naLr0b-;4
zc0v$+L~-(35=Ai*3(GSi%_i~*T}~B^5e|YeH09L^BGP1;+=Cf9(FUM!7<m0~DRRn3
z;{1;2P&`iq*bye11QA8Hnow}0G4jhM6ja-g<l3)w`zoa?BkB6~P&;H&E0IELiLi99
za>C(tv8QK%m7aCtVm6vwu9}QZU&U<t2L46Mifm;r6BRVLb=)0%)%r1Zv#TVv;wJY)
z(Mz7D%Oc9DMevFY);NA~3aIm7U5rG(k=R?!ym$au@Hm%rnjg=DNt=MFj(vWWwImX3
zi~d^9&kuhonY}RQsWXxQlNNP5KBBQ>t{4^QkikCp@o_?rp#sSDgROoq4L~sh%u$$#
zgr$wg5NP%^Ncw|8=|ld54cI-c(@yXW>-i?6s}JQP7Yl1OCHA(z<htmy_PME{4^O1g
z8bg2!KBldR$hg1a`PMvu*tfiPfpVeC(acA@=9Ccjmt;JQd4lJ~iUZK3<8w^fUyGZX
zGo;hn$T2$DVZ5u&@D@O+GrX5Yg(oXpVvcp0$V3!7a|dTOsY{2*gaQlm00Ze@HuEGq
z_E;ndGxhm5hDrAL(a3L%G&Rh)`>8{_{q1Ym3J-=kmPIMU#T8WdUX>yflxesxbC}QW
znIaQDW}0tyMBSIJu!8Kfe^L^ZCTR`cbyH`B|B0|z1;Gp}a5MWg#IEN@!_r<k)qF_s
zbjA+wjfWW?W%+VuPu~1n7RKB@w5<A@-7sZn31pY-2bftRGsOgcco|*eO6@^k$+oI1
zmI?-TEz~hb!HbbzWPJ$(En%p{`~#AH7PEdL?GWDX62{4P^)kCpZR+~f7%VA9o7iKM
zRX?duZ6q9kjSIWLf!fj19py(Cy&e*s-3H7D)oD~<g~f_c;<WpP;(Svh#>`3&w}GWS
znasa;4r(w;ab8dl$#12{pwh^+zKopPpmU+$fRPR9b+t$TL`JF6DtS1Y7>>854oSo)
zZ#!vV1{>zX8%p3IKH&7Y42ZGNxLF7jFiem90U$7QOj<u({;hhy$ff3)sRYSmw?XBc
zT)qpS8G`4S`ic)|XG0Rm*QL|WpfZBB5kqMn4MhoTz!#9p?hqN+XZ#%0=VQN36S#*D
z(4Cvwbh})<r(uYB+N;>TBXjY`A-Uoc#+-ST&4C|a!l0m$n^MsXODRb;6vn(Z`n-PD
zqPK1!AdXre<nQV^q@`cR$UKXgtUD-Q`9L+XFn}x+pKL0gd7oPG>94I+uYKx$>a}FZ
zIr~ub=b07yBIuwBBzuT~Lr^Ld{H)OE>Lnn9i9jY-H%lQtE8XU)rT7v~dO^b~NXHz1
z_RZKj8bzc0bZ6T1L>VyRNB)j?)Pd@wCF~=6HgR4NVcsfNF*H}u$4lZ>0ps#rM)IP-
za$pJTE@h$ct5O)-_90any?ekywVzjT?s#K*Yhwa%=Wj9H+daf~moiNOB*m93mM+*%
zI&U=hQeTl%@uW|$aELs>Y&$NT-s+wbn-*8}>ahq(OVAFFcISsbT{K}+K;mR!KeMOW
zuSx7;ug?r5xs4cN;hpIkwOx{{@ubg2ksYCQtH?Bo!HW;Dr<h#$_MSbTx_8k0Qsvid
z2430T=?=xR2Vu9~QlD80E%g0QM@IpfGnXB%3A4{GeloStxloZqJ%<wU-951Tuz|aT
zB(x$W!nW6Hk+SF<0#c0w@4_di)A1ayNY$h}4Swk%(*h5=?$mHJ>nE){S`vy1ZN+fU
zb4oXiVW)X>tK}3RmN(UV7JJyylr$S`m$>c@C9ARYWCzaHJt6OupzaP$;IIUK3mR#^
zA)HWMTUAoA<eyMwZ^E`+WdhF-0do0~mUW0Iq!s^(vUnm+sLo~rl-(WMaA93^>UK-y
z@0{95TH=lFm2h?&v-U<+-B0M_@(0G>--G_C;_Tv8{a6Jp%TjW@KqrR%`}c8|*}bMs
zI-BX_XZgTGL1p{=mPSk8nzTzoW#HZ!<-I+PGLYnivbiPRQkR__NNstkK!1%JXx;f!
zVZ=L2zNmp!`{ku6dB?jWkK0Vvx}I0N;S6_)w-dwcg?xO+k81EC(T3dzS9F=FDq0IC
zAd3o19V(CvaMi2%=jERZ;GELfh%$1$d`<qsfKr#hARE$zP%eF|hdnc<16Z?klGHn+
zw)&k;|F~x#__0m0Y1V1hM7qYB|GW;sDT-!ttcRRXVbpN(A*<Q9G0f<Z7}jq0Ij{O7
zYmvjIz{ZG#tkRlz_f8Sf`t;pBabUhTlFXEV7Gey8G~;4oZ|OR?4L)qo8!3ww%{jtR
zCLT1U&#RBjRQxv1tG*_$V#oYJhj(H&#BAhL+0@|NvWDQ6-<^!{4ol+fGt+i}3mJUW
zxopk9*E=yLz?aJ>0#)QsR0Yd3LCYagi}EaH%<g39cUa5+MhphmZ3CNa8+E0eaO2_?
zV=~7KWKMhm5Z~nxr2l*e27?W2EgyAie;F+b?TQI}&0s2+=_Y6DOI~w(0(?M>6eM*m
z(B^6>Vg`Ff+xJh?Ff|-IRq8xAc<WC+R<(@>v~?f01o=$u9#h=gk!1fC?Zo`^N|^o8
z|5>W$j#~(~@r*{h;oGTG%Xr9BciCQU@~M;T*J1bBUE><QdyILDp$~x*=#F+tFG}Yt
zXZq>mh(H38?SFqff95=r<thf0bNvdMg=e1K4Y)=}*KhE|saWMVyFvf#jPx5+)n5e)
zBmp<$jG$qU@-evo(<fT|)?KEhw2{fBCHW0dKIUw=E7qg79n18Qb{50c3v$o&gc*n_
zt^G4wlcS6^fcy(MJ6q$GUc!L-hSg*l<@-K<74<hkb^gp=%R_W&q&Z?TrbKm}IHg?W
z63tVVYL{cAZcNRgu4qyXq1%y7Xl?GQIGUalh4L>90ihlzia_mTDy`)~|6f?@f^=kF
zsA@Zls9S#Y>VhsQBvu@Pa+CKZKkQ{0FIO7{2Dx@<yMyxqx|zS@jFc-20Tb?@XdiN|
zdnxpL=JEmQ5HN<3LfLYqGUEpOmq%9E=ohMjB!C;?m%@IQ?@i*fA!53Ntbtvoux3<+
zRPRnn<!9DF9_o$mp17JHvT9;{@s2d=8W1or@)srp29|}~fAIvC5X@~hAR<oEbz`}@
z<u6X-EMfJNFO+}4896;pOk|33Kdnt-F`P4UZk%wEm>2@N6p|~j@s0vjTqBKM7M%j|
z18<~;_{N6$j(9|=O$FI2k!)&f^T@+${V>X2_wX!F+yd8AjWU^aytx}{{LTQPYuF4+
z+WUcFCz^78X7(MR<s#&Su-rolGLtJ{;0;YP(vlBvvnD1y4bo-m&(x3dVv`ziSW~IN
z(z%DcWMt=*0c)~MxpfIKmWdedaiq7D0bG{Gvdjm_F<1iWUsQ<0%2c5(!SFP|T_6zc
z3t3sJq}Zu!ps7O7R0x$Z6`>69opFj+ajlI}AxqA&WlF}NqAJj#`aMqdbDU~&3O6bE
zE-DraoDy7|TXq6SW}!$nDvOzvl@oD}3?9`Fv{MjssZ|Qvxjq1gF;=v|n!Cw7P|<iO
zy)h)Ot1?X-9A%Ot@k{=<if6oreFeNTy<L<myct)KyVv0~ecaJXn9r`m9@L@nV?rB!
z_yY{gf$R(^%p1&qkrQ~ycGmcYoI(p1UTD<PXf+zUkjgXFjYWXIO4uIRyDB|2b@dT5
zPGZ0jyt52_%J>nShyasqchnUD+@FbTp(~lVYOlZEi6ui)>&Q5brW3KI{b|5huzliA
zs8%c=Q>$^U53{H7O4K@;SHOPLK0MP_EsKOVdvX}tmNGVq(3p5Coj*pxQxGDi@T+Le
zHaf9{i=g=AW)zaS2~KlI3BLqkf}UD%m*$)j7>*_LpjDvH(xJ-Lyxlu=eS+P`{BvI`
zLrYafbp}<5izYc6x16tpEHR0Bn0mFJ98AwR){NlD5`lM8&YjNc9KI#6D0|1wz&FWg
zR_BA(NZcQ6T{@N9u>D>@XGT2$aYA=P>(>O<vatO6xD~2}LnZ~1kaS;hKQd*L%fN}1
zOn+gqr{9k&z{L2)bIy`y;M|_4pW}l-_rVq5-Qyffay?419|ye(n)L*XT;6jq#Q18}
z<XHLTWbaO&s}gqy2_%s$;P73+bxuoO29<p@_nX}O?bFqYfjsP<OC>6!d#ZpjkgU?}
zTu3Fpe;bF={S*Cad%#|o9)36g<K=Ezz^fb_u-@>|q@YSZa>6(mQT&?D|2#ILRb+BM
z(6s<TpLE|ppeyq)0R`tCtmqUxux%uHc~UnZ4m%GWYk9Rp2E+C5@JV|l0FDW(nO!$%
z=}#me`+oq|Kq<dnlo(CNLU{_zxE&ACm;b>d<Yt!$-o8YjompDU>8KG9%F3c7F`6es
zwCjS=<Vyq-FA<PV3thjw8o5|LEWyOj3DwG<;eEK|62YQNgxlxR#j>**;fm1mZ=dD%
zdGHd!o=e<58(by`xy<eJ++~6zmkHci9m75cULlCR!tHa@6@nkGaQhSjoF%J$t~eu3
zMy?Y4eTCWQ#>Gzi+;gUgeP%C~TVU7CyKYH^-=USW*kYbBOP%If`E0TDnaeHKi533>
z2##4S@uzLr5)i5-pXFv!<0?V*t5!2<d6gjgDoga+a5I^5m0-wKX>@}nw?xKmeyDa%
zaBFytp#C*0w|>_MVy_XnCkk%gT_gDTn&g%!xur91X`!0q9Ou^gIzh+lR&Eon6O6mg
zoQ&X>ew|>!b%{~yDNUn*aZ3r+I-lb<^x+MH!8gP_OqOE9+A2_%glbEK*spI8%(`I}
zn{k6+^9>eNwB=%N-yrzohHONd<d(p=Ef3Z13T~@!60Evu<(6}k;NVT>e+4(~7Qy|S
zM4Xo-$VP~gTqzcWYJTT=gLd5__~n+^^+|G03Z}xMP_3OHym5=*nk1Yf33C|X(ok)z
zAS|0t;E^xDn#W|L&`yD}DpcEap3mZ1`2^wl1X}AQCA>@Rva^3#<<+6;JyCgRKEVg9
za@3Nd58oIa;JZXr7A4sMXG2y0Jg)AFe1c{9BAGt6L`+ptk}H3?P_3t^bReJLH(4o9
zR?2g&^k%3wOH{g>Pw=O#lrJmgyH;uys_hY#Ub#(B={6B>0+Yu{q9jA6Z$qp3ToB9u
zZGyVD#qxifp!aRD{NE;+ep@X6w+U7;-g?1YCpe<+1t(@=p7U~y^KvJ?&(JO&7;0SZ
zK-HDeTz@h$#R5&Kn(Acn^#zGR5qaH>Nx=RK;+vIioEVg82J|Dz6^YVdfs@_E3*tp8
z`cli~rxzqZrScLdK&A3U)$+b7mKEs2E_~yF@QdaOKJAGLJ#CqjUGznX70Fpv_?;>>
zfuNa_0i|=G0TpTThIv1`qJWBcm$PxGNaw%-&Fccw?+_fkO;F{ek8yDlt5^3C!O@2V
zRg8D4bPoKEUEK1Fpw}}34+B)vCD6b-r2b71`!|6{$3zw-2O9X1t_sC1P!8+pW>TKj
zD5hzY!#cW~7eAyFJt^g|jvj#q-XX@FBE+3?SVvFu;(^i>>q}D(>*!@x*UD0KFGD%3
zqqj-9t`f!4N|eJo`f%x96ivM-hjql77eA;<v7rj(u#Udw#e3B$##W~s*3r+r2s_2P
z0Ll>@{Y^pdJ1A;9C`WL_1sVvBjUg0?A(SIH2AGrq;S>+TC`WK~4OUH@MxS8S7GRE$
z3F+t&#33CwgVZD+erE*%l&^!-*AWFM`-4=^oF9N&m&KuVZlG=+S{Kx`9$M!H>gJ*K
zlbV)8>+C==$wf)-&E*E_t1t6O9#xZ~QB4ZyGsB(7v1c!<E{KJdo`n$$>7F2!Bg`5x
zYmD!$Yyr}*h!flMfnG+(*QDrQlfpA^3()t9II+DLSlajyUrmaAH7S3ZHC(94Xc>vQ
zM;1w;Mp9@iBTD*!jHsy~fz`|lEdALP-n_RWDH=vnp3DhC4e5;VLSSiwC@zwsA0vYQ
zt}6m!Ff@pR5l+ZUEBGbPoMpg&uZqj(gPdT5u|D!u4a;EMGQbF013#tc$Mrm8Rsg?U
z6~i0t;KNG_z0)Jw!H3t=`c99T)y43Nk{sS>hyK}B-u_P`DL!FM(=P`*hj-gm*Wt}{
z8QyG9kdYzQ;Z5HRq+Aoj+tXnT@5V@qHIWpao?C#ZYw~k94r6#<sYT&gOAK$Q=ov=K
zNX$2f)uQNAi$Y6{C~k+z*kultdsCa4M{txLbd5JJr5459T2#E#B~(6C8|u<0y&dLI
zXV#+F!79MBAQc#VT{I}&VIT~y)uOn>)Q*`Cl)o+-w80#MYPBg|ugx12?JZwyJ0Av#
z(V!l+DZ19C(3biYw<%{N3f^+Zkk$Orq1U_48}xN;idnTqgBo~?28ohv(0Yf7FvzG)
zvAMR<An!Dw;SJHC$Y7&EH)>P-QJcauF%7sV8}w$d(V*#XQcQl6H)vutdCZswgT!di
z;WsIMf0IHR>068q8x4xDCbzm-&04{F=^MO3v<`({M>Hs*nv4vqxiqMDu-TxHIus68
z!L;+FHw0@@sw8SO4pQI0ArA&8tpT3DA)zU$fU?R_j^5<EY@O>+w68<WUAAxPP<&p8
z!kv*ByKL@tDQtDAnLY_NZWe~lUAC(?c>2_>E=8BR6!0Q^be`Q1pWOl37EoxHZP7jr
zp57Arz|>po@P6;6b$@13U5W{HskuKRh)c<m>;BB*x)f=3so0;1m)zrBjb*>1+OC`8
z*~hvRyX#UjK+CU7ag+Tpc9QB*c-Eu*SgjsKt$I{oV!UO_#4PrAhn9bn4{*<V6z>{@
zMrtc9Hj@z^b(DWSpQpB;)}xqGkD94%>G~8e*bkQ4eqWy=tv-c2t7D|L)f!N|)_|I+
z?X(6IlN#``St@7UQtzUv?bKU*Yz{V{IM9Iky^Y?^)OOLWqN%O7eAac>E$dP1G@06Z
zTVF*V;7o1r7f)ZuZb@xDg8wD8O_n_yy8uuQIkXS*`AFSwKykMLwPaqE8&bT|kiwnO
z8pG7NAw~U$ROWG#TN>kb#G(Bpxb<#C(X)}2+q6a$A2p(IPZQiS8&NE8M8&k8BL_2w
zam#UN7xVe3?|X}4?^{%4T2d?)0?KiR_Qq|VEET*(k^dHjHm8^s(9E=C<uF$Hq(ki~
zDhEbU_(f4@GyRHrAl7(`gtPlt<y?n4S5%IRqKIXcql<CGhP#NYCf|t0Du)D@t8<6D
ziv>{>^P;%BI2T26EQ-RNks0oyV`GXojk!riN~h*z=yVreceqI|YD}@PF>@DDoXmd5
z=`I}hBJLu(ntT^HQ!hN&`?EV%cd@52MOI^q8uu;48VVLVUBs=%6gL_h0~$LAm?=4?
zGe2D~`1NxIDwHX6fXZ)Elzp2*89oP?^)|&PZ&TQ6ut-C44qF5$Px{f;f2yGGFg4!X
zr@`$V3cN%4H#@3{oza9vfSay(H2Tx3v;R93HQwPm3u21IMNXYtzeCZI@dR1Q3I1W7
zQfl*V4J&0|i;_HJf7-9iM}MkN_U_g&>>Y}sjE5~K1=uK;r*zhWXZ<SeV$E)u0;Ik}
zG5Z|~rC|zyCKONJp>StpYS$DXt_elYCKPI13Xt7|B9r|XmI64MQusEdC}rEDNdeB1
zOsIe9SLRhF%xjN^&ze#sHDy{I+pQr(HU*0T<=1{59U0-3-5P#uO0l*ng*&^W-rcR?
zZc~bDtSa;a)tnA(c!8@!^E$(C&n&Qh0&Y4$E?2X_)S`kcUMf1gWG|&9^JV{wIk339
z>Ei6{x@<-mYexNGwf$XwcJ^U2ir8j6y0|X;$a9J12)ulA3bi?fzR?n0ynR<d<v;?0
z3Z2X{R!^iEr!4`LM#1Wrclo6MzB$G6<`i01jS@Tt@sS(YtnypI>V8rAa&wA2RyonP
z=ux)$DHb1j0Js!TS_Z2R?sAV<HJai-(UkW}ysva>j4(D>{qP>|l{V27Z$<N7arnrP
zV5y~7ZbwsGie|lH@m<~Ssp4c*iw`L2v{ck6g)o+Z^b1yVgyi@Z6g^vT$x%LXzipXC
z@|_kGH(Rg{^erZQEtR%Q!))0Jq9k{>{tl`Tbzg;YV3&q~mK44%DU_YNH1ump5zBt8
z-=*R6mK2|~q)>BrY1rM8;+K{bS{i3o*F+1OA2+%9A+Scu6D1kgP)Eh7_c`?JMN5jm
zT2hdWK33=%<FHM(70UsoqN8GlsO8&=!lxAl$?|c9yyeJRIj(YFcT{{PIJ9a-(SmWv
z^>Kx~J@=8PzD%y&p;vz(zNyfPBB7NCn;g~U`4=Os@2J@6ArG5UT2Xw{iib_NTTxtV
z#lxmXtto1^W>M^N9yX=5rkK~7hfROBrnu3XuTesPE=$(1>8A&LjjGp%qD~tYHZ`d3
z^fI{*iiAxu{I=UPJTvbah*tjG6bpm8Rkwsq$wAJrDez&j^i@MF4k;$&-#%1XUB3O>
zwLL)&J^djMdiuAa=+%Y?yL;MDq_^S0?zXlR>)Y~Rw^lofpmtPzsIt22YdjtL#fLBb
zP-S)b(g9a(LLGXeM_ij@?I@PE<J#<RPqC>z*XEZF6k9rQZR&NT2<s?9?||wO4arO+
z!lCzhB#~r>Ppa;+5Y}?&Qy&%nhNNqY!X5g?M=xuUkXlNXWQ!slI(ckG#qI1!v8p3)
z$)-*et2^<Qgmk9x?JW8=z*UPk9eTaTFN3`Gl%wpu0#F({^f8aQuU^!dVt!`|EiR}S
zM?Zxv?Nae%R=I<t;_FXTC<{`6KRQ#K>`bA|N&&pOP?Yb&qPrD<x;h2u*oC517d~@R
z<=CdW_Qb}1Rqj9LGv}u+6kEEm=q^J{wI}i^BQ4iqUfYu5^lfGgnj@KJGA%nfDsFqi
zW6-=V6lc2d7_@3vidVX_9BBoQK?ilE7|@k#nIpB#sa`Y&o%=+*gT5=pqOMHKGn{Pg
z6IJY{kvXA-Vo)PEmwY`}0!kN${`84>`+Qf5JzXiZi9yA@@PY+{530)tl33;L4&Sa%
zt-+vMHwtv)`R)Vhp&nE(KHv54Mp2_170Xb8uY8M>uglKBmw^@bKIO|$+inysyYXcx
zsT;+NZhRTq)Qw_oH@*ycb*CubokDx=TXY#R?5R=>xw*hv6BJZ_$TMzF?YdL6>dx)y
z)9w@>cV}*SCAX)&-6?i<=OZQ9xLFuF?dhFo;&U4BQUtxrMk<Vxb$#Zvr!;$U_Eb6r
zh^Zk#P%DiPzumAGDwNk#fZp#?#JtO+dO@cmW)-0P(U0alvqtp~-=(<!E(M9J;TnU-
z%NB@|bUo+#mC^p<G5CLaP*m<AV(^htuVg0ge7{Qnea>U>#yuz+_TVx2q#hLGda&8J
zipSuadQfcW!DH|<Jt%T}@EH7+o)i^&@)%qQaF(nwc*<Wq25;MwqIFLZgO8O>$ysH_
z;3xm$G5DyS6vKK_xU)M(4E{q;iq$=h7<^_8=j!<AuOcycD!*Osxg`c?i`>#0&P5R@
z!v-u{c8uruEM@QKZ4B0po)lMlQj}rgL5|b(7|q3g9!6+Ty%)tBy?AKQrx!(!UOY6I
z+l%6xUd#r+=b^#TUKEFV@z9`5ZwlI5xDIIvIW>xg2FIRrgKXNH;+@{cPO_!(_n#LD
z4W87HJ1Sl;tdCSn@H+e~iHL`v<$0MV!Ol3L!;9jO?^>s@l0yTR5ZDcQth@RKt4Ck(
z5ICVXMSO1_0#^-?ki^xN5cqI!ir;%vXd?rP+we3Ht^V@FVKwt?!D_9)xrEpIQ0RTQ
z1VLv*)EbKf5=&u=rO=uLlmx3><1cqg*8s}9!RmKHLfcr1MzLH%y40k=D&g-~if2qh
zOh8Gf+)OFKdo7^!2v(m82~mA1BKvX)SyDpsT8o5zeJOVLrO<i?lmx3hCM9Gt2|a_=
z9{+F&v>(MkLPD;T;JwZwVM;%W3H>Ovq=4ek(M{$6J?(Pic^#m%2=-aSBy^YqZ0Sd_
ziPfHIcX<lYTfT3g164_aupT4kzbqMwlJm<>ffeuk!(;v{{U|Q=qagWq*R0`zT{QZE
zD~Bb46~kaNIe7G^aPLn+o)_U@3ltn|t|xbE11k;}9BTHb2xlBT0$uZtFnRWu$hzgH
zKs|-kVgcd1{VBTj7r|v*pnRVkBm6Z`-v*oYQJeTcVZh!$0LuQrinkS;nV5XspJGyf
zk(l(SxYD0{pZ0MSE#fHLSslasY>1;+8^^tm+W?B^aoqa|0lF+%y-x=wjCr3n11MSz
zVBTkJpws&dQ*5r@XJ(*GOujbn@(1oDFm86B_1%SGPKUFrczWLm>rP3;za%ED1BEwj
z?b@ELfqDx!o0$rX9zc;WfTse72T<%9zys)U11W|K<N>t)9>re+MF8D8&}CuU9;i=n
zv%MsYkCCPn<EqWhK>ei9=Ii$;K7EgC;~7uk7SFZGh^JT+&$Vebh@##g%JYtHfi8>x
z?m+#So6VYc#JVc{OQ7yhU#74y$WpQ-70wFO6GdG^(G!CxvIlWRC%;cI{C%#d#|ISn
zKy+K2s}_3$_4OrbVMM)i<RGRotN%Sv|5LS@QSbjgp!o6w3N0tNgsAtJv}n(CKsgiW
z+s0<IM7_U#K#~0ck9q|$l_l4x_s<U~Zht_9PmK$f4~H}E-GbFjo6Yp8RR>d47|eaD
zpwm#0Zt<z#45s*eFom9IQU6DqO>Vc5nuWI8SpPi<l7~M(0?H%@Evs?EDK&(`HpF_U
z5Hy6sK7_)Z(Heu%a|lJ-Ayj~Ky&ZB7nsNKY;q_K2?opl&p}0GQdz1kmQgr{2dzAYh
zQe69x!kyJIJj#Tj6r+Z6k8)rrMb=R6QG|d}vQ+5#UyXZ|zyykb1m;n~9G2&QwIUv+
zi9^28@QQg??x}JQ(b{40C`&CNj8~~*=?{ci!H?npazgZ6c7M!zK$+s8UzFnA-!6fo
zO@g)iM<!4VPoQvTwC0m(2^8NY$TOWYK{6|5+$K2a=2CoVXfTYT-Z09=ddP9gVT4m1
z)TVQ>eTPx>8D<qbV;IHsVJuh{Vz&&VST#%@OjVWKumMm$cF+!jTif9jt%qB=jTlZb
zY&eBGqcz`0I-KI$;j$4nhum{!+!7shg3cRJe*{I{5tN@EdrCr4l1u3{2Td21Vn<N)
z9wAP%Vx+FIjQgh!dRynS|C13E(?(Ee8y&@*DH)$}mX(uP<<A{@AmNpN89}j~RnBx2
z^OT-}9&yNbqO;0hIP~{K<)<Sk9<$16juQ5!lS5=A$SOY%q)DXETAm*wdu=12kRY$E
zl+Qe$krY)&@|ibsB*lj#`OMojl4AQv3U^k=n0a2KD9VlEGcRrwMek93<_Q7Ll6B_&
zm-3nS!zhZiqu9)Q9^#yN4QY{?=NT$t$Fb&J^Bqr?sZ=@CGWFJ27V}vpREV*z<`X0S
zW$vvBkw<W>%l;0eio4DA<+8^|Q5+pb;m&Bx@0^aJcrr>Ff0pFpy$Mj1AlkermlmTb
znvZ5d(<aVk_-Km3qa~MI$t9L?u?5j@-1!vRKAK|dXzLWZIGQ4laf=n)N{^w?#>gp@
zA&nuKar-BbZg#g>KeZr~Cdgz2Zb9_CJD)CH#!z$`BOJwbsaF9b)PrbnX|C6VF%;v*
zSoKO9L$P2Cg?oX}Yu^}(U1KEP<BZfxl;n)nf@r_eT!l(wDJqN=Gq!4|?BLCS;vPg7
zmge)O{#c4P$5Lq1Lra*k4p}*dRrUzd&x*=p#!?Jpm6JnVp5aR<#cM}Pa8e?xT{cMn
zj|Z=vHJ0L6Ry!fInD;^(k3WQp$V8On7S=dNjnN*w8*hxIxHguDXJyAxc#PvwPvkg?
zh;cmX={}C4>p04JKM5DSMM?607Fgqm;5~U9#l&%(_mXiGiv;ie<0$qD-r9HyWjqDE
zMsi5ZRS%myyv}^X0=td%c0yI%%h)(vl_dCBKgj6gqzU0PwV`|ZIxjcnmm@*y_*$xp
zleHU@fXQXJ&*)a{*BQxmYeml*PRQ+2v!eR(6BS<Ze7j&r8S85O3E-8_@8lM_Q<bNz
z_gwGjJ^h{f{kQB(_0tplo$ak<(kc<q1yq!=7*do4-wY{=P_7#2WH-I6?9~UB%PD0=
zuj*p4i9Mnr+q~@dDPH+@8K8u{vc&xNgYgf#Fmp!yu&iiv3B;E}odP||**Nf8D+n))
zVXg%Pt?mFQ`E~=tob$+RM;%3An7=G9FwFV(LCxy|ZN^j7A20C6x9tXG*KYzvr3nIW
ze8;?acLK$w2?B3iU|vj_Nb%`Jfj7QuHz2#cCsDjRNg#gjnHN(hQOuqs5Wn~B2IAK?
znd12*f%tu3QVyO>5jR;Ne%}t{h~H*`YW`!sk{HLWkL6bdV*$k;sMh!7ej;Zw#evBb
zWFn_=K2p?Euz+V@K&cg|#(8oNNTyJfnj+4d1z~AKF~a77>K;#?7Sx(T5j2IT1%j?D
z()wD`f>l!}mQA71k}N97Q(wJ+j|`hS=RD=S_wwM>_xQDGfR``7R;s+briVRt*8gvL
zr{9R=*Lw{C^lkhHv-$z$xz(q)kXEm{>w#`c2i5%tx59R><y&gH)Uwi{+Na@wvMa!_
zHsxRi8!8*dwJYF#W?W^@^<-&gfMF_S4Ve4x00ZV;*08KS{ElH!*#XArmo+SDAOB$>
z)_>z<22y=L|6w515AYubGW~b{!$71T<Ub4(JjA&frk4|7m|j`K<PMv6OjA2%S6??w
z?TlUZpHRWZ(a0Wlj$8hrf{g=<huQhN0LQ**1r`sp^LGIz^2-P)Yd}Y*+KpGw1(*y!
zwi~aS0}!;m7NBI9{g>|TW~LFkn60aQ#ca(8Xv0X#CsLfBLQ!R6C*$G>cF}h#h4)m7
z7Dk``WHuaS*i_HrEP=F>3Y2XDWt6n?HheXeqSsUkcXm}>Ti%8v(<v5Ar%-=pcJc|u
zkr@=~-tsmSBvD*VqEL^Ow_(($6n#IXP%o6Xq0?s+(VtPMcgow){c{Sh&neWu%G(h6
zB?Z2uP)P+FCMHw7olK#6Rj@(%nqt@gC{&*cHl%z*@xeC~YG?%;)_g}X{W}V^K?NJe
z&ZUT%OQE)?U_*QgMN|sKt6eJC;M1pq4acgvIUlrqz}u)GGgpD~C_oLVB;u|&;w#ut
zkgH&LB^xRXsbJ$65nf+2?y&(jG3Awf+=@YH7;ZyIw3Ni&hh1G!iMx=p^C>*$3l|bA
z#dx1mpq#a<)x5Y1X*i!Ed_H#}f{q~Jl;t7#z4Iw{&Zp1^S97XW+RG;PwYAE=ZYAt>
ziyCf7W0KF=)vttP`vQvU3#j=<jWg9m--%LH*Eed6T0k*k0fqLYnp+94M97d_@|d(!
zcJ;21wqOCpoCUm{+0_M|_i0Nz^A}KDXA-8nwC7{Fi5%r4YKoGKVI%D2YreuaaD5k2
z_$;I#(VWV;1svledL+h`Lj!yHQG!FOg%m9qhi*kU#7YjLB*VXE_VQZ<hv5q;5*UXB
zD+j|;XZwiR7;{>I(!s9fy}}J=?m~+17K%;eEZN*NM%cryDX$hvJhOd-5#}+1ID7es
z$~^JRT1c^NAx}IVX%xO`Jn>9Uqex0)S=DL&yz9L*iu^R5cs5={QGXFnJcR&VmaK{A
zcdzoqbLJw7&la)7GnbRG#B=kjMH0_^(RtI6`>M@ygq0-H$OoLl$U86BaFcl_sa!0*
z&EL(Lc82jEC2k_G;oMbOlI`ha*S@UGWA{yqD1KPPV|Vw(6j;n-_nC_+CNJi(d*~91
zYD>g!=o%jvkI==gWmbOKo@}}_rF2(qy4kg=uW@aTEuqL-!nK*Plw#sit_@j6@oXvA
zX7w_P`OCy6a)ysv;Z5Y;cI~a#3T+~1x+?sxT^sh=%M=y{SxT0q!oBR;?$@lF$Ss#s
zL@nov9#~GXV>wrJ=n9IyD@3<txoQz>*B-z2vQ6YCau8$xP@oL7Ymxuq5g%DeVOvR|
zWw`i|Bmi%)wLJL`1^cVmOm`koU9>`!q&FC5*GB(`&&sHk6pdC={{GQ)KT*m1jA9U`
zR<W7yAN^n@MgNr)?(B~7{?UCaDfTj@CRu8_A@Pj){?T@<X6hQ?-b#x6l^l}t)+&nn
zt0>$VnE^=|w~AuaDn2O%8=FNHCnUvDg-^;2t0;b4#WKq*P8L<g#u4=(-T`i|?;kxN
zxuu`6ynpocDvA?K8+O%v|7ZcHEaCm5sr+`)*Yl>oTKH+Gj8{2Yr->Yi0w#Ncz5M%C
zdDm3>p2G8c-Zh=Rr)c>-g?oYMntk6>?E0Q}jbP(uVd(6d=2dyuyt<mgYc=bd7*5us
zs$5S=w7;7xV!T^*(dAKR6)02eKG{{RM-L5FQ`B3{j~)bZDOqwodg!~FqR(o1^pH_Q
zXq~{gpRlWeuk(d-_G*ghtNFs2BwL4bmW8wF8j8kiD6}TUEu4mgIkINhIR(l|yE;=y
z_-YNsgf-$=T`tXeRtbaFQVdv2p~bjJa2|TEkrF)5D^POn>K!3r(^`s!Yq^AtP6_8N
z66UX?n7fWbt5eLx6$kfHLY@NUxLxh_UoPRoI*Oy~L>T2Oy=tCC!t@^~M*l!TBK@2a
zv;+Qb#hkGlrvtvi%S2sJpe(WLtN+U#a+P$7*V3)KZ&B$KjnXOH8Li>uhNM&UPnU-?
zzBL551jcQxz2ccS_)2{-o#IS7U#TO1qzL(uuhi3iq?q(0g*&Tbtkg$-q&V;+U#Y9D
zr>L@?TfPubN|vlEb>la<<quv@@&0<YQb*QsuGFz_6j`aGg-uSwRP!!>(}a9EYfKHx
zN*(RzT&dR=PoHmHsXYSRUcNyL*<pFC!<O0gKyTjtv({65wcgtOo7YopT+c!p(fya!
zQ=D2aH)ZpDrO&>oKv`thJ9=~H-f06xhYe!S)l-U%WrQp3`XV8A+y;s<8?0g%Y@kTp
zK;h144YB(-Q2eq%?ksytZpn<>YP<fY;MQOxMZJwyZhbdW^w~(^o-DY1xshV}M%f4=
z-9#qiw%o2)uErbj&qj(D8^z&FB}phsa#>qt*V~9nzMCj~Hi@m?PEywb#{CDo{#iA?
zs<zrh(R>qywx&kW>2H3-PgeH6q(J%6uI&|-Ki)*~5v!b2qv*^wDo?B-TtW=1yuq&7
ze0b%Zn<%!j${8+|KVj=ROT?2eDfr#T1~t8c4No^wJlsUh?uzx72_a)U%}$&9@Ro;f
zrU>0Ex+`8f7EzMjHQi1pib`EJQ*>gLYHw%R<Rt~_jtVwR+DtKSGxt3s{bfeUWPWTn
zeb1K76dN{EXq5wsHiO4jv;D;qBT6!_SZJ?qug>k}&&?FKH}hby(iVyeTX>9BZwp18
zEj-5RvxTD97Pi9W@VvNTb?3Ix8Gg+-4(MWDH(rw9mCtXyU){3r#M8RTmTRr~wf|X|
zifsJGB;dE|+@WL?dHuu3uA8fgJe-^RA#kC(++3Yl-Ff**b-B6vyt-3Lm~V+vK5><j
z=Ig8%|Np2bj5GF#hHuPzZl9E}Kda63cXQo{1*)xx2b4IzIaa5J*c^)s=x=O}8QV1j
ztXp93S+~IAty^G&tlL@dTeq`5ux@7!wr*!F4dB~ZD+5#nEvy76-A!c@E}D&8DGV)j
znV;Bc>K@RHk^FB9#ndfgr>T3uV0N*22E{uWVyEd{vD38L*M_8v!iyKwWm!Q$8D+b#
z4PRzZBxbO%tuCPc=4(UfPZai_DAbd_Hca`6Vgmbd+1G~cKT&LAKkoY4(DrAFW<OJ?
zfBV{y{xiiI_M>zS8}fgqxXyl5u3<yKRtn#(6h1X-*l?Ze;1go`VYq~C{D&J7>H*5)
zfLA*BiIm7|Ccin*&uQmt__guQYufXRE}Nnm&5GR=1*%0?0F=}I=E&FZ7bAb#e}Hr3
z|M0hr{8@j?$e-gsjKMzdZyD@7f6HKB@V5+hGcnjL*kB*14=9IB`QDfK=ZfWE?+g%w
zeaJuBu!pS_v0KGpAM*du_~y+vifY@$VCVSr!Df~sSlW=zy7Q=i8D)!~4THB)^xno2
zhI)XS<!3{=?G*ZU3iYs`4P&-b3}rvg`Ppz`JH=7<<CdQd2X;{G*+HQ`@w4IeofNO`
zq);_~8^-LU7`Btbr-Hu?*<7qo70VA}d^<^nVp+?51GI>MLT9gIB|#b^s2iYmlmuQ4
z_|5kMoK9`&CFcfvVt~a{Zsa#+JBhV3ms~6(w?xaB+YnH$`I(lHY8RGq&2J#HjLJ%=
z@nf=K87syB%5^`}OisQIC^z^IV@PiLSqv!O&tgEg{VcBIj-O@s{7=8K@2X<=yui=m
zRPOp&?ChSO#m?^gS?nyspWE4Xf0b`%kMcM7#}U-e6Hrc?jVs9K_-a*{9U_F;o%CzL
zNG|TA_;n{mmA6M37yBAM<`;@Lf1#+-D&Dv_#^|YEDIWep;bHVouBrFjUnxHQRh&|t
zGB0-AMbUg0j|4n!L+qoqWs}TLZ6C-N_0zj3a(A&9h|LCHPN<@Q5uW!eb1>8f<y?Rb
zS{B8NT@=dU02{_-QS{AX?yN1K-U_hctKAe+b~Doru%YW7iu!w)>Dq1hXfMU6y%cH%
zyA5916f~PceZy|Uk!*@R?1#f{!?Jx8)AmuQb?r8I?5Dtf3bmQthDG}+X0aa~?Kbo{
zK+*01g&J$O;m!eyi|oe`yA7ZHPBHm+idV<mZFqH>-G);8_h@j)wu_R?3!?lzmjv0M
zoY|wH;z5e?2PxERdo(mUNKyMB#eaU==VV|j!oXJ9!}vaE>OqQmtnSr)8ulKf*m+RK
ztdX*ISPY=F_Sdq4<cu_4`pgM5#4>^%{;HpYXLX^6D5@V4&vV{^_#9q)%eM5-hbT54
zqR?9ZiDI7HoU{f=l4{4a2b5U<a=RUTYeCPUP;>a!Lem_IhB*}OjLg_tSe8SvD2FFl
zf{mMnp>u0tv4baA=W{5|=CHsknUigHI6;8dxt4ru!FU&d?0__;-e7<4I}UD~w!;)|
zhgq1)Mlw?>km;(xhyJe&3FaedKTP3&n2%(q!xXI#^O4Myk}^ve$@PaR(hu{IJbRep
zIFpVyX4-AYYY$uvwn6>EZbQQ(6m^eKlri4t%(>|X4f6xW@Qpe`G2#dxJ|VF*JUdv1
zZ^03YIY%h8=eLVF9_3&0lolM-0Z<bB>y``Q9dzRe#kC_Mjwg47t%;J1pg;H58-z%^
zGmtHJ#8gjUT)*(w$A$2u!}BPG$59F`&&8%b7F!XO{}e-!#wzdhSN{m%M%(%*MYE&g
zO*VG~U7oeobB|Jd!vsYBSxl=9^-}MMvGMK*C?5V=`B1Lj(W4ZHj#7{_cU(`kx5*xe
zVYM9oT104}R_95D5*fiFe|4x}Tjm%AJw~A&E3Vaydx4yS>8$c<e>GWh_e$nBmxemm
z!%77%>tSAW@#|qBPvC((#{Qz88WzSowfQlMcaHH+6?Ekg)ydMSA04BZ#PlD02gU4y
zc`XA5|0x6}vH<6dU-YeT8<fV&fUU<Uwj85SB9{S=k5SxbKm3;g?;NLi>o|owt5c`#
zGQe$CLY*GQ|FN&eF9UprEdwHXTW!Ys7yc9`o5KW!_bdNv821koj#G>~&K8_0*-k<m
z(Agv`%`{q&tzpq|iiO81lv&vt_8q6#%amYb>gsF__l{E(9H*jbX|icyj8V0I9&;EY
z)_^xoP`rMEn(b_Ig5vEHyq)i#pol*~;m+z*U`?yQ+T{~(VfZR*oR-CZ$qnD=CYDD%
za-!u(>Y_zE1_Qr@TXFw0oCy}omAVzUuuLd{rPh<PtUts#ORBZ$2Pla=fchdr1W<{7
zmeBemYh*Od8W~NuMn)f7<DVJU_~#RA{F7vje|Gut_-C)5ilFr#%<q}X#PW8f$~e1L
zqzHIM`5AHcf)f<qo)B^NC_f|4R!&m9I3dEA(WXvOCn@Tkq$tCJCc)W;ST@Gv{K_a5
zB5e5jB*o_^Dcspr^^FJ{o}Hw)caoxlBf^FXbt7z0n?=|#G?$`RE(;_gY=}HX5ps$J
z5)n2eouZh^ehi7Q;o>QZGp8tg#z)w2hRgJs7GcB80?YT{6QwqyBzH|V`>E?|au*$O
znj-A9*ksBmkYF9wghhVZ^_txO^gd1T?r92gtia;dyw>nv&uhw6RD0s;S6~IR%=a_E
zER)=dM&03k0L6_PO>U$x8aKZ<!)T0eb*k3b+Ge$&QdSGntrkSA7DTNU<ZiW~(%gcU
zbY%&epK6*?tT3fGW=c{2N7$9eRaLz2=XCG!aOaG91ylrt%Z01BqvEcKWoczeeXT6b
za7$EF+)+_+-%xQ)%L@HjxfbS<yJ+T8np9e5sHCW9nrLdKrN7UdGc)(x3)CNcK68h6
zo_EeO&n#!oIrF9h%AX#iinz(Sl2UrTsgTm2p7zXS<!J{NofcC1(=(7|w*AF{*1rfT
z-SZfgoAiqVV}5a<Jd>mIrr^Z+Dxf^@lvmov+i~p|2MT_1fUsO!=Xg8D<vTDW-vL{X
zcsuAB2Oc})K;WQwI|9eX+hLm#Z^zs-4vatJfNgQS9SLV0XmQp7+sb%5mYj89F8lFW
zydCy)4m>>TfO}WG9bI?@++W4pkt=?DYx$4)fbOQ4uS80UEULO%rHR<XJ?Fs7=fpZ7
z{-#i7ynmrO)zx-Qd}hQ1X`I8Ds9#;3*n}%`>^TQUopV6Vxrve|EE!+wh`OSH75-m!
z+geejE$1BAcuu?mA`HtTj<tQC>NeVx&uur)Iq=&#KDP-wC$e6%%x!H79B5hKfV!xZ
znxIlT&viBR_L2OXetpDc?IZ2XK9W|lkJR2%m)#;&GdGC(@;5sh3IW;{2mzj{mdrX$
z(_bAJQQ$z>iUcEbN>~G6%2fx*6$j`5)*;STtGX!~*!!0QTmEwJ;JN3j883jneBXh3
z_Z>WVZh@J3;ei8tA2>ie)CQDas~P%T`i}#N|2RN@VwvZw8C_`w2>O74Vi=%YFfIGo
z2~;})tu_Ww3eC(<0tj9RAfN|o0m?-)b1o%lK?$fs1C&c<W~`Io+X{pq(t6p<>>W(7
zEr{@dyhUc_J7ENmLJ1G@d&SJWA4RYzitr%6SIv6XtWKa-Cp^gSZ)WDE8U!n95FXF>
znpwPAO@h<01axH_yMs3^BkB^|u0uc{c4c?+re%xz1mD*qyqDiFGdndRXxoVJw=-{=
znFAXWTw$5U$aTxi{IeZFm3D-m2K$GZIrT+?*)I@&8tiQ|GwyYQ&@P0Z27AY>QfP02
z6TJvO4fd{?`D!x3!@dN%@$TK9X1goB%yVGxnP^K=2!0$u_*<cWnFXE02_73x_*<d(
zs~Lml*5L$eS*9^~J}@o2jUae&1VJ5R?EJxFJKWD2xAzy1ExEs$k#KLU@8@ZKT8LNq
z_C*+P-gPqGCK&7gDP4racnu7wktR!=jWCXNL_+RJ-!q!OlP0%J6XS&{VdYK9Go5cm
zXl5AI6C-`XsJa3bjA|*~EYu?Tn}tO_N0w@l{LR8*>yf2&koYJ>q~w67MXIe^@*(No
z2!gvK2%vSG;XSgnUrW2W{t}*y^_Rd$fOEF>u+oBN3Ocm1^P?~yk2KzAj2cN0Hj==Z
z&|JawmUey=X2nQ@<<yY`{YMi1_1tWEaz%5+Ffj(W-6ILMk0ekFmz4HJGP}sc+46IK
zR<c5*qjD>LVRuFn{4tX7qcFS779To@lw`vhX@=4b9Yqi_im(ext)}4jR)Y3Ug7$kp
zw09D;!zX&}Xc@hBw4b9+k?LkqyEdZ;S~F)_iiP%qR-E>GR@wzV0uK1ljur~`widL%
zYSNxOilFBx0%uYS1-)Af+Fv(m|6&xu#!;O1&6zTkZwtjRF=)4^5g?5~%`KDm>`Xy>
z94q-+q+?EN@mX6ML5nm&`|3=2fLx{@8(lc<J<<r?N;7D8R#l)qA-Yacq$Usg4HzMh
z=d7w2|1w|7Oq*8PLBH8m6?Bp~6<uDOxDhfM8pEmR;y8IzOT)>ls^I7og2IL_gTl--
zf+=al+~r7?c+8fW7}NK)G=icuPIJl#d5T%6<<*1gqY2!j3Di?#OP*^FIO9SUJl94z
zf5LR$do)3}(cF2abk1y<iQ)XnXo4?CbLWes^CYYD&@lwTV_4T3>-VWmLOC;jbEtyi
zHlhdgaq%7y;1j>OkBj#Jr%w+UA$!0Gzc%mVQn$9@Lg_n(pwAfA13EAE_JH$kcn=Vs
zj2_^WJz(=<YY#|jtzch*=m8^LMh{pphG5nh0%vY(1#c$^21lC=-X25n`xwqnhb3}E
zZmk$520LxX60{ympe}u<tR4`*L>|+?N{(_l<|Xh88$Fg_)L792S}l=>3NP_vBh6*@
zfDgtJEFWw1fb8-L`nDCc7Yf=#d}uEew7aad9~~fQ7b)qe(52RG%WL=LSb}}bnFh<i
z^LkrOdx({Gm!$phEGz9<Efh3+QqX?gr2X1hf=gowoW(5^oM|g)FE(j!nNH9+ozs3|
zj{I7h4Ijmv_8I8}Q_>04&Slb`J4b%9$x8n2a+G_LUs!HB!Jc$M`{6k<it`*lHg0g*
zFQyY*NH+(ba0O?d6tuUB;<U&5(B3MF(;jD~y&z47gh=yq)GA6{C2B{;5d@55v=_|s
z(w_Gur#;q6dz_>_b*`0mS4#z-Jtb&=D$1a}@i>CI;|QD?EfsWrO3?mHltKGD;|S)D
z<Fv=ml_yTOR16dI9L8}31>*?R;xfm3*Iaq<2P@ew$}#RKeqrI`2|~vU+GFPm+C@sT
z@pP0)d)x5@ZN?k4=LRbH^C>Y-FN^Yy)A>VW#|%`Af0^TSyUC@E(+NQe+O!im`z<&D
zL*>dMNHP9p;@qB83QmoeB}RhVT-nv=BeOb-tTdUGEV5?HtaP5`%nMR*RAy(ny>-fv
zbz(N`U*^(pX@<|z55WqCJ}or)k(+BW$w!kPxw$5jt(x3CRA^G9WGj5+R+~M|o9^xL
z1ie{HXfx(|HQD=VuE`{;CX=Nm6X#hqnb%6eQ_l!Z9(Eg=oHw3e=6C{UTx$hIPYX?c
z<2E#Tc09qU@m!NR3*{Wf#?f!wrY37oAgD2cK+P<3C|JHwPOGfs5x1k_GyKAOO(5to
zL1=Q-LZL~Kl5BkKHZ?h80>QKih9+|!S1|h-(Qb93z3nz7MTRqYTrvJ-YN<=9nvAQU
z;0KBGiUlV};xHTbFB2!DG@OKj6yI|{Dzz7wD@{z}e#PI4{gdCXIEyPNcvY6#YN^TJ
zDdH|C$*CCsGL>i_=z9}VQNiEsg%ZDs=1NTUQQ|kzT#0E`CDs`zlqgc(Q_`c={q1>!
zZJ0o?j`6Q`%k(Po_x4<gsa7SXNhRj^jE)Jd6ddayl$alFDDlS$1bGt(oY}1u4DBG4
zcrMydq9=nOGDD1xS#oLEN-<0fB@WFX7?eSvrkANiSC%}Uij_PQ?Rc*Pzp%9#1gkUT
z=$Iu($1FcK&PJO`Jf1;tEW=P@QY8hIo)zuZI>y^>nZxA5y^>=5%T!QGsY)!Uq~J}7
z^R@+No5W!@>|Z9%qEeMuG|X3HA4<$kF<vG5Td{u%C1zJvP#{Ykved*rTqx05MKS(m
zDv=KNQDR;d1=F4rO3aVpO3d(4Vtx!);tZ=2<A)0+ij?F&KSu5N9B;7O83eZ&|JwT5
zUL~eI$Ca32RpJb(#B3iW=CoAs+VgUG6k{l{+C+jX6A7HoRto-pPA-pP3?-&aBzSuw
zS0d)gvzwWoiepSAZl6f7Wg>x^T&5DQ$$7ef&C|cfI6Tku3%fay;KoFu#M^S7zU@Cx
z--t1lSa}jb@Fa6p8m8c%=LPM}J)HI|AKIIHIPFWVw0DrpqYnPdqvjs<OHsR)lL(qm
zGL}cvy|mwWp3|OXrG2TS{hrUNG_|>cZ#xRw6Fdg(y(bZLpG4ryYp!5eM?w2j9)tEx
zlL$6U;<OjbT?l5&ObpsFnc(k9>^`l`<x#%eg~(<l+j<<!JMs%_HkqKwWI=nO+=VFg
z--US6W77WSWP+}f4cg;01;bwuw2v3GXZz4TUeLbUN_%oYLAyvvN8>$eix+t9CQT;D
zV9vDoQC`~Leu2}TZKZv+q<xzY?TO74JpH1eeX2?Oy2%6|O(t;WG*fW(1ws1^llJ?Q
z32sm3v}eqc(`qxtFfnLvKZW3_DFo`#GHFklB@csOC8v2DK`-(Pn=pl7+!R6k@L7U(
zk&<jo=d`byLa>q*Fpsca)K{+RZ3+}MqQcl0`8Rw=rVt#OLJ+XLum4eU*?r|9-+ld#
z>aGw`VYfiIF@@kdLs(w|VY5UKDOuC15fvT@gvwJ1f~OJ$?CR@(7+ry^xy!CV@kH2S
zJ8@E4PbFwMm2g9vEN3ldSTDl%Y$u=Z2t$(PVd>1EX+(uFiTvw?{!<B(rV{h(grcbg
zXW5TeKL*~MM)2A+0>a7|UnhJzjo{;H#QZuTa5@2*PRy5Qgab{ctY0Ub>%<?9r%opr
zG@XewHracC&BIP5zD{VBEDx}8C0ZXc%kKi)C0mZd%ot=j3Ns+pdzj6er509$NBzfP
zbV!z`F8N<ijR@P1iTq{lWzz{3PABHe+P_aHxWs-eKB%J041yPD5c6g2?`9AjnnCyn
zaY**tkggeF3wY_@KFhNw%X1C=Yg0SI*83%1o9AW{B+TTs**BA5`%GS&+Or6vX7Spr
znnm#LEK!>P|Ju}zur2x5+6c9klPOu7xCq<Tm#iNNhRr4jn$2r5bvD7+*}N7HXA|6>
zP59T00!c148bsL2zwGlhW3Yck8%5aKy!>z95q6M`n4~IDnn&2uU*?bghGh~A%p_3L
z29*+tl6BuM$zm)MDcOD7MO4`HGVi{7G6{BN5(FeA`wsxgvelCP5nha_fd6rXi<tx$
z7(!|Zgfxke=8w=NqQa8`fzBZya|i-5lKqE}RkDS$83nx~Yy<wshmb~d2pY^0L&ym^
zgcLKwff2UM|M?6drzHJx<rF9*BP#6f%!iQfa|m9Y!-tTAa|rg#;X_F5Tmtu80>a7|
zL&)g41ViTXA>`a#f|GOk5OPWmA*V_iLfoDC5Ry2L;Kg}t2r04*A#FRC7()I|mZ710
zb+(>0BSY!h`&o{_YB$6?YAh_>zHpS~1gzoH|6>T*CDpgf|9akzuvL9Ue04OBVAwp~
zX-~`}I5>}Ymu*=Dsad?c>{>`Le4*&HyZrk?a)j;qSN^Tj=1M8$`q!p^gzXbi8`nDo
zX-jx*#=K9E@;<Lk_YVjvf52<ga|J=@3ekBF`*+^d2;0}M_;lVp{|cu>*#7?43ZIap
z%nAPr500=UzG@w1>Z~G&Sj8*q{D|Q2Dqhjx)dWXB5wxA~uf@;^+oV_jZ3qeIC+7i8
zfsz(s+xsdXLQbqD$XiRG)=4cT67CANR_P~0`mn;2Jnm|*SwAYJ>j=m?Vt!OAj2$xN
z|50g!bp-X-5%D_RVOh0ohJM0hoA4Tc<)F(tg3jysqU>ltc~Y%rd2Fy?9l_jn1nRa@
zs*iHaLw-Mbq8Lxb3*t_CY<~%FU#}xLypEU;Mhm1jk&5#_Y2wB@g6qt)y?<G!L_7P-
zup<Eqlpj5|u3fmd%IgUN*Yj%&?k^u+1z4^vaXmrD^#p3S!DR(|iIE<Xn1`P{w%x+R
ztn~!bgojw^A<OFFz<PpQ=AqeOrHs#6n@JD3%)=><E#!6X;o*9M`@%yj>7m%_q1gt4
z_zeUB*9QBXD{4Hd>Mu`ib0|>qJ+?6ddgum%K^w&5DhZwFut2ZhK(KlPff_JaDdVV*
zbXoZf=HZOTmM=V9+CXq#c*u|*a;zR)pAv+BN}vW0R?7HdIZJvdU>?qTY)`zwJ-qQL
z!K<H&r(V*7lUO_~`jjAxdB_-C)*;%fq=y8eKso2JtrQ;eJ|*~Ccvvqzq*^^he@0O4
zGXgc!*Moijwh85gk6qG7HuF*7v8i3TkCC4dq<+SI9FRWptUeBXMzD|ha1Hi*cGp3=
zIN|LJx&q}_kFBq8Q8|YoFo(N1<?Rc)wJ+olbj%@8hYv36Jo6%NUtk{2du(3|51Bax
z(}ag&Z(p!_IFm#06Z7!*pwb>d8ZIzEb_V9+g2z^;8+TD>BSGv&?!rDmb_T19w>J{>
z+(@A24le81_h9M4MHMK89@{+OVdX}G<-$X_^pHp`9{$)!aGiNL>faKH@*?U;7a7dO
zMUU;4aMA8_f+s!~+mF&kj@8BD&k5#zPN1IhchN<<XeV71Fc+6RwpZR1{qA#u0^y>g
zbm1&-anW=WL4!>MYO#M)BuN+Dq>F^|3Y5zp+ZV#cv`qw)HgOk8(nYG(MeZhoUChN&
zzowXFG{s|sfl~wIGePFzlB;6Z?sh1_gMs^-2<~noD97yb<zr5fk}uJ`+CQqbDD%u_
zf_9sUdH<g;YgMAmYyBTLR~%-@;^kxH-SguL`)_srUo*nW0I|GCWdFVDa&PZ$otslO
z6ZGHA=VoCXAXENx^Zd;O^EMN)>`qFNN@3`gqt(;heZEs$Bn=9fL7Qmxfi!r{K&YTV
znG>xBzU5OcKSe$?Wd<vvwMM=MC&ozaITa{dqP5Om14eqYfpWvSq5|bubj4z3z=$>)
zB|&cUi<GrdzJH51%GS*Un?<7tOQmEPzeaJ6l|x9yl8w@3plFm__TQhQ-7h9t8zp};
z!D-Pb!Z<*t{2N8tLh#7jDBA`K&WjoP$_RCElB9;Y4;duZYe|6$6g|>?%*TE8Ed()J
zxO-vjkSTxn&u<}kc8k~j5P5DaL!TU_{+{I1bl0RoF*8^nrB>+SW6)}-jBF94K&kCk
z<9rR$<io;jW-!mKz21Z0?WJxZ7{n@Lh#=SdEHzkx@|nBhogP*Z9F{;LWfj3sJ-7%K
zZy{K?g^NH~DkaPKi6C*T49XJhD+1=bV5nH6XS4rqbXQ!~ll$Afg<$&@K6(_%Iu?~u
z$FZVJ`K<){R$j*<S;wOPsAGy0YMyT$jhmB@VPXL$Qu5|xt6RO(liy7}yOp59R(?0t
z;|qdLU+|lhM%xHH+xSh&PumENY!f#ru3>&RDcjs?jb3Hlq%hsa$Y(#Oq(J$~?Vj4p
zs@uWa2?lQGx)sKnO!@0}(RP9b+of)khsndQ8G4Nv_2XVXs#`7%vY0_)jC!b-&sgTH
ztU&o7Mm_6Wu5g%~V3@(@G1?<v1IRW=s-i$S7^As*`;27?!{yVJ5VnSlskp1RRmL6U
zgCdc#O5}syTq4`I6MV6qOGH>ICCm6pq>ij!LP*K6ENQqH%Tn2Yug17T`&b+0+;)O9
zqEUo#fK2%}ihT#cV>@J{>>4iDoeX_jq}sBNpr%}<QNUq&8HfF!ksXZ;TGhu6rN$_r
z<_>}yI|yv?qkz|T5WK*Cv>gSU-a(MZe!Mse=(3aG#hnBJc^s^Kit%C6DBzT=Ndc?L
zkC8#z+Z_DcodidB5)k$u!^1y23GVFV9{TMf=&_4?_-+@$kzE7<g;o!IGj@c$2_NCV
zGZd-ydYkvQrn?Cm?B=~~=5B(iyLoRrvYTMvZr<A(>>;SRNAx!P2*2KTF;ZLnc3Hj6
zIDBP<j0{p$f$|_y-TJnVDk0wu&I?tb40cs~qpuh+_YlnA!v`??NO3XtktNmHN|gC^
z55c)TT%E#FDOtu(oku51s=`XDGkm0sb;|xb%;nzJ*Q!o!FM+z3t5X;U$dtc2>+B_{
zwbwgjjFc}UF!Z?*AwTz(>NMVJkvN<E5S23#+T+Q5(t2qxK_>?5Q^+P$Qqnggw5LR&
zk$VY-vqHv&c1{z+T>+~~Yma+Hvh_mW+e@%aT&OU1$dvzu=I$lfV_qmjzb4TW!xbnA
zQSL`R=oj}AToCBjB>J^7&`B;qKrRtyN+rtok24theow`?{(Q@|aV|mKT)yS{elEe{
zT)yS1>?8Oqmw>P`#+GZZeFSgr<6Ewq_Yth$$G2RC1DnN_cguBgKfdJ}xSznep8#6&
zXz!Nm=6)r%T+>I(fFD2hv!3QSU2LIF8Ex5e4VdiRaxK@tRQt|zEL*PGbN(gh0J~+$
z8ZGaNs<DaCqYmuPck7z(CuqE%KwUnzjOa5MBib^D75-nO`<wpOwj8pbVDNt4mcrN}
zQ~qtaWIw?oMw%&Jq)W4OzY!-l!hr!?ygT<3Y~L?7<zv$2W*Vzf?MSVrFf7<laMmzn
zqgX<^+z^UTpwx}jMh)PjqWUF)?Mq@ghpN_>1hHQd5N2x(iCw=Wc;QQ_yOeaf&SYru
zkwNQIxb7Z1Kyd#{uDd}82znmix-5NlTpQ2x{--Uj1%jkSiWb-6P^`GSyF+m&NP*%I
zio3f@gIn<y4^D6`6jD4m{L=UD`$t}Px3{-<J3IT#=5C&u@4?cpC;xk4ZjG~M9VE>O
zXQ}Hn?V%C4C0@*R-Bi~1()}2IRCgy4nh~btb9iX7HZRXq*jeKV>|o{^`Wqi;`+44#
zo=v%xaq8nxH8LT6s$7=K{QAQ)hA&i_PeP;QB|W=FXMTV7=4}|t6eWaD;*UhA1Ue?h
zcit?sA&Jm%^gRri1fK+-R5fX(H2yBz^DcGhSE-`C<kA%pn<Yk#x7^=4;h?C3DeCH#
zaVeDVcm&@>w!E*YL#OckP7F&8+W?HXG|fKYD}N&~J17{oFT4)<z(Bs}xgbhLnr?E2
z4BrfKFJ(rjjd8}j9r{>e7m`XH%E8!tAtl#PV*ETc1z!V80uGQg9!u9uaWim`<xoWO
z^oD>Y&p#oVUu)d8`8}f-=c3yfElNDtl_J>l>t;8t(FlPl5lXPKxE@ey1iP0Z<AQhb
z?6w~Byq83^djyjrHbr~nJ-Qpk;$uVsf`3@^#La|agHr3f@>-yBXEcnh>M}yhk$<vi
zn|$o%R_PG2tWSbVYV#Nw0pBUfC;~86i@@^wjFdQnrM}(7YbzD^P?MeE5@`ZRXGb<(
zcirO>*!2<OI-`!hr;IOihZx9WS|k`ig(&EKw-{fTx1hmpiczEzMqhjo=PQ%*GyQsH
z=cL*Gl2Taai=|{4g%$C(9`S-d<gC)jmN$XG7fetQJDkc*O}61M+Am*o>Yvb|3Ha+3
zx5=jCJKx6rslzV^z{K)UCd&fQ4mcs}YqFFq2{%dP9x%x(P>^bu!>6QO@`#K5@YgW(
z&xU(q-EG?DfJ>&_no$YC2&N?1BN0zTW%^ox)V>g4Z_Y$R!SglNbHy#Rb|h2I#qd+d
zXF1G7w77JdHNg@ssNjg9$pi+_#gCVEi2Lt4OLK#e<zaBt2UR{rXUNMvwuA*o#`O8j
z9h6@3*3mzWA}@Cdkb2Jke1Re2r%{4RSesFJb!qn&6_zFvs_dr&ne{^{Co^ai_Xv<Z
zRm}q&VlHRAe~`}Fg|g%BVP#xU^c|lJvTlI7aJGR13)_hX;pVHS7bh6*JwzJ%A58wv
z@(e%|B`^otwI%~(UC)KtQxO|Pkf%IF`fE^V?Z)>?h6u&dGklb*;7yIp^H+U0RBc*c
zU%8AjrzS+WRgyo4Y%bv|F;@?RO5M%$Fe^V_DD2HNXp|;7rjD9dYZ0<(L{pknX>C6#
zG6Q$4udf-^WIj1~L|zPcKfda#rK*WHyh4#kB|`bS{3d>73q_)uNP}6QkS)5fRNCS8
zCHw$0v|d#Y>YVqkt#3LBCF_Vz;#8g~l?j=zS3$wrszk>PMfXQlG75_-R^_1Tx0Ui5
zEO~VUY;)gTy1v3>NoIQ@D_<L%B@Sl0A9C!eEAKJua(6Z4?-C0x5{#JngXr2$Y2QLc
zjhKsrXvofq(ntI9G2DZ<H3;y!n5wnTWn3$@M5NWWQqGL~QR=mv;~1$^_lQcgn86TA
z4wlj;hfwQ310U*zU}?_zj>bKxtT*_TbSmGVzpK8xy;E5En8fd#tch|~UK77^1?W2}
z$3P;2s=KH(=Tl0Gf=hJT$n@POdl(~l;lVbvOw174@vJlrx0UG>&wl3V8_eIUs)_xq
zWQ)ru{mI^~c<_BzIi^7lNo?QNj1vuy5_o19yH!+$sLKoX#~WrJ%2fUja8{kglpFRT
zp4l{OHk^>wVu<S3mG$1&mk-k8P1U6<<Te8D6j;cI-j6Q#zE*k;7hg+NA7<@TCSf-V
zN0+Hox9>XD?R|Z08Ln%a67bWR9o0J6b%<HbE(KxqrhZ$j_qE84^d-7(#Bt|%gND}h
z60}QfaG$8{+%H(~n<^)5{x$j|PKbNN)t25m75C)pIKhGYfioTy*~!zVcjPI_Opd{f
zayyUIm#h*$^%tnNxw{^>)D3<uWdfVTKE<<p9UNzv1BHZb^&%$wE7vEX-E;kaDt(?D
znHVu+t1HF*L==R%vlJ^Q^g|bHYc>7^rWO3w=kr|H)iCf)GrQAYrjn#HV3w*TE7b-L
zK&x_SD?BG-7XFY+#Cja7XcXWI$eu0;Mw75Zn}7ytDGRa%YXY*aYv^okU*0u*`C^3)
zDaXRdB9Y4!=Gj&IHO>6V-ebfSmxB4-O_exK&n@trrPKf`1sw__?LRem(Kr8+x@D5c
zn%^p7&oVS-*u7EvHnpI?-sm$?Fg@873+c+EDP~Nt^;#nd>B{B>%HyO*BV16m0WLzC
z?W(3yR$~D&XC=+vc^Tpz5?y=!seVagIPJ9|>=RQ<yQQ=U4^^YJ5(KB`J!{xW-VB_G
zR3B}lH1>%_ty=eUGcn`yCr9NOzp#Z)akbx}%@WT(A)BSxN}rqk!c;oMInP6NKPNqD
zMMRJ}#fY=$%9(LMissqrD)fI2GEA>C()l*3jnay{hLJ}gI1N_5O&UIarj`gQBnz-C
zF`QE`5FsfReeLW-ikT9t)7nUiS!HU~D(uy^vdB&-60C0WDd$tHrJX|@;#dHT7?Tdo
z51e+5-lUd_C9=EXAoygOWQS>@KxQBwhX9MOct)G;(6hiQ6;Z@YEK)E&z`6TgaTpYR
z8Z)=^kMmY9nCMaByl5h3`_0`~o{lL878mx(+>9Jc+SHSGeIfOI$Sxs)l<Jw7;F6K>
zu|D&I=Yn=YN-Q)BYXB&XGFxJfZlCc3hl0x>iE~x$Q$wAcl96T?gi|VA78Km&+gTs=
zu0Be9O{6g{+A)zeX9BBJ^pCyz%^3^IE>?)YnFWyA7M{F2Ny(xln&tGeew#-Z17=K6
zg_TLyC2-W}wp85xA;d#;6HB6(MW^n2-Rp7dp3K_5t92HX>^ix+Bc-G%b}|Fh1U{Lz
zz(33qE7ko@!iRj3K%Gmw$ncfjY7`gK=8jyCR5OJ3!eBqVt{O#9x718X0b&tBvI}Ll
zb%lK0z{tCqh*|i}A8OLun9Ul}a=;%7?3IUnh~BTN7stG|>qa&B$s0PlSYuaPPXOtX
z5znX%Npp{XcbN6*hz3dsG_X!Uw2QO!$eecK8<ZZQNGvYDW1EH<zqj)?E}~b2utw<2
z7n{?_3J2tFZhEo6u8vT8xge||Bu~O27e4I-+3e7BGJ~)0EBfd@CI&nR_o4S*L=XCf
z6|CZZOdRi$;M_tpR9W~<^lRWP%C+-p^lrFCC}Jpph5&E$SBe*nK6j!jonkCz8sK|0
zokx-n%`$i6;HM-}c@;V_WmYc>J<(rH4!<(3kZ*Usk2CirE3nj%Jgwm7pV@@W`N-tF
zq({n_EBXlJ!__xw!S#twet_IYZ>U(AB;t20CRT}g)dyCyh(b!IZq7Mp!V3QItr@2C
zWvN%Fqt>n78e|LY@@hwA2L?ywQ8LPA5xT1emsaeF>CS|n9rmd|e`cc$xcplr%Izj+
zql`KGZ!l-l)MpeLdpT0P_h?mJrLpr;Y@0}S_Q>4gZAH|%t{jm_BpB+n@;DPHbxMo7
zhp)g}F&5U6Mr(Mq5q1%XR$;qqK;5|R^E=-&{JQZ~F^ra{zSQLhK8eSb8e9I?RDd-G
zy})dii~JRo;Pw4cz&{yjXS!*&aSN|f`|jgu+EiDXSbJw_NM=TBmU2fbF==NSml>o9
zP<wP)7^!yz{<Wz0eHEJSoB9h=Y>U3D@a3LQYnkfaSNtw1&P{OYDXI@f(_ha1x9<JD
zT~ZBuU~)ZY#Sb4e3RXQG>#-sHe+fO?9i_8f)6G_mTRQ9pq3(YPYr0sVFRd=<IUy^~
zaH5cfC)LpMXGl@$gZ%WfYMDd`;wc~H;^~sTjm`i~>VCF%jlk~g8sp9S_oD8ggw19U
z3Y}EJM2GCRAXVlLIcA~s!ZlY%g4wpB;wPG@2Sr99oer;I7PY^f%_;V)aGqcS$o<$K
z?;oZpk53kwmLfi#4;-QG!Sb!aimjM9@H9h1)>Xa^)#=TigM+%trV*|Ikh4<)=dpYK
zrndb-N<{nkDcG=+6=!7aJsHT9RjR`enNuU+V8Np7B6YCp9%cD@S;4{qIQ9*ozcimw
z>s>rgS>*Z@7&=?yx<ALAMqSCX_m;2b)FPeFQK-J?{L3aZu<t4*)7``};-n3tIV-q0
zPxX3Gq{031;Z>+DRfAt`<I-5LIOjnKxu}XfL?ohRl=$)<=cE7JeRjd!M!==-wF~n3
zV_l-3s4<=+CmiE%4-zl%`(VL02WJOVp}kK88-x>p;z&7t*#rq5WZ|k*C?0;iOSFx@
zY=R(<LXhGIO)zEt1fy5$ua9Hg{)6nNV9MVLt-Y;-!v3ycU3neuEJn3;FZ)^>cQCpb
z9ofzF=vh%D3N~ev^W0aDfCK72Qhe)jBQ~fz8O%MMPq6^k?-S=uBC*pi+ED3)B`lQ!
z3cpVckBP?=u{NXS032j4pp_5F*w$p8I3bg3`wFdY%EXLR9UrVod^!O_Y2vMIYq%7`
zg<+hA15R9?08Y-25eg8xh?bdBFG9N$W}!4@9f*<i2&FW-JfU4MqYyh|M*ssY2Tg2Y
z_sPtR%~`DPGZ)2)XxT;g@~auOlHHNsWp<}9MhLRBz2@6(<uogkL&Q^~Vy957&tP@J
zVcTT}Uh_Z=x4&ByYn%;M$~=4X@MjZ&;j#hi*+TD3?a}g>xYA?&^LY7Zm!j{Y&}3VW
z;f`g`F7w%m>tY6&r;?c%nTO+Np^r_6B28(^BZAqJjke<?OEmPA6+mF1idp2cmsYdK
zF-j-+{V}=la$Rw2u4O&s=;jA|LvH4I3C1(gUWb2?p^f|TtT#nD3WBy19E{?Pt1Sx|
zZ3I;at!tqoFrx$esX%g8m%=YWnN>R!sg@_|UdI}O2zu=izYsWcIc-<Yk0%iL2MN<J
z%;=aWDKj6Y@|}5ia*&ZAh2@yr@iR-grL-V8uq_81M%Z~_6vC!K*a_0|EEgod_ZOt-
z#XJ^Qj?~;)n)pDW`~mz}R#sfi&|vu+^K&9r`W50+J<(F~2MXYuk*80yXNf;PmL1;6
zm~G5>0u+y(^<Ns6&>>8rP?%BU3TZ*H#{Wi~i3^IQ|2Og%SU}74#Znc2nu}N5>^B==
ziDoa!<*2<Fgn4}RLTCZ&_~fN0Iq6a`>OmWA!&^bmIUkJUU3z4DyVzdX#!wI{;(w9g
zAUtsH-Za-@Ut_C~=Vx!%V^eaWAe$u^v}gU>qu6AsM150I_wpj!@?+OB!q3KA%5Gbj
zgO+4L<Ri;g_{`+eVyI@<Yq;PiT9lHDW8J$~FRIzZAdrytm-ZJ{+S}-U-+%kLso*qj
znpL2_PkTN{!6E0v>N;+yB^l{-^vobV$+@1%(r-FBKQ6<_;2z&*7&(_xr25OIMysfE
z-9mpK&H94s^_b~QKr-88vW%X1xn7W6_H9D@s}Ow~`;`a0Ju5vaK5@qh8GqxNP4+iZ
zipm!@E*JjmIW~RxWbo!+Q-oFy+oH`SC)xu0E4Nx|{^MM10db@QyrzV0o@xA@hXI(m
zA6K#;w*!FMZ0}~X*G3!z=aO>&PO#_gOqd*?9ttdGcQ0g9e4NVecImNGVB;Fg4jj!6
z^eyDSN1Jj+<F$|8Cep9PRJ->TD7fTRt(xo@FQ#JLF8PxcJ0w3JSncJqL5{&7L@DHX
zFf2d+Yd!~E^o!He45p`!s`#NTrRwpV*OC{7C*tjwnT>Iy$|Jpg?)c&~^i#{kO7I`8
z-?D7@9}?c1$a>Y7We%&4g^eru_)!$@c?Hd#n|;4oI2Zb8lQ}H-v$AaO$B5UZztQjC
z@9?>%Bzm6Oz}T#_0_c7f_JTE`;2>g8O7Nx}Z?@mlS))VCCC%82Ka1?KobPGqbvrt%
zmOEH?6;n5u585;&e&>I|)O@)}^yS=%ccm}<fvCZ(96XZSam!VINvBEuM0J61{o^}U
zDP^qnmAi+Yczu*M)lb-Df}}GFl)W{_HB^~Rm4kHN<IZdFT{@X-jP!FQNp<JzXvs{+
zI=~hA9+i(Euox~D|H1xb+A?03G8K$twEMQ@WtJ<&?AweEIT@@47_lF|{zh9A{ttP$
z;@dAQUi&Sk@}73`A_-oXhTOezo1ur&LGL?26x~*|u~oqL9nXa~xd)W<v;Z}}$ZRhB
zCp}gR%FlTGmXu_<=8A1lAms@;3Zvn`#0_e7re5!+SR8v3+bZE3b5I-ohyF=dMZ2%Y
zTWQl6odaxz1c<MOlC;OTtzTt+;<lnJ9vDsNuq9TuOYqL)#7~!I;Wqm;z-qbbQNs84
zyb>SRzAIf`^KQx5ef<(6^jFY}@{PH28^IfMA8CpemYBS*g__j?<O!WQ^}Kjsog}cR
zh`!)621h-_=(FszIK|pauh(fSH3Jr%T%JoN`k!UP-%&Vx!!w*3@*c;V;mUj@>skUE
zN(jX)C0q`9)1e<7P}B_Yc{EZ8_6apDC(y^je^!-PYS2@(JR5$N4I32_N%dNCCs}Fi
zZ35RGkNh3-?$VJSxzP4p>M{8|62>g#tOZryD<AUKV$%B@c|U3)oI}b+;6*|lGnv1J
zrDjrZlYI|9(5DtE`+6G0ij|sNN%-h%8U^mA7Mfd%ExokdNlqgF%O+mdg&wL?ZDu;!
zd)EdiD(3veFLuLdsvTKe<s5W+7NAW5Urr#EeKA}8C&NfPvLik$m4ADX4oykw3k$;!
zZHnnX0RQ_IP-WD_FCn<ry8`{fRu{)y>~7JvM-8_CbjUhM)JOVv8a1y&l^32r>WvED
zcWcl-pzi9eYBO((A=rsq@1~te{XtL7rO(g{>FS?(Cs%h#@gi9K{!iAWR$a-IH6zE^
zJoitQCow&}9OH!6uBI74>(eo`FHK^|qth`?MIW)(Hiv)F2Uyo0)iO#usqnsk0*VmY
zM04MGWmvzvVHoFrO^*8=2W6z6^;KV}E9INLTvr0?2F<o8?u=y$HNGrTUDsK$(ajZ>
zA=d`3@hEQJx+-wDwil(ft7QhVqHzZJhBH?dxJqX82^c_Dwxg3VS&S3pya1AK1KV#|
zY%W>ZFzC!e>#`<&FkE5^RNLzt6M4oFL!ANskCj>A<oTt`QJKn3!y-eW&W4Z=H30!F
z6bhZz-XbK0J3+h@3bWSUadFd7QAu=jo0jyn<wRg5t*Az1?LD`!P^aeykHZFBJ)4mm
zMhdB7&!w5PWrBkR^~u@+KCeuQku{+nD=`w*@0QjOaGV`Q3x4|Y*6G2`dznb5M{ePd
zrw18FQ1g|ZaWMP5muF4gfVXQVMX&av8~E|YJd<M9@qo-wN;Wmr+FPr=DNYuM(@S4x
zT(Zke`(gD^Z_;vB(9%nUvO2r*&|vtF9pK;2CoT}?{|K_3^=rUBddrHkTI5mljVwBU
zR|kL2MAyGkxN>b?aL;E9t96c^_5qHY*|)KIv<sLPl;P<r_Y7k^OT~Sy<7X}2Am#P?
zTvI9K<keZj7-ruDtNgsRMAIb+zxGR!0I^Y2lxC}=<=2!JOS4gY%>=5W=`PHiNwDSi
z^7|;Fbjf#WbB~(+xDT-9?o9*F;<RX>@nZ*XytO`^gA=Nw*~-0i*T2fc^zjNZJ>Fed
zIEyj|vSre;eA_V%!9&Kk@Xc?vx`GK=I9#L!RJMR^9WT<x6Z70h?S4%;94)D3x9%Ro
zgnH^H47kr1xP_;Q4{kyzTEx<pp+#UYgO}$8#zU7O&FH)D<~v{f3gjs$D!qI!FcXBf
zI}EZ;x`l*D7NLbEo!T}jeMXg=bZE~;z83^kuA%JnP<1`o&rfT~21HCi>ju@fmh)Hn
z2a=cg(E0CV4jZoURdkwl6JrW+htOQtiuETTP8-{+k4^n!{Z39|yG4O5b>Q+p=he=L
z$Ob9?F>Q{@YReZMuRZ<=Ff%x+Mg9PdF};6Io$CD0-u%29qz?S0IQT{uX!IOu_AWJ*
znY51mar$@Fg;jV{X5W(Qiu?=3KZlIEs*(Pi-bevsTak`ihL=aI{8hMA06yf?t-Q6K
z4jOUsRti9v7U9GsetGHA)a;PqB;O)XQk)0=>Yt-!uKPmX#Xye2RCR<*=h-<ph1j}b
z#c7K(+i&U3!d7Xj$mnK^zYyQz?8E`6_2`h%M$91qg>G&UTGfNsKbk^e&AAVzA2qvk
zqF&zSpV$m(WVyNdreiwt^G+y%n-K@@>cx*6S+l8*CRR~z=@+;b$L-tD1AbLQIR0;%
z7WaUUuDsmr_0MMrJCW)_RfnuOu;cl4_;BB=C4Lsl05-MV5TFR$_I#}~%rRQ<zYoPY
z&OMJV>S#oHS293=F62FGMdLZLciwFm$Wpd%4kIh2$Vpy@U(nS@suo-Wz^>r$XH`e*
zG|-iCLH^ciS&Cb0j`Hb_?#d&*9%pAep8Uk(>VtK@E~~9LeX8JMN%kE<VhN~vFtl6~
zi5{oj0u<OggO94^oV25x0|FG+JA>Q|&>GDnG@&fMY4tp|ER-e+U`_lpsg8-fp}nlm
zD+-=B2k%%H`MgRgg88Q1ibKFZP+8y@53Z#YEmtgXIs1y8_=wNcjWb}hc+WZKK@vh1
zcm_;v1O>4Znd+V6ShDk5MrajziNI)JM|};1_7QCTOryOZQ?jcpt&_oKMNCz6G;&n&
zmV>gnrib=-PV3SQQCUx0OoEv4j#n2+J?-WX3dfYby$9VX?R5+X>8BlqD&A071*hfw
zqZ3p0U%}7OiBt|T`_Tzs?ark@e#JO>n9Vh{QxOILt=A6f)AfZUsJZyfj0chx(h}jw
z17n=#Prx|59d$HA3?|XOk`k_{lW}H}jk5&qwre8l(i6#ia|Wv6qYNsJl1pPdtg(Qi
zMleZycuEgH3x8oFSUuh=#nye$7?_gMJn(D!d^AGa+sM9VN6C`n>mJOzrpZ!?h$1ZO
zpn<}`I<mMDEUWB^lBZ`ayIEg--0;{l3SL(BigT(OK$xXc)Mg*r!IUD|Hfe=P_-47X
zA1f{sDHJ>?@UsqGJH?ucU)6u<M96yYMp2!mJ(JO3x3lcCBqq^-URQzd^#YvNjbzLB
zEht`l=rZyQ_o}sXdcj9N@>t}2n6y+9=${*-@{lg$UF7O&$K$<sM$Rg0;}AOW%C|Ni
zK{Ox#=TNsZyKk|fLY5{=!}FQQ=ItG3{z{NbU2%nA{>s-}B0>4I_F8RhiV1@QwenRq
zwox;zsa!;KYXW)q(V}cqO(0$WF|DiuA`!NdVdIbX=A~!dma3Bp;mc!nslAuSK)X-C
z<7tJFX%eCSelshTL+!UwzWTDC-{+zOj*0CC@g79AM<81Nj+|_II3-8Iw}kK+m)=i*
zbJ((@FqSzIq1jxq*`LQ0TF)rBi24#ZF<xOWM4~e9m(y#-<DpgtZvO5y-IDsh()>(8
z+eEw-8j4FD4)H@OyUW4RlRrN?g%U3Ke?W5X^T53u#NF?Q#skd5!F()(Y3J{FzMsho
zvDd#g91WXLBA;`+{<5T@!pmd&Xd)Xck}G@i*1{&Ov#9tqX|nhlm$&*7E+&NcTzqj5
zI50lGgYWf8)GF0Bb6{dSa8$iUlWCkRh*oJVb&siOOtZ&FbY{HfOkl_@%^pX-_+>ox
zp@eiy0<%VsPwp^<b`hC&^trsVCF4ftI;DeQ_hgD>yrJW#<1g<+$!&Ity=s5{c{3Px
zM*sIJkYUj{3kUBUZHGu_JtZK5Um!}B>Y#g(|4y6=72&llf?$$(5J8CKUo4fQoLwxb
z>Q7mkHfwgN(`dLGWe}DGb*Ejgs%SHrR4BZt-F$!IckHuxez9~>^Sd$sTqaz2hX~y=
zBsBSG(C_$rSlq?Zh*l|?L27?yw|HO1zt)l2j&HS@f@%~d+{}i7KxAc$jEwxA2n}CJ
zra7D5bnmBPxA8lmA0IwTCUEzr*9+-o{8giiSmD<1_|SH+nvjNmIfKY5Z{#CeiUk(S
z|7?w@P%Rg+VF_3;>;OA4W;>3i8IvxlX?BhES5BdGEk}Ovg>a1;^GS$Mc^3rVXv&_W
zVa9~c9{;pZ)V?qj{1yc+mH~MtQ#f;C4CnDF49z}5g^OiD__2%a$cF7*d~{?)3@VTw
z^>EDrMurIWin021Y0#?vZ6FnkAI(pK4vDVbH!_VpO4IAdH3h~cbZ_4a!ha7iV)f&|
zJU}dM%@WflTp6<_$5NmnGnISMe7(0x2;X2B3tIKcCpg3vi#G?F=co?aLQ?@XrXoN|
zh_;th&AsKDW2&fdcqlIHZG`3=maRjus>FGDC<4)k29ND$+K=#non>p?gJR4rrk@-I
zhJZTV($-avFzrfjo%2Jpkq6b=aP3+d_0p_@M}#)eai@yv?G#EjL`*%tNSjv^zJ`2n
zq%_^5F-<u=sBo_!(fK_(-21o9e?G7*Ve@zS(fD*#>X%3#SRiQ^#OF~7W!=#Nw`=j!
zbkKc~YE-fhG2|x!#D(8J-!R_7fETO$LKOA)M<U1xw>?Llj9c@Ya?#r=k*~3dt+BJ~
zLZL-|DB)S^4DeifIO++rnm3B@OZS`b_^1Lh5^B2>2K$qJ)q53{`%VIYBCS$$Z)L$d
z+36>_>A&ZNkBJ5U{P<6l|2fKnDN(DbVqx(3f~AQZ`_|ygnWsR!@-^#HQJtBflblq<
z@emfDGXRoaZ8aUl8@e5U5>BKD=;~0P{##)+z0Q@iohhdRLe!s6x6=QUTn}rKg&SSC
zfzkfE<Xhx7UgyS_($%{e4T+{pK8b)4T2y#!5HTb+#fr8dN&bFKE@mYW4Ib^n><jmh
z0Cg(lAOxsjE85!-{_is;r|me<v-W5G`_wsy{0mrkJ7ZM`8621<vA;Ye2zS$gW&7Dr
zU8~;*pf+Zsz^9Nyu~X#RKQz}P-q$#V3g^gz)O)Mfc)G!M_EJWXj1q}^3eq8E((o+3
zGMKTu0$WDC_@Uk}H(evWHO3g2dMH9quypuNwUWaXW(qEni{rNAI4Ij(Q4U39h9Xd?
zV76E=VLki*lkK>|pCaWh@8Tjx8BSY+$XOGZ2frJPs0Qhi4I#a)5Iv(nrE(^L*k(fN
z<BELwWBM~Mz(~I^R5-RW4DK8giKOZ5{kFEs^Z^VE7Ch4P4`DlFH8&_VPYH0)jx{7*
zun3|#@00S)Ds!!|*-Z&?Y~YEWj10e2xi5E)xpLNocN2?rOHV)57KlP45iY23;~L2C
z&!kAndR{uwYj5;BUWa9G3-2q%wpMf>lBj@+QW5M)$X+xHld@EFX-@~ulspz@Z`Wn_
zXLjiIO|pd|G#TLX$auP+JYd435)sSXL}3VAD8R7@8H{MGq&t(`ics$t6^kI&P`Ghi
zS=(ziJJoMtN}<p1E{Mu=2h~spGaODz%@%beKx)<m^2moO7^O)<-c=|GA@l@6*VcLO
zL@cb#1@Ow`iGSKIeVncR@3fVC=WHaR3l(cWfZ7hf_Ve_U49?IP7htk29P3RGwOzf=
zazUUj&d>rGayFA&Ww7yZ+4=Y~Y9Z1M8Q{0>-(Ii)b(W!5*g@t_q5vn6P=uu5Prw~M
z_g1PhYy+Woi6DcJ_SP0a`6NK35}+!4xG@UcUI&Klg9(!!eLGOnbeCSS_8EUjX<um!
zQnMnu@@Yw&1#X|@osJK$yTv+QL4~_yLR_xY0{#@b+KlTq*kl)Um&=3XykdU*$w90J
z0JT!%r$q(ffmNE96)J@-EFPat^EvQ|ZRwMlg?ly_)>-RS&P=={?)L+L0OpN^c*-2a
z<2;jl^;<|eLZiXEv*0mM0u+G{Kf#9C>e-uiD<hG126~@5KL_vfM*1EZSxrKu(;5SB
zy$NWi6z*~4K{@#FA#CEfHEKIk>lsSDu+X^zR|a;CO&GP^^I%D!FK&zkuK+x94^H^q
znqmJf6ECCpVu4yhS|wuQ-22y%LXg(-*)d*_dGLI}&G(3c!1OL-*j{kwC0Ds9O&X2J
zLP>XaXhm));v)1P*I)`8mTq7#)~x>DbKQ>qu~zRaw_t*C+Zw>8OkiQ&F=T!^uyh3&
z{=HJAzCM;S8~`!pvZn$lo_Vu|e-}{fL#7CXFDk(<ESP%0dysOuW*$Qui)oWu2I=`M
zfI}<y{JM0NXnJaw!E$0}vgr~FFVmB*=5!w2eBN$7VnYCK>7Y?E|G`d{A5{@KY>rw4
zT;~CH_3F}tKflkc>(8t&=Of-|&;9N6g@3G(Kl|uW)+c#iV@xBHmx`EALVU{aoNJ@U
zx`UHI7ORoi?xh^_$jg+YuLuz7F`Qm6h>-y08UW@U-C!<bOsW6rJ+zroX0Axh*m}m~
zUHKfHPE!!E?Cjb@Ki@*pO-))sx136)^pmE85pgnt%27S1!g@MyURxquG!y}l0D<x0
zOrZ!T9V8<J1x`axQL3e`8UqupkUk^zD6=-y;U1+_0fAEyPV1?0_;6q>0B}qI!RN8B
zH_4_c;tT(7mKa(ILV?pN!))iuGPJU1*Y|Sb5=J9p5_1sA%}hPj%7uB%9^dSJRPuI*
z74Yh}Z#?mP8_vBLFNH!8;NSo5xlGn)@1hq;QwNsltga5V2cg2>qQcuhLR<h4s+O5`
z^_g{OJ|bRw4h-^xn^a4kVR@9H8rrF@jM+~$&jjhs1dZB$lQ*u~Y&Md(=SxP&dod2r
z6}s-TX`f!3NZhL=Bl?8^wntI54cO<byQTktf4zWRdaVQCkjp(!=_7%*ZAIUz>*niz
z8-7)-2yLxf#p-<5+RuK|*cdkZv6Wrg#yHH|HYqgN9To0_3ita6*&v4GH_hbrN=H;L
zZT~)SCjQ50QTAfuL#kPfHN6L|?&k-j7Sh{CPNf)}f<s-dF=5YK_F{(V+sFw0lV3}*
zBH%<2+Q9<RLQ3gae~TAPF6sY)MZRW&g^ehdm)A13oL}dz6+M-X8|%gh$8ohkz;q$`
zU!m3kQu(81gPJL&)kVV)$E^UI4GudOAPrwo;Q!wssWyoapR@9A>nNCoSiN!h9boT>
z2PSM_7YyoMx@rEm{@K_sMy%3f<vnRkKUqadfMV|exJQ}-#wUzz9j4Py5c&J_JAmRJ
zB)rPOGXKF?uSWj1MIe@!M<!%M5f;0=^rRI<d!Tp*^&pqF$|>khE$L1bgTp12VENI-
zcBHn`d1o!58$AFB(h$W4+D!o<8yCx1$w!Fwrz6DpYp>#pwJ!oOLF1We2Aidi<LMSV
ziwgIm^7nrvS>SqQW{WQ*?j@5E^lku;9mX8_F~Ft3J3CX0nII1EwoZ=TFTm(GhOz&w
z(IFbZ>8)DD3+s9-EbDPP9e4F8%Y_$b(cZ6O8gX|O%GBztupXE6#_dg)ztD7sw4dFl
zh31)J!mv@`b`GW8;>ab?T*sG`x4q>L{6W}~b4&GuzqD`}dn_g)AQG5x@Q^)e9?m~L
zt7HIQ(DyVZJ5ROgpyiTBomVl{xJxhHGeb3zt<`5ie4ORZETmLGJtevS%}Zijrgay&
zLbP=GdvkdZJBvPGTMh3V`@WreNEH{UMo9<}WSo6h7!_a1O=qD5NF^zh30*ohzurNF
z`tn0jl*3?kmqWD?DjicqwEAA_8+A{oPXyoGX7~+)@KKxbqP>qzQd^5>%PBf__uym}
zP9qPs?oCU7bT9sD&s(^)pL{6NTa9YAtd3px#t|D_f!aHbyj})V1YayW`KtDXNfl9`
z>+r(df@xzY;u&+?#)z$`2un(kMO+MdG&CmPX!5f;k<j;zn=a47OeDOcYTSGLPWdli
zLsD3k5SV<Mw1pvWJJ}ZsRtzSBGioHo_i0afKk(&kGqQYnlR!nH>Nl0`6!k`(`>5_`
zOu9Z@ifwbcK7q(sCQP#rCv%N+?rr(g9I3lYbvcq47ocG@axL%Xt%`aD#=wQ(6RQ#h
ze3<^IC8FHm@MRR_`X?BF{i9ZQV20+EtjLhE_nyHI!Fn_!*}++qYBY;dG<S}h&w*Xl
zn^1zn5ca|dG@3V>TFy#a<G#9mRkV_?jHPgKtv-~I&1N{71tzZE`RXEBeYoU~N^T`w
z;aM7GXlW$BYVmc>uhd2wX&?IM7yvB{lCPGf&*d&?#Q4@RczM;TF{N2q%w+z8O=+oa
zy)_Dyuxh4n94XIRG>KwJv(!)^20K(A_|4;2)r@woQN3);!qs1ze<F%8$0@YL{5nY}
zQDUW>j-s=~{(9X}vN4X@({P8%n_p@{gk3$PiF?}n$x&srhXDXu=FJi&bKL#=fyao{
z?t9=4k+;vvn_D;!&l0&_;f#8a*6@ikBUZNBMMYdn89+2!1G$5(%oJp=AfX4`sfa^N
zFv30*@2dmfW~o1z@;LN-V<)%cwiac!T;_iWpN-lFY)xd!;n$y0rZ&Q}31zK!vCqpk
zFZma~zkff*+2P14D_-i{Kn^%~m;*V>{0e=Dh3`2Is$-5lvUD*|^X*m$jFbsVuk6n~
zSloy017epFhS0U!4Af9s3LY|$ISLF7)F^RnZr}7S;ZUK&o=y&W!z(A!41OW%C;o`9
z(5h$erU8r%&S76$id<W^oAuXYESy<PviWM6-ayKb37r1$2Dy2O;X>LIZU^Tl&gxHL
z;)cI1pLNU&+uXV7S-PmFTkbM=>;5h;0Nxv1#4w0ToShSO6}9jIeDYpHoDlWWDh2S%
z#^Bg$L%O$IJM^fd3*v^UF1PpYRFFbFScIgqsVTQe4OHx;mLP0i^!cfsqoMz3<NV35
z6nAKk5AZ_oXk*~j!sx*6;vIDWk=~YQh#GZBQNT;-FW*rlqdsAr$qE4Vw&KL?lEew7
zUK=?+jzoDoqCU3Ag_^!{+5=y3ZBL-Y)M0An>~-l-CZ9FE+)Ma@rF?Ponv*t!hBgHM
z#SkVy8Z!XHx0y|Pqy_Lbl`G<lr4v(+!&u}OG*ykcfF%4E{UHpR3)E(}ZXZ#`K}i;q
z$-`r4j@?o}CU@wk+(}l)hckB;<Y1b+`jd`q<$L2d<10sFzf&FZn?|@5jPCcvR6-Q>
zS@I#={dH)tj@@6UQcCsmj(d&V^y~uDErJO?Feg=wfG4^Wh=i(oh3Z)k5*W6>m;0Iu
z%!O<>;}vnx)n4H<65DmAT)T)iwWeseJj0CeAfmSv^%I4pjFeux&3=c(NLtTUv)_ew
z%n@>sDvX&(dZ`_fk4>{#LRz*q9u1vP{PwIA7WNGa;HN$dXIr<ej0U|!j%NmhLwl{h
zY?N2Xj1Pu5Rxjo8tQKE6^#=at`G$L4e-JNj*nEOyYU#7Rg<grFj^>K5yxq8<F0mGi
zDSKp`yHQnSH;nt}C23+v!;(W`;I@k2r5gWNmaBy7M6(xBeAABHs$Q4dt>uR{aLeT1
zm52?+JawtA9jU6X=3iG5HF>{RIMf{4xcGSW=YKJiuk`XeYz{SvgBYRZ4Js<txIqmO
z3R%o|azBK|AX)7zE3y!x4S(UKf*EY8?oAK!R02a#ZkN0z;L)_AV+Vcmr0oTu7+tL*
z_=IUsq!=ElO*h(KH;I*^T-dTi^q_2Qh&5F9VlKeTW3jwnrDXfDR|!m|1a;*MH#oJ|
zZ!8JtCl;)4lGdnjN;_Tf;v8}eyJc?uUZdStz3`(ejA@?-e}XTC5Nqvp8k8#nLhz!F
zrm3y)Zf)I|#khQpv^u2T;*CX@Wey*G>TqIY+4al1{5C4`8MnDv?3buWssfZD6(pBV
z*;Gq8T&fYLQi{R2u0~_j=6kphA%fOTJJ%v39-OGqC@=1kHa*Esa*$mKSk&LUSV$*U
ze*97sAW4ckI;ocZM0>3U!jO)q-d4}Q{N`{qZHpnDKn-x%x@+ne&QGFj%8WEFYzgTf
zh?HVnC!#zrjTEVl%#T#dv7-E2%fVuF!+ZFmo<+?&5{8G3FCoRmj6)2no{?HTBEjdt
zDfRVclol8Nh4#b09W+>Q{T1f$I9OPYUz)*M06*G0%GWsvlw$J6FI5ZUPa*CX*7N^q
zO^Jwrafe5uOEEnGC?!iGEvh4j2N>Vr6svjgr4Ubk)bV%iE)@TT+r0LgG6JWVj57`t
zl}t&vf&9iR7H2_vu?bVNIXyx-qzP+ZB6R>A0({in1f*}bwhKc&6D_^Y9$aG(159(q
zZxv#doG!nrS~tAd-?~s+Vc0VN;~Ep)AJ)L~@1ETQOy1o1h$)3m3O-4)-#^LvjhDsM
zhm6l`9RclPk(#SO6+es}asuf(MU_MK-F{iMui%20qNYW^xi06J|Mq=6aFSJn0Q;a9
z^!`D>1DAw?1Guy*jB%Q%gGtRn*Ny5zB40GrqD-807%%f&b_ytQR!Q2eR`i?mQZaR{
zS=A7#3NE;jC?Hk1?B||7NhoOhEv@=wRM5GuRWM$;n|BySDVS6QlLNE=BQPecJJSs%
z)6(DZM&}Jp3v0QXA|y`ulZxuaku;9_)R2!pbkb#{qF%}3vOcIWwMqAfrZorIG8&%&
z2metb4$5UT9_)(VCXn!rMTZv#lh@$gA^+8o$)A1Ee-p{(y~K+D!8W2gZ2nd6X>&OU
z5bg*t1+`E~pItKc{CO)7WAOv|R&10^u~)m8u}Mb$I=A#*B%*^subX`pU$vMlOJ)eu
zeWqLPSMz3v+0}A@n}z9{Az}M2X3z|ycj;LbpiDhSbq9O80SbWGF{i+#17ely`u?h(
z*Wx_$Wo?hz6&_C%UA%W<&o%!|7Be#9o7$}pF=dwGz;Ua#tvQGvQTy<QHl<sixfAD-
z9~spAtmt~3hBkxyl8^eY$;ShtVYN7-|LbV=uv*P!5vly;ARX%HBlF+Dj|Z~DYUG3m
z(uCa=IF}nEYDPTJeBjH=b!Oiwvje9p9UKwI$Qf%4HEUMsp+>;h$B_j`jA>g|>4ZkW
zABP@awu7<qs1kPzMK7oh*JW(V>ME$NYGJ>|<>7#17qTK1GV{GED<DnrB)Jhl6;Ish
z$~D884MbE{O_D~)j%Wmk>Ubu8<Jf)Z!vX1PbL8)JbP1+y59`&9jUEE}4vo@lXP691
zG?CwbUfcG1#<b2<E<vkk)uk1fdtJ1zDm}Kz$30^-4_60@J!68uqE89L9Jm?XawHTV
zaH=qhsn7_4nAPrdz3K&Qoi;c|)Q{hetmu-ZCo?@G*xtyx+2<UuX1e2xh7?j&RQ(nE
zO>}TwF(~*avSPKe>d{Z7OO7i~l1lXvYuQTSZ|w(+`9FYDN!$_5!A41$xxH^r=TN-r
z(eH)C7g)Y1dy6BQUEFzD>gfY}WnFUm#q7cCqcvozXIs7w&c@jPsC~~BW1wB1x7`Xd
z#^4Qx8)dWSK>9i36J1A3@;9ny^S<k3|DW8q1M`ik-m%tQ?^0H2zzLML_9?^nM_N{5
z23ODj$b6R!M2y?-<t}Yj_E1&~Lo`a8?yK<q7cl|#*#B1{4im7`eb7ngPa^f)lhirj
z$8sl2#Q3CIaFTS;IV%3_|8mIu)tW#%vw37n<+H4kc^@%<-tYIiYZ>BhfiHPg>#8y(
z2vQ^_lB=_nN?eso_J3(lFsQe^S4Z(&GRM?*7EoBF-f_GUK1b2T>Ha~Xov%c|lPUb?
zW9D}IuT}NmOaM&Hw&Jgq0IxC)6wfnchOxLg3U2pbc)daMoO%>~65}hgjFM$%)RsdZ
zVs2+|zMU<2#-x|UiWUO_!78L68GGRew89%RudDE;77M+jQpF&sY{(4Xl5yQM%%5tq
zz&9ApMby0JS4!{^MTSIUaKzm3Mw2+R)D*V+HA147J8Zk@|Bxj(fB`j^DY5~X&hgmx
zAW`DaoTOkZ=e3}4IOz8ZRtiw!FZRd3ZzoFZIFmd7!y=yzYlfj}lj|k=pDJbt{%TQ=
zMG5zF#{GfpJU_AAuDk5K#GDz1^tMdMgsnz59!E0)%RKb0LxiGr^)E{et$ph7?+P;k
zrkIx&(I!S{cg>jqU0hGgcP_2E8Gf2Znzdo%KJ4cqUE8cNSl=s5sk4=Sef+>ESM3!|
z>cAaKV?vTeb0)1&bshf>&Zb^*#2T|`8*Lv9HMy0f@4Ru>h5-9HElGxM^exbzewb7e
z*vM6*IQ5SEVDpa`-Sp}Qv^Mm8j;UA<XgwYM9FuSRJ=M*$$FPkx*&>KxgDoIM-tB$z
z2?^ylQ%<TSL-$tBZSD;=rCcd4J3Lef5vaQ}yp|(<iH#M;GF2UX<X-uEiu9!U_{a6r
zWT%8cz2`lVF01fqwey3lcs==YMCC86lrPL#I)jlVLmrGIlZ9y>D?a0eOMH=`oQ9Sn
z9bA#y<K)cK?(_zDQnS@|^%#&V52l65=AuCU^z9oXtR&j$(TU<VQC&ovQxg|9Sypij
zUr$u)UHSzhVxl<U)n%UN(Q&!>;oBlOD<OKvRB_vf1WBh<!{Ly>FWR~L(O6bFK6Ssx
z8nIGuYhs)Ow_AVZJx*h}4$<2(Ooddibj7SSF|Pk4>>nRb<<}iQH7PAfuXi_BnJUWo
zHWcpnK6cxkgmi!A7Vv%lKYXz%Mg@40x|*x#izoJc!PXQwEvxB&*v2B=zeNS0VrOus
z|Mm~R-AP3@_$#%)%coSU&}r;3c%etQD`p$?yteuoktUe^c18*t4aHst6({NqF)A@H
z<2x#8%x+YS(3dX>Q`jZH;YozOqd|*~iFrx*?veyRfcil$o#fpm0%UVCew_5lFK^@G
z@l})X^*Cs9vg`Npv6d{qw@Kd4mx3d_w1wyLnsNUiC`FW@nzo`1KCXdVN#bKdK@wM{
zME-G!2K*Ne?|UBK_8RF@?_{7!MopBUOd+u=L@{yLK6*d1-%QD^Xg;@J4TQzv9la2Q
zB^ApQlL4&ahH8d+Q_n<wq;^>2PwnH;9%j3Cn1A&PRaX}HOM}ymS!%5^iBi6LzFdrS
z^)>PObxFZUwI<Lci}|3@o_XNBGL+JOmdqr7c&)L#Ad)LrBAfjHY9k~y>M4O=`J=~u
z#_}3dBH^Trhc(x^_MMT_>`s5Q#-&}S0hIR6D)aIH0+UF9%;WjvFf|-Po5sie4bCVI
z)V-R8x@nZdTKGowyfpGU_;a_e4=1sPa3Zp2fn7#?4b2ZY5nq8Zlve-)Az4Ez>uDxG
zjVqjpZk`-F2_7J4GHK_hYO&-(n38k?tcv@)pg~XybTg&ms@I15IKOf~h0!12+DEM}
zBg{l55=(8DRx&~zesEGM0pe#CxquXmbblwSnj*Z+;E6TgW|c_TUB<bdvN=5$ArVDP
z+T3`x6v)C^BdYX6DI)=*c&QQz*ySjq!`57JznaoCg%1eaIxe9*jsVd&Iqb=lPrQ@G
zBZ~qDiO;dh2|?C23rD$~v(TL?No?PcZX)XkKLf3UB-V%_{Yk8~)S*)klIv@ebFv{p
zob)DuC>C*6Z!4OUZ;JYTocO&1-awL|3S`ZL%zI*MXx)%f^od{~RWODUq-D+E0WnvX
zspfH)xs$~)4Wv6v?2w7?bL~Sfj`Jzm%u68i4n~%>%j6~wqf&vfOf~2Zw(c^vV6vf<
zfnqiXH;o0dpZKKY_<|o1B$s+g6Q_PH1?c<SMw29$->{BZ-iy-2pop5}k4<~mH3wM5
zD<`1GC_pVMl@oNNt!FI5lPPai{2^=BvpWOaJV&{IFWrGnGPfWqT!R6|9ht<6>Fa%N
zocyDj>2MDq$@t#Wx~$g0dOMEcKC^$Eu3bBMty{|3v3>~OIZ?#*N4FxjyRYV3@4J@h
zVNa@LErCS`T$0*0)Uu8M>q{{fhrmmbh{Ovz(Io?3jEp)77A*dKxxO4foY;MN{|_eB
zJznjbL#L<k-zcI%*&_{>c?BcM7eLA!jsv&P9|x!|fL$U9(h1iet;y~x3r6Zxfh|GI
z2h_w%x+?x6t}4?zPpCN2*fr75j!ynvzI6amjYVevOEFyr(T-ZLNhQOhf)SaKvAt?!
zKb8N^G1fKe+=5KktFZZ*b4ZEr&R<68VCN7ES-luo!EWolCMNDc?v7vsM3VppShAh3
zoiD%HJ>SP|?M>y_odgVX?(&!%6T+*f$o7NE4iYPvdBTcw@%b6@(>Ii`flsY!NZ}UA
zvXdH-IoEs(1!4o&^%)OC0=z5$qz}v@4@!*>HU>XAT?&y(o6n<lYc#!cJq6?ooZQ^=
zWA%?S9^?#2EEvg@#)%}w^p`_Lq$X2xkYM|l1ofTXkuES-1Y}bN#wtRKy?csAQY>U~
zI~kfW2_7oaPef>@q2$Kb9KbSx-Yl%Yb9YO{RghC$Tv(Co&KCB}POq8oN$iTq6Lv(n
zDW`Ay=S`zE4&+D`Vz_G*4qeX{u;KBqr`uh)lkM*dK>7ALYo^Rk-Sx5IGI#^g<kH_H
zrN3!`5z=jqm!Ub(jtuj8i)HB`<I0Ks(Dp5vY3V}5Pm2ht*j$G|Q*Pg$-Ho3bPUq=3
zUcFilv8k|^V1#v>`ccv6F;;U70~)b~H@~Z2LGB!<docN7rhpB@<}^+%)Beq#o?l$t
zE_)7j?)2wI8xcoTzl?IzIU%O~1t%+)9H#cb+p7C7wkG8EpTD(C==XDiqCLZn_OO=I
zoD#RvIWTpX+P+e|M7xHgwd3%*m$K|~fBv;6J!{$~`CL!tA53p#zNU-A(o0zPt=fpX
z6-U<>p5z+-wH{a%;N&#3>l#j-uF&4kzC!%5L(8UQ_4g^tbzy*PNzVCqI0<NMyyip*
zgf9D2V?ODw49!Wt<ZRBmuh7PnN93wGS*p9o=HQk$EPc#?eDo=c`oeJ!LlBECyEu@-
zUMbOTDqvvx`0aaxd>1nRz=2rfqQG<9fyfO;nMvJL{U1<w+W6FT=~{l%(bI7aAd_Rg
zW-RUcOo3PI2e4dUk0S7nH5CcKD$T2HW+y*S52`~c^%a3-ti+e6L1V6g$QiNi0{r-t
z);D&ccWH;97}(js^dCp2hMDmRrPK%s+$$OR#u7@I-ecKzn%nH^maCkwtg8T}wahIV
z8D&9Y!MG5*DEFe^f%*y*r`N#7M)XDnUSo5VQjb4fa254I$ds7aU<(w{c9Khcw{(q@
z5Hz*9*Q67Uc+M-Fy^f)D0vK@19ueCI&_bEnEGrtuqY;DL5hH157U^~_Y?cR2<9}6j
zQZpx^{xWaw>tYNNo<j;}@RKM(0MVv)GaE>uDN(5E(~r|ZWZB=Vs=Z;<a_LC^Hui(W
zr&m&~R4AfP4<Ut{=n@HAV%(SaiM<qP82(y%ldqeNri&NdBPPdCMN3}ZkIE-3FQSOH
zu-Yy`a%O35x|I{C>QjRf>vS)dd}@{a=L}B@WOuIc{C9;+su~x^N=6#7eF|h7tEP`b
z-azn+;|Uh`qSwcODjYsKcDq;+r^Krp=rLGMEuqx*$oYKgf2FZ+r&%1IPY-J+#*t>p
zv4gSzX>`w#ot&z%vV&+qcRGq9gTJ9UxkKFG9TivGsW`uN6#V1#>KO>#`@Fei=HI$2
zcI1;41t(qVRUIVup$d<DZS7z>fbPDJ7#73y4|pURc*sW)HK?_)>xlVpG#L$sPN$e9
z5=PF+-t1%gvua=J8K8*<bx|Ljxls<}h^Qn4po<3esv`}`XMdwkbp}za+)IJ|5?P*+
zG5SNB%u6zl_x@JZSjs_$VGAFJGki3)?1Cr<vP5jdDW@z2vPK>so%}xCJD{~7&AV=)
zwJSu0Ygj+JC5Tt*$>BXLdLCy)_X63&)CJBAq<JK%8Xe!Wqp*l;Gb~!*uQS){m6@S+
z3(NX7ikctKm-j8Se1S7Zj}~dkB$QX))<`%KP^?q=f1%`Z1U@(-gI3pCleOtg@8ktU
zoZoiw3g}JKisf&W2S_CR^umFtOiM90)aP8@Jf;=M_Ilw2F6tkB<zKpN3#bN&%6wM4
zj0!U$5gm4MowgiBLl?!Oxb$sDE<fUhp~bgodna8#@?!ZGPG5e<YcL++bjtlMsat2M
z*8{%4H}m@f7mDcjLTW0p!NY4@0|m&|A_}bL3WsMw7^+iitJj`KdjC4a+gWsA;|Sia
zRmH6-0K0(7NP&kPMIB!a)Zivj-UCFr+sq_Opb}Vh>pvPC!b;FrD)!^u`#>}U@6j>+
zb5?)2+JzO2u)GCkxd1NP8WXq1WzaaLETNXe3=#PJnEvD&gRW-D1(8~2rh<oVnTA7$
zP*0wL<ZMAv=FgDB|Hsl*N44=p>y{$HiUf*=;wkR#?ogcK4ut~69SWpKao6JR?oxsk
z55=9}?yisDd+(3To!Qy5=j>)@_R4p^iv!9}&X-x2mWmD*v-n5#H7|&4kOXw8v%9<D
zS@wFHXTMwDu#};V5|)aUefUZWz{O8%OwAdvwEC&MFv9A{adVTCD}KSl!MI$$3tuT7
z3*E8iqKx!5K&ZI+5M0lsTtBEsNNWf0W1g6KWy`h?7fLFpuM5pv27Rq}4AWIv9fEn6
z<qxDp+PFOn5Z4>!MZ(p-?`s7Q>d^=#(e-LDH}mj69vF*7w^v{cH==n>E%#%0DZ$Kk
zxPu!OJ%S!VuS($&hCw5`SNYP|>5*H@{pSg@FGQE2?>}6A>I$N83u(BAiA5uK7wp!I
z7s{lsvF|zlm5Yv7_PPaKro8SszC*uv*^D%;A6YRM943%mRC5Le2+8K*<*+dULjL2m
zXJJK+-3SndncJt=Wnf)GdK7KF;Td-A@m9hq09axBR$>R?^|NfJ^|q%OK`NS5Gc}de
zPNkkrl%Qe79Ne=ZKqItor^X=CY^)y<%Y@W+V!qq@%FZ}R%VnCFBNiTwx=KX3%Vq)Y
zx&0kTCMLpxcY=3$dubKCCvt)88JsP1&Vmu?hjW>7iQY43g!um(4l+d`nU$Xj?-hEH
z%!?AYknYcf+<_FOUu5sZhw^2%X;FkMzd6CovNwh;zNV&LSrVLxMkgo@t$GG%hO*I<
z<cd?du_Y{SmBWJD2+5ZEo`fVctQVMr8{1x07<}SjTNwQSVF$JDR22qJ7yks=ePRy0
zs(mg5y?&*Oz5Tf?SB6A0HH@^vG=gmuyMe4Oox-LmKg7Ro|7I<)g{_~S?)KC^IK)lC
ztA45cUZ{Buiw!PiFBVPKMx^GB?v=4Jdb;yEMCxKwe2C=v8-ngtztVI1NG2AI?@idb
zLiPU|R=pFt*VNtboSBmhvftc`m%As-QqckF_(Fw9ehpD?-C$H^b$KY&XI0!(Gs#RJ
z9sf<dZN7YbwF$iIh($fLgRWg8&O%?6$M7zW{Kw;R*xN3S_B(<9K9%@s7Xm%ytN223
z_`1w858VBPEU(%8-LNYx@B&1Hu>YldZ8Xu^_Qm*iAIqD#rF4Wc>RKt{tU_kWtKTr#
z{d(yAAG`wYGa<}{TEd<!d>fJFVOEDK^`q?$43Zo6R~5&2Yt1lN-8*r?Qr?bU=7G7t
z_z2%d`_SyxG3)RRY0i|TQ#VW}Pk^AkMs=Xu7sLO^40gfuGW;!)j^3GUob*E(OH3-m
zu~q2ucs9W|=8oHb_Osga5XwwG-kCWHrEd*c@Pa3sUi0wtY8+zDUzjMs=a`x-lQq9R
ztOp{r8+8AaOK^|3|2Zx(#beI35r+E<&7;Y#5r)Gvjf`SrF-|;F!BbA1%5Bd|7op$F
zFfrS_=|c~|h|XVjIrq^dpi0rteQ}+XZGIh)+!xif*Zr!$J`1>p%6yBRR_jG)q@MA}
zM5WJ(fo~fr(`z!A%YHI{RoKGi?a+wQ@ag@Fb6~hKHZZ{&=_E;X{y#t7DcA3#5SD`0
z`h?Z8JDh&NQ{Vkc!Pl@TbmpX*(HW4eKzSL(zHGV-p)TM~Mz7VO%783*KU)?*H>n?8
z_;YZ+q_^d02s}Cjcls~B<C3?dkh$n5j+85|aE*ay2C>TzIB0Ho<Z)WRTaOr1W8EU}
zxj;$u)tkOyB_PGK@}WBNz95(A3Q~Ts1evEe#`t4J<6a*L{;fXGrr+#GWBQ$k8O6b=
zo;@nmdwNCzUbvUQxC`+B#9Q;cXCoCc_ZOzC*N?hZ&NvH{Ty#q@88!hgwDe#|g?P@(
z)q6*=N|LEse?_YZ&BKi5*p{tlkRfCSIp%8e4}FGzDvFo1bxnZR<hhwIl(u`;BiqSl
z)U4nk=^qhFK-u=LiRA5&2}tn?{OB~ApTY+S(?CG`t_Q-Ndo$<}nAFN+hxf&WkZI{T
z)}N60k!s2BSp=i*8ONRlA5zRvwAh4+Z~xIVkm3>1{b8h{aS`i1)7JGx6Ma(_P`7Y#
z=bLLgvK6mk(Be>%ieo3TN@nLIZ!3Lu0vmBXj$?nkpQ=ivGAs4(?=$LcK#Z#2#;^Zi
zS!UsHV~-n1X_0biCOhv!HE&*%(Uf{}JjQQj`RKhWMCX>ZHphM!y4z>D;2Q8&8Ljrb
z_FtrdUZS?gb-S}GxnLF*_FZt(^Kcohip6#GbarI;WDitwJ046Fbv82Flyp{FlXT&r
zPSeBjf^Slf4x~}P!s{_8%AmQpqzf)A@)(T3r@1($3$9lm`lw4^uNZYL1F6x;brl|k
zoz(;Fmc9nF6%n<k;@Ta34el#S)mIad%-M3Rm%xGhCjmLf`FdDiBC<VyQX*?nTX&X)
zQgnqjIS!zuMe`1`ZkA`?iC7V#jiaS0AW`fO$z6blP}91+qTv2J<-hZr<~dJ3S8|Rv
zmC#&KA#@=}GKgK+y-%B+JF<RBW-{8$_na1pbZSsVN)l2IYGi>HgP4DbY>@T{>}2%4
z?C}MA?s(LBWPExS8E5+@SY*ATlPE_avj{Y)M@u#k-XYTZoqXn(t#;sV6m;zlVN)p;
za>|6m?iP`)!-)j@FbtV(OYGD}J~!!<C@mKvSMe@91I)@a^qvqT8qoi>{Yy0FCt!?V
zWtQ#UCLqjgA@8s)F<{g`m4!I^L%zrO5fI+%8^hw=9>d+Y%0`d`FKPfC(If4*2t7N3
z&b?9phJz~N<d!Nsi~4P0t<r=HRFZ?FoqxWc2G*Ik6A&#C+}%uhsIp@jnHM{&dTQJK
zOd6Tsmm%zw4RE`p?16_XbGn6f55K(96UeZzEqTj%YAgIq8k@M6gz!Y+uDEXF_Dm>1
z+YH-APN5cXgJ$UWV|M?pD1sHP2eh6k256hIp$V^xl%IlK@(N8=#tIjYn#U}MHc^^E
zLuWzb;z}aHmwP>%Hm|Tp(3kBZw|+O7MaPl<nyigTHNMgjm7^s0`y_cSq@>#b<O&%G
z8?!u~e^wbrM<su_|Bz-dR@M2;3QF!RkG{q2b7`(;1bw_q)C?Q+mR7#H>4Ym-cy?+w
zS}lDP$y<t0xBj!h5php~t#ZR~72D(YNPz|o?|b5&tl5Nx{3Dy{)I8U4RvT&b298P&
z#Wv=SvQ*q&L`>arzy=Ln^ErRd`N2>psB{{NBofNCE&uS`IriCO`D@k=a*$sT!7$=H
za%=bLE@t0ZfPe-HzRYk0*O+X5Fb@$~`<|rt6RpJJD^s~f821%z&uRK~y6$|^=mc#q
zF&o>tl5cp<B-0(XS;7J(GcVuFE-uy7E9aldAyd)9k{*W9$~q=r$@MN%u#r98EO8ZV
z9c%+D><?Cn#;?2r0#*Yg!9~)=`Ko^!qHG|moPo(ZHTt$**e0gfNcsoT*l-{0Fu6;C
zeA_{WB3pxKoXY7%DOqP6WAmeGgEF7jQi8gz5-l@5H5RQizd%t0+V(j|N*zN<4&Fm&
z>%>mi?;jW}ioL{NjZd}mSOSLqueIT<VImUb#AR_xn}L&Nkt8*g#4o#)K0B1V-AFIE
zL+<lS>#0`#`;qIC+ol9Lp;l3JpM-b@bg>fj$<cKUORhxmHzI@`p-T(hkhE@U_gL*z
z-K3GtFplkEMW#ShmSV+ajY4}G4p1nUUvlaS8tr8h`xj?{8@Y)y8lHZvDCJ@!!x&FD
zRufBBq@<HAB%t3qPsWr?AZkb;-5;wg<<ni<w$CO6Nxgmo^d@n=%2TMWt^v#P;P!m<
z!)|_)80P9aSEvkH+m>J0a_wdbg#jf{S?<u4-=w1VSq4lRKlh9sNJLqE5Q0qxh@C^n
zZ){gnXd{4t1r5ZEyKu#=ft1xDKe2;@0f#CQfD7vDZEUFY&!ZRhia=)1XNjj`hziYh
zDmIiZ3}k{mM1;^5D<;d1=q3<!nnqD0KzFE2Q=<|Bw#G-g1_Yf}QdEoZ0J7u`LC7ZQ
zz0BNz9lUF{pT6bP*QLdfS!%cPbnK%KbJ5MHk;@2e@#(N`rs{!K)VyU}?=>S_Z{xwE
zeXu0>k-VnM1?WV5&0-H#4)g6(YNoDX@C4us;tCx7=v8L$L=aOo7dNK~c!GqSrpOq(
zUtqU-AYLP4nY7Co`)^SA6jWc}xf#kG(#N9u(p-~anKbow!YTCQ=THsB@vHvWZ_@~F
zCC=gaD;$Q#wb_b*epf4*-kjrlc_Ceg7>XBa8?#*CcE-;=bU-@L+R~xNTDT7lDG+b^
z;mS`R-wFp9EXx#c1Lwx?0OR+F*CfK?ttzHfpXV6lP5p6FS=CHcZg2|a5AlVe(YOx|
zA9FsNl0;;4Yzd$wo+K<8iO|x*fAm(40=QED*mnb1SObK9;H;P<2!!KUzCKK}Hg&l}
zqg)_a6v12>kx62&Fcc6%%}o`UjCk!U*_^BqA(U@=n1g$^Ih+DX#ckul(T)2<rU((E
zuHM0gn}u~`0`AZrTA`hWxB{QJ;eoxvVvr5oMF(6(bz>e@)GNh+r&77wEV>$ZQ2gAv
zydC$crM`GL{W)-gy4?)zP(=wU7}haL{Vi@z`cpSPeGSJ;?A$rMxamohtPW$%M@$+)
zQu=CvpSb)Gw8OI;2wP6AqByE8o?9dkSI>~{@EQj-vkmcj^fS~o?Dra2;|%@K>IqWl
z7a;Uch446ePVc|BZ%c@oJEyMKa1YFQgMQfc1Q8EAdQSy`pdRv@Ky*#oa}sH<v3}2!
z5IQAKbN(a#Bdc!?R%wjiit;ECIrxiCjnWZa{51<f*L14=PZrJ0M?$B`h7E~;c=s@F
z{UPV`%WpfL^U^Q+dRYt<*(ZL4$)G_;xAT~)!_9|7b00e}PhGqWZ`|Vi;IYHuX4B#3
zS=1($My+?5to`)6?*#nz5yT2d7$Wn$PoTlBUz=XvcNksG`<fa@@F_0dL}19&c9n`_
zJdY_?R>mzWbvo<J^gEj239#4KIHvhHfNx4l>!Yv-SzO-H>I|}Y>7%C)65F(lj9r!d
z)%++OK;`+fB5w=J?VQE!oJ{6i#LcPc<B@qqntbNEY*YztI4tywJ$Tht!NHYUL{mvP
zN#N_xJjwp5Y74JVL_rnx@ga+$RM+!^9N+eYqBd#VoGzZ+&b<Wq7Gv92{Qx&vZca5!
z%QLZuZF)2W{Bb9>@slsL@gxg_zu(Ud(z%_p%Q$HZq(0e!yUf5v{BcDKg9@NQKDXM3
z?BDG(%Jv7c&ppbowbPY_y_@LcO=W7^TIE+fMwBb{4f=9%UgicdOBuwqcul|}MR8Yx
zGEQ#@8k7s)E)251vW&NznKn5oWx_;S3k7pt%;#*CNDvI506G)IELZWD64ow;x8Ie9
zK>hu$Yf8(k2b_2Bw*VExICFHF9<(t!`cdB_z`8PU0wmm3OfUup*b(o!h4o<VmIMyD
z5S-vgd+{N!@kgX!3hY(A?F%?OmW5hmTL1p+PeI;7A9rd;9R}QI3H}0}5+Rl<{wTE$
zxmS2Q=&B0YQl(Zd_V3K#&3W!~s?6A^c0a8mx7Xj7_iYi;8oM&U<U68BJN?WVri5Hj
zOwbbjW<g;~U-M+*T{?za7;V0^y77s6ft*2K!qUTKx;0dL0#V3FcBvDdtxobb8bNp1
zsZv#K@#6$!c>-_l-{+w_xc^iR1!eGBG{x>94X2JkJaGsjo3b0?_A1b0D>4-IpDtn~
z!V<WziplG3tm2z*v8LFj!5UBAGHcnliA6UAdyn`;y6Wwe9BD~czamH}%z-xYE`+I+
zkzLX18ea1!W<mow<&fMD%nsjL$d9Cwn>yUubTx=pQDDT#?UJ^t3NjH}c$hu>--}q8
ztgP|ABiC8*W((nwr?kYxH`FxO=x@T`I4cdKli~1uc!>X*(sw`58`*a~@Y*{E_p*Fw
zOGliu(=GR7KUMfK+7;45U-+HdpP*2?-nv6%<fra$wKo;^YjSE>;lRX%t}boud++6H
zaK(na8DP8@dkE|6SDNe1u$&r1qw>p5?|1zLy|`(8xS<0P5k3DT&`91bJelN=mY0}G
zF~Wy+0+WkqnTkvFa(b?mlt4!t0G0t9eNQge!)U6<A&184sfm2S997T2gXlDVKSq_?
zs8!M}E`xyYQLA{fQ)li-&`LDKWG#gOZ+z5u^tk$#Ody;@z_C1{_MI-jaFt|AkAuzB
zzcYOcs97TF#Fgz{s9%0kR9o82zgRy>7iY(DdSS-jA`d2_4;&+|wT+kMLy+afpC5-6
zDfUYfK86ecq3fvkDO47>H4Ux_FQI~{iiRaBIin^yp#9x|ioCdWRLpg{YFCXm4`|ur
zcFo&A86HqYzl+B=Yd0RRL~JGzZ}K=5a=h`D&NP?L+%LBOm@GDN?C+W?to~_)eIMuj
z_Rv^!S$))<g*FlUBlhHnjvkt68Bjcl_NME=6;d~lu=gMRioSt4hogE;<zXvi;ym=|
zZhWdEXlGbgHS^=f<s*(s(oPfo-koU0_hTzP#bL8JTSO$~C5EDv7^Z@OZ)^e=#;3mc
z;yU;UwyRjM#<b}N&DrX9<QywZgvE__^>zWh^bM$8GnCbKGjtP$ThhMAG?FU{#w_gs
zYXO8X7C}*7?=F|-K+)VYa=84vyZuMLm^scc)*G?cE=|nbsVcNxX0yy$oBZqyjH;cE
zJ;$7RYfD}u!6B~Cf$$IyK7LQVEuvt3$ru3I2<t+P*TshFVbAepHV@QOj#nlF6pUWA
z62Y^ZADh=&kkSeO<EEYH0~Psv7gLUs-rf2NiLB42Yv6<HYu8FQ=O|A@yh-D=|1sv$
zo%(Si0NcZ8;AhJ(8zg#K?1x7aX8$2i%!Q{`-kJdrz4BqI<6@Z5@n=U<mBx$SOf=WP
z&FvrSL&9gm8b&dnR&JtQXgQBZR&VI|L^mER3K1&jL8UJ~S??<(-oqL=a(t}<lV8^N
z<KOu#r^YO%Vhc{iasUSVi0gxoOoPudzVQ878G{%J0PDl}L?f9Yr3L^)=IwhylwH`*
zQ!fIxPI8k#P$8hqwkiCpcNU@1-+l3v>7PIT;!z~|Wic!31hm=ph%U5}X}x-rW~6fp
zoG;=Q66?rpTnV7`_LwS610UtbapO=Xdt=1<<Nx&;V$@T=0g3NU?IdA4+m+*gx`zbr
zzOMg)r%dZVS)Q6b<2MKEvU$I9W@4pZTqsEQ#ZL(grdikg3`oD?eY636ovLPl2UO;E
zZ}^eRlBu|9)=8Fs7A$3eFIOV^%Bp=P@{ZICkNTNIeC{zOpObm`AT|0jl~|q25JnYQ
zS#}?<{fqgvj=2mm=un;)HqHO5^fWa16vf36Z@TsK!>3ZZ8^kakKr&neDJqw~o#n45
zp5`_iW)=Mp>n=>z{6fSv_D3+f=y)eju}j|AM}Peu!JqMme+EnFh9ibgvk-VCj?w8m
z@)||9nuCiD<YW%uJiUW8O?<l1Z`ubMM)s^VPvWQIv`aU=ZX;n{xy{SV0E%Ugzr%{P
zgBPEL3^GU$1c_}^`CorAn52=3KI#(szJqz4&$9Mo@0I}#tvHYKJY40aV9%-5lZ`Ir
zBk7bmrPJNdag0FbVJSwkr{%~~E1tm2nd%7kMh}e`YR`l*=T7(yC?4y>>~HKzgL7+@
zxXsvhwStN9lR9?6h2N*&-NR*C2Dly<L_a(<)y`emGh91Z)Ht|&c(_Wdo!d%OyR29x
z)HKqWEfL6(a3@-gBTGnCdzoPD&OoN@R60~9T>ibb)unTGq~Q(?JErU$%n<u@3&vhu
z;KDv*Dn;pDmFR7X5&|4~owD9VhdMZWVOw5fpD95R1r%#G^fq2E@-!24YKuj-nucDJ
zfZS>mamfN&)m^X#lb#(}VnH=u-yzK2rZcQ(1s`-)s)}yA*wM=HKl80|DW^Ltu<A9j
z!9M)A%-qLv#k28iH>*>phe2`SWeEC@#b6U@mF~V=<hXGCq;MU5!HM|q^<XiTJ8kA;
zTk;ki4~d}0e<ueo*~Lc?PVq#}!9EF0^WTFEQn6Wx1nC7hnd?Ld`9sAN;i`ruq&tef
zRT`5FkuVM=KkDeJ9LiA&Ox-)y*&exEM<IsDm{i)#=H{e&fsGh5u%ACmU=x9ukt)xw
zk#Ix-a<r>kz82faRm~Kvk^t`C0SUfcPz!pgmgreGgp9WYN4f^eXL*?j-PRJ<7AH-A
z>K^71zp9XHb>^_4GbO*Pe)Ucj`^lr~faQ-$DURkeYY90ddQR+$QIr$-m%_hS6Lfc|
z$j)1-fz+-^>BCqVINPfvjXO|RRuFFn)c}2HInC72N7$(YHS}Ev>Ww4hKpFB!YvHDt
z`<?&D(q}Ux39%pAUciM*TE3h;vc0Jm{qIWFyh7BL1`)?fgbR8jt*{5|%Bv4`%)yrw
zmnRah7>b$laHudu$hWsVyyzcl<fPP83>t>(R)*`DG!+h4rwZ67eawjMH$+EV#aJ!x
zA26+VT<ip%E<L6K@)nPeskStz#~a16efFL|=aAH>u{793n`N?{`N@SGM-4OBmlqnJ
z&5^zd=_Qmk;fF`Nup$4eX30@D;$xmlu5PU&b@mE6g_2M=J}RjtQeY<s6W4wG_p*^v
z++WK%l~}vo_IV?&e*2aL^5g)pMZToEJOr1YU4fVO!R4v*S*K$Dao(Sn@_aIRLi_++
zro;-`HDmEMl!#NFY7F9$A>VLpi5v#Ox*u#VZ61wO5^{-6=xDO6J&S8}w=pAzJLNvT
z6neyMIp8L>(`9b%H36`?Xok58^6^D}67Rf>{`$lIL36m}asEOgvNxo!JQ?JG)7UNr
zQ%SOp>|j~u(Z<hcS37=ix4tF8Lcifc#=d-ucvI^wkNiVWv*KJHv;H>*rV%~PJ_h;J
zIzUf>;!qXfEx+)cjq@>A(wgtbDW%M(_9AnDW0~}?mtth5zYZFHl8~70cYq+|zu5np
z3mKO+m<i!nDxMmUn4j+eA2G2hHje`!Xz!!|cOK*>`=Tr6eDvb7Q{;hsvXGd7Ab<l#
z+(#`g3&2<XIv2p*H4cvW%zMgmvR(<<i!?XD{FUt973ca+c1`nbs54~}KS`aQk^rPx
zd&zbHrN>}A3XCPFt7Z9g?+=OjvmTok_wnqJqkD(vUbs{MtG`TFy|&6`5as<f$s!rP
zp|2A*{4Y6tTBTjd`nK`(=d=T`(_imaJg*zl+x?HAbcPX*PT{vPllQU}%Vq9Z!e9}(
z=+K_VSbk^83cu)vrY%SS+%a)x7>ULIl2Mk+5z2>x=qpML{t;KL-jd&SmCI?Y>V(l$
zP;@zx&l7#D4aOBFr7sWl4q5Y;(P6s-LFe3M5!u7?5mNVf0zbAf#n2>jPMz=&3tk&h
zP%CMg(pPPL>Y6xV!x0w`#t96@xh$~oAw-UH(Xz-K;F!HUP)`t=iGm;N*20sZB%>m?
zWtkfYHUp<J!8pWNd4HndYIC2pY1}bRcq3qbge6qjHgZ=)q(Y1%)8~#8)+9U;tTrju
z^)w6&>?*v(c6U7h&&NBpq5D(J4E!R_O-IZvsQ#)P<{1&BOiiNH#^YW^ApK_#Y8DoF
zcX%K1X;{@_PhR5uE2geT3d1&PPPa$$_wUUxn9)~RkqsE@qYxB!1Gt}QeYwV<N(esW
z5Ip_avXVr6-6?bXER<ss@$d8JO&H9EI;T%I&`{@fYkEJFmczMLj?Bb9(x76K!W(z`
zESp22@Ksju09O5#+5|NFS^xF4D7|4-VzrjwV%AwIB?$8DCn!@1h4$CKE;b$>cscM-
zfyd0Mlh>)fo^DFcm=h+IscJnxR3UzOkYJyJoWCXTGF3=l9^iQ4202j>Hfo?JK9Dt;
ztqE{8h=+ltaiZj{3p<(A#`v<!B55^<lwi&Zc+sxedVtxOV$Q#1XzXt^(40H&@?qBt
z*3h!NK2b@b0wu#l;!qEFPKqE~dqaWZh@h2nSHXtq9a4X8CPtTT_4SHY4^H^x#CioW
zU$CfIuin)t8>G_=V3;}JRp!SLeA-8NrWHx5001$pl&S>`=M4Fk-Dl!DOi$H7W(Urj
z_7fJa^%}O-3tj<17OIh=7k{c~RGLOAjy%eu96L2_!3$L*u_}A7wVb>zdb1bb=XZj%
zdl&Ib=Nt`#K9Fwn-zJ1M<qhDjkSM@5hC^kvoJ*uZUkJJ6uX(*CdP=$QM+-E~P#Fer
zm%>~#Ff0GQ6;%TbCgjHfaB@t5X}<#UddyH!243a)1|ZYXbZvK^7h3Zwi`RUiDks3D
zL4*;0XX@|u2B16IA%>akzMm_uwIv+qDkLf??1qwlbfmeJ^3u;+8>k`?;D&B<(AH1V
zC-*LJZL0MZeiZnT&#>`6Zl8X<Ia^HNFxqGTYq!cc3gRqEVAhccdHucU>BR^NB<Lgd
zE5fR8{4EgR3kLXAW{LhyCvQvNA94?GcRIfaw+zfO0ixyr`9#vE8}3?KzR>wKR+I^o
zs&G$&21s6=x@ohnKD=74oR{>128BMRaT`5sOmw?l+E9IMydEjc1;Z|@p~>96DPzi<
z6-lS^Bo9|gxIYl})!*Kr)2~9^&JjD6cG!x`l$!Unck{?Jfy<7n$^P4VlpR&Y0=In-
z*X}cIj#Z&}St;x_9`d#ed`1+ooh8W%=9}18p%i2dLm>*AvB1q4rS79>%9SRQS=_mK
zJR$1NA&CdfHk%t;xfOg!=ClrZ%pA{OXcMOH_21Q4yp({(e>|sbp`LpG7z5joC}<2E
zm5sViUR5Wb4pydxnctb{>7f=nb$2~wGN@Irm_wi9x1eG6L!FAu9#bb@Ps;&xRm!yO
zf~o(Jkh#3;9TNO(F}9H!{SfKLelax&krTW~!A+GJvf9h~L}%2?0S+PlGL8mpQlkBq
z${5bdplT!6UM}V>ICZ=8MHR9`3;abZ5YFm_M&X3!-ZkuG)J_MHR>#BIW~hJlqf<}G
z+AzbI6)7^Z)+NK!<wH~DPYV_5cM5UIGD~4jc&`CeZ~7@hnh9nV8vTrY$ui!^&wj++
z=?oKUg*b6VboKcEMaP6dHivQ6vxPX7iq5%xDqxK?<<k#x^~r_6%#=#lIiBt#KITGQ
zPQStUU`fp+>THp~1g<4^=?M8NO!eoC7c#trh}vl8F07PmY{C$L>A&ZRgAthu(c_S0
z^>L=nIZ(vG=&{1_srzsBp#?jPQC_Cf1e!cELRIP{SrgEf_J@ctl7+y5CcEDdMz_1a
zYv+P6{JkqRSOt@c1L27~8Adhx<u|#KGOYR@Ss;uP&rZd==PT0g?@}ECJ_syI8l7I6
zK{K3Fgy-!p-Sd!#I}V5rXuLFYGtuTp1AuErh(&PUzYdjUoObuH^B-s;0C;;Gzbaay
zZ|2}X4I#*=8g;h>29JEGQldLl)uu5@zpw;ukI~LE=xn^bQ%lmeX}qP%LG3Zbo?75d
zul8%al@{ho|8ClN%O5#H39$&Pnk1+Nj9U(V*UahMXKpSOOJBQT^bt##-erXTWh6pZ
zJ1ApOX679|Y59b|V~+E|f{(9*BfOd_{1q^jG_%GBS!dj$h{V_BmKnbEPRj?>(>Mdd
zcX%h<MkyWzL)J!<tovmk3eE{3msKnb?J;?y=Q5r1;vRo%qX8`+2bFW9QQ1DCW6j^P
zne+`HzJg0UW#zfyso&rfAFY6vmgrcqufWfukjGd`!Og61(3)?@6jb|*WKJ{%2_YlJ
zRf73G;p|2)^H-qJ`JewaLRbsO{|aBxC2DyBoCIoz>s^&%>4!Jvb`-xvT$ls4`NO+b
z^r27Ao@Yh`eXFj_@U52p<+)yFzbNj(6TW%z@5M`C#20X!#Gbs}<15lov8!kzT>K~~
z3wz&xU1RYY2xZ7RZT65T{(XyTG6$BoBPrninWuE-&ENTHiaSk4HVw?TqJ(Psy?f7Z
z+=Fh;p6oS`&k0pLf*6vZZR6SF@N6@XUqQ8vv+^69>^Vy1!>z)6@mk~V{{(MQbr6aC
zH_w9Vfrm0KPr27AmC#I<*Au~<|0i5h{&y6SIi9*r;9JJw{jRDrfBQXwK-}u*!Q;DE
zVy-m#tdnN8(wSP05pOvqr6hHSC@iGwF6vPI;w0XBKxTq44X>>CMDCg$I@u;zeSe(4
zooS0lZ~mfbiO!X@@UqG*U9G7g?PlpwSm16jX$X3Ya=6*Zr1`cQ<!I9nO|mN!&t;Ku
z?_M-fsQbsYukrho#`=Pcm%EPnfwY&eO2fJzQjQ_?1V$+Jq!d27s5>c29`X@f@$3VK
zCgTVOj84Kctt8nNDfymygZf04^x6Rf3xbH&?-c(XYrUGNSpe&Ai|=8&Y}ZK*c!dp*
z9r)gfJCR>bYVGg85L0C#*UyZwp<Y>hNcn6tO7-y3Sy9|qD)h@mzac))j89GDdVd=D
zI<2{8JEVj8O}VGZQ7_AkPqoH&O5Z{zpJk1kanzS`P^#Gn+tR&KUVacvi@jqVIQ`~`
zagu?!>g__7Vim8zdzdnNhv`!IkLyoF_^am#3!?1w+t+XE$ILa#)sbNLv8rc-=RdS2
zT{JJ9;m*{BeQs<9)2sGOJKc}{<wU?@oMr>10KKVu3S!tXTEdx{5UZJ6nYQw~rDX->
zckSUqL(UoLDt}W|KE2$gYpo9pp3RN}7(}QN{2S8~=fc4sn5YlG$Qo;L(IBGj&Fnxf
zvWD**HQ!0Gd*YZ}Qu2vZ>Sn`ie8q|%e`b7icNcZqA%HX({Y8Dv4GVj62JG=c7G}-f
zRM0uMd|6|&8TTZCWm;C!vcsKhMZKe1lz*XI6?LML+UNDSClS~(eHi^Xw-Km4!p%4E
zrh*%N8H9<bM7+!70W|I{(MnGA?n7c6reGYRsLtJadt~@wvJa`fJq2dUM&S|OV6DdV
z$A1`C&Z8jmz1^x8D2thPL~rEXlirVmT`y1@0g#)SR%5Y!aE!=w3nR*8VMU4mUl;Y|
zvzjG;t=zy83u=5<zUb*Z6}!+Bx<_85P%3_o+dZ$0SA;CfD*A1&^6X8R%LUIs_zW`<
z*)1(5#y`W_l@2DMN;XP%>EHV1NZjNp-t~-o*!ibL{+X%+oS=pH3YYe32<$tmn1W3~
zo)t5^Q-8%~N9D?t0rb#CTmGE3W-}`v(wOjlizJYtA~A|g0kuQ{RW3+(50I7+$2oMr
zNc*++iieAC@qTf%p*b-MT>-VI`7~O~)axJe!HMW>r4~Q3zk>A{Q@3k&VpP;BF!MHZ
zjel8Q=IJA#^CQ6Bz_!4w9ej%Ij?^@R0|)X<=?-LKI|8S5W!jCFH0&$Pvhd0#bY<*t
zd2Y^(FdQd~8=|<`$AJ~DoE&{h7c=}HTKkmBX88FB(`WS#c<Dw^FVP@>4bIk4PXGSV
zH!y0kvyqO+Zpfh_NEy*jtqSG-Q}Gd%$8R(8XAYleI(Ey9NIW{TB|Omx|04C+P`TNb
zubYDn<@7x3-34bdaDkbCNh($7?_2Y6v(~Z5btWlEH=xLak!Cn($xl@`;7(yC#IF^~
zu(r);B3-84XEmrjj2fN{T;ggU<52OND>jSp(#1fm|Co~bP<q&AsLb1{e`ye{?G*M7
zB=mP$3%j(OyjlJC-?zJWZemWmA5)KQ8H$$5$=h4SMOieQQk8d8835{hE=~Vnp7aW2
zA%<g@%((Z-_z(~-ztJE*U(Q#W?z*@&duM@5b>9FpdIdrMFG%XU?xd|sM%jDvP#}XR
zH4)?w#Z`|sZg3^_?vqdxNX_9YJM>8vQxlDJocgJ$@t4C)1eHVubPK^Gf6_L0Wu}6<
zeA{iTxnhO)PM0{2V}_*lgOp_l?O%6W8u)^|obYp<RA-1E<<yIuatIssmv7|hK0$`+
zn+o_M{-<e5o!pjR&*|_){6m%$GPAZM+FyVsmnw)iP_<2xs&d)w7Bb4bv4dRV*(XVz
zr}*N2Ma|$n2Z7SF85M{vDPJC^#D`MGdD2!kA~R~29!<!78KO&69K(0<8$GGrx?gK!
zjF`WxYK>X5g%tb6P&+*E;m)WXs)ID|-9$ecNb&y78CZI6H#*EQ#SA9BH~1H{xGbGS
zna-$hOuZMm5av`FCsUjv^WADyYs{HvuXtbU80ze+0GC(@Q$`t|O?S}{IKg(xF|MBO
z#y0-J8$4ezX784)lja{6QMC~E=B`T+I_z1y%HCJeC`yE2ZS|LzK63Og6$ZS&FqvH|
z_?VpfTz~dcyGdzXi1`;Xc$**^;j&zbESc%eufuVw!%_7t|EJ~a=bIl|D^mjbXhA_*
zz-nD$LGhd|r*8Q|VJb~RpK%-UhH1nbwW4kcm2XqA1#5LnG(IK4cQEcKm{VTVbs6eW
zb7>4frf{v6-SyjwVTe{_$j&rGwG6dVlB{1F_@Ron_pCo^#4-Vabsv#f7_0@1x@d17
z1=a+w8Rh*l&!OKGf6m8BsWd!tpjtq)$nyV`&BbbPu@Igs`$fXKGk8t8wc?ofkXaLN
zP*A&eZ>S687G2Br8(q+(wNif0(H4-$`z^O=vs>RUdL(h!xq;On3?y0k$ORG1Eb}bc
zjoXcNxEIeXE8DxT4mwpYr_nc{dej(d!Fh@5QOVL%@bF?1b6B62zlsXKLnU)Xc;{f`
z&SB7}*0b9HxtSTdLmi6yRunvKi^|Y~?2d|gT|cdOwTYxJ;XQdJE|UZA*M-uQnEaAC
zI^iG5fzSJhPx=IU3o?Kx@LkSXpN}kBKgjLI-a+7Z?BevhF5t^jAE?v&-&(}{Dq>d7
zyHSM-C)C+hn?PpST^}TaHHe=v2)^QqcoVajT_KvV9}hd1N6K9uv7VB<bscww93KFR
zml_)0o4*0_?|m<5m|?R3nLznX#L`qiBq?tX%EoKg{_sPeT@gF}J~p+Ee-5TT&+txh
z)E73pyMpXqiT41qyk4w$Gi#>3#KW)J<)jOKu_#y!Zo;}a^5m@emQ97=zNo(|HqSF)
z=`+9?$KBh1uwjiP%J)ww9KuPkN=%3zuGi1F@Q=qo{5;;}z>xz5wz+qQ9^3dVc)wTI
zML7lO9pst}n8VLkZ+TpdpF*>Sas{fED-@+{GR@G5%EOB%czCey?P6lR2-IWK(Cxt+
zXUvq8=62*GYuthIQiy78rsw*D<|BKQnSM9O&~cL9$yur`r4#<lm9E%7+_+1FIR$8q
zEkkjS%-KTH{T8TCBhpZH5+s*jaSHC@(Q~qY*I=Xa67K3>YWXfV%-g3lMPKS;PxBzk
z>P|??yTc@?eWd&}^%~x0W%StXDArXmR<hcvD`DvXSDwN16`9(0V9T2A=3Q&qr;}tJ
z9K!|4@3ZJkUsn2tay2r`K%T|v)jt1dp(yE)t>i@gZSVKPP2VWLt^Ku=C-}9hv9tp#
z+1#Vexf(^ZtNRhfdUP}gf<@cY3f8CkHzfpDR@C-JudyWy+R|KRk3x88Tyo<Sh~WAK
zU8&U&3HLTo>mUO8Xu{U-?i^Q+_U5*wCT9-#ttH#z>D&jXgkJAy4}=NgsP~^8L+m%#
z{xhaa>Xp03o(AH8f8<s2XX~>CmdImO8=>EBeIm@HjO)>OAszkwp`q8U*dr+?T3xGv
z)ntTL4_2X>b2mlK^>$$TaFPho{+vGS=p}j-sp80JS{?5c!8u)el<d6Cl)>auEASzP
zO1kGX{G_RP?9YbKp%j#k^2r9At$@{HfW>2%G0n&Efi;b=aip1StfTB5`^h`$cI)o)
zV?>|D9ya7X#{vmwW@k=wDqBDBS~6J^rgnc1=GnP-1%dHj=3g5UZ##;LgDuBb8o&KB
zU`#{xa{mKjp>z=^=2^0`dNJBNWYS;h8_}IRWU8s2x2AJaHhP1BxrvcB6}iYuCj_%X
za?gpms{<OFhy4|3V>p#ldC2=N$agqMvzWPIv7jE#=na)$h?i*;N}xR?+N~}kS)wcK
z$<&`*2`>4%07AyXeR5NF=NZ66@QtnoPa#Dh)?1D=2q;|&RW8fxbR_;4Rq%}-XvB^B
zhVL8AZWWrSel7HmJJ2D0q<0a1<3L4ikA5i>OnQevpQmj=BNuJguaEAv2ea9H!{R_y
zzaR}8+Ib_<goAuRGU=Je=kTlR&9)uY$g=eJ>G8L2_Ed*!JkdLEk{fZDzftWDiWlh)
zCD}WV9p}~W7pLDB6u241%nWVFt0dD^RNT>e(NEeN>75u?4<FFC6nBmZ;QWa-<lpD6
zg<2;r1^jTEAs}Si`==LWlyT*Hq-`KEBC=ebZgL&d$CqWc8ey7crVkGsXRG`^u|ufc
zyy+alkTQb5`@}M!Uwq}uAu50i%X-u|z6Bf2NYDImnQ!v%y&)wiY4{ye{rmF@`(bER
zU4yQR06gdjQpEHw8u=T-*+4=}x2zl>@H#r0v!f|WZxJ=Q5m-Om;o`C?X5AIEwnbU#
z)Zu!#BsNzYv{t&LHz0%r`Gth2eYC=#^Z~nblLyoL05C82M>+7IWQAYN9oKMPuKA!~
zh2QDtLfZnreYuL=S8NFip53Hzj;`nnbpdxUeE9dex*l5kCwYKc)<V}Y^<!<kdHeB8
zMjDzP7eE)=`DsF?_uxPPHQ60^2|Wv){%oEX%1oFUUQ=xAyJ?jd%k0;#rY>>kGTd#j
z(||`N^-2(9{LN>K%>7#?v*~E<4*psF0ONuMPvRtRm58?K-FCzdC}Z4b#c=pb0Wx^q
z&*4YRz`eZq@r~OygcGan?U9PZ54Rxow?{0F&f9#V4425f)@<+}vtrXh>;3y}0-LT8
zm7r^W>Ded`P@b&}QW{sQ+sFZ-fdI2T<NC{nEA|UyR_rm}5aq1tK_7po1H)R#xAGT5
z;O%Ug3I^n9-&xbYs)`g~yIc3lMRIlWFeKIA<6{c^8Hkb*9uacaON-_$$!>$VNuY2C
zUHq>#QzL6|%0#ZudWYoqNm}w6doQ3vS`O=R{-L}<rEeVa;GeYk@A2?x7`S*$SwByM
z(&2}i0M9Uhl(YeQJ9H>fsGM<MzF)?1a~sH17@^L(;j{}*b1@mngs%cL{ivF^3l6NG
z1#*s05Vh@FqugJ}%^$_SS18V&U44WgJz6@qMm2h)%6X$!uKsgfT9BD*j9%kUsN7iT
z0wh0EH;)w_-0r@CU%f+|9d!XEV&Tw}Q8xSdx(fP+p7v6Rx1@CP>rdbB-)>`@(7)V0
zck=H7;3Fo12NRwA!62G?5&2O26>S+8hUe7-U)QDShN|}(cq(5jkny8Q!xFGOB`<@o
z55ShdDnV%-zX*TUJ{y`OhZZvnl#q5c^gqnr5?zS^lxUpy-yxxD0DL_0pK$=~j+|ub
zz#ZOh-Z7Do-++L#6dkS+C{x#-Yu^pQ>Zcnr@DyL=HmI-ky&^Lp>!9M<v{G_-140lT
z-hvwx1w<w#aHbI!R!(uwc+HeV0Mn6z%lRq`HC)w;mrWJwi-UYBvkH(i$n~FP><zsG
zVb_qQgiGq2T}Vpg*)1J(xoFcRo}%<SD-rB9t2NE1epUszkhvWg`Qa^xsfCphB|*f+
zPh?COe6Jb+Gc-hu5L6=cOUvdmLM#_h((y}sb>LJQhX2UtfOuH}x+g(8WadugXeID3
z4tua9W`q@9iCy1UQpirgUm*#dzZ{s0#bt`LXr8q0rB=)7{Poe?`>f%B^3ZIhh2lIh
zoE$@(?%_Utqi<6ajiIOVv6>l=Oq2mW`$L9(iTf@0g}0(anv#Uw&Ob3m-`1LHV%dHR
zQ~La+)E}y6y0#Hc3Eh!0B?t(lgkDpkMfmD}qRe2yU6uV(DqUx)5bcZMtB}d=nS||~
z^aJc{!4>wN+}#Oj;En8Uwv?!2hGd*}!}R-&l0?B1mbg5zt?8yMJkfBu>DR#4s>|`(
zxf^hSi3Uq2h%sQ==*djskdExod79+ZXm|>lJ{XfRm8W-Sh?HC<Pf)>Qv)tHWrw$Tj
zh2*^|qCn`aWuNDpbh`Cr&w;3vRQ<Nj!>5u8_v9}hG{+fX+&y!RkLC1OK&AOc&|y^(
z=Q+tQ6L#LdpGua;IJQ=7n8o0deHwPw2XX9kN}Iwf@RJ{uF%#Av4}d0A{X$jv^^>kG
z9JTFL%!Z?Chxg?PxdeQ^3v?L~8VVJ(?|moi`-^jZD;%OlP=EtY!~rW1tF9Ii$WaCB
zQ@8u760+S;!Z*U9p_l}y2h2mB#ssJ@`U&Zj`C2hX$Wlw8S-zD7C}Dn~e#rn3%d0fN
z*Eku}kP+!!PDVXTM)j)urMt(3UOtm1pd5*yh*VFVCF~d@sK3RYgEf9s^_ky&>#~#o
zaq@?6kW2H*VVT*W1#~BQi@%8Xj;Yte105RJ?wR`ij=dYC4{sckSecQ{M8+T~4?nt3
z<QQa_9uOEQ()QAu>YdaEC{_LSm2;vmneDCrVLW79!!k&s4fv{k>+MU7@DNwtF0SJz
zb*Mn;jGXg_y~$vtph-%S&*|r94=Kq6luF#=jv*ubSMY^RRT<=1TS_OEwfnvLVRh|+
z9gdc8oBZu1{o7bi@x!^r)?LbgMWcDXdg8H<-}1!cwQcrmmh#LGG@;vN)Qw<14Y`M#
zqhx86g+C#PVEL0y&VK)gV}(>doR&rU+P@4^S2sTQ|GL-j#tdmPTIfM^T*{G&%2<Ho
zkBp@(`@|IM#BW*jT*v&$4kp7<RvQsLWit-N$<);LWV15aC2waXW&xO0s4wyz(jHG~
zr&X%60IEvV7hRvo(>pFtEs0>S?1(r{lC4RZ_c(53ozlD>N=H;=V341WewZ%V#w3<(
z(A+D&rj>Q~?f_y{i5}E%0FG#7#u(~S{@YghLG@G6KhLl2CzB_jeSI09Cw_QoZ_5EP
z#WQmEu*JJ{%q4O`PYEvl5A+HIN%bzdD*pb()h@S~&}tIsKO`Q&g#!R{(E*!#6+5Zb
z0XNWL$YxY?I&GBc30A}cqW{HkM+=WlcQSER9@I_WoQ%eJs^Xbpx45p2^DMf(99WH&
ziCd<2X{Q?@bB|};E@TzBp@k2pLl2D{aQ#~7sBEN>ro}fcPp(_GyQnDX+oYO()T8`*
z2e-AZF=Ql}+NI{)!?OvJXP+&Y>^n=vM-b~*eJW#2#3hhYLIdfxk&6)&GxuPyceJg4
zAci@TQw=jf?d>e%J&u5J4#|8)ma1U&;pFU7)2x+mDaG+B#*`$5p$T;K*_)#nfX?3(
zlv^KCbWnhX&*AuVd7MC;G@}1z)l9X>)wBk&W6xDbB_&2NB!|w@!r0PKSqSPVx4cGs
ziC+)J;o;M%4}~W1goMckk^_0TfT4%fy+anerVS`d`0_GCoIjJU9b#*BW5OWh>XJij
zFZgsahzKe^1^(d)9P*Mw--zf2l9T(WtMGnyo$vWu{_Uv?ROCcw-%|6QW>?I>$L0(U
z-#-AF=MoTL+`4)a;SwZCzVsKllQNT<%g2Oa1&#a&dc-zg_x9@nZB~&3AO1T4X;wsR
zQN+P@PT1n3xvQTl8jnF1T4$e_qrueGGW7f=7u0#N*Y__wiWzuh0L^A&2IlEQvsnyi
zonD2J0j(Q-kk+Rltpv_p?<~LZHYhn7Hyk|)*-iu5j`1rDOW1d_4VwKBq(qI39%T5Q
zdxBnvkdt$+cg@%Y_Gk>8NAr$`uBdk+x@+HGzQgr4styyOZY)f1rl~oZP|}!0a+6t>
z6j;XVb~2K))xNtty?M5CMj^9LEBTQ$CRf+9LwuD9;Bj^Za=7By=j#K|toWdjWTxxE
z_E1?@Nc!6oKK?6)Bw|o}u9$2FrZtlAEL%yfcWBr(g}6mj+;GOx=N7)+-g|7I*U_(q
zu0!sa(umOwVz+z!@d#|<$6!=KafwWu8(J$qD@{ULEn?cs+g}CIL4mP&whn$Peh^*6
z&ug+|pW;q}R2k!T+z|^Sn|(#mrH6S1Cf9MUxo@I2eFQuuJq0|ge(SHv3iF8DHM6X0
z4ul|Z$^5b(9Uh}d7+!frb5%Sab)*L$UcvA96JlAa#Uk_}COZo5o9UW`o#7Vy!;YJJ
zM*ORGwMg&h(=GO`*Eaa$<TuR{4}CDD6B8X$5>Mc`LLGyN3K23(N#L=e$+c_2H>DA_
znARe{3|Bq#%&ShKSE974s-`QN1z{D0yKJL3t)DFpNPaX*Zqk2lN%F|58DMbgFtz&|
z8t{W#6A%)S1Xb?<eZ!y3pcmezCr<srt-R?ax<$O>yP$Q}sR3t3u{MC5BG4@LmE@My
zskgSxvibe%nU7qWoR7@dK9u$wX6RR0*}i_7e*-goO{G(%H*#H=)moTkM}v{!K~*AS
zp;%t(b`NnG*IZ5uH!+i){mKtyZVR&-3pb2SRqwh=nKZ7|>21B!7p|vcuN!XOr0D@Z
zszU7@ycdO|Cxx>ng}3XYGp<vWA58Oo@tb{Z`OfS;5a@db<P&)WN54JTdqI2+bl)zB
zQ9Rb;3hz25tWrb=i5CenYw#_Q!mdO09ZK}Q1*0f$4N8si-`YX2ucPCkRDxBy^kZjP
zGG3$#q0*kDTWtLsgqws1ju=i67rgTOzR`L4{obTBR{;a6YGp#X`P?3_7Kxm?C<$Km
zh(F(2)5Y}ll@<7}W1v{(K>6?eWm;yULPA^*fo$P1v)qgU#52>-u5!0h2P|s|q5Mdq
zvJHvoumCckVdj1szt(_LRTxV<t$tR-^u(%FZumIF7B$3JKLB<1R}H_9`8s3QJg1h7
z(xha>S7?KGc@%nK81Qj>O$YQ&LMi`e+IRfOX~(8j$%s|S%g7r3V>F^7Dg_-2SGWSu
z_tWkh>q(&;%oT#=9V9<s`V;L^!%xNRhm0M0JUTH^8PW7TRHgWqV>Aw&kCxEo%|`th
z_cr<{$xPd*0j?`wPhp3YFe|9JxAmGu3)AzTVVbet+qn(?hfZs(D@=|Fuws3PB_uTk
zmv%wI8>)y03A_Hh;Y7Qi7=J_&R=gnLEK~_Od$~H}l@vORiSyj?)bHs>x3x^<V9U#>
zw$$VUG7O{IzE9?Gtj?(J|7Z^d+5fT}Wc&GhD4cqAgP+xqQ(*<b6Z?TVjYdsbModPg
zj+$ku_t$rzR|kUyX@!aFfCW9~+3z=YIRlz|?<PR*TuZ%Dnck}w2_2fr`M*f$1TWO0
z%l1&5=)56ey?{GXHC8+#{qK1LS9d7ueD^XbyEqh?5<`g+s^9_Vj0jf8Pf$pv``zk$
zimy&m!ZM~-qIw&SG>X{7YLrTx;dsRP8BvF0?=cmqlr|;LwMz2xtphuz=$j-_7vkB~
z6SpZVJu3#d<ZPmTvBRU;-+5DEYB-&jiVt?g@=K=5MzZIq(B;@^7_UTlc&*sz@pjv9
zgl%el6<tAW$Z9o&%ZI6>TnpOye{D6QcU=%ol;(QFBn4U72U_eZon6-Ed81pooQ(CX
zZ_)m^HYeAH-!y#`$+0lV{M54^Pj;XYU871XEuCt5dnp&~S~_t5322*ZUhYGmEfLP`
z$S{O>2BVJ+>iZH(_D>(^x&*Y#)#ZHI-#PmuqAF8l4Fu&XEonODMw!MAFKFwCv$__{
z@OEv7p}D*{H%*xj?ebX;z^`~>w_qc6Y^t?{)Z5!F>l}d1-12pKPF8w8w*Et(8O1oT
zlvX*gtZ|*pO?Iv89;)jIaCQFU_Y>r*#{z1<{wg9$g8TWm2iK|n7t5jAr5639Eo^tQ
zOmDyXFt&+8on5}(<v4I=C|eDGKOVYJNOMJBC&PxK52;n)ml-TqJtReZMSVJlz%MFi
zQH#TNLYm#Za5UPKE6yH-unLAWkIr0FOCe2Zaz{-m;Hoy~S^bqu&$|@knT-yT<}%em
zNgo<@MjBt1(-d_2RKh-BMbinO>FT<I&|zKL;&lc@6tncXueV5(nn@Z7mxLxoR-Uy_
z?VphSY$nNALB4;p0S?b^1-TcOHcS0@1-UxTZw9o<aZ%1P7nE1ck4;Q8zN;WF<CX^N
ziL8g3;G;>`nvBbLO$`~Bk%+)5aEdA49^!wayHZ-RDjVcN7t9vsE{TmgF6Ow?yAV_P
z+00T}H*GHXt20NvwKy%zR&(@E0&}W*lhY8LL3&y0oX-F7bX8$-G))(0mtYIQ-Q7L7
z6Wj?9+}+(_aS!em+=9DgaSQGa!9BSDyx+xtvAxqZ)$`0VJ$<IS`c$>T|CY0=t*I3?
zIL_$w(i}$7)VzvITwf3GP_h|IT&r7G`{O;bg6Q-DHth-%Hq-wQFd;f>@qkp<k>!sn
zbk`-$j?E2awN{U*^|$|X=}=T;4VT%ADRthya}`$xef)GWxr*f~X^3f#Qhf=%iis@>
zRu^5PJhRW{6>O`SiA!7CBVFbPcFPDR=mtq>YQiGZ@pqgu=UK1RQLcE8xa5D%vlf)T
z8wmdK`w%0J_{slG@y-@#VX?08%qFo(|E4J}plB5PKD6R7sHNf?5O8q5-gQsSLz4q1
zLrR(aS@y6XB0?pBydVOk65L42bTb8q^%;vxT}6eiP(9KWp30I`6kQBcA~`Uh6i^l+
z<0oX{;eJtad4IpN4ZqC6Q93^Un9JAUVUc>N)_EEy>FCi27tA5*Ug{1*#`f`N0YfGz
z>V6Ok2XO(yxn=fUy_fRGnt7P(tY>Jq^AoJSSxlUtDv<gnk#<~Lz--F~|L+>)m_RHH
zGY=gq3?1sxbL6j-0$H>j96X5$NixdU?*VS51*d=XEBSroJPt5h-oqa2`Gu)46e&l~
zd6NKfl*>fXTj!M2pq(UBkC`8Uc<PaJfi#KqWXg_f6%3=V7@}_U?|JRBP>$8zd#j?|
z9^DRzj~Tk%M1L)8_eNU$_F8QBteXG*YVqCEZvMB@{EtxAtD@TX)-F%5%XZJl?o4`h
zlx5@UBgFT#8lz(+<g{aD_AOrT?0CFGsCZ%8IEw~q*8ZDMDK9gLWB37+3YohSR1FP?
znF{pMD#a%NjjNl*`jcCfj|=*tg?pPFGmRQ*_ZU5FflOj88%lzgW>osJ#C4**-X4ya
zaO<c+L@4;Z3w2wJs5>n~waj=Bg=1=hHk{5Q$akBnk(sQO8IPs2u}scVGcCqLkNp@U
zw?<B6J}|O3WdNqOt6B`00qE3EW9?!V-Ayq&M>&}forzjO1>AR6iy2s-FHo(SFL#bo
z&QtWyQ{?XqVFsb_NJJI|>o(-hSCxM78@%D}v6pvV8ldQfSV1z~8vo#{g2t~eB@Fch
z#h9aO4BW`4o;1Hs%ic!zPJ4qX*80;srx%bGy(0t51WBKUSDpXaFH)>kNdvaMK5aiD
zZF@y^S((fp05w|V5u9;=jCzG)kGAXy3G!vB^2+WC2>Udc=9HM(%Y8v@9@U8JRhNGQ
zqi{A<$n=R&=gO62DwHmF@y#|Ix9Xn2%(uYN!tLJdC-7p%Hx9ywQlV{UKlTm(iKc}n
z<5Vx31d9>=yA}f<PEuC~k-^p4wp3`XRKUsEVk8P+m*DbOYegS`NH-joe<RT%99ziL
zuV20{M^00h&h1z=@dB3o=>dDA=|^fY%+6e3uQ@fZCO2v4X5e*vF$SRmK87_<^43EY
znUS41Fs>vP;D*2ad;4#9`V3d&oAP0|;6FWJ1XnDe^23^ACGf6d;3swOWPo=11u7^@
zgzJx$0-wZEk{aV<R&a7dC*BtH&V*v16X9bLTQfqdn8w;quh$1g=+i>i{bJkB8N@*6
zC%|mx;f8kFvmeO|pTUt8f#V`m#tim;twBTIf31j%=1dlF_Zbz7j2=_~pk$@D;;L3;
z#6{;S0FD$Gznd~Fv=j<)I$k}C@j0kvq37DD3Ng!b6EHicB1vSlep>+lYK-h3_)QIl
zP-EaEsh@B{&``ejcd<B4H`8qgmB0ztOgpi4(2<pv_YW+TfMXS?m@7)q$yF(tu`A4J
z*i-RZmu~eVDUMYENvgxVh4uwzfnFN>5$&HLJD-UQFWc%zuI_#F&X8w(TOaSc*jufB
zE;}Zbydv6bR_>o1@Qop_`L=wEd++`XsrejCvUu2PH5HSvB)_x&Y7Ty!ptNt?2lG#i
zGSdHVT=W^uK4XYyOaNgsvv5b7q&Qj#sc&H;3l_65^=+8h8teFs{9Ganb|-*C9}2Q>
zGFyvilwot&;EoBZu;y<Zb;XT^&9IPXUsATYBKQKIPmu+5On_b8blfimsRC@C+lUzA
zn~kKOn@P(oOg~|Yvt;2$&B)gKzXtVB?O}sAKNO=DM}I4SlM|DX`y{^3bwYX*kBmHT
zKzZ=XOHNF7>>rzH{W7b1r~FpK0EW1q4o0pu9ovn)97LCiD$L$$0pvk~hl}6(&G^t#
z4ic35-_vDNe-#oN_rnl>J*N=x%j;L(_5*i5Q-&3OUoeU!A;A5oYdfS|tqI1jrVJY&
zjB?Y!7bnsMt+dRreWuP**S7VSM5sYdLleJeVh$;oW+n*RZ+}BW)?-$mo?#b^RS*{J
zz1}u{{Ol~j0J+qJ<C@U8>vU{NWc>TJ5vf5|+&xh#=Z*F}d#`Fg<#uN92zs!n^|2b@
zqRrIkEc8J^qP^EF5Vq(vtEN*ki;p3R(gg|GNIHi8rg0y~Ft9wfWC&Q-s$td|eH=~x
zavj%Niq~$E*J^ZTX3Bxu-nUSl7?<NJO!nmeU(fzNx_kxKo~Qk`^0R^LEU@!-{ev=E
zgEb4D1u`TFs3`thu`5Sb%vnYM(!>^`R+n;xoz~ZA`XMS>MVD$${B31K0O7YYbzGSa
z`_&bTmt9hWp8isRtQgQt_A(=dP#Uc{=u?*+bN@#bFWX!|#`8!NFPmFf=G$#PUUnys
zTuCvCQ1b7iZgsI}^<e(P62aX)$JrWn`e(Rn$6+t(l!U}lm9I)rvQ&fKTbYTno^<n3
zvV0y@Bf3Ts#ldKMf2$R!s$`jj>GzT+Jd@Hsjq6er%@nIcSjySy1#i&{X2sd*6+&(&
zLQ|yFpPVvcWNX5K$9?~GaFObII4}}ztc>%o5hO6&Or734UHRcxjBK=F=)#9~X2&>j
z%5f9boD~CyenVYwIfEab!+kTj#_l$TNB*Jk&y$&1p<=t>F43z2-UW7LM;k+I3jYY)
z&`mSg$qwlMy(px}oL{Wi9fQ#83_!5*)zLKoJawMPj#o>kCw@gwv3qv^0X$0a=!ycy
zFc90rk65?BZ|{k4;F(;~6*&>gCK}4dw7|oe+^M!MU_|~r%(YNzVESAxYjYQzL@rmm
z7j1_QqCX?_m7NbH_YMPnaRsxckq25O=7*g9b37F(@u5g-53HzQ_>an4WS1s;CRye_
z3Zc}>+dx#XKhgMndm61plYcerb_yysa}?HzOF|{e_w1K%e^yJ005<%|@zFc=cn;(A
z(CkiEdWev1R16$hX-E$dB{Ndag3;lJGPpLOb@*HccR5k5a~=c7z=QJikk-kmj$%74
z4g<$32XOY~>-TIIolV<sCR@g1&iu>^?&MWRlv*b)snGixNApjPG?3qlPu6;jS*LpE
ztC1UWx7+)Wf9$Oz%@&<5?+m+L=Z%WL^i8%(9GeK=J8}T;uH+9+v2j`5@ff+j>O1D|
zMc`oR3I2gUVDFr<|3{-oq{xC6e$0(yTjRr2uFRHEqbG~d{;9Ma;OZAS<ky)D$C8Hr
zgaG{CN#@37ma)C}3{+v6KS4icDZ{cg2TvGjcF&qsjSu%YAvc_n1#6s;QBF+pt77&I
z9!*)~b$N=HEGgwAIkV0MJri@fh1ieQ#_i}8u54_aI!uV-Xl`TzO9PN87=~Sxr~Y2$
zHG01AkPdVNH#!pWPow6YYKwp>9VRx;j!)aM%oyT69q33MGRRE7F#as$;o^E5H}xlU
zF#MiQ*&5;+oK3C)GwV@>?YmKRE^8PcZq|T>+hvjM>ShKzm5`Cwb<Bp8y?Mmq?J>l4
z8DX2(D0Xw!Vp;35;tIYmQ(88$aCMlCd7e}=KQ|88^(ogs3$t&Sq#kJrvHk0NtTY?!
z_(@=-!V~O0t#P+2W35siqs6jzX@KWIF{Vwh&algLD77?V&0n!soVoa4XINI#vDw(+
zUF59;dfX^lvmrF@TlfZ+)>aI8I}BPO*?YbuGJ0<x?TfM&PL6B`$vi^QT4aXK=W{MC
zJ^qI^Be%HQwdd@->;5s0Z)|wkf9^>Mk5s66GiGv{84R+$4l%ENeB&|Q1?&+@ld~4$
zwf9&jUL_DpUE(qQy}l!q=DWfak8REI=1j4!BP+7yAt4(ugv<uIicPxWWve=5;yD~o
z)Z<;GD49C8rzo~2+6(Ra1uNeIIe2dwQm!=rQ!Z6PUl0;?v`8KC<d8M%Bw84ax$mF>
zgy*qxY{)M&j^|!&cn3S~0vYJ5o7p$2lw!+nmUZ~NoCJXyKB*)rnrRcB(F;hOosv?;
z7Ty@%cgZS8B1(|BTz2|f%mu%PQYrP7Jcgo~ej4Cz-rwg-B{OxMf0Wy=G#>!t|HJX+
zD_)AK4@l?khl*9jFR_y^6!cxmHu17@J|OJ-A9xq)V}a>z-7zh{aE!EA1b4fv$2`;a
zQvEc|COv207<TnYtHh5M@fbWBfpGyoAm*F@h68GxM=p8iRWh7(Q7Q0BNzU=JkiycP
zYevjsa*ffk_Xp5imBUFaZh#v%s7c4eh)+gQBh2z-MPg1AaA$R4c0xA5_ug_Mr>6=J
z?JdBFwObgL+N8kNnXF4)2VjI`_YszvmQ9@^%uWz8<P{GCebOBL$t*o^7?Ub(E%k(w
zl-nGA!2*3w%qf2U%b<!g-g$>&&B71|V2J$#WQvQj=b!8mw%x<fa5M*_Q4p9>tCFrY
zi_pkwCIuZ;xOXRXX`nE1&Ysa%ZWCK^7sFW_<NGDkSq4@Ow;)ZTJ3GcC5Eeh)fmKqc
z=^H$;T?<NP_FS?XU#T7PcRWb*M-^Y2Z>8|#x|%gDyW}-21v&<8Iz0948&dbfo~yT1
z0&7|Z)iz_)1~vE93u8G#YcH+c$o9?492+L@DOV*reJYK=dnXRE_8#Jo<#5;1K8D>F
z`?x!*(+dWtYeQkNXnzcz$|q3j9YaIePaQl5Yrc^aegeucm?zAa=PX=ni&*mx=kz}g
z3Aol%c?oL<#$^@(V%`BCCd?}^=~=fY$@cS7gNm`GSpX#bl`3qeDnrI4bzn-I;KTB`
zqj_2VXz&CjmI6&3CdDsjY<VmdS+ETY5JyCx`}*exuJ?TZRG4ZNi9<4OCVwESPhez$
zfCV4!lP#3dHPk0@nyMHckD{Q0O9f|CB~;QE-h5x=9NMg_LEF!s4j&ljL;9Od+4%4(
z2+Ryi6^7q75yY@zX;{{09$65NfPsxd`5&4V^dMj`qb1{7XMZhAqGN01OZr8vW=y+o
z_o`Sw(mPeG;Eqg%Og@KC$(C%7XQ-btI8_t^AVNICl}%D0%+hc{`u=H62w7wGJA(M*
zUCjM>fLZ5q>JeX7%!}iodB#;7o&+viM83Ua+UvK{%su9etK-oB;3UVIuhL6{dRLDl
z;#br>vt#NtmMYhK5Bo;fLZ)itNa__afdnnSgkw&fS+kPuRcHxqc&#tE_Pe0UImgD!
zJH@UW&c<bq?Ll0d6-B)rT=wFodR^}*(1g1|xE<CzphoQHL79wK>eQij@L@uc@!tlp
zk$mH*O5Kw-<ik04Q1-B=4Y8uGI4Fz2laIiczm)h}hVIWt?~O`*gDZb&@+kXGh}D3I
z>5Pzc)qDxV&@yiP8ql6nke9++=22i~$jtMwTFv+>?>&4F0?b0dTvKV0&3o^d7_EuU
zsQe+l{G8zne4P9ZW(fHjHQCaSXa_={CLXwI`)uF@AoB(M*6WCQz)XEu7}pppqV!`P
z@W2y06afF^$!_RZ+6#*$mc+>s1hZyJYPCeCTJ&VpGSd&6<zB3h{+`^64sH_%<RO!N
zblzLxRw5Z#T>NizFm-8(OC}4_2Ci7EJ)09{&6i|!!MVG_{E<ToJ#7|#zYEP&+Y}c5
zVpOU|JbD9nZ+BWUmonew5%PX(QVZJc*n)p%r3&Ieg0RuFoIl7^*~A}8{|KZU(J0D9
zJ>K3swJow=HJ=sByEK<`Y#n%o)i<UcN}ETEHaX|4Ku|A6GxQZXv4|2(Emv>X?RNC!
zy0_DEH%W_@e(a<>v1!U*x0``K9+*F&N7}EB=zg_dElK|JU(x<w;r*X%#C{bu<>|iy
z;lCp6zv9ilP24O(S9Io7GcbbvOM;JXZjSw#az=x=q*<4=iv24;+eA1h6Pd$cAkO)I
z58~7ZC<;pykYm>Ao+s$tHH~s5f7BM~Z-oWdD-47gf!B<((S<(!gtJrIPUreUrSqPZ
z^P}uN=O^cS$xf{icrzT7JZDGWj!M&ruc+K^t2Rv=jh-c`oV!s1;R?RQ!3=3Be{h4_
zeg?r&`D8^cN@L`bd{r)SP*bt{Oy>JpG^0yl;7tWgR0IH#*s6g#e6ymCJ&<i~mFCWy
z<auhV&~jVc5T*R+gjM)`IgJi2#V(|F1L^EYa1ry*ie7r2fBl{9k*XXMa9{N;*zBy|
zpb6+F;$2VXbKo@kW63V$^E_Y)v5^0Dm{kOPXZ?+z8ArxRDDL?2y*Z339`3B?ru1+`
z)Mv+v#TCaDlA`zaKsMUIEk7K^g*ce}EaWx;GJV96Ey~em*2#t5$F<cBel%J5*_Lv*
zx~G}CYyxzMNzv85i=jFtW@xE@VM}%Ns#+UWH6kRl&HhkMwxo*JTOa*-_P#inna^+D
z5+Zx;?!ho5Z=(}K!AU?<J%TIk>7CuUU+e_7+WpB@ISA5>;o$k{+G2`R$AIR@pm#m4
zmN5jni%nXU9CxSJL2I^~v&>bnOi*w%Tfh1^&agP25B1(dJ$KR(Pc7!NU?oLpPeCc!
zzi$9uHx%z@Xm%KP>~}1KvzFnS4*zsDL(=g%;ZUF@N^~RFjr_xm1q!Y_+sMokZE311
zA7%(trQ&H!V`<8~JVuw_cG&AU&$YL<iT-WPO+WoEUw*R5OxkkZyt32rvJP*vl2qtY
zvv!eH^x1Sb+Eoi;8ar3kp2I{JZvSgOP&*EIEvn2S=4*+A?N?%^_;!4C@^cJ3T&c|#
z`mS*d+c3a=`C~`#G^XD6aj26I!k7Yw2qEW<L5iSE%U!#`TN9okT08MRbzTfj6`=#d
zQV6pj!(iwY*kC9t3m+Aan@W*XJx>I%Md~;2e7_(NwAlvJUr$6|PlGO{MEc-VUT+^B
z^^qSePmz>%)uW78DCm+1)5oJMB3%ZME2G@KSy1>cAx1*&zg%E^B?0k~e`yjQSdIj%
zVFK$OWF^P-#O<nvq*`<S8DBO8t};aq<-*UUddMkk|GT@(*<sG@D=|B`Y~d6^R%5ur
zWw`LICU;)`+(ju#5@Fjtcb_Ze2F9%kb51HFdkq&gEf*EUg3?&KB@eO|e1%FRhku0x
zTMOl<H7>x%9t#IYa^|qs<V{(8&w`FHuaMq!Ry(V$2)v{ZOWyLuiVR7&|C341B3z)=
zJUg%Hlbp6lN4`M-Pn+dlA#>Vy<2Rnko6e$kJ4WWaEZRdjkfwJ#2JKs}i|*9{Pg;WH
z2U0v8OUt<(GxA-Q>meLV3%MDCHX+O9!I#c8ckt79Wv36jx>fTIT|q-<8P;U5KJ2Gx
zuW!KnGOgzE%6vM@5~ZB;P!zAIJ|D@D<W`ugD1UtnKJTBqq!W=(5?IYTmZ(bXYn+b^
z3p+$~6C?3`qL-q%v7e6jbKSwqX(d36I3oW(w5mG~b@fA3;+6>Ysy<?Cx_FB|FrCb;
z`D!sz_RG~CAZH52v+@0xKYC>-%~Nb-;5TNNska>Jzy$&Iygz;X8m`C-ts*U;vn)X*
z%UgQ(g0<}xO*F@#bMN>grX-3sLX9;A2ADGo5BSE1QTW6_jE=En>`mFUR40$mGzDTu
zU2>8g+uF)DTKiFP&kQbJ<UR`0-1^n)Vp_d%H4D>%_-6rlh-LHiP84Qgbon|I27TX(
zj0SPmp)IPE-AASVEYZqEb8wH$?8MCTgbFSQ104rLom|wN-Z7vX^ImATstga?t)t4P
zmKFsdmilKRY9bkQ<kX?Cvg<Hdi2*~$RFUm08iYu+wb2NQ&=U3jdu~_x&~a!dFr!dL
zhllF<<W8R0IGh~KZY)ty$(*1!(Bv3;!xx1)t_lV>*kt#5?;!1UMb5>8?^@3hm+vyt
zr#?(jd(g}74a;}X({t!e=A`-k5oOYCPy7vEq#9W(N?qZTk?Nlu8rp-c4!)h&XlaIH
zjat`M+4uZH+LC4e;$=|4mQX`!LaI9mQ?p|9J%;|g$}#_SMk<hj*%$WH7;DzhJdgTO
z!Aucu%@@fEXU}Abw#9C$t=1!SZ?4*tL}a8P1?eW&!G}KoFVpE4dak5j?D@qqdSNm1
z;0WXSA<2CuQ$s|+K`o(8oWP<a3i&o$O*i&Ru`keZj?(E6k1lVGR*H?XryQm(Qb;ns
z`8>Rlx`vz`3@@jVYhkqhD>4q{Nsvs-H%z-3x7JfaB;Exuor%Y_i~#IV<`>^(HYFAZ
zI+N#5&?1A3@Q$50C5+rz-CDZ$k6`TY8)6PC8@G&G=@w;ggSNa%JXJ+CUivP2PS2GT
zP($)23vcWMf2!=pSNsBZZ_&Bo&Q6A4;;g2}i{bnz2ox(V#{K#}_p(hVs18+STk<+)
zp{#2d${nrOO80ztz}>V!Jdw(77@~y7HRL831&frys%v@!9Z3KOC30}LZPHd_O_grc
zcO-NN53Q?PN{GApTUkdGe-fZ2J>y{9^eWlxEx78n+K##w;h!*roz)%jJg+o^6FZqZ
zJ06YgM2>tqUq;MzqrE)!_bkTAS#~PkDu!n-o%r*_$tnUtY0FDO==Jy!^T~5Mm+ZSh
z%z8y(t;&f99T-Ui0;(b=Sj1BeGW|-bsRKU9?j)%HMF*xdkHUATe@6$#q!c|jM@(6B
z5yMfQYR$;lg(-+z4M?X3R7@o@C$5dlMhaY->syU7YXGy9U~ns?)Whb{c;?cG+guy~
zm4uWoO>#eLlFo>IyXlouCG;3LRMCRsau^}zE!nQ?8Z0?I>J=BQZ~8e+O{z+&fxWNO
z<@c<MRcQUQ_s0S7(^5pgOi(Kh0K|eWu`3fa!Gf;YC8De&jU;eGzWs&+lns{&f@i_l
z@J!q?UH(+PvG3#{EqLzt-_1-}fdj2n-QTUi8}h#vVrM__oZ^8kzGiFE3M@AZAgjvX
zKlZJ3LFsP#f|E-VO>&olBB1tmY5GVR)BH7^I@;o4lvqdEd)QfK%Q}N>wL>ZNn-~mA
z3Fb~IW<Ng0H{qO1HcVZa{4+T)HVY`Z_UqQL9QalKlp^RM4XB|{&8zJ`l(V0pw@oG|
zd%yq7Hucwy8N`Q0ZaJVwzI7bV#?KOAI|vU>cz+tJlQraW4OtApP_}GSI=}t)>`V0L
z$H1<i8SKG1qsOqZFNRR_S4+z1mZwo->z0POgq(Ev@009E&)VYdHa$pAR@ezVA-~KJ
zMAx$6DZ9lY{6f)pa#3iv8-lX602~I1!#o4D3n`&5DX-+KXKBOl`&eSz48A=R?L|`Q
zvBu<3S57_Y6wex--*UoHE_aPXvEHtbwmla9L^Ulfixh$O{VKf7LaUXYz1+{VwiQ#b
zp6CXNs0#9oPivUyP<=$uW)pgHMax-#1~3egwMRaQWCb+@q3x0GYb#B$qgJ5rTEI@|
zQ_Xp&km_fmJoHGlzS4_oa}qq9azUaN0i&7Ay+1R+{v5#3gNC4^TFk*tMP(#&ShOzD
zvU>zkJ^=#DH)^sg1+o6}<-l|fg4PG>?VBvhp1h_p<R&$*Q}0`~0J<Od*W%8ASLeT&
zum{X8*-;d>_m|HufDRXcb&=k^H+9|O3_2z-g66p#5AkPMx;A)NTeXi|PF(Y+Lf@wb
zK$1D=yRI$%3dv>H=q{tkvX<AHq_ZzS3hWvUWkEp3ek!HAFl-gC;W-~`_VNR3thlR-
zJcrOH7%h)-_kMKJNlWG*+ke)~l7zj}6yDbKgdTH4?tci2k9tUBFLhRW2TgW-XZqwD
z+)n(`gQ5_|zfKLXqh^LJ8T~;zHdI6OvACm+K$s)B#1WlutBYXzhx#T{A!4ZuSw^=5
zS!6}^&0yRBVJ%akl~;F%qqJ9N14&kp+h%FV<vhRtpn?yK<uY!Nbby`C!QVnyQWE~R
zc0|$z@Vq~4kW@QK_C1RtKp`$yu1p|pJGUSJZQ^s<80vhX(iA;5TfMSmRvUQ11z4bF
zdzQVBa{H+`Z)aWuHCygbSgXR<g?an7O?5A<4eVAma|j`qgA~r_Sx(a&hAoF)9ALy{
z{_7Wj=&9*Xc!7_v0cGBfc*=ypM*c!EzINn8&iE-K;(`(3da1T<<aFM6R%7Ck+CFW)
zxN<-Qu^$WqacU2<UZ(Ve9kD2p>bE<(Od$&kBzdS@Iy;|9A+k?sV|<l-dCGp>d=>|c
zu?M3@?T+8vTl;(=6xU|q(i1c>=`8%6hC)U{(Jpqhmx4cC2-!e?R~Vv&Ns#AwjfEo}
z+g}<}zo@y7Jc-im{l*|k_yIx)Evd#6_)>eXl17{eG9U7V;9Q%5*;e@yHKwtR?Elcb
zaOAP(x7)$-Da*i0BO|ycvpV9lQZ`L#`FyY46UhrBel-ofO*&RT!8Ei}6^3y(eMPV-
z{#jIUWz>l606OlG9Hg23w?Y25TXGO_W{`<A=9|dJ!5uT{UnbI@W`3rB>gd!zyv})F
zvz~IYcZW8q1@5?&WOHq?d2k=LI@t5R@-tQv&DQO9{Lo9w6XYk;RVPMnt(7YrQ#O=&
zvES@}E9W>#TK48SzqM-Q_F@Q9*B0(GdM$DN9?IK_;kj!E0k;5m{>mE8@Po%a06Uv0
zy$u%_-koyjEA;v6Vq(W)!2mt@aa|cte=;&EbF8iOlnhnr_pFqe@9$aFjUT7H<3BQ$
z1kd<kp+7-ypFe{mgen7<EVQ7<dJ@r?q^n_`&Jz27YKYWR&M?=2eMKjpWBK6QPD3wl
zP#+G;2=BHe!GV&5J-9mN;wS_4Mkgj1iaFRIVr|Opn<sJzLo~pDO@3(ZToRnah^SFo
z3lmHaO%q?Ptgi<T$4u>sjoH`^Pp{)|qS$jG8+ZKN#n3r&tb<c_*p{BqolfRp;hZ`&
z$G&NrS)b0Dk+F7EzpSU<&g{SI0<Et13u(9<Zv0t4^xqx5;eat@W&li0Qf*ucogA+P
zy@-wZ#u=+`YNe;H^G?&nQ0&igyQn8t*45AHooMFDCyy4#lhMvZ=4wRku|%9TO>$m`
zhjR95HJiVx68D5NW#iZl+tU_{)gNfIh7r8ffb?Jp-0q@+Yr4!*g=V0g$N8ndonNo)
z{g@^mxU{=}g12yi@dUG}5a9M$SZy}+-e9&uoVNfP+RNh9rsAqpyH94X)}xzUfjg)?
zq`iog=2t*(7Az9$->c;91Ycs^w`zAsDWzd-=*glBUTgT?kr`cmBzI)}m~oqdZ^r<}
zrrl9mLgY7Z5v0@ymBZf@Jw5qE$A`7p%;1e)kb={*Y6~slw+X1R4=T&re<*uVZNl$W
zdOA~WJ5dWwYF#bJLI|mm{%H{Ed|m4Kk+kNE1*!zRRRTuKeX+*0KpRFos@+k4DuMU4
z)U-U;8lH>j_N?0*<vT-MU_l#z?1Lg!p0C)q2cT%=db#nA4rHncu6RQc%c%`K^*wmT
zxipHz8Tg#xX<8b^mWT1=E352%sy=N;RB-ksc*dhNisJ+@ls>#tZv5g6$-f0Bf92N@
zMDHqmpODR{eV>T?)~+UbdYnTa7n>ql?9z=y#l&R*KXbgFWkKP9XT$8G#sIq`zU_4Z
z{=RQ*M>@Ae8sN>b%2!><Zt>e~O~kS%C?7jkGQ*<~*=~r@uC2;06wqp8P0$p?>KpQ1
zJzjg|AN?w4)w0O9-}p5fYU1O(YJFG>zob0F-e|e9*F_$dPve*WSm{Zop2u%W1^ZBl
zD&Tq4uA(;#2Bp)YqC&1i%B$a`#ByR)SKY?wuPeq6QC4JdhgX8@$J%bEnwlCLi|d-3
zAlJi6s=9xqAo6Ou-<p^IbkY}9J5m_o*i`Dtu8wt2y6di#)Hi?MUbeOF=uC9{J(p^0
zCD)zStdj-c;s(vRFYjezSZ0S=T8)|6<sm7>CaJC#WdY83zS<En*%4h7pA{>Bt*WXG
z?z$93Y%Q!9%<Vo%)p6x^6VwnSHQkb8rfdC`KlbD=<0~cRn<ocnajDJumLgR+#45J_
z%0?W&yR@yd%&oHAS?tQQfOg!NbD_nJ6LX9B3#sN_?mBb^m;|8~h2>sT<`5Az7mqRF
zj?GUf4z|?erW4|_1>0DHwR)r`FDBVfSZVK}bD>3c9*vdK&l`IWgNBYu;ru1-{3X=i
zL+kI73VJsOn!isMG1fD&bt)4z1OMgLpTpHGQF01uh>6)-N3wLa+AmWI94Ddk4bm9-
zeg%ed16iPJj!k?qHrO-UOSN;X>@aUMzKRZTi_Su8NoVC>_?4KhQ1U9JB{)(w^$+2G
zFS5g+&uflb8?XE7+4>W1N$7wT(~+r#i%7fPDxtQVy)p+uE4TX0hiX-7rN0}YHEuZ*
zJJlB7!RCp6tKHb<No%Bp4lPB7_4|2UcZo&-^K@g*`VuEf4X*AgD%EPq>S~FNWAV~T
z9K$mA>;|`LNM(-g^8%@1?zCnG`~+G1<=Soid<~Dyy7`%<Horak<?G~KJl&)z{2y&m
zmmJ55gz8*ExV6XSJ8kp$A9mfkCpxSP9&&{Kga2~Y>bm($&86y?JECib9?btyMjn}m
z@LBkHqbgH!ba<W&9`!rWODqs>4Vyzsvw+4kgrwITVk;JKW*da0CoW?92XJO1gj;I|
z;GIbz$mReFq`MDg#jy{C`dWP%?K2)Yn<>6y<JXsCapn+uza}fQNxzB2L%^`0anu4S
zwWX5Zkln}8&GDHK$sCxmxI+mj0pFmtV5FwcObjZXR5aeK>jL51Zz}lrp`r_eC=N7e
zJNBWpS}>UHsc6IZq2e7VT$iPkqYj`>T0jfzSI>l7_jcgxRlv$7JUuy6Y&QcRq1+P!
zA%CS<E0V_CLooV1{ALoXn%h|Gu~~*HjDMp1Sr2LBGo&-|>xK=gi?dY;+H+XrqvXag
z@_R7roUyfOtbUOyEP3i}EUpFn#A`5XRtEh>I&9;HuJii0+i0Y{b3(&s9Poqz`sa)9
z`TJ>LdV_z0Hl;9FMNB8k@aVeF2qZ5Wp@(|;J1H!{*&a&EEW5MMC!;T=t{`Hb>r-as
zx?MSlJ9Z5Uoif`9hETcsV#+yWH8&%dLHTMd4a{MHk*xJe{lS68vl$b;cOT_(L4CG8
z>WV(lUgw{?*!mfG3ci^e^<;E~aY+L%G6kNVcvbOm@T{ky$z$c`*qt3%I-5b6&4{1O
zr{n6aK}cSW>AAr(z4;d9?LM2ZWMCC|VVBlt+C2L)O=F$srwKoLJ_8r6P8ekxq0GiO
zhgtRW@yUBMW7>aceNK}uOSM2%%bidB{><7mMj?<*6HYgYU()G=GCL&z*%IKB_gY}x
zTenF!KL9!Z`^&1gUTj=q7Qlu!i{l5YldDB$jHGTmL18;i5itdW1<enrA%ZKwDm!cn
znKD8A3W~1!9Z_BpZ7DGD`RWlB5=Nv7zGn!&OZj{?rv)DBHYQZh{A5cT8gffWOFs#Z
z)J=Z+@)6*l#8k4O0ew%t+><OXvTjH*{+T_nsBRTM6q(!BdQ&#o<S5So<o_JCwJmeH
zy>vQsOGX$i&WrGD?2y#ohS2bX6X)=XtKei2j>?Sr*Om=rycYN;TpB8IGgCaFFBA11
zCF8e~upb<Hl2Tdnf3&CK3xJ`ekdd;`Z$T|*EVM@M$;LYczE59f78|a49$g=2eIc2?
z!C!V)>**TsDL=jAS^B282VHTp*i#1jIagL++*b>0L<~{{Wj%rou7QOUGFvS<U=#ik
z&w2-TKF3fLAl~1{mtf!e9w!{5SLR0s@P8kJ<-Ak04pNd1qD@KO=4itgLPKshZLRYe
zVZ^m{$<{78A^%DZkunw1JaZ3vQdinv{-~Ea)?LrC@FxkP#FLUP@mA1A@<DAwje(cB
zbSyoAml{Ej(Nar7V;Lq;pf9wB>ypbCpWwmQ@b#PK`~&Uv_ddNJl6)~3tjt&LEb9f0
z41XSGN>0XPcOeZK&wAyRM`N<>N3qIHw$zpMnO9Vz&!qloulo8j55vh?>M~0fqt6`)
zmpEfC%=o~5-B-n3|8NwfEU&MjOZ*sR^;ybRJfgNFz@Hb?t`^4YGKO#VVt?#|Nv^@Z
z!We*udFnB%;r3KK+U%mh>kgnr#_eXJNUQ@uqbIRSc8k_<h6g<T9iIznI2IaTU$sCY
z9ww@XEc+oWzds&^{+vwWlni{nTueUjZzg#r#F3UmWYb{Q8m(ZDn7w%cc}@JVAzb+=
zYhB2^3Av$d!hDt(5+>+eyE`HXzPLXuXyCYKw=pQU__1lO`Oi^UaIFXZT=ihEXw=F>
zVD{wb3lh4WG_>12hV=!Nn$wDmVJ#QdfPgO+LMUC#;x<JP%{@l@DOH4p6wJ^)2I>XX
zgA<3@j7<KY7I3QraCD3!XkZg#<2hB??M{ZY4gYe6gg%*%B8a4$itsh{Z~sLLv6%)e
zcr$-XTkCIs_yq;rMH1$w7fC^%5Z_hp8AWGj{ML{_bL6H&ToLnF_CwAyfd6hJvZo{7
zan^L6rhC9&Z1)umhg~P)E;P(tQOZ(D>tH(8$i!C9afhkDGD)GECrB^3l4{Ewd8%!5
zkEwZ<mg{COyq)%1VsX|YVDm00z>puYWk4xd`4vRgHhfd{nrd;zve{6A1JY;wk$d|U
zWaI_X?x4NpHC2#fMk}^Z7P%HSC2ZG|Xw^0yEO^x<TruEA)oUl;RX&9l8;52<J!{#S
zdh_WoXhsB}5hXa8JU~OHVA<`*`9;$E3X!${_x`}{;eE~@Tk#LP45d3+gatR0FkXlT
zZ;I++qdn<=O7xNIdsHluCb<bi1m2>JiUvH977U5<9r{!!wBHjuzCDo|{Z~yx#qj5&
z<rzOhoYATK`Ab~_XFCMa{zeCD-69TV4mY)+CMJ&&rsQvUK;I4#heKwCm$-&(P}^}O
zPz{;?xRu)-@A>P&7L5w}r#*N%FVfQozUljyl+ICAz*J-Ii_tJ`@KM7-!}RB46pmaz
z1r%I?P~qnP(y&Prks%9{>zRh_jdI+j`GvAPuv~j?P=Gb00RRKqtoetr`>*3n&nizz
z>0YUv9~K)88yYd$XCgM?NH1gIx80=lj1RV|)?M1hbn{W>S})Nh(e?!ecq5z!N^K=K
z6Dt3#7#KJeaNl9<WvE<LC;V2w+;Le1o+{eE@NZ#sZAwK^s~LT?^G{B2R{wLsAq~Wn
z27b(P^8Tj9W0a80Us&Is-PHBYS32{*rbz=U<44bK&dD*;_f!1%U)TPVt_}elh?0cb
zE^v)j*<dRC1wgb>@S5K>66?LmNuTfu_Exb{;B2Qg+Em`oE`ZnFJUpWo$us2+$-*~+
zM(_9CA<fZ@(h(uuD&6y&&e`H|n1>I7s2^|HoeAP@phwL}?7y6N%rAs#1bYU2is}Aq
z0+y@zKg$2dD#cs;EA<$>3qBk2(ufGDQxSSZ6gwmNkQoW1vj-#)?4iAhJnSQ0=bw?E
z*tdSUiTwv!JVj$V&Lf@UCnM4MtAp?tJLP?<a0n=NkNFhD*kYPg-4{f?I7$rb2Gwkm
zkGhqcwG*3X&d8Bex$0h`Bp`|#5S*{iNPocAnyCi%u>($K3!z$4&YOReS$?TSx?14f
zy2b?GE1`R{OndOw%zN<K6Ii^7**kwp{C(Go;7$KVk?8zS8WJy@DP!f=+uo3flJ_W0
zKJbY7`zlF7_ACz&DSTz8=oXpGEDZYc{*%H?jXOb$2-i_Bw4RF~{SnjXR0)oTqWBrw
zMN?-HN+K(0TlbA^@>Jlf=Mm*@Edp}HDeu>BZa<1OtN4kBzbIp%(!8q_a1x?b(NZ%q
z>_3k|Yz==0{dlJ1;{Lm8OZxDcZ0j@6GZVp*V?L$zv17y7a<54#K(AGM-lVD#VQRlU
zDw$;Hq_^sV2#t`TSPV#vHvUD@Gv{&YZ!u7W`F>{)*qf^c4pxIRJBJeyR6sAKlByy8
zB~-47i7tnznSE1>gl5toFXw8z7LYl$)7U@wcNXkaO2w_1L+u-&V@z?FpRzK~`D^;p
zfS+6EUEcDxp+9W-TV0K;NzwZxxLf#S>CkN|JhtXN^|#c5C;_)K>Kh`rDkF!>@_0M~
z{*vdd1tca9Xgw6NX9%0|ECo$M{9{s?5lX;YH<Xqb{`5WL*S>|=#it@%s6}ZusJUrs
zD0xL1XB+69_@G=_9!jVmlNiUjT+j(V!=r;{ecc}tVt%<pcTE_>f7+1#hEBlZ52$a>
zslN`ZP@xuaNok4G-PJ;Oh+toQQ<WVxVMyN-_->+i_|PrF0^G%6@>goX6+IXq6mdk6
z!CLT~fg6-O9_(il`bX2UhcG0w72K^*7jXH(QUgOAGz2xRKQbDnoE_ntQ`|3khr2o4
z{JZTRlSaqR4Hkn?rGG$*#}hg+(Di6({Uau8Rkygkez{u$N+L<%IuY#E?;ea(`vL{G
zUSdhuCPC!Pc7oWrp1D)+ow-3)0vYAu6N%ilzAf^w46lA_il-+Bz}g%d@MVA4WoOuB
zqZBv>!I&ZbZbXFxHSJ%gOX>mFN2(7InEY&_Pqsoz-vV;;U-+;eb_KTYuQB3uQM1&N
z5}_g%IT*q=Qsp$eHUUlk6#vnP#^8HE`)|}nUZ*^e-<y<-y85J??W9ItOUD*Y!O&w4
z_RB_(=kSnK97;wsU4(S4VxtU?pvygYqEr=W-(La&mB@@q@k@po?tg_1z1G<|XhG<F
z8UNB&KY{aD(A6&z{~0dt-(!iK>`Kk+Gpy!#YlXIUz?8WrZgtC`Z={G^NkZ7D>1*It
z-V|HkJ%UwTs4hn?!14YxyW;D7L)Bb|p5=a5b{xT|8>vICo-CjjW>9_|3PGGMjTI3~
zQ&5YU)UaW5xPql;r1Hg&kHvK=2r2c_4A)1teHM_|5^*f%hFvPrzDDLPxp~-qc?Wwz
ztyc!Rn>O{$g+BFo2P5W_z*vbSN(@-PivjaVE)8hGJO=Kb#Db`4;ohQ{ioKs>L3FiD
z#T=rXmf)T+o@PBv3HhBv9S@OcZo<tPY&?8{g8sBgQ+dCBW@xb$V?KSvT`$(A17B}<
z-&3YKS_oUZ7K+W~D*h>_hZ)jNjuk=S8y-p_{u=$A_CTf=kZ=aGwo`ck?XdDm<n)tB
zY6UKcMaACbTSf1c3P-OKX(1lPz?qH^oN{&z*Nb%PP%})nUEAPx;b-QVdR?~SnhVr2
zMYpM6)5>esdfYF4+=1*3JC5D{H6;0+`WdxcEhi}FanE{(?4`fPJ#K%<>y>62mg#>1
zkGZqqx4>NTKBP`&eE(Sd+^ml5WxLJv`3ZZuxsI*;?qqgM@{>S|K-s}-zfR&^v@XzF
zmnQgyfg5p-{|o3SpbaN~V?Gl1!oclOQTtH6GwqsL16RHN{yU0@8?JiPy|<c(269Ey
zA`xO)g=o{Yxdy!YME*>tN)FV#nex%bm>|?V1$~tp6yC=AF4VjM_=?iZo5Y7u85V3G
zklLa}B!a?SHodWN2F;}o=NL0__vZ|@3`G8uAh3KRBQX%44#o$@^SAD!kVrM{nl4dq
z^oCq4G?xzCxf2ver=Pa00_XuIknlqIRQMJgUTPHNKMc;aRgUhgfSP+kXj(fls|XU^
z^A^vrrhPevTG}DPKrV|#;lJ+u8Wgyq-ipQ>=nJR*_p4{xi!)}Rj9Xn+$5}w^r?f+H
zsCRtZb5%dMwKsx3=vxy#b@a7!;P=CY7XAhkM-rGUydbSS$F7@XZG5B_A0Yp-IGVF-
zq~W{k+cDIOjsUQ=$zGHVY0H3(c#8NMS5dVRKVPs0^CQKZFwpX7)NTLkDH5EO5`vpW
zt^!}+ojSmvPk0I5vdayE(vro+i!A}G6Q-&Q9sCpn{r%6v>5iXODh!+wG6H(`4HRjx
z(gG~u?<C#}u*os52tgsTVe?tMwyn1Mu<fLl1$Qx1L({^t_ub6$@kf@$t5KivRGl&7
zED4aJ`3c0<%ii3lm8Bt8cJFVSG*d5L_A69}#<58t_S#R-R`BkgPGD*gp(a$1RZ^gg
z-3LJi^K#PwZ))G`<WL+d3*PdRE9C55nM1@!izaw$I0Me|QwlE)y812OSZ@5GUNg<e
zz@2SH|J|vAp$~KGQZ5D3Dn~ty_@C)BK9SX*HzuGzv~v9xjcJmnB*Wy6!qGC8<3=l2
z#-H=gl!eU08c>+ReA_3G3*k8g@FtMgsZWqo@S#^)M%m2M=ZB4XWuw(edAnFRKJ%D`
zxnnI4H!&>_^K~r^3le!wZA9;i+6)sRzk#7V97B0~F@06xUxE$1fB2bbi}w-`a=`-t
z=kuTQx2Q~ldbilb1M|1)l7hCjt|p<#e&<xe7W^))5BjxLO(w!C#$6xjFLqTXQl?f(
zD$t?c%kNE`FBx^H?VXJ3W}^b>`_g6i0$m+dHn(0Cft7orDd|>8E)$KDTY<kdPsFF9
z>6zz?HDyhZOi+-hQ-A5YDF23F-q4#GxF7>QQoE=&fS<~Yuoh?$t!iw$lsBa&`o<*r
zD~_=?u1XVO&lGb7Fo`h+R#$6AEeTh^gpfBW7qsh%Jp5XOsxG`VD1zC}u!F9yxIEYf
z1h_Hh&!fKyz+p+<;{mGUJ~nF&@3|Am=fZkho4*XHI`H3~BtnWew6Y5oCWr!DB#C5V
zlLmk3Sb{rOPKYoR4s6*`7V(j2UD9m1ubvKEP=VthH14#6g+5aWkrf^8{zGU1hTKVM
zrXPxT<-0MHK1eY>s}Dt<s-gJQDZQRg3N^VwJ<rWqpQ<s3IbU|;pQ??#E|r=;Hz-wq
z{o65{@D&r<E=t+E%{AUr!85K+KHhWvUj(ULH=uP4>$ZeVMv{qIx$c8VF}1-)i>e`r
zMan6aMI|t?9;ii9z*mTkdC6>Q;i&~z57WZq!JgmcAa6jqW{;XvplBC)De$|>`!?LU
zW*M0JX;P+UipHXN&ue6b2I4YPF`R;hb!(+dQ@ZZhf`Wi$+PX^Jw@%&_vJ~Hpn`zw1
z@a^INL1W!<z%Gnou;G0ls8ltiey0I6dn{pJztIbeAQhJ=h}dPt93;O(QVNjk@5UgH
zl8xZ~Cf08R^3lZsrB+R#9}~wPK^y?@XQz{u<}fRW5Cb>ZZ3}(GMl(oH)2i#a1|$!0
z!Eu`fER1IUFv=I$tov{c6()R-kWU19TN9OtAwn~?W{Jp07oH6*jRv^$A3>x;qo2w2
z9$H;>`a+d()$zsj3DGQtfuU!yzO>8E+bF2VTZnK5GG;h$BV)|IQxnWDg&}GA3GE|+
zcg5o6$B5uxbt|aS>H)%}#(@OGQ+NDpdAg}YuIh$X&baZsF-^0-W(!(tp08Pt-7BK(
zwd;*a$MRRmOuu@>oy9>BUq#Rm|K02C1>KaAC_6d6Uro95$H1>U77L=b6^09pmG|n0
zt8O9Yu8|PtO1+s^k`UcJxX&2HJCqWd`$o_CyTKv<<EeAo01bir7vMvjwFm_TKCN6J
z3}k$|7vz-UKe-&YSdiB@V&Q|)=0ir&B5a?OtPit^3lvNZJBe!*6hh%ambGp*Q?A-p
z67SOp4-cQ@k2Z2%1@Uf{Zr6x=jL3ioEQbiK3m08$XHnlf{6!w($^-Ah`vO{p(Kk|U
z@*hYHp+5#(e&O9+CO13-R(b+=D1LGy-CF)qiL0<6t|Z;Dd~{Qk>O6LgG4g0^1fTd)
zP?zkKo&E9Tte&V-T_QWHhI)mwVH78f8rQ)5<``(pDYxo4O6d29eorZMb%`h!`*&K=
zx(@Fj#_dnGcS~QQASI!`M?<X2Fyt_Svg2#KP-Wvsc4n_pdZNM!2=*SjuK~=Fo;_dC
zYhSD2CIC>Kvk1^D+LGS-d(zNn*`j=1v2EwU#y{mYP;E!4`jSb(e>D*s$D;m;K%p<w
z_KU4+gl2-!Uq*SQ);pM`^oIV#d`U~giA$NhgiQAUSqQ81_PolMqj2J?;yN8~6#s_q
zb}wYd2nZx3C9;Nsc!hJ562&94W8|$TMgYcqcwP;{G!*`C9|EPnrhgR)6hCspn^Lx3
zV2Xrp)fEK-z<;mlbGFp?;h{hVO537k2gsRX=Gj#joX#e-xoq67$04L0>q}Pd&%>Yp
z5N40|{q$K9DYZb%uxB5}>j+`w!LwDizev^(<etl4>U${RW>h`7P-pq4_i(cv$US}}
zoD?}m0c8i~NU+&*$GJqIFbE&CTvlxI$}hJLZU_d=xoIRJkDd|zhVuNAAKZE2)SF?g
zoXEIiR{CWb<0^{d$GSw6=S2R`h(#3HD9_n^S5O}BynviU4M#AL&NxT3txI~A_X%G;
z;od)vAPYH4%jl1mXNF4!50mJ}Zt5oAg8!k&8oQ*49vM{)ms2BV$Rp;c$jg-UAy8#>
zbI=moyI)VqoLQ89Suz$psbXImda4xtx^Rs!P&E<rwR=Zhxc=L_tLDS-koSB(<q22F
zOkaeWMc1~vl6F-~_8qJ9P(CGtdd`dwUVa5uutJFlR}^sMv#s(Ey1D#sB+pLjmL&P#
zEbsY4)(Qge3*;4Xb3ne*@E5y!d~~h|*IgfO|E%e$-&Sj{o~2DNjf!Do(%#WtW=E&V
zKoeEmd^ffS)y@zpXdRxSnx>Z7XkUV(s{Z4duJsP+6%NG!R8hPQY6@t(pR*bwBIW~c
zeTX6iCYI^Pv6-lrll*$`=$q5RlNno_eW`mJ9vP!f?Murpv5Zb}93M<%a)+L~K<-UT
zukpbB)i9=kjV52%mhmaa^~xCd#ytc#hA$2Xr8Efepso+Ye)ZIq4R?+FX>K<=0Z(;T
z(iN?{_61^@%~(j#g3t(4YNJJ(KwkLV4Yb_EZL%Ww=7^tfL0Hz4SoF`B#V(E3<JXgT
zmkYehnw_Tv3}a05`FdP+G>|{fBZK^erLP0BYe1qRaS;oPfP!{SMCdWe8=LF|a5?i`
zo&d-%p_E0eTBM+t4Z3ADe*1Voh32OYiAc0&N|_-kWebp?3}Fr>WlU^!ihT@*d{U!@
z{H}!_3k>r+U~xAhC#N6uT;l)y@IeMx(ktXOrYUymKcDQw?{vYCK5cmAGZtn|r?@+p
z<}+Tz9|S!&6W4JtIQQ#wf9y!u|IBCHaySg?s2ue8O~z#nwX#_O8I-h4g06KJM?nI>
zcG}UfYO1$U9@Ra@(Wm|Vo!unHVay>0$@rY<%&RV~+qr)<j^TPQJ6Cw~us^Z;xw@HJ
zt*90OMn{h+8)uL-u8)h$%{3h_{KV=l1v1XNCc?4fXc@C0p~e%Qksv>P`n#pg9Icy)
z%jeRr_%YalK%vVhQfB`2_r1{svG1zY-PWo;M~K7E1p~E{&@6HUYmJNqas<3&WaJQ(
zC|Fn}JIfeuRka4Dg=rm$=6JU%(UI01J7sozC05$FRWhlk$B%fv7C43ZQ>SP63F4Mg
ztL|1oakWWp`C98cR$jG+@ZUU~2Dsm=%crsA(H<n?+R`rko4zv*rz^a6o8({{3fO&$
zo#wXsNLqA_>K8roc{vzl&wdn-+?;`_(Z#(9kL#8Qh+XWSnIoZ32fBCDi7EZ^$RH;^
z?rr(5TI+!y{V<ph>6CkN>b6%-+z?f|5=<AB^eSqH(n%B@z@<AEWy+krIgUWGg87Ry
zq4ddFle5nw!W?bWC=+?pZ%M_tadeG!_*ok%f56InEB3~ITlXm}Gr9oX#BkexVn8U@
z7;X_YGdhQF9Z(Z*?d>>m*FC!YO$k;vsWVqb<fM2ca6S7%G?%-~Y9j-=134sf+iv(N
zcUlYy%dkWX%}bmU=h-_>E8erON%k~!tm{f336o1}*Aey1+c2l5E%(#GRE=~G4;K#q
zA|J)*pM~+j>Y)oSgrm>X*R4IDOh2Pf*L8|@nI!0gy4XKYVdI-7M8y3~Irj@e#+-hl
z=p8`7qbs}(50pb;mzCf-0BM{5A7gI;R7np!4lc0x!|maVySpr~xVtRw?(Vk0Ll#}!
z-Q8UlcXxM(#a-@w|6iR|-PK*ybkfu5?xbg4NSGwuu`Hx7#GHG^K^2U7M|Us{STMLu
zd5<gtOV*5T7ba-Bf#03m4~>d#sq)B(zBGuW{oY_v5w$-kJS+H{PL|h6P^W;quY>kI
z+PR-it3_YTATTUzFv5?+3TI^bGref&<AC6`JjChz$O5;nnQ|-45}~~UeSdu$qO5}z
z%b}AJaz#U1^($@tT+Zk+4#W}Isq}j2Z}*-Kx#`c>_#oXx6T1cJ>$*!DyTYL!T3Vcc
z>?vDEyBSU?<??=L4#hAwT#0y}*R00NsB_PrJ!;9zDhlfCONEt1nEf^`U#dhqKkPj3
z5mUPp_4FJ6Xl7e3Xz;v4Zo_L>5(Q8u$~G>DcfdVmVnf8F@RzWDLihYDm=?Ql7R6P5
zalVBT-zbnab389B4LB}B*q}SZ>*kWH-(>M%KnU9_Mc<eg=T~$6_y+z5Hf--zc}90Z
z>2r)YIQ!$9>XEk}_%`|YP7wa$gS`L5Jkw2Mucc;D|Lc@~uwwCXZrSE2D|y(^!l;*|
z5R&|aXxr&aIlAIpcH*5X-Id(^ba`->27IHRH<||*!WFeAROHt7ZnIP$VmlPP2E|{t
z7je^XN(G(?`vT%~qP{ZwbCfe`*WS`{m>WKIv8b9;L)}yR-F^xmeudB4t4}o2H}<Vm
zpKOKCY&LH(X>Ti!`%}~d+3XX8)we|`-8lBu${jfr%rF|C2Ss=p=U-~q^uLIz^hr2b
z<Ik>X3fw4S%}Jz{MXg9=_+wP*QS@J=lo9Jyybj~|V{m@Rg~e0hogwS}!^=J8*dR<R
zw>q$xBh*T82~8>+Lqjq?Brfk|>+Z>TzI3%=6ReM}K4Qx={l~_3x$ycLwaHW?F0eGH
zZ*imFO66~5`O(Me=Z-a!?XB>^S@;xRwe*~AUZqB(XME`4aF_Z!B)*uUi3MtSDy21r
zT;xU8`jB!Uh3%+#@i6uE7BBY+FZbnG0E*;of!Z$a6UA^&Fqm6!HKcoWzX=2Am^uC0
zCg2QF=2Z~E<E-j*2&uNzL@OlMRf+ba%ujpnTwi$4AD#ohMjN{Pg)GAJ6TRqD1}+Md
zr0hjVE%j%(Vq@LE(sVdBYO-4N9T=?OwE8lLykDm`>d;v&KRmW!a@{;cghWfgF(U$4
zt!FSde9eYxUQNaf%k$SV3L^ZRY|wc}f1hFn7OLG_I&{F17mVE`|AT5;9St46nfo3f
zQs=`P%e<=Y_jgf1B5CR$1T{<7jaXgB>z<IQ=4DnyaK);?XP17Gg0a7YETS}~F5%p|
zq?Ychzgv0)Xw5|1ZqM!WAa=4(B%e<~j9Whp!f1)r$KU02GCp2$)l=X%N9K`)IiXut
z9~Zp-27BfaRq-W1@dhb<iz)Av!eo(mrcm=*Fs$9#q{_LfNLlKn^QdO8r#yHdA559N
zt#?$=c}6DLjXvQwk37=eyF`WAoXI?@Q1PuwJK^u<rh6qq_^pp5%{#>tgdjXIt`)%j
z&*i%^l7(Y3s{4{l)>Z~Zrnx&kpMn?sQR^ON=)p3%jm#B~f+NS)J~ri3#!*}4o9M48
zsb5CElg@+cM8s#-F{0VG4NZx#6fYT6x=HQYWVzfkNBr?dWA0fc1)nRPjJ&Q#QcSqc
z9*Qo_rC+IDMbAB=dCCFJsp?~~myK@W3e|>f6SU^&?Gv0|cSXKRH*4CqObDQb*^(+!
zqLgPwwKx=#q1F=yf_pA@?W(7s^>WqMU1JJG-etUEzdgqu+_0&Pz;grZ%+nI?xxY>_
zyvxP%8dG3&5f|A_6saGA1I+5x_ZQD9u%rk&?{EqbjwGJjhZQE+D0D)HFY`Rwfp<<v
zL*a7}ph6H2^(R(i?1*mjw5xSp8;mU29t<@42+Yi?`%S8E>LyKnL0`WX(8o2hCdT+T
z$5+`lb)>xO>y`ZTApC{qi{x<Fqvy{orL!!`{bwxrd{bLPUWdUt5+y-ZrWx)~5)y&G
zN53!e#M6`SIGIkmp8nv&ccS}rEmwi=hK9YXvb6#JvbBp-8Nr_`$y~|196qU3a*qd+
z+$&1P`rdKAi!@%|fs0NBDwP`VM%HOv9n+f0zMk=PsM#%$QL=?U<Q@VfOG!q8dp`}<
zUqOy>6j8>WZH|dMCKI)q=egDRgM?L<l2Z+ld^Wg`ZES&2zg=NTX9>ev-V^V8i`E~Y
z+`nx)$^4!=#_nrqIry}@P6rK8TVCVN?IJkT@wjT&4ESb}HiKM*tvNiIHyfI&>#?=*
zx8Z}YzUG<rTL&EftMFNZ?l^<*=Z|S<(&pFpuIkRM)4Sw=bz6i4uSfVS;!Zkr9K!cA
zWeN4`SMCH!{i-jDNl_Z>6`DOwE9C7k9q#1ipFFN9B@BzHgO94VrBc2SmEemrB>RKB
z^p+j!ZD4uv;&2;q+(!sQ6=QB=toOB3oO~12TC&?tY`3p*g5(h|j{C15>dr@C7+(rh
z*cWphXD-xBq~Kj7Q5^}CV)sF)59>{#jP2gXdhQW61Y>GcJp|G9J%X&D46oIH#K18B
zmg#?%oi%tkdPo3K#~h+8kqj%zU$|K!GN2>o;<GJ}t1_ZX)pn|saxduO3ke0Zord>g
z8q&-giK(;?f;l=~T{VmV;vmRcK5A5s<oZuFr&B=#brg8fpOW8xSD&jcY47HrcUy#6
zyfWeCMW_gjmg`30w3f*)Im5s3#BkiZ(himq7k+9>enSR*9d#{CtF0mjLFbvJxab-?
zQlH!F6Y%ndG`F!x+!yIN8~j8sxaDGQ5Wv9>t2GRilnlRx-g66YtEcuul^hPg9e9Wo
zb?%ht?d8_DnQBU8YHpm8x~qi7x4B4O8@=82v6jwKkbl$D_Uv8Y*3bDA;Y=%qebKld
z*yi{~(h8bdIHO8!Uhe#Na7hDdPu~kExa5%jQTUYAAt!T9%A*-w_k8$y#6SJ==IX4z
z^Gt_~*dJaa)ZbiX7i7+dPlBUD&TXsWNIjB)fCL}c6tNYF5ceyXIUQBPRs^*=TB+$q
zy0KD?U!YGtE7p|kvic%@&_?@tuhDmoV}euKe&J&(2VKJ}K_i*yp!AX8;IvSp_3|uo
z`yW;uhB2I@cJ7A@;kV1m&!Nq92@N%q&-`rXe{z=z1@ebN!svfu!)3YP$;Xp%p@e~A
zVo0PB5fQ&OzQM(@0BFC_!qJj~Q*c5`OB)Zw#I<RN6CcQJw-my+)doi*%}{wn2QU9u
z-Y@>EynltQJDcBZv|g$z({-KvSm%4*OTxei%o7ETi#E=G4vZwfEMeesQjR`5m8B5B
z6yCjkPhG`p)2EU@6*ZHIIxfNZ?vf`@HF(_59c9tkV4A|A%*d0?A>ba-=Xrc1o4Gya
z4E6>SR55{Bd+Bm>&?-x-XMV9IBb|`y#tUUqbW9EkBX6uY$JS?vlraLP_upyPI@YZ$
zj^5$qUWW?rIVKHiUgtv?Cn_?Mi1>xtMeQ`O7OvBpL(??Vg&WGCi#&8t1Y8%yOI-U)
zn*rl1gkPyL)l^dwdt+mJV>@^3^w=aB&gBf3lk)PO7AEgL+X6-=fOeKeyl)N14qncn
z!wFoccnb#q!4Z+`@CjTytEyiQ9C^&&6G=$a(hfgZS>>{0u^#1$m6CHO-*F$5TRP^m
zwENi33$IKoePlrwc<qfhj#|$wN_Gjk28N(c;g38u{Ynme4KsxeB(3@ot!HdGd9L;j
z*N*{|dtR1#U*XL7^S(?rd`7(Wia?Ps#<jrDsFR&ZT)2{J{d4-_YyGUzE1@#Hatfmg
zKN-^}v8aHSmNC`IQlC>&c0Wmr3`@SF9L$~;P3q=4u@>hdHR=O9H}yYGeRDvo*#zfk
ztjQCrzgH@0PLs90JX{S1KNo~~j(+ZBkj>)06w@7b45Zc$L3^+PKjN!+ebSGwUH~8t
z+)<t(aB#eF6Ylifj9WLQ7J+y}wIX&oCFs<{bJsTKNjE&f;VdiyD?@K7*Vc>gL)y!F
z%H@gKmWF&gz{)p`N*}G(gAB`)CYA3MYD_ZC>Atz^ZoSbbZuP_#2fpk){*7bWbdRlJ
zxkOALtyE!Ns+CYab7UR%7EOhQuaTTaZ_R}WClVFcC{1d6TZ5XSds{^mB4bHbZ)*|P
z_NfCsb@NZnSbLw^*nQ#juKyG%tazP(A90nJgk>3?^XFU6K;$E4lP$?MRX)!K?-r~+
z?@D0Z(&hxBXG1$#vY~O6Q?{GDpUAZpQD400s4p+vqbGH?p<|a*c66_b`~e%mn8xLt
z6lT}Yo-5J7w%B8O1bbSO61oHdwY4OlQ^ha^-3xZ7*#ZTz!j+)*oY^j7NvV2R_eOQS
z1hdyk?8**hx-I=uo^bUK-@*fHSIgCRbA0XbuX365oJ}cSa+wH~KH-$b)#_b(@odsb
zQ@PV>@y;=7@=7!V`B9c`4G%3Ir>VBO_5=#`)m)pl`TDx!wWO<OTFU~LHr{{Be^>QR
zEnMZ?M_}W8m-uDaVH7>>am(`u21hQS;vX$Uen<-0P&(qtYbCUgYhoH1Lq?@#^jmrC
zPIZV?bc4eK`P9}znxV7xK_PCh3=R&<x<)|<yUNpMI4OuJLfB4#QwAE5zw{yHt-Z3d
zi@adfxVNmqm1==#jla@Is?0VYzpNm0{C1UFd)czybZ?>*$9AuRS<i&93pCl^n{hvz
z@i2vqRIYv)iT%3MH~`SVERP~zT?v2Mq%-qq|Ct&O@60O=^rJ&wA;%dt(=K;xhl?@}
z8AP;=8sdd8E*H_+qC)&ZRXOMHCQ*2;4!cEO&1872pC|um&+~NR??lsAqU`#zb+`>X
zBW4PSADch<v{iai3^243a(yDamU^l`0H7q?27S0m^!t}B{P_GXG5q7xH}v&qV_WEZ
z&)<m~9q7JQ1Xr`Ioo(}nV`)$}-BYS>G1)H2?R30rEH`__o$rqAl}KVZ^<5;iy(7~N
zynPqUnN5q^RRUOv849k*?B<U2o7lhRe~Jfto}9mabDj}eY61i{0idfey;+`%GTr!z
z<BX<)w$?0bO(MRd{8?K&z-V|WyjYOJgTB{#-_&~kh3UPiV>~vZUzUhtBU2l5glJm$
ze3R9z*mH(0YH7E${P9cT+!*=N%eW$39s9EBNO1L&Ari+_q##i(&3_8{)Z;@RRxs<c
zoS|=PjdfptX?)X2(Sd!1^EC|lv_Df&y*xosg$yCdqTiRWVGX_V?F6~WGt|2CrL7N|
z%EY)u?KEBg&e2Q1MXgRc9cu8_h&7oaG<0vRV&ttOKa$e9ofagNsAb6+M$?!VVQ86n
z2ab`mzxShYwgh^YR6Q*@*y-=|d+7f4I~4|_GF7<(N{@%C#d->670Ywg^pg^-KC^;4
zOGb&&aMsl~1O7vcreSzMl^Ia6vaMFx#n_Oe@7HN8G@F=f{`qcut+Wf-z^V9lJ#K(w
z==9G*z3fJRgm$*r35|3<0-gpQqDnJv<;vb(K7xaRFIo-87K_oj8P%c~1T?D79(*9f
z3!syIG1jrX5_d6S-@Y3F>uDr#T^Dmm&gE)<+3W)M?E=?HM&^t0A2J%a?e_=3T1l)z
zNV}-vEi%B75IAZNVp;jyy_dcaXy^nBlT%>z&EU=vD1jlW-=yv9=mJrPzY8A!)_~iW
z!&lCsv1>^f`TMpqT6vs7pfk}-@dmw2pxF!PHmyrMMX&KoLVt8lz>;A_LYcaD86%Zi
z`oh)FvuMS|@Rh0r=sW_VqvjTw>dI9DWK1ZcXUr~rQi(zlOoPq;uj7m!)0)7vn}{nN
zf+8+FK<SYAw4fxXQ13NIxq4h_*!7}6b|##}`|n0aY`1A^6-Hl}JV|mleu5VrlU}D&
z?k3EdogT5lK6m7}Gv;f*GQGsItp*k7QHteKjVGG(&8v$osNOkjBZ+q4lu@r%CwEy{
zyH;SokOn!QMbD4Xgod-JT$z4ANho4tGj%6v60nkgc@$zRRh!JqR-qChcOo6JKsTTa
z7CjWMeNiH@#v0kPR%6vEkRQRQ4M00!#vTk!ul3|Av`xqlYmmF_McoS7-B0&0<ol@9
z#sRG|Dr;XS3T4i!Yi^S^M4_!Nu9&@L{mR}#B4ZPHyWg~wsojcNELi5#1?v6F!=B!X
zB5DZ0hQ@XJrOa}DA)_eG)FQ89qtc8>Yd&nMPqWlU(qU{oId%rOCpN;y?)hm6MBD?1
zb5<YHdQc>ME&lty7x%5t_Xp_wM}t5%JFCt_fRF}AT^F}5eWMpq<}yE}h^{ZGibOuX
z+RK}Ia?#E85%J+6;V*~!IrWp;o?z8eXm;|aEYSaK+`;;uhw0x5vtB|<!-bC_(A+2_
z7VF_<PDS$!F+aG%RgMevcLP}W>B+}*ekTIBQsDyqYYSNicqACUSP**G4?!b2t5P4;
z0@&2|KC5@9`2A~ugIivP>tgtaV_>cH1-8z`hV#;W6-@wVcP7)6OmSS?!_7;;ql@|Q
zrfgO7*ftFu&v&4*7qf|ddkD_q4EBpS3J9m<Dihy><dfm<$9G(>`vl64W}GdO>O@K%
zVrzGZPDYE~?|JwUgwRoV{)*R2naTe4U}M;7acp~0`aA}HNxttO8u99wwDg!_me_Fg
z<78i6eQ&Md+V5YpGMVmw)m8vad9#`nPwa*ynyhhl0;Roa*6cXi;%$%aj9Q9uL>P(F
zY{f~DCU*1y*>^@3o%);$KV14fSAjn*0PK(<H_13qeMPrhIlEq&kuIS3oCiIb>IHF`
z+42T1k@8JxFs?mo?Q0KO=uFfrkILeg$wLv5B`#c=6X!p<cOV9NzcOR)w_M=o*mkz+
zhS(9jQgvrP04WAq17-|>blM<&+2$_MXOp0r2t3KwV3Jex6IDXS9ml|q1IF@61YbFx
zx)@#u0gEf=X|RVIb-mu$Eh-trKC60ReU-`mEr~Px#)sp6w9F?p^w-}3K5R1niA5O3
zE=GCcs*DN!RDFT|cS^=TWsH9gZrBF}E}qH+|6WEtg16s5eX05dpolZoF`2E9N(^9;
z_88!#<iZ>~^{-S?C#K*`U`u8u=q5Kwx9Ct8Jo{W>UQEBqx}&adZ@55rHN>6G|AjFw
z;6>CWn)wt&eU<VMq;eXVPXsNt3Z)<QKA?wE$=@!{Ixms8&3o|!Hp(zUU7%pF%Vv1X
z!YZgim+IlH-!YRrAEWB$M!6A_*SPp^7V8G}ls}CPDFC)eEo`EGn@dEK*P-hnXi<KR
zzAM!z1S1fxE=`!!<yg-PNPNobM7P&wfbvmo2}vVcp>=0Ax1!LQ4e{*fhbNz#Cy<Fh
zE7&84{1Lh5*c7;C)GLxo{8D;(&+1g_UH`%=ds;4>x+&g9MI?DPWbmMpD{G&hqF$B!
z%ECXV@bJ9k$Iq<c`(VMlwfOIsZ<pwC=lrT&1p5chi!O7*3I5<#8|S(iH<P^_usWq@
zo>(9dV}}$!@o9v>7C^>E$=_wUsh?UCHIpX$)0sx(NJh<PZqP#FdLlWQ)yK<H^6k5l
zrnPWn<wbt7-n5pQ@LqUQBX~lXt?%{ssYn<6<7QyNv8_D)uSc~aFl*rr1|MHN6-|9H
zO-T}G!8J4T2i3mg)~)>!G{ZfyANpeRCCE8o^{g%uJhNIvGVm}Fl4R%B(JW_KU37E*
zMAV{_u;5>>Tf~jp5){(y&G_5~cUs<q-O2^pNSwgSeer7};+9E5Kk#0Lvg2=?lEpl3
zx(s~_jkLUBT(s1@%c^5Fx$2tqo5$kVzX^u7fy1$xG7RLvT1>PDg5hb?Z{YqDLQWPa
zzOxeu_zlB~$v*r*#R=s{<RH(z$8QS|{!rGmB!`Z+%_7+m{C!4+yC&Pvps$VCaIpHB
zAvOBx`>k&ahPB~f^m85LLd+Mov-$&I+j=SZ_-&z^xc`bG(Q(0lCoP6(++o20L|gS-
zt#jQOgxiE-X3;4yi)=<;DE6fG{Q$j(+o+^G%f~v#G$^1+XEn~|52pc~$Ro+@04vP(
zl=Oj^wx+JKg~6QNH^l*{^nac@x5*>`*ih#E7@1kOoNy_*evY-fwG#16ZnE$(UZ`iH
zC@w)UsvFllEvlE}e&MJRop=+8uh{?_(qSH}ocpYTD>`uOY?9C;#Oo8AV^`XhNTxVP
zhd9TzDAz0fPV%Fl7dUnJ47abL)VJL!5{Faxqp`f~`&v}g#ZulxJLl}2;v-+o+qW(!
zF@h$M9HQ~4m-m|UBbQ(;Atq5)gA^)Y*A!8)Oa-6*dZB_Ny<7xZ*I++e95BF?4-W<Y
zLR$^u#OwQ7+0i{<kYf<|unqdFCD}kB9rMd|H%$I52c!E`RJB38;6yY|ydewKcgFa$
zt_7zysm6`ZB59LqbLF{r3gzE4^DW)+YuenFJ;2n%kXmFds8KaZ!4wL_;zB$)-6TVl
z*qB>a4Pqf67@Q8&m)=^68pUHYF6oZUr9VdTO>K3AQ@jUe))N^tO#8Uw_JxlDZ>&uR
zddDnI-)S4Y%W-3ZOU&B0%&xXmi6=XD_&l?7rJn_z57Lp$!-yuQ1G@`f*)%>vb^r<h
zjfjudKckG@89TFMsq>cT3UHr?P9P>G^WlHTb1qiq$~m4<PbL%iAA_&m^L{Li`pL5X
z?(M&F&k;aP&1f3B@QD<<BdDGfB5PEhn)bA7{uF&~v}@v>_#>V;(FQ33zj7}KW-ZB&
zZ2hrBM$`bd)!X;0N-M7#EFI2RA|I%w(eW9k;Tn95Ui=~%LhXZIJtb(?-Bdo+{uU{$
zx^mdz_j(god>jK?RCfoo96A%s_g1EDT{;wx9DvVGt<+29k37Fa4uDFP;jsQmt=y7V
z`jFn&r+L^_H6=k_+<sLmVr_$dy5SkV$ZQALNcmJ1)<BFUW`cH5?jBH+Bfqtg6>`B?
zN<Bo$JDR|%vyc0a3YrYrT32*#U3BiAgJxqTWAPm6sbt^}4y3fLOdjhWkXSA|?Rq~b
zr>yNXBpA%D(o&BaUd~Np(@kJPr&BbBnA5cw{-{a(RyURhA6A?bx7C#D3M}x*@jBYz
zrwyQTL19zRXa&G=jujV=Oesp)GFMY5tz_T<@5oWrMoWJjzwBZK>~M6se4*Odd2uDH
zPsp5u;gNkrPKIbd18!CtA8)?0eq;WV>p?DpVuT<~d4>WVWQPf)3x)a~u6q?lIN~rT
z35xceJh|)Xu{6$EIEj{Cq?owhxXkeC#4M^M?o?lgqVEd*=%39EK)lGO_t=|ohVHl)
zPAz#8=~QGfUi;*_8q5l1H!*%$+xS{nyH+1kQ7jbY4tYhZxW|IrQyhf%N?yW3_|7i?
zZzUUi5}z|DTJQv>pr!gjTgj?+=?CIrs2ys6$!f1yB`iumx*<6z%VPc)`RqS3(j%SX
zUNM1CCYUq_7j+#PfcGjQ6!lJ$Gx&k3XzUMHQVTBWKK^3%gjI6AhMe=47}Dw-1%l(@
z|C!Uj=SNgNc}cBCAf8IIFZz7S2T0);UOY5^7g$@fc}5US<{%IFG|>wxnNZY*Pmkxx
z4>dfL=A#*AMdRvTwrE#K0m7-}CGxE6X5^mot4MG3n0~gR?wxp#!S6hf<!iUCAoKNJ
z_!?CHy%YJKeUCxPAvR8)tXkX%b06H=kS`ej$T*Q@ZJZ2@;-N6o2~w8#d-^G1DLHwV
zYjF`|eX=pGXbpC`akl3I!+m*~YpbOUcBiDWQ4Mx;8BYV!tsMWaa%R-bj%|nrBt8B0
zQeXcM9sGZQ!U5s>6fpl&4I5^P2MbH^7Yuzgh?M_ZeItS4a{n()`Tr<_kR>P&2;Xvr
za3n}+5rDj+GuS=x@r~N+=^r}|grvMIB{IR?Os;_CS%gBC_2CvKvB4RI^@EnB_hF5O
z!Wa^z{cuua_?og@9S|Oh(C`CUcAZk0#E;Iv$RBJG0W2jETB+)Bt_fIe76LxcW|#*R
zx};)HKbPnic!ZRc@wl9T@R6_KV6-h0jFy)FN99cbqf$!bnmzq`T&3Rv!$(lIHG29B
z%7?(USn`^@VEr%E(Q05?_1fH$)aR^L96`j@>K0N8!Op@yTs5VH2M2Vob%n6UgcDRP
z!j5YszGNM$-d01y+j5-fY-}E?UhB#m!p^-QQO_M+u*PiNcr~it9yeGd`YO$Yq~qfl
zMp+nD?>!f;`akhx{C#SFM~`y;vc)6h4JFLpa($8xX^9=UYU6Mzk`DAh%#bVT1S&Bw
zDmKP_|2>+lgON-fOpEFR>os?NTi}kqYFo0}sUY*N-sole^@rh&mfC7ZVx|{2G<p0;
z1Fm}P9NW*`r1SI-s%0nv+JN4H)ewPSD6FI+Ts6B7Jh%;l@L_v!)k|K9^0kxXqy_TV
zzy9!2AVj#d%}$uxrm^k%{pQ$6joSx1hlW1*@h9X8fp{CNwtyULCP&oZ61W{h9wVtD
zV53Ojs{KN)MhQ3mcbkPhC>D&cdaa#_rz2C!eTAG?&(d$Zhq2P!AFgeixjvJn|Ii07
zJr}sZ^_B~M-B}?1b#)5X?YLh2pA-sl?0*k`2Ic?q@OgU6N6_@-qOYu+f;HmFI@12n
z_wxU@Nab6{AZ_qcp}@BhVUNs9Sg;*xvW2L@8r{Mki5u#0)yYq-p&Q#bc8_#ituu*Y
z!7lOX&<EFa!Alo@JBIJjZ&wx?{etg8zl1$Hv*Ez+Lcs#zmqKiKRoE%@!l-T)d6jtt
zq&pU39HcwN=pCKIQWk+eb97L<e3R(7Yhi4tB-$-Bh1fbBHO;Qy4@b1AcG4y-QqGn?
z;jyH8=m|sBJ-Xqn?+ELOC73PW^=g0FI*Yy8z<Ui1*q;>ST>SbocjNox8mnRkO9{O)
zMZm2PjU@E}QJR$y6;m^fpC4S$rbVsafpqtb*}J&npL^{eXx0)eT~xYg<qV4|RRs&2
zXSm?~QrTa{D)wm{3D)ncvCpa*eW9P_6#rnMW$boFMu$m;Daq24M!}6>(ov6KGErN_
z=x{H<xJR)=bVIst41L!MY$w_m{DBU6d5QwzeoyD1QF}t`ps`#207kvA!8U7H*|i9M
zU0(nj<Nh4TLPN4$<p+KFlAkTl`9G-iWY=GCA<cu;U1&i23swu=iPJps|0tA0gm#xx
z*{+IzCgEkkT<7=?<O196Vj#<+8WbIt{sVUCOX;fb>ylu$#F-v$GI04HeGZ@{!uoxa
zg+XpyQIGDD7?gG7e|#VH6aVokQNp^rdgu8za8DOul=tYS4}FO~JA#aUO`qG*`Sso?
z=@@e#%?d&6nE+ng>@SQLX|=~9iHs@geC3o+aR69;S>MYzpo}$~#c)J?PJw6t?DOA#
zhz*N`c>F>XxYN9$ia$#^3_d6N=I-znv~^9HWj<L6%a5LQC8!$Mfr1-#AK=ZuM8WZ}
zKFD@zHqF>;UkX_({d25VHO<5&CJ~9G-0B;uXR9F~pR_C3^fE_UAv{@ErKBa?fBO)p
zKDAqELoM$zUQTuFY7%li_3c@GGq^Bv4MRd)_s0VoFk~oEi{MaUezeOQX8Qt-5RIyx
z@ndI;+F54b=Q}L3m)I?3B-LJk`tE>-3w+~3gn#5ZT^sB@LvkK`z5;tTRV$_}Fj?|f
z6Jb6jZ&n7`;|xsCF<m$m*p&`B<;2%W844vqeC8Jk=a{L3trTQbQ6hh=-DsBBTL_l(
zTf_^y2#wW?Tbwm;;!bs;MOfTM{OT!6ue$MXN%eicy40%&4AWp32E%f7=}W5qTov!?
z@KhA#<!lM2z}5il_E>)1a0@h7-%qqeb$Z5Wgn!>gP{Qo!ZKwp-oJ!C7?%{>3H>+Xa
zY)ka5#aZczMyAuWO~bSQX;0~m)x2qe7Pr3lAZnwnEh_=Y#91(}KLm~y3K)40^Em$9
z1bv{dibqr%TR0MmTqin1>>18PVJxxufNw`;t9nMF<?q*O%n6w}pD<u3zZAZ<L25*r
z0R_@>ZM-$IGF4uzG;$2t`_5+og=cM$>EdiQ1mN#Bw%#Nlo#(}`IT_t`v|KQF5MP^y
zIW4dmlTeOkM1}|w@Pi1Dgv4Uxo4%yCW^`l@l9<2J_jn9Yt?x{Qj}q!#TTZ@2#PC^{
z>&>so2}}@jzOuV}Ocb~Foq=yQuPiTX#Lyq(8@POXHM!#XZ0;?yUX#dQ;+JgV`{PAB
zF6KJSlD358IbDr1&il>PsRo~e6^bX1zJB_(VlBP85fd+}>nyDKnzCP!!Wwp<W--lT
zQa(Sq;wXCXlwRV<u}h~vIMDf@ZOA^SZ)phG`thXgTv>n?nZ^%8-Z1Xc&TxM%u{9hb
zJo|2xIy~M3{wb6A*JB;*kr*Bz0YbQ_sUmL<oT)ORM*04=#2wo;6m|JP^{wIqBRti`
zBV+9Um>L5k2ALanbd7r#C&ki>8xIcKHqBMR0V$KGEn<*pxhl!HF3x`QB?1!cB){4b
z_Bp%*L3LCZBXZU<#L`~{i27=*0U{^sqB$2)017TvRa?F@q5Jgko;fa7`mVU#jVjTc
zb92}-cPdCkJEIg23=!`%pm{r}6Efve1|0R{SV)D;M0$Q>+~I!0NqW33)o^eEa4adz
z`F0*~ox*f5Ly5bzF<v9i;^)HF7mB^7WTdkz!!u33mzs_%Pcvv{jQeMZH7Bpl`<NhY
z>PQiqixgfBo5SE^H-M%0=pupi$P4`CjBp4vabIhUYlladuF0OX<7Y(~JFOX(tLttN
zVPVCHI-GpaP#KMNAdZ@8#kW>3SR;h)js#6~=nBJoh<C7CKGBoH=myJKbeswIjk*3e
z!;xY{R|NZ&TCi#f(yFVUZJT_tl_m7*29$``GQ%M!qHS$nZ74$}yc9KkL7`!&Mh96%
z>^~6cf=RiITD)y&a~S1XQY`>~sLZpmPg~AsrJ1>4Gp}e`-aaowxRQ%u--Sjl*Rz>f
zwp(l>X+uvyo8Y(AfC-C_xKd#TJ^N$?v%}36GVrx?Q+?uq+ut9tuemum%K5YsFw#8g
zNaRG<m!pk4oho{7oi8fZ2rtwB)Xe1-fzEfL4ienLqkKr!#?4YT66{Re!9d6VsbbhZ
z0yV+FMN>WxG8M)5{<&#G)RcKXL*$43foglf@+v2gF)(CHl#t$9W&=@LY6yu3&UN?u
z#2U#BlnCK}vJ+q-mWdFORY2@_h@O2K>;MOMR2!#J9-8Xh%l~d7^Ed47@z0O#9j?<I
zK@2iWImEP#m)q(ldupSSG$n9#iu?Ty)*k%(^FR(~sh>yJ@)`UmcB!ZoWZe1e)>peZ
z>60EQ2OG(4e~N`B#HgQ+(V^!(B|DEVkBRjAJDb!~_Vg}#bzsJIgZJfan3;Za+Q!k&
zkErD_frqfp$j3)xl*cpmT08kWa#AkIwLQO>V;}!C?Q8_$hW%SS@asuZ4^KLU+)+%*
za^W~o_gqz(Q)*_(=v14iq6$HX*0k`ogerEX>3Vsz1^Bl|<)#cdDtNY_MMoJg^T}Um
zDR@6sHJ-VF<eJB(Ee%`K@bB3t^zO*%El7^~iuiz>n`oTG(OZ8V&XIYDcL&*0_ENP{
z=@Lq8$xj(#JQc&s@TR8Cd{Rng_Hf0clJkgwQ#E0t&|V2^(Y{4uCB_;V)JyKLw8HX?
z7cYAUEl83Ydz_ndlSIw%PU}zUcksPNl~2F#;Io|k4*oa`hQmv<#AqA+%3{@))u5r=
z<(0qM!MU8@$ZwsqhzZP?A-9jw9@fsx-M?^bZtC=iX)pI>T{&Cyajn*VqP0IEYj&Wj
z^3B(N;#%sOv32_Ox+kC+1y0<PE?g;y^2a7{h3q)wD)a4_o_|~-;>BgRH~dgsdl#yb
zLElY3_4(^QN@#p5C47_VG_>qfyv}l?eV)NI40k^Zx5hv=-!3x(N8OQNHYR!PBWcgl
zBx5`;8)jE%)+_n<>cayhw=c8qmA~$&#|5o}Uz9iv?`UaH*OfPIkg@itjI5Z30Xv@3
zb9Dp{C>(JVddUR9yR)h)H5!0-`j*QhxgGl3WZ|8UeOhGT5lnt^vv6>yeJTkuc))%d
zpER6WI`(+Gv#xtniQGfdW)5Ff3$nTBV#9h^1yl0FX@4KaeNma7%Qx;Gn-?KHg~&$#
zr(m)ypd=s8hJh<Dr&@nD{cWK&f4;SICfrtgbY;N?UF3!wo3i|o9F!GbP{BvV5}7SJ
zXKifnebm-axY`Q&+PHgmzRRX{ZPL!28>8E?%vjYfin(P5=`F^xQo9a3)^TyMYGoO2
zJ)WL-GG^ASSqJXwG?;0%vdp(y9I$_-l-|@739QzNSkVQ^n?-fzyN%9-OJ^SEq6OY_
zG?moRQ_$8F4{lyDj`7C0!Kpsh^VKrTprlb3;q7ZRI9QpqvMjUUbRe1+C*g~n+~JhW
z0o}8+<KDuY88I{Mb0#0_IRwnCJA~*yRv7i1N;}~wO@D*1ODg^IA8JVV4S67=l2;+E
z>lgwB@0uB$y_*^UNHan#qCx$rSPQEQMB{e69vf8)D|w=ssNw>2kv>kekSZ`MO}y#v
z5?M}FwMl?FzQ0Zt@^?TR_YP`_e;yQ&WH4)1NRvEU%kI1aKW|Ifcz5vfc$Pm%+*DAG
zf|0=^Z*DFu(A4J}v-)IF(?Jj8Z<N3Z<;|L(+ZFS6KZ1f9v}@*ntTOyO`DRW3^H^vA
zxFYoU6RQP+hl*zQm=b4ovvOW|ZGxc+`{_WL%iX(6^J<_z^e2DZ9@V7Hh-b_|DucR?
zBTC%GrGaykat4%zqr24P5rcd(UoyAYfux!zedV3LM8qgn#i+i-4OvInUKco2-yZj*
zC#kZNfb7}?`p624h9hJ6{!Y#^A92L|!(=Gwz~;yRKYjncpYSMSl<ZEmv=ai2Xs7sS
zhT%vDCF@cWk8(2j@~l+80J_r3M68&Gk3`Vd4(uNrIk~V@CZs3~4|e~~R$(@}O-R`y
zi?C$@F%C`-a3=s2aUNw@@)=lO$yQe>KiGwXM|BSW!pZ$F$c3YE=CVDuE*xK?Pqij1
zvrRp7Nj-D@@0y}Xtsk~hDHuQYp>UQK#n(REXdAcuUzZn6J+m3nr!S79DZ7$v?7jN8
zYn4(2a*)K8%6Xd<K!&PRXg30mFSex&z|9E#WzEmMr-iro(MUj%w-5mI$LYIpXGz#p
zhpA}!ZFr&!P*bg3TW8JLjWp@3YsYTo?dYDXP5L#87C+C4%x$=ixudOzkYFbV`{9Vw
zH$?t2;PTBJLFASOEXUBorwc<GIxF@~`CX0o>IM@8Tg3cT;d+)#C8+yWFj~Gcdh|=0
zg6Y$N9q7~yx99sDP+Z>lI4vE5T{a2UHX<qcC*DH5xWD789@AH8s$wYEQ(U)swuBAZ
zbOypy<cgNioi1-+nQULUfk<0eSerl!vTW?H=UVUE4e6`?_P*#1GX70AXjZS%lu6VS
zBBIX7j7f(H7u?Qu!OWe_6WKu(!SO#&V$!RqG0nb)@z?W%CjcfInxP^#0t%YI#Q5_o
zQ-fTruE@-ajZbV)7C$dd`Zdya=*WZHjfY|U(NV;nN?IELdAe6O4FYq6f+)QX=W<b~
zc@&V-W(|YN7erzNBO)fDX}hCHVoE7>&3k62p8eon+#=wiQ6eQCS5r%FqYQI(4gi_5
z0lmiU@~rL&ZlY5G%@ZaidVe79vInLeu|vIb``r6<t$<uWd7xmcF(VU<^idH+kQtjx
z)`TK21yYM2a$gP)z_hs#K8CuJ6RD*<aOVXEROS_m@i%lf*dHca76W;~RRpi5R__*1
z449%we8_R-h4{N*X@1=Fn2l@QnsU<gX-<b{Q(?;V=XVXyiD-xF=gB=njroG5^Q^HN
z6{%-W#=h>Oo1l}8hk#9OOt(E&qco4@cHAqgV-csYmF>UdGo^3@X=cAyh#4uVU*9xI
zw;7RfL_PtWqoYwII@^kVSS_7;h$;^jq6Ta9?S+#AhEykH^;1V#Z!J5iR+)tv^1wKv
ze<}mBcPF>N*~5_Zt}T90n&+&A`-Cyr31!GgM33;F#LMdsnGr7^qQ3m5ibCPV&|9Dz
zo#toi&=p(qffOt)LuXT5#olE~wM@Wl)rruI59sb0P?&hqlYEOSkUFK9M72~rdw9~b
z3k^U*+&^gHVHhVn^cX*(kn;+@)q~m7D^(2mXi4Tb8dF^Z#UuwK9aP`!oLTm`y^|2P
z|7g(5C-qO#J;^|jD25CSS#7)34sTl*GbmNhQZ4)C_*LEdfTGZ9Mrix#dsCIKOrJ|-
zmK|HvY|5f+bLwed3N4;l_K__PWGrGuvrZ5G?;$vwR7==4{RpQc0NU{+YT)I6S&oqV
z`T4YvJ15d2T!hJ(=~b+5(XUV^T)OM`4rMXCJ?ff>KZ(_Kv=U-h%j*5XENCOQz7g>>
zldhQgK1_alJs!)uZ<}hv#tB&$+%qhFsu}*^BY*qsVzTL9&4m?OgEf=AwIONISN3<W
z&z8M$LF;4FX}{O^trSSjH-;S6d}TMUI!_~tdtY90FI%#6IZ$HtT(MLFR6AlxTuDUG
zLRq~R7DBd=<YNOTtQqNQPUiEI$3Iz4!sx?K*ta2gP}2v5&QYOiCjy1c?7cg%p&8lr
zepEgXFN#jq&sQ(Zc1S>uc9iSB)gkf7SZ*JV9PNwkKJ#DmH{;eaIa~*dOwv1rubCV)
zsUNKAP&`m?U82YN@9>E(gpIC^2KUlcs-`55EnLmFc;q~d34^k+Suu+rU?YF*LM7jb
z0Ze}b%YJ>j<)n;t&n8Nb>ePoB9+QG15(2(M4ZBm_;-pU;UFqAQGR>N%jf(RnRtj@$
zDwo(XnuTeNn_#TuA^Kvo-D!<a$1_!$E>=z}AOjbwFuN)?>r!?O2Mix8$8gx_wdrwc
zGk@a>{FF`ine>->QiJ?84^+t=cTbF;qP}~{8edb+GZLg<U5l?spkyeRm9JtaGI$D1
z@C(f*7<i1==kK{%fdX{S5g~2NPpJyIRgb1hZOCZ$#x?}!l1eQ4w61FjPRGmM_4Soa
zA(CY<!*Cl*SC@RT)9;-&gcpG)WK6D7ceUD(2exM%rf>?KFjWS;5*ej@po(C9hi`K}
zn9vihTBiEN;5-06@HGNmM`XrKoP<A^S}Y>Mxpy&~kW81p&irxB+=qf9qfJE*ju<f-
zAWxV*d$^4!HGS&TF{>v6i@)$Tn(s&pX`Eeq*56Qj25|E5N2zT6!1caywQ<fZ)p~pz
zkXLij$s}<aiA>KFsArfqRDnTV?wZ$o*Jzk=uZH<%AYdfu`<_u;b?`7Ja>QRbpY?(H
z(U52O?CF*{+0X@>T<WOdPt&2WCtv*Uu;~VK$&N;3LD@5+Tzk~vUYQcbK_n@Jcsl@{
zSJ2K!hu`5!R@xXecdiDV;58bcDT8YkE9r$UOOFxVgSBesSlUe=(kA*upr)MbDucU7
z9rD0n`ZTP3JiT|srvwu%Xvf4lQBLnm$6M8LJaZvy{z90vFt2YaJ#rvlpMyvJJpuNu
zAz=qV)5?b;sXaLDgDcWpeG_0;e4M>?yH8C`gSM!zUTiM@^ij#X;fgDgY+5&GoW!Ej
zE$jL+TzBjC($CsHSFw6|r>Xf7J!#YcEln-`^Qi<c)Rx_gi+e(&RNHnmKx_<n$ds?r
zF%)jMG5i~5m;?auU*DuU(vYzxLSN)3sqmZ+jNpjTZ}{se>hr*IhTU@(9Je3g)D(|)
z9cK#2W<ZRo@{M8kAc{Max+eqJ66c0_h%?q06&~D>TbIwROVkmKLyLd!bvPhvQ1Hxz
zt5TNPK(s1dBTeS*YP0=``%oz<Wzw7HCRb%=FW7sPG<%pX0qi2Rg~Z6N!71lj&20av
zRyt5-bcm7Lz6bEbpJBmSekf>cQL%60n^0JVDtvbiEI9yl9RSqs$UO>ACx8p-e5Up-
zA<aM4d8D1}qGf>_dRp8y8M!W=Eg{vKlMV|`_YmVwAl$K1g;a%AvR9#3#7MjCB`RCQ
zj+GCTq%(x6Q%d?CD&tk!!q%6uw8-BXhegOvtX0~RHD;|Dkx^r~4~+I+thE0<{uh&s
zl^^nh#K~+KdW>KZ1kfSfya~Ow>*mO^W8y{>7UB8Gvb~y0d@Yh<9UTtP$aUt9$FSp&
z9fKFLP{JuNiw@XUVNjAs_1Avk+h+mHN-EW0g;9T55dfGDt14Jp)b=ta?dmsaDIm&_
zcmRQ@!Mxu5E0>)QWx3&(A(?9n#!40Fqm>>7?rU~~cIxcRrG6!ScVqEpH?nfjP7($R
z%F?!Jaq6s;)m1VUAT$wXFdxv(mHQ*J=&yYm%wF1j4u+zW0^K*OO03V=5EQ<Nn{SFQ
zLUcLDN}vo0nhz4hY8whFIbGW6zTH(Jool<TKt`dH233RWd;n4mYr<w60=d8->N`*b
zOAV1xk^+sY7$*5za8e#gAd@!q;y~4tr-cD4<*FihawQcZ;W=}83%+DC5h2n)a_3=a
z-ZikyJZJJ>@bxb)-un8CHW^}LkK@{_($^1Tz#6fNy&SPI_kBv+eQ847Y{EO0M}GCc
z_5HlXb4SqrP+`Jm4BMSg26jNI^~LYZkW5$Y<e82v3Pv}1c`<_tt=ITEj?4>;=j+CY
z%*mr8$sB)}TkAd&on^(kZ@ig0<+}SBy4G77c)I<*raX`;iz@>YqAVymvssP!1k+;K
z_45H1aa*L}8U}R(FXoNj1u#)?HZ%L*R|`jw!(?c*KYNnywZ1G<u&b6Yf9PPa5R@W+
zMPFR~H~cX((8c@nC8HCy7@7%l%g*C+-Q5I^V8&>1)xcwY#WB@)8;H@MomDe?m{#bF
zn+T^mnrY)gR71OO=>649z*5kMZr@PiYtnG&%yZ9=%2uSh4tKikA%o*%5(k~EA5G?8
zW^`?<FsyB=)U{e=(%9OtraP@$*q59i=Gv-A$bJj;BJS?oRtB_-5V=W+bv;b`O-D_}
zr-O%=T-2kHZa1|fDaz>38`zG_4P@Q`b*^Ywz#L6iS*r~ymGpD+duLZF3~)<w*=0p5
zAw;vjKAqRiZ_h%?>5SOC<-`%R__n);FR`#ly`7Z^Xs$46*>A_~*|B>Ydbh{oI?ANw
zl3eaV_{J=ZK4csSz2T8;<3s4Tx9Rbl6o$ul>re4Yog$0a9@CQ2=+wbGV<gT@j4<^O
z+85cD5_^t@%|~j)P|`w%7WPI0;PuzOD=J{w?O0%Fmch@r;12W@BVG8EPq&_wW9e;~
zqrX%@0bkN{>2F3@LC%Rfx3uakU)5Q@aA0y}Bvhvcamu4|Oe)Bh13_r`(8&I}16L=s
zpluyob`1htY;>eE;vZMdJ3+d?7iE8cwW409X_tkeSj5sSCPG!32&2LU@sEgh)W1rB
zxUx*({1U0Sl2treDW7x)zQQN#+W_@MRO&)2{N_(dY>Nv0C!sF2CzxG1L{7%}4SG}n
zx>-iYO<`^aL&w?Xw*i01APmkAMpsim9eb8B!4rnlPqHtf0uuqnxMjyu&7WV7>D@zo
zGb~=HArfM(LK!t!WWnp__=Y<2WpSLzf)mW!mXvpIcb1@yc^GgXQ!et9O+C~!O{>??
zxq~k>>OXiuuMjTBi?DX8N>CYO{prONc4gYb2I$N-B&}I_0rcHYF@NQw39(8LPL>Mc
zwTJ(bs8RM<amr+!{lVJnp61oT^<}*kwDZ6LC;{^A=E0_57lqV$`3BE68x!ZaXwz*^
zZ~&&N45{C1uxd;g`o<dp8v@qQ38+WWXwvohCZE-0QT)3FqfkpMcREACDfWvj1bRb?
zVhg{rOASsPXlu-a6BBOAp$22(y1MUSq{(IjUb9V8?&(ENR#d-Peebgu^~px)=*lwe
z^8(TCmPX4!wFwL<UJ-~elgV{KG5+~C`Rii;cT-j8YyjJm1+hYQW&P$K#kB>!e<ho&
z!KY9BBCkh%A|>fr=D^zyuZ<V}zRoF?D`%5nLc{fiH7}(!&#3p8+uF@jr!2~6*{~eA
z!2G4<_Cx&6KE0x>&Ou}*+M@Z)e{!ll1eP)GHra@JR#7%abJafu^Wg1^kfu7+`Ij>a
zI*jMP<gn*sT}|EsnBsUMv><Nv4S=7JBF%35g#9Z=S_gzr)j|GlbJ^UbH={^^M_U8o
z@h2QyJCC^Bh%)FkntvXw$j9!Lu2xiNP#Xfo;ZM}a4&D7%**Lh;Tj5YiUHvuN;J|Vk
zy8#i&xCnYhxBMe~c>+3b>b@;c@h=WDxJ<qSk;z@Nq<VfWKY=LcUa5u)V*uUq-9YdG
zwVy<hu$*s8fgBt{u1g*UvvdHBuHNZl!SBx#fs=P8Li{zZ7=3MWfCaMMK&)!k^~bWe
ztfzk4#ig&^d<GTKR@cuIv$r5yGhiLh`mLFrSxT3t*QQK5E~kz9U+;_l8XT7?368NU
zOI8oTmed^;3W{A0m?P^3y*J+6aQoU8{VSNkb-cx%cclq4&JCd*Yru2$2n?uukU5fT
z+TLbZ;!e&-g;HzPM|=6jZISprrbxT(l>;<VR%oto{PQ)9RWe2}^yGKR@o1Nvw53m!
zVfCMzHETfkpM;)e>kIge=4y^y9E*Xa)q%6dT`9L~qDqfkwe^#J*Hwt!3V9E4>we74
zpCuS{u10+p??LS|O{se?nU8Z56iaJ;x~oj*YeOLX^C=kb`+5O<8=&!RB*M{3&i9Ic
zI1h!UL-@9ZStstB)s#V8D;IW+YjW)?hXRWVGOIhpNjJpf2sZPl9!%f=4J8oT&)xVl
zBE8<Qm}W5S&B{z!w{3I32938Se@qE%5DH9Q?u^P*5=9dhA9U;BnRP&~j=#~r?fl`h
zHQjy9b`Che#-pdt?driwTFzrx%!r9g*Ys5$z3BLqZ-*j#)h6W5#ZqYa?f)JRo`k(m
z+0)J-+pDn0UzuxfB5Uh?WM81Y96j&n_OjKM{*$J&h)|WUX&yO+z<Kd&xKxm{jTc)2
z*~KGTq!-MYyc2kan3mbzROJet98?DMoB<g0&8a)PupCZZLB`c=F8B&-<b?XzlS*qQ
zMPu;!Jr~xRbTLfUTLvCCND)!G@{XYA10;}&{V>~jSgREdu0+Nuz<CZE#G>8n9$Tml
zBw8g+ZhLHIw%O`^V(N%{z&|Vz@}iI$b;H+LA#P^&k>Q_@dbVd>f2Rab3*e(Q*6w8B
zdk%RP#e9P?#9P;vK)jz~kcwT2B<^$~CtY6+Ue!TM;mcWH?)-k|j%hbsNN}UQ3H-R6
zG{@M#B#5JSKWY(e<ufNA-DssoTYkjui??S{ZI=0p+&yu1vj+I9*D*R+x)6jB_~MQ$
z-Z7@An+#XbJ#+>B4qnwv4taKDWoR(}z9@%hnSJ`W$*yQOIJ9NX{ovO^vnOD{EErn^
z@avg=hH89dr-xtj_PY_Y2QKe#vb{iol%z+Yh?(h0X#z!@&u#a>`)2K&)agEY8Rac&
ze)~5>@Y!aRU!d{1?8b_Jjh?Efl4<{8IEHw*h7uYgsM9LM-$6r^QYn}KyX@%$ZyBqC
zAK2i1v9O)_LvEn=t;hT3a@ff@%v$Mv9-Nn0&#bhQp_Ozj>7gQ{)L{o}$(fvQ--cmo
zfJn}+fO0w?1~M6**&7>KL49rQ9|GRjt&R?Jxjxw;O;SlnT{TkT^iBBdF7iRYFJNLK
zLT7oQ3SD8O&cI&$+>f^0+{=h-3aJ3_Yc)YK=b?clhH?t?L=PzbEt=jQ&MnJ3D61&=
zy*$l=7AQ+=A`MgQ2SsGv?|fWwI~9XZx6i;S!XtTC6iYinc{18xD4~ZgpeS-w?(5i2
zwMaa#+{)fthhue?coko)Z{;ZelMHcwS>l||_Naz*Fzm84tS8d^R-<`#@O@>5zc%9T
z_2AQ}{zKnp@e`c43AkH)sg%Njoqj<f%xM&dvZ$Pa(6UbZVllxBo8vk;@TDP|8#d>@
z=Mz6*5!NMOasLxq=&aWHi&phhHe`cYHq<olXAFc^wIG;#j2Nmxzz13AjN@|%qT#aU
zi<bGxmr7^$fW;xOBpy=Ez1siO@h%K&Q3($LuIr1|o@>Bjn&20UPGKkuTYtwdm1O@B
zQ2&P?iZI8u0(qKO2G+t?77S{z7XQgcEkS6lg+ewA9)GD^3I;b30AV4A{2xGDQ255j
zQ-XH^g|%)V{cmi2WmFu&*6qw-L4&)y6Wn2N*ANI6G{N0{NN{)eU<m{W5Zr=GaDr=)
z!8N$O&b{Az-=DV@HQjyc)IR&{s@21EbysI}S|(~-W~)lP;r{5qe-e29MX-t~|ErUd
z#5SdT?1_V%#2ZhF+Zl7o+Znge`ptgzObl6d-kdLv$2b?5Cq0haIM)W0X7Uo2vQ8ds
zs_iB6tGZ+nCpc1*S+5VaG^3+2PR1RP)^1^m3W$jQaMw>-2$auZt-*r>y{9Ezqd|BK
zV+75^r={MYGw&bdcCH`!!vxp0UL_x}kF!PlubxVL5TB=}dI4KV->O0PT4H8?4XmWK
z;mGntHWV)qoyPNM_hn@cDV5I1CEB^qKd!~vyR)9ukE!_k(O2%OyL;&n7TLpBwKkbb
z)Hr?^PH}pX^JKI|+_Jp`G_+S_`i4yrH?@Pvbmn<_&8GojL0`!fy*<I$w@n*s>b+-v
z!GmQO&nJ%C%j2YhJeAHHf|!ydyk;v1&@J^I4P?~}Un=a|FB@f8w0j!KFz&=@Ot*Xh
zhn?=$vvIo{1yk@+rsdRX$|e+@3P*>-+)5Qf+xaS|*onBRX55RrsoTVx-)Mt8KaNdo
zsB8o6-e083S?xvDX+<D~o{%u2p3rT)bEwH*WA>_3`}}SKiKA)fP`f9P-VGY2p3qwL
z1{(a{!^o`2-e|)=GDtaqsHt1#k+kX+zvCv__?&Yn{1!m>0kFLDOa=(@m<+uq%bY`p
z{0RXUt4%bgN$1ecOS`6S!vNAM=SY(tf_J-(&Y{zv`HVLHGE?YfFp~jgie&+4bT4lM
z_{lhjHim7WIYmzWYkAPrEg8O!2A2i+IlI093Uk$~FCRA0s3MY@x~+=vRcW51H_@JP
zJ>D5@tWG|&8EtH78kx!Fe`50&xO=uV+Mt;P5{46F>NV}WbPi3HaS5d}$FFh@hzVme
zqWZjvhWCCGZEhfB6HSur^9I^=EI@cq3D76=UlT^e|1I)81XbpwKm|biMl~gl&7V<u
zfI#A3`?WqkBQsk2|H$-DDzhSMgt+g3tY**XMjIy?VQdc+(=MTrwLqa&Ne%~$x}{-k
zsv)s#swqIh|DG4C+tlp=*o>_9|Lw%F88PW6a~N%G1GYAPL_KdifRipjX>!InluV7{
z-;PTt*?YgOZh(`h3-A&A%uwZgPPLB41Ss~}4c<eLN8uJ|v_WJs7SE<S_OHWk5deLj
zIjUZ%g+=!hR9QVE7@4^`VCvn_qyHpe>;xn?%%*ATp8NN)B?(~02}QEC@kXt^kOTS#
zMU}M(s!W5{`3JNN>72t0;tX`UTlVeZIP>HELtyI={gnh(mMMj<K*m}E+}h)R05X`F
z<PBaCeYFZfqf{wT>SzA_Vk+n}E^3Epa+J(-B5^xMM?R|ex$HTixFJj4Q7nQ%WfO`s
z`rno7&2hQ4(UjfRwcdP`fW{I#2~&5%+thtqr;tmRiGWBb;j?_Tn=EW`<r3Ue`jWU-
zNM1iZ!d=9wa_wi0FN)0U()D>a1Xs5ynZ|)hMnJ>v5O-2kAJnsRO67h?ny8$7`#Bfm
z<j8XHwt@0hiyR-5%a2y#kFCT8F6$L+v@w@lXzi{<ce(S)pe>hI74L8+XNKB{_-LOK
z4trDxpuue?>_&z!a+XbLq;GOxaYibhGC;mba&E0n5wx4Uz(4#jxHPKy*O$h5!7;3`
zl|<8sKD%skT)DoNP|t4r=)DhuW}9}}v|>E|_Sk}54pKi9emFV?u}E;cLS~8*9Jbw}
zO}77jYgm5{x&5Is5|sE}65l3V;XTr=D`9^W%Ild|0lTavW?7Bd8&xY9`r$j^{&#v<
zzjr&r3wtQTD!qt6{R&mTwpqH|{D||4x`F9ZEqunH!7d3)W_{^Us@5#Y#BLW#w<oE;
zQbbg(`cyoscL_A%(n6aF(c#Wt{74@BNd9QY^i)NlD!IlANK6xXZgSmqJCeH$g|>(6
zG@dn&tT03d5%F?_2ch1DvgLX9)A^CCu2n1-(Ra_E*Sbe12Qn2U2a_MC#6_^57v)lM
zx838&xFlA}yRC=Qzn_L!)M)8;b$ZJ`MWi3$u&r|;qX}Wl26GQ`Q$hEx(q%3<eYNeD
z6A{eOEctng1$k1Af)*&nH@qzbSO?JMh0StY`o>h#;^0R0KBU)e2c#rb4k>w!O^Ie^
zbO?~%Kx>P)!voh<^VefIr?zxGY|34Fu^2&g;J)`<L;0ieC>@G~RlA>p{}3#GqUuBV
zOxmYldDiAlEz)=1`G-FXb41&n40$l@0#-|BFfcM^E9=rNZ@BxTVWKvf?1yrdp1rwx
z6hGOpul2UG-{8P9rE9u1&wVt@`G>jSbHkG#bq%p~EYMKZsU38^z8){vqHB{sFf?ES
zMbS>1@;YnI@~z>MxLRDFwrctZ<zMD{z$3&6RhFDP7l}E8e{P1C^{DVWqS8bMh3`<g
zFI#1)X5Zpn?d$NH-8Zu;I?hTUk4uEHb3SX+be;@gI7oaLBz5EB+B(8`4k^6DL*^Dl
zj<_Pd=B->B*Yti*Q)Aia+7w!f*Y8n<@8ni+iPk*D!H(!C*5%v-4x8omF>{#gm0sUK
zz<5b%%1mnbqRk7ov4ViXOixz*JTctIbG!7AVyL(UXOXtFKs#LlhvD@;I-+%9@yJqH
zmKX0kbf|zADJ_{L2NOEaWR@-l4<MkZ?@OME`lB2~Hh$7+Odr5p5w38X&uM8>)BRl#
z3+&O2pYkM8pReX|C2AN_j^>7=KTFg{QXMMy^+?vkgZ#f*f9RL)Fdu(Aq<2W7lFOV|
z@W!tCYp(mL?PbxTKFay@RahmXnvT@%k9uGNfy*%KYg^^a@6oGTo(-h#@53b)so7iT
zrCSg4fB1~W?Z@8c^1gFf)yOH^(tG@36LpdD+U}zM_2$FmkZ{HMjk`<49;7};wc{}g
zyFMuUfqm@!DBO^FEwFDPjecBW@YPkp`H@;tC=nJnyJ)e$Uvl#OReui#8y4HzDtp%2
zB}q^Jc(GHy_tKpsZ$Ij$jMcE7jakRzq6zW4N0khxpbMg~>L=O&(X$sa4>$%?;cX70
zy+PCVod-8@M_xW0PlG4>tKS*iZOrbCpIQMt@42gpGmfzXq0LoHw;VSk?Cs9vBdb9v
zu|;XjKNx1V+!4H&QaKbn5!WKWsjsM8z3@J=N+wVx7<}@kmccX^v|>=AbO**k1ZnSa
zQRq-UZ_JYsrnwh)1YU<J@kJ<UZ(h;uhoJX2kLY2`n7<;gNT8^CRyCRf-^<guc=L>B
zcc*xGr!s3K#qBdu$=@?eu%>5b$MY;Zrxfy(r)65j@rb#k&`8?q;f<&+s5?BBE%mgU
zmWeMbk*HyM!A?8|*V-;Vx@F(nIEU{K3GIY%kJ+qd<Ls1`#qs2bk?xdbn(!0{u{_p4
zr(-;J&`Yk|1b@4EP12D5`?zN0LhrDx=Dyyb3(q~|-qO;bBE0T%gYWJ!9@QU-QI2b$
zj}ND?!6RXo$A<822}{Kd2^8`-^gd7N7>z++mf;1T8f(sodn^W0?#bPquYHc4Ff<<2
zn#avhoB}6Y!uB^Yn$azCGG?@!#|7iCuNSU5E{7yJu&l^Y&p3LP;ic8YRnN*T<NMXb
zx`BO~nM1|*<d0Dsb=Ab@jh$;D_YbFe4o9;b4%d5U9Y+!}hIw-V!wHhdkI`=VCXE$&
zGuj$C>TVh%udZz#`DK32nH{^`&S9hnaI9F3&0*AaFkX{1uIN5Aee>2&nJs*vIWd_C
zFhI6hiX!+N=w4SI)PJWRPUZT$d_d&fdZy8TwC323fB$=&I^VuZr&;+k@XLqoyidqw
z^7$`n7y}b=ZAbn%`s?!3JSP&zd);Q~kItbLofhS{aWqz|xLu0)T*S7WR?N3~G;juy
zX!^+R>p)ZQE0nOD5yb;bt%#skhtHximm!IQU5YrN;m<>-i;^VDLb_(WD4kp`oVFRd
z-Dhao!Uho^Q>T^RnRKC_%l_Q45hgn>^`TjnuD>Ocx$2z3*$xQb@HM8;D$2RxQJ^5@
z^g6wEmwbxeFnKm-zHGzEYU-ph%yp@D<*OTSN*dJgmXX}V+Ok?+{$<TXsD)0Y?Nse~
zYSN08V{RP~MFZE5OJhN^$}`XKjVfe+J$yDn`KA;nk9>o!&gR6oCl6J)NX&II@=M|Z
za+JcLm6I-Lg+AWHmX)$Xyj@=`HY5CYkaZoTkMsas6i8&wI}fAS93T8{@r?Y9{K)!U
zrT<74(WE+YqcE<_PA^j#@l`HbHeSC?*qX+Wu$FID;SFD?Ofy+gZpLr4!RGG_rpud(
z#W-zud_4uz7{YcoZ_A>)gYrJy?DNUoiyKN0D8)>&D_~{v!;xZ}o-lfTSY??GZI~|A
zkqcjPcYWo>h|e_}bQzM4y9o^2m>_w2v~vuo$E$A8W?I6Gb3dOo46<x`QV4q};()Vj
z`(J9lL$Uvi2hWasYvMS+{~fLnW-J+|zn@M;GWNvGk$Q$F6P<5;8R5GEe6JgEi@EI?
zm8CY0|2UDGsy~-%9%j?b`JB3zV(0T#KY#9rrcJc`a(+eJCi7~+Z8xuhMQ4ZET#!md
zeB<HyCr_WJUk;wl>@v3l_0QzkL@xaiVn5g@Unw6MpTQ=lR|#H{_;U<z9`u==0n=R7
z1mTz+x?5-OH+VmBp}+C*pUr<Yg;ei)3pJ1x7`dXXU0kx)nLlz6;QYSiw~{b0{JvLM
z)p-_}mHhPMh>}wi{q)tRd|$gD^WCdt16Vl8!(YF1rZ7C6L65dy>*%ML&mV|Soqo)|
z<6I;QO4|sl!(e!bf}?#hIh*)OWJRh+iX(pU`*Q4sOy_FzaDvlQZ|K<XFj4XRHg@LO
zzA{WYvt%Qp0XbnDc9@Zm6|t=(5&8+n=aPZ}_qT>Gm^s%`7B2lgSa{YVByy-cbFWY8
zFeLL*y=cD$ei(epT=ogyYUjdnCYbjkLHJ@(@5zBiNc@Q+`mVrxfN@EGs`BfgmqW+8
zz`L{trPh}$(~)r^+_FrBwnwQBvk`xCMjNK8ca^85dPQQloLXzlx9J9nmXzSpTsmWO
z>Rwl#Ep=WAV{_lhTqyBk+R=j5bI#t<oO%55ANbfidkf4G)JUfis|B5@WPNbPF&sdB
zc+wiww;Q^RFsX6>GqfEWi9!Ko$}?Pjt0*xMS(bK!x2<5qzdSH9`JKS#hw;u=!>I-$
zH=CRT@z?|LpTD=y48ax@aMon_B~N~qLcA_Wit~dpVPxhxuS|YE$;Y<jgRftbsh+|&
zem=i)FBy~21AFIYI}xF7tPFm|^!rAC{FW((Lrb3ksztJJFNl2Ngdry!TF;ds^du_7
z@SC;x;z1zVg@K!q3^h3#RuohM;UZz2C1H$;D}yLu;c;W(rRsbeb^6k!6CNo_&e(E4
z4NJ~P<L=qU-!nq|8=<^eS3w~+Lh&*JO+BaBlh){iV)3C@)~SdZ4okYQT8faGj`kZ$
zmX{t`#D{!|RASDK#W8<I^B2cND-~}J*r|h-e`=!SGLXBcIZx<s6)=lsL$-n{YbAI#
zb6&Z|hCsPBQ>HO8_W8II`BWT{`9#zXX}jkz2AwmlcX+gv#2g@_FjP)F3nNC~4}q2g
zyL}cC4L?LJ?DX2?r$xTb&n~*{($<&KU7TsKAJR>UbSvJl**sbxugASQYaNlDjKo;q
zd4cztR#iv)hd`X_x@kz{OIp>x=9yiSLQI~72;#p~CEoS@zW;HNUpk+Mp3NI{Q&uQS
z`5e`Dx<S~L5YJ9FAZpf2jQY$9juQ9*N|VjXAhId4c0i|Ibm-n=tm_w@+*u*)f;2|5
zIO4UF8iFp*)E`O^cfVJM1`uX9n|%8nOYhgryK$COQ}@;@K9ZAi&&<nDRrNfhoDZ)!
zynUbhtad;)u;+<!%-l|**6-3b(jgIv$Sg6elzl2zoy&?NdWJ#BEJxk@3qJEX99$;O
z_@qAkl!oqpk+r+auch>3v3Lvo(p&A<b=K}AYy47yg79;YYBr}2$e(e{Th09>9c4x!
z><{WUW~4=<ER<i@nHihBTDo)APN=sQq%v#Bqou}93ds}&UGFtMr?SgY2xU4ekZAG=
zzq}c=GH)E0o&4qln{%S=*04kID4=<{dn`EF=M;6Yni4P^OQtmJ7baZ9Zhv}wm7Q^z
z{;6@;$($k5PUq8g@LI25Al|Lb{TM~tgN#}Wz1sceeae%fdpGkd+>c=4qvs95vs@GP
z`)+2uW-Zr66QcJ;oWrsVXQwuuw8Oo0TD5{Z1G+^5Lq;1s=m=)*KBB|DhJevTAyY{G
zPr1lRtmI;d;G%5c@POLi9ogj1Qs3v%M&dThx1Df1O2=|IK&+qDQe?B4?>aykI1Yb~
zt$|@)p(aan>QWymKFR1kUuTh@rJQ{o8Y*s#S;vh{cxBm}VU1%ERRf<Q#tX1ebuDIe
z2=ri`uwJl2uvzF<+<k|Izmkil8o|vSXBn%4lo!waowHw-;f)<H7r~84fA1MF-Ys4>
zeg_{x`I9W>t`_d<GB6rZgZK#|-ZQrSlAUbPSy%t?hwwvD($^mgd1w!*nezjx_*}n3
zs#zQL4hT>V&*zTLAE-FZ<M*1OSxH4Fc}vAeEqn;R>WQRfrC{+n#Xr{Q1#nL#%hNS5
zYgJln_x)Ly;#teWfoftoH}Dg*y6(zT4!DsdkL?vQ@Vcb)1HLN=Mdgms>}6pkZDmo$
zr|>u5owd5Amc~~19LlcOr&nR<P7H4&#rmRUY2$65Cw}9i(DZq1$mTJ+c^j$ioGuq{
zpH8gd<SCBRiiQugN5C&*M3}-A7*5(yyFMp*$qRw1RaZ&+e$H5)kNJPyP8|}J&3KpD
zCL<fA$9RIBxc3?`Y~Skum6Z2iwkV3e2C({smltR-oM8VRC`<B+_<H%z9QMzJ2SpPO
z_{WRFxFu5CWbWcG{#7yF098jI#yg#J^&rqCP{WJg<({v+>N5=fbqaWpo+1NB&17BD
zz$O#j^vgf+A5;Ip4L1M9cQ_5DKLJp%_L@fl>+1TDXkcdBrq+<?j03>FuyX^TZ3&JC
z7@t0%%lcNiC7?_QDJ1f0QWeRatJ70CziTl}?Wdcn<74+3Xpi6ex<vsze>%KHu|dz{
zW2K{bKF0kNy~5*D#(OrnMe+2x08n5$(~3pb_sV8SR7sthk>1Cu7SB}7C;V)SqCeT|
zt@Sxp?w!RdsqOdJXrIXW;~^RWD<^Yw*9JCu=Y}LR=oUSk+#G%AmfNUTAYtBn?B%Ag
zWDNY_Ro+F<e-GIC;8tuNirWwFZs2#~@PP{WgLn3?+el9^H;u4log&r$^ZcJ?(r$rw
z$q@-T`D*kZ{|f|I2ytW-$HoPFyW9ea$8XIFg(Xj#K)ifXn@KNVXNZ{ncznbf6Q*KP
zpZ-4wZ{L3Gw@Fu?XySmJenE^KGWggpgLBTbPnS;WBTM~`!5UjG@OO{$#Joc4n~%si
zfDfi^*XC<f($C)W#CvD@sH9AhZy2m&rf~V%5@8w)*6y>od{37DuHp7pAYvY$Nu(A?
zrR<?AP5gt`^5=hpN-Dd3qw}$!okMDqzv8=>H0e?mDFEm%_s>HOAW)qa(N054DkJMp
zPHWzoc!^1r*oDVe<$(~%DrNB&F`*onPZzromk$dU_!z7Kte;{s0plPH*xmdwn1C4j
z!?CLjmydIU?h7toITdBT@<hR&-VqRGMH-J!(d3^v8D#$}$v+hs8`BETDhxFyh<CNJ
z0uB{vZKh)KMS7*-K&xxNp%@?vAKL{$(XkN7UK*Eg#~0?ETJY0&5{M)p%4ltLq=ib_
zD*o^BSMH{c1Vl_AYDNizbyvmCY-5}~?bh<$JIy?xi4?vA?~GSsftG3|07@DTsAdo7
zSM|d{=wPs8)^USKYKSn90RP9Uxz9jW{{JK#1uS09>8er?jS26iisgfhp63J<MIBVq
z#J{qD{$~cLq>}m~eIm($wH{GKDKjiun#I$SE38s<OJ#4LsjgNLI=<5SkxM4~@a_%K
zpOhrIn&29|;PRoNPnpnRpZrn9){x3+y(=ZfM{TMQMd0Pp*YNRUQNc&rDIB&aS_(ok
zTF$Gg`{$g@=IgNlAJoZ}ljrNlK#2n@!M03Mx3OO~Zez>MR%q6RW-;t<cqAv95V9Ak
ztSeJ{8YL&7Jt?`SK?P@SVg{glgjkxXPqmU0UD|IxJ_d);?B|wq>|ddf3h{Avwyd95
zpi^F_JVb9Q8X91BnV1b_<AQ3jcb^bp_J6f%sk%&DS8&6X$>n@<ON^3UB;2V9vkn)l
zmorOl7Zg=u6n>Lrd+88R2DUy3Hx6zH-282QAW0t9(6P2{ebAT_Cp{m?2Q}a4!l!2O
zki~+!?$gnMwYAIsf)&+{d`Mx6;@O`Ma%USjK+j=X<VK90$kdU~gS~W-AXFw}q^_V3
z24uxJ_is}DQPV#!KsZ%g64HX@x@`iAEWJ@EpSh(I%DPm1D94C!XA9!eT)vSVa3ZbK
z<egbVc*GJ$mt4|P5EE!RQ<&kA8cYz&K`sVXpZz4n%UD@{D=Yei^NCn1)@0W0!f@6;
zhQXKQwr`Z^fsJoP(nHsV(3qneG^dM!moEbEjnXF}{ZzgPkvB=o0x@-?z|B8CG=zK+
ziC>G6?p)tU2g}cv8v2V_(JmY>cGcAsw7x4;c0oPAh*J7WkGlmY(EEbRnIAm^Cy33-
z-3Mj$zkXFZ1uLycqU=$9lXL}_A1f8kb=)Zx8P#T3v1wo(QjZq)V_ZmsG4YM!l{y=R
zG;1!WppQ?B>EHJ65eB8zog^Q<9MPN4t@ZnpW#^Sdby-zQ@<uys1m>HDxkqs$GR9au
zPw4pxQ`%r&O(5c_>`zw38RIWm?CNrD>W!a;)-`WfM9sGPnqE|Bzms0o2l-d9>JRs~
zk6uiwr$g0!`Mb2c@tT_SK=gyv>{C93E!7FsowYAc>-Dy;A3kYnvaceOMTMlUfV{ai
zQk3&*{$PMsLkEgj-zpQ`oxV*ub3{ESi+JtBj&=ds{**h$JAsm&;(YNQ^Z+R_)MM(k
zLO6}qu`!T-X%zBQsmzP_p>PpXr-Tfzg}URX7)ASqKI-{Mh%aSyt%RUdV8*L3IPh*P
z)m>OlPPc`LMmJ0;@Y$InepD5C{;TR1Ic0RW2eV!vhD&xgh+Z%7gG(9fo#Jt>(Aw=H
zTEcP>2=pAy%9yx3@UZJuQAFLmK%DWQMu0%CCvy0*++1KNmGfTaYlecWAGI8%mR$5!
zV0e$W4uOi|@liVHRPO71@K#6gU31Jpk+ojJvTDk&bZ>UFqak|13M$ZAzl9dLLc%i9
zzH_K<06b~ASgJ|3;tvJ=^>8%k21RUB3j8X6YfM&_s-g^CvFbr~^VPUf8mJ}#6mQ5v
z1gcN7ss7QEn(-Q6|ItN0`*8m5W*iYJwr_aIOi;L8*wPoL8>b>>kTuU;OHI8KF9_+4
zE2%()20miI=2eq2O7$==f65(x3R$-vu35ZC(Q^ecSN{AUj3|{CGp?>Xe$@}cZ;N$Y
zk9v!0PAoxQO38^23bh(Vj>t|98F&0?#r$VK{+>fA=P7MVsuldUk#-5*mta++yjb@!
z-Q`7mdE&97h&KQ7dUWHE=%po_tFj1GOFg&pORv@!CqBitnR{BFAhF2wGQ6nmP&nUe
zd_9MRzbNRePlb};*@hBi_EmH0%9T3vjD)r3Md=t4wdf{(!#%mZ=w?gPyk{TDf67%a
z$^2D6OQ^LV#^g%1Y1H+lpAb|0=|~{#3U}zyg+F3Tgl3(Trl1|MnVJ(_s=oyF2Kr(b
zJBP_>S)<F5`-0I!%&Dr)$iyH^rxTVxg_I&-%^oxcDZfN;Pjb>0O{_EDQQMatV<gBO
z6uyDS7eka^632!U$I@jv+;lm3Hlp(8RgqK+9MRsV=u@=>#9Xmu*;EV2c-~xocoA&M
z&XaHJX+%-8Ahp@jdU%?7c*^35|0twE$QmZpwvi<m)X(%iN|2$iS`~phxJh6)k03o9
zq$r>B;9mZ=drSu@C9zV70Fh8I4v|`~cbhFTc)d@k|A(^SpqW*Sokc8nRWyHp6Xz`P
zX3JZP7&7x%ZpWB6Q>>vj$*j;*bau7h^T?L-^QHY^#`e>y|MySLo>$eLm%qU?eH2V>
z#cYr1_gBqyOe>~>$6->Ot^qPxhKTrZNOb4+iTC%bD`dnr66}e0Sa4PT91;>pspSjn
zwM%u7t8S%{h2#kKsaY5-&ea=UzOj<TvL2%f&TaglePdBNTAKJhiGqTmbi|w>+Z74X
z4Jn0lt-9aamlS%hYIs%f_x<ONctewhf$}*IO%c;-L;Vv0EQ&?=tW4{@*0V1&8pnJ|
zUfZU>VOr|@*X0WK!rIoBRWNin2eeBad}Uj@uDSkFO%1t1ZU;o8)qX~KF1Z*A2Sj#z
zx&rqzM=$I%{o{4yLvCcEwsS1dlomQVYawo0-1l4~GZy~P6294*5AV^K>J7t8Lm;nR
zplh5v#5EUnN5WC_*xf7I)a!i^@R6WdXZ<`zy&9YdO{ikxgSUY_uqKc=3`X#_8By+)
zvC>bFN|#L<?8;<3F_lpFX&Tpg0(Zhis2ihq*r8QP3ap3dfcw6D!x0PZ#!eHu2Nl;g
zDjBXNi2MLa8G8;_DZ;BYrYQ&3!+NoZDS!3!YkTJ2)=pr~>_ot7U(!u!>JAr-pn~Ww
zn;!A-)&C=v3ZlR9N4mSgzM91@vFFdF8K3-|i}KliZB^K3d*xqXx$<M>MU7KUj(;P+
zzolzaJ=e|qbJL1N@$o*P!!Oe|C*MwRbws4~V@*8Ce~L4VMdobK9^|Si=hfHl9CmWh
z9d6ApF%f$4eIdLhAy`9VHuT;RkviPnj8EcLmdLTY+st@A>h--2QPoc-1@{fkoB>IX
z4H3RJ1&@vVh`(;e>+^7Qij;<fc--sytcQ=eQ8SXFUIa1L78j>Bx=}Mi72jZ+OK8mL
zWmf4dUne{vaSa3$XN);lysE=%8=jD>A9dR&`f??POXwLB@1P1kl*hue$TG!+6i66{
z%mo)8RnctD>qzk{FIDB4(M8a1R20A^3Z5;rt&)1EJszMEm&F>RJY?w7{AKPI&b0cL
z{g>OaBiDQBJ_aTT-=XU<^D4nvz)G}g&NMRhvNvs483mI6lor%`IT9pX0;yF-f-aC+
zu;>0&x%C|Xb7;k;y?8RaoK1AMwNRY%4e?-08~mdLvN+-ftRl&Bor*Rel}e12BwYC-
zcx6JVD@7e5V&1E`!*aKif~v??x968#bkfEH#v4J@`GYSxZ`LVLHCPNiwhEpS6aRKa
z1MZ^{|0YEPCJJ{p;Pvt@WAONfqC6F9AWpcou<t@sk+e@E?1RH56b!+)s8oKc<fr8z
zgc%i~6E`LW+wS%yb$-$Tf8;XXvy5H$K>0aTnJr5lPnp*ph3jnp(@HDlQ_ESS`es3q
zO?nS6$Xh~Q<3j2&X;qsnqOajdx9ISB|23gXHt=M4{d0y>-L77K%9R`q*eiTOXs@BE
z+$7_qDpT*k_b)%=c5C3W@Gd^5_^ya|^o6+ks&vl~dUo6v3UU_*4rs*xMB$P+T>#FF
zJfc+_SH73D49R}0;GdhC`G6F88xkln=<^g(J;k4_aicE9s~>|Sp}#-!^F`;42{WF?
zZ9V3YG#QUv@OQKsQ%@nCQMURoB7IEhw=CNb`Bd~><_(k03%Z9f0*EUsqI(KqgVuY}
zL3DI%GjQq)i_$PvQ@aF6=84L45vYJw=LL4Z<jYVbF>FGRu^l=%P2^i)1SIo7rCNl-
z@K1hv4@AIB<;8JNWXu$PS6~$6Gd>dajllk2hPzw2u?rP{<CzQ5)7$2|+uvgsZUKG!
zKH}O<>46=CKC2@{o-E5FUbO}hJD=Sfe#bV7#x7+YT35`2f9k&wmJ=*ZTM?2|s<O@b
zb5KS)usL<g_9m7sr@wP5&T-Skro?{vSUjZ7kpG>tPEhmW<Olc`Pj+tW7b6G#5|~C0
zWKo5=)rKm>Rh|e;VvJZHL>7EhIOQWe@uq943bI(8%gDB!=V&VkrkZ<U9W?c$ww6Qp
z_=t18?-&?}cJHqzlq=hs%3xLENIJAOSmYjKf44NL^C!BvN<bS<XyBG>T<j$k=#3^#
z7fAr(-xIn5+`hGASu?OFZbwKbBDi}69rSLG&eVenyip5*q2HkieXEAq+UvTRgQ0<v
zV1;|Ma^W)2ddw!$!-h9_Wn#GMw!67(Gdd#rPu>}-jRO-UmudIe;-Z9m8w@2bJ+g^y
zaz6HPN|-TACD`&FH?J%5a2&xK?hVe4Bhrl3VCC*MJS(|)&n0l&3rUUwcaI~2szjx_
z2JsL>h>$@d`OF2=k&v%Xq@Wk$SfH7F=Jj8ANIDh+Ssq|mygIJ)qY}h+6$7;FnFae^
zhFZRW2T~L>?ivWf)@<2VnOl$HJSWZ_=W^)(_;^M(XVTg+_$pQYaV_TV?&OWQ@9;S3
zWq6?TQm5IB#@*z%=Ry1DWOTUR=fJ?EahrVo!&xqTiL!vf^0luAE@Pjfvvcd1QmPd%
z_|LQoUA;)VMAzmqvS-5}dt;Eb6i|r8G?+1u#<ZIR(k)pE7V{2+-M+nH$E5Zzh1K%{
zob$7wB3;o|sKj1ruq;!Nu5CD)5ZnmNU+4}qe5N;@&qs7W$;5gk7%wf43RQCufnI{Z
zNC=224x^4DEmL%BO_ky$#S53cJqBmr_T5ZGx=I-Ga+5nWTP{V@xnHXoeGGJ(S#y{f
z=O=zH*6M`&H9mg$+_7r971-EeFH<_An0`}Mj9~d}kN12bhE~jmj$e=PLPHg$T*L&r
zeGBQPn*t-}a;=N88)aaf{=9`W<Z%^{-p{CNpxit_z#1mh1s~K!y10nYZ%)m@B?OYK
zh;7Z^!eIzxS<|uk#t=?>G9~EE@7$ZLhT~pQ;!Dw(J2E_@kN%D`T#C-9xN~C+Gvkqy
z#ebbarca&Zbx9h*^%lXriwGgnyr4f^IHxQ5NFltuAZ27UW@6?7RtW^^2RD#uKNP%)
zT%<o#rujM%>^w&eZbv~a-%ABMJ7>T!dk|-4-h)Co2@(Roz_h7cP-+J$Ol>l?I%muC
zRhChY`1U#W8=kw%O>Acd8odtYG>OzF%JXd$b-fxp4!0_q5f55=USba%CVLYg;VUAc
zhfG62>G9ak`!B#|CZP3~>8L`NJm5ELx8UyZM^K|Nqv_#$$k*?$)uce{ts_YO-p#Nq
zbug@YAL+1~XrkQ^wEjyPjmiVDe2)?|FQMGkq6M*4#{h}(8gvy+HsK?I)Jf?I=7_=k
z2ne91{ukahF|gxw6i}%?{znRs?LGoXBaWcPx)N4P!J=jVvslRDiNdJG(yHmwisbUW
z{G;OMj%qDn;nZh^&rg(}14Fc)Q?!D9Xm$3L=iALZ_ml_Cmp}h3H!+(j^Kd^f;oTP{
zy+nz*3zUDHlYhLG5AZBClpHJP;@x-R*}o^fd<nd>I4tKI-#!uXrIQDrfJG6>U;3RY
z!{!o7KfVHCzm$O$i88^pfx6$uKY;}>R91dca;KC}mYW=Ur5<wvL+VY6(z=-Xv;+#W
zMK*>If_s3ug!~X^j<4~v(KqhEoSg+?$eSV!iBmT?U#na&c}ej1Tu^rq2Vw*n6ZMB2
z*y*7(>|y{_$Swy)N$mIngGc>u<h1A>waioS#Kic@St{m3H${p#YIFOmAt{?@*9M}F
z;@~pTJ)wtY7f2pSnRw630aWjx98kHe*V8)`X%q4x1wL#OWNgk_kaj<M1Q{1~ju{w(
zl573r8AKZWSMcav%U+efUW{a*XIGqDje<4xgDXu}{~2VKc8~}SJctOEj3t^tKqx|*
zXWzmLVns-xNqIn^x#@<c<A-8RaK<Fwix4RO9o0LOSnmx*7hMYO6=7XFGI}KiT|pF0
zc&qXI{tg-Jf(cnnA5TklmD!3#24|BZro@eUAqoAcyKYzEg)F-@AAd5NIQ#nYF)C+4
zDWLMif$~^(jDY~#An^pvWse47@7GRZOBP{Rtq?^VBWvIUiJKDBt%LX;edjkO&{0RX
z^`p96)px1iPyANTyJ4=`MqX1@id8L<5LU*;trnHUgJCvABmYp?70>5x<0vC9W0v(D
zHYA;*xCiojgiSPzm}lwN{b8W)lR1cc4n4Jy64bj@e_k8i`JNsusD`V#!xon@pvxbR
zU`r|b0=m~OmHt*R3?trf?j<Ye?fUGs7_K|Xxq3MP2CB?ntlY6sAR52I^i+u)XT|V{
zc;(_GMul&n@fMbqqEE%v=gOj+`9qHW-N29LPShGdxLoG%--eE^qAHU?l975<8y1!d
z=KZ{DVHC*@R|3pe5&@|&rYc-b->k4G`yGN(;Y!$4p%14X8mm#&aw0rw_b}>%iJY%u
zJ>59N<R!sq5;Hr$dh+0~q(G!Zf(Z#5Zfd>Ok)#(!e@Bg45xO;h(r#G=qQ7q{a6k~L
ztBzA+9p&(fQ-_|^?FUSyno!eMi!2?D!K`Q7dQ;mB+C(5?3|!E!clq*)ZJAYyWyNgW
z=iQafPo31q<(+vxKQl^@&1Y-m(60gQ7f)Y;Qq}4NbdKjJ+YP!5^_KWXUh|1oX+gu~
z4J*&_N5j+zoR4+DC3I*j+=4p3)^$IGxy(8y;Xjqd$J6OpNM^qg5w(15E#w&%dFNX`
z@q@yT)p$wkL$esRv4NFnn8ERUi`S%u;eO0$ZtvR>g0#Aprf#0maw?k{E<VuOTnWK!
zDa4nOoAFdPeHIl5(O68ffiL*5fKBq}*B#69N>*=sZc(|8Pf>~Ho*&}4{=DI=Xy`k1
zj?o$AoJQPIt?N6SCT95nH)dPEv2)<Q=aY}pKiPvwPa~yN4Z2wUXdSkT$il0886$CK
z%+Ek5!1Q4a-ef-e#g31=V%S62&tFgP7vpw|QA@2|1;)F*DI+g?^p=LMk~hdx1e{Y-
z6v(ikdQidP#j?dY7xM&Z)td*p$FI4ch`9-lu}($$N|VfQ)#2?Kw5j7P-uzkH?^{l+
z%T8)DSQ}4Ve-kaP_>qD33P>gW6`MmP;O9H%28Nm<y@SR_O(c+x97l9z1*GjV5=h)w
z4N}Qx+!T}#Xc^qEp>P|0{HIyGf={aIi^8R#;Qn8tuiJGhV-n$<oz3c9_j9Pb%x*^R
zTH(J1jkwkq4v=&>2N8%*Ba_)#qak17l=8I^umf3Mn%-bSI9sHkH+y0*6DRD`O-x8j
zkx3^U4-VYOi?)SP>giqKgs<uG`D!zKmD%((76M|u-vXZZJk5zT_8lnBU!kCWfQ!L=
z1kswnt+}Zvn$F3v!)!zyi@L0l3sC7Q{rXfk;*9z*LU}XiOVgoI2;mBQ!BvBpCf6;Y
zD1t%MgaU8kq8bVj)hhe?WA<giL*om@R=M3%%XKrjuGFK-{Kz39<5(??d#fDul7qDS
z)DRKFgPPr)nms1uRVb2UBh9jFG%VZx1)CGjX%0f+NtrtA!Ui!UQMJuZX5K3rCN2<C
ztPjEcuz=k!f_-R`hG`~(r@z7<a>@?guHy?)`GDF)Op~&D7I|M=*Vd}tN(Pc%qY{Xd
z*9q7Up!59{qjlk)%w-Gi->ni<PQ{S1S$}=K!9FfyG$7&Og*iw3(#0cZLNz5Xp!ewF
zN8@<h&Rq(*i=bYz?|eYP-+H=Ze`Vh$xCE!jpN@60s_<YL2@1QvEnU0(7ZLXj=UEZ&
zvPj)xgO_bEEJL}!c;r>hDHL{DIc_@nc{A6P>ZAGZ(5mn4(MtR*ce0v!$?t45G5u*%
z(@ltxq^7^MW_TxPCqS!W!#;PS*OQH5)pw9^i+2)VoG|&Xx&}uZuN7*BBl^j?J|s<f
zL+!3N_9ULTPUyBKTDXzWpj2z2Jzsl#_BIxj5F+2H@h#AW65%JQ`>Xh`$>qfzvkgxQ
zk>6eY)&J^e*&2Ny-0y!W5=(@;xjriGDkhM2vY%h|W9_%3!{=Y2Zx4wdddNYpt;m<5
z2>YJ2<5~ohyr4k}*~QBu!<`}NG+!$5mk4{lzuguG_-LoHelNZIxF6{seZR>L4!2qu
z7?a2GN!j>fh$I$R0i4E5ZkeZWf=fmTu_c!zI(WhcH`$Uupc6-@@`T>LO^RNT%-}G+
zw+FXdc7G;AwV7Z)wtufRKZ9QIwiL^bn#a!PELpzLzJl`NfJqp5>~}RU-a+_#kZ`NA
zUJ}&EiG%m$D9&jYIR~#3u-zeN;q`ryY6H@B(u=N(y>o0g)+a4InEcix`+NG}rPAD=
zyOR<-mq$3Fa`o(JAT~&^#dPEY>E)PN5}&1--sp@&yF;lb!?`8&te*_5h^d8=Iy{-Y
zTZ%5imMF#sYJbi|g1X{obckF%tvb08E0qZ4$jtcNG($S_EJR6!i&3O+M~uLNV+5L!
zknc_Ns|1<4vcYfZeUzzSUpr}(&c-u*AjqS5nz8YAlqZ-8F4?g8CB&J^UCf#t0kF#V
zn(u;LH%mw{?Z#ElChrj*Dy0TM_^+v@lBT{<LErddK{K{NVs5Q4Q70lzn{7~p=T$Tk
zb0JjV{O@)ExVvl{^xzr}b2`SxK2An(-p++^w!MZn@t~Lv8AEnf82<e)oRg1$EosuV
z(~2~MF%A}btcLWOAkC-_f~kY>PP+pjwx!!3|4wMvS0sq7<0v@eG67acg{ygyP7dqs
zME5?x0rSW2fR^huyGYQHX4uEU5dlVB2l1%o`q>E1E4bh?P8`h(c`T4ItLaEG#MToI
zGP<vaCFc=px-p}yXKzCUIEgeb)UaCCAQIlXP&HLf=p!1KLia_v(kPP9H4>PFi+V%Z
zP6eMrz8>sdQ4L?_Pr;gbdEo|@*gFvUH4>}dmcPJ)QIg;2K}C3dA<f=e-i|(*_FK8$
z!$QSAkQ^F_pNvoCi{Cf{q5no$^C$=2=r@45&Au2kp(`NGep7TSremuzljVs&h>OcC
zfwdxm*rMJw;jw%58}b0`r5}W7pPuBZUvUjEvBoIf73b@o?j0bh8dekd@A-l?Dv3bG
zjqed+zSYy@EaVNVW^BBy1Fsr#nJ)Q)-;=e-`=LghEumr^+swN$pys%UL7R$6yE>(y
z=g8oVN?X`ZGDM?#seEqH>AiXaQHltqtbiQKtt3nc<yrwsv)?CJE*T;;-<cn(ojUHO
zZGP_p;!phz;wD3S0M6*l8ja9REnRbbd%w4L21J6kcW{>~Z2#51Tx!YHZ_mxcv8BG`
zCo3B^jsdFsi+_K+G9YUtD^uhiLxaUsAgu|y2o+%URp#}kSV%Wq2VuEgtE(**qMV-A
z0^X`)^xR|dnb?1<Ei{fJnNdoNJg|J(_p}}H3yeD`D&@AhE)PZ#uyu@3gJ=tEWSuH}
zBS05L_$yqv*Tf2(7301RZSlZ<PG(~q?MgRuDkr~6dFKGtCvG32Xc@xX235-|)X!U=
zkMC*<>@vo`0To}yqrH!xEdCm#!)$WEc;5|z%Y`TD><curilpGK6bBJ>1xyyskgCnf
zhM(6ueoVZ+*D6e*c$LK$3eq&FzI`wyg|0>(F9y+9?&m8Zl#6PqENU~@*rgP=tBNGL
z?Zyxw4(qym6z*;|VzWafIh45e>eTDg|I!~(4I}z16?Z;NeK~Ra0W!RdJT4g<J5INL
z4UCw-3-kpejE~6XON`*`@27zrUFD+?&Smxj``&@SZ=I;`o-$t6=-jU>kPo~BmT%Ms
zLr>C?Lf#Q-Mjrin+OtP61qJjf5H1{b_~>^{rX#tJ4nq`O7bD5hw#ZDhZ*JIOn~g7a
z8|9!)BIxV291wZaLJPvKBSXaH7C9(?L$xq3`g%AA<jM(0lQC|J`9xx*<Ee7*R=ry8
zW1weTzBjCx9YnR9e?))fbElp<U*;5RK5dkn;dAw+<9T)BagD6yd3<%^$Y?Bgwq>MQ
zlA8;D>|`{yveuT<8k929e35N5Cf?4U?v_8d<$B!slsnRFm7VTZ_8d3Td@azNbHBXi
zE9@neJknh4bnAL7rN#*ltlA!FcCvF7zD9aJ;Do<B0T4#pa{O9cgs;VSwwE7cN1F2m
z{u`%#8i>;gcRhaU-(F_<S83Rkb8ocidR+CbHRqo80;tIwX}%{*cdO>*f_KaSI9Wdb
z#nAwGobYkM)&FtcZ_g23ZOgfbjBhU!`EbJ3uYrt?+jGbU$jH1{`#P=JXdQ(m#2fe<
z$%!(R+~vKKcH4;UmR<dQD}6>>g2p)pB>OTO$;<p4h1H$*(l(vU4gE&W*uHz>=4J_P
zrfoiP0KQd;vSkuuP20ri#~cH1U7dvcakE@<T9u33G;&-<xM{tdggaIhi!S7Wqcbv>
z9gYE~UI4VSklP>6j%iZrT)2^Z4bN)T^#O2jfqMhE834G2Wxm_UnW&38Ztl;sevSd2
z@9}OU-&GGcmt8Ay?|b`=cj+fH@tl@jbM~6Ig?Rs@St!186iyR{<rv0Yh&7VOM>rjE
z4D96@#!a^?xjS2raSSx0-lc6iqF#9<oTs;KH+f0d0g;nVTY>DZS6%(3rIQWg?C_oi
z*IdOUf3|IV`xXI&o(cb_TDd4-<Sa}UpobX=B=IlP)dXUnk+aEvHsMHs<4v#Ih)W~=
zKV^Wp_ke82C(YYUoj~F#|E!Lv|I@HP$q#TuyiVKvtpv2INd9FQrw6<~k-S=+$4U5I
zZn2|qoR_2U6V0C2vMaf=fTM8#N52v7v}MD%?;$B23_m-zy)A12*g?ySw9UjJ0G7^U
zZc+9=Z8JPM)-aArUBF2=P-vlT`^IdAf2DcbI|%T0DTSwPssg>53B(M>2M9r<eEy4y
za5rm@Zw9E&8Dki?c9#oudZY7*OA9>BLUwMMW1yN|AZX-FFmiOwHKzM`)m5xL6c9G(
zgkzu_;~PLmX37Z|0dh-C+fA$sZX?{osQ|eQOCVM}10aL^EjOSdE+GFFA|F=Mu23U6
zyoJU69HroBH$7xiL~CA;to51<p6|i|wO3rF7BiA<e!j^f0l6^IuTf_;OEtZE5&`iT
zt`<);X0Q6JkBPgIFpF4xmt%R7czgpMXlLz8TJsq@juXOaXEnXAfP6e}8Zc7oep8M5
z_8|*a1YG2fvjp`{H?a|%{^`hNPALT=&c#5eqqnU7d^RD{1m0wbTM=#>>gJ#_mgc9^
z7a*z`F#>w=HH6OfFPjO`s}m3K&w-QPmWH>DPio-!4i@Sg$n3Xt3Ab}YNZ>pxHS=_#
zeZqp~(`6d$<r*$_%ASCLviF7q<h&8pT2FFEnL68Y?ZFGNx08<g#w(<e1@Az<gKd4;
z3#q=9eDK3wA;$vedhikC<D6+l`umm06V!5l4d{I%4|wd*rZcoANZ7A!E%mP&$}V;?
zQbMx~)HEE11+1(1caf%mi4e;Qg0V_tN=<n69`b92#`FpcJb@#{<qQp44Tk7LYvGHh
zc?&eAnV3#<SYT0m@8?CDbt1BN@LY(<QT@j6xy92v&tj;y(h!(zbwLy<r}=eHt8W>s
z!qe9K<srWFvpVL<XfEWP*Sdqp`ly_@RYDS4XV~?nI@o0Kbny^3p-!depj8EWVobWa
zYYf@<S~%Ugs@?b|<^5SP+(w{n$qO~3QKiQ(Fdar9(DvAhc=%(3;e;@uX(>!^YN?Q_
z+fJqOn?T#}3WU|u&KrJ2=zQ#md9uF(sapKDA>LrvC5^H=ge6vy0%;C;s|)S%b8Cdn
zIe43#5T2G`a#_X0D#b}xmHZI@uF-*%OLm1$$7H<~zHtjQ-HAgump=bo`JvE7;m6lR
zboJt`&8K_Icv$@Pd{6csEIWF=iiUw};Z*wyO>wbe!()Msx=pW#tVXXZ|H{^T?u6i#
zTQz7m<n*1}x`UiIQZK8_+t&;U1J`J8>-C^kh)K}S{PM+Bt_}MYwsp)9gu?fkpovI`
z4|NF-LV-WR`Fl05-*?d%^$51{Z<L_l9*1q&uNIVh|6+)TI$fdN4ChI&N`Ra1|Ki^r
z;Z0cO=XGZUK;)0`Km<gW&WR6wayqrr8o+WZ(pLS`O1_5<L;7d#A+Lo*8IKzpw#eri
z3K=wrM1G29iQlj0h?9Ue$WBrkS(H>NuDv_G1SS*FhNqr{L(;A`0w9h{Oa-+o7$6=^
zPFr9;Tj|qzKy2*TQz|@X759RNUzl@=%d|I8Ezaj2>DNN_(Ai-ic;wp7)xXB1>*ph+
zV5FUNo-R|U*$tTJ{`j@lu}VCwDyW~tUCZlo9r|?})|#>jEBt^bG5SX1ck=SsO|e0T
z?BG%Of!d{}PnJIEqpi)@($>&#a?er=*n=6Fm1NFx$yHCIts~#A#iYsOS!d+&bN24j
zvu=?e(}1|0aom0Thq(J=d7%8;YPl|#@ejEK$=SIs=P%L^JSNR<HRZ1YJL7-X23<O*
zez~k2cx^Ss+a+xVE;^061SuzzUu*ox*$mVLc2Eq*T%OIR$*-9n!rhjirvaqQ%*`h>
zx`9VAUZ7~i-TR0P1W+*zJlX-_=EQ`LxuUZ+^Mr+uB^@{i+Q$L-l|dKDv47j-&5l;4
zfq?6^%+0{8#Ld9w%>OYEx-Lt;-)egPzg~Xm!pAR30Vn~t<^1<MO`S`>T%Li|BA#CJ
z{s;0OT<3E3=93w~0X2{Odd<gm`TBgT>0}#7zy+Y|XPCPA#Ny`nBszZeU;{8~2fS9q
zg^!)C{&@|#tW}hdU-KH~Za(<~+!=WRS^x_T-UfJ36tC;D#m`Zfcm~0NcK>OR(U`Hr
zxYsMUWhWp)(C~a-=ln01pzlDlJ^+;H!2g^#m;72VTliSi+jW_W&vm()$8C9>*KHXO
zpoc9u@JIv@-~y!SJOz@Jj^C@P6E`v4Y08HWxkz%+4m^?reyo6$|K#hm^N72D2LQLX
zEnOgu0-a^C(_~@?Z(7^lYU*rk1|mL4j<|G=ByR@(JOPM&N#1-a0JK^Cr=m5`ll*SW
zT--o$cUzvz6h3bCb6xhj2C_Z|vIhDhr~+_)2SoD&<T$wmK<9vQ@K4b(05TUyO9W5_
z0(4YS=BC7C^8XescvH|kFarLZ0KEHtxk!!!4f22nV!&|F{wJaCPSf)+(ADjsfZExk
zE|QDD!DEovz+?R&`L!1y(fg?U53b8=E7EcIpMWI41H}U<dJhV&%UovwncqM<5P)4e
zz-}7QL*t<{eKRl$P*K|{?!G!uCGP&-02mG-xxfH20ug2iA1javA6I9BvHhgau{M;5
z<NM#0gpd2(dxFe|5YiG2Nw!uyOA)q4@X~crpN{>Z&_gg7$(5`{5o^CM=!N$V6$EWt
zz+DS%_EM6$U``4=yFmidC_(52&Kr2FO$B(NC{rM`?X>G59?*)PW>^0wz(4JpB~z&5
z<tmZ$dH^`om8w*IHZ_o%`UC-tl#U?$W`C{YC1TrIFo@Y#fP%WZdNr^vNGQMNFWLhg
zX2H#<J4~1gt?5z*+;=bye)pi+g-(SA!!?n71XqJ<rY>g}GxbOf?I^1F8fF)VzVZ9%
zYHFLiclI8yep@(pXkS^%HFZxnzJE7mG>7Y?x9;*1^)VMO$w2;g5BnY}0=>UZWD4}~
zZ}?<c+(}NdAm!+LtC7G13Xz(pO1@ln(Fbu0YA|6Zi=Q;vgABH3@6VOyg9P+l$VCP1
zpnq-;+hqTsm<p;f(Z_~pjprcS(2LJH;MxiPlwMYwMlHWOi@?uiaCIbvniEW<P)3UD
zU-!O#;9dYJ<)QJ1Z82Ja6uFnc#XMa>h|+Q)HbeU^v=YZ*=%%T%2k|@xFla3p!_cby
zCta~Bz3My{YH})duqE%y;~ZJsD>@<jJhDh?9GrSHHLFxTB)+lGr2KV0FtcK)tiEAH
z&F_>-Ea>ZVT<}L4^G5r8x2UzGEza)35**kcRf`=E10!K<^SAUo*N~%`7$-?ivcex4
zDQ+hTiXf4lgT3Z9j`w+mUguaZmaaxS?wiQ%4R+Mg73MM%UKh)Td~}ZL6vHW4mhnT@
z#GwsvRrUUXt2tlF11*`RowT1U$xR7nl~hvIY5(3}SIe!t<?w@+1*(Spb8NmmJLSe6
zc3jEQ?CWhA3I6-*?`dblu=grcnE*;bdj15yaFi^6)ap<kXTV?L%ju5D-n9HcMh*hI
zc=WwYQCaa0L|i;SrYU?FUfYaz%5HTAs&f%9mRfAGa}l#F(?O&yw{V{hlmEN2fkbPx
zg)i^A*(}Sr<GcP309`<$zx^TE0F3lLJ;5O<z!_d)0yvZD0iER|G^KYUioHvivqKQc
zX@GM=;FW)XKdK4esmOC~m1jhMavq}co|iA#?+Wt(M>iR^KHubaVq$V)QX<ac0?+U?
zH80Hah}uQj0B~_MWw=WX?9Y-N%<XZBWJfZ<K$F~x*n|8)Q*ge6QBJXDh{+@+XhV}d
zQypd^_lV4JWq~yjE_Fz9JKD7ou7v54j`R{9QC;S-B-sF$J0=65-k>q|ABFvEb4I5q
z7yzTwNZS;DB28(Na&A@{5m^9Zv=qkyj756~Fs>Z{jCTzfz=Rs9(+v*cv|vp16B=h$
zT;T^Ahr_(mM<UrYNm|ZifXRMh_PHv{qlHtFJt}c^1|S0gu1WS-yT&Rw$&Ur3!PKS%
z*A$#aOff|vy_Psc0+>!*wLndsK_bnbhkY}NSFErOh)Yv!j5Lk$T7T*q3ZJr$%q2Qk
zM2}S@j<c7Xcw|CCqybBeTu_rD*UV&-Zz;B&Pqpp5h^F6Z_L`RNHK~5D4G(zrEW>L|
zGrj!DinMvz(Ns4la#_fASA#annaGRO*8Iq&sv!DORp>R7HxO+pt?27kFq#Q3YEc}D
zqxcggQI@W@UN5O#6z8fv)}7+7%0Y4N;QDDDP5-Ub@D4k<zF%3S_tx3F+K0T8@JylH
zcGW7}#V_1~BT*T}k?EqG$f^kA)786ndB9YgtCa>*Q`NMto0nG}7~LcJ=y}>B!GVS}
z=xHvr8hEW|Md}p^PTBw7-W9r!cbV<$nMXD{4$#b?qIwX9>wkjn4ko%TtMnr5rTN52
zWB#AAJhsV+Lz5F9X>t-GO-^E@$w@LzPO@!sQf!lx8qMSg+vKEqO-{Pk<oLZNC*U<X
z8D5i<8EJB|qM4lRNRyM}nw(r^a@s_ioV-YrlkfE$3nIO(!ss@}if*Zb(Hy#>X!fYM
z8JkuTEf{Ibnm0QD?afF>g&5vYsI&z$&?$=LD`SynD2km6MGa)j4Lzt}ItU1xrmxa4
zeO+ABR~5zDc8xTL)n0R0qs&z|BfRcz2O~Y2Mp->oq+A>6u=a9|bnj+@?>;Ji>uZNK
z{p{%QI28sTZ-%TVxRF)=D3SJwEv`f-xz_t+H&#8xTvY0sSf5k>Yf%387?kJ+qjj!L
zRKLct4Z#-lxG0Jq7f0%GNfbS9>(!}twj0sjYh*gOs@l=e;L@m8pp&inWrjKEY+8X(
zq-vMDa$n)<W4NgnS4K0CUAzXeN*RW(hGD3V@M&t$PIimp19gw0vOUz`0D3lKA8MmT
z_r1IxMsHh(0s6G)@br!1QuQ+pz;R9Xn@AHIWLv8Ko;dYH*QA{EZ`uskSTJQQxNR(A
zl{txvG#Bxa<{}}|TqK(2BFQ!v$+o#jiDoWRZF3=_sq`^yNTk9aBQR=WMO^!kt?WZi
zq<zSZv=42(4o6<3!;v4&BDBtWG~=8^H6D7G)2lbdUY##N9ck<JCEB%MgW5;2K^-C$
zy<-#`RBD=rPKJ3YbFEHi+c1S(^H3heX{cyMMZ<<Es*Gy2y0{8jrCf!sQEWlAvMn`+
zZRr+u6TG{tYds=ej-C<Ls8+cVy}Y)#cZ;4vA5-7^Ht`Ai{nsb>zvB~l*ZIO0mj^4#
z@(_#?aTl3OMzO6uC9X!bH59E~Rnw@teUw)(@-2p;NgbnVQfbr$s#6qgk`6*%GC*hB
zWe7RCl4yh!$}4beM7V_=iOQ;oNWP2v@~O(T9bKa>+11`9yC$;De^<%>zgEd+R3k6C
zYUn-U{3xnX5Jj>Jqo|8zs!PyTm!f9&a*7QdC^03|qg1Z0wQnj(9lWvz10SM5A>ae>
zk)KkMfe=E}<%neRpi%WuK4xq~`6VMqHw+s;dQg4&kg<~+MvNKVxl1S<4po(p96h9d
z;?QB`sunAMa|gSH>NtKx`OslkG>jQjKVeuy=Ws>&_%UM|$|p`3UtT|QaQUS}hLjH)
zG=9j4>Z;D;hYcMusG)QH$k7ugm4_>A$RHcrXa<jLnBc9MFxgx2+sA7+h5C_$kwgw8
zxCD!#AxOM2gD)F4q#-l{VgM$N9yw&p&|yv$1!$N!w%$`wKXO8YSspd4VZ@lBX3gNq
z4Z|jw6%!hU4jnc;Gy;484U@+Xn-CfS%>Bt_i;-hOBOn&x54L||?dS&ed+g+~W5(-Y
zHjErKO!XT(8G#HPHhhA5GHT4wiN<hanhY-nVCb+3L&lpG^<zd~I&yTw_+ewmtMQs+
zM|!AVV<!(8Gk(}5!^aPj*yFHfLc^d2=kef)!-o$WuV8v<5QVfFuUQ^EW=y?V_L4p(
zg7i3(kwZMJ7(Q|I5YO1_2TkxWV(jE0gT_vnSU*f77(Zypu)%|dT&{{^Cl4Dxe$04H
zN+}^DAl{s&Y&2@vDD_iP!UR8Zl*=Q}*kS+%4W5ALbZJ7v_>rS8Rh%6&__C3s#@4F`
zR}LCKdgSO!C)mj9M-Cr0WbzPu#6yN%F-W(p9XxSleM9GwqkGHKDQp77#~gT09aW(l
z(g~w});)lK({u1|d4N$GPdM?#FvjUG<A{$iN@u1JmWg!%I(r;pj3yG6&WRNY;bTq@
zr4W{cmAQUq`5E<d!Yob)O8A8P*?3O(CDdZ6tAVXkfYA&a@Dsx$0q1i1at<*8PH+HT
z#OeKWiG-L=XMEI1qQUmt^Z0VCn#Y_}g=@xG%fO}P@Kq}Dv!slODU2cNC!ycoLkRmb
zrzw^~`pCz}K)Pm(Lb_Hcq;HLGiu94RmXW?QpAdEl@2ya7Iu^>mYLp*ol#8RFeB~G@
zmm$ilIlUtWC+hdJt9dGm4Kr>r#)B+@lMti4gmI4Gf_|3F{Vc7JB?nnrXGVEB%T~w_
zZfn#Wjpf8r$nRK82+NnFrAM|ks?pwwmAR_&Q@ipmtSnNMhwaL{u`)+heqvY7$I1eQ
zbFYn)6NT^|e3;5pd@(E?f#Wz*5Kf5sgNzg*)fz&qJtr*QvRHeI#ap#(3a9HDLu&d{
zT0i|lbNYXIR}aNUSb)=gj}feor4PQ_SgWbA=P{QW55KFYvllB1Rpmo=<vyeGLA!GQ
zV=grwuqzKd=2GL%cO$6r4}6%y1@i|bK^DB*D8+)%gZLyWEhcgLnoWyI$Dl<bCoGfK
zO5|I%M<8Fah!8~_Mz?L(!+m0rJ%<3@yxpZ(3YU*0#opfDXt8u#exJl1XaX3glbVe7
z&z#<xW-;dX#jt$3V;w?7^&p%se31|q&k2hQv3MS2g5!+4up~|_HiV;PT&XSNoD9NP
zfDPdS=aSFqx+RSWl%-%>!s)j@Y>*XT0Xe&5y7qNqvA9A6EGM{TiJV|Er)%COB*c;$
z7@@*K!gch;&}ZahPG5bSkm0<Koc_9{IM_@*M3fr(^qVBa2u-joUkr=qbmP*-kP@e-
z@JT;TH(ykTR-hkG^Tn_f`qft1fYZ585{vcAw;1Kck`za`YEqcPmxJeY9x@*p$twJ(
z`eIlv-RHCpa2mv)INE<bAvxlw*S;kciD8Z9)W|AMr#(rKA_tBqdTB|{w$~MA(L_sr
z7=WGsT1zCdJyDTe`y?U3LJ9m|TOHuj5jd?N7R2}@>UjLY>37;1V2R$eSUu<1ARw#0
zl7<0)X6i14#Yq_WC#1Vlj(rLK^5Y-*D-zYWCaRm8qWZG6sBS(cs&7nGw=_ldMQc&r
za!gcTo2X_rMfG`WQO!Cgs;^8`w>Cv}w6&;iJtnFzO;od+qWWiRQO&kdp)%nQEwv7M
zsY*Wi<RO$%*}7cS6sl5Cmy|Alxveq8^+JFXQ5MV51%##{l`~%<BSGf#^h7;s@&{Gq
z)2pRcOB+Dg2#E2;gxFC0N11JH0txk77VFFDQ_{M#zS@L5{<bzDJC+cO^)*b$qi;8F
zLUt~UG$D7r9Zjn@FVQAs<=fhXY+j;G2-avVe|d>CA@ly(*wlv5cni%)2+hc!5y0Vj
zMA?x$qGH^##IYmKxfotq65WnG`K}=_Z#~vTU><+Bl>+nDW5<%sCrngtH%0YWYf-&@
zOjJuuRNI=OTGU!p+m4B9v5D%Prl=OS7S%h)MD@6d>fNTO9&IhEcaMqcF%#AHrl|hj
zT2$K~i?kz3YNOeaPnWdDjy(3RYe#S*%8od?Ank~P6lq6P&tuz>9ZQaFM|yGkoU$Xm
zv>n;IP1}*bFD4f2W!RCO+nTo{k3OpGNO=>@{A9bqg1Z+rVZn#nTgigE7afb+hfGxS
zo1*%lwW#JF6V=Bis(YHEdcU=(?pYKmSZ{4>POzR>><E?|lSiID-riVi%M*@Y$<tfg
zOnFiO$}LBfRHrDi^Y_Iq%1#H1_2zUA#X#QAdUL^&`?B77C@L5=VpPF;^Awg`!m@ct
zy2%eaVP!fewQ8JiFD5F4nDb7f^xWexD&RpDpf5}{oazvZr5D?==r+|Uozo@KOQ7$d
zpvD$Tr0JZne8mU)fQix8G#lfr-+*zugYhxtm!#7744kQ)uw0GvZ&7gWuyNk>8*uJ)
za6YPVX3<>+&MZz?k;eJgC^&c9IIsT=IQKX>A67V1=w1V73MVW_<D4G_=RO<fjNgEB
zzk~Auh0{+D7&y_|6lk1xM#1?H8|SoR;8e|DTC9RlJ1|?j%~hJ!`dP?)6wS)|qyfD4
zMS`IvO^~IDa%8oP(1{`ZW#KQ&{Uv{fEQ=SNu119VRAT?c0Vi|9l4`M55qLdDuI7CH
zI@PN`jMFtQ>e=7jn$~OW)_1k0^*Ri@6J@L&#8}(Wf5vIHRV1s>sS8QNF*#(n<pGvd
zU^EU&l)tV!CVR{g{<1D|gwdL>vzz~X?B+>yJx+)OLz?w3uG8ypl7ypcSFdZdTsHUO
z^oz%c+(co$l#%P@HFCYYMsCkLO^w`N9@nGX{BG;j;;)a}YVqMa(#YNWcyuGT^PQ$j
zai5KG!*9U&HwWWEiID~9{RYkeC#+E8+#Utz0vqSr-+=Q02j_kp=Y!4Q+!h7rLpILU
zzX9jN4$eLAXe0N?<I#=W)+jjtZsUC6H{g8K!MXDtZR8d{9^J^j9tGzj8|R95TVv#I
zc-(8`et5?<a@RlZF>>lrGe)ilr;jfpayOav;DROgWj(yo--D;H#1fXNrT@Y0O{M>x
zMSASFzSnwsy}QV!*W=31N~YTvx%5I)nXTz{|MsTzde6pr^KZbp!@;?5yOxWci=xZL
zy-{%PvT@$<UTb)?Vv(0eFB{(5bBjDYdfD~Se1x6D>Aj1zNjirMM)@DuIXsoc6|-~l
zEyj!OEnbVY;T9{9oGOx|akqb2J`XVq7aUF}TWX6hq6G<C7E8#t7|F0K_9sr4YNUVC
zNdKge{wV@!KDQ*~C`gNVh_#LWsD!H>;UrG4!0{xJ=2}GQT);yt82yoV7UyyLpq|Bf
zdKTxYS)BJDnMENFv7#1d(VmA`>AyJ(w3b;R#{BqS4i+2802W7+EavZkoh&pcA=x`l
zF2O}oPMwN)Uc!?7EX~hyIjIY=G+re4!=<$SWmTgUO=bz*xPg#bEv~CxXbf?^3a{Uw
z#I+Xv7<yKSWpZLEpGLV2B{&{L-|P2{Clomz7SGFV?CUmYz5D3}rFZfE$mX>XEq`vd
zWk~w=H^~XnTC2{OY;AOOKEg8Sq4mVVv0E&=mZj2x7R%tY$YROGEIxxJqjqH~$0@$S
zGlDpz6oTLggE%mfIsJI@-;l*DDZp4(0Ba@^^-g2Y>c+Y#?=-akRU|{bIQrx&f`ZsV
zZlJxfUPgiRr>o=}Q8RQ;rO&OBQzD$MQGTKGdPLwe$w@y;rYS`7C>v!fnODj8Fv+|K
zO-wBkif&jdw+0L7s@23|$=dUKX|3^kM7|74=5+OHLTmskP<?E*9Aa~CY6RWBil`Vh
znNUCJMbniner0WQ%tR?suKG8tm3v2TS*tb@309FPRj4&|K#2NfzYOWNUoPc(q#RXQ
zh{e-CqD!xT`C>SIZmpJ&G)~v9CeB-UoRX^DzLpR^iCJ{|RE!zaj30Q(4b3gOXAL1N
zt%6wvEUn0+yYal%!s+1eR9SbvdPv%ZELK3T3b8gJCh~1>Jf33=LO8BZ0)r5OL5Tbn
z&)cyiI^&uK#&Xe0O(HA}qn0E((fS+9=^*i{_iI7FpCuBh!HEM{Dlby(q6HR9rGqUd
z>R779O1Z^Sm2}7RUZ};{X#et9af$w$%!4d3S;4{Z=smD33wc8qPp!?Q@)cq}J-jx`
z))GtPf(44Ci+<NiVzEJeSsFi^6Xurz7rKXji>2`(%j3jHSuUrqND=n?Wk@d6FCSs$
zbUErn2Jb4(dMDJ-a+aKlnl}kS6r~}!a*IwTtdyo%SVylS4z4UJEH;AoVHx}k#AdN9
zNxqD71gLO7zrHaP1$Q;wfVhi!6=O67X}Ca&DWA^iUXZIrDh4JNGS8xChFHF3u_Riq
zD_IV`q?Tpi5RtfyriNHH9gkB88bjfdsL6ySXE26KPZFo`)3I*J)X;AvbTX&;mV|Nz
zf=P6SS3(DdSP&m&;#e;Vv9z`<gSTOwII&5Ja#C7?1bHX6ma!Z(>qx4&6By%RUkuCU
z^p@uvNr?G*8mfFg9j(WdP1DG5WoW<Ms9!kT^t>_*-d5WB-?)hoy@vGi`~5!3^5|jR
zp;Y;1N%T$xMOhxlM<M;leu7F-f&8QEq*3<!S+VMfG2#Z<GncN_&vZYmXUV)@K#nI_
zyYR`pEi0E}IYSa5BgjM{S|KU@@w|_ZvJ85s0>$#^8G1f(v;rp+W*M|WV)4sWA9YaT
zi|6#H8b}7c<M;IbT=mYPZ_3^o+O&l2fBh`1#pnuroROg_<WwKsAT4!;o?)2vLGiXw
zMoL%(C#*VTu_PW~sT}{k08Laa3(zc!ks{>$eN*dLJbfLApA~AyphOd-h~?6QiG=z5
zQkP?cEKsQb`gl1;8Fe`P`x?}eyJnU7qP<Rri|cXOB<+zloPPFvV;zeRunamz6X}nd
zYfR8iWPn=E-y?+MO3&&2Z>m+u!s*aYCJ>fnu|Uvb-3nRP5dKndm%PwuwFDQTz7B+S
zRa8tt636?oh&q{J*Q0G=8O|d){<#~7^d0DD33cdBpu~T-%$E2cuWCtI<LK<y<ibWc
z{bZSU=~mD5u?9c=wk43-bEwe5J?AysA2<{NR6dg{JIke)NPzJHmP^l5dZVPN+}`)G
zBOt%e$8zcVCzJ-sH-2A(>XGhf+NP~&p4B-Ifu1CyDQ9_UOmIKTFJu|q!k=jRq!aTR
zSZWcm<nYnkOcYWO6U!LmZM7pow?b{p4LRYoGm)%J$Hx^cAPqYwQluF&Q6R$!T`zIw
zqq~6uEO;AvX5@36T7+BWr}JJT$}}X=VM;G09p<+{2gd1_NQYGXiR-1sm?aHJAdMw)
zKg%f8YUXFz^z@L0%X&}A=8lr5@pALfPp2(!odhM(>l_LCvI(=VbD2Hze~{TMJ`|nT
z$m)>AYB>F*UY_Eq;b|;8$Z85h_>aYL5p40qkSNz@dz6+VfptuVzLKgK8<Ho9@OO@U
zl+FuSd<M6M%NmTsSzk^+Nv>rqE0d<Eb#$$wu#e!gM_-j1lR|ecZwy&Y-j4O93peSg
zVaH18BFE8}HW9t;8&Fi*xV+IrrewPERYEuo4!7OON0v7dL?}4j^{SLD4EfUhi0^wq
zPwvL4Av9!XOTquU^mpjK#yVVr^Znf7mK1{p=;r2fx~DND12_6G&OV>hml|uibXR+!
zmvJp2+~Om+948%5{LG@?F~Vpd;Lo(j^!Fu=gnsWMSpjvj?RD4teNZ2j+V{46Gl)JY
zM<Z|P$X1>@vl!(aWIfZOd(V=H<zABOySE7$j^p@nGODF=-B&!@r~<Z^w>YLQK$ksh
z#v3wJti^GBppCsU2L~rB-!|7`ahyKDLvm9oQ3a*BobH<(VvIh>Emq6vKPL|`dH>7P
zHt%aW{q!}>`#YCK<9#hXvRU)~juo2sGhUWDmrie3)~Ge&$Ja2ZqTPuShF6|8+>K<q
z{B_04lm^90B45`Lx*z0ei>Y-im!GD1`5BtKTu$$pTB|CKfLyETA8NIzRHCGuF8ez_
zGdMk&IARi#9S?zAz38|Qa(<alb6#4!C~Q|p9REjnzG#Ze^RJg{p3i#K;Q7(zO?V!%
znlk<GQ%t7s^+huM!70e}eLjnw#_31n21tE8jf(*+v&b@HGKKVCFS^Gb(>VQ1y^Khw
zx36nN<SfloWoeJ~yS0S)e2ma%p4STB#xee{Y$O;8el>+e3lcfqzeanzDl8-{uC_^3
zC~ewxJ|%L0UmbBYk<cA$NyvT$vS_s=CgJowS<4FO4^wnB8Dc>?6Cbuy(c0HjLP*E~
zGKTCyk0v*mDslT$wo3Hi^xZeKN<98lG?nN<w{OuZ@z}FkB|h7tRpP#<Y?b)n4UbA3
zSn5%UzrE>I32EJUZKP6!v{Dcy<abRC8B)$`k?D`hS6|N)as?7Encg)O$#fLerdd6b
z*dWG7YwZI9jEC^A4sDC2wcHZ(|Ik`Wr}Xw~T+O+8nbw?dUo$l4x@E1gmUFLBijzh!
zv_hym^C^kYomtnQ?tC3%u~D2Z7>~Mx!RRPlI#?1-sbiz)cp2BGgqo<*$`{=Yb*p*Z
zd2yZAouexq|012!w<*@Pp-)_GpAwsEueZ-N)ltiaYR8Z-*-$?_2GrYZsLvR~wV|wC
zCw2F+e_MCo(7L<##m1&@JQu9fL)g>gDWMOoBg9tieJ{EjwD(8v<nE6>xK3;T6R!4W
z(p5hFu2;RMu#_p5R-jI8CDqYq>2&4V;(QOhU>kutPVe2Ijlc&lD05gRt5|l}br<D%
z7=0{;ar#+`^2qKUXR#pNmqHlz`)Rz|2AB~=(mB0#8<AA&t&GHXiyI>y>KnJ&r^l5i
z-BJ3fG9;I(diywJ+bKvFiRZpmP4T4BuQ1F^;Ah+Fde^E(LdWQn;y<mID4d7Cydd}e
z@;IHbfe>dSJlVqVGFfffV7~-QhP{Lqge(@IgDs22a(Y85VM$$CieJ9&IMreq>J9r1
z<LsS|@|Fgy1RcjKsekLLMy*hK3MaHQg;QBCj#8h?>76e$TFtrey%ew{I%{pCk_)+=
zik`pTpYU{(G|c7nSD%hW@??AI^k;EntN7#95$_L^Ii0f>jU*$qvs@KUs*^)x2ydY|
z#7`oJ_^Fyw5Zls6&0&4g?65vFhK2ts=OW6eZdj{Ug|1478bZ?j*{>KM&*=kl*Cfc|
z3oVPEsyAbk=y`P(hArnKykw$eFrCv2EF+|n=O*Oa5{dogmm+mmZZ#*-ue5!<c8dDy
zDqiWAK27pJB_XX7^2%~nt~O>Z8Bz3-f}UaXJ0mBAYuw|h@)M(wC10@Wk5Sb7H>xFK
z+mq((Yt@$2*Urr4#ABruz%docP%gyjz!2(BJ5E@g#WLjX&cU&YRr6DcdKGiqIKtxn
z{}J8qNbgRSJ4j>I;xc<xV=X!YbQUE%#4WjgS@hdA1pSaSI)a2)M|yv%n#OmF8?BJG
zR`+kPtyLY8G$`%ryDzve3X<qz*`xs7nSpcl8>2dw!F%&!l(WTCFo;X(%SfsGn<rQ3
z47nX5&1(=x<izXhXx{n=2`BW!Rk)VOmyLr$ED6JA!3j&1rYPNF>2%*Ul2+O3JG9>)
zi96x8teiw5qVeN7eFj5szu(V}=cz27ZfUG#$J6J~iJ@B>L;83ANbM)Z`&klwQK@?%
zU~h5q;k*bvZRagyJP*nMw@&(3G!+M9u>@Ws{hE?m*0+xJLQkc*7bl!PKv2-$XtY=m
zDQ<E4(S%liuA~h6{3IfGX0bAZ6INR*S73SQW2GbJGG=^YlYU|K_R2;}zcowXbmb<Z
z+%CpPI-?4z1F1hZ5|%2Dp3Wo|%T$#=pn=4ne)o^=Kv;oVcNs618)HeF4hz|K$YPx>
zmTs{`-iP`5=`0XriM$PqFJ~eHRV$CDu(lRzJI<ypb`P=S&Mc7^GDZ_ZEWk75yR-zw
z<f@Rx!icL6OEdhw&sQ`yId^vbW;FPm{tN`UqTWVbWgEv}k?go>MN4n}Y{%z&JM`YT
zqNO*!g#NghD4F}yzXhH4v()K8`om_TJ*MFUPGy<&c?6Q-&(_nR!lD^O`+gTlAYZPq
z-zUe@hmZuhEQwA+5FJ<$*^A;nlUO{+lIaiH%?TQtZ^%atJ;|~;daB$v%h!8#`1p76
zRas6#JX49!lFMW~pP{$&<$*2p#eWAqNlU)GG^g1dX=UuObQ2+JW*IEr?`J})=*5o2
zXWH{u1Sklx#9~&EFW+d`l5Dw>Ttt&C^tEdpp)65C*(t<2VEH)KMIQ$$qUWdpuA4k~
z#sXG|b>fArL~h9PFl)mD(q?a6A%m#``s8L}vAja{!c?8PTj7QrZ8%-JS+7=GS2S9T
zRA@v0xh*_LqZ7n(_A!tm2REbQ7ppDA6~{bZl+5YJHvIQi9P?;oGN*^^=G$9tjyjr1
zzuP3&+xD7n(j`sS9V)omL{}nFtj@!<V~P2!q<|I4B|x$^poyx_Sp2Y}(K&vGGk#<f
zA-s+c;1<W&{Cq?3xYVnY2%>VO4gKm89$@VX@TcFexv}5iMhU04+uZm}ZN`<*JCT7!
zg|hO9U3vRvf*u_~?%2`aBIH2{N>_#yk%y;}NZYOUSfu%uXSe9Kl^BI_OEU3$q*|6H
zQ<1U!Uc0i1i)Yzb?|Gi66*0tW=^aUgjpg*+)l&y>!Y-hNAvTr{vY4QSmimPbRHgfs
zx!)g<r-WDszdGcF*7RY*YuTejx?42fLIn+3>~tPtXCpz+veY-h${(Ypmi?jsPd`LN
zy@~Y4>vTAM{f~{7KJfR`bvWWIMim1N{Ak-X!s%->31M3Z&8)+g-9s#q`x!0d=d&b#
z(+;CK{d6Xgx=Rx+b`d%Y7Q33)v8m{-^C0RtjVD1O|6}PilNcY>fApjNR{5{j5i+qU
zhA1{j+U{A`xjSUv{HVj|Tu%4l#Eehx7fqEP^-F*CE<!t5wXA{Dn@^I-4XPy*8h8pj
zpXP^{uvh~fqWq~ui&2{|Wd>ia=9Zk8<cg%f^i1MII3Z5AE}Kexgg*5e5O$#=MI*0e
z*Q)4ffQ4+MYanE^Ys=HdnQl3;Bd>wt)*Z{HT9SW@U)MG7JU!Ls-;&os^6I6jggroL
zK)UJ`q4TwA4Mrp&cxI}d+reV<3GEPKS8%$qaR63!b0tyEmxc6nui$hjVdv94Ntr9?
zQ28b+&+^hh9x8A{16mUD>&-8RD9<jJM0xd9&_}G7MNazQt9pumTRv62S9#JV!&}SL
zq#4ILB6r7;Xq3|f5VFPS0f~Z9dca2V^f8en(hW9}Rm&X8Zm^NuH&r5S7eeb6Z#7|O
zCz@_qNc^*<!0d()k~_qEHN%6O4IVs1XnBZD<n+Ojk_R=C2NQV;OQXH(EH;rIhe1tm
z`OB3@ziTTx`}Oyl_&=>;=(QPr=@5(NTkH&Ov2*lU1KNT3SuD+$CsbEVCG2dA#TC(x
z7Gt!7#p37y{VRh`v{(u+VhrKN(+6?zCLVSMuWJ$P7&+|E6jd~rX4WYt{nC|0Gb+EH
z;u@iyRiuukaQZI@xnr>O7#O7=fwL=nr-pi@E5>g}@4#g*E7Q;7k@?B;)Iu$*;`FD(
zjfB;x7tWtGk~(zvQ57%dgauraRltKRHo|1R3ncn9CN>#<Oa5psr)#P`=INbATPQ*y
zb~?SCgwRSYnOe&xaJp*50M|-QaD-!mBODW&5stEEg=0d5aGcI9Tu>soc(&r=S-)F2
zPUm$kf*l=2IQ}(IQFVG@RN?qxper2v@>?w&a|bD?UlgEl9Dckx;gDY@{U?OOn8w5=
z!#{>_Y%FZ0aE#-0`es1suvy+!8|`tNjv}>a$O4vHof2s+PAVYRsg+afkU_QVB5tvP
zoUluDK#s0tth95jm~nferp4%tzi7Mr>xbZ(?=SaEJ=TORPS<_}_VUcGrq556%i~&z
z>T+m^KEm!IoWA@aSgfAYO=s3A+1GR^)pV%m^m4*dX+|xpr<aE;{ApS24?M)q;)I>4
z{ioCAlsUapV(wtcHU3t@2e7$Bo)8S`?QOLP$T|P*6gB1dtJO;L<jLMtESqbHpCw^f
ztVe#6ZPzIMR`<EFsjY}p{u-gr*QleqoNhkZ@oS!~(V`*6!D6H6qN#Gxe-lEN8dS1z
z(I=`c`3cfhypCPdj3?IB;o}@Vr!T8LT)gR&V;<XGSrZCb>`_9`39&l}9aPIM=k&u7
zwH~f?)LgmT<;vv-S5D(0b|$VV{{~m?(Rz2NP`|aj#LJb}tO%~m9O!W6C*5bpz~;H~
zl4Wyc-6alJUa-7esc(iWHZHoX@V9W~W<96xytZWKz+-Y{wH3*g$(+78lX%$TXO)^S
zlR3RiQmJr&LNR@}8<9=sblby3zWgau?$Wip8!bCy(AN(Wg5!6+K1(e%bsW`A2KssW
z>y=c!D|aJC_^sZR`y;2{Tt?V=F6ZSw@X_}oH_SPw4=f}ys!O5!-%~-Ms*^h_sm4Z3
ztPJbYIemSXI{!_VJwhy99iVG>MTAkYoIdl24!_szir5f~<@DJ{B>Uv^Pj*GV_KW58
z_D2X|G=t^qH@$~<HP-nE%cpleVr->9y1SXEN0K|A)4L@YMQlY4l@6>4$~;d0qT0#^
z|7g-6NzKS^aAUKWS$qib%g=3rMBkfx{t-oYG+MhFYwZs)etMV?wcec1Rctsxs&ut_
z6*GIc4*tG+m=M#}M;Qz{?3^xtM1K+R+O9^+Tui89f%>>>w;h~X5aWxX_pBvqhczY}
zB}dlHUZua^kCA0g<X<{xs{BF6s4d$VPN&N+|6}TKI=?o`{fX&>u%M++KzzBL5FclL
zx>lcP?#Kx%x716J)f@HkLW`cDj~8;*hJLJ@mOC#%@7XA!<j~LT11I)wp>W#F*=TEr
zdMTa4NuAtnm2C?w)<$l$@Zl&YhlXg*#?wVe4lmbgb+GgFBl=8`hZ7T9=7in=Pef)|
z1~c?l82U}5h4tbQH*nv)t1-lDIZ^*tv;26i+DjSEhSFaK%c^HGYW42QX!`kO`jeyY
zuy37@GePHHO;j?Bf1#$&Ae{dF;i(}Rj$UeKVAL<JRF=hOr#i-sb9&P&px^O4GgVoP
zn_kgzp{~iJH`p~lJTukOUjQE3f{|i+uCayV_p@?kQvJ@}%vuP^m#*8Nni~D3E9G>V
zJb4`vHsdgTgnqR}N3{1p<Be#O>3gq0NRDdJGft5F-YXy%x})Hz_C3$oo>MOU_?7>U
zyf=@pqR1A<Z|9^cTp>ad5JX5Sg6MZ<Y*29&y{Ld|P-ot}nfIdOFf(u7;L40B=zwsW
zeP3k@VJ9JMLJ(w02wB+oeM#8&ML@zDc7C5aRn^PwzR5+L_vZKg{-NY{S65e`I(7EN
zXUdoqCI-dSmlqi2n%>v1@d=^wh7ak$hI2lRGw*pr3@&_cIOo$zwPaEi<_<BC!mm5$
zE64Go?3RMQr&9iyu$Ne@oiMSqJKs6Kx&>TOd(m&cG!|T3Bd-ixU?8DvLis37F{A{s
zA(bc+pHGna@GY4ZW=kj>-r$pDn#0aUgDO$j!9iH{1=2(&n%?-%LZ{zTxUSHtm)w-!
zh--ukBsCR}I4t%=fC64(A#RI3d>5@%$0)4e_cqN(nL7sNu9cW^&<-P(A{frdbv{j=
z;rWJ}_GhkhA&93$5g?U>kHkUyD`8-UCdHts>+TAvOq)5;VBH#@CPF9b>B_|NIZYv7
zNa3h1+M|dRM;92(6>W2AjSr7;4UHtj$0F1TAYPq7+ku)b4%9YvpbA_EYN0w%Ypesc
zP#&nknj2o|OOoWEx3WB4`p$6k;yws&TlLrM`BHP*s&=t31k)?Sf^~8^Yriw?Qw!FK
z<y4Dc_atM?QY%ZdBc0uEfPMj!ga;U@6lVr8B%!}@=^CG?u0!fr1#&nZt+>LK@S3C=
zmt<)JQkh9h|9g1&x8;Q^M^qW6=ga7Z;=CZ&Q*T8x5%FFPX60*q9{7}zIEd2-sYQlq
z6f*l7tqFm>SA2{%qDta8SP*ou5SuyvGnh5R(9qgY?65XWRNz0f)-o1MP!|vL^IDm<
z<T_}wjT>5&bf88ddyP-ny}!BQ!?aLRlVOG(sg0|hAXa;bulAP|4XShc7`m6y)nRr0
z3+F*ejFB(k&*D%17bA6`uG8$FY|@0xg>vQlR?EGfzrb*%`4_G6DJ95ho1AOfCi!GZ
zDdHsRI{BP3@1uCh>nQf+M^U;vRcdhA0z>#)357n6`v}91%+z}t*v%*-)CZke?bE1E
z-=P|5Z<f=u?4|J(DyP`&Akr?1(OU?r_E;&I0z>~M_;s=VwF~VeQ?CD;)q?5@>aZ{b
zfDchvxZ0=LfN*@FN4=9#tIdxDzb;Rz?cn!bB){zXDs?Q?o0K@Pf3+_}S-r5(@KQ~M
zAN#~ApU8<_?h8m7YVI7?c%8dY2rX48Y+LR7=Pd`tPstP3ul6~NStCsplczR)k-?#w
zOkw0|By%yaQm&Iw$hAX}k%1aiwlJlR9aF9<OzA5z#dcohI-|K%2*ppb@G{|dZ`wt|
zBToqyKJHB+5FUAo*?!l7L-O~8Hx>0?`qbUXf;V3aD+&&L#w`hc_a^6C8=jJp3@t;r
z*0+rXm)O)&@vLtfhsuBjElm-ysIdpL9`jbY0$|ot4*Bn5PYvb2f!Bjve7V?Dlk(qy
z>p_(N&iB;rM*bVX=kb>RrnC$Z|28)ku%FXX2!9*oUd($_iGG_KS19>yd@YRNm-md2
z`-Z$3D)wbJc1V4bTH1xa?TrP(eA7~ieA^p`NPK<XEKlH@-#Dzice$ky_XaeU#ll*;
zg}u_oQr4T@(k<%UZXALJKU&c1`t)6(j$O=~@{~);`;4ZL_Fk+d`%O1z+4xk1GTwGP
zDzoHKITm_UhRUOI&O9nZ8;44F3PyI}?vR9idP}!xcet^WqV8xZ=+QUwnd2!TV%?CZ
z#Ue^mlu$S1=@6MN>^@16uFKQ1rc%ovE6|O7%3Gd0JwW@Pljm+<2yzLj+dwU1d9L^M
zpqD(iQUZN(V{;!?$V+*RJ!LtQA`Z|f^nFT5a$5&zUXt83vCiInol=tPcOm#sk>u9C
zC04!gNwLFw-gJp^W1hN8Deg1MypLM?TkfNF<VlwdH|{M{ggb1%i=Yc9!7Y{_vhqnK
zzqJdI-`YhYzqRw0-%8(di*LQ2w4}FVZ@GlGp-<Xnw*havMYr=$lq<Q-dRu(a_9x`w
zd&?;&EqXFUOiFt@ywFzkgj;5l`-HMk@moq{oAu;BWf^v1E$hkhWwpY$rKnc=gpkzE
zyrl%S;ZNG-v;pDewDEG;N1h0k(!~0rHS#44+vH;=HkeM$FDd+uKN_E^<6Af~Rb!-|
zMq6_wLWvFJ9Smg!3Sa6nUWbuRRJVdvWGF{fs*zt%9qT~wM;}Tc4b0V?$qv<QfWpwt
zC>+O7Sf7pJ=7aFvW=?=;vcNb3Q|3rHbnhl9NH53^5u^(@hYHd|=6DLyh#_+~`%Fve
zrffr26P7zRd$Z5!dIDMAv0<p+RK7x3UoUJzbIT+RUPnLG6T0`%$`sCQk|wb2*~0kn
zDh%K+{S}4n`9`YMD&<!m$N1-R=aOM*k%qSJsuY&w2eHIs5r*A1lNVmL_AeO<t<eSf
zL4F2{iZrG((gH7N<W*}ldXrQ&FPkr9qwGHut?_B*RF%<hn?J?C$odqf3HV174Z626
z(>uBJcRQY`J9j>DBz|(9o51A_eCuzh+?R`=;@#iDz^aZloc%P!byJ7J;HoND%1kws
z9f0=SFB9QDb>d3_cFp1ZQcgR#ZCGqMb-ykTYg*fY!jkN&ns*o&x$kkJC9CnmpIL{(
zpnuj9CFhzcTLcYj8%AV|*2pI?uquacCAj#h62HEw%Dhlpyh~vA^!qjSIVqG&#lMGJ
z_X|nkXG}dXqHXz}(?3wSbHDIubZx6%K3y()xO!VWoV;JJa7s^ynQj-0fx-+2K*S0P
z@7Gnq!LDtY8tGbv0gE!Q?jvdD6hX){2?QP_1~vkz3J)?y40xZbYY*z?U#O)me9*hl
zRUGUu)U0Uqa+4uzQz&Z9cV8q)oZMqik^mTyDSbqz_n1i%Kw%QPnVjOwy9znQw|Cha
zOvR6nr!YQKv$K+kdqoNt3|OLJaDW~lzooFEHF}BhBQ=r;B@gP#Cl(+<3TOX{RO`hM
zaB(hEo8NEE!Bv|v5`@+qNVRqIF9g@Qp9WlgZQ$ZxVh7j03<<7`y>@V&%%~7tIW}+|
z%W#0J#2Z`#1-S5YIk>*A?F85S=|;Qo=oPe~SI|VSpdG!Y?ezU50NX5rcm>2t(hLX0
zGEevf#P+5cHi*qR;j0K@=hF-mVzW*-g1Cl`HoPFVoi9X!3^8o&PM-~CohjU$CSc}`
zW1Vd{*4f0d&UPF-_!Ge_%?`7nqn$82b6mn~_-H%K%8pkEvl*i;m|Z&VfZ1Aan2j}I
z)>)ug_g!|FeN5rojlp&yt@3OkDh;jBp+EAqC+kcnAIrZ{oKp)J)=qrg50y2-M3!i1
zsGm+6Q@B+qLj9B+!QiyVSe?r#jVau5jXvcyvmD*E$T?cdD9n^m9!gLG#@4?(M33xh
zrs%Qp@1df{x79R+24zHpmKu2*9!7KA!{*1Ael9+KXcetJ1|Vw~P8Uz1&=*j=>ip;B
zv%j|~WLFWGvE_5c{x(z*jHeVIR(yZ3yn0St#ldgG1yr~=Dp&Nz^1?}g!Y0S`Ve?`n
z7BOinXae)9XyommNkM4K=O*`benhlJK7(ubA@h96hIM#Ue<=~}GYo%EfI0!GJ4i?$
zmS{GivJ7ZyOc`#uhPeZ8Q>Ys-HK3~Y6S74<Ij6ElQ)p8z$T$yMOH=J4ttj*yuUar(
zceh}yuB2>p_S3RG;mB%S?Ebz$2-2-6^m<2QqzYVbz!+)8f5{)%S7Zc7@0W1(7t=IR
zes|!Bp!o$4+TL(jzF|VOFzf%T+2`<1nx>KWD0FNszF<=%Uyv>vNuH?6zhHEs_=5K+
zbQ522n}5N3{FnT}$nzAAb0YZyzIFU){sq6IaQL|Q7YvneD6LxI7t9!~p){txATyFL
zSR?0OgkP{)e!(9o+)l+W==LaM<PZFp{DGB=7V<B65#PE7zu-S8EDZAnh4KwW6@S4F
z{sjZMR<p!t?Ql#akS8RP^V=Wd38|GLf*D3x!3_N7Va^ySJff3<8vI`7Po!bo#XybU
zWnu18=zUVf%#1Q)W^SA?;~FSmFO0(aF)M?Nw18ZVk*ByO%Mv&h@#7Qm0n<p<fMH6m
zNIQ9*YNS3>c{r6RB=L9t8Lf;@n$mgh$O?SpJ-?UAdd^6rqKrKa`h4%RqL;3XFhul{
z3})t2nep0a?Ea0YxPEnn)3HyW%l8sAT}BGs`XLIpPx&;??WBEb!blI_;(k7cvy#dX
z&&b2@H+)SCU4=H{lXFIzTS#H!DH)A2ccg*U7>T?VLu$Z*uMI`hVZvFTCKH`Ej|@q-
zY5|*1`E>F$e2MSN3hEf*$%r4OZuRMm#6ig{1A#DQtFNMrYvzpYES@C<1Q`oUl3~k9
z^vIAZR11)2D9q+K`J5Fki{YRB5UBR>&q@?}o%RU}^!4Ea<tpJN5<{C}UP6ql)$Lc&
zpC?Bdq7Y!(NuO13XYVM(8U5*}kbY7k%AQdneqld_F(-Xy^k<K>(2es`xXO<asX>xt
z^k>gBgKtI>KM>5^xut34VQUhFn>dX?kUOJ72P9IsB?cfC3uuW_)?Q<~2r!$)Th0&n
zfapX8(SyTH-z>kTvX~zY;InI-&x$QyZ5x*)$jhCPp-17Gq7uDFiP)`V3S}o9M<HvJ
z$5GhD$26c2uc5UMPlGP4kPSHTkjUz1(J`bpOdn<o^*W$De(3KS0780TBH*(aO;G<g
zMvD?cTS^TfiNeM#!yA{F-E*W`O$0DQR{c_yFsxwB7z(ragjm%6Im%@Vl{=yi#<5Y3
z#Az89J?f<32&4fOh_+55S_7DW8qWq?+v3xu|0fova&qxE_=QNN{5ncR{}+vv#@9kY
z?+6sCD@CU;mgjx+|4@zm8=UPd1;njfWehRTSk+r%DCBV@!%t!q`tSG&RI@}1XJ;51
ziIJ*V-YC0j76U~mrD|3%%5WHq;wjuX<ug+QmWj_xr0_$bW()mIqOc*{#v&1c+b4XA
zgLN0IItl59crCxg#Kel&P*RP;nBn|%;!`K(d8s6*O_J~$Z{*MsRi{!ZoSz{BIzMCN
zw~!iOjC=-<F-8($I3H-PH=e?bZ;a5-0?0q5qT)s>n{)?QlOQ5E-a#4Wm(>ZWo{&H~
zVD0a!aG#(fhd&U6e?m=^1>zYNOCl7C-`5hNqu{a+3v^bc@NG?vBs@W4Xh788s4i=6
zV81w8oz&<5J}7=BkSg|H=KrdTn{lF)M|I@2=wI#gF@`6I?s?UjoHSXDjQ1XS!Wt<i
z#>+IpaZ%j)h4@FT$82fW>tor`4r#3TAkh_1eHUD<uE|ws=BlXrP2nMiq8EYK00H=1
z=YI*v?)-@Jta>oKhLpQRse_N4yb>skuc3+R=5>=35=ac(hqSND6peG*E_+0X$n8w6
zqH;9J_Hr~N4({v@YM8S4ZzgdO9`=ty_yeObvW6y0oBRyEKr(WlZ2tCfMRHyeg^Bod
z0{K5lCUYJa$#aw3&y9`bxydy&WCesKlLs&Zh_Adlg}fXMYi=`Gwlb(o*|#>#<(EAx
zawm(5++62f8Pu$#98s?B!w~K}<^i#_$38@Q{4j;l4`}33llAua$jy1L)etW77_4EE
z)G{G~_~AZ{Lbps!BQ@am9xQ{>jqk7g#VB+sce|_61ZU}?1h};)sF7dG<Yh*aNpb>d
zltBD)%Rgi;A#2nFxTwk;%f4Wwo|uoLpV)|xD%yx-3X^e;1oHDFGZ$z~B+q5IpG%MA
zxy%PN%%JCz>4Web-xImqQy+xv)!>?9ug-s<REB{yHS)N*S3^E@@737{G_3B09&MQq
zTpzuugi}WFr$S}XAo$>4-NN6uwFOJw^j9VNeOp^osiMCO(0X<Giz(cBpE)GrUr;Ek
ziOzO;K(jt@Cq(V4DICXDWg;=IBK@y!F|w?7s1&*R{SeSht0h2F{JuittXg(7E_>e%
znqIXuBy_dyf?^H0@fV>Ik=nGDTVRaVApIdOq`iRpv*`EbTn#{>TutHoxKR&M$gibg
zQnoC2^1fRS9bb#n0ioOqt#Ri2Hc#7w6xKQB*!n)=e>{ahXv7co0@hSB?Ng!n5zELg
zsBn8XWNwf5^7q{i@0?ob1g@fySZL44gO8)DyE5m4531)%-!EUc-c(B(@xqRiO<i)U
z<M}<FtEI~0|2&0tE2Uj0Rmb{!d!tOP{>uBT;^tjz<l8StGI*^Vd?}K_>uPxh6iIMY
zGOf0QEBbzWD)gpWnrXv1@s;JLeV&<)+EpLBItmA5!?6cpQ7!5JT>ZYg?=ZPvHjPb&
z)3v4WH{*kF{fXtA^<d-!a?bBR)P;#RhQjdbnuwu1@xFHuYYc_SH8sjNts%zo#63dl
zJcRI!ParWhlqO!2tKvGT{!3A5uCYdHs?d>G3axZf6CTE(ti@9>c#Px42NbUF4r+2(
zb*LuEL==TFA8RPz9;>d2q5yHWLUJ)&*rW~7GJanQNu&)?Fp(#C#78VNpYu=+Q=!lQ
z$W6TRYsh%ZJ0G!%iF`o~7jw8B33DiPKX)sV=Zb{v^MIz4pTkF()k+w|X(W-$%_M=m
zN?~6Vo~i`fp+dr!!bm*K7a4UA34t-Erl!QqXi^)6%Z=}A_L_AZ2k<)Lfm1>jk(Xko
zMN6b^tv%=*^q{CSn_w5jcaq<Tr_PlGQHBlwKN6oT$_TtmAQ6QHS@TDr@5YZAS6<Ek
zi9MWB6LmWhr<3PJJ2vtH3(;A(f8e3APOGUUaMpqBFCJ!oAS!dNuPFj|g{U?01E*Nr
zkit#}Ph91}6BpD(_Uz}HAkK3?Wd4=mxm{aZ&Q9v9QVpoE<$NGw^O9kHO?g_^eV|*4
zyIHP_d_-aB1M2A1gzB1F$*4$hc&b~#85s#KPIEsuB9iB(KY(4G{2KW=XVBu)6Y$d;
zDjOaiX>7@xLKq%tzdF)GKQx1Y{1i?+AdH}+KSYlFD1~DWXf|nb(T8r6-HHb|{S`u_
zFynq$(X#7NSor|In?N47o-2#wxmE7xu0-<OY9aGJppnP<N#_IW@srN@Nsmb&1oAR8
zl|CCoVe7u2WzpC>MZ0&4MjVXcYT557BZ&#7U1Q(}%%zf@t0_?7XK!#+&{V>_ABHMc
zgp~!;s%sXbVA!B9t}fCre|5gwjI>TARhTkj9Qs(XtL2Ja<$YKlYs1oY>x9;!rI0w7
z$k$&D4o;EYBmA98HS%{xeh0ZmYaKfr-R^{SJySWheJMK0mrs>&j7}0^)^ts?OdfxS
zbpC=5U|MHg=VJU5d<^<TNJ2~U8ihXwbn+1#@-dwxQg}`$Ox%u1Xi46n@LoVCpHWD^
zfU%O~DfCEvW{<+NQczUojhb8_L_XUfz*WmCQYpZ4Fyz-Xh5VL7_TO#gU<j7ps4cow
z^3w+ptEs|er!EIWqS^=a(?nSNrORfSxq<yO%_cCezhWyhm)1wt15VMfRfbR{imwE_
zIe2j$3gi1~nrZjHb1~>vRE7?ak>}?w2BqC!UP^}Zmx6qr_K?;e`9U(Ayo415#TAa2
z+n!~FptV<8dNIFYu%V%47frajr$v`gxV}u7KvTIIKjAfHeV4YfoU&jz7xxc+t;Pad
zugLWK?7o_1thC9N7UcXeu}IVZ6>P|LDC~L7v@~A05_G#5`iY$rB%#zbq5>$m;{9Cs
zBRgc2$<QaDaP~()mH45V<;jbu@O@uL{M2?e&+H$wWoSMv`AU88j)8YS2d8h4+ec%Z
zD7~tYH-vU~$;UirYVQfM7|8FVF>g26zALifbw*!X+leh#f-X1Ml)h3j+I%JGa)V{{
zwThrzbM3aDLU+Umbb}E>-xm?3Wfc{h<$P-%f3lS*O%<dmq6D8;ZK|K$-Ojc5LI>}X
zlf`{(O<BsUl9LzuI!jI-3R)#6Yr&c)xFE9oZH&d4@&uOpW$>AHkCnLFp+);`L<itv
z_g!Fua2n_ir$Mng$$q|b48dN`NtmV3V2e5H-2s^*7v7yCH9IUwIdTCeN2?g}C#^i1
zHX31ERrvzia5j{H09oTpCHE%?OR1_X^zC|I;HL<m!xEJ$eD3fd5Ar?zymT~;8Z2EF
z-<LW|pbZ^ti>5za>eGnUn6G=RkrEvR7x6I|RO-{H<b6E`8!WWY_JvZBGO*W5<+SG2
zD4Z{qxxdp4odW_(FTF~2q!Ctispu%!B3?MB6kXLcg-a&^={Eq%KT=2S3zX*osOX*}
znDFrPK8p$W9pK?A?tMwRim&xo&Ub!E`Bjf^_67bqepMS6MqD0|Z74P@PV2J4MoMS}
zoFBi9V$P9+4OU()zgg$)2^u2ao<Enp+4rx)y|-jrj>4ORB8|?|;M?<<MB=9~X1z}~
zocbMwb^OevB8h^ky7K6aR&YI8Dm{85O@RKL!Y+O;fI__P-UTlso7@e-vL(Boa^CWb
zny))m>b0?6Ox7`_NISGu75WpbRYr{{hz*cG@IS;!i9*Z{2+Sod_`e!?RsO8yi;9kh
zIct1kY&2|MU@!n=K%2ijSJ9$!gt(l5$0HgU0{-Td3$F;qfY<OLEm{)~3nn41k!t+k
zhS;7bx;%zK{y<^l0wX~DFn5iQ;X&HCz|cqwjl|UVmI_V`lEE>f&tuxRkP7w;atFtZ
zIWPBi_aJw0%-Hi*a7_2X9>Fo!N}a(mJqF9*n46`x;FzMp<(88PV5RrXODs*R9Z7_}
zpgGvwMib@zd@anCVoEwtn6OJ^DZc0xkZjLOONJx)BE+u)g{y@@jPdJJpamG|fWO60
z8EQGUNQPRP*-nS#)5rla6mWcz3<WgD9I%a%5swp#q-DH<M5wcE?1@mB@%#|9k@?SU
z7`7S9j2Etoy=~CA)qq0Zcr!U_@<)Q=;{iQhLv-3o|41m%`)ZiuCVu4X$i<bxC>=*n
z?udgA)i8sb$9@zV+<c^lz>TAAY$=^0Q|oJMF{3{U-}Xx`59{2iNvcyA6vYL?3!U-P
z9;GnCnr)<O6{l)oh&5IofUYwH&>8krt%1_S&BAb*&y}D@E|S{%gu#U1-HUeTG)?pf
z|1E`EJA#<kE7GtMY$e76cuJFL04;#F=&nU=9IAL66v|yKY@@7c`SF@4eW1bF4?{Z|
ze*J)y8(varZAaRmy%R(K#>F%H%l5Ug=dmVIn1EBO1HQLSNFxG5;aI#TO!Rx&a0w(U
z-XsTSK5;4g{SpxJo}XG5y5hcxw!zgY9FMXh9fu?c8(--s!W=s?K>*=<{7qnp{9XD9
z;=?Nx1|?YDgDxM5_HyHlQ0N?%7LQ|}I4N5L3PTf2sHR&`#kXt)#LR~%3{TM2piv*%
zDovbJP*0}J{LH!uYV5EN6~4zHzB7sNnpo8j4+t}J$tO-?oJ?VywW>j`y*~edCfhFf
zp{R}KDs&1I@)N`dcWG0u{ZYsQOXH9QFPx#JVnc1w6-hJ_iKlR2Sx~$gCgo|G>KA42
zWF%u!GxD&5*l#Ix-5GKK2sGrJtU5_dG>ubS<Zbu>Nt89FRik6ul`0R2+AAso;u%>W
zViw}yb_)md-8i_YTpZl?VOSi@PtZtQ15r|5qFug3yQL=D<=N0~>xbdcZb(g;aOp<7
z0&9cMd=UEFF!|hfA<rdKSZY0Y%JtmHnwtDz-2)qseW0+>PvNq{#{LQ$$JS&fR*h_<
zc{6AgH&}(jmUxlUE}oduhMCrv+5(6+b^1<cD=Xr@B%(FsFPt|+lO3Vai&eNQXcaPT
zQ<1k7C@hdT-n)%GspV?Ctgzy^dQD#K>9~45-cy+D+D56vV#x1cY7m#WU1JrlFvX()
zi$m#Llwe<A1#aq`1pB%x7@V8nP<pzyarm<Nr{Gqt{6ut4SezidPb)rQI!!Q(b;QAy
zIE}mu4O9Z_(Kfow%sCt<%wL**Hz0PeN!`31Z>LhC-Apr$2AKB_^JPB|#bObY<RV<J
zd&m7chHjbA`VHYAhL*alc#W$;uWO{GFw|}HG4J<v_nu(8Il+HXjkMHt^85>o)PjCf
zxhMdaii2oP>W@EvI&;#6;vl{hpuQc=qWLoTnn->4ZGb$__)->4<un*p%BAG|#7kLj
zE@i9FaVEt+&Wq==Fz5jhADm@ckqA|lVt~T<lAv~P$QG@UEDdhTq7-%=z)GRX(lD#@
z9jKkc2e)RV8q^M0f9hfTrC=20YKe<8X4y2SR9Ulpt4}j|7;qlu@n=I0zZc}Bb>*T$
zYH|OWGV<RX#BeOg$X75%W8_h|-iiO+3veB!L7h+ZjGU;BZK8N+g+oq6i5Mb3^f=~Y
zq$=D@H(1CoMxom=-`zy|{TGEB>4rxBYL)*IMy8Wf4UcBB(~5m)tMjhry>f;jMBv;V
zKC7B{?hM0K%{y<0O8l8&xT<+C*<q=yhi7<XA7t<F33mB&8X&rrypohak_AWKm1VJX
zKI@wlrk3~+sW1w4hT-Z<&RJ?vevnxLq$TpjK|zt#6<I~O74PtwEPY#+QEp@8Z%X6`
zj|qiFGKD?1i8g1sgpq8%at4D=`tGT5avciakFsn|g)=;|Qu45!h5%Cj43A2x`8zCA
z=n}611v_MkLu`!)Ob<}lAnMlLIpX75Z`ZMiw|9;p-r_Gt;ntD6!rMPn=rY#O@LbvJ
z(jUz-+;!<C@b8E1S%xf2{|#b8xU%$1r%Oc6-)TeS1=HP#T)0zJ{G9Ga<f5GxBJZDW
zxFb%+@AP3=dIpP5^Yu8qp!_e#$4F-=xgTx^86(O3N8n#Q*99nC8ZP_5jh#_mhE;6}
znL91)+BMw+yQbI%?DQItwNs)WS|5kbkk-f29X`!badMJ<yGSLd$4ET<L5VLrcKW1r
zJZOfYc_u!GH_&d_iKqp=JGB$^|6MBjy40a?9+6z(#DZ^JIXPTB-zGo7R$nhbYD4Z^
zferC8vhHX6sa6!0Z}3@LgS87uGHkx-vl*^PDuwLsGARW8cEW(R(mCosDdg}`RVb{w
z>EkOGzim(CIiGlk!ZJSMJ^Q?v+EtJ0*j-q72}uHlc#Xus-*n+^Svu1&&0`4^R&1Av
zl8a{=W^;Qd!EH$4yX`&<o8ok`Y^q_);3r8G`W5rDD(+sKYJ@8As$;&@++LDsc@_s1
zOF1!TroC`fT?$KVul>RK+87GMi+vdG!yxO_y%Fd{3R_1SW?)$HOv9a6ktx=~m2*wT
zxU?1-CZ;bb13??cmlPw$Y~|Cu%Kz3dZb)t$r+tUcScG`9t*vrR$X;&q;i)V&Nst-&
z4TZ7842}HG+H^mKl4CxNB*0W5tCVozME+tFcHNz<@+%5iTvqvwGykN(3r=#+Bv;6r
z<`!n|gYCO~NGj{5VrFwg8X!+njl2;M*=>V^jLT#%ddOrp;qJdEL*XeN#u<!s0?x)B
zg}I&i-y5TFqD8>$?P$uT8&0Lk-F^WxNOB`1n{_En7F3ZhO(=f*ryIgQQ<uV|us3T{
zShLgNCnFTbc5Ejjzf{u@%a2KF!;JYR5z>)w{*3?8io*7_K0AYep&G+jddQxQp3kjY
zq|6piq0hM=hho2`aCwNKk$+d8l0Dn)228P%Nps9(Qkmg^f6n}=(n)tI7Q5Gj#b#J6
z_K*K$7F$=aSdL#9?s8>{fe+TE(0_M0hHAQP7==X$C#Z(PaMw<J`F8+M=$)@B2vJO~
zh^&!Bojep^1oJ&L5(`s0>f}-Qf|0s#jHs-}{nHK03T29!mK4c>z|7*c!!(*oMrsth
zaCBtk(IhfUgBe8GJx0$koSjW#A%C-S9WTu`%)%tAl=OCGx?xvG`>N}gr>nXIGFf8a
zPU-RQX{4&<4CTuiE|zmvEN7+$!->$Ze_<~BYd&s-7*{05eWO7k5sfU1JEGeB1JOeY
zG?rDkHcje9=eEl;rZW=9bzPlnM~uY6=&w?U4kx1d-$TA)<P|857F2GiU>$IKdIhx_
ziqv~=O*bMiX)RU5Z$>nHnHqj0qT$PTI>Q9YB6@0d$aaSruKM$=@qjdQP;L8vA+PX!
z#vc2cN}5ynfh%OMP>nnaJ-*UOC)gUz1lsiDyivF&u^iv=6~dNZ7c#^vD#5<#2KJ_g
z)tiy&>?RDxc4Xu$m<s%im2~2w>U(fA8UuM@&{qt;<Y>qEm|aA^spnDoCQJ}s2pV}v
z$MI!f8%!KkJ_o=3Foi2VMjnEdr-c~!D1}vnjCSO8xInl(x9YS{*U9S?a)ui!*d3sn
zW=Am;$h(GMlfv$9A!wtncMri2$}miz<SR{S*u7RrCo*H=-u2v|xET*aIGbw+Kj)wG
zeP>46!N@2^K8F!OoqPpVQplt51_o#^^>N|3@Qx|u>L@!GbaBhh3+{x<&TIIncb%iY
zxf3ccZ|m}7<mI`uRdiAe6=4B8w#d>AGx@C;M&dmLXC?&a<y$NX_QZ@(!8v`0B{(0M
zao2+L_#IMko<2K7aNb~h?fw~|f^+5$B{+{fbI*eF;bE5Gyn42WK=|F33I*q3vnv*y
z4{vb_&Pu`*N<*lGxof+SFdq^U<{OOEVDkSBDMM)!C>)JuA(RqcQZ+j#E4&Xc1Padz
zb4YtoH}uFoO5ye<A0r>3FC-Dhp7RCxL61;D4-h|1pn(7lp<*eFw5G6=t1TZQW1HHE
zkvP}|EQ!Rz#7>NK(clPh+<y|DM@slBjy@EoPnDV;n$}F~n@0SwOR8cNN@plF5uXv(
zI6v&=1NbAEd=hD}^Hv*MQ0T>l3BN$YDN~*1wPXsri>=!kQ_C^q`6+*~fYj+wGhSmX
zQDIIrG2}gd3J27)Cqr$XPf{3Udv=`r*~7&?jh~d=_h<uT6vlIwBQtLXxKyWyDU_n>
zBy52FymYGzLbnp(nSEwDOK4o)E^ArzpD9adG^Dzcw+a+C|D>!S5TZzZ2Isa36HNA5
zUqCr3{S@YP(kN$)XTCO4Bu^uLEIt$<ZDHC-L)fcUMzIPPDGn(M$RMiq@;G4kzny7@
z*(LIGIMkVQ)248rXl*|y%Jf9unQl}Rd+h-;@v*5+QQ}n!lli{BA;i5cUj@jYAe-}S
zA@mNLDWk1oP{*0Q-G{18sxK;<;|wQgl{E5({P`z5wVwx=*Li+4iIb0EXSp088imGE
zE-L864}JO7IM_JS(340PtsV#OoKqaUpTLQcqHlcfDCYhg(Mba%@8sH|Q^=E$-C0W^
ze)@<=<egQn(LP4f06z@aimNzu+Q(c2WW|-<Tdm`k>Euiy1W6viJ<4Hm#<mJS<?j-P
zt4p&)0i`4g{cMv@l9N+8e!rUMlsS({*#sTKxSeMy47ANMeuj%898wb<pXH_|Lu}8E
zaX))>2Ral=PTw;znK0ZUCjDo75R>y;EMn4kc4!DNqi}JHjhOVF?Ib2wwn$>qZ}$HN
zF;Rt<Y%MT8gh}ZJW@$7)gBi#FDpVttmFpmVCYqdU!13)qCNEcqK{G?xMP&*nx64-#
zoEfr%l_{LsZn+K?%=8G`+{cNq-E75ZGN&Z<638RM2R7ZtMpC0S@@on^im@%DpTe1w
zX2GD=6pjy*{JRTEseTF*&v2E3a#Gn^XzIid*(bPkUzfsWLE$LV$)8|d5KD$|`mpsY
zEHzXl2<m;Dek?H<X$#AI{O^1N=k9S<#Vx-|A!E2ATYq9YNrc0veYzwpG{6<=uMI`Z
zh#!t3t^ORA4wHT5W{?QTX={o1*+rU0Tk~zd7=grNsaADi4=PJd;YLUPuOOnyEFu#6
zC=4(JOnYg}8)rt%mN;`t$@HUUqi}>*bQ6pEI|S^?6i#oEDAX_X&Y3M1{>+o7%2lp{
z)1xgFq0uxO{YYT~k9O`rJQ4)E6%*t-5x(Yfya@OuT{H>@hap!$T<W6Pe+pAani0VP
z#z03HY6~q+A%B8#!wsDy#F5h+A@Db2q#7JJ?K7F)yrn_gImW$25z)uU8(0qONhWmb
z$+Hb6LRX%|bH!zJHAyDtoT)4<$@vs!_tY?8`AG~|{?w5PYAgErn3W64$ftZK0P3Lv
zenU%v`!Fp;Dtmcl!FHihak+hLX_!YYd8A>^>MzqUw_Q?cnDSCG?6{0+m>uA|eliVn
z{bdxk#T6_^-{eQ8VOA0OAA|-(&B!DQi(fVCAo?lfHA(pw$+;+d)pURFEc3{i%<5yy
znA~3GkukZrkCkQB^Qz3Uy4l-1WAaX!En{+FPt1_3pUR;q`q0;=us)y@@}T;dCq!}0
z+@MpJB()$;YbU<($_h;s>*?z`N?HQ@tTY?FHRUh`QU|`55Bv;iL=_mZLSy^}<#+VZ
zJH$^LMFXh~OND_xK{zLuEZ4MXAoXC`VpBGf*J?wN9E#H<!ekE3Dlmr2k@TtRB!O}!
zL6d7@>lZ)$72i5iBbii7;sP(yL_d8o8b}QoA*LdA;8*hNDnTOz5vc*~1g2oV1fj{M
zaCJ^Bqy`NCF;AC@r)$C{e7c6(6ZLNbd4i)+O$uM|+cj#43kb2P%TW?<gzt)_Plzl6
z#y`A1)yRKS_@TKv60j}6NG-^3fro#YmSQ{khdoaIaQn&cd)edU_f{wWntAejtCN32
zocy*hNS*u(;^d1f{N(Rza_<S)BK6C0><|CT9Q!TSvA^kc?7P^H{q?&&_O2*Y_pz@+
zVNugm6rZcmclp2QR65gKdq5F_l@=k0jv}>SP;OA3<;yFyRByV#MfKh*e*${I)Unt8
zRR{tzrKJBmDZ*bUTxzb7#Omt6)B-=!gHKazD8VY`4dvqizdL#*Lj7klPd6SeG}lN~
z7}OMVZ5N?Th8^&e5Zdoas6R|<!{N$~I){&&bq*V%8JcTmhvo!RFv}=!nG`n*^MWDm
zml7#t^b$EeiIl&KRDyX1er_F;6HfjA-2ou=OpV$b<E!9xk_g9IFely%;wS!n<o`YF
z|8EMzTA2KBHuA$GEu_SqeJz-xl1mr%ab&>vR;2ev@4KhRqNk{>(8NDs@@S59-*8;N
zpThGxmO`^)A|47j&w9LWR)PssPzgpTie1ENYIBYy>%zct^psaIYr~8!3#|=P(ns3F
zr<Mg(gxl^uj@mFTmZgh=MLjjqJf#*ts1L(`i)FI}QX7h&XEwqSV3>gymUJZj2-0Du
zjQlr+bPm(^g}-EC6uWC)EbD*-L<lk5>aS_eavqO(&)MERmnfdlt(T^olzP(tChhtk
z7UuQ;Cxv;Ys26EOHJ!8X(Jd7Fu7!ot5+O+^wcyWqL{b9$Y8=11+{Z{Im}y`=>|sp<
zoC|YJxe<zkwJ9txQvRtN*nW%(Y{%$^cK63fqcEqp7H}S&b-swt4yTV44(4Dc&6T&%
zgxB}UpEP;p(p$1D%Ohckcnq`(Q;4UiOcvrP;N(@M+|Ms_7vd@EBSHOLnY$3r(mqxp
zo_%E=g?J|PaTnqlbG5=kJhfm#E(U6C7J$qCX#uxU0dAcyEaVm$VL*36fo`-NbbCBN
zH%5VOw+HCP+CbO+st4$<^>%}<sAAB8FrfVi6)pyD_reIrii;ne_1&E~(cVjp@UDJT
z*3+tf)bD!GY%yBU$65VoUP!uTGD(72QD#TWaaY3@M7uY`mbo&s6j*q0CsAn57?Q(p
zpJxton8F3Y`7Jb(1o`|&BJ^wGY_D)hm>7~Myo=#VbMQXOLc?A`O`{R#55MLU#UZBu
zEg(buvjbfD+0uduZR4lctx%^Q)<Wv^m0&u)aF=-Dq<_K-h5q)><sRzbP241W&BB#2
zww=dVE64XQ6jpFf(^@cy%Rh$Ga7OWUFAe>18&~^MDtfu_*Yrhulun-2$<sRNs=?PS
zbRje9;g--c{1W_daHFQ*&1X-veRg`(kNNB>aBis<A|>!cks?E7$6O0C8R`I}289Jd
zjrgmR8t`{1CH+>4ZKN9fTubFcV#^(Ya67OZ;f7%nqpE0;0Q*@1?5A~|#9A=dqk%v6
z0~foV79!UDSeqb$|K#)6P}iXYieBce8Wffo_xLeC#RwsFmo7G)zE)oAvv95w|6~%Y
zBec>qnE$dSJ~^i>7zp#pcMS^LBmWdA`Gpzg?pB3WfqL}SG-!~LLTW+ZpiV|=6pDTq
z5YDcUB;AAr@|<*f@nL^LWAfHZz7!P@Nk(cgtG}V8kSeh4l8=d&WE=X+mSmXMC&DPF
zU2=p`{yT+TeAIt9M~%0Q(y^HAq5iTeR&CD2_^6O_Jq<+(ABfi&0r;B?JIl;)Mq5^e
zBYUN1c3g&6f)a@d6MXq|3R`9MxM-q5$ppjEcXZl8pIMt{#{?sM(Gj5V%|RJwIVQt!
zHYeC)d&A}l-Vtn)Ezdouf-d_Uiah#*bGAl~=ntLqp3?D#nO%^Z;gOBER4gn(^u9=d
zhpcoOnT!Wj%mnME_;*N}O|cKV-H|_19n<lv&_}G^58EcGzzMNUP2ijTJ`w7(eUiaQ
zys~y=?8j7YigLnz0g*N|$uk2G%>(Q9%iW$o$&gNlb^Cn*vo86h(5fwY`+b5VC(;1+
z)sQ)<BHC1xDsF8>n)aJiPPxC@6wd4ya1%bCIpe)ju@4>+F>Vi~ascTn+MmQiYJj`~
zk6|d=L7CrPHbMET<0zEw7ggWVWa$5u36TWPuQ{k9+ansjRt>)t(eQO@_{E5ZuRrKr
zP3~MoPj6N)`yry?Th#Eg5e?s}hM$RO_%=2C^n?g{VD38T(@b%G#sniJBoRSY(v{`B
zVHj5!<6sb{XD`Bc1|ER**lZCl?Dd)V7=_Zkca@CydkO>jk#A*Yh^esZb{3w`o?L!e
z%hme?!A^!z7e$s@eUzB0Qy88d)a_=>`fzBoEO9*{Ta>tdj=~x~L7fEQLF8v;>jd{%
zsRa24u?^)r-n#3Y$+FVk=6$v{l$n#=mG-volY5mh*<ERG+deDgX8mN3Y;RmF=fRKD
z6w(NZMMDykK#~(kJrQfOWV|ibMzn-3;>SFxx(cJu9Uns8J<1f=VyW?p?g(a#p|IkR
z{ETk)&rqSxDh^TR4_?}51@SK&Z;NJ3qOkgqb#K1?UJQk`hkP0`n)3(lIl901L@T;K
zW3op`a>+icxWlB$ZWDl2--sVKE9239lqBaWDwlIHF3GIDDEaY-Y?~pYHJ+{dVj@)%
zk&DQXJ>Jluy`GemL^{DnAJXUE(c$Pbp->i-y@(>^Q~{G!X<=BEEmS!bi+@}iZx;V(
z=)uYvsl<e0bz_fDOL~Ye{?SD8H%P?g=Y(Cp4hxakbPzGB6T{<KKt|0DIbapR7-Or*
zrO+{?pvKX|5{HjWG+ec|hS}yylXHp16%<)f!)6~%HPyk;sTxxlX`5<<yHMEo>e+o0
z?Lyf@6h_+~{Cb>Wt37vCJ+r$Uu&`87ZfvY=n!)b(mmbDY-VOWjxi*NvGO3MD^y+TA
z->MCAYodp=cW1wOW^APkQq)_4LOcV1fJ=Apa7~1fPBehEdE($pChn^c4^ebcCk!@X
zlyXSJf1QzEQW!hj&`1-j{)@=74CrK-Mwv(uwbf3XInh;ZA(6rs0bf!Zx=*z=sU7=;
zfONbG=_7ty2j!-s%KASXo;E++rYxF}+K}5`Y~yNR^3>g;S~MXV<g^#_);3+oD`m&I
zoG(<_J9%T3pMO9z3RjA)zQfb)fLGtJ4ZnfI_4nwCNHCkKA;k#NfG}ESa2573_!~>)
zz`i2Mm+SC~kn1fI4Mug!Y0V{>c5}qfqN8AX2i2o=bGfh+_{YH}(62e_WdZ(0m-rXG
z%z2#f_)e55xrr3Es&5g+=_VS?mc@H(k58*>QlU0n$c?8kE81+Mbag@nS*)v+v{hEF
zv=tDM=1dRh){CJdlW+bzJc;da-(&Ely4C~&OlOSz8YYRFPS<^5h$CZUmIg^U=xW$O
zq!SG3%t$P}q?2l}@eoE(PaSWl_W^}n(P4HF4LAE$ly!3o*^@+`sepH{Nthq4V>2cS
zTb78XU$e(!h2pK^RT<+A9a+@|E)>Dn{AwroVZ6ae9F#`!Ym@iONZ!kn4F^=I2)LcU
z#}^>a!YWY)p?_33W)VYSbWrCME5OL(lyTuGfK9KW;Epd<g;_`O;~?rhzbt>o!j}Q^
zdu)$F;Z9g(rxDH{3pauczBO1<B6$sV3Cj-j(3p1-ph1&l5ugkEZAE~(O>!3jy0l*+
zRo6-GB0!gI+<3+$k7`yY_E%KRYJ!dKV<_^Q6b>B55NuKCdchu_=v*5O(=x3>*Sq%o
zj~BX*r7$kjXa@^AGxB@bhG?>zFXQ)+m5Hc>t={3nZlB0M&&o73(o7=&cQoe0AwPuy
zW|Gs(6#8@W_ZnAsV_|$Skd#DP!BLU5RT>t(K7faHojjIQKG7qwu(=Z>4PYsv|2)M0
z4sct{zB8&ELGAn9wiemPCm9+n_X$KxN+RuHj+kN!gqcDo??Fq(Px-d}>XhqP6JR+o
zoiu<~8Hs%uGt;!Ns~2T1E_KGFgcP$rI`giN9t(Sey0uF32l!SjG9%m~Ng_<zkEt1q
zyvGqaMVH7oWseV$OO;yh!No_3fj9R4Bp4`e#D$<?wPbOEoxaT0Bo_AD_kj3ewt(xF
zN&M#@U@kV!8W5$Mh)5`O%MkV00W!dih^=4;?o<Q#sKU+ANh_>7S`Eq$_;ef91`0dE
zl57*cDyJ@EywNR@_~8Jjyse<;L_9tvnl34?I6t1G7bs+NKAH?$O6{razo9UDu&mKz
zvzx9eb=Xb+jlv>6>bG{gX)-J+4Yk289c<cQ@5Z{iY=U7gjlTS#Orgu0P<|r&&ne71
zXjwY1j&a&j`yRDysh7rtO=CBwbQ(qn9+i|KcS4ADHP80WbB=fN=Y}0s2GyziB9*}d
zT!^$Rs_$DC)h&}Pi>j~{hsf9&VlkXB?ndPsvN%Vs273<qbmHfSg2ccSeyuiz;zO2A
z=Z9R|ioRZ9h7<`>j?z}w{GhNcW*+qEW~sDY6C5gJ9STzp%IYklTP}gV6J?#Xs|O?}
zOrKylt4srhy$3}%mFilExy~$w<W9H~0?UaNK^<=jVTHElG-&!HtSPmNpKZr4rjshL
zx|7BNwx>Ba{&xYsSm+qQZXmPv`2v<IykoLZg>@2JH<@(8Gu|K^$!6peco7d^aXDh%
z$FN4|`5VKFd2L{u7_+>biJHJZpCEQ+hg7u=(h0`#eUANkGJpKBNC-<qPFU7YMo@jX
z&xd6`)=xG9q*FZ-2ZIeoTLNK8iw;xwBMeh@Wb&`Tg{bmP&3r$&0H%=<8ih2_EoV`P
zx2TD<{qu2uL`D9<IpHnhS0)ZIG*Sf)p5x0Nq1k??2***;5Vzy#yK|vLYuymH<7mdY
zP{+}ZAzqFnog`6KE^V7L-a*@T2}@fHOdoG}6Snd^M=K9ml;>EwliH0vW>LFC>E(Nl
zCLWWtZR+?C+P2B|hP~<KdXBP=DMB}V@4XotYEw9xVbQsj<2~ryf<rF*+Y3L=bJU9J
z<j<j=qXT1|o}*`B;t}aNIyjc^l+qVR9dUb(){PBsk1IGL?Qun8mFKA7h~+stI5yOC
zH0Q`&d5%VoE#Gr=@QB@WlsDSTbF}@q-E(BB9qLFYkyqfNIMb)(nZBN`&U7sLEOF)g
zq$qPOJrXy^%43o<T#ab>DmA<;qT#F6@GB7wUvtdceRLtBr#GmVosVevMm4-NqT!p=
z@N*Fj->ioJ5Yg~0YWUfRhHq8F&!k7-oZ5K|om0}JJ~Q12xXWZoFO|;!mnuyV%1za6
zn!(5mA#SSMyL{$7M&ahJyLD4_omP>XDtBD@ZmPV)%1xE=!;f-PEjb+GrrMwG<))f@
ztUNbW-Z<%|T7KB(rkXR(?WS6(49wZ%+-|B>hb?<V@i-4R6)qN=6hBUNZ$H(V(JnvL
z{NoNk)ymO#;ipmse3S*;vj|5Fg`DH^y9SM`*l%_6u;rUtHrna8$~$h|D;n+eTjd{@
zeydx%@7Zs4Bh&I*WsmdlTWvUO`K@M+E6;DmPol$bB}8^SWV+pRHNRZWiJq&SKSb`i
zLQ`Od@?4=oaI=tCheU^C4urxyX)jqADX$Ee%u)-(EN#B46cpG`W;hDhhYAyx@9Nw^
z>AO<iE1^0s4f_E)T#T~3R~N=q?7ix7)N<2IO{>s*ReVAb`7v(qRd3r|nQ1QXm8rj)
zVx#?-5DI(L<Y&gX{aO8NlTS)>`IGjmXHSg@@n;RRJvcti?$0`;o;g0IVt>{U+caa`
z?>~A%l%^@UXMfg&EX$wOf2@Z;>--VRpVfD)hYWi0NICwj6w{v->dcCV>ip2m>BJh6
zc-SPI0qvQ+IIce+eO0Mss79G69$JSswABXhF*ZEIRqiW7A@`_HOAwwPtTCFd(bi;~
zX6JT7>KYT#bSu?#VVa$FvF|X0w9Xowj1pCsZcwq+J%xLyK7}i`t)4%s{Qd}QPpYyX
z=~jKEN)&F$Bh<5lYLR!%HtXC`E(F?e(x;KyaBEUU4k<rv_&@2yySdMD;$@8SaN?C5
zwVZf-D|Hg2y71dog0~pa;Tr={X{%4+68>zelVsR_I>gL3bGT{dGYxoaPluZM<_|Z`
zd`;D;!qcG|bHQ*^V{Ync=4<My3a?BL4WcYMCUvZWbgv*v?*e{5r!eQ3rKR2&>C}UJ
zowD@cvXSNM!TnB2zPBVjL=Vofz2U;ha`oULr<5K%qxdciew>}WAfmceZGr&j>l>$9
zny}EoL#WWiW2VJ#-(Ix%Wn`emZ~tCjfcTTth1wVgT8_ETpMWWPmC$e=V(^=E%x3W0
zo$gdpVJ2Tf9SUFSN`sE4FgIP={5Br*F$#W$mcRjH<kibZ<$)fT?zRM$91FDsD$OgN
z!Z-t?kWER1Lh(_%Pk6!@gUJXtM~Ub22bFVJxrcv-?%@TNd-z6r1@7VHO5eGjUXgn^
zC6Jn8y;t~#m3O$Yu+^=eVyGIvoCI9oC%oQRS1-Mj^c^ej@e52RodoMZkMHii=(8A;
zVOXPp!eOa(yM-1%g`<0g&$l&cP9Y=9?(_Y6tfA9@E~qG6IO5aEObu4xw!?sMdcID+
z(_k;)pe|vJ0e%YK^EY>*a5w{Ph~xL7xA<^|5#Zm$h@Yb?|DI79XnZ^+evK4gM>@eK
zbPJ9*FXJosIwdqwgu4OEJK|&HdDti9&`Z8>i*K5gM4p8;!j>^SD%|p8urV5{Jf{0u
z_jW(OB;05%Z0=`aGI<xai`VoC`<h1h7Rw2pgl^~(jp-yqgDFwy>Kke>@)#T!Uv}EZ
z!b{jCQM$L^I(@A4TOU7S^IH!Z>-JlpJfbSljdlC2PuV2#1!Fz@)_aar<hP!g=Js1}
zJ7M!%FWqVSt;bHc{MJWy{%`oLhw>G?3x1A=$N380h4kr03g2XY>D*34%~e_G7=9Oa
zM5%$eSLxFYjl6_A^i5~xiM$^E>^qqu{%rJU9~ZvZYf<GWSaVCH&lzp_yR#flXLLKy
z6|>BSFtb1vU3j~NyBnV)|9~z6j}JtJB?<3AZ$NkTff7Zc^rR$oST7L{>t8Vv`!HPU
z#F7Lc!lE&ru{oM<KV!|s8GFU%s%G|YBk#dH@oC?L`!tfs35+h)*R%{HB}uNDkq_XM
z4;MK`h*Mj%aH|tIx~Rl#B7SwMg`>TT|2J@SBwxXMa1e<lHoSQcu1rNFooFz~L)tpK
zL}99cmmijtNGJCdE^Rc&Ph20=$b0Y|qTc3USd482YmWFdoxxJ{Xm{U(9&L*&0fmEM
z_t)G8{H#_Ku4N*7=)DJB+Sf8M;0S*qXGq~RQQ*IMIV>-*it2~d==4)q1Uh+-!niCW
zmH6RE2?A<d7QXyQiF#c?F(SOj<h@j6-JNU>Na=s1jQ>wK5+@$xlRU%s3%)HDZp0KF
z%@SLu3bRCj#Qq|QbgF0bBYGUB2GAdL@(En?IlPG;BR_^g(YoE4=rN`Zq(wWNi5_E`
zz~pFMCspA3ULRvRmpalj3=LNc6#fqj_h6y`mUJX`qOg9da3mIEFhVE(n}0O%!-8U;
zyr2e@x0BJFIo>*ihL`agp4n7}d^L%@0+%ZAMPRrm?EMd05?X?ngON0r4kA80RU=j4
zR+^T=$S@7Mp9rGm<z||O?nXWWui+TR$m<kl^4~3;e#5nCsy#e*hkuR2d_F40IjS(t
z-b9|fL7{+;dec72ql>(UM)g{#LiMcBl?q<FOV8q*XDx-Qg;SpjSn5=Z^0ldeRHj}F
z(WR`pFSICElL{zBs;73Z4#kbvtscaCU-QtSo>itCk_;oP4bd5SmBROYKi+WeT7T!R
zy+Yv<AN9I(R9EMy*C^a}VL(KC+xs=U-?&Q?VfN_qT162t=PYRFId^h}wUdil+*MNt
zps+@6?(J8dn|sxI-Mkhdp)i}&exB}e&-*#>hP9vLJofW|wV$=j4nd`{<KaFnItupY
zV9%*3D}83Ohjt;&9?mW*r`ZD$WBRPJnmyRPH^UZqd2ep55xT@fsWQnYfX<Ux*z+la
zn?6Pw!Swr4*xK?bgAR;K|BI^f-)lbAAFhugbyY^<IoFq8-aRK0CtcnumCjTCa1qno
zI^?0Q5xpZ{4et`s@B%gb&Z0<$7p_8o>^q_U*c%Z&y<ENQdPKulsNvTl8op8uzv>v?
zFr4FB4KIsm_-Zx$N<@oUqlRCOX!f;g_@#(uU#Es&jA-`tYWRhShHp^A&qp+TqZ(ei
zC<52>)>T|c)wwPPX>E}jd>fq#_hIk`)YZsS@E2@Y2M=)qaiuw@5B-~(<RLYLJoIi}
zA$9nnsYYJ25eJeCrC)2xJxr2ml828?_=8KEItj|m0xyDctWXe?x=2t0$~1vp#&psM
zh7nFYPIS;EF_}#H?*kn;F##AQD#Z2mr+_q0?^xmtdU+aVER_b?olDGgX+mMrQrY=h
zbrfZyM^P$eRu?4GwQy>Q*p67$vQN&EwN!54H%knMiT!EVwp4olW-T#H4?vig{*E#X
z#B#p0Fw9FgiCIWP3JnAcJ&<RxfOH_wTqechwRv7{Nen-Xfx=}nAhj^hkPj9vvtoD-
z<eBDCtV<)`JO`hG!Ap?!Tv!^O^-RpGnDy*f<`c!_ZP?X!pdGs&4~t#9mdR)XbX<u*
zpd2p*+rH8h!B7A{_qk49gP~RU-=&}HiH}(*RU@D<YR#*TjeQ&zG!gr{_EqK3oz;Zz
z2kiE>i;jYAuX5PTZW0zWM_;KBGDDwp9y|Gk{aSc@V6Ud3966T4*3Mkrm>q@D`rCsH
zE(H}kE{ei71)cRr>Itjq?AL|D=WvG)x*pWv3w)*yc{GW1f?cTJWE=X!^`VMxzxPM@
z0q>>pd)Az2zINEKbw+jC4*zppGy?!QJ+ub^n5nDTi&XDKrsmN@do*#iluO7V-f~M)
zMrXO`@q|Y0{m*E1priR6N#wtv0soFai%+bR^pJJy&(Mh9`cL_V;sa?Q#e1T^z;k@`
zTP|27ktSFyFBV#G3g)M9t*0oyBR*j04fz3`pc&t~X3mFWAH@kt11Q2t<{Q>7{0WZY
zwaJDQv<AlL3Wra=<RFTV!>AVpO+59IjU*0w(UUm+nlke5F5-0aB~RKk>_u_A;H8jL
zQ~07dHH9xJVz|)zb#GDr%Fx$sd&$F-oA;tH&i2!2DjBFb`nZ}toB=PPD)1;2a8~m;
zyvs}$$!Tmsh*g+SSWqbFYYZf|6LVw~7-%tu(M76j*WP^P`Lk@z=|z?~xo3fgIk|rk
z($Dz?NI%yXhNqt^^DCyG*+o8KNd%J=l4O`VI06d#5`~;1pG9`3MDkEG3X83W;y5);
zrcAoe8<M&S%4K~f*9_>WL}AhjpH!<4<f?el5i5Kw!6Mz87kiQJ!sU{52UMt*kPWKB
zmCjr?=!cYSz!%u@@in;R=RbRVp(pY;<Ww=SfB9mkOwbq>FPAdGip6%BVD55n_WYle
zSv?O;lq_EC&7K!7momYa#ZH-^F&tekWrDGbO_^X%n3w*RG7R)~zBD_`OAm@!h;GUR
z8*?q0Aa8|~3377FkqNe}kTOAbu96A1tgvK)jk%sOK@mO$w{sDvyRQh3(}Qy>#_8iL
zd>VP(DHB}n7nw|Oa)nDKn7PnX=v-}=2}mQIB$!SyR9^SD<p?$Tev~!aa>0O57zetL
zwS|dc_sd9Eo`&_$i}3gFUKYQzo_A1~c`rMCQiQ^?=R<d#!AX7sJyO71Q|MM26rGFA
zZki1CyM`xF7*L9(4=)WyZ)|IM;X}_poczNZFuakJpyC9PY9r`kDO^_8u>PH7*x=F^
zS%Qg)vtAB~?;sQoKQGmp77oOJ83qRg-k)z_wlWQPU_EI>b@G%8>3h5!O8jFeTzy_d
z@l-(<LM#+~#ga%BSQ?E+bH9!qf8M4k<loGWKWe@yFIN~R<fkw?AYLHm33$vi`sJ`X
zo^75favpwUtEAxKurTC*Xe0@K#yF^d%Seny{0V4f<<Mywh>n8GE%=EV5YRlrd3&|c
zD>_Q&0uJd~aEBAaBGcZk1)QSi<d;0o(GM@$kC9~z+TSq+I`9)T9ksWTj(R;*ximdG
z3f8~IziR%o8mT3#N;n1VSh)HON;NQDW3Wwz&W?Cpq+6FhBYqEgUE$p5CTJxu32OBT
zfedNwJMk(XU!ALYjPXUT{8AYE2E7`P#y-x)+q+!CH=CF&JmXc50*F>B`M~QzM*MKG
zC+5}OxE2gN1|3;aBJo47UU;qR^&o@x3~HL=I>CDWl<*0zx<93y?pm>M{nLP5%>FZ6
zMFDS+hX~#Ty5SpppzzlT`k~9Ko1w!^A4?+D;8G8~-}`#ddMLKR!}Uob+~yLfP3q@Q
zz>T0T#&v=b_+)8Nij_<67mO7q35tKP9Ev|Tr(%k~j4Nm!%1*JT0di3|1LVZE$^dyZ
z79BBdmC4{DlJP-p<@$3dUq8x?Z_xmXnwHcU9R=gjY;vTjEj1<NtFoI__)#lg5NZ4&
z-?Ss&>zh!ha(`1*_)jk7{2#vh2_1zBhl0)(w1M>RAU|k*Rr7-wg$Y+Mo2;C6_6;Kn
zEiLJ5Sp8x)FS7S6Brt20>{+;NkzooU{3_pxxt}uf7;HeR?{r}WuJedkYH^gro&KmK
zUkR@ykF8iqE_qHk&_iInw7Ca}H#YUgntq)*#$1U)u0Oz`C-((@?P@3e;riGnAj6*`
z%RuKFDM(x9F847(Z8k181i2aXqP%k9CDGe%+4E9gnEP_MITXTMv39ACiCze%`qC3^
zEu<k#S|(-319?h{PFv<<Qc)4&-2zXO4{lE!7c@gBzl2Aa=rDJMoP47xqEBBDGWnET
z@5w{xsMp6uFeF;zB7uO_xfc4pPA7uv#Fu;{tgL?6zDRr=zrx64NqBLGxEKrDpJ9?V
z5;%s~JNHute`62VCvi{|Bhz%xzNB0I_F^cEZK5T}92Su&%z4qP$ogSw6S?^_UlqC{
zl@Hx$!bKf;I)$^QW<n8tMRPTQmKh=;$=u9+hrjNZ6c#*ZW_(<3W;(8<ywvXn!PS<$
z;@y*#$>8}MYmy7i!pAemP#7p@%zecv;WnU<XH9ahnIn8ThQg2+xCA?^yLPXsC+lto
z&D4_vuekfJj(g5bJlXe(jey0%j%Q?Q$?J-I#lpsCw8Z3x>yt+CZB?Cb%u~Ytx2W8f
zykW9>LUsm8qXfw9?~G80bX_M^#+8fQ*$i`R&)#r9+hZMO6XaaE=S-f0zE&pB=|vuy
zJVRGmnLMW)EFmmJAFc--Se-`_#o<}-IvySo*RWka@r@AW8bSU_pJu^*P|i;P_meAa
z2~zW2u*+L3;od*T4foTwXA9lW7OX|M-@YfflSF2TUb+rnXo3Q@f^JBGx}((62)cm{
zBd@-E?|`{&9ne{>1G-fn?8`5^fYSAO^SK$W=XT)1KG{vXcZf)kF!(}O5J^LZe72L_
z$n3@>MVcEy(F>YIUi&wz5N00Pdv>7Jr*QfO3n7*m<<iCi<rwPIEDX7o8}WlR=aLHM
zT&m{m+050K|GYI#?h+TSu2_n=diC}_(}*rzEgFFc5JDohzF<;_Y0aD+9ypEAAF4+h
z!5FGrJ9FTkcjlKAMp>UfJl~a>#zFvjx<~?YuN#o*)=We5oq$ZD@I#SB69(tI;9Oed
z(-H`S^>=;>q7Vl&x)@kib9V=mE_{c=|CSC;SBnQtMTl>DhJ|=}8o}OWsBVb7ztY9V
zU4UPKQ%2V4jzFFI6nZVUz%yl0h5N8uxxddY4%aAN7wLk1Z4*zfVB#bS`)n+8;v&~J
z9Z>H*xi}<X{Ff94*<LknQTZqGu$t&t=tPYv47E*^Ucp4i)I^6vCwh#+aN9(q++TBY
zl|Z`f*Y5dr&+lWM?#nqI5<u^jmIQFoH6RwYJ)_ysO=0C$iIuZ0tQ2x_x7RCFiW<St
zl{S1mU}w}W#0&^D9A)F&!xy-)B@jvu)+ln2V}udH^>Pxpm_X5V+e?QoC}+Dl8Chc^
zBMaPQL@j7njvGHG*xoZ>LHTHPQBAZx$BmzpZ4>paV4^E(qAfXY{G4K&sF(X|uB{RH
zxvcCbAc`p@4(4$zjfK^187GKK(7dy{t)BRpgVI^P;Z*XU6!vl9_FYu^7ktW;q($1o
zJ`}VvKeZE74utpgfKVdK`4Pi^U>;-0Z`t0>o(8e3uSkQyB7C3fmiev~timPaf9iG#
zzf55hS90WY%R4K9h_r%D=>GbyvtA!M>ZtJE>8UaEeZy~w=lG2?-89|2al4OL2x$a&
zI_e~b_7+C={BjbT<-xjOV}Cihjxu51)eKgyP!V|f737yEQ@CuKeL=2^_pVuC-Tp2&
zJP!!NY}Toz++5;fc~*odUrId+*KJGrHn;q<u~AKYZApj{@k<J~Y!l6{V4^K*qAN?>
zr?tycYoeJIOtf81bTM?IdK9|bCYqM(I<31_h|_xP#yxYBVLdEvGAiGLn;a{$xXFn8
z^7Ki}WcJb;V`2X@@=QQSMm~T|(fm~8e5KcOFrrY3@G^xtT@3SpY`){O4oHu#@}#Da
zSm@b7gD;WL^oij!-}(nXr7;w4RMH_e1p+A|VY9$Up-d<7@SY~3OS(O)iFJ_=U<WR0
z)>nEx`}xL~<@B*uv8v3rifO$Ry@-39%YY@HYkU>oV6;*RMk~Dod!zZSIbZ1{0aoEl
zvcKYFg#+WUdXgsS-rkCO&|kyKkynLpz&WD3@Dva~^bpRB>(_#ebb_Jy<7`k*Mgb@`
zP@Zj2xs|0+G&|Q&Zk8=8tWXK*SXRcdvCAa(hOuU<_%%6cVV*f@;WBGd8NtRUMQ6*z
zl|IexZFx<2TT<jt;gOm7WuTlfu`s-20B-siNG}Tc6O2aEeNqHB;~Zn6^a|gz+UI!B
zD`L#+=6j}hcE0D&a0fkU-8xFwkMrhsWP!8VD!-7982dhKL|tKF2hWElBm3CbS%0Kn
z=*>UE_jq$uXJLKFB%DorjBwrA+)Mrnr<YA^YSNni1?5)^iJ@?*Q11M;=H;jZjVWYU
z)AlKFF^aN6n><nwCed99C+d|Oo0rcN9-%PJdTaLr7va3AW?I+WnG60fg_+iqUEELJ
zDHJ4kNtb)Jh%UZkSwzn@cT?PfO-+J(ws|D>JES8XB7F!Mj-haBrA(D|6?HnlNEUS(
zyvkP8>DVH7QKz9w4LZ8WUDWC8Ro3YqnB!5@smCg__een2bV_#Cbn0d^;~@sTP2uKR
zOx6|IkF7AxF$MoV{)MJ~L_x8WdNdO!_GR0tj)q$?0epb8g}$1)xZ*QiT#SYDoi$Pw
za`8~+bwFp{?_n4IoY6sYm5EWhHxN(0B4C*IoCU(YueczX{+s~No>yG(8}pnAz8<f-
zp*QfkP~e3W#JXnL`vMYnJzvmFnl`U8vqR{00il)-2wiL^ArwR5T;(w6vLHvI%i5JT
zbeWOkMwj&~CAv({aihzIl@_{e^+K0|l@+1ODi3s7D9|Mq#<gXN(q?LK35A29|G-!w
zgvWu(4nFXPfXACAji1#n0Bv;gUr>hr>VBW`N4Yv54g)4i3^-`RfZ=WoI4m(>m>UC*
zSQwD^iW?w1o~r;J-!^lBW5Wvq8ofI+{xyGr<CQU8x*h+TP+4bG4=K_FNGx1v&!k{A
z=05(&_wDsWk_f$eY4!rqD3r8?wN<$!GW`k$KwP^P#FW}zB3P^Y^`J)la7)N7x32|R
z;v-ygQL5d7Pff9=E$r%Rpf`8=7Xfc5_iZkqT-MZr@~vhrC|_$Tm5F99C|_@CLU~Ga
zH<W*9T0w)Pw0u|Lx#LBMbTJg33DcW+UNf=m4KG;Bp6XuqCTZEvaxZ)H3+A#nHFGa}
z=?fJg$MPkvW#=ySB&|_!D#}4kn~SsYii1`xj1E||_*`dAQPElLI2ApJ=WXOakcz$s
zg&6x;^o5?t*V_C3Fh{6wt|TpGD{Q3YmIrCMW@?Kbq~*Fzc%72#L0W!TQDJ$(G@GHM
zo!sR$HgJvkO2CV>g25ex?yr+-aIU9FUFdy1hz5*$sQfcVTEQ^%kKF0xF-&>kbkYj$
z+|N~p5pCr##>CS_eGO@uP}lLCT<mFtA=Bx35|+o8*<d*+&kf6yN}wN@=Z57eo6No-
z&jXhGmQ~bIZ2BS>D0i&lpyb~*wxdqs9w*gc+Z`W%YGRF0^5WErh#$I1$};eJP?vX=
zN@Nk5o1D;C)|<Rfb*LV&WbXrrpjrRWNgS-gzYG4sIQ(x>4&mFkeYioxZit|hhw538
zSQRf$tStavIM<_FW})oPIwOgkM%rh*b}g7HDW@crwy*8ZXXK0bLqELK3T|^1*-zo-
zZPA+;sd&MiprszK?WjrByA>=$9c4vFy`Ij0&b^<JYOtov7hog~76_x=rnZb!g)=d_
zd3x)R=V2=z-+5o?h@sP~$SvD*%_mBK^t_INt!en!rGJ==_aj(<pxuN@d3Bh1A0Ke2
zy*c1BScA+Zue}(MR|QK!d~ObC3%gOFp80u5P+b=dPJ<|7q{AQ$Hwh)Q-TpAdWp=(i
z5L=6E2V!!*`#@}0{-;U#?gO#ImPD{N->b!5QAKjg5}R44on+KSE2P{q><jbb{|*-r
zI>Xv?EZvQNf771XbjZI!ca%=Lea=UmMo^9UoQ2?O9EC}}3`SZd6F=;~7RsbWBqaZJ
zr>DTH$-NL6ia+O=F|`WE!UN*5E7yX$Y2`Tmc>r$s7*-Qfn{pX9Wr%H4<Z^L93e1jX
zB%X^Rv2gY)hN`V&il%S}XXw>QZ=_WAYtiM4YQw$?NK?*V;5J%WdVHnV<Lex9A3w~e
zZ}`w%H@pYZ(2MPvESmyl(UOWMLeH+4T&1dn4DDgGCVn_~!{<R;u3rn<B%_n<In2`T
zW9Il){BceFL~*(=Kb4+%*`<X*%PuyF=2CMPQg)LP&Bf*}l<aOvG-F%15wa{$0X`14
z>AbB4I-V<31UimGa9I}(A((e3$iH|UCR4d}Pv?L3oHYg3oI6P2R&^1LYS4=Hxt%z%
zdZZOBB1{enL`OmP(x9d)pQ!&?{Y7QKZybf`T}1nZJ3bdZj^j52@}?3>UFI{(f4ivz
zx(s^v(gJtIhQb-<toVr2og$oB@(?F~^Io%vMd{ksF|&=A$P=!~6V6G++&+e`d^Cce
zkXA6SkHJVISn`h)&IJCG@gG^0SZMSvZ2X)*yA@+I(}>P=2FIz+7@Xl;ttwpUjE|1|
ziaA0!AseZNEJeV~?BTN=<=@byl8%K);Z!virb7dHR#s3MZnpD2b<Nh!d$<N8dx>`5
z-(OShychIxcV#HJ7FuJnu$Q|l!+htc-%(iG%k0WfQEd$Z@Hbs}QWsBi^ki7SOZH^=
zZW<;yRZw7K@h+=0WND_e_~g(%R`JO*na14~*%+}$7I>RGEu<dha@$K!WQO*f8M8-~
zpqz00M|dJq38BeWsg07+Rt3r}(>y9r&fMj*6;J7REu_@w<zDWNLS39&_iq&L^fF70
znxn2<4Ml^#y+hHU+zpnl@|#l~8{EHGZt&%)KceZzbsOlv4cYI_w*8)!S$?t6?P_x`
zP7T@I?#0#{re&5}Y;?D|(+7{;bJLBqbZeu(_S)$0Z5z#>o~Y5*BtvsFrI0nnRcY~O
z!ZhU|6t4Twj9{e*Iy!KaPH`pxJ^_Pw%Q)-vQw$~xh4$KQYrm10ichYdV(8)1R75*A
zlPAxg;!#>+&u%L%!`54)EVKOH8h3WvduxoF?A2T2;y%yb8n2{cDbig6eXurnW(B24
zx9w4V!80o?MH=$N_nDDY``Dp|pNeSsPBr{wM8kKf;U^**UcASrwYOD%Ig+WWd{w3}
zTFh06&&51Sh6Lm!d(}Gtb3ly04@dOQeQNljh=%W1!w*I@{D2yMAfn+1)$sk95tKVQ
zx(7RL=&}UBxJ-kg%*RPau}^dL!|}u9Lq0BhoEUE~@(c_%7(BvkT{cD^!Y&(ln^72b
z=x)1g93Su5Wg|2{Xh&8#Sx<E+Oe#^WHuB4S5#?%6F0tim=SA{RGYXj{_FQe9BvaiZ
zSG#+LJy*NiK9#F|d$LLdxxE+Zv!Dp)GQ2XFCSlQL+SFSC*^ng_<9Q`E#keTTtr*WQ
zkqA<l<yMRrlvpJ1RF;Qg{7s3px-pyCt*KKL**)21rOe#t=<2a+a=2dF;p0(V-RGyN
zCi)Yy+z}YNN-Y26_Q@{y<xE>M`mK{)-ojb?WbckaM<eH!DYjO8@5oksi4?vcV?}5b
zW_d(t<ds+v8u?kS-W|G#=i9&2rzIuTC66YNkKu$Y7CTH<Ks;?yxh52b3%S%!Vb(N{
z&N(_0?Q&9G<w!;wOuhkoa|q{S@iapZ=vMg<PG21TLv%&}`UH^(?DmOBjm1-pfb6s9
zEFQ9Nw7b=YO;!x89&+^mWA8h_qq?#EEgwr}029oRO)%J&DS;HONj6)une2PJFT44#
zlTcFV0Rn+!8)<|T;F{ihF&Ho%V+g(X4x#sEnvLl_p?ChDj&#e+y)$ECNcO!i`M#K$
zJG#=*(b3V-(b4aSPQy1`Qq>$1IHwiieL-!kmKbmS^lzwyKh-jRg0IytAHxgy%bV&K
zXsLd934Hj&|DfKwaw5V85i)$JBvYD&XC|a-`M3zhBqa8vy?8@!w#m$Y0Vc?64WDbA
z7KiaCaBJJo<aVNL<yKZ|*g#DUG7g|!Amapfj!P|QTz4Xau?MU~2wg{qj{Btyt{X{;
zw~Y%EP@HM2xYKAyhJ{;3MVrS3AiKZFV505a_M=1Re7I{=v|(I;B6xwpWLrft9ewbM
z+8S9WzYDA=iNQ2mMR!Iydeb2X!~YlN6*%F@(hMu%h_vnk5{~peU?m(mGtR~S?tj27
z;Ye-jVceELU#8r=J5B-ZcQg!#-hQ1|X2q!kfk^wxva;}V{aiUQ40@%f))o?OV6sm<
zfmp74(^HLa8jTU9P_O+PzK=j<5(5KMHDik2R(Qi>6pHjg(`HBIvSPoYdA9%a-Ny4#
z_UAMPy6qDR<(AG96X`+%Lx?#sW1w9sPlS8&D);H*(#6zQP=~a57+gMK%Y?o%L!#pI
zX0*PjB>`6DMHm;2hKSd&E)8z#1ewsAD2<w)m8zxq6auhBhu^>73Vn!Vg#MR=uKu(7
zTF1u~i1eDA2u%T<FB)ZmNUzTM$w8#+Fjz1uwFUb4a#Z^E1!7wK7ooI*JEHvUaSBns
z(*YZz{KaujMENd;FkTqvM3nD(z%o(>k9UCpy0t$XqI}QM{@&6z7+gARoc~VKxj&9s
zZA@>fb2zSZ`WkGFM7ZPnkVgb-io^1}2p@`z*cm6nO`RvwFJMHZ<lD$2c7*j!8L3JF
z>8J8iw1>fsqe`+c8u`L71?J9aY+_{^1DS0!+5iqlqL>XnW+Gv;7TibcV?sAE4y*Gp
zXRQje8<t8!CcHn_h9|<^2o1a(PUxK0gOQQw_Wm|fGsNx2;fNIFWj{2+61Oo&eh$p?
z?}p1H+zXFNSn}biDd^Aiz>++CvL_=IyOK!j!6@V`j6b3j$bk_uJ$wv9*aa;0GGs=g
z%4q<<<C53KAx$ED^%cuA^83mO3#&So!O3B$zS2dpSn;j4`X;`f7>0)vnQgc+ULF{7
zEQ0%@BAIl7`)SC*>9R*>q)9M1J=F(yBk<Ar<5E5L6q<y#h8_efJ99jO`}}alMekH{
z5DKtkWU8<ddJEb4ix2&?Gj%SJtutOru_IdtL$q#0Xi>N^O(9x$-6j#OuTQfOt??O_
zk%-n=+nk8jo2LaLTF>0(M6_NtEfCRq@wOj@XuZBc0HXEMBx&cYY!J>bJ0;0<qTQ?O
z=cVgV!F1Bys{5cm*)A2N*KT<Of2ZACtGTOn1N^bQDkvx2l;H&iKHhlL0zS@Z;It7k
zl5D=%A=3hYtWR!p0$KN-76@eh!!{?7b;oIeK-Ran{U{*o?hWj|*t<#6y6n*40o}0Y
zEPgNZAKsPL@Ghzw(gnL#jb*!lvAk;4J-2Qs_v<EOU@r_S@W6IIW)18pmw`QK4J?JU
z$9xL6#3#0zD|!<CFn~+uUDhq&l1o+na7%hTFU_2*RV~z#9?y#vXY(frdc)%r5u@=I
zD!uM9d&Y+1lEveyp;4(Af1rv&396P4&)4whW#KXTDV(7SkIqlw5zqVi6f>$>F2$TG
z(xW)K8V`X%JVv!PJU^|CRfUJ;r|>vccxZkKk5`4$^HVre6&{kG!V^^C!PWAC$eg7L
zr&SB@pq%_X@o_U1@b0Rd`I@06znv45Bg95M8NumGP*MvjPh#!-lX(DbW;*2#(9}Su
zNV}s-UJb7ZeF>fo*^apxQVx@>=WYHHvoF{c32qwbBiVY?39xEu@IV*IUQQBAD+&{7
zV@Q-q{zH(6uMHFIv)+4OLLj||=Oc@YYkuhQ<Ew=}VHm2$b6mCXsPQc<MA!Ws)18?#
zG=X0W8s65Rhz4I;&tHO9#Ph%5$@rb&b|}~0#}un@_lCBUFz@1JDzM&oz<y2F=u@y6
zIWi~J9Lz?T_Uk1`2+gV1aDWq99A*tiw6BhqI0(Y-giv9)5#9U@kzh;{-z8B5_B|66
zjA`LJVZoRdJ?jd_lv~5aTRdHJ2V)xdg|G<^7RJ5Egq9fH6Q7t!UxPCk2b2B<iogwz
z0+G6abPotl_x<p6Uwg(i`@#6PT<AVq*`4mwNcUi*@mx#IB6~bOIxNYaWsp6qrXYLE
z(?Q8z{cc#YXFMaX6a|od#*OUEAY@N%DahX8L3Yph(#Gyw496SW66wBBNYQ-*>FySs
z?rt^1(tYk}8CMlR_q4ZN=sxnCJKdL&?p{dawJ&Y#9)^!jNwNnqMfUbOg6!!}1tmML
zc383pR3x;jlkBcFUC8eGj62zzz7}N9X2|ZX-`Lo_5<`Mke2sK(ql)gdx`OVr6@t<|
zp-x!3w>;$vt+&~Y?p05_)7=lFXD(tS&A?VRcHhNEoxee{dl+ONK(aG~lYK5c+1;M<
z$Awp9_pjwb_Pt8(WbZ+;CsAZ~b}JjZ=TjMChIFSznc#WvG9Sj>SZILq-0WSZsprWS
zO5pr@qMPf>2S*89UpH(&Cs*)Snkpl4ig`?@JgsZ$`h^h`g5?#A%a3)@iY?1vMg`LY
ze5<DIM6dtT#3&iyQSS7#TpCx_^>=ZVWiZ>S?0U^WZ*t$K4RqZcw*i?U2P9te3)+4R
z{*pptU}q~HPhW$x7(|)Y3Wp%KXlOvjTW<+gcc~nl)ji${%jz?g{h+c9k(yD>r3X1x
z+(qi@XF{ZU#BdqCMq^;m=e&#%sdNmIJ@Xm%=er_mDvW$b5T5sJ(5W!}?XYyOdCnC`
za!+*^x)&z9(>=6>p!-A-oC+CV*rvi2ysXow1=8K#p!*oooe`YwtKsQx`<(O?2hcst
z%^tWK#2&~&x<@08d0*Hx&oq3rOOic1#uT5|nU7X=nZd6!O+7beFpY!jqX?l<2(wJ1
zlW57x_&1S8v1A&}NQ$VtYmRP*D3-gj8UZH|(F}HLR>*b@f7GLBn5k(fwd!gIff6Jt
z5<lFjAw7=-I%)WCz#rD$;(4zcVR?Q^^XGXmb<(XyfI7LNNo~@z23OxT<2#oM;k;%l
zgr#rVw9DETi20_!c3JU)<VWWk4(;;2RoS991GUTQ7fkH#s&3HT&%0}vX_y~!&SyMc
z2*{{n=vYlK91I~c1eAmc)$KQ$39ShGl4Y;5sv8+TwkE5L02NzMFN42oG#dV(oI%&B
z@sNnZi>sKzakQHAKwyg4rNe;gV$NMi4m#(?RSP@*+pGBNIGO~#M&$$U`F9L<RtZE-
zU;c&*_qYApHJ1u~43_J-hxwEX_V+9<=I8Z~(E$t-3vsDemedk`TwN(>AGd@zASXO6
z@014Ul`C!r<nSN{<oqv%URhTN_2HtgZ2E8y1|v`T5*5oxl|KW%t1akWSTQKw`)Y-y
zJEM|3-w2@l-a9UI_kY%%?v-B&x|c>H-D|$K(Y*<8!OZ&#>E3TxzCF?My&Bx|%?NM#
z?yE@Xn@+k{z3W2v<{*}D7qonDqLthI8=D^Qf@I&3WJ`Gcs7P2}Uywb&Tu`$2*9%Mb
zu=0MEmBh?XpWqI${|<xg`*az=jp{)b@8ecn1$-ZHl*cGgE5s_v7Gm{%Et|&7sH8l&
zM{6mK*RPU26~?aGE}UIl(Uu6qKZj9z8=D;5z$*YfTFZ&IFH%js-tP&HUM?Gyqa*8w
z<>;Prt{eO{bzI2Z_>{XKbi+{n>waj<lJHJQ_`TLB36qJLx?|IO0cm7rm6c1?=JyQM
zJgKZL`O+Tj>9@gqdNO=ZdzW+FH1(?M($fw>db%BZIt{Pl?b4OV)7M}zK3UsFv+(e@
zHV`DwOfvECbKeWV!@tUTd?Jh^91f`1nZ6CBr|cr<<?%tUh6WsdT3G_83v*-PdxQCC
zwLpt{%iE&KS<eNxsB^+w)M=GnEz?eJmT8Y57WMki1)Js-<r3^X22Lx3dJW#>So%5g
z>6oF2+oK}BA6yX+2(O6qD!D4O1#XIXZxBU%7Z;EYxLCCP+NRL@;iF4mqC2pChD6@E
zorkw<I%OdK|N5hNA!pujbO5$RpB?o;#|(MnCJ#Y&wi?-;XlvMrpJ%3W`Uxy7F5cbP
zlW_VHTsf*^WW%n<e1V=p4};t-(r?Q-{XK)uIXa;)i%qWJ^32aQb=Z-BSqS}{gECOB
zbCT$2&s6EJd>_6?hh*Up4oNAI{kiGI#0VKIubCMM+NEmp6uCHDA0{sjbv&w@-tw3V
zGy&RW$eV>R(EX?`9j6-HR)uVyQ@o$N?y(eMkcl>;;hGE#EXiPDHJ)#H@b1q`bnt6c
zB{+EZ=eax(!lx4($d2tv;?jMaKq)Lk183#Of+sga`B|0AU2PN6%LZVDmxQVBg-%Ct
zv#e=6X1?c=jsoGn$`bfj3YO_-R41Vmdpu(UR6hRhLjYRs_l$*U`BrF1%gQQF{apu^
z*+8q3!EZU>EGvt}clUsT97bYr>zxZ07S7bSow2Q3o-;#RC%^57g|kDQgG_B`Vc~4$
zBr!2jK?KfdXoJGpu1Zg9sBo-zR<v>bX03<7^}7`<5V?0kW5_+LAmnN}5#%aa0CMjH
za(&mcg6pRT6&$)*&Rd@bU&<NV00y9$_rq73;7uVLkoBaRKY};@uuQ*Yu<2>DUpb*g
za+DIu2{j$e*=kjC&>@mzQ6z^BEI4yat@fp+n3IP~#+WY!b9&pEbFt<_5S%Vnx5m94
zk~asQle{_S<V|<0lF@Gm^5*b!f;Tw>ABEs#Aa710Z`McKcr&}!!w{U6)`U16nmK8T
zIWwHIYK>LN2?ul1kvZcAJqp3uhqG!j&MH56_}ld!26JwgGy65Yc1Y%It*CNG*K;uE
zo>j?|+76WYih?<3(;o$M`r&@!a%;hyg^@P2@m2L7!mOHQb?ZiG-gHsCSzbQ`3jB)<
z=2|sg4P9e*RpXNSj-(q4tV%99xZMl6J$)!C=$(;u$E{^GufB6x9a_#@R&(nIBEaw9
zVuZ>G^LZKLmdq}#{V-&9zO_tV4!unFRLkU|+76jrWL5ILW0~xO%jDFwM<KHkt#R(x
zLS}DK+l1~==OM`K<)_SU&3`u}Z@zm*Wx=oG;LSCwk~!}N@@B&`f;X4b9>q$~4S91L
zc{8T4jW-A0c?i52_N>{hzBNMf=Ax!@f4<}3%?PWKUNr)Fb4e4t+1US4@MZ=^8SMN*
z@aBgiHs17n`(aF~GtZg*T2U<|bC#-zxNdJdm~-B$WNEcP=B%h9m~*G^qnK1}(UH)x
zg<#GhkBvE_-hCL%*<<Zwc88XnNlJ1uoZF#ntCAfK$(e$Z(|5q5V9q%Vm>AMhFlUZk
z<E*RmFqkvd(iV3^tDN>q<*ae4oEcUnw;U>`6RMo~gC7NRR%4jJ@^1ulPTEyY+B*+}
zIk}d)*jPOzb7m(iKu4#}Icin1u6iJI<|PZ}bngEsm~#zvPH)sXlkGZZ``ZseACI@R
zMd#4Gxv6-w#i??#tV%jKcykANv!dUl(8r7Lbb5UY&GZ!*egbLx7>~J;sHh(XXjPL2
z$y){GUpWSgDqAK@)sXz_qrxNSzZE)5(Ne3%^Py|(uWFq0mSaR#Se2Zq8aN_@o);sM
z)wjS9$m71Z?9<L~IqlPHl}-D!<6DjdCObGO6U@z{iC<_HNQ=?T@j6+fz{;Q;gFc$c
znc<<?dsMOaSdGvF*59fzJ#>vHRE<Y!I0kHxRY{s-z)s_U?dtPT)k_(iL0K41bMP}i
zH+nZw;xkTLLod8hc4HX&)4Lwi&2KSqFHhH?EB=1V_Iu2;&=IdjT^}x;&TWtC8jnw;
zRiH<4pNVaLrE2IL73CPTf8J!t#Mc9F?(ccg{BgqT;gTQidr|WJVpWF(g-`g%m3zmc
zX58zc-8-tab5))09jlVjp({D8Dmh)%foagos$|6LfueHcMZ`Bh(6hjkJL9r7xqDS}
zPVS3U%*oxOTHxk$3)kGI_EzP=ouQ7^HglekM61C0C=F3ie=TR(rka`)@Bu@7W<RaY
z9R}3pVX}B?KFP476|AMZW}qO=vpjBVYla+>1uBTIcU?!Kpi@>0t3p?@SXI)au0uG^
zT9quX=}3Y2G>+@t2eiLjoC>#3TH`vcu5(;BS1`wQN?kXnLcCDSS3%=qHdm1BUr{UA
zcrB}>#;a?+VB=-!XqEfsLU}7uU#-9av$+x%)e6b$)s-Z#JJfRw*k!AQ`JpTMPF2#@
z>2kYfRWhfRV~bu12kg?2hoQ7%q2ozJYrNaaFblh5T<5J;e%B#t)0zwxiHTcBo{d{q
zt<;g`OR(&d@b_cP)0X)7@@l#oH`S}ac@3}a{mJP2pf?@KCd_qM9h;p|5o(932UoyG
zqB~0(l;%xOHrd?&&5&btUNy77x?`+{Tb1;A(~$)11(`~)cY!C@<R7fbb+5W}a^2I+
z$#ti?tH&-u>c=?^xxArd4Mk!CX4jwpm`1$}M&L1QUWA%mTdMh|Jswbnh*C4L)E1*u
zUO=fl8Ef}AgD*unk8$U+x~*7Xa;?0xD%n*GO!?C1cDmvxkgqc6cfx$*UTdG5=h*%R
z-hJP6T)rYibyXWpzC#<pMhxnh-$o|kx-;CCglob%vz1dVZLLheo%f-ZPP%5CH{Uq?
zh3yT?%M<v<fHUSBcfPW{VI8{#zR~ug`9_}>J~wAc;2T>`n{TZ6+UMr841D99)$_6T
zo?AYLz&E;CZFK&|_J-yA3w&eI1@nzv_I{W<FvlAimYiI&%ZYW;6!^w9Ydq5J<6-T9
z1K-$ZjmJFucvuHEfp4rnWxlb|-gC<Z5%@;d_vRZXKl8a8&VDcKvW9%o=hh3maKxv7
z?zdNsW-vpduEEwCT<j<UGG~pxtSXCrnZ`ig#~Ri(8iOK^e(Y?#`$>EGu*=1(4DOq6
z)S@xawH1$#rw!mfmhaR`nD|x%OH)`GBi4}lpNG3xI3$VSTcYpHU}#bCR&I+2d21Yj
z4aLN3(?1LO8p2#;Rv;l@r6m-`Od2W^lq{3c+ON!;vP^Xoo_g#zK9j%?;R1H6XN&Ok
zovjc)BUV<FU)z6`W&Y+@X8hOT`*2wgomuO=?lX;o58)IOedza1_&!`NOTxB&v5+rJ
z?w&|kl<HUJzhs#|`<2NHGY;ur8-1YfLq??N!T~+M(iM+kR)?v0YgnuB9pCb_U&m7<
zF>jj0Z1~b*XhS%G)C_naYCeD!9-LQShNq^RKQ(ViYO0yk^!dt8&9@-x-O?ui)FjZ4
zVO*4WYftM3=|dyvTv)tyx#fer)dbRU9CGt94%46V>v>h#^BQK)Pkm$cydLZ>BI+IY
zMfiGGSMsa(by;s!v))~P9Nmb$occh$Yzp%ViMLjM6`q=f75%7rRZ{bsNzLJ}Eo$mO
zU+m@SFCK)N1~4UBytV1;2YIU*+`&HF{qjNH`VcN*TU{Qgt&d<Vs--<))lw8>Jgfd~
zE%Vo`iSYk-hMr<3!b*<}0^HxLri9JB{IrFd*{-GoH1n$3y|=CDfXux1v>81(v8EF+
z^VHK}fcr;Sp-?^vmYG{w0a0b^K{62yt|h5HUCE-lM=b}{XVn(Ado2gm=PH?0&#L95
z`f#N%RA;>%NcEoQti(DS+DKTau5GL#xEpK;zO5rWv->HlGb8IbI<xmFN$!X`j?V0R
z%IwT{b)22q@Kl)2EPgkzGb^7_Lol{=kRdo*Us64&oJDm`eFxQp%PBP8`VOjxlryRB
z@}86G?&ZQzeW!LH%4++Hj#N;hrhzmF=MO3|8fO!uZB8-DRARK%DMk}4F}mR*M(N?i
z=)6OW`aP#OKfF~C&W}}`KV;+lU?=Bu6z9{NoX@p5zpTEK>K)-YKf87y)f+0x#4nxO
zU|xiZDqKC0Hix;m+1=6_L#Y=O3X<4nhtfk+ZF*>}Qx8p7dT5PP56!Uj&;=JgG&Y<b
zI_l6v!zx>u2fIe|5ZT0HVA7{N5w7bzk=BPJj|mk%<kQfKKbpaiXMzZ3hj%46?mlC2
z<N7-eZroQ#+SlH3aHH+BCO1aD>*U6zXToq}V2wa-oYCYEA8pBP+oCNo*uS=*xrX=4
zxp=TJ=BI=SQXRrpBLCgjO8$GzSgB&*QY*C>#?y~sI$C2JT8Cc?=a-ZJ9$>P@MX9RB
zPvE9GhUZ#oA#C&*INpM*Jr1o0nYhK-8D{6^VbIer-}4W~p7L)r2KIi6vHT5SdNHnO
z*yz7UamZ0Wi-!7e3u(Cjd00WZ^;8f+8eLloQcgunkOtLu2+|Q1@HeowLy+<+nu4^X
zwo{OHRSY9YGv5gmq)pE%4L2~@^8USA5&PO!#AD7CvA<dok2+Vx0oIDxv#yisPT^L>
zb~OX3zWcPIx<^zHs@JJWJKr{G7r*PEdZC)Mi{5omz33T}>SHdGc1pNOo9&pi<26O~
zbrOW?*>6j#H$7)jo%ObZ>MbfddBWQcs<%F8QoZeMC)F#S3q$pqYJpTQsG_Kz@l6n_
zPbj$_YLn~zPPrbg<T~3a*BO>vw|B9b`h=6~>khf@V#xKjU=ngu@w$tR*XNzQ?q-C^
zJ9*vR;`N|+oK)X=HVoC>s|QkjC0S8DA~gurOW%=HuYA^`dZu$RTCKueXE+z5HP&LZ
z--YUV;i%r~pn6)ewKQ-28kgo4!4jQsZLJn8+7K4vin1ghE6RmrVq{et+sjJ-^$CMH
zmoZfq-jIud&c}4aO-Mh11?Zn#|1qbZz&zt39R?qCJF08YfpD8;v>Yv?)zUJ`DjLKx
zI{KDme@11C{d?bXuz#ewce3X#2m41=HrapwEhqc?R}RDeD^&vx?e5RJ8rs<rLHf`~
z_2CCwA38Yua9Q=Cy|WKjtUi3}(uWh_`Y_7Thr`di=Z(D=VOj~8W#8$l6MucQ0Sv{h
z{hhBgS{yF><D-?=XanfPGzDJd{2h7|%@l=~VFQZ7!q%E1XaQymjA|zSaM}QN>Bik<
z_omVdY3fp_%kNl$d3)c57R%F3>tL#AV6Z#V)uI!P?J!QK9CejL0Off_GzFa!gqS-f
zButP3%T4&CAO%jD=wU$$Tr$zz+!;0nubCeHB4`C0Ou#H>0X%YjEQqX+s3v7SuZkt>
z{i``-{g?`5?pMtr>&GoHkA>BovYuTfOs?7~R&Y#hm6>z<i_&<%|FO)0_ZVcM#O=gW
zkC$N?o_eflrD5L>n-CT5%p2>`6bPEz?*X@KQ&iZZ{~;z8a*u5^&n=Obad_Nx^0R=p
z%BW%35*1_^meiHQu&RPJ3^VFFhG9(w$>`~I9mBA;f;kM?E;i)C3gOZ(Z?cR?O|4rq
zpH>+uk7AnHMV|-hRyG9b*35dcTU*Lo-O8-z=+?IKDsyx_N4K_@H@mf^p0itP%7>Az
z6;{Lt2CP+Ou%wcuO7D75mttORAB};u&xn$^wRjGQ@Hq+eWw;%Kr}{;L<w&ogvS@3z
zB-+)TIkZ*C`<?2}4B8f8()b!K`LnffInv*Bq)2~3jouxivIpn&#Gz|@ROe#k0z@CB
zI^Yo0RwfpPUDkaX9&Zx=<4qL(&ccoqt=t?EFvr9syd8ySoyDQ!5W<aL<83sg&{()B
zqh}n4o0$K$nCJwj#bIY}tA@k`F*!S_$r%fie$Z1m?q#{Tmz4*(ooYCf>pb}X8snPJ
zOo*Cd&xJblvaa&|9+zysm#2$$Hv<i;<2`XGhDmGexH7Zu<msFzV30)T44Fi<+fh*s
zv<LCl)pUDJy^LqLZuK~!+lsV3s{436Pc$pjY?Tf1U_Rji_R7W@&qRUI=a4K>!Vr+4
zmEFQjv3Jw#m33n3nJCcVG*%``gsp6Sw0LpqAbVxIjAz)*9cOe~k&xZ&h%a9DtE`Xl
zOcdyKMy8D&6qK?CObDSU)Mbdhn%hxaJ`>g0N^lwrH%?-n*RDfM{0a`=aBEN-Fd>%W
zjXk~5BAN69!e8LGSePik?d@&8PCd|8f?wRtLkeBwV;ORMzTYTpFrFdf)}7XEMM5&J
zcOg;o^gw%M>BcirVDMR_Uz7+tq$e>ebKm~<$}Sntkh1U3>$V~xDVu}BwsNq&vgO7z
ztZeBi-B!e<vRDQkP8w75j^C(u#!<a9MAn3{duEZ4WUavj-81{zE8Au~69u+hM23kH
zCd0~b*SgYU#CwPP*y|c+Jd?S>zt?R=kgy<i?ZiPF=Qogtjb~Wb!Lz!pNXSkui4-Ll
z4#kqU^RPpmGR&ZI>Vftd*x9wmbz8}9QiA>C%CY_q{`DV14K&nGE1fc)A+aaU>9!&v
ziT$C7DA~E6y|O#TGpy{^1>II8WMyMeTzC74@D$@2CS5s?{TC&|&WFiJ#YR8M<{8gW
z#xKYndOt^HRbUlv%1of#;5fN>UCj>i8XV&lFK^kwrGsNj<5h77coTPmH)%5cG+MtV
zC}?m@P`r6)2V4%0w~PQ8c8I#*2z7W7)`33F-O#7;UZ@=iG&l|@0xj6F=7K}bRe=%3
zFdg@_R33o6SOrde<#QmvaW~|*DzLJs76=8!U7?^5=fDml792&a3JgJ(`(s6OH>~I?
z(5*OjV>y~*fe?lgmcs%1#N9xj@ZPoqGMT$UCgZg^2gWIP!#J%1XQGh6zi>AMT^aTs
z6bX*DWH8`g8hwnxV}!PZPdNov$4amB+me))^omlS68acC=A)D)OEbUyCkkTuF;0sz
z_yfmVF_gjf=ENHn30EVCS7tz&UtE~&&r>h+irs>!*UMsPtf=faUK$Sv7D_BVC`K@l
zdBtoDWTwT0%}y9xiz1Yke4?aEuTcn=ttB#PMNCO=R3wdqHS!IwfzlZR3pNtMAgLKf
zcvA-BXX{8$aR&Q0$|OcbIgRx)&bZhE{f@!G)jFYnV1&LL5gA1^`Uk`h6SA?8_z*L%
z#~Pg=By2o`{R;{IxrzQQgF}Moml%=MYV;+8=&J_NJq6Lfl0;|!2N3;x28UNGz%idB
z`elRYD+bZM*62ja*_h8{mcRQkGR(f+XQJ81AtweiiI$}0OHuIBqWJf@l2(50o1gk4
zw<a*S8$)P0GaJgN&s;Jh$Ear8VzW;`w_@m2^Kb@_6Z#~yP+#SJ)=&MnwVc8DVuV&O
zo4E0*vx!c{R1^C?6-_(|S;g#iuKv`#Z~zQu%fhhfQ?9Z(&MZdgQ)UBaT^i_LjL^ai
z=BE-`3f4tn<wdwm<-w51Ntgzm66RGq!nvQ-W}Gu({E5N{`x)y9p{2Yu-s>Zb(>PX)
z5T-FA{?f-;N%@=D0os0c{t(Sz`D&eeqoQaWbp6=4un-4VWX4GpwP*(Iii_7htPw5Y
zrDYhQu@z|<_!_+k;*rNI{zgAeV<k995|)NC%}UZ3MrhGyv=QR|ar&V`RE}m9XkkV)
z`ZyFL8jS|bb@LCid;?X!sVeVb<;~yTQ@?%S@>@goTeI-LNy&~DtCj~Rg3$#c`#?SN
z%@2GuhSQ=cQpnGJj3Qea>wpc#Wx7RzEJR4?CCwFHv{yclRL_y6)^kaNn5MF(`C@~P
zznAhaR0<Q@5wHBQB$nPo-;!^&-Ko0)P}}~{5||2$e<=PIW(aJZs?iecbup0U2#P_C
zeu;Y63&uC0TI5Hc&`)WLh~Q@|gIB~XXh+CLQa2x8r4zYQaR1*KXLY3}JRyth4_4&&
z3{I}X?dhjn4pv|KC8tFgU|?j=DS|bnyxvkm&}d1vhyE9XBRg~=|D#2qxhOZnwcJ*#
zoCiMDObM>QX_?YS_tm(g=%P3*T}<#A&vi;Dlq~7}m7zm3r|1N3M3E;-qVCJtEZ8D{
z8Z$-53qFT;5Ta%_6Kv&_3C)@0rA0&=z$&TyspS#EGJT3}$FP)ev)6Z^o2?jhn<8(G
z7Q#m<=*#|EaC4*XwlXskYOzRq2#bYJPAfRCvT4qms|Vs6VnV`WTV)J~1Z~Xw8gmO`
zm&VVMH{LxA4s9YqYtbac^}HCdrrZ+CBkC?qwLi%9O`lAVG<_YBy6`LLDi+z6$rx6$
zm}tKY>d!u?zhy8V2leKU98_8Gmy!J0NAmX!7T`$U_>m*|4Rl|l6IAv8#x0hs3O{LA
z^%y<Y-?iKUdpV5u9^zVVw^@#9Vl;QIL<SOC1O<V$poLg$m<RC;CVl0yB6=9K%#TWQ
zTQT$XzT$a2?ihZ=`)c-igf`@lW)6j&L`v-QHD$u?fbubGT0GKOBMkDhx@OA1WpF=A
zMfD4le_`@Z$K*l`=0}t8DzGJHlVmW6J(9v62A};W4fSJ8Vvx_Dt817edfj?rovr)v
zo`>Uo9P(l`(`>vDi{;_3HA-O&<F!TUgJ1vB|3}b&{^<MfQ^D=W-FvUDaxa{#Ys@EY
zN(Lvl`dKD^?4UgfgK-N}Ti7$O`=wy7tWvOxf(;3M0+MReo&*|l3Xp^;8a73w&|;!g
zVbK?^(FDe6l9?w~rCXvU8FXA7!BwWM=p_0W++LK5siQlH=a`O*n~AuRXfz|W1*`8Y
zN=5HxOF|hGMt|3DxK-)mRS`s1w`#GhZqX`PT{QEmrmPxM#OtdUrxG<v;Nc21L$dq$
zW!;Vl(yymN1i5%w=SG?h@eqS!j0hv?H7^OhuITo3xSDiJUhE-JJQQ9BBx;Iy4-UMS
z!T#@c?!P^FnZevX1k)B2gAL#79Nng|1U@F#uQZyyPE~a8w9C3*=8&qewkP2<7Nd4x
z!DVTVzskg8LZiL3D2t<o;YE$c!e2S3h2akxR1)7tq>68O5!m9GR816?5kSc((c8Wc
zkZ4*0Jfg{>Fs~1q;jctd8V3h1>Xt9?w9OY-4CV{si?Ay6aYpDLnG9$gYvX()20IMS
zPra;Tx|dq=8U27z4o?yqUDAjmx{7axOxPUFV0}+QF#Q{n%;38hxlD={58D=58ONW1
zX{&7+$30wXog|r0gVVPe%zd5Enr1MoLB;8OQL$T5fvn8%XC<!fve*^Dp~5l%yrK^a
zU%lwmB+(3p_q9qU`l6!g<8btXZYC=)4CDI|5*1C0!hs8jOIHkXBSb6Dz@onBt&*;3
zFKlveU`<~KDdXHrp0|^df~549q~N|#5HnIVSr+yXjXncks@7={n5c_4y?8dDbKF!#
zL`IR?R(hAAS9L9DewQ)~4t6)Oa=ftOlFNR3YcI9mo^i?8Z>vX17+^f>vM%cS0>A9(
ziLhPrmr0iq4#@h2Vq`mmLBCV?hn^J8;?KPo>nZ>qzax#24Em(X%hVqeSto<`=v<9N
z6?#ucn5p)J&?F;?-mO&xwR&xu$l%cb!~RIwf}y|jMKRIMg|eGZGeVQ`y`r#m4Ql%&
z%HdTabKEdm8cwRB$!4;>^fiP;F<J`FFVyY&sT@kWEYn9+W`lw%h9zFN67Hw}jTo5)
zXJ6F=#65w*Iyov*J<haBV6v5s-HE~$5@TD4YnVP<yjg<5{yxM^^qq(Eq+}F<f!zs*
z!o*ELu3QN%AnkkD1Z0?-fLt{Mq=zXWSM37QOA5%R_~njWKsrhRv3@ZG<l=9CA_3{}
zH@kpb`R#v-fGo2Fq_>-ZT(ApB&j11W!4Qx>N<icZ*x^1nC=}%aEwzzyK}n{N$m-Cd
z=K0w{LvSd-*gi^8ANbx<kHBD@@qEAk^YO;>Y_k%=V4`R#2Bv(|B9SJ*YBAD6j{$?t
zk@B7nFz_@(>jD^*M(e^yt1^wgC0J5Jluh!|YD_FeOubtPQKM*Q!cu5AqAKCEE+e!!
z=X4lh&FBd0IUag}X}eTqDWY<-Zq;@r`Rj8`6N8G@SZOa!Hkq>yt&V`x#W|vXWwC-J
zL7__x*74*5w;EPUzLj8*E{CTSoa}=>QLHeL8TRw9)Ish=weA~?zbi<<1K)r#jA5|1
zo3aYlUd0(#1n%@9>Xh@8pvGKvOE7qkP!E*zS)?5e5P?u@H8409AQ@qb9}f_iP{j$H
z?n8)Ao`x@KC4<U2gL%IZ43);g;y@J@%i!`VrJ{N*)-?%HCmzwl?6<~FC2g^;%)}T5
zw^!l(e9QRp?jjtLGQ#F2k~*<*h~cy-7fM0c@Ff}H8mIqYFfoPDf13&9XdDb%9^vPd
z7%(G@Q{w!3!zlqT$#YD|ogV0x7$G(&ajYe}eXB6&w=9*=U)${J-B(;R#{{X*1y?+T
zJ}YLDH0L=?`V9%fMMg}X8EiDU$R80G=LT}I_fNvb5rJG>=f=g^ii?Q>T$Jlbp4dsr
zL~?&*uu^QB{)G2c=IA^jiPnQnXcK!FEVWAhiNP%)@UO~zd04Umbd=r!SRKWky88=P
zon3^%C^@G*437BCZo4PS7PhW&dklLNqs3uJYniF}_i(N^jujmJjZX$E3|yqUMk_G5
zFGu(4Qd}yN=@aN&k~_qcOLhM%4KWP*tRQm4C9Q*&=_<_PuduWak$|Ee1}neUIodaI
zQd`KN4N92TM+;Zxl!y_Y<kRTm42q?g9yFgQKSFdI7D@+w6$TTRrV{$1ict8q5n*$F
zd4w-NZ_jmkn=&}}8=sJ5j;0uFc%6tHnnqt?oc=c|s3ht!H$43=J9fJs24{_JRvhHs
zwDEU%OFwy~432t;<<)sbt_5HDZDKuek8#{gF8o49POJl?ox6-gQA%LJ7e*V!80?K8
zvi!tUqC6#QRW{KDEtR$~e)!HK`u;Zt>7AuAU~v7SZr-aFdzlcOUw+B0^NV|#o$vF%
zqw{CX&S#3wqx1q{M$*hkm?sRhM#>Ns|8V(D*|prbjv1*C;vywNT%>so_$lp2zWyZM
zTUwcH+`U{{ougSF#b8CUd_T%dC7{n|>Y5Yo=Ou>4O5J#d@5pTHQ4F${2sI#|(c<FY
zWLil4lW1-8#RwIZ0IMZf0`)vj8!=d1-A6sJI+@c(u(-M=KcjWNxH_SKB{aHxkn81F
zbalVHht08f{)+CrVctWD*SRaY^Nx8BVqG$K*wP*bC()LE98E0BKE#4MuS#3Q<8@b_
zQ3jt!E+ocPu^|?tPyQT?PD4hYK}M$`qt7Ttr-f$p$g7IcN4nb>J>aU7(MP*0M)tqz
zWc0D_7NZxrF?xjyqi=>~G=n8QQK_JIO-7SJ>{&SDv<OSWy^~mMV$sxwIV&Q3YD=fl
zdJHx!P2~)^uwK#j!w<SYVsBaK+f(|Lx4o!&Q5Q^D<nDzt*SPckYn(I{F1oC7UHsR$
z46(+EpZ*OydWw-O!JsSffGxWVJLJ7Vng0S995k%vBi6bPS9@ThYzpfy>h^HsVhons
ze1{tSFDAn(hg}XJxHg0Rg4<1nBAxgm56un1?|V_ooms}<$typaCyB78yF4ctOtpaC
zB{JyT-LPtIUkzr}U@d366RDHOM{?0&AMO#Va5qqB8ViS)+dP*c;q*Dfgiao{@ji9Q
zw(*8Ry+nuL>?NC5#@4F@IQ3hNmPWhJ%bJM}E&iJ_A~{WfmG~=?J^Kw}l6@lip^)9b
zx<&S2KeA6qvWH5t)m%QcoRHAgUclI2^&k5mVe@eY>##=<BadZDFsSRZIZ%=W!I-99
z*1m3;^LQ06UP@D8YHxWod#V+oPr#5Up*1;uf^ik5QUWHsxXNf8?Ab^-9=ygp#=xi1
zSg%HWgh~7I|5>rWDT3r_Eec3+6rpwDd=G+lXqL_stI*~!DT?FWs2#8HFeIo$Vs!VM
zouw0l0nrR@iam-~iP4tl3ob?p3?@}2G+K$#{mXhF^7-KIL`z7b(QryFQd=T5G4`}I
zOQETLIn|k$C$c1SEZVz`#d5-6w!HQ@x)o2N9SQUnJ0~eRhpy;c?N|u?mcW_bV#`36
z6YvP`{Z*v_-}8-pa~STqn!|43lD2)<b&h7cCM>$aoe80Ds5q?a7j>T@N8|ewLhFms
z<>9;Wii`7g1hX}B%HB+-(ac|Ab$=pbpW#|-PM;vO93%8i=A+fk6B8V}Ro~mkZn4-U
z(HEIUf5!-oO`x@4RfHzDmPf1L&N7A5x(q>y-eZKe;ItMz?UN<?+e-)=L6(r*9eGJt
zGd8U|;pU*Cpmn$+9lb&Q&HEP+qtBEP`3c`Vxki_13Cc3))06n{;ScJV?PItimPF2B
zdxRLH7VtV3nsIp*ZtBez48BqLWOW!!tty9x!Z^IVb6t$}=WvXOmroI&c>7{9N4=Ux
z;C6K)dp_Zh7=E=r^5;Cs$20W-ZG_4R2wHgro(&I!JQbGGX;yy1Qu?-$IxPk>6olIw
zd&IB=s~uB(GZ-)Q(c^Gwc?5SVF!WV835+5%2?lOb{_JzJbZ$g5*ei{Ji7O(wO-m*~
zyH8DwqZkIO-l$DKhvPW<u<v<}Zr~no1zJ%5U~r<lyp{UB&V{`VhgU{uzlh3DEh;nR
zs1ElZ)i?%!4Y+25A|%#=A0ax}$Uhhk_faw2X$0;>Y52XPSZ+RqzL7!?RV^zXU1-A-
zF=BO1gyt7ArP1P$y*QQ760a+--t^@W<mVTf6hml?NSW@lRHV$cO}2fW-ze}fV~o*g
zmm>pW#>6hW&HvFJ%MNQ{LXs2V(85##Px)wb25G523SRoVlHzZSn3%0tgeP)3kBkui
zLHhsTMYC7%_g1VJtpnvWPFulyxTF@*FsjIkCZfMq!9=a_aHcqv6PAdEmWaHC$I*jd
z2hY7|Yvwb5lDnv@GgAG0WDI)9R5B&RPuw_(X}2YUfQNX^7$32L7Iu%1>WtHN#I$^j
zZGN|zE(bcDw?q&(S~ymW-s}vb8B#D{MyhmZU)ZAN@VMy)wb4>P0fQY|#f&NnUenmP
zg{Ay=%If5Z8AobcRgE`gS%eoQaB5QosjZ3q<8OT$9YVmX(TcDrm5a}7<jugXL~fAp
zsW;UbTf40heol9Th(aczodVi)J<ZaT*vYfe37aD{6@ivLGu0>U_ZXP8IfBs91fJlu
zBK(7kkG~Rn=<k~N__TOh8=qD}YgTBbB$&`%o=X(PeMe0O`|heFQaErzh>{?~DkK!v
zyA1L~soMUf2G~jorC5u>IZ>>xy%^ryN@5x<Z=KY{GAJPiu(>9)5T(yZ<+j)`HO?iV
zzjz+aX$doDlz+0m$_x%|!3`(k7j2o6YUQWG$hKKKBDnGE2K8%HBtkv|F)OudHPTEe
z!+zclnNA7%8q)(SF3sSCt=TpH%~A$Sc0_P7D>>Y~5K*A)d}SEi?we|!^iP|S>O5)M
zENKyY4P(~bnx5L;Z(Ci4!5u6n!{cD)*$C13Edw!u<IJ;S6_wvOgXw1@%m^;&gj6(V
zN#tKIEoApJzQbViz*ItOS=$~N3z9Z9)kO{8+8%+M&-mIH;^*b`HE#W_%(!^0wiruA
zf87s-mm1Tk?TplXoFOkWir@F2kj-I?lr|5893gJ*uP--Vzc)QUt*zJ^p}A=RPf}2y
z)Mx^o#0XV{%v7AT`y&(+ZqG=yaHj%$Z|jcu=~FnrIf5u%F>t1ndp;``NOjAFPD_=^
zik44LO;IV~+HZ}Jd37<jUxz8Fwmh1C*#PhEFjA3in4ap)2N(_QcSgup?oCcL)4Dq6
zxuEn<3?^f{a>Cu8oEn%au<cIk=ev_rL+8cbsd%?$daA$w`eg<)Z0+0%XeXLMC*$3f
z_IG{KT%2ut_qy}lt~;g8H@kp3A%Vf_eyL{ixf9b<o!RHo1Su;0+_C8{N@EBXP=1;`
zs|1Dz4cjVZ4~|byMNeglbX8jNx7d)sb~8+gfqPs0r=+na-rwRctW3kr+@FXvs*EgH
zDV%=5;J#3IAL3r&jLxYJY0@CL9HHf>ZZV}9&T0Ay%uCg{Pl|As%Un<k?8jJMcKGm&
zR1}ksO|@V?DsZpe;M3QMfqab#Jyey`2Jiy*^%*VS6}}AD#e}CZa8Ji~yG8PR@~I+&
zbDJVW({qVn^xwrSjq%Y28l{{z;FNNW5&Ehm@JU#AHbSEm=8ILL1cUG7DnU6OT?Jb$
z1gDE9`!5)dqp1cA<_=8tQ4eeol{OIHH1!P+X6B0Z<yFD$;{_T4F;Nqs-x3SnxH*Hq
z{jjm`FGL6~-0X|rx?GIV&<Aj~Uuprz9G4i`kNKi|((4tiR!!IQwky+9<#}7rtr6C)
z<W!)(@-XOah~&vYh2&w-XKRFM67-$n5;WaGXn~M0!X0eJO>GGZd3#3$k*@6Dn5R<h
zXQaBFN<|U+nrK9M1@DTLz_!J9nNngi_22R~MgthQHA3h+SR#g|G<O-Wl!q`xmM+5J
z%!R~qM;3w;Yh-rPk74YV2n;;>oI#)0xw_V2yU^jK&#O(?=L|j|G!e?A(9humPC<O4
z3<}qdiiA_mNECteQfd#-RP!4&%HVD(+{a`_nH!nKjqM#+9j}mbt)~Rm$BRC%Y1LlT
za3jJ8URD1GmfgzWZX7XCUM_y%x8ExS{YuL<_u>aUMH14bwA||zl7Z(QPLp8$9Q*F!
z9R_nZ=+g2-$&velWpn&?4{tMAE=tw(FEwXQ;2vYc2DQg9OL=jslw+JeWdW9YarY1n
z&6Rzz=mT@};AOC>wA?$){ve1kk<4IGX)Bd~BfIUM$e>>$H-0<U=z%s2(F_J9O65D#
z#&)p}S#33V(yzg22E!87USZ^z0%!8hK4c}O-Tr~oEch1bFq0R^5;5vFhNgBs%Szh@
zU2GYz&kh*$t{a_$etx!nGbjeV|3-7rlZ{eGX9o`Y@Qvo6CtHI~%P}p~n4fN9AM+7q
z<e29*aT#+O9c1^I%%E2pE5Ul8ARM&>VW>k8RMKNPf+y9e=Qi;l^)##YL5*BZQYAL$
z4H4Kpy1*jv?O{s<?l*CYz+FEPxYxuG0WNRk7&o!X$lq5q@lz8OVQCr3#Fb5qX!$v1
z0@VZ#;A@Q26vthj-Aw|6yC{Q&W#lsW7v`h?&+qKaD{3q()Kg21MnhrF#Ya2@+lBTZ
zh4D?~cH&?evD9JUozJ?vFt>5=s|yJXmd6WbsO{>(hK}88VVKQvB`sYWuT&*7AANxl
z`ZrEr;Ph{r7)_sM=;^hMgGFXY&3#j8?lp~#Et@aI9`cqdy}EHeHk`Lr;Z^x5d`A^t
znV-UURpAx+DSS^AUY?)A_v8Kco{NLOgP|*JRle-Djk$GWp+ka-CdyBP9TV&;XPCmB
zRN)073!A1)9KK=2oeH^rr@ig^CQiQGktC(ShwO0-hUDtPI*_}!evSPP*#XYQBX;4g
zR$4rK%@b+G#6;1hwNczAe}+A=&`-{cr;Gdqieb9qais_pCQ*^F18taTrOX-E!kTeM
zn})nBG$0NqSrTlWYhP5VGMK(zC$xs$b;x1V42f{)r5;gTj2GiVIH#{O*sw(x=BUl7
zNI3lq)9fllPVC!_UEENE;^iH^q!d2`_%%+ea9R=ir)u;yxDX*@tM`JPbJUaUl!IhU
z;x5g|7X(wOhrK5w;Tk(q;hUZk<@T^ID9V{)H(4q&I3_BTYsq&F0<-XQyNAQWV1AMu
zygo+DrsGAG7nS~j!AYyq)eVCCOgs!0sTzAW_TPb2WN^l+WJTyoma0m+1yu3}2Is9x
zmNxKnoOl?lND{JeXJo<FM$X_)j*iU;BBnMDnDb>BY!S<Wbec@|`x&W-aJnLcJhz3<
zYXSeO>2)?<Iu`~tM%MzIjpxR94a4neG}Oob#|b+e$L;0^Tx^lcn-M%s;Z`Z>9J%Kw
zpF#o|+%7|SGmR!d+9=%aa@rgQ=jzI(m);l`ulkx;f<&EiYrJiVDjNp_ge}>Yz+l2@
zY<!YXC`;P#MDb{Cq&&skJ6ggNUpSzP+OrS~`^-opzNF>qJ{kkNTk&#Y#rDAPaTum^
zRFtilNSnj#C~lO;o%RGt+>g>v65Db|X_;_rw2}1u9R|a5m91I@v&}@af6AOXO-%zb
zn!)xsDXWLxH>PBYA-iZ?j7^Zwr!_UU5F6u6+b;KgDVI3Cm#wf(Z{?gEnP8SZ{C@Bm
zlE`4RRq|k9t)_p~@F$K{E7Z8A{?n-(gB=!i+3yGXN;9oS_P!tJq|8bn(iH7Kw!o(7
ziG!9Yy1J>G(>t2M)-v+S;rGgp>*s36wQCZ5Rf$&DRLjUzSU_lk*Rtv+G;*=(PA7)4
z>NqU|eGMmiyT+RB;!9xC{xb(<`a|@W#lD<KD?-~;o=6)&2lH~u#-<w6m_79WLMb!x
zbEL|N7%7R5WSrI))1(GBmTp=fUY4s+_b9C(^FxNC=PoeA(YNO4W<2`zQRJr%NRMGK
zLQqg2l7$|aB`By5n{)IO*?;PR<D*b#49wA$6;mI4Mp>+Jv(V^&CQOt3DUkm72xgQb
zGzO}1S_7UJ?Y_Yi;TzTRNAO3^X+tO~bTj+4yWcLmsdU>-h_k$Qo0~eEb`#@d<C~f~
zTy~S<Opo2wrcQ_5n7A<hx?}G<QXvgZP%%3b#u6i(uNi|wLcjl=i4|rMVvX<6wL}^R
z;|Ui!ertq8U4d<p1(LdkaH}-oK0JdX1*)kz%!?D$A{O02T}_bYuu@%sYYzpgz5!e-
z#eFn3F;UFocIGS=oJ$)kR}{&)X@?c(JPfv*Yt3I7v=wX3--I@3r1?1gH_U0H(Ku-0
zNASP#Zl73d$H=TWVv00iaO@yr_zxe8i2lb8VoDGE77IrY>M4S%`<M;@iNc?_Mn8rH
zVj$z74&wFe92@x<_J~H_hoOk#`)>?c8rMdn@59AN$*x@m8;uuWdKqL+HT>m}!_-uk
ztmb0u8g8^eBRAc$0{b@%X-b~w>H={X3wO9xW1rA9ey?iW>$Gr3T9xz+UCCut$u6gb
zJI1P{Tf;yL_Zk-#?suaKvgFbPj+R>^n4Y5x@oNt2bhPA#sp*ZgWuO}V=>?nCufT4c
zjMdDlUx8fQn*AI8h<08Z(ezZ*-`jQZc!X*>vtTWM3>l?`n$9*G_!w@gecJGXRUM71
z^T9F%5w0UO`GEU<(`=8_8{GWEWOn69LSIu~<6vEz6roSoL~vRh#)~;02R#qzN+%?u
zvb{o-s^tYCKMuyliIM3b16236;R*B=_%>3-94;j2nlo=z7co|?g^dZC&uinkdZ@NX
zHVH1mV4Z4lN@M?3s|bVj@#d<vr?K-|*P?iJ<ujRSXlZelOg&y&&PyxEWou&tzf-2_
z3}z(}^QvOraIsg%k9YDco25g>Pj0g`U~o$&uIVfj*WAhgoj_v0(^LGup?xC0qIcm|
zo~{lq4@DGcY^_sE+?jDhq++0#E}qHF)dAfQr-!k0`yE#QmBE}GxxCRhINC-t_lD0V
z(c-XsG!k&?fNpLPHH|ic?L@4P&>ju8MsQD5kpP`WSxa9d2Dfr#UL9fWH4@)^@|&iq
z@5Zmbs7MCWR;tTja=LCSgT{1<F$rB#;x?4_M;0ltc8C)D6Y(!*D-|7h!hKG4Y9i;<
z?K0M!y6K!#ca@+0hI3BcD`U>7(M_Cl>iaUpZ}TE=QQM|eTEoC8b&3;4<ggUOQQ53U
zWmb-K3qac@n(cm+-%+TC$*UQTV^VZD0ikUPgT04vZcH2_ZOFZc&<D^<H~0VYAvemz
zL4Q#M7!3N+#+!7$4vj;u+!!O%b!8sLnNW^;VDD(z?!?2okH*1iT^LjY2~VOP$d*!j
z?0}Bqyav-%i5GkfvC^jHV1Kqt!JH-qQ+(r^{LZcKufaC48LYyk`;Z&%!x!+1liFM2
z_l*(u?;{Cbpz%@gKTZC#I!zY8e?%yQCw+7zfseTOsEPUg0_AY<Ng*2E$MGiK<WRT^
z7{hUBDUsJi4XKsqL`$7_b+0eSlmZ_yNdJ(~I4><NAq(YpzQ;ZnfSOAa2%%3h$azv&
zGowG0s5!r)9Jc3&O27MpNUF?pkbg?YNlHO%_tW{$mKz6AUY}<$q9LI#GD3eNv$ecv
zU`fp8J_&5pP=zh*3%m+lhQaL#cx_7Xb2swyTggws&UHTxJEz##+4tvX=LE%0P_Pa+
z_PVgGW0uLbO-~Y<2(vA=E&FNMHrK|sE<ZoprU$U?q8r<KS!`SNq*$SsSZtg7)39xs
zsb-!v)y(m|E^1~-mQ*tfkkIdJYUbOYhSCitrJ70Uem6?TW*LZGJ9g>vy3y2cC1O|H
zuaL;iJA)AUTLz21B{D@7uw(;!EcsVr&xaSCE|#+H>#kbpmcXD0D^5$6MY&qC9C2tW
zh*|J8q4e>nNVvP)cJamoUB!ydVWj>*(R^qN6e8+;v^?@+!;(M=qYPGNNsyo&v10c>
zwYgY1cf@k_nKRfH`yfH*jTlU6PG}SB{Ldq*5Oq(-x<z%xlV~hVlhtntRlRY#E9?Fn
zgK5pxImu!%Tku%*4OpFp5&20*H2z#QlM0!Mvestd4qnLOy(fOOEWVOoS^Nis>mL$Y
z#%sbaPTl1KznJ%}0_7U9%Ya`Lk7zV|#odkBbFYH?xRPbN6xDXG6Yk?$mNHTA?{T3r
z%YysJ+Uo-Mu`A1j`#|$^;$A%k;Sly_5$jI;iM>G(FVId+WUx<iU4q^2b;07wmIZK_
zZR0n}t?WTtWg{I0fWh~ofP&b|+v5)o3@~sa;j~C1x}nbR(dB)jQ4`gHZtfo4h+G&r
zk>G4Cssyd$Ufn0ti1`Aui1}f?mte56kr^7eaj%8LINKPD4K55Tg!DBLGK{t(ydcrS
zHtbbsVe_&ST3DP{MKKg%#VDy@QYUW!#K4qw#5fz-IZtf}oKHnhM1u@gWvL66OZMtU
zAoUf4)b%F)P2}1wt5_nL5t0$+4Nt$Pl)=J=gz==r<V2Qi-n#EXTv;~9Ne72+s4IUQ
zVuKjmj~JX6#@jy`q3wk};S3Hw=__EBH~g!VNTx?h`3j1Hni38LRgA}1&HfWmPZJqT
z`p|u*a}!Tm9xN6RDn#+TU6zgKK5567HSBoKU~Pd%wR@NrmK3;!0rnQ;?7D!nD~iy!
z7|fN1pI0m*I6*wHcCXGKA`?eA2{<YU2+WMHiuX5)$1`Y)7Z3t+=m?Xxfm|={?NzXU
zA2G;K?;$qf?VUO{-vkCvCdOs5?T%LE0z7`D5W2@PA6f5a!W6nxisNTZer8n|@~USu
zp-NuPuO|71L3^QXC6q|4X1PlS6(UKp$}Y`p+@}<BV!06;YrtY~!HJtO#FY~h8VHTG
z^~rDwOH}ttkTLoPgN=fD|CYCKpW*g?U_8D&1ak(u_)^TvWdC5WK~<tsWA4>8mLdaT
z`>!MJ<S%G|Ywnm*MtDDKA!hl+AhTSHBCubuR5meTudXsNWE*SD1hvK_m{tJ=C>=O5
z%^575K=2mJjR+nvoWYQ_l1*eSm(|Myoz_2^^mX~jeeu5_>lqK8^(G}m;teb1nI>(4
zwHs}=K!{XkI9@4&x9irs7O)~WpJ#AWtgUe{murtWXVL$S!6XG8%ttwv?Xz$!r>L=P
z4m%qX4jy>~wjhcBCl0IcmthSztUctgj+4X6-BMn02j~WWh?xNmH4zW#ZdOTt-bc}l
zhrU1dedK`$79?rE<Wu`!nzWAppJQ^!#93z6EFZ&iaSWyz*+u>L?;ZyIeqs3|V0lmn
z3V)!qfxqMp{3UPRPmwq8mo$on;D_4iJh*&DN0hKXAqrTDQYt`z{?1FGlmyuMdw_}g
z4TB@UBJ}rAiqmi4LoPnaRCk^Kp29I%!>wQ8ITD5rwqTroY337@nBM<#9uA)N5_yYF
zdA)P~>F4w&aMR0a5r~&Q?lb>Hm<3=kxFnjbjg?ON_FtOx>GmdY!iyz}^AE+i(4vA1
z%I_?1%GD<7BAv<_@^?{ZLx$ux<+P!XHsze|CCq2~cpoG9wtQj3zXWM}34=^8p{WdV
z`Vq~{#VB}6OM1og7Ggw;HdDzwN-*>|pb#9&LWoi*%NdD^5|wt};|H4k7=!y+c#iTs
zjb$Y{^(N40mh7co7E5Cjg^YP=X*f{MZymWiGt4^DVVwhyal_2Om1Op2L_CLLEu>}_
z8XdjgtLtI%#t{_>Ed_bCQRGX~@}*1}vVj($D9M|4xlg%Ww4;Ay(7le#O(KPa#=(so
z*@5B=x{N~3-^|f9AByrbn2L!(=TVl!eOI<4qeB@6S((c5sFEtJkKo2F$&p@P=p)EN
zn(ef%8H2<BQjzR3FDA~7&U*s)UyMQbNoxOfZMWQi$w!p3SBzwp>K?N?2|Kn=myyiF
zC*XBKIp_E73pfdjW-wxc+QjVL7jP05&0ypN>m;mgw(gAUzk}R(oW?6%(=HoN!s6k6
zraUjkSC?joIthzs&{hSFF#kz?(=EWHgDi{JtSvyl6lC7f-7cHgDF*X)?lv~BQw-+C
zGD0&6^U;aK|BNknpUV;2)Crd2?w_p=pe|-A28}ftXrcS<oIns2qqr$mclKG%*A52n
zZ_9^*qZz5vvN&e<S{70Yt7j(Be4NHWMtP0Ku{Vey{f`W`*ORjTXBn~cC+UaxFlgwb
zCA>8Hae2!$rW}oZ7LQFmB~g)o#4$%viVSGqEBC^s@e&jCm?-!xJ|kSZ_yBiyt3w*%
zl|MwPAMkA0dM@+GhzT$2n!iL{-XW#@3zfo9R^pXEmc-I~=zH?575~KhRKfqy5;(OB
zv$7NtC}(w~?ky!0%$V}cq=rc$m{Sxs)id+~OfT;<pv4*No}+-9%P^Q=pWHHel+45B
zL)2>X#%?)G9&l(k`f(|YnnV=7Lq@jF{U*`V46-xj$t<M=4(?V8G0r?Y8aqiPkNt1v
zqyOVCg)6h&^2aWe6(X#nS4{E=|KijG*<P+bmtfE<L4h2t|AK@GPpIr4I6SAY5wc$i
zu?^t#`|7A(CK}1s?a(YoG6|7CEXg*b3KX5oGOZ)&#n~=r*2}SgROE|Y6uFQ7H-o8l
zh>b0RQ$9``F>Z^YkQjq*Eo`=t(9xir7Guz-ja;;j8Asf`vUMZm<C1vkIrW|wChu`G
zwT_AD!5MTbtx<}{nCb}A%LpD@;*lkuO{U~4VdJF_OiD+)b>%>&6%3GwV|>^;1L%+)
zHmeITSY+s%_Su#ax|?Y!wGM_-yJvgY-gtOlYB~?B+^1WY3q@xb<gCC`(*K0B*2zuX
z8EHcbDZ}89O)^Hf@%wP5EfMALZ2v@*M>5sH&B$!s2J5h7!h`UVarU7NNJ6a)L2x(<
zLnlEHshA?w*41pZ>I*aIXwY&e+YD4#8L+Y-*_=W83c?F4u8745U-6%9yak0xYQW=R
zXH!BGU`m{3oW(U0CdKxq#5fpkn=Rv681%sP(_$b~i2#mm5IWe)IOA%yNRz9DPb|r`
zxJ(!_aZiwFsAvYcS;_-fRV=t=7@@HhXqnQeT8$MLuT~^c&#&a-TeKN%iVGd5|5Az9
zJgmI=TVwUx-_>u?tb)w*nE*wEO$T*^5=d6*4$HvToF`yFU<t1fA@i@X_(!uOhBw^5
zi;zc%14w?=hxX9ahmhB`dNT^JkZ_jdlz!<y`V%*@{w|nc8RRCF;&<Gv{xDwc$cy%+
z?ag@qKKpfdSTyr4fT6lHzpQ|mmjl{;D|h1Mc>cTPGL790JP(8aCelJ~H-T_GKoL?^
zLM&{hxEw}9Xq@B6X<gVSvE{DW<vo$Xx52a?-kyhphVCAht>EI5na0$S^M19o#51@M
zuhF;^jI_Gc*l)Ch;{!dI)(a~FuAK9e3t+JLCuvj2n3eGZ1?Bz<nG&!rOc#dRH&tjf
zd(k}{v3s@(N4%D4bG+Q!=L|=@VeBF9?sJAC-psT%VVT)3;fQ-O{lgI_WUFw*>`YrY
z;<2EcFr4GKgmorxdpwa_hh7!%%yCxK!**sB{K#=)D?&>L`ni>VBFK?r{+$zXtR-%%
zY{?=n&d$&AOlB+VT=B>ZU4fl1F&rK#mcs*MNL}kzF_cp`5GxfD7c10nh%F$YVo<U~
zn}1|Dh%^qSmzU|DiZEDNPY|=LB%!pF*IP<R0WHb)&=dw!|0!Kjaz`ZA{yiwS@5`+-
z{gBi5ed2F6VJW89Dk)GcM-fp#?shy3X2xr*y=Xb(ebMq7x0bW~TJ|tVH#E1?+bWYW
zjA}(5jZi+Yhc%Q8J`5jOLB&vfE}0)OiD59MJP#02%o+PdP#LuHl@wyInEt1ali>-!
zGFy4Vdv3HTWIz7!Fl<$x@Iz67p71fPG)m!c6t9gS1+{*X)d_*_G70}b*VbafV10kW
zP0x40e<l6Dnt4RTd)37VS4j~o@R7>q<%w;JEY!Ni1TxYHp-(`6ErpA(7itg<zjD);
zY6RvQu8}tw41bHzYL>qiJj8TDYBH?|O61tnF6-HaG_{`fKdl=ZD)CJ1cp$-t?{+-x
zkY)zG2Fr3$(X=QGI3=S8;rw8E`~G<!jf1N{$oGWVV0pBgFzD7hz@?=rbXudIltF29
zb7{0X)95?my|>kjD};FF8+D$D|4Ai1@w^@^-N3hF)mS13S6HmV$wu-1e#Mi66rW-g
z@0YLIry9lk=BxNLqj;Zu6`yVt@13vWGmPTB@>P7MQM_mP;soZ5B}C&~W&hj$DJrbq
z6$p)mOLaN*K<^5g`pg;htneTgmR@J@LtQ&yp%;uy)wPw2RM@EHMPps+iN<c0=jt<O
zaJ~G4H1+|5&h;dWz8@0ep_6Vpe%25?#H!<NeJ?trtnW30Y|4Jx8K?FAoe}6Y^^DW{
zUN^|HzW1JSIRaTYNG7AyXl14;aHC{@aHCBpbn{NTPl6lGOeZF0-vE2FVIURDGdL<5
zR6uC!Y&E-qDn>Jymu^f0qZtd((ZYjP0Bk30b+572t?F8sj(6=kRLVErOA4i|iXYyK
zCU%@xYncdZa~w?Na!8Ck5VOv>c<0s+vfOtw-3n|Nq<qT;DqAxPmF@m%-3H4hao7|*
z8yA0+i}3m&6W69BWS$9hZ|_k*8(MTY^|`cl_*nS1s4O~o7$Nk3Bov%^H?AafIv&{a
z^`ZVPp9Qy;FXZOC<t`(MJUsGmdC-x-mQRkbwHyO;TKI5bpv4&Md5oKBdWJtCg!kA-
zh@bETSD!h9p-()BI%vY+=tqP$v(y1<gLeB}*4I9nQk;vy581|sQ9Ps3DucE|LF61%
z3S#tFn}XPR(5WEC8rpcrL8pQkH`Y=Rw-35(&)bca+j9=P6G(vbRebVGHl%#8v>4pe
zIj2eDi%&UZ8KLE&J>fLTK)NtIvgi|rAxp7CMd8#6b(WLyz5)Y26v~B@$e`0$*PDh{
z4!X>&u4ApKciF#yksBJJKm+c{*ze15xx%SX3AuDh<6_f6oim?L^>4%q<-L>k*HC4D
z#lR<8Vj_Gg&5{J#49X&MP(!qbdKQ<E97FT9(vCOAHa%a(GmYXy@>P7oSWHg-A%#Rg
z19+hIHaa??(*P7zNYLb3@@K~BUmP&xgU|V$2hw72t~D|p27!cE^+_1kD1<<rI8Y{E
zzAp?olU+%)6v(Im_#bYjQC|D>LrJ4Nv!<0s`TAM=p-D7!9;gl~Zk^R_iQ=LebTWRq
zeOA{rra7)VMKf5S)>&FbvnSl5F>tYsFOgP({*j1@(nfZZz6PTeaM!6ADG<Z+HDu;w
z9~Qbe^(3eGS}53=pXUHfF0RFt$*)#d%3yEUX|L`D1!99Xqpvc!Sqq^-HN{M5sR@3@
z(*`g#(z?QV<ylRkf?{S4d5QDeA9;y0K(lcM8&~1-T^vo7cC7^y?*lF&_gjS#)TAI5
zh;?e@6Dn_ZQzIH^ZJf-he-q>g9&{POvDOGSeAFYD0ApJdT3TgtnYI$O`qM&3`)Fd4
zO0ITL_lZ^ateF3Dg6tH##8P-vz-cKn8+;6dGk)`*Hie67eHd6la|KF@W{^9G5V^q>
zzl<&~7Rns7??;#C>N96Bvit*XCJxt=n+d7d)Mf$(Vf|;Z{y|v(Sy}&p2de))250IK
z+Q_arnNJu-HcZ~_e%7BmDDSv5%M?RYUJUd`A}=D5{mN_VGiT5zA4C>U;u?LE!G(In
zmib&+G*?gPE@;2Q(osz6xFdD#JgrNpt|@86!s`0&wC(`wnwF+C+S=2)1Fma&nq|IR
zJndq>WTp{`f~V1B#uaAQEB=^WxyP-oLW%_K8X;`dq>=`9<RMi;*-S$f+VsKWx_cr%
zk0`@Klo5}T7>p6ks5TB9*F&OQVyhUb709HD40fhj7418&2O?cg7)l7@OAoAA0IW+*
zNXxO>CYbwL2gA!Un44y84OgFb*&NNs0$vo04_Pz%cS8S#2CiIoSDtnR4RHnw)k|@Z
z_j^L4FusOHC()9LE`Otha5Ca!knx(zjNwMeVp%6h`0~Z&#PnEQUrdk1<+%DRnlAT%
zb9hz#aC7*^sql07uG<`*k3_CRBIlRW)Mw6MZn^x=;qU6Z%;Dj#bNEWgIehDsn!}w3
z+vf0vQ_eZub+D4%^QWA1xZ7ZB4yU=z;rqrM<~;Z$?&6%p*Zn7PN54sY*O<f|f=}YR
z#w6|#Y7*bJP2%=pCh=Wk5^p%=oWzp{TNT|u=9t87hp9=t=&1rZFgSxHb<9aDM<iep
z_Ze(W;<Kk*=1#xC_DNjZn#58DPM>m{!~+H!lenAvB#vUqV&bMSxTYrVNw>xa4K^mO
zbYRPUF?gg8dfxHC{dG|W`-dw3b>?y17z^>tfZ9<0>mkRTvp|?us$^6&OgJVa0kVe?
zOeXj|9&z1E64SDM12HY{C2{qcGq{uVAiCpC2JIU7%}r&U!v14{eJadg-Z0gt^~ZG6
zT{a94F63rR_G!^EXP=@O?6H+hOo@u7kHf^H))7WDgTuoKiHfFikag4+Ig}G&n?xf;
zKfI9BK)T}ETZG&jCJ$0aC#eExZaLTyMS}C<u!9%E+!8WVo26g|^k|lhT}XgfE-dYv
z5nLuSdz_ILDv_G%VredSrf)Hg))Z3tF2<yIg@JkSE0RbH!}w@)275Sa?_Y5rZA%!Z
z9f*nZDQHMihN+jqtk#@9SDt!cJ>Y(HrtbTdpiiT97^n4_&<<6Ez$+TcaQSO(#+~Fx
zGx$V%Sg&gjx%D!Lf&K~XXr&=^>52&SSPb^F%%Ozk)`+J%bc~c}ynoVY14d{`PIZ<d
zv(;Ne%Djmz$+GpA>%^*&M#DA<sys~>1G`-UpUtRX%jS8ikzwR_OB9lJy^)xN-4eO_
z%o%h^d_W`rS|c|j|89b)zr*{Y{<{fWedY{qCp@5m(Ej~!2Eu}4;SGevVut-Cz(BZ(
zM0P<UZzgE!GiPu;A^!$K=l5L<ghNN%41`%DLKz4`^`L>UW|+-Dn0Cx*AbdB>IK(*S
zG!WJevmIg_b1@K>4hwJOugi7V2XjaI*#~QK1J-Vr!;C;weOta7cjI8;NNY`Bl^fbP
zSUgg7vd1x7l)BjMpB-k^vOL#e87v#AEQ32qAuI#gZ2y(&qSb{Z=xzyZ?caINO5JqK
z#ZcHX%rX=vA9Go&w+#zv?N2)9W+?0!W*7<^ejUQvS9X31gE?;~ygN4%b`1+<F5Jj<
zF&ENDs-^X0u4yiaX94CycCM?rFn^?JE}Y6ib79CR!(33xWNy5eryClJc{(?qtIwRl
z?Dz*!CT}rV-<Z&Mt(+uru;hhMwiPY(GL25+3|79W{DencSaxK%9Dv7}*d1|bj*7g5
zCMH=*u!Ys<zp$#`D{<B3<z+;dmp2hzUS5W)&z!;1G7o4ZEo)-ePdE~pIf0{Cg~6Fo
z#-U1DjxJqBu>?LQ)~~3#RQ8D5M*=QDy~N;F2F^QV=Bt%yG^;2h?(=lp#in9#B!g(Q
zBz(<jvER^WmLOiS6rmS}<pjtHEg>vB@#;CuwZmS)D><2mZHCrqTZndXI6n#($SU*+
zM(CfIbO~QLVx5V8z@W<rmE7az5gl)X)|JobM}(GzCkgeGG}P$wys*w>Vb^95;*}R%
z22^%la7m&6#bEDSg#Ot|E+9>(6q-etkA5qo!sS%|;fQ0Zmu1ic7Z8jA$D8Z$x>(%3
z(xW#z&$y`}V@}WwyJHaXhn|lV9Fh4SUR7UXU{4#KNS}d`kt!#HG$`u9!br|F+5kS|
z+}}f-n4r=gbgQVTOii=unMn^emH(-79>|k~oHaU;7p7plnKwOI@MrJ4S|atpq-O;E
zd)`ffmRx+FgWos2t5v2RnD-3!Zq2*IaC=8HnBu9eW@372F%wUIAZB8^n7{a$GZ<X@
z0WGByAGldcy|DhvSbs09|FW#VN9hN&lrDV`&Qe;R8{SfyEcEfK0hUrXB=R~E*{!su
zJ_~cPbp9=+Yah5+O6L!`SxRHagtC-2<|<2R&Pbc3v@F+YDa|vCgr&JoOG&Ie#uPu9
z>tZQQ9U0zI+IP@lDP@lJvy^rpd<2%#q_LKbv-4nROUVqq8kQSiDIKucTiXsgETw5<
zm8H}(;o(_IC^qNbH!Y>5xh|H{(vg;>v^dvg&0Rh+q)TOCuA8N_a-?A??N82^r8K^}
zWZZl=5>}54Whr$%<YFmx8>=j(>jzCsNjwX%lujRXwUn~PnwHXy186CA9T#9Jtt}<y
z>B44Wo~|v$)n`F$sRy)_7Bma6ls0RjEv3pdI!R+Nvxa2Zw>d5>+dj%}DJ2%nQo=j2
zPhu*&5AjaylU#k~4E8?xfM!zWhYmAo*#Q?bY5O?COqzDUX(owZ?Pk)z!%j2l$Y`6H
zlt@boVS5To&pT|llw#nARcI+~dyms%6=@7iENgr%3gyL`)w3*S`h(rL@lZ-K8Ht~L
zAgC3!a~$Eccrq=PNMl$M+EUB*2eqYkjdQW3x*WD^k|*HW|7Y(_z@sX%{^72ioJu-L
zXX}I|KvEr0K=CHH;4+OeZll3%oL7wt&gdx0ye<d<+~~%Dpr9-Qq9}rjf~bJ9ZvwJ!
z;;!rpxUz4`&iB-*y0>q4-`nYoI5YqGULWk-t+rpCI_K1>s&izUF4iwkY>45tw{rDC
z2dP=*O3jL@I4rt~w3D6|U=NL^ofNHAb)H!ly=gv^!#?>zHmN}8U|sIVOn!<A@wOqJ
z&A<4XW`FA)UXC(fs!H4GwTU{JKIk>Akf<Z;wj=3Ut}+$RUY%+uU4<po69>O0xvD96
z-rAUqZaMTdty?OM5yvrJh3{$)OkTrMB&RTL;B=<<z^~a5s^kVYg7jnQg!_iG_;5s*
zsBlD=t6NI`%y%K7Pqw@@m@x+pu^p^S6I$0ZqCyVA*QHEHBdp{w^+rZkG#`u!+l*k?
z34WsZP|t@A$g^$p!P{WDGMY^Z3tj7#nMPctFIJVl%vR}_zpbg#x50``r%L-^QdJPU
z!?!tVSie@+bcfpse!N+$ojr3zO}nhrA-vv-)u+SZ^>h$Huj%{XxsFO{{ds$ccE3c9
zB+92h(%v45!)zE)@s8C|5~<RP5~;(!t##U<3SB&zZoj%gK$UDKdSSZKYnR->6wX3W
zQNw-=1?^?2EiEI>0}yx)hnN1u@I1~i<3d%{g+GN<%q2OwFbpeFv`qL$+>&unRG<$I
zK28$_yb_)P<=FD@d4^TOq^rylsDO92h77AJE9~*Seyr5dD*YD(&<EQd*9OzS!3Z$-
zk*)g4JlzXpow~dc-VN(hRR4`>VmKcWRcO2B&<%dn0j1}n5!+sw@%rKlO)Y1_=sRey
z(l?5l@k$t-PF=CBo1MmAV6cGcxOWRL5EeGCUl)bV>~Ab=uo&K*&uF_ya$A2)_Ay~T
zW4ygg^JPtGf_kTx+9*g4NCrhH)(isO%i0&H_NS;_E4^OV2WVbuL0v5jAsaOBYSp0Y
z4S_9Sqr}nQQ1<4Q&I(;?JV@H2?Szpy^(uf`kLOt=9I@fZvM7vk(_kdf>FrUJ^I12G
za;B)>*wD==fv!Q#$bQh>JM#PpmG1vjR8MUC(KZYmW02|iYd_pdli48sNSf--O61Iw
z%D)G;%c8PiSQA6Yw*zi=CfWUxwPteoF~yLwHz+4MTIiKwDIL=y{RMM$WSAljJ<5Z6
zYo~$j;Ka4c?61!dZv56kC41!+sgg<2lC4f2gEvUIUC%3QidUIZynL{|%1|A~;fL*d
z+(l#HhlzL4Qjfop#=W?t5#9`YG6bDPe*q11YvhO;x7}5e_tket#xoi8!I91tjzhIa
zy6VfP&$g4{#6L&K@J!ekk{o|`XOl|}$r5z%ZFa~=O+_Tl&E`idm%{;@QHeHfs>mPT
z#w$AmULj?NOMP@>_ZTc1;wlFFGE@x@JRHkRG{Fx~t&F4hn23Qs82GTj)8Lg9gPN~e
z@>e*Krt+Rt8j1S5`;Mr=paxz;{2RQHWpdF)-#GTBJAH1=RQ)+x%BDg|kI*ObsTbCf
zirV{T)9CVKQ}u~}&RRk}-BdB<_iknQN74}Jc1e>6EB)>^hNr=tu&l`D$4!3vofIj4
z*po_u0vA3i8B00(Pm2-}JsG?PLKv6@-!_&*O%2Wye~TWR10QAtVpQwyfnMnf82Emx
zmeUEP!|qJgl)(*bKJ?!QCCG&Ag84U77Z~VoQ6|*@l8>?revys29>#|a8t$K=p(yMU
zF4M{BZ~!wceR2C1$8EtR9KM?u(G>g~zNxGXpch6G?kjJIXbCHBFjUba2*+ad!l<Sq
zSb;5Q!;=3rInE!q+BP3l+dgb;*w|bO?7AzSCts>)^iLLzj;azCm%SZ!Wm3m|<&pil
ztg~Tfi~BQGXANi&=`2-**;#&=|9JFhGCO*v9Pz4FPd{eVBq{t*84TcQ;1xEiY6tT`
z#Z26rY6$eVkexA*%gzuLHs0Hs3oNxWUlj@|9fr4%P5b^YbY%9$7KV)xfBzSQyo;Cz
z!Iy7v;Kc90RvS)?&|KF3-Ht{vk?9ZHEi%2HmV^Wr!|{M&qlbg-h#vZs%6cAbC%fSD
zZc$WWGmX+(i_##M-M|`Zu~{iw_^9MM88+->?=1onY9G)@%jB^2ZkC9Qk8W}!V?Qh!
z&J4+lr)LlYBhM#=w8Sp30sKU(cF1^3#M6;AMr?$v1N~A!{6*JFaHf|Vr2JmX8p7w<
zLLh_f0Z}QlJ=~65CBnOFV>$eK+f-MbaUHiV6jYP@bGSJzg`%LJCc|g*_INI}tSx3L
zfp&O9oZYDjhicignaUdR<J!nJ<~lI!4aTrEfOY;r6jq0kU_YN57_>50Pg&gK95P*G
zaX3I5Mf6stYq1D!k_gn1A~lHVM7;3g?b>zM-VM<w#LLXNp&D>&l%f?GaWga7g_4aw
zWRx_-)eN4>p%L80h&)}(U{H=A$^Y6TG(LUsu{k*JgC$<YK4v#E*+&Z)eYeo;+SCE%
zC?1!kB-b`A6)oCP8%j*t`RE5X+R5awWjISncyIscmiTWJ?Vfn>p2vv?SKw`2;9spg
zlx=b4mgsOFm<jK_tOI_)$6ILcn;(|F#A2W@h}TQjQY->^T2u5vKXd$C5AS3da>Vv8
zwvX5!@1PMotk{WzH_+l+G4L0PMNoFkjGGmQJe_1r1luDdWy<9z-PA@L4n4R*)?V}q
zY+!C8=dv0f3Sq9I_&LnDIf!0Zaw^#qZ<btQvA(WQrJx^nfY2o>#$o6s6)oT7#Oc&Z
zl7>Nno#2bVN_b#IilM~K*3K5aO!FyvSy|ttmrM>l+cWnbS-&Z+M_wJp45G-l9*d>O
zdtgom(eSiK4E1V&mc{qLiBwf~uToptpSMd;cE2Cv%HBIn1+axR9&OpYg$rzF(XozR
z{zFVcFRXq+CiKJXkch6BmkzeX_Z1?%R9{3Cj_3Z)lG={t<M3S<S>j6>vb;fNd8@lA
z+rlduYU=TBs*#Kh4l)d^&l%PY2-&x<gqgrD@M||}OwXvsG(bP>2P5jqJ+K~4Ewuj+
zA;W&w!OLNyEGWrV9e9Xg3mBCpN6I#4woP*x^g{n^)xUe{8L=^ptRT_NIZV2{61}jh
zNMH#}zFQLi$|9pePJAcbt*xmoVEW?~F|>ORjF$N~;9wZA)s$1Eh!-G}zXq~$8p+qP
z5@ax?Txc1kL=?i706iITJ3|KF1%&qh_TKCevp^wpATT>fKA8ACYhR)y9euFtF@{A9
zPo>aT5iVM$7F`;_fK3r8Q~<k2Np;~|F7N_vMH{`D*jNFq9ii7)-`pG$2KU>G?F65X
z&<=zia3D@f_L<rXoXKJ0%Phho4QC#S?O?yDckkO0(x<~z`aQ#RY%Un^qpS*<^FMk)
zW(x2Bpr4RQca-_zH=9Drq%`kUmKcw*>+E=ZHCo|eSa{6Ys7xOPF#lEEvbh_T6Una7
z|3w|Y3-)~<65QaTB9&nmct<{`F)$*<*3ROF*a==#itxIJqgYT0c7@L+3(AA%GYmYH
zH!~HBUGe5=4$msR!jDC;B4EjUI&RmD!^qo%*Z>xqWJrpV0W)rwgtjCgkTn*hHFZ<E
z6RA!jT6MxqIHZ)PC6Y1?c$+Bmi+~7XS6F`ojq?&};*9Q5Ex~p$2&sviLNQHj2UAi7
z$%j>sRmx#=4g8d?)Q9EK>H`jEFeroISet6-PCc?AM8V?y(03SPQDs)aL|JAF*vF&A
z3U-B_K2^lKG4cSr!eB2Y8U!(k+QC+>kjx1gjvS~go&$YZCHd;OOxoA1F!91+nl64(
zB^sd@#%HS5e_mBtB1z%h9E!NUxwAn6d^FlB*hoU~Y9@Wqv%6s!m=7~jm{iO@vkVJ$
zVJzkUb{A!8DS&S?1kIkOG6tV?lYO-&B`6F-U_SItmki^BhX$6=r%MU?7O<&1i_*v%
zN}VK|fH~6Lh*j3w!8rL&PIOA8K2TS?=BuCyk~*S1V0MTZMo{XO20Zf`W6(v;w}(F@
zN=(8sunYXqjS1{}Hg(P_7CXI@)mW6Fx^8E8hsj?%Sdc+Xb9EQPJQ>;odSwLdeJN3V
zBAdu@R~PD&;S6SjlG2l#t7WTWvtox>7KdXCm|A5i#0GFR4W&{JQ*RfgXf#BGl>uSM
z&iv@w$`UM<gp58I{E)!5ut)Lq#Q{Y_XEAKcq0jA%!Urtzuw*G}UPnn$^KxX)A9R$$
z=))X^{c%xg!#;>U-nNYA1x+?NJH&)CTf8)wRTj%OPmy|hP>$qDVWB&t1lz(+S=UE7
zJadJdVB|ny5FdsARZ**>z3;Rluk?Q9lN)o$IX!)v1BI2Pa$1NyAfJ1gzVg%GT;;l4
zZ5DX{xv<(S@X-zr&2+bTEC=>q4-DI<WoaDV+v$;$z>!$Y3$Ucva+yfK#oBa8mj%T!
z4i%%`x?h$#UIx^fUY%$+*2(^G?NOT-sFlR}+QBwv(VAh7>2TXxS#-}1Tc|&jKmwbm
z3Q(@URVl5Jo27DSpeTCY;BZXn-|5>uYLCg%!C`Y(#MJE`hNoD^)qfc5a8UYr`ArUo
ze1`SlfuMZk6$F#I%2DR$<6n6G-wF5)9NyaQVSeqETD2u#A@^(?a@$PghHB(WIs7D1
zi9~{*?1bDh`Hck>cq_38KHThy-Ahpxzx{;VZH@>tGx|USVfTTLMKE`xC(0w;;P-0q
zNVj8IoJYEECdPWCdu4TW)P^AA6?hJZO{2ofevZ5h0rG>k+61u(Uj3KU#$Y^%XLC3v
zYjbX-HU<{K&)<3y9+Z+G4t>Q1(4Z_+((toic!DSkQ}&dWv{j++%-G!&^&n3*<Eh28
z!>%42oDnitgnn7X)KR3TXF9m}dU3H8&b_tY?@tA62tVr&Pvgq1$IwMg$QN9`F=F4K
zmzSr4q$C}*9UEJlw&pBkjNZ-H?{qr(9DV$c1yp?>85rc>Q?QJxaxJmw!T{!$5F1om
zk}gUGEQFydD{KhY>gK0IIiZ7vQUIV|?|(ubu(m7hQWYtLA^%M3-70lmSWT%5&F(P&
z`mv=XthyY!%GZU3>H#%%%tBg0F4rw=i5HPGKY>2pgfqN>!@J|c+6Rg<v<gW8Iq(M|
zX^Dc9Z2iW=usOUuGAyt_-U;(gal9f}`;8m9MaJ(NBQ?1x?^&m7CL?4CbHDL0flXn)
z{3Z?N$s(G<JbMvS;)<}-^781+o12*{BiX=M4mNI==3rkAR2(e8VeBps!_zDdc3_|b
z2YYIlNAL0bVjzj_M)3A7kFF#on{Sq-5=_$xV3{tcn8OrVP*ba*ADs#sD!(a;k|`~?
zLF8G)1K7ZiWmX1j2ZlwwI}e#bDP<6lJl!FOQ>`3UIOXuZ%%Oxs2E$A!5Lh4X6goGV
zVF`zB^j(1<xdsCtC->Z!wU;EDHPh4`(x9_}#p(4i4IYt$_2PJ~gQn?wws@G{f_6TK
zS(4dH{p&_;40&^KSOvkpn8O$;M|>Q%ZSqLn?-mM^=F7z*ew7)Vt{<40wdOEbGP*XL
z;VmMFX|S)mEWFgJ;OXe)*GH<`&3Hu>xo${Us1<J0apBhO9-aTJ&7Pnx;6e_sOX~Y0
zXLu`-!XRecOmUJJJoC6v-md3vu@VG1ER_l5NW7V>)=NJ31Pf#rk;|jSazJVhy!-Q7
zb7142<iJ@RPE)lI<ey}Vts0;G>#E@_2!zS+SuG@i$v@-7fSS+f$BkjZtdMqhq6NcQ
z@q$6>M7aXXB(0tmB_0B_Ad@AFZ~0#&A<)OqR084$OF%FsAg~Y)Z}3!Dab|*&M8*)`
zo2kO1p2Oiusg<118J<V;vmu*2!RR=WL8pXgb9miUuFj=|ziiYAk;9l*!;I4y{)xu$
znbxRnKF}Joa=7y7A2oMc@UurpG?+dp>>APFlN}!Isye?~`=_tjJ-wGh!(ahsk<;li
zY{ZrKt86(YbUcGI^^~Mk%~VcTkL{C}G`Ng9vyQM8Anb9A+8Zivk&<1{Jr|}f)Pak>
zmQ%x+z(o^Cww%PkMI;VrUng`8Vx6-PPr*73=ocOph^My4zi{aPURZm$mWUn<5u90u
z86rZ@ETb+91m-oxhR{va5X=F+P-^`1P@|U@{PvFeAL=Nhf^rICT{%Jv%CO;C*x+=m
zQ;LO+F+YH5a5Q9KKJOySvFIlTfwXhc%dblWjgkrz7{j{4@<aY9*u&@TP})dc4)eB=
z;s9@c=?S8@kQ@9ePD1n8TVaMebn(V7J;DD-ZCh9eT>fj-?d37*wgKKC7w|GMG{~s5
z>qN)D^ss>HzJs#+z%OU$yH|PCI+vuxB@@Gx@PhV<sroEU)r}Piw}=`OX}nM$*(fu^
zigb&7kT@C{mlO^y$f=>YN5v(RYSe(RAr+s83(T$fx>{ZSMML%9nOZ&aarpdOkH9>?
zU{cr_=z~j`!6C>n&u`eDNp<AqZmhsG9!(8bpchtom>)}MX-*D|CVF6$Vi9c4j7)~g
zY?C3fc78iCR6)_HW-l;LZO#tGL?1*BL#4n-R|S6hxyMMp!~hnYfvLQ8Y>AjoMhcRL
zuT&){dfg6Hw1IVC!%8WOnqeJySg60<ghAoz(wVJF!5S+RH7l$Q5C^T=WO5kZo&8&=
z#mk}3R%;66<?ym2fR=xD72WIx4r^rXD>=glVQg4IADNugBA;I(`SeRVpGaJV8#oN!
zsdK0c+q(<A9A1GS<OFH{^X_BJJwlYFNBLmv*B*vh2A&tha}3GDIgFnb3Q7&A5FXUb
z{C~7~!CW|<RmyLCEYTNaKHDT&vzc=+6=bb;N)CUH;^x_s)qDN&R%)rxhMmkp4Lrv%
zRH1upg#sCSt#Y;3pj9fg`m&Uh9bdZkF=#4cV$clk&afyp{)e`2y2PMK-nd!ByBhi+
zj~V>q$w~2hwA4a&bexKT-6K(Gew|=Op&7F}Itq=U=Nzw?a}M5~m+F}2k2)8q$@?4*
zPsjmM2+wcw2%9-rhi8}E{(KcEM9zqUws<wR98(zvV8}|nM817eOiU`XkO#Se4?r<x
z^4TU&@b@4F_Rmm5P(()=`7fgetsW<)gtIw}RFrUVV-zKrp<+zQ{?AZ=nR$_%_Zk!-
zh<L`g@BeO$O4amZj~h=yFVAr-+RF>w*;qP<ogc?WGD_!paUpa1c4xm2c^fwJKC_09
zIh8dL^T}AcNs^w8pesGgoWjAx46T}%^9uRNOJSCPO-XtqPNmlDFHsYYZ#?YZ#A}>7
zgAAhNpq|6ilR`{jfuz8shrcAkeJO?$4GQ(3j8|hC%#lzv;Lwx;L#ASpwwpK@h<v7P
zq`u!zwh(RnFiju^;;Dq>r2O9tNjqJ)sRfkEt#aQ<Iu_I~D=qK;=?Y#_2~AWh?5I{m
zp_&J`8WaKR1z<KPB^f@`-9Uu>DFTb=dIICHcyzeJEuK+KNFzL3$1|Fs;u(2i%~DU5
zzzGb-Obb(dBf7cHP_IPfRW7Vu>Y>{=r-g<3Qg9fv)RW-wyLr}1>9~L9@TJV^f1*Mi
zIYgLP_iVVv2opsdUfSznI=+1YRQC_tV@fpSaCna=Dx&^0W;m2J@|mQ{`f8u8ti{j7
zmNj)>bXg6ZiaOpesiF?ri+UrjsIOv*dOFpqtlfQ*Dy#QFTUo=NiY@EAU!%)f=y57*
zOmbzdwwLu$pV+d-AB-;R8OQE=zIRe(eRIfG)|}q4Wz9VlUDl6|7{2vH&1Hf5bmei6
zI*0@ei~Lr}A3qUW@;k?)Oa3XvspMJ5L&=sr^9iO78%3AA`FJR%<l#@SBuZX&B<YgJ
z_KLVUw3WR7NNmYZ^<p&-j(3tTcv-KA*C1QLpT!mYR<F1iWm$Bb$ty4mx(T(I4SyxE
zGwpt6k4Cn?f7mS=+0I_t*zxg^WCB0zGCyCP)aSd+&p%4)^F8M0tCISBulf1Pq(0wg
ze!e29&-a_3FF%q*c(Gr5F&2!3Xz6<-WN?}QHRN!}&b(2XaY?i5z0@Nm<Y6g<yz)+%
zcY;H&gwiO^70Znr4oQJ@vlX4jT#x<gV~>&KdTdoqtFQExwuC+PJFLR~-+r8$76^p7
zLV)E`<NXVVE#t#htf6hshU0?~4chCm)@18JfhJL@nDC%-O`-Ww3VgQD6FHm8l^952
zSYdg*J7IbQxdVEq&<2Jfd1~w5mq(()V7_GzpD*-tJ*>v{a*p=%No17K!3TI-W#Hv9
zXW<x}CFl}9$reIszhaxRTU2KKj)a72aTbU13mB=p6s2$T_%L$;5jhOr>tS`sL+=tA
zv^}TOpgp#P1})tQ4o8;McF<N&cO0}IB|m7}|KFhfe{9fR&tbc5&~AP<>|{GC*0TcZ
zh$=Lssnt3~fNv-QT&D=|4NZV+YE6KnoeA)r|0BTvYN^qGLWBV4IZ2J#Hrh+$P$00L
z$wMb9(LvU#PxpAVu8IE(#md3Xgry$yaHSF}8>WS$#L8t#tXyG<mD{vb`71P6S!`pb
zN8h&=6S;pigUJ1@#YFCOC#UR-YenuiaQJdYSgkv0axa33>pTga8rnP>Q`J_F)^ei%
zGY+ur+!ukZ1Ui#mzSJWkVWPfXMC}<nliKt3B5Dua2@YQ_^3>Ab;Fy_V<#5ny&!)AW
z#2yFb1KK7s>J8nJIsF`3GIxKZC0_Vk*31u6RJB(uQs+<T)=wvJU|H?z{y!Wh%evnb
zah6DN_DqkVX}mSnZDOQuHkXtuW#!WRmRrLTLnG{`bH+hDCC*{&(-L?;{Hj{;v}(_<
z8u&i7uKX|2l_$=(t4}!I^Wm!pJ=*i(ras{~&xi7@-SgqXzTr5}hwmNmke@<7we@Uu
z+@x>RbUX`IAE4%4Og<0&@Q9oiUMQP*u^}(N_b8W#Bg00l%fqeFwYIxFeEpy&*5%=@
z-eEVFhocXAA}$ZxXs?FT%m!(fhl^!BO@D|J`i7&u0NujX2lrSm4^0OIPZJ%~<nV9G
z0S`I+<M72oT6cMS7IpU*3q8WT6C6HUSX(hUZk864>ijh3!<rQy<`g--E=(W}T#9vz
z-6Ew6yn@5%$zjb<=k}#7S#4qd0gs_eQ0~T}d%2Xu0!0fZDu??fgUUjU3U&AR=<YV%
zM|wGIk^QG#sy0<FReQ(MhWfJKp~#mdL5l0L|H-hW|7XFF!ycBJ2HT$u%e-4a-@{TQ
zK!zF!D|_q5;|_UrI20BBp|@jclWnCnRq^AeIDfg`UN04I=5<@WTEIH07iPg5R5RHS
zfi2);wWQ${*hHPoe=}rY7WbRpx+Ql2y8KE`&$Ykqu{1^h7dz|@T9dU&F_X1RlvKUk
zlB%OZmcPmGEZ2P>JrmXwAmp&?SC1)|Uiy&a(sy%cyu9?G9QXmugROJaka_XL<gMd3
za+xejtt^7qzVam6gkzJi8^&t6)Z-}!xpeeb8h6k@uiL=glCl~IWefAc`;Ukc%!0*S
z+r(5KayT*H>cqh_BAvK>@xQ4Pk;D9bnp|Vdc(Om1FD3!CRp~u1FIEDVZneN2UOVOI
zCJtMq@^ec>;0pMbHdNK2F*Ra#?23LKhkXn5ivF{+)yDTcdW0GLQgbcp`Pm^Y&wLz?
zETE%>*PAbo%_1j<4LS5&$Ra+;eFC${85Cqtv?UQV@HP%7-VZZ!6=Dh10_YK^W(f{Q
z_j$BS>V;o<e&0n{sgA&pW5TrNZN(Hh-p`>{$91i|9EL6?alBvl*BP>7)69;2#`Z>V
z=v(Vv+!xo2pZxQ^*y?xa#Q~GzdvUiDUeD||dvWsb-HS~2;=$Nn-04)S{<>BHI*fe=
zbTd@vsdFzcuJ(w?*2`e@Mo7c9@31_6-(iXSzQdZgLq;}!{Ds4Sy&kPQ?0J@Sha2T1
zfgJ@tsMuf|K|bOzpTmoOVVc>#I+7^LIdJ&VwA+1Y8RUY_J|?vRPIKiQk$I1**K^O9
zlSCy$N6utSv)`BJM%eF`dH){v%VCsWuoi~EvpB398)n#wGXt+9zX)GFB9dD|`6<TI
zsSXV)GiMhUGpF80_D3B9-Y^3r@6~%fqD?{+F<t`6;f=i>)r@t|k_uJKVc=e3Aeary
zJWL(RmUDDvCHh!di6$;F#rbM&C>p<{R^ohhw3SFTW~h_h;0I+lu#8p>Doo3>m--^#
zTDUT75|7&SHK`_fQaGLmPfHebP7r-T%nBOXXnk;Y$fCG`dt)eW*Rx^6d^s!1a(0G;
znZs^p(_j0^!278}ZoES7Q)OQpuVMSR*7mh`o$YI{|DS#BzuLe%%w}Jk=1O>rZDd*p
z=7cqwA0<i_=Gsgg1D$NsUswF=^jFO1#po^M?a>GCO$#&SjrP-}<ct2@X<=b53whzA
z#U6u}hu)XU%Ae$T|1Q;B_xyCe8et!(5jJ0qun+VIn_pW?%)1|GON{1C)<m~gIDUuf
zmLnde361C#HjnDcXC}MSp+pAs3df&2tv(w0PR}lnRa>)54t<Y#n2Nq(PWyc@`(dM`
zq`0I+&)J4@BcUO5&m)#4bO<-6Y$KmCr)+VQ@Zp>YCCvHo-#3$4e#n|g&YwrUJ9jSi
z?)-VwyL2Zw%$--;-u+;1T<`iL=SwT8x1Q@6j*nb>;;8QFCwhj>W1aF@Oyt^q)nTW|
zwXYmgUy`w)x|)P-1{^=;p&6<bIOgMvWLqb;kxl*hBB8GZhmS6*O*{Y0VL}_Vo6ND9
z6;#z%s~wuT`<QO#z-p_RyN|^+v)Z|t1CHC8Ip_)9%w5OLW|9lV3uPN$_@iv&j~5Dk
zEjWCCVQt#@7Y@Vz$neJafx7Sshk?54xNg^^C&H$FB%j3$)Hj}R7^vHi#|_lMJ!}JY
z{|S!@I{aLZaH62YdC=!#b$)hjkFa?HXvhg7bxi<=TI<g!{%Px4DhItUj@PO-_H@vy
zUO8&hs=Tnjbp`ri=*8r(u{BLD<&8EB{8X!IRB{+{v5GTdO(-WW{EspVOq>-zp<Lb5
zVe0noQI8eg>P#Mtn(M7{N-#ks(4D!iwVav1L9niCE%deEu%@<%j*dli)WZLeDY_vf
zqVpUOo$Cb9oCJu@>FKah;?twFpaCD!!1#c${IIpq*Mh^m*0tmsb1shM8nU~z9^GT{
z|6ld!|Mv6GH*%OcBjQb>gg2$yapj?g!my*c;wR^jRa)a((b*^|A!*?;lH6ZGx*3Q5
zbjs3F&Ms2Q*~OM}Hr7<mZiWq(a`t5(SLLkV2NC6L|NMW4a>o5Jvt@d<>si|pz|`ZG
z=Jxp?<dA*mQaNNl|AWxig2ShOsHM{O_N6uIY;PP7#Va%0pU_Nj$Z;#kzkC*>%=A7U
za#CjcRkMgPGxS(UDKp!um1jFkXWMdtZ03l|WHYy1AoR81@a+Y))Y)FXtVW$}@-c^I
zZm8DHeEpc!%nj9X%^Z5nv6)Bh%^ZDHH*<Z@m}c%hUpBM<<+7Q3&lmbyaM*o*Ewz+q
zFOONuIrLH7QjU`&KIG8*J-w9k)rnBNR`W&=rk8SbotIOcr&67lpRY|;Q&hE=o}aYA
zs*=N$%as7O>io$^o|<D<+BQdwH)}q@sphLx&CyR08H?co)3)W;4fhHaw9^OQb`&Lz
zN{C&<XB#}iW^-IMTG<@&I&vMny}Pp6!s4~$0X^~I!!tSb7$ei`<KpM2v*A)h4Fw%G
zGD;2wZ|?PwHG8GUAdg@5prOE0xJy-E_@!pCJS0j=uoO0=2o&0Cw<g8hk8?t;6F#BV
z2~Sw-ggx{+;j!AS6ZVK(C+z)o?K<kv7~N4@omLB9h^!X+&DBCbtrn6uNF_3!f0X<n
zt10^Sw5Tb18zluUv82GThqV;A1$L$ha>uZ5nO+mf;<x+`YXh!62_j1Z*K>HmS`zqC
zEeYHp9|?Sr%-M(6ctkQJHPD%)UhtW0<@@tw_YeP*?EUZ06Z%?k*m_<qg~W@0s!>Qx
zJL14S*Y?uf^UWg`_mt0KxaSK;9J%MAUN-JI=CJ0TYo3hZo(ImA&FpuDZ03P;g}xRX
z_MKZxA<_4W8imB-!w$_{@uY6%l*3jt<+GS(jydeu%%7jMHFN4A-OS~^W188Ent7C(
z*^8QaR5i2u+*%5WBUi+X<9;iX6%zX==@I<XQ3qB#xMz%zSl>$4dGwXC&g)xg_VfCc
zRPD8`Y9l0GzcNNhY*|q|-t+QgUGw=)HJ{bfE+iVc2?@P4Tt5;>#0Nj$PeKFh!^`>P
z_HXe;|7H&J7Y;Km4zt)?betKz=r}a2R~?nCGi<W%l{cbf-JtG<#c|hXSsXWAA38`^
zhYrl>q+cn^ln*}J;|ZDv5Y}bs4W_B2P*<Q2#&uSkQL!V;^QfJq&%|y<Jpi6SVZU}c
zvzK<cD(y;JX+Iqg#g_IrSeB#m8~>1SG3uu>tiz#~xk7jJS!Iv2nfXDf^Q*IUg}oe>
zUBvvfuWrmN=TO2NPN-@9jt`iMVOUqiGF0&mK8OjU=i|_4K2uYD)mJ0thV(LHWb06`
zUMvcP=n#1-Uciw!5dI3&@)Za}TL~-9-3+x7K%hU*)cZ=|vf`#zF+Vmjni#>zT(R?U
zcs{Hp?1L~OMQ<ry9My}du<c5wFwEyLycMfqS>mtITyl%Im+DoCFQ$bVUM7)yeW}L`
zStE6cD`WQKC<u2R3F)w{o93|^`iuN|r|KDWL$lXfC*Nz59qgC&^Xqttc$sCVF}MA_
z)+g)|jVX)6g2n1oOCnwo{GFAN1s1EAV=5yHOl3ro;O0DGr@-g{cvRrpBOyUESP{L`
z9B+rO^Udk^Iy%o|55+4C$!>lf6UA<3Ju0LMp2cC)CrVcfViqrVhR3MMq1A8N$D!xl
zKSmal0(HombrY|kZ9OHtJo?Z_z9fVjxghz9yo_Eoggg=_9gRBbgPXYcJ(C-?PF@5j
zLiEwkX$IyIOpQ3aelXPDX=e{-9G-hj+c)z#tnZ_#?Db>hg&<GPkR{3RApX^plA6VX
zcqjd}<hLp#0Hc+<lLza2Gec?x16m8jdZaG(*S1$b^pD>Livg%+w0sB0Ln;IvV;C^k
z2@fw&;XNzxIu4sJmNL;STWwW8;-Cbq>_tj|8u;Un#00NGSlx?BF52sULm#71{B2FX
zVabROgUU^(X`+jBHDSq!1JN=<Ma=raf!hp-mJvgxj0naIvySjKS8Vas4^8fC3;%41
zlza}a%w#pOVA_L<Uf5->3=f(SW_XFL*$<0tJeWBMmiu653OyQT9zW~|%d~v&8IkW^
z4!sML^onLEm4?h>H!4~muv%9`7+3&rPd9gGPwTCBGI7{6pRrVqeweRK!Oc0tGVKuf
zgGEf4Yz17Z%%!Ou8^90x(=uiEL=G=5qFn03j+r6*UYW*Jb@k1FMLI-7x>Phv$w3_Q
zwrW|qSYQKUYojMBi0~h9G@no{jy{d4&CO#;Y$YP07_oIAT5KgjNTeG*!s5CjD7kU3
z_cS+7zfcmyLx$Ol+hi{`f;C>D{JA2BK^M9cLvcw7J^%-}3NZJ4cOmO11YX1iUK|&*
z@U^~iM@KR_tks+0u?Y6qUAMg4HEQ=Da@gW!7R~6>D2E=7@(%BX<6MwBFtdve5CUfW
zwPT#6A~KlK#VjM6!&e@rzJDuhE(I*k(4ob<YCZ%vF*y-yZho-DE9c^EEsyeE7|}N@
zNGw`X&y3tPF{F-Sj9Q(XC%zjwd@lu&<n5g$Mg3SM^>V@C=tmv{5q#7I21P8sMc9b7
zOlD;W9h{~Bmd<r?8A#q?_8s!5NYr>K7x<^R*p$6{yD2nzu=<!a?RYY*LbVog7`l=s
zO9uLKI0OxwFReljSJ>SdrE%Esj;T)x4xcQvMO%4wZsg=f9&DV)A~H@6JKG4%p+`3d
zl=sJC4r6A88K(IaVO00A2ZNV$a5!?1!u5V_?f@x(pR;IW{Pc0u%;=r>qIVwlen^nL
zFq6ajRH1@$IurOOPdgF#+rL-@KI%V^!1H(<VXskyolU&f^lUi!Qx;($dnZ{8M3KUd
zqai~Nfvty4+WI3GcxfDM4Smv$w$eCEmeg-fy(L4NWOi45_$-Z-@z+v>q8&5)XkC1I
zFSqRTIZT?vYMz@6;ZiWp`%nwUd2`Ik$@C8`!6-OPpoz&z8IZE`7n++*r`2MXX3k{O
zfcnk{)pD+;*mCc5C6SlRvm~;egCELc(F0WnX`B>d@hbj9FfK)Tc75e*kBD;yPioPU
z_rnQ!%8O69^OV`uYSoj&fD<932G^XK9D4lfVOW>TLD^bI?+lOuJrd7aE!7rrSoXCi
z7ztv{Vd|JLQx2S0>Y7zQ9b=ep0z3A5f~rExpAH)}`U)Mp&%>nr+^J)XuUqJ`B6Hf*
zAjM#YPmX3VFFZgDM&UoXe^{uE+#<ON?r$(i!2CA!;Am%qLP>Av9gYbl{f_MjVG!?x
zV$-9_yuM*0vQOF`XP-2KMs)u8*K`$mznd_rXr{IwJQuMa<ny{Uj7VDEMKAn1UysPA
zKL|6tNOHq5X+|PeGq#5t$w}>K4s+IL_GPI`uKj~elRY$7QFm+<TrTwZ{{G1riQ|P~
zhe_hh?xtComqT@~k!Xy(eLUnkM#eqK)S}#l#_w$Muo<d?dQy?e;lu$?f&jvYtT80?
zWGfST{o<h|w~rp9**<bu9+@2w=7O}&g(ygUp82RK!LIO53Jr@j-HnDNC3rt<@~ZyW
zd7(%+EqMTrq$o}FsTAQ})3FXU{X*CDn6gWFIlQpij5zT-%<^cUXV+qCbiF!^fH!FC
z#*efknM(rM_Bb=t+5aE*d(4ry)u$l)>4FH{yV4nE1r2-<22Kd8I&4c932FL3uQ-~1
z>Il*FimnC~bsHQ{p}y-y2IMpjLo&2My^;&to+~TQ7kb5MX5XnicXpu;&*yUZ8#OQm
zTJ1wGd_PY!h2e65wvkob`i0i#lAU$VGH0DWcp+@fh4$+i?bk~j<foUzn^z=Mb7mfM
z8_MUwh{ftK1$BiXl%Lp*&xD1OvsUWc^?N-QfBIINzPFzj*SRFt=1BPxwS4icT2QSI
zzaU{Us5|vL-pVWS_V{jptzTTXuiH;ubntO)7BNoIQD<k%!FnE?kkgZMl<(wUXVt(e
z5A}%4zt;)Me|0CtDlJ*4dG$vzR++OK${t#kp@2BiI^G;YHpn0T1@mkl{4kLu9(IJ!
zvsHx-p6_6fFTo(Z4=QHv<3bPAPjiKK6TI$dNVxmtMGm88S@P;S=zBTw$nkn^;^i<p
zJMmb4DjxI$3iOQ+sj-Y4Rz=M3CVwW9n+;0m{a^)c^EzotuaoA0o#1G;8e*ea;x_d=
z9*S+#-Y1AszI`y3knHv}>Z}j*RA==)*G4_smS*Fuqy(;Dzulv};4tz-7MU{;ctIO@
zfkfa%pYThA!=#y6vspPHI>9<UAoiF80<VLER}iJlQ%YtjNz^AZ)ptuB2M)D(YUsDO
zIE}+6)hvb=ecjPqN*$j=guAtdP9A<Nu9LS^Qz!3!fC!iRjk?&@Z|H@gz!E=k(*ubH
zf7ax&*;-pm<FN0N=-KIqw7Ic9%*&EZTijVl0oDn&%YL9;8_-3V+cxeaF*P$iDgSIv
zCqjj$0b%Oh8@M?R+j8i=%fs**?Ku6ZK4C)$HH+J_-$QEEh72KerTj*uQndQpMJi&z
z;U&L_u~%};g*A^cp=|_xK4Z00TNc{X7FvCxGlB5@VIp5sHI5mkU18=?57UfscD0LK
zl-=H!#r9~PCneQuE?0Ot%s3LNkVMVl7iT~0F8Lsby<Qu>U)k}U);nwno7PoQELEYt
zX+%SZ%^gXPz>$11UjO_DiSmf|!lD?v!n;yrR>8h>`SE5l@Oe3$SfR9*3fc<sw(R;_
zNhMkTFiq*P6TFp1s1JWUi1it{)VY`kX*tsJQPK#$RxUz_u>3IQpte!&=&Otdei$tE
z_*Ptx`5nsF$@%iJK!33m<_A}iFvkaBmQ+vB2a7(IIuI$3v!wDUpY<o{AR9C%#he!Y
z+E4dypCi=2T1|8up{jTLr?>{xpd9-!ljChwSt>2jMliCtwfpIvrJks~-+eZ0B$GMx
zJVD7#?F0V-$MOxcP1BBq1bww%eWk_a+0-ew!<*?s3yB52!Xg<<0ZnQ9q!NhlNvN|7
z><k-cgd+yu&M-GqQpW;$r*i-KnHud7=c$+_=fq}rw&ZBH!Z5GN=wE&^teUjv3CYJS
zX(^@1t*~Ftw>rU;?o>lfex&i?&9Fw+yBNkU@fg@ZR<U|=*oe@lm4r&{m2H+dp$F|4
zX~JRqeoxTA`(R+0zWuVhp@AIiqtUaslOp#jSd^}&g>$<R|C*4hn9ja0J;r~Qr+dXg
z9K5r~L<z8B_P98`*H}F>Nu8>O&DGR9rkEp|9%rNJlO6U(=D*6rTqYr24o82d=r;ce
z&=a~(zMm+*j}N}s>me4tF@uPAY!}%xSOrtPM7yiI3U&XwRA4*9yzcU=S7=CA!6F*c
zbL5>I0Q006IITpE^6sLfM2J%)mG?l(x%x3fkAnAo!Vm%<f~{TY%}!-Zc?iB!9At#N
zZ>h)76S-86ULExS+^g;fKPX5)9GszsSQjmzy1>(FLQ<`^I^%<|!b7>XG3dS{>`?bF
zgw6VlQdw?$Q0Ol{lwYKC_<DmUCSHRNetuP{Q&li1PY&kmU~(tQZ}#J&M2LWtnhQYa
z8Sqa}yYp*?onifPV!($wD?EQDJYSG_LYATH|BFY+g7V?#6w(n#Kh9{aXA=mj_o&C2
zWUnt~N)dd(6GR{E>#RlalPjqO@Wf==e{y04*&BLH4vUgv>;z-e1f4`%=n)khHc$iw
zczvQ|%dlZJef!!(i4*=q3V!+RcR>-9*v!bbhf~4c4EnaI(vcMkqGBpwxsIdIn{l|4
zVLrV3OQ=G~B%eLalrPX<)Zr%i1wEs0f|T=Vk`>&-VfWM8KY1P<(BY<M2LtorczGg6
zY36cUoQt$;IGnhK;h$s9M{d~Vu*+iPKo(g^XRtAa_E&z@y;^-%5%H@ur8&bqSaG97
zYf5uNUkeVCn%8E>Yg-P>ZzTQ9wz1dp1y8ze#3B3-J42!-hwu$K3>d_i)y)38qFlfi
zbJ%HbBXU@4i(n8_;8V#JxYJ(Xgq^Vkt{N06P)UltJ3~gyG(l_M#I1fEzznS^_1mrX
zWl0Wv=s7*tShyo<4l>JpzF<c(9@&qYpMRM6b8B&1s5A(EWZbXnRlOrrZ5f%<ID9oo
z8M$XSld9^%n<QDxZbqAm{jlIBqKui%Vksk)IqfLEn!|#d7+x3c6!Nugp?If|JBR4a
z-Op_c8L>Vg<x9Iy$X|Da;(S6Lr+TY%nU|EHKY(fcR5g8#?nfW&S-@o5c3e%aA+w;7
zfquA6a*x4hs#)gVt68j5$YI+;ZcZV0521jSt!Yi*wVy+7?jZLJVe#%De>U5a%J5DO
z{Zyak!+{+kA-m*e^$goHEQNYfd!XtZ{yF62v@i>vA4-mP%2Wk*{T%HADwD%N`GH!o
zI|u7>Dg94TbI2VrR<=wIQ%w?^>+o`p`Ev7)SPs-g#XBDVoIa<=3Sy$4>Y>S?|4x0z
zj}@rc$O#=cPJE6rzh&WlW@jh~XOHj8G?EAZjWetxupi?U*k1>e@(TUfz-JjZa3GV-
zlRC}p9dg#8V%VF9&g~3`PAkwJgvQz*77F<B0`l7BN3Vp+M>`}X>%N>r^<@mNjPmU&
z@Dg5umq#BuUbHLZ;NEqbEIExdHO#2MG_7GR*yXs1C5ywaYMiSq6LT4Ex?Ymq+6@K{
zB%Sx~hWz$;iZVy6jLu?`nZ=6e=abFn%cGx9F`qBnp<P087_xvdwQ%s-wT>R}7bV36
z56AG*giO%nbI9S9`P%5DM*P}qmD9)Ok~4fq!tkZ$n(J*<^6<sxNproeH^y<jC$>9q
zy#XfI+vC9X2E=f^FL%asy^)&hrPWh*{Rpcg&eVI5ROO_`-<!ea5G_s&VnLZAQ&sDi
zZShLJkHbr{Vv?ObvCV~@`8W(wwa@3UeOpKsI7qU>+%l|NZZWuJJ7YM<%^cnt6vffZ
z@%+-Rc+*=thj|``UT7mCL;CeWwjn)$8FE-ZBZu_>CcA*f@8>&d{OT^}a9q;0yVd6B
zZ6TZ0X6O*c1h(P=&(~9&6FWoZ7MY%dbbSv+OP1aY_6<<db0RbBEXS&wOfE&LA2Y#E
zi@8b)zqKnAwA!qKk-spA7<m9oi{c@YU~^bAke;T)m|Y=35JlqB^2pNhP4I;p)31aL
zyce43S?+hcLP52I;BMGRoQ=b*=0R<19l&7lO$^^-0{zfUD(;_!1g#AoPO-e_t=dt8
z_q@I4=v=uYDx3w<@DFMW*z6E<i%}E9Xlja46T^RM`20W&TdJ9N*#A#eaw`RXmf*FM
zmnzCpicoh#-_aXKpR`0-LwALYpmkh+)J&$&yptZTPs>kk{x9}vh3z;jyHQTUrZpGX
z4wl_$sB1FGFT0W9C93w%@6vj$k3)YsFj5go?Xc}*@xjYOXwHx;8N(mBk}30J8N)3c
zCQG8fM+3{@e1W$`;d+}Jt`{p@FSFq~b*Ivx;&2^zlZERS&HmN6-o|0<O%m6yn+d!P
z#@=M8Yr=KxO$;w)m<ead8Mp}2_*c4G8J2Qk+g(*=?yfrehp5d}JuelUB--bCH`}|>
z${Bg2^04?xiy^fQs>QL#wGcXoo9ZMK1^rl$%SRP>p454GnGzuduwh4>#?pktNU4Bi
zD&D%{=Lm1D1CwQzr2(vS1~sn^qkUr+a06S@MiH5@ekx)g=g4PS9KLQTB8M{0!Xmgy
zl2RR}_LQhSC{wRts)Aqahz}I1DfY?dlqm}Hc^NIp2e`lnu(BlyMaH`!HbT}|{`z3@
zH3lNAY$@nk2-wkGmb&RIfvhowtRHrbqW^)>^q<S&kWKeDtRb*@NBj^N{G1vB6B&n<
z9<s|pt0*ljl}Rd^E4j}53>IrG>I|1}^fYf*$e=afzrp(h84IEhE;UMuu^r6!h@c?N
zpjvaoMLVM?#+u5q61){YR6DA|PU@kl)>R0DcI!^Kh9xr%feZudbB1*TYQXeu#>}mI
z_rM1?QFu`!2usXPDMf5ifj*dd4YN97jqHSSwZ*BcE%~M!sjUN;p+40H-rZ!c^l|uQ
zfOZekcXvoH*Buz3K%*(UddA^J$(UUBH?9jtjlj{DFs{bghn_?lN53eIWB(9c>ZqL|
zy-xIvEYn&i8nrW|)``B6N}a!0J$-$r?$_wGd~2VKeMwys*mdyob9A07uL+*Yo0((y
z)3_PjDICVBA?(K@7~e8#d|@*Vv#&9*0gN#_WepMGOV=_df)K$<%!Ad}s7+7nTPmtK
zHY>K!EDpyOFf}zR#0GFR0aPs$oyAmu!9CYFlAIxeK`i3+&<k~yr7tTexn`N^{-ytH
zg@J@NA6^<H$3Wd|^uZ>n))c@PNigP$)7G6KM!|9MI@mObbf;k<qokyqHeCJ0L=avL
z3+nqbgSH|oRFML&gZ@{One~^Dyy;8ZR1SnhiD6(q^iE+|&{hrYUp&lt+@_>>7{e<(
z-jsRwd+0xyx=h&={dfh>!JNi;MI!@q8dF9AWz^@VVkY-vnw&~O0p&b+mZjWi1$K*a
zs>Ff_yopSwT0MN0OI$InF1@{oF=X6t-~}Akcnq281w0oEO7VhX0}E*QHL)KRs4!Af
zVDF5OGKfL{#dIvDl&ZCThNV2yiUIZhz{PahtX%EIoar<jps&?57X~k8>~v&J1P)^y
z`rk)Z*<p<5RR*zcKrL>VI$ai5p6}_*oHE#89eQ_*8Um~0H+!f`jeB1&xnmBwe&+B9
zYl^w$)Jlnm<TT3WiN#PU>+HvSI5cJz*b3SSY$VDMxxhx&LI_>TTAeAGMlLj_f^IkH
zP=%L+*Wdzkp}y4W?-BfJeV(W;i&Rfp0A5-ZBSCUu?fXn^X3+;Utj#UiDi@V-{whb)
zft&-p&#Z%(I*-=&4KnTJ_xc*st6eWIQgftLZc_xSOa_bJm&5UH4omW77ZwnITszHX
zbbfOwvmMR2nOLyk=OPx#WDhfe*{wt*x(N9}???`~lv<)XP9TFEhG%i`SI~hpGmf%+
zR3*X73gTH%CA%a`$Sc_kS%!5bi)d=vo3kkd6#kjFCw~@RE)zE3v`Bi6-nXF4?0K@6
z+j4`<<B>|1OR;C*wcNn#=|K~9cJxYa;8on_vrZF?PdB`oq~I3v$G}q*HRn*sC|MFT
z7izQkeO%y!oM9dhD6QizZs0wfVS(N$dzQ+fT;<?}Ye|PWTeZq8t0CFs1p4IP0Opa?
zHq7HU)8XGj9>4~&uqrOFTjYU(|KJAR&l%R^W%2<wSEZb44!$Os!{JIgNPlK=@tL$U
zN}|<TkUtN-@`2#3Qsg?*WMU$riCe0#i_GKLGb3|O5v(cMaWmQ6naNqxk;4fy%?HV+
z>9JU+nUj2)Cl)gu!=A(61r~FL4GheI>m@<2^cWRVAa9u-3Zl1;Ud3ug9_GA|QGv~%
ztL)wkBjzeduVu+nb}3xzN%EyrSpg*>^mU1nsIiZWogdeAeq7)AaiQ~LlBks@>9Vd8
z&$<@EEU$o8p>^BqQ{lq=-ol}g?IY^BNz93*3ELt!-U(9W^>H{wsVn1I0xqbg2m_V3
zYuN1}&7&?zjo{8k0_!%$I~!pefu#cd0xvJYGSZ_?Q(2E=H85BXL$p_xx0u}s<K^&W
zNT1V)eesokF(&rK*ZRequ`kx>7jMMASgT)*j(xF?UZ6}tn+n(K4_{-+j0+Aghqc<J
z=EdG}Vpw(I8WD?E-81b^q7bE<HWtbS(9pm;;VvQH=EA93`JTuO7o!kaC;#oQ$fPzZ
z%&L%acxMt5dTF~*-apJR?RsSJuz_i<<X?fj8Hu5C#c7e3-9zl9Er)Ca!H-!mwt@C=
zDWu2>peUg|1qQ#_k9m?Q<)W82u7mY_^0qGbV<3Q7j9GHn1^kHh@pLLWy_vwQa}k?M
z95aJ7=gWbrAZ7y%skVOftEG}cY{YZWXpFgyFprlJTk`UzTm<=Tv@s7kOutL^@Z1Il
zHn@_cND;{xctprt<S3L%EiAi>jH_5^U{kKP+MlMhWO`bO=W~HUno%gW)S3sejhbN;
z31!s&awSc;d@xz!nJHN(Xa=x+rA_P7+VSK`%-Ukmj7&8QPmd&-XHP=ePMxGo)%h|z
zp>vsP%O$9DxhRs$2Qj%6!E`H^rIB2wPoj+q4C@KJk_)=LDw50Wm|W6e<|L*vS-di2
z#66+;C~*0V79Wt4fn{WapjlNfhYVHO`sL^=RztFk#-r>>n%xUhJnC~6z`7-*mC$1Y
z^OPbazwq&v)LDMXo*NUb5ECvn2fCM+b2V`qd8cyfk|!|7z$RQ^Q{A6=lER`NNsXpX
z5YOU*4$UU}2*#xdv%$#EqFSEC4Rv-9dA7NkqC$?Lc1m%nK;WlhF|2ru7TQasU}z-u
zIf2*8WN92GkO_ogMkQV=DrGsJKBlY-LTZA7;#W3>NvYJ(j~=Te?XQ7>S8#!Cb!DaK
zZD?Qx7kIU*to*(hK6{K|>jJffC7(0Q4dQiNkZX=+@LH;zg}|oADzR8^bCIJgKWLqy
zkrPJ|{mMKkXMd$T=`t?x3T@U1_z{ZC7k}Y`4)mBW>bt$LGONI=<;2<PRS+-Xf)+|0
zUbW!@FL8c#4HvXqrgpDPL>*rJi3_Z7ekF(5RZg#}Enef$<k(jlze<Y=;_!=o;Wx9o
zlMB4tp_FrZ1zr%9KoZ*U6uuQlq$tAiDh_!wZ;!XdeK}Zu`MmnFDSh_><5l<)i~Dkz
z{BpR?b7_jei{Z=e3`GHgAI7FIyc{-I_pj3ZR_lIvik#5@)SV#|`2E<%k5Hh7UJ%cL
zfhxB8{_d59>S22t1A1u6%T~M&p49};ZGxvl7lCI5@bmzlRU&^|1+YZ`Tb0mn0MDiC
za|8053+S5*0vHV79|9OGk-z5#Fs%$*QIIl;%~=hsY+E(fg`@@KgdTX4LbH-qeJWzA
z<|i(64&{4}S#T>VxK#j~Hq_NGlzFxyr+~@iOn7W&3@?VaLMDh`FbV2J>;5CUpJv^E
zsvTjS%`5R-GF}E`=cP%$q$;aU&aHH`4K(C1UrGQ_9;X@J$E#_E>5|QO*KAfrWpg*L
z#(UkfdCfJOHD)%}wy(&JuU#ubMr6lVzS{96e@&-vz@hhK#_)W3tvysLf7cauKV0W4
zKU_h5tLrGMeL1hB4IS!{@~p5j6gL~tb^U&l+IS^XR`B-3VQeX%b5Hq`PD%Y<X~8nk
z6_#xYVA+raEHC^fSpLK-iAUNR*VDam2W_xi#Ve(Vw5ROhp7Mw@EXP;4!E!7CEGv?L
zW!!Iq<qBR&qTANEJu6%r*LQLRmaBOsiA7t=o$e{0o$Lt9c2`&iOm>H5MiQ{hKH1c=
z$-QwePfkcJ>)lh1bcSWED=e=jfMrY)uzd8JV7Zc4k~U#$+$#6Rjkm#a4X-4{#+Guq
zd&>8mVOi=5%cNLXsv@uqO#+s0eiJMXeLl;*ar11j{Fzshk=B-Sx_in6&ag~%g=J9!
zYU!B-EPGEjZ+XkTai1pUEpNJ~{K6TQ(XOz3l>nAK%WH<E*OcD^OIuz^26tQIhPgLx
zs|}XxcqL7kY$=Dhr~JVgmgihy`6&S`o05R#`6(xP5IyPMxL*<vqH6b)hn!*Q;R?%<
z1hA}10+z8;PO>E0x7@XHPffAI(mocJ-R>#-O>u-}=W;h#o}J<j%d8||nR&8d`PRL0
z!)>r!%PVPF%a(GZd&&{cu&j55Wn=<a-bw<Nl_wjP)$WaZCowE5-BV6*hGn@cEbk?N
zWmpohY&_Yp%yDnr2R2y#!Yj!xWJ@{IJ>`67Sf;zevLFF0PbLA&?voA6+wP6~cuGQ+
zJJvnrXU?#^=?cpiQ{2_LeamWwrF!Z~hUG=~#%;F2QpqdnaK0_&^X@6XbB1MzD=a@G
zpq6iwfMv+ZhNX{t<M!KNxrtYj(`j4EUhXM>b%v$d6_!H@U|F36EN`A{SPm?6ZCvlE
z3Fkz6-BUh2)e)B6%iLh;H`N`MIZ41W{ba+k#l3MaOif5F-?*oI$r+Z7uCR<q0L$A+
zz_R>g!}5uH<Hp%wxskUg_rJE3AGxP|*BO?TuCPo<0LzO>z_R{i!!p;sakFi(+`ucb
zGCJjK_mp#;VVUU)%lrhe^hpAiohKWXcikKJkqwsr;guA$$(C}Qd&*CoVHxWR%V!B-
zIk2>5Sb9u5$*{cS-negUus9g7UT{yj#Tl08U19ky0W4dRfaST94a?K+joWL3#la-e
z+dbt0XIOf<!t(1>cXjTQBw!hRvSImkscYkUO-pER+3%jR&ooC^_AYgU<>_he)G{{-
zSf-wASiW;_-1E~CP8B!1r+m>FmTz2Pc_{%b?<N7u(vuC#XYP#~J1yZL`q(|?+s?3j
z<O<8X31E3C30T&iY*^;IH*V&%gbN}cxTl=s49jd+Smq{x<>@3~*?zKNnc&{ImDB8!
zsC}#?ddEHGYG+u+xx(^E0$6@sQZp>aPc|$g+#9zsF|`bLPx-AgEHAjivLyj5-z5Rd
z!09I$mVWMy+dVCzz2zzQl>3}v>Fo;3fdsI8mIN%XoorYREpcsJ_4I_2=oj~tPfmA)
zW&aX4So%zNhh=^euuMMLu>9cOxFORM8ZEcFryS-C%Vt+tUYzc(&P_-Hmc=I<mM`2J
z_vZA3gXmNDly5o1^06x{ZzrIZ5lO)E^~r{1fqUboPfw_~%yUmU%NdprTw$4$0G579
z!1D9ShUGo?#x0+oP!f%IPr1q&mUmoXS)BluLyK#M<><+VWu$xK)+gpIFT1DQ<P6Jj
zS6IGH0Lu?az|w!lNrvTF_r~p<o^Y|XuY1Zp&agb?3d_C(uzZmOETc{~EJqf*Hm=8v
z2rSq0O4=4|OL@>eWzQLou>7*v4VEWoxWlp_30U4g*|7ZN-ni#xBs461@1Am~Gb~$O
zVHuVHmiLl?W#NpIyaDwq_r{H$kx&wS?w)dtGc2FF!tz!ESVkrR%a<n`mPPK3n>r)m
zZm194Q_gUPWu7Z6vu3!fbI&FL%a11;mPzi7TRJ15fS%}{a)mQ2<6U7{MG5LtQTOwK
z*wK9}_-NNmzM@QuD3cc4z_O@Jg7!>aT<mzz|00+-iBU|5F}%W3co)}rdR=NxGt6^Q
z!t&ml#>)`zWrpd9)T=xq4q8ly%E;j%?3$sR5pZF-Lwt6z=?<}uPQsL1M1?V(#LD0@
zrP@31Q-|KO?xmAC1>}-M2)r7;dZYp`hpbBcoBX--cDzIWz5I5(Q~v!^<o@sS?-jRW
zd-=C*<o(_9Z$;$!9rnLh#{9iH=Kb~h@1OPGD`M`i(|@nkf3MMhFVTN5(|;>s%DF63
z@2KxDcd1`&y<*eHzP~C`?%(wHf75vUO{cpGGAi*R$gIS>p!cJd*dFqOc#r&{t9#|o
z|60%fVcyEW9rWM(t#3NXpNFh;bk$M*JScx2kUxKyKX+Ssb+B&RTW{N2`E`iSKJs1U
z*?m@4cSqM8I0(Zg3*xB0ti*o8xjB6QK4Su}yhh-yZ3W)ZR$v=wQX%kvt`hjbRRS-&
zN?=>atf<6mpb@#p%c{h%{P_!HRYLy1?H~4GkXwnD%T5$9;}JT7_X)4CH$Igi<1l*$
z6C9p>xV>Z~8Jwl0dKjD5(BlCQFpnpd9m)22h@X2r%;RBY4|c37>vV6~U3Yh_dho&f
zI^SJ&M$7WDP7gj<Ro10*r?UGx+*x+d-~V2A#~q#ies8O@&**gbUH9Hmb;f-i9_aFL
zS<CXW4iEhOzAks&?V*qLP1&6tsyatK@fe16>A9n02jlM^kH^!w>aM%)Zg1Qx>rwSc
z$GbZl_j*$3afb(udp+Rs+}Ghw^YW29?!V8t*OMyWck1xKJ?iNlojc#%sY+d|=Vw}(
z+}Ghw^&)s@mk#$;ozdZe3&|-BGLJW<BZBf!vzH<{(LqY&fdb5ASf4|E@`iM;AWs`P
z`dD`h<?*79U%MZmBc&b54@$9tEP&+T0`4XM%t1U?{%Jxy5qJ}N33R@=0K7qROQgLR
z<d&gdO2n4r(Jh5H!b0U6&Z}L;`FNS+les!%WiIBH;^_g*Ey0GTA%k2x&Du?1eeTDG
zC0M^4Pp4mBBMPq7MV3?-&ut)UuY3fzfNqAYhoEYqyz}xlbi&Fj>q_-x9F9F+p`0b<
zA@Zw{@f>W_7+E8M>5b`pX&(0@@-}63oDO+wIzTJ=J9(LrrFS-DMn2i>&dO5(<B%nZ
z^hH*w96RR)DRg#IDVk3anAZ~18zFMY43=U;iBSMgD>2M$b*^0SQ|PF7ZU9+RG~i(~
z_xc<*DtG5r*0SRHEh*Fl;fAKK1%WJJaCn0SBkiQm4fLso`Wg%TgZ^xZf<q$60{l|*
z8nxFGDM{&Fne~nu@1@F=bA!|*3YuSxXYvAyp6@kXabdQ0T*7#Ow~9E6YfRoqSisDO
z@w`erqYSSV0?&}bwA^xFRLl*5Xz+48RW_~(p4t$L49r#{w^$t(&JeZ=lRF?mp}P%a
z;1xoUcQf=eSyC<*UZvf-XAhBRm6u>+g>z;e8k}LF!0Z6}OX&9u<*oiKF0;|THcGL$
z7;^;{3wfPetbfg-4cRHV&_$M>DFnYB(O*FQl`iqedRJo|?Ig5JeIhBNn}K=MR$Jo@
z)nua~78{X9`q3!CV#ih+Lc&}~g?Vq4MOcIl*@n%deO4=E0ToH)VHK|+%b?TZ0e&Io
z2^z~K6h>ZFpsXS0n50+-^XQH>5z6lkbTF{KsU5Y(67I(aXP}q2q?&noDW1(4o>`7(
z7fYaZM)FzXpm}#DXIL7Py{f%7qG(Q})KFMN+?toRrPJNs3e2#4NRi{5V);|5bhY3=
z{nD_%bojnDkIX7!mi*IL-8E7^GtZ&B6v^HcJ1j#i;$<aeWhH@_f0$K{SWKP`m7CM9
zhEDv5EwR#S9}uc8jKgkEr3G6V50sVSDZDNgHNcWGJ*Wz>w8Z2-S`qF_YI4wONd-aU
z@T?@}nJh6c7*k*oXJ%>jXsqi}9*!yHmgw7?BDXTz-1afqO6s!mdi1x{*eC2+my;VZ
zGw0KyzrQ)UQkhl1g(fddg6t}4Nv6@%))HxE3t8I9nxdSCjbz9!j^G}4C%8@#Fu#u@
zI4R@;s{aEdPy^Up%N4(!9=aG-V+@Cmbb3+Z^g`AmU$|GI=r<5yY}*3A8xhv69TAq2
zTg!Te>hRN5x`4VnL*LoF?a}iq)pI{(A}Et)oZ%k@76t$5e1eouIcHe^w^k+~Mfz{e
zq`t)QH?+kZ-R0!H1IZ^_VO1GoJ!Jf5fe3%67&*C>Wo3wv!SrLIh&v3ce+PH3wDSsX
z$RU<lhFF4`0TP#)e?Yv5x3&*K_1+gyK3&R4=P*dy@bW-_+`i<Xj|;7tlq2JmLJ|%U
z8QdSCu=yZaXhAtQcsb8S)<F#bUDw7@C^e47<xlE)p+%|%vaptjjd*ENnHll<<jH&r
z{e<<S4AUT^z0@)b0=+F~Q>8kxVnAyU0la|wu_@_EjrCV$e&x8fLg|>wnKXkOq3+?K
z3T42990M<<iz-7u$x@E=fXh(|eu@SO@Q@0c2ux3J^3cc2%gU7dmP+*T#`epGoVBJt
zXsBHSN}Z)dImVV#ntbIHC!gG7SK_5mB`}{#<`??06_qBNk!K)60bvg941T6^V2d0|
z1ZMFw5gYQ`cs4S~uP}sE{N>cgTTV1_YJ?^PVzyLZnT;+aYnMDlsrH5lR$via!3->I
zCJDG$yAy;5h^Y*cKLa%d-_KllZ%SFT)9;AwQ>eBx?(wGdDAF_0)+~x<P67dvBAt!c
zMz$<ND&?3S#EXSe^d&xzP~dHwzs$y%#idZw#fvDx<I42wRVm+;1)5IrY#z85(|Hxq
zV>VG}RuJ>y5pv1}jYV0RiM0?)v%bS1hAxMBmad9P;@Qe8UOseIpJof~Y0Lhp8UsXi
z20h9!!$zs6$lIDeL0jwTeko=ttUK@=IkyPPs$@yHSu?|IdOP7JTF-EMQE39>@urMw
zq`TKp-pM3HKE!ss6w`TSEIyAar>Vk@j%@LLHG-pk14ezKTXzw)E~8TBrP_3_s~(|i
zJ-JxdTCkJD$a2L0L#;0tC%N@X9MD7)FN%_rjjGDHoGK%SJLo}nMVazj&3G4j(9S5s
zYq=kNC78!A!cty>c>x~4!WNS0=5Z(rLX}ZgW@(xoBJ%8=$ExBaYK%}ViwM=)%2MK)
zrSSswfk*}VpcLtabxDAAl>#igQVKA?lwcX$5EOe%RlGDRniBca|1Xki1{T5X3`^iq
zl31-oS(%bR3^NU)+ZZY3h_+2aNm+Qm-~ux^{FNa>Kw#E2QU+c_GSD9+(@GIsDh#7S
zi?4b_@B{4P>poZU)ixRNHSrWZR_0Nt9h1m0lb72YSI8MQ6j(@&<NgvXEJ3d%<Gfa7
z6tfJfY~mR5g1of2oV-l=C2@IqODy6#iLXT-BG1F77b9{Z39u*Tad^n!W}7;)2rrhD
z*Hn%_30)zkH^OK?#4Xexf7G3!_28>1yGKN=72|A!RO>S3t}?4Js?Vjsb<4_#&m~u@
ze@d`+lfCRUc;FUH=M|XIghqq*K5Sq<g|j4WD2jn1hYp6e%eJ<xWj28+FjrU-GanuZ
zVuqX@rmM)jT~wftEW=fb$|^_}z<bh4BbmR;X(9~8QFkrW-Gx!_N~7Lc>1bt{-%FSP
zuW!XYR6pkI+^Ez&{=Y`8rL>*n4{WZfxEWK3*CoU|Q|SE)f-4vYcp7vQnBPF6)4&e7
ze9$o-@eJZ<hQ;m33c(B1eG7HlLfz4fn2)m7Q{5rGAi+Bm#9mP#s!t?M)6=HtgZm8A
zZjnhNJxJr*6qlVU9Ombw_DRb4Kd@>8Rvo4PT+0Jw9STNs*dT9t3q3dZMaod72ptTv
zRl%9+t|78hgdPITEA<|Xhh<4HR2J7?{ygJgK&dNd>vgEJ9$|=o*0nIA8M_gw#Z_i)
z`~}I@hw?Hbmv*kOhV0YURS)xu^{}cJavG#5%)?mo3p^g6rON++rOVELzvF=i?(X!P
zmM`ViUpsc{(Djb0yN!EQM$QYGPV1Hf%QT~UHJw@XRCo$09EKb_6qPt5h-XW2kwuYw
zef;ctQb2ZLXtb3g*dRfidnT5ijTb5Qspq%cRL1f!3yNq_Gmk@8BH({8EQCGX1^Ul0
zl$0;TLSBeP0W55UMUACM_cx;XRy_`Hq{z=VbT{;S`M5}}k@*WK!tb~g#=)Q^t@Er^
znH)@~^`$0SjR&uRS-b#?tQ8}v6L%5XOLQT;o>YYjIDAJH8j+wv+hm2Vs6ec*M~JVP
zB1x>HV*qFqF+ZF5RF<5Grb8!+(V$i(g<sif?q`?{b>)i=0_#Jez_YJJTDc4qs5y(E
z#hweePvEI%;ROxw)KjGD*H~UuA*;h-cDlrdx>(MsGtNdPXGrO{V<yd9nNZ5rHS&Wh
zhF<W?@t!N|oGZVezoc7r7Ai8VTIHpr-ln{m7hs*c&|8W*Eo5z|;|*H8_N1iJjx6N2
zP(ElbPihc?m?bmK<W|PWAwO7``pQ?V=hm9Td*LCn|2<0Ug|N9w7|JdoyUVXTN_Gl$
zR{@O7lxpjDRiYRRU__=sKYUxImhTFAL9wmp0=nnMXEL)Kk_^z<FwOrOE6fa{7czrE
zY%D9zprM{yKB6l1dE!dt!n;(D&m#43A){OvlSxbG{Zh=;TFkf_S))qy2WY)gi8f)b
zLa6c9#+v--Pt?X0sW`*@PL=3|xjun~Fu#+~1^Y`7VYg4#YG5aUg)On@jM5fCC1484
z8lysd%=JmZd^!u5QwJ5~qtcMYcv4cml1bNVPZg=h|3USt$Fr$I_1a)oDQ1^qRtx!?
z$y+EeE7ami5RqT6XJb-BELD_USGBB&WSX2B5yUUcs$UcZtE{vdtbvM{iu*Wx>tkB(
zL!~g+h7ej(zujrbapXx!O_kO68mbLms{1`etMw!klYd*skS;<az4!xvGbpHu%86A}
zdQws|B;EUHB*~wA`uS4+RC`iVvtIF}q~=s<4WL66jgk~@m=*P#6(u~fqW~_He;}_?
z)eat1Go6aqF_TTA^L{}giGk})mK^G+AjJUx(6j>`DFUEtrPJHXx(<}JuGUlH-0H+B
zDkDv-!VIaHF%C1K!kXD-gXB(dtB_Z69NlVQ&eiBG#+*`NsBlW&I@FH*QY;9dQGz*K
z(SnpN1!Zzh?Biv`oZg||0L3EAHCappv!9yE{F@63&abAgx7xT<rDT0)QAv3LieIDo
zYPP9Hq!L%kG%RCLp8ng&48c%F`y?_?!NLa0n&e4I<s2T8xTecuB-h|)Y8ymr-Je+!
z#2i^dfnqa)x2E}{keSh6xI>K)!Rt__b)ZP*Sx@F!BtiD3Z}p_4X3KlO%#Pg0!vmFA
zz#EVRH#8iX;3FY4Q?|SkPt!EfQU`>utJs~uyfQt|{IK}}fkjQQu#p2t^Pg_<uL5`}
zPcqu?9}v#+@cleS*elZc|CoCd__(g}P<)O)ea9L}BWW}<vLs70XGZcCTX!Vc&gPL5
z#a0rH*V;}P6WU=c&De^i8D(Z9Sze?(H-)qhsKZkB@PJpAMxlf~=0R9m2$T|NC`&2O
zLZGw+C_8<$@c(_^Irq*TElF7ZzgPeK8_m6Qmvg@J?c15Q>~&!Ty-FwOIEgEM9oq{e
zumPGbGvnv{pRLY*Kp}!o54}n_nKVNBmvCT6@7beV1~qSADWi<&wKB-ytqq&g{pPgU
z%+ikW>VfXiN7rD}4lQLBHuyPFs40qSw{bA|Y^;c%FlOv9pYTC|Ea?DQzEg_7nXe6!
zq%TkACTyhdzD@e?whO!gRsvgP02}+zC$A=3nTJM8%`0C<uY3ucIkr=4Ia3PS4y@DG
z)9@i;j`R03I=5;m=aYBPlVOWW*_u$3gnEJP1N+f8j_v)}dK7mlY)&}{?UOnP>6N6Z
z(8D?vhIs=SnVZ=yqw>^l8AabLq7)JiDD(!~3@P+;Qe30L_8|=Ausx2x+p#@HY>YqU
z0PoTrf|uNtOJHZf5m<lUL;~x9yEKN9C<rH4imZ<}2_(s2R0zE{p|Wrn&Df%OT$5Na
z8)#A5jD)6yLT~ti2e1ilUqT-N_fCcF&|%>&@G9(24-F;J3vDXCeSh5I2m}GL5#F>Y
zG=KL?c+68K)JR|mel~4kJN$98;_oVHc=TU23FAhL+f3SL&Jamz8S&mlwOmNFyQJA3
zcJgkw&>yhh_CM~TxBaR~@pqL(AN)m=c1?<YjBB*<>pyW@B_-p|?G*P}h7qDy-a%T#
z!*`Ju@o|3Y!}L^?@V8BZb&bXt)`wa1V2DdnhaBsod06kb(u2*?GP(16^*c1lfo1%q
zH)yla;CAhG42oJAN3;KIhv1y?S~#Wc>00Pu38t_Ge%~T)-@{*%{EfwYJ|Ww%^&on;
zVf#t43xb-;BIx7nLsNNR4AMU^?%i{2Xx2T!<EYUQ-kKakx;eGtE~vL1#j||hWwwGz
zc-9Q&SOVUQ7301B_ZbEPT6KuAM0yl_vq52d7!|y>tc9R}&o}VCdc1Ldlyd{^FSa$E
zz<L$enMKd&nA6%e#Lx$R(q>Ov5v<=tEQ_F4P<jnxoG#dszzqqvH1^6p*sLMf9Hq}q
z3I_(zE3f9CJ0WUe7&;U-OW1Ge9Z3>eR;QV)LPOZGC;E2mhkDlL>r*=Qj9AA33_+*f
zzony$p(u9t@xE%lo$NGht2=<LVQh<G>-EHTf_j@3c+aAR2(J)HtcOo6C>$nb2i_%w
zj7P8q{<WwO;pIMMV*N74V(H1END_U%rqRMs8)xOVE9{U%oEX=ouv_YM)TqT@`=r1D
z3p?aa^g%GiBkF{mmvN86P7C*N2?T@%?tzoU@ee5U!<EH4VzYbo)FF_-&KPbFW9I-~
zn?OH|vAq7A=dyv`CW`>~oTT1qHG$hL+^Xo)D`9(*FY2{0O5=ogE+#N6g@xUhFdXfR
zj$(&Nmh7hAqbJY@nH)c<gG`!!vM&1)*sri2ZnZEWE%d?9JPQ479QC?ZVFzh9`v@LB
z2tG>p!U=`jN&CJB{iHhvd1sp&%_ewTc(Gc)#6EZ4PFSIz_|XQ1ZE$-MLkaZDUUPNq
z1Yh3!1#I1no!bcdXX=(P6rj^r?!Q!*x&*<cYf_2d&t1k46mqy7rmmn*?y0=H^Y^ef
zik*=J_U@-YXL9<=&g-xho|`LUC&Vx7->@J4_abq^&v@u}XwG5pgV-7Q8Fou}_u`{^
zb<5Zt#aJJ9^S(TgrU4J|YTb86TN=A93^ZeBZ+N*?6q4}1kidY1kKActs3%Oq2I0pc
zVve^G6691Fo8T>rmq~oYV93IaC$Jx;Sf%{FCnuGBne<`ZL(Fh{b;!|VrVyS=_+C+O
z|5&e<yUjN0qieKJ@g4M$#AbN1!NUGX9DRE(8`1HCvY=6Xw$Y+dw8XF(UbC3si@XxP
z;z{B*TDi}nKLPJqR64P(7XGko@A4hjdwjPTZ7C$-ON~h>;IHpggvp^k>>RRi8@x3{
zn$KGnlQ_unKOy0s!soF8v?)6yuoW7Tq&hX-gx(inQ-1<Ghp}mc`Si*&_U26u5@sy)
z4)WH~-Y{8>-mp9%ThP~!P1a@0WYc03%vlNE(^SY#CE;ftBK{VB;WXLNL1MC#!~)vr
z+nvgMZMhXy7qK=ORM@f|QRfpoS;Z}qj^efgBPX%xIASk)4<W*=lCicnW~WUY#O+0I
zFV<Vwco6HmQ9O@cGHt!>flqA5dT6v#h)_<%<5*8@&ugN5Lh{C%F6Yc2XqnLE#9IV>
z?jrI3Hpg*lVcjq`E3DtZne%2Ra0zd!5vVpGZp8KQ4;ShEZ>mw)GKv_-mfg4>zI>7Q
zpw;hvVGU_GtpZzQn}LJYdYruW78yZ|?!cz2%<QlW>-m%55RuWgHrcewtV@X{tcTBB
zWUZJz88k8hZHoBLM=x4sc({gse9)*_+ASDNB9hv}5rBk*&(LUf(S+F&vssrV5b&Bc
zEQnTwg!k77xt@m|#g;7MepJ`cgaX(i{fN<F_sY#F8u`<#90_CaK1!=Lm!PjzYxYCo
z660r#822kn@rv>GV!U@8i|^Oe3g#GCPv%G1@ylo_+%kyuUD(n~pNxvwQe+(5z5)|1
zv%_%X9<o3LeB^ur8{q@BF85gi8%bCnVXX=!c$1{Q&k3v}b+t{QKgC81!82fC9RYJt
zUZ!*JI?rqdK2=Mr^se&?z4RU4b>3p&^kV(BC?2wCey^`3aJ-Y=as|Ee6gEjeHV!#y
z<c-}LT=aWg?$Ya6b(Zk`k_rUT3vX=X!8IqOiZXsYa9*I;Oco-%rPeBAJ(S8Uotk*8
zy$YKWyr~&V*eI|U?ohN;-UK%GV;k_^#Ak>reWjG*=M($=N{KyOfi4UkT*W&iX_`;0
zBm8?)?Pb_*!EqMFJ(f&iJ-nB}5s#aI61=@Oxh7EimoT`5Z59SE5q4a@unKmxs)U5o
zE0E)EuY(-z7=UxCTEY8m^t+ZDv7U_U!KcD0QUPgDg_K*v>t9{NBV$)zutmE|Zp5qL
z4T3e6uP$iQ&nM4nHGs21$y5*TA~FAvu&|BL#b>P7W(n_EAW<ul#LWD9XWSOe{6j35
zJ}nZqF9s!i(xc>udb_acTEwu7wGn!pMC_HlvgtWdPN>!b^Zs&`z_hS&Bi3(4@eX1z
zUuz)Be$z!;N&JTzqa?nP^lkW;hGk0PYs$hRP3GtI)}^}gC2V~O3&{n>mB+>Xm5utM
z_D1Mlsl7?fQg6%INxD!AWG(%z8M4at&8^_|B#jB$%bGw7fpiG3k^+MS%eYpIE&jSu
z3fxNi^-jXZFI-IFcK8or>uJ8#^)#RSlFmF)yl5x2%GPYLkTptRNc(SSrC|MKz590?
z+@(m9+r<_pN@!2uE;vmJ&KT=^o!7x+-4a76Bwym_jx=hRQ(Eh5{VMjtJgxI)4VP`#
zq-eZH%~9@tYz39V5FAe6c9^}wAW0a-xMZzR``Y343por~*iLW&Uoyz`1R**a#5TEr
zo1cSmMGOAsMZpXuB;lnsigd*`$X>!uxayKo6+=+wX*6H5bwr=M13P6iw#;E09O74e
zXyH=j6>-j*-pF6&CwA*_mG2S{CE*OEL&8@*{Nj72L@XS`&Ug~r;RUU<I`{BZL0aed
zC(sM;6PKMlB~w<`1TR|1Y2U-AYRIDa^2H?fLwacleS73Rtf#&@ue4ikyZ)orP*=Mp
zyePox>XVZ$b@k7K3cKOE3yK!{$pwKOCus3sRHIWh{AE(*TKhOQ*eK!uEOO0|FA>G2
zjp*AzQ~cI~#n9+exOD^eS!{{4OURRX_DzqHO1^)$jGndafIu62%R;grqXJ{Ri)n|v
zT5s)`!?2}Im|@P6?<aPCPGMvd4zlws%KQ7VOO}XZk0J~R$(>vyKtoX29>ES7=jw+(
z9XY#%gR;-uO20`}XYu~PY}iE=ZY1NYLqgKB&(MgRuTWn7y!(<<u1l_Roxj?KP88eW
z|12up3Xge|4JZ0(t8?U+5F~?blC%lsdPvZDNEEk*T|j<lQDBrG*dd|7L!kEzD~!S(
zK3T6%Mll+u!(siTc9^4)c-^o5vWMRN=Zi|hcD2f6Ho{dFoV6_U!y6a5#PyP>OPXc6
zjDDCB4`2uES|Y0ZpEKezBHZV-umheDOBOc420_T&DdA`mhhz|UMxxlg-C3-iT#Hx*
z6*64kw;+bF6aG>pu_J-u9yZ8B623oaXiAYW{VTtKUwN*?EeZDsLA0eXbQ#-JG|RiL
zw&^-Uzl@%c@E;4gK9T^RT@W;!zZVwnv&R$0oiX}cF{<`ui{%<*J={0r)*0YWy)>qN
zYd5yR2Ze>(73m1uwHos;9)a88m5aPQd4)szL6zx`Xn5}=Y^IY0@y8bg&-#}lvC>D<
zDX+n9GWoxC(bDD@uX{+sOY#om@xed&i6rAopTM?{v2h;7MtE4zP#;}j{J&RRp}W56
zfR^8Vxs~R0sV0ej_~peV{?0zFho*Cmx>E<QSR|9>+a4w1#fui(EkeS#J%WEz3HYvu
zbf1lO0F*#$zdBD#7h47_RPIV(i-hmjD#U(lxtl%}{ONhi=t^I&)qb!*n+EU-_4p78
zefT#IM_`HX>0;;leyt%P${V!;-M@MyQb!@1?VX|b=`p5wz5ZxXpjQZ;3SQ4uPfddU
zNhK}U2eEC=JK**p@C{*M>xP8!r3c!uRW@N=FM0<|iEo1pS3>G>S(lRVg9Widvu1va
zy^{0tI)qfjGrzN-ur(Y*gqH~=qr?$!6^wpx<s4}<A45Kk0zP_9SQa+I=P_vqDoHcH
zzl`<M=uHqEyl9aOqMv%mcsrXQX-Sw0FXq$Ft6|qcW0)7}=L^CHQ~f^l$`dSw-aDgQ
z;qLDKrwPn@C48)2NCm(2h@^zSSP=Y_7tU78GI~l39`Pz{RTzK|&ngV{B<%Wt5SO)a
za4LYEGPGI%$}8dCdI9@L>#l>Bii8o1>$RVI^_9RTS$9HD8NG3~sp_RD6UsW+>jc(c
zFr!Ijh|Qc&HE3se-Ti!Nohugawdk$}xlg}|v!g#j-^19{Z@+B_QNBYzVQJ+P<b4dL
zmy}n6>8XMJZw;LG$<p>?7a5!gS89}u#yRAZRTjqJYZuvt=Y`kTu&MXWi$qgzsj;xm
z(9kA&*neCU3VrbWnjC}ME8*uC1^VFLnuKvNcqRPsqL6La+C}y?eaagVp;_59=#3l5
zdu0S0{0{Kr*rY-4?L(A@h}yiga&sw@$5UsN`=qvI`w8(sdhThwWFsywnT4(J227wo
z5yobj&`xTFehXWYq~&}<`<27!i=+Pmnu<SR$8IGt!+hQSSpO#u=Ko~I(%9a^j$JZ2
zd$2QVp%3n^*S4;uo9F0!c>7Uxb_U?1=R_HO@MdK4`iaNFdig=bn`JL8x`lPR1;UpW
zgltn7gKQGLWI?o6zFk{^vV`kM9DPJQirxfoD-LfhJ0id<;e++;!+XS_Z8U`lKdBc)
z`7d4+9NLG!JGX}OuL<6bNnW1#`>-CqD3ZiLh<>pib|xQ1gnmKq|FK7qn0UdWu+R&y
zS=3e1|8+5Giwg;Vb1sP(bfs;<Lr6>g*g0!?@>ZwG5oQO>>ruEZ=|L3mhwB_mn$X4D
zg@Fx@G0nVy)1U2p&}U*m|N5>O8j4xxUK8OW^Lu9)y)oQ*JAYoUcXHSHQ<V+g2}bDz
zHc0ri$6CQ2I8yRtQM1TbU$mTvJWY;c^o9+zz{~1LUH;CTvUAqf&M^}3#ySoj{taOw
zJhGs8TXTdD+o6*O=jib9I^{BnADR;htcQEoS-ekwJ@hL(iszMk%&d0Gpj7{-dWs6S
zDE`z<4`|hWF}(JA^vOLk>B@)eM}$Wf6IlOt^d<(e33gk?h4lPs?Lzva7RHNz^$^%z
zzDT2(BChq$MfRY;r#za?c;PT{vEmZEpQGFGm4yTow@+S8Bb2cIe)NL(3Zne>({UQh
zcz_OJlab<P=lo%XEs2U;c+}zAt+0Ux_~gPRTG(HBl)bP!6Bs9!utmFEwy+<`M~34{
zlgqn9gSU*{C^q%cTL-z;c72kg*3DuC1EYtK0e=cxr5{^{h?lj(yB43G<uUg8<PZ;|
z9v)u2!kmiG?&pPPDBmS9roU|wb*W35eZJg@95(UaZ)>l~{kTi_2$9g7z+G?`-FK(T
zp%31%m|Mwt6E4pCT=c<RIc$Q@d#uZh8V@g~R`6Kj)~you)UlJIY1b3bknBMpyk^nD
zPUy3+XCroQz;;Dnd~%S%(xQ!fHWm{6mGFL(g}wnvm<}Cmk9*<$i)7Gz+;izs`0+x`
z7B*}gWG52YMpwOSQMoa)9=2P=a1dU$$QZeeb@bOxJG{6FUf9CVs^@k(FqVYpEWzJ+
ztoOmI7n9foAMsf3S9#f@Y=pn^5E*z$F3-71Z9s>b?6Cfj#-{tRE{08Er}K&N*Akj>
zo0nm!Qt}PjwWj@Q@0eS~uQr0>Cafo;T--}M<Q!r3gW3f0!gtpt;oXZ#Y=a+otR!|s
z(FYGN(xm1Su$koJa}&-%6Flx=5%EAF#kBKXkwgJ6Sx^{<CxpU5c<TaL7bS&F@IThk
zY(F?pIP*3^m(0=W*P=oJzdFn5m2K#44;u6Vl|TVa+|kQ~On8uWbk`f|6mExYyimVq
zRUDx@k#4Jnn+U3{NfQESmR<U<!mBLY6vvy{gI0G!yFM-SC)n%sR|K(y!XOj`3c?`x
zSRG;M5qnTx%Vv!}rh~tpOWKwZ@elz&t<k}sIw?|c&qW&d7Bl`~UX2jE2Z-~1@`BQ4
zi{?BruJuA6cY)Ba3B-qp6?o+zqJVz}p$!rN|FYnE#Y=?SJWFCDeC)iyL3pmhHu!0s
zg`q?k12Vy0lz_sJg~23Q)Su9<oiO_27<zyM`w8P~Bz__-d8cMEGR~oPg0!+Bt<4)7
z-c8_BIxl#uBFKB0FLEm2CZglePW1hWe75~`hBukJqm}o?WnC-!VRi|(Le64N=!M4n
zwcDCFxew~C_a40EAZ~@{Tt*-CmJ<^Gcuut0mA^jO!})z7E*=xQY_cB{ehkV0cEs^!
zPfe}3m6I{a9@A;>emhkL8jZHyEjg{mPGhDwf3Ysb?&F8&NSyvTuvy!N^|B3vU5*Yx
zjFA9QPk>Mx5x1bX2kR9~Yx3;Go);kYqT(Qy>}?CtZG?84#1+Qm$1ezjDm$O%?~Y}E
zpYHeSzr7a5q1Qt10v-Zy0{h~)o!1Uc{$T+A^P+O4)(42y1#EpJgrPnR!fu6~aI=#_
zC?tHuBd`-b$o$h*SoR2l$cG_C`tpx!#TBfF*PItQ*rdV!o(pu<UxI_uETlKc0CuzF
zB(qPz(xMCHKV9vSK-nYP(7OjQjP)`4RMQ0Cpjnl&32O?t_X2}^bBg$R3-~Qkfi^?j
z!d^}~<<?E`M6Fq0J(xkeTbqwf^AP;Yyt0&I&tj)+!@yOnxUQ+V5i|Nxok+m@&I)8U
z`sljLj8cDgRuGjXuo2$2C~z};&%<E(S#3_sT#ofMs5Up3QBskbYa+i<Y#Fr!;{gsI
zJLg$LmOGN@gAbe&6=w3CUyGTLE$SgY{;^sI^97lgzsXn<@I#M4?*WoZO<edLk<qrG
zY{8~3#2aZHIo|#{DU^gao}+bpbFCR}Wn4dE^AVolalL-c-@oXwZ1BEik<VPmCoF7)
zTLkvPi-Z#>ri*^CKx^=0k45HyMu%6UnY6dfg$bkr{KdRr>+Bz;sI1jy_d@j$Ytq2!
zqt70W_UlhIQWe7QTLG#Bu7{7GV>O*|lNRoiXj03rH4({xtw0T<PkxeHgN022Zj)8F
z3C^iMfOBf6`FjM;(TF!yDp58Qdi5#{!*eV);B-a{MAY*2TRFfT=)DIK<`r9E?PfW9
zc_H<u91Pk#Znt=pXziWzf<U{OdCheeHfT&b2=xlD>c?0gw)XQ}%_2Rrz!{!DkQOWM
z9ARVNf9|YEVk`V#Aue%rqm|Y1_aW(z>M~tuZAN6@$2ki(6W2>&J@~8~>=wkSKgfQv
z!%G;12j>YFAD1LVxcs~Y{&k+cr)Vu<3*3EPpzjJ7%fbiHT7tbI2}2@@o8jLzo^4vP
z2mIs$!|xTs$uqWbizv-2;ZFpi>;tlrBf^wK$_;$7R$$#Ax68nm9#rt2^GV}O{g82{
z2HPC>lA}CBEMY6?Ub&HRqETTufkPH1EZo7MX)w}#34L;-)|P`7qp~)yqTFi1XYB9w
zI_$UJhI!oBT4B=K{A@-AXbn5ug`4P;FQ&D5qUd&B{B5JKWwg7jKcHJq$}jBZ#ML{|
zd$SzW(<t*anrvdz*39cltHjKnx{l<PTmZwNRd{iUR_}X_#(n1Fu#o{sJwzFdhb#$q
zJ@GKKT!Fim`k;mIcAUK>xEa1x=7rt5w0vE^&W@C?HnOX*UbBrT1LgN*8)<r9Id?^K
zyVs#&njq!;%jbw`!0U*h2l*mPGrs%cY;?Q?+3Kk8U!sw{wk%esetKyFH^YPH1Yz>?
z8L1zaTrP7dNiyY)BZQ|PCiV}{vJ4)3C0y@t#$RZ}yjwVD?p_qw0PoaIEWdT}hpt`{
z(ZM?j0LreSujm}Q4r2owDUB9x=*Pw|VRIuff>T<gM|7{%I?f`QCPD~ty6;sS9&a4r
z1Tn9KyDTS>z|<gAmx!LI9M+&mhzG+S4|sm%`EOAyI-Mz&e#=@>cV+0xy3wbr6}|iI
zrdITkdR<ty-!uejA7nx&LfN^)bnVD-e8DFK-YWah7scyk1bu=#X!<mv6T@fDhynN|
zCx2~oic8`cguA`U{G#1g!lnOc7t~9<LMa_InpQ;mLtG+GJfMx6h@y%15hGls;P?jZ
z4BoV?8vr-DFdYF%ojPvX#l%^akH=lj5ZE>s68>|6JC|{zyFMDeVE2grUJp&A)E3zm
zv&-A>61WZ;E$oCDi?3jF+E>-Fl8**-r&{etiYbi1Q8IQ1EKYZXj4+&bqt5WX0Ylrl
zWF*RGhs>|NxXHA-ZPuLD8<D4^AN@n_jQgmQao-@}Svr;HTBTi(x}|87gmw#kfdID3
z5boN}WgpD&E;$WNOqUXHs;g>L%1RiT^9s9NX^e?+yL`alg{~vqVA(CUtfy|Vg^i@f
zM@(;ET}@O2ON#`dnS^Cl@M_&cg^VLU-eMXlMlm8`PH{R%m(n$xa|#2yu``B3Uc)Ru
zh<<pWj?B6Me0I*_C~Fk`@E}{*(4!ott&H&GnxCl7sB>~Rd~ye?3O<vsLrkqsmr2xx
zc?81=PFtH3DO#bg)rmtg!7!|aKS*$GMs1WU8+3UC{}R#Xx#+%DvM>$`9H#fgadU*<
zCg9<-NyLEez3V%Q0?sOh>vr;BecC3C8cwTy*PYzPPb$1x21z<MC$x7-_H&<V3!9=C
z95o%1{B*<`UyrGV8*(JEPGQng_5%wH+EAQ{LXK$YYJvF?4ySU%O9`EV8=Z04TaCa$
z)3LficZlJr`c|f68RtGZ4e~m~9nng0FgunMqjo56ntS*RZnqfR_Q^0d`<bKoqO_>Z
zVH<tsO)nZhA8paC3}{W-g~J3|I1_m$5|0e^MI$mkB>mXJnQD`2SslxI-I0W;L6-x<
zb%xaT=pUus94N}40X@i_`lKm5;o`h*W?0U*9{#4E+~<Boh&vEff5>L%z6tu+#!t|%
zI%tYoW>tz!#GI%!!HTU~mUF<2l*b=2C*uaXd-QRb55CBsE&8W^UB$z-aFu|PRObDs
zxXoFu<rMh@O`u6gcr~}v*8l9*H9qhrQIOu~18<_T?F5=pYZbP^!iZEDR2Z@NQ;~W~
zGmFR;u0@s*(B&zuaC;Iv;p-k<O(hL8lu}^Su8O<bPHGHTj6SV$SJmGxeIZxT$zA%;
z^|K$EEQ?)5weZRdx=B#&Et-zudtm7k@Zt*zeNhkBxz<MYQMWnbB4xV<>YT3Ut!<-^
zz$za$7&WtiZ<CGQ9<TJv!^Vh05m(Akz+(%B1lq|=eY?=rY!dEJ9nKtxZ0}i2V2=!<
zuOHhY*b_ltj7X_1Of=QrO+r2(1K2i7j3|ITvKd1?8jV)cqqY{>$<k|uV`M4qP`Yf@
zu#u>78tx3RDcK>Tcq5&N;O0HpAtUG~f|mo>A;fN0F6fdzDTX5UH_qaT5X<Y3`<Z!k
z$X;p5_<rt(-67*~Y0;qRJt5<l6}swN3f!t06CXw@jarC%|Go;u(F;*sv9y&_aeNZq
zyJ%q>K`2U$PXi`c4VY*E+hhxdVrv7Y&3HFqEP<WyPab~bbrx3|`{j_y@9gDQ`(;!H
zFuEK4QEczQXcu8USy}D!_2}=G2W2z1_ax{Ew}?Q1U6`E&yZ!u_jyP9@*XUh!#3~>B
zOD#8bsAUAyw86z78bzZTZ~dHw$EDQmJ21*=dpbk%&aOMVdb@hN2D^H@WUp-MmHWvC
zXC`}@Q^^E+qu4Tl9bLFyr^DP6J`nET9>bO>dbw?0EF6<@&30R%q#_X#pRW-X_UL5O
zs8n!RL>N)e3N{ja8aHG7$-Y1h-=MCR_d~x*V(0bP-i!XQ+#_31K+M8+c&<XhIw5Z4
z2uldgYPDgM);mB`?1*D$nCBWcYtT7LlO-$^dTIS;X@h2ITOp~G>Za%X%A>>D{uo9g
z^pwtxtf58piekHr(U9QxEY5T3fv;b%FffXt0eB54c;bT6Ne5LnD>H^RSAo(iL0~sb
zD;dCT5sZX!TMWAiP&9;Vg$&v+4`b5qEFaR^i88+us>FDvuF-YMq6=p2{dB|S#RPWB
z;E)ZQ?l^txqS-R;+tBHh&DhbiI)J)1U@K&}91!jkikpw?;jJ7)y9}Z~j9cNLMYOjy
z%8t}WYMeHSIrR71N|~QS|Axai84gdBC-rF~s380lN863m>(_O<2hCx#=Ai@FK7;}`
zn{H_-Yq_T7l2HB285}nz48R|qQ+Pf60xb-|^UhfZFtCl5xE+3mWJ~<XIrflu#<3lK
zj=bQP&MDW53%G0=`NEwx6D4+9rJrkH>z<PUUUM4Cw#syavl`|KODj}-mV~f#qdCK?
zby`V_3kV}jqaC&ywtR(&zbYP3Bga#{S`MSUS{r*YY~a3r*iT>Bnu~MKJ;vKVjKm|+
z$WSC2kx|mXM8C4twxgEmp~bxtA!enF>XFtnuGQ;a8!@^@)X_Cq6^Wz>R_&Gy;0CQm
z2jz3n*EP{S(B0F0L$~aa%{>J1yLnd--N?fKoC<!a-yXl*`c~|zkW9BlgFDv7v3k~4
znq>%m+l)#SlJNL>!CWJLnxyT6wPb{U=Dc#V5p03C)iP>*>U=e7z0Ix|uYucaSbKTb
z8s^?HZ0WCXZ+ofY5#_8E)ay*9=dv1Q5yKDl@h7vGP?#VYkbVpOHufwxQ0?x#JCruD
z`d3G7KH9bhKCiFB=LzSubH=>elzoeo!KfB(7bw#eq@Dg~Ex$Hw6s?#(%Z!X|Gp~gk
zr0!k=9|vJ<%-{+mOa^s0K8B6*AYwNL;T;!pi12ApEWqiQHT6$`(w@|)!u1iS>Pkp>
z-bMBQ95FX)#C-NsB4%(UVt(tK8!=yngqYtrw;VBFt$E(pmhrq-ql1{oU5FX^wGlJ@
z+au;cR5$M!`2QU-CmqD}|5}I%=ae#H!9mS`sQI-}^K};qHUGKBM$Ok<WYqk}nzc~#
z@}l+sR4Dgrv^<>nwPf;jER(-?R^fH<;&mjGzkk*xlV7xsWb%*BR%G&@u4DZC&e>}G
zeET}#bSF15Ij~$N>!of?EEmQ-zmYIbTfdnwZv72}v73-8(s<M+L?7>i#(f+ja!C3W
zhW4-Np)pk&F*Z(2!A6?~kVg8GNgL^}ve;|(A&+Hn&V_OegNGM|wAl71gGs<1VWYS8
zROl^VPv#PLm1uK0hmx#ZUOAg|hc9k?o}CH5(baW`w_%HNH|UxOyZr=g5{N;WNMQ>c
z<7^-X%s+6%`OCQK$c!5%ie9<j@yJ-%3V*?cem!KoB~idj&srFSC)a6M|HlQL5ZIdF
z61Jcetk?YOc|ydW)UNTSI+LNt25|f-n4c?yc`bfNtpA|%;(z3z`!|FMIIev42Faa+
zH}Gd&3^#;zI;9yD%<~3$K4trW?Izc2w-nz=WNV}9C%Il!rxJ&;F~&f;dw~Y^C=Y6t
zA?=hQtlP$=oE_ZF>1UX-a6SC-IUU~@@Po>d*>}>L+g3%U7I?N^?$4g(!psB;I6`aI
zPiMPPdqi(R0e|ONV?=iHUPy9OPRN_>n2DKab)2N1Lt;Pm2!8Epn(V*IHJ08R!1dh4
z`4kH1bWbbpWYAQ6p!$j5KFcjs)_7#QJzQyVQ#H+lmLrefZgbVI#XzgY`0`&B7`<wd
zfb=cTawxrcjrUe6>>Ih6y!@taQt6ZMPxCb3pW;)XKT6`h0jb!1@bB}^Fy6|;_(Ih%
zU@l4DZa@L=;GaLuKNI&gcfFra|8@0UjY<34IilSE`MV{@0U4yX<#B_w6#UR*vW(z=
zajDkU<p{fmZ2uC=_BT7S{Yw{FH)<y=VJZJ2m%Ap89buza{YZzLU|c2PEf+)*eug3m
zpIZ<~c%cwUxI`cSM2FuzFOu+FktD{)4xsNW2xqFJ^xXAv^uc>cH-JYMEQ^kL-tj;H
z1w15H5FZchP3MFRU~3;er!}H%I3*;!r&j!$xCr-(goR!3Zx{96Fz+VA$=RfF5V31E
z{Os-hVRlPxkMTw)jr|In;2kKE32cQ|Eb7U<wI;cmfFjm-QQ!v2nJ4!yiewW0Q;1{&
z?xjx?HhcbAQ5~z!Rv+fLyYUMLJs$A<_`gTMIy*H{F8}}9-FUSq^>e>yqSSxdAS!#-
zgr0+<OJS(jY}E-~p?iSD&?k3c9q+Ja_k2v4CVJW}3g4ei!F^tq`rn=9W+Xug_j&0D
z<%%%tko2p(!rs|YXM|QdOmY;fMZ&oh_ua=WW^1-a8AKI!ZJz0Kdd}`pig(bQQ92PQ
z2tS=oJmbMgc%#?7PfF_<RY{aUd6;vbNY&b9cY5x}gzmxRWzRCxLNJbg3wQHux^dKm
zG?uk@mf*K=qfXwjb6jy_H}7TVlTg&X_BJW=x*+z&(BF;0LEO~sxMBOk98KoTM$yTX
ze2Ubf$7Y3|D2Mffeaq(A0!v;3eFuZ;TQvzg;F(11*F02JHh0nbBX?5da4H_64`p{K
zuI<7Gc>`CUnXBna_IP{g_r`?XXOn+uO43J)KJM2#-<E6jwxZfNtAlyEj9aHRl<9*G
z8<L3fF9X<N_J?(%mrd?%`FN52xs|gqJAUf-HOOA{%bTzbd`X?<GNrcx@$W$22J~}j
zzJG_qEq1U+%VbWq+Mv(?aG((6#!KadWR@4URvD`9EqSMvcn09n-31>&pS;m{#D$wK
zI`?Q}r_Q%3sJs&HTH<|u>~^er^)BHSOFJ5Dz};a0$E`ZnbF6~!wsy!JFCSuUo($li
zj;6Ocxe60HsOmR1d7H6Dg4#%_T&FdAkZ|s@xuheGeyOlc25@V{DKZc0n*;+%4D#o;
zgoRsRLRbmxgdiu6yk&8z!l~McQzfyTIh7QvtoRC4X2w!0=MV?cBBG69hfWr@q)1d4
ziv|;Fl&oHC`XhJ$252vqDj5INC{Gu^g$p~LIPbKw-VjF-QCJsc<njh9eN=k%cE6Rq
zZ(2xE@>>ddS0u<0Y7U?md?sL>!ysv0f?KS%XwK2$?6TWrH)ZLulL3W<7pzN=)YUB%
zh3;b2?b<d#w;9$I3Ec5DhT-e!vwb`36xi-$K%nf!E*T^(2xUy~wXAoLIHGxFKyL{n
z13D_Ku~EpVz0U-{&{X9(U58D7%XzcXyNDXwECZ(`Z#TU|C9oR~^J+S4R;Sm@^c4*z
zj7wnNMDlmZ8+Df+6Q}m;0fzLS^==kVL-Lz+O+BPW9#WHK!q!FS&Ff5uV;=!Lpj%7y
zVH30}Y==C%U0ReGdxFN!2?=mq4^u)gS!t6D?FkG*hSaEt(%(=*w{lP<VY~~o32cNW
zMyt16aL}rbTS%ka!|SkFFJ`w*KK<25p0FE!H(2O<0Jqs0h*#TOZ@}hyhJKhox1_K^
z-hoYW$W4P;HwkId#|BxF=4cykO_*J$x5A7*S;vEa$&9nxZv6?S32)TSRnxs-4?5nF
zI<sdDv*R}ObumjIO}w#(C|?ZPz3A~8gILT!YIU3P+D$rnz@1T~v)yL2t0t*uWXgV>
zieDk&S!#{MKZUzCn#{kXlleEQGyit4mHCGPUd9y|%r}D(mhO=iD%CGMLOC0|{LYg6
zoGpJi!LR-468zpQ9OP=+k0OF~oV)yOk7cY6SWgV+>lc>Irx9KaguqW+Sg9+%8jP-(
zw;O8hbMrsWOpjrEnE8)x^$gEjRKyrn3O8@Tu->Hpa3E-VEcG(Im=v>+=0W|qiJLI9
zA=^d9k5+&`$Uc=1&(rt^^lh)@+gM!;nJN=0D*ECMTa${Tfcxhv6YV1cf2fA0`PfBk
z?P<Od2}B>5TLz+bcq`xg`4#v2CA_&t=*6kpRoPBD+#<8+7uX^L*uEi2)B3W9)5254
zu-dr>`0vqjye0x(x$Nz%;C#DI_sJqj*&sMq&um#|+XG|^2)J*>&0Y!LuM^ntZVX8{
z!w>7WG@N`A9+@{e>N)hwZuH6)jKt6{N!9j0L%3^jzj4Kzeej(+f!;xFA@rhvKUogg
z;O=U8@|a!-!lZ^eyIV4b!GnudfYB)E+Wjt~6_}Wl|2f*vS^ri*-(2RU7_#&Ehqc;M
zuIz1RIraM?c_X&T7#Y@c7?jP})`LB8PGQ?7_o<MCIm=I0O}*gl!g!m)HpYh27?dqa
z+amA>1{X&AY4n{o2|>Wp^!Ozp1b^UyuzzS!nxuNL{W>P8Ze#T83|ZKx+;cLc-@FmM
zGHfo5*-rZ{iAsH7%zc+#+Gy$^{2cw~gPh^W_LBs>7&&KH6W0JU)cRf&SMlcp)(>Kx
zA_gFO6*ocUIzrP>`(3q4cRf+EpHQ|*4ygnw?bSNml9f!|&u4Kkz=kF(hDMEt51%KU
z4IZwwk}6lWl1tbEkDM1Mwn+HaMS^3i*(D}Ah@y+JDJnxcdGs9V-i&bq?q>%o_K^YD
zp*eCNPisra%<mxo-B`8ZqK>n~da$t@uZlV+wniOLbFSV_{@MZ!RuU2J)ulU)#7eki
zFKD{3C`5Qd2=0{19`LPXj-PXxj%uZJ3Bo_4K(UcYqd?DWcRkYOf^z{CQO@uq8abIL
zXfZrErJEl!Lyx&``C}?&h5W>B3w?16!_I_0JAgi^H*Gkm8D3)#ws-5Ic(K;aSFO1D
zSyeapaepbD>KnkmZuIq-^0P0TeHyu|&<CG0X<140&`q47N37?sJo=a8%YN}n_^Do#
zX4!&uF&ciC&XVTxkQ=y$erptC5&ES0DEo~P-nQVHX>7&Uq_$+>kGU3F7sC+1FOVR9
z9SZD*Z=5SD42Eej{tPu!4OUhmj16+5AwvaWGGZgx0Cy(POM<kC<5L{GNa)}NG$ajk
z=;6O@ww0$%JGx}nF{LfbN>~`|iJ*$mgMI9zY=Aph2%F{}KGO^`L~Jl^vxzoK(XE6|
z3ET+ZoM#5srR5ekKAN-~4(v7L8&nQ$RJP7Q3G)dqtae2*x5RZt7WWBh#=0I_jKDSv
zo8W;39h~`?5a<n<=Wj9(y}gP~oxM*OGJhm>-9ZPL+UFE@Y;vH~s!TaHe<l)i{eJc)
zsfh9Q2wjZklfxD8k%8B0m6w>1KXi_%yp5Y|eP$i02X8;iirB~3Rjn)DiuEzQy1Gja
z)|K7ZQ*U8Mo!O3Hi1YDmDesj~wj!utgT>1QGfCb)$F7&4OZzNtLh6@?D@&E&eZ<}K
zX@KWe);P&)+@UdkyH5RZD&Sia8Yuc9D}dsIl9JGH$=OA-3MwtEIt8I%S=b6M)sm>;
zl94%4N9M$cLf>2?xM_y#N2NPV@?N;85-hL$?Ujkq<7VwUpk6umv{@-^g%4j8m#t(9
z%1iVI+hA_#^Yo<^LQ4rcex!ykz*d;%OP1&{AHAqmt2SEi;AVQwE+}2Wkcx9O))ABh
zf!{~JPL}!VIpPGc#0&p9z3~5AFZ}Oj-BE#G)4x}4cZkz6O-NnZORJUCq*)<qY=FCj
zw3s(PG%Gj?zP_87==unTDmttY3?bP}{MZMd_9}UgYiZY_jIguj9LcnA@ZHW`(|HZ%
z41j$S9@b$pg>~>`t-@~jv-1qDFVrf#%7VL#6Dfyv7eTiJ$-)LXhe|>yfvtVm0Fw!A
zzd4xzzO{Lx1EWMjt-|@9E42Txm;Hx*x=lB>!fBe=^IeQ{b!w;v1WfBLwW0X_m56f~
z{TrCl^feWZG_Zmr`6bLHs;HUyF1FqXO>W@25xkX9`Bs-wH)kzFYM8&0!&dN?lPU0~
zaxhoUkwOU1JI{#xWtL8FK6lv&r^nHa%Z_Z4+yzBp82;U(rRggdh3&d(ve0)wefHds
z{<yBPg<p9RE{x*YM9mUl1N_&5K!oRugdq?MTQ^`2+`X8>>nz+9#U6#5<LHwI$oL5G
z_C3t{+OSKu5%vXL{F#JZ2sYfWTk~7kX@N>&D2hP{DeQzh6^7)H?v1lvm^RS;rvERQ
zJ>X5P0(c+%uSG6@3RsmVqYtK%baMCQs*@vpvLRV@a)wXtsJ{ImpWIe`<!yYj$9-ih
z+>uP-CYTTejZF+yUkc;09hJha7<R}m^aldG_wss$TV)uz^Wr8b2)zU;*AnD%DQtqf
z7niUf>JtfUg{B<thFL=4tAmwZCG?(WV<_YrNf18mNn$6wW6=g=5XJ;HjpC;LxEp*q
z?ApT4HAM@wTQ(6gZ`1?xg)tth43Ee+fo<@<MUg9GE4-#gBnWZC2L2Yd!GjkCY5cA5
z5syfwpfQz$ayeIqBf?5z8_X;vv2~Ay_3-{0k-!#s*DTTQed`kR^Iw?XzM+46!7LHO
zpRP-!;IBO*ML_;Xk8sT`B#%~(=<(Ny&*xH0@R<c3#BS0kmrswL@==df^%OXgtUhj8
zc6@f(aX%fyK7s9!u($-Iix{DWk^LBs@HQ_YvNU_8z|9J`Nrhn<OJOLC;TZ0a*W)(3
zRd5u;GJxA7W?L2Aq*!6t;`yEw?g_TSH6oEK!;6GqR??EnmC+CXenDKpR=68Pt_+{0
z1%UFB#cjm`OI7<VHF7ni*}AbzO4jLeGL=eU2;R-fb#d0b*DKxi`VLzu^~pg88$%M#
z=?<}US%lzm$OWDD_h9FJxITyN5pI#cK7s8KTp#C4gYd+HBI@{|N2HRe9C!&gUbQH4
zOV~#C9xYoFeEp)pUGPIsQa99%SF>ee0yoGc1~;-`Z-tlZ`#L2&w!l4ccmbBLh;B8$
zL8I<BJOm~065j`3TM$rA(f^hdoaWEQ6a-UnAaxwJ)2Wn7fD*^yIjI!-;r>NI<9(-~
zar-6wFWnE=3{j@I@9xJJ#HwTPLr^Ti%NGPT!Hi`kupa(zjmTjbzCvnqJ^aGMM}NGi
zQGUG}<NfzogxyK3hZog|9Bd&9@#QQG!x!mpKRhhN67NPx)L2j{_|QdRp&uR;0z0>-
z;Lij>KE>_0pGQCW;Ex59^*?z8vrWeE8<fFtA>omkl<`s~urAImpOo#j>t}dxh+=od
zl&o@odxzx|usSU~$`~YZtFz0!oL$}|g-U48WULZQ(GHKg9_;RBGt`(MZQ63_vb!Md
zx77`MSNMvH*7j{Tx^o-j`Y@u8qV|zjLP3*v3zvYj>)kemgcfaipEA7{Qf?29&MY=H
zjk+c{wYr1bE8&!~I|_JBjZg<?q;=SRTfXj5ZU}qjMx9zz*=*2q2UuP4rnTmN;F-?7
z#9L1&9rl4HWx9rLORedyZ&)_g7<S75Hbts-N0d5hq>CMutJCa0TbB;<2FVcAPWX9i
zxw^f4Mu(p1jEYIUxmXXarj3hHn~1z@M>X?q$j<iU?z#56=XzbDdalt5urwL`RwJED
z+JQL%^;$KvgNiFww#Hg}ln)4A5|corqbRMt+K+Kw7ePkt=!jp2QjALoZMuV(7(|2<
zN|&dgfZNy+66Vs$4pJLWndWco5Tdc}wDcVUHuG&0^!2dow#{_giK^Qy34O%51Mx_d
zlyS%_-WZBq2oSM{BH^bO62CKUL(?%~tAoELw+U5o8+91Ftu<?x4>>_JlV)w{6Hr$6
z8C5ysl`y$F!wGAKb7BpK(`;2ZUa!5OalKXPL-UMAr!fb@`Y2`}c_o}q+6+x6LkAh<
zYG9TVBT_nS9MeJLu&Hv2RjQo$89D1|SlyEzt9p4iEoTfIv)5mLCjckyP4gLDf+65P
z&T}`k%AQv!58C}2>*?)m+H>R2|4}QPbjfGLRW|7NeC<3}hbX(6;=Wq$!f^HPX0htw
zE9a9ci9z@y-cjin=QViiWyH>8e;vJ0NciSCo1D;ls=9-91HY+my#ZNB_e+3ab(w!q
zM~0=qUigtWfg!jvfnk_UU@s_(4mAgV)2uMwQw~au2^4To0|VO5N!z&WZ<PPW&<9(}
zyxE3nnZ>$Pf{jLVHm>kyi+d#6riNF-N6Tc!azfJ|5eE!P3xnK=^H&SpHtSx_8yGN&
z9=tB!UwKcC+b=DO0AeTeuR3L61l}g}L_WVDq=oB;jmU450&kH}P<W6-g*12L!=<0s
zn}TU3<X?D%&Z2LGPmwkl(;NMca4R8`uwJKIaZTy|jVPff=M2Iti5WjrFzR={Y=$PX
z{x^IE`iR^1thyBD>=uPLkT#-s%@h(|v7it`K{oaS<};`xI^8lBumimW9pjhauCcoU
zG{#4tSRxI0<}!w%LGjo7^;a$^e^*7bwp~Nd^o?HGPru=yY{BjQL~!(+&FCj6@8p+T
zNiw+q*+c5{>lXF*CG3TV78!0uWk=?^EH>q~-GfnX$<d<h7;ck={!?V*`EImayKqBH
z?=#=E4P!k_o6>T+m+*$(iOV{Ay=d3$^kYZ{W7~1t^D!F5Sd=I1?9>$JJ}DTD;HH?a
z#JDo&AlJuq^y(pD*=HWpXWm;m^9g<CZIv^Br_Vf4IrI1W%v&mFzNpXqdF9NP^_e$R
z&U{s$d0pkqKkGBEshoL2pLu2F%)jU}f5si=?yV7aY5_{<A`)J@;7$dAHUW1gR|!1-
zImhPyORU1s8>J}2zg^(hT&}$M-}Q@MSUK|}eMUFC`-n&Ajj026%+ZW$JN^3Iiz_1L
z5<bggSXx;AQxm+SUZ9ViY+bPB3T}g2EW#ikJHlJIyQzhnx>$~@^_9*(arB0q4WoJA
zlqrQR+~h<KaDlo~QN|fky)|PZh*$>G9&}?`GEsM#cjF$hz4`{3HVrB40B&i!5hF4X
z)0wi0Q)-NhtviY_(gIr`r-(qhm1SL0DTT3aY=YZ(VoCJD?<<VKCX39;XD2P}IDxI;
zw=l*VhQlQN8cd>he?ldcA%q4AZ{WRkzu^(sCxh6lv)lp!?32xS{YLEDN}v7RuIO$w
zfCHR9)$2Gmbi?1u1$0FV4o3N+kh8;MfPZMloiX>_D<3yd{Wu)7Qydocl5K((%TlOd
zlS*JDiE3!&LRhI3c6C?4f*o)NKP13=tF#JifqW7p@z{0(YEV6q`21z`-j18$HnQBC
zB1!ZD{nnpSNy|#4Fvu;v{Z>3d=oN-~mBR=;=1JiuXtii@ykTsD<5m(kfvyKS!#(ma
z5+`l^or`n{9H;NwHLFXNm8DsqmB2=L)vUlUe9LQ<O%~G&XGIw|!RP9=xP9K7_F0+i
z$?IHEL!W7z;FSa1LZnfft3BqFX+?TN6#dHC%-Lu5IHL<Xq`>Z8>>x^D1n4Gp#d&xf
z1^k1z68qL65Rz~)iwlWjQbe&Wf?=i4Xf9zNF(ZZtdFMX(iBKjltDhD&3_n~a2rf@B
zT&zn3_~Qu+>)~_r;u3bied`2)Yl}+o##FB)l$FCQKQIWhiq}E|REyg$oE4RXE7NpZ
z?lPWhd(LrpPFAxFa+41yEvuQ^ZPB;~6>?2kEGjK*mQ5TgZdM801g~6|;BfiN=LGsV
zGm`YO=hq2K3$-66ITQphofG;;6OnZ#mQ<(g(0y-QCm17gOD<&b!g0cr?UwURrLZ2}
zGB5NlCCcpS`^1Gcw)Loozi;53G1_8u`>PfRnD<|@%Bd?U1MdjD^epe?@g#@mVg%9e
zc&uddGG`ztR2=cD0gn(Fug3$Pul@HZNGWDB<G;fWitc`iy7uJ8Yif1v$yZ4<nGEM0
zx>aQ_UPCI;28DGS?e>;BZ8%ohMbsC?9%4+$JK^=(y)FCODj5(P*|0{r-(h>9N{`DS
z$XJYp%IV78auo{Bb?|c7%9LS~4rR6t+0cWbFa~s0MVC=BH@NcmzU~p)6t=L3+qrks
z;Dm&(q|;>p4=UM<&9bWbJj!9GiRU#kfa@dLY}>`+vqA3CS$#L+EhgjGWS)iKKiLtQ
zQ@A~b9nlD01<zkpyulw_uQuxqJe2MSh8tuXUf0EXZwS8bNd+J*%&vlDZ6;Z(-XF(g
z1oubr8n{Z~)lsr?L$a405$*JK7e*w+1h&H;Fh{;xYlS;>=#`}f!DdSYqnmLH0iY{N
zM?MCc?!UN62Jk9{EfMyF6L-Ce?+q!uQNk}T5^uXy!&~D2@?rwL@cbIf;hVIo!5GHE
zItFDwb;u+JeD8vC^P)hQcl#w9p`owhdC~cAWa{b;Vgf$u5!kXH1$>Z8u;KBG+5@wV
zD?Ouej`{73;+`&I>wCILgLy=#Hhz7#cGd89G^~|6=^D*)6F1;$W(WFvMS|PbBqDfy
zls>zo*dcql*<lx5v5V`94l3NMFaqNWx;Q#fuh6$1yaM+y0t9ipo!$vv3!}2bf%H|I
zaFbdK?yYTjy$s?&B#NQ!4(taMf!}Z1=5FFW8bT7@wO}!Jhh!A@O6U}LE#%bll9Z5y
zrUYY=9Wo+V^qQ(FHfk^=0}2BX+|a{KgHi9ocnN5ke`V5rH&nJXdM9vF)z2<kXu;!z
z;9YVDZ{v4C&|^YTY==w0l=Xk<_7DgE;T0fo*gd^nc)gxbWrjEDT>=M`nP>H^mmd)y
zsD@AoKDeNTZN$R8(5M(Fy6>HYsKRUYx3nvpyhf7pa*b(^#+l<#Ql{OePw`sTNIDhO
z%^XAK(hk|rDo6*HOb}#;7_uSw(*<Q9(F;Ei42l1#Vcjd?heBWgUbLX97*(%??{Ry1
zc<F*-&&PKK^Hune5S3lShfu&LF9=tybSR1&V%P$22ZaIn+Y4$9{?`I;1K!~BmkY{4
zgph>CE(+%{3VY!%xp4;k%|)|vUI{N2f|bo}@T9P?BTCx$|K|PB_jAjtUT&$?8^w0+
zYh@}*1lF5`y?SoHF3=z6qU@)*#lj$$jE5vV?$JHX_j+n-*Fj@~mu?-eriAASi}&ah
z5+1y0BQe1t6vi#^SPg;V?HAVq#TNLR8Z8RGd{I30aQfhLH9|94?v1-u^UkgPxSKya
zx|#kf8@DPZv=DD8XW**f`8A9KKe1s-bE@Y(V6NqFIp#h;*Zb-|;=1v}`o{O$H-@z7
z*AZZbFC;wRkg#*lX9dmvZ7cEXQH@_$7{3(!t<XE@3T3eN^%rUVzgDBFz6%Mjz32$p
z)dAWIUnYR+3g4G4R4ROPG_M!veUtBAa3h+6UkaYVfAYh*>Nf+VWIg`hL&=&ePW-k-
zzbh51&+IXZl@b+|;|3WW>gR&DZ4vA=JN;B|SVAWGZadb}Ah1zF53ONi!g#<#>(RU3
zDEc>|FUTe;$(C)#)6*a!CD^FouL<<_2Lb_-S<NPqd;7|QMz0*MJehZYgQCK1vV){y
zv<E|S1GiA#rZ>+~GK?Wn8Az|~P-x(K7amVSi|HK^ol_Xa8}z()Md{P0YyDVX=;Ob8
zXt)Px<U4uf2NH;Iz1e<{D<wX#s8GP|Pgz<UgpH&DKITyhw?o>(ZBeaBt{0qkqWf+H
zutf&(nlNded?@64h1bAg3!}iT>&f_HePpAnwhY+zfB;uq0hx%}Wxh>2&;z<mhv7;9
zqQ7>tTy}#eShM3cK8@PxxI^!F#C<h&!=1mQkuMvGv`p_6_$vLXsqa;bOn6+P`K)E%
zxEK79`Q!7`+4SDi*|9U8vBK2!OgTHAo}9>MJ?ZrH{Mqzux?DJu&3h&b`BRENCh}!Z
zI(=mRZ2HLjXuh1jxmcJwHgPVSrqf)yK9NsPWv9lbrp+^^bLpL2^1dt0e|GBAGx_O>
zu``p|^ubK=jOWPwNU@l{C0iajJ2sln73jp-vGlQWVS2QjEoRCSg}f(!GCf&3J&`Nh
zPbT`SemFl&kMEXjdAM9I?%0>jWo9PJo+I<=(L;NWj@(RlXT}HgpF#a+hyJru|Jh|8
zF`Az!@6C*z&W_)tXIAozXUdrY{v0%;IFp{pk7pgQ9Aj(hc;@6tzFeGlt|?`U6Pd}0
zbJ?Ofl~0$_`zDInvGT-h_Bcb?xwc%)W~OMsDKp}+LVBz)o=s=QGt+dvr!;f2kjs^_
z<&r0TWIlbUkk1|~7iY%Gp3LNAVJtV3AM<2N^ZBv#scb%-o5-(t_weLIrZh531J|%7
zR2V513so1D%f*S4Gv%ru&ZKXiEX*Ct-ZhiWk7Y;l<9hUCg>-&;GBc4M%T7+tW{M@x
zk@;iU{P@vqiNLSB9&o?^^hAE5tfApKF?{eq`rz=9Bcq3INgq1AZ^ZTXgPG~+iTtTU
zh4Jh%<eIhtdthh!WT7ybJ~@#uOsB^S`7AT#bUrhcb%tBaj?au`)7i5tpM9*HDV8-9
z@+Z@o{J0*_k>R7qM$$JOIJ|eiGr0XDC(_4`4<8>Ph%?<BC=|}jOnZ*Z-<~NRK6z($
ztn7@cf5otP{^NzQnW=2PoG#IO(^-148yZLE)5k`Rr;m=@y!X&?hXx(|($mQoY&d3J
zt1@e&4Nu^}=<$)G!w1sG_6{EyKAJvu{KSEgYP!(ZjT{_3ZsvJx<o9kHIka~qJ$iiP
zpqc5B`P=dnjCn-oHy4UinX>0(VJ1Ib8e^t0HJvWaoGgtMC#DIH_DzhH(}%Ki_L$0<
zla;e)%O1kZ^qIMFO_C*>j_0b0c-LwiqOx>mo_aQW3*%W0dnQyj(Jf~@*X%u_!M1aJ
zqBLD7WnIral`W@dv&GUxA)nU%5c6YsI$bVi=%;0z#yre3J)fpoF~UtvYQ)pr>{*#&
z-hiy~qPdCj@@e-msTSsVj5u$;um)7F-8-V2kEE~3PE8QBY3{@0<Hc;LbTpGcmGw;I
zOXW;{ESnyi%#=!cg>OD^_*s>;J$8Kf=<)RN!}~`Ld5+8<DCAG2hfBvwnt|tdCZ2NU
zRGJu^gK)E%$(d|=YNk|9pUkE+Hh@Z}Gt)HJ;bVJ8M-Bd0kZR=6KAT+hW2V!k^h`OI
z9=JMvGV96Y$4(cD>B(&Vlmn0QbUL4%TOG_*OI0do9H32Q%cl$DrPc2$-IbmorZkpK
z7qin@XC-FS=KTdX+0Le?i`m@7Sx;$VYI-u8K9ikKj}`J|!d#x%@Szjc6h%DG#qMlk
z*_Wk1p6O!Y<Yaa#tvR)83O7v_#?IIblv$8wq2=lHc$OKsn+=T~JaS-k@96RLzQcQO
zJ2-OaxLHLFT{mB4xTFa+M)T!tak`i-XN$)eSp2+whi|*-z)1S{ZaaK@WZ!b$pdnxy
z+!z!-R5+NODir5E<s!jwf+RDk!ujmkGULk3M83RZFl`GzW(vghGR1kDp7aRw1ecQQ
zyOs!XUN39RlOb`GEqRLBu^CN<#q3mOB444z1J|zLsakl996WsVM0(`t(Zfge83)^4
z@?<t`Bh4yYqjJqyW->!?oS)3n;^rnMvqqHAZMSAh%sNZia;97^G6Wn&iKxbw=OxYH
z*V2H9p`~{bTR)plGw(^8ODFQ>^mSM7+Ogx>>vmNLXU0W1tc8siW=>Ap!#*(3PrNcS
zc4i`fDxJ$rOlHR&9Zk>DX8Om<#q{3EY^JzOu=B9Y(x*$=@(MOZe~Vg>JI_3pEsvJ7
zQ=VKlQ=Tc>T<_*=dF-_FdK<~pdkgt;W+GoYezP;`Yt!Z8d^(#SCsuazOn!`%JXS-h
z6b&P(9X(@$P&=QQ)PpW&Gvn#gnf&-<wwNxvdCh2^G}=sg;^bsjBW7u4s+8_On?9SK
zEv5TCGo>u?_Ax>+7r9k4%#lOKkDhRJfC^I^n<-|`j%n7o5`0EtS2)6O>9*rHUpt&1
zCtcZNm<mydOX(w=t5SzFnUCB)a_Bg*hPiC!%;ZF=>}F5IEaqsr#|o^sXNtwlyo;S_
z1~f$i)Np_*7NVc+n!NM--ouBEo9kE)sNfOl<7R!2W+qD6;o_<C%=Bb-G(Ve}oEY~^
zrAeH4G&83QPo&Z}4exU%dW40##=EgX`pjG*KRKT%o*FC6<lRitW*=HiRq0pDMWZ9x
z2d<mWX3uE7%J2fs<d_poW%PQLY@LJ`BY)D75ofEE-?2=-ke?XKOg<$UU!At~%dz?L
z=|bKiWzzX4bDA}e8&z*Clg}4eijEcXv&$4zbGVk)k|uO6l(Ok5O%TjRmysyxzALcq
zm|LHrE01SRX;L~efBZBNkQNb@`vz}1aeO4bfAr8kLv7h{HhD_r%-ET9xiG!PIv9wY
zoXO>AF>KaWo=%_4l(L>;p-@hb<%$*EoJMnu)j5|Uo=cz1jGb|SW2S8s)@q&Ht<I#U
z=hNk>X``NcPG?G|2l#W)^)fB?JuC}K9>*vfXJ8Uu+%#X#mb6vNV6#a!J(Hg)Wyc2z
z9Vbd|CHD-mFim31nC{-p<m92kaPgGq$o#>=_{?N>UpAM%DdT9KZk=ed3MPhavgxD2
zH!;R!HCC?Bh4W0;oi2`9tyoNDr%q;zrPYzFqFXv_%xzn&O>YBCZ{;fUb(mr7Hfh(q
ze{eu+44PoGQ`6=7G_$ys;)_L%ew=LyYTZP05_{!Xe9UD^>C#>4(&WTgMV8Q;&A~Vk
ze+7=CQ`3bazr;Xvf;f#9XU7QTUGF9s6UlhWQ`3g~S8SaUo8W6Guv4rO&Zjm0JNo3v
zp}mLqjUKv%)+jfbIaTtEXZ3SdlgrC_(izq}wA#8-L$3^(bq&vCVJtIgMqQpx8#Siz
z)ckF%FgY`ocl4B%`eyd&?5)8;y~@n6iX=1A`Ru85VK!ULO%~=HU9&jF#5i(xEIZ8(
zAD5@Z7|tX4@sSnG-O&HjSWN>v9CBYF?rnZ@`|yF=Myk!0r`IDY3g-M|MU`X)^=SYz
zU;tA#+}Lew8?HS*acZJm^4L7zHb<V0E_W3(b9$9lV@jS0wxXRWPG?AGBYlPh$bj>0
z&{MMYx5|qh!GBwxS?vKrDoupbZh|<Iu4rz0%__^8t#T)6-m7t)#pHN)GV2(4Ycr2s
zgprI?%SE1hnC3BslXos7OoJFJiEKtc%f;Wv3geod*eh7h7H^)&Pn1qqmVPEjcB6f$
z1>lS)Q#{4iL*b+rfc68m$aCOA{DhPsM>8I9>GO<7+U1cRBV#2!T_{zCc6NGlVr-)9
z$xNk7q)MA1GDjmcTH6qKD*M^xahYCIR1BtVYc-vw_h<4h%v_b1>?9S{;Uu>lx=rmJ
zxJC{1TZ7hs8tfk&=pWe8ueKb`j;mWUW%EPdz`$13H#Ip?E>C9rvib3eOkVX(Wll~E
zO-^6EQ}vxveTR3bzT8|fGd-*Naz{q@R%B7d%jxp7jXNu)T^m(i0K(65wp8)Axp<GQ
zHjSJeOW#hnE_axgNW*jVV@=(qiTtTaGM*ii+;e39&<u&=^l1JFX`aL5<L0SHXY%EV
zsjMy39FM~A@nO%Ad4pL`Oa5t|tfPvuby|(*>_RG>OqWPQ@|?_;%FEr190nMhDHe$$
z-4cFwg%mnz%T@gjhiR<o<+P{uti87mAJvK`3((1IwX@_YxcN0{qE#({mTBHop5jbC
zTP&_c`7Z1}uq&N0_KRUk<!K(ONBek<*^xhK+!5nhz9Lu5W<AAhd8U|8+kS{+$B&K-
zA7m3z3#6H`(ja~8T;Xc9#m&v5M~@wMIhI|fNab~Apo4=e+#l8K#HH?4?1~KGRr)|S
zGn+lCJu9<WmH?F@t?E^BB!i8`rI{(SxSAD_&b!LOR@B^40^-xjznv8^WlXYt*-4kS
zbzoOIYik3>%C|lA2Zl!vJ%xLF$I~jhjy9l0$YiEePO}#(J>lXH#wYA}b}B)iDZ_bf
zrakCkzeI7~<rZ4qIcW=?u|mF7PM^yb3!aH7Ht&nsoKb%rBb2T&+Tcocs5*S1l{}l_
zI~=BbxJVZCvx<fMDIJVqCApX_&)QxT7sbvKC3s4AvBb|z<V!A1(HX%^MJDQXTjBn7
zuxhy<*j#;OR9rpOF78mIxVyW%ySr1|-QA^7+@0d?Qk<bUEe^%q-QDhazx&-kcda3u
zOmecHJlT?D=1it-Rc|{qzkPd9C@rTFEDgDns3eO;4#iO?=@I^x`Dat^FTIc<L;KTX
z_Cs?miYCkId5pJQM;cWNHLW&YP9{t4i;AVKuFhY=dc6gmS{}VA4e1JdR>!r-w-dT3
z(@wctJ|h}}zk7$e5NUTfzzn!FD`nqwcz=S3-;e~7CWtMMSC>v<GL?Sic<q?M@63_P
zY>>fdyX1j*Po`Qv0h{hil~F+z$h1)-pT>$_l*Utr_Xk%}pPl7zOy~)It=md_pH7`j
zBjgplIES!{^rYQmGvE<FQVs!&=|tu>%^gkNq(8k%msNb7ohL`xRmFDErzs2-4_vho
zs{Ak7DWZ}iV&4w>dj6#l3I6Sk!`($S!Odxd>|jc!1jAW0_q}i*PM12KnQa76$3(gN
z23E1;Pv%d=m$nA*YspMm#Hh2+X)<ZV$1E3xG*}m<T3Y1|u;q^KxZd{h%@*WWsO|C^
zr{#|}<8z+gth5K<{F(pM41J(C6X4Pils@=EET3^RHx%v9Tkf-F-zI}(YR{HK>pRSr
zl7czXk}h;CzRYU{&P!3ixH&l<QO+Vgp7p>Us~oF2MX65bGdw#tB<5(!rqAP34w+sV
z-7UTk3*%WwmTVBp&#g=Ib#51<8DkgIb+_GH(p({Rc7G@K9Eyj9&;PHtX*oN_P;!)x
zxNnU)c_+MFO~`I@8}alu$}0~~gD}6aHcfm+x?P1duZclHK%~)SOsFfc5PKU;LPOUs
zJu{ySL4|EG(DAf%?B+Pi8qZb4ufI4lIj>yY2-JVa7fcu8W9z;QzXs!p{1k1HZZ4Hm
zsmd0Nw~{v-Qfuob`)Cr#&LCY+!;voAyJDHjg6AI(I%)vtN3KuJny{^MZ@h?M^D_V7
z*>2CvQDZ>YS{|d5T4H~Q)9%=1D`nkL24?vzynkZ)8VBN)V)HiiGmA(&Z6Y&P_O~n0
ziyehW#-h;$Bl|1L6_NIgJ!7yk$-grV4_lWAmmf~~&PE*nHDv!J_6vf<U-Vf2v19c_
z8fQ_adcFAmttbPu?}v4Dr_z(2iWB9Ss?$XCBgW=9v50YHX26+)Js0=ZY?xg<S`JR4
zHcLuzUdnMv%3)s4VLq~FzXuJk&;o<f#0~<}89LQEHPdEEZwNyLTw4TQ1B8JJ9?0{0
z*1E{&SL=3=n7&#vgM$@hRnXeEXykX^y0}4o7_0DPpk>8*9sA3m7%>>c)k+tlml>*P
z7j%i%Fs6`uCH32zmfk6)5c8}f1oG8L<^3nuAZEeS-vmEGO)NF?vIhklvK%^#H)wen
z=@ILTme${2aB6ENf|P@^x6l6|kv3h9iYRCVOl9^ksKTQW;LXn$a#Omg+mP3wC<>Hw
ziD9N3a;7Ap7BC2|v?p=5Kgx1@&v&!)?leDo)9H`%EZAPBbhuLz<A@I?o*%mJxHG~I
z4~p<xBO+&GK9n0}UrE7T_ukBNaJrOK%kjKI2hM0mzt8q^Joz8aO%aNa({O4i?9mOy
zY8@tE+C>n3T?!yhf4BST-Rdi)tI|J~ylFRJ%Rq>3IilBDaS!Yuwv>P6WI{PIJT_(I
zj_1O!w}KSwS1Q74;0(K*9fWsslwE|Vme?e8Y~oS%>!gP!;$hxX(!Phv9E<BGTR*dS
zHQkY<qf~-9XrGz)e&Mv6rO|d>Sd&1ujHhw%$>7ef!WeSpje@+ZxDL9-sGu7t`!zYu
zMAA_iON3lVq%+TFXMUCR^RM!d#+lcQ=(oFHOoF=G6In`~$;xSS3${!-Re42za5onS
z3%68KJs#2dHECsBth^VB#vKY1OL@N?Z1W8L`Bi0gzJU?&6%AVjyS!r<``!`r`LoRS
zi({fcz_#31>kQqLj;J52ADd2OjpoV4m6vyq-I`D82hb_f8|UIG`uK#F+6HwR+^5zP
zt@Ria+8kpCDn~BwIPA(8+pXoGwA#-RURIlK)5R4KOz2FlEaxuZchTBSSDi!<|MDw-
z<A^k61}(CuxxiEIZ=)Mhy_TXYviLTtlcDp0Oy!JAZRZV(G8H|}CfQoy2|FOt)N;<o
zjg`;2q(|g>dk+-ZDzkTU+QQ=XstA0uc#ikC6=PP4<rv|6qB9+?@m?!uVE(kmu<z7j
z2fQ!wu<N`e>Zx?q69_o-a5@`bm4*z^$o0^Q@?sv0$WhOlX_^+22p;4Ny!YbKm!{_N
zftHSfVX)4>L&pp;m5%B8G{FebOnO)GX;o<w2C+L~J2avS^J$`Q{?(8_R9yc{!>9>5
z(#pMZrSmoWxF7RXPs0)|{i#)R*I%^QW_zBlczoVdLmdMQ&3H~Vfw0^(vkAx6*ZD;g
zf5W(16wsU$eas!kl@}ym7>bIm7u@{&mhJXdNWaEr$N(&?A0@x~v`IvZZ><I}2-He`
zar%^WmK|D+43wIBF!lFUJQGLfJPv6;59)dce)jxhw@;O~{Q?HxV^L?EJ^6HM69j)k
ztG;01(1g^Z`e23W6ju>TdU1R>Uly!SYf(kQnK~_kS)EX!v*fvAsu&UP$EPWyjaZ52
zk@q*1itQNhe*L!fs}o(-N<Z()!_obP%eh2lI$fF@2Jevl3aNUW(Jm^%UGlKadQ)3I
zk~K|nB}NJ-W5O&(sb0UjiU-~}WcYWLecIv{NIfMLus2pn|1BrP5<dQ#L#0!njQj3Y
z-;aj-H3vaqbuY+wn^LvsSD6nc-#Ysa;;Lm3w`sV8H%v+9hGVqa507V0-TO_8g`f=0
zPeZMDFAv=*;->t9w*1<M6^quzIxDgAi%AvXi%uiW;o(Z|)HG)D`;7-f#>_ja74HuB
z@l7H*ZFP+C)F{92v$6@!@|m7&YM#D#J6JvWVsW-1=MF6Cp#j3vKf7vC)_e40O0bC}
z{BSuC2?F#E-CNV~7xM#pk<<m`*7#eukQn}bm;J--k3U3}#%{S4AT8*!KgOH`^E%>c
zd;hA^(e;w_ww{N|ueY@JS#+J(B6uuVn|&8p%a#S%RlvHBlIS3?nfj9Z%Q2u=4eyd3
z_aNK?QT0IS1%tJUJ?s^QFHO(3L=8_FEsb)Ge`lcWuL@q?jqe1io7i*93LOw=(i;bO
zH8n9}`KUz*+}<ss^m>X+PkSDfld}|IN|_rpLEGel4KcT~unTG)BAmqrED%Kf8{MD&
zo4sMu@3YU%+?{VqxzmtSnePyD_TLkVwESWpLIMvX4EXeE(}ri-%pdM5Z*@m!DzIJ4
zqd8$}zHbzT#V^iifL;q$MqWLI2|H)xxgpt0Q(Z@(tn^zG62@miApwFR0ms49(+?!d
zeSEq#Sb}ksyBdh4a<u`jMS6dg_nOYFPaex<f*iK<Bj;qvKj5@|%>}xm)w)~ji8+l<
zZR~P=qha21rTU%R1oE<L4w{q_VMk5UQhE)uk^X?9`>)oGYp?&wb^7;y)#f(@FXQ$^
zouwtBUcis<;vaa&jKNqipfvsy!CFqxU*+7bHcsL{jGyKi%}&{Rt#hyU9ic{#SCiHf
z0k=VB070>f5&Dbx1#_jFRBKf+PlFa6EDCf5IeM#W6%I!Ot;44TWd;%Qqb#36m6H)$
zFXIZurvV@P2_p4oPg31?!QoOag`T(vQ(Aoj+EDub-hp}@zZN005M#PL8BJI6tZ2P}
zQ$=Y@q^Y!sTL_O_1n-M-SB%zio6QiRh%leeB<%HoSJ(h%l5ZwVK66!zuFSCi?zZRp
z9e2VilU49rQih`Sys8cq{z-M#a`v(!_;kh#$Kech^CVSa)--Fxd$i9~oOJ^GtP6+t
zvS{WA#ifa8{P}g7sobYJwK_!nwUK1`(Z0_h(2Te=O1UozGQpCt_t8G2UYRO3?`s7n
z_wsW0p@v%(4iHg-#%W7Swxh?;s5S3D7KF|;tr)lqQ?pZ!<*J~{@!#{Ff>$Ha5vmIB
z=lPNzxNp)%1Ya^^VLbPwl#?9BuI@!(J#v5pdyr%*^p-dIkktj2qX{k5$ZsE`(U`yO
zrXD1myc7K)n#^;RVyOOWJ+2-}z&>D(a2&%+A#Et_z=Xx%x^+4kPl~bedwF&PYJrl<
zt)+Bv$dKbnzu9+etAO^JTL>bG>7}#NAz_jwqoFv;$o&;Xr_8a}>c}SPo?mE-k>^A|
z<Bgpl>-XLu4X-d(k&E}uoRH&L7d*_;&h&OZWEAWx3V|S9j(6OwnUhoGrQqCmYUJYT
zX1_Fp&h!Bc|EUbRu;F)+SEmw#&wl;1J8w5nsdW-(218X?gg<F(vQGar$7}mYOBeJP
z>N>U4^i=t_>359fkEO(8@YYH(>d|UXBX%VI37I97?@H5k<nqy0q2GqTpskUIav?Nz
zo?g;d<4zGPe4LesKU!aK@Z1KmrPcmR6<>g}uFxPT+>E<qO;&X{ihZq%cW*-CE{QFN
zw3J(DUqRlnu4@w(wBgmZsgHHp)K#-NULXSwde!DhhmCQ+=;B~2LZPnaOY!;r#NTgO
zbE#h18jKM#@L?n-!8=*nTrSQ{G%6ZYuq~ily-xdPVt7wz`F<aV=af$)zmO}Zgc-Lq
zIDTwO>3pFHJ^waPnr6$`kWm+_-b<qOI^8O#*8oPRuIHOee6v<SgumKapIom8dEtEZ
z6NeX$ecS-@NGNPm2fXyAM3^qLiD?T5Z|9a@Y^sM~z3=kMWZ-#!j&{efeo8f%Ouz*K
zGi1wI<wp<!lJ(!mbJGn0zHEL&Ml|*FZSp&rhHkbsMK5L-zHkRS<@(yP8(fcbDP_>Y
z@28+6LNH2V^LizF4-c(Xbt~EWJCBIx7hjim-tUvvr0TxYnTym6^loV}!o;Zh;^CC=
za*rl~Yu<OM4SvNvp%56&e7>crE%wIa#I#E0kn|*fDwAtWVxh(1zbSV@F%<TflIO<W
zP2};ZIMvM0Qn%0$!DU`aA9J!vI-S>l2_t04|EsuUB-b^sqecCTq?1{cn!2eYX(zl~
z#P3!lAj7k{Np-PDK|`E*bQ*TFpWee?;qY6{OZnk=x#$awfmAp?>`^VAx33L{Gh@UG
zn;QR#Ew?R2sUY25^luFhHg#h}k>bxQ($j*rKR*|<gU%C#ZaIa@y36h%401>adt{38
zXt>AOXW6>6WVI1jtSC9t>z=jrc$90oTLrPCmVIV7E#<8=<9#{#MHSKi34Yyve<5{S
z|L(`v`YAINl7T{uhm>2)ewerAos=;nZyQUPIjUBiZE*Z0DqmC!-#B@B1xE|wqto&j
z8|S*%ciPyZXGWtgqJ~uMrHzbQ6Ymd<A<P@0i<6{LD+A<S5@8K4@}~4}eT+^%;raFD
z<pl>S$;`7a-9pjwiPNVBMkS8Qm6J@N!V*_=y&Bph?P+ql9`ko!+u7+c1-L}#8}7WB
zTK`<+9L?nvr{moJ)85^8FDpBh{zb+p3}NdcAbZaILDVyK1x~yfu#nouMLXpely?wI
zf2b+YyT@oW@Q?Wos#N=W%vI~|tnxIEHT(C2T&YZbqLL5Zb`+W?{|VU_SH!4p_}Z7j
z%#a@0_uwE|oTu=eO1_=BvYt7A$19xJHT0&wdY+_aElTM#49f!zzaG0t6gY8JWy{_D
zpJQe9Dc_Qk@#q!z82grFTh~iVGniL~)5a>@cUoto7gJf=ll=mkbjB<kHfh>TNv!jQ
zeScp1c#vhkltm#7T6Oo^rP~hof5T5b#S`xAXdy@8G#T-srW)zN{LZ}lE<Sny=Gs~0
zt9vdIOFMpjr(wJWr8IP`y7w(^>y!3JhV>POW+4&P^n|7_gTyOE6J%BIpJ?5#Sw+qs
z)&tfX@OtBZ^>3-sGTP6k%lT08FRw&x=M>J)Lk5)K;G|L+DqVX~^vCM9Q4wcnDTdMu
zxN>=}v#om2b&Io|k$fL!u{e{oJqYxBv$`WorC<5O64h6$UdJu&=FizzZ;ke+i_gPv
zf*?w<GBtJKWyE2X=n|Uv@04Douc(wNswE*79lU3u)~BQ4N!GgGTKHOIFW9T*E4u3X
zd}~xK7>*=<a0gcQNI%}W9oxpAZDbWk=9M{k+7%}_lU1I)qGl*{r`PRyki*vH6$%tP
zEnay^nlNJW!2NVY+kFjWCfoob)97|P46j*j!-0;&%$F=P6XgVV;`H;Yqyg|(zolnB
zkJ#51jP}IuOzB?`BKzT1^V0bmZXqIJ)#@`Jd`@4W_zYe>gT8x)CR^=YgrL3N@crpi
zC3J>6O6Z^S-x;f!QU4%$xKwwcY8rCc_t2Zy<6YCNL@`J2ie|%FxTCUAHLTnFGFA)=
zvyc|yTuQKvTrz1MBHq{$qaNCSDovyH-h(|>wsU=oc7*5#QLUvEr!Dt^D#Yasmq+S9
zmME0P6hE^+F4O*k<{pCI+J@U>f9;waHjd!UgKR~;V33MXvtYWxzt<YiHageE0jktG
z<$u{w=kLlEiaWG<cxg&=Z^dhO-ZytHYA_U0R19Dat>AiT*qBx>O!j2a=FhI)p5P`$
zH2;j`ykofwD6jVRvhGZNgpIYx8*%YcxisFom!5YQs@j)n<<K45%dNV}(~N(ZFFCCD
z4zrw^SvwwWO|@`auB|&%#OQ)+WDHw6u=M{HGTpsZLA%LTuX0QOU9<@dKWd#`exT{A
zm#c;K<VFxOlebEgwsMI4#nJNLG0^f~S>*!l&Nf!Z*Wq_^y@<IeW4H2DS{WN>$$FEj
zkO?=Zyr;W4;*FlJ(=4V7t3N&4VULFj^Pz!_-i7vYPjKjuAdSO174q8<?Dc-_@CCJs
zl~sp=-#2*;Kg@W`?TP#51rAmh6WvB)K6(mCuDY(WnVYY^Fm$zI*spicvCJ-O3QF;=
zl;<fI2+uBJ_<oioYnN8s{wgH;^6y={t>KzbZJC$V30LE<N~w~r4|V9T)U0)T<uGO&
zS5JO0otNhy*&TA^<(CFZ$j51ATLx0fug`O;70;~ByFZNjfggV@#kMV=(P8^}B#@;>
z^wirnp@sJ$cc?*WsHB~W<@n8GdkWj^SkI+MeG@NHb`ex#>t9@b#}X#2s$D3Vs{o%d
zO}Dev8)hFQymu3}<z7^3sRAvXH~kby{|n3GlRVquHUA&=XN{<c{e702t(XJzHKKP*
zy|1w{5;B;cFyL28?l>)JsXP6*0vSEh%zc`MpK~_?4m^~3GZZl+Fy?*ZVqtSMzr<!V
zRkg<bKB}}$Pq?Sy@7Al^Q^Jx@S@>yZ%DIzYo|q&1;^`4#?;QTkra8wbjnnAi9@+K2
zMd&qvMO*z4s<C?9EJah(-APubI>;xUbus(L_Jc)p;EBg2yK3OdJUw~p{L;(2pS1r%
zYo>?X{#y7Vexx9qT;9(K#e|cHwP0fR;x8T5L*AKa${IfOvZa;33Mzx-Dk7+lw#_>P
zh{|#TI0Uyl(|+p99F4c@>!uzB9IMCIw`=4zMyp}g*&*kqBjBZ_9cpp$yg?|Z*2@;A
z^%Vx(H}{4qxM~#sVw-h{jy7m5i}bc^f*|7GwNX~qm_yTnb$M2<>-dSMU(1vKTEhJ^
zRaKfehtJ>GdKw@7A7}NQ?KZ22qV9c3=e(?;ktSV%lIEWdg(@uwMwKZkqc8$hQzk)}
zN2GZ|{Pl;0nvWq^QSw$H9eyLF1tp#j!CCLrp{Ba+3AUxTl~|K?Jyt2h+IQZKCtW?d
z9c$yDd-G28X@|iu^(uQv*oXT}Op;8GP^Lao1LMKi&yfs{fR2=oMsiWjJi}DHH3N1d
z)DGG;WAR^>-<}Z-WVY?*t3p9Wat=7M$Fh^cuCa@{P|BIBRxFUz??(z?BM7kwP}-n$
zDXIBJ3%iLp{qHLX*aAdH%`Ka=L_vHTzk4zVc$aSsSdOb&`3aI-zTwId3b>X~d#k4e
zT#4RUjHasbw8mmlo3aE&IV;n3kx(9Z5ZquP@@rm1-)t#<D>PzCgqeXlJ;@t?3RRlk
z+d?DKrv?X~P&ij#v^9IUAG%v=GqTMx)Y^GUnY4^pW%buW!g0)xy3F@hBRQ%myb$F&
z=+)C*Hu#-TS2~jF!Q6h%bFztn<7>1o)Nfy47uQLa(GKnYqBI0<SJ@`RC+F$I=YSkf
zP~r3yDi7CW39}hoKfm|1zi)z;JMCJSFl9KRK1gRxTTzUmJRnch;aTIo5w)GGsUnr9
zz)vZ*gs!8}pfh_e@W=j~`z577Ka<;+iVjYte@rHJ{|+k@WUnT1)6z3G<ocI{-k%3@
zFN?^Y%sbUI%1<ibxTGF4?gFdSe#ud*eIUc_tF`J0uwofIZ(fNpkE43(CDr?DM|*3F
zU-(8|=693}rmJDU##Y;Gx+q`XwnHG@SFl23W8Tc<lS3AXTRZD7x+)IgQ<myGPf)I9
z9|}>_&JRMytx)#sw_x<#xAbNL-uk_|nf?i<o4e-Lh8mP-TZWWW8;ViCzahfBi?HUZ
z_}7J66j?(~s3%dbR*(7zM(bpG=^ruo%M#FtN>)@V?TVlS;UK$u*>i8W@uv`5(yI2@
zqVRhIBC}3DPyhPUdogujj?Z62Y<eH{zi68zDXqdO61@UgJed*+h$1i>s2V+?4D&Yn
z?P3{bA6O+1YAuhbXQ#E(Bk#d#O(qNGhF}VgL!i^001FxguiZ)26S?|<4ugjwHA-ox
zx7!wvn+clM2&Ki(13$AD6sUye8as>a<jiD;^OgD@j8RUL*^HvhYi*u^%PwOLubD0a
zw_bUrG7VbAf2ri(N;4N1N1vsh3~&YP?oa;obvF)r8bly!FA-w4k#7t}&r2}X$D85g
zM5fg3@%IFI^7iA?Rc>8riyA4W%E$Ju$Yw=W)xT<?^)-s4!2a8eM#|gEr+VE>XO8JZ
zE_2jHs8Uadowa@n2q@n2BzW3ONr8V63SWo#YTNwGk}dxCc+$VFtZw^H*_NGVJ0Zqf
ze%8HY-kQX}zNlZ>)wxJIQ%jgp&hI&&lz4%cicfKPJN864sTarZQ`$$_EC+%##p&)u
zvT-zjlrgdNhf?;mg0_>f1J<1{Jk0*G<bBsROLr#(Tw+*F!h&T8HIsm<sOJi>9}L|b
z`<T5X%*JapPPc*0m~13o;Y5C>y=wBjllc!xE+u3xY2jzaUWEr@h!LI;hRS7teAP$j
zN(ilQ0rCFK&%~I!gm6NMW=tLzGD#jr?-rW3#EOd*_!CMDvpi$}<gqAk|JvvP3dL_<
zt0qn3GorsW8?e3>U4GXbjH2jK?ik2Kb|>qZ&<4e_S-wInVf)Sq?k|om6k47O>Rk8n
znG{Sn2gplTa^~iT-A{1b&09G!IcKsspJw>+?eACg#T*l7-?cB}z}}@hIFi{Jekp39
zzaRSg?RDaC9`lz_njhc2zi$n~@k?W>vaX6n(Idf8nmFBI34O1`y$8Xm$3&su!*E}}
zIw3F{#EkP`p!e23m2siVP_&rmCHMg6;WW8}5~g5D&v730*w~jF+fAsc{Tjbd);lHL
zyTO-O{ZB5<U@LNWzHU0ttcVMwdZWf$Oc3Eu`FGCS#VMA!NEr7naQ@WRUAH=bjngPM
zvu3}lyxXD^_-J1uK;QLnZkxJQ`t+rLQN9P!3wsn9SAqgA;|A(cs<LvQVrhgu!rkRJ
zZG1To^8kzRXqtqZE_fDF!(%{!VUPQ)<659z$g0OsYiQ7K?-~tcqDSPOdy>6X_7{0I
z(NCPLHvJRM<{axwQkXu~ug<}37lNo>@F(|8l<Crts~&se)FJixD&<JWd_^g=wq5n5
z(^DV=Pzsy&C64fq?CZt~+|QWo>)MLazx#ZZR(GAlovKOpNo;w44}0YtDayI#swcfG
zcWiDe8x2}d;9%bZ{Azd?Q5KO^#`8_f4*pHwMi@%wO(-TMr2Ent{_C42$(tDWBF;=O
z4yhfZx2e-pJapT`S_PILYL)ARAxwqbdZZIfShJLCt)dRQL($pKYKc+&x=frS`eI57
z>F??)t!iVI3PIQd__5T-E^dK{YJ-n%W0dAm@g@1f5(3Oe-2!;F4{plkMk_%r>YwYS
zpGDk?pzv5Cn|b+h!Jcmg9rtBi4$k$lWmQm%p;DfkIv6}A)|S<%__6l>=d0_Cn*`MX
z=s!`fj`(%`ZU_abYW_WBpgO-7xa-f+2f&V&AKY=mjC1Y%C_UTrUapC|cYyyu(>%gI
z=Ml+MsRDN6A+%Xn16e2AdrWwCIITN0kp1mdH$RnYFfd2Fj&fO$#f77@$0G=`M&_sl
zP&$O^y)lScD0<>*>%y34dc<w+iz)~EPR$sFN-mMZb_p+K+{aa$@i|%#<TgXmRl46i
z$Q<ov<X0K{(7L6bRWLmno8mjqWO2*gHg;45Z4Y&qa450$E#_KVw!a}YVmTk#3ey>e
z{e>Pe=NxeqM_yu?cvPuKA-|S~t?u%mNV*8ou)|cwMdm$1Z4X&lf|*-pFgh_BpLgYS
zL(!#ORp<2RNpd|=mvW%*<byJ9d--oO1@*I4&E<Dv89!}SjqCvKR9r%a(uvD1V_TS)
zCa(>-e?)f0Ke)hy4fXa}Z%jVj(42|y($C1XhA*qSdUw_1AEu3WKg@<OPShtBVm=+5
z3o%<%nGBge#HglY`eERt*t)o=L(kP_@I5w`?rNjf7%95N;~qOa)vEr{EswETG0ugP
zpL~xz^DJeclABSHAm3wwQq;cZ^my}9GX53!+IkI7-;v7>5oISRS)!&cT@g{H`e>~9
zQ@dyLrxw$mA8S2uG?^Rd;YBUfK&p0UzHl@IGAyh<6B6@^QhJj;br^lPz&4U&A~u(U
zWp&4_qeX8dA4gsp>U~MdwN)X+pLd*Bljfi6f-7GN;>(hT>joH^_8WhzTqh4z`AIa}
zTLUigT^eeT#B-gOm`iGvoU+dGua8bxg(rsdF*(+>YRlPu1I&wPGU5=Fy{#_BBiF0N
zmlcYSP!7koOxZ<-qOoW>8+#;!WL@xpjOb~D_r(ug*bl8%gE9`T^toP&wySGbxZByC
zvFM(#f*?3&1<p{lDc`iBPU`_+2Z*l2MeEf)(SxV{Nn6;C8_8%TF=Ii`H<s$Gl4)Ub
zK2!0)g7l8Ip>l+Grf1)8RVyMn1lzy^dx}dt3?HH2ZyX6XKX;rRltG)B@osl;Z}D~_
zVyvO>N;J*CqoK1f>aSI+$+m0JVbR|8tra6nyn_Tb;g1zvhdbw?+o{flxg!G%J;pKg
zER{LVObA&lxw?J8{+mu?dUeSNK|uU!{cmqygk+{gy5*wI0V)lu7mGh%<#sKKkF5EI
zPPHsNf<8mJr4O14lVe-N_q@NPVe+Uw^XJgtAt#)KEgTE@qot`o@$R5C>g{v9r)Ct_
zhqf^w@8S7IT_Tp!b)Z=XCWNw=OOuol&=hKs{)X@F$7)CV5rpg`kVpHK+Er`<GJvq!
z1d47V?S53lbh^e!`?;GZy*inhG@=ycx?SV3GQ33$(e!|=6`D=;hrN=Um%IdD;B6&8
zV>e~w5K^y$NMl&cJ0k98M1v7VgeGT<{=g0t{*0Y}D>hC^O)8twtBvR%SmXDzp78gf
z&Sk$EDb8HMG;y?160>jLk%u1+A&<jkKz9pz7Qa(&7F?Os6<!xjOW9iuB<1+GENHtI
zYj?QIRU>Lre_~}Xsb@!&r0TGZV5jcb(06Tcps^Uh$wzJl{#d*-8Ddk*QDVND{r2@)
zo;FCuTSvJETrOau__K$PXBhpbjB?3{QV<)qia^Pd<uvv-OU|!+>8!D)2gJ(5Hn1od
zJ*{LMTOxVP7}uUsEchEe5sfRUxw*O}q&L4>fr5q*Vv-v{$+xB#&6#?W5PWk@x)o8E
z!qXgMMhLlr4DYm2t9o^|4tu5?J{P_SM9TWzQT06A#`=6w$m94sXjo0uFv`DGPH>^?
zXk->_DZ44aqEcoT@z#=MVT+X}??h(o@wBZ9zn?f1bTvmz8)w0~J>3ZQkR6?@_Y<dM
z%Pu?Q0&)N8XBKG*cc_FE^P{@f=ZQcVUDu#-h_dY;vc!O0KXdygJ?E=o^v3dMGR%!)
z$I7XYm=3v6Se)ORqg-rkVw2x1!)?tJejaHy1@Raj@d%#D?Rrq+;PYG|do_Pmn?N6~
zFsIRxPuHtsySNW;<ky@n?=J0j@Si<^y{zRD{TlNe>NK*p|CE9KCN``Ok<m@I&>ng+
zrvja(WLibLRr`5`h#U3c_*we-*!z*=Y!J-f2QG>mY)CZ<ts_Mjtp4JZ0-VI~h%S&P
zDMoz<J0y#@^HGxaE5r7a()&bQEO<m=dd5s^BhVoK9M1__YR-R?%+~ec!M;zUKuM-1
z8jX{0zaw1n02WDbCEd}M?2CTT(Wl^(xVl!bT{Wr(nD;fYwdd9RV>~I8_coy%obsw8
zzF4r}FIrLokIxj+uXKqj6SFm+ks8IsTZ|Z~knKgETs(vsU{;C_Zatqz1BF2xqKg~`
zLnOhI{FzHXnLb-8tx>kl94PevJ&`82ex?}S=3-p$-V=f?-F`t$h4#*MUj<QmXN!sj
zV?%~tg<FjCoxWYW5<z>9aCm>jgN&pVALPq&eS)XOg-8VqS@Kd~y%|N|lo=yUZW$p4
zh&Yk_km12mHp;@ov@WS~1wi{?q?b1WB1gUjiR@w<j`NX`FqAC6bMS|&N9=<iP1zw}
z6{3FCXq#2Hb`PE%$niW^Yw7!#f7yhOzX(tH6%{FM$*uW&Z1ucEtr?GQd+%K9X7p^>
z`YT@9KCz4;$H!C|ra|zM7Or(QExKDw>$hPddbN<P#d1XUNH%QadRZ4JHlZJ){vz=#
z+ZPd3cY|nY7%@X=s3C%u67kMH+`lbW;jB*3CVR=n`n;j-ZJQ8$AffM(s}nU;%xL2@
zj6^ECjWGoz=$telsPPC7LzzbPc@`OTpj8!qyPhYcr_J&8;GQuAW2^X!vDc7cf`UZp
zDqM%n133m@wsOQ(4$Bqt5+XA$dzE@;+(BTVI!y%(zJ1`S1tbx>`lK4KCbYMM#0pg4
zys2BY$B`e$H<@)T!8(6o%5z(aeN7ZtxJCc23L{OBY<tgkN&eD#rL!vy;tb$wNV(nv
ztF{cIK77$~$g8zJrQSGuj~D#J^l|mlQS;eolYiN7BE?J1I(V{W5&KOmw4~ENIB4Vx
zD!a?r84?&bW7}|2`4nHnWvhhfb)0o0hMOx*{i)79qie4boB_XVk^X25d|CY>Y%NM#
zltMZ1Wwt@HBz%rJm4@sw>QhF|Z#4T?K|(lA_kkj2t?$O^7M;R5v6vYbuOfcz@=v_V
zFnY*V?{P4FwDHQJ?^({d!{Ji5+b>sYA}&NR)nCG}yf9lkZVd|e-Hgdf1eQtZbHY>h
zeawA`Bs(@TM>JEUFRIdN7hw}GztTY*MtEcxU{JRNASPbK%Kieo%7u3Y51fIz2M!|7
z*6RZ6i-Zj2mJn4*$HPa?$3E#Dj5%LH+DZcNjot74>r3zSn2yb^B+tdkm8Hr}TpTtJ
znt7VjDN=4m-{<)pyjY<uB*FGZF>o9tv2_j)y>=lEgVS}6sP7NIPj6^L|EKyp+eQ!<
z+h<rZ-zCY)U=R0)x=)vq{TD8z1lk-CbolZa8|O&(za|9AV2D)KU|UQ4ERjaa2BA@S
zQs<ox+86uyHLlEy+}<@!W$uNvGYSV{>L1uCEvv%_TVkh1Ad=v3|AGpf@uIvOZzPfF
z>kt`NVosPqpEt@3;Ll#%x!fzfPCUQJ{S4(UEb`a>2y|rZQXSsx8RX~Umt~2Du73Xs
z5u0@<PPGbE9Oc&43!%eYeNN*8=84*bqE)meB_Ez_JVB@Y8y7VOgZwm{9i;CcJY{di
zh&#8Hi;nOs4mlPgquK3cKW-K62iC|=K%okJIV}pBUY8?D#{F@3!dkq}EAQm*NK@aw
z9KK<PSok<s7QU%{<RSN5{_Kx!ezdX8TICX6Z?Wdda8f89r_d&_dd2CykfX1!RL&SO
z1LT=wXrx0QDyO;Cl}(voAXN+wu&W~Yaf2CWM>4TI;i+AhcXF7d#p=12`)7|dQReU8
z9zO#=Jk;fb{p>7}z|X2B?<K_t@4%ne{PXOCtPLuRaklh^Qmym`aFHOqLk6L`_4;dZ
zkuOdEav~EOqk?KRG0=>iFz4!R1Pq}&?gzUvwoI^gjpm*62OZ|l|EVHs+Te-joRQkF
zfn*tkL>8eeA~|wLNGfJf)aXF#Wmim~9x570hb_}Y4au><NDm(66KBm`Npu+R=X;gq
z8G?RIHws#iHfv?I)=BEKRw9ydlucWbBQh*2oL<vJ%Lp8YIV_B*_=7QO%ZdT#JVmd~
zx|tO{E_m>2A}^R{&QA!CRnmzr7X*Sn<HptOWt&t4^)K8{?44`joG$K>x*G>{m?xnJ
zGLaeu7g&0W8K%-jt(rsyFGWX@PLD*Q6XW%52m&(m;AWY03o&P?E$qY-#2RvG3e{mh
z2MVKl*2n-;Lq%5Q6S${SotOINS^UQRWYdnCyR3>?VGFrSp&`0K%OS?oi%t9zwP5WA
zHLxJ-P?*5cgP#l_FV>x|8qTI`J#zeVX3C`Z63tb&lD0zzQKga-2pC44bBb(UTLVky
zqT?3{<h^@If@PJ{QrmD%Rv6VVA0K`LW9nS|`)Itsf1(!PBrlW#iePS=TCq-kBsu5m
z8Io~=C)oWX;3kA?Adj3?1WwqMy@TvF1Jva*L49adpm6d_1G$>G_MiDkKdmC746!$g
zlQXbY>Jz^DHA_mb^JMB=B#>7U!d86r_k6cpKLJ)Fz7SSZ)aAbZOPhrkzp_Ly{az<L
z2;<X78>fLeBMPV`Y?APDRthK{OyK|X<%lOqC_*k9<`Jy-wI7e2&C|cfpJ|)c&;oA(
z<KkBuT#`7nh!*GE7Vl?|tYcGp`w2!ok($O}TPKgs5oBLIL0`G-5OV$?L=dt>2u6h;
zhBu)|q<hF^n85g0L|)59x=F&k1mT2%VJRg3;TOhebq@FJx)mh&7yQeV^Os)Df0G75
znFX_Jhu<!*H9OyPU?y88uiqYv*0c#mI;g%bI%2nup^>k`uu66mn*E|vX8M!zXPBrE
z)No1C+&$nrDvA=e`DFo;D=O77JOg;e-%H(E%ABk`id9b=zuf+QB(t>3k-4DH*N`%T
zB*(7x;~6@!paG>_N}j3p|9QSg<>blB*rCAGyQaUi8#>&*<GK0we%UD2BAt*AgI;~n
zvP|T)Qp0^e@sY=6{6<){g4Y(bct->x+$^;jm?Hw{!~kf7K!;#}h1)(J_bT?<1-5A%
zV>Z8B6~d205WFzuscj#(k1_Ze&}jD2E+C;#>OjZkm*jA0;!{mqwp#yo0rw=={I!r<
zsO313)0r>7lm*6miZn$HdHlr$6=d=^`!W8fFw+rI#wU||?o-NgZ66|6JoVF=tG9_~
z-F8Y=UXei~PAi-|(@4snAxmB3-(HPw8y39gq*1+>kzAVxiL-H6|GnT-a49@aFUf$1
zrO3zsQ76B~P-D`~WpI!8vifBuD9{F2t@l;y!EK5dq8e|m@?hI|&qH;9!ETnhqUB?;
zFoE>J#k}=^NgE@5Dr$aPEsj{QA4K>SM{GD)IWQS=KZlJ(-TM87hE!l3sHFdykN$gZ
zqpyAu0~tA~$9eTmOc;bRC$fxEIQFWT!c4lIJiYf`HkP9`-PG_qr+bsbCx`UR2}7@G
zvt^I03=TL&8#TW!JN>T_W;Rgx{I5^?Hh-c02I(K_OqJi}uqaBcM^d=xKuux;){l{H
zmWm4ocu0R2Xs^j&v>*|#t3XtHu-2~PYc_bux5+Q2e~ZV}U(SsQF_b<tHHX6IoEBNO
z@5C)8O{p*Evo2V(9>qJD=V`tCLm+1@prKJfc}@c@`W<$e{;@D(_4Y&mV3s<?j<&WB
zwT+{8zF}Obk0~l+{&d3&5*aQ0%{&e2Cx+@$g%<P6Ee|=Ym9q8RxM~XZ?3A@}(u*s%
zd2WID>-YYe)Qgykt2Iz6gNOjzWrCrE<-J7^Z)RPd$7A}agPiQ#G)(}F)OiKTHBY{@
zXyd!eWc<lR*o-^^2FlB2M+`?Ky{so$)?NbnxzWXP`mndl5}t?YU<LClsG!{By^2;C
z&Avh1P0~G}sAuk=n$&Na?OK-IqZ4zp*JeDh80Fjam?t=3T7PlG#No_etP!KgEzTW?
zUm^cnY<lKC&!qaB*EU01APNk*5zDdM2El>TM@9lTaDnNMJoPz0&nnj-Tb!Q0H3@K>
za5}<I0~QA8U?m$y^QsjyS$|H`n&TD3=5lamdmS8y*|i3ezsL_zOa)T0>WfN+b$Mcj
z{1Kg=2p;EOPgZE>Th%M<%2oa=NUo)s35M)=7WOq{Y{aZ#W}<nqYn;cbINQKHaT@f%
zwGOtB`(@c0Q**oIP*fzv`btI_TTIw*LSEG>x7Lt^sl(_G-PY2GxzvfRwS=67STn@l
zJ;Xks5I5><k^|TQ7lzsPLaMzxUfzUq8;c}4q$1}#7yacvrWU#y&%w`Bd(Z4V>WxK#
zt;PPYA2oth;TD+<@d&DaFB&qL2G<@Q(S9WJ8s^(MMJdhmv@!P)nw)_ZbvPFd^U!jR
z$kIOV<x0+PbvL#OrIkcc9G)C5?(rbIxkS-atL74L^<@y`MnYRECEAzYN2}P@OL=gi
zuE(F8;r!3NjnAIBXICDE%cGs#N+>xS@+djKmUv~5<Wr>ll!x0MzyFZ?{>W10Ci;)S
z0N$`drK!^`>T8FxI+CdkZ0#tiSj}aRIbtgG-!@PaCd`oYdlMzzr7e8WBWz=?P#d#t
z*mV&tBFK-b0_^I8tQKDY`8^Gog1l)1c3TGgCV5tT4#XX?mBqNc#R>L!YR33Hb1E%y
zxk67F7$n$b_Rpj)u`C#cEEq*C@-W~koGlIxKY*{5UI%@W4*LXycQQAyqXCCi=kOG`
z_ISTJFb&r<VMR&W<v1Syl`Z9LhnN3SEu*gKD$bflDbsf$(!`1^KjYKpL{s*7I$Qsm
zi1Z?ik!STQaJ{Q8^E&9qN^mQe1v=!C?}`j&@aGWVbS?vCRlo^8nuA5Am6wIt!@=wT
z-;*sS7HsvOr$K=SH$p=FJ!e4y<;@8!uND(gx6}Z4;YdOXN&_Pms3ju>`Tei6di)Tu
z^|XO=gcu7V78VTj)le>MDn8Gc;RE*`VJ?n}itGczJlMlK+X@8-0eLid{_jDsKs*dc
zZ#3X9j{@cih6?7&iIp|@k%cw5wl6dq-0>At9LAZM6w*MPE%*=)cS~3N0K%X@6D(%~
zlo_1jgu@oh50ATLLIJ5mZXR3?=%q878AP|VDTEPl!>VN>lJjLODWrF9BKRa88}=5#
zFqHQXV73-&4n~a51|lqAH3#z(5+`uuxL`MD0^Q<ZY<Zw#T#+S%cZ-jL{raGLnXqZU
z)s}s<S+f{52v!Hm38LY>iN?T~FxWtf1w#vYk+lVs2K6poq;BArtW=;|3aTw#3dnYm
zQLs$_!lbS#!~%~G*5f~pGyWgwk^{6r^Bh3)3P8CSTd)^^o|6F<RQHXY6&&RgZy92S
z=Z87i6aa2932BRs6terqt{u6~Wc5%*#AfN0Hx|DA%NSTXa2vf0%oQI{e#d(^ILGqr
z^Hl}UGl0kp;zEiocmycF1<DafAqAWO;C46|#;d$+0XA!alZoJGqySfmNL##OFy0RY
z;~vP`EL5PfZ`7`ayL<I!%{J{RiQq&)E1W?2%c5$XUHf-d@C|ZS@Oo0<6pB94z0TpD
zz7SW#f!%N<=Lc?;Iy;^yR`9yS%wX*#q@TCYWH=lbFA(uU$bRs+#*2v^U{(Mzl0e7N
zfsV@qyylI}lmlPlp@3X-0Km=tf2=wc87wy3E0Qg8ItF3vcSh>Q!e0phtYZPJqq2b>
z69E}HC9fPxA5;ML*FX&D)JS!Jb{h&v@2o`d-UxHBOEjQfBLP@f-**VPfirAYsx63Q
zZ~^I2FlI7bkbXGQRTVH^ZBs?TvkgvIW)Pl9NXBuA;Q7FaEdtb)>H=Rjq6$I;8aC{c
z1iHHpaLGdo=?@IN5kTHy5F&u<e@J!0=%{mfbplvh0yIV$Ajl19{miM@V9^=c3_>9g
z-VDO=Ihho4Npuv<3K-I_Kr_PtCm8_eoB$^Q6o4^?z`?}5GHo5rIcFw<GZ~1G1E*>N
ztRMir#vB9V>l23x8#e3<11L8VgIRhf1mI1YDg^%kdQA!RIwKLV6hq)m&o`!Hp}4Lf
zYyjT>PwO|S4nU1E;1}(>*8%y6K>G~Q@J|3Q-Abci{|#-~4~d+a_WdGSSdm9E1RCUW
zSp|?4peLAs9zc(QZ2%^AX$GtxK8b+B=00hF7-&Fxd?L7!1Y7Vgz&sZ=#Q`C&m&E|D
zmygi~i%XLKSB+2r;;7AoGXjYLWMlF)i=1b@;jG}7qHMtf0ACEr;JHBS_5ayuKrDR2
zJKHc+_j?n-8lW!9<hY<)pc3?dwm*~!mJ%caNM;NQ2IxQ$gZa;1$^qHz|MLcAEWC5v
zAe2Ax7+Bi}Y0@d)<2xy!B~ier{w4+#%Nei`15!Yh$#6vu=_Tsy*6uL@;vN8n3H#RH
zqmRsNtPm^@@QM!%IT0!3S|GG^L8PJfcdp`VA^?Cu7%TW>N@g%{|9^Vqe3RgOXS4Jm
z4Ybt#o&cDF4k#1M3Lp*}AkG6I4tWfW>zx$<^6QNi0J1JD1zx(%0T7P_5HAK0Pl5~b
z19}$#c!7)h|5X1<bH}sl8VAr<Wk6qnaRK;$Y6JAuu|OQW)Z~%?O$G1EBx#i06Fjhv
zbw&W3XC&Y}1pwzMpNRun&D7aeb|0(TVKW*K42pbBz;k@%V+FH53nb)ZMrMBFZOV@P
z0c;w!za6T6bpMMVR9@{978PE?z$0754~}y2gWSr6ABQ|6T}23fbry%%^1(=jZBNm8
z0{7a+f&kI}my2841OHVxL%h`h)by7zg>V#O7X%prMcx@po8a{(3c-fMU-Mzx6&MbJ
zwWle*G)(A}-hyF&zs9>F!>b49!sT}*+OjZpgb|23umt=)6{vYo1nEft?>l&1=1&0-
z9_ukgzElbmNb<inb8$?-t!Cg5oi7MniFJIUuQ8m7vlYSfKRxz@8vdZWQEoADxI^T=
zAnyqw>qqaSI`d~!fm<r75d9Rl4+u`NR)AWv3cUflOwJ5m1Vq(wC%tkQP<aZ1=&gC6
zmL76O1MrwoG4Qt}IU2zg@a(jSwlGb<LJA~EvHs^dw|Gs5Aq0L{G6d5%j|Lc1lSfj6
z=B&LT+Mo1+>@ryy8Az7{6Fm3T0TAyO9Szg)W0)|wnTqC1Ll}-Gm{&0`%vKA)lRf1F
zGU(h|1U&Pd5U5FLngo_Bkpc_q-ITnTyJ7-t9oY=xjLR}Y0Hi<o0_Kf5fe*Gifgt?l
zijNfv%t%Ze477Ji`e@@F!LSZKwL43=g$IPQc!oCcsU1`Nt?^6pM;ji=^pW7Hts9)J
zWI!ST6`~#p+F%+Yms`{)xW}9nerbr32DB_JauLSKr27JXF)T?AIu@3=m}^L@`3?4K
zm+gyjKh!=rSCR+D7M4LKxH~}Nmf(MG3b4x8gv3{lZpnW#!P+ipFb(es0FB*B>GZ)F
z&K(de&zeA|4o4v%uQUye!MYQGkU?b!p>jU;39q|g?Z2<AU<-x~*l7-6SX_V;1T2*5
z6TdOldhKCTrDwJwED`(ya0lXmE&QkZfH$22Yz&A|PkhPX22_CW0W1X;Fu6YkWa_p{
zALWDLr7qaX;AfQP!3lti0Ai&;m^m0T5F&uk=bZGvkpPIKUjVoJ4~RD10Ynp6c%DGy
z4ge|up0*A!u4X`<B;du;051jvWO^VgNCA2D=Ea6@+kM`L56mzC(1J2B(}0|2;J%nd
zaG@wb4$#aZVB^SujRQWq4salfpOA|Jcx@kF$W}NvqRqh`0oh?PFb%+5;Q#qB%>SJl
z{O2zLm-H$F!}82Yw#ni6iZ{-U{GTKu3P>J_QLqF68asgH|9M8BgBAc4D9PadKy$wg
zB%eJwtwq#Af9NLO7>mZRy>RHlMBtmVb@eM~LuYQ1U{jKsn$LCD**D=&Sk84e;VxTq
zJ?X!uUNk5dGI7?vJC`e>f-Y><V5glC!gA|jkpp)^!qUIN`;NuH_7LeX)sW3N{OQx6
z=rrLCijmM}oKi?SD%$6wMW4_SiX)rJ+;^ryN7ma2CYvGpqp3`>V)8r_EulXJowv5<
z*eEa!Bx?f_MLFr0=`!vUt~JSBLpQ!a;wt;!6*hWwB!d;vb8gYT4Y}8keHe1DKTfa#
z8WKfO>5$Pf?jtuBi9p>RAi4SR-<2L}^rRjUG@0u1%0))k(8`bh5*qAiPra@svYEC&
z{fw3!`Ze$0fMh}!Nb=N^tov8~eT`<)_ltM^rGp;|BwZe4GcI=YijE3`(eFD2;Y#@M
z<vl{GZV+{^!DiNB<t7Mc-B8{#p8>Nz>x#XvZc}gmH|qsmP$47NrDjHA#-g9^%9Hp?
zL(iN1tCkpJ@m%6C_2sf<o@n^<<>L5w_zTn+kGA9abA##j5tO;$!52152UQeIhVx&r
zWeq^uifbQ!cwAX?UhiNj1>t)}%5a+}_IEG}5>$%{RMMm=4pb?L%IQvv;r!R$B%q<W
zqwBHclu5zUj0j~ZmbhJo<Hi4CF|R#3?SbU`3j$#JoO}mGfdLpmK#R5|<-y{;ublP`
zn$CJ|x#;<ZvUt%pT=cT6qXA$3qo99Bg8j`Nle%+gO5qyZHJ2E8tm5#wjbzF(i8yYD
z_WlM#IoCSolJe&4;0c~4Ukz4xX)rqS8HQr&LO}RvP~CO`!C}OzC_DI4@8+!R$%jg`
z-DaWvUb{Fu*vSK7Act6ghjx9pJc&nj)oS^JW~wfsKnZwfCn}ytbxyafk`9SB5H7mh
zJ+FWf9cX0m=4|EePu;g4GRFwQViX+Uo4xzXoX0~ltA}K2d?U&TE=7{Phku&&cd4Vo
z(f)pcaw+2NRsGwnzYQA><fq=@#9}X*5XE8(Akn2*gg3~67Lu{TafC0(V~qo2q^%)(
z6ByxG1FNKQ`rjH*s84otHU+wD0=<E}FX^(UP-w-E%go!ernlI5meA)J{6hE*^VPFZ
z)Lm&8pnc^fIK`_RdnY4Q)3?DmlEEiYJf)Ul?z;%+;K1egp$Y)OALk;>3usWY{7I?b
ztNlFO!H6jo>98RzkR*)3k!KbJqGboa;sZDfBGCYddt@BoUTUZS#5*zoVtNFIqT3Wq
z{<?th>VJ9j2n>r3eyAzObYheLs%HV!9}EAh4m^-=?BHqhx?VxG6^{)dgjEA%Ol3J2
zJutI7A?N4)naTs?5mRqVjQ#jK6lS$Jk&y8p06esCoJT~o@Js-*pDIuT1wh1~0w<<`
z-?<VbYzuYEP9lck{N=0Y_iJ|2-*5-gf;=+<Ui#b1wKv7YK%Sb9XNKX?V|$tL8iNSP
z!*YjHZK1IJ2Z8s$L9l{T1ohbd2gVNQCh@?Q1e4d$_Hy3#2wON>O<d}^Hre;ij!%@S
zI*{_W{~%VO0$^lw1A$w<=>7*W4>emvUpu-y5ujKX!364-934RPNGAIIIAi@=9A5t$
z1r)X3zL2ay7go=@tdbPm0|elvFbwCJu@A_`2fcJ7?1arwDRaY@(+P(e9hTC1Fgr>a
zB~lry1}Hx-E0ebcgY7Kf#=-qnB9X-E3(b%3Axn}5gd-r}4H!(`>#TDb%y719%Tk#@
z{QKW0AS@<kp#pHQw^T9agHkEE$tWLGu<L-e=@J^D+i;cbZ<oR{ZFw}UW6bxPcvAF>
z%cuvNFU;b<J9PVovUgBv{dzx&&c9sy^?(&B7x!kt&NyWqy@N$52)cpU#N0$}d%M7t
z>>$n4qDTq9h->AdRq{ximGi(|wQt{ZmnZ1Ua`Al2Ovf--XuLEDgIo*A1$VZhbuA#z
zG)Khs4`!V}0to@326YUkw(7g??H+l3de4i)=VhEz4hMLh|HvNF)ub2AZvPw}I)pzC
zuuXdY!vhNbQ`F?b>^a-r_MA%pm-v7X5?|f+SD3toD+CzBxhpIf(b^B(u%B<2rYb3Q
z<Cfhnt&#&@OsBb!KiOegZJxdr*Vztj&L+ryde4nHY+$q6?#4y(<HuC?+7I#TTWiox
z)#Aq-?=Meu$R6p_P6_^($=W}oYsgHsG7)F(5tzEYCUNdeJv;+Gy74hutj{2a&29hD
zRhW5m`Nn;>bAnGr2BP2OFaz6KR7^y?TH!u^3Mr?IMZD?)hM`u(z}xq`3%Fyi;|_#9
zJMdZeYW<=%%-QCevf?{NoP4LL{3aZxW8B_-(?{2s&%pAX#tyo`=8IHCf@pEHKfORg
z<o}`SEr9B1f_7mbIDz2q?(P~0?(XjH5L^=6-6c2&cL?t8?(PJ4g8ZBJtN(uYR!yBc
zYqLGwz0dTt?23E*MwOq>3KO1huqqOqp}cuPs#LaEqwwgo$^UY7Ocy1YReyQ5#IQW|
z$nommg;Po53w)b*0adJPGtl&r{WbNNe~lAe1?2tW_9bCs<|?<~_RprGY-4tb!56ZX
zvXD#BBc7JLv{CtD17L=anr<$*r3XAOtPm$lsqvr5M-4=eJmtGOYdX`Si9ZfIQKaY7
z8p6pxSmY^ur(=PLd-W8BruIbi1eRtnD*`T~Pkq%*mfqEepI476!uCBBEyd1>9XVu6
zE3yS|U{<jl#M_*R{2OHn1-UM&bHY+qoXm<SAvHog3?vl@=k0w}g#An_Sf2YLBKaFZ
z(QZ`d_y>gk=@-X~YPneO_J^fFPZc2sz+aOI_-k4}md^CQ3LB-=_%yTYl5LSp!!@UW
zUeCsTFrJPJ;rN^}1E>g~9T0$a_(uviv-{xvROj%4`FUaaG==S|(C7brruoM9*JM^G
z=f*qvQ7mfJ<HzpmKRH+3Ok(1yjov=|+o0s(g7c+2SgFfP)6db%(u2Z8qdG<$xVynW
z+!Nk*rJ4FqHFD;vnIw?7X{K)RB4|Foo@_?a@^*J@u>y*Lg0>Ig+9fvhg&)yGHvrI$
z8vHN>1uVcvUTvrwfFKFwc&&40@b&x|1oF>!lGLz0_S%Pl*SDyK!BV`^Z6T};z%>@_
z1@<gfNznf?M&__9TcBDM)zAG+sQb0&cKkjJN;MiK+~vXZ%?pX=r2Qg}$&b#N-(VdO
z^PeS_6y`%Mg1y@rPexlnu7;=B%`AsF1bflP{0?^1#oAA&*k4!<lVYwx$NWoxro7#q
zsgwUi(T<+1H~Yr2U<)z;mbh`$5(T&Gc?RDrnas(Cy9AcVFcmrD+XHr`;1H-Ysa?Sr
z256IT<{hte+>(#hw2wYePT#>EUn!Cku3Y~xA(C|O`Q!Xk0K)Co<G?tTt`X4C{`?l%
zJ~`7b;#BXJ00>Dk83byHuFID($whBVj8z>9%>jh)lhd@H%Zp(3ZcD$AJz+B)B*W<K
zBOStrJ-JzriYGGVCclE@J#@4XI5zjWGr6)H>hg>Vo{jDMX3ka^-&*lTz#bOQk;2+x
z+Du}RwJu`9vb;~-B~ryeF@LnQLS2VKZtq)7egYQ=%xvs*mcz`nwG@DM*4x}9LW_sf
zhTm{V>Xr#c!m^k|57+0{ZAm{Bwbl*7Cw8f?x9|8QhKt@p-};IKf7^!$|NMlXa;W=u
z*Tl}5F_=pUlGCZ&IwpUt_2QR0B@qkpY37c$$bEEJF|=x6=Nh8@npj`dAjTaC>jWdW
zeuFe)_qD4lX5tew=#8j%1&y>T_|J0+vX=Q&SQgQ|*;F}ZQ7hsAJc7{_;?Y^{5%ldn
zaLyKSJor}M?0R`_&QMO=Dy@{=g7up?)o%^csnX#u#&s515bQiU57K|&oT^E@n<Du{
zd9yj+xOQ5=5Zr*vh0I7Fg(yT*R@g|7@`ken9@edu$|8d*YLFk+9XkoV?U@a71xRj?
zP;nfIQi`knya>HTti2_zy(<<SToa}u{@`HX+*A(bIKfZv+dgZB3y@rJqBXD6I%&4$
z{B15k0;?&ns)CCD{;R6-TNwSBHVV)8`Gv++25C2flw`NCs>U530X>_4yeGJBa_;up
zy213iwDj0vV6U?BIAGAW_h^j>0;~QPBs<ipZF2qvwxL<9k64ebI_HS_^Ve5{0pj5o
zKJ13Vovn6^^56uAH;)FzpG&{n&5Y;8aRfNg=f>s^<e1pYTFAQoJ-7eD;=`TEH~jSg
za({{HFSo>iST@OeVFioL&n4>aahMYfDWM;P(i~_3vk7duV*lv`?gzdH(f&gf?5L~5
z@8`#;g4)~VX&F!2W<yBsyF2;R#+IV28tz*w;>fS!lKk8C*1R-p#)axfQk=W-+GGCj
zr%M}Wkt?u14L6mreIPk<Jb6#$A3O7u@Elq0_3%Kr9RJ0A17xka_97U}DHNaq@u2AO
zf`kg88)3#BoK-wc$V;(5@8Fyv(d$V<wc-f>J1TwnlZl9FkK?MNcvly;-FsFOe757d
z7+vUcuctuQZP$M8XYG0a4j&F#KlC5YV7ctVjNSHy5KkzD5NTqx0YgHIUth3t%mvM1
z!5N_d&I+PJ*m|Y_fwvqB;1TTrJSyD(km)-MV>hS+@cvu>{Y=u$_7{lJx$#@Tg1ZYz
z!0mvr;K1eoT}+D#@!AR`kZg+528;#nZ=d{|@O%MqtH~V<E=hk|_QYib#0NSP`v&WH
z8Hsq76HElPH-$HN3FEQIZ1YgjUGWy8HHAkwo`aRvxW#<-jogQt*`~{AQNPb|ML&@3
zFQSG1R}p|OL01hCLFEt#k9e4!txL!d?Sz1BP`GnX-);AgHbgR#?pnZ)&j9%Ii@<hJ
z@dUK2?(Q;Y>S5p>VGByOqH=Hm&p!{~`PYcMir~2M5%E|xhZe>pCSZ8$wH%QyDB6lj
z(UF9$0fnOWs*K$NammFaAScWYh)Y%i^Gt7GMly7np_*lP-a?U<p0Ch>Nzd}`V-GGa
zum<d&@|I_YIv8<_zMD|$`&eW$@&v2K0aos5udoT=jQ;&`|M|eS04L&z069l==p*3p
zw*VH&k$?{Y7w~;Y0j^$u^bs(j?sVK=CZcK~QzJM5^@TRiQCZ-}{E?<Uf|FqU^21-d
zv#E>%ELdp6n*aHJ;S+i)1RAhLzHU#%Gk4#L!<v6xXD~tjYC&XVjI1giV)pg@97u`z
z26zGYB%vX$X#sBq;>cHgL2}c8wdkx-u=Q*F1aNVwjFTF6qy+@r*!UV2nK()yHvl2%
zGvpyWoQ_e3DD-yBo8)5oH8R}ZEbFI#o_H-!tdT`_p8#Pnf72hjaoN--khcks1|n|~
z{sLaykLf5mU7#I?&!;nc)l;8GeAZlgI;~xEJRWB=7Q|_<qSU-Go{)n+z$-pJMQ0zu
z*$~d}9ukKzShjn_nO71KPInV@WT<#a5$hE3O~`v1D8f9Xlti|o%1i}E{-uJ2CUIM0
zPe8bmB5O8paz0pYq;ih^e3g2)W$sYsWnEsm>s2^wyxB!hvO|tbU@<_eIZMN*Q2saQ
z{6=7B+;(HX>jx%HB4+KF)bROk)6>9$1Cyq8_$iF#me_2k`@JO6dSBg1hij$~SLoDW
zW?%7ch&b=#1qB=GHYhgVamFzv4tz5L{$AZC1<0DS8cj@Jq%SHKw#ks@PEQG=IbnpW
zPyGo;Wm65c0CQ9^VAwmdOefsvYeZ8IM}^?188=EDSg(ZYfmC#^mS+O~frwPxRhtsB
znN_mmPHGE&`E>wYv{`0YS0;-ptAb%d&BDruU<8w+Jy00zgDT=86L%B+Fff$-v#3wf
z#qR;9jEvX74^wWYPe<l(G7z2NlrfpIsiO|Didp0gAi|FUlcubG+itC&@ma~SyA^-Q
z$8(0!<f~HMeB@7`N;^*@j?1ZpMTM*`8dvB?Qaxv7ZYyNqC&?~Qr&)@cVh9I<OPlno
ze-zr^c?OXc49Ma}EAU1~XWm1iVt-MpYwmeoF5>Q8DoD(D;YL{dsg69WkEMy{=el7>
z-MGYn>K@s+lcQ<(1YV#|&N&~VlQlR7)0irf)l_)rw3;+KWThkh;n&PEK_{>C@j2k|
z5V6rMvHsx0k4K&EZ<5n$^T^8VopVKsopVzQQ`e<khGU&mhVshclP;w!rfyF^9E!=I
z$9NV&eR{v{8+9ZPCLx>AXzP;_`i(6^^YEdKA1K?)B|1Hf7wSy3ghieaO^nw*qORj-
z$ubJtKu}^Mnk=^#pTG`k>7ayu_aPNYqfHlj#`&Ry^<38j?B}QY%ZY&4#mYY>DsMoG
ztp^F>SOnO6@_!}zGClO^Zp$oy7m;iEj&a=tFB0}KeyP$j%xMoKFzG$45rL<W8n}fW
zrR4eu_C$j=|3Q-?k#iIuEA3BK#8<GFHBgsrHe%-CY`m1S;)tQnKD93PNQB%$L#Cvs
zrM2%}ke&L}q<cg`-D?e55LC46B(-|HN8{cvJCn$*{sU005~@4xTe9k#!!H%JZ-=(?
zgd^U6D+jW@>OU}5F8xb!+@7zaUeH(z?8Dg(wFzT?51CwCr+KTITzt|wXQ4W8lTrO4
zxN;RIcl<*fJrWkn^GuClzvbH8_XuSux}>A~vMk1ppiw?xOE~(8k3N=vii{}vU0k}k
zaBsc8Zo~9{C}*@Qh0nyDh6!4hV#m5C<|0^fOltviw&1z)((c=E#ZKMs-Gj24%1-%2
zX<7czcOq!{W74`MKzKXNr37ovOZe|lyWx)uOOHIJhMt6qGG;y+gTx9BG|<<yFhf73
zz#2UGd~F~z;%5@_TUc-8ucl=(ck4%3c^nzjtJM_=Z_?{^zTp3>K`nh6ZlnM{Ydyh$
zsgzjXZ1K0~#kH5`7o|9P&L;@0Ty+~Tc3y`D{kqTq_y(9jcwM6yJBJ2%La8_z9S<`0
zP;|=;vV<p+8=B(KBF3z?^x1HEe|psn_O#TNjVEY6u+2E+{-AB1A_F<A9;Z#%xK|+3
z$O60FL0IQ)6;60yVkm{-WV_lWPyrh}hC7)_{5?mi6(ZFYig6KMw*sR@lg_bLJudSz
z`2}H8i{jOofD)=knV0gAWuF(sYqh|(&6BwEoJwDmTO$@9x&_`zu$?*zU@CGU9TPaT
zRooGvd#wq-$H>`nKe<V-Nx?PMi#wC-F_}!KYPDhfAq^WM`)>IXlj9hvjGqtPrGO^P
znbkY1J9p(ppVRg#c%`e-&#m+mAp-V5DbRwVM7K?rcA7C6zF`bw7lfzJ>gL={n}%hc
zD)XCGdqCM<R2|gL+@`pT>13MD8_enkZ+414I!}`XQlUo6jpm|wtm)})<#`6rl+20d
z(fjGbIr14PN;)Uz-s7|pyK9DL%{t?h5>eM|+`Z{OVd9-OE>>c=h^ZYT;~TuF_^#aN
zIs~#<QAQUVdN)A=E?o;UgO{r}@XYK<_&KL25e{xFjuM7D@v6`}Mrbm>^N^4+%3(co
z*5gJ3S?G>IvuPXF-0n1N@p$Oxt!-udAp{hG>7o;FuW#PnxtqjO9ip6n8b^hxXxhFy
zQ8Et~#O}`wot}!!Iv7psRJ>H2piWfzorEkkvLK-xPbwBhrk#+T9Ty|NE8qBQ0dE#>
zKRW4~lv$AtqA?os&O-GN%oh3ASO(fhNbn|+<Xsj?;dNZiw2T=ITvtS+<#}vpILvG1
z3T}U^=g9~y(Yl@-kvk#5rS#dX(I4Vx8vR!698N&RRHl15uy*Jdu};2!J%SuT3_cB~
zPGUM|H~GVEG6vN$1bGl^!@Z~>G1zSV!~PrhYRL}qA=n5;ob*kGE56~DI{vd_nc(Li
z%3{MXjkV=y-j=KVP)`>KHO9|b4aO^l8uW@;e@)4^nj<8kn)TFQkl^($%9*ZaIFO~M
zMfaf%ZOO4%1;d14wA!Lq#p2ZIC#2q3SFl(R`iZ5H&B@kLeqv-mVth+G$;^T-QDTNi
zZ&B)|HZ&FUOK0k$urp4}^?)wWd^Xt`qFl(Nac6H;;SP*UscS=lzN$e#VC&!?h*_q&
zKviC+C~ToKkJ$HE#=j_AIe}}sE(UN_jv;P!UP7c^jyLuJMr&aMF8jH88Ls0mTHE>W
z7qo`+-#>yLiJs-DD|QIqppO=RdO)l6)nh}Nha!<B*Z)dl?+7R%;b{LU%&buD{c#u0
zy>~w{w0D2);mfb@k3VQL26KK*`^+b)+6L(#ic>5J`*(vS40rfSt2u#uFuJ6U$9UZ%
zBLbZ(XA!ashv4j0e|>5CDw4AFBl3T7?Yr>M?<ljj@q{tp{rmo*2zX_^#n1^s&)`@a
zqW0R030_c*Z+6<0mmVn_Y4u?P4zoWB5g$2)QTf06!?ZMzTMha^hukpR5BDhQ_x*bQ
zroHLE4tedA8D71flln?zzIgrtCR+}Xrv@R9GEGBwr~D<Zb?mMV%d)D{)nORZ^*x&y
zCKy4-)~E!+&Zz_<Z^!t>YTkzTncAaaYY-hp*1evl)%Vq!q-|zC+_!vUUdpF@1b99N
zlHzBrnceOdt(n{$n;iuFDDHL2RV*tlg%W8<BRp-~;42qs8q`aswX;S3-wi20=4sk`
zB|qkROr<m__Y?}sr=Dfect7S;hMrP<E!&w=2)mt9h|J|mg?ysV`_4t3MB@k1($;O%
z`9$M#DXoT`c5~rPLU=}<cFoen&pqU*y}CV#KQ!httSlzz6AY#up?-pGQe>{$EWQ?8
zP}LWwX!<exw9?(x0QLQr9t)7aHC8@rZnFX9DBqz3H!z-DHR38qnMb`HSA&)Hd5}5I
zrPa2|Ol*gw!C!@tL|=LW)Nmr^#J%z+Xh|E9*3617e@%NMRSlJWrdXDeu1VxbK)^BR
z{UuYe0q>3?s^b`1d?|>$1B3RnG!OjE@K@oSCZ=I^u;!n}8~qgo0vX#2jRIKdPg*dl
z$=$&&?hoLVg=Yhroeb_M^H34$aL3~x0hXWK-(6E;TVqOjNFU`%{!jZpVo(&yQn_7i
zj28S{zU*4p6(NVgVMnPODVE#^$3BLL+tTZCV0%W9sr2ntjX1UEO5GBP1{sHqi+Pwa
zir@UHfoDP)>s1YN85`qO?T-@Ob2&LG3;aQc<($ug8T9wf1;?j7mMl&Dqo%`Yq;G<&
z1$j0<bOVOs;b*IjrUzoz^39VXGveNquxS)?f>Z*e?|<$87-#h3@2x*5lQ%w5v^3}m
zG8;T1sS~f27NH_+le{BHvOC>7ORxC_$t4A6U)SVFvS(4NkYhH%W{oAh4z0HcVkC-K
zhK?47glA8xJNMm=ri_$nJEq^&{$2W&FZX_m%U%C;_8T1?)A*!S2OGjviOMk0s1EUs
zom*U}8v?Tr`7o81N6(OCWF13l!%4G@F0^dtj(s}sXPM7tr<&pQUOcU;0w9-q|9?yb
z%9U3I32QTGk5f&EVm0NWYjZx@w?BUh)()di;<B-P&=jMB4zQW=W8%VIu|dKfG>B4k
z1kH^ix&{Q8;^Xf!Ff9_?OZT3o-D*Mw7@Yka7(VL5B2!G`+0|#Y06^2St<b5EYu_mv
zXdFKfq&{GO`t`4hU1{r1iy|n!)3Su2h7c|0Zy*ImhBFe&zVa7eR`+6ELUnp@!DDMt
zR$p<{nj&@$RByt3TXh!jPv&r!@IRvPyX4bex>&l`&_c6+OSMlp0t_;Fr{=g_dy;_-
z7L|XtWDj6e&LP}ucqT!u&qIJJ-`1YWD+F#jE|c#sd>#5aE(x5P`%*vN+<)icWjezA
ze)~Oyw{__$<eheDAq2ZMmBY0vi^(2;%y7~2PQ@~~l^8p;wRipK@!CPOSAFpF;VJP=
zihIHS<oz?}jLf4&KS?jsUWG<@{NA7n2%p8CUrq!tJj(;O%3^%6d^y41neM2b4gMGB
znv3@YyXyoD|Hpo-0_?XsA-Ef*FE?`p4E~pSf|C@L&k4$ODVWgjIIm@2qI6-nDz_84
zxYO8tm@N#MFT3&BpA09jda`zY^3>}`qpucrmcxzfua%aEZ)onkQ>{I~y;D6_;(UW@
z62e-dF+02cp)y*tpL9b!N@Mnpe4qI2p{szQV_!9=B4+==?2plQzp&F}vG-iFELZ)i
zR*~}9yP6w$v}DZH)|#VpW#fswv&5=!zC;vzbY{%;^x~t}yQ=fxv2(sb)6o0}s&B1L
z#qv@<ufuE#dvh~e#QQt^za!sErZ?-FKRY;FFJf=xGkE9QN7sglI7AzTOEnK_ip~H(
zA_l+PmW>UdoV6ar=~S+I?W1Qv&F3J0n{jaqk{vWx-P%(l5W>R-QnsZ=QnM`9p8Lrn
zwh`gy$CUJ$D4!YXo@X&c2NUFOjyk3H?hKt|>{CSf%-VJ{M~t9E&mOY_+HsqfEB>4V
z^IPx0sY@uqbgU;+{q020K!rmRjgf$yo%~E%bf5QUYJqRo(VPSYpU&VMA8%``5(0Ps
z5N|a00Wc@`KQOoArbqFK;+T@+*gSe)WYA#XS9P5`-Le?+#GE&~@6;^{-)EMvQUt^l
zH)xqp{LN23_&I<R=?cH2W`K~&x}QN(diigjLuHBSDPH1_jGI!m1V<`-kZiU{I^kQx
zgr18oCpP2~ekS!e$53&io{Mdn<Wd$%<aM$GBKra>V*5ne`9Cmw`=;wcoVqu)<Til=
zPZU0e?fUnbn=F26hK=5>hr=R1+NXzOC<Us{Mm|c!lL?xmIvOWFUZ{L0_*<>6i#CTA
zI9Edn2Y+Pd6_7LrKPzFy;T0-XuEbc`Tg5nyVJEf&lbmsQb0wc-GpUz7-?!OX#S?et
zOR96BLjkugVu%sm`Lm9pYK&v3r3Xz48hfobI7-22nr4x|z#U~D51!qZb(Dh&I(}x6
zV`TepH=Z13YRrt)@gEW+`_|i>BT7Cdx9k-X!L4=A*jvQ^8@?<fohPj7!+KLZ?dVy6
z5l}`rPORA1Mmx9s?ry!itrSU(04Ujx@v7ok;~K5e-ThKm7*q~Jay=H>+hLDy5rYxP
zbcL!&eH1L&l~Vt5&(q!twS9m^S`thn{;;ZsSlyvG!~v7$437XaqC4>G>|Ubd@ocU-
z)}#tdg{j|hBCz*!d_1@5{~}gAg{P?&SxekquJLqkojZ!I3;c^2N&e0rG6nDnKtGaM
z4vV-mh~9pp!;C%#C@6axW&p3^*Te&nm++t9-<ffZx_7^q<k-jy5AgsZbGJ0<jWfLQ
z)?DHUEm<Zh{MS(U1{g{HwW>54%B+fPz&o*e65M*oKMG-Q9XJo~O$f3<B7Z#A1-s~g
z!2<K_@*g7G8tnR*YmR2RTp4nc4e#+)5IpQ0T7UF&G#G=iyGYz%<yK4GPEj%u(O*u9
z72D^=%kBnNlf^0$QFsoR@w<bWGuum023pL8jNNaPrT#)=WK*}p5=C9{v-j2zSYwBE
z`>gytwKm>dy1_UTZ1pVyP$DM=r@qIR`7tih$9fj7?i!ERb_)bk3xB7H6l%Xo{%d6J
z5k#oUuW@m^p~l5&j&<%oL`5$=swPW55t)H=`GYC9wH%@N@?Pzd<=$Qh-S99ys6KdX
zI+F?pV*UKCO?W$LvKcQ3JfShKG+grcB*I7OCJ^drx5mhxOq{%)!%lm0W--`YIgqIU
z{c_vi<%e1Wyr8<73MOyO{&y|kR<Sp3v~sBF4Agv=-s)~TVqgMm`LEe9`vWk!h)bS1
znu~X1I}mj|#g@A7k7&^|&R64|L%Y%G^}BaIH%?O@LuZ~(8*|wYg(nSurTaK4g?<4B
zv;T_M9R56X<fphzf6qm5D<JP>5Wbbo;CBJ5#b)ewFZ_YTkcl)QY{ZoI$7P8_x1U&F
z^0BRA$Hh5MN0UdFS^};}!1N{ih?G;{*Y0Dlo;;8vE-E*<soz;Ua)O(+v?A&IL&?rr
zU%}oh!ol7P{0lcz|FNFzX;14*<3Yh?t#<+*qw~#H`7ncVG2)~}f_oLBJdf4UPH^pj
z975rPp@L<TK9*hdz@X2WI<{eg^l!mDk~d!09>E`aaJ|=OET)m+ThZC`6A7;17h<$I
zkqB2_9z~h`vK>_oF88eyliyB9LntLH_X^@!tt7kTjbs>3TtABSWrWxNNL=TGVJ<<n
z;8&G$!a-R%Zc46#MmU1gz7a+1?$6(y(U6zdN(qqtK3j!hK$VAXfIC{5PE)YuE`GNT
zW<2^M@yrr=zMm#mJ$UhcHK48;K_K#9t5xyQmb|ti87QIHBHLh%EBo~-EUsOGuw>r^
zbBE3MfsFVNzeMxQrV@3QCf^?H{VRy;>(bEaSy`R&DxG!S2POP&qEp7sr;nY?9Sgrj
zd*~4`awP!<?0`QcB<xnb;bK7suKLyJaeIS_Qh?TMw!jbiiS`+Mu*=PopHfzeqR9`+
zv+SqAQ$9+L!O}Ds;jC%m)VD_&Z#k?fo^#@*v|?8o@}q=GUdQ>J`+OG2t#rb59yBpw
z!CUZW-&AKu_<W8ijpoo%iMPwkd5|B%#SFXsu}*Z4Vs4Q+Y0c;N>Z6F|#=TCyBx&rL
z#|yq|%dFdGZR@u?ayZfB0Gf(pYaMF5<CmY@)30H7WBQX)wWzlr@ju0VM8RA?9NxW6
zM>x0{<dtic5|=usprd&kLi$7ynG$g?rqk~-#+|<{(#JVEb5+t1@9Yy^eDPxx7}xA%
zQ-{9!6)I(K=}-z4p}Xf~=1)M!rtq(r=z2d01CRXRPc-&^<%`+hO-ZS3?zKn3e6J9S
z<{q!Ifh2iTY$0^kz7~@GitzG1`~f`5n7TSM58?iBv(T6wV_AJVzm%nh!I+MCI!BKU
zloiVxR?OX)0qd&+FIxvQC(RPqWp>i;N=Est3kr|bLtLP?2=Ei-@IqgcgF=q}rTU}5
zfirfA!tI<a%7h>ro}(pAdy)%TCJ4@vzkyjGkr`OEc#&TPGQ8bw!@{qVwe$Ryb9uLz
z%K{GSj*IpM1JQbIF_C~TG0Gwy);RrB8<s6|koT7jUQ|1#VERCX`oCE1noQu|!aJ4N
zlgiKk3bOetaeMuM^iRg_O%w0~c_BoizMqr0NJvUR1p-0u<!4I|J|OaNUcDW&O_w$D
z!X!XjjC+hWxDwEf{RzxlR<TI}+v}70v2Xv~Ot*yQk-6s)($(aIbT%KctG)W^I(VK7
zjK`5V_^cov@(VrP{Yt>Jg%)TEy5%%Zvj3Fgp5wdCA1-bOq_w_vgf(kK1Gl?nTo56_
z=TRbpff~&6w*@-}b(L~&-bzZ<G3klNT<(yQ6^7%Pm1qi(s)y94`ElW#wmiUP?+k4R
zzV~oy`y#nGS>DQ~AMF_heEpDD;RWWZlI+Q9hs?eHyDmigc`1p_+!Ye^1|M!x0bB`K
z+(WbgH>$kwDWkU~dDf5lp8=1!M(SXaeA9%V;7W+^X|}V?716;cg#t|jjDAU${K|CA
z_3+0Cc@X-B`w+z;0opq!u8oNw<i<qbAFar{=24z-iTchbx1b{>0B*9u$Fx#luzM}%
zI5_{e94LRZbHZgJnwMzaosXFv0#Ovjs^~})l`Lj*rB4ui0hN?`O{Ga$jZJm9!sRgL
zHKCTEWMnaXoD^v;I5;=i`q8KlWM(mhry8sAtOTgF)59K=w$$wA&GowzIKWtUgMH8V
z^(t>uXYVSQ+0vjf7TG~f1)jqu{A^>3>Hh4K*)>+Il&X;CDaZj|PTl%waz=nSd8X5>
zJ(`czG&jqFo5j_%iW@8e^JEh=sSeN2+x;;mBRND_M4n`NX1I@uoBNIQ&Q`UARfi}~
zo&LD%nq5y=4I@dJvT(0y;xM<f$%;9GVw7+P?HOX>LQ^%HrL>7Vy7^0}z8*T&k=#gO
z9$vpHR?M+#Fg^lP(EhSvL+GMLzI6}Cedt$2l}#3VN9$(O9lo{($xv8pMtL2+a5xjJ
zv=8`U2wrIomc0{2Co%OklrRdDC<3)N)bUn<DZ}~eSD78vz$Pyc#5o1v7gUq@@RPGa
ziq1=3gDRf0k_qyor|DC@C5TdV0Rdk|GUNK_PjXG9$@b>XQp+-5%7<?g>nlcMl4%Iv
zk4)=E8Ng-C%;G}G%&|5*WPoj6`i*S=1r7Gdn<Z}VIt<eaiAJxZN7rHdW>z-PyyByY
z_n>K|IOY46@8d=;Uwg+o{F6T#r{iTU=gsj)dCiVbA1Y`5NVZI_b9s&RlI@?*;<}H=
zABT+|txlic+&R`Gpi_~6>I{dih4%Ay+}r#CniMs2u|7T^h`Ai;;+@N}L6H?@W0vE{
zYA7%1M=J6uj4V018|*fZM)TtrM&k-is6hbi^XK?`<ZY12>-!hW#AK7}YVL;0oYP)C
zy4avSk=d<*Uzggy!$a}vUJjOP!(_C8)C*X8=2)C>{zCo4hV3z$^p20o_cdP=hk;j9
z$`1woo^6bxK$*+WE^X~O!Oo@D?Rh6fXqHIdE#61pL-b>Mg0ao7`TK6$3VnpQ(<zim
z>zcu1!V=<7#B_#youU`U=R$965o00j5$lLS1e03n0q|24Zu5A(S@ZXT=g)C82hnk~
zm^tXP)V#3hgKS$vSgz~kZ(^-^OHP>VW9wc;7e-ZVQS9GCqXn=A^)JgkpaT$xvi99~
zxVyV79I3yVe`khOCiLbozI0cdvoHX;uo3O^$X3Yosq>VgHzA-OJx~stMD4Q-{_~w)
z8cy?7y!h~S{jM-bF$m`#M*c~y`3q{?*~E91+&LOG%l!xKv^=Xw|7v(y`R7V@HL@;T
zjefyVbguMy^WL@ztDM@fUi4?2lr%?z9654>&?D|io^o%z?5PI$w`&}!UXk_Nods*m
zx;UONnF>$3P0AxS5>)q0`QkUVxSCuN)CabBRQHmYxohj7{<Q*w3ttZ7hCgPn*Xim?
z&5M`S#>QZ&z;d(=3uk4R0Z~K0(nW&M@l?##S@IAQdZS7xCV76^)Ph+fz@Z)9>&l|{
za`<PjY+@d}9bkDY|ML~l?>nUc?LS`u1N0k%O)3hb+0;qu5h<=9l2Y$gpR$KLVsC#|
zqPtng$I~i9-;zC!_j!sV>-XnVnpM9a-WBsb10Cc%87-;g7T}Kw`#9Tm8}dS`tJ~jK
z^oxnC9rQ*gg=YQg8Z_Exe2t90Xf9u3Jh%t@>KaXP4!&2kn;^Npl6tv<ubY=;2U}0w
zW&X-;wXXu1JhX(ENTeGK-wPjtEAPb+*z_yxn+ag*i>DeaqH5`%SJdG8?ZWNGNh<It
zClOQkET_Lfeg@1;#l7rL=6irNd%(#*`5*v+T3goWWElC?aA7_M`F!zV4C6GPU)SGI
zAL43t30L2_Yt<nBO9Mx)D@QS(gdzXz7<$se-<^}H^@!9VYg#vWB)QBHiP+BE%`JJO
z)TD+_@l22*=Z;EIsbG>Clq`f|64_oGf2~A%RXwg`)~ghdIw6S%PPr!40>fPv8+5Ow
zo8l;LOL;pSFlLYX4(_v7vohS_R+n!2kwalrkNJrr3uQZ3?6Y>1A*dy)_7S_eh6%|C
zlLh<R?;IhKNl8xjpokTy*}nnRx0@v!7z<oZk0gcaWlQ8E*lNBI{3aPmmt6+eAt9m=
z9p<to?4sP(98kC?5Z6l(K2S$g0bJ7^nE&PdBe_;VdEi?#)h)oOPH*+t*#$g~K%;Dj
z9`AtHtc@q)1k6?_F`Ie@{L59Z0BThHMj-D$wMV$HbyFl@Z)c_*ErNUBjIQQW?wI}!
zdbSlt=4fiaYLG)rgve}d(fb1A#>30X3<H__+PxLbN-K%Vy(5zK6F->i*XN%W$1J^P
z95Id<1CS<#z?`H<2Qw4u?mMut*oh35{BvDL<?DRChd$DM9*-D>e|badzteU?3T|#P
zwFl*F@)5T~HkurlUZKvnBh1Py%`!tUO=+o!F)PSyLh9cX*%sh@aD72QG3?%SGbvo`
z#n=xCL2R+hZT9-MvdKZn{{u-=_H%RqcB`y0L}v)gIpO^<*rg~9xMK}b@+ZVt5{zyd
zAUPzU&_M>SEdCFLk$3trHn@i=*jd#MP*%0>UJ&yzbEk~&#JVd^{hL}|+}0@{AJOE5
zl@SX_5K$+Ux2;Wd6#shagGMpVwIXc+38dEAeYzOTZm_3xV{L-pAJ{)DMzQK_PJjNy
zZIRf6%uBx<5ZDt(PM>X>mCHxS0&YNV>k%*K!q`pjtn2)%^CipC*%!s8fk)O(KJ73-
zYOl<at~VlzmDy0YD0-RB6o~et*R7*xevz2ewBZT&$B?mXM|WXqhVgV!82^oaB^PC_
zP<^UOmuaw}*3^j?&Xvw;vod8FVi&gT49%JRbV<3>1@pF(CAMOzzMY;O8(=}MW^g*|
zb#}Yxb}G^=wQRS@_S-|CPd14tDo65umAA~H2}x8=Ng=b-lj*HS^2I0~)Xa07QJk88
zSX#1zyd{Yxy+KiViYX~XUo*0uF5`sNKmM1iwXfmquQ*>+j)F%QU(6v!2@K6!tc=1e
zt6hVHe^U<U+IoAQ;F~9#|HB7AUaAA3|HqISr+hUhkB;E;Y^<C=@aO$c5#r<i2h(bd
z{|@jbx?7=zl>sH4^9RaFXuYUM!pJk@_QY1mWpiq$$1Z&V>Zy0`)tUDXp`C-rO<hQ|
zBO}-4qfhF**kCMO?#t_pEjRun%?PJ%!YxXUJIs8Jo!r=-seK%na|bK~9d}UnVd%1<
z$~knrgF*#gI4iVcJJCHELx)^FWi?j+)|+s09~2U(b?$sIuELM8jNy2@>DdVr*uxfe
zJ&Iqpg6bpR`WotCCqeo!xI?iTT(5lOtm71tD!h&vnzq4zxEVOS)~naaf2f}P5!>+*
z2>R1<Bet^|`t9+AGh9lRGCN2ruJ;kK;Fq`55A;G|CjN~@L<K9FzhHKIfF=j^@r1g#
z&-M?(H92MWFAs7y)qb<BikfE-C=`~K**R@=jh{`JX_KrjigcYpm?cJ>C5E!{Kr6JO
zIfhyze{0~nFIV$cJD&)-Xv&5(-+f=;Er0*hQLe65*=U`-kb7#$^G4*n1-Dj&AI~+h
zl=5AG_Iaoa4egKyJn^Hi0(4SW8Z-VK@jdub)E>NCK^+PS`{jedXNY~UTai-M#TG5z
z@MHCy1+n1vNG@`rWx&|&+;8sByeSJ`c70klv`NQUkmLh;NRM>ktlv8t&g<3>t2A5V
z15r&>2J_C?U9-XlsPYHo6lk5S;eGj!s9AP5f^pN1^&w@|ATmU3zIt(N^ra~K{B%y)
zo%DFIc`+`bFqR|^S+x}0U^&@f?Tj(;46Rq5<>~L{a=sS1puC3ATQ*vS;_YHe%$SOV
zMrx(=3E(ZQ+U#@;83P#SG6ei5!GB1$tnOGM`#Si`xOXxm_+v;BoJU+w>QV~(5pXuq
z{iS;8niy1Osd%GVOw$pa507?aOB!?C5Gt+W8!GXni`5Pw>K(L;CLI?YYk7x{khE%A
zVVlGS#;d7`oq<}^7K^oBL>5HnuR-m?5=dd|h*Vw(-<OZ38?UYGT6YvsiU<knEPI~G
zmhr<AE}9iy)0?+G4kAuC3~Q@1H<H>gHN}N_>s^`W!pUWybj;1ACRVH>Dmd05OK@gW
z3I<eM3B>AS^0g#pD*8xAm0rv_L*VZ9jw4K0bHQD{pY9Yy@a?)lPv+Le;jEVC)r9>0
z;^>_g=c!*J_Hib@_A=h2rGem?Zt}x9Bi2wWX2)*7&A7z;^^Y6DA!3o%-r=|g;U#za
zub8*xR<$xJo5LBJxk0O1q1}O|Euy{9oEx*Ynik}A_!Ys-9lsu95T}s1TQ9C`kr*v(
z{FZGkOtn^pt!75@ar}-QH^v)gS)<s-j<dQIkx^id?flh1V~Cm_`+E4_mPtNiMMn(;
zi94rUn6p)s=SlY=YUXY1q|2BE=cJf<Xp#`%b28um#G|)RbQCPFe~-egoCAAZERno4
z;vBD|rNi;NTwLJtBjlZTDQV0a3-vJ(vBkq&^MRmZmpEAaEhO&QV8Y$2#bH(KqC2yj
zX{SfN+c28v%sc8JUayi_%>k~m0ID|+BCF4{m{6=3bf%J$N++ktR+gP=onfg7i|lRm
zeRD>ws;1nIh+MxN5#?A~9gT_t-jcWR>c0>3%H?B+Rdey3_#T||6)BgGo0wds$Zh}@
zu$<XQ-4e0C*ei)QQX@Q>S(6*qFXsO-E9}h6xPaJPU&Q%R)hWNQpk|?(+o-l>1`@O>
z-$X@Kb9of`bowDTt$tMSMt+P!bV?-^YR(hdk!^l{4%V!w17@RI`R2hfAqw&5l>ozC
zco!uaTDMJ3i{dUUNP|~_y!&iTb=hri;&DyYC1yEks-}eSzI<^pkA^^-BBa|D|2!a?
zGhH+ItKrT^vm=+QD3M{}AoRNICE-=ZAawgz+knUj)ov>5rJSm4Uowdnk0-royHwx&
z?l;w4tNUVvxj%SNm@p6V_&X5x1MRa756;u~mnc)w#U-<|pEB=Xr(+LIDZcn>3XSue
zt3fD~KBnX{>zg?(9P=}zPM|0@L<i^<G#|}0N|<cfqd44z0QVFwN@pXz0~Mp+H9U9^
znxtT&37FH2m_V12hEo~m*0WFL(1cC(hcs4>Wi4i1AEVgWT{cMOwp`?3mJpSzPZ-Rs
z*7UBnPW_Jm)%dvHxR`^fw)dgMD4)=vb)+zRlhO8^^I@Yf`}k_$joPSgEil1ii&LE<
zY_UNGt3tj%v3q0gq|U$tpBc_Dp4E3HTflBOVK-GuGDQzhI%aF?9d37X<S-)wmH(=D
zAEqu5he=jqbJ)Q9<BC_sn7OZhl|VSI{(MWcfh>&9fBa2noJzWT-;%A4@+-sa#6z6K
z*h%CqMY>6{;3aip9ZEJf52saN_Yp}s?eK?Cr@ON#QHp$DL&)GLh|LSdhxDn7PksHJ
zZ-q^xq%S2{ujKb&0}T>G5ydc0m3``seCF6PViP{EsFP=XOS_itrVk@J$9)?%<tz7X
z+p?ekfX^sotm#yG;k}4%^6OX^n$zkV#`CR%rPE)$0`YQZyNB;PsQ60Ec;+)TyMg9=
z`gCtT_li^5Rry(=-X?0=NOl{)ov(ITeD||@2oD5)KlsP?cLv>Fp8Y*2tz?0J%BCeo
zNb@(?+9W;bsKy3A+KOF+(SVu4o|~@E3wh|wEqq?E_9wUnv-ox{()0beR$g1*c;YYl
zYe1%IkFTY0jATHcw){5Az+p^1rPki(nn8A}_V&Z=c^+>fnwhdqab1BD`+CB+8j*w-
z`7Lu_E2kHsJMuCs1BrU;=QPhT3+WrVphi)NyITl?nW?eJv_eJA4BmJx%^=3lp7P35
z5QR<m>4@Rf_8T5m?JG(A5t*Js+Ft5=AoVRYr>6W?(VwG>>ipvn0=(PnFj9~d@J|}3
z=mEdKxC#fVo_qox*~gxqAFRcB1i)Z?;tHRs7-Hj|1H9-R3#{#k;5)yPcatzsUDX)7
zNN6SQ_M_v@m0sUueDXbn*-6bpHBhPMuF6qq){12;PMH7x!g(eWIrri4JwM}NU_Ro&
z<d8m>W`ql65fvaE!Btd<iAh8@k6Ac-n4VtRj0vZ#)B;=?faDNS^k#E@jZIr=!T~v7
zWU}HbRl3We2+*qNPig!Qf)8I<e{K**RsQbpfFguZ)i2BMHH26wAW$exLUfP=T>=94
zTj?%@&ykXITig}26Zq!%NiwP1gEu;{e6P*c98UZysd)Fx<yn*@hfnS+A^9IT7Sd!g
z@$O_~GG+T*V@TTx;E>$@NTg^l2-p?b51V%KMXV+X#P$|};z-^fHjmB%p$}ZtC>s?}
zP9k2I0Uv>KMHjITv6y_E;tMBKF3Gr^4lfWAG=b5fT=)=%!hC)bC27VV0ZU_~6NUmr
zXdzNWq9iBK$hPl+8(h+gV==#dO2)b>B>f%01#P7$*}_q}6reg6d%PgCd_$Iv0^&4=
zqz}f9UnLRm9yiHDqEfLSD!8WJX+|G`T7P5l^pd9bLyc&pRcRDbiVDC2I*&#n+cpL6
z<z@`I{uvk_PB9^=(YfPsuXTE>0!wSaeG=A{2sM-P&wf~Ld}Gm5UKR*W0T2M!hcvjf
zsGR&5@Sb!kY`{T0V^Qm9Y;Z21PdC9zZ19Z|H}S&3FqA7XF=z0ja0EvZReWW<e%KZa
zW6?6dAi>BW4RH|>`Qj>IbnXBFD;DTv+Y1)1;)UwrD2@UE_pT@aJ@b;X5Va1(2FLmq
zCFwauE8ZOm@K2wFv0Ll;QtEnewFoWyK2><xgY)j$tjt$68O+0-9lc7c*ts886P|^X
zLp~}X5n%md7>c7w5(i-rf>6<MAL^lh8CJwRz~9MG?D$rxsDL)$oXPj7pn@O)Ap`~n
zQ|l;fa4KLZdH^GT1H3N>2qy#xKj3N2m+Eag5<x4FMFdzU2~ci<QGn1Q?g<RtGk%p^
zy!#wD|Ct4#U9gyqltUpZ00HRSPe5E^k-WlF{{X7OTYoB26@~@EJp?;GgF?LfpKiE^
zqbRl`XRw%+9YR?b1l|AJ1<=gYAEtU48G$nGtpxBP0vp@{ASxTLL@^KbaA?7C13rWf
zR>MHKJzz=SxShBHg=ri52#VyERqhgXu@gUI)9e%&<U<g4yf(3T_W(c`S2#+|d-60@
z0;pKSl7Py{0T=)Rpt)aINZpdL!Bc_m0s6P~!%%2ggmczW7v+OC3uG5i$PB*$XR;VW
zwgYUij>iUfkYxsa>6P1sT1Ui)P(3S0|0>e^pz&=@FMSk^?AIf0IYE%rE>sp0M#MZV
z3q%#b=Q7Xekl#U-)xi%*tPA2%0TzHr<$!z5+x+qTnntDH9lW&s_0taTHH3W-Za|Vp
zwpT(>`qDS=&*`TClh)5F+>t}Vu^eessg>6Nar7ZT<@qM4^P)b;v+5%shG9A8-2SMM
zXb(8y5^2*&A8i-zmFaB-hJ4=-yNnIUE)h^lV3Uvq0tui77wGdE*h~a;7Y!Iv_W$T^
zI2VXYD$SE^KGC!+9UEL{%hZ=JNPib<JQ!Y#7LeshZaou{$l=i)2}Q-5r=-`YDgg_`
zBG8{Tm3VhOAT?>AKj3cG8Q9>}S4ZGR@gCp~uUV0%Qks<d-5C0euqQOiagv&BMO>I5
zOaMd>0LBCQeG6PV2q-=)p!omzrBG`DBmDZqt28LxpvD3wFWCcp&A(?9$|%YMoQj(X
z)}<eT`y+DtUA*|8n#6Kp1`Rf&Ga26ML}C3SSNEu$*cO>-dr>D(pi|Zkc*f)b@x3%l
zu}d#MaeAu}xAY?{k9i8G5$kt@npac;nPu7oG`5f!KH@Wq-<gd1*y+&!^>YW@s=Obe
zWzthv@&n8IXAs9n@HL^1a?D4<a=PCeGE{zijs8kH{5>Y0iuy{rSF#ca><M`#9W0cn
z2>BipL0MfZZg!Me6>OYZ8M7w2MVrCBxME;ZwPq!~Zgg_KbX+1>JTjZ6{Ew`s@wm<(
zSuHaQ-Zcr~NP6J3I=1LTn%D1}4e(~kYL?14-tdW-<%;TB!BuE`Zjox#<rN|yh1h!C
zu7QF9K~y7(klZ4=0aK`0hEgjr@BtXCRNzfX7+Bj&7$Z>l0AN@E7!=h4<`$`<u9cO+
z4<BV-%WalC01CzSrVlBsU?sN$bkSj?33B=GCtOBULD43P?!m};Jc?I70KqiE5U#lT
zp(NeQeoV+GtGSoG5Y5CjFN5kv<rie4IxzXv)K@@FVNPSlC8M-_YJDcI^?^YKlzbT5
z>`vgF-*f{yzRmN(5#i=@(Hp(MogSj*`21-79keD?jMqe;Qd=>=s$QctSU1YbDI3*?
zIi{(uHK-ouG+>M~Mmx5Q!~$`;SXnX9s#c@bT!(q4-ebNoN_(b$u5vdIY^iHCQ-(Xu
z8von3$jZW~Q=y|}w()YV!rnk`>z{GKU4z|TH@eLs5#@r3ptfk7N4rd~s%4h9N<4@d
z8BAMFuR1rSh}EQ7S~n^J%vHeW*45OtO0^l|?~<<0QYF25PepZe24a9wR~%6@ZL5uX
zFBq?m($1;B)!(&}j|-FoFeetJf=Q;Xj#H~GezHR^UQxkn9F4kHI>4E%)&#;Z)-`IP
z(Q1^ve@)u&9AHjX3jv`R<JV#r*Nrl}0Z-o68x0SUWQ&w;Cg!c0dV00Czqk!?<TGvg
zxCU82w=s)>S@QEKG|Og<W>MWJZ6g5KA7zq^hI=mT;aavDT4rsuC?+GuZKJen3-~OP
zTA$Ul%t~9C#cTi4Ka^C|2~D8xRSdi*sXdh3-Le~KM#*WJ*;-Q!sz=t+lt;-i0!aMN
z8j#bS!%S3FPcO7b-II%yqAizIo?}uBNBxIg&IX0h+VsG6R=8AyPLV}4<@9o?0PcIZ
zXQ_{jKaq!~%T9EP8boO2>?ar$1Ck3)&o-rs2MHKM&fCdrnYpxHnmN<N*L;hIC%|L_
zZjxthkVkWaG1r=;wpirS?=fkt2S_hLA}VLVGD%ImfWdgZ4m-MT)N;O}f+g5IGMuVh
zmOrz<#foLkG<oIl)4(yrL#Ol@tNE|^4yoe7aHn<S>=D|talY!=RfXQerDG|2_q2+-
zzAOOd96H2flu%>Pmblq^|6p+qj5EYggPjg0RIsMpwaeGTv!x8vC>Ot=7a(Znw+HA0
zvpp8grC8sUat)4t-RM=Fa1`G7RozsW>KM7)#P})c-*Q<!l0mxhebOU|^i>M+uNzSb
zYUW8XT$Wc_6=Ygw1X^T+9FgIq<+AAB0QSC^mu?Lw{iPfcja(rqA4kgUhb`5C1$1q?
z`0gT@GcuUCoF0<LcwCDfQp=1ajd&2woFuMXJ-t;vYAM~*Fc+AK#Eh2cU*0QbAGuIW
z62-Q1)n48SjsMgh|E-ta5|WMzNH+))Pmx`qY4pg8IXNiml`akmcS@r<IB=FMHV=1N
z%#WX<jef;sv1f^HM{i(N`@m#~OXt-OVN3wI0Fxhp!T;&~o0s~@(%EM5Qs3R#Utpf4
z7_685%{bI38;!QtBBqn0wtAyy3>nm`Gs=+OT0FlMY$N-|ph3ynC=nGf?MsAidp1cc
zZ;`ayfWTaWUQ(1L=CoRbUcwMdE#Cbgft++GVG-cQVU?<!*hJG|4w}dZJFlbuD#Hn7
znW`L+qvka+s}%{+AVc$2126^WO4vvjK<K|HzUo!46y0S+N+W1#H<Z$~CAB*L#0LLP
z$4jO>A$_fG-DLULn&e)citWwtzOOf$>l1^0L~q^ASOlyVqXHU*W^m$9U*S3kBS%YR
zKvCjhC^dfEcW`-yN?w`DXetN8oTT@KfR_4twk0uLX3Qoffw>t?7X<~D40^yR62<GK
zerO}oZUj^%AYd$!VznmgUL}DFceP|GHZWDBpsonTPN8i{t0*H2kDDYTBIJ}^>7-`L
zAiowZkkYg!7h0-7{F*hd4REDH7>=t8Pz|BSjI*bpIZOsC9oHcjYfeDFg)*j3OUT!e
zityslrMt(JnyDlgqhfK_{_p5qKet^x`i8W!EOm!Jl%mG?ce(+eO639#Ylett`=T@<
ziKrv`|Na?}3}QqYck0j_rY8G!KzQ5_0UW}UR?%Onu^eqnE^a@knx~;RuGR?`h{YC&
zEN<7a8chvz8p)@*Y_c4s<HHnQwL>Yy$Rs{j|KXYmm_j-8z!JbK0XjA4Rspcf8E8A)
z&1Uk!F4f_$?0|{eL)${MOl;&zI#P^bvvPj-TR(SyOvoPq3#FnGQwoSTtY2CH0aQ)}
zK?ca`DXw0OLPct~>wpHZ!kyx2x(^iNKv~M#8qS!(-<y>^0P5-fgbfOkDfdZR>ESd{
zSGFb3@(M^hYxTA&0fxP}F=WMGt1zWvUVrJjP?|(D|0EEHv2HzeY+Le8i!jKB4iWRf
zsacuuD2&Bo2JSmu_7zT1W+hmTx4ebuDFlmtjiq;6a?|%LU|@qHKV^#DlTn)?G(UVS
zb;nfaZrQ6CT376gG6^Wfzxpn%*sZv!+qO;GH=gm!L|HKW_b=<;p^*hUEoU`bnJRm>
zeFwE<W|O+jXd!wZ4gb;&G{)<8c9~q{JyMsmTkGPH&sJRO((OFxhXlT?^d>)BB9x!*
z`Nh~Z(T+H9u@VHMa|3Rzbn~I&InxEEOM32_xl!#+=Gcscu|#7GSs7aFu*B<Sc3y#0
zjMN5BmU<oJjHK|QZLdp<KF+#rP9^tZg!`nl^zoxglZSF*bp|x<VgKxrRANU^5|oM%
z!mWsS_cj`2vRMKDlQ?QF4#LsU*U)GR%d^{^c%)4)a|*b8i<$zi9^XKwAURyY^Rj*$
zrjW6qfv@fO#eH8Dr;hK($&r&Lkn$j#QDxfuZXQ`X{H6_-X%Me=B?mAIzG1|ELjC1}
z*n%6XT&?rLYZIwD;FV~^n^bGD1v@vCKF58mh{CB5d@>FDz{-mrU=lS6Wj%eF_NQSp
z-F1n4t7+Zk4@RR-Uc`>v5Y6>qZxPLqKiGvCN>Ek`gq<pyEwVFW2J)HFBw7!c8A9(@
z>bl?@g}w4-!)~b^sJtSMM5c)!g5&%sKXjrgLipz*0$?-e`!RLFh&$OI5SyT9{YF{Z
z8XxA+b&??iJJUKetAnz2?p8?bLxvhi2Ycy|D#Oah+sob{jUa^c-yqZL%--3l2gaUc
z1{LCn;|Nz3?#HD|-yna3r{}#vUe8#*Lw>?14|+i3vOdWTNzcE7C>qAjX7^h)g(f^N
z;pfZA@A_umKjZgf1=>RDE@%8R$Et#rx#Wz_(``-Ox4+>`@2~Hy6ZDX{e|c5L&$3f#
zCL42Gl0dCvbX=0P(cpFhB-azHrdM=<pT&K?NODaJP3BLO42(2r%Slq8==S_ILZ#a_
z$){}r35bgms3Sw!nWIu`eqo(K(@mnd4iR57bcWrELCD+AWd8r?ddKKWp05owm}ufm
z%$eABGI8d_wr$(V#LmRFZQHhO+d4_^`TgI!*8OzX>eZ*Jdv~Ai>Rr34_O9otQ%D_p
z4}aS+Bbl2@(yS%3f6OG+ps%Xjz1zr0kY^e+YcF$4p6}@XjT`Gvj-xo}M>xk32lOM5
zBm9<O>=c@HlpS))`257keK3oZKMa?z9yKJLGBREG<3x+E;7ds9K~jOJyI7kKaU<X9
z!PsmcCXv0%>TGjd%aw2=!!U!A(s5oLrBip$rI3_Cn1HWhVb}QTjpzcJtg9$t*SMt9
zHR0V8hq+C#G=E&qIGY45VTnb=-=po%YZNFhU!`cV&#W{>ADg44Lx#rwd_D%=ju3QP
zq=20)O>yQxH~#`XO?QiEz{1vUT-A@bcaIxAY1|V`F<DBTuT*Y4A-6Bm_pMQc^u$Or
zv8z7v^z?gdj=UOq+^LyXu#SF|SjrfAc5XA}E?R62N_Dpgk$4|(Y|c{#nZlHuT~e-?
znF8(@^8;+ZNZ*62j5)!$U3exr8anK`i2qd1ttqPrDLyfp$&4tmK18KzSuaSEi&*fl
zTY#9_(=(;AKF*JGgxH;nRsd-UPFmuh8U(Uk(pbh{wy0s}_+H?|`XLShw1!KBWOE4V
zIRx@Yj`d#xXjdq3YoSfar<Kf50sMRiyxuDAFiA{Ny1&p&?h%Q5HSO&Dp<@F<53ttj
zotP!xCr_+jXX_Oem>rle(znnpK|1lqBeE9`-wmi|^ZSaldVA(60*Ut-<Xj@2%}QnO
zhBE6yyfB1JettrVuZWXQywdR(>yzm-#O`D{gUSQw8W!j+-j6=&3O9`kr;(sfoLY8X
zS6V<XTXX2o|8np>_YYOpxE-zqXt<n3zn+A4ifk_amu@1pu4#fkq?ti^FKSS7Ms`_?
z^pBoYkn-mf!q_R2v_9g-XW-BX+W>fMxi=*7@+`DSl^bHHR=>r3+FC<C`(=?e2g;1j
zcT2W_@L%G8beFbPDc6ZsoYL4gjpgzjn0%B;iq!ul>uH!=^?{S1)mK|wrWy-sKzyLj
zTYQVGoJi-OyrXtJ0^RW*)##X*LhXskb?YYwmWZHD%<BPkhUCO5`%i~ljEgWbos<Ra
zS90=_;^@~QX#HFDfB*EH2VA%XO{#_-asHZa&y*eYF^)_Q?tV&|dZg@3@gLpcGG-ZT
zr1os|;VV58rJtJlZ?MtQ23p_$V7$wm{v6g9gz)!hNh9B3MQ6o4jb|a9bn7>+myF`j
zV)q<#>p#@qua5?$bzeY-?}K7EN|H6d9HY#-!f%7ekIJ!aTdepV-Gqhs>1FwzgV$o*
zv`i0Rkr@o+rH=@Yo_`ak#<wP$$h+Y0raIP{PK^@!l0@H_M1@W5+xDXp`U)KPsMh>E
zjvf*`1G(o(n+*u3Dt4TVd0r!XZk7$-eoCRh6?NbpsLl*Y-Lkvms=*z;yXdlzO%{=R
z|CGEtV^h8HINvS^9?5mJ9;=DwNOidpB;JiOL`8LmH+iwuda7$>-u#OI<X1xW@_QD@
zj&c>u9%_%1-S-|XzMVRlceA}S@8DUjGCTT!qlwv#0C6({iHG+8IpTyZFZNy&_OwQ{
zq`Z>Fnwwd@BI~*!lsD?q>&CsXc0t3wtk6~^r+aznl{z_xN<eq<75v6Q`_eu|@&G%}
z5`fo{r`xfl?AGcEyff!msp~JcPcPA-*Tp#L)}ONV-2_HW-@VzUT&P;V8Z8sKuLGmH
z$7L;&IeAVSc7xjrPFwtvsfu{@^23*BVH%emWMbJ78&!#RxTG(gmG_JdAhqO4T?g&h
zA9EP+<j*SjSayP7)b4eO8C1GeS)Phcx_6aMl7C?;@&AjyLric;s}`8@+TvW)l_i?R
zB&`CiYoZ@^T|Uz*gej(-&II^91_vY-O>&FnO6Bf@%xHWGPGE&Y*2>Md#b{!734~cG
zt91F>EeM$G>c#9?Tkuxa3<v*`m_)p)R`a6w{hn0gt?|x`=Bt?bY1chUOwHAIzw#Gl
z9bKXPIYOkqwX+(m`FF)q(0%ehGu46RV}@U`zG|8gk{z-04kWdy^A7jFu<eEr`z*N)
zwPYL33z**gCrB<%L}wD;qCW0{h1!@q{A!ylfK$KPfj3J#VJ;pjRK}rGzuZGaY-?)W
zt7bgLwS+Fj3owzMmYzPL6B)e|HE@z^vh46Q$d9hzufea&ar=+%uy_4>v;$G6mRSJX
z?yuW2v@6kvigb}WIG(L)e0kmqpr!JkC<B^yX%fcRqgPtFZxwWAarHf}sG>dAmHgng
zr9m#JHLpwtmL~L<(UcHZW|`4E5j=S*1>;<K*vq>|i61#;^^TAXl$L@_RjLZu|MDgS
z{%JN4$Tx6dKq!`k6YE`>7Dai=QmsVz`R_SFX33Kx-@HXAbp=MC<LSjxl>sj^1LGMK
z-^nua=3f=1hz?<q8S_mF^GX??z&sPFTg<2<fA?%Pheeq4K*B$-dzBh&47{CkGR2DU
zZv17DxP>T4kn&5A0#}eA7mxs8{VX(sDEPKgb?UP|uH}~iW^2adOh`43O4j2xDi<D)
zfE5~b{qD_9m^g}BxQh)wCsO<Z<_u#@SUZABCg80-VjF8G0w?FH3pG^^f-Ta{g3&V3
z)$*I^uzL#>sVBez5)!DW{y3lex;Np$bB|bhg(fpw(c!|<3CAeyc{T{(jrEam=6x%n
z5n_+Zfg)U9;>uG>7T7!so#Tv9MR~cx{$7a|qk_^xk1bK95FEtSbgE7u53#YZ(jv47
zdPYuNG(ZB_^7dR;b}oPhT*mw^?i`0ezU}R)H{#_znqK(YuK+ZCF4;cLfefJk6G2>E
zjGPJ{kem=?6jukvStUMZFRXwWCq5>`{C}rLNsWJ{7SNK$|DOal!^U?%_R>bdTtl$^
zL3waH)gOSO3#tV&H0mHDp+Xc2C9!lJu*hW0Afvgwe^MIgabgi|W`{<LqdfEk8VOF=
zq47wT66gpibNWA1ov=CEoUp~n382BOiz0Q{F4{d1#Toxep&<;2L*VW~+6!kyl0jaE
z1;6+y1Zh6;e+gU1w}CA)m^XE29NsL}{33(~dt_1RSx$&8I>&_<IXT9cCRT$6+b0_W
z%b7&Wn60R-nK>&`G~09fnrmU<v=6vpxyAG^JL5Tfi?#AgibtHO;}RGjg*JOVfo#aI
z@}p*$eQ{TBwfB%UOIHr7F578Fz7XRSAxw+sKMId?U=|hUS|!z$VINJ7m%ckRitlh}
ztXL)mvx_(t#p%YB<BNa$CA{-hk^x2phVLmj8lRqw;vnzZFSygMkMZjkJU!-<Gs3>)
z6?zCB`LL6tuu`ImT*E)1wK;qm^SGi;UtMcuLtu}W@8M&#jXZ}rc(hSe^l0rp=qWCC
zL>-er)evFI*U@i*`}Wspg$h|cwLP<?He5+KRXz2nk;>r-b9tPUiE`X%g#>fzqukN3
z7AON(BEbx<EKZ(7J^D?FEY+`!^oLxc5ky&>l)!HzRJnFIs0HEw_YA(afbu5-)WTIP
z6uMIQ-DHU{?MID1a_Q~%^l)2c2aC`J5&Odze7>?W#>exGud*`nh-xCz*+w-NW%dWd
zA!n`@F-G1-ZubJgP78^zeF%5JHsdc^iz@txiOzo1D}_i3VVQca;}imJMgw9dU?_VL
zX_lh=_XxjoT)dk%5~H@{8kzKTzuRjn`9w<|RN_T`i6v|}&jvIP?8}4_++;F8r@s<l
zR&yDgewqt<cHryiqy0d&@~9XM6LZ(Vh+Riv!*+X0*W^EwchUFyEV$M~u+1mnSKiqZ
zHnb4=B)kIatlodp<Nxw3EL?&=Sy=V7@}{nmZp^PRJ8(~%`#^v|fU2xbG_-M=GZd<Z
zK%}Np5dHAv9|Wy(gB}d<-*h7V&SB@0YfhB*ESn0DZZff5JPf;e#F;Q!^rfb1?X1+(
zgi_{!vcIO#N{D`r;Sbsw8YpReO_lgfCR};nPAsfio=h@q`oJq@wf^~8jzYoNiLewv
z#>91_?j(WY*_A8dewi8wIp$%{4J??RSg-c|_iFc-=90oYNkp?JiFSJc4Ma2!a}}Q*
z6O8dHSk9-Gr#(^~AFWQ^9!%?7xQ$%Q?Bm)wEnqEqK3P{TW&!=qSd6(yy_|cr9XMX2
zF^%1iT5Y{4CQ#0_F{4K{4Dlw7*nL@Tg%{A0enE}1?!kfGap8~sfp096k0{P-2nRW%
z4+kkXXVycw`Dzex!#cfp$d%WEx~~>nv{Ga)IYDt{wF`^Im|wZ}_w<`7T#dBh`9HS}
zG(ii`fk=&;ztmT}dPg|Y4L{3zb3l~sZYMZzOG$ooo@m)hc%j!2OK03N^K>nuP{nDH
za59IXdpIud<AS$kR!k+qjVa&zhm>jPwLERjtT@!fr~&A%bXzn(E-XIvQZpHaFs5Ro
zHHlei|DD6{+}xYY1iLQc%wBhm?{Qva)6{+|Pcy)BCPmaUhKE2^GT?a*np~f^$bZ@_
zUiGozuinMm$|KgvBzyL&r-e-->4Hz0cQ`^i6lKgk%-~Fb{O1EA2iCO=(~jMh4V~E4
z-Yz-|q2P6q4kD3&N9&SwRq7Z=Dt?WShWirG@@2HCyGhfH*n+k-Ye4Kr&eOXO@SE>v
zi^6QyermX^GvyZ5hv_V-1!s_rtLEa7+6%oNYLQz(z&K#o1=m?z@x$86kvG$Vyw$$9
zg1LOwq)YmjQRmloWFLd+9M+!$O4@6HJCxfcY6kg8SW{onU&7l(JO;s}IR&P(Qm$2q
zVt`i)*VncCG^cKI?Z7Vc4$S3UVVWrwtz5HrO==%(Y&FMY+iPzmua~)dK{m$^yYk$>
zAZgvM8iRjQk9lxTuL9&aLPr#7C>j>R3JCW?J{+&gOm?S|b!eR7qwcn4Lj^%yxC_qZ
zm*-T?>}~{y__tU057U2|huzN?$2M?27YPIKXTw-0fD<NeqNXKyj6gSZcM2flLD&wU
z7ajRIc5gS(pf84?35`2tZ<kMjR}SvQenACdJ3qw7%DDYzCT4}Md*0UFbOq5Cla@<x
z0-dV(4Rs(fj*KFdhfGoir5aJqfqvZjNMm(w&AJKZ(Xouko>XtC-pl7(yf*M}p$rO#
zubw$wDCZi{n7iN=55;0{D|k<8L=sHP(3ImAiEQ^rC*gn!ug!Tt+{#N!Vbo9JGJ%(O
z$-OxgswOfmoVo^kNwjI+zeKu4M75HgpN5js%d0MI3xB%o5udS|f)EeCG2Q==oI-$q
z|1lOed4ZuhMPsFkH#Yj*oSWfQjCaKl*J3^1Iw^!0<ZuTjoSU(NRLy7pYM&U?2af^2
zx1gAmp-8K@Wj>qd18F^&WFK@He~rp87xUAF*E&9k_DQFt_UDlmmm}?*10@CWHWneI
zl`Y{I+}_zdW^Zo*O;C8IDU3eBuEF)@Yh+M&d=L@>8{`0v<`fPlQ2k5B%a@SaIYyKm
zA#u$0I2ya>sAGNz*<hMXQu-&-ngdeZ&FgdM@F@W0*qZA&)#T^GEcfBow)YaTY-`<5
zCE5mP4r_k@Q0({I<8QUj3+zAY;Z6E&Lo?~0TuW*FTtbOHH94%=HjVU2`mGZNin28v
z*lW|xgt-Je494Aqf}WN<bKM24q3p(0mN4h*1G{Kqd~qy@`<7_GCYpTon#Y5U>q*0p
ztyn5Zmv~J_;SA#GOn<beurIW_-vr8GLCw}<oYzJm3L!$+4<<PVZCaN5f>8II38;W_
z2SfH-nlOHOem-&j&p=Uvk3cuWOSDSs+^w{F4BlZUUHwzqFw3S4OWGn&N{T+r#^1K1
zt3y>bu-+^_?KW=VaU#<y6~k9Pu(CICoQC6E{X$bA$s}<tX5+0R=zhC{KNP<OJJ5^o
zoxvw{!7c8zV$pF;*S32-5<;&9((Qk1U*~w(GF5w7y=gX~9+@!|y5zizBRhsw6bSZ&
zQ{)bIaCkH{TQjbG5ynCNS$&8x9z!4DRi6BPErX6E^t#Ic=kGPMH!0rVpSJ7Yw@f@F
zJ4NO6eDwS3)csT(jryLp)DLtzl?Gx?-52K`?F7!#tJTXyyrOECX}Rp7?>EkqCgJ%@
zG2T$u#@W_mc*CVjWWJ%bJtIn5=8kH<w31P171&CxHU-cQ=(zbO53qFC92|sq$jSIH
znY&riC)zjKYK8}CRP{fROqEA>S-X47jb~;y9R%)KuRa+DDoRGaT~_Zh<f2s?spb*n
zeAoPHDeprwZ!dbUoc4KttGdi1J8n>tqDve-6h14_80E;5?sF7z08JEQrQF4i9U{vh
zn^T6v3Tq(Ug^p#9ax<sTxv5}))o8GM%C^;wX)>D6-|RZGTu!=I(|km=Ea$dfqek&e
zq^XCei1~&0bz)uKm1d1gi^4PVt6;yRtnRg&S$XwnUgZ?bcs06mhv4XC4>tL|GjI^d
zLc}1wmPC3LYdVpgTz6quj2xlt<Nb}gBLBSnvqMRtx!M`G`S2i(4A9~#o!#J6fx#`%
z4EZ>j#htK!MWCGT=;}l&=X@}#PVL*=K;(I0@C(plvZJ>gX|<CkkD$e3@E5OLRknd3
zyXnIW`nTOA7>vyT5|?O+1W!2H=i$|r;`$-<Lpm1a3bEsyoyczZMu?3$K+4aOFc+*G
zc$U%QsM03PYJQCFr}<8K9k{VpX+i(lbDD=qnCyNC6K#gJO>3TOefa0PxncL6&QZoL
zaJV0bJFlk`-79VbXYxzHQ8>wMA4Y@K;FR}9^3ZDMGw$^Vr-7bIpS!5T@xj$u(a|*0
z#!U;Rp_<0$m#F*qmao1HaC~{2<o0YG2Z?DM7>Z4rB+ZRKh8xYUY`8UU5)tvhhh3Yk
zOb?BS=?R36Xi6&<-;*7yK&?Yy0Qcp|CuBW?#V+<4tE(Zc5p-isuL&<S$5m1D+%zQ(
z2M(9PP8#~=S5(2Pui=;{03oHAR2$#7L-3Zc<!liZQmgnZ6r8Yb1=YAp%UL9~T&dA;
z)3O>bx!~XS5m*N6{J}psRLy(xpk=)^MF4_bW+@4@os2_>SQGqY%hZA|1`~aZ#{*6k
zmh%AEaxk~SPx|O>%1xub#@x?iV{SRn73vxcPy0`W556R_ABBo%UZk0g3#D(TB833y
zRY{cH)BWjvhD6}Pf%Qr3zCZu8**(q;E|jXa;d~a!l<fHGRk(`@s@s)(+%acCwb(KE
zDT=|T7CkrgBMcWejzKV#PD3!13@*5v;$Av#lqbWPqN_I%l!$SCE6G%PE%=?*S9vy?
z)$Eb$PBa9S8|ehq+$&krcRLYdp+5D?9HJYqSeY0xH|^M|{h^}_7c~acj0qa>CiCL$
zHMJB&06Ms3LlC&#2eJ|m*gD235TnV<PNb0Zu_}K}o_i;ZsH_jH7~_<em&mmtW71)F
zR>Bgs2R__sE8b3;rwpb;kc(qt-cxPH$)fn#@3+PUShSf{&wK+I1aKRp6z`_Zhi3j!
zkR@Y)nui5@;u%fWlC`8}+B|}G2R>#tmIn@iehP%v4Cl&YrrGs(X+UwiwGX$q%wXq5
z#+o6&G$_p&Ak$a|mqC)xj;;B_Qw*#1_3e@U{)AY_T*{KG7-tgo*j+3~uNCu$ZoW$j
z((J&%vYD!tdj`t{@;QeY4r(IJ@(-w$k#yG*1Oa(%`GR|lqIM+eLrHCb(o5MAD#l5A
zcO|I6?E~$<Fd4?-M7n;uhy-n0T)-~7lrrfO^W+)8e@8sL@OBEn;VY^}#2uEU<|d8_
z2qzJN@QRi2j2)zg+jM=B+<Px{hg#bsTZbTQImP+@NDZ2*bqZ`wIdl73qc3_z3_X|H
zFDLS<=oA64844Nuo}(>}KlBP>a6Y%>9YTF3OEw_JGYY@|lahL9QD5s_V1lY3(dxOT
zoO``aaUG`9*=xtWbjVS+zGtx<$iv(5%-)f=ZYSF5R+I@i{)#Sjd4{@|oy0poTJc_q
zwp&guVjF2E`O%EN?JiIv2ifH)b$benbrbI5_QNfDCFf>iamD3F5Oee9I3iFs{1V6y
zicHVwtY3O*iMIOsW=JVzQKSx{$AND%&a-j%HEyCJSsRxBf&65*mIa5=osq$hQIF0M
z+HJ|nB-Z9s;(cy$6B7Ive0$TR)}39GH08a7XDYo(IKCNJj`qb;`%!N%T!!V^{@SGA
zmedplnSTua*z(5<iwIvS$t_ta&GaDpQ_>0jLGprL1mFfdqX)G3xnGh}+J!yj7p4do
z;9M@4O4$K1qYzsXuYAoLzs(;VOAzed85Tz0bfol1b*oq%`%WsME~O(w&XU@bP*LKp
zYKKPKX}eUha*kPRJ)MDn=KnX+32TRu=U2zYVjDxfLUiF}RqLwNL?GCOFfo|&hjwih
z-;f-OJ551Rg72RB!-Xu^$Pi>O<@0p*Oq%A}opt<7#od=Ffl~EsD_rKM6d0aE4eS=C
zf>dx-6twsA&=*u>pv7(rwCPDlw!FqXdpJ+?2Y)G;gL493I%?>!4ts#x#Psg#%YB5C
zPO1_9(x!rH1518y;I{e&iK<0u2uI0URr-A>)x8IG)7pWCzd#)#I5Oq;W|RX>_VUw-
zd(n)mh-=ga&$LB*zd8srDe}x^b<&WDZueW1tm3P-H6E8aue@w0=&foL(;uaZSC#gc
zx=*2t^kz4+t#F%uCnDT?(JY1Z=GVD}@WKc8ItkR_uUey8RABJkXK*T_Ka?dT{8*lC
z{FP#Q=GFVk6je#`b*9sMUw*=~yom$sS)+9wW)^z@OEg9J;+%EZVx0rk{X}ja=aZS$
z?}^L-)XjXRUc#^9HD0GLS<EjcGdMI*2k&djiuj!a2G5mBVdD%j3L1EwuSB>`{q1pS
zP(;6UR%MHA;<1-#d^%O~(8J`+RfHpl5Mj{p7z2M6v89}j>96I;9R#P?FB%x#aGkYD
zb4%)-^6FW&roal38^qrd-)_EFB7i+oWv>ICx>Jk^dgw^sU1`P#M5GEr{p{0L75tII
z0tutg+_WceFnT-_qzmv+FcUsvE#Z#9ysXpwXX{>&1bYa>n!~I;)3)0eCMgaX#$I`x
zdls_l918i+(g7Pn2CAB3V9R_$Z5(jJRNN#xms+;w?W}h3edrKbvnmj#YH~t=7B&2n
zCa@i*aB<F|C1{YB@TkEU?55rV$L_1%%DAQ*J<c*f+}fJayaMqGrbB)%_*(~TQUg>!
znq!7bApA=C!wq3hRT%WtN9fgf17-2w<}gIYd+g2Eey90f3-LWy^!1PH8t3t@r-R!Q
zwt<YQ=s|ydo%EgK)q-nSWIOfcvLWdkHrew?=GbNId#f`(0Uim}qgKE1+WV)EBzI5w
z$@QutVW(8+IaGRA^~dMP33)b@cqwU+MPRfU+Ex`GA8`EdSsiK7G{wkpy4hQZ?9SD-
zDKJ=$*N-j{rLP-%6SSi3tf}ewY+)W9I+MFul4~?$uV5xt8w}gRBY2j$`pQkOoO-YP
zU+1|%p5)mj=$`w1BkqKoHsZ~g#=l*UFrS$UcpG0lF7q-oqgK5|AzQ4A&^@YqB+{#x
z2;!hJv$Ljwq=g`F$o$GUjCOI{zxJ?AmkbL2)|+m%=Etx~F4-R6Pw@86Xd9fhSX8TS
z$ng%g<0065H*RjFoIa$Yen1Ga83AK{m*7p7@z^)Q7HFP3znW0DmIX)5t>n{<F{3JP
zApP27PI)?p<1dtmYA%$p76%O16Qj@TCn5*Q=vJ5Rz{i&ym|QGZ%cnK$-$%HuF-ur3
zv<US&W_)_;a@%v+o!E0b^JiUFswS{z(3;HHGciqi>;uzdT0forCpdmg<mC@9Y>=||
z_$n8`fVo-)XSYo5emYE{<vV5!s@es@s8yFfymHz4rapz^+{6;agIw%pifuBQ1;?~-
ztE=CdN!b|nlk2Rd_>y4E_@zo)3&khtT;AqU>376p`81jEM|te-|Fz^99R*-C;lX|b
zcM8f+Tfk>?3POgUKT-IR#cMuELOO}`hr16d!z06HD`u9;<b=9Nia0Z`t=3#9zUPOO
z?+NVnm>n9%P5>sx&(Uo*x@%mXqhr|SzwQzzf3u6T@`jV`R1MeJ@;E$Cu~*xT)Ss^-
z)i7Ug=bi;49<-I_Tmj?l{SW481l>mVJXxeooKWj3Vm!kIPBp>?FvY-Y?0l#Bs9Qx^
z{5lfe9+oxS>};63=JE^le<XwlroIsQXlNV_ojr(6F0O$zI-F`DSRG)b^yP!^0m<qw
zv3?BVtVW>Ec)r$0^g>Pt1Q(}LgI=(n0B%Hr?$*KnezVW~sc9Nwgn#>!ANNOx4Cw<M
zq+Qlj8`u=J0?v&t`f0DP{<8=4c=*F~ycxx~ctgC;mu!y1LeZa(C%hd?+gWQ5+n{PB
z=YfDG9tS_wQFqV983{hKS&1sr1&O5nhB(cECSx-)B6QSsobn|mA=OlFw|N$9mq~;r
zIkfD2N$}~~2;TC6@oAka<E?~f%4X){UIA^2+e8W{4#s_#D%zhWIesze^$niyBbL<@
zh-88)8L^jz>(4v<Y~rM_3pDvo``Ll_`D^{ewNhS3Owr5@u%@~*n-fNRMKXc1lIJad
zSQ*C0kXZhr-P}6<1h)^z!FXC8nG2jLXcz7YGSH!z!i)Y<Y@;3gF04aEImSY(<I>Zt
zZ$XDizuN(T9K{s-Nyz}gSJem`sug!pURB`OUw7w9DQv?^gCjpg?HMXoG~8FJnVegl
zGPj8>l^mqloRHB{_0FW%pqskX&4xDuKI`CiEt6RviqpkP+u5RDir9=XZg)Sid!!z`
z9*%3n#n!}&(2PT@-%?qoe~{WQMzznaJ40QAkdMI@xi-vZu!YY;)5KJ7fX6~(G0`An
zAu^t#-r8W0;dwWKx=$zJ7O)X+gB@@Zl_;4c*pLS;KcC)^7iae&9W~7ys$vyjCW@G+
z&KAlWnIg|-z{|4Jo^BX__BkFG#$xgP5e#q93}?fRRv09etL|;mh>)8oxzsAXzEw3M
ztMiQZ8@+z|j3(!oN4jtl&-kQqWJt(zB50grJ9~FQcR%H@b@#_df(rkfT57j>d$aMf
z{<4f|J;~#bV`Hj5mUH3YsiwKJvTCMFJUU|@IVgK{HZB%rc???5&oi7w*&C<yWu4}I
z(d67%F-Woc)beb#kN||%@GVu*$UvG@LXP~A0LtcCVB}BDbN)W!O~ow!T0R?Byg+aB
zfdQnOoZA{E+Z7C+0?HUjl*@4t{dRj&Kq6fltt?ZPSATmr`Tx73*}_@XHKd93Qm=fq
zfpb&0a;e_lqvR_)%MSl7J1VajVr;mTCHp_L4_9Y*h}2x6^Cu~RCJ6J>>HL}h<k%TW
z+Nll79sif}0_8q*k7b#^JAING3W5^EpI;t%ZE2sT`6s1*cT8B<oyT$E&qUr7rEXuV
zt$};Leew3Zr=+R3irYcQzt%emZa;lp$S|(A-((bSKRc~JI}z8ssf%jPBxBb#x###N
zDk4qiQ4^wRbr68&-B<GH_OzflJt{=(6i{z@Ql~*^KY%Jqs0G@s$ESw0TL;}{M0=DS
zhLCJdE1UtirF^!$_&HWY+lxgK&3I0dUIkt7iby0vT^Ea3+sS%tsTEXX0+B&eju`<s
zmx<AMiESlLF;<~|1O@s{?cKXLL#H^=OKk}%D~=27^^7DC({Peg3D^@i6?{?0(%Ax2
zy+nh-FXB)76JEcEa9-XoqXX}cM%~8MHO6aI>NWFApzg#N%Lig4gGS;4PZ(|Hyl1w`
zO(x!*<F_Krn}~uYlZdy~B|bQH!|{{4S~3#i=PTwevFu&U-I!HM@ac+mO?8g2i_$T2
z<6F3JxWLL{G899l9*j4SbR$rEcfdW9GZ^=A)nqg@kvP+{(M6>{e*P(pCaMPhtRww;
zyb@njs;tw;u>V$d^|&JI(U8$g^Y5*pQ!@B|vDp`uhSMc7L!HHxU44qwIco+161_ba
zKD@u0ABU=f88CHfOUQsvRg983+dQCYB1MuV9LTE8p3kcmeWN+0l^zqEr$Q7FTl8YT
zU%OJ}sZA}Wnm|<_+MoF9X71FG@%O?65J0fIhre6B-)=KHlFH_25`QSALGg)MDC7l5
zEoj>zy3M$YIq~m%O&=4PXS2>YI`RMBs?%9QUnS7wV)0^KA<xNvKfXUaNn!9d6TK<}
zA8%z+&8_&(W(c#x8NJxXNe-`rvy4C{W@V{zcWGZ0@=-RZ<8+p!pM^xbgJw$;WWBZE
zl-*`*X7wSFQ>U$bw#wTugE&7hRM{k0z-wsvusDv1ny}U_@I&Ibo?+HfM4D}0L|8f=
z6d5V`uuNL(cHyd9mr%xAyK&~ud2n8$1-NO!U&CU_NzKb!F3AAg%#QfyE=#}6)Y?0p
z`y($`)9}~_hMNn6akdHMC6+J^HwvmW`NFu`XssEOZivO@l^2(#8SE5A_Rk+W(d!=y
z1O<~K-t~Rljw?qpqEi@Q{=IUNK8)yJfCpZ+0{2JMPX=Ng-!}E0#kk5F@tusGeyxyx
z$<S#N?s3Tya)E}{X(WfNE|(_w9FpHyB~M5sU-EeHQihw{ZoVQ$9M@xTnbuDRo?hAO
z2lvG-N|*XJ2AB1Gesqi{0!WHm65e7BP7m|DCR>y`Ki_^e&VhAQi9waPGD}RxLscjj
z2-V$bqq|H$BdO(SCAwFYc4#lF*)JL}I_`}Jbcl(wZ%N@!;`mb5*#IiWh?a@Mm6nys
z^c~8Y4`MW#$jJ2XhWE07txphPx{9;b>f<FD6bw0v(bmdjrG2PSI>G~{RjoaaZ6;Hp
zIa4!l$mJd0a&O2~VY9BvK5LfS5#Exc-|J~s$&IqqAG5Ynx&yUj%Qw_}W;2FNb@QY)
zM~M|R1mVwK!$(+RBW8QQGr1OIP|*$7jj0PopK2Af4OHL1#X1x<;NvY|#2T_=tzvv|
zt41fV6dta$3j8fLj(*iLLeT7<nj|@tGUsAOR@Bo^-S?n(;76|@{hyebcZxsE7`|j{
z%4H%78#CY|*Wt~#YU1|aSgLm7(m&s`n9YOW`{y!XkWRiB79&8*gpPjakFSxdm?n*M
z7#4HK(tjp`+lu-|3AeBnc{qFy?)85Cp-7L)YgzK9=%25|;j}D{Xq#=lTUYc*dSi<p
zN5@J~gSxpyq_JD&r{=En$~L-0x*KQP8Upc!t~;lKTc%iF0_Gm74e2>w%BTrv1BS5$
zk|JD6*+L9rjL6t1^`qhaZVK;uxDqgNoBstBxH(jgWLbO@hIRUb;ZM4R>Z)<5Pe^E!
z)lCF4!LG9iP5diaNc0Wv!Ng2lK2H(p#No*D3|g3Fkm!m_U~(+pkmusiY$u1jS)?_b
zuPl!5G=w=<9}mrLvw0I32qNLLn@7?yc@p44L&j~5<Bjr)OCT~Oh86dI;@|(CQXNLZ
z>tmVwHJLAL)1X@rIp<U(*fr<ZU3fE>j%H)7v((d`;Fv5L_r!1G^b#FMw)KEr3ofIe
zA0P7l?$=3RPADIMlT)Nk&?Pkwbfcg=5-lJ5yf3m<=ddmW(`3>&-8k*26MmF-lvz~5
zZs=K5`flJ1D0MgU_2(i_`0KFd9Pz^i5ihscle9w*F6EDjU3I3m!U?P`+uKCmq1Rr8
z3!i<GHpNM|h)Y-wNjUIKKzA(#HRqM>uMZXvCt5fOujEhkz>uees*!XPjf@>=zZ6c>
zOed4hdzoNCrhR5lpbKBO1Sa9+SJwqOAHXeO7JU9FEMmLyIFz_sf7+LSIxWi*SoIs=
z#*r`U)ifs`s=|^|e~54rZhtQYcSD}&%<{(S`y=zqDx7b^mWzzLnt=Q;`IM_~U-bku
z>0|$7UNV}mbG8;DDa?|KTgfk{o&+fK8_)tI|NYfE`O^Wo#0zlKaT+m`-0(xB>j1k!
zs=X8eM0Q2(*X^&JYVL4RBia3>*49%!=jzjpK$@I?;w4xJi!Lz@8{e1z<MTTURG?H@
z46u3qiVSGW1`n}%bZOI*CnLX`0{VXpu%i+n-{9J7^C$r=F0t)HSfLIR#Y>d%tXuJZ
zjT7u}+D}TjNykdi3_;102?zqBz#CUq8ZV#)d_RW!jA3R)$>`-}dgRBr=y%cW!K+Y~
zCGt4eovTT|kL_yo**|Z6o|=arT;7Up!32KH2n*;WzHp1){js~I8*4QldWWva-`R2w
z6Y|q#6!wde<g64cv;;*JwfxSNmYM>6f717u9NzALH(5l_aD~yJ>v!~Zlzhk&?*=D1
zCPNXpiu9s6cBuE+%I)0PGV)sj+(Jv-qr}op25#%)^;Ka32_EVL_P)fdpg?Bx2E9EQ
zJY5z?e<+6piS>E9Q}1B<t|Rc1JuFkrQ3Os^8A)NMTKtF{6;;LS{`e2<Ee+adxLCJA
z)zPO-2o&yfGoeXGO>BzchsHp<HQY06(_8Zk+(6uWlKY$QD(9JQnIQ}cf&7`*dL-b8
zU=ci5w9hsU5@KgUUz^;`4-C)(*Fl*>XP$f(u?v{EN$GTFi8LBTV`08mYrvFMt-NUi
zUc#1-=_XLD-;%?tnJ+)P)q!J)o4U=KY1*$*R+%}%*6^#3dexz2T|m5M=10@;htF~~
zjVi1Yh1oB#q()=J`|5{}HW>~c)EeBWF}YWy@Ty1=(vZhs#1Ds${{I~A{x)bN(Yn<5
z8_kp6d8Na7#6j{O-EqSN6QGUnpyl<0bNNr9qIxm+v(#nKZb8YZ>Y2Eq|2{Xt>q^E<
zqn6vkjFi<g;0S@cYvML~EOqeerfc`xRP_kIG=*+a6tQ*>&4BUJ9>fwd(GGA7WGQPA
zs@ce(Svru~?`b5`Bl$Y^pF`DO@9}?Q?f~;+VM0OOoq7qL3a6RMwAnL}gc%V)uif@x
zs#lz&uJloB^;YZ%mU1O^#iS^6rjiuTY&B2`ttg?b!?BSePCO{=hh^O9vlHCO_3HRa
z_sggofi}?jn-?%htvjfnx*M<hH;P#u5El*O2#%k@0)JV=Qn9o*Yn6N2Die#2Zpj!g
zT`Bg%1n+%vdCoRV=mId9FT(6eqVwjVD@Bx-&GEk16{U?W%D+Cm7kKDHYYX^<XA+<g
zZohH=%C~UE(kthqoCrC!VAj|Qve`MczKd*fP0cRjcFTYN^07)k{hEo+aU<Q$5z{4z
z%oGx#+y*C)StOx3wnl?R1>T*pZhv^9WdVIAMs0q1{I5;IR^cKNnCaQ}Wq6u#IThnl
z)QE-~eA275IyCJj!pR@5c03s23TP%#H)((koq6Q=6wzElPH(1Kx8aYD%jqBlpu4d}
zQ{HIc%L|b0jjr^|J#pWe5V$YQ3iKg5FYvkVFr84TKdn2dJzD2$AVZmqT!5|I7)|s_
z8xL@VUvOj>5XsJoDWXtUc``dVl$H&7j`{MNTr!Q@P&e9`@^ZO$Y+<?o977F&VL45j
z(xn!3C%n<%bIIfM*xETMHCmbH6)H+SqbM`I?}$FhW^efO(UifFAJyvlx`Hv9*P8^$
zg#S?+G0NRqcs84tLY(w*W495{UXy`}yoh7%c@?%jmC3Yn*I|qr;2?X%SxURAuD0Xz
zuH+x}^R5^keITbN!U^0mbi85^YQyKu?>?_%F2U_rzvUx`cL&n@AC$t&$Kmi1X!RS_
z6Y1Wrm%VwoE%ZAM46|G_^izl?lw|dY_dNZTNVUQ{i4QuK>P24~&}HdD=7>Qnd~8M=
zff;PqF;VV{Bm6?0#siddQ1}$|^_a=q3V5r<ZiPPCdyQ|lLCgBSij>wRD2kWSs3iA)
z15z)J^(XUakM(~r7B0p_4UUNFXwdZUT?uhjN|eX!F%&hrj&hl<bSxoFq31W0or)iE
zfpb7!PRT@=3NSmi9G*>-nw8&k+eZ;iL3c=7HQU>-??$#u4kS*5dT=V9EUJ+l>k;1{
zTCby3qp1o->}0Z?dw;`h3~XYaZqQPnP+}B_iU%Jvu&zr<(qk$61sQwju}I}|+8{ba
ztl^uUAfPkb5m5J_^zaz^rXAXESSyb<!k@5MIGPnl?l}>GZEJWzSoIsD{(oCTv7)lh
zDeIc!)?8L%=%#^8Q%+1#FyB&(-gQ8DXKf1NZ0X1_O=^rPGf{P*2JR4XW|wT1(5dwx
zHVwAP?vcSk)9euXA<pNoFE+yIsp0zj+Y2vV9^aFC$3!!>0ZZbdn6Lw@-$@z6arbHt
zgpyOp+73kv%yn!s4s&I0fkwxHR4P_nv4;LCT_|Ed`fKe`IgFyMU$5bAQ${x4fX1-Z
zw!d+TG&9KxW`GrO`Rb7~x-n!kmc+i9W7*X#;ZES^VIbA`X#9ms%-RD|4eaq7jsJ)y
z&TG!u<Ta$JR3J0r`9Z3Ys(LisL3O}T3Ji*qFM#J10rl*zjD^QU&HUU8scwaWm(RK}
zbV5F)a~rg%iq;Tc_a_x1>k?U3pWjU6F%j(`iW=T(U4G61Gnd9{DyS)swP(P#I|9ma
zHa5_^!NgmHII|$W{EK=-c!Ho;w{c;R2AzgoznAQ_d=Wi=Ay<FpFXtH^LpP{Wy$>cH
z=OHtm>Y8{EhY_YP7d%eVOb<S01`_;~F^p>K&OPJ%LR`w&@sVRaAy~}0zpi12_UcFk
zN4=bo9oXOmty)P!<LzfO4LNj9b^B~NOOgHkw+`|lo38b!S0m=5Q~s|TTA3>~;tZTn
z5c8CjtCrIeVZ@Z->}zhsRKnRDB4n+mF~XtXS(dZOaQ&f3v^;LmN!>Hw569amlzHZ1
z{4j`mQ_X$~x-onj$Q7w>G^--iS-taA#?1<E&7%#R(AGFs@OVYKF$EfxXnHC*#hbFj
zX<bz-b*Bec9qF1((NE08?iqvs>K-bn?!j}upMkHd>y&n99yY#ds_KMz^F++0jWI1Y
zjT22Lk+hG3sCr}?X?&gXQ_JEQxs<tH4Xf}SmFavQ@=|5i7SQ9oRi)tzp@bn4?WmVY
z&`4!7(Krg(;5b49;SpGz7%_`=&ri{56P)gyNHL0qTu+=zs1hP6CP>{8i@)}Cg>&TN
zWFKe|-B`P?A6LM;$pe@_lB!Sy2a>8OZoNf55o36b|7*SI_Lwd0!Pk-RybluJ^8A<2
zBA|3aw3Tui*cg_wU1UGK6b8%2i038-P2=4N$ARXF{K#UWZGLS3HF`R%LK`AxiXbgw
zO4|LOwLsl<r<Gj4H)t%aqJ8=0p$H3pU(GM+P#iO{{0`YRKMb-m6F>edoR<6gfU5`n
zL}=Hy8jX+UzVpzQdBBmKFUZh@+xI?$Ebi*FH%R@gE&fwKc_8D^X!2N%h)sTm>uR<O
ziTnfSMq-!9k<K@;^Iwh(6CL*=64=n=n3`i~Ksc8zD&{L2B5L3a4s#iK#JJ-_C{IYl
zA4OTM2ms<wL%5(gTKX`u9kIF|!X!$<q#itLhx7z~tDPuruFB?Nz^WMbHxh{mIg${K
zW8}up){FE24WdKs-r~znJ)ak|Ahc?6JfeWLp{WZ8&(Sum4C?WUc7r8trt_+tD-~r|
zsGIe0r_c2YE~csE%Q~oS;IBb+{U~@Kt-Sqs1Y8Eg<o{<<<`{;|n&mtuk@toEjS#W$
zN6y-$O1UlvorDbM0o4+|1|#m`EqE72V#*a=?bM8;hZk>K-o}YkmDeKIBuOl{F3y@V
zM&$F<e*_qPj;ak;S~3sMA?NZCB0CLZ%T0ptS4A@J!bcl#`jIkRAkFP0@!bfc0x9l{
zXF<zLdj$GlNtda29hsU^z~>*3>i*Yku>bdUJhPc9h}j=I6nqt@EfI-9d{r0e9tkSG
zOiyhmdb<?r8mF^h43u;3A_K2vP~+ekL|ij@Yop(Je?bQj1}T^V`X1C(9^h^j3eI;B
z)sJjXEVC2Q4mGREUe-psg{mzEL0X_i0%~ipX1p)`swZh4yV<K3zv@7()AAp4j=k=u
zHlTX|A-vtWLBS?9$U{a|OW}(iz+_S@^J;jlcfhu9zB@_;fF=>eWo6eBh0Ue5KU*>u
zF$7!$`*BW?zx%mGO+JA$nQQk}B`ITk^J}K1aT9$aTMki-*=JxkT3v=|%=}3`iaczE
z8~_#7LB2B{Gn=`62ix1uFU^P$+bwv=z={phaq0hc?6zJ`!TbNIo*@hCSlS(Pl!Mk$
zmS0O9HfX%R{EzM@T?pmIH2c2+@K?oHHoqmP472|CZg#*{$cFp>*Dn93;Wgb<2}_@9
z6)rvspFpHeDiO$QA3kwP=~UY^zLAFiEVJZ)V{W~xSI9T?>V<2?4wbLU8*Wg@ehfc8
zW>86!hGE;xjrR}gRO&?;Z9Qd#3m>?m#>dL7n^i+Z@JYJ}H{q99o_3Ar=#Ncj{}yiZ
zHY7+_-33K#z)NDo93kuOA#7-tuB_)kIUtJIx8>h$fD=2Fy4TB_QSA1vN~4%nGpg<f
zeF(oSCN|JczNd4Aa%bO!(N;3WMpMeBMY3@=8uMM7j=Y&{?I|-VHA-(q@u18ZwB89H
zd&A)I!3@!SAZ75)jcmTBYtJzEm0;61on&&lU~vt#A^Fdf{S&*((v<&gIlmRF<zC?O
ze;?CbhSga|j$raiGQX<l+mn5Ekq|iD>XB&Z?Dt9>1*l75Q=V<?Gm#@qSZ2lyr!Yzt
zA>X1qxqZLj%({*~Zr^{ssy6T9DLt5K9p*<@l+6I1@+R>Q-yN%c0@+5hsjaCvMA6Ka
z@t;7ogh{fT5jJwOm>A1MaKt#(Fg3|P6_sAK!e>&GdH8ByKObjcZfYI|Xa20ft(+*F
zsfbL^p)CC%M*2U;&vz-DyW<daP0aqcfG|?RI%eH#6!#Hakcx2q&w9?o5X|f(LKD_i
z{GX46nAgY{$@N6QP(!CK;baz!0yGb#Y9AQwK*@=`!s3y`WF3eBn~x)LiH|tXqdqGS
z2!v249p`=h<{mA1>T&x>nzhgD`vw=T{_%}r4yxkUe^tfq<uSlOrCuT+WwBzZ$1!6O
zb(f1?ay{aGt+8(9jlzI62QEb+PxN!;O{5{L!b0Pdlc1l}<nTF@D5@d<mDpy}fg<nJ
zP=9<?Pi7&>d_Ku>mNzrh@NfSuSI~;Ii;4XTuZbB`!Wi7wkkJE{xNba|mM2LZTsCK>
z9v#mYOsmgZ05wvLvuY|onCC&a`K{-0XQa}&Cy421?>7ja8-z?*7Zqsw1mdqb`x04}
z5##)z$V8=zEmI)Jg|j^D2EobQl|jPo5+FD(ITOSch?B)an&wZBqd7<{1{)jzVnew^
zBhmA2oC;OyYNMWFeB1@*9s}#oxK@4HJ!E>99P7%CBSD-q5$)&~I(@;<BPSN8y6TJF
zM`5TpUvi`%W;O3YsFYU$2BcEUvUbcW^)^ct=jG_%gRn2zApReG5_*AKKqqGb_ovvP
zI4A1=ag_W=!a|2evf}`v2Vpb#20Z4EW62CmAAsU~FP7_MUi6X#u_J8F;lyfym~G^X
zB@9I@rUaK6z-)rCl_kW3A@mggdm)<eS*VMg4nN`C4zZ8GI|vy$ot{cLoq{P!K}9gD
zvhQqiMcg2ol3yU6x5k140Jt65|IwV-1YtKLgeldC7gWTFO-c}Bq^16g^Iq4AD^f5o
z3Ck27!4pgPY0)$Q^4`v+B)<J5Vzv-?2AA>48C*|#`Cj|qY~rO9T00Oi+dN?{_;gwC
z+;B+#^w4lV$y?GY<Nd0i<-){D2v?0@R3@JQ0y{s2op@A6mmpk7Sl}%vw$^igx4m;l
z&3=SG3*)9}*k9o(?7Yc0Q7v62`Ka&Tk;5&UZQPyl)Gjt7C{vcdvbYFHDX}7e$s}zl
zdG0)+NB#PUFii=4UiCW`zksw+km<4BgSeRC<F^xkj58Shi2)WOW`tY|2a00wd47vN
z^gYOI<V-KY!kmRS4I3!z-h$^5pK+~=#?dMt@F<eSi#iR7C?mq$f7`W^7^l8%Cv6Ak
zKrd|>^sqx|Omf!Gc8RV$@rRb=Ep79#k9K~<K0ou>u96`~w{8C7(0Jp=6#ZMIzBl?T
zK2Eti^<EI+l|8<!kl__YB(;UZPU^2ZjVbl{NfpcZ2nKR%{LaVoG~svx!)mla*vNa+
zhO5zz<?X?@2aiL4lA^kZ8hY3zU*wXMw#q~kgAKbMNHVp=0=NlVC8Bw`hM7_xBj9m-
zuIr5_?J$3Dvbjwk!lV<NC!P9%rzalEE0D$_ag-syw?7HO=5SfVLNK7LLuk%_(+^n5
z8v-42u`Ym^7f}wcaZ%0W?3?NQ0r`-D8}++>2#gNjn-$Y4pJ{c5h7`{O%JBqaFL>)q
ziA4-qFRG{6!>~qY&*iV}q9M{Sp(7{e#I9NmB4B-`K8kwXtrihU^SaS_k@REE*GCbN
zv}~4u<@#26T9rW-S9`y_46njc8`4d4^yM?{_m<|{>-w`~{lg3O*H^j7Nt)JUGgU}`
z67czlft(R8F3%L(r?+0+zk?xdAh6?;1$s*PeR`S9UGmdYf|nudN3X0<SK``pWOh+*
z53_IIOxZ_|2GO>n8P{vk-@|XMj?*Kf&#1H%+x#`zi#u=ekEXQacg>L=v(K6b-D|Sg
z5F|&kNio?9+h1neT~}h;K2&e(*H?dh-os98zn0&iWM9*t_1ubAs&w+XLsGuEb2ZnF
zRW6dt?||Gi7my8;jqSLIY8?QMW}yhZ)VSiXsPS-t9K5pOPZvYu&1uyo9~npU&1te|
zk~gq**1w1wxhq;dyoVDMS~xl7o@>lKEKgM*UYS+Zm=>R6EFpoWtn53`YaQ&^9#e6x
z@|Q3jMHnuVa$Zk#Ll>saCH{1Vf9GuJ<=#wFugF4E+#_gyzfWk}@)KqJy{2>NYc|{V
z8P@`@lmKcPywhodzY<9H2@-?bz-jP+%{LWpvn`2({>y2GFmnO$;l~0Z@0yB#GRv~Q
zBAB(kx|H;@9B526D_=lfDWjXzi1L>A-RLsQS^@jQJ4LEuA*<dFQt;ATu+@Bh#P-bb
z>4M=7U(!!%;;px`J`MHhVwy`%*BmgR_S5cCox>`mYhbcqdXgAQTo$Ah{3`XTwM{2K
z_^};kzFYEM1sBEM+b|J*0@+aoLMBi(`3S5h)K<;<HJjtEvO6td2&l%7_jHmTdZvoG
zip(xpJ?n;{-eso!yJoFW{isKykHvMQ`eQ2W(5+yo*7C-KpnzJV8ovNgw0`U3(WuAi
z_O47}ukC6S;aLmk(pP$kqbpI|BO5%bB2QBdw;t+Hxah#>G_F!r6ojgWwDzJo8fuOc
z$ap`T#_n5}&Pj0=nMGen<jll`JNv#<GQ@6?vh_xR0Htzh=dn#t>7|$Zt&s*{Qk6{R
zUX;5symY=Sg}YKB^1FLbiwZ*TWtxBcwvvM~Sh|=P2aZF#fisC@p}(&pYJ_Y1z?R+}
z9SSm<YYEhi0F0uEa#(U!r`MDkI5L991YJ=B&dwY;C(X2|hyW|#3v5Ux{;UyFjXIMA
zZ3pVrcE*78ZXkq-U4)cx=mI_kJn}Do>`ZHM*g(`+uVU)iD!9`Ker(N=8VTB)86b^t
z;UpijDB9VNrpn(W<-^vGrXGTi)FW*Ah)>h`#GS9|*?8gM`Hu}_FX_=e8*cpsShlg1
zVtDrAh8@DqZ-4q04jXwDu`BsS-K~+;w|`WBVceSU>K#_k=E)HpSMj(Uy?OqX?hzuW
zZ!H2d)V8C|SPvZ&$#L73{{0c=Xg6?aF2`N>|MjE(L?db;0yk=ly#=*ALoJEe^us$m
z#Da2h6LFQTX=JfDq*4nQX*Ie7i<Mp`pT_PE&(~^;R8iIz;c^vMWCE5&mcM01Y#o>!
zrVb!)*jY5QB&N+AYOJKbNzfQ-QM3Y_!`e#X+mu_Zb0#&k;-&DyXiuk1{dNSoPvuX^
zSmfPDrId8MAA5%mJY#15UP)nT{H&iB%A;4}^uVIVpF=Y~H)qk1h0My&VmEzg=*v7Y
zk6L@Hn@xFymu9+x;aT|Q8o8y)*eL_AleeX+Cbp9=hsWnckU#j_O0~}0YyJ3akq<<5
z#;3aVqBY2K+qze|CEAmv_86^cz>-H2P6Efu7fqSQT$mzNgdXp;xHE2^XQ0$oOQ!IP
zUR^2lX#XLGaogg<Uc*e%fKR4-^}#27D6APck4kVS<JA44?K8S@m<(oHTu!$5G3Y(>
z&X?EhprI7?b^MXWaKD`Y^<?iZ>rAA6jl<|U-7|bx3ClFSkd8@4|G8wGf1W^H_U#2q
z^vvH6_}v-@OtZW!PnP~_WbWKnl${jAVh9OwD1R|^?)$r|!bECNYHacUL)BXV*U|If
z!Y9n!FmuDq)G#M)n3)+G#)i`{bJ8#~Gc?dJGc%`QhJX8h_uiR*=FC~o+LmQmlD+c!
zS$dxT0fQpD7Ale)KIa%s-kni-uHP$~ULdZEFWW9i(LkrY>a@{Tk<v*_RHU(G(3{8e
zD#8k?ZOgZJm=mNNarhWf=S|934B=Sl>oISt^{ydcPhDGTNy_7^VecMUQGFt_*_bM(
zwz*rk*%25EAD{W--JpCexoAh)l*S_@;U4ve)HzB5W2@SdU0BOI5OSC+vK|*}n}af<
z#W(g+gsrFqSF)U~5c8f_Gkm<S;&;U1EfnUY6}H|V9w$0AcX?{h^`^{>W~Fp^<`U3K
z=7$O)U9oG_|J#A*U2!|-@ZqO_C%}^J7>Ko95uulees39ngUaX7wHRk0%jMYoT6tW?
zrZpS9phFVBoX%M9rB>?Z^kV}qyNU6cXC^)2T=GMWu<#MbQ|Ot$`q}aJZ7Ja?KRkQL
z=6Cc{p&XU+_zMSHOW>{s{dv|D7lOQGOn*TWQYL#-h(5>tA7QgDa^x_baV%~u=?*z_
z$J*q(8I^GJGqRf^uixqncnuw<Q$?>II;QygAGX3nGpST~YSWZaW@>MZqxV0;w0s#5
z#TC-AzI^_xeypMC+>lxN=@H*JJp)U+g@DEINc^TLI-5-(K~DGQ^mKU{Oq6%>6uE5C
z&d>t%q)Kn<dI^pryCi-A*YTIg(q#HHTB%X6*mz5Krsbl2X;Ciw@|gv$qUgkWtx@5T
zH6s4mk3y&W%S`H+%vt;MwKyl}YE8SvZGp1~rP*#uD{e+fVv|jk0&pfKGVlAgxLFQo
zEtqThgPyXiPK%X@3gt-;6v8aY38r(xPn05OBWt)xd<bFS<pTx>{V6c2-=S44nzHA~
zdB#~HIX7NK&l(q9iiWBN*5}(2xprVo#xc%VY7HfjG2;!49%2vo&e4O_)6tnsfW6zF
z8H<K7NP#mFuEyn!kENQgzioIJ6sECYEFy$*GCiK2FeGo~wO(TuBlD?z4!$J_-uzO`
z;o;8wB_-Q=>Q)x5!do~puNwHd#f*vfQ*w(3fKvUXDsQj;1g_&77CZoLptmyzbLB?U
zKt(&ADcGCi#Uw%GLNxYCN|gMI<U-`1SdLW(-Rn(vrlN8x0~s2av8V?ltmQq9yr&Co
z{*|cA`Mdb;_qQX1cInj2gz@X4gVgx4^r%38Xk}h$Y3lgIy)f6n(oG%7ElIBQV-s|$
z4>tBu!F7@P&s&Q^{&b5=c1gh3qqW{kQP{hgF0^n_J=OyK|777*K2(X#o8Igox+)|m
zoO5>Hm+T*{R}C@c4)L=Y@f;cW)*8+tEE|-`NRxIl6%ocMMNq8gftO3Owa!M%a0^q=
zSHKKMxhy#}lx{g%|Jkn(fr@q#+lOW|=FOYwH{$2XbLxd1GI2?(P@MBNzRi@gtQPho
z{9GIuU?N{bqIu6yWx=B~q5L4$2)Tbd)tgERC;9P-FMX1T=8(Dpx$ajZL?L2ng=ziF
zMqpY%=?3gpB1it4#zCQTe775unVw8fqLO3<^sWqiy~V^6Ls3NM0NuvUmMv_3g0b1L
z8Iyd^_md4sxrZQ}26EG64E<zd)sB{Q3K!q&iG|}ZP4a_?(jckDQIXRR91Qokv!N@P
zX`76P{Qd8c3YeLlNk5fyw<^+H%YFqub!(&`GTtObvxm~B6?d9pWDT%x-c`Lia;dsZ
z2|n&Vy0MWz92BdlgN<$GcTpHvM-h>sm3kww1l+;_kB-BNGtw$>_P$EMgOpCC5#)Dk
z067&Jz=EU!9+CjO)gqxn01E7#hW87d;ZSjnD?XF1L?6PwMA@-m628NoAV2~@ZzZS(
z5Noa85#eCryaX|R#?dGP$Y%dAORYiyDANxK06z4>zC;Y}0YLbS@=XT7ig$C61R~`)
zG65vm@qf6hD*!auTjV`vY>R@o|6R^3f>_zPv&yd^!kk&5a=BYn;w^)cF9jh0V`5CG
z;Ve541dC6xsicBEbh$s{(g9%Ha?c-9YZQV#x>+dUgOhZEJw=n&-cq;d#9K#)chLV~
zv1$V_mnU7naKI+LNk3Jn7U2QZc!6$W8bM~h1>Dn16?~{&fi-<p>X9g!hoem)0my8Z
z;sdZPw*#>x@uj9lkUCF!3t|+UVJHr4DkT2_fda_0WpA<+%M@pi@e^TlVh{{x6q&YD
zxF4BRP1Pmg3<yh}D8YouzynU*d2%ab`9a$~o>9Y?izdh7d`T;#zH!=VomJJT3Y&7*
zEbF4_yv`w7zBzCYC~KebFUwlZS+{GMwbFFHq3Pao0JdaOO_M{LqqLQB(<H63E_s>O
zKBKbEs%eF6kYUs&Nwt1HGQIMe4Y*%!R{lJxbYu>PFZ2&2Q6!Q)*^;5WsPUOiCC^lA
zw9K+H2}gUmp=mN~j-O>h`=GHReNjtDlCsXj7J$7=!O<P<PgccPMP)&*4F~R&elsF4
zWy|muVC9gHoV6KT0R}Y~M|~-=5di0VJ3J1q=aH3YN-F(_jVGrCz_>@D?WUT}jFd^2
ztI4xGX^j>nsV1mFuyATnRaT@on1wlp$ZN4K)UsIb+t#b8jcXD1FBzsa)>$pI6&*ys
za&Y1fyLYiRDny<pFMlpK`wx_GOhS_bzp-@r^QKu^6wvq2_8C!i-`Zpk@AI{rM&OJe
z6S2%UQ^kIwKGo-ZrGR}X(qhnIO1Oyrd~F*!X(n@J#E`J~0|o)|t~eZ8Zl?{lw?nyD
z${#6b`g>c>c6$^V#T|28NZKVbxUAF}?Ui<>$<890IHOmfs5JT^yH@nD<_8=Fzq7=R
zzq!%^nz+=2bd+s;xPs&-Qe-b7Nt<1pPC^}Q)3Aa(8t<Q|Y;<A)nW^vK;(-RcT#qU?
zpclo<=53e!$)>)+*iA&Z)9wP@jDCsOk6$*A8VoMYEE3GfoQ<_$Yu<RfH&N5Qqf%LX
zl@p{OBUIIJE(s<h93-Cr8AxAoq{=EY&PW?$s?R9-hEKD2j%i47TQBu2=*-t>XsA!A
zuwmYikYa++;AEZ;Q|26Ge@8usvIO#3Ch9h9PKyAzkrFU8-TAkUciY(XMa@IaYUBVO
zLy@<DcU}{tGX$-#R-B9He((#cwz^*3!X4Bw%krCbbA)l1p?`mmKTMT+!fC4z`&wSI
zqO<cM_Pbasg&|QKF9_n#O7j@`KR8PwQXKC`<1iP#`_tUP$iWF2$UK5|CA#+e(~QB`
zWOb%h2EAQtez^7fS3WG(V^)(xLodtBp+TUY%F9ThP~am*<4Cc7dTqvHLp2K@=R{0i
zY8yp^7?ud3bQh;en&I!y61_;&Zu|!Fj-Kl~j0{!;VDT3k`Gn9mFkz+-DfE=rJ5dlQ
zl(z2WrQDOG)RzU-i9hl6Lu-^*#`t^9eK}@xtM~EdDo6RGj`Ty&d2t1XySg%1ZAoFF
zOYj7u|1&(r`)1H0W%SXh>1xAP&BozlK)!vjt@<tFN|742&k?W$x!4`GTt(kbL{+6e
z*QK34SCmv<G4Mgnq)v2~V<09X;2Uqx!(PO+jdzoE5sz^j*jg%_#_lxnnTD8KJn8Y6
z$L?&|_sT!XAu^aPKF<6VRQWTJklhSq&r@WqIL&MRYP4qOFX3-Kfq;Tc>;dWSNbY~|
zX|l<h`4E@Mj{Ms<o8_Oa&v@P3CS%`-3|<NL2W+`5Hm>8xwe=*&42oOF>TOl4n6rM8
zcVHTi+&m^?2i>z#@!M~Z$^V-E1ve?nx$WU^yAou+dXSp%tJ!Gzz~CeTL!-FR;Abkt
z-+(DzDF=q^qKsn1UR9p9EdaVgCyBeaF>eW;E`+|EBEd9?TT|`9vJGCoZ(1=SB|gZQ
zVgp1i-7zrCsx^)kf6M_t9^z1*+E?lDeOpbMYK?X{NSiV(xgcK7LUku-f$t~7OLXf8
zL3gTLylT93olGXhDkW#thKm?w8b$foP(=i*{;#Poa^a`y27lURSUuEv+B(WBD3ne=
z#fSBHo%O{)sf7NigU?p93Xt59r*t0~hE#l_UG0M29f)N$?Ln3w0UZKpFQOwYD@Ui{
zxP=T_L*VZ)^R;V!%$|0*4zi<guU;chUim4>V78kA7qau*SF_T?*Mw5$u}}p*s=iUn
zc)-yr1*;sxnMbWB6MZ`3henI)q`!vuV!%uOj!b(Pu&ZM(d@sjuA4N)T)DHDTBlLzE
zY~CeUwto@VWW3CK{vm6$8PP$QHK>XWYOp4PRd3`Ee5AOm=Qm10+|A=fDekP}IeTsV
zy5roUI+650r+@`bTJijt1m180!X)(@XNO{vw(aWe#$R@>yj0bCFo6?fKl)`v$yR^H
z3tCnRK`bgAHl`W)YfDQt;+^m;&haLKVPDJ&M)pUHu#D-N5Sc{(f$&^Wf^{#623KDU
zR+j@_2Sg}hHOQh80Dw4@O1#y8!^PmQ6Xu_p3u{AYAto$<I6!*h^)v^KX^)|8DM!4;
zld3|~EA0?NcSu;2J$WEyS^sH&Q}&-^)dPfP174P<WYZp7fURh`V~u<c>sdSp1bJ%)
z8xh35&03cX+jh(5<RmaIjwX4|Uf#ZSqXbLT*cs-Aq;b<<2mn6QU;owc%5@FgWU!P!
z2Plt1pLd<cp5xR)Onc&+SRwDbzO1G*In*0?tY`?e6%}?P;xre07xM_$+y_P`ez4lc
zQSpJg&7e+J)7V-)IGV5&>6UOw!uW(>hKg_Nc=o$(UeF>3=a%Y#8rYci4e=##f{AU+
zl*b^!y(MHx(6B116{B9z7-`V1vJ=yIrL;iElrf)Kncd>$C`1hYOAi{up;TTc$5wPQ
zhI@<?a9+xcehWIi79<db<bEy48*eRV^X8AV(hu#eCa>vZ9u;0m>>vTCm25gXm^$XL
zcGNc<_IOu+I>g&3N$LEgNZhFi=TwWi18Rfx75LP;1@<NmV>~+0M)bvvYa&=@^0HAZ
ze+-zd*Bt_dH5d%QIH^%!{Q_hhsM><(hk3Z|`^~h{T+^=I8@i<#2Dj20KB>U(VukOe
zTouDK6}#B%cnep*(|`5x`U>Y868e3THeJ0M7%mjHRYAcMZ2>KnAoWWacVM-6$P+6#
zMvMQrN$MwONoMm>q(>xjj8K@}6y9JB9Mc{{Th@fDMuYR}$S8Jj*+3v;drlgwoYX(a
z29N#&Y$uR^beexO^(Al3ba+TtyioXh$N54!O1*JQ2<35|#WCj2Un)3zMTv4UHu2l$
z)FqCjOy&}k+GM{}>`Rl#S7ov2!7nn05XGNjiV9r^TOCQ#D>e(6d!f=W;0fA4#WAgl
z0ASOuyAjEmj#=g(6BxxK;nRFQ-Iv6w9}Zylv8SY4w2rp2EwU7k1)H+%w_chtj$*!F
z?aD*{7FxX4G$!o(yTMED9a3bzB)XpYNK(0e&ucv#$?!bQD>Y|K=QYLF_g=Uq-+0g5
zW?B0(>gP<Omsyq~JMCFnYt34#S54EsS1kA<9(7eFH>RD~#npx5fy!%8`Lp9bp3tqJ
zo03LOO=`cPZ!eM@{>~{%$DTzAsl4#JWh(AkdH-X5ihP3Cuu4&)oO;2`^~cc0M~{l9
z4qTqQk3(*Cdm3Er@ZLpg{}HyYwc4y_t}S{(Dz0(Hc#T%U8;Lr6xus>?qcfAkoq?IV
zy|%q}da@jm91-xHv?g{byKp_*QzXUNnK}$~{h_5U*MwAVie665-PEO}UgTQoHE9fd
z8Yz#q%}V9sF6RmL2Z&~_v<`!1LDh%3Qoln!my@|t<uPiPune-g*Gwt|>pqYf821%g
zxhaO+`G}LOaI!Y2&Ko~x-^($F_}Hwp;d%~r6J-9x$SJGH2(Gp*iLKc+K6d?PoZJSN
zBuMRQ5*wv6RdF-Ykao&s|1oLV2fFuI70HT{3K3-fh!fPp|MuPJ&h!e~VlG{Auo7t)
z-mtt!Z%|@Q@s)+pkyybk-7co$nfzOkK|LE)(FUHK;Xu0x^+!%nE8X|{@2tan$h^yz
z)<;jn2ft4JO=ebD<?3D-sJoMxu_`!a8?B6+<rJzY#~2cP5S(*#x4ECZ`*7SA=!1Qt
z+?Ofmh70>&pNWYTjbF$uMIzepU%i6h8bwDwn&isYi*_ff<;f@LS05b@Rt96(b~)c2
z58v`<I@DFSyCq*@yKfJ>#fh(bULIrlK2+CGo~qyf{m1!XK8U_s9M)2+lx`@qe-iGl
zzyr?nc{U)}9&71ylnXzU_ZQHG#IKqcJnx_L&$arkzEsrrk=-NX&2qCm34@gCM53rI
zr^8^tH0Z%ezYl;BYg&S*w;I~{X9Q9R1ZCVldq{Iasj3a%#>sdVRaUx0mkd{qJ$}Az
zPZ944+fsyujuY4WQN07ThY4!dd0n2662GLLTYmRFt*8lGkLc(N4}X=G#qx;5N_xVO
z;cR`Z4~(f`2Rm#X#*Gw%uzTMdJn_|2+Ee`O@gzklFuO3kO7O}vJa%H#U2S!*D=y1z
zgC^)0%I0MKBkAmbvVAuxQrWz*aku9t#}A=>%sxZ+pxbnjC|b9!1W|#w+$1p#nx8*I
zfn`W$jT&EFYK<DDH{0be`5EjMYx>Jmwo91(*WmRd)XgYlN4{57t{Rjp!nxS~Qz%yo
z>N{<`k0j%ypeq=dC&BMNhsKG4V4C9CmPhL2=W*Lo<@C=C3eVpvAwCvNzkBS@a=<$)
zhfYLnMQQkXeSZ{;c&|w4>MwT4FehM;FnD_Nu2g2sq@*mL*Du?v{&3I63iS>jEMWA4
zvJQQ*&-uRS8<!ZQWpP!qBCs3S=p8|xn4@I9CJ>QP7xd`cj`u;5?k&z=K*6#ojZ`Uv
z0TJ!5f(tXu#{!~0LY7H_IAcW?mFdq_Aq<T-_l7{Fp=KGN+#%m8C3p~WOZMKQ(2DyW
zuH2lAWaBHIqQzR+o&qaOSVa&<b+soTeG(39qZjATsmF`E{3|FfJ7bz$l@MmQd}Uhb
zLX2E>Q23g*`joi3y-e9NSEZOhIMSHJLzUxs2oJjuM@rAM^SxFOkH+x6p!KNJ(uIKH
zF@s7kD;v)rV*51JMQRPR@{uQk*fE<<Y<@;jS5jbp()#$YG1V*5$8T>b{7bNNF##SE
zd+wG9JTkA{LYP0U!#>2B_pyD}Jahjr5?JeokkcUhQ1&KwF!FIl2-rrORJMj`A<Ppj
z;x!e@HE)ncE^}9Tab~;fqsKZA(kpr7N#A%zzf6Q(UC6rJ#3C<u6V_QM2eM!VWtSPa
zQelAc)s9foPc1szjO{o=H)^QGdCp$!@A{W>Iv7<$vYxc*Trq3>!j~s{hgLcP&HV9b
z;r;SmpWQj!J44pJxckdd=cJbz+%*~A=CC*0hNByAZ?v9EBkJkhIp$mOQnu!Wu&hSl
zHZnNKBrbjZvlatV=9wY)IKN$jw+`0@s3)|33;cJhM;jX;ax5$e9_S4T?Lip7HLs#>
zy%wPU(Q%O(BGvl>reIVk&h-TII32rMp)_1pP^RLLQaQ`pF<i%|qBI9LQJ1~bT>Wf5
zno@xronDX(%A&&w1yvBXH%^~8Il_2X#8X@6X@P&gcCU3$(T7Ubs&lA__bWL|UNRK9
zek~%+Omy*GYSq+Vpj?PnQPO<K(E5mdYVo=LJ%L1`W5pXm*_(149mBi14G%5Va!Rqz
z5`S?d<)*Z==qyok82NP)H#eItPSA$<yI<Z3THdZE>BR}ND`BM=q5#U=d?;BQx?^m>
zc>ep-ZD?#gyZb|^!KhGD#e2|YO*XqzMdPrRtGv8LB{Q#0ZJ6k>7=et;JR8M!AXEVr
zc6>jLH{!jAx2WMDH{T^onDBqul!790K^I_3=aK~1G#e>sfsJ>h3@u>4yumL8JLnvU
z$+__4%jB{MpAQ);Y9o?9NfhUM<I~diVXv*;N^-oDx|(`}J;}8s!YJfyT^*OAIXtiR
z(>pvhRGCdnMP}nIPZ@ANPpHm~(^z~QYmH{bge<_a{;0+iG%}qjrxK>>+`}=M@lO|~
zLPGr3N5O&@Am=Grsgk)Sg}{3J2$^=v8~iw?y2kPoK1fFLa|<8I8cQtW51A{8!Wvv9
z5CY9i@u!dN9<;SVm&t;Yhh4I0*+$$S_bB2Kvt_OUiC@nNqi*)EDA*uH%T#s|vPlYP
zlTIk|N|k(QIC6{`uk~eW`F;yiZQ_FURvm4qg>wvH{j~W?JBUlOEoQ2Ok@Z$13K4Q*
zhUDf$Ga#+I&@H&5R8)OJj4%P^6m=KFN8(lQt<w^qk-3G}iO!xjK<d^d*bxLNVw*-!
z#@NW&)1Eam-e6U;Zt`?~_q}oCa-R0LdO4zgI&0k~s&_?(yDDz_oYr5h*8&9w3o?)I
zJ<yl6tHKEHN_Ec|K9N5l)O9V!;$1pD!`Uwj%5>gRRy-1$=HBJ6xoi1!YEC}a2w(oV
zUFXJit9RU1L{+P_K&P7)JW6tm{kr`_V&0&!2kVeWo4#AWNh<72Q)~Pb%G5vpJN;Fn
z1<B><laa8r1XDCuf>C2`lZ#hFx^|;@Y+iB_gM^%h+GnM?x*eKE(WPHX@`VR9<dA93
zHt9tLrckgK5)Vx>70cuPSj|_aP*Nl`hMLFoLdbJ`a;)mNF|v2j)>N{4`6XYK`&R1n
z{oYhNjn7*d9WeFPpdVYLoaz+n4a>mvH5Rvyp^Fhj19GF9ENk+6pFXuIU7}H3?!vIz
zrb3wzkdZxJv)Ah0UO`-*^VtN#VBF3BC<z@r(-_%Aw*18~VJWMd_a5{vH0QWpw#$nT
zNi4M)sQFOih^B*j&r$luN02879dG`){XOtERIZXL?26O@zdBlS>rWC*#K|iQ+3%wy
zW#Wb1nxxDLpCF`Gbfw}P|NpkvG>g(Ev|-;Ov=Bj*B8dK^BKgghBnfs+*#o>}QX)gV
ze1`;zOy{E`0G}DutvlgL8%5BJpS@e1arsvkhtQ5I@;}2GRz6&E87W=i)`(a24N?89
zu?(`DxU-ej88Z7w7JWZJSe%4hFp?D}kQwGqv@6X`EVxRnDY&Y5`ds-HNAZgc&;2y*
z1omhxnQdD;o+I%?6R0bcbNvCQHP=GP^n^dC+|*qf?+ZOm<b>f9XOL|h{<E^8Q9~C$
z9O+gmnpNQS94x>6eDqcAmg~Ff82IlQ=nDhk-)Z62UF)%tO&-G*Uea}wKh@Or>k4NE
zq0<^#S!_!20}7d$G~k)w)P#pu4iVJ&R~EMRI=4#}#y1a=)iM@r+s>jgAZe_OTZY5n
z@I`;_)o|G*pitM49cbQ0F%?2We>#u);!vE~>G;x;Q-L1MMMEQOQfZy1T~+_gs4MR`
zlI!qrLhMYF(s+^i?!vpjWURn;v3oxbZyym8VPijLJ-E)idX!rf6AGnsxjl)FrarO3
zJ$z*5%HHz85=r>m#4==5>1Jh#Oz_K~sbx?nn&6l;zh)rSxxoTi%7RkyOj|$b9@H~7
zWVD2z%i^<8)D^=%wP7)nJXp&mLda7dP4G`!x_@d`*Eyn{MeRNhUB&Ql=CZ^(u!KnL
z*J>F=P)%Uf|4m^)M?=JO;8E%LTp1lPq(^9}D@;Ehb44Q9P?TR~OZ;76z9_^pbiUFm
zokYA+ZZ=YbOF!+iQsMLH=Y)Ow?SdXuX%Ct|XOG-j=F=u{kW9W6k;6{+Qv4l{j-kV>
zlTvVW$|A}oZ!OlQGeY-%YmKbO#LmQSX%btD;W6!q8Q4o)w3$J|2^oSHYcRn2nkU?q
z9&~u&z&jhw)-Vl4MMEZ+d}$b&F9pVmAQ{j4<A+L$lyN1<mo$199dB1#zf=*=q8hfL
z&`~b=>yT!7biEC#H_4km^JzC=BXY?;&qIPK!>s>I#PA}Tl}fg1%A`bOw{(ntk(J^%
zR)20iSvLa9pr&Ym{+5zGmi>OOJaBkOe%lUo^D*|*j}~oj@3}g@ZbuiYoo2U#eq-n2
zFeXXtv8$QYNibHs-(NGLpdRxiS8F0<s$oH!oUU{K;J#NmE4_bNn|v_~{${slI`)-Y
zDq!?Qb3;JE(*N>HA>PBmXudQiba&7A1?Cxm7*yI%LIk3EZ$XT3a(bgGn<P##oYur@
z_?07xd8AnD4u(eW85ei+V~w=#i1fH(EN`kIVqfF7=&n~;eG3f+`=K``IG^;%F%}YQ
z{N}<@2C5GNjb3Z3q7R02@;3;fk~U^94V$6plpxWFL{)>OtFoE#aa0kl{Tv>{h0Yc?
zacg1=UC$8AfspB-0se3Mbv8T{k5Y0_TVxAjz?I0E!;TWS?biOn>iPoMFZGy*+|R9l
z=#&~5vhlV|VSZ5-+cP<f!>2ohk{&{YaUf1di#OTjG}^^B+oAs9*d!vvEU}7#vPQdT
z&04to{u&o}-s~ae=8?^WaJ5yqb;$nJVvZl8)1@LcK7v4c1xpd>vJPS@{@CdTQQjTw
z@Ci!oH)@PO-gFz3n(Kcg$6F4bSR;Bc9CI9{-G7RE;);2Wi(Wt#9+i^HOeu>d>h=Eu
z)n<Ky{$$cmW(G6ziX)#bWM+%+ACmd5f$KC{aYkZ4LK18Jo@(rxtU<65w!C~8v(xVd
z5yF5Lt`=tcI5aV8h`Mn3clrlpPcSrd>)Pe(lY4M`Vc)va_Q}a5QD+l7IJWh+^cUhD
zp9Bt&!OrjOd3GsEAsbXMo$h&wpt;^kXtbWzRU0uW-Oh0m@D{zpBwWmPzK{8a&X;a@
z+rON))hxDup{J_CQ4Gahj%_m#OcG`6$rHDJuQH=-i4m&Ip^&J2x{6W{t&FX&H9PS;
z$|MLuwQSx?E305!Pq`}#_)t^%>@tGD`JR28$6n-2d|#p5g}(Nk?!d*$y=Nq2?$VU5
z+QHhL9UO)UX;JIORqJ<z8c~lvi|95)OHh7&Rj=;Y3N?gU=4SyJLM)8i0fR`f;BiE4
z(-tP=a#dAHf*LioY}(~Hog1g#^b||ODtJ7#1@|1xgOfUD_3}O)LRjbditQVKWCFK3
zXkwfG>j5(OO?=uzVz-ppGLe=Scs*Wr)3uqA92o3Ad}dHyEDx09jt<6@6%uEU?!oEb
zV&|RG_Z97@L($@X<u~WP$eyD`4G1s?hG=X#sTGsE;^i%r@c{x=oZePm`m$bC1luIU
zhMMc_5>ADHo|9q~Q}Jb%i@L$bfSx_t!7yk6N5s<pDF!t?1pJ=f76{lg?p=bp-d6Y1
zc+EI?&w{G$pO9Nc!+1e4ZXaq37XoMSDX~R79yW%FyE}NL_leJWcSH!K47cQS<tGL4
z1yH%fmf8wx^|SosU)I++&QWvWT(1A3ON6yOmIu)|;$T)%j^)FvXACDx>4{`@Bs$3S
z^U$GendX1a^yX&iCJ1~{xMI2Qcn}zLwRz$ux7{7Wwa5Q3i*A#DXfd{*4P%4g@P;lc
zvx83gIGh~Vzy5e_ZP9u6^Sdx}enJs^@NIeJ%ZcC^3_p=E{m2jaxIi#Q`023yTL(>$
z?sFeo09gm^=RTNbC-IhLyfk-O#*%u?@@iQV6%%Zz!kzh^l)_mtx}W^IC8V=QrNS1o
z2~_1T(s|}#!VUPirD6W3U(I)4DuHKoSC}%s%v2n)jO2>1yV6=J$Suf})_HVa%fe&m
z)rkyzSMm=_d6AWl|I#l<x?6z+!y(4<>Uz*TBQVa2@o^RJoCDsz!;oBqf1MP67-ieM
zEklqlZ8W~Czx};3exmfti^WJ(GtW&z%Ov-zn>FjwZ{QEoWr)~vgyypFMz!z;FR2V3
z;`DQ9)+Xm`$CKfr)JT`<sbqRE?gPCFbudy+Lo0?FeW~$PNq9DQ%?KGDy^wP=uO_d!
ztMY&kujU$gQCF5dYw$REHO7d`#sO+;mW?tUbk-sMy6*<`6%XuZ9*2VXY!<Jv^#jxv
zmRP$%{quFt@b*>jVUXG1K_<;WABLt<RHYOlQ&h0bm+yZlN|ohvSi(RPK2$*^%EOa+
z94dh>IgMzfjbULRERnF-6)`ao%D<~ETNsGyV@@JS<va&Z40J;(CWVQL)^nD#92VPl
zZ4Ov|_{)Emk0RfWw}wC}Qg-7T2y1Zv{&k+WF(M391|wo-n6={7Ljs=a&TOK(P&x>M
zMCLyZ(9x9;10eucTYe2Sq#B;K^%{G(_MWcw5TAMmfbNwd&;+mfV+Vdu6ik*m%CoAE
z#Y}IGW(FQo`O8-&i<$+KCy<E1eiexOBUAB}>s1f+l@lQ#5S6TE;O~H_+?9jo%`C@n
z_qFrR?|)Qz4`|;pZ1yW5s=qAKyg?I>9%H@Ix3lwKT3QoVZy!t=WLIxjBym-44^J9x
zVD{Ar*T^I3TmJ4yYGUq&<|G)`%kr~oRQwI2wn1w6`xgVAUd=V=9p-ncpuc*Yx;jTo
zl;$Gb3syJUxVQX+CMPNqiiU?KQgxH@hMiZcW1uKE(xirm`d=m{&T`raXLvS`^>n0I
znx>X$;M>GeSiVn00*Vj*q${5IowcfLigc0ERE5?ytj<1Wz8`v>ZuY<B(TrVs1Myl_
zf;XFmf(@#ZC(MN?8~&C=RnLp6Kj4CWlue9f5K}WzFj7rG3fY~GrBA}&d*UQWSj*uJ
zbH53fmfcqk{`wO<86rfkX!<3c*eIE~2E>_KF}B}yS$qI24h)~ZItv$-xdwL65FHpO
zA}L^)-Km89>_(jzdBPnU@DW8hjF9;A#1xOlXqWGD>NZBr^QU`8c!k#R#WA82zl==(
z$J;M0(|wwh!P@W5lw<6fHIQ@`*j_nxkSQUn^oFuY5j}FRxQzbw0ibLQ$jdwue-uct
z4o29m0#T5D-8HDoNCn~pewvh@Bi1eKf>BlqEK`C7$p8!Ll75;sU?2q6NAU?EXw{a+
zV)UXOdAZYY-xmJbTR-+tQ#kwZFN!siaIEEEuHZZ_c>Po0KGcJ>@l_@4jZ=6`gqC-q
z;FjB^<HC-y|0Mo=Yj;)fDWZxa@`N~hhe_h`dzGT|yph6JhG!!u&Z9njwGHUm7$5BV
zzZxEVwkpQ=y01cpIPHD`SDu3dr%@q%FZj6nY*#w;X=I3}rM@H817@fLJT1RHFqT{v
zNAf+Lzr_nV@Vg2GkI{y2$apnYqiWuD43v@hs#kOb1*)ge>p{hNTkJOum@G8(RInkN
zbuJq%HD7xVhKe!@s$hlE42Fq1;;_g#$yC59eZTSh?1c<=WHf-+5VB&UK~woWQ&d__
zNmM`O!k?=!K_!NjSMDW}_1cY2X6*Cz)T<RKxt~Z~8t~MwLKtSP^6Q8377#jlNGA5+
zUM&Z2D0zqLH-bGL&FjQFW4?dxc5`r0mTY5w!*L3l!o4)3q;tJ9r*oB+32LN${b+4r
z-TpE8rkn`J_rY2uhqK3Oco~@ORye^L=-B_{$AC+#h(vHSf1qv#cJhu{OY$?hlS+cN
zFAd_v#<SZ+O`~7%#|x)|-1mcDlyr0M@mNV&JXUF)nhpot<C4kR@CLqve_gqq`@aNq
z<JKiS%z-QtLfzQfz2ED{uu|KY2B(p$3v<#D`2QF7x()Pf^v(&i{?#Yz#)s^j3uo=d
zH~A+?t6P&CT%z+1rRJuvn*mrmQFHYVi@QgCne>a2l<PL*NF|Rbyyma%l|i{i!wI5V
z%>5k1i}lyJCBEm;ZtXmg{_<vFy~;9-H)8b>L|r?RryY80{wG`;a%dqz;8!tpiI1@N
za>K2n$YmJ)J47*s55sGs$;IqzA_YTc{FsKv&rJ9gYU+r-;o)BMr{Uo?2dDT~WnVH@
zYlexd3EnN8-7}w8MC0zP97B^}w#e5vyU9^^217OiUcA()`f2O?D>vLE>!(?@Y@(;p
zoL>H#0sTk%1ImkHs{!4Eu$p7AF<^B=Nv9}2%vW2OeNv3XU>4`<Sw@_`9HOuK`|TE|
zA%}BD`K=);zQLro)}4*5BMo<B43WJady>v`802MzGuYhQ;GOD5^_wqYJ8M{ssl~Ys
z!{hD4>TZ#?#Z1@}{7Lq?$Koy9LGboCdotuEci3%%c*3ofM#s$dxjc;XO|?Xx?jh(#
zT}oTABs6}0_e4K+u*sWK$DixIx_{8~q{D7SM|KZKT@7sJ$)W&WblXYxmRCt&s4QY`
zc7a`H#laK>z+upTS7A8JAe!J3KyyL$oImlSLBhy|drGY7#ddl8l&h!m!=;y3rQO5W
zCtQb|d|_PHiR;Hnx#y>93B|0kKNx~ZE|PD%>49)%3ph%9uXfgn5VscKQ|X(ZQu>u?
z7{fgpcw$uQ?aQtnG&xY<=J_d9ZcwX>L`w1Gse`ZUqh;CNHHBN#6~%L6)#n^{yup<b
zrI&06ER_ig%1j82jfuqTfdd1NG)*S+;?;`t(i`{_(U<^aHYZ~gVyX64|FvydWS~kC
zB*onqTvfc4St~+uP_w*{fu<I__Z8SsFi~6{rDoB$y04x)2oLByv|z>IkOe{c6#4Mq
zZ0p-lKABfm>6s84ILrOaJ}H6}nD?pe=%<eo4nPY+zB0>Z8867{#*sCItSskxUcIAd
zLYH>7ZQ1<x13gjN12v{{VtCJ~ZHy;BQx594Qa-{0F1RmYK5pr;Fq4z}ZH95wS*S#I
z53fQEFPRPTc?UF1Yx+x8{)%i^FA0T|<DWxozhLxdb&PyABGp^<hBi1sWpUSGYaE@z
zpB@esZpVUSf#Vwu16DN>4O+m7<4gY}nAdKj{T~matAVMDrQ5fGj$9fYirFJyQqYg?
z#JyD3+G7X3Xhl~qN)c__idh@>vqz>vB<q+O)Q+jt%7%|2ZFOSd#$Waz)QZHM)D!rb
zy~3~j<NQy8U;3VG_{*DIhJhC-e5ZgomO=?e@z$a48W+}geS`-w<OzmiJDvf$Fy)yU
zJN6mMz%_`ij_rr;%6*KL-_#AEiWYOoA};YVUmj<FlH@EvKQ+iaY>1Q!DpePImpEO4
z9he09+<0tyw?-3`=Vm0F9_$6_{^`n|d$YLshI#p|#ESqqABerTd6Chms?4)c!0fVH
z79a<{J|RzV(=hhGa}ESAZ5FklzO1S=AO?=CI$*78>?@1>-``F&Wu@iA_GiXA6wz4l
zuZ)BO&w2xz3Ym(o#G>e~^o}c^U`lCQ{|H7IS`L9%4zK@K^B*|sRB(xZkXRZv<#7~b
z<O!iDDPdUwb{|S<JxV*m8PKdIgS{%)Y{yL*7I^3!3>E|TUFj3^C@ZyE8csZG#-fAc
z^RJsIMK)XoaLk9mRj4a3nrl#MJh~!${Kr{nJj>dHWf!ZiXE1?UB;UihZXzwI&b`&?
zkr2OEjy`a^(Vqrb(Uit@aGmM|Ch*GBUCuEV61Vb5H-?M`ybDwzWQ)oZ_aN+ZQS-Hl
z)6A0PsO^>dTI_vZU>R8<tmRqW=ivSm)y_rD+(p9*tEsfs$b<IGrPswKqx<@)GX%Sq
zjsdm$(`nNJUrP+k<rdhG@EH|3=C&`Gi(S_yFCD!R(=R$mYN|H<sd!8)e(8vj3v4LY
z2t^IO=Epxy%kVe#mo%X-;)oRWP|qrl0YSykJ*3V1v+m*kIuQ*WkVCsI`j=YI#|(&y
zcfdYD{a#&O@iW(OqgWg;1t5iv&$ts&3+f)wDf&KBMZsF6f4K}i>e%qB#S7tXB~@VT
zdjt3MjUheU{B4B;a$4Q@$O}m#+9Nkun{Ya^26M4#U1Kuvwif(10XSzl<K?X}Sqb(?
zS2P^ClKNa)967h^7lh+?x~R52u}v8JtY*&UrNnBT_7E|)>e~J8z&nqeT8j2C7?jrL
zq^jAK)AFF(yRc_LVb52PJq1H5VQOOd*|edIYw^m{ku3S2sT38n(w&7kg#hjvcSR!9
z2s{ekzHv-?sw0|{E`gKzPY_jfa=pZz)${T~%{*Kg@4DIq-u`L4uQhx1pfGQ)LS{gY
z*SDC8+4VAOH?4ekC`TEsl}<)=<J4T39u(XQ-;(4>XOx^nBEiYHg%WS;7WA)Ymg2FB
z)`8wyraabjyrqlE?^LH5lP?E1UE&(~O&Un+nL1q5)EfEF?4>`{hNgiHRwFU%Ighv9
zU<(;cRcxI2Ku1Qa0!qL@3e^Sy3mGJmab&sw`ZJ<7R0)|FPj^;zO-IKxNfGY<{6-f_
zFm;D`qsdfikGT^n1Dxn8qn&p+01LV26-A%h=eGR`I8hx#D!QvTN{ewUR^*QoNb663
zqYR=}_WGY%Y*;9IUs3br0nbntpJ8)JR`G2r`?PXFRdC$&Joy-kyQaB<<EK(Xfhu2$
zTIYVnw?u-Z=5w^`Caz=-_>v3lb$fGSgBx$A7f^<=(yfXcUrJTyej%Mk{%7GMRQm(m
zS-F*`4GmtLBkdBm@P!g&;kd*^iH!{8ssVBGyQZXN>T!#p)}|WULfz(EjFeG@8UCR@
zu=$Ct$^+aPL&ZB$zrO>#7p5*^Hqw*Vcm#VZ#16>6c|;JQbCW)~;bsTDHx8X5mYquz
z>O$n%Ko-xRDV^%xjB6dXo1Al3S-203?53#xH4+Z`>EUyB@u90AskEY?h@@w9l>ksU
zWC@bY9uULZ6OMv@(Rj@3bz(SfSzLkpGLUtj{X>n=WZ@Xk&aY-nf^3OCwykVlA9@Xx
zsD6QRSRIR}Si(eAUOeBOTHGiC*7agBr^>N$$_*9qLuJjUXR_FFM(YmL*dz%<%i}Ui
zqbHmhFM)NW)L!%*#ovC@IxC0``efUi#E#tzjw5!lp~Y*q=1YnD2n;wz3-GaKs_>UU
zN{Nb$luu3Im3ZBEdPAC~Fx#S6l_33(C9mpTgSHe>@v)s2iPWa&--pZt`%-g;Y^a(2
z)7d7F-Jelk^GfRUXH2nbnwc$UQFsLjKf4|44S`)_0!lFgE{d*l|39V3G^n5<A`!Jt
zzA)``A=7G6qxP`pj!>m{+VR#&#)<!xKVYG3`fsu(R)&Kyjlx-}_pIK(DMc99cs>?K
znoLq%rV*Fb8vE7o>y}K_Rc6B78$ErnJpt9V{OpU%_=(`x4ht6-g)sO}F?q#pG{TB5
zlSwH7zv`3&rbsu&*ox8`Zk%gBWe5~agwcAL%T>xcjO?Vx9<__p{^v10{P|@^)XJHl
z$sJUSQxL(3d-kubA2g#_BMQwm$zO8g{9-ixCRYe^haRo~#i(lHyL-F|!a?lAR3f;h
z6wo``oWIV3YwLqxJxBNvvBdnP^(;q%NJKT2m<6OF!OONSocrv7-|xTn)#)18x5tQM
zAYOkKBPcMK9D`8)aoyq9Z48;Kb23Rl4l86tLhlF(Ox(b8zawO>$tdt50TsONJ&=b3
zA+4E`xz5r~k#y%y`8&p@sax&Y@55RG3Cf|@1PPSths28w`8;0=P6pnBDH4?Exeh#&
z`>abO4u&?@;D2dnMv*)}E@t+U_6q<J<K62I@%wwp)4g~}(~<Z6Qp3jd-#Bt*>@aIi
zSkN6g_YqLYp}ks{ua&X9wi{%B%C$U+;_wh>MA(4~U7;Np=^a@OqS6#azJ!})Chp<1
zv8J{xFNWS3+k~66+mOSh3Kxwl3xP<V;8vLRKzc_q19P7?LAp-6F^qOavsMf|FWL<B
z{tTVF4UvlJf+HZWg^v6xV}<YrdskFQY>BYLudc4?0lAR-ia$1fYUp~MnB(60+5rD-
za@n$4yOPjAD^rJZviFf3HlW%&YnJVnaN106I$$|KtODa$Y4`rw#-+ck`}PrMp^YRg
znt`sGB{?%z=P+9R+U>@Ew>yd6?&V{g9|n2rOej5N6>Q9R-j|d>>8To5475m8i$*&C
z;sOLYE>1bg3MNR&{INyDVzq?DKwL!4K;CVTFr>pN96p*7Ul{C`XD<*U?NJ5-8VHK3
zVX;b!mr&kFMO8p-LrV{cz;Fs$lZ%wSX#(U(gJ4T-#UN{r`2ey2O0gJ7yBo-~I&TLm
zue$*B>L*DbENb38fTaB7?wCc508oWd4D!+l7EMVu4Ax)>;U7m`20)YtmQ>_~3>axN
zk)Sy+GH{J<w39{!4qJn24tExyR?%PbJm^JEQQ{N@TRR}IQyq#*I)51taDGGiKh6zy
zU;tuPegH87zX6~VXLNr);bnUN3;C{<|6>W2tN<Aet*4SWxXU_AiSH59s>XQ;$OVys
zr+Sf76nsCK!3W9}0_ETVNeBZ>BH8bZSxouO0`Vj)G_Z=N+9=r4L1KI{kaK(P#L--<
zZek1GnLFL>_>sy510a*b)m+E9(yL}5WYj4H#HU=|ivfxv03~anyF2EjzH_B3Iix~X
zm$(0<2EEbSy0E1MWM=>k9-or_<emRd%~422tdP*aY#v*I29tAu1}8Ua&`6Uyf5_$b
zuJ`~wzIy=(({(ohF|aGyK-eu`fC$Ime<82GA)b}WrvSYjFHF-j$nKAqx6O~mk1vYq
z5;T9I9Sq^>purmMZte1mCw=Bgz#nUdufgO5jA}q*LPiOJDy;UXVEm?a-k?<?4h_(T
zIgm1sA`;@J`~12tvHigpcm&ZBZVI*rpA<YNNCy5$6c54tlG+RIFbBl9sz|Z?H$~||
z+Q~>*{tv12#62rRK&m+nNHtMAkZ>%$2d&FX?E@h>mV|wXrE3aK`M?MMaQRsS`CbFC
zM^fPCQAXtyiGNB?T?TY%TQMNX<zmr_GG#ztw#cbQVH_^-SR0^;yFw7hn^XfqRaHw#
zB4y|J+<kawuOWc61Ob)Y1Xv*=!SW9!b&5TCD-wphWRgop*<v*Ud!#S|)A)$&1;0cF
zn&OVu0KIb<fwcr_fCK|HK-s!Lm*4q-9Cv>p0bdJRdr9sEpV|O(%OJeusjnr3yz~YH
z4Fm8}oju^mvGih_35N7O(Ci4!{(p%qRBt0%Tt;&M8C3ue+Sa7Gh02HH6W*vj-7K1d
z{tTM~)lco-9~-v!f6K#KWSVX%#iTg=CP~2En}MOo6sHG$U;sRYYJj=|H9$p+fB^NG
zfr_VLP`_;bk2s;joF_>m__3R$6H!TBFwwwt;7CPipZFQw@hUtv09C~&Yl5SSvNN7>
zpCWk%O&Bd}_Kr;3RuG&I&N0LOvfV%8RErkk3KR6-)o|5e_Wq9ldk7t{0YK?aSSlcU
zR*-ZSI9nJBR+mKZqQZ?)zc9P}YX}()jGq{=PE#>R2O7X60l)12xGBo2RXoudrfThQ
zH!ww(r;Id+$Odb$YbF(RJeLJM4dZ}53eJsBi%|M+{P^P`958D^ItX!rb3|kpa7Foc
z#=LDml0feFl%GEE#=1Z4pc)y|mRaI?F9So!`3~|B4wM&yy$VohBq#Gnc?We<AswJ1
z^jx9xNZFE+`QI^xreZ2-1Ez4y02oCC(1sN-KC?pXVIaMyTtFSt)xYA-8k}JMpIjv%
zH>M+CGzA(#1FOe649XyZr5y>}{aLjgT8gsyo0(OO>nh+AY*$OJtZI-(!Bdd|JqH}q
zKj~OOp@DfrpF%mH)Pg#Q$Y4rW7Qgmc)?9D^#ECfod79VK`!9dh{4eC31h|pxUKvn@
z2O*C{pnP>`7gd&)s2HdjaK6uR!na^@udv;)NK}3%DZwi6fUN@_unZVX8z3ls(nY+j
zpcI$|u;>@10a5_e=um{?%Ly&u82=S>fmyBSZOZzZ;d0VNXj2dUQe#70E0QuIa>Dw5
zIK@Q+Tl-h?9?8TIiL(n$tLl3h3L4m0FzUaUc|?F_$7<>Tu?IwO47BxT|AIx$#rPCV
zq4GK4r6d6n`Mp!o3gPjGnu2A*0sRNsZNV2|FD2f^zBIOr{>ypr2$<RBKT$&g+CT|t
zgSl@caVPX5AOP*$y4bSSf%O(><@Ve=v0}S_n)a_NRe)qn0SBxD8<+D15&V(3Mh|2T
z3??05r7J*i{a*n88B-11U{~=g+_b^0qKJ`lF%{q{{OkcIbO@A`{Z|qQ^*;bIl<5qP
zR|&kc4{pHBYTIR4^RRLN8wKVMK-F{so|pih+-lH4Nj$H(kj!_kVU6EU*vY_`2mlRU
zx8FTb4m<>S#TGRsZHx{BU4#JBNmD3ZDD>Y|QOC+&!G3TD115?p7urBmFoK~v&_oa*
zTzEhXs3JisM1Upy6Yg<wNxfywQ*mzYLMbQUcDR5xae=n~&5WjEI#|(<ZR2SA_vW7&
z*i&CLrL>Ob5Xk^z_@513k^rTUo%^|fS%Z)CG)Li%)QFfza&ER-85`*HF`zyNz;yt)
zx&lJ`4P33N@^{>_a@1WjZblS<cK87b2!P7#0OKGV)<Ti#@0x)z#Q@|`133_4{HW0~
z?c?7p4<~Ec@Xn9`1tviIZ>F_EM+58lCkepp|E;a&T>j1D*tw13#VdY4XrrO|fT1`6
zl(in%?~n)VZ1&&&2e4wm2JVjlmKY3h!)v!S<Pu11<dz|NHv7^-WKm<f2{<2YGVmi{
za!wK#12F;G<^tG^4)Xt|vws?S!V5GBxRJzXO2!ntiWgI<zw@P^09V2buncsnh7P!b
zi9s^|6O#v^WdA156hHuU01FJj;$;-LR+8@EIm%B#R4Ff_UA1l1OxY4(q5sVre79Q)
z6}CR(oevKKxdM$R0a^tEu$=w{m_PxhIHJO41C+&^9m_Pt`&D<$zX5F!0Yh@5C-vmc
zbe6E)5_K>1yv1jU+~oxtJDt6dx!Z58?QpnVH;(Swrr`UM6y4}GR_l6#&spYxyktB9
z_Mlhu^#Rhao5*<gVzuGx3*@d{49i86on}d8KveC}5{{dnMXpF+6Wl#chQX;dr)uxc
zoH4zE7bh)+P5ZZ)T72E5+OJHoRN+L%@hx`wKuL~U9Bt86d@QRB1KT5(g^*w_hB+w1
zlnrCo<8z^=ucVIeL!7h)@a<Su!b^hpsprP;)SMXb?M+1W)`910rImdf<wIwkSes2>
zv4aI<W0vdvCw2Ti^}hc0io`>HHuL9Yut*n>m|bi5Mw!w~ba1V<L!X5Mn~RJ(&-#TB
zd+rZWzC-{t)-MIvHuae4PGp-o2;tHb78%u1B!ousDKXDTs+r5|VEFKj2b(!PGDZlM
z?F;$i#-yJ=uV)zJxa<5ozI0sD&Ef7k{PiQe0bOu-xUuQqlM%I4>U-kdFtVuMBf4lY
z<$e3OH6m)stJd_e9up9Nh(0>s6lVA58~1PvY0Jf)E*bJ*sm^|kgi&Ncd$=?r%8a{D
z-yKD~dqVz+ZhrO)qd%)HRZ^fh!UN7JQgsZ%?<h?j_=?G+6!u|gn<&gWW%lF%|H+=t
zSpNIiKnKB<6yw3S!(D&%upCF0n6^(aw_)duI7&O82^xYQAz|V=!(Qxr==*26aD;Z|
zw1G<Pz22z9m|JLQs$==cEdVKN;I3UGkPrqE6LmlW8-Gq#rQRspT`{I}{5IneB8TUr
z7T$Rm-k?QUxwI>jxO_3&$QtmD00iqm4}{GXjaY^|ueUALFBr0-gY=}<8mz7k^ahFF
zp_{d+!i)u7p<(s?rQ~09rbV_cJ;Z{TeD|TotmpN8heA|w(3g?K&Svs*A6`;nE?{TX
zHrTHuVPWm84u8C1qoElzT9R^}iWO&hgcDrAq>&`2>({X!YkJobaf9i<{17OAZs2=i
zCDWU^>>IrwJL=C3hJ{&;5^6xj*N4+bq#^4AyU9&TnKK&q!@N1djP)n^)BS8qcSFYW
zj>Nj%(zMMHv3I(iFalzcR-g=&l>JkxZ%HtmrWKn;xndsMDqCd^$%Q@qL)stq*<@C+
zLT-v+UR%v<b#>bsyKraaPsVep01t1ii8)bhIfn3oW!6z0TW?U?C7aC)SgRr$2{P)b
z8QN9sQDos{!qQW~7(><I{!mZL{0jnIeM)Nc&pUe5c4dDJk`uk2t~~{@SjjW~feurn
z85;S1-=!sV6FriJC=v`Y-<$Si8<Lk-5Zb~IAHD>;p2CQ_4VbPk{=cd<2h~9Q?TC1n
zDNK=*q9^E{91!lN%eU5!i0BJ5wR{r$ep8x^?`}h1=1??th_`^x0(phdP4etNT;TlK
zDtB*=meE#3`cYxKD&}OX^M1klq%HQT|L;XAiIv+>i3S5w1&OHJ5F}3v-Egn2H1b9C
zIND@12?l!TV6AaUg1gwK7w71RUR^5ah%gc;>Z_kCh-i`Vi1c^q@V!b^Bv5XYG%a+}
zKu!1y86^kx_<(j}m@{b2T6vWYC@Yi{yY~3+t4Rf`Ky$;cLy(pYbkg~{R8bVY%2w?p
z9<Iwxjbsz9cU%m{3&hPPh!mWc7h-a7^+$=!$pNk0SjvO+(Quv{JE^~B8KMUg*&-bG
z$MPu5v35t(#HA<bWt_~u#j`~i2iP?NWlQLJgGa_Puy$Zb)UYUP>pq7kiAz_|%NUt{
zL#K=QtN8zt@fw<m{Udo4YFL{&8k&1Xg>`kej%sS@e!FjlcLRm{)D9nrm+9{xG#ueS
z%<u2i*i3QjwtT09Y}aP6xzMebME%XjIHJCx!jvZm!*8wsg}t*s60lfpyVJFHUtKf8
zDGVU1A-3R|?g;m|h4<~j>-XYWx;SBKGkA@W+}^!-B+Uam!~eVcZ7GDZvJ%_-Tz8P#
zHIZ*N+Ae`f5Xb6GGrF55a-0+=!L_zbdS~+gBkL`o;s}~{;l<rGxVyU(EV#QvaCd@h
zaEIU$+zBoT?(Xi(;_epgZr=Ah=icxC&tYd~cWSDK-s<Y=nth(a$$-D(6|fU3`m*EZ
z;4{9K+JW=Hj`+|_kjFkHS_GV*Z;x1@c)ERiy+6)YC9Ya>wrktU5Ry(G34>COYdPV+
zXm~g@;kB<nz&~ieuu#YLE3j(8IIqr2<1bo|3n|}h7`V~|@!=0V%w83^&=8d<IY~7U
zxiJuiQN}{q1(+BSIJ5NBR-rWZIM`yA!F3cIu*LiphPjIpRlkC)2p0^Drd0Avh+b&I
zpCaTfP)%$c^RkVl;m+t|V#E2H0h87zKeTGvl=s92ZC1K-J0xi0t`>^Nj%0qC!{12U
ziOhQdK0YV6q`qHbzc->v*%ku3ejOs<57TSYDNw((#kF2PsNY3Lh>ejrWjM5Sz~ts@
zUd;F@iaeSd3n>X%UQlrL+!aj!K|kj}`n09n_E)#D`Cvs!&f8?u6H}8DiCuYaWCcSj
zJ}>-?KS+&y>S*m5e{*(#;8VI2kfmMLD<1e6e;F(x)JaWn**tPhZAl0X<S!84Y99sN
zUr32iExS!?ZVB=@-w};%Ga?514=!AIgJ1}24UO@-ZWO8D*>XTIe+h|Zn*#|kAiB(d
z6q(kw{%kzE065i9awe%rLqK7DQeDHcIi9hVMPT5El&r+@w#|@B0o3MhyeBu&Dx=J|
z8;j|(g%~&4Z-Af7WAwtKGGx@mGZT8)w<T2=^#k%+TTKr~9qLRD$m$)<rjp0?gCWwa
z-3IlzytdS?0C|#JGtUC8lu}MMP^DOS%-$2J{X00W5tUq}Yq){e+&`cR6!Z&;fQ?^5
zKb2yNk}ZFB{D97MC#G|dxoc_IS~G&&Fn63pZcV~hmFiX8(1&y-97v)bF`!h<6XI6b
z<%h}E1cg%6sFzHV=$6Y(lwyq<z9N3>*J~~dH>KQ&(RJ1ljL^+@y)?x&gbx)UXE$58
z-jN^Jr)H}^lBz#o-lH#U#<TNcB(jpzvy~Ur0Wnb4be9NoFT_+iL^JhJzeFl2P?8wn
ztn@KC*V(KzesW;-Qzu(lu;J?*#(jorXEN-PC*{9hNm{zYR6id0rD_zR=*)N;R2tJZ
zx&HTaFVAP}NM1i@K3TsI$N?$LPgQg@QMcYf(uRSMgJ1eN%RMJB%C0EZP+d+@kD6a|
zydjx6l=HvZ1l{t0CqGlTbx9B*Hl3fd#vPJDN#wNKRerZt;45KLma2+_@U;|+E}jR7
z$yS^n6m5V>Ga%chb8Q3aB%G)Z_YI7SBWL+d?K1$!vw~|=Qh9Dzn!4}Mk3wgfMz}!X
z7K)irwj!_BeJrYCk2$Ran`f2LkV48C9anM&@EfEP<X5rhVX}Y&8Wx@HK@ZZ1($KMc
zi$#qh$SDNGGJ?xSn~o-^?hh<UXvLBw@A}BZpO6O|jc~`m;xDtfYNXUnN_VNkxrQ(#
zk?z_`#8;vO6K7bXBuA5-Bg&It7)X!E3y23)=P|wa+5mLlLS+wQ0`r*PF{*rw^cHW;
z7T69d4Df#Qd^%bp$iqIfO0Ne~vHf8<cMi3s9qE)*-pAIjck4UJA;r=Hb?8Q&PPk_M
z_lT7u?{}Y7O&vgA-X)+qZlm*7LrKT;cCI0t6f12-NdGJ4(p1NFu3;k)$#-t{X+Hx>
z-1ZLLGoSMbqXx(?OrFp6G_GPJM)gyABItd|siZ~g&uYHz6trj8tgDfRdvh`>D8{ij
zW|Mn=CF`DnjLJrO-Zy5K+u!#&qeK_U>_y55zQ-MC^b6sQsH5B({8i$faD(7oB$Fww
z2=`|3D<y!|WnW~QwveiqJ(JI~Mdv!IfEClvv&}dp-2-3s5fYtohQxqM{1Q@1@V(Ze
zQq1HDeBsoUItpaqKV9!ko+;NLjnEz?u=<?bQUXWuj9HOipRtF&Q+JawKZmiK`m@F&
z#CV%3=&&N0^+9SUE;aOJ)ZJkhmz1&5Fd>Jri|yf2B^l#m?fIH2ppU@FlHpMW8{lJo
zcQRE-{0So)fI9^3qMbNk2tMlomKMOFI@U0mlYIawA0>J&cZZdk1AcORxn)(MK_nVS
zu)@AQ0zyZ8H@A=WcDD}c=jY%E=H&ep`jvz@1n8U`8?-l~00)>-r(LQ;?n$v@OUBv~
zqAHF3lbc6jRZn{_2Ku-|n6_@N(ocgDP_+yF6B&TTw`2E3_>rgV^a3phWMn993t+9)
z?+hMDvD8k4b#};I)>AGdf^poH<OBzulhRqi`i%CJZPJeO+;2rC=(a1o^(HTkOt|)e
zFO)lQghGpG!2MeNlc;c71(}%u=Ql?l2%#4^vWYSTz!KW8QT(ZV((hl=>%HzmN5JJ_
z&v2^O^ZV1F=AGts0SXWUCn!G@P#!bsM`r2akuUc^g=MaQC4EN?0B>Qx#xBQw+!zF(
ziT55<Y-4&+BVK;eO3mOwGNE{KS!$Up_t}!ltq{uCNd-|5%Qq(FeSrODr039$2I}W@
z!meiHZ~QxWk5cR#%|fZC=F6dNjcH)zEV|ZL^ea|43nk;~`~X&dzdPYnC}$7GHHmEw
z*a`mE3*pq=)`YCX3agAV*ZaO%z&#G5>m`q9XUUdX-WavnQ@l3=oXNwa^)x%U!6x3p
z1&Imu-!#2-iiShgV4mfDAMxCg=(8)HN4<PUi$TR3<$em*wj&Ci$ckItB!6x%lLFOm
zT*~{HA(I&b<=za-)H)Fr<5}Q4`^EpdD3l5{!!x9Y#`8~iYyCpmr2228UJ?1u4Y10X
zo2fS`emZ=^3R;8uvhKZg?Gw1eiVbhi@v2PzA#aA(4@Ym&4*`QeN;&!I1E5#pU5?{P
z<B>1B%;rS^qk3G9pl=i6Jdi+}#>6;CuiDX*uJqrK2}Al9V2N)<*J<suUgMkA9s7=4
zTduqWPQMA`S~ueUoi-fb%(eV|+LclhR3vQ(!J2{NjNK!P{3<ZIG>QS(L;_lOz&KNF
zLGqpG0q~I5Mj-XEq<3qgimsOiX1(k{bU_z`j#OJ;!8+>+`QQJ$k853tgFG@C{IXl~
zwdh)_KFO<U#kxb&exW&fF-z0F_#xfhln_QmuikT8s>>>7#X3jojIzyKQ<K=A_W^>{
zbU&@W(RdJQNoRbe&hC@EX#6{ueK0|E>t~c<{rvD<W|jVH-0~eSqy=Yi6w0>+$xY-G
zOb`z~J-D8LLK-N_v!`dp(|YyBhT@pX6c|(UrT<#1XveE+*16*xtnqkt;3YWQo}0k4
z=F2nb&TT$e`M<0GDF^*mdBHBLiUhck0&pXBcEM`{5qmtVS=?uOjh@#QzYSYr!NNn~
zhT|)9tj<C!V?1Yit6JAle>7WGP}*_Z3H%y=g)@8h{~C1s=}XqG)gs!k#Npu3^ugTf
zIoeG^{n+}-y7fl@)5(w+!nse6c$Ybh5^%tDcueFH{jdNZ1eGR#2XKjcScvpa7`efK
z^fE=k@kMFT6%luskhX^YESL=6b2t&r4+->6+5buVYave#s_pL0`qEZ84zOa+>@v9*
zJEu-*7@z7qJhnR}PbsvA(Y?D<k%Ze2z9zDIKNQ4IF-QUNL{tdj^=?5#32HM0ZwU4)
zlH|qVQzX7}-7mmza=?;w3~-OBQvyf?4C|$f*=PZe<X|`@%{VEU(ng+~8|g)oY$5c@
zln$QDhiocfJ?urG5F*2$c@3{hMltjhm!PNSOCUZ(9m;kxfX$&{&c@T*0etTw@=(5y
zrr*QulP;jWZNI}!+UCJM{cw3v`bmMhn|d;yo*AK2uZ8OrBN&GRlj+=<`8Nq?Fcx;1
ziIw9*O9Y&MODNhL6Xtf!6XGFzF2?ar7s4|!P8N@7!tfatU<<>f<yMZn0-7APdIni9
z+&R9KpA)*h!fQU*i@Le15<*-#rlfXdKV@oHva-fr(^(w(#iuuaS<?Y>bm**^C^1L_
zUa?YA-?2b+BnxXpUt1DXn&-O?!{B~Wio~QX2`L*6$Bd)SN>V%Bfb@nz)!fr=A2%2P
zJLYq2;Ch^AR#z@vy_j|dF5`14UZ!Lud(-DBlIWs4P7+h=tml%1D}3h-*4j46E{Xm=
z?rHT)59PR-^3)ayUy|7y$<s8y*Jz=>uM^ya%dyOoMX=QCPMuIS(!}C)R41)QdvN6F
zm>$S?3-AdZ!~QTajQc1A@4r^PtPIzrxeDvyDB{b{23fO+8dkP0@Mg?Cf(MuF^2*}R
zrEI(RT+++OO;xMNrFoL^zPc!l=8>(Kb`W|7JTAyM#X2jJ#%<Adke)8P1iqlyy&u<t
zDEI5RJ_>g2-X#FP^cdb4)Q=+oM0FZ}Axh`aAiPG^j#=4L1K>Zm;)+1$pN1Eeg~!*1
zp$*RWMSyH}B<|T+#C&Xzl6MiQ80IBdEdET>%}W4KU(pwhT_p<2-;;fl=SpCdQ3mHH
zB9iM_WKn-(pJh74`tPgMT{ra4L`(FFSYe-$1EzP?oenbz^16=NWTMvYRD>LS=<;}k
zq4V|Mh@;EiQGYLNGfP4_6aK_px0G`w_}uy+h^_oWZ0l~&`MKG1q+|)i98(})zpz$7
z6Y(dyo;Tcpms+)o*wv=FJrWj(0=5G&7AxpVlFr<n3i4%cS&e`Q5Pi2q08<V4;>9lO
znK@QWDc&O}DqNyvnix&KyBVn>6I6(&j8Qq!FHMX2OJ09Z(1VgG1R@T$f9pgaCCX#u
zes1F9WsV_j+Et=HsgfYB$DS?liat^il5&Ute0)J=n<0VswIW{PT4R_z{bc2eWJ(-)
zk$q5ec)RV-q1uH{oNIbi*@i`Y?S=)wzQNIhM_3}Y9XZI+g9%HSc)V?ay)`e@2IH%T
z1BWmpRDSUU(<ciWC=(LyA|Z9}IY24%IpyS!AIL$!7=PrA0gjfSIRJmspA^ihHTie-
zQrY=5VL#ja9@Hk_1pHZ^Rmh2i${Uk09adukDVI*V6kSVLv;Rf!-qT^bhJ~$efU+l_
z9MG5HyvChVAYb~L0Ws6*V*zkymH)Kdun=S2S)W#d9CQ&zwW}wi_i())=R(*Z<Iw$T
zD5LyOiYn6!NtR|x{AT(rthkaP?|w%oM3hkZ$|`~32`(o_47X>XwOaX1-<^GANFTWY
zAg8v)+|>w>o9(omc+AROjq&`9-ieZ9{1x}}BW+sTW0ZxjnZKYeV3Sk|_cL#+)vk*#
z4{EE#D*{l-i(o<>swXNJ_Zy^;Nt;`cYlg=7xtylf2`j?;AofR<3B5YxS0ycqLG;p5
zgkSEOWHr%1(%<2(fjB4M9?{G-i##S#fHb#>2BJYWNGQNYSY{Mpbr|dw*gdvc7C>|a
zTNCcx{{f!PiQm@75h+4>T~saAQ&O=6E+%IYbj4fLo|NU|c3Y0Jq8Ptqi9tD^+iBq>
zuC$Ip#x6tnCvGp3h`ACN_zuvNVXa4gGYoC^KGl%zx4MO`*;N%jNyw`HRXcB0lXbYm
zUzL*zcO}(P1rJOHH@~zzi=`YI@z0MYWQM!jI&b(8!vV)5Tj0?SbgTg%@UsAg6;_(h
z6c+r+kOm2OF97?-nY9rl<U9fx=S^{aTJJo9%>^KYB}9hLhVAg~LV*W#4-^t}K@mq;
zUR|_p+Z)0>3}7)ui^>b7Ro5FJdRGiCXleDc>B~if(w#0VCWHYU@Sf~OMwN|<AYeGZ
z1j0UW3}kzeo^6Ew1CPYv&#F*~=jfRJ($(MjHn*7lZo#?gUSCBmf}SZmtx*5mqvnx&
z8$P>z!x=E72n{G)4Q24X_7mO?R~tO9h~2S20gH}z)tPXc<t@oZ%yeN=ybuQ79V8}_
zR<UDHcL?4P#D-p@*%5-WOfQsM&2}@-8v)7NuL3xe_x2VON>)X0hIEPuF)3HT_B#<t
zx*gj~juh$^ju-wl$-$)-bG%sLmQO1p@ZnHV7r?4#eRZ)J4enf2+|FOUsHZqg#{F0a
znH_gbzBFj0Gh>tlLF{0#O0XD20Icu^p!%hY+x?2pc=@r&co!UU_T0w9{Q-w>&hs|{
zWz%ln43m^iywmd$L~>||M*|^Y@K^VWL>?$4de#vG7Q#o&kGiBT&(%%>Q}9rq6j2d`
zQyst7(_|e&bYTgDeSo8Pfl9@N;AjzGEg@J8d7himDNYFepdtsmm;^X~g!wJ&Y1y0M
z5b1ifrzD_v4C<-7aGE&Cj>gVCj&FB8@3HxaUt9jd4+e*A`UL}!l4cXv^#vEvJ*x$M
ze&Bga{n$+$-u~ngw=M-!JQw2C+dbq($i<PdCPZ9@YsZ2MIXSCQ=@yXZ-=7vDQ2#yR
zo4hz5H+=>}PoU`qa`8t<$Jb995K-e=x<MbkKkh$*MGttugx$9qzf`?Og8mMBk9`|-
zme-+?54tA#gV4?zCVP&JdIieD_Nfv2i)+QEb{IASvfD!pJ;&g&+n+7lm2)vL+oUHw
zUjQCnU!C3Vbxvcx48r%}USkq>spsH1YH-0HU}$4=AA9gC@1N)j5&Jo_Bv^ajz#6J{
zuA!|XLrunZ^n>Vsb_o&0Mq}Tmh)5HVEp-t37j&YrKHnz|p9!bJIuq3ottviop%E`k
zY<)%{fQ(`eXmlQGxVdUQc5`1huK1`>)5Hi5mb0WuR*)Y4fI96BdjDXy6&EfJp;ay)
z?D<Roj58@@Y$|FvqdWgvW|7<67ic@%64pZffW^(NBPxd5LFZq|C%E``Sbm@sSb@w<
zuTxxZLoUfs@$D`y0fYgr=IzS>Mfmbw%X#u<K22JPy6*nL-oaS`M$3hqdkk}^eCVfk
zT+vEF){(v~E7wJnGroOSVek09eoeLIzL4F=(x^N!6X7h(tzb-lyKvP4`<NFV{r-p)
z6%)lNCY5Wx3x<{CZ22>1qUgf%n6p;bIeuPRisqW#vz?&lj=y|Z5F*^#4+{{g<t)py
z;1*vxYZQ<3ZZKy2mF{D85GZ{lYF>JMU}F@zPGe`1y`hZ4?UC6*c~LP@y;Xq|%eV~)
znyyBoa`mC*xh9%oUaj{YQ}!2qb!{u-z+2VS{%LGSEYpdt^)8%hLo?0iJqEYj+WlNG
z(+4?QF3gRb<tl7MF02?5?>%;iY6}H~NgK@0hLikxr(u~z=aDxS)W!X`bVj^w@%KH=
z3!+$*?WToju$|_c@{{tO<dV8bPS@*w-b@fe;gimAD$4RF51mlf_vAM!R;j_T5uA#<
zqnOFnBbe~DteT$!cbKz->CsTRB~NPXzZ$2me@^{QLqz|}dgB4n&{E<Ny!PY#{`*Rr
z#6H23k87$B@?ix8dRv0<V7bK7m^$SB!2FKYp3uH}yHSz=UQdKxP~H<w6?%hhH@!w%
z)im>C7d4wbVaM>-%xRzIjU1jEH<PRZ1>{+s1>8L9arA}a1R>>Y^_gBCl)p6N%685~
zjWk?*ak`uY20hhP1WYDNm9XE~>>j)4i*!B&ZtWgYc}N!UefxkG2c~DYkLR$KO+-2V
zF#R-h(udKI665jR0s8oY0Z%9Wf^uFnC%0xQfmy`ff3M0hNSyxOxqY;GXwbb8rqLJ;
z^qOWCbzP-=8^nICs=nb!+r;E6{Sgr3K>_})2Gw)>w>HG~v>q)fPd4yMV8ygx)?-B7
z2EeLg?LNO-!4)))ORx#>W<UW3hkeoJQwBTo`YDs+yiu^sFf-R5Iv)mqNBX~#-zEjV
zl$;ip&AAIR5xe=twa@gdtuPY#KV&PaXI;cX`XnATqJDreo3h67gYc7(D~`Fq+4Cf@
zygv2<ViZCZQ;&8%lhBTUS?(Q#-{x5{c)71z<^c$VP(B3^(XBWQVS^->M(1*MG2$3d
z^5oPl$d8z)JZl=R-p^|5&uT|gn#5M4bfo=Py$XC9+}95)xHd0fn#C#Xq@)0R5vmw~
zjk+0t2$!|UqK8mwseqCSBb8n?q3#u~;ZLw{@8P}XDTTFSYD#qqXZ7;7h3^qYs=3ar
ztEwyG0JP|D^&fHxna#`rSoEy{+P?_60Cw7n#@fRK?q7R-D6xPJ>O56lIG%>L8n``8
zC3_Hl@46eWNpCISfA6PZLuKf4wiIf-d8)@DiV3{cP6Y-)S>M`!8`U`db^$$T9(S!F
z{1HWupfHG6@30l{2zqu%TY(DcM{@N$tuRQrvV5WPE?xyMrk3;~IsmO%=iO)~RUYkV
zz?RFMFlQ809c#C3Bx7)Jj~)br<Y3%i#*WVijVWrEiw`9fW1Y_3W+N<s=8TfJ0l8vz
zeDA+UwxWI<vp2!ZN3d|UbL%xz+N*aOga<?w0-i^D^kl=Z#YFrDDCtns#$z89PYR4V
zP?q)N$<1RKE0-Jx*An~K&*sN5abPLp_VAn<-~(;kSaNa$*p+4)FaU(t&~5BmM2+?x
ze3rV)P+4dMO?RQM4$+J3KBK+rx;{B)6?dh(xF>><52&j>sX5v1h2sKI7Zj}SKH%k?
z?s&-f`FD>VA(!eA)|**(&tS<=`Tzuiv$~5W$XBO{cuo}HU7E)fG{UjSS-;MMX+to|
z9uJyY7R*(O*YIx20E3Q?ixTaWUaQO$$uY-yp{DD#Ou8aL4U}Jy=rdx=W9rpv;IY(~
z7H;W?AZm3_^JAQVFg%4UtD4ZKMrp+C-T3<SI6N~}Bw+6P5rvpS6?LZ$?O&#ZAfon^
zl)NaM2G;hekb7hZoe16#h@84#c*;b_EY}uQR6UIN&sI{AuZ=}J-|8R%*+#7*7&1*d
ztqFSZ*c3-0nwUU`(6mjnYeeaCr!a6zr)5X6bV`Tav+)&G<FDlau5G{myqbN18$rNG
z{xjM&p6%gKG2wDML07Pa(^c!)!4O%!4ZpEH$?=p&fA)q$(XJx0nfL}%$Pfl=%;(Ra
z`%v8%DtF-G1j9ebqWrP%`f%Q?_lN1aM-(}gElTh}5K8BuIbue#xkPOAs5Me~r}UEn
zZZ0_^O5Tak_}>>9+izINK?9_odfcq<hIL~`CXe&;F$8`S=FbU9Km{>%FQzG`pnLr2
z<MP?eGrY&++>U%bnKSZU;T?+rA0`c-cx~FONnO>n2*gRxWIV*sQtKy1udzEESO2a(
zR`&s<I~P`{Ar#I<o8OQg4a=DGP`)mO`IZp&?-he0lV`4`X#%+34C{oHwwi2eLLs&f
zmKz7(q>U#by*NSo-VEdY`p^6z!u<-SAVRGYLMBiunn~Y{Ib_?C*OzBN;fKZpmrEMr
zgyH4)U0i6=psTgpjg?7cLv-|5EPKY!#XBuRsU>2lkRANEA>(i}#Nd%_Qo9da9H$_C
z;<^!2VeB?Lkylo@^}1RO)xp5@Bhlwwmk;stW*9c}dls_xYx!Kr?8P7*$_$+=K)CzY
z?&|kEQr*(0bU`-%G`RPh=Tin<lE?7`yvOmfE{ERpq;LHY#6qdN*F>)@2dinsCXV(2
z9dL#XTzon`dY56HD?+KcQ6B!YK5f-=Ze8ww3MN78%3nu#9nOuI@?#=ecv|qQiqOE-
zX}ZJ<dp!p9tPaL@e(;p_elRXFcZ1nC=W$;}M~VrFmE-cL5!=hYK;(E6oB21+Koz|X
zeb9Bch$14bJ&}mm7xeN^=*<8{&k9;=VR_N*<U@TkVC=RwE$^=(&U&PupZ)*Nj+~|s
z^IiWi{L<5S4rDj@OoHUw=56a0MD!OL{9xFLWgRW4A>!MgZzIPl$D8u53aUPrKXg98
z#6i4$>ir9CnrbeQ^o%3Lp7~@cYmOlbwj2l?$9W<n#ez>{Dcv)3in;gl*rPO@;1BxA
zQZBl{b7vX&sg}CczYXob4Y6Q(P-V3k%_2xHp#qb*>bq=HAz8`^548fQg4l0&L3d2O
z-+hx=m`^@!kSyhwSBX~gBGX9msoXKORzoaw=7Q9?dOw$=@{BV>-=LKN<MuH9?^FH8
zt^&<tLcP?kf<^Y7P~B9K49(;J?~b^Aq&r^o_*5sgD}IqZxJa8i-YAvNM-z0U8TFqx
z#PT)=4qTOv-*yFmjCOYj&^X^!4$M|zO4rH}buzg8=Z%?x;xTT<w^a7aj|9QT5f^EB
z{M1y^^2W$LLh@(cCjG|<h$#>yKOhZ>5cBdmn;c+QO{o_o2xhug{pYm-tl+f+*3v2(
zI3b6T1pdxrp0<u-q<#7=mD-NJZ3)QnlfJR6G3EUNw3!ks+DnQmHMWP<PT5OEq>k;J
z=Ka?BwjF*Gf23YccTir4&lk<6$PNe81g}DC^SM9uFvqf>foz8w9w1+T#@Z~yIe)4d
zC7Ykpw-mQ^ztf2S(u&xEsZc)&fq%=)^Np@*qi@z|AhX_HjFV|fV+zNr^3yhjgUCZa
zKc#{H6wX&&w=bCWMlQFzouC7#qkz20gh!!lw0yhmhynwxu*8mg(LD?|EFbg}XNkG7
z3AH}Y?BAI@UuxjVt!8#d+*+p>gXBHiiF08A2F-r7fN=ds1P_jMwr^J@FSB^nI~|`v
z@U#n~q6!&6U;fib3TcvZx$>0mUtF!9XsVSRLNXGtPRy0RlBi)VE%S&KN`hGjmj+%{
zp`?D}pM9|YM#B5B`|zE&dM>Wac{iXJ-+y%}TQ9}1+H!c^o$6AgL`7S9a^dS8O6W%;
z|I3@i`0mZ8>r+zyWc;#?23#i<dT$lQzg@3A@)F&CFABtcTo1fg-VJ!cBaM7H|G0f|
zI$>g5lnpWTW+1L<aY}L)$s4n`mag^ReMyD5;@QnwRIlw7RM6rLQlw#|)c!Ngpy*Ub
zFb7z2&<VF+4MFT&88#xS^~b@j|3)$ll#j*N*R2ZsFA@v))_PTv`^SclP(ui?KbD)j
zV}lC8{=htn7_)SAEn&|&1`_yV^dxf;7|5Z!2{7slaV?3co^z+IA_vcembz&{MnnW?
zcLlr6wP5x`64*x2fMi-eb<DhS%oq~{^|w6d2FZ?!oqa^A$lOqBPcqOvFB?x6>?NnJ
zF#5w2N#peyY~35&)T*dK!N44#C9vpK@^mhO@vJ1Kh`R)=aSM?opY7|7WJ>a&Y>5;l
zjSuxkQe>3Yb|fc~TCbGDjJ^~tKO0l$6*!uPWL%w;_Z(*YR5o=oV=9SQH02^~hUH8f
z*6Ts{yI2aDa#MDoxIcZ<EcJ(Ylf*;^V}f*El$ULWU@vOutS6Krhsnc8H;K0au)_3W
z({$qg)Vepq;X>1|3g;m);t9TrOV-A+KE;PB&i1liuJ6}f2ub!nsR=yB(u?YmKXcxM
zSU2heCE95v)8EE_godGbKTiWjjDVk!CeSm=1+SW;1Uk)}UM-5<D;tiA!juYG;a38Y
zjrZJGKImQDhJ945NMB%p5wX*b%5tHt+0~8!LSy>ISKdasxODcVMA*8A)P^d^yTVVt
zE*%e=Is@-}+4vX17+7JSm~{;xtW~`=gOV$p1gPErb+_JVi6X81M3S#m9)ax)Y8Ua7
zB}UN4l=*#-`t^2Z^+h*jz)%uX{Ro31?>|F%=+sK1&c};ciTUsMh~_09gN3CVlE$PY
z%FNIR{UgVBX%zFi^h>ho)!(bw=8ogtvp=~bIJGA$)Tvoy=^?rHZC@^o^rodfK<cW1
zhwSRS5ZGF9J9c}U6*4><rm3Zbx+pdPxGlQz@R=Cmv%%{%ZBq>2dwMPn&aV`NbIDR^
zMN$?#-;?c>`B&Mt79#D-r)#W?ENeSkI`=L6%~GqIwhFVK$bE56uN)2w{W_9Uml#>A
zp4O1~;L9E;6tOjjSt=GNejBj*Ii@bPFJRR+L^$a`<X}1flidBrN!Q$i;Pp~Ag}`Sd
zTk;?S9~{{mBwgKp1;8+fAPhVpirob_Vbs<B4(n@UzfXK<LR4F<rbwj{LKg`qlkpwi
zCU@@SfOx2B21RxC<KlG6kTT7I%L2|@m$YY`#!h7|Vm4d@48Ef0mL1Zh$~QkD&Be)2
zTJ(`3bBqnl%)i?Dyb<}%A+}=?(#HN~5h4zs*apF19wJ_s*oMIc-s>c_^)i{qd`AzW
za(sfx%tx=Jay0+9U!Zba0D$-JRF1L8@0!|`ayv<B@1752@}hw^Wk2;Xit&v9KA*C@
zB@aPUFDZ;}NEw1|D3c(hJ1MY;s?5VQzpnov3d7VUjcQ`RJ~a^48bz!cc*pdCImO&f
z;A7?z9A?lpO_d42aq>LHJS25lTSJZ4Z0KW9O}JE)h&q<0!0Y&$%l#iA>me)jf`LJ4
zipAQmxhVhn=%@#;4g9?4s+qZBD$OhvdEh(CbshaG$|Z`>lV4`o28*cG7}^wj@_YYY
z4WTm1jh-K%J&(1KVqPvLMx>^>?Py-WTnbP=8Nl73H>&zk`K8;uP<)eH*?5HhpjVKJ
zSlQGly5m%JA`}l&jn#CEs(mqFS*W`&VA*do`!4*#@b)$Q1iT5EG`w{Y616cFPTfg>
zu*fefV;5&RFE8VmnTCdyDA~Nz2!Hs8wUkx1uqG8wEijA~DmdtDG&01@6NrAvQ`oRF
zIP!zb{OW#L?pd4Ssa@5rAvU2j=QR>Ra)#aa+%%ZTy8NfYZk@Y1UV1@*q|&1ued=&~
zCAqZieeq~h4~L9dic%9FG21xKJVf$dplWK8KI_qHf_DZA7|2CoQkZt@igvh9GBqxo
zlkQu%J|}MbOY1`fUqerDZ=U9}hy&c-{Ltqv`%AUTn5JQM5mNY{k86jW5BmZ>y8ne{
zE;Hv0ogi#SS(0nI<RZYBHj6HZR@O>!n&G@g$|#9cEn1h=7nSk<EP0w^O9ILFOGdMz
zV9|GRDHIzhR?gq^?40q`(<mY+W?^P=QFGbIS<hkHC2JRGwEwC_lFkV<3RwwqJ)h;=
z*K~IU<*@(3Pc|Wpn=OszlZnD=XNp9TuIyR53z%%KZ16WpehhE)mde69+?^Xwgl=a4
zlFa}jqgGN##tWh<R`GS!x>Ex7{5VG{=XdhsUAt8(wU%wcPPgBkO;)6lws2z*=SfIU
znq-jl*f<F|Q6!nMFo3tl{D;L;H^59tPah~@mtp(ASiIek7REEJt}pjG##;BS&?Say
zGrNon`Ud>CTsxH3wfgM$vyW9);-UIK5$z&oPS(=df(GSxDsvb&yBzJY^4K9(uCa~s
zXKOyV{{r89QkIf;`wyfYc2J9|go&&4a%ytgv@pN28T|PABiYcDL8f!hiwG_NQmHFi
z9v57p#^n-{Fd;D17ZaY~FLD+tIlR@&x5DL-vFK#)Uvr#}pq6&Nw(rJ6Djh(~t$0?y
zP^fQPh;npK(xJvpAL<d;{pu<8CwsK?I8l`<FQ@0)QwYI5iw3+7D77kLCc%aikXJ)S
zRE#td!v5QPatrQ49JdFKydC0RW}M-l;KpbbpL?k&kD+v8bUJW9V7=ej=3*rnYgCLC
z=Jft?Xe^Ouy98y8k@m)_qbYh}@AFC~7{0R{h#|LylA4mB?RhQ>eV40hL}n*GbKN$)
z6(XAhZxE*qZ?BkEZdi8-?X7<br3SN1g0T3T?!mzQ|38vHox6YGR=a3dWLu7wb|m)Y
zirk^xjM|=35gG&a{OrY%?<Y^Mh4%3b*Zgx`Dzx>_H%I<c*&>$Jv~TvIfC~1@m2^N@
zd`G{}+)$;Pg0m7OG5#J2ATU*W9pSKrWXeG}XPp9tI$f4JpLy<oQ2b-A2Z=&pc(RDb
z>I?3l>$<Mz4kwI*L>w&%UfSi!QG^3@<CLr0c*9HG2XDlK#OinUL*TDUA_-TvDepM0
zh|Qec*c1?jC&i%DnPhZ~PWsMn$gdrWDUg)b^ADB({{6NGwN=_2x?uaRMv(iht6bP_
znSyjc1JCA%pOW+42mZ?h!TQ1_i3QhWNj;rL%S4~S=j8;AB^?Yl`i8zl=u`%<(eILJ
zQVYuPP0E19tT>&75%c+-22p>5&HgRdl?GLAHd%|&K(D4-eP}>zRMop3liX=}JIV|M
zsMObb)czisaw?wD?}aVA*x6Td>f?Qk2)+hgU?AIjh%3c2z;Fi5+af~YC1wTjaY(~$
zw=%!eU|1*wbLAz#y_53DS(~d~sz_N8CbYfi*l-v~wk)eT6=rKN-yTw{Vn7aMumQAD
ztNqGc+o0#_w?a{RMO3?>+CP<$6CR^0j{L<k20Oy<SGopW!MI>YU@~_<C$evZ=?0fj
zp}-55fTf+=VCS^J8<sv-(hG9Eqt`BQKmF@jM1kLW(bIPlut}~2|1(L8n>O*ifDA3Y
z4YYZ^7++&>YKRopmN|jMRP;;&tILs}=*aHz_aW0EWT$3M0MxDDjifJoLd4%LJCY0b
zxb8S_A)iaIH4gE@W_Q{JWWr!FcaxU--)O-8S%|;voLd4jOAs1waHq6@53>JJO#B8@
zOzc=Z_RpN?z7pjxwu(mV#Byi&PX$oMDkvp>dQ^O~I3~Y=&y>!Bf6=$LI(OUgTZ3K>
zc*-f|f3x=5MryLlV{9e8Sfm~%^*EXcT6ifp6Gg_J5<Xc$OK3bH!t&Fl%;jNPg#yxc
z$G@2V$3T7fTBR-`cu7#SAuC~O;BRak5|yi%T1mGk?|sH17^c5&cx>_hd}RJA>epj?
zbg=h_pWjqes6tjz<Ya|nvSC_%1<iO))X39Wd(k3%&m>1Gt||O<ZLKKQMa^J9skkjN
zSH=b7bPbL5I7`a~=6^xxUv?Y}he_f=x(}xC+dMzk0~YE@xAwtyddW^@DoRwQ_zxRz
zwOU4g5mCSmm(Z|}AdmQBx<zOz+A$q<>%wm$6C#K6KM?xdGYa>C0Q@y|GvPV}qKqc-
zdnh;_W7byEQfy|M)V;aNXP?YBHfrg82M+Nq9^-^YQrOC7t;dwUTlmRkZ?2DjcAC34
z*ZjM~Jq#=dPYjwAGRu+`+-5q8=x8{oRX=C_%9-lNl9xrO4Flto7ViyBjV?zjzbqJn
zn!YsfHxKFZf`+RT$!qWqvSRGF3b(b-@!?gk3rA1hnAquXT^hTVd_0=|05;FH95J^-
z$Ib>?E7n&w4t_Ax1S#$xq28C_LDORsLY)?*T7&x&sMo*<xM$seU}43hAk~j+m_r(G
z<#~U!?voCd>lGw+o>7$m(%PeQ&Sa6Gh{!>^YX}4Hf(e>Tu&q*oZI$pV*j8m>ZGC53
zk(*JgD6d+x@?Vc(-eQlnubR~Xw{}bOOc<o_<nV-_@_js*a{^Nne`y60R=7e<D%msf
zNx#0SE2SOHQ-4t$b&SmBCLK-yj9G!*H4}JjfN_r<xTHN{t^v?Za}@G3df=tdX`(J<
z`Mt1KI5iDdp9Rsr?pv;CtQuj@_;jj8)F*NDQj&5bD&MV`?@ck(K?f8(xLcL)Xv%`R
zU!~HYNE)C!N*-&$McAqHUkTz53BYZ%{TqLzJ$DIXb<j0UBbZG~pgV9Rl?Je7Oh{!f
zIk)@%J&HCpe3;{+7ya8~;v*-8E~tsd4NYVdLRt3JmUn1I;u%*xpe`)w4#Hl7$tVWR
z1Vn2Qo~NZp<fCWjl3_!9GXvE;KOSFOZ}_p&Oyq6MfdN<1CsZX`ch=E}kRWOx#`XTn
z#H#C|xod0~e<xoR8@iWEcSMQ=W>LS|_2E*ZKrK1p`_VDx5l)3n5*Yu*PmQ+1EMn90
zYovz+SKE4vS)Is_TJC)~yHB#DJwL(*ZLc8);J#Ao{M6Dj_t&#anzSM2IE8B7+ue6h
z`MS<EXA>%f2<+th4rrmo?cjH%C5hP>&CAEFC0*wHO8I(yl2ndhJ6EFT!lNe}TD6d#
zy!aCzt}xE4cut0(hW$4)+M3Qs+ikc@`a8cvK|LPLcfKI>9hOJ0JsHhmv75@NW727G
z1ow}lo%TK<<<|+zF)6Ds32_$<YO=OR7>o!u-QedNhIBCRaf0A3w}l5&L_O_Q30`O7
zmadW1eu+PTR$+;Z_6Ta_Z0QUA8>mdNV)Uorj|magp#^^>N`pZ@ycfNy4{qB>08Ji?
z9aNhPd`JL-23j8CAu0OYqAiEoC3M#KicaJU+rg5c@+n&{7`IE}D6p~FtPP?Q{bMkm
zQvS*Ywq=L^+Ols+&W!{E$`4XCJM{3F1&o5%Bh0d&vDLW7e{Gg!IF<E`*#3fErf!$|
z^Zxp0`JY;3`_wd<*F4_sILwFrl+uSYZ2pO1D@wT#@TL4MR^=u0`DpQyclPmWU4AAc
zg01adqF6OJOId%vg3IAY+1yO2pz+Y-p)4nqZBs5tiNcg%`PqCAPn#HyzTEi354F3%
zt@u*YmO}R}iiwoXMh;(o6H<q9TKZ=aohgxSI!HxssGxWORss_=448YkjaOmEM7m)I
zR8Qg&n~|}hl7`~{NOqy4Z|+b0&JHL(Wfh348h$&fGv6JzIH#A(U6OG)5WIotm^Sy=
zmL}M(P+d!lwBs$?_4|QAsusbrYqsvUgl_s>(94c`ma9s1X#9yE>bC2xgOMQ56EVb<
zP`U7NP4DTqj`F@qt8XMT?iM5N*46$7(IXlGtP6DrEm?t$;)8sP-5L_JMYp-H;kWlI
zZ$_*Te=FYViC>p?+liO@nTH-<*QUPv+Gn%sW`ck0st_qI^d7ybl*`w|seI}?`CjF@
zdmmoE!_DZX-98`Gu9i4TiqO5ke0zs-LY6Y6o#-t~Yx{Vva3klQD0|2=Qmjk~m&xli
z7HZWs5)1b}Y2Fv(?cN1`{RtfpH*X33wmo9Ljy7elmoPI^!E!L0iMl3DBfu9*b4%2e
zso=(*Fx7B}>35~Vow?hCm!kkiUQIbC(h5N-9rAi9undhaFLwXj+}>FgHnlt-OPNLT
zU&Q&p4C%uN;Tjb~ctWPfRT?J@x*ZIQ3buJH#$q(-bDZ?1*-+4UKiz9g#3$?16~zwC
zi=oZdx@dlN?bZ=|_J|1&1tXGbL*DNP(}{=A?EVg)ryI(xk(`n`rIvN|4@uqO&Q|Ae
z{r!$+@`h5D>GFYx?QnO8Qkf%(uL~?%<Gr-p3z|5lr03~<m%v)>X{CYiyT+@t%97Oz
zEKFe6yox2|vfTW8vMdXwTsgKFSn=~m5p#23O!B<SaGK^Y?tcitqoBNK3GsS?Z8fs?
z9~7=Y#$7V+aMBYez69%*du=yjQOQ3#lI%G~5h5BrGU|F7fp^U^{aA8^5{71R^rAZb
zGJgR}<hZqiaCJM)9O1Oq?urm7%1uj%+<C<wBjL39X><c@LM2>k#=V`e@^)2C@p7kI
zs{hYm`BdPUzH<y7Ez#S_UF*zGkgx^MkTx21w52sS8d*GJ>NeK%wAaEJ$_*&<>3G9W
z2Vb~+#dZl0Q5&_9i+e)y126hm+hXp7=gz1V5qO{7>mtgaQxe$XH}<eX)i_W~^lj-%
z5V=(e;Z9@ovF;iWVRm83Q0(~>tT6>|uO}MGIQzU16-I_RVN1-3<XRV0<ZirNnQVl#
zb;J6+Am_pbt!G`rAku{1<dEGAV!oX8q~HKPh!Wi2bGU}oi<+1*4%*WA`Y1q9mva_A
z^$wlY<bCkpu9xH}+&&{kAz*XX(Z0Pt7EQX~lxu$;g^?hK69nx&vc=eo3#S(OswnRt
zJ<O={|2d5@EegdAV{$2+Rcy){<n<kF{X#r`CHaD3VV{T$>%#ly!n-%jUh}GM_kl1E
za)XJu1`>%ybCBei4M6WgNF~R?;ZP6WKt3-(76IN?<T7I;tkfXUVt8Q6EjWD8D=7%>
z0=oQpf^d*x|JFJGEjn#~H;jPan&aN~8mtdq$I*#56C2kz@>peB)BS*!==TuOm_w|q
z(e;CCZ2^#MILF4SogzC>{Z^)~X1z28_UlPkK_<$Q$O^!fY8bj=v;%<Jj(jL6i@^mD
z1a6BQ)JD`OO>qcKB`gyC2ycPqlunCDR-r(sV>zPF02hNN2`tU=KN~kF5e4M`;hP7B
z-x|h9y)9y2trv&zfF{x3;{yn`hPzupDtZa}96;oA_uEL9uH%atUaI$w*IYECH8|&0
za}?JQk)W;@AGi|Zf}xZjS@!io$uY|5&s&HDro^2IOYTfjc<iOnLF?0L*Lhis7r|(R
zyuBCH{*8x8yr7Ps1>=*3{g0gZ;3;$bKNA5{hw8-}vYO3R0Bl7w-$YY<<Rhnh)T*5{
zJeLbjR$WNz5zC39@yScZauw9Bf=)1|vYlc;590Tf<#fPu^>`49=(7CCH2Y=sdqyKK
z8=ATMTbGowzWZ{*l^X1M3OIdI(usnMDyDY{4!%3U!S^|MnOF*r#`TSgr3j38W}usV
z&@L0is(y;C1A;uZTSedn_)B_X{uuupep@<}O@|U%Q;7%#5!g^b#|L?`I3@PP6eC=~
zG5=VbasT!!jF|YFOegJvMuU&u8<M(90Hr~YmObJX+E>|mgZ2ZTGx3i$_eqRANIH81
zx9?>-W{do*AeAC;dF2a;s}CKqbr`D+lBqV~92Z}{T>+AIYZ`8C@Fa`x@W0Y30Y8o#
zQ~sZ<N<5#xTqD6B{@;#DN|BcJHCC=KS&TgpDG=gZF;H*21)-m+P(LN7OxwD{W!Duc
z=1i*@{827$bN?yhax9Vrn%jI^k*fLCiec57#QiUk@?)l$zCc!8JY{bL&*4v((!%l6
zA$24Q-Es>k(r>mm%5CV#T&C|A>;L3Q0BZfyxk;?~+{ZY}m}4z`V1hyNo3MWYyDTS_
z*l^7MWL<)ObQ{s!z%<dehh#GXdqnK|VTg2EjahDBO2GLP5th}HhjGcS{JnDfi<rd8
z4_4nmDD_j9%{b8QS?A7~n*zaFa>k=^@!WC~^~X%On}Tr>L4^!CJGcOy6_m(Ue3W9}
zdq`)=8P!Isj2L3FO|0E7NS`D*d;2=HmikbKN(vZy1DN9yaG_BSHCYKPS2xGLno$&+
zBa}yOwMf@yQp?FKt0kev2!FnZdSf%{!^a7u#sj;_EN;85%IG7@gWar@=xqrBlU)Uz
z<Dj@SB4XUrf~>a6HX4zNP<T^#n8MW#x`qneE;+Nhxq+c24L2^}+IMRC_Vpziqrxwj
z^wo1Er|crirWzbm)u8rwUm_pAZlW!>EcIj#R9ix!#<O;v^X+@>x_;Nh7dW<5I2i_h
zJqHNIHYqIb;+b2wB0L*oQ&?^+?ZRxwt{Lp#5orlZv&6WVkS~bw3Mqc$LyT=6pKuLG
zUPNP26Zit%S|3TTg2yj!t;oBb*u^5Aged|VBI?{BEEA(kL69A<ZxmSW+_QbqhKh^6
zKyZhMiorQv2eMIR?~0<nO60dzZG?}|6CQ}7!eNCuMCM%aeYm`m#=dkIynEh2eME}j
zvtVyG@zcXz?@|PCDCztG`2I(+0kfx?f@0ImfNf<S+80@g?SY=jH|bC`%ft`9*M#u&
zW9G=52KM*ejNlZMq_WHB>FuE<{arzG<7WP2lxyv}BgXF~NX{q~)(k8?lV52&7bTHu
z%1ZUD>A6w-Pa#^V)lVI6No(KCuEg{SDa!1BezZ9O%_a6wMr&{MeT{Jx7yB;fo{+NF
z#mEBUB7atsGZ_YX$VjQXK(yes6H9_`%*VDeEKO~Grj^9G%4adrUihQ_coFy<g_5Mc
zG!|%&LW8)D&TpFjaRiH%8b#_G5;avn{|+%Pu;Zf4>LRi8WPG(q&}FmFAwsJ)4fltJ
zJ*2dizZ%0gZr-q?HO^4t@HpW&`>UDXNO<cB>egjvPwTc5D6U(Oh{Q}qxEs;}SoVa@
z-dz|-QhTxux`Gd_d>#yA_6jx)={|LDO3>I_t-8aEsKSRX8`rvC+u4Njc*qG~^&|>4
z31N?OG|!OcDj?(^-r<5paiMho<nSbcYPXGy9bX;?ZRn*OvXw$MzrfI+{UXmdQGI>l
zcaIWd3JW?^l|Dp}#{-h7&1!6D%VNPHbJ`Y$nSN1R<iz~J1$hwxWap^GT}=@lKo~L_
zOmAv?4aDZ94bV6yFy*QLl}pd+%(FdExqS%v9P_bWctZY;dEgrbwxnNVIEsUBFvl1W
znzb}~<v!et;@nj>M^z+k%pJD%!~v;Tn$_}7;|wPQf-NO<3E~-*cpWbYKYm$kp(?9)
zm&?8t(%i>nEwI|E@j4&`3XWZDC!+Gh*CNTn!Drr32}@)9;Vm8*CYG&-<z4(S94#GI
zoGfeMl#)DHGUm3IX(eNLJ-_~$P=`iLZ-KUv_{$EHLhUe^;oD>#o|Jk*u?$a6Ax{oI
zA%$cX^Y71GwiI(wWEB;3DmCv^USc6O&=DFxP|DoE66<7=Ss;knmgm`YH9_Jb`&XN!
z>!PdWiKw-}=*JH?uU7czO~vX$re;P1tU$9e<RclDg!wq{Q<_h+3w82tRqBeV9h^&r
z;wL+<nW$;*Wr<ECMT!Fx!Mba1lPi^mLPHW1mdMoucU^;tDA(;$ujag_$B+vD`VJ;z
zo0Y@7DhfB;o_n$Hs=Bm*v>{l3*=LqquwV9|L<}kRZHH98j2uUBi*N(GYLkm^-krsE
z?svKDVIfT}(Ddm`I_(`#`miZK_os;cBPK@aG7WwPpB~|E5*ZCgiM=?v*F&2#DnRY8
z@pUKeOPy2O_;~5hi*IHUNnFhm!<0x$hxU9@POAK2D>@}8sTX{zc~s>U3}gg|G>GiE
z3*d0A+;fX9$7ePYx7me>Ps)KWw^oJ!_(Wa0q-xqfIlojS_=qk8-uQ~^UPlgRMirlM
z51NwiH`EjS6ay*w+20Ud99g&651}Y}rR0pPwNH$BaF>M=TfN#UQn45bs!F_5PB-|=
zk`u_0A1etc%zY~m3D=B7hlIb)jvjvM#@?cTz{8DF_RYbJbWxUDGhCbxaN@8{f%|L7
z8{A(Rzrg)<7`!fa#dk^9p1|nE|Iih>j^Fc5=Ytg=)=}&M3K<GcS7S}B+GhmOv@)g|
z9d@f$)#e4dt-H{PphW|Fw7cKc_JKG}-R-h2C(Aoxzx*4kbf+&r_aW+d#iwPDKZVaz
zGk#XqU7TFopRz8IC%=Us2uj@M&OXM$=8cbU2T!6J-|+~3POJ4_CPmGBT@4mB7;cZc
zwSS2Zd||uVdUmWIKCkqe2*1Q<!GtTUyu=@p1<u^%n#2@#1XHCW&Cze>m}@6`0{kT0
z+h*m~^oX09As?U<7+=R$KR}u(V_1EfL+B*t&Qpx9#0QY4<Qq3UN^-zCOz5*qLkju<
zx^{evveoVNG2JFuUJfKft?#;l4|yLe4(RC(j^fyK2>ePMG%|w2<y0E#n*4f-n)}wk
zyiK7)?vNU8@#IhQRGg)<mJ01?-?DBqhqEBW@IOilpu{_lfdn4nZa?@Pdc4JpuR~Y%
zM#I5Kf60Md5hC=y4JQAHSQ7k{wJ}va0*3eksj-};aZK{L3_)CPu;WaX;xs?CVlfGX
zpPv5vt@uUJyI9tSl0gP|^+DHyroB&RlP_Bt9R4Al<ln|1I1|O7tQmodH(M|<>><JM
zP6eJ<Is1#Dc=TM|b?lRECw4#tx5cOw-^sBfEpH1)O7)&h<D{f(@`b-XLOXz(xWsE>
zzc5R88d{r;!_>`Z+AYy&O?E%6Mm>h|PeX0+BV5sW9TqonLHa67@ob(1s=95#@PA;G
z-cVBGI6bm4#}k?#UBJ;An5ABAJ;vDU$J3qVk7?wI(Qb)TAXLlNXuk$sRy{3>?t}<-
zbDS-H%v;)y?h?OYDKUfHDVZ+{-iGXdW~uc2iYOm-d1_53Ff9Y6iS4Kv(QAsSwh{NV
z_qkoTa4N2(k}lLoeQ(cb_=x^IP*n7a;9_ij-*?s1!E@lo%f&vO59|`o#2B)ok?Q<g
zSK@W3Rh^`(lPg;pmBIR?nG$xoEUh~s-gjsIN8Kvjhs(l0b?cTrVD6<BBkn+|(?|Qf
zw~!}!ojYpqkZB9i;KIQ(*)*yr#*-`DibtYe6qm2Cfj(;kvf~;t-hit!(enAB)bbw+
z>IDR68v;mP?UM8>J#jqu&+1cFJNp2A9+@F+7=C!Jp^WQ+JdB&RB)gAN6Zq9E?~BSY
zJVJ5jkkwdXvSTwaeD(oriu=aa{HfVp+~k(`Uy{6CglQwq7UM3jd=WgaWTjB8zD1MV
z*r?-2)8cq9j1uq5N`*Ba+YkaXdna1n5?O6OW>%&`Ux(IfBeR{%mfOl6X+>Gqrnp*=
zoF$>D=_T-h?+J0|)i<n76=RCqQ|NA2fxIoZbRXWjiTC}A^eNlSH_j_Ln0N%J__6fA
z8rj3@E5w2i1rCt5{+O%}`7PdNhdBlkJ8ACl`fT4j;Svync)Q|RJi*<x68o>4@?V^!
zxLUHT#muTIeDLb%Y>w7R+7`PV@tq9c&0al1o6W`ceo#LpAVAR)QaJG)h<@<ecZ!J!
z_^(=aggx!*+_`{N@rC_U1(d13*81OJ1|fIz7UYM^@&D+lxgpg?$+3^@AkY4IMY8WC
z=+bz6;rTyIePuu-Jrm~O&f@Ow?z*_Uv$(ta;_mM5Zi_oC?h6bo?(Xg^+`Ql2kNYuQ
z>7<gW?sO;Vrz%zNYNVe+Sbhbdd6kIlzqvu%&@P}l+p6esQ5}J?th~rkaHs9v2i5j8
z5}m_tFR$CT@(mVQ2Y?@-J*->3`p^tfQ>kcd)Ra!*fM6k`SN=?XKgvk7-=~m!a3d%Z
zpyHc>4(hRst>ITh;}dW@ZbvKC*PrazVLt|@!^WJrW3=T2bBzdUkn?H&nQrJpH}2}H
z*jh^)!-mi})%6~IYtYcnf!5mLjmgqKn(wn;yVV(y+Bv(1`sqJejadw9Yrm|IsiTmY
zL|G0?3g67UP(wy3vS$VnYzh6es1$`O4IOVXJn|YNAKZX(G*X6~#q-P>hv}L(FOHsQ
zB}$PUDBdkz47bKHKzG~wy*QHO44#UvofJOm9$NnkPZ~0fus>+&MEXNX%XAtW<~}_z
z_CQ<`Eiq}AJEjqT*N*5nw*xUL?SWNiaE7tW1w~yqg&D7Fpg+;<&y$&fPfaSD`gcPl
z#yH`E`e1U(F@_J8@i0e>?tQA&>@v&<XChO=f_nTtR;=J>TM5zFxO?k=U71_YL)Nw9
ze?khr{T-d2&&)=O%1=LX=CazbiTw%d8TrvKVIKZVX4VEtA80F!EM`~hqA$Zc-S?1&
zE1k3JhYlDL{<byYp_poV_x?L)Z?<g!IcJ|Cz2DIb8_!=)kTA(stW<|vuY3du_fowe
zX`Jq9v8YLBX_|J}&YPX&l_slq1KPLf8PakoZRz>q{G0JKYt+0C$?{m3<sx$5=Troj
z=MX!fdBvxI$vvWMahNbYxP^OIvk-$qpK>cnMr4xF5sw;O1diHzP)6G8QP?ReWQZ@x
z2@TC5p!sAH6ocbRF{$=vMRE#DPUc&WZnHt5ZmWTj6Dqw7Dtb#K9L-)djR`nf1Ez%h
z_XYdkC3+o*XB=H>2kFWg=&_R$;WHTxkx?4h-+3r&7@b7MuAC(~O~Qf812HQf*Fit|
z9$8&EECM~kJKQ<0%wrK`tBW!{wx}=kjFv+kQ^9-ow-w;Ao7(!-#CP*`a0xu7bu>Qb
z8e_2hYlZ%IV^li6t3Qi{3_>Au3a2jGJ2wFidw*B7{4}x2vEC=7{rtkILmx$cu`&Ob
zKp8~52eCaQJmy)!oBP#SWQw89<SfZQNWAgQIo;o(=iVo|fbPdD9G-xH<iU0vD=z--
zl*d%J>eG&Me8X<pF93FcN-0h(p^K*bSB7}k%>F-E9dH4rS(hMw{#|3q1odJ5fuS-2
zE&>em)zP@|B5sNW3!-c0M9Kki=XBeRD$f?`q(SkM22e)T9)s44?Ch=*<pNm!Lx1cu
z8+h)&gkpw_7v!tn0-4eq@a;U4XGQFRD?>c(a59xGc$IromYa4R_v9Gz&xRqrz!GAo
z4!W1J{n>%#6&Og;0VrZpUq&+0flZsNL>mA#2HMh|IDrCJH%~>db?UK~1Uy7fP!z<)
z8wn)kJ%OU}976<VdvqZka*m_KC)1dq>I%zPi7L*Hw;7C+3>k!gD&sg{R*M{WN1uY6
zN}L8`r46VG1(uJFxyWC^Q3CpZ2;$+)Kx&DyNAO%s5vBnMTB@DO%2<Oy4YF~l4th+z
zYa)x?My|~C9tk?$9VQ0e@rNeywp!^lP}MlqEM1|KjA~Jw)PLC+&}G#bx`a*;SbZYo
zw$2iN3I48^pbDe3%Fx<rq6#ZTV!XO$BCt?v@b2^^a$=LnS~Cy0(;i8>-$FA0Idv&a
zP7dcJ-&Jvps1BHl+9HO~G_c&OYraQN7S?l7unqjs4glDeqCq&Ir=?kuKW6-WbgAsO
zr&w>RTyWXQA-?@Nps+MSfos1w&Nj}{oi^EIA2w@K+Mr1%!&sG(T5s@ulq=Rft*NTU
z6|dL0x(rJ!A)ygr8$L#;0p!A$R{nAa)x(&wwob4$p+LD>)F=6^G;B6D-#Cl8@#bXg
z6@jZPUGK<P%|FYa4(gRVr;8_`?eeQVz+dpP|K+&t5)^#7>*;G<xSfvObQuE^@5Iv5
zE`mL_xEjW*2KFql{s{sV;~k7u#fSD;Y__*+jg_~G6+eRKAuZiP+T;mAeIqriMy<wX
z8f8jqsj^FBQkr*oqjQN>XIDydsV-(!dJJRcMTDDVXCRanox?(u+evJ?UTwrp+#p9q
z2k2o#wQr#-Y#8kuxaPq}FUOsF5@v8nv-<hi4vlvNRxfMxH`Id4{BO-4*x^nH`#=2B
zTRzs3;42!59dOxckmeP)N}^R{#IW+sH)8m$zc@7+(k9uI*oGLUja0d-vzi&kQ-te1
z$DH6jzgIZ1=*M7Z)z3GD4sVR*g4aFXetWUh&jyzYr4vHboH*nX-@6X^q>bh%>7|0Q
zwkV4xb>!m{U67vRK;wvmR1m9p;*B}`hQ|R{%I!#YCw^E9Pdr>d?Bdg`Fv!5!kl7J*
z&b%%#`^{<eAH-mNhJ|<yDVBGveXNY!lAIKHW!%U&ya?wP?^SK<H`>p=DmvdG^<C77
z_!NtXF5Gqts>&1?B<`3@<0>8)99PvW25aE-d=?sGIh0COK$_w4*k@n7*0WQ`69wcW
z_=YzdMd#~I%{y(6NbHax>LNm;HFSn84*|MJFQCF=0OpN53-={6Cn+VYp|e85E^r<6
zLU@I$1I`Oj)d3L_%FF{QrQlw%>Hu;rD9iz|{~EASR0gv{0oDJJ2w(VKTL^L)jJ18d
z<Maq60_CI+*$G(22C*uj9)NGWbt@NIIOm?HH*1huvIg3cRT396ShA8@LMZLtqDagt
z!d6v|WMdffl9t|~sU04MqV(a3PmSS4jz2*7B32QRlL5aqzR?jml7SK|OrfM$TA{lX
zw(3MCfC%5v8;yTG(vU{?J@T-IS3M+<9XsTq4JQaMSJw#sDgvaT4XxNW9F!63IG#UH
z=TbUu+)2zhJPOB8;C6MQs}z;_H91vRi;^ah^VB`8N}I%}(+KgZF6Ly+BP8kgE7i*@
z)ja@uqScfV%1Ww*O>1CIN|0qw7`K8^a+Don)V~Sw;I8ImoFWo;Ohq!mwcm3=QqY{y
z1~x%@T2b(nrR*S+{%$}Rj9-p|tZ+lyC`#Hv&V%%vlZm#N82fRoVFp}JAHF>|#Eyx$
zH&iii{$3evOe&wo<M_1z{5-nH8cR*Tt9MdflqHp4BH7|!lhyc{rCB}a3QgZy)*Gy%
zPt2!3!q8_+Pel-=r!>OQ4@#+OYPyVsu85y^w;D`NPBl~*tZmmls`_7TJTAt(JJe;k
z&YwIk%6)9=GSA;1gNl8&>K<J_2gA;*GNwUwm^NIdK;@sH@^*D~J*8g6z8~jhWC!-e
zw-*K~*h;b)S+2e>h~b3Ew3}g4LngAG6lo`s)5Y+qH&7`U`h8p2CSfws+)GTHhIe@V
z3Rh-6IRc-Wk(jjv4qygSm%YvrtN~*tO+Lnl@whKtkG#9>jT5z_t|~9dVgNCoPbOvd
zKNkFa%wWjTg&YG#mPXJwk?ic^0<fpf$Q6nB1J<S4nz`^q?UGlJR+3*d1JfG5DltPF
z8nkr2^5ldAI$6j<M~TQgXyx!AkgbqdshApbCmU84LN7p57F~!d2^p{bA8)M-GK{z~
z-p-CI8uv@46ki|$8=>z73E_Y(h^oUsOW_$U-J=ou7UobO@!5*Kd@caEkIO1=ej5yU
zP7N5}1&hNFpBTwFqV`AqFq1;(*Cfy<eF~EuXpd>^uTt07hvHib(}0Ee*sa0Qa@WE<
zQSUb=wNto-#N1mz&Q)8}X%`&M(!kS^Ybk4K^eB-@Z7B_>QSxb{>Le<ox8YStW~$h2
zDIbqZ2ckL;So74;=qr03P{Omhe7N1%{|4*Z+CP81V$KWlEa2mQuflIO+;?ertxt*S
zR|w1d*)ZrN5_o!{KwsU1sWBQ|Jr+&pAaSUx()vTC6|3ToAXd{X#>4DBl>wutxVaj~
zANicHaB9)AkE%{5FdnF(@BVwpxc6)?cgSbSoG0S3dI~cP<5cuo<W@tU`XI78$$lTT
ztkBrwlN+yQNu_cB-!XsF@AEIbuV<`u%lWmg(Qgs~_g^_#*+=P{Ek|SeL|!b64*^Jj
zjE7RZ2ss>wCn|1^_8|Yb5pfeTICTVzyf^25)lxZI)xsQc2qWJQ{Nk;0$@ao;6R3$w
zIu3$ZfHa9|e~4H9;TLyrvu}AUy>E%{Eyo=-`p1H2+IS8l0?3SG=#(@z(KhzVx;*xa
zDTBwrUr&AG16@E)X$NVe=V{D|eVpsm{L0+mm5FPR;+j~k!&6L4Ywc8Z1@&A6Q-FSn
zOfJtG8Kz+15+H#3vTWN<`UwgyQ|}w%8RaM)G=uOl9|Uz8^(*70PMldL)b_)4zibE1
z7v<P3-n6J6x^x!K3$`0<z!^0az(Y9#DG<X7R&O+o87HcoW<gpjb849%BQYNq#-bel
zQ+0(%B@s?T#AhrW14#!~O{4Vqmr9omDPrnD&w+aubu>@|v%<5*{?|+HKTSK%CYH{(
zM|`yqDODVGt@eWs@Z2nP#i%b%fs{@W%x*djyQ)@gLinvt=jO%Y3!kp6^E+W<{p7Ge
zInrcbYWE8IF=63b`>pN|?oIZ$vsuM3jr6bDuc)jRqlE+Bxf6g7_^)RH1Y(Yi_wc@c
zpSJNh|2Tm#E`mH`*v~aJGf-ro5X*&KwsE(^{UGafedVYJtyz^Wly}ioCbTN`!wZD@
zyY-V+*RVi5-3qK$3`SmyFe-~kByrHB?kc*)-=@h}664LMGB4xEt;8N--R@k~JH^oJ
zDlodR|H=PNL=92M+`mMQ5N4UTpo^N~9#;Obtm2>(YMDI4oE@<%;Qd~8XD=q#MFif>
z@M!ddUUg@&*bu@is2YB5)-F12=;xXQZFq%Ts_Hmjt-dag>eS9DXBljMZ<}@(@=xmH
zf;9UZ0>{E~>zd|5VDCS%$U%mN-i_pC#S!#y#imO2oFP6=azI0Wb_J4tuR_&@3m5B0
z+TA*bqyN%fb^pFML^t%O>G}PLA#45NeKvnTDLh!Cg1k3Xct6{iu;zicGN<Fi5fmu;
z_=DlQo|BElAfZ0NQzQxY4y@{L`3r0u$VMNLNmk#DUxE0poksqb=BSWP&*rG^5A<nz
zPMcb#11g`tC}6I7i*0hE<{JX_q`nm47im{14Pb1U_xwT#`rgO{GCxMFUhRj^wXU+p
z=Uz1pQ#CVr!{2%b2G5E2spwm1)LTAsww@7a?WAe#XlOB@F=ub`9dU+TQh?WeICj1(
zC^Fq93JY$8#jflVaCA;Ira2o>MX7anI6O{mrbbR!J^L5ig|mr4>;zzwTYnd)O5Vjc
zCcH0C-qp$ekw~11Uc?Mr)sm<iKSA-y8guigh6+#jX$zJ__hVOj0GO38!H-`~*h_4b
z6S6&Yq(6B&f+xZ6ef$VDO7>4*AY_b_vz>hs%|zMv9B+s{`;0q&e)HeJRDF|}`R+du
z&};si14{cQLq|AKEWP6JR+k$dVe>J%5;icc0cVeGFHKLqrD&+jhBqQy>n2=MLXfW(
zA$6ad6?P{*7fQnrbmnvZK7uESJ%FVXgnXNzlcFiedXD7duTpVrYsiXx5+X2rG8JU+
z!{#8?Mb0dD&LBH@w^Cbf=(`b)K~;u9m4-oZ1iruhlTsUg3S?^dFa=!^1eN5IEkQ2M
z{cBj<*SkJd>TkFf$IvCMq-I)`XWlfu8)7pt<DX>H&YiXgmm4uCb2)gGIS%_M7N9&(
zo$QhW>Cie1#}Z<R9ch>czcOE?Yyv_3PzEt@(FT7GDKPQF#_3-w)Y0Q~S-#D+esZY=
zz>Yj?&i-Rpc(&IB2e3N^MQR0+4d#^f^(Gi{W_<oJX4{Yn{e9ep$kyVF-iQ0toaw~5
z2u&|g2Xzt7>Ev3zWN!kVjQX`Qk`N*@$uxnUPm=#N$rH>rRWn7=Iu1L>jA+nUTppK%
zg~=4+cZ&QtN{V}EGP(D6Rd!9^#$b%<QjF@<|J{YL&si4jr8{C<q(?h3jCpN2{ZyJ^
zQ9Nu}7%#cLFcGZs>h0x~aX+P@rZEg(g&fdvLox+)%ykO^9edn<+>yCMFju}e3HaWs
zDlzKvOD!S(d@i7SWelxa1^qf7Pg19SLNb%J98uJobT^QE*pE}wIB)fS_luBM$yN}`
zXcPk?EQ7ytxp@V+Q|T6%BuBjUDdmy>u&Vw_unvdK&~jcoxVShHK8oStM+h@GzI;HR
zhcN{_A6lE^JB~SY=1kuvv}V{5IU3oi?p`!rutv;hhzAwRsv=K4fpB65gm<Yn7U?v~
z2y^$&lOvfUr+m1ZdxXM&#6asWHl_D5UKPpgVDNCXNjxIipFPTY??YXfrK}|HPN^KA
z$K;%w^+bV^Q-PAl4y5JlGQ#m;j1(nZnTO8O9WyH;T({z%)pz8VY`HstGk>6r6K!AE
z^eNv$dy`YoS+%NfVn5a<%A+tzEK}r6qZxlKUkF<<#XHWC#XRtJ#mUh)Aeknr$ycHL
zjc`GF`H<;A1%`MW9P^`GVU-~$xnq9yH=l9Y{8?+R*pOWKE$LVQ0UK)E4RL|jMB(CC
zT760XpkqiRCZU9=B1ByVKrLU+gnla=vJsuR0BogK+s#3FOhzaeI{@HzxWfC%+Nf>k
zFz_x<cm_W%i5wCb=WNDvP)img;j58ImGXXCEKJ;#ti^6-{CST-SBgQ0wUpd7z|(8R
z@<soekQP&p#559xV@su=v@L69jD_}367P8Zq)<o-#yxLb-uWHD<L}@TJWFR=v|abj
zb?%RSJtI%|Nd4>}zdz^fIMDbB_{Xe>T&kRXfyRwV)t?fGuDn<2gGW3Dse|(Tqf5Sg
zwMsMPLvJJ*FdYiIGl@fQiyu6otau9uj?c@x9)cLGmtZZRO*jdGi~FT_0FUpr&^N`h
z2Fa=W3$bFffQMjV@Oiz%#I#N7-~#I=(qu_)gWoB|#r%NJy2PXg%_i(6o6EwbHIbTD
za+*y|$|RR3L#4@D3dmg>8<ct~+80O$?cp>x1i?J1x<M!lU9OCD#vRl(NEuSeRgi~G
zzR~b_%n9HnkU0daHnYv@3Qut{Hp{krM!&92lr+}kyg?J_@NemCXV}&oUP1d=f#Oz*
zGfKEx=0incFJWO=Y;NcFbcfd&Hb7CjRr;VfA-g11kkmy~5bubh1WptbUqVMfi4?zh
zoR`D|n#|B2x}xl#o`7mb3mjy&>F0=vB6eEI;%=8!L{7l`PBQS9nuerS;AAFqF<WNB
zd7}CU6Iomw`@J|GJ|iz5!(R!^;hwNyBWmWVO2ne?968t$TuXz0ejv@U5GX0&w^yy{
zerw^#Mim@L&VQx`Gqs?!Gz^L00sQS%27T_D+1`e_)Fp#@ppd5B2(O){3|Ix$*c<|^
zY?dv#gEHMzr<pFaP>&DN43{pP&7H%-4&JoxhgzGtEXv1iHa{~@C*}<V{``(G27eTD
zLt_<4Mbv&N<1%*rEuZTwo+lyccjmHJY=MCN1|pJW^(YHfuI^hFFI8@p?r<iIz$mi<
zvg+6B1fv0STJuWI&bTqKIhk=b%t-Mps;)<eT~#Uc*Wa`*;mSBvT12Y9%Ld6lT+fzT
zy>@4-E}u&q{Gdn1_qW5bx1v#la`S1U5N8JRxf;99iJ~kKlH@{Aa;M9agwg{^gqrK8
z)40WRk1)aATN3ua-Not%jBgf*n!Qk{pELIYTzgQ}0LK8VIv-t6!j>yOt4%1~M}F5&
zaU(Ys^k64WPFSrJ28$(Px>LUCFp7ICp}D5c7CSIa!JnE6|M!WB(-1C$P5xUQft6d(
zY;|R>*uogu-F7VPss%*;w`8+c)UT_+-!f5cxJzrlM|qg@|35H%HAHwHPP0}^Lw_!G
zika`IYVw<wwI9b)J1q(}n(2~8W1Gj-RzRw&H3dIHFoXgDVU4>g*Db{L<OIy@lD)%X
zxhi<6sv&zIvevB&YK?(;MRn{YAWh}ADNf^?UQOAaBf7O+ZWYPGiq*ut@h|&o5;_J9
z$o4ahaAlJ0nHaJhn_YUla0{5xjdII4*}1>za}4VXNqUA+YO-jD7px5gm$`n}x<i2O
zm>-Xc7Z|!5HloPqA;rEJz?VwZuJ1KMVrndnw%qGW<nZj3p_-I@p};nHR)yC!MtJg7
zE6$CN)eHvtmEFe29t@Bt9T_wLpTA-gfrws7GEJ~HSC8F3rl#vbqtN&qnj-d63*p}i
zs!LE$n(yDNO{3ctJSs`<tmmZ>bQu~Eqdjsw^$3IeCI~l(2g(aS72iQ{Vv(}XG((%t
zho6)_I|Uca6l+NTIIBr(DeKd<-Z&e0Wt<+&R?6Qrc(x4Ct_*{soPmE@T9bkC4_gG;
z{{Mq7x-g%_9vqh5iK$8-_^R1DQFGPJB&J(+&6G2jsS(P6YsQJIV#U^%m~?}Vu^Jn;
zQ}Ld4O=e|S#7PUbiNjF0EhPcHXFENkzdH6QvZOdC1gd2uEy0;+$gqsS2meepixV5+
z+sJ>PG%y8cQaR!%nF^I=Kl*V%YbU0T)hlV)|JL{Ibu}}MOXrTRA^jpxH~u_2JCIJQ
z%2nO;SosxdD;;3RRfY&&pi9f{E^ZJU%aK+xWI`tvF>=PxRi;icJt?7}=|;XLggepV
zu&6S%n{HvB8XxlpucMVrW0~MXzQkfF9Q_v*I0ieqI@5aAp0NG23N%kbNxZU^-<p@X
zWj{~90IfNoAi8&rJX{#-=+js##Uq^ZewWd1JKYY3{)s4-dw?EB>KigLWqs*GY5+3M
zkCk#ba@x<qq(t`d8)}+J7Uy@mSm5$r|AO@3U(l$35WVcL+91I;4=7rgMrC&EQ*)Jg
z&SOvA&tq>RV7B2g0QuImno$XedkLT6eAkV~*7kZx@jZ{5)cI6U5CPfSJ{=bQWV_X*
z9Ke$jV1{d)4~nP@IPGA+amR%NdwPN0wXLchH|^jsq$e|E4Rj~#bjzbMWKC*dqPSQ%
zpr^WP4GRT$N+{c990<)Q{)0Kx!9F|%bWjJQ0lwk%c)l)^O+g@sD<sEK1FoV9kpuUQ
zML0){O~oO>Vx<~w_$+qlgF*ojexWy<(V>8EAlwNPdnpsZqfUiBxD1O1u6Kvpl>B97
z>sC*%aotGqUB`-#Q#1wgr5yGQQk$`w67J?%T$y?Ry3}TlL#o0m-htxc@Bb1q6uFE4
zOYo^o$pk){vyu98f-rFl5H{{kYMfCX#4iEyjeNHelsIi<Boq##(ldMExY%1S>Kq2c
z`|1tK*6LBOx+jX?=`c7b{l<npMndQ62RIfTM|5gEx$y&tz+j96lt^(0%%c!*=#s%U
z(#8SAWVi$5AZ%{<GZ73He!SaFG0F9s(MiIe@GnebE8+ye5KAEq3@2lJ&)g;k8gC?C
z8Jb2JPNR_ENYz@la^ZkwS%c4G=jmqw0j(;=jTMpf-$n|Zq2J{1#js~k9gHKP^X8Mk
z8)?aca09(%z`?$Si-Q(;63WEm)?pNqfhr#CfP1vnT(Z<HcV5s}8YH+t;y7|}8C$R_
zE^nE7y^L|-GgLRmfUFFphzeGcLE>VrI5ZFQxZYfO2@Xf~c!&RaFF9|52$KD6K+WpV
zzIjSg1oadZIVT8zK*g%7dq;QVj8MC{3n;M*<@~Jj9BF0?{zS&78NS1jus!doNhuPJ
z<@wD~?Hoc|$rjunDEscXYt+}}tt_Gt5vzap{R}7Z-L%RS;DEiCXHAV(puyR!h%~j=
z%V5UQZAW>lqderEEbv!C-IiGlDJr(w(0#8Gm@ATkGsB6hnptH)PoV(bfyW64!UPtD
z>#MZf$LSNDc`R$s{M9tB$yOaYI-;F2YihIx6pEXlxM@dI6~%aJ`<IHJn5D0f&Strm
ze0$aJ1A)carq&Y0Vs<7@+G>y9VuJl-bSzKszqqKN?T355TdKYC)fAy<R#n;L`1FqG
zvacN37{aepKfQ*@YfDcSr#48KP-4?eAosR&wBNZ;a(SnpF6H)L*VP{@ePOTr^xYYP
zm**(pnJcArNE)9Xqq<#;D|_HhGL^7X2I*{!$Lc~Wmt!pg7DM2L_Xa8$(Was3=6ovJ
z6bqQ1BZhgJqfVtQ8do2d7+-^GS#xoM-M9B3M;YjOEu^DK6~IU(b4(d5L%;Ogt20q2
zvN(e8(U(FOn4AYVjOO7m3Y5)$@u=)ZnDdp*$%DK3ITXD7Fj?#@)(2aoV%5iEHwr*6
z^$8?ug9y`)JS?FT-ppGlf@N9vBp5<-8+XL!Wf1Asresa!=o$zf7tRv<hYn$WPlvqI
zU;}O8SC&WE-}t=E(h7FJxD^s)z}D<0=*V{PT*Sk`U#88{1zZpIC&gHqm|aETHJ|zz
zJ2Wb8L`oX^`<k#$YC0BC@H|%=UbOQgJU)O4UXAI~F;h@LS273Izn&#Y;-VvM-5EWm
zJGy<q_#ghFhp_U|KJxi8&ia$JnH3&xwq$sDQc)Vr27XAZq4dWJ0n<VX$YE2e<_n1j
zWje4KmnTK!!hE2%bDH%UdHRM&2V<FG;s^0e&fl5kNmDZxD#qYZzMwTLPEO3v4I&{0
zB#F{Y@|LbR_aCE+?qCt-SalyF*^xdfIKYlRw^=$TF-E-PwAZ@Ab$N5_#&3Z~61p0L
z9dP3lUOGG9Cw+BZxbPshsc1_VgQ1Qbl7|%*HYkHOaiHf#0PuWRa16miT$K>28FeFu
zc^};$^i<Gb$j1p;Egz_*FhRfZgGCUH5{5~*APloiMPQw_q$*jf$VX$_-q_aM?Na`+
z?J99&6fR|eg78X?@Ksa|pZuD;WDh)t+&35(;f4kyNHhT_!Z5pPOs3TTilNJ@O0il>
z?ZpmEeS`f)rGj7XHfw0f2O8j?n69`QWv&O^%dw5ILH;zFWlu{h>}~LxrGWBW_Jb`1
zgz4(Id<<20z!T&wTrtw(>0mB%r(hOYtnbr5m}jH`-S(>WkTbI2D+(qkOHs<zGlo#*
zI#zkIHHu|Rt{=zd415ExhCgU!75_og!3PTVKUrgZroD37q#6QK!7<I9B!BqfUcR*|
zJpHkbM)}uTTFz7d&iR)nViO0_>3cMs*UfTec`5_$(&8^+;|6|u+Mk=R%b&8yzvPOe
z6;5;eXWe{lCdqmcma_~(^<U0G@<-LsDwsZ5WlxkVWTu;nD9|Dz*vRf;gBoTJ7ZuNf
zs-jgyk(>aJ^gb`cg;P~4)%#B`)tK|qDx*O7E(hYP<xBH61)lYTdgalv7!7b0S!fXW
z{zXL(_EPOFh5~-!FGdyG0Eq@p@N=kCQ`7`=4wW~o$BW1(-gbL{WuQH3STE37-f%{h
z^e8d8B2dHWZ*^nJK61Z`{3ilqd)49_BSQd2er#?J7Glu)-dMz~6wPf;7csf)<@TUt
zsbx&s!mB?b&X_k@zsN2i(;GrU*SHq-)a4iE$YM07>LytIh-U2)2d={U5~6}HdMxcF
zUz9Z=>K?-8Zk9vL0fZ#kRTCqppEp$PqFyd`La>1p<Hu=1TCRU)m`uO3c7sAY?XrZ~
zbz{FT_O=@^EXRT8qK{1TCqQ%bP%!Lf31=*g4A~JIq@Dfs4$>bzzMFg8EIn9@z&0KN
zK{F#GIq84~Xl6w6lSBb0@Ivv}k~f=VCg9~{M{&6n5kYMHN18?NizGk+3x@m#S`i?@
zfz`i*C^{S%5s22*NP%wPl?nnRDK7;y&-X}DGq@<Q`sbIs$$pPSlpUsBc+#Xl@Fszn
z1!<jwTF7u<$p5V?;Nid&|7!(w&J>_ILmi6fuZRLc@SZ!3*~gWHveTA;(&tYCs~?Ej
zOU5)%ZNSUq+e$(@zy%VtQyP}#7^IK_qk!bO0#PIi$c{tuQ0DXjN@HYlxGa=Dx+D}M
zdr^CkO{lm@V6#yD4QE0q02{QvXblbpG`xa@CZ&Z1Yojt3eaV&-4U7>IebE&Y4OF0Q
zJwRDVOV%0CqN3CWOrv9=u*D7oq~KUX<;hqFtVIz?5u_1s@JPcG%Ukr&Ud|Nv3kQv7
zrM&JDqm&{^S)m){5Tl})W)gAG#mJC7;5Lo0(L?lSDxAgIEE;2?emmg7Rd9yr%OiRu
zIe-R$GZB!ee}}(kXaf=5SXt*rhzBX*kSqRM4kd)%X9qD+L3i0odnvHbjSPQZCX>t(
zk74u3Lm6BqK%1o<nujCxB_t*N?oAUNRYY^EBfwIM8*O4jgC{bGY97i9QquL{AfS2A
zoS>nXOu?hoTS;bQ;^-qMp%e<F4i77<GCz118?gVEO#VI?YC#hfRb++%C&eiyBacWq
zCEZbrD+_9ERYWwf^}kyR9mb@DXd@Ysi9`4|$w|ND!Bq5g86GpQa*5_&rt+Jh^h$}!
z8*AKx5^PyPI^6CQCOqq|4F=g`O8B7hN)e`0WU+c!MkjU#H`qP}N%Ms9l@Kb&@Gc&7
z5Ogj&9t%X5!@d8(w@g30Wh>#!_Admp!hb%AwNk%6d;hf(FbhS>jYRVrl7O7YnYn*^
z<t!LtyNqTvjO4965sWYg5XqV?3jI;07l7cit&`#tl9)b2<jiMZl%Ea6(j6w5<1P{9
zH>=#tUZpy+3dhUO;#$~bUzD8wj$MyM$OMt+ju%q+!@(5AZ2)UtpKWf53Bi<HY^D&A
z(}QiXbRuxKDNKZ)fGgTRqo@sT)63&3_gVM^tE)cw_-kvBh$ul`lF0|TRw3l#dZQt#
za9wP-M*{0lhkCVhG2rbx*nx!ObqRc-5@!(nG~f?H*&K}Qt~41xnQYM?McRi|+Atyh
zvN@?V(SkhH6L#7#y!qC5K$|okfaNS+sG9%n!cB^JiO{c*KU<id@DIsbspI!71?=(i
zsQA+ozH+4{)~ykb=;T`_AC(q)(%9-OA&nWYWk@tZV8vM$_-ZX1rknP5aPiNcbgk3`
z&uCHHB?QqD#M3P>-r~}?%H*>W+3EzkDxvECoj_17C8vvr(=c@n(Yu*0!Bob3%eY^l
zEG3n<iDg&Ex5&5`3MT!nLe9%?RD-wXFH0<!CAF`>Sn&A2M4h(uGF3F2F03U_ReGH^
zj6(zdv{~bSjBRT0rweJKYl^g`RjSfz|EsBx_WyWE+I>?aM7bBM0cB1kv`_;P&+ri^
zr1R)9bLhB57|H5N6be2jnkP}EU4<m;$QF5tEkHP#YV>3eK2qz7{}CB?(FH|n3XQy-
zJndFhco~prrLv^nZL%N+jAW2_I$f&LYqVh$8t^jJpcZK<KvJldCAO%+%XAT4s=-qC
zg|XkUC@%s0wsO8DDHasx37IdSs#RP*G=Gy`7;r8**`*C^7mh^8COArj-vQJUg6E1>
z)6$nE7t2zbSE#E}m6`k{p{*8C^}wSrUm)S7omSK@Rd?UzyvIF>$;FWL%cM;~j*`v>
zb!%E`o`FoBW<zG0bTnNOh6WjJwYX}bI2H(o-;N=9zK*JvQPD_I6{LRiqZ*z=(Si?i
z>`;_}g-R~uqcmQi1$KnG>gKsnoMH_0Q>U9>L1=F?BEvla94<!Jy?6vhp$G%7vGMV)
zAUf`F%_NuR{nQC5FBVmTt4l)j_+(S7<KZO=-)M|063{Gb641D1iQ{CA%jgS2WnNQ@
zt?9g|8)S@sR92Uxl%HjTjPLD0M$m1vp{rJLAV1f)f3?X^4lgRQOSWgHRs*oIA+X)9
zAyycJ-@vGpodE(EB07PUsBd7%F@+2RtfhG5KIFC)+;3G|C+$G|)rFZ%|7xx`1shYj
zMDzAYs#D<~3JU?Qw#gSdwrDoZ4{AAO1#1ld7A;OI&<p%+;vUvd(hy8=IVm2$7^}V@
zwni=!QhK)kY(?;UUzPj|IQ9P;9$@DTv4rk)ON#N?(QSV2H`M)yGy!BA^Pch;n)Z+}
z0aG;G;DB#5=<sv_{3x4*ie)0!vRdd^WHhp@nk(fEbP3C8InTu4lH`i*Ds=K>f!%q5
zAX5pnFG%Vl9Md0!b_HXKEF>5(rKK{;H8?tXXo4`pRt3vVfwYac+R)1@HUQayx7Ji-
zr`GWzPu2bKE^z^zQ)=jLms~AQsQj!?vXgv#C=U}k)}OZCEpgGVUlrx#XQ;5TxDHp2
zPbg&>Nb3keH)@5Q1nW@&YD65mP@aJd%GEiq^Tc=|1h>h<9#Mp~XAfX%Q0N3;8igpM
z)F%7In&!GAUsrj=X8uUdq)TSZy1Tm7uY);3RcWSzjs5tmDw!*qd1gy5E$rNyR6>l|
z#AMn3h-GyxA@dW$K=KmlW}WP0vK=$*N<sCy?1-)MI=8eB%rQz0pe29yQwn}v<?j=L
z$6=*7cb}GKQ`L4^`5C5it|x4q*CDb=wc^7H4G=s}Cg)83_)^r}pfm5~o!Vzh*4?LO
zE=9|MvIc-I$cJgWP~jL>#ZMhJlT;^D--Y6&N#`U1|ARE=Q*Y_*arSq5<#>-SlM1Of
zxS26_|F_;x>U%pD)+L?xkMoHyDbYb3q)j8vHmWMtft<=wfWH#t=DT3^C|ltE!kwAk
z>dGM~iViF2tDC3Z<ZAoe@WL(gr_o%BU~<!Wr{N~!R>f7Co3;h8akEIYdDHkiJcK}~
z#Z{sS2|ok7#a#JNvK07DZDXPuz_z>W3iD#hPQ;LEpaX-Q=wf=jgdJih5d-}Ob`-LM
zHu!3Dw^6of5^T9x@Y_v-#9VJcZRQIpSCXOfY_j*Oau1zBD{8y!;Ev{Rjg!<(x`$r3
zm#$~zkyllecMmo}CorL4R$|hS4e<nv#Hmc^PCDxruvj3hR-PnJZNrvL-g?;;;qol~
z#X>K0{Y086f98y=ap1Ajpb>i?@3deY^|7vFBXz}`fhB8S7Bo{tC*GH%!T#5b?MMIX
zh+4dPx$}8Dh1eQ?&Pm)RHEEGrtb*l%b-0SH6kaRfdbhH5xeQrQC$Mz^pem<Ft%IYM
zO}UPLlik?cY<r-r8jZ}psz7fmP;)iEWZ&nit+`o3|4o_a&P;*)TbD%>e}N`UzJDN6
zG9AoDaCJ{uheZ>hf}&0~&9Oi4Zbp^cvu$(obgvq3(OBoq^|XQXGflk;9X!HZ&a=S`
z%piT7DMep|$!bnSZ-JOXF|*csp)te^Fu%Lt=+aRO-?T`_dy@!d-a|jKK^Z~PRQ@WJ
zKyrRf8lPPoS2Aj>Gq)Epev#PW(8N`bA7Q=}2MxtGfZy?I6hhED9(>mzw>O(o>Vrp4
z9}a=K2r^uX!*g~KnuOwsVx^uCp#5<sFk#H}_-t0yPu;EEL`{uw!^Xs_M>R|6(rL+y
z(ClI%fWbBlA$1j2b8tUf3OwOwF>&XCG)RX3g)&7;E2)#8*BF{env@{`@`f9r%)$Ia
z)*!L0i_04!XFOF&@^j<o5TpmKxG;IN6Gk}k68Hxf#z8paNi@3k0u8T}fI1<-bI<C4
zXiTa7q!52}dS42LbBmv2^k-kMS%GTAXho_wy`L<1O7nP&#6zusm}AD&m>HFncGj<$
zAm>%rFs4C!nSanXzhJwiFE|_gJN#FE0`kc8=m~Za^|{Z1_ClKW(W2GBNfld=SK#Ne
z%J*m}l}K5~A*Ur{#cSCizm_PDCbjcBProfci;8X0BK*QzkFs=#>8mkwIOKb;7OH@+
zNBSOz2{M>mu^57#0BjL0z?JlD8oY#tkCw0wgPKo<8!C)g*C(U87pJN=5^Je`x4Z0e
zDV-K*u+p&l(8RSna2LpFR<t|VSg$j6x46I}T3IEtutVl>7R;ZiqPDP$&;A7pl_W7~
zZ=R&Oh3c8pNZYVc&Y*h6J&|VsELlBcqO(mlkV^qGCR3Wx#5Tgd0$!3?*v8WoMqbcw
zrs~y{^h7A^E^-!c?3C#2e+(eC9603i{*|k^@4du=`L|8?ZoMP;ero@#K<EWI)#BAh
zQls{8dn@Jo`QZI8KHq(x^IKPnVgWxV@c8$$*@qymWv$d|%|Ro*$e!LG1ny8F^}vM4
zLgbZ`r{}@i*nhoE!s72PGW5n0Y-o4pC78`By4j>rt9e$fDi%zSmJ6Ar=?T>;?tg|P
zCP^*)8p}@X8(XU#%IiucMyPiiF*Z}P7i#4yHwH<)cM(_3X}cNBE4&Smvg~oQs#pnC
z$`8GacE$Fj^v-~hx=WZ}swO+G>aj~MhirlDGJ%FzB7`iCT`-5&MCKCTbCN7(O-@{c
zaN%B?=0AAZwD|S^ljO34Mk&kM+#pUT(UG&-;E2@X@;H`l+eBkiB(7C4W0b>|Gn_J3
zylWhx-tAVQ8IJ->Mi)35-&pc;^e}BD6=>q%|95UW$Lz4tP>sS`r9a<Js;ePv+LzkL
zXn&U6EB-DCW@*H91Do#-MX;ZT#Qs1}i>aI;^z=+NM_9~YlnC)?413~FY=N%{c6|P&
zJ3exnwPNBUklpZ~GB<w59g<?W6<MRkRH@z$G^>7cm(M9JZMl}f;ok?ADP~E@iQZq?
z8Op~m3EL>F#0K%oO_b(h9+`qY)vKv40|E6t+&90peJxbmFXugoiyYcBW|_**kwvPo
zeY%r7hMH{Fkf&_gWURQja;bJH6nJFN6-5VseoK<m!14iam=6@rpk9tz7v+~xWaFU5
z)#Y))-}M&TRZTUI#$tjBTlb6HcxKr~ueAA-7Xf*GjpV=ghdOzQCL3_wp#}SB0D1TH
zsw5XgRR<CKlYu(hR3aYs#N$!yk^&J3=i@0txk@1KVTF01qoba|CyH<hYuZ9i0E}<k
z67%TPdnZ_(R|VP<6mN5eu`-uw(5jv^(tB>yYz6SntI22zQ~R8ZxS|W%I3pNW%ky7M
z9#8xd7oc`wSVdytw@S5xtju(#MI=DbSU5$jtZOqs#Mi3VOK*>$DrGEr7{?-f7t7Wi
zHt>=GA~0L~>{2Q)_mrN7WpMP~EXd!s)%zU7I~;7PXS%>GqgY!nNXw;2>Sl8+ER-gt
zQ^mD#%w*mj{8{C13@*7Y9}MlqDyeX4%Fde%;jlFm;5YoSaqT=CK7RX&a2ud>Py9A$
zu2vQmiyg;)b}q5y7p1r1IKmzkVb)`nt5WcF8*iB0X}Le0y`Y>=o;EFoZ@GBvE#N<S
z53}`K*8Dy0ctC@Q^Tt6<WsCVHcW<(WdkgJ*1D^-yY~?jP#vs?Y*IypBx?0Jf@ur8y
zfIr^#JzzU!HG0q2mo}PPCbvwln)&*-vyU_lH5h}7QtATK{A2v8I6MtG6bQ}y3U#xg
zcT|C+Y8Q=Sbo6VlOxQzUq?gZwoLFBB4s9J;*z78*(}@_S7(Z7yiS}QF#41ef8cQ=t
zX-8WkSHW0kq2ARHgk#e%*eOP|F<4#YCWn}_6|lpIE##tcpJJaBT(o4uw=|NAJQJ<9
zhqjwc%IO7$c?P@pNJj_#g0$4I{a5H|L9nYz(6W?R?BP4OV;|#(liq)SS%TG2tY6*^
zJX@$`_>W~?oOz6(m)WV<;H9YkKM5rHw^CtPsjk_3*8XU_%CL&5BA%`>HX>4Ab9db`
z-Q#RlM4$4qj@yQ@zB&A0@S@WRsD?qAhdk%(L2i#>o;t07u_-2fa#B~|9KKWGMB3Dq
zpaI`F+Yg%H8&nnO5%yZP1;sc#BqPq7uo1&Bem8@wFX2hr`X{Y3Ka!sar6T^J?HaH{
zf}iAN^|Wd-?RFa#74$8CU(VK}3y;gkVP8^d=xEYbGl%|1N{}f!!D%4B@B#UCS4eXk
zcL^GHTIf<sX>{g4g3g<N3~j0TOx(2DIg2{^zy<nB9;GiZjA9t+zi%hx0)8Uhyw<;y
zTa5PLFBN(;@E2C(Amcsy-@$g`m;L8C-&|x<nT}@cd?Va)?=fw5MK9!*Myfb8oTm6&
z;0KeP4&%JbSno??@w#CZs|fu0lvjrK#>OEk$R@L(Zk0O^fX2K&S3DJ+o=8+9AzrkZ
zM@`H=$8L(Q+}Mm#lzO|jfyOcsXqdDN;vEz4>j14DVHBQ{c~neVyP+BF6<2J$n2h}%
zL%EIIIFBsLF~5PicUqMs$!=eEEG~*gnL`K(P3^<M$@Yg62jlt8;D&Am@tLC83wWq<
zCJimjx_W}TdfVQL8vJc=ewm&Esx3!Pmx7~;Z6{wpRvkC`O_D#08Mhz%88ZHA9IF_0
z&|R?C^q(Y6B_m2Ax9q(^7n8G{rN<AzYM7C2lv*D8(9aILvr28K1%(>dmg7^C_!Rug
zw~Ev$mDWz;qaVIh-644>`Cg23awUiv6mddkpm5Kp9h5L>mDyKuQ-KJRGCmQMr^q#>
zSKg#9d|Wbr?2<xDQ2j86Ny12zMD3)j(oo*dWyy3^c3S7`y*!WX>FS2ky@Jm-p^3RZ
zI-L26Gm%j3-^TecaVM?C{@ZB9!#*<6A_nIcb-Gh867_&@LPM{rVXoIft+e##U}~Jq
ztW~OA4XlY}+g{rxmwLfkq}0{_R2vG*?=u{$SAMT2g!a4C+g(U_7}1H>O}R8^K(AlT
z)h+?WF0%OMXfvMu`X?aBY&}~r7UJW0;twR>_J9LWzq+nleC6rMAY`vqpp?j$tHXc~
zzm~rPKebI)5@Zo8;ik>(v@t+JV`R@am-6$j{SWUKIQ<7U#XLbHzanNH{~QCgRXTd&
zAtz!mhc=(`V=jOHcZZv^rS&0_??CN(>oVM_74h;9t_3@Rm1)hsLsSo$3Ho6tlkN$d
zKRXBR2-+!<10IOrnonHiap~`imW!>@&QKUbaycZYnm!3YDrk}DrBkvWU=`Bn1`8aZ
zQ5QX%D_5cSa0$m7A1I_#lu60CT3R(hrJ#__WjfP$SQgb6XB|PQp%avmD8|{B&*0C)
z`mz*x1f%2)>?QodF}Kjg_PgP@rr{E{x<?_j;KgiYs;0m*F^sFO@;Syz;{g9F;T`)1
z6K8v2|L_aBL(FXZVE&BCQTpi&W2SXSO6VpSzAmSxB@@*{-Z6z%5yK2**C|{S^x?|a
z>ty%%0{t`M%ib@QIoc0{Ipomk()48!C1T0bnV9_jzs*2e_xiyoJ9(fz2RvI$m4N!z
zsf(SOU1liKf%5)TxLsRR5bXLN{QB}A5c%OiLV!=09n>(<eRy)C5uhUu!{em`Ld2~>
z2<tfrVbuU3tVbZq2%>&Ev%J2SFU3R4M3OKa*D=V3FnuRC?xFKwe|=R!b>@}eMFZ9T
zLsZ2@1E)Z=`ZJXTQv0121S0Atq8QbHfL#y@X>>sJU&b|RC}16gcpie(vsXV4*1{Ty
z4BcMvMo$1zpxnny5;rg=W4%E7zK)yLc#y97KMXepq$~Cd3u+(-aoV^@xCJuSgLViA
zf>7bz|Az+egQz|Qq}Kt6TFIk;*TzhQ-lTmO4TJ#6vnDDUcu(k3_Iud}h6^I%2Pn%V
zj|b0Hd!CjW$<SRIwy{j@2-dI!bXA;T^B|NObg8w>e7=lEZh<kN%+>?YHPhn|?o@*^
z>s~>nRFW_&Ylr9eAM{MKzn{RTLHIWPw#KljbJzR>w+TlanBEso_WpVHE(cY(8V(^s
zYF82)m82|A96TsROC?!eja&*Do2*-?PPsHijk*L*>3b=c8fdN)hpNM<4BmH9655a}
zo&|(;l83!X7w;@X4bDUf&SxsUn3oobl@4;4Ed6=p^oZ^&{TbRaRIra~>}vKqer1RR
zXM35sgg$7<76%eSVOdbR%*yy0gQJqDD6UCa&NR<Ufjh!A?|1%@6V9Z!MZ=X?#)?f!
zy5G7w0{iBNbG^0@Q?Mq_#u&*7+5KR;yqMvNRfeLKlW(lqShVwLUdS#F)5W-(9xG#S
z2`fQD)RCN6Ow&}yxR=glN*sG&P7*_rn_5H}3?{<d{T1pvvx0pW$BMN^L8`<10neul
z14cv&8ZPJf!s3H$NYY3spu8$A6`D296s6U9p=8)iCM3xvP-HP*I^?i1PK4!w*a!vj
zj<XoO)R^ZF2&+xoRh-7gMFqO0$^nz;kxJ&lpb39VGlZvb5JoS!%@wV~{K>ojgb|cj
z{^_yCvE1y4(>3JLJ>qv|4%T&5OPxEW8WkTUG_LHISoB6B7BM}FJ5Wi^R!ELa*(6p>
z&gQ{KW?DhcrY>c6;U*q_78#otKdwxe#CjTeq-5gv<1`ZSB+@U+uHYn2zK#w3{>q%Z
zi=yN#85~!G3Rfe`3+5ifey^?*)je5dDavz8G0OwPMo)!x%Z6~C6<1@-3tN<4R+1=@
zKGb4dS*_9;nuV?eQ9}~9I+jfx*SwN#QrSGUXp%<Ep7>0f{@W%`9^kF;&U8WZS3=br
z3EZ2Jf!im=5{yiWP$oK|U=<LiYu0fYn9@=~ed*(q{Pa+&ucWk)pWkwRD%1V{lZl0&
zJ`45#<7#^NzXfamt7iQ_{!&3f84yExMZtYrAuo4J#aLNBa>u*r%K*{o2i(brEAd#F
z@4_p3`K&NKUx3LB%VZ9}Pq4>BsJ@iaTzr1x`3c<GJh}&=pfPa1H(2)(RG_4^^7tTr
zDkx~Y3`F-36jbr~Uk>EuDcl+m9VD=olG0p$ej$hf2rT(D@VB`4Yi)0k>CHplqg_i-
z^9b=eYx(D;>aqYB?aM1x%wF8u<nrT}c=wpBcdW45R?K>9vzMw*_o?Iyd1hK^JS(mO
zddw5j+C{jnr&g_JzgwNP__-BAIHvC3G>9j@YejznjcLz5>~dA|3XtW%I6Pl4E^lbp
zcGX&jD*j?@Tad~i_frRNT%)!o7Tb`PRYP4vqayS=ZMEYP`Z!OGl}YZu+>Omg{n_P%
z7KupzdCT@-Qk8ui{9`C}2I1nM^Ezdw_*(0E&TyNUW~jKQ(1$FU9l}WhU+8{n*9xD{
zidQdjaUcAbuiji(il@wE%sy2SLNnlSlIwJgmDVn{w!FKLtsR6zj#G;llSiXH-i_WC
zVL;<(Sa21cNKKIUQC7)o2>WE9>EH_M1lptN;5)}z>{G5uBTrr7x7eRo+(a8AM^Lg2
zs0B|$@x-uN%BgQ|kyfL*x3>&BktD5V>FMC7OqqJh`Ux?Iff=AF>SG&~LKH9^HYzM|
z1UkEoFU%J~?BJ-z;Yz}Az%*02-moQu$xEBTnZHgM*YibsDUr~WNR!4QlQR)YHo4(|
zY<)u1`6tKsTGQBCyex!SdG*hLR5fz#FR5pan??buX{E_v%Z0MgUO(_1%GF!kA{ERe
z*DEm*_`JU_Oayuk_f^nS<@GRz+0)O`MCkJ}I7idj8d06fyC<KqWUT$t`c4}_6e6T_
zu@W_{Lt~St*(X)`m;RY1x-0R*n)9({{7QrEci#9(i|6@|N+<WVR#nxcKxe{f`%aOy
zR>`wVPBYJ_8oUmJ30ZYT17aGLi4&w1xEWMshu?VuMc>+T-wK6%u@~nb*J86@3d7GR
zIUzgXmXy(dA-;!ACYjXJP6Z;%K?o#+Y<o<>^@;EKHwlhLg|TXZXvrqBEj9Su>}Mw3
zLksxOhCX4V8TlE5fNw>4yrtTe$Z`p|9NU2$RWJgtaJh@FUL;9i@f&fDa4udkux9{m
zY7k_8)^Z7+%t#X-3cgC@Oi+G75b<xZb56L@j?q1nU+&`6|IERus=H{rv=qOrQPRY?
zyE^Q$Q9fsBA^4}RutX~cbO-da_*&(Du!y^?eQmS*dRZgB`Gq0~MYNn>$)g-~5FP;9
zoCKfB*N*wy2tGOHRZW(sygs9H;=zHOdLq-p6oP+|p#mG?P0hvHq`NSk_|G&0l_Cpg
zsmJ}}q7ZjfWVXTcv1~fgcL*FXFy8TXDb<=aScM7yc7nabR(WDP2g#dpar~|5LK5xA
z;7d|@78$1#q<3?-Oy|L&V&nUV6y2$+njBc8!U|!BC6Xry%_snZ0W+>gV=rttn)C3k
zO52=|k1=NmOwheGIDhuWpI9u9hI(YmrQM5%zp<z;vgMCwGVF7f;zP1$%2ea9)c@-!
z%sUqf`;<UNFBp_16N=59jWA|Qqb_TdX)>+_9^`aLXiw&~cT~d{p!^UZl4J|KN6S(S
ziBT|3wtyCh&c@wY7FRxA#xU2HCN1U>5UhY6lOyy3V~(gnTcul7xT-d=xfbBlnz_ct
z>$(5uM(r><+Q^K^GhAOVuH5ZU)-1_=WYH$;L1Ptf7N*0?e&x5m9|U86GibM!<%Z|?
zzE}G+fEiwlLTuTVhEc-sM^RgJJbzp+Ux9C4m?k?zfs%O~jqBUj1v*)V)b51zeF2s~
zB<qKZ{C$aT;AHb%7!1SV@9`FrIC%uK|3lYX2gUKc(cVaKcZc91xH|-Q_r=}a9fG^N
zOOW91?y|T;aCi5>-F)9)-Mat0Ra6~%x@V@DVp;mL=RA!&E+&7H-uz&fzUUeY0JilJ
z>^J`q%Z|$H;~}zI*;v1b<+>2or5U~io~X_cQPQ)f=NJI1{G+Sq&LxRVBu>7Px;cvL
zTHol=ZU6C?m^AqVeh^$Zu)(oQIe&GaC{_{weRL^+;wR+zwQjyj90Av)+Q|1dz)jhZ
zScTPJqBr&q)<Wi!df)PLFo_TbXK>_g@%})9;>}FTkYuib5N3M}=!_QXb@}pEj^bLR
zdX~ers^~Vbbx_QD-oiqjV8MX(^3$5?2)&-O$fz=Q$80g(%ZL==H%qLlqf<C3!nm`T
za#_IgEHRWvMJ;v>*m>glECa1KTa!thSU>9v&pWN&rZp9zAVuXkEehJ6Gnq3sB$yZd
z2EA$Egf%{kyllAdoNJ;A9%g0~!FL^_BD0f19ACTnI}w)~zdw`@53aE-S5&!`x!w>j
zYJU{1FRR$+y~;C|ys^#JwA&O;`Hj!cW2#U(txet`5aRsa2Qj#d;5**ey_G+67yPev
zi&x*u%&xo@hPRR&hgnP>$gU&n_-caH_);OS^TZTkT-}DjmR#_2M~TTRCB=oiZKB)u
z!>3Q?5Tzz(5H6I>?mfTC{V$2_JxF$d%6bJ&wQUJoacZ_E4JbiS%nX4Ceur4~)K1q;
z>{88fiBl}aZ>Zc)j~)Fu)eVi>+8K%IfN-8(nHhPv_RZYiw$EMeCtiZ?)dx8!)7^Yk
zCI^kSRMnvy@eFNJn9ja<yq9lZu#)N@stbxy1(Z%mffC{L*>5UlfC3F;>@PYozj3_6
zxj$)&W@@z9g%vT{UHW7i5+TRy32->uvHUZ{W&7vW*1$MOul;`wtYAn-orI$g37T5W
za%sKJ>jkw`=+NVsy$p>Kw~>a)XJ{oeW_I?->8y8Fw*6@XtPbFrq10HV{?+|(?xw%q
zl<Z7bZ+RPc<4u}!nyrFUJgT40AndF#kXuvx!OEV%OgDN&$?~VY-VTkME6<9ao37w+
z#1O72wzw!tiLV5f2E~u%8rtkx`*6$`;mN=!YM(;RS=jE!>_)5OreZ6FX-07f1}Jkk
z(*O^L;>+@U6L?o-f?*(Bilq1xMkx^n%Mz|3?1}6*p+}%s>g0&WAE!g6k_<{FpjJz+
z%37FE80uZ0?`~_1U0PqxDh6Kr0sfnOlI|AX{Cy6-+*U?nzgM#M3!en}h!U_lIGbSO
zYJ9UI1x&;=V4)W)a}TWJW8XeN@`EyFUw`iZm8{GA$4{hpg+IdyPgY_ow6`)<BBFj-
zY`5#h30qV#?;Mu<EmGt?C0Pq8aI>Ea^jN+%>TFHuhdnbYNI8n_%faLYckDp<B_Sv2
zfT^ETaoBlLc@3ma&;Fzb`mg$ueaDe0NVE^i)>j9}2Om~f2G#Wk1KOQOzz4A0*)?Um
zfX69<Z_7O1VcP=b%`SVB6qYB$cn^AJ)7Yxj29Gu^-tTGOy#0g@x=rk%i|MSqI;d0L
zV)^|k5^9GtAc3}Nrw{#`csvI`4H&DPaB7bv)T{qKAQyb&eD``$sV07S2abodZpLyR
zq-sy&RO;xS9fa(W(;&W=S0(ZjUKP4Ec$t<D=R0a5q##HK8?}-bcacn;G;~BWZrCUP
z<8NH?Ubu0Nmkc08cMkZ6!=l4m<GyM*rhQK7#>^L94;cP;&<c&UqjF=jf*Vu&nG~Qr
zS<A_4L6yc_d}4}d=`|({NK3$`HEZt|i6-vMLNl`Q<-2Yg?nklv?_BWCPb4Fqx7M98
z{$X^=Aw(%=@td`B>wBv2x|u=$wTrc#d+W2TI0cYchK*(OzMJjTBy{ef7PZV0<my}U
zEzYA>Nt(9a`Q7IB^0t$&iHe->lx13hoRU`fuSXgI+IzbH_!~U01&Uur&3k{bQ&gC^
zwU})<*?GKO9fN%F6SuPZ0u)L8*T`@Z>vc$&yzoJhhF|E$R8b0ah(6b4R>}>)*;?yb
zB6lQwx6?(fiv@yksMGVU!_WRdV7HFie=H@|T@5ZSKLbGct*kpt$HN2r4MVPN_JCUK
zj=b9EH>QnB3WZ=!d>%tFM7r2-x^iY7YVMb_Lr*VQu`|-dKZso#JQ$535!f6;2(*{^
z73hc<@!}$M4mQt!P{5u_3`~g`N=3(vkcUg$CEa=S3$PgmyH$0wrB$F>Iz=kJ(!nhU
zFxRjhg3%NWM+P{<z4_yPJ2$-9yEzH3HxmkmUH3S`<d@7_)cN?LGRkiQ`n3^b(%Klv
zr}wHrp_fQDFFnNwJ;0Y%Ev}ta*hmhkI#?}#3*O;&{dc5^)7WrYw~SUV_O838J*#0B
z;OVv|V0ipDxlFRCX)`(m3C<P$uV})eN?Yx17is$&gNr-hlp#>jxr}vKIIvu1aZ$3u
zI!s;Tjpl6lQzB`4cHcSvJycSlMaXGE$~ifRkZ5}eC%}*|g78w+nr;-=m~Mpi)sqkA
z$x}HL6DS?2j*PcD_41n{?A#)yIA6N?3eH5stvcqOIwlJ?G-%Dh6+qf3T~YpKge9rL
zLOl0T7R4=WH$HYjgTra{$GBtMl?VJh<Lj5|e+g|POStSgy?n3zA%sTb@Aho*M1L;u
z!x}aX9a0Gqa;hTr@Qd5Nh9@&%rtZ4z5MiSpsUbqN`n4E(QerMS$k2ULV)v?_oPT!R
zFS9fX)QQc`H%~ck&KdPoS71ShG^2Hg;Yl3Vdhr|;=LZf8JD?SAX0B&o^`U9R>2$Ae
zJBE_{nMWJ4375<zOPFYMrJ>gNzd+9@Q1HnB&YkOh?2ouUA3st2uTsdy5(!IYa+_dc
zGJ1K;VoLF!S5{&lS~<&BgQuw)0Mk=`6vM~scC)9waHl{2I9@qv)}f%jSiLQ<Ia2Q9
zPLFP87G^2`(oXHquaf4Lh)fROAAn5OO53>tl>zYiU=#C|+z-U@1b`EW;6b@-G8Wf|
z3B^l_)R|Ldfog;~>fh&3%+l3XoYtq8&U`;#P&Ld|H!Lk_zik9RQHeO363O(C(yH;3
zg>mHlQOBzoOCPqn0<PkWWAxd?GdjK%H46!Bw{|*Zi|Ra;NgU#&xrEBA&rPFHbyo#+
z5w?a?#91*cF-zI5@>1k+$*mrFp7(WJ9Mix5O&c>E`^&p8{qBdVx@4-8lbST-)mn^}
zE`uM~1`;Fhw@3T6(C|)?Tbk5hNw-Y4i=|@A7Am<8tUvQhjtxr^_e6=)wQTz?hL>Nd
zYuqsf(Q$qB-wZ}*7<pUvNQx$n9^0HPFJ&3M&Ry^k)yD-voIWMXkDkEjFepwN%MZ7}
zeJe<kE%QAliRi<fAA$pG!^S^J|LD)|nMWI17;wJTK5!s``XFpz$NEJ|2=-cAVfO?R
z`HuA`{Ps=sBy#tu*^QbzGHXLO%*4yT90cJLTK_TwIt1S}TEE8P{7+Pai+{$=CJ;0G
z2iV3zzDRJ8FVYs&wgu_MSJEGk(I6y-qygf6hZUfqNT4nyP?sFY>&Xq$DpJy3B#??7
zfl3CAbAw3S@Bg7WXpm(y9)#$yL7E8C!f7L7?n<AfG>MNzP}l=QK=|e%8^rT&{#E5z
z1i`Xd30QqwN!aUp(BMn7V1{18VJNQcC<J{ONmz#=P^Sb4%)S1rBtk!pARJ%|ny{6G
zaDXG|?)0Epu!GbVq(mUS0O@gO4b%HX4o)zbH;DDIhXsSBfz&l17%UE?Lwdd3RAI9?
zK0G_^FyZ!5;AGIXrhpZ0e)>!_GAi-#1iWIx*>9ieiXTV~lB@Z%AIyb+`E&6fNH9+Q
zZ@G)J7hvsVVK1vi+bR+^(&INyjuM;z<QB}N7Fc(ZS_KJF>G4rY5l*V)xXh%uGow(_
zx<Mny@3e%?K69A(KF^Mpj9epWbwhj0T*Q9p17LCCwKYTFae_4brlU7t<6?ySMpE#Q
z@AQVegJ9LtCaNCz=3vx{vb%6%`S7dr;VOh*%*A$LJah{o5sh2ji6U4$aE_Z(9M|s3
z9M1K`cr@^QyDDU>6RF}b&gR=4>pZpd;$uM@G282bsu;OC_s7em<Fg0^nP-?UG}~t5
zDd7VR;Z(BP8lI!6>mJZ&c=nX5AoaZPNidqqT*4@Ih6HXdojXrC#RyZ&RHKn=)-d1t
z4I@a060eb69kMaj_!3mSS|r3>xOE@67AFR0=Kd(lKwf$Zr-Sns->A$yd(J-7bPOx3
zviprMJnI(zQfa(Vaf`{Tw|-A9zd?yd%y0W&+lS|k9!4LLt+3j#=RUX<*IRw#g1=gJ
z!AJ17O0%{mvA-%%d@F9@$oIpAJDc^uVJdlmTLt;(r?ZDHinmA@exfwHsFwo1*L1)!
z|49P1ZM)do0{w0w3g|T{Dbk`D-#!F!f^8YVuG~^a`iIPRnSRdg4;hk!1{q{0Rf()+
z0M@ir%QI~fao8^cEXXN>EG!kE;Yk@w&Nai5ni(=^1%ICKN@j3gZ>f@|E5;I_jlP;{
z)XGceD_Y3~oL?xAj7Wr6=An@~!B3c@lRTM8dQJzCNHaO*HF8lFYwAQT-h|0h(K-2#
zdbiuOrlg+AoOjcUeMW0)e=XjZiPL@iuu=Ub@sBAOz8K`W5Z1t9JSzr@3sD-l!iDb<
z%CvQmi3{TPm`NQXQg&dR`a^Qt8n$bsa5JiuIK``~lD{K;%fEwxs+G@iJM2xOmq%`@
z$*KKl%c3Z-Z^zdhE+f73vHu(^QgD#)nSoU5a~~zhOa2M3_10eO$+h|8lchIwL<|nB
zIh^~bs3}0B*z?<V)5r}`!N}h`yf8}e@jbRIb@u%DS+%iZD85_FL`N=~pSxhCdHqOW
zJQK^sG}=m?wk27}GS#%zAX5oUWUQ;^oXHCZKlvyaab$k<ns;ZzqlTJXwj<Vb%~L>I
zVGe?p%Aw-snff@z?-_MMP(hi=d?Rrj_@Nz;o5V37%Xw}%n!CrlnW;mGux`^Df-nxg
zp5g}~3JVxYJbY*nJ~N?-6{dZ~Kw=se^>035LSxwg+p-YVp?#t-jqD_3nK^K>B4ku#
zncqQy1Bp!7ghqoREH{#Kz*b?(-lW2v+89bBKYw{8eC@<Ju+AW9NQ0>37w!Or#GhcD
z!SE1Yy&;Yk2|1+UA(&1RzVx<=Vr!UjAcGdL(k4NX@J{InwPN@TfN=HkKy|D5dsu^P
zi&7a4PVRXND|I0_H7HN@l}i7DNkhA;`niKz!d|5@{4ad5%;0uXYt~U^zl(EzOJ}}Y
zI+y(ht1i^ANcq;7%>$lDujqo=2G&8*1;Z6<Vvrnb<pY(ayi#J+$wP<4#Bh?<TIdXl
zyAvjX@?vCo7F0<GcLImr^0@l3_gNT2pV7(raBh@xU>+pweFC#z{({{lQh`O=okwtO
zGe;m_Q&>ey6*9kOs2yFD>eYh|j+Yh(#_us0s@y|nr;UQy!?WNRAWV$_FfX>pf(nTV
zmr&M7trn2~Qe7}ng9zUbYm>ll2@%hcg+!g}qbXR<VQpy<!^b3whmm?HO4(<~&T`!k
z_yx=$9Hk2GcIy{#$dC?|o=^$jThXs~4AV-PU`sPE8`g$}9|V3)HpPdNl2JPF3SKP*
zJ%G=Q`wGsI4G9q)neP{nmT<~a$My<-iF=g(*TppPy!nNG0k#ZB+M^of9<=KTCm8Gb
zqO1}u@);x-{Rw2RGp=*&agYG7?@Z|_WY_~ZU%VMn0E(#K6{N-GLN!mIn`R#H`m$Ca
zAnn(sn0Ep1wM%UekvWksg2`fql8t7c-in3@b{D?6&K$xU7y}-(MA(DvcX>jESE;8{
z4E2r$DXUzK82gqB&#dkR7zedP|K78^=j-G-%FdY2VukyJzvHuIoa4WdUGheVA?~OY
zUZ0afNlJ5z8J(<P&Kxx9uqbmC^-pEveI(=j=X@;u8plTL-`r5cqQCcU5M6~_u6&EB
z3&_e#%!S<JBAulSC)m~tXux%KxG0}rJ#Y^v_Pio$_zh!0W_&u?z8Q$I@6C>}FVqV&
ztxQr%_r!~RS-S<thwK2LM6S}HZ6e;rp7mm|osqYgQ7<n5(-$u~VX^F(3QAlrSDBaR
zFL9gmY}U@}qXy&Nz!KsPuuaUgA)n96w!Zd13i-N!J4m@{2`CpuJ6#A@guc$E5OyB)
z-i7ed{o>mFQTg2m0}tfhFQ|4#8a&#xylo>fk`3tTOYc$Qy9;3}Qjgq(vfyyhIh9=|
z`W}AFzRaekts7bCrJ?H7`G~n$t5)=U|C1_y`#dvo&H7Z!b-R<R;gL=aDFB6%XYr-D
zA{8PBNG75NC(T!+4XC~I!EGw1$s^%%6*ve3N&{;rix#r|YlHDG>AOO`Wq{Pi9g(_~
z%(2@wVNa7{IwMfe^k@s<*elkBHN$%346|$p0;5`$d?e`!@r(pP=`nNvpi1{WA2Vq}
z#-lGTyV<`5nd;v+Ce(%_&%HM$5%onP2f|>6T+P?pG2)i^PKJg@Of7=m2qEP~ZSZB^
z*%TroRximf@a*9wUu~72(KHfw8@-U*4kk;GYFu*O)$ZyC9YY|tMW%OEq&oY0A|RgS
z>g6ljtcw#Gjy;z=9;nTV(Eeu%3!AmepKKJa8NMeLQ!YFWAvRJMw8ng;syIcqsswM(
zF4k&frW?r*Ea-atvRuss1+0(Pyl&&LKZh-fjLA0_=Y_y@KGqs|nIo-VE9p8jljjcK
z?@DG<;K;MqlLj0Kc7M3;$w;lgACdU}c~({q=JmEBY4M<uI`UY0(Q-vr&Dm3KF(}}L
zDpmMn=xenLO5e|eUL=`~pn?v`>_vKmX%@SV^`tl|l0V=j6mWcJ!s`&tQ^eA=Q!(Xi
zaAOU=gB3ND@GrRZ+<S^(QCWh%z>^evyGqBbR1Sad<P@cjEG|X`WVQeJI8{Oh-~8Kp
zUyQbIYqoToLvBDv5ZH{JH`b}0_bY2#jw)}<T(P3n=wV8QT_Mp!rdm#uQq%91hqC+p
zaM~!o^w*`MD>$H%ZaQl6uuOtm;x3PX8lkTZyxt{Co9qP#Inwi9t2fdT@|C(5k2yxj
zg_{)ya(1Ef2HLCX{o6qro3fu2`Trw&=bJ(8SxUiVoc`Dc+OU~Y6C9R+W~uplxy)4C
zxkj6$64R(Z(K9}*>e~09`#%pVmRdV!Rs!dJ6l0L+h&?wvoENx0U+hUZHwoD%{QW*0
z_kc=g???OuMM^Dik}dq=?)#E0wxTWEAmWy?01C%pxN9mms3^#-8A<`G8+wDK>S;1<
z;1g|2!mPv(BR4A)r#<~~Idy&0DYEhpBxjr`e#(gh64~gb@TKQOr-cmqcXj$~YMqZa
zJS9=n@>IOE;ft@pexYu^<;7Quj9v~XXlF)`0yyv&_w<FJcO(0LBy+km0e7#57w7R4
zKi&&pk_a`L-#`hyRTCMcEQ)lx5e?h+utsYvj-PHjn~F>}=+ikR7%5$6GPowgmr2Tz
zNSMpH6yA8X$-a%rzKY`_gfaQauC3)@(%cb3weJhT-thU`pzz&<G}19==+C%_pHG1j
zHny8{#aqj`^&m$|%o0}6Y$X3xV#$&2+&y0h4DZvHniHPqa@vgjFtJs%^><q@5w9Tw
z$)ZMf%i=02a$C1)YvS&THL}-gMng@O>|zYw%=7sR$%$;g7r23;y6ZgvlhUfErX4d~
zM|J}#ycE9}k7hCVZV|z(OqAzs3DqE8ZxAHYQ_6HkxqFa>J)1iXqpr}-k<!LxXQ|Es
z`nBDz!GB=Kazh#JXusJE0!Hy_wI$Igv=}$4)gIC4-Ga)YujYEd=D$(wmev?Jfg@%y
zS0W4`%hzPcb*7Wf4W@f_*%7L%pWEllC_4HqK4G?8iVG`T9E*Ulj~|ore_k$P#=!vG
zdDh`0m<o_FEYYZOn;inx*l+kb*i_`-r4eyZLZ)e#Z@+YIt%8_TJf;W_KjLYP?-FPL
zPFw<)nruy2qBXqn{ZF=m`Pit^_7~KV6TJa;o13FZzKb#{d?OTzMO6_x61Djm{V=!<
z>^wHU3lGt$>X}j^BK5z??NyIP2~u8fDyM<XACykxg(OSOaSon%*k4L=$-@Y$`4!|@
z8Z)QJ@3ZPxs#pDbirXZ9xLfuHn6>Q29%lCdk-2@FGFqAecKeMR1(ppxb>}$=6L-4%
zD=EX54PPT`DeF;AHg`q6M(9j`c?K=~{6^;2`IzijWlsOBiZ?uoo#%`9Y|t}hC9klW
zW7~cyBEx?dsQXvcz!0U?XF=WFN_p8+E*2uCMs=T=?ly)_KX{*#?iL*;d?<JH#|JUm
zOO&9nl@S@Fr(Fi)qk|f~xgSBUTDz@yRjNxeCS{d-rwFqZGegx}V{7mHzC4UNOdr9W
za3T3Qzv*?`K-^m?`8c-o)n%86my#wX{8{~cXqg4ld5^Ib*ihS0x&}VRF|Rqq!3<i*
z+aGg81%+EAm+6_JyQ<8A<I^1Rc7*6jh36AxXH9vzNki_AJ)&PE2TTVEhfE^Q>C8GO
zf!wnA)mOc|c@WK)cGvg%BjkcLNtF?pkGTjOay~<A9-$irKZnpcQ&gcEXnA2O4|AD2
zH4ze*Z4-Y;C)0L^9wcgaJGqsn*)^)pz7;q%j&kR|y|Y3eC`8bmQa;62rx|itd`9nd
z1B6Z0m<O)5BjF;t6IkIUL3^H@;tf11N}DKo?p;}wXHx$DZY^S>#Mp3UQ2;T-@*X{A
z3EyS&ju(`MQEd5$w>MCtec$@~(Be14Aw!pw?8cP)A``@-?!(s4QX<Qi=eTtZq_}mR
zJ;BS&@W(N+(##{QqZ3n-p@{oC@o{PAUDMp$T2u2o4fWy8sh;MoqtazReN04yV)aJO
zUT2X1XXO?K#1-`a)lvJd3_khS{3Y<q^Y03bU@(GH6X9nkkQHYNv`P;Gt=0!YiU3;5
zXM&dUp`VJV5IUbCAT$7qV;anpfE+aJ_Y$qI6FcGm!vp^!nkyv6<_Ao#Bi$OT&l=?D
z5H^n>M8Sy;A^X3KXYAqx$g!iz2>YMi=uG?Jc>c%%X%AxKZYYHDk+c#Pxk8WvqhEs_
z9is9d<p>iDUMJu_?{5Vg@pas>MhB%tL2*rMaFAUIls!G${)}5k;IetHtr@tkNkuW1
zIH+9*O&Sm6Q~Fn;6bj@|`sevE1?keZH)g1RonYVaZtbmtkHX*Un(q`}jzL$cK!5{x
z`<GmW`TvrvXSi_S>YwEb`Og~bdAmc2gl?c)(t_MZ&LCES4{{47ktBdDQ<vl*M^z{2
zXHEq@k76Z|)oD%qoQUwhOe`WCxH!Wr*KN(Qm=G+}6=(|o!m0nJ!VQ|rF-S{fJWy!E
z8qz?I8~}=(VzuM}I|R&`Ek=g&i6AxaV2&kb5gS1vP`h_?Ay`FX3**c{jy<c;p>$mA
ztU-%3%eiPbX6Chn57;ZY#s9tql7q6Js8JC@mFkGx835o{Y>XgHUi4;b=(=>=!IA_A
z0BiWr;MZo=IG8&2AWd0BBQ7IT7jkvkXic<&S5~krf&B`J4=joPRx_rEh&~f!xFfb8
zQ1+8b!iZ@MEE&sH_S-2C8bqfu;}m`V!eNUSsT&Jd*?|(LS{OsYRKGFcsZ>g5MVSjC
zs1h8Miz1AKG1PQK-HXNl_2P^63&l`H!pX6LlC1c0m>8L559mA+?3v%F*k=EQQQ4Gi
z4y&@fW@toUdOzd3o=_t1dFDl?m;d~jMyzjJZR1o88I%m7plD#hccxXr`pCajhAThV
z{OjfBB)0hLyQ=HF%e-xctufsCs4#kBZ7{`fKYF!;bs2~oms7$?t<a6h8`V#kt$Nf`
zX>sJ5ND12zCebz5g>)rlmETr<a7}woyKmkR3Cviqbz^_`&b@nZ_WSgj_MY;bj>Y$l
z<V~GDs>k;ogjyr(>XpcwNS!UUz_?@79(*s9o9w9^e8(f3(j0D>u;R<o*wb>{Bs&BZ
zXZf%t+iXVkNn7ldnDd^c>e5%A;~iTQ%c}I%LQ<I*&2C0iNn2!cElR0;(-O~{u)1%P
z6aAs9*Il`PV8>pD*+I{8WlDL+!6$w6m$LG+Og^~cq{yV~x=1Iv%LdIfDhJ#1w%#=T
z`&wxEgjM<)Iaxk~ho1UR^La*Pd`cS>w4GB@qc}0)u1bmpLNxG)oAY}7>B9vN^)Cxy
z0TVtW-x3hr3i$`fvNiUGF87^DX3vqvrq+Lnh7~BmjSzpG7!PIJi75Cv>&(v_Eblf`
zn9-5=td5}dlz8o5rhxZD|Dm1qzJ_73C-f_$PN_mXcsubDu^0<>%c4Ea>N&5P0xo{M
zL$*Lc&qkp_x*ZNlfrKl?hL>o=5867#Dvxl^bJEJ;L$wJ)083^qb?6Kofqw!qN+ReC
z;Co@)3~qm7;VpAJ3ALd$uNHS&tuD}9BptzfA((A}*6?+&T5hh_tgAFL{}EM{=b7HK
z^p`Q){B~@~-~qx~3xb&lFtb74;a4pCCf&AcOek~=G)_9M=Qq75))0Ab+R0n>boQ{P
z-wKVB*i}FwcjjNd1J9k$Wo9?8N)5JV%sefAsswO|YC?+g=y6HQjv}<E*}KLUJW+04
z@_Ccse6^6kOn+=tpdiyXtLO?L@CJc|Jmz901rs?Xw&P0lEi(MCsaJuEKbn)LZ;4Zh
zSW{PWM<EJJq1-}|>XtCHoRMMaC}ldu*?N&4XnG98yBE2TR@qxu=x+FC50S>2q#^Cp
zy95!!!AY4+=p17$0`^W-h#fLD16T(kbf~enIqJYr!d(pzWvY#hci@=Wcy4<3rNj$T
z-)P*n<pJLA_1x@Xb>r-?P<v_2@ScUW#*;CDa^w-~mdr>i1p)`MXb)2;`rHCO2PM%>
zjt<3XQk5b6BB)h!0ooR}>sFPi{7PWw%RUeasJ3gG0^WrN@`ruL7IeA%N}3#0ciX{n
z%tl_IgV%uv5+Vp^5yCyjIz&p18{y2M(2O-)p~87fOC>I->749?LHUk&MH)=vxDdij
zb&?x0Q5Sl~l6Rt0$>cu=L7Pi7Ijw5?dXt$)61*Pop02P@LbLFgtV8M)#w?TC&i|#X
zDg{q60f6Z&v}57OAskyikho_Y%fcr}iV?$L8;Kq|L_gl*?=$G?H*j=G^3BOELm?w+
zeM{FT-nHa3wNQ9I{+k52+VV<%f|q?KSmU&)D{V@JS-fvvx^0e$Xvj2?74rsULD;oQ
z@=cP+01yByhsockvxRJ0zKOD&c;?z#;j%8tJViuGa<;g9lF$b#x%%kAer}Na4<G%y
zp6<Fe_t8W8eD48)gX!n@rZ@}iU6P8AdZeyset^%WDe>%no=@+)sgR$R-&af%jVq;i
ziys&COWE6Z`gY6%Vqt5xb=Y48{9B+7&-FV~vZemks3$#Gwr$Jh&pm5vdI+6yshqq5
zi5L%q@~K&RVht^2&I)?V-^LblgS|7kz<r_`?P5?wYkZrV?0Y*J?O<$Fezy@C^fX&R
zFzA1kdV;{wlx@;6IGCF0g>sG?bZ$I^(fKMy^th*SjIlP+jlI%cpn4sQ(pnZXKeNtm
z1({VY3=7JPZHO2t$JK?PnJlghfV#OP1dfO!^+<><wveM^kQJT}86*tywpI?WgYD<-
zS43H1b?-7~pgJXaFQTY*0B%~Mbn8yex^HH`CHQtAi7nW+wM8M%RmO+t41}u8^=+ZM
ztEwFB8`!I_0DF(tThG{@*!3&X;*hz&aGBm-GDo3hWp>E);c=FUe(J_O0y&#o_;;Qf
zOzn~DHwzCjJR*GTxJ3KwMxMV2{95V~Fjyb4AbinmWa5@$>!pota=32I8^pL+*rCWS
zX}V_9MmU;ma;Q~IXpO<{z6iy|=QB5}%&4gFghOG+cX%ax*o-pF7{q9U9!bnl?{4Et
zjH34GrN13B&3Lr#Esskg`_bPXCy{G)_cO#n*@Fx)?twBGZo%CryS;k4p_k*RLNob9
zo#8)Upv8-44c*dHVfozGsaFF$>*WWs6-auN2^@fTG?f#3ocme%**s2{5;c5wKO#MI
z06$ttm`We`wktW_rde_<H%nL#vYb4fRpfDCC4&-LESY$s;W)0xV`2AkNFqxE*>UI=
z6T&WDk4jgf)AiXNpZF8Bo4zqk<^*n6*A?_#i{{cY)t5k!k9PiRY;trAt7z<}v<qjU
z1kT6JrJKtB${ocajww1G?Z6~rvp$rF9?GY_4Zvc5KvG{Td>~{KL2geTLMpytf0DLI
zGGiKRh~XAIn#ru3^{iztQJI3gv=n$+ag*KrWtTDA4Zfw=VD<s6@*M@D89+4$F$*s{
zoy}RglwVQzSHgcPT^q6-uqzS?7EcA_+m7V0gji1EX%QGk#7hoywCKkOy0ZzL%zE85
zfTFk|e%Ua7(>xCyZM(K0S^5&T9Hu7T|6q}68d6@RiZOQFM)|#Su&!d#)s`2>BWpn{
zz#E^Qy0plV=MAZ~LckRKtx2jP52(o9%Q1n-Ug%2@v8j<;{Kvdk4M=^B|MJDAkdoFQ
zD|21X3VL()u!D$W3k#gLDWWndNB!mnGu>G(uyF-Qk9#y5q!dRV;7l7UH;U~0=)+W5
zelKb`%Qa=B4d!hG>j217EL|Pvu+B1;SP4G8gJVC-q?w*?^!Pw?zNO1dD(yyX0_F;Y
z95%o;dA!20x7bu#Rou2ZUQ*Ul(m9d?>tbwT=^>`91Ojm^3p$R|BegBkz^)AeA<aBX
zZ7z@bz3x;_%{dWh&3oD|7tb8?na$k8gT#nR=Y(<gmk=;Oz1{UjR-Y{3r<k8QnRV{u
ztQZ7<%^cXZYtU|dgx#PWE9RWU5y9y@xq(N_cI2gi2r*?XaI~tU|HWpZ#Aur;v#zd0
zZ^@#UR@AvF{v^E^Me;~EGT^VzRcOiQ?#f<i&T`b9tofE7l1Gx8FXt-7RCMh^1Ke7A
zv~ALxql^G+vGb9<2b-zL8+4~w(h9c9G&Wd`H3s%|L179q(dp`Zwt?db<`$4U+01qU
z(yj<p`Vc9YvbRd2s3n(ADbo9ANSygE#}Rq!AP)TNx*>b_XnNm9()AJbuNt&IP|Dl1
z@f9f^1Im`POP(o-GF_Z<Y`xWSO2X{|*yayTO%U(R_y_MTF=sT3fD{KQ1SHMI`Cl_`
z&I+}EGuy6jM9UW)okCL?HE4V7e&wNXRm}$2e*>I^)^VRiAZ}%K0>JH-hS~1;VyLBk
zf;#~_<R);}%ZsIxH4Q1#i|~TqRU(~L4+YWybo9I5r|F6eD@w?$**Qx2m7p7uGLM>W
z&U~V1D&83WB-<Wmd4KbITgNz<w@SZUfIXS(BIGPvrKs0UL<EOfJMN4Xk<_MK`)%ys
zU&7cXpM|!Z(Oul>*x&HYd##0^is+?!&y~E9nW>+R^gt;raxcJ#xOUI=AX#L%&hl#+
z$*be*PFO1sk8gJ4ZX)lcTAji8b1J&|r^s%sOGxWT$p*C~0yRH}T8$i@P5?tAZ)S|#
z;je)>sAV^lvA)U1fv`5dH|N>J`>>p=l*i)I6L}6g{*C!&CjMwHIk}^(i_*S#MeVmc
z7O%e#`ki6oHGRCiUP!rq_xRDAURpL&Hn<al72J4e=)kyy5hC>a*P-K<x@jwBHV03i
z3nP=)(<)09fwV$juQ39f)xKt0t5dEqBX#fbl@r&_o2GI1EIMzdSRhuS8=2nh?wgh;
zaS+c{4+fD=4ED<7h)&>*2+HW;+6ZCu{PK#~M!u~~Nf5o|t&eRV0=dx9mr?WBx5?Gp
zKgQXh1mV1j<%NwKZr7>F2=47=h+ZIxT5UFJZ8mi6xxq34rwD(-(dnrVFRv8w?3zQQ
z(Sx5`M^s|!0oBj?W@QNjm8o8j@*<z_PrT<rYAa}{*5z9t;g-K?27t$0vS(WY2@j=S
zMnkMi#ytVX;+d$7B|uG#!bFa}+N>oBixxq2B3pdwJ%UW~iB1k=8cKK_Q%AlrKfDMS
z(>gKYpk!4+c}`xsjvf1gj69*{9P}>JwlGjE?W4_jHopDoHxSc8gW$-rhiP*&KZEQd
zH{Uzx8&3qEr)O?w=RrJ*f{b5So@_)iz{F)MKl1}xMk;nBVb8JFO&e!?CC1E+I*KJ#
zWEh_~BG=^<bwRjcqPyhXacPl`dyHpo?Xx6i-Z^*Fh{QYjv68y5rOtkyny}N(JH2Uq
zD5+VR4t*^G%ij6b#g>!iP|J6aEGNJ0NbuWfks$<<YxnBQ)Gf9khcUOj;a%H=LWDeS
z7%Le?wuoQKpi@<!dI!;Drg5ltuQM$AHOcf3ilzdgu$-<~iC8p>Ny&<z!Fbkc7EF7!
z2<Wg?dwwH9Ui`NbpMDZJkwS$h9^<WNdl7`3dPxn0;(=c`M2<KX+TR_+g!YcZ@A!<e
z6sO3i?!xI2*hE`#>F1Yd=49DUWC@jp#TtBi?trxh9l^_eM6}n(T$ehlyY?~kUC=M^
zR`E6Y$-<@A&&-bxW2f^i<=XyPrd6YNO8YP0#7~Jd1?oF1>o*b=v1i@<7iRf2R=&@?
zQfz#0Fte^;dK)#F9`tVSmxI;$SxM%n&BQr?LIOa>ALa!t4NONrT$2lR9$OcOD~Uas
zpeK=)qbI8$Io`?)<Bf;E;0WN8gtIA_`3g0h1YQeiRpk4yIZ<0D;w!OEnJ{+@)|Ao8
zNYT1n&zoYECuoa(ZxLVnD+LvlW3HgzIasWK<yfnV?J6`Oku0El5*BNz%d0?Jq(fad
z+SsM8Yvb5~U9?dhVtXB)2EVSuOzum^_d@~XRcyeaXN2rOVt=t$?&Q+LpoZ@Vq&*`G
zc)4#=m}sh}9QzDQZalzbY&p9<+5-J`32CMQZPYirMAy>jFj2lEY%*>oTzY<=HNBUb
zmCK?1<MCz-aTddq^@qYf@S1QQ4yAS!l8&tRb>#S*P2PduZL-o^EcE?L$`S_MoXwuG
zSz?0@-#muT0R$_m7@Yc2%9I3*hI`4yPfy%>i!>{x*_dRg-X13*_LMG6^xI*HrnuRk
zP8JgLMmz(q0IxrWbJBv;4Tg2Xzw&@tFSvrAW*zj_ymQu<fh(~^t$72Y)zszOcN4Ro
zcU-O1x7x!YWgaozhkqlVDM|=`n$adLN{eRzv?rmRn);J;e!OXxC`_E6FD;IbO90>O
zq3m$wa^$p1_r9N1>grbI%MKb-nDSvaTk8D+e?qM~Vs_r{0Dxao19}XnJEixQCJ|U|
zrfUL9vWpbBm)cKO4(SX37$I%C0hEa{S4$P%DiN-`HiH}1%3~P;(1B5@LfeI=sI3-w
zUl{&>nj+5rAD53q3vXDCRZUacS~>2Tr=0`JM?|SSSG5bCVZWw$>0CDr%kPk7{%_ZE
zp-le6CARPD-$<@<DQ;8q<mP5(a~<IIAS%hPFdYH^Gl-7cdtkFM2?-#+TRr(|G7`-o
zrmWbSQ5E$#6`rlZbdWqlhcS|EO4otPLgnL~IvLjw@~d!Ar=`yDz37;ux50;TY)hes
zF#7IdBVML1Bw}6`PPYB=)vY#X>I8*s8MpK3yW?MTLS<=IuVm#k9>Ho^q$>g8t=28b
zfzf)`lyFcL1o2Fj#zxM0^w|%4);xhHOIy1m61J^^S}hZ|mv`JDxV&Xz?&fKBDSg{<
z_YxqiB4~Rf9*H+<XK}s+Ut~+ZPlHLE(d3gpn6cg}!{>1fEkfW*z8r@gBI`s<rnzHH
zNfzBDn4YD3^lwS^oxafrUE#l)o->YCATth3n<FFZL$hf#u!euHQ*$IkutJZJ5&9ip
zZMlXyZ^`xPThW0>KV77%iN%6i?fu<z#BEMJ6`fv$<un!FzLiolV2#a39IvNdo|JA$
zi1^HaFVAs~wz2f9pY-B~3U+$aS_>}y$lm_=Nv7Q65@F4wDp|3r?kqe8U=jKBbLMyK
z9JO805<pw74x-_O&zXS|orW<3Rgb-`JeViEOO(np-}$0|oKq#WXt~Pg(`3^rrF_;1
z8TzQmywUzJNhfzygYJpQn+{vX!K>|KZz_XVPu(`B?L&m!wS4<tF6OpNT;XT$6PDNf
zfVx5ToaLgp&t4aT0;Vq1toJNG7~_a^4gE5b{}hJ#R1P;xp7!@(bRXn0ROx2Iy?0-J
zIP+%VTGQ#&lm|_?I@5#BR)vky_Y0a&QyVH-n$H88y%emj(^R^0VqU66PUE3*-^aT%
zwiD?=R}=*}TmRQ^m1+NP{vRZ9To3Owo(rEFMe_Xq9q(;Vv!kZaUv#p7NLg}FS?oSp
zCvV@{R-;ESC|NVDXxWTzM8}*+xcmsYi6#DfL)s^kUmlC!D)xS{ua|7#YYnFdr|@`H
zdi)AOsmU)|d*5m-lixd8E=uSkl+`M13weDa!G0l#ev5EX*Yd?H<|xJn=k~$+q1}`*
z3&@a_L9g>;xyp1!*0@zU(xqBOyKx1nR;Ps1zNbUm#@;2Ws;yL61Yb_S#PCYVtS@FR
z@yOE94ak>ZZ-7S9(6QZc=sY{;!vM&f7L&Pav#=Dvp$8rn{(8}IAzpsmdV-hvqf!o6
z5$0Tp%}dv`Vpu+eEJN?6X;n9%97U80a4C1B$+^;R`*l^mK+(i)Gn)a=@shpH^Fg(n
z!Brf5YW_ZKR-LQ;y*d4ZKPO`gpPg*$AUtU|^_;pz5TB-ERg(LO`$5|#iw$QQOpNag
z^@dJJ6iJ)O|4_U6uj{~uW6Pbca~EFP5OnL~j|uMtYj-PXPb=uX)$gvjgmOggOwAI*
zpA(J0ZYSt0#Xj8BnXM4_@Fwn}4-)FYbE9%Bep%Y$7bL;)PYAi($EarQDI!u6%_rDx
zMG;Ab+h$a1S1T0}r*W<k?x9c<sgOO`J{d$%h+$ZhuW}U|v#h%?f-+#4_P#DaD%BW{
zCT>RE{0Xa)I6AXf8-X1WR;{japo(+O=r{l8J^_nM?MjI$EjsQs*>7u<9;~7Y`;%b&
z2@QPWsEn<_t$-c4PC%U&Qxw+^N|D#Q#t8&TOJY%vl&FLu9USRx&)bPR-taV7>Y|{E
zauLP1II$yAn$-Q8ia4VAfmC8vIlsfh=Oip<D>AJPh9H0-!_)&Wc4;e3(3;;QbF-7O
zXusWNdGIeaV*7UVX7hz#t`^(H;R{!P$``0rr7rjn2^(gx8YR@}P=2q#U_H;$bM?;?
zxG?M?MS)8QBtJN4H|w1KY0<RjOEu9bxy^q@@)VO6OH$s&ZsGCgqmdr)rhWaB_Ii9;
z?fPcJB~L)G*6=<y+w&$UwD=rwAc$ebE8jmWD6+P7^KR`Rhk@q6AR26)6COYi`MkTo
z!rsauvbiI@g<ef><#;&h`!ps8uV7kvGyUa4UTULwZU^$QLZQv?kp@LlEO9SmT9;Fq
zgm5wSnQHb?%grNBrj*`wp(X@Dr$AIaTKX0QOsZeL<dWvGidT8|=dq&W&HjwrWVr5p
z>!+z&-i5R)?geMGWZPyabghfTWjmwtSRNZKriKP8qikLo4cYO-&68Q$CL`;G`CPX$
zw*R(CL8T6CCadX?xhcL<=JSeq>-^(K+CHe#l<H@dI0XeMtV|)+DIY^8*UroCb$uZi
zb>2rZx9cSFb@O4%=`KO_FVc&>!POqD`sGL|-FEQ%lZ8!)b!2#eGbx$Qgy@$_{~y%-
zi|+ws5X~Xs4z8$ZwX~pzlNuf%N6&*+eTW?i=<h~Fs|F{7hzxTnbmA`#4?qH)Sta^~
z5EgCcJ7|298t4L>zrzD`Nee5abTs71Aj`a`biALc?EeNWJqex7Q`CtL?mh1?N@-*K
z?hz~)Ug3z~Rf~BGSg5?U_%VNPxn}Vr_qv5*gA#j9D(JTwNv)FaI43?mna8Hu?j}Mc
z^fT>g5(<}8<vMzEh1GNsW%O*RC!7X}Y90qgr&!($3y&)QA*0laLZ0F})+-z74!AEm
z%7hDlrGTsCid-JpXXfiZ<mT6<lHiBmtNR2L=fw)mP$f8g#s^ve<R0NRyJ*I~C`t4h
zt1ZPV;YADNhurQTjcgSagr~oy)MSxS7je!TaUXE9f5&@dbVBGYTP$nwA1O|2-&;<U
zz5WPgITeV{)jBwu92fNZn5q1mt@Re@$PuxuHgu?1$BS<prsjs6@<%!kjIqgTj6D=R
zE0FJj7|hE1N5yL3JTg>(F2JhLjH7GOc3gC$Sj$eoA2Vc=b_eU#1erAV`Yrkqo9}Yo
z2pL%bFp5;Q_*_3q-Ds80WJOC#+!N|$;bg*E{=gdDiL>8xG>FiW$XXuNw_e`;u37)r
zLVl-!1UU9CvPiQB@i+Dgfn)kxUC(2{fkemJ(gLezb)+eZe11Wb6;jp1v!x`7FLt9n
z!f^OL+^0!{d=1ALm_BJ<Km}VnxZStBBw%m#Qc0XCxz7e*Q9KW6Bz)l-)l{aR1K$!%
zP@c|t1-`v`(DYU-mN^;f#39;LqtU)M%F2fpoWZh@lA|Yu3DItTwAD5`I`>-!r1AAa
z+$=f2k`)W|M1Ggl1~xxSiPXZ}5W|QMp8v2Y<i&C(u|sU8-js!TF7B7kLiPq)8zZ7<
z)+jHd8Fu65vJ*#CCOb%1xs1nVP7mre;s~XnfR6zm#Zotp)-n7=gHCbw6_X6Ri&BdL
zlrWx;#8P_+asV#`agiI_@R}0Zb?V_=Druu9Sz5P4y;95)-~-IsPOPB~O5DxFdnps`
zI@&5w1OX+}Xaf~zFBI&lu{Yoe3+T>1uXjOEt3Xa;-!{ZM>$Kct-zkT!Ydg0HHcc!T
zoDrj7T|#Xei~&%A$Sn}(8USd3*NRx{_7+8Qu#FG52yduC05-yZ|LqT-ZHK@U-Zd?x
zAHlujQwnd9{&wxQm$v%5F2Ibn1`4`UQUJ%ekwF1-rnP;cw19y_85>L@oV|aEGQ{I7
z5rX6!f+O^}vrdPj1Zck?Q>zQ>pX^kh#W7<X+LyDvFzG5)#jvg0HqJu_yj;^>g<K9W
z;w6?B>y4zHp8cGroa<m__OwG>kea^P?0Yo$gHojpKP(LIR%a}so($eOPMIjDJ_O-P
z8}IFY&r;bJd6y2Z_T<#c@`_Yjj!?<!TP-#isjvDzIq06+ll>W!UL5GkQj5AQ8?jff
z{aClOUVBJg2)jJ#&gvTQZMjQ$s<@isH#+H9b)R+TC8;A6I_?pyB#Lf?NJIR9tnyjo
z56*gG4e`TR-b}jX>}N}Ge@za@#;*D+EV)`();^}T%bZ-7yK?w}OOr9<6}l<1WGeKB
zf*%b3{Y%x0XR)wN_FQQ>uWTfa&2pIU%N>SjgDweiyr7^I+xmkc9Yv~zEt;$JTJv}l
zJ-V$mmv&loJB!iqUc^tl7;1Rzh%K__kvQ^+z0q5)`tYI@ahSJWpRXc*VepSc*p{)>
z+~yiSU;AKCYJIV#9b&1|1w)<8f@qk?5bulRDiyK8dZfnJ#EbXVQRZ5XEv?2_?&t`3
z$J${9u2Jo^&ae$z7u&4!KS`mm0N~EL(uPrt3TS^x?VZw|@g24en{A4SN`Ah5@8{1D
zRavZi|Dm~KpcLq36i=;OPAws29AW8`Dqv{XEs+<WG8~q18b8O6n{#Qp^vD2M+Z2;o
z@364+#-X>p+GUOtq~D6d%4&Z~l5Fu@)*^D#Jgps24g;-F&TAJ6-WZsFZRdW^zwgQ$
zEarIll>@ieV0i}RT!|OSr}ZtVTP}%X8)cz%Lh?#N)r*zHP^(t<g5aF3KfY^(9FHJ5
zdVVNl2I5V3PW!gkN4tUDmr9h<)~jhXNOrOR=vD-7d3BGVE^_^_AuH#{_%$SNtVY_l
z;ATMyEzT|>!Yzrs=vI8K7>Kd_0%}$qSPmPuv_;IcGm1)N4bOs#W;E*)gt=gvlBN8X
zD@G?v=!fNzxpOZ)58`L@uK_HS5n-pC1e%g=+9kXe$gLK06Hc6Zg~6uHg!;Juv=y*E
z?KFAt*Q>vjmD80Y64q2E#X|e3z-!Z7xm9n$ZZkA%KdY}whfvfygk2il*(-0GoxM8#
zjdUtJbK9SNH=B!ms*GvLvNqJNED73ri;M9z0s`J<K-uA^8FunArA!+VD$)?UP@W=S
z*HF)jh>fP87Qc|1lCkzHA$8uP5bW+BFu@4)E3UC}6q`XVSI1)I^0u_3bj%jgPJUeO
z!*$7_V=T<k#sl5Kj~RU5UG2>wnaZ2;KSox<VsC>1#ze219kwJJB{GdQ8bH*hFOLG4
zZ8=1qeVH&C+kIGcZ}E?zTeLwhSUm98v~<u-XLWB5`;E!5lDes-@-#+Ig-wi2mR}Zc
z^JOqo1WQPwv$<?2Bq}gaHW$^Y2V-pxTeJy@N`;1<Kl&tTro^508+I-aS!pu0d=Gcy
z3AHS`JG3Orpchbe5#ZEbfz>|BC}TH+jDp96klP}>J$-i;Iiw@cq=lw_;iDX~h}U~4
zsm@4z^3Sw0HvKY{y|LPwI62RrA<(3`p`_Z*c+9a3BX=3-tnamlHxwQ6*)XPBN5JcW
zFC#?p6+UOjTN*tfWKZB43!r~K9_-;RJ`i=zM89mnp{1OyN5X1;+UCG&kfZ5F5UZe>
zgAp`cXKM^93(IZ-I}yf}qjjkG_yfb~Pzj^2f2swd87u$;XinTiS)#WekCUp7V6?px
zZwa>0-xWKwhzm$=ZiZVNYzoNcfb_bb-ZIyBNJZO|MUP74T#@Edw7HZ;qkKF1ob?v8
zb+AoiCWtjl9aC5R_OH6n?4OyGPc@1h;BVzO;IW~vWIB7IU$PO<cGf7#w*A6km+9TF
z#0%Fk>F3R!8=o#!VK)~$uTYuA8LTU4S?D9Ms-)2#q91|Ll&zz-qI*`zIf?UfVs&IY
zuCI+$J5;{Ao^`U{UgfX`XWlLx6s~MNi`SC8W8h(9(9P7+2LiNcNT<ynYR`CX-#YmX
zpWm%_YDxSDIX<%C*yoX|AOb!`Q<e|79$YvU3~a#*4<81E9EAnke-@j`&lMMbAU_^-
ze(*0EfpvhMu)%@1m-$cYknn)Lt>p*@TOWNiaQo13hYM7+na@CwdEg4>`)UA)e$#E+
zjWX&W!9>EYc;sX3+(y81p_1ix#<K=MJy_Nn(CkNl-&azj2nz5bHCH8l`~Dde@R|0S
z3{I%%iO;7s&Ioym<@ACdcgnI2`T!ed#VP;ImYZpQ5ak`Wv|yeEjee`B1Z6`(%!?Wx
z#S*!3Tl|%u*@9~GH<X~a`k(JV#=V=8pX!s%6K=b&FpxZgy+*<l2o#<Js=s*t7S`^@
zSw&7Xk25>QCLaQ{Ju0;Uq-T@?sjiz^%_&twmUuy4d$B^kS2wsWdsER2syy$jpY7N5
z0oXF@Lg15DTV`4hh%p3h@TpYj`pRk?3onoj*kO}4UPcznWt!R;75wc~+S=CKmD}SZ
zk&j3oG2d|<Bz(ugmsCQ)o68lrf8>pSiI1c?`d%WBKLXZKF59j(cHl8~u$!!-D@<Wv
zzOJS$2f$Cbq`x4*cUof!__NSGB%M?_c&c0tl$^)AF%q%${@O%pNxn6(Rz?=<*O$iG
zO5Kn;9iBFXKo-AmN1lDvkQaY?^$`GNk@lG=M9@h6kuW+ah@SH-ap|&K)ql2X;^2wy
zKF7z1w}B*`$aG~z&brouXIy+eI8$kSZLw$k7QNISaAa`^u2b;QxNDKd)_Vws@@)!I
z;_MePJFG|kYye8R`)2BO=hE;C*tvEK+^>ub(-E+yUy*D*rihACH**ckZYu%VTZVV0
zx#n?1v}J;{_MwzX<@3?Ssg_PEMc`XhYqn8ejiw$rW=A<9H#8*f0%#8$_u8v`AwQth
zveJO?&6Fo1?xa$ZVcodVNzEu*i@W24Qi&R2;Eh01uB8wf>^^1*B428NL+9V1Q7&ai
zbY*WGbY+#aWP23~wP!C%L);6}HsgtSUdVwT7PRtO=bfZd0H~TD<dzW}dYH{>+r`YE
zo@B;T2C?M&8!exq%>0&#Xi&%gpiMw*OT6iJs6p>Up=N?3P<csPQQ6>D3mdJ3f2Pn+
z*s02q0WD08q?$$5Ic3b3Jov_)!3$kSaOK#9{rU%m?azKDF-zqcNmK>dx^m6K5t6p#
zY5n%%Eo2IEKN~A+37X8#BKxu&;fvNlAN<k(h`*jXUZ4s#N2omU$ZPLx7Ih*RE)aa_
zRza<Ywd}OfIy@7r+J21@GHHANE15@vZ7zQ@e;2HgDg{`k;-9qfjoneve9y%i0}^vP
zW*Hv$48cucaI?amLAB6~<td-|XF%o2W>qF1pIWxL@zscT(pfRqlGeqdO%tM7Gtzl=
zCLeij#!{~$_--ogD`6n8>FiPTLQaLK{vWE&0;-N4TGUu^DO#LzaCf&B4sOL=io3hF
z*umZ1o#IfSKq;=pwYY217Joze-@EUw)pZ&&JIPM6caoXOmtk^vfCqe=jMp0_pEfpC
zmDOkQPZO4_tNGwv;_O;+q<!|l7{Pl9-TDdv>M0fXw^NN_;5z!wUTM$ciER0UL_U6%
z&@tpg%O)wz$vVIdlIq|+0w<wb%5LB~fH&#3QSj}um`8PW#vDBh^`JBtvu-?u#)A5B
zhY0B1gYsbKMOHocsl)N`^mO-x#iu)RSqhRE3yP+(VE(0CWr+viTfPua&`zk6#ADt$
zRH{mjQ$P|~h)e(E)vI$9UP(XbH)4M4i#K`B_wUZrahaxU{zl@9<o=GUOe3=@f0H~=
znI@(9*9<wUEs&0!a3v!?lf08{h|#g|6#YCJ&eehd>ZGKS;zT-%dk{1ZI_J7=z$*xf
zHy>9AK8GvpOW1a*N7Ik%UbRb=u-FiR(_rPN9VL1WZu$}bq0mbAj@zzK)tbYa5X~dd
zf~XQypG+meUZ%WkFCET=et>N*iQSaIU3Orxhpcu=6TxQW6cuX@b`A1*<GJTI;6&c1
zY}^!VlybkYYiq`}Xl~oe{mXp1lcp}AvOI14uE!Td$B4E#>CtS=xdK1&nuGJ~sjYM9
zr_z@!d}Wp$C}x})9pQi}Dn%lhbt?u2P_Dsjm_rosNMauwxZOTcqz4&pCjcP=5KJ{N
za93et{+@mQyE+^MgGUbp*g!CLK@f*ul%U+diNJ{dr~-`Pn4s<?3eXxDn5s}Qp*6(7
zEp}L#HNVq7R2NyFbA%(daAK8<?zal(Ljr<JM9F3527pw&Z$RCR@4#KX!0r7K7|zC1
zo2GkPqzV#10o>mM6QC||f3HmgT2p|O>K0r=wFWU2<Z;T(QDQ=;h=N<x!w~1M_<+fK
zb$1U*4T%RRb5Z0AB%mM%n0THm1Ogr-{P&ol0+{gcJ_E`+%3(q`_q%{}1%T{*sHeRO
zt@jDU;g0U|fs0QO;fNj=T3Lv5*Y!YX-xSDv+f*EG85MKgDq9uYH6{&Q!@&e>=U?%(
z9XN!Ag%#_vm(-m>wt&uAV7McHahh&5KXE`uK!`gG(c?9!n@Yb(V~<j<vmATfiV|d~
z0YOYr1a}<*DS&EcW+Tg|PjZPAK>~)q1UoV5S%0Aet&M1W1CGJGTRXKwQSp~WQX%M~
zqLM>n(F!Vy#427)isW3j!z^Z(NnHeOB#WmG(S97#$RDq<{}-1|z0vS5&MFFGjrWnh
zAgD}%>K4^q`(I*-FkY+wos_<cGJXBO6af&}mlT#D1)YEL_v0Tv`G=sW5Kzh4VmmH@
z<V+J;w?)Lsg?odab)g4WYW|Z$5A(2yi({9OI8ehHb@(DKF+@vX83{4QBcLlVDdYlG
zYnc>A#>WN4TZ9C^TnvY(yj;Wsw1YihSC$x*VgT#b4oDGDQRpdu9%40I-E{@&q8WSu
zcV)Befm?RM5L*CKYb*y8R*Tq6P|6?g;+XEH%Jh<;>E@DsF(vf>$*m2rDj#*4Zdb8E
zsUHE)CPKgYEKUHJ2-9m!2P(isq96f0*;8Q-$3i8LfV=TSa7(&AP~O-Zz)CW}aDvaB
zpPu`g>L?wNOLw2pQwbBg!~k`aW0LE?K9pxsn#OYLz!{2k0UqtuJU*LEJ(hDQGz;)N
zD+yTGkbt_MWw!w{e{KfKqsaK03~IVLJS2ev$|Grzg7&{Cz${vDfy#;XkVMdCE9HB9
zi?0biWXkuD2-`@3AkG8cGINhS6B(rUB`7`3<qB{x5pYn&wi=-$6PBBV^t>}TvtDYR
zfa+s2-FHv?4=FVqGTkdwAj4ZOK%;(Z&UER$P{=>m-~;M??Mf&`rRyt1NiQ|Wj|uI)
zf;fsi$#o8YWsOt<G*mLs)C53@tn%3LLB>;n<CB13imMO6Eriv|5UeI3ryIcBfgPUd
zz#8@HKNr4tvdE6BK4D>a84Cbku?NNqTVN1zgCJ@=WK8Q(*?4nI>lIZbKmr~B2jBz2
zC;-hAMi5^}X_Gw>=Fo_V=|BglmjnqA0IuHwJ@_{qaL#=O&JCG)pefbJL2D+!I0Jea
z2GD_)IainZnOGg%EL9xqzy&nPl`Y`Xo&wWfiYjs-0oXt`|F<Kvib|=DvS$7b5WiUg
z(Tj>{QmUf|D_Zb=Ita8T2f_d5(s8b}&@UYEwl2c}k>OD=E{mHISJ8x~u(Y<cFvjK^
zx$3;a098VF#Mksw29JgaddFeb&ttfh#7t$1n!_5?{Cpa0c+)do0Xo^L4WvlB`%~pX
zOP5H)hsnsV;FqiM2Kc&OMKu{#Rtv?!_I&1@Z|_r9ukv*6sO3cm-iO}3tD<)1iJCEq
zZ7TT@_1%sC8V+|-voQBlbCRFwYh3nXdXrd<fwybf>g3*)qVU65%s*-L$pcGYyGvuh
zR9lI+423)VR15lLbtZ@iQFC}l#Fg>5MkVHio*m-3Q2E+V_|IOSLbo6L-!1-Hw5myN
z&7!0amI>vPGNlbfIX|uTu+7AiH`Gj!aKFmsc)SE(3n+XqzEuG(K(T#Rv)qj;YNe40
z*f$S@U(TQHrFvJ1Q~^9rZWLyOHu|Itycw-15-(fT)P^J4?4$3-rg~>F64=0Y><R1|
zL{Jpv80>(X{}aMpNVs9sxU-6g68vdFLhSJZjO1{~ln;GcmevY4|5wd+KDK4MLbbgw
z()1h2vFG<Eg^T9585d4r-3SV@uTJ>RJ_B1KiS@p4xGM+#si5pQ#}RA?lNLuYHU5m*
z8Plev-^;#d(ez2baM+Vn;lWaf%`ASS-*DeTE@HRf$2h#;vqLo;le(&--*oTsR)kwl
z`<&0L@~4=H5$5t^IMqC}aT3w3Bk)cU`Benh`jB-pSuLaGQyrBi<R+MhNksH@r?Bx2
zX7`^@$C8N4qXxD2h~(Zq*A!dZhfQSU6f7O4H)kLG+HLO~wPmWE?Uz0${i@xpNG7vw
z7H9m%q2wIO<Dr|NrL3#xi#N5PDt(98-*Ef4@1WkHrT9x14|NUh0|jw~qSgEK3+=8*
zj`~+%-r2^FG)zV3UQ}7;P_-8hiMIP)QaHpD4?dbpdJksNJfF;Yxw-QBuHnGEtk-aF
z5TYFSAb)i=VF@9^eOREk-L-j`qi1w)yFZ=Ld2sY-euC=}7lS2CU0|Q3g2s#%wk18`
zxE_WD5#zIewv^lW#9|HP;{&(5zKY7S18WT3=Op-h*|xGYFeahzfUhRREb^7)HZ2Ko
zM%}UzV<M0)ln@hNb~6AGp%0Ra9CZeiIFT>Ex&!Qg5ilCL*oQb$x@t(o2DL02qraW8
z-}xK&+WxYKK)Bp*bfVyPlvuEQJ<V7$>5chb>3Kkgh-|xCn85VFx;s9FWbCh!zi%<k
z1xs(EIEdle@eAGqVyu7|O+#(hw1ldsW5{QEmNBUh+r0#c<$`M@RpUJP>5T_G^}`wu
zefwwcwR(Z$WA!s1^|yQXPk_M6bKuDQC`%~GE2ix$P59n6w$+SI<W!!J64+lqU(tt8
zC$c${2}XZ{pV>jdbs1#%-j^Oqz0_MH@<eZRN2ULdi6YLX%NG6UM9glYQ4MRqOK|TY
zn^z@GxFi4b&us<p(+d0qRA=vp8D&Omjao+fY1y)~wH5(ayq<sfpMP$*w7heCQofzT
zVLPOl!kpB}b?LFutT7M6Et{qVv@v2kXpA7W49~=r2v=;2ZD<`d*2_KVw|?K<XVy?$
zDdziXopE)dJYw0(u*3PwRcPgMY5QQ*mL(xSVthc4&3vmmmBUFRQy8dlrf-|kSO*Zd
zTAf;NuQ9UF%%GqsLUT1j*H#mC8rCD^(lI4ev3mm#CN1cZ(z33^QY;J1d`xtVox=8f
z*DM&jdxzu6jIp&j2<zEJv?$!$)YE1qIk3uQ7p_{*ygqN<&{)#L5xz5yUqVuGLySbG
zfoj()?W4D}4yCVR{&>%|*&0Z5eo!4)4B6v2VO6c@{SXdM#2(VojqRzTm-j`1I*i+r
zcn&2!v=(v(CUv+ZsEW)+s<;azHO&mX0F%BpU;fO{)R)GkxOG#r=!f=q_F|ea8zV;^
z#SNJ<+y7H^i7YSwd(O4}H)V_q_`m!{b!F6+l7kQkkGp=Bt1fX64K962qxed5eic1h
zC7%y%*O4!;(}xSAxCKqrsE6uoUa;5_85Q+z*fdk?986l{8E!G!7gl8Tm7qTfMj%vW
z-B>Dn0G7MGx@t!s!@k4=gyEsL^pQ>R9!@`sLL_@2h9K0tydlw1upisgnS#0$IH5j@
z=G^Dex|7?GxUek5EK{eJuA;o)M<kzYlL3eMAbpg4{PEm~^d$BTo^b;09$6ppewd(P
zCpXD8k%~zp43%!`47?g~;a_^a3nOfkJFYdq{3{}Jy3a5-<zMxNtB&6rHtm;otLzK$
zm{Rwst%B_C@En&AvgfELO~W)SKzeM{lU5FnW|Q>ept3tW>0ixK2YzzWzYsc#Mr-yJ
zheK{HlhC@l%^Tw5J(MzxG^jchRE}JY!_j06xBhC?4iPoVMOb5<TDAKYFLoaEr!iCr
zE}8776WFS(Eb|8Qm}l;wPYT*G^HtwE?)2qSQ<2V4_bVAYRi1B*L<3H?&t^fu5;Crd
zkZ>-$Q~g6tWDHJgyEl!zLeOxoP#p-(e7^5Xodx_=$yT4p_m?2G!;HvrkNTB$#)1Rh
z4425O<L%)I?CJH4p2I9QcTJ!ev#NkM#*5|W+D39x?-vBj3V&#AK(`ea0?wbQx}6sI
z<cqmP8}`RIe7|0f%{Q5@n59^vWSm{`Qfntncvx`ajdS)Mtld+?tP|Bqu4jJWIJR$B
zKkD`K&%AF!30dY{Knwxpoe_GxFB`(3@Y<#IBIg|;QP8b!;LoGO9uABP1m`b3ON91I
zyu)Nio}J&}8-?d`x%1HEx*|APubBFXQg4AAf^Ln_MSbyus2ko}e8v#<?P~g7lmH(k
zd?DrddkBs!==Ro_Heo}m<+$?8{B3X*#{6Pa70J?KWtH#ZVt&=Hg~ik=p@qe;D*5??
zRrR?hug00Ys*WRj$<QZ$Q+dvT^p?{-6C6?nc81=+3zcM>=Jn-~IiriLe%uV-fd~vB
z!U~AM;`HN=C|eg2h;;b8;M~RTjjm}n{wcM7H^B6oxMn09HhIDM?amP&)N;XS_NGrc
zagBTuTS@OHcQz*Uo=iLhBZUaqCQG&*9NyQ?$ixu7S3oQb!b<P|{@Y056KoS5>y8W0
zYx7oFIQZmEVo81D+t_PsA~`Wbo$Y3WrDo!_O$KXi@l%mg?YKqtoTenRyGH${@<LqT
z=tf(n$=Tb#L$T^UUa~qS6<ycXKCY4sEZ=Z{t0jNyD>0fr$%$BmeKRYg7&h(wwSsG8
zyd2fIa&<b<u}m>lNAt&7Q%%TCT=K_`U@l^N6l+ZagQ>#yTTJIUOZ?v<vnvzV_Li%1
z3252)CyuE1%v6aqA$t6!54-yvTNjSk??Rwc8Xkl0PIwyZ9XSQF@!^lM!cW3yTHW{D
zCtVcz9|%*-M$vVuEFuD|uh*^8a=hG)@qZSdrsXoUb0c}h+3KLeUXOueFlTnSu&Zj)
za#6Cd*)F-V@wrcp7vbM1qW<Yye2>o^`pMv@o#bTh2hv$E(vdaBRIpq`1C0qrl|~kK
zgucF?a>WYG=qA<i5Py`lrXUMkr9;0O<uB||glN7IF#f>(%viKHBYnDKIE9)8iL;pY
zFX?uvWH2-l%3oFZ%n9Zhm~pyvjCoDU9IR-IDIAADt2on!fs92i215he*Ga&uewYa=
zZr3DWn7jV<SNa0oXu%DEZH4NWQ`^Tk!`Q-a^*Weft1TJQ8Wl78S%w1i(xv8l&Azd(
zWlO*cf8Zoz1-^Na1RXqU*{ibiX`FqH>KOiz$}O;Q+7>?%xqP~YWE;u<d&}NI82cLT
zvB?1Lk4qJ<0<073246SrLR8uY0t5WnOhKg+j+43lW}N{;Q_q>2za}YULucqoiO`Pr
zs-0qs>=Lg)>+oq`dm1N&jG)yA`nD54?hRslcHv%?p?ZYb=)>$xm$0vq)<R8<D-#)M
z=v)Ml^c)zL7$66D_rMSn&`{KcsL?7W+FG^onLU(2wa5!Mr~Ot}ZOTi`Rfk_z%?S^n
z97}@UZ6pz2W8$}~H^u*a4koDa{5;~Pkov}dIG~^hCX;HGQQ)geq`One!0EdNgC%x_
z3t*I=FGat=Aw+9a%BFSaZ(_mNqrHa4b|1b!0N-(4M0>lE#yV&eK$HEfRqRT1)8RM8
z_c;e6{hYJta4fssOHOuC<uvML{j(J|sUEpB_uj)c<QuhOA{2u`{!J)}01H%fh2pm3
zkJfU4glJp*UaIHDT8?vSsEWk;haL^-2+M=iK?}tutx8NLfQOUtH?+8e;gO`qT}Tk@
z;-pDHm7z=kg9_&e+mw=LM=>3=zE{)<OuHHBJpElraOv9&EPG7bVcxlIU|Q)v<Rp~Q
z^vJ5#m*OpAN-NgqIaW;C*gF(dg2Az>Rf8|Q(wJ!4g%Xqr{VB1K^vJ%3T&s?Hp_)zW
zyrk;c6>Uk6+SJMba}w7tWIWZ$uRx?;cIgcDD_nigEOcck0L2B}?h^qeE$oSk=G~Er
zE<uf~FTG3c-CNTRZl-i=6~)Ax$%Z}tnwm;fiKG-Xp)z1))Fgg<i7NlbCQC=3UG5$5
zYS=zy(Jsd`A9cQD;&#3<1xw^m!-dY;9uuu*mnpuTGE*%Fx&Fvb&NE3X9+-$LioEk~
zY%iMR(lXqJE>r@={rroeTEt14QB@SxKECU2((-csUURVpm?c~-)EmgFmMUS~=CqYO
zRNBPzTqvnsqG38SWeSXW1=6Jj-`qM|vDyTZNXBap3Kh?4;DbC2Gf!!=PlH?1v#prw
z!dQKs-Gh@KxX?Zd^^i=+7*cgqR`q<+u%zl3Qs2<(Lb9bo7Zhi3?8?}}W~~CQSbi5q
z1U~%{z=JcoYH0np@}@@Wt*x|R71O+J__oLJ$$RGoy&_yxZ>^c4l8;2g*jinr$9rZN
z94Xtd+!n|dYt;P33zr1Wm^rU9f2!|d+hBe{ceVre?AYep){Fb#)ky2~@YFsBbab*Z
z7~B;9`h3rRwd|j+Q=C4XyrG#rZfU*5XGTUh{H9LWaGZk@kEl2bR=&O`!@xyLeF#Ru
z;`T2=SW1I^1^PE%ZKg|~uBu(>74zZmmDYSM4=_k(HhihC<gAzax~{B>c8!HR#0#MR
zU|0Erys*9eKgTny+lt@07%xRkM6|dzLKvVIt0$_;#pUoE^d^L-JXALLY<*$c|02^7
zE({eHl1BYZ#^{olX&;BFwovAGcsMjs{?KhE|J&B=ycVOyWFd$5X9o!@Uo)JC{!$+l
zsagZ$S|%{|<o-lY{hcAN7gZ0fydhfLX~9Now6at>h9j3hLaIFy?V!a*q^LgPM%2W2
zbr_9pA15w_#KT4Sn|q>Z;njd!gxVORp?HB>>QQo*v(5Sutx|czkHU(hJV!OkpYMFQ
zZ0aic_58WUwhwFsKhmRU0&t3P_)ZL48pE(Dv)j=hf3~8k1Wmb!<nZP5_y>&(hUNZ2
z{ji?0LQW}T>vT@|_V<(X@Ckh(P~M!Ds4a>UP62#T@VeA_Xbyp(dDg9#pj0b(eTS2K
zjQ7OW(>=9)bzh4%V52Ru7V(#qmF66nEk&28nx3QL(A2u5BhY4q#ECw`X?_WF>)MrW
zfVCl)EoG`jEk?J+$B0pF>nf4sb1ePwk;OI12L@SQ0nScIbp5sA7m2`J-dyPbSh)|x
zFh?^zLMb+qpO;^+L8u#|YHabyYWAHMn-b0-seU7~-%{3LnPV)&f0~MIpqQXFDXqi0
z`NlQG_o3is;~#LW<RfY~kiUViO?P()`~{w0SA{9W;4OATmoc^>GP3A%6t}d`G+8>U
z;XDY7KkOPv#i9#^vc(e>plPsiB``8%EvP>Z#LCs#G=R~a>v^{(h6Rg}#_W&i@DBSl
zAVoh94^^*;dKenmC*3@hR(+!ZeaNN8>QE35<NHn-lmcbWnbRc@&JE{LIv5iwS9A!Q
zJ=ajv#V1ZQ)XNXgv8DV&;alF!g$t@@gZ3vZ{fVF<2D!oVYNgS*OeBl?=~gGTW>oj9
zzZ6;7_#3w)SZfW`zQ9HmCFi}ay!K3ud^5{zI+jo<9WGBy58c5CvCWYhi8l5>9nuY>
zn(h&yy6zDSGL^*T?IgaFiG}0jU0Kc2lP2ju$h-9AC0=Dy6S$`DBZb=Z6Jjjj?vhu-
zTz-Y{Z(%9z<0q^R_e_v8N8joalduQZi6|N^ORL$bk<VU5JU;c`c(6RK1S4bS9~4uU
z!>m#&UG2ou1p=FCI0<k(B29j>74tGewJN6Ly|s_FKHu?Zs7)mBQp0zUzW9pcE8tTl
z=l<qX8`t_I=i+G?ObU;$%I02}sNnlLL*)2RNBxx2tDJpgrDACNli0yXn@p?k)Wez<
z>l76qi}UTXdHmADOOL14hauU&p=r2kUDy{_hKaSpp>-#Gs=)@vt3U0!U{@!%^w)6G
z8f3(Ys)U}jY^^>Q$k(UO;Mq3SMW9+<xe!R4f8N$?kZxzID?;EcyUC2?9&UVR_7%$B
zYNP$e=v^a{Fo|S03skigmhf-a_~(L<$UNSY6w<G&wVTQB*_$Dh`Mi6uBKgg(h01{z
z;h7J7lB}2o)oVVln9;Dl82Q9lGS#OGR$GL)hC=RDm$<D~%>X(hz|{5s(m=e?Dm+@`
z)sTjr`dG-gR_?Y76K<Np73gJa3bmZeIV@cH6glZgnKBxP%fz{+hCJ$%`BoE;{gn$+
zP5uPE4ci9nwRJ??<D1bRa>+DCK7Pq`hjqKHCE_*x>H@-sGCIdlB?kHVK6H!9mqB)P
z=|s7g&|j?mzHoeN#qa>$K-y!YMN~2!OT~LW4qyu#YU@N48L*AxngTRsBmVEBiiW%s
zR_qB`6qYV|;8m4;gRL8L3EX@kQ+q&$0Y%ZY^?CvA_k-`6xN4#4Jo&a{jRr;g3f<hc
zxKn1SzyAb@7=C^4^5a9kclT-Y@(9<sq3W<j$kN#>>f;uSJwLR9+*#0KILu!xCK%>g
zidV1R{ShDx#v9f%RQYv;)JePvui6+&{NNr`K6w>4+_-J`$Vavi@V<j(z<(+qv<M);
zFeqZ3V}75s+C^>?Z%{^V?h_xJM)b_*hrQQ1iX~HTZoH4)w7-H8d&o<{{C!3=|A?Ct
zzhaox_NV^uw(NNd*AMtT0wqiq$Qq6ANPxJoOfOq=!x=&H^+3UmHd4{g8&xFX>RKpA
zd+VGBBhtoVMl$EH<%Si>_o4?<QDxmZRcX?V{a?N96oeBqjR7d`(KcbK^TT=eN>D$m
z8?SM457OztTsWZ;g_XF>qt3&r!u|T^unsXN3%;z$KS+N3ul|59af{@mFp?g&5JjT%
z4v)TQDttK7;XG~mnrpox&*aU@hu=?cL+F~3Sh-YuRI}InCwu$g_}H<!ML}pBgLp*Y
zHw6st@jO&vjHSF(8aMY7_J-rt^)!UKD3Y~4Dy9OqS2RJSCy}mIuzDp?Z_eZJ2!3m`
zoZ;9?d62n&`EN_z@_ZGYS6dWEhZ<?CTA*Ld4cdj>#pXe`adYwaW3xY5WEu$X=Q!hx
zqr%8zDr~QW<x}@KnieYrGfdY>&Dc^CgI%y69g8k9COXm{PFXTHAS-d|jPI4-PgDO!
zGJ&{Pm^xdxX9x5h*7Ss?8GP`npn+mLCl<<}Ao0yv`!O+PwR9C$5`{_s`;h;g`IO#6
z@}!>7na=V`$fWtPMe}sPI9=8l_HN|yXh9bD{@%1ipMo2&f|kfMf~<{$n^mAGjllR0
z?5wph6{{Zn1@v&bQ~t<_sSvb9{rr-+Kwv<{W%O#fv7)2ms*eqKb`?hQf}Gk1_Wt><
z)1=*eMb`=2w`4VPZJyhj&7WkL1v;1-_UF2*9|b4&dC|E=50$zk_@`zp+NDWpapoho
zsNQ7^CMdM_O$?sc2(Gu**UEB6u5@sF-5rI5V6+rWxJ5#LBTNs9x*gN|gJj?8ULo|A
zhIM7hj_+quNc?cLeR$I<)Zugq4b<TB!wifA%gvE#3So9l+7eXu+-i;TUBIH?t9C_(
zJzux2N}T@L2pXB{CD`UL_`fLj6L0U6J&}(OXdM(X;GK_5(lJ`VF)GZp5eSMcl~>IZ
z@MLRW$`uvw%N>1=_axF?P%-TX<}FY?9DF``7_hpL#ayb{_b;Gas??5E+&ET-d5UV~
z5<6R<q${vp=r<9tLU>^Hn??d~4O7%NS+ZG^%*CC~zmR4Xwz*AifrPy99Vh>$C@3ZS
zmaq&9%W6gUNte97%0XTI`3Jnf9DZ|84bq6&{wm5a?y7uCB8gl*639RSJmQrou9iTt
z=^?;R@K?*el{y<TT@-d>;24+P{n-LTrWJW{A5IAmsGo{^aqieVV6U6(>0k=Sv&P(q
zYn)_;5&4GVynz?j6Y@6CukbJ*Q!5{#ZjUVs#{Z-os`m*;FEOONV}E<#wsNAIY;%1|
zU+dGZ3go=Z2V~&EWARXbUzB6daGGX+A$i*xTd#iXNuo1L8y}n?X*68>n!}y>9XUE0
zEPmVr7=lg>g~OQgxbZ8leohJ_B5%Z)mLf#meRrQN`Tn}g1Ct^n%bt%P!>>>$^_9LM
z59$<CoM~I%shke8-uaX$CP}iv_on4_Mv4|kcQ(7)?axfC`jG=uA?GREy)EBQVst{z
zNq+2w6@+nLSa07~YLl-#D0(lPM;w}x2DX0mvYypyA_<utA;o9WF{!_DmBh9+Z9ZX=
zciEo$C?FVTD$xH$L-Dt4m+mCfVnp2PEc3<M5aO6S&xENMlEq6S{Vp!Re>1Ok0b<E&
zQVgnM5yvy;=sYm^cs&(<e`yG2a~g&=CDkSP?)o*NHjwF??I$hmf~{r+0WU8G4sS!c
zzUa7`uO$OU%jV{gi2E8#wmw%YI;5Hm`+te#+afSOaq+@#_Cf?n${%mxSo*}wX1kRm
zg+kcMfJ8e@5`TN^1UuVt*-jm%s7y&STQzdr-fVuVP5Aht-d%YC*9m(YL$YUyA-+Wf
zV;_67Sp68f^6rgm1H@>{%yvkyh5d6yON8U{ykQ+eUj(Knp=U1}cQk8;V6stWT*Pr_
z5&Dkb0Tzap{^Ko?*oV>fI<tjw%{Y-K?g?&2t~v^Tyn{-+KIY8B=Gn^%tELLACU4D-
zZRJEyj|toP)yQAiuQ;3(aYkB%lxi|l8;LU-BqOET_NYl?$V2fZR8hauen)|Rz{*N_
zq)M(O9@mVfN$Yi_t}BGcTnj>Wh}|`QeN$TMgPQI*o%MdtC6w(An^u=LTq9FgD2hcA
z%W+X`Y-{*6n-vv3Bh8@RL5W)x+6Hf<?3cnUHg<(J;8+hnJUc$vXyr_PCGQH)PEhf;
z@x+h#J=hD#0$17FnC8B2ZEV97V-n(-MrvLY%0+LOUjF++lJmVywXW<BgAwtkGIOe>
zk8}&@vV(4#GEJM>s)9IEdP9cK_!~hYTxX8nT5~cA+EI3G(G&%wvrM8#gPUo}^ZnyJ
z<%FHKMZx*5d03NiS`gmW_*_iRl`XZuO^Aa{vH`P}es078g_&SBZN`L0zD?goSY0nn
zp%8k{+kp?5F&|&E*$9*Hy($+W_z*8g2(8Qv@2(k-;2DolQ0%1h9retl;%>3RB{)M;
zFbHyI5S^%YIJRsu*9?E0K&d^>-w5hDJ-85vzmv@g=jaUm+%$Tgq$siEKB-gUXNioR
z;OE-srU>7QuOjN9;XhzpJs_uPpP2gfK;15#U!KSS?_!c<gk6oGsOH|%jHgv-QKG?Y
z=7xH|L&+;8+bpX-Bje)=sVQ{|hVUCp{RJZ#t@=<o46BqssMv#e5uJD!ZRwcWUhdja
z6m6W*snkXlq-f4HKs`eYgp_tt7>6=KzRds|vFD~O7w<Tj3cd1e7C9U7@vp$1(=|v|
zwVwN7b(Z9l*rtBR0cqP2%Bwy<5rp?(Mf!c$NPV?GpQa58bB~{DH780FCp#!#)xz9r
zF3~JpnH?CvTIomLGZxAr&*;Tci2Cpwi+PG>rGMU5{dng9+4pm$bE#fn(l1+|M5Dx-
zGiMWjjc(K1po&V{oRWysK0Q1|oE>5N#VeLInL$S1MZ<^2t~+b!-80FVq8S()f+qhs
zEb?_c-|pHebvyb_x!L0zhYxFt*tib7{+pic9~nOu5ON~7(6qkKX-(C;ff3=-UYj*W
z_JN{bd)yTE?M|JRq@j4r!=s?AiKXz9MmJQeSP?&=X+NR$zBHr^hVhHLPuPO0eeouD
zi^Wg*99E}Bg^3wHB*{H&JDj5_noK2I?<m5AAmd9UF+C2RR~-^LO;I!r6>KuRVmS`^
zE-}L2@#MVH)oZZEe$veQewEH)9hglxvnKvSOeH(Vd(0=D<1p(SCH&E)LpsM!Hq|e|
zN~&A-66wc{?d>$`1v7^#iAPF?@H%8~S)=qurbRMGeIZ&VFZ4K*USNy|P(m|%caE-q
z4|}9?IahK1!7}%oyPV9gOC+Kk-%BK&p;xy-OtDJ0L8D1Xw>|FAC?|aOqj@bA7U2RN
zGHn)GMS2aDlg!%cmT#CUI8!E1$40Wrq)LH*BGy<|2Z6%B-;@32JB3|e>e7iuiwkce
z?>4VQAC8>)m{!Zr$e|u;+UI0j+}_q%h2eFG@a@XHp}AOO50>omQ_h8O>@@dXgT@D@
z(b(f(Swwt~lq&%GR>&<mDfETC*~EhHHBC>H%8eXt$MsuO48L6uWzoB@rm2y;g!Y&^
zZXy*TnIcK!K|7n1td@I)G1)X(&Cc42+Z=f}duqZtU3WwNw<cRR^9LANCFfeU1h1}%
zU7|%EGV6P_grAccYu^wD#q`lo@RV1GMCJ^ci(b^S%7xSx#UO3hn?yM8s0w3~i_C>y
zwKY%9RSdbqJKRb~naf7LmUU+z0MnLMeXJ`8-MB{#2KE_HP8?b4b~-~-HyB>4qTx(<
zOXfrhV(CAu@09sai~51Xs^dvyls5cn<3O;q*@7p?OW(6lSo2;vcYxh_i&Cy=C}OBJ
z{H3yn%t2cvQS9qKrsm45pn2%9JHDx=pXdgJeR%f^$B@j&HvtB2xfts1i0-HbC`}al
zN+kf6xBCyQ6=FbW4rRJf@Hcnnt{}XTAS<#T_~K@2exbI~1YNgxU}5Wq!_Ta#*z5*7
z4OHe|(SVW2Ap_iKj)9hJi-aAz6;`d7+UIR^c16Hw?ZYPJx=R?-$>dLsE)7xo+D)Lr
zkTopmO_alp1|wuAbQ`)F{EOdc!L}%-zwM9Zg;G+#G1;0`qTeGs0V53YPc*zJLZWQR
zabkR(?C<>zACo!%^7b;X3w<QqK=vp;jxVq%G=5;f`$7CA9y&%NYP2lCT%W%|;dF4o
ziOwfP2PfTa9(l6r^zWB59!uB55;HT`3dSq@Gn&`MtI<t_PWO4=`ZUMc`g~Bv&u<Aj
zRnxZL2-ly8sr|7a9B-(h3IA*HT%T;r3tWn&*Sv-`m12gd@ig41!=*@PbeO*sx~L=0
z%>ArtH+^<Wj>Oy73U220eoy!;GXKRFLE@I3Y@)fbi8)@-pLJes_7X8tgk-SK+7J6%
z_b}`)qLd97Z`NAxU*clnYN&q7<i6l?rz2hHihP497$;7dl(P326Ql?TSExuF2TNF|
z=0v5O48T7vsB~@_Hhv-H>sX2M$VTpLAYz}e5kA1Zjf>GKD;d%7w%s&I_+A&Cz$OK%
z1^MfG4&{|~#aK@iwmNG>cN+LoqnDj5Kb{pcjrEX!cPM@0d#nsTE`w8vA=Wi*oJWpa
zgs^U&^~3`FNJvYQ7vwN6bfZ6R+tI|6Sc_D0mh?vp>dh<m<QtfXhMqtMajLH|H)9u+
zyPokE5M%m9beTH%R~!Cgd6IZW=_1BPo)JOKz{km)G)MTcLn(vsQI@cpt*}3S{c1hp
zxQZuoof&z_v&>E_=<`Vs%I-jsv)Gn}b^|lE5KI0E-f&M^^zhDgwqz@xI{F;nUw-*o
zmD^}CC#Z(thf5X}gXEjRWzF{Gl2f@8+p=_(vZ0JuYhi*Lgua2Ko^0Vg*rwo)-0P-u
z6bW*1LXXtAvrc(?ua439<YV*iwU1hFhGs`Jx3KrJ2S7SWJozb1uE3l99aj1Y8h>JZ
zXI<aTLSrwb)o;Hdu&f04oK4%hkZW*4UE~&UPOj?SGriGWm|b$;JJuFtx{EWng#D3>
ztrLrA5va{5lXs>ST1~3{pfXNup7Wkl_=myII-xTc!&(tRo>8)~Fw*>yR6!+nipgvW
z+qKik)|?g*=^jr~$85<=$sX@Z%NTKDHdMF40l%<p8emNn&1f{ADr|-iCT$&H85hIz
z<aI#{L@Yle=x2o_C%84fRiOXc>P6oQZKDDUCAhWVHD?Q=8>=6|=p*O5aDDV0*AP|v
zeq)}=(-hYuEJI&SFe<!B{A;a1w8|`5sKJ~d{CDcW&Y9Rm^>&i*(w)N&Mc=JT6H2{f
z2#AAvSj=Uy&2Z6p@JxS1=zo;Nrcb_yi{Le)El-K_P1WazD|9jO)^flU!#w|>=;ujV
zH}IpwnpX5fTXh~Hllkz>XWqdDQy$}QIQE{n57CWbh4UZN$Rfp@cC2?_)Enc7=HT;C
zw78GxM@Qj^ue%X{jNeKM+e>-4>_7H0Mnf@^o0;SQmE*zqzh_+`@}ddj9e+M?;{wtW
z6%x#i=h#!@peJ$7MTpnYHyOtz%j%^0j<h<#AUl+CJkV70-3JZ>7gQ7rKJ03|9_g_Y
z4$?zt&0&sW_ey!nUe4irL*jT2gQ-*R4y<zI;?6yMyx)bXPe-+Gvyx2XzZbL3xeP=m
za`-Lpodly|2s9e+BTEI9>e}m_Zh6!ck~3ix6`%+Aiv_;^VhlDdbjZ=Xlh_A~AiUjt
z;_^D*o70@En*-X00<n$@Xq%?G0rgY0e#FnY5;?AyoSb#S8pfN2@j6-Wqf$r%na?D%
zWzSY*y%d*JmA4G(*R=ZI4oUapy+1K8Lc}UJa;^s9e>}EiMc<!yBD`6kqnUmjs2{`K
z0r_8yoZF<0?$R?vbZ4F+reEy|X3NV)NvgkXIz1~*f23|Z-nLIg%$Z8kv%hFgC>Xa*
zW%JB8k=P20Cs1s>HT^AcIX@MRS?|h)N%CxnyO_I}XLv&SHNBwdR75Wmlg>)em48|h
zg+TvjV+wcv#86TImW~xCH7js6f5vnKPn6vT$%y*&hL|Os7}_XpBliM04yIo7ggMbH
zfeRu_Ete-u`3BRz^m)HEkgrtEfdJiKvH#rtTvdIJp^(TFQhUi}3siRx1g8zY<8^Jm
zkIU2GE%D)mtCpH3PHgiQ4&!t1VB`S6^OGtjz8<|t-B*Z8&H6zS(=tH8d=80#cxd-3
zXPRM3qPiQi*O{voKGrjmEa>Cu_BezJM#eoG!#S{Xvfm*zw_0%5qZgWq<{{HqZi~|V
z5A?4|DD*ODC}6ELAuvx(Xu8ZqkM?9v9Pi!Yeey5{c+mR-27>{`L+5C=xP;6!d(V@H
zFVk)We~NaAojGXuE@u2Nwkl-%eq8{MqIM|FJ6caZ`P|sR5k>>G9PUKmCvTOzbB-1$
zxA4~+=VMOFXZO`WQZh5Aosz|>7T(pB`reNv5A)k`ldu1qWc%Ri-*#jDt{7VyimwP-
z(n}!zwZ{ui=%HJ^5_+B-oNF+W4z@sHHk@Flt4%Jb?AN#?sg86xnYW^ZlUc`|@3@aL
z)r|kjME!GfuK>+mz@A^bOQIK*ka<J+4dHx-hJw&zg^kV$FnZrV?>dm#^M@{~RV*U6
zMl{xa$KNCyTNqZ1Tg$Q#th(CrnR(OteoPi=C;3LtZd_jdEfR8K(<?5iyM_72vqv1<
zUS&jQR}Y~`Hb!BuGth{;?Hrqo6GyeK?`Q0f4Slu3Pm7_oMZT*Y9aWpxYs3k)X}NlV
zJ_wW5^1EHE?p+MN?~3D+m--2C%gsyeaNpv^KFM}_LS;tX(lZK|;$YB_aPr!PP(w=S
zENENHzaRVY%ARip34F^#Lwv|^-{K00Q`LF0BqR1!aHoCt8#Y}jo>TC1<nfwkHJ&_Q
z277iG6S#=~UuAtFgnt=fN=9mEn3yP*N<GkM^8fSAP26*b;QMnyleo~}FT8yWa5LBW
zV!lCr-+0zjU-Ry#X4kl~Tn82Ma@r~DWJ}k@MGqdWe@k0vh-_OI57iu$?l-|BJ*gex
z9%=zze%VH|PO_!h`kZBFZu~^U&>L+@x_Z<sG?pp6T4BVzoVkoZFGHDGA=CpQ&0rE5
zxY$J+Td)WWf4XC=Kd&#fqo2gu=t&_KdLuHH8R>FF4)3w=5gaWq1AyNSt+^Ugz0$nz
z%rU7=vY5V!YqKC}l<}Xfc@x>zKwr1}R_Z!qp9-~$)*&g+6<2+wj)Vll7TE_E@QwY1
z5TvNTwpD$7YFhoPjPCa|PHeiC*PdZ=QE}un=ad-2C?gjpR&4AUjX|FIg+5zCGS@J_
zGK^>w+|BmF5J>03o{#b^oa=>bbf7WHd4DeppO+vF$x<Aip9H_MvZ>X!EIL7KLNwE-
z-kdlrsnRpY?=$eTTQP?Q;SC9<6eK!w)*>8ero(%R+&WR2xCMw!erDRp=}+1&6jG%_
zt4_(-XfaWOOW(fmx(BZnMD#uCs~aZ&iP+tak)4QHa#l{%BL9tNxn^LpUcWWh>dP#7
zCl@Ad$!m12CP^x<ta|=EL+R5E2jjg#Bh~7<GxMUk45w86w7d%XRh@LWj4;4Iv3AA<
z+cWuwj_=S(?%NNNxfc^h^;3#dk+s{(^l+oBru&4B>uH?Z4;M*397a#_NMCPV<oaYQ
z#}ejC(>aPirh5NUDyAOHrX@|JQhJN48)lXC2Hd*p09pNikyq{OQmUPT@jU#;rNRlo
z_C1WDc-q*$Vv?}MMD9uS6&KYU>F@)rwd0DedtbbcMp<4T(vJN-tXF&}(Vg2;9ny6)
zIS8h7DzVi0($}5)r=$;U_j-)+zFlGfeU`c+R=)ClvIEx%9mr4?*yv0I?5740g<D`p
zH$JeVTNK>Y_<Dl7-#ZLUdpe+(`;{kN`(c*Ju@g9m(Y_q+Z-8@Ru{eeNETICWrtOgx
z9n4Ar;i55D;<jrX*I_rdpKRpi^z;lt*}|N1{gb|gynhAz-_>F{SY+Itw?=mPiV(AG
z;k2aJA0LEs@xKbt=u>(-o7v=%c}IGPiKNpZK3Hf~(iCxn{=R9fDVXVwo=^~6Kkc&_
zF?)kDB1C|;jP2Jsar{}&Lp|0emhVSA36Bu$Vl(vY?s&(hUc^+|82tYEiNpQNqtE?b
zqoNJnpD|V^K6E4Zy_#n<*4I(h)@f7Yvozw$M>@A2&1~EV?!JH5`pon23-20Q7>%WV
z=$m*EDI6y}91l%crby5ry_qh7S(~f|?%o=u!Ce`^2JMuN0^t0HRbT`773M_J-Ua;z
zs$mYEe#q)i`65y12ER}%+!npwEL$F|eWX>nJny|~8QoF$`XHUMHKWAs(4=UhFyf^m
z8}f6mt7AtzMMJIk8!M-;zwk(~`AR)Tw6ry}+)<J$5sYUHo`F{)7o2tqB@pRUIO~rZ
zDvpRPRs&Y^ZoNX2?3fh<N@t83aZ`s+pSC;)3rmq6MaqJmr7I$3`<k7NJ{M2QN|a^e
zvV^BiPuSD`s>9P<_=|^JX`>oSI$u|$>zUwijYSR)y?jV1n}$X?P(iN&SH@2`3B_$P
zQH6%DteSF3MbVgNecvXIMsBG#z2J`+;Gsa?0v9BCc8fqJ7#TsmT9mY=r*&QS<*Cdp
zeCZE)*T+Allw>j=s^3(UWhXd#_ETC}rpUf7k<TKP$mE<Ip2($k`);}-{{5kWPCdU|
z$h(g=vy1qT`@F-C&}96=22F0lD${^UZn}CD1o+X>$B&Ipb{8b>P`rPb?@9kOU;HTW
zw}1L@Mb&jpHgV6q-W7BC6{q?Y2u6Jc=!~l8ZXtTvK!3!KIw&$Z<6Ih#)=~%@eAz7O
zw~i%3y{_1O86#GXyng@!<vtmwbgcaq9fP_qt0Ow9$8nOtb$X9G_%>I6fIw|P?-}Fl
ztQ0nddLWamw*E!eiCU^Lux%|^KK#st60hBm9r}$w&C6l?|6<1Ub9_ve>$xFQnnE}!
z0)4{{4&_9+NR9JTL`@HCUTov@R!5{$qS(&T9um+Rs+aN{7g+RC+#tS+&io&ibNq?6
zj)ZcYG^{<><=p8w&#5snx2S<Jy|KQjWE!)?6!jod0RF1I-}vX107q-)lj9a)L$N~8
z;x{eq@1G4eq>q;<E3)&#<0`u53wo-`he8(7N41IB>-WR*m<o)l*dO9VYnr%y-tEo%
zFalPTQsxBB^IQ>IBWUh2m;q=vr8FpIwr$<sX^BmILxd!01ctA~EMIjq<11t#1y9j*
zWnN5CQh!>n(a>&Y1$>~Ee!@3uTE-`7sxYZi$eZ^>pfw)HsHN~qX`e{GuB6}Cd*kDo
z?9Fa{6X~JV{`ND~RL8wb#8Z%}|3&O83xh1mKyC}gdy2R)e@gzdnC1N*9j-R>1j)lx
z96Ss)cTgN9RYOIToW&}2WL!74SVHvog0PrlY;9SX?EEwYhflXtp9}ORp)z2X^LX8f
zt5W!<->yZ^=6-T7b3ZYToL%H43pgIvpvHQ?FfIUJ>Z(?F<7ylr6P}X&t!WT`>z+D;
z<wDTg22<Hzop|5!bJFpkr1CK5*W!tQKVePwnBbAGE7XJw5^;A27NibEf_A!hi#%(E
z<)g!9uXJ3kUtmtWnEwrP4*myoo*}zlj#_+od}0MY*qj+Oy%HQWJxwJp&&opmLUVot
zJN37cyTgB>kj``)GNKcUZ(vZFTHLD=Ct^WfqIZ~1eG-ggGiMz>d$3r2tna%ll$OBB
zeUdk}iK!7b56O9*)IgwpMYOsZFg`&hJ_f~QWtSOaXC8LRo}h|Q<xRZ!x>6}caT>pw
zIEqbQ^kC&8NEHQroyAG%VNEiQOS{Bu?7?F4>xXWx4QlI6K9#M;j;zkUWZc<|`PW~$
z7Az<fKElDv{o^^C{^L0xpLtGh$!DJPOXns|5Ths|%hLPm57oH3ooo=sKb_e77e6*e
z=zP7hf8UzMt2anvaOlJs|HZ-UG#9Ts{4yN2gevyLq@bBSkoJCF+r&xkykGU!!0bEC
z6g2}?tCw~)$#?}OOT;3IjZ~#^4~JyWB1!})%eG~9^QQE*XpS3>=X4JYnnp03M^{;F
z`K#(qad6iInE(KE?oqInjsGU7{iLtqp4=W|iDozQcPH#95!0k6uBX+QUC0fAT`xn5
zvf^APGjUFR^Q%KFziIT?bY49vNk^?@c<c^vAaq0`SJz=8d>0pR5H9=#ls#||GgG)>
zL=uSzv9mg5!kFCrMy{L7HHJ{f9~BLz%&CyFFT9Mhga3felBdr_aq6H&NR@Nmn0i^F
zl1L}fH)@P05-Fo8#YBWI24HA)Sfe5TRqK*8z_NyO^C}bVCfNFdX6y`h(E3AzT;TeY
zFBAf_+&x(3TMgK36ztW_qq4V5QYmqr@TZWHX23p@U6y#iE#{orl1Uprz?<$6;;mW`
zRX0!%@ktYA>Zi@yTBx6iu1Zpj={xb98+7c|I|L>K;bR%Qf}N5HT1rI|9Y!Saa{9&Q
z@HpkFQATTE6GDDfU3i0#K&)Ij&L8b~qlm!Uo&}NLHleyI-&NNU0h+V^h31SNGtL&q
z@ZV?A%<ia}POai;8qR6+$k2+s*2<`s|AT*Z8g@imalj~I?3p8lEF0LwxkAK7Xdh?+
zAxQtbcDlRvW!+wOv&&ycj~n{v9?jMNwS&pvRPmdZofI6*ntOKuUBmVdwOf{@eXIu9
zsohh6>U?J1K0^X_pR$3N?NeZ-q6kn_xFDEl0P|$R!gLS<1OO^46d3LI0qW644*)|)
z0Z0y@u`13^6J}tMmYzBkf~=z<0Sti5=u?0VnUu#q8NlV?K@dHF<P}$BKtXdN(*Ruu
zU|i1`ngxeTb_e4E+$1|Dw1A%qfayJD00^Eg8i3W^NKTJX9^Fd<aM`jw06h-a2lJ=6
z$OF0<0Y^Hy*2pMQNT)vb1DE6cD<J_YK&j0D?)6&{s2{@<_ysQ0y9H>kOMe}j?nXuM
zJ4Yc-WhspZS3v*gj}K6S*0h23*pi4Exa-6p;4gvmq8x+)y#fL151`xtDvkD0i*{~u
z=Jz<za)8FeG$2EAKmZ^|y@B$s3<_XUY96ffN{gPO9<@uWiw=hfqgt?5&@tDso-&ym
zWLy4@1C*jH7_R+X0MNB#RSEp=tSt{F^w1sm1!hYFnAXEQKPJ6`Ljab&_XebrR}09+
zyZ@V7i67qNrOCGTJq81(VBG_aTygcs(jwV`15hLa5@1XOBsfC@>huu!6Ng66*8knN
z58b_ALJzcC?fmsHp%0&ufR4E{0NPL==u}}$=(#6W&T*-^M=~s>?n@p~ifR`wUolMR
zC16$B3LuH+{duz#dI|n=^`C>Ho&Z8}=FWcbIyeXxs4`#@CxA(~`X@}%e%#I=Uyy6<
zkw2)$;{Nsj^(&wi!apO3F2q3+c+#^VOs>`k2w@<9Gk_e#0#>~W;I1qH3xoy1%s$<H
z_>ojy?5|iQ*)0ns1C|#G02f#VbjEWPLm>gpKxZsI2DMfM3Hf7T0pMQD3kHl00J1<w
zYEy&OqJYe7K`<-GK))^(bIR~GS7EPf1JK@kpocH~bFXPXo`?X(DDh&9))|n1(I+-e
zUnz|{|H551Dq<vnRRjz|6lfu2z!)D@q^y#wPoBUO!9fXtQuP254D_khJo#72?%AxL
zm*je|0Dbr{PM+_gcRNlQC&P;eket9E33$ab4cX+wz}Y6F(cg@N>A(q8BOb6Rp#Dt&
zn0$Zyp&+*U+Fqp~)`1eZ^yy_4^=!QjM1)606}Bl7$VfV!*yRNK=bd8t6+za320Xz1
z0zi3EJ)+1<VKG0Z#LAKD0qC;eJj#`I%OgWrFqXpO+y|7DYD*A|+f(z;e9>0CCn8H+
z%4I<BMZj?9azc_vC)FNR#Nmja$xNWtt{#5QQ|JlY0Y0}3MDYU+Fz`ogRIZh}Q;|ux
zJL`!wowMlhcc%)#bUt;Ge|iY)#CR0`c_4#(VxXk`3w4dEXojT2Wa7XqQQcj^(lvCK
zQTtcq<Uuq;)yeM`@rn#U$gZf8<fO^Ml|!aNK%vJmLY=3ep><TIk$>6dU%EM(eEXLS
zK0#3Ms_Y~zUF~0=g}fwARGvjIdC5}&+i@{}W|X$-#1qI-_`fvCkouQ28HsgnErTxt
zf|$EZ|MY00H9dBSc*#l}#H`)WN>DVDrJuJ^`%j;x%Z$Xd)vbS`W0;O(|5Dpsh~%4@
zy=e4~&N>v~rTCS%8)z@O-vJeAe<{8>Ke6!#?n`tiSg_$=u5FbKtv`lev=VsM>c@*#
zq?mtRvMNrhbK|vrDIpFL@gk{{WaZj2^P)jCgzqKKL$Gf1OP=yQwl7gvG6({?|COEs
z`Sy~S2Jouqd&&1bXc4zO1=F4TUzA2Qr#lIX9&JBp|N7V!-S~kev6>kKa|>9~5_q|3
zFN{M*QSfFQ0F8wlCHBJv{6Yy&P96S*-61W;6WHd7*&Z@w{-Gs|UK^2<*cg>lQnh1O
zJp@HGc%70gL=U8M|3tzdvM)K@CEmK@fA|;4dv(X@{2=@ykOmq4Pax@k1RfBkM;-$X
zpOt6_Zh!$_fA$&D=gH<#mQb0p{gFjXCDX+gm?&5P4>>rTrtKJWT_7kL7N*?D6Hm!f
zYCQ_^7tb2bA0DICyY427=e-Ek{TD3+n7=Otr-AI;3J-*K{W<Gm`ScJfn^n{(oXHu$
zLr;Jx1^`b6j?j5NA&?mGTYwIq0b=z4iutioA?R?jlln}%`*|jNK5GYXjn?<T@&}OU
z^9SyEQXb`{APLpLH*07Bm;Miib_IqMdH+J}^@AG<aX3a`1OrBbe-Jq^f*CPza>{Bf
zC4*qDfjUM3lNdKpE#Q#HHlPSJf4N_3-Ay9ElzIhJm=e5oCjtQJK-PAcm>*W321_4u
z>K2~};4^{I?HQ=H0tP95%sD0j8G^=wE&l{O^JJ2u$VH`A;OjiTl5_=biFo#t_;w3Q
zL!~4|@*q2Hw?uX;$+G>`2@A8ANK(+Xrd#5p$n_&@aoy$!cHg0{9Zz#x?dV9&6FI5d
z=Z5=LDkR4}?yy0|FCiMDZBids_;}|78>D_zIJfBD>RS>pk;Up4zGa%oB`M5nlp01T
zl+Z3*A6-Lh8&;S{x(K1{`Oe*x7Bo_W9lw^!OKH}}OHCSYJNV^f|8_>DIh)@Vqh;yD
zEq!2rwd_uH#yMN%N_9p>QD~;hEzu0(&{tP54TOLO`SlWthWs9Q30XZwa|WAAmgyYR
z27~c|nzhbEPqJe&>%4?WF;BGqg_JklExUmxI8Yam5dzN}zl1iyy#K|?f`Q%T|E{)y
zTdZF~*jB?^w?U@%MLNe-nON&(FQJk90PPsl;X)nTG}Ys&{O&r_$*LwfYRGGcj-c0y
zOJGC~O;Jcmxkl-M#$Rf==Ea~i|D;OfWW5l(#$gB1AexuZPmg!N{5FOqDv0(3Ngf3T
zYblzZDG(;Jb`wSGj9U*irrk>j{9tXO7F%=G7_U#8;}!PWp#>;q3e0P}u(qd8M9ct2
zY*7QsqX5C-h%giAZL2)Q?3+^BFp>ADuwcTVr@Y><Oh<%%Ba3*}ApL(>dke0*V&#1p
zE$+pwxVw9cTcH$pcXuduD6TC|ad-EkrxY#j?(XjPZrXc)_x}OjwOA`T*^!yd<eAAP
zdlCqGpbGTB45^Ect-Ah1)1}OS0d)_Q5KxPPHvm$?GCxgWPCw`6S=~*_27-JMfT&qv
z4zo2^ljRK=Y5<2Vz}UUw@ET7On7_Y!Td8R)&Oi#t!k<lw1q$^%Cq4$ATgJijFtz9{
zS<Nuq@DCj_rD`r&aad=<LzaG%)sqzFA{`r$=2Zd+h9!rwd3?aMrOxDk$uNV!yiNot
zjf96Zf9>uC&4iKFZE&+OQBh7DKG`?d<Og{s|H?ZOD&$v2qys^O0NH<tCc<?)gEugZ
z{k{KSkgbXX^m2!xR~-$-(j|El_{32kVh+ax-6p|9D!z7m&#@nbdHq;sf=!cY225o>
zz)m5+&V^ckVzBqVPsC+zAO+B|7L_RY2$+wlv{5(zz>hRkrD%7Y@_`^_;MqLz>^Ja?
z>nUwo2h;7j)dVk5Q5lfJtJDE047TbTp(QEm+Q&tybm{;U^#JqM01N~$(xeI05h8~X
ze3j0W$T*BlXRsgR9>;lc3_N5iz}e)7K#<RW1X2tPGK598ss;4X5QctQ1oW{U-y@1}
zpdd%>cwYPi9<t??DXBovZ=gxaJ5lf*(4-ulY*h_tat$<jO-uYfa6=$G>Bl1<p3_l^
zg3n&N1?o5f&$vU;S)T@Cl|BehJ;ri&v;1@q+Tyj52s&N<{d73-5@I(4c|8?;y_yr4
zJ>N{yWp{mxxdo#~Q-gv)IH`C2uAvb(BReeu_;d)LyD{~dBL=du#OLq>_^V{_(J?I3
zYn&buLhaQIyfU`ys@#b(Oj0cThAhIwFyxjYVk>nkbcglIP~;ZC00lplX~zeqm%gcI
z;G7LzdS^;Q5=eNN#}1FunOr9-!%BFhjEO7`YkGqpNLQqWZ}-OVQnQdU**%&TAvjIV
zloCI%pE{2c&peS1!7N!w_UkXI+(`TY*7CYfn31#_@i5N)I8?t_on&QL{at7;I^RVS
z|Bi>L?IEK21*(>jVO327>R}H331o#Y?IfrA<vUuXn5ovuC;Rnd)*5zBtizV-eI2G<
ztE6|ET8Ta*Sq1$v#g^#4=@rr>BuJ*sBwO!3VY#n)a)2>rh=8C_x<^%EI^T&qOg>FJ
z$>b+<|1{ngig1KXX-AVdy6CcE-W=!t9ygcE68Th<?2kD5S(Wb$%_5wj;>P=(^5eE-
zX$BG$5*gAN)%i6mTxxXoOn(0V@PIMaoL^xpPquhjt{w*a?G;8ClI+h-DNMSgR=J;t
z=yP`oav2OskD3W`x27Mz5ipBNY*VH=)28iaAcge!yM>i->1c#ows-O62c5_1)46Vi
z+TpS*++d4zNftwkzU|gDIumT`y2$@S|Ji^g$&Ma(V!Y?M8u(W2la-RjJF!xUfTZl{
zoEA8gHXI*~u*Q1M)s2pPH0#|CT2Mikv(`M3a=525og~j&d@Z){di$boqm*LY2+IPa
zNGK%2l<H)&k{+OhFgHsm*eR0Iz@iuUMUu<P5$wxY@B@+EDmyqh5{d_(o?UCqyYbTE
z6B~+$T>4Evv}giOzq~GigfLsY<>V@gEkU(;(M0I*XrWRr`&+9^f}Vo+)t)a+mwjR}
zHuJ24UchI3k7(j=77GTGJ>Ms1<lxxPrU}Nt1)5S}?kwa}V*?+7vq5N_47z;eSEj??
zxof-GYKVejpg)onISo#!65b-f*HeS;QwFujsifG}@xF|nz6}mW<l+>B)yNGFCd@S_
zW_Ei{EwH3oR<`8%vWB^Mg)0uXc!7J_P>M<V4BLM!=Uv2iPzB{)Zj^F9GF~Svn6)~E
z(e23-eIe->^}Kyt<dZ6_KQm53ds53_pQ@HoXJM)&$w10qcOELiura%MRQhh~46Ppf
zX|jV=VG3Kj&E7^)YG`hjC%SIPx?sIytiv=dBI0WX{=@g??cPKKl?+Ecre;pL^^qc<
zmO=<G{X(mor~u3EvRNv^F-c6D&>>69SquT*>GO6?EA{9vy_S0jbr#Im1Lx4a-Lv^(
z`#yqDCWPEhvNvc{+JeYGanKgT-JUUwLRm<HhxrMJEOQ}GtNHcTp_z*UD8)eTUxcz5
zp6P#on86ZjsD@wwxtVt2K~08y)uIRupa~|4M7_D$btv39yx)b8cZ(rI#%rG5p~(yB
zvOcTz(cOcdDJg#XZcDTZmmOjw1}*YN2&Sm?k?S|)Z!EE>L?sX@3rR{HG89~}yFX1Z
z#1)&t%B;Xe*QZ#+>~SH+-50-+OqzNW>bki^Iqu}m*rT$oVUgs`TZ34E1B05H982mj
z^{KwKN`kX>!5HYY``CgIstmQAr$@_;)=U~F(2@0gp!7Pb>C?GDB$i!9U-=4TK=Kfb
zpY$3S6>AoV0}mbO%22ZAIq@aaS@Wcn_VjatabQ=8jQ$7ghGJLSq~>)gA@4$$Y*m}m
zV4Ak}>v?i^FkHYvn@CfqF~96X`_Gl{0tX%omHAh-x}l4$YY#TsK<wY0nmpUjqi?|}
z(B#k+x!>trgE^cj6(}NQtH(*Z(U#-pSA{Hj%W+h942uuUU9xM}w)Vo(_&yyRGz*bK
zFU}->0b{)-hWTU>z~jKw{RZ-IrVk_)YSVQZJc;YK$3ts0K$w5*s>I=4I{9H3i|_p`
zYOcpluzdo+@5Q{V)3O6G{XP~#YF(H_+#1?uSlUa(IaY)`pV*cVn-Cs#t`W;=sO-bU
zGNp5{k={(6p?WU#vRCjv?}>blMh0I3Z9%%Hx*UfH)J}Zy7#z_Zrm7)_$hrTM<cX$w
zK?RjL=aE6cVU%9#k65%!o-Z_{kqI3&NJ<2-_Ln3Xj$-|0&69`mZD3QI*fzX18#f68
zkliJeaX;RaHSa3!9>|qqorqBTwP*~lp6fS;5dDae%^~}vDg~FPmfl^VGPi_?X&`Rc
zHYKKe$(1BX^Er|GV#SE#C2Nk?M3?e_i+YjHQFW-^YEp+`l_L!_Vg@BIQZRW*VZpkX
zYJ1|#=O&Tf4mZ<lV$+sk<Kr##qx$OpZl-tU?*8^(v$xK(JnX23>c|x=P|vzGbn&Go
zXwUWiP58x^acmlbcCRImr(exy0X255&wBT2-`iU=Y$QC0PY>nV4nPgvnq28_(1+v5
zRk~8!1jqbYUXE@;bL)rvS?&9s$*Xz-x{5V!%{f2u<L>pwCVAWo@j&;>RYfPd`CD*V
z{kU9LQB$F#jNYM!TkEy^*CLH9>n*)eT^-|odzVKqHqy)Zh0pa{wNHf;U0WgoNfr8+
zFE0?!*_n-&y+F96Jt#`BM8aFBijuUK3X&!X0WOHeYgko+)e>36p<39n_hvr`o71Wm
zccMfuT4QJ)4Y|>f+0Yh0U4R`nA}_#tOyx81+IxTxrAPr>|F}jc27Z3YK_QXslT{1^
z!4cp)9QfrYC9&S<*Y`(ZREz_DOpGKD(CG1vDA;hQ&0rQ@Rr76HpzC~((o*=I6FL-$
zg$bMu2OSLZON$vl`&Shl?byH&pqtbh)*#zpKW%X{jdVc_sObtTRJhXZMPV47u|BoP
z)%Xl}NbQ#pZYoYu<uBwgIum`<k>J<Dg_qCTi-d-BLKslX<9#3>Y+rU5o$1G+q#qrg
z@VsRx3%_k}nPCK{`#^h5^6<BI)8a!`Pa8ah19>?qvUOExx(tOffCnR4ULXqo(p*>A
z9Xh`oMr4pFiwJoWhRAxMYQ=%6Foq%wVi1R&m7TePxGv2@KLr&*l&U26pgW{6A4BR;
z(1X9*9r-uDGy$z9T(Hm#;($z27@|W`5yZo84GB2RyqG~YIUC6XBDF(iUbPcD2Wk;$
z<=dPK=kS>-2&C%r0nK2*Ij@~khpI%CLNJ#`6bzliZ@5F{1ezL&WB=|TLxn;{zrjpJ
z_PkDK3X|sRzxau=Y~`~GNPymQ_r2%`J)J7N$qpb$+9Fj8ly{pQ2KFlX5^0?Uj5%X8
z4NEs6r4=2#G1diP3+ir%{JlaaMY93CBf){?LF*6vo4#c>DHCVOqONsb$~7`2Vgg4@
zU_Kk3xR$zmP=5x3u*A6x#icI+$M&Pjf~1EyAbQu89N@oE+(wS=?+l}hoFompjP&Ci
zf{N54i$VdhbT<}5`n7OU<^YT^=j^kulL1moqbkv)z%x=Jl=XP80w+n?wf>3P@B-Dx
zjsp3$9$O9phtWHr-XdkmM+%77qLh>GQiT{#RYfRNhZH64C&|kM*#p|fK~5E{Vmk01
z5#IcE_{`V9cmi~0hBOy-$R~k?Tg8cQ(h73bK=mm{Xiffoz!#qE2F+OvXco1U3Ko{&
ziFj;>4;0XP)a+oCD4XBBs@q|LtNxO1VAK>L*Fn_zZNp8QY2*~Jt@xW=YZI`K_#57`
z7|3rJ_^Wl2+_pp>7vdS2?q1=fP{XC5*c1fpWZ)i_yI-q<$Th}V!)$IEyqR5+2VsID
zOlcuO4RW=uZq-;_o_MzATs4|*CA=ew*gJ+j<<o-|V3%>=7s1Y*%!Z(dW!er+)J4_4
z+p%S$aTwBmXGN94;-M<h45bcDiR*?Ii{d6kX}$6nFc8ER|GVQz5`fup;#`(G=UZWm
zDURzbDZk~s<@vrvX?Fm&>F`#Vi7%3&Bm6=QfhWu=P6D_cR?Sk<-k>IG$B^(uRmQN=
zakm@mXFrG5s8n4Y#<pidh>}l8TD4oG?e03cRHwF<VPmqN8p-r+g}MbgCo>cS>eo;e
z8I_A3CWCH-&_Eh-S0f$BZD64k$|4FxJ-iN@Mp44IasEo^x3K-$rn}NvR?0(<1cG44
zBlT)SY2NZ9IeCtkvq!5OA0YU^8mKuf@PghF-a(TA*&_iFdNH>XqBLP<0o|Z&TM<Hj
z*wGV=8dVmc%by5GMAq1hK_O~U4K3Fst|He{U1Fro`FL;@r-tG(rxAehrjC~@q3T=F
zeI#BMpbO@qRz19ZTVbP@KWO(AJua1djNS5hfRJ%))mAWfj5YLzq)J!#7{U={z$ttc
z4oQy@@={DYjHyJ7g$b-|#0#0@2uq48b4NQGLqer`d?ld>21*2}P(+8YqQqI|d2|s7
zU~P<*+uKUAju=H@Mx#%KIy&Xdf@gmLibQX!V+vO$2FA+aXY2feqdtz=FzSy4CQ{m(
zt&ThZX~$!HYE@v`x%!+$q_{ahSKYpy3Py@|_J=(mgbb(P&v!DhQx66)iBB0F8sNCL
z2EyjhR|yTFJH+UyLe2m*eB&0oiS#-Pms6^eRT6>R!;=FdUf$HPa()fP>D55!4YOKw
zFgO>7r|siP6qrK&p-`XEcV@dl<{Q7wkH((@Em#oQYh%v?bJ>qO!}Im~E0$81m{LF$
z1FLP{xEX&EUSuCY`{bhFsM*}^N~Se#B}fu<Yy%2dEZ96~akACh)XN~`q^fn?PBx01
zc^;@ZoE>!FEpa4&3`W8v0RMtYLxf~90DOcu7JY10CHMvu8i*)e5&n{nh;TxfQ5_#`
z#t5q`3ZX1hW}Xsrr71{qh3A!xp2?L&{tN)igLwVOS73Y0Btk=2kKt3tyA$gWTx1qG
zn%nI!-T6AL>(Kz!hn}ewH9TLVaq5c#H^jN@#EGr|c#>BckZc-TkJs(=0cbOd0xFhK
zi(KvdapoEYa%T#xDoAio_NOh2fidX)x<aY79<4B$(Wky*$kr7}P%V;`5K}~3C`FLx
z(f*t)jCz*?Xp?qmNq6WwEh1>jLz)ub-^8`NhA|GYMbuHV+1*p1z|umO(OA!y5D=Wo
zv_A&dE3+u+a1b{4uvd5p3%(x;aei>f!zbs~I7zA~0qoU^b6E$zeWg`K1>hCdL!N}M
z_i)n$UgJTIf9Xt)gJ0dkZdF9wjujhwix@kc)A7aUy$-(jPy%FAk`DeClnz)$WC(5x
zJ0$SO%?1eGlGqwhgx0Xc_R@FQvhh|z5aG)re#7A-D%u<+q?*v0v-vC}?}tcwnovkE
z-4KG&endfKpr4w4nC(yighvR}TL{1+gQdjZG?jUxLsX6;r~+Z>M@X9@P%|N}Elt2=
zF^~#Yb{$}4mnQ70j|&KJc7<_eM>~QI`v|0jYgbkR0@@?jJ#fIik0*U=AJz#F4}(9R
zVA)O(CO6c=K`e0BHO{kcbf8d1yl_MCW~axevoe3b=z>_S*=}qdd`yIcP_O%r#lW};
z6dlW@xB#1_)M(*vqHGXN*+*h_c+q1LVRF0`N5s*!QKF;{auf?j0ztwC={RVW(YDz4
zKzs$p-fKi3Fm{wpkS)$VXk9zy+OP$vkt8|Y-GJl+){L@AJi@&PT$Q<Bje{s+q*Zqd
z^F&ccc=sS<f;qee_De_}u9}Yx=DX0-7E;C5vjy2`vz0M`TP{ZGAVZ;Tv=A)3S}gfS
z{vlY{prwIgc9<L02h0atoqB|M4|*V&6JDUcgiNjb*jmuR20e5yI9fIWB(oTYqt{)7
zC<2PNH{m-SG{8wW4c$0K(Q<pF6<B#CYo8fS5H^!-(2@3Si2FOD+=2YZweh)HcQ{d-
z%q2D<8Ppt4KcW?kgE769X9ikXx)tJ?Gp-J}(r{l}RmiklRf*_wdPGo&*09*d^c&!2
z)q;8|7zb=7;gZ?)T-N>5A0&klM1!jbV?_hUUbF_;Y*v~UlNJo{tNdCYCh-q26p^{p
zA1L+wGrJfd+{Q(7FCw-v^I5GJrE<tXx{zxvi4=`>b=re83vlw*zy%(gHb>BEmZga$
zFJ@nq9zePCC8qH|r5-@|wtTU7NE6v}aEDVm-@Sem)}S>N-r=0Etr(G3DLNCpK@CH8
zkf*|iXyg)Ex80UHgjTQ~$gzCQs9DQp?RT(0g+5)}V|e9&mqL+-%w67OydVyhMs3B>
zoNLf;P0MIYd*sEQOZ7Y*Wza&b+g<lHy*s;Cml4Nw^NvbOi!5CL?gX!cJzQ4NYZG3z
zFXCEM2I&&IkPzbWluJGQ!EE#m;QtzEO;6WhrqgvC2DJ)l3Nt7qmm$*Aeb|lqVzVc-
zJLVqS^u)Jsj%g<-#n$v=$JVg72}(%oR@hw9p?M5R=SFZ(#Q1JMOfa#efudnk?Et!>
zG!O6>60vTR`=T4yH|VF^r6-&bc=Ynz-H8rt$H$upZQGYH;+}Y>O3vuszf{WDXe22p
z?_OIrFfu_LV@#1~C*VL3c1V~ZHPABE5y<seB)oI1)VkgBnv1Q5XnL=LWYetyAxK?f
z++e^6Z=8-JqqhF3yy2WoyAWFkHN!gIIf`isQF|rqTkPHo3LW+Ku%-t(@5Qrb$w#YY
z@3=wN5xB*PzU$<Z476SAc2{BN$qPta&KlV5;vHx^z@c&dlTZOMn?=k4M*_G&5>d#v
zfqe??q#bU=W8;#^gc%~9NvJhDb#+7+=@*c_T<ojm>P4h-O}R0Uz^mQ{D1!|&E=fuf
zGIlUq6tYKLA4F+g5Em=o=p6`!0RQx~^b$coO21&nlElvJZR0w!ey2>7P3+yk9mpE+
z@)OQ^7*wih`G<J?d;7a>)9z}qA=H7RnXjof*8;RdbnAfApmI6uAv}YZT*MZ1Qmt9D
zM$V6)Y1k0fSG1d$?j*5ZY|c0I5O$V){%C0Zc)uUp&Oz-sOE?~BX>~n67}S5cY>jW^
z+CK#@6K80z7rGSpD1IC%hg!|U@kjHxE;MmXa0o$MFm${}q*usP!*fVI2h&3+ShQ<{
zy~G=CzIYpiMV^QLF;BiwgRF`wntx3l0*fSp)Nq|v*x?j%OVFS~3l^-kC6`cX3gk%G
z!;Qv9u<%!7C4ra^CcstD_@@XlfWNiI0ZM)G$8imANhHC_e5^+V6}qhbp}Ux&&qLWM
z+hwfjvbG;xjPx|ehB%1sXGsP!1jy=TMXEBbQhYbbEC2y_AIC8VaZ5+dnp7krh`ZK5
zS18>vZ!4=p)CGkusxT|uecZlMfv8*3u64@kmKC6L<qMbe3F}^%d|Bc4iADrHiBF9P
zf)F1uiB`6b#h!VCxVF7Fpkv+T4U_qP-f9o#=4VxOJy9K<ve|$8Y8mA%zL<YI%f@};
zt{gIOp8BP-Y*I(|OZdm&lWC(T;gCH4wl5mB{LtTG+rGr(=RkuAhR{)Tq=I+(%|cOQ
z@pA%9f-P1qJ<i16CHwR7cKGwHzS#zIvPvCrn;Bk9VR<xqkb}59Rcfif)x3WvyxN4*
zY@8->`x+r6_kt2>X$?RJ$sJ3axZiL#<B`K)TN4*MW4B!h)^gZshyqq(;nhG%?q8iQ
zx1holRYG2|We(8WSPF>6G2|ry#_3?R*;4#wFU>L((keL)7wDVs*)1XX&Cp;?rX5D4
zjy33M%WDS%L?Gj4F>Q6huBiyqA2|=nV+F^Y+i-js7o%q0RTbI_kG$bxvj4p)m~jkL
zOHYT^bgPP3e>e4c!=;*awR1)qMcPB&%=Z16>lY;i>;6C#-Wyl`g!`+{8;vwj7d3yR
z&1D4ZKMaX=TGbdpPnYIFpugEG`Yk8;#JJ@A&TxolkNXn>VY|$kFqO>%^_3*T3?0QP
zw<(NZUL+{!WAmj-XZ1&`e$3$_O46!Cn{80kNKB4b^n>k?bZbGrEkV1^m>TWzqqjfx
zd(7eX_eVRh7wv%%qh@y`UNL%qPH)HU(*&rX`BwkPxp*W?WWejh(AZSxNW~8cCV$}*
z{@Rsu4mH5S-dhE68d#)|tgitvTjD7P`R%*Eci>NBSkQrZ{cvkF6qugfS-pA}<wLsR
zU9{UbD!Ya31P12>L<pKNt5{E2Sdf5t{coatC@??!x0&i&#1C<XY~PTHG0pn~QKg3!
zJ{&<`-1-=koQxkXgKNDevnbPm_fX$Lk*g#*ETC@~THGO$C;C9@VaQdoK*2<@D`}NJ
zupfKJ4u+081f^@=C=zd<sR5hvuSRN$i&PgLafxpP?-9#sC||ezvvW?QRa&nN*PKXM
zC;LR*nit`8rux+8&YVacv?+iWXQRuYr<A3ZOk&m>sbO0ZG>8^X_EkP|Xu+vIg}D!o
zqz<|q-zqs6+*kSQm*mxs&D^X6EVz(YV(#NSGMt8MIp%-m{1!&FcAxa68jkT1>_ydv
z16_!7jl8BU;`IZs>68g#rCCUMfY$Fx63t#JlEO4lTuAk=)!a47bqaC;et9RjbhKF+
zoI3?K7=cqiOuxC0g!qFCvu8UHReBtb(2cDM2V!o|d?)-bf(m@Sb9X!7R$dx{NJ=1X
z^EIMCHW9?Ib&u%;v#t&`p4nbe3!$5(B20lMKRYtsznoUbT52=~TtlhWPI56ntFgEg
zl2h12AN*1;DkdBVCB+lpBXV%S`0%|01n&iP2itY1{IJwvpB)4|v{T(-oJW}au-qZY
z4njj>dyC%fJr4vUx~f0%D2gO<i_4`Dm0i}r1mUdXB80=&B5EK7w}uL7xk@iSJ6oL{
zp4vk2Dym$(rpXg_t|M%OjU%>;AK3pUknhs5u3D0#1Xj82G8dYl?KZBDBquE`ky0qo
zdL=AZW~n+v7EMOUUfRg1%~=NXQbl4tca#QfyY64;Cp&N{WlL9%gG4x-s+i=fn5e6m
zAgY+=E1BvlnWF7gLJU#rBzEhAHtM^Vqvn^A1`pCx>>KdfOB&Fd8$5nCtTx412N;Ie
z2DR09H`T+|)k{>?O9Vs(yHSjm+A$1h2=b}7{~0oPO0h)7si2S8*q)#Hd1mDu&|<=E
zX_ulcX`s5K#+5x+Nf4P;98<t4nkVVR4VAO6kjyl4mdaAf#GN&<v(ZNBdZEzPo#=cZ
zVds0MzwJNVQx~+HyvCe>scsKtZ|$-W+@TVK>OaI^m#-JH#;TeJoiVj*hVreLoEYi{
zf-N>pB$r_fYLis%0h`ee?7b@b#i?Dl4tu==M^z?B=lOZ&UWG>;RqF;}TefNQCQj@<
zP!d<OsqvUv9)OTYMRnCy4C9bDRxWKlHRaN9t$AZi_y-Nr!<b06#Z<^01wih`!bPYu
z<wjax)m=W?5~-B!w@|Tk$a`HWf~6SXRs6VNO-I4d`poR$b4fGW7nRhkZ#AVfmCJ!I
zvi01>6~0TYsE7L>2TRmBo3XdcomB4}cN^n3m$@q`f0k^&by?k~Ck*p@(n;+vZmIc|
z!asAp-}19?^-w!e(RiRn^hiP&rD&;h)^D1yl)wJ0G481D4#ZUIo%~$J|M{GA^_HH`
z(cmqMMJ~%Jylph(GhD(Y=jyh;)y(YERtp-I{lblt=ML@x@k;oLSeE0Cr2PnfBi#Mu
zH3+RqOz#?0sHLz<KaT|AZ4mi9)uQe6P1NtW`l3cL^QyIMVRwf#<7|JkUTj?ZRB-A|
zse&=YMb`vqLnL3g-k`}u@_^J>9w@;3!(F##9e^M1Jp-F0v^g>R8)`rZg;z!;j<ITS
z0@P62e*VYg!etqr0(Z%p;cO@L(0Ne(Op@i)?_JFc_)whZ%MKBby+W+NS*(5!U)m<S
zg5vG(#D^3girtu_cvsnE>w5+x4U>Js!_upimcw^f%h9Wf=NOMN1Mqsh2k^dyQsN8n
z*9M@wDMEu|wW1)ubN{`GB#G|Lj#gsZqk=u9qL=F|DUsbV(oK@5mxuRJ6Pa5Zm*z|x
zm!|=GPg&}I-@WS5k$QYUiL<%4glp<<2I?(Q<c2g6t=5S?0?c$BZz(sqie}pzm!p}E
zzpBla)v~&YO15p|@wuFF4db<pQTD>R+357|ez)c5s0hp~8lZ~Eu})&@K&JxQ@wP1#
zD$KdzwY<IVY_d5^DPQ>}^br49WZae+XRZOS(TLx~>rxpfe8r{hRQ%Z6(bH5=cl!|Y
zoIquBWsoJkM#6Av_-{iR5!b%!z$F!f7~3n^y`T!zx$Dyh3`WR{I0?yyfy5OsI?(2D
zD?p#uG}Ty=PTNqY!DC36-OO?By83{k!r4ElC%qYUPT|bU4R!A4tWHhQp4;4cs<)_K
zK=^?0&UE8N&u~^7E3<a%_8>#Fo51f1vYNUDpA9YJ5SxQLD%JEF$jk2v(m2G6%-X&v
zYJJw9&U$GUj~cpXqZ)8~Oe1D&T%t^)4pCVmY#t(0^NDNHHygQrIUawXx2+L?JgnKe
z`4H6l#`WO+uO+*k$aGV$zXa})^3NY}whaCuUohPuw+OM(zC+Qad8~;uiFr7x*>VTH
zw&4MXdS#57dSK5YZPavIH*~C9G#(v7aYWdpMz%B&*DP(|4wTE9@f0mlw;28c$aB>N
z$aCkNY%%q+@reJ|io|<l%nog~%?oFa1h3Igzy!GM9jlA7HSU!@LV!M8oM2!q2Jvs&
zD;0!#qW{Fj;1%uG(rKq%*XK6YWVKATfbAQ$_6DgoM$Qd4Ot;}NrR)1lmYu+lXQ@IP
z9+VNPe_V0R%o|26oms>jRa~YD-m;jQE)1{?9InksQnfU80R$480|fHq!n?OH;psX2
z8|taTZDHgXv%arE>Q7xqtIf?FN=#F1slQ3;VF7WA%^h((S>=bNt%(!6Mw(!$)PJJN
zw)XYvV;%*_)7HYjNgVjo5U?WgXM|%jc1h3#(7_{4KnGi*rk84txLV&H1v$>GbG7)c
zS~Th&mZ(M8wB*Tq4Gc8=Sa~-OhQip2T~fw2E;Zx|1SSG&I?>B_!O(+$9;tTLiqhwx
zlvx|4#bAnjL1>TA_jYAq<ku~6#bc8K^PG=7n=`AL*egrI<xN*d)oZp^EQ9QDad)V`
zyB3XbhvC{0HeUJizt3xI*W8c3_N&I))_C;*bKZFOI_Gh7)!H;J1R1~nO@wWQt0rMf
z_$>Ltr(x@mff0MJJCqKM)zM#7*(UD!-Gf*fD6cco(*XRt=Ph!jnU`Ur=hwUw5r-kH
zS=c_YM84!YCX)C@HoJ4AZ>6`k8U4pcwF8Oz#YE=>qLZWRc8y-aG)@1e@7h0i$*%Sx
zE5xR<?wxL>+EjH(A-egkGref1GWYRFl5(h!jNdJ;X~zy{$7&*}*C16(?&!179d`38
z1z&et9{zk?<FjXp^iyozK0Js%;Tt%9so%|}|M{kjsRJi%Ylc(%xbCA{Kn|cQ<hy{b
z99!79ean;^Oqx`~OJdS<ejd#Z*`8yX#u1t%e?of>Ld?6Cy24S8d%WTZ-(TTzDj~T$
z=%6k!)7xlzbXDj!IcTthUOEm=T#$&>TQhW4VKx3Z#~n0LUGGKC$}rQ}F!kw>ORkPn
zF21xW+_PR&MIfhS=-jHdsKM<=(K=3M&7nG-#&T)d{D<d;fJdP>Lp3aXFnH(WV$alM
zxCVU;X2iMY<Mb_A)P%;ONiay0h>#t0FXiZQA(p4teSXteL*!HSInJo=87L6~BRTmf
zjaIgJ*|$0h$ocLm!}w<?LKqrf-=<tG<f5%>{TO1YNnG+MNc34-HXjpw$HnsF@DWP)
zqA!^!nXA2=<_+%(blQnOO3x;Qxf8_mXUpc**fU*2CwbeGl>8&z+PXID#0K}F@#~5u
z7dhK!y~nCOugva<eZq<=`&pyAV5Y?XB?x$*j6QbY!p8r+(JX7S?cIblXDXX=5^m}d
z$2b|aDM@heh>ZV5p%1>jJeh%|DNPXZOYY;gHB-KGe!=}SJY?f8x?ra$`F>d9NK~(j
zdlHSh$5p$QL^05etGm8fDS}3{7IVPcUj@3-6f~2=jC)M!nil8qHTKil8d9~awk3t;
zl3xz^_e+>#>`-;mz<JU@&rs)W>DFE8)|r*h3rkQ!tV43_ZJ>30w+u<uh~j9T(_|gQ
z%PrFUB4X>)87|hxrpufwnItAe=Q!i9`6~q>(JO{$X3I|u%XM*z!^h90Ce>0)-ESov
zJ^xfFp-Ig#?PT+de2jAlw4BSK6t_IH>_z&Z<wlFZruC)Y?+uyOH7x>$)_uPKGNe{X
z->2YPMuGUiQ$`_^H<B)iy0W4UiMs6LtEcY4Hb}gaZSQ452gjxL-og*oh|7cyjLQrE
z;2rk?vVYhsJ&EL?twr#)Fyc%zW4AR8-sN96NFV*+xt-%8V?JWGiKC2+XcEL&&nTPd
zAfr+67<yqkDv+L)m1!FC_!?V4rIVFsioio_soe=J`&H5Rg4st3!AEvK4w#M}%CrK?
z+oQr48c!J+UP+nL(Un3<-evbEVlFHMb2<d(>!}qgbK9R7`Vs<OvurvAlsc4)O^P*1
z4uP=_t9Lk5h9Nd7+y(^s7>xmuKg~Xs@s2FOecAWV_>xsfvRmw>q1e_j6TSGe<I{fI
z5lfdIQI77*hkF*#bLta$OQ`WzoU&2B-guZNo-2LY&Ah<E*X)HpU2svLC|wK0y?u1-
zAR$j(DQ8K78B*3u0Ug5q2@chVm-J`Y7F6RnyFSqKg8FNBNH1_fCGifau~{$8yNO7<
z9X%|{p&9_w2>14Xdtw=4snmF2aAS}V&{grDn!=+p^l8l2HUCv-0;2VDb(w*I+K=*%
zTEbIObpP<qWqI%o7d1YDJ#hOtix^yo<JxWNA#)I4vmT_<amg+5n}v9opk+y12p8#H
z<<FIYWK@pzr0<VH-ZqoKi5Ai!?0lG^Md<w?@RA5cE$1OB^J({@WwMWIF^{rnKjlSc
zNWIfd_Um;<4yDD3s_a*C5nxjZRsJlnpM!a=gz54~PPGQVi%Rw3XvQz8vzk0okZSF5
zhn8yXb_a@T?Q(~k>Id1L5XK<>+D^ndyXcS?Ieb*rxkUPf&_$hI6*$cSnxnmi1`1hA
zIX>`=p-quMxl>QJlb2gk2CsK~Gsr&Jjm0fUT~;jLiyUM>by!;MI2iF+h_<bC0@Fh$
z0;yeGX4^GZBFLsI@md^=M)~IP`WI-06Yo?T7Mh3(-!s(?=evV{?CST%3vQ&|1#w3=
zwx&iUOd=Jhc$k%GO_Hpe_}JB$sXpk-<BT5rE0tMEBcFvp?Qa#DWl}SY)4A3-2V-0j
zSGy_QUsUY8w%Sq?1T_+b{`*Izn~+bsTl`-oI(8Ittv1<KzlCydSmo%z85peWX1}nm
z9(>ed{P#0Wxo7ExL2$GPjdLG5>i&IhhElE>pnLyM531Ro;Bwzz`Lwr|sSADr?CJ^I
zrol*Y?)u|)_A!e$){e+LR1aKm6&iupUj*3<)HcE(YjG5jlM{F!Q9X$vD=Ai8VTv|(
zr!)>q>frlg8B|e(->IhTFz#$<EE_Y1q-}k#B|7K#*l2?AKlCQMZVMNg?E6EwhmD$V
zRdOeL$l!sULHo=?)hci<Ql{?W*Xue!76&^(hSe2LJnj7s1NS;Pn&#c=LD)7<SS@eV
zyeB=3clyjCc_ULrEc`7!CyN1$x9ucU2l=YCB+_Fzs8U($y*iAy?$kK?>D7BVG4PBb
z(<uW~`?MvbF2<>=*lUR~6AGmMLfvXP{B6nvP|p>((U@b>?(L+S)g(RBC!ltNl_mTw
ze|A3E>On(dFsQPzjuXcFXcDTPeDxsowctXF0IJ>25~%g11gK>lfwSp4h6k5pZ-)${
z)P^}?4Lq4Ig7uXE&#3+#->wa(QbVY^hp=hr1?7oOrLAT3U5mmFM|FrsgvezYgSqSg
zn`{amAL0nFtJ1L!pR!goUBbnl(2tEMb0cU$96vk(^<j&{1U_z+;SWV6OZl^Lf!(BP
z!wDSuTeGTswSA6tZx49%9}O@5wxu8-`z|JkB_jG3uE}{z-jc5illW5-AAM$+P_5qM
z+U?&;DO8BE@0=%vvAmX>ZpH5ZmPsaXgk;-p{g}Pj=q9xqN#Ib8E%XVi$b`%#Rr}Eb
zNti*#{-9EGH;kP;9^PN<-V*Ju<webnX?+%g`XhHoo{yn!_x!DrFegh$m8SkkdhNNa
z{oSp2QY^Zv-W&s|#QtZ@oIeatTgE;B%By&8WqFG?$jOA#S8o34rE7~1EIR+AbZ1fX
zw>~~I>BS9DKi(n+CuTT7V@oC5_mB@M<_YlP>800sS1ffX55pkbTh{f26k)cfJTu^}
zwkGQXyr=kYu`in@eL{{sMPjSM7d<=-c2?i(S?ej@B%IXpPA1Yp>vh<7W4OYKTxSOL
zx!D$!7l|94JiHGRO5Za#TBYYgP})ieI3EiJ4q=qEVkUlTbftSO`hBi61{5_Pd7;b3
z?QnJ<{YtqUi5EJf19x}iEQs6o1Uu%|MF6|OWlxo(ZKg+6%VtxZM7NoF7QO-{l=EI{
ziA&98{7<64lZf^QDQikO^x|{%r)p9^L%aOI*yrD1ocsjNg@%3f6&kp+l+K=`LW%3E
zc<-SUjcfbGUY|4F(ri)l-W7^GW<FNL&WFyeIq|c|aSxX6XbuDLO_bdFN|?NlSi!Sj
z3&Mqfjqbdnx1MIBm0saM$7uHe)0+fa>%UwioX31+d1Y)|OIYnXpHe(Qefp0SXGeVC
z?$_p(4gF%TuP;IiPNj7O@-bN2oY?E*0{dF}$qKn$Og|~U8nVg;?r<$u<aY5}iUsjF
z$6GAt6Hp!FCq;{gVL3H*NfS_|BzcL4aoP8y-X<m{b01TLVUExsKZS3g40+gxlZUSu
zOOrR#{y`5sQqX*&pK&`{R#QfdiHcitoF6nnpOf;_eD3qyR@Z}~TN`M6gx=>?l}W>S
za-Xq04tS2)EFT%?KHhS3SX1BC?XR`fXrF^3w*QSZJ+Zw^(t=IDI>QKC^m9LH7|e6O
za@vA^`oO@O{!qKJY~RAR;uPoJiBz%l@h)TQd_1|#`jCZK={^=+_owRfb<<xpWK8PV
zIQgrizqcsJ_5bQ<)8i5uppaoIA&bICx8cTd5F+>bjy83QtTO}ylHHMyj&}^zUM!Qj
z+>~Qs4c!YDGvl|nGxOd1=ahsB4H64|nCjL%8zJ`6Lg&HOrz}q#o~Po=Ccm&e9at-d
zC%1Z03IvrP6xRzWvojNG_QIf=biBlr%JCz658pK34Li0wuX=6LxCp^)2*9iWr!mg4
z;!e=LSvo$%Y~!z-%^=GPuY7vEx35yin>Cw44J?cHzm*Y6k_G2uzNhEoCkqSzMvH(w
z(t%-5RU{rns2{dOQ}QX@aB7N<SE>Cm(3G$JN<sMmHcee7=%(X?dZ;UPiw$NDjFD!C
zUw7<h6oV&*;dk{Ojf2hf?Gl~WR~nkC7JU2Iny7q_uDz0$nU9VxZDn?uv6P{b=zN3H
zY!UXBDY^;~H1&IDfpsCjnf3G{avLbVoKOTn0)a;FBdm1Q1fD7G7vD%_(1Nntj3w&L
zPc_sG1G;@MPlb)yHW|0U>wVv(12}NRs+xS{apzfaj9o6m%U<Nd(O%>t>-`bbbjk>N
zT8=9w6yUw8Ay^V~FOG_gpJuZimF_2-#Wr%nqFYkvY3NI}Bu6I435xR}8+;>NhIDPb
zv5jKG=u!iV%3!EZun_Vl&C_+<c`r;%lH-Fb6Q?Z8V@=LVQ=qe5-jS|M6Txrou3Fbl
z6=2cr#^v#&)DO}3oY%gA&VV1h7mAU(O6Lr8B_Q%7hY-V}3AgH8t+sh<Q^k9w+AR64
z8qW#G*`PXVJJmL_8=Wzl-q$HNvKudbn&klPEvYY9gV4gLyL+Fr^`J=Z8d9$;8mW1w
zD|_P8mjiWTew2@O{ZlG@N^>Mj4h4w~(o8502}rAUob8BXon7%CMOD<Gm~O&gKJV8y
zcu!?dsBL~**m9lsr~D9F)E9HTFwT5wJ5;U7KZ<G{T}LynpS@!)<4Rz4@W~&zFinWQ
z*kJl3Ot566O>!*+B^uB=F<lX56_AjK9IqmDM0t3o4#PhY7_C^l@K6}D!9*O1<QDT7
zvq=`J_TQ5#dEb6xoqjV|xjt&?F=G~v)T7S`j<|bk2=B`IG6?W+?=M%F9d_LODu9LD
zMnC}3fB?dYC0uz3^@C>3js8%R(KGlzJ%~fmU1{Fv@|WwM3trdP@Y`y|zU$FdVsY(H
z0={8F<&&Pq<w~D^M-z_~Hj`0wl)UL}!@3#<E?dF!R1r}WP3Pe~7l#P$u{aknJJoQ@
zc!Pr`T}aG|BQ|V=$~gR8A=QvE*uXJ)I^*~2%s0^A-Lmi1v2aYkA<%HF=0`bce&Px_
zgl?UM$8|}vJ_;Kz?ARW)w8+7#DEJfh=X$rAqrOhY$`Vwo1L2-~rW#5|T>z|!8qDNo
zMau7=GhO$sQPb6^JnbI8Xr@n7%OrB92g~dvHe8FFfYm-0=I2+l$+t3mo!@?Ie8&gq
zJ&f5?HyUlJEp;|G;a{EcF~K|H@L(*R0I%1r)9?&wAoE4=Rn5NVFZZv;`zn!n&F|e~
z6sdq@`V<h3=J&mt`@7jcjY)ph7{(#krOo+Y@Aqu=-FG=T$IR4~x5Q1oTsD4a%_G!v
zf-m(sAQz*0)XB7dB-a3&B-yMh;h6WbKGV~c0xt6@kB&D72-ki=$XtsJ*_I4<{I2uQ
zEI<@)Qe}diR6A=mZpL&pEbTe)FZ-gbUd5+3#`}^i$@d?r4hnta&OCE*y_dg4je~cl
z6=_ktE7F=q?B;lF7qTJ>QE-5hVQ{^9OVKE6p5!o!r6zvbTwTC<Qk~<tC)*YDssjR#
z{+*3*{TIh;MCggKd4D>!5aW&{IjYsq2=5Z0_hE`We%P=Vc?_5qiv=0|&So0Bz0pkv
zVF{`F8e{!nJaW~rt`r#QH#;TDPnTxQP@JrIYMHEH=!)?U!Ahdu5=Y2$c3F|5$xrzm
zBgfy^Zr9N14FDN=>lGwA+5BL6r9k7aY>wt#)icDG1HN8Ef<G9sn4tHl8O}CY-{kIp
zM%4st)KC_`1UIlTyAPXPp}2T@U2Kx&4@rw5BeQRXe3(>wLZM;<-`kH~mnn77oEP~%
zes?=XjuylKW#{r(j*PBW9|n>#7Ib{rApI|rk=bVbMY0!a6t~Fk<X?8`HP^ZX`|T};
zHQcPf!y|}iPAhr|QRm=1s!5o4>v@R9@MQJfPz)_{kpAkTg8R<!<oGnOi0qvI2{keK
zpHL0<{s}c7r8lrc=6vxks)oN@G1kVCzg$5pHMM?-`tYgJTH(WKvX!(=vV^TQ<qp?B
z41UG0(#?b_D~HW6D7+Gi0dxbg&xP-*n&kOyfBZu)$FQ`oiFgrY8fDbKZMa^S|Hr=j
z7mc&E7dB&C@FP8Hda%209{2F;@*j#*M&Czg{>><R@(?TrEdTretfFCH73l%1h%Z5<
zDK)B6^pc&;G!8u>;r)pZxqtk9S=)-kZk_JkhKy%=VvIV)T1nn6y9Qsa?wCAY{b%Bb
zc|qH=o$-K+qgVLd%E*u6{U7=1oS$3(_|1U`?pnCqT4CO*E>nPx@EI8w=KT+V5e`kv
zzcL_r$M>`3Wzhs+fotHN)GtvU6EGqYfDuvn-Euwpr197d)vCb})mOB!x&yE^&N0I8
zLXfh{^lwpd)=*kodQFZ)eCsQ|x8rU{j4}HUhF#X)guLQ#L8j|&9m3tlW38#{d^qJV
zUHcg5?`bY>mewO`mP$m^gEi^r#HY+#01THZ&Gc?T67EX!)%q%KD)}7uUi$x2pS#Qn
z;mlvgbM-VDgS5U*_&r8_nuGq`?WA$+Ca*{q>@tu1DupANY2Ww!M{px4WhgE+>qf2w
z%U7G4uTZ8zh<jNDfbS)Cl7bkPt_zo{f=YwbNM><<)F(OUv{k4kLO=wJ9REZBKL00z
z0p|2+M$hAWGXTd}WE!~AgM%*p3np-=4jxhzek+KZ8>I)&Ps<D+{Lk{WP)_OwP$<F}
z6r~3u&i+s-^zX(Vw`7Ry{$8659ig2!(eOI$He~73of?s2mT@)DB7oWO>(n4*?Fbhu
zT+`jrtwB3AlG7QTVg{!Bp=0kAd4>L?GZlc&&}(@@PWz-H{4;yK|1o<$|IFUC&qVgb
z_2#$2Emy6CR$bi2Bb+Nt!L&pdDXISZoPr6pJSnpw?N_76P$b}U0s9YrGx~DxJu&xN
zf5p&1v8r6*_+&N8dcNYXQO7#X%*a3d<rU+%4SvPnGaOf!SNye(xf02~J<T*ILrK=}
z&Yn1}&}DvIsTj<=LP;0gvX%2L0RAdf?^%?j71?}~Of+G#4bdW4g~SCfS$JcU|Nal@
zKZYK}UhN%6Dr!16ouAGuFtQqz%!YG{UM!1p?jC2+hSpHV8<vZNF1XL1w2z!k=)5Z8
z{nxb#ue`{=?U!19K+}*jBVnx*CpnXQ^Uc(iK%*=tYK#6qTEaOuG5+dl3{UvSd%n`W
zkW|(t%YQWWF|OX9<e#Qz*zuc?u6CpP4#Eg+k6Y6EOyy6EiYMuOOu$Mw8bdO-va|)1
zyrl`^SaPEjok3oHj#Au|s>&%-`dz;8LAYFDy>!OY&Y%6dPqBv<{3wJZ#`Enof|pwL
zo&?B#KfAnOifjWmTMYpl{Z-TN4Em2%s%4f1H(;b8k+0%nYE}SfB!Se>p-OM~^Iv0k
zQTL|D2p-34xnPv{)k<?y9lR)ahrAR5>l2xQSq)H?q~fRxT%=Q@`n-uxQoReW%k%dR
z(W{d*^Up~-0`!{+&~Ke=-Hw*ITY7O3EM;y4B~66O6&g(G;*t56G_gWexskSl9pZ8X
zKcQHQbx)>2f8_a@XX2q8YKrwkOaJB))2eo6CJR!i3)_waL64+<;HFY)q>R3R0Aj?M
zT4UC&Fenczft;9Lg9$8Hho3SRn;!$tV1Bjmu85_bke#;WClk#Zd55gFNU-rucHW}?
zx@k6YvPeH8J{T0DzI#ktpLrqj3i7v7I|9R({$3j#%ExplhWY-7KWJI1`{Ua$q}VJS
zTca68RXd)&=`g#<Oce^h!Z5{)t-|fw$m;dLF(;#vYY)p=4B{;&%@>}%S)E~+q4`hG
z*mAO5Ah#q9@9AT}%wzTqcVwD|sI7~fAbSV9r)InB#5r7e7WVQuF)H~<MKA3TH-1k4
zLu#!@E5O_!gQ>%>P1J1=$v1U~8;UiP9TkqQpuD~zS7dt)i>PDt*V*c5(u$pG7~8Sq
z`0H&E(8?khD38DUVBn~A#=-g5YY{W34wCG^c@^ZrTM;qW$nK_ql$z&XxVu@@e=S8t
zKnnZJU$><!80mhJODp@b0hcHjJH;ZswAd-9rX+t`o~b<A1;t>(J^7#ZMa8CX<LXGM
z;w#<dmi$}w+|87uf3#jjdv{TG6P0{=q^<A37`DHazgDgt{TxWTFf18wAXpfFL%ZM~
zxQE+su8U|JwTaLq5g^E1*gtxTqVe%JkK{Q<4piDZ`b8_}5>e0&<U~bQrN`4SQ*TgK
z8f{G3ys$yde%xS)c69V$7-oOT2{d)-R}){8f$R}pC2~z{;ZHTP#dcG;D;2vW-yLP@
zTJzIKV@@~<=R8l1rcyo@4y^u6ZZL7scpirx4xm2bi@k0eMIJa4>bfI=TKUSz`}K_Y
z>j{(+Hr@)^t+1Lm8Zk$^@sVIe?1+f^<GtUoo?%vmsz4QRv0>b1q!>M9k}O1V+Bgbj
z5wDaRiHi3vS~bN}H!?lZiql|PFW%S{rFhuezF9bVe}ghQ8$P?1;8@}XCq0}<wW?uL
z=hiKqVTxW<AGJ+%7XEe@g=gN!9Ak|w@v!!~Pxv=<6vuDN{eG0OAEt~6+BKiO1V^jO
z%~r-DHtlSKgc(;cd^EuG9fj*uHYzf(fr@qo0ofp1d;WNxZ{GEKSK+>xIe}1zcUeg2
z#s|sXzY=ikosDA0sE_6;93sOhQpX)Fxnv}jYK1?Ve59=L%Jxs#c;Mf8;J;l~me*S`
z_6`9}h4&v!MFP869(w9Z9`^PPDW(3MOy!$fXTUR*k}|7@-j;HW&e5SKOOk~zwsFA7
zyL*^!+iP-qiyhszJG!%b^u)q1&zVM>ZMFN9Rr-c(ezWwd$>o6d;Vpn$2>F8dACjD8
z>sxgm-@eNaejdY3f56xU5wbL!7!QOIwM^!|+nrA$PA}73j+?oU{T<vH_Q%)PL^GQa
zMCiixZaWA6{tu|$MU3C<2g7B8dSvOnAO^Ux?!C4I>_(38gXt)sph-k+fmnbqGvPxH
zDNpuAFT8`#@kQWR8`GADyg6h&gG0tVGm*``k!@B($2$y_k?r5!gqcK1@^!I1?7_bm
zF=jI}Vx>NKA*!DnVVizq1?)|nAzBY2<*rNc6`Vdawry!}=3Ztb5lJ4o-5Kx5F|$BO
zsx*)`tk67t3f1aYh?B#*lTQRV-V!=J#$wB#q@8?@H3mySpXoa#V|(+l2eSycXMLD1
z?0XbW<RG=bX2fvz)}&FHE)I-(o9pVUUm<f%#}5h&q2IF{H2-2z0zF$AoAD-%k{*no
z(^+O7ODzuKuqyU2o@LjLU;Nf_*vuAzL6!13+P5k&;WLxPBvqNr-NxiV1z{7O5_y<{
zZxv;@9UPraYnjAEOj^aEvR1B=Gh2Dol=3pU(R5+IO^}J3;^l}_<PPr!AM0}d{)j7E
zj~Li7hrm2C#K1cZiZYroQb3-(G<Jj~?#&ZB0GfJgNAC$se;Z=1eMV?ffs)SuIE9(D
zjv*`B{o9^@TUxp7X1l2dRFmdC_cIb^LZDSn-Buterq5Aa=bhA(8>6vk-2kaTgYis?
z=w%<Nm##S9oiSMkEmOgDo_Sw}v8FNR+?VQdTJF8(qR{R2uyG^(XOB&zKa@2b-4Qjc
zusO!K%0eq~rI9Cm$?Rc=@@F}W^8U1s83Dx-cN--Uba8#dZ(06yz73t$kyrK8Ct&V4
zscJ|ScPsEv!YO#K^5O%hoc-uH+Z``sVjhlbYKSOK!CZj4^^JzPK%QJcxs?`4`5nJ2
z8`nMbPpUg;snq`)!{QtcwE(fQuYZXF^?y|fyt;o)Ha|KZVE68D{FfYyg>IE0G*kQA
z?12B#L*Tn>Ko0~<cVsigocpmZp_vRdRuoapb+=LQ|4`ikP~Ab#wOkq<Y=_xRtEd+L
z(en@Kfxau9;@!q+Df5;k`u~+m>BxU1?kn!{x865G@0QoqP--ZScyxRQ|C(gFGoJcJ
z6#IX~7u`#t7PxJm9ps9I<h}AKI!0X5`6#C5o8i1a=;^&%^(-&fxE_?*b6n<-!+ZUK
zrxfwRT=P!tnwSsQZ{MIp>HbZ9+pz^EwGz=ombFsQ9aEV%!$Wl1QKi7_O03B7&sm<Z
z!^4XlMkWIBhcof(j;r4bFUJFZLTk|6k1#T11_z4ZDeVkDEX8zj_*rEjK!Y$j3=t5Z
zVS*9^>KF)0u?K>O{3Zu)TPn|zK=0|^s{0mU(twM9gyAec@y%mlI3%e<gvUIWM~&~A
zO1MuHK@>?-q7_sg%iB|XjN}y{BC8^lFSCjo!Q!Olq^o<a)xAKxYKOuQW|d|FA1I}T
z7GcUpIra{NF&KBxiY7V=$5Fyt4>%!|@_PJjEY-}GN+g=#D)G_6>C<^`H@pg2l*w4f
zE#g$lD#%*8ol8V!I(dj0hwlR+5S#Tme(WgRMCZGFzmAa&&6c^AT&kJR^ZCoxlKl7&
zW+`t^_onB89HVpn<%UD*^>x|FZ_JCHbl$r&SX26rkV|#Z_mo(wszF8Q)Y%m$lJ#{|
z6^pmD@t|F@a^?tB%Wpf4_ltZ(9nYjo&+h9|CB)DL`eL6^tM<8k1b-=W03ScShVV#)
zhunFM(IFeiTp;y!VhL2L<+=2jX3MYp8N6xz|Izgpz-<Iuo3<flX0~HyW=<S4Gcz+Y
zCuU}*n3<U!GdpIGnVFgNE8o5Q*X~wr)z~xLt?ALUx}}<P&ifqgku*>3MIu=OS?_*s
zUf0UY-DsQl?&NC<G^+Rma_cl`*~^b`eT0<dN{#OE(})&l3jMj`RP^u@qZj7W+~rgK
z6i*2_Mw^Dch$^kdA?Sebu)L+;I3Mt3Jc$fsAU_%W?q}FeLZ#OJh*hg+_33&AOx@AZ
z4Tc;8>6@I*14Kn~Ip=D^;qav`kjnM3^KjTt0KMNkK&mz!acwCho#CUu2$lXZ6Dizq
z7R+cOlcR}1@(1)jIgn1a=bI`sF5@x=sRJ#kkSh-G*Mg_W87$L?qi-PJMarqBSdW&H
ztNys9S?=}6@;EobMDi{ht~8*N;aW!;S3$iSd+Xe%sfjqKu&M1mIjyW*Kf%q*EFFUS
z6>+y~9RzIIsh746LWqD`{$TpTePa`mPWO0@@q<Un)S$+`&06YPGTL#L+YNlfO3@^f
zE-6#@z^h|&I)#Tal;eTkKBIXr+2up;<1pZdLfm_6+kKLwG$j%k(^!B*+_C4luPhn_
zcBZR{Kny3XNZ&jN03sKliw40JAOb?bj8J2e8ajYrAR-_k=D%qV4*DQD&VoIyZPbGU
zyFp|T_*&&f^jO_RxEl_6kWlF#1BFziuN%}2r@jhEkhS~|>@tN;x@`>V1w<-wYz2`@
z3ghTS`XWZ${sSBF1+^@JI4F&vmQD~MM;o-vGO@*AR~8E}c4_}hF!@Jai2?O`0YbTa
z2c2M#MrwGN#0Nr{2$jQvw}K{>D+v5T4Z8lgZ{%xp@M7K^+|9zb;J_(Rl{HAGRs%X2
z2_!Z9$AKvUy^nIx)d)a~`dt(*?za2^P7Idk-}>eR0a$22H_D0z5!;kX1NPGNw*nSC
z?cb!80|{93mO#B;TfMUV50d5|GNm5WFCz$<;tlFo9>kaV@BoeF!+R`f!01R#W%i|=
zZho;rY__wa7V4UQOYl^a$$A;JJFmQ95=gC+kFh0%?%bmqk8rX(+)Hkuym>XDvuP%D
z#25N*IyGE(2<p&)Jc|Xo`B)k{B94aM(1ktW2AuIrRgbjk;&A+agyRyfZ-G_CAdILx
zgV7ylwQ>Yb6Gt>FQJl>c<xTe7$xccBJUO_qenpQU8ZyBvH(wV#R;8*T?1PuAl%kEC
zv{|sCVNUXb*)gR;@L$e(1=L3IuqRPio=xd!aAq{TSMRIRlL3O9=JfgV>Rj06n9F}}
z>B@t~B5!t;Vg4>sI-x^FaB6X)rMam-F0<P<{HY=T?x}%PhxyE~+xEDs+cu(s>dfrN
znD=UYb=t-%6Q}8!@*xQD|6{CUL2)?U-_tnUBQ>9KNh_2q#%KZKhg!8c5Knq3Ak_0e
zySZMI$Gm*gkFXG5NsUNVZ9pCR)mS>`lM<uc?m=9|!v@=#VNh2PQf_Y$Qb%Y#vPCI@
zs~cZ8H{}^$P@}~;)!wu{TX@Q7sCbK273H~}McqXDz69x`mN4Ermv|u=UdbMAESVGj
zo|5T+iJvX1qZ0YR*XH8ln;xEUEs#fSt+U~i7gn>_O?=Y=Ch1}I`+s+RYB91?GR^W6
zZ;yrzJ%Xd$n+{nQ-JRBH^$%B!)d7%KO2AE%5B`xikIVNDevi-39GSIV9l{SE(TA&S
zE8d7qEEULh{&HxtyRG(zZ#5IROc&l?JuDu+UA}vNO_N30Pdxdl%O)7V_n*>qEsXQn
zJs2RrD_vTx<Lv^Iy$pKXwc<hOe$-9oD$6%|E)Yj84)HH<DaVqW5WQ0}{cS61`N9S}
zUFp09kn-myV0kVOWy~IF<pzxsr!P0|>rvhUWS+mMiZ8l_WE4bfIY@ONepz<qKdIXC
zM~m~Uhs_=4ZTRSMu<s?sZd<uUMtcpt5#vh@)?`GgyYVq7t~_umQy!WLRf}y=5Ui~z
z0i4;OnDvUu>KTgj<qik2_$s2$EaEG`8EoZy$vW~t<atD2OWPWYc}y-WG9jd74*oZY
zJ~_5W`vxN_M<n*eyaI*S^2Qhea_u!(f*9Xr%O(-iz>&exdZYFSkj$@%ONf%75qgq!
z0t4KT2u~9{D;%ChLY0?m2`Z3%O_O_IxI<vL!wsZM3Y6w&IqwpiPEX)QSrJhUB+8>|
zeztP)ByvQm9T4TpHuQWD1zQm**}&%7hOPl`{l*I}K|{U$MM<tMA(J=N%swu#RiX#p
zt)abOS3b_!!?q-#su(<PE*xg1P`ry_`zKciI0-!)Nu6AbeNZ5jog277^=K&e9umBb
z>dK*nOd1_1PcEQ&wlOCrS1US~e(e~pt2&h#9C|_A?i*CD5~MY@iLHE=F!=meg7ly&
zYKUcAK<#J)u0kmz_8+wdSO|MdQwikG(Awgc;mZbU-#(+1WFm8Nr<yffH*&Yh$4r=)
zGJ<p}35ERy=tizg2#rcPBa%8T%8(i-o<it(2E#Dvaqu<qGb#KG>WpHlBklYgbUecp
zu0x1<uuDiTYtueC(a`1`1t}qdqsBv?s|Z4p!^XfcRqSmvtrV7PW}7{a23El{{COQq
zRC^-=k{~@e?4(>=j^)Gy=tDt9yEvq!&!6=P=$z&zoFI@$dpbj+QE)So_Ql$YNvs5j
zAbcha=s!&yn4oqGgN6W__~uyZ7&KX)qPEGE|LBde8U@35R+^8OdL)gq>Xs#eW-^hl
zO@;2N;?M+ZD;WJOb1&r8524ICV@`0_?l3=1?<+P*T=TVcx$!V*uYag2+8Ess{>2Xv
z{zdVz=j;pQnO``QzmG$%4gm8|0v;QG?7ik3llWBxJo{Bm=nC7Utt#prf~tr+wbz)=
zNR|VdUq>E5r`J%Qkj%;4KQ;_nr^;-kguv8JEDl&VK|wh}GSYxqs45dX>P*1>(^Rb}
zQ=qJrJy>s>H>-j^S*wRW989k?zT?>ia7U8zAfXcETSXWNQ8&{nR)GW}zjIsZ0lU$O
zJh$b+YR+4xYS!Z7Df}9NS#9NAlV-M2k}dF%MhTPqT%&?J(NFpFKTY%N9XWOr`+5L2
zE;+YXDed6Kb~oa>(8F2I$x@mbzsTFeCAs^2q~fCpfjqk-@Jh}U7}+H@;fUr*j2F2P
zd-)*c)KzG6{0YcM3^n2T2CuZ#jlXk&He>y2S)+<6BwQ__WHV#~o(B<KGBHWrw4hYn
ziSMlD4#r2=6*UxUT^<$<CIDN>iiE_9Ob_-uo`tzUfLbkc6Ht0e0N%s>P)U;QPIBTp
z7RLnN=+Fd|dGPJ#mS5|&jeVW47YP%I=5}D&+MxE)Y2N074zTyPwK9at&WNVlSRYWs
zE_+U`y%u3)!hFbScfjRW7yyy@q~@P}A8EF+=XG`RGjE|&-v-W32qruKg>ajkuKWnC
z1<A(**HeTZ$y3P;349r(!9l9PyoRc{hceOEs%m0PK<XGNR+VVxLKcuu`s2i9hG@ri
z+$awnU?2zW<DbXK;SjwU0Y|o)=w~m34DMHb2Jti}WXlXVo?7GbW^G(Afp5teYqyA-
z;+#2`-u!KawawK)*vgva0=rUq@P#-(n>;S7aUr)cR&GS~gq2<H2@KiBMQa=D)*0r#
zLHhKC4ItUW3g0DlxG!h!dg*k*$UPs8<M@NpjC*C%8D$&UY~85mQ4lw<Qb?>jIjh70
z@$UP}aGj0f=E5<HtSw09G5mKYg1B!IBf0rxy>mkA8^DvP=_h15m%E>f3Ac4OdMj-M
z!}e7`W-=r}wLRif?kr_Rgn3h-LRnERwf{)A|2i(z<?j<Gn5=~0KvJa;+X}k~#cXse
zOyb@_!*CPGtq|^%XY$#1&BGiC2ji9J#P_GfXWx$@fbbvwSK&Wd5{MJBI-vnGW;ZWu
z8TWfiu;4UDsS4@s+KA27YG$wRDpd1Q;<fNod_Y<Rf?-n55AGsA@z1w-&xt!=#w%V@
zp0M44)+|%6=?hX)cEFpJP5t3hMUQhS_n(cRhrSJM@OC>k$nL8hk&~bX2<eU{r)n+#
z3qd;rZ`81-!u*p5VN0hgg{U_WeP9Sn;{2(wSd2XchVk6b%1C6vuWKP^j18^hW0`7*
z+aqS(*9-}$EeF{N<m6wpi)dIHh#X&wfhub}+E~h%gMagDc)sgrAXV|2PR5;1*NU>5
z9Ct(G1=I|we-&j;tNOsmu9KU~9zq-1mF+KW=|I550;P*JQ_{6~mwoxAu36p4!d_as
zd6MewHL;P>nm(UOd9N45+UWM>8F0u{jh!}cN}TV$>Rh@SxcoaC_jNC-^Ea0J+$ml3
z1a@t^%o~YrOXuXCM<BxalEhRXe|^J{vEi@v9B`m0rJ&XHh2ZRm!)gXT0(lRE@hO~z
z0X5e<bvnY$>Zz<%h+pVqqo<MjqR}Bk1sr>&o?BBx+1Dk>DZz+AqNn=DHl5BPu{U4&
z87xYnd)1&JINf%&xDNh)*2bI__&rdhoYysNLwntfZ(r9Z<Ap<ZUYT)p#htuLY6dQ{
zs5y;2%=%9YTH=v$69!R<pF|>vFHzV5e7p`w>)k9^cj!D*tFomnPVTm6d-X@^f~2A!
zye^lx&}r~DFM1Qm13%wi+{gf}@j0V;K%4|3ZEqM|8Es*70MtndAE4#eRFMsTka5=G
z>NLi!T~phdU;;P&ljvqcp~GrW>$&=f+GHis{$j<z_FbNFSl3Z*_{Z@xL6TWOY)}7@
zW-}?gZayr{yWs9GP3<j;Z3lEmaA@5?@Y;0Rh;bP~64p3H#5GPDZ3F&pVZ&=Q>t3t6
zx7CqmQJ;i@qV1u$>#uwx8ea6dbxpgJGN5?jrd>A)diR_C2!XBWu`EI>IiCpb3%Sjv
z<-M%O5T8f_zxk#Zr=){*Q(kVZX}MIFe}^;ua?-kuO}RFyOD<D$-Zfg<Gn_JK?e2HB
z=-#!x8n3y#;vTivt54STzO~pB|NAaA%VOuGJ5BL0ceg}@Adn+KJ?e}+kCc&sK!Nt=
zMSW9a3CSY_G>C2!U#v7f-yz8WP3<S6W<~=N7_#xUBk#7Q^R^O&w%>_u`6F&NW~(+Z
zermN-Lp0hed`WHWNOdW-DCZfWpT3DyGer1aLZs?@YZXSc|7bu{Nl>J~KFWi)n~j(s
z`=Kxboz|gxYfOqYvSkeG;PfnN>y(nFi0NfKl3w-qZ{~3|nDCvF-5R7goeug`2!8Z@
zNegah3;E+!iPi1eNV%0Z1i5DHQ(mo=zGp98NkT_L&gImPb^d+dY5M8H-FfPC@(ZIx
zDOK{fzsn3HubBrw3>tlpZBkJ#GJkXQwBE}18eq+%ZcXlQ7$<l{iET1sd$nrrUt}6`
z^tRUKc=giN{7rtvtxc2<a?x{y!`2HkYh{B|k_PB4h|FpJ8d$lXeQ_=c*4TklD4Nq3
zyAgf^Dju>BE%CP4x)}So<Z$)Z5%7L5y{yM8caY{X*dvHXNJScTiqd(>HiL8?XaJ9h
zk?@1OU1<PcHRaXauv!h&ZPLsyVPvu(z@Au095V3b{MlUbT>knplD_xrh~!nI7!`*d
zhb{`Z3JgQ1E`wVYVn5H}#|+x}!|lhtr5cXL<Q0|t!rhJ8o}nB0*$70ToUTZ$B_UYm
z#>^0546A54drk!f;IA3KltiUE@EN_7+@(5nSiO|sO>hg=`_7wBa9=d|&Qnfs=YUFb
z6Wn?&zVi=kTds*Rn`CByuYrUzuBhm|_JW6+z3{9aHQBU`BOT*f-(pV{1~2Jx&UA$|
zrjt`m!n&SzUT*6Z2JP9g&enNAbuGn(A%(-K)8i)fXY>k1qKoa$B@04wGAifelPbdQ
z?cqhNTj-`E*ke>y;h8IPkcGscSlUHTW3Xn9YXY@*^AV=6DZQdUe|k=@2s-b-7K~p6
zB(M@XhHANXt?*H4I*~?Zy?%*mQDC_Hc8)W=Ld5s;;;iOIQ7Uy?-1iiIq)>t8sbPlu
z)_sL8;6ty#+I>~O_+XF+14D0q!DjN*o*ExUp+J-!S1H+2oGu)F3RYOD0MCJ1nj^=!
zKy==0#5+gzWqF=lSl0I!NmF?XVeqU;=asf`3xEu14FY;izGJn&s=Y-=h{qvidb`Qk
z;l1k77@bTZ$FA$)#+e`_?q*NF1x(r8RTqG8+(~ENo;wPPWF~v7QLu_@qFRI6TSs)X
zhrTrB5$g=SNPB>ZL=iTuD#w4_jjCkus{S0&yqEW8#G-5{S={meRiI50MbuBHYBMfy
zXsMP>b9UL=DntxWT{l9#G(Rgx<xI@!@U*}oP|8TF_Bzk?U4<T#pEp4^;iIOzYe0J1
zohVVAsB-dK#a<!}O+-yekeukIMdR2CeV)lv&g&kcMDuP|@*bkaZe+EY;2jsytH^>X
zt>H6YB6n8IQ(>PI-X7W;328(NIXEPCdB1mRxa%K7UdjccG6wK>Eh;yfSWiWaM;h*Y
zqWwukYo0NVt3yk{`ZM=I{)=<$w8Oiz6cp=#^=A!Kb|W^U134wps<xQP`rMa8DJ6Rt
zL;dE8<8;26+huyD)-)j8ZPIJ$h95AEv`=XD-)f8OuUP;k8uqzq+=mFNKu?JyP4@@r
zp>dg76sE?SVjsf30{$qsx6n3csW&92j#I@v&sYdm%c}ZTOaZ5dp!mfmOW$lLV>$)Q
zqx*SW66c_C6g$6iR;4=R9$5*`-z^G!*s345BkR;eE-v!PjHT7D7*NA?gOQG3Jbu@G
z2p*yQ?b|}WJ#ie1z(~RR4)`F4;9YDE{@W5#WY3abuScdj9Xw!jC%RO1?iVjMKDGmP
z<oI<}5M!+7XI<qZuNF`ap2Q`ozQo${IfpHjsB4Mv;Gh<3yE#+ng5~^oS%Lx|B7e_&
z{Zmpb7Aq)FtoQw`IG{Lr=~|Br*Swz)6m+RBKkyWnef{tze3DLQh>0JYrlP$tzHI4D
z<_=86SRJv~Pd+d-V?<#Ymyr(09J*#u_>X~|ZfcK~^<dX4C1rQxvs$;UJI9*>_z;Y;
z;yb2d&xj7v2+<FkUQ!Xm-);e(viGchIYTb#FFEh!?=<8RDA=W`+4so{aucgZAUo<%
zz67?0!`Gcgs^b&K*3j_v>F^N|_tS~N@Te5e?vOs!6+jC3Y8DO*z|Df^R)AFe*Wn=V
zVt^<;5=xXPOk2hL&QAO>SY;(ApTL4TJzpPJ4l)XnD9lRv{LUY0zCJWi(L@x6r)FM@
zPqd$E6RE9&v*$9)b4_`wnBZCxM2fRSY`wcJL4(*$+N2ts=Rbw?faIz~LFXbMk!Kt2
z(S?N_Tc;A}wajgbIFzEy>{WC2M8DRgL?YA?y#wWF)s8U#YKJzJggq-TCdO`v@$U$6
zMf8s1NpWr$*8zVwyi0;&TK9h8y4AYNJ7L-uObHez=xx+y+>pb(BS(G$ta7{j34Qj*
zNQ;ddc;RPLo9@oW;Czodpy$sYJ82bd)+5Boxk&tZua~)?@02_8r3(Ef+Tl?NL}&dW
zE{?0;=gz7+B1(l-8C&`DzX6{riXgD?R>Q4Tg~yk0O-y9FpkDzg!Eedn7fLjnFyQmn
zRrrtg<`h|K6?@Nta&%UxbuVa)^qIFy<n^}tbhDH?6}|6D52^V|%Ekq2s$gP#R1Gqf
zw&z#w3Pm#|%W=$rdp_D)mJI0DV{5J{nOnMyw>`DUF{~1o1UZk;j5%U0Q;mMa?(a##
zg2_#jrdY(dNgN8nQMU)F3o@^PoG7GLWn1YnUSu4ls%tCSdPKm@^j~=|uS1Q~4L(WJ
z4eYN1FM5-uaeLG=oUcV~R6F}G@-xY^->w##o*`LbrZGp30Cov_bwSw6ZVAv7hNm%*
zP)h_b_?l;mDuN6-WELzD2pVN9a44$EsUB-T;~)Nl_fe%JLlw#M_hpGKWfN;t{c0JN
zO-V^OqU|tj<T3zzOo?vzt10r3FLSld!LM%n+*y_)^`~_#pf=nnq1?eTwtrS#ZCqWW
zJXteHH7f=$g@Y_3UD@~Lna)A4B^iH2y89i~?lkCGMR_4g`c=qVq#L~;Zg^dXi2t+F
zO~Q$(QrmQ`fQeQ7+`1aWq2-%4vRu7XmbXbfjipum;6H0o(`r+j@2pC7i@41gr+A}W
z)I?f$R*AMu)C4f#>M%HeSpY3P=E>b%;Gs-x=D^_2{&Kw3PrCXky{A*}SNW}dnxTIN
zpy?qrlg`@z2l)mSNAK>1h!0ZreuQDsnyvyCoR-3ElS1v1I_*Jo-ah}C%P0TKp9kk8
zU-z8N_vcp!bBw<M?0{dNS*v9CTa)fe4ajWTVW5)u{Z>T`a~W{>aP`@6$ZcUL$~xC$
zCtHx)C(P&4Qf)5xO*W<a=yP)*H8-pIe%+$NR`AILW!3w#ILuD)DT7XD=40hY%fD9@
zADJ`$|26-4b)29nZ{?y>y=y3{i(#?Gr$E_g#|<rUJ9=llRNDT9hS!IGVcWk4mxI+^
zd~COgx=D8Vq5PbWyXPSnS30@F^ulaEwh@vJ7x^6iqhFKt(!4)1O#bG$+^q91o5d21
zN9aGnTxJs-O?%O}sH!z+9gI?1%y*dWcWGw#b={R|Um+UM$+dDecxSX`m@BX+ZUK+E
z%I-%A1InD;3nzeo2F&oeZXea?e8fv;Xlhp?ry%SY`Mp&#EV4I^zdHjhZXD3Ww32xb
zX^+w;Z+M?PvV=UQ#WGA{oaM&|15T&gT|pOT8(})gj_3Vc$#DURMWVJ|G!IcZkn)mv
z?K{@g!-}5NdZ_J&_Ky7Nh=1($I{Ds5u~Y<SXv&E3!6i_O@5f=pCN||+ge$FBd}jT4
z#Bxa_2C9b#w9W*b=*o+_E0I65=b)lQ-CQYVR7J{M6+{{v+1ws6qN_w<&S2Q9HPO3d
zE6U4e3++s6F{+sgG9uKIeaQMwBg`fu%51pL&1s$ztDqYkBd=7YruL)n%SI%R=dZ%X
zwa3Kwg1%P{yQ;ZMSF;znk78(@$iuYu@>F@<CJ~t#zfYIRjS<=;V?ZZ%bxs$%97O9T
z{~K^#GMD$QOFr)D6qRs)bB6J?Zos!Xmmwp<2F+j4wpkD~w&&wo&f<G@ldM0~6QQ*}
zgabxt^CMi2vXgjIX)SUlZ;U*qUtErKQ+Qiws0Tl?F0*ZpCfg~q#^h66YzJpx7Aowe
zo?|<mxF^>5!=t#`k>55XvTGNdFSGU7B!mynK?9w_Um9?k&6{Bo?d(2A*n2gt#iJol
z+CuTM`D0okEHAFilOdeMgWa9X#dMUYMB?xn(qnqw<)|u^7awG?pS%gX%;r3rUZrqp
zQkhmf#C1Kg74ncLg=d@TA6UC=o8-v1a~ufFb+R=>u!#WK{1EO3e{1Q>4%%aKJ+T0G
z^80rM9L#dFC{nYcTLanARn}oAvJR?Dy_|eyI|Ezk1kS5m#6G*eGlTt@uS6N~UyhVH
zp=+6#fa!1Axis9!mRD4!l9EcpoV`+?)ejKBdNI462;*HeQ(}GbVda_(!${Gxqi280
zNN2lQ{`6_J0{{=7lEbLBYu=w8)fsai{{iU(PJ_p6PFofis;&8``b}iyHn=LKI%MT^
zJUXei)aN_nH;0aU<QCX(e6+Kf3JYlJ!jwwn2Gp#>5EU=$)Q9VoG@OQ+cYYPW3X?Zb
z!llvD!u`mw)T!PWt?Hd-WW2zpzX8^{GVgdDG2Jwjr2{osHx8Yf5*#-Z=XY=UH8eBS
zD!Ss=NSDFk!Xt&FuV*Y?R8v2_Zg%n3g^;a_0~{D%o}}9z%d`W*as?{*{kBhzK{;8N
zc1|2lf;}tB3n`O=tKC3OtF>^{YY(+Vlr~9KP--DnW@LqGpeh=KdkV-$`U@7k^dIg2
z6A+17ch~yQNe1$HiGbWou^?)HQ?R0-U;4T_Wz}n)e0XUr3O`Q#^X=6_Vy&8;m3-&4
z?3kYmrlN*KBg;1QgH=EDo{UdFjHsY|uar>?irWn5eg_QFi=X8v4zq5XWB&dol!B+V
z*v?KlL~nk|q<^?Jv15ug6}Vxy^mzV(Eh<*#RJk?RPiv;rs6(*wsV|m9ImusEYTZhl
zBGQ^TNPBg}{kBo-)G47Xp#_1-&d4$X#l`tplgdl~h8CoRC6ca4+^XAa9qXO66asM(
zsUzS?gbRDD;#q}ysQb0y2*N9JIHCP%SaX=TLZTKB%h3Lo8Y~J4viKb_0H?Klk6yP5
zvUM>`b!ML7PJGN}fZYx6K4vdZ<GVg;mCOm8P}T;bg%9SZgi&AJcmfw#1~nN{qBw#j
zpEwgPfvKxGA}Zrz4HQ8Vm|kB~8We)*>?<K1GndvN9T&q!U*3Nd;}2kv{{D<TL^ZY{
z=X=W0&Rl&GM3a|p`zB>ha3jh?w!=dS{uv>CJ0*@0f|dF#DO1ViZG*|Hy9>#9p}32|
zh_uo1=SHcf@2ZC9p$9hr7M3JjNU8cUBJk`4W3f@emB{h?n`oa*Tq6Br;UOZat`EoO
zUaS=fj;BHM(pjJsAh3pp3Q24y;_N-hfP~fc7j;eE!x@*Q0aDvRs}+B|)y-MXkuA;;
z-ikw3#fSG|*hFhG-G%|~22W0`4P(D8vz)dMxPAWPT>qL3^0n#&oNtu#rtzLwO%!K-
zb|u_}r5&WF0w-xeTyw?W#R`V`=;);~Hrvw#m*#HT%nbSZ!}Pr=){!ie=_Nvxn8RbZ
ztzsK&)weMs3Tt!T&B^z*FH`5FRjJIn-&8uQ3z#BRDFp$o;LV3iC7k%%Ox7HFRqarL
zE$yQfWD^jVARr`+D)_bzUHKa$S1A$4QIk@(Rs=#3Izp8oO2=BG5H&<D$hK@z9y8Ox
zC3I}PcL^<+E}9`uji7n=Ab~zrr>bK&i%+VN<Zn?xb#ZsdKbm!An0T0_)bH?K?O7os
zQbdPo)+oM8=Tw@SYTEH+6H%h(VdI>Po@WYAe|v4V^`69SH*ftpE9`ZrpF#TZ`bMX<
zp_?h%&*z6Ob$0(0IT*0#m*T0dE7YAWxx{MYEd&Ph6ln^KNZd54zGY|@?VTA-IOSfz
zeR|QBSECO2I1*KJxUo*|eXRUh7Z#xPp3V;v4AyZlk2{g)3>}0|Q9;^As8UgWmjkc+
zMP-{Is!p|n2JrNmjpkppV7r{mUT)i~+c%7a`cvZ<u7zA-89HgeVQc7i%_60}JX4SL
zp(Z2IYkhL8!ASIRDyK3%!~vUmj;)ciES43}4pV(V=y(2eVYet1-9(vdufoG`sbwU3
zXdK7NYj*sRt%H&G;M6LW(H44gF^C#^y2V7~w&lXESp8W$QX`|;OC#^f%xPK3xz_i1
zx_9|UuaFG`#e6|`<BqvkNAfedd(qx9?xNU@L`D?QHeq$YMu1}iyKZAWz$O-fDOWNH
z<!aJg3S`tm^w5D=Tn{6x0TkYjur}N$Q%gsTI8f1!JJHet3H*MC8IO1$=Z$#^4o286
z7p_I}&0Dg5ZqpCNVxyi+h8g?W&@aR_T9DE){Yk=fD^cLR+g2I&AJ?PJDn#L(=Gz|G
zYeZdLmg=IB2rer0w4w5w_}&BL8$A$io7|rv^kLR0E&yxN4?)!*8j|fD%57u30k5r!
zlD@2G_-nyf>BQ13q7}!0a3A`G>Kn84megQwv33?f>rly@w?$L$;s=RGmgLHxbe)kL
zM)`1eEz#w|dW@fd0GUv@L5!edy|^-_MI_BPqp*QzXnHye44%dI8~d|=*4Yr*=`NPa
zzNzflb`SE(3s=WiGH0fbmOTtx=P~EcxBaJ+fCbjxkvNmMVPrO(g}6Nn(gp+MKT*cn
z8u}FOphQWVFeNQ#T^M?A*^p1Vvc6KX#^+IX=TRo>>+WCk;qLlnK|m+T0S*h2Hm>=<
zv{yNP+v^B9j&|tm>;hTT^O<R1p<s%xF)8AqX(fa7LI3v!i^xJ2nn+pY%0e~Bv8-xT
zi@wuk>RP2|4k}nQ`k(3eR6ATX{&Bz6=j3*NuD*I-di|{G^|@$%TDr_8#Dn>*nWuEV
zP?%q6qWtESY8i-dd!?2@*o)Uts3lK%+(}pxa$fT#i96TDENwc2CM)gT%j{wVN4l}C
zzC7E%Cmn6<*6i)l-b#5i3k!?+6%2x%U7xL#T>T*KEKZ!Ecey&zIKFLdJF;PeHtsv!
zQy%c)>O75d=mnS#>G>FuPl&85r~f=jIIV+Z<8nQOJTSXcp;@{p>Lr`kX7m|3?ji}Z
zIN4YhdmP419w$~y)?!BcmQcL9H-7!FJ&SuNqjm&jThjX0tlll3wC;AcO>*bx`iJfm
zS-4)rVrS!2)-vRPxD^>sH!fFmDtkz3VRBrdYBVDvQ#0&*bnQ`L>@}l@n6-X)<lqd=
zh00&I9X29Q^P&K{4Qce??9h$CV`BXgZ>Yu~E?x6xZ&*z7eY0C{0n8(#(O=3#@%-^2
z+zDU!Qa5-I<<MQJiXV{XOilY(?du_()UU7IMdF_vIc^~w?cSa(#oNy!!CiV@m~}I4
z<(#zrR!yG37f0u@809lV;7U>dS-(9G7u&{eCZLbXhC4z(3ICmMr?-Uiz`&47IXi>K
zDJ{0bNWHey#cF-%rKo;PIeF)FUovT<RXsAK4d*DUJ{p4+sFsrptQHOlMcghz_X?~A
z5-lGJyRachHh*~hOH_%Pa7qcvI{8i1Iy*e@4xCIm>R&2C)C6tvf(=8JpNh7*@M_?F
z08E5F!ARV%$-zPb)AmQpdS&p2v+X`Uz~A&#<@Wk-us<`G>0muW$e`NfZ*+SVIf*R~
zAW4*_3vrusssw}`8Qy!ZHm~K3yTjCT;}#+?m+>8}hag)MjRN<ilSwRIXL60w19BHF
zBV$Lw9%+?`8SRrrEp=olMCi3C(K?ZQHxrf1ll>0~YTPY{!7WA?qYtcsZL`83`3AeR
z<Gf}Io#b6F;a`bRFTRr5`)S9lDV^qVcjzRThn44TkTAADxryNIoXpySJ&sDvIJ4o*
zjIEpH+;_(9D6Pz&f7d9;G*U8e87PwU&^q<YFW<t^9<fq!@9nU>+Mb*<u(r`I1)AgI
zJ+Q4;p3_|GYi6Ni0Y}s(rjyH_mli|3Z0u>Arw+ZRo8{5!8ZFv!Yv_A-7`|>eM#AH}
zW5++^avJ!Ut<nU%N7FeK<ZF^O+A!c1R`47yQTY3EMv9tcpYB}-piEyHrO|aDapdiv
zYcaQ4SUQPLtD-xp+<z=2pqf1L=wuGs@34u5<W}MO82HhBdSKFDRn=$1zm?t37BgnF
zz*w6rwhY%rx(;;-#u2T!q-NY@z5|Qe?zO|TmKUU{9mEGue%u1LWV+o&F@7doeQ0$g
zcVF>M11$6EPnpHB#AfCSj25+<*!7afM)V#D{h!{iy00oS!2~{P{EJajUNp_z<1!{E
zv#7=s9zH$DafT1j9yj8eYTv<41>fx>&i=#)!~`&35xjS=nSsmZl*{q-WwL)D!ASl~
zMt2!aoSx`-a}){HRwatpcW6L^Z8*YwOiKyp6ArZ^!O%DBG0Frtl0pONnH>9i&H_Z$
zv&5xV#ntPJ=`AgFp<I9S0jb|4FEG&RZe*#+7M;YY?V{;;sL42M!!Ntk5Qw(}6v=Sv
zw4vr9MeVX}zFCW+>GfHSBeW5XcG{`M!SIxbGHt`xgYjd$%GAeK$W}POLl#*75Zd$n
zgFgjv`e&N$&-B`#X~3Uph)WC`;E{V>qikIxxvXiUtm$2#fl2|xHbcF6#wchzY#(Ja
z_-UFObH%c&MOYTtTWMNrF}bOjoPpF!^J8UJ=;H`K=GzMjp45A@fujB(oc)^uiq!js
zN4N!aAh5%<F3X|(aZcFm9v0Xsp3~MzT{dZ^^%?nohB1Jt*30N%+f!|?z#s!f-%+40
z;cvA@DyCNMqMH+$Zz)NKs}u>ZBi?v-w>(a>NGUn{^M0RYoV@Gei=4@&-NkXn;ICmm
zS?(AL2vHYP=BbH~7~FU2VAzs;y=<#mtN1o)8%ed{Z|RsPTk4E8N;Xn`j8~ST6rr4C
z*Jbje1wW#wSk?*^M2$trArwwTDOxzlu4Cmz$%;8Ww#SRaIV8XzUpAcsE(ZhBWz=39
zjF!2vcSQ}3M#{hBkd!jH`e)P4zBpNngDQUaX=E5L%r82>lr-!D_j1ho{9g+=)v6DR
zB7xN1feRy+#i*rg$_2YX>5+=M<T6e9k%|h?TC(C(rz{p7GUro&C=wmg=2IU6?SL7v
zYLsKn!P+QZ*<uqF`&V<f1d8w3m*z5>G7}EpwCfS8q}#qT^vN09;YXzxc}^KEkwVTd
z6_A@SGgrNxzvd^hn&hOQdQ=7i2k^S#mvybMydL|v?Nizh8ODdB7tx=rH$?GMqjOT8
zBV)o@fc-Yk+Em_?r*Fnl))i23T0%NLkWK<Uw<u#K64}}&s&^uUOVlRynZ|Vm`a`<d
zGA^qr^pPIY^GB~ZrsdJYe{neZ`-!8njO&H)g0L=Zve}|~T2@qgZ&PM*cPa%X-pv{Q
z*XiWw5-zM{IgiF-V!^YxXlOo6@1p-#qspVR?0*}lfu8?YBmd(sm4A)+XlpbkOlLmn
z6R*UF4LxD)x>rU_Q$FYOB_-}vIqxzGE|qgQv5p#zhw9<X92$1#2exf+uaRE&lbcy9
zpCR2Sv*nB+`UCz1Sra$wS{CkwT=XNAxDSR4ElPD#0Exa-f$f}Ov8Ybx2Ws2Yo=}K!
zLgFse8@MCKgjS(aYSgmNxWj^GXKj2|42E;#PZ9eqhLGX*@bKgi%_sZL=<c{~BRdK9
zuzDS{dOHjGXSp=4iBO}%9B!v7>Cuf6_SIACFY2ZrQ|Rv208>G96f`^SmZ^g>zmn}<
zMwyJ|uSSjNX0ji#*L5b`A_Yo6y2-oh*~aKJ3fSR}YAE^@_J{HI-$nMXqMC;FI2x#i
z5W>`ZoC6fFwNslAthX7p@$G;ug!^a|qLM(yb9lq0mG&ovJ$ydGgzvN5G{@YCcJC_R
z8^Rwv`g;NBVaYtb)u+eiIkRdI)}3Ltc<>Hj^H(k4MIwOGt)eWX#U96G02kNdo5(zv
z|0g`>pDi73hHD1^KJ>FgD(C$h$#0g0Fd`n<`OQH~2jl+^=Hz?IW`lOwhhHvAI)(ph
zgBKjDksyhRRej<v6MMi*jO()HZz)!#0glLsOsGb&SCP)3-+kSV9ut~VLs2)HAAPyM
zrmG6hX=!Fn9{A1S@f$J+f(4;?S)--H$ybe)4<gFQzudZpi4m8j)~QFZ1;z}XGI7I%
zfcq%oZlmbt%l&947dWmhVTB&=m>9767Ck{$G9e=T$5}|>+mR~X!wT&HvL6!*QY5>=
zw~_1;lj&Q|pn_VZz*?<KoqU(^Lo>9yogS*ac*iFQDk9p`J|Fej^7uzL|A48#y9jcE
zI3$O1dY>?gh-zXP<tGJ@9o3}~v-5+;5xlPSNR?*!;MiuB(6r~{CW~~FpRUbf(vdsy
z2|85-Q&hD2l|~i!&G;qK27BW6m~Cj6c6gP%?m^8k2jrDBhr9XusecuTS)I8xIf3}>
z&I4sTu!WIn^bJ}~<+&-~=RN4W*;`GPPzwG1Dc3i<zORYm8%3Yd#scU_2DGbZGZF)L
zd6km%+dpm{GCUde{0rkq%8X=-moR=B{T9N_N*%^4%P$n4S8^Fb6oD24l16;~jg<LA
zTxN3+*NpZv?uWCg&oQz_nlY8HIgfmJvLxGbF|muDr9rCq{G*%Ez1YdmF1p@FF2CQp
z{o?35k)2`oSKyDcq2EZRvnJ;fc={aX7d^Lvo1U`Bd@t!y*poN(Y!*U@)>8o-tp{9G
zph#eyLd1<Sf2W}0Pt6Rf!BNnoPROx)0>69l#=OTRKBpE;V;1++`C&%QOKS(x%=?+i
z0BeB9-|Gnj61@nwx3(e;x#<7LHrW8BPbhwFm_meKRA=@1mo9qMkV7hgAo>%}sE~kq
z$Z_h|YJy+>Y6|EtV`Avc?||DHdlLB~X^IJ{LD1??MbdR&iWtw$1a8zhB}{C)S}##g
zP+`kgb~K#?k$Zf1r!<5$)^3E%NV!RqRrI;oOpQ}Y+r`*z5VTjONo7^8Lb;xsHAJ&<
z0n3`AN~0j!>L)oo56W@E@n4ocw2%wcx--6lz}(Ins%Z#5dlx>}ez|bmyXf91=73yv
z4v)3bF?-w8m$R=l8H+8Yfy?PrGQmi!QQ9y@0wJ+pawA>&188`dAE;^rKSH_ei72qm
z&?d-?!SREN9BdPfM*6M6iA?1jJPUc`dY)p)ux8^wmJA$L_7IGew(l#fR1Br+rWxTf
z=j*w?+fBSb;p2zC<oUCo(~ZkE-oyFjWc<yVcWM#m&C106KejfcdCtlMobwpPB+M2g
z>sxf=#8nnfEi{6XEb&H#$T9p9HMu2*^ow<zH6j!!`;bnZVQY8Md?EF#hNC`{N*eQl
zrh(I`^(?q*DmE**<XDV>vS7>9YHAg1KO-M~<#7rhKXhzMX7Ko7EQe`)4FMnBn`Z>q
zraP6)>EFFG#O;UUptXBGN`|aV$t9cbVn6`-h{S)-JIp~d?Z)G}KJU8T=sWfMm{~cn
z*RtJVOOu{IQH-#dtY*L@zRn0fDO2j?KMVID?xZC3ZWgGg09V2U^aD40WD$O13iHxY
zz$gT*Tnv|Eb^K}N9RP-z1!&nypH6}%4-2Oh=swFE3>$A83|H0olm=93eJT;4N(Kl5
z{@0Q<2i@Wne{@!g85;RhxZ2%%H4|>LI&u3>6LZ!G_(cJDuIQBth!n~XF%wuUW1C)}
zWIuo5fJt5!rBNdD=pAsw=u#7p5V)m8P=c{TP{Lxa1(?+3LR^3`nV;i<<aDjF;#;cv
zYN~h-pzsDnP7wM0)=w*XC_|dZrI2Wb=~l0voyooKu0v9J!*A=;{kfLb7oze8&+&TO
zs%4LW`1i3dI5>%-9}CE0r;MoMqg#t}y}nMT_X6pkSM!dbDbT&IYdDZB%h+wUHe#1i
z<ET@@60*T|ao8dYsj$0KVW`uasD1RPG)utT7H924)RMF|a$Z!!!e3r8@+xo5-I(NE
zHYV%wfs)GBSy|F}<F3JL@ba-JWFFuavTD%mXJ_pDzi$VRx;t7E05qQ(Mrc~w;=jgN
z!{_apMTtH&7sHa<4zZagKbbisAPp>IVGed5L|$Stp<HCI#}3QD8U(NYRK&KLT(q|U
z;X~Pd7JpIuhZQ{P8i|rR&$tbGbBq22xO5kluefX^5FLb@Cnle>H?Q%`es!`DnQbvm
z<CWAmoN-%HKFX0!m;U<`YXCyR)03kkN0dGkJob9B<_vb`yd889JE0Ffl3wx7mn@7z
zpUH2#AI&2RPf5O}k9*C~SQ}ZF!*`RW{Fk-l1ee{Fhb*WdK)fIiZ*66uXzzAJirN^7
zAP95aCB%q7b`b)<45}%VJF@yIU#W-;zhUcDB~-At>EK7Q*=JHys8MgURS&~l3Dt1P
zQve^6!i+X!9&eF#V*jJA9C3i;qN&(<I}`rYW-oE8&Y~#ji);Ev&AQTdB8K0Ay_I`#
zTI6EqIj`dgUF52ZU7a^OyI8ZfoawJsmlz{ek?4sfc9NspvJJ8=tpvxIN6V!ur-SLA
zoHgt9BPsE5Sif^x=UJdW=pRSjP@CnH$X}3l2&9jm-hVghpItqK61@_d;A0-;lDKkM
z^WifZu+zK(C|+9*gj{I1q6O#51eb9s&fEKooRnX4)m-U{{9a66@wq7pyUu9;EF4@F
zu?)Qb=_EX~6O@b2r4m<|%-69xhIK$Ls2cbhq9^618N%vQLq%&m!)d~iRrG9)q*829
z4f;i_Tpx{r=p5)~G~pbvuY3G0V2?Fa<;A@pmsK8~;4@$GQp@I3!*a^eUv_8nb(Lk<
zvJlfT@-m@TvMqs$br^@jNEr?0h*FmfiN-!h^Zk+`)8VJLP*o=NtoX^zpI+-UVUI-8
zKm$n=kH^ZL&PG%D&LtZF62`+%K$98}N!&r-@G6zzc!}Y-<rjzn;E;HnrM?a=htX!Y
z(m?!TqA)1$O_*57$yMz(XbDei9^pi7o3`9@`j~E`|5gA1G}L-A5=nWZXx?}B?jB46
zc<*kUvCp$ZJb7WxvmtMs9|62?dk2%Nyw%HEeD$03s^=tk4ewZMup%$ZGuhXNt)wqH
z4q-4lZ(ebc4)H_&3>D9iW5V8mh>r20nNn5X9EL}6&zrHzw?`j~^N0SPk4RY?nkW@z
zK6xn(tdlk7{w+yS25+LYj~bZRMa&?qhtvod6RVotaYVnk;9jC<7hWA8p;{hz7Z5?!
zbp^pE!Ar)>y)}K3sS~%W>9Eqw`|;EOb}co&?GvX$vhNLlilI(qr8ZCO#z(l+x9@3m
z*C!M!b~Ho$d085rJKksmJyvmA32s@kiD?HrqJ^?cqJVrr%3Snzt5P9Pe^x+XN#IM5
z0`X?6z<mXh!@HHvu8|ycKncxRZZHf5gut9LL>}tY8b}y+y!G){k8fTVLSE?@e609g
zOb@?sZkU1jt|jfoQ(xQU8Rl5-XJ&v^b$ru->|w*hUaQl@{p3$0s^t)3Q)^Ofze+5b
zfPq!E@<q0>UifBP>t@>y_wQK{SB23=S<`VQCJSMF6)Wz9W_Hr5zDz_D@)GwF86KE4
zf9;bV8zj#q-~20HSI@{Fn>Tvi9~>e$#~I1`2EKZIE>yD?g<R^Tw?Al#A-$SikvWKD
zk7fg7d<phE)a7}u#A9BsLnNH^S`Zd}?!ejmli>$_bc~%+%aePT|0b)NfSx2SCX2>3
zNy>lE<(}B}8pneGe7T6yNzW+BD`KlYVv(3u$z2Rw9bM$k?pxDD!L=~*{mYQg@I!Cq
zkR&mL=7+?XLJI5x*jzpoeD&B|=hPm1SmsxliB^S~Ry1b(U1FHaOHsE+Y6aD4(|E_*
zS7lUSD=+fpoUJ*l2W;#lW7la@qnoeDyol>Hk(12?Vz*&*<75I>j5|`&pZ=7(16U)p
zQ4OsRIe$xzw)9=%+m$B}*Co9PWYRo1GgR{{=cOyzcau@`8km_mxZAoE37UmGe^)W2
zekOz1<^6dznrYE)+AuPjjrtX{q%Otd=jv=38RBUoOQ&vV&1i{{b+vqRJ+~YUk+4|L
ztq<LIy}%P6X{7DXCs$6%ZZXlmpsSQ<oXW8Sj`nD(wE6u88*mjF5ya9dh<1liYUR=P
z2SGG9#{-ZH`RTy;<}DI&rLNc;$?z_f_-m1NIP6Lf7Ik6=c<DIU(*h``#d|RNgWs?E
zF*Dm+o~(6EuI_5vafnUTgF^>xuJ&v>Ei)DR13NR@@dmCOKaweVHN}+RMIBbU=W7j(
zKXq4ZtWiuiY>edkUZe@(Jak{Zx>fN4-&E<gyT6r75}~18`=29!fefW7`jH9_GPjhl
zd{_)qrPYt^**cr7-czbcVqXX15BxMsnpjO%<04YoG#M_bQ)g%3C07;0K$lOnl<$Ax
z>8^Ow&^WuhB8#7;)Guitq-Ul;*FD4<(<~mfmu|x<HAn3qC!t{j87dFJECPN5f))tT
zz|;IuTZQ`rwbjCPZ1A?hr)iY75KWRMR`#8^+Usq-MX(Z~vXu+olmC0^DV0qx(4`;M
zsd*n%#ir0(;>&*YPm>ImJuIO3n>BB~FhSty?V4rEblr-O{V}^ti57}HuL~wGwmEct
ze!qI?jD*+p(a?xl7y*s254ZesBWHUyRod*nbLO*;PD$!6JR#K529iMv^+Y^Iz>i-`
zGzeDtJYepdNZpam!2APyB_i-8Af6~>AU9AJg;n`N^vgLSYQi{;G4yrtEkrK#E!jag
zX}|sT9dWl*4m?Y7vKQ^Jq6XetaX6FVD^gClYEHvA<o#xN7x9vZ(?i1E%<&wS`n@IF
zwh%n&b_Y6^JB7g4*>a;^a`=*)p<BQv%Yg3o42#t;|52Fo_OHK_P$l6O+l$%akh#=r
zT?cBtCu*#vC#eC{vb*ElmX2w4`Vp^ZNC}sI)CcEH5OXsQLjXpHD;N-IK4Poj6H4>R
z!nK{;h#&&BhIGnm8;4exS(`Jr)kijW>z147=SNuPN8i(!e_yLr!gb5yALqIN)kYG}
z$a9!%rGoS5MF?jcJMew)F;YkVCC6EU&5uK7zz3h@`7zDL8{y*KB<bF}PFg5u59;IZ
z^1R-wFe_lmCnz-}I$8d`y2{7z53VHG=GGqt3k2>lPWGvK`cM{5H(@UbF)6eap<I;>
z>6x_i5CKL=zgky;+)P%D98BO$Dj32E*U_R=fTL@60G&x^FdpSNxHmwFp87)<5piw4
z0@X7w`b(8khd>{JsZwM9X27H7?#abp0M{Y4gVDU;REZA`+wT;SIcunCC|eX!xN@VZ
z=bgD>1XjD{@*$_|y=-mSrVl0;zKz}bkSQ&Svm|GEZ~adm5+T<T24(3czfCUsAx!fv
zfRSX4Uv~>lfNnH$@Q}%*f_71n=b})_6-8<c6ZVJHsN2{Yl>vBwWG?tpMM*+!+BH?g
z`O?g$muMWn@4z^37m*VVLHF))%r%H@Y#J{@W`9FCYql5(dT7SU2)8lOa1A?9H%yx-
ze~^&UrUp%i7=%F1fEpACNx{1#I%dPSypavqxtM1ae0LBqin;F%@Jb1-oH7oJqS(4*
zR^<jx05J$X5cb!Dj-1Xx=^PA&)}7_rmVc?jRtf~lqb&@kGgBm<UPy$kyPTO_(Z}^T
zMJ$~da_o2?ZZmmHZ)F}Xt^Ty+F6zq|H_S*{U;w*Pkp!m)ia5|pUVMg-K@dZQOXi@X
z)t!d%p_Px3%yA_IM}fQv{KAN}kD8kufuJy7&wkG{I){;Dj3ATf)|%VL;BXNAZy`c*
zik2E0Tmy1YZ36IT!Yd0(pt!_!+%rpU^OBbO)+f4E>)-+pZ6>{As-h$3mDG-o%`MC9
zlxxPz#%CF-tuSS|*|A;G4HEuf#qOJ+>IR)EjHrO2$YQlfigN4*^uiC&5vR<c7M1FT
zY?=KXWJ(ZomC5&t>SUba!m|MRG<tM<npu~?EbGD7@#FpyMp^nDCbJq2h$9Q}0{J0E
zn3Xb753nq?rP>ml_~Wnot-(;};K)i#N+lkfC-vev>qWDiwb(jy)Tg~vx!URM)&;xo
zrFp!UDzXyY7;X{20v^M&*d=uJq69AwC!I7(0fi3Jgnn+`i$2&$oo;Ig8x5uzt32qt
zoScfg4oc>XXLRFqbk)SGOG>?lheBz?V|l0^^DUR1ONUR3k(KJ3&Q9EV{wAxecR!}>
zlfsEJ0B;C<lV5iNNYU_@UQx)+pVY@3KB5$rZzH94$>^7l5}hRPG*fmm$)Ry#@S-xZ
z-b-%}W*+vzKwe3jJnZ7zA(}i{^dl7!h6#hM@S(NODD)rJ+wRE%%0e6kRiI?14Vgn=
z3ccuUHeXdZnP-0~_1~nqk|{Tee#r*8j<hMswhxcRQeVFxy(YUb8H)2Bnc*Jk9_Ti+
z4ON<FyQH|xi)R1No*v{?LO@MeBiqHsfZ{gCq(LsEL)Pk3!V1e*B1eY1@rH3sVKXZm
z4;M**77%NqC5INnzh;|Fje*6q>dO*^T*sxvzb;Ai>n7JH>?z;<3&rz_#R&^`dXX>F
z9L8t1U`RAi+@b2jL$OP$;-gn@!yHSp5oj|W#~<ipFpHxP@*OzkIkoBV`ihJ8Ey#eT
zXp{4^d}f4fYvkk?H0t!+xoYomGBliw|2g1818;>CEpiWsZNvFW)~qn-S12+QA-O@m
zD_D}*iL)u!ya{oxn&Q}*R9>x9(K0B*@!V^=yu_%clOkGWYJHYkQ7uI#&(`cFv$%wg
zmX^NOQEY7!6iy&JYR@=`G~*JuRu^v+8X~(6k!JyaZUlcGK_@>!pWa1gzR8iqO~mei
zmDEaSzKKueAh*yAHl9wBpQF2NrmYT^>mP!BH|)6^j%X+z;cOWmRhS=j^W|)z!W{LQ
z3h&D^^i-sSCKvW(>_Kmz+%C46DY$rU52p7FEgJfp-<0e&IUC0H)#zkz<0N4?Tcdo^
zqE-pYN(oAG&wbF%?!?+-_n?}!TmrbSW<&!@z$!-%@OJnqPG=%oobzkKkB|Hj28J+v
zj<7(TQPRFGvM~P%XPN-7u-m<*Uu8;2+53t@JwNcKNVkQYVI2br@#_e0nXclw?PW(l
zmrWVMx-7%^Vh$<-{(j$;a)!P>+eb9ab2cB<9mhh5YH&_l$}jFm<}d9L83LQ}54mIx
z7>d6Bdq6Jm1)#vO7J;=R3E+=8DBL=w*!<eb9ZgwGetABGOY#7g*MsTb%Z$hRW6CBK
zyf)qpWJDl);!mw_eX4HT>hWE77>RnjD8rD;8GfA>&Y*JQ_JZO0|0sLQs5qK0d=MwN
z1^2<--4Yyv!{F}j9te=&?l6HsaCi3!!QI{6-E}AL|F?Vg!+zOws=KOt8cuapb=AH1
zdG0NzWzr_B^Nx?LXsUe%oOTG%7)hT4+0>e$i?%%KJHkCx$UI+53E^KLnBPxe+mE!W
zRiQl(5~H?})XCP_v-ElOUJ8LF;LklZRARNXvBM8S*mqbV{Q1FmZcHqZzuSDdw~Ccf
z)x?<^WAIo9Ci#hKQX`~tO_yy5gGhem<uFABheIxftkq;<yRCa3ziU%7HYOEn@1zr;
z{qn#8;6+3hcsyacP6+xBj1m4wRtrH7!N`q0U{#E~cEVq76S5_NUeU}Y*%*uMM2VR3
zA42h#_ko@ko4N*goXS8}f;@=$6b9pyKtu=F@Cyu|fnk8wFKiEF3Tl^iz{GOq`XqS-
znR<)FS|18ofN~X)IeK<I>sVQ&e)H&^{qXA+kU&wI@8Ne}K^tuf7b2_=mB?=#SaG1{
zV5jXu&+m$L`t9^n=fbu;LIa9b6nuKnJ0`wNEFEmY2mX}5o33O&w^ZDRV0QG2q56(=
zvSa6OU$n6z0mXNf4t$z41Y}E`vEO*U429-eLchBs${SVG5=(hbm%cGq<r*hzv38z>
z4KhQJ1ml4g6W<m3Wh}zwO4KyBp`pVw9Rbk7oa{G6Z(yY4YplQl=Q^kL3X&#t(*V6)
zqil{*p;KD2=vDD}<q#3qi4=&i4iYg(F^st^4Q9fw1Y|s;z;2t)S56m9kgyxAZl2EY
z=j`(UA2yjP9fu{pqt-^Vl<A$e*+O!-guDSEr?hEoGKF1XF$YEdS21J<@?D!{;x++V
z+SBgSW(6H;OY;a5bpSephsAVyyo6X1^jAEu15*T=^Y?J`Fzoeb)rVO^qg*OZ%b?hS
z^xY5=wuY#`zb#XdT6CNjC<vH6<lM+<$ZRXu>I99=MzBdYf5HoPcWC+c2*-UMV#GvW
zwB%*rQrvgA78^_NvZ*NGe1XQ$<+-(n&&^Y^t+g?O)<_1~k**O?E}@bxnR;@zw;jJ%
zE7|2qTjC!rhWN674domo$YPIbobaAq@a&le3(Q)7)MPchJtm+TBXqq(=GFXYS}_>F
zTtypD{sNWxTGQDlWBVgKP!F<ZJ3$7C&?iaxcDc<o_S-@wN!#%7z`st07lM*U%=Fv(
z;7#)5FZU)?A7Y(HKT!9ggut^Ru;Rd`MFo|aI?GCaTIJc3TR_~1d~kXApilNg!!e~t
zEY0+~S*DtadG0a6<+&Ur3zV0pIkd=D;_z9K3YIbzgYf2NulAS7!_Zd-Ipa(J%2{a2
z`OVmqd3h@HH>4WeNlBF|y=iL!jA`TCrT{hTUl@^zPDKCS#PSQg7PUv0o5XRbIa*pX
z!XYG@c!IZ5snXnNZoj4HRZ7s5N#HKenpi`yhu7c|CI&-h_B;*zwrs|LF>8)-?Hpsg
zrwY81W!A3U{?DBE^wW=pS8Xn{olRI0=PCDwY>FRoR1+kWP3dBOU8ufijkQ^g#P6#I
z36O@K@(4ux%9wke*rb7sPq(ls$pp3@4gPuu^g5Kd<j^YSGJd(f)~BoSxH}=5&ZqL-
z+C8akbk~j1r6x^r1G)0*vlazxfd_^R10nkiqH);v%NfiW@>&W1^7UgludoCaN$hsa
znta^%;%fs7l(DCgj+rwMvZN9Y8}EHDzg4Uo74Ap1azYr4ZN}xy?7f-RFQe^ETih(K
zUt>D&Ff4*u%@J%*pdL1jA1Y52*ObI#qm)iBB2>_9AwbfRnUj-V&7et@LWsMb0nqe@
zSJWvOe_VZak^I_rwWbI?sReuJeW&qKdm@+Yq?ab-(4|iPqrW0{m|626_3K2l98m|9
zR`LL>K8n5s;MRah7V2Ep5WKxGpB<IhqQJ|d$GfYL5vjF^?U-Oa%t>!W^zmte7luQ5
zOtQKC(sIWU2KgD!rUAu_4*|lzv6JIsdf!@=YjXuvus?49$-rMm!-7~En6npvyRf|H
zM-4F=C|J-!Fp~L#5g!&HOEQoGuptYX+32yLtso0^r=lcyuPeG!SDa)Fu%+*58Q<Lr
z>tl)A=cl?(o$`{~N%G?P19vX~YQ4PnDmRVKwp{*t&=USpye?AZyN;abVmWR6XynzP
zB{0ZdQF^FhXmvu6o{2CnihIMzM1A+kRGQOQV^2TML}{R~!p2A(bv_*-^;iF|!81v1
z5re5C|3UuWBY|{n3B>Dqc%wK6g#m<}k2K#e%>|z|!PXzyU?e{68ubwpys+4U0#q4X
z@zGYXjJCr-U)t*Zj5tqb!~$(}iTAhDCu(vJwK@JXsjkybE{F1-rJ5|3QdgWwlh}oS
zcGb|Ew0nVhSJ9%H5rmRS8Gz43onclRPR4hRxq@-TL~+j04s7dzc~S0xS;1Hcnt|Sh
zZ&&t#u6mKIfvD5iB1x384grK5NezVg)u8fG#%R!>g4zhE{Gn>OST&%J{g|8KY)<=j
zpKFxp24qS4q)><FU#Jr&I$bW8Z8Jwh%TdSsiaqjl^QGEXLBQ|)Z5TztOMl|Q@#4J-
zVLayQZ)i4;X|pFU@NrD&y#4y%d=_IKO3bDqoybMYY;87u<wU?rvQ+=$@V9PTgWau4
zw*4XYZSBmU(NDBJ26xS)B9G5C$TDXOk(ghDrUCumHHm1UxWpndzaH<7|BBqZl{<K)
zR@*P(mU{_iJg56J8Tku+_~j52z2KX;Ixf5YRFQD=<bBfAH09W`giJwU-qgfqIBMh@
zAfnUS+N|g=BP3FoGNAA;1Tp{`?JKkLkPe0PDqAo;l}y2T8%5LxmUMtSEJ3Bq>ORm;
zjH-Cm3EF|DJuo*gMDawq?SXlaX3o?ORPTYwq{Z7nt$~_{^`y9!7(!Wi)tba%glT`8
z4oC8sr3g_hF4Hu*L*tL?Su0nNtdC&HQ+$|CTx3k#3Lz?ke^97HgB-Y!gA{Vm7}s(y
ze>eKRNc4g|a<{=Xinqx%$_qI(H@OnDSD9Q$bz=`4UT?nRaFP3UO1w#&`Idd1oY#=i
z<X-?4YT~I^aqk>eU~&lPm4CR*-r*BwQ(7!MM!JOIvKSvSdY4H4E=5If()5{hVWCOu
zi1S8+b4-@Oc-Ba2>{bSEv@Gdj&nTsRES5kZ4n{ifp%v_nj5e89-sPTH;J_etmYUNx
zB4#k%Z)Ed#!hvODIke#E>Q6nyoq^Z=#8%J~jWl-P_rdYUwc}7;Pn#OLsD<SyZQULU
zfzk$z*ID>fJcj@l{FMMjd_3&Vd<X+45yC&S3m|Q7p-^v=gnMDYMf8?t2786WYd>nr
z1#I-P?;_}{<_6*RnQMU*Y!T#3E;T?pU<;ZfBg+|cLY`L>+dgWK??-UXh7qpx&e@V5
zOphui{`|q3_EbHYjd^)Y-ty8ERP!5qt9uwzfAe-YxLIwa)U|MUam7U}JCA34o|uZ4
zh*5LFs$yPik0<|H^CBztTw{}xU4vqFo&*xWG39r#+&xdC+}|^j>Dd8SR;WpAx&O%2
zAkt`oY>`{42Bnuh+b@>?6#ju9ivr*wF8S%wZYM5ywhM2cl^JziCA2M&Zv04sOwCHZ
z1*O=I@%1OK^@;{jUEpZxi60kEDKk!~F#dmM;}m3IV<Zyr?z<D?51|Hmb$p7J>G787
zf|W<%-PiVA6S3bi%yBNQUj#(tB*7Mp=*}V9fkHuB@k=yYXLX*_2WpDjqFCo#ihsW$
zX1+HrU(5UOJ~S!pSgCO_P-9JA<u=>VhPeM=J<pZ{LBp>{Gd|F0362k-<X9cVrUfs{
z??9i4<lXb<D@A<JUjB`faHSD;0VQM251nZrK3!q*5U+Ly<BR6&BxRfa^v<4F;@%W0
zeNL#mFWa0a`AABu0nw&?SpPeNk%*LN2@tp3k7tW^Z=UKS1&w!QfU8h*ei~ID@;xIy
zcoRUH>PoeBlh%Z%;Un1B);q9byhp@9f~=!J*cCc1g&uMFI7LoC+b3W0EWzZ#r!FwZ
zV`k!rKw=doI6Hb2Mw5Z-sVx1%3ixmz-rOH7HXJNw7uH2y4I*;m+6Jcj7h$}}4!bf*
zZFegWz5h{5#(7E6J9Xv|KgDHZKG$=YDV+qMJ<#&BXK3b)f-W!DVa?#_wHzdWEH}_I
zsg4hweS)J9`TEoH`;7u_;;6j}r9(mhIVRx~R<}|L4_6WynHQer6bQtfZ+3M)o7*{}
zASjkZ#zh3QxGWO8<Jz;DvdsUE_u1DHA7xT#XyHZS>GoFZg?ydElyt@>RHXHC;r-}n
zSGC+%a0RfL4*3F-Zi9rjIcE!7ixAU&bRldunZNWKaJ%rCG<X|B)0Z;*-ZwrLohS=s
zk^&2&UjW*R5)x){CJ&Ebc!{D2{!s!VtKhnrQJ7dJ)pvfJw{qlwHqN}RUq}I|NC9)`
z0b(22HK_zu4_N5mq9Nf5FjFgq{XtljW5puxD2AHE4Yu{NuvtZOB2GL@nS|u;zl<~k
zU2&wjSvkA^AjZXD<V)NJVWAJw@Z#hT-;R7h+?4JR?RJQ~#zLRk_O+uI<RzMYwBEL2
zc8!*WXZh}aU{j_Y-g(2#)$KnR?x9jdco!Ax?0VxTkN&7!k_yFt`SBJSsVIA@pE&<6
z{DXH~By46^j&|TM-wk9W0{|OY*cMQ6us#WbQ~+ZG{}&FmxB>iR6jtMG?A?uL;fRfA
zXbWNXZc6g=l+;s3vsHsWCM_Qi`5yJYvIjQ5Cja4Ye@ah<wU%`X8?QYbtWKB4+!}sa
z*a~5IpCjN}_4H!-faQM@K^-5l)d`s(7NAuBmLywQr^MQ*#9nQrnu6E%`N0}ZeWIDW
z?8)y4>&T=!&pWNqs=*~dxrGENtVv0>Ler&K8z<V(t}1X5R{xknYc5tG(>DJp$2YBj
z0QDY)?eUIJ%eu<Qs$85p^$Itw*18BH<{*GXk}%w~FnG1FbYvu@l6M)CG$Y0!w|Gg*
zly4W8IElo)&Lnhu2gyh5YiziBdb{aKPe*Y5(jtD9@(R;c_;Vuhwrok=Sv44##QhUi
z?FYj`BmUMxY(Sgx(B_kzpfug)WYSY|Q1b6USWPipC&x>3tiSmv&R23v-;<p=ev_4W
zK)8?B<|MZ&qB+RUbOef(Q}xn4Jkshn?$erdS_K|M`d~(&BYHLM2DDlQ#6V4b4&9-)
zCKS7nTIzLdT_@N5L(u&$ViTS^_IPV`z&V&8aV9|!6?#p<7V;gv3@P~1!X6gCJjdVJ
zeWUenvZNK64khp3S;vS%vieiFx$go@&9~sj{^kdK>%gNPb>9fnu{amVnR@q_d$|4a
zfNQp-kf9^=2WD%8=`?PTaGOK$24FIZW9x@l9w1(2l#eV4M}mZz&?+MdewI&$F0Y)v
z1^|^~@T(inOowG31oQknpy!i|q4-~$*Sg|=LV^!MpNr(+BnYa;w$MeJRl1f}#`2OA
z_OGC<Ox2K%z+};@o&~$G5A&zP&e(~R*>-#uNVhY#g_QiG!_AZzD2Geq3yuzUw11J-
zmLuzMVP(X`_daxske9H6kLaxFQf%%F7@^3pL};N56za|qh1GH^sR}*Z8MN$@jSP5F
z%U;vm8i=dUkVXcp?q>))X?y0s28QvhRd3oRSPAOxK#S#<pMD!Co`Fn6(~{5in^p;)
z0y0h<v3H#Rue21qW=e9}K-$sEzeMaQ9^>YI#^G3ia`<94Vu=#`B@VtZiD{fqFEu(L
zM{Olb?*06&s>y09o>e3kcmEW0qcEGuArDs(<bHruIY3F(H{TPrO@+dBSP8ljV233e
zLASA6wMc#Wuzh7#&k1i>bm+YLA(HoM8daxyzx%rY{!kdsscMe#6V??1O_-y=beE`E
zpmG_(CjeQ$zuCBv7e!2$)(goJhDcn7)aR+9T5nf!MdVO-QpnUeH67~cmP&~muOW&x
zqUtmPNQO;BqUsOEQXDcNEt%ZXB3$&_ZeaJj!%q;)le-@&j?VY?@cu09$jf3EiV7O{
zG>_#2hOCfg$?aQCVV;yJ9Ys;`-Bk@gE6)Qn5cM@6wvMY?Fao7ogS+dOZd;lmDBhXW
zPT_@Q8b_ldDrD?4gLzhrc>Y$yt1IJcRnWWYQf=}@Cw5C<%0~on>#?dQ9f?}aJN;L^
zi%DYv{6&02Ur9(qtj?#gS459P&j}MXdnc730bs@u!ev=hgQ4chW4Z=HE1X2cy-sL^
zH31L{`Yf<<jtQsTw@*`Ru~in>G_Y`FxG=}OF-YZp7FoknW<N@gb4A!US6=I(h*f77
zU9pI=yacaZAWv3oy7Vcn)*~`pJ+#8rRNPgGqiv7Ctc}&)p3k^|v85}Kqfw7gNUle2
zZb6s2t1NwW-6Hzb(x?#`N8R43f@3J+tU_+ir{3iq?)$8PNL|gd3<<U4Z_x$gTO+6M
zXfnQY)dDXT6RjzPF=#7_M{N~L1J@0zxH28Oo^rb)+`pk?r<$Sp6`4N)zvkp|XxxZ)
z&u$c}j!8*xOF!mEYvql=WC9`Ws}|$PpazVa$jS)zfKH3IrCx_#CXWy!`a1`0k&eP&
zD!E2)R#s+jKm+*g2+2F-fL=*8vmMnHI$#c(p*W64%an?Lc6a+xM!jY00Vgy2QAqo+
zf_-R+(yi=I)f(r7#lPA~6UXOqB;IoG&2#m68Z0b0f(2-fvdyATHTyKh#DxImH4U=g
zLi=9E+54{YI21A~O~%n@;D%cUtXHhL@3*SCEj_fx?N8ohWN8fZVmmEwjjAHiWLn2A
zM0~j&xtE+0(EMbNF#hi*5V>c&##&?-%}s_mV@N>szDWR+5`uJnv?1nQvbhM^Q%tOj
z4U^VWs?FC=hAFwlP;2Ea3x@1|uc@vh@DNFK1$n!y%&$XP68tO71EBUi#Nn0gG6IZ6
zA}WR7)?Vo_UT$IDD8=5@BHXVXY9X?4BdfkMfdF{0Sj1$FdGSD1e$Ac}4xEtkNO2xT
zm|2C7wJ2#(pYb<>u+d1^IS$k~wAJx2$~j_MAaST*1KZ?h8tlA}!=b_IrqGa@96UlT
z&pLv6XpX|v*Z$T!uxy56qd5|M%fevrkafhtiG5RuXbtGouxl!vi<|s-!%?W)#&&qj
z0+yg@^&ikUW&u_l4{a?Um$#vLcC0n7cJ#J<jdHoi+dr%L()yfvdPX|7x=-MBesQ)|
zzuIBe_Dr&W<`&&H?s6vTCFhmhB;*iuTtCkBtFgMTb=kU2uX@!#%kAE$Z*^b5E89v-
z(AnvpYDE_TeWkqRK|XA#FL^frZ{cT$+uq7<_G$b>^4_buo#1#y^&f@hKO?6ER5~|T
zbk=V~W^baSI_%_JG4BA!;=Enh4aQN$vhqh@<KrX$UYbtm*Pl{gwnQm5UA)_CyxAUA
zr+4DVYW=xy+9h!M{|4$)*zGK~T9G8&#~>*(HQ<a2)G@>Y@DpMexJ-y*nb}z2OK~~l
zW9b(j<4AKE*(PyIF-xf@D(5C~3r1X!Etl?NN?T0|Bu6B-{Mw|dw9*-;mL{eU18?YL
z!?_`1OZHWoI?_(*Z)9<y7ERr}dPE?pd@}qA72d``*cTqS;)8<Ha|_PvOX<A~`*xvd
zS5_~zwlj&Vv-z-OuRt@5l5gnzub2)Na?Og&;McI5YKmF4its?vSqR{u2!J_bR7JR;
zkH;@j2f%3hKZskQ-Td~GgYShW(aH^Sp;Fq%jhIP}j1sbta)PR^(jAY|$oZ*6Mfh2O
z4$zPneuj>NuhqK?5&QLA2%GISY6FSolb4Ni6Ah|~Rq(2dAhIM+De71ZC*?pXCJCeI
zT|Clf%@7Jj1EP5G_%^@kgQvt<qpQX?1J8g#x7UKGLpGnvE_aSs8jR)wNdr9vl~xUv
z*a&a?hNzd_A5#v91;&U4#Li*bLeeTbv&4xNLmT2uI4O>_jPT$tVD4F$MebBZuB&3m
z@8_Sh8ptaep&z(4>m(YmmZGwb3$J8EC8vol2+&poamaJqSTv<j({VQgvZo@?p~}yw
zur@H!>LfJV5qZ(PzGT5qDuvV&QX&8H3pC%CSkj5e0o}w>iix4*zN);(>wKi<Bj+6Z
z{%PV$<%0RcR7lwOR+LcvLso){bax3?<BuWSx|lnb%Sd9#fH+6$ntE|?qmA<#ujwxN
z=BHe(hIsv|&9rfe@49MZ?tNGS3(Gj7fnlgkbhYu>BIYC?f;Mh)v=PO5#pv-P$@4>U
zgYU&;r+){h%zTBKTm+2C4~#sMn~%%;v1==}r|4vl@F-ZqjzR1L|1>goMn4{8+~JR*
z7PMSlL{fXIbNf1ZnGa=?jGwhkv9ltZ@wFLJ78N-_EvuGE_*bA$Nrqo6Vdlz^j2}|q
zsfi-ynK!v3_9mp|>Ma(NBC;IH&~9S~#HTSMpk&~Er>nhHg=aN{XyKE3esQA$^{4f3
ze>k`gG&$L#n&ITyK!Y$+PPS3{rGt<r+c7m+EI|)b0b#i3j{Mb9xunB4j&B5MT{Na}
zjn<+U)unIvMmnEN^;4F39MiY2?SHi9+I@ZaSzc*Z>I3D-po;Fi|8vbPUS4aGfeERs
z6aw*iM5aUAS2E7x6Bnd9)?!vWvpDWW51m-1kGweKB_Ud@Q;!D5%x|Gm(r=u6E+A#c
zoru*y1L^#=-Wt_Uks=e8<wGP#CBk%|MP8ubf=swG4OIV-G-(_s%WU(JL{Q*x&4?s4
zRX(Zn$>&)_Y!q1q9H*bEJ$gEHgul#bjE$I?RKbc<=nEu}|BHwvM4-6o#jPbq(cgkG
zLF$Zj9zfx&PQY-5R84CLn*dKjuXqNXHwgR*_ef2kIO%0`Y)-klgKtc^fv=Va!77n4
z6MjO_kR!ycN_b<<(C_gkBd#erRFWkB<!+LhW+RdKEXufvw*+;yL*@U_J4=fc9VSVA
zlaa{IL19$}#CUn#2-#*M!iBD+5-I>p76k7Gs?osA^;SxzH<Z-3WJK#!avqamopV^W
z43%>OO@DGQwPItC$MZSRe+aAyqM(?CsPdgqSS2O^7$uFq7`&0vB8nNVe@~+WJlX%{
zlmK)N%ibu>C`Rh#?(`I(<t=ti8V6I^2oc>DznLa)s!l^`e5Gz*Ije;xG1f9cU2C!q
zL@ezqujayZaGlTN`Wz$G?MQP3L!y}Mh(}+eY~cm%mQUTEe2_|?P-_JpmO{@rl1!jU
zczWJ4|7|#43$YHp!jO8!<)E`N_-m{oqneB)T>E*CD#q@+D(=RcjC4{NcZXC@6M>>5
zs*Ic#p7WQ8b{1)W&64$^_UGuQVn^=Rvgo?5wbZnA(i>-VV;+%mxCb~9ctq{{^h)Fs
zX#h;4nC4KSNXdiP?2(@4ngY@Hzq(7cSMuvA!x{rIH^>&K#(!al_`rRL?$7bM5S36K
zV%9~#g7!*=ID<WW%8V3fXJlg<bOt{~f*m|SwzL3anO-Swpyq_X<G;%BVAmu}eiTWv
z$Zw1&gQztvWvwl;EI3%sR1lBGu<*bzt?fJLbe>9Nmwv)JeT#o^EWy8=7psY|ZcEDU
zj`39Mzpg%()VCTLVyr_C_Xelqikw#see+7xq(oGJ7mwB8nME^}2n_$v3T>tZ7!lO8
zZ0Y~k-(`_Ug^?V?KuaE+8qmM~R-X!0io`QE60H87@?S^8h0BgYT;K#qzZPk63eoG5
z{`)h#@NkL$@}J?;(K-dn%zx_zfsi?zhgAD)NP`XQD<OI9P?!rKmP^z;1>=jPzNz1b
zWAbzlCL0EX1%)Uf@EpMxj$~~q6cuoo+~8k@2)|5KGK(=+&=&!1MU-LN;m>hy?DnHs
z^6m4K)Ax;KHbD3V#VA2=C)gCJgc1M~D~PXdBr&W8R!)-2ww!5`?~sv<Q$6ofSyvdI
zvK)RUF^>Du@gSy2AWa>`GjCNK_r%_{YcXGh#uGbm&mQZ=vS15nyej+Fi(7toDP$8x
zeo@#;nhyK&an%sc9%;o;vJ?U(b<mtkWXbiOYY+}wewZSU?yz@E%}zRD)Cz?<)6Y4^
zLb|VntCTT6BEy1KuAI=_ly^>#tHEIypKDB>y!s@r9N`-H*TT0&wgS?d5X`c)MR<;q
zc44M;$U~1MLwM|e>@&g)dA}BTO^?#Vx<GiEA$)?e+M!ZhKqb4TMG8<a-+Y*pn|!^e
zQb}4dP3@Xb@`YGJQM_GrNPkLJ)6Az_2)uojdgB+#J4~am4v{XT8J%w_)l+6#p~_$@
zP)e3+wJV~^byaDbnWB*@IZZOcAv~63#B%g{wtU;-Av;uwFKmm(hq+U!2K8I}E|<fc
zm)Fe?7NCcan_vT-E$G?3pv^Wa{kG<4`bQ_ZEV!p}xfG;oU7KUXaw=FTy$JXPQfnpI
zTL^6ilLEjaDGw#1?h*!Eqnp2DK-B)?fLfiT{VQ6z@~R{(T;yMF!;R}3pI?8gv-|`N
zCbInvF;LrDm5(zXKZh^$YiC=OkN4I2ODwLz%W~W{r+aezcV;LHjo=@tPdW%gHaX0x
zttXDxb<eV!Tvdn~b7N`Eh%oX>W;q^8)eCHuNQj$~`$p<v21bH#sFdh#&w~GB;3aZA
z|Js>VkAuzB$bFNO?kJlX$8pK}H(uW3iicmQzW8UUXIsqd3*2tD$;2eiO6NG$iJyaV
z*bIZs<I@#W32KygXto0KP~^eW;8`j)s|aiwGWqUxY^)1<6@Xg*Bu(W|_Iw0FGuH8w
zr+V#LJ`9u>EIdU6ME`$H{Q27=qmir;G@@^|95ZP4J~+DLxHO5dQUcim2nl0m?s^{2
z$nevVq46<siH%3UAY$_aw1|+}aM1FxYyo+`y3rhAoT+F25sZ~WysZ!W-cX$QgoNHH
zMBYwbx5)HJsjC}Wd|}>BEn6wo@Z4o0MAYvK^3zA;99m-D=)_)Kv?3W`L_9bd`sLFX
zRPOp)chRHhrwhd}zcXDWEa}kF8G0F(uTV7Xs)E~fAt7QbD0H^~k`W@7_c{UUFR3NB
z#p5RRNI2k_@KaJGs*9vc2y1yT7IEaWT}lhZsr8U4jgmbRfAO}_iVEf4*UJ(2AI{)!
z6bdGbHrr%E_S4FjRV?mTL-@Ol@UcTatP_g3(qzcj{}7j26DBUcf?#~(QG=RRl*9^L
zk2U}UF_gF;M;GbzO$R~t5P{b&QgU3YG<!LzeR1z`7#l7wfN;3*a1JbZCz_f+vDF3b
z;YTH@O_#nl_e&n`ub}UYEr$>JBeooVt{3`?J(lzVAqyCWuF2ojVR1-M?SZ-=h+t0&
zd+C9?B#7WZ`lB)SPkahJann~Iw=c9;X~$$v9>z~gv_Ivxw<jZ*#xcGpmP0z}X%Wvo
zcJaJx8ja|iH93~pi%RGqrBD%4ht52FvW9^8E9kfh^y<TccbkBSkh^LS`-{7z<(fBk
zwd^uS*0YNwLYBIL<;Gt6YxKoukDk`X3(7iq(}Z*v&mm-YTJ#8p!v))55I=QW{!Jn`
zK>(9v?V0C5xzu<gMgYHfl_K&lH|G}rY}Rj3HUaF2&4dfk;zu{OgP&1s$qGr+!zzBY
zcN69HS<HOgDm#SH*UDW!j{eCiJ?hX_yB9;cikz@Q{-J_7p)Ypq!)aj*ffRL58OtW2
z&GAC4gRjIH$CgtvkCN|<Wp<xczu%Rw7W#RS`#tJKykjdFQCi&<m18sR7d?tV(jXSh
zd`?L?zpN#WjgK{j(TaFJ0NFzH#5C6w$KO`a=M1XvB7L*vt|^U7Ps;>ab<t(7jb)4b
zG5%;WH_BX<mV{c*RF=v4hqeyi`}~aK&c?Rw8D{IfAnv=AZ<6Vha(Idoxgnl*_Uj_x
zOKL(+$MfrSN7p*5DVLeQW+p)05k!SfK8AG{>)#45%2g3d@YKu657SaE88upf#fxT2
zLd*=qFD@kGG(55QfQTh2Fq0%Fjvxv3IUTd7gdgvGUgE;SauGo0Z&YU8BHHC5M=SSQ
z^bKBz4AO;UM5t1<*Wn<VSi6B-N4xh2XSxe{w|viIn*zGcZyQ1>vbW#3Z>|=c+G_t4
zULvR#oZilAB{x3vxihFy4TTEV1H~$E^vrFAC`5b(truI8IaqtRWl;aH)*27ggRvwE
zpSHGM4yRO+3@wtMio89hM*L3|wV&s{Xd_<2tWse^$J(Cfg@!d8y}tbjbeL~g#fjkK
zCcH3bVOiU`-1GIg@~K|qM>QBh%KVl&lHwdKiGw{?>hu@YlA1Z*TE1HyyCB-B5w{|~
zIzv(dTPf)SrqK%160%>MH68Yys8pKoL*?(Mo^|6t4+{D3l(=P57)z%%n5Q-%$zf?6
zCOpfgn$Mn*sP*jiS-V8hl>sNr6daOO+=!BTmp<0a8XZ1$zW!v`_fEl{`Z7DGj!8`h
zL(8wf<x`jZB+#lIOy((hGnPBQcny#X6%R~a08A`qWwr^7YXx9W9J0rMy^s1U#a#Z2
zkN}(clqm|J0xp+?2j2doP-5+D57clg$|7YT5n&pW#n$vZl+2IKj!SQCE#O$&pAfC=
z{CkGs9`^ObpH(ABv?2Z7)4cIW$^Rwnt63$hl&wHnYKC*w9^NnQ`08Jhfl*Bmdwgkt
z5*D;p*7QHS$fb67<GxKVi^=`9uVKD0M015myQ)&RVdLK|XGjtx2I%<(g!l#E!t@9K
zq=e%oa>~$$RrNfs7X)E=-(1_0qIp00<TBK~hwwsuX@6wX&;)06$#8ENYE43kq*-Up
z+6oJ?lfg_sli<>BKDaFrE!rZJZOQPQK#z$i3+$IaHJrsH3&n2tw@MmKZX+tNY@&+`
zmiF4pZwaulyJ;GqEd;fgc@+r-(lr%V<CJl&atNs>Sb7x*d1|$qc@~%|wNXKCCB8!&
zGmUtyWwT>Qhxq8AT-W06eHI$|;hB!O9pb}on2vbLj?ss5ZQKrdfF&$M_SMljoF4!E
zw)edvGZYbyz*Vy8-Ux0tiL=9cU=$k0wGKzZ(NlGR5TBb(DJEzPOJEw>f&L7*tu@BI
z47o6s*-<bfP2f5;hj?(BV?F3mCWic(Xc!YI;g>r3`C#7{7>v7H3~=yVh^G4fhYa{y
zv-lGb$>}CaKg9lUFDg^(Vg_a%8kq!rMN9A}ww|p$!HKrWrWpPfXa2<~zDy_0e6{lM
z4_z{%-cMA6toEm#@2eoOnriyXSlXya?(-BXVM}RVf7f8E)}0UIH^uw{MCbzDT(2&W
z8{3c@p`g#hWB3_Mh9sFf5Wj9r9Md_uu50VoHc#m8m~|=UP%T59Pqs<5{QEj@I;Swf
z%gMXS5S7t3td@GL&aV;jl*rIkhZbJ^Qd+>YDd5mbCvZmvjgt^e6-Cm56}0M>CqCR8
zU_c-1VOb#_Tk7!I@tfp!`3Pax!LfRcl8=epwE@7jW67nmOY8vcTKD<Wx50EjDr(yG
z4-tcW;-*(I@&DhKp!xE25^Yj3E3cPKLL`};5ej~Q)zf)+rU>4SLKSI3UH|ug#gm#q
z5Z<vx$-ia?O61_IQabu$fBnkNo6&ZH%M!{qDb=`;r6*cYy+l$l*ycd*Ug*GsaCqR;
zGD|dd>LY;Eo1|fG<gFsJvw4tm#&3s~WZ;_ZFGm!Fkd9qN4*A?du5VZjB4_w!k%dtB
z$thx&GoZrQ%5b~4u3O#vJ5$B{d?>Rf$q4-~u3*%D7^&<*v%-g;Hcldz|KEv?EtqYs
zD4JdfU`4bUo(XY_buILT44GB?E<!$%xOO448nz2fCz5#G+-r<L8Fx?Qi*FkZ@ArSj
zL{teMRN&NRZ={gGtx#ADpVz6N72q8)DS5;t!8K4WBM(Y4Cld+;<OR;bZI1AL+c4Xu
z;7rvuE?V|VWCc?HzCY+e{UKlr@eLPBXAq`0zJ~~kw?dVyn5F(WXQh?Ed|mXh&L@bR
z+?B<f(p{<8SIY`XWB;9J<zdM&C5{CB5mBojP4qcBI&b8;o*y~JK+*y`^%FK2U;~<`
z++S>F32)$^D>KVA&(Sg!!&1}T3buu0he(h2rEKp%Kr;%YlHTxBe;;fV+5xuHpkubE
zA_%I=#Y4fomE#1kWqxUOu!}4`lIPj5fSOMZ_kkf*R#v7@d`;KIRxYUgz%y0&_x#6K
z-sfU5-nJbkr(G5TAF{HR-!Jed9g2E1*y!tX{X+TZ@8Rf(a^CN8Fh80USo|aKYOpH<
z<RG>)p7QX(=f6REC!8J^@&_t<_TLGc)h0aA&~P57LDyIFt76C^W&828GLBmOIryKC
z@Y54>4gj$sLfn63`K5AzpI_$PJ18~*y|`E_zdrypL2d3X6r0!)n$#=aLE>ziQ&IV<
z-HO-_U%X{=sgTZ-4ivg)KCH4QRL4r9VQ2Y;tfW>y)7Zvf`{v1O#8>aH)2n6&Q&AHo
zUEHjzmL;$qkv$qk(3q?ao2LbrQ7^?if7jhe4tAr~^(!zJ>Sg~)9}6%_O}W4wUc|Zz
z0Co#rb(zedBcawih<<y7K}nXkQJ+nlTrxV)`IM_l=t~@W#~|T!PuTdZWAfU`D!EmW
z#-7>fn@q3FH^Yi5rzc}HcaWFr)U>$_9dRQ2HT3ffAD6Ju4zCRm@BMYT`gj(HF0;`?
z$W)@q@NS}E^MhL5ON|--R%4CgHe1R$oJ?l$!;ZKOp1KAI;IS6LK3rJC`t-h&&U;l=
z!Ql`W+LC-z>B+wpue<r>&t{D{HU2xjJIrarV&3KACaIprP(nix!ZHievvu`qnh2lN
zUtmM<?K`cwOogi8dcK_lvAtRziGP?3;Jfd&qcd*_=HT=NX#}2*M!#&b2W?b?<59>4
zTnc7ai^|X5MxA&(qj38=T9*1)4%Nm9KR)I%w=4wn8T;F=hy$2CxD3o}L;6uu7B0HI
z;0HRC0v#+mc|hU#p7ylW=B_pA8$q?Db%NDLG^wlTNQF_vd|6WZysJX^97J**oLo{G
z9v2c^)4TN{i|#I<R^Huik4OnoK%SR6pM~oETZO3;dXHsYg_SDf+KZP<B==%XlPLOb
zcd?0nMICg1$^dL8$vhiO{7)*thAG6R(M3lS$OPdK{rVq|17eMG3G_~Y(kSa*v1Ni1
zV1;7E2_(UX(t;0cABC<=SmWu_)ADJP=@I$69KX~DUw21H21cNJ;cU@{=ZB`Kms&4L
z;A1%(;>i{HvMIsmp_IvV>YqXCQs7WawJtkN7snr4oEJ+7PO!4(QtYm=f_aYM<bfzu
zy;fTdT*XH3^ry`72PJAKWO-}ABf1Fw!D5U63c_*`;3ov<qM*BCniabV1998a#RXX8
z8O7pS1Mnh(LJ$t}@soamllGw-w2^-*C#<qqnU%CHh!eI_gqTjPv|siP1NfN`EP@QT
z@u$wWCtmQ0rxiWz;;jna)6Bf|(k$}B!WGA_@R^f-)A^v&Ks%ug7xd<6ShD@VVgCOW
zxpsxjWf6NTmG*2X_Eq)o`{fNs)KzObN~oxEj58&1IP@bX400Lb&oV27_^`T218d8R
z3Be^9^{Rl)6U9}6{4vKqM@N<U%G&0@RlbsWPp*G8&ftXYEU-WjMK+f{3g*lvxC`_2
zv0@OG&meCbfH|7qRSYuH+J#zs@emZJFd42w6l_v(ct<$hk!yY?rs!;ZfXwR8U04f&
zDJ2QgOLfW4?Wz!K``hJ1td1ju8ziq`ZNB1~qSrQ50ka=iMnV8Y|0w;RCMiCXlXgEI
zxJoM}Y#-^Q4lXs)bV#ZYSk`o$N&cZ#R$upN^2ZrWFOqI3JzyH!(U4wN$#|M<Nbj3O
zm#k!@!cYe7FC4|Pu>y8`8VZA&k<pC3Q2ku#U`DI3|0N|-8VMr&k%f1UrOm}A1!9fU
zLvk#%W@V7j2e)}SxaL_|fuQ?v&v51Myf#9LiiOudEIl6fn<@fPm!M6Q^zoy&m?W>*
zUrsSbQ#nBV`H6Wn3NNXgJh08Bk`jT(<QOYXNhPc68W2r<9TgRd)8je`(uXf{5SS~<
z_md6%*(K&O7QVAwL_19%mX?585y|BdfsFpH><`x-J7W@;6sqad$PdkPl{g7YFQig%
z!VkZ|Pj_A;6UqF<swao<>+bgVQ?WLz9rrPgS~`N}%iKNa1+MI?A26=ziT4DNxo}iy
z-8sJZ5K@2RVkaix#oY(|rFfLhHkodj;Xc;4)zv)8aZZ<(MqN~e#HQmkm!VPO>3waY
z5gTuxR-pPiT(oohr$}~B&hLp~36#d>B4C&EmF-;{VS8GBhS`KKqK`V0cCtNKhPsu_
zq%|cn4I&OdV;8<fV9$P85YP2Q!k2S5>i!uZU-#xDH|O-{yf9>umoS@m$v45dDW==)
zV%gQ`stK3nT1NmmKr@1NSL=6?kZjOuW**rNdD7Wged3wJ;h#k@n#G9vimU7dRPUSY
zGDoQ9JHp(8<x$#n8Jrc0$%J4!>eA%SrZR$^XX;G4$ykVc@KMUBk8H!m%fNYhjHnUK
z_Co0vXg%4beICn~WYi>4f)mqB*Ew+hjgV9==^|M&T(RJ)b@;9o#W3!THw8mjk^6za
z%J1ZRTue3%Q@+zPX%1cTcP9@*llHQNTYb8BLo6da54P|kJc{PWahItR_)81bw!oWW
zkja!a=@DXG%x~(toMP0w)eN#l>&qr_YQFQ}HDN-YCCw1o*nX=zu8hU3+^Bjza`m0g
zNrAj5?nV2ATTbEAkA*)k0E)bNJ3sB6p0i`r^9N%&UNbicyyA2nVKv`68R4s+?r%Mi
z)m9;_6Ew^OTT&HC@EtT{G_^XLAeJV>vTk$)lpuJ2T7}jUn0R=u_ZZ>dU_>l@KCD&m
z9t;ArFb@ZjwAm^|W=%BDGfYl|a_hZ(EAggIc(%k~bq@OqiMM8tamJxI_*H@4=iSKm
z#$SST(!pN{f$u0)1JGhpC*dTwcyi%&`~U^L{QKz}o2}<fF3&OCZ-?25=Xn$92!5Sb
zj1qr<On4{?d=-`B1^P1^SvzLb82-g<D!dc}Gr=)NW*&RAbFh^zW({dCg2lkhc{n9K
z9Z$^<^5+Vb)2YP90J$iH4NnULJZD*t{rMup(7}c-WgnC48d_LU^-2gS!DwcvECuO2
zD%neX%SI7F_+F~v33g>_Si;n37-eOt3@dG?VK=A<N!fgBW*R`129oeegpS*37_rli
zyTfr&np@oplwOICa4-n(IScg6p}b5`lH4+<cxl%LXzG0uBA8nGtnnIa$7%feHsQ^*
z`WtCN0EX>-mNabT36NW3J4@5-tMsfOATF|EG)$|U>dLYM&&IL=&w<N!wu_zXsLFfM
zeCDHDZz5-w_pbDtr`ZNQP|+da_apt~AbBw!_v2LrrMsl(j*;ACS8hAsyNc#Bx$X1h
zd!7FE3mf%ug136oYO<M&TdX<wT3|F42wIp8FIMlMLNa@}<x=Lng=**cjg`PZ9d6ZE
zeS|YAPtRr4jI|WOsxH)ljWOIcyHzRsPcb>uc|RBXb~kt<6vw(TUp3f8j-~FV^jMx$
z`Sp%Oc8#qLec4SFZ+m`IzrNRnNvt%hiwm>jN13l>S#P-djYJPi;;h8U1sjL9z2}=K
z4?^()K=BU#9&Y)do^Yca`xcfp5)AzrBuKke;{vDH$vmT*d;_ZqFNz)c4{nNPOBjl4
z8`P-MG>r(j;<?P#Z{|8YQPAy_QBh!O;Y(s2$={qUr3}Nd3Vq4FJcYSQwgz);9fza-
z<KLxkc$REvPU1uWrQOBJt&*3euR1c0m`q{^pzn%_K~?B%Hw2V!lIWIGHocjI#TQ|C
z<*k1f`|GXs)8+8rxs)Xg8KgTNVBv&(J<KhqWXTV&RurBFJ{an*;Bp<d*_19Y_G_Ta
zwc#)i+xy2aZ%XwlA<c&MrgcA6_r^|^K1c71k|sdg7x6(i5wjtroqHuSJUJUxu09Z~
z31F3Q{2!jnX`%dDc*y2@&h_uWq$53xD)J6toAj)YMq<8%NC%goOCAeCMY_yF9Hr?&
zcy14lpGpFXMVW=uX@8%~G4Es8YG``1HA*mQcqWd=pq*%W42PbMOy1*F3t|t9YL4o<
zG_<mk_Ex>DUEwS9n(|?JC+26M`VTAi!UuEj44pP`ea}TYZ<{M7A)Zf%hV2PN%GP{k
zS13_^VUHxLfkQ0V4uqQ2y=87l)Ugq1wVii52i&$)3~$ZKx2<wpibTMjYs(4@x{oKm
zC<2Gv7Jg}!3M2VW<N03E%2#ri<(D414136Z!^>@n1Wo7Y&t}wcB65sBhy{TJ4fEMe
zA?UyGGFG1sIXZ82DHA<5rS7!XLq-jZKhvx`uUybKI3X1!(<AcZds_&qT_@vLOLrIu
zA!-L0Kmd6RENDasG^PDvN2;_Vbq^Mas{w-Tvr3IXv5I+48q19zCD%Fr!ljQxNiKtt
zQoU?0ZdT9`7Gh+@$4!ff?3d~Vs^&m6uuf8^hM&wE)E#PH6Op7-ZFm-aj(?pz>e7np
z;Aa0r1OE(^8oSS6C;a;np!4Z7+bcr3uL7h3Xjsri5J!kqa+FoYi2L)x%S2b18#Z}w
z$<wO=YsWVzC*I~OQ;Zglv`?)GOZeaU6aZkC4q58XLh%5v+msL+knUuO>`V!Jn?JTM
zH4I6`EQ;ijU4!;L`Z&$dG-xSAhe4+R05xxSJE%x|#$YIRRH+G!KzWGhuP-ldbvhI;
zGpyA3@_qqX5{S=2N%3|T4j=6A9)~ifIxjDjMiUm6U0AO6$)tvFv;|flDjM|+d1HVj
zS5O!bny<Hh0mi26FBL;D<?UoW$;JWVZM$p*1O#|5#HfUJgu4Rp$QZ$7a)}~(DoGwK
z-ym^=H^W%@`zchYhIG7okdyo2hk!x3#oqcF`m~H$q_}BOk;9U`+qqk%#VQ}#hnrGQ
z(l3KP$?TkSd>-Jeph4j;_Z!CGav3ab9>H>nMH1J9H!*~#6dQ-59OjNGU*$F(gWH~p
zA>Gw^_eatznS)ZjezUgVg^hlZRaW`d+$aSAi$I$0ZSTj^rx;~?bf$n+38eAlV)E+y
zoQs?t`OkPEUAO=cAv!4~p{JSOUC7+9-PNnX^9>AS!xdi+5@VSSG*?-VDX(b3)3hPz
zGsp|x((b~Ol;*gobSDsru&HffxoUU+H=Z8Dv+zsmWLOE9;cUYUWt+_4hqhsMOF!A1
zgZ}q^!mMztI56YrLBs#4@&@H0=FlE&bqa0+o}7l3pw@AiERkFsov)S7-LN*QxE&O1
zRGXO)4qOI?o&P%&P*Wl)Iar+<M!$5j7H~-l<YTMstgU8M&tUXIxcD?4<7=&Q8;|%h
zLq$}jMf+6jfKUChM1@tx-;ZUgfQ?>U87HqLmd)k$vFw~*T;WSMqfWam?tX4Fj_G1b
zhmD3#h%8wMMhNOxA<<`XSUSsgohM9|4Z?~fDD~MVieQbOqKC-*m68JB!B2+yozgzg
z#0L&}fiXeziM+a1RU^>fve#UZn{fxCW|sa>8zk=a%Q2~t;nQouN9Jz1sJZ|(=;6rl
zVbYL-tir&%;v1Zl7p!yQwRO>HI)wt})Bm!wx<EVfmKCsom7m!n)}y?RdDGOEC-J)a
zU4Mqag0zc-yO1ngI2-)4P6EM8wWxFKzzjiy6j(=u?`SjLum$<SOAy0psv@TW%~0zJ
z6qiiEpFv}idgOaaMN^hN4ytntMa?8lRH2AM(R5*r)O(Zd0Sj3Edv(^(f3MChDm14(
zL3jU?ZfeLDjCM=8LkX@Z3;H8dxTeyBx*@s?FN_MAHFW#~13pyWeul_AUb7+RJAa!J
zxGN~B^>dUptJphRhMGhGXB@H3LkZg$^ni^;!~^T>U^I*=bK~ZWk6uE_O=Uf>E1CeW
z<;cMTTS1g&AK<Ea+dX8fp1Aynr;fDK(lHpa0}w_u!6PWa+DFB#QTr_5b#2(v;(27a
zd9JtFbD+g@;QuK=%KxPY*Gx@e8j+Tw%;EJk-D7eU05}v;<z+@6CW2-QI26iXxn%iG
zuA2wjL)Hu*m@%9;+5o{zd64XE{^nN<*@NcBB-Hd{bbehdh<#+>s+gW%RCQ_7YWP})
zeXnU9Hb7meuG(y1C0Qm53)uzCI9vL-&eWHfLyF>6T~|}ZiK=+*ha_wkFsM_+u4k>w
z-wyu0k@RKR^P*xttq{}icza&;bJ65foAtyrqk^Fz;2=iQjvMAgtlUbnj{Z0tmu@^d
zDd1ol`Qx=gZrLBH!0q<oJ6}3R_XgdAKrC^Y6=;PL_FGs(pTJ5@Q~2h0NH{W0hq{0z
zBK$Loo%;xQ?JC<%bmMIv&h4K%T3#wz_mv5_V4iv!Bw59GbX#tT@@U}Tofmvb;_xtt
zF}8F82&{Qk#citqLN;SBHRW>BS=~XWK+}4?3@v-RyZ^mEW0!;2Sz=3%Q^Z$;C|kin
z&hbmdg`~&aH(S!VKn*SL$3?Ja?2o-64$8ATXfI5MNnJU#+{+3Ee8f%N3|qdHFznv=
z@)i*w=*Qi`-(6;W(*nQ(f8^?b^@q2?Qs2C&VA3W=d{f0eqoT$JM|__l+`-JURyC@C
z%C^Ev;nMC(VQh#qYoF+=nmun_?mXL@<B${GN5&E#==CxUJ5#Xy?1YiSLbA7v-HT-#
z{g7Y*jmUhro-=3a=NYB1YhQMIz1?+fGw|$570Wj*4P|aJbU=UY8F;7xVx4A}fe(-^
zWIO5X@F`A8g1a}x^grb`VK+^`@4O`Wp>(9O5KiND1y?V60(tihem+1sX-?I%Md`jn
z-6A6KiD7oCx?7ysI%}6=4z99=7`pNq@gQ>Wp_laFGLMz~D#_C%1pnal=tcC_C^TZF
z@~F_?g}495{w;!p2~J}5QABz^D=5B~^VXKm5R3M&tc{!L5zRLZqd{5tJ#)v$Zd)hs
zQ0Lm*wHWysuR2CM5Of9hAp<Q@0yb`NA)i}^YZG}jM+HtoZu5<dBc6PK?a;x8wBS1G
z@ALf-mS27!gbi<BE2L>w%{M!Q9NLYXz#N=KUcZ1ZBu4P$1SG>1C{U*kWQi-IMOe6N
zUek*INekHc4sl_?|L4L`2Jsss_f9<Xl-GVV-*7Ba;1Mmjf_Y1Y{Jxxpyuhs9pNxOu
z0CCpF8;H^vMH7^x-Q<Fh+wGfk_N7WeS1{i~uV5MxA!}gS+Ga*Jk0HznM40s5Xy}o3
zfP~*+-+PW?oBv%3L~({DCMy~hLUO`JsRn6}D%81wEYs>Tehu>orP+82v@N#i|NpoJ
zo2doxTC?_qh^CI%c1bpFjy;G3UtYh6krk!9#-&~{*)gP5EY$;}9^W}eUxo@n)w+@?
z(dzxSe!6cr_1I`%niX>;9=D$B;!^Dy8e`ilsGN=mmIVQ61HWotU}8Q5{*BxAJ&N1M
zp5VUaCe2Q8ezb`R>&X_4+4yF0n*vX8>qS0Wd{?j+N?OZL-S<Z^DtXfjDb<3jDj>2l
z``DZoZY5xUf$Ps6mgg^rw1e<Wo!?ZhmOeQco=d&Er(0K^E(r~tv?!}NH6#}s5Lfp2
z2R$C{6$5{ZP07M3ZUC&NNWpHXYLy6%>aq0|K^bqcx=-yFvgzN#)Y;skkm!_}I=<&z
zSZN3*f>-~mJiX5<k^xhYVeseBy^r7&Vj_%)^R<a_HT$6%-WZGJ(8q5Oeq9-f^Coyd
zuk<_I*D33BB;09HodrxO!+|?3sZpXlB^F?xB9h*h26sc3HO<T>+<k{$A3c{rd7+-0
zl9{%^24(96i7gP_&67=X30{g2>_WwUqll}?8?5hZI(l`=9>4fXTEn`c#}EFMXzk=`
zfosn(;rU+|BVxNF6jrNTGzhDzgfU9G2BvDmDtg@u{!i`^p=S7LO;N+ky&=3|NIDw`
zKx$X=sbCoI^6`NF(9~q_ARilGiz`J=d01_*wJwyS7MV|=Gbg2?Vum4JUH8P-pC?%+
zAKw$vDbe$nx_n@WrM<$ere3*hKE!5$-xAm?`F<AoM`<*%SFyDMPBVRk==7{aIQ#R5
z4q?8Pv6h~P3oI`|`Y+Nas)zTR^4KpbWwl#y+h)<<`^}d2Ue(0`B5YkDtF^H~ejfW>
zx6=!SVe<X#=<pmx)0t77{CH)udHL@$j2wE|69nPP%A~2fj?4e+UrJcnAIybGD+k=%
znd7jUL5*!nQ6rQ0`Ac-CZNyJ=C`qKQxJe1a^&Yx;-Kv-F=G7<vYKN0%$Yexoj|(+K
zNf;K<85{jqdrl%HYIf23FeUVVV-(Wk*in%zUy`Cs;r+4Es^z;riElm0+|GJ+C^V=!
zf;~m}m`S4z{fGU(_%wN?IYPlIl?Yh~fLjo6n5^>Aney)Uejrj~7qVpZIh?w_7jSX`
zWyv)*n8A{&S)Nu?h<%IY$dA*KvkFAD85r7&6t+H4_f+Ent;ftG`IPnz*Ppp9|1Zkk
zJFJQB+aCoHkgg(4nyB>NJ9!ZW0Ra(d(xpq6-V!=0P3gT?>Agch1?ino0*Ulq6G{T)
zj_>)N-?`84o`3H1WU{hW*4}$2v-T>V*^{|S%u-bfyOWfIdn;}Wcb--Y-TEm&k&lfC
z7VM}KN{Fbbo*X2eaJ3#ME$rvz=Y909PCeA_*C?=Fw&>mk3g}p={dtq*!%dslOG*pE
z50LtAbv*9PN$g9=xHi}Ev|je&hL*7^l75-zoq{i4hRi13UTlal@OZV@Fw$s8$g53j
zDJtP8O1U>K{QK7++(hk}Kpu_WGpAA;zP@07sSu|H<@+4ZAHtLO>(1-={Rcrl&c4nQ
z5zgZeI@eoYP;*#N7g`uKSujf2+~-haEVlUW|NC0u&^$Yh7}{R05irU>I)6Qk?LegY
z+H9oxLV^Wr-o`sA%b(_0bk6W`E-LFBC*Bb1{uHDK{{F7`u@C4arwOKnZtSVb%+#Xx
zYVbBWdt8Gg(ZuX0zqjfGrGMX~i}I~*4mMWob{%*G*_#ixkA#`TZJ*2U6<Iy&e8thj
z)K6t^!CS;4QOp;s*%C{eRP&q3>3TKNrbH|DopHK{$(uMI&L_#~9P-m16M9oGnu{me
zlg8gn{nFnbn3<R7Xu0o&P!)A+3kaKkwCw+(3*2<~sHX#_n!T?kK=k|h;n=n`<E;ht
zSrMP^g$$5M#6Xw*NasLtSXW8~G5DRrQfE{!frO`NWENyE<H8cLw&;@iA$E?A0JSpk
zuxsc*X8uX?wOL0k{Ud*P9Zp@6mcVLk$=WR^nx@>rs*<egTc^cFEI-k2zsGAF{$opC
z{R5h{<<g_J?mC5qb6*OZKUWwUl^HfYno~{?q|y*iD6^_et0-?uACUSO$Iol{WVX|4
zsqUb0<kfe6*SNM{ZgDqB-<oXm?`67;l)=KZKdN<Ze~wq(M|(AR=7uFY+C5vqP@|QF
z)y|qA=hUsKt|pneYaM<F2KEexY*&W^r|Wo;?~nJBB~=GZA)M+yB{}qJSqGD}Q}(kz
z>wlrr>VG9lqWNCuNJo)~Ovv_ey>~uf=gmSOs?V}DjOzpq-4i?;)u~QxM|+w2lpOTx
zB*MN792`oV=Lm#bQ5l})RB>6wc^DZ-)imd9SAFwbNcK!8Y;~H?4V-uOU;J$<QXa=o
zq_*eeFDE$<3r|i6gl*giWW@LlQO!A=G*m=7&Mv$gwSA+*)N}<@qWJ{gieI!v%DQM%
ztsr`lFp#;!tLq*n_SFTmn_u$??M6&K8xQ0c+BPKKawo$+vBDmbqA&Vg)oap2cjhVk
zl(TMGL(z7E^Hl%R_cyD_#ai#uvrjgrUZ@pM!#H(@OELsa4G;47OO575wWIXu_)X<k
zN6MwxOJ-8&O8Dhzx-BpsBO5yKm4yA>uUwU!;~O@XC5WXUV*Gap2_-}FPH$4PMv835
zHtwg{DUb7YwWd@&5UbYqrz4PyzctrN|8yv`aa{VWB=)?#)3*Hn{AOkAz`N!H_TB8)
z67z9<Sgklht8;|I0m$Uu081BalFh2{g_3tn#cESUKwVkaQ+14~f7EXU7rlo@<X=4%
ze`}ms=XF|D&u4Dz>gX6W26TP)zej=I_f^}NF?*y_=W2F3sBUDr6BorTU3EPo?qq%7
z()=9JU#^*+^mJrpp`)1heaD!b@_-Y}BP-r>-(;&{W;L7Hw8Y9qzy51eMAFyz0u$42
zLp2sq<uc;cfHnG!m)ebdQT|%;8>iZ0FIlr{@8iB@<MmyWhR*5}ox0XmYG?N!&hFLW
z{3BU*^TvKf?wS<j><(4i^Xc<J@_G3F&IAv6K&>*<o@Bc+-pAn0h4;vE%|2;)(Y7Y~
z-?bJ!H`Nnh1?BUc?4|CYYw9R`1#>wZ?QY!i)PxavK<BdOxyHym$6>xC&kXFm?ZC^k
z1GXG%0g_*mU0;%vJ?10W|HIZJ54V-SA@aQCtK;ro-_!d^PjX>Q<+C^HE?En7`=(xA
z?!afD$s((WHP-XT)9q1gmBbKf=dG^7{N#9Rn3&Qp=8Ja$i2Rh!Qf%gwJWl_Yt#4<a
zLua*jU1}KoQJnUhYs~XHbhQ=}7aKccdQFdBMJyuig0gw-vp2oz$XrKyjgR<`&bC&{
z3hxQ8>K(8ekG`O<yGMLHI}G(|U}dXty<aw4x<TgMwutO&Ig{f4@5wpT+9OwD?AW(H
zXAJzfh7?hw@7}-jMCa3{>hst(MmtM3I7dyTMj`8AUMBCzkG>VT7iRbmyb~2YL1f=C
zPr;x+NBGmai4xVc_bkl4<w(0ykSS_w-BmG_k?$_dsSrB-Ru;J_+rB#h4lLqkP4n~Z
znmRRM$vKxvF$RtNIa#-tenZV2omrr8yvT5tsVZtqJe4{sZl*1`m$#OSo%4x^|KmQg
zOXL)&CU16=c$^=?pvKYI(U7F~Ol|bTvxRpc*uWHb&R7|e*wNvDYQB$);UX2|%o`ub
z>QEKkRHycGz*pm?5g~h_)wX5!=z~Co64G-@lQ>SQwEm@0G8)!%hM~B)CKXU|wg(%7
z)2J3BcaeH6QO-7S#~w@lL_){JQ>R8TZTC=Cow3*4%$U@7M_-2}2Tq1XbEsD}vj(|L
zt_-3Mi^yvP>RvSna7JV?7*4N{;#Knwm+P0jIWg!Q_!_^o!=IQ){++JkjYwgqc~Vm^
z5LzO2P1RyQ_}cF(0ZbIIr8IOjcq*+Ittl4%DEV!wFrA>YLz9<CUMg8b#1|;`=j_|g
z*TPCA4mhQDr5145f11F0*H^dL^&8EUb1M@u*0<IA5R-g`m4@j1o@&nBjfO9c{0~wL
z5)zGPZor?LY>3}}eo1KusZllxJ@C$nPaLKcC$o3(|4s9z?!pe3a<eR+;fZ^=*T6?*
zg*8%c!|AYw#^SI<_$M(yZ;GP#DLd8UEYk@;lHa~)8)G%v<>yiTWbT9#OYK=Ho9)9S
zpn0dya8=2V*u<~#*KE3~AfwxDS;GNzW<;YOHrycYjoF7HDIo(?hL0hWB8QxSU+BD>
z+O*MCUgo#J<?v<!<5iz1q1VU?%dHIV;^20QwgXiw8kN~_JBf{zsak4gsoEDvJ33z<
zvxN_RXB42*9~tK|c($6)FDB5Im#4g!@AOmP-G7mXPd3~I7W#JcWld?=D^isVYAFA_
z@V*0ELL|1dILChIk@-&NRPe4QcIU-nDQ!i;&h?_iJ<G(EChadq%G}P3MJ?9<Z$`L0
zKoc(U$jwsoGP9-fa8((B1?c8#vgKR&?BVfZw#Ijy;5-HwU-Z8b>ty4);rM*dWaE#-
z)<3e?Q@C0$&2^j??zC8b{2Z@QUuKu3k;3=HZ$Kjdzlk$^w!SIj+%ATCt#E!*b!RDd
z4EolCb3_kUolti;oFI~OkEXJ^aQL6JynnP;K}xHLm1jlRJzDj}piFUsk7j8yWb*2J
z1|78*Q-=D(=_Yx`nZhRjdDSlcGFK|WaR-gTQ0KWGdL6k{8(ghK;FQyl)3$7VQ{VL@
zNi!eI!;zm#p$eNZ)!mBmbvt-!&LN7Mgqyu&nz@iiS4ShS8f?h|Dif&auIV&!Pe}F`
z+{X}ta4B>7#dWzAmRs>V#P{PXn%gr2T81gf_}~4EqcIsRkmNGa>28Hmk(P+a;Jsyi
zu=t|gi{<V9f)eIPaYjJxycEG#Xyuag{o5_81}*C%L|w)kLuw$=s(<rn2JyXa*3fnS
z=GCa%ilfcqTLrTaiXYM?{;qlf_Y;IlKGon&beemG9ZQQ|xo*4Ll(KQ|Xw60(l_>rQ
z{gBSqx+l;t+Q38{X`+KTa$3?!dr#TjcR4tpDaGouJ|cM`thJ~ba|dnYHECvX*11%d
zuso|6DdV*HhmgsQrFM@GDupVwwxyRBmT;V($I>rgQ>{1qR_QnH4UH1gdppTebyH;>
z0qfu7WH~;__6wP=-W$^N&5S>oA9l~~O5o|YzT#Ilj+kcsbrOt{77e%v7$s*F%Mtw%
zIk-7|gnt5v4E~D9|B8?e%CpA`wh`XVV`+b~9MhP*rM=IT2%3*<zPkwfI0^rgAy36~
zdK!hlP{{hTqu-DmJmqaE{7=LU$Mw(mxjEM;_AhxO&vb-sA#2JJ`KIJfRXe|4f8sm0
zw^=aWwJb`oDA3}~lCX4{0MuHXHx%!P60W2>7mvh%XDzHsB@QoEVt(N<?2O2ccG*UN
zvWmJ_UQjeJfEmk!$-gz%KKy+b!dT8mtYlanEWz7BB;t7b@ORCaLoTdl+@nas{JTK6
z66;He1dHPNJxJK45>fg_31;qnP_ZBSUM2kkeErwgKL&yk5}|P-@(gy|!P$bGrOC;O
zUHt~aR`h<+o)0UfGUDo)tV-oaKQjG5M%OS|-HEMXDiHdqB4&FzsQd(~Cz*OlN-S!&
zZr)__#KY6u-=MrL^N2!?s#PTxbtnD_6%RvEO5(5_v~Yyr)dE1c-|55u>(hS(07;LK
zJz&w8+`#8>Vln>@iB3UbCeU3*dl!n$D%EjvzvEV5WeLsjshwSMnLm3voV|;E2F8;8
zD{a!Wu#wPfPj|km3`@5qrl{SG|B=@M4(1o|6`xr~e!J)|P4IsDPwn$YZB?8Qh(JpM
zsT=2;Q1Jbgq7Tg%pQ~F*+oO^*>JHtPw5uzRtvaZG1(L1i%2<jn3fJQln2K4wHKd<P
zCVq}6I_~6I#cE#>8&5ICXACw(D;nbz(2Z0mW6i9eX<5=rS%x~r@=yDxeNA}s5&CUE
zO8mrVQEGit;*zcOxg$k~db_y!l&+LH|A%=cBiYR#Y!=8nlW3^l3l@cBOE|QpNi=(k
z#@$WjR$Fm_4L7I?p120GDYg0bZ_kr3d>oP0qzZ8ma@-Xkx5<M26G3451K&Ti(1?J_
zVfvrErSq0$r#U8YrtYhVxzz;*VvWfAu#`Eu;OsG)6Qa}gqw5NKk<5-9@u*^*0|Gu`
z23iH^$D{d(@AiGxpwhH@$H%?HoKJ=Wp7p*;sN>A<7m>hviaJql+bl3mjRbi8aFqRZ
zY#7@Rzy^|ksvJXS-Y4<3f_F;Dzj4uCQ%$S9Icy^F;TyqVwMS`hI9Reu!qbM{M|)$-
zqFJ>yovyyVZ(m*SAG_<>mObzHvNQPXA^NM#vT;Fixqh-qK{4>(3nNmuP3qA^Ii(7l
z>AvJ`HY}l4X~dZh)AhX0W2T~1QZSkQz3*-h+LZBGJ*cE%j!O5x9EHw^pPGACP7#dZ
zFR*-ER1p4TWst@tebRa0eP-IG$S7Qtq4H5ZjmuESuwJsMwzkA0QSNn{;8JdkQc;1G
z(sq~K_Q>a&3613HiKKf9o|4h;uDG9mc0X{MwcWm#(pG}0xD?toJguFn7kgt3YqynU
z;Q#n1WhO(G+rITuHh0<V1t(0~Q)L7NEWQkWe|f!g0Oy)b(AG_!=w+x67u|T$!m#-M
z<1Xt?)K1X5A2}xEZ|Bw3wWuu8rYsp5b_f;}lO(iI?@Ot44yT73q_LWMG7NQx(`qFn
z)SdJT(Vgm|QyiU~dkv`StYpoIx2LgFqI4ow8Qz&JHTo8%+v4LJl-0rHSYY-uoj&9$
zj9{JkKyUGlNHk6&m3u{bxtcCyWDc8_VfC`xY}aOC*gY`&g&69=%pdJyP9>|vMhS`^
zd}E3ca$`LuB%Zf3c!W*~gE9SHQ@=i<$6&=%1cXKU)4LW_#24>{g{?aNc;tVwD!Y`A
zM;%C^n_3i}MkanH!YRd-_Rc|bX#3hXru(q#(|xeJ*aVpyhCCM$^2vg))!$XvP!FQJ
ze&y~Lrt-_ZpI4Q9@+Iz_*JOeiuEv^EUWaVaYf>CPE5%NBS1Q9UV7xBDujpazp5v0Z
zHri&1%b(q|`Se5^#<GLWqLN_fJP(-C>94>#ePdW2DpBE^ZPpm$xZbEAs1Z3{K9v^j
z7z5n*VVOQUYNZl{8eK2&cF=#=;CtfiMW{?<`?_0%VcMV8W@jlH@Uwf5c(cf*O|&vb
zeLLSc#sX%}w*_ojoBH)aeA|8taM(zL@9!wK9|OK#Xw3+u|J;jRF7nUkcEIG@k*^>U
z8Sadn`6uF5bsqVTZ>9uJEPw;P>+=Z^bwwIbXw&PlPJYN88B_u^_Y?{dGEketuX^N8
zloYk^f8S-E1ib!jSOVJ+Ds`n+B{iG;vx<SgJv%)(5up@pv8SE<<i{*!TY1n3h3Q>}
z?;W{MnpVb5n45N>!}=_#mpcTaX2I{^u3vM?qH7QoJ0E)`xt3N1TF1h_KFuC{78+m;
zj-8F&@`Z`Tu6+@y%-P&Mci+HVXSRYtwpEC+wEtq6(8%m|FsQj-2Ho&tBmE{bMTNZ*
zBZBmrJhkbT*SgkwTYNuWJ#<ITdO+$(-o*=kYSaIJ5rkpC{2@BG>5IffK?Y39%mu?i
znz<J^T$hkNGakd>#Az})^&+?_VHA1pB)hGRztlA0H7U;|vkmi_^yFV!n(*%Rv0GHt
ziYo@$&8vEc?KEY1xRm0QlCwNCGn@Adv5fvrS*Tndn%cdJy6Wx^vg`Mj>35K=$tXj`
z4G5C<K9-p8BXG{+=zx%2@DqsQb4Svma*zLtLZ{q85*Q$Y$6c0vj%fg*`0B2^%|$6D
zlR+W5q@=^~b|4VzC4q)2LqJ2}ovq{n9<0pS_BZxM`qV(d*~s(n1;&5&XhGzc=RARa
z!Zp`Iql_#zej<DF72D0rB~<rJJ{2^JvgRHt2@sL_FsejQP^#@P%n;vUpFjN7?2O$$
zQQrRPKf}%yKQ!17Wi|Gr%ARCE*ZSd|)qK!idhAznv)7XH-{5*2q{wN@ohqJp@+bJm
z;58FU?8NpIJ|tB(ohg)T)dG!neQIg3^C`qV1od@SFFyVWU1Id)J=mE>Nr;E8b!DA$
zwoQ?qW_#r;&H9L(K}S~B?26k4r<!q@(_Py&m{Dg?uOrmt-upx*KUTt*ecr2gIu|eS
z)|tC%zs$F7u-sM&JG@?$JCRo1nJE(@^z7lrD4;j$2_Cx7Za!@mI1(2~6Ix-jKZZs^
zBs-6#XP5tsW-b)-$tznjcjtN-^*u6eQQXE5qDu$pf06+>-q6H(+37z|R}b(4en2cq
z886QpFW+-h82zLveo_$&lk(kU)I=spcAqM_bbS*e)g(h?^_gjlUniXjV}J1EB=FT9
z4lb%Z=N&(RoqUgFs0Ut@L+t@uRDBW89vCliUox&4^WR*(=!Y1N;xx-&sK7^a4l`y9
zx-pt*u}O<4!mBs!-##2i;OWAn4UHH575yzGFN6F#iP=?5rpVa^d1%;I5ePU<1KJ)a
zN8iw>3^XLCH1Qw~=dlUG=TIfp^}tCKxOd|^>=%|~3R^gWC5bv8@G?CwrAtH^T%|Q!
zh+f+3#lS#?lwc;?r>x$@pW^GQ>?7h4Z+X;c6_({}8g$?Ka<>+e*gF^|y&QmY!aEYl
z!THjHPSyaP5>>^mJdh8J=ml~kYgQQ<O&5~owfCA0tE}hX%SvkSoDD0g=NKMUTaa<+
zoitRfujg>g61Ui{C~Q7RV`^xyopc)ee*aC~e6T7kIDQvu_4(3@%I95QS@A;ujG-v{
z<soNc49`2Kx}<MaV)H*&i>DsvI(!g0YSY>zE?)o)JzbV`GA3?iZKI%yAdx&4xaFNZ
zMtqEPK@C7N%se!N)kf`o?HzQ18n}(4uo5%J->?I9n)w+#@x8E8mpWOGeMC=V?wz=W
zz3$}fcM|pT_{xRa{U*!!c(kyfx;OfXlwH72W;!)xV5ycY+hqeOks61>f*e-^I{*F~
zk?Jo6R*FOFMvSccKK~40f5eq;Hbk7OPGLzh&Z(=;RoP!XT;_CI)-veOYC6S?8CP?1
z&+m;D?v7PFTsPDksqEOcVyNzyc`FFdx7s3})?j*yh2;8vwcB;mr!QEG7*rpC6ukvN
zzh4ux!2t6F03DXJJ=ufT9N%UcJi62XfMvGtzaBO@0|)D`049t4xHGAN-l)|mP)}$Q
z$Z~D>KoU<cQ3IS!isoFKNAF~js!@t&i^+G4p#2#ltP;loztPD`La}%zBsw0%sR9qJ
za3<jRkxcaJ-TU`-i!1wu)(xDOcK%r^DlHRI7z@cDuC%L~w)=`A*B1L~w~YkLI}$w<
z@<XTwB+HW0;`8F{RE!)c03p*%SOc0{_c40{07IAorlbd2vH$Rz72UF*xh0I@vfnKr
zX^s=&ap~JCD4bWJZc<3EL1|CUs!%(#>VhWS%ro+Yq(9hC6)qN6{56lyszd*1oCLRV
zi}inqk4s8{vXHHedXF>vsR^_cKVVny*+Ax3(j=wC|J`%}L~qZ*goeGo+NmnIsR^*t
z?$z}7iP2qop@&7^IkX68nC+gDRoNGt+n<Cju0<PRU-hkAhV8bV46LTu{T`Br6%9y7
zsV5|Br>+&a>bx}aWCx!Ar@D|Xx-C(XA4Ve~;iJ#kbY}ABDS()LZR)M|Rxh+dp+}xA
zeBotdFLO7#-Qjomd2BQ6we6(m0p@=EP<7E_of*k;Zj6Th`7p<BkSKGb1=Mq2#y7)D
zV{Gpc!<MH;BKdh+k+t)<a-Dv_m#rz&wP&6h-Pr<yW(PSEJ6dl(ZlZU1#DZl$I-3lz
zKlM&3W4&hd4INaqr<pscG&lQuhimqATLol7Yw-p)d0MaI?>M0q!E&@*&&+^`c>xMH
zrzFqZ_v`82;#B`EA}dIIV2bKyYQZw!yy&i^8mMMztg<p>OMdZlb2Z;x^E~*9=aTZv
zTPmH1M}E`$@wRjXW>kDczrTX{<<DiX{P(|f7QyT{9!fy=J%L1=ywh}QaU*I>^7jr(
zn%gvIOx3CO@nS{$0-f6Hg=vQw%VAsH0zb2oH2eDQ0l8YBcyL>i3m@rluChFRDVQOl
z<st4QQ?0M%W9GBn_dbaH2Ik<mKrXi1?eVt=WdZV<9-C{raMm~U%FWSbmdlh5G3axN
zK10DA_cme>XLxyD(+FO_Vqg!f^@Z~K<JN_DRu5!L-hSh5eOc8++uHB9nK{M$H3}|@
znG`|W=W@-BNiPk({}uu05tWYzjPswAzA$U^8){t$s9EKn!{Nys;Ws}}OE#VoSF4g6
z4^U7xiUd$UOJD+8z^WYp^B!fhcX&l&)XoeJqGYGG?RJ)r*w1&+5+HgLh5ykrYhLy+
zIVy3ut=P7{!bnrgmv!9eQCA&m@3%au=K{ZZM0^_YmKAb+IELIIc`PmO3lG(&l0*!Q
zt+ZT%CHINVMc;cQ3PHrXlRY&my`&iN&b|5<EkQ%zxMPkXIaAF9NS2G(^bT-7L>^4L
zAK`PhuOEHBPs`$3(ytd4%CFOWS>7cNr}qZGuFQEE(Z6(4w6@hkTR->kqL8<6ZHrT!
zt!YQgx8=^GG0o|E8nq2$+nhYBtGct6dqz_!CT#4RVr)+Q+-&RxS`q+Ehf&pCN$@M*
zJB*md9oR4(2wdl4{OJAM%sjo15?Ev<zK2b{EKVHQqgaf3no&$~eu4@}fg3aEH_`k+
ztA3P6sj{z{W-qj4lt>(u><fQGxV5!8xA~u~^yyV?^l2Db7zfT5iJA$vbZIuDa1*gt
z`pl&=PQA3ECYmW1=abV0-J}fZQ96SUtevr$3@1%E9iE!6@R+hln*@Wp?AK&aYK)jH
zg_uMhkS1wl(O9dQ^t?Evfld3<z`XTMbeIPsM5L!$Bt<HnE1xic-z<6jBT}T7Jgmbk
zD6zX0Teqm>rltpX8#%{LypVUU{>43y<z}a@wtqJbzhLv;c+LO8kz=Gbt*~~!wea9B
zqot^Q>`0-sM8d}0tMvabv$l_3h@N-AL1OI8us059?)onIPK69(a#YPtcp9dqG{e3g
z!@d6)c#fbj>(p>VE8`R?iSbW!lj&)PIlew|cbbeI_4L+|5&orD1uTKj%Ikth8nqmD
z<Q<iZ#YCM1UfG8y*0ko8@6N%eMpWj=O=n5-Mz*XqG&0;wMxM~xurzXosR&F5-kJEV
z+nF?%+4Wt2;63wBAnl=$&M<K?n$1QhczNQ}NV;=XtzpQsi&t!-67GKs_3TMzG0m{H
zz$|{{O4`yrsxnc$u4h>bc9>|1c`o^bDl0mBnaic5y)veFPwV_&`&N_U$J}e~*$>|r
zPf=$`4`+q9@b3NyU~r2Q)S7tkCTdehET%8fp1{56#vb<k^r>*sJHr?0HsNEwU&g}f
zr+6*7yIxMTgI^3Z89vWhN_}xV)=XDIP0K_#Cg=U}zPrGQo&3mP=;5B#{q0K*qqHib
zbjNQcs5|nF+CHP=^BV@gF_}?Ded)MFU!J{l!-FGiw09=XI?PcwttpzT>!o%_*(;i-
z4ufwk`y;2cMMJM26Jm22_vnlW{ROJvpLQb?b<(8q1=6XJk2QimiKI~@-`i3nS8(Zg
z%o;&aavp~t4^9kOTzyHg%8?dkj&<5?V-z#n#?d+Mni=0@G``8KDDQ}|TPDBcZv)tY
zH$yM8V%en2U)daKo+doX5$%j!OBP{%th%XeTRkiEJ|I1ZeBLr(fp+z(u#fh<q$!d8
z_jaPJhpun$%H`fk`;VZF&HE$4=?-;i+R`IWcAYm5jAZa3p6^BWh>*IX9M$Q<zDe&z
zR{GX-zjS|Rgy@GVSC|wT@Ny+EIOvZUw5!!NRlj<mPa|1XrS}c4U96Yav>LIXD>I?+
zrdXCHFi=0q9YQi;>t8=2KPr#7_vakI-n4WsMp|pn8W<e3bShrJp?(X|jU^)n{^{?X
zRMTeXA8)v4OTcPMoPu9$PbLo9^Eqf`)SjWT;u=ewYLz9K&XV><1;JXU^rS5y^XnAG
zKoU{ReH#?}@RoY&M2b*>poOwoZ*<q~7l>~nX%i`1eE)vSg`ot{DHXH)`Ym<%<(B#p
zeH*OxT=p?0Tdd$vRrG%&?)(0e(OsOfQC*xPTmF;A*zAteiE}I4iSxCrxGqj#@+|k!
zK$YhR8c|GD>V)^N=q_Fxl!<V`A?XW56)^OFOSbv`&-dO6m?{t2K>dRNl*u1q)Wc12
z#Jvgck?1Z5pk=`pZ~OmYL}CBRL<<hn83JK4QUA>?07E-uy+Aa|vIh3)tNCSSAAZ_u
zcT`4Li(&*a9R7<;c&FtHBKv0kl}&ihM|TYYP5#4Oj;bKmNAnL)fS!irA`VV3GqLZM
z&Tag;HoVfi#%nF%#NFc}l#v;ZiLrrd>&#!aYkfatytuuQ?tGRM^SWa?>QMn>KuMi$
zp=7#a)8deIVY!Z)ZC@XuI+JmW#j<&qd23HV-a5s`b}{3y%~Ru==e>kOOKW7w?E`dt
z-U)&RkNY~<KX$u!A8PV}#L4G1;Y<k|s@EUJM!G*4X>{bUxU#hTBD~RDa_^qD9j-Z|
zaKG%fT0ZS~elDkTaPQB3_Dul^`6OtIKzW({vU|5!FC|k6V7mS6GOyO)mc2zxvL7=y
z#Hg54hL!q@Mk$$7B%*&oy<BeMeWhAGHmNvMWTZ2%e!+XYe-emq-3~-Z2j4um4ZaCu
z*wT8P8`t{pr=4J(Ulb@#o(+r7qhBN7x#0IdrR@Deo<Y>ohHde*Qu81^6xVg}+FL10
z<B<Fh!x5a0^*wS9ek+3S86*fUdd>d91O4Ha35@6ebQl`}Km5u;y;t6#z^RHba^j*U
z{FBERJwOzHLjs!)waO8pcqCo%s^DcTuMX2dp-9oUVICcpfqW5uw$|cTj4$<)$|BaP
zME0M|?`jrV-5E#~(O^q^Q%oK&ZJn-CSMdtfS+ULgz5DB)C*AL-fj>TIq-`zg#$suD
zp9Y41P)g$}?Ss3}aBR2lFj(gc4YgP#cKi}LX(TIP5RJAO7D^ZXVb@3g|C7lRQv2?b
zpKc+hWbsy?<NxmG9lz9c^vrC%V(cj#<wWFpO7$&m*+5qJKwy1@|6JqqrR(VSGPT*d
zU1_CDq(|nXj-0m1K@j#I?dj}S4e!2u+-RG!cWe487FF-#{qu{=rU&bgiKmsGqf!5$
z>&j;JBms&}Br13f$kuexNwY!g`&e6u*lIl!3!i$Mwe>-R)Z%p0@ay^(-6q#e_qI^b
zV~_MQ=hKpRX;|TJ2b{jq@r~G-$xl|-V9dq}EB3vl-R^4=Zr=(L`*K{c5z4+7#ch9T
z-;1`_B01+%&@c$tL2jvLC&4E<xebAw`E^}BCNX|dt<mWiGKt2$B#Gm@(Q3QN;nLTP
z=4cG`_a_$w8F-k5+$~tE^ZP^0u8$a(``*xarOf{PBRVGiuF(&dkKu_-Za{??+f^oA
zy|lkrw!r5^QKZ}Byt)2S-#<<4+|2s0P>Z3_v9rfyDP-Ump3^}`u%6Nt9x204Tebu-
zqBPB3^h#NeoZ<0^Y?sg9Ox5Q!R&dFH+zL_ZO?;h9At4E1&Id<d23)5Lfn_0fr>VOG
zcYUZ&OA-=ROwZfrgw^!g;EMTcditk!le0Bu;nML1H#R`-1z)wE`=i{wJO8}<kKyFT
zeAuu0!jXCsSp9|k&H}}NJxok-pw&P9bTauvl92qcL{Wgoc_`b$)*FeF?g^{Y)y<E7
z?HSIU$mZ6RgAZ-o!Km>i4bMlN<5p4i%JUG9DoQHK_Mhytu>8)E9N=FQ6lU<$SX)Bn
zRGo^?Fqs2F@ov`nR`&zue0>-7QJ{}qn@N8!;f*kC?!Pbtz>YX_xEQD+0|9<AaDvSo
zco=^TUT6K)Z;((Ki?T?FnY{LH{WbE~u%mptmJ9>AIw;<}`%-IZ-^N7w<exMyUwC4|
zq`Whp<{OcKxOi<pg8?pSzp+X*%dg=Mo;T57oTcx_W;_n2!lrG$j1vcvk9A7;&j*Y{
zFlj;09vrY)R);d$KNMelIT>x#41k~Z(RN%;1o^aCBwfjKEOs7-HU_~XIbQN<j&+?2
zCX?SUkBhxLC-pAtHHLEA8?;{6A;dM}$5hl_3`8t8L}w^?S-YuaUu>6VxS6^xYi0zu
zZz26`y2fGdDa*17oTIj_V`;hIxwZ`J&C`X=S4YzD2Q2gc242guHyLzOCRu%-WT0~^
zHgoqSe>lT4J(^<~jiRF&g+=xREGvtDmuVVUG@z|%`s9xkHr@YT=sXz+jwGn=xa?!u
z{Q@&zl3g5FtlnQ^&f70c7Jyq<dIo!jC8wN!YD#G1aE)s;7t#5-#ZoUY?M2GT!+f@W
zsTb(mrE8Y$GLy1tbpAi=62PMWvfQ}a{9WB{c6>5)&SG<<tL_|J+wd2wN4@Hjc9vTL
zZVa`26tf73B<RKJPhRJ2pI`Qcj|ZREcWd#d1psH$C#!LB^QXP}>Bch#_YCS1^tc=F
zevgDZVLtnjERl!odDq8+&fybDzv8XTDU;*_(EOJMWBAh=(QP`dRLA_N{TG{=2bE({
zqiHYFM=!ac%02B_hW!ucA|`1aBmOp_Yae@4ScJW(pi@p6s$l;8SN{_{*ydX@W#NSe
zVrfub$%f2I$zybT^z(t?mj={wm#_51=dJht6VfH^W(TtMFQeQ8mKtSjzX&wZWx2Oe
z*SQ0YgDKu`j?0UQn%=b`(qE7hdk%CPFDE+un4cxq!nWeqiOW5Wf7SKZp`uX@(M~-r
zN*`;fzpY=sCZ7_V`hYKFoxCjccV`O5qFhQuqfo9xAIIf&W3)vMONpDO2{cbfL>73y
zcO)9?0C-s5dQoND{Wl-As3&J@rye&AzTA`IPZ1ZWk5Kr#PbF*Pl2IKataUkWvQ!5W
zwdB#yMOGaSo-FY2u(78A<<(4LP2Yj%WhOm4RnnJuib^SO^(9D=6;%8e*L=a-#J!n=
z$w|F#0Q9i{0F8S9&|_T2mG+uPZPcp~@+Gg&0<L25wS??pL3hUav4Hb(KepUA#~U=-
ze6$)s_Aj}jIBw_as;b)1IN{wM6qxXPt;YcrI_1rDnLLx?>;-FH362?+cTGmg6h2JX
zF{S}42sU&KxlPU{8VAWnH#3`43{&9lQvrF^JqIV3nd<!&QJPVW9vXCq5mQ6O-~U`b
zNnT%oP4{#pwr8<Q%lb|67<#5VKd+x0lNN004peKpH*@#PH)-qqp><vBccQcr>Uwd3
zT~!&~4|d%h`6aJAU4Jn3lU3!6$p7q=nK=e7VbgINy19H0I4EMI`Eeapj1>#Le-OQ;
z*~!JC(YjDqb9ntkmJ#<`AqhL=6){vD3vO}ToGUMkOWJ?cp@vzn8>Mm87(c(U%(_NG
zK~1~Fb2n_R2IF)$wWEYJb9vbw>LFbytr}Ki>$Mz;IdA&iXq9I-JD`bH!da-3o&avI
zp$y^kxc}@hlsF{&>fq9M_{q`Q=03)9ORKaa=R7&bBNWLtWc!nGkF93R5<D3bjOAm+
zg;}r?smN_`n%sh0UtZWUozc^ur{;JVx<;<A<~-Q57g`ktZL1-P3}{ilbDKRO{a5V8
zg3S|DPVbp|w3Tl@_h!G(wC1~WSt8-78A>8FFeu(vpmBZm<9aaIS5XUG9YTh91_7(L
zoRXQ47@q(=>$=_;`6=8OMmiJl`44Ng$?wFuY+qiK5G_fx{2faZ+WME@#A{PJ`VH)6
zcn#>3Uq0vf6V(~s+$q1yrK%)(AG9U+FftI236%;--ClJ<8P&j`G6ila-}Z11cIi@a
zC0^HTC>8S`Kznp>JztJn!M!sUp)H_$WvG-C`xdb|>+MLn4OR<GnFL0Dj&WMRIEnIY
z*zrjz=aTR$3H=2j>QL~`=98N9&`z38(^cPC75Qx<dg2}n*XKuZd#ls2UrYsY(SFkj
z0)6zv)aGvhp?hw3KFopXP;N&x#d<iH&{Yu-@*+vfVNy4~(+SQ=ZWMf>86glW1krg9
zfuh-Q={ZicVi(DmdTrb5x2BCC_NRYUAJ7+YRLUA5Ps#x;%w;_;HH+*dWx07gn`HK&
zidcR}wfUC;!7j22$vPhgy*8WP6`wVV^P3c>k5dGl5Qbe@9TIp$w5wqTE`Tm<ObRce
z$AS$sUx1`6hkarNG-E{jp!Py+Yn)g<155P7-AdrVHt6e-at3!#5&{|EctauJo&qp3
zrvTBzV}RZ4MRx!i$_!7CQuNd(3GyV)b$*we2ijU~4=f*M64XBf*9ivkBERR3`A)Om
z&{U9_BSljqb82@*YsP}fZl%a=q@X^J?PL<BKxteF_(B`UNMVr-vge|`*W7R~R=gib
z*O@A_kU(NM!8zgeMK=^p)PhHg3$HQl%5}fX1W}YiTryqVf<bpS!%jcri1&#ip%yiK
zHAEO((WnuB&Y<XlEm@n%QR?MA`~uv`4EGrQA!I(i@0xlp4!TCWLActRe7E~|GsQuW
z|1;kW!ltZF^E-P4*dF}6j%=L%=5+TY_qKnU0^1fgk1X_wIeB!bs?dlJ9!v0UsV%U-
zG<i1<cm)ZnLKN3_fmT8-<W(WMHM16hhOYR0o(4E1|E$?fN0w|3UA9WV@~G0$9XZ;Q
z^KQG%-%-8CEN9wB^m|#<RVlTgUJnaJt+rY^&!v`JP7~A%la%|Yssn(~p$elqOLvnA
zuNC^x^m6#u;(vVOa(C~c*ybF}F=mTt1SwF`)#Gm3QCn^2svjqp{pHy^+|zsD``%$!
zrs%h0A2nbzJ@T$*zqKy)K2)AElU@?kXpyX1MN978bIprUc%0b%Xe-OCPV`8<_i|2f
zex7rS*g`9m!4)5V8?etUob|Al(CJXG-|av(t}!WA%eM5_E`pXjDMl&HqbJ1BY$HAw
z8YahrLz=-uYSd|sU??N9I2VMm&gw^g&ISF!9_upTnuJ)*S<RVl|3KcMC$u!b^@?<z
zigcZV3^VT}8x_*kvcv#mh=i=q@Vk)7JqBrmspg2!aB904ShG<Aq{#w-zYC`VcYm4z
zkt*MYJa)v<)6<|<Yx)^Bp}ww!fK?)CEh*qc-q64}bU$HW33?{{D#mO(y2otB@M=cC
zxkFKihyyB?O6cyi17yD^TJ&cYu3?uJnP#}}qof9e&Cq>`%c20;Tpa9fHS$3!zCKu^
zMIo}24%p)maClNPQ56}+vk5}LM~2auE03laj}!cS9;}3<Pra>!WJ)C@GiPABkmTA#
z_?(vTTy*c%UY%&#!Y$U;`^?r)sGyGq_ifQJA>Sm>hkFghZdZ|=_$;EJXlzl<W{<C{
z;<!8D{ccG@16{9RwOv8($c1XM^C83Q7kY7pn=%KmFJB?y`(}i&g{@X+rEwjQ81(MK
zl3+uQ2e_E=9%{F{s-E1L6vI5{y;!p;c{j!Up<ExVC=yKVM$Q3!U`ab1%<jru5j2B%
zkbT~GJk<h1^g*g`nog_FCDAv?ebIx>>xittXr*Xvp}qxiUf1ke(t{w*X;%6%!kVY9
zF>VPH4#uvd!hSIsPC^$hwN*DpF4u^uV$f%I^E1hJ=X7o)##P?4RQp%x9j$iErR{Ia
zEA6Z2VJ*mG#Z~<S*N&av-nS)W_*@LQs()?}#KCSwNm^d3bm<1aU9S0>vl}TtJGSYP
zJYuH6dSQDg>9OG~3YyVcr$5IEQF<QTM&Xi=Iw;S;u6LPk_4hE>P{!`BNL?Me1>mh-
zEROKCP-F*P<L>pta9r@i=a;|&xD?x;yq9BF+&HXJIfQCm9IOtbBEhgsGv4<1_Jow)
z$R7n=TEeSUy11k$S@w6X;is&7mnC`SA^lFMJcz9=eI~6G_V8T_-N9?EwmVbnGSg#?
z6V*MYgeBvw?8;v<CLuNM%*N0bn(*WDI*gjrj_B-=1e)<Y<@Fe)0davNyeyO2HM&tL
zo%725Q6hq>56azx;M<c1epl#~_yGjkjqiGgiMG$uQ)}~K3uSW8Ujqy~kwC&|rMgP0
zb^6d1DuEPj@)DY>A>hRVg)eT*#FpkvnYZ+NL=1?%d!Ud>X{Z#rau2-}Vew7E(G|&h
z3Y2{#PPoevlH~?1fLw_Z`%`8Tr_jTCG-__?^~kiSpsyr0sOT|Hf55S?muU?w*BQsE
zAx4{z=!sOIQmYT7C~Tn8!G=P_v_0&uRC2fD!q3#uoY1GI{q%x8IdW2CSE92iflU29
zcY%2sN`QQnYRwnofRwQ$tO%v(LqcYy?<hmdaC~yC7U<KDKE788!GW}Z`!}Z?4n0K*
zSQ6}A3YMnSvNGYXMl<yJx-#(L=>C8y%Ry7ca;v_BhjY?|HViRXw(bJ=y?<==%#U;H
zPd-ry1qCRwK@gA`>7f>m8jP7NZ=4ifY|uS6$d-y*4yD{}|L#Ybg623mgQHXsCH6ro
zo=ymu@{BK)m@EWLa%SyHV@!vlnJYK{*EO_##UcA^z#-R$Ok+?tS4xi?Hq0g~=@?^p
zz$x;6OBzkAR*g$2*8GP34_IRFg)0qtfZ->|oDwM3hu{fFz?iD{0K%{yq9jPRijQUU
zxqY?~ehMU7P#K@cTXbC^;9I=N8~v~gEYA);47y*vfF7vMW2w25+|3~e$x@Lwr!~%|
zTUp&rl{CMfiEFD-2q4(hMM|Y!MwqZ(aO~i#K(}2;$BfJme?-}0dTK-NQq^D~x6r{#
zAhw?bdy&X{bJ&Dua!^xZZ`E_1-eZO{z-p*&2YTV7gB*}&fI29~2QSL}vLxK+g5f7Y
zDq#wwuZq?1xx6_kA0O#vj*sk|)Jqq#41Ut%qxw(8uD3I94B1%B53vrVR7_Y0plg;3
z>CBv<KRMJ@n--v3jOL|J;Vwa)ln3z#5V{ro|BQE5{e%T7?uxBmM3;33`$6xwTuSa?
z=I-y{yCVnV?@~dikMWA3y@&@Ze_YsDp!8DM<}e?qgP$@~TZpYgt{mSVCo-xI-Ksn4
zAUlI1l;wi{bn^oTsA5h)e$D#d2M8fOhnQD~7$Ng=$0~DKT$$m9_g4NKK4SSho_Cnf
zMf)dWA>yhl6E>C`mL2>lWG|wAw^?r=ZbUQ6ic{E-oui_}1-64xxH?gMXB<N2vLDwj
z6Kak)B;Ah;WP-~*Z>J2uxn7#hB%*#6$S{`zy>VH+INP7a7`jppldRLpC3h1o$+WQ5
z+@c*9EK+h=_e}35U7~C}eLZF?cNpxPgV}yP)(^sVJ8Y7~AexOt@kh10Sr!<GB75u@
zA%&PCj0})`>|3ng<u=RzakY<{cUd$vm%C|VA>Ku@__$`Q(}nw(*`S-tT?pG6Dba78
z?_!$`+oLzNyGumxoQ1H}Q0);DgR4D#O@|n4nCMdR3A(G@KM50Q3U5F)`T#G;B20Ai
zk1bP0FsIX;e;62#I5upTv%%#-bj=y?*h)v-*KyW+uH?~mUWa$~pGH8nXTcxztH-mw
z(9OIEDVDsfdUIM}ZkpeNt4OOn^JU*khFZH48WY08Z>q1dN9B(Sm9D{z*Jp>@a0@g&
zY|0V73&}kXb;G@(r%ML~7<X(OIwU|y+QcPrXJE4y$ZdZb`1|7_kiR3#R6r%!&DR5Z
zISaQ1=bL*akZQEd&$OHC+4W{#t-+iKgtcozrBMTAOsKFB+wf*D>y|NI6l6T@ZwUi#
zjp@EhFu&pGd5}sZ3M9Xld_n3+fz{9Btk!eQP$yTFabn!vU3U6gB@3<(hl5U?3~uZ9
zkgguElAbc0(GPVCY_;ZGN`Re$)+vWp_g!GiOA`ADgS@1e1km*M)xD}iDBc_aQO`2y
zgGn~*BN4p{AqUj5uM0HGfL{>J;2Kj)>KyDJ-5+g9F>H2JLvf9xxW+rXk@UxDV<VwL
z4&83@V`rz}M?l`}8rIm((~v;_k8H$4KWv!^I8T0m$3?%ZmL)$+Rfu9V#NC_)t|$$p
zm8au0P(r{HK&|s|Fx<;c37@$<a7j$piHb~l1<NWXEC#EmbVz*jt&jb2bQJ7L-syxc
z*XaGJ3pOqs%Ua_SWK9b!yk^hn7c*<V4SDH}$5JQdB#Ha93Yqp}UdeRU0k@wNUQO9;
z^0f5L^1q8z?zuxxz2V-JCrZ4*n6<5{e-}mO1VkP>5y&bM@bw(fr>PdhA%r!3K3u4N
zo;_<INDy|OB5F-T@P!s4R?Tl^I{c6`xCLWyz?r0u)u<TUSSyZQXF9FINLv;xd^@i9
z7mOUH6v{d}a^tQ@R>(35+#!#DKH1YjiWLZhEVSxAZuV&ODfIyrChbtkRsXXa@YTln
z8^)?2V5ozjb|)X`+<A$VbC6{;i4ePMZ0#L^;9bZ<Tjx)F*DZro!J4?B0`s@yoUxw8
zJ<^IGDu2Z-&Xs#}cv`XO8%FEv*H=0&XwP?Dwb}Jje~!)Jf)*H)IE>fvoWKp&0p_N`
zGjM+pboYvxdc~JC^Nb!*?zGZ6bt20z*mH7v*|^Ms>&w{zQg>Ifir~d*EgZo<9<}-X
z;owsw26s2xHm`#v8B+D*s<S2%s^I$iXiN%cyY3Q{VNL_T<zT)x<_abNN?E{71eZfN
zGN}qW@P<H(7B`RffXadC?v>~Q&Q?Yes!;<NlDN>vkdq#JA^g!`X;<`fJJ29m%~d_~
z237AeSp*cn2UKv)`9HcRn_R4bKLXN80)3qE|E3H95<R^h{+d2|Oin2=lT~zxTd-kY
zAFct*xvmv#FZ3i)oiB(OshxpYNJ7~AG9>4m@CO?qDS1_P;=C@4Fq>fkS5ruIcgXIO
zzDIL{t|*#60ar=0nYT)MZl@B}-%@9u<xI-Ce^T8&nQrY$T@fVis*iMwM60g5kX(jd
z2tWV)uV0FUY6t5a#PKy%Y4Jc_|IP``0&21z8X(*fz`{>r%{L2k5~)H96#RkmT4X6T
z_uPM)(_AZr+f{EoL7qy$17TIRSS6^aVoU_657oE?%X3LSP3)#x!oPkF^0^gpB`J-h
zTPYfX#dn&Q4rN2`oN>Dnf|J{gc7Gs+q<9ip(FS1BHnG%usRX=SB^$LJz%@zd;1lm%
zH|h?u)B8-ffte~5kkWbe7_FYd63H6^;(ayNN?Jv-svTkS9?y;T!HN@E+rt)$*>KEn
z@OV+2{|h^_Pa||Ik1Qi%78QKfVExv&qv4+Z=x{=aN*c&?H|~*HL%V1oflRj<EQSnY
zzx5G`F_DQmW!w6WeBfd4nx}E|@Wd(9^XT;#&P1h(V9!3KngGgca*2cf3%Q_cWDmg^
zrb&C0lJ^j)D-ib^G#wipH2TzX%`{5~NY>wz=XM3VpMiG*V>C;M`-iee7qZAmH;L`E
z2;}lwS{T8>^4?^p#AkP;h+@ew^m}fuq_4E)JF>2>nA_k>eh><hRdK4N`%)ApZ^r55
zcJy<35tX}>A>f&Uu3Jl#=tb!z!J9I_X;|JOF_j(D!NjWPndzS^!ZuT(+h+(%Sb{t`
z?H^b?5<%~w?aCA#>?WkTm`eN^8-5WiKwOo(tjo=kYeZB(zD{@@qH@jSkzxKPb6K$O
z)H)8s<AL_~0Fj1(hYG-SZSt<Ha`*cXjl?K7vwMS^yL_9Eq#oRzWt^kN56rd>!^HRc
zX%+_5BiUvV1uTF32roCFe5rI-?Ed$RUEJl~g*(Tfkj1YR<{gkigUmF8h~QWQ;`8v6
z-H@t#<FIXuysk&HX<#8zphBjqU)^Jqt$Nd*&%EJMvf1wm4gh^{4@eoz*m(`yh{!u_
z>ZKq=MH}wJR|mx2@^Po-@*J085{!5ph7^E!ciMav&CsP<1&}&q&o$;U-mUYF$vvhP
zDmVWeAv5`%lw2cX?7`IO@mQToAVb^3ES05_P0?9`IE*gJoq-$<Fnwfg{53=ecUE7V
z1s;WYJiD}*>xXJ*9>$VvVt=rpSI5~8raV_e6gISTLInJCs-nm+4M0{evm(*Li{hN8
zI-IKJj0itr949=0U8mBb`dQG5TSNyiPgO<4t~Thl$r{)sg%)KIhY|DOJ>PBPGf4^d
z_3EU(TLqJNtw{rKH#37pQ;p~Z_Z<_WCH}!VxS55zr3(*8jTyZE>)VbzWeSjDsaC_G
zgs!a=yhz%X5ue*Ep*^r&rdvPElidm^ni<ZaL_W7L{<Y3RK$&Q8@|(hy8h${t0qP56
zl`}s!ABHq_5BEt9_KA)eSjfF+dVk%$UkjqHz)8@@U=^JPMYFwYd=-zUo<!TW-*5)v
z?H#A)pa__ERKhMbm<XR#)5ONr^#8@vDyS#@zFF=DKN;5lg1cOn-PL+$=dv$xy{LSH
zaoE3%!Rk9Mt?jbqY?_`jvcAL3Vcy+Gu{AlT%(XfEWZZahpReIK2UTExJDT)V_@MTx
zq9!|~@bZS}g5a!+WS{ty4X#B>a$f&ckW!P)Y(=B@nrG{idUTp3fGUw8?``E?(Obq&
zv_K|+Qp4{Sm^p-T+$n?xICnu{ls+DLu&1lpme!ydvA0XT+#te7#}>0Hfo2$^GQhdA
z1jk6;IZeRi2>+%hO6iebi0CeNnOybY^#EMMG8dexWdsBJR?W92c~J5XT?yDHVbr%~
z&f>-kBQGKNvYBs-czjgKz|xI-`>#iOTq(#hq}7{!YwFf1%c(jhP$K6cQrPF#S+}8W
zvKy6SP%W`%mB<-74*}(}40hYAY~Jj~wTB%CXVDV?aXa<y3Fq9+)71MYtFa(MA<ivT
zNwU#U!kXL3-Rg(98{++I|MGR009d(^sj8g|9{4<{hZucEe@<+OTQ}^C&)#jxdBFx@
zJ~IJk=>t@M4OUp-vqIJ)Qi0x=?BGeTTi^XvnHGE&5y}o-TUngf!o`nW(LSnmR1kjR
z6z@-UDkJ?^;ZZOEQn{VbftiAM5fr!{mIm3U4LPWCWP1NqVYOGO)@!C9dm)0+I?ovc
zgoRcx88SXs@Q#dXH!1dSrAv6tv8P)Td%Q?^&NAIE4l9}JX}RqAHzB*5YGG{Y)_P4V
zFW@I6peS@QJKIlPy>Gu+?S{)@7PL1VKmH0}6KjYM35XUP1*o2C=UNC)x##k5c2)14
z;7br?9{^JaepkA_b;XekWp_=>(x<;6-J~P=BNy5-TN3w!Ns5Ygd9tnRXZc$ekm+mb
z3?$x3_+nx^P@-3Lc-=VGt<wLx4syLpw>^HgyVv9G?bY$Up=_+BOGz3iPUMKRpxNLG
z_s~>aXzwZ2*3*Y$qUJfbQkKJg0`(mN>6wUB!cPiVhH}DV0h9?T*D{Wf!7-)UUg|-a
zYl6VWL~%XT;}DizuD^wQC)*mq_2COhH|zkx<N&*6d5@1|f2h`rzut>sH{ta`U2X|@
zp0j(oC@#Y-kiaDL$}c5*tOZAvg>#ZxR-~gr5sXuWD47F;_P^}!8~CKM^)xoLwwYv?
zY>!Y#KFEjBt`Z2hKst~EM9Sdp&qL9~<}B+EdUR1!GE$hk7y@!L=vnw;IRx#rd_qkJ
z&HoAsZ9Mc^)KQkE$&<U0Hb+y({XZ;y3p|tU|9^5y<X9oIC680eA(hi?mCBPtlFED?
zMtjQBQ(*~n*yb3rwhly*B}qNWp~P~UQ&z}|LOBeJVVIej9sO_5@Beyvz1**v>%Q;n
zx;~%lefZqh&3GZOV{N4<g(n3dV*eQjl#K-N+o-$mA4G|annnw=RNoBKhNBu}8ns;S
z<qXM|MngVThu`c=8B4WViNS)W(uLoZgWwLE)SH4RV>&mrYz{r8Gqu+A<p--4uP60$
z24>x;=`9NR;KoDvUq2vA2uQAhy#2S{xuoDl)2m2r(8&)a02XTaC?YWT-{g%iHLNg+
zXsqJsPL!A4y3SBmud_{f$R@RBR}8G<CIC!80E_`mpVCruQ8V1oHO%$!h&7q&>)5;Z
z@SjL4&MR>R@qeztRBxI@Dzi=~hwQ>#Qe1y{H$rCw+(&O9@FIZ4d?%trG7d&az@V~b
zHwS8Rg<LP}IVly5YhNimxsC#>r<U?WXc`4}iI<lj0(dR#zh;6&(F$*dRaw#SHoY=)
z2fa>-9IX|zwkq*bVGFJmtVZJR2sMHhck=4kmBR~=y;P-e#)RnbP(1urw1X%dI|{kX
zhP~-NNDoV214tDkpYbv;YGG7_Hrl$gmks)hrPJ-|<jVQ+2vr!52%Ap0c@pwXA9Jqk
zJNPr6DO0+c8_TYzd>xBfcp!n`k7I&=y}+Tc>EW!=dMl$fHuU)eF<p9S(XAGk%eeH#
z@ljFS@nm6Lizw=j@WBqrt2zsYL-4aAM;p301KY;oUIEFuwE|G%WGh!tV+DwIW=fr{
zf0S^c_kVZ@UjPfmW+@`$SO|R5Mom4nBqZ&Ny{!0#U+Wve9BW4>Z}Ut{%f1TBoh{?W
z^~jUZYDr;dMo`|j#^=$_7I!N>PSnD_#hs-qI?vYE-j111aU<0PS32<rU*qfMytm=5
zr2?99WTVljI%W$vS(-msZ8XX`AGvLxZ-Qo-ijCrn*8NMGP$g*_f3NU-*h1v6t6*C?
z?`P0Vrt&do66BvJcv7c6Um;zz>hFSejfd|V1m0j8ui$dWHRVmiB_MaH^`BRig692g
z=tTQYsZYoLY6Yw0*W<t1-|%!>Hwdt@eT!?A1})E|gAQcFhk$^lJwRe!i3G^9VwHJ$
z*olGOLnoKt?W>7R=X>O$Rm)X`g9z&P)}W)v%Rmkh5qOHV)XuqkE58MD24+mjPUhi`
zUL8OxQtUgCUtvB|QbkJT9%i|*t2j6kY_XeEGXU_rsy#VK9s;M&9&c3)sv9^-Rk_dt
z!2G}0%x2~c=h$HB0u6n26G*|ApxC*G`L(JSZ6jv|fAOvhf%0tj4g>E?p5R>nqNk_q
zdmYGfM_5t^{3ag3a@+|Kb}fna9P-0ov94AA<ho#@aWmn7l`Ytgh(8l{8x0QJH25nr
zyILKbObc0Zow4sc+G!3DME$xwP8uyrdeW+1h5XH`gsUO?KpFhIJaiWNNp%+@%ro&E
zYag@MEuABN7w30WGT+DmYtUZOt#jN&|7WBrJAW@r<EH{7zD;;z=PD>)nUx;>=l@8D
zTlUUC23S}1M~*ZuB+m4T-u+P%D+aK@QQ4^51{UDGEQ>`TIqnS0LP%A#OY4A_Oh1f`
zFM7kUt%cF;`s&$L(J|?7UU%#b@V+t%yat0G-p!2Pd5Qf)E`X$cP3n(2xJcTV>qr6)
z;CH~YIwEeQ4(K@b_Yt@xa|^quMz$>_u2y{)FLiQD;3kjuHXiyYuv8EJs-do{*HzvY
zWd`&>WV6Z0V%j`^S#*bG1_oS|7SxmXj5W-6Ul(K2tkhn^D(Qp~e98b@9u2z!eZID+
zI}JR!zrA0uCBCmz|5bC*VZK*Mkct!aW8*v)gqE{Py|h6H<&7PXE%onKjHHswviA5u
zLK51>qL5bOOjco1U|UbNQX(5Gi?Pljh9f$NIABj`%nuJfc%)dg>v|{8IsqC#u57zT
zS+rj72=#`B3sS|XKzsslO|vv-wgxjU$Ia!(gM>g1J#>J~Jcd8pEMdks`#kjCMY?{N
zER-B-CLd>hT+s*OK-2g~-W6Zut)RSq{tOIpc`!Ev@~u*yAcky!Ba-kGl5>X6v5c%p
zdQDQHlR~Xi3qnp%yp2XH9TdE0)>dIsXki6&wTcMAZH%FDjr~&dFt0LW0B!_dKjXsW
z^mAx`q_Hy`8aQ^J7THU5n@OlfZ|cz*u@<fSCN_x&xV7@?$NyJ395+#qte2Hhat9XD
zs)7k^>$WyqI~7(>-rPkugU*%4mo1*bem=|;=#H+R|4w!3^T(dVk>dXii|rUw9|JRm
zO~5@z9egJ6PUF*azQS`VZJ)8S-zJ`2CsqqTu?o<zZKKeBHwBm3t%P&P=U&*R%mz)p
zwN1YO-ABnGlL7|N@S$gnh!JTOj&W_gWL2EjCvCelD+5WkBxA>uTJB|@W{P@Cg8z-3
zQU77zcNrSIAiGl>c(L$DL?OAYStOU>(h*k-s{}5IDgWgCpaVqkvMjz9_EdZxkYi5)
zuG>G5zn=g@pfLGtQ$^C%V~uyilkc%!Zxsrv)j=s6&|+G!Uno@TMe#yX8D-il{eV4&
zC2Im;5vg4S$xUCDQmh@-z=`=kjAs&N;xzTN7bDa$`^fOYNqQZDpXCxeNiQI9PmUNS
znLWjOA|N4Vr;|4tNx5Rv|Dw^MJ8yGXtD{Z#-yrxSh{ZGwics`^rbi{ABrU;_TYHks
zm@fqnhBP)LH#tDF+L!dvdn?O#>1u`~4Sy(79k(53l}OGIO^I!ZAxq+POd1w&V%k%R
z=Gy^Co^t2qSf%k&)OJD=Dulp)hlcl~gbQ6voCbcRfGn{~zcJnFx@!>9R<FL845-)`
zwW1`02bAW*?G@|A0djtTJ@%^6Jwx;_O>~FnH-IlZiLKJffK^02sa{HTa<jod7*}V?
zp*UvIeU1B**@R+9-)!Pmo+iNtP(t<W^+<XdC@1!~6{cgzzSvH_H|0aNlLz4{p@85<
zC_&fg7GCsBdPRwprJ=`4g?!r?+z|?#1K86goWW?96db*z=%$P`TYvXy1O{;H6&{v|
z(Crk+v=4mqr~^eMJlPVVdm)`4TH}RdCMvHg^e=1?<pYlQ<wxP(U(Em$-JX6kBL&wB
zG~+S8x%15*1Y~PT(PX*Ce<FmQ9IIM=2i#<2Jt=%A^p;g7-(0041yEKttV(dXB~~|`
zn_{)?a_~kc9Lo?XlK2MPG@NA$|0NFmS0Y@l9(qTkn+`uwOC35%RTo=1boQp2NR<#u
zmVKgy>O{CGS??(?4$z88wY`v#`u}{TWnY)0HXU=NiJyT+G&hS|jh6B!H_@0I0heSO
zxwTNqcb*bH0#AiBl|M=CLB49*_<an1O85$Lc~&BQAaXFEH=x0O%7RwciNwO24W4e$
z7i<S0-3`mjlfUXKB*2XdAvSPvv4Q5w@4;`hXhXCnNPF40St+RQh`s5I!7(^R+WPBi
zAo9Ryi<uKI0bx!OSPETKSB<RN#!aVBDUNK8ZSm<L1Dgz>gZnlC(AWw2;bkSWlW%)f
z_r39+nhZ&A>bAgG2WA`R^ASG<4cy%+CQoBku4;=_DnK^wl9xXY{~rG50sih3G87QD
z+(ICVv=;PHh}KQpquvYdNe$!8Paz$Y$YpkiW2odArMEz8B!yy7Z{Onpg~PXvkM2VW
zhY^CTjZ~{BXu&QWaR^>Y1SaULnZ7Xo(_C>P;PED+#vP_ZwLJkdTz5pCbVW8PvfZ+p
zIzho1{!>VPHs(M%^s3U}WMV4}$R-E#<ybF4({*T>Mi5|oDMoG*wjGm!ex2Bm*;N8}
z{=zFbbM>G`QWJs>AVFKJ&~z`TPpKwt6da%q6773Pn|LVA!e<h{Du`N26ClDW#ujx-
zHihX>sA|(Kn-K~gfK8<qo>ZVRfiseLCI{r%B3m8T&QtaTdhbSR?Mr@rZ2fv$u-xl&
zl~2tQww0$QjB_tFk&Vao^b~2W76Y74(PXtGW(rMpa}izX(a7mvS0Jjw35g*ycvoS_
z_QK6NAzJ~{ZhXz|E8IAc<T|Ll3INrYl6&g>lDb)v&$>?Y!-GYFmeZi-XYYD2E87Ro
z_Xw0w&|<qU8y0%d$#o63r(K0zZwX}U_+b>C(CgC~*SQO2{whi(P>D?_(PM3Kz<Gt;
zwxuEd8VOZ{XLIGs^dE$X{3m3FopC$Mal6>GvUHvqP>AvcUd%qNAT0!9?P1YZ;4#+;
z8DOH#4z%9s7NI*aMZbNh+eTrCG<bK2$l^&SKe0g4$-6Q`B!7**nj&if;?c#^Z|4fI
zc0Xr_)&Kic11QD`*Xv2)rQkOH=<@=w1hjzjc%>?K1o>oA(WLmtW=$a*d?m#=#E`w%
z9GSQ)-D;av$de#BaWxTeTk|*dhbV3MnN9<vUbAazqnjKs8SIi}W5YRGct1o|jI&B=
z$om<$2T3jNPH}w5Kp=n0ju}Yz&O2|1J1mk+|HmF|iLTn0gXAM*DmRZSODC0GLl{#7
zLJOpZ-d{pd>rtD1Ic|KVmf&gSDUZMbdcwoj^O5p_u7TG8`B`y9-eBBz#w}5)Mbkk+
zU6pGPB0aJI4v~2*XuOTl*djHZD#Lv~vu?KHV6*7QY>WYXT!S{g+U)A1-XF*l>p?q+
zw6BI=`TX-wup!jD>q$aKg&@S&2S}RVO+&OENDByHoqB-1na+5p;dUz_67H;p0UF`W
zAB)uQ#LP3eGv;-q_m;{<<Ml6expudh=e84)`^VKW3Z^#Rmw^RFdAjvKm!mXng{ic@
zgnJr8Qe7yE*`H+TKo8XIwLev-_OPgrr%!9RQeGFLUZ3(5viy>K%gXKz+dTy~;X_Wf
z(&+Vt0fjTCRq4jReg|yMYdsWcQ0UtD1wQI8yh@O~lS|MqPYOuE`F{POfW60e%X;tI
z7iGxFJ8uN%_ggt+qkFb89mUVRQQ$&l)e!FI0U-;J809wtr|0huKLhwci%ymDpfnZG
zk++7YoR0)l7g~tMqH<abtO^3!zNkyVJ;lF9WX!e2AFtm%<R-{&IU1QZU^t-8jNekf
zA;7{*#c1<2os96Ug}5%<6Bo-4I(WWN0z;h3uiP<G<|GM?LC!oH5bdQXhObve%7Bmq
zbvkP7)b|(%?9qfO9gP;C3g}vr*}2pIM#qWwF@Pa$-Za$ycOoQ7i0+YWF+y(d!71@H
zp|X8l^xe%c5?^UVUgIe1#F`4=Tj{2=qrW>VUWS#3wT?H*>rY5iKe++6T}$*v`BcF%
zJU4Mi)z(FuT|joxm>S;9K8PEv#x*6$l)Gojy#Dj{TXiCTUq!69Y;jQEsL4}#(W2%c
zJ~Sax#NDc3Gc|$21hsnqz6a!Sk^R?7h9=Q^AH0m4r~(K_in!}4vLDd7RC=*t$abEQ
z)PF*}9f&Z4;zaTfo<8fr#<6lN{5Ab56PM$L-CDnI=4-ssOh52>0Os^yI`9xb5PX*7
zpqqdIy8=|xO-I#-AN^XnQ2@tsY<eP}(mV$&&Z(>wha#PoXdpfv=}e43-^Gf+D%%KU
z#qO`?6`L49Bd&CI{q>^^7V!0IR`h7aQ^+dN-a*Wg{y?P!_W{Ti2k2~cptj@`=6mH4
zpnwNZ=eN)ftvBLEe(od!I8n|DD~DcEoDk{(WqAJ>U{iDHS61A1(XQJl_P$7GhYn?j
z%wH-*Htj19`<lBUDAl5a>m+eah0o87IW3=Wah$o4(!6!_!v8pR|5aJ+uUb`X8c8`L
zv+5d^2L`!#{S!{1C@GnmLOIsdFs?NDS}lA-cMMl$`2}}J_<;opEY;N;f>wTI+|>*;
zZVT0|g}b@ezV!$B_y@Q}A$d1ryPm|hoCG&5B(;J!i+|0OA%ukz-&@!XXXYq=Q^FQD
z!+hY8p5B`2D&BVu)*F_%|H@hhI}Ny=fnd!^$f|4PcHUo}`PR>!Hv_pN-)*D^f7IH{
zG)H&s_1_wpHKsX-mM*UQx((p*E0tUEaCz}Q2jyu6m!G;V7uDH;rybyF700HGiK-zh
zWt!dqkf9!FcCoqT;HAoS7niln9**BTC@icf&|Rs)?<~Ap0y*+Q`wm-fS-vO9|0psE
zI~yfJo9yq<nSHon4;8uwUZy_Hvop)_JK6k(K1;jz>}loEI;kVp&}EZGt8tYa7`VJx
ze{(!!3Y_E?;yMF=3rUsvmzO++Fn4XrM$rCS0V}Xxa4S6)4g6mx4hwA)KGZB)Cw>WV
zCNP!fvXVRyd4sKe-gC75vf{)ne<?+0$F#-*P{;afMyEXSG&5dn_5Xq;<oqXO#uJJv
zcuPFX%?1{-X<o4(`7u%aZ)B4~(0^5cijU2ZU%Nl6PNm<o-W-lqWVs-<2FzyOjvwv}
z_4}W-%be=hH<HW>XU&xpB+>O5P$7vV-AB|N-$fC=Yg;oyLJ;BubK<vEW3A2d1H&_7
zVEj5UEk#NI%q~>cO_Rt+t>G35alwrm;BV1Ik+L0OLdQGe{Z)|O*};3_kU29xPk|}9
zJ;gfMtBl(&T`Cd9`Dzd$O(B`R?YPZs#r*$}z3Oxel%h}}NsELjz;6RsL+B%grXZe1
z8|+K=IGb1kQs&`zvA*d?>M#*Hoe!3?esdr2uK*YxD8~C-+YA4+yzO0Lhpo-t9Q#ia
zz00`gttM5;XpP@mx*?kLimpJeygx_}DBIu%ym9C(ZWk^|-$r#K+bdYD*F-`uNe_Gk
zM1wTh?YA;en9#&!_G~%w4%@Ajl=HL<?XT==ZPXmBy_k2T4iHrK>K$nY+pOIWu0Xro
zPV6wgtpk*J;j5!%u1on-sz%6_Y*F0&2Eq;5QJ(CUS%UgXO^QkO0J>CtBViki$i)KH
zjQFDnyg&5}Tp>;NcNK0%`fN<&KNz;N<^EG33jj;?K87~mp0YQmPR<z(#7n?<Oo8N5
zRoC)DYAUkLN%2<em2yk{NCRe|vH<T6XfoQwfDn*pl11cybxYtvYn8#+a>&b3=VM~a
z^3jCyQOSej4OtuFcJc@7_r2uJVgAi~Hp;PFY*KK<RMnY5ZOZ0~<U3?nXsTJrCaJE1
zxCIxv3Fzfx_%a0iOat$j*sgq3wS2Ubx2-&(!^dXx$<`r{H#|}jY99kc*$SR;Y9p~p
zoAfrfJ5=0B(y{>-sD^PcMFX5fd%7NWhECri@bGUy5zvwDf8*2MJAcmK+<y%B3Osqx
zl8)fyhd<;u*uoX4mla*^1n7^nV4H47;(@JPt!D*tc|iD`|AbEh`nyW5C`oo$sL_gg
zSP2o{583L;T49gK+hj9?!GR&PA0|D5|8%hK|NL%1_g#0KSnCoc|MHrbOFf1^h=8X(
zW$Ub*3r_;J5y2i=GX7&GHq>k}Re2mR=t->)4o@wp2q!5Oy{YHR?V<tPtPJGB$Q|rX
zCyL62R_>l@NWQ{GVTU|0l@JPfx7(zD4|tmqa5a{@N8nF!F3-`zx4pQ?BcJe}IzI~E
zHU(e2n;QWoqo&R@rKS{hEy%SK+Q&2RQZs}*LP7E+$8i6+LG;9L!G4|6T?3T>pJCz(
zz7jK^=1GVu@wdf$C`u0%U1l%jhwGGog=#O0(QuPZO09R75^n<t(G8$!X%d(6A~_=n
zS^=bJJf43BCj3Ub*<tQr^}8%l>Zz-<A}u$J3c2vrx1nu(JM&=v-6D-PnA!`y{*aTO
z;3F@PpE>)1+nY1ZZ*h9O*=`&}N#RW%0PeMAFGYSaS==T(2&vO!TQeo@Gqjwid7|s5
zzve|gsa62AfVc_VmicZ^H=uxZ9TF>mu*NRzT*dV|%Bvsvrz1%&_4u~?4>OBT-Z|u+
z_NVb3Z5#K0-0nCHd~^QiJMbF8U044uF+B9fch_z=CBuX6H9qo6YMQ&}cBc~b{<wHo
zF6FrX?tybrCga#2JpYl3FxDfNgl1OARaqRhR|dPfz`t7AwE8RI$SM4uUeu%rbGgVa
zcV!xCsAYe4()n4SU1OU$yWDW(BKcsZ5h3&rcFpPV(((Cz<mC3sNTTXUygE-qWFrAx
zqCUQ%alGk{ua7s4XG6=NXj-95pF?ire#O@=92VsW4!tNuy(0;)4e!2{vtl}`V4WM^
zjSDvC-xD4$x=vE1#b3BmMykpCTZ1NY?YP1xn$NzEQ8(va4&<QLf37ARq5-l)UKQbd
zd1%lnq)4T2!sr72m=IRTRNm8zprK5p$qwGS2@ak6$5;yagC%<H+b?`rBrfR{P>#Uq
z9&&0ZZM!aB&MUud-qoew=^chy4k)+p!(7?fD{d&?oc3xk6C<zeaBk9I598j9GL6@C
zR^um0-bCsq+TojjzFGMY`lwpyx#!)X;Mg2VjAJm(h{>FE9Hen3U=MR8mS7%z3H*kj
zGkMvH>)#W4G!9b7wq3vXnf1v^&|!kRwoH3<w&(**V$iXzS^#PYdcS5`l+W2s%8|y9
zgaU-0C%&u5K1Mdo=VC$QkCt(<zirnyaX$3JuM5~4r%|>|)0)D@ji6+{lZkLtUc(Bb
zf<&I!VU@FdO+u)X$j>*FvSR{&n81KxGUvRT1oPlB|ISwWFLZR?n$ltJN?0!c9ZgcQ
zf|_uQ3G6q4-9mf*!^@>fyvg1C+gK3H?<X8H7W8m<#uct)lUdBN5SZm9w&}H|eYGv>
zi1Vs9H?2;4ts5!R`K9X3T~6=O$QLWFYH>GdRHwX0o&gk_x|AOYj@Gpf5$nf=VtAjv
zbz~Z<aD021d%~0KM9+GU#x_T*G@|fa4)bgdiYX+7?dz{NL@4Y-Vloe13(*k-04yzJ
z2YaYxXG}mBPIb!Ng|V1nR|;3pdL6QZM6QHFZX~8%pBu#%_Z69vO&9)b%9}~hVrr`*
z67L1klg}a_jFFO^d+5(eqc*U`8!(nqchI0E?iA7Eon9%@*M0pl<p8*`C5D+7hZ9|z
z65hFasIaM}C>BJ&3TAo*>L_>I$yqZdaZM}wYnYeaC0R6#j(x|!`5A_6Hxf6mL%-~D
zp$#Jj8B*s8Y-3;C!|=13HH1$}5GEBB9TD*ad-T181<DI;$dX>f<bA;}^nMfAob6c0
z)Z%+)y?bI8sxfQ0X|TE1t_$-yfe?`&|9CmXz}cZ?-ueJt`s@aNcQ`SC+7Yj$ifG++
zcuB##Is*$ufx#BM>d$!PY>g$Mr%c(N0B>wxb|@lU31iUFE{$KCt-HxWfzsiiNv~$x
zk+nDxkCiJ-VFpkZw8>^jFPa#D38=j2j*qi^t{BlKZ?gU`O_I@}PhSF=VT4hGW%je3
zdqzPeJsOuP8jPWxrbXixwN-a?I=^jaQCdtYA`8%<HXBo$tSdbzAN}<gK~~2bdU956
z(Z*V_r5&W>&cRtRH+uv%SC<uI;NH11q8;(hDbG-)C^#M~Qh0Hq-WT*J(ZUU^ifFqo
z`awEM2!-fUL?;r0A5zm^`kh9!7?$EJd@8Z~EV!l&=!LZN<yUwaXRVkO<{3<>3N0I<
z3r4w~LT+a{YDs5?IOpfi`%S*TQ3xc45l=6;Bt<&H8S*v`=kiwTZQpcoc!B+xd)OzO
zx(bqYsJ=!ns|0YQU7>YpwpN}YXXBb*MUEiajmw#~hpT4qBhP<k0o`nQbDovOdwg^M
z{DhhSpS$|;4ibfH`GIF)GH^IWraTY0$bFNrhrz{(8YdkeB7izOwKK$-N(+X!q$}v5
ze$Pd99wqf7(x(W2qCVx%*rfeDMh#u-1@e?*q((QQb#HAjUAi-2h$dGwp-7Cp%^S4j
zJ$Xs9TAXP9%7qb`O~`7oQSk~bld_;2h5gEj2Fc_E0nh|pwpwF{ez><j$#*L5E>FQG
zQ>(D4Z*?n+((%JGSG-NAr%dQJD!MUR6G@J-2-RSn?EJjBJ<w0<THk3ij8WhtcINUe
z<cau^L}S6#a;Ys-r(vkwqi|9dU=CO6tg%#&%=B}hb&zfFlU9qN$_);!9wYIVQX<+j
zMDaC-s7nF%{#wsrYk43xW`%wcb90_vg7Z|{Lz~1?_z)d$8;QEi5b#UE>gyvH3`h-n
zmq#w)&VP`(bQVxjb%)VncS#WtLa}K&Xa*X(9#4qS3cJQ!`nVeH9BwJT4#eEZ+Q*oY
zTy6X`5G6rPhz^SdKpBgeJbZklRvRt=jwIKet)Bk>*s68Wh|OI~0$R-bXLxFhCD#@R
zRVzkq_cy=EelRm2(Clm+a(O+rR5p^gm2zcK71P=nD~!2>_j;b^bW4?HhG0R<@<YI1
z0{1eJz(*qXpudK!9t#<k=!l_;Q;8?;1<&Op9bnREaWf_}wQhJ}4kOc^EhVyejBzM6
zl;QR+;=TBKMPY>Z^Smx3ndwIjtu+4EfqZxIdRO8feIAB`^oScpjG95)Zun0ASyAQ2
zXH!f}Rku@$IA*jwfZ^pdB{KvbqVvt4-OI4g#M48Av*>%#&hCl#n2(9vZmvb|--A0u
zFYz;@U28jlQ?JIWuys9eV5h5iG2(hO@KUAtR}#JhtlhBJch@kx<xSQy)N<o22^LIN
z>1sW-6lzV@9&BGO@MlqlqP2=lc#CTuu%6oyzE)oGY|0aIo4Tayb@|?C1MCc~CBlNy
zop}>j+4M@>MM<BKFQP^?94clp)E=%An3<&wpI)1<n`hMyz0TqO)x|(br1}fo81aWz
zsGIYgcfCVVHY=2dbEdgD#AK1OC8b1x35c^g&!Q-uq*Q2k@qcXG1ebSUIpL8sa7Jek
zeZ&!Y4Cwq$d74=7F#BQM5WmZu#m-(iOB2`TMHybq;Hfb#!ZS>B#0;a^gNDph=Igv+
z@#gAkEK*=05aj-89S!Bk4hwAejW0%6ieG^^<BAJ5A7N8YeqDoFv%n4vC|vs{C0oL`
z=C`;Bj7s*3@6UOID$Wm|RjT`*rgJhS5SeKty#N^=JbGN890iQ|5b1KT-C?dmz);)|
z{;UCJZ{Id_mJt3I_Vx#A$jG?WB2)1+`j(%mO#XMqrSgz%zzWr`Vb1W*jG5WeFy#A-
zdAz3mNKGmVYAICD!SoXY<fqY|+j4}t%;A~#r+?;ks!aok!6AI)qszXDWDn7v#q67I
zm}FxRa|iP>(<|pe^l7<RG~{(uryQ86Qd^bk0_x4>Q(g*^mozQirGn#4SD%d$r4A;H
z#{-PY=I*`>oZ7{;AA@C#&ZIx{T3pLRb_lE;h;kMEnkQ|;WeKfPl?VB)pq*8jV$~^5
z!-=N$wk;=fMdA}p%x7cEWm5)zlMNvIRdiAqX5xNxhU>lXf4X?Px>9ZDWm??)aYu)A
z{~qRKWj+<n!+&koYtcMuBZKF#cKC2qC$`YsrOMC7@_-BCc;zHo=dSHp_-mvcyN@|>
zwZfa4ZE~-I2;7*$JL6uGiD+WeYfM_`^s6nMw(0skp>nag!s~wD#b*$$|DIjP`f!YW
zB50xup9OzrF>nh(4{>TCTZ}84U`-mSdxEqr5g&K0<`4E-&tsqOUqNZw`-fdChPdjr
z>Y3WSDfdo%Hl`K29px^Se>SE9v?F_aKjK&xCu+o@!>+NV+CwB)lzr2{wJW=zTsZ}E
zx`DK$9fn{v_qQF6S;`c<8x~-0@1G9=5Mzr`(Zru0klT(s-$~bLJok(3S<{~jKwFch
z7%=nPZ!`RXa1+tzYWVA%tEImqM2^|ngIWS{mkbD7hdsDur>VFc2h=tafHd3L{eIO}
zebJsD&{>ubh|$;D%frHY`YG9BOb?clTsG7SR$o$c!<WtrGUM&j%`pFdU;p!a!~VJb
z`2RIuH-U+qWBogAlP!8Az5H2J{`T3J4HS@mbl{Y2IXBRUW?D3PH%_ePhRL!kWNO>z
ziqW3mosD}go_>Wt_Pt^E+yaJN{5#;xBn@OAyaCTA?&DJI?uD~sEi|TWNM=3aAhpOR
zX*Rdf*QDN^2CI>oEQdCgURl{P%=deOQQ)NetMzl=6L_%;@!jNyoEO^2DGGNBd&p*C
z=6>@n+MXcYJjwx~1UzWL``=C-&V;Ca-?Xi(b69m!1BG-6+VQv#e#nQTGhtB+?C^D>
z$$4YaLQEJ$ZAi%zf{N$GUGJ!|Sdqhv<Mn%rE~*Y=j#53VPrz?hkz5O_i67cb!uw>y
zGql|&b7WcB@nPwXJ(hg$+wq*tc;^9S_hx5zNgA`$qBoN0k++hEG3mQb_5t^x<P4z7
zwO@F<rIAVJp>0<5Q5VppB9W^dMmbY7Xnmq7uPyhL0Kn6p-xJt96?G`Q@8?*LtV;9<
zz!|PhzVZ+m_mAxf((p5NVSn;^SM(ey!Ca}(2^{b0iK>Z`i>*#m2GAJTQX2Kg9Cq)u
z(12I#)h}cH0OHX6zt6zy{%BXsP};uvtt0FTZ*oh`pLN;$uc4F$h&sbbC23VUPVF%h
z-@ewd>6YznwCBa?h#Y?2%h=QTw3M^!IWJ><fOcS~Ki9qN5Mzi30Ms2ykjeP7Qa$b2
zWyB%jlA-I?0Q@O@C?sR1VGo=Tvb`JsB^uz<D0%Oy^ik@CRs0F(<LR~p%LT3N3wO0&
z*p@sW>_vHIN<f3zncZ2qNP=}~prgsy3e$F#>zQSbF59zsEDL#Kgwo3Jx;A-Ogakm^
zj_|CTr+^%Cb((W1pO!a+0x8)Ld>TVQcb2p(Ba<yh{%ZQ|yPA68*%&T#Q>wev%lT2f
zTbd8SV)i{x&vg%+wgx=-_id3VJy9B{VgkE)8Xlsi!|D?26Wxvno&`?oqZQ_fI(Z7R
zW9paIPPE^th~5Wn*ie;jcTvvS)2N+M2+gUedF9NTarY`xo<xbA-<t+6kN#BCrL^ti
zVYFh=8p9kj{5(@XcwEn#J16au`g~`e`Q8qUz-%4XB$!?1YBE+cys6B=Z_;ZdJu_fj
z+wa#JPM&EXNE0LCQx7ydg4>}xb1*u(wC$IdG#m8B8^+C7^_5+rG*!@qUS%X3TVp2v
z$B$wozBZo`UaTRn*P(eUSL*9qnfA9bQ+;Rd>Zu!0i(e)j?TBC8BQ+(GD^o+hlkd@y
zPdf^529MDn8ShKSUP@fl(Ixgncx9H~q`lC&V?RNKnZG7Km7qk7K%ILY+X(qh(MZ*6
zgC4HRGQ)&VyObXQld6)<X2OCrTWmUQfVd9{_6KOR*wzH-uUGgarkoGwrAOnHvckX3
zXo*i(0^G9(yPo(?MiEM&Ku78$O)HX=+g!`dXT9nT(O@R{Vb#9n*pZ0iAFg7acQibq
zJvV6nCUd4$2%Z0&{;X$edq;5}0E#`KJRlYkEqfMGD&3f*j4sK)d{?gm0Qmqhh&0D*
ze4%=u2t1NS=Z;PpP5Xy!XW+4k0DwQ&%oq{muUnvX^Z&47YBPXLn!Bt9JRU#ZFuF24
zPigc>)O6MJX<omR(1Ryalsd;E23@oNgW=2Hq0{gK!ll^FE)^vc;tCRksZiz~Hx1^I
zH1lYv$<u+80AueUTi`WjZPyQ@necbr*a>Y$tJP}ma$#H#{4)bR-!w`rpmdbk-0@%F
zSi4L^n4G@Y$k53#;Oam+`SBUcxDJ%;{G^jZ0{PFfj=`lZB;bEBJ$TQNY3D~Yi`X^k
zAkBNJuh7kc-iDI-Ol}>*k+DJlaBT^w<tJS{fSg;JE<RaxDEQFfSA8qG6zWA1l00FY
zx2*J956RGPl5Z(AiX?Q)?51`v4i1ScNu-NvI$ex}QkQ8mljE*lwi>-byJ(wt=2E?X
z0$r6vdHu>zH!=${sUK`U^$62L?Ts~*K59C>x1j?91o7oA=|_~ze>Gi0)<=B(p@U^Z
za>l=cl7asFXRM@gka)GegTAy?*FEm=7<>QvF7znCDzE3Q8JDA6g$V<`Bq2>kjN56~
z23_3h-1bJ}*Ut1q&`zb!3((5M%o~aMxE%xO*C)6PWP}^Wq&$2C`^Ky-D^gIwezQf~
zmYQ&FxXq&&&x>ca-CyeY_{c`Gd)QUCpsm_wJ!JS+<etC}dJ?_iTiGt5iR^gQHhrg6
zYYO-_=F?j6<a9;_gcEiV8pdhnK!*hwXY#jd*|`b^j2J12UFARWe?zsp<7VHe9ue<y
z`9sAG#8}m^Q4C$g?i{LTU1qM-GT$e*qh}Ap3_01HD*SKy8!CuJy|n%$GzoXxTsnnW
zFZmrdf04t<W%*x{l-syFPF{rWh(r>suS0*VTN`?ZJ;VQ%@QIP`kx>7hj9Tw2b(!MS
zE(~{i{i2a<zx5JXhfLrlD3|gTmRf389Q=RMQ62(D6K~2}c4{7^ToRV#(}MPeD!#Vj
z=L+2o#bqGxkh3}MK5*O0M{LvAfy&Y7bu^S=!M+4P`K5j>b+s`#@C{PgAOO<*(`oeu
z`{y6*z8nN?`eStBtC@xgr+#+)yYh0~1dZmO_4MmfGrV8y5R%A>$dg5t4~G9FyNo<z
zY<6FFTs6p*5Xy$mPK%2U6jj*#>DYEL@lvE4!Tx&UevYurwmJS8^)Io*>Vv>vgKu1>
z=x?xw?5u!Vfi|!h`CN$*7FY=Nry^dhM1Tax@%FGTX_Ihw#MA?L-LlhUgul$Lut2<r
z|Fd)Vt=hoOy8C$V4~*c*#59z@x+6S0t~b#B)RYtAw)g=G`*a?;fI2@Pw&No&Cg3M|
z*Rx^RH!neU%Dift4Yp2NnCrKCkMO`?(Kv3@d+x(LgR<}rGa7M<5sG&l5LiiBYqH-D
zr9WF9>F341;lOEPa}zjf$JMSx#+lB3$BIZ_Lgg0IkC^_>!6oviwSO{Y_ZOH5_=lRx
zfCQ(`5)W|~<NC1k9j|Ma3k&(yxsu5)$>R&6x|E=Aj0dC}coy^_otwxy8|)??eJe@8
zq<MkH6^Vg!0cV!2&ABGTJnoU4lKovqc-F-+yFs5bAFOUo;-)b07ma@Zo7`%j&ylxG
zV4UmbY+<|0zG&>_tUHd$o?@Ht#!!taQn8@D!UCo-f%2W!aR<GpvE$K==0|^f`;sza
zU}IMaJEp9;ngdtzKWa}W65Pmdsec9nWcapE-^bjQ>yre-dH8XCDu_HTY)6#AJmYXi
zr=yZRrV;}n-Sq}iJqhB{I+6MKe~EIj=|q7F$Q~SWKFgkF;P4z`l_Pr@M~KiKq<M*2
zD_3Yqly9_O!qYjD3^3De&zQr7UtwM7FNSkI9RN#Mx|hSg$L5hAkkH8<rO@fME{WJR
zXytLRq}H+GXGsy(myz*v@CnB!P=j=KvGVsj@fopGQ-?(_kSrWTe{|-OS)MD!kW`0a
zkX<R%lxll=ktOlMWqa5AOZu2XLpuB!wlslKxw0-t1N6J|<rYAqunUgNvaIO;;{8`q
zg2G_GF?eYCV2((gQ<WI@yx~lrvnY@9=K8O!wW0%fVJ1+bVm!=de&OngV8j)@j!(2V
z-VmMH5)EX8`fKvFg2d+w$1pPU0GgyFE*AYUn)*4qIvwCcn{L@;#ErD>S)BM-GS5CM
z^TdS`M(Dx<$ys}XcLJ1(!f7s8j<#bjB^pLbGyx9q_+rpdC)f%-@vhQ1YSa)A2uYZb
z?!hy2@J4cX!bzB}JB}z!rMw}%W8Ep%CL8rq1l-z7p^9wG?{{y+^KsqP;ONiv{Z0ES
zPsNJ3t4<Lwp2Ju5tm$EWeAw9Ox-)%s(9Uk&qnoV!$>w`Lix4b{t2L>uXJS>+5tcRF
zx|<ij_8^xtnrVrXh`8@bCYJ&~F;bX)Z@jCvZPA$#ckmy_TT9q{I3TTaA2j9CDF^tX
zH2$o-)l}@rde9uxoa`a}ZT&gUgW}!1zx<oJ4pf>`;J6*E{KyYY&>2ZQ$eSy>0l}-W
zr3Uqyi|ILR?^h8)uPP;@wK5dp4C8nt7HcRl0J53n5%1aq{8o(<VgWkIwG_U{StakC
z8g9BI1kt1F_Hj(7?p)OFFJ`mfommbrmwxbq!B(<)PLrvt6k91~zVGz3=ten7Pw?Km
zij{u%0Q`H_gQ6|YZK}}S4ATm5D8sKOdgm65GnK1n&?WhawjiS<`C>wxm7QRl=h<GT
zX)xB#qiy>jcGqxze9xDCTiqt>ozHgmm!73&odq&Le!xK8Khrve7u|9gT%7CY%IAUW
z(@>Yjw#>gdPGA&MeV7{6zFKKH#T%_kT#g-Hepr?K#^53K<!`@pB2E%B1EIx=P9*Q?
z%$lvs@o1>YUFF*Ly228`|5)&X@};-d+UKJ~{QWiZ9j+rOUz**#e`@q<=6!7ZL`O?4
z(94nrchOcFTjO0N&-c0vJH!_^d(6FmHSbrbJ=jM4MCZ!fvL3J?=Cj@N356la%L}k&
z(V9H8<KMUVvx0m)$zk@-&+xW*7fv0pjS%oB^G=)Md5tocX{vW&&5PgoF77=>@ZgIa
zHulKKhfEDiK&`Z-Hj$bSFiHHWhi_rMS<-G|Rkm(ErsfSZ!Jaqrss3`tjU1bkj@s^V
z&z@(8Ztm~G-E%D35a50o&qqIGCg>4K+{_zA&@QVm00<W6P`ew^JF5B@u(z8|YoK~c
zU37oH`;3`CQ(;x~VICr&MDWq((Do<Z@Ail4<WZ!vfh=-pfX>eL+9ujB5v>2PRiP@1
z^zOPUox8ctxb{_MU-Nf-mgR`-;HAV3_-ec~+a*e(U;)VMSL1g##!0Jws!pr6-+9{d
z8yWSDtdh4ns}%-1JLUoX-FSXV5(Z|H0B=OT0FzQS)K=RkI}ikDgxj5_BhcUn6&Yca
z4lQQFEdzoZU>Brm*;W{ehkrMm5J&%A*W8CQwIZIcApa+{E-3^!bgG<2n^tu1W|}@D
zKpr3soCQ%bQ|dc|PVz>`V?7!Gf!V?nH72o_KK2#)^_HBa3Cutd`8+%I16@#dbg+wV
zSKRljalh#u@8RvlZi^}8)=Su!G?U^0?C9L!O^ZrYQ+S2%JnoiDL}y!!^P|MA&tzd%
zeDBP7-Jm(D(VU?!UtqzHwWKm-+iO{IQFslMLdgsGaeQsAI6*m~ODbDNuSP@eK&z%2
zs9jM<9ZymYEQk=7n&?y#ny9Mwz-k?lQ25su$;l57De)tGCZjNHPj`9&r8Gxy|7NFU
z>B#FP{%qL`ssjn>$nY#QTR}7gf#9WJ7{E=~Rz(-x03vh=9Yo4mb0zv!y(lazdv5)e
z{Dby$Fxut@R-(QW?fn6n>oSe+Kr<y=0z7cyLXHTQELMp@FDYD-;@~W^Zi7F_dg`!j
zw)9;N2L<gEICw*pF~v1uYvj@E`mMl><<fIlx>|W{2dAt5A>!2qX63+>Ms7^jJ6y-k
zTJDnSCylEZf)}*a_gbidGxBL;<qrNQ6+`g^2;MoXqo3z}uE;I(>csD?7$=%YOlDmF
za0j-6+T^MyV|C%){HeQr_CAHwM4!gp0VJOLxDg_cvC_X)xrV1nM-%>&B-TrpamXC!
z6d!_$A-xg=?^q2R=HKigcl@Y6I+CRwF-i1-9`^e1r!Eb!1^~%p{jhMQx`*=0oXIMr
zXc4)61mnJso-mazk|F4i9C3+0x#xj@1#?5oN}!NT_5r5%yVMf^iLnG!d>w(}D%1#X
zy6#{K9_KxhMA;MQjL<j`kH+LQU!aMth#pa-I@*<^`ef6JG~P^n9!BE7ihZ;8vo-_q
zF_ORrquM@ELtriWRas@Xm3zW~6a)t5dmBtW(mc@CJ3P^fR~UKA&q4RrhtqrXcD%5;
zqd%cibkPH`gZZ!3d_kOHMw{<+*3R1WW!Q+0Q&D9H=AYZ#NetO5@Vq|$@{_~yZ6dBQ
zEgJ;60sSP)lkOM$t(MKhe<I)F|H6M-&0AO)Xuk9<_$?O1Hk{n$E`EH|?prf@<ELW(
zx90QTD$Je*(T|J6vtoiWSMOxSe7PNSJ$uz<=R&;cuR0)?zR6kzVAT+PPlXiY9A4UC
zzahN0G8Y`k2gtEd;8^Pxd^lL(&`jm&MHIF7MCBx^M<p_*Y-M*T;oqA%-?>{^m!;VS
zgb27&j`*B*l<kxl)tdl*Km2oswn+&-9Bxm;!G*_R-8ieC+XpAq7cc${Bq2WDqL6m#
z2^zZA?1g4F!cAoQZ!$GBaRS(9;S(ul;O4v=dc>jK5|B_#q~BL6|I7<1<P?+nZVDxO
zz^F$S#PyPns-d<&$Zy*>jn)-Zl|#KfPdJyS6?{i|e85#6cU~ih7_>aSFEd`~p=P9O
z5%$h{Ir*Pv)|!)0z*a_FvmvQD{(ntv?u{2n6zz!4FLGd8{J|WSmrmH~=bot9d)mm$
z;DZAI{i}Y}lcx-VZ%23PK+pFT+}r{951|34BKppsD6CEmGQpnz-T+v<V>KQ@9oup-
zKh@s`nvU+dEVydmJoFK)Ui5cmdoOph8<4#o=KKANXh&TOQB80lSaSMLz@tw%I~A>e
z#AST9CEL)IVYH&Uy;*D~;F;y#pbm*Z5kh7E!Ce5UbufhsL@P%7w#K5pfm5e{j3Zch
zS^|tc^X%e*)hbdu{r%vCj#?CwbP@F6A_S1-0rjENhG=nV-FD9}7qcGJ(O1-g)13rh
z4Z}Xpw9JZ$nx~mh?cK}$<zQ~XH7+VRJVRR19b#MU#}RZ2aYf5i*0}AuT}8o(wqQYS
z;3Tjd0P6!lje|PxRg;YO!Lo#)4CFD#=Hox9t9nST9{fe1-H7nwobY3p%o+_?LT{{p
z!@A<!yx-EDeR>(d7gqElx_0QkKr3e>o{gOc!Q+~uMm!lknUQ{!16*X6BwdF8D7kg$
zBe?T`y`33U`!t$|^bHSHDzm?7d3E^HUQWVd6&1uBE?xi4sg*uzb1Hg1C?GRs&whsy
zF7A6X&#+|9Zt||K+@N<)Bs%)u7T@46T<YBuE(iX4$L=d4N{{5NMwk0V{2V(mKk=w<
zjL1*94^YnFGordI-Dgx|$dqhM01!O>%-LX?X#C-nMu_%1MBCO2L35V8T&DpZNCR~|
z2j!O2&Xw$+c8oIgOq<5V>{;|Ca{rp<TGtF3np}bb2^!i`FXU{eXILZz+4v49pC@s*
zk+?4cu@jEL`O!)u|H0#tywB`yu%AV-BLo#ex`!R!C6~)PCvJY9E&tK6mO6hqcuO7m
z^6+-`qRU9-@YOV~wVw>fQWw*zagnpuH1X|#RiqM$yW%k@$oszzKpp!)zLdj_%G^J1
z!8~OEXRdqDyicxVyu!O(p%!|GqXT~d=;cePiy=oo;%9T7UYTJ(X7?|DnN^O2Kol6b
z<CUsk779v!F#N#XtRZr=MI{p#)xAuf7#X3xq90bWU6~pjtSkG?0PaW^1eriQbY1j@
zeF6J9ej^g43AUU^?7#LM6uhgZz#WS;9<jn4Bo`CLV(0OivFTAG?)Qn&t+x=m`*QfL
z9Vp2Ns?owPFu&7+-zd5$ZhqL&R90S>l3X^{^So-`$Wwf+ELS?xXjxS7@U~WUMQjwi
z`&$1oJB`Qe8+%8#(-p%PRm!?}$H&#h-CP*GbbW*M<EN{#7Ro9B8Y!dPC)=i9nUdxC
zcKYsczC6nP&S!cUcsJwsFfGhPv>G?>EA$kPgw?=b{alyZ9%84WGGI=~jnG_6n+$o(
zyix2MBHMMA0X=*i?+x#g8m=N>ZsLZV!D<<RlQotUoQG&pjghZ7MfcZ>w2>2-9ao=$
zmh*I(|C;{#R!!bLeKhJx;8y#NXicAr3=j`zdj+0xI+vf7HT=<~JR~jp*wJ!>3tb|k
zMOzrtw%Ppy@xdzgdNEK=a;PdR$k)5Kzg3eysx>7P16!YE(bm9IPVEb3KgC;!f(IQ>
z3i!{za-nV9Qk#_%gn%ypHu*09*1h0RLj%AX4$c&q6NSMR^i|!_eNCL~3Tr9~-iN}1
z#KnbX1TDfvHQynvg-Hz3J5cFeK5g^j<e8e+l1CK4c}W&>tgC5FD0m^IPxmM1^K$^1
z2TXPaW_T|@T))n<<2!XKE@)qFdfZz07B`ByU5BC4)=)mMEAj=%=Z&1{HHGZ&5$m4^
zX|dHAKz#rpaUr$r?HArqxF2I+%3xl@m3SRi`?0RELDE-ipKHLo<p7HXIw&IZ(rnlN
zY8VBvEhi`Q<K8~$MX&#1m2BZzu#)e)7`yB=8h8J?YfnT;S$S+}khS;QO1C<Rm$(~e
zGw5{`8djw0XElZHrdLB;9ZNlm_1$de?%4=bZHeIp>nGjytzS7i<2#=F_BoHmz9W@A
z0$jAJTW&)gzEGNNMOpz8-LSkJ?e`PEFRF2GSO0~{*Uw<lJ`kGtab;CEq~j&<T?FlO
z|0{1|+!iy6#GT0U7hrctlXNlZufo2;troYERH4X_8O9l0&j*C|BK`{>tWqa?b3k^b
zY>VhdOoH(5yj=slv0s)*O0%qD>ho|H^1=#rmNV7AAcM8v>svPv7VuvWQ1$0>_Yd)#
zudj!HjVM4yt*^#T;KHqGys7=eoK5sdNjZOkg}_@1^#zgZ{$248nb!-)w_;aNp0kXR
z{o>fw2ynj4MRVcGoZb03q!ynXUk(iX?}rOMty-sTjeoUro3idBPw86&T<V+bk-=)}
zpv>WhBbgbu@Q@WTsR@`tQGt|Pzt8J`T5v3A0Yf{dA{!Yy2R|I{?MZaf;T1E*E>q2L
z-RYw60IisG7hQ4NME^qEjWxC5sEOk<2`{dHFEQ3-wQZZ`?!ILMOtihG>BfzsE<XF;
z<jDDNj#hvs05|~E{PXNVlWn@rR$b9v6R)oe0yi9k+isZoi@;)eem?ZKf2~Ee)q=|V
z=zkyCj{ttM@$GL0k2}>a?})O$sUfI-j_DV^D25^rIfg?&7HLNi$=GxkvS(D6K&vC@
zQ5=!`fp@-3pwcDzJ8=B01>-O;a5J;V>{VDWgagzgkt?9y2|aMvz|~ncD~{RQzmWKL
zV`7T-pi9dt$r^@itts4J<rlrKRQjSB2d26#r`Yu)bP&_0;|pgA_jWt4t}tvW(VS)H
zi2uZ9EQt933$9zeD_GC`6K}Oh`X#-z<nu3eU*(17<OBF?Rlz@x!<CAP1L+`dXnQk+
zl_T*A)b=$syj=A+F<V^qfw2v}doireh0$v_z~WG3S;KZ`>2J>>bz+y)62``SC%rS-
z(DvTCXC1M}6OrW}@7EUX1}ae*vH4?M*za3x=9Jxh+=5=-cjw)rDamWje4=k@<40%c
zy4CC|Iqn_Cm$M%|Hefec3B1Adm|o}e`_#n6yL5<r9>2jq)?mu%tTVX>Up{a4nFSIC
z?jD@D;bJw|zZ~|fTHq;mayna4mON_@)uH<@$94FS4Pf3+LR9I^eO7~9!)fw`#fXGh
zj0`*3WltdYSvQBh!H<2N48x?Wmg4P;ruMIEq9=gQ!tc|)?Y$~L7GPHi&zQngaeZ~N
z*R_dF_S9q%K6P2J-f@M9epYUF88lcJIi`Ps`iS)+;zB1wUEn%md7!Au3pN@-35uuT
zEYNNaCgBwwkc|SVGUph_z3!4~pon8|xSC1KS$nuqA<~SZ9m-j2-Z=b#qCMHm)!ir#
zxkw|j&AGlnl}9-H>H?)%n+o8N$rR*O+P2)a>m=@}$+P*b`=+ZhjVp#drbI4(Q~*NO
zgw|m%;pzwKyd^tm5~v>_G2d0buk8L3L4o0tT%mr;5I|fPv-9z`NyU}E18yKewgW%~
z-Qxk~mX#f<tzq-NyIv(5@N5xnL$TG?saJYJ<ei7w?LZR>VHkc;mo(?bEnB0x2@Jlx
z=E1d$wEF;j+-BW;FHUBVE4D>%E7YkwJLwh3X3r<G+#9nDCd!Y?C~ggg6U(%<*b$L{
zpsa>c0KhMF=X%o({1jA-5Sf!1g_Wy8_Sw|_WrqQemG<B4dEA)Dw83y!7pCYDTg>*S
zCqj4{;fZkGM}g&_{cMUJ<9#L5NEnz%ehYD}hYmQ>El#703mMOch4EroWcvQT=-ibZ
zednuhxxIj5Qkv!G5}uahGyAWhSnOPuBM})&!a>(xu$dW{Te|Kt9U$jtVVJi*&_lMg
z>skB~D(PtyL&h1lm`}jV097+$FMyHX0^*q<U3c*v4ol?uDMIAM=0%O*b7CHv-i~oB
zop#!P<H<bgcSzGIPt;;dMOa7aSf4x)k(k7pH?p_Q;ryuA-gCIU5%+Ig;u6HaUp`NS
zU#KDLc#U{w(W`rhKjy|YUsz<s0i(Tm1ZrPd!wT9s{4>Y+We)2rN+Pr$qDwOv*Wd!@
zIS<&Eh#F2p=)B$OUNpfMs4EP=VHjaC$g^Nw2~}3ctln9zr*owsUMK7@^>fkSR0Itr
zu^qg(vOR#p{Zcz!Z~0AKdC1|JA$L4%#=9J)<6SMbi@ngiSg|bgu~^?ZeFD44SuWrS
zs@6$?U|?d*!-cAvy7i%r{&`;jK{jw=m5Oo^qz3xIUqZ>+EPyQ8rrDOuG#8d#yBJ7K
zzm7GHD16Ir(pMP#StH44)M~?NL$q%de$SN<Gy88s$>_v1Gv(FB(vNl3sV*k##WaaM
zbt=4j|466iE$WG%mE(X_xF=|{z?SatvmFa<K^2uep8oLK9hTpA@Ul&Y81Z^9^WKfM
z6HOZ#o4+kHzVn2Op;*<u84b{xej~8qkaUK^cua}-e>}Z=Jk$UCKVGR+%0h)4mXM@K
zlJoZJAR#1`%3*n_B*&3ccF38Ca;~sfCn~Zer?5FJE2ovpoHDjp8nzj>+3EY}{rTN~
ze{{R`$86X0Iv?)W^{m0OboB`?-q6f3es{NoLh|v;ZOj6d_yyX(OfPpZG40Z3Y;6eF
zNE&*ENOO{<ruY0S8Xl{tSyai&!JQe50f^VtF>lka1xp?JdC-C-738CAkv>^I_Tz^r
zRvJDhtaxGKRW6q7FO8&U8RfAX2H?L%7p@T>3-nXd6^yvf$g%@}8%F7MQ05ANcD~KD
zn`Nv@l4YRoja7IQcl|ZsYqqv$r>S9etVxv>)BoP5?N9|K)SQ3Xdd2+dB0i%MRcWUv
zc0wgJ?x;@Z8S))eViHv70Z!6A^8<^#oI`lo%R{uS6;|Yw0bdPTG{3G)tVgvdWWD$F
zX@cK3PS*hzr!piktfu15mbqnoJMFhJn$L904k~=*xeou5diE9K!L2U4F<Cu}5o7QD
zxdd9d2Qk<x>RzF?@U8wgBo0s$DaHHzR)drNKLuzQWpMsc&w<f%e+NLVQWXZxN8#0r
z7Bl~IN#Uv$vhjW@x5cfbTzuYYTo^4P{1hj!7(ubgWGAVCHjk*+Z~0NZx;Ku%SOI8g
zP1W5$_k?b2_=^7(){RVYcCQZ6$8DZJ2q}D<wcQLZmG4f1EiyJGRe{qYA1(KQ9J%+(
zg-b;5jA+p*8>6}DMp<U`gSma!a-U5@e%_l4xPJ6yLZ`NamOkO6x10z32E52}K8Cc#
z^n~|0(1_Bt)vta=LMT^QeSA1b(4>x4k5JrU(?9+@L=43mApchXrZ?%0VQaBxg|rI&
zP<gkDVbS@Liz*GW(&Z1kU-r`M=qvvN&ZvEZ_t~z1)+QYJ$fE>ZF@OO_vrXG=aUYfV
zKTKW2Uyp_9{(AQ6qeGuCC7X4R(X}58;v-SSt3-Lnebmuxvfv03J!bWm|3;J6jIv;8
z0#MqjlW!?#!7MqStphwV810hwYfBp?n)Hj<hmGudoR>+>r^uQ1+5%?$!1@2>c^<uX
zqy5wxZ3EYDrognaAJ6urV1BO%%xuXIa%C?70+bfna7|6OnDm|RjT;BuSnub~{wIq+
zw&W5G9k!`F^}eK!+c$s67{b{a1iubXyM-)b4*pHeb80etG^GaD#F^2KP46@Pu@}C3
z)j#%^eB%0hOaHS|)D&rvN-;UD?3Q!$cr?8q$@+qU%*H~mbtjm0*PQA0r`LBcM@D<c
z5tdXc)Z4CHQb$bN-ep!Xx-R}Ayu*(n&H_R}Lf^UDc$hhKuFNwgqw+DzD2sP@L00k4
z*v4o~Z&`&F%bh;mcyOv?dngt!(Tw}ADh5RgTz^o|>LfziCaDZEA~mG})5lxdxY!Hx
z<X?Fo*UV3py;3z!{_&`l68Aao!bP!3FB#xFOD3l&xsVH7H8;*?leYrRKlfBE+n2G=
zuqlz=U~;x|vEpE|Xz1fc<8VgP^Z0qmw{gsfxkQCZ4Y<R6it&1?eObu7C#q=ibN7uT
ze3So;^5qrH#q1mDG{w>U;%)jVO9S{fL|;vw2Gv15M~(W1xmOnNxo4g@L`^$Q1wEB~
z@%-UdLkGFX#=Le-)y8eSq-TUIIhO;{RYAubut@I_ce?0b%zj>}zgEC?T(Z>d-%VzX
znPgjwdSp9Vze8dUQ0rHY&T3e2w%IJPdf)<Ik$B6LFzU})1X-HkEQx$7&0Yk3U%#DZ
zPwg~??(+xS=j+c(Ux3s?RSb(q=#<Zz1jlDVBT<=>$zJR=0%?=B#Pfx858?r=lJppW
zY{@NkmA!~cXahf`9@90h8c`K?k$kSk!O9q!Z3Iq(KR2RlYp07>oNh;sGh|orX64=D
zZ?c?a>!GaLr-#O)u>%;$zsr8r`GOU<5q3)NhYwXGx8C^e-V@4_MUPcUY8O^aNFQuc
z&FO!a6P#97&lqF6wGHC`VzVW=x4e4ct2ayEm(FiBk_{VIh}T^zN&#v4X?k|}oxJ!!
z8O|R@CMgsn5T9;qcn%3c)}c`04L5m;;BK|RJc#(0Q&b#q`90ah!&sAXDUCbiPT)V+
zPGR~Y2(^eSVsWC+xXl5YOOOApECYHXrB<tP(YbFi#~J?c_WXuA%%LUMGi+~G>Kw<Y
z9y6K!R&Ta3R%icvJpZ3qVP(C7pO9MJU|1sKvzDTQ`z*_7U%uc+voStRh(|0n6J)t9
z{vo4>Il?fMteFx@<5=W?ojGbnQDgq7^R9E;^BwO>RDYq$OH7tq9>2(G&Zlr&m62Ax
zjDB9e$dt^-1vGeF2qf-9{$vhQc~8!knbA=cCgy}Ul@#eiHoZ5jIzkPbE((qI38Z?;
zK6*2YC#<_ABc(nj_v8h))qcK}Bw7T+$$UgZFvY4okRr|mT@OaQwmzJp?~1h-O0yU`
z{hn<eUx}+%EYhDW_pJz_%|zx?w2S1f$%R40Q@hjNOQ~~{u~Nb{(XB5IHYxebxy15Z
zgoiqO+SVhhTl7OR21QSytg1427N3|WKI2`+W>dLfP!i^aeaQZe>4#^hT~uYV0AQ<I
zc#UvY=p1RAbje-OL26RZG&jR9`cywlj<EY!+~7=UV9sUYYMC>~Z95pMBfRBylb^w*
zFW;!fTvXkG{EN){jUVPUj(#}f1wE3_vWx3n9%}WAw<I_;UK1VWZ1S92n$y9`J7K!^
z4d!$G`s1%lOEIT1rPd#J)E7vbiK0rK5psSQ%d>zjJb^y#y;!(}?1eW}A=F~Rp*_Y+
zMZ!~BygD_9a%hbAAG>pZye6#!?PvtouI}6Mr@WtiZuw{}-E81(VagS2@C0Iw_L5jd
z*ml-QvglT~1sLbx@QV#EDRMr9{Y=BdRHhLxriB6!+x@kp-UyRRa5BZe#fozDTPUvO
z2Cgu7{JBl=$V~JJ>o@41T>!7~Sg?z$vpI7Srr%oFUqWL>NEMf6|D||)TDBR^hnLRn
zqfk8mFVgyPeB<F&Z+@xnF$PlwTIH-kxGfsrN{oIr%Y4|l`Fe`geo)ns`SW!YGmrk5
zQ)6FSqsP26;5yZjc&&;#x9l4Zw2e$Zgn@K-JeIS~BP+8NLBRMTM<G?xyJ&=&DB7#a
zNZh^h@3FWF%g&}l+E>xAk*QLo^yAD5>Y8+cX+B;Oz_7Qd1XTBcXUdV;M~kxTMF6_s
zKd{dCYK7Tc^V|R-l;I&=PPf^?Ro5RUnI})9)QfoQnyRZ^XQNg=RgF4Q1=pGpeQ1aI
zpdis`gyzYD<xL*hU}A%O+8gs!47nwYw#=zXZ*~&8T8_gmVSVE;<R!Z4cu7S}MD0os
zjv5<T##3pQtWoQDd)7B^p8jj))@AH>@2<*c@N|v4g1aE0>j%HOy@>aaf5+!zWD!4e
z4_Jy|(K1Uj!M*m|CFs0$q0;pX`G&7)t2Z;aJ;VICrUg4Aq>%QO@xk);I+nhsM2Tut
z9qxa^>I+!Y$jV<@EzCwP{B7?OV?S=`VRFUU{HFIT#rf7`q)55B>@oga8T6E=Y>SQY
z9hJQK^J6Amy+Ic{4qX7)so?B_<=ryp5?CA4Oo;adB`uyAgK|68eB>?vY;{l3$kG_5
z;1Kk|yrzj`L)+*3(iN>P^^>L<hFQb{8K!ao`YR^mo5%{AN4ptYE4WAFMq|j5q-c$Y
z%d!I_Dh&u{DgOLOXKxzuGf#)9{)8R#O5V5SUX-0NGG!Ed(t7h10VQ9uZ(+%QVl@o+
z8NS?Xk;%V}A@f7tS3(rVRF@H<RI{aKr#Q!=uJ7zfV!L&;>7wF1KuzzTzoL}G{iW5t
z<U$}1#onO=EU?AWK6+~ztp-!>Q%ek_cwN^%w4^B}L|}LOtV_dRZ<+YBWl;t_*gxJE
zbq}n50mR}RCi}u*KnZg*<)e_z2BWD8JmFFcm1nb@7f5}iE*qmR;NP>FV(SiJ9H|x(
zURqUAxX7i-fBboioB0eU_y(<L&o46(XlkBnILyf6ZL7&VJ|*7s^JEcMZ+gmSpdf$I
z>v`tmMUwDh+7{U-Ujyr9+NmPaaZ|RyQT6OVg`;Q3r^lZml<{NO7W-j@&d=4+z9EPJ
z!-da;OTu{ffu(~V(Wdv*$IJ<-QPV-8g}Bq~SeV|tW=@6;h`)bp?`r^iX7qn$_|qV2
z?Q@db-{I1mq9J6OlXw7ZGAR&9*_DRe(Z8Ehv-;6vHOkNhP@NB$)QDaISgc)_XL{wM
zg$boW?plwqcT7{VQ~}vnG{XAg+@f}d;5mBTHw5ot)<|#C<rw7i=2#&Ur;#aAcmSb8
zqR#6%J&gSicHFizvuH2hUq2K?Q2Y4LE7<p}$4@nfi^lh3$(RphU=tnAVHXfW-cI0m
zWM`YvYo4N=oJ7U9UKEYYoE8;&kHpXqNvC3qh}&m6Ne&114TSBRsk?PK?lkOjTyJ9t
z@jIcPd65abowX&H(5206qK>d;&9dHNTw9LD!RWRFTMJ*2H+ETuZEF5r8PM{skC3y_
z>ZXo07B&}H=+nUlS&z{*Y#wSyBdOpaJHCn^4yz|;Ffb>_277MAlzFXmtacs$7-woW
z)ud2V#cF7R4Pcwb6T_kM??p{qx!wxsnJ$Z|96!xGyD8~w(u)E?$qgKKcBS6X4c`Dm
zJS6(VK*yusZ1!grCY!lBhdXV{DEkRJ{uO{;z*FXxo#Ml6N(Tw+au_tOWFyjGH|90z
zaihnRXz8mSVV~s|zbW(O7R~ErF8f3pegpOg?*gdfPIB)vk15OpUE|ME>TDu+Ijvrw
zNAq?wuMKO9s!JPXKhZ9ZW8aQR)*l1y2Hlg)-uTFCwr8Y1W1Ry%`Fx1eSb{QQ`y4OF
zhvwWJx%6&H*ewPqKA;}F{fOw=6|3=p*ena?FsA7z%<C!o-@lX+ibjDvx_~@bkk)%x
zvdDoRv71l@Xl*%TgB_j{UoW{{(`H?r9)Gd@km!WDZO4aq*uy$B=aNTpa`^BRyBhqI
zKypNq@FsGg)JTRMCSAjf`ZDYCC0&}xxcw7~J8Bk3m*blX-)S2?=KWiWv2tJ5aPgM!
z!PhX+WZnVf-;y)U^3YrxdJldqYzHZ1SzY$s=+zsG3<c1sRQsrB99KOeR+thNSoUqc
zF6!oKk$Z;39xF_@f+bZXz;nsVA0tceyt3F6>sEGQyomC5yjoyIjKgJnsr^IK7x@=C
zVU>$IwzBRNztcX51Uq5c7QR75@~sxEPAGf(vSrU+#+wOKj2lUVk9bnWx2zs!fHTRU
zlO8hoV)a~H9xBV+_H1`#FBh!x0i2iA)v9`i(fSISq}H{K-#05N5Z*;)+07bFnX)rB
zH6}GTrd`{dGZ)wMl}M^X1QKIL&P{u&P_Zv0zE7%1@<P|$$$kJYo@Y7H%4=GXTG^Kz
zHW}Nl-P(;Y(Jv)@#)RqmT)7_?31Ka=xT4kqYVi?T-(FhY?1%4UE@}qgd3evA(OQz3
z8mTYinKpy<zVmbC?Ct)7l}C-Ht``l~jbEXudRhvg7QC}+vY=@qadJhZF?IWFckPpW
z2WhAmVcmMefW_3Q)^iJH*2^({$OW1>NYs)o4onkP&SJa`C4uxEjfbe~MBR^nTM#;>
z{hc*9$CAUlPjASSi}!hF@s97;2TK$hS0p#jew#(NdBtTN-Ml4#iQpWkCDH|hE_2wt
zDW)i*P<}a{o49}(Bh_(A&@bLtjPMJ#pNzxjc1|N`y@W3fSA3;jgPqvQ7TmdR3t7_R
z0t%NvFPv&^(+~amR*cps5+dw!tYGcVNM9lAi?N*Tb6k)Umi^B6!6Uw&<cXxT=Ln-0
z#LRsRN(<ErKqvg=Ma9!rb``dGNP2Ty<g%ejfyAkna^~YsP%pZ@H6p}EjD@8KebFZO
zdL&qkuJ4QL`p}x?K4O@nKGr^tYGtaeR4#QP(~va=)s+*+F2Nu3gDpvsQ$nXq4MT3x
z(^jclB^GqaQZ0IbRj2-Sb7Ic*rKpxLup8H3Yw>=xV($nU|31gD0sj8m!{w#sdnP&5
zH1WMt#GS)jdys#Gv<zRc!F~m1H5T2w)NlPdC1kecGr<I)njN}%7gO2%cf|k^AI^@M
zWp~wf^BE#iVBy;;6x?^R@p{NrO8jUGbF*s!(}Li9`u~d4Xjv~NJIXdpr6MkU`;=%#
zH#=xB*447BG1g>eh_=f|VRXoJsr|_V^gD%X#Ng8<(_p=O#RutKOCogZ8285Snu<^C
zqxqwg{%#kinhK5M5kp)|qGg|27uHSPO_Qog=#$#4hAwR~T<Uqyf3c0u_JQJ5kwDGm
z%WYeVnqzYo_;iw%Um~-lY8kx+X#lo&g8iX*wFc*FV#V~l>|~G0Wp!Tn)a{&bPW93w
z{<zZeTn`rP>>X1Gn=)7Ao}MATaz<<NUO7uNry^hB8MiqXv3Tyr94>4`C)pk>5b^dR
z1A7r8Gn%yctwo@(eERm7dBo4cd{ztqhb6q-6Fk{((}b8vX5CuS7Bv?QB5vCdkx=Ju
z!Rsba$%xyzFm3nwE}H^&b4IgmEi3LhaBqJBnapx;ygy-D`rzDnMVN|3r!lMg6EqTG
z#!{Pa@EEM&HMM5DN(x%%^R+kiMT&Gp;pW%i{ccU5@Bf<x^j%rilkV|U3Y}Xqw+drL
zv3RC~1(LOR5DR`%e^$Y=S)c!A+QY2b2(8TJS9?KLT1xD94H#*l4-j;VxU&~=N^Aqz
zoudz=$`zI#gQCl@a@(6QCt)wFdmHHbN7hmnZqGN&${}uu+Cfvnbn*5SdOg|Pd6uR1
zZ@%cn*(SvEzbkClP1Ed8yUww#wL~vSf!Y&K&JuT$&wr#jX2-df8d54<21@_8IE?-V
zLBW+S5Zs_!8)91}S~TxVxJQjH<DDhM^WLfp!o<b{V<(Am_~gmRcr6c5ou+T~Y+FfQ
zF5b(QWsG(nrfg|yFciIL@f`WPRJQs8H&-+Z5EXBfsPRdyZt+#K)JKiA7U_IYjm@kQ
zE&ttI)GcmX#EsI_t;;}zyVrm69_WgAn;o~AGQB})_83QK-v`AsSSC9%enX~p^1M1b
zgnk&zto~R`G*16$o?~}_cWV&6qQ?-YKw$$Gr&P;vmnu%?Fa61F{GB2xwLh)S-eVl+
zNAw&%J6=)TxUJkY(`u~gEpsO85JEMh5-~(mw=ZBSsKg|;I>*yKnqp2a69&7!k5ePO
z-Mqs<L$`o03Cs>Kt!UKUPy9G8e?y!hi7~hiecu*ezI&byyC5CJm_%U<!aQH$3t@PY
zs`kXn+<kU+F45oiO#g`2Ec$WAJFJJn{8~sx<v#BA`J^cCVo`BK>m$nsHmQI7rp)I{
z`B|a|{qm5K&}RC$zN=A=KMY{vo=Ifi$J5Mt7rg^<2j*FUn&CLL$z0~^1B7QAOkJM>
zY|3@%pmt0)w=XW*V43ibgCVWBahQa0?cYo3+2blQ?jMs^>6V0F8?+*Ywf6N>YNTiB
zzl3s5EA-J>^we<t9QqoWHv;~Dxt2ZqZCcha%0kuVXq=~yl1drtC?P5(lgHx9H15xz
zehxJR8e3F+y<{q%9j7?%hiCQCwC)wKqFl%Ju$~;Jzji{=OP8&?#Xpap5n*y0&4M3<
zfuUwGy0=hh^Nc@?HPFGHpMSQcs;2*y5vz0^(u-X$Q)HdZz_pC}dPc#n;43v5Nl|mF
zJV_z@*lyo?87cfBY{P@I^t37?@-#a&!{!WK)GJfHjw=-YITME+oBCiKkC&8spB;v(
zAI#ap^|tJKb%@qyHScu@QdL~!*^OC?^c!2*H3NS+%ir1nHr(1kt<Fu`%TCJ|=_Ap$
zl7p<6|Jxu`3YFSTIY3uT(;vjoH{qdQYA^=>Kjs=j+mD$6#S_=5S&>_ev1>O2unS@C
zE$80wGR^6lJ2s7(*K9xjZH%K2&)q*e()laqPTK$QkqnJ43)?c<SK@nCm#il$Y0H?(
z-0zESN~)xTU2mmFM@@Yvm%Gah5;gcg%$kstH~kh(onrsp@P|1&a9wwAIC!xAufZ~#
zpT{g(kO7JlI82CcOeC7tN+6)=htp!q^O<)U3Osgi?PxbDh+fzziRsn7s9GP`P}XE}
z&~2^had>|?hKgQ!8Fq)&)f*XSs}dSIl4_c`9eh)f8tRK(!|Sle5fJ3$*|PofMpN9|
z(rQa$FD(dDJ!3B!>oyrZTA$|MI(^9Zm%#FDSLYAAXjwo3Z+l?FK-UU)S^xv6U;fbC
zIrjw%WO+#_<G?BSjhkGZtW8>?C{2s<(?lcgB`&+GL>aM_Dx<S!qn<SN`!D)y<~>F9
zwG?%LjP%_MHh3TJnIT2-kyzq{`uIYe%}Q8FHpGI7o<x&fv6q|;a+%vj3jlQ6UDlvQ
z3Hw{GK;%iKM%)8A+_({>>hUV)r`;>0Uiq#$2p*^U^kTd2*t4Ja<U5+q^y?}ip~G?a
z-!N|9GR*Okoc@r1ih5>%{C|M)xc!+CHf1?>06qTsRyIE_ivsHT1jpY0nq2pFFXigH
zn&qs!hQ4@+X-a9&Vig}ua2NtFXnbAmEi+&E(Gn<rpiG+-Y>k0mZ8jM5{DWM1!s1y(
z`}BJ*6wB^120~2x`yyrCS#s6117m|_6%S+TACf(csr+1lixTbvxb`sJq_00%lf7ii
zxSEdsW7a(C8}PlxaL{id=IDo-Q;75QzBqEM(}x}PHAz34=OU~LCc*>ba^GM{VFBYS
zilfzU1*P>pxpVz7!`FN2ljKG#i$<z_KRj8aqKR+g2xfeDp7?rK`^qm32Z%pzGH>3D
z5ulYQZ^^;C!DA2eg>Kj2OQtR5sNNMp>(;5xwu+j5(P91ZD%}(45hwJX>snaVxuhq}
zgJf0qyPqHJ#>i&+t;78r4wfXUb#2%)2x+*thb*#et5HS_UDfpadt_jGdS$UG=Naf^
z=D<SH;)gjXb%TJR>n*oT+XZ|5R7}FBh%i|OC&3!`8M~6vLRld#F?q<cHiMr;CO)Di
z)nRw5*u@IgX;dV3vD<g?qsM;R5-vcC+M&>xO1J6To8CfG>m1xMvvjM%hxfaFWB1Rc
z23U5MQoONJLBK&1KgG;g``fr&%mSrYUTP)DI0~|#<2lR^AJ<Mp@x4Tg-k7@zV3ftK
z$;HxZ)jTab+Es2K#&W*0yRbDd;`3Zu*=Kq19LJFaJ0wA3aLA3Z$^;jSj$1Gt-3zwN
z;9vU@(%Zjm1m4|gPbj)}dkDek71#{q#L7D30`Z@~0mj6utcD6-Ea3-p$l_0@9(79@
z+7wyr`W1SyORmJ9Z|IE+Y(@c~?Q&7B$&Q)~re(X<pW2+Mijk!yiBZ>f#Y0*A-o8KV
z3q*;@BoP-(HA$_rsbZH7lJkjo?A>v4NSLtapzFJ0)g9rU>TXflxJj$ffLD+e)9g0^
z%KU;}1j4?RE3SNqxJNm=lE*X0okYvbC3h6Or9mRG4Z>A6xl!@p%61Y`x@rDwcB*sS
z5!`hV)=7B%spbKFnqC>KRP@yhycoFMc7DQGd&2YxXPcLr^k%cRVRtE6#Wv;@<*dLB
z-23RhM6$CL++E^M$8Le}s-Qd;L*uE|fH$@e|BifKR5^##@3A}EO?02IZVTD$C!>Yq
zx(q{6eJiu6+Kj0<G3i>kJet-)^w<2>Sl0lPrRQR|`F9JAWm=M7xmY1>WDl_nBfR~B
z@Jpp@12D=<W9?%N5wy0}Fh)x(2}W8IGz;eWfV{QwLjll#vnpnfzps(~Tr^Q6q=`29
z(*N$Bx-6U4gPS|OSoqS%H6l&>{o+-!dtl3X7=na$EI@edA)(TrgdflsXt2X+DRjTq
z>VnlX)m;f<#amJM!%K$#^2fg$MZ6^t;!k?`x=Smemk<PW_XB0d)S?$2YN9dgaZe5M
zI4j9kf*|Pzqo^yq94iW`BnRcCrbm1GB@0ew+svYRV+*D>@0;nvjJn{#RU(b0Ec%!C
z^3?WX%*a*E6;rVsi)SV*j&=!0zdzWu6n?2*WF>tDZphwx`0fxK+khTdo(kKy6mAPK
ztyZNqU^IiM{@&g>@!f(qd4!~&8q+b^x+NR%2N!gyIN5Lc5Y~|3C}?RgJT%V`W*~;F
zxLV5fvaq?)w;zacH^!NdBKC20mvzXo846Wzp@CAAv>4r1{|*}44`a+~^IDUK|2aP&
z2HA}`ZCAWPw;F_}vaV(#i7$E^AUbyQSC({~;?etgoa0S!w5<@8_>Q2=opb}pj1!nh
z?<=P=;QF+^8eE@cclmD2>x|JINM`XblzMN(cwz(wE-C`B;hkU_6o1S?ION%D#9plk
zmaLj*b)&(h9L<TXCN5&#d<h)D>+ibQ#*z94Dv}%e@FdI)xyM7~gfBH^S7o<SG;)4L
zbb>MahHC9581eXD6L3XFcP^SwhVV4r%HmU1Ey?RvU@2UqTjE&aug<-L+O05DCjX4m
zX+OEgjh{v32Tr4`sZfB6(pi4oSxnld4R?*h{6eLv`4g>E^lPA)&#+~uVM^%Mm_+o0
z@vlTDiQ8LyNoRRkPF>H#XPWD5W5<@3%!S$EMavHvFt(hrsUytBq8Gn=A<{W)K+E<z
z+UiKJD2Y6>wEr&V)IK4lK%6-_I@NH9ad$CrtbNzaQ{x$n&iaNv%6B7;cjOS)tmYSo
zq^CdR-7l?vNdj#*|KrbNvLM+MB>&qi(q|j>VWG6U#PfL(aiU_FY08Mzt``Z<HUW+Y
zw7NBX3)wqmhAhH`=6t(<BPO!+5o_X~8MmhXs!c(3bbNBuwQc?#mgV_;#`f$6F!ATj
zvuI(D`6CWhX7WQ<(U<(uad!it&upRZLjNZ0hOAf0>@=`ZW{!&>G6XQzD=?H?*VW74
zj(d;MDsUes8h^%m{X%qFAIV=Tp$b-!kE?yus>vQxT?$&j2*J%%v=%SH8M8pW-Pj5X
z^7Fogr~|D;OM>{SNV0t7`X#336-ejN!7Y}~Klft~z-tLN(cLRzJ||HqI4dNaETr-G
z+8_?#w)4(>uQG{sqn?DaS&3X0OM`*B1O^2Z_y`PpN7#^RI^Dd1Ut1VQqr^{aWryT|
z4O9Q=*4-;{Sg*EuW^LI0T|^VQxFzfjEMuuJZ<Zf_=>;MF`?KUJhtWCK1$<xQPlCs|
z33G426pvaI&s|57IWLHgb!}g+agkUz9=9`UYzz4_+7;QdZSHLv`h}gbAr7}-PiQk{
zpZNuKj_V=1G)L9&)mh{)0dm>$^8}YU#E4H?wlSUi6faOr-5YQ$OW~VqHZ!1KgS=Mz
z<XprjWc>c>1{Y-OL*xPS$BT>40vnzTV9GTOhVG6~3!;A(BLi35>mQF==FjaTzi3gM
zvee2%?i0Ouoi$pe=2`CZUdYN?ZftWQ#01jUbfWONU0U9LE+~23(T1H3qx^G$h;Nuo
zla@=Ohs!sc-+NvNH2DTowOk(Zb^r4KKrd_V{GfQ0@ju2~cSb@((?#X}*j$FA674KK
z?-v46MPzp)Jn~upl#pwPPGhG@)O^7~+LIFp@6J^0qo`<7{8u|Wp*&CqbOsu|DyQb2
zmZq)CB?`BUcxQX?BiVHP-4DX~wH4E%Z3Kl4SCq|e5IToM5mRwTt=Kz+1~vCvVYH1J
z%XWm!&pcS1JOr$3G?GQX)~&?3wPb=@4PA<?wX^@u23cjtBgj~WfE9W{rnq#8<I_I<
zO~$Uq2{DF=A7}fze(VmSiZ-b>e&*|psvV|fUeU}e-cEZ~%s#Ws-C9X+&filH8tt}Z
zu&i{g+W|ZE_70fJZW=5L<k!xS69v*q={$AweB)v*1O4A`xQBGmr3asne;3)jARwG9
z0Y`!0Z-{Fs-n6pqUoqK|6GdXp24_>)RcyBuX-g~yU}XP)i?^|r8e&b<%-+HCNZUka
z*SMIs8CqGjSdT;OjiwZ7Upsk-4bkGq^s9D#D)%WXS>P)*cZ+&=P2Ih6POWq8o|NpR
zrKDMO<p*#mPx5$$eMN~6t(pyp6#uR6=|!5f=XMR@UV#WG8Jrr}a1uDk5U|?}PE>T2
z<c=>AhiNtu>Ja^|09I&xiG2Zb4^~V$7+NfAa^b;8Ux+C>A-_Hm)0;1zU9kx14jh+d
zNIYw4H>EJc{mY)tvFR?hs%%M}<U0$)4<4&qW<Q!AZjARQEDP+QLXn<GFnw}fiIok%
z;lI;2M%=FPg5n(`_CN9`C?_nWmvHkZH!WBYP1TYO-5VNVKqQ}NykT;K#Q@@6)3ksb
zvW==O6Wn{oM#P9!jugUM<{QI0`A_8ESV=Q966(m%dZo+p;=CifgK|U`g;4MVlNz-|
z@L?s5q&|7PmGrYl5*cr!eWr_|TfoRUn~l92Vf#`O`#wVKQNZYT`PwX<^e7~*#K(yV
zlPhP)wDVH@&Yu#Z7T=58&yA)bnF3*N5JhzV-ha7n7k=?ljHfKH_?sBFC*tYGnI?30
z*y1dMtO;3~T_Kb(kVtW<CMAObX=M=@&6>=}ntKM};&%Z=Y&Wt+aA?{+8*4yLGpX$n
zs>lvPt?*>sJUI72c8rxT)@tc0OyrTBCR#?_rvBt>L0b|<cjB~}vCM*A8VRdT?vxwM
z)TB+uPW^~Rr7$w7oEF^`_kL%S!&3lAB;{_(eoQ=mggrOjhUD=-O|$)Jok(8k)uaWn
z7TLr%h*kt!DidW_q>Z^*NndCp(iyaVBrm4F9EyF!m}ZyuNfuKy;XoU=gDT&OAc~JB
z5;K8&7p2Q~ky!zY7F^srM<IeNDd53Uz#qKnk&Ui!pd*t@Rgvj3WOkT10Syg}Y*{=B
zcK04JBC{(punJ@b_LI<3>YEKEey*k_K~IRpN^`wjhX`BQ_4pQvLUxR_I7*SvtU%f>
zT^Llz=RLNX7kT{YxrMz#r}+{2607W@@jwJ3Koip1qfJrB4m&*;0h?~m>WmpBn`uJD
zO+Ni{*;JZ8K5gEdYbFv@_96F_y&Sf{aAY6kZU5Efei7}vJh@|0l~nPYv!8tcDm8si
zF`*S9f2+%6AC>_5Uh_8E*JaXpOAObdD&CM{5^gIg7Acl+VT<=P;h1?exu+$K5D&!p
ztYR#t<#RlZ!i+V<(zx5F#8^wrB$3^S<BGlWD0m*xjZ7<T&1Ou?_&-n;0=Sj0v_Z`F
zc$=e%*}xE*z#<}B@x)%_o=?hTVi7|I4dQESJDz85X<5I1!>+AY?u09K*l$?#aQ>FD
z*49(Sj(c<?19N+~7AH8pXwD6-Y<~Ufb(!O!=SI=n-0dG{JDj}vm*jT$|EXRJC4IVP
zG5`7m)%o0)#+)02t3R{uu1B=R`j1z<CR8-{<0-F5{5WA!8EWPGOk|}8^IR#+t}zi)
zu;d>;W!~#GgmxDU1fgt+NfqN0j5zW}!I*_0Ho7yYroCNvFIH7bVjskv6j0g%FgZdc
zu|cn_O*CWBA^QXtTH#z~yrOi)>jrZJ7H%7r%&)j)OOk2$Rt8VBOo!ZnaNekm`>e*&
zi`$49QFsXldFx;>MogSA`4KWPU5ZPg?pY&qI)Igw5;BNVjOwI65z;~V_vfFmNh9+c
zVE~ZKb^J~HGfdEX=^)r#(#P+b%=7f8?RYOUn9#DR!79+>)Cow{<*=hRcsq6BidqMi
zE4=)nl;Sz@gYm1<O>sqK+T2@En;&-w<0_mq>hFNGtEOXD5l)G56V4=DqKS%35tSl<
zOjeSxs{>R5ro-BU(s2<^6Lln$B&rf|r>|QJbo?I_-1elcoSQN<DP}7XGJagV)z)5I
z$ysgbwak-?ElftFs%8)sq52r_kO>BflHj(LxC!Pc_Td=PTRDOBIDrlwyAG!#J%}n4
z<Z-O%v{Z@;d^2K~)IqSDo9gkkKck_oD5GM+h;&}CkIQc_sEn0uZAldb06K7qR3({J
zOPSy?XFZ)<mKyCUc8bjvG*4)e<R|P%wVZ9-<_S5HY(4B0YDbwq3}T`zGe_kMlmwRC
zOjiey!T4I7-nas8H*76#55_{gl`B7CMuH|#l(B1I4&n+<++{`1I`Ge)UJ-muWPn+X
zdRQ+n*u-t+oTqn&zj(lx<LsnE?@*Ox^08W6^5haprZWBy_(L_W#iS#hj7wN{6Kip_
z>C_GnQcRnCI#C|BA%Ia0X%BD|V3R5B!-u9!I*U#Tn3FvuNT+8yzQZ#E7qRCL(v0od
z7L<;V!|M|?d>v3~zHVZZ$t@&y8aZ92V(W-f96u^1gD)l~R-{8Ccl>!Eh~pfkJH{3Y
zqGKO4ZUX#X1#=aLO{$RK>u`F~{iwSF9$>c-=Qt_n&2jii@iD>v1M&h*E=FJ*0^zKq
zvy)7ef%H$H))P(x`E94eQ}D`Im1<Hfd@lGsmcE5^neH_aMG8xys=!x;?ZQB8Pm28j
zw~GL`5qJ1oW!r(^izB~CGY}h~dKhzCXYroc2eGSRPU0jEk`8G%NQW!n^avYpyQM*b
z!(0`LJ>ckeRI1>DU_bXLAf<VNN2-`mAmQ!+IqgAZ2>b+xxVnIpCFT=}N?4K+a$GcF
zPST1!z=d?M(&3x%2GaAfa$IPqKgkoYJAj}yhZCF!Tp67-q>Coy4if=Spa}sP@HOD!
zb^=P$03~=p3AH2#NJd$(jT<!ijU<{(OIMvVBgr<woW;<INK(Kgk3`%8l<*Mhfgn`@
zJX0932jUvSF_Z=hVClnOWW=cY9!DwrI*WCH<O3#_NJL23E-6?Sj&-pcfpZlASMUk^
zt<XCa>0X@Gbbg0?27D7xtR233QeDAbE~1^B0gcr8`_aif(&z-xkM@cTqC6&DV8>CX
z%QoQjrQ1;10tHSSotSL$Wu<ikcsPBI{$(QP8r=fu3T-t)AGX?4`8hO+x)r+ykiz0v
z)15iD>DXk8t#HY|Kx*t{gN&F?n{;*>f2+lWAzgk_j>JxYC}X#l=}YZn9|))u0M~ja
zM+K`6J1X9Q$`w2;`cI-l+zfLOTLaT<=m<zBLIGD+1No4Fd}P}R|A<AvAn+YU>Ch!b
z@Ego_&vc7+&kS~Q?Yfj+m)I@b=E*t|d^KKIx)#``a!Y~$H(^STDtZcpm>9E_ww|p+
zfR^o^2ljwn3p*t?1zJm;u&2Y5a+Kkdhrm~=wi%>bbp9p1;syo?2+{#jk{tx9q61W=
zVlt9MRKOWXods*S&vpXg5VZ&=T9gQ<QAVhg#!U!)-$bJWS4-sZI?}x@g@U5VC=zx9
z&=n1!E021<0tMadrkn$~f`9-@RLXV}Ah3UI<$=-~0HtM5+SAQA?sVBksDYHm*$BAl
zrVO7ey&)sv6Wvs3Yv3ou(SprLRlpTp;IMFs6ct>O$yV8FpesQfeLC6auhs7cZbA=L
z5DWDV)aT14%}EY`DeN?=5_SWy<xJqPXi4OBlg>O+4nY}6b{ME_A8=SPo$~1{ptkIk
zfDG(5pez(X3k4_(aRY7_VG~Xdvv3}eVv^>jLevJz@&+i2J>W|GWaRsCptiUKlP|Z^
zfVyudoM5#ofo~RawqIrght)jkr12^ShzAJ_DCe&MDFUWw0`X9Qc!&uG8DT?Nfbzq!
z5N;+gpaVc{Z6=a{8{N;f0Zf6W<qRw&<fs7COcd+`sv<N6qUr-)r5V@{Z9PtBzAYew
zCXdsVItpyL0h0=UZAee53@lj#=&WiNV0~CBUYVV0<TxPf3<5R>SdsvIxE|0G55N-m
z9pK(H%k-qyElC1*7x0`xfDk5NNkf}_25l`xnbMI-VyEUP%hXUMg3W*s3t&BvPT&L+
z+*IIpe>tx#*v!2SIHCoFvlCU;r~vHP4+Im3zhNyIgtdJjtnCJ7Y!v>Y)K(Q354>C*
z@F@;hk7KMI_a`7^J#cO&z@^AGuy;u<Thau!z`5xQR&n8g4&0B#Ww(~qzIqrt5KLeK
zOQZ@g9{fZe37Y7pgiCQ#!TyzutSulNI(m26jim*1XxRdDYf&ZqV=D(Z;ww<*$^(xN
zmq+MGw+L?95DEV(`No(-rC2b^d6yjZI#?t5+sGR51`~``GgJYpSC-(`F}xfMO{KJl
zMEiEytgN99fA|-~ee|=L-&ZFT!k4$a>;W+{ESb72-%oJ7*5MDrURh#o*iE#yZ*ndB
z5()yMt_4Tka`YtYd-QW$>}KH1ELx%|U0?XV+g_~7Q6j2>&(D2TY|kVSH{p_N!_p<2
zVaGe5eluycY}3+s^8rY}XmMRf5Pt!q0)jroO^GNE6!aiag<7D6nVfZkz$(JU75;+o
z_Ne(OSszN^JZWk<nmTto_O4)6%PFy<Ko7X?fOM=f@FMEKLR2rV$j8dIJHxq*@svdf
zXDWPki)CBUaSfDm|Da?()h$opFcGOIE(H+^0z3|UJ>Zz8cawg2z0aiEL|p@CCQfer
zpAO>ONLwDsB$dCFxD)md2t0+cJAk`)6|B`nD4dZh!q5r`DK3SQ%RzwrLZ$;uwUToU
zkS2P`T7%G^u~qPmG=fT<fG>9iUZRzwhm;$a3m{VC3{ZCj5?}#toep7BJkeoPVlv2!
z?t<8)Lno$Cl;Pal`G4JgCP@Y8_~=9>iQgWy973|tLHhhnlN84P5wDJofFg*vRQ@c3
zHDxGRmBI7^->46wfJ_dz3ll8g{n!4FlkmwDWui6=0#7K-0WLOBumB^J=1)|L1Pg%E
zwYVInKhRNJip5s!j<PXI5wBs=P9#K0w!u~fj7sorwR&Y+O7~)wrH2J;feCw%9s|RS
zX%EO?r%+U&2`0+W6qC*#3Tx5`#Mw#`q`hD?79^TmacNX#L^8E~_{dIt8!Lmj5rp^N
zEsg!-T~x-NSow`u)0VVY6<hlj6<D|iqRbGab)J*<x!Ni)*A5~C=>BnzBXAFHO0vzU
zM<5|co0#>wLTLw~V--#xqXtqbbKnqkfeZ~oj*9d!#=s*?0d9qW*zN;76FPh<nt=T>
zQ5Rlsl(G@uT#D!OJ2XxSHpXTNXzjqPQe*B5ph*>{K-MSMz*`bU33g>L<vF`Em<NFc
zZbE7H6QTqT0@9pV=vBLYPNlydF}xNBv>EXSL=Sv2bT{sCGUYzUYoZo}S!OzI4bGq}
z!K7`t{?HE8gX92Ov-d7qvpDljJKy+WEqb$dvPr87jeVUmGr=p8_azf@AQbH$GS5q}
za4n&h_QR?I_>NQvb_+^)_PI)RM@2T1?K!4^(}(>v@7<y?6#<AW>+vc6%|6%sV<ujy
z2x9wFRVR~zwbr0k_hZt2TMPCtY-jwL+V(<#k;cE1{QN4)`<^Rt{2q#e6g94A@6twv
zE@3Q<J96?k(Ah5Z0TeMxPStG*V*_34^c2;mV~-Y>{gI#u^JI^?s<H89%vXM9C4cmi
z?=#y>GDqW}WYf&megaOqgXb?7AgU>;+d}I}twqD>oL(e&gqlAIl(xK0veubvll*eG
zv(~Ax(6LlZY&y~8)>ha-5)Il6fmxGi)Rk?ho9RTv;%3zKbRumDE$G;aMX*%=8jsbD
z<B%@TK$u+=C-pFtay?eQWDfOx3-mN^hPVahN=Ht51QJm5DU|0zlpRRvCy8qjt~?%V
zo#p6;oSzQ2*ZIm5i|e3;CYB<rEVFul+rmk9rte0a9yd6Fa$O*L*wCSBhO+vb=WyNH
zSWz&kTU-1@aC42pq`kmC7$c7x5H474#(fov?1^a<7D`AZXiQb{_}fiVj5<-REegIC
zy+y}OY^{39xD?1{-W*fH`RYe#wOfVTIo-oF<23mZG%ph0bC6Qo()fl(nIVqdsgWWX
z_;sCtSm|o636m?CqttGu?PQ2>{$V8P0Zw4O@dlV0L>!{FclM5|N&@wXMqh`)=vRbJ
z6ExMtTf=fRjpHsTuWqy1DkFA?8rH#5G8QvA1$G;96neclLwyNh$86bS3F7gH!xq)Q
zQxNY=!s{W-QqE^dLJlM1&^o-<Ce-q2f^Xp_RI6<UN8#B~0runyQ65T^pSs{YlJS}5
zd38>2$q*)`MxSWNv-cQt?FtY?FT@vW3o!YeO*S>~UPeN##IHKFg0Qu1Eefgt*JxwC
zL}*BDj~LrRCP67BOIThdvxwzIHY#>NI>|((wkOYoV%IU9aro8y-n2_rl<{^xys9KX
zmXgC9@{xs2**1OxuU0lLamYk9w<^OV&)SAzRzAHlqwwYCyue10Kj=*t6O+k>YhK!m
zWNTX(0SP8=MQWUp&V*WY0Jfups438c#cU^Vcx}T{|A5((tu4xyqwv}-(hZoQ2;Kf?
zs|CH439{Td)wMXO`5#rt8g@!W|M;hZ&duW7NI8TbI4f4pI}$M?lxtzkf#=IKKJ5p6
z!vnf~16-pu-e8-vpq{8|vbkhVu6yKoq~n;PfuqgUxeyKyC4fACIy(A~<Jh?MNUUtb
zz-Lqe$>aDk<tlR>FY=T%t8BVc*0Xaa*mAEcvm=Vm{qs`KuGh_A<{|1fnzw5Q=0P&{
z(9}o7+}*20GF~uQ$vjG1lGN$mLVS@qt&73Vz+T|X-(r;lA;jahx1e9mkg93(6}P)x
z3J6AGnmqyc@-$J4dh|Ud#Nzz)+ez87Gu_asgO(y-xhc{EL`jk)J#mFT%!mu>hwp|C
zkvw`QXQ<&TVzO&cBRAId_jXZJD_wlVsRQv-17$pV=W(BEXnr!~)EIb6bZz$ZyxbVg
ztI2b#lx^y0OF1RhNGCE5dAkj-SWK&>7x4Y&6<P#pT~Rj-DwZ=C#0`_o{w*CcwMl$Y
zGEEn`h5P-P?QrD%L_M+326oxDWNh*qL~gR|7~)!%mNYD3sv$Lp`BtyYLLYOMIAoF+
zn?vF+%FkS~%FYK=|J)#3c_ohH-`5i}^`!YEVv2z2I*AvVICl_@x%c8pOzLnvY4Wii
zA<FH3+0g;lvz&)Urmz#%T8_3V8xUCgt<vKgWZ>4gXg&0pU`9bG<*7T0X%2#mc35Ac
z&PGJ7=WM{deY|BEo|f85UuZe0OzBgGJ`lVl$#%}nG^#P=z3;${H_DPp#NAv~C0VbH
z0LciOaPv+U1**lA#@04!8aH0j#2%xUDnlF9aq%!j4!Zy~kKTagUlX?ozU2ytySR9r
zvXyT_*3Vo$vAf*AaC^GymjBSXEb4VfL5vRSZb{6~Tu!_`Y&Vy?8W{)MwGn=ROVKIK
zGvF|1O7z4XcLdfV4@ZIQf#7QcNSQJa#@t^Aj;@d?8wV(<F(SQ5mkc75+makxmL_Y}
z69*_^77j1+II=4kE1H}1gfgXagY1*~(b#%KO+=-o_;bVh$zcKQqcGx$p4eQOICB9h
z`V873t|VL4nK-<j7@aGC8*<4?vT_B%@^Ye{6v$raEaa^ma1>Xt^Gb-KaJ$<F)0vMO
zpA744#N{@Aa68mrlq}Q80DQ=CMk&r9EK9M~H5)v4$`K#WWg2HNizT_Na)7kW<c%6`
z#MY9&DVsQo<&<TklD%nWLROFJ1d+tndh0LqQKmrjF&F8T%5dqC8pLkyg^U<S@r8`X
z4Nq`K<FCMj1k_v(#7X>hblcRqsr@gsS(M?u^Hw|HUH;}bJmI+{-d&QXzHfZ<kV$^*
zGZH>e@TNh21~IbjIc~19q$n9no1?Qvl5#mYPU1|#Si1|Vb^n+#EC-{L!Gxq6MD2r9
ztQ|gz=~ty6R6O(<hcoz2-UYErI4`$_s2uhWqQQb+GLB?hDhcgi>T_j}Nksj>da<}i
z8aL0%<(Mb^i-(eye#c5bK#P)z(PzAKx~Ea0HzNI?@drj)tU{WbPC7STJ?9uCY`J}g
zx;bj7O7ZHE%Xh8Iw=diav_GHe|Li9BzmeI55qk4Ti%0DibJM5Iul=X*+W#zA8$6mj
z5bV(KqwsXU;pOb?aNQ4H@83M#d%?q~O85Jjz}SloR7KDC5#?TrzjvJXFmN0jIRB|B
zXzj*BN=hA~{r2ZQz?a_)=6{J_d|w&*?WZfXPUP*?r00Q&^n7*j`RJeMZ$CrWZ+jm+
z4(ZXH`B8dyd=6^#r-1V5_hnev3#wC<rJBpzgWHtv?V4$+9v*PxDHB~{nooYa{k8AX
z^+n_&W1ZhI{psJKuU?MaF3%tQQNn0gb>Ry7Lo@Y9>Vmb@)$60_55qr!KkB|G78p)l
zda#|m>B32u(GSz9PG9Tl<UY*(cDGVZd)1w+r-nG0I6}J?HC%s9;gG_J@7~Mxqs8^7
z$zkMsrk{uNuR?dgN?X)!*OffW+tBzu`0GO4SCQ|I7}56EQ(@o9ikG9il)7p^cK`lk
zEcuVqXLsFru9X($;MkLy!+sYM<u!jNw9xB|YoAL%R7K6p;ZUoIBR^Z8<o7gNMS6bO
zveqHY!l&+=d+8YB_iJbKu!p(_VV%t`t>3htv`3a3?JF&JjVCFcqeq)P%X#;^VP@Wy
z*cZ~{b^J0czpMXrIc;!Y<$mFj!K&6Ht@piZ$-y_dA3VQx{|-t${k-<}$VJbg*vvOt
z=Q78kLF+<z$E*YIm9jc>!;c2PewFj#HRd0SpHV3YqcgvglFYoIKfb+&Zklb3?$>np
z3Ay0|y-{iH+WF~i^|jyS)TWCVm5WA=xXC4XH?MW<_vg(nd^mT}!M%p_<h74kRo>vj
zBMDRMDb0PLZxP40TKDGS;=X?{r(b-mw3aHl%Rl*Y)bIAkonQYuHfe5FS~t7&g7kH+
zq>z7GIWD~N*AD0EM?ZQ`6HpuP<FMQbu|map%$j=DD0HjeXp8X`^wF>Kg1(r(HY9ut
zYt!hwzRtd@2m5cjxANT2Q)fl=5Z~>M;C%9jN7|9Kg-vD8E}uK{&qYRYM28A@347+n
zzELUwMNCjNAm`Q}KYYq|+uGJ2BXWc93rx26)^$!rPFtsbw(@RW8)6$ERd=zier;vO
ztga}h&$Q^bHm-ej(<@BJ^Jz%K-Jthvul1ao@5FjEK`z?ZWYl$B7|F)gTU$lyL4P!?
zy?7|I>HPz$<jG6gne)UKC$HC_B?ms(b4-H*>b;ZK9SC?W?R|BFHSX1PI_}(S)w}b>
ze+utTJ>jqR)Y$hS`qw#o%~TEl$2Siydp<tamVE$wQD<>_gOl!w8yBZ8AZq^nb5uQb
z>{WKoHp_9p<Jp^i-8G^=--?`?3EER+jFa7S@jD$fQ&r{;xgpFQSA(E0kJ!BVQ8MFl
zq_O=uoUjaG-1NKA`$Owg|E(XfziEBk!mGC9C7a!Yg1mNr9UIqtx;$8TV)yX4vQx6B
z@CiKT&$=FM)+V3Ev_zc`6Iv!M7IUAs6nOjGO6Rz+_l7MPS>O4f8jbf1ecE<DOwGRT
z`OV;$H-^WFx8B_8H(}N#+c*W^W!Bv=NBtL=k(zzf(p*XL(xENitZ%&g>VIQ5bZw~W
zx~`#`ec`qjHqM#1iNo(_ZO%RwR36y$=YDnh0p2RBBd*d=<-%mzLW`L7%-(M9k9x$p
z#BE781YI5VDV-k*U+g#>c{-|2DQ)fPh}CsU-l*@#K64|VaaA3oFWT5u-C%V#eKl7M
zx{FkYtWOWpRIb3iKN(vc3~nkg($@-`ABuk}R}1s0QKGr%q0Be=(LWM>)doTwqMT;-
zTfHw3|2!#mO?BM`e}jVW(|#$K*<kD?m1X)*V(NaoOm=EH^#AJrmbk1v&;FyM!kP?`
ztyen=mz_7j9$aGB1QOF0yNIr@{;|Au+f><STarf~<%54g@cd0BLiFvgj%@vP)K_)J
z$d(N`lP0Coqd&Gi+Vt4_z(x~zM)BgB@87>`-*qsULOV12wI;16o*l3-a(^E(rtjGk
z{+Yd`vwM0ly|}Z;2%I`?dMR3yk=|^zdwwmo!*Oa|l&Vss$BEvt0$8zqWYp%n>2^<*
z8FSvV*T48*6wBwIm#TBqciu}2I)}gc;Knm0q{H{Xl1h&wzo%c<Whvpdy4P~oQnfSd
z=YN+w@4R+N7pD6(n=xs<>>%fADKGu~jPfJ60e<+!p05t)BC1;V)f=1X<{0g8e^?WK
zEwpd=_DG-B7hU?@mn|0?7wYNLgFA&;_UF#;*GV_Au23paR`BfJ5@!^$IGIYl?3nLq
z-_lxo@`G8U&JL}B7CUvN0F8TQ`zYMy!St6M<^!b-iq$4P+~w(XOBKETsA<c8=f7ze
z>6uwGl$LUXRSgau>bQF1g<fYt#533qCFc`pJ+I$u_v|i9w?4J!_2cv)2mO6d7xUgP
zQtui)9UJYK8h=O$%(gA7Pp5|}sK!*lLvzyiJ|&HI=#S&?oggW@kB4l;TzNo!nycbI
z7&7^8*&rg<=(y)^j7bLUslY46bA6om8>RDKM)t7!bm^HdGX{4c!?cyWPTYIH=f?5O
zbc3hIE;G)XYbd#&_}UO|51qe0#jQKB4eR`P7vU5AX2xD|;f~OK9y4!spJwir6rPB>
z^))c_Wny9Y_TmdCV_v_$>N$0CUxvlglaK7pci($u_0;&$=<8aIyPu#_Guav+p6pO)
zjrsy+xZiL2MwW20%$TpR6q6(y*_7Aa;DHmN*{NYxo0$vNSbxJ<MYjr$z6_>AxqguL
zqb{-W{{_VmI`2#(N;kpXk*N&T{k0pGt6D|fEZ<S$qKz1^aN`y4ZPD@a!&^kb<;^%D
z3SPc~Rflim?p+OAB{QRz%#1#qGxdzBd7Y3j#x{A3tz1QDwyPGn+Y#(zGNocZm)2aJ
z-NYKs*^aAP=`>#pY0J!bTC#1gwTDYnchb6<QElC^@&~y2jwXC3XiV;~8gEs@EzGGx
zzR@HiPNYPeywUhij56XVBYL((i#$p#@0~kid|M1>VMrHbc8GsS;1`N0SxI@l@?*gA
z0WI<an#1D)GZStG{K*rSpFA<)hsxV?GD&lv6t-V^viUJn`GAD{fF|Jq@=Ub}Gu0~3
zRI4x#t@64mk6HXuP@B2GxW=XOA-T3JF1l8E(X|STu2o)it-_*fl^0#Bu;^OkMb{$C
zLyNrVTExv<o`<9`4@r3*lHxqbi?u~qtS#~+wFr~cB2Q9F<=S5I?~4jAI`UF(PKJ)}
z@7yLlTwdnQ!ZL4`mq@d)M4II#(kv{IW_gJ;3o9uhFM@=yp(W&*P6#udkY_p}%ydGY
z>4Y%T33;Xy!b~^GGu<T2bdx;OO~On!$ur&5EWYU<aWh(c?=j*gn)psk#LWfq95!M?
zCLZTU49-JW&hSbXHmK%qh=-Qdc)%?n_iy!cE5*rZIATK7oDd%pG40_`sPgq)UR&+l
zlScN;R@K;Q6SkbtUpbKF2L2@%<4Dc4+^lZXrH5p=B~LV$1Xb94;_~Jb7dD@W0ZOQ5
zO2rKSxKHw6(AV%#Z@Zbc3PsJ$4dwOn^Fc?AjjE&S0f(EZnfgI-fkf1NB0Lp#wGnXy
z5$zxm7atNa_u?MaIqn#rVU>G+93Hed+@Qsg3|it5kMrVue^ogoVua2;ryI^&2e~AZ
zcp^%=Nqmk)JZy{e58E`;GIMDyPdW@U{K)xWF5`xuW@~vb!I)E%o<$w9b<N-g?rAH-
z&#v`RZ{n77gV~+v4c!dS?yH}Sht^PdBL?yrK|RKs`9JwOkGF`=(}+5g9THJJadGuT
zJSU5D&&gPUh+~O38)EIkLn5Af#kr?m!HilQM??{EPrGu3h{Q)c<BG?`r55oZD;^Vf
z7!i-D+Jz+)@eHb+o7?2f16n@E79Kg=TNyQ$5Kr189#hBT;wp=H>KreR849|awK5K0
z_*VJcGS<6R%2@ZUm33ch*SpBfSnoy2Sm*K|V_i2s*0FBNSjUnqW9{*TvGyV}W379J
z#v1Fjj5QwO8qtffjOgc~M)cEMBl7m25&2xyh+0)<MBNoLqHYx%QBO{dh=-tteBq)Y
zU#4h8tQV87U^V2AMhy9q0Ym=$$&lXkG~~;?q)$K$*)m5%cK_6nE$1*~PxB1f(;P##
z@WhZUelTRu(G1xtA49T~*^sQYGbGDj4cSFOb~9PBZpV;3Ju)OuwGHt)L__k_Lp=O4
z#EWJO@e@-+{7l>sua+^yi<=GMnpi`)2Hg-2It}5<FhjUN#1JiFG(-y|4beE%5Irq3
zL<{N+(P}S4u&l}uEc-MB3)Bq3Ln=e?#N7})t2G3x2@PSJu3o=q2$r!Mf=7LZU@?MG
zz3S2sJj|(H&Sq49ufeEZ2y0Z&HH_+Mlu^B$#1O26uYR6tR4>yosvoEu)lY(|pP^KJ
z?ZT*9r)yNr!i=i5rAF0qe}jG}!=S5r4LSlh=+{CFI>9jLa~7j&ZbjE;8gvDTL6-s<
zbd9c2)#&+^ss?$&L^mri$O=n?tQ<D@8zTn4+|b~k?i&1;U<`geu0d{|@atX;{#!W)
zKXo?fAe@^R82nNf^8GflkAuNa$PDiJxxr1)4Q>s)!9Bt<$mtPYrfzV{3=D3`y1^}2
z=f6B>kZU0KB%eS3L+b$y+U08*u1rH8oHMzTzH+*Up7DpDiyPqw5C%WSsoaY)LN~UI
z@ZEvXtpOu^6Cw0i!capcTDf}^x~&wt-xPX!R=GJCxmX^PIqCb}Nvyl__p2l4PY+@I
zWK)OgDEL!Y90v)L(TCUjz0c~fg0GQQ2a5VK-<W2PcumP^EU(-QSz9&5%a4&bWHlM=
zsgco#>EEi8w_Ha_+pgo5hKC!|N=CQ!k(}cVnB9UmT`~O=D`Tl6{`LrJ#<grm)k>p^
z*PG^bR}a2LC<vhr=ggd{*|s*O>fV4$8MeJnCsQgE#uQZz{S|yiF&tDY<{HzAUsS=j
zpiAy>GWZ))QSZzvf7dnqhTp^R?|5gN-~gZb;HsMH?dtEpMeW|RYfJz3-MdsZc$6jJ
z7BM%AIU(jIF~^1M-zpYxQq1CX`*(K*EY41oI6F<^>@<n9(<I4GOq_Xf0^{P$$HkeC
zi!&dW#4XNzT%7s1IP-CF=Hueb$Hkc!XEGrUEY7+(=i-cu^DSw@;z|_fPN*>j<0W=(
zV>0TvT3%NjZ`7x&hCb$S@7j97IuL%FKURx)FRhv7Zac$fc&h1d*i;>|a<{Ddy&-RA
z#x~;chwqL!f|8x%Q*Y(-Y<Ly+Vckt<)nZ=DnTVEqyJUtAWIO6qA0N7PnaQO!*Rthd
z{b@$p%ICde@ULUuEPCy5x|xwjis79k7D2|4ZdMtB_rgW31n-dcq7{qYaNjF#aYRMi
zO6!hOd6%!OV0)W#*;N+=_P_BaR@EHjjP0)yT(7D_As6cl#x`D|4LJ0H;UJhruu@_7
zxHMDCkNt(t)d_vi8%T0*1lK>>^sC=ZTc%rX!~EOjw#UE8Dnas*+!>Y4c{2)e+*O~N
zGt;)NIpR0vZKHfEu#j_wl}{5cDo6j|O2gooZx}gOFUSJ1$_!>a)qzOkkwnF}9YI{d
z(1~`A^5lqvR5#IJrb$l9VCt&c+Cer2^lQ-ew;b&5?cCX=cJ12gZ*P%tEY{l8t+(vz
z+_`;=qN>|=?NPgW5VU7&ucE5`JGZcdw(Zz`L+1{4cXxMRSHIfddBct_RVnC&baAYs
zW804HH*8UxysLgN6l5hA+_?#EYkGrB?E6vK;H=xW3f-1n&|EJv??S`HR^B(PPj|PM
zYk~Fox{D`5{**2?wj<}b>Mn13R{4NlUCWFqsj;rnwAwf3xOySD8A2l}->#@S|CQ9(
z)?6hCeZlkt8?gBs_-!|bEyZ!|yl#@z2M2mt_M;6?P5dMU8@G8;SN1wfjqUU&N&cOi
z^3Yn>3jRHos<KqK_wQ6I6NmntTfAvQzkeSrHP-KcSKW^(NO7<3xR#B0%V(jNFx#@+
z>OL3E3QdY$a=pa*)0wUMu)5vM;Y>!aBB*z@%XD?SS5KF0CwD;KqUG~SYOLFzi+DBX
zA71dcR#ZY;JErnlTJOwcB=zsGI;q+!FqkQ(M>TIc<R?PVT7!v;KI-abMoEnYy9cVB
znM{zkP;>2c_Vjlr%T3^hF;{o|HXKl=nei(-yx*Ov+qpCnbaT$ldQGByXr+n;Gu&|F
z4`qkzA-poc-dZ>byh^@Vv(2tiFB$4qofT$~8LyOsXlbV&swFRuT~=@x7k~EY?rydr
zo8#J<Qjs+E;268$$5GkUGBvitGDm_k3N{;LWu7S&Nh`#)gYS3CrO=y8XSY~|qE^*<
zwM>TfkBUF-<+GO2y@_(AV#|9D`c;7z7xb>eGc4#ldV`&4g5D!Fwgo3?xzReVmNr-;
z3R<wBgoHabR*JZ<x*=~53c*W4=oWO<WdcFA>P1^mYhL7DBS23znhxCt_V;aM+Yt5n
zkFUIs*-8o(rN(2ZR2<hf(*@cJ*uxHWi)Ff6&UF0ltl)LSXog-+s|tX>Y6xqgpcfq7
ztv-9XR)A4!YHW9(>X=14XS%~)FX(lyH+c2aquYA*8C354xeYA4(PP+N<E@-W2(im@
zxyJ2;TDM&e>=iq%LBTx_Ti3&fdH-O4cRDN*QJcTPvhoTd7Bs9adEL*re+}&PPo&@z
z?<nadowZA^N9fk_j^5`#DpFK+q`;;ks#?BYc#T@pg?VAJ-T<WBa?rqbAJA=YG{YL1
zf9cz*=PQ@(a!pCjGW7PndO`C>mNqNComM6{oYRpXe{F#1aK5vYb(5k-gLa3K+#Njp
z=C3v7J_I%8*Bkc{!}*ev^$OU}I8I#kM$<ZI_GnJlyY}tSwF5eT?ej)Z<Rl7zEPuXL
zpKjsLqJ2kY*ui=?$!KiYtImiMtGsJ!<vO@k_g=hfq2Hu-Ste^y)$_@MW$WxoN;z@c
zoqoIIUnu=5-eFlrspzGIj{neS2QNXly+c2s=W#JAM~E_J31k-vFLmB0g;N)96yYfh
zy$-QrD{8rNgAUFNuf6-**s{jXPL(a{c87Hv8D-cXfs+iO0qrrJ+=!`X&;cOwQGaNl
zIXWW5z>Ob%ut=)LhtkpZc7G4L;F(JJ+Twj`%0H*QhTrW~7a5z2FGzMMlz%ZXxv+lm
z_!Y)=27TPcj6B-M2;H@cUi|(Ath%-;&pWw}I+U8wj^Dw3b~P7lzs9x-^a~+~_(13~
zmm1rm6`fMK@AF&bcBij2<cg|*4fN<4!Adfi(FA$grBy}^)kVu<@{<&-87e0UBQ{i2
zFw&Qd^UEXUj6Pa54z4c9%5n(Jadg{NhqYXuG}JBKB{R4KRcUB~VW$%smC}KEILGB8
z2}U|>+7t{Ac7{g>-oORHt3DJ@EOX_l27e<#)cAu-S}K@Yc}23fJOg8UaCa4o?pXDQ
z1<M4&XZIe{8%h|c**)fvRWdU>thAO74a+c}c#oAc*#+4z!D0V_Cs)c!qcc`;wIQX^
zaqZwW%l>6ruHHCemKujjxqRlTTt@N#%6c7LV`j{B#tOl!YX|SJnPvD7)m9p9J+FBI
z@vmauRT}*QY;?U2r_moVH`-Q4b2X(=&*ITgHe*-*3XTY#5d}xEe|txH5jWbFpB$}_
zODl~dmh1m7__QGAA;(b~(^kP>+t`@Vhe{)=W^3k%?yx^|UXx&N4Gr1)0rr>w2p9kM
za}2i9?4O9~|I2^pDvENPqA2(|3uS%-|9VN)Z=jOjF;Nud%_B!FcKpf){+0a>F8kHv
z8v1)z{;$7QJ|8~^U4ETBt@61?hmL2zSJnY%$EVKZU++Je|GW+KcNi5#ITA|$OPBDk
zA0p{LioEVo6y>eZ@x@E|*ZNSoZ4l%?gZJ3+lb7<Z1DnO=$MSFD_#4>oxbNX#8&0kq
ze}>@rQKXCg{3rX}6ZX1kjrw=U@$C0#+3V!-<acuD@05|_=L-Dm-QPbt^7y;S@$7dS
z*=y|@>Hi>(XXQVL<JjvJt<mZKTXH=6U0?Q^KQ{XFr^)fF@7u_|zH}}5-4}BFXZ&9i
zuC$L@{N8ZwpEe4^*O1pI{a-<@9AAgy>(+Vvza#zZc=kKU^=ll@{`(H<jvdc_FS!B7
zv)^mmNRDUqut+|i{Z8`gTm0{T%hLZMIez)bF?hx2Z;U?v=j8agjmP2@zt?<Obo==w
z;wm4H-+!LFA~-&Ka&-B<hR=`D-&e!&n-y{Y$6kLg=o7vFevRXoHbnQI$8QiH|DCIX
z;~(lfF7o&@B*z!;3Vvboy7Qwy|6<AUpZi2`{J_A*$m2I}5SQPvt3gej@X_e<yIS)3
zwfCJGl;6v>k)PisIex_neyzCv%A+HX5BDA1=TE;Q=wI*ygBL1_^0A|<`~TxZZ7=-a
qOigeBN)1Mr|EZGWm0WOq-x}@b{{jF2|Nj910RR6J%=uFob0z?eb*~Qq

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/composer.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/composer.py
new file mode 100644
index 000000000..6d15cb40e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/composer.py
@@ -0,0 +1,139 @@
+
+__all__ = ['Composer', 'ComposerError']
+
+from .error import MarkedYAMLError
+from .events import *
+from .nodes import *
+
+class ComposerError(MarkedYAMLError):
+    pass
+
+class Composer:
+
+    def __init__(self):
+        self.anchors = {}
+
+    def check_node(self):
+        # Drop the STREAM-START event.
+        if self.check_event(StreamStartEvent):
+            self.get_event()
+
+        # If there are more documents available?
+        return not self.check_event(StreamEndEvent)
+
+    def get_node(self):
+        # Get the root node of the next document.
+        if not self.check_event(StreamEndEvent):
+            return self.compose_document()
+
+    def get_single_node(self):
+        # Drop the STREAM-START event.
+        self.get_event()
+
+        # Compose a document if the stream is not empty.
+        document = None
+        if not self.check_event(StreamEndEvent):
+            document = self.compose_document()
+
+        # Ensure that the stream contains no more documents.
+        if not self.check_event(StreamEndEvent):
+            event = self.get_event()
+            raise ComposerError("expected a single document in the stream",
+                    document.start_mark, "but found another document",
+                    event.start_mark)
+
+        # Drop the STREAM-END event.
+        self.get_event()
+
+        return document
+
+    def compose_document(self):
+        # Drop the DOCUMENT-START event.
+        self.get_event()
+
+        # Compose the root node.
+        node = self.compose_node(None, None)
+
+        # Drop the DOCUMENT-END event.
+        self.get_event()
+
+        self.anchors = {}
+        return node
+
+    def compose_node(self, parent, index):
+        if self.check_event(AliasEvent):
+            event = self.get_event()
+            anchor = event.anchor
+            if anchor not in self.anchors:
+                raise ComposerError(None, None, "found undefined alias %r"
+                        % anchor, event.start_mark)
+            return self.anchors[anchor]
+        event = self.peek_event()
+        anchor = event.anchor
+        if anchor is not None:
+            if anchor in self.anchors:
+                raise ComposerError("found duplicate anchor %r; first occurrence"
+                        % anchor, self.anchors[anchor].start_mark,
+                        "second occurrence", event.start_mark)
+        self.descend_resolver(parent, index)
+        if self.check_event(ScalarEvent):
+            node = self.compose_scalar_node(anchor)
+        elif self.check_event(SequenceStartEvent):
+            node = self.compose_sequence_node(anchor)
+        elif self.check_event(MappingStartEvent):
+            node = self.compose_mapping_node(anchor)
+        self.ascend_resolver()
+        return node
+
+    def compose_scalar_node(self, anchor):
+        event = self.get_event()
+        tag = event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(ScalarNode, event.value, event.implicit)
+        node = ScalarNode(tag, event.value,
+                event.start_mark, event.end_mark, style=event.style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        return node
+
+    def compose_sequence_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(SequenceNode, None, start_event.implicit)
+        node = SequenceNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        index = 0
+        while not self.check_event(SequenceEndEvent):
+            node.value.append(self.compose_node(node, index))
+            index += 1
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
+    def compose_mapping_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(MappingNode, None, start_event.implicit)
+        node = MappingNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        while not self.check_event(MappingEndEvent):
+            #key_event = self.peek_event()
+            item_key = self.compose_node(node, None)
+            #if item_key in node.value:
+            #    raise ComposerError("while composing a mapping", start_event.start_mark,
+            #            "found duplicate key", key_event.start_mark)
+            item_value = self.compose_node(node, item_key)
+            #node.value[item_key] = item_value
+            node.value.append((item_key, item_value))
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/constructor.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/constructor.py
new file mode 100644
index 000000000..619acd307
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/constructor.py
@@ -0,0 +1,748 @@
+
+__all__ = [
+    'BaseConstructor',
+    'SafeConstructor',
+    'FullConstructor',
+    'UnsafeConstructor',
+    'Constructor',
+    'ConstructorError'
+]
+
+from .error import *
+from .nodes import *
+
+import collections.abc, datetime, base64, binascii, re, sys, types
+
+class ConstructorError(MarkedYAMLError):
+    pass
+
+class BaseConstructor:
+
+    yaml_constructors = {}
+    yaml_multi_constructors = {}
+
+    def __init__(self):
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.state_generators = []
+        self.deep_construct = False
+
+    def check_data(self):
+        # If there are more documents available?
+        return self.check_node()
+
+    def check_state_key(self, key):
+        """Block special attributes/methods from being set in a newly created
+        object, to prevent user-controlled methods from being called during
+        deserialization"""
+        if self.get_state_keys_blacklist_regexp().match(key):
+            raise ConstructorError(None, None,
+                "blacklisted key '%s' in instance state found" % (key,), None)
+
+    def get_data(self):
+        # Construct and return the next document.
+        if self.check_node():
+            return self.construct_document(self.get_node())
+
+    def get_single_data(self):
+        # Ensure that the stream contains a single document and construct it.
+        node = self.get_single_node()
+        if node is not None:
+            return self.construct_document(node)
+        return None
+
+    def construct_document(self, node):
+        data = self.construct_object(node)
+        while self.state_generators:
+            state_generators = self.state_generators
+            self.state_generators = []
+            for generator in state_generators:
+                for dummy in generator:
+                    pass
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.deep_construct = False
+        return data
+
+    def construct_object(self, node, deep=False):
+        if node in self.constructed_objects:
+            return self.constructed_objects[node]
+        if deep:
+            old_deep = self.deep_construct
+            self.deep_construct = True
+        if node in self.recursive_objects:
+            raise ConstructorError(None, None,
+                    "found unconstructable recursive node", node.start_mark)
+        self.recursive_objects[node] = None
+        constructor = None
+        tag_suffix = None
+        if node.tag in self.yaml_constructors:
+            constructor = self.yaml_constructors[node.tag]
+        else:
+            for tag_prefix in self.yaml_multi_constructors:
+                if tag_prefix is not None and node.tag.startswith(tag_prefix):
+                    tag_suffix = node.tag[len(tag_prefix):]
+                    constructor = self.yaml_multi_constructors[tag_prefix]
+                    break
+            else:
+                if None in self.yaml_multi_constructors:
+                    tag_suffix = node.tag
+                    constructor = self.yaml_multi_constructors[None]
+                elif None in self.yaml_constructors:
+                    constructor = self.yaml_constructors[None]
+                elif isinstance(node, ScalarNode):
+                    constructor = self.__class__.construct_scalar
+                elif isinstance(node, SequenceNode):
+                    constructor = self.__class__.construct_sequence
+                elif isinstance(node, MappingNode):
+                    constructor = self.__class__.construct_mapping
+        if tag_suffix is None:
+            data = constructor(self, node)
+        else:
+            data = constructor(self, tag_suffix, node)
+        if isinstance(data, types.GeneratorType):
+            generator = data
+            data = next(generator)
+            if self.deep_construct:
+                for dummy in generator:
+                    pass
+            else:
+                self.state_generators.append(generator)
+        self.constructed_objects[node] = data
+        del self.recursive_objects[node]
+        if deep:
+            self.deep_construct = old_deep
+        return data
+
+    def construct_scalar(self, node):
+        if not isinstance(node, ScalarNode):
+            raise ConstructorError(None, None,
+                    "expected a scalar node, but found %s" % node.id,
+                    node.start_mark)
+        return node.value
+
+    def construct_sequence(self, node, deep=False):
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError(None, None,
+                    "expected a sequence node, but found %s" % node.id,
+                    node.start_mark)
+        return [self.construct_object(child, deep=deep)
+                for child in node.value]
+
+    def construct_mapping(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        mapping = {}
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            if not isinstance(key, collections.abc.Hashable):
+                raise ConstructorError("while constructing a mapping", node.start_mark,
+                        "found unhashable key", key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
+    def construct_pairs(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        pairs = []
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            value = self.construct_object(value_node, deep=deep)
+            pairs.append((key, value))
+        return pairs
+
+    @classmethod
+    def add_constructor(cls, tag, constructor):
+        if not 'yaml_constructors' in cls.__dict__:
+            cls.yaml_constructors = cls.yaml_constructors.copy()
+        cls.yaml_constructors[tag] = constructor
+
+    @classmethod
+    def add_multi_constructor(cls, tag_prefix, multi_constructor):
+        if not 'yaml_multi_constructors' in cls.__dict__:
+            cls.yaml_multi_constructors = cls.yaml_multi_constructors.copy()
+        cls.yaml_multi_constructors[tag_prefix] = multi_constructor
+
+class SafeConstructor(BaseConstructor):
+
+    def construct_scalar(self, node):
+        if isinstance(node, MappingNode):
+            for key_node, value_node in node.value:
+                if key_node.tag == 'tag:yaml.org,2002:value':
+                    return self.construct_scalar(value_node)
+        return super().construct_scalar(node)
+
+    def flatten_mapping(self, node):
+        merge = []
+        index = 0
+        while index < len(node.value):
+            key_node, value_node = node.value[index]
+            if key_node.tag == 'tag:yaml.org,2002:merge':
+                del node.value[index]
+                if isinstance(value_node, MappingNode):
+                    self.flatten_mapping(value_node)
+                    merge.extend(value_node.value)
+                elif isinstance(value_node, SequenceNode):
+                    submerge = []
+                    for subnode in value_node.value:
+                        if not isinstance(subnode, MappingNode):
+                            raise ConstructorError("while constructing a mapping",
+                                    node.start_mark,
+                                    "expected a mapping for merging, but found %s"
+                                    % subnode.id, subnode.start_mark)
+                        self.flatten_mapping(subnode)
+                        submerge.append(subnode.value)
+                    submerge.reverse()
+                    for value in submerge:
+                        merge.extend(value)
+                else:
+                    raise ConstructorError("while constructing a mapping", node.start_mark,
+                            "expected a mapping or list of mappings for merging, but found %s"
+                            % value_node.id, value_node.start_mark)
+            elif key_node.tag == 'tag:yaml.org,2002:value':
+                key_node.tag = 'tag:yaml.org,2002:str'
+                index += 1
+            else:
+                index += 1
+        if merge:
+            node.value = merge + node.value
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, MappingNode):
+            self.flatten_mapping(node)
+        return super().construct_mapping(node, deep=deep)
+
+    def construct_yaml_null(self, node):
+        self.construct_scalar(node)
+        return None
+
+    bool_values = {
+        'yes':      True,
+        'no':       False,
+        'true':     True,
+        'false':    False,
+        'on':       True,
+        'off':      False,
+    }
+
+    def construct_yaml_bool(self, node):
+        value = self.construct_scalar(node)
+        return self.bool_values[value.lower()]
+
+    def construct_yaml_int(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '')
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '0':
+            return 0
+        elif value.startswith('0b'):
+            return sign*int(value[2:], 2)
+        elif value.startswith('0x'):
+            return sign*int(value[2:], 16)
+        elif value[0] == '0':
+            return sign*int(value, 8)
+        elif ':' in value:
+            digits = [int(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*int(value)
+
+    inf_value = 1e300
+    while inf_value != inf_value*inf_value:
+        inf_value *= inf_value
+    nan_value = -inf_value/inf_value   # Trying to make a quiet NaN (like C99).
+
+    def construct_yaml_float(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '').lower()
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '.inf':
+            return sign*self.inf_value
+        elif value == '.nan':
+            return self.nan_value
+        elif ':' in value:
+            digits = [float(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0.0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*float(value)
+
+    def construct_yaml_binary(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    timestamp_regexp = re.compile(
+            r'''^(?P<year>[0-9][0-9][0-9][0-9])
+                -(?P<month>[0-9][0-9]?)
+                -(?P<day>[0-9][0-9]?)
+                (?:(?:[Tt]|[ \t]+)
+                (?P<hour>[0-9][0-9]?)
+                :(?P<minute>[0-9][0-9])
+                :(?P<second>[0-9][0-9])
+                (?:\.(?P<fraction>[0-9]*))?
+                (?:[ \t]*(?P<tz>Z|(?P<tz_sign>[-+])(?P<tz_hour>[0-9][0-9]?)
+                (?::(?P<tz_minute>[0-9][0-9]))?))?)?$''', re.X)
+
+    def construct_yaml_timestamp(self, node):
+        value = self.construct_scalar(node)
+        match = self.timestamp_regexp.match(node.value)
+        values = match.groupdict()
+        year = int(values['year'])
+        month = int(values['month'])
+        day = int(values['day'])
+        if not values['hour']:
+            return datetime.date(year, month, day)
+        hour = int(values['hour'])
+        minute = int(values['minute'])
+        second = int(values['second'])
+        fraction = 0
+        tzinfo = None
+        if values['fraction']:
+            fraction = values['fraction'][:6]
+            while len(fraction) < 6:
+                fraction += '0'
+            fraction = int(fraction)
+        if values['tz_sign']:
+            tz_hour = int(values['tz_hour'])
+            tz_minute = int(values['tz_minute'] or 0)
+            delta = datetime.timedelta(hours=tz_hour, minutes=tz_minute)
+            if values['tz_sign'] == '-':
+                delta = -delta
+            tzinfo = datetime.timezone(delta)
+        elif values['tz']:
+            tzinfo = datetime.timezone.utc
+        return datetime.datetime(year, month, day, hour, minute, second, fraction,
+                                 tzinfo=tzinfo)
+
+    def construct_yaml_omap(self, node):
+        # Note: we do not check for duplicate keys, because it's too
+        # CPU-expensive.
+        omap = []
+        yield omap
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing an ordered map", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            omap.append((key, value))
+
+    def construct_yaml_pairs(self, node):
+        # Note: the same code as `construct_yaml_omap`.
+        pairs = []
+        yield pairs
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing pairs", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            pairs.append((key, value))
+
+    def construct_yaml_set(self, node):
+        data = set()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_yaml_seq(self, node):
+        data = []
+        yield data
+        data.extend(self.construct_sequence(node))
+
+    def construct_yaml_map(self, node):
+        data = {}
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_object(self, node, cls):
+        data = cls.__new__(cls)
+        yield data
+        if hasattr(data, '__setstate__'):
+            state = self.construct_mapping(node, deep=True)
+            data.__setstate__(state)
+        else:
+            state = self.construct_mapping(node)
+            data.__dict__.update(state)
+
+    def construct_undefined(self, node):
+        raise ConstructorError(None, None,
+                "could not determine a constructor for the tag %r" % node.tag,
+                node.start_mark)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:null',
+        SafeConstructor.construct_yaml_null)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:bool',
+        SafeConstructor.construct_yaml_bool)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:int',
+        SafeConstructor.construct_yaml_int)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:float',
+        SafeConstructor.construct_yaml_float)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:binary',
+        SafeConstructor.construct_yaml_binary)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:timestamp',
+        SafeConstructor.construct_yaml_timestamp)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:omap',
+        SafeConstructor.construct_yaml_omap)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:pairs',
+        SafeConstructor.construct_yaml_pairs)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:set',
+        SafeConstructor.construct_yaml_set)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:str',
+        SafeConstructor.construct_yaml_str)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:seq',
+        SafeConstructor.construct_yaml_seq)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:map',
+        SafeConstructor.construct_yaml_map)
+
+SafeConstructor.add_constructor(None,
+        SafeConstructor.construct_undefined)
+
+class FullConstructor(SafeConstructor):
+    # 'extend' is blacklisted because it is used by
+    # construct_python_object_apply to add `listitems` to a newly generate
+    # python instance
+    def get_state_keys_blacklist(self):
+        return ['^extend$', '^__.*__$']
+
+    def get_state_keys_blacklist_regexp(self):
+        if not hasattr(self, 'state_keys_blacklist_regexp'):
+            self.state_keys_blacklist_regexp = re.compile('(' + '|'.join(self.get_state_keys_blacklist()) + ')')
+        return self.state_keys_blacklist_regexp
+
+    def construct_python_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_unicode(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_bytes(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    def construct_python_long(self, node):
+        return self.construct_yaml_int(node)
+
+    def construct_python_complex(self, node):
+       return complex(self.construct_scalar(node))
+
+    def construct_python_tuple(self, node):
+        return tuple(self.construct_sequence(node))
+
+    def find_python_module(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if unsafe:
+            try:
+                __import__(name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python module", mark,
+                        "cannot find module %r (%s)" % (name, exc), mark)
+        if name not in sys.modules:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "module %r is not imported" % name, mark)
+        return sys.modules[name]
+
+    def find_python_name(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if '.' in name:
+            module_name, object_name = name.rsplit('.', 1)
+        else:
+            module_name = 'builtins'
+            object_name = name
+        if unsafe:
+            try:
+                __import__(module_name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python object", mark,
+                        "cannot find module %r (%s)" % (module_name, exc), mark)
+        if module_name not in sys.modules:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "module %r is not imported" % module_name, mark)
+        module = sys.modules[module_name]
+        if not hasattr(module, object_name):
+            raise ConstructorError("while constructing a Python object", mark,
+                    "cannot find %r in the module %r"
+                    % (object_name, module.__name__), mark)
+        return getattr(module, object_name)
+
+    def construct_python_name(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python name", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_name(suffix, node.start_mark)
+
+    def construct_python_module(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python module", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_module(suffix, node.start_mark)
+
+    def make_python_instance(self, suffix, node,
+            args=None, kwds=None, newobj=False, unsafe=False):
+        if not args:
+            args = []
+        if not kwds:
+            kwds = {}
+        cls = self.find_python_name(suffix, node.start_mark)
+        if not (unsafe or isinstance(cls, type)):
+            raise ConstructorError("while constructing a Python instance", node.start_mark,
+                    "expected a class, but found %r" % type(cls),
+                    node.start_mark)
+        if newobj and isinstance(cls, type):
+            return cls.__new__(cls, *args, **kwds)
+        else:
+            return cls(*args, **kwds)
+
+    def set_python_instance_state(self, instance, state, unsafe=False):
+        if hasattr(instance, '__setstate__'):
+            instance.__setstate__(state)
+        else:
+            slotstate = {}
+            if isinstance(state, tuple) and len(state) == 2:
+                state, slotstate = state
+            if hasattr(instance, '__dict__'):
+                if not unsafe and state:
+                    for key in state.keys():
+                        self.check_state_key(key)
+                instance.__dict__.update(state)
+            elif state:
+                slotstate.update(state)
+            for key, value in slotstate.items():
+                if not unsafe:
+                    self.check_state_key(key)
+                setattr(instance, key, value)
+
+    def construct_python_object(self, suffix, node):
+        # Format:
+        #   !!python/object:module.name { ... state ... }
+        instance = self.make_python_instance(suffix, node, newobj=True)
+        yield instance
+        deep = hasattr(instance, '__setstate__')
+        state = self.construct_mapping(node, deep=deep)
+        self.set_python_instance_state(instance, state)
+
+    def construct_python_object_apply(self, suffix, node, newobj=False):
+        # Format:
+        #   !!python/object/apply       # (or !!python/object/new)
+        #   args: [ ... arguments ... ]
+        #   kwds: { ... keywords ... }
+        #   state: ... state ...
+        #   listitems: [ ... listitems ... ]
+        #   dictitems: { ... dictitems ... }
+        # or short format:
+        #   !!python/object/apply [ ... arguments ... ]
+        # The difference between !!python/object/apply and !!python/object/new
+        # is how an object is created, check make_python_instance for details.
+        if isinstance(node, SequenceNode):
+            args = self.construct_sequence(node, deep=True)
+            kwds = {}
+            state = {}
+            listitems = []
+            dictitems = {}
+        else:
+            value = self.construct_mapping(node, deep=True)
+            args = value.get('args', [])
+            kwds = value.get('kwds', {})
+            state = value.get('state', {})
+            listitems = value.get('listitems', [])
+            dictitems = value.get('dictitems', {})
+        instance = self.make_python_instance(suffix, node, args, kwds, newobj)
+        if state:
+            self.set_python_instance_state(instance, state)
+        if listitems:
+            instance.extend(listitems)
+        if dictitems:
+            for key in dictitems:
+                instance[key] = dictitems[key]
+        return instance
+
+    def construct_python_object_new(self, suffix, node):
+        return self.construct_python_object_apply(suffix, node, newobj=True)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/none',
+    FullConstructor.construct_yaml_null)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bool',
+    FullConstructor.construct_yaml_bool)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/str',
+    FullConstructor.construct_python_str)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/unicode',
+    FullConstructor.construct_python_unicode)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bytes',
+    FullConstructor.construct_python_bytes)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/int',
+    FullConstructor.construct_yaml_int)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/long',
+    FullConstructor.construct_python_long)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/float',
+    FullConstructor.construct_yaml_float)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/complex',
+    FullConstructor.construct_python_complex)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/list',
+    FullConstructor.construct_yaml_seq)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/tuple',
+    FullConstructor.construct_python_tuple)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/dict',
+    FullConstructor.construct_yaml_map)
+
+FullConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/name:',
+    FullConstructor.construct_python_name)
+
+class UnsafeConstructor(FullConstructor):
+
+    def find_python_module(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_module(name, mark, unsafe=True)
+
+    def find_python_name(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_name(name, mark, unsafe=True)
+
+    def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False):
+        return super(UnsafeConstructor, self).make_python_instance(
+            suffix, node, args, kwds, newobj, unsafe=True)
+
+    def set_python_instance_state(self, instance, state):
+        return super(UnsafeConstructor, self).set_python_instance_state(
+            instance, state, unsafe=True)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/module:',
+    UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object:',
+    UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/new:',
+    UnsafeConstructor.construct_python_object_new)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/apply:',
+    UnsafeConstructor.construct_python_object_apply)
+
+# Constructor is same as UnsafeConstructor. Need to leave this in place in case
+# people have extended it directly.
+class Constructor(UnsafeConstructor):
+    pass
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/cyaml.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/cyaml.py
new file mode 100644
index 000000000..0c2134587
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/cyaml.py
@@ -0,0 +1,101 @@
+
+__all__ = [
+    'CBaseLoader', 'CSafeLoader', 'CFullLoader', 'CUnsafeLoader', 'CLoader',
+    'CBaseDumper', 'CSafeDumper', 'CDumper'
+]
+
+from yaml._yaml import CParser, CEmitter
+
+from .constructor import *
+
+from .serializer import *
+from .representer import *
+
+from .resolver import *
+
+class CBaseLoader(CParser, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class CSafeLoader(CParser, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CFullLoader(CParser, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CUnsafeLoader(CParser, UnsafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        UnsafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CLoader(CParser, Constructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CDumper(CEmitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/dumper.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/dumper.py
new file mode 100644
index 000000000..6aadba551
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/dumper.py
@@ -0,0 +1,62 @@
+
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+
+from .emitter import *
+from .serializer import *
+from .representer import *
+from .resolver import *
+
+class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class Dumper(Emitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/emitter.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/emitter.py
new file mode 100644
index 000000000..a664d0111
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/emitter.py
@@ -0,0 +1,1137 @@
+
+# Emitter expects events obeying the following grammar:
+# stream ::= STREAM-START document* STREAM-END
+# document ::= DOCUMENT-START node DOCUMENT-END
+# node ::= SCALAR | sequence | mapping
+# sequence ::= SEQUENCE-START node* SEQUENCE-END
+# mapping ::= MAPPING-START (node node)* MAPPING-END
+
+__all__ = ['Emitter', 'EmitterError']
+
+from .error import YAMLError
+from .events import *
+
+class EmitterError(YAMLError):
+    pass
+
+class ScalarAnalysis:
+    def __init__(self, scalar, empty, multiline,
+            allow_flow_plain, allow_block_plain,
+            allow_single_quoted, allow_double_quoted,
+            allow_block):
+        self.scalar = scalar
+        self.empty = empty
+        self.multiline = multiline
+        self.allow_flow_plain = allow_flow_plain
+        self.allow_block_plain = allow_block_plain
+        self.allow_single_quoted = allow_single_quoted
+        self.allow_double_quoted = allow_double_quoted
+        self.allow_block = allow_block
+
+class Emitter:
+
+    DEFAULT_TAG_PREFIXES = {
+        '!' : '!',
+        'tag:yaml.org,2002:' : '!!',
+    }
+
+    def __init__(self, stream, canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None):
+
+        # The stream should have the methods `write` and possibly `flush`.
+        self.stream = stream
+
+        # Encoding can be overridden by STREAM-START.
+        self.encoding = None
+
+        # Emitter is a state machine with a stack of states to handle nested
+        # structures.
+        self.states = []
+        self.state = self.expect_stream_start
+
+        # Current event and the event queue.
+        self.events = []
+        self.event = None
+
+        # The current indentation level and the stack of previous indents.
+        self.indents = []
+        self.indent = None
+
+        # Flow level.
+        self.flow_level = 0
+
+        # Contexts.
+        self.root_context = False
+        self.sequence_context = False
+        self.mapping_context = False
+        self.simple_key_context = False
+
+        # Characteristics of the last emitted character:
+        #  - current position.
+        #  - is it a whitespace?
+        #  - is it an indention character
+        #    (indentation space, '-', '?', or ':')?
+        self.line = 0
+        self.column = 0
+        self.whitespace = True
+        self.indention = True
+
+        # Whether the document requires an explicit document indicator
+        self.open_ended = False
+
+        # Formatting details.
+        self.canonical = canonical
+        self.allow_unicode = allow_unicode
+        self.best_indent = 2
+        if indent and 1 < indent < 10:
+            self.best_indent = indent
+        self.best_width = 80
+        if width and width > self.best_indent*2:
+            self.best_width = width
+        self.best_line_break = '\n'
+        if line_break in ['\r', '\n', '\r\n']:
+            self.best_line_break = line_break
+
+        # Tag prefixes.
+        self.tag_prefixes = None
+
+        # Prepared anchor and tag.
+        self.prepared_anchor = None
+        self.prepared_tag = None
+
+        # Scalar analysis and style.
+        self.analysis = None
+        self.style = None
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def emit(self, event):
+        self.events.append(event)
+        while not self.need_more_events():
+            self.event = self.events.pop(0)
+            self.state()
+            self.event = None
+
+    # In some cases, we wait for a few next events before emitting.
+
+    def need_more_events(self):
+        if not self.events:
+            return True
+        event = self.events[0]
+        if isinstance(event, DocumentStartEvent):
+            return self.need_events(1)
+        elif isinstance(event, SequenceStartEvent):
+            return self.need_events(2)
+        elif isinstance(event, MappingStartEvent):
+            return self.need_events(3)
+        else:
+            return False
+
+    def need_events(self, count):
+        level = 0
+        for event in self.events[1:]:
+            if isinstance(event, (DocumentStartEvent, CollectionStartEvent)):
+                level += 1
+            elif isinstance(event, (DocumentEndEvent, CollectionEndEvent)):
+                level -= 1
+            elif isinstance(event, StreamEndEvent):
+                level = -1
+            if level < 0:
+                return False
+        return (len(self.events) < count+1)
+
+    def increase_indent(self, flow=False, indentless=False):
+        self.indents.append(self.indent)
+        if self.indent is None:
+            if flow:
+                self.indent = self.best_indent
+            else:
+                self.indent = 0
+        elif not indentless:
+            self.indent += self.best_indent
+
+    # States.
+
+    # Stream handlers.
+
+    def expect_stream_start(self):
+        if isinstance(self.event, StreamStartEvent):
+            if self.event.encoding and not hasattr(self.stream, 'encoding'):
+                self.encoding = self.event.encoding
+            self.write_stream_start()
+            self.state = self.expect_first_document_start
+        else:
+            raise EmitterError("expected StreamStartEvent, but got %s"
+                    % self.event)
+
+    def expect_nothing(self):
+        raise EmitterError("expected nothing, but got %s" % self.event)
+
+    # Document handlers.
+
+    def expect_first_document_start(self):
+        return self.expect_document_start(first=True)
+
+    def expect_document_start(self, first=False):
+        if isinstance(self.event, DocumentStartEvent):
+            if (self.event.version or self.event.tags) and self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            if self.event.version:
+                version_text = self.prepare_version(self.event.version)
+                self.write_version_directive(version_text)
+            self.tag_prefixes = self.DEFAULT_TAG_PREFIXES.copy()
+            if self.event.tags:
+                handles = sorted(self.event.tags.keys())
+                for handle in handles:
+                    prefix = self.event.tags[handle]
+                    self.tag_prefixes[prefix] = handle
+                    handle_text = self.prepare_tag_handle(handle)
+                    prefix_text = self.prepare_tag_prefix(prefix)
+                    self.write_tag_directive(handle_text, prefix_text)
+            implicit = (first and not self.event.explicit and not self.canonical
+                    and not self.event.version and not self.event.tags
+                    and not self.check_empty_document())
+            if not implicit:
+                self.write_indent()
+                self.write_indicator('---', True)
+                if self.canonical:
+                    self.write_indent()
+            self.state = self.expect_document_root
+        elif isinstance(self.event, StreamEndEvent):
+            if self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.write_stream_end()
+            self.state = self.expect_nothing
+        else:
+            raise EmitterError("expected DocumentStartEvent, but got %s"
+                    % self.event)
+
+    def expect_document_end(self):
+        if isinstance(self.event, DocumentEndEvent):
+            self.write_indent()
+            if self.event.explicit:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.flush_stream()
+            self.state = self.expect_document_start
+        else:
+            raise EmitterError("expected DocumentEndEvent, but got %s"
+                    % self.event)
+
+    def expect_document_root(self):
+        self.states.append(self.expect_document_end)
+        self.expect_node(root=True)
+
+    # Node handlers.
+
+    def expect_node(self, root=False, sequence=False, mapping=False,
+            simple_key=False):
+        self.root_context = root
+        self.sequence_context = sequence
+        self.mapping_context = mapping
+        self.simple_key_context = simple_key
+        if isinstance(self.event, AliasEvent):
+            self.expect_alias()
+        elif isinstance(self.event, (ScalarEvent, CollectionStartEvent)):
+            self.process_anchor('&')
+            self.process_tag()
+            if isinstance(self.event, ScalarEvent):
+                self.expect_scalar()
+            elif isinstance(self.event, SequenceStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_sequence():
+                    self.expect_flow_sequence()
+                else:
+                    self.expect_block_sequence()
+            elif isinstance(self.event, MappingStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_mapping():
+                    self.expect_flow_mapping()
+                else:
+                    self.expect_block_mapping()
+        else:
+            raise EmitterError("expected NodeEvent, but got %s" % self.event)
+
+    def expect_alias(self):
+        if self.event.anchor is None:
+            raise EmitterError("anchor is not specified for alias")
+        self.process_anchor('*')
+        self.state = self.states.pop()
+
+    def expect_scalar(self):
+        self.increase_indent(flow=True)
+        self.process_scalar()
+        self.indent = self.indents.pop()
+        self.state = self.states.pop()
+
+    # Flow sequence handlers.
+
+    def expect_flow_sequence(self):
+        self.write_indicator('[', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_sequence_item
+
+    def expect_first_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    def expect_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Flow mapping handlers.
+
+    def expect_flow_mapping(self):
+        self.write_indicator('{', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_mapping_key
+
+    def expect_first_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_flow_mapping_value(self):
+        if self.canonical or self.column > self.best_width:
+            self.write_indent()
+        self.write_indicator(':', True)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Block sequence handlers.
+
+    def expect_block_sequence(self):
+        indentless = (self.mapping_context and not self.indention)
+        self.increase_indent(flow=False, indentless=indentless)
+        self.state = self.expect_first_block_sequence_item
+
+    def expect_first_block_sequence_item(self):
+        return self.expect_block_sequence_item(first=True)
+
+    def expect_block_sequence_item(self, first=False):
+        if not first and isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            self.write_indicator('-', True, indention=True)
+            self.states.append(self.expect_block_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Block mapping handlers.
+
+    def expect_block_mapping(self):
+        self.increase_indent(flow=False)
+        self.state = self.expect_first_block_mapping_key
+
+    def expect_first_block_mapping_key(self):
+        return self.expect_block_mapping_key(first=True)
+
+    def expect_block_mapping_key(self, first=False):
+        if not first and isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            if self.check_simple_key():
+                self.states.append(self.expect_block_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True, indention=True)
+                self.states.append(self.expect_block_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_block_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_block_mapping_value(self):
+        self.write_indent()
+        self.write_indicator(':', True, indention=True)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Checkers.
+
+    def check_empty_sequence(self):
+        return (isinstance(self.event, SequenceStartEvent) and self.events
+                and isinstance(self.events[0], SequenceEndEvent))
+
+    def check_empty_mapping(self):
+        return (isinstance(self.event, MappingStartEvent) and self.events
+                and isinstance(self.events[0], MappingEndEvent))
+
+    def check_empty_document(self):
+        if not isinstance(self.event, DocumentStartEvent) or not self.events:
+            return False
+        event = self.events[0]
+        return (isinstance(event, ScalarEvent) and event.anchor is None
+                and event.tag is None and event.implicit and event.value == '')
+
+    def check_simple_key(self):
+        length = 0
+        if isinstance(self.event, NodeEvent) and self.event.anchor is not None:
+            if self.prepared_anchor is None:
+                self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+            length += len(self.prepared_anchor)
+        if isinstance(self.event, (ScalarEvent, CollectionStartEvent))  \
+                and self.event.tag is not None:
+            if self.prepared_tag is None:
+                self.prepared_tag = self.prepare_tag(self.event.tag)
+            length += len(self.prepared_tag)
+        if isinstance(self.event, ScalarEvent):
+            if self.analysis is None:
+                self.analysis = self.analyze_scalar(self.event.value)
+            length += len(self.analysis.scalar)
+        return (length < 128 and (isinstance(self.event, AliasEvent)
+            or (isinstance(self.event, ScalarEvent)
+                    and not self.analysis.empty and not self.analysis.multiline)
+            or self.check_empty_sequence() or self.check_empty_mapping()))
+
+    # Anchor, Tag, and Scalar processors.
+
+    def process_anchor(self, indicator):
+        if self.event.anchor is None:
+            self.prepared_anchor = None
+            return
+        if self.prepared_anchor is None:
+            self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+        if self.prepared_anchor:
+            self.write_indicator(indicator+self.prepared_anchor, True)
+        self.prepared_anchor = None
+
+    def process_tag(self):
+        tag = self.event.tag
+        if isinstance(self.event, ScalarEvent):
+            if self.style is None:
+                self.style = self.choose_scalar_style()
+            if ((not self.canonical or tag is None) and
+                ((self.style == '' and self.event.implicit[0])
+                        or (self.style != '' and self.event.implicit[1]))):
+                self.prepared_tag = None
+                return
+            if self.event.implicit[0] and tag is None:
+                tag = '!'
+                self.prepared_tag = None
+        else:
+            if (not self.canonical or tag is None) and self.event.implicit:
+                self.prepared_tag = None
+                return
+        if tag is None:
+            raise EmitterError("tag is not specified")
+        if self.prepared_tag is None:
+            self.prepared_tag = self.prepare_tag(tag)
+        if self.prepared_tag:
+            self.write_indicator(self.prepared_tag, True)
+        self.prepared_tag = None
+
+    def choose_scalar_style(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.event.style == '"' or self.canonical:
+            return '"'
+        if not self.event.style and self.event.implicit[0]:
+            if (not (self.simple_key_context and
+                    (self.analysis.empty or self.analysis.multiline))
+                and (self.flow_level and self.analysis.allow_flow_plain
+                    or (not self.flow_level and self.analysis.allow_block_plain))):
+                return ''
+        if self.event.style and self.event.style in '|>':
+            if (not self.flow_level and not self.simple_key_context
+                    and self.analysis.allow_block):
+                return self.event.style
+        if not self.event.style or self.event.style == '\'':
+            if (self.analysis.allow_single_quoted and
+                    not (self.simple_key_context and self.analysis.multiline)):
+                return '\''
+        return '"'
+
+    def process_scalar(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.style is None:
+            self.style = self.choose_scalar_style()
+        split = (not self.simple_key_context)
+        #if self.analysis.multiline and split    \
+        #        and (not self.style or self.style in '\'\"'):
+        #    self.write_indent()
+        if self.style == '"':
+            self.write_double_quoted(self.analysis.scalar, split)
+        elif self.style == '\'':
+            self.write_single_quoted(self.analysis.scalar, split)
+        elif self.style == '>':
+            self.write_folded(self.analysis.scalar)
+        elif self.style == '|':
+            self.write_literal(self.analysis.scalar)
+        else:
+            self.write_plain(self.analysis.scalar, split)
+        self.analysis = None
+        self.style = None
+
+    # Analyzers.
+
+    def prepare_version(self, version):
+        major, minor = version
+        if major != 1:
+            raise EmitterError("unsupported YAML version: %d.%d" % (major, minor))
+        return '%d.%d' % (major, minor)
+
+    def prepare_tag_handle(self, handle):
+        if not handle:
+            raise EmitterError("tag handle must not be empty")
+        if handle[0] != '!' or handle[-1] != '!':
+            raise EmitterError("tag handle must start and end with '!': %r" % handle)
+        for ch in handle[1:-1]:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the tag handle: %r"
+                        % (ch, handle))
+        return handle
+
+    def prepare_tag_prefix(self, prefix):
+        if not prefix:
+            raise EmitterError("tag prefix must not be empty")
+        chunks = []
+        start = end = 0
+        if prefix[0] == '!':
+            end = 1
+        while end < len(prefix):
+            ch = prefix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?!:@&=+$,_.~*\'()[]':
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(prefix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ord(ch))
+        if start < end:
+            chunks.append(prefix[start:end])
+        return ''.join(chunks)
+
+    def prepare_tag(self, tag):
+        if not tag:
+            raise EmitterError("tag must not be empty")
+        if tag == '!':
+            return tag
+        handle = None
+        suffix = tag
+        prefixes = sorted(self.tag_prefixes.keys())
+        for prefix in prefixes:
+            if tag.startswith(prefix)   \
+                    and (prefix == '!' or len(prefix) < len(tag)):
+                handle = self.tag_prefixes[prefix]
+                suffix = tag[len(prefix):]
+        chunks = []
+        start = end = 0
+        while end < len(suffix):
+            ch = suffix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?:@&=+$,_.~*\'()[]'   \
+                    or (ch == '!' and handle != '!'):
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(suffix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ch)
+        if start < end:
+            chunks.append(suffix[start:end])
+        suffix_text = ''.join(chunks)
+        if handle:
+            return '%s%s' % (handle, suffix_text)
+        else:
+            return '!<%s>' % suffix_text
+
+    def prepare_anchor(self, anchor):
+        if not anchor:
+            raise EmitterError("anchor must not be empty")
+        for ch in anchor:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the anchor: %r"
+                        % (ch, anchor))
+        return anchor
+
+    def analyze_scalar(self, scalar):
+
+        # Empty scalar is a special case.
+        if not scalar:
+            return ScalarAnalysis(scalar=scalar, empty=True, multiline=False,
+                    allow_flow_plain=False, allow_block_plain=True,
+                    allow_single_quoted=True, allow_double_quoted=True,
+                    allow_block=False)
+
+        # Indicators and special characters.
+        block_indicators = False
+        flow_indicators = False
+        line_breaks = False
+        special_characters = False
+
+        # Important whitespace combinations.
+        leading_space = False
+        leading_break = False
+        trailing_space = False
+        trailing_break = False
+        break_space = False
+        space_break = False
+
+        # Check document indicators.
+        if scalar.startswith('---') or scalar.startswith('...'):
+            block_indicators = True
+            flow_indicators = True
+
+        # First character or preceded by a whitespace.
+        preceded_by_whitespace = True
+
+        # Last character or followed by a whitespace.
+        followed_by_whitespace = (len(scalar) == 1 or
+                scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # The previous character is a space.
+        previous_space = False
+
+        # The previous character is a break.
+        previous_break = False
+
+        index = 0
+        while index < len(scalar):
+            ch = scalar[index]
+
+            # Check for indicators.
+            if index == 0:
+                # Leading indicators are special characters.
+                if ch in '#,[]{}&*!|>\'\"%@`':
+                    flow_indicators = True
+                    block_indicators = True
+                if ch in '?:':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '-' and followed_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+            else:
+                # Some indicators cannot appear within a scalar as well.
+                if ch in ',?[]{}':
+                    flow_indicators = True
+                if ch == ':':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '#' and preceded_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+
+            # Check for line breaks, special, and unicode characters.
+            if ch in '\n\x85\u2028\u2029':
+                line_breaks = True
+            if not (ch == '\n' or '\x20' <= ch <= '\x7E'):
+                if (ch == '\x85' or '\xA0' <= ch <= '\uD7FF'
+                        or '\uE000' <= ch <= '\uFFFD'
+                        or '\U00010000' <= ch < '\U0010ffff') and ch != '\uFEFF':
+                    unicode_characters = True
+                    if not self.allow_unicode:
+                        special_characters = True
+                else:
+                    special_characters = True
+
+            # Detect important whitespace combinations.
+            if ch == ' ':
+                if index == 0:
+                    leading_space = True
+                if index == len(scalar)-1:
+                    trailing_space = True
+                if previous_break:
+                    break_space = True
+                previous_space = True
+                previous_break = False
+            elif ch in '\n\x85\u2028\u2029':
+                if index == 0:
+                    leading_break = True
+                if index == len(scalar)-1:
+                    trailing_break = True
+                if previous_space:
+                    space_break = True
+                previous_space = False
+                previous_break = True
+            else:
+                previous_space = False
+                previous_break = False
+
+            # Prepare for the next character.
+            index += 1
+            preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
+            followed_by_whitespace = (index+1 >= len(scalar) or
+                    scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # Let's decide what styles are allowed.
+        allow_flow_plain = True
+        allow_block_plain = True
+        allow_single_quoted = True
+        allow_double_quoted = True
+        allow_block = True
+
+        # Leading and trailing whitespaces are bad for plain scalars.
+        if (leading_space or leading_break
+                or trailing_space or trailing_break):
+            allow_flow_plain = allow_block_plain = False
+
+        # We do not permit trailing spaces for block scalars.
+        if trailing_space:
+            allow_block = False
+
+        # Spaces at the beginning of a new line are only acceptable for block
+        # scalars.
+        if break_space:
+            allow_flow_plain = allow_block_plain = allow_single_quoted = False
+
+        # Spaces followed by breaks, as well as special character are only
+        # allowed for double quoted scalars.
+        if space_break or special_characters:
+            allow_flow_plain = allow_block_plain =  \
+            allow_single_quoted = allow_block = False
+
+        # Although the plain scalar writer supports breaks, we never emit
+        # multiline plain scalars.
+        if line_breaks:
+            allow_flow_plain = allow_block_plain = False
+
+        # Flow indicators are forbidden for flow plain scalars.
+        if flow_indicators:
+            allow_flow_plain = False
+
+        # Block indicators are forbidden for block plain scalars.
+        if block_indicators:
+            allow_block_plain = False
+
+        return ScalarAnalysis(scalar=scalar,
+                empty=False, multiline=line_breaks,
+                allow_flow_plain=allow_flow_plain,
+                allow_block_plain=allow_block_plain,
+                allow_single_quoted=allow_single_quoted,
+                allow_double_quoted=allow_double_quoted,
+                allow_block=allow_block)
+
+    # Writers.
+
+    def flush_stream(self):
+        if hasattr(self.stream, 'flush'):
+            self.stream.flush()
+
+    def write_stream_start(self):
+        # Write BOM if needed.
+        if self.encoding and self.encoding.startswith('utf-16'):
+            self.stream.write('\uFEFF'.encode(self.encoding))
+
+    def write_stream_end(self):
+        self.flush_stream()
+
+    def write_indicator(self, indicator, need_whitespace,
+            whitespace=False, indention=False):
+        if self.whitespace or not need_whitespace:
+            data = indicator
+        else:
+            data = ' '+indicator
+        self.whitespace = whitespace
+        self.indention = self.indention and indention
+        self.column += len(data)
+        self.open_ended = False
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_indent(self):
+        indent = self.indent or 0
+        if not self.indention or self.column > indent   \
+                or (self.column == indent and not self.whitespace):
+            self.write_line_break()
+        if self.column < indent:
+            self.whitespace = True
+            data = ' '*(indent-self.column)
+            self.column = indent
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+
+    def write_line_break(self, data=None):
+        if data is None:
+            data = self.best_line_break
+        self.whitespace = True
+        self.indention = True
+        self.line += 1
+        self.column = 0
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_version_directive(self, version_text):
+        data = '%%YAML %s' % version_text
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    def write_tag_directive(self, handle_text, prefix_text):
+        data = '%%TAG %s %s' % (handle_text, prefix_text)
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    # Scalar streams.
+
+    def write_single_quoted(self, text, split=True):
+        self.write_indicator('\'', True)
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch is None or ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split   \
+                            and start != 0 and end != len(text):
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029' or ch == '\'':
+                    if start < end:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                        start = end
+            if ch == '\'':
+                data = '\'\''
+                self.column += 2
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                start = end + 1
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+        self.write_indicator('\'', False)
+
+    ESCAPE_REPLACEMENTS = {
+        '\0':       '0',
+        '\x07':     'a',
+        '\x08':     'b',
+        '\x09':     't',
+        '\x0A':     'n',
+        '\x0B':     'v',
+        '\x0C':     'f',
+        '\x0D':     'r',
+        '\x1B':     'e',
+        '\"':       '\"',
+        '\\':       '\\',
+        '\x85':     'N',
+        '\xA0':     '_',
+        '\u2028':   'L',
+        '\u2029':   'P',
+    }
+
+    def write_double_quoted(self, text, split=True):
+        self.write_indicator('"', True)
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if ch is None or ch in '"\\\x85\u2028\u2029\uFEFF' \
+                    or not ('\x20' <= ch <= '\x7E'
+                        or (self.allow_unicode
+                            and ('\xA0' <= ch <= '\uD7FF'
+                                or '\uE000' <= ch <= '\uFFFD'))):
+                if start < end:
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+                if ch is not None:
+                    if ch in self.ESCAPE_REPLACEMENTS:
+                        data = '\\'+self.ESCAPE_REPLACEMENTS[ch]
+                    elif ch <= '\xFF':
+                        data = '\\x%02X' % ord(ch)
+                    elif ch <= '\uFFFF':
+                        data = '\\u%04X' % ord(ch)
+                    else:
+                        data = '\\U%08X' % ord(ch)
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end+1
+            if 0 < end < len(text)-1 and (ch == ' ' or start >= end)    \
+                    and self.column+(end-start) > self.best_width and split:
+                data = text[start:end]+'\\'
+                if start < end:
+                    start = end
+                self.column += len(data)
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                self.write_indent()
+                self.whitespace = False
+                self.indention = False
+                if text[start] == ' ':
+                    data = '\\'
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+            end += 1
+        self.write_indicator('"', False)
+
+    def determine_block_hints(self, text):
+        hints = ''
+        if text:
+            if text[0] in ' \n\x85\u2028\u2029':
+                hints += str(self.best_indent)
+            if text[-1] not in '\n\x85\u2028\u2029':
+                hints += '-'
+            elif len(text) == 1 or text[-2] in '\n\x85\u2028\u2029':
+                hints += '+'
+        return hints
+
+    def write_folded(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('>'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        leading_space = True
+        spaces = False
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if not leading_space and ch is not None and ch != ' '   \
+                            and text[start] == '\n':
+                        self.write_line_break()
+                    leading_space = (ch == ' ')
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            elif spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width:
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+                spaces = (ch == ' ')
+            end += 1
+
+    def write_literal(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('|'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in '\n\x85\u2028\u2029':
+                    data = text[start:end]
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+
+    def write_plain(self, text, split=True):
+        if self.root_context:
+            self.open_ended = True
+        if not text:
+            return
+        if not self.whitespace:
+            data = ' '
+            self.column += len(data)
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+        self.whitespace = False
+        self.indention = False
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split:
+                        self.write_indent()
+                        self.whitespace = False
+                        self.indention = False
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    self.whitespace = False
+                    self.indention = False
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/error.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/error.py
new file mode 100644
index 000000000..b796b4dc5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/error.py
@@ -0,0 +1,75 @@
+
+__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
+
+class Mark:
+
+    def __init__(self, name, index, line, column, buffer, pointer):
+        self.name = name
+        self.index = index
+        self.line = line
+        self.column = column
+        self.buffer = buffer
+        self.pointer = pointer
+
+    def get_snippet(self, indent=4, max_length=75):
+        if self.buffer is None:
+            return None
+        head = ''
+        start = self.pointer
+        while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
+            start -= 1
+            if self.pointer-start > max_length/2-1:
+                head = ' ... '
+                start += 5
+                break
+        tail = ''
+        end = self.pointer
+        while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
+            end += 1
+            if end-self.pointer > max_length/2-1:
+                tail = ' ... '
+                end -= 5
+                break
+        snippet = self.buffer[start:end]
+        return ' '*indent + head + snippet + tail + '\n'  \
+                + ' '*(indent+self.pointer-start+len(head)) + '^'
+
+    def __str__(self):
+        snippet = self.get_snippet()
+        where = "  in \"%s\", line %d, column %d"   \
+                % (self.name, self.line+1, self.column+1)
+        if snippet is not None:
+            where += ":\n"+snippet
+        return where
+
+class YAMLError(Exception):
+    pass
+
+class MarkedYAMLError(YAMLError):
+
+    def __init__(self, context=None, context_mark=None,
+            problem=None, problem_mark=None, note=None):
+        self.context = context
+        self.context_mark = context_mark
+        self.problem = problem
+        self.problem_mark = problem_mark
+        self.note = note
+
+    def __str__(self):
+        lines = []
+        if self.context is not None:
+            lines.append(self.context)
+        if self.context_mark is not None  \
+            and (self.problem is None or self.problem_mark is None
+                    or self.context_mark.name != self.problem_mark.name
+                    or self.context_mark.line != self.problem_mark.line
+                    or self.context_mark.column != self.problem_mark.column):
+            lines.append(str(self.context_mark))
+        if self.problem is not None:
+            lines.append(self.problem)
+        if self.problem_mark is not None:
+            lines.append(str(self.problem_mark))
+        if self.note is not None:
+            lines.append(self.note)
+        return '\n'.join(lines)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/events.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/events.py
new file mode 100644
index 000000000..f79ad389c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/events.py
@@ -0,0 +1,86 @@
+
+# Abstract classes.
+
+class Event(object):
+    def __init__(self, start_mark=None, end_mark=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in ['anchor', 'tag', 'implicit', 'value']
+                if hasattr(self, key)]
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+class NodeEvent(Event):
+    def __init__(self, anchor, start_mark=None, end_mark=None):
+        self.anchor = anchor
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class CollectionStartEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, start_mark=None, end_mark=None,
+            flow_style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class CollectionEndEvent(Event):
+    pass
+
+# Implementations.
+
+class StreamStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None, encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndEvent(Event):
+    pass
+
+class DocumentStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None, version=None, tags=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+        self.version = version
+        self.tags = tags
+
+class DocumentEndEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+
+class AliasEvent(NodeEvent):
+    pass
+
+class ScalarEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, value,
+            start_mark=None, end_mark=None, style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class SequenceStartEvent(CollectionStartEvent):
+    pass
+
+class SequenceEndEvent(CollectionEndEvent):
+    pass
+
+class MappingStartEvent(CollectionStartEvent):
+    pass
+
+class MappingEndEvent(CollectionEndEvent):
+    pass
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/loader.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/loader.py
new file mode 100644
index 000000000..e90c11224
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/loader.py
@@ -0,0 +1,63 @@
+
+__all__ = ['BaseLoader', 'FullLoader', 'SafeLoader', 'Loader', 'UnsafeLoader']
+
+from .reader import *
+from .scanner import *
+from .parser import *
+from .composer import *
+from .constructor import *
+from .resolver import *
+
+class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class FullLoader(Reader, Scanner, Parser, Composer, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+# UnsafeLoader is the same as Loader (which is and was always unsafe on
+# untrusted input). Use of either Loader or UnsafeLoader should be rare, since
+# FullLoad should be able to load almost all YAML safely. Loader is left intact
+# to ensure backwards compatibility.
+class UnsafeLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/nodes.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/nodes.py
new file mode 100644
index 000000000..c4f070c41
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/nodes.py
@@ -0,0 +1,49 @@
+
+class Node(object):
+    def __init__(self, tag, value, start_mark, end_mark):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        value = self.value
+        #if isinstance(value, list):
+        #    if len(value) == 0:
+        #        value = '<empty>'
+        #    elif len(value) == 1:
+        #        value = '<1 item>'
+        #    else:
+        #        value = '<%d items>' % len(value)
+        #else:
+        #    if len(value) > 75:
+        #        value = repr(value[:70]+u' ... ')
+        #    else:
+        #        value = repr(value)
+        value = repr(value)
+        return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
+
+class ScalarNode(Node):
+    id = 'scalar'
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class CollectionNode(Node):
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, flow_style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class SequenceNode(CollectionNode):
+    id = 'sequence'
+
+class MappingNode(CollectionNode):
+    id = 'mapping'
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/parser.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/parser.py
new file mode 100644
index 000000000..13a5995d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/parser.py
@@ -0,0 +1,589 @@
+
+# The following YAML grammar is LL(1) and is parsed by a recursive descent
+# parser.
+#
+# stream            ::= STREAM-START implicit_document? explicit_document* STREAM-END
+# implicit_document ::= block_node DOCUMENT-END*
+# explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+# block_node_or_indentless_sequence ::=
+#                       ALIAS
+#                       | properties (block_content | indentless_block_sequence)?
+#                       | block_content
+#                       | indentless_block_sequence
+# block_node        ::= ALIAS
+#                       | properties block_content?
+#                       | block_content
+# flow_node         ::= ALIAS
+#                       | properties flow_content?
+#                       | flow_content
+# properties        ::= TAG ANCHOR? | ANCHOR TAG?
+# block_content     ::= block_collection | flow_collection | SCALAR
+# flow_content      ::= flow_collection | SCALAR
+# block_collection  ::= block_sequence | block_mapping
+# flow_collection   ::= flow_sequence | flow_mapping
+# block_sequence    ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+# indentless_sequence   ::= (BLOCK-ENTRY block_node?)+
+# block_mapping     ::= BLOCK-MAPPING_START
+#                       ((KEY block_node_or_indentless_sequence?)?
+#                       (VALUE block_node_or_indentless_sequence?)?)*
+#                       BLOCK-END
+# flow_sequence     ::= FLOW-SEQUENCE-START
+#                       (flow_sequence_entry FLOW-ENTRY)*
+#                       flow_sequence_entry?
+#                       FLOW-SEQUENCE-END
+# flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+# flow_mapping      ::= FLOW-MAPPING-START
+#                       (flow_mapping_entry FLOW-ENTRY)*
+#                       flow_mapping_entry?
+#                       FLOW-MAPPING-END
+# flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+#
+# FIRST sets:
+#
+# stream: { STREAM-START }
+# explicit_document: { DIRECTIVE DOCUMENT-START }
+# implicit_document: FIRST(block_node)
+# block_node: { ALIAS TAG ANCHOR SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_node: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_content: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# flow_content: { FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# block_collection: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_sequence: { BLOCK-SEQUENCE-START }
+# block_mapping: { BLOCK-MAPPING-START }
+# block_node_or_indentless_sequence: { ALIAS ANCHOR TAG SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START BLOCK-ENTRY }
+# indentless_sequence: { ENTRY }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_sequence: { FLOW-SEQUENCE-START }
+# flow_mapping: { FLOW-MAPPING-START }
+# flow_sequence_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+# flow_mapping_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+
+__all__ = ['Parser', 'ParserError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+from .events import *
+from .scanner import *
+
+class ParserError(MarkedYAMLError):
+    pass
+
+class Parser:
+    # Since writing a recursive-descendant parser is a straightforward task, we
+    # do not give many comments here.
+
+    DEFAULT_TAGS = {
+        '!':   '!',
+        '!!':  'tag:yaml.org,2002:',
+    }
+
+    def __init__(self):
+        self.current_event = None
+        self.yaml_version = None
+        self.tag_handles = {}
+        self.states = []
+        self.marks = []
+        self.state = self.parse_stream_start
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def check_event(self, *choices):
+        # Check the type of the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        if self.current_event is not None:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.current_event, choice):
+                    return True
+        return False
+
+    def peek_event(self):
+        # Get the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        return self.current_event
+
+    def get_event(self):
+        # Get the next event and proceed further.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        value = self.current_event
+        self.current_event = None
+        return value
+
+    # stream    ::= STREAM-START implicit_document? explicit_document* STREAM-END
+    # implicit_document ::= block_node DOCUMENT-END*
+    # explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+
+    def parse_stream_start(self):
+
+        # Parse the stream start.
+        token = self.get_token()
+        event = StreamStartEvent(token.start_mark, token.end_mark,
+                encoding=token.encoding)
+
+        # Prepare the next state.
+        self.state = self.parse_implicit_document_start
+
+        return event
+
+    def parse_implicit_document_start(self):
+
+        # Parse an implicit document.
+        if not self.check_token(DirectiveToken, DocumentStartToken,
+                StreamEndToken):
+            self.tag_handles = self.DEFAULT_TAGS
+            token = self.peek_token()
+            start_mark = end_mark = token.start_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=False)
+
+            # Prepare the next state.
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_block_node
+
+            return event
+
+        else:
+            return self.parse_document_start()
+
+    def parse_document_start(self):
+
+        # Parse any extra document end indicators.
+        while self.check_token(DocumentEndToken):
+            self.get_token()
+
+        # Parse an explicit document.
+        if not self.check_token(StreamEndToken):
+            token = self.peek_token()
+            start_mark = token.start_mark
+            version, tags = self.process_directives()
+            if not self.check_token(DocumentStartToken):
+                raise ParserError(None, None,
+                        "expected '<document start>', but found %r"
+                        % self.peek_token().id,
+                        self.peek_token().start_mark)
+            token = self.get_token()
+            end_mark = token.end_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=True, version=version, tags=tags)
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_document_content
+        else:
+            # Parse the end of the stream.
+            token = self.get_token()
+            event = StreamEndEvent(token.start_mark, token.end_mark)
+            assert not self.states
+            assert not self.marks
+            self.state = None
+        return event
+
+    def parse_document_end(self):
+
+        # Parse the document end.
+        token = self.peek_token()
+        start_mark = end_mark = token.start_mark
+        explicit = False
+        if self.check_token(DocumentEndToken):
+            token = self.get_token()
+            end_mark = token.end_mark
+            explicit = True
+        event = DocumentEndEvent(start_mark, end_mark,
+                explicit=explicit)
+
+        # Prepare the next state.
+        self.state = self.parse_document_start
+
+        return event
+
+    def parse_document_content(self):
+        if self.check_token(DirectiveToken,
+                DocumentStartToken, DocumentEndToken, StreamEndToken):
+            event = self.process_empty_scalar(self.peek_token().start_mark)
+            self.state = self.states.pop()
+            return event
+        else:
+            return self.parse_block_node()
+
+    def process_directives(self):
+        self.yaml_version = None
+        self.tag_handles = {}
+        while self.check_token(DirectiveToken):
+            token = self.get_token()
+            if token.name == 'YAML':
+                if self.yaml_version is not None:
+                    raise ParserError(None, None,
+                            "found duplicate YAML directive", token.start_mark)
+                major, minor = token.value
+                if major != 1:
+                    raise ParserError(None, None,
+                            "found incompatible YAML document (version 1.* is required)",
+                            token.start_mark)
+                self.yaml_version = token.value
+            elif token.name == 'TAG':
+                handle, prefix = token.value
+                if handle in self.tag_handles:
+                    raise ParserError(None, None,
+                            "duplicate tag handle %r" % handle,
+                            token.start_mark)
+                self.tag_handles[handle] = prefix
+        if self.tag_handles:
+            value = self.yaml_version, self.tag_handles.copy()
+        else:
+            value = self.yaml_version, None
+        for key in self.DEFAULT_TAGS:
+            if key not in self.tag_handles:
+                self.tag_handles[key] = self.DEFAULT_TAGS[key]
+        return value
+
+    # block_node_or_indentless_sequence ::= ALIAS
+    #               | properties (block_content | indentless_block_sequence)?
+    #               | block_content
+    #               | indentless_block_sequence
+    # block_node    ::= ALIAS
+    #                   | properties block_content?
+    #                   | block_content
+    # flow_node     ::= ALIAS
+    #                   | properties flow_content?
+    #                   | flow_content
+    # properties    ::= TAG ANCHOR? | ANCHOR TAG?
+    # block_content     ::= block_collection | flow_collection | SCALAR
+    # flow_content      ::= flow_collection | SCALAR
+    # block_collection  ::= block_sequence | block_mapping
+    # flow_collection   ::= flow_sequence | flow_mapping
+
+    def parse_block_node(self):
+        return self.parse_node(block=True)
+
+    def parse_flow_node(self):
+        return self.parse_node()
+
+    def parse_block_node_or_indentless_sequence(self):
+        return self.parse_node(block=True, indentless_sequence=True)
+
+    def parse_node(self, block=False, indentless_sequence=False):
+        if self.check_token(AliasToken):
+            token = self.get_token()
+            event = AliasEvent(token.value, token.start_mark, token.end_mark)
+            self.state = self.states.pop()
+        else:
+            anchor = None
+            tag = None
+            start_mark = end_mark = tag_mark = None
+            if self.check_token(AnchorToken):
+                token = self.get_token()
+                start_mark = token.start_mark
+                end_mark = token.end_mark
+                anchor = token.value
+                if self.check_token(TagToken):
+                    token = self.get_token()
+                    tag_mark = token.start_mark
+                    end_mark = token.end_mark
+                    tag = token.value
+            elif self.check_token(TagToken):
+                token = self.get_token()
+                start_mark = tag_mark = token.start_mark
+                end_mark = token.end_mark
+                tag = token.value
+                if self.check_token(AnchorToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    anchor = token.value
+            if tag is not None:
+                handle, suffix = tag
+                if handle is not None:
+                    if handle not in self.tag_handles:
+                        raise ParserError("while parsing a node", start_mark,
+                                "found undefined tag handle %r" % handle,
+                                tag_mark)
+                    tag = self.tag_handles[handle]+suffix
+                else:
+                    tag = suffix
+            #if tag == '!':
+            #    raise ParserError("while parsing a node", start_mark,
+            #            "found non-specific tag '!'", tag_mark,
+            #            "Please check 'http://pyyaml.org/wiki/YAMLNonSpecificTag' and share your opinion.")
+            if start_mark is None:
+                start_mark = end_mark = self.peek_token().start_mark
+            event = None
+            implicit = (tag is None or tag == '!')
+            if indentless_sequence and self.check_token(BlockEntryToken):
+                end_mark = self.peek_token().end_mark
+                event = SequenceStartEvent(anchor, tag, implicit,
+                        start_mark, end_mark)
+                self.state = self.parse_indentless_sequence_entry
+            else:
+                if self.check_token(ScalarToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    if (token.plain and tag is None) or tag == '!':
+                        implicit = (True, False)
+                    elif tag is None:
+                        implicit = (False, True)
+                    else:
+                        implicit = (False, False)
+                    event = ScalarEvent(anchor, tag, implicit, token.value,
+                            start_mark, end_mark, style=token.style)
+                    self.state = self.states.pop()
+                elif self.check_token(FlowSequenceStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_sequence_first_entry
+                elif self.check_token(FlowMappingStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_mapping_first_key
+                elif block and self.check_token(BlockSequenceStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_sequence_first_entry
+                elif block and self.check_token(BlockMappingStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_mapping_first_key
+                elif anchor is not None or tag is not None:
+                    # Empty scalars are allowed even if a tag or an anchor is
+                    # specified.
+                    event = ScalarEvent(anchor, tag, (implicit, False), '',
+                            start_mark, end_mark)
+                    self.state = self.states.pop()
+                else:
+                    if block:
+                        node = 'block'
+                    else:
+                        node = 'flow'
+                    token = self.peek_token()
+                    raise ParserError("while parsing a %s node" % node, start_mark,
+                            "expected the node content, but found %r" % token.id,
+                            token.start_mark)
+        return event
+
+    # block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+
+    def parse_block_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_sequence_entry()
+
+    def parse_block_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken, BlockEndToken):
+                self.states.append(self.parse_block_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_block_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block collection", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    # indentless_sequence ::= (BLOCK-ENTRY block_node?)+
+
+    def parse_indentless_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken,
+                    KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_indentless_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_indentless_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        token = self.peek_token()
+        event = SequenceEndEvent(token.start_mark, token.start_mark)
+        self.state = self.states.pop()
+        return event
+
+    # block_mapping     ::= BLOCK-MAPPING_START
+    #                       ((KEY block_node_or_indentless_sequence?)?
+    #                       (VALUE block_node_or_indentless_sequence?)?)*
+    #                       BLOCK-END
+
+    def parse_block_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_mapping_key()
+
+    def parse_block_mapping_key(self):
+        if self.check_token(KeyToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_value)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_value
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block mapping", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_block_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_key)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_block_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    # flow_sequence     ::= FLOW-SEQUENCE-START
+    #                       (flow_sequence_entry FLOW-ENTRY)*
+    #                       flow_sequence_entry?
+    #                       FLOW-SEQUENCE-END
+    # flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+    #
+    # Note that while production rules for both flow_sequence_entry and
+    # flow_mapping_entry are equal, their interpretations are different.
+    # For `flow_sequence_entry`, the part `KEY flow_node? (VALUE flow_node?)?`
+    # generate an inline mapping (set syntax).
+
+    def parse_flow_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_sequence_entry(first=True)
+
+    def parse_flow_sequence_entry(self, first=False):
+        if not self.check_token(FlowSequenceEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow sequence", self.marks[-1],
+                            "expected ',' or ']', but got %r" % token.id, token.start_mark)
+            
+            if self.check_token(KeyToken):
+                token = self.peek_token()
+                event = MappingStartEvent(None, None, True,
+                        token.start_mark, token.end_mark,
+                        flow_style=True)
+                self.state = self.parse_flow_sequence_entry_mapping_key
+                return event
+            elif not self.check_token(FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_sequence_entry_mapping_key(self):
+        token = self.get_token()
+        if not self.check_token(ValueToken,
+                FlowEntryToken, FlowSequenceEndToken):
+            self.states.append(self.parse_flow_sequence_entry_mapping_value)
+            return self.parse_flow_node()
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_value
+            return self.process_empty_scalar(token.end_mark)
+
+    def parse_flow_sequence_entry_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry_mapping_end)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_sequence_entry_mapping_end
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_end
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_sequence_entry_mapping_end(self):
+        self.state = self.parse_flow_sequence_entry
+        token = self.peek_token()
+        return MappingEndEvent(token.start_mark, token.start_mark)
+
+    # flow_mapping  ::= FLOW-MAPPING-START
+    #                   (flow_mapping_entry FLOW-ENTRY)*
+    #                   flow_mapping_entry?
+    #                   FLOW-MAPPING-END
+    # flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+    def parse_flow_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_mapping_key(first=True)
+
+    def parse_flow_mapping_key(self, first=False):
+        if not self.check_token(FlowMappingEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow mapping", self.marks[-1],
+                            "expected ',' or '}', but got %r" % token.id, token.start_mark)
+            if self.check_token(KeyToken):
+                token = self.get_token()
+                if not self.check_token(ValueToken,
+                        FlowEntryToken, FlowMappingEndToken):
+                    self.states.append(self.parse_flow_mapping_value)
+                    return self.parse_flow_node()
+                else:
+                    self.state = self.parse_flow_mapping_value
+                    return self.process_empty_scalar(token.end_mark)
+            elif not self.check_token(FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_empty_value)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_key)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_mapping_empty_value(self):
+        self.state = self.parse_flow_mapping_key
+        return self.process_empty_scalar(self.peek_token().start_mark)
+
+    def process_empty_scalar(self, mark):
+        return ScalarEvent(None, None, (True, False), '', mark, mark)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/reader.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/reader.py
new file mode 100644
index 000000000..774b0219b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/reader.py
@@ -0,0 +1,185 @@
+# This module contains abstractions for the input stream. You don't have to
+# looks further, there are no pretty code.
+#
+# We define two classes here.
+#
+#   Mark(source, line, column)
+# It's just a record and its only use is producing nice error messages.
+# Parser does not use it for any other purposes.
+#
+#   Reader(source, data)
+# Reader determines the encoding of `data` and converts it to unicode.
+# Reader provides the following methods and attributes:
+#   reader.peek(length=1) - return the next `length` characters
+#   reader.forward(length=1) - move the current position to `length` characters.
+#   reader.index - the number of the current character.
+#   reader.line, stream.column - the line and the column of the current character.
+
+__all__ = ['Reader', 'ReaderError']
+
+from .error import YAMLError, Mark
+
+import codecs, re
+
+class ReaderError(YAMLError):
+
+    def __init__(self, name, position, character, encoding, reason):
+        self.name = name
+        self.character = character
+        self.position = position
+        self.encoding = encoding
+        self.reason = reason
+
+    def __str__(self):
+        if isinstance(self.character, bytes):
+            return "'%s' codec can't decode byte #x%02x: %s\n"  \
+                    "  in \"%s\", position %d"    \
+                    % (self.encoding, ord(self.character), self.reason,
+                            self.name, self.position)
+        else:
+            return "unacceptable character #x%04x: %s\n"    \
+                    "  in \"%s\", position %d"    \
+                    % (self.character, self.reason,
+                            self.name, self.position)
+
+class Reader(object):
+    # Reader:
+    # - determines the data encoding and converts it to a unicode string,
+    # - checks if characters are in allowed range,
+    # - adds '\0' to the end.
+
+    # Reader accepts
+    #  - a `bytes` object,
+    #  - a `str` object,
+    #  - a file-like object with its `read` method returning `str`,
+    #  - a file-like object with its `read` method returning `unicode`.
+
+    # Yeah, it's ugly and slow.
+
+    def __init__(self, stream):
+        self.name = None
+        self.stream = None
+        self.stream_pointer = 0
+        self.eof = True
+        self.buffer = ''
+        self.pointer = 0
+        self.raw_buffer = None
+        self.raw_decode = None
+        self.encoding = None
+        self.index = 0
+        self.line = 0
+        self.column = 0
+        if isinstance(stream, str):
+            self.name = "<unicode string>"
+            self.check_printable(stream)
+            self.buffer = stream+'\0'
+        elif isinstance(stream, bytes):
+            self.name = "<byte string>"
+            self.raw_buffer = stream
+            self.determine_encoding()
+        else:
+            self.stream = stream
+            self.name = getattr(stream, 'name', "<file>")
+            self.eof = False
+            self.raw_buffer = None
+            self.determine_encoding()
+
+    def peek(self, index=0):
+        try:
+            return self.buffer[self.pointer+index]
+        except IndexError:
+            self.update(index+1)
+            return self.buffer[self.pointer+index]
+
+    def prefix(self, length=1):
+        if self.pointer+length >= len(self.buffer):
+            self.update(length)
+        return self.buffer[self.pointer:self.pointer+length]
+
+    def forward(self, length=1):
+        if self.pointer+length+1 >= len(self.buffer):
+            self.update(length+1)
+        while length:
+            ch = self.buffer[self.pointer]
+            self.pointer += 1
+            self.index += 1
+            if ch in '\n\x85\u2028\u2029'  \
+                    or (ch == '\r' and self.buffer[self.pointer] != '\n'):
+                self.line += 1
+                self.column = 0
+            elif ch != '\uFEFF':
+                self.column += 1
+            length -= 1
+
+    def get_mark(self):
+        if self.stream is None:
+            return Mark(self.name, self.index, self.line, self.column,
+                    self.buffer, self.pointer)
+        else:
+            return Mark(self.name, self.index, self.line, self.column,
+                    None, None)
+
+    def determine_encoding(self):
+        while not self.eof and (self.raw_buffer is None or len(self.raw_buffer) < 2):
+            self.update_raw()
+        if isinstance(self.raw_buffer, bytes):
+            if self.raw_buffer.startswith(codecs.BOM_UTF16_LE):
+                self.raw_decode = codecs.utf_16_le_decode
+                self.encoding = 'utf-16-le'
+            elif self.raw_buffer.startswith(codecs.BOM_UTF16_BE):
+                self.raw_decode = codecs.utf_16_be_decode
+                self.encoding = 'utf-16-be'
+            else:
+                self.raw_decode = codecs.utf_8_decode
+                self.encoding = 'utf-8'
+        self.update(1)
+
+    NON_PRINTABLE = re.compile('[^\x09\x0A\x0D\x20-\x7E\x85\xA0-\uD7FF\uE000-\uFFFD\U00010000-\U0010ffff]')
+    def check_printable(self, data):
+        match = self.NON_PRINTABLE.search(data)
+        if match:
+            character = match.group()
+            position = self.index+(len(self.buffer)-self.pointer)+match.start()
+            raise ReaderError(self.name, position, ord(character),
+                    'unicode', "special characters are not allowed")
+
+    def update(self, length):
+        if self.raw_buffer is None:
+            return
+        self.buffer = self.buffer[self.pointer:]
+        self.pointer = 0
+        while len(self.buffer) < length:
+            if not self.eof:
+                self.update_raw()
+            if self.raw_decode is not None:
+                try:
+                    data, converted = self.raw_decode(self.raw_buffer,
+                            'strict', self.eof)
+                except UnicodeDecodeError as exc:
+                    character = self.raw_buffer[exc.start]
+                    if self.stream is not None:
+                        position = self.stream_pointer-len(self.raw_buffer)+exc.start
+                    else:
+                        position = exc.start
+                    raise ReaderError(self.name, position, character,
+                            exc.encoding, exc.reason)
+            else:
+                data = self.raw_buffer
+                converted = len(data)
+            self.check_printable(data)
+            self.buffer += data
+            self.raw_buffer = self.raw_buffer[converted:]
+            if self.eof:
+                self.buffer += '\0'
+                self.raw_buffer = None
+                break
+
+    def update_raw(self, size=4096):
+        data = self.stream.read(size)
+        if self.raw_buffer is None:
+            self.raw_buffer = data
+        else:
+            self.raw_buffer += data
+        self.stream_pointer += len(data)
+        if not data:
+            self.eof = True
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/representer.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/representer.py
new file mode 100644
index 000000000..808ca06df
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/representer.py
@@ -0,0 +1,389 @@
+
+__all__ = ['BaseRepresenter', 'SafeRepresenter', 'Representer',
+    'RepresenterError']
+
+from .error import *
+from .nodes import *
+
+import datetime, copyreg, types, base64, collections
+
+class RepresenterError(YAMLError):
+    pass
+
+class BaseRepresenter:
+
+    yaml_representers = {}
+    yaml_multi_representers = {}
+
+    def __init__(self, default_style=None, default_flow_style=False, sort_keys=True):
+        self.default_style = default_style
+        self.sort_keys = sort_keys
+        self.default_flow_style = default_flow_style
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent(self, data):
+        node = self.represent_data(data)
+        self.serialize(node)
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent_data(self, data):
+        if self.ignore_aliases(data):
+            self.alias_key = None
+        else:
+            self.alias_key = id(data)
+        if self.alias_key is not None:
+            if self.alias_key in self.represented_objects:
+                node = self.represented_objects[self.alias_key]
+                #if node is None:
+                #    raise RepresenterError("recursive objects are not allowed: %r" % data)
+                return node
+            #self.represented_objects[alias_key] = None
+            self.object_keeper.append(data)
+        data_types = type(data).__mro__
+        if data_types[0] in self.yaml_representers:
+            node = self.yaml_representers[data_types[0]](self, data)
+        else:
+            for data_type in data_types:
+                if data_type in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[data_type](self, data)
+                    break
+            else:
+                if None in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[None](self, data)
+                elif None in self.yaml_representers:
+                    node = self.yaml_representers[None](self, data)
+                else:
+                    node = ScalarNode(None, str(data))
+        #if alias_key is not None:
+        #    self.represented_objects[alias_key] = node
+        return node
+
+    @classmethod
+    def add_representer(cls, data_type, representer):
+        if not 'yaml_representers' in cls.__dict__:
+            cls.yaml_representers = cls.yaml_representers.copy()
+        cls.yaml_representers[data_type] = representer
+
+    @classmethod
+    def add_multi_representer(cls, data_type, representer):
+        if not 'yaml_multi_representers' in cls.__dict__:
+            cls.yaml_multi_representers = cls.yaml_multi_representers.copy()
+        cls.yaml_multi_representers[data_type] = representer
+
+    def represent_scalar(self, tag, value, style=None):
+        if style is None:
+            style = self.default_style
+        node = ScalarNode(tag, value, style=style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        return node
+
+    def represent_sequence(self, tag, sequence, flow_style=None):
+        value = []
+        node = SequenceNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        for item in sequence:
+            node_item = self.represent_data(item)
+            if not (isinstance(node_item, ScalarNode) and not node_item.style):
+                best_style = False
+            value.append(node_item)
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def represent_mapping(self, tag, mapping, flow_style=None):
+        value = []
+        node = MappingNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        if hasattr(mapping, 'items'):
+            mapping = list(mapping.items())
+            if self.sort_keys:
+                try:
+                    mapping = sorted(mapping)
+                except TypeError:
+                    pass
+        for item_key, item_value in mapping:
+            node_key = self.represent_data(item_key)
+            node_value = self.represent_data(item_value)
+            if not (isinstance(node_key, ScalarNode) and not node_key.style):
+                best_style = False
+            if not (isinstance(node_value, ScalarNode) and not node_value.style):
+                best_style = False
+            value.append((node_key, node_value))
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def ignore_aliases(self, data):
+        return False
+
+class SafeRepresenter(BaseRepresenter):
+
+    def ignore_aliases(self, data):
+        if data is None:
+            return True
+        if isinstance(data, tuple) and data == ():
+            return True
+        if isinstance(data, (str, bytes, bool, int, float)):
+            return True
+
+    def represent_none(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:null', 'null')
+
+    def represent_str(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:str', data)
+
+    def represent_binary(self, data):
+        if hasattr(base64, 'encodebytes'):
+            data = base64.encodebytes(data).decode('ascii')
+        else:
+            data = base64.encodestring(data).decode('ascii')
+        return self.represent_scalar('tag:yaml.org,2002:binary', data, style='|')
+
+    def represent_bool(self, data):
+        if data:
+            value = 'true'
+        else:
+            value = 'false'
+        return self.represent_scalar('tag:yaml.org,2002:bool', value)
+
+    def represent_int(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:int', str(data))
+
+    inf_value = 1e300
+    while repr(inf_value) != repr(inf_value*inf_value):
+        inf_value *= inf_value
+
+    def represent_float(self, data):
+        if data != data or (data == 0.0 and data == 1.0):
+            value = '.nan'
+        elif data == self.inf_value:
+            value = '.inf'
+        elif data == -self.inf_value:
+            value = '-.inf'
+        else:
+            value = repr(data).lower()
+            # Note that in some cases `repr(data)` represents a float number
+            # without the decimal parts.  For instance:
+            #   >>> repr(1e17)
+            #   '1e17'
+            # Unfortunately, this is not a valid float representation according
+            # to the definition of the `!!float` tag.  We fix this by adding
+            # '.0' before the 'e' symbol.
+            if '.' not in value and 'e' in value:
+                value = value.replace('e', '.0e', 1)
+        return self.represent_scalar('tag:yaml.org,2002:float', value)
+
+    def represent_list(self, data):
+        #pairs = (len(data) > 0 and isinstance(data, list))
+        #if pairs:
+        #    for item in data:
+        #        if not isinstance(item, tuple) or len(item) != 2:
+        #            pairs = False
+        #            break
+        #if not pairs:
+            return self.represent_sequence('tag:yaml.org,2002:seq', data)
+        #value = []
+        #for item_key, item_value in data:
+        #    value.append(self.represent_mapping(u'tag:yaml.org,2002:map',
+        #        [(item_key, item_value)]))
+        #return SequenceNode(u'tag:yaml.org,2002:pairs', value)
+
+    def represent_dict(self, data):
+        return self.represent_mapping('tag:yaml.org,2002:map', data)
+
+    def represent_set(self, data):
+        value = {}
+        for key in data:
+            value[key] = None
+        return self.represent_mapping('tag:yaml.org,2002:set', value)
+
+    def represent_date(self, data):
+        value = data.isoformat()
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_datetime(self, data):
+        value = data.isoformat(' ')
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_yaml_object(self, tag, data, cls, flow_style=None):
+        if hasattr(data, '__getstate__'):
+            state = data.__getstate__()
+        else:
+            state = data.__dict__.copy()
+        return self.represent_mapping(tag, state, flow_style=flow_style)
+
+    def represent_undefined(self, data):
+        raise RepresenterError("cannot represent an object", data)
+
+SafeRepresenter.add_representer(type(None),
+        SafeRepresenter.represent_none)
+
+SafeRepresenter.add_representer(str,
+        SafeRepresenter.represent_str)
+
+SafeRepresenter.add_representer(bytes,
+        SafeRepresenter.represent_binary)
+
+SafeRepresenter.add_representer(bool,
+        SafeRepresenter.represent_bool)
+
+SafeRepresenter.add_representer(int,
+        SafeRepresenter.represent_int)
+
+SafeRepresenter.add_representer(float,
+        SafeRepresenter.represent_float)
+
+SafeRepresenter.add_representer(list,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(tuple,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(dict,
+        SafeRepresenter.represent_dict)
+
+SafeRepresenter.add_representer(set,
+        SafeRepresenter.represent_set)
+
+SafeRepresenter.add_representer(datetime.date,
+        SafeRepresenter.represent_date)
+
+SafeRepresenter.add_representer(datetime.datetime,
+        SafeRepresenter.represent_datetime)
+
+SafeRepresenter.add_representer(None,
+        SafeRepresenter.represent_undefined)
+
+class Representer(SafeRepresenter):
+
+    def represent_complex(self, data):
+        if data.imag == 0.0:
+            data = '%r' % data.real
+        elif data.real == 0.0:
+            data = '%rj' % data.imag
+        elif data.imag > 0:
+            data = '%r+%rj' % (data.real, data.imag)
+        else:
+            data = '%r%rj' % (data.real, data.imag)
+        return self.represent_scalar('tag:yaml.org,2002:python/complex', data)
+
+    def represent_tuple(self, data):
+        return self.represent_sequence('tag:yaml.org,2002:python/tuple', data)
+
+    def represent_name(self, data):
+        name = '%s.%s' % (data.__module__, data.__name__)
+        return self.represent_scalar('tag:yaml.org,2002:python/name:'+name, '')
+
+    def represent_module(self, data):
+        return self.represent_scalar(
+                'tag:yaml.org,2002:python/module:'+data.__name__, '')
+
+    def represent_object(self, data):
+        # We use __reduce__ API to save the data. data.__reduce__ returns
+        # a tuple of length 2-5:
+        #   (function, args, state, listitems, dictitems)
+
+        # For reconstructing, we calls function(*args), then set its state,
+        # listitems, and dictitems if they are not None.
+
+        # A special case is when function.__name__ == '__newobj__'. In this
+        # case we create the object with args[0].__new__(*args).
+
+        # Another special case is when __reduce__ returns a string - we don't
+        # support it.
+
+        # We produce a !!python/object, !!python/object/new or
+        # !!python/object/apply node.
+
+        cls = type(data)
+        if cls in copyreg.dispatch_table:
+            reduce = copyreg.dispatch_table[cls](data)
+        elif hasattr(data, '__reduce_ex__'):
+            reduce = data.__reduce_ex__(2)
+        elif hasattr(data, '__reduce__'):
+            reduce = data.__reduce__()
+        else:
+            raise RepresenterError("cannot represent an object", data)
+        reduce = (list(reduce)+[None]*5)[:5]
+        function, args, state, listitems, dictitems = reduce
+        args = list(args)
+        if state is None:
+            state = {}
+        if listitems is not None:
+            listitems = list(listitems)
+        if dictitems is not None:
+            dictitems = dict(dictitems)
+        if function.__name__ == '__newobj__':
+            function = args[0]
+            args = args[1:]
+            tag = 'tag:yaml.org,2002:python/object/new:'
+            newobj = True
+        else:
+            tag = 'tag:yaml.org,2002:python/object/apply:'
+            newobj = False
+        function_name = '%s.%s' % (function.__module__, function.__name__)
+        if not args and not listitems and not dictitems \
+                and isinstance(state, dict) and newobj:
+            return self.represent_mapping(
+                    'tag:yaml.org,2002:python/object:'+function_name, state)
+        if not listitems and not dictitems  \
+                and isinstance(state, dict) and not state:
+            return self.represent_sequence(tag+function_name, args)
+        value = {}
+        if args:
+            value['args'] = args
+        if state or not isinstance(state, dict):
+            value['state'] = state
+        if listitems:
+            value['listitems'] = listitems
+        if dictitems:
+            value['dictitems'] = dictitems
+        return self.represent_mapping(tag+function_name, value)
+
+    def represent_ordered_dict(self, data):
+        # Provide uniform representation across different Python versions.
+        data_type = type(data)
+        tag = 'tag:yaml.org,2002:python/object/apply:%s.%s' \
+                % (data_type.__module__, data_type.__name__)
+        items = [[key, value] for key, value in data.items()]
+        return self.represent_sequence(tag, [items])
+
+Representer.add_representer(complex,
+        Representer.represent_complex)
+
+Representer.add_representer(tuple,
+        Representer.represent_tuple)
+
+Representer.add_multi_representer(type,
+        Representer.represent_name)
+
+Representer.add_representer(collections.OrderedDict,
+        Representer.represent_ordered_dict)
+
+Representer.add_representer(types.FunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.BuiltinFunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.ModuleType,
+        Representer.represent_module)
+
+Representer.add_multi_representer(object,
+        Representer.represent_object)
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/resolver.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/resolver.py
new file mode 100644
index 000000000..3522bdaaf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/resolver.py
@@ -0,0 +1,227 @@
+
+__all__ = ['BaseResolver', 'Resolver']
+
+from .error import *
+from .nodes import *
+
+import re
+
+class ResolverError(YAMLError):
+    pass
+
+class BaseResolver:
+
+    DEFAULT_SCALAR_TAG = 'tag:yaml.org,2002:str'
+    DEFAULT_SEQUENCE_TAG = 'tag:yaml.org,2002:seq'
+    DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map'
+
+    yaml_implicit_resolvers = {}
+    yaml_path_resolvers = {}
+
+    def __init__(self):
+        self.resolver_exact_paths = []
+        self.resolver_prefix_paths = []
+
+    @classmethod
+    def add_implicit_resolver(cls, tag, regexp, first):
+        if not 'yaml_implicit_resolvers' in cls.__dict__:
+            implicit_resolvers = {}
+            for key in cls.yaml_implicit_resolvers:
+                implicit_resolvers[key] = cls.yaml_implicit_resolvers[key][:]
+            cls.yaml_implicit_resolvers = implicit_resolvers
+        if first is None:
+            first = [None]
+        for ch in first:
+            cls.yaml_implicit_resolvers.setdefault(ch, []).append((tag, regexp))
+
+    @classmethod
+    def add_path_resolver(cls, tag, path, kind=None):
+        # Note: `add_path_resolver` is experimental.  The API could be changed.
+        # `new_path` is a pattern that is matched against the path from the
+        # root to the node that is being considered.  `node_path` elements are
+        # tuples `(node_check, index_check)`.  `node_check` is a node class:
+        # `ScalarNode`, `SequenceNode`, `MappingNode` or `None`.  `None`
+        # matches any kind of a node.  `index_check` could be `None`, a boolean
+        # value, a string value, or a number.  `None` and `False` match against
+        # any _value_ of sequence and mapping nodes.  `True` matches against
+        # any _key_ of a mapping node.  A string `index_check` matches against
+        # a mapping value that corresponds to a scalar key which content is
+        # equal to the `index_check` value.  An integer `index_check` matches
+        # against a sequence value with the index equal to `index_check`.
+        if not 'yaml_path_resolvers' in cls.__dict__:
+            cls.yaml_path_resolvers = cls.yaml_path_resolvers.copy()
+        new_path = []
+        for element in path:
+            if isinstance(element, (list, tuple)):
+                if len(element) == 2:
+                    node_check, index_check = element
+                elif len(element) == 1:
+                    node_check = element[0]
+                    index_check = True
+                else:
+                    raise ResolverError("Invalid path element: %s" % element)
+            else:
+                node_check = None
+                index_check = element
+            if node_check is str:
+                node_check = ScalarNode
+            elif node_check is list:
+                node_check = SequenceNode
+            elif node_check is dict:
+                node_check = MappingNode
+            elif node_check not in [ScalarNode, SequenceNode, MappingNode]  \
+                    and not isinstance(node_check, str) \
+                    and node_check is not None:
+                raise ResolverError("Invalid node checker: %s" % node_check)
+            if not isinstance(index_check, (str, int))  \
+                    and index_check is not None:
+                raise ResolverError("Invalid index checker: %s" % index_check)
+            new_path.append((node_check, index_check))
+        if kind is str:
+            kind = ScalarNode
+        elif kind is list:
+            kind = SequenceNode
+        elif kind is dict:
+            kind = MappingNode
+        elif kind not in [ScalarNode, SequenceNode, MappingNode]    \
+                and kind is not None:
+            raise ResolverError("Invalid node kind: %s" % kind)
+        cls.yaml_path_resolvers[tuple(new_path), kind] = tag
+
+    def descend_resolver(self, current_node, current_index):
+        if not self.yaml_path_resolvers:
+            return
+        exact_paths = {}
+        prefix_paths = []
+        if current_node:
+            depth = len(self.resolver_prefix_paths)
+            for path, kind in self.resolver_prefix_paths[-1]:
+                if self.check_resolver_prefix(depth, path, kind,
+                        current_node, current_index):
+                    if len(path) > depth:
+                        prefix_paths.append((path, kind))
+                    else:
+                        exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+        else:
+            for path, kind in self.yaml_path_resolvers:
+                if not path:
+                    exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+                else:
+                    prefix_paths.append((path, kind))
+        self.resolver_exact_paths.append(exact_paths)
+        self.resolver_prefix_paths.append(prefix_paths)
+
+    def ascend_resolver(self):
+        if not self.yaml_path_resolvers:
+            return
+        self.resolver_exact_paths.pop()
+        self.resolver_prefix_paths.pop()
+
+    def check_resolver_prefix(self, depth, path, kind,
+            current_node, current_index):
+        node_check, index_check = path[depth-1]
+        if isinstance(node_check, str):
+            if current_node.tag != node_check:
+                return
+        elif node_check is not None:
+            if not isinstance(current_node, node_check):
+                return
+        if index_check is True and current_index is not None:
+            return
+        if (index_check is False or index_check is None)    \
+                and current_index is None:
+            return
+        if isinstance(index_check, str):
+            if not (isinstance(current_index, ScalarNode)
+                    and index_check == current_index.value):
+                return
+        elif isinstance(index_check, int) and not isinstance(index_check, bool):
+            if index_check != current_index:
+                return
+        return True
+
+    def resolve(self, kind, value, implicit):
+        if kind is ScalarNode and implicit[0]:
+            if value == '':
+                resolvers = self.yaml_implicit_resolvers.get('', [])
+            else:
+                resolvers = self.yaml_implicit_resolvers.get(value[0], [])
+            wildcard_resolvers = self.yaml_implicit_resolvers.get(None, [])
+            for tag, regexp in resolvers + wildcard_resolvers:
+                if regexp.match(value):
+                    return tag
+            implicit = implicit[1]
+        if self.yaml_path_resolvers:
+            exact_paths = self.resolver_exact_paths[-1]
+            if kind in exact_paths:
+                return exact_paths[kind]
+            if None in exact_paths:
+                return exact_paths[None]
+        if kind is ScalarNode:
+            return self.DEFAULT_SCALAR_TAG
+        elif kind is SequenceNode:
+            return self.DEFAULT_SEQUENCE_TAG
+        elif kind is MappingNode:
+            return self.DEFAULT_MAPPING_TAG
+
+class Resolver(BaseResolver):
+    pass
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:bool',
+        re.compile(r'''^(?:yes|Yes|YES|no|No|NO
+                    |true|True|TRUE|false|False|FALSE
+                    |on|On|ON|off|Off|OFF)$''', re.X),
+        list('yYnNtTfFoO'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:float',
+        re.compile(r'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
+                    |\.[0-9][0-9_]*(?:[eE][-+][0-9]+)?
+                    |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\.[0-9_]*
+                    |[-+]?\.(?:inf|Inf|INF)
+                    |\.(?:nan|NaN|NAN))$''', re.X),
+        list('-+0123456789.'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:int',
+        re.compile(r'''^(?:[-+]?0b[0-1_]+
+                    |[-+]?0[0-7_]+
+                    |[-+]?(?:0|[1-9][0-9_]*)
+                    |[-+]?0x[0-9a-fA-F_]+
+                    |[-+]?[1-9][0-9_]*(?::[0-5]?[0-9])+)$''', re.X),
+        list('-+0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:merge',
+        re.compile(r'^(?:<<)$'),
+        ['<'])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:null',
+        re.compile(r'''^(?: ~
+                    |null|Null|NULL
+                    | )$''', re.X),
+        ['~', 'n', 'N', ''])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:timestamp',
+        re.compile(r'''^(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]
+                    |[0-9][0-9][0-9][0-9] -[0-9][0-9]? -[0-9][0-9]?
+                     (?:[Tt]|[ \t]+)[0-9][0-9]?
+                     :[0-9][0-9] :[0-9][0-9] (?:\.[0-9]*)?
+                     (?:[ \t]*(?:Z|[-+][0-9][0-9]?(?::[0-9][0-9])?))?)$''', re.X),
+        list('0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:value',
+        re.compile(r'^(?:=)$'),
+        ['='])
+
+# The following resolver is only for documentation purposes. It cannot work
+# because plain scalars cannot start with '!', '&', or '*'.
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:yaml',
+        re.compile(r'^(?:!|&|\*)$'),
+        list('!&*'))
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/scanner.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/scanner.py
new file mode 100644
index 000000000..de925b07f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/scanner.py
@@ -0,0 +1,1435 @@
+
+# Scanner produces tokens of the following types:
+# STREAM-START
+# STREAM-END
+# DIRECTIVE(name, value)
+# DOCUMENT-START
+# DOCUMENT-END
+# BLOCK-SEQUENCE-START
+# BLOCK-MAPPING-START
+# BLOCK-END
+# FLOW-SEQUENCE-START
+# FLOW-MAPPING-START
+# FLOW-SEQUENCE-END
+# FLOW-MAPPING-END
+# BLOCK-ENTRY
+# FLOW-ENTRY
+# KEY
+# VALUE
+# ALIAS(value)
+# ANCHOR(value)
+# TAG(value)
+# SCALAR(value, plain, style)
+#
+# Read comments in the Scanner code for more details.
+#
+
+__all__ = ['Scanner', 'ScannerError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+
+class ScannerError(MarkedYAMLError):
+    pass
+
+class SimpleKey:
+    # See below simple keys treatment.
+
+    def __init__(self, token_number, required, index, line, column, mark):
+        self.token_number = token_number
+        self.required = required
+        self.index = index
+        self.line = line
+        self.column = column
+        self.mark = mark
+
+class Scanner:
+
+    def __init__(self):
+        """Initialize the scanner."""
+        # It is assumed that Scanner and Reader will have a common descendant.
+        # Reader do the dirty work of checking for BOM and converting the
+        # input data to Unicode. It also adds NUL to the end.
+        #
+        # Reader supports the following methods
+        #   self.peek(i=0)       # peek the next i-th character
+        #   self.prefix(l=1)     # peek the next l characters
+        #   self.forward(l=1)    # read the next l characters and move the pointer.
+
+        # Had we reached the end of the stream?
+        self.done = False
+
+        # The number of unclosed '{' and '['. `flow_level == 0` means block
+        # context.
+        self.flow_level = 0
+
+        # List of processed tokens that are not yet emitted.
+        self.tokens = []
+
+        # Add the STREAM-START token.
+        self.fetch_stream_start()
+
+        # Number of tokens that were emitted through the `get_token` method.
+        self.tokens_taken = 0
+
+        # The current indentation level.
+        self.indent = -1
+
+        # Past indentation levels.
+        self.indents = []
+
+        # Variables related to simple keys treatment.
+
+        # A simple key is a key that is not denoted by the '?' indicator.
+        # Example of simple keys:
+        #   ---
+        #   block simple key: value
+        #   ? not a simple key:
+        #   : { flow simple key: value }
+        # We emit the KEY token before all keys, so when we find a potential
+        # simple key, we try to locate the corresponding ':' indicator.
+        # Simple keys should be limited to a single line and 1024 characters.
+
+        # Can a simple key start at the current position? A simple key may
+        # start:
+        # - at the beginning of the line, not counting indentation spaces
+        #       (in block context),
+        # - after '{', '[', ',' (in the flow context),
+        # - after '?', ':', '-' (in the block context).
+        # In the block context, this flag also signifies if a block collection
+        # may start at the current position.
+        self.allow_simple_key = True
+
+        # Keep track of possible simple keys. This is a dictionary. The key
+        # is `flow_level`; there can be no more that one possible simple key
+        # for each level. The value is a SimpleKey record:
+        #   (token_number, required, index, line, column, mark)
+        # A simple key may start with ALIAS, ANCHOR, TAG, SCALAR(flow),
+        # '[', or '{' tokens.
+        self.possible_simple_keys = {}
+
+    # Public methods.
+
+    def check_token(self, *choices):
+        # Check if the next token is one of the given types.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.tokens[0], choice):
+                    return True
+        return False
+
+    def peek_token(self):
+        # Return the next token, but do not delete if from the queue.
+        # Return None if no more tokens.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            return self.tokens[0]
+        else:
+            return None
+
+    def get_token(self):
+        # Return the next token.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            self.tokens_taken += 1
+            return self.tokens.pop(0)
+
+    # Private methods.
+
+    def need_more_tokens(self):
+        if self.done:
+            return False
+        if not self.tokens:
+            return True
+        # The current token may be a potential simple key, so we
+        # need to look further.
+        self.stale_possible_simple_keys()
+        if self.next_possible_simple_key() == self.tokens_taken:
+            return True
+
+    def fetch_more_tokens(self):
+
+        # Eat whitespaces and comments until we reach the next token.
+        self.scan_to_next_token()
+
+        # Remove obsolete possible simple keys.
+        self.stale_possible_simple_keys()
+
+        # Compare the current indentation and column. It may add some tokens
+        # and decrease the current indentation level.
+        self.unwind_indent(self.column)
+
+        # Peek the next character.
+        ch = self.peek()
+
+        # Is it the end of stream?
+        if ch == '\0':
+            return self.fetch_stream_end()
+
+        # Is it a directive?
+        if ch == '%' and self.check_directive():
+            return self.fetch_directive()
+
+        # Is it the document start?
+        if ch == '-' and self.check_document_start():
+            return self.fetch_document_start()
+
+        # Is it the document end?
+        if ch == '.' and self.check_document_end():
+            return self.fetch_document_end()
+
+        # TODO: support for BOM within a stream.
+        #if ch == '\uFEFF':
+        #    return self.fetch_bom()    <-- issue BOMToken
+
+        # Note: the order of the following checks is NOT significant.
+
+        # Is it the flow sequence start indicator?
+        if ch == '[':
+            return self.fetch_flow_sequence_start()
+
+        # Is it the flow mapping start indicator?
+        if ch == '{':
+            return self.fetch_flow_mapping_start()
+
+        # Is it the flow sequence end indicator?
+        if ch == ']':
+            return self.fetch_flow_sequence_end()
+
+        # Is it the flow mapping end indicator?
+        if ch == '}':
+            return self.fetch_flow_mapping_end()
+
+        # Is it the flow entry indicator?
+        if ch == ',':
+            return self.fetch_flow_entry()
+
+        # Is it the block entry indicator?
+        if ch == '-' and self.check_block_entry():
+            return self.fetch_block_entry()
+
+        # Is it the key indicator?
+        if ch == '?' and self.check_key():
+            return self.fetch_key()
+
+        # Is it the value indicator?
+        if ch == ':' and self.check_value():
+            return self.fetch_value()
+
+        # Is it an alias?
+        if ch == '*':
+            return self.fetch_alias()
+
+        # Is it an anchor?
+        if ch == '&':
+            return self.fetch_anchor()
+
+        # Is it a tag?
+        if ch == '!':
+            return self.fetch_tag()
+
+        # Is it a literal scalar?
+        if ch == '|' and not self.flow_level:
+            return self.fetch_literal()
+
+        # Is it a folded scalar?
+        if ch == '>' and not self.flow_level:
+            return self.fetch_folded()
+
+        # Is it a single quoted scalar?
+        if ch == '\'':
+            return self.fetch_single()
+
+        # Is it a double quoted scalar?
+        if ch == '\"':
+            return self.fetch_double()
+
+        # It must be a plain scalar then.
+        if self.check_plain():
+            return self.fetch_plain()
+
+        # No? It's an error. Let's produce a nice error message.
+        raise ScannerError("while scanning for the next token", None,
+                "found character %r that cannot start any token" % ch,
+                self.get_mark())
+
+    # Simple keys treatment.
+
+    def next_possible_simple_key(self):
+        # Return the number of the nearest possible simple key. Actually we
+        # don't need to loop through the whole dictionary. We may replace it
+        # with the following code:
+        #   if not self.possible_simple_keys:
+        #       return None
+        #   return self.possible_simple_keys[
+        #           min(self.possible_simple_keys.keys())].token_number
+        min_token_number = None
+        for level in self.possible_simple_keys:
+            key = self.possible_simple_keys[level]
+            if min_token_number is None or key.token_number < min_token_number:
+                min_token_number = key.token_number
+        return min_token_number
+
+    def stale_possible_simple_keys(self):
+        # Remove entries that are no longer possible simple keys. According to
+        # the YAML specification, simple keys
+        # - should be limited to a single line,
+        # - should be no longer than 1024 characters.
+        # Disabling this procedure will allow simple keys of any length and
+        # height (may cause problems if indentation is broken though).
+        for level in list(self.possible_simple_keys):
+            key = self.possible_simple_keys[level]
+            if key.line != self.line  \
+                    or self.index-key.index > 1024:
+                if key.required:
+                    raise ScannerError("while scanning a simple key", key.mark,
+                            "could not find expected ':'", self.get_mark())
+                del self.possible_simple_keys[level]
+
+    def save_possible_simple_key(self):
+        # The next token may start a simple key. We check if it's possible
+        # and save its position. This function is called for
+        #   ALIAS, ANCHOR, TAG, SCALAR(flow), '[', and '{'.
+
+        # Check if a simple key is required at the current position.
+        required = not self.flow_level and self.indent == self.column
+
+        # The next token might be a simple key. Let's save it's number and
+        # position.
+        if self.allow_simple_key:
+            self.remove_possible_simple_key()
+            token_number = self.tokens_taken+len(self.tokens)
+            key = SimpleKey(token_number, required,
+                    self.index, self.line, self.column, self.get_mark())
+            self.possible_simple_keys[self.flow_level] = key
+
+    def remove_possible_simple_key(self):
+        # Remove the saved possible key position at the current flow level.
+        if self.flow_level in self.possible_simple_keys:
+            key = self.possible_simple_keys[self.flow_level]
+            
+            if key.required:
+                raise ScannerError("while scanning a simple key", key.mark,
+                        "could not find expected ':'", self.get_mark())
+
+            del self.possible_simple_keys[self.flow_level]
+
+    # Indentation functions.
+
+    def unwind_indent(self, column):
+
+        ## In flow context, tokens should respect indentation.
+        ## Actually the condition should be `self.indent >= column` according to
+        ## the spec. But this condition will prohibit intuitively correct
+        ## constructions such as
+        ## key : {
+        ## }
+        #if self.flow_level and self.indent > column:
+        #    raise ScannerError(None, None,
+        #            "invalid indentation or unclosed '[' or '{'",
+        #            self.get_mark())
+
+        # In the flow context, indentation is ignored. We make the scanner less
+        # restrictive then specification requires.
+        if self.flow_level:
+            return
+
+        # In block context, we may need to issue the BLOCK-END tokens.
+        while self.indent > column:
+            mark = self.get_mark()
+            self.indent = self.indents.pop()
+            self.tokens.append(BlockEndToken(mark, mark))
+
+    def add_indent(self, column):
+        # Check if we need to increase indentation.
+        if self.indent < column:
+            self.indents.append(self.indent)
+            self.indent = column
+            return True
+        return False
+
+    # Fetchers.
+
+    def fetch_stream_start(self):
+        # We always add STREAM-START as the first token and STREAM-END as the
+        # last token.
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-START.
+        self.tokens.append(StreamStartToken(mark, mark,
+            encoding=self.encoding))
+        
+
+    def fetch_stream_end(self):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+        self.possible_simple_keys = {}
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-END.
+        self.tokens.append(StreamEndToken(mark, mark))
+
+        # The steam is finished.
+        self.done = True
+
+    def fetch_directive(self):
+        
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Scan and add DIRECTIVE.
+        self.tokens.append(self.scan_directive())
+
+    def fetch_document_start(self):
+        self.fetch_document_indicator(DocumentStartToken)
+
+    def fetch_document_end(self):
+        self.fetch_document_indicator(DocumentEndToken)
+
+    def fetch_document_indicator(self, TokenClass):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys. Note that there could not be a block collection
+        # after '---'.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Add DOCUMENT-START or DOCUMENT-END.
+        start_mark = self.get_mark()
+        self.forward(3)
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_start(self):
+        self.fetch_flow_collection_start(FlowSequenceStartToken)
+
+    def fetch_flow_mapping_start(self):
+        self.fetch_flow_collection_start(FlowMappingStartToken)
+
+    def fetch_flow_collection_start(self, TokenClass):
+
+        # '[' and '{' may start a simple key.
+        self.save_possible_simple_key()
+
+        # Increase the flow level.
+        self.flow_level += 1
+
+        # Simple keys are allowed after '[' and '{'.
+        self.allow_simple_key = True
+
+        # Add FLOW-SEQUENCE-START or FLOW-MAPPING-START.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_end(self):
+        self.fetch_flow_collection_end(FlowSequenceEndToken)
+
+    def fetch_flow_mapping_end(self):
+        self.fetch_flow_collection_end(FlowMappingEndToken)
+
+    def fetch_flow_collection_end(self, TokenClass):
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Decrease the flow level.
+        self.flow_level -= 1
+
+        # No simple keys after ']' or '}'.
+        self.allow_simple_key = False
+
+        # Add FLOW-SEQUENCE-END or FLOW-MAPPING-END.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_entry(self):
+
+        # Simple keys are allowed after ','.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add FLOW-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(FlowEntryToken(start_mark, end_mark))
+
+    def fetch_block_entry(self):
+
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a new entry?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "sequence entries are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-SEQUENCE-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockSequenceStartToken(mark, mark))
+
+        # It's an error for the block entry to occur in the flow context,
+        # but we let the parser detect this.
+        else:
+            pass
+
+        # Simple keys are allowed after '-'.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add BLOCK-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(BlockEntryToken(start_mark, end_mark))
+
+    def fetch_key(self):
+        
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a key (not necessary a simple)?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "mapping keys are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-MAPPING-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockMappingStartToken(mark, mark))
+
+        # Simple keys are allowed after '?' in the block context.
+        self.allow_simple_key = not self.flow_level
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add KEY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(KeyToken(start_mark, end_mark))
+
+    def fetch_value(self):
+
+        # Do we determine a simple key?
+        if self.flow_level in self.possible_simple_keys:
+
+            # Add KEY.
+            key = self.possible_simple_keys[self.flow_level]
+            del self.possible_simple_keys[self.flow_level]
+            self.tokens.insert(key.token_number-self.tokens_taken,
+                    KeyToken(key.mark, key.mark))
+
+            # If this key starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.
+            if not self.flow_level:
+                if self.add_indent(key.column):
+                    self.tokens.insert(key.token_number-self.tokens_taken,
+                            BlockMappingStartToken(key.mark, key.mark))
+
+            # There cannot be two simple keys one after another.
+            self.allow_simple_key = False
+
+        # It must be a part of a complex key.
+        else:
+            
+            # Block context needs additional checks.
+            # (Do we really need them? They will be caught by the parser
+            # anyway.)
+            if not self.flow_level:
+
+                # We are allowed to start a complex value if and only if
+                # we can start a simple key.
+                if not self.allow_simple_key:
+                    raise ScannerError(None, None,
+                            "mapping values are not allowed here",
+                            self.get_mark())
+
+            # If this value starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.  It will be detected as an error later by
+            # the parser.
+            if not self.flow_level:
+                if self.add_indent(self.column):
+                    mark = self.get_mark()
+                    self.tokens.append(BlockMappingStartToken(mark, mark))
+
+            # Simple keys are allowed after ':' in the block context.
+            self.allow_simple_key = not self.flow_level
+
+            # Reset possible simple key on the current level.
+            self.remove_possible_simple_key()
+
+        # Add VALUE.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(ValueToken(start_mark, end_mark))
+
+    def fetch_alias(self):
+
+        # ALIAS could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ALIAS.
+        self.allow_simple_key = False
+
+        # Scan and add ALIAS.
+        self.tokens.append(self.scan_anchor(AliasToken))
+
+    def fetch_anchor(self):
+
+        # ANCHOR could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ANCHOR.
+        self.allow_simple_key = False
+
+        # Scan and add ANCHOR.
+        self.tokens.append(self.scan_anchor(AnchorToken))
+
+    def fetch_tag(self):
+
+        # TAG could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after TAG.
+        self.allow_simple_key = False
+
+        # Scan and add TAG.
+        self.tokens.append(self.scan_tag())
+
+    def fetch_literal(self):
+        self.fetch_block_scalar(style='|')
+
+    def fetch_folded(self):
+        self.fetch_block_scalar(style='>')
+
+    def fetch_block_scalar(self, style):
+
+        # A simple key may follow a block scalar.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_block_scalar(style))
+
+    def fetch_single(self):
+        self.fetch_flow_scalar(style='\'')
+
+    def fetch_double(self):
+        self.fetch_flow_scalar(style='"')
+
+    def fetch_flow_scalar(self, style):
+
+        # A flow scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after flow scalars.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_flow_scalar(style))
+
+    def fetch_plain(self):
+
+        # A plain scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after plain scalars. But note that `scan_plain` will
+        # change this flag if the scan is finished at the beginning of the
+        # line.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR. May change `allow_simple_key`.
+        self.tokens.append(self.scan_plain())
+
+    # Checkers.
+
+    def check_directive(self):
+
+        # DIRECTIVE:        ^ '%' ...
+        # The '%' indicator is already checked.
+        if self.column == 0:
+            return True
+
+    def check_document_start(self):
+
+        # DOCUMENT-START:   ^ '---' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '---'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_document_end(self):
+
+        # DOCUMENT-END:     ^ '...' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '...'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_block_entry(self):
+
+        # BLOCK-ENTRY:      '-' (' '|'\n')
+        return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_key(self):
+
+        # KEY(flow context):    '?'
+        if self.flow_level:
+            return True
+
+        # KEY(block context):   '?' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_value(self):
+
+        # VALUE(flow context):  ':'
+        if self.flow_level:
+            return True
+
+        # VALUE(block context): ':' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_plain(self):
+
+        # A plain scalar may start with any non-space character except:
+        #   '-', '?', ':', ',', '[', ']', '{', '}',
+        #   '#', '&', '*', '!', '|', '>', '\'', '\"',
+        #   '%', '@', '`'.
+        #
+        # It may also start with
+        #   '-', '?', ':'
+        # if it is followed by a non-space character.
+        #
+        # Note that we limit the last rule to the block context (except the
+        # '-' character) because we want the flow context to be space
+        # independent.
+        ch = self.peek()
+        return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`'  \
+                or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
+                        and (ch == '-' or (not self.flow_level and ch in '?:')))
+
+    # Scanners.
+
+    def scan_to_next_token(self):
+        # We ignore spaces, line breaks and comments.
+        # If we find a line break in the block context, we set the flag
+        # `allow_simple_key` on.
+        # The byte order mark is stripped if it's the first character in the
+        # stream. We do not yet support BOM inside the stream as the
+        # specification requires. Any such mark will be considered as a part
+        # of the document.
+        #
+        # TODO: We need to make tab handling rules more sane. A good rule is
+        #   Tabs cannot precede tokens
+        #   BLOCK-SEQUENCE-START, BLOCK-MAPPING-START, BLOCK-END,
+        #   KEY(block), VALUE(block), BLOCK-ENTRY
+        # So the checking code is
+        #   if <TAB>:
+        #       self.allow_simple_keys = False
+        # We also need to add the check for `allow_simple_keys == True` to
+        # `unwind_indent` before issuing BLOCK-END.
+        # Scanners for block, flow, and plain scalars need to be modified.
+
+        if self.index == 0 and self.peek() == '\uFEFF':
+            self.forward()
+        found = False
+        while not found:
+            while self.peek() == ' ':
+                self.forward()
+            if self.peek() == '#':
+                while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                    self.forward()
+            if self.scan_line_break():
+                if not self.flow_level:
+                    self.allow_simple_key = True
+            else:
+                found = True
+
+    def scan_directive(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        self.forward()
+        name = self.scan_directive_name(start_mark)
+        value = None
+        if name == 'YAML':
+            value = self.scan_yaml_directive_value(start_mark)
+            end_mark = self.get_mark()
+        elif name == 'TAG':
+            value = self.scan_tag_directive_value(start_mark)
+            end_mark = self.get_mark()
+        else:
+            end_mark = self.get_mark()
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        self.scan_directive_ignored_line(start_mark)
+        return DirectiveToken(name, value, start_mark, end_mark)
+
+    def scan_directive_name(self, start_mark):
+        # See the specification for details.
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        return value
+
+    def scan_yaml_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        major = self.scan_yaml_directive_number(start_mark)
+        if self.peek() != '.':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or '.', but found %r" % self.peek(),
+                    self.get_mark())
+        self.forward()
+        minor = self.scan_yaml_directive_number(start_mark)
+        if self.peek() not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or ' ', but found %r" % self.peek(),
+                    self.get_mark())
+        return (major, minor)
+
+    def scan_yaml_directive_number(self, start_mark):
+        # See the specification for details.
+        ch = self.peek()
+        if not ('0' <= ch <= '9'):
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit, but found %r" % ch, self.get_mark())
+        length = 0
+        while '0' <= self.peek(length) <= '9':
+            length += 1
+        value = int(self.prefix(length))
+        self.forward(length)
+        return value
+
+    def scan_tag_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        handle = self.scan_tag_directive_handle(start_mark)
+        while self.peek() == ' ':
+            self.forward()
+        prefix = self.scan_tag_directive_prefix(start_mark)
+        return (handle, prefix)
+
+    def scan_tag_directive_handle(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_handle('directive', start_mark)
+        ch = self.peek()
+        if ch != ' ':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_tag_directive_prefix(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_uri('directive', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_directive_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a comment or a line break, but found %r"
+                        % ch, self.get_mark())
+        self.scan_line_break()
+
+    def scan_anchor(self, TokenClass):
+        # The specification does not restrict characters for anchors and
+        # aliases. This may lead to problems, for instance, the document:
+        #   [ *alias, value ]
+        # can be interpreted in two ways, as
+        #   [ "value" ]
+        # and
+        #   [ *alias , "value" ]
+        # Therefore we restrict aliases to numbers and ASCII letters.
+        start_mark = self.get_mark()
+        indicator = self.peek()
+        if indicator == '*':
+            name = 'alias'
+        else:
+            name = 'anchor'
+        self.forward()
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        end_mark = self.get_mark()
+        return TokenClass(value, start_mark, end_mark)
+
+    def scan_tag(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        ch = self.peek(1)
+        if ch == '<':
+            handle = None
+            self.forward(2)
+            suffix = self.scan_tag_uri('tag', start_mark)
+            if self.peek() != '>':
+                raise ScannerError("while parsing a tag", start_mark,
+                        "expected '>', but found %r" % self.peek(),
+                        self.get_mark())
+            self.forward()
+        elif ch in '\0 \t\r\n\x85\u2028\u2029':
+            handle = None
+            suffix = '!'
+            self.forward()
+        else:
+            length = 1
+            use_handle = False
+            while ch not in '\0 \r\n\x85\u2028\u2029':
+                if ch == '!':
+                    use_handle = True
+                    break
+                length += 1
+                ch = self.peek(length)
+            handle = '!'
+            if use_handle:
+                handle = self.scan_tag_handle('tag', start_mark)
+            else:
+                handle = '!'
+                self.forward()
+            suffix = self.scan_tag_uri('tag', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a tag", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        value = (handle, suffix)
+        end_mark = self.get_mark()
+        return TagToken(value, start_mark, end_mark)
+
+    def scan_block_scalar(self, style):
+        # See the specification for details.
+
+        if style == '>':
+            folded = True
+        else:
+            folded = False
+
+        chunks = []
+        start_mark = self.get_mark()
+
+        # Scan the header.
+        self.forward()
+        chomping, increment = self.scan_block_scalar_indicators(start_mark)
+        self.scan_block_scalar_ignored_line(start_mark)
+
+        # Determine the indentation level and go to the first non-empty line.
+        min_indent = self.indent+1
+        if min_indent < 1:
+            min_indent = 1
+        if increment is None:
+            breaks, max_indent, end_mark = self.scan_block_scalar_indentation()
+            indent = max(min_indent, max_indent)
+        else:
+            indent = min_indent+increment-1
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+        line_break = ''
+
+        # Scan the inner part of the block scalar.
+        while self.column == indent and self.peek() != '\0':
+            chunks.extend(breaks)
+            leading_non_space = self.peek() not in ' \t'
+            length = 0
+            while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
+                length += 1
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            line_break = self.scan_line_break()
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+            if self.column == indent and self.peek() != '\0':
+
+                # Unfortunately, folding rules are ambiguous.
+                #
+                # This is the folding according to the specification:
+                
+                if folded and line_break == '\n'    \
+                        and leading_non_space and self.peek() not in ' \t':
+                    if not breaks:
+                        chunks.append(' ')
+                else:
+                    chunks.append(line_break)
+                
+                # This is Clark Evans's interpretation (also in the spec
+                # examples):
+                #
+                #if folded and line_break == '\n':
+                #    if not breaks:
+                #        if self.peek() not in ' \t':
+                #            chunks.append(' ')
+                #        else:
+                #            chunks.append(line_break)
+                #else:
+                #    chunks.append(line_break)
+            else:
+                break
+
+        # Chomp the tail.
+        if chomping is not False:
+            chunks.append(line_break)
+        if chomping is True:
+            chunks.extend(breaks)
+
+        # We are done.
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    def scan_block_scalar_indicators(self, start_mark):
+        # See the specification for details.
+        chomping = None
+        increment = None
+        ch = self.peek()
+        if ch in '+-':
+            if ch == '+':
+                chomping = True
+            else:
+                chomping = False
+            self.forward()
+            ch = self.peek()
+            if ch in '0123456789':
+                increment = int(ch)
+                if increment == 0:
+                    raise ScannerError("while scanning a block scalar", start_mark,
+                            "expected indentation indicator in the range 1-9, but found 0",
+                            self.get_mark())
+                self.forward()
+        elif ch in '0123456789':
+            increment = int(ch)
+            if increment == 0:
+                raise ScannerError("while scanning a block scalar", start_mark,
+                        "expected indentation indicator in the range 1-9, but found 0",
+                        self.get_mark())
+            self.forward()
+            ch = self.peek()
+            if ch in '+-':
+                if ch == '+':
+                    chomping = True
+                else:
+                    chomping = False
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected chomping or indentation indicators, but found %r"
+                    % ch, self.get_mark())
+        return chomping, increment
+
+    def scan_block_scalar_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected a comment or a line break, but found %r" % ch,
+                    self.get_mark())
+        self.scan_line_break()
+
+    def scan_block_scalar_indentation(self):
+        # See the specification for details.
+        chunks = []
+        max_indent = 0
+        end_mark = self.get_mark()
+        while self.peek() in ' \r\n\x85\u2028\u2029':
+            if self.peek() != ' ':
+                chunks.append(self.scan_line_break())
+                end_mark = self.get_mark()
+            else:
+                self.forward()
+                if self.column > max_indent:
+                    max_indent = self.column
+        return chunks, max_indent, end_mark
+
+    def scan_block_scalar_breaks(self, indent):
+        # See the specification for details.
+        chunks = []
+        end_mark = self.get_mark()
+        while self.column < indent and self.peek() == ' ':
+            self.forward()
+        while self.peek() in '\r\n\x85\u2028\u2029':
+            chunks.append(self.scan_line_break())
+            end_mark = self.get_mark()
+            while self.column < indent and self.peek() == ' ':
+                self.forward()
+        return chunks, end_mark
+
+    def scan_flow_scalar(self, style):
+        # See the specification for details.
+        # Note that we loose indentation rules for quoted scalars. Quoted
+        # scalars don't need to adhere indentation because " and ' clearly
+        # mark the beginning and the end of them. Therefore we are less
+        # restrictive then the specification requires. We only need to check
+        # that document separators are not included in scalars.
+        if style == '"':
+            double = True
+        else:
+            double = False
+        chunks = []
+        start_mark = self.get_mark()
+        quote = self.peek()
+        self.forward()
+        chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        while self.peek() != quote:
+            chunks.extend(self.scan_flow_scalar_spaces(double, start_mark))
+            chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        self.forward()
+        end_mark = self.get_mark()
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    ESCAPE_REPLACEMENTS = {
+        '0':    '\0',
+        'a':    '\x07',
+        'b':    '\x08',
+        't':    '\x09',
+        '\t':   '\x09',
+        'n':    '\x0A',
+        'v':    '\x0B',
+        'f':    '\x0C',
+        'r':    '\x0D',
+        'e':    '\x1B',
+        ' ':    '\x20',
+        '\"':   '\"',
+        '\\':   '\\',
+        '/':    '/',
+        'N':    '\x85',
+        '_':    '\xA0',
+        'L':    '\u2028',
+        'P':    '\u2029',
+    }
+
+    ESCAPE_CODES = {
+        'x':    2,
+        'u':    4,
+        'U':    8,
+    }
+
+    def scan_flow_scalar_non_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            length = 0
+            while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
+                length += 1
+            if length:
+                chunks.append(self.prefix(length))
+                self.forward(length)
+            ch = self.peek()
+            if not double and ch == '\'' and self.peek(1) == '\'':
+                chunks.append('\'')
+                self.forward(2)
+            elif (double and ch == '\'') or (not double and ch in '\"\\'):
+                chunks.append(ch)
+                self.forward()
+            elif double and ch == '\\':
+                self.forward()
+                ch = self.peek()
+                if ch in self.ESCAPE_REPLACEMENTS:
+                    chunks.append(self.ESCAPE_REPLACEMENTS[ch])
+                    self.forward()
+                elif ch in self.ESCAPE_CODES:
+                    length = self.ESCAPE_CODES[ch]
+                    self.forward()
+                    for k in range(length):
+                        if self.peek(k) not in '0123456789ABCDEFabcdef':
+                            raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                                    "expected escape sequence of %d hexadecimal numbers, but found %r" %
+                                        (length, self.peek(k)), self.get_mark())
+                    code = int(self.prefix(length), 16)
+                    chunks.append(chr(code))
+                    self.forward(length)
+                elif ch in '\r\n\x85\u2028\u2029':
+                    self.scan_line_break()
+                    chunks.extend(self.scan_flow_scalar_breaks(double, start_mark))
+                else:
+                    raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                            "found unknown escape character %r" % ch, self.get_mark())
+            else:
+                return chunks
+
+    def scan_flow_scalar_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        length = 0
+        while self.peek(length) in ' \t':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch == '\0':
+            raise ScannerError("while scanning a quoted scalar", start_mark,
+                    "found unexpected end of stream", self.get_mark())
+        elif ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            breaks = self.scan_flow_scalar_breaks(double, start_mark)
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        else:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_flow_scalar_breaks(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            # Instead of checking indentation, we check for document
+            # separators.
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                raise ScannerError("while scanning a quoted scalar", start_mark,
+                        "found unexpected document separator", self.get_mark())
+            while self.peek() in ' \t':
+                self.forward()
+            if self.peek() in '\r\n\x85\u2028\u2029':
+                chunks.append(self.scan_line_break())
+            else:
+                return chunks
+
+    def scan_plain(self):
+        # See the specification for details.
+        # We add an additional restriction for the flow context:
+        #   plain scalars in the flow context cannot contain ',' or '?'.
+        # We also keep track of the `allow_simple_key` flag here.
+        # Indentation rules are loosed for the flow context.
+        chunks = []
+        start_mark = self.get_mark()
+        end_mark = start_mark
+        indent = self.indent+1
+        # We allow zero indentation for scalars, but then we need to check for
+        # document separators at the beginning of the line.
+        #if indent == 0:
+        #    indent = 1
+        spaces = []
+        while True:
+            length = 0
+            if self.peek() == '#':
+                break
+            while True:
+                ch = self.peek(length)
+                if ch in '\0 \t\r\n\x85\u2028\u2029'    \
+                        or (ch == ':' and
+                                self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
+                                      + (u',[]{}' if self.flow_level else u''))\
+                        or (self.flow_level and ch in ',?[]{}'):
+                    break
+                length += 1
+            if length == 0:
+                break
+            self.allow_simple_key = False
+            chunks.extend(spaces)
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            end_mark = self.get_mark()
+            spaces = self.scan_plain_spaces(indent, start_mark)
+            if not spaces or self.peek() == '#' \
+                    or (not self.flow_level and self.column < indent):
+                break
+        return ScalarToken(''.join(chunks), True, start_mark, end_mark)
+
+    def scan_plain_spaces(self, indent, start_mark):
+        # See the specification for details.
+        # The specification is really confusing about tabs in plain scalars.
+        # We just forbid them completely. Do not use tabs in YAML!
+        chunks = []
+        length = 0
+        while self.peek(length) in ' ':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            self.allow_simple_key = True
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return
+            breaks = []
+            while self.peek() in ' \r\n\x85\u2028\u2029':
+                if self.peek() == ' ':
+                    self.forward()
+                else:
+                    breaks.append(self.scan_line_break())
+                    prefix = self.prefix(3)
+                    if (prefix == '---' or prefix == '...')   \
+                            and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                        return
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        elif whitespaces:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_tag_handle(self, name, start_mark):
+        # See the specification for details.
+        # For some strange reasons, the specification does not allow '_' in
+        # tag handles. I have allowed it anyway.
+        ch = self.peek()
+        if ch != '!':
+            raise ScannerError("while scanning a %s" % name, start_mark,
+                    "expected '!', but found %r" % ch, self.get_mark())
+        length = 1
+        ch = self.peek(length)
+        if ch != ' ':
+            while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                    or ch in '-_':
+                length += 1
+                ch = self.peek(length)
+            if ch != '!':
+                self.forward(length)
+                raise ScannerError("while scanning a %s" % name, start_mark,
+                        "expected '!', but found %r" % ch, self.get_mark())
+            length += 1
+        value = self.prefix(length)
+        self.forward(length)
+        return value
+
+    def scan_tag_uri(self, name, start_mark):
+        # See the specification for details.
+        # Note: we do not check if URI is well-formed.
+        chunks = []
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-;/?:@&=+$,_.!~*\'()[]%':
+            if ch == '%':
+                chunks.append(self.prefix(length))
+                self.forward(length)
+                length = 0
+                chunks.append(self.scan_uri_escapes(name, start_mark))
+            else:
+                length += 1
+            ch = self.peek(length)
+        if length:
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            length = 0
+        if not chunks:
+            raise ScannerError("while parsing a %s" % name, start_mark,
+                    "expected URI, but found %r" % ch, self.get_mark())
+        return ''.join(chunks)
+
+    def scan_uri_escapes(self, name, start_mark):
+        # See the specification for details.
+        codes = []
+        mark = self.get_mark()
+        while self.peek() == '%':
+            self.forward()
+            for k in range(2):
+                if self.peek(k) not in '0123456789ABCDEFabcdef':
+                    raise ScannerError("while scanning a %s" % name, start_mark,
+                            "expected URI escape sequence of 2 hexadecimal numbers, but found %r"
+                            % self.peek(k), self.get_mark())
+            codes.append(int(self.prefix(2), 16))
+            self.forward(2)
+        try:
+            value = bytes(codes).decode('utf-8')
+        except UnicodeDecodeError as exc:
+            raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
+        return value
+
+    def scan_line_break(self):
+        # Transforms:
+        #   '\r\n'      :   '\n'
+        #   '\r'        :   '\n'
+        #   '\n'        :   '\n'
+        #   '\x85'      :   '\n'
+        #   '\u2028'    :   '\u2028'
+        #   '\u2029     :   '\u2029'
+        #   default     :   ''
+        ch = self.peek()
+        if ch in '\r\n\x85':
+            if self.prefix(2) == '\r\n':
+                self.forward(2)
+            else:
+                self.forward()
+            return '\n'
+        elif ch in '\u2028\u2029':
+            self.forward()
+            return ch
+        return ''
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/serializer.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/serializer.py
new file mode 100644
index 000000000..fe911e67a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/serializer.py
@@ -0,0 +1,111 @@
+
+__all__ = ['Serializer', 'SerializerError']
+
+from .error import YAMLError
+from .events import *
+from .nodes import *
+
+class SerializerError(YAMLError):
+    pass
+
+class Serializer:
+
+    ANCHOR_TEMPLATE = 'id%03d'
+
+    def __init__(self, encoding=None,
+            explicit_start=None, explicit_end=None, version=None, tags=None):
+        self.use_encoding = encoding
+        self.use_explicit_start = explicit_start
+        self.use_explicit_end = explicit_end
+        self.use_version = version
+        self.use_tags = tags
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+        self.closed = None
+
+    def open(self):
+        if self.closed is None:
+            self.emit(StreamStartEvent(encoding=self.use_encoding))
+            self.closed = False
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        else:
+            raise SerializerError("serializer is already opened")
+
+    def close(self):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif not self.closed:
+            self.emit(StreamEndEvent())
+            self.closed = True
+
+    #def __del__(self):
+    #    self.close()
+
+    def serialize(self, node):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        self.emit(DocumentStartEvent(explicit=self.use_explicit_start,
+            version=self.use_version, tags=self.use_tags))
+        self.anchor_node(node)
+        self.serialize_node(node, None, None)
+        self.emit(DocumentEndEvent(explicit=self.use_explicit_end))
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+
+    def anchor_node(self, node):
+        if node in self.anchors:
+            if self.anchors[node] is None:
+                self.anchors[node] = self.generate_anchor(node)
+        else:
+            self.anchors[node] = None
+            if isinstance(node, SequenceNode):
+                for item in node.value:
+                    self.anchor_node(item)
+            elif isinstance(node, MappingNode):
+                for key, value in node.value:
+                    self.anchor_node(key)
+                    self.anchor_node(value)
+
+    def generate_anchor(self, node):
+        self.last_anchor_id += 1
+        return self.ANCHOR_TEMPLATE % self.last_anchor_id
+
+    def serialize_node(self, node, parent, index):
+        alias = self.anchors[node]
+        if node in self.serialized_nodes:
+            self.emit(AliasEvent(alias))
+        else:
+            self.serialized_nodes[node] = True
+            self.descend_resolver(parent, index)
+            if isinstance(node, ScalarNode):
+                detected_tag = self.resolve(ScalarNode, node.value, (True, False))
+                default_tag = self.resolve(ScalarNode, node.value, (False, True))
+                implicit = (node.tag == detected_tag), (node.tag == default_tag)
+                self.emit(ScalarEvent(alias, node.tag, implicit, node.value,
+                    style=node.style))
+            elif isinstance(node, SequenceNode):
+                implicit = (node.tag
+                            == self.resolve(SequenceNode, node.value, True))
+                self.emit(SequenceStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                index = 0
+                for item in node.value:
+                    self.serialize_node(item, node, index)
+                    index += 1
+                self.emit(SequenceEndEvent())
+            elif isinstance(node, MappingNode):
+                implicit = (node.tag
+                            == self.resolve(MappingNode, node.value, True))
+                self.emit(MappingStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                for key, value in node.value:
+                    self.serialize_node(key, node, None)
+                    self.serialize_node(value, node, key)
+                self.emit(MappingEndEvent())
+            self.ascend_resolver()
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/tokens.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/tokens.py
new file mode 100644
index 000000000..4d0b48a39
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/tokens.py
@@ -0,0 +1,104 @@
+
+class Token(object):
+    def __init__(self, start_mark, end_mark):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in self.__dict__
+                if not key.endswith('_mark')]
+        attributes.sort()
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+#class BOMToken(Token):
+#    id = '<byte order mark>'
+
+class DirectiveToken(Token):
+    id = '<directive>'
+    def __init__(self, name, value, start_mark, end_mark):
+        self.name = name
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class DocumentStartToken(Token):
+    id = '<document start>'
+
+class DocumentEndToken(Token):
+    id = '<document end>'
+
+class StreamStartToken(Token):
+    id = '<stream start>'
+    def __init__(self, start_mark=None, end_mark=None,
+            encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndToken(Token):
+    id = '<stream end>'
+
+class BlockSequenceStartToken(Token):
+    id = '<block sequence start>'
+
+class BlockMappingStartToken(Token):
+    id = '<block mapping start>'
+
+class BlockEndToken(Token):
+    id = '<block end>'
+
+class FlowSequenceStartToken(Token):
+    id = '['
+
+class FlowMappingStartToken(Token):
+    id = '{'
+
+class FlowSequenceEndToken(Token):
+    id = ']'
+
+class FlowMappingEndToken(Token):
+    id = '}'
+
+class KeyToken(Token):
+    id = '?'
+
+class ValueToken(Token):
+    id = ':'
+
+class BlockEntryToken(Token):
+    id = '-'
+
+class FlowEntryToken(Token):
+    id = ','
+
+class AliasToken(Token):
+    id = '<alias>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class AnchorToken(Token):
+    id = '<anchor>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class TagToken(Token):
+    id = '<tag>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class ScalarToken(Token):
+    id = '<scalar>'
+    def __init__(self, value, plain, start_mark, end_mark, style=None):
+        self.value = value
+        self.plain = plain
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
new file mode 100644
index 000000000..c4700f975
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
new file mode 100644
index 000000000..7354b5a5f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
@@ -0,0 +1,93 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 2.1.5
+Summary: Safely add untrusted strings to HTML/XML markup.
+Home-page: https://palletsprojects.com/p/markupsafe/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/markupsafe/
+Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+
+MarkupSafe
+==========
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    pip install -U MarkupSafe
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+Examples
+--------
+
+.. code-block:: pycon
+
+    >>> from markupsafe import Markup, escape
+
+    >>> # escape replaces special characters and wraps in Markup
+    >>> escape("<script>alert(document.cookie);</script>")
+    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+    >>> # wrap in Markup to mark text "safe" and prevent escaping
+    >>> Markup("<strong>Hello</strong>")
+    Markup('<strong>hello</strong>')
+
+    >>> escape(Markup("<strong>Hello</strong>"))
+    Markup('<strong>hello</strong>')
+
+    >>> # Markup is a str subclass
+    >>> # methods and operators escape their arguments
+    >>> template = Markup("Hello <em>{name}</em>")
+    >>> template.format(name='"World"')
+    Markup('Hello <em>&#34;World&#34;</em>')
+
+
+Donate
+------
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+`please donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://markupsafe.palletsprojects.com/
+-   Changes: https://markupsafe.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/MarkupSafe/
+-   Source Code: https://github.com/pallets/markupsafe/
+-   Issue Tracker: https://github.com/pallets/markupsafe/issues/
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
new file mode 100644
index 000000000..b1bd79c2a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=RjHsDbX9kKVH4zaBcmTGeYIUM4FG-KyUtKV_lu6MnsQ,1503
+MarkupSafe-2.1.5.dist-info/METADATA,sha256=icNlaniV7YIQZ1BScCVqNaRtm7MAgfw8d3OBmoSVyAY,3096
+MarkupSafe-2.1.5.dist-info/RECORD,,
+MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-2.1.5.dist-info/WHEEL,sha256=ircjsfhzblqgSzO8ow7-0pXK-RVqDqNRGQ8F650AUNM,102
+MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=m1ysNeqf55zbEoJtaovca40ivrkEFolPlw5bGoC5Gi4,11290
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=_Q7UsXCOvgdonCgqG3l5asANI6eo50EKnDM-mlwEC5M,1776
+markupsafe/_speedups.c,sha256=n3jzzaJwXcoN8nTFyA53f3vSqsWK2vujI-v6QYifjhQ,7403
+markupsafe/_speedups.cp311-win_amd64.pyd,sha256=MEqnkyBOHmstwQr50hKitovHjrHhMJ0gYmya4Fu1DK0,15872
+markupsafe/_speedups.pyi,sha256=f5QtwIOP0eLrxh2v5p6SmaYmlcHIGIfmz0DovaqL0OU,238
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
new file mode 100644
index 000000000..d60b00472
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.42.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-win_amd64
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
new file mode 100644
index 000000000..75bf72925
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
@@ -0,0 +1 @@
+markupsafe
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE
new file mode 100644
index 000000000..2f1b8e15e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2017-2021 Ingy döt Net
+Copyright (c) 2006-2016 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
new file mode 100644
index 000000000..6523240ce
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.1
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.6
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD
new file mode 100644
index 000000000..85b830fa4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD
@@ -0,0 +1,44 @@
+PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.1.dist-info/METADATA,sha256=i3GoINVJ0RnmgIBLEFUIA75PtRGAhQAZGeWJNZFKogc,2104
+PyYAML-6.0.1.dist-info/RECORD,,
+PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.1.dist-info/WHEEL,sha256=9wvhO-5NhjjD8YmmxAvXTPQXMDOZ50W5vklzeoqFtkM,102
+PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+_yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
+_yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__pycache__/__init__.cpython-311.pyc,,
+yaml/__pycache__/composer.cpython-311.pyc,,
+yaml/__pycache__/constructor.cpython-311.pyc,,
+yaml/__pycache__/cyaml.cpython-311.pyc,,
+yaml/__pycache__/dumper.cpython-311.pyc,,
+yaml/__pycache__/emitter.cpython-311.pyc,,
+yaml/__pycache__/error.cpython-311.pyc,,
+yaml/__pycache__/events.cpython-311.pyc,,
+yaml/__pycache__/loader.cpython-311.pyc,,
+yaml/__pycache__/nodes.cpython-311.pyc,,
+yaml/__pycache__/parser.cpython-311.pyc,,
+yaml/__pycache__/reader.cpython-311.pyc,,
+yaml/__pycache__/representer.cpython-311.pyc,,
+yaml/__pycache__/resolver.cpython-311.pyc,,
+yaml/__pycache__/scanner.cpython-311.pyc,,
+yaml/__pycache__/serializer.cpython-311.pyc,,
+yaml/__pycache__/tokens.cpython-311.pyc,,
+yaml/_yaml.cp311-win_amd64.pyd,sha256=oMYsA1zRMc4eV0dC2R1BXedhpcXVw1pPNqQbjgsKsZU,233984
+yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
+yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
+yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
+yaml/dumper.py,sha256=PLctZlYwZLp7XmeUdwRuv4nYOZ2UBnDIUy8-lKfLF-o,2837
+yaml/emitter.py,sha256=jghtaU7eFwg31bG0B7RZea_29Adi9CKmXq_QjgQpCkQ,43006
+yaml/error.py,sha256=Ah9z-toHJUbE9j-M8YpxgSRM5CgLCcwVzJgLLRF2Fxo,2533
+yaml/events.py,sha256=50_TksgQiE4up-lKo_V-nBy-tAIxkIPQxY5qDhKCeHw,2445
+yaml/loader.py,sha256=UVa-zIqmkFSCIYq_PgSGm4NSJttHY2Rf_zQ4_b1fHN0,2061
+yaml/nodes.py,sha256=gPKNj8pKCdh2d4gr3gIYINnPOaOxGhJAUiYhGRnPE84,1440
+yaml/parser.py,sha256=ilWp5vvgoHFGzvOZDItFoGjD6D42nhlZrZyjAwa0oJo,25495
+yaml/reader.py,sha256=0dmzirOiDG4Xo41RnuQS7K9rkY3xjHiVasfDMNTqCNw,6794
+yaml/representer.py,sha256=IuWP-cAW9sHKEnS0gCqSa894k1Bg4cgTxaDwIcbRQ-Y,14190
+yaml/resolver.py,sha256=9L-VYfm4mWHxUD1Vg4X7rjDRK_7VZd6b92wzq7Y2IKY,9004
+yaml/scanner.py,sha256=YEM3iLZSaQwXcQRg2l2R4MdT0zGP2F9eHkKGKnHyWQY,51279
+yaml/serializer.py,sha256=ChuFgmhU01hj4xgI8GaKv6vfM2Bujwa9i7d2FAHj7cA,4165
+yaml/tokens.py,sha256=lTQIzSVw8Mg9wv459-TjiOQe6wVziqaRlqX2_89rp54,2573
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL
new file mode 100644
index 000000000..30c3ff1eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.40.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-win_amd64
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt
new file mode 100644
index 000000000..e6475e911
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt
@@ -0,0 +1,2 @@
+_yaml
+yaml
diff --git a/lib/go-jinja2/internal/data/windows-amd64/_yaml/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/_yaml/__init__.py
new file mode 100644
index 000000000..7baa8c4b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/_yaml/__init__.py
@@ -0,0 +1,33 @@
+# This is a stub package designed to roughly emulate the _yaml
+# extension module, which previously existed as a standalone module
+# and has been moved into the `yaml` package namespace.
+# It does not perfectly mimic its old counterpart, but should get
+# close enough for anyone who's relying on it even when they shouldn't.
+import yaml
+
+# in some circumstances, the yaml module we imoprted may be from a different version, so we need
+# to tread carefully when poking at it here (it may not have the attributes we expect)
+if not getattr(yaml, '__with_libyaml__', False):
+    from sys import version_info
+
+    exc = ModuleNotFoundError if version_info >= (3, 6) else ImportError
+    raise exc("No module named '_yaml'")
+else:
+    from yaml._yaml import *
+    import warnings
+    warnings.warn(
+        'The _yaml extension module is now located at yaml._yaml'
+        ' and its location is subject to change.  To use the'
+        ' LibYAML-based parser and emitter, import from `yaml`:'
+        ' `from yaml import CLoader as Loader, CDumper as Dumper`.',
+        DeprecationWarning
+    )
+    del warnings
+    # Don't `del yaml` here because yaml is actually an existing
+    # namespace member of _yaml.
+
+__name__ = '_yaml'
+# If the module is top-level (i.e. not a part of any specific package)
+# then the attribute should be set to ''.
+# https://docs.python.org/3.8/library/types.html
+__package__ = ''
diff --git a/lib/go-jinja2/internal/data/windows-amd64/bin/jsonpath_ng b/lib/go-jinja2/internal/data/windows-amd64/bin/jsonpath_ng
new file mode 100644
index 000000000..171bf8599
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/bin/jsonpath_ng
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-windows-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from jsonpath_ng.bin.jsonpath import entry_point
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(entry_point())
diff --git a/lib/go-jinja2/internal/data/windows-amd64/bin/slugify b/lib/go-jinja2/internal/data/windows-amd64/bin/slugify
new file mode 100644
index 000000000..be4eb285a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/bin/slugify
@@ -0,0 +1,8 @@
+#!/tmp/python-pip-windows-amd64/bin/python3
+# -*- coding: utf-8 -*-
+import re
+import sys
+from slugify.__main__ import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/LICENSE.rst
new file mode 100644
index 000000000..d12a84918
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/LICENSE.rst
@@ -0,0 +1,28 @@
+Copyright 2014 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/METADATA
new file mode 100644
index 000000000..7a6bbb24b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/METADATA
@@ -0,0 +1,103 @@
+Metadata-Version: 2.1
+Name: click
+Version: 8.1.7
+Summary: Composable command line interface toolkit
+Home-page: https://palletsprojects.com/p/click/
+Maintainer: Pallets
+Maintainer-email: contact@palletsprojects.com
+License: BSD-3-Clause
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://click.palletsprojects.com/
+Project-URL: Changes, https://click.palletsprojects.com/changes/
+Project-URL: Source Code, https://github.com/pallets/click/
+Project-URL: Issue Tracker, https://github.com/pallets/click/issues/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Requires-Python: >=3.7
+Description-Content-Type: text/x-rst
+License-File: LICENSE.rst
+Requires-Dist: colorama ; platform_system == "Windows"
+Requires-Dist: importlib-metadata ; python_version < "3.8"
+
+\$ click\_
+==========
+
+Click is a Python package for creating beautiful command line interfaces
+in a composable way with as little code as necessary. It's the "Command
+Line Interface Creation Kit". It's highly configurable but comes with
+sensible defaults out of the box.
+
+It aims to make the process of writing command line tools quick and fun
+while also preventing any frustration caused by the inability to
+implement an intended CLI API.
+
+Click in three points:
+
+-   Arbitrary nesting of commands
+-   Automatic help page generation
+-   Supports lazy loading of subcommands at runtime
+
+
+Installing
+----------
+
+Install and update using `pip`_:
+
+.. code-block:: text
+
+    $ pip install -U click
+
+.. _pip: https://pip.pypa.io/en/stable/getting-started/
+
+
+A Simple Example
+----------------
+
+.. code-block:: python
+
+    import click
+
+    @click.command()
+    @click.option("--count", default=1, help="Number of greetings.")
+    @click.option("--name", prompt="Your name", help="The person to greet.")
+    def hello(count, name):
+        """Simple program that greets NAME for a total of COUNT times."""
+        for _ in range(count):
+            click.echo(f"Hello, {name}!")
+
+    if __name__ == '__main__':
+        hello()
+
+.. code-block:: text
+
+    $ python hello.py --count=3
+    Your name: Click
+    Hello, Click!
+    Hello, Click!
+    Hello, Click!
+
+
+Donate
+------
+
+The Pallets organization develops and supports Click and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, `please
+donate today`_.
+
+.. _please donate today: https://palletsprojects.com/donate
+
+
+Links
+-----
+
+-   Documentation: https://click.palletsprojects.com/
+-   Changes: https://click.palletsprojects.com/changes/
+-   PyPI Releases: https://pypi.org/project/click/
+-   Source Code: https://github.com/pallets/click
+-   Issue Tracker: https://github.com/pallets/click/issues
+-   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/RECORD
new file mode 100644
index 000000000..dcffbf004
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/RECORD
@@ -0,0 +1,40 @@
+click-8.1.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+click-8.1.7.dist-info/LICENSE.rst,sha256=morRBqOU6FO_4h9C9OctWSgZoigF2ZG18ydQKSkrZY0,1475
+click-8.1.7.dist-info/METADATA,sha256=qIMevCxGA9yEmJOM_4WHuUJCwWpsIEVbCPOhs45YPN4,3014
+click-8.1.7.dist-info/RECORD,,
+click-8.1.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click-8.1.7.dist-info/WHEEL,sha256=5sUXSg9e4bi7lTLOHcm6QEYwO5TIF1TNbTSVFVjcJcc,92
+click-8.1.7.dist-info/top_level.txt,sha256=J1ZQogalYS4pphY_lPECoNMfw0HzTSrZglC4Yfwo4xA,6
+click/__init__.py,sha256=YDDbjm406dTOA0V8bTtdGnhN7zj5j-_dFRewZF_pLvw,3138
+click/__pycache__/__init__.cpython-311.pyc,,
+click/__pycache__/_compat.cpython-311.pyc,,
+click/__pycache__/_termui_impl.cpython-311.pyc,,
+click/__pycache__/_textwrap.cpython-311.pyc,,
+click/__pycache__/_winconsole.cpython-311.pyc,,
+click/__pycache__/core.cpython-311.pyc,,
+click/__pycache__/decorators.cpython-311.pyc,,
+click/__pycache__/exceptions.cpython-311.pyc,,
+click/__pycache__/formatting.cpython-311.pyc,,
+click/__pycache__/globals.cpython-311.pyc,,
+click/__pycache__/parser.cpython-311.pyc,,
+click/__pycache__/shell_completion.cpython-311.pyc,,
+click/__pycache__/termui.cpython-311.pyc,,
+click/__pycache__/testing.cpython-311.pyc,,
+click/__pycache__/types.cpython-311.pyc,,
+click/__pycache__/utils.cpython-311.pyc,,
+click/_compat.py,sha256=5318agQpbt4kroKsbqDOYpTSWzL_YCZVUQiTT04yXmc,18744
+click/_termui_impl.py,sha256=3dFYv4445Nw-rFvZOTBMBPYwB1bxnmNk9Du6Dm_oBSU,24069
+click/_textwrap.py,sha256=10fQ64OcBUMuK7mFvh8363_uoOxPlRItZBmKzRJDgoY,1353
+click/_winconsole.py,sha256=5ju3jQkcZD0W27WEMGqmEP4y_crUVzPCqsX_FYb7BO0,7860
+click/core.py,sha256=j6oEWtGgGna8JarD6WxhXmNnxLnfRjwXglbBc-8jr7U,114086
+click/decorators.py,sha256=-ZlbGYgV-oI8jr_oH4RpuL1PFS-5QmeuEAsLDAYgxtw,18719
+click/exceptions.py,sha256=fyROO-47HWFDjt2qupo7A3J32VlpM-ovJnfowu92K3s,9273
+click/formatting.py,sha256=Frf0-5W33-loyY_i9qrwXR8-STnW3m5gvyxLVUdyxyk,9706
+click/globals.py,sha256=TP-qM88STzc7f127h35TD_v920FgfOD2EwzqA0oE8XU,1961
+click/parser.py,sha256=LKyYQE9ZLj5KgIDXkrcTHQRXIggfoivX14_UVIn56YA,19067
+click/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+click/shell_completion.py,sha256=Ty3VM_ts0sQhj6u7eFTiLwHPoTgcXTGEAUg2OpLqYKw,18460
+click/termui.py,sha256=H7Q8FpmPelhJ2ovOhfCRhjMtCpNyjFXryAMLZODqsdc,28324
+click/testing.py,sha256=1Qd4kS5bucn1hsNIRryd0WtTMuCpkA93grkWxT8POsU,16084
+click/types.py,sha256=TZvz3hKvBztf-Hpa2enOmP4eznSPLzijjig5b_0XMxE,36391
+click/utils.py,sha256=1476UduUNY6UePGU4m18uzVHLt1sKM2PP3yWsQhbItM,20298
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/WHEEL
new file mode 100644
index 000000000..2c08da084
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.1)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/top_level.txt
new file mode 100644
index 000000000..dca9a9096
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click-8.1.7.dist-info/top_level.txt
@@ -0,0 +1 @@
+click
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/click/__init__.py
new file mode 100644
index 000000000..9a1dab048
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/__init__.py
@@ -0,0 +1,73 @@
+"""
+Click is a simple Python module inspired by the stdlib optparse to make
+writing command line scripts fun. Unlike other modules, it's based
+around a simple API that does not come with too much magic and is
+composable.
+"""
+from .core import Argument as Argument
+from .core import BaseCommand as BaseCommand
+from .core import Command as Command
+from .core import CommandCollection as CommandCollection
+from .core import Context as Context
+from .core import Group as Group
+from .core import MultiCommand as MultiCommand
+from .core import Option as Option
+from .core import Parameter as Parameter
+from .decorators import argument as argument
+from .decorators import command as command
+from .decorators import confirmation_option as confirmation_option
+from .decorators import group as group
+from .decorators import help_option as help_option
+from .decorators import make_pass_decorator as make_pass_decorator
+from .decorators import option as option
+from .decorators import pass_context as pass_context
+from .decorators import pass_obj as pass_obj
+from .decorators import password_option as password_option
+from .decorators import version_option as version_option
+from .exceptions import Abort as Abort
+from .exceptions import BadArgumentUsage as BadArgumentUsage
+from .exceptions import BadOptionUsage as BadOptionUsage
+from .exceptions import BadParameter as BadParameter
+from .exceptions import ClickException as ClickException
+from .exceptions import FileError as FileError
+from .exceptions import MissingParameter as MissingParameter
+from .exceptions import NoSuchOption as NoSuchOption
+from .exceptions import UsageError as UsageError
+from .formatting import HelpFormatter as HelpFormatter
+from .formatting import wrap_text as wrap_text
+from .globals import get_current_context as get_current_context
+from .parser import OptionParser as OptionParser
+from .termui import clear as clear
+from .termui import confirm as confirm
+from .termui import echo_via_pager as echo_via_pager
+from .termui import edit as edit
+from .termui import getchar as getchar
+from .termui import launch as launch
+from .termui import pause as pause
+from .termui import progressbar as progressbar
+from .termui import prompt as prompt
+from .termui import secho as secho
+from .termui import style as style
+from .termui import unstyle as unstyle
+from .types import BOOL as BOOL
+from .types import Choice as Choice
+from .types import DateTime as DateTime
+from .types import File as File
+from .types import FLOAT as FLOAT
+from .types import FloatRange as FloatRange
+from .types import INT as INT
+from .types import IntRange as IntRange
+from .types import ParamType as ParamType
+from .types import Path as Path
+from .types import STRING as STRING
+from .types import Tuple as Tuple
+from .types import UNPROCESSED as UNPROCESSED
+from .types import UUID as UUID
+from .utils import echo as echo
+from .utils import format_filename as format_filename
+from .utils import get_app_dir as get_app_dir
+from .utils import get_binary_stream as get_binary_stream
+from .utils import get_text_stream as get_text_stream
+from .utils import open_file as open_file
+
+__version__ = "8.1.7"
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/_compat.py b/lib/go-jinja2/internal/data/windows-amd64/click/_compat.py
new file mode 100644
index 000000000..23f886659
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/_compat.py
@@ -0,0 +1,623 @@
+import codecs
+import io
+import os
+import re
+import sys
+import typing as t
+from weakref import WeakKeyDictionary
+
+CYGWIN = sys.platform.startswith("cygwin")
+WIN = sys.platform.startswith("win")
+auto_wrap_for_ansi: t.Optional[t.Callable[[t.TextIO], t.TextIO]] = None
+_ansi_re = re.compile(r"\033\[[;?0-9]*[a-zA-Z]")
+
+
+def _make_text_stream(
+    stream: t.BinaryIO,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if encoding is None:
+        encoding = get_best_encoding(stream)
+    if errors is None:
+        errors = "replace"
+    return _NonClosingTextIOWrapper(
+        stream,
+        encoding,
+        errors,
+        line_buffering=True,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def is_ascii_encoding(encoding: str) -> bool:
+    """Checks if a given encoding is ascii."""
+    try:
+        return codecs.lookup(encoding).name == "ascii"
+    except LookupError:
+        return False
+
+
+def get_best_encoding(stream: t.IO[t.Any]) -> str:
+    """Returns the default stream encoding if not found."""
+    rv = getattr(stream, "encoding", None) or sys.getdefaultencoding()
+    if is_ascii_encoding(rv):
+        return "utf-8"
+    return rv
+
+
+class _NonClosingTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        encoding: t.Optional[str],
+        errors: t.Optional[str],
+        force_readable: bool = False,
+        force_writable: bool = False,
+        **extra: t.Any,
+    ) -> None:
+        self._stream = stream = t.cast(
+            t.BinaryIO, _FixupStream(stream, force_readable, force_writable)
+        )
+        super().__init__(stream, encoding, errors, **extra)
+
+    def __del__(self) -> None:
+        try:
+            self.detach()
+        except Exception:
+            pass
+
+    def isatty(self) -> bool:
+        # https://bitbucket.org/pypy/pypy/issue/1803
+        return self._stream.isatty()
+
+
+class _FixupStream:
+    """The new io interface needs more from streams than streams
+    traditionally implement.  As such, this fix-up code is necessary in
+    some circumstances.
+
+    The forcing of readable and writable flags are there because some tools
+    put badly patched objects on sys (one such offender are certain version
+    of jupyter notebook).
+    """
+
+    def __init__(
+        self,
+        stream: t.BinaryIO,
+        force_readable: bool = False,
+        force_writable: bool = False,
+    ):
+        self._stream = stream
+        self._force_readable = force_readable
+        self._force_writable = force_writable
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._stream, name)
+
+    def read1(self, size: int) -> bytes:
+        f = getattr(self._stream, "read1", None)
+
+        if f is not None:
+            return t.cast(bytes, f(size))
+
+        return self._stream.read(size)
+
+    def readable(self) -> bool:
+        if self._force_readable:
+            return True
+        x = getattr(self._stream, "readable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.read(0)
+        except Exception:
+            return False
+        return True
+
+    def writable(self) -> bool:
+        if self._force_writable:
+            return True
+        x = getattr(self._stream, "writable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.write("")  # type: ignore
+        except Exception:
+            try:
+                self._stream.write(b"")
+            except Exception:
+                return False
+        return True
+
+    def seekable(self) -> bool:
+        x = getattr(self._stream, "seekable", None)
+        if x is not None:
+            return t.cast(bool, x())
+        try:
+            self._stream.seek(self._stream.tell())
+        except Exception:
+            return False
+        return True
+
+
+def _is_binary_reader(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        return isinstance(stream.read(0), bytes)
+    except Exception:
+        return default
+        # This happens in some cases where the stream was already
+        # closed.  In this case, we assume the default.
+
+
+def _is_binary_writer(stream: t.IO[t.Any], default: bool = False) -> bool:
+    try:
+        stream.write(b"")
+    except Exception:
+        try:
+            stream.write("")
+            return False
+        except Exception:
+            pass
+        return default
+    return True
+
+
+def _find_binary_reader(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_reader(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_reader(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _find_binary_writer(stream: t.IO[t.Any]) -> t.Optional[t.BinaryIO]:
+    # We need to figure out if the given stream is already binary.
+    # This can happen because the official docs recommend detaching
+    # the streams to get binary streams.  Some code might do this, so
+    # we need to deal with this case explicitly.
+    if _is_binary_writer(stream, False):
+        return t.cast(t.BinaryIO, stream)
+
+    buf = getattr(stream, "buffer", None)
+
+    # Same situation here; this time we assume that the buffer is
+    # actually binary in case it's closed.
+    if buf is not None and _is_binary_writer(buf, True):
+        return t.cast(t.BinaryIO, buf)
+
+    return None
+
+
+def _stream_is_misconfigured(stream: t.TextIO) -> bool:
+    """A stream is misconfigured if its encoding is ASCII."""
+    # If the stream does not have an encoding set, we assume it's set
+    # to ASCII.  This appears to happen in certain unittest
+    # environments.  It's not quite clear what the correct behavior is
+    # but this at least will force Click to recover somehow.
+    return is_ascii_encoding(getattr(stream, "encoding", None) or "ascii")
+
+
+def _is_compat_stream_attr(stream: t.TextIO, attr: str, value: t.Optional[str]) -> bool:
+    """A stream attribute is compatible if it is equal to the
+    desired value or the desired value is unset and the attribute
+    has a value.
+    """
+    stream_value = getattr(stream, attr, None)
+    return stream_value == value or (value is None and stream_value is not None)
+
+
+def _is_compatible_text_stream(
+    stream: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> bool:
+    """Check if a stream's encoding and errors attributes are
+    compatible with the desired values.
+    """
+    return _is_compat_stream_attr(
+        stream, "encoding", encoding
+    ) and _is_compat_stream_attr(stream, "errors", errors)
+
+
+def _force_correct_text_stream(
+    text_stream: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    is_binary: t.Callable[[t.IO[t.Any], bool], bool],
+    find_binary: t.Callable[[t.IO[t.Any]], t.Optional[t.BinaryIO]],
+    force_readable: bool = False,
+    force_writable: bool = False,
+) -> t.TextIO:
+    if is_binary(text_stream, False):
+        binary_reader = t.cast(t.BinaryIO, text_stream)
+    else:
+        text_stream = t.cast(t.TextIO, text_stream)
+        # If the stream looks compatible, and won't default to a
+        # misconfigured ascii encoding, return it as-is.
+        if _is_compatible_text_stream(text_stream, encoding, errors) and not (
+            encoding is None and _stream_is_misconfigured(text_stream)
+        ):
+            return text_stream
+
+        # Otherwise, get the underlying binary reader.
+        possible_binary_reader = find_binary(text_stream)
+
+        # If that's not possible, silently use the original reader
+        # and get mojibake instead of exceptions.
+        if possible_binary_reader is None:
+            return text_stream
+
+        binary_reader = possible_binary_reader
+
+    # Default errors to replace instead of strict in order to get
+    # something that works.
+    if errors is None:
+        errors = "replace"
+
+    # Wrap the binary stream in a text stream with the correct
+    # encoding parameters.
+    return _make_text_stream(
+        binary_reader,
+        encoding,
+        errors,
+        force_readable=force_readable,
+        force_writable=force_writable,
+    )
+
+
+def _force_correct_text_reader(
+    text_reader: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_readable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_reader,
+        encoding,
+        errors,
+        _is_binary_reader,
+        _find_binary_reader,
+        force_readable=force_readable,
+    )
+
+
+def _force_correct_text_writer(
+    text_writer: t.IO[t.Any],
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+    force_writable: bool = False,
+) -> t.TextIO:
+    return _force_correct_text_stream(
+        text_writer,
+        encoding,
+        errors,
+        _is_binary_writer,
+        _find_binary_writer,
+        force_writable=force_writable,
+    )
+
+
+def get_binary_stdin() -> t.BinaryIO:
+    reader = _find_binary_reader(sys.stdin)
+    if reader is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdin.")
+    return reader
+
+
+def get_binary_stdout() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stdout)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stdout.")
+    return writer
+
+
+def get_binary_stderr() -> t.BinaryIO:
+    writer = _find_binary_writer(sys.stderr)
+    if writer is None:
+        raise RuntimeError("Was not able to determine binary stream for sys.stderr.")
+    return writer
+
+
+def get_text_stdin(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdin, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_reader(sys.stdin, encoding, errors, force_readable=True)
+
+
+def get_text_stdout(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stdout, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stdout, encoding, errors, force_writable=True)
+
+
+def get_text_stderr(
+    encoding: t.Optional[str] = None, errors: t.Optional[str] = None
+) -> t.TextIO:
+    rv = _get_windows_console_stream(sys.stderr, encoding, errors)
+    if rv is not None:
+        return rv
+    return _force_correct_text_writer(sys.stderr, encoding, errors, force_writable=True)
+
+
+def _wrap_io_open(
+    file: t.Union[str, "os.PathLike[str]", int],
+    mode: str,
+    encoding: t.Optional[str],
+    errors: t.Optional[str],
+) -> t.IO[t.Any]:
+    """Handles not passing ``encoding`` and ``errors`` in binary mode."""
+    if "b" in mode:
+        return open(file, mode)
+
+    return open(file, mode, encoding=encoding, errors=errors)
+
+
+def open_stream(
+    filename: "t.Union[str, os.PathLike[str]]",
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    atomic: bool = False,
+) -> t.Tuple[t.IO[t.Any], bool]:
+    binary = "b" in mode
+    filename = os.fspath(filename)
+
+    # Standard streams first. These are simple because they ignore the
+    # atomic flag. Use fsdecode to handle Path("-").
+    if os.fsdecode(filename) == "-":
+        if any(m in mode for m in ["w", "a", "x"]):
+            if binary:
+                return get_binary_stdout(), False
+            return get_text_stdout(encoding=encoding, errors=errors), False
+        if binary:
+            return get_binary_stdin(), False
+        return get_text_stdin(encoding=encoding, errors=errors), False
+
+    # Non-atomic writes directly go out through the regular open functions.
+    if not atomic:
+        return _wrap_io_open(filename, mode, encoding, errors), True
+
+    # Some usability stuff for atomic writes
+    if "a" in mode:
+        raise ValueError(
+            "Appending to an existing file is not supported, because that"
+            " would involve an expensive `copy`-operation to a temporary"
+            " file. Open the file in normal `w`-mode and copy explicitly"
+            " if that's what you're after."
+        )
+    if "x" in mode:
+        raise ValueError("Use the `overwrite`-parameter instead.")
+    if "w" not in mode:
+        raise ValueError("Atomic writes only make sense with `w`-mode.")
+
+    # Atomic writes are more complicated.  They work by opening a file
+    # as a proxy in the same folder and then using the fdopen
+    # functionality to wrap it in a Python file.  Then we wrap it in an
+    # atomic file that moves the file over on close.
+    import errno
+    import random
+
+    try:
+        perm: t.Optional[int] = os.stat(filename).st_mode
+    except OSError:
+        perm = None
+
+    flags = os.O_RDWR | os.O_CREAT | os.O_EXCL
+
+    if binary:
+        flags |= getattr(os, "O_BINARY", 0)
+
+    while True:
+        tmp_filename = os.path.join(
+            os.path.dirname(filename),
+            f".__atomic-write{random.randrange(1 << 32):08x}",
+        )
+        try:
+            fd = os.open(tmp_filename, flags, 0o666 if perm is None else perm)
+            break
+        except OSError as e:
+            if e.errno == errno.EEXIST or (
+                os.name == "nt"
+                and e.errno == errno.EACCES
+                and os.path.isdir(e.filename)
+                and os.access(e.filename, os.W_OK)
+            ):
+                continue
+            raise
+
+    if perm is not None:
+        os.chmod(tmp_filename, perm)  # in case perm includes bits in umask
+
+    f = _wrap_io_open(fd, mode, encoding, errors)
+    af = _AtomicFile(f, tmp_filename, os.path.realpath(filename))
+    return t.cast(t.IO[t.Any], af), True
+
+
+class _AtomicFile:
+    def __init__(self, f: t.IO[t.Any], tmp_filename: str, real_filename: str) -> None:
+        self._f = f
+        self._tmp_filename = tmp_filename
+        self._real_filename = real_filename
+        self.closed = False
+
+    @property
+    def name(self) -> str:
+        return self._real_filename
+
+    def close(self, delete: bool = False) -> None:
+        if self.closed:
+            return
+        self._f.close()
+        os.replace(self._tmp_filename, self._real_filename)
+        self.closed = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._f, name)
+
+    def __enter__(self) -> "_AtomicFile":
+        return self
+
+    def __exit__(self, exc_type: t.Optional[t.Type[BaseException]], *_: t.Any) -> None:
+        self.close(delete=exc_type is not None)
+
+    def __repr__(self) -> str:
+        return repr(self._f)
+
+
+def strip_ansi(value: str) -> str:
+    return _ansi_re.sub("", value)
+
+
+def _is_jupyter_kernel_output(stream: t.IO[t.Any]) -> bool:
+    while isinstance(stream, (_FixupStream, _NonClosingTextIOWrapper)):
+        stream = stream._stream
+
+    return stream.__class__.__module__.startswith("ipykernel.")
+
+
+def should_strip_ansi(
+    stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+) -> bool:
+    if color is None:
+        if stream is None:
+            stream = sys.stdin
+        return not isatty(stream) and not _is_jupyter_kernel_output(stream)
+    return not color
+
+
+# On Windows, wrap the output streams with colorama to support ANSI
+# color codes.
+# NOTE: double check is needed so mypy does not analyze this on Linux
+if sys.platform.startswith("win") and WIN:
+    from ._winconsole import _get_windows_console_stream
+
+    def _get_argv_encoding() -> str:
+        import locale
+
+        return locale.getpreferredencoding()
+
+    _ansi_stream_wrappers: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def auto_wrap_for_ansi(  # noqa: F811
+        stream: t.TextIO, color: t.Optional[bool] = None
+    ) -> t.TextIO:
+        """Support ANSI color and style codes on Windows by wrapping a
+        stream with colorama.
+        """
+        try:
+            cached = _ansi_stream_wrappers.get(stream)
+        except Exception:
+            cached = None
+
+        if cached is not None:
+            return cached
+
+        import colorama
+
+        strip = should_strip_ansi(stream, color)
+        ansi_wrapper = colorama.AnsiToWin32(stream, strip=strip)
+        rv = t.cast(t.TextIO, ansi_wrapper.stream)
+        _write = rv.write
+
+        def _safe_write(s):
+            try:
+                return _write(s)
+            except BaseException:
+                ansi_wrapper.reset_all()
+                raise
+
+        rv.write = _safe_write
+
+        try:
+            _ansi_stream_wrappers[stream] = rv
+        except Exception:
+            pass
+
+        return rv
+
+else:
+
+    def _get_argv_encoding() -> str:
+        return getattr(sys.stdin, "encoding", None) or sys.getfilesystemencoding()
+
+    def _get_windows_console_stream(
+        f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+    ) -> t.Optional[t.TextIO]:
+        return None
+
+
+def term_len(x: str) -> int:
+    return len(strip_ansi(x))
+
+
+def isatty(stream: t.IO[t.Any]) -> bool:
+    try:
+        return stream.isatty()
+    except Exception:
+        return False
+
+
+def _make_cached_stream_func(
+    src_func: t.Callable[[], t.Optional[t.TextIO]],
+    wrapper_func: t.Callable[[], t.TextIO],
+) -> t.Callable[[], t.Optional[t.TextIO]]:
+    cache: t.MutableMapping[t.TextIO, t.TextIO] = WeakKeyDictionary()
+
+    def func() -> t.Optional[t.TextIO]:
+        stream = src_func()
+
+        if stream is None:
+            return None
+
+        try:
+            rv = cache.get(stream)
+        except Exception:
+            rv = None
+        if rv is not None:
+            return rv
+        rv = wrapper_func()
+        try:
+            cache[stream] = rv
+        except Exception:
+            pass
+        return rv
+
+    return func
+
+
+_default_text_stdin = _make_cached_stream_func(lambda: sys.stdin, get_text_stdin)
+_default_text_stdout = _make_cached_stream_func(lambda: sys.stdout, get_text_stdout)
+_default_text_stderr = _make_cached_stream_func(lambda: sys.stderr, get_text_stderr)
+
+
+binary_streams: t.Mapping[str, t.Callable[[], t.BinaryIO]] = {
+    "stdin": get_binary_stdin,
+    "stdout": get_binary_stdout,
+    "stderr": get_binary_stderr,
+}
+
+text_streams: t.Mapping[
+    str, t.Callable[[t.Optional[str], t.Optional[str]], t.TextIO]
+] = {
+    "stdin": get_text_stdin,
+    "stdout": get_text_stdout,
+    "stderr": get_text_stderr,
+}
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/_termui_impl.py b/lib/go-jinja2/internal/data/windows-amd64/click/_termui_impl.py
new file mode 100644
index 000000000..f74465775
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/_termui_impl.py
@@ -0,0 +1,739 @@
+"""
+This module contains implementations for the termui module. To keep the
+import time of Click down, some infrequently used functionality is
+placed in this module and only imported as needed.
+"""
+import contextlib
+import math
+import os
+import sys
+import time
+import typing as t
+from gettext import gettext as _
+from io import StringIO
+from types import TracebackType
+
+from ._compat import _default_text_stdout
+from ._compat import CYGWIN
+from ._compat import get_best_encoding
+from ._compat import isatty
+from ._compat import open_stream
+from ._compat import strip_ansi
+from ._compat import term_len
+from ._compat import WIN
+from .exceptions import ClickException
+from .utils import echo
+
+V = t.TypeVar("V")
+
+if os.name == "nt":
+    BEFORE_BAR = "\r"
+    AFTER_BAR = "\n"
+else:
+    BEFORE_BAR = "\r\033[?25l"
+    AFTER_BAR = "\033[?25h\n"
+
+
+class ProgressBar(t.Generic[V]):
+    def __init__(
+        self,
+        iterable: t.Optional[t.Iterable[V]],
+        length: t.Optional[int] = None,
+        fill_char: str = "#",
+        empty_char: str = " ",
+        bar_template: str = "%(bar)s",
+        info_sep: str = "  ",
+        show_eta: bool = True,
+        show_percent: t.Optional[bool] = None,
+        show_pos: bool = False,
+        item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+        label: t.Optional[str] = None,
+        file: t.Optional[t.TextIO] = None,
+        color: t.Optional[bool] = None,
+        update_min_steps: int = 1,
+        width: int = 30,
+    ) -> None:
+        self.fill_char = fill_char
+        self.empty_char = empty_char
+        self.bar_template = bar_template
+        self.info_sep = info_sep
+        self.show_eta = show_eta
+        self.show_percent = show_percent
+        self.show_pos = show_pos
+        self.item_show_func = item_show_func
+        self.label: str = label or ""
+
+        if file is None:
+            file = _default_text_stdout()
+
+            # There are no standard streams attached to write to. For example,
+            # pythonw on Windows.
+            if file is None:
+                file = StringIO()
+
+        self.file = file
+        self.color = color
+        self.update_min_steps = update_min_steps
+        self._completed_intervals = 0
+        self.width: int = width
+        self.autowidth: bool = width == 0
+
+        if length is None:
+            from operator import length_hint
+
+            length = length_hint(iterable, -1)
+
+            if length == -1:
+                length = None
+        if iterable is None:
+            if length is None:
+                raise TypeError("iterable or length is required")
+            iterable = t.cast(t.Iterable[V], range(length))
+        self.iter: t.Iterable[V] = iter(iterable)
+        self.length = length
+        self.pos = 0
+        self.avg: t.List[float] = []
+        self.last_eta: float
+        self.start: float
+        self.start = self.last_eta = time.time()
+        self.eta_known: bool = False
+        self.finished: bool = False
+        self.max_width: t.Optional[int] = None
+        self.entered: bool = False
+        self.current_item: t.Optional[V] = None
+        self.is_hidden: bool = not isatty(self.file)
+        self._last_line: t.Optional[str] = None
+
+    def __enter__(self) -> "ProgressBar[V]":
+        self.entered = True
+        self.render_progress()
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.render_finish()
+
+    def __iter__(self) -> t.Iterator[V]:
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+        self.render_progress()
+        return self.generator()
+
+    def __next__(self) -> V:
+        # Iteration is defined in terms of a generator function,
+        # returned by iter(self); use that to define next(). This works
+        # because `self.iter` is an iterable consumed by that generator,
+        # so it is re-entry safe. Calling `next(self.generator())`
+        # twice works and does "what you want".
+        return next(iter(self))
+
+    def render_finish(self) -> None:
+        if self.is_hidden:
+            return
+        self.file.write(AFTER_BAR)
+        self.file.flush()
+
+    @property
+    def pct(self) -> float:
+        if self.finished:
+            return 1.0
+        return min(self.pos / (float(self.length or 1) or 1), 1.0)
+
+    @property
+    def time_per_iteration(self) -> float:
+        if not self.avg:
+            return 0.0
+        return sum(self.avg) / float(len(self.avg))
+
+    @property
+    def eta(self) -> float:
+        if self.length is not None and not self.finished:
+            return self.time_per_iteration * (self.length - self.pos)
+        return 0.0
+
+    def format_eta(self) -> str:
+        if self.eta_known:
+            t = int(self.eta)
+            seconds = t % 60
+            t //= 60
+            minutes = t % 60
+            t //= 60
+            hours = t % 24
+            t //= 24
+            if t > 0:
+                return f"{t}d {hours:02}:{minutes:02}:{seconds:02}"
+            else:
+                return f"{hours:02}:{minutes:02}:{seconds:02}"
+        return ""
+
+    def format_pos(self) -> str:
+        pos = str(self.pos)
+        if self.length is not None:
+            pos += f"/{self.length}"
+        return pos
+
+    def format_pct(self) -> str:
+        return f"{int(self.pct * 100): 4}%"[1:]
+
+    def format_bar(self) -> str:
+        if self.length is not None:
+            bar_length = int(self.pct * self.width)
+            bar = self.fill_char * bar_length
+            bar += self.empty_char * (self.width - bar_length)
+        elif self.finished:
+            bar = self.fill_char * self.width
+        else:
+            chars = list(self.empty_char * (self.width or 1))
+            if self.time_per_iteration != 0:
+                chars[
+                    int(
+                        (math.cos(self.pos * self.time_per_iteration) / 2.0 + 0.5)
+                        * self.width
+                    )
+                ] = self.fill_char
+            bar = "".join(chars)
+        return bar
+
+    def format_progress_line(self) -> str:
+        show_percent = self.show_percent
+
+        info_bits = []
+        if self.length is not None and show_percent is None:
+            show_percent = not self.show_pos
+
+        if self.show_pos:
+            info_bits.append(self.format_pos())
+        if show_percent:
+            info_bits.append(self.format_pct())
+        if self.show_eta and self.eta_known and not self.finished:
+            info_bits.append(self.format_eta())
+        if self.item_show_func is not None:
+            item_info = self.item_show_func(self.current_item)
+            if item_info is not None:
+                info_bits.append(item_info)
+
+        return (
+            self.bar_template
+            % {
+                "label": self.label,
+                "bar": self.format_bar(),
+                "info": self.info_sep.join(info_bits),
+            }
+        ).rstrip()
+
+    def render_progress(self) -> None:
+        import shutil
+
+        if self.is_hidden:
+            # Only output the label as it changes if the output is not a
+            # TTY. Use file=stderr if you expect to be piping stdout.
+            if self._last_line != self.label:
+                self._last_line = self.label
+                echo(self.label, file=self.file, color=self.color)
+
+            return
+
+        buf = []
+        # Update width in case the terminal has been resized
+        if self.autowidth:
+            old_width = self.width
+            self.width = 0
+            clutter_length = term_len(self.format_progress_line())
+            new_width = max(0, shutil.get_terminal_size().columns - clutter_length)
+            if new_width < old_width:
+                buf.append(BEFORE_BAR)
+                buf.append(" " * self.max_width)  # type: ignore
+                self.max_width = new_width
+            self.width = new_width
+
+        clear_width = self.width
+        if self.max_width is not None:
+            clear_width = self.max_width
+
+        buf.append(BEFORE_BAR)
+        line = self.format_progress_line()
+        line_len = term_len(line)
+        if self.max_width is None or self.max_width < line_len:
+            self.max_width = line_len
+
+        buf.append(line)
+        buf.append(" " * (clear_width - line_len))
+        line = "".join(buf)
+        # Render the line only if it changed.
+
+        if line != self._last_line:
+            self._last_line = line
+            echo(line, file=self.file, color=self.color, nl=False)
+            self.file.flush()
+
+    def make_step(self, n_steps: int) -> None:
+        self.pos += n_steps
+        if self.length is not None and self.pos >= self.length:
+            self.finished = True
+
+        if (time.time() - self.last_eta) < 1.0:
+            return
+
+        self.last_eta = time.time()
+
+        # self.avg is a rolling list of length <= 7 of steps where steps are
+        # defined as time elapsed divided by the total progress through
+        # self.length.
+        if self.pos:
+            step = (time.time() - self.start) / self.pos
+        else:
+            step = time.time() - self.start
+
+        self.avg = self.avg[-6:] + [step]
+
+        self.eta_known = self.length is not None
+
+    def update(self, n_steps: int, current_item: t.Optional[V] = None) -> None:
+        """Update the progress bar by advancing a specified number of
+        steps, and optionally set the ``current_item`` for this new
+        position.
+
+        :param n_steps: Number of steps to advance.
+        :param current_item: Optional item to set as ``current_item``
+            for the updated position.
+
+        .. versionchanged:: 8.0
+            Added the ``current_item`` optional parameter.
+
+        .. versionchanged:: 8.0
+            Only render when the number of steps meets the
+            ``update_min_steps`` threshold.
+        """
+        if current_item is not None:
+            self.current_item = current_item
+
+        self._completed_intervals += n_steps
+
+        if self._completed_intervals >= self.update_min_steps:
+            self.make_step(self._completed_intervals)
+            self.render_progress()
+            self._completed_intervals = 0
+
+    def finish(self) -> None:
+        self.eta_known = False
+        self.current_item = None
+        self.finished = True
+
+    def generator(self) -> t.Iterator[V]:
+        """Return a generator which yields the items added to the bar
+        during construction, and updates the progress bar *after* the
+        yielded block returns.
+        """
+        # WARNING: the iterator interface for `ProgressBar` relies on
+        # this and only works because this is a simple generator which
+        # doesn't create or manage additional state. If this function
+        # changes, the impact should be evaluated both against
+        # `iter(bar)` and `next(bar)`. `next()` in particular may call
+        # `self.generator()` repeatedly, and this must remain safe in
+        # order for that interface to work.
+        if not self.entered:
+            raise RuntimeError("You need to use progress bars in a with block.")
+
+        if self.is_hidden:
+            yield from self.iter
+        else:
+            for rv in self.iter:
+                self.current_item = rv
+
+                # This allows show_item_func to be updated before the
+                # item is processed. Only trigger at the beginning of
+                # the update interval.
+                if self._completed_intervals == 0:
+                    self.render_progress()
+
+                yield rv
+                self.update(1)
+
+            self.finish()
+            self.render_progress()
+
+
+def pager(generator: t.Iterable[str], color: t.Optional[bool] = None) -> None:
+    """Decide what method to use for paging through text."""
+    stdout = _default_text_stdout()
+
+    # There are no standard streams attached to write to. For example,
+    # pythonw on Windows.
+    if stdout is None:
+        stdout = StringIO()
+
+    if not isatty(sys.stdin) or not isatty(stdout):
+        return _nullpager(stdout, generator, color)
+    pager_cmd = (os.environ.get("PAGER", None) or "").strip()
+    if pager_cmd:
+        if WIN:
+            return _tempfilepager(generator, pager_cmd, color)
+        return _pipepager(generator, pager_cmd, color)
+    if os.environ.get("TERM") in ("dumb", "emacs"):
+        return _nullpager(stdout, generator, color)
+    if WIN or sys.platform.startswith("os2"):
+        return _tempfilepager(generator, "more <", color)
+    if hasattr(os, "system") and os.system("(less) 2>/dev/null") == 0:
+        return _pipepager(generator, "less", color)
+
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    os.close(fd)
+    try:
+        if hasattr(os, "system") and os.system(f'more "{filename}"') == 0:
+            return _pipepager(generator, "more", color)
+        return _nullpager(stdout, generator, color)
+    finally:
+        os.unlink(filename)
+
+
+def _pipepager(generator: t.Iterable[str], cmd: str, color: t.Optional[bool]) -> None:
+    """Page through text by feeding it to another program.  Invoking a
+    pager through this might support colors.
+    """
+    import subprocess
+
+    env = dict(os.environ)
+
+    # If we're piping to less we might support colors under the
+    # condition that
+    cmd_detail = cmd.rsplit("/", 1)[-1].split()
+    if color is None and cmd_detail[0] == "less":
+        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_detail[1:])}"
+        if not less_flags:
+            env["LESS"] = "-R"
+            color = True
+        elif "r" in less_flags or "R" in less_flags:
+            color = True
+
+    c = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, env=env)
+    stdin = t.cast(t.BinaryIO, c.stdin)
+    encoding = get_best_encoding(stdin)
+    try:
+        for text in generator:
+            if not color:
+                text = strip_ansi(text)
+
+            stdin.write(text.encode(encoding, "replace"))
+    except (OSError, KeyboardInterrupt):
+        pass
+    else:
+        stdin.close()
+
+    # Less doesn't respect ^C, but catches it for its own UI purposes (aborting
+    # search or other commands inside less).
+    #
+    # That means when the user hits ^C, the parent process (click) terminates,
+    # but less is still alive, paging the output and messing up the terminal.
+    #
+    # If the user wants to make the pager exit on ^C, they should set
+    # `LESS='-K'`. It's not our decision to make.
+    while True:
+        try:
+            c.wait()
+        except KeyboardInterrupt:
+            pass
+        else:
+            break
+
+
+def _tempfilepager(
+    generator: t.Iterable[str], cmd: str, color: t.Optional[bool]
+) -> None:
+    """Page through text by invoking a program on a temporary file."""
+    import tempfile
+
+    fd, filename = tempfile.mkstemp()
+    # TODO: This never terminates if the passed generator never terminates.
+    text = "".join(generator)
+    if not color:
+        text = strip_ansi(text)
+    encoding = get_best_encoding(sys.stdout)
+    with open_stream(filename, "wb")[0] as f:
+        f.write(text.encode(encoding))
+    try:
+        os.system(f'{cmd} "{filename}"')
+    finally:
+        os.close(fd)
+        os.unlink(filename)
+
+
+def _nullpager(
+    stream: t.TextIO, generator: t.Iterable[str], color: t.Optional[bool]
+) -> None:
+    """Simply print unformatted text.  This is the ultimate fallback."""
+    for text in generator:
+        if not color:
+            text = strip_ansi(text)
+        stream.write(text)
+
+
+class Editor:
+    def __init__(
+        self,
+        editor: t.Optional[str] = None,
+        env: t.Optional[t.Mapping[str, str]] = None,
+        require_save: bool = True,
+        extension: str = ".txt",
+    ) -> None:
+        self.editor = editor
+        self.env = env
+        self.require_save = require_save
+        self.extension = extension
+
+    def get_editor(self) -> str:
+        if self.editor is not None:
+            return self.editor
+        for key in "VISUAL", "EDITOR":
+            rv = os.environ.get(key)
+            if rv:
+                return rv
+        if WIN:
+            return "notepad"
+        for editor in "sensible-editor", "vim", "nano":
+            if os.system(f"which {editor} >/dev/null 2>&1") == 0:
+                return editor
+        return "vi"
+
+    def edit_file(self, filename: str) -> None:
+        import subprocess
+
+        editor = self.get_editor()
+        environ: t.Optional[t.Dict[str, str]] = None
+
+        if self.env:
+            environ = os.environ.copy()
+            environ.update(self.env)
+
+        try:
+            c = subprocess.Popen(f'{editor} "{filename}"', env=environ, shell=True)
+            exit_code = c.wait()
+            if exit_code != 0:
+                raise ClickException(
+                    _("{editor}: Editing failed").format(editor=editor)
+                )
+        except OSError as e:
+            raise ClickException(
+                _("{editor}: Editing failed: {e}").format(editor=editor, e=e)
+            ) from e
+
+    def edit(self, text: t.Optional[t.AnyStr]) -> t.Optional[t.AnyStr]:
+        import tempfile
+
+        if not text:
+            data = b""
+        elif isinstance(text, (bytes, bytearray)):
+            data = text
+        else:
+            if text and not text.endswith("\n"):
+                text += "\n"
+
+            if WIN:
+                data = text.replace("\n", "\r\n").encode("utf-8-sig")
+            else:
+                data = text.encode("utf-8")
+
+        fd, name = tempfile.mkstemp(prefix="editor-", suffix=self.extension)
+        f: t.BinaryIO
+
+        try:
+            with os.fdopen(fd, "wb") as f:
+                f.write(data)
+
+            # If the filesystem resolution is 1 second, like Mac OS
+            # 10.12 Extended, or 2 seconds, like FAT32, and the editor
+            # closes very fast, require_save can fail. Set the modified
+            # time to be 2 seconds in the past to work around this.
+            os.utime(name, (os.path.getatime(name), os.path.getmtime(name) - 2))
+            # Depending on the resolution, the exact value might not be
+            # recorded, so get the new recorded value.
+            timestamp = os.path.getmtime(name)
+
+            self.edit_file(name)
+
+            if self.require_save and os.path.getmtime(name) == timestamp:
+                return None
+
+            with open(name, "rb") as f:
+                rv = f.read()
+
+            if isinstance(text, (bytes, bytearray)):
+                return rv
+
+            return rv.decode("utf-8-sig").replace("\r\n", "\n")  # type: ignore
+        finally:
+            os.unlink(name)
+
+
+def open_url(url: str, wait: bool = False, locate: bool = False) -> int:
+    import subprocess
+
+    def _unquote_file(url: str) -> str:
+        from urllib.parse import unquote
+
+        if url.startswith("file://"):
+            url = unquote(url[7:])
+
+        return url
+
+    if sys.platform == "darwin":
+        args = ["open"]
+        if wait:
+            args.append("-W")
+        if locate:
+            args.append("-R")
+        args.append(_unquote_file(url))
+        null = open("/dev/null", "w")
+        try:
+            return subprocess.Popen(args, stderr=null).wait()
+        finally:
+            null.close()
+    elif WIN:
+        if locate:
+            url = _unquote_file(url.replace('"', ""))
+            args = f'explorer /select,"{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "/WAIT" if wait else ""
+            args = f'start {wait_str} "" "{url}"'
+        return os.system(args)
+    elif CYGWIN:
+        if locate:
+            url = os.path.dirname(_unquote_file(url).replace('"', ""))
+            args = f'cygstart "{url}"'
+        else:
+            url = url.replace('"', "")
+            wait_str = "-w" if wait else ""
+            args = f'cygstart {wait_str} "{url}"'
+        return os.system(args)
+
+    try:
+        if locate:
+            url = os.path.dirname(_unquote_file(url)) or "."
+        else:
+            url = _unquote_file(url)
+        c = subprocess.Popen(["xdg-open", url])
+        if wait:
+            return c.wait()
+        return 0
+    except OSError:
+        if url.startswith(("http://", "https://")) and not locate and not wait:
+            import webbrowser
+
+            webbrowser.open(url)
+            return 0
+        return 1
+
+
+def _translate_ch_to_exc(ch: str) -> t.Optional[BaseException]:
+    if ch == "\x03":
+        raise KeyboardInterrupt()
+
+    if ch == "\x04" and not WIN:  # Unix-like, Ctrl+D
+        raise EOFError()
+
+    if ch == "\x1a" and WIN:  # Windows, Ctrl+Z
+        raise EOFError()
+
+    return None
+
+
+if WIN:
+    import msvcrt
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        yield -1
+
+    def getchar(echo: bool) -> str:
+        # The function `getch` will return a bytes object corresponding to
+        # the pressed character. Since Windows 10 build 1803, it will also
+        # return \x00 when called a second time after pressing a regular key.
+        #
+        # `getwch` does not share this probably-bugged behavior. Moreover, it
+        # returns a Unicode object by default, which is what we want.
+        #
+        # Either of these functions will return \x00 or \xe0 to indicate
+        # a special key, and you need to call the same function again to get
+        # the "rest" of the code. The fun part is that \u00e0 is
+        # "latin small letter a with grave", so if you type that on a French
+        # keyboard, you _also_ get a \xe0.
+        # E.g., consider the Up arrow. This returns \xe0 and then \x48. The
+        # resulting Unicode string reads as "a with grave" + "capital H".
+        # This is indistinguishable from when the user actually types
+        # "a with grave" and then "capital H".
+        #
+        # When \xe0 is returned, we assume it's part of a special-key sequence
+        # and call `getwch` again, but that means that when the user types
+        # the \u00e0 character, `getchar` doesn't return until a second
+        # character is typed.
+        # The alternative is returning immediately, but that would mess up
+        # cross-platform handling of arrow keys and others that start with
+        # \xe0. Another option is using `getch`, but then we can't reliably
+        # read non-ASCII characters, because return values of `getch` are
+        # limited to the current 8-bit codepage.
+        #
+        # Anyway, Click doesn't claim to do this Right(tm), and using `getwch`
+        # is doing the right thing in more situations than with `getch`.
+        func: t.Callable[[], str]
+
+        if echo:
+            func = msvcrt.getwche  # type: ignore
+        else:
+            func = msvcrt.getwch  # type: ignore
+
+        rv = func()
+
+        if rv in ("\x00", "\xe0"):
+            # \x00 and \xe0 are control characters that indicate special key,
+            # see above.
+            rv += func()
+
+        _translate_ch_to_exc(rv)
+        return rv
+
+else:
+    import tty
+    import termios
+
+    @contextlib.contextmanager
+    def raw_terminal() -> t.Iterator[int]:
+        f: t.Optional[t.TextIO]
+        fd: int
+
+        if not isatty(sys.stdin):
+            f = open("/dev/tty")
+            fd = f.fileno()
+        else:
+            fd = sys.stdin.fileno()
+            f = None
+
+        try:
+            old_settings = termios.tcgetattr(fd)
+
+            try:
+                tty.setraw(fd)
+                yield fd
+            finally:
+                termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                sys.stdout.flush()
+
+                if f is not None:
+                    f.close()
+        except termios.error:
+            pass
+
+    def getchar(echo: bool) -> str:
+        with raw_terminal() as fd:
+            ch = os.read(fd, 32).decode(get_best_encoding(sys.stdin), "replace")
+
+            if echo and isatty(sys.stdout):
+                sys.stdout.write(ch)
+
+            _translate_ch_to_exc(ch)
+            return ch
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/_textwrap.py b/lib/go-jinja2/internal/data/windows-amd64/click/_textwrap.py
new file mode 100644
index 000000000..b47dcbd42
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/_textwrap.py
@@ -0,0 +1,49 @@
+import textwrap
+import typing as t
+from contextlib import contextmanager
+
+
+class TextWrapper(textwrap.TextWrapper):
+    def _handle_long_word(
+        self,
+        reversed_chunks: t.List[str],
+        cur_line: t.List[str],
+        cur_len: int,
+        width: int,
+    ) -> None:
+        space_left = max(width - cur_len, 1)
+
+        if self.break_long_words:
+            last = reversed_chunks[-1]
+            cut = last[:space_left]
+            res = last[space_left:]
+            cur_line.append(cut)
+            reversed_chunks[-1] = res
+        elif not cur_line:
+            cur_line.append(reversed_chunks.pop())
+
+    @contextmanager
+    def extra_indent(self, indent: str) -> t.Iterator[None]:
+        old_initial_indent = self.initial_indent
+        old_subsequent_indent = self.subsequent_indent
+        self.initial_indent += indent
+        self.subsequent_indent += indent
+
+        try:
+            yield
+        finally:
+            self.initial_indent = old_initial_indent
+            self.subsequent_indent = old_subsequent_indent
+
+    def indent_only(self, text: str) -> str:
+        rv = []
+
+        for idx, line in enumerate(text.splitlines()):
+            indent = self.initial_indent
+
+            if idx > 0:
+                indent = self.subsequent_indent
+
+            rv.append(f"{indent}{line}")
+
+        return "\n".join(rv)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/_winconsole.py b/lib/go-jinja2/internal/data/windows-amd64/click/_winconsole.py
new file mode 100644
index 000000000..6b20df315
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/_winconsole.py
@@ -0,0 +1,279 @@
+# This module is based on the excellent work by Adam Bartoš who
+# provided a lot of what went into the implementation here in
+# the discussion to issue1602 in the Python bug tracker.
+#
+# There are some general differences in regards to how this works
+# compared to the original patches as we do not need to patch
+# the entire interpreter but just work in our little world of
+# echo and prompt.
+import io
+import sys
+import time
+import typing as t
+from ctypes import byref
+from ctypes import c_char
+from ctypes import c_char_p
+from ctypes import c_int
+from ctypes import c_ssize_t
+from ctypes import c_ulong
+from ctypes import c_void_p
+from ctypes import POINTER
+from ctypes import py_object
+from ctypes import Structure
+from ctypes.wintypes import DWORD
+from ctypes.wintypes import HANDLE
+from ctypes.wintypes import LPCWSTR
+from ctypes.wintypes import LPWSTR
+
+from ._compat import _NonClosingTextIOWrapper
+
+assert sys.platform == "win32"
+import msvcrt  # noqa: E402
+from ctypes import windll  # noqa: E402
+from ctypes import WINFUNCTYPE  # noqa: E402
+
+c_ssize_p = POINTER(c_ssize_t)
+
+kernel32 = windll.kernel32
+GetStdHandle = kernel32.GetStdHandle
+ReadConsoleW = kernel32.ReadConsoleW
+WriteConsoleW = kernel32.WriteConsoleW
+GetConsoleMode = kernel32.GetConsoleMode
+GetLastError = kernel32.GetLastError
+GetCommandLineW = WINFUNCTYPE(LPWSTR)(("GetCommandLineW", windll.kernel32))
+CommandLineToArgvW = WINFUNCTYPE(POINTER(LPWSTR), LPCWSTR, POINTER(c_int))(
+    ("CommandLineToArgvW", windll.shell32)
+)
+LocalFree = WINFUNCTYPE(c_void_p, c_void_p)(("LocalFree", windll.kernel32))
+
+STDIN_HANDLE = GetStdHandle(-10)
+STDOUT_HANDLE = GetStdHandle(-11)
+STDERR_HANDLE = GetStdHandle(-12)
+
+PyBUF_SIMPLE = 0
+PyBUF_WRITABLE = 1
+
+ERROR_SUCCESS = 0
+ERROR_NOT_ENOUGH_MEMORY = 8
+ERROR_OPERATION_ABORTED = 995
+
+STDIN_FILENO = 0
+STDOUT_FILENO = 1
+STDERR_FILENO = 2
+
+EOF = b"\x1a"
+MAX_BYTES_WRITTEN = 32767
+
+try:
+    from ctypes import pythonapi
+except ImportError:
+    # On PyPy we cannot get buffers so our ability to operate here is
+    # severely limited.
+    get_buffer = None
+else:
+
+    class Py_buffer(Structure):
+        _fields_ = [
+            ("buf", c_void_p),
+            ("obj", py_object),
+            ("len", c_ssize_t),
+            ("itemsize", c_ssize_t),
+            ("readonly", c_int),
+            ("ndim", c_int),
+            ("format", c_char_p),
+            ("shape", c_ssize_p),
+            ("strides", c_ssize_p),
+            ("suboffsets", c_ssize_p),
+            ("internal", c_void_p),
+        ]
+
+    PyObject_GetBuffer = pythonapi.PyObject_GetBuffer
+    PyBuffer_Release = pythonapi.PyBuffer_Release
+
+    def get_buffer(obj, writable=False):
+        buf = Py_buffer()
+        flags = PyBUF_WRITABLE if writable else PyBUF_SIMPLE
+        PyObject_GetBuffer(py_object(obj), byref(buf), flags)
+
+        try:
+            buffer_type = c_char * buf.len
+            return buffer_type.from_address(buf.buf)
+        finally:
+            PyBuffer_Release(byref(buf))
+
+
+class _WindowsConsoleRawIOBase(io.RawIOBase):
+    def __init__(self, handle):
+        self.handle = handle
+
+    def isatty(self):
+        super().isatty()
+        return True
+
+
+class _WindowsConsoleReader(_WindowsConsoleRawIOBase):
+    def readable(self):
+        return True
+
+    def readinto(self, b):
+        bytes_to_be_read = len(b)
+        if not bytes_to_be_read:
+            return 0
+        elif bytes_to_be_read % 2:
+            raise ValueError(
+                "cannot read odd number of bytes from UTF-16-LE encoded console"
+            )
+
+        buffer = get_buffer(b, writable=True)
+        code_units_to_be_read = bytes_to_be_read // 2
+        code_units_read = c_ulong()
+
+        rv = ReadConsoleW(
+            HANDLE(self.handle),
+            buffer,
+            code_units_to_be_read,
+            byref(code_units_read),
+            None,
+        )
+        if GetLastError() == ERROR_OPERATION_ABORTED:
+            # wait for KeyboardInterrupt
+            time.sleep(0.1)
+        if not rv:
+            raise OSError(f"Windows error: {GetLastError()}")
+
+        if buffer[0] == EOF:
+            return 0
+        return 2 * code_units_read.value
+
+
+class _WindowsConsoleWriter(_WindowsConsoleRawIOBase):
+    def writable(self):
+        return True
+
+    @staticmethod
+    def _get_error_message(errno):
+        if errno == ERROR_SUCCESS:
+            return "ERROR_SUCCESS"
+        elif errno == ERROR_NOT_ENOUGH_MEMORY:
+            return "ERROR_NOT_ENOUGH_MEMORY"
+        return f"Windows error {errno}"
+
+    def write(self, b):
+        bytes_to_be_written = len(b)
+        buf = get_buffer(b)
+        code_units_to_be_written = min(bytes_to_be_written, MAX_BYTES_WRITTEN) // 2
+        code_units_written = c_ulong()
+
+        WriteConsoleW(
+            HANDLE(self.handle),
+            buf,
+            code_units_to_be_written,
+            byref(code_units_written),
+            None,
+        )
+        bytes_written = 2 * code_units_written.value
+
+        if bytes_written == 0 and bytes_to_be_written > 0:
+            raise OSError(self._get_error_message(GetLastError()))
+        return bytes_written
+
+
+class ConsoleStream:
+    def __init__(self, text_stream: t.TextIO, byte_stream: t.BinaryIO) -> None:
+        self._text_stream = text_stream
+        self.buffer = byte_stream
+
+    @property
+    def name(self) -> str:
+        return self.buffer.name
+
+    def write(self, x: t.AnyStr) -> int:
+        if isinstance(x, str):
+            return self._text_stream.write(x)
+        try:
+            self.flush()
+        except Exception:
+            pass
+        return self.buffer.write(x)
+
+    def writelines(self, lines: t.Iterable[t.AnyStr]) -> None:
+        for line in lines:
+            self.write(line)
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._text_stream, name)
+
+    def isatty(self) -> bool:
+        return self.buffer.isatty()
+
+    def __repr__(self):
+        return f"<ConsoleStream name={self.name!r} encoding={self.encoding!r}>"
+
+
+def _get_text_stdin(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedReader(_WindowsConsoleReader(STDIN_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stdout(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDOUT_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+def _get_text_stderr(buffer_stream: t.BinaryIO) -> t.TextIO:
+    text_stream = _NonClosingTextIOWrapper(
+        io.BufferedWriter(_WindowsConsoleWriter(STDERR_HANDLE)),
+        "utf-16-le",
+        "strict",
+        line_buffering=True,
+    )
+    return t.cast(t.TextIO, ConsoleStream(text_stream, buffer_stream))
+
+
+_stream_factories: t.Mapping[int, t.Callable[[t.BinaryIO], t.TextIO]] = {
+    0: _get_text_stdin,
+    1: _get_text_stdout,
+    2: _get_text_stderr,
+}
+
+
+def _is_console(f: t.TextIO) -> bool:
+    if not hasattr(f, "fileno"):
+        return False
+
+    try:
+        fileno = f.fileno()
+    except (OSError, io.UnsupportedOperation):
+        return False
+
+    handle = msvcrt.get_osfhandle(fileno)
+    return bool(GetConsoleMode(handle, byref(DWORD())))
+
+
+def _get_windows_console_stream(
+    f: t.TextIO, encoding: t.Optional[str], errors: t.Optional[str]
+) -> t.Optional[t.TextIO]:
+    if (
+        get_buffer is not None
+        and encoding in {"utf-16-le", None}
+        and errors in {"strict", None}
+        and _is_console(f)
+    ):
+        func = _stream_factories.get(f.fileno())
+        if func is not None:
+            b = getattr(f, "buffer", None)
+
+            if b is None:
+                return None
+
+            return func(b)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/core.py b/lib/go-jinja2/internal/data/windows-amd64/click/core.py
new file mode 100644
index 000000000..cc65e896b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/core.py
@@ -0,0 +1,3042 @@
+import enum
+import errno
+import inspect
+import os
+import sys
+import typing as t
+from collections import abc
+from contextlib import contextmanager
+from contextlib import ExitStack
+from functools import update_wrapper
+from gettext import gettext as _
+from gettext import ngettext
+from itertools import repeat
+from types import TracebackType
+
+from . import types
+from .exceptions import Abort
+from .exceptions import BadParameter
+from .exceptions import ClickException
+from .exceptions import Exit
+from .exceptions import MissingParameter
+from .exceptions import UsageError
+from .formatting import HelpFormatter
+from .formatting import join_options
+from .globals import pop_context
+from .globals import push_context
+from .parser import _flag_needs_value
+from .parser import OptionParser
+from .parser import split_opt
+from .termui import confirm
+from .termui import prompt
+from .termui import style
+from .utils import _detect_program_name
+from .utils import _expand_args
+from .utils import echo
+from .utils import make_default_short_help
+from .utils import make_str
+from .utils import PacifyFlushWrapper
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .shell_completion import CompletionItem
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+V = t.TypeVar("V")
+
+
+def _complete_visible_commands(
+    ctx: "Context", incomplete: str
+) -> t.Iterator[t.Tuple[str, "Command"]]:
+    """List all the subcommands of a group that start with the
+    incomplete value and aren't hidden.
+
+    :param ctx: Invocation context for the group.
+    :param incomplete: Value being completed. May be empty.
+    """
+    multi = t.cast(MultiCommand, ctx.command)
+
+    for name in multi.list_commands(ctx):
+        if name.startswith(incomplete):
+            command = multi.get_command(ctx, name)
+
+            if command is not None and not command.hidden:
+                yield name, command
+
+
+def _check_multicommand(
+    base_command: "MultiCommand", cmd_name: str, cmd: "Command", register: bool = False
+) -> None:
+    if not base_command.chain or not isinstance(cmd, MultiCommand):
+        return
+    if register:
+        hint = (
+            "It is not possible to add multi commands as children to"
+            " another multi command that is in chain mode."
+        )
+    else:
+        hint = (
+            "Found a multi command as subcommand to a multi command"
+            " that is in chain mode. This is not supported."
+        )
+    raise RuntimeError(
+        f"{hint}. Command {base_command.name!r} is set to chain and"
+        f" {cmd_name!r} was added as a subcommand but it in itself is a"
+        f" multi command. ({cmd_name!r} is a {type(cmd).__name__}"
+        f" within a chained {type(base_command).__name__} named"
+        f" {base_command.name!r})."
+    )
+
+
+def batch(iterable: t.Iterable[V], batch_size: int) -> t.List[t.Tuple[V, ...]]:
+    return list(zip(*repeat(iter(iterable), batch_size)))
+
+
+@contextmanager
+def augment_usage_errors(
+    ctx: "Context", param: t.Optional["Parameter"] = None
+) -> t.Iterator[None]:
+    """Context manager that attaches extra information to exceptions."""
+    try:
+        yield
+    except BadParameter as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        if param is not None and e.param is None:
+            e.param = param
+        raise
+    except UsageError as e:
+        if e.ctx is None:
+            e.ctx = ctx
+        raise
+
+
+def iter_params_for_processing(
+    invocation_order: t.Sequence["Parameter"],
+    declaration_order: t.Sequence["Parameter"],
+) -> t.List["Parameter"]:
+    """Given a sequence of parameters in the order as should be considered
+    for processing and an iterable of parameters that exist, this returns
+    a list in the correct order as they should be processed.
+    """
+
+    def sort_key(item: "Parameter") -> t.Tuple[bool, float]:
+        try:
+            idx: float = invocation_order.index(item)
+        except ValueError:
+            idx = float("inf")
+
+        return not item.is_eager, idx
+
+    return sorted(declaration_order, key=sort_key)
+
+
+class ParameterSource(enum.Enum):
+    """This is an :class:`~enum.Enum` that indicates the source of a
+    parameter's value.
+
+    Use :meth:`click.Context.get_parameter_source` to get the
+    source for a parameter by name.
+
+    .. versionchanged:: 8.0
+        Use :class:`~enum.Enum` and drop the ``validate`` method.
+
+    .. versionchanged:: 8.0
+        Added the ``PROMPT`` value.
+    """
+
+    COMMANDLINE = enum.auto()
+    """The value was provided by the command line args."""
+    ENVIRONMENT = enum.auto()
+    """The value was provided with an environment variable."""
+    DEFAULT = enum.auto()
+    """Used the default specified by the parameter."""
+    DEFAULT_MAP = enum.auto()
+    """Used a default provided by :attr:`Context.default_map`."""
+    PROMPT = enum.auto()
+    """Used a prompt to confirm a default or provide a value."""
+
+
+class Context:
+    """The context is a special internal object that holds state relevant
+    for the script execution at every single level.  It's normally invisible
+    to commands unless they opt-in to getting access to it.
+
+    The context is useful as it can pass internal objects around and can
+    control special execution features such as reading data from
+    environment variables.
+
+    A context can be used as context manager in which case it will call
+    :meth:`close` on teardown.
+
+    :param command: the command class for this context.
+    :param parent: the parent context.
+    :param info_name: the info name for this invocation.  Generally this
+                      is the most descriptive name for the script or
+                      command.  For the toplevel script it is usually
+                      the name of the script, for commands below it it's
+                      the name of the script.
+    :param obj: an arbitrary object of user data.
+    :param auto_envvar_prefix: the prefix to use for automatic environment
+                               variables.  If this is `None` then reading
+                               from environment variables is disabled.  This
+                               does not affect manually set environment
+                               variables which are always read.
+    :param default_map: a dictionary (like object) with default values
+                        for parameters.
+    :param terminal_width: the width of the terminal.  The default is
+                           inherit from parent context.  If no context
+                           defines the terminal width then auto
+                           detection will be applied.
+    :param max_content_width: the maximum width for content rendered by
+                              Click (this currently only affects help
+                              pages).  This defaults to 80 characters if
+                              not overridden.  In other words: even if the
+                              terminal is larger than that, Click will not
+                              format things wider than 80 characters by
+                              default.  In addition to that, formatters might
+                              add some safety mapping on the right.
+    :param resilient_parsing: if this flag is enabled then Click will
+                              parse without any interactivity or callback
+                              invocation.  Default values will also be
+                              ignored.  This is useful for implementing
+                              things such as completion support.
+    :param allow_extra_args: if this is set to `True` then extra arguments
+                             at the end will not raise an error and will be
+                             kept on the context.  The default is to inherit
+                             from the command.
+    :param allow_interspersed_args: if this is set to `False` then options
+                                    and arguments cannot be mixed.  The
+                                    default is to inherit from the command.
+    :param ignore_unknown_options: instructs click to ignore options it does
+                                   not know and keeps them for later
+                                   processing.
+    :param help_option_names: optionally a list of strings that define how
+                              the default help parameter is named.  The
+                              default is ``['--help']``.
+    :param token_normalize_func: an optional function that is used to
+                                 normalize tokens (options, choices,
+                                 etc.).  This for instance can be used to
+                                 implement case insensitive behavior.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are used in texts that Click prints which is by
+                  default not the case.  This for instance would affect
+                  help output.
+    :param show_default: Show the default value for commands. If this
+        value is not set, it defaults to the value from the parent
+        context. ``Command.show_default`` overrides this default for the
+        specific command.
+
+    .. versionchanged:: 8.1
+        The ``show_default`` parameter is overridden by
+        ``Command.show_default``, instead of the other way around.
+
+    .. versionchanged:: 8.0
+        The ``show_default`` parameter defaults to the value from the
+        parent context.
+
+    .. versionchanged:: 7.1
+       Added the ``show_default`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color``, ``ignore_unknown_options``, and
+        ``max_content_width`` parameters.
+
+    .. versionchanged:: 3.0
+        Added the ``allow_extra_args`` and ``allow_interspersed_args``
+        parameters.
+
+    .. versionchanged:: 2.0
+        Added the ``resilient_parsing``, ``help_option_names``, and
+        ``token_normalize_func`` parameters.
+    """
+
+    #: The formatter class to create with :meth:`make_formatter`.
+    #:
+    #: .. versionadded:: 8.0
+    formatter_class: t.Type["HelpFormatter"] = HelpFormatter
+
+    def __init__(
+        self,
+        command: "Command",
+        parent: t.Optional["Context"] = None,
+        info_name: t.Optional[str] = None,
+        obj: t.Optional[t.Any] = None,
+        auto_envvar_prefix: t.Optional[str] = None,
+        default_map: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        terminal_width: t.Optional[int] = None,
+        max_content_width: t.Optional[int] = None,
+        resilient_parsing: bool = False,
+        allow_extra_args: t.Optional[bool] = None,
+        allow_interspersed_args: t.Optional[bool] = None,
+        ignore_unknown_options: t.Optional[bool] = None,
+        help_option_names: t.Optional[t.List[str]] = None,
+        token_normalize_func: t.Optional[t.Callable[[str], str]] = None,
+        color: t.Optional[bool] = None,
+        show_default: t.Optional[bool] = None,
+    ) -> None:
+        #: the parent context or `None` if none exists.
+        self.parent = parent
+        #: the :class:`Command` for this context.
+        self.command = command
+        #: the descriptive information name
+        self.info_name = info_name
+        #: Map of parameter names to their parsed values. Parameters
+        #: with ``expose_value=False`` are not stored.
+        self.params: t.Dict[str, t.Any] = {}
+        #: the leftover arguments.
+        self.args: t.List[str] = []
+        #: protected arguments.  These are arguments that are prepended
+        #: to `args` when certain parsing scenarios are encountered but
+        #: must be never propagated to another arguments.  This is used
+        #: to implement nested parsing.
+        self.protected_args: t.List[str] = []
+        #: the collected prefixes of the command's options.
+        self._opt_prefixes: t.Set[str] = set(parent._opt_prefixes) if parent else set()
+
+        if obj is None and parent is not None:
+            obj = parent.obj
+
+        #: the user object stored.
+        self.obj: t.Any = obj
+        self._meta: t.Dict[str, t.Any] = getattr(parent, "meta", {})
+
+        #: A dictionary (-like object) with defaults for parameters.
+        if (
+            default_map is None
+            and info_name is not None
+            and parent is not None
+            and parent.default_map is not None
+        ):
+            default_map = parent.default_map.get(info_name)
+
+        self.default_map: t.Optional[t.MutableMapping[str, t.Any]] = default_map
+
+        #: This flag indicates if a subcommand is going to be executed. A
+        #: group callback can use this information to figure out if it's
+        #: being executed directly or because the execution flow passes
+        #: onwards to a subcommand. By default it's None, but it can be
+        #: the name of the subcommand to execute.
+        #:
+        #: If chaining is enabled this will be set to ``'*'`` in case
+        #: any commands are executed.  It is however not possible to
+        #: figure out which ones.  If you require this knowledge you
+        #: should use a :func:`result_callback`.
+        self.invoked_subcommand: t.Optional[str] = None
+
+        if terminal_width is None and parent is not None:
+            terminal_width = parent.terminal_width
+
+        #: The width of the terminal (None is autodetection).
+        self.terminal_width: t.Optional[int] = terminal_width
+
+        if max_content_width is None and parent is not None:
+            max_content_width = parent.max_content_width
+
+        #: The maximum width of formatted content (None implies a sensible
+        #: default which is 80 for most things).
+        self.max_content_width: t.Optional[int] = max_content_width
+
+        if allow_extra_args is None:
+            allow_extra_args = command.allow_extra_args
+
+        #: Indicates if the context allows extra args or if it should
+        #: fail on parsing.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_extra_args = allow_extra_args
+
+        if allow_interspersed_args is None:
+            allow_interspersed_args = command.allow_interspersed_args
+
+        #: Indicates if the context allows mixing of arguments and
+        #: options or not.
+        #:
+        #: .. versionadded:: 3.0
+        self.allow_interspersed_args: bool = allow_interspersed_args
+
+        if ignore_unknown_options is None:
+            ignore_unknown_options = command.ignore_unknown_options
+
+        #: Instructs click to ignore options that a command does not
+        #: understand and will store it on the context for later
+        #: processing.  This is primarily useful for situations where you
+        #: want to call into external programs.  Generally this pattern is
+        #: strongly discouraged because it's not possibly to losslessly
+        #: forward all arguments.
+        #:
+        #: .. versionadded:: 4.0
+        self.ignore_unknown_options: bool = ignore_unknown_options
+
+        if help_option_names is None:
+            if parent is not None:
+                help_option_names = parent.help_option_names
+            else:
+                help_option_names = ["--help"]
+
+        #: The names for the help options.
+        self.help_option_names: t.List[str] = help_option_names
+
+        if token_normalize_func is None and parent is not None:
+            token_normalize_func = parent.token_normalize_func
+
+        #: An optional normalization function for tokens.  This is
+        #: options, choices, commands etc.
+        self.token_normalize_func: t.Optional[
+            t.Callable[[str], str]
+        ] = token_normalize_func
+
+        #: Indicates if resilient parsing is enabled.  In that case Click
+        #: will do its best to not cause any failures and default values
+        #: will be ignored. Useful for completion.
+        self.resilient_parsing: bool = resilient_parsing
+
+        # If there is no envvar prefix yet, but the parent has one and
+        # the command on this level has a name, we can expand the envvar
+        # prefix automatically.
+        if auto_envvar_prefix is None:
+            if (
+                parent is not None
+                and parent.auto_envvar_prefix is not None
+                and self.info_name is not None
+            ):
+                auto_envvar_prefix = (
+                    f"{parent.auto_envvar_prefix}_{self.info_name.upper()}"
+                )
+        else:
+            auto_envvar_prefix = auto_envvar_prefix.upper()
+
+        if auto_envvar_prefix is not None:
+            auto_envvar_prefix = auto_envvar_prefix.replace("-", "_")
+
+        self.auto_envvar_prefix: t.Optional[str] = auto_envvar_prefix
+
+        if color is None and parent is not None:
+            color = parent.color
+
+        #: Controls if styling output is wanted or not.
+        self.color: t.Optional[bool] = color
+
+        if show_default is None and parent is not None:
+            show_default = parent.show_default
+
+        #: Show option default values when formatting help text.
+        self.show_default: t.Optional[bool] = show_default
+
+        self._close_callbacks: t.List[t.Callable[[], t.Any]] = []
+        self._depth = 0
+        self._parameter_source: t.Dict[str, ParameterSource] = {}
+        self._exit_stack = ExitStack()
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire CLI
+        structure.
+
+        .. code-block:: python
+
+            with Context(cli) as ctx:
+                info = ctx.to_info_dict()
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "command": self.command.to_info_dict(self),
+            "info_name": self.info_name,
+            "allow_extra_args": self.allow_extra_args,
+            "allow_interspersed_args": self.allow_interspersed_args,
+            "ignore_unknown_options": self.ignore_unknown_options,
+            "auto_envvar_prefix": self.auto_envvar_prefix,
+        }
+
+    def __enter__(self) -> "Context":
+        self._depth += 1
+        push_context(self)
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self._depth -= 1
+        if self._depth == 0:
+            self.close()
+        pop_context()
+
+    @contextmanager
+    def scope(self, cleanup: bool = True) -> t.Iterator["Context"]:
+        """This helper method can be used with the context object to promote
+        it to the current thread local (see :func:`get_current_context`).
+        The default behavior of this is to invoke the cleanup functions which
+        can be disabled by setting `cleanup` to `False`.  The cleanup
+        functions are typically used for things such as closing file handles.
+
+        If the cleanup is intended the context object can also be directly
+        used as a context manager.
+
+        Example usage::
+
+            with ctx.scope():
+                assert get_current_context() is ctx
+
+        This is equivalent::
+
+            with ctx:
+                assert get_current_context() is ctx
+
+        .. versionadded:: 5.0
+
+        :param cleanup: controls if the cleanup functions should be run or
+                        not.  The default is to run these functions.  In
+                        some situations the context only wants to be
+                        temporarily pushed in which case this can be disabled.
+                        Nested pushes automatically defer the cleanup.
+        """
+        if not cleanup:
+            self._depth += 1
+        try:
+            with self as rv:
+                yield rv
+        finally:
+            if not cleanup:
+                self._depth -= 1
+
+    @property
+    def meta(self) -> t.Dict[str, t.Any]:
+        """This is a dictionary which is shared with all the contexts
+        that are nested.  It exists so that click utilities can store some
+        state here if they need to.  It is however the responsibility of
+        that code to manage this dictionary well.
+
+        The keys are supposed to be unique dotted strings.  For instance
+        module paths are a good choice for it.  What is stored in there is
+        irrelevant for the operation of click.  However what is important is
+        that code that places data here adheres to the general semantics of
+        the system.
+
+        Example usage::
+
+            LANG_KEY = f'{__name__}.lang'
+
+            def set_language(value):
+                ctx = get_current_context()
+                ctx.meta[LANG_KEY] = value
+
+            def get_language():
+                return get_current_context().meta.get(LANG_KEY, 'en_US')
+
+        .. versionadded:: 5.0
+        """
+        return self._meta
+
+    def make_formatter(self) -> HelpFormatter:
+        """Creates the :class:`~click.HelpFormatter` for the help and
+        usage output.
+
+        To quickly customize the formatter class used without overriding
+        this method, set the :attr:`formatter_class` attribute.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`formatter_class` attribute.
+        """
+        return self.formatter_class(
+            width=self.terminal_width, max_width=self.max_content_width
+        )
+
+    def with_resource(self, context_manager: t.ContextManager[V]) -> V:
+        """Register a resource as if it were used in a ``with``
+        statement. The resource will be cleaned up when the context is
+        popped.
+
+        Uses :meth:`contextlib.ExitStack.enter_context`. It calls the
+        resource's ``__enter__()`` method and returns the result. When
+        the context is popped, it closes the stack, which calls the
+        resource's ``__exit__()`` method.
+
+        To register a cleanup function for something that isn't a
+        context manager, use :meth:`call_on_close`. Or use something
+        from :mod:`contextlib` to turn it into a context manager first.
+
+        .. code-block:: python
+
+            @click.group()
+            @click.option("--name")
+            @click.pass_context
+            def cli(ctx):
+                ctx.obj = ctx.with_resource(connect_db(name))
+
+        :param context_manager: The context manager to enter.
+        :return: Whatever ``context_manager.__enter__()`` returns.
+
+        .. versionadded:: 8.0
+        """
+        return self._exit_stack.enter_context(context_manager)
+
+    def call_on_close(self, f: t.Callable[..., t.Any]) -> t.Callable[..., t.Any]:
+        """Register a function to be called when the context tears down.
+
+        This can be used to close resources opened during the script
+        execution. Resources that support Python's context manager
+        protocol which would be used in a ``with`` statement should be
+        registered with :meth:`with_resource` instead.
+
+        :param f: The function to execute on teardown.
+        """
+        return self._exit_stack.callback(f)
+
+    def close(self) -> None:
+        """Invoke all close callbacks registered with
+        :meth:`call_on_close`, and exit all context managers entered
+        with :meth:`with_resource`.
+        """
+        self._exit_stack.close()
+        # In case the context is reused, create a new exit stack.
+        self._exit_stack = ExitStack()
+
+    @property
+    def command_path(self) -> str:
+        """The computed command path.  This is used for the ``usage``
+        information on the help page.  It's automatically created by
+        combining the info names of the chain of contexts to the root.
+        """
+        rv = ""
+        if self.info_name is not None:
+            rv = self.info_name
+        if self.parent is not None:
+            parent_command_path = [self.parent.command_path]
+
+            if isinstance(self.parent.command, Command):
+                for param in self.parent.command.get_params(self):
+                    parent_command_path.extend(param.get_usage_pieces(self))
+
+            rv = f"{' '.join(parent_command_path)} {rv}"
+        return rv.lstrip()
+
+    def find_root(self) -> "Context":
+        """Finds the outermost context."""
+        node = self
+        while node.parent is not None:
+            node = node.parent
+        return node
+
+    def find_object(self, object_type: t.Type[V]) -> t.Optional[V]:
+        """Finds the closest object of a given type."""
+        node: t.Optional["Context"] = self
+
+        while node is not None:
+            if isinstance(node.obj, object_type):
+                return node.obj
+
+            node = node.parent
+
+        return None
+
+    def ensure_object(self, object_type: t.Type[V]) -> V:
+        """Like :meth:`find_object` but sets the innermost object to a
+        new instance of `object_type` if it does not exist.
+        """
+        rv = self.find_object(object_type)
+        if rv is None:
+            self.obj = rv = object_type()
+        return rv
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def lookup_default(
+        self, name: str, call: "te.Literal[False]" = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def lookup_default(self, name: str, call: bool = True) -> t.Optional[t.Any]:
+        """Get the default for a parameter from :attr:`default_map`.
+
+        :param name: Name of the parameter.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        if self.default_map is not None:
+            value = self.default_map.get(name)
+
+            if call and callable(value):
+                return value()
+
+            return value
+
+        return None
+
+    def fail(self, message: str) -> "te.NoReturn":
+        """Aborts the execution of the program with a specific error
+        message.
+
+        :param message: the error message to fail with.
+        """
+        raise UsageError(message, self)
+
+    def abort(self) -> "te.NoReturn":
+        """Aborts the script."""
+        raise Abort()
+
+    def exit(self, code: int = 0) -> "te.NoReturn":
+        """Exits the application with a given exit code."""
+        raise Exit(code)
+
+    def get_usage(self) -> str:
+        """Helper method to get formatted usage string for the current
+        context and command.
+        """
+        return self.command.get_usage(self)
+
+    def get_help(self) -> str:
+        """Helper method to get formatted help page for the current
+        context and command.
+        """
+        return self.command.get_help(self)
+
+    def _make_sub_context(self, command: "Command") -> "Context":
+        """Create a new context of the same type as this context, but
+        for a new command.
+
+        :meta private:
+        """
+        return type(self)(command, info_name=command.name, parent=self)
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "t.Callable[..., V]",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> V:
+        ...
+
+    @t.overload
+    def invoke(
+        __self,  # noqa: B902
+        __callback: "Command",
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        ...
+
+    def invoke(
+        __self,  # noqa: B902
+        __callback: t.Union["Command", "t.Callable[..., V]"],
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Union[t.Any, V]:
+        """Invokes a command callback in exactly the way it expects.  There
+        are two ways to invoke this method:
+
+        1.  the first argument can be a callback and all other arguments and
+            keyword arguments are forwarded directly to the function.
+        2.  the first argument is a click command object.  In that case all
+            arguments are forwarded as well but proper click parameters
+            (options and click arguments) must be keyword arguments and Click
+            will fill in defaults.
+
+        Note that before Click 3.2 keyword arguments were not properly filled
+        in against the intention of this code and no context was created.  For
+        more information about this change and why it was done in a bugfix
+        release see :ref:`upgrade-to-3.2`.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if :meth:`forward` is called at multiple levels.
+        """
+        if isinstance(__callback, Command):
+            other_cmd = __callback
+
+            if other_cmd.callback is None:
+                raise TypeError(
+                    "The given command does not have a callback that can be invoked."
+                )
+            else:
+                __callback = t.cast("t.Callable[..., V]", other_cmd.callback)
+
+            ctx = __self._make_sub_context(other_cmd)
+
+            for param in other_cmd.params:
+                if param.name not in kwargs and param.expose_value:
+                    kwargs[param.name] = param.type_cast_value(  # type: ignore
+                        ctx, param.get_default(ctx)
+                    )
+
+            # Track all kwargs as params, so that forward() will pass
+            # them on in subsequent calls.
+            ctx.params.update(kwargs)
+        else:
+            ctx = __self
+
+        with augment_usage_errors(__self):
+            with ctx:
+                return __callback(*args, **kwargs)
+
+    def forward(
+        __self, __cmd: "Command", *args: t.Any, **kwargs: t.Any  # noqa: B902
+    ) -> t.Any:
+        """Similar to :meth:`invoke` but fills in default keyword
+        arguments from the current context if the other command expects
+        it.  This cannot invoke callbacks directly, only other commands.
+
+        .. versionchanged:: 8.0
+            All ``kwargs`` are tracked in :attr:`params` so they will be
+            passed if ``forward`` is called at multiple levels.
+        """
+        # Can only forward to other commands, not direct callbacks.
+        if not isinstance(__cmd, Command):
+            raise TypeError("Callback is not a command.")
+
+        for param in __self.params:
+            if param not in kwargs:
+                kwargs[param] = __self.params[param]
+
+        return __self.invoke(__cmd, *args, **kwargs)
+
+    def set_parameter_source(self, name: str, source: ParameterSource) -> None:
+        """Set the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        :param name: The name of the parameter.
+        :param source: A member of :class:`~click.core.ParameterSource`.
+        """
+        self._parameter_source[name] = source
+
+    def get_parameter_source(self, name: str) -> t.Optional[ParameterSource]:
+        """Get the source of a parameter. This indicates the location
+        from which the value of the parameter was obtained.
+
+        This can be useful for determining when a user specified a value
+        on the command line that is the same as the default value. It
+        will be :attr:`~click.core.ParameterSource.DEFAULT` only if the
+        value was actually taken from the default.
+
+        :param name: The name of the parameter.
+        :rtype: ParameterSource
+
+        .. versionchanged:: 8.0
+            Returns ``None`` if the parameter was not provided from any
+            source.
+        """
+        return self._parameter_source.get(name)
+
+
+class BaseCommand:
+    """The base command implements the minimal API contract of commands.
+    Most code will never use this as it does not implement a lot of useful
+    functionality but it can act as the direct subclass of alternative
+    parsing methods that do not depend on the Click parser.
+
+    For instance, this can be used to bridge Click and other systems like
+    argparse or docopt.
+
+    Because base commands do not implement a lot of the API that other
+    parts of Click take for granted, they are not supported for all
+    operations.  For instance, they cannot be used with the decorators
+    usually and they have no built-in callback system.
+
+    .. versionchanged:: 2.0
+       Added the `context_settings` parameter.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    """
+
+    #: The context class to create with :meth:`make_context`.
+    #:
+    #: .. versionadded:: 8.0
+    context_class: t.Type[Context] = Context
+    #: the default for the :attr:`Context.allow_extra_args` flag.
+    allow_extra_args = False
+    #: the default for the :attr:`Context.allow_interspersed_args` flag.
+    allow_interspersed_args = True
+    #: the default for the :attr:`Context.ignore_unknown_options` flag.
+    ignore_unknown_options = False
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> None:
+        #: the name the command thinks it has.  Upon registering a command
+        #: on a :class:`Group` the group will default the command name
+        #: with this information.  You should instead use the
+        #: :class:`Context`\'s :attr:`~Context.info_name` attribute.
+        self.name = name
+
+        if context_settings is None:
+            context_settings = {}
+
+        #: an optional dictionary with defaults passed to the context.
+        self.context_settings: t.MutableMapping[str, t.Any] = context_settings
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation. This traverses the entire structure
+        below this command.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        :param ctx: A :class:`Context` representing this command.
+
+        .. versionadded:: 8.0
+        """
+        return {"name": self.name}
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def get_usage(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get usage")
+
+    def get_help(self, ctx: Context) -> str:
+        raise NotImplementedError("Base commands cannot get help")
+
+    def make_context(
+        self,
+        info_name: t.Optional[str],
+        args: t.List[str],
+        parent: t.Optional[Context] = None,
+        **extra: t.Any,
+    ) -> Context:
+        """This function when given an info name and arguments will kick
+        off the parsing and create a new :class:`Context`.  It does not
+        invoke the actual command callback though.
+
+        To quickly customize the context class used without overriding
+        this method, set the :attr:`context_class` attribute.
+
+        :param info_name: the info name for this invocation.  Generally this
+                          is the most descriptive name for the script or
+                          command.  For the toplevel script it's usually
+                          the name of the script, for commands below it's
+                          the name of the command.
+        :param args: the arguments to parse as list of strings.
+        :param parent: the parent context if available.
+        :param extra: extra keyword arguments forwarded to the context
+                      constructor.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`context_class` attribute.
+        """
+        for key, value in self.context_settings.items():
+            if key not in extra:
+                extra[key] = value
+
+        ctx = self.context_class(
+            self, info_name=info_name, parent=parent, **extra  # type: ignore
+        )
+
+        with ctx.scope(cleanup=False):
+            self.parse_args(ctx, args)
+        return ctx
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        """Given a context and a list of arguments this creates the parser
+        and parses the arguments, then modifies the context as necessary.
+        This is automatically invoked by :meth:`make_context`.
+        """
+        raise NotImplementedError("Base commands do not know how to parse arguments.")
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the command.  The default
+        implementation is raising a not implemented error.
+        """
+        raise NotImplementedError("Base commands are not invocable by default")
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of chained multi-commands.
+
+        Any command could be part of a chained multi-command, so sibling
+        commands are valid at any point during command completion. Other
+        command classes will return more completions.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        while ctx.parent is not None:
+            ctx = ctx.parent
+
+            if isinstance(ctx.command, MultiCommand) and ctx.command.chain:
+                results.extend(
+                    CompletionItem(name, help=command.get_short_help_str())
+                    for name, command in _complete_visible_commands(ctx, incomplete)
+                    if name not in ctx.protected_args
+                )
+
+        return results
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: "te.Literal[True]" = True,
+        **extra: t.Any,
+    ) -> "te.NoReturn":
+        ...
+
+    @t.overload
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = ...,
+        **extra: t.Any,
+    ) -> t.Any:
+        ...
+
+    def main(
+        self,
+        args: t.Optional[t.Sequence[str]] = None,
+        prog_name: t.Optional[str] = None,
+        complete_var: t.Optional[str] = None,
+        standalone_mode: bool = True,
+        windows_expand_args: bool = True,
+        **extra: t.Any,
+    ) -> t.Any:
+        """This is the way to invoke a script with all the bells and
+        whistles as a command line application.  This will always terminate
+        the application after a call.  If this is not wanted, ``SystemExit``
+        needs to be caught.
+
+        This method is also available by directly calling the instance of
+        a :class:`Command`.
+
+        :param args: the arguments that should be used for parsing.  If not
+                     provided, ``sys.argv[1:]`` is used.
+        :param prog_name: the program name that should be used.  By default
+                          the program name is constructed by taking the file
+                          name from ``sys.argv[0]``.
+        :param complete_var: the environment variable that controls the
+                             bash completion support.  The default is
+                             ``"_<prog_name>_COMPLETE"`` with prog_name in
+                             uppercase.
+        :param standalone_mode: the default behavior is to invoke the script
+                                in standalone mode.  Click will then
+                                handle exceptions and convert them into
+                                error messages and the function will never
+                                return but shut down the interpreter.  If
+                                this is set to `False` they will be
+                                propagated to the caller and the return
+                                value of this function is the return value
+                                of :meth:`invoke`.
+        :param windows_expand_args: Expand glob patterns, user dir, and
+            env vars in command line args on Windows.
+        :param extra: extra keyword arguments are forwarded to the context
+                      constructor.  See :class:`Context` for more information.
+
+        .. versionchanged:: 8.0.1
+            Added the ``windows_expand_args`` parameter to allow
+            disabling command line arg expansion on Windows.
+
+        .. versionchanged:: 8.0
+            When taking arguments from ``sys.argv`` on Windows, glob
+            patterns, user dir, and env vars are expanded.
+
+        .. versionchanged:: 3.0
+           Added the ``standalone_mode`` parameter.
+        """
+        if args is None:
+            args = sys.argv[1:]
+
+            if os.name == "nt" and windows_expand_args:
+                args = _expand_args(args)
+        else:
+            args = list(args)
+
+        if prog_name is None:
+            prog_name = _detect_program_name()
+
+        # Process shell completion requests and exit early.
+        self._main_shell_completion(extra, prog_name, complete_var)
+
+        try:
+            try:
+                with self.make_context(prog_name, args, **extra) as ctx:
+                    rv = self.invoke(ctx)
+                    if not standalone_mode:
+                        return rv
+                    # it's not safe to `ctx.exit(rv)` here!
+                    # note that `rv` may actually contain data like "1" which
+                    # has obvious effects
+                    # more subtle case: `rv=[None, None]` can come out of
+                    # chained commands which all returned `None` -- so it's not
+                    # even always obvious that `rv` indicates success/failure
+                    # by its truthiness/falsiness
+                    ctx.exit()
+            except (EOFError, KeyboardInterrupt) as e:
+                echo(file=sys.stderr)
+                raise Abort() from e
+            except ClickException as e:
+                if not standalone_mode:
+                    raise
+                e.show()
+                sys.exit(e.exit_code)
+            except OSError as e:
+                if e.errno == errno.EPIPE:
+                    sys.stdout = t.cast(t.TextIO, PacifyFlushWrapper(sys.stdout))
+                    sys.stderr = t.cast(t.TextIO, PacifyFlushWrapper(sys.stderr))
+                    sys.exit(1)
+                else:
+                    raise
+        except Exit as e:
+            if standalone_mode:
+                sys.exit(e.exit_code)
+            else:
+                # in non-standalone mode, return the exit code
+                # note that this is only reached if `self.invoke` above raises
+                # an Exit explicitly -- thus bypassing the check there which
+                # would return its result
+                # the results of non-standalone execution may therefore be
+                # somewhat ambiguous: if there are codepaths which lead to
+                # `ctx.exit(1)` and to `return 1`, the caller won't be able to
+                # tell the difference between the two
+                return e.exit_code
+        except Abort:
+            if not standalone_mode:
+                raise
+            echo(_("Aborted!"), file=sys.stderr)
+            sys.exit(1)
+
+    def _main_shell_completion(
+        self,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: t.Optional[str] = None,
+    ) -> None:
+        """Check if the shell is asking for tab completion, process
+        that, then exit early. Called from :meth:`main` before the
+        program is invoked.
+
+        :param prog_name: Name of the executable in the shell.
+        :param complete_var: Name of the environment variable that holds
+            the completion instruction. Defaults to
+            ``_{PROG_NAME}_COMPLETE``.
+
+        .. versionchanged:: 8.2.0
+            Dots (``.``) in ``prog_name`` are replaced with underscores (``_``).
+        """
+        if complete_var is None:
+            complete_name = prog_name.replace("-", "_").replace(".", "_")
+            complete_var = f"_{complete_name}_COMPLETE".upper()
+
+        instruction = os.environ.get(complete_var)
+
+        if not instruction:
+            return
+
+        from .shell_completion import shell_complete
+
+        rv = shell_complete(self, ctx_args, prog_name, complete_var, instruction)
+        sys.exit(rv)
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Alias for :meth:`main`."""
+        return self.main(*args, **kwargs)
+
+
+class Command(BaseCommand):
+    """Commands are the basic building block of command line interfaces in
+    Click.  A basic command handles command line parsing and might dispatch
+    more parsing to commands nested below it.
+
+    :param name: the name of the command to use unless a group overrides it.
+    :param context_settings: an optional dictionary with defaults that are
+                             passed to the context object.
+    :param callback: the callback to invoke.  This is optional.
+    :param params: the parameters to register with this command.  This can
+                   be either :class:`Option` or :class:`Argument` objects.
+    :param help: the help string to use for this command.
+    :param epilog: like the help string but it's printed at the end of the
+                   help page after everything else.
+    :param short_help: the short help to use for this command.  This is
+                       shown on the command listing of the parent command.
+    :param add_help_option: by default each command registers a ``--help``
+                            option.  This can be disabled by this parameter.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is disabled by default.
+                            If enabled this will add ``--help`` as argument
+                            if no arguments are passed
+    :param hidden: hide this command from help outputs.
+
+    :param deprecated: issues a message indicating that
+                             the command is deprecated.
+
+    .. versionchanged:: 8.1
+        ``help``, ``epilog``, and ``short_help`` are stored unprocessed,
+        all formatting is done when outputting help text, not at init,
+        and is done even if not using the ``@command`` decorator.
+
+    .. versionchanged:: 8.0
+        Added a ``repr`` showing the command name.
+
+    .. versionchanged:: 7.1
+        Added the ``no_args_is_help`` parameter.
+
+    .. versionchanged:: 2.0
+        Added the ``context_settings`` parameter.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str],
+        context_settings: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        callback: t.Optional[t.Callable[..., t.Any]] = None,
+        params: t.Optional[t.List["Parameter"]] = None,
+        help: t.Optional[str] = None,
+        epilog: t.Optional[str] = None,
+        short_help: t.Optional[str] = None,
+        options_metavar: t.Optional[str] = "[OPTIONS]",
+        add_help_option: bool = True,
+        no_args_is_help: bool = False,
+        hidden: bool = False,
+        deprecated: bool = False,
+    ) -> None:
+        super().__init__(name, context_settings)
+        #: the callback to execute when the command fires.  This might be
+        #: `None` in which case nothing happens.
+        self.callback = callback
+        #: the list of parameters for this command in the order they
+        #: should show up in the help page and execute.  Eager parameters
+        #: will automatically be handled before non eager ones.
+        self.params: t.List["Parameter"] = params or []
+        self.help = help
+        self.epilog = epilog
+        self.options_metavar = options_metavar
+        self.short_help = short_help
+        self.add_help_option = add_help_option
+        self.no_args_is_help = no_args_is_help
+        self.hidden = hidden
+        self.deprecated = deprecated
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        info_dict.update(
+            params=[param.to_info_dict() for param in self.get_params(ctx)],
+            help=self.help,
+            epilog=self.epilog,
+            short_help=self.short_help,
+            hidden=self.hidden,
+            deprecated=self.deprecated,
+        )
+        return info_dict
+
+    def get_usage(self, ctx: Context) -> str:
+        """Formats the usage line into a string and returns it.
+
+        Calls :meth:`format_usage` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_usage(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_params(self, ctx: Context) -> t.List["Parameter"]:
+        rv = self.params
+        help_option = self.get_help_option(ctx)
+
+        if help_option is not None:
+            rv = [*rv, help_option]
+
+        return rv
+
+    def format_usage(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the usage line into the formatter.
+
+        This is a low-level method called by :meth:`get_usage`.
+        """
+        pieces = self.collect_usage_pieces(ctx)
+        formatter.write_usage(ctx.command_path, " ".join(pieces))
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        """Returns all the pieces that go into the usage line and returns
+        it as a list of strings.
+        """
+        rv = [self.options_metavar] if self.options_metavar else []
+
+        for param in self.get_params(ctx):
+            rv.extend(param.get_usage_pieces(ctx))
+
+        return rv
+
+    def get_help_option_names(self, ctx: Context) -> t.List[str]:
+        """Returns the names for the help option."""
+        all_names = set(ctx.help_option_names)
+        for param in self.params:
+            all_names.difference_update(param.opts)
+            all_names.difference_update(param.secondary_opts)
+        return list(all_names)
+
+    def get_help_option(self, ctx: Context) -> t.Optional["Option"]:
+        """Returns the help option object."""
+        help_options = self.get_help_option_names(ctx)
+
+        if not help_options or not self.add_help_option:
+            return None
+
+        def show_help(ctx: Context, param: "Parameter", value: str) -> None:
+            if value and not ctx.resilient_parsing:
+                echo(ctx.get_help(), color=ctx.color)
+                ctx.exit()
+
+        return Option(
+            help_options,
+            is_flag=True,
+            is_eager=True,
+            expose_value=False,
+            callback=show_help,
+            help=_("Show this message and exit."),
+        )
+
+    def make_parser(self, ctx: Context) -> OptionParser:
+        """Creates the underlying option parser for this command."""
+        parser = OptionParser(ctx)
+        for param in self.get_params(ctx):
+            param.add_to_parser(parser, ctx)
+        return parser
+
+    def get_help(self, ctx: Context) -> str:
+        """Formats the help into a string and returns it.
+
+        Calls :meth:`format_help` internally.
+        """
+        formatter = ctx.make_formatter()
+        self.format_help(ctx, formatter)
+        return formatter.getvalue().rstrip("\n")
+
+    def get_short_help_str(self, limit: int = 45) -> str:
+        """Gets short help for the command or makes it by shortening the
+        long help string.
+        """
+        if self.short_help:
+            text = inspect.cleandoc(self.short_help)
+        elif self.help:
+            text = make_default_short_help(self.help, limit)
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        return text.strip()
+
+    def format_help(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help into the formatter if it exists.
+
+        This is a low-level method called by :meth:`get_help`.
+
+        This calls the following methods:
+
+        -   :meth:`format_usage`
+        -   :meth:`format_help_text`
+        -   :meth:`format_options`
+        -   :meth:`format_epilog`
+        """
+        self.format_usage(ctx, formatter)
+        self.format_help_text(ctx, formatter)
+        self.format_options(ctx, formatter)
+        self.format_epilog(ctx, formatter)
+
+    def format_help_text(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the help text to the formatter if it exists."""
+        if self.help is not None:
+            # truncate the help text to the first form feed
+            text = inspect.cleandoc(self.help).partition("\f")[0]
+        else:
+            text = ""
+
+        if self.deprecated:
+            text = _("(Deprecated) {text}").format(text=text)
+
+        if text:
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(text)
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes all the options into the formatter if they exist."""
+        opts = []
+        for param in self.get_params(ctx):
+            rv = param.get_help_record(ctx)
+            if rv is not None:
+                opts.append(rv)
+
+        if opts:
+            with formatter.section(_("Options")):
+                formatter.write_dl(opts)
+
+    def format_epilog(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Writes the epilog into the formatter if it exists."""
+        if self.epilog:
+            epilog = inspect.cleandoc(self.epilog)
+            formatter.write_paragraph()
+
+            with formatter.indentation():
+                formatter.write_text(epilog)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        parser = self.make_parser(ctx)
+        opts, args, param_order = parser.parse_args(args=args)
+
+        for param in iter_params_for_processing(param_order, self.get_params(ctx)):
+            value, args = param.handle_parse_result(ctx, opts, args)
+
+        if args and not ctx.allow_extra_args and not ctx.resilient_parsing:
+            ctx.fail(
+                ngettext(
+                    "Got unexpected extra argument ({args})",
+                    "Got unexpected extra arguments ({args})",
+                    len(args),
+                ).format(args=" ".join(map(str, args)))
+            )
+
+        ctx.args = args
+        ctx._opt_prefixes.update(parser._opt_prefixes)
+        return args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        """Given a context, this invokes the attached callback (if it exists)
+        in the right way.
+        """
+        if self.deprecated:
+            message = _(
+                "DeprecationWarning: The command {name!r} is deprecated."
+            ).format(name=self.name)
+            echo(style(message, fg="red"), err=True)
+
+        if self.callback is not None:
+            return ctx.invoke(self.callback, **ctx.params)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options and chained multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results: t.List["CompletionItem"] = []
+
+        if incomplete and not incomplete[0].isalnum():
+            for param in self.get_params(ctx):
+                if (
+                    not isinstance(param, Option)
+                    or param.hidden
+                    or (
+                        not param.multiple
+                        and ctx.get_parameter_source(param.name)  # type: ignore
+                        is ParameterSource.COMMANDLINE
+                    )
+                ):
+                    continue
+
+                results.extend(
+                    CompletionItem(name, help=param.help)
+                    for name in [*param.opts, *param.secondary_opts]
+                    if name.startswith(incomplete)
+                )
+
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class MultiCommand(Command):
+    """A multi command is the basic implementation of a command that
+    dispatches to subcommands.  The most common version is the
+    :class:`Group`.
+
+    :param invoke_without_command: this controls how the multi command itself
+                                   is invoked.  By default it's only invoked
+                                   if a subcommand is provided.
+    :param no_args_is_help: this controls what happens if no arguments are
+                            provided.  This option is enabled by default if
+                            `invoke_without_command` is disabled or disabled
+                            if it's enabled.  If enabled this will add
+                            ``--help`` as argument if no arguments are
+                            passed.
+    :param subcommand_metavar: the string that is used in the documentation
+                               to indicate the subcommand place.
+    :param chain: if this is set to `True` chaining of multiple subcommands
+                  is enabled.  This restricts the form of commands in that
+                  they cannot have optional arguments but it allows
+                  multiple commands to be chained together.
+    :param result_callback: The result callback to attach to this multi
+        command. This can be set or changed later with the
+        :meth:`result_callback` decorator.
+    :param attrs: Other command arguments described in :class:`Command`.
+    """
+
+    allow_extra_args = True
+    allow_interspersed_args = False
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        invoke_without_command: bool = False,
+        no_args_is_help: t.Optional[bool] = None,
+        subcommand_metavar: t.Optional[str] = None,
+        chain: bool = False,
+        result_callback: t.Optional[t.Callable[..., t.Any]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if no_args_is_help is None:
+            no_args_is_help = not invoke_without_command
+
+        self.no_args_is_help = no_args_is_help
+        self.invoke_without_command = invoke_without_command
+
+        if subcommand_metavar is None:
+            if chain:
+                subcommand_metavar = "COMMAND1 [ARGS]... [COMMAND2 [ARGS]...]..."
+            else:
+                subcommand_metavar = "COMMAND [ARGS]..."
+
+        self.subcommand_metavar = subcommand_metavar
+        self.chain = chain
+        # The result callback that is stored. This can be set or
+        # overridden with the :func:`result_callback` decorator.
+        self._result_callback = result_callback
+
+        if self.chain:
+            for param in self.params:
+                if isinstance(param, Argument) and not param.required:
+                    raise RuntimeError(
+                        "Multi commands in chain mode cannot have"
+                        " optional arguments."
+                    )
+
+    def to_info_dict(self, ctx: Context) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict(ctx)
+        commands = {}
+
+        for name in self.list_commands(ctx):
+            command = self.get_command(ctx, name)
+
+            if command is None:
+                continue
+
+            sub_ctx = ctx._make_sub_context(command)
+
+            with sub_ctx.scope(cleanup=False):
+                commands[name] = command.to_info_dict(sub_ctx)
+
+        info_dict.update(commands=commands, chain=self.chain)
+        return info_dict
+
+    def collect_usage_pieces(self, ctx: Context) -> t.List[str]:
+        rv = super().collect_usage_pieces(ctx)
+        rv.append(self.subcommand_metavar)
+        return rv
+
+    def format_options(self, ctx: Context, formatter: HelpFormatter) -> None:
+        super().format_options(ctx, formatter)
+        self.format_commands(ctx, formatter)
+
+    def result_callback(self, replace: bool = False) -> t.Callable[[F], F]:
+        """Adds a result callback to the command.  By default if a
+        result callback is already registered this will chain them but
+        this can be disabled with the `replace` parameter.  The result
+        callback is invoked with the return value of the subcommand
+        (or the list of return values from all subcommands if chaining
+        is enabled) as well as the parameters as they would be passed
+        to the main callback.
+
+        Example::
+
+            @click.group()
+            @click.option('-i', '--input', default=23)
+            def cli(input):
+                return 42
+
+            @cli.result_callback()
+            def process_result(result, input):
+                return result + input
+
+        :param replace: if set to `True` an already existing result
+                        callback will be removed.
+
+        .. versionchanged:: 8.0
+            Renamed from ``resultcallback``.
+
+        .. versionadded:: 3.0
+        """
+
+        def decorator(f: F) -> F:
+            old_callback = self._result_callback
+
+            if old_callback is None or replace:
+                self._result_callback = f
+                return f
+
+            def function(__value, *args, **kwargs):  # type: ignore
+                inner = old_callback(__value, *args, **kwargs)
+                return f(inner, *args, **kwargs)
+
+            self._result_callback = rv = update_wrapper(t.cast(F, function), f)
+            return rv
+
+        return decorator
+
+    def format_commands(self, ctx: Context, formatter: HelpFormatter) -> None:
+        """Extra format methods for multi methods that adds all the commands
+        after the options.
+        """
+        commands = []
+        for subcommand in self.list_commands(ctx):
+            cmd = self.get_command(ctx, subcommand)
+            # What is this, the tool lied about a command.  Ignore it
+            if cmd is None:
+                continue
+            if cmd.hidden:
+                continue
+
+            commands.append((subcommand, cmd))
+
+        # allow for 3 times the default spacing
+        if len(commands):
+            limit = formatter.width - 6 - max(len(cmd[0]) for cmd in commands)
+
+            rows = []
+            for subcommand, cmd in commands:
+                help = cmd.get_short_help_str(limit)
+                rows.append((subcommand, help))
+
+            if rows:
+                with formatter.section(_("Commands")):
+                    formatter.write_dl(rows)
+
+    def parse_args(self, ctx: Context, args: t.List[str]) -> t.List[str]:
+        if not args and self.no_args_is_help and not ctx.resilient_parsing:
+            echo(ctx.get_help(), color=ctx.color)
+            ctx.exit()
+
+        rest = super().parse_args(ctx, args)
+
+        if self.chain:
+            ctx.protected_args = rest
+            ctx.args = []
+        elif rest:
+            ctx.protected_args, ctx.args = rest[:1], rest[1:]
+
+        return ctx.args
+
+    def invoke(self, ctx: Context) -> t.Any:
+        def _process_result(value: t.Any) -> t.Any:
+            if self._result_callback is not None:
+                value = ctx.invoke(self._result_callback, value, **ctx.params)
+            return value
+
+        if not ctx.protected_args:
+            if self.invoke_without_command:
+                # No subcommand was invoked, so the result callback is
+                # invoked with the group return value for regular
+                # groups, or an empty list for chained groups.
+                with ctx:
+                    rv = super().invoke(ctx)
+                    return _process_result([] if self.chain else rv)
+            ctx.fail(_("Missing command."))
+
+        # Fetch args back out
+        args = [*ctx.protected_args, *ctx.args]
+        ctx.args = []
+        ctx.protected_args = []
+
+        # If we're not in chain mode, we only allow the invocation of a
+        # single command but we also inform the current context about the
+        # name of the command to invoke.
+        if not self.chain:
+            # Make sure the context is entered so we do not clean up
+            # resources until the result processor has worked.
+            with ctx:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                ctx.invoked_subcommand = cmd_name
+                super().invoke(ctx)
+                sub_ctx = cmd.make_context(cmd_name, args, parent=ctx)
+                with sub_ctx:
+                    return _process_result(sub_ctx.command.invoke(sub_ctx))
+
+        # In chain mode we create the contexts step by step, but after the
+        # base command has been invoked.  Because at that point we do not
+        # know the subcommands yet, the invoked subcommand attribute is
+        # set to ``*`` to inform the command that subcommands are executed
+        # but nothing else.
+        with ctx:
+            ctx.invoked_subcommand = "*" if args else None
+            super().invoke(ctx)
+
+            # Otherwise we make every single context and invoke them in a
+            # chain.  In that case the return value to the result processor
+            # is the list of all invoked subcommand's results.
+            contexts = []
+            while args:
+                cmd_name, cmd, args = self.resolve_command(ctx, args)
+                assert cmd is not None
+                sub_ctx = cmd.make_context(
+                    cmd_name,
+                    args,
+                    parent=ctx,
+                    allow_extra_args=True,
+                    allow_interspersed_args=False,
+                )
+                contexts.append(sub_ctx)
+                args, sub_ctx.args = sub_ctx.args, []
+
+            rv = []
+            for sub_ctx in contexts:
+                with sub_ctx:
+                    rv.append(sub_ctx.command.invoke(sub_ctx))
+            return _process_result(rv)
+
+    def resolve_command(
+        self, ctx: Context, args: t.List[str]
+    ) -> t.Tuple[t.Optional[str], t.Optional[Command], t.List[str]]:
+        cmd_name = make_str(args[0])
+        original_cmd_name = cmd_name
+
+        # Get the command
+        cmd = self.get_command(ctx, cmd_name)
+
+        # If we can't find the command but there is a normalization
+        # function available, we try with that one.
+        if cmd is None and ctx.token_normalize_func is not None:
+            cmd_name = ctx.token_normalize_func(cmd_name)
+            cmd = self.get_command(ctx, cmd_name)
+
+        # If we don't find the command we want to show an error message
+        # to the user that it was not provided.  However, there is
+        # something else we should do: if the first argument looks like
+        # an option we want to kick off parsing again for arguments to
+        # resolve things like --help which now should go to the main
+        # place.
+        if cmd is None and not ctx.resilient_parsing:
+            if split_opt(cmd_name)[0]:
+                self.parse_args(ctx, ctx.args)
+            ctx.fail(_("No such command {name!r}.").format(name=original_cmd_name))
+        return cmd_name if cmd else None, cmd, args[1:]
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        """Given a context and a command name, this returns a
+        :class:`Command` object if it exists or returns `None`.
+        """
+        raise NotImplementedError
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        """Returns a list of subcommand names in the order they should
+        appear.
+        """
+        return []
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. Looks
+        at the names of options, subcommands, and chained
+        multi-commands.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        results = [
+            CompletionItem(name, help=command.get_short_help_str())
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+        results.extend(super().shell_complete(ctx, incomplete))
+        return results
+
+
+class Group(MultiCommand):
+    """A group allows a command to have subcommands attached. This is
+    the most common way to implement nesting in Click.
+
+    :param name: The name of the group command.
+    :param commands: A dict mapping names to :class:`Command` objects.
+        Can also be a list of :class:`Command`, which will use
+        :attr:`Command.name` to create the dict.
+    :param attrs: Other command arguments described in
+        :class:`MultiCommand`, :class:`Command`, and
+        :class:`BaseCommand`.
+
+    .. versionchanged:: 8.0
+        The ``commands`` argument can be a list of command objects.
+    """
+
+    #: If set, this is used by the group's :meth:`command` decorator
+    #: as the default :class:`Command` class. This is useful to make all
+    #: subcommands use a custom command class.
+    #:
+    #: .. versionadded:: 8.0
+    command_class: t.Optional[t.Type[Command]] = None
+
+    #: If set, this is used by the group's :meth:`group` decorator
+    #: as the default :class:`Group` class. This is useful to make all
+    #: subgroups use a custom group class.
+    #:
+    #: If set to the special value :class:`type` (literally
+    #: ``group_class = type``), this group's class will be used as the
+    #: default class. This makes a custom group class continue to make
+    #: custom groups.
+    #:
+    #: .. versionadded:: 8.0
+    group_class: t.Optional[t.Union[t.Type["Group"], t.Type[type]]] = None
+    # Literal[type] isn't valid, so use Type[type]
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        commands: t.Optional[
+            t.Union[t.MutableMapping[str, Command], t.Sequence[Command]]
+        ] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+
+        if commands is None:
+            commands = {}
+        elif isinstance(commands, abc.Sequence):
+            commands = {c.name: c for c in commands if c.name is not None}
+
+        #: The registered subcommands by their exported names.
+        self.commands: t.MutableMapping[str, Command] = commands
+
+    def add_command(self, cmd: Command, name: t.Optional[str] = None) -> None:
+        """Registers another :class:`Command` with this group.  If the name
+        is not provided, the name of the command is used.
+        """
+        name = name or cmd.name
+        if name is None:
+            raise TypeError("Command has no name.")
+        _check_multicommand(self, name, cmd, register=True)
+        self.commands[name] = cmd
+
+    @t.overload
+    def command(self, __func: t.Callable[..., t.Any]) -> Command:
+        ...
+
+    @t.overload
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], Command]:
+        ...
+
+    def command(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], Command], Command]:
+        """A shortcut decorator for declaring and attaching a command to
+        the group. This takes the same arguments as :func:`command` and
+        immediately registers the created command with this group by
+        calling :meth:`add_command`.
+
+        To customize the command class used, set the
+        :attr:`command_class` attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`command_class` attribute.
+        """
+        from .decorators import command
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'command(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.command_class and kwargs.get("cls") is None:
+            kwargs["cls"] = self.command_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> Command:
+            cmd: Command = command(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    @t.overload
+    def group(self, __func: t.Callable[..., t.Any]) -> "Group":
+        ...
+
+    @t.overload
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Callable[[t.Callable[..., t.Any]], "Group"]:
+        ...
+
+    def group(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.Union[t.Callable[[t.Callable[..., t.Any]], "Group"], "Group"]:
+        """A shortcut decorator for declaring and attaching a group to
+        the group. This takes the same arguments as :func:`group` and
+        immediately registers the created group with this group by
+        calling :meth:`add_command`.
+
+        To customize the group class used, set the :attr:`group_class`
+        attribute.
+
+        .. versionchanged:: 8.1
+            This decorator can be applied without parentheses.
+
+        .. versionchanged:: 8.0
+            Added the :attr:`group_class` attribute.
+        """
+        from .decorators import group
+
+        func: t.Optional[t.Callable[..., t.Any]] = None
+
+        if args and callable(args[0]):
+            assert (
+                len(args) == 1 and not kwargs
+            ), "Use 'group(**kwargs)(callable)' to provide arguments."
+            (func,) = args
+            args = ()
+
+        if self.group_class is not None and kwargs.get("cls") is None:
+            if self.group_class is type:
+                kwargs["cls"] = type(self)
+            else:
+                kwargs["cls"] = self.group_class
+
+        def decorator(f: t.Callable[..., t.Any]) -> "Group":
+            cmd: Group = group(*args, **kwargs)(f)
+            self.add_command(cmd)
+            return cmd
+
+        if func is not None:
+            return decorator(func)
+
+        return decorator
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        return self.commands.get(cmd_name)
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        return sorted(self.commands)
+
+
+class CommandCollection(MultiCommand):
+    """A command collection is a multi command that merges multiple multi
+    commands together into one.  This is a straightforward implementation
+    that accepts a list of different multi commands as sources and
+    provides all the commands for each of them.
+
+    See :class:`MultiCommand` and :class:`Command` for the description of
+    ``name`` and ``attrs``.
+    """
+
+    def __init__(
+        self,
+        name: t.Optional[str] = None,
+        sources: t.Optional[t.List[MultiCommand]] = None,
+        **attrs: t.Any,
+    ) -> None:
+        super().__init__(name, **attrs)
+        #: The list of registered multi commands.
+        self.sources: t.List[MultiCommand] = sources or []
+
+    def add_source(self, multi_cmd: MultiCommand) -> None:
+        """Adds a new multi command to the chain dispatcher."""
+        self.sources.append(multi_cmd)
+
+    def get_command(self, ctx: Context, cmd_name: str) -> t.Optional[Command]:
+        for source in self.sources:
+            rv = source.get_command(ctx, cmd_name)
+
+            if rv is not None:
+                if self.chain:
+                    _check_multicommand(self, cmd_name, rv)
+
+                return rv
+
+        return None
+
+    def list_commands(self, ctx: Context) -> t.List[str]:
+        rv: t.Set[str] = set()
+
+        for source in self.sources:
+            rv.update(source.list_commands(ctx))
+
+        return sorted(rv)
+
+
+def _check_iter(value: t.Any) -> t.Iterator[t.Any]:
+    """Check if the value is iterable but not a string. Raises a type
+    error, or return an iterator over the value.
+    """
+    if isinstance(value, str):
+        raise TypeError
+
+    return iter(value)
+
+
+class Parameter:
+    r"""A parameter to a command comes in two versions: they are either
+    :class:`Option`\s or :class:`Argument`\s.  Other subclasses are currently
+    not supported by design as some of the internals for parsing are
+    intentionally not finalized.
+
+    Some settings are supported by both options and arguments.
+
+    :param param_decls: the parameter declarations for this option or
+                        argument.  This is a list of flags or argument
+                        names.
+    :param type: the type that should be used.  Either a :class:`ParamType`
+                 or a Python type.  The latter is converted into the former
+                 automatically if supported.
+    :param required: controls if this is optional or not.
+    :param default: the default value if omitted.  This can also be a callable,
+                    in which case it's invoked when the default is needed
+                    without any arguments.
+    :param callback: A function to further process or validate the value
+        after type conversion. It is called as ``f(ctx, param, value)``
+        and must return the value. It is called for all sources,
+        including prompts.
+    :param nargs: the number of arguments to match.  If not ``1`` the return
+                  value is a tuple instead of single value.  The default for
+                  nargs is ``1`` (except if the type is a tuple, then it's
+                  the arity of the tuple). If ``nargs=-1``, all remaining
+                  parameters are collected.
+    :param metavar: how the value is represented in the help page.
+    :param expose_value: if this is `True` then the value is passed onwards
+                         to the command callback and stored on the context,
+                         otherwise it's skipped.
+    :param is_eager: eager values are processed before non eager ones.  This
+                     should not be set for arguments or it will inverse the
+                     order of processing.
+    :param envvar: a string or list of strings that are environment variables
+                   that should be checked.
+    :param shell_complete: A function that returns custom shell
+        completions. Used instead of the param's type completion if
+        given. Takes ``ctx, param, incomplete`` and must return a list
+        of :class:`~click.shell_completion.CompletionItem` or a list of
+        strings.
+
+    .. versionchanged:: 8.0
+        ``process_value`` validates required parameters and bounded
+        ``nargs``, and invokes the parameter callback before returning
+        the value. This allows the callback to validate prompts.
+        ``full_process_value`` is removed.
+
+    .. versionchanged:: 8.0
+        ``autocompletion`` is renamed to ``shell_complete`` and has new
+        semantics described above. The old name is deprecated and will
+        be removed in 8.1, until then it will be wrapped to match the
+        new requirements.
+
+    .. versionchanged:: 8.0
+        For ``multiple=True, nargs>1``, the default must be a list of
+        tuples.
+
+    .. versionchanged:: 8.0
+        Setting a default is no longer required for ``nargs>1``, it will
+        default to ``None``. ``multiple=True`` or ``nargs=-1`` will
+        default to ``()``.
+
+    .. versionchanged:: 7.1
+        Empty environment variables are ignored rather than taking the
+        empty string value. This makes it possible for scripts to clear
+        variables if they can't unset them.
+
+    .. versionchanged:: 2.0
+        Changed signature for parameter callback to also be passed the
+        parameter. The old callback format will still work, but it will
+        raise a warning to give you a chance to migrate the code easier.
+    """
+
+    param_type_name = "parameter"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        required: bool = False,
+        default: t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]] = None,
+        callback: t.Optional[t.Callable[[Context, "Parameter", t.Any], t.Any]] = None,
+        nargs: t.Optional[int] = None,
+        multiple: bool = False,
+        metavar: t.Optional[str] = None,
+        expose_value: bool = True,
+        is_eager: bool = False,
+        envvar: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        shell_complete: t.Optional[
+            t.Callable[
+                [Context, "Parameter", str],
+                t.Union[t.List["CompletionItem"], t.List[str]],
+            ]
+        ] = None,
+    ) -> None:
+        self.name: t.Optional[str]
+        self.opts: t.List[str]
+        self.secondary_opts: t.List[str]
+        self.name, self.opts, self.secondary_opts = self._parse_decls(
+            param_decls or (), expose_value
+        )
+        self.type: types.ParamType = types.convert_type(type, default)
+
+        # Default nargs to what the type tells us if we have that
+        # information available.
+        if nargs is None:
+            if self.type.is_composite:
+                nargs = self.type.arity
+            else:
+                nargs = 1
+
+        self.required = required
+        self.callback = callback
+        self.nargs = nargs
+        self.multiple = multiple
+        self.expose_value = expose_value
+        self.default = default
+        self.is_eager = is_eager
+        self.metavar = metavar
+        self.envvar = envvar
+        self._custom_shell_complete = shell_complete
+
+        if __debug__:
+            if self.type.is_composite and nargs != self.type.arity:
+                raise ValueError(
+                    f"'nargs' must be {self.type.arity} (or None) for"
+                    f" type {self.type!r}, but it was {nargs}."
+                )
+
+            # Skip no default or callable default.
+            check_default = default if not callable(default) else None
+
+            if check_default is not None:
+                if multiple:
+                    try:
+                        # Only check the first value against nargs.
+                        check_default = next(_check_iter(check_default), None)
+                    except TypeError:
+                        raise ValueError(
+                            "'default' must be a list when 'multiple' is true."
+                        ) from None
+
+                # Can be None for multiple with empty default.
+                if nargs != 1 and check_default is not None:
+                    try:
+                        _check_iter(check_default)
+                    except TypeError:
+                        if multiple:
+                            message = (
+                                "'default' must be a list of lists when 'multiple' is"
+                                " true and 'nargs' != 1."
+                            )
+                        else:
+                            message = "'default' must be a list when 'nargs' != 1."
+
+                        raise ValueError(message) from None
+
+                    if nargs > 1 and len(check_default) != nargs:
+                        subject = "item length" if multiple else "length"
+                        raise ValueError(
+                            f"'default' {subject} must match nargs={nargs}."
+                        )
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        return {
+            "name": self.name,
+            "param_type_name": self.param_type_name,
+            "opts": self.opts,
+            "secondary_opts": self.secondary_opts,
+            "type": self.type.to_info_dict(),
+            "required": self.required,
+            "nargs": self.nargs,
+            "multiple": self.multiple,
+            "default": self.default,
+            "envvar": self.envvar,
+        }
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} {self.name}>"
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        raise NotImplementedError()
+
+    @property
+    def human_readable_name(self) -> str:
+        """Returns the human readable name of this parameter.  This is the
+        same as the name for options, but the metavar for arguments.
+        """
+        return self.name  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+
+        metavar = self.type.get_metavar(self)
+
+        if metavar is None:
+            metavar = self.type.name.upper()
+
+        if self.nargs != 1:
+            metavar += "..."
+
+        return metavar
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        """Get the default for the parameter. Tries
+        :meth:`Context.lookup_default` first, then the local default.
+
+        :param ctx: Current context.
+        :param call: If the default is a callable, call it. Disable to
+            return the callable instead.
+
+        .. versionchanged:: 8.0.2
+            Type casting is no longer performed when getting a default.
+
+        .. versionchanged:: 8.0.1
+            Type casting can fail in resilient parsing mode. Invalid
+            defaults will not prevent showing help text.
+
+        .. versionchanged:: 8.0
+            Looks at ``ctx.default_map`` first.
+
+        .. versionchanged:: 8.0
+            Added the ``call`` parameter.
+        """
+        value = ctx.lookup_default(self.name, call=False)  # type: ignore
+
+        if value is None:
+            value = self.default
+
+        if call and callable(value):
+            value = value()
+
+        return value
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        raise NotImplementedError()
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value = opts.get(self.name)  # type: ignore
+        source = ParameterSource.COMMANDLINE
+
+        if value is None:
+            value = self.value_from_envvar(ctx)
+            source = ParameterSource.ENVIRONMENT
+
+        if value is None:
+            value = ctx.lookup_default(self.name)  # type: ignore
+            source = ParameterSource.DEFAULT_MAP
+
+        if value is None:
+            value = self.get_default(ctx)
+            source = ParameterSource.DEFAULT
+
+        return value, source
+
+    def type_cast_value(self, ctx: Context, value: t.Any) -> t.Any:
+        """Convert and validate a value against the option's
+        :attr:`type`, :attr:`multiple`, and :attr:`nargs`.
+        """
+        if value is None:
+            return () if self.multiple or self.nargs == -1 else None
+
+        def check_iter(value: t.Any) -> t.Iterator[t.Any]:
+            try:
+                return _check_iter(value)
+            except TypeError:
+                # This should only happen when passing in args manually,
+                # the parser should construct an iterable when parsing
+                # the command line.
+                raise BadParameter(
+                    _("Value must be an iterable."), ctx=ctx, param=self
+                ) from None
+
+        if self.nargs == 1 or self.type.is_composite:
+
+            def convert(value: t.Any) -> t.Any:
+                return self.type(value, param=self, ctx=ctx)
+
+        elif self.nargs == -1:
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                return tuple(self.type(x, self, ctx) for x in check_iter(value))
+
+        else:  # nargs > 1
+
+            def convert(value: t.Any) -> t.Any:  # t.Tuple[t.Any, ...]
+                value = tuple(check_iter(value))
+
+                if len(value) != self.nargs:
+                    raise BadParameter(
+                        ngettext(
+                            "Takes {nargs} values but 1 was given.",
+                            "Takes {nargs} values but {len} were given.",
+                            len(value),
+                        ).format(nargs=self.nargs, len=len(value)),
+                        ctx=ctx,
+                        param=self,
+                    )
+
+                return tuple(self.type(x, self, ctx) for x in value)
+
+        if self.multiple:
+            return tuple(convert(x) for x in check_iter(value))
+
+        return convert(value)
+
+    def value_is_missing(self, value: t.Any) -> bool:
+        if value is None:
+            return True
+
+        if (self.nargs != 1 or self.multiple) and value == ():
+            return True
+
+        return False
+
+    def process_value(self, ctx: Context, value: t.Any) -> t.Any:
+        value = self.type_cast_value(ctx, value)
+
+        if self.required and self.value_is_missing(value):
+            raise MissingParameter(ctx=ctx, param=self)
+
+        if self.callback is not None:
+            value = self.callback(ctx, self, value)
+
+        return value
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        if self.envvar is None:
+            return None
+
+        if isinstance(self.envvar, str):
+            rv = os.environ.get(self.envvar)
+
+            if rv:
+                return rv
+        else:
+            for envvar in self.envvar:
+                rv = os.environ.get(envvar)
+
+                if rv:
+                    return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is not None and self.nargs != 1:
+            rv = self.type.split_envvar_value(rv)
+
+        return rv
+
+    def handle_parse_result(
+        self, ctx: Context, opts: t.Mapping[str, t.Any], args: t.List[str]
+    ) -> t.Tuple[t.Any, t.List[str]]:
+        with augment_usage_errors(ctx, param=self):
+            value, source = self.consume_value(ctx, opts)
+            ctx.set_parameter_source(self.name, source)  # type: ignore
+
+            try:
+                value = self.process_value(ctx, value)
+            except Exception:
+                if not ctx.resilient_parsing:
+                    raise
+
+                value = None
+
+        if self.expose_value:
+            ctx.params[self.name] = value  # type: ignore
+
+        return value, args
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        pass
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return []
+
+    def get_error_hint(self, ctx: Context) -> str:
+        """Get a stringified version of the param for use in error messages to
+        indicate which param caused the error.
+        """
+        hint_list = self.opts or [self.human_readable_name]
+        return " / ".join(f"'{x}'" for x in hint_list)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> t.List["CompletionItem"]:
+        """Return a list of completions for the incomplete value. If a
+        ``shell_complete`` function was given during init, it is used.
+        Otherwise, the :attr:`type`
+        :meth:`~click.types.ParamType.shell_complete` function is used.
+
+        :param ctx: Invocation context for this command.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        if self._custom_shell_complete is not None:
+            results = self._custom_shell_complete(ctx, self, incomplete)
+
+            if results and isinstance(results[0], str):
+                from click.shell_completion import CompletionItem
+
+                results = [CompletionItem(c) for c in results]
+
+            return t.cast(t.List["CompletionItem"], results)
+
+        return self.type.shell_complete(ctx, self, incomplete)
+
+
+class Option(Parameter):
+    """Options are usually optional values on the command line and
+    have some extra features that arguments don't have.
+
+    All other parameters are passed onwards to the parameter constructor.
+
+    :param show_default: Show the default value for this option in its
+        help text. Values are not shown by default, unless
+        :attr:`Context.show_default` is ``True``. If this value is a
+        string, it shows that string in parentheses instead of the
+        actual value. This is particularly useful for dynamic options.
+        For single option boolean flags, the default remains hidden if
+        its value is ``False``.
+    :param show_envvar: Controls if an environment variable should be
+        shown on the help page. Normally, environment variables are not
+        shown.
+    :param prompt: If set to ``True`` or a non empty string then the
+        user will be prompted for input. If set to ``True`` the prompt
+        will be the option name capitalized.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value if it was prompted for. Can be set to a string instead of
+        ``True`` to customize the message.
+    :param prompt_required: If set to ``False``, the user will be
+        prompted for input only when the option was specified as a flag
+        without a value.
+    :param hide_input: If this is ``True`` then the input on the prompt
+        will be hidden from the user. This is useful for password input.
+    :param is_flag: forces this option to act as a flag.  The default is
+                    auto detection.
+    :param flag_value: which value should be used for this flag if it's
+                       enabled.  This is set to a boolean automatically if
+                       the option string contains a slash to mark two options.
+    :param multiple: if this is set to `True` then the argument is accepted
+                     multiple times and recorded.  This is similar to ``nargs``
+                     in how it works but supports arbitrary number of
+                     arguments.
+    :param count: this flag makes an option increment an integer.
+    :param allow_from_autoenv: if this is enabled then the value of this
+                               parameter will be pulled from an environment
+                               variable in case a prefix is defined on the
+                               context.
+    :param help: the help string.
+    :param hidden: hide this option from help outputs.
+    :param attrs: Other command arguments described in :class:`Parameter`.
+
+    .. versionchanged:: 8.1.0
+        Help text indentation is cleaned here instead of only in the
+        ``@option`` decorator.
+
+    .. versionchanged:: 8.1.0
+        The ``show_default`` parameter overrides
+        ``Context.show_default``.
+
+    .. versionchanged:: 8.1.0
+        The default of a single option boolean flag is not shown if the
+        default value is ``False``.
+
+    .. versionchanged:: 8.0.1
+        ``type`` is detected from ``flag_value`` if given.
+    """
+
+    param_type_name = "option"
+
+    def __init__(
+        self,
+        param_decls: t.Optional[t.Sequence[str]] = None,
+        show_default: t.Union[bool, str, None] = None,
+        prompt: t.Union[bool, str] = False,
+        confirmation_prompt: t.Union[bool, str] = False,
+        prompt_required: bool = True,
+        hide_input: bool = False,
+        is_flag: t.Optional[bool] = None,
+        flag_value: t.Optional[t.Any] = None,
+        multiple: bool = False,
+        count: bool = False,
+        allow_from_autoenv: bool = True,
+        type: t.Optional[t.Union[types.ParamType, t.Any]] = None,
+        help: t.Optional[str] = None,
+        hidden: bool = False,
+        show_choices: bool = True,
+        show_envvar: bool = False,
+        **attrs: t.Any,
+    ) -> None:
+        if help:
+            help = inspect.cleandoc(help)
+
+        default_is_missing = "default" not in attrs
+        super().__init__(param_decls, type=type, multiple=multiple, **attrs)
+
+        if prompt is True:
+            if self.name is None:
+                raise TypeError("'name' is required with 'prompt=True'.")
+
+            prompt_text: t.Optional[str] = self.name.replace("_", " ").capitalize()
+        elif prompt is False:
+            prompt_text = None
+        else:
+            prompt_text = prompt
+
+        self.prompt = prompt_text
+        self.confirmation_prompt = confirmation_prompt
+        self.prompt_required = prompt_required
+        self.hide_input = hide_input
+        self.hidden = hidden
+
+        # If prompt is enabled but not required, then the option can be
+        # used as a flag to indicate using prompt or flag_value.
+        self._flag_needs_value = self.prompt is not None and not self.prompt_required
+
+        if is_flag is None:
+            if flag_value is not None:
+                # Implicitly a flag because flag_value was set.
+                is_flag = True
+            elif self._flag_needs_value:
+                # Not a flag, but when used as a flag it shows a prompt.
+                is_flag = False
+            else:
+                # Implicitly a flag because flag options were given.
+                is_flag = bool(self.secondary_opts)
+        elif is_flag is False and not self._flag_needs_value:
+            # Not a flag, and prompt is not enabled, can be used as a
+            # flag if flag_value is set.
+            self._flag_needs_value = flag_value is not None
+
+        self.default: t.Union[t.Any, t.Callable[[], t.Any]]
+
+        if is_flag and default_is_missing and not self.required:
+            if multiple:
+                self.default = ()
+            else:
+                self.default = False
+
+        if flag_value is None:
+            flag_value = not self.default
+
+        self.type: types.ParamType
+        if is_flag and type is None:
+            # Re-guess the type from the flag value instead of the
+            # default.
+            self.type = types.convert_type(None, flag_value)
+
+        self.is_flag: bool = is_flag
+        self.is_bool_flag: bool = is_flag and isinstance(self.type, types.BoolParamType)
+        self.flag_value: t.Any = flag_value
+
+        # Counting
+        self.count = count
+        if count:
+            if type is None:
+                self.type = types.IntRange(min=0)
+            if default_is_missing:
+                self.default = 0
+
+        self.allow_from_autoenv = allow_from_autoenv
+        self.help = help
+        self.show_default = show_default
+        self.show_choices = show_choices
+        self.show_envvar = show_envvar
+
+        if __debug__:
+            if self.nargs == -1:
+                raise TypeError("nargs=-1 is not supported for options.")
+
+            if self.prompt and self.is_flag and not self.is_bool_flag:
+                raise TypeError("'prompt' is not valid for non-boolean flag.")
+
+            if not self.is_bool_flag and self.secondary_opts:
+                raise TypeError("Secondary flag is not valid for non-boolean flag.")
+
+            if self.is_bool_flag and self.hide_input and self.prompt is not None:
+                raise TypeError(
+                    "'prompt' with 'hide_input' is not valid for boolean flag."
+                )
+
+            if self.count:
+                if self.multiple:
+                    raise TypeError("'count' is not valid with 'multiple'.")
+
+                if self.is_flag:
+                    raise TypeError("'count' is not valid with 'is_flag'.")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            help=self.help,
+            prompt=self.prompt,
+            is_flag=self.is_flag,
+            flag_value=self.flag_value,
+            count=self.count,
+            hidden=self.hidden,
+        )
+        return info_dict
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        opts = []
+        secondary_opts = []
+        name = None
+        possible_names = []
+
+        for decl in decls:
+            if decl.isidentifier():
+                if name is not None:
+                    raise TypeError(f"Name '{name}' defined twice")
+                name = decl
+            else:
+                split_char = ";" if decl[:1] == "/" else "/"
+                if split_char in decl:
+                    first, second = decl.split(split_char, 1)
+                    first = first.rstrip()
+                    if first:
+                        possible_names.append(split_opt(first))
+                        opts.append(first)
+                    second = second.lstrip()
+                    if second:
+                        secondary_opts.append(second.lstrip())
+                    if first == second:
+                        raise ValueError(
+                            f"Boolean option {decl!r} cannot use the"
+                            " same flag for true/false."
+                        )
+                else:
+                    possible_names.append(split_opt(decl))
+                    opts.append(decl)
+
+        if name is None and possible_names:
+            possible_names.sort(key=lambda x: -len(x[0]))  # group long options first
+            name = possible_names[0][1].replace("-", "_").lower()
+            if not name.isidentifier():
+                name = None
+
+        if name is None:
+            if not expose_value:
+                return None, opts, secondary_opts
+            raise TypeError("Could not determine name for option")
+
+        if not opts and not secondary_opts:
+            raise TypeError(
+                f"No options defined but a name was passed ({name})."
+                " Did you mean to declare an argument instead? Did"
+                f" you mean to pass '--{name}'?"
+            )
+
+        return name, opts, secondary_opts
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        if self.multiple:
+            action = "append"
+        elif self.count:
+            action = "count"
+        else:
+            action = "store"
+
+        if self.is_flag:
+            action = f"{action}_const"
+
+            if self.is_bool_flag and self.secondary_opts:
+                parser.add_option(
+                    obj=self, opts=self.opts, dest=self.name, action=action, const=True
+                )
+                parser.add_option(
+                    obj=self,
+                    opts=self.secondary_opts,
+                    dest=self.name,
+                    action=action,
+                    const=False,
+                )
+            else:
+                parser.add_option(
+                    obj=self,
+                    opts=self.opts,
+                    dest=self.name,
+                    action=action,
+                    const=self.flag_value,
+                )
+        else:
+            parser.add_option(
+                obj=self,
+                opts=self.opts,
+                dest=self.name,
+                action=action,
+                nargs=self.nargs,
+            )
+
+    def get_help_record(self, ctx: Context) -> t.Optional[t.Tuple[str, str]]:
+        if self.hidden:
+            return None
+
+        any_prefix_is_slash = False
+
+        def _write_opts(opts: t.Sequence[str]) -> str:
+            nonlocal any_prefix_is_slash
+
+            rv, any_slashes = join_options(opts)
+
+            if any_slashes:
+                any_prefix_is_slash = True
+
+            if not self.is_flag and not self.count:
+                rv += f" {self.make_metavar()}"
+
+            return rv
+
+        rv = [_write_opts(self.opts)]
+
+        if self.secondary_opts:
+            rv.append(_write_opts(self.secondary_opts))
+
+        help = self.help or ""
+        extra = []
+
+        if self.show_envvar:
+            envvar = self.envvar
+
+            if envvar is None:
+                if (
+                    self.allow_from_autoenv
+                    and ctx.auto_envvar_prefix is not None
+                    and self.name is not None
+                ):
+                    envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+
+            if envvar is not None:
+                var_str = (
+                    envvar
+                    if isinstance(envvar, str)
+                    else ", ".join(str(d) for d in envvar)
+                )
+                extra.append(_("env var: {var}").format(var=var_str))
+
+        # Temporarily enable resilient parsing to avoid type casting
+        # failing for the default. Might be possible to extend this to
+        # help formatting in general.
+        resilient = ctx.resilient_parsing
+        ctx.resilient_parsing = True
+
+        try:
+            default_value = self.get_default(ctx, call=False)
+        finally:
+            ctx.resilient_parsing = resilient
+
+        show_default = False
+        show_default_is_str = False
+
+        if self.show_default is not None:
+            if isinstance(self.show_default, str):
+                show_default_is_str = show_default = True
+            else:
+                show_default = self.show_default
+        elif ctx.show_default is not None:
+            show_default = ctx.show_default
+
+        if show_default_is_str or (show_default and (default_value is not None)):
+            if show_default_is_str:
+                default_string = f"({self.show_default})"
+            elif isinstance(default_value, (list, tuple)):
+                default_string = ", ".join(str(d) for d in default_value)
+            elif inspect.isfunction(default_value):
+                default_string = _("(dynamic)")
+            elif self.is_bool_flag and self.secondary_opts:
+                # For boolean flags that have distinct True/False opts,
+                # use the opt without prefix instead of the value.
+                default_string = split_opt(
+                    (self.opts if self.default else self.secondary_opts)[0]
+                )[1]
+            elif self.is_bool_flag and not self.secondary_opts and not default_value:
+                default_string = ""
+            else:
+                default_string = str(default_value)
+
+            if default_string:
+                extra.append(_("default: {default}").format(default=default_string))
+
+        if (
+            isinstance(self.type, types._NumberRangeBase)
+            # skip count with default range type
+            and not (self.count and self.type.min == 0 and self.type.max is None)
+        ):
+            range_str = self.type._describe_range()
+
+            if range_str:
+                extra.append(range_str)
+
+        if self.required:
+            extra.append(_("required"))
+
+        if extra:
+            extra_str = "; ".join(extra)
+            help = f"{help}  [{extra_str}]" if help else f"[{extra_str}]"
+
+        return ("; " if any_prefix_is_slash else " / ").join(rv), help
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: "te.Literal[True]" = True
+    ) -> t.Optional[t.Any]:
+        ...
+
+    @t.overload
+    def get_default(
+        self, ctx: Context, call: bool = ...
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        ...
+
+    def get_default(
+        self, ctx: Context, call: bool = True
+    ) -> t.Optional[t.Union[t.Any, t.Callable[[], t.Any]]]:
+        # If we're a non boolean flag our default is more complex because
+        # we need to look at all flags in the same group to figure out
+        # if we're the default one in which case we return the flag
+        # value as default.
+        if self.is_flag and not self.is_bool_flag:
+            for param in ctx.command.params:
+                if param.name == self.name and param.default:
+                    return t.cast(Option, param).flag_value
+
+            return None
+
+        return super().get_default(ctx, call=call)
+
+    def prompt_for_value(self, ctx: Context) -> t.Any:
+        """This is an alternative flow that can be activated in the full
+        value processing if a value does not exist.  It will prompt the
+        user until a valid value exists and then returns the processed
+        value as result.
+        """
+        assert self.prompt is not None
+
+        # Calculate the default before prompting anything to be stable.
+        default = self.get_default(ctx)
+
+        # If this is a prompt for a flag we need to handle this
+        # differently.
+        if self.is_bool_flag:
+            return confirm(self.prompt, default)
+
+        return prompt(
+            self.prompt,
+            default=default,
+            type=self.type,
+            hide_input=self.hide_input,
+            show_choices=self.show_choices,
+            confirmation_prompt=self.confirmation_prompt,
+            value_proc=lambda x: self.process_value(ctx, x),
+        )
+
+    def resolve_envvar_value(self, ctx: Context) -> t.Optional[str]:
+        rv = super().resolve_envvar_value(ctx)
+
+        if rv is not None:
+            return rv
+
+        if (
+            self.allow_from_autoenv
+            and ctx.auto_envvar_prefix is not None
+            and self.name is not None
+        ):
+            envvar = f"{ctx.auto_envvar_prefix}_{self.name.upper()}"
+            rv = os.environ.get(envvar)
+
+            if rv:
+                return rv
+
+        return None
+
+    def value_from_envvar(self, ctx: Context) -> t.Optional[t.Any]:
+        rv: t.Optional[t.Any] = self.resolve_envvar_value(ctx)
+
+        if rv is None:
+            return None
+
+        value_depth = (self.nargs != 1) + bool(self.multiple)
+
+        if value_depth > 0:
+            rv = self.type.split_envvar_value(rv)
+
+            if self.multiple and self.nargs != 1:
+                rv = batch(rv, self.nargs)
+
+        return rv
+
+    def consume_value(
+        self, ctx: Context, opts: t.Mapping[str, "Parameter"]
+    ) -> t.Tuple[t.Any, ParameterSource]:
+        value, source = super().consume_value(ctx, opts)
+
+        # The parser will emit a sentinel value if the option can be
+        # given as a flag without a value. This is different from None
+        # to distinguish from the flag not being given at all.
+        if value is _flag_needs_value:
+            if self.prompt is not None and not ctx.resilient_parsing:
+                value = self.prompt_for_value(ctx)
+                source = ParameterSource.PROMPT
+            else:
+                value = self.flag_value
+                source = ParameterSource.COMMANDLINE
+
+        elif (
+            self.multiple
+            and value is not None
+            and any(v is _flag_needs_value for v in value)
+        ):
+            value = [self.flag_value if v is _flag_needs_value else v for v in value]
+            source = ParameterSource.COMMANDLINE
+
+        # The value wasn't set, or used the param's default, prompt if
+        # prompting is enabled.
+        elif (
+            source in {None, ParameterSource.DEFAULT}
+            and self.prompt is not None
+            and (self.required or self.prompt_required)
+            and not ctx.resilient_parsing
+        ):
+            value = self.prompt_for_value(ctx)
+            source = ParameterSource.PROMPT
+
+        return value, source
+
+
+class Argument(Parameter):
+    """Arguments are positional parameters to a command.  They generally
+    provide fewer features than options but can have infinite ``nargs``
+    and are required by default.
+
+    All parameters are passed onwards to the constructor of :class:`Parameter`.
+    """
+
+    param_type_name = "argument"
+
+    def __init__(
+        self,
+        param_decls: t.Sequence[str],
+        required: t.Optional[bool] = None,
+        **attrs: t.Any,
+    ) -> None:
+        if required is None:
+            if attrs.get("default") is not None:
+                required = False
+            else:
+                required = attrs.get("nargs", 1) > 0
+
+        if "multiple" in attrs:
+            raise TypeError("__init__() got an unexpected keyword argument 'multiple'.")
+
+        super().__init__(param_decls, required=required, **attrs)
+
+        if __debug__:
+            if self.default is not None and self.nargs == -1:
+                raise TypeError("'default' is not supported for nargs=-1.")
+
+    @property
+    def human_readable_name(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        return self.name.upper()  # type: ignore
+
+    def make_metavar(self) -> str:
+        if self.metavar is not None:
+            return self.metavar
+        var = self.type.get_metavar(self)
+        if not var:
+            var = self.name.upper()  # type: ignore
+        if not self.required:
+            var = f"[{var}]"
+        if self.nargs != 1:
+            var += "..."
+        return var
+
+    def _parse_decls(
+        self, decls: t.Sequence[str], expose_value: bool
+    ) -> t.Tuple[t.Optional[str], t.List[str], t.List[str]]:
+        if not decls:
+            if not expose_value:
+                return None, [], []
+            raise TypeError("Could not determine name for argument")
+        if len(decls) == 1:
+            name = arg = decls[0]
+            name = name.replace("-", "_").lower()
+        else:
+            raise TypeError(
+                "Arguments take exactly one parameter declaration, got"
+                f" {len(decls)}."
+            )
+        return name, [arg], []
+
+    def get_usage_pieces(self, ctx: Context) -> t.List[str]:
+        return [self.make_metavar()]
+
+    def get_error_hint(self, ctx: Context) -> str:
+        return f"'{self.make_metavar()}'"
+
+    def add_to_parser(self, parser: OptionParser, ctx: Context) -> None:
+        parser.add_argument(dest=self.name, nargs=self.nargs, obj=self)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/decorators.py b/lib/go-jinja2/internal/data/windows-amd64/click/decorators.py
new file mode 100644
index 000000000..d9bba9502
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/decorators.py
@@ -0,0 +1,561 @@
+import inspect
+import types
+import typing as t
+from functools import update_wrapper
+from gettext import gettext as _
+
+from .core import Argument
+from .core import Command
+from .core import Context
+from .core import Group
+from .core import Option
+from .core import Parameter
+from .globals import get_current_context
+from .utils import echo
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+T = t.TypeVar("T")
+_AnyCallable = t.Callable[..., t.Any]
+FC = t.TypeVar("FC", bound=t.Union[_AnyCallable, Command])
+
+
+def pass_context(f: "t.Callable[te.Concatenate[Context, P], R]") -> "t.Callable[P, R]":
+    """Marks a callback as wanting to receive the current context
+    object as first argument.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context(), *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def pass_obj(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+    """Similar to :func:`pass_context`, but only pass the object on the
+    context onwards (:attr:`Context.obj`).  This is useful if that object
+    represents the state of a nested system.
+    """
+
+    def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+        return f(get_current_context().obj, *args, **kwargs)
+
+    return update_wrapper(new_func, f)
+
+
+def make_pass_decorator(
+    object_type: t.Type[T], ensure: bool = False
+) -> t.Callable[["t.Callable[te.Concatenate[T, P], R]"], "t.Callable[P, R]"]:
+    """Given an object type this creates a decorator that will work
+    similar to :func:`pass_obj` but instead of passing the object of the
+    current context, it will find the innermost context of type
+    :func:`object_type`.
+
+    This generates a decorator that works roughly like this::
+
+        from functools import update_wrapper
+
+        def decorator(f):
+            @pass_context
+            def new_func(ctx, *args, **kwargs):
+                obj = ctx.find_object(object_type)
+                return ctx.invoke(f, obj, *args, **kwargs)
+            return update_wrapper(new_func, f)
+        return decorator
+
+    :param object_type: the type of the object to pass.
+    :param ensure: if set to `True`, a new object will be created and
+                   remembered on the context if it's not there yet.
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[T, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> "R":
+            ctx = get_current_context()
+
+            obj: t.Optional[T]
+            if ensure:
+                obj = ctx.ensure_object(object_type)
+            else:
+                obj = ctx.find_object(object_type)
+
+            if obj is None:
+                raise RuntimeError(
+                    "Managed to invoke callback without a context"
+                    f" object of type {object_type.__name__!r}"
+                    " existing."
+                )
+
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    return decorator  # type: ignore[return-value]
+
+
+def pass_meta_key(
+    key: str, *, doc_description: t.Optional[str] = None
+) -> "t.Callable[[t.Callable[te.Concatenate[t.Any, P], R]], t.Callable[P, R]]":
+    """Create a decorator that passes a key from
+    :attr:`click.Context.meta` as the first argument to the decorated
+    function.
+
+    :param key: Key in ``Context.meta`` to pass.
+    :param doc_description: Description of the object being passed,
+        inserted into the decorator's docstring. Defaults to "the 'key'
+        key from Context.meta".
+
+    .. versionadded:: 8.0
+    """
+
+    def decorator(f: "t.Callable[te.Concatenate[t.Any, P], R]") -> "t.Callable[P, R]":
+        def new_func(*args: "P.args", **kwargs: "P.kwargs") -> R:
+            ctx = get_current_context()
+            obj = ctx.meta[key]
+            return ctx.invoke(f, obj, *args, **kwargs)
+
+        return update_wrapper(new_func, f)
+
+    if doc_description is None:
+        doc_description = f"the {key!r} key from :attr:`click.Context.meta`"
+
+    decorator.__doc__ = (
+        f"Decorator that passes {doc_description} as the first argument"
+        " to the decorated function."
+    )
+    return decorator  # type: ignore[return-value]
+
+
+CmdType = t.TypeVar("CmdType", bound=Command)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def command(name: _AnyCallable) -> Command:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @command(namearg, CommandCls, ...) or @command(namearg, cls=CommandCls, ...)
+@t.overload
+def command(
+    name: t.Optional[str],
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @command(cls=CommandCls, ...)
+@t.overload
+def command(
+    name: None = None,
+    *,
+    cls: t.Type[CmdType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], CmdType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def command(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Command]:
+    ...
+
+
+def command(
+    name: t.Union[t.Optional[str], _AnyCallable] = None,
+    cls: t.Optional[t.Type[CmdType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Command, t.Callable[[_AnyCallable], t.Union[Command, CmdType]]]:
+    r"""Creates a new :class:`Command` and uses the decorated function as
+    callback.  This will also automatically attach all decorated
+    :func:`option`\s and :func:`argument`\s as parameters to the command.
+
+    The name of the command defaults to the name of the function with
+    underscores replaced by dashes.  If you want to change that, you can
+    pass the intended name as the first argument.
+
+    All keyword arguments are forwarded to the underlying command class.
+    For the ``params`` argument, any decorated params are appended to
+    the end of the list.
+
+    Once decorated the function turns into a :class:`Command` instance
+    that can be invoked as a command line utility or be attached to a
+    command :class:`Group`.
+
+    :param name: the name of the command.  This defaults to the function
+                 name with underscores replaced by dashes.
+    :param cls: the command class to instantiate.  This defaults to
+                :class:`Command`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+
+    .. versionchanged:: 8.1
+        The ``params`` argument can be used. Decorated params are
+        appended to the end of the list.
+    """
+
+    func: t.Optional[t.Callable[[_AnyCallable], t.Any]] = None
+
+    if callable(name):
+        func = name
+        name = None
+        assert cls is None, "Use 'command(cls=cls)(callable)' to specify a class."
+        assert not attrs, "Use 'command(**kwargs)(callable)' to provide arguments."
+
+    if cls is None:
+        cls = t.cast(t.Type[CmdType], Command)
+
+    def decorator(f: _AnyCallable) -> CmdType:
+        if isinstance(f, Command):
+            raise TypeError("Attempted to convert a callback into a command twice.")
+
+        attr_params = attrs.pop("params", None)
+        params = attr_params if attr_params is not None else []
+
+        try:
+            decorator_params = f.__click_params__  # type: ignore
+        except AttributeError:
+            pass
+        else:
+            del f.__click_params__  # type: ignore
+            params.extend(reversed(decorator_params))
+
+        if attrs.get("help") is None:
+            attrs["help"] = f.__doc__
+
+        if t.TYPE_CHECKING:
+            assert cls is not None
+            assert not callable(name)
+
+        cmd = cls(
+            name=name or f.__name__.lower().replace("_", "-"),
+            callback=f,
+            params=params,
+            **attrs,
+        )
+        cmd.__doc__ = f.__doc__
+        return cmd
+
+    if func is not None:
+        return decorator(func)
+
+    return decorator
+
+
+GrpType = t.TypeVar("GrpType", bound=Group)
+
+
+# variant: no call, directly as decorator for a function.
+@t.overload
+def group(name: _AnyCallable) -> Group:
+    ...
+
+
+# variant: with positional name and with positional or keyword cls argument:
+# @group(namearg, GroupCls, ...) or @group(namearg, cls=GroupCls, ...)
+@t.overload
+def group(
+    name: t.Optional[str],
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: name omitted, cls _must_ be a keyword argument, @group(cmd=GroupCls, ...)
+@t.overload
+def group(
+    name: None = None,
+    *,
+    cls: t.Type[GrpType],
+    **attrs: t.Any,
+) -> t.Callable[[_AnyCallable], GrpType]:
+    ...
+
+
+# variant: with optional string name, no cls argument provided.
+@t.overload
+def group(
+    name: t.Optional[str] = ..., cls: None = None, **attrs: t.Any
+) -> t.Callable[[_AnyCallable], Group]:
+    ...
+
+
+def group(
+    name: t.Union[str, _AnyCallable, None] = None,
+    cls: t.Optional[t.Type[GrpType]] = None,
+    **attrs: t.Any,
+) -> t.Union[Group, t.Callable[[_AnyCallable], t.Union[Group, GrpType]]]:
+    """Creates a new :class:`Group` with a function as callback.  This
+    works otherwise the same as :func:`command` just that the `cls`
+    parameter is set to :class:`Group`.
+
+    .. versionchanged:: 8.1
+        This decorator can be applied without parentheses.
+    """
+    if cls is None:
+        cls = t.cast(t.Type[GrpType], Group)
+
+    if callable(name):
+        return command(cls=cls, **attrs)(name)
+
+    return command(name, cls, **attrs)
+
+
+def _param_memo(f: t.Callable[..., t.Any], param: Parameter) -> None:
+    if isinstance(f, Command):
+        f.params.append(param)
+    else:
+        if not hasattr(f, "__click_params__"):
+            f.__click_params__ = []  # type: ignore
+
+        f.__click_params__.append(param)  # type: ignore
+
+
+def argument(
+    *param_decls: str, cls: t.Optional[t.Type[Argument]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an argument to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Argument`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Argument` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default argument class, refer to :class:`Argument` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the argument class to instantiate.  This defaults to
+                :class:`Argument`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Argument
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def option(
+    *param_decls: str, cls: t.Optional[t.Type[Option]] = None, **attrs: t.Any
+) -> t.Callable[[FC], FC]:
+    """Attaches an option to the command.  All positional arguments are
+    passed as parameter declarations to :class:`Option`; all keyword
+    arguments are forwarded unchanged (except ``cls``).
+    This is equivalent to creating an :class:`Option` instance manually
+    and attaching it to the :attr:`Command.params` list.
+
+    For the default option class, refer to :class:`Option` and
+    :class:`Parameter` for descriptions of parameters.
+
+    :param cls: the option class to instantiate.  This defaults to
+                :class:`Option`.
+    :param param_decls: Passed as positional arguments to the constructor of
+        ``cls``.
+    :param attrs: Passed as keyword arguments to the constructor of ``cls``.
+    """
+    if cls is None:
+        cls = Option
+
+    def decorator(f: FC) -> FC:
+        _param_memo(f, cls(param_decls, **attrs))
+        return f
+
+    return decorator
+
+
+def confirmation_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--yes`` option which shows a prompt before continuing if
+    not passed. If the prompt is declined, the program will exit.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--yes"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value:
+            ctx.abort()
+
+    if not param_decls:
+        param_decls = ("--yes",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("callback", callback)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("prompt", "Do you want to continue?")
+    kwargs.setdefault("help", "Confirm the action without prompting.")
+    return option(*param_decls, **kwargs)
+
+
+def password_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--password`` option which prompts for a password, hiding
+    input and asking to enter the value again for confirmation.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--password"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+    if not param_decls:
+        param_decls = ("--password",)
+
+    kwargs.setdefault("prompt", True)
+    kwargs.setdefault("confirmation_prompt", True)
+    kwargs.setdefault("hide_input", True)
+    return option(*param_decls, **kwargs)
+
+
+def version_option(
+    version: t.Optional[str] = None,
+    *param_decls: str,
+    package_name: t.Optional[str] = None,
+    prog_name: t.Optional[str] = None,
+    message: t.Optional[str] = None,
+    **kwargs: t.Any,
+) -> t.Callable[[FC], FC]:
+    """Add a ``--version`` option which immediately prints the version
+    number and exits the program.
+
+    If ``version`` is not provided, Click will try to detect it using
+    :func:`importlib.metadata.version` to get the version for the
+    ``package_name``. On Python < 3.8, the ``importlib_metadata``
+    backport must be installed.
+
+    If ``package_name`` is not provided, Click will try to detect it by
+    inspecting the stack frames. This will be used to detect the
+    version, so it must match the name of the installed package.
+
+    :param version: The version number to show. If not provided, Click
+        will try to detect it.
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--version"``.
+    :param package_name: The package name to detect the version from. If
+        not provided, Click will try to detect it.
+    :param prog_name: The name of the CLI to show in the message. If not
+        provided, it will be detected from the command.
+    :param message: The message to show. The values ``%(prog)s``,
+        ``%(package)s``, and ``%(version)s`` are available. Defaults to
+        ``"%(prog)s, version %(version)s"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    :raise RuntimeError: ``version`` could not be detected.
+
+    .. versionchanged:: 8.0
+        Add the ``package_name`` parameter, and the ``%(package)s``
+        value for messages.
+
+    .. versionchanged:: 8.0
+        Use :mod:`importlib.metadata` instead of ``pkg_resources``. The
+        version is detected based on the package name, not the entry
+        point name. The Python package name must match the installed
+        package name, or be passed with ``package_name=``.
+    """
+    if message is None:
+        message = _("%(prog)s, version %(version)s")
+
+    if version is None and package_name is None:
+        frame = inspect.currentframe()
+        f_back = frame.f_back if frame is not None else None
+        f_globals = f_back.f_globals if f_back is not None else None
+        # break reference cycle
+        # https://docs.python.org/3/library/inspect.html#the-interpreter-stack
+        del frame
+
+        if f_globals is not None:
+            package_name = f_globals.get("__name__")
+
+            if package_name == "__main__":
+                package_name = f_globals.get("__package__")
+
+            if package_name:
+                package_name = package_name.partition(".")[0]
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        nonlocal prog_name
+        nonlocal version
+
+        if prog_name is None:
+            prog_name = ctx.find_root().info_name
+
+        if version is None and package_name is not None:
+            metadata: t.Optional[types.ModuleType]
+
+            try:
+                from importlib import metadata  # type: ignore
+            except ImportError:
+                # Python < 3.8
+                import importlib_metadata as metadata  # type: ignore
+
+            try:
+                version = metadata.version(package_name)  # type: ignore
+            except metadata.PackageNotFoundError:  # type: ignore
+                raise RuntimeError(
+                    f"{package_name!r} is not installed. Try passing"
+                    " 'package_name' instead."
+                ) from None
+
+        if version is None:
+            raise RuntimeError(
+                f"Could not determine the version for {package_name!r} automatically."
+            )
+
+        echo(
+            message % {"prog": prog_name, "package": package_name, "version": version},
+            color=ctx.color,
+        )
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--version",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show the version and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
+
+
+def help_option(*param_decls: str, **kwargs: t.Any) -> t.Callable[[FC], FC]:
+    """Add a ``--help`` option which immediately prints the help page
+    and exits the program.
+
+    This is usually unnecessary, as the ``--help`` option is added to
+    each command automatically unless ``add_help_option=False`` is
+    passed.
+
+    :param param_decls: One or more option names. Defaults to the single
+        value ``"--help"``.
+    :param kwargs: Extra arguments are passed to :func:`option`.
+    """
+
+    def callback(ctx: Context, param: Parameter, value: bool) -> None:
+        if not value or ctx.resilient_parsing:
+            return
+
+        echo(ctx.get_help(), color=ctx.color)
+        ctx.exit()
+
+    if not param_decls:
+        param_decls = ("--help",)
+
+    kwargs.setdefault("is_flag", True)
+    kwargs.setdefault("expose_value", False)
+    kwargs.setdefault("is_eager", True)
+    kwargs.setdefault("help", _("Show this message and exit."))
+    kwargs["callback"] = callback
+    return option(*param_decls, **kwargs)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/exceptions.py b/lib/go-jinja2/internal/data/windows-amd64/click/exceptions.py
new file mode 100644
index 000000000..fe68a3613
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/exceptions.py
@@ -0,0 +1,288 @@
+import typing as t
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import get_text_stderr
+from .utils import echo
+from .utils import format_filename
+
+if t.TYPE_CHECKING:
+    from .core import Command
+    from .core import Context
+    from .core import Parameter
+
+
+def _join_param_hints(
+    param_hint: t.Optional[t.Union[t.Sequence[str], str]]
+) -> t.Optional[str]:
+    if param_hint is not None and not isinstance(param_hint, str):
+        return " / ".join(repr(x) for x in param_hint)
+
+    return param_hint
+
+
+class ClickException(Exception):
+    """An exception that Click can handle and show to the user."""
+
+    #: The exit code for this exception.
+    exit_code = 1
+
+    def __init__(self, message: str) -> None:
+        super().__init__(message)
+        self.message = message
+
+    def format_message(self) -> str:
+        return self.message
+
+    def __str__(self) -> str:
+        return self.message
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+
+        echo(_("Error: {message}").format(message=self.format_message()), file=file)
+
+
+class UsageError(ClickException):
+    """An internal exception that signals a usage error.  This typically
+    aborts any further handling.
+
+    :param message: the error message to display.
+    :param ctx: optionally the context that caused this error.  Click will
+                fill in the context automatically in some situations.
+    """
+
+    exit_code = 2
+
+    def __init__(self, message: str, ctx: t.Optional["Context"] = None) -> None:
+        super().__init__(message)
+        self.ctx = ctx
+        self.cmd: t.Optional["Command"] = self.ctx.command if self.ctx else None
+
+    def show(self, file: t.Optional[t.IO[t.Any]] = None) -> None:
+        if file is None:
+            file = get_text_stderr()
+        color = None
+        hint = ""
+        if (
+            self.ctx is not None
+            and self.ctx.command.get_help_option(self.ctx) is not None
+        ):
+            hint = _("Try '{command} {option}' for help.").format(
+                command=self.ctx.command_path, option=self.ctx.help_option_names[0]
+            )
+            hint = f"{hint}\n"
+        if self.ctx is not None:
+            color = self.ctx.color
+            echo(f"{self.ctx.get_usage()}\n{hint}", file=file, color=color)
+        echo(
+            _("Error: {message}").format(message=self.format_message()),
+            file=file,
+            color=color,
+        )
+
+
+class BadParameter(UsageError):
+    """An exception that formats out a standardized error message for a
+    bad parameter.  This is useful when thrown from a callback or type as
+    Click will attach contextual information to it (for instance, which
+    parameter it is).
+
+    .. versionadded:: 2.0
+
+    :param param: the parameter object that caused this error.  This can
+                  be left out, and Click will attach this info itself
+                  if possible.
+    :param param_hint: a string that shows up as parameter name.  This
+                       can be used as alternative to `param` in cases
+                       where custom validation should happen.  If it is
+                       a string it's used as such, if it's a list then
+                       each item is quoted and separated.
+    """
+
+    def __init__(
+        self,
+        message: str,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message, ctx)
+        self.param = param
+        self.param_hint = param_hint
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            return _("Invalid value: {message}").format(message=self.message)
+
+        return _("Invalid value for {param_hint}: {message}").format(
+            param_hint=_join_param_hints(param_hint), message=self.message
+        )
+
+
+class MissingParameter(BadParameter):
+    """Raised if click required an option or argument but it was not
+    provided when invoking the script.
+
+    .. versionadded:: 4.0
+
+    :param param_type: a string that indicates the type of the parameter.
+                       The default is to inherit the parameter type from
+                       the given `param`.  Valid values are ``'parameter'``,
+                       ``'option'`` or ``'argument'``.
+    """
+
+    def __init__(
+        self,
+        message: t.Optional[str] = None,
+        ctx: t.Optional["Context"] = None,
+        param: t.Optional["Parameter"] = None,
+        param_hint: t.Optional[str] = None,
+        param_type: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message or "", ctx, param, param_hint)
+        self.param_type = param_type
+
+    def format_message(self) -> str:
+        if self.param_hint is not None:
+            param_hint: t.Optional[str] = self.param_hint
+        elif self.param is not None:
+            param_hint = self.param.get_error_hint(self.ctx)  # type: ignore
+        else:
+            param_hint = None
+
+        param_hint = _join_param_hints(param_hint)
+        param_hint = f" {param_hint}" if param_hint else ""
+
+        param_type = self.param_type
+        if param_type is None and self.param is not None:
+            param_type = self.param.param_type_name
+
+        msg = self.message
+        if self.param is not None:
+            msg_extra = self.param.type.get_missing_message(self.param)
+            if msg_extra:
+                if msg:
+                    msg += f". {msg_extra}"
+                else:
+                    msg = msg_extra
+
+        msg = f" {msg}" if msg else ""
+
+        # Translate param_type for known types.
+        if param_type == "argument":
+            missing = _("Missing argument")
+        elif param_type == "option":
+            missing = _("Missing option")
+        elif param_type == "parameter":
+            missing = _("Missing parameter")
+        else:
+            missing = _("Missing {param_type}").format(param_type=param_type)
+
+        return f"{missing}{param_hint}.{msg}"
+
+    def __str__(self) -> str:
+        if not self.message:
+            param_name = self.param.name if self.param else None
+            return _("Missing parameter: {param_name}").format(param_name=param_name)
+        else:
+            return self.message
+
+
+class NoSuchOption(UsageError):
+    """Raised if click attempted to handle an option that does not
+    exist.
+
+    .. versionadded:: 4.0
+    """
+
+    def __init__(
+        self,
+        option_name: str,
+        message: t.Optional[str] = None,
+        possibilities: t.Optional[t.Sequence[str]] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> None:
+        if message is None:
+            message = _("No such option: {name}").format(name=option_name)
+
+        super().__init__(message, ctx)
+        self.option_name = option_name
+        self.possibilities = possibilities
+
+    def format_message(self) -> str:
+        if not self.possibilities:
+            return self.message
+
+        possibility_str = ", ".join(sorted(self.possibilities))
+        suggest = ngettext(
+            "Did you mean {possibility}?",
+            "(Possible options: {possibilities})",
+            len(self.possibilities),
+        ).format(possibility=possibility_str, possibilities=possibility_str)
+        return f"{self.message} {suggest}"
+
+
+class BadOptionUsage(UsageError):
+    """Raised if an option is generally supplied but the use of the option
+    was incorrect.  This is for instance raised if the number of arguments
+    for an option is not correct.
+
+    .. versionadded:: 4.0
+
+    :param option_name: the name of the option being used incorrectly.
+    """
+
+    def __init__(
+        self, option_name: str, message: str, ctx: t.Optional["Context"] = None
+    ) -> None:
+        super().__init__(message, ctx)
+        self.option_name = option_name
+
+
+class BadArgumentUsage(UsageError):
+    """Raised if an argument is generally supplied but the use of the argument
+    was incorrect.  This is for instance raised if the number of values
+    for an argument is not correct.
+
+    .. versionadded:: 6.0
+    """
+
+
+class FileError(ClickException):
+    """Raised if a file cannot be opened."""
+
+    def __init__(self, filename: str, hint: t.Optional[str] = None) -> None:
+        if hint is None:
+            hint = _("unknown error")
+
+        super().__init__(hint)
+        self.ui_filename: str = format_filename(filename)
+        self.filename = filename
+
+    def format_message(self) -> str:
+        return _("Could not open file {filename!r}: {message}").format(
+            filename=self.ui_filename, message=self.message
+        )
+
+
+class Abort(RuntimeError):
+    """An internal signalling exception that signals Click to abort."""
+
+
+class Exit(RuntimeError):
+    """An exception that indicates that the application should exit with some
+    status code.
+
+    :param code: the status code to exit with.
+    """
+
+    __slots__ = ("exit_code",)
+
+    def __init__(self, code: int = 0) -> None:
+        self.exit_code: int = code
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/formatting.py b/lib/go-jinja2/internal/data/windows-amd64/click/formatting.py
new file mode 100644
index 000000000..ddd2a2f82
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/formatting.py
@@ -0,0 +1,301 @@
+import typing as t
+from contextlib import contextmanager
+from gettext import gettext as _
+
+from ._compat import term_len
+from .parser import split_opt
+
+# Can force a width.  This is used by the test system
+FORCED_WIDTH: t.Optional[int] = None
+
+
+def measure_table(rows: t.Iterable[t.Tuple[str, str]]) -> t.Tuple[int, ...]:
+    widths: t.Dict[int, int] = {}
+
+    for row in rows:
+        for idx, col in enumerate(row):
+            widths[idx] = max(widths.get(idx, 0), term_len(col))
+
+    return tuple(y for x, y in sorted(widths.items()))
+
+
+def iter_rows(
+    rows: t.Iterable[t.Tuple[str, str]], col_count: int
+) -> t.Iterator[t.Tuple[str, ...]]:
+    for row in rows:
+        yield row + ("",) * (col_count - len(row))
+
+
+def wrap_text(
+    text: str,
+    width: int = 78,
+    initial_indent: str = "",
+    subsequent_indent: str = "",
+    preserve_paragraphs: bool = False,
+) -> str:
+    """A helper function that intelligently wraps text.  By default, it
+    assumes that it operates on a single paragraph of text but if the
+    `preserve_paragraphs` parameter is provided it will intelligently
+    handle paragraphs (defined by two empty lines).
+
+    If paragraphs are handled, a paragraph can be prefixed with an empty
+    line containing the ``\\b`` character (``\\x08``) to indicate that
+    no rewrapping should happen in that block.
+
+    :param text: the text that should be rewrapped.
+    :param width: the maximum width for the text.
+    :param initial_indent: the initial indent that should be placed on the
+                           first line as a string.
+    :param subsequent_indent: the indent string that should be placed on
+                              each consecutive line.
+    :param preserve_paragraphs: if this flag is set then the wrapping will
+                                intelligently handle paragraphs.
+    """
+    from ._textwrap import TextWrapper
+
+    text = text.expandtabs()
+    wrapper = TextWrapper(
+        width,
+        initial_indent=initial_indent,
+        subsequent_indent=subsequent_indent,
+        replace_whitespace=False,
+    )
+    if not preserve_paragraphs:
+        return wrapper.fill(text)
+
+    p: t.List[t.Tuple[int, bool, str]] = []
+    buf: t.List[str] = []
+    indent = None
+
+    def _flush_par() -> None:
+        if not buf:
+            return
+        if buf[0].strip() == "\b":
+            p.append((indent or 0, True, "\n".join(buf[1:])))
+        else:
+            p.append((indent or 0, False, " ".join(buf)))
+        del buf[:]
+
+    for line in text.splitlines():
+        if not line:
+            _flush_par()
+            indent = None
+        else:
+            if indent is None:
+                orig_len = term_len(line)
+                line = line.lstrip()
+                indent = orig_len - term_len(line)
+            buf.append(line)
+    _flush_par()
+
+    rv = []
+    for indent, raw, text in p:
+        with wrapper.extra_indent(" " * indent):
+            if raw:
+                rv.append(wrapper.indent_only(text))
+            else:
+                rv.append(wrapper.fill(text))
+
+    return "\n\n".join(rv)
+
+
+class HelpFormatter:
+    """This class helps with formatting text-based help pages.  It's
+    usually just needed for very special internal cases, but it's also
+    exposed so that developers can write their own fancy outputs.
+
+    At present, it always writes into memory.
+
+    :param indent_increment: the additional increment for each level.
+    :param width: the width for the text.  This defaults to the terminal
+                  width clamped to a maximum of 78.
+    """
+
+    def __init__(
+        self,
+        indent_increment: int = 2,
+        width: t.Optional[int] = None,
+        max_width: t.Optional[int] = None,
+    ) -> None:
+        import shutil
+
+        self.indent_increment = indent_increment
+        if max_width is None:
+            max_width = 80
+        if width is None:
+            width = FORCED_WIDTH
+            if width is None:
+                width = max(min(shutil.get_terminal_size().columns, max_width) - 2, 50)
+        self.width = width
+        self.current_indent = 0
+        self.buffer: t.List[str] = []
+
+    def write(self, string: str) -> None:
+        """Writes a unicode string into the internal buffer."""
+        self.buffer.append(string)
+
+    def indent(self) -> None:
+        """Increases the indentation."""
+        self.current_indent += self.indent_increment
+
+    def dedent(self) -> None:
+        """Decreases the indentation."""
+        self.current_indent -= self.indent_increment
+
+    def write_usage(
+        self, prog: str, args: str = "", prefix: t.Optional[str] = None
+    ) -> None:
+        """Writes a usage line into the buffer.
+
+        :param prog: the program name.
+        :param args: whitespace separated list of arguments.
+        :param prefix: The prefix for the first line. Defaults to
+            ``"Usage: "``.
+        """
+        if prefix is None:
+            prefix = f"{_('Usage:')} "
+
+        usage_prefix = f"{prefix:>{self.current_indent}}{prog} "
+        text_width = self.width - self.current_indent
+
+        if text_width >= (term_len(usage_prefix) + 20):
+            # The arguments will fit to the right of the prefix.
+            indent = " " * term_len(usage_prefix)
+            self.write(
+                wrap_text(
+                    args,
+                    text_width,
+                    initial_indent=usage_prefix,
+                    subsequent_indent=indent,
+                )
+            )
+        else:
+            # The prefix is too long, put the arguments on the next line.
+            self.write(usage_prefix)
+            self.write("\n")
+            indent = " " * (max(self.current_indent, term_len(prefix)) + 4)
+            self.write(
+                wrap_text(
+                    args, text_width, initial_indent=indent, subsequent_indent=indent
+                )
+            )
+
+        self.write("\n")
+
+    def write_heading(self, heading: str) -> None:
+        """Writes a heading into the buffer."""
+        self.write(f"{'':>{self.current_indent}}{heading}:\n")
+
+    def write_paragraph(self) -> None:
+        """Writes a paragraph into the buffer."""
+        if self.buffer:
+            self.write("\n")
+
+    def write_text(self, text: str) -> None:
+        """Writes re-indented text into the buffer.  This rewraps and
+        preserves paragraphs.
+        """
+        indent = " " * self.current_indent
+        self.write(
+            wrap_text(
+                text,
+                self.width,
+                initial_indent=indent,
+                subsequent_indent=indent,
+                preserve_paragraphs=True,
+            )
+        )
+        self.write("\n")
+
+    def write_dl(
+        self,
+        rows: t.Sequence[t.Tuple[str, str]],
+        col_max: int = 30,
+        col_spacing: int = 2,
+    ) -> None:
+        """Writes a definition list into the buffer.  This is how options
+        and commands are usually formatted.
+
+        :param rows: a list of two item tuples for the terms and values.
+        :param col_max: the maximum width of the first column.
+        :param col_spacing: the number of spaces between the first and
+                            second column.
+        """
+        rows = list(rows)
+        widths = measure_table(rows)
+        if len(widths) != 2:
+            raise TypeError("Expected two columns for definition list")
+
+        first_col = min(widths[0], col_max) + col_spacing
+
+        for first, second in iter_rows(rows, len(widths)):
+            self.write(f"{'':>{self.current_indent}}{first}")
+            if not second:
+                self.write("\n")
+                continue
+            if term_len(first) <= first_col - col_spacing:
+                self.write(" " * (first_col - term_len(first)))
+            else:
+                self.write("\n")
+                self.write(" " * (first_col + self.current_indent))
+
+            text_width = max(self.width - first_col - 2, 10)
+            wrapped_text = wrap_text(second, text_width, preserve_paragraphs=True)
+            lines = wrapped_text.splitlines()
+
+            if lines:
+                self.write(f"{lines[0]}\n")
+
+                for line in lines[1:]:
+                    self.write(f"{'':>{first_col + self.current_indent}}{line}\n")
+            else:
+                self.write("\n")
+
+    @contextmanager
+    def section(self, name: str) -> t.Iterator[None]:
+        """Helpful context manager that writes a paragraph, a heading,
+        and the indents.
+
+        :param name: the section name that is written as heading.
+        """
+        self.write_paragraph()
+        self.write_heading(name)
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    @contextmanager
+    def indentation(self) -> t.Iterator[None]:
+        """A context manager that increases the indentation."""
+        self.indent()
+        try:
+            yield
+        finally:
+            self.dedent()
+
+    def getvalue(self) -> str:
+        """Returns the buffer contents."""
+        return "".join(self.buffer)
+
+
+def join_options(options: t.Sequence[str]) -> t.Tuple[str, bool]:
+    """Given a list of option strings this joins them in the most appropriate
+    way and returns them in the form ``(formatted_string,
+    any_prefix_is_slash)`` where the second item in the tuple is a flag that
+    indicates if any of the option prefixes was a slash.
+    """
+    rv = []
+    any_prefix_is_slash = False
+
+    for opt in options:
+        prefix = split_opt(opt)[0]
+
+        if prefix == "/":
+            any_prefix_is_slash = True
+
+        rv.append((len(prefix), opt))
+
+    rv.sort(key=lambda x: x[0])
+    return ", ".join(x[1] for x in rv), any_prefix_is_slash
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/globals.py b/lib/go-jinja2/internal/data/windows-amd64/click/globals.py
new file mode 100644
index 000000000..480058f10
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/globals.py
@@ -0,0 +1,68 @@
+import typing as t
+from threading import local
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+
+_local = local()
+
+
+@t.overload
+def get_current_context(silent: "te.Literal[False]" = False) -> "Context":
+    ...
+
+
+@t.overload
+def get_current_context(silent: bool = ...) -> t.Optional["Context"]:
+    ...
+
+
+def get_current_context(silent: bool = False) -> t.Optional["Context"]:
+    """Returns the current click context.  This can be used as a way to
+    access the current context object from anywhere.  This is a more implicit
+    alternative to the :func:`pass_context` decorator.  This function is
+    primarily useful for helpers such as :func:`echo` which might be
+    interested in changing its behavior based on the current context.
+
+    To push the current context, :meth:`Context.scope` can be used.
+
+    .. versionadded:: 5.0
+
+    :param silent: if set to `True` the return value is `None` if no context
+                   is available.  The default behavior is to raise a
+                   :exc:`RuntimeError`.
+    """
+    try:
+        return t.cast("Context", _local.stack[-1])
+    except (AttributeError, IndexError) as e:
+        if not silent:
+            raise RuntimeError("There is no active click context.") from e
+
+    return None
+
+
+def push_context(ctx: "Context") -> None:
+    """Pushes a new context to the current stack."""
+    _local.__dict__.setdefault("stack", []).append(ctx)
+
+
+def pop_context() -> None:
+    """Removes the top level from the stack."""
+    _local.stack.pop()
+
+
+def resolve_color_default(color: t.Optional[bool] = None) -> t.Optional[bool]:
+    """Internal helper to get the default value of the color flag.  If a
+    value is passed it's returned unchanged, otherwise it's looked up from
+    the current context.
+    """
+    if color is not None:
+        return color
+
+    ctx = get_current_context(silent=True)
+
+    if ctx is not None:
+        return ctx.color
+
+    return None
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/parser.py b/lib/go-jinja2/internal/data/windows-amd64/click/parser.py
new file mode 100644
index 000000000..5fa7adfac
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/parser.py
@@ -0,0 +1,529 @@
+"""
+This module started out as largely a copy paste from the stdlib's
+optparse module with the features removed that we do not need from
+optparse because we implement them in Click on a higher level (for
+instance type handling, help formatting and a lot more).
+
+The plan is to remove more and more from here over time.
+
+The reason this is a different module and not optparse from the stdlib
+is that there are differences in 2.x and 3.x about the error messages
+generated and optparse in the stdlib uses gettext for no good reason
+and might cause us issues.
+
+Click uses parts of optparse written by Gregory P. Ward and maintained
+by the Python Software Foundation. This is limited to code in parser.py.
+
+Copyright 2001-2006 Gregory P. Ward. All rights reserved.
+Copyright 2002-2006 Python Software Foundation. All rights reserved.
+"""
+# This code uses parts of optparse written by Gregory P. Ward and
+# maintained by the Python Software Foundation.
+# Copyright 2001-2006 Gregory P. Ward
+# Copyright 2002-2006 Python Software Foundation
+import typing as t
+from collections import deque
+from gettext import gettext as _
+from gettext import ngettext
+
+from .exceptions import BadArgumentUsage
+from .exceptions import BadOptionUsage
+from .exceptions import NoSuchOption
+from .exceptions import UsageError
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Argument as CoreArgument
+    from .core import Context
+    from .core import Option as CoreOption
+    from .core import Parameter as CoreParameter
+
+V = t.TypeVar("V")
+
+# Sentinel value that indicates an option was passed as a flag without a
+# value but is not a flag option. Option.consume_value uses this to
+# prompt or use the flag_value.
+_flag_needs_value = object()
+
+
+def _unpack_args(
+    args: t.Sequence[str], nargs_spec: t.Sequence[int]
+) -> t.Tuple[t.Sequence[t.Union[str, t.Sequence[t.Optional[str]], None]], t.List[str]]:
+    """Given an iterable of arguments and an iterable of nargs specifications,
+    it returns a tuple with all the unpacked arguments at the first index
+    and all remaining arguments as the second.
+
+    The nargs specification is the number of arguments that should be consumed
+    or `-1` to indicate that this position should eat up all the remainders.
+
+    Missing items are filled with `None`.
+    """
+    args = deque(args)
+    nargs_spec = deque(nargs_spec)
+    rv: t.List[t.Union[str, t.Tuple[t.Optional[str], ...], None]] = []
+    spos: t.Optional[int] = None
+
+    def _fetch(c: "te.Deque[V]") -> t.Optional[V]:
+        try:
+            if spos is None:
+                return c.popleft()
+            else:
+                return c.pop()
+        except IndexError:
+            return None
+
+    while nargs_spec:
+        nargs = _fetch(nargs_spec)
+
+        if nargs is None:
+            continue
+
+        if nargs == 1:
+            rv.append(_fetch(args))
+        elif nargs > 1:
+            x = [_fetch(args) for _ in range(nargs)]
+
+            # If we're reversed, we're pulling in the arguments in reverse,
+            # so we need to turn them around.
+            if spos is not None:
+                x.reverse()
+
+            rv.append(tuple(x))
+        elif nargs < 0:
+            if spos is not None:
+                raise TypeError("Cannot have two nargs < 0")
+
+            spos = len(rv)
+            rv.append(None)
+
+    # spos is the position of the wildcard (star).  If it's not `None`,
+    # we fill it with the remainder.
+    if spos is not None:
+        rv[spos] = tuple(args)
+        args = []
+        rv[spos + 1 :] = reversed(rv[spos + 1 :])
+
+    return tuple(rv), list(args)
+
+
+def split_opt(opt: str) -> t.Tuple[str, str]:
+    first = opt[:1]
+    if first.isalnum():
+        return "", opt
+    if opt[1:2] == first:
+        return opt[:2], opt[2:]
+    return first, opt[1:]
+
+
+def normalize_opt(opt: str, ctx: t.Optional["Context"]) -> str:
+    if ctx is None or ctx.token_normalize_func is None:
+        return opt
+    prefix, opt = split_opt(opt)
+    return f"{prefix}{ctx.token_normalize_func(opt)}"
+
+
+def split_arg_string(string: str) -> t.List[str]:
+    """Split an argument string as with :func:`shlex.split`, but don't
+    fail if the string is incomplete. Ignores a missing closing quote or
+    incomplete escape sequence and uses the partial token as-is.
+
+    .. code-block:: python
+
+        split_arg_string("example 'my file")
+        ["example", "my file"]
+
+        split_arg_string("example my\\")
+        ["example", "my"]
+
+    :param string: String to split.
+    """
+    import shlex
+
+    lex = shlex.shlex(string, posix=True)
+    lex.whitespace_split = True
+    lex.commenters = ""
+    out = []
+
+    try:
+        for token in lex:
+            out.append(token)
+    except ValueError:
+        # Raised when end-of-string is reached in an invalid state. Use
+        # the partial token as-is. The quote or escape character is in
+        # lex.state, not lex.token.
+        out.append(lex.token)
+
+    return out
+
+
+class Option:
+    def __init__(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ):
+        self._short_opts = []
+        self._long_opts = []
+        self.prefixes: t.Set[str] = set()
+
+        for opt in opts:
+            prefix, value = split_opt(opt)
+            if not prefix:
+                raise ValueError(f"Invalid start character for option ({opt})")
+            self.prefixes.add(prefix[0])
+            if len(prefix) == 1 and len(value) == 1:
+                self._short_opts.append(opt)
+            else:
+                self._long_opts.append(opt)
+                self.prefixes.add(prefix)
+
+        if action is None:
+            action = "store"
+
+        self.dest = dest
+        self.action = action
+        self.nargs = nargs
+        self.const = const
+        self.obj = obj
+
+    @property
+    def takes_value(self) -> bool:
+        return self.action in ("store", "append")
+
+    def process(self, value: t.Any, state: "ParsingState") -> None:
+        if self.action == "store":
+            state.opts[self.dest] = value  # type: ignore
+        elif self.action == "store_const":
+            state.opts[self.dest] = self.const  # type: ignore
+        elif self.action == "append":
+            state.opts.setdefault(self.dest, []).append(value)  # type: ignore
+        elif self.action == "append_const":
+            state.opts.setdefault(self.dest, []).append(self.const)  # type: ignore
+        elif self.action == "count":
+            state.opts[self.dest] = state.opts.get(self.dest, 0) + 1  # type: ignore
+        else:
+            raise ValueError(f"unknown action '{self.action}'")
+        state.order.append(self.obj)
+
+
+class Argument:
+    def __init__(self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1):
+        self.dest = dest
+        self.nargs = nargs
+        self.obj = obj
+
+    def process(
+        self,
+        value: t.Union[t.Optional[str], t.Sequence[t.Optional[str]]],
+        state: "ParsingState",
+    ) -> None:
+        if self.nargs > 1:
+            assert value is not None
+            holes = sum(1 for x in value if x is None)
+            if holes == len(value):
+                value = None
+            elif holes != 0:
+                raise BadArgumentUsage(
+                    _("Argument {name!r} takes {nargs} values.").format(
+                        name=self.dest, nargs=self.nargs
+                    )
+                )
+
+        if self.nargs == -1 and self.obj.envvar is not None and value == ():
+            # Replace empty tuple with None so that a value from the
+            # environment may be tried.
+            value = None
+
+        state.opts[self.dest] = value  # type: ignore
+        state.order.append(self.obj)
+
+
+class ParsingState:
+    def __init__(self, rargs: t.List[str]) -> None:
+        self.opts: t.Dict[str, t.Any] = {}
+        self.largs: t.List[str] = []
+        self.rargs = rargs
+        self.order: t.List["CoreParameter"] = []
+
+
+class OptionParser:
+    """The option parser is an internal class that is ultimately used to
+    parse options and arguments.  It's modelled after optparse and brings
+    a similar but vastly simplified API.  It should generally not be used
+    directly as the high level Click classes wrap it for you.
+
+    It's not nearly as extensible as optparse or argparse as it does not
+    implement features that are implemented on a higher level (such as
+    types or defaults).
+
+    :param ctx: optionally the :class:`~click.Context` where this parser
+                should go with.
+    """
+
+    def __init__(self, ctx: t.Optional["Context"] = None) -> None:
+        #: The :class:`~click.Context` for this parser.  This might be
+        #: `None` for some advanced use cases.
+        self.ctx = ctx
+        #: This controls how the parser deals with interspersed arguments.
+        #: If this is set to `False`, the parser will stop on the first
+        #: non-option.  Click uses this to implement nested subcommands
+        #: safely.
+        self.allow_interspersed_args: bool = True
+        #: This tells the parser how to deal with unknown options.  By
+        #: default it will error out (which is sensible), but there is a
+        #: second mode where it will ignore it and continue processing
+        #: after shifting all the unknown options into the resulting args.
+        self.ignore_unknown_options: bool = False
+
+        if ctx is not None:
+            self.allow_interspersed_args = ctx.allow_interspersed_args
+            self.ignore_unknown_options = ctx.ignore_unknown_options
+
+        self._short_opt: t.Dict[str, Option] = {}
+        self._long_opt: t.Dict[str, Option] = {}
+        self._opt_prefixes = {"-", "--"}
+        self._args: t.List[Argument] = []
+
+    def add_option(
+        self,
+        obj: "CoreOption",
+        opts: t.Sequence[str],
+        dest: t.Optional[str],
+        action: t.Optional[str] = None,
+        nargs: int = 1,
+        const: t.Optional[t.Any] = None,
+    ) -> None:
+        """Adds a new option named `dest` to the parser.  The destination
+        is not inferred (unlike with optparse) and needs to be explicitly
+        provided.  Action can be any of ``store``, ``store_const``,
+        ``append``, ``append_const`` or ``count``.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        opts = [normalize_opt(opt, self.ctx) for opt in opts]
+        option = Option(obj, opts, dest, action=action, nargs=nargs, const=const)
+        self._opt_prefixes.update(option.prefixes)
+        for opt in option._short_opts:
+            self._short_opt[opt] = option
+        for opt in option._long_opts:
+            self._long_opt[opt] = option
+
+    def add_argument(
+        self, obj: "CoreArgument", dest: t.Optional[str], nargs: int = 1
+    ) -> None:
+        """Adds a positional argument named `dest` to the parser.
+
+        The `obj` can be used to identify the option in the order list
+        that is returned from the parser.
+        """
+        self._args.append(Argument(obj, dest=dest, nargs=nargs))
+
+    def parse_args(
+        self, args: t.List[str]
+    ) -> t.Tuple[t.Dict[str, t.Any], t.List[str], t.List["CoreParameter"]]:
+        """Parses positional arguments and returns ``(values, args, order)``
+        for the parsed options and arguments as well as the leftover
+        arguments if there are any.  The order is a list of objects as they
+        appear on the command line.  If arguments appear multiple times they
+        will be memorized multiple times as well.
+        """
+        state = ParsingState(args)
+        try:
+            self._process_args_for_options(state)
+            self._process_args_for_args(state)
+        except UsageError:
+            if self.ctx is None or not self.ctx.resilient_parsing:
+                raise
+        return state.opts, state.largs, state.order
+
+    def _process_args_for_args(self, state: ParsingState) -> None:
+        pargs, args = _unpack_args(
+            state.largs + state.rargs, [x.nargs for x in self._args]
+        )
+
+        for idx, arg in enumerate(self._args):
+            arg.process(pargs[idx], state)
+
+        state.largs = args
+        state.rargs = []
+
+    def _process_args_for_options(self, state: ParsingState) -> None:
+        while state.rargs:
+            arg = state.rargs.pop(0)
+            arglen = len(arg)
+            # Double dashes always handled explicitly regardless of what
+            # prefixes are valid.
+            if arg == "--":
+                return
+            elif arg[:1] in self._opt_prefixes and arglen > 1:
+                self._process_opts(arg, state)
+            elif self.allow_interspersed_args:
+                state.largs.append(arg)
+            else:
+                state.rargs.insert(0, arg)
+                return
+
+        # Say this is the original argument list:
+        # [arg0, arg1, ..., arg(i-1), arg(i), arg(i+1), ..., arg(N-1)]
+        #                            ^
+        # (we are about to process arg(i)).
+        #
+        # Then rargs is [arg(i), ..., arg(N-1)] and largs is a *subset* of
+        # [arg0, ..., arg(i-1)] (any options and their arguments will have
+        # been removed from largs).
+        #
+        # The while loop will usually consume 1 or more arguments per pass.
+        # If it consumes 1 (eg. arg is an option that takes no arguments),
+        # then after _process_arg() is done the situation is:
+        #
+        #   largs = subset of [arg0, ..., arg(i)]
+        #   rargs = [arg(i+1), ..., arg(N-1)]
+        #
+        # If allow_interspersed_args is false, largs will always be
+        # *empty* -- still a subset of [arg0, ..., arg(i-1)], but
+        # not a very interesting subset!
+
+    def _match_long_opt(
+        self, opt: str, explicit_value: t.Optional[str], state: ParsingState
+    ) -> None:
+        if opt not in self._long_opt:
+            from difflib import get_close_matches
+
+            possibilities = get_close_matches(opt, self._long_opt)
+            raise NoSuchOption(opt, possibilities=possibilities, ctx=self.ctx)
+
+        option = self._long_opt[opt]
+        if option.takes_value:
+            # At this point it's safe to modify rargs by injecting the
+            # explicit value, because no exception is raised in this
+            # branch.  This means that the inserted value will be fully
+            # consumed.
+            if explicit_value is not None:
+                state.rargs.insert(0, explicit_value)
+
+            value = self._get_value_from_state(opt, option, state)
+
+        elif explicit_value is not None:
+            raise BadOptionUsage(
+                opt, _("Option {name!r} does not take a value.").format(name=opt)
+            )
+
+        else:
+            value = None
+
+        option.process(value, state)
+
+    def _match_short_opt(self, arg: str, state: ParsingState) -> None:
+        stop = False
+        i = 1
+        prefix = arg[0]
+        unknown_options = []
+
+        for ch in arg[1:]:
+            opt = normalize_opt(f"{prefix}{ch}", self.ctx)
+            option = self._short_opt.get(opt)
+            i += 1
+
+            if not option:
+                if self.ignore_unknown_options:
+                    unknown_options.append(ch)
+                    continue
+                raise NoSuchOption(opt, ctx=self.ctx)
+            if option.takes_value:
+                # Any characters left in arg?  Pretend they're the
+                # next arg, and stop consuming characters of arg.
+                if i < len(arg):
+                    state.rargs.insert(0, arg[i:])
+                    stop = True
+
+                value = self._get_value_from_state(opt, option, state)
+
+            else:
+                value = None
+
+            option.process(value, state)
+
+            if stop:
+                break
+
+        # If we got any unknown options we recombine the string of the
+        # remaining options and re-attach the prefix, then report that
+        # to the state as new larg.  This way there is basic combinatorics
+        # that can be achieved while still ignoring unknown arguments.
+        if self.ignore_unknown_options and unknown_options:
+            state.largs.append(f"{prefix}{''.join(unknown_options)}")
+
+    def _get_value_from_state(
+        self, option_name: str, option: Option, state: ParsingState
+    ) -> t.Any:
+        nargs = option.nargs
+
+        if len(state.rargs) < nargs:
+            if option.obj._flag_needs_value:
+                # Option allows omitting the value.
+                value = _flag_needs_value
+            else:
+                raise BadOptionUsage(
+                    option_name,
+                    ngettext(
+                        "Option {name!r} requires an argument.",
+                        "Option {name!r} requires {nargs} arguments.",
+                        nargs,
+                    ).format(name=option_name, nargs=nargs),
+                )
+        elif nargs == 1:
+            next_rarg = state.rargs[0]
+
+            if (
+                option.obj._flag_needs_value
+                and isinstance(next_rarg, str)
+                and next_rarg[:1] in self._opt_prefixes
+                and len(next_rarg) > 1
+            ):
+                # The next arg looks like the start of an option, don't
+                # use it as the value if omitting the value is allowed.
+                value = _flag_needs_value
+            else:
+                value = state.rargs.pop(0)
+        else:
+            value = tuple(state.rargs[:nargs])
+            del state.rargs[:nargs]
+
+        return value
+
+    def _process_opts(self, arg: str, state: ParsingState) -> None:
+        explicit_value = None
+        # Long option handling happens in two parts.  The first part is
+        # supporting explicitly attached values.  In any case, we will try
+        # to long match the option first.
+        if "=" in arg:
+            long_opt, explicit_value = arg.split("=", 1)
+        else:
+            long_opt = arg
+        norm_long_opt = normalize_opt(long_opt, self.ctx)
+
+        # At this point we will match the (assumed) long option through
+        # the long option matching code.  Note that this allows options
+        # like "-foo" to be matched as long options.
+        try:
+            self._match_long_opt(norm_long_opt, explicit_value, state)
+        except NoSuchOption:
+            # At this point the long option matching failed, and we need
+            # to try with short options.  However there is a special rule
+            # which says, that if we have a two character options prefix
+            # (applies to "--foo" for instance), we do not dispatch to the
+            # short option code and will instead raise the no option
+            # error.
+            if arg[:2] not in self._opt_prefixes:
+                self._match_short_opt(arg, state)
+                return
+
+            if not self.ignore_unknown_options:
+                raise
+
+            state.largs.append(arg)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/py.typed b/lib/go-jinja2/internal/data/windows-amd64/click/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/shell_completion.py b/lib/go-jinja2/internal/data/windows-amd64/click/shell_completion.py
new file mode 100644
index 000000000..dc9e00b9b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/shell_completion.py
@@ -0,0 +1,596 @@
+import os
+import re
+import typing as t
+from gettext import gettext as _
+
+from .core import Argument
+from .core import BaseCommand
+from .core import Context
+from .core import MultiCommand
+from .core import Option
+from .core import Parameter
+from .core import ParameterSource
+from .parser import split_arg_string
+from .utils import echo
+
+
+def shell_complete(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    complete_var: str,
+    instruction: str,
+) -> int:
+    """Perform shell completion for the given CLI program.
+
+    :param cli: Command being called.
+    :param ctx_args: Extra arguments to pass to
+        ``cli.make_context``.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+    :param instruction: Value of ``complete_var`` with the completion
+        instruction and shell, in the form ``instruction_shell``.
+    :return: Status code to exit with.
+    """
+    shell, _, instruction = instruction.partition("_")
+    comp_cls = get_completion_class(shell)
+
+    if comp_cls is None:
+        return 1
+
+    comp = comp_cls(cli, ctx_args, prog_name, complete_var)
+
+    if instruction == "source":
+        echo(comp.source())
+        return 0
+
+    if instruction == "complete":
+        echo(comp.complete())
+        return 0
+
+    return 1
+
+
+class CompletionItem:
+    """Represents a completion value and metadata about the value. The
+    default metadata is ``type`` to indicate special shell handling,
+    and ``help`` if a shell supports showing a help string next to the
+    value.
+
+    Arbitrary parameters can be passed when creating the object, and
+    accessed using ``item.attr``. If an attribute wasn't passed,
+    accessing it returns ``None``.
+
+    :param value: The completion suggestion.
+    :param type: Tells the shell script to provide special completion
+        support for the type. Click uses ``"dir"`` and ``"file"``.
+    :param help: String shown next to the value if supported.
+    :param kwargs: Arbitrary metadata. The built-in implementations
+        don't use this, but custom type completions paired with custom
+        shell support could use it.
+    """
+
+    __slots__ = ("value", "type", "help", "_info")
+
+    def __init__(
+        self,
+        value: t.Any,
+        type: str = "plain",
+        help: t.Optional[str] = None,
+        **kwargs: t.Any,
+    ) -> None:
+        self.value: t.Any = value
+        self.type: str = type
+        self.help: t.Optional[str] = help
+        self._info = kwargs
+
+    def __getattr__(self, name: str) -> t.Any:
+        return self._info.get(name)
+
+
+# Only Bash >= 4.4 has the nosort option.
+_SOURCE_BASH = """\
+%(complete_func)s() {
+    local IFS=$'\\n'
+    local response
+
+    response=$(env COMP_WORDS="${COMP_WORDS[*]}" COMP_CWORD=$COMP_CWORD \
+%(complete_var)s=bash_complete $1)
+
+    for completion in $response; do
+        IFS=',' read type value <<< "$completion"
+
+        if [[ $type == 'dir' ]]; then
+            COMPREPLY=()
+            compopt -o dirnames
+        elif [[ $type == 'file' ]]; then
+            COMPREPLY=()
+            compopt -o default
+        elif [[ $type == 'plain' ]]; then
+            COMPREPLY+=($value)
+        fi
+    done
+
+    return 0
+}
+
+%(complete_func)s_setup() {
+    complete -o nosort -F %(complete_func)s %(prog_name)s
+}
+
+%(complete_func)s_setup;
+"""
+
+_SOURCE_ZSH = """\
+#compdef %(prog_name)s
+
+%(complete_func)s() {
+    local -a completions
+    local -a completions_with_descriptions
+    local -a response
+    (( ! $+commands[%(prog_name)s] )) && return 1
+
+    response=("${(@f)$(env COMP_WORDS="${words[*]}" COMP_CWORD=$((CURRENT-1)) \
+%(complete_var)s=zsh_complete %(prog_name)s)}")
+
+    for type key descr in ${response}; do
+        if [[ "$type" == "plain" ]]; then
+            if [[ "$descr" == "_" ]]; then
+                completions+=("$key")
+            else
+                completions_with_descriptions+=("$key":"$descr")
+            fi
+        elif [[ "$type" == "dir" ]]; then
+            _path_files -/
+        elif [[ "$type" == "file" ]]; then
+            _path_files -f
+        fi
+    done
+
+    if [ -n "$completions_with_descriptions" ]; then
+        _describe -V unsorted completions_with_descriptions -U
+    fi
+
+    if [ -n "$completions" ]; then
+        compadd -U -V unsorted -a completions
+    fi
+}
+
+if [[ $zsh_eval_context[-1] == loadautofunc ]]; then
+    # autoload from fpath, call function directly
+    %(complete_func)s "$@"
+else
+    # eval/source/. command, register function for later
+    compdef %(complete_func)s %(prog_name)s
+fi
+"""
+
+_SOURCE_FISH = """\
+function %(complete_func)s;
+    set -l response (env %(complete_var)s=fish_complete COMP_WORDS=(commandline -cp) \
+COMP_CWORD=(commandline -t) %(prog_name)s);
+
+    for completion in $response;
+        set -l metadata (string split "," $completion);
+
+        if test $metadata[1] = "dir";
+            __fish_complete_directories $metadata[2];
+        else if test $metadata[1] = "file";
+            __fish_complete_path $metadata[2];
+        else if test $metadata[1] = "plain";
+            echo $metadata[2];
+        end;
+    end;
+end;
+
+complete --no-files --command %(prog_name)s --arguments \
+"(%(complete_func)s)";
+"""
+
+
+class ShellComplete:
+    """Base class for providing shell completion support. A subclass for
+    a given shell will override attributes and methods to implement the
+    completion instructions (``source`` and ``complete``).
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param complete_var: Name of the environment variable that holds
+        the completion instruction.
+
+    .. versionadded:: 8.0
+    """
+
+    name: t.ClassVar[str]
+    """Name to register the shell as with :func:`add_completion_class`.
+    This is used in completion instructions (``{name}_source`` and
+    ``{name}_complete``).
+    """
+
+    source_template: t.ClassVar[str]
+    """Completion script template formatted by :meth:`source`. This must
+    be provided by subclasses.
+    """
+
+    def __init__(
+        self,
+        cli: BaseCommand,
+        ctx_args: t.MutableMapping[str, t.Any],
+        prog_name: str,
+        complete_var: str,
+    ) -> None:
+        self.cli = cli
+        self.ctx_args = ctx_args
+        self.prog_name = prog_name
+        self.complete_var = complete_var
+
+    @property
+    def func_name(self) -> str:
+        """The name of the shell function defined by the completion
+        script.
+        """
+        safe_name = re.sub(r"\W*", "", self.prog_name.replace("-", "_"), flags=re.ASCII)
+        return f"_{safe_name}_completion"
+
+    def source_vars(self) -> t.Dict[str, t.Any]:
+        """Vars for formatting :attr:`source_template`.
+
+        By default this provides ``complete_func``, ``complete_var``,
+        and ``prog_name``.
+        """
+        return {
+            "complete_func": self.func_name,
+            "complete_var": self.complete_var,
+            "prog_name": self.prog_name,
+        }
+
+    def source(self) -> str:
+        """Produce the shell script that defines the completion
+        function. By default this ``%``-style formats
+        :attr:`source_template` with the dict returned by
+        :meth:`source_vars`.
+        """
+        return self.source_template % self.source_vars()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        """Use the env vars defined by the shell script to return a
+        tuple of ``args, incomplete``. This must be implemented by
+        subclasses.
+        """
+        raise NotImplementedError
+
+    def get_completions(
+        self, args: t.List[str], incomplete: str
+    ) -> t.List[CompletionItem]:
+        """Determine the context and last complete command or parameter
+        from the complete args. Call that object's ``shell_complete``
+        method to get the completions for the incomplete value.
+
+        :param args: List of complete args before the incomplete value.
+        :param incomplete: Value being completed. May be empty.
+        """
+        ctx = _resolve_context(self.cli, self.ctx_args, self.prog_name, args)
+        obj, incomplete = _resolve_incomplete(ctx, args, incomplete)
+        return obj.shell_complete(ctx, incomplete)
+
+    def format_completion(self, item: CompletionItem) -> str:
+        """Format a completion item into the form recognized by the
+        shell script. This must be implemented by subclasses.
+
+        :param item: Completion item to format.
+        """
+        raise NotImplementedError
+
+    def complete(self) -> str:
+        """Produce the completion data to send back to the shell.
+
+        By default this calls :meth:`get_completion_args`, gets the
+        completions, then calls :meth:`format_completion` for each
+        completion.
+        """
+        args, incomplete = self.get_completion_args()
+        completions = self.get_completions(args, incomplete)
+        out = [self.format_completion(item) for item in completions]
+        return "\n".join(out)
+
+
+class BashComplete(ShellComplete):
+    """Shell completion for Bash."""
+
+    name = "bash"
+    source_template = _SOURCE_BASH
+
+    @staticmethod
+    def _check_version() -> None:
+        import subprocess
+
+        output = subprocess.run(
+            ["bash", "-c", 'echo "${BASH_VERSION}"'], stdout=subprocess.PIPE
+        )
+        match = re.search(r"^(\d+)\.(\d+)\.\d+", output.stdout.decode())
+
+        if match is not None:
+            major, minor = match.groups()
+
+            if major < "4" or major == "4" and minor < "4":
+                echo(
+                    _(
+                        "Shell completion is not supported for Bash"
+                        " versions older than 4.4."
+                    ),
+                    err=True,
+                )
+        else:
+            echo(
+                _("Couldn't detect Bash version, shell completion is not supported."),
+                err=True,
+            )
+
+    def source(self) -> str:
+        self._check_version()
+        return super().source()
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type},{item.value}"
+
+
+class ZshComplete(ShellComplete):
+    """Shell completion for Zsh."""
+
+    name = "zsh"
+    source_template = _SOURCE_ZSH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        cword = int(os.environ["COMP_CWORD"])
+        args = cwords[1:cword]
+
+        try:
+            incomplete = cwords[cword]
+        except IndexError:
+            incomplete = ""
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        return f"{item.type}\n{item.value}\n{item.help if item.help else '_'}"
+
+
+class FishComplete(ShellComplete):
+    """Shell completion for Fish."""
+
+    name = "fish"
+    source_template = _SOURCE_FISH
+
+    def get_completion_args(self) -> t.Tuple[t.List[str], str]:
+        cwords = split_arg_string(os.environ["COMP_WORDS"])
+        incomplete = os.environ["COMP_CWORD"]
+        args = cwords[1:]
+
+        # Fish stores the partial word in both COMP_WORDS and
+        # COMP_CWORD, remove it from complete args.
+        if incomplete and args and args[-1] == incomplete:
+            args.pop()
+
+        return args, incomplete
+
+    def format_completion(self, item: CompletionItem) -> str:
+        if item.help:
+            return f"{item.type},{item.value}\t{item.help}"
+
+        return f"{item.type},{item.value}"
+
+
+ShellCompleteType = t.TypeVar("ShellCompleteType", bound=t.Type[ShellComplete])
+
+
+_available_shells: t.Dict[str, t.Type[ShellComplete]] = {
+    "bash": BashComplete,
+    "fish": FishComplete,
+    "zsh": ZshComplete,
+}
+
+
+def add_completion_class(
+    cls: ShellCompleteType, name: t.Optional[str] = None
+) -> ShellCompleteType:
+    """Register a :class:`ShellComplete` subclass under the given name.
+    The name will be provided by the completion instruction environment
+    variable during completion.
+
+    :param cls: The completion class that will handle completion for the
+        shell.
+    :param name: Name to register the class under. Defaults to the
+        class's ``name`` attribute.
+    """
+    if name is None:
+        name = cls.name
+
+    _available_shells[name] = cls
+
+    return cls
+
+
+def get_completion_class(shell: str) -> t.Optional[t.Type[ShellComplete]]:
+    """Look up a registered :class:`ShellComplete` subclass by the name
+    provided by the completion instruction environment variable. If the
+    name isn't registered, returns ``None``.
+
+    :param shell: Name the class is registered under.
+    """
+    return _available_shells.get(shell)
+
+
+def _is_incomplete_argument(ctx: Context, param: Parameter) -> bool:
+    """Determine if the given parameter is an argument that can still
+    accept values.
+
+    :param ctx: Invocation context for the command represented by the
+        parsed complete args.
+    :param param: Argument object being checked.
+    """
+    if not isinstance(param, Argument):
+        return False
+
+    assert param.name is not None
+    # Will be None if expose_value is False.
+    value = ctx.params.get(param.name)
+    return (
+        param.nargs == -1
+        or ctx.get_parameter_source(param.name) is not ParameterSource.COMMANDLINE
+        or (
+            param.nargs > 1
+            and isinstance(value, (tuple, list))
+            and len(value) < param.nargs
+        )
+    )
+
+
+def _start_of_option(ctx: Context, value: str) -> bool:
+    """Check if the value looks like the start of an option."""
+    if not value:
+        return False
+
+    c = value[0]
+    return c in ctx._opt_prefixes
+
+
+def _is_incomplete_option(ctx: Context, args: t.List[str], param: Parameter) -> bool:
+    """Determine if the given parameter is an option that needs a value.
+
+    :param args: List of complete args before the incomplete value.
+    :param param: Option object being checked.
+    """
+    if not isinstance(param, Option):
+        return False
+
+    if param.is_flag or param.count:
+        return False
+
+    last_option = None
+
+    for index, arg in enumerate(reversed(args)):
+        if index + 1 > param.nargs:
+            break
+
+        if _start_of_option(ctx, arg):
+            last_option = arg
+
+    return last_option is not None and last_option in param.opts
+
+
+def _resolve_context(
+    cli: BaseCommand,
+    ctx_args: t.MutableMapping[str, t.Any],
+    prog_name: str,
+    args: t.List[str],
+) -> Context:
+    """Produce the context hierarchy starting with the command and
+    traversing the complete arguments. This only follows the commands,
+    it doesn't trigger input prompts or callbacks.
+
+    :param cli: Command being called.
+    :param prog_name: Name of the executable in the shell.
+    :param args: List of complete args before the incomplete value.
+    """
+    ctx_args["resilient_parsing"] = True
+    ctx = cli.make_context(prog_name, args.copy(), **ctx_args)
+    args = ctx.protected_args + ctx.args
+
+    while args:
+        command = ctx.command
+
+        if isinstance(command, MultiCommand):
+            if not command.chain:
+                name, cmd, args = command.resolve_command(ctx, args)
+
+                if cmd is None:
+                    return ctx
+
+                ctx = cmd.make_context(name, args, parent=ctx, resilient_parsing=True)
+                args = ctx.protected_args + ctx.args
+            else:
+                sub_ctx = ctx
+
+                while args:
+                    name, cmd, args = command.resolve_command(ctx, args)
+
+                    if cmd is None:
+                        return ctx
+
+                    sub_ctx = cmd.make_context(
+                        name,
+                        args,
+                        parent=ctx,
+                        allow_extra_args=True,
+                        allow_interspersed_args=False,
+                        resilient_parsing=True,
+                    )
+                    args = sub_ctx.args
+
+                ctx = sub_ctx
+                args = [*sub_ctx.protected_args, *sub_ctx.args]
+        else:
+            break
+
+    return ctx
+
+
+def _resolve_incomplete(
+    ctx: Context, args: t.List[str], incomplete: str
+) -> t.Tuple[t.Union[BaseCommand, Parameter], str]:
+    """Find the Click object that will handle the completion of the
+    incomplete value. Return the object and the incomplete value.
+
+    :param ctx: Invocation context for the command represented by
+        the parsed complete args.
+    :param args: List of complete args before the incomplete value.
+    :param incomplete: Value being completed. May be empty.
+    """
+    # Different shells treat an "=" between a long option name and
+    # value differently. Might keep the value joined, return the "="
+    # as a separate item, or return the split name and value. Always
+    # split and discard the "=" to make completion easier.
+    if incomplete == "=":
+        incomplete = ""
+    elif "=" in incomplete and _start_of_option(ctx, incomplete):
+        name, _, incomplete = incomplete.partition("=")
+        args.append(name)
+
+    # The "--" marker tells Click to stop treating values as options
+    # even if they start with the option character. If it hasn't been
+    # given and the incomplete arg looks like an option, the current
+    # command will provide option name completions.
+    if "--" not in args and _start_of_option(ctx, incomplete):
+        return ctx.command, incomplete
+
+    params = ctx.command.get_params(ctx)
+
+    # If the last complete arg is an option name with an incomplete
+    # value, the option will provide value completions.
+    for param in params:
+        if _is_incomplete_option(ctx, args, param):
+            return param, incomplete
+
+    # It's not an option name or value. The first argument without a
+    # parsed value will provide value completions.
+    for param in params:
+        if _is_incomplete_argument(ctx, param):
+            return param, incomplete
+
+    # There were no unparsed arguments, the command may be a group that
+    # will provide command name completions.
+    return ctx.command, incomplete
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/termui.py b/lib/go-jinja2/internal/data/windows-amd64/click/termui.py
new file mode 100644
index 000000000..db7a4b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/termui.py
@@ -0,0 +1,784 @@
+import inspect
+import io
+import itertools
+import sys
+import typing as t
+from gettext import gettext as _
+
+from ._compat import isatty
+from ._compat import strip_ansi
+from .exceptions import Abort
+from .exceptions import UsageError
+from .globals import resolve_color_default
+from .types import Choice
+from .types import convert_type
+from .types import ParamType
+from .utils import echo
+from .utils import LazyFile
+
+if t.TYPE_CHECKING:
+    from ._termui_impl import ProgressBar
+
+V = t.TypeVar("V")
+
+# The prompt functions to use.  The doc tools currently override these
+# functions to customize how they work.
+visible_prompt_func: t.Callable[[str], str] = input
+
+_ansi_colors = {
+    "black": 30,
+    "red": 31,
+    "green": 32,
+    "yellow": 33,
+    "blue": 34,
+    "magenta": 35,
+    "cyan": 36,
+    "white": 37,
+    "reset": 39,
+    "bright_black": 90,
+    "bright_red": 91,
+    "bright_green": 92,
+    "bright_yellow": 93,
+    "bright_blue": 94,
+    "bright_magenta": 95,
+    "bright_cyan": 96,
+    "bright_white": 97,
+}
+_ansi_reset_all = "\033[0m"
+
+
+def hidden_prompt_func(prompt: str) -> str:
+    import getpass
+
+    return getpass.getpass(prompt)
+
+
+def _build_prompt(
+    text: str,
+    suffix: str,
+    show_default: bool = False,
+    default: t.Optional[t.Any] = None,
+    show_choices: bool = True,
+    type: t.Optional[ParamType] = None,
+) -> str:
+    prompt = text
+    if type is not None and show_choices and isinstance(type, Choice):
+        prompt += f" ({', '.join(map(str, type.choices))})"
+    if default is not None and show_default:
+        prompt = f"{prompt} [{_format_default(default)}]"
+    return f"{prompt}{suffix}"
+
+
+def _format_default(default: t.Any) -> t.Any:
+    if isinstance(default, (io.IOBase, LazyFile)) and hasattr(default, "name"):
+        return default.name
+
+    return default
+
+
+def prompt(
+    text: str,
+    default: t.Optional[t.Any] = None,
+    hide_input: bool = False,
+    confirmation_prompt: t.Union[bool, str] = False,
+    type: t.Optional[t.Union[ParamType, t.Any]] = None,
+    value_proc: t.Optional[t.Callable[[str], t.Any]] = None,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+    show_choices: bool = True,
+) -> t.Any:
+    """Prompts a user for input.  This is a convenience function that can
+    be used to prompt a user for input later.
+
+    If the user aborts the input by sending an interrupt signal, this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the text to show for the prompt.
+    :param default: the default value to use if no input happens.  If this
+                    is not given it will prompt until it's aborted.
+    :param hide_input: if this is set to true then the input value will
+                       be hidden.
+    :param confirmation_prompt: Prompt a second time to confirm the
+        value. Can be set to a string instead of ``True`` to customize
+        the message.
+    :param type: the type to use to check the value against.
+    :param value_proc: if this parameter is provided it's a function that
+                       is invoked instead of the type conversion to
+                       convert a value.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    :param show_choices: Show or hide choices if the passed type is a Choice.
+                         For example if type is a Choice of either day or week,
+                         show_choices is true and text is "Group by" then the
+                         prompt will be "Group by (day, week): ".
+
+    .. versionadded:: 8.0
+        ``confirmation_prompt`` can be a custom string.
+
+    .. versionadded:: 7.0
+        Added the ``show_choices`` parameter.
+
+    .. versionadded:: 6.0
+        Added unicode support for cmd.exe on Windows.
+
+    .. versionadded:: 4.0
+        Added the `err` parameter.
+
+    """
+
+    def prompt_func(text: str) -> str:
+        f = hidden_prompt_func if hide_input else visible_prompt_func
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(text.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            return f(" ")
+        except (KeyboardInterrupt, EOFError):
+            # getpass doesn't print a newline if the user aborts input with ^C.
+            # Allegedly this behavior is inherited from getpass(3).
+            # A doc bug has been filed at https://bugs.python.org/issue24711
+            if hide_input:
+                echo(None, err=err)
+            raise Abort() from None
+
+    if value_proc is None:
+        value_proc = convert_type(type, default)
+
+    prompt = _build_prompt(
+        text, prompt_suffix, show_default, default, show_choices, type
+    )
+
+    if confirmation_prompt:
+        if confirmation_prompt is True:
+            confirmation_prompt = _("Repeat for confirmation")
+
+        confirmation_prompt = _build_prompt(confirmation_prompt, prompt_suffix)
+
+    while True:
+        while True:
+            value = prompt_func(prompt)
+            if value:
+                break
+            elif default is not None:
+                value = default
+                break
+        try:
+            result = value_proc(value)
+        except UsageError as e:
+            if hide_input:
+                echo(_("Error: The value you entered was invalid."), err=err)
+            else:
+                echo(_("Error: {e.message}").format(e=e), err=err)  # noqa: B306
+            continue
+        if not confirmation_prompt:
+            return result
+        while True:
+            value2 = prompt_func(confirmation_prompt)
+            is_empty = not value and not value2
+            if value2 or is_empty:
+                break
+        if value == value2:
+            return result
+        echo(_("Error: The two entered values do not match."), err=err)
+
+
+def confirm(
+    text: str,
+    default: t.Optional[bool] = False,
+    abort: bool = False,
+    prompt_suffix: str = ": ",
+    show_default: bool = True,
+    err: bool = False,
+) -> bool:
+    """Prompts for confirmation (yes/no question).
+
+    If the user aborts the input by sending a interrupt signal this
+    function will catch it and raise a :exc:`Abort` exception.
+
+    :param text: the question to ask.
+    :param default: The default value to use when no input is given. If
+        ``None``, repeat until input is given.
+    :param abort: if this is set to `True` a negative answer aborts the
+                  exception by raising :exc:`Abort`.
+    :param prompt_suffix: a suffix that should be added to the prompt.
+    :param show_default: shows or hides the default value in the prompt.
+    :param err: if set to true the file defaults to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+
+    .. versionchanged:: 8.0
+        Repeat until input is given if ``default`` is ``None``.
+
+    .. versionadded:: 4.0
+        Added the ``err`` parameter.
+    """
+    prompt = _build_prompt(
+        text,
+        prompt_suffix,
+        show_default,
+        "y/n" if default is None else ("Y/n" if default else "y/N"),
+    )
+
+    while True:
+        try:
+            # Write the prompt separately so that we get nice
+            # coloring through colorama on Windows
+            echo(prompt.rstrip(" "), nl=False, err=err)
+            # Echo a space to stdout to work around an issue where
+            # readline causes backspace to clear the whole line.
+            value = visible_prompt_func(" ").lower().strip()
+        except (KeyboardInterrupt, EOFError):
+            raise Abort() from None
+        if value in ("y", "yes"):
+            rv = True
+        elif value in ("n", "no"):
+            rv = False
+        elif default is not None and value == "":
+            rv = default
+        else:
+            echo(_("Error: invalid input"), err=err)
+            continue
+        break
+    if abort and not rv:
+        raise Abort()
+    return rv
+
+
+def echo_via_pager(
+    text_or_generator: t.Union[t.Iterable[str], t.Callable[[], t.Iterable[str]], str],
+    color: t.Optional[bool] = None,
+) -> None:
+    """This function takes a text and shows it via an environment specific
+    pager on stdout.
+
+    .. versionchanged:: 3.0
+       Added the `color` flag.
+
+    :param text_or_generator: the text to page, or alternatively, a
+                              generator emitting the text to page.
+    :param color: controls if the pager supports ANSI colors or not.  The
+                  default is autodetection.
+    """
+    color = resolve_color_default(color)
+
+    if inspect.isgeneratorfunction(text_or_generator):
+        i = t.cast(t.Callable[[], t.Iterable[str]], text_or_generator)()
+    elif isinstance(text_or_generator, str):
+        i = [text_or_generator]
+    else:
+        i = iter(t.cast(t.Iterable[str], text_or_generator))
+
+    # convert every element of i to a text type if necessary
+    text_generator = (el if isinstance(el, str) else str(el) for el in i)
+
+    from ._termui_impl import pager
+
+    return pager(itertools.chain(text_generator, "\n"), color)
+
+
+def progressbar(
+    iterable: t.Optional[t.Iterable[V]] = None,
+    length: t.Optional[int] = None,
+    label: t.Optional[str] = None,
+    show_eta: bool = True,
+    show_percent: t.Optional[bool] = None,
+    show_pos: bool = False,
+    item_show_func: t.Optional[t.Callable[[t.Optional[V]], t.Optional[str]]] = None,
+    fill_char: str = "#",
+    empty_char: str = "-",
+    bar_template: str = "%(label)s  [%(bar)s]  %(info)s",
+    info_sep: str = "  ",
+    width: int = 36,
+    file: t.Optional[t.TextIO] = None,
+    color: t.Optional[bool] = None,
+    update_min_steps: int = 1,
+) -> "ProgressBar[V]":
+    """This function creates an iterable context manager that can be used
+    to iterate over something while showing a progress bar.  It will
+    either iterate over the `iterable` or `length` items (that are counted
+    up).  While iteration happens, this function will print a rendered
+    progress bar to the given `file` (defaults to stdout) and will attempt
+    to calculate remaining time and more.  By default, this progress bar
+    will not be rendered if the file is not a terminal.
+
+    The context manager creates the progress bar.  When the context
+    manager is entered the progress bar is already created.  With every
+    iteration over the progress bar, the iterable passed to the bar is
+    advanced and the bar is updated.  When the context manager exits,
+    a newline is printed and the progress bar is finalized on screen.
+
+    Note: The progress bar is currently designed for use cases where the
+    total progress can be expected to take at least several seconds.
+    Because of this, the ProgressBar class object won't display
+    progress that is considered too fast, and progress where the time
+    between steps is less than a second.
+
+    No printing must happen or the progress bar will be unintentionally
+    destroyed.
+
+    Example usage::
+
+        with progressbar(items) as bar:
+            for item in bar:
+                do_something_with(item)
+
+    Alternatively, if no iterable is specified, one can manually update the
+    progress bar through the `update()` method instead of directly
+    iterating over the progress bar.  The update method accepts the number
+    of steps to increment the bar with::
+
+        with progressbar(length=chunks.total_bytes) as bar:
+            for chunk in chunks:
+                process_chunk(chunk)
+                bar.update(chunks.bytes)
+
+    The ``update()`` method also takes an optional value specifying the
+    ``current_item`` at the new position. This is useful when used
+    together with ``item_show_func`` to customize the output for each
+    manual step::
+
+        with click.progressbar(
+            length=total_size,
+            label='Unzipping archive',
+            item_show_func=lambda a: a.filename
+        ) as bar:
+            for archive in zip_file:
+                archive.extract()
+                bar.update(archive.size, archive)
+
+    :param iterable: an iterable to iterate over.  If not provided the length
+                     is required.
+    :param length: the number of items to iterate over.  By default the
+                   progressbar will attempt to ask the iterator about its
+                   length, which might or might not work.  If an iterable is
+                   also provided this parameter can be used to override the
+                   length.  If an iterable is not provided the progress bar
+                   will iterate over a range of that length.
+    :param label: the label to show next to the progress bar.
+    :param show_eta: enables or disables the estimated time display.  This is
+                     automatically disabled if the length cannot be
+                     determined.
+    :param show_percent: enables or disables the percentage display.  The
+                         default is `True` if the iterable has a length or
+                         `False` if not.
+    :param show_pos: enables or disables the absolute position display.  The
+                     default is `False`.
+    :param item_show_func: A function called with the current item which
+        can return a string to show next to the progress bar. If the
+        function returns ``None`` nothing is shown. The current item can
+        be ``None``, such as when entering and exiting the bar.
+    :param fill_char: the character to use to show the filled part of the
+                      progress bar.
+    :param empty_char: the character to use to show the non-filled part of
+                       the progress bar.
+    :param bar_template: the format string to use as template for the bar.
+                         The parameters in it are ``label`` for the label,
+                         ``bar`` for the progress bar and ``info`` for the
+                         info section.
+    :param info_sep: the separator between multiple info items (eta etc.)
+    :param width: the width of the progress bar in characters, 0 means full
+                  terminal width
+    :param file: The file to write to. If this is not a terminal then
+        only the label is printed.
+    :param color: controls if the terminal supports ANSI colors or not.  The
+                  default is autodetection.  This is only needed if ANSI
+                  codes are included anywhere in the progress bar output
+                  which is not the case by default.
+    :param update_min_steps: Render only when this many updates have
+        completed. This allows tuning for very fast iterators.
+
+    .. versionchanged:: 8.0
+        Output is shown even if execution time is less than 0.5 seconds.
+
+    .. versionchanged:: 8.0
+        ``item_show_func`` shows the current item, not the previous one.
+
+    .. versionchanged:: 8.0
+        Labels are echoed if the output is not a TTY. Reverts a change
+        in 7.0 that removed all output.
+
+    .. versionadded:: 8.0
+       Added the ``update_min_steps`` parameter.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter. Added the ``update`` method to
+        the object.
+
+    .. versionadded:: 2.0
+    """
+    from ._termui_impl import ProgressBar
+
+    color = resolve_color_default(color)
+    return ProgressBar(
+        iterable=iterable,
+        length=length,
+        show_eta=show_eta,
+        show_percent=show_percent,
+        show_pos=show_pos,
+        item_show_func=item_show_func,
+        fill_char=fill_char,
+        empty_char=empty_char,
+        bar_template=bar_template,
+        info_sep=info_sep,
+        file=file,
+        label=label,
+        width=width,
+        color=color,
+        update_min_steps=update_min_steps,
+    )
+
+
+def clear() -> None:
+    """Clears the terminal screen.  This will have the effect of clearing
+    the whole visible space of the terminal and moving the cursor to the
+    top left.  This does not do anything if not connected to a terminal.
+
+    .. versionadded:: 2.0
+    """
+    if not isatty(sys.stdout):
+        return
+
+    # ANSI escape \033[2J clears the screen, \033[1;1H moves the cursor
+    echo("\033[2J\033[1;1H", nl=False)
+
+
+def _interpret_color(
+    color: t.Union[int, t.Tuple[int, int, int], str], offset: int = 0
+) -> str:
+    if isinstance(color, int):
+        return f"{38 + offset};5;{color:d}"
+
+    if isinstance(color, (tuple, list)):
+        r, g, b = color
+        return f"{38 + offset};2;{r:d};{g:d};{b:d}"
+
+    return str(_ansi_colors[color] + offset)
+
+
+def style(
+    text: t.Any,
+    fg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bg: t.Optional[t.Union[int, t.Tuple[int, int, int], str]] = None,
+    bold: t.Optional[bool] = None,
+    dim: t.Optional[bool] = None,
+    underline: t.Optional[bool] = None,
+    overline: t.Optional[bool] = None,
+    italic: t.Optional[bool] = None,
+    blink: t.Optional[bool] = None,
+    reverse: t.Optional[bool] = None,
+    strikethrough: t.Optional[bool] = None,
+    reset: bool = True,
+) -> str:
+    """Styles a text with ANSI styles and returns the new string.  By
+    default the styling is self contained which means that at the end
+    of the string a reset code is issued.  This can be prevented by
+    passing ``reset=False``.
+
+    Examples::
+
+        click.echo(click.style('Hello World!', fg='green'))
+        click.echo(click.style('ATTENTION!', blink=True))
+        click.echo(click.style('Some things', reverse=True, fg='cyan'))
+        click.echo(click.style('More colors', fg=(255, 12, 128), bg=117))
+
+    Supported color names:
+
+    * ``black`` (might be a gray)
+    * ``red``
+    * ``green``
+    * ``yellow`` (might be an orange)
+    * ``blue``
+    * ``magenta``
+    * ``cyan``
+    * ``white`` (might be light gray)
+    * ``bright_black``
+    * ``bright_red``
+    * ``bright_green``
+    * ``bright_yellow``
+    * ``bright_blue``
+    * ``bright_magenta``
+    * ``bright_cyan``
+    * ``bright_white``
+    * ``reset`` (reset the color code only)
+
+    If the terminal supports it, color may also be specified as:
+
+    -   An integer in the interval [0, 255]. The terminal must support
+        8-bit/256-color mode.
+    -   An RGB tuple of three integers in [0, 255]. The terminal must
+        support 24-bit/true-color mode.
+
+    See https://en.wikipedia.org/wiki/ANSI_color and
+    https://gist.github.com/XVilka/8346728 for more information.
+
+    :param text: the string to style with ansi codes.
+    :param fg: if provided this will become the foreground color.
+    :param bg: if provided this will become the background color.
+    :param bold: if provided this will enable or disable bold mode.
+    :param dim: if provided this will enable or disable dim mode.  This is
+                badly supported.
+    :param underline: if provided this will enable or disable underline.
+    :param overline: if provided this will enable or disable overline.
+    :param italic: if provided this will enable or disable italic.
+    :param blink: if provided this will enable or disable blinking.
+    :param reverse: if provided this will enable or disable inverse
+                    rendering (foreground becomes background and the
+                    other way round).
+    :param strikethrough: if provided this will enable or disable
+        striking through text.
+    :param reset: by default a reset-all code is added at the end of the
+                  string which means that styles do not carry over.  This
+                  can be disabled to compose styles.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string.
+
+    .. versionchanged:: 8.0
+       Added support for 256 and RGB color codes.
+
+    .. versionchanged:: 8.0
+        Added the ``strikethrough``, ``italic``, and ``overline``
+        parameters.
+
+    .. versionchanged:: 7.0
+        Added support for bright colors.
+
+    .. versionadded:: 2.0
+    """
+    if not isinstance(text, str):
+        text = str(text)
+
+    bits = []
+
+    if fg:
+        try:
+            bits.append(f"\033[{_interpret_color(fg)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {fg!r}") from None
+
+    if bg:
+        try:
+            bits.append(f"\033[{_interpret_color(bg, 10)}m")
+        except KeyError:
+            raise TypeError(f"Unknown color {bg!r}") from None
+
+    if bold is not None:
+        bits.append(f"\033[{1 if bold else 22}m")
+    if dim is not None:
+        bits.append(f"\033[{2 if dim else 22}m")
+    if underline is not None:
+        bits.append(f"\033[{4 if underline else 24}m")
+    if overline is not None:
+        bits.append(f"\033[{53 if overline else 55}m")
+    if italic is not None:
+        bits.append(f"\033[{3 if italic else 23}m")
+    if blink is not None:
+        bits.append(f"\033[{5 if blink else 25}m")
+    if reverse is not None:
+        bits.append(f"\033[{7 if reverse else 27}m")
+    if strikethrough is not None:
+        bits.append(f"\033[{9 if strikethrough else 29}m")
+    bits.append(text)
+    if reset:
+        bits.append(_ansi_reset_all)
+    return "".join(bits)
+
+
+def unstyle(text: str) -> str:
+    """Removes ANSI styling information from a string.  Usually it's not
+    necessary to use this function as Click's echo function will
+    automatically remove styling if necessary.
+
+    .. versionadded:: 2.0
+
+    :param text: the text to remove style information from.
+    """
+    return strip_ansi(text)
+
+
+def secho(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.AnyStr]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+    **styles: t.Any,
+) -> None:
+    """This function combines :func:`echo` and :func:`style` into one
+    call.  As such the following two calls are the same::
+
+        click.secho('Hello World!', fg='green')
+        click.echo(click.style('Hello World!', fg='green'))
+
+    All keyword arguments are forwarded to the underlying functions
+    depending on which one they go with.
+
+    Non-string types will be converted to :class:`str`. However,
+    :class:`bytes` are passed directly to :meth:`echo` without applying
+    style. If you want to style bytes that represent text, call
+    :meth:`bytes.decode` first.
+
+    .. versionchanged:: 8.0
+        A non-string ``message`` is converted to a string. Bytes are
+        passed through without style applied.
+
+    .. versionadded:: 2.0
+    """
+    if message is not None and not isinstance(message, (bytes, bytearray)):
+        message = style(message, **styles)
+
+    return echo(message, file=file, nl=nl, err=err, color=color)
+
+
+def edit(
+    text: t.Optional[t.AnyStr] = None,
+    editor: t.Optional[str] = None,
+    env: t.Optional[t.Mapping[str, str]] = None,
+    require_save: bool = True,
+    extension: str = ".txt",
+    filename: t.Optional[str] = None,
+) -> t.Optional[t.AnyStr]:
+    r"""Edits the given text in the defined editor.  If an editor is given
+    (should be the full path to the executable but the regular operating
+    system search path is used for finding the executable) it overrides
+    the detected editor.  Optionally, some environment variables can be
+    used.  If the editor is closed without changes, `None` is returned.  In
+    case a file is edited directly the return value is always `None` and
+    `require_save` and `extension` are ignored.
+
+    If the editor cannot be opened a :exc:`UsageError` is raised.
+
+    Note for Windows: to simplify cross-platform usage, the newlines are
+    automatically converted from POSIX to Windows and vice versa.  As such,
+    the message here will have ``\n`` as newline markers.
+
+    :param text: the text to edit.
+    :param editor: optionally the editor to use.  Defaults to automatic
+                   detection.
+    :param env: environment variables to forward to the editor.
+    :param require_save: if this is true, then not saving in the editor
+                         will make the return value become `None`.
+    :param extension: the extension to tell the editor about.  This defaults
+                      to `.txt` but changing this might change syntax
+                      highlighting.
+    :param filename: if provided it will edit this file instead of the
+                     provided text contents.  It will not use a temporary
+                     file as an indirection in that case.
+    """
+    from ._termui_impl import Editor
+
+    ed = Editor(editor=editor, env=env, require_save=require_save, extension=extension)
+
+    if filename is None:
+        return ed.edit(text)
+
+    ed.edit_file(filename)
+    return None
+
+
+def launch(url: str, wait: bool = False, locate: bool = False) -> int:
+    """This function launches the given URL (or filename) in the default
+    viewer application for this file type.  If this is an executable, it
+    might launch the executable in a new session.  The return value is
+    the exit code of the launched application.  Usually, ``0`` indicates
+    success.
+
+    Examples::
+
+        click.launch('https://click.palletsprojects.com/')
+        click.launch('/my/downloaded/file', locate=True)
+
+    .. versionadded:: 2.0
+
+    :param url: URL or filename of the thing to launch.
+    :param wait: Wait for the program to exit before returning. This
+        only works if the launched program blocks. In particular,
+        ``xdg-open`` on Linux does not block.
+    :param locate: if this is set to `True` then instead of launching the
+                   application associated with the URL it will attempt to
+                   launch a file manager with the file located.  This
+                   might have weird effects if the URL does not point to
+                   the filesystem.
+    """
+    from ._termui_impl import open_url
+
+    return open_url(url, wait=wait, locate=locate)
+
+
+# If this is provided, getchar() calls into this instead.  This is used
+# for unittesting purposes.
+_getchar: t.Optional[t.Callable[[bool], str]] = None
+
+
+def getchar(echo: bool = False) -> str:
+    """Fetches a single character from the terminal and returns it.  This
+    will always return a unicode character and under certain rare
+    circumstances this might return more than one character.  The
+    situations which more than one character is returned is when for
+    whatever reason multiple characters end up in the terminal buffer or
+    standard input was not actually a terminal.
+
+    Note that this will always read from the terminal, even if something
+    is piped into the standard input.
+
+    Note for Windows: in rare cases when typing non-ASCII characters, this
+    function might wait for a second character and then return both at once.
+    This is because certain Unicode characters look like special-key markers.
+
+    .. versionadded:: 2.0
+
+    :param echo: if set to `True`, the character read will also show up on
+                 the terminal.  The default is to not show it.
+    """
+    global _getchar
+
+    if _getchar is None:
+        from ._termui_impl import getchar as f
+
+        _getchar = f
+
+    return _getchar(echo)
+
+
+def raw_terminal() -> t.ContextManager[int]:
+    from ._termui_impl import raw_terminal as f
+
+    return f()
+
+
+def pause(info: t.Optional[str] = None, err: bool = False) -> None:
+    """This command stops execution and waits for the user to press any
+    key to continue.  This is similar to the Windows batch "pause"
+    command.  If the program is not run through a terminal, this command
+    will instead do nothing.
+
+    .. versionadded:: 2.0
+
+    .. versionadded:: 4.0
+       Added the `err` parameter.
+
+    :param info: The message to print before pausing. Defaults to
+        ``"Press any key to continue..."``.
+    :param err: if set to message goes to ``stderr`` instead of
+                ``stdout``, the same as with echo.
+    """
+    if not isatty(sys.stdin) or not isatty(sys.stdout):
+        return
+
+    if info is None:
+        info = _("Press any key to continue...")
+
+    try:
+        if info:
+            echo(info, nl=False, err=err)
+        try:
+            getchar()
+        except (KeyboardInterrupt, EOFError):
+            pass
+    finally:
+        if info:
+            echo(err=err)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/testing.py b/lib/go-jinja2/internal/data/windows-amd64/click/testing.py
new file mode 100644
index 000000000..e0df0d2a6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/testing.py
@@ -0,0 +1,479 @@
+import contextlib
+import io
+import os
+import shlex
+import shutil
+import sys
+import tempfile
+import typing as t
+from types import TracebackType
+
+from . import formatting
+from . import termui
+from . import utils
+from ._compat import _find_binary_reader
+
+if t.TYPE_CHECKING:
+    from .core import BaseCommand
+
+
+class EchoingStdin:
+    def __init__(self, input: t.BinaryIO, output: t.BinaryIO) -> None:
+        self._input = input
+        self._output = output
+        self._paused = False
+
+    def __getattr__(self, x: str) -> t.Any:
+        return getattr(self._input, x)
+
+    def _echo(self, rv: bytes) -> bytes:
+        if not self._paused:
+            self._output.write(rv)
+
+        return rv
+
+    def read(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read(n))
+
+    def read1(self, n: int = -1) -> bytes:
+        return self._echo(self._input.read1(n))  # type: ignore
+
+    def readline(self, n: int = -1) -> bytes:
+        return self._echo(self._input.readline(n))
+
+    def readlines(self) -> t.List[bytes]:
+        return [self._echo(x) for x in self._input.readlines()]
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._echo(x) for x in self._input)
+
+    def __repr__(self) -> str:
+        return repr(self._input)
+
+
+@contextlib.contextmanager
+def _pause_echo(stream: t.Optional[EchoingStdin]) -> t.Iterator[None]:
+    if stream is None:
+        yield
+    else:
+        stream._paused = True
+        yield
+        stream._paused = False
+
+
+class _NamedTextIOWrapper(io.TextIOWrapper):
+    def __init__(
+        self, buffer: t.BinaryIO, name: str, mode: str, **kwargs: t.Any
+    ) -> None:
+        super().__init__(buffer, **kwargs)
+        self._name = name
+        self._mode = mode
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def mode(self) -> str:
+        return self._mode
+
+
+def make_input_stream(
+    input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]], charset: str
+) -> t.BinaryIO:
+    # Is already an input stream.
+    if hasattr(input, "read"):
+        rv = _find_binary_reader(t.cast(t.IO[t.Any], input))
+
+        if rv is not None:
+            return rv
+
+        raise TypeError("Could not find binary reader for input stream.")
+
+    if input is None:
+        input = b""
+    elif isinstance(input, str):
+        input = input.encode(charset)
+
+    return io.BytesIO(input)
+
+
+class Result:
+    """Holds the captured result of an invoked CLI script."""
+
+    def __init__(
+        self,
+        runner: "CliRunner",
+        stdout_bytes: bytes,
+        stderr_bytes: t.Optional[bytes],
+        return_value: t.Any,
+        exit_code: int,
+        exception: t.Optional[BaseException],
+        exc_info: t.Optional[
+            t.Tuple[t.Type[BaseException], BaseException, TracebackType]
+        ] = None,
+    ):
+        #: The runner that created the result
+        self.runner = runner
+        #: The standard output as bytes.
+        self.stdout_bytes = stdout_bytes
+        #: The standard error as bytes, or None if not available
+        self.stderr_bytes = stderr_bytes
+        #: The value returned from the invoked command.
+        #:
+        #: .. versionadded:: 8.0
+        self.return_value = return_value
+        #: The exit code as integer.
+        self.exit_code = exit_code
+        #: The exception that happened if one did.
+        self.exception = exception
+        #: The traceback
+        self.exc_info = exc_info
+
+    @property
+    def output(self) -> str:
+        """The (standard) output as unicode string."""
+        return self.stdout
+
+    @property
+    def stdout(self) -> str:
+        """The standard output as unicode string."""
+        return self.stdout_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    @property
+    def stderr(self) -> str:
+        """The standard error as unicode string."""
+        if self.stderr_bytes is None:
+            raise ValueError("stderr not separately captured")
+        return self.stderr_bytes.decode(self.runner.charset, "replace").replace(
+            "\r\n", "\n"
+        )
+
+    def __repr__(self) -> str:
+        exc_str = repr(self.exception) if self.exception else "okay"
+        return f"<{type(self).__name__} {exc_str}>"
+
+
+class CliRunner:
+    """The CLI runner provides functionality to invoke a Click command line
+    script for unittesting purposes in a isolated environment.  This only
+    works in single-threaded systems without any concurrency as it changes the
+    global interpreter state.
+
+    :param charset: the character set for the input and output data.
+    :param env: a dictionary with environment variables for overriding.
+    :param echo_stdin: if this is set to `True`, then reading from stdin writes
+                       to stdout.  This is useful for showing examples in
+                       some circumstances.  Note that regular prompts
+                       will automatically echo the input.
+    :param mix_stderr: if this is set to `False`, then stdout and stderr are
+                       preserved as independent streams.  This is useful for
+                       Unix-philosophy apps that have predictable stdout and
+                       noisy stderr, such that each may be measured
+                       independently
+    """
+
+    def __init__(
+        self,
+        charset: str = "utf-8",
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        echo_stdin: bool = False,
+        mix_stderr: bool = True,
+    ) -> None:
+        self.charset = charset
+        self.env: t.Mapping[str, t.Optional[str]] = env or {}
+        self.echo_stdin = echo_stdin
+        self.mix_stderr = mix_stderr
+
+    def get_default_prog_name(self, cli: "BaseCommand") -> str:
+        """Given a command object it will return the default program name
+        for it.  The default is the `name` attribute or ``"root"`` if not
+        set.
+        """
+        return cli.name or "root"
+
+    def make_env(
+        self, overrides: t.Optional[t.Mapping[str, t.Optional[str]]] = None
+    ) -> t.Mapping[str, t.Optional[str]]:
+        """Returns the environment overrides for invoking a script."""
+        rv = dict(self.env)
+        if overrides:
+            rv.update(overrides)
+        return rv
+
+    @contextlib.contextmanager
+    def isolation(
+        self,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        color: bool = False,
+    ) -> t.Iterator[t.Tuple[io.BytesIO, t.Optional[io.BytesIO]]]:
+        """A context manager that sets up the isolation for invoking of a
+        command line tool.  This sets up stdin with the given input data
+        and `os.environ` with the overrides from the given dictionary.
+        This also rebinds some internals in Click to be mocked (like the
+        prompt functionality).
+
+        This is automatically done in the :meth:`invoke` method.
+
+        :param input: the input stream to put into sys.stdin.
+        :param env: the environment overrides as dictionary.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            ``stderr`` is opened with ``errors="backslashreplace"``
+            instead of the default ``"strict"``.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+        """
+        bytes_input = make_input_stream(input, self.charset)
+        echo_input = None
+
+        old_stdin = sys.stdin
+        old_stdout = sys.stdout
+        old_stderr = sys.stderr
+        old_forced_width = formatting.FORCED_WIDTH
+        formatting.FORCED_WIDTH = 80
+
+        env = self.make_env(env)
+
+        bytes_output = io.BytesIO()
+
+        if self.echo_stdin:
+            bytes_input = echo_input = t.cast(
+                t.BinaryIO, EchoingStdin(bytes_input, bytes_output)
+            )
+
+        sys.stdin = text_input = _NamedTextIOWrapper(
+            bytes_input, encoding=self.charset, name="<stdin>", mode="r"
+        )
+
+        if self.echo_stdin:
+            # Force unbuffered reads, otherwise TextIOWrapper reads a
+            # large chunk which is echoed early.
+            text_input._CHUNK_SIZE = 1  # type: ignore
+
+        sys.stdout = _NamedTextIOWrapper(
+            bytes_output, encoding=self.charset, name="<stdout>", mode="w"
+        )
+
+        bytes_error = None
+        if self.mix_stderr:
+            sys.stderr = sys.stdout
+        else:
+            bytes_error = io.BytesIO()
+            sys.stderr = _NamedTextIOWrapper(
+                bytes_error,
+                encoding=self.charset,
+                name="<stderr>",
+                mode="w",
+                errors="backslashreplace",
+            )
+
+        @_pause_echo(echo_input)  # type: ignore
+        def visible_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(prompt or "")
+            val = text_input.readline().rstrip("\r\n")
+            sys.stdout.write(f"{val}\n")
+            sys.stdout.flush()
+            return val
+
+        @_pause_echo(echo_input)  # type: ignore
+        def hidden_input(prompt: t.Optional[str] = None) -> str:
+            sys.stdout.write(f"{prompt or ''}\n")
+            sys.stdout.flush()
+            return text_input.readline().rstrip("\r\n")
+
+        @_pause_echo(echo_input)  # type: ignore
+        def _getchar(echo: bool) -> str:
+            char = sys.stdin.read(1)
+
+            if echo:
+                sys.stdout.write(char)
+
+            sys.stdout.flush()
+            return char
+
+        default_color = color
+
+        def should_strip_ansi(
+            stream: t.Optional[t.IO[t.Any]] = None, color: t.Optional[bool] = None
+        ) -> bool:
+            if color is None:
+                return not default_color
+            return not color
+
+        old_visible_prompt_func = termui.visible_prompt_func
+        old_hidden_prompt_func = termui.hidden_prompt_func
+        old__getchar_func = termui._getchar
+        old_should_strip_ansi = utils.should_strip_ansi  # type: ignore
+        termui.visible_prompt_func = visible_input
+        termui.hidden_prompt_func = hidden_input
+        termui._getchar = _getchar
+        utils.should_strip_ansi = should_strip_ansi  # type: ignore
+
+        old_env = {}
+        try:
+            for key, value in env.items():
+                old_env[key] = os.environ.get(key)
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            yield (bytes_output, bytes_error)
+        finally:
+            for key, value in old_env.items():
+                if value is None:
+                    try:
+                        del os.environ[key]
+                    except Exception:
+                        pass
+                else:
+                    os.environ[key] = value
+            sys.stdout = old_stdout
+            sys.stderr = old_stderr
+            sys.stdin = old_stdin
+            termui.visible_prompt_func = old_visible_prompt_func
+            termui.hidden_prompt_func = old_hidden_prompt_func
+            termui._getchar = old__getchar_func
+            utils.should_strip_ansi = old_should_strip_ansi  # type: ignore
+            formatting.FORCED_WIDTH = old_forced_width
+
+    def invoke(
+        self,
+        cli: "BaseCommand",
+        args: t.Optional[t.Union[str, t.Sequence[str]]] = None,
+        input: t.Optional[t.Union[str, bytes, t.IO[t.Any]]] = None,
+        env: t.Optional[t.Mapping[str, t.Optional[str]]] = None,
+        catch_exceptions: bool = True,
+        color: bool = False,
+        **extra: t.Any,
+    ) -> Result:
+        """Invokes a command in an isolated environment.  The arguments are
+        forwarded directly to the command line script, the `extra` keyword
+        arguments are passed to the :meth:`~clickpkg.Command.main` function of
+        the command.
+
+        This returns a :class:`Result` object.
+
+        :param cli: the command to invoke
+        :param args: the arguments to invoke. It may be given as an iterable
+                     or a string. When given as string it will be interpreted
+                     as a Unix shell command. More details at
+                     :func:`shlex.split`.
+        :param input: the input data for `sys.stdin`.
+        :param env: the environment overrides.
+        :param catch_exceptions: Whether to catch any other exceptions than
+                                 ``SystemExit``.
+        :param extra: the keyword arguments to pass to :meth:`main`.
+        :param color: whether the output should contain color codes. The
+                      application can still override this explicitly.
+
+        .. versionchanged:: 8.0
+            The result object has the ``return_value`` attribute with
+            the value returned from the invoked command.
+
+        .. versionchanged:: 4.0
+            Added the ``color`` parameter.
+
+        .. versionchanged:: 3.0
+            Added the ``catch_exceptions`` parameter.
+
+        .. versionchanged:: 3.0
+            The result object has the ``exc_info`` attribute with the
+            traceback if available.
+        """
+        exc_info = None
+        with self.isolation(input=input, env=env, color=color) as outstreams:
+            return_value = None
+            exception: t.Optional[BaseException] = None
+            exit_code = 0
+
+            if isinstance(args, str):
+                args = shlex.split(args)
+
+            try:
+                prog_name = extra.pop("prog_name")
+            except KeyError:
+                prog_name = self.get_default_prog_name(cli)
+
+            try:
+                return_value = cli.main(args=args or (), prog_name=prog_name, **extra)
+            except SystemExit as e:
+                exc_info = sys.exc_info()
+                e_code = t.cast(t.Optional[t.Union[int, t.Any]], e.code)
+
+                if e_code is None:
+                    e_code = 0
+
+                if e_code != 0:
+                    exception = e
+
+                if not isinstance(e_code, int):
+                    sys.stdout.write(str(e_code))
+                    sys.stdout.write("\n")
+                    e_code = 1
+
+                exit_code = e_code
+
+            except Exception as e:
+                if not catch_exceptions:
+                    raise
+                exception = e
+                exit_code = 1
+                exc_info = sys.exc_info()
+            finally:
+                sys.stdout.flush()
+                stdout = outstreams[0].getvalue()
+                if self.mix_stderr:
+                    stderr = None
+                else:
+                    stderr = outstreams[1].getvalue()  # type: ignore
+
+        return Result(
+            runner=self,
+            stdout_bytes=stdout,
+            stderr_bytes=stderr,
+            return_value=return_value,
+            exit_code=exit_code,
+            exception=exception,
+            exc_info=exc_info,  # type: ignore
+        )
+
+    @contextlib.contextmanager
+    def isolated_filesystem(
+        self, temp_dir: t.Optional[t.Union[str, "os.PathLike[str]"]] = None
+    ) -> t.Iterator[str]:
+        """A context manager that creates a temporary directory and
+        changes the current working directory to it. This isolates tests
+        that affect the contents of the CWD to prevent them from
+        interfering with each other.
+
+        :param temp_dir: Create the temporary directory under this
+            directory. If given, the created directory is not removed
+            when exiting.
+
+        .. versionchanged:: 8.0
+            Added the ``temp_dir`` parameter.
+        """
+        cwd = os.getcwd()
+        dt = tempfile.mkdtemp(dir=temp_dir)
+        os.chdir(dt)
+
+        try:
+            yield dt
+        finally:
+            os.chdir(cwd)
+
+            if temp_dir is None:
+                try:
+                    shutil.rmtree(dt)
+                except OSError:  # noqa: B014
+                    pass
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/types.py b/lib/go-jinja2/internal/data/windows-amd64/click/types.py
new file mode 100644
index 000000000..2b1d1797f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/types.py
@@ -0,0 +1,1089 @@
+import os
+import stat
+import sys
+import typing as t
+from datetime import datetime
+from gettext import gettext as _
+from gettext import ngettext
+
+from ._compat import _get_argv_encoding
+from ._compat import open_stream
+from .exceptions import BadParameter
+from .utils import format_filename
+from .utils import LazyFile
+from .utils import safecall
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+    from .core import Context
+    from .core import Parameter
+    from .shell_completion import CompletionItem
+
+
+class ParamType:
+    """Represents the type of a parameter. Validates and converts values
+    from the command line or Python into the correct type.
+
+    To implement a custom type, subclass and implement at least the
+    following:
+
+    -   The :attr:`name` class attribute must be set.
+    -   Calling an instance of the type with ``None`` must return
+        ``None``. This is already implemented by default.
+    -   :meth:`convert` must convert string values to the correct type.
+    -   :meth:`convert` must accept values that are already the correct
+        type.
+    -   It must be able to convert a value if the ``ctx`` and ``param``
+        arguments are ``None``. This can occur when converting prompt
+        input.
+    """
+
+    is_composite: t.ClassVar[bool] = False
+    arity: t.ClassVar[int] = 1
+
+    #: the descriptive name of this type
+    name: str
+
+    #: if a list of this type is expected and the value is pulled from a
+    #: string environment variable, this is what splits it up.  `None`
+    #: means any whitespace.  For all parameters the general rule is that
+    #: whitespace splits them up.  The exception are paths and files which
+    #: are split by ``os.path.pathsep`` by default (":" on Unix and ";" on
+    #: Windows).
+    envvar_list_splitter: t.ClassVar[t.Optional[str]] = None
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        """Gather information that could be useful for a tool generating
+        user-facing documentation.
+
+        Use :meth:`click.Context.to_info_dict` to traverse the entire
+        CLI structure.
+
+        .. versionadded:: 8.0
+        """
+        # The class name without the "ParamType" suffix.
+        param_type = type(self).__name__.partition("ParamType")[0]
+        param_type = param_type.partition("ParameterType")[0]
+
+        # Custom subclasses might not remember to set a name.
+        if hasattr(self, "name"):
+            name = self.name
+        else:
+            name = param_type
+
+        return {"param_type": param_type, "name": name}
+
+    def __call__(
+        self,
+        value: t.Any,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> t.Any:
+        if value is not None:
+            return self.convert(value, param, ctx)
+
+    def get_metavar(self, param: "Parameter") -> t.Optional[str]:
+        """Returns the metavar default for this param if it provides one."""
+
+    def get_missing_message(self, param: "Parameter") -> t.Optional[str]:
+        """Optionally might return extra information about a missing
+        parameter.
+
+        .. versionadded:: 2.0
+        """
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        """Convert the value to the correct type. This is not called if
+        the value is ``None`` (the missing value).
+
+        This must accept string values from the command line, as well as
+        values that are already the correct type. It may also convert
+        other compatible types.
+
+        The ``param`` and ``ctx`` arguments may be ``None`` in certain
+        situations, such as when converting prompt input.
+
+        If the value cannot be converted, call :meth:`fail` with a
+        descriptive message.
+
+        :param value: The value to convert.
+        :param param: The parameter that is using this type to convert
+            its value. May be ``None``.
+        :param ctx: The current context that arrived at this value. May
+            be ``None``.
+        """
+        return value
+
+    def split_envvar_value(self, rv: str) -> t.Sequence[str]:
+        """Given a value from an environment variable this splits it up
+        into small chunks depending on the defined envvar list splitter.
+
+        If the splitter is set to `None`, which means that whitespace splits,
+        then leading and trailing whitespace is ignored.  Otherwise, leading
+        and trailing splitters usually lead to empty items being included.
+        """
+        return (rv or "").split(self.envvar_list_splitter)
+
+    def fail(
+        self,
+        message: str,
+        param: t.Optional["Parameter"] = None,
+        ctx: t.Optional["Context"] = None,
+    ) -> "t.NoReturn":
+        """Helper method to fail with an invalid value message."""
+        raise BadParameter(message, ctx=ctx, param=param)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a list of
+        :class:`~click.shell_completion.CompletionItem` objects for the
+        incomplete value. Most types do not provide completions, but
+        some do, and this allows custom types to provide custom
+        completions as well.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        return []
+
+
+class CompositeParamType(ParamType):
+    is_composite = True
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        raise NotImplementedError()
+
+
+class FuncParamType(ParamType):
+    def __init__(self, func: t.Callable[[t.Any], t.Any]) -> None:
+        self.name: str = func.__name__
+        self.func = func
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["func"] = self.func
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self.func(value)
+        except ValueError:
+            try:
+                value = str(value)
+            except UnicodeError:
+                value = value.decode("utf-8", "replace")
+
+            self.fail(value, param, ctx)
+
+
+class UnprocessedParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        return value
+
+    def __repr__(self) -> str:
+        return "UNPROCESSED"
+
+
+class StringParamType(ParamType):
+    name = "text"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, bytes):
+            enc = _get_argv_encoding()
+            try:
+                value = value.decode(enc)
+            except UnicodeError:
+                fs_enc = sys.getfilesystemencoding()
+                if fs_enc != enc:
+                    try:
+                        value = value.decode(fs_enc)
+                    except UnicodeError:
+                        value = value.decode("utf-8", "replace")
+                else:
+                    value = value.decode("utf-8", "replace")
+            return value
+        return str(value)
+
+    def __repr__(self) -> str:
+        return "STRING"
+
+
+class Choice(ParamType):
+    """The choice type allows a value to be checked against a fixed set
+    of supported values. All of these values have to be strings.
+
+    You should only pass a list or tuple of choices. Other iterables
+    (like generators) may lead to surprising results.
+
+    The resulting value will always be one of the originally passed choices
+    regardless of ``case_sensitive`` or any ``ctx.token_normalize_func``
+    being specified.
+
+    See :ref:`choice-opts` for an example.
+
+    :param case_sensitive: Set to false to make choices case
+        insensitive. Defaults to true.
+    """
+
+    name = "choice"
+
+    def __init__(self, choices: t.Sequence[str], case_sensitive: bool = True) -> None:
+        self.choices = choices
+        self.case_sensitive = case_sensitive
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["choices"] = self.choices
+        info_dict["case_sensitive"] = self.case_sensitive
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        choices_str = "|".join(self.choices)
+
+        # Use curly braces to indicate a required argument.
+        if param.required and param.param_type_name == "argument":
+            return f"{{{choices_str}}}"
+
+        # Use square braces to indicate an option or optional argument.
+        return f"[{choices_str}]"
+
+    def get_missing_message(self, param: "Parameter") -> str:
+        return _("Choose from:\n\t{choices}").format(choices=",\n\t".join(self.choices))
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        # Match through normalization and case sensitivity
+        # first do token_normalize_func, then lowercase
+        # preserve original `value` to produce an accurate message in
+        # `self.fail`
+        normed_value = value
+        normed_choices = {choice: choice for choice in self.choices}
+
+        if ctx is not None and ctx.token_normalize_func is not None:
+            normed_value = ctx.token_normalize_func(value)
+            normed_choices = {
+                ctx.token_normalize_func(normed_choice): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if not self.case_sensitive:
+            normed_value = normed_value.casefold()
+            normed_choices = {
+                normed_choice.casefold(): original
+                for normed_choice, original in normed_choices.items()
+            }
+
+        if normed_value in normed_choices:
+            return normed_choices[normed_value]
+
+        choices_str = ", ".join(map(repr, self.choices))
+        self.fail(
+            ngettext(
+                "{value!r} is not {choice}.",
+                "{value!r} is not one of {choices}.",
+                len(self.choices),
+            ).format(value=value, choice=choices_str, choices=choices_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return f"Choice({list(self.choices)})"
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Complete choices that start with the incomplete value.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        str_choices = map(str, self.choices)
+
+        if self.case_sensitive:
+            matched = (c for c in str_choices if c.startswith(incomplete))
+        else:
+            incomplete = incomplete.lower()
+            matched = (c for c in str_choices if c.lower().startswith(incomplete))
+
+        return [CompletionItem(c) for c in matched]
+
+
+class DateTime(ParamType):
+    """The DateTime type converts date strings into `datetime` objects.
+
+    The format strings which are checked are configurable, but default to some
+    common (non-timezone aware) ISO 8601 formats.
+
+    When specifying *DateTime* formats, you should only pass a list or a tuple.
+    Other iterables, like generators, may lead to surprising results.
+
+    The format strings are processed using ``datetime.strptime``, and this
+    consequently defines the format strings which are allowed.
+
+    Parsing is tried using each format, in order, and the first format which
+    parses successfully is used.
+
+    :param formats: A list or tuple of date format strings, in the order in
+                    which they should be tried. Defaults to
+                    ``'%Y-%m-%d'``, ``'%Y-%m-%dT%H:%M:%S'``,
+                    ``'%Y-%m-%d %H:%M:%S'``.
+    """
+
+    name = "datetime"
+
+    def __init__(self, formats: t.Optional[t.Sequence[str]] = None):
+        self.formats: t.Sequence[str] = formats or [
+            "%Y-%m-%d",
+            "%Y-%m-%dT%H:%M:%S",
+            "%Y-%m-%d %H:%M:%S",
+        ]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["formats"] = self.formats
+        return info_dict
+
+    def get_metavar(self, param: "Parameter") -> str:
+        return f"[{'|'.join(self.formats)}]"
+
+    def _try_to_convert_date(self, value: t.Any, format: str) -> t.Optional[datetime]:
+        try:
+            return datetime.strptime(value, format)
+        except ValueError:
+            return None
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if isinstance(value, datetime):
+            return value
+
+        for format in self.formats:
+            converted = self._try_to_convert_date(value, format)
+
+            if converted is not None:
+                return converted
+
+        formats_str = ", ".join(map(repr, self.formats))
+        self.fail(
+            ngettext(
+                "{value!r} does not match the format {format}.",
+                "{value!r} does not match the formats {formats}.",
+                len(self.formats),
+            ).format(value=value, format=formats_str, formats=formats_str),
+            param,
+            ctx,
+        )
+
+    def __repr__(self) -> str:
+        return "DateTime"
+
+
+class _NumberParamTypeBase(ParamType):
+    _number_class: t.ClassVar[t.Type[t.Any]]
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        try:
+            return self._number_class(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid {number_type}.").format(
+                    value=value, number_type=self.name
+                ),
+                param,
+                ctx,
+            )
+
+
+class _NumberRangeBase(_NumberParamTypeBase):
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        self.min = min
+        self.max = max
+        self.min_open = min_open
+        self.max_open = max_open
+        self.clamp = clamp
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            min=self.min,
+            max=self.max,
+            min_open=self.min_open,
+            max_open=self.max_open,
+            clamp=self.clamp,
+        )
+        return info_dict
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import operator
+
+        rv = super().convert(value, param, ctx)
+        lt_min: bool = self.min is not None and (
+            operator.le if self.min_open else operator.lt
+        )(rv, self.min)
+        gt_max: bool = self.max is not None and (
+            operator.ge if self.max_open else operator.gt
+        )(rv, self.max)
+
+        if self.clamp:
+            if lt_min:
+                return self._clamp(self.min, 1, self.min_open)  # type: ignore
+
+            if gt_max:
+                return self._clamp(self.max, -1, self.max_open)  # type: ignore
+
+        if lt_min or gt_max:
+            self.fail(
+                _("{value} is not in the range {range}.").format(
+                    value=rv, range=self._describe_range()
+                ),
+                param,
+                ctx,
+            )
+
+        return rv
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        """Find the valid value to clamp to bound in the given
+        direction.
+
+        :param bound: The boundary value.
+        :param dir: 1 or -1 indicating the direction to move.
+        :param open: If true, the range does not include the bound.
+        """
+        raise NotImplementedError
+
+    def _describe_range(self) -> str:
+        """Describe the range for use in help text."""
+        if self.min is None:
+            op = "<" if self.max_open else "<="
+            return f"x{op}{self.max}"
+
+        if self.max is None:
+            op = ">" if self.min_open else ">="
+            return f"x{op}{self.min}"
+
+        lop = "<" if self.min_open else "<="
+        rop = "<" if self.max_open else "<="
+        return f"{self.min}{lop}x{rop}{self.max}"
+
+    def __repr__(self) -> str:
+        clamp = " clamped" if self.clamp else ""
+        return f"<{type(self).__name__} {self._describe_range()}{clamp}>"
+
+
+class IntParamType(_NumberParamTypeBase):
+    name = "integer"
+    _number_class = int
+
+    def __repr__(self) -> str:
+        return "INT"
+
+
+class IntRange(_NumberRangeBase, IntParamType):
+    """Restrict an :data:`click.INT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "integer range"
+
+    def _clamp(  # type: ignore
+        self, bound: int, dir: "te.Literal[1, -1]", open: bool
+    ) -> int:
+        if not open:
+            return bound
+
+        return bound + dir
+
+
+class FloatParamType(_NumberParamTypeBase):
+    name = "float"
+    _number_class = float
+
+    def __repr__(self) -> str:
+        return "FLOAT"
+
+
+class FloatRange(_NumberRangeBase, FloatParamType):
+    """Restrict a :data:`click.FLOAT` value to a range of accepted
+    values. See :ref:`ranges`.
+
+    If ``min`` or ``max`` are not passed, any value is accepted in that
+    direction. If ``min_open`` or ``max_open`` are enabled, the
+    corresponding boundary is not included in the range.
+
+    If ``clamp`` is enabled, a value outside the range is clamped to the
+    boundary instead of failing. This is not supported if either
+    boundary is marked ``open``.
+
+    .. versionchanged:: 8.0
+        Added the ``min_open`` and ``max_open`` parameters.
+    """
+
+    name = "float range"
+
+    def __init__(
+        self,
+        min: t.Optional[float] = None,
+        max: t.Optional[float] = None,
+        min_open: bool = False,
+        max_open: bool = False,
+        clamp: bool = False,
+    ) -> None:
+        super().__init__(
+            min=min, max=max, min_open=min_open, max_open=max_open, clamp=clamp
+        )
+
+        if (min_open or max_open) and clamp:
+            raise TypeError("Clamping is not supported for open bounds.")
+
+    def _clamp(self, bound: float, dir: "te.Literal[1, -1]", open: bool) -> float:
+        if not open:
+            return bound
+
+        # Could use Python 3.9's math.nextafter here, but clamping an
+        # open float range doesn't seem to be particularly useful. It's
+        # left up to the user to write a callback to do it if needed.
+        raise RuntimeError("Clamping is not supported for open bounds.")
+
+
+class BoolParamType(ParamType):
+    name = "boolean"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        if value in {False, True}:
+            return bool(value)
+
+        norm = value.strip().lower()
+
+        if norm in {"1", "true", "t", "yes", "y", "on"}:
+            return True
+
+        if norm in {"0", "false", "f", "no", "n", "off"}:
+            return False
+
+        self.fail(
+            _("{value!r} is not a valid boolean.").format(value=value), param, ctx
+        )
+
+    def __repr__(self) -> str:
+        return "BOOL"
+
+
+class UUIDParameterType(ParamType):
+    name = "uuid"
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        import uuid
+
+        if isinstance(value, uuid.UUID):
+            return value
+
+        value = value.strip()
+
+        try:
+            return uuid.UUID(value)
+        except ValueError:
+            self.fail(
+                _("{value!r} is not a valid UUID.").format(value=value), param, ctx
+            )
+
+    def __repr__(self) -> str:
+        return "UUID"
+
+
+class File(ParamType):
+    """Declares a parameter to be a file for reading or writing.  The file
+    is automatically closed once the context tears down (after the command
+    finished working).
+
+    Files can be opened for reading or writing.  The special value ``-``
+    indicates stdin or stdout depending on the mode.
+
+    By default, the file is opened for reading text data, but it can also be
+    opened in binary mode or for writing.  The encoding parameter can be used
+    to force a specific encoding.
+
+    The `lazy` flag controls if the file should be opened immediately or upon
+    first IO. The default is to be non-lazy for standard input and output
+    streams as well as files opened for reading, `lazy` otherwise. When opening a
+    file lazily for reading, it is still opened temporarily for validation, but
+    will not be held open until first IO. lazy is mainly useful when opening
+    for writing to avoid creating the file until it is needed.
+
+    Starting with Click 2.0, files can also be opened atomically in which
+    case all writes go into a separate file in the same folder and upon
+    completion the file will be moved over to the original location.  This
+    is useful if a file regularly read by other users is modified.
+
+    See :ref:`file-args` for more information.
+    """
+
+    name = "filename"
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        lazy: t.Optional[bool] = None,
+        atomic: bool = False,
+    ) -> None:
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.lazy = lazy
+        self.atomic = atomic
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(mode=self.mode, encoding=self.encoding)
+        return info_dict
+
+    def resolve_lazy_flag(self, value: "t.Union[str, os.PathLike[str]]") -> bool:
+        if self.lazy is not None:
+            return self.lazy
+        if os.fspath(value) == "-":
+            return False
+        elif "w" in self.mode:
+            return True
+        return False
+
+    def convert(
+        self,
+        value: t.Union[str, "os.PathLike[str]", t.IO[t.Any]],
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> t.IO[t.Any]:
+        if _is_file_like(value):
+            return value
+
+        value = t.cast("t.Union[str, os.PathLike[str]]", value)
+
+        try:
+            lazy = self.resolve_lazy_flag(value)
+
+            if lazy:
+                lf = LazyFile(
+                    value, self.mode, self.encoding, self.errors, atomic=self.atomic
+                )
+
+                if ctx is not None:
+                    ctx.call_on_close(lf.close_intelligently)
+
+                return t.cast(t.IO[t.Any], lf)
+
+            f, should_close = open_stream(
+                value, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+
+            # If a context is provided, we automatically close the file
+            # at the end of the context execution (or flush out).  If a
+            # context does not exist, it's the caller's responsibility to
+            # properly close the file.  This for instance happens when the
+            # type is used with prompts.
+            if ctx is not None:
+                if should_close:
+                    ctx.call_on_close(safecall(f.close))
+                else:
+                    ctx.call_on_close(safecall(f.flush))
+
+            return f
+        except OSError as e:  # noqa: B014
+            self.fail(f"'{format_filename(value)}': {e.strerror}", param, ctx)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide file path completions.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        return [CompletionItem(incomplete, type="file")]
+
+
+def _is_file_like(value: t.Any) -> "te.TypeGuard[t.IO[t.Any]]":
+    return hasattr(value, "read") or hasattr(value, "write")
+
+
+class Path(ParamType):
+    """The ``Path`` type is similar to the :class:`File` type, but
+    returns the filename instead of an open file. Various checks can be
+    enabled to validate the type of file and permissions.
+
+    :param exists: The file or directory needs to exist for the value to
+        be valid. If this is not set to ``True``, and the file does not
+        exist, then all further checks are silently skipped.
+    :param file_okay: Allow a file as a value.
+    :param dir_okay: Allow a directory as a value.
+    :param readable: if true, a readable check is performed.
+    :param writable: if true, a writable check is performed.
+    :param executable: if true, an executable check is performed.
+    :param resolve_path: Make the value absolute and resolve any
+        symlinks. A ``~`` is not expanded, as this is supposed to be
+        done by the shell only.
+    :param allow_dash: Allow a single dash as a value, which indicates
+        a standard stream (but does not open it). Use
+        :func:`~click.open_file` to handle opening this value.
+    :param path_type: Convert the incoming path value to this type. If
+        ``None``, keep Python's default, which is ``str``. Useful to
+        convert to :class:`pathlib.Path`.
+
+    .. versionchanged:: 8.1
+        Added the ``executable`` parameter.
+
+    .. versionchanged:: 8.0
+        Allow passing ``path_type=pathlib.Path``.
+
+    .. versionchanged:: 6.0
+        Added the ``allow_dash`` parameter.
+    """
+
+    envvar_list_splitter: t.ClassVar[str] = os.path.pathsep
+
+    def __init__(
+        self,
+        exists: bool = False,
+        file_okay: bool = True,
+        dir_okay: bool = True,
+        writable: bool = False,
+        readable: bool = True,
+        resolve_path: bool = False,
+        allow_dash: bool = False,
+        path_type: t.Optional[t.Type[t.Any]] = None,
+        executable: bool = False,
+    ):
+        self.exists = exists
+        self.file_okay = file_okay
+        self.dir_okay = dir_okay
+        self.readable = readable
+        self.writable = writable
+        self.executable = executable
+        self.resolve_path = resolve_path
+        self.allow_dash = allow_dash
+        self.type = path_type
+
+        if self.file_okay and not self.dir_okay:
+            self.name: str = _("file")
+        elif self.dir_okay and not self.file_okay:
+            self.name = _("directory")
+        else:
+            self.name = _("path")
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict.update(
+            exists=self.exists,
+            file_okay=self.file_okay,
+            dir_okay=self.dir_okay,
+            writable=self.writable,
+            readable=self.readable,
+            allow_dash=self.allow_dash,
+        )
+        return info_dict
+
+    def coerce_path_result(
+        self, value: "t.Union[str, os.PathLike[str]]"
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        if self.type is not None and not isinstance(value, self.type):
+            if self.type is str:
+                return os.fsdecode(value)
+            elif self.type is bytes:
+                return os.fsencode(value)
+            else:
+                return t.cast("os.PathLike[str]", self.type(value))
+
+        return value
+
+    def convert(
+        self,
+        value: "t.Union[str, os.PathLike[str]]",
+        param: t.Optional["Parameter"],
+        ctx: t.Optional["Context"],
+    ) -> "t.Union[str, bytes, os.PathLike[str]]":
+        rv = value
+
+        is_dash = self.file_okay and self.allow_dash and rv in (b"-", "-")
+
+        if not is_dash:
+            if self.resolve_path:
+                # os.path.realpath doesn't resolve symlinks on Windows
+                # until Python 3.8. Use pathlib for now.
+                import pathlib
+
+                rv = os.fsdecode(pathlib.Path(rv).resolve())
+
+            try:
+                st = os.stat(rv)
+            except OSError:
+                if not self.exists:
+                    return self.coerce_path_result(rv)
+                self.fail(
+                    _("{name} {filename!r} does not exist.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if not self.file_okay and stat.S_ISREG(st.st_mode):
+                self.fail(
+                    _("{name} {filename!r} is a file.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+            if not self.dir_okay and stat.S_ISDIR(st.st_mode):
+                self.fail(
+                    _("{name} '{filename}' is a directory.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.readable and not os.access(rv, os.R_OK):
+                self.fail(
+                    _("{name} {filename!r} is not readable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.writable and not os.access(rv, os.W_OK):
+                self.fail(
+                    _("{name} {filename!r} is not writable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+            if self.executable and not os.access(value, os.X_OK):
+                self.fail(
+                    _("{name} {filename!r} is not executable.").format(
+                        name=self.name.title(), filename=format_filename(value)
+                    ),
+                    param,
+                    ctx,
+                )
+
+        return self.coerce_path_result(rv)
+
+    def shell_complete(
+        self, ctx: "Context", param: "Parameter", incomplete: str
+    ) -> t.List["CompletionItem"]:
+        """Return a special completion marker that tells the completion
+        system to use the shell to provide path completions for only
+        directories or any paths.
+
+        :param ctx: Invocation context for this command.
+        :param param: The parameter that is requesting completion.
+        :param incomplete: Value being completed. May be empty.
+
+        .. versionadded:: 8.0
+        """
+        from click.shell_completion import CompletionItem
+
+        type = "dir" if self.dir_okay and not self.file_okay else "file"
+        return [CompletionItem(incomplete, type=type)]
+
+
+class Tuple(CompositeParamType):
+    """The default behavior of Click is to apply a type on a value directly.
+    This works well in most cases, except for when `nargs` is set to a fixed
+    count and different types should be used for different items.  In this
+    case the :class:`Tuple` type can be used.  This type can only be used
+    if `nargs` is set to a fixed number.
+
+    For more information see :ref:`tuple-type`.
+
+    This can be selected by using a Python tuple literal as a type.
+
+    :param types: a list of types that should be used for the tuple items.
+    """
+
+    def __init__(self, types: t.Sequence[t.Union[t.Type[t.Any], ParamType]]) -> None:
+        self.types: t.Sequence[ParamType] = [convert_type(ty) for ty in types]
+
+    def to_info_dict(self) -> t.Dict[str, t.Any]:
+        info_dict = super().to_info_dict()
+        info_dict["types"] = [t.to_info_dict() for t in self.types]
+        return info_dict
+
+    @property
+    def name(self) -> str:  # type: ignore
+        return f"<{' '.join(ty.name for ty in self.types)}>"
+
+    @property
+    def arity(self) -> int:  # type: ignore
+        return len(self.types)
+
+    def convert(
+        self, value: t.Any, param: t.Optional["Parameter"], ctx: t.Optional["Context"]
+    ) -> t.Any:
+        len_type = len(self.types)
+        len_value = len(value)
+
+        if len_value != len_type:
+            self.fail(
+                ngettext(
+                    "{len_type} values are required, but {len_value} was given.",
+                    "{len_type} values are required, but {len_value} were given.",
+                    len_value,
+                ).format(len_type=len_type, len_value=len_value),
+                param=param,
+                ctx=ctx,
+            )
+
+        return tuple(ty(x, param, ctx) for ty, x in zip(self.types, value))
+
+
+def convert_type(ty: t.Optional[t.Any], default: t.Optional[t.Any] = None) -> ParamType:
+    """Find the most appropriate :class:`ParamType` for the given Python
+    type. If the type isn't provided, it can be inferred from a default
+    value.
+    """
+    guessed_type = False
+
+    if ty is None and default is not None:
+        if isinstance(default, (tuple, list)):
+            # If the default is empty, ty will remain None and will
+            # return STRING.
+            if default:
+                item = default[0]
+
+                # A tuple of tuples needs to detect the inner types.
+                # Can't call convert recursively because that would
+                # incorrectly unwind the tuple to a single type.
+                if isinstance(item, (tuple, list)):
+                    ty = tuple(map(type, item))
+                else:
+                    ty = type(item)
+        else:
+            ty = type(default)
+
+        guessed_type = True
+
+    if isinstance(ty, tuple):
+        return Tuple(ty)
+
+    if isinstance(ty, ParamType):
+        return ty
+
+    if ty is str or ty is None:
+        return STRING
+
+    if ty is int:
+        return INT
+
+    if ty is float:
+        return FLOAT
+
+    if ty is bool:
+        return BOOL
+
+    if guessed_type:
+        return STRING
+
+    if __debug__:
+        try:
+            if issubclass(ty, ParamType):
+                raise AssertionError(
+                    f"Attempted to use an uninstantiated parameter type ({ty})."
+                )
+        except TypeError:
+            # ty is an instance (correct), so issubclass fails.
+            pass
+
+    return FuncParamType(ty)
+
+
+#: A dummy parameter type that just does nothing.  From a user's
+#: perspective this appears to just be the same as `STRING` but
+#: internally no string conversion takes place if the input was bytes.
+#: This is usually useful when working with file paths as they can
+#: appear in bytes and unicode.
+#:
+#: For path related uses the :class:`Path` type is a better choice but
+#: there are situations where an unprocessed type is useful which is why
+#: it is is provided.
+#:
+#: .. versionadded:: 4.0
+UNPROCESSED = UnprocessedParamType()
+
+#: A unicode string parameter type which is the implicit default.  This
+#: can also be selected by using ``str`` as type.
+STRING = StringParamType()
+
+#: An integer parameter.  This can also be selected by using ``int`` as
+#: type.
+INT = IntParamType()
+
+#: A floating point value parameter.  This can also be selected by using
+#: ``float`` as type.
+FLOAT = FloatParamType()
+
+#: A boolean parameter.  This is the default for boolean flags.  This can
+#: also be selected by using ``bool`` as a type.
+BOOL = BoolParamType()
+
+#: A UUID parameter.
+UUID = UUIDParameterType()
diff --git a/lib/go-jinja2/internal/data/windows-amd64/click/utils.py b/lib/go-jinja2/internal/data/windows-amd64/click/utils.py
new file mode 100644
index 000000000..d536434f0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/click/utils.py
@@ -0,0 +1,624 @@
+import os
+import re
+import sys
+import typing as t
+from functools import update_wrapper
+from types import ModuleType
+from types import TracebackType
+
+from ._compat import _default_text_stderr
+from ._compat import _default_text_stdout
+from ._compat import _find_binary_writer
+from ._compat import auto_wrap_for_ansi
+from ._compat import binary_streams
+from ._compat import open_stream
+from ._compat import should_strip_ansi
+from ._compat import strip_ansi
+from ._compat import text_streams
+from ._compat import WIN
+from .globals import resolve_color_default
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    P = te.ParamSpec("P")
+
+R = t.TypeVar("R")
+
+
+def _posixify(name: str) -> str:
+    return "-".join(name.split()).lower()
+
+
+def safecall(func: "t.Callable[P, R]") -> "t.Callable[P, t.Optional[R]]":
+    """Wraps a function so that it swallows exceptions."""
+
+    def wrapper(*args: "P.args", **kwargs: "P.kwargs") -> t.Optional[R]:
+        try:
+            return func(*args, **kwargs)
+        except Exception:
+            pass
+        return None
+
+    return update_wrapper(wrapper, func)
+
+
+def make_str(value: t.Any) -> str:
+    """Converts a value into a valid string."""
+    if isinstance(value, bytes):
+        try:
+            return value.decode(sys.getfilesystemencoding())
+        except UnicodeError:
+            return value.decode("utf-8", "replace")
+    return str(value)
+
+
+def make_default_short_help(help: str, max_length: int = 45) -> str:
+    """Returns a condensed version of help string."""
+    # Consider only the first paragraph.
+    paragraph_end = help.find("\n\n")
+
+    if paragraph_end != -1:
+        help = help[:paragraph_end]
+
+    # Collapse newlines, tabs, and spaces.
+    words = help.split()
+
+    if not words:
+        return ""
+
+    # The first paragraph started with a "no rewrap" marker, ignore it.
+    if words[0] == "\b":
+        words = words[1:]
+
+    total_length = 0
+    last_index = len(words) - 1
+
+    for i, word in enumerate(words):
+        total_length += len(word) + (i > 0)
+
+        if total_length > max_length:  # too long, truncate
+            break
+
+        if word[-1] == ".":  # sentence end, truncate without "..."
+            return " ".join(words[: i + 1])
+
+        if total_length == max_length and i != last_index:
+            break  # not at sentence end, truncate with "..."
+    else:
+        return " ".join(words)  # no truncation needed
+
+    # Account for the length of the suffix.
+    total_length += len("...")
+
+    # remove words until the length is short enough
+    while i > 0:
+        total_length -= len(words[i]) + (i > 0)
+
+        if total_length <= max_length:
+            break
+
+        i -= 1
+
+    return " ".join(words[:i]) + "..."
+
+
+class LazyFile:
+    """A lazy file works like a regular file but it does not fully open
+    the file but it does perform some basic checks early to see if the
+    filename parameter does make sense.  This is useful for safely opening
+    files for writing.
+    """
+
+    def __init__(
+        self,
+        filename: t.Union[str, "os.PathLike[str]"],
+        mode: str = "r",
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+        atomic: bool = False,
+    ):
+        self.name: str = os.fspath(filename)
+        self.mode = mode
+        self.encoding = encoding
+        self.errors = errors
+        self.atomic = atomic
+        self._f: t.Optional[t.IO[t.Any]]
+        self.should_close: bool
+
+        if self.name == "-":
+            self._f, self.should_close = open_stream(filename, mode, encoding, errors)
+        else:
+            if "r" in mode:
+                # Open and close the file in case we're opening it for
+                # reading so that we can catch at least some errors in
+                # some cases early.
+                open(filename, mode).close()
+            self._f = None
+            self.should_close = True
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self.open(), name)
+
+    def __repr__(self) -> str:
+        if self._f is not None:
+            return repr(self._f)
+        return f"<unopened file '{format_filename(self.name)}' {self.mode}>"
+
+    def open(self) -> t.IO[t.Any]:
+        """Opens the file if it's not yet open.  This call might fail with
+        a :exc:`FileError`.  Not handling this error will produce an error
+        that Click shows.
+        """
+        if self._f is not None:
+            return self._f
+        try:
+            rv, self.should_close = open_stream(
+                self.name, self.mode, self.encoding, self.errors, atomic=self.atomic
+            )
+        except OSError as e:  # noqa: E402
+            from .exceptions import FileError
+
+            raise FileError(self.name, hint=e.strerror) from e
+        self._f = rv
+        return rv
+
+    def close(self) -> None:
+        """Closes the underlying file, no matter what."""
+        if self._f is not None:
+            self._f.close()
+
+    def close_intelligently(self) -> None:
+        """This function only closes the file if it was opened by the lazy
+        file wrapper.  For instance this will never close stdin.
+        """
+        if self.should_close:
+            self.close()
+
+    def __enter__(self) -> "LazyFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        self.close_intelligently()
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        self.open()
+        return iter(self._f)  # type: ignore
+
+
+class KeepOpenFile:
+    def __init__(self, file: t.IO[t.Any]) -> None:
+        self._file: t.IO[t.Any] = file
+
+    def __getattr__(self, name: str) -> t.Any:
+        return getattr(self._file, name)
+
+    def __enter__(self) -> "KeepOpenFile":
+        return self
+
+    def __exit__(
+        self,
+        exc_type: t.Optional[t.Type[BaseException]],
+        exc_value: t.Optional[BaseException],
+        tb: t.Optional[TracebackType],
+    ) -> None:
+        pass
+
+    def __repr__(self) -> str:
+        return repr(self._file)
+
+    def __iter__(self) -> t.Iterator[t.AnyStr]:
+        return iter(self._file)
+
+
+def echo(
+    message: t.Optional[t.Any] = None,
+    file: t.Optional[t.IO[t.Any]] = None,
+    nl: bool = True,
+    err: bool = False,
+    color: t.Optional[bool] = None,
+) -> None:
+    """Print a message and newline to stdout or a file. This should be
+    used instead of :func:`print` because it provides better support
+    for different data, files, and environments.
+
+    Compared to :func:`print`, this does the following:
+
+    -   Ensures that the output encoding is not misconfigured on Linux.
+    -   Supports Unicode in the Windows console.
+    -   Supports writing to binary outputs, and supports writing bytes
+        to text outputs.
+    -   Supports colors and styles on Windows.
+    -   Removes ANSI color and style codes if the output does not look
+        like an interactive terminal.
+    -   Always flushes the output.
+
+    :param message: The string or bytes to output. Other objects are
+        converted to strings.
+    :param file: The file to write to. Defaults to ``stdout``.
+    :param err: Write to ``stderr`` instead of ``stdout``.
+    :param nl: Print a newline after the message. Enabled by default.
+    :param color: Force showing or hiding colors and other styles. By
+        default Click will remove color if the output does not look like
+        an interactive terminal.
+
+    .. versionchanged:: 6.0
+        Support Unicode output on the Windows console. Click does not
+        modify ``sys.stdout``, so ``sys.stdout.write()`` and ``print()``
+        will still not support Unicode.
+
+    .. versionchanged:: 4.0
+        Added the ``color`` parameter.
+
+    .. versionadded:: 3.0
+        Added the ``err`` parameter.
+
+    .. versionchanged:: 2.0
+        Support colors on Windows if colorama is installed.
+    """
+    if file is None:
+        if err:
+            file = _default_text_stderr()
+        else:
+            file = _default_text_stdout()
+
+        # There are no standard streams attached to write to. For example,
+        # pythonw on Windows.
+        if file is None:
+            return
+
+    # Convert non bytes/text into the native string type.
+    if message is not None and not isinstance(message, (str, bytes, bytearray)):
+        out: t.Optional[t.Union[str, bytes]] = str(message)
+    else:
+        out = message
+
+    if nl:
+        out = out or ""
+        if isinstance(out, str):
+            out += "\n"
+        else:
+            out += b"\n"
+
+    if not out:
+        file.flush()
+        return
+
+    # If there is a message and the value looks like bytes, we manually
+    # need to find the binary stream and write the message in there.
+    # This is done separately so that most stream types will work as you
+    # would expect. Eg: you can write to StringIO for other cases.
+    if isinstance(out, (bytes, bytearray)):
+        binary_file = _find_binary_writer(file)
+
+        if binary_file is not None:
+            file.flush()
+            binary_file.write(out)
+            binary_file.flush()
+            return
+
+    # ANSI style code support. For no message or bytes, nothing happens.
+    # When outputting to a file instead of a terminal, strip codes.
+    else:
+        color = resolve_color_default(color)
+
+        if should_strip_ansi(file, color):
+            out = strip_ansi(out)
+        elif WIN:
+            if auto_wrap_for_ansi is not None:
+                file = auto_wrap_for_ansi(file)  # type: ignore
+            elif not color:
+                out = strip_ansi(out)
+
+    file.write(out)  # type: ignore
+    file.flush()
+
+
+def get_binary_stream(name: "te.Literal['stdin', 'stdout', 'stderr']") -> t.BinaryIO:
+    """Returns a system stream for byte processing.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    """
+    opener = binary_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener()
+
+
+def get_text_stream(
+    name: "te.Literal['stdin', 'stdout', 'stderr']",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+) -> t.TextIO:
+    """Returns a system stream for text processing.  This usually returns
+    a wrapped stream around a binary stream returned from
+    :func:`get_binary_stream` but it also can take shortcuts for already
+    correctly configured streams.
+
+    :param name: the name of the stream to open.  Valid names are ``'stdin'``,
+                 ``'stdout'`` and ``'stderr'``
+    :param encoding: overrides the detected default encoding.
+    :param errors: overrides the default error mode.
+    """
+    opener = text_streams.get(name)
+    if opener is None:
+        raise TypeError(f"Unknown standard stream '{name}'")
+    return opener(encoding, errors)
+
+
+def open_file(
+    filename: str,
+    mode: str = "r",
+    encoding: t.Optional[str] = None,
+    errors: t.Optional[str] = "strict",
+    lazy: bool = False,
+    atomic: bool = False,
+) -> t.IO[t.Any]:
+    """Open a file, with extra behavior to handle ``'-'`` to indicate
+    a standard stream, lazy open on write, and atomic write. Similar to
+    the behavior of the :class:`~click.File` param type.
+
+    If ``'-'`` is given to open ``stdout`` or ``stdin``, the stream is
+    wrapped so that using it in a context manager will not close it.
+    This makes it possible to use the function without accidentally
+    closing a standard stream:
+
+    .. code-block:: python
+
+        with open_file(filename) as f:
+            ...
+
+    :param filename: The name of the file to open, or ``'-'`` for
+        ``stdin``/``stdout``.
+    :param mode: The mode in which to open the file.
+    :param encoding: The encoding to decode or encode a file opened in
+        text mode.
+    :param errors: The error handling mode.
+    :param lazy: Wait to open the file until it is accessed. For read
+        mode, the file is temporarily opened to raise access errors
+        early, then closed until it is read again.
+    :param atomic: Write to a temporary file and replace the given file
+        on close.
+
+    .. versionadded:: 3.0
+    """
+    if lazy:
+        return t.cast(
+            t.IO[t.Any], LazyFile(filename, mode, encoding, errors, atomic=atomic)
+        )
+
+    f, should_close = open_stream(filename, mode, encoding, errors, atomic=atomic)
+
+    if not should_close:
+        f = t.cast(t.IO[t.Any], KeepOpenFile(f))
+
+    return f
+
+
+def format_filename(
+    filename: "t.Union[str, bytes, os.PathLike[str], os.PathLike[bytes]]",
+    shorten: bool = False,
+) -> str:
+    """Format a filename as a string for display. Ensures the filename can be
+    displayed by replacing any invalid bytes or surrogate escapes in the name
+    with the replacement character ``�``.
+
+    Invalid bytes or surrogate escapes will raise an error when written to a
+    stream with ``errors="strict". This will typically happen with ``stdout``
+    when the locale is something like ``en_GB.UTF-8``.
+
+    Many scenarios *are* safe to write surrogates though, due to PEP 538 and
+    PEP 540, including:
+
+    -   Writing to ``stderr``, which uses ``errors="backslashreplace"``.
+    -   The system has ``LANG=C.UTF-8``, ``C``, or ``POSIX``. Python opens
+        stdout and stderr with ``errors="surrogateescape"``.
+    -   None of ``LANG/LC_*`` are set. Python assumes ``LANG=C.UTF-8``.
+    -   Python is started in UTF-8 mode  with  ``PYTHONUTF8=1`` or ``-X utf8``.
+        Python opens stdout and stderr with ``errors="surrogateescape"``.
+
+    :param filename: formats a filename for UI display.  This will also convert
+                     the filename into unicode without failing.
+    :param shorten: this optionally shortens the filename to strip of the
+                    path that leads up to it.
+    """
+    if shorten:
+        filename = os.path.basename(filename)
+    else:
+        filename = os.fspath(filename)
+
+    if isinstance(filename, bytes):
+        filename = filename.decode(sys.getfilesystemencoding(), "replace")
+    else:
+        filename = filename.encode("utf-8", "surrogateescape").decode(
+            "utf-8", "replace"
+        )
+
+    return filename
+
+
+def get_app_dir(app_name: str, roaming: bool = True, force_posix: bool = False) -> str:
+    r"""Returns the config folder for the application.  The default behavior
+    is to return whatever is most appropriate for the operating system.
+
+    To give you an idea, for an app called ``"Foo Bar"``, something like
+    the following folders could be returned:
+
+    Mac OS X:
+      ``~/Library/Application Support/Foo Bar``
+    Mac OS X (POSIX):
+      ``~/.foo-bar``
+    Unix:
+      ``~/.config/foo-bar``
+    Unix (POSIX):
+      ``~/.foo-bar``
+    Windows (roaming):
+      ``C:\Users\<user>\AppData\Roaming\Foo Bar``
+    Windows (not roaming):
+      ``C:\Users\<user>\AppData\Local\Foo Bar``
+
+    .. versionadded:: 2.0
+
+    :param app_name: the application name.  This should be properly capitalized
+                     and can contain whitespace.
+    :param roaming: controls if the folder should be roaming or not on Windows.
+                    Has no effect otherwise.
+    :param force_posix: if this is set to `True` then on any POSIX system the
+                        folder will be stored in the home folder with a leading
+                        dot instead of the XDG config home or darwin's
+                        application support folder.
+    """
+    if WIN:
+        key = "APPDATA" if roaming else "LOCALAPPDATA"
+        folder = os.environ.get(key)
+        if folder is None:
+            folder = os.path.expanduser("~")
+        return os.path.join(folder, app_name)
+    if force_posix:
+        return os.path.join(os.path.expanduser(f"~/.{_posixify(app_name)}"))
+    if sys.platform == "darwin":
+        return os.path.join(
+            os.path.expanduser("~/Library/Application Support"), app_name
+        )
+    return os.path.join(
+        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),
+        _posixify(app_name),
+    )
+
+
+class PacifyFlushWrapper:
+    """This wrapper is used to catch and suppress BrokenPipeErrors resulting
+    from ``.flush()`` being called on broken pipe during the shutdown/final-GC
+    of the Python interpreter. Notably ``.flush()`` is always called on
+    ``sys.stdout`` and ``sys.stderr``. So as to have minimal impact on any
+    other cleanup code, and the case where the underlying file is not a broken
+    pipe, all calls and attributes are proxied.
+    """
+
+    def __init__(self, wrapped: t.IO[t.Any]) -> None:
+        self.wrapped = wrapped
+
+    def flush(self) -> None:
+        try:
+            self.wrapped.flush()
+        except OSError as e:
+            import errno
+
+            if e.errno != errno.EPIPE:
+                raise
+
+    def __getattr__(self, attr: str) -> t.Any:
+        return getattr(self.wrapped, attr)
+
+
+def _detect_program_name(
+    path: t.Optional[str] = None, _main: t.Optional[ModuleType] = None
+) -> str:
+    """Determine the command used to run the program, for use in help
+    text. If a file or entry point was executed, the file name is
+    returned. If ``python -m`` was used to execute a module or package,
+    ``python -m name`` is returned.
+
+    This doesn't try to be too precise, the goal is to give a concise
+    name for help text. Files are only shown as their name without the
+    path. ``python`` is only shown for modules, and the full path to
+    ``sys.executable`` is not shown.
+
+    :param path: The Python file being executed. Python puts this in
+        ``sys.argv[0]``, which is used by default.
+    :param _main: The ``__main__`` module. This should only be passed
+        during internal testing.
+
+    .. versionadded:: 8.0
+        Based on command args detection in the Werkzeug reloader.
+
+    :meta private:
+    """
+    if _main is None:
+        _main = sys.modules["__main__"]
+
+    if not path:
+        path = sys.argv[0]
+
+    # The value of __package__ indicates how Python was called. It may
+    # not exist if a setuptools script is installed as an egg. It may be
+    # set incorrectly for entry points created with pip on Windows.
+    # It is set to "" inside a Shiv or PEX zipapp.
+    if getattr(_main, "__package__", None) in {None, ""} or (
+        os.name == "nt"
+        and _main.__package__ == ""
+        and not os.path.exists(path)
+        and os.path.exists(f"{path}.exe")
+    ):
+        # Executed a file, like "python app.py".
+        return os.path.basename(path)
+
+    # Executed a module, like "python -m example".
+    # Rewritten by Python from "-m script" to "/path/to/script.py".
+    # Need to look at main module to determine how it was executed.
+    py_module = t.cast(str, _main.__package__)
+    name = os.path.splitext(os.path.basename(path))[0]
+
+    # A submodule like "example.cli".
+    if name != "__main__":
+        py_module = f"{py_module}.{name}"
+
+    return f"python -m {py_module.lstrip('.')}"
+
+
+def _expand_args(
+    args: t.Iterable[str],
+    *,
+    user: bool = True,
+    env: bool = True,
+    glob_recursive: bool = True,
+) -> t.List[str]:
+    """Simulate Unix shell expansion with Python functions.
+
+    See :func:`glob.glob`, :func:`os.path.expanduser`, and
+    :func:`os.path.expandvars`.
+
+    This is intended for use on Windows, where the shell does not do any
+    expansion. It may not exactly match what a Unix shell would do.
+
+    :param args: List of command line arguments to expand.
+    :param user: Expand user home directory.
+    :param env: Expand environment variables.
+    :param glob_recursive: ``**`` matches directories recursively.
+
+    .. versionchanged:: 8.1
+        Invalid glob patterns are treated as empty expansions rather
+        than raising an error.
+
+    .. versionadded:: 8.0
+
+    :meta private:
+    """
+    from glob import glob
+
+    out = []
+
+    for arg in args:
+        if user:
+            arg = os.path.expanduser(arg)
+
+        if env:
+            arg = os.path.expandvars(arg)
+
+        try:
+            matches = glob(arg, recursive=glob_recursive)
+        except re.error:
+            matches = []
+
+        if not matches:
+            out.append(arg)
+        else:
+            out.extend(matches)
+
+    return out
diff --git a/lib/go-jinja2/internal/data/windows-amd64/files.json b/lib/go-jinja2/internal/data/windows-amd64/files.json
new file mode 100644
index 000000000..10ebae93d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/files.json
@@ -0,0 +1,888 @@
+{
+  "contentHash": "0e7534fac6d44d48c055b329a90014ccd5d1c9f6798ce0bac3f465d479ee8499",
+  "files": [
+    {
+      "name": "MarkupSafe-2.1.5.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "size": 1503,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
+      "size": 3096,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
+      "size": 1188,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
+      "size": 102,
+      "perm": 420
+    },
+    {
+      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "size": 1101,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/METADATA",
+      "size": 2104,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "size": 2771,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "size": 102,
+      "perm": 420
+    },
+    {
+      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "size": 11,
+      "perm": 420
+    },
+    {
+      "name": "_yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "_yaml/__init__.py",
+      "size": 1402,
+      "perm": 420
+    },
+    {
+      "name": "bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "bin/jsonpath_ng",
+      "size": 262,
+      "perm": 493
+    },
+    {
+      "name": "bin/slugify",
+      "size": 240,
+      "perm": 493
+    },
+    {
+      "name": "click",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "click-8.1.7.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/LICENSE.rst",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/METADATA",
+      "size": 3014,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/RECORD",
+      "size": 2582,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "click-8.1.7.dist-info/top_level.txt",
+      "size": 6,
+      "perm": 420
+    },
+    {
+      "name": "click/__init__.py",
+      "size": 3138,
+      "perm": 420
+    },
+    {
+      "name": "click/_compat.py",
+      "size": 18744,
+      "perm": 420
+    },
+    {
+      "name": "click/_termui_impl.py",
+      "size": 24069,
+      "perm": 420
+    },
+    {
+      "name": "click/_textwrap.py",
+      "size": 1353,
+      "perm": 420
+    },
+    {
+      "name": "click/_winconsole.py",
+      "size": 7860,
+      "perm": 420
+    },
+    {
+      "name": "click/core.py",
+      "size": 114086,
+      "perm": 420
+    },
+    {
+      "name": "click/decorators.py",
+      "size": 18719,
+      "perm": 420
+    },
+    {
+      "name": "click/exceptions.py",
+      "size": 9273,
+      "perm": 420
+    },
+    {
+      "name": "click/formatting.py",
+      "size": 9706,
+      "perm": 420
+    },
+    {
+      "name": "click/globals.py",
+      "size": 1961,
+      "perm": 420
+    },
+    {
+      "name": "click/parser.py",
+      "size": 19067,
+      "perm": 420
+    },
+    {
+      "name": "click/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "click/shell_completion.py",
+      "size": 18460,
+      "perm": 420
+    },
+    {
+      "name": "click/termui.py",
+      "size": 28324,
+      "perm": 420
+    },
+    {
+      "name": "click/testing.py",
+      "size": 16084,
+      "perm": 420
+    },
+    {
+      "name": "click/types.py",
+      "size": 36391,
+      "perm": 420
+    },
+    {
+      "name": "click/utils.py",
+      "size": 20298,
+      "perm": 420
+    },
+    {
+      "name": "jinja2",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/LICENSE.txt",
+      "size": 1475,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/METADATA",
+      "size": 2640,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/RECORD",
+      "size": 3697,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/WHEEL",
+      "size": 81,
+      "perm": 420
+    },
+    {
+      "name": "jinja2-3.1.4.dist-info/entry_points.txt",
+      "size": 58,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/__init__.py",
+      "size": 1928,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/_identifier.py",
+      "size": 1958,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/async_utils.py",
+      "size": 2477,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/bccache.py",
+      "size": 14061,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/compiler.py",
+      "size": 72271,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/constants.py",
+      "size": 1433,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/debug.py",
+      "size": 6299,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/defaults.py",
+      "size": 1267,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/environment.py",
+      "size": 61538,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/exceptions.py",
+      "size": 5071,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/ext.py",
+      "size": 31877,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/filters.py",
+      "size": 54611,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/idtracking.py",
+      "size": 10704,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/lexer.py",
+      "size": 29754,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/loaders.py",
+      "size": 23167,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/meta.py",
+      "size": 4397,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nativetypes.py",
+      "size": 4210,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/nodes.py",
+      "size": 34579,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/optimizer.py",
+      "size": 1651,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/parser.py",
+      "size": 39890,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/runtime.py",
+      "size": 33435,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/sandbox.py",
+      "size": 14616,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/tests.py",
+      "size": 5926,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/utils.py",
+      "size": 23952,
+      "perm": 420
+    },
+    {
+      "name": "jinja2/visitor.py",
+      "size": 3557,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "size": 11358,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
+      "size": 18072,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "size": 2549,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "size": 92,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
+      "size": 69,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "size": 12,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/__init__.py",
+      "size": 116,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/bin/__init__.py",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/bin/jsonpath.py",
+      "size": 2057,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/exceptions.py",
+      "size": 146,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "jsonpath_ng/ext/__init__.py",
+      "size": 605,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/arithmetic.py",
+      "size": 2381,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/filter.py",
+      "size": 4312,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/iterable.py",
+      "size": 3680,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/parser.py",
+      "size": 5351,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/ext/string.py",
+      "size": 3261,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/jsonpath.py",
+      "size": 26402,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/lexer.py",
+      "size": 5231,
+      "perm": 420
+    },
+    {
+      "name": "jsonpath_ng/parser.py",
+      "size": 5883,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "markupsafe/__init__.py",
+      "size": 11290,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_native.py",
+      "size": 1776,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.c",
+      "size": 7403,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/_speedups.cp311-win_amd64.pyd",
+      "size": 15872,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "markupsafe/_speedups.pyi",
+      "size": 238,
+      "perm": 420
+    },
+    {
+      "name": "markupsafe/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "ply",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "ply-3.11.dist-info/DESCRIPTION.rst",
+      "size": 519,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/METADATA",
+      "size": 844,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/RECORD",
+      "size": 1211,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/metadata.json",
+      "size": 515,
+      "perm": 420
+    },
+    {
+      "name": "ply-3.11.dist-info/top_level.txt",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "ply/__init__.py",
+      "size": 103,
+      "perm": 420
+    },
+    {
+      "name": "ply/cpp.py",
+      "size": 33639,
+      "perm": 420
+    },
+    {
+      "name": "ply/ctokens.py",
+      "size": 3155,
+      "perm": 420
+    },
+    {
+      "name": "ply/lex.py",
+      "size": 42905,
+      "perm": 420
+    },
+    {
+      "name": "ply/yacc.py",
+      "size": 137736,
+      "perm": 420
+    },
+    {
+      "name": "ply/ygen.py",
+      "size": 2246,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/LICENSE",
+      "size": 1103,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/METADATA",
+      "size": 8469,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/RECORD",
+      "size": 1489,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/REQUESTED",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/entry_points.txt",
+      "size": 50,
+      "perm": 420
+    },
+    {
+      "name": "python_slugify-8.0.4.dist-info/top_level.txt",
+      "size": 8,
+      "perm": 420
+    },
+    {
+      "name": "slugify",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "slugify/__init__.py",
+      "size": 346,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__main__.py",
+      "size": 3961,
+      "perm": 420
+    },
+    {
+      "name": "slugify/__version__.py",
+      "size": 325,
+      "perm": 420
+    },
+    {
+      "name": "slugify/py.typed",
+      "size": 0,
+      "perm": 420
+    },
+    {
+      "name": "slugify/slugify.py",
+      "size": 6180,
+      "perm": 420
+    },
+    {
+      "name": "slugify/special.py",
+      "size": 1222,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/DESCRIPTION.rst",
+      "size": 1199,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/INSTALLER",
+      "size": 4,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/LICENSE.txt",
+      "size": 6535,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/METADATA",
+      "size": 2422,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/RECORD",
+      "size": 937,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/WHEEL",
+      "size": 110,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/metadata.json",
+      "size": 1299,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode-1.3.dist-info/top_level.txt",
+      "size": 15,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/__init__.py",
+      "size": 484,
+      "perm": 420
+    },
+    {
+      "name": "text_unidecode/data.bin",
+      "size": 311077,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml",
+      "size": 0,
+      "perm": 2147484141
+    },
+    {
+      "name": "yaml/__init__.py",
+      "size": 12311,
+      "perm": 420
+    },
+    {
+      "name": "yaml/_yaml.cp311-win_amd64.pyd",
+      "size": 233984,
+      "perm": 420,
+      "compressed": true
+    },
+    {
+      "name": "yaml/composer.py",
+      "size": 4883,
+      "perm": 420
+    },
+    {
+      "name": "yaml/constructor.py",
+      "size": 28639,
+      "perm": 420
+    },
+    {
+      "name": "yaml/cyaml.py",
+      "size": 3851,
+      "perm": 420
+    },
+    {
+      "name": "yaml/dumper.py",
+      "size": 2837,
+      "perm": 420
+    },
+    {
+      "name": "yaml/emitter.py",
+      "size": 43006,
+      "perm": 420
+    },
+    {
+      "name": "yaml/error.py",
+      "size": 2533,
+      "perm": 420
+    },
+    {
+      "name": "yaml/events.py",
+      "size": 2445,
+      "perm": 420
+    },
+    {
+      "name": "yaml/loader.py",
+      "size": 2061,
+      "perm": 420
+    },
+    {
+      "name": "yaml/nodes.py",
+      "size": 1440,
+      "perm": 420
+    },
+    {
+      "name": "yaml/parser.py",
+      "size": 25495,
+      "perm": 420
+    },
+    {
+      "name": "yaml/reader.py",
+      "size": 6794,
+      "perm": 420
+    },
+    {
+      "name": "yaml/representer.py",
+      "size": 14190,
+      "perm": 420
+    },
+    {
+      "name": "yaml/resolver.py",
+      "size": 9004,
+      "perm": 420
+    },
+    {
+      "name": "yaml/scanner.py",
+      "size": 51279,
+      "perm": 420
+    },
+    {
+      "name": "yaml/serializer.py",
+      "size": 4165,
+      "perm": 420
+    },
+    {
+      "name": "yaml/tokens.py",
+      "size": 2573,
+      "perm": 420
+    }
+  ]
+}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
new file mode 100644
index 000000000..c37cae49e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/LICENSE.txt
@@ -0,0 +1,28 @@
+Copyright 2007 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1.  Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+
+3.  Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/METADATA
new file mode 100644
index 000000000..265cc32e1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/METADATA
@@ -0,0 +1,76 @@
+Metadata-Version: 2.1
+Name: Jinja2
+Version: 3.1.4
+Summary: A very fast and expressive template engine.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Dist: MarkupSafe>=2.0
+Requires-Dist: Babel>=2.7 ; extra == "i18n"
+Project-URL: Changes, https://jinja.palletsprojects.com/changes/
+Project-URL: Chat, https://discord.gg/pallets
+Project-URL: Documentation, https://jinja.palletsprojects.com/
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Source, https://github.com/pallets/jinja/
+Provides-Extra: i18n
+
+# Jinja
+
+Jinja is a fast, expressive, extensible templating engine. Special
+placeholders in the template allow writing code similar to Python
+syntax. Then the template is passed data to render the final document.
+
+It includes:
+
+-   Template inheritance and inclusion.
+-   Define and import macros within templates.
+-   HTML templates can use autoescaping to prevent XSS from untrusted
+    user input.
+-   A sandboxed environment can safely render untrusted templates.
+-   AsyncIO support for generating templates and calling async
+    functions.
+-   I18N support with Babel.
+-   Templates are compiled to optimized Python code just-in-time and
+    cached, or can be compiled ahead-of-time.
+-   Exceptions point to the correct line in templates to make debugging
+    easier.
+-   Extensible filters, tests, functions, and even syntax.
+
+Jinja's philosophy is that while application logic belongs in Python if
+possible, it shouldn't make the template designer's job difficult by
+restricting functionality too much.
+
+
+## In A Nutshell
+
+.. code-block:: jinja
+
+    {% extends "base.html" %}
+    {% block title %}Members{% endblock %}
+    {% block content %}
+      <ul>
+      {% for user in users %}
+        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
+      {% endfor %}
+      </ul>
+    {% endblock %}
+
+
+## Donate
+
+The Pallets organization develops and supports Jinja and other popular
+packages. In order to grow the community of contributors and users, and
+allow the maintainers to devote more time to the projects, [please
+donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/RECORD
new file mode 100644
index 000000000..e9bdca35c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/RECORD
@@ -0,0 +1,58 @@
+jinja2-3.1.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jinja2-3.1.4.dist-info/LICENSE.txt,sha256=O0nc7kEF6ze6wQ-vG-JgQI_oXSUrjp3y4JefweCUQ3s,1475
+jinja2-3.1.4.dist-info/METADATA,sha256=R_brzpPQVBvpGcsm-WbrtgotO7suQ1D0F-qkhTzeEfY,2640
+jinja2-3.1.4.dist-info/RECORD,,
+jinja2-3.1.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2-3.1.4.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81
+jinja2-3.1.4.dist-info/entry_points.txt,sha256=OL85gYU1eD8cuPlikifFngXpeBjaxl6rIJ8KkC_3r-I,58
+jinja2/__init__.py,sha256=wIl45IM20KGw-kfr7jJhaBxxX5g4-kihlBYjxopX7Pw,1928
+jinja2/__pycache__/__init__.cpython-311.pyc,,
+jinja2/__pycache__/_identifier.cpython-311.pyc,,
+jinja2/__pycache__/async_utils.cpython-311.pyc,,
+jinja2/__pycache__/bccache.cpython-311.pyc,,
+jinja2/__pycache__/compiler.cpython-311.pyc,,
+jinja2/__pycache__/constants.cpython-311.pyc,,
+jinja2/__pycache__/debug.cpython-311.pyc,,
+jinja2/__pycache__/defaults.cpython-311.pyc,,
+jinja2/__pycache__/environment.cpython-311.pyc,,
+jinja2/__pycache__/exceptions.cpython-311.pyc,,
+jinja2/__pycache__/ext.cpython-311.pyc,,
+jinja2/__pycache__/filters.cpython-311.pyc,,
+jinja2/__pycache__/idtracking.cpython-311.pyc,,
+jinja2/__pycache__/lexer.cpython-311.pyc,,
+jinja2/__pycache__/loaders.cpython-311.pyc,,
+jinja2/__pycache__/meta.cpython-311.pyc,,
+jinja2/__pycache__/nativetypes.cpython-311.pyc,,
+jinja2/__pycache__/nodes.cpython-311.pyc,,
+jinja2/__pycache__/optimizer.cpython-311.pyc,,
+jinja2/__pycache__/parser.cpython-311.pyc,,
+jinja2/__pycache__/runtime.cpython-311.pyc,,
+jinja2/__pycache__/sandbox.cpython-311.pyc,,
+jinja2/__pycache__/tests.cpython-311.pyc,,
+jinja2/__pycache__/utils.cpython-311.pyc,,
+jinja2/__pycache__/visitor.cpython-311.pyc,,
+jinja2/_identifier.py,sha256=_zYctNKzRqlk_murTNlzrju1FFJL7Va_Ijqqd7ii2lU,1958
+jinja2/async_utils.py,sha256=JXKWCAXmTx0iZB4-hAsF50vgjxw_RJTjiLOlGGTBso0,2477
+jinja2/bccache.py,sha256=gh0qs9rulnXo0PhX5jTJy2UHzI8wFnQ63o_vw7nhzRg,14061
+jinja2/compiler.py,sha256=dpV-n6_iQUP4uSwlXwGUavJmwjvXdyxKzJ-AonFjPBk,72271
+jinja2/constants.py,sha256=GMoFydBF_kdpaRKPoM5cl5MviquVRLVyZtfp5-16jg0,1433
+jinja2/debug.py,sha256=iWJ432RadxJNnaMOPrjIDInz50UEgni3_HKuFXi2vuQ,6299
+jinja2/defaults.py,sha256=boBcSw78h-lp20YbaXSJsqkAI2uN_mD_TtCydpeq5wU,1267
+jinja2/environment.py,sha256=xhFkmxO0CESA76Ki5tz4XWq9yzGu-t0p93JCCVBVNps,61538
+jinja2/exceptions.py,sha256=ioHeHrWwCWNaXX1inHmHVblvc4haO7AXsjCp3GfWvx0,5071
+jinja2/ext.py,sha256=igsBH7c6C0byHaOtMbE-ugpt4GjLGgR-ywskyXtKgq8,31877
+jinja2/filters.py,sha256=bKeqjFjjz88TkHVLSyyMIEB75CzAN6b3Airgx0phJDg,54611
+jinja2/idtracking.py,sha256=GfNmadir4oDALVxzn3DL9YInhJDr69ebXeA2ygfuCGA,10704
+jinja2/lexer.py,sha256=xnWWXhPndHFsoqzpc5VTjheDE9JuKk9MUo9DZkrM8Os,29754
+jinja2/loaders.py,sha256=ru0GIWHo5KiHJi7_MoI_LvGDoBBvP6rd0hiC1ReaTwk,23167
+jinja2/meta.py,sha256=OTDPkaFvU2Hgvx-6akz7154F8BIWaRmvJcBFvwopHww,4397
+jinja2/nativetypes.py,sha256=7GIGALVJgdyL80oZJdQUaUfwSt5q2lSSZbXt0dNf_M4,4210
+jinja2/nodes.py,sha256=m1Duzcr6qhZI8JQ6VyJgUNinjAf5bQzijSmDnMsvUx8,34579
+jinja2/optimizer.py,sha256=rJnCRlQ7pZsEEmMhsQDgC_pKyDHxP5TPS6zVPGsgcu8,1651
+jinja2/parser.py,sha256=DV1iF1FR2Rsaj_5zl8rmx7j6Bj4S8iLHoYsvJ0bfEis,39890
+jinja2/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jinja2/runtime.py,sha256=POXT3tKNKJRENx2CymwUsOOXH2JwGPjW702njB5__cQ,33435
+jinja2/sandbox.py,sha256=TJjBNS9qRJ2ZgBMWdAgRBpyDLOHea2kT-2mk4PrjYx0,14616
+jinja2/tests.py,sha256=VLsBhVFnWg-PxSBz1MhRnNWgP1ovXk3neO1FLQMeC9Q,5926
+jinja2/utils.py,sha256=nV7IpWLvRCMyHW1irBAK8CIPAnOFfkb2ukggDBjbBEY,23952
+jinja2/visitor.py,sha256=EcnL1PIwf_4RVCOMxsRNuR8AXHbS1qfAdMOE2ngKJz4,3557
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/WHEEL
new file mode 100644
index 000000000..3b5e64b5e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/WHEEL
@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: flit 3.9.0
+Root-Is-Purelib: true
+Tag: py3-none-any
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..abc3eae3b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2-3.1.4.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[babel.extractors]
+jinja2=jinja2.ext:babel_extract[i18n]
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/__init__.py
new file mode 100644
index 000000000..2f0b5b286
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/__init__.py
@@ -0,0 +1,38 @@
+"""Jinja is a template engine written in pure Python. It provides a
+non-XML syntax that supports inline expressions and an optional
+sandboxed environment.
+"""
+
+from .bccache import BytecodeCache as BytecodeCache
+from .bccache import FileSystemBytecodeCache as FileSystemBytecodeCache
+from .bccache import MemcachedBytecodeCache as MemcachedBytecodeCache
+from .environment import Environment as Environment
+from .environment import Template as Template
+from .exceptions import TemplateAssertionError as TemplateAssertionError
+from .exceptions import TemplateError as TemplateError
+from .exceptions import TemplateNotFound as TemplateNotFound
+from .exceptions import TemplateRuntimeError as TemplateRuntimeError
+from .exceptions import TemplatesNotFound as TemplatesNotFound
+from .exceptions import TemplateSyntaxError as TemplateSyntaxError
+from .exceptions import UndefinedError as UndefinedError
+from .loaders import BaseLoader as BaseLoader
+from .loaders import ChoiceLoader as ChoiceLoader
+from .loaders import DictLoader as DictLoader
+from .loaders import FileSystemLoader as FileSystemLoader
+from .loaders import FunctionLoader as FunctionLoader
+from .loaders import ModuleLoader as ModuleLoader
+from .loaders import PackageLoader as PackageLoader
+from .loaders import PrefixLoader as PrefixLoader
+from .runtime import ChainableUndefined as ChainableUndefined
+from .runtime import DebugUndefined as DebugUndefined
+from .runtime import make_logging_undefined as make_logging_undefined
+from .runtime import StrictUndefined as StrictUndefined
+from .runtime import Undefined as Undefined
+from .utils import clear_caches as clear_caches
+from .utils import is_undefined as is_undefined
+from .utils import pass_context as pass_context
+from .utils import pass_environment as pass_environment
+from .utils import pass_eval_context as pass_eval_context
+from .utils import select_autoescape as select_autoescape
+
+__version__ = "3.1.4"
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/_identifier.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/_identifier.py
new file mode 100644
index 000000000..928c1503c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/_identifier.py
@@ -0,0 +1,6 @@
+import re
+
+# generated by scripts/generate_identifier_pattern.py
+pattern = re.compile(
+    r"[\w·̀-ͯ·҃-֑҇-ׇֽֿׁׂׅׄؐ-ًؚ-ٰٟۖ-ۜ۟-۪ۤۧۨ-ܑۭܰ-݊ަ-ް߫-߽߳ࠖ-࠙ࠛ-ࠣࠥ-ࠧࠩ-࡙࠭-࡛࣓-ࣣ࣡-ःऺ-़ा-ॏ॑-ॗॢॣঁ-ঃ়া-ৄেৈো-্ৗৢৣ৾ਁ-ਃ਼ਾ-ੂੇੈੋ-੍ੑੰੱੵઁ-ઃ઼ા-ૅે-ૉો-્ૢૣૺ-૿ଁ-ଃ଼ା-ୄେୈୋ-୍ୖୗୢୣஂா-ூெ-ைொ-்ௗఀ-ఄా-ౄె-ైొ-్ౕౖౢౣಁ-ಃ಼ಾ-ೄೆ-ೈೊ-್ೕೖೢೣഀ-ഃ഻഼ാ-ൄെ-ൈൊ-്ൗൢൣංඃ්ා-ුූෘ-ෟෲෳัิ-ฺ็-๎ັິ-ູົຼ່-ໍ༹༘༙༵༷༾༿ཱ-྄྆྇ྍ-ྗྙ-ྼ࿆ါ-ှၖ-ၙၞ-ၠၢ-ၤၧ-ၭၱ-ၴႂ-ႍႏႚ-ႝ፝-፟ᜒ-᜔ᜲ-᜴ᝒᝓᝲᝳ឴-៓៝᠋-᠍ᢅᢆᢩᤠ-ᤫᤰ-᤻ᨗ-ᨛᩕ-ᩞ᩠-᩿᩼᪰-᪽ᬀ-ᬄ᬴-᭄᭫-᭳ᮀ-ᮂᮡ-ᮭ᯦-᯳ᰤ-᰷᳐-᳔᳒-᳨᳭ᳲ-᳴᳷-᳹᷀-᷹᷻-᷿‿⁀⁔⃐-⃥⃜⃡-⃰℘℮⳯-⵿⳱ⷠ-〪ⷿ-゙゚〯꙯ꙴ-꙽ꚞꚟ꛰꛱ꠂ꠆ꠋꠣ-ꠧꢀꢁꢴ-ꣅ꣠-꣱ꣿꤦ-꤭ꥇ-꥓ꦀ-ꦃ꦳-꧀ꧥꨩ-ꨶꩃꩌꩍꩻ-ꩽꪰꪲ-ꪴꪷꪸꪾ꪿꫁ꫫ-ꫯꫵ꫶ꯣ-ꯪ꯬꯭ﬞ︀-️︠-︯︳︴﹍-﹏＿𐇽𐋠𐍶-𐍺𐨁-𐨃𐨅𐨆𐨌-𐨏𐨸-𐨿𐨺𐫦𐫥𐴤-𐽆𐴧-𐽐𑀀-𑀂𑀸-𑁆𑁿-𑂂𑂰-𑂺𑄀-𑄂𑄧-𑄴𑅅𑅆𑅳𑆀-𑆂𑆳-𑇀𑇉-𑇌𑈬-𑈷𑈾𑋟-𑋪𑌀-𑌃𑌻𑌼𑌾-𑍄𑍇𑍈𑍋-𑍍𑍗𑍢𑍣𑍦-𑍬𑍰-𑍴𑐵-𑑆𑑞𑒰-𑓃𑖯-𑖵𑖸-𑗀𑗜𑗝𑘰-𑙀𑚫-𑚷𑜝-𑜫𑠬-𑠺𑨁-𑨊𑨳-𑨹𑨻-𑨾𑩇𑩑-𑩛𑪊-𑪙𑰯-𑰶𑰸-𑰿𑲒-𑲧𑲩-𑲶𑴱-𑴶𑴺𑴼𑴽𑴿-𑵅𑵇𑶊-𑶎𑶐𑶑𑶓-𑶗𑻳-𑻶𖫰-𖫴𖬰-𖬶𖽑-𖽾𖾏-𖾒𛲝𛲞𝅥-𝅩𝅭-𝅲𝅻-𝆂𝆅-𝆋𝆪-𝆭𝉂-𝉄𝨀-𝨶𝨻-𝩬𝩵𝪄𝪛-𝪟𝪡-𝪯𞀀-𞀆𞀈-𞀘𞀛-𞀡𞀣𞀤𞀦-𞣐𞀪-𞣖𞥄-𞥊󠄀-󠇯]+"  # noqa: B950
+)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/async_utils.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/async_utils.py
new file mode 100644
index 000000000..e65219e49
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/async_utils.py
@@ -0,0 +1,84 @@
+import inspect
+import typing as t
+from functools import WRAPPER_ASSIGNMENTS
+from functools import wraps
+
+from .utils import _PassArg
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+
+
+def async_variant(normal_func):  # type: ignore
+    def decorator(async_func):  # type: ignore
+        pass_arg = _PassArg.from_obj(normal_func)
+        need_eval_context = pass_arg is None
+
+        if pass_arg is _PassArg.environment:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].is_async)
+
+        else:
+
+            def is_async(args: t.Any) -> bool:
+                return t.cast(bool, args[0].environment.is_async)
+
+        # Take the doc and annotations from the sync function, but the
+        # name from the async function. Pallets-Sphinx-Themes
+        # build_function_directive expects __wrapped__ to point to the
+        # sync function.
+        async_func_attrs = ("__module__", "__name__", "__qualname__")
+        normal_func_attrs = tuple(set(WRAPPER_ASSIGNMENTS).difference(async_func_attrs))
+
+        @wraps(normal_func, assigned=normal_func_attrs)
+        @wraps(async_func, assigned=async_func_attrs, updated=())
+        def wrapper(*args, **kwargs):  # type: ignore
+            b = is_async(args)
+
+            if need_eval_context:
+                args = args[1:]
+
+            if b:
+                return async_func(*args, **kwargs)
+
+            return normal_func(*args, **kwargs)
+
+        if need_eval_context:
+            wrapper = pass_eval_context(wrapper)
+
+        wrapper.jinja_async_variant = True  # type: ignore[attr-defined]
+        return wrapper
+
+    return decorator
+
+
+_common_primitives = {int, float, bool, str, list, dict, tuple, type(None)}
+
+
+async def auto_await(value: t.Union[t.Awaitable["V"], "V"]) -> "V":
+    # Avoid a costly call to isawaitable
+    if type(value) in _common_primitives:
+        return t.cast("V", value)
+
+    if inspect.isawaitable(value):
+        return await t.cast("t.Awaitable[V]", value)
+
+    return t.cast("V", value)
+
+
+async def auto_aiter(
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> "t.AsyncIterator[V]":
+    if hasattr(iterable, "__aiter__"):
+        async for item in t.cast("t.AsyncIterable[V]", iterable):
+            yield item
+    else:
+        for item in iterable:
+            yield item
+
+
+async def auto_to_list(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+) -> t.List["V"]:
+    return [x async for x in auto_aiter(value)]
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/bccache.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/bccache.py
new file mode 100644
index 000000000..ada8b099f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/bccache.py
@@ -0,0 +1,408 @@
+"""The optional bytecode cache system. This is useful if you have very
+complex template situations and the compilation of all those templates
+slows down your application too much.
+
+Situations where this is useful are often forking web applications that
+are initialized on the first request.
+"""
+
+import errno
+import fnmatch
+import marshal
+import os
+import pickle
+import stat
+import sys
+import tempfile
+import typing as t
+from hashlib import sha1
+from io import BytesIO
+from types import CodeType
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class _MemcachedClient(te.Protocol):
+        def get(self, key: str) -> bytes: ...
+
+        def set(
+            self, key: str, value: bytes, timeout: t.Optional[int] = None
+        ) -> None: ...
+
+
+bc_version = 5
+# Magic bytes to identify Jinja bytecode cache files. Contains the
+# Python major and minor version to avoid loading incompatible bytecode
+# if a project upgrades its Python version.
+bc_magic = (
+    b"j2"
+    + pickle.dumps(bc_version, 2)
+    + pickle.dumps((sys.version_info[0] << 24) | sys.version_info[1], 2)
+)
+
+
+class Bucket:
+    """Buckets are used to store the bytecode for one template.  It's created
+    and initialized by the bytecode cache and passed to the loading functions.
+
+    The buckets get an internal checksum from the cache assigned and use this
+    to automatically reject outdated cache material.  Individual bytecode
+    cache subclasses don't have to care about cache invalidation.
+    """
+
+    def __init__(self, environment: "Environment", key: str, checksum: str) -> None:
+        self.environment = environment
+        self.key = key
+        self.checksum = checksum
+        self.reset()
+
+    def reset(self) -> None:
+        """Resets the bucket (unloads the bytecode)."""
+        self.code: t.Optional[CodeType] = None
+
+    def load_bytecode(self, f: t.BinaryIO) -> None:
+        """Loads bytecode from a file or file like object."""
+        # make sure the magic header is correct
+        magic = f.read(len(bc_magic))
+        if magic != bc_magic:
+            self.reset()
+            return
+        # the source code of the file changed, we need to reload
+        checksum = pickle.load(f)
+        if self.checksum != checksum:
+            self.reset()
+            return
+        # if marshal_load fails then we need to reload
+        try:
+            self.code = marshal.load(f)
+        except (EOFError, ValueError, TypeError):
+            self.reset()
+            return
+
+    def write_bytecode(self, f: t.IO[bytes]) -> None:
+        """Dump the bytecode into the file or file like object passed."""
+        if self.code is None:
+            raise TypeError("can't write empty bucket")
+        f.write(bc_magic)
+        pickle.dump(self.checksum, f, 2)
+        marshal.dump(self.code, f)
+
+    def bytecode_from_string(self, string: bytes) -> None:
+        """Load bytecode from bytes."""
+        self.load_bytecode(BytesIO(string))
+
+    def bytecode_to_string(self) -> bytes:
+        """Return the bytecode as bytes."""
+        out = BytesIO()
+        self.write_bytecode(out)
+        return out.getvalue()
+
+
+class BytecodeCache:
+    """To implement your own bytecode cache you have to subclass this class
+    and override :meth:`load_bytecode` and :meth:`dump_bytecode`.  Both of
+    these methods are passed a :class:`~jinja2.bccache.Bucket`.
+
+    A very basic bytecode cache that saves the bytecode on the file system::
+
+        from os import path
+
+        class MyCache(BytecodeCache):
+
+            def __init__(self, directory):
+                self.directory = directory
+
+            def load_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                if path.exists(filename):
+                    with open(filename, 'rb') as f:
+                        bucket.load_bytecode(f)
+
+            def dump_bytecode(self, bucket):
+                filename = path.join(self.directory, bucket.key)
+                with open(filename, 'wb') as f:
+                    bucket.write_bytecode(f)
+
+    A more advanced version of a filesystem based bytecode cache is part of
+    Jinja.
+    """
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to load bytecode into a
+        bucket.  If they are not able to find code in the cache for the
+        bucket, it must not do anything.
+        """
+        raise NotImplementedError()
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        """Subclasses have to override this method to write the bytecode
+        from a bucket back to the cache.  If it unable to do so it must not
+        fail silently but raise an exception.
+        """
+        raise NotImplementedError()
+
+    def clear(self) -> None:
+        """Clears the cache.  This method is not used by Jinja but should be
+        implemented to allow applications to clear the bytecode cache used
+        by a particular environment.
+        """
+
+    def get_cache_key(
+        self, name: str, filename: t.Optional[t.Union[str]] = None
+    ) -> str:
+        """Returns the unique hash key for this template name."""
+        hash = sha1(name.encode("utf-8"))
+
+        if filename is not None:
+            hash.update(f"|{filename}".encode())
+
+        return hash.hexdigest()
+
+    def get_source_checksum(self, source: str) -> str:
+        """Returns a checksum for the source."""
+        return sha1(source.encode("utf-8")).hexdigest()
+
+    def get_bucket(
+        self,
+        environment: "Environment",
+        name: str,
+        filename: t.Optional[str],
+        source: str,
+    ) -> Bucket:
+        """Return a cache bucket for the given template.  All arguments are
+        mandatory but filename may be `None`.
+        """
+        key = self.get_cache_key(name, filename)
+        checksum = self.get_source_checksum(source)
+        bucket = Bucket(environment, key, checksum)
+        self.load_bytecode(bucket)
+        return bucket
+
+    def set_bucket(self, bucket: Bucket) -> None:
+        """Put the bucket into the cache."""
+        self.dump_bytecode(bucket)
+
+
+class FileSystemBytecodeCache(BytecodeCache):
+    """A bytecode cache that stores bytecode on the filesystem.  It accepts
+    two arguments: The directory where the cache items are stored and a
+    pattern string that is used to build the filename.
+
+    If no directory is specified a default cache directory is selected.  On
+    Windows the user's temp directory is used, on UNIX systems a directory
+    is created for the user in the system temp directory.
+
+    The pattern can be used to have multiple separate caches operate on the
+    same directory.  The default pattern is ``'__jinja2_%s.cache'``.  ``%s``
+    is replaced with the cache key.
+
+    >>> bcc = FileSystemBytecodeCache('/tmp/jinja_cache', '%s.cache')
+
+    This bytecode cache supports clearing of the cache using the clear method.
+    """
+
+    def __init__(
+        self, directory: t.Optional[str] = None, pattern: str = "__jinja2_%s.cache"
+    ) -> None:
+        if directory is None:
+            directory = self._get_default_cache_dir()
+        self.directory = directory
+        self.pattern = pattern
+
+    def _get_default_cache_dir(self) -> str:
+        def _unsafe_dir() -> "te.NoReturn":
+            raise RuntimeError(
+                "Cannot determine safe temp directory.  You "
+                "need to explicitly provide one."
+            )
+
+        tmpdir = tempfile.gettempdir()
+
+        # On windows the temporary directory is used specific unless
+        # explicitly forced otherwise.  We can just use that.
+        if os.name == "nt":
+            return tmpdir
+        if not hasattr(os, "getuid"):
+            _unsafe_dir()
+
+        dirname = f"_jinja2-cache-{os.getuid()}"
+        actual_dir = os.path.join(tmpdir, dirname)
+
+        try:
+            os.mkdir(actual_dir, stat.S_IRWXU)
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+        try:
+            os.chmod(actual_dir, stat.S_IRWXU)
+            actual_dir_stat = os.lstat(actual_dir)
+            if (
+                actual_dir_stat.st_uid != os.getuid()
+                or not stat.S_ISDIR(actual_dir_stat.st_mode)
+                or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+            ):
+                _unsafe_dir()
+        except OSError as e:
+            if e.errno != errno.EEXIST:
+                raise
+
+        actual_dir_stat = os.lstat(actual_dir)
+        if (
+            actual_dir_stat.st_uid != os.getuid()
+            or not stat.S_ISDIR(actual_dir_stat.st_mode)
+            or stat.S_IMODE(actual_dir_stat.st_mode) != stat.S_IRWXU
+        ):
+            _unsafe_dir()
+
+        return actual_dir
+
+    def _get_cache_filename(self, bucket: Bucket) -> str:
+        return os.path.join(self.directory, self.pattern % (bucket.key,))
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        filename = self._get_cache_filename(bucket)
+
+        # Don't test for existence before opening the file, since the
+        # file could disappear after the test before the open.
+        try:
+            f = open(filename, "rb")
+        except (FileNotFoundError, IsADirectoryError, PermissionError):
+            # PermissionError can occur on Windows when an operation is
+            # in progress, such as calling clear().
+            return
+
+        with f:
+            bucket.load_bytecode(f)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        # Write to a temporary file, then rename to the real name after
+        # writing. This avoids another process reading the file before
+        # it is fully written.
+        name = self._get_cache_filename(bucket)
+        f = tempfile.NamedTemporaryFile(
+            mode="wb",
+            dir=os.path.dirname(name),
+            prefix=os.path.basename(name),
+            suffix=".tmp",
+            delete=False,
+        )
+
+        def remove_silent() -> None:
+            try:
+                os.remove(f.name)
+            except OSError:
+                # Another process may have called clear(). On Windows,
+                # another program may be holding the file open.
+                pass
+
+        try:
+            with f:
+                bucket.write_bytecode(f)
+        except BaseException:
+            remove_silent()
+            raise
+
+        try:
+            os.replace(f.name, name)
+        except OSError:
+            # Another process may have called clear(). On Windows,
+            # another program may be holding the file open.
+            remove_silent()
+        except BaseException:
+            remove_silent()
+            raise
+
+    def clear(self) -> None:
+        # imported lazily here because google app-engine doesn't support
+        # write access on the file system and the function does not exist
+        # normally.
+        from os import remove
+
+        files = fnmatch.filter(os.listdir(self.directory), self.pattern % ("*",))
+        for filename in files:
+            try:
+                remove(os.path.join(self.directory, filename))
+            except OSError:
+                pass
+
+
+class MemcachedBytecodeCache(BytecodeCache):
+    """This class implements a bytecode cache that uses a memcache cache for
+    storing the information.  It does not enforce a specific memcache library
+    (tummy's memcache or cmemcache) but will accept any class that provides
+    the minimal interface required.
+
+    Libraries compatible with this class:
+
+    -   `cachelib <https://github.com/pallets/cachelib>`_
+    -   `python-memcached <https://pypi.org/project/python-memcached/>`_
+
+    (Unfortunately the django cache interface is not compatible because it
+    does not support storing binary data, only text. You can however pass
+    the underlying cache client to the bytecode cache which is available
+    as `django.core.cache.cache._client`.)
+
+    The minimal interface for the client passed to the constructor is this:
+
+    .. class:: MinimalClientInterface
+
+        .. method:: set(key, value[, timeout])
+
+            Stores the bytecode in the cache.  `value` is a string and
+            `timeout` the timeout of the key.  If timeout is not provided
+            a default timeout or no timeout should be assumed, if it's
+            provided it's an integer with the number of seconds the cache
+            item should exist.
+
+        .. method:: get(key)
+
+            Returns the value for the cache key.  If the item does not
+            exist in the cache the return value must be `None`.
+
+    The other arguments to the constructor are the prefix for all keys that
+    is added before the actual cache key and the timeout for the bytecode in
+    the cache system.  We recommend a high (or no) timeout.
+
+    This bytecode cache does not support clearing of used items in the cache.
+    The clear method is a no-operation function.
+
+    .. versionadded:: 2.7
+       Added support for ignoring memcache errors through the
+       `ignore_memcache_errors` parameter.
+    """
+
+    def __init__(
+        self,
+        client: "_MemcachedClient",
+        prefix: str = "jinja2/bytecode/",
+        timeout: t.Optional[int] = None,
+        ignore_memcache_errors: bool = True,
+    ):
+        self.client = client
+        self.prefix = prefix
+        self.timeout = timeout
+        self.ignore_memcache_errors = ignore_memcache_errors
+
+    def load_bytecode(self, bucket: Bucket) -> None:
+        try:
+            code = self.client.get(self.prefix + bucket.key)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
+        else:
+            bucket.bytecode_from_string(code)
+
+    def dump_bytecode(self, bucket: Bucket) -> None:
+        key = self.prefix + bucket.key
+        value = bucket.bytecode_to_string()
+
+        try:
+            if self.timeout is not None:
+                self.client.set(key, value, self.timeout)
+            else:
+                self.client.set(key, value)
+        except Exception:
+            if not self.ignore_memcache_errors:
+                raise
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/compiler.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/compiler.py
new file mode 100644
index 000000000..274071750
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/compiler.py
@@ -0,0 +1,1960 @@
+"""Compiles nodes from the parser into Python code."""
+
+import typing as t
+from contextlib import contextmanager
+from functools import update_wrapper
+from io import StringIO
+from itertools import chain
+from keyword import iskeyword as is_python_keyword
+
+from markupsafe import escape
+from markupsafe import Markup
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .idtracking import Symbols
+from .idtracking import VAR_LOAD_ALIAS
+from .idtracking import VAR_LOAD_PARAMETER
+from .idtracking import VAR_LOAD_RESOLVE
+from .idtracking import VAR_LOAD_UNDEFINED
+from .nodes import EvalContext
+from .optimizer import Optimizer
+from .utils import _PassArg
+from .utils import concat
+from .visitor import NodeVisitor
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+operators = {
+    "eq": "==",
+    "ne": "!=",
+    "gt": ">",
+    "gteq": ">=",
+    "lt": "<",
+    "lteq": "<=",
+    "in": "in",
+    "notin": "not in",
+}
+
+
+def optimizeconst(f: F) -> F:
+    def new_func(
+        self: "CodeGenerator", node: nodes.Expr, frame: "Frame", **kwargs: t.Any
+    ) -> t.Any:
+        # Only optimize if the frame is not volatile
+        if self.optimizer is not None and not frame.eval_ctx.volatile:
+            new_node = self.optimizer.visit(node, frame.eval_ctx)
+
+            if new_node != node:
+                return self.visit(new_node, frame)
+
+        return f(self, node, frame, **kwargs)
+
+    return update_wrapper(t.cast(F, new_func), f)
+
+
+def _make_binop(op: str) -> t.Callable[["CodeGenerator", nodes.BinExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.BinExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_binops  # type: ignore
+        ):
+            self.write(f"environment.call_binop(context, {op!r}, ")
+            self.visit(node.left, frame)
+            self.write(", ")
+            self.visit(node.right, frame)
+        else:
+            self.write("(")
+            self.visit(node.left, frame)
+            self.write(f" {op} ")
+            self.visit(node.right, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def _make_unop(
+    op: str,
+) -> t.Callable[["CodeGenerator", nodes.UnaryExpr, "Frame"], None]:
+    @optimizeconst
+    def visitor(self: "CodeGenerator", node: nodes.UnaryExpr, frame: Frame) -> None:
+        if (
+            self.environment.sandboxed and op in self.environment.intercepted_unops  # type: ignore
+        ):
+            self.write(f"environment.call_unop(context, {op!r}, ")
+            self.visit(node.node, frame)
+        else:
+            self.write("(" + op)
+            self.visit(node.node, frame)
+
+        self.write(")")
+
+    return visitor
+
+
+def generate(
+    node: nodes.Template,
+    environment: "Environment",
+    name: t.Optional[str],
+    filename: t.Optional[str],
+    stream: t.Optional[t.TextIO] = None,
+    defer_init: bool = False,
+    optimized: bool = True,
+) -> t.Optional[str]:
+    """Generate the python source for a node tree."""
+    if not isinstance(node, nodes.Template):
+        raise TypeError("Can't compile non template nodes")
+
+    generator = environment.code_generator_class(
+        environment, name, filename, stream, defer_init, optimized
+    )
+    generator.visit(node)
+
+    if stream is None:
+        return generator.stream.getvalue()  # type: ignore
+
+    return None
+
+
+def has_safe_repr(value: t.Any) -> bool:
+    """Does the node have a safe representation?"""
+    if value is None or value is NotImplemented or value is Ellipsis:
+        return True
+
+    if type(value) in {bool, int, float, complex, range, str, Markup}:
+        return True
+
+    if type(value) in {tuple, list, set, frozenset}:
+        return all(has_safe_repr(v) for v in value)
+
+    if type(value) is dict:  # noqa E721
+        return all(has_safe_repr(k) and has_safe_repr(v) for k, v in value.items())
+
+    return False
+
+
+def find_undeclared(
+    nodes: t.Iterable[nodes.Node], names: t.Iterable[str]
+) -> t.Set[str]:
+    """Check if the names passed are accessed undeclared.  The return value
+    is a set of all the undeclared names from the sequence of names found.
+    """
+    visitor = UndeclaredNameVisitor(names)
+    try:
+        for node in nodes:
+            visitor.visit(node)
+    except VisitorExit:
+        pass
+    return visitor.undeclared
+
+
+class MacroRef:
+    def __init__(self, node: t.Union[nodes.Macro, nodes.CallBlock]) -> None:
+        self.node = node
+        self.accesses_caller = False
+        self.accesses_kwargs = False
+        self.accesses_varargs = False
+
+
+class Frame:
+    """Holds compile time information for us."""
+
+    def __init__(
+        self,
+        eval_ctx: EvalContext,
+        parent: t.Optional["Frame"] = None,
+        level: t.Optional[int] = None,
+    ) -> None:
+        self.eval_ctx = eval_ctx
+
+        # the parent of this frame
+        self.parent = parent
+
+        if parent is None:
+            self.symbols = Symbols(level=level)
+
+            # in some dynamic inheritance situations the compiler needs to add
+            # write tests around output statements.
+            self.require_output_check = False
+
+            # inside some tags we are using a buffer rather than yield statements.
+            # this for example affects {% filter %} or {% macro %}.  If a frame
+            # is buffered this variable points to the name of the list used as
+            # buffer.
+            self.buffer: t.Optional[str] = None
+
+            # the name of the block we're in, otherwise None.
+            self.block: t.Optional[str] = None
+
+        else:
+            self.symbols = Symbols(parent.symbols, level=level)
+            self.require_output_check = parent.require_output_check
+            self.buffer = parent.buffer
+            self.block = parent.block
+
+        # a toplevel frame is the root + soft frames such as if conditions.
+        self.toplevel = False
+
+        # the root frame is basically just the outermost frame, so no if
+        # conditions.  This information is used to optimize inheritance
+        # situations.
+        self.rootlevel = False
+
+        # variables set inside of loops and blocks should not affect outer frames,
+        # but they still needs to be kept track of as part of the active context.
+        self.loop_frame = False
+        self.block_frame = False
+
+        # track whether the frame is being used in an if-statement or conditional
+        # expression as it determines which errors should be raised during runtime
+        # or compile time.
+        self.soft_frame = False
+
+    def copy(self) -> "Frame":
+        """Create a copy of the current one."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.symbols = self.symbols.copy()
+        return rv
+
+    def inner(self, isolated: bool = False) -> "Frame":
+        """Return an inner frame."""
+        if isolated:
+            return Frame(self.eval_ctx, level=self.symbols.level + 1)
+        return Frame(self.eval_ctx, self)
+
+    def soft(self) -> "Frame":
+        """Return a soft frame.  A soft frame may not be modified as
+        standalone thing as it shares the resources with the frame it
+        was created of, but it's not a rootlevel frame any longer.
+
+        This is only used to implement if-statements and conditional
+        expressions.
+        """
+        rv = self.copy()
+        rv.rootlevel = False
+        rv.soft_frame = True
+        return rv
+
+    __copy__ = copy
+
+
+class VisitorExit(RuntimeError):
+    """Exception used by the `UndeclaredNameVisitor` to signal a stop."""
+
+
+class DependencyFinderVisitor(NodeVisitor):
+    """A visitor that collects filter and test calls."""
+
+    def __init__(self) -> None:
+        self.filters: t.Set[str] = set()
+        self.tests: t.Set[str] = set()
+
+    def visit_Filter(self, node: nodes.Filter) -> None:
+        self.generic_visit(node)
+        self.filters.add(node.name)
+
+    def visit_Test(self, node: nodes.Test) -> None:
+        self.generic_visit(node)
+        self.tests.add(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting at blocks."""
+
+
+class UndeclaredNameVisitor(NodeVisitor):
+    """A visitor that checks if a name is accessed without being
+    declared.  This is different from the frame visitor as it will
+    not stop at closure frames.
+    """
+
+    def __init__(self, names: t.Iterable[str]) -> None:
+        self.names = set(names)
+        self.undeclared: t.Set[str] = set()
+
+    def visit_Name(self, node: nodes.Name) -> None:
+        if node.ctx == "load" and node.name in self.names:
+            self.undeclared.add(node.name)
+            if self.undeclared == self.names:
+                raise VisitorExit()
+        else:
+            self.names.discard(node.name)
+
+    def visit_Block(self, node: nodes.Block) -> None:
+        """Stop visiting a blocks."""
+
+
+class CompilerExit(Exception):
+    """Raised if the compiler encountered a situation where it just
+    doesn't make sense to further process the code.  Any block that
+    raises such an exception is not further processed.
+    """
+
+
+class CodeGenerator(NodeVisitor):
+    def __init__(
+        self,
+        environment: "Environment",
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        stream: t.Optional[t.TextIO] = None,
+        defer_init: bool = False,
+        optimized: bool = True,
+    ) -> None:
+        if stream is None:
+            stream = StringIO()
+        self.environment = environment
+        self.name = name
+        self.filename = filename
+        self.stream = stream
+        self.created_block_context = False
+        self.defer_init = defer_init
+        self.optimizer: t.Optional[Optimizer] = None
+
+        if optimized:
+            self.optimizer = Optimizer(environment)
+
+        # aliases for imports
+        self.import_aliases: t.Dict[str, str] = {}
+
+        # a registry for all blocks.  Because blocks are moved out
+        # into the global python scope they are registered here
+        self.blocks: t.Dict[str, nodes.Block] = {}
+
+        # the number of extends statements so far
+        self.extends_so_far = 0
+
+        # some templates have a rootlevel extends.  In this case we
+        # can safely assume that we're a child template and do some
+        # more optimizations.
+        self.has_known_extends = False
+
+        # the current line number
+        self.code_lineno = 1
+
+        # registry of all filters and tests (global, not block local)
+        self.tests: t.Dict[str, str] = {}
+        self.filters: t.Dict[str, str] = {}
+
+        # the debug information
+        self.debug_info: t.List[t.Tuple[int, int]] = []
+        self._write_debug_info: t.Optional[int] = None
+
+        # the number of new lines before the next write()
+        self._new_lines = 0
+
+        # the line number of the last written statement
+        self._last_line = 0
+
+        # true if nothing was written so far.
+        self._first_write = True
+
+        # used by the `temporary_identifier` method to get new
+        # unique, temporary identifier
+        self._last_identifier = 0
+
+        # the current indentation
+        self._indentation = 0
+
+        # Tracks toplevel assignments
+        self._assign_stack: t.List[t.Set[str]] = []
+
+        # Tracks parameter definition blocks
+        self._param_def_block: t.List[t.Set[str]] = []
+
+        # Tracks the current context.
+        self._context_reference_stack = ["context"]
+
+    @property
+    def optimized(self) -> bool:
+        return self.optimizer is not None
+
+    # -- Various compilation helpers
+
+    def fail(self, msg: str, lineno: int) -> "te.NoReturn":
+        """Fail with a :exc:`TemplateAssertionError`."""
+        raise TemplateAssertionError(msg, lineno, self.name, self.filename)
+
+    def temporary_identifier(self) -> str:
+        """Get a new unique identifier."""
+        self._last_identifier += 1
+        return f"t_{self._last_identifier}"
+
+    def buffer(self, frame: Frame) -> None:
+        """Enable buffering for the frame from that point onwards."""
+        frame.buffer = self.temporary_identifier()
+        self.writeline(f"{frame.buffer} = []")
+
+    def return_buffer_contents(
+        self, frame: Frame, force_unescaped: bool = False
+    ) -> None:
+        """Return the buffer contents of the frame."""
+        if not force_unescaped:
+            if frame.eval_ctx.volatile:
+                self.writeline("if context.eval_ctx.autoescape:")
+                self.indent()
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                self.outdent()
+                self.writeline("else:")
+                self.indent()
+                self.writeline(f"return concat({frame.buffer})")
+                self.outdent()
+                return
+            elif frame.eval_ctx.autoescape:
+                self.writeline(f"return Markup(concat({frame.buffer}))")
+                return
+        self.writeline(f"return concat({frame.buffer})")
+
+    def indent(self) -> None:
+        """Indent by one."""
+        self._indentation += 1
+
+    def outdent(self, step: int = 1) -> None:
+        """Outdent by step."""
+        self._indentation -= step
+
+    def start_write(self, frame: Frame, node: t.Optional[nodes.Node] = None) -> None:
+        """Yield or write into the frame buffer."""
+        if frame.buffer is None:
+            self.writeline("yield ", node)
+        else:
+            self.writeline(f"{frame.buffer}.append(", node)
+
+    def end_write(self, frame: Frame) -> None:
+        """End the writing process started by `start_write`."""
+        if frame.buffer is not None:
+            self.write(")")
+
+    def simple_write(
+        self, s: str, frame: Frame, node: t.Optional[nodes.Node] = None
+    ) -> None:
+        """Simple shortcut for start_write + write + end_write."""
+        self.start_write(frame, node)
+        self.write(s)
+        self.end_write(frame)
+
+    def blockvisit(self, nodes: t.Iterable[nodes.Node], frame: Frame) -> None:
+        """Visit a list of nodes as block in a frame.  If the current frame
+        is no buffer a dummy ``if 0: yield None`` is written automatically.
+        """
+        try:
+            self.writeline("pass")
+            for node in nodes:
+                self.visit(node, frame)
+        except CompilerExit:
+            pass
+
+    def write(self, x: str) -> None:
+        """Write a string into the output stream."""
+        if self._new_lines:
+            if not self._first_write:
+                self.stream.write("\n" * self._new_lines)
+                self.code_lineno += self._new_lines
+                if self._write_debug_info is not None:
+                    self.debug_info.append((self._write_debug_info, self.code_lineno))
+                    self._write_debug_info = None
+            self._first_write = False
+            self.stream.write("    " * self._indentation)
+            self._new_lines = 0
+        self.stream.write(x)
+
+    def writeline(
+        self, x: str, node: t.Optional[nodes.Node] = None, extra: int = 0
+    ) -> None:
+        """Combination of newline and write."""
+        self.newline(node, extra)
+        self.write(x)
+
+    def newline(self, node: t.Optional[nodes.Node] = None, extra: int = 0) -> None:
+        """Add one or more newlines before the next write."""
+        self._new_lines = max(self._new_lines, 1 + extra)
+        if node is not None and node.lineno != self._last_line:
+            self._write_debug_info = node.lineno
+            self._last_line = node.lineno
+
+    def signature(
+        self,
+        node: t.Union[nodes.Call, nodes.Filter, nodes.Test],
+        frame: Frame,
+        extra_kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> None:
+        """Writes a function call to the stream for the current node.
+        A leading comma is added automatically.  The extra keyword
+        arguments may not include python keywords otherwise a syntax
+        error could occur.  The extra keyword arguments should be given
+        as python dict.
+        """
+        # if any of the given keyword arguments is a python keyword
+        # we have to make sure that no invalid call is created.
+        kwarg_workaround = any(
+            is_python_keyword(t.cast(str, k))
+            for k in chain((x.key for x in node.kwargs), extra_kwargs or ())
+        )
+
+        for arg in node.args:
+            self.write(", ")
+            self.visit(arg, frame)
+
+        if not kwarg_workaround:
+            for kwarg in node.kwargs:
+                self.write(", ")
+                self.visit(kwarg, frame)
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f", {key}={value}")
+        if node.dyn_args:
+            self.write(", *")
+            self.visit(node.dyn_args, frame)
+
+        if kwarg_workaround:
+            if node.dyn_kwargs is not None:
+                self.write(", **dict({")
+            else:
+                self.write(", **{")
+            for kwarg in node.kwargs:
+                self.write(f"{kwarg.key!r}: ")
+                self.visit(kwarg.value, frame)
+                self.write(", ")
+            if extra_kwargs is not None:
+                for key, value in extra_kwargs.items():
+                    self.write(f"{key!r}: {value}, ")
+            if node.dyn_kwargs is not None:
+                self.write("}, **")
+                self.visit(node.dyn_kwargs, frame)
+                self.write(")")
+            else:
+                self.write("}")
+
+        elif node.dyn_kwargs is not None:
+            self.write(", **")
+            self.visit(node.dyn_kwargs, frame)
+
+    def pull_dependencies(self, nodes: t.Iterable[nodes.Node]) -> None:
+        """Find all filter and test names used in the template and
+        assign them to variables in the compiled namespace. Checking
+        that the names are registered with the environment is done when
+        compiling the Filter and Test nodes. If the node is in an If or
+        CondExpr node, the check is done at runtime instead.
+
+        .. versionchanged:: 3.0
+            Filters and tests in If and CondExpr nodes are checked at
+            runtime instead of compile time.
+        """
+        visitor = DependencyFinderVisitor()
+
+        for node in nodes:
+            visitor.visit(node)
+
+        for id_map, names, dependency in (
+            (self.filters, visitor.filters, "filters"),
+            (
+                self.tests,
+                visitor.tests,
+                "tests",
+            ),
+        ):
+            for name in sorted(names):
+                if name not in id_map:
+                    id_map[name] = self.temporary_identifier()
+
+                # add check during runtime that dependencies used inside of executed
+                # blocks are defined, as this step may be skipped during compile time
+                self.writeline("try:")
+                self.indent()
+                self.writeline(f"{id_map[name]} = environment.{dependency}[{name!r}]")
+                self.outdent()
+                self.writeline("except KeyError:")
+                self.indent()
+                self.writeline("@internalcode")
+                self.writeline(f"def {id_map[name]}(*unused):")
+                self.indent()
+                self.writeline(
+                    f'raise TemplateRuntimeError("No {dependency[:-1]}'
+                    f' named {name!r} found.")'
+                )
+                self.outdent()
+                self.outdent()
+
+    def enter_frame(self, frame: Frame) -> None:
+        undefs = []
+        for target, (action, param) in frame.symbols.loads.items():
+            if action == VAR_LOAD_PARAMETER:
+                pass
+            elif action == VAR_LOAD_RESOLVE:
+                self.writeline(f"{target} = {self.get_resolve_func()}({param!r})")
+            elif action == VAR_LOAD_ALIAS:
+                self.writeline(f"{target} = {param}")
+            elif action == VAR_LOAD_UNDEFINED:
+                undefs.append(target)
+            else:
+                raise NotImplementedError("unknown load instruction")
+        if undefs:
+            self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def leave_frame(self, frame: Frame, with_python_scope: bool = False) -> None:
+        if not with_python_scope:
+            undefs = []
+            for target in frame.symbols.loads:
+                undefs.append(target)
+            if undefs:
+                self.writeline(f"{' = '.join(undefs)} = missing")
+
+    def choose_async(self, async_value: str = "async ", sync_value: str = "") -> str:
+        return async_value if self.environment.is_async else sync_value
+
+    def func(self, name: str) -> str:
+        return f"{self.choose_async()}def {name}"
+
+    def macro_body(
+        self, node: t.Union[nodes.Macro, nodes.CallBlock], frame: Frame
+    ) -> t.Tuple[Frame, MacroRef]:
+        """Dump the function def of a macro or call block."""
+        frame = frame.inner()
+        frame.symbols.analyze_node(node)
+        macro_ref = MacroRef(node)
+
+        explicit_caller = None
+        skip_special_params = set()
+        args = []
+
+        for idx, arg in enumerate(node.args):
+            if arg.name == "caller":
+                explicit_caller = idx
+            if arg.name in ("kwargs", "varargs"):
+                skip_special_params.add(arg.name)
+            args.append(frame.symbols.ref(arg.name))
+
+        undeclared = find_undeclared(node.body, ("caller", "kwargs", "varargs"))
+
+        if "caller" in undeclared:
+            # In older Jinja versions there was a bug that allowed caller
+            # to retain the special behavior even if it was mentioned in
+            # the argument list.  However thankfully this was only really
+            # working if it was the last argument.  So we are explicitly
+            # checking this now and error out if it is anywhere else in
+            # the argument list.
+            if explicit_caller is not None:
+                try:
+                    node.defaults[explicit_caller - len(node.args)]
+                except IndexError:
+                    self.fail(
+                        "When defining macros or call blocks the "
+                        'special "caller" argument must be omitted '
+                        "or be given a default.",
+                        node.lineno,
+                    )
+            else:
+                args.append(frame.symbols.declare_parameter("caller"))
+            macro_ref.accesses_caller = True
+        if "kwargs" in undeclared and "kwargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("kwargs"))
+            macro_ref.accesses_kwargs = True
+        if "varargs" in undeclared and "varargs" not in skip_special_params:
+            args.append(frame.symbols.declare_parameter("varargs"))
+            macro_ref.accesses_varargs = True
+
+        # macros are delayed, they never require output checks
+        frame.require_output_check = False
+        frame.symbols.analyze_node(node)
+        self.writeline(f"{self.func('macro')}({', '.join(args)}):", node)
+        self.indent()
+
+        self.buffer(frame)
+        self.enter_frame(frame)
+
+        self.push_parameter_definitions(frame)
+        for idx, arg in enumerate(node.args):
+            ref = frame.symbols.ref(arg.name)
+            self.writeline(f"if {ref} is missing:")
+            self.indent()
+            try:
+                default = node.defaults[idx - len(node.args)]
+            except IndexError:
+                self.writeline(
+                    f'{ref} = undefined("parameter {arg.name!r} was not provided",'
+                    f" name={arg.name!r})"
+                )
+            else:
+                self.writeline(f"{ref} = ")
+                self.visit(default, frame)
+            self.mark_parameter_stored(ref)
+            self.outdent()
+        self.pop_parameter_definitions()
+
+        self.blockvisit(node.body, frame)
+        self.return_buffer_contents(frame, force_unescaped=True)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        return frame, macro_ref
+
+    def macro_def(self, macro_ref: MacroRef, frame: Frame) -> None:
+        """Dump the macro definition for the def created by macro_body."""
+        arg_tuple = ", ".join(repr(x.name) for x in macro_ref.node.args)
+        name = getattr(macro_ref.node, "name", None)
+        if len(macro_ref.node.args) == 1:
+            arg_tuple += ","
+        self.write(
+            f"Macro(environment, macro, {name!r}, ({arg_tuple}),"
+            f" {macro_ref.accesses_kwargs!r}, {macro_ref.accesses_varargs!r},"
+            f" {macro_ref.accesses_caller!r}, context.eval_ctx.autoescape)"
+        )
+
+    def position(self, node: nodes.Node) -> str:
+        """Return a human readable position for the node."""
+        rv = f"line {node.lineno}"
+        if self.name is not None:
+            rv = f"{rv} in {self.name!r}"
+        return rv
+
+    def dump_local_context(self, frame: Frame) -> str:
+        items_kv = ", ".join(
+            f"{name!r}: {target}"
+            for name, target in frame.symbols.dump_stores().items()
+        )
+        return f"{{{items_kv}}}"
+
+    def write_commons(self) -> None:
+        """Writes a common preamble that is used by root and block functions.
+        Primarily this sets up common local helpers and enforces a generator
+        through a dead branch.
+        """
+        self.writeline("resolve = context.resolve_or_missing")
+        self.writeline("undefined = environment.undefined")
+        self.writeline("concat = environment.concat")
+        # always use the standard Undefined class for the implicit else of
+        # conditional expressions
+        self.writeline("cond_expr_undefined = Undefined")
+        self.writeline("if 0: yield None")
+
+    def push_parameter_definitions(self, frame: Frame) -> None:
+        """Pushes all parameter targets from the given frame into a local
+        stack that permits tracking of yet to be assigned parameters.  In
+        particular this enables the optimization from `visit_Name` to skip
+        undefined expressions for parameters in macros as macros can reference
+        otherwise unbound parameters.
+        """
+        self._param_def_block.append(frame.symbols.dump_param_targets())
+
+    def pop_parameter_definitions(self) -> None:
+        """Pops the current parameter definitions set."""
+        self._param_def_block.pop()
+
+    def mark_parameter_stored(self, target: str) -> None:
+        """Marks a parameter in the current parameter definitions as stored.
+        This will skip the enforced undefined checks.
+        """
+        if self._param_def_block:
+            self._param_def_block[-1].discard(target)
+
+    def push_context_reference(self, target: str) -> None:
+        self._context_reference_stack.append(target)
+
+    def pop_context_reference(self) -> None:
+        self._context_reference_stack.pop()
+
+    def get_context_ref(self) -> str:
+        return self._context_reference_stack[-1]
+
+    def get_resolve_func(self) -> str:
+        target = self._context_reference_stack[-1]
+        if target == "context":
+            return "resolve"
+        return f"{target}.resolve"
+
+    def derive_context(self, frame: Frame) -> str:
+        return f"{self.get_context_ref()}.derived({self.dump_local_context(frame)})"
+
+    def parameter_is_undeclared(self, target: str) -> bool:
+        """Checks if a given target is an undeclared parameter."""
+        if not self._param_def_block:
+            return False
+        return target in self._param_def_block[-1]
+
+    def push_assign_tracking(self) -> None:
+        """Pushes a new layer for assignment tracking."""
+        self._assign_stack.append(set())
+
+    def pop_assign_tracking(self, frame: Frame) -> None:
+        """Pops the topmost level for assignment tracking and updates the
+        context variables if necessary.
+        """
+        vars = self._assign_stack.pop()
+        if (
+            not frame.block_frame
+            and not frame.loop_frame
+            and not frame.toplevel
+            or not vars
+        ):
+            return
+        public_names = [x for x in vars if x[:1] != "_"]
+        if len(vars) == 1:
+            name = next(iter(vars))
+            ref = frame.symbols.ref(name)
+            if frame.loop_frame:
+                self.writeline(f"_loop_vars[{name!r}] = {ref}")
+                return
+            if frame.block_frame:
+                self.writeline(f"_block_vars[{name!r}] = {ref}")
+                return
+            self.writeline(f"context.vars[{name!r}] = {ref}")
+        else:
+            if frame.loop_frame:
+                self.writeline("_loop_vars.update({")
+            elif frame.block_frame:
+                self.writeline("_block_vars.update({")
+            else:
+                self.writeline("context.vars.update({")
+            for idx, name in enumerate(vars):
+                if idx:
+                    self.write(", ")
+                ref = frame.symbols.ref(name)
+                self.write(f"{name!r}: {ref}")
+            self.write("})")
+        if not frame.block_frame and not frame.loop_frame and public_names:
+            if len(public_names) == 1:
+                self.writeline(f"context.exported_vars.add({public_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, public_names))
+                self.writeline(f"context.exported_vars.update(({names_str}))")
+
+    # -- Statement Visitors
+
+    def visit_Template(
+        self, node: nodes.Template, frame: t.Optional[Frame] = None
+    ) -> None:
+        assert frame is None, "no root frame allowed"
+        eval_ctx = EvalContext(self.environment, self.name)
+
+        from .runtime import async_exported
+        from .runtime import exported
+
+        if self.environment.is_async:
+            exported_names = sorted(exported + async_exported)
+        else:
+            exported_names = sorted(exported)
+
+        self.writeline("from jinja2.runtime import " + ", ".join(exported_names))
+
+        # if we want a deferred initialization we cannot move the
+        # environment into a local name
+        envenv = "" if self.defer_init else ", environment=environment"
+
+        # do we have an extends tag at all?  If not, we can save some
+        # overhead by just not processing any inheritance code.
+        have_extends = node.find(nodes.Extends) is not None
+
+        # find all blocks
+        for block in node.find_all(nodes.Block):
+            if block.name in self.blocks:
+                self.fail(f"block {block.name!r} defined twice", block.lineno)
+            self.blocks[block.name] = block
+
+        # find all imports and import them
+        for import_ in node.find_all(nodes.ImportedName):
+            if import_.importname not in self.import_aliases:
+                imp = import_.importname
+                self.import_aliases[imp] = alias = self.temporary_identifier()
+                if "." in imp:
+                    module, obj = imp.rsplit(".", 1)
+                    self.writeline(f"from {module} import {obj} as {alias}")
+                else:
+                    self.writeline(f"import {imp} as {alias}")
+
+        # add the load name
+        self.writeline(f"name = {self.name!r}")
+
+        # generate the root render function.
+        self.writeline(
+            f"{self.func('root')}(context, missing=missing{envenv}):", extra=1
+        )
+        self.indent()
+        self.write_commons()
+
+        # process the root
+        frame = Frame(eval_ctx)
+        if "self" in find_undeclared(node.body, ("self",)):
+            ref = frame.symbols.declare_parameter("self")
+            self.writeline(f"{ref} = TemplateReference(context)")
+        frame.symbols.analyze_node(node)
+        frame.toplevel = frame.rootlevel = True
+        frame.require_output_check = have_extends and not self.has_known_extends
+        if have_extends:
+            self.writeline("parent_template = None")
+        self.enter_frame(frame)
+        self.pull_dependencies(node.body)
+        self.blockvisit(node.body, frame)
+        self.leave_frame(frame, with_python_scope=True)
+        self.outdent()
+
+        # make sure that the parent root is called.
+        if have_extends:
+            if not self.has_known_extends:
+                self.indent()
+                self.writeline("if parent_template is not None:")
+            self.indent()
+            if not self.environment.is_async:
+                self.writeline("yield from parent_template.root_render_func(context)")
+            else:
+                self.writeline(
+                    "async for event in parent_template.root_render_func(context):"
+                )
+                self.indent()
+                self.writeline("yield event")
+                self.outdent()
+            self.outdent(1 + (not self.has_known_extends))
+
+        # at this point we now have the blocks collected and can visit them too.
+        for name, block in self.blocks.items():
+            self.writeline(
+                f"{self.func('block_' + name)}(context, missing=missing{envenv}):",
+                block,
+                1,
+            )
+            self.indent()
+            self.write_commons()
+            # It's important that we do not make this frame a child of the
+            # toplevel template.  This would cause a variety of
+            # interesting issues with identifier tracking.
+            block_frame = Frame(eval_ctx)
+            block_frame.block_frame = True
+            undeclared = find_undeclared(block.body, ("self", "super"))
+            if "self" in undeclared:
+                ref = block_frame.symbols.declare_parameter("self")
+                self.writeline(f"{ref} = TemplateReference(context)")
+            if "super" in undeclared:
+                ref = block_frame.symbols.declare_parameter("super")
+                self.writeline(f"{ref} = context.super({name!r}, block_{name})")
+            block_frame.symbols.analyze_node(block)
+            block_frame.block = name
+            self.writeline("_block_vars = {}")
+            self.enter_frame(block_frame)
+            self.pull_dependencies(block.body)
+            self.blockvisit(block.body, block_frame)
+            self.leave_frame(block_frame, with_python_scope=True)
+            self.outdent()
+
+        blocks_kv_str = ", ".join(f"{x!r}: block_{x}" for x in self.blocks)
+        self.writeline(f"blocks = {{{blocks_kv_str}}}", extra=1)
+        debug_kv_str = "&".join(f"{k}={v}" for k, v in self.debug_info)
+        self.writeline(f"debug_info = {debug_kv_str!r}")
+
+    def visit_Block(self, node: nodes.Block, frame: Frame) -> None:
+        """Call a block and register it for the template."""
+        level = 0
+        if frame.toplevel:
+            # if we know that we are a child template, there is no need to
+            # check if we are one
+            if self.has_known_extends:
+                return
+            if self.extends_so_far > 0:
+                self.writeline("if parent_template is None:")
+                self.indent()
+                level += 1
+
+        if node.scoped:
+            context = self.derive_context(frame)
+        else:
+            context = self.get_context_ref()
+
+        if node.required:
+            self.writeline(f"if len(context.blocks[{node.name!r}]) <= 1:", node)
+            self.indent()
+            self.writeline(
+                f'raise TemplateRuntimeError("Required block {node.name!r} not found")',
+                node,
+            )
+            self.outdent()
+
+        if not self.environment.is_async and frame.buffer is None:
+            self.writeline(
+                f"yield from context.blocks[{node.name!r}][0]({context})", node
+            )
+        else:
+            self.writeline(
+                f"{self.choose_async()}for event in"
+                f" context.blocks[{node.name!r}][0]({context}):",
+                node,
+            )
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        self.outdent(level)
+
+    def visit_Extends(self, node: nodes.Extends, frame: Frame) -> None:
+        """Calls the extender."""
+        if not frame.toplevel:
+            self.fail("cannot use extend from a non top-level scope", node.lineno)
+
+        # if the number of extends statements in general is zero so
+        # far, we don't have to add a check if something extended
+        # the template before this one.
+        if self.extends_so_far > 0:
+            # if we have a known extends we just add a template runtime
+            # error into the generated code.  We could catch that at compile
+            # time too, but i welcome it not to confuse users by throwing the
+            # same error at different times just "because we can".
+            if not self.has_known_extends:
+                self.writeline("if parent_template is not None:")
+                self.indent()
+            self.writeline('raise TemplateRuntimeError("extended multiple times")')
+
+            # if we have a known extends already we don't need that code here
+            # as we know that the template execution will end here.
+            if self.has_known_extends:
+                raise CompilerExit()
+            else:
+                self.outdent()
+
+        self.writeline("parent_template = environment.get_template(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        self.writeline("for name, parent_block in parent_template.blocks.items():")
+        self.indent()
+        self.writeline("context.blocks.setdefault(name, []).append(parent_block)")
+        self.outdent()
+
+        # if this extends statement was in the root level we can take
+        # advantage of that information and simplify the generated code
+        # in the top level from this point onwards
+        if frame.rootlevel:
+            self.has_known_extends = True
+
+        # and now we have one more
+        self.extends_so_far += 1
+
+    def visit_Include(self, node: nodes.Include, frame: Frame) -> None:
+        """Handles includes."""
+        if node.ignore_missing:
+            self.writeline("try:")
+            self.indent()
+
+        func_name = "get_or_select_template"
+        if isinstance(node.template, nodes.Const):
+            if isinstance(node.template.value, str):
+                func_name = "get_template"
+            elif isinstance(node.template.value, (tuple, list)):
+                func_name = "select_template"
+        elif isinstance(node.template, (nodes.Tuple, nodes.List)):
+            func_name = "select_template"
+
+        self.writeline(f"template = environment.{func_name}(", node)
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r})")
+        if node.ignore_missing:
+            self.outdent()
+            self.writeline("except TemplateNotFound:")
+            self.indent()
+            self.writeline("pass")
+            self.outdent()
+            self.writeline("else:")
+            self.indent()
+
+        skip_event_yield = False
+        if node.with_context:
+            self.writeline(
+                f"{self.choose_async()}for event in template.root_render_func("
+                "template.new_context(context.get_all(), True,"
+                f" {self.dump_local_context(frame)})):"
+            )
+        elif self.environment.is_async:
+            self.writeline(
+                "for event in (await template._get_default_module_async())"
+                "._body_stream:"
+            )
+        else:
+            self.writeline("yield from template._get_default_module()._body_stream")
+            skip_event_yield = True
+
+        if not skip_event_yield:
+            self.indent()
+            self.simple_write("event", frame)
+            self.outdent()
+
+        if node.ignore_missing:
+            self.outdent()
+
+    def _import_common(
+        self, node: t.Union[nodes.Import, nodes.FromImport], frame: Frame
+    ) -> None:
+        self.write(f"{self.choose_async('await ')}environment.get_template(")
+        self.visit(node.template, frame)
+        self.write(f", {self.name!r}).")
+
+        if node.with_context:
+            f_name = f"make_module{self.choose_async('_async')}"
+            self.write(
+                f"{f_name}(context.get_all(), True, {self.dump_local_context(frame)})"
+            )
+        else:
+            self.write(f"_get_default_module{self.choose_async('_async')}(context)")
+
+    def visit_Import(self, node: nodes.Import, frame: Frame) -> None:
+        """Visit regular imports."""
+        self.writeline(f"{frame.symbols.ref(node.target)} = ", node)
+        if frame.toplevel:
+            self.write(f"context.vars[{node.target!r}] = ")
+
+        self._import_common(node, frame)
+
+        if frame.toplevel and not node.target.startswith("_"):
+            self.writeline(f"context.exported_vars.discard({node.target!r})")
+
+    def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
+        """Visit named imports."""
+        self.newline(node)
+        self.write("included_template = ")
+        self._import_common(node, frame)
+        var_names = []
+        discarded_names = []
+        for name in node.names:
+            if isinstance(name, tuple):
+                name, alias = name
+            else:
+                alias = name
+            self.writeline(
+                f"{frame.symbols.ref(alias)} ="
+                f" getattr(included_template, {name!r}, missing)"
+            )
+            self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
+            self.indent()
+            message = (
+                "the template {included_template.__name__!r}"
+                f" (imported on {self.position(node)})"
+                f" does not export the requested name {name!r}"
+            )
+            self.writeline(
+                f"{frame.symbols.ref(alias)} = undefined(f{message!r}, name={name!r})"
+            )
+            self.outdent()
+            if frame.toplevel:
+                var_names.append(alias)
+                if not alias.startswith("_"):
+                    discarded_names.append(alias)
+
+        if var_names:
+            if len(var_names) == 1:
+                name = var_names[0]
+                self.writeline(f"context.vars[{name!r}] = {frame.symbols.ref(name)}")
+            else:
+                names_kv = ", ".join(
+                    f"{name!r}: {frame.symbols.ref(name)}" for name in var_names
+                )
+                self.writeline(f"context.vars.update({{{names_kv}}})")
+        if discarded_names:
+            if len(discarded_names) == 1:
+                self.writeline(f"context.exported_vars.discard({discarded_names[0]!r})")
+            else:
+                names_str = ", ".join(map(repr, discarded_names))
+                self.writeline(
+                    f"context.exported_vars.difference_update(({names_str}))"
+                )
+
+    def visit_For(self, node: nodes.For, frame: Frame) -> None:
+        loop_frame = frame.inner()
+        loop_frame.loop_frame = True
+        test_frame = frame.inner()
+        else_frame = frame.inner()
+
+        # try to figure out if we have an extended loop.  An extended loop
+        # is necessary if the loop is in recursive mode if the special loop
+        # variable is accessed in the body if the body is a scoped block.
+        extended_loop = (
+            node.recursive
+            or "loop"
+            in find_undeclared(node.iter_child_nodes(only=("body",)), ("loop",))
+            or any(block.scoped for block in node.find_all(nodes.Block))
+        )
+
+        loop_ref = None
+        if extended_loop:
+            loop_ref = loop_frame.symbols.declare_parameter("loop")
+
+        loop_frame.symbols.analyze_node(node, for_branch="body")
+        if node.else_:
+            else_frame.symbols.analyze_node(node, for_branch="else")
+
+        if node.test:
+            loop_filter_func = self.temporary_identifier()
+            test_frame.symbols.analyze_node(node, for_branch="test")
+            self.writeline(f"{self.func(loop_filter_func)}(fiter):", node.test)
+            self.indent()
+            self.enter_frame(test_frame)
+            self.writeline(self.choose_async("async for ", "for "))
+            self.visit(node.target, loop_frame)
+            self.write(" in ")
+            self.write(self.choose_async("auto_aiter(fiter)", "fiter"))
+            self.write(":")
+            self.indent()
+            self.writeline("if ", node.test)
+            self.visit(node.test, test_frame)
+            self.write(":")
+            self.indent()
+            self.writeline("yield ")
+            self.visit(node.target, loop_frame)
+            self.outdent(3)
+            self.leave_frame(test_frame, with_python_scope=True)
+
+        # if we don't have an recursive loop we have to find the shadowed
+        # variables at that point.  Because loops can be nested but the loop
+        # variable is a special one we have to enforce aliasing for it.
+        if node.recursive:
+            self.writeline(
+                f"{self.func('loop')}(reciter, loop_render_func, depth=0):", node
+            )
+            self.indent()
+            self.buffer(loop_frame)
+
+            # Use the same buffer for the else frame
+            else_frame.buffer = loop_frame.buffer
+
+        # make sure the loop variable is a special one and raise a template
+        # assertion error if a loop tries to write to loop
+        if extended_loop:
+            self.writeline(f"{loop_ref} = missing")
+
+        for name in node.find_all(nodes.Name):
+            if name.ctx == "store" and name.name == "loop":
+                self.fail(
+                    "Can't assign to special loop variable in for-loop target",
+                    name.lineno,
+                )
+
+        if node.else_:
+            iteration_indicator = self.temporary_identifier()
+            self.writeline(f"{iteration_indicator} = 1")
+
+        self.writeline(self.choose_async("async for ", "for "), node)
+        self.visit(node.target, loop_frame)
+        if extended_loop:
+            self.write(f", {loop_ref} in {self.choose_async('Async')}LoopContext(")
+        else:
+            self.write(" in ")
+
+        if node.test:
+            self.write(f"{loop_filter_func}(")
+        if node.recursive:
+            self.write("reciter")
+        else:
+            if self.environment.is_async and not extended_loop:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async and not extended_loop:
+                self.write(")")
+        if node.test:
+            self.write(")")
+
+        if node.recursive:
+            self.write(", undefined, loop_render_func, depth):")
+        else:
+            self.write(", undefined):" if extended_loop else ":")
+
+        self.indent()
+        self.enter_frame(loop_frame)
+
+        self.writeline("_loop_vars = {}")
+        self.blockvisit(node.body, loop_frame)
+        if node.else_:
+            self.writeline(f"{iteration_indicator} = 0")
+        self.outdent()
+        self.leave_frame(
+            loop_frame, with_python_scope=node.recursive and not node.else_
+        )
+
+        if node.else_:
+            self.writeline(f"if {iteration_indicator}:")
+            self.indent()
+            self.enter_frame(else_frame)
+            self.blockvisit(node.else_, else_frame)
+            self.leave_frame(else_frame)
+            self.outdent()
+
+        # if the node was recursive we have to return the buffer contents
+        # and start the iteration code
+        if node.recursive:
+            self.return_buffer_contents(loop_frame)
+            self.outdent()
+            self.start_write(frame, node)
+            self.write(f"{self.choose_async('await ')}loop(")
+            if self.environment.is_async:
+                self.write("auto_aiter(")
+            self.visit(node.iter, frame)
+            if self.environment.is_async:
+                self.write(")")
+            self.write(", loop)")
+            self.end_write(frame)
+
+        # at the end of the iteration, clear any assignments made in the
+        # loop from the top level
+        if self._assign_stack:
+            self._assign_stack[-1].difference_update(loop_frame.symbols.stores)
+
+    def visit_If(self, node: nodes.If, frame: Frame) -> None:
+        if_frame = frame.soft()
+        self.writeline("if ", node)
+        self.visit(node.test, if_frame)
+        self.write(":")
+        self.indent()
+        self.blockvisit(node.body, if_frame)
+        self.outdent()
+        for elif_ in node.elif_:
+            self.writeline("elif ", elif_)
+            self.visit(elif_.test, if_frame)
+            self.write(":")
+            self.indent()
+            self.blockvisit(elif_.body, if_frame)
+            self.outdent()
+        if node.else_:
+            self.writeline("else:")
+            self.indent()
+            self.blockvisit(node.else_, if_frame)
+            self.outdent()
+
+    def visit_Macro(self, node: nodes.Macro, frame: Frame) -> None:
+        macro_frame, macro_ref = self.macro_body(node, frame)
+        self.newline()
+        if frame.toplevel:
+            if not node.name.startswith("_"):
+                self.write(f"context.exported_vars.add({node.name!r})")
+            self.writeline(f"context.vars[{node.name!r}] = ")
+        self.write(f"{frame.symbols.ref(node.name)} = ")
+        self.macro_def(macro_ref, macro_frame)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, frame: Frame) -> None:
+        call_frame, macro_ref = self.macro_body(node, frame)
+        self.writeline("caller = ")
+        self.macro_def(macro_ref, call_frame)
+        self.start_write(frame, node)
+        self.visit_Call(node.call, frame, forward_caller=True)
+        self.end_write(frame)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, frame: Frame) -> None:
+        filter_frame = frame.inner()
+        filter_frame.symbols.analyze_node(node)
+        self.enter_frame(filter_frame)
+        self.buffer(filter_frame)
+        self.blockvisit(node.body, filter_frame)
+        self.start_write(frame, node)
+        self.visit_Filter(node.filter, filter_frame)
+        self.end_write(frame)
+        self.leave_frame(filter_frame)
+
+    def visit_With(self, node: nodes.With, frame: Frame) -> None:
+        with_frame = frame.inner()
+        with_frame.symbols.analyze_node(node)
+        self.enter_frame(with_frame)
+        for target, expr in zip(node.targets, node.values):
+            self.newline()
+            self.visit(target, with_frame)
+            self.write(" = ")
+            self.visit(expr, frame)
+        self.blockvisit(node.body, with_frame)
+        self.leave_frame(with_frame)
+
+    def visit_ExprStmt(self, node: nodes.ExprStmt, frame: Frame) -> None:
+        self.newline(node)
+        self.visit(node.node, frame)
+
+    class _FinalizeInfo(t.NamedTuple):
+        const: t.Optional[t.Callable[..., str]]
+        src: t.Optional[str]
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        """The default finalize function if the environment isn't
+        configured with one. Or, if the environment has one, this is
+        called on that function's output for constants.
+        """
+        return str(value)
+
+    _finalize: t.Optional[_FinalizeInfo] = None
+
+    def _make_finalize(self) -> _FinalizeInfo:
+        """Build the finalize function to be used on constants and at
+        runtime. Cached so it's only created once for all output nodes.
+
+        Returns a ``namedtuple`` with the following attributes:
+
+        ``const``
+            A function to finalize constant data at compile time.
+
+        ``src``
+            Source code to output around nodes to be evaluated at
+            runtime.
+        """
+        if self._finalize is not None:
+            return self._finalize
+
+        finalize: t.Optional[t.Callable[..., t.Any]]
+        finalize = default = self._default_finalize
+        src = None
+
+        if self.environment.finalize:
+            src = "environment.finalize("
+            env_finalize = self.environment.finalize
+            pass_arg = {
+                _PassArg.context: "context",
+                _PassArg.eval_context: "context.eval_ctx",
+                _PassArg.environment: "environment",
+            }.get(
+                _PassArg.from_obj(env_finalize)  # type: ignore
+            )
+            finalize = None
+
+            if pass_arg is None:
+
+                def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                    return default(env_finalize(value))
+
+            else:
+                src = f"{src}{pass_arg}, "
+
+                if pass_arg == "environment":
+
+                    def finalize(value: t.Any) -> t.Any:  # noqa: F811
+                        return default(env_finalize(self.environment, value))
+
+        self._finalize = self._FinalizeInfo(finalize, src)
+        return self._finalize
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        """Given a group of constant values converted from ``Output``
+        child nodes, produce a string to write to the template module
+        source.
+        """
+        return repr(concat(group))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> str:
+        """Try to optimize a child of an ``Output`` node by trying to
+        convert it to constant, finalized data at compile time.
+
+        If :exc:`Impossible` is raised, the node is not constant and
+        will be evaluated at runtime. Any other exception will also be
+        evaluated at runtime for easier debugging.
+        """
+        const = node.as_const(frame.eval_ctx)
+
+        if frame.eval_ctx.autoescape:
+            const = escape(const)
+
+        # Template data doesn't go through finalize.
+        if isinstance(node, nodes.TemplateData):
+            return str(const)
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code before visiting a child of an
+        ``Output`` node.
+        """
+        if frame.eval_ctx.volatile:
+            self.write("(escape if context.eval_ctx.autoescape else str)(")
+        elif frame.eval_ctx.autoescape:
+            self.write("escape(")
+        else:
+            self.write("str(")
+
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: _FinalizeInfo
+    ) -> None:
+        """Output extra source code after visiting a child of an
+        ``Output`` node.
+        """
+        self.write(")")
+
+        if finalize.src is not None:
+            self.write(")")
+
+    def visit_Output(self, node: nodes.Output, frame: Frame) -> None:
+        # If an extends is active, don't render outside a block.
+        if frame.require_output_check:
+            # A top-level extends is known to exist at compile time.
+            if self.has_known_extends:
+                return
+
+            self.writeline("if parent_template is None:")
+            self.indent()
+
+        finalize = self._make_finalize()
+        body: t.List[t.Union[t.List[t.Any], nodes.Expr]] = []
+
+        # Evaluate constants at compile time if possible. Each item in
+        # body will be either a list of static data or a node to be
+        # evaluated at runtime.
+        for child in node.nodes:
+            try:
+                if not (
+                    # If the finalize function requires runtime context,
+                    # constants can't be evaluated at compile time.
+                    finalize.const
+                    # Unless it's basic template data that won't be
+                    # finalized anyway.
+                    or isinstance(child, nodes.TemplateData)
+                ):
+                    raise nodes.Impossible()
+
+                const = self._output_child_to_const(child, frame, finalize)
+            except (nodes.Impossible, Exception):
+                # The node was not constant and needs to be evaluated at
+                # runtime. Or another error was raised, which is easier
+                # to debug at runtime.
+                body.append(child)
+                continue
+
+            if body and isinstance(body[-1], list):
+                body[-1].append(const)
+            else:
+                body.append([const])
+
+        if frame.buffer is not None:
+            if len(body) == 1:
+                self.writeline(f"{frame.buffer}.append(")
+            else:
+                self.writeline(f"{frame.buffer}.extend((")
+
+            self.indent()
+
+        for item in body:
+            if isinstance(item, list):
+                # A group of constant data to join and output.
+                val = self._output_const_repr(item)
+
+                if frame.buffer is None:
+                    self.writeline("yield " + val)
+                else:
+                    self.writeline(val + ",")
+            else:
+                if frame.buffer is None:
+                    self.writeline("yield ", item)
+                else:
+                    self.newline(item)
+
+                # A node to be evaluated at runtime.
+                self._output_child_pre(item, frame, finalize)
+                self.visit(item, frame)
+                self._output_child_post(item, frame, finalize)
+
+                if frame.buffer is not None:
+                    self.write(",")
+
+        if frame.buffer is not None:
+            self.outdent()
+            self.writeline(")" if len(body) == 1 else "))")
+
+        if frame.require_output_check:
+            self.outdent()
+
+    def visit_Assign(self, node: nodes.Assign, frame: Frame) -> None:
+        self.push_assign_tracking()
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = ")
+        self.visit(node.node, frame)
+        self.pop_assign_tracking(frame)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, frame: Frame) -> None:
+        self.push_assign_tracking()
+        block_frame = frame.inner()
+        # This is a special case.  Since a set block always captures we
+        # will disable output checks.  This way one can use set blocks
+        # toplevel even in extended templates.
+        block_frame.require_output_check = False
+        block_frame.symbols.analyze_node(node)
+        self.enter_frame(block_frame)
+        self.buffer(block_frame)
+        self.blockvisit(node.body, block_frame)
+        self.newline(node)
+        self.visit(node.target, frame)
+        self.write(" = (Markup if context.eval_ctx.autoescape else identity)(")
+        if node.filter is not None:
+            self.visit_Filter(node.filter, block_frame)
+        else:
+            self.write(f"concat({block_frame.buffer})")
+        self.write(")")
+        self.pop_assign_tracking(frame)
+        self.leave_frame(block_frame)
+
+    # -- Expression Visitors
+
+    def visit_Name(self, node: nodes.Name, frame: Frame) -> None:
+        if node.ctx == "store" and (
+            frame.toplevel or frame.loop_frame or frame.block_frame
+        ):
+            if self._assign_stack:
+                self._assign_stack[-1].add(node.name)
+        ref = frame.symbols.ref(node.name)
+
+        # If we are looking up a variable we might have to deal with the
+        # case where it's undefined.  We can skip that case if the load
+        # instruction indicates a parameter which are always defined.
+        if node.ctx == "load":
+            load = frame.symbols.find_load(ref)
+            if not (
+                load is not None
+                and load[0] == VAR_LOAD_PARAMETER
+                and not self.parameter_is_undeclared(ref)
+            ):
+                self.write(
+                    f"(undefined(name={node.name!r}) if {ref} is missing else {ref})"
+                )
+                return
+
+        self.write(ref)
+
+    def visit_NSRef(self, node: nodes.NSRef, frame: Frame) -> None:
+        # NSRefs can only be used to store values; since they use the normal
+        # `foo.bar` notation they will be parsed as a normal attribute access
+        # when used anywhere but in a `set` context
+        ref = frame.symbols.ref(node.name)
+        self.writeline(f"if not isinstance({ref}, Namespace):")
+        self.indent()
+        self.writeline(
+            "raise TemplateRuntimeError"
+            '("cannot assign attribute on non-namespace object")'
+        )
+        self.outdent()
+        self.writeline(f"{ref}[{node.attr!r}]")
+
+    def visit_Const(self, node: nodes.Const, frame: Frame) -> None:
+        val = node.as_const(frame.eval_ctx)
+        if isinstance(val, float):
+            self.write(str(val))
+        else:
+            self.write(repr(val))
+
+    def visit_TemplateData(self, node: nodes.TemplateData, frame: Frame) -> None:
+        try:
+            self.write(repr(node.as_const(frame.eval_ctx)))
+        except nodes.Impossible:
+            self.write(
+                f"(Markup if context.eval_ctx.autoescape else identity)({node.data!r})"
+            )
+
+    def visit_Tuple(self, node: nodes.Tuple, frame: Frame) -> None:
+        self.write("(")
+        idx = -1
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write(",)" if idx == 0 else ")")
+
+    def visit_List(self, node: nodes.List, frame: Frame) -> None:
+        self.write("[")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item, frame)
+        self.write("]")
+
+    def visit_Dict(self, node: nodes.Dict, frame: Frame) -> None:
+        self.write("{")
+        for idx, item in enumerate(node.items):
+            if idx:
+                self.write(", ")
+            self.visit(item.key, frame)
+            self.write(": ")
+            self.visit(item.value, frame)
+        self.write("}")
+
+    visit_Add = _make_binop("+")
+    visit_Sub = _make_binop("-")
+    visit_Mul = _make_binop("*")
+    visit_Div = _make_binop("/")
+    visit_FloorDiv = _make_binop("//")
+    visit_Pow = _make_binop("**")
+    visit_Mod = _make_binop("%")
+    visit_And = _make_binop("and")
+    visit_Or = _make_binop("or")
+    visit_Pos = _make_unop("+")
+    visit_Neg = _make_unop("-")
+    visit_Not = _make_unop("not ")
+
+    @optimizeconst
+    def visit_Concat(self, node: nodes.Concat, frame: Frame) -> None:
+        if frame.eval_ctx.volatile:
+            func_name = "(markup_join if context.eval_ctx.volatile else str_join)"
+        elif frame.eval_ctx.autoescape:
+            func_name = "markup_join"
+        else:
+            func_name = "str_join"
+        self.write(f"{func_name}((")
+        for arg in node.nodes:
+            self.visit(arg, frame)
+            self.write(", ")
+        self.write("))")
+
+    @optimizeconst
+    def visit_Compare(self, node: nodes.Compare, frame: Frame) -> None:
+        self.write("(")
+        self.visit(node.expr, frame)
+        for op in node.ops:
+            self.visit(op, frame)
+        self.write(")")
+
+    def visit_Operand(self, node: nodes.Operand, frame: Frame) -> None:
+        self.write(f" {operators[node.op]} ")
+        self.visit(node.expr, frame)
+
+    @optimizeconst
+    def visit_Getattr(self, node: nodes.Getattr, frame: Frame) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        self.write("environment.getattr(")
+        self.visit(node.node, frame)
+        self.write(f", {node.attr!r})")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Getitem(self, node: nodes.Getitem, frame: Frame) -> None:
+        # slices bypass the environment getitem method.
+        if isinstance(node.arg, nodes.Slice):
+            self.visit(node.node, frame)
+            self.write("[")
+            self.visit(node.arg, frame)
+            self.write("]")
+        else:
+            if self.environment.is_async:
+                self.write("(await auto_await(")
+
+            self.write("environment.getitem(")
+            self.visit(node.node, frame)
+            self.write(", ")
+            self.visit(node.arg, frame)
+            self.write(")")
+
+            if self.environment.is_async:
+                self.write("))")
+
+    def visit_Slice(self, node: nodes.Slice, frame: Frame) -> None:
+        if node.start is not None:
+            self.visit(node.start, frame)
+        self.write(":")
+        if node.stop is not None:
+            self.visit(node.stop, frame)
+        if node.step is not None:
+            self.write(":")
+            self.visit(node.step, frame)
+
+    @contextmanager
+    def _filter_test_common(
+        self, node: t.Union[nodes.Filter, nodes.Test], frame: Frame, is_filter: bool
+    ) -> t.Iterator[None]:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+
+        if is_filter:
+            self.write(f"{self.filters[node.name]}(")
+            func = self.environment.filters.get(node.name)
+        else:
+            self.write(f"{self.tests[node.name]}(")
+            func = self.environment.tests.get(node.name)
+
+        # When inside an If or CondExpr frame, allow the filter to be
+        # undefined at compile time and only raise an error if it's
+        # actually called at runtime. See pull_dependencies.
+        if func is None and not frame.soft_frame:
+            type_name = "filter" if is_filter else "test"
+            self.fail(f"No {type_name} named {node.name!r}.", node.lineno)
+
+        pass_arg = {
+            _PassArg.context: "context",
+            _PassArg.eval_context: "context.eval_ctx",
+            _PassArg.environment: "environment",
+        }.get(
+            _PassArg.from_obj(func)  # type: ignore
+        )
+
+        if pass_arg is not None:
+            self.write(f"{pass_arg}, ")
+
+        # Back to the visitor function to handle visiting the target of
+        # the filter or test.
+        yield
+
+        self.signature(node, frame)
+        self.write(")")
+
+        if self.environment.is_async:
+            self.write("))")
+
+    @optimizeconst
+    def visit_Filter(self, node: nodes.Filter, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, True):
+            # if the filter node is None we are inside a filter block
+            # and want to write to the current buffer
+            if node.node is not None:
+                self.visit(node.node, frame)
+            elif frame.eval_ctx.volatile:
+                self.write(
+                    f"(Markup(concat({frame.buffer}))"
+                    f" if context.eval_ctx.autoescape else concat({frame.buffer}))"
+                )
+            elif frame.eval_ctx.autoescape:
+                self.write(f"Markup(concat({frame.buffer}))")
+            else:
+                self.write(f"concat({frame.buffer})")
+
+    @optimizeconst
+    def visit_Test(self, node: nodes.Test, frame: Frame) -> None:
+        with self._filter_test_common(node, frame, False):
+            self.visit(node.node, frame)
+
+    @optimizeconst
+    def visit_CondExpr(self, node: nodes.CondExpr, frame: Frame) -> None:
+        frame = frame.soft()
+
+        def write_expr2() -> None:
+            if node.expr2 is not None:
+                self.visit(node.expr2, frame)
+                return
+
+            self.write(
+                f'cond_expr_undefined("the inline if-expression on'
+                f" {self.position(node)} evaluated to false and no else"
+                f' section was defined.")'
+            )
+
+        self.write("(")
+        self.visit(node.expr1, frame)
+        self.write(" if ")
+        self.visit(node.test, frame)
+        self.write(" else ")
+        write_expr2()
+        self.write(")")
+
+    @optimizeconst
+    def visit_Call(
+        self, node: nodes.Call, frame: Frame, forward_caller: bool = False
+    ) -> None:
+        if self.environment.is_async:
+            self.write("(await auto_await(")
+        if self.environment.sandboxed:
+            self.write("environment.call(context, ")
+        else:
+            self.write("context.call(")
+        self.visit(node.node, frame)
+        extra_kwargs = {"caller": "caller"} if forward_caller else None
+        loop_kwargs = {"_loop_vars": "_loop_vars"} if frame.loop_frame else {}
+        block_kwargs = {"_block_vars": "_block_vars"} if frame.block_frame else {}
+        if extra_kwargs:
+            extra_kwargs.update(loop_kwargs, **block_kwargs)
+        elif loop_kwargs or block_kwargs:
+            extra_kwargs = dict(loop_kwargs, **block_kwargs)
+        self.signature(node, frame, extra_kwargs)
+        self.write(")")
+        if self.environment.is_async:
+            self.write("))")
+
+    def visit_Keyword(self, node: nodes.Keyword, frame: Frame) -> None:
+        self.write(node.key + "=")
+        self.visit(node.value, frame)
+
+    # -- Unused nodes for extensions
+
+    def visit_MarkSafe(self, node: nodes.MarkSafe, frame: Frame) -> None:
+        self.write("Markup(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_MarkSafeIfAutoescape(
+        self, node: nodes.MarkSafeIfAutoescape, frame: Frame
+    ) -> None:
+        self.write("(Markup if context.eval_ctx.autoescape else identity)(")
+        self.visit(node.expr, frame)
+        self.write(")")
+
+    def visit_EnvironmentAttribute(
+        self, node: nodes.EnvironmentAttribute, frame: Frame
+    ) -> None:
+        self.write("environment." + node.name)
+
+    def visit_ExtensionAttribute(
+        self, node: nodes.ExtensionAttribute, frame: Frame
+    ) -> None:
+        self.write(f"environment.extensions[{node.identifier!r}].{node.name}")
+
+    def visit_ImportedName(self, node: nodes.ImportedName, frame: Frame) -> None:
+        self.write(self.import_aliases[node.importname])
+
+    def visit_InternalName(self, node: nodes.InternalName, frame: Frame) -> None:
+        self.write(node.name)
+
+    def visit_ContextReference(
+        self, node: nodes.ContextReference, frame: Frame
+    ) -> None:
+        self.write("context")
+
+    def visit_DerivedContextReference(
+        self, node: nodes.DerivedContextReference, frame: Frame
+    ) -> None:
+        self.write(self.derive_context(frame))
+
+    def visit_Continue(self, node: nodes.Continue, frame: Frame) -> None:
+        self.writeline("continue", node)
+
+    def visit_Break(self, node: nodes.Break, frame: Frame) -> None:
+        self.writeline("break", node)
+
+    def visit_Scope(self, node: nodes.Scope, frame: Frame) -> None:
+        scope_frame = frame.inner()
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, frame: Frame) -> None:
+        ctx = self.temporary_identifier()
+        self.writeline(f"{ctx} = {self.derive_context(frame)}")
+        self.writeline(f"{ctx}.vars = ")
+        self.visit(node.context, frame)
+        self.push_context_reference(ctx)
+
+        scope_frame = frame.inner(isolated=True)
+        scope_frame.symbols.analyze_node(node)
+        self.enter_frame(scope_frame)
+        self.blockvisit(node.body, scope_frame)
+        self.leave_frame(scope_frame)
+        self.pop_context_reference()
+
+    def visit_EvalContextModifier(
+        self, node: nodes.EvalContextModifier, frame: Frame
+    ) -> None:
+        for keyword in node.options:
+            self.writeline(f"context.eval_ctx.{keyword.key} = ")
+            self.visit(keyword.value, frame)
+            try:
+                val = keyword.value.as_const(frame.eval_ctx)
+            except nodes.Impossible:
+                frame.eval_ctx.volatile = True
+            else:
+                setattr(frame.eval_ctx, keyword.key, val)
+
+    def visit_ScopedEvalContextModifier(
+        self, node: nodes.ScopedEvalContextModifier, frame: Frame
+    ) -> None:
+        old_ctx_name = self.temporary_identifier()
+        saved_ctx = frame.eval_ctx.save()
+        self.writeline(f"{old_ctx_name} = context.eval_ctx.save()")
+        self.visit_EvalContextModifier(node, frame)
+        for child in node.body:
+            self.visit(child, frame)
+        frame.eval_ctx.revert(saved_ctx)
+        self.writeline(f"context.eval_ctx.revert({old_ctx_name})")
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/constants.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/constants.py
new file mode 100644
index 000000000..41a1c23b0
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/constants.py
@@ -0,0 +1,20 @@
+#: list of lorem ipsum words used by the lipsum() helper function
+LOREM_IPSUM_WORDS = """\
+a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at
+auctor augue bibendum blandit class commodo condimentum congue consectetuer
+consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus
+diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend
+elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames
+faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac
+hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum
+justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem
+luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie
+mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non
+nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque
+penatibus per pharetra phasellus placerat platea porta porttitor posuere
+potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus
+ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit
+sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor
+tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices
+ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus
+viverra volutpat vulputate"""
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/debug.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/debug.py
new file mode 100644
index 000000000..7ed7e9297
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/debug.py
@@ -0,0 +1,191 @@
+import sys
+import typing as t
+from types import CodeType
+from types import TracebackType
+
+from .exceptions import TemplateSyntaxError
+from .utils import internal_code
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    from .runtime import Context
+
+
+def rewrite_traceback_stack(source: t.Optional[str] = None) -> BaseException:
+    """Rewrite the current exception to replace any tracebacks from
+    within compiled template code with tracebacks that look like they
+    came from the template source.
+
+    This must be called within an ``except`` block.
+
+    :param source: For ``TemplateSyntaxError``, the original source if
+        known.
+    :return: The original exception with the rewritten traceback.
+    """
+    _, exc_value, tb = sys.exc_info()
+    exc_value = t.cast(BaseException, exc_value)
+    tb = t.cast(TracebackType, tb)
+
+    if isinstance(exc_value, TemplateSyntaxError) and not exc_value.translated:
+        exc_value.translated = True
+        exc_value.source = source
+        # Remove the old traceback, otherwise the frames from the
+        # compiler still show up.
+        exc_value.with_traceback(None)
+        # Outside of runtime, so the frame isn't executing template
+        # code, but it still needs to point at the template.
+        tb = fake_traceback(
+            exc_value, None, exc_value.filename or "<unknown>", exc_value.lineno
+        )
+    else:
+        # Skip the frame for the render function.
+        tb = tb.tb_next
+
+    stack = []
+
+    # Build the stack of traceback object, replacing any in template
+    # code with the source file and line information.
+    while tb is not None:
+        # Skip frames decorated with @internalcode. These are internal
+        # calls that aren't useful in template debugging output.
+        if tb.tb_frame.f_code in internal_code:
+            tb = tb.tb_next
+            continue
+
+        template = tb.tb_frame.f_globals.get("__jinja_template__")
+
+        if template is not None:
+            lineno = template.get_corresponding_lineno(tb.tb_lineno)
+            fake_tb = fake_traceback(exc_value, tb, template.filename, lineno)
+            stack.append(fake_tb)
+        else:
+            stack.append(tb)
+
+        tb = tb.tb_next
+
+    tb_next = None
+
+    # Assign tb_next in reverse to avoid circular references.
+    for tb in reversed(stack):
+        tb.tb_next = tb_next
+        tb_next = tb
+
+    return exc_value.with_traceback(tb_next)
+
+
+def fake_traceback(  # type: ignore
+    exc_value: BaseException, tb: t.Optional[TracebackType], filename: str, lineno: int
+) -> TracebackType:
+    """Produce a new traceback object that looks like it came from the
+    template source instead of the compiled code. The filename, line
+    number, and location name will point to the template, and the local
+    variables will be the current template context.
+
+    :param exc_value: The original exception to be re-raised to create
+        the new traceback.
+    :param tb: The original traceback to get the local variables and
+        code info from.
+    :param filename: The template filename.
+    :param lineno: The line number in the template source.
+    """
+    if tb is not None:
+        # Replace the real locals with the context that would be
+        # available at that point in the template.
+        locals = get_template_locals(tb.tb_frame.f_locals)
+        locals.pop("__jinja_exception__", None)
+    else:
+        locals = {}
+
+    globals = {
+        "__name__": filename,
+        "__file__": filename,
+        "__jinja_exception__": exc_value,
+    }
+    # Raise an exception at the correct line number.
+    code: CodeType = compile(
+        "\n" * (lineno - 1) + "raise __jinja_exception__", filename, "exec"
+    )
+
+    # Build a new code object that points to the template file and
+    # replaces the location with a block name.
+    location = "template"
+
+    if tb is not None:
+        function = tb.tb_frame.f_code.co_name
+
+        if function == "root":
+            location = "top-level template code"
+        elif function.startswith("block_"):
+            location = f"block {function[6:]!r}"
+
+    if sys.version_info >= (3, 8):
+        code = code.replace(co_name=location)
+    else:
+        code = CodeType(
+            code.co_argcount,
+            code.co_kwonlyargcount,
+            code.co_nlocals,
+            code.co_stacksize,
+            code.co_flags,
+            code.co_code,
+            code.co_consts,
+            code.co_names,
+            code.co_varnames,
+            code.co_filename,
+            location,
+            code.co_firstlineno,
+            code.co_lnotab,
+            code.co_freevars,
+            code.co_cellvars,
+        )
+
+    # Execute the new code, which is guaranteed to raise, and return
+    # the new traceback without this frame.
+    try:
+        exec(code, globals, locals)
+    except BaseException:
+        return sys.exc_info()[2].tb_next  # type: ignore
+
+
+def get_template_locals(real_locals: t.Mapping[str, t.Any]) -> t.Dict[str, t.Any]:
+    """Based on the runtime locals, get the context that would be
+    available at that point in the template.
+    """
+    # Start with the current template context.
+    ctx: "t.Optional[Context]" = real_locals.get("context")
+
+    if ctx is not None:
+        data: t.Dict[str, t.Any] = ctx.get_all().copy()
+    else:
+        data = {}
+
+    # Might be in a derived context that only sets local variables
+    # rather than pushing a context. Local variables follow the scheme
+    # l_depth_name. Find the highest-depth local that has a value for
+    # each name.
+    local_overrides: t.Dict[str, t.Tuple[int, t.Any]] = {}
+
+    for name, value in real_locals.items():
+        if not name.startswith("l_") or value is missing:
+            # Not a template variable, or no longer relevant.
+            continue
+
+        try:
+            _, depth_str, name = name.split("_", 2)
+            depth = int(depth_str)
+        except ValueError:
+            continue
+
+        cur_depth = local_overrides.get(name, (-1,))[0]
+
+        if cur_depth < depth:
+            local_overrides[name] = (depth, value)
+
+    # Modify the context with any derived context.
+    for name, (_, value) in local_overrides.items():
+        if value is missing:
+            data.pop(name, None)
+        else:
+            data[name] = value
+
+    return data
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/defaults.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/defaults.py
new file mode 100644
index 000000000..638cad3d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/defaults.py
@@ -0,0 +1,48 @@
+import typing as t
+
+from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
+from .tests import TESTS as DEFAULT_TESTS  # noqa: F401
+from .utils import Cycler
+from .utils import generate_lorem_ipsum
+from .utils import Joiner
+from .utils import Namespace
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+# defaults for the parser / lexer
+BLOCK_START_STRING = "{%"
+BLOCK_END_STRING = "%}"
+VARIABLE_START_STRING = "{{"
+VARIABLE_END_STRING = "}}"
+COMMENT_START_STRING = "{#"
+COMMENT_END_STRING = "#}"
+LINE_STATEMENT_PREFIX: t.Optional[str] = None
+LINE_COMMENT_PREFIX: t.Optional[str] = None
+TRIM_BLOCKS = False
+LSTRIP_BLOCKS = False
+NEWLINE_SEQUENCE: "te.Literal['\\n', '\\r\\n', '\\r']" = "\n"
+KEEP_TRAILING_NEWLINE = False
+
+# default filters, tests and namespace
+
+DEFAULT_NAMESPACE = {
+    "range": range,
+    "dict": dict,
+    "lipsum": generate_lorem_ipsum,
+    "cycler": Cycler,
+    "joiner": Joiner,
+    "namespace": Namespace,
+}
+
+# default policies
+DEFAULT_POLICIES: t.Dict[str, t.Any] = {
+    "compiler.ascii_str": True,
+    "urlize.rel": "noopener",
+    "urlize.target": None,
+    "urlize.extra_schemes": None,
+    "truncate.leeway": 5,
+    "json.dumps_function": None,
+    "json.dumps_kwargs": {"sort_keys": True},
+    "ext.i18n.trimmed": False,
+}
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/environment.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/environment.py
new file mode 100644
index 000000000..1d3be0bed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/environment.py
@@ -0,0 +1,1675 @@
+"""Classes for managing templates and their runtime and compile time
+options.
+"""
+
+import os
+import typing
+import typing as t
+import weakref
+from collections import ChainMap
+from functools import lru_cache
+from functools import partial
+from functools import reduce
+from types import CodeType
+
+from markupsafe import Markup
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import generate
+from .defaults import BLOCK_END_STRING
+from .defaults import BLOCK_START_STRING
+from .defaults import COMMENT_END_STRING
+from .defaults import COMMENT_START_STRING
+from .defaults import DEFAULT_FILTERS  # type: ignore[attr-defined]
+from .defaults import DEFAULT_NAMESPACE
+from .defaults import DEFAULT_POLICIES
+from .defaults import DEFAULT_TESTS  # type: ignore[attr-defined]
+from .defaults import KEEP_TRAILING_NEWLINE
+from .defaults import LINE_COMMENT_PREFIX
+from .defaults import LINE_STATEMENT_PREFIX
+from .defaults import LSTRIP_BLOCKS
+from .defaults import NEWLINE_SEQUENCE
+from .defaults import TRIM_BLOCKS
+from .defaults import VARIABLE_END_STRING
+from .defaults import VARIABLE_START_STRING
+from .exceptions import TemplateNotFound
+from .exceptions import TemplateRuntimeError
+from .exceptions import TemplatesNotFound
+from .exceptions import TemplateSyntaxError
+from .exceptions import UndefinedError
+from .lexer import get_lexer
+from .lexer import Lexer
+from .lexer import TokenStream
+from .nodes import EvalContext
+from .parser import Parser
+from .runtime import Context
+from .runtime import new_context
+from .runtime import Undefined
+from .utils import _PassArg
+from .utils import concat
+from .utils import consume
+from .utils import import_string
+from .utils import internalcode
+from .utils import LRUCache
+from .utils import missing
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .bccache import BytecodeCache
+    from .ext import Extension
+    from .loaders import BaseLoader
+
+_env_bound = t.TypeVar("_env_bound", bound="Environment")
+
+
+# for direct template usage we have up to ten living environments
+@lru_cache(maxsize=10)
+def get_spontaneous_environment(cls: t.Type[_env_bound], *args: t.Any) -> _env_bound:
+    """Return a new spontaneous environment. A spontaneous environment
+    is used for templates created directly rather than through an
+    existing environment.
+
+    :param cls: Environment class to create.
+    :param args: Positional arguments passed to environment.
+    """
+    env = cls(*args)
+    env.shared = True
+    return env
+
+
+def create_cache(
+    size: int,
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Return the cache class for the given size."""
+    if size == 0:
+        return None
+
+    if size < 0:
+        return {}
+
+    return LRUCache(size)  # type: ignore
+
+
+def copy_cache(
+    cache: t.Optional[t.MutableMapping[t.Any, t.Any]],
+) -> t.Optional[t.MutableMapping[t.Tuple["weakref.ref[t.Any]", str], "Template"]]:
+    """Create an empty copy of the given cache."""
+    if cache is None:
+        return None
+
+    if type(cache) is dict:  # noqa E721
+        return {}
+
+    return LRUCache(cache.capacity)  # type: ignore
+
+
+def load_extensions(
+    environment: "Environment",
+    extensions: t.Sequence[t.Union[str, t.Type["Extension"]]],
+) -> t.Dict[str, "Extension"]:
+    """Load the extensions from the list and bind it to the environment.
+    Returns a dict of instantiated extensions.
+    """
+    result = {}
+
+    for extension in extensions:
+        if isinstance(extension, str):
+            extension = t.cast(t.Type["Extension"], import_string(extension))
+
+        result[extension.identifier] = extension(environment)
+
+    return result
+
+
+def _environment_config_check(environment: "Environment") -> "Environment":
+    """Perform a sanity check on the environment."""
+    assert issubclass(
+        environment.undefined, Undefined
+    ), "'undefined' must be a subclass of 'jinja2.Undefined'."
+    assert (
+        environment.block_start_string
+        != environment.variable_start_string
+        != environment.comment_start_string
+    ), "block, variable and comment start strings must be different."
+    assert environment.newline_sequence in {
+        "\r",
+        "\r\n",
+        "\n",
+    }, "'newline_sequence' must be one of '\\n', '\\r\\n', or '\\r'."
+    return environment
+
+
+class Environment:
+    r"""The core component of Jinja is the `Environment`.  It contains
+    important shared variables like configuration, filters, tests,
+    globals and others.  Instances of this class may be modified if
+    they are not shared and if no template was loaded so far.
+    Modifications on environments after the first template was loaded
+    will lead to surprising effects and undefined behavior.
+
+    Here are the possible initialization parameters:
+
+        `block_start_string`
+            The string marking the beginning of a block.  Defaults to ``'{%'``.
+
+        `block_end_string`
+            The string marking the end of a block.  Defaults to ``'%}'``.
+
+        `variable_start_string`
+            The string marking the beginning of a print statement.
+            Defaults to ``'{{'``.
+
+        `variable_end_string`
+            The string marking the end of a print statement.  Defaults to
+            ``'}}'``.
+
+        `comment_start_string`
+            The string marking the beginning of a comment.  Defaults to ``'{#'``.
+
+        `comment_end_string`
+            The string marking the end of a comment.  Defaults to ``'#}'``.
+
+        `line_statement_prefix`
+            If given and a string, this will be used as prefix for line based
+            statements.  See also :ref:`line-statements`.
+
+        `line_comment_prefix`
+            If given and a string, this will be used as prefix for line based
+            comments.  See also :ref:`line-statements`.
+
+            .. versionadded:: 2.2
+
+        `trim_blocks`
+            If this is set to ``True`` the first newline after a block is
+            removed (block, not variable tag!).  Defaults to `False`.
+
+        `lstrip_blocks`
+            If this is set to ``True`` leading spaces and tabs are stripped
+            from the start of a line to a block.  Defaults to `False`.
+
+        `newline_sequence`
+            The sequence that starts a newline.  Must be one of ``'\r'``,
+            ``'\n'`` or ``'\r\n'``.  The default is ``'\n'`` which is a
+            useful default for Linux and OS X systems as well as web
+            applications.
+
+        `keep_trailing_newline`
+            Preserve the trailing newline when rendering templates.
+            The default is ``False``, which causes a single newline,
+            if present, to be stripped from the end of the template.
+
+            .. versionadded:: 2.7
+
+        `extensions`
+            List of Jinja extensions to use.  This can either be import paths
+            as strings or extension classes.  For more information have a
+            look at :ref:`the extensions documentation <jinja-extensions>`.
+
+        `optimized`
+            should the optimizer be enabled?  Default is ``True``.
+
+        `undefined`
+            :class:`Undefined` or a subclass of it that is used to represent
+            undefined values in the template.
+
+        `finalize`
+            A callable that can be used to process the result of a variable
+            expression before it is output.  For example one can convert
+            ``None`` implicitly into an empty string here.
+
+        `autoescape`
+            If set to ``True`` the XML/HTML autoescaping feature is enabled by
+            default.  For more details about autoescaping see
+            :class:`~markupsafe.Markup`.  As of Jinja 2.4 this can also
+            be a callable that is passed the template name and has to
+            return ``True`` or ``False`` depending on autoescape should be
+            enabled by default.
+
+            .. versionchanged:: 2.4
+               `autoescape` can now be a function
+
+        `loader`
+            The template loader for this environment.
+
+        `cache_size`
+            The size of the cache.  Per default this is ``400`` which means
+            that if more than 400 templates are loaded the loader will clean
+            out the least recently used template.  If the cache size is set to
+            ``0`` templates are recompiled all the time, if the cache size is
+            ``-1`` the cache will not be cleaned.
+
+            .. versionchanged:: 2.8
+               The cache size was increased to 400 from a low 50.
+
+        `auto_reload`
+            Some loaders load templates from locations where the template
+            sources may change (ie: file system or database).  If
+            ``auto_reload`` is set to ``True`` (default) every time a template is
+            requested the loader checks if the source changed and if yes, it
+            will reload the template.  For higher performance it's possible to
+            disable that.
+
+        `bytecode_cache`
+            If set to a bytecode cache object, this object will provide a
+            cache for the internal Jinja bytecode so that templates don't
+            have to be parsed if they were not changed.
+
+            See :ref:`bytecode-cache` for more information.
+
+        `enable_async`
+            If set to true this enables async template execution which
+            allows using async functions and generators.
+    """
+
+    #: if this environment is sandboxed.  Modifying this variable won't make
+    #: the environment sandboxed though.  For a real sandboxed environment
+    #: have a look at jinja2.sandbox.  This flag alone controls the code
+    #: generation by the compiler.
+    sandboxed = False
+
+    #: True if the environment is just an overlay
+    overlayed = False
+
+    #: the environment this environment is linked to if it is an overlay
+    linked_to: t.Optional["Environment"] = None
+
+    #: shared environments have this set to `True`.  A shared environment
+    #: must not be modified
+    shared = False
+
+    #: the class that is used for code generation.  See
+    #: :class:`~jinja2.compiler.CodeGenerator` for more information.
+    code_generator_class: t.Type["CodeGenerator"] = CodeGenerator
+
+    concat = "".join
+
+    #: the context class that is used for templates.  See
+    #: :class:`~jinja2.runtime.Context` for more information.
+    context_class: t.Type[Context] = Context
+
+    template_class: t.Type["Template"]
+
+    def __init__(
+        self,
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        loader: t.Optional["BaseLoader"] = None,
+        cache_size: int = 400,
+        auto_reload: bool = True,
+        bytecode_cache: t.Optional["BytecodeCache"] = None,
+        enable_async: bool = False,
+    ):
+        # !!Important notice!!
+        #   The constructor accepts quite a few arguments that should be
+        #   passed by keyword rather than position.  However it's important to
+        #   not change the order of arguments because it's used at least
+        #   internally in those cases:
+        #       -   spontaneous environments (i18n extension and Template)
+        #       -   unittests
+        #   If parameter changes are required only add parameters at the end
+        #   and don't change the arguments (or the defaults!) of the arguments
+        #   existing already.
+
+        # lexer / parser information
+        self.block_start_string = block_start_string
+        self.block_end_string = block_end_string
+        self.variable_start_string = variable_start_string
+        self.variable_end_string = variable_end_string
+        self.comment_start_string = comment_start_string
+        self.comment_end_string = comment_end_string
+        self.line_statement_prefix = line_statement_prefix
+        self.line_comment_prefix = line_comment_prefix
+        self.trim_blocks = trim_blocks
+        self.lstrip_blocks = lstrip_blocks
+        self.newline_sequence = newline_sequence
+        self.keep_trailing_newline = keep_trailing_newline
+
+        # runtime information
+        self.undefined: t.Type[Undefined] = undefined
+        self.optimized = optimized
+        self.finalize = finalize
+        self.autoescape = autoescape
+
+        # defaults
+        self.filters = DEFAULT_FILTERS.copy()
+        self.tests = DEFAULT_TESTS.copy()
+        self.globals = DEFAULT_NAMESPACE.copy()
+
+        # set the loader provided
+        self.loader = loader
+        self.cache = create_cache(cache_size)
+        self.bytecode_cache = bytecode_cache
+        self.auto_reload = auto_reload
+
+        # configurable policies
+        self.policies = DEFAULT_POLICIES.copy()
+
+        # load extensions
+        self.extensions = load_extensions(self, extensions)
+
+        self.is_async = enable_async
+        _environment_config_check(self)
+
+    def add_extension(self, extension: t.Union[str, t.Type["Extension"]]) -> None:
+        """Adds an extension after the environment was created.
+
+        .. versionadded:: 2.5
+        """
+        self.extensions.update(load_extensions(self, [extension]))
+
+    def extend(self, **attributes: t.Any) -> None:
+        """Add the items to the instance of the environment if they do not exist
+        yet.  This is used by :ref:`extensions <writing-extensions>` to register
+        callbacks and configuration values without breaking inheritance.
+        """
+        for key, value in attributes.items():
+            if not hasattr(self, key):
+                setattr(self, key, value)
+
+    def overlay(
+        self,
+        block_start_string: str = missing,
+        block_end_string: str = missing,
+        variable_start_string: str = missing,
+        variable_end_string: str = missing,
+        comment_start_string: str = missing,
+        comment_end_string: str = missing,
+        line_statement_prefix: t.Optional[str] = missing,
+        line_comment_prefix: t.Optional[str] = missing,
+        trim_blocks: bool = missing,
+        lstrip_blocks: bool = missing,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = missing,
+        keep_trailing_newline: bool = missing,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = missing,
+        optimized: bool = missing,
+        undefined: t.Type[Undefined] = missing,
+        finalize: t.Optional[t.Callable[..., t.Any]] = missing,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = missing,
+        loader: t.Optional["BaseLoader"] = missing,
+        cache_size: int = missing,
+        auto_reload: bool = missing,
+        bytecode_cache: t.Optional["BytecodeCache"] = missing,
+        enable_async: bool = False,
+    ) -> "Environment":
+        """Create a new overlay environment that shares all the data with the
+        current environment except for cache and the overridden attributes.
+        Extensions cannot be removed for an overlayed environment.  An overlayed
+        environment automatically gets all the extensions of the environment it
+        is linked to plus optional extra extensions.
+
+        Creating overlays should happen after the initial environment was set
+        up completely.  Not all attributes are truly linked, some are just
+        copied over so modifications on the original environment may not shine
+        through.
+
+        .. versionchanged:: 3.1.2
+            Added the ``newline_sequence``,, ``keep_trailing_newline``,
+            and ``enable_async`` parameters to match ``__init__``.
+        """
+        args = dict(locals())
+        del args["self"], args["cache_size"], args["extensions"], args["enable_async"]
+
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.overlayed = True
+        rv.linked_to = self
+
+        for key, value in args.items():
+            if value is not missing:
+                setattr(rv, key, value)
+
+        if cache_size is not missing:
+            rv.cache = create_cache(cache_size)
+        else:
+            rv.cache = copy_cache(self.cache)
+
+        rv.extensions = {}
+        for key, value in self.extensions.items():
+            rv.extensions[key] = value.bind(rv)
+        if extensions is not missing:
+            rv.extensions.update(load_extensions(rv, extensions))
+
+        if enable_async is not missing:
+            rv.is_async = enable_async
+
+        return _environment_config_check(rv)
+
+    @property
+    def lexer(self) -> Lexer:
+        """The lexer for this environment."""
+        return get_lexer(self)
+
+    def iter_extensions(self) -> t.Iterator["Extension"]:
+        """Iterates over the extensions by priority."""
+        return iter(sorted(self.extensions.values(), key=lambda x: x.priority))
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Get an item or attribute of an object but prefer the item."""
+        try:
+            return obj[argument]
+        except (AttributeError, TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        return getattr(obj, attr)
+                    except AttributeError:
+                        pass
+            return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Any:
+        """Get an item or attribute of an object but prefer the attribute.
+        Unlike :meth:`getitem` the attribute *must* be a string.
+        """
+        try:
+            return getattr(obj, attribute)
+        except AttributeError:
+            pass
+        try:
+            return obj[attribute]
+        except (TypeError, LookupError, AttributeError):
+            return self.undefined(obj=obj, name=attribute)
+
+    def _filter_test_common(
+        self,
+        name: t.Union[str, Undefined],
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]],
+        kwargs: t.Optional[t.Mapping[str, t.Any]],
+        context: t.Optional[Context],
+        eval_ctx: t.Optional[EvalContext],
+        is_filter: bool,
+    ) -> t.Any:
+        if is_filter:
+            env_map = self.filters
+            type_name = "filter"
+        else:
+            env_map = self.tests
+            type_name = "test"
+
+        func = env_map.get(name)  # type: ignore
+
+        if func is None:
+            msg = f"No {type_name} named {name!r}."
+
+            if isinstance(name, Undefined):
+                try:
+                    name._fail_with_undefined_error()
+                except Exception as e:
+                    msg = f"{msg} ({e}; did you forget to quote the callable name?)"
+
+            raise TemplateRuntimeError(msg)
+
+        args = [value, *(args if args is not None else ())]
+        kwargs = kwargs if kwargs is not None else {}
+        pass_arg = _PassArg.from_obj(func)
+
+        if pass_arg is _PassArg.context:
+            if context is None:
+                raise TemplateRuntimeError(
+                    f"Attempted to invoke a context {type_name} without context."
+                )
+
+            args.insert(0, context)
+        elif pass_arg is _PassArg.eval_context:
+            if eval_ctx is None:
+                if context is not None:
+                    eval_ctx = context.eval_ctx
+                else:
+                    eval_ctx = EvalContext(self)
+
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, self)
+
+        return func(*args, **kwargs)
+
+    def call_filter(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a filter on a value the same way the compiler does.
+
+        This might return a coroutine if the filter is running from an
+        environment in async mode and the filter supports async
+        execution. It's your responsibility to await this if needed.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, True
+        )
+
+    def call_test(
+        self,
+        name: str,
+        value: t.Any,
+        args: t.Optional[t.Sequence[t.Any]] = None,
+        kwargs: t.Optional[t.Mapping[str, t.Any]] = None,
+        context: t.Optional[Context] = None,
+        eval_ctx: t.Optional[EvalContext] = None,
+    ) -> t.Any:
+        """Invoke a test on a value the same way the compiler does.
+
+        This might return a coroutine if the test is running from an
+        environment in async mode and the test supports async execution.
+        It's your responsibility to await this if needed.
+
+        .. versionchanged:: 3.0
+            Tests support ``@pass_context``, etc. decorators. Added
+            the ``context`` and ``eval_ctx`` parameters.
+
+        .. versionadded:: 2.7
+        """
+        return self._filter_test_common(
+            name, value, args, kwargs, context, eval_ctx, False
+        )
+
+    @internalcode
+    def parse(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> nodes.Template:
+        """Parse the sourcecode and return the abstract syntax tree.  This
+        tree of nodes is used by the compiler to convert the template into
+        executable source- or bytecode.  This is useful for debugging or to
+        extract information from templates.
+
+        If you are :ref:`developing Jinja extensions <writing-extensions>`
+        this gives you a good overview of the node tree generated.
+        """
+        try:
+            return self._parse(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def _parse(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str]
+    ) -> nodes.Template:
+        """Internal parsing function used by `parse` and `compile`."""
+        return Parser(self, source, name, filename).parse()
+
+    def lex(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """Lex the given sourcecode and return a generator that yields
+        tokens as tuples in the form ``(lineno, token_type, value)``.
+        This can be useful for :ref:`extension development <writing-extensions>`
+        and debugging templates.
+
+        This does not perform preprocessing.  If you want the preprocessing
+        of the extensions to be applied you have to filter source through
+        the :meth:`preprocess` method.
+        """
+        source = str(source)
+        try:
+            return self.lexer.tokeniter(source, name, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+    def preprocess(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> str:
+        """Preprocesses the source with all extensions.  This is automatically
+        called for all parsing and compiling methods but *not* for :meth:`lex`
+        because there you usually only want the actual source tokenized.
+        """
+        return reduce(
+            lambda s, e: e.preprocess(s, name, filename),
+            self.iter_extensions(),
+            str(source),
+        )
+
+    def _tokenize(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Called by the parser to do the preprocessing and filtering
+        for all the extensions.  Returns a :class:`~jinja2.lexer.TokenStream`.
+        """
+        source = self.preprocess(source, name, filename)
+        stream = self.lexer.tokenize(source, name, filename, state)
+
+        for ext in self.iter_extensions():
+            stream = ext.filter_stream(stream)  # type: ignore
+
+            if not isinstance(stream, TokenStream):
+                stream = TokenStream(stream, name, filename)
+
+        return stream
+
+    def _generate(
+        self,
+        source: nodes.Template,
+        name: t.Optional[str],
+        filename: t.Optional[str],
+        defer_init: bool = False,
+    ) -> str:
+        """Internal hook that can be overridden to hook a different generate
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return generate(  # type: ignore
+            source,
+            self,
+            name,
+            filename,
+            defer_init=defer_init,
+            optimized=self.optimized,
+        )
+
+    def _compile(self, source: str, filename: str) -> CodeType:
+        """Internal hook that can be overridden to hook a different compile
+        method in.
+
+        .. versionadded:: 2.5
+        """
+        return compile(source, filename, "exec")
+
+    @typing.overload
+    def compile(  # type: ignore
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[False]" = False,
+        defer_init: bool = False,
+    ) -> CodeType: ...
+
+    @typing.overload
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: "te.Literal[True]" = ...,
+        defer_init: bool = False,
+    ) -> str: ...
+
+    @internalcode
+    def compile(
+        self,
+        source: t.Union[str, nodes.Template],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        raw: bool = False,
+        defer_init: bool = False,
+    ) -> t.Union[str, CodeType]:
+        """Compile a node or template source code.  The `name` parameter is
+        the load name of the template after it was joined using
+        :meth:`join_path` if necessary, not the filename on the file system.
+        the `filename` parameter is the estimated filename of the template on
+        the file system.  If the template came from a database or memory this
+        can be omitted.
+
+        The return value of this method is a python code object.  If the `raw`
+        parameter is `True` the return value will be a string with python
+        code equivalent to the bytecode returned otherwise.  This method is
+        mainly used internally.
+
+        `defer_init` is use internally to aid the module code generator.  This
+        causes the generated code to be able to import without the global
+        environment variable to be set.
+
+        .. versionadded:: 2.4
+           `defer_init` parameter added.
+        """
+        source_hint = None
+        try:
+            if isinstance(source, str):
+                source_hint = source
+                source = self._parse(source, name, filename)
+            source = self._generate(source, name, filename, defer_init=defer_init)
+            if raw:
+                return source
+            if filename is None:
+                filename = "<template>"
+            return self._compile(source, filename)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source_hint)
+
+    def compile_expression(
+        self, source: str, undefined_to_none: bool = True
+    ) -> "TemplateExpression":
+        """A handy helper method that returns a callable that accepts keyword
+        arguments that appear as variables in the expression.  If called it
+        returns the result of the expression.
+
+        This is useful if applications want to use the same rules as Jinja
+        in template "configuration files" or similar situations.
+
+        Example usage:
+
+        >>> env = Environment()
+        >>> expr = env.compile_expression('foo == 42')
+        >>> expr(foo=23)
+        False
+        >>> expr(foo=42)
+        True
+
+        Per default the return value is converted to `None` if the
+        expression returns an undefined value.  This can be changed
+        by setting `undefined_to_none` to `False`.
+
+        >>> env.compile_expression('var')() is None
+        True
+        >>> env.compile_expression('var', undefined_to_none=False)()
+        Undefined
+
+        .. versionadded:: 2.1
+        """
+        parser = Parser(self, source, state="variable")
+        try:
+            expr = parser.parse_expression()
+            if not parser.stream.eos:
+                raise TemplateSyntaxError(
+                    "chunk after expression", parser.stream.current.lineno, None, None
+                )
+            expr.set_environment(self)
+        except TemplateSyntaxError:
+            self.handle_exception(source=source)
+
+        body = [nodes.Assign(nodes.Name("result", "store"), expr, lineno=1)]
+        template = self.from_string(nodes.Template(body, lineno=1))
+        return TemplateExpression(template, undefined_to_none)
+
+    def compile_templates(
+        self,
+        target: t.Union[str, "os.PathLike[str]"],
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+        zip: t.Optional[str] = "deflated",
+        log_function: t.Optional[t.Callable[[str], None]] = None,
+        ignore_errors: bool = True,
+    ) -> None:
+        """Finds all the templates the loader can find, compiles them
+        and stores them in `target`.  If `zip` is `None`, instead of in a
+        zipfile, the templates will be stored in a directory.
+        By default a deflate zip algorithm is used. To switch to
+        the stored algorithm, `zip` can be set to ``'stored'``.
+
+        `extensions` and `filter_func` are passed to :meth:`list_templates`.
+        Each template returned will be compiled to the target folder or
+        zipfile.
+
+        By default template compilation errors are ignored.  In case a
+        log function is provided, errors are logged.  If you want template
+        syntax errors to abort the compilation you can set `ignore_errors`
+        to `False` and you will get an exception on syntax errors.
+
+        .. versionadded:: 2.4
+        """
+        from .loaders import ModuleLoader
+
+        if log_function is None:
+
+            def log_function(x: str) -> None:
+                pass
+
+        assert log_function is not None
+        assert self.loader is not None, "No loader configured."
+
+        def write_file(filename: str, data: str) -> None:
+            if zip:
+                info = ZipInfo(filename)
+                info.external_attr = 0o755 << 16
+                zip_file.writestr(info, data)
+            else:
+                with open(os.path.join(target, filename), "wb") as f:
+                    f.write(data.encode("utf8"))
+
+        if zip is not None:
+            from zipfile import ZIP_DEFLATED
+            from zipfile import ZIP_STORED
+            from zipfile import ZipFile
+            from zipfile import ZipInfo
+
+            zip_file = ZipFile(
+                target, "w", dict(deflated=ZIP_DEFLATED, stored=ZIP_STORED)[zip]
+            )
+            log_function(f"Compiling into Zip archive {target!r}")
+        else:
+            if not os.path.isdir(target):
+                os.makedirs(target)
+            log_function(f"Compiling into folder {target!r}")
+
+        try:
+            for name in self.list_templates(extensions, filter_func):
+                source, filename, _ = self.loader.get_source(self, name)
+                try:
+                    code = self.compile(source, name, filename, True, True)
+                except TemplateSyntaxError as e:
+                    if not ignore_errors:
+                        raise
+                    log_function(f'Could not compile "{name}": {e}')
+                    continue
+
+                filename = ModuleLoader.get_module_filename(name)
+
+                write_file(filename, code)
+                log_function(f'Compiled "{name}" as {filename}')
+        finally:
+            if zip:
+                zip_file.close()
+
+        log_function("Finished compiling templates")
+
+    def list_templates(
+        self,
+        extensions: t.Optional[t.Collection[str]] = None,
+        filter_func: t.Optional[t.Callable[[str], bool]] = None,
+    ) -> t.List[str]:
+        """Returns a list of templates for this environment.  This requires
+        that the loader supports the loader's
+        :meth:`~BaseLoader.list_templates` method.
+
+        If there are other files in the template folder besides the
+        actual templates, the returned list can be filtered.  There are two
+        ways: either `extensions` is set to a list of file extensions for
+        templates, or a `filter_func` can be provided which is a callable that
+        is passed a template name and should return `True` if it should end up
+        in the result list.
+
+        If the loader does not support that, a :exc:`TypeError` is raised.
+
+        .. versionadded:: 2.4
+        """
+        assert self.loader is not None, "No loader configured."
+        names = self.loader.list_templates()
+
+        if extensions is not None:
+            if filter_func is not None:
+                raise TypeError(
+                    "either extensions or filter_func can be passed, but not both"
+                )
+
+            def filter_func(x: str) -> bool:
+                return "." in x and x.rsplit(".", 1)[1] in extensions
+
+        if filter_func is not None:
+            names = [name for name in names if filter_func(name)]
+
+        return names
+
+    def handle_exception(self, source: t.Optional[str] = None) -> "te.NoReturn":
+        """Exception handling helper.  This is used internally to either raise
+        rewritten exceptions or return a rendered traceback for the template.
+        """
+        from .debug import rewrite_traceback_stack
+
+        raise rewrite_traceback_stack(source=source)
+
+    def join_path(self, template: str, parent: str) -> str:
+        """Join a template with the parent.  By default all the lookups are
+        relative to the loader root so this method returns the `template`
+        parameter unchanged, but if the paths should be relative to the
+        parent template, this function can be used to calculate the real
+        template name.
+
+        Subclasses may override this method and implement template path
+        joining here.
+        """
+        return template
+
+    @internalcode
+    def _load_template(
+        self, name: str, globals: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> "Template":
+        if self.loader is None:
+            raise TypeError("no loader for this environment specified")
+        cache_key = (weakref.ref(self.loader), name)
+        if self.cache is not None:
+            template = self.cache.get(cache_key)
+            if template is not None and (
+                not self.auto_reload or template.is_up_to_date
+            ):
+                # template.globals is a ChainMap, modifying it will only
+                # affect the template, not the environment globals.
+                if globals:
+                    template.globals.update(globals)
+
+                return template
+
+        template = self.loader.load(self, name, self.make_globals(globals))
+
+        if self.cache is not None:
+            self.cache[cache_key] = template
+        return template
+
+    @internalcode
+    def get_template(
+        self,
+        name: t.Union[str, "Template"],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Load a template by name with :attr:`loader` and return a
+        :class:`Template`. If the template does not exist a
+        :exc:`TemplateNotFound` exception is raised.
+
+        :param name: Name of the template to load. When loading
+            templates from the filesystem, "/" is used as the path
+            separator, even on Windows.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.4
+            If ``name`` is a :class:`Template` object it is returned
+            unchanged.
+        """
+        if isinstance(name, Template):
+            return name
+        if parent is not None:
+            name = self.join_path(name, parent)
+
+        return self._load_template(name, globals)
+
+    @internalcode
+    def select_template(
+        self,
+        names: t.Iterable[t.Union[str, "Template"]],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Like :meth:`get_template`, but tries loading multiple names.
+        If none of the names can be loaded a :exc:`TemplatesNotFound`
+        exception is raised.
+
+        :param names: List of template names to try loading in order.
+        :param parent: The name of the parent template importing this
+            template. :meth:`join_path` can be used to implement name
+            transformations with this.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+
+        .. versionchanged:: 3.0
+            If a template is loaded from cache, ``globals`` will update
+            the template's globals instead of ignoring the new values.
+
+        .. versionchanged:: 2.11
+            If ``names`` is :class:`Undefined`, an :exc:`UndefinedError`
+            is raised instead. If no templates were found and ``names``
+            contains :class:`Undefined`, the message is more helpful.
+
+        .. versionchanged:: 2.4
+            If ``names`` contains a :class:`Template` object it is
+            returned unchanged.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(names, Undefined):
+            names._fail_with_undefined_error()
+
+        if not names:
+            raise TemplatesNotFound(
+                message="Tried to select from an empty list of templates."
+            )
+
+        for name in names:
+            if isinstance(name, Template):
+                return name
+            if parent is not None:
+                name = self.join_path(name, parent)
+            try:
+                return self._load_template(name, globals)
+            except (TemplateNotFound, UndefinedError):
+                pass
+        raise TemplatesNotFound(names)  # type: ignore
+
+    @internalcode
+    def get_or_select_template(
+        self,
+        template_name_or_list: t.Union[
+            str, "Template", t.List[t.Union[str, "Template"]]
+        ],
+        parent: t.Optional[str] = None,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Use :meth:`select_template` if an iterable of template names
+        is given, or :meth:`get_template` if one name is given.
+
+        .. versionadded:: 2.3
+        """
+        if isinstance(template_name_or_list, (str, Undefined)):
+            return self.get_template(template_name_or_list, parent, globals)
+        elif isinstance(template_name_or_list, Template):
+            return template_name_or_list
+        return self.select_template(template_name_or_list, parent, globals)
+
+    def from_string(
+        self,
+        source: t.Union[str, nodes.Template],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+        template_class: t.Optional[t.Type["Template"]] = None,
+    ) -> "Template":
+        """Load a template from a source string without using
+        :attr:`loader`.
+
+        :param source: Jinja source to compile into a template.
+        :param globals: Extend the environment :attr:`globals` with
+            these extra variables available for all renders of this
+            template. If the template has already been loaded and
+            cached, its globals are updated with any new items.
+        :param template_class: Return an instance of this
+            :class:`Template` class.
+        """
+        gs = self.make_globals(globals)
+        cls = template_class or self.template_class
+        return cls.from_code(self, self.compile(source), gs, None)
+
+    def make_globals(
+        self, d: t.Optional[t.MutableMapping[str, t.Any]]
+    ) -> t.MutableMapping[str, t.Any]:
+        """Make the globals map for a template. Any given template
+        globals overlay the environment :attr:`globals`.
+
+        Returns a :class:`collections.ChainMap`. This allows any changes
+        to a template's globals to only affect that template, while
+        changes to the environment's globals are still reflected.
+        However, avoid modifying any globals after a template is loaded.
+
+        :param d: Dict of template-specific globals.
+
+        .. versionchanged:: 3.0
+            Use :class:`collections.ChainMap` to always prevent mutating
+            environment globals.
+        """
+        if d is None:
+            d = {}
+
+        return ChainMap(d, self.globals)
+
+
+class Template:
+    """A compiled template that can be rendered.
+
+    Use the methods on :class:`Environment` to create or load templates.
+    The environment is used to configure how templates are compiled and
+    behave.
+
+    It is also possible to create a template object directly. This is
+    not usually recommended. The constructor takes most of the same
+    arguments as :class:`Environment`. All templates created with the
+    same environment arguments share the same ephemeral ``Environment``
+    instance behind the scenes.
+
+    A template object should be considered immutable. Modifications on
+    the object are not supported.
+    """
+
+    #: Type of environment to create when creating a template directly
+    #: rather than through an existing environment.
+    environment_class: t.Type[Environment] = Environment
+
+    environment: Environment
+    globals: t.MutableMapping[str, t.Any]
+    name: t.Optional[str]
+    filename: t.Optional[str]
+    blocks: t.Dict[str, t.Callable[[Context], t.Iterator[str]]]
+    root_render_func: t.Callable[[Context], t.Iterator[str]]
+    _module: t.Optional["TemplateModule"]
+    _debug_info: str
+    _uptodate: t.Optional[t.Callable[[], bool]]
+
+    def __new__(
+        cls,
+        source: t.Union[str, nodes.Template],
+        block_start_string: str = BLOCK_START_STRING,
+        block_end_string: str = BLOCK_END_STRING,
+        variable_start_string: str = VARIABLE_START_STRING,
+        variable_end_string: str = VARIABLE_END_STRING,
+        comment_start_string: str = COMMENT_START_STRING,
+        comment_end_string: str = COMMENT_END_STRING,
+        line_statement_prefix: t.Optional[str] = LINE_STATEMENT_PREFIX,
+        line_comment_prefix: t.Optional[str] = LINE_COMMENT_PREFIX,
+        trim_blocks: bool = TRIM_BLOCKS,
+        lstrip_blocks: bool = LSTRIP_BLOCKS,
+        newline_sequence: "te.Literal['\\n', '\\r\\n', '\\r']" = NEWLINE_SEQUENCE,
+        keep_trailing_newline: bool = KEEP_TRAILING_NEWLINE,
+        extensions: t.Sequence[t.Union[str, t.Type["Extension"]]] = (),
+        optimized: bool = True,
+        undefined: t.Type[Undefined] = Undefined,
+        finalize: t.Optional[t.Callable[..., t.Any]] = None,
+        autoescape: t.Union[bool, t.Callable[[t.Optional[str]], bool]] = False,
+        enable_async: bool = False,
+    ) -> t.Any:  # it returns a `Template`, but this breaks the sphinx build...
+        env = get_spontaneous_environment(
+            cls.environment_class,  # type: ignore
+            block_start_string,
+            block_end_string,
+            variable_start_string,
+            variable_end_string,
+            comment_start_string,
+            comment_end_string,
+            line_statement_prefix,
+            line_comment_prefix,
+            trim_blocks,
+            lstrip_blocks,
+            newline_sequence,
+            keep_trailing_newline,
+            frozenset(extensions),
+            optimized,
+            undefined,  # type: ignore
+            finalize,
+            autoescape,
+            None,
+            0,
+            False,
+            None,
+            enable_async,
+        )
+        return env.from_string(source, template_class=cls)
+
+    @classmethod
+    def from_code(
+        cls,
+        environment: Environment,
+        code: CodeType,
+        globals: t.MutableMapping[str, t.Any],
+        uptodate: t.Optional[t.Callable[[], bool]] = None,
+    ) -> "Template":
+        """Creates a template object from compiled code and the globals.  This
+        is used by the loaders and environment to create a template object.
+        """
+        namespace = {"environment": environment, "__file__": code.co_filename}
+        exec(code, namespace)
+        rv = cls._from_namespace(environment, namespace, globals)
+        rv._uptodate = uptodate
+        return rv
+
+    @classmethod
+    def from_module_dict(
+        cls,
+        environment: Environment,
+        module_dict: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        """Creates a template object from a module.  This is used by the
+        module loader to create a template object.
+
+        .. versionadded:: 2.4
+        """
+        return cls._from_namespace(environment, module_dict, globals)
+
+    @classmethod
+    def _from_namespace(
+        cls,
+        environment: Environment,
+        namespace: t.MutableMapping[str, t.Any],
+        globals: t.MutableMapping[str, t.Any],
+    ) -> "Template":
+        t: "Template" = object.__new__(cls)
+        t.environment = environment
+        t.globals = globals
+        t.name = namespace["name"]
+        t.filename = namespace["__file__"]
+        t.blocks = namespace["blocks"]
+
+        # render function and module
+        t.root_render_func = namespace["root"]
+        t._module = None
+
+        # debug and loader helpers
+        t._debug_info = namespace["debug_info"]
+        t._uptodate = None
+
+        # store the reference
+        namespace["environment"] = environment
+        namespace["__jinja_template__"] = t
+
+        return t
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This method accepts the same arguments as the `dict` constructor:
+        A dict, a dict subclass or some keyword arguments.  If no arguments
+        are given the context will be empty.  These two calls do the same::
+
+            template.render(knights='that say nih')
+            template.render({'knights': 'that say nih'})
+
+        This will return the rendered template as a string.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            close = False
+
+            try:
+                loop = asyncio.get_running_loop()
+            except RuntimeError:
+                loop = asyncio.new_event_loop()
+                close = True
+
+            try:
+                return loop.run_until_complete(self.render_async(*args, **kwargs))
+            finally:
+                if close:
+                    loop.close()
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(self.root_render_func(ctx))  # type: ignore
+        except Exception:
+            self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> str:
+        """This works similar to :meth:`render` but returns a coroutine
+        that when awaited returns the entire rendered template string.  This
+        requires the async feature to be enabled.
+
+        Example usage::
+
+            await template.render_async(knights='that say nih; asynchronously')
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    def stream(self, *args: t.Any, **kwargs: t.Any) -> "TemplateStream":
+        """Works exactly like :meth:`generate` but returns a
+        :class:`TemplateStream`.
+        """
+        return TemplateStream(self.generate(*args, **kwargs))
+
+    def generate(self, *args: t.Any, **kwargs: t.Any) -> t.Iterator[str]:
+        """For very large templates it can be useful to not render the whole
+        template at once but evaluate each statement after another and yield
+        piece for piece.  This method basically does exactly that and returns
+        a generator that yields one item after another as strings.
+
+        It accepts the same arguments as :meth:`render`.
+        """
+        if self.environment.is_async:
+            import asyncio
+
+            async def to_list() -> t.List[str]:
+                return [x async for x in self.generate_async(*args, **kwargs)]
+
+            yield from asyncio.run(to_list())
+            return
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            yield from self.root_render_func(ctx)
+        except Exception:
+            yield self.environment.handle_exception()
+
+    async def generate_async(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> t.AsyncIterator[str]:
+        """An async version of :meth:`generate`.  Works very similarly but
+        returns an async iterator instead.
+        """
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            async for event in self.root_render_func(ctx):  # type: ignore
+                yield event
+        except Exception:
+            yield self.environment.handle_exception()
+
+    def new_context(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> Context:
+        """Create a new :class:`Context` for this template.  The vars
+        provided will be passed to the template.  Per default the globals
+        are added to the context.  If shared is set to `True` the data
+        is passed as is to the context without adding the globals.
+
+        `locals` can be a dict of local variables for internal usage.
+        """
+        return new_context(
+            self.environment, self.name, self.blocks, vars, shared, self.globals, locals
+        )
+
+    def make_module(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """This method works like the :attr:`module` attribute when called
+        without arguments but it will evaluate the template on every call
+        rather than caching it.  It's also possible to provide
+        a dict which is then used as context.  The arguments are the same
+        as for the :meth:`new_context` method.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(self, ctx)
+
+    async def make_module_async(
+        self,
+        vars: t.Optional[t.Dict[str, t.Any]] = None,
+        shared: bool = False,
+        locals: t.Optional[t.Mapping[str, t.Any]] = None,
+    ) -> "TemplateModule":
+        """As template module creation can invoke template code for
+        asynchronous executions this method must be used instead of the
+        normal :meth:`make_module` one.  Likewise the module attribute
+        becomes unavailable in async mode.
+        """
+        ctx = self.new_context(vars, shared, locals)
+        return TemplateModule(
+            self,
+            ctx,
+            [x async for x in self.root_render_func(ctx)],  # type: ignore
+        )
+
+    @internalcode
+    def _get_default_module(self, ctx: t.Optional[Context] = None) -> "TemplateModule":
+        """If a context is passed in, this means that the template was
+        imported. Imported templates have access to the current
+        template's globals by default, but they can only be accessed via
+        the context during runtime.
+
+        If there are new globals, we need to create a new module because
+        the cached module is already rendered and will not have access
+        to globals from the current context. This new module is not
+        cached because the template can be imported elsewhere, and it
+        should have access to only the current template's globals.
+        """
+        if self.environment.is_async:
+            raise RuntimeError("Module is not available in async mode.")
+
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return self.make_module({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = self.make_module()
+
+        return self._module
+
+    async def _get_default_module_async(
+        self, ctx: t.Optional[Context] = None
+    ) -> "TemplateModule":
+        if ctx is not None:
+            keys = ctx.globals_keys - self.globals.keys()
+
+            if keys:
+                return await self.make_module_async({k: ctx.parent[k] for k in keys})
+
+        if self._module is None:
+            self._module = await self.make_module_async()
+
+        return self._module
+
+    @property
+    def module(self) -> "TemplateModule":
+        """The template as module.  This is used for imports in the
+        template runtime but is also useful if one wants to access
+        exported template variables from the Python layer:
+
+        >>> t = Template('{% macro foo() %}42{% endmacro %}23')
+        >>> str(t.module)
+        '23'
+        >>> t.module.foo() == u'42'
+        True
+
+        This attribute is not available if async mode is enabled.
+        """
+        return self._get_default_module()
+
+    def get_corresponding_lineno(self, lineno: int) -> int:
+        """Return the source line number of a line number in the
+        generated bytecode as they are not in sync.
+        """
+        for template_line, code_line in reversed(self.debug_info):
+            if code_line <= lineno:
+                return template_line
+        return 1
+
+    @property
+    def is_up_to_date(self) -> bool:
+        """If this variable is `False` there is a newer version available."""
+        if self._uptodate is None:
+            return True
+        return self._uptodate()
+
+    @property
+    def debug_info(self) -> t.List[t.Tuple[int, int]]:
+        """The debug info mapping."""
+        if self._debug_info:
+            return [
+                tuple(map(int, x.split("=")))  # type: ignore
+                for x in self._debug_info.split("&")
+            ]
+
+        return []
+
+    def __repr__(self) -> str:
+        if self.name is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateModule:
+    """Represents an imported template.  All the exported names of the
+    template are available as attributes on this object.  Additionally
+    converting it into a string renders the contents.
+    """
+
+    def __init__(
+        self,
+        template: Template,
+        context: Context,
+        body_stream: t.Optional[t.Iterable[str]] = None,
+    ) -> None:
+        if body_stream is None:
+            if context.environment.is_async:
+                raise RuntimeError(
+                    "Async mode requires a body stream to be passed to"
+                    " a template module. Use the async methods of the"
+                    " API you are using."
+                )
+
+            body_stream = list(template.root_render_func(context))
+
+        self._body_stream = body_stream
+        self.__dict__.update(context.get_exported())
+        self.__name__ = template.name
+
+    def __html__(self) -> Markup:
+        return Markup(concat(self._body_stream))
+
+    def __str__(self) -> str:
+        return concat(self._body_stream)
+
+    def __repr__(self) -> str:
+        if self.__name__ is None:
+            name = f"memory:{id(self):x}"
+        else:
+            name = repr(self.__name__)
+        return f"<{type(self).__name__} {name}>"
+
+
+class TemplateExpression:
+    """The :meth:`jinja2.Environment.compile_expression` method returns an
+    instance of this object.  It encapsulates the expression-like access
+    to the template with an expression it wraps.
+    """
+
+    def __init__(self, template: Template, undefined_to_none: bool) -> None:
+        self._template = template
+        self._undefined_to_none = undefined_to_none
+
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> t.Optional[t.Any]:
+        context = self._template.new_context(dict(*args, **kwargs))
+        consume(self._template.root_render_func(context))
+        rv = context.vars["result"]
+        if self._undefined_to_none and isinstance(rv, Undefined):
+            rv = None
+        return rv
+
+
+class TemplateStream:
+    """A template stream works pretty much like an ordinary python generator
+    but it can buffer multiple items to reduce the number of total iterations.
+    Per default the output is unbuffered which means that for every unbuffered
+    instruction in the template one string is yielded.
+
+    If buffering is enabled with a buffer size of 5, five items are combined
+    into a new string.  This is mainly useful if you are streaming
+    big templates to a client via WSGI which flushes after each iteration.
+    """
+
+    def __init__(self, gen: t.Iterator[str]) -> None:
+        self._gen = gen
+        self.disable_buffering()
+
+    def dump(
+        self,
+        fp: t.Union[str, t.IO[bytes]],
+        encoding: t.Optional[str] = None,
+        errors: t.Optional[str] = "strict",
+    ) -> None:
+        """Dump the complete stream into a file or file-like object.
+        Per default strings are written, if you want to encode
+        before writing specify an `encoding`.
+
+        Example usage::
+
+            Template('Hello {{ name }}!').stream(name='foo').dump('hello.html')
+        """
+        close = False
+
+        if isinstance(fp, str):
+            if encoding is None:
+                encoding = "utf-8"
+
+            real_fp: t.IO[bytes] = open(fp, "wb")
+            close = True
+        else:
+            real_fp = fp
+
+        try:
+            if encoding is not None:
+                iterable = (x.encode(encoding, errors) for x in self)  # type: ignore
+            else:
+                iterable = self  # type: ignore
+
+            if hasattr(real_fp, "writelines"):
+                real_fp.writelines(iterable)
+            else:
+                for item in iterable:
+                    real_fp.write(item)
+        finally:
+            if close:
+                real_fp.close()
+
+    def disable_buffering(self) -> None:
+        """Disable the output buffering."""
+        self._next = partial(next, self._gen)
+        self.buffered = False
+
+    def _buffered_generator(self, size: int) -> t.Iterator[str]:
+        buf: t.List[str] = []
+        c_size = 0
+        push = buf.append
+
+        while True:
+            try:
+                while c_size < size:
+                    c = next(self._gen)
+                    push(c)
+                    if c:
+                        c_size += 1
+            except StopIteration:
+                if not c_size:
+                    return
+            yield concat(buf)
+            del buf[:]
+            c_size = 0
+
+    def enable_buffering(self, size: int = 5) -> None:
+        """Enable buffering.  Buffer `size` items before yielding them."""
+        if size <= 1:
+            raise ValueError("buffer size too small")
+
+        self.buffered = True
+        self._next = partial(next, self._buffered_generator(size))
+
+    def __iter__(self) -> "TemplateStream":
+        return self
+
+    def __next__(self) -> str:
+        return self._next()  # type: ignore
+
+
+# hook in default template class.  if anyone reads this comment: ignore that
+# it's possible to use custom templates ;-)
+Environment.template_class = Template
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/exceptions.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/exceptions.py
new file mode 100644
index 000000000..082ebe8f2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/exceptions.py
@@ -0,0 +1,166 @@
+import typing as t
+
+if t.TYPE_CHECKING:
+    from .runtime import Undefined
+
+
+class TemplateError(Exception):
+    """Baseclass for all template errors."""
+
+    def __init__(self, message: t.Optional[str] = None) -> None:
+        super().__init__(message)
+
+    @property
+    def message(self) -> t.Optional[str]:
+        return self.args[0] if self.args else None
+
+
+class TemplateNotFound(IOError, LookupError, TemplateError):
+    """Raised if a template does not exist.
+
+    .. versionchanged:: 2.11
+        If the given name is :class:`Undefined` and no message was
+        provided, an :exc:`UndefinedError` is raised.
+    """
+
+    # Silence the Python warning about message being deprecated since
+    # it's not valid here.
+    message: t.Optional[str] = None
+
+    def __init__(
+        self,
+        name: t.Optional[t.Union[str, "Undefined"]],
+        message: t.Optional[str] = None,
+    ) -> None:
+        IOError.__init__(self, name)
+
+        if message is None:
+            from .runtime import Undefined
+
+            if isinstance(name, Undefined):
+                name._fail_with_undefined_error()
+
+            message = name
+
+        self.message = message
+        self.name = name
+        self.templates = [name]
+
+    def __str__(self) -> str:
+        return str(self.message)
+
+
+class TemplatesNotFound(TemplateNotFound):
+    """Like :class:`TemplateNotFound` but raised if multiple templates
+    are selected.  This is a subclass of :class:`TemplateNotFound`
+    exception, so just catching the base exception will catch both.
+
+    .. versionchanged:: 2.11
+        If a name in the list of names is :class:`Undefined`, a message
+        about it being undefined is shown rather than the empty string.
+
+    .. versionadded:: 2.2
+    """
+
+    def __init__(
+        self,
+        names: t.Sequence[t.Union[str, "Undefined"]] = (),
+        message: t.Optional[str] = None,
+    ) -> None:
+        if message is None:
+            from .runtime import Undefined
+
+            parts = []
+
+            for name in names:
+                if isinstance(name, Undefined):
+                    parts.append(name._undefined_message)
+                else:
+                    parts.append(name)
+
+            parts_str = ", ".join(map(str, parts))
+            message = f"none of the templates given were found: {parts_str}"
+
+        super().__init__(names[-1] if names else None, message)
+        self.templates = list(names)
+
+
+class TemplateSyntaxError(TemplateError):
+    """Raised to tell the user that there is a problem with the template."""
+
+    def __init__(
+        self,
+        message: str,
+        lineno: int,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> None:
+        super().__init__(message)
+        self.lineno = lineno
+        self.name = name
+        self.filename = filename
+        self.source: t.Optional[str] = None
+
+        # this is set to True if the debug.translate_syntax_error
+        # function translated the syntax error into a new traceback
+        self.translated = False
+
+    def __str__(self) -> str:
+        # for translated errors we only return the message
+        if self.translated:
+            return t.cast(str, self.message)
+
+        # otherwise attach some stuff
+        location = f"line {self.lineno}"
+        name = self.filename or self.name
+        if name:
+            location = f'File "{name}", {location}'
+        lines = [t.cast(str, self.message), "  " + location]
+
+        # if the source is set, add the line to the output
+        if self.source is not None:
+            try:
+                line = self.source.splitlines()[self.lineno - 1]
+            except IndexError:
+                pass
+            else:
+                lines.append("    " + line.strip())
+
+        return "\n".join(lines)
+
+    def __reduce__(self):  # type: ignore
+        # https://bugs.python.org/issue1692335 Exceptions that take
+        # multiple required arguments have problems with pickling.
+        # Without this, raises TypeError: __init__() missing 1 required
+        # positional argument: 'lineno'
+        return self.__class__, (self.message, self.lineno, self.name, self.filename)
+
+
+class TemplateAssertionError(TemplateSyntaxError):
+    """Like a template syntax error, but covers cases where something in the
+    template caused an error at compile time that wasn't necessarily caused
+    by a syntax error.  However it's a direct subclass of
+    :exc:`TemplateSyntaxError` and has the same attributes.
+    """
+
+
+class TemplateRuntimeError(TemplateError):
+    """A generic runtime error in the template engine.  Under some situations
+    Jinja may raise this exception.
+    """
+
+
+class UndefinedError(TemplateRuntimeError):
+    """Raised if a template tries to operate on :class:`Undefined`."""
+
+
+class SecurityError(TemplateRuntimeError):
+    """Raised if a template tries to do something insecure if the
+    sandbox is enabled.
+    """
+
+
+class FilterArgumentError(TemplateRuntimeError):
+    """This error is raised if a filter was called with inappropriate
+    arguments
+    """
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/ext.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/ext.py
new file mode 100644
index 000000000..8d0810cd4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/ext.py
@@ -0,0 +1,870 @@
+"""Extension API for adding custom tags and behavior."""
+
+import pprint
+import re
+import typing as t
+
+from markupsafe import Markup
+
+from . import defaults
+from . import nodes
+from .environment import Environment
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .runtime import concat  # type: ignore
+from .runtime import Context
+from .runtime import Undefined
+from .utils import import_string
+from .utils import pass_context
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .lexer import Token
+    from .lexer import TokenStream
+    from .parser import Parser
+
+    class _TranslationsBasic(te.Protocol):
+        def gettext(self, message: str) -> str: ...
+
+        def ngettext(self, singular: str, plural: str, n: int) -> str:
+            pass
+
+    class _TranslationsContext(_TranslationsBasic):
+        def pgettext(self, context: str, message: str) -> str: ...
+
+        def npgettext(
+            self, context: str, singular: str, plural: str, n: int
+        ) -> str: ...
+
+    _SupportedTranslations = t.Union[_TranslationsBasic, _TranslationsContext]
+
+
+# I18N functions available in Jinja templates. If the I18N library
+# provides ugettext, it will be assigned to gettext.
+GETTEXT_FUNCTIONS: t.Tuple[str, ...] = (
+    "_",
+    "gettext",
+    "ngettext",
+    "pgettext",
+    "npgettext",
+)
+_ws_re = re.compile(r"\s*\n\s*")
+
+
+class Extension:
+    """Extensions can be used to add extra functionality to the Jinja template
+    system at the parser level.  Custom extensions are bound to an environment
+    but may not store environment specific data on `self`.  The reason for
+    this is that an extension can be bound to another environment (for
+    overlays) by creating a copy and reassigning the `environment` attribute.
+
+    As extensions are created by the environment they cannot accept any
+    arguments for configuration.  One may want to work around that by using
+    a factory function, but that is not possible as extensions are identified
+    by their import name.  The correct way to configure the extension is
+    storing the configuration values on the environment.  Because this way the
+    environment ends up acting as central configuration storage the
+    attributes may clash which is why extensions have to ensure that the names
+    they choose for configuration are not too generic.  ``prefix`` for example
+    is a terrible name, ``fragment_cache_prefix`` on the other hand is a good
+    name as includes the name of the extension (fragment cache).
+    """
+
+    identifier: t.ClassVar[str]
+
+    def __init_subclass__(cls) -> None:
+        cls.identifier = f"{cls.__module__}.{cls.__name__}"
+
+    #: if this extension parses this is the list of tags it's listening to.
+    tags: t.Set[str] = set()
+
+    #: the priority of that extension.  This is especially useful for
+    #: extensions that preprocess values.  A lower value means higher
+    #: priority.
+    #:
+    #: .. versionadded:: 2.4
+    priority = 100
+
+    def __init__(self, environment: Environment) -> None:
+        self.environment = environment
+
+    def bind(self, environment: Environment) -> "Extension":
+        """Create a copy of this extension bound to another environment."""
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.environment = environment
+        return rv
+
+    def preprocess(
+        self, source: str, name: t.Optional[str], filename: t.Optional[str] = None
+    ) -> str:
+        """This method is called before the actual lexing and can be used to
+        preprocess the source.  The `filename` is optional.  The return value
+        must be the preprocessed source.
+        """
+        return source
+
+    def filter_stream(
+        self, stream: "TokenStream"
+    ) -> t.Union["TokenStream", t.Iterable["Token"]]:
+        """It's passed a :class:`~jinja2.lexer.TokenStream` that can be used
+        to filter tokens returned.  This method has to return an iterable of
+        :class:`~jinja2.lexer.Token`\\s, but it doesn't have to return a
+        :class:`~jinja2.lexer.TokenStream`.
+        """
+        return stream
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """If any of the :attr:`tags` matched this method is called with the
+        parser as first argument.  The token the parser stream is pointing at
+        is the name token that matched.  This method has to return one or a
+        list of multiple nodes.
+        """
+        raise NotImplementedError()
+
+    def attr(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> nodes.ExtensionAttribute:
+        """Return an attribute node for the current extension.  This is useful
+        to pass constants on extensions to generated template code.
+
+        ::
+
+            self.attr('_my_attribute', lineno=lineno)
+        """
+        return nodes.ExtensionAttribute(self.identifier, name, lineno=lineno)
+
+    def call_method(
+        self,
+        name: str,
+        args: t.Optional[t.List[nodes.Expr]] = None,
+        kwargs: t.Optional[t.List[nodes.Keyword]] = None,
+        dyn_args: t.Optional[nodes.Expr] = None,
+        dyn_kwargs: t.Optional[nodes.Expr] = None,
+        lineno: t.Optional[int] = None,
+    ) -> nodes.Call:
+        """Call a method of the extension.  This is a shortcut for
+        :meth:`attr` + :class:`jinja2.nodes.Call`.
+        """
+        if args is None:
+            args = []
+        if kwargs is None:
+            kwargs = []
+        return nodes.Call(
+            self.attr(name, lineno=lineno),
+            args,
+            kwargs,
+            dyn_args,
+            dyn_kwargs,
+            lineno=lineno,
+        )
+
+
+@pass_context
+def _gettext_alias(
+    __context: Context, *args: t.Any, **kwargs: t.Any
+) -> t.Union[t.Any, Undefined]:
+    return __context.call(__context.resolve("gettext"), *args, **kwargs)
+
+
+def _make_new_gettext(func: t.Callable[[str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def gettext(__context: Context, __string: str, **variables: t.Any) -> str:
+        rv = __context.call(func, __string)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, even if there are no
+        # variables. This makes translation strings more consistent
+        # and predictable. This requires escaping
+        return rv % variables  # type: ignore
+
+    return gettext
+
+
+def _make_new_ngettext(func: t.Callable[[str, str, int], str]) -> t.Callable[..., str]:
+    @pass_context
+    def ngettext(
+        __context: Context,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __singular, __plural, __num)
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return ngettext
+
+
+def _make_new_pgettext(func: t.Callable[[str, str], str]) -> t.Callable[..., str]:
+    @pass_context
+    def pgettext(
+        __context: Context, __string_ctx: str, __string: str, **variables: t.Any
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        rv = __context.call(func, __string_ctx, __string)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return pgettext
+
+
+def _make_new_npgettext(
+    func: t.Callable[[str, str, str, int], str],
+) -> t.Callable[..., str]:
+    @pass_context
+    def npgettext(
+        __context: Context,
+        __string_ctx: str,
+        __singular: str,
+        __plural: str,
+        __num: int,
+        **variables: t.Any,
+    ) -> str:
+        variables.setdefault("context", __string_ctx)
+        variables.setdefault("num", __num)
+        rv = __context.call(func, __string_ctx, __singular, __plural, __num)
+
+        if __context.eval_ctx.autoescape:
+            rv = Markup(rv)
+
+        # Always treat as a format string, see gettext comment above.
+        return rv % variables  # type: ignore
+
+    return npgettext
+
+
+class InternationalizationExtension(Extension):
+    """This extension adds gettext support to Jinja."""
+
+    tags = {"trans"}
+
+    # TODO: the i18n extension is currently reevaluating values in a few
+    # situations.  Take this example:
+    #   {% trans count=something() %}{{ count }} foo{% pluralize
+    #     %}{{ count }} fooss{% endtrans %}
+    # something is called twice here.  One time for the gettext value and
+    # the other time for the n-parameter of the ngettext function.
+
+    def __init__(self, environment: Environment) -> None:
+        super().__init__(environment)
+        environment.globals["_"] = _gettext_alias
+        environment.extend(
+            install_gettext_translations=self._install,
+            install_null_translations=self._install_null,
+            install_gettext_callables=self._install_callables,
+            uninstall_gettext_translations=self._uninstall,
+            extract_translations=self._extract,
+            newstyle_gettext=False,
+        )
+
+    def _install(
+        self, translations: "_SupportedTranslations", newstyle: t.Optional[bool] = None
+    ) -> None:
+        # ugettext and ungettext are preferred in case the I18N library
+        # is providing compatibility with older Python versions.
+        gettext = getattr(translations, "ugettext", None)
+        if gettext is None:
+            gettext = translations.gettext
+        ngettext = getattr(translations, "ungettext", None)
+        if ngettext is None:
+            ngettext = translations.ngettext
+
+        pgettext = getattr(translations, "pgettext", None)
+        npgettext = getattr(translations, "npgettext", None)
+        self._install_callables(
+            gettext, ngettext, newstyle=newstyle, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _install_null(self, newstyle: t.Optional[bool] = None) -> None:
+        import gettext
+
+        translations = gettext.NullTranslations()
+
+        if hasattr(translations, "pgettext"):
+            # Python < 3.8
+            pgettext = translations.pgettext
+        else:
+
+            def pgettext(c: str, s: str) -> str:  # type: ignore[misc]
+                return s
+
+        if hasattr(translations, "npgettext"):
+            npgettext = translations.npgettext
+        else:
+
+            def npgettext(c: str, s: str, p: str, n: int) -> str:  # type: ignore[misc]
+                return s if n == 1 else p
+
+        self._install_callables(
+            gettext=translations.gettext,
+            ngettext=translations.ngettext,
+            newstyle=newstyle,
+            pgettext=pgettext,
+            npgettext=npgettext,
+        )
+
+    def _install_callables(
+        self,
+        gettext: t.Callable[[str], str],
+        ngettext: t.Callable[[str, str, int], str],
+        newstyle: t.Optional[bool] = None,
+        pgettext: t.Optional[t.Callable[[str, str], str]] = None,
+        npgettext: t.Optional[t.Callable[[str, str, str, int], str]] = None,
+    ) -> None:
+        if newstyle is not None:
+            self.environment.newstyle_gettext = newstyle  # type: ignore
+        if self.environment.newstyle_gettext:  # type: ignore
+            gettext = _make_new_gettext(gettext)
+            ngettext = _make_new_ngettext(ngettext)
+
+            if pgettext is not None:
+                pgettext = _make_new_pgettext(pgettext)
+
+            if npgettext is not None:
+                npgettext = _make_new_npgettext(npgettext)
+
+        self.environment.globals.update(
+            gettext=gettext, ngettext=ngettext, pgettext=pgettext, npgettext=npgettext
+        )
+
+    def _uninstall(self, translations: "_SupportedTranslations") -> None:
+        for key in ("gettext", "ngettext", "pgettext", "npgettext"):
+            self.environment.globals.pop(key, None)
+
+    def _extract(
+        self,
+        source: t.Union[str, nodes.Template],
+        gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    ) -> t.Iterator[
+        t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+    ]:
+        if isinstance(source, str):
+            source = self.environment.parse(source)
+        return extract_from_ast(source, gettext_functions)
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a translatable tag."""
+        lineno = next(parser.stream).lineno
+
+        context = None
+        context_token = parser.stream.next_if("string")
+
+        if context_token is not None:
+            context = context_token.value
+
+        # find all the variables referenced.  Additionally a variable can be
+        # defined in the body of the trans block too, but this is checked at
+        # a later state.
+        plural_expr: t.Optional[nodes.Expr] = None
+        plural_expr_assignment: t.Optional[nodes.Assign] = None
+        num_called_num = False
+        variables: t.Dict[str, nodes.Expr] = {}
+        trimmed = None
+        while parser.stream.current.type != "block_end":
+            if variables:
+                parser.stream.expect("comma")
+
+            # skip colon for python compatibility
+            if parser.stream.skip_if("colon"):
+                break
+
+            token = parser.stream.expect("name")
+            if token.value in variables:
+                parser.fail(
+                    f"translatable variable {token.value!r} defined twice.",
+                    token.lineno,
+                    exc=TemplateAssertionError,
+                )
+
+            # expressions
+            if parser.stream.current.type == "assign":
+                next(parser.stream)
+                variables[token.value] = var = parser.parse_expression()
+            elif trimmed is None and token.value in ("trimmed", "notrimmed"):
+                trimmed = token.value == "trimmed"
+                continue
+            else:
+                variables[token.value] = var = nodes.Name(token.value, "load")
+
+            if plural_expr is None:
+                if isinstance(var, nodes.Call):
+                    plural_expr = nodes.Name("_trans", "load")
+                    variables[token.value] = plural_expr
+                    plural_expr_assignment = nodes.Assign(
+                        nodes.Name("_trans", "store"), var
+                    )
+                else:
+                    plural_expr = var
+                num_called_num = token.value == "num"
+
+        parser.stream.expect("block_end")
+
+        plural = None
+        have_plural = False
+        referenced = set()
+
+        # now parse until endtrans or pluralize
+        singular_names, singular = self._parse_block(parser, True)
+        if singular_names:
+            referenced.update(singular_names)
+            if plural_expr is None:
+                plural_expr = nodes.Name(singular_names[0], "load")
+                num_called_num = singular_names[0] == "num"
+
+        # if we have a pluralize block, we parse that too
+        if parser.stream.current.test("name:pluralize"):
+            have_plural = True
+            next(parser.stream)
+            if parser.stream.current.type != "block_end":
+                token = parser.stream.expect("name")
+                if token.value not in variables:
+                    parser.fail(
+                        f"unknown variable {token.value!r} for pluralization",
+                        token.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                plural_expr = variables[token.value]
+                num_called_num = token.value == "num"
+            parser.stream.expect("block_end")
+            plural_names, plural = self._parse_block(parser, False)
+            next(parser.stream)
+            referenced.update(plural_names)
+        else:
+            next(parser.stream)
+
+        # register free names as simple name expressions
+        for name in referenced:
+            if name not in variables:
+                variables[name] = nodes.Name(name, "load")
+
+        if not have_plural:
+            plural_expr = None
+        elif plural_expr is None:
+            parser.fail("pluralize without variables", lineno)
+
+        if trimmed is None:
+            trimmed = self.environment.policies["ext.i18n.trimmed"]
+        if trimmed:
+            singular = self._trim_whitespace(singular)
+            if plural:
+                plural = self._trim_whitespace(plural)
+
+        node = self._make_node(
+            singular,
+            plural,
+            context,
+            variables,
+            plural_expr,
+            bool(referenced),
+            num_called_num and have_plural,
+        )
+        node.set_lineno(lineno)
+        if plural_expr_assignment is not None:
+            return [plural_expr_assignment, node]
+        else:
+            return node
+
+    def _trim_whitespace(self, string: str, _ws_re: t.Pattern[str] = _ws_re) -> str:
+        return _ws_re.sub(" ", string.strip())
+
+    def _parse_block(
+        self, parser: "Parser", allow_pluralize: bool
+    ) -> t.Tuple[t.List[str], str]:
+        """Parse until the next block tag with a given name."""
+        referenced = []
+        buf = []
+
+        while True:
+            if parser.stream.current.type == "data":
+                buf.append(parser.stream.current.value.replace("%", "%%"))
+                next(parser.stream)
+            elif parser.stream.current.type == "variable_begin":
+                next(parser.stream)
+                name = parser.stream.expect("name").value
+                referenced.append(name)
+                buf.append(f"%({name})s")
+                parser.stream.expect("variable_end")
+            elif parser.stream.current.type == "block_begin":
+                next(parser.stream)
+                block_name = (
+                    parser.stream.current.value
+                    if parser.stream.current.type == "name"
+                    else None
+                )
+                if block_name == "endtrans":
+                    break
+                elif block_name == "pluralize":
+                    if allow_pluralize:
+                        break
+                    parser.fail(
+                        "a translatable section can have only one pluralize section"
+                    )
+                elif block_name == "trans":
+                    parser.fail(
+                        "trans blocks can't be nested; did you mean `endtrans`?"
+                    )
+                parser.fail(
+                    f"control structures in translatable sections are not allowed; "
+                    f"saw `{block_name}`"
+                )
+            elif parser.stream.eos:
+                parser.fail("unclosed translation block")
+            else:
+                raise RuntimeError("internal parser error")
+
+        return referenced, concat(buf)
+
+    def _make_node(
+        self,
+        singular: str,
+        plural: t.Optional[str],
+        context: t.Optional[str],
+        variables: t.Dict[str, nodes.Expr],
+        plural_expr: t.Optional[nodes.Expr],
+        vars_referenced: bool,
+        num_called_num: bool,
+    ) -> nodes.Output:
+        """Generates a useful node from the data provided."""
+        newstyle = self.environment.newstyle_gettext  # type: ignore
+        node: nodes.Expr
+
+        # no variables referenced?  no need to escape for old style
+        # gettext invocations only if there are vars.
+        if not vars_referenced and not newstyle:
+            singular = singular.replace("%%", "%")
+            if plural:
+                plural = plural.replace("%%", "%")
+
+        func_name = "gettext"
+        func_args: t.List[nodes.Expr] = [nodes.Const(singular)]
+
+        if context is not None:
+            func_args.insert(0, nodes.Const(context))
+            func_name = f"p{func_name}"
+
+        if plural_expr is not None:
+            func_name = f"n{func_name}"
+            func_args.extend((nodes.Const(plural), plural_expr))
+
+        node = nodes.Call(nodes.Name(func_name, "load"), func_args, [], None, None)
+
+        # in case newstyle gettext is used, the method is powerful
+        # enough to handle the variable expansion and autoescape
+        # handling itself
+        if newstyle:
+            for key, value in variables.items():
+                # the function adds that later anyways in case num was
+                # called num, so just skip it.
+                if num_called_num and key == "num":
+                    continue
+                node.kwargs.append(nodes.Keyword(key, value))
+
+        # otherwise do that here
+        else:
+            # mark the return value as safe if we are in an
+            # environment with autoescaping turned on
+            node = nodes.MarkSafeIfAutoescape(node)
+            if variables:
+                node = nodes.Mod(
+                    node,
+                    nodes.Dict(
+                        [
+                            nodes.Pair(nodes.Const(key), value)
+                            for key, value in variables.items()
+                        ]
+                    ),
+                )
+        return nodes.Output([node])
+
+
+class ExprStmtExtension(Extension):
+    """Adds a `do` tag to Jinja that works like the print statement just
+    that it doesn't print the return value.
+    """
+
+    tags = {"do"}
+
+    def parse(self, parser: "Parser") -> nodes.ExprStmt:
+        node = nodes.ExprStmt(lineno=next(parser.stream).lineno)
+        node.node = parser.parse_tuple()
+        return node
+
+
+class LoopControlExtension(Extension):
+    """Adds break and continue to the template engine."""
+
+    tags = {"break", "continue"}
+
+    def parse(self, parser: "Parser") -> t.Union[nodes.Break, nodes.Continue]:
+        token = next(parser.stream)
+        if token.value == "break":
+            return nodes.Break(lineno=token.lineno)
+        return nodes.Continue(lineno=token.lineno)
+
+
+class DebugExtension(Extension):
+    """A ``{% debug %}`` tag that dumps the available variables,
+    filters, and tests.
+
+    .. code-block:: html+jinja
+
+        <pre>{% debug %}</pre>
+
+    .. code-block:: text
+
+        {'context': {'cycler': <class 'jinja2.utils.Cycler'>,
+                     ...,
+                     'namespace': <class 'jinja2.utils.Namespace'>},
+         'filters': ['abs', 'attr', 'batch', 'capitalize', 'center', 'count', 'd',
+                     ..., 'urlencode', 'urlize', 'wordcount', 'wordwrap', 'xmlattr'],
+         'tests': ['!=', '<', '<=', '==', '>', '>=', 'callable', 'defined',
+                   ..., 'odd', 'sameas', 'sequence', 'string', 'undefined', 'upper']}
+
+    .. versionadded:: 2.11.0
+    """
+
+    tags = {"debug"}
+
+    def parse(self, parser: "Parser") -> nodes.Output:
+        lineno = parser.stream.expect("name:debug").lineno
+        context = nodes.ContextReference()
+        result = self.call_method("_render", [context], lineno=lineno)
+        return nodes.Output([result], lineno=lineno)
+
+    def _render(self, context: Context) -> str:
+        result = {
+            "context": context.get_all(),
+            "filters": sorted(self.environment.filters.keys()),
+            "tests": sorted(self.environment.tests.keys()),
+        }
+
+        # Set the depth since the intent is to show the top few names.
+        return pprint.pformat(result, depth=3, compact=True)
+
+
+def extract_from_ast(
+    ast: nodes.Template,
+    gettext_functions: t.Sequence[str] = GETTEXT_FUNCTIONS,
+    babel_style: bool = True,
+) -> t.Iterator[
+    t.Tuple[int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]]
+]:
+    """Extract localizable strings from the given template node.  Per
+    default this function returns matches in babel style that means non string
+    parameters as well as keyword arguments are returned as `None`.  This
+    allows Babel to figure out what you really meant if you are using
+    gettext functions that allow keyword arguments for placeholder expansion.
+    If you don't want that behavior set the `babel_style` parameter to `False`
+    which causes only strings to be returned and parameters are always stored
+    in tuples.  As a consequence invalid gettext calls (calls without a single
+    string parameter or string parameters after non-string parameters) are
+    skipped.
+
+    This example explains the behavior:
+
+    >>> from jinja2 import Environment
+    >>> env = Environment()
+    >>> node = env.parse('{{ (_("foo"), _(), ngettext("foo", "bar", 42)) }}')
+    >>> list(extract_from_ast(node))
+    [(1, '_', 'foo'), (1, '_', ()), (1, 'ngettext', ('foo', 'bar', None))]
+    >>> list(extract_from_ast(node, babel_style=False))
+    [(1, '_', ('foo',)), (1, 'ngettext', ('foo', 'bar'))]
+
+    For every string found this function yields a ``(lineno, function,
+    message)`` tuple, where:
+
+    * ``lineno`` is the number of the line on which the string was found,
+    * ``function`` is the name of the ``gettext`` function used (if the
+      string was extracted from embedded Python code), and
+    *   ``message`` is the string, or a tuple of strings for functions
+         with multiple string arguments.
+
+    This extraction function operates on the AST and is because of that unable
+    to extract any comments.  For comment support you have to use the babel
+    extraction interface or extract comments yourself.
+    """
+    out: t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]]
+
+    for node in ast.find_all(nodes.Call):
+        if (
+            not isinstance(node.node, nodes.Name)
+            or node.node.name not in gettext_functions
+        ):
+            continue
+
+        strings: t.List[t.Optional[str]] = []
+
+        for arg in node.args:
+            if isinstance(arg, nodes.Const) and isinstance(arg.value, str):
+                strings.append(arg.value)
+            else:
+                strings.append(None)
+
+        for _ in node.kwargs:
+            strings.append(None)
+        if node.dyn_args is not None:
+            strings.append(None)
+        if node.dyn_kwargs is not None:
+            strings.append(None)
+
+        if not babel_style:
+            out = tuple(x for x in strings if x is not None)
+
+            if not out:
+                continue
+        else:
+            if len(strings) == 1:
+                out = strings[0]
+            else:
+                out = tuple(strings)
+
+        yield node.lineno, node.node.name, out
+
+
+class _CommentFinder:
+    """Helper class to find comments in a token stream.  Can only
+    find comments for gettext calls forwards.  Once the comment
+    from line 4 is found, a comment for line 1 will not return a
+    usable value.
+    """
+
+    def __init__(
+        self, tokens: t.Sequence[t.Tuple[int, str, str]], comment_tags: t.Sequence[str]
+    ) -> None:
+        self.tokens = tokens
+        self.comment_tags = comment_tags
+        self.offset = 0
+        self.last_lineno = 0
+
+    def find_backwards(self, offset: int) -> t.List[str]:
+        try:
+            for _, token_type, token_value in reversed(
+                self.tokens[self.offset : offset]
+            ):
+                if token_type in ("comment", "linecomment"):
+                    try:
+                        prefix, comment = token_value.split(None, 1)
+                    except ValueError:
+                        continue
+                    if prefix in self.comment_tags:
+                        return [comment.rstrip()]
+            return []
+        finally:
+            self.offset = offset
+
+    def find_comments(self, lineno: int) -> t.List[str]:
+        if not self.comment_tags or self.last_lineno > lineno:
+            return []
+        for idx, (token_lineno, _, _) in enumerate(self.tokens[self.offset :]):
+            if token_lineno > lineno:
+                return self.find_backwards(self.offset + idx)
+        return self.find_backwards(len(self.tokens))
+
+
+def babel_extract(
+    fileobj: t.BinaryIO,
+    keywords: t.Sequence[str],
+    comment_tags: t.Sequence[str],
+    options: t.Dict[str, t.Any],
+) -> t.Iterator[
+    t.Tuple[
+        int, str, t.Union[t.Optional[str], t.Tuple[t.Optional[str], ...]], t.List[str]
+    ]
+]:
+    """Babel extraction method for Jinja templates.
+
+    .. versionchanged:: 2.3
+       Basic support for translation comments was added.  If `comment_tags`
+       is now set to a list of keywords for extraction, the extractor will
+       try to find the best preceding comment that begins with one of the
+       keywords.  For best results, make sure to not have more than one
+       gettext call in one line of code and the matching comment in the
+       same line or the line before.
+
+    .. versionchanged:: 2.5.1
+       The `newstyle_gettext` flag can be set to `True` to enable newstyle
+       gettext calls.
+
+    .. versionchanged:: 2.7
+       A `silent` option can now be provided.  If set to `False` template
+       syntax errors are propagated instead of being ignored.
+
+    :param fileobj: the file-like object the messages should be extracted from
+    :param keywords: a list of keywords (i.e. function names) that should be
+                     recognized as translation functions
+    :param comment_tags: a list of translator tags to search for and include
+                         in the results.
+    :param options: a dictionary of additional options (optional)
+    :return: an iterator over ``(lineno, funcname, message, comments)`` tuples.
+             (comments will be empty currently)
+    """
+    extensions: t.Dict[t.Type[Extension], None] = {}
+
+    for extension_name in options.get("extensions", "").split(","):
+        extension_name = extension_name.strip()
+
+        if not extension_name:
+            continue
+
+        extensions[import_string(extension_name)] = None
+
+    if InternationalizationExtension not in extensions:
+        extensions[InternationalizationExtension] = None
+
+    def getbool(options: t.Mapping[str, str], key: str, default: bool = False) -> bool:
+        return options.get(key, str(default)).lower() in {"1", "on", "yes", "true"}
+
+    silent = getbool(options, "silent", True)
+    environment = Environment(
+        options.get("block_start_string", defaults.BLOCK_START_STRING),
+        options.get("block_end_string", defaults.BLOCK_END_STRING),
+        options.get("variable_start_string", defaults.VARIABLE_START_STRING),
+        options.get("variable_end_string", defaults.VARIABLE_END_STRING),
+        options.get("comment_start_string", defaults.COMMENT_START_STRING),
+        options.get("comment_end_string", defaults.COMMENT_END_STRING),
+        options.get("line_statement_prefix") or defaults.LINE_STATEMENT_PREFIX,
+        options.get("line_comment_prefix") or defaults.LINE_COMMENT_PREFIX,
+        getbool(options, "trim_blocks", defaults.TRIM_BLOCKS),
+        getbool(options, "lstrip_blocks", defaults.LSTRIP_BLOCKS),
+        defaults.NEWLINE_SEQUENCE,
+        getbool(options, "keep_trailing_newline", defaults.KEEP_TRAILING_NEWLINE),
+        tuple(extensions),
+        cache_size=0,
+        auto_reload=False,
+    )
+
+    if getbool(options, "trimmed"):
+        environment.policies["ext.i18n.trimmed"] = True
+    if getbool(options, "newstyle_gettext"):
+        environment.newstyle_gettext = True  # type: ignore
+
+    source = fileobj.read().decode(options.get("encoding", "utf-8"))
+    try:
+        node = environment.parse(source)
+        tokens = list(environment.lex(environment.preprocess(source)))
+    except TemplateSyntaxError:
+        if not silent:
+            raise
+        # skip templates with syntax errors
+        return
+
+    finder = _CommentFinder(tokens, comment_tags)
+    for lineno, func, message in extract_from_ast(node, keywords):
+        yield lineno, func, message, finder.find_comments(lineno)
+
+
+#: nicer import names
+i18n = InternationalizationExtension
+do = ExprStmtExtension
+loopcontrols = LoopControlExtension
+debug = DebugExtension
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/filters.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/filters.py
new file mode 100644
index 000000000..acd11976e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/filters.py
@@ -0,0 +1,1866 @@
+"""Built-in template filters used with the ``|`` operator."""
+
+import math
+import random
+import re
+import typing
+import typing as t
+from collections import abc
+from itertools import chain
+from itertools import groupby
+
+from markupsafe import escape
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import async_variant
+from .async_utils import auto_aiter
+from .async_utils import auto_await
+from .async_utils import auto_to_list
+from .exceptions import FilterArgumentError
+from .runtime import Undefined
+from .utils import htmlsafe_json_dumps
+from .utils import pass_context
+from .utils import pass_environment
+from .utils import pass_eval_context
+from .utils import pformat
+from .utils import url_quote
+from .utils import urlize
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+    from .nodes import EvalContext
+    from .runtime import Context
+    from .sandbox import SandboxedEnvironment  # noqa: F401
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+K = t.TypeVar("K")
+V = t.TypeVar("V")
+
+
+def ignore_case(value: V) -> V:
+    """For use as a postprocessor for :func:`make_attrgetter`. Converts strings
+    to lowercase and returns other types as-is."""
+    if isinstance(value, str):
+        return t.cast(V, value.lower())
+
+    return value
+
+
+def make_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+    default: t.Optional[t.Any] = None,
+) -> t.Callable[[t.Any], t.Any]:
+    """Returns a callable that looks up the given attribute from a
+    passed object with the rules of the environment.  Dots are allowed
+    to access attributes of attributes.  Integer parts in paths are
+    looked up as integers.
+    """
+    parts = _prepare_attribute_parts(attribute)
+
+    def attrgetter(item: t.Any) -> t.Any:
+        for part in parts:
+            item = environment.getitem(item, part)
+
+            if default is not None and isinstance(item, Undefined):
+                item = default
+
+        if postprocess is not None:
+            item = postprocess(item)
+
+        return item
+
+    return attrgetter
+
+
+def make_multi_attrgetter(
+    environment: "Environment",
+    attribute: t.Optional[t.Union[str, int]],
+    postprocess: t.Optional[t.Callable[[t.Any], t.Any]] = None,
+) -> t.Callable[[t.Any], t.List[t.Any]]:
+    """Returns a callable that looks up the given comma separated
+    attributes from a passed object with the rules of the environment.
+    Dots are allowed to access attributes of each attribute.  Integer
+    parts in paths are looked up as integers.
+
+    The value returned by the returned callable is a list of extracted
+    attribute values.
+
+    Examples of attribute: "attr1,attr2", "attr1.inner1.0,attr2.inner2.0", etc.
+    """
+    if isinstance(attribute, str):
+        split: t.Sequence[t.Union[str, int, None]] = attribute.split(",")
+    else:
+        split = [attribute]
+
+    parts = [_prepare_attribute_parts(item) for item in split]
+
+    def attrgetter(item: t.Any) -> t.List[t.Any]:
+        items = [None] * len(parts)
+
+        for i, attribute_part in enumerate(parts):
+            item_i = item
+
+            for part in attribute_part:
+                item_i = environment.getitem(item_i, part)
+
+            if postprocess is not None:
+                item_i = postprocess(item_i)
+
+            items[i] = item_i
+
+        return items
+
+    return attrgetter
+
+
+def _prepare_attribute_parts(
+    attr: t.Optional[t.Union[str, int]],
+) -> t.List[t.Union[str, int]]:
+    if attr is None:
+        return []
+
+    if isinstance(attr, str):
+        return [int(x) if x.isdigit() else x for x in attr.split(".")]
+
+    return [attr]
+
+
+def do_forceescape(value: "t.Union[str, HasHTML]") -> Markup:
+    """Enforce HTML escaping.  This will probably double escape variables."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return escape(str(value))
+
+
+def do_urlencode(
+    value: t.Union[str, t.Mapping[str, t.Any], t.Iterable[t.Tuple[str, t.Any]]],
+) -> str:
+    """Quote data for use in a URL path or query using UTF-8.
+
+    Basic wrapper around :func:`urllib.parse.quote` when given a
+    string, or :func:`urllib.parse.urlencode` for a dict or iterable.
+
+    :param value: Data to quote. A string will be quoted directly. A
+        dict or iterable of ``(key, value)`` pairs will be joined as a
+        query string.
+
+    When given a string, "/" is not quoted. HTTP servers treat "/" and
+    "%2F" equivalently in paths. If you need quoted slashes, use the
+    ``|replace("/", "%2F")`` filter.
+
+    .. versionadded:: 2.7
+    """
+    if isinstance(value, str) or not isinstance(value, abc.Iterable):
+        return url_quote(value)
+
+    if isinstance(value, dict):
+        items: t.Iterable[t.Tuple[str, t.Any]] = value.items()
+    else:
+        items = value  # type: ignore
+
+    return "&".join(
+        f"{url_quote(k, for_qs=True)}={url_quote(v, for_qs=True)}" for k, v in items
+    )
+
+
+@pass_eval_context
+def do_replace(
+    eval_ctx: "EvalContext", s: str, old: str, new: str, count: t.Optional[int] = None
+) -> str:
+    """Return a copy of the value with all occurrences of a substring
+    replaced with a new one. The first argument is the substring
+    that should be replaced, the second is the replacement string.
+    If the optional third argument ``count`` is given, only the first
+    ``count`` occurrences are replaced:
+
+    .. sourcecode:: jinja
+
+        {{ "Hello World"|replace("Hello", "Goodbye") }}
+            -> Goodbye World
+
+        {{ "aaaaargh"|replace("a", "d'oh, ", 2) }}
+            -> d'oh, d'oh, aaargh
+    """
+    if count is None:
+        count = -1
+
+    if not eval_ctx.autoescape:
+        return str(s).replace(str(old), str(new), count)
+
+    if (
+        hasattr(old, "__html__")
+        or hasattr(new, "__html__")
+        and not hasattr(s, "__html__")
+    ):
+        s = escape(s)
+    else:
+        s = soft_str(s)
+
+    return s.replace(soft_str(old), soft_str(new), count)
+
+
+def do_upper(s: str) -> str:
+    """Convert a value to uppercase."""
+    return soft_str(s).upper()
+
+
+def do_lower(s: str) -> str:
+    """Convert a value to lowercase."""
+    return soft_str(s).lower()
+
+
+def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K, V]]:
+    """Return an iterator over the ``(key, value)`` items of a mapping.
+
+    ``x|items`` is the same as ``x.items()``, except if ``x`` is
+    undefined an empty iterator is returned.
+
+    This filter is useful if you expect the template to be rendered with
+    an implementation of Jinja in another programming language that does
+    not have a ``.items()`` method on its mapping type.
+
+    .. code-block:: html+jinja
+
+        <dl>
+        {% for key, value in my_dict|items %}
+            <dt>{{ key }}
+            <dd>{{ value }}
+        {% endfor %}
+        </dl>
+
+    .. versionadded:: 3.1
+    """
+    if isinstance(value, Undefined):
+        return
+
+    if not isinstance(value, abc.Mapping):
+        raise TypeError("Can only get item pairs from a mapping.")
+
+    yield from value.items()
+
+
+# Check for characters that would move the parser state from key to value.
+# https://html.spec.whatwg.org/#attribute-name-state
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+
+
+@pass_eval_context
+def do_xmlattr(
+    eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
+) -> str:
+    """Create an SGML/XML attribute string based on the items in a dict.
+
+    **Values** that are neither ``none`` nor ``undefined`` are automatically
+    escaped, safely allowing untrusted user input.
+
+    User input should not be used as **keys** to this filter. If any key
+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
+    sign, this fails with a ``ValueError``. Regardless of this, user input
+    should never be used as keys to this filter, or must be separately validated
+    first.
+
+    .. sourcecode:: html+jinja
+
+        <ul{{ {'class': 'my_list', 'missing': none,
+                'id': 'list-%d'|format(variable)}|xmlattr }}>
+        ...
+        </ul>
+
+    Results in something like this:
+
+    .. sourcecode:: html
+
+        <ul class="my_list" id="list-42">
+        ...
+        </ul>
+
+    As you can see it automatically prepends a space in front of the item
+    if the filter returned something unless the second parameter is false.
+
+    .. versionchanged:: 3.1.4
+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
+        are not allowed.
+
+    .. versionchanged:: 3.1.3
+        Keys with spaces are not allowed.
+    """
+    items = []
+
+    for key, value in d.items():
+        if value is None or isinstance(value, Undefined):
+            continue
+
+        if _attr_key_re.search(key) is not None:
+            raise ValueError(f"Invalid character in attribute name: {key!r}")
+
+        items.append(f'{escape(key)}="{escape(value)}"')
+
+    rv = " ".join(items)
+
+    if autospace and rv:
+        rv = " " + rv
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_capitalize(s: str) -> str:
+    """Capitalize a value. The first character will be uppercase, all others
+    lowercase.
+    """
+    return soft_str(s).capitalize()
+
+
+_word_beginning_split_re = re.compile(r"([-\s({\[<]+)")
+
+
+def do_title(s: str) -> str:
+    """Return a titlecased version of the value. I.e. words will start with
+    uppercase letters, all remaining characters are lowercase.
+    """
+    return "".join(
+        [
+            item[0].upper() + item[1:].lower()
+            for item in _word_beginning_split_re.split(soft_str(s))
+            if item
+        ]
+    )
+
+
+def do_dictsort(
+    value: t.Mapping[K, V],
+    case_sensitive: bool = False,
+    by: 'te.Literal["key", "value"]' = "key",
+    reverse: bool = False,
+) -> t.List[t.Tuple[K, V]]:
+    """Sort a dict and yield (key, value) pairs. Python dicts may not
+    be in the order you want to display them in, so sort them first.
+
+    .. sourcecode:: jinja
+
+        {% for key, value in mydict|dictsort %}
+            sort the dict by key, case insensitive
+
+        {% for key, value in mydict|dictsort(reverse=true) %}
+            sort the dict by key, case insensitive, reverse order
+
+        {% for key, value in mydict|dictsort(true) %}
+            sort the dict by key, case sensitive
+
+        {% for key, value in mydict|dictsort(false, 'value') %}
+            sort the dict by value, case insensitive
+    """
+    if by == "key":
+        pos = 0
+    elif by == "value":
+        pos = 1
+    else:
+        raise FilterArgumentError('You can only sort by either "key" or "value"')
+
+    def sort_func(item: t.Tuple[t.Any, t.Any]) -> t.Any:
+        value = item[pos]
+
+        if not case_sensitive:
+            value = ignore_case(value)
+
+        return value
+
+    return sorted(value.items(), key=sort_func, reverse=reverse)
+
+
+@pass_environment
+def do_sort(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    reverse: bool = False,
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.List[V]":
+    """Sort an iterable using Python's :func:`sorted`.
+
+    .. sourcecode:: jinja
+
+        {% for city in cities|sort %}
+            ...
+        {% endfor %}
+
+    :param reverse: Sort descending instead of ascending.
+    :param case_sensitive: When sorting strings, sort upper and lower
+        case separately.
+    :param attribute: When sorting objects or dicts, an attribute or
+        key to sort by. Can use dot notation like ``"address.city"``.
+        Can be a list of attributes like ``"age,name"``.
+
+    The sort is stable, it does not change the relative order of
+    elements that compare equal. This makes it is possible to chain
+    sorts on different attributes and ordering.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="name")
+            |sort(reverse=true, attribute="age") %}
+            ...
+        {% endfor %}
+
+    As a shortcut to chaining when the direction is the same for all
+    attributes, pass a comma separate list of attributes.
+
+    .. sourcecode:: jinja
+
+        {% for user in users|sort(attribute="age,name") %}
+            ...
+        {% endfor %}
+
+    .. versionchanged:: 2.11.0
+        The ``attribute`` parameter can be a comma separated list of
+        attributes, e.g. ``"age,name"``.
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added.
+    """
+    key_func = make_multi_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return sorted(value, key=key_func, reverse=reverse)
+
+
+@pass_environment
+def do_unique(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Iterator[V]":
+    """Returns a list of unique items from the given iterable.
+
+    .. sourcecode:: jinja
+
+        {{ ['foo', 'bar', 'foobar', 'FooBar']|unique|list }}
+            -> ['foo', 'bar', 'foobar']
+
+    The unique items are yielded in the same order as their first occurrence in
+    the iterable passed to the filter.
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Filter objects with unique values for this attribute.
+    """
+    getter = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    seen = set()
+
+    for item in value:
+        key = getter(item)
+
+        if key not in seen:
+            seen.add(key)
+            yield item
+
+
+def _min_or_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    func: "t.Callable[..., V]",
+    case_sensitive: bool,
+    attribute: t.Optional[t.Union[str, int]],
+) -> "t.Union[V, Undefined]":
+    it = iter(value)
+
+    try:
+        first = next(it)
+    except StopIteration:
+        return environment.undefined("No aggregated item, sequence was empty.")
+
+    key_func = make_attrgetter(
+        environment, attribute, postprocess=ignore_case if not case_sensitive else None
+    )
+    return func(chain([first], it), key=key_func)
+
+
+@pass_environment
+def do_min(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the smallest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|min }}
+            -> 1
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the min value of this attribute.
+    """
+    return _min_or_max(environment, value, min, case_sensitive, attribute)
+
+
+@pass_environment
+def do_max(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    case_sensitive: bool = False,
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> "t.Union[V, Undefined]":
+    """Return the largest item from the sequence.
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|max }}
+            -> 3
+
+    :param case_sensitive: Treat upper and lower case strings as distinct.
+    :param attribute: Get the object with the max value of this attribute.
+    """
+    return _min_or_max(environment, value, max, case_sensitive, attribute)
+
+
+def do_default(
+    value: V,
+    default_value: V = "",  # type: ignore
+    boolean: bool = False,
+) -> V:
+    """If the value is undefined it will return the passed default value,
+    otherwise the value of the variable:
+
+    .. sourcecode:: jinja
+
+        {{ my_variable|default('my_variable is not defined') }}
+
+    This will output the value of ``my_variable`` if the variable was
+    defined, otherwise ``'my_variable is not defined'``. If you want
+    to use default with variables that evaluate to false you have to
+    set the second parameter to `true`:
+
+    .. sourcecode:: jinja
+
+        {{ ''|default('the string was empty', true) }}
+
+    .. versionchanged:: 2.11
+       It's now possible to configure the :class:`~jinja2.Environment` with
+       :class:`~jinja2.ChainableUndefined` to make the `default` filter work
+       on nested elements and attributes that may contain undefined values
+       in the chain without getting an :exc:`~jinja2.UndefinedError`.
+    """
+    if isinstance(value, Undefined) or (boolean and not value):
+        return default_value
+
+    return value
+
+
+@pass_eval_context
+def sync_do_join(
+    eval_ctx: "EvalContext",
+    value: t.Iterable[t.Any],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    """Return a string which is the concatenation of the strings in the
+    sequence. The separator between elements is an empty string per
+    default, you can define it with the optional parameter:
+
+    .. sourcecode:: jinja
+
+        {{ [1, 2, 3]|join('|') }}
+            -> 1|2|3
+
+        {{ [1, 2, 3]|join }}
+            -> 123
+
+    It is also possible to join certain attributes of an object:
+
+    .. sourcecode:: jinja
+
+        {{ users|join(', ', attribute='username') }}
+
+    .. versionadded:: 2.6
+       The `attribute` parameter was added.
+    """
+    if attribute is not None:
+        value = map(make_attrgetter(eval_ctx.environment, attribute), value)
+
+    # no automatic escaping?  joining is a lot easier then
+    if not eval_ctx.autoescape:
+        return str(d).join(map(str, value))
+
+    # if the delimiter doesn't have an html representation we check
+    # if any of the items has.  If yes we do a coercion to Markup
+    if not hasattr(d, "__html__"):
+        value = list(value)
+        do_escape = False
+
+        for idx, item in enumerate(value):
+            if hasattr(item, "__html__"):
+                do_escape = True
+            else:
+                value[idx] = str(item)
+
+        if do_escape:
+            d = escape(d)
+        else:
+            d = str(d)
+
+        return d.join(value)
+
+    # no html involved, to normal joining
+    return soft_str(d).join(map(soft_str, value))
+
+
+@async_variant(sync_do_join)  # type: ignore
+async def do_join(
+    eval_ctx: "EvalContext",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    d: str = "",
+    attribute: t.Optional[t.Union[str, int]] = None,
+) -> str:
+    return sync_do_join(eval_ctx, await auto_to_list(value), d, attribute)
+
+
+def do_center(value: str, width: int = 80) -> str:
+    """Centers the value in a field of a given width."""
+    return soft_str(value).center(width)
+
+
+@pass_environment
+def sync_do_first(
+    environment: "Environment", seq: "t.Iterable[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the first item of a sequence."""
+    try:
+        return next(iter(seq))
+    except StopIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@async_variant(sync_do_first)  # type: ignore
+async def do_first(
+    environment: "Environment", seq: "t.Union[t.AsyncIterable[V], t.Iterable[V]]"
+) -> "t.Union[V, Undefined]":
+    try:
+        return await auto_aiter(seq).__anext__()
+    except StopAsyncIteration:
+        return environment.undefined("No first item, sequence was empty.")
+
+
+@pass_environment
+def do_last(
+    environment: "Environment", seq: "t.Reversible[V]"
+) -> "t.Union[V, Undefined]":
+    """Return the last item of a sequence.
+
+    Note: Does not work with generators. You may want to explicitly
+    convert it to a list:
+
+    .. sourcecode:: jinja
+
+        {{ data | selectattr('name', '==', 'Jinja') | list | last }}
+    """
+    try:
+        return next(iter(reversed(seq)))
+    except StopIteration:
+        return environment.undefined("No last item, sequence was empty.")
+
+
+# No async do_last, it may not be safe in async mode.
+
+
+@pass_context
+def do_random(context: "Context", seq: "t.Sequence[V]") -> "t.Union[V, Undefined]":
+    """Return a random item from the sequence."""
+    try:
+        return random.choice(seq)
+    except IndexError:
+        return context.environment.undefined("No random item, sequence was empty.")
+
+
+def do_filesizeformat(value: t.Union[str, float, int], binary: bool = False) -> str:
+    """Format the value like a 'human-readable' file size (i.e. 13 kB,
+    4.1 MB, 102 Bytes, etc).  Per default decimal prefixes are used (Mega,
+    Giga, etc.), if the second parameter is set to `True` the binary
+    prefixes are used (Mebi, Gibi).
+    """
+    bytes = float(value)
+    base = 1024 if binary else 1000
+    prefixes = [
+        ("KiB" if binary else "kB"),
+        ("MiB" if binary else "MB"),
+        ("GiB" if binary else "GB"),
+        ("TiB" if binary else "TB"),
+        ("PiB" if binary else "PB"),
+        ("EiB" if binary else "EB"),
+        ("ZiB" if binary else "ZB"),
+        ("YiB" if binary else "YB"),
+    ]
+
+    if bytes == 1:
+        return "1 Byte"
+    elif bytes < base:
+        return f"{int(bytes)} Bytes"
+    else:
+        for i, prefix in enumerate(prefixes):
+            unit = base ** (i + 2)
+
+            if bytes < unit:
+                return f"{base * bytes / unit:.1f} {prefix}"
+
+        return f"{base * bytes / unit:.1f} {prefix}"
+
+
+def do_pprint(value: t.Any) -> str:
+    """Pretty print a variable. Useful for debugging."""
+    return pformat(value)
+
+
+_uri_scheme_re = re.compile(r"^([\w.+-]{2,}:(/){0,2})$")
+
+
+@pass_eval_context
+def do_urlize(
+    eval_ctx: "EvalContext",
+    value: str,
+    trim_url_limit: t.Optional[int] = None,
+    nofollow: bool = False,
+    target: t.Optional[str] = None,
+    rel: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param value: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param nofollow: Add the ``rel=nofollow`` attribute to links.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior. Defaults to
+        ``env.policies["urlize.extra_schemes"]``, which defaults to no
+        extra schemes.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+
+    .. versionchanged:: 2.8
+       The ``target`` parameter was added.
+    """
+    policies = eval_ctx.environment.policies
+    rel_parts = set((rel or "").split())
+
+    if nofollow:
+        rel_parts.add("nofollow")
+
+    rel_parts.update((policies["urlize.rel"] or "").split())
+    rel = " ".join(sorted(rel_parts)) or None
+
+    if target is None:
+        target = policies["urlize.target"]
+
+    if extra_schemes is None:
+        extra_schemes = policies["urlize.extra_schemes"] or ()
+
+    for scheme in extra_schemes:
+        if _uri_scheme_re.fullmatch(scheme) is None:
+            raise FilterArgumentError(f"{scheme!r} is not a valid URI scheme prefix.")
+
+    rv = urlize(
+        value,
+        trim_url_limit=trim_url_limit,
+        rel=rel,
+        target=target,
+        extra_schemes=extra_schemes,
+    )
+
+    if eval_ctx.autoescape:
+        rv = Markup(rv)
+
+    return rv
+
+
+def do_indent(
+    s: str, width: t.Union[int, str] = 4, first: bool = False, blank: bool = False
+) -> str:
+    """Return a copy of the string with each line indented by 4 spaces. The
+    first line and blank lines are not indented by default.
+
+    :param width: Number of spaces, or a string, to indent by.
+    :param first: Don't skip indenting the first line.
+    :param blank: Don't skip indenting empty lines.
+
+    .. versionchanged:: 3.0
+        ``width`` can be a string.
+
+    .. versionchanged:: 2.10
+        Blank lines are not indented by default.
+
+        Rename the ``indentfirst`` argument to ``first``.
+    """
+    if isinstance(width, str):
+        indention = width
+    else:
+        indention = " " * width
+
+    newline = "\n"
+
+    if isinstance(s, Markup):
+        indention = Markup(indention)
+        newline = Markup(newline)
+
+    s += newline  # this quirk is necessary for splitlines method
+
+    if blank:
+        rv = (newline + indention).join(s.splitlines())
+    else:
+        lines = s.splitlines()
+        rv = lines.pop(0)
+
+        if lines:
+            rv += newline + newline.join(
+                indention + line if line else line for line in lines
+            )
+
+    if first:
+        rv = indention + rv
+
+    return rv
+
+
+@pass_environment
+def do_truncate(
+    env: "Environment",
+    s: str,
+    length: int = 255,
+    killwords: bool = False,
+    end: str = "...",
+    leeway: t.Optional[int] = None,
+) -> str:
+    """Return a truncated copy of the string. The length is specified
+    with the first parameter which defaults to ``255``. If the second
+    parameter is ``true`` the filter will cut the text at length. Otherwise
+    it will discard the last word. If the text was in fact
+    truncated it will append an ellipsis sign (``"..."``). If you want a
+    different ellipsis sign than ``"..."`` you can specify it using the
+    third parameter. Strings that only exceed the length by the tolerance
+    margin given in the fourth parameter will not be truncated.
+
+    .. sourcecode:: jinja
+
+        {{ "foo bar baz qux"|truncate(9) }}
+            -> "foo..."
+        {{ "foo bar baz qux"|truncate(9, True) }}
+            -> "foo ba..."
+        {{ "foo bar baz qux"|truncate(11) }}
+            -> "foo bar baz qux"
+        {{ "foo bar baz qux"|truncate(11, False, '...', 0) }}
+            -> "foo bar..."
+
+    The default leeway on newer Jinja versions is 5 and was 0 before but
+    can be reconfigured globally.
+    """
+    if leeway is None:
+        leeway = env.policies["truncate.leeway"]
+
+    assert length >= len(end), f"expected length >= {len(end)}, got {length}"
+    assert leeway >= 0, f"expected leeway >= 0, got {leeway}"
+
+    if len(s) <= length + leeway:
+        return s
+
+    if killwords:
+        return s[: length - len(end)] + end
+
+    result = s[: length - len(end)].rsplit(" ", 1)[0]
+    return result + end
+
+
+@pass_environment
+def do_wordwrap(
+    environment: "Environment",
+    s: str,
+    width: int = 79,
+    break_long_words: bool = True,
+    wrapstring: t.Optional[str] = None,
+    break_on_hyphens: bool = True,
+) -> str:
+    """Wrap a string to the given width. Existing newlines are treated
+    as paragraphs to be wrapped separately.
+
+    :param s: Original text to wrap.
+    :param width: Maximum length of wrapped lines.
+    :param break_long_words: If a word is longer than ``width``, break
+        it across lines.
+    :param break_on_hyphens: If a word contains hyphens, it may be split
+        across lines.
+    :param wrapstring: String to join each wrapped line. Defaults to
+        :attr:`Environment.newline_sequence`.
+
+    .. versionchanged:: 2.11
+        Existing newlines are treated as paragraphs wrapped separately.
+
+    .. versionchanged:: 2.11
+        Added the ``break_on_hyphens`` parameter.
+
+    .. versionchanged:: 2.7
+        Added the ``wrapstring`` parameter.
+    """
+    import textwrap
+
+    if wrapstring is None:
+        wrapstring = environment.newline_sequence
+
+    # textwrap.wrap doesn't consider existing newlines when wrapping.
+    # If the string has a newline before width, wrap will still insert
+    # a newline at width, resulting in a short line. Instead, split and
+    # wrap each paragraph individually.
+    return wrapstring.join(
+        [
+            wrapstring.join(
+                textwrap.wrap(
+                    line,
+                    width=width,
+                    expand_tabs=False,
+                    replace_whitespace=False,
+                    break_long_words=break_long_words,
+                    break_on_hyphens=break_on_hyphens,
+                )
+            )
+            for line in s.splitlines()
+        ]
+    )
+
+
+_word_re = re.compile(r"\w+")
+
+
+def do_wordcount(s: str) -> int:
+    """Count the words in that string."""
+    return len(_word_re.findall(soft_str(s)))
+
+
+def do_int(value: t.Any, default: int = 0, base: int = 10) -> int:
+    """Convert the value into an integer. If the
+    conversion doesn't work it will return ``0``. You can
+    override this default using the first parameter. You
+    can also override the default base (10) in the second
+    parameter, which handles input with prefixes such as
+    0b, 0o and 0x for bases 2, 8 and 16 respectively.
+    The base is ignored for decimal numbers and non-string values.
+    """
+    try:
+        if isinstance(value, str):
+            return int(value, base)
+
+        return int(value)
+    except (TypeError, ValueError):
+        # this quirk is necessary so that "42.23"|int gives 42.
+        try:
+            return int(float(value))
+        except (TypeError, ValueError):
+            return default
+
+
+def do_float(value: t.Any, default: float = 0.0) -> float:
+    """Convert the value into a floating point number. If the
+    conversion doesn't work it will return ``0.0``. You can
+    override this default using the first parameter.
+    """
+    try:
+        return float(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def do_format(value: str, *args: t.Any, **kwargs: t.Any) -> str:
+    """Apply the given values to a `printf-style`_ format string, like
+    ``string % values``.
+
+    .. sourcecode:: jinja
+
+        {{ "%s, %s!"|format(greeting, name) }}
+        Hello, World!
+
+    In most cases it should be more convenient and efficient to use the
+    ``%`` operator or :meth:`str.format`.
+
+    .. code-block:: text
+
+        {{ "%s, %s!" % (greeting, name) }}
+        {{ "{}, {}!".format(greeting, name) }}
+
+    .. _printf-style: https://docs.python.org/library/stdtypes.html
+        #printf-style-string-formatting
+    """
+    if args and kwargs:
+        raise FilterArgumentError(
+            "can't handle positional and keyword arguments at the same time"
+        )
+
+    return soft_str(value) % (kwargs or args)
+
+
+def do_trim(value: str, chars: t.Optional[str] = None) -> str:
+    """Strip leading and trailing characters, by default whitespace."""
+    return soft_str(value).strip(chars)
+
+
+def do_striptags(value: "t.Union[str, HasHTML]") -> str:
+    """Strip SGML/XML tags and replace adjacent whitespace by one space."""
+    if hasattr(value, "__html__"):
+        value = t.cast("HasHTML", value).__html__()
+
+    return Markup(str(value)).striptags()
+
+
+def sync_do_slice(
+    value: "t.Collection[V]", slices: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """Slice an iterator and return a list of lists containing
+    those items. Useful if you want to create a div containing
+    three ul tags that represent columns:
+
+    .. sourcecode:: html+jinja
+
+        <div class="columnwrapper">
+          {%- for column in items|slice(3) %}
+            <ul class="column-{{ loop.index }}">
+            {%- for item in column %}
+              <li>{{ item }}</li>
+            {%- endfor %}
+            </ul>
+          {%- endfor %}
+        </div>
+
+    If you pass it a second argument it's used to fill missing
+    values on the last iteration.
+    """
+    seq = list(value)
+    length = len(seq)
+    items_per_slice = length // slices
+    slices_with_extra = length % slices
+    offset = 0
+
+    for slice_number in range(slices):
+        start = offset + slice_number * items_per_slice
+
+        if slice_number < slices_with_extra:
+            offset += 1
+
+        end = offset + (slice_number + 1) * items_per_slice
+        tmp = seq[start:end]
+
+        if fill_with is not None and slice_number >= slices_with_extra:
+            tmp.append(fill_with)
+
+        yield tmp
+
+
+@async_variant(sync_do_slice)  # type: ignore
+async def do_slice(
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    slices: int,
+    fill_with: t.Optional[t.Any] = None,
+) -> "t.Iterator[t.List[V]]":
+    return sync_do_slice(await auto_to_list(value), slices, fill_with)
+
+
+def do_batch(
+    value: "t.Iterable[V]", linecount: int, fill_with: "t.Optional[V]" = None
+) -> "t.Iterator[t.List[V]]":
+    """
+    A filter that batches items. It works pretty much like `slice`
+    just the other way round. It returns a list of lists with the
+    given number of items. If you provide a second parameter this
+    is used to fill up missing items. See this example:
+
+    .. sourcecode:: html+jinja
+
+        <table>
+        {%- for row in items|batch(3, '&nbsp;') %}
+          <tr>
+          {%- for column in row %}
+            <td>{{ column }}</td>
+          {%- endfor %}
+          </tr>
+        {%- endfor %}
+        </table>
+    """
+    tmp: "t.List[V]" = []
+
+    for item in value:
+        if len(tmp) == linecount:
+            yield tmp
+            tmp = []
+
+        tmp.append(item)
+
+    if tmp:
+        if fill_with is not None and len(tmp) < linecount:
+            tmp += [fill_with] * (linecount - len(tmp))
+
+        yield tmp
+
+
+def do_round(
+    value: float,
+    precision: int = 0,
+    method: 'te.Literal["common", "ceil", "floor"]' = "common",
+) -> float:
+    """Round the number to a given precision. The first
+    parameter specifies the precision (default is ``0``), the
+    second the rounding method:
+
+    - ``'common'`` rounds either up or down
+    - ``'ceil'`` always rounds up
+    - ``'floor'`` always rounds down
+
+    If you don't specify a method ``'common'`` is used.
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round }}
+            -> 43.0
+        {{ 42.55|round(1, 'floor') }}
+            -> 42.5
+
+    Note that even if rounded to 0 precision, a float is returned.  If
+    you need a real integer, pipe it through `int`:
+
+    .. sourcecode:: jinja
+
+        {{ 42.55|round|int }}
+            -> 43
+    """
+    if method not in {"common", "ceil", "floor"}:
+        raise FilterArgumentError("method must be common, ceil or floor")
+
+    if method == "common":
+        return round(value, precision)
+
+    func = getattr(math, method)
+    return t.cast(float, func(value * (10**precision)) / (10**precision))
+
+
+class _GroupTuple(t.NamedTuple):
+    grouper: t.Any
+    list: t.List[t.Any]
+
+    # Use the regular tuple repr to hide this subclass if users print
+    # out the value during debugging.
+    def __repr__(self) -> str:
+        return tuple.__repr__(self)
+
+    def __str__(self) -> str:
+        return tuple.__str__(self)
+
+
+@pass_environment
+def sync_do_groupby(
+    environment: "Environment",
+    value: "t.Iterable[V]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    """Group a sequence of objects by an attribute using Python's
+    :func:`itertools.groupby`. The attribute can use dot notation for
+    nested access, like ``"address.city"``. Unlike Python's ``groupby``,
+    the values are sorted first so only one group is returned for each
+    unique value.
+
+    For example, a list of ``User`` objects with a ``city`` attribute
+    can be rendered in groups. In this example, ``grouper`` refers to
+    the ``city`` value of the group.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for city, items in users|groupby("city") %}
+          <li>{{ city }}
+            <ul>{% for user in items %}
+              <li>{{ user.name }}
+            {% endfor %}</ul>
+          </li>
+        {% endfor %}</ul>
+
+    ``groupby`` yields namedtuples of ``(grouper, list)``, which
+    can be used instead of the tuple unpacking above. ``grouper`` is the
+    value of the attribute, and ``list`` is the items with that value.
+
+    .. sourcecode:: html+jinja
+
+        <ul>{% for group in users|groupby("city") %}
+          <li>{{ group.grouper }}: {{ group.list|join(", ") }}
+        {% endfor %}</ul>
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        <ul>{% for city, items in users|groupby("city", default="NY") %}
+          <li>{{ city }}: {{ items|map(attribute="name")|join(", ") }}</li>
+        {% endfor %}</ul>
+
+    Like the :func:`~jinja-filters.sort` filter, sorting and grouping is
+    case-insensitive by default. The ``key`` for each group will have
+    the case of the first item in that group of values. For example, if
+    a list of users has cities ``["CA", "NY", "ca"]``, the "CA" group
+    will have two values. This can be disabled by passing
+    ``case_sensitive=True``.
+
+    .. versionchanged:: 3.1
+        Added the ``case_sensitive`` parameter. Sorting and grouping is
+        case-insensitive by default, matching other filters that do
+        comparisons.
+
+    .. versionchanged:: 3.0
+        Added the ``default`` parameter.
+
+    .. versionchanged:: 2.6
+        The attribute supports dot notation for nested access.
+    """
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, list(values))
+        for key, values in groupby(sorted(value, key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@async_variant(sync_do_groupby)  # type: ignore
+async def do_groupby(
+    environment: "Environment",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Union[str, int],
+    default: t.Optional[t.Any] = None,
+    case_sensitive: bool = False,
+) -> "t.List[_GroupTuple]":
+    expr = make_attrgetter(
+        environment,
+        attribute,
+        postprocess=ignore_case if not case_sensitive else None,
+        default=default,
+    )
+    out = [
+        _GroupTuple(key, await auto_to_list(values))
+        for key, values in groupby(sorted(await auto_to_list(value), key=expr), expr)
+    ]
+
+    if not case_sensitive:
+        # Return the real key from the first value instead of the lowercase key.
+        output_expr = make_attrgetter(environment, attribute, default=default)
+        out = [_GroupTuple(output_expr(values[0]), values) for _, values in out]
+
+    return out
+
+
+@pass_environment
+def sync_do_sum(
+    environment: "Environment",
+    iterable: "t.Iterable[V]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    """Returns the sum of a sequence of numbers plus the value of parameter
+    'start' (which defaults to 0).  When the sequence is empty it returns
+    start.
+
+    It is also possible to sum up only certain attributes:
+
+    .. sourcecode:: jinja
+
+        Total: {{ items|sum(attribute='price') }}
+
+    .. versionchanged:: 2.6
+       The ``attribute`` parameter was added to allow summing up over
+       attributes.  Also the ``start`` parameter was moved on to the right.
+    """
+    if attribute is not None:
+        iterable = map(make_attrgetter(environment, attribute), iterable)
+
+    return sum(iterable, start)  # type: ignore[no-any-return, call-overload]
+
+
+@async_variant(sync_do_sum)  # type: ignore
+async def do_sum(
+    environment: "Environment",
+    iterable: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    attribute: t.Optional[t.Union[str, int]] = None,
+    start: V = 0,  # type: ignore
+) -> V:
+    rv = start
+
+    if attribute is not None:
+        func = make_attrgetter(environment, attribute)
+    else:
+
+        def func(x: V) -> V:
+            return x
+
+    async for item in auto_aiter(iterable):
+        rv += func(item)
+
+    return rv
+
+
+def sync_do_list(value: "t.Iterable[V]") -> "t.List[V]":
+    """Convert the value into a list.  If it was a string the returned list
+    will be a list of characters.
+    """
+    return list(value)
+
+
+@async_variant(sync_do_list)  # type: ignore
+async def do_list(value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]") -> "t.List[V]":
+    return await auto_to_list(value)
+
+
+def do_mark_safe(value: str) -> Markup:
+    """Mark the value as safe which means that in an environment with automatic
+    escaping enabled this variable will not be escaped.
+    """
+    return Markup(value)
+
+
+def do_mark_unsafe(value: str) -> str:
+    """Mark a value as unsafe.  This is the reverse operation for :func:`safe`."""
+    return str(value)
+
+
+@typing.overload
+def do_reverse(value: str) -> str: ...
+
+
+@typing.overload
+def do_reverse(value: "t.Iterable[V]") -> "t.Iterable[V]": ...
+
+
+def do_reverse(value: t.Union[str, t.Iterable[V]]) -> t.Union[str, t.Iterable[V]]:
+    """Reverse the object or return an iterator that iterates over it the other
+    way round.
+    """
+    if isinstance(value, str):
+        return value[::-1]
+
+    try:
+        return reversed(value)  # type: ignore
+    except TypeError:
+        try:
+            rv = list(value)
+            rv.reverse()
+            return rv
+        except TypeError as e:
+            raise FilterArgumentError("argument must be iterable") from e
+
+
+@pass_environment
+def do_attr(
+    environment: "Environment", obj: t.Any, name: str
+) -> t.Union[Undefined, t.Any]:
+    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+    ``foo.bar`` just that always an attribute is returned and items are not
+    looked up.
+
+    See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+    """
+    try:
+        name = str(name)
+    except UnicodeError:
+        pass
+    else:
+        try:
+            value = getattr(obj, name)
+        except AttributeError:
+            pass
+        else:
+            if environment.sandboxed:
+                environment = t.cast("SandboxedEnvironment", environment)
+
+                if not environment.is_safe_attribute(obj, name, value):
+                    return environment.unsafe_undefined(obj, name)
+
+            return value
+
+    return environment.undefined(obj=obj, name=name)
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def sync_do_map(
+    context: "Context",
+    value: t.Iterable[t.Any],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@pass_context
+def sync_do_map(
+    context: "Context", value: t.Iterable[t.Any], *args: t.Any, **kwargs: t.Any
+) -> t.Iterable[t.Any]:
+    """Applies a filter on a sequence of objects or looks up an attribute.
+    This is useful when dealing with lists of objects but you are really
+    only interested in a certain value of it.
+
+    The basic usage is mapping on an attribute.  Imagine you have a list
+    of users but you are only interested in a list of usernames:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ users|map(attribute='username')|join(', ') }}
+
+    You can specify a ``default`` value to use if an object in the list
+    does not have the given attribute.
+
+    .. sourcecode:: jinja
+
+        {{ users|map(attribute="username", default="Anonymous")|join(", ") }}
+
+    Alternatively you can let it invoke a filter by passing the name of the
+    filter and the arguments afterwards.  A good example would be applying a
+    text conversion filter on a sequence:
+
+    .. sourcecode:: jinja
+
+        Users on this page: {{ titles|map('lower')|join(', ') }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u.username for u in users)
+        (getattr(u, "username", "Anonymous") for u in users)
+        (do_lower(x) for x in titles)
+
+    .. versionchanged:: 2.11.0
+        Added the ``default`` parameter.
+
+    .. versionadded:: 2.7
+    """
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        for item in value:
+            yield func(item)
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    name: str,
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Iterable[t.Any]: ...
+
+
+@typing.overload
+def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *,
+    attribute: str = ...,
+    default: t.Optional[t.Any] = None,
+) -> t.Iterable[t.Any]: ...
+
+
+@async_variant(sync_do_map)  # type: ignore
+async def do_map(
+    context: "Context",
+    value: t.Union[t.AsyncIterable[t.Any], t.Iterable[t.Any]],
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.AsyncIterable[t.Any]:
+    if value:
+        func = prepare_map(context, args, kwargs)
+
+        async for item in auto_aiter(value):
+            yield await auto_await(func(item))
+
+
+@pass_context
+def sync_do_select(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and only selecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|select("odd") }}
+        {{ numbers|select("odd") }}
+        {{ numbers|select("divisibleby", 3) }}
+        {{ numbers|select("lessthan", 42) }}
+        {{ strings|select("equalto", "mystring") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if test_odd(n))
+        (n for n in numbers if test_divisibleby(n, 3))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@async_variant(sync_do_select)  # type: ignore
+async def do_select(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, False)
+
+
+@pass_context
+def sync_do_reject(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to each object,
+    and rejecting the objects with the test succeeding.
+
+    If no test is specified, each object will be evaluated as a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ numbers|reject("odd") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (n for n in numbers if not test_odd(n))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@async_variant(sync_do_reject)  # type: ignore
+async def do_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, False)
+
+
+@pass_context
+def sync_do_selectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and only selecting the objects with the
+    test succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    Example usage:
+
+    .. sourcecode:: jinja
+
+        {{ users|selectattr("is_active") }}
+        {{ users|selectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if user.is_active)
+        (u for user in users if test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@async_variant(sync_do_selectattr)  # type: ignore
+async def do_selectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: x, True)
+
+
+@pass_context
+def sync_do_rejectattr(
+    context: "Context", value: "t.Iterable[V]", *args: t.Any, **kwargs: t.Any
+) -> "t.Iterator[V]":
+    """Filters a sequence of objects by applying a test to the specified
+    attribute of each object, and rejecting the objects with the test
+    succeeding.
+
+    If no test is specified, the attribute's value will be evaluated as
+    a boolean.
+
+    .. sourcecode:: jinja
+
+        {{ users|rejectattr("is_active") }}
+        {{ users|rejectattr("email", "none") }}
+
+    Similar to a generator comprehension such as:
+
+    .. code-block:: python
+
+        (u for user in users if not user.is_active)
+        (u for user in users if not test_none(user.email))
+
+    .. versionadded:: 2.7
+    """
+    return select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@async_variant(sync_do_rejectattr)  # type: ignore
+async def do_rejectattr(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> "t.AsyncIterator[V]":
+    return async_select_or_reject(context, value, args, kwargs, lambda x: not x, True)
+
+
+@pass_eval_context
+def do_tojson(
+    eval_ctx: "EvalContext", value: t.Any, indent: t.Optional[int] = None
+) -> Markup:
+    """Serialize an object to a string of JSON, and mark it safe to
+    render in HTML. This filter is only for use in HTML documents.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param value: The object to serialize to JSON.
+    :param indent: The ``indent`` parameter passed to ``dumps``, for
+        pretty-printing the value.
+
+    .. versionadded:: 2.9
+    """
+    policies = eval_ctx.environment.policies
+    dumps = policies["json.dumps_function"]
+    kwargs = policies["json.dumps_kwargs"]
+
+    if indent is not None:
+        kwargs = kwargs.copy()
+        kwargs["indent"] = indent
+
+    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
+
+
+def prepare_map(
+    context: "Context", args: t.Tuple[t.Any, ...], kwargs: t.Dict[str, t.Any]
+) -> t.Callable[[t.Any], t.Any]:
+    if not args and "attribute" in kwargs:
+        attribute = kwargs.pop("attribute")
+        default = kwargs.pop("default", None)
+
+        if kwargs:
+            raise FilterArgumentError(
+                f"Unexpected keyword argument {next(iter(kwargs))!r}"
+            )
+
+        func = make_attrgetter(context.environment, attribute, default=default)
+    else:
+        try:
+            name = args[0]
+            args = args[1:]
+        except LookupError:
+            raise FilterArgumentError("map requires a filter argument") from None
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_filter(
+                name, item, args, kwargs, context=context
+            )
+
+    return func
+
+
+def prepare_select_or_reject(
+    context: "Context",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> t.Callable[[t.Any], t.Any]:
+    if lookup_attr:
+        try:
+            attr = args[0]
+        except LookupError:
+            raise FilterArgumentError("Missing parameter for attribute name") from None
+
+        transfunc = make_attrgetter(context.environment, attr)
+        off = 1
+    else:
+        off = 0
+
+        def transfunc(x: V) -> V:
+            return x
+
+    try:
+        name = args[off]
+        args = args[1 + off :]
+
+        def func(item: t.Any) -> t.Any:
+            return context.environment.call_test(name, item, args, kwargs)
+
+    except LookupError:
+        func = bool  # type: ignore
+
+    return lambda item: modfunc(func(transfunc(item)))
+
+
+def select_or_reject(
+    context: "Context",
+    value: "t.Iterable[V]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.Iterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        for item in value:
+            if func(item):
+                yield item
+
+
+async def async_select_or_reject(
+    context: "Context",
+    value: "t.Union[t.AsyncIterable[V], t.Iterable[V]]",
+    args: t.Tuple[t.Any, ...],
+    kwargs: t.Dict[str, t.Any],
+    modfunc: t.Callable[[t.Any], t.Any],
+    lookup_attr: bool,
+) -> "t.AsyncIterator[V]":
+    if value:
+        func = prepare_select_or_reject(context, args, kwargs, modfunc, lookup_attr)
+
+        async for item in auto_aiter(value):
+            if func(item):
+                yield item
+
+
+FILTERS = {
+    "abs": abs,
+    "attr": do_attr,
+    "batch": do_batch,
+    "capitalize": do_capitalize,
+    "center": do_center,
+    "count": len,
+    "d": do_default,
+    "default": do_default,
+    "dictsort": do_dictsort,
+    "e": escape,
+    "escape": escape,
+    "filesizeformat": do_filesizeformat,
+    "first": do_first,
+    "float": do_float,
+    "forceescape": do_forceescape,
+    "format": do_format,
+    "groupby": do_groupby,
+    "indent": do_indent,
+    "int": do_int,
+    "join": do_join,
+    "last": do_last,
+    "length": len,
+    "list": do_list,
+    "lower": do_lower,
+    "items": do_items,
+    "map": do_map,
+    "min": do_min,
+    "max": do_max,
+    "pprint": do_pprint,
+    "random": do_random,
+    "reject": do_reject,
+    "rejectattr": do_rejectattr,
+    "replace": do_replace,
+    "reverse": do_reverse,
+    "round": do_round,
+    "safe": do_mark_safe,
+    "select": do_select,
+    "selectattr": do_selectattr,
+    "slice": do_slice,
+    "sort": do_sort,
+    "string": soft_str,
+    "striptags": do_striptags,
+    "sum": do_sum,
+    "title": do_title,
+    "trim": do_trim,
+    "truncate": do_truncate,
+    "unique": do_unique,
+    "upper": do_upper,
+    "urlencode": do_urlencode,
+    "urlize": do_urlize,
+    "wordcount": do_wordcount,
+    "wordwrap": do_wordwrap,
+    "xmlattr": do_xmlattr,
+    "tojson": do_tojson,
+}
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/idtracking.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/idtracking.py
new file mode 100644
index 000000000..995ebaa0c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/idtracking.py
@@ -0,0 +1,318 @@
+import typing as t
+
+from . import nodes
+from .visitor import NodeVisitor
+
+VAR_LOAD_PARAMETER = "param"
+VAR_LOAD_RESOLVE = "resolve"
+VAR_LOAD_ALIAS = "alias"
+VAR_LOAD_UNDEFINED = "undefined"
+
+
+def find_symbols(
+    nodes: t.Iterable[nodes.Node], parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    visitor = FrameSymbolVisitor(sym)
+    for node in nodes:
+        visitor.visit(node)
+    return sym
+
+
+def symbols_for_node(
+    node: nodes.Node, parent_symbols: t.Optional["Symbols"] = None
+) -> "Symbols":
+    sym = Symbols(parent=parent_symbols)
+    sym.analyze_node(node)
+    return sym
+
+
+class Symbols:
+    def __init__(
+        self, parent: t.Optional["Symbols"] = None, level: t.Optional[int] = None
+    ) -> None:
+        if level is None:
+            if parent is None:
+                level = 0
+            else:
+                level = parent.level + 1
+
+        self.level: int = level
+        self.parent = parent
+        self.refs: t.Dict[str, str] = {}
+        self.loads: t.Dict[str, t.Any] = {}
+        self.stores: t.Set[str] = set()
+
+    def analyze_node(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        visitor = RootVisitor(self)
+        visitor.visit(node, **kwargs)
+
+    def _define_ref(
+        self, name: str, load: t.Optional[t.Tuple[str, t.Optional[str]]] = None
+    ) -> str:
+        ident = f"l_{self.level}_{name}"
+        self.refs[name] = ident
+        if load is not None:
+            self.loads[ident] = load
+        return ident
+
+    def find_load(self, target: str) -> t.Optional[t.Any]:
+        if target in self.loads:
+            return self.loads[target]
+
+        if self.parent is not None:
+            return self.parent.find_load(target)
+
+        return None
+
+    def find_ref(self, name: str) -> t.Optional[str]:
+        if name in self.refs:
+            return self.refs[name]
+
+        if self.parent is not None:
+            return self.parent.find_ref(name)
+
+        return None
+
+    def ref(self, name: str) -> str:
+        rv = self.find_ref(name)
+        if rv is None:
+            raise AssertionError(
+                "Tried to resolve a name to a reference that was"
+                f" unknown to the frame ({name!r})"
+            )
+        return rv
+
+    def copy(self) -> "Symbols":
+        rv = object.__new__(self.__class__)
+        rv.__dict__.update(self.__dict__)
+        rv.refs = self.refs.copy()
+        rv.loads = self.loads.copy()
+        rv.stores = self.stores.copy()
+        return rv
+
+    def store(self, name: str) -> None:
+        self.stores.add(name)
+
+        # If we have not see the name referenced yet, we need to figure
+        # out what to set it to.
+        if name not in self.refs:
+            # If there is a parent scope we check if the name has a
+            # reference there.  If it does it means we might have to alias
+            # to a variable there.
+            if self.parent is not None:
+                outer_ref = self.parent.find_ref(name)
+                if outer_ref is not None:
+                    self._define_ref(name, load=(VAR_LOAD_ALIAS, outer_ref))
+                    return
+
+            # Otherwise we can just set it to undefined.
+            self._define_ref(name, load=(VAR_LOAD_UNDEFINED, None))
+
+    def declare_parameter(self, name: str) -> str:
+        self.stores.add(name)
+        return self._define_ref(name, load=(VAR_LOAD_PARAMETER, None))
+
+    def load(self, name: str) -> None:
+        if self.find_ref(name) is None:
+            self._define_ref(name, load=(VAR_LOAD_RESOLVE, name))
+
+    def branch_update(self, branch_symbols: t.Sequence["Symbols"]) -> None:
+        stores: t.Dict[str, int] = {}
+        for branch in branch_symbols:
+            for target in branch.stores:
+                if target in self.stores:
+                    continue
+                stores[target] = stores.get(target, 0) + 1
+
+        for sym in branch_symbols:
+            self.refs.update(sym.refs)
+            self.loads.update(sym.loads)
+            self.stores.update(sym.stores)
+
+        for name, branch_count in stores.items():
+            if branch_count == len(branch_symbols):
+                continue
+
+            target = self.find_ref(name)  # type: ignore
+            assert target is not None, "should not happen"
+
+            if self.parent is not None:
+                outer_target = self.parent.find_ref(name)
+                if outer_target is not None:
+                    self.loads[target] = (VAR_LOAD_ALIAS, outer_target)
+                    continue
+            self.loads[target] = (VAR_LOAD_RESOLVE, name)
+
+    def dump_stores(self) -> t.Dict[str, str]:
+        rv: t.Dict[str, str] = {}
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for name in sorted(node.stores):
+                if name not in rv:
+                    rv[name] = self.find_ref(name)  # type: ignore
+
+            node = node.parent
+
+        return rv
+
+    def dump_param_targets(self) -> t.Set[str]:
+        rv = set()
+        node: t.Optional["Symbols"] = self
+
+        while node is not None:
+            for target, (instr, _) in self.loads.items():
+                if instr == VAR_LOAD_PARAMETER:
+                    rv.add(target)
+
+            node = node.parent
+
+        return rv
+
+
+class RootVisitor(NodeVisitor):
+    def __init__(self, symbols: "Symbols") -> None:
+        self.sym_visitor = FrameSymbolVisitor(symbols)
+
+    def _simple_visit(self, node: nodes.Node, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes():
+            self.sym_visitor.visit(child)
+
+    visit_Template = _simple_visit
+    visit_Block = _simple_visit
+    visit_Macro = _simple_visit
+    visit_FilterBlock = _simple_visit
+    visit_Scope = _simple_visit
+    visit_If = _simple_visit
+    visit_ScopedEvalContextModifier = _simple_visit
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        for child in node.iter_child_nodes(exclude=("call",)):
+            self.sym_visitor.visit(child)
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def visit_For(
+        self, node: nodes.For, for_branch: str = "body", **kwargs: t.Any
+    ) -> None:
+        if for_branch == "body":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            branch = node.body
+        elif for_branch == "else":
+            branch = node.else_
+        elif for_branch == "test":
+            self.sym_visitor.visit(node.target, store_as_param=True)
+            if node.test is not None:
+                self.sym_visitor.visit(node.test)
+            return
+        else:
+            raise RuntimeError("Unknown for branch")
+
+        if branch:
+            for item in branch:
+                self.sym_visitor.visit(item)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.targets:
+            self.sym_visitor.visit(target)
+        for child in node.body:
+            self.sym_visitor.visit(child)
+
+    def generic_visit(self, node: nodes.Node, *args: t.Any, **kwargs: t.Any) -> None:
+        raise NotImplementedError(f"Cannot find symbols for {type(node).__name__!r}")
+
+
+class FrameSymbolVisitor(NodeVisitor):
+    """A visitor for `Frame.inspect`."""
+
+    def __init__(self, symbols: "Symbols") -> None:
+        self.symbols = symbols
+
+    def visit_Name(
+        self, node: nodes.Name, store_as_param: bool = False, **kwargs: t.Any
+    ) -> None:
+        """All assignments to names go through this function."""
+        if store_as_param or node.ctx == "param":
+            self.symbols.declare_parameter(node.name)
+        elif node.ctx == "store":
+            self.symbols.store(node.name)
+        elif node.ctx == "load":
+            self.symbols.load(node.name)
+
+    def visit_NSRef(self, node: nodes.NSRef, **kwargs: t.Any) -> None:
+        self.symbols.load(node.name)
+
+    def visit_If(self, node: nodes.If, **kwargs: t.Any) -> None:
+        self.visit(node.test, **kwargs)
+        original_symbols = self.symbols
+
+        def inner_visit(nodes: t.Iterable[nodes.Node]) -> "Symbols":
+            self.symbols = rv = original_symbols.copy()
+
+            for subnode in nodes:
+                self.visit(subnode, **kwargs)
+
+            self.symbols = original_symbols
+            return rv
+
+        body_symbols = inner_visit(node.body)
+        elif_symbols = inner_visit(node.elif_)
+        else_symbols = inner_visit(node.else_ or ())
+        self.symbols.branch_update([body_symbols, elif_symbols, else_symbols])
+
+    def visit_Macro(self, node: nodes.Macro, **kwargs: t.Any) -> None:
+        self.symbols.store(node.name)
+
+    def visit_Import(self, node: nodes.Import, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+        self.symbols.store(node.target)
+
+    def visit_FromImport(self, node: nodes.FromImport, **kwargs: t.Any) -> None:
+        self.generic_visit(node, **kwargs)
+
+        for name in node.names:
+            if isinstance(name, tuple):
+                self.symbols.store(name[1])
+            else:
+                self.symbols.store(name)
+
+    def visit_Assign(self, node: nodes.Assign, **kwargs: t.Any) -> None:
+        """Visit assignments in the correct order."""
+        self.visit(node.node, **kwargs)
+        self.visit(node.target, **kwargs)
+
+    def visit_For(self, node: nodes.For, **kwargs: t.Any) -> None:
+        """Visiting stops at for blocks.  However the block sequence
+        is visited as part of the outer scope.
+        """
+        self.visit(node.iter, **kwargs)
+
+    def visit_CallBlock(self, node: nodes.CallBlock, **kwargs: t.Any) -> None:
+        self.visit(node.call, **kwargs)
+
+    def visit_FilterBlock(self, node: nodes.FilterBlock, **kwargs: t.Any) -> None:
+        self.visit(node.filter, **kwargs)
+
+    def visit_With(self, node: nodes.With, **kwargs: t.Any) -> None:
+        for target in node.values:
+            self.visit(target)
+
+    def visit_AssignBlock(self, node: nodes.AssignBlock, **kwargs: t.Any) -> None:
+        """Stop visiting at block assigns."""
+        self.visit(node.target, **kwargs)
+
+    def visit_Scope(self, node: nodes.Scope, **kwargs: t.Any) -> None:
+        """Stop visiting at scopes."""
+
+    def visit_Block(self, node: nodes.Block, **kwargs: t.Any) -> None:
+        """Stop visiting at blocks."""
+
+    def visit_OverlayScope(self, node: nodes.OverlayScope, **kwargs: t.Any) -> None:
+        """Do not visit into overlay scopes."""
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/lexer.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/lexer.py
new file mode 100644
index 000000000..62b0471a3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/lexer.py
@@ -0,0 +1,868 @@
+"""Implements a Jinja / Python combination lexer. The ``Lexer`` class
+is used to do some preprocessing. It filters out invalid operators like
+the bitshift operators we don't allow in templates. It separates
+template code and python code in expressions.
+"""
+
+import re
+import typing as t
+from ast import literal_eval
+from collections import deque
+from sys import intern
+
+from ._identifier import pattern as name_re
+from .exceptions import TemplateSyntaxError
+from .utils import LRUCache
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+# cache for the lexers. Exists in order to be able to have multiple
+# environments with the same lexer
+_lexer_cache: t.MutableMapping[t.Tuple, "Lexer"] = LRUCache(50)  # type: ignore
+
+# static regular expressions
+whitespace_re = re.compile(r"\s+")
+newline_re = re.compile(r"(\r\n|\r|\n)")
+string_re = re.compile(
+    r"('([^'\\]*(?:\\.[^'\\]*)*)'" r'|"([^"\\]*(?:\\.[^"\\]*)*)")', re.S
+)
+integer_re = re.compile(
+    r"""
+    (
+        0b(_?[0-1])+ # binary
+    |
+        0o(_?[0-7])+ # octal
+    |
+        0x(_?[\da-f])+ # hex
+    |
+        [1-9](_?\d)* # decimal
+    |
+        0(_?0)* # decimal zero
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+float_re = re.compile(
+    r"""
+    (?<!\.)  # doesn't start with a .
+    (\d+_)*\d+  # digits, possibly _ separated
+    (
+        (\.(\d+_)*\d+)?  # optional fractional part
+        e[+\-]?(\d+_)*\d+  # exponent part
+    |
+        \.(\d+_)*\d+  # required fractional part
+    )
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+
+# internal the tokens and keep references to them
+TOKEN_ADD = intern("add")
+TOKEN_ASSIGN = intern("assign")
+TOKEN_COLON = intern("colon")
+TOKEN_COMMA = intern("comma")
+TOKEN_DIV = intern("div")
+TOKEN_DOT = intern("dot")
+TOKEN_EQ = intern("eq")
+TOKEN_FLOORDIV = intern("floordiv")
+TOKEN_GT = intern("gt")
+TOKEN_GTEQ = intern("gteq")
+TOKEN_LBRACE = intern("lbrace")
+TOKEN_LBRACKET = intern("lbracket")
+TOKEN_LPAREN = intern("lparen")
+TOKEN_LT = intern("lt")
+TOKEN_LTEQ = intern("lteq")
+TOKEN_MOD = intern("mod")
+TOKEN_MUL = intern("mul")
+TOKEN_NE = intern("ne")
+TOKEN_PIPE = intern("pipe")
+TOKEN_POW = intern("pow")
+TOKEN_RBRACE = intern("rbrace")
+TOKEN_RBRACKET = intern("rbracket")
+TOKEN_RPAREN = intern("rparen")
+TOKEN_SEMICOLON = intern("semicolon")
+TOKEN_SUB = intern("sub")
+TOKEN_TILDE = intern("tilde")
+TOKEN_WHITESPACE = intern("whitespace")
+TOKEN_FLOAT = intern("float")
+TOKEN_INTEGER = intern("integer")
+TOKEN_NAME = intern("name")
+TOKEN_STRING = intern("string")
+TOKEN_OPERATOR = intern("operator")
+TOKEN_BLOCK_BEGIN = intern("block_begin")
+TOKEN_BLOCK_END = intern("block_end")
+TOKEN_VARIABLE_BEGIN = intern("variable_begin")
+TOKEN_VARIABLE_END = intern("variable_end")
+TOKEN_RAW_BEGIN = intern("raw_begin")
+TOKEN_RAW_END = intern("raw_end")
+TOKEN_COMMENT_BEGIN = intern("comment_begin")
+TOKEN_COMMENT_END = intern("comment_end")
+TOKEN_COMMENT = intern("comment")
+TOKEN_LINESTATEMENT_BEGIN = intern("linestatement_begin")
+TOKEN_LINESTATEMENT_END = intern("linestatement_end")
+TOKEN_LINECOMMENT_BEGIN = intern("linecomment_begin")
+TOKEN_LINECOMMENT_END = intern("linecomment_end")
+TOKEN_LINECOMMENT = intern("linecomment")
+TOKEN_DATA = intern("data")
+TOKEN_INITIAL = intern("initial")
+TOKEN_EOF = intern("eof")
+
+# bind operators to token types
+operators = {
+    "+": TOKEN_ADD,
+    "-": TOKEN_SUB,
+    "/": TOKEN_DIV,
+    "//": TOKEN_FLOORDIV,
+    "*": TOKEN_MUL,
+    "%": TOKEN_MOD,
+    "**": TOKEN_POW,
+    "~": TOKEN_TILDE,
+    "[": TOKEN_LBRACKET,
+    "]": TOKEN_RBRACKET,
+    "(": TOKEN_LPAREN,
+    ")": TOKEN_RPAREN,
+    "{": TOKEN_LBRACE,
+    "}": TOKEN_RBRACE,
+    "==": TOKEN_EQ,
+    "!=": TOKEN_NE,
+    ">": TOKEN_GT,
+    ">=": TOKEN_GTEQ,
+    "<": TOKEN_LT,
+    "<=": TOKEN_LTEQ,
+    "=": TOKEN_ASSIGN,
+    ".": TOKEN_DOT,
+    ":": TOKEN_COLON,
+    "|": TOKEN_PIPE,
+    ",": TOKEN_COMMA,
+    ";": TOKEN_SEMICOLON,
+}
+
+reverse_operators = {v: k for k, v in operators.items()}
+assert len(operators) == len(reverse_operators), "operators dropped"
+operator_re = re.compile(
+    f"({'|'.join(re.escape(x) for x in sorted(operators, key=lambda x: -len(x)))})"
+)
+
+ignored_tokens = frozenset(
+    [
+        TOKEN_COMMENT_BEGIN,
+        TOKEN_COMMENT,
+        TOKEN_COMMENT_END,
+        TOKEN_WHITESPACE,
+        TOKEN_LINECOMMENT_BEGIN,
+        TOKEN_LINECOMMENT_END,
+        TOKEN_LINECOMMENT,
+    ]
+)
+ignore_if_empty = frozenset(
+    [TOKEN_WHITESPACE, TOKEN_DATA, TOKEN_COMMENT, TOKEN_LINECOMMENT]
+)
+
+
+def _describe_token_type(token_type: str) -> str:
+    if token_type in reverse_operators:
+        return reverse_operators[token_type]
+
+    return {
+        TOKEN_COMMENT_BEGIN: "begin of comment",
+        TOKEN_COMMENT_END: "end of comment",
+        TOKEN_COMMENT: "comment",
+        TOKEN_LINECOMMENT: "comment",
+        TOKEN_BLOCK_BEGIN: "begin of statement block",
+        TOKEN_BLOCK_END: "end of statement block",
+        TOKEN_VARIABLE_BEGIN: "begin of print statement",
+        TOKEN_VARIABLE_END: "end of print statement",
+        TOKEN_LINESTATEMENT_BEGIN: "begin of line statement",
+        TOKEN_LINESTATEMENT_END: "end of line statement",
+        TOKEN_DATA: "template data / text",
+        TOKEN_EOF: "end of template",
+    }.get(token_type, token_type)
+
+
+def describe_token(token: "Token") -> str:
+    """Returns a description of the token."""
+    if token.type == TOKEN_NAME:
+        return token.value
+
+    return _describe_token_type(token.type)
+
+
+def describe_token_expr(expr: str) -> str:
+    """Like `describe_token` but for token expressions."""
+    if ":" in expr:
+        type, value = expr.split(":", 1)
+
+        if type == TOKEN_NAME:
+            return value
+    else:
+        type = expr
+
+    return _describe_token_type(type)
+
+
+def count_newlines(value: str) -> int:
+    """Count the number of newline characters in the string.  This is
+    useful for extensions that filter a stream.
+    """
+    return len(newline_re.findall(value))
+
+
+def compile_rules(environment: "Environment") -> t.List[t.Tuple[str, str]]:
+    """Compiles all the rules from the environment into a list of rules."""
+    e = re.escape
+    rules = [
+        (
+            len(environment.comment_start_string),
+            TOKEN_COMMENT_BEGIN,
+            e(environment.comment_start_string),
+        ),
+        (
+            len(environment.block_start_string),
+            TOKEN_BLOCK_BEGIN,
+            e(environment.block_start_string),
+        ),
+        (
+            len(environment.variable_start_string),
+            TOKEN_VARIABLE_BEGIN,
+            e(environment.variable_start_string),
+        ),
+    ]
+
+    if environment.line_statement_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_statement_prefix),
+                TOKEN_LINESTATEMENT_BEGIN,
+                r"^[ \t\v]*" + e(environment.line_statement_prefix),
+            )
+        )
+    if environment.line_comment_prefix is not None:
+        rules.append(
+            (
+                len(environment.line_comment_prefix),
+                TOKEN_LINECOMMENT_BEGIN,
+                r"(?:^|(?<=\S))[^\S\r\n]*" + e(environment.line_comment_prefix),
+            )
+        )
+
+    return [x[1:] for x in sorted(rules, reverse=True)]
+
+
+class Failure:
+    """Class that raises a `TemplateSyntaxError` if called.
+    Used by the `Lexer` to specify known errors.
+    """
+
+    def __init__(
+        self, message: str, cls: t.Type[TemplateSyntaxError] = TemplateSyntaxError
+    ) -> None:
+        self.message = message
+        self.error_class = cls
+
+    def __call__(self, lineno: int, filename: str) -> "te.NoReturn":
+        raise self.error_class(self.message, lineno, filename)
+
+
+class Token(t.NamedTuple):
+    lineno: int
+    type: str
+    value: str
+
+    def __str__(self) -> str:
+        return describe_token(self)
+
+    def test(self, expr: str) -> bool:
+        """Test a token against a token expression.  This can either be a
+        token type or ``'token_type:token_value'``.  This can only test
+        against string values and types.
+        """
+        # here we do a regular string equality check as test_any is usually
+        # passed an iterable of not interned strings.
+        if self.type == expr:
+            return True
+
+        if ":" in expr:
+            return expr.split(":", 1) == [self.type, self.value]
+
+        return False
+
+    def test_any(self, *iterable: str) -> bool:
+        """Test against multiple token expressions."""
+        return any(self.test(expr) for expr in iterable)
+
+
+class TokenStreamIterator:
+    """The iterator for tokenstreams.  Iterate over the stream
+    until the eof token is reached.
+    """
+
+    def __init__(self, stream: "TokenStream") -> None:
+        self.stream = stream
+
+    def __iter__(self) -> "TokenStreamIterator":
+        return self
+
+    def __next__(self) -> Token:
+        token = self.stream.current
+
+        if token.type is TOKEN_EOF:
+            self.stream.close()
+            raise StopIteration
+
+        next(self.stream)
+        return token
+
+
+class TokenStream:
+    """A token stream is an iterable that yields :class:`Token`\\s.  The
+    parser however does not iterate over it but calls :meth:`next` to go
+    one token ahead.  The current active token is stored as :attr:`current`.
+    """
+
+    def __init__(
+        self,
+        generator: t.Iterable[Token],
+        name: t.Optional[str],
+        filename: t.Optional[str],
+    ):
+        self._iter = iter(generator)
+        self._pushed: "te.Deque[Token]" = deque()
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.current = Token(1, TOKEN_INITIAL, "")
+        next(self)
+
+    def __iter__(self) -> TokenStreamIterator:
+        return TokenStreamIterator(self)
+
+    def __bool__(self) -> bool:
+        return bool(self._pushed) or self.current.type is not TOKEN_EOF
+
+    @property
+    def eos(self) -> bool:
+        """Are we at the end of the stream?"""
+        return not self
+
+    def push(self, token: Token) -> None:
+        """Push a token back to the stream."""
+        self._pushed.append(token)
+
+    def look(self) -> Token:
+        """Look at the next token."""
+        old_token = next(self)
+        result = self.current
+        self.push(result)
+        self.current = old_token
+        return result
+
+    def skip(self, n: int = 1) -> None:
+        """Got n tokens ahead."""
+        for _ in range(n):
+            next(self)
+
+    def next_if(self, expr: str) -> t.Optional[Token]:
+        """Perform the token test and return the token if it matched.
+        Otherwise the return value is `None`.
+        """
+        if self.current.test(expr):
+            return next(self)
+
+        return None
+
+    def skip_if(self, expr: str) -> bool:
+        """Like :meth:`next_if` but only returns `True` or `False`."""
+        return self.next_if(expr) is not None
+
+    def __next__(self) -> Token:
+        """Go one token ahead and return the old one.
+
+        Use the built-in :func:`next` instead of calling this directly.
+        """
+        rv = self.current
+
+        if self._pushed:
+            self.current = self._pushed.popleft()
+        elif self.current.type is not TOKEN_EOF:
+            try:
+                self.current = next(self._iter)
+            except StopIteration:
+                self.close()
+
+        return rv
+
+    def close(self) -> None:
+        """Close the stream."""
+        self.current = Token(self.current.lineno, TOKEN_EOF, "")
+        self._iter = iter(())
+        self.closed = True
+
+    def expect(self, expr: str) -> Token:
+        """Expect a given token type and return it.  This accepts the same
+        argument as :meth:`jinja2.lexer.Token.test`.
+        """
+        if not self.current.test(expr):
+            expr = describe_token_expr(expr)
+
+            if self.current.type is TOKEN_EOF:
+                raise TemplateSyntaxError(
+                    f"unexpected end of template, expected {expr!r}.",
+                    self.current.lineno,
+                    self.name,
+                    self.filename,
+                )
+
+            raise TemplateSyntaxError(
+                f"expected token {expr!r}, got {describe_token(self.current)!r}",
+                self.current.lineno,
+                self.name,
+                self.filename,
+            )
+
+        return next(self)
+
+
+def get_lexer(environment: "Environment") -> "Lexer":
+    """Return a lexer which is probably cached."""
+    key = (
+        environment.block_start_string,
+        environment.block_end_string,
+        environment.variable_start_string,
+        environment.variable_end_string,
+        environment.comment_start_string,
+        environment.comment_end_string,
+        environment.line_statement_prefix,
+        environment.line_comment_prefix,
+        environment.trim_blocks,
+        environment.lstrip_blocks,
+        environment.newline_sequence,
+        environment.keep_trailing_newline,
+    )
+    lexer = _lexer_cache.get(key)
+
+    if lexer is None:
+        _lexer_cache[key] = lexer = Lexer(environment)
+
+    return lexer
+
+
+class OptionalLStrip(tuple):  # type: ignore[type-arg]
+    """A special tuple for marking a point in the state that can have
+    lstrip applied.
+    """
+
+    __slots__ = ()
+
+    # Even though it looks like a no-op, creating instances fails
+    # without this.
+    def __new__(cls, *members, **kwargs):  # type: ignore
+        return super().__new__(cls, members)
+
+
+class _Rule(t.NamedTuple):
+    pattern: t.Pattern[str]
+    tokens: t.Union[str, t.Tuple[str, ...], t.Tuple[Failure]]
+    command: t.Optional[str]
+
+
+class Lexer:
+    """Class that implements a lexer for a given environment. Automatically
+    created by the environment class, usually you don't have to do that.
+
+    Note that the lexer is not automatically bound to an environment.
+    Multiple environments can share the same lexer.
+    """
+
+    def __init__(self, environment: "Environment") -> None:
+        # shortcuts
+        e = re.escape
+
+        def c(x: str) -> t.Pattern[str]:
+            return re.compile(x, re.M | re.S)
+
+        # lexing rules for tags
+        tag_rules: t.List[_Rule] = [
+            _Rule(whitespace_re, TOKEN_WHITESPACE, None),
+            _Rule(float_re, TOKEN_FLOAT, None),
+            _Rule(integer_re, TOKEN_INTEGER, None),
+            _Rule(name_re, TOKEN_NAME, None),
+            _Rule(string_re, TOKEN_STRING, None),
+            _Rule(operator_re, TOKEN_OPERATOR, None),
+        ]
+
+        # assemble the root lexing rule. because "|" is ungreedy
+        # we have to sort by length so that the lexer continues working
+        # as expected when we have parsing rules like <% for block and
+        # <%= for variables. (if someone wants asp like syntax)
+        # variables are just part of the rules if variable processing
+        # is required.
+        root_tag_rules = compile_rules(environment)
+
+        block_start_re = e(environment.block_start_string)
+        block_end_re = e(environment.block_end_string)
+        comment_end_re = e(environment.comment_end_string)
+        variable_end_re = e(environment.variable_end_string)
+
+        # block suffix if trimming is enabled
+        block_suffix_re = "\\n?" if environment.trim_blocks else ""
+
+        self.lstrip_blocks = environment.lstrip_blocks
+
+        self.newline_sequence = environment.newline_sequence
+        self.keep_trailing_newline = environment.keep_trailing_newline
+
+        root_raw_re = (
+            rf"(?P<raw_begin>{block_start_re}(\-|\+|)\s*raw\s*"
+            rf"(?:\-{block_end_re}\s*|{block_end_re}))"
+        )
+        root_parts_re = "|".join(
+            [root_raw_re] + [rf"(?P<{n}>{r}(\-|\+|))" for n, r in root_tag_rules]
+        )
+
+        # global lexing rules
+        self.rules: t.Dict[str, t.List[_Rule]] = {
+            "root": [
+                # directives
+                _Rule(
+                    c(rf"(.*?)(?:{root_parts_re})"),
+                    OptionalLStrip(TOKEN_DATA, "#bygroup"),  # type: ignore
+                    "#bygroup",
+                ),
+                # data
+                _Rule(c(".+"), TOKEN_DATA, None),
+            ],
+            # comments
+            TOKEN_COMMENT_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:\+{comment_end_re}|\-{comment_end_re}\s*"
+                        rf"|{comment_end_re}{block_suffix_re}))"
+                    ),
+                    (TOKEN_COMMENT, TOKEN_COMMENT_END),
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of comment tag"),), None),
+            ],
+            # blocks
+            TOKEN_BLOCK_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re})"
+                    ),
+                    TOKEN_BLOCK_END,
+                    "#pop",
+                ),
+            ]
+            + tag_rules,
+            # variables
+            TOKEN_VARIABLE_BEGIN: [
+                _Rule(
+                    c(rf"\-{variable_end_re}\s*|{variable_end_re}"),
+                    TOKEN_VARIABLE_END,
+                    "#pop",
+                )
+            ]
+            + tag_rules,
+            # raw block
+            TOKEN_RAW_BEGIN: [
+                _Rule(
+                    c(
+                        rf"(.*?)((?:{block_start_re}(\-|\+|))\s*endraw\s*"
+                        rf"(?:\+{block_end_re}|\-{block_end_re}\s*"
+                        rf"|{block_end_re}{block_suffix_re}))"
+                    ),
+                    OptionalLStrip(TOKEN_DATA, TOKEN_RAW_END),  # type: ignore
+                    "#pop",
+                ),
+                _Rule(c(r"(.)"), (Failure("Missing end of raw directive"),), None),
+            ],
+            # line statements
+            TOKEN_LINESTATEMENT_BEGIN: [
+                _Rule(c(r"\s*(\n|$)"), TOKEN_LINESTATEMENT_END, "#pop")
+            ]
+            + tag_rules,
+            # line comments
+            TOKEN_LINECOMMENT_BEGIN: [
+                _Rule(
+                    c(r"(.*?)()(?=\n|$)"),
+                    (TOKEN_LINECOMMENT, TOKEN_LINECOMMENT_END),
+                    "#pop",
+                )
+            ],
+        }
+
+    def _normalize_newlines(self, value: str) -> str:
+        """Replace all newlines with the configured sequence in strings
+        and template data.
+        """
+        return newline_re.sub(self.newline_sequence, value)
+
+    def tokenize(
+        self,
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> TokenStream:
+        """Calls tokeniter + tokenize and wraps it in a token stream."""
+        stream = self.tokeniter(source, name, filename, state)
+        return TokenStream(self.wrap(stream, name, filename), name, filename)
+
+    def wrap(
+        self,
+        stream: t.Iterable[t.Tuple[int, str, str]],
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+    ) -> t.Iterator[Token]:
+        """This is called with the stream as returned by `tokenize` and wraps
+        every token in a :class:`Token` and converts the value.
+        """
+        for lineno, token, value_str in stream:
+            if token in ignored_tokens:
+                continue
+
+            value: t.Any = value_str
+
+            if token == TOKEN_LINESTATEMENT_BEGIN:
+                token = TOKEN_BLOCK_BEGIN
+            elif token == TOKEN_LINESTATEMENT_END:
+                token = TOKEN_BLOCK_END
+            # we are not interested in those tokens in the parser
+            elif token in (TOKEN_RAW_BEGIN, TOKEN_RAW_END):
+                continue
+            elif token == TOKEN_DATA:
+                value = self._normalize_newlines(value_str)
+            elif token == "keyword":
+                token = value_str
+            elif token == TOKEN_NAME:
+                value = value_str
+
+                if not value.isidentifier():
+                    raise TemplateSyntaxError(
+                        "Invalid character in identifier", lineno, name, filename
+                    )
+            elif token == TOKEN_STRING:
+                # try to unescape string
+                try:
+                    value = (
+                        self._normalize_newlines(value_str[1:-1])
+                        .encode("ascii", "backslashreplace")
+                        .decode("unicode-escape")
+                    )
+                except Exception as e:
+                    msg = str(e).split(":")[-1].strip()
+                    raise TemplateSyntaxError(msg, lineno, name, filename) from e
+            elif token == TOKEN_INTEGER:
+                value = int(value_str.replace("_", ""), 0)
+            elif token == TOKEN_FLOAT:
+                # remove all "_" first to support more Python versions
+                value = literal_eval(value_str.replace("_", ""))
+            elif token == TOKEN_OPERATOR:
+                token = operators[value_str]
+
+            yield Token(lineno, token, value)
+
+    def tokeniter(
+        self,
+        source: str,
+        name: t.Optional[str],
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> t.Iterator[t.Tuple[int, str, str]]:
+        """This method tokenizes the text and returns the tokens in a
+        generator. Use this method if you just want to tokenize a template.
+
+        .. versionchanged:: 3.0
+            Only ``\\n``, ``\\r\\n`` and ``\\r`` are treated as line
+            breaks.
+        """
+        lines = newline_re.split(source)[::2]
+
+        if not self.keep_trailing_newline and lines[-1] == "":
+            del lines[-1]
+
+        source = "\n".join(lines)
+        pos = 0
+        lineno = 1
+        stack = ["root"]
+
+        if state is not None and state != "root":
+            assert state in ("variable", "block"), "invalid state"
+            stack.append(state + "_begin")
+
+        statetokens = self.rules[stack[-1]]
+        source_length = len(source)
+        balancing_stack: t.List[str] = []
+        newlines_stripped = 0
+        line_starting = True
+
+        while True:
+            # tokenizer loop
+            for regex, tokens, new_state in statetokens:
+                m = regex.match(source, pos)
+
+                # if no match we try again with the next rule
+                if m is None:
+                    continue
+
+                # we only match blocks and variables if braces / parentheses
+                # are balanced. continue parsing with the lower rule which
+                # is the operator rule. do this only if the end tags look
+                # like operators
+                if balancing_stack and tokens in (
+                    TOKEN_VARIABLE_END,
+                    TOKEN_BLOCK_END,
+                    TOKEN_LINESTATEMENT_END,
+                ):
+                    continue
+
+                # tuples support more options
+                if isinstance(tokens, tuple):
+                    groups: t.Sequence[str] = m.groups()
+
+                    if isinstance(tokens, OptionalLStrip):
+                        # Rule supports lstrip. Match will look like
+                        # text, block type, whitespace control, type, control, ...
+                        text = groups[0]
+                        # Skipping the text and first type, every other group is the
+                        # whitespace control for each type. One of the groups will be
+                        # -, +, or empty string instead of None.
+                        strip_sign = next(g for g in groups[2::2] if g is not None)
+
+                        if strip_sign == "-":
+                            # Strip all whitespace between the text and the tag.
+                            stripped = text.rstrip()
+                            newlines_stripped = text[len(stripped) :].count("\n")
+                            groups = [stripped, *groups[1:]]
+                        elif (
+                            # Not marked for preserving whitespace.
+                            strip_sign != "+"
+                            # lstrip is enabled.
+                            and self.lstrip_blocks
+                            # Not a variable expression.
+                            and not m.groupdict().get(TOKEN_VARIABLE_BEGIN)
+                        ):
+                            # The start of text between the last newline and the tag.
+                            l_pos = text.rfind("\n") + 1
+
+                            if l_pos > 0 or line_starting:
+                                # If there's only whitespace between the newline and the
+                                # tag, strip it.
+                                if whitespace_re.fullmatch(text, l_pos):
+                                    groups = [text[:l_pos], *groups[1:]]
+
+                    for idx, token in enumerate(tokens):
+                        # failure group
+                        if token.__class__ is Failure:
+                            raise token(lineno, filename)
+                        # bygroup is a bit more complex, in that case we
+                        # yield for the current token the first named
+                        # group that matched
+                        elif token == "#bygroup":
+                            for key, value in m.groupdict().items():
+                                if value is not None:
+                                    yield lineno, key, value
+                                    lineno += value.count("\n")
+                                    break
+                            else:
+                                raise RuntimeError(
+                                    f"{regex!r} wanted to resolve the token dynamically"
+                                    " but no group matched"
+                                )
+                        # normal group
+                        else:
+                            data = groups[idx]
+
+                            if data or token not in ignore_if_empty:
+                                yield lineno, token, data
+
+                            lineno += data.count("\n") + newlines_stripped
+                            newlines_stripped = 0
+
+                # strings as token just are yielded as it.
+                else:
+                    data = m.group()
+
+                    # update brace/parentheses balance
+                    if tokens == TOKEN_OPERATOR:
+                        if data == "{":
+                            balancing_stack.append("}")
+                        elif data == "(":
+                            balancing_stack.append(")")
+                        elif data == "[":
+                            balancing_stack.append("]")
+                        elif data in ("}", ")", "]"):
+                            if not balancing_stack:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}'", lineno, name, filename
+                                )
+
+                            expected_op = balancing_stack.pop()
+
+                            if expected_op != data:
+                                raise TemplateSyntaxError(
+                                    f"unexpected '{data}', expected '{expected_op}'",
+                                    lineno,
+                                    name,
+                                    filename,
+                                )
+
+                    # yield items
+                    if data or tokens not in ignore_if_empty:
+                        yield lineno, tokens, data
+
+                    lineno += data.count("\n")
+
+                line_starting = m.group()[-1:] == "\n"
+                # fetch new position into new variable so that we can check
+                # if there is a internal parsing error which would result
+                # in an infinite loop
+                pos2 = m.end()
+
+                # handle state changes
+                if new_state is not None:
+                    # remove the uppermost state
+                    if new_state == "#pop":
+                        stack.pop()
+                    # resolve the new state by group checking
+                    elif new_state == "#bygroup":
+                        for key, value in m.groupdict().items():
+                            if value is not None:
+                                stack.append(key)
+                                break
+                        else:
+                            raise RuntimeError(
+                                f"{regex!r} wanted to resolve the new state dynamically"
+                                f" but no group matched"
+                            )
+                    # direct state name given
+                    else:
+                        stack.append(new_state)
+
+                    statetokens = self.rules[stack[-1]]
+                # we are still at the same position and no stack change.
+                # this means a loop without break condition, avoid that and
+                # raise error
+                elif pos2 == pos:
+                    raise RuntimeError(
+                        f"{regex!r} yielded empty string without stack change"
+                    )
+
+                # publish new function and start again
+                pos = pos2
+                break
+            # if loop terminated without break we haven't found a single match
+            # either we are at the end of the file or we have a problem
+            else:
+                # end of text
+                if pos >= source_length:
+                    return
+
+                # something went wrong
+                raise TemplateSyntaxError(
+                    f"unexpected char {source[pos]!r} at {pos}", lineno, name, filename
+                )
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/loaders.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/loaders.py
new file mode 100644
index 000000000..9eaf647ba
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/loaders.py
@@ -0,0 +1,667 @@
+"""API and implementations for loading templates from different data
+sources.
+"""
+
+import importlib.util
+import os
+import posixpath
+import sys
+import typing as t
+import weakref
+import zipimport
+from collections import abc
+from hashlib import sha1
+from importlib import import_module
+from types import ModuleType
+
+from .exceptions import TemplateNotFound
+from .utils import internalcode
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+    from .environment import Template
+
+
+def split_template_path(template: str) -> t.List[str]:
+    """Split a path into segments and perform a sanity check.  If it detects
+    '..' in the path it will raise a `TemplateNotFound` error.
+    """
+    pieces = []
+    for piece in template.split("/"):
+        if (
+            os.path.sep in piece
+            or (os.path.altsep and os.path.altsep in piece)
+            or piece == os.path.pardir
+        ):
+            raise TemplateNotFound(template)
+        elif piece and piece != ".":
+            pieces.append(piece)
+    return pieces
+
+
+class BaseLoader:
+    """Baseclass for all loaders.  Subclass this and override `get_source` to
+    implement a custom loading mechanism.  The environment provides a
+    `get_template` method that calls the loader's `load` method to get the
+    :class:`Template` object.
+
+    A very basic example for a loader that looks up templates on the file
+    system could look like this::
+
+        from jinja2 import BaseLoader, TemplateNotFound
+        from os.path import join, exists, getmtime
+
+        class MyLoader(BaseLoader):
+
+            def __init__(self, path):
+                self.path = path
+
+            def get_source(self, environment, template):
+                path = join(self.path, template)
+                if not exists(path):
+                    raise TemplateNotFound(template)
+                mtime = getmtime(path)
+                with open(path) as f:
+                    source = f.read()
+                return source, path, lambda: mtime == getmtime(path)
+    """
+
+    #: if set to `False` it indicates that the loader cannot provide access
+    #: to the source of templates.
+    #:
+    #: .. versionadded:: 2.4
+    has_source_access = True
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        """Get the template source, filename and reload helper for a template.
+        It's passed the environment and template name and has to return a
+        tuple in the form ``(source, filename, uptodate)`` or raise a
+        `TemplateNotFound` error if it can't locate the template.
+
+        The source part of the returned tuple must be the source of the
+        template as a string. The filename should be the name of the
+        file on the filesystem if it was loaded from there, otherwise
+        ``None``. The filename is used by Python for the tracebacks
+        if no loader extension is used.
+
+        The last item in the tuple is the `uptodate` function.  If auto
+        reloading is enabled it's always called to check if the template
+        changed.  No arguments are passed so the function must store the
+        old state somewhere (for example in a closure).  If it returns `False`
+        the template will be reloaded.
+        """
+        if not self.has_source_access:
+            raise RuntimeError(
+                f"{type(self).__name__} cannot provide access to the source"
+            )
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        """Iterates over all templates.  If the loader does not support that
+        it should raise a :exc:`TypeError` which is the default behavior.
+        """
+        raise TypeError("this loader cannot iterate over all templates")
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        """Loads a template.  This method looks up the template in the cache
+        or loads one by calling :meth:`get_source`.  Subclasses should not
+        override this method as loaders working on collections of other
+        loaders (such as :class:`PrefixLoader` or :class:`ChoiceLoader`)
+        will not call this method but `get_source` directly.
+        """
+        code = None
+        if globals is None:
+            globals = {}
+
+        # first we try to get the source for this template together
+        # with the filename and the uptodate function.
+        source, filename, uptodate = self.get_source(environment, name)
+
+        # try to load the code from the bytecode cache if there is a
+        # bytecode cache configured.
+        bcc = environment.bytecode_cache
+        if bcc is not None:
+            bucket = bcc.get_bucket(environment, name, filename, source)
+            code = bucket.code
+
+        # if we don't have code so far (not cached, no longer up to
+        # date) etc. we compile the template
+        if code is None:
+            code = environment.compile(source, name, filename)
+
+        # if the bytecode cache is available and the bucket doesn't
+        # have a code so far, we give the bucket the new code and put
+        # it back to the bytecode cache.
+        if bcc is not None and bucket.code is None:
+            bucket.code = code
+            bcc.set_bucket(bucket)
+
+        return environment.template_class.from_code(
+            environment, code, globals, uptodate
+        )
+
+
+class FileSystemLoader(BaseLoader):
+    """Load templates from a directory in the file system.
+
+    The path can be relative or absolute. Relative paths are relative to
+    the current working directory.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader("templates")
+
+    A list of paths can be given. The directories will be searched in
+    order, stopping at the first matching template.
+
+    .. code-block:: python
+
+        loader = FileSystemLoader(["/override/templates", "/default/templates"])
+
+    :param searchpath: A path, or list of paths, to the directory that
+        contains the templates.
+    :param encoding: Use this encoding to read the text from template
+        files.
+    :param followlinks: Follow symbolic links in the path.
+
+    .. versionchanged:: 2.8
+        Added the ``followlinks`` parameter.
+    """
+
+    def __init__(
+        self,
+        searchpath: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+        encoding: str = "utf-8",
+        followlinks: bool = False,
+    ) -> None:
+        if not isinstance(searchpath, abc.Iterable) or isinstance(searchpath, str):
+            searchpath = [searchpath]
+
+        self.searchpath = [os.fspath(p) for p in searchpath]
+        self.encoding = encoding
+        self.followlinks = followlinks
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Callable[[], bool]]:
+        pieces = split_template_path(template)
+
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+
+            if os.path.isfile(filename):
+                break
+        else:
+            raise TemplateNotFound(template)
+
+        with open(filename, encoding=self.encoding) as f:
+            contents = f.read()
+
+        mtime = os.path.getmtime(filename)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(filename) == mtime
+            except OSError:
+                return False
+
+        # Use normpath to convert Windows altsep to sep.
+        return contents, os.path.normpath(filename), uptodate
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for searchpath in self.searchpath:
+            walk_dir = os.walk(searchpath, followlinks=self.followlinks)
+            for dirpath, _, filenames in walk_dir:
+                for filename in filenames:
+                    template = (
+                        os.path.join(dirpath, filename)[len(searchpath) :]
+                        .strip(os.path.sep)
+                        .replace(os.path.sep, "/")
+                    )
+                    if template[:2] == "./":
+                        template = template[2:]
+                    if template not in found:
+                        found.add(template)
+        return sorted(found)
+
+
+class PackageLoader(BaseLoader):
+    """Load templates from a directory in a Python package.
+
+    :param package_name: Import name of the package that contains the
+        template directory.
+    :param package_path: Directory within the imported package that
+        contains the templates.
+    :param encoding: Encoding of template files.
+
+    The following example looks up templates in the ``pages`` directory
+    within the ``project.ui`` package.
+
+    .. code-block:: python
+
+        loader = PackageLoader("project.ui", "pages")
+
+    Only packages installed as directories (standard pip behavior) or
+    zip/egg files (less common) are supported. The Python API for
+    introspecting data in packages is too limited to support other
+    installation methods the way this loader requires.
+
+    There is limited support for :pep:`420` namespace packages. The
+    template directory is assumed to only be in one namespace
+    contributor. Zip files contributing to a namespace are not
+    supported.
+
+    .. versionchanged:: 3.0
+        No longer uses ``setuptools`` as a dependency.
+
+    .. versionchanged:: 3.0
+        Limited PEP 420 namespace package support.
+    """
+
+    def __init__(
+        self,
+        package_name: str,
+        package_path: "str" = "templates",
+        encoding: str = "utf-8",
+    ) -> None:
+        package_path = os.path.normpath(package_path).rstrip(os.path.sep)
+
+        # normpath preserves ".", which isn't valid in zip paths.
+        if package_path == os.path.curdir:
+            package_path = ""
+        elif package_path[:2] == os.path.curdir + os.path.sep:
+            package_path = package_path[2:]
+
+        self.package_path = package_path
+        self.package_name = package_name
+        self.encoding = encoding
+
+        # Make sure the package exists. This also makes namespace
+        # packages work, otherwise get_loader returns None.
+        import_module(package_name)
+        spec = importlib.util.find_spec(package_name)
+        assert spec is not None, "An import spec was not found for the package."
+        loader = spec.loader
+        assert loader is not None, "A loader was not found for the package."
+        self._loader = loader
+        self._archive = None
+        template_root = None
+
+        if isinstance(loader, zipimport.zipimporter):
+            self._archive = loader.archive
+            pkgdir = next(iter(spec.submodule_search_locations))  # type: ignore
+            template_root = os.path.join(pkgdir, package_path).rstrip(os.path.sep)
+        else:
+            roots: t.List[str] = []
+
+            # One element for regular packages, multiple for namespace
+            # packages, or None for single module file.
+            if spec.submodule_search_locations:
+                roots.extend(spec.submodule_search_locations)
+            # A single module file, use the parent directory instead.
+            elif spec.origin is not None:
+                roots.append(os.path.dirname(spec.origin))
+
+            for root in roots:
+                root = os.path.join(root, package_path)
+
+                if os.path.isdir(root):
+                    template_root = root
+                    break
+
+        if template_root is None:
+            raise ValueError(
+                f"The {package_name!r} package was not installed in a"
+                " way that PackageLoader understands."
+            )
+
+        self._template_root = template_root
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, str, t.Optional[t.Callable[[], bool]]]:
+        # Use posixpath even on Windows to avoid "drive:" or UNC
+        # segments breaking out of the search directory. Use normpath to
+        # convert Windows altsep to sep.
+        p = os.path.normpath(
+            posixpath.join(self._template_root, *split_template_path(template))
+        )
+        up_to_date: t.Optional[t.Callable[[], bool]]
+
+        if self._archive is None:
+            # Package is a directory.
+            if not os.path.isfile(p):
+                raise TemplateNotFound(template)
+
+            with open(p, "rb") as f:
+                source = f.read()
+
+            mtime = os.path.getmtime(p)
+
+            def up_to_date() -> bool:
+                return os.path.isfile(p) and os.path.getmtime(p) == mtime
+
+        else:
+            # Package is a zip file.
+            try:
+                source = self._loader.get_data(p)  # type: ignore
+            except OSError as e:
+                raise TemplateNotFound(template) from e
+
+            # Could use the zip's mtime for all template mtimes, but
+            # would need to safely reload the module if it's out of
+            # date, so just report it as always current.
+            up_to_date = None
+
+        return source.decode(self.encoding), p, up_to_date
+
+    def list_templates(self) -> t.List[str]:
+        results: t.List[str] = []
+
+        if self._archive is None:
+            # Package is a directory.
+            offset = len(self._template_root)
+
+            for dirpath, _, filenames in os.walk(self._template_root):
+                dirpath = dirpath[offset:].lstrip(os.path.sep)
+                results.extend(
+                    os.path.join(dirpath, name).replace(os.path.sep, "/")
+                    for name in filenames
+                )
+        else:
+            if not hasattr(self._loader, "_files"):
+                raise TypeError(
+                    "This zip import does not have the required"
+                    " metadata to list templates."
+                )
+
+            # Package is a zip file.
+            prefix = (
+                self._template_root[len(self._archive) :].lstrip(os.path.sep)
+                + os.path.sep
+            )
+            offset = len(prefix)
+
+            for name in self._loader._files.keys():
+                # Find names under the templates directory that aren't directories.
+                if name.startswith(prefix) and name[-1] != os.path.sep:
+                    results.append(name[offset:].replace(os.path.sep, "/"))
+
+        results.sort()
+        return results
+
+
+class DictLoader(BaseLoader):
+    """Loads a template from a Python dict mapping template names to
+    template source.  This loader is useful for unittesting:
+
+    >>> loader = DictLoader({'index.html': 'source here'})
+
+    Because auto reloading is rarely useful this is disabled per default.
+    """
+
+    def __init__(self, mapping: t.Mapping[str, str]) -> None:
+        self.mapping = mapping
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, None, t.Callable[[], bool]]:
+        if template in self.mapping:
+            source = self.mapping[template]
+            return source, None, lambda: source == self.mapping.get(template)
+        raise TemplateNotFound(template)
+
+    def list_templates(self) -> t.List[str]:
+        return sorted(self.mapping)
+
+
+class FunctionLoader(BaseLoader):
+    """A loader that is passed a function which does the loading.  The
+    function receives the name of the template and has to return either
+    a string with the template source, a tuple in the form ``(source,
+    filename, uptodatefunc)`` or `None` if the template does not exist.
+
+    >>> def load_template(name):
+    ...     if name == 'index.html':
+    ...         return '...'
+    ...
+    >>> loader = FunctionLoader(load_template)
+
+    The `uptodatefunc` is a function that is called if autoreload is enabled
+    and has to return `True` if the template is still up to date.  For more
+    details have a look at :meth:`BaseLoader.get_source` which has the same
+    return value.
+    """
+
+    def __init__(
+        self,
+        load_func: t.Callable[
+            [str],
+            t.Optional[
+                t.Union[
+                    str, t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]
+                ]
+            ],
+        ],
+    ) -> None:
+        self.load_func = load_func
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        rv = self.load_func(template)
+
+        if rv is None:
+            raise TemplateNotFound(template)
+
+        if isinstance(rv, str):
+            return rv, None, None
+
+        return rv
+
+
+class PrefixLoader(BaseLoader):
+    """A loader that is passed a dict of loaders where each loader is bound
+    to a prefix.  The prefix is delimited from the template by a slash per
+    default, which can be changed by setting the `delimiter` argument to
+    something else::
+
+        loader = PrefixLoader({
+            'app1':     PackageLoader('mypackage.app1'),
+            'app2':     PackageLoader('mypackage.app2')
+        })
+
+    By loading ``'app1/index.html'`` the file from the app1 package is loaded,
+    by loading ``'app2/index.html'`` the file from the second.
+    """
+
+    def __init__(
+        self, mapping: t.Mapping[str, BaseLoader], delimiter: str = "/"
+    ) -> None:
+        self.mapping = mapping
+        self.delimiter = delimiter
+
+    def get_loader(self, template: str) -> t.Tuple[BaseLoader, str]:
+        try:
+            prefix, name = template.split(self.delimiter, 1)
+            loader = self.mapping[prefix]
+        except (ValueError, KeyError) as e:
+            raise TemplateNotFound(template) from e
+        return loader, name
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        loader, name = self.get_loader(template)
+        try:
+            return loader.get_source(environment, name)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(template) from e
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        loader, local_name = self.get_loader(name)
+        try:
+            return loader.load(environment, local_name, globals)
+        except TemplateNotFound as e:
+            # re-raise the exception with the correct filename here.
+            # (the one that includes the prefix)
+            raise TemplateNotFound(name) from e
+
+    def list_templates(self) -> t.List[str]:
+        result = []
+        for prefix, loader in self.mapping.items():
+            for template in loader.list_templates():
+                result.append(prefix + self.delimiter + template)
+        return result
+
+
+class ChoiceLoader(BaseLoader):
+    """This loader works like the `PrefixLoader` just that no prefix is
+    specified.  If a template could not be found by one loader the next one
+    is tried.
+
+    >>> loader = ChoiceLoader([
+    ...     FileSystemLoader('/path/to/user/templates'),
+    ...     FileSystemLoader('/path/to/system/templates')
+    ... ])
+
+    This is useful if you want to allow users to override builtin templates
+    from a different location.
+    """
+
+    def __init__(self, loaders: t.Sequence[BaseLoader]) -> None:
+        self.loaders = loaders
+
+    def get_source(
+        self, environment: "Environment", template: str
+    ) -> t.Tuple[str, t.Optional[str], t.Optional[t.Callable[[], bool]]]:
+        for loader in self.loaders:
+            try:
+                return loader.get_source(environment, template)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(template)
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        for loader in self.loaders:
+            try:
+                return loader.load(environment, name, globals)
+            except TemplateNotFound:
+                pass
+        raise TemplateNotFound(name)
+
+    def list_templates(self) -> t.List[str]:
+        found = set()
+        for loader in self.loaders:
+            found.update(loader.list_templates())
+        return sorted(found)
+
+
+class _TemplateModule(ModuleType):
+    """Like a normal module but with support for weak references"""
+
+
+class ModuleLoader(BaseLoader):
+    """This loader loads templates from precompiled templates.
+
+    Example usage:
+
+    >>> loader = ChoiceLoader([
+    ...     ModuleLoader('/path/to/compiled/templates'),
+    ...     FileSystemLoader('/path/to/templates')
+    ... ])
+
+    Templates can be precompiled with :meth:`Environment.compile_templates`.
+    """
+
+    has_source_access = False
+
+    def __init__(
+        self,
+        path: t.Union[
+            str, "os.PathLike[str]", t.Sequence[t.Union[str, "os.PathLike[str]"]]
+        ],
+    ) -> None:
+        package_name = f"_jinja2_module_templates_{id(self):x}"
+
+        # create a fake module that looks for the templates in the
+        # path given.
+        mod = _TemplateModule(package_name)
+
+        if not isinstance(path, abc.Iterable) or isinstance(path, str):
+            path = [path]
+
+        mod.__path__ = [os.fspath(p) for p in path]
+
+        sys.modules[package_name] = weakref.proxy(
+            mod, lambda x: sys.modules.pop(package_name, None)
+        )
+
+        # the only strong reference, the sys.modules entry is weak
+        # so that the garbage collector can remove it once the
+        # loader that created it goes out of business.
+        self.module = mod
+        self.package_name = package_name
+
+    @staticmethod
+    def get_template_key(name: str) -> str:
+        return "tmpl_" + sha1(name.encode("utf-8")).hexdigest()
+
+    @staticmethod
+    def get_module_filename(name: str) -> str:
+        return ModuleLoader.get_template_key(name) + ".py"
+
+    @internalcode
+    def load(
+        self,
+        environment: "Environment",
+        name: str,
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ) -> "Template":
+        key = self.get_template_key(name)
+        module = f"{self.package_name}.{key}"
+        mod = getattr(self.module, module, None)
+
+        if mod is None:
+            try:
+                mod = __import__(module, None, None, ["root"])
+            except ImportError as e:
+                raise TemplateNotFound(name) from e
+
+            # remove the entry from sys.modules, we only want the attribute
+            # on the module object we have stored on the loader.
+            sys.modules.pop(module, None)
+
+        if globals is None:
+            globals = {}
+
+        return environment.template_class.from_module_dict(
+            environment, mod.__dict__, globals
+        )
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/meta.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/meta.py
new file mode 100644
index 000000000..298499e26
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/meta.py
@@ -0,0 +1,112 @@
+"""Functions that expose information about templates that might be
+interesting for introspection.
+"""
+
+import typing as t
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+class TrackingCodeGenerator(CodeGenerator):
+    """We abuse the code generator for introspection."""
+
+    def __init__(self, environment: "Environment") -> None:
+        super().__init__(environment, "<introspection>", "<introspection>")
+        self.undeclared_identifiers: t.Set[str] = set()
+
+    def write(self, x: str) -> None:
+        """Don't write."""
+
+    def enter_frame(self, frame: Frame) -> None:
+        """Remember all undeclared identifiers."""
+        super().enter_frame(frame)
+
+        for _, (action, param) in frame.symbols.loads.items():
+            if action == "resolve" and param not in self.environment.globals:
+                self.undeclared_identifiers.add(param)
+
+
+def find_undeclared_variables(ast: nodes.Template) -> t.Set[str]:
+    """Returns a set of all variables in the AST that will be looked up from
+    the context at runtime.  Because at compile time it's not known which
+    variables will be used depending on the path the execution takes at
+    runtime, all variables are returned.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% set foo = 42 %}{{ bar + foo }}')
+    >>> meta.find_undeclared_variables(ast) == {'bar'}
+    True
+
+    .. admonition:: Implementation
+
+       Internally the code generator is used for finding undeclared variables.
+       This is good to know because the code generator might raise a
+       :exc:`TemplateAssertionError` during compilation and as a matter of
+       fact this function can currently raise that exception as well.
+    """
+    codegen = TrackingCodeGenerator(ast.environment)  # type: ignore
+    codegen.visit(ast)
+    return codegen.undeclared_identifiers
+
+
+_ref_types = (nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include)
+_RefType = t.Union[nodes.Extends, nodes.FromImport, nodes.Import, nodes.Include]
+
+
+def find_referenced_templates(ast: nodes.Template) -> t.Iterator[t.Optional[str]]:
+    """Finds all the referenced templates from the AST.  This will return an
+    iterator over all the hardcoded template extensions, inclusions and
+    imports.  If dynamic inheritance or inclusion is used, `None` will be
+    yielded.
+
+    >>> from jinja2 import Environment, meta
+    >>> env = Environment()
+    >>> ast = env.parse('{% extends "layout.html" %}{% include helper %}')
+    >>> list(meta.find_referenced_templates(ast))
+    ['layout.html', None]
+
+    This function is useful for dependency tracking.  For example if you want
+    to rebuild parts of the website after a layout template has changed.
+    """
+    template_name: t.Any
+
+    for node in ast.find_all(_ref_types):
+        template: nodes.Expr = node.template  # type: ignore
+
+        if not isinstance(template, nodes.Const):
+            # a tuple with some non consts in there
+            if isinstance(template, (nodes.Tuple, nodes.List)):
+                for template_name in template.items:
+                    # something const, only yield the strings and ignore
+                    # non-string consts that really just make no sense
+                    if isinstance(template_name, nodes.Const):
+                        if isinstance(template_name.value, str):
+                            yield template_name.value
+                    # something dynamic in there
+                    else:
+                        yield None
+            # something dynamic we don't know about here
+            else:
+                yield None
+            continue
+        # constant is a basestring, direct template name
+        if isinstance(template.value, str):
+            yield template.value
+        # a tuple or list (latter *should* not happen) made of consts,
+        # yield the consts that are strings.  We could warn here for
+        # non string values
+        elif isinstance(node, nodes.Include) and isinstance(
+            template.value, (tuple, list)
+        ):
+            for template_name in template.value:
+                if isinstance(template_name, str):
+                    yield template_name
+        # something else we don't care about, we could warn here
+        else:
+            yield None
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/nativetypes.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/nativetypes.py
new file mode 100644
index 000000000..71db8cc31
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/nativetypes.py
@@ -0,0 +1,130 @@
+import typing as t
+from ast import literal_eval
+from ast import parse
+from itertools import chain
+from itertools import islice
+from types import GeneratorType
+
+from . import nodes
+from .compiler import CodeGenerator
+from .compiler import Frame
+from .compiler import has_safe_repr
+from .environment import Environment
+from .environment import Template
+
+
+def native_concat(values: t.Iterable[t.Any]) -> t.Optional[t.Any]:
+    """Return a native Python type from the list of compiled nodes. If
+    the result is a single node, its value is returned. Otherwise, the
+    nodes are concatenated as strings. If the result can be parsed with
+    :func:`ast.literal_eval`, the parsed value is returned. Otherwise,
+    the string is returned.
+
+    :param values: Iterable of outputs to concatenate.
+    """
+    head = list(islice(values, 2))
+
+    if not head:
+        return None
+
+    if len(head) == 1:
+        raw = head[0]
+        if not isinstance(raw, str):
+            return raw
+    else:
+        if isinstance(values, GeneratorType):
+            values = chain(head, values)
+        raw = "".join([str(v) for v in values])
+
+    try:
+        return literal_eval(
+            # In Python 3.10+ ast.literal_eval removes leading spaces/tabs
+            # from the given string. For backwards compatibility we need to
+            # parse the string ourselves without removing leading spaces/tabs.
+            parse(raw, mode="eval")
+        )
+    except (ValueError, SyntaxError, MemoryError):
+        return raw
+
+
+class NativeCodeGenerator(CodeGenerator):
+    """A code generator which renders Python types by not adding
+    ``str()`` around output nodes.
+    """
+
+    @staticmethod
+    def _default_finalize(value: t.Any) -> t.Any:
+        return value
+
+    def _output_const_repr(self, group: t.Iterable[t.Any]) -> str:
+        return repr("".join([str(v) for v in group]))
+
+    def _output_child_to_const(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> t.Any:
+        const = node.as_const(frame.eval_ctx)
+
+        if not has_safe_repr(const):
+            raise nodes.Impossible()
+
+        if isinstance(node, nodes.TemplateData):
+            return const
+
+        return finalize.const(const)  # type: ignore
+
+    def _output_child_pre(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(finalize.src)
+
+    def _output_child_post(
+        self, node: nodes.Expr, frame: Frame, finalize: CodeGenerator._FinalizeInfo
+    ) -> None:
+        if finalize.src is not None:
+            self.write(")")
+
+
+class NativeEnvironment(Environment):
+    """An environment that renders templates to native Python types."""
+
+    code_generator_class = NativeCodeGenerator
+    concat = staticmethod(native_concat)  # type: ignore
+
+
+class NativeTemplate(Template):
+    environment_class = NativeEnvironment
+
+    def render(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Render the template to produce a native Python type. If the
+        result is a single node, its value is returned. Otherwise, the
+        nodes are concatenated as strings. If the result can be parsed
+        with :func:`ast.literal_eval`, the parsed value is returned.
+        Otherwise, the string is returned.
+        """
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                self.root_render_func(ctx)
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+    async def render_async(self, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        if not self.environment.is_async:
+            raise RuntimeError(
+                "The environment was not created with async mode enabled."
+            )
+
+        ctx = self.new_context(dict(*args, **kwargs))
+
+        try:
+            return self.environment_class.concat(  # type: ignore
+                [n async for n in self.root_render_func(ctx)]  # type: ignore
+            )
+        except Exception:
+            return self.environment.handle_exception()
+
+
+NativeEnvironment.template_class = NativeTemplate
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/nodes.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/nodes.py
new file mode 100644
index 000000000..2f93b90ec
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/nodes.py
@@ -0,0 +1,1206 @@
+"""AST nodes generated by the parser for the compiler. Also provides
+some node tree helper functions used by the parser and compiler in order
+to normalize nodes.
+"""
+
+import inspect
+import operator
+import typing as t
+from collections import deque
+
+from markupsafe import Markup
+
+from .utils import _PassArg
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_NodeBound = t.TypeVar("_NodeBound", bound="Node")
+
+_binop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "*": operator.mul,
+    "/": operator.truediv,
+    "//": operator.floordiv,
+    "**": operator.pow,
+    "%": operator.mod,
+    "+": operator.add,
+    "-": operator.sub,
+}
+
+_uaop_to_func: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+    "not": operator.not_,
+    "+": operator.pos,
+    "-": operator.neg,
+}
+
+_cmpop_to_func: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+    "eq": operator.eq,
+    "ne": operator.ne,
+    "gt": operator.gt,
+    "gteq": operator.ge,
+    "lt": operator.lt,
+    "lteq": operator.le,
+    "in": lambda a, b: a in b,
+    "notin": lambda a, b: a not in b,
+}
+
+
+class Impossible(Exception):
+    """Raised if the node could not perform a requested action."""
+
+
+class NodeType(type):
+    """A metaclass for nodes that handles the field and attribute
+    inheritance.  fields and attributes from the parent class are
+    automatically forwarded to the child."""
+
+    def __new__(mcs, name, bases, d):  # type: ignore
+        for attr in "fields", "attributes":
+            storage: t.List[t.Tuple[str, ...]] = []
+            storage.extend(getattr(bases[0] if bases else object, attr, ()))
+            storage.extend(d.get(attr, ()))
+            assert len(bases) <= 1, "multiple inheritance not allowed"
+            assert len(storage) == len(set(storage)), "layout conflict"
+            d[attr] = tuple(storage)
+        d.setdefault("abstract", False)
+        return type.__new__(mcs, name, bases, d)
+
+
+class EvalContext:
+    """Holds evaluation time information.  Custom attributes can be attached
+    to it in extensions.
+    """
+
+    def __init__(
+        self, environment: "Environment", template_name: t.Optional[str] = None
+    ) -> None:
+        self.environment = environment
+        if callable(environment.autoescape):
+            self.autoescape = environment.autoescape(template_name)
+        else:
+            self.autoescape = environment.autoescape
+        self.volatile = False
+
+    def save(self) -> t.Mapping[str, t.Any]:
+        return self.__dict__.copy()
+
+    def revert(self, old: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.clear()
+        self.__dict__.update(old)
+
+
+def get_eval_context(node: "Node", ctx: t.Optional[EvalContext]) -> EvalContext:
+    if ctx is None:
+        if node.environment is None:
+            raise RuntimeError(
+                "if no eval context is passed, the node must have an"
+                " attached environment."
+            )
+        return EvalContext(node.environment)
+    return ctx
+
+
+class Node(metaclass=NodeType):
+    """Baseclass for all Jinja nodes.  There are a number of nodes available
+    of different types.  There are four major types:
+
+    -   :class:`Stmt`: statements
+    -   :class:`Expr`: expressions
+    -   :class:`Helper`: helper nodes
+    -   :class:`Template`: the outermost wrapper node
+
+    All nodes have fields and attributes.  Fields may be other nodes, lists,
+    or arbitrary values.  Fields are passed to the constructor as regular
+    positional arguments, attributes as keyword arguments.  Each node has
+    two attributes: `lineno` (the line number of the node) and `environment`.
+    The `environment` attribute is set at the end of the parsing process for
+    all nodes automatically.
+    """
+
+    fields: t.Tuple[str, ...] = ()
+    attributes: t.Tuple[str, ...] = ("lineno", "environment")
+    abstract = True
+
+    lineno: int
+    environment: t.Optional["Environment"]
+
+    def __init__(self, *fields: t.Any, **attributes: t.Any) -> None:
+        if self.abstract:
+            raise TypeError("abstract nodes are not instantiable")
+        if fields:
+            if len(fields) != len(self.fields):
+                if not self.fields:
+                    raise TypeError(f"{type(self).__name__!r} takes 0 arguments")
+                raise TypeError(
+                    f"{type(self).__name__!r} takes 0 or {len(self.fields)}"
+                    f" argument{'s' if len(self.fields) != 1 else ''}"
+                )
+            for name, arg in zip(self.fields, fields):
+                setattr(self, name, arg)
+        for attr in self.attributes:
+            setattr(self, attr, attributes.pop(attr, None))
+        if attributes:
+            raise TypeError(f"unknown attribute {next(iter(attributes))!r}")
+
+    def iter_fields(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator[t.Tuple[str, t.Any]]:
+        """This method iterates over all fields that are defined and yields
+        ``(key, value)`` tuples.  Per default all fields are returned, but
+        it's possible to limit that to some fields by providing the `only`
+        parameter or to exclude some using the `exclude` parameter.  Both
+        should be sets or tuples of field names.
+        """
+        for name in self.fields:
+            if (
+                (exclude is None and only is None)
+                or (exclude is not None and name not in exclude)
+                or (only is not None and name in only)
+            ):
+                try:
+                    yield name, getattr(self, name)
+                except AttributeError:
+                    pass
+
+    def iter_child_nodes(
+        self,
+        exclude: t.Optional[t.Container[str]] = None,
+        only: t.Optional[t.Container[str]] = None,
+    ) -> t.Iterator["Node"]:
+        """Iterates over all direct child nodes of the node.  This iterates
+        over all fields and yields the values of they are nodes.  If the value
+        of a field is a list all the nodes in that list are returned.
+        """
+        for _, item in self.iter_fields(exclude, only):
+            if isinstance(item, list):
+                for n in item:
+                    if isinstance(n, Node):
+                        yield n
+            elif isinstance(item, Node):
+                yield item
+
+    def find(self, node_type: t.Type[_NodeBound]) -> t.Optional[_NodeBound]:
+        """Find the first node of a given type.  If no such node exists the
+        return value is `None`.
+        """
+        for result in self.find_all(node_type):
+            return result
+
+        return None
+
+    def find_all(
+        self, node_type: t.Union[t.Type[_NodeBound], t.Tuple[t.Type[_NodeBound], ...]]
+    ) -> t.Iterator[_NodeBound]:
+        """Find all the nodes of a given type.  If the type is a tuple,
+        the check is performed for any of the tuple items.
+        """
+        for child in self.iter_child_nodes():
+            if isinstance(child, node_type):
+                yield child  # type: ignore
+            yield from child.find_all(node_type)
+
+    def set_ctx(self, ctx: str) -> "Node":
+        """Reset the context of a node and all child nodes.  Per default the
+        parser will all generate nodes that have a 'load' context as it's the
+        most common one.  This method is used in the parser to set assignment
+        targets and other nodes to a store context.
+        """
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "ctx" in node.fields:
+                node.ctx = ctx  # type: ignore
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_lineno(self, lineno: int, override: bool = False) -> "Node":
+        """Set the line numbers of the node and children."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            if "lineno" in node.attributes:
+                if node.lineno is None or override:
+                    node.lineno = lineno
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def set_environment(self, environment: "Environment") -> "Node":
+        """Set the environment for all nodes."""
+        todo = deque([self])
+        while todo:
+            node = todo.popleft()
+            node.environment = environment
+            todo.extend(node.iter_child_nodes())
+        return self
+
+    def __eq__(self, other: t.Any) -> bool:
+        if type(self) is not type(other):
+            return NotImplemented
+
+        return tuple(self.iter_fields()) == tuple(other.iter_fields())
+
+    __hash__ = object.__hash__
+
+    def __repr__(self) -> str:
+        args_str = ", ".join(f"{a}={getattr(self, a, None)!r}" for a in self.fields)
+        return f"{type(self).__name__}({args_str})"
+
+    def dump(self) -> str:
+        def _dump(node: t.Union[Node, t.Any]) -> None:
+            if not isinstance(node, Node):
+                buf.append(repr(node))
+                return
+
+            buf.append(f"nodes.{type(node).__name__}(")
+            if not node.fields:
+                buf.append(")")
+                return
+            for idx, field in enumerate(node.fields):
+                if idx:
+                    buf.append(", ")
+                value = getattr(node, field)
+                if isinstance(value, list):
+                    buf.append("[")
+                    for idx, item in enumerate(value):
+                        if idx:
+                            buf.append(", ")
+                        _dump(item)
+                    buf.append("]")
+                else:
+                    _dump(value)
+            buf.append(")")
+
+        buf: t.List[str] = []
+        _dump(self)
+        return "".join(buf)
+
+
+class Stmt(Node):
+    """Base node for all statements."""
+
+    abstract = True
+
+
+class Helper(Node):
+    """Nodes that exist in a specific context only."""
+
+    abstract = True
+
+
+class Template(Node):
+    """Node that represents a template.  This must be the outermost node that
+    is passed to the compiler.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class Output(Stmt):
+    """A node that holds multiple expressions which are then printed out.
+    This is used both for the `print` statement and the regular template data.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List["Expr"]
+
+
+class Extends(Stmt):
+    """Represents an extends statement."""
+
+    fields = ("template",)
+    template: "Expr"
+
+
+class For(Stmt):
+    """The for loop.  `target` is the target for the iteration (usually a
+    :class:`Name` or :class:`Tuple`), `iter` the iterable.  `body` is a list
+    of nodes that are used as loop-body, and `else_` a list of nodes for the
+    `else` block.  If no else node exists it has to be an empty list.
+
+    For filtered nodes an expression can be stored as `test`, otherwise `None`.
+    """
+
+    fields = ("target", "iter", "body", "else_", "test", "recursive")
+    target: Node
+    iter: Node
+    body: t.List[Node]
+    else_: t.List[Node]
+    test: t.Optional[Node]
+    recursive: bool
+
+
+class If(Stmt):
+    """If `test` is true, `body` is rendered, else `else_`."""
+
+    fields = ("test", "body", "elif_", "else_")
+    test: Node
+    body: t.List[Node]
+    elif_: t.List["If"]
+    else_: t.List[Node]
+
+
+class Macro(Stmt):
+    """A macro definition.  `name` is the name of the macro, `args` a list of
+    arguments and `defaults` a list of defaults if there are any.  `body` is
+    a list of nodes for the macro body.
+    """
+
+    fields = ("name", "args", "defaults", "body")
+    name: str
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class CallBlock(Stmt):
+    """Like a macro without a name but a call instead.  `call` is called with
+    the unnamed macro as `caller` argument this node holds.
+    """
+
+    fields = ("call", "args", "defaults", "body")
+    call: "Call"
+    args: t.List["Name"]
+    defaults: t.List["Expr"]
+    body: t.List[Node]
+
+
+class FilterBlock(Stmt):
+    """Node for filter sections."""
+
+    fields = ("body", "filter")
+    body: t.List[Node]
+    filter: "Filter"
+
+
+class With(Stmt):
+    """Specific node for with statements.  In older versions of Jinja the
+    with statement was implemented on the base of the `Scope` node instead.
+
+    .. versionadded:: 2.9.3
+    """
+
+    fields = ("targets", "values", "body")
+    targets: t.List["Expr"]
+    values: t.List["Expr"]
+    body: t.List[Node]
+
+
+class Block(Stmt):
+    """A node that represents a block.
+
+    .. versionchanged:: 3.0.0
+        the `required` field was added.
+    """
+
+    fields = ("name", "body", "scoped", "required")
+    name: str
+    body: t.List[Node]
+    scoped: bool
+    required: bool
+
+
+class Include(Stmt):
+    """A node that represents the include tag."""
+
+    fields = ("template", "with_context", "ignore_missing")
+    template: "Expr"
+    with_context: bool
+    ignore_missing: bool
+
+
+class Import(Stmt):
+    """A node that represents the import tag."""
+
+    fields = ("template", "target", "with_context")
+    template: "Expr"
+    target: str
+    with_context: bool
+
+
+class FromImport(Stmt):
+    """A node that represents the from import tag.  It's important to not
+    pass unsafe names to the name attribute.  The compiler translates the
+    attribute lookups directly into getattr calls and does *not* use the
+    subscript callback of the interface.  As exported variables may not
+    start with double underscores (which the parser asserts) this is not a
+    problem for regular Jinja code, but if this node is used in an extension
+    extra care must be taken.
+
+    The list of names may contain tuples if aliases are wanted.
+    """
+
+    fields = ("template", "names", "with_context")
+    template: "Expr"
+    names: t.List[t.Union[str, t.Tuple[str, str]]]
+    with_context: bool
+
+
+class ExprStmt(Stmt):
+    """A statement that evaluates an expression and discards the result."""
+
+    fields = ("node",)
+    node: Node
+
+
+class Assign(Stmt):
+    """Assigns an expression to a target."""
+
+    fields = ("target", "node")
+    target: "Expr"
+    node: Node
+
+
+class AssignBlock(Stmt):
+    """Assigns a block to a target."""
+
+    fields = ("target", "filter", "body")
+    target: "Expr"
+    filter: t.Optional["Filter"]
+    body: t.List[Node]
+
+
+class Expr(Node):
+    """Baseclass for all expressions."""
+
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        """Return the value of the expression as constant or raise
+        :exc:`Impossible` if this was not possible.
+
+        An :class:`EvalContext` can be provided, if none is given
+        a default context is created which requires the nodes to have
+        an attached environment.
+
+        .. versionchanged:: 2.4
+           the `eval_ctx` parameter was added.
+        """
+        raise Impossible()
+
+    def can_assign(self) -> bool:
+        """Check if it's possible to assign something to this node."""
+        return False
+
+
+class BinExpr(Expr):
+    """Baseclass for all binary expressions."""
+
+    fields = ("left", "right")
+    left: Expr
+    right: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_binops  # type: ignore
+        ):
+            raise Impossible()
+        f = _binop_to_func[self.operator]
+        try:
+            return f(self.left.as_const(eval_ctx), self.right.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class UnaryExpr(Expr):
+    """Baseclass for all unary expressions."""
+
+    fields = ("node",)
+    node: Expr
+    operator: str
+    abstract = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        # intercepted operators cannot be folded at compile time
+        if (
+            eval_ctx.environment.sandboxed
+            and self.operator in eval_ctx.environment.intercepted_unops  # type: ignore
+        ):
+            raise Impossible()
+        f = _uaop_to_func[self.operator]
+        try:
+            return f(self.node.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Name(Expr):
+    """Looks up a name or stores a value in a name.
+    The `ctx` of the node can be one of the following values:
+
+    -   `store`: store a value in the name
+    -   `load`: load that name
+    -   `param`: like `store` but if the name was defined as function parameter.
+    """
+
+    fields = ("name", "ctx")
+    name: str
+    ctx: str
+
+    def can_assign(self) -> bool:
+        return self.name not in {"true", "false", "none", "True", "False", "None"}
+
+
+class NSRef(Expr):
+    """Reference to a namespace value assignment"""
+
+    fields = ("name", "attr")
+    name: str
+    attr: str
+
+    def can_assign(self) -> bool:
+        # We don't need any special checks here; NSRef assignments have a
+        # runtime check to ensure the target is a namespace object which will
+        # have been checked already as it is created using a normal assignment
+        # which goes through a `Name` node.
+        return True
+
+
+class Literal(Expr):
+    """Baseclass for literals."""
+
+    abstract = True
+
+
+class Const(Literal):
+    """All constant values.  The parser will return this node for simple
+    constants such as ``42`` or ``"foo"`` but it can be used to store more
+    complex values such as lists too.  Only constants with a safe
+    representation (objects where ``eval(repr(x)) == x`` is true).
+    """
+
+    fields = ("value",)
+    value: t.Any
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        return self.value
+
+    @classmethod
+    def from_untrusted(
+        cls,
+        value: t.Any,
+        lineno: t.Optional[int] = None,
+        environment: "t.Optional[Environment]" = None,
+    ) -> "Const":
+        """Return a const object if the value is representable as
+        constant value in the generated code, otherwise it will raise
+        an `Impossible` exception.
+        """
+        from .compiler import has_safe_repr
+
+        if not has_safe_repr(value):
+            raise Impossible()
+        return cls(value, lineno=lineno, environment=environment)
+
+
+class TemplateData(Literal):
+    """A constant template string."""
+
+    fields = ("data",)
+    data: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        if eval_ctx.autoescape:
+            return Markup(self.data)
+        return self.data
+
+
+class Tuple(Literal):
+    """For loop unpacking and some other things like multiple arguments
+    for subscripts.  Like for :class:`Name` `ctx` specifies if the tuple
+    is used for loading the names or storing.
+    """
+
+    fields = ("items", "ctx")
+    items: t.List[Expr]
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[t.Any, ...]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return tuple(x.as_const(eval_ctx) for x in self.items)
+
+    def can_assign(self) -> bool:
+        for item in self.items:
+            if not item.can_assign():
+                return False
+        return True
+
+
+class List(Literal):
+    """Any list literal such as ``[1, 2, 3]``"""
+
+    fields = ("items",)
+    items: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.List[t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return [x.as_const(eval_ctx) for x in self.items]
+
+
+class Dict(Literal):
+    """Any dict literal such as ``{1: 2, 3: 4}``.  The items must be a list of
+    :class:`Pair` nodes.
+    """
+
+    fields = ("items",)
+    items: t.List["Pair"]
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Dict[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return dict(x.as_const(eval_ctx) for x in self.items)
+
+
+class Pair(Helper):
+    """A key, value pair for dicts."""
+
+    fields = ("key", "value")
+    key: Expr
+    value: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Tuple[t.Any, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key.as_const(eval_ctx), self.value.as_const(eval_ctx)
+
+
+class Keyword(Helper):
+    """A key, value pair for keyword arguments where key is a string."""
+
+    fields = ("key", "value")
+    key: str
+    value: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Tuple[str, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.key, self.value.as_const(eval_ctx)
+
+
+class CondExpr(Expr):
+    """A conditional expression (inline if expression).  (``{{
+    foo if bar else baz }}``)
+    """
+
+    fields = ("test", "expr1", "expr2")
+    test: Expr
+    expr1: Expr
+    expr2: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if self.test.as_const(eval_ctx):
+            return self.expr1.as_const(eval_ctx)
+
+        # if we evaluate to an undefined object, we better do that at runtime
+        if self.expr2 is None:
+            raise Impossible()
+
+        return self.expr2.as_const(eval_ctx)
+
+
+def args_as_const(
+    node: t.Union["_FilterTestCommon", "Call"], eval_ctx: t.Optional[EvalContext]
+) -> t.Tuple[t.List[t.Any], t.Dict[t.Any, t.Any]]:
+    args = [x.as_const(eval_ctx) for x in node.args]
+    kwargs = dict(x.as_const(eval_ctx) for x in node.kwargs)
+
+    if node.dyn_args is not None:
+        try:
+            args.extend(node.dyn_args.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    if node.dyn_kwargs is not None:
+        try:
+            kwargs.update(node.dyn_kwargs.as_const(eval_ctx))
+        except Exception as e:
+            raise Impossible() from e
+
+    return args, kwargs
+
+
+class _FilterTestCommon(Expr):
+    fields = ("node", "name", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    name: str
+    args: t.List[Expr]
+    kwargs: t.List[Pair]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+    abstract = True
+    _is_filter = True
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        if eval_ctx.volatile:
+            raise Impossible()
+
+        if self._is_filter:
+            env_map = eval_ctx.environment.filters
+        else:
+            env_map = eval_ctx.environment.tests
+
+        func = env_map.get(self.name)
+        pass_arg = _PassArg.from_obj(func)  # type: ignore
+
+        if func is None or pass_arg is _PassArg.context:
+            raise Impossible()
+
+        if eval_ctx.environment.is_async and (
+            getattr(func, "jinja_async_variant", False) is True
+            or inspect.iscoroutinefunction(func)
+        ):
+            raise Impossible()
+
+        args, kwargs = args_as_const(self, eval_ctx)
+        args.insert(0, self.node.as_const(eval_ctx))
+
+        if pass_arg is _PassArg.eval_context:
+            args.insert(0, eval_ctx)
+        elif pass_arg is _PassArg.environment:
+            args.insert(0, eval_ctx.environment)
+
+        try:
+            return func(*args, **kwargs)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Filter(_FilterTestCommon):
+    """Apply a filter to an expression. ``name`` is the name of the
+    filter, the other fields are the same as :class:`Call`.
+
+    If ``node`` is ``None``, the filter is being used in a filter block
+    and is applied to the content of the block.
+    """
+
+    node: t.Optional[Expr]  # type: ignore
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.node is None:
+            raise Impossible()
+
+        return super().as_const(eval_ctx=eval_ctx)
+
+
+class Test(_FilterTestCommon):
+    """Apply a test to an expression. ``name`` is the name of the test,
+    the other field are the same as :class:`Call`.
+
+    .. versionchanged:: 3.0
+        ``as_const`` shares the same logic for filters and tests. Tests
+        check for volatile, async, and ``@pass_context`` etc.
+        decorators.
+    """
+
+    _is_filter = False
+
+
+class Call(Expr):
+    """Calls an expression.  `args` is a list of arguments, `kwargs` a list
+    of keyword arguments (list of :class:`Keyword` nodes), and `dyn_args`
+    and `dyn_kwargs` has to be either `None` or a node that is used as
+    node for dynamic positional (``*args``) or keyword (``**kwargs``)
+    arguments.
+    """
+
+    fields = ("node", "args", "kwargs", "dyn_args", "dyn_kwargs")
+    node: Expr
+    args: t.List[Expr]
+    kwargs: t.List[Keyword]
+    dyn_args: t.Optional[Expr]
+    dyn_kwargs: t.Optional[Expr]
+
+
+class Getitem(Expr):
+    """Get an attribute or item from an expression and prefer the item."""
+
+    fields = ("node", "arg", "ctx")
+    node: Expr
+    arg: Expr
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getitem(
+                self.node.as_const(eval_ctx), self.arg.as_const(eval_ctx)
+            )
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Getattr(Expr):
+    """Get an attribute or item from an expression that is a ascii-only
+    bytestring and prefer the attribute.
+    """
+
+    fields = ("node", "attr", "ctx")
+    node: Expr
+    attr: str
+    ctx: str
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        if self.ctx != "load":
+            raise Impossible()
+
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        try:
+            return eval_ctx.environment.getattr(self.node.as_const(eval_ctx), self.attr)
+        except Exception as e:
+            raise Impossible() from e
+
+
+class Slice(Expr):
+    """Represents a slice object.  This must only be used as argument for
+    :class:`Subscript`.
+    """
+
+    fields = ("start", "stop", "step")
+    start: t.Optional[Expr]
+    stop: t.Optional[Expr]
+    step: t.Optional[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> slice:
+        eval_ctx = get_eval_context(self, eval_ctx)
+
+        def const(obj: t.Optional[Expr]) -> t.Optional[t.Any]:
+            if obj is None:
+                return None
+            return obj.as_const(eval_ctx)
+
+        return slice(const(self.start), const(self.stop), const(self.step))
+
+
+class Concat(Expr):
+    """Concatenates the list of expressions provided after converting
+    them to strings.
+    """
+
+    fields = ("nodes",)
+    nodes: t.List[Expr]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> str:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return "".join(str(x.as_const(eval_ctx)) for x in self.nodes)
+
+
+class Compare(Expr):
+    """Compares an expression with some other expressions.  `ops` must be a
+    list of :class:`Operand`\\s.
+    """
+
+    fields = ("expr", "ops")
+    expr: Expr
+    ops: t.List["Operand"]
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        result = value = self.expr.as_const(eval_ctx)
+
+        try:
+            for op in self.ops:
+                new_value = op.expr.as_const(eval_ctx)
+                result = _cmpop_to_func[op.op](value, new_value)
+
+                if not result:
+                    return False
+
+                value = new_value
+        except Exception as e:
+            raise Impossible() from e
+
+        return result
+
+
+class Operand(Helper):
+    """Holds an operator and an expression."""
+
+    fields = ("op", "expr")
+    op: str
+    expr: Expr
+
+
+class Mul(BinExpr):
+    """Multiplies the left with the right node."""
+
+    operator = "*"
+
+
+class Div(BinExpr):
+    """Divides the left by the right node."""
+
+    operator = "/"
+
+
+class FloorDiv(BinExpr):
+    """Divides the left by the right node and converts the
+    result into an integer by truncating.
+    """
+
+    operator = "//"
+
+
+class Add(BinExpr):
+    """Add the left to the right node."""
+
+    operator = "+"
+
+
+class Sub(BinExpr):
+    """Subtract the right from the left node."""
+
+    operator = "-"
+
+
+class Mod(BinExpr):
+    """Left modulo right."""
+
+    operator = "%"
+
+
+class Pow(BinExpr):
+    """Left to the power of right."""
+
+    operator = "**"
+
+
+class And(BinExpr):
+    """Short circuited AND."""
+
+    operator = "and"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) and self.right.as_const(eval_ctx)
+
+
+class Or(BinExpr):
+    """Short circuited OR."""
+
+    operator = "or"
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> t.Any:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return self.left.as_const(eval_ctx) or self.right.as_const(eval_ctx)
+
+
+class Not(UnaryExpr):
+    """Negate the expression."""
+
+    operator = "not"
+
+
+class Neg(UnaryExpr):
+    """Make the expression negative."""
+
+    operator = "-"
+
+
+class Pos(UnaryExpr):
+    """Make the expression positive (noop for most expressions)"""
+
+    operator = "+"
+
+
+# Helpers for extensions
+
+
+class EnvironmentAttribute(Expr):
+    """Loads an attribute from the environment object.  This is useful for
+    extensions that want to call a callback stored on the environment.
+    """
+
+    fields = ("name",)
+    name: str
+
+
+class ExtensionAttribute(Expr):
+    """Returns the attribute of an extension bound to the environment.
+    The identifier is the identifier of the :class:`Extension`.
+
+    This node is usually constructed by calling the
+    :meth:`~jinja2.ext.Extension.attr` method on an extension.
+    """
+
+    fields = ("identifier", "name")
+    identifier: str
+    name: str
+
+
+class ImportedName(Expr):
+    """If created with an import name the import name is returned on node
+    access.  For example ``ImportedName('cgi.escape')`` returns the `escape`
+    function from the cgi module on evaluation.  Imports are optimized by the
+    compiler so there is no need to assign them to local variables.
+    """
+
+    fields = ("importname",)
+    importname: str
+
+
+class InternalName(Expr):
+    """An internal name in the compiler.  You cannot create these nodes
+    yourself but the parser provides a
+    :meth:`~jinja2.parser.Parser.free_identifier` method that creates
+    a new identifier for you.  This identifier is not available from the
+    template and is not treated specially by the compiler.
+    """
+
+    fields = ("name",)
+    name: str
+
+    def __init__(self) -> None:
+        raise TypeError(
+            "Can't create internal names.  Use the "
+            "`free_identifier` method on a parser."
+        )
+
+
+class MarkSafe(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`)."""
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(self, eval_ctx: t.Optional[EvalContext] = None) -> Markup:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        return Markup(self.expr.as_const(eval_ctx))
+
+
+class MarkSafeIfAutoescape(Expr):
+    """Mark the wrapped expression as safe (wrap it as `Markup`) but
+    only if autoescaping is active.
+
+    .. versionadded:: 2.5
+    """
+
+    fields = ("expr",)
+    expr: Expr
+
+    def as_const(
+        self, eval_ctx: t.Optional[EvalContext] = None
+    ) -> t.Union[Markup, t.Any]:
+        eval_ctx = get_eval_context(self, eval_ctx)
+        if eval_ctx.volatile:
+            raise Impossible()
+        expr = self.expr.as_const(eval_ctx)
+        if eval_ctx.autoescape:
+            return Markup(expr)
+        return expr
+
+
+class ContextReference(Expr):
+    """Returns the current template context.  It can be used like a
+    :class:`Name` node, with a ``'load'`` ctx and will return the
+    current :class:`~jinja2.runtime.Context` object.
+
+    Here an example that assigns the current template name to a
+    variable named `foo`::
+
+        Assign(Name('foo', ctx='store'),
+               Getattr(ContextReference(), 'name'))
+
+    This is basically equivalent to using the
+    :func:`~jinja2.pass_context` decorator when using the high-level
+    API, which causes a reference to the context to be passed as the
+    first argument to a function.
+    """
+
+
+class DerivedContextReference(Expr):
+    """Return the current template context including locals. Behaves
+    exactly like :class:`ContextReference`, but includes local
+    variables, such as from a ``for`` loop.
+
+    .. versionadded:: 2.11
+    """
+
+
+class Continue(Stmt):
+    """Continue a loop."""
+
+
+class Break(Stmt):
+    """Break a loop."""
+
+
+class Scope(Stmt):
+    """An artificial scope."""
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+class OverlayScope(Stmt):
+    """An overlay scope for extensions.  This is a largely unoptimized scope
+    that however can be used to introduce completely arbitrary variables into
+    a sub scope from a dictionary or dictionary like object.  The `context`
+    field has to evaluate to a dictionary object.
+
+    Example usage::
+
+        OverlayScope(context=self.call_method('get_context'),
+                     body=[...])
+
+    .. versionadded:: 2.10
+    """
+
+    fields = ("context", "body")
+    context: Expr
+    body: t.List[Node]
+
+
+class EvalContextModifier(Stmt):
+    """Modifies the eval context.  For each option that should be modified,
+    a :class:`Keyword` has to be added to the :attr:`options` list.
+
+    Example to change the `autoescape` setting::
+
+        EvalContextModifier(options=[Keyword('autoescape', Const(True))])
+    """
+
+    fields = ("options",)
+    options: t.List[Keyword]
+
+
+class ScopedEvalContextModifier(EvalContextModifier):
+    """Modifies the eval context and reverts it later.  Works exactly like
+    :class:`EvalContextModifier` but will only modify the
+    :class:`~jinja2.nodes.EvalContext` for nodes in the :attr:`body`.
+    """
+
+    fields = ("body",)
+    body: t.List[Node]
+
+
+# make sure nobody creates custom nodes
+def _failing_new(*args: t.Any, **kwargs: t.Any) -> "te.NoReturn":
+    raise TypeError("can't create custom node types")
+
+
+NodeType.__new__ = staticmethod(_failing_new)  # type: ignore
+del _failing_new
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/optimizer.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/optimizer.py
new file mode 100644
index 000000000..32d1c717b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/optimizer.py
@@ -0,0 +1,48 @@
+"""The optimizer tries to constant fold expressions and modify the AST
+in place so that it should be faster to evaluate.
+
+Because the AST does not contain all the scoping information and the
+compiler has to find that out, we cannot do all the optimizations we
+want. For example, loop unrolling doesn't work because unrolled loops
+would have a different scope. The solution would be a second syntax tree
+that stored the scoping rules.
+"""
+
+import typing as t
+
+from . import nodes
+from .visitor import NodeTransformer
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def optimize(node: nodes.Node, environment: "Environment") -> nodes.Node:
+    """The context hint can be used to perform an static optimization
+    based on the context given."""
+    optimizer = Optimizer(environment)
+    return t.cast(nodes.Node, optimizer.visit(node))
+
+
+class Optimizer(NodeTransformer):
+    def __init__(self, environment: "t.Optional[Environment]") -> None:
+        self.environment = environment
+
+    def generic_visit(
+        self, node: nodes.Node, *args: t.Any, **kwargs: t.Any
+    ) -> nodes.Node:
+        node = super().generic_visit(node, *args, **kwargs)
+
+        # Do constant folding. Some other nodes besides Expr have
+        # as_const, but folding them causes errors later on.
+        if isinstance(node, nodes.Expr):
+            try:
+                return nodes.Const.from_untrusted(
+                    node.as_const(args[0] if args else None),
+                    lineno=node.lineno,
+                    environment=self.environment,
+                )
+            except nodes.Impossible:
+                pass
+
+        return node
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/parser.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/parser.py
new file mode 100644
index 000000000..0ec997fb4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/parser.py
@@ -0,0 +1,1041 @@
+"""Parse tokens from the lexer into nodes for the compiler."""
+
+import typing
+import typing as t
+
+from . import nodes
+from .exceptions import TemplateAssertionError
+from .exceptions import TemplateSyntaxError
+from .lexer import describe_token
+from .lexer import describe_token_expr
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    from .environment import Environment
+
+_ImportInclude = t.TypeVar("_ImportInclude", nodes.Import, nodes.Include)
+_MacroCall = t.TypeVar("_MacroCall", nodes.Macro, nodes.CallBlock)
+
+_statement_keywords = frozenset(
+    [
+        "for",
+        "if",
+        "block",
+        "extends",
+        "print",
+        "macro",
+        "include",
+        "from",
+        "import",
+        "set",
+        "with",
+        "autoescape",
+    ]
+)
+_compare_operators = frozenset(["eq", "ne", "lt", "lteq", "gt", "gteq"])
+
+_math_nodes: t.Dict[str, t.Type[nodes.Expr]] = {
+    "add": nodes.Add,
+    "sub": nodes.Sub,
+    "mul": nodes.Mul,
+    "div": nodes.Div,
+    "floordiv": nodes.FloorDiv,
+    "mod": nodes.Mod,
+}
+
+
+class Parser:
+    """This is the central parsing class Jinja uses.  It's passed to
+    extensions and can be used to parse expressions or statements.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        source: str,
+        name: t.Optional[str] = None,
+        filename: t.Optional[str] = None,
+        state: t.Optional[str] = None,
+    ) -> None:
+        self.environment = environment
+        self.stream = environment._tokenize(source, name, filename, state)
+        self.name = name
+        self.filename = filename
+        self.closed = False
+        self.extensions: t.Dict[
+            str, t.Callable[["Parser"], t.Union[nodes.Node, t.List[nodes.Node]]]
+        ] = {}
+        for extension in environment.iter_extensions():
+            for tag in extension.tags:
+                self.extensions[tag] = extension.parse
+        self._last_identifier = 0
+        self._tag_stack: t.List[str] = []
+        self._end_token_stack: t.List[t.Tuple[str, ...]] = []
+
+    def fail(
+        self,
+        msg: str,
+        lineno: t.Optional[int] = None,
+        exc: t.Type[TemplateSyntaxError] = TemplateSyntaxError,
+    ) -> "te.NoReturn":
+        """Convenience method that raises `exc` with the message, passed
+        line number or last line number as well as the current name and
+        filename.
+        """
+        if lineno is None:
+            lineno = self.stream.current.lineno
+        raise exc(msg, lineno, self.name, self.filename)
+
+    def _fail_ut_eof(
+        self,
+        name: t.Optional[str],
+        end_token_stack: t.List[t.Tuple[str, ...]],
+        lineno: t.Optional[int],
+    ) -> "te.NoReturn":
+        expected: t.Set[str] = set()
+        for exprs in end_token_stack:
+            expected.update(map(describe_token_expr, exprs))
+        if end_token_stack:
+            currently_looking: t.Optional[str] = " or ".join(
+                map(repr, map(describe_token_expr, end_token_stack[-1]))
+            )
+        else:
+            currently_looking = None
+
+        if name is None:
+            message = ["Unexpected end of template."]
+        else:
+            message = [f"Encountered unknown tag {name!r}."]
+
+        if currently_looking:
+            if name is not None and name in expected:
+                message.append(
+                    "You probably made a nesting mistake. Jinja is expecting this tag,"
+                    f" but currently looking for {currently_looking}."
+                )
+            else:
+                message.append(
+                    f"Jinja was looking for the following tags: {currently_looking}."
+                )
+
+        if self._tag_stack:
+            message.append(
+                "The innermost block that needs to be closed is"
+                f" {self._tag_stack[-1]!r}."
+            )
+
+        self.fail(" ".join(message), lineno)
+
+    def fail_unknown_tag(
+        self, name: str, lineno: t.Optional[int] = None
+    ) -> "te.NoReturn":
+        """Called if the parser encounters an unknown tag.  Tries to fail
+        with a human readable error message that could help to identify
+        the problem.
+        """
+        self._fail_ut_eof(name, self._end_token_stack, lineno)
+
+    def fail_eof(
+        self,
+        end_tokens: t.Optional[t.Tuple[str, ...]] = None,
+        lineno: t.Optional[int] = None,
+    ) -> "te.NoReturn":
+        """Like fail_unknown_tag but for end of template situations."""
+        stack = list(self._end_token_stack)
+        if end_tokens is not None:
+            stack.append(end_tokens)
+        self._fail_ut_eof(None, stack, lineno)
+
+    def is_tuple_end(
+        self, extra_end_rules: t.Optional[t.Tuple[str, ...]] = None
+    ) -> bool:
+        """Are we at the end of a tuple?"""
+        if self.stream.current.type in ("variable_end", "block_end", "rparen"):
+            return True
+        elif extra_end_rules is not None:
+            return self.stream.current.test_any(extra_end_rules)  # type: ignore
+        return False
+
+    def free_identifier(self, lineno: t.Optional[int] = None) -> nodes.InternalName:
+        """Return a new free identifier as :class:`~jinja2.nodes.InternalName`."""
+        self._last_identifier += 1
+        rv = object.__new__(nodes.InternalName)
+        nodes.Node.__init__(rv, f"fi{self._last_identifier}", lineno=lineno)
+        return rv
+
+    def parse_statement(self) -> t.Union[nodes.Node, t.List[nodes.Node]]:
+        """Parse a single statement."""
+        token = self.stream.current
+        if token.type != "name":
+            self.fail("tag name expected", token.lineno)
+        self._tag_stack.append(token.value)
+        pop_tag = True
+        try:
+            if token.value in _statement_keywords:
+                f = getattr(self, f"parse_{self.stream.current.value}")
+                return f()  # type: ignore
+            if token.value == "call":
+                return self.parse_call_block()
+            if token.value == "filter":
+                return self.parse_filter_block()
+            ext = self.extensions.get(token.value)
+            if ext is not None:
+                return ext(self)
+
+            # did not work out, remove the token we pushed by accident
+            # from the stack so that the unknown tag fail function can
+            # produce a proper error message.
+            self._tag_stack.pop()
+            pop_tag = False
+            self.fail_unknown_tag(token.value, token.lineno)
+        finally:
+            if pop_tag:
+                self._tag_stack.pop()
+
+    def parse_statements(
+        self, end_tokens: t.Tuple[str, ...], drop_needle: bool = False
+    ) -> t.List[nodes.Node]:
+        """Parse multiple statements into a list until one of the end tokens
+        is reached.  This is used to parse the body of statements as it also
+        parses template data if appropriate.  The parser checks first if the
+        current token is a colon and skips it if there is one.  Then it checks
+        for the block end and parses until if one of the `end_tokens` is
+        reached.  Per default the active token in the stream at the end of
+        the call is the matched end token.  If this is not wanted `drop_needle`
+        can be set to `True` and the end token is removed.
+        """
+        # the first token may be a colon for python compatibility
+        self.stream.skip_if("colon")
+
+        # in the future it would be possible to add whole code sections
+        # by adding some sort of end of statement token and parsing those here.
+        self.stream.expect("block_end")
+        result = self.subparse(end_tokens)
+
+        # we reached the end of the template too early, the subparser
+        # does not check for this, so we do that now
+        if self.stream.current.type == "eof":
+            self.fail_eof(end_tokens)
+
+        if drop_needle:
+            next(self.stream)
+        return result
+
+    def parse_set(self) -> t.Union[nodes.Assign, nodes.AssignBlock]:
+        """Parse an assign statement."""
+        lineno = next(self.stream).lineno
+        target = self.parse_assign_target(with_namespace=True)
+        if self.stream.skip_if("assign"):
+            expr = self.parse_tuple()
+            return nodes.Assign(target, expr, lineno=lineno)
+        filter_node = self.parse_filter(None)
+        body = self.parse_statements(("name:endset",), drop_needle=True)
+        return nodes.AssignBlock(target, filter_node, body, lineno=lineno)
+
+    def parse_for(self) -> nodes.For:
+        """Parse a for loop."""
+        lineno = self.stream.expect("name:for").lineno
+        target = self.parse_assign_target(extra_end_rules=("name:in",))
+        self.stream.expect("name:in")
+        iter = self.parse_tuple(
+            with_condexpr=False, extra_end_rules=("name:recursive",)
+        )
+        test = None
+        if self.stream.skip_if("name:if"):
+            test = self.parse_expression()
+        recursive = self.stream.skip_if("name:recursive")
+        body = self.parse_statements(("name:endfor", "name:else"))
+        if next(self.stream).value == "endfor":
+            else_ = []
+        else:
+            else_ = self.parse_statements(("name:endfor",), drop_needle=True)
+        return nodes.For(target, iter, body, else_, test, recursive, lineno=lineno)
+
+    def parse_if(self) -> nodes.If:
+        """Parse an if construct."""
+        node = result = nodes.If(lineno=self.stream.expect("name:if").lineno)
+        while True:
+            node.test = self.parse_tuple(with_condexpr=False)
+            node.body = self.parse_statements(("name:elif", "name:else", "name:endif"))
+            node.elif_ = []
+            node.else_ = []
+            token = next(self.stream)
+            if token.test("name:elif"):
+                node = nodes.If(lineno=self.stream.current.lineno)
+                result.elif_.append(node)
+                continue
+            elif token.test("name:else"):
+                result.else_ = self.parse_statements(("name:endif",), drop_needle=True)
+            break
+        return result
+
+    def parse_with(self) -> nodes.With:
+        node = nodes.With(lineno=next(self.stream).lineno)
+        targets: t.List[nodes.Expr] = []
+        values: t.List[nodes.Expr] = []
+        while self.stream.current.type != "block_end":
+            if targets:
+                self.stream.expect("comma")
+            target = self.parse_assign_target()
+            target.set_ctx("param")
+            targets.append(target)
+            self.stream.expect("assign")
+            values.append(self.parse_expression())
+        node.targets = targets
+        node.values = values
+        node.body = self.parse_statements(("name:endwith",), drop_needle=True)
+        return node
+
+    def parse_autoescape(self) -> nodes.Scope:
+        node = nodes.ScopedEvalContextModifier(lineno=next(self.stream).lineno)
+        node.options = [nodes.Keyword("autoescape", self.parse_expression())]
+        node.body = self.parse_statements(("name:endautoescape",), drop_needle=True)
+        return nodes.Scope([node])
+
+    def parse_block(self) -> nodes.Block:
+        node = nodes.Block(lineno=next(self.stream).lineno)
+        node.name = self.stream.expect("name").value
+        node.scoped = self.stream.skip_if("name:scoped")
+        node.required = self.stream.skip_if("name:required")
+
+        # common problem people encounter when switching from django
+        # to jinja.  we do not support hyphens in block names, so let's
+        # raise a nicer error message in that case.
+        if self.stream.current.type == "sub":
+            self.fail(
+                "Block names in Jinja have to be valid Python identifiers and may not"
+                " contain hyphens, use an underscore instead."
+            )
+
+        node.body = self.parse_statements(("name:endblock",), drop_needle=True)
+
+        # enforce that required blocks only contain whitespace or comments
+        # by asserting that the body, if not empty, is just TemplateData nodes
+        # with whitespace data
+        if node.required:
+            for body_node in node.body:
+                if not isinstance(body_node, nodes.Output) or any(
+                    not isinstance(output_node, nodes.TemplateData)
+                    or not output_node.data.isspace()
+                    for output_node in body_node.nodes
+                ):
+                    self.fail("Required blocks can only contain comments or whitespace")
+
+        self.stream.skip_if("name:" + node.name)
+        return node
+
+    def parse_extends(self) -> nodes.Extends:
+        node = nodes.Extends(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        return node
+
+    def parse_import_context(
+        self, node: _ImportInclude, default: bool
+    ) -> _ImportInclude:
+        if self.stream.current.test_any(
+            "name:with", "name:without"
+        ) and self.stream.look().test("name:context"):
+            node.with_context = next(self.stream).value == "with"
+            self.stream.skip()
+        else:
+            node.with_context = default
+        return node
+
+    def parse_include(self) -> nodes.Include:
+        node = nodes.Include(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        if self.stream.current.test("name:ignore") and self.stream.look().test(
+            "name:missing"
+        ):
+            node.ignore_missing = True
+            self.stream.skip(2)
+        else:
+            node.ignore_missing = False
+        return self.parse_import_context(node, True)
+
+    def parse_import(self) -> nodes.Import:
+        node = nodes.Import(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:as")
+        node.target = self.parse_assign_target(name_only=True).name
+        return self.parse_import_context(node, False)
+
+    def parse_from(self) -> nodes.FromImport:
+        node = nodes.FromImport(lineno=next(self.stream).lineno)
+        node.template = self.parse_expression()
+        self.stream.expect("name:import")
+        node.names = []
+
+        def parse_context() -> bool:
+            if self.stream.current.value in {
+                "with",
+                "without",
+            } and self.stream.look().test("name:context"):
+                node.with_context = next(self.stream).value == "with"
+                self.stream.skip()
+                return True
+            return False
+
+        while True:
+            if node.names:
+                self.stream.expect("comma")
+            if self.stream.current.type == "name":
+                if parse_context():
+                    break
+                target = self.parse_assign_target(name_only=True)
+                if target.name.startswith("_"):
+                    self.fail(
+                        "names starting with an underline can not be imported",
+                        target.lineno,
+                        exc=TemplateAssertionError,
+                    )
+                if self.stream.skip_if("name:as"):
+                    alias = self.parse_assign_target(name_only=True)
+                    node.names.append((target.name, alias.name))
+                else:
+                    node.names.append(target.name)
+                if parse_context() or self.stream.current.type != "comma":
+                    break
+            else:
+                self.stream.expect("name")
+        if not hasattr(node, "with_context"):
+            node.with_context = False
+        return node
+
+    def parse_signature(self, node: _MacroCall) -> None:
+        args = node.args = []
+        defaults = node.defaults = []
+        self.stream.expect("lparen")
+        while self.stream.current.type != "rparen":
+            if args:
+                self.stream.expect("comma")
+            arg = self.parse_assign_target(name_only=True)
+            arg.set_ctx("param")
+            if self.stream.skip_if("assign"):
+                defaults.append(self.parse_expression())
+            elif defaults:
+                self.fail("non-default argument follows default argument")
+            args.append(arg)
+        self.stream.expect("rparen")
+
+    def parse_call_block(self) -> nodes.CallBlock:
+        node = nodes.CallBlock(lineno=next(self.stream).lineno)
+        if self.stream.current.type == "lparen":
+            self.parse_signature(node)
+        else:
+            node.args = []
+            node.defaults = []
+
+        call_node = self.parse_expression()
+        if not isinstance(call_node, nodes.Call):
+            self.fail("expected call", node.lineno)
+        node.call = call_node
+        node.body = self.parse_statements(("name:endcall",), drop_needle=True)
+        return node
+
+    def parse_filter_block(self) -> nodes.FilterBlock:
+        node = nodes.FilterBlock(lineno=next(self.stream).lineno)
+        node.filter = self.parse_filter(None, start_inline=True)  # type: ignore
+        node.body = self.parse_statements(("name:endfilter",), drop_needle=True)
+        return node
+
+    def parse_macro(self) -> nodes.Macro:
+        node = nodes.Macro(lineno=next(self.stream).lineno)
+        node.name = self.parse_assign_target(name_only=True).name
+        self.parse_signature(node)
+        node.body = self.parse_statements(("name:endmacro",), drop_needle=True)
+        return node
+
+    def parse_print(self) -> nodes.Output:
+        node = nodes.Output(lineno=next(self.stream).lineno)
+        node.nodes = []
+        while self.stream.current.type != "block_end":
+            if node.nodes:
+                self.stream.expect("comma")
+            node.nodes.append(self.parse_expression())
+        return node
+
+    @typing.overload
+    def parse_assign_target(
+        self, with_tuple: bool = ..., name_only: "te.Literal[True]" = ...
+    ) -> nodes.Name: ...
+
+    @typing.overload
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]: ...
+
+    def parse_assign_target(
+        self,
+        with_tuple: bool = True,
+        name_only: bool = False,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        with_namespace: bool = False,
+    ) -> t.Union[nodes.NSRef, nodes.Name, nodes.Tuple]:
+        """Parse an assignment target.  As Jinja allows assignments to
+        tuples, this function can parse all allowed assignment targets.  Per
+        default assignments to tuples are parsed, that can be disable however
+        by setting `with_tuple` to `False`.  If only assignments to names are
+        wanted `name_only` can be set to `True`.  The `extra_end_rules`
+        parameter is forwarded to the tuple parsing function.  If
+        `with_namespace` is enabled, a namespace assignment may be parsed.
+        """
+        target: nodes.Expr
+
+        if with_namespace and self.stream.look().type == "dot":
+            token = self.stream.expect("name")
+            next(self.stream)  # dot
+            attr = self.stream.expect("name")
+            target = nodes.NSRef(token.value, attr.value, lineno=token.lineno)
+        elif name_only:
+            token = self.stream.expect("name")
+            target = nodes.Name(token.value, "store", lineno=token.lineno)
+        else:
+            if with_tuple:
+                target = self.parse_tuple(
+                    simplified=True, extra_end_rules=extra_end_rules
+                )
+            else:
+                target = self.parse_primary()
+
+            target.set_ctx("store")
+
+        if not target.can_assign():
+            self.fail(
+                f"can't assign to {type(target).__name__.lower()!r}", target.lineno
+            )
+
+        return target  # type: ignore
+
+    def parse_expression(self, with_condexpr: bool = True) -> nodes.Expr:
+        """Parse an expression.  Per default all expressions are parsed, if
+        the optional `with_condexpr` parameter is set to `False` conditional
+        expressions are not parsed.
+        """
+        if with_condexpr:
+            return self.parse_condexpr()
+        return self.parse_or()
+
+    def parse_condexpr(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr1 = self.parse_or()
+        expr3: t.Optional[nodes.Expr]
+
+        while self.stream.skip_if("name:if"):
+            expr2 = self.parse_or()
+            if self.stream.skip_if("name:else"):
+                expr3 = self.parse_condexpr()
+            else:
+                expr3 = None
+            expr1 = nodes.CondExpr(expr2, expr1, expr3, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return expr1
+
+    def parse_or(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_and()
+        while self.stream.skip_if("name:or"):
+            right = self.parse_and()
+            left = nodes.Or(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_and(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_not()
+        while self.stream.skip_if("name:and"):
+            right = self.parse_not()
+            left = nodes.And(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_not(self) -> nodes.Expr:
+        if self.stream.current.test("name:not"):
+            lineno = next(self.stream).lineno
+            return nodes.Not(self.parse_not(), lineno=lineno)
+        return self.parse_compare()
+
+    def parse_compare(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        expr = self.parse_math1()
+        ops = []
+        while True:
+            token_type = self.stream.current.type
+            if token_type in _compare_operators:
+                next(self.stream)
+                ops.append(nodes.Operand(token_type, self.parse_math1()))
+            elif self.stream.skip_if("name:in"):
+                ops.append(nodes.Operand("in", self.parse_math1()))
+            elif self.stream.current.test("name:not") and self.stream.look().test(
+                "name:in"
+            ):
+                self.stream.skip(2)
+                ops.append(nodes.Operand("notin", self.parse_math1()))
+            else:
+                break
+            lineno = self.stream.current.lineno
+        if not ops:
+            return expr
+        return nodes.Compare(expr, ops, lineno=lineno)
+
+    def parse_math1(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_concat()
+        while self.stream.current.type in ("add", "sub"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_concat()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_concat(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args = [self.parse_math2()]
+        while self.stream.current.type == "tilde":
+            next(self.stream)
+            args.append(self.parse_math2())
+        if len(args) == 1:
+            return args[0]
+        return nodes.Concat(args, lineno=lineno)
+
+    def parse_math2(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_pow()
+        while self.stream.current.type in ("mul", "div", "floordiv", "mod"):
+            cls = _math_nodes[self.stream.current.type]
+            next(self.stream)
+            right = self.parse_pow()
+            left = cls(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_pow(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        left = self.parse_unary()
+        while self.stream.current.type == "pow":
+            next(self.stream)
+            right = self.parse_unary()
+            left = nodes.Pow(left, right, lineno=lineno)
+            lineno = self.stream.current.lineno
+        return left
+
+    def parse_unary(self, with_filter: bool = True) -> nodes.Expr:
+        token_type = self.stream.current.type
+        lineno = self.stream.current.lineno
+        node: nodes.Expr
+
+        if token_type == "sub":
+            next(self.stream)
+            node = nodes.Neg(self.parse_unary(False), lineno=lineno)
+        elif token_type == "add":
+            next(self.stream)
+            node = nodes.Pos(self.parse_unary(False), lineno=lineno)
+        else:
+            node = self.parse_primary()
+        node = self.parse_postfix(node)
+        if with_filter:
+            node = self.parse_filter_expr(node)
+        return node
+
+    def parse_primary(self) -> nodes.Expr:
+        token = self.stream.current
+        node: nodes.Expr
+        if token.type == "name":
+            if token.value in ("true", "false", "True", "False"):
+                node = nodes.Const(token.value in ("true", "True"), lineno=token.lineno)
+            elif token.value in ("none", "None"):
+                node = nodes.Const(None, lineno=token.lineno)
+            else:
+                node = nodes.Name(token.value, "load", lineno=token.lineno)
+            next(self.stream)
+        elif token.type == "string":
+            next(self.stream)
+            buf = [token.value]
+            lineno = token.lineno
+            while self.stream.current.type == "string":
+                buf.append(self.stream.current.value)
+                next(self.stream)
+            node = nodes.Const("".join(buf), lineno=lineno)
+        elif token.type in ("integer", "float"):
+            next(self.stream)
+            node = nodes.Const(token.value, lineno=token.lineno)
+        elif token.type == "lparen":
+            next(self.stream)
+            node = self.parse_tuple(explicit_parentheses=True)
+            self.stream.expect("rparen")
+        elif token.type == "lbracket":
+            node = self.parse_list()
+        elif token.type == "lbrace":
+            node = self.parse_dict()
+        else:
+            self.fail(f"unexpected {describe_token(token)!r}", token.lineno)
+        return node
+
+    def parse_tuple(
+        self,
+        simplified: bool = False,
+        with_condexpr: bool = True,
+        extra_end_rules: t.Optional[t.Tuple[str, ...]] = None,
+        explicit_parentheses: bool = False,
+    ) -> t.Union[nodes.Tuple, nodes.Expr]:
+        """Works like `parse_expression` but if multiple expressions are
+        delimited by a comma a :class:`~jinja2.nodes.Tuple` node is created.
+        This method could also return a regular expression instead of a tuple
+        if no commas where found.
+
+        The default parsing mode is a full tuple.  If `simplified` is `True`
+        only names and literals are parsed.  The `no_condexpr` parameter is
+        forwarded to :meth:`parse_expression`.
+
+        Because tuples do not require delimiters and may end in a bogus comma
+        an extra hint is needed that marks the end of a tuple.  For example
+        for loops support tuples between `for` and `in`.  In that case the
+        `extra_end_rules` is set to ``['name:in']``.
+
+        `explicit_parentheses` is true if the parsing was triggered by an
+        expression in parentheses.  This is used to figure out if an empty
+        tuple is a valid expression or not.
+        """
+        lineno = self.stream.current.lineno
+        if simplified:
+            parse = self.parse_primary
+        elif with_condexpr:
+            parse = self.parse_expression
+        else:
+
+            def parse() -> nodes.Expr:
+                return self.parse_expression(with_condexpr=False)
+
+        args: t.List[nodes.Expr] = []
+        is_tuple = False
+
+        while True:
+            if args:
+                self.stream.expect("comma")
+            if self.is_tuple_end(extra_end_rules):
+                break
+            args.append(parse())
+            if self.stream.current.type == "comma":
+                is_tuple = True
+            else:
+                break
+            lineno = self.stream.current.lineno
+
+        if not is_tuple:
+            if args:
+                return args[0]
+
+            # if we don't have explicit parentheses, an empty tuple is
+            # not a valid expression.  This would mean nothing (literally
+            # nothing) in the spot of an expression would be an empty
+            # tuple.
+            if not explicit_parentheses:
+                self.fail(
+                    "Expected an expression,"
+                    f" got {describe_token(self.stream.current)!r}"
+                )
+
+        return nodes.Tuple(args, "load", lineno=lineno)
+
+    def parse_list(self) -> nodes.List:
+        token = self.stream.expect("lbracket")
+        items: t.List[nodes.Expr] = []
+        while self.stream.current.type != "rbracket":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbracket":
+                break
+            items.append(self.parse_expression())
+        self.stream.expect("rbracket")
+        return nodes.List(items, lineno=token.lineno)
+
+    def parse_dict(self) -> nodes.Dict:
+        token = self.stream.expect("lbrace")
+        items: t.List[nodes.Pair] = []
+        while self.stream.current.type != "rbrace":
+            if items:
+                self.stream.expect("comma")
+            if self.stream.current.type == "rbrace":
+                break
+            key = self.parse_expression()
+            self.stream.expect("colon")
+            value = self.parse_expression()
+            items.append(nodes.Pair(key, value, lineno=key.lineno))
+        self.stream.expect("rbrace")
+        return nodes.Dict(items, lineno=token.lineno)
+
+    def parse_postfix(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "dot" or token_type == "lbracket":
+                node = self.parse_subscript(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_filter_expr(self, node: nodes.Expr) -> nodes.Expr:
+        while True:
+            token_type = self.stream.current.type
+            if token_type == "pipe":
+                node = self.parse_filter(node)  # type: ignore
+            elif token_type == "name" and self.stream.current.value == "is":
+                node = self.parse_test(node)
+            # calls are valid both after postfix expressions (getattr
+            # and getitem) as well as filters and tests
+            elif token_type == "lparen":
+                node = self.parse_call(node)
+            else:
+                break
+        return node
+
+    def parse_subscript(
+        self, node: nodes.Expr
+    ) -> t.Union[nodes.Getattr, nodes.Getitem]:
+        token = next(self.stream)
+        arg: nodes.Expr
+
+        if token.type == "dot":
+            attr_token = self.stream.current
+            next(self.stream)
+            if attr_token.type == "name":
+                return nodes.Getattr(
+                    node, attr_token.value, "load", lineno=token.lineno
+                )
+            elif attr_token.type != "integer":
+                self.fail("expected name or number", attr_token.lineno)
+            arg = nodes.Const(attr_token.value, lineno=attr_token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        if token.type == "lbracket":
+            args: t.List[nodes.Expr] = []
+            while self.stream.current.type != "rbracket":
+                if args:
+                    self.stream.expect("comma")
+                args.append(self.parse_subscribed())
+            self.stream.expect("rbracket")
+            if len(args) == 1:
+                arg = args[0]
+            else:
+                arg = nodes.Tuple(args, "load", lineno=token.lineno)
+            return nodes.Getitem(node, arg, "load", lineno=token.lineno)
+        self.fail("expected subscript expression", token.lineno)
+
+    def parse_subscribed(self) -> nodes.Expr:
+        lineno = self.stream.current.lineno
+        args: t.List[t.Optional[nodes.Expr]]
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            args = [None]
+        else:
+            node = self.parse_expression()
+            if self.stream.current.type != "colon":
+                return node
+            next(self.stream)
+            args = [node]
+
+        if self.stream.current.type == "colon":
+            args.append(None)
+        elif self.stream.current.type not in ("rbracket", "comma"):
+            args.append(self.parse_expression())
+        else:
+            args.append(None)
+
+        if self.stream.current.type == "colon":
+            next(self.stream)
+            if self.stream.current.type not in ("rbracket", "comma"):
+                args.append(self.parse_expression())
+            else:
+                args.append(None)
+        else:
+            args.append(None)
+
+        return nodes.Slice(lineno=lineno, *args)  # noqa: B026
+
+    def parse_call_args(
+        self,
+    ) -> t.Tuple[
+        t.List[nodes.Expr],
+        t.List[nodes.Keyword],
+        t.Optional[nodes.Expr],
+        t.Optional[nodes.Expr],
+    ]:
+        token = self.stream.expect("lparen")
+        args = []
+        kwargs = []
+        dyn_args = None
+        dyn_kwargs = None
+        require_comma = False
+
+        def ensure(expr: bool) -> None:
+            if not expr:
+                self.fail("invalid syntax for function call expression", token.lineno)
+
+        while self.stream.current.type != "rparen":
+            if require_comma:
+                self.stream.expect("comma")
+
+                # support for trailing comma
+                if self.stream.current.type == "rparen":
+                    break
+
+            if self.stream.current.type == "mul":
+                ensure(dyn_args is None and dyn_kwargs is None)
+                next(self.stream)
+                dyn_args = self.parse_expression()
+            elif self.stream.current.type == "pow":
+                ensure(dyn_kwargs is None)
+                next(self.stream)
+                dyn_kwargs = self.parse_expression()
+            else:
+                if (
+                    self.stream.current.type == "name"
+                    and self.stream.look().type == "assign"
+                ):
+                    # Parsing a kwarg
+                    ensure(dyn_kwargs is None)
+                    key = self.stream.current.value
+                    self.stream.skip(2)
+                    value = self.parse_expression()
+                    kwargs.append(nodes.Keyword(key, value, lineno=value.lineno))
+                else:
+                    # Parsing an arg
+                    ensure(dyn_args is None and dyn_kwargs is None and not kwargs)
+                    args.append(self.parse_expression())
+
+            require_comma = True
+
+        self.stream.expect("rparen")
+        return args, kwargs, dyn_args, dyn_kwargs
+
+    def parse_call(self, node: nodes.Expr) -> nodes.Call:
+        # The lparen will be expected in parse_call_args, but the lineno
+        # needs to be recorded before the stream is advanced.
+        token = self.stream.current
+        args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        return nodes.Call(node, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno)
+
+    def parse_filter(
+        self, node: t.Optional[nodes.Expr], start_inline: bool = False
+    ) -> t.Optional[nodes.Expr]:
+        while self.stream.current.type == "pipe" or start_inline:
+            if not start_inline:
+                next(self.stream)
+            token = self.stream.expect("name")
+            name = token.value
+            while self.stream.current.type == "dot":
+                next(self.stream)
+                name += "." + self.stream.expect("name").value
+            if self.stream.current.type == "lparen":
+                args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+            else:
+                args = []
+                kwargs = []
+                dyn_args = dyn_kwargs = None
+            node = nodes.Filter(
+                node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+            )
+            start_inline = False
+        return node
+
+    def parse_test(self, node: nodes.Expr) -> nodes.Expr:
+        token = next(self.stream)
+        if self.stream.current.test("name:not"):
+            next(self.stream)
+            negated = True
+        else:
+            negated = False
+        name = self.stream.expect("name").value
+        while self.stream.current.type == "dot":
+            next(self.stream)
+            name += "." + self.stream.expect("name").value
+        dyn_args = dyn_kwargs = None
+        kwargs: t.List[nodes.Keyword] = []
+        if self.stream.current.type == "lparen":
+            args, kwargs, dyn_args, dyn_kwargs = self.parse_call_args()
+        elif self.stream.current.type in {
+            "name",
+            "string",
+            "integer",
+            "float",
+            "lparen",
+            "lbracket",
+            "lbrace",
+        } and not self.stream.current.test_any("name:else", "name:or", "name:and"):
+            if self.stream.current.test("name:is"):
+                self.fail("You cannot chain multiple tests with is")
+            arg_node = self.parse_primary()
+            arg_node = self.parse_postfix(arg_node)
+            args = [arg_node]
+        else:
+            args = []
+        node = nodes.Test(
+            node, name, args, kwargs, dyn_args, dyn_kwargs, lineno=token.lineno
+        )
+        if negated:
+            node = nodes.Not(node, lineno=token.lineno)
+        return node
+
+    def subparse(
+        self, end_tokens: t.Optional[t.Tuple[str, ...]] = None
+    ) -> t.List[nodes.Node]:
+        body: t.List[nodes.Node] = []
+        data_buffer: t.List[nodes.Node] = []
+        add_data = data_buffer.append
+
+        if end_tokens is not None:
+            self._end_token_stack.append(end_tokens)
+
+        def flush_data() -> None:
+            if data_buffer:
+                lineno = data_buffer[0].lineno
+                body.append(nodes.Output(data_buffer[:], lineno=lineno))
+                del data_buffer[:]
+
+        try:
+            while self.stream:
+                token = self.stream.current
+                if token.type == "data":
+                    if token.value:
+                        add_data(nodes.TemplateData(token.value, lineno=token.lineno))
+                    next(self.stream)
+                elif token.type == "variable_begin":
+                    next(self.stream)
+                    add_data(self.parse_tuple(with_condexpr=True))
+                    self.stream.expect("variable_end")
+                elif token.type == "block_begin":
+                    flush_data()
+                    next(self.stream)
+                    if end_tokens is not None and self.stream.current.test_any(
+                        *end_tokens
+                    ):
+                        return body
+                    rv = self.parse_statement()
+                    if isinstance(rv, list):
+                        body.extend(rv)
+                    else:
+                        body.append(rv)
+                    self.stream.expect("block_end")
+                else:
+                    raise AssertionError("internal parsing error")
+
+            flush_data()
+        finally:
+            if end_tokens is not None:
+                self._end_token_stack.pop()
+        return body
+
+    def parse(self) -> nodes.Template:
+        """Parse the whole template into a `Template` node."""
+        result = nodes.Template(self.subparse(), lineno=1)
+        result.set_environment(self.environment)
+        return result
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/py.typed b/lib/go-jinja2/internal/data/windows-amd64/jinja2/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/runtime.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/runtime.py
new file mode 100644
index 000000000..4325c8deb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/runtime.py
@@ -0,0 +1,1056 @@
+"""The runtime functions and state used by compiled templates."""
+
+import functools
+import sys
+import typing as t
+from collections import abc
+from itertools import chain
+
+from markupsafe import escape  # noqa: F401
+from markupsafe import Markup
+from markupsafe import soft_str
+
+from .async_utils import auto_aiter
+from .async_utils import auto_await  # noqa: F401
+from .exceptions import TemplateNotFound  # noqa: F401
+from .exceptions import TemplateRuntimeError  # noqa: F401
+from .exceptions import UndefinedError
+from .nodes import EvalContext
+from .utils import _PassArg
+from .utils import concat
+from .utils import internalcode
+from .utils import missing
+from .utils import Namespace  # noqa: F401
+from .utils import object_type_repr
+from .utils import pass_eval_context
+
+V = t.TypeVar("V")
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+if t.TYPE_CHECKING:
+    import logging
+
+    import typing_extensions as te
+
+    from .environment import Environment
+
+    class LoopRenderFunc(te.Protocol):
+        def __call__(
+            self,
+            reciter: t.Iterable[V],
+            loop_render_func: "LoopRenderFunc",
+            depth: int = 0,
+        ) -> str: ...
+
+
+# these variables are exported to the template runtime
+exported = [
+    "LoopContext",
+    "TemplateReference",
+    "Macro",
+    "Markup",
+    "TemplateRuntimeError",
+    "missing",
+    "escape",
+    "markup_join",
+    "str_join",
+    "identity",
+    "TemplateNotFound",
+    "Namespace",
+    "Undefined",
+    "internalcode",
+]
+async_exported = [
+    "AsyncLoopContext",
+    "auto_aiter",
+    "auto_await",
+]
+
+
+def identity(x: V) -> V:
+    """Returns its argument. Useful for certain things in the
+    environment.
+    """
+    return x
+
+
+def markup_join(seq: t.Iterable[t.Any]) -> str:
+    """Concatenation that escapes if necessary and converts to string."""
+    buf = []
+    iterator = map(soft_str, seq)
+    for arg in iterator:
+        buf.append(arg)
+        if hasattr(arg, "__html__"):
+            return Markup("").join(chain(buf, iterator))
+    return concat(buf)
+
+
+def str_join(seq: t.Iterable[t.Any]) -> str:
+    """Simple args to string conversion and concatenation."""
+    return concat(map(str, seq))
+
+
+def new_context(
+    environment: "Environment",
+    template_name: t.Optional[str],
+    blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+    vars: t.Optional[t.Dict[str, t.Any]] = None,
+    shared: bool = False,
+    globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    locals: t.Optional[t.Mapping[str, t.Any]] = None,
+) -> "Context":
+    """Internal helper for context creation."""
+    if vars is None:
+        vars = {}
+    if shared:
+        parent = vars
+    else:
+        parent = dict(globals or (), **vars)
+    if locals:
+        # if the parent is shared a copy should be created because
+        # we don't want to modify the dict passed
+        if shared:
+            parent = dict(parent)
+        for key, value in locals.items():
+            if value is not missing:
+                parent[key] = value
+    return environment.context_class(
+        environment, parent, template_name, blocks, globals=globals
+    )
+
+
+class TemplateReference:
+    """The `self` in templates."""
+
+    def __init__(self, context: "Context") -> None:
+        self.__context = context
+
+    def __getitem__(self, name: str) -> t.Any:
+        blocks = self.__context.blocks[name]
+        return BlockReference(name, self.__context, blocks, 0)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.__context.name!r}>"
+
+
+def _dict_method_all(dict_method: F) -> F:
+    @functools.wraps(dict_method)
+    def f_all(self: "Context") -> t.Any:
+        return dict_method(self.get_all())
+
+    return t.cast(F, f_all)
+
+
+@abc.Mapping.register
+class Context:
+    """The template context holds the variables of a template.  It stores the
+    values passed to the template and also the names the template exports.
+    Creating instances is neither supported nor useful as it's created
+    automatically at various stages of the template evaluation and should not
+    be created by hand.
+
+    The context is immutable.  Modifications on :attr:`parent` **must not**
+    happen and modifications on :attr:`vars` are allowed from generated
+    template code only.  Template filters and global functions marked as
+    :func:`pass_context` get the active context passed as first argument
+    and are allowed to access the context read-only.
+
+    The template context supports read only dict operations (`get`,
+    `keys`, `values`, `items`, `iterkeys`, `itervalues`, `iteritems`,
+    `__getitem__`, `__contains__`).  Additionally there is a :meth:`resolve`
+    method that doesn't fail with a `KeyError` but returns an
+    :class:`Undefined` object for missing variables.
+    """
+
+    def __init__(
+        self,
+        environment: "Environment",
+        parent: t.Dict[str, t.Any],
+        name: t.Optional[str],
+        blocks: t.Dict[str, t.Callable[["Context"], t.Iterator[str]]],
+        globals: t.Optional[t.MutableMapping[str, t.Any]] = None,
+    ):
+        self.parent = parent
+        self.vars: t.Dict[str, t.Any] = {}
+        self.environment: "Environment" = environment
+        self.eval_ctx = EvalContext(self.environment, name)
+        self.exported_vars: t.Set[str] = set()
+        self.name = name
+        self.globals_keys = set() if globals is None else set(globals)
+
+        # create the initial mapping of blocks.  Whenever template inheritance
+        # takes place the runtime will update this mapping with the new blocks
+        # from the template.
+        self.blocks = {k: [v] for k, v in blocks.items()}
+
+    def super(
+        self, name: str, current: t.Callable[["Context"], t.Iterator[str]]
+    ) -> t.Union["BlockReference", "Undefined"]:
+        """Render a parent block."""
+        try:
+            blocks = self.blocks[name]
+            index = blocks.index(current) + 1
+            blocks[index]
+        except LookupError:
+            return self.environment.undefined(
+                f"there is no parent block called {name!r}.", name="super"
+            )
+        return BlockReference(name, self, blocks, index)
+
+    def get(self, key: str, default: t.Any = None) -> t.Any:
+        """Look up a variable by name, or return a default if the key is
+        not found.
+
+        :param key: The variable name to look up.
+        :param default: The value to return if the key is not found.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def resolve(self, key: str) -> t.Union[t.Any, "Undefined"]:
+        """Look up a variable by name, or return an :class:`Undefined`
+        object if the key is not found.
+
+        If you need to add custom behavior, override
+        :meth:`resolve_or_missing`, not this method. The various lookup
+        functions use that method, not this one.
+
+        :param key: The variable name to look up.
+        """
+        rv = self.resolve_or_missing(key)
+
+        if rv is missing:
+            return self.environment.undefined(name=key)
+
+        return rv
+
+    def resolve_or_missing(self, key: str) -> t.Any:
+        """Look up a variable by name, or return a ``missing`` sentinel
+        if the key is not found.
+
+        Override this method to add custom lookup behavior.
+        :meth:`resolve`, :meth:`get`, and :meth:`__getitem__` use this
+        method. Don't call this method directly.
+
+        :param key: The variable name to look up.
+        """
+        if key in self.vars:
+            return self.vars[key]
+
+        if key in self.parent:
+            return self.parent[key]
+
+        return missing
+
+    def get_exported(self) -> t.Dict[str, t.Any]:
+        """Get a new dict with the exported variables."""
+        return {k: self.vars[k] for k in self.exported_vars}
+
+    def get_all(self) -> t.Dict[str, t.Any]:
+        """Return the complete context as dict including the exported
+        variables.  For optimizations reasons this might not return an
+        actual copy so be careful with using it.
+        """
+        if not self.vars:
+            return self.parent
+        if not self.parent:
+            return self.vars
+        return dict(self.parent, **self.vars)
+
+    @internalcode
+    def call(
+        __self,
+        __obj: t.Callable[..., t.Any],
+        *args: t.Any,
+        **kwargs: t.Any,  # noqa: B902
+    ) -> t.Union[t.Any, "Undefined"]:
+        """Call the callable with the arguments and keyword arguments
+        provided but inject the active context or environment as first
+        argument if the callable has :func:`pass_context` or
+        :func:`pass_environment`.
+        """
+        if __debug__:
+            __traceback_hide__ = True  # noqa
+
+        # Allow callable classes to take a context
+        if (
+            hasattr(__obj, "__call__")  # noqa: B004
+            and _PassArg.from_obj(__obj.__call__) is not None
+        ):
+            __obj = __obj.__call__
+
+        pass_arg = _PassArg.from_obj(__obj)
+
+        if pass_arg is _PassArg.context:
+            # the active context should have access to variables set in
+            # loops and blocks without mutating the context itself
+            if kwargs.get("_loop_vars"):
+                __self = __self.derived(kwargs["_loop_vars"])
+            if kwargs.get("_block_vars"):
+                __self = __self.derived(kwargs["_block_vars"])
+            args = (__self,) + args
+        elif pass_arg is _PassArg.eval_context:
+            args = (__self.eval_ctx,) + args
+        elif pass_arg is _PassArg.environment:
+            args = (__self.environment,) + args
+
+        kwargs.pop("_block_vars", None)
+        kwargs.pop("_loop_vars", None)
+
+        try:
+            return __obj(*args, **kwargs)
+        except StopIteration:
+            return __self.environment.undefined(
+                "value was undefined because a callable raised a"
+                " StopIteration exception"
+            )
+
+    def derived(self, locals: t.Optional[t.Dict[str, t.Any]] = None) -> "Context":
+        """Internal helper function to create a derived context.  This is
+        used in situations where the system needs a new context in the same
+        template that is independent.
+        """
+        context = new_context(
+            self.environment, self.name, {}, self.get_all(), True, None, locals
+        )
+        context.eval_ctx = self.eval_ctx
+        context.blocks.update((k, list(v)) for k, v in self.blocks.items())
+        return context
+
+    keys = _dict_method_all(dict.keys)
+    values = _dict_method_all(dict.values)
+    items = _dict_method_all(dict.items)
+
+    def __contains__(self, name: str) -> bool:
+        return name in self.vars or name in self.parent
+
+    def __getitem__(self, key: str) -> t.Any:
+        """Look up a variable by name with ``[]`` syntax, or raise a
+        ``KeyError`` if the key is not found.
+        """
+        item = self.resolve_or_missing(key)
+
+        if item is missing:
+            raise KeyError(key)
+
+        return item
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.get_all()!r} of {self.name!r}>"
+
+
+class BlockReference:
+    """One block on a template reference."""
+
+    def __init__(
+        self,
+        name: str,
+        context: "Context",
+        stack: t.List[t.Callable[["Context"], t.Iterator[str]]],
+        depth: int,
+    ) -> None:
+        self.name = name
+        self._context = context
+        self._stack = stack
+        self._depth = depth
+
+    @property
+    def super(self) -> t.Union["BlockReference", "Undefined"]:
+        """Super the block."""
+        if self._depth + 1 >= len(self._stack):
+            return self._context.environment.undefined(
+                f"there is no parent block called {self.name!r}.", name="super"
+            )
+        return BlockReference(self.name, self._context, self._stack, self._depth + 1)
+
+    @internalcode
+    async def _async_call(self) -> str:
+        rv = concat(
+            [x async for x in self._stack[self._depth](self._context)]  # type: ignore
+        )
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+    @internalcode
+    def __call__(self) -> str:
+        if self._context.environment.is_async:
+            return self._async_call()  # type: ignore
+
+        rv = concat(self._stack[self._depth](self._context))
+
+        if self._context.eval_ctx.autoescape:
+            return Markup(rv)
+
+        return rv
+
+
+class LoopContext:
+    """A wrapper iterable for dynamic ``for`` loops, with information
+    about the loop and iteration.
+    """
+
+    #: Current iteration of the loop, starting at 0.
+    index0 = -1
+
+    _length: t.Optional[int] = None
+    _after: t.Any = missing
+    _current: t.Any = missing
+    _before: t.Any = missing
+    _last_changed_value: t.Any = missing
+
+    def __init__(
+        self,
+        iterable: t.Iterable[V],
+        undefined: t.Type["Undefined"],
+        recurse: t.Optional["LoopRenderFunc"] = None,
+        depth0: int = 0,
+    ) -> None:
+        """
+        :param iterable: Iterable to wrap.
+        :param undefined: :class:`Undefined` class to use for next and
+            previous items.
+        :param recurse: The function to render the loop body when the
+            loop is marked recursive.
+        :param depth0: Incremented when looping recursively.
+        """
+        self._iterable = iterable
+        self._iterator = self._to_iterator(iterable)
+        self._undefined = undefined
+        self._recurse = recurse
+        #: How many levels deep a recursive loop currently is, starting at 0.
+        self.depth0 = depth0
+
+    @staticmethod
+    def _to_iterator(iterable: t.Iterable[V]) -> t.Iterator[V]:
+        return iter(iterable)
+
+    @property
+    def length(self) -> int:
+        """Length of the iterable.
+
+        If the iterable is a generator or otherwise does not have a
+        size, it is eagerly evaluated to get a size.
+        """
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = list(self._iterator)
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    def __len__(self) -> int:
+        return self.length
+
+    @property
+    def depth(self) -> int:
+        """How many levels deep a recursive loop currently is, starting at 1."""
+        return self.depth0 + 1
+
+    @property
+    def index(self) -> int:
+        """Current iteration of the loop, starting at 1."""
+        return self.index0 + 1
+
+    @property
+    def revindex0(self) -> int:
+        """Number of iterations from the end of the loop, ending at 0.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index
+
+    @property
+    def revindex(self) -> int:
+        """Number of iterations from the end of the loop, ending at 1.
+
+        Requires calculating :attr:`length`.
+        """
+        return self.length - self.index0
+
+    @property
+    def first(self) -> bool:
+        """Whether this is the first iteration of the loop."""
+        return self.index0 == 0
+
+    def _peek_next(self) -> t.Any:
+        """Return the next element in the iterable, or :data:`missing`
+        if the iterable is exhausted. Only peeks one item ahead, caching
+        the result in :attr:`_last` for use in subsequent checks. The
+        cache is reset when :meth:`__next__` is called.
+        """
+        if self._after is not missing:
+            return self._after
+
+        self._after = next(self._iterator, missing)
+        return self._after
+
+    @property
+    def last(self) -> bool:
+        """Whether this is the last iteration of the loop.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`groupby` filter avoids that issue.
+        """
+        return self._peek_next() is missing
+
+    @property
+    def previtem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the previous iteration. Undefined during the
+        first iteration.
+        """
+        if self.first:
+            return self._undefined("there is no previous item")
+
+        return self._before
+
+    @property
+    def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        """The item in the next iteration. Undefined during the last
+        iteration.
+
+        Causes the iterable to advance early. See
+        :func:`itertools.groupby` for issues this can cause.
+        The :func:`jinja-filters.groupby` filter avoids that issue.
+        """
+        rv = self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def cycle(self, *args: V) -> V:
+        """Return a value from the given args, cycling through based on
+        the current :attr:`index0`.
+
+        :param args: One or more values to cycle through.
+        """
+        if not args:
+            raise TypeError("no items for cycling given")
+
+        return args[self.index0 % len(args)]
+
+    def changed(self, *value: t.Any) -> bool:
+        """Return ``True`` if previously called with a different value
+        (including when called for the first time).
+
+        :param value: One or more values to compare to the last call.
+        """
+        if self._last_changed_value != value:
+            self._last_changed_value = value
+            return True
+
+        return False
+
+    def __iter__(self) -> "LoopContext":
+        return self
+
+    def __next__(self) -> t.Tuple[t.Any, "LoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = next(self._iterator)
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+    @internalcode
+    def __call__(self, iterable: t.Iterable[V]) -> str:
+        """When iterating over nested data, render the body of the loop
+        recursively with the given inner iterable data.
+
+        The loop must have the ``recursive`` marker for this to work.
+        """
+        if self._recurse is None:
+            raise TypeError(
+                "The loop must have the 'recursive' marker to be called recursively."
+            )
+
+        return self._recurse(iterable, self._recurse, depth=self.depth)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self.index}/{self.length}>"
+
+
+class AsyncLoopContext(LoopContext):
+    _iterator: t.AsyncIterator[t.Any]  # type: ignore
+
+    @staticmethod
+    def _to_iterator(  # type: ignore
+        iterable: t.Union[t.Iterable[V], t.AsyncIterable[V]],
+    ) -> t.AsyncIterator[V]:
+        return auto_aiter(iterable)
+
+    @property
+    async def length(self) -> int:  # type: ignore
+        if self._length is not None:
+            return self._length
+
+        try:
+            self._length = len(self._iterable)  # type: ignore
+        except TypeError:
+            iterable = [x async for x in self._iterator]
+            self._iterator = self._to_iterator(iterable)
+            self._length = len(iterable) + self.index + (self._after is not missing)
+
+        return self._length
+
+    @property
+    async def revindex0(self) -> int:  # type: ignore
+        return await self.length - self.index
+
+    @property
+    async def revindex(self) -> int:  # type: ignore
+        return await self.length - self.index0
+
+    async def _peek_next(self) -> t.Any:
+        if self._after is not missing:
+            return self._after
+
+        try:
+            self._after = await self._iterator.__anext__()
+        except StopAsyncIteration:
+            self._after = missing
+
+        return self._after
+
+    @property
+    async def last(self) -> bool:  # type: ignore
+        return await self._peek_next() is missing
+
+    @property
+    async def nextitem(self) -> t.Union[t.Any, "Undefined"]:
+        rv = await self._peek_next()
+
+        if rv is missing:
+            return self._undefined("there is no next item")
+
+        return rv
+
+    def __aiter__(self) -> "AsyncLoopContext":
+        return self
+
+    async def __anext__(self) -> t.Tuple[t.Any, "AsyncLoopContext"]:
+        if self._after is not missing:
+            rv = self._after
+            self._after = missing
+        else:
+            rv = await self._iterator.__anext__()
+
+        self.index0 += 1
+        self._before = self._current
+        self._current = rv
+        return rv, self
+
+
+class Macro:
+    """Wraps a macro function."""
+
+    def __init__(
+        self,
+        environment: "Environment",
+        func: t.Callable[..., str],
+        name: str,
+        arguments: t.List[str],
+        catch_kwargs: bool,
+        catch_varargs: bool,
+        caller: bool,
+        default_autoescape: t.Optional[bool] = None,
+    ):
+        self._environment = environment
+        self._func = func
+        self._argument_count = len(arguments)
+        self.name = name
+        self.arguments = arguments
+        self.catch_kwargs = catch_kwargs
+        self.catch_varargs = catch_varargs
+        self.caller = caller
+        self.explicit_caller = "caller" in arguments
+
+        if default_autoescape is None:
+            if callable(environment.autoescape):
+                default_autoescape = environment.autoescape(None)
+            else:
+                default_autoescape = environment.autoescape
+
+        self._default_autoescape = default_autoescape
+
+    @internalcode
+    @pass_eval_context
+    def __call__(self, *args: t.Any, **kwargs: t.Any) -> str:
+        # This requires a bit of explanation,  In the past we used to
+        # decide largely based on compile-time information if a macro is
+        # safe or unsafe.  While there was a volatile mode it was largely
+        # unused for deciding on escaping.  This turns out to be
+        # problematic for macros because whether a macro is safe depends not
+        # on the escape mode when it was defined, but rather when it was used.
+        #
+        # Because however we export macros from the module system and
+        # there are historic callers that do not pass an eval context (and
+        # will continue to not pass one), we need to perform an instance
+        # check here.
+        #
+        # This is considered safe because an eval context is not a valid
+        # argument to callables otherwise anyway.  Worst case here is
+        # that if no eval context is passed we fall back to the compile
+        # time autoescape flag.
+        if args and isinstance(args[0], EvalContext):
+            autoescape = args[0].autoescape
+            args = args[1:]
+        else:
+            autoescape = self._default_autoescape
+
+        # try to consume the positional arguments
+        arguments = list(args[: self._argument_count])
+        off = len(arguments)
+
+        # For information why this is necessary refer to the handling
+        # of caller in the `macro_body` handler in the compiler.
+        found_caller = False
+
+        # if the number of arguments consumed is not the number of
+        # arguments expected we start filling in keyword arguments
+        # and defaults.
+        if off != self._argument_count:
+            for name in self.arguments[len(arguments) :]:
+                try:
+                    value = kwargs.pop(name)
+                except KeyError:
+                    value = missing
+                if name == "caller":
+                    found_caller = True
+                arguments.append(value)
+        else:
+            found_caller = self.explicit_caller
+
+        # it's important that the order of these arguments does not change
+        # if not also changed in the compiler's `function_scoping` method.
+        # the order is caller, keyword arguments, positional arguments!
+        if self.caller and not found_caller:
+            caller = kwargs.pop("caller", None)
+            if caller is None:
+                caller = self._environment.undefined("No caller defined", name="caller")
+            arguments.append(caller)
+
+        if self.catch_kwargs:
+            arguments.append(kwargs)
+        elif kwargs:
+            if "caller" in kwargs:
+                raise TypeError(
+                    f"macro {self.name!r} was invoked with two values for the special"
+                    " caller argument. This is most likely a bug."
+                )
+            raise TypeError(
+                f"macro {self.name!r} takes no keyword argument {next(iter(kwargs))!r}"
+            )
+        if self.catch_varargs:
+            arguments.append(args[self._argument_count :])
+        elif len(args) > self._argument_count:
+            raise TypeError(
+                f"macro {self.name!r} takes not more than"
+                f" {len(self.arguments)} argument(s)"
+            )
+
+        return self._invoke(arguments, autoescape)
+
+    async def _async_invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        rv = await self._func(*arguments)  # type: ignore
+
+        if autoescape:
+            return Markup(rv)
+
+        return rv  # type: ignore
+
+    def _invoke(self, arguments: t.List[t.Any], autoescape: bool) -> str:
+        if self._environment.is_async:
+            return self._async_invoke(arguments, autoescape)  # type: ignore
+
+        rv = self._func(*arguments)
+
+        if autoescape:
+            rv = Markup(rv)
+
+        return rv
+
+    def __repr__(self) -> str:
+        name = "anonymous" if self.name is None else repr(self.name)
+        return f"<{type(self).__name__} {name}>"
+
+
+class Undefined:
+    """The default undefined type.  This undefined type can be printed and
+    iterated over, but every other access will raise an :exc:`UndefinedError`:
+
+    >>> foo = Undefined(name='foo')
+    >>> str(foo)
+    ''
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = (
+        "_undefined_hint",
+        "_undefined_obj",
+        "_undefined_name",
+        "_undefined_exception",
+    )
+
+    def __init__(
+        self,
+        hint: t.Optional[str] = None,
+        obj: t.Any = missing,
+        name: t.Optional[str] = None,
+        exc: t.Type[TemplateRuntimeError] = UndefinedError,
+    ) -> None:
+        self._undefined_hint = hint
+        self._undefined_obj = obj
+        self._undefined_name = name
+        self._undefined_exception = exc
+
+    @property
+    def _undefined_message(self) -> str:
+        """Build a message about the undefined value based on how it was
+        accessed.
+        """
+        if self._undefined_hint:
+            return self._undefined_hint
+
+        if self._undefined_obj is missing:
+            return f"{self._undefined_name!r} is undefined"
+
+        if not isinstance(self._undefined_name, str):
+            return (
+                f"{object_type_repr(self._undefined_obj)} has no"
+                f" element {self._undefined_name!r}"
+            )
+
+        return (
+            f"{object_type_repr(self._undefined_obj)!r} has no"
+            f" attribute {self._undefined_name!r}"
+        )
+
+    @internalcode
+    def _fail_with_undefined_error(
+        self, *args: t.Any, **kwargs: t.Any
+    ) -> "te.NoReturn":
+        """Raise an :exc:`UndefinedError` when operations are performed
+        on the undefined value.
+        """
+        raise self._undefined_exception(self._undefined_message)
+
+    @internalcode
+    def __getattr__(self, name: str) -> t.Any:
+        if name[:2] == "__":
+            raise AttributeError(name)
+
+        return self._fail_with_undefined_error()
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _fail_with_undefined_error
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _fail_with_undefined_error
+    __truediv__ = __rtruediv__ = _fail_with_undefined_error
+    __floordiv__ = __rfloordiv__ = _fail_with_undefined_error
+    __mod__ = __rmod__ = _fail_with_undefined_error
+    __pos__ = __neg__ = _fail_with_undefined_error
+    __call__ = __getitem__ = _fail_with_undefined_error
+    __lt__ = __le__ = __gt__ = __ge__ = _fail_with_undefined_error
+    __int__ = __float__ = __complex__ = _fail_with_undefined_error
+    __pow__ = __rpow__ = _fail_with_undefined_error
+
+    def __eq__(self, other: t.Any) -> bool:
+        return type(self) is type(other)
+
+    def __ne__(self, other: t.Any) -> bool:
+        return not self.__eq__(other)
+
+    def __hash__(self) -> int:
+        return id(type(self))
+
+    def __str__(self) -> str:
+        return ""
+
+    def __len__(self) -> int:
+        return 0
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        yield from ()
+
+    async def __aiter__(self) -> t.AsyncIterator[t.Any]:
+        for _ in ():
+            yield
+
+    def __bool__(self) -> bool:
+        return False
+
+    def __repr__(self) -> str:
+        return "Undefined"
+
+
+def make_logging_undefined(
+    logger: t.Optional["logging.Logger"] = None, base: t.Type[Undefined] = Undefined
+) -> t.Type[Undefined]:
+    """Given a logger object this returns a new undefined class that will
+    log certain failures.  It will log iterations and printing.  If no
+    logger is given a default logger is created.
+
+    Example::
+
+        logger = logging.getLogger(__name__)
+        LoggingUndefined = make_logging_undefined(
+            logger=logger,
+            base=Undefined
+        )
+
+    .. versionadded:: 2.8
+
+    :param logger: the logger to use.  If not provided, a default logger
+                   is created.
+    :param base: the base class to add logging functionality to.  This
+                 defaults to :class:`Undefined`.
+    """
+    if logger is None:
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.addHandler(logging.StreamHandler(sys.stderr))
+
+    def _log_message(undef: Undefined) -> None:
+        logger.warning("Template variable warning: %s", undef._undefined_message)
+
+    class LoggingUndefined(base):  # type: ignore
+        __slots__ = ()
+
+        def _fail_with_undefined_error(  # type: ignore
+            self, *args: t.Any, **kwargs: t.Any
+        ) -> "te.NoReturn":
+            try:
+                super()._fail_with_undefined_error(*args, **kwargs)
+            except self._undefined_exception as e:
+                logger.error("Template variable error: %s", e)  # type: ignore
+                raise e
+
+        def __str__(self) -> str:
+            _log_message(self)
+            return super().__str__()  # type: ignore
+
+        def __iter__(self) -> t.Iterator[t.Any]:
+            _log_message(self)
+            return super().__iter__()  # type: ignore
+
+        def __bool__(self) -> bool:
+            _log_message(self)
+            return super().__bool__()  # type: ignore
+
+    return LoggingUndefined
+
+
+class ChainableUndefined(Undefined):
+    """An undefined that is chainable, where both ``__getattr__`` and
+    ``__getitem__`` return itself rather than raising an
+    :exc:`UndefinedError`.
+
+    >>> foo = ChainableUndefined(name='foo')
+    >>> str(foo.bar['baz'])
+    ''
+    >>> foo.bar['baz'] + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+
+    .. versionadded:: 2.11.0
+    """
+
+    __slots__ = ()
+
+    def __html__(self) -> str:
+        return str(self)
+
+    def __getattr__(self, _: str) -> "ChainableUndefined":
+        return self
+
+    __getitem__ = __getattr__  # type: ignore
+
+
+class DebugUndefined(Undefined):
+    """An undefined that returns the debug info when printed.
+
+    >>> foo = DebugUndefined(name='foo')
+    >>> str(foo)
+    '{{ foo }}'
+    >>> not foo
+    True
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+
+    def __str__(self) -> str:
+        if self._undefined_hint:
+            message = f"undefined value printed: {self._undefined_hint}"
+
+        elif self._undefined_obj is missing:
+            message = self._undefined_name  # type: ignore
+
+        else:
+            message = (
+                f"no such element: {object_type_repr(self._undefined_obj)}"
+                f"[{self._undefined_name!r}]"
+            )
+
+        return f"{{{{ {message} }}}}"
+
+
+class StrictUndefined(Undefined):
+    """An undefined that barks on print and iteration as well as boolean
+    tests and all kinds of comparisons.  In other words: you can do nothing
+    with it except checking if it's defined using the `defined` test.
+
+    >>> foo = StrictUndefined(name='foo')
+    >>> str(foo)
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> not foo
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    >>> foo + 42
+    Traceback (most recent call last):
+      ...
+    jinja2.exceptions.UndefinedError: 'foo' is undefined
+    """
+
+    __slots__ = ()
+    __iter__ = __str__ = __len__ = Undefined._fail_with_undefined_error
+    __eq__ = __ne__ = __bool__ = __hash__ = Undefined._fail_with_undefined_error
+    __contains__ = Undefined._fail_with_undefined_error
+
+
+# Remove slots attributes, after the metaclass is applied they are
+# unneeded and contain wrong data for subclasses.
+del (
+    Undefined.__slots__,
+    ChainableUndefined.__slots__,
+    DebugUndefined.__slots__,
+    StrictUndefined.__slots__,
+)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/sandbox.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/sandbox.py
new file mode 100644
index 000000000..0b4fc12d3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/sandbox.py
@@ -0,0 +1,429 @@
+"""A sandbox layer that ensures unsafe operations cannot be performed.
+Useful when the template itself comes from an untrusted source.
+"""
+
+import operator
+import types
+import typing as t
+from collections import abc
+from collections import deque
+from string import Formatter
+
+from _string import formatter_field_name_split  # type: ignore
+from markupsafe import EscapeFormatter
+from markupsafe import Markup
+
+from .environment import Environment
+from .exceptions import SecurityError
+from .runtime import Context
+from .runtime import Undefined
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+#: maximum number of items a range may produce
+MAX_RANGE = 100000
+
+#: Unsafe function attributes.
+UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = set()
+
+#: Unsafe method attributes. Function attributes are unsafe for methods too.
+UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = set()
+
+#: unsafe generator attributes.
+UNSAFE_GENERATOR_ATTRIBUTES = {"gi_frame", "gi_code"}
+
+#: unsafe attributes on coroutines
+UNSAFE_COROUTINE_ATTRIBUTES = {"cr_frame", "cr_code"}
+
+#: unsafe attributes on async generators
+UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = {"ag_code", "ag_frame"}
+
+_mutable_spec: t.Tuple[t.Tuple[t.Type[t.Any], t.FrozenSet[str]], ...] = (
+    (
+        abc.MutableSet,
+        frozenset(
+            [
+                "add",
+                "clear",
+                "difference_update",
+                "discard",
+                "pop",
+                "remove",
+                "symmetric_difference_update",
+                "update",
+            ]
+        ),
+    ),
+    (
+        abc.MutableMapping,
+        frozenset(["clear", "pop", "popitem", "setdefault", "update"]),
+    ),
+    (
+        abc.MutableSequence,
+        frozenset(["append", "reverse", "insert", "sort", "extend", "remove"]),
+    ),
+    (
+        deque,
+        frozenset(
+            [
+                "append",
+                "appendleft",
+                "clear",
+                "extend",
+                "extendleft",
+                "pop",
+                "popleft",
+                "remove",
+                "rotate",
+            ]
+        ),
+    ),
+)
+
+
+def inspect_format_method(callable: t.Callable[..., t.Any]) -> t.Optional[str]:
+    if not isinstance(
+        callable, (types.MethodType, types.BuiltinMethodType)
+    ) or callable.__name__ not in ("format", "format_map"):
+        return None
+
+    obj = callable.__self__
+
+    if isinstance(obj, str):
+        return obj
+
+    return None
+
+
+def safe_range(*args: int) -> range:
+    """A range that can't generate ranges with a length of more than
+    MAX_RANGE items.
+    """
+    rng = range(*args)
+
+    if len(rng) > MAX_RANGE:
+        raise OverflowError(
+            "Range too big. The sandbox blocks ranges larger than"
+            f" MAX_RANGE ({MAX_RANGE})."
+        )
+
+    return rng
+
+
+def unsafe(f: F) -> F:
+    """Marks a function or method as unsafe.
+
+    .. code-block: python
+
+        @unsafe
+        def delete(self):
+            pass
+    """
+    f.unsafe_callable = True  # type: ignore
+    return f
+
+
+def is_internal_attribute(obj: t.Any, attr: str) -> bool:
+    """Test if the attribute given is an internal python attribute.  For
+    example this function returns `True` for the `func_code` attribute of
+    python objects.  This is useful if the environment method
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
+
+    >>> from jinja2.sandbox import is_internal_attribute
+    >>> is_internal_attribute(str, "mro")
+    True
+    >>> is_internal_attribute(str, "upper")
+    False
+    """
+    if isinstance(obj, types.FunctionType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES:
+            return True
+    elif isinstance(obj, types.MethodType):
+        if attr in UNSAFE_FUNCTION_ATTRIBUTES or attr in UNSAFE_METHOD_ATTRIBUTES:
+            return True
+    elif isinstance(obj, type):
+        if attr == "mro":
+            return True
+    elif isinstance(obj, (types.CodeType, types.TracebackType, types.FrameType)):
+        return True
+    elif isinstance(obj, types.GeneratorType):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+            return True
+    elif hasattr(types, "CoroutineType") and isinstance(obj, types.CoroutineType):
+        if attr in UNSAFE_COROUTINE_ATTRIBUTES:
+            return True
+    elif hasattr(types, "AsyncGeneratorType") and isinstance(
+        obj, types.AsyncGeneratorType
+    ):
+        if attr in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
+            return True
+    return attr.startswith("__")
+
+
+def modifies_known_mutable(obj: t.Any, attr: str) -> bool:
+    """This function checks if an attribute on a builtin mutable object
+    (list, dict, set or deque) or the corresponding ABCs would modify it
+    if called.
+
+    >>> modifies_known_mutable({}, "clear")
+    True
+    >>> modifies_known_mutable({}, "keys")
+    False
+    >>> modifies_known_mutable([], "append")
+    True
+    >>> modifies_known_mutable([], "index")
+    False
+
+    If called with an unsupported object, ``False`` is returned.
+
+    >>> modifies_known_mutable("foo", "upper")
+    False
+    """
+    for typespec, unsafe in _mutable_spec:
+        if isinstance(obj, typespec):
+            return attr in unsafe
+    return False
+
+
+class SandboxedEnvironment(Environment):
+    """The sandboxed environment.  It works like the regular environment but
+    tells the compiler to generate sandboxed code.  Additionally subclasses of
+    this environment may override the methods that tell the runtime what
+    attributes or functions are safe to access.
+
+    If the template tries to access insecure code a :exc:`SecurityError` is
+    raised.  However also other exceptions may occur during the rendering so
+    the caller has to ensure that all exceptions are caught.
+    """
+
+    sandboxed = True
+
+    #: default callback table for the binary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`binop_table`
+    default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = {
+        "+": operator.add,
+        "-": operator.sub,
+        "*": operator.mul,
+        "/": operator.truediv,
+        "//": operator.floordiv,
+        "**": operator.pow,
+        "%": operator.mod,
+    }
+
+    #: default callback table for the unary operators.  A copy of this is
+    #: available on each instance of a sandboxed environment as
+    #: :attr:`unop_table`
+    default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = {
+        "+": operator.pos,
+        "-": operator.neg,
+    }
+
+    #: a set of binary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_binop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`binop_table`.
+    #:
+    #: The following binary operators are interceptable:
+    #: ``//``, ``%``, ``+``, ``*``, ``-``, ``/``, and ``**``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_binops: t.FrozenSet[str] = frozenset()
+
+    #: a set of unary operators that should be intercepted.  Each operator
+    #: that is added to this set (empty by default) is delegated to the
+    #: :meth:`call_unop` method that will perform the operator.  The default
+    #: operator callback is specified by :attr:`unop_table`.
+    #:
+    #: The following unary operators are interceptable: ``+``, ``-``
+    #:
+    #: The default operation form the operator table corresponds to the
+    #: builtin function.  Intercepted calls are always slower than the native
+    #: operator call, so make sure only to intercept the ones you are
+    #: interested in.
+    #:
+    #: .. versionadded:: 2.6
+    intercepted_unops: t.FrozenSet[str] = frozenset()
+
+    def __init__(self, *args: t.Any, **kwargs: t.Any) -> None:
+        super().__init__(*args, **kwargs)
+        self.globals["range"] = safe_range
+        self.binop_table = self.default_binop_table.copy()
+        self.unop_table = self.default_unop_table.copy()
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        """The sandboxed environment will call this method to check if the
+        attribute of an object is safe to access.  Per default all attributes
+        starting with an underscore are considered private as well as the
+        special attributes of internal python objects as returned by the
+        :func:`is_internal_attribute` function.
+        """
+        return not (attr.startswith("_") or is_internal_attribute(obj, attr))
+
+    def is_safe_callable(self, obj: t.Any) -> bool:
+        """Check if an object is safely callable. By default callables
+        are considered safe unless decorated with :func:`unsafe`.
+
+        This also recognizes the Django convention of setting
+        ``func.alters_data = True``.
+        """
+        return not (
+            getattr(obj, "unsafe_callable", False) or getattr(obj, "alters_data", False)
+        )
+
+    def call_binop(
+        self, context: Context, operator: str, left: t.Any, right: t.Any
+    ) -> t.Any:
+        """For intercepted binary operator calls (:meth:`intercepted_binops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.binop_table[operator](left, right)
+
+    def call_unop(self, context: Context, operator: str, arg: t.Any) -> t.Any:
+        """For intercepted unary operator calls (:meth:`intercepted_unops`)
+        this function is executed instead of the builtin operator.  This can
+        be used to fine tune the behavior of certain operators.
+
+        .. versionadded:: 2.6
+        """
+        return self.unop_table[operator](arg)
+
+    def getitem(
+        self, obj: t.Any, argument: t.Union[str, t.Any]
+    ) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code."""
+        try:
+            return obj[argument]
+        except (TypeError, LookupError):
+            if isinstance(argument, str):
+                try:
+                    attr = str(argument)
+                except Exception:
+                    pass
+                else:
+                    try:
+                        value = getattr(obj, attr)
+                    except AttributeError:
+                        pass
+                    else:
+                        if self.is_safe_attribute(obj, argument, value):
+                            return value
+                        return self.unsafe_undefined(obj, argument)
+        return self.undefined(obj=obj, name=argument)
+
+    def getattr(self, obj: t.Any, attribute: str) -> t.Union[t.Any, Undefined]:
+        """Subscribe an object from sandboxed code and prefer the
+        attribute.  The attribute passed *must* be a bytestring.
+        """
+        try:
+            value = getattr(obj, attribute)
+        except AttributeError:
+            try:
+                return obj[attribute]
+            except (TypeError, LookupError):
+                pass
+        else:
+            if self.is_safe_attribute(obj, attribute, value):
+                return value
+            return self.unsafe_undefined(obj, attribute)
+        return self.undefined(obj=obj, name=attribute)
+
+    def unsafe_undefined(self, obj: t.Any, attribute: str) -> Undefined:
+        """Return an undefined object for unsafe attributes."""
+        return self.undefined(
+            f"access to attribute {attribute!r} of"
+            f" {type(obj).__name__!r} object is unsafe.",
+            name=attribute,
+            obj=obj,
+            exc=SecurityError,
+        )
+
+    def format_string(
+        self,
+        s: str,
+        args: t.Tuple[t.Any, ...],
+        kwargs: t.Dict[str, t.Any],
+        format_func: t.Optional[t.Callable[..., t.Any]] = None,
+    ) -> str:
+        """If a format call is detected, then this is routed through this
+        method so that our safety sandbox can be used for it.
+        """
+        formatter: SandboxedFormatter
+        if isinstance(s, Markup):
+            formatter = SandboxedEscapeFormatter(self, escape=s.escape)
+        else:
+            formatter = SandboxedFormatter(self)
+
+        if format_func is not None and format_func.__name__ == "format_map":
+            if len(args) != 1 or kwargs:
+                raise TypeError(
+                    "format_map() takes exactly one argument"
+                    f" {len(args) + (kwargs is not None)} given"
+                )
+
+            kwargs = args[0]
+            args = ()
+
+        rv = formatter.vformat(s, args, kwargs)
+        return type(s)(rv)
+
+    def call(
+        __self,  # noqa: B902
+        __context: Context,
+        __obj: t.Any,
+        *args: t.Any,
+        **kwargs: t.Any,
+    ) -> t.Any:
+        """Call an object from sandboxed code."""
+        fmt = inspect_format_method(__obj)
+        if fmt is not None:
+            return __self.format_string(fmt, args, kwargs, __obj)
+
+        # the double prefixes are to avoid double keyword argument
+        # errors when proxying the call.
+        if not __self.is_safe_callable(__obj):
+            raise SecurityError(f"{__obj!r} is not safely callable")
+        return __context.call(__obj, *args, **kwargs)
+
+
+class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+    """Works exactly like the regular `SandboxedEnvironment` but does not
+    permit modifications on the builtin mutable objects `list`, `set`, and
+    `dict` by using the :func:`modifies_known_mutable` function.
+    """
+
+    def is_safe_attribute(self, obj: t.Any, attr: str, value: t.Any) -> bool:
+        if not super().is_safe_attribute(obj, attr, value):
+            return False
+
+        return not modifies_known_mutable(obj, attr)
+
+
+class SandboxedFormatter(Formatter):
+    def __init__(self, env: Environment, **kwargs: t.Any) -> None:
+        self._env = env
+        super().__init__(**kwargs)
+
+    def get_field(
+        self, field_name: str, args: t.Sequence[t.Any], kwargs: t.Mapping[str, t.Any]
+    ) -> t.Tuple[t.Any, str]:
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+
+class SandboxedEscapeFormatter(SandboxedFormatter, EscapeFormatter):
+    pass
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/tests.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/tests.py
new file mode 100644
index 000000000..1a59e3703
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/tests.py
@@ -0,0 +1,256 @@
+"""Built-in template tests used with the ``is`` operator."""
+
+import operator
+import typing as t
+from collections import abc
+from numbers import Number
+
+from .runtime import Undefined
+from .utils import pass_environment
+
+if t.TYPE_CHECKING:
+    from .environment import Environment
+
+
+def test_odd(value: int) -> bool:
+    """Return true if the variable is odd."""
+    return value % 2 == 1
+
+
+def test_even(value: int) -> bool:
+    """Return true if the variable is even."""
+    return value % 2 == 0
+
+
+def test_divisibleby(value: int, num: int) -> bool:
+    """Check if a variable is divisible by a number."""
+    return value % num == 0
+
+
+def test_defined(value: t.Any) -> bool:
+    """Return true if the variable is defined:
+
+    .. sourcecode:: jinja
+
+        {% if variable is defined %}
+            value of variable: {{ variable }}
+        {% else %}
+            variable is not defined
+        {% endif %}
+
+    See the :func:`default` filter for a simple way to set undefined
+    variables.
+    """
+    return not isinstance(value, Undefined)
+
+
+def test_undefined(value: t.Any) -> bool:
+    """Like :func:`defined` but the other way round."""
+    return isinstance(value, Undefined)
+
+
+@pass_environment
+def test_filter(env: "Environment", value: str) -> bool:
+    """Check if a filter exists by name. Useful if a filter may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'markdown' is filter %}
+            {{ value | markdown }}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.filters
+
+
+@pass_environment
+def test_test(env: "Environment", value: str) -> bool:
+    """Check if a test exists by name. Useful if a test may be
+    optionally available.
+
+    .. code-block:: jinja
+
+        {% if 'loud' is test %}
+            {% if value is loud %}
+                {{ value|upper }}
+            {% else %}
+                {{ value|lower }}
+            {% endif %}
+        {% else %}
+            {{ value }}
+        {% endif %}
+
+    .. versionadded:: 3.0
+    """
+    return value in env.tests
+
+
+def test_none(value: t.Any) -> bool:
+    """Return true if the variable is none."""
+    return value is None
+
+
+def test_boolean(value: t.Any) -> bool:
+    """Return true if the object is a boolean value.
+
+    .. versionadded:: 2.11
+    """
+    return value is True or value is False
+
+
+def test_false(value: t.Any) -> bool:
+    """Return true if the object is False.
+
+    .. versionadded:: 2.11
+    """
+    return value is False
+
+
+def test_true(value: t.Any) -> bool:
+    """Return true if the object is True.
+
+    .. versionadded:: 2.11
+    """
+    return value is True
+
+
+# NOTE: The existing 'number' test matches booleans and floats
+def test_integer(value: t.Any) -> bool:
+    """Return true if the object is an integer.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, int) and value is not True and value is not False
+
+
+# NOTE: The existing 'number' test matches booleans and integers
+def test_float(value: t.Any) -> bool:
+    """Return true if the object is a float.
+
+    .. versionadded:: 2.11
+    """
+    return isinstance(value, float)
+
+
+def test_lower(value: str) -> bool:
+    """Return true if the variable is lowercased."""
+    return str(value).islower()
+
+
+def test_upper(value: str) -> bool:
+    """Return true if the variable is uppercased."""
+    return str(value).isupper()
+
+
+def test_string(value: t.Any) -> bool:
+    """Return true if the object is a string."""
+    return isinstance(value, str)
+
+
+def test_mapping(value: t.Any) -> bool:
+    """Return true if the object is a mapping (dict etc.).
+
+    .. versionadded:: 2.6
+    """
+    return isinstance(value, abc.Mapping)
+
+
+def test_number(value: t.Any) -> bool:
+    """Return true if the variable is a number."""
+    return isinstance(value, Number)
+
+
+def test_sequence(value: t.Any) -> bool:
+    """Return true if the variable is a sequence. Sequences are variables
+    that are iterable.
+    """
+    try:
+        len(value)
+        value.__getitem__  # noqa B018
+    except Exception:
+        return False
+
+    return True
+
+
+def test_sameas(value: t.Any, other: t.Any) -> bool:
+    """Check if an object points to the same memory address than another
+    object:
+
+    .. sourcecode:: jinja
+
+        {% if foo.attribute is sameas false %}
+            the foo attribute really is the `False` singleton
+        {% endif %}
+    """
+    return value is other
+
+
+def test_iterable(value: t.Any) -> bool:
+    """Check if it's possible to iterate over an object."""
+    try:
+        iter(value)
+    except TypeError:
+        return False
+
+    return True
+
+
+def test_escaped(value: t.Any) -> bool:
+    """Check if the value is escaped."""
+    return hasattr(value, "__html__")
+
+
+def test_in(value: t.Any, seq: t.Container[t.Any]) -> bool:
+    """Check if value is in seq.
+
+    .. versionadded:: 2.10
+    """
+    return value in seq
+
+
+TESTS = {
+    "odd": test_odd,
+    "even": test_even,
+    "divisibleby": test_divisibleby,
+    "defined": test_defined,
+    "undefined": test_undefined,
+    "filter": test_filter,
+    "test": test_test,
+    "none": test_none,
+    "boolean": test_boolean,
+    "false": test_false,
+    "true": test_true,
+    "integer": test_integer,
+    "float": test_float,
+    "lower": test_lower,
+    "upper": test_upper,
+    "string": test_string,
+    "mapping": test_mapping,
+    "number": test_number,
+    "sequence": test_sequence,
+    "iterable": test_iterable,
+    "callable": callable,
+    "sameas": test_sameas,
+    "escaped": test_escaped,
+    "in": test_in,
+    "==": operator.eq,
+    "eq": operator.eq,
+    "equalto": operator.eq,
+    "!=": operator.ne,
+    "ne": operator.ne,
+    ">": operator.gt,
+    "gt": operator.gt,
+    "greaterthan": operator.gt,
+    "ge": operator.ge,
+    ">=": operator.ge,
+    "<": operator.lt,
+    "lt": operator.lt,
+    "lessthan": operator.lt,
+    "<=": operator.le,
+    "le": operator.le,
+}
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/utils.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/utils.py
new file mode 100644
index 000000000..7fb76935a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/utils.py
@@ -0,0 +1,755 @@
+import enum
+import json
+import os
+import re
+import typing as t
+from collections import abc
+from collections import deque
+from random import choice
+from random import randrange
+from threading import Lock
+from types import CodeType
+from urllib.parse import quote_from_bytes
+
+import markupsafe
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+F = t.TypeVar("F", bound=t.Callable[..., t.Any])
+
+# special singleton representing missing values for the runtime
+missing: t.Any = type("MissingType", (), {"__repr__": lambda x: "missing"})()
+
+internal_code: t.MutableSet[CodeType] = set()
+
+concat = "".join
+
+
+def pass_context(f: F) -> F:
+    """Pass the :class:`~jinja2.runtime.Context` as the first argument
+    to the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``Context.eval_context`` is needed, use
+    :func:`pass_eval_context`. If only ``Context.environment`` is
+    needed, use :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``contextfunction`` and ``contextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.context  # type: ignore
+    return f
+
+
+def pass_eval_context(f: F) -> F:
+    """Pass the :class:`~jinja2.nodes.EvalContext` as the first argument
+    to the decorated function when called while rendering a template.
+    See :ref:`eval-context`.
+
+    Can be used on functions, filters, and tests.
+
+    If only ``EvalContext.environment`` is needed, use
+    :func:`pass_environment`.
+
+    .. versionadded:: 3.0.0
+        Replaces ``evalcontextfunction`` and ``evalcontextfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.eval_context  # type: ignore
+    return f
+
+
+def pass_environment(f: F) -> F:
+    """Pass the :class:`~jinja2.Environment` as the first argument to
+    the decorated function when called while rendering a template.
+
+    Can be used on functions, filters, and tests.
+
+    .. versionadded:: 3.0.0
+        Replaces ``environmentfunction`` and ``environmentfilter``.
+    """
+    f.jinja_pass_arg = _PassArg.environment  # type: ignore
+    return f
+
+
+class _PassArg(enum.Enum):
+    context = enum.auto()
+    eval_context = enum.auto()
+    environment = enum.auto()
+
+    @classmethod
+    def from_obj(cls, obj: F) -> t.Optional["_PassArg"]:
+        if hasattr(obj, "jinja_pass_arg"):
+            return obj.jinja_pass_arg  # type: ignore
+
+        return None
+
+
+def internalcode(f: F) -> F:
+    """Marks the function as internally used"""
+    internal_code.add(f.__code__)
+    return f
+
+
+def is_undefined(obj: t.Any) -> bool:
+    """Check if the object passed is undefined.  This does nothing more than
+    performing an instance check against :class:`Undefined` but looks nicer.
+    This can be used for custom filters or tests that want to react to
+    undefined variables.  For example a custom default filter can look like
+    this::
+
+        def default(var, default=''):
+            if is_undefined(var):
+                return default
+            return var
+    """
+    from .runtime import Undefined
+
+    return isinstance(obj, Undefined)
+
+
+def consume(iterable: t.Iterable[t.Any]) -> None:
+    """Consumes an iterable without doing anything with it."""
+    for _ in iterable:
+        pass
+
+
+def clear_caches() -> None:
+    """Jinja keeps internal caches for environments and lexers.  These are
+    used so that Jinja doesn't have to recreate environments and lexers all
+    the time.  Normally you don't have to care about that but if you are
+    measuring memory consumption you may want to clean the caches.
+    """
+    from .environment import get_spontaneous_environment
+    from .lexer import _lexer_cache
+
+    get_spontaneous_environment.cache_clear()
+    _lexer_cache.clear()
+
+
+def import_string(import_name: str, silent: bool = False) -> t.Any:
+    """Imports an object based on a string.  This is useful if you want to
+    use import paths as endpoints or something similar.  An import path can
+    be specified either in dotted notation (``xml.sax.saxutils.escape``)
+    or with a colon as object delimiter (``xml.sax.saxutils:escape``).
+
+    If the `silent` is True the return value will be `None` if the import
+    fails.
+
+    :return: imported object
+    """
+    try:
+        if ":" in import_name:
+            module, obj = import_name.split(":", 1)
+        elif "." in import_name:
+            module, _, obj = import_name.rpartition(".")
+        else:
+            return __import__(import_name)
+        return getattr(__import__(module, None, None, [obj]), obj)
+    except (ImportError, AttributeError):
+        if not silent:
+            raise
+
+
+def open_if_exists(filename: str, mode: str = "rb") -> t.Optional[t.IO[t.Any]]:
+    """Returns a file descriptor for the filename if that file exists,
+    otherwise ``None``.
+    """
+    if not os.path.isfile(filename):
+        return None
+
+    return open(filename, mode)
+
+
+def object_type_repr(obj: t.Any) -> str:
+    """Returns the name of the object's type.  For some recognized
+    singletons the name of the object is returned instead. (For
+    example for `None` and `Ellipsis`).
+    """
+    if obj is None:
+        return "None"
+    elif obj is Ellipsis:
+        return "Ellipsis"
+
+    cls = type(obj)
+
+    if cls.__module__ == "builtins":
+        return f"{cls.__name__} object"
+
+    return f"{cls.__module__}.{cls.__name__} object"
+
+
+def pformat(obj: t.Any) -> str:
+    """Format an object using :func:`pprint.pformat`."""
+    from pprint import pformat
+
+    return pformat(obj)
+
+
+_http_re = re.compile(
+    r"""
+    ^
+    (
+        (https?://|www\.)  # scheme or www
+        (([\w%-]+\.)+)?  # subdomain
+        (
+            [a-z]{2,63}  # basic tld
+        |
+            xn--[\w%]{2,59}  # idna tld
+        )
+    |
+        ([\w%-]{2,63}\.)+  # basic domain
+        (com|net|int|edu|gov|org|info|mil)  # basic tld
+    |
+        (https?://)  # scheme
+        (
+            (([\d]{1,3})(\.[\d]{1,3}){3})  # IPv4
+        |
+            (\[([\da-f]{0,4}:){2}([\da-f]{0,4}:?){1,6}])  # IPv6
+        )
+    )
+    (?::[\d]{1,5})?  # port
+    (?:[/?#]\S*)?  # path, query, and fragment
+    $
+    """,
+    re.IGNORECASE | re.VERBOSE,
+)
+_email_re = re.compile(r"^\S+@\w[\w.-]*\.\w+$")
+
+
+def urlize(
+    text: str,
+    trim_url_limit: t.Optional[int] = None,
+    rel: t.Optional[str] = None,
+    target: t.Optional[str] = None,
+    extra_schemes: t.Optional[t.Iterable[str]] = None,
+) -> str:
+    """Convert URLs in text into clickable links.
+
+    This may not recognize links in some situations. Usually, a more
+    comprehensive formatter, such as a Markdown library, is a better
+    choice.
+
+    Works on ``http://``, ``https://``, ``www.``, ``mailto:``, and email
+    addresses. Links with trailing punctuation (periods, commas, closing
+    parentheses) and leading punctuation (opening parentheses) are
+    recognized excluding the punctuation. Email addresses that include
+    header fields are not recognized (for example,
+    ``mailto:address@example.com?cc=copy@example.com``).
+
+    :param text: Original text containing URLs to link.
+    :param trim_url_limit: Shorten displayed URL values to this length.
+    :param target: Add the ``target`` attribute to links.
+    :param rel: Add the ``rel`` attribute to links.
+    :param extra_schemes: Recognize URLs that start with these schemes
+        in addition to the default behavior.
+
+    .. versionchanged:: 3.0
+        The ``extra_schemes`` parameter was added.
+
+    .. versionchanged:: 3.0
+        Generate ``https://`` links for URLs without a scheme.
+
+    .. versionchanged:: 3.0
+        The parsing rules were updated. Recognize email addresses with
+        or without the ``mailto:`` scheme. Validate IP addresses. Ignore
+        parentheses and brackets in more cases.
+    """
+    if trim_url_limit is not None:
+
+        def trim_url(x: str) -> str:
+            if len(x) > trim_url_limit:
+                return f"{x[:trim_url_limit]}..."
+
+            return x
+
+    else:
+
+        def trim_url(x: str) -> str:
+            return x
+
+    words = re.split(r"(\s+)", str(markupsafe.escape(text)))
+    rel_attr = f' rel="{markupsafe.escape(rel)}"' if rel else ""
+    target_attr = f' target="{markupsafe.escape(target)}"' if target else ""
+
+    for i, word in enumerate(words):
+        head, middle, tail = "", word, ""
+        match = re.match(r"^([(<]|&lt;)+", middle)
+
+        if match:
+            head = match.group()
+            middle = middle[match.end() :]
+
+        # Unlike lead, which is anchored to the start of the string,
+        # need to check that the string ends with any of the characters
+        # before trying to match all of them, to avoid backtracking.
+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
+
+            if match:
+                tail = match.group()
+                middle = middle[: match.start()]
+
+        # Prefer balancing parentheses in URLs instead of ignoring a
+        # trailing character.
+        for start_char, end_char in ("(", ")"), ("<", ">"), ("&lt;", "&gt;"):
+            start_count = middle.count(start_char)
+
+            if start_count <= middle.count(end_char):
+                # Balanced, or lighter on the left
+                continue
+
+            # Move as many as possible from the tail to balance
+            for _ in range(min(start_count, tail.count(end_char))):
+                end_index = tail.index(end_char) + len(end_char)
+                # Move anything in the tail before the end char too
+                middle += tail[:end_index]
+                tail = tail[end_index:]
+
+        if _http_re.match(middle):
+            if middle.startswith("https://") or middle.startswith("http://"):
+                middle = (
+                    f'<a href="{middle}"{rel_attr}{target_attr}>{trim_url(middle)}</a>'
+                )
+            else:
+                middle = (
+                    f'<a href="https://{middle}"{rel_attr}{target_attr}>'
+                    f"{trim_url(middle)}</a>"
+                )
+
+        elif middle.startswith("mailto:") and _email_re.match(middle[7:]):
+            middle = f'<a href="{middle}">{middle[7:]}</a>'
+
+        elif (
+            "@" in middle
+            and not middle.startswith("www.")
+            and ":" not in middle
+            and _email_re.match(middle)
+        ):
+            middle = f'<a href="mailto:{middle}">{middle}</a>'
+
+        elif extra_schemes is not None:
+            for scheme in extra_schemes:
+                if middle != scheme and middle.startswith(scheme):
+                    middle = f'<a href="{middle}"{rel_attr}{target_attr}>{middle}</a>'
+
+        words[i] = f"{head}{middle}{tail}"
+
+    return "".join(words)
+
+
+def generate_lorem_ipsum(
+    n: int = 5, html: bool = True, min: int = 20, max: int = 100
+) -> str:
+    """Generate some lorem ipsum for the template."""
+    from .constants import LOREM_IPSUM_WORDS
+
+    words = LOREM_IPSUM_WORDS.split()
+    result = []
+
+    for _ in range(n):
+        next_capitalized = True
+        last_comma = last_fullstop = 0
+        word = None
+        last = None
+        p = []
+
+        # each paragraph contains out of 20 to 100 words.
+        for idx, _ in enumerate(range(randrange(min, max))):
+            while True:
+                word = choice(words)
+                if word != last:
+                    last = word
+                    break
+            if next_capitalized:
+                word = word.capitalize()
+                next_capitalized = False
+            # add commas
+            if idx - randrange(3, 8) > last_comma:
+                last_comma = idx
+                last_fullstop += 2
+                word += ","
+            # add end of sentences
+            if idx - randrange(10, 20) > last_fullstop:
+                last_comma = last_fullstop = idx
+                word += "."
+                next_capitalized = True
+            p.append(word)
+
+        # ensure that the paragraph ends with a dot.
+        p_str = " ".join(p)
+
+        if p_str.endswith(","):
+            p_str = p_str[:-1] + "."
+        elif not p_str.endswith("."):
+            p_str += "."
+
+        result.append(p_str)
+
+    if not html:
+        return "\n\n".join(result)
+    return markupsafe.Markup(
+        "\n".join(f"<p>{markupsafe.escape(x)}</p>" for x in result)
+    )
+
+
+def url_quote(obj: t.Any, charset: str = "utf-8", for_qs: bool = False) -> str:
+    """Quote a string for use in a URL using the given charset.
+
+    :param obj: String or bytes to quote. Other types are converted to
+        string then encoded to bytes using the given charset.
+    :param charset: Encode text to bytes using this charset.
+    :param for_qs: Quote "/" and use "+" for spaces.
+    """
+    if not isinstance(obj, bytes):
+        if not isinstance(obj, str):
+            obj = str(obj)
+
+        obj = obj.encode(charset)
+
+    safe = b"" if for_qs else b"/"
+    rv = quote_from_bytes(obj, safe)
+
+    if for_qs:
+        rv = rv.replace("%20", "+")
+
+    return rv
+
+
+@abc.MutableMapping.register
+class LRUCache:
+    """A simple LRU Cache implementation."""
+
+    # this is fast for small capacities (something below 1000) but doesn't
+    # scale.  But as long as it's only used as storage for templates this
+    # won't do any harm.
+
+    def __init__(self, capacity: int) -> None:
+        self.capacity = capacity
+        self._mapping: t.Dict[t.Any, t.Any] = {}
+        self._queue: "te.Deque[t.Any]" = deque()
+        self._postinit()
+
+    def _postinit(self) -> None:
+        # alias all queue methods for faster lookup
+        self._popleft = self._queue.popleft
+        self._pop = self._queue.pop
+        self._remove = self._queue.remove
+        self._wlock = Lock()
+        self._append = self._queue.append
+
+    def __getstate__(self) -> t.Mapping[str, t.Any]:
+        return {
+            "capacity": self.capacity,
+            "_mapping": self._mapping,
+            "_queue": self._queue,
+        }
+
+    def __setstate__(self, d: t.Mapping[str, t.Any]) -> None:
+        self.__dict__.update(d)
+        self._postinit()
+
+    def __getnewargs__(self) -> t.Tuple[t.Any, ...]:
+        return (self.capacity,)
+
+    def copy(self) -> "LRUCache":
+        """Return a shallow copy of the instance."""
+        rv = self.__class__(self.capacity)
+        rv._mapping.update(self._mapping)
+        rv._queue.extend(self._queue)
+        return rv
+
+    def get(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Return an item from the cache dict or `default`"""
+        try:
+            return self[key]
+        except KeyError:
+            return default
+
+    def setdefault(self, key: t.Any, default: t.Any = None) -> t.Any:
+        """Set `default` if the key is not in the cache otherwise
+        leave unchanged. Return the value of this key.
+        """
+        try:
+            return self[key]
+        except KeyError:
+            self[key] = default
+            return default
+
+    def clear(self) -> None:
+        """Clear the cache."""
+        with self._wlock:
+            self._mapping.clear()
+            self._queue.clear()
+
+    def __contains__(self, key: t.Any) -> bool:
+        """Check if a key exists in this cache."""
+        return key in self._mapping
+
+    def __len__(self) -> int:
+        """Return the current size of the cache."""
+        return len(self._mapping)
+
+    def __repr__(self) -> str:
+        return f"<{type(self).__name__} {self._mapping!r}>"
+
+    def __getitem__(self, key: t.Any) -> t.Any:
+        """Get an item from the cache. Moves the item up so that it has the
+        highest priority then.
+
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            rv = self._mapping[key]
+
+            if self._queue[-1] != key:
+                try:
+                    self._remove(key)
+                except ValueError:
+                    # if something removed the key from the container
+                    # when we read, ignore the ValueError that we would
+                    # get otherwise.
+                    pass
+
+                self._append(key)
+
+            return rv
+
+    def __setitem__(self, key: t.Any, value: t.Any) -> None:
+        """Sets the value for an item. Moves the item up so that it
+        has the highest priority then.
+        """
+        with self._wlock:
+            if key in self._mapping:
+                self._remove(key)
+            elif len(self._mapping) == self.capacity:
+                del self._mapping[self._popleft()]
+
+            self._append(key)
+            self._mapping[key] = value
+
+    def __delitem__(self, key: t.Any) -> None:
+        """Remove an item from the cache dict.
+        Raise a `KeyError` if it does not exist.
+        """
+        with self._wlock:
+            del self._mapping[key]
+
+            try:
+                self._remove(key)
+            except ValueError:
+                pass
+
+    def items(self) -> t.Iterable[t.Tuple[t.Any, t.Any]]:
+        """Return a list of items."""
+        result = [(key, self._mapping[key]) for key in list(self._queue)]
+        result.reverse()
+        return result
+
+    def values(self) -> t.Iterable[t.Any]:
+        """Return a list of all values."""
+        return [x[1] for x in self.items()]
+
+    def keys(self) -> t.Iterable[t.Any]:
+        """Return a list of all keys ordered by most recent usage."""
+        return list(self)
+
+    def __iter__(self) -> t.Iterator[t.Any]:
+        return reversed(tuple(self._queue))
+
+    def __reversed__(self) -> t.Iterator[t.Any]:
+        """Iterate over the keys in the cache dict, oldest items
+        coming first.
+        """
+        return iter(tuple(self._queue))
+
+    __copy__ = copy
+
+
+def select_autoescape(
+    enabled_extensions: t.Collection[str] = ("html", "htm", "xml"),
+    disabled_extensions: t.Collection[str] = (),
+    default_for_string: bool = True,
+    default: bool = False,
+) -> t.Callable[[t.Optional[str]], bool]:
+    """Intelligently sets the initial value of autoescaping based on the
+    filename of the template.  This is the recommended way to configure
+    autoescaping if you do not want to write a custom function yourself.
+
+    If you want to enable it for all templates created from strings or
+    for all templates with `.html` and `.xml` extensions::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            enabled_extensions=('html', 'xml'),
+            default_for_string=True,
+        ))
+
+    Example configuration to turn it on at all times except if the template
+    ends with `.txt`::
+
+        from jinja2 import Environment, select_autoescape
+        env = Environment(autoescape=select_autoescape(
+            disabled_extensions=('txt',),
+            default_for_string=True,
+            default=True,
+        ))
+
+    The `enabled_extensions` is an iterable of all the extensions that
+    autoescaping should be enabled for.  Likewise `disabled_extensions` is
+    a list of all templates it should be disabled for.  If a template is
+    loaded from a string then the default from `default_for_string` is used.
+    If nothing matches then the initial value of autoescaping is set to the
+    value of `default`.
+
+    For security reasons this function operates case insensitive.
+
+    .. versionadded:: 2.9
+    """
+    enabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in enabled_extensions)
+    disabled_patterns = tuple(f".{x.lstrip('.').lower()}" for x in disabled_extensions)
+
+    def autoescape(template_name: t.Optional[str]) -> bool:
+        if template_name is None:
+            return default_for_string
+        template_name = template_name.lower()
+        if template_name.endswith(enabled_patterns):
+            return True
+        if template_name.endswith(disabled_patterns):
+            return False
+        return default
+
+    return autoescape
+
+
+def htmlsafe_json_dumps(
+    obj: t.Any, dumps: t.Optional[t.Callable[..., str]] = None, **kwargs: t.Any
+) -> markupsafe.Markup:
+    """Serialize an object to a string of JSON with :func:`json.dumps`,
+    then replace HTML-unsafe characters with Unicode escapes and mark
+    the result safe with :class:`~markupsafe.Markup`.
+
+    This is available in templates as the ``|tojson`` filter.
+
+    The following characters are escaped: ``<``, ``>``, ``&``, ``'``.
+
+    The returned string is safe to render in HTML documents and
+    ``<script>`` tags. The exception is in HTML attributes that are
+    double quoted; either use single quotes or the ``|forceescape``
+    filter.
+
+    :param obj: The object to serialize to JSON.
+    :param dumps: The ``dumps`` function to use. Defaults to
+        ``env.policies["json.dumps_function"]``, which defaults to
+        :func:`json.dumps`.
+    :param kwargs: Extra arguments to pass to ``dumps``. Merged onto
+        ``env.policies["json.dumps_kwargs"]``.
+
+    .. versionchanged:: 3.0
+        The ``dumper`` parameter is renamed to ``dumps``.
+
+    .. versionadded:: 2.9
+    """
+    if dumps is None:
+        dumps = json.dumps
+
+    return markupsafe.Markup(
+        dumps(obj, **kwargs)
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026")
+        .replace("'", "\\u0027")
+    )
+
+
+class Cycler:
+    """Cycle through values by yield them one at a time, then restarting
+    once the end is reached. Available as ``cycler`` in templates.
+
+    Similar to ``loop.cycle``, but can be used outside loops or across
+    multiple loops. For example, render a list of folders and files in a
+    list, alternating giving them "odd" and "even" classes.
+
+    .. code-block:: html+jinja
+
+        {% set row_class = cycler("odd", "even") %}
+        <ul class="browser">
+        {% for folder in folders %}
+          <li class="folder {{ row_class.next() }}">{{ folder }}
+        {% endfor %}
+        {% for file in files %}
+          <li class="file {{ row_class.next() }}">{{ file }}
+        {% endfor %}
+        </ul>
+
+    :param items: Each positional argument will be yielded in the order
+        given for each cycle.
+
+    .. versionadded:: 2.1
+    """
+
+    def __init__(self, *items: t.Any) -> None:
+        if not items:
+            raise RuntimeError("at least one item has to be provided")
+        self.items = items
+        self.pos = 0
+
+    def reset(self) -> None:
+        """Resets the current item to the first item."""
+        self.pos = 0
+
+    @property
+    def current(self) -> t.Any:
+        """Return the current item. Equivalent to the item that will be
+        returned next time :meth:`next` is called.
+        """
+        return self.items[self.pos]
+
+    def next(self) -> t.Any:
+        """Return the current item, then advance :attr:`current` to the
+        next item.
+        """
+        rv = self.current
+        self.pos = (self.pos + 1) % len(self.items)
+        return rv
+
+    __next__ = next
+
+
+class Joiner:
+    """A joining helper for templates."""
+
+    def __init__(self, sep: str = ", ") -> None:
+        self.sep = sep
+        self.used = False
+
+    def __call__(self) -> str:
+        if not self.used:
+            self.used = True
+            return ""
+        return self.sep
+
+
+class Namespace:
+    """A namespace object that can hold arbitrary attributes.  It may be
+    initialized from a dictionary or with keyword arguments."""
+
+    def __init__(*args: t.Any, **kwargs: t.Any) -> None:  # noqa: B902
+        self, args = args[0], args[1:]
+        self.__attrs = dict(*args, **kwargs)
+
+    def __getattribute__(self, name: str) -> t.Any:
+        # __class__ is needed for the awaitable check in async mode
+        if name in {"_Namespace__attrs", "__class__"}:
+            return object.__getattribute__(self, name)
+        try:
+            return self.__attrs[name]
+        except KeyError:
+            raise AttributeError(name) from None
+
+    def __setitem__(self, name: str, value: t.Any) -> None:
+        self.__attrs[name] = value
+
+    def __repr__(self) -> str:
+        return f"<Namespace {self.__attrs!r}>"
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jinja2/visitor.py b/lib/go-jinja2/internal/data/windows-amd64/jinja2/visitor.py
new file mode 100644
index 000000000..7b8e18060
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jinja2/visitor.py
@@ -0,0 +1,92 @@
+"""API for traversing the AST nodes. Implemented by the compiler and
+meta introspection.
+"""
+
+import typing as t
+
+from .nodes import Node
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class VisitCallable(te.Protocol):
+        def __call__(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any: ...
+
+
+class NodeVisitor:
+    """Walks the abstract syntax tree and call visitor functions for every
+    node found.  The visitor functions may return values which will be
+    forwarded by the `visit` method.
+
+    Per default the visitor functions for the nodes are ``'visit_'`` +
+    class name of the node.  So a `TryFinally` node visit function would
+    be `visit_TryFinally`.  This behavior can be changed by overriding
+    the `get_visitor` function.  If no visitor function exists for a node
+    (return value `None`) the `generic_visit` visitor is used instead.
+    """
+
+    def get_visitor(self, node: Node) -> "t.Optional[VisitCallable]":
+        """Return the visitor function for this node or `None` if no visitor
+        exists for this node.  In that case the generic visit function is
+        used instead.
+        """
+        return getattr(self, f"visit_{type(node).__name__}", None)
+
+    def visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Visit a node."""
+        f = self.get_visitor(node)
+
+        if f is not None:
+            return f(node, *args, **kwargs)
+
+        return self.generic_visit(node, *args, **kwargs)
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.Any:
+        """Called if no explicit visitor function exists for a node."""
+        for child_node in node.iter_child_nodes():
+            self.visit(child_node, *args, **kwargs)
+
+
+class NodeTransformer(NodeVisitor):
+    """Walks the abstract syntax tree and allows modifications of nodes.
+
+    The `NodeTransformer` will walk the AST and use the return value of the
+    visitor functions to replace or remove the old node.  If the return
+    value of the visitor function is `None` the node will be removed
+    from the previous location otherwise it's replaced with the return
+    value.  The return value may be the original node in which case no
+    replacement takes place.
+    """
+
+    def generic_visit(self, node: Node, *args: t.Any, **kwargs: t.Any) -> Node:
+        for field, old_value in node.iter_fields():
+            if isinstance(old_value, list):
+                new_values = []
+                for value in old_value:
+                    if isinstance(value, Node):
+                        value = self.visit(value, *args, **kwargs)
+                        if value is None:
+                            continue
+                        elif not isinstance(value, Node):
+                            new_values.extend(value)
+                            continue
+                    new_values.append(value)
+                old_value[:] = new_values
+            elif isinstance(old_value, Node):
+                new_node = self.visit(old_value, *args, **kwargs)
+                if new_node is None:
+                    delattr(node, field)
+                else:
+                    setattr(node, field, new_node)
+        return node
+
+    def visit_list(self, node: Node, *args: t.Any, **kwargs: t.Any) -> t.List[Node]:
+        """As transformers may return lists in some places this method
+        can be used to enforce a list as return value.
+        """
+        rv = self.visit(node, *args, **kwargs)
+
+        if not isinstance(rv, list):
+            return [rv]
+
+        return rv
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
new file mode 100644
index 000000000..86be119bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
@@ -0,0 +1,379 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.6.1
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+License-File: LICENSE
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.7 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++-------------------------------------+------------------------------------------------------------------------------------+
+| Syntax                              | Meaning                                                                            |
++=====================================+====================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
++-------------------------------------+------------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
++-------------------------------------+------------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
new file mode 100644
index 000000000..275d5d73f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
@@ -0,0 +1,35 @@
+../../bin/jsonpath_ng,sha256=2EG91IZNROoHjMwKMYQnB0y6prUbkCo3riRYqDYXq9U,262
+jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
+jsonpath_ng-1.6.1.dist-info/RECORD,,
+jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
+jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
+jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/__pycache__/lexer.cpython-311.pyc,,
+jsonpath_ng/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/bin/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng/bin/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/bin/__pycache__/jsonpath.cpython-311.pyc,,
+jsonpath_ng/bin/jsonpath.py,sha256=C4PCWjxSRskALh_Z7ILOFpvHNjP5HLBmRnxbzrbgg98,2057
+jsonpath_ng/exceptions.py,sha256=WbmwVjhCtpqp0enN3Sd4ymlZGP8ZZUkvT9uq7PXiEq4,146
+jsonpath_ng/ext/__init__.py,sha256=oxAHiz1-xcRsDX_KGDCiBh6LGP2zHZKzvI3QxrFTh6E,605
+jsonpath_ng/ext/__pycache__/__init__.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/arithmetic.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/filter.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/iterable.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
+jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
+jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
+jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
+jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
+jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
+jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
+jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
+jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
+jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
new file mode 100644
index 000000000..57e3d840d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.38.4)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
new file mode 100644
index 000000000..e1985ff19
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
new file mode 100644
index 000000000..30b75c567
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
@@ -0,0 +1 @@
+jsonpath_ng
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
new file mode 100644
index 000000000..ed6553b2d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
@@ -0,0 +1,6 @@
+from .jsonpath import *  # noqa
+from .parser import parse  # noqa
+
+
+# Current package version
+__version__ = '1.6.1'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/jsonpath.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/jsonpath.py
new file mode 100644
index 000000000..386f87c59
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/bin/jsonpath.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# encoding: utf-8
+# Copyright © 2012 Felix Richter <wtfpl@syntax-fehler.de>
+# This work is free. You can redistribute it and/or modify it under the
+# terms of the Do What The Fuck You Want To Public License, Version 2,
+# as published by Sam Hocevar. See the COPYING file for more details.
+
+# Standard Library imports
+import json
+import sys
+import glob
+import argparse
+
+# JsonPath-RW imports
+from jsonpath_ng import parse
+
+def find_matches_for_file(expr, f):
+    return expr.find(json.load(f))
+
+def print_matches(matches):
+    print('\n'.join(['{0}'.format(match.value) for match in matches]))
+
+
+def main(*argv):
+    parser = argparse.ArgumentParser(
+        description='Search JSON files (or stdin) according to a JSONPath expression.',
+        formatter_class=argparse.RawTextHelpFormatter,
+        epilog="""
+        Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw)
+
+        atomics:
+            $              - root object
+            `this`         - current object
+
+        operators:
+            path1.path2    - same as xpath /
+            path1|path2    - union
+            path1..path2   - somewhere in between
+
+        fields:
+            fieldname       - field with name
+            *               - any field
+            [_start_?:_end_?] - array slice
+            [*]             - any array index
+    """)
+
+
+
+    parser.add_argument('expression', help='A JSONPath expression.')
+    parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)')
+
+    args = parser.parse_args(argv[1:])
+
+    expr = parse(args.expression)
+    glob_patterns = args.files
+
+    if len(glob_patterns) == 0:
+        # stdin mode
+        print_matches(find_matches_for_file(expr, sys.stdin))
+    else:
+        # file paths mode
+        for pattern in glob_patterns:
+            for filename in glob.glob(pattern):
+                with open(filename) as f:
+                    print_matches(find_matches_for_file(expr, f))
+
+def entry_point():
+    main(*sys.argv)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/exceptions.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/exceptions.py
new file mode 100644
index 000000000..a592d83cb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/exceptions.py
@@ -0,0 +1,10 @@
+class JSONPathError(Exception):
+    pass
+
+
+class JsonPathLexerError(JSONPathError):
+    pass
+
+
+class JsonPathParserError(JSONPathError):
+    pass
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/__init__.py
new file mode 100644
index 000000000..1e5c325fc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/__init__.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .parser import parse  # noqa
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/arithmetic.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/arithmetic.py
new file mode 100644
index 000000000..0ba9e0ca8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/arithmetic.py
@@ -0,0 +1,72 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+from .. import JSONPath, DatumInContext
+
+
+OPERATOR_MAP = {
+    '+': operator.add,
+    '-': operator.sub,
+    '*': operator.mul,
+    '/': operator.truediv,
+}
+
+
+class Operation(JSONPath):
+    def __init__(self, left, op, right):
+        self.left = left
+        self.op = OPERATOR_MAP[op]
+        self.right = right
+
+    def find(self, datum):
+        result = []
+        if (isinstance(self.left, JSONPath)
+                and isinstance(self.right, JSONPath)):
+            left = self.left.find(datum)
+            right = self.right.find(datum)
+            if left and right and len(left) == len(right):
+                for l, r in zip(left, right):
+                    try:
+                        result.append(self.op(l.value, r.value))
+                    except TypeError:
+                        return []
+            else:
+                return []
+        elif isinstance(self.left, JSONPath):
+            left = self.left.find(datum)
+            for l in left:
+                try:
+                    result.append(self.op(l.value, self.right))
+                except TypeError:
+                    return []
+        elif isinstance(self.right, JSONPath):
+            right = self.right.find(datum)
+            for r in right:
+                try:
+                    result.append(self.op(self.left, r.value))
+                except TypeError:
+                    return []
+        else:
+            try:
+                result.append(self.op(self.left, self.right))
+            except TypeError:
+                return []
+        return [DatumInContext.wrap(r) for r in result]
+
+    def __repr__(self):
+        return '%s(%r%s%r)' % (self.__class__.__name__, self.left, self.op,
+                               self.right)
+
+    def __str__(self):
+        return '%s%s%s' % (self.left, self.op, self.right)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/filter.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/filter.py
new file mode 100644
index 000000000..e0bd48a4f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/filter.py
@@ -0,0 +1,140 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import operator
+import re
+
+from .. import JSONPath, DatumInContext, Index
+
+
+OPERATOR_MAP = {
+    '!=': operator.ne,
+    '==': operator.eq,
+    '=': operator.eq,
+    '<=': operator.le,
+    '<': operator.lt,
+    '>=': operator.ge,
+    '>': operator.gt,
+    '=~': lambda a, b: True if isinstance(a, str) and re.search(b, a) else False,
+}
+
+
+class Filter(JSONPath):
+    """The JSONQuery filter"""
+
+    def __init__(self, expressions):
+        self.expressions = expressions
+
+    def find(self, datum):
+        if not self.expressions:
+            return datum
+
+        datum = DatumInContext.wrap(datum)
+
+        if isinstance(datum.value, dict):
+            datum.value = list(datum.value.values())
+
+        if not isinstance(datum.value, list):
+            return []
+
+        return [DatumInContext(datum.value[i], path=Index(i), context=datum)
+                for i in range(0, len(datum.value))
+                if (len(self.expressions) ==
+                    len(list(filter(lambda x: x.find(datum.value[i]),
+                                    self.expressions))))]
+
+    def filter(self, fn, data):
+        # NOTE: We reverse the order just to make sure the indexes are preserved upon
+        #  removal.
+        for datum in reversed(self.find(data)):
+            index_obj = datum.path
+            if isinstance(data, dict):
+                index_obj.index = list(data)[index_obj.index]
+            index_obj.filter(fn, data)
+        return data
+
+    def update(self, data, val):
+        if type(data) is list:
+            for index, item in enumerate(data):
+                shouldUpdate = len(self.expressions) == len(list(filter(lambda x: x.find(item), self.expressions)))
+                if shouldUpdate:
+                    if hasattr(val, '__call__'):
+                        val.__call__(data[index], data, index)
+                    else:
+                        data[index] = val
+        return data
+    
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+    def __eq__(self, other):
+        return (isinstance(other, Filter)
+                and self.expressions == other.expressions)
+
+
+class Expression(JSONPath):
+    """The JSONQuery expression"""
+
+    def __init__(self, target, op, value):
+        self.target = target
+        self.op = op
+        self.value = value
+
+    def find(self, datum):
+        datum = self.target.find(DatumInContext.wrap(datum))
+
+        if not datum:
+            return []
+        if self.op is None:
+            return datum
+
+        found = []
+        for data in datum:
+            value = data.value
+            if isinstance(self.value, int):
+                try:
+                    value = int(value)
+                except ValueError:
+                    continue
+            elif isinstance(self.value, bool):
+                try:
+                    value = bool(value)
+                except ValueError:
+                    continue
+
+            if OPERATOR_MAP[self.op](value, self.value):
+                found.append(data)
+
+        return found
+
+    def __eq__(self, other):
+        return (isinstance(other, Expression) and
+                self.target == other.target and
+                self.op == other.op and
+                self.value == other.value)
+
+    def __repr__(self):
+        if self.op is None:
+            return '%s(%r)' % (self.__class__.__name__, self.target)
+        else:
+            return '%s(%r %s %r)' % (self.__class__.__name__,
+                                     self.target, self.op, self.value)
+
+    def __str__(self):
+        if self.op is None:
+            return '%s' % self.target
+        else:
+            return '%s %s %s' % (self.target, self.op, self.value)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
new file mode 100644
index 000000000..40ae1eb5b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
@@ -0,0 +1,118 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import functools
+from .. import This, DatumInContext, JSONPath
+
+
+class SortedThis(This):
+    """The JSONPath referring to the sorted version of the current object.
+
+    Concrete syntax is '`sorted`' or [\\field,/field].
+    """
+    def __init__(self, expressions=None):
+        self.expressions = expressions
+
+    def _compare(self, left, right):
+        left = DatumInContext.wrap(left)
+        right = DatumInContext.wrap(right)
+
+        for expr in self.expressions:
+            field, reverse = expr
+            l_datum = field.find(left)
+            r_datum = field.find(right)
+            if (not l_datum or not r_datum or
+                    len(l_datum) > 1 or len(r_datum) > 1 or
+                    l_datum[0].value == r_datum[0].value):
+                # NOTE(sileht): should we do something if the expression
+                # match multiple fields, for now ignore them
+                continue
+            elif l_datum[0].value < r_datum[0].value:
+                return 1 if reverse else -1
+            else:
+                return -1 if reverse else 1
+        return 0
+
+    def find(self, datum):
+        """Return sorted value of This if list or dict."""
+        if isinstance(datum.value, dict) and self.expressions:
+            return datum
+
+        if isinstance(datum.value, dict) or isinstance(datum.value, list):
+            key = (functools.cmp_to_key(self._compare)
+                   if self.expressions else None)
+            return [DatumInContext.wrap(
+                [value for value in sorted(datum.value, key=key)])]
+        return datum
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.expressions)
+
+    def __str__(self):
+        return '[?%s]' % self.expressions
+
+
+class Len(JSONPath):
+    """The JSONPath referring to the len of the current object.
+
+    Concrete syntax is '`len`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = len(datum.value)
+        except TypeError:
+            return []
+        else:
+            return [DatumInContext(value,
+                                               context=None,
+                                               path=Len())]
+
+    def __eq__(self, other):
+        return isinstance(other, Len)
+
+    def __str__(self):
+        return '`len`'
+
+    def __repr__(self):
+        return 'Len()'
+
+
+class Keys(JSONPath):
+    """The JSONPath referring to the keys of the current object.
+    Concrete syntax is '`keys`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = list(datum.value.keys())
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value[i],
+                                               context=None,
+                                               path=Keys()) for i in range (0, len(datum.value))]
+
+    def __eq__(self, other):
+        return isinstance(other, Keys)
+
+    def __str__(self):
+        return '`keys`'
+
+    def __repr__(self):
+        return 'Keys()'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
new file mode 100644
index 000000000..756b72c69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
@@ -0,0 +1,174 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from .. import lexer
+from .. import parser
+from .. import Fields, This, Child
+
+from . import arithmetic as _arithmetic
+from . import filter as _filter
+from . import iterable as _iterable
+from . import string as _string
+
+
+class ExtendedJsonPathLexer(lexer.JsonPathLexer):
+    """Custom LALR-lexer for JsonPath"""
+    literals = lexer.JsonPathLexer.literals + ['?', '@', '+', '*', '/', '-']
+    tokens = (['BOOL'] +
+              parser.JsonPathLexer.tokens +
+              ['FILTER_OP', 'SORT_DIRECTION', 'FLOAT'])
+
+    t_FILTER_OP = r'=~|==?|<=|>=|!=|<|>'
+
+    def t_BOOL(self, t):
+        r'true|false'
+        t.value = True if t.value == 'true' else False
+        return t
+
+    def t_SORT_DIRECTION(self, t):
+        r',?\s*(/|\\)'
+        t.value = t.value[-1]
+        return t
+
+    def t_ID(self, t):
+        r'@?[a-zA-Z_][a-zA-Z0-9_@\-]*'
+        # NOTE(sileht): This fixes the ID expression to be
+        # able to use @ for `This` like any json query
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_FLOAT(self, t):
+        r'-?\d+\.\d+'
+        t.value = float(t.value)
+        return t
+
+
+class ExtentedJsonPathParser(parser.JsonPathParser):
+    """Custom LALR-parser for JsonPath"""
+
+    tokens = ExtendedJsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        lexer_class = lexer_class or ExtendedJsonPathLexer
+        super(ExtentedJsonPathParser, self).__init__(debug, lexer_class)
+
+    def p_jsonpath_operator_jsonpath(self, p):
+        """jsonpath : NUMBER operator NUMBER
+                    | FLOAT operator FLOAT
+                    | ID operator ID
+                    | NUMBER operator jsonpath
+                    | FLOAT operator jsonpath
+                    | jsonpath operator NUMBER
+                    | jsonpath operator FLOAT
+                    | jsonpath operator jsonpath
+        """
+
+        # NOTE(sileht): If we have choice between a field or a string we
+        # always choice string, because field can be full qualified
+        # like $.foo == foo and where string can't.
+        for i in [1, 3]:
+            if (isinstance(p[i], Fields) and len(p[i].fields) == 1):  # noqa
+                p[i] = p[i].fields[0]
+
+        p[0] = _arithmetic.Operation(p[1], p[2], p[3])
+
+    def p_operator(self, p):
+        """operator : '+'
+                    | '-'
+                    | '*'
+                    | '/'
+        """
+        p[0] = p[1]
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'len':
+            p[0] = _iterable.Len()
+        elif p[1] == 'keys':
+            p[0] = _iterable.Keys()
+        elif p[1] == 'sorted':
+            p[0] = _iterable.SortedThis()
+        elif p[1].startswith("split("):
+            p[0] = _string.Split(p[1])
+        elif p[1].startswith("sub("):
+            p[0] = _string.Sub(p[1])
+        elif p[1].startswith("str("):
+            p[0] = _string.Str(p[1])
+        else:
+            super(ExtentedJsonPathParser, self).p_jsonpath_named_operator(p)
+
+    def p_expression(self, p):
+        """expression : jsonpath
+                      | jsonpath FILTER_OP ID
+                      | jsonpath FILTER_OP FLOAT
+                      | jsonpath FILTER_OP NUMBER
+                      | jsonpath FILTER_OP BOOL
+        """
+        if len(p) == 2:
+            left, op, right = p[1], None, None
+        else:
+            __, left, op, right = p
+        p[0] = _filter.Expression(left, op, right)
+
+    def p_expressions_expression(self, p):
+        "expressions : expression"
+        p[0] = [p[1]]
+
+    def p_expressions_and(self, p):
+        "expressions : expressions '&' expressions"
+        # TODO(sileht): implements '|'
+        p[0] = p[1] + p[3]
+
+    def p_expressions_parens(self, p):
+        "expressions : '(' expressions ')'"
+        p[0] = p[2]
+
+    def p_filter(self, p):
+        "filter : '?' expressions "
+        p[0] = _filter.Filter(p[2])
+
+    def p_jsonpath_filter(self, p):
+        "jsonpath : jsonpath '[' filter ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_sort(self, p):
+        "sort : SORT_DIRECTION jsonpath"
+        p[0] = (p[2], p[1] != "/")
+
+    def p_sorts_sort(self, p):
+        "sorts : sort"
+        p[0] = [p[1]]
+
+    def p_sorts_comma(self, p):
+        "sorts : sorts sorts"
+        p[0] = p[1] + p[2]
+
+    def p_jsonpath_sort(self, p):
+        "jsonpath : jsonpath '[' sorts ']'"
+        sort = _iterable.SortedThis(p[3])
+        p[0] = Child(p[1], sort)
+
+    def p_jsonpath_this(self, p):
+        "jsonpath : '@'"
+        p[0] = This()
+
+    precedence = [
+        ('left', '+', '-'),
+        ('left', '*', '/'),
+    ] + parser.JsonPathParser.precedence + [
+        ('nonassoc', 'ID'),
+    ]
+
+
+def parse(path, debug=False):
+    return ExtentedJsonPathParser(debug=debug).parse(path)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
new file mode 100644
index 000000000..1cd27632d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
@@ -0,0 +1,117 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import re
+from .. import DatumInContext, This
+
+
+SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
+SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+STR = re.compile(r"str\(\)")
+
+
+class DefintionInvalid(Exception):
+    pass
+
+
+class Sub(This):
+    """Regex substituor
+
+    Concrete syntax is '`sub(/regex/, repl)`'
+    """
+
+    def __init__(self, method=None):
+        m = SUB.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.expr = m.group(1).strip()
+        self.repl = m.group(2).strip()
+        self.regex = re.compile(self.expr)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = self.regex.sub(self.repl, datum.value)
+        if value == datum.value:
+            return []
+        else:
+            return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Sub) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`sub(/%s/, %s)`' % (self.expr, self.repl)
+
+
+class Split(This):
+    """String splitter
+
+    Concrete syntax is '`split(char, segment, max_split)`'
+    """
+
+    def __init__(self, method=None):
+        m = SPLIT.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.char = m.group(1)
+        self.segment = int(m.group(2))
+        self.max_split = int(m.group(3))
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = datum.value.split(self.char, self.max_split)[self.segment]
+        except Exception:
+            return []
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Split) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`%s`' % self.method
+
+
+class Str(This):
+    """String converter
+
+    Concrete syntax is '`str()`'
+    """
+
+    def __init__(self, method=None):
+        m = STR.match(method)
+        if m is None:
+            raise DefintionInvalid("%s is not valid" % method)
+        self.method = method
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        value = str(datum.value)
+        return [DatumInContext.wrap(value)]
+
+    def __eq__(self, other):
+        return (isinstance(other, Str) and self.method == other.method)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.method)
+
+    def __str__(self):
+        return '`str()`'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
new file mode 100644
index 000000000..19e5a9eb3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
@@ -0,0 +1,815 @@
+import logging
+from itertools import *  # noqa
+from jsonpath_ng.lexer import JsonPathLexer
+
+# Get logger name
+logger = logging.getLogger(__name__)
+
+# Turn on/off the automatic creation of id attributes
+# ... could be a kwarg pervasively but uses are rare and simple today
+auto_id_field = None
+
+NOT_SET = object()
+LIST_KEY = object()
+
+
+class JSONPath:
+    """
+    The base class for JSONPath abstract syntax; those
+    methods stubbed here are the interface to supported
+    JSONPath semantics.
+    """
+
+    def find(self, data):
+        """
+        All `JSONPath` types support `find()`, which returns an iterable of `DatumInContext`s.
+        They keep track of the path followed to the current location, so if the calling code
+        has some opinion about that, it can be passed in here as a starting point.
+        """
+        raise NotImplementedError()
+
+    def find_or_create(self, data):
+        return self.find(data)
+
+    def update(self, data, val):
+        """
+        Returns `data` with the specified path replaced by `val`. Only updates
+        if the specified path exists.
+        """
+
+        raise NotImplementedError()
+
+    def update_or_create(self, data, val):
+        return self.update(data, val)
+
+    def filter(self, fn, data):
+        """
+        Returns `data` with the specified path filtering nodes according
+        the filter evaluation result returned by the filter function.
+
+        Arguments:
+            fn (function): unary function that accepts one argument
+                and returns bool.
+            data (dict|list|tuple): JSON object to filter.
+        """
+
+        raise NotImplementedError()
+
+    def child(self, child):
+        """
+        Equivalent to Child(self, next) but with some canonicalization
+        """
+        if isinstance(self, This) or isinstance(self, Root):
+            return child
+        elif isinstance(child, This):
+            return self
+        elif isinstance(child, Root):
+            return child
+        else:
+            return Child(self, child)
+
+    def make_datum(self, value):
+        if isinstance(value, DatumInContext):
+            return value
+        else:
+            return DatumInContext(value, path=Root(), context=None)
+
+
+class DatumInContext:
+    """
+    Represents a datum along a path from a context.
+
+    Essentially a zipper but with a structure represented by JsonPath,
+    and where the context is more of a parent pointer than a proper
+    representation of the context.
+
+    For quick-and-dirty work, this proxies any non-special attributes
+    to the underlying datum, but the actual datum can (and usually should)
+    be retrieved via the `value` attribute.
+
+    To place `datum` within another, use `datum.in_context(context=..., path=...)`
+    which extends the path. If the datum already has a context, it places the entire
+    context within that passed in, so an object can be built from the inside
+    out.
+    """
+    @classmethod
+    def wrap(cls, data):
+        if isinstance(data, cls):
+            return data
+        else:
+            return cls(data)
+
+    def __init__(self, value, path=None, context=None):
+        self.value = value
+        self.path = path or This()
+        self.context = None if context is None else DatumInContext.wrap(context)
+
+    def in_context(self, context, path):
+        context = DatumInContext.wrap(context)
+
+        if self.context:
+            return DatumInContext(value=self.value, path=self.path, context=context.in_context(path=path, context=context))
+        else:
+            return DatumInContext(value=self.value, path=path, context=context)
+
+    @property
+    def full_path(self):
+        return self.path if self.context is None else self.context.full_path.child(self.path)
+
+    @property
+    def id_pseudopath(self):
+        """
+        Looks like a path, but with ids stuck in when available
+        """
+        try:
+            pseudopath = Fields(str(self.value[auto_id_field]))
+        except (TypeError, AttributeError, KeyError): # This may not be all the interesting exceptions
+            pseudopath = self.path
+
+        if self.context:
+            return self.context.id_pseudopath.child(pseudopath)
+        else:
+            return pseudopath
+
+    def __repr__(self):
+        return '%s(value=%r, path=%r, context=%r)' % (self.__class__.__name__, self.value, self.path, self.context)
+
+    def __eq__(self, other):
+        return isinstance(other, DatumInContext) and other.value == self.value and other.path == self.path and self.context == other.context
+
+
+class AutoIdForDatum(DatumInContext):
+    """
+    This behaves like a DatumInContext, but the value is
+    always the path leading up to it, not including the "id",
+    and with any "id" fields along the way replacing the prior
+    segment of the path
+
+    For example, it will make "foo.bar.id" return a datum
+    that behaves like DatumInContext(value="foo.bar", path="foo.bar.id").
+
+    This is disabled by default; it can be turned on by
+    settings the `auto_id_field` global to a value other
+    than `None`.
+    """
+
+    def __init__(self, datum, id_field=None):
+        """
+        Invariant is that datum.path is the path from context to datum. The auto id
+        will either be the id in the datum (if present) or the id of the context
+        followed by the path to the datum.
+
+        The path to this datum is always the path to the context, the path to the
+        datum, and then the auto id field.
+        """
+        self.datum = datum
+        self.id_field = id_field or auto_id_field
+
+    @property
+    def value(self):
+        return str(self.datum.id_pseudopath)
+
+    @property
+    def path(self):
+        return self.id_field
+
+    @property
+    def context(self):
+        return self.datum
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, self.datum)
+
+    def in_context(self, context, path):
+        return AutoIdForDatum(self.datum.in_context(context=context, path=path))
+
+    def __eq__(self, other):
+        return isinstance(other, AutoIdForDatum) and other.datum == self.datum and self.id_field == other.id_field
+
+
+class Root(JSONPath):
+    """
+    The JSONPath referring to the "root" object. Concrete syntax is '$'.
+    The root is the topmost datum without any context attached.
+    """
+
+    def find(self, data):
+        if not isinstance(data, DatumInContext):
+            return [DatumInContext(data, path=Root(), context=None)]
+        else:
+            if data.context is None:
+                return [DatumInContext(data.value, context=None, path=Root())]
+            else:
+                return Root().find(data.context)
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '$'
+
+    def __repr__(self):
+        return 'Root()'
+
+    def __eq__(self, other):
+        return isinstance(other, Root)
+
+    def __hash__(self):
+        return hash('$')
+
+
+class This(JSONPath):
+    """
+    The JSONPath referring to the current datum. Concrete syntax is '@'.
+    """
+
+    def find(self, datum):
+        return [DatumInContext.wrap(datum)]
+
+    def update(self, data, val):
+        return val
+
+    def filter(self, fn, data):
+        return data if fn(data) else None
+
+    def __str__(self):
+        return '`this`'
+
+    def __repr__(self):
+        return 'This()'
+
+    def __eq__(self, other):
+        return isinstance(other, This)
+
+    def __hash__(self):
+        return hash('this')
+
+
+class Child(JSONPath):
+    """
+    JSONPath that first matches the left, then the right.
+    Concrete syntax is <left> '.' <right>
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        """
+        Extra special case: auto ids do not have children,
+        so cut it off right now rather than auto id the auto id
+        """
+
+        return [submatch
+                for subdata in self.left.find(datum)
+                if not isinstance(subdata, AutoIdForDatum)
+                for submatch in self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.left.find(data):
+            self.right.update(datum.value, val)
+        return data
+
+    def find_or_create(self, datum):
+        datum = DatumInContext.wrap(datum)
+        submatches = []
+        for subdata in self.left.find_or_create(datum):
+            if isinstance(subdata, AutoIdForDatum):
+                # Extra special case: auto ids do not have children,
+                # so cut it off right now rather than auto id the auto id
+                continue
+            for submatch in self.right.find_or_create(subdata):
+                submatches.append(submatch)
+        return submatches
+
+    def update_or_create(self, data, val):
+        for datum in self.left.find_or_create(data):
+            self.right.update_or_create(datum.value, val)
+        return _clean_list_keys(data)
+
+    def filter(self, fn, data):
+        for datum in self.left.find(data):
+            self.right.filter(fn, datum.value)
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Child) and self.left == other.left and self.right == other.right
+
+    def __str__(self):
+        return '%s.%s' % (self.left, self.right)
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Parent(JSONPath):
+    """
+    JSONPath that matches the parent node of the current match.
+    Will crash if no such parent exists.
+    Available via named operator `parent`.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        return [datum.context]
+
+    def __eq__(self, other):
+        return isinstance(other, Parent)
+
+    def __str__(self):
+        return '`parent`'
+
+    def __repr__(self):
+        return 'Parent()'
+
+    def __hash__(self):
+        return hash('parent')
+
+
+class Where(JSONPath):
+    """
+    JSONPath that first matches the left, and then
+    filters for only those nodes that have
+    a match on the right.
+
+    WARNING: Subject to change. May want to have "contains"
+    or some other better word for it.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data) if self.right.find(subdata)]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        for datum in self.find(data):
+            datum.path.filter(fn, datum.value)
+        return data
+
+    def __str__(self):
+        return '%s where %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Where) and other.left == self.left and other.right == self.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Descendants(JSONPath):
+    """
+    JSONPath that matches first the left expression then any descendant
+    of it which matches the right expression.
+    """
+
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def find(self, datum):
+        # <left> .. <right> ==> <left> . (<right> | *..<right> | [*]..<right>)
+        #
+        # With with a wonky caveat that since Slice() has funky coercions
+        # we cannot just delegate to that equivalence or we'll hit an
+        # infinite loop. So right here we implement the coercion-free version.
+
+        # Get all left matches into a list
+        left_matches = self.left.find(datum)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def match_recursively(datum):
+            right_matches = self.right.find(datum)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(datum.value, list):
+                recursive_matches = [submatch
+                                     for i in range(0, len(datum.value))
+                                     for submatch in match_recursively(DatumInContext(datum.value[i], context=datum, path=Index(i)))]
+
+            elif isinstance(datum.value, dict):
+                recursive_matches = [submatch
+                                     for field in datum.value.keys()
+                                     for submatch in match_recursively(DatumInContext(datum.value[field], context=datum, path=Fields(field)))]
+
+            else:
+                recursive_matches = []
+
+            return right_matches + list(recursive_matches)
+
+        # TODO: repeatable iterator instead of list?
+        return [submatch
+                for left_match in left_matches
+                for submatch in match_recursively(left_match)]
+
+    def is_singular(self):
+        return False
+
+    def update(self, data, val):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def update_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.update(data, val)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    update_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    update_recursively(data[field])
+
+        for submatch in left_matches:
+            update_recursively(submatch.value)
+
+        return data
+
+    def filter(self, fn, data):
+        # Get all left matches into a list
+        left_matches = self.left.find(data)
+        if not isinstance(left_matches, list):
+            left_matches = [left_matches]
+
+        def filter_recursively(data):
+            # Update only mutable values corresponding to JSON types
+            if not (isinstance(data, list) or isinstance(data, dict)):
+                return
+
+            self.right.filter(fn, data)
+
+            # Manually do the * or [*] to avoid coercion and recurse just the right-hand pattern
+            if isinstance(data, list):
+                for i in range(0, len(data)):
+                    filter_recursively(data[i])
+
+            elif isinstance(data, dict):
+                for field in data.keys():
+                    filter_recursively(data[field])
+
+        for submatch in left_matches:
+            filter_recursively(submatch.value)
+
+        return data
+
+    def __str__(self):
+        return '%s..%s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return isinstance(other, Descendants) and self.left == other.left and self.right == other.right
+
+    def __repr__(self):
+        return '%s(%r, %r)' % (self.__class__.__name__, self.left, self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Union(JSONPath):
+    """
+    JSONPath that returns the union of the results of each match.
+    This is pretty shoddily implemented for now. The nicest semantics
+    in case of mismatched bits (list vs atomic) is to put
+    them all in a list, but I haven't done that yet.
+
+    WARNING: Any appearance of this being the _concatenation_ is
+    coincidence. It may even be a bug! (or laziness)
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        return self.left.find(data) + self.right.find(data)
+
+    def __eq__(self, other):
+        return isinstance(other, Union) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+class Intersect(JSONPath):
+    """
+    JSONPath for bits that match *both* patterns.
+
+    This can be accomplished a couple of ways. The most
+    efficient is to actually build the intersected
+    AST as in building a state machine for matching the
+    intersection of regular languages. The next
+    idea is to build a filtered data and match against
+    that.
+    """
+    def __init__(self, left, right):
+        self.left = left
+        self.right = right
+
+    def is_singular(self):
+        return False
+
+    def find(self, data):
+        raise NotImplementedError()
+
+    def __eq__(self, other):
+        return isinstance(other, Intersect) and self.left == other.left and self.right == other.right
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
+class Fields(JSONPath):
+    """
+    JSONPath referring to some field of the current object.
+    Concrete syntax ix comma-separated field names.
+
+    WARNING: If '*' is any of the field names, then they will
+    all be returned.
+    """
+
+    def __init__(self, *fields):
+        self.fields = fields
+
+    @staticmethod
+    def get_field_datum(datum, field, create):
+        if field == auto_id_field:
+            return AutoIdForDatum(datum)
+        try:
+            field_value = datum.value.get(field, NOT_SET)
+            if field_value is NOT_SET:
+                if create:
+                    datum.value[field] = field_value = {}
+                else:
+                    return None
+            return DatumInContext(field_value, path=Fields(field), context=datum)
+        except (TypeError, AttributeError):
+            return None
+
+    def reified_fields(self, datum):
+        if '*' not in self.fields:
+            return self.fields
+        else:
+            try:
+                fields = tuple(datum.value.keys())
+                return fields if auto_id_field is None else fields + (auto_id_field,)
+            except AttributeError:
+                return ()
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        field_data = [self.get_field_datum(datum, field, create)
+                      for field in self.reified_fields(datum)]
+        return [fd for fd in field_data if fd is not None]
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field not in data and create:
+                    data[field] = {}
+                if field in data:
+                    if hasattr(val, '__call__'):
+                        data[field] = val(data[field], data, field)
+                    else:
+                        data[field] = val
+        return data
+
+    def filter(self, fn, data):
+        if data is not None:
+            for field in self.reified_fields(DatumInContext.wrap(data)):
+                if field in data:
+                    if fn(data[field]):
+                        data.pop(field)
+        return data
+
+    def __str__(self):
+        # If any JsonPathLexer.literals are included in field name need quotes
+        # This avoids unnecessary quotes to keep strings short.
+        # Test each field whether it contains a literal and only then add quotes
+        # The test loops over all literals, could possibly optimize to short circuit if one found
+        fields_as_str = ("'" + str(f) + "'" if any([l in f for l in JsonPathLexer.literals]) else
+                         str(f) for f in self.fields)
+        return ','.join(fields_as_str)
+
+
+    def __repr__(self):
+        return '%s(%s)' % (self.__class__.__name__, ','.join(map(repr, self.fields)))
+
+    def __eq__(self, other):
+        return isinstance(other, Fields) and tuple(self.fields) == tuple(other.fields)
+
+    def __hash__(self):
+        return hash(tuple(self.fields))
+
+
+class Index(JSONPath):
+    """
+    JSONPath that matches indices of the current datum, or none if not large enough.
+    Concrete syntax is brackets.
+
+    WARNING: If the datum is None or not long enough, it will not crash but will not match anything.
+    NOTE: For the concrete syntax of `[*]`, the abstract syntax is a Slice() with no parameters (equiv to `[:]`
+    """
+
+    def __init__(self, index):
+        self.index = index
+
+    def find(self, datum):
+        return self._find_base(datum, create=False)
+
+    def find_or_create(self, datum):
+        return self._find_base(datum, create=True)
+
+    def _find_base(self, datum, create):
+        datum = DatumInContext.wrap(datum)
+        if create:
+            if datum.value == {}:
+                datum.value = _create_list_key(datum.value)
+            self._pad_value(datum.value)
+        if datum.value and len(datum.value) > self.index:
+            return [DatumInContext(datum.value[self.index], path=self, context=datum)]
+        else:
+            return []
+
+    def update(self, data, val):
+        return self._update_base(data, val, create=False)
+
+    def update_or_create(self, data, val):
+        return self._update_base(data, val, create=True)
+
+    def _update_base(self, data, val, create):
+        if create:
+            if data == {}:
+                data = _create_list_key(data)
+            self._pad_value(data)
+        if hasattr(val, '__call__'):
+            data[self.index] = val.__call__(data[self.index], data, self.index)
+        elif len(data) > self.index:
+            data[self.index] = val
+        return data
+
+    def filter(self, fn, data):
+        if fn(data[self.index]):
+            data.pop(self.index)  # relies on mutation :(
+        return data
+
+    def __eq__(self, other):
+        return isinstance(other, Index) and self.index == other.index
+
+    def __str__(self):
+        return '[%i]' % self.index
+
+    def __repr__(self):
+        return '%s(index=%r)' % (self.__class__.__name__, self.index)
+
+    def _pad_value(self, value):
+        if len(value) <= self.index:
+            pad = self.index - len(value) + 1
+            value += [{} for __ in range(pad)]
+
+    def __hash__(self):
+        return hash(self.index)
+
+
+class Slice(JSONPath):
+    """
+    JSONPath matching a slice of an array.
+
+    Because of a mismatch between JSON and XML when schema-unaware,
+    this always returns an iterable; if the incoming data
+    was not a list, then it returns a one element list _containing_ that
+    data.
+
+    Consider these two docs, and their schema-unaware translation to JSON:
+
+    <a><b>hello</b></a> ==> {"a": {"b": "hello"}}
+    <a><b>hello</b><b>goodbye</b></a> ==> {"a": {"b": ["hello", "goodbye"]}}
+
+    If there were a schema, it would be known that "b" should always be an
+    array (unless the schema were wonky, but that is too much to fix here)
+    so when querying with JSON if the one writing the JSON knows that it
+    should be an array, they can write a slice operator and it will coerce
+    a non-array value to an array.
+
+    This may be a bit unfortunate because it would be nice to always have
+    an iterator, but dictionaries and other objects may also be iterable,
+    so this is the compromise.
+    """
+    def __init__(self, start=None, end=None, step=None):
+        self.start = start
+        self.end = end
+        self.step = step
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+
+        # Used for catching null value instead of empty list in path
+        if not datum.value:
+            return []
+        # Here's the hack. If it is a dictionary or some kind of constant,
+        # put it in a single-element list
+        if (isinstance(datum.value, dict) or isinstance(datum.value, int) or isinstance(datum.value, str)):
+            return self.find(DatumInContext([datum.value], path=datum.path, context=datum.context))
+
+        # Some iterators do not support slicing but we can still
+        # at least work for '*'
+        if self.start is None and self.end is None and self.step is None:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))]
+        else:
+            return [DatumInContext(datum.value[i], path=Index(i), context=datum) for i in range(0, len(datum.value))[self.start:self.end:self.step]]
+
+    def update(self, data, val):
+        for datum in self.find(data):
+            datum.path.update(data, val)
+        return data
+
+    def filter(self, fn, data):
+        while True:
+            length = len(data)
+            for datum in self.find(data):
+                data = datum.path.filter(fn, data)
+                if len(data) < length:
+                    break
+
+            if length == len(data):
+                break
+        return data
+
+    def __str__(self):
+        if self.start is None and self.end is None and self.step is None:
+            return '[*]'
+        else:
+            return '[%s%s%s]' % (self.start or '',
+                                   ':%d'%self.end if self.end else '',
+                                   ':%d'%self.step if self.step else '')
+
+    def __repr__(self):
+        return '%s(start=%r,end=%r,step=%r)' % (self.__class__.__name__, self.start, self.end, self.step)
+
+    def __eq__(self, other):
+        return isinstance(other, Slice) and other.start == self.start and self.end == other.end and other.step == self.step
+
+    def __hash__(self):
+        return hash((self.start, self.end, self.step))
+
+
+def _create_list_key(dict_):
+    """
+    Adds a list to a dictionary by reference and returns the list.
+
+    See `_clean_list_keys()`
+    """
+    dict_[LIST_KEY] = new_list = [{}]
+    return new_list
+
+
+def _clean_list_keys(struct_):
+    """
+    Replace {LIST_KEY: ['foo', 'bar']} with ['foo', 'bar'].
+
+    >>> _clean_list_keys({LIST_KEY: ['foo', 'bar']})
+    ['foo', 'bar']
+
+    """
+    if(isinstance(struct_, list)):
+        for ind, value in enumerate(struct_):
+            struct_[ind] = _clean_list_keys(value)
+    elif(isinstance(struct_, dict)):
+        if(LIST_KEY in struct_):
+            return _clean_list_keys(struct_[LIST_KEY])
+        else:
+            for key, value in struct_.items():
+                struct_[key] = _clean_list_keys(value)
+    return struct_
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
new file mode 100644
index 000000000..b2ad5ee6d
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
@@ -0,0 +1,171 @@
+import sys
+import logging
+
+import ply.lex
+
+from jsonpath_ng.exceptions import JsonPathLexerError
+
+logger = logging.getLogger(__name__)
+
+
+class JsonPathLexer:
+    '''
+    A Lexical analyzer for JsonPath.
+    '''
+
+    def __init__(self, debug=False):
+        self.debug = debug
+        if self.__doc__ is None:
+            raise JsonPathLexerError('Docstrings have been removed! By design of PLY, jsonpath-rw requires docstrings. You must not use PYTHONOPTIMIZE=2 or python -OO.')
+
+    def tokenize(self, string):
+        '''
+        Maps a string to an iterator over tokens. In other words: [char] -> [token]
+        '''
+
+        new_lexer = ply.lex.lex(module=self, debug=self.debug, errorlog=logger)
+        new_lexer.latest_newline = 0
+        new_lexer.string_value = None
+        new_lexer.input(string)
+
+        while True:
+            t = new_lexer.token()
+            if t is None:
+                break
+            t.col = t.lexpos - new_lexer.latest_newline
+            yield t
+
+        if new_lexer.string_value is not None:
+            raise JsonPathLexerError('Unexpected EOF in string literal or identifier')
+
+    # ============== PLY Lexer specification ==================
+    #
+    # This probably should be private but:
+    #   - the parser requires access to `tokens` (perhaps they should be defined in a third, shared dependency)
+    #   - things like `literals` might be a legitimate part of the public interface.
+    #
+    # Anyhow, it is pythonic to give some rope to hang oneself with :-)
+
+    literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
+
+    reserved_words = { 'where': 'WHERE' }
+
+    tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
+
+    states = [ ('singlequote', 'exclusive'),
+               ('doublequote', 'exclusive'),
+               ('backquote', 'exclusive') ]
+
+    # Normal lexing, rather easy
+    t_DOUBLEDOT = r'\.\.'
+    t_ignore = ' \t'
+
+    def t_ID(self, t):
+        r'[a-zA-Z_@][a-zA-Z0-9_@\-]*'
+        t.type = self.reserved_words.get(t.value, 'ID')
+        return t
+
+    def t_NUMBER(self, t):
+        r'-?\d+'
+        t.value = int(t.value)
+        return t
+
+
+    # Single-quoted strings
+    t_singlequote_ignore = ''
+    def t_singlequote(self, t):
+        r"'"
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('singlequote')
+
+    def t_singlequote_content(self, t):
+        r"[^'\\]+"
+        t.lexer.string_value += t.value
+
+    def t_singlequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_singlequote_end(self, t):
+        r"'"
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_singlequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing singlequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Double-quoted strings
+    t_doublequote_ignore = ''
+    def t_doublequote(self, t):
+        r'"'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('doublequote')
+
+    def t_doublequote_content(self, t):
+        r'[^"\\]+'
+        t.lexer.string_value += t.value
+
+    def t_doublequote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_doublequote_end(self, t):
+        r'"'
+        t.value = t.lexer.string_value
+        t.type = 'ID'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_doublequote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing doublequoted field: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Back-quoted "magic" operators
+    t_backquote_ignore = ''
+    def t_backquote(self, t):
+        r'`'
+        t.lexer.string_start = t.lexer.lexpos
+        t.lexer.string_value = ''
+        t.lexer.push_state('backquote')
+
+    def t_backquote_escape(self, t):
+        r'\\.'
+        t.lexer.string_value += t.value[1]
+
+    def t_backquote_content(self, t):
+        r"[^`\\]+"
+        t.lexer.string_value += t.value
+
+    def t_backquote_end(self, t):
+        r'`'
+        t.value = t.lexer.string_value
+        t.type = 'NAMED_OPERATOR'
+        t.lexer.string_value = None
+        t.lexer.pop_state()
+        return t
+
+    def t_backquote_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s while lexing backquoted operator: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+
+    # Counting lines, handling errors
+    def t_newline(self, t):
+        r'\n'
+        t.lexer.lineno += 1
+        t.lexer.latest_newline = t.lexpos
+
+    def t_error(self, t):
+        raise JsonPathLexerError('Error on line %s, col %s: Unexpected character: %s ' % (t.lexer.lineno, t.lexpos - t.lexer.latest_newline, t.value[0]))
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    lexer = JsonPathLexer(debug=True)
+    for token in lexer.tokenize(sys.stdin.read()):
+        print('%-20s%s' % (token.value, token.type))
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
new file mode 100644
index 000000000..87e353ebf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
@@ -0,0 +1,199 @@
+import logging
+import sys
+import os.path
+
+import ply.yacc
+
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.jsonpath import *
+from jsonpath_ng.lexer import JsonPathLexer
+
+logger = logging.getLogger(__name__)
+
+
+def parse(string):
+    return JsonPathParser().parse(string)
+
+
+class JsonPathParser:
+    '''
+    An LALR-parser for JsonPath
+    '''
+
+    tokens = JsonPathLexer.tokens
+
+    def __init__(self, debug=False, lexer_class=None):
+        if self.__doc__ is None:
+            raise JsonPathParserError(
+                'Docstrings have been removed! By design of PLY, '
+                'jsonpath-rw requires docstrings. You must not use '
+                'PYTHONOPTIMIZE=2 or python -OO.'
+            )
+
+        self.debug = debug
+        self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+
+        # Since PLY has some crufty aspects and dumps files, we try to keep them local
+        # However, we need to derive the name of the output Python file :-/
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+
+        # And we regenerate the parse table every time;
+        # it doesn't actually take that long!
+        new_parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule = parsing_table_module,
+                                   outputdir = output_directory,
+                                   write_tables=0,
+                                   start = start_symbol,
+                                   errorlog = logger)
+
+        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+    # ===================== PLY Parser specification =====================
+
+    precedence = [
+        ('left', ','),
+        ('left', 'DOUBLEDOT'),
+        ('left', '.'),
+        ('left', '|'),
+        ('left', '&'),
+        ('left', 'WHERE'),
+    ]
+
+    def p_error(self, t):
+        if t is None:
+            raise JsonPathParserError('Parse error near the end of string!')
+        raise JsonPathParserError('Parse error at %s:%s near token %s (%s)'
+                                  % (t.lineno, t.col, t.value, t.type))
+
+    def p_jsonpath_binop(self, p):
+        """jsonpath : jsonpath '.' jsonpath
+                    | jsonpath DOUBLEDOT jsonpath
+                    | jsonpath WHERE jsonpath
+                    | jsonpath '|' jsonpath
+                    | jsonpath '&' jsonpath"""
+        op = p[2]
+
+        if op == '.':
+            p[0] = Child(p[1], p[3])
+        elif op == '..':
+            p[0] = Descendants(p[1], p[3])
+        elif op == 'where':
+            p[0] = Where(p[1], p[3])
+        elif op == '|':
+            p[0] = Union(p[1], p[3])
+        elif op == '&':
+            p[0] = Intersect(p[1], p[3])
+
+    def p_jsonpath_fields(self, p):
+        "jsonpath : fields_or_any"
+        p[0] = Fields(*p[1])
+
+    def p_jsonpath_named_operator(self, p):
+        "jsonpath : NAMED_OPERATOR"
+        if p[1] == 'this':
+            p[0] = This()
+        elif p[1] == 'parent':
+            p[0] = Parent()
+        else:
+            raise JsonPathParserError('Unknown named operator `%s` at %s:%s'
+                                      % (p[1], p.lineno(1), p.lexpos(1)))
+
+    def p_jsonpath_root(self, p):
+        "jsonpath : '$'"
+        p[0] = Root()
+
+    def p_jsonpath_idx(self, p):
+        "jsonpath : '[' idx ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_slice(self, p):
+        "jsonpath : '[' slice ']'"
+        p[0] = p[2]
+
+    def p_jsonpath_fieldbrackets(self, p):
+        "jsonpath : '[' fields ']'"
+        p[0] = Fields(*p[2])
+
+    def p_jsonpath_child_fieldbrackets(self, p):
+        "jsonpath : jsonpath '[' fields ']'"
+        p[0] = Child(p[1], Fields(*p[3]))
+
+    def p_jsonpath_child_idxbrackets(self, p):
+        "jsonpath : jsonpath '[' idx ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_child_slicebrackets(self, p):
+        "jsonpath : jsonpath '[' slice ']'"
+        p[0] = Child(p[1], p[3])
+
+    def p_jsonpath_parens(self, p):
+        "jsonpath : '(' jsonpath ')'"
+        p[0] = p[2]
+
+    # Because fields in brackets cannot be '*' - that is reserved for array indices
+    def p_fields_or_any(self, p):
+        """fields_or_any : fields
+                         | '*'    """
+        if p[1] == '*':
+            p[0] = ['*']
+        else:
+            p[0] = p[1]
+
+    def p_fields_id(self, p):
+        "fields : ID"
+        p[0] = [p[1]]
+
+    def p_fields_comma(self, p):
+        "fields : fields ',' fields"
+        p[0] = p[1] + p[3]
+
+    def p_idx(self, p):
+        "idx : NUMBER"
+        p[0] = Index(p[1])
+
+    def p_slice_any(self, p):
+        "slice : '*'"
+        p[0] = Slice()
+
+    def p_slice(self, p): # Currently does not support `step`
+        """slice : maybe_int ':' maybe_int
+                 | maybe_int ':' maybe_int ':' maybe_int """
+        p[0] = Slice(*p[1::2])
+
+    def p_maybe_int(self, p):
+        """maybe_int : NUMBER
+                     | empty"""
+        p[0] = p[1]
+
+    def p_empty(self, p):
+        'empty :'
+        p[0] = None
+
+class IteratorToTokenStream:
+    def __init__(self, iterator):
+        self.iterator = iterator
+
+    def token(self):
+        try:
+            return next(self.iterator)
+        except StopIteration:
+            return None
+
+
+if __name__ == '__main__':
+    logging.basicConfig()
+    parser = JsonPathParser(debug=True)
+    print(parser.parse(sys.stdin.read()))
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
new file mode 100644
index 000000000..1b35509bd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
@@ -0,0 +1,332 @@
+import functools
+import string
+import sys
+import typing as t
+
+if t.TYPE_CHECKING:
+    import typing_extensions as te
+
+    class HasHTML(te.Protocol):
+        def __html__(self) -> str:
+            pass
+
+    _P = te.ParamSpec("_P")
+
+
+__version__ = "2.1.5"
+
+
+def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
+    @functools.wraps(func)
+    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
+        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
+        _escape_argspec(kwargs, kwargs.items(), self.escape)
+        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+
+    return wrapped  # type: ignore[return-value]
+
+
+class Markup(str):
+    """A string that is ready to be safely inserted into an HTML or XML
+    document, either because it was escaped or because it was marked
+    safe.
+
+    Passing an object to the constructor converts it to text and wraps
+    it to mark it safe without escaping. To escape the text, use the
+    :meth:`escape` class method instead.
+
+    >>> Markup("Hello, <em>World</em>!")
+    Markup('Hello, <em>World</em>!')
+    >>> Markup(42)
+    Markup('42')
+    >>> Markup.escape("Hello, <em>World</em>!")
+    Markup('Hello &lt;em&gt;World&lt;/em&gt;!')
+
+    This implements the ``__html__()`` interface that some frameworks
+    use. Passing an object that implements ``__html__()`` will wrap the
+    output of that method, marking it safe.
+
+    >>> class Foo:
+    ...     def __html__(self):
+    ...         return '<a href="/foo">foo</a>'
+    ...
+    >>> Markup(Foo())
+    Markup('<a href="/foo">foo</a>')
+
+    This is a subclass of :class:`str`. It has the same methods, but
+    escapes their arguments and returns a ``Markup`` instance.
+
+    >>> Markup("<em>%s</em>") % ("foo & bar",)
+    Markup('<em>foo &amp; bar</em>')
+    >>> Markup("<em>Hello</em> ") + "<foo>"
+    Markup('<em>Hello</em> &lt;foo&gt;')
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
+    ) -> "te.Self":
+        if hasattr(base, "__html__"):
+            base = base.__html__()
+
+        if encoding is None:
+            return super().__new__(cls, base)
+
+        return super().__new__(cls, base, encoding, errors)
+
+    def __html__(self) -> "te.Self":
+        return self
+
+    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.__class__(super().__add__(self.escape(other)))
+
+        return NotImplemented
+
+    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
+        if isinstance(other, str) or hasattr(other, "__html__"):
+            return self.escape(other).__add__(self)
+
+        return NotImplemented
+
+    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
+        if isinstance(num, int):
+            return self.__class__(super().__mul__(num))
+
+        return NotImplemented
+
+    __rmul__ = __mul__
+
+    def __mod__(self, arg: t.Any) -> "te.Self":
+        if isinstance(arg, tuple):
+            # a tuple of arguments, each wrapped
+            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
+        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            # a mapping of arguments, wrapped
+            arg = _MarkupEscapeHelper(arg, self.escape)
+        else:
+            # a single argument, wrapped with the helper and a tuple
+            arg = (_MarkupEscapeHelper(arg, self.escape),)
+
+        return self.__class__(super().__mod__(arg))
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({super().__repr__()})"
+
+    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
+        return self.__class__(super().join(map(self.escape, seq)))
+
+    join.__doc__ = str.join.__doc__
+
+    def split(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().split(sep, maxsplit)]
+
+    split.__doc__ = str.split.__doc__
+
+    def rsplit(  # type: ignore[override]
+        self, sep: t.Optional[str] = None, maxsplit: int = -1
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
+
+    rsplit.__doc__ = str.rsplit.__doc__
+
+    def splitlines(  # type: ignore[override]
+        self, keepends: bool = False
+    ) -> t.List["te.Self"]:
+        return [self.__class__(v) for v in super().splitlines(keepends)]
+
+    splitlines.__doc__ = str.splitlines.__doc__
+
+    def unescape(self) -> str:
+        """Convert escaped markup back into a text string. This replaces
+        HTML entities with the characters they represent.
+
+        >>> Markup("Main &raquo; <em>About</em>").unescape()
+        'Main » <em>About</em>'
+        """
+        from html import unescape
+
+        return unescape(str(self))
+
+    def striptags(self) -> str:
+        """:meth:`unescape` the markup, remove tags, and normalize
+        whitespace to single spaces.
+
+        >>> Markup("Main &raquo;\t<em>About</em>").striptags()
+        'Main » About'
+        """
+        value = str(self)
+
+        # Look for comments then tags separately. Otherwise, a comment that
+        # contains a tag would end early, leaving some of the comment behind.
+
+        while True:
+            # keep finding comment start marks
+            start = value.find("<!--")
+
+            if start == -1:
+                break
+
+            # find a comment end mark beyond the start, otherwise stop
+            end = value.find("-->", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 3:]}"
+
+        # remove tags using the same method
+        while True:
+            start = value.find("<")
+
+            if start == -1:
+                break
+
+            end = value.find(">", start)
+
+            if end == -1:
+                break
+
+            value = f"{value[:start]}{value[end + 1:]}"
+
+        # collapse spaces
+        value = " ".join(value.split())
+        return self.__class__(value).unescape()
+
+    @classmethod
+    def escape(cls, s: t.Any) -> "te.Self":
+        """Escape a string. Calls :func:`escape` and ensures that for
+        subclasses the correct type is returned.
+        """
+        rv = escape(s)
+
+        if rv.__class__ is not cls:
+            return cls(rv)
+
+        return rv  # type: ignore[return-value]
+
+    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
+    capitalize = _simple_escaping_wrapper(str.capitalize)
+    title = _simple_escaping_wrapper(str.title)
+    lower = _simple_escaping_wrapper(str.lower)
+    upper = _simple_escaping_wrapper(str.upper)
+    replace = _simple_escaping_wrapper(str.replace)
+    ljust = _simple_escaping_wrapper(str.ljust)
+    rjust = _simple_escaping_wrapper(str.rjust)
+    lstrip = _simple_escaping_wrapper(str.lstrip)
+    rstrip = _simple_escaping_wrapper(str.rstrip)
+    center = _simple_escaping_wrapper(str.center)
+    strip = _simple_escaping_wrapper(str.strip)
+    translate = _simple_escaping_wrapper(str.translate)
+    expandtabs = _simple_escaping_wrapper(str.expandtabs)
+    swapcase = _simple_escaping_wrapper(str.swapcase)
+    zfill = _simple_escaping_wrapper(str.zfill)
+    casefold = _simple_escaping_wrapper(str.casefold)
+
+    if sys.version_info >= (3, 9):
+        removeprefix = _simple_escaping_wrapper(str.removeprefix)
+        removesuffix = _simple_escaping_wrapper(str.removesuffix)
+
+    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().partition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
+        l, s, r = super().rpartition(self.escape(sep))
+        cls = self.__class__
+        return cls(l), cls(s), cls(r)
+
+    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, args, kwargs))
+
+    def format_map(  # type: ignore[override]
+        self, map: t.Mapping[str, t.Any]
+    ) -> "te.Self":
+        formatter = EscapeFormatter(self.escape)
+        return self.__class__(formatter.vformat(self, (), map))
+
+    def __html_format__(self, format_spec: str) -> "te.Self":
+        if format_spec:
+            raise ValueError("Unsupported format specification for Markup.")
+
+        return self
+
+
+class EscapeFormatter(string.Formatter):
+    __slots__ = ("escape",)
+
+    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.escape = escape
+        super().__init__()
+
+    def format_field(self, value: t.Any, format_spec: str) -> str:
+        if hasattr(value, "__html_format__"):
+            rv = value.__html_format__(format_spec)
+        elif hasattr(value, "__html__"):
+            if format_spec:
+                raise ValueError(
+                    f"Format specifier {format_spec} given, but {type(value)} does not"
+                    " define __html_format__. A class that defines __html__ must define"
+                    " __html_format__ to work with format specifiers."
+                )
+            rv = value.__html__()
+        else:
+            # We need to make sure the format spec is str here as
+            # otherwise the wrong callback methods are invoked.
+            rv = string.Formatter.format_field(self, value, str(format_spec))
+        return str(self.escape(rv))
+
+
+_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
+
+
+def _escape_argspec(
+    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
+) -> _ListOrDict:
+    """Helper for various string-wrapped functions."""
+    for key, value in iterable:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            obj[key] = escape(value)
+
+    return obj
+
+
+class _MarkupEscapeHelper:
+    """Helper for :meth:`Markup.__mod__`."""
+
+    __slots__ = ("obj", "escape")
+
+    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
+        self.obj = obj
+        self.escape = escape
+
+    def __getitem__(self, item: t.Any) -> "te.Self":
+        return self.__class__(self.obj[item], self.escape)
+
+    def __str__(self) -> str:
+        return str(self.escape(self.obj))
+
+    def __repr__(self) -> str:
+        return str(self.escape(repr(self.obj)))
+
+    def __int__(self) -> int:
+        return int(self.obj)
+
+    def __float__(self) -> float:
+        return float(self.obj)
+
+
+# circular import
+try:
+    from ._speedups import escape as escape
+    from ._speedups import escape_silent as escape_silent
+    from ._speedups import soft_str as soft_str
+except ImportError:
+    from ._native import escape as escape
+    from ._native import escape_silent as escape_silent  # noqa: F401
+    from ._native import soft_str as soft_str  # noqa: F401
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
new file mode 100644
index 000000000..2fcdb4549
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
@@ -0,0 +1,63 @@
+import typing as t
+
+from . import Markup
+
+
+def escape(s: t.Any) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(
+        str(s)
+        .replace("&", "&amp;")
+        .replace(">", "&gt;")
+        .replace("<", "&lt;")
+        .replace("'", "&#39;")
+        .replace('"', "&#34;")
+    )
+
+
+def escape_silent(s: t.Optional[t.Any]) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
+
+    return escape(s)
+
+
+def soft_str(s: t.Any) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
+
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
+
+    return s
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
new file mode 100644
index 000000000..a3922347a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
@@ -0,0 +1,320 @@
+#include <Python.h>
+
+static PyObject* markup;
+
+static int
+init_constants(void)
+{
+	PyObject *module;
+
+	/* import markup type so that we can mark the return value */
+	module = PyImport_ImportModule("markupsafe");
+	if (!module)
+		return 0;
+	markup = PyObject_GetAttrString(module, "Markup");
+	Py_DECREF(module);
+
+	return 1;
+}
+
+#define GET_DELTA(inp, inp_end, delta) \
+	while (inp < inp_end) { \
+		switch (*inp++) { \
+		case '"': \
+		case '\'': \
+		case '&': \
+			delta += 4; \
+			break; \
+		case '<': \
+		case '>': \
+			delta += 3; \
+			break; \
+		} \
+	}
+
+#define DO_ESCAPE(inp, inp_end, outp) \
+	{ \
+		Py_ssize_t ncopy = 0; \
+		while (inp < inp_end) { \
+			switch (*inp) { \
+			case '"': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '4'; \
+				*outp++ = ';'; \
+				break; \
+			case '\'': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = '#'; \
+				*outp++ = '3'; \
+				*outp++ = '9'; \
+				*outp++ = ';'; \
+				break; \
+			case '&': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'a'; \
+				*outp++ = 'm'; \
+				*outp++ = 'p'; \
+				*outp++ = ';'; \
+				break; \
+			case '<': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'l'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			case '>': \
+				memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+				outp += ncopy; ncopy = 0; \
+				*outp++ = '&'; \
+				*outp++ = 'g'; \
+				*outp++ = 't'; \
+				*outp++ = ';'; \
+				break; \
+			default: \
+				ncopy++; \
+			} \
+			inp++; \
+		} \
+		memcpy(outp, inp-ncopy, sizeof(*outp)*ncopy); \
+	}
+
+static PyObject*
+escape_unicode_kind1(PyUnicodeObject *in)
+{
+	Py_UCS1 *inp = PyUnicode_1BYTE_DATA(in);
+	Py_UCS1 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS1 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta,
+						PyUnicode_IS_ASCII(in) ? 127 : 255);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_1BYTE_DATA(in);
+	outp = PyUnicode_1BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode_kind2(PyUnicodeObject *in)
+{
+	Py_UCS2 *inp = PyUnicode_2BYTE_DATA(in);
+	Py_UCS2 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS2 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 65535);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_2BYTE_DATA(in);
+	outp = PyUnicode_2BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+
+static PyObject*
+escape_unicode_kind4(PyUnicodeObject *in)
+{
+	Py_UCS4 *inp = PyUnicode_4BYTE_DATA(in);
+	Py_UCS4 *inp_end = inp + PyUnicode_GET_LENGTH(in);
+	Py_UCS4 *outp;
+	PyObject *out;
+	Py_ssize_t delta = 0;
+
+	GET_DELTA(inp, inp_end, delta);
+	if (!delta) {
+		Py_INCREF(in);
+		return (PyObject*)in;
+	}
+
+	out = PyUnicode_New(PyUnicode_GET_LENGTH(in) + delta, 1114111);
+	if (!out)
+		return NULL;
+
+	inp = PyUnicode_4BYTE_DATA(in);
+	outp = PyUnicode_4BYTE_DATA(out);
+	DO_ESCAPE(inp, inp_end, outp);
+	return out;
+}
+
+static PyObject*
+escape_unicode(PyUnicodeObject *in)
+{
+	if (PyUnicode_READY(in))
+		return NULL;
+
+	switch (PyUnicode_KIND(in)) {
+	case PyUnicode_1BYTE_KIND:
+		return escape_unicode_kind1(in);
+	case PyUnicode_2BYTE_KIND:
+		return escape_unicode_kind2(in);
+	case PyUnicode_4BYTE_KIND:
+		return escape_unicode_kind4(in);
+	}
+	assert(0);  /* shouldn't happen */
+	return NULL;
+}
+
+static PyObject*
+escape(PyObject *self, PyObject *text)
+{
+	static PyObject *id_html;
+	PyObject *s = NULL, *rv = NULL, *html;
+
+	if (id_html == NULL) {
+		id_html = PyUnicode_InternFromString("__html__");
+		if (id_html == NULL) {
+			return NULL;
+		}
+	}
+
+	/* we don't have to escape integers, bools or floats */
+	if (PyLong_CheckExact(text) ||
+		PyFloat_CheckExact(text) || PyBool_Check(text) ||
+		text == Py_None)
+		return PyObject_CallFunctionObjArgs(markup, text, NULL);
+
+	/* if the object has an __html__ method that performs the escaping */
+	html = PyObject_GetAttr(text ,id_html);
+	if (html) {
+		s = PyObject_CallObject(html, NULL);
+		Py_DECREF(html);
+		if (s == NULL) {
+			return NULL;
+		}
+		/* Convert to Markup object */
+		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+		Py_DECREF(s);
+		return rv;
+	}
+
+	/* otherwise make the object unicode if it isn't, then escape */
+	PyErr_Clear();
+	if (!PyUnicode_Check(text)) {
+		PyObject *unicode = PyObject_Str(text);
+		if (!unicode)
+			return NULL;
+		s = escape_unicode((PyUnicodeObject*)unicode);
+		Py_DECREF(unicode);
+	}
+	else
+		s = escape_unicode((PyUnicodeObject*)text);
+
+	/* convert the unicode string into a markup object. */
+	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
+	Py_DECREF(s);
+	return rv;
+}
+
+
+static PyObject*
+escape_silent(PyObject *self, PyObject *text)
+{
+	if (text != Py_None)
+		return escape(self, text);
+	return PyObject_CallFunctionObjArgs(markup, NULL);
+}
+
+
+static PyObject*
+soft_str(PyObject *self, PyObject *s)
+{
+	if (!PyUnicode_Check(s))
+		return PyObject_Str(s);
+	Py_INCREF(s);
+	return s;
+}
+
+
+static PyMethodDef module_methods[] = {
+	{
+		"escape",
+		(PyCFunction)escape,
+		METH_O,
+		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
+		" the string with HTML-safe sequences. Use this if you need to display"
+		" text that might contain such characters in HTML.\n\n"
+		"If the object has an ``__html__`` method, it is called and the"
+		" return value is assumed to already be safe for HTML.\n\n"
+		":param s: An object to be converted to a string and escaped.\n"
+		":return: A :class:`Markup` string with the escaped text.\n"
+	},
+	{
+		"escape_silent",
+		(PyCFunction)escape_silent,
+		METH_O,
+		"Like :func:`escape` but treats ``None`` as the empty string."
+		" Useful with optional values, as otherwise you get the string"
+		" ``'None'`` when the value is ``None``.\n\n"
+		">>> escape(None)\n"
+		"Markup('None')\n"
+		">>> escape_silent(None)\n"
+		"Markup('')\n"
+	},
+	{
+		"soft_str",
+		(PyCFunction)soft_str,
+		METH_O,
+		"Convert an object to a string if it isn't already. This preserves"
+		" a :class:`Markup` string rather than converting it back to a basic"
+		" string, so it will still be marked as safe and won't be escaped"
+		" again.\n\n"
+		">>> value = escape(\"<User 1>\")\n"
+		">>> value\n"
+		"Markup('&lt;User 1&gt;')\n"
+		">>> escape(str(value))\n"
+		"Markup('&amp;lt;User 1&amp;gt;')\n"
+		">>> escape(soft_str(value))\n"
+		"Markup('&lt;User 1&gt;')\n"
+	},
+	{NULL, NULL, 0, NULL}  /* Sentinel */
+};
+
+static struct PyModuleDef module_definition = {
+	PyModuleDef_HEAD_INIT,
+	"markupsafe._speedups",
+	NULL,
+	-1,
+	module_methods,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+PyMODINIT_FUNC
+PyInit__speedups(void)
+{
+	if (!init_constants())
+		return NULL;
+
+	return PyModule_Create(&module_definition);
+}
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.cp311-win_amd64.pyd.gz b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.cp311-win_amd64.pyd.gz
new file mode 100644
index 0000000000000000000000000000000000000000..7dcb0ff4cffccbf3c1961fc8a5295abd00e967f3
GIT binary patch
literal 7240
zcmV-O9Jk{iiwFP!00002|Ll7WbX(Px?ssKLmgOjNf|Z#3aTDa&c@S5z3^?&mY;1?)
zqJT*pNCSx^OV_rF{zke=Vul$^6_+@7sgrgAFK^n;1j<@u2HtBrLm^4qd2*D-&JQI7
zTJqB=X@|Bl&g+;?8yqOyx6V0Nw&jEw-kN#u&8*?BW$knJ*?XUT_TG2zbMC!fzhy59
z0O$dzDsTw=YQn#Kl?cG>n~u!JOGU3PJtVkZUE0|jh>Ou!q$lPLi9T;Q9FfH?NsJ}J
zVjwKG-n&r@Mf_5g#bUN=GPay_>|XN1wu`yH`ER^>anTFgE*8J(zChuoH#jVQ^T7)?
z2De<8$Kciri(lAw(SD1Y!6h%aFRo<$`!C$Y;5H3DbCJV`Sbsyn*GuR5q&0Q40sb!=
z;Vk`ul*5f<nOLlwU5*6+mTPoNr~z2BUx3!u0Y;4{2eDT(E*tg;Ii?)Aw$GbQjesA(
za~ebxn4r)DoY75FxF2v)9q#}Z{WHEgcstM}OhY(;ox&&6SIN>&89>>MnnDYv){(nJ
zz*80Tdu1=+FXb{Z55SUqx+b8hij$$XkQ$HM3N_czrK_Txkgd_9&3XHE<i+AKA2gdp
zHF;~UM<)d%K5ipwD@Ip;4c(piPkNEThwNpW9%z1mBrl7tO1t<y>O`VkZB6}gS@V@4
zQMNW;8ER7AXtuV#MG9UY(-Y-B;!^G_X>+FAQ@73~bw9QyzbydW)|*-Z>&s@M9!-ue
zlNTgM^|CEFD##_tQJZW?UezVc?a6e(n7%!k)|0v)$IdnnjT+Yvq^-Nc0?_>a>#jlB
zPMVWH7w%5Y(lrnLys$ZS-(#xn0TFO1<76P6xWT2!c0!bg>>VU|Ol)?$w`P>PL^3Gb
zn+}Nb>;p|i`KNYk>-(hOeX8pY(yXi#4~TN{fu?qA>)Y)GKO57xE8B=uC3U~ICf@?p
zd3JJinRVCK0Z^qMp-O*&DqWqts*_Db9UlD_v&v6g$}qX*Eux&temoB#1#dgm;ezEo
zave!#^rL?|lj!_3q97+4dnk|M6;3f+u>5A{>apAN#=br|<_$&17UYdRHjS^wsUC09
zQ|Shx9;eIt(h5~o$t~|wdgUjS{$5J2$o8go<@o5Kk5!eZg@leyH{|Klr<*ov!BD9*
z=f%PSQMMeoHV)cp9DF`?>*rY<d@KOgSIi`NRQD-E;C1Hy;{tGZYL-C#FCL+FNVRn>
znRL39I$b2mW0h3R2XhYJ{D0)|HfNf7yjlQUgMPcGE#;|m4F>JK)>pXy&v5@+ckO2l
zL6)i3jVuP*)%57kLA9)>E+)6U#cX>jd!>{)qRp8eE?ABp47ccI)PW>3rqP4fWB6en
zLokowvFkBBS(<Y-Zl=^utj3t@8nVz7nU|7<5XD&eHDv3qkye8?XS%y}&}SmajF}{l
z>sSc=>SI-PDM5R$OYz%1>kHCEIn{p4I8lC*)s^yK+T5-jpWzxUtfu<Y^UJ3Tspb;r
ziO;8Q{Su2PhYnD5BzaVy%+i3$(tyg+fXdQ<n$RW8Bso+trYFfEo>R!c3G1$_0?=MC
z!t%)xRV{&Po4e@WK8fUFs%J9)DLj<)f)+|gc_>+T^|OXeuAL00asl{!s(t`GYfQQ5
zTXQE}1nQz50AnkzOS*FgX^;UEt=u%gT4vQzj%21}^c8%<Y`4u2aWfa;WMI~6I(PKC
zjDMJu&*<fhA<jr^^4J~MWz5X^=Vq+Q>0YAgUP_Y3^(-X+@?%xKC#BaU=Au!aGcC0(
z`{dNduBMGN5U(_g{X{vRn5)`0E&vA7vdNjIv=3&K7I7%6OI|9ZQD&z<b7_=aBFZU7
zF#2CUQq{@Ms~=439Gp;98t*0+>_jpA&$U#u3pC^wlays-0nKY)x{+30!?)-d&3z+m
zF?X9to#lxe0qd@X0zm34G1i&QJ6l;tV4cOatn)j@cZMjZRNK>3rZPbW(()$fS)z=n
zwudPy`8k0o=MqIkc}=ygqL_h;@)n|4R<316CdwPCZ7HL?MIg!qr97qD3Yj=&K?hx$
zJEPieV7L|&QBJ+ze?Z%)ChkyeW;Sq+F496JPV!J!r>HwL**7rRFO&germRc{lnJ6(
zo^8}rc}ulDT{ctcM=3_h<cYOJax8C5;fY$lxeVa`C5q*SGH(02*R8t()NYEw(MT;X
z+Z|-^QF|>_xQ3)G)i+YFT%OOoVrgVvNt6=hQG2cPB8@ADlHs926w41NnX=JD>TDP0
zQ!o6IdZEttL)JORI|o_k6ziPlDIn*l|Hb%e5|S%4M;)c8WL3`mKT>VGDP}-TbdGLU
zRaLd^n}0piSE;r?o1Zhib=Tdr;wvNBg&)nd`0Dx0;<}G=7I!pES=>H<%Hq|`;$|k4
z8i<-*=H_LKpQxV-n#=R})Ym0^tsZcmWnH3{56uH|x8G@^+-aJ&2s2Sm61Ds|m8R;5
za&+=W&AVSo$`YSX-SpjgxfRQeBxU;|({)6(h3087JZRWZ4`^|`b{=r#_XPk+S>Cvf
zQgDs#n5VUKvvqe{Z`#H8!*!PTYJfxu85%0-et$?+6GDazohTW7x_~Z&?u-V`%Bz#_
z3UVd=nV0-Pkj;k#maC3cX0m^31jY>6dyRBsnP#|l<qU<RRseLr^VAUQmI-|SZK6S0
zLW5FlzMqHhZ(YiJ&J)?+7=c|{j>skqz@BrvTkTCvuL#M8IW#?52YyJira`C!s0!J%
zfpW<AW?w4;vLEPy>{0_YfbD{f+2NE8$j+WclU`y)b}J_rNy_%ueEjQlJX=hKzPN@T
zmzt{8J*To~3xTFxYGQ4+%*36Ltc7f+F?UlTlTzkVjvt{6?aGgcQs7c7%WXij`nqcP
zVGY1+G^Wet2t}rm^QfJ$9K9`bn4S!?rwf6-G){7P)X}u(s$v+Zp$b2yC733XJmzp`
z)R93$um;FJsMjnbCL2Cj4d@bgWFrP3Yo_ZLihyMKFK8v(b1GY0NMo~U&uiK8Lg31|
zg%^|mAY}i@04SNUXSou0Q6=`CCdx4~xLI@!HkA!_l#oGUy8i*@pr&?ZT=~GIyf<(*
zVO?#@I)TRuo$1lv07%`bCMSd)ZA3BbE#=9?Jltw`u*H|Ewi`+T<=kMa-9hi#zX9Ep
z99Q0ISALY;|B<Rr4gJ^YLzaRZS5g%cw-2Nf)h^|@^DG^EPe-S@Vtr~Tdz@ue!+bum
zJUd6D+P-lEFrdnYq*{<@niN|#ZAN(oQ4D{716R2ywOJT^$nF>`&C#m1FWivRVa({f
zNJn{I-bs?jnwqz{w`FpEWAV(2V7oG*Tp-GO$q$5tA^UZ@^;U*y+WyhBAfV}c^v^z4
z)v5bkIqy87+9Is7pHgk%IrQe=%(^2-iu6e5Zsiv#ZqQ{nk>ust!}CGu`sc8cUU-<s
z;;So2%5tR|$o>_}!>#sOGHCdFCk=MmPNq#{&=7L63US=Ys=yu9oU(}w8tR<%R+v)_
z&}oMa#nt>y8#dUq)*%xW{BWAyJr>G2tQT~7c*XKf2UAlo=8ytWEd4noNm+t(fvn1^
z<+0ifwZr|?fK5a>uiBm{q5Ayo1OTT>GjOWY?qQ`uD&d}9O_F|lElA2`?<Gp7-Q!Y5
zs978?<v2w~X{XY8g1SdkZOcmlbvUW&9{mn=o_pJaIp39SBFbfY+Y!Z({Tx8PSN-hU
zEC1UqG&5!rGD%7$AgT2ws%<V)s;z_!wvDT{m#l!2CaY-MRKnV+^<}&d+HWf(srBPz
z=#ogBZDqvSHcp&F<gm&vfZRMp4m+o&BG%R+GH8&f3Tz|y{uwf8xaV^$%R07ZXdb3P
zRYH;t6>|V2jH+#iRm(Cg>z*bl%d0f&tL67wS?*3*esCKw`mvEZ-!OC=keP(Z%az$*
z(;AvI*|Wdm4V@;3j(yw6f@-Nm6n!~A#1PY%fz*x2rOxy?v3|$0`!*o)n`)l(4+>-N
zpXT)<8|S=**_ZXe*p1l-jes(eeUhW~)#<UqY|0266c{Vzah}LF2rT(O#pUH>J;q8x
zf-=p`#(1YN8=yt!@-+VJ14babVM^%Ky&0snMz)t}H|SNG%q|dRG<({>s=~bFheBcw
zOC3acl_<liZJU*@x6{5^aoIbxJ2yzvx6E>}=pH>viwvFj2_{4?At}r58t#eFAJANU
zl1n#aziZGOq^<M6YyHvZ47vTA^<_f~&G;w2N4;rn&FnTfX`<g=0A&BfFlm9(Y?OD3
zoF}r90T_FCPiC^Rb6Ncj6ZB-EoKN&5uL?W9nEj=mX;?XMF<~bu%P*Wj*2a~iTE9#C
z2EK}_>hzei+Zr+aayHd*MExi0V}|eWByq$E(C!i5%{YPMhLjT!n8n2hGlvbdn0x?j
z-%#dKh7PUY0(7r74E$786FZ5|a_Fb3N>a821qCM`U)|9LB;1FJb(E~REYaz@<*4<Q
z`$|djXc;MZ-TF$ik)&qzyHc}GlEG4Yd)@1DnezEruDYR^S-I0xFyyLB$4n%7v~uii
z=UFmvmfI=$h#h}ITjqnpn6WxNrek4Rmf<$qb3Xf80j-MzX}NgU#Y7=_!gi!Ow@J#`
z@!Qq3gr1l6yUr$NWv>*ldiswAT8MF*la%3nHIPY`AEwmo{BPPsQZL$@K2%lm_+`35
zQO;|b`X|Nw4p2_Ly5evFwbn6JRh?&Ps%SoRhF0$f*!FGxxN3X6m<HiDv-I9eJ#|jc
zYD1edt=inhJPX$6vS8{G8)ZaOnJ`0AsjQyYi%OP_23>ZM7MgiX^uP!mOwkY@9H7%s
zMHsUA&_0$`XssC7&GuQkDUQKbyJxu7-eCiphFk5O0$bY!GmxARXqD-pBuymMHg0_~
zL)(N-`c*TZtx2_g#mvHQ)~<^QQ;HO1|Blu1Z`jY!TjTL#)Mi^Vr>C7QQ;QY0U2E87
z1IFeOrGT#AsM=mCW@ly-se3y%I{nl%o!8BIH_zbR`3by70XFwk+9+|RohPi%wkkty
z&Wo+e+2+T`!?F}?e*CwAu+-kFoKnV}Cz?|&LR;|}>$A;|zjv1uP7LbpZN;w-K4jM`
zS82r_?6l8HJV=t3zgz*R<>PBrD;YLCv4TISZ%7*j$dwHqqYm=YhA0IK3<t0NK}}AG
zJM84J0D+ZXV*S=oytGv@takv-$q}J-&~T>%7%Oa5467Z$A-bn)O_2}l#vffy)gIK_
zTNS#2(dX2#9{Go&xVf!(sCCd_bkO2HQOS#Y>!9WLm4NlguS>1TuX4ntO5l4&0E3Iq
z^Rb2TKI@TRFN(*VC#=F5GV}|P6rUl3opzCKBgAEyHJQW%is6MyAUR?hHvD-d*ju+j
z!@f$O`ASBVYm+15u;KAaz`zC`t7I?Z3eL3Ne6F?bT%wFgvR|sdl&~Z%o=Tu;aPj?>
zygXLYeK9|QmAEsk1ZGa3cBWSwTvWlQ(v!z3wfxUb)Y`k)@0Z!{Ire*!{eGYQ{tx!M
zpZ$Jq8vS+?&1DCL%xPyjqn1Blns&0AeodXH)Jy-uc)6|!XxhYgeedpB&+5t6QU8ak
zdU_gK%x?HlRrj*N%+vrU{@bfLVh6=3f>Ofnaq0k9%0hmtsxGB1s%+{d%6d=scN1Ka
zgG*u@&J&N<8i2I*$suKEYv%NSmiIqLv^QVtG+3#@SsI*Z=J014JgLD&E!uld4Zf?<
zpV44ggU@Mjj|R8Qc++;j#=l*IjT+q2I^%t$)}N=r4>Y=S8vHvAzNo>!(BRiv^5vY=
zUTpVk@TVHQtica7Xx7$QrorVJT&KY;8k9BoB@OP=-~kQ3tjYU}886iB%lUib9Q0Ij
z*gpg2uDTihf9=(DAD4IOzI?grj4R}gJ)DTfz1<S9p0zoh+ubXNf^Ii$OL3n!s=Y1W
zAVq^-pCrn?lIZL8#=JgRip52bXSv67tLX96bI`~^1qI%)U-WpEc|2ku%=qGRED-Jy
zcLd~Kk#w$it)$b7ap{i|QrIWOtHe!lIzb>V2D-(*NJ0!tl3$b~qCXIi2EBcvEbWv<
zxz{U;p+HZsEczm0*&7Ip@r18;x>kWOlV4>vw|BFdBVAvVe6rZ<jf>u}=<(!M>G6mm
zN$!pKZxsWw7>J8LZ!jqNnd+1;Cdr9dSlsRnCL}uSjmHxqu9G(ylf3>uu}c!!GP)zN
z+@x!w-k3Ke#@C3=;oQ`6gi`t<;q6jP)+FQ%LTBT)_E(wL@Hy9r&Egtg&>N4h@o@im
z^6W>o(|DL!s?6L^9OsS)f>KzX=6_e<VM$!moe2BZcsPwm>`KU@9Fx2<_2WH}u;lTG
z-Z&Q>ipqW3gv>A9i6Eai5|smyus6t!62FylMC4v6wj&UinAdtFdAhqjo(d|v!s8Kl
z^h!JuCJmaKx5{j8Y;4q4R7r6w%zW9EoO{Kzacy-o$SPJ)6T~CkvO6xvX5JSq-15}@
zQy!W0K%krZKU^W_99t!7AH7I%DYjjTi{4N2N6br?PvbJ2b1;)Bi(Ovd!+f4DZ#>}B
z7;Y8g5jwgf5DbcOnf`W3BE2DL<i&Y7(U{l~q55=9IojLf4TLpQaT7M=Ot!3kQ(TIP
zs~VTBm>Qn6&GMjJ$H$lV$aQ(ftc=UCN=Ch6%9hK$p=jL{5A9vcr&;=1=9!aG`%mSY
zDtA08N&ZAMo|m_T|2uWi)N%d%x^orB?_Tu@`B(UVTd(_TudheHrr%x-?$h9Y4IY@L
zf9~5R3xLf!;GJ6Fo#p?3_8(;cbp5*ieYL=?0FKqN?~3q`OMr)O0{U+PRxJhYS_;g!
z1Lks|z8rY40`OD-e_f${pHvJu76R#6Kusk;_xxY31il8~u9i+0rRgZszH73F!t5Ka
zO8#k44rg~bCV4n+=j3-%RRO<O_S$dLVgj|4#^LaF_W%c10VdjS+0bd<+`=mVp?usH
zic9C=+8NzQK913y$-{Lpx^wwBMt3O>*U9Lz`8Y;5z6#iD1ajYM_1E%m%6Q+tJra~d
zv`^#UA>AbYkw+f!clFSFu1=E~lYRE~=4Sq$WIApOo2O$su9MSk&cks!PaSZH&a;#2
zll#`KO5*+J8u=$;n$4>z&+i(6(kYyi-Lq@+d{dL#*S%9PiQ`|6bpQ@Zr+tIwxDPN<
zdvwKlZqdG}%YA!>DF5_~ePd>KtYRclVBZw3`qRd@U@^i{V}_-=XuL3L>{x2h!SGHI
zi`lP~a9b<|y$NUFD4pMgV<o_F39yUNA&*8d8(_ZEIIfQtbm$x!&pUdQ%muzO7x+Hq
zG3jCQ7Xvf#v-Oz$rUiy$v+&)yz?HecC2fwG{X9NRe@`j!v(kM1^KhE}MK)lT4QQ?B
zvZm7rMjedRI)`A^!(3y8x!M?AO51WF41OcdlmX*qz@v;;56FeUHF)IpX^xv?Gr=Yo
z!R9Z7t;Psj^_)xN75rV+p@l%jBAy%AxnvRW)U>{)Q^y>plL_Vx#wg|019)u_@S8=z
zH#OR0ivZ(d;AO3ET?{N(JT*@H3#W|>dI9=7fuaRQEU2+!L2TZo(&!ByDxd0o-(uj7
zCBVr_4w)_+bRB}#2&=yk)*2(M)x}YvNI+2+AW+}N^w9#3&LLRzJkB;4JBsK$%YdBR
z$j!jjn*prgP|yj`bpS%C38j7$N;?ZtT4O|MbxBmP8DOh90-JCMMoPoxHo{tCfOT$h
zRJcyr<4^E`SR=>h{(2jMU?UK11okfg_BOJUL$0h>`J&EMt5)s^gx%hd|Mr@yXrCV)
zeeL0Z?9QwG6KkjD`hGJo?%?<S<fp7H{M*yr({TMQK)(YxI1N|Z3LJ2Jb`JjcbPj&0
zprdb7IN*!;C3kyRmSW*`u}Ekm+W-UmgpR)UP&5*g-5jis_!B`1kLWu3?q%C^_g#|Q
zEYp3w+34=*bJM;4Mmd)7$-v=hvhR_0U=}+1?u<l&?#{lbgf9pked~e|ugtsnvCz@y
ziiCT3_kw{+Yn8mgV8n-QQ}eZWgTZx)u#cW@?(O<wbF3#06zMwpxN7bedQg(8fj_=R
z$K0y^1|5BEv6#ChD0yS(%9qWX*f)jUNLP1=>XTc{272%SqJ462B<x(Zs>&Y>;`jOu
za<Ii4l@l?kB@$-eZ+}E_u1MtJL^P*!TUd_u0eZs*Ie32{CMUeXP2nAZupju9VN<x*
z8}<h!f7?!<#13%l0zp}d0nZsWO7bTTSL^PQ<d#G%CWYmWSi~pA<2YvMlwzSk*egpp
z6b=-$$F)u*wodX=T|4N>DJ&zZzb_%h`Z}aocO(|_hJ8{?Btatr&TFN&`*FuKY-cY$
zi?#a!bHQDbys<AXOQFs{NNSF+3j`(FLXFTGh<m$&5+`;Ax?<i~A2oR#dkSdQ33!8n
zN2HCeKwKu0*N^=L?eSKrE78*<#d2ES-L~PLHkY%SnH(m#-7Pd%`2yVmpPO4J29(3?
zj>~?x+!vMHfpB-k?U&+mEYjx=2I4Z%h>#SDOESIhH*C76vweNrsu~BEc{|*Ja6p!&
zSO|AawcQfd!X1}--QCRQZc1DRw=WXz4)i2qk~{2;#UeZ0-dN9ez{xrJl5#^*czYlg
z35VE`zb20&5|(xbWVcKW1T2GF+9~-G@{ECbaQkQ%@J0hGLvfnCSNdY|%2*;S2SU=y
z;Hs6YR`P|^(>3~{efaG9cYM9NRXp4MrmE)N^5<%~p#7@^-@R-9zH*)8Zfi9^S9Z+j
zFh|{?;U}CNo+-;8FR9VSH5gqmWBj&H_q_Ad9>4eAe*Nd1O&$NX&sG1!UDM7J6w>oX
zv<`Xa4hpZ%0ru5#XqgMVSeJh;ppc#$PS@q1A1JIW1t#h^>?j3F>N%um0kJ;+Oh6$$
zGdSvzcXpug&3VA)dJePmfM7i^K99v7+xt^U&jP#Z^Unkn-g+ajx1Pfl3xEUl9B$Cs
z6!t6t()E0=sxIKXB@2P7g}|A5{(PZ-ArNff@aaXsoAtoHMZluPKv@Ha>z4p>1OFef
z)Dqyi24L?J;Mfu_lftKO0$yqW_T2;&iNN<8fLS7NNCZY2IJ_wGxlBueo0syoeJQY2
zYkQUgPik!n|4M7WxD<F(Yg0I?wJ$FPT+4tzG;sLnGLENkuhypU{4%cRPnQ8bH}iHc
zJwMoiHyb##+c}=X^;+9w2VN)#N*aL|%Yke;_XUOa<-A?F9C)(=5F6P$4|G)mjz;#r
zgPp-@8#$zBsFDT_U)I_bp48eD((}wW8aOOl0sOAvvwZ%qy9D+;u8jYuTpnJ>k672>
zi}V1|o{xO>Iuh&G?hFOR?NTfrh=dy|R#iDFL@Dfx_yggdhKfy{>sHoQh;i8)_Irbo
zu+&h|C&eq)Hd@T}-gsOJbp`vxouObj-cXT<h1bM=y;8^<Ul|JcVv%^HTVCmlgw}ZD
zp{nhxD#VaC9O#zf^8M3iqoO{SlhtT3f9B-;%fX+!?tG^IncdIqeP-V?2cDUD2G5$F
z7oV?u{^0W?&!2hz-1C>7&pyweqlo~T_LKda_j~sD?%%n;fB)|N`}Sw|<C)J)`5*E6
W-v9sr|Nj910RR6ALa-_TJ^%oNoriG%

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
new file mode 100644
index 000000000..ca41f9cbc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
@@ -0,0 +1,9 @@
+from typing import Any
+from typing import Optional
+
+from . import Markup
+
+def escape(s: Any) -> Markup: ...
+def escape_silent(s: Optional[Any]) -> Markup: ...
+def soft_str(s: Any) -> str: ...
+def soft_unicode(s: Any) -> str: ...
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/py.typed b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..5e826bdf7
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/DESCRIPTION.rst
@@ -0,0 +1,12 @@
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/METADATA
new file mode 100644
index 000000000..25ed5ab69
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/METADATA
@@ -0,0 +1,25 @@
+Metadata-Version: 2.0
+Name: ply
+Version: 3.11
+Summary: Python Lex & Yacc
+Home-page: http://www.dabeaz.com/ply/
+Author: David Beazley
+Author-email: dave@dabeaz.com
+License: BSD
+Description-Content-Type: UNKNOWN
+Platform: UNKNOWN
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 2
+
+
+PLY is yet another implementation of lex and yacc for Python. Some notable
+features include the fact that its implemented entirely in Python and it
+uses LALR(1) parsing which is efficient and well suited for larger grammars.
+
+PLY provides most of the standard lex/yacc features including support for empty 
+productions, precedence rules, error recovery, and support for ambiguous grammars. 
+
+PLY is extremely easy to use and provides very extensive error checking. 
+It is compatible with both Python 2 and Python 3.
+
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/RECORD
new file mode 100644
index 000000000..b4f331424
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/RECORD
@@ -0,0 +1,19 @@
+ply-3.11.dist-info/DESCRIPTION.rst,sha256=nnBY1Nj_GhIsOFck7R2yGHobQVosxi2CPQkHgeSZ0Hg,519
+ply-3.11.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+ply-3.11.dist-info/METADATA,sha256=pYZ9p1TsWGQ8Kxp9yEJVyvs25PkR5h3gIDuTOCsvJGg,844
+ply-3.11.dist-info/RECORD,,
+ply-3.11.dist-info/WHEEL,sha256=kdsN-5OJAZIiHN-iO4Rhl82KyS0bDWf4uBwMbkNafr8,110
+ply-3.11.dist-info/metadata.json,sha256=s7M7va9E25_7TRpzHfNCfN73Ieiy5iKogF0PzXtMxMI,515
+ply-3.11.dist-info/top_level.txt,sha256=gDYBHRQ7Vy0tY0AjXyJtadvU2LDaOsHqhhV70AGsisc,4
+ply/__init__.py,sha256=sx6iBIF__WKIeU0iw2WSoSqBhclHF5EhBTc0wDigTV8,103
+ply/__pycache__/__init__.cpython-311.pyc,,
+ply/__pycache__/cpp.cpython-311.pyc,,
+ply/__pycache__/ctokens.cpython-311.pyc,,
+ply/__pycache__/lex.cpython-311.pyc,,
+ply/__pycache__/yacc.cpython-311.pyc,,
+ply/__pycache__/ygen.cpython-311.pyc,,
+ply/cpp.py,sha256=KTg13R5SKeicwZm7bIPL44KcQBRcHsmeEGOwIBVvLko,33639
+ply/ctokens.py,sha256=GmyWYDY9nl6F1WJQ9rmcQFgh1FnADFlnp_TBjTcEsqU,3155
+ply/lex.py,sha256=babRISnIAfzHo7WqLYF2qGCSaH0btM8d3ztgHaK3SA0,42905
+ply/yacc.py,sha256=EF043rIHrXJYG6jcb15TI2SLwdCoNOQZXCN_1M3-I4k,137736
+ply/ygen.py,sha256=TRnkZgx5BBB43Qspu2J4gVtpeBut8xrTEZoLbNN0b6M,2246
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/WHEEL
new file mode 100644
index 000000000..7332a419c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.30.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/metadata.json b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/metadata.json
new file mode 100644
index 000000000..9f472a327
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Programming Language :: Python :: 3", "Programming Language :: Python :: 2"], "description_content_type": "UNKNOWN", "extensions": {"python.details": {"contacts": [{"email": "dave@dabeaz.com", "name": "David Beazley", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst"}, "project_urls": {"Home": "http://www.dabeaz.com/ply/"}}}, "generator": "bdist_wheel (0.30.0)", "license": "BSD", "metadata_version": "2.0", "name": "ply", "summary": "Python Lex & Yacc", "version": "3.11"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/top_level.txt
new file mode 100644
index 000000000..90412f068
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply-3.11.dist-info/top_level.txt
@@ -0,0 +1 @@
+ply
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/ply/__init__.py
new file mode 100644
index 000000000..23707c635
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/__init__.py
@@ -0,0 +1,5 @@
+# PLY package
+# Author: David Beazley (dave@dabeaz.com)
+
+__version__ = '3.11'
+__all__ = ['lex','yacc']
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/cpp.py b/lib/go-jinja2/internal/data/windows-amd64/ply/cpp.py
new file mode 100644
index 000000000..2422916c9
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/cpp.py
@@ -0,0 +1,914 @@
+# -----------------------------------------------------------------------------
+# cpp.py
+#
+# Author:  David Beazley (http://www.dabeaz.com)
+# Copyright (C) 2007
+# All rights reserved
+#
+# This module implements an ANSI-C style lexical preprocessor for PLY.
+# -----------------------------------------------------------------------------
+from __future__ import generators
+
+import sys
+
+# Some Python 3 compatibility shims
+if sys.version_info.major < 3:
+    STRING_TYPES = (str, unicode)
+else:
+    STRING_TYPES = str
+    xrange = range
+
+# -----------------------------------------------------------------------------
+# Default preprocessor lexer definitions.   These tokens are enough to get
+# a basic preprocessor working.   Other modules may import these if they want
+# -----------------------------------------------------------------------------
+
+tokens = (
+   'CPP_ID','CPP_INTEGER', 'CPP_FLOAT', 'CPP_STRING', 'CPP_CHAR', 'CPP_WS', 'CPP_COMMENT1', 'CPP_COMMENT2', 'CPP_POUND','CPP_DPOUND'
+)
+
+literals = "+-*/%|&~^<>=!?()[]{}.,;:\\\'\""
+
+# Whitespace
+def t_CPP_WS(t):
+    r'\s+'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+t_CPP_POUND = r'\#'
+t_CPP_DPOUND = r'\#\#'
+
+# Identifier
+t_CPP_ID = r'[A-Za-z_][\w_]*'
+
+# Integer literal
+def CPP_INTEGER(t):
+    r'(((((0x)|(0X))[0-9a-fA-F]+)|(\d+))([uU][lL]|[lL][uU]|[uU]|[lL])?)'
+    return t
+
+t_CPP_INTEGER = CPP_INTEGER
+
+# Floating literal
+t_CPP_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+def t_CPP_STRING(t):
+    r'\"([^\\\n]|(\\(.|\n)))*?\"'
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Character constant 'c' or L'c'
+def t_CPP_CHAR(t):
+    r'(L)?\'([^\\\n]|(\\(.|\n)))*?\''
+    t.lexer.lineno += t.value.count("\n")
+    return t
+
+# Comment
+def t_CPP_COMMENT1(t):
+    r'(/\*(.|\n)*?\*/)'
+    ncr = t.value.count("\n")
+    t.lexer.lineno += ncr
+    # replace with one space or a number of '\n'
+    t.type = 'CPP_WS'; t.value = '\n' * ncr if ncr else ' '
+    return t
+
+# Line comment
+def t_CPP_COMMENT2(t):
+    r'(//.*?(\n|$))'
+    # replace with '/n'
+    t.type = 'CPP_WS'; t.value = '\n'
+    return t
+
+def t_error(t):
+    t.type = t.value[0]
+    t.value = t.value[0]
+    t.lexer.skip(1)
+    return t
+
+import re
+import copy
+import time
+import os.path
+
+# -----------------------------------------------------------------------------
+# trigraph()
+#
+# Given an input string, this function replaces all trigraph sequences.
+# The following mapping is used:
+#
+#     ??=    #
+#     ??/    \
+#     ??'    ^
+#     ??(    [
+#     ??)    ]
+#     ??!    |
+#     ??<    {
+#     ??>    }
+#     ??-    ~
+# -----------------------------------------------------------------------------
+
+_trigraph_pat = re.compile(r'''\?\?[=/\'\(\)\!<>\-]''')
+_trigraph_rep = {
+    '=':'#',
+    '/':'\\',
+    "'":'^',
+    '(':'[',
+    ')':']',
+    '!':'|',
+    '<':'{',
+    '>':'}',
+    '-':'~'
+}
+
+def trigraph(input):
+    return _trigraph_pat.sub(lambda g: _trigraph_rep[g.group()[-1]],input)
+
+# ------------------------------------------------------------------
+# Macro object
+#
+# This object holds information about preprocessor macros
+#
+#    .name      - Macro name (string)
+#    .value     - Macro value (a list of tokens)
+#    .arglist   - List of argument names
+#    .variadic  - Boolean indicating whether or not variadic macro
+#    .vararg    - Name of the variadic parameter
+#
+# When a macro is created, the macro replacement token sequence is
+# pre-scanned and used to create patch lists that are later used
+# during macro expansion
+# ------------------------------------------------------------------
+
+class Macro(object):
+    def __init__(self,name,value,arglist=None,variadic=False):
+        self.name = name
+        self.value = value
+        self.arglist = arglist
+        self.variadic = variadic
+        if variadic:
+            self.vararg = arglist[-1]
+        self.source = None
+
+# ------------------------------------------------------------------
+# Preprocessor object
+#
+# Object representing a preprocessor.  Contains macro definitions,
+# include directories, and other information
+# ------------------------------------------------------------------
+
+class Preprocessor(object):
+    def __init__(self,lexer=None):
+        if lexer is None:
+            lexer = lex.lexer
+        self.lexer = lexer
+        self.macros = { }
+        self.path = []
+        self.temp_path = []
+
+        # Probe the lexer for selected tokens
+        self.lexprobe()
+
+        tm = time.localtime()
+        self.define("__DATE__ \"%s\"" % time.strftime("%b %d %Y",tm))
+        self.define("__TIME__ \"%s\"" % time.strftime("%H:%M:%S",tm))
+        self.parser = None
+
+    # -----------------------------------------------------------------------------
+    # tokenize()
+    #
+    # Utility function. Given a string of text, tokenize into a list of tokens
+    # -----------------------------------------------------------------------------
+
+    def tokenize(self,text):
+        tokens = []
+        self.lexer.input(text)
+        while True:
+            tok = self.lexer.token()
+            if not tok: break
+            tokens.append(tok)
+        return tokens
+
+    # ---------------------------------------------------------------------
+    # error()
+    #
+    # Report a preprocessor error/warning of some kind
+    # ----------------------------------------------------------------------
+
+    def error(self,file,line,msg):
+        print("%s:%d %s" % (file,line,msg))
+
+    # ----------------------------------------------------------------------
+    # lexprobe()
+    #
+    # This method probes the preprocessor lexer object to discover
+    # the token types of symbols that are important to the preprocessor.
+    # If this works right, the preprocessor will simply "work"
+    # with any suitable lexer regardless of how tokens have been named.
+    # ----------------------------------------------------------------------
+
+    def lexprobe(self):
+
+        # Determine the token type for identifiers
+        self.lexer.input("identifier")
+        tok = self.lexer.token()
+        if not tok or tok.value != "identifier":
+            print("Couldn't determine identifier type")
+        else:
+            self.t_ID = tok.type
+
+        # Determine the token type for integers
+        self.lexer.input("12345")
+        tok = self.lexer.token()
+        if not tok or int(tok.value) != 12345:
+            print("Couldn't determine integer type")
+        else:
+            self.t_INTEGER = tok.type
+            self.t_INTEGER_TYPE = type(tok.value)
+
+        # Determine the token type for strings enclosed in double quotes
+        self.lexer.input("\"filename\"")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\"filename\"":
+            print("Couldn't determine string type")
+        else:
+            self.t_STRING = tok.type
+
+        # Determine the token type for whitespace--if any
+        self.lexer.input("  ")
+        tok = self.lexer.token()
+        if not tok or tok.value != "  ":
+            self.t_SPACE = None
+        else:
+            self.t_SPACE = tok.type
+
+        # Determine the token type for newlines
+        self.lexer.input("\n")
+        tok = self.lexer.token()
+        if not tok or tok.value != "\n":
+            self.t_NEWLINE = None
+            print("Couldn't determine token for newlines")
+        else:
+            self.t_NEWLINE = tok.type
+
+        self.t_WS = (self.t_SPACE, self.t_NEWLINE)
+
+        # Check for other characters used by the preprocessor
+        chars = [ '<','>','#','##','\\','(',')',',','.']
+        for c in chars:
+            self.lexer.input(c)
+            tok = self.lexer.token()
+            if not tok or tok.value != c:
+                print("Unable to lex '%s' required for preprocessor" % c)
+
+    # ----------------------------------------------------------------------
+    # add_path()
+    #
+    # Adds a search path to the preprocessor.
+    # ----------------------------------------------------------------------
+
+    def add_path(self,path):
+        self.path.append(path)
+
+    # ----------------------------------------------------------------------
+    # group_lines()
+    #
+    # Given an input string, this function splits it into lines.  Trailing whitespace
+    # is removed.   Any line ending with \ is grouped with the next line.  This
+    # function forms the lowest level of the preprocessor---grouping into text into
+    # a line-by-line format.
+    # ----------------------------------------------------------------------
+
+    def group_lines(self,input):
+        lex = self.lexer.clone()
+        lines = [x.rstrip() for x in input.splitlines()]
+        for i in xrange(len(lines)):
+            j = i+1
+            while lines[i].endswith('\\') and (j < len(lines)):
+                lines[i] = lines[i][:-1]+lines[j]
+                lines[j] = ""
+                j += 1
+
+        input = "\n".join(lines)
+        lex.input(input)
+        lex.lineno = 1
+
+        current_line = []
+        while True:
+            tok = lex.token()
+            if not tok:
+                break
+            current_line.append(tok)
+            if tok.type in self.t_WS and '\n' in tok.value:
+                yield current_line
+                current_line = []
+
+        if current_line:
+            yield current_line
+
+    # ----------------------------------------------------------------------
+    # tokenstrip()
+    #
+    # Remove leading/trailing whitespace tokens from a token list
+    # ----------------------------------------------------------------------
+
+    def tokenstrip(self,tokens):
+        i = 0
+        while i < len(tokens) and tokens[i].type in self.t_WS:
+            i += 1
+        del tokens[:i]
+        i = len(tokens)-1
+        while i >= 0 and tokens[i].type in self.t_WS:
+            i -= 1
+        del tokens[i+1:]
+        return tokens
+
+
+    # ----------------------------------------------------------------------
+    # collect_args()
+    #
+    # Collects comma separated arguments from a list of tokens.   The arguments
+    # must be enclosed in parenthesis.  Returns a tuple (tokencount,args,positions)
+    # where tokencount is the number of tokens consumed, args is a list of arguments,
+    # and positions is a list of integers containing the starting index of each
+    # argument.  Each argument is represented by a list of tokens.
+    #
+    # When collecting arguments, leading and trailing whitespace is removed
+    # from each argument.
+    #
+    # This function properly handles nested parenthesis and commas---these do not
+    # define new arguments.
+    # ----------------------------------------------------------------------
+
+    def collect_args(self,tokenlist):
+        args = []
+        positions = []
+        current_arg = []
+        nesting = 1
+        tokenlen = len(tokenlist)
+
+        # Search for the opening '('.
+        i = 0
+        while (i < tokenlen) and (tokenlist[i].type in self.t_WS):
+            i += 1
+
+        if (i < tokenlen) and (tokenlist[i].value == '('):
+            positions.append(i+1)
+        else:
+            self.error(self.source,tokenlist[0].lineno,"Missing '(' in macro arguments")
+            return 0, [], []
+
+        i += 1
+
+        while i < tokenlen:
+            t = tokenlist[i]
+            if t.value == '(':
+                current_arg.append(t)
+                nesting += 1
+            elif t.value == ')':
+                nesting -= 1
+                if nesting == 0:
+                    if current_arg:
+                        args.append(self.tokenstrip(current_arg))
+                        positions.append(i)
+                    return i+1,args,positions
+                current_arg.append(t)
+            elif t.value == ',' and nesting == 1:
+                args.append(self.tokenstrip(current_arg))
+                positions.append(i+1)
+                current_arg = []
+            else:
+                current_arg.append(t)
+            i += 1
+
+        # Missing end argument
+        self.error(self.source,tokenlist[-1].lineno,"Missing ')' in macro arguments")
+        return 0, [],[]
+
+    # ----------------------------------------------------------------------
+    # macro_prescan()
+    #
+    # Examine the macro value (token sequence) and identify patch points
+    # This is used to speed up macro expansion later on---we'll know
+    # right away where to apply patches to the value to form the expansion
+    # ----------------------------------------------------------------------
+
+    def macro_prescan(self,macro):
+        macro.patch     = []             # Standard macro arguments
+        macro.str_patch = []             # String conversion expansion
+        macro.var_comma_patch = []       # Variadic macro comma patch
+        i = 0
+        while i < len(macro.value):
+            if macro.value[i].type == self.t_ID and macro.value[i].value in macro.arglist:
+                argnum = macro.arglist.index(macro.value[i].value)
+                # Conversion of argument to a string
+                if i > 0 and macro.value[i-1].value == '#':
+                    macro.value[i] = copy.copy(macro.value[i])
+                    macro.value[i].type = self.t_STRING
+                    del macro.value[i-1]
+                    macro.str_patch.append((argnum,i-1))
+                    continue
+                # Concatenation
+                elif (i > 0 and macro.value[i-1].value == '##'):
+                    macro.patch.append(('c',argnum,i-1))
+                    del macro.value[i-1]
+                    i -= 1
+                    continue
+                elif ((i+1) < len(macro.value) and macro.value[i+1].value == '##'):
+                    macro.patch.append(('c',argnum,i))
+                    del macro.value[i + 1]
+                    continue
+                # Standard expansion
+                else:
+                    macro.patch.append(('e',argnum,i))
+            elif macro.value[i].value == '##':
+                if macro.variadic and (i > 0) and (macro.value[i-1].value == ',') and \
+                        ((i+1) < len(macro.value)) and (macro.value[i+1].type == self.t_ID) and \
+                        (macro.value[i+1].value == macro.vararg):
+                    macro.var_comma_patch.append(i-1)
+            i += 1
+        macro.patch.sort(key=lambda x: x[2],reverse=True)
+
+    # ----------------------------------------------------------------------
+    # macro_expand_args()
+    #
+    # Given a Macro and list of arguments (each a token list), this method
+    # returns an expanded version of a macro.  The return value is a token sequence
+    # representing the replacement macro tokens
+    # ----------------------------------------------------------------------
+
+    def macro_expand_args(self,macro,args):
+        # Make a copy of the macro token sequence
+        rep = [copy.copy(_x) for _x in macro.value]
+
+        # Make string expansion patches.  These do not alter the length of the replacement sequence
+
+        str_expansion = {}
+        for argnum, i in macro.str_patch:
+            if argnum not in str_expansion:
+                str_expansion[argnum] = ('"%s"' % "".join([x.value for x in args[argnum]])).replace("\\","\\\\")
+            rep[i] = copy.copy(rep[i])
+            rep[i].value = str_expansion[argnum]
+
+        # Make the variadic macro comma patch.  If the variadic macro argument is empty, we get rid
+        comma_patch = False
+        if macro.variadic and not args[-1]:
+            for i in macro.var_comma_patch:
+                rep[i] = None
+                comma_patch = True
+
+        # Make all other patches.   The order of these matters.  It is assumed that the patch list
+        # has been sorted in reverse order of patch location since replacements will cause the
+        # size of the replacement sequence to expand from the patch point.
+
+        expanded = { }
+        for ptype, argnum, i in macro.patch:
+            # Concatenation.   Argument is left unexpanded
+            if ptype == 'c':
+                rep[i:i+1] = args[argnum]
+            # Normal expansion.  Argument is macro expanded first
+            elif ptype == 'e':
+                if argnum not in expanded:
+                    expanded[argnum] = self.expand_macros(args[argnum])
+                rep[i:i+1] = expanded[argnum]
+
+        # Get rid of removed comma if necessary
+        if comma_patch:
+            rep = [_i for _i in rep if _i]
+
+        return rep
+
+
+    # ----------------------------------------------------------------------
+    # expand_macros()
+    #
+    # Given a list of tokens, this function performs macro expansion.
+    # The expanded argument is a dictionary that contains macros already
+    # expanded.  This is used to prevent infinite recursion.
+    # ----------------------------------------------------------------------
+
+    def expand_macros(self,tokens,expanded=None):
+        if expanded is None:
+            expanded = {}
+        i = 0
+        while i < len(tokens):
+            t = tokens[i]
+            if t.type == self.t_ID:
+                if t.value in self.macros and t.value not in expanded:
+                    # Yes, we found a macro match
+                    expanded[t.value] = True
+
+                    m = self.macros[t.value]
+                    if not m.arglist:
+                        # A simple macro
+                        ex = self.expand_macros([copy.copy(_x) for _x in m.value],expanded)
+                        for e in ex:
+                            e.lineno = t.lineno
+                        tokens[i:i+1] = ex
+                        i += len(ex)
+                    else:
+                        # A macro with arguments
+                        j = i + 1
+                        while j < len(tokens) and tokens[j].type in self.t_WS:
+                            j += 1
+                        if j < len(tokens) and tokens[j].value == '(':
+                            tokcount,args,positions = self.collect_args(tokens[j:])
+                            if not m.variadic and len(args) !=  len(m.arglist):
+                                self.error(self.source,t.lineno,"Macro %s requires %d arguments" % (t.value,len(m.arglist)))
+                                i = j + tokcount
+                            elif m.variadic and len(args) < len(m.arglist)-1:
+                                if len(m.arglist) > 2:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d arguments" % (t.value, len(m.arglist)-1))
+                                else:
+                                    self.error(self.source,t.lineno,"Macro %s must have at least %d argument" % (t.value, len(m.arglist)-1))
+                                i = j + tokcount
+                            else:
+                                if m.variadic:
+                                    if len(args) == len(m.arglist)-1:
+                                        args.append([])
+                                    else:
+                                        args[len(m.arglist)-1] = tokens[j+positions[len(m.arglist)-1]:j+tokcount-1]
+                                        del args[len(m.arglist):]
+
+                                # Get macro replacement text
+                                rep = self.macro_expand_args(m,args)
+                                rep = self.expand_macros(rep,expanded)
+                                for r in rep:
+                                    r.lineno = t.lineno
+                                tokens[i:j+tokcount] = rep
+                                i += len(rep)
+                        else:
+                            # This is not a macro. It is just a word which
+                            # equals to name of the macro. Hence, go to the
+                            # next token.
+                            i += 1
+
+                    del expanded[t.value]
+                    continue
+                elif t.value == '__LINE__':
+                    t.type = self.t_INTEGER
+                    t.value = self.t_INTEGER_TYPE(t.lineno)
+
+            i += 1
+        return tokens
+
+    # ----------------------------------------------------------------------
+    # evalexpr()
+    #
+    # Evaluate an expression token sequence for the purposes of evaluating
+    # integral expressions.
+    # ----------------------------------------------------------------------
+
+    def evalexpr(self,tokens):
+        # tokens = tokenize(line)
+        # Search for defined macros
+        i = 0
+        while i < len(tokens):
+            if tokens[i].type == self.t_ID and tokens[i].value == 'defined':
+                j = i + 1
+                needparen = False
+                result = "0L"
+                while j < len(tokens):
+                    if tokens[j].type in self.t_WS:
+                        j += 1
+                        continue
+                    elif tokens[j].type == self.t_ID:
+                        if tokens[j].value in self.macros:
+                            result = "1L"
+                        else:
+                            result = "0L"
+                        if not needparen: break
+                    elif tokens[j].value == '(':
+                        needparen = True
+                    elif tokens[j].value == ')':
+                        break
+                    else:
+                        self.error(self.source,tokens[i].lineno,"Malformed defined()")
+                    j += 1
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE(result)
+                del tokens[i+1:j+1]
+            i += 1
+        tokens = self.expand_macros(tokens)
+        for i,t in enumerate(tokens):
+            if t.type == self.t_ID:
+                tokens[i] = copy.copy(t)
+                tokens[i].type = self.t_INTEGER
+                tokens[i].value = self.t_INTEGER_TYPE("0L")
+            elif t.type == self.t_INTEGER:
+                tokens[i] = copy.copy(t)
+                # Strip off any trailing suffixes
+                tokens[i].value = str(tokens[i].value)
+                while tokens[i].value[-1] not in "0123456789abcdefABCDEF":
+                    tokens[i].value = tokens[i].value[:-1]
+
+        expr = "".join([str(x.value) for x in tokens])
+        expr = expr.replace("&&"," and ")
+        expr = expr.replace("||"," or ")
+        expr = expr.replace("!"," not ")
+        try:
+            result = eval(expr)
+        except Exception:
+            self.error(self.source,tokens[0].lineno,"Couldn't evaluate expression")
+            result = 0
+        return result
+
+    # ----------------------------------------------------------------------
+    # parsegen()
+    #
+    # Parse an input string/
+    # ----------------------------------------------------------------------
+    def parsegen(self,input,source=None):
+
+        # Replace trigraph sequences
+        t = trigraph(input)
+        lines = self.group_lines(t)
+
+        if not source:
+            source = ""
+
+        self.define("__FILE__ \"%s\"" % source)
+
+        self.source = source
+        chunk = []
+        enable = True
+        iftrigger = False
+        ifstack = []
+
+        for x in lines:
+            for i,tok in enumerate(x):
+                if tok.type not in self.t_WS: break
+            if tok.value == '#':
+                # Preprocessor directive
+
+                # insert necessary whitespace instead of eaten tokens
+                for tok in x:
+                    if tok.type in self.t_WS and '\n' in tok.value:
+                        chunk.append(tok)
+
+                dirtokens = self.tokenstrip(x[i+1:])
+                if dirtokens:
+                    name = dirtokens[0].value
+                    args = self.tokenstrip(dirtokens[1:])
+                else:
+                    name = ""
+                    args = []
+
+                if name == 'define':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.define(args)
+                elif name == 'include':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        oldfile = self.macros['__FILE__']
+                        for tok in self.include(args):
+                            yield tok
+                        self.macros['__FILE__'] = oldfile
+                        self.source = source
+                elif name == 'undef':
+                    if enable:
+                        for tok in self.expand_macros(chunk):
+                            yield tok
+                        chunk = []
+                        self.undef(args)
+                elif name == 'ifdef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if not args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'ifndef':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        if args[0].value in self.macros:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'if':
+                    ifstack.append((enable,iftrigger))
+                    if enable:
+                        result = self.evalexpr(args)
+                        if not result:
+                            enable = False
+                            iftrigger = False
+                        else:
+                            iftrigger = True
+                elif name == 'elif':
+                    if ifstack:
+                        if ifstack[-1][0]:     # We only pay attention if outer "if" allows this
+                            if enable:         # If already true, we flip enable False
+                                enable = False
+                            elif not iftrigger:   # If False, but not triggered yet, we'll check expression
+                                result = self.evalexpr(args)
+                                if result:
+                                    enable  = True
+                                    iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #elif")
+
+                elif name == 'else':
+                    if ifstack:
+                        if ifstack[-1][0]:
+                            if enable:
+                                enable = False
+                            elif not iftrigger:
+                                enable = True
+                                iftrigger = True
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #else")
+
+                elif name == 'endif':
+                    if ifstack:
+                        enable,iftrigger = ifstack.pop()
+                    else:
+                        self.error(self.source,dirtokens[0].lineno,"Misplaced #endif")
+                else:
+                    # Unknown preprocessor directive
+                    pass
+
+            else:
+                # Normal text
+                if enable:
+                    chunk.extend(x)
+
+        for tok in self.expand_macros(chunk):
+            yield tok
+        chunk = []
+
+    # ----------------------------------------------------------------------
+    # include()
+    #
+    # Implementation of file-inclusion
+    # ----------------------------------------------------------------------
+
+    def include(self,tokens):
+        # Try to extract the filename and then process an include file
+        if not tokens:
+            return
+        if tokens:
+            if tokens[0].value != '<' and tokens[0].type != self.t_STRING:
+                tokens = self.expand_macros(tokens)
+
+            if tokens[0].value == '<':
+                # Include <...>
+                i = 1
+                while i < len(tokens):
+                    if tokens[i].value == '>':
+                        break
+                    i += 1
+                else:
+                    print("Malformed #include <...>")
+                    return
+                filename = "".join([x.value for x in tokens[1:i]])
+                path = self.path + [""] + self.temp_path
+            elif tokens[0].type == self.t_STRING:
+                filename = tokens[0].value[1:-1]
+                path = self.temp_path + [""] + self.path
+            else:
+                print("Malformed #include statement")
+                return
+        for p in path:
+            iname = os.path.join(p,filename)
+            try:
+                data = open(iname,"r").read()
+                dname = os.path.dirname(iname)
+                if dname:
+                    self.temp_path.insert(0,dname)
+                for tok in self.parsegen(data,filename):
+                    yield tok
+                if dname:
+                    del self.temp_path[0]
+                break
+            except IOError:
+                pass
+        else:
+            print("Couldn't find '%s'" % filename)
+
+    # ----------------------------------------------------------------------
+    # define()
+    #
+    # Define a new macro
+    # ----------------------------------------------------------------------
+
+    def define(self,tokens):
+        if isinstance(tokens,STRING_TYPES):
+            tokens = self.tokenize(tokens)
+
+        linetok = tokens
+        try:
+            name = linetok[0]
+            if len(linetok) > 1:
+                mtype = linetok[1]
+            else:
+                mtype = None
+            if not mtype:
+                m = Macro(name.value,[])
+                self.macros[name.value] = m
+            elif mtype.type in self.t_WS:
+                # A normal macro
+                m = Macro(name.value,self.tokenstrip(linetok[2:]))
+                self.macros[name.value] = m
+            elif mtype.value == '(':
+                # A macro with arguments
+                tokcount, args, positions = self.collect_args(linetok[1:])
+                variadic = False
+                for a in args:
+                    if variadic:
+                        print("No more arguments may follow a variadic argument")
+                        break
+                    astr = "".join([str(_i.value) for _i in a])
+                    if astr == "...":
+                        variadic = True
+                        a[0].type = self.t_ID
+                        a[0].value = '__VA_ARGS__'
+                        variadic = True
+                        del a[1:]
+                        continue
+                    elif astr[-3:] == "..." and a[0].type == self.t_ID:
+                        variadic = True
+                        del a[1:]
+                        # If, for some reason, "." is part of the identifier, strip off the name for the purposes
+                        # of macro expansion
+                        if a[0].value[-3:] == '...':
+                            a[0].value = a[0].value[:-3]
+                        continue
+                    if len(a) > 1 or a[0].type != self.t_ID:
+                        print("Invalid macro argument")
+                        break
+                else:
+                    mvalue = self.tokenstrip(linetok[1+tokcount:])
+                    i = 0
+                    while i < len(mvalue):
+                        if i+1 < len(mvalue):
+                            if mvalue[i].type in self.t_WS and mvalue[i+1].value == '##':
+                                del mvalue[i]
+                                continue
+                            elif mvalue[i].value == '##' and mvalue[i+1].type in self.t_WS:
+                                del mvalue[i+1]
+                        i += 1
+                    m = Macro(name.value,mvalue,[x[0].value for x in args],variadic)
+                    self.macro_prescan(m)
+                    self.macros[name.value] = m
+            else:
+                print("Bad macro definition")
+        except LookupError:
+            print("Bad macro definition")
+
+    # ----------------------------------------------------------------------
+    # undef()
+    #
+    # Undefine a macro
+    # ----------------------------------------------------------------------
+
+    def undef(self,tokens):
+        id = tokens[0].value
+        try:
+            del self.macros[id]
+        except LookupError:
+            pass
+
+    # ----------------------------------------------------------------------
+    # parse()
+    #
+    # Parse input text.
+    # ----------------------------------------------------------------------
+    def parse(self,input,source=None,ignore={}):
+        self.ignore = ignore
+        self.parser = self.parsegen(input,source)
+
+    # ----------------------------------------------------------------------
+    # token()
+    #
+    # Method to return individual tokens
+    # ----------------------------------------------------------------------
+    def token(self):
+        try:
+            while True:
+                tok = next(self.parser)
+                if tok.type not in self.ignore: return tok
+        except StopIteration:
+            self.parser = None
+            return None
+
+if __name__ == '__main__':
+    import ply.lex as lex
+    lexer = lex.lex()
+
+    # Run a preprocessor
+    import sys
+    f = open(sys.argv[1])
+    input = f.read()
+
+    p = Preprocessor(lexer)
+    p.parse(input,sys.argv[1])
+    while True:
+        tok = p.token()
+        if not tok: break
+        print(p.source, tok)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/ctokens.py b/lib/go-jinja2/internal/data/windows-amd64/ply/ctokens.py
new file mode 100644
index 000000000..b265e59ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/ctokens.py
@@ -0,0 +1,127 @@
+# ----------------------------------------------------------------------
+# ctokens.py
+#
+# Token specifications for symbols in ANSI C and C++.  This file is
+# meant to be used as a library in other tokenizers.
+# ----------------------------------------------------------------------
+
+# Reserved words
+
+tokens = [
+    # Literals (identifier, integer constant, float constant, string constant, char const)
+    'ID', 'TYPEID', 'INTEGER', 'FLOAT', 'STRING', 'CHARACTER',
+
+    # Operators (+,-,*,/,%,|,&,~,^,<<,>>, ||, &&, !, <, <=, >, >=, ==, !=)
+    'PLUS', 'MINUS', 'TIMES', 'DIVIDE', 'MODULO',
+    'OR', 'AND', 'NOT', 'XOR', 'LSHIFT', 'RSHIFT',
+    'LOR', 'LAND', 'LNOT',
+    'LT', 'LE', 'GT', 'GE', 'EQ', 'NE',
+
+    # Assignment (=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^=, |=)
+    'EQUALS', 'TIMESEQUAL', 'DIVEQUAL', 'MODEQUAL', 'PLUSEQUAL', 'MINUSEQUAL',
+    'LSHIFTEQUAL','RSHIFTEQUAL', 'ANDEQUAL', 'XOREQUAL', 'OREQUAL',
+
+    # Increment/decrement (++,--)
+    'INCREMENT', 'DECREMENT',
+
+    # Structure dereference (->)
+    'ARROW',
+
+    # Ternary operator (?)
+    'TERNARY',
+
+    # Delimeters ( ) [ ] { } , . ; :
+    'LPAREN', 'RPAREN',
+    'LBRACKET', 'RBRACKET',
+    'LBRACE', 'RBRACE',
+    'COMMA', 'PERIOD', 'SEMI', 'COLON',
+
+    # Ellipsis (...)
+    'ELLIPSIS',
+]
+
+# Operators
+t_PLUS             = r'\+'
+t_MINUS            = r'-'
+t_TIMES            = r'\*'
+t_DIVIDE           = r'/'
+t_MODULO           = r'%'
+t_OR               = r'\|'
+t_AND              = r'&'
+t_NOT              = r'~'
+t_XOR              = r'\^'
+t_LSHIFT           = r'<<'
+t_RSHIFT           = r'>>'
+t_LOR              = r'\|\|'
+t_LAND             = r'&&'
+t_LNOT             = r'!'
+t_LT               = r'<'
+t_GT               = r'>'
+t_LE               = r'<='
+t_GE               = r'>='
+t_EQ               = r'=='
+t_NE               = r'!='
+
+# Assignment operators
+
+t_EQUALS           = r'='
+t_TIMESEQUAL       = r'\*='
+t_DIVEQUAL         = r'/='
+t_MODEQUAL         = r'%='
+t_PLUSEQUAL        = r'\+='
+t_MINUSEQUAL       = r'-='
+t_LSHIFTEQUAL      = r'<<='
+t_RSHIFTEQUAL      = r'>>='
+t_ANDEQUAL         = r'&='
+t_OREQUAL          = r'\|='
+t_XOREQUAL         = r'\^='
+
+# Increment/decrement
+t_INCREMENT        = r'\+\+'
+t_DECREMENT        = r'--'
+
+# ->
+t_ARROW            = r'->'
+
+# ?
+t_TERNARY          = r'\?'
+
+# Delimeters
+t_LPAREN           = r'\('
+t_RPAREN           = r'\)'
+t_LBRACKET         = r'\['
+t_RBRACKET         = r'\]'
+t_LBRACE           = r'\{'
+t_RBRACE           = r'\}'
+t_COMMA            = r','
+t_PERIOD           = r'\.'
+t_SEMI             = r';'
+t_COLON            = r':'
+t_ELLIPSIS         = r'\.\.\.'
+
+# Identifiers
+t_ID = r'[A-Za-z_][A-Za-z0-9_]*'
+
+# Integer literal
+t_INTEGER = r'\d+([uU]|[lL]|[uU][lL]|[lL][uU])?'
+
+# Floating literal
+t_FLOAT = r'((\d+)(\.\d+)(e(\+|-)?(\d+))? | (\d+)e(\+|-)?(\d+))([lL]|[fF])?'
+
+# String literal
+t_STRING = r'\"([^\\\n]|(\\.))*?\"'
+
+# Character constant 'c' or L'c'
+t_CHARACTER = r'(L)?\'([^\\\n]|(\\.))*?\''
+
+# Comment (C-Style)
+def t_COMMENT(t):
+    r'/\*(.|\n)*?\*/'
+    t.lexer.lineno += t.value.count('\n')
+    return t
+
+# Comment (C++-Style)
+def t_CPPCOMMENT(t):
+    r'//.*\n'
+    t.lexer.lineno += 1
+    return t
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/lex.py b/lib/go-jinja2/internal/data/windows-amd64/ply/lex.py
new file mode 100644
index 000000000..f95bcdbf1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/lex.py
@@ -0,0 +1,1098 @@
+# -----------------------------------------------------------------------------
+# ply: lex.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+import re
+import sys
+import types
+import copy
+import os
+import inspect
+
+# This tuple contains known string types
+try:
+    # Python 2.6
+    StringTypes = (types.StringType, types.UnicodeType)
+except AttributeError:
+    # Python 3.0
+    StringTypes = (str, bytes)
+
+# This regular expression is used to match valid token names
+_is_identifier = re.compile(r'^[a-zA-Z0-9_]+$')
+
+# Exception thrown when invalid token encountered and no default error
+# handler is defined.
+class LexError(Exception):
+    def __init__(self, message, s):
+        self.args = (message,)
+        self.text = s
+
+
+# Token class.  This class is used to represent the tokens produced.
+class LexToken(object):
+    def __str__(self):
+        return 'LexToken(%s,%r,%d,%d)' % (self.type, self.value, self.lineno, self.lexpos)
+
+    def __repr__(self):
+        return str(self)
+
+
+# This object is a stand-in for a logging object created by the
+# logging module.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def critical(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    info = critical
+    debug = critical
+
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+
+# -----------------------------------------------------------------------------
+#                        === Lexing Engine ===
+#
+# The following Lexer class implements the lexer runtime.   There are only
+# a few public methods and attributes:
+#
+#    input()          -  Store a new string in the lexer
+#    token()          -  Get the next token
+#    clone()          -  Clone the lexer
+#
+#    lineno           -  Current line number
+#    lexpos           -  Current position in the input string
+# -----------------------------------------------------------------------------
+
+class Lexer:
+    def __init__(self):
+        self.lexre = None             # Master regular expression. This is a list of
+                                      # tuples (re, findex) where re is a compiled
+                                      # regular expression and findex is a list
+                                      # mapping regex group numbers to rules
+        self.lexretext = None         # Current regular expression strings
+        self.lexstatere = {}          # Dictionary mapping lexer states to master regexs
+        self.lexstateretext = {}      # Dictionary mapping lexer states to regex strings
+        self.lexstaterenames = {}     # Dictionary mapping lexer states to symbol names
+        self.lexstate = 'INITIAL'     # Current lexer state
+        self.lexstatestack = []       # Stack of lexer states
+        self.lexstateinfo = None      # State information
+        self.lexstateignore = {}      # Dictionary of ignored characters for each state
+        self.lexstateerrorf = {}      # Dictionary of error functions for each state
+        self.lexstateeoff = {}        # Dictionary of eof functions for each state
+        self.lexreflags = 0           # Optional re compile flags
+        self.lexdata = None           # Actual input data (as a string)
+        self.lexpos = 0               # Current position in input text
+        self.lexlen = 0               # Length of the input text
+        self.lexerrorf = None         # Error rule (if any)
+        self.lexeoff = None           # EOF rule (if any)
+        self.lextokens = None         # List of valid tokens
+        self.lexignore = ''           # Ignored characters
+        self.lexliterals = ''         # Literal characters that can be passed through
+        self.lexmodule = None         # Module
+        self.lineno = 1               # Current line number
+        self.lexoptimize = False      # Optimized mode
+
+    def clone(self, object=None):
+        c = copy.copy(self)
+
+        # If the object parameter has been supplied, it means we are attaching the
+        # lexer to a new object.  In this case, we have to rebind all methods in
+        # the lexstatere and lexstateerrorf tables.
+
+        if object:
+            newtab = {}
+            for key, ritem in self.lexstatere.items():
+                newre = []
+                for cre, findex in ritem:
+                    newfindex = []
+                    for f in findex:
+                        if not f or not f[0]:
+                            newfindex.append(f)
+                            continue
+                        newfindex.append((getattr(object, f[0].__name__), f[1]))
+                newre.append((cre, newfindex))
+                newtab[key] = newre
+            c.lexstatere = newtab
+            c.lexstateerrorf = {}
+            for key, ef in self.lexstateerrorf.items():
+                c.lexstateerrorf[key] = getattr(object, ef.__name__)
+            c.lexmodule = object
+        return c
+
+    # ------------------------------------------------------------
+    # writetab() - Write lexer information to a table file
+    # ------------------------------------------------------------
+    def writetab(self, lextab, outputdir=''):
+        if isinstance(lextab, types.ModuleType):
+            raise IOError("Won't overwrite existing lextab module")
+        basetabmodule = lextab.split('.')[-1]
+        filename = os.path.join(outputdir, basetabmodule) + '.py'
+        with open(filename, 'w') as tf:
+            tf.write('# %s.py. This file automatically created by PLY (version %s). Don\'t edit!\n' % (basetabmodule, __version__))
+            tf.write('_tabversion   = %s\n' % repr(__tabversion__))
+            tf.write('_lextokens    = set(%s)\n' % repr(tuple(sorted(self.lextokens))))
+            tf.write('_lexreflags   = %s\n' % repr(int(self.lexreflags)))
+            tf.write('_lexliterals  = %s\n' % repr(self.lexliterals))
+            tf.write('_lexstateinfo = %s\n' % repr(self.lexstateinfo))
+
+            # Rewrite the lexstatere table, replacing function objects with function names
+            tabre = {}
+            for statename, lre in self.lexstatere.items():
+                titem = []
+                for (pat, func), retext, renames in zip(lre, self.lexstateretext[statename], self.lexstaterenames[statename]):
+                    titem.append((retext, _funcs_to_names(func, renames)))
+                tabre[statename] = titem
+
+            tf.write('_lexstatere   = %s\n' % repr(tabre))
+            tf.write('_lexstateignore = %s\n' % repr(self.lexstateignore))
+
+            taberr = {}
+            for statename, ef in self.lexstateerrorf.items():
+                taberr[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateerrorf = %s\n' % repr(taberr))
+
+            tabeof = {}
+            for statename, ef in self.lexstateeoff.items():
+                tabeof[statename] = ef.__name__ if ef else None
+            tf.write('_lexstateeoff = %s\n' % repr(tabeof))
+
+    # ------------------------------------------------------------
+    # readtab() - Read lexer information from a tab file
+    # ------------------------------------------------------------
+    def readtab(self, tabfile, fdict):
+        if isinstance(tabfile, types.ModuleType):
+            lextab = tabfile
+        else:
+            exec('import %s' % tabfile)
+            lextab = sys.modules[tabfile]
+
+        if getattr(lextab, '_tabversion', '0.0') != __tabversion__:
+            raise ImportError('Inconsistent PLY version')
+
+        self.lextokens      = lextab._lextokens
+        self.lexreflags     = lextab._lexreflags
+        self.lexliterals    = lextab._lexliterals
+        self.lextokens_all  = self.lextokens | set(self.lexliterals)
+        self.lexstateinfo   = lextab._lexstateinfo
+        self.lexstateignore = lextab._lexstateignore
+        self.lexstatere     = {}
+        self.lexstateretext = {}
+        for statename, lre in lextab._lexstatere.items():
+            titem = []
+            txtitem = []
+            for pat, func_name in lre:
+                titem.append((re.compile(pat, lextab._lexreflags), _names_to_funcs(func_name, fdict)))
+
+            self.lexstatere[statename] = titem
+            self.lexstateretext[statename] = txtitem
+
+        self.lexstateerrorf = {}
+        for statename, ef in lextab._lexstateerrorf.items():
+            self.lexstateerrorf[statename] = fdict[ef]
+
+        self.lexstateeoff = {}
+        for statename, ef in lextab._lexstateeoff.items():
+            self.lexstateeoff[statename] = fdict[ef]
+
+        self.begin('INITIAL')
+
+    # ------------------------------------------------------------
+    # input() - Push a new string into the lexer
+    # ------------------------------------------------------------
+    def input(self, s):
+        # Pull off the first character to see if s looks like a string
+        c = s[:1]
+        if not isinstance(c, StringTypes):
+            raise ValueError('Expected a string')
+        self.lexdata = s
+        self.lexpos = 0
+        self.lexlen = len(s)
+
+    # ------------------------------------------------------------
+    # begin() - Changes the lexing state
+    # ------------------------------------------------------------
+    def begin(self, state):
+        if state not in self.lexstatere:
+            raise ValueError('Undefined state')
+        self.lexre = self.lexstatere[state]
+        self.lexretext = self.lexstateretext[state]
+        self.lexignore = self.lexstateignore.get(state, '')
+        self.lexerrorf = self.lexstateerrorf.get(state, None)
+        self.lexeoff = self.lexstateeoff.get(state, None)
+        self.lexstate = state
+
+    # ------------------------------------------------------------
+    # push_state() - Changes the lexing state and saves old on stack
+    # ------------------------------------------------------------
+    def push_state(self, state):
+        self.lexstatestack.append(self.lexstate)
+        self.begin(state)
+
+    # ------------------------------------------------------------
+    # pop_state() - Restores the previous state
+    # ------------------------------------------------------------
+    def pop_state(self):
+        self.begin(self.lexstatestack.pop())
+
+    # ------------------------------------------------------------
+    # current_state() - Returns the current lexing state
+    # ------------------------------------------------------------
+    def current_state(self):
+        return self.lexstate
+
+    # ------------------------------------------------------------
+    # skip() - Skip ahead n characters
+    # ------------------------------------------------------------
+    def skip(self, n):
+        self.lexpos += n
+
+    # ------------------------------------------------------------
+    # opttoken() - Return the next token from the Lexer
+    #
+    # Note: This function has been carefully implemented to be as fast
+    # as possible.  Don't make changes unless you really know what
+    # you are doing
+    # ------------------------------------------------------------
+    def token(self):
+        # Make local copies of frequently referenced attributes
+        lexpos    = self.lexpos
+        lexlen    = self.lexlen
+        lexignore = self.lexignore
+        lexdata   = self.lexdata
+
+        while lexpos < lexlen:
+            # This code provides some short-circuit code for whitespace, tabs, and other ignored characters
+            if lexdata[lexpos] in lexignore:
+                lexpos += 1
+                continue
+
+            # Look for a regular expression match
+            for lexre, lexindexfunc in self.lexre:
+                m = lexre.match(lexdata, lexpos)
+                if not m:
+                    continue
+
+                # Create a token for return
+                tok = LexToken()
+                tok.value = m.group()
+                tok.lineno = self.lineno
+                tok.lexpos = lexpos
+
+                i = m.lastindex
+                func, tok.type = lexindexfunc[i]
+
+                if not func:
+                    # If no token type was set, it's an ignored token
+                    if tok.type:
+                        self.lexpos = m.end()
+                        return tok
+                    else:
+                        lexpos = m.end()
+                        break
+
+                lexpos = m.end()
+
+                # If token is processed by a function, call it
+
+                tok.lexer = self      # Set additional attributes useful in token rules
+                self.lexmatch = m
+                self.lexpos = lexpos
+
+                newtok = func(tok)
+
+                # Every function must return a token, if nothing, we just move to next token
+                if not newtok:
+                    lexpos    = self.lexpos         # This is here in case user has updated lexpos.
+                    lexignore = self.lexignore      # This is here in case there was a state change
+                    break
+
+                # Verify type of the token.  If not in the token map, raise an error
+                if not self.lexoptimize:
+                    if newtok.type not in self.lextokens_all:
+                        raise LexError("%s:%d: Rule '%s' returned an unknown token type '%s'" % (
+                            func.__code__.co_filename, func.__code__.co_firstlineno,
+                            func.__name__, newtok.type), lexdata[lexpos:])
+
+                return newtok
+            else:
+                # No match, see if in literals
+                if lexdata[lexpos] in self.lexliterals:
+                    tok = LexToken()
+                    tok.value = lexdata[lexpos]
+                    tok.lineno = self.lineno
+                    tok.type = tok.value
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos + 1
+                    return tok
+
+                # No match. Call t_error() if defined.
+                if self.lexerrorf:
+                    tok = LexToken()
+                    tok.value = self.lexdata[lexpos:]
+                    tok.lineno = self.lineno
+                    tok.type = 'error'
+                    tok.lexer = self
+                    tok.lexpos = lexpos
+                    self.lexpos = lexpos
+                    newtok = self.lexerrorf(tok)
+                    if lexpos == self.lexpos:
+                        # Error method didn't change text position at all. This is an error.
+                        raise LexError("Scanning error. Illegal character '%s'" % (lexdata[lexpos]), lexdata[lexpos:])
+                    lexpos = self.lexpos
+                    if not newtok:
+                        continue
+                    return newtok
+
+                self.lexpos = lexpos
+                raise LexError("Illegal character '%s' at index %d" % (lexdata[lexpos], lexpos), lexdata[lexpos:])
+
+        if self.lexeoff:
+            tok = LexToken()
+            tok.type = 'eof'
+            tok.value = ''
+            tok.lineno = self.lineno
+            tok.lexpos = lexpos
+            tok.lexer = self
+            self.lexpos = lexpos
+            newtok = self.lexeoff(tok)
+            return newtok
+
+        self.lexpos = lexpos + 1
+        if self.lexdata is None:
+            raise RuntimeError('No input string given with input()')
+        return None
+
+    # Iterator interface
+    def __iter__(self):
+        return self
+
+    def next(self):
+        t = self.token()
+        if t is None:
+            raise StopIteration
+        return t
+
+    __next__ = next
+
+# -----------------------------------------------------------------------------
+#                           ==== Lex Builder ===
+#
+# The functions and classes below are used to collect lexing information
+# and build a Lexer object from it.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# _get_regex(func)
+#
+# Returns the regular expression assigned to a function either as a doc string
+# or as a .regex attribute attached by the @TOKEN decorator.
+# -----------------------------------------------------------------------------
+def _get_regex(func):
+    return getattr(func, 'regex', func.__doc__)
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# _funcs_to_names()
+#
+# Given a list of regular expression functions, this converts it to a list
+# suitable for output to a table file
+# -----------------------------------------------------------------------------
+def _funcs_to_names(funclist, namelist):
+    result = []
+    for f, name in zip(funclist, namelist):
+        if f and f[0]:
+            result.append((name, f[1]))
+        else:
+            result.append(f)
+    return result
+
+# -----------------------------------------------------------------------------
+# _names_to_funcs()
+#
+# Given a list of regular expression function names, this converts it back to
+# functions.
+# -----------------------------------------------------------------------------
+def _names_to_funcs(namelist, fdict):
+    result = []
+    for n in namelist:
+        if n and n[0]:
+            result.append((fdict[n[0]], n[1]))
+        else:
+            result.append(n)
+    return result
+
+# -----------------------------------------------------------------------------
+# _form_master_re()
+#
+# This function takes a list of all of the regex components and attempts to
+# form the master regular expression.  Given limitations in the Python re
+# module, it may be necessary to break the master regex into separate expressions.
+# -----------------------------------------------------------------------------
+def _form_master_re(relist, reflags, ldict, toknames):
+    if not relist:
+        return []
+    regex = '|'.join(relist)
+    try:
+        lexre = re.compile(regex, reflags)
+
+        # Build the index to function map for the matching engine
+        lexindexfunc = [None] * (max(lexre.groupindex.values()) + 1)
+        lexindexnames = lexindexfunc[:]
+
+        for f, i in lexre.groupindex.items():
+            handle = ldict.get(f, None)
+            if type(handle) in (types.FunctionType, types.MethodType):
+                lexindexfunc[i] = (handle, toknames[f])
+                lexindexnames[i] = f
+            elif handle is not None:
+                lexindexnames[i] = f
+                if f.find('ignore_') > 0:
+                    lexindexfunc[i] = (None, None)
+                else:
+                    lexindexfunc[i] = (None, toknames[f])
+
+        return [(lexre, lexindexfunc)], [regex], [lexindexnames]
+    except Exception:
+        m = int(len(relist)/2)
+        if m == 0:
+            m = 1
+        llist, lre, lnames = _form_master_re(relist[:m], reflags, ldict, toknames)
+        rlist, rre, rnames = _form_master_re(relist[m:], reflags, ldict, toknames)
+        return (llist+rlist), (lre+rre), (lnames+rnames)
+
+# -----------------------------------------------------------------------------
+# def _statetoken(s,names)
+#
+# Given a declaration name s of the form "t_" and a dictionary whose keys are
+# state names, this function returns a tuple (states,tokenname) where states
+# is a tuple of state names and tokenname is the name of the token.  For example,
+# calling this with s = "t_foo_bar_SPAM" might return (('foo','bar'),'SPAM')
+# -----------------------------------------------------------------------------
+def _statetoken(s, names):
+    parts = s.split('_')
+    for i, part in enumerate(parts[1:], 1):
+        if part not in names and part != 'ANY':
+            break
+
+    if i > 1:
+        states = tuple(parts[1:i])
+    else:
+        states = ('INITIAL',)
+
+    if 'ANY' in states:
+        states = tuple(names)
+
+    tokenname = '_'.join(parts[i:])
+    return (states, tokenname)
+
+
+# -----------------------------------------------------------------------------
+# LexerReflect()
+#
+# This class represents information needed to build a lexer as extracted from a
+# user's input file.
+# -----------------------------------------------------------------------------
+class LexerReflect(object):
+    def __init__(self, ldict, log=None, reflags=0):
+        self.ldict      = ldict
+        self.error_func = None
+        self.tokens     = []
+        self.reflags    = reflags
+        self.stateinfo  = {'INITIAL': 'inclusive'}
+        self.modules    = set()
+        self.error      = False
+        self.log        = PlyLogger(sys.stderr) if log is None else log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_tokens()
+        self.get_literals()
+        self.get_states()
+        self.get_rules()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_tokens()
+        self.validate_literals()
+        self.validate_rules()
+        return self.error
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.ldict.get('tokens', None)
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = tokens
+
+    # Validate the tokens
+    def validate_tokens(self):
+        terminals = {}
+        for n in self.tokens:
+            if not _is_identifier.match(n):
+                self.log.error("Bad token name '%s'", n)
+                self.error = True
+            if n in terminals:
+                self.log.warning("Token '%s' multiply defined", n)
+            terminals[n] = 1
+
+    # Get the literals specifier
+    def get_literals(self):
+        self.literals = self.ldict.get('literals', '')
+        if not self.literals:
+            self.literals = ''
+
+    # Validate literals
+    def validate_literals(self):
+        try:
+            for c in self.literals:
+                if not isinstance(c, StringTypes) or len(c) > 1:
+                    self.log.error('Invalid literal %s. Must be a single character', repr(c))
+                    self.error = True
+
+        except TypeError:
+            self.log.error('Invalid literals specification. literals must be a sequence of characters')
+            self.error = True
+
+    def get_states(self):
+        self.states = self.ldict.get('states', None)
+        # Build statemap
+        if self.states:
+            if not isinstance(self.states, (tuple, list)):
+                self.log.error('states must be defined as a tuple or list')
+                self.error = True
+            else:
+                for s in self.states:
+                    if not isinstance(s, tuple) or len(s) != 2:
+                        self.log.error("Invalid state specifier %s. Must be a tuple (statename,'exclusive|inclusive')", repr(s))
+                        self.error = True
+                        continue
+                    name, statetype = s
+                    if not isinstance(name, StringTypes):
+                        self.log.error('State name %s must be a string', repr(name))
+                        self.error = True
+                        continue
+                    if not (statetype == 'inclusive' or statetype == 'exclusive'):
+                        self.log.error("State type for state %s must be 'inclusive' or 'exclusive'", name)
+                        self.error = True
+                        continue
+                    if name in self.stateinfo:
+                        self.log.error("State '%s' already defined", name)
+                        self.error = True
+                        continue
+                    self.stateinfo[name] = statetype
+
+    # Get all of the symbols with a t_ prefix and sort them into various
+    # categories (functions, strings, error functions, and ignore characters)
+
+    def get_rules(self):
+        tsymbols = [f for f in self.ldict if f[:2] == 't_']
+
+        # Now build up a list of functions and a list of strings
+        self.toknames = {}        # Mapping of symbols to token names
+        self.funcsym  = {}        # Symbols defined as functions
+        self.strsym   = {}        # Symbols defined as strings
+        self.ignore   = {}        # Ignore strings by state
+        self.errorf   = {}        # Error functions by state
+        self.eoff     = {}        # EOF functions by state
+
+        for s in self.stateinfo:
+            self.funcsym[s] = []
+            self.strsym[s] = []
+
+        if len(tsymbols) == 0:
+            self.log.error('No rules of the form t_rulename are defined')
+            self.error = True
+            return
+
+        for f in tsymbols:
+            t = self.ldict[f]
+            states, tokname = _statetoken(f, self.stateinfo)
+            self.toknames[f] = tokname
+
+            if hasattr(t, '__call__'):
+                if tokname == 'error':
+                    for s in states:
+                        self.errorf[s] = t
+                elif tokname == 'eof':
+                    for s in states:
+                        self.eoff[s] = t
+                elif tokname == 'ignore':
+                    line = t.__code__.co_firstlineno
+                    file = t.__code__.co_filename
+                    self.log.error("%s:%d: Rule '%s' must be defined as a string", file, line, t.__name__)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.funcsym[s].append((f, t))
+            elif isinstance(t, StringTypes):
+                if tokname == 'ignore':
+                    for s in states:
+                        self.ignore[s] = t
+                    if '\\' in t:
+                        self.log.warning("%s contains a literal backslash '\\'", f)
+
+                elif tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", f)
+                    self.error = True
+                else:
+                    for s in states:
+                        self.strsym[s].append((f, t))
+            else:
+                self.log.error('%s not defined as a function or string', f)
+                self.error = True
+
+        # Sort the functions by line number
+        for f in self.funcsym.values():
+            f.sort(key=lambda x: x[1].__code__.co_firstlineno)
+
+        # Sort the strings by regular expression length
+        for s in self.strsym.values():
+            s.sort(key=lambda x: len(x[1]), reverse=True)
+
+    # Validate all of the t_rules collected
+    def validate_rules(self):
+        for state in self.stateinfo:
+            # Validate all rules defined by functions
+
+            for fname, f in self.funcsym[state]:
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                tokname = self.toknames[fname]
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                if not _get_regex(f):
+                    self.log.error("%s:%d: No regular expression defined for rule '%s'", file, line, f.__name__)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (fname, _get_regex(f)), self.reflags)
+                    if c.match(''):
+                        self.log.error("%s:%d: Regular expression for rule '%s' matches empty string", file, line, f.__name__)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("%s:%d: Invalid regular expression for rule '%s'. %s", file, line, f.__name__, e)
+                    if '#' in _get_regex(f):
+                        self.log.error("%s:%d. Make sure '#' in rule '%s' is escaped with '\\#'", file, line, f.__name__)
+                    self.error = True
+
+            # Validate all rules defined by strings
+            for name, r in self.strsym[state]:
+                tokname = self.toknames[name]
+                if tokname == 'error':
+                    self.log.error("Rule '%s' must be defined as a function", name)
+                    self.error = True
+                    continue
+
+                if tokname not in self.tokens and tokname.find('ignore_') < 0:
+                    self.log.error("Rule '%s' defined for an unspecified token %s", name, tokname)
+                    self.error = True
+                    continue
+
+                try:
+                    c = re.compile('(?P<%s>%s)' % (name, r), self.reflags)
+                    if (c.match('')):
+                        self.log.error("Regular expression for rule '%s' matches empty string", name)
+                        self.error = True
+                except re.error as e:
+                    self.log.error("Invalid regular expression for rule '%s'. %s", name, e)
+                    if '#' in r:
+                        self.log.error("Make sure '#' in rule '%s' is escaped with '\\#'", name)
+                    self.error = True
+
+            if not self.funcsym[state] and not self.strsym[state]:
+                self.log.error("No rules defined for state '%s'", state)
+                self.error = True
+
+            # Validate the error function
+            efunc = self.errorf.get(state, None)
+            if efunc:
+                f = efunc
+                line = f.__code__.co_firstlineno
+                file = f.__code__.co_filename
+                module = inspect.getmodule(f)
+                self.modules.add(module)
+
+                if isinstance(f, types.MethodType):
+                    reqargs = 2
+                else:
+                    reqargs = 1
+                nargs = f.__code__.co_argcount
+                if nargs > reqargs:
+                    self.log.error("%s:%d: Rule '%s' has too many arguments", file, line, f.__name__)
+                    self.error = True
+
+                if nargs < reqargs:
+                    self.log.error("%s:%d: Rule '%s' requires an argument", file, line, f.__name__)
+                    self.error = True
+
+        for module in self.modules:
+            self.validate_module(module)
+
+    # -----------------------------------------------------------------------------
+    # validate_module()
+    #
+    # This checks to see if there are duplicated t_rulename() functions or strings
+    # in the parser input file.  This is done using a simple regular expression
+    # match on each line in the source code of the given module.
+    # -----------------------------------------------------------------------------
+
+    def validate_module(self, module):
+        try:
+            lines, linen = inspect.getsourcelines(module)
+        except IOError:
+            return
+
+        fre = re.compile(r'\s*def\s+(t_[a-zA-Z_0-9]*)\(')
+        sre = re.compile(r'\s*(t_[a-zA-Z_0-9]*)\s*=')
+
+        counthash = {}
+        linen += 1
+        for line in lines:
+            m = fre.match(line)
+            if not m:
+                m = sre.match(line)
+            if m:
+                name = m.group(1)
+                prev = counthash.get(name)
+                if not prev:
+                    counthash[name] = linen
+                else:
+                    filename = inspect.getsourcefile(module)
+                    self.log.error('%s:%d: Rule %s redefined. Previously defined on line %d', filename, linen, name, prev)
+                    self.error = True
+            linen += 1
+
+# -----------------------------------------------------------------------------
+# lex(module)
+#
+# Build all of the regular expression rules from definitions in the supplied module
+# -----------------------------------------------------------------------------
+def lex(module=None, object=None, debug=False, optimize=False, lextab='lextab',
+        reflags=int(re.VERBOSE), nowarn=False, outputdir=None, debuglog=None, errorlog=None):
+
+    if lextab is None:
+        lextab = 'lextab'
+
+    global lexer
+
+    ldict = None
+    stateinfo  = {'INITIAL': 'inclusive'}
+    lexobj = Lexer()
+    lexobj.lexoptimize = optimize
+    global token, input
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    if debug:
+        if debuglog is None:
+            debuglog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the lexer
+    if object:
+        module = object
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        ldict = dict(_items)
+        # If no __file__ attribute is available, try to obtain it from the __module__ instead
+        if '__file__' not in ldict:
+            ldict['__file__'] = sys.modules[ldict['__module__']].__file__
+    else:
+        ldict = get_caller_module_dict(2)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = ldict.get('__package__')
+    if pkg and isinstance(lextab, str):
+        if '.' not in lextab:
+            lextab = pkg + '.' + lextab
+
+    # Collect parser information from the dictionary
+    linfo = LexerReflect(ldict, log=errorlog, reflags=reflags)
+    linfo.get_all()
+    if not optimize:
+        if linfo.validate_all():
+            raise SyntaxError("Can't build lexer")
+
+    if optimize and lextab:
+        try:
+            lexobj.readtab(lextab, ldict)
+            token = lexobj.token
+            input = lexobj.input
+            lexer = lexobj
+            return lexobj
+
+        except ImportError:
+            pass
+
+    # Dump some basic debugging information
+    if debug:
+        debuglog.info('lex: tokens   = %r', linfo.tokens)
+        debuglog.info('lex: literals = %r', linfo.literals)
+        debuglog.info('lex: states   = %r', linfo.stateinfo)
+
+    # Build a dictionary of valid token names
+    lexobj.lextokens = set()
+    for n in linfo.tokens:
+        lexobj.lextokens.add(n)
+
+    # Get literals specification
+    if isinstance(linfo.literals, (list, tuple)):
+        lexobj.lexliterals = type(linfo.literals[0])().join(linfo.literals)
+    else:
+        lexobj.lexliterals = linfo.literals
+
+    lexobj.lextokens_all = lexobj.lextokens | set(lexobj.lexliterals)
+
+    # Get the stateinfo dictionary
+    stateinfo = linfo.stateinfo
+
+    regexs = {}
+    # Build the master regular expressions
+    for state in stateinfo:
+        regex_list = []
+
+        # Add rules defined by functions first
+        for fname, f in linfo.funcsym[state]:
+            regex_list.append('(?P<%s>%s)' % (fname, _get_regex(f)))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", fname, _get_regex(f), state)
+
+        # Now add all of the simple rules
+        for name, r in linfo.strsym[state]:
+            regex_list.append('(?P<%s>%s)' % (name, r))
+            if debug:
+                debuglog.info("lex: Adding rule %s -> '%s' (state '%s')", name, r, state)
+
+        regexs[state] = regex_list
+
+    # Build the master regular expressions
+
+    if debug:
+        debuglog.info('lex: ==== MASTER REGEXS FOLLOW ====')
+
+    for state in regexs:
+        lexre, re_text, re_names = _form_master_re(regexs[state], reflags, ldict, linfo.toknames)
+        lexobj.lexstatere[state] = lexre
+        lexobj.lexstateretext[state] = re_text
+        lexobj.lexstaterenames[state] = re_names
+        if debug:
+            for i, text in enumerate(re_text):
+                debuglog.info("lex: state '%s' : regex[%d] = '%s'", state, i, text)
+
+    # For inclusive states, we need to add the regular expressions from the INITIAL state
+    for state, stype in stateinfo.items():
+        if state != 'INITIAL' and stype == 'inclusive':
+            lexobj.lexstatere[state].extend(lexobj.lexstatere['INITIAL'])
+            lexobj.lexstateretext[state].extend(lexobj.lexstateretext['INITIAL'])
+            lexobj.lexstaterenames[state].extend(lexobj.lexstaterenames['INITIAL'])
+
+    lexobj.lexstateinfo = stateinfo
+    lexobj.lexre = lexobj.lexstatere['INITIAL']
+    lexobj.lexretext = lexobj.lexstateretext['INITIAL']
+    lexobj.lexreflags = reflags
+
+    # Set up ignore variables
+    lexobj.lexstateignore = linfo.ignore
+    lexobj.lexignore = lexobj.lexstateignore.get('INITIAL', '')
+
+    # Set up error functions
+    lexobj.lexstateerrorf = linfo.errorf
+    lexobj.lexerrorf = linfo.errorf.get('INITIAL', None)
+    if not lexobj.lexerrorf:
+        errorlog.warning('No t_error rule is defined')
+
+    # Set up eof functions
+    lexobj.lexstateeoff = linfo.eoff
+    lexobj.lexeoff = linfo.eoff.get('INITIAL', None)
+
+    # Check state information for ignore and error rules
+    for s, stype in stateinfo.items():
+        if stype == 'exclusive':
+            if s not in linfo.errorf:
+                errorlog.warning("No error rule is defined for exclusive state '%s'", s)
+            if s not in linfo.ignore and lexobj.lexignore:
+                errorlog.warning("No ignore rule is defined for exclusive state '%s'", s)
+        elif stype == 'inclusive':
+            if s not in linfo.errorf:
+                linfo.errorf[s] = linfo.errorf.get('INITIAL', None)
+            if s not in linfo.ignore:
+                linfo.ignore[s] = linfo.ignore.get('INITIAL', '')
+
+    # Create global versions of the token() and input() functions
+    token = lexobj.token
+    input = lexobj.input
+    lexer = lexobj
+
+    # If in optimize mode, we write the lextab
+    if lextab and optimize:
+        if outputdir is None:
+            # If no output directory is set, the location of the output files
+            # is determined according to the following rules:
+            #     - If lextab specifies a package, files go into that package directory
+            #     - Otherwise, files go in the same directory as the specifying module
+            if isinstance(lextab, types.ModuleType):
+                srcfile = lextab.__file__
+            else:
+                if '.' not in lextab:
+                    srcfile = ldict['__file__']
+                else:
+                    parts = lextab.split('.')
+                    pkgname = '.'.join(parts[:-1])
+                    exec('import %s' % pkgname)
+                    srcfile = getattr(sys.modules[pkgname], '__file__', '')
+            outputdir = os.path.dirname(srcfile)
+        try:
+            lexobj.writetab(lextab, outputdir)
+            if lextab in sys.modules:
+                del sys.modules[lextab]
+        except IOError as e:
+            errorlog.warning("Couldn't write lextab module %r. %s" % (lextab, e))
+
+    return lexobj
+
+# -----------------------------------------------------------------------------
+# runmain()
+#
+# This runs the lexer as a main program
+# -----------------------------------------------------------------------------
+
+def runmain(lexer=None, data=None):
+    if not data:
+        try:
+            filename = sys.argv[1]
+            f = open(filename)
+            data = f.read()
+            f.close()
+        except IndexError:
+            sys.stdout.write('Reading from standard input (type EOF to end):\n')
+            data = sys.stdin.read()
+
+    if lexer:
+        _input = lexer.input
+    else:
+        _input = input
+    _input(data)
+    if lexer:
+        _token = lexer.token
+    else:
+        _token = token
+
+    while True:
+        tok = _token()
+        if not tok:
+            break
+        sys.stdout.write('(%s,%r,%d,%d)\n' % (tok.type, tok.value, tok.lineno, tok.lexpos))
+
+# -----------------------------------------------------------------------------
+# @TOKEN(regex)
+#
+# This decorator function can be used to set the regex expression on a function
+# when its docstring might need to be set in an alternative way
+# -----------------------------------------------------------------------------
+
+def TOKEN(r):
+    def set_regex(f):
+        if hasattr(r, '__call__'):
+            f.regex = _get_regex(r)
+        else:
+            f.regex = r
+        return f
+    return set_regex
+
+# Alternative spelling of the TOKEN decorator
+Token = TOKEN
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/yacc.py b/lib/go-jinja2/internal/data/windows-amd64/ply/yacc.py
new file mode 100644
index 000000000..88188a1e8
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/yacc.py
@@ -0,0 +1,3502 @@
+# -----------------------------------------------------------------------------
+# ply: yacc.py
+#
+# Copyright (C) 2001-2018
+# David M. Beazley (Dabeaz LLC)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# * Neither the name of the David Beazley or Dabeaz LLC may be used to
+#   endorse or promote products derived from this software without
+#  specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# This implements an LR parser that is constructed from grammar rules defined
+# as Python functions. The grammar is specified by supplying the BNF inside
+# Python documentation strings.  The inspiration for this technique was borrowed
+# from John Aycock's Spark parsing system.  PLY might be viewed as cross between
+# Spark and the GNU bison utility.
+#
+# The current implementation is only somewhat object-oriented. The
+# LR parser itself is defined in terms of an object (which allows multiple
+# parsers to co-exist).  However, most of the variables used during table
+# construction are defined in terms of global variables.  Users shouldn't
+# notice unless they are trying to define multiple parsers at the same
+# time using threads (in which case they should have their head examined).
+#
+# This implementation supports both SLR and LALR(1) parsing.  LALR(1)
+# support was originally implemented by Elias Ioup (ezioup@alumni.uchicago.edu),
+# using the algorithm found in Aho, Sethi, and Ullman "Compilers: Principles,
+# Techniques, and Tools" (The Dragon Book).  LALR(1) has since been replaced
+# by the more efficient DeRemer and Pennello algorithm.
+#
+# :::::::: WARNING :::::::
+#
+# Construction of LR parsing tables is fairly complicated and expensive.
+# To make this module run fast, a *LOT* of work has been put into
+# optimization---often at the expensive of readability and what might
+# consider to be good Python "coding style."   Modify the code at your
+# own risk!
+# ----------------------------------------------------------------------------
+
+import re
+import types
+import sys
+import os.path
+import inspect
+import warnings
+
+__version__    = '3.11'
+__tabversion__ = '3.10'
+
+#-----------------------------------------------------------------------------
+#                     === User configurable parameters ===
+#
+# Change these to modify the default behavior of yacc (if you wish)
+#-----------------------------------------------------------------------------
+
+yaccdebug   = True             # Debugging mode.  If set, yacc generates a
+                               # a 'parser.out' file in the current directory
+
+debug_file  = 'parser.out'     # Default name of the debugging file
+tab_module  = 'parsetab'       # Default name of the table module
+default_lr  = 'LALR'           # Default LR table generation method
+
+error_count = 3                # Number of symbols that must be shifted to leave recovery mode
+
+yaccdevel   = False            # Set to True if developing yacc.  This turns off optimized
+                               # implementations of certain functions.
+
+resultlimit = 40               # Size limit of results when running in debug mode.
+
+pickle_protocol = 0            # Protocol to use when writing pickle files
+
+# String type-checking compatibility
+if sys.version_info[0] < 3:
+    string_types = basestring
+else:
+    string_types = str
+
+MAXINT = sys.maxsize
+
+# This object is a stand-in for a logging object created by the
+# logging module.   PLY will use this by default to create things
+# such as the parser.out file.  If a user wants more detailed
+# information, they can create their own logging object and pass
+# it into PLY.
+
+class PlyLogger(object):
+    def __init__(self, f):
+        self.f = f
+
+    def debug(self, msg, *args, **kwargs):
+        self.f.write((msg % args) + '\n')
+
+    info = debug
+
+    def warning(self, msg, *args, **kwargs):
+        self.f.write('WARNING: ' + (msg % args) + '\n')
+
+    def error(self, msg, *args, **kwargs):
+        self.f.write('ERROR: ' + (msg % args) + '\n')
+
+    critical = debug
+
+# Null logger is used when no output is generated. Does nothing.
+class NullLogger(object):
+    def __getattribute__(self, name):
+        return self
+
+    def __call__(self, *args, **kwargs):
+        return self
+
+# Exception raised for yacc-related errors
+class YaccError(Exception):
+    pass
+
+# Format the result message that the parser produces when running in debug mode.
+def format_result(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) > resultlimit:
+        repr_str = repr_str[:resultlimit] + ' ...'
+    result = '<%s @ 0x%x> (%s)' % (type(r).__name__, id(r), repr_str)
+    return result
+
+# Format stack entries when the parser is running in debug mode
+def format_stack_entry(r):
+    repr_str = repr(r)
+    if '\n' in repr_str:
+        repr_str = repr(repr_str)
+    if len(repr_str) < 16:
+        return repr_str
+    else:
+        return '<%s @ 0x%x>' % (type(r).__name__, id(r))
+
+# Panic mode error recovery support.   This feature is being reworked--much of the
+# code here is to offer a deprecation/backwards compatible transition
+
+_errok = None
+_token = None
+_restart = None
+_warnmsg = '''PLY: Don't use global functions errok(), token(), and restart() in p_error().
+Instead, invoke the methods on the associated parser instance:
+
+    def p_error(p):
+        ...
+        # Use parser.errok(), parser.token(), parser.restart()
+        ...
+
+    parser = yacc.yacc()
+'''
+
+def errok():
+    warnings.warn(_warnmsg)
+    return _errok()
+
+def restart():
+    warnings.warn(_warnmsg)
+    return _restart()
+
+def token():
+    warnings.warn(_warnmsg)
+    return _token()
+
+# Utility function to call the p_error() function with some deprecation hacks
+def call_errorfunc(errorfunc, token, parser):
+    global _errok, _token, _restart
+    _errok = parser.errok
+    _token = parser.token
+    _restart = parser.restart
+    r = errorfunc(token)
+    try:
+        del _errok, _token, _restart
+    except NameError:
+        pass
+    return r
+
+#-----------------------------------------------------------------------------
+#                        ===  LR Parsing Engine ===
+#
+# The following classes are used for the LR parser itself.  These are not
+# used during table construction and are independent of the actual LR
+# table generation algorithm
+#-----------------------------------------------------------------------------
+
+# This class is used to hold non-terminal grammar symbols during parsing.
+# It normally has the following attributes set:
+#        .type       = Grammar symbol type
+#        .value      = Symbol value
+#        .lineno     = Starting line number
+#        .endlineno  = Ending line number (optional, set automatically)
+#        .lexpos     = Starting lex position
+#        .endlexpos  = Ending lex position (optional, set automatically)
+
+class YaccSymbol:
+    def __str__(self):
+        return self.type
+
+    def __repr__(self):
+        return str(self)
+
+# This class is a wrapper around the objects actually passed to each
+# grammar rule.   Index lookup and assignment actually assign the
+# .value attribute of the underlying YaccSymbol object.
+# The lineno() method returns the line number of a given
+# item (or 0 if not defined).   The linespan() method returns
+# a tuple of (startline,endline) representing the range of lines
+# for a symbol.  The lexspan() method returns a tuple (lexpos,endlexpos)
+# representing the range of positional information for a symbol.
+
+class YaccProduction:
+    def __init__(self, s, stack=None):
+        self.slice = s
+        self.stack = stack
+        self.lexer = None
+        self.parser = None
+
+    def __getitem__(self, n):
+        if isinstance(n, slice):
+            return [s.value for s in self.slice[n]]
+        elif n >= 0:
+            return self.slice[n].value
+        else:
+            return self.stack[n].value
+
+    def __setitem__(self, n, v):
+        self.slice[n].value = v
+
+    def __getslice__(self, i, j):
+        return [s.value for s in self.slice[i:j]]
+
+    def __len__(self):
+        return len(self.slice)
+
+    def lineno(self, n):
+        return getattr(self.slice[n], 'lineno', 0)
+
+    def set_lineno(self, n, lineno):
+        self.slice[n].lineno = lineno
+
+    def linespan(self, n):
+        startline = getattr(self.slice[n], 'lineno', 0)
+        endline = getattr(self.slice[n], 'endlineno', startline)
+        return startline, endline
+
+    def lexpos(self, n):
+        return getattr(self.slice[n], 'lexpos', 0)
+
+    def set_lexpos(self, n, lexpos):
+        self.slice[n].lexpos = lexpos
+
+    def lexspan(self, n):
+        startpos = getattr(self.slice[n], 'lexpos', 0)
+        endpos = getattr(self.slice[n], 'endlexpos', startpos)
+        return startpos, endpos
+
+    def error(self):
+        raise SyntaxError
+
+# -----------------------------------------------------------------------------
+#                               == LRParser ==
+#
+# The LR Parsing engine.
+# -----------------------------------------------------------------------------
+
+class LRParser:
+    def __init__(self, lrtab, errorf):
+        self.productions = lrtab.lr_productions
+        self.action = lrtab.lr_action
+        self.goto = lrtab.lr_goto
+        self.errorfunc = errorf
+        self.set_defaulted_states()
+        self.errorok = True
+
+    def errok(self):
+        self.errorok = True
+
+    def restart(self):
+        del self.statestack[:]
+        del self.symstack[:]
+        sym = YaccSymbol()
+        sym.type = '$end'
+        self.symstack.append(sym)
+        self.statestack.append(0)
+
+    # Defaulted state support.
+    # This method identifies parser states where there is only one possible reduction action.
+    # For such states, the parser can make a choose to make a rule reduction without consuming
+    # the next look-ahead token.  This delayed invocation of the tokenizer can be useful in
+    # certain kinds of advanced parsing situations where the lexer and parser interact with
+    # each other or change states (i.e., manipulation of scope, lexer states, etc.).
+    #
+    # See:  http://www.gnu.org/software/bison/manual/html_node/Default-Reductions.html#Default-Reductions
+    def set_defaulted_states(self):
+        self.defaulted_states = {}
+        for state, actions in self.action.items():
+            rules = list(actions.values())
+            if len(rules) == 1 and rules[0] < 0:
+                self.defaulted_states[state] = rules[0]
+
+    def disable_defaulted_states(self):
+        self.defaulted_states = {}
+
+    def parse(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        if debug or yaccdevel:
+            if isinstance(debug, int):
+                debug = PlyLogger(sys.stderr)
+            return self.parsedebug(input, lexer, debug, tracking, tokenfunc)
+        elif tracking:
+            return self.parseopt(input, lexer, debug, tracking, tokenfunc)
+        else:
+            return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
+
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parsedebug().
+    #
+    # This is the debugging enabled version of parse().  All changes made to the
+    # parsing engine should be made here.   Optimized versions of this function
+    # are automatically created by the ply/ygen.py script.  This script cuts out
+    # sections enclosed in markers such as this:
+    #
+    #      #--! DEBUG
+    #      statements
+    #      #--! DEBUG
+    #
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parsedebug(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parsedebug-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+        #--! DEBUG
+        debug.info('PLY: PARSE DEBUG START')
+        #--! DEBUG
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+            #--! DEBUG
+            debug.debug('')
+            debug.debug('State  : %s', state)
+            #--! DEBUG
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+                #--! DEBUG
+                debug.debug('Defaulted state %s: Reduce using %d', state, -t)
+                #--! DEBUG
+
+            #--! DEBUG
+            debug.debug('Stack  : %s',
+                        ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+            #--! DEBUG
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+                    #--! DEBUG
+                    debug.debug('Action : Shift and goto state %s', t)
+                    #--! DEBUG
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+                    #--! DEBUG
+                    if plen:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str,
+                                   '['+','.join([format_stack_entry(_v.value) for _v in symstack[-plen:]])+']',
+                                   goto[statestack[-1-plen]][pname])
+                    else:
+                        debug.info('Action : Reduce rule [%s] with %s and goto state %d', p.str, [],
+                                   goto[statestack[-1]][pname])
+
+                    #--! DEBUG
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            #--! DEBUG
+                            debug.info('Result : %s', format_result(pslice[0]))
+                            #--! DEBUG
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    #--! DEBUG
+                    debug.info('Done   : Returning %s', format_result(result))
+                    debug.info('PLY: PARSE DEBUG END')
+                    #--! DEBUG
+                    return result
+
+            if t is None:
+
+                #--! DEBUG
+                debug.error('Error  : %s',
+                            ('%s . %s' % (' '.join([xx.type for xx in symstack][1:]), str(lookahead))).lstrip())
+                #--! DEBUG
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parsedebug-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt().
+    #
+    # Optimized version of parse() method.  DO NOT EDIT THIS CODE DIRECTLY!
+    # This code is automatically generated by the ply/ygen.py script. Make
+    # changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+                        #--! TRACKING
+                        if tracking:
+                            t1 = targ[1]
+                            sym.lineno = t1.lineno
+                            sym.lexpos = t1.lexpos
+                            t1 = targ[-1]
+                            sym.endlineno = getattr(t1, 'endlineno', t1.lineno)
+                            sym.endlexpos = getattr(t1, 'endlexpos', t1.lexpos)
+                        #--! TRACKING
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+                        #--! TRACKING
+                        if tracking:
+                            sym.lineno = lexer.lineno
+                            sym.lexpos = lexer.lexpos
+                        #--! TRACKING
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        #--! TRACKING
+                        if tracking:
+                            sym.endlineno = getattr(lookahead, 'lineno', sym.lineno)
+                            sym.endlexpos = getattr(lookahead, 'lexpos', sym.lexpos)
+                        #--! TRACKING
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    #--! TRACKING
+                    if tracking:
+                        lookahead.lineno = sym.lineno
+                        lookahead.lexpos = sym.lexpos
+                    #--! TRACKING
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-end
+
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+    # parseopt_notrack().
+    #
+    # Optimized version of parseopt() with line number tracking removed.
+    # DO NOT EDIT THIS CODE DIRECTLY. This code is automatically generated
+    # by the ply/ygen.py script. Make changes to the parsedebug() method instead.
+    # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+    def parseopt_notrack(self, input=None, lexer=None, debug=False, tracking=False, tokenfunc=None):
+        #--! parseopt-notrack-start
+        lookahead = None                         # Current lookahead symbol
+        lookaheadstack = []                      # Stack of lookahead symbols
+        actions = self.action                    # Local reference to action table (to avoid lookup on self.)
+        goto    = self.goto                      # Local reference to goto table (to avoid lookup on self.)
+        prod    = self.productions               # Local reference to production list (to avoid lookup on self.)
+        defaulted_states = self.defaulted_states # Local reference to defaulted states
+        pslice  = YaccProduction(None)           # Production object passed to grammar rules
+        errorcount = 0                           # Used during error recovery
+
+
+        # If no lexer was given, we will try to use the lex module
+        if not lexer:
+            from . import lex
+            lexer = lex.lexer
+
+        # Set up the lexer and parser objects on pslice
+        pslice.lexer = lexer
+        pslice.parser = self
+
+        # If input was supplied, pass to lexer
+        if input is not None:
+            lexer.input(input)
+
+        if tokenfunc is None:
+            # Tokenize function
+            get_token = lexer.token
+        else:
+            get_token = tokenfunc
+
+        # Set the parser() token method (sometimes used in error recovery)
+        self.token = get_token
+
+        # Set up the state and symbol stacks
+
+        statestack = []                # Stack of parsing states
+        self.statestack = statestack
+        symstack   = []                # Stack of grammar symbols
+        self.symstack = symstack
+
+        pslice.stack = symstack         # Put in the production
+        errtoken   = None               # Err token
+
+        # The start state is assumed to be (0,$end)
+
+        statestack.append(0)
+        sym = YaccSymbol()
+        sym.type = '$end'
+        symstack.append(sym)
+        state = 0
+        while True:
+            # Get the next symbol on the input.  If a lookahead symbol
+            # is already set, we just use that. Otherwise, we'll pull
+            # the next token off of the lookaheadstack or from the lexer
+
+
+            if state not in defaulted_states:
+                if not lookahead:
+                    if not lookaheadstack:
+                        lookahead = get_token()     # Get the next token
+                    else:
+                        lookahead = lookaheadstack.pop()
+                    if not lookahead:
+                        lookahead = YaccSymbol()
+                        lookahead.type = '$end'
+
+                # Check the action table
+                ltype = lookahead.type
+                t = actions[state].get(ltype)
+            else:
+                t = defaulted_states[state]
+
+
+            if t is not None:
+                if t > 0:
+                    # shift a symbol on the stack
+                    statestack.append(t)
+                    state = t
+
+
+                    symstack.append(lookahead)
+                    lookahead = None
+
+                    # Decrease error count on successful shift
+                    if errorcount:
+                        errorcount -= 1
+                    continue
+
+                if t < 0:
+                    # reduce a symbol on the stack, emit a production
+                    p = prod[-t]
+                    pname = p.name
+                    plen  = p.len
+
+                    # Get production function
+                    sym = YaccSymbol()
+                    sym.type = pname       # Production name
+                    sym.value = None
+
+
+                    if plen:
+                        targ = symstack[-plen-1:]
+                        targ[0] = sym
+
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # below as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            del symstack[-plen:]
+                            self.state = state
+                            p.callable(pslice)
+                            del statestack[-plen:]
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            symstack.extend(targ[1:-1])         # Put the production slice back on the stack
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                    else:
+
+
+                        targ = [sym]
+
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+                        # The code enclosed in this section is duplicated
+                        # above as a performance optimization.  Make sure
+                        # changes get made in both locations.
+
+                        pslice.slice = targ
+
+                        try:
+                            # Call the grammar rule with our special slice object
+                            self.state = state
+                            p.callable(pslice)
+                            symstack.append(sym)
+                            state = goto[statestack[-1]][pname]
+                            statestack.append(state)
+                        except SyntaxError:
+                            # If an error was set. Enter error recovery state
+                            lookaheadstack.append(lookahead)    # Save the current lookahead token
+                            statestack.pop()                    # Pop back one state (before the reduce)
+                            state = statestack[-1]
+                            sym.type = 'error'
+                            sym.value = 'error'
+                            lookahead = sym
+                            errorcount = error_count
+                            self.errorok = False
+
+                        continue
+                        # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+                if t == 0:
+                    n = symstack[-1]
+                    result = getattr(n, 'value', None)
+                    return result
+
+            if t is None:
+
+
+                # We have some kind of parsing error here.  To handle
+                # this, we are going to push the current token onto
+                # the tokenstack and replace it with an 'error' token.
+                # If there are any synchronization rules, they may
+                # catch it.
+                #
+                # In addition to pushing the error token, we call call
+                # the user defined p_error() function if this is the
+                # first syntax error.  This function is only called if
+                # errorcount == 0.
+                if errorcount == 0 or self.errorok:
+                    errorcount = error_count
+                    self.errorok = False
+                    errtoken = lookahead
+                    if errtoken.type == '$end':
+                        errtoken = None               # End of file!
+                    if self.errorfunc:
+                        if errtoken and not hasattr(errtoken, 'lexer'):
+                            errtoken.lexer = lexer
+                        self.state = state
+                        tok = call_errorfunc(self.errorfunc, errtoken, self)
+                        if self.errorok:
+                            # User must have done some kind of panic
+                            # mode recovery on their own.  The
+                            # returned token is the next lookahead
+                            lookahead = tok
+                            errtoken = None
+                            continue
+                    else:
+                        if errtoken:
+                            if hasattr(errtoken, 'lineno'):
+                                lineno = lookahead.lineno
+                            else:
+                                lineno = 0
+                            if lineno:
+                                sys.stderr.write('yacc: Syntax error at line %d, token=%s\n' % (lineno, errtoken.type))
+                            else:
+                                sys.stderr.write('yacc: Syntax error, token=%s' % errtoken.type)
+                        else:
+                            sys.stderr.write('yacc: Parse error in input. EOF\n')
+                            return
+
+                else:
+                    errorcount = error_count
+
+                # case 1:  the statestack only has 1 entry on it.  If we're in this state, the
+                # entire parse has been rolled back and we're completely hosed.   The token is
+                # discarded and we just keep going.
+
+                if len(statestack) <= 1 and lookahead.type != '$end':
+                    lookahead = None
+                    errtoken = None
+                    state = 0
+                    # Nuke the pushback stack
+                    del lookaheadstack[:]
+                    continue
+
+                # case 2: the statestack has a couple of entries on it, but we're
+                # at the end of the file. nuke the top entry and generate an error token
+
+                # Start nuking entries on the stack
+                if lookahead.type == '$end':
+                    # Whoa. We're really hosed here. Bail out
+                    return
+
+                if lookahead.type != 'error':
+                    sym = symstack[-1]
+                    if sym.type == 'error':
+                        # Hmmm. Error is on top of stack, we'll just nuke input
+                        # symbol and continue
+                        lookahead = None
+                        continue
+
+                    # Create the error symbol for the first time and make it the new lookahead symbol
+                    t = YaccSymbol()
+                    t.type = 'error'
+
+                    if hasattr(lookahead, 'lineno'):
+                        t.lineno = t.endlineno = lookahead.lineno
+                    if hasattr(lookahead, 'lexpos'):
+                        t.lexpos = t.endlexpos = lookahead.lexpos
+                    t.value = lookahead
+                    lookaheadstack.append(lookahead)
+                    lookahead = t
+                else:
+                    sym = symstack.pop()
+                    statestack.pop()
+                    state = statestack[-1]
+
+                continue
+
+            # Call an error function here
+            raise RuntimeError('yacc: internal parser error!!!\n')
+
+        #--! parseopt-notrack-end
+
+# -----------------------------------------------------------------------------
+#                          === Grammar Representation ===
+#
+# The following functions, classes, and variables are used to represent and
+# manipulate the rules that make up a grammar.
+# -----------------------------------------------------------------------------
+
+# regex matching identifiers
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+
+# -----------------------------------------------------------------------------
+# class Production:
+#
+# This class stores the raw information about a single production or grammar rule.
+# A grammar rule refers to a specification such as this:
+#
+#       expr : expr PLUS term
+#
+# Here are the basic attributes defined on all productions
+#
+#       name     - Name of the production.  For example 'expr'
+#       prod     - A list of symbols on the right side ['expr','PLUS','term']
+#       prec     - Production precedence level
+#       number   - Production number.
+#       func     - Function that executes on reduce
+#       file     - File where production function is defined
+#       lineno   - Line number where production function is defined
+#
+# The following attributes are defined or optional.
+#
+#       len       - Length of the production (number of symbols on right hand side)
+#       usyms     - Set of unique symbols found in the production
+# -----------------------------------------------------------------------------
+
+class Production(object):
+    reduced = 0
+    def __init__(self, number, name, prod, precedence=('right', 0), func=None, file='', line=0):
+        self.name     = name
+        self.prod     = tuple(prod)
+        self.number   = number
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.prec     = precedence
+
+        # Internal settings used during table construction
+
+        self.len  = len(self.prod)   # Length of the production
+
+        # Create a list of unique production symbols used in the production
+        self.usyms = []
+        for s in self.prod:
+            if s not in self.usyms:
+                self.usyms.append(s)
+
+        # List of all LR items for the production
+        self.lr_items = []
+        self.lr_next = None
+
+        # Create a string representation
+        if self.prod:
+            self.str = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            self.str = '%s -> <empty>' % self.name
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'Production(' + str(self) + ')'
+
+    def __len__(self):
+        return len(self.prod)
+
+    def __nonzero__(self):
+        return 1
+
+    def __getitem__(self, index):
+        return self.prod[index]
+
+    # Return the nth lr_item from the production (or None if at the end)
+    def lr_item(self, n):
+        if n > len(self.prod):
+            return None
+        p = LRItem(self, n)
+        # Precompute the list of productions immediately following.
+        try:
+            p.lr_after = self.Prodnames[p.prod[n+1]]
+        except (IndexError, KeyError):
+            p.lr_after = []
+        try:
+            p.lr_before = p.prod[n-1]
+        except IndexError:
+            p.lr_before = None
+        return p
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+# This class serves as a minimal standin for Production objects when
+# reading table data from files.   It only contains information
+# actually used by the LR parsing engine, plus some additional
+# debugging information.
+class MiniProduction(object):
+    def __init__(self, str, name, len, func, file, line):
+        self.name     = name
+        self.len      = len
+        self.func     = func
+        self.callable = None
+        self.file     = file
+        self.line     = line
+        self.str      = str
+
+    def __str__(self):
+        return self.str
+
+    def __repr__(self):
+        return 'MiniProduction(%s)' % self.str
+
+    # Bind the production function name to a callable
+    def bind(self, pdict):
+        if self.func:
+            self.callable = pdict[self.func]
+
+
+# -----------------------------------------------------------------------------
+# class LRItem
+#
+# This class represents a specific stage of parsing a production rule.  For
+# example:
+#
+#       expr : expr . PLUS term
+#
+# In the above, the "." represents the current location of the parse.  Here
+# basic attributes:
+#
+#       name       - Name of the production.  For example 'expr'
+#       prod       - A list of symbols on the right side ['expr','.', 'PLUS','term']
+#       number     - Production number.
+#
+#       lr_next      Next LR item. Example, if we are ' expr -> expr . PLUS term'
+#                    then lr_next refers to 'expr -> expr PLUS . term'
+#       lr_index   - LR item index (location of the ".") in the prod list.
+#       lookaheads - LALR lookahead symbols for this item
+#       len        - Length of the production (number of symbols on right hand side)
+#       lr_after    - List of all productions that immediately follow
+#       lr_before   - Grammar symbol immediately before
+# -----------------------------------------------------------------------------
+
+class LRItem(object):
+    def __init__(self, p, n):
+        self.name       = p.name
+        self.prod       = list(p.prod)
+        self.number     = p.number
+        self.lr_index   = n
+        self.lookaheads = {}
+        self.prod.insert(n, '.')
+        self.prod       = tuple(self.prod)
+        self.len        = len(self.prod)
+        self.usyms      = p.usyms
+
+    def __str__(self):
+        if self.prod:
+            s = '%s -> %s' % (self.name, ' '.join(self.prod))
+        else:
+            s = '%s -> <empty>' % self.name
+        return s
+
+    def __repr__(self):
+        return 'LRItem(' + str(self) + ')'
+
+# -----------------------------------------------------------------------------
+# rightmost_terminal()
+#
+# Return the rightmost terminal from a list of symbols.  Used in add_production()
+# -----------------------------------------------------------------------------
+def rightmost_terminal(symbols, terminals):
+    i = len(symbols) - 1
+    while i >= 0:
+        if symbols[i] in terminals:
+            return symbols[i]
+        i -= 1
+    return None
+
+# -----------------------------------------------------------------------------
+#                           === GRAMMAR CLASS ===
+#
+# The following class represents the contents of the specified grammar along
+# with various computed properties such as first sets, follow sets, LR items, etc.
+# This data is used for critical parts of the table generation process later.
+# -----------------------------------------------------------------------------
+
+class GrammarError(YaccError):
+    pass
+
+class Grammar(object):
+    def __init__(self, terminals):
+        self.Productions  = [None]  # A list of all of the productions.  The first
+                                    # entry is always reserved for the purpose of
+                                    # building an augmented grammar
+
+        self.Prodnames    = {}      # A dictionary mapping the names of nonterminals to a list of all
+                                    # productions of that nonterminal.
+
+        self.Prodmap      = {}      # A dictionary that is only used to detect duplicate
+                                    # productions.
+
+        self.Terminals    = {}      # A dictionary mapping the names of terminal symbols to a
+                                    # list of the rules where they are used.
+
+        for term in terminals:
+            self.Terminals[term] = []
+
+        self.Terminals['error'] = []
+
+        self.Nonterminals = {}      # A dictionary mapping names of nonterminals to a list
+                                    # of rule numbers where they are used.
+
+        self.First        = {}      # A dictionary of precomputed FIRST(x) symbols
+
+        self.Follow       = {}      # A dictionary of precomputed FOLLOW(x) symbols
+
+        self.Precedence   = {}      # Precedence rules for each terminal. Contains tuples of the
+                                    # form ('right',level) or ('nonassoc', level) or ('left',level)
+
+        self.UsedPrecedence = set() # Precedence rules that were actually used by the grammer.
+                                    # This is only used to provide error checking and to generate
+                                    # a warning about unused precedence rules.
+
+        self.Start = None           # Starting symbol for the grammar
+
+
+    def __len__(self):
+        return len(self.Productions)
+
+    def __getitem__(self, index):
+        return self.Productions[index]
+
+    # -----------------------------------------------------------------------------
+    # set_precedence()
+    #
+    # Sets the precedence for a given terminal. assoc is the associativity such as
+    # 'left','right', or 'nonassoc'.  level is a numeric level.
+    #
+    # -----------------------------------------------------------------------------
+
+    def set_precedence(self, term, assoc, level):
+        assert self.Productions == [None], 'Must call set_precedence() before add_production()'
+        if term in self.Precedence:
+            raise GrammarError('Precedence already specified for terminal %r' % term)
+        if assoc not in ['left', 'right', 'nonassoc']:
+            raise GrammarError("Associativity must be one of 'left','right', or 'nonassoc'")
+        self.Precedence[term] = (assoc, level)
+
+    # -----------------------------------------------------------------------------
+    # add_production()
+    #
+    # Given an action function, this function assembles a production rule and
+    # computes its precedence level.
+    #
+    # The production rule is supplied as a list of symbols.   For example,
+    # a rule such as 'expr : expr PLUS term' has a production name of 'expr' and
+    # symbols ['expr','PLUS','term'].
+    #
+    # Precedence is determined by the precedence of the right-most non-terminal
+    # or the precedence of a terminal specified by %prec.
+    #
+    # A variety of error checks are performed to make sure production symbols
+    # are valid and that %prec is used correctly.
+    # -----------------------------------------------------------------------------
+
+    def add_production(self, prodname, syms, func=None, file='', line=0):
+
+        if prodname in self.Terminals:
+            raise GrammarError('%s:%d: Illegal rule name %r. Already defined as a token' % (file, line, prodname))
+        if prodname == 'error':
+            raise GrammarError('%s:%d: Illegal rule name %r. error is a reserved word' % (file, line, prodname))
+        if not _is_identifier.match(prodname):
+            raise GrammarError('%s:%d: Illegal rule name %r' % (file, line, prodname))
+
+        # Look for literal tokens
+        for n, s in enumerate(syms):
+            if s[0] in "'\"":
+                try:
+                    c = eval(s)
+                    if (len(c) > 1):
+                        raise GrammarError('%s:%d: Literal token %s in rule %r may only be a single character' %
+                                           (file, line, s, prodname))
+                    if c not in self.Terminals:
+                        self.Terminals[c] = []
+                    syms[n] = c
+                    continue
+                except SyntaxError:
+                    pass
+            if not _is_identifier.match(s) and s != '%prec':
+                raise GrammarError('%s:%d: Illegal name %r in rule %r' % (file, line, s, prodname))
+
+        # Determine the precedence level
+        if '%prec' in syms:
+            if syms[-1] == '%prec':
+                raise GrammarError('%s:%d: Syntax error. Nothing follows %%prec' % (file, line))
+            if syms[-2] != '%prec':
+                raise GrammarError('%s:%d: Syntax error. %%prec can only appear at the end of a grammar rule' %
+                                   (file, line))
+            precname = syms[-1]
+            prodprec = self.Precedence.get(precname)
+            if not prodprec:
+                raise GrammarError('%s:%d: Nothing known about the precedence of %r' % (file, line, precname))
+            else:
+                self.UsedPrecedence.add(precname)
+            del syms[-2:]     # Drop %prec from the rule
+        else:
+            # If no %prec, precedence is determined by the rightmost terminal symbol
+            precname = rightmost_terminal(syms, self.Terminals)
+            prodprec = self.Precedence.get(precname, ('right', 0))
+
+        # See if the rule is already in the rulemap
+        map = '%s -> %s' % (prodname, syms)
+        if map in self.Prodmap:
+            m = self.Prodmap[map]
+            raise GrammarError('%s:%d: Duplicate rule %s. ' % (file, line, m) +
+                               'Previous definition at %s:%d' % (m.file, m.line))
+
+        # From this point on, everything is valid.  Create a new Production instance
+        pnumber  = len(self.Productions)
+        if prodname not in self.Nonterminals:
+            self.Nonterminals[prodname] = []
+
+        # Add the production number to Terminals and Nonterminals
+        for t in syms:
+            if t in self.Terminals:
+                self.Terminals[t].append(pnumber)
+            else:
+                if t not in self.Nonterminals:
+                    self.Nonterminals[t] = []
+                self.Nonterminals[t].append(pnumber)
+
+        # Create a production and add it to the list of productions
+        p = Production(pnumber, prodname, syms, prodprec, func, file, line)
+        self.Productions.append(p)
+        self.Prodmap[map] = p
+
+        # Add to the global productions list
+        try:
+            self.Prodnames[prodname].append(p)
+        except KeyError:
+            self.Prodnames[prodname] = [p]
+
+    # -----------------------------------------------------------------------------
+    # set_start()
+    #
+    # Sets the starting symbol and creates the augmented grammar.  Production
+    # rule 0 is S' -> start where start is the start symbol.
+    # -----------------------------------------------------------------------------
+
+    def set_start(self, start=None):
+        if not start:
+            start = self.Productions[1].name
+        if start not in self.Nonterminals:
+            raise GrammarError('start symbol %s undefined' % start)
+        self.Productions[0] = Production(0, "S'", [start])
+        self.Nonterminals[start].append(0)
+        self.Start = start
+
+    # -----------------------------------------------------------------------------
+    # find_unreachable()
+    #
+    # Find all of the nonterminal symbols that can't be reached from the starting
+    # symbol.  Returns a list of nonterminals that can't be reached.
+    # -----------------------------------------------------------------------------
+
+    def find_unreachable(self):
+
+        # Mark all symbols that are reachable from a symbol s
+        def mark_reachable_from(s):
+            if s in reachable:
+                return
+            reachable.add(s)
+            for p in self.Prodnames.get(s, []):
+                for r in p.prod:
+                    mark_reachable_from(r)
+
+        reachable = set()
+        mark_reachable_from(self.Productions[0].prod[0])
+        return [s for s in self.Nonterminals if s not in reachable]
+
+    # -----------------------------------------------------------------------------
+    # infinite_cycles()
+    #
+    # This function looks at the various parsing rules and tries to detect
+    # infinite recursion cycles (grammar rules where there is no possible way
+    # to derive a string of only terminals).
+    # -----------------------------------------------------------------------------
+
+    def infinite_cycles(self):
+        terminates = {}
+
+        # Terminals:
+        for t in self.Terminals:
+            terminates[t] = True
+
+        terminates['$end'] = True
+
+        # Nonterminals:
+
+        # Initialize to false:
+        for n in self.Nonterminals:
+            terminates[n] = False
+
+        # Then propagate termination until no change:
+        while True:
+            some_change = False
+            for (n, pl) in self.Prodnames.items():
+                # Nonterminal n terminates iff any of its productions terminates.
+                for p in pl:
+                    # Production p terminates iff all of its rhs symbols terminate.
+                    for s in p.prod:
+                        if not terminates[s]:
+                            # The symbol s does not terminate,
+                            # so production p does not terminate.
+                            p_terminates = False
+                            break
+                    else:
+                        # didn't break from the loop,
+                        # so every symbol s terminates
+                        # so production p terminates.
+                        p_terminates = True
+
+                    if p_terminates:
+                        # symbol n terminates!
+                        if not terminates[n]:
+                            terminates[n] = True
+                            some_change = True
+                        # Don't need to consider any more productions for this n.
+                        break
+
+            if not some_change:
+                break
+
+        infinite = []
+        for (s, term) in terminates.items():
+            if not term:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    # s is used-but-not-defined, and we've already warned of that,
+                    # so it would be overkill to say that it's also non-terminating.
+                    pass
+                else:
+                    infinite.append(s)
+
+        return infinite
+
+    # -----------------------------------------------------------------------------
+    # undefined_symbols()
+    #
+    # Find all symbols that were used the grammar, but not defined as tokens or
+    # grammar rules.  Returns a list of tuples (sym, prod) where sym in the symbol
+    # and prod is the production where the symbol was used.
+    # -----------------------------------------------------------------------------
+    def undefined_symbols(self):
+        result = []
+        for p in self.Productions:
+            if not p:
+                continue
+
+            for s in p.prod:
+                if s not in self.Prodnames and s not in self.Terminals and s != 'error':
+                    result.append((s, p))
+        return result
+
+    # -----------------------------------------------------------------------------
+    # unused_terminals()
+    #
+    # Find all terminals that were defined, but not used by the grammar.  Returns
+    # a list of all symbols.
+    # -----------------------------------------------------------------------------
+    def unused_terminals(self):
+        unused_tok = []
+        for s, v in self.Terminals.items():
+            if s != 'error' and not v:
+                unused_tok.append(s)
+
+        return unused_tok
+
+    # ------------------------------------------------------------------------------
+    # unused_rules()
+    #
+    # Find all grammar rules that were defined,  but not used (maybe not reachable)
+    # Returns a list of productions.
+    # ------------------------------------------------------------------------------
+
+    def unused_rules(self):
+        unused_prod = []
+        for s, v in self.Nonterminals.items():
+            if not v:
+                p = self.Prodnames[s][0]
+                unused_prod.append(p)
+        return unused_prod
+
+    # -----------------------------------------------------------------------------
+    # unused_precedence()
+    #
+    # Returns a list of tuples (term,precedence) corresponding to precedence
+    # rules that were never used by the grammar.  term is the name of the terminal
+    # on which precedence was applied and precedence is a string such as 'left' or
+    # 'right' corresponding to the type of precedence.
+    # -----------------------------------------------------------------------------
+
+    def unused_precedence(self):
+        unused = []
+        for termname in self.Precedence:
+            if not (termname in self.Terminals or termname in self.UsedPrecedence):
+                unused.append((termname, self.Precedence[termname][0]))
+
+        return unused
+
+    # -------------------------------------------------------------------------
+    # _first()
+    #
+    # Compute the value of FIRST1(beta) where beta is a tuple of symbols.
+    #
+    # During execution of compute_first1, the result may be incomplete.
+    # Afterward (e.g., when called from compute_follow()), it will be complete.
+    # -------------------------------------------------------------------------
+    def _first(self, beta):
+
+        # We are computing First(x1,x2,x3,...,xn)
+        result = []
+        for x in beta:
+            x_produces_empty = False
+
+            # Add all the non-<empty> symbols of First[x] to the result.
+            for f in self.First[x]:
+                if f == '<empty>':
+                    x_produces_empty = True
+                else:
+                    if f not in result:
+                        result.append(f)
+
+            if x_produces_empty:
+                # We have to consider the next x in beta,
+                # i.e. stay in the loop.
+                pass
+            else:
+                # We don't have to consider any further symbols in beta.
+                break
+        else:
+            # There was no 'break' from the loop,
+            # so x_produces_empty was true for all x in beta,
+            # so beta produces empty as well.
+            result.append('<empty>')
+
+        return result
+
+    # -------------------------------------------------------------------------
+    # compute_first()
+    #
+    # Compute the value of FIRST1(X) for all symbols
+    # -------------------------------------------------------------------------
+    def compute_first(self):
+        if self.First:
+            return self.First
+
+        # Terminals:
+        for t in self.Terminals:
+            self.First[t] = [t]
+
+        self.First['$end'] = ['$end']
+
+        # Nonterminals:
+
+        # Initialize to the empty set:
+        for n in self.Nonterminals:
+            self.First[n] = []
+
+        # Then propagate symbols until no change:
+        while True:
+            some_change = False
+            for n in self.Nonterminals:
+                for p in self.Prodnames[n]:
+                    for f in self._first(p.prod):
+                        if f not in self.First[n]:
+                            self.First[n].append(f)
+                            some_change = True
+            if not some_change:
+                break
+
+        return self.First
+
+    # ---------------------------------------------------------------------
+    # compute_follow()
+    #
+    # Computes all of the follow sets for every non-terminal symbol.  The
+    # follow set is the set of all symbols that might follow a given
+    # non-terminal.  See the Dragon book, 2nd Ed. p. 189.
+    # ---------------------------------------------------------------------
+    def compute_follow(self, start=None):
+        # If already computed, return the result
+        if self.Follow:
+            return self.Follow
+
+        # If first sets not computed yet, do that first.
+        if not self.First:
+            self.compute_first()
+
+        # Add '$end' to the follow list of the start symbol
+        for k in self.Nonterminals:
+            self.Follow[k] = []
+
+        if not start:
+            start = self.Productions[1].name
+
+        self.Follow[start] = ['$end']
+
+        while True:
+            didadd = False
+            for p in self.Productions[1:]:
+                # Here is the production set
+                for i, B in enumerate(p.prod):
+                    if B in self.Nonterminals:
+                        # Okay. We got a non-terminal in a production
+                        fst = self._first(p.prod[i+1:])
+                        hasempty = False
+                        for f in fst:
+                            if f != '<empty>' and f not in self.Follow[B]:
+                                self.Follow[B].append(f)
+                                didadd = True
+                            if f == '<empty>':
+                                hasempty = True
+                        if hasempty or i == (len(p.prod)-1):
+                            # Add elements of follow(a) to follow(b)
+                            for f in self.Follow[p.name]:
+                                if f not in self.Follow[B]:
+                                    self.Follow[B].append(f)
+                                    didadd = True
+            if not didadd:
+                break
+        return self.Follow
+
+
+    # -----------------------------------------------------------------------------
+    # build_lritems()
+    #
+    # This function walks the list of productions and builds a complete set of the
+    # LR items.  The LR items are stored in two ways:  First, they are uniquely
+    # numbered and placed in the list _lritems.  Second, a linked list of LR items
+    # is built for each production.  For example:
+    #
+    #   E -> E PLUS E
+    #
+    # Creates the list
+    #
+    #  [E -> . E PLUS E, E -> E . PLUS E, E -> E PLUS . E, E -> E PLUS E . ]
+    # -----------------------------------------------------------------------------
+
+    def build_lritems(self):
+        for p in self.Productions:
+            lastlri = p
+            i = 0
+            lr_items = []
+            while True:
+                if i > len(p):
+                    lri = None
+                else:
+                    lri = LRItem(p, i)
+                    # Precompute the list of productions immediately following
+                    try:
+                        lri.lr_after = self.Prodnames[lri.prod[i+1]]
+                    except (IndexError, KeyError):
+                        lri.lr_after = []
+                    try:
+                        lri.lr_before = lri.prod[i-1]
+                    except IndexError:
+                        lri.lr_before = None
+
+                lastlri.lr_next = lri
+                if not lri:
+                    break
+                lr_items.append(lri)
+                lastlri = lri
+                i += 1
+            p.lr_items = lr_items
+
+# -----------------------------------------------------------------------------
+#                            == Class LRTable ==
+#
+# This basic class represents a basic table of LR parsing information.
+# Methods for generating the tables are not defined here.  They are defined
+# in the derived class LRGeneratedTable.
+# -----------------------------------------------------------------------------
+
+class VersionError(YaccError):
+    pass
+
+class LRTable(object):
+    def __init__(self):
+        self.lr_action = None
+        self.lr_goto = None
+        self.lr_productions = None
+        self.lr_method = None
+
+    def read_table(self, module):
+        if isinstance(module, types.ModuleType):
+            parsetab = module
+        else:
+            exec('import %s' % module)
+            parsetab = sys.modules[module]
+
+        if parsetab._tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+
+        self.lr_action = parsetab._lr_action
+        self.lr_goto = parsetab._lr_goto
+
+        self.lr_productions = []
+        for p in parsetab._lr_productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        self.lr_method = parsetab._lr_method
+        return parsetab._lr_signature
+
+    def read_pickle(self, filename):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+
+        if not os.path.exists(filename):
+          raise ImportError
+
+        in_f = open(filename, 'rb')
+
+        tabversion = pickle.load(in_f)
+        if tabversion != __tabversion__:
+            raise VersionError('yacc table file version is out of date')
+        self.lr_method = pickle.load(in_f)
+        signature      = pickle.load(in_f)
+        self.lr_action = pickle.load(in_f)
+        self.lr_goto   = pickle.load(in_f)
+        productions    = pickle.load(in_f)
+
+        self.lr_productions = []
+        for p in productions:
+            self.lr_productions.append(MiniProduction(*p))
+
+        in_f.close()
+        return signature
+
+    # Bind all production function names to callable objects in pdict
+    def bind_callables(self, pdict):
+        for p in self.lr_productions:
+            p.bind(pdict)
+
+
+# -----------------------------------------------------------------------------
+#                           === LR Generator ===
+#
+# The following classes and functions are used to generate LR parsing tables on
+# a grammar.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# digraph()
+# traverse()
+#
+# The following two functions are used to compute set valued functions
+# of the form:
+#
+#     F(x) = F'(x) U U{F(y) | x R y}
+#
+# This is used to compute the values of Read() sets as well as FOLLOW sets
+# in LALR(1) generation.
+#
+# Inputs:  X    - An input set
+#          R    - A relation
+#          FP   - Set-valued function
+# ------------------------------------------------------------------------------
+
+def digraph(X, R, FP):
+    N = {}
+    for x in X:
+        N[x] = 0
+    stack = []
+    F = {}
+    for x in X:
+        if N[x] == 0:
+            traverse(x, N, stack, F, X, R, FP)
+    return F
+
+def traverse(x, N, stack, F, X, R, FP):
+    stack.append(x)
+    d = len(stack)
+    N[x] = d
+    F[x] = FP(x)             # F(X) <- F'(x)
+
+    rel = R(x)               # Get y's related to x
+    for y in rel:
+        if N[y] == 0:
+            traverse(y, N, stack, F, X, R, FP)
+        N[x] = min(N[x], N[y])
+        for a in F.get(y, []):
+            if a not in F[x]:
+                F[x].append(a)
+    if N[x] == d:
+        N[stack[-1]] = MAXINT
+        F[stack[-1]] = F[x]
+        element = stack.pop()
+        while element != x:
+            N[stack[-1]] = MAXINT
+            F[stack[-1]] = F[x]
+            element = stack.pop()
+
+class LALRError(YaccError):
+    pass
+
+# -----------------------------------------------------------------------------
+#                             == LRGeneratedTable ==
+#
+# This class implements the LR table generation algorithm.  There are no
+# public methods except for write()
+# -----------------------------------------------------------------------------
+
+class LRGeneratedTable(LRTable):
+    def __init__(self, grammar, method='LALR', log=None):
+        if method not in ['SLR', 'LALR']:
+            raise LALRError('Unsupported method %s' % method)
+
+        self.grammar = grammar
+        self.lr_method = method
+
+        # Set up the logger
+        if not log:
+            log = NullLogger()
+        self.log = log
+
+        # Internal attributes
+        self.lr_action     = {}        # Action table
+        self.lr_goto       = {}        # Goto table
+        self.lr_productions  = grammar.Productions    # Copy of grammar Production array
+        self.lr_goto_cache = {}        # Cache of computed gotos
+        self.lr0_cidhash   = {}        # Cache of closures
+
+        self._add_count    = 0         # Internal counter used to detect cycles
+
+        # Diagonistic information filled in by the table generator
+        self.sr_conflict   = 0
+        self.rr_conflict   = 0
+        self.conflicts     = []        # List of conflicts
+
+        self.sr_conflicts  = []
+        self.rr_conflicts  = []
+
+        # Build the tables
+        self.grammar.build_lritems()
+        self.grammar.compute_first()
+        self.grammar.compute_follow()
+        self.lr_parse_table()
+
+    # Compute the LR(0) closure operation on I, where I is a set of LR(0) items.
+
+    def lr0_closure(self, I):
+        self._add_count += 1
+
+        # Add everything in I to J
+        J = I[:]
+        didadd = True
+        while didadd:
+            didadd = False
+            for j in J:
+                for x in j.lr_after:
+                    if getattr(x, 'lr0_added', 0) == self._add_count:
+                        continue
+                    # Add B --> .G to J
+                    J.append(x.lr_next)
+                    x.lr0_added = self._add_count
+                    didadd = True
+
+        return J
+
+    # Compute the LR(0) goto function goto(I,X) where I is a set
+    # of LR(0) items and X is a grammar symbol.   This function is written
+    # in a way that guarantees uniqueness of the generated goto sets
+    # (i.e. the same goto set will never be returned as two different Python
+    # objects).  With uniqueness, we can later do fast set comparisons using
+    # id(obj) instead of element-wise comparison.
+
+    def lr0_goto(self, I, x):
+        # First we look for a previously cached entry
+        g = self.lr_goto_cache.get((id(I), x))
+        if g:
+            return g
+
+        # Now we generate the goto set in a way that guarantees uniqueness
+        # of the result
+
+        s = self.lr_goto_cache.get(x)
+        if not s:
+            s = {}
+            self.lr_goto_cache[x] = s
+
+        gs = []
+        for p in I:
+            n = p.lr_next
+            if n and n.lr_before == x:
+                s1 = s.get(id(n))
+                if not s1:
+                    s1 = {}
+                    s[id(n)] = s1
+                gs.append(n)
+                s = s1
+        g = s.get('$end')
+        if not g:
+            if gs:
+                g = self.lr0_closure(gs)
+                s['$end'] = g
+            else:
+                s['$end'] = gs
+        self.lr_goto_cache[(id(I), x)] = g
+        return g
+
+    # Compute the LR(0) sets of item function
+    def lr0_items(self):
+        C = [self.lr0_closure([self.grammar.Productions[0].lr_next])]
+        i = 0
+        for I in C:
+            self.lr0_cidhash[id(I)] = i
+            i += 1
+
+        # Loop over the items in C and each grammar symbols
+        i = 0
+        while i < len(C):
+            I = C[i]
+            i += 1
+
+            # Collect all of the symbols that could possibly be in the goto(I,X) sets
+            asyms = {}
+            for ii in I:
+                for s in ii.usyms:
+                    asyms[s] = None
+
+            for x in asyms:
+                g = self.lr0_goto(I, x)
+                if not g or id(g) in self.lr0_cidhash:
+                    continue
+                self.lr0_cidhash[id(g)] = len(C)
+                C.append(g)
+
+        return C
+
+    # -----------------------------------------------------------------------------
+    #                       ==== LALR(1) Parsing ====
+    #
+    # LALR(1) parsing is almost exactly the same as SLR except that instead of
+    # relying upon Follow() sets when performing reductions, a more selective
+    # lookahead set that incorporates the state of the LR(0) machine is utilized.
+    # Thus, we mainly just have to focus on calculating the lookahead sets.
+    #
+    # The method used here is due to DeRemer and Pennelo (1982).
+    #
+    # DeRemer, F. L., and T. J. Pennelo: "Efficient Computation of LALR(1)
+    #     Lookahead Sets", ACM Transactions on Programming Languages and Systems,
+    #     Vol. 4, No. 4, Oct. 1982, pp. 615-649
+    #
+    # Further details can also be found in:
+    #
+    #  J. Tremblay and P. Sorenson, "The Theory and Practice of Compiler Writing",
+    #      McGraw-Hill Book Company, (1985).
+    #
+    # -----------------------------------------------------------------------------
+
+    # -----------------------------------------------------------------------------
+    # compute_nullable_nonterminals()
+    #
+    # Creates a dictionary containing all of the non-terminals that might produce
+    # an empty production.
+    # -----------------------------------------------------------------------------
+
+    def compute_nullable_nonterminals(self):
+        nullable = set()
+        num_nullable = 0
+        while True:
+            for p in self.grammar.Productions[1:]:
+                if p.len == 0:
+                    nullable.add(p.name)
+                    continue
+                for t in p.prod:
+                    if t not in nullable:
+                        break
+                else:
+                    nullable.add(p.name)
+            if len(nullable) == num_nullable:
+                break
+            num_nullable = len(nullable)
+        return nullable
+
+    # -----------------------------------------------------------------------------
+    # find_nonterminal_trans(C)
+    #
+    # Given a set of LR(0) items, this functions finds all of the non-terminal
+    # transitions.    These are transitions in which a dot appears immediately before
+    # a non-terminal.   Returns a list of tuples of the form (state,N) where state
+    # is the state number and N is the nonterminal symbol.
+    #
+    # The input C is the set of LR(0) items.
+    # -----------------------------------------------------------------------------
+
+    def find_nonterminal_transitions(self, C):
+        trans = []
+        for stateno, state in enumerate(C):
+            for p in state:
+                if p.lr_index < p.len - 1:
+                    t = (stateno, p.prod[p.lr_index+1])
+                    if t[1] in self.grammar.Nonterminals:
+                        if t not in trans:
+                            trans.append(t)
+        return trans
+
+    # -----------------------------------------------------------------------------
+    # dr_relation()
+    #
+    # Computes the DR(p,A) relationships for non-terminal transitions.  The input
+    # is a tuple (state,N) where state is a number and N is a nonterminal symbol.
+    #
+    # Returns a list of terminals.
+    # -----------------------------------------------------------------------------
+
+    def dr_relation(self, C, trans, nullable):
+        state, N = trans
+        terms = []
+
+        g = self.lr0_goto(C[state], N)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index+1]
+                if a in self.grammar.Terminals:
+                    if a not in terms:
+                        terms.append(a)
+
+        # This extra bit is to handle the start state
+        if state == 0 and N == self.grammar.Productions[0].prod[0]:
+            terms.append('$end')
+
+        return terms
+
+    # -----------------------------------------------------------------------------
+    # reads_relation()
+    #
+    # Computes the READS() relation (p,A) READS (t,C).
+    # -----------------------------------------------------------------------------
+
+    def reads_relation(self, C, trans, empty):
+        # Look for empty transitions
+        rel = []
+        state, N = trans
+
+        g = self.lr0_goto(C[state], N)
+        j = self.lr0_cidhash.get(id(g), -1)
+        for p in g:
+            if p.lr_index < p.len - 1:
+                a = p.prod[p.lr_index + 1]
+                if a in empty:
+                    rel.append((j, a))
+
+        return rel
+
+    # -----------------------------------------------------------------------------
+    # compute_lookback_includes()
+    #
+    # Determines the lookback and includes relations
+    #
+    # LOOKBACK:
+    #
+    # This relation is determined by running the LR(0) state machine forward.
+    # For example, starting with a production "N : . A B C", we run it forward
+    # to obtain "N : A B C ."   We then build a relationship between this final
+    # state and the starting state.   These relationships are stored in a dictionary
+    # lookdict.
+    #
+    # INCLUDES:
+    #
+    # Computes the INCLUDE() relation (p,A) INCLUDES (p',B).
+    #
+    # This relation is used to determine non-terminal transitions that occur
+    # inside of other non-terminal transition states.   (p,A) INCLUDES (p', B)
+    # if the following holds:
+    #
+    #       B -> LAT, where T -> epsilon and p' -L-> p
+    #
+    # L is essentially a prefix (which may be empty), T is a suffix that must be
+    # able to derive an empty string.  State p' must lead to state p with the string L.
+    #
+    # -----------------------------------------------------------------------------
+
+    def compute_lookback_includes(self, C, trans, nullable):
+        lookdict = {}          # Dictionary of lookback relations
+        includedict = {}       # Dictionary of include relations
+
+        # Make a dictionary of non-terminal transitions
+        dtrans = {}
+        for t in trans:
+            dtrans[t] = 1
+
+        # Loop over all transitions and compute lookbacks and includes
+        for state, N in trans:
+            lookb = []
+            includes = []
+            for p in C[state]:
+                if p.name != N:
+                    continue
+
+                # Okay, we have a name match.  We now follow the production all the way
+                # through the state machine until we get the . on the right hand side
+
+                lr_index = p.lr_index
+                j = state
+                while lr_index < p.len - 1:
+                    lr_index = lr_index + 1
+                    t = p.prod[lr_index]
+
+                    # Check to see if this symbol and state are a non-terminal transition
+                    if (j, t) in dtrans:
+                        # Yes.  Okay, there is some chance that this is an includes relation
+                        # the only way to know for certain is whether the rest of the
+                        # production derives empty
+
+                        li = lr_index + 1
+                        while li < p.len:
+                            if p.prod[li] in self.grammar.Terminals:
+                                break      # No forget it
+                            if p.prod[li] not in nullable:
+                                break
+                            li = li + 1
+                        else:
+                            # Appears to be a relation between (j,t) and (state,N)
+                            includes.append((j, t))
+
+                    g = self.lr0_goto(C[j], t)               # Go to next set
+                    j = self.lr0_cidhash.get(id(g), -1)      # Go to next state
+
+                # When we get here, j is the final state, now we have to locate the production
+                for r in C[j]:
+                    if r.name != p.name:
+                        continue
+                    if r.len != p.len:
+                        continue
+                    i = 0
+                    # This look is comparing a production ". A B C" with "A B C ."
+                    while i < r.lr_index:
+                        if r.prod[i] != p.prod[i+1]:
+                            break
+                        i = i + 1
+                    else:
+                        lookb.append((j, r))
+            for i in includes:
+                if i not in includedict:
+                    includedict[i] = []
+                includedict[i].append((state, N))
+            lookdict[(state, N)] = lookb
+
+        return lookdict, includedict
+
+    # -----------------------------------------------------------------------------
+    # compute_read_sets()
+    #
+    # Given a set of LR(0) items, this function computes the read sets.
+    #
+    # Inputs:  C        =  Set of LR(0) items
+    #          ntrans   = Set of nonterminal transitions
+    #          nullable = Set of empty transitions
+    #
+    # Returns a set containing the read sets
+    # -----------------------------------------------------------------------------
+
+    def compute_read_sets(self, C, ntrans, nullable):
+        FP = lambda x: self.dr_relation(C, x, nullable)
+        R =  lambda x: self.reads_relation(C, x, nullable)
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # compute_follow_sets()
+    #
+    # Given a set of LR(0) items, a set of non-terminal transitions, a readset,
+    # and an include set, this function computes the follow sets
+    #
+    # Follow(p,A) = Read(p,A) U U {Follow(p',B) | (p,A) INCLUDES (p',B)}
+    #
+    # Inputs:
+    #            ntrans     = Set of nonterminal transitions
+    #            readsets   = Readset (previously computed)
+    #            inclsets   = Include sets (previously computed)
+    #
+    # Returns a set containing the follow sets
+    # -----------------------------------------------------------------------------
+
+    def compute_follow_sets(self, ntrans, readsets, inclsets):
+        FP = lambda x: readsets[x]
+        R  = lambda x: inclsets.get(x, [])
+        F = digraph(ntrans, R, FP)
+        return F
+
+    # -----------------------------------------------------------------------------
+    # add_lookaheads()
+    #
+    # Attaches the lookahead symbols to grammar rules.
+    #
+    # Inputs:    lookbacks         -  Set of lookback relations
+    #            followset         -  Computed follow set
+    #
+    # This function directly attaches the lookaheads to productions contained
+    # in the lookbacks set
+    # -----------------------------------------------------------------------------
+
+    def add_lookaheads(self, lookbacks, followset):
+        for trans, lb in lookbacks.items():
+            # Loop over productions in lookback
+            for state, p in lb:
+                if state not in p.lookaheads:
+                    p.lookaheads[state] = []
+                f = followset.get(trans, [])
+                for a in f:
+                    if a not in p.lookaheads[state]:
+                        p.lookaheads[state].append(a)
+
+    # -----------------------------------------------------------------------------
+    # add_lalr_lookaheads()
+    #
+    # This function does all of the work of adding lookahead information for use
+    # with LALR parsing
+    # -----------------------------------------------------------------------------
+
+    def add_lalr_lookaheads(self, C):
+        # Determine all of the nullable nonterminals
+        nullable = self.compute_nullable_nonterminals()
+
+        # Find all non-terminal transitions
+        trans = self.find_nonterminal_transitions(C)
+
+        # Compute read sets
+        readsets = self.compute_read_sets(C, trans, nullable)
+
+        # Compute lookback/includes relations
+        lookd, included = self.compute_lookback_includes(C, trans, nullable)
+
+        # Compute LALR FOLLOW sets
+        followsets = self.compute_follow_sets(trans, readsets, included)
+
+        # Add all of the lookaheads
+        self.add_lookaheads(lookd, followsets)
+
+    # -----------------------------------------------------------------------------
+    # lr_parse_table()
+    #
+    # This function constructs the parse tables for SLR or LALR
+    # -----------------------------------------------------------------------------
+    def lr_parse_table(self):
+        Productions = self.grammar.Productions
+        Precedence  = self.grammar.Precedence
+        goto   = self.lr_goto         # Goto array
+        action = self.lr_action       # Action array
+        log    = self.log             # Logger for output
+
+        actionp = {}                  # Action production array (temporary)
+
+        log.info('Parsing method: %s', self.lr_method)
+
+        # Step 1: Construct C = { I0, I1, ... IN}, collection of LR(0) items
+        # This determines the number of states
+
+        C = self.lr0_items()
+
+        if self.lr_method == 'LALR':
+            self.add_lalr_lookaheads(C)
+
+        # Build the parser table, state by state
+        st = 0
+        for I in C:
+            # Loop over each production in I
+            actlist = []              # List of actions
+            st_action  = {}
+            st_actionp = {}
+            st_goto    = {}
+            log.info('')
+            log.info('state %d', st)
+            log.info('')
+            for p in I:
+                log.info('    (%d) %s', p.number, p)
+            log.info('')
+
+            for p in I:
+                    if p.len == p.lr_index + 1:
+                        if p.name == "S'":
+                            # Start symbol. Accept!
+                            st_action['$end'] = 0
+                            st_actionp['$end'] = p
+                        else:
+                            # We are at the end of a production.  Reduce!
+                            if self.lr_method == 'LALR':
+                                laheads = p.lookaheads[st]
+                            else:
+                                laheads = self.grammar.Follow[p.name]
+                            for a in laheads:
+                                actlist.append((a, p, 'reduce using rule %d (%s)' % (p.number, p)))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa. Have a shift/reduce or reduce/reduce conflict
+                                    if r > 0:
+                                        # Need to decide on shift or reduce here
+                                        # By default we favor shifting. Need to add
+                                        # some precedence rules here.
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from rule being reduced (p)
+                                        rprec, rlevel = Productions[p.number].prec
+
+                                        if (slevel < rlevel) or ((slevel == rlevel) and (rprec == 'left')):
+                                            # We really need to reduce here.
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+                                            Productions[p.number].reduced += 1
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the shift
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                    elif r < 0:
+                                        # Reduce/reduce conflict.   In this case, we favor the rule
+                                        # that was defined first in the grammar file
+                                        oldp = Productions[-r]
+                                        pp = Productions[p.number]
+                                        if oldp.line > pp.line:
+                                            st_action[a] = -p.number
+                                            st_actionp[a] = p
+                                            chosenp, rejectp = pp, oldp
+                                            Productions[p.number].reduced += 1
+                                            Productions[oldp.number].reduced -= 1
+                                        else:
+                                            chosenp, rejectp = oldp, pp
+                                        self.rr_conflicts.append((st, chosenp, rejectp))
+                                        log.info('  ! reduce/reduce conflict for %s resolved using rule %d (%s)',
+                                                 a, st_actionp[a].number, st_actionp[a])
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = -p.number
+                                    st_actionp[a] = p
+                                    Productions[p.number].reduced += 1
+                    else:
+                        i = p.lr_index
+                        a = p.prod[i+1]       # Get symbol right after the "."
+                        if a in self.grammar.Terminals:
+                            g = self.lr0_goto(I, a)
+                            j = self.lr0_cidhash.get(id(g), -1)
+                            if j >= 0:
+                                # We are in a shift state
+                                actlist.append((a, p, 'shift and go to state %d' % j))
+                                r = st_action.get(a)
+                                if r is not None:
+                                    # Whoa have a shift/reduce or shift/shift conflict
+                                    if r > 0:
+                                        if r != j:
+                                            raise LALRError('Shift/shift conflict in state %d' % st)
+                                    elif r < 0:
+                                        # Do a precedence check.
+                                        #   -  if precedence of reduce rule is higher, we reduce.
+                                        #   -  if precedence of reduce is same and left assoc, we reduce.
+                                        #   -  otherwise we shift
+
+                                        # Shift precedence comes from the token
+                                        sprec, slevel = Precedence.get(a, ('right', 0))
+
+                                        # Reduce precedence comes from the rule that could have been reduced
+                                        rprec, rlevel = Productions[st_actionp[a].number].prec
+
+                                        if (slevel > rlevel) or ((slevel == rlevel) and (rprec == 'right')):
+                                            # We decide to shift here... highest precedence to shift
+                                            Productions[st_actionp[a].number].reduced -= 1
+                                            st_action[a] = j
+                                            st_actionp[a] = p
+                                            if not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as shift', a)
+                                                self.sr_conflicts.append((st, a, 'shift'))
+                                        elif (slevel == rlevel) and (rprec == 'nonassoc'):
+                                            st_action[a] = None
+                                        else:
+                                            # Hmmm. Guess we'll keep the reduce
+                                            if not slevel and not rlevel:
+                                                log.info('  ! shift/reduce conflict for %s resolved as reduce', a)
+                                                self.sr_conflicts.append((st, a, 'reduce'))
+
+                                    else:
+                                        raise LALRError('Unknown conflict in state %d' % st)
+                                else:
+                                    st_action[a] = j
+                                    st_actionp[a] = p
+
+            # Print the actions associated with each terminal
+            _actprint = {}
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is st_actionp[a]:
+                        log.info('    %-15s %s', a, m)
+                        _actprint[(a, m)] = 1
+            log.info('')
+            # Print the actions that were not used. (debugging)
+            not_used = 0
+            for a, p, m in actlist:
+                if a in st_action:
+                    if p is not st_actionp[a]:
+                        if not (a, m) in _actprint:
+                            log.debug('  ! %-15s [ %s ]', a, m)
+                            not_used = 1
+                            _actprint[(a, m)] = 1
+            if not_used:
+                log.debug('')
+
+            # Construct the goto table for this state
+
+            nkeys = {}
+            for ii in I:
+                for s in ii.usyms:
+                    if s in self.grammar.Nonterminals:
+                        nkeys[s] = None
+            for n in nkeys:
+                g = self.lr0_goto(I, n)
+                j = self.lr0_cidhash.get(id(g), -1)
+                if j >= 0:
+                    st_goto[n] = j
+                    log.info('    %-30s shift and go to state %d', n, j)
+
+            action[st] = st_action
+            actionp[st] = st_actionp
+            goto[st] = st_goto
+            st += 1
+
+    # -----------------------------------------------------------------------------
+    # write()
+    #
+    # This function writes the LR parsing tables to a file
+    # -----------------------------------------------------------------------------
+
+    def write_table(self, tabmodule, outputdir='', signature=''):
+        if isinstance(tabmodule, types.ModuleType):
+            raise IOError("Won't overwrite existing tabmodule")
+
+        basemodulename = tabmodule.split('.')[-1]
+        filename = os.path.join(outputdir, basemodulename) + '.py'
+        try:
+            f = open(filename, 'w')
+
+            f.write('''
+# %s
+# This file is automatically generated. Do not edit.
+# pylint: disable=W,C,R
+_tabversion = %r
+
+_lr_method = %r
+
+_lr_signature = %r
+    ''' % (os.path.basename(filename), __tabversion__, self.lr_method, signature))
+
+            # Change smaller to 0 to go back to original tables
+            smaller = 1
+
+            # Factor out names to try and make smaller
+            if smaller:
+                items = {}
+
+                for s, nd in self.lr_action.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_action_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_action = {}
+for _k, _v in _lr_action_items.items():
+   for _x,_y in zip(_v[0],_v[1]):
+      if not _x in _lr_action:  _lr_action[_x] = {}
+      _lr_action[_x][_k] = _y
+del _lr_action_items
+''')
+
+            else:
+                f.write('\n_lr_action = { ')
+                for k, v in self.lr_action.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            if smaller:
+                # Factor out names to try and make smaller
+                items = {}
+
+                for s, nd in self.lr_goto.items():
+                    for name, v in nd.items():
+                        i = items.get(name)
+                        if not i:
+                            i = ([], [])
+                            items[name] = i
+                        i[0].append(s)
+                        i[1].append(v)
+
+                f.write('\n_lr_goto_items = {')
+                for k, v in items.items():
+                    f.write('%r:([' % k)
+                    for i in v[0]:
+                        f.write('%r,' % i)
+                    f.write('],[')
+                    for i in v[1]:
+                        f.write('%r,' % i)
+
+                    f.write(']),')
+                f.write('}\n')
+
+                f.write('''
+_lr_goto = {}
+for _k, _v in _lr_goto_items.items():
+   for _x, _y in zip(_v[0], _v[1]):
+       if not _x in _lr_goto: _lr_goto[_x] = {}
+       _lr_goto[_x][_k] = _y
+del _lr_goto_items
+''')
+            else:
+                f.write('\n_lr_goto = { ')
+                for k, v in self.lr_goto.items():
+                    f.write('(%r,%r):%r,' % (k[0], k[1], v))
+                f.write('}\n')
+
+            # Write production table
+            f.write('_lr_productions = [\n')
+            for p in self.lr_productions:
+                if p.func:
+                    f.write('  (%r,%r,%d,%r,%r,%d),\n' % (p.str, p.name, p.len,
+                                                          p.func, os.path.basename(p.file), p.line))
+                else:
+                    f.write('  (%r,%r,%d,None,None,None),\n' % (str(p), p.name, p.len))
+            f.write(']\n')
+            f.close()
+
+        except IOError as e:
+            raise
+
+
+    # -----------------------------------------------------------------------------
+    # pickle_table()
+    #
+    # This function pickles the LR parsing tables to a supplied file object
+    # -----------------------------------------------------------------------------
+
+    def pickle_table(self, filename, signature=''):
+        try:
+            import cPickle as pickle
+        except ImportError:
+            import pickle
+        with open(filename, 'wb') as outf:
+            pickle.dump(__tabversion__, outf, pickle_protocol)
+            pickle.dump(self.lr_method, outf, pickle_protocol)
+            pickle.dump(signature, outf, pickle_protocol)
+            pickle.dump(self.lr_action, outf, pickle_protocol)
+            pickle.dump(self.lr_goto, outf, pickle_protocol)
+
+            outp = []
+            for p in self.lr_productions:
+                if p.func:
+                    outp.append((p.str, p.name, p.len, p.func, os.path.basename(p.file), p.line))
+                else:
+                    outp.append((str(p), p.name, p.len, None, None, None))
+            pickle.dump(outp, outf, pickle_protocol)
+
+# -----------------------------------------------------------------------------
+#                            === INTROSPECTION ===
+#
+# The following functions and classes are used to implement the PLY
+# introspection features followed by the yacc() function itself.
+# -----------------------------------------------------------------------------
+
+# -----------------------------------------------------------------------------
+# get_caller_module_dict()
+#
+# This function returns a dictionary containing all of the symbols defined within
+# a caller further down the call stack.  This is used to get the environment
+# associated with the yacc() call if none was provided.
+# -----------------------------------------------------------------------------
+
+def get_caller_module_dict(levels):
+    f = sys._getframe(levels)
+    ldict = f.f_globals.copy()
+    if f.f_globals != f.f_locals:
+        ldict.update(f.f_locals)
+    return ldict
+
+# -----------------------------------------------------------------------------
+# parse_grammar()
+#
+# This takes a raw grammar rule string and parses it into production data
+# -----------------------------------------------------------------------------
+def parse_grammar(doc, file, line):
+    grammar = []
+    # Split the doc string into lines
+    pstrings = doc.splitlines()
+    lastp = None
+    dline = line
+    for ps in pstrings:
+        dline += 1
+        p = ps.split()
+        if not p:
+            continue
+        try:
+            if p[0] == '|':
+                # This is a continuation of a previous rule
+                if not lastp:
+                    raise SyntaxError("%s:%d: Misplaced '|'" % (file, dline))
+                prodname = lastp
+                syms = p[1:]
+            else:
+                prodname = p[0]
+                lastp = prodname
+                syms   = p[2:]
+                assign = p[1]
+                if assign != ':' and assign != '::=':
+                    raise SyntaxError("%s:%d: Syntax error. Expected ':'" % (file, dline))
+
+            grammar.append((file, dline, prodname, syms))
+        except SyntaxError:
+            raise
+        except Exception:
+            raise SyntaxError('%s:%d: Syntax error in rule %r' % (file, dline, ps.strip()))
+
+    return grammar
+
+# -----------------------------------------------------------------------------
+# ParserReflect()
+#
+# This class represents information extracted for building a parser including
+# start symbol, error function, tokens, precedence list, action functions,
+# etc.
+# -----------------------------------------------------------------------------
+class ParserReflect(object):
+    def __init__(self, pdict, log=None):
+        self.pdict      = pdict
+        self.start      = None
+        self.error_func = None
+        self.tokens     = None
+        self.modules    = set()
+        self.grammar    = []
+        self.error      = False
+
+        if log is None:
+            self.log = PlyLogger(sys.stderr)
+        else:
+            self.log = log
+
+    # Get all of the basic information
+    def get_all(self):
+        self.get_start()
+        self.get_error_func()
+        self.get_tokens()
+        self.get_precedence()
+        self.get_pfunctions()
+
+    # Validate all of the information
+    def validate_all(self):
+        self.validate_start()
+        self.validate_error_func()
+        self.validate_tokens()
+        self.validate_precedence()
+        self.validate_pfunctions()
+        self.validate_modules()
+        return self.error
+
+    # Compute a signature over the grammar
+    def signature(self):
+        parts = []
+        try:
+            if self.start:
+                parts.append(self.start)
+            if self.prec:
+                parts.append(''.join([''.join(p) for p in self.prec]))
+            if self.tokens:
+                parts.append(' '.join(self.tokens))
+            for f in self.pfuncs:
+                if f[3]:
+                    parts.append(f[3])
+        except (TypeError, ValueError):
+            pass
+        return ''.join(parts)
+
+    # -----------------------------------------------------------------------------
+    # validate_modules()
+    #
+    # This method checks to see if there are duplicated p_rulename() functions
+    # in the parser module file.  Without this function, it is really easy for
+    # users to make mistakes by cutting and pasting code fragments (and it's a real
+    # bugger to try and figure out why the resulting parser doesn't work).  Therefore,
+    # we just do a little regular expression pattern matching of def statements
+    # to try and detect duplicates.
+    # -----------------------------------------------------------------------------
+
+    def validate_modules(self):
+        # Match def p_funcname(
+        fre = re.compile(r'\s*def\s+(p_[a-zA-Z_0-9]*)\(')
+
+        for module in self.modules:
+            try:
+                lines, linen = inspect.getsourcelines(module)
+            except IOError:
+                continue
+
+            counthash = {}
+            for linen, line in enumerate(lines):
+                linen += 1
+                m = fre.match(line)
+                if m:
+                    name = m.group(1)
+                    prev = counthash.get(name)
+                    if not prev:
+                        counthash[name] = linen
+                    else:
+                        filename = inspect.getsourcefile(module)
+                        self.log.warning('%s:%d: Function %s redefined. Previously defined on line %d',
+                                         filename, linen, name, prev)
+
+    # Get the start symbol
+    def get_start(self):
+        self.start = self.pdict.get('start')
+
+    # Validate the start symbol
+    def validate_start(self):
+        if self.start is not None:
+            if not isinstance(self.start, string_types):
+                self.log.error("'start' must be a string")
+
+    # Look for error handler
+    def get_error_func(self):
+        self.error_func = self.pdict.get('p_error')
+
+    # Validate the error function
+    def validate_error_func(self):
+        if self.error_func:
+            if isinstance(self.error_func, types.FunctionType):
+                ismethod = 0
+            elif isinstance(self.error_func, types.MethodType):
+                ismethod = 1
+            else:
+                self.log.error("'p_error' defined, but is not a function or method")
+                self.error = True
+                return
+
+            eline = self.error_func.__code__.co_firstlineno
+            efile = self.error_func.__code__.co_filename
+            module = inspect.getmodule(self.error_func)
+            self.modules.add(module)
+
+            argcount = self.error_func.__code__.co_argcount - ismethod
+            if argcount != 1:
+                self.log.error('%s:%d: p_error() requires 1 argument', efile, eline)
+                self.error = True
+
+    # Get the tokens map
+    def get_tokens(self):
+        tokens = self.pdict.get('tokens')
+        if not tokens:
+            self.log.error('No token list is defined')
+            self.error = True
+            return
+
+        if not isinstance(tokens, (list, tuple)):
+            self.log.error('tokens must be a list or tuple')
+            self.error = True
+            return
+
+        if not tokens:
+            self.log.error('tokens is empty')
+            self.error = True
+            return
+
+        self.tokens = sorted(tokens)
+
+    # Validate the tokens
+    def validate_tokens(self):
+        # Validate the tokens.
+        if 'error' in self.tokens:
+            self.log.error("Illegal token name 'error'. Is a reserved word")
+            self.error = True
+            return
+
+        terminals = set()
+        for n in self.tokens:
+            if n in terminals:
+                self.log.warning('Token %r multiply defined', n)
+            terminals.add(n)
+
+    # Get the precedence map (if any)
+    def get_precedence(self):
+        self.prec = self.pdict.get('precedence')
+
+    # Validate and parse the precedence map
+    def validate_precedence(self):
+        preclist = []
+        if self.prec:
+            if not isinstance(self.prec, (list, tuple)):
+                self.log.error('precedence must be a list or tuple')
+                self.error = True
+                return
+            for level, p in enumerate(self.prec):
+                if not isinstance(p, (list, tuple)):
+                    self.log.error('Bad precedence table')
+                    self.error = True
+                    return
+
+                if len(p) < 2:
+                    self.log.error('Malformed precedence entry %s. Must be (assoc, term, ..., term)', p)
+                    self.error = True
+                    return
+                assoc = p[0]
+                if not isinstance(assoc, string_types):
+                    self.log.error('precedence associativity must be a string')
+                    self.error = True
+                    return
+                for term in p[1:]:
+                    if not isinstance(term, string_types):
+                        self.log.error('precedence items must be strings')
+                        self.error = True
+                        return
+                    preclist.append((term, assoc, level+1))
+        self.preclist = preclist
+
+    # Get all p_functions from the grammar
+    def get_pfunctions(self):
+        p_functions = []
+        for name, item in self.pdict.items():
+            if not name.startswith('p_') or name == 'p_error':
+                continue
+            if isinstance(item, (types.FunctionType, types.MethodType)):
+                line = getattr(item, 'co_firstlineno', item.__code__.co_firstlineno)
+                module = inspect.getmodule(item)
+                p_functions.append((line, module, name, item.__doc__))
+
+        # Sort all of the actions by line number; make sure to stringify
+        # modules to make them sortable, since `line` may not uniquely sort all
+        # p functions
+        p_functions.sort(key=lambda p_function: (
+            p_function[0],
+            str(p_function[1]),
+            p_function[2],
+            p_function[3]))
+        self.pfuncs = p_functions
+
+    # Validate all of the p_functions
+    def validate_pfunctions(self):
+        grammar = []
+        # Check for non-empty symbols
+        if len(self.pfuncs) == 0:
+            self.log.error('no rules of the form p_rulename are defined')
+            self.error = True
+            return
+
+        for line, module, name, doc in self.pfuncs:
+            file = inspect.getsourcefile(module)
+            func = self.pdict[name]
+            if isinstance(func, types.MethodType):
+                reqargs = 2
+            else:
+                reqargs = 1
+            if func.__code__.co_argcount > reqargs:
+                self.log.error('%s:%d: Rule %r has too many arguments', file, line, func.__name__)
+                self.error = True
+            elif func.__code__.co_argcount < reqargs:
+                self.log.error('%s:%d: Rule %r requires an argument', file, line, func.__name__)
+                self.error = True
+            elif not func.__doc__:
+                self.log.warning('%s:%d: No documentation string specified in function %r (ignored)',
+                                 file, line, func.__name__)
+            else:
+                try:
+                    parsed_g = parse_grammar(doc, file, line)
+                    for g in parsed_g:
+                        grammar.append((name, g))
+                except SyntaxError as e:
+                    self.log.error(str(e))
+                    self.error = True
+
+                # Looks like a valid grammar rule
+                # Mark the file in which defined.
+                self.modules.add(module)
+
+        # Secondary validation step that looks for p_ definitions that are not functions
+        # or functions that look like they might be grammar rules.
+
+        for n, v in self.pdict.items():
+            if n.startswith('p_') and isinstance(v, (types.FunctionType, types.MethodType)):
+                continue
+            if n.startswith('t_'):
+                continue
+            if n.startswith('p_') and n != 'p_error':
+                self.log.warning('%r not defined as a function', n)
+            if ((isinstance(v, types.FunctionType) and v.__code__.co_argcount == 1) or
+                   (isinstance(v, types.MethodType) and v.__func__.__code__.co_argcount == 2)):
+                if v.__doc__:
+                    try:
+                        doc = v.__doc__.split(' ')
+                        if doc[1] == ':':
+                            self.log.warning('%s:%d: Possible grammar rule %r defined without p_ prefix',
+                                             v.__code__.co_filename, v.__code__.co_firstlineno, n)
+                    except IndexError:
+                        pass
+
+        self.grammar = grammar
+
+# -----------------------------------------------------------------------------
+# yacc(module)
+#
+# Build a parser
+# -----------------------------------------------------------------------------
+
+def yacc(method='LALR', debug=yaccdebug, module=None, tabmodule=tab_module, start=None,
+         check_recursion=True, optimize=False, write_tables=True, debugfile=debug_file,
+         outputdir=None, debuglog=None, errorlog=None, picklefile=None):
+
+    if tabmodule is None:
+        tabmodule = tab_module
+
+    # Reference to the parsing method of the last built parser
+    global parse
+
+    # If pickling is enabled, table files are not created
+    if picklefile:
+        write_tables = 0
+
+    if errorlog is None:
+        errorlog = PlyLogger(sys.stderr)
+
+    # Get the module dictionary used for the parser
+    if module:
+        _items = [(k, getattr(module, k)) for k in dir(module)]
+        pdict = dict(_items)
+        # If no __file__ or __package__ attributes are available, try to obtain them
+        # from the __module__ instead
+        if '__file__' not in pdict:
+            pdict['__file__'] = sys.modules[pdict['__module__']].__file__
+        if '__package__' not in pdict and '__module__' in pdict:
+            if hasattr(sys.modules[pdict['__module__']], '__package__'):
+                pdict['__package__'] = sys.modules[pdict['__module__']].__package__
+    else:
+        pdict = get_caller_module_dict(2)
+
+    if outputdir is None:
+        # If no output directory is set, the location of the output files
+        # is determined according to the following rules:
+        #     - If tabmodule specifies a package, files go into that package directory
+        #     - Otherwise, files go in the same directory as the specifying module
+        if isinstance(tabmodule, types.ModuleType):
+            srcfile = tabmodule.__file__
+        else:
+            if '.' not in tabmodule:
+                srcfile = pdict['__file__']
+            else:
+                parts = tabmodule.split('.')
+                pkgname = '.'.join(parts[:-1])
+                exec('import %s' % pkgname)
+                srcfile = getattr(sys.modules[pkgname], '__file__', '')
+        outputdir = os.path.dirname(srcfile)
+
+    # Determine if the module is package of a package or not.
+    # If so, fix the tabmodule setting so that tables load correctly
+    pkg = pdict.get('__package__')
+    if pkg and isinstance(tabmodule, str):
+        if '.' not in tabmodule:
+            tabmodule = pkg + '.' + tabmodule
+
+
+
+    # Set start symbol if it's specified directly using an argument
+    if start is not None:
+        pdict['start'] = start
+
+    # Collect parser information from the dictionary
+    pinfo = ParserReflect(pdict, log=errorlog)
+    pinfo.get_all()
+
+    if pinfo.error:
+        raise YaccError('Unable to build parser')
+
+    # Check signature against table files (if any)
+    signature = pinfo.signature()
+
+    # Read the tables
+    try:
+        lr = LRTable()
+        if picklefile:
+            read_signature = lr.read_pickle(picklefile)
+        else:
+            read_signature = lr.read_table(tabmodule)
+        if optimize or (read_signature == signature):
+            try:
+                lr.bind_callables(pinfo.pdict)
+                parser = LRParser(lr, pinfo.error_func)
+                parse = parser.parse
+                return parser
+            except Exception as e:
+                errorlog.warning('There was a problem loading the table file: %r', e)
+    except VersionError as e:
+        errorlog.warning(str(e))
+    except ImportError:
+        pass
+
+    if debuglog is None:
+        if debug:
+            try:
+                debuglog = PlyLogger(open(os.path.join(outputdir, debugfile), 'w'))
+            except IOError as e:
+                errorlog.warning("Couldn't open %r. %s" % (debugfile, e))
+                debuglog = NullLogger()
+        else:
+            debuglog = NullLogger()
+
+    debuglog.info('Created by PLY version %s (http://www.dabeaz.com/ply)', __version__)
+
+    errors = False
+
+    # Validate the parser information
+    if pinfo.validate_all():
+        raise YaccError('Unable to build parser')
+
+    if not pinfo.error_func:
+        errorlog.warning('no p_error() function is defined')
+
+    # Create a grammar object
+    grammar = Grammar(pinfo.tokens)
+
+    # Set precedence level for terminals
+    for term, assoc, level in pinfo.preclist:
+        try:
+            grammar.set_precedence(term, assoc, level)
+        except GrammarError as e:
+            errorlog.warning('%s', e)
+
+    # Add productions to the grammar
+    for funcname, gram in pinfo.grammar:
+        file, line, prodname, syms = gram
+        try:
+            grammar.add_production(prodname, syms, funcname, file, line)
+        except GrammarError as e:
+            errorlog.error('%s', e)
+            errors = True
+
+    # Set the grammar start symbols
+    try:
+        if start is None:
+            grammar.set_start(pinfo.start)
+        else:
+            grammar.set_start(start)
+    except GrammarError as e:
+        errorlog.error(str(e))
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Verify the grammar structure
+    undefined_symbols = grammar.undefined_symbols()
+    for sym, prod in undefined_symbols:
+        errorlog.error('%s:%d: Symbol %r used, but not defined as a token or a rule', prod.file, prod.line, sym)
+        errors = True
+
+    unused_terminals = grammar.unused_terminals()
+    if unused_terminals:
+        debuglog.info('')
+        debuglog.info('Unused terminals:')
+        debuglog.info('')
+        for term in unused_terminals:
+            errorlog.warning('Token %r defined, but not used', term)
+            debuglog.info('    %s', term)
+
+    # Print out all productions to the debug log
+    if debug:
+        debuglog.info('')
+        debuglog.info('Grammar')
+        debuglog.info('')
+        for n, p in enumerate(grammar.Productions):
+            debuglog.info('Rule %-5d %s', n, p)
+
+    # Find unused non-terminals
+    unused_rules = grammar.unused_rules()
+    for prod in unused_rules:
+        errorlog.warning('%s:%d: Rule %r defined, but not used', prod.file, prod.line, prod.name)
+
+    if len(unused_terminals) == 1:
+        errorlog.warning('There is 1 unused token')
+    if len(unused_terminals) > 1:
+        errorlog.warning('There are %d unused tokens', len(unused_terminals))
+
+    if len(unused_rules) == 1:
+        errorlog.warning('There is 1 unused rule')
+    if len(unused_rules) > 1:
+        errorlog.warning('There are %d unused rules', len(unused_rules))
+
+    if debug:
+        debuglog.info('')
+        debuglog.info('Terminals, with rules where they appear')
+        debuglog.info('')
+        terms = list(grammar.Terminals)
+        terms.sort()
+        for term in terms:
+            debuglog.info('%-20s : %s', term, ' '.join([str(s) for s in grammar.Terminals[term]]))
+
+        debuglog.info('')
+        debuglog.info('Nonterminals, with rules where they appear')
+        debuglog.info('')
+        nonterms = list(grammar.Nonterminals)
+        nonterms.sort()
+        for nonterm in nonterms:
+            debuglog.info('%-20s : %s', nonterm, ' '.join([str(s) for s in grammar.Nonterminals[nonterm]]))
+        debuglog.info('')
+
+    if check_recursion:
+        unreachable = grammar.find_unreachable()
+        for u in unreachable:
+            errorlog.warning('Symbol %r is unreachable', u)
+
+        infinite = grammar.infinite_cycles()
+        for inf in infinite:
+            errorlog.error('Infinite recursion detected for symbol %r', inf)
+            errors = True
+
+    unused_prec = grammar.unused_precedence()
+    for term, assoc in unused_prec:
+        errorlog.error('Precedence rule %r defined for unknown symbol %r', assoc, term)
+        errors = True
+
+    if errors:
+        raise YaccError('Unable to build parser')
+
+    # Run the LRGeneratedTable on the grammar
+    if debug:
+        errorlog.debug('Generating %s tables', method)
+
+    lr = LRGeneratedTable(grammar, method, debuglog)
+
+    if debug:
+        num_sr = len(lr.sr_conflicts)
+
+        # Report shift/reduce and reduce/reduce conflicts
+        if num_sr == 1:
+            errorlog.warning('1 shift/reduce conflict')
+        elif num_sr > 1:
+            errorlog.warning('%d shift/reduce conflicts', num_sr)
+
+        num_rr = len(lr.rr_conflicts)
+        if num_rr == 1:
+            errorlog.warning('1 reduce/reduce conflict')
+        elif num_rr > 1:
+            errorlog.warning('%d reduce/reduce conflicts', num_rr)
+
+    # Write out conflicts to the output file
+    if debug and (lr.sr_conflicts or lr.rr_conflicts):
+        debuglog.warning('')
+        debuglog.warning('Conflicts:')
+        debuglog.warning('')
+
+        for state, tok, resolution in lr.sr_conflicts:
+            debuglog.warning('shift/reduce conflict for %s in state %d resolved as %s',  tok, state, resolution)
+
+        already_reported = set()
+        for state, rule, rejected in lr.rr_conflicts:
+            if (state, id(rule), id(rejected)) in already_reported:
+                continue
+            debuglog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            debuglog.warning('rejected rule (%s) in state %d', rejected, state)
+            errorlog.warning('reduce/reduce conflict in state %d resolved using rule (%s)', state, rule)
+            errorlog.warning('rejected rule (%s) in state %d', rejected, state)
+            already_reported.add((state, id(rule), id(rejected)))
+
+        warned_never = []
+        for state, rule, rejected in lr.rr_conflicts:
+            if not rejected.reduced and (rejected not in warned_never):
+                debuglog.warning('Rule (%s) is never reduced', rejected)
+                errorlog.warning('Rule (%s) is never reduced', rejected)
+                warned_never.append(rejected)
+
+    # Write the table file if requested
+    if write_tables:
+        try:
+            lr.write_table(tabmodule, outputdir, signature)
+            if tabmodule in sys.modules:
+                del sys.modules[tabmodule]
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (tabmodule, e))
+
+    # Write a pickled version of the tables
+    if picklefile:
+        try:
+            lr.pickle_table(picklefile, signature)
+        except IOError as e:
+            errorlog.warning("Couldn't create %r. %s" % (picklefile, e))
+
+    # Build the parser
+    lr.bind_callables(pinfo.pdict)
+    parser = LRParser(lr, pinfo.error_func)
+
+    parse = parser.parse
+    return parser
diff --git a/lib/go-jinja2/internal/data/windows-amd64/ply/ygen.py b/lib/go-jinja2/internal/data/windows-amd64/ply/ygen.py
new file mode 100644
index 000000000..03b93180a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/ply/ygen.py
@@ -0,0 +1,69 @@
+# ply: ygen.py
+#
+# This is a support program that auto-generates different versions of the YACC parsing
+# function with different features removed for the purposes of performance.
+#
+# Users should edit the method LRParser.parsedebug() in yacc.py.   The source code
+# for that method is then used to create the other methods.   See the comments in
+# yacc.py for further details.
+
+import os.path
+import shutil
+
+def get_source_range(lines, tag):
+    srclines = enumerate(lines)
+    start_tag = '#--! %s-start' % tag
+    end_tag = '#--! %s-end' % tag
+
+    for start_index, line in srclines:
+        if line.strip().startswith(start_tag):
+            break
+
+    for end_index, line in srclines:
+        if line.strip().endswith(end_tag):
+            break
+
+    return (start_index + 1, end_index)
+
+def filter_section(lines, tag):
+    filtered_lines = []
+    include = True
+    tag_text = '#--! %s' % tag
+    for line in lines:
+        if line.strip().startswith(tag_text):
+            include = not include
+        elif include:
+            filtered_lines.append(line)
+    return filtered_lines
+
+def main():
+    dirname = os.path.dirname(__file__)
+    shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak'))
+    with open(os.path.join(dirname, 'yacc.py'), 'r') as f:
+        lines = f.readlines()
+
+    parse_start, parse_end = get_source_range(lines, 'parsedebug')
+    parseopt_start, parseopt_end = get_source_range(lines, 'parseopt')
+    parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack')
+
+    # Get the original source
+    orig_lines = lines[parse_start:parse_end]
+
+    # Filter the DEBUG sections out
+    parseopt_lines = filter_section(orig_lines, 'DEBUG')
+
+    # Filter the TRACKING sections out
+    parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING')
+
+    # Replace the parser source sections with updated versions
+    lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines
+    lines[parseopt_start:parseopt_end] = parseopt_lines
+
+    lines = [line.rstrip()+'\n' for line in lines]
+    with open(os.path.join(dirname, 'yacc.py'), 'w') as f:
+        f.writelines(lines)
+
+    print('Updated yacc.py')
+
+if __name__ == '__main__':
+    main()
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/LICENSE b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/LICENSE
new file mode 100644
index 000000000..82af695f5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/LICENSE
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) Val Neekman @ Neekware Inc. http://neekware.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/METADATA
new file mode 100644
index 000000000..d02e1c298
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/METADATA
@@ -0,0 +1,246 @@
+Metadata-Version: 2.1
+Name: python-slugify
+Version: 8.0.4
+Summary: A Python slugify application that also handles Unicode
+Home-page: https://github.com/un33k/python-slugify
+Author: Val Neekman
+Author-email: info@neekware.com
+License: MIT
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: Natural Language :: English
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: text-unidecode (>=1.3)
+Provides-Extra: unidecode
+Requires-Dist: Unidecode (>=1.1.1) ; extra == 'unidecode'
+
+# Python Slugify
+
+**A Python slugify application that handles unicode**.
+
+[![status-image]][status-link]
+[![version-image]][version-link]
+[![coverage-image]][coverage-link]
+
+# Overview
+
+**Best attempt** to create slugs from unicode strings while keeping it **DRY**.
+
+# Notice
+
+This module, by default installs and uses [text-unidecode](https://github.com/kmike/text-unidecode) _(GPL & Perl Artistic)_ for its decoding needs.
+
+However, there is an alternative decoding package called [Unidecode](https://github.com/avian2/unidecode) _(GPL)_. It can be installed as `python-slugify[unidecode]` for those who prefer it. `Unidecode` is believed to be more [advanced](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki#notes-on-unidecode).
+
+### `Official` Support Matrix
+
+| Python         | Slugify            |
+| -------------- | ------------------ |
+| `>= 2.7 < 3.6` | `< 5.0.0`          |
+| `>= 3.6 < 3.7` | `>= 5.0.0 < 7.0.0` |
+| `>= 3.7`       | `>= 7.0.0`         |
+
+# How to install
+
+    easy_install python-slugify |OR| easy_install python-slugify[unidecode]
+    -- OR --
+    pip install python-slugify |OR| pip install python-slugify[unidecode]
+
+# Options
+
+```python
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+  """
+  Make a slug from the given text.
+  :param text (str): initial text
+  :param entities (bool): converts html entities to unicode (foo &amp; bar -> foo-bar)
+  :param decimal (bool): converts html decimal to unicode (&#381; -> Ž -> z)
+  :param hexadecimal (bool): converts html hexadecimal to unicode (&#x17D; -> Ž -> z)
+  :param max_length (int): output string length
+  :param word_boundary (bool): truncates to end of full words (length may be shorter than max_length)
+  :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+  :param separator (str): separator between words
+  :param stopwords (iterable): words to discount
+  :param regex_pattern (str): regex pattern for disallowed characters
+  :param lowercase (bool): activate case sensitivity by setting it to False
+  :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+  :param allow_unicode (bool): allow unicode characters
+  :return (str): slugify text
+  """
+```
+
+# How to use
+
+```python
+from slugify import slugify
+
+txt = "This is a test ---"
+r = slugify(txt)
+self.assertEqual(r, "this-is-a-test")
+
+txt = '影師嗎'
+r = slugify(txt)
+self.assertEqual(r, "ying-shi-ma")
+
+txt = '影師嗎'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "影師嗎")
+
+txt = 'C\'est déjà l\'été.'
+r = slugify(txt)
+self.assertEqual(r, "c-est-deja-l-ete")
+
+txt = 'Nín hǎo. Wǒ shì zhōng guó rén'
+r = slugify(txt)
+self.assertEqual(r, "nin-hao-wo-shi-zhong-guo-ren")
+
+txt = 'Компьютер'
+r = slugify(txt)
+self.assertEqual(r, "kompiuter")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=9)
+self.assertEqual(r, "jaja-lol")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=15, word_boundary=True)
+self.assertEqual(r, "jaja-lol-a")
+
+txt = 'jaja---lol-méméméoo--a'
+r = slugify(txt, max_length=20, word_boundary=True, separator=".")
+self.assertEqual(r, "jaja.lol.mememeoo.a")
+
+txt = 'one two three four five'
+r = slugify(txt, max_length=13, word_boundary=True, save_order=True)
+self.assertEqual(r, "one-two-three")
+
+txt = 'the quick brown fox jumps over the lazy dog'
+r = slugify(txt, stopwords=['the'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'the quick brown fox jumps over the lazy dog in a hurry'
+r = slugify(txt, stopwords=['the', 'in', 'a', 'hurry'])
+self.assertEqual(r, 'quick-brown-fox-jumps-over-lazy-dog')
+
+txt = 'thIs Has a stopword Stopword'
+r = slugify(txt, stopwords=['Stopword'], lowercase=False)
+self.assertEqual(r, 'thIs-Has-a-stopword')
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, regex_pattern=regex_pattern)
+self.assertEqual(r, "___this-is-a-test___")
+
+txt = "___This is a test___"
+regex_pattern = r'[^-a-z0-9_]+'
+r = slugify(txt, separator='_', regex_pattern=regex_pattern)
+self.assertNotEqual(r, "_this_is_a_test_")
+
+txt = '10 | 20 %'
+r = slugify(txt, replacements=[['|', 'or'], ['%', 'percent']])
+self.assertEqual(r, "10-or-20-percent")
+
+txt = 'ÜBER Über German Umlaut'
+r = slugify(txt, replacements=[['Ü', 'UE'], ['ü', 'ue']])
+self.assertEqual(r, "ueber-ueber-german-umlaut")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True)
+self.assertEqual(r, "i-love")
+
+txt = 'i love 🦄'
+r = slugify(txt, allow_unicode=True, regex_pattern=r'[^🦄]+')
+self.assertEqual(r, "🦄")
+
+```
+
+For more examples, have a look at the [test.py](test.py) file.
+
+# Command Line Options
+
+With the package, a command line tool called `slugify` is also installed.
+
+It allows convenient command line access to all the features the `slugify` function supports. Call it with `-h` for help.
+
+The command can take its input directly on the command line or from STDIN (when the `--stdin` flag is passed):
+
+```
+$ echo "Taking input from STDIN" | slugify --stdin
+taking-input-from-stdin
+```
+
+```
+$ slugify taking input from the command line
+taking-input-from-the-command-line
+```
+
+Please note that when a multi-valued option such as `--stopwords` or `--replacements` is passed, you need to use `--` as separator before you start with the input:
+
+```
+$ slugify --stopwords the in a hurry -- the quick brown fox jumps over the lazy dog in a hurry
+quick-brown-fox-jumps-over-lazy-dog
+```
+
+# Running the tests
+
+To run the tests against the current environment:
+
+    python test.py
+
+# Contribution
+
+Please read the ([wiki](https://github.com/un33k/python-slugify/wiki/Python-Slugify-Wiki)) page prior to raising any PRs.
+
+# License
+
+Released under a ([MIT](LICENSE)) license.
+
+### Notes on GPL dependencies
+Though the dependencies may be GPL licensed, `python-slugify` itself is not considered a derivative work and will remain under the MIT license.  
+If you wish to avoid installation of any GPL licensed packages, please note that the default dependency `text-unidecode` explicitly lets you choose to use the [Artistic License](https://opensource.org/license/artistic-perl-1-0-2/) instead. Use without concern.
+
+# Version
+
+X.Y.Z Version
+
+    `MAJOR` version -- when you make incompatible API changes,
+    `MINOR` version -- when you add functionality in a backwards-compatible manner, and
+    `PATCH` version -- when you make backwards-compatible bug fixes.
+
+[status-image]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml/badge.svg
+[status-link]: https://github.com/un33k/python-slugify/actions/workflows/ci.yml
+[version-image]: https://img.shields.io/pypi/v/python-slugify.svg
+[version-link]: https://pypi.python.org/pypi/python-slugify
+[coverage-image]: https://coveralls.io/repos/un33k/python-slugify/badge.svg
+[coverage-link]: https://coveralls.io/r/un33k/python-slugify
+[download-image]: https://img.shields.io/pypi/dm/python-slugify.svg
+[download-link]: https://pypi.python.org/pypi/python-slugify
+
+# Sponsors
+
+[Neekware Inc.](http://neekware.com)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/RECORD
new file mode 100644
index 000000000..a0d8db6bc
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/RECORD
@@ -0,0 +1,20 @@
+../../bin/slugify,sha256=GxvShttSy8o5i9l0gIiyoFLocfSAF_YtEV2beq2JdqE,240
+python_slugify-8.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+python_slugify-8.0.4.dist-info/LICENSE,sha256=MLpNxpqfTc4TLdcDk3x6k7Vz4lJGBNLV-SxQZlFMDU8,1103
+python_slugify-8.0.4.dist-info/METADATA,sha256=FI0O_4c5wefK7aGhDtE_gmVk35TFPWWsQRAv9qLC74I,8469
+python_slugify-8.0.4.dist-info/RECORD,,
+python_slugify-8.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+python_slugify-8.0.4.dist-info/WHEEL,sha256=k3vXr0c0OitO0k9eCWBlI2yTYnpb_n_I2SGzrrfY7HY,110
+python_slugify-8.0.4.dist-info/entry_points.txt,sha256=s_Bxn3Nd2lsHTQ4PFCQ2z3o3xMgzQTtPPx3UGsUnI9I,50
+python_slugify-8.0.4.dist-info/top_level.txt,sha256=D7zuR7zxISqlCxArlOOOuLsWObz1_3jgosq5XhlSpew,8
+slugify/__init__.py,sha256=Q-9bKCQv89uf3bJr_yHxMPhBWXN8YCzlxQwK_kdpefI,346
+slugify/__main__.py,sha256=1kv8A15Tg_3-lrwRSVuHoYuA8_ykvra3OhCA0xYo1cY,3961
+slugify/__pycache__/__init__.cpython-311.pyc,,
+slugify/__pycache__/__main__.cpython-311.pyc,,
+slugify/__pycache__/__version__.cpython-311.pyc,,
+slugify/__pycache__/slugify.cpython-311.pyc,,
+slugify/__pycache__/special.cpython-311.pyc,,
+slugify/__version__.py,sha256=Dh3y4MnWAjNJGbaoRm3dfiytyF-iD5d-3OCfGyl__Y8,325
+slugify/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+slugify/slugify.py,sha256=MQPsw0u2g2LU-8BBT7K0DOlGtAhIxoKHQD4fWltKllY,6180
+slugify/special.py,sha256=8bHAPGnZ-1keuW4x2WZdFXVb9LFoS7i9Jo4ty_2D8hA,1222
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/REQUESTED
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/WHEEL
new file mode 100644
index 000000000..09b796edd
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.41.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
new file mode 100644
index 000000000..3031584eb
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+slugify = slugify.__main__:main
diff --git a/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/top_level.txt
new file mode 100644
index 000000000..f4843f722
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/python_slugify-8.0.4.dist-info/top_level.txt
@@ -0,0 +1 @@
+slugify
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/slugify/__init__.py
new file mode 100644
index 000000000..6d3279fb1
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/slugify/__init__.py
@@ -0,0 +1,10 @@
+from .special import *
+from .slugify import *
+from .__version__ import __title__
+from .__version__ import __author__
+from .__version__ import __author_email__
+from .__version__ import __description__
+from .__version__ import __url__
+from .__version__ import __license__
+from .__version__ import __copyright__
+from .__version__ import __version__
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/__main__.py b/lib/go-jinja2/internal/data/windows-amd64/slugify/__main__.py
new file mode 100644
index 000000000..4cc461622
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/slugify/__main__.py
@@ -0,0 +1,98 @@
+from __future__ import annotations
+
+import argparse
+import sys
+from typing import Any
+
+from .slugify import slugify, DEFAULT_SEPARATOR
+
+
+def parse_args(argv: list[str]) -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Slug string")
+
+    input_group = parser.add_argument_group(description="Input")
+    input_group.add_argument("input_string", nargs='*',
+                             help='Text to slugify')
+    input_group.add_argument("--stdin", action='store_true',
+                             help="Take the text from STDIN")
+
+    parser.add_argument("--no-entities", action='store_false', dest='entities', default=True,
+                        help="Do not convert HTML entities to unicode")
+    parser.add_argument("--no-decimal", action='store_false', dest='decimal', default=True,
+                        help="Do not convert HTML decimal to unicode")
+    parser.add_argument("--no-hexadecimal", action='store_false', dest='hexadecimal', default=True,
+                        help="Do not convert HTML hexadecimal to unicode")
+    parser.add_argument("--max-length", type=int, default=0,
+                        help="Output string length, 0 for no limit")
+    parser.add_argument("--word-boundary", action='store_true', default=False,
+                        help="Truncate to complete word even if length ends up shorter than --max_length")
+    parser.add_argument("--save-order", action='store_true', default=False,
+                        help="When set and --max_length > 0 return whole words in the initial order")
+    parser.add_argument("--separator", type=str, default=DEFAULT_SEPARATOR,
+                        help="Separator between words. By default " + DEFAULT_SEPARATOR)
+    parser.add_argument("--stopwords", nargs='+',
+                        help="Words to discount")
+    parser.add_argument("--regex-pattern",
+                        help="Python regex pattern for disallowed characters")
+    parser.add_argument("--no-lowercase", action='store_false', dest='lowercase', default=True,
+                        help="Activate case sensitivity")
+    parser.add_argument("--replacements", nargs='+',
+                        help="""Additional replacement rules e.g. "|->or", "%%->percent".""")
+    parser.add_argument("--allow-unicode", action='store_true', default=False,
+                        help="Allow unicode characters")
+
+    args = parser.parse_args(argv[1:])
+
+    if args.input_string and args.stdin:
+        parser.error("Input strings and --stdin cannot work together")
+
+    if args.replacements:
+        def split_check(repl):
+            SEP = '->'
+            if SEP not in repl:
+                parser.error("Replacements must be of the form: ORIGINAL{SEP}REPLACED".format(SEP=SEP))
+            return repl.split(SEP, 1)
+        args.replacements = [split_check(repl) for repl in args.replacements]
+
+    if args.input_string:
+        args.input_string = " ".join(args.input_string)
+    elif args.stdin:
+        args.input_string = sys.stdin.read()
+
+    if not args.input_string:
+        args.input_string = ''
+
+    return args
+
+
+def slugify_params(args: argparse.Namespace) -> dict[str, Any]:
+    return dict(
+        text=args.input_string,
+        entities=args.entities,
+        decimal=args.decimal,
+        hexadecimal=args.hexadecimal,
+        max_length=args.max_length,
+        word_boundary=args.word_boundary,
+        save_order=args.save_order,
+        separator=args.separator,
+        stopwords=args.stopwords,
+        lowercase=args.lowercase,
+        replacements=args.replacements,
+        allow_unicode=args.allow_unicode
+    )
+
+
+def main(argv: list[str] | None = None):  # pragma: no cover
+    """ Run this program """
+    if argv is None:
+        argv = sys.argv
+    args = parse_args(argv)
+    params = slugify_params(args)
+    try:
+        print(slugify(**params))
+    except KeyboardInterrupt:
+        sys.exit(-1)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/__version__.py b/lib/go-jinja2/internal/data/windows-amd64/slugify/__version__.py
new file mode 100644
index 000000000..854038e50
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/slugify/__version__.py
@@ -0,0 +1,8 @@
+__title__ = 'python-slugify'
+__author__ = 'Val Neekman'
+__author_email__ = 'info@neekware.com'
+__description__ = 'A Python slugify application that also handles Unicode'
+__url__ = 'https://github.com/un33k/python-slugify'
+__license__ = 'MIT'
+__copyright__ = 'Copyright 2022 Val Neekman @ Neekware Inc.'
+__version__ = '8.0.4'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/py.typed b/lib/go-jinja2/internal/data/windows-amd64/slugify/py.typed
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/slugify.py b/lib/go-jinja2/internal/data/windows-amd64/slugify/slugify.py
new file mode 100644
index 000000000..09c7e076c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/slugify/slugify.py
@@ -0,0 +1,197 @@
+from __future__ import annotations
+
+import re
+import unicodedata
+from collections.abc import Iterable
+from html.entities import name2codepoint
+
+try:
+    import unidecode
+except ImportError:
+    import text_unidecode as unidecode
+
+__all__ = ['slugify', 'smart_truncate']
+
+
+CHAR_ENTITY_PATTERN = re.compile(r'&(%s);' % '|'.join(name2codepoint))
+DECIMAL_PATTERN = re.compile(r'&#(\d+);')
+HEX_PATTERN = re.compile(r'&#x([\da-fA-F]+);')
+QUOTE_PATTERN = re.compile(r'[\']+')
+DISALLOWED_CHARS_PATTERN = re.compile(r'[^-a-zA-Z0-9]+')
+DISALLOWED_UNICODE_CHARS_PATTERN = re.compile(r'[\W_]+')
+DUPLICATE_DASH_PATTERN = re.compile(r'-{2,}')
+NUMBERS_PATTERN = re.compile(r'(?<=\d),(?=\d)')
+DEFAULT_SEPARATOR = '-'
+
+
+def smart_truncate(
+    string: str,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = " ",
+    save_order: bool = False,
+) -> str:
+    """
+    Truncate a string.
+    :param string (str): string for modification
+    :param max_length (int): output string length
+    :param word_boundary (bool):
+    :param save_order (bool): if True then word order of output string is like input string
+    :param separator (str): separator between words
+    :return:
+    """
+
+    string = string.strip(separator)
+
+    if not max_length:
+        return string
+
+    if len(string) < max_length:
+        return string
+
+    if not word_boundary:
+        return string[:max_length].strip(separator)
+
+    if separator not in string:
+        return string[:max_length]
+
+    truncated = ''
+    for word in string.split(separator):
+        if word:
+            next_len = len(truncated) + len(word)
+            if next_len < max_length:
+                truncated += '{}{}'.format(word, separator)
+            elif next_len == max_length:
+                truncated += '{}'.format(word)
+                break
+            else:
+                if save_order:
+                    break
+    if not truncated:  # pragma: no cover
+        truncated = string[:max_length]
+    return truncated.strip(separator)
+
+
+def slugify(
+    text: str,
+    entities: bool = True,
+    decimal: bool = True,
+    hexadecimal: bool = True,
+    max_length: int = 0,
+    word_boundary: bool = False,
+    separator: str = DEFAULT_SEPARATOR,
+    save_order: bool = False,
+    stopwords: Iterable[str] = (),
+    regex_pattern: re.Pattern[str] | str | None = None,
+    lowercase: bool = True,
+    replacements: Iterable[Iterable[str]] = (),
+    allow_unicode: bool = False,
+) -> str:
+    """
+    Make a slug from the given text.
+    :param text (str): initial text
+    :param entities (bool): converts html entities to unicode
+    :param decimal (bool): converts html decimal to unicode
+    :param hexadecimal (bool): converts html hexadecimal to unicode
+    :param max_length (int): output string length
+    :param word_boundary (bool): truncates to complete word even if length ends up shorter than max_length
+    :param save_order (bool): if parameter is True and max_length > 0 return whole words in the initial order
+    :param separator (str): separator between words
+    :param stopwords (iterable): words to discount
+    :param regex_pattern (str): regex pattern for disallowed characters
+    :param lowercase (bool): activate case sensitivity by setting it to False
+    :param replacements (iterable): list of replacement rules e.g. [['|', 'or'], ['%', 'percent']]
+    :param allow_unicode (bool): allow unicode characters
+    :return (str):
+    """
+
+    # user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # ensure text is unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # replace quotes with dashes - pre-process
+    text = QUOTE_PATTERN.sub(DEFAULT_SEPARATOR, text)
+
+    # normalize text, convert to unicode if required
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+        text = unidecode.unidecode(text)
+
+    # ensure text is still in unicode
+    if not isinstance(text, str):
+        text = str(text, 'utf-8', 'ignore')
+
+    # character entity reference
+    if entities:
+        text = CHAR_ENTITY_PATTERN.sub(lambda m: chr(name2codepoint[m.group(1)]), text)
+
+    # decimal character reference
+    if decimal:
+        try:
+            text = DECIMAL_PATTERN.sub(lambda m: chr(int(m.group(1))), text)
+        except Exception:
+            pass
+
+    # hexadecimal character reference
+    if hexadecimal:
+        try:
+            text = HEX_PATTERN.sub(lambda m: chr(int(m.group(1), 16)), text)
+        except Exception:
+            pass
+
+    # re normalize text
+    if allow_unicode:
+        text = unicodedata.normalize('NFKC', text)
+    else:
+        text = unicodedata.normalize('NFKD', text)
+
+    # make the text lowercase (optional)
+    if lowercase:
+        text = text.lower()
+
+    # remove generated quotes -- post-process
+    text = QUOTE_PATTERN.sub('', text)
+
+    # cleanup numbers
+    text = NUMBERS_PATTERN.sub('', text)
+
+    # replace all other unwanted characters
+    if allow_unicode:
+        pattern = regex_pattern or DISALLOWED_UNICODE_CHARS_PATTERN
+    else:
+        pattern = regex_pattern or DISALLOWED_CHARS_PATTERN
+
+    text = re.sub(pattern, DEFAULT_SEPARATOR, text)
+
+    # remove redundant
+    text = DUPLICATE_DASH_PATTERN.sub(DEFAULT_SEPARATOR, text).strip(DEFAULT_SEPARATOR)
+
+    # remove stopwords
+    if stopwords:
+        if lowercase:
+            stopwords_lower = [s.lower() for s in stopwords]
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords_lower]
+        else:
+            words = [w for w in text.split(DEFAULT_SEPARATOR) if w not in stopwords]
+        text = DEFAULT_SEPARATOR.join(words)
+
+    # finalize user-specific replacements
+    if replacements:
+        for old, new in replacements:
+            text = text.replace(old, new)
+
+    # smart truncate if requested
+    if max_length > 0:
+        text = smart_truncate(text, max_length, word_boundary, DEFAULT_SEPARATOR, save_order)
+
+    if separator != DEFAULT_SEPARATOR:
+        text = text.replace(DEFAULT_SEPARATOR, separator)
+
+    return text
diff --git a/lib/go-jinja2/internal/data/windows-amd64/slugify/special.py b/lib/go-jinja2/internal/data/windows-amd64/slugify/special.py
new file mode 100644
index 000000000..918cb2add
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/slugify/special.py
@@ -0,0 +1,47 @@
+from __future__ import annotations
+
+
+def add_uppercase_char(char_list: list[tuple[str, str]]) -> list[tuple[str, str]]:
+    """ Given a replacement char list, this adds uppercase chars to the list """
+
+    for item in char_list:
+        char, xlate = item
+        upper_dict = char.upper(), xlate.capitalize()
+        if upper_dict not in char_list and char != upper_dict[0]:
+            char_list.insert(0, upper_dict)
+    return char_list
+
+
+# Language specific pre translations
+# Source awesome-slugify
+
+_CYRILLIC = [      # package defaults:
+    (u'ё', u'e'),    # io / yo
+    (u'я', u'ya'),   # ia
+    (u'х', u'h'),    # kh
+    (u'у', u'y'),    # u
+    (u'щ', u'sch'),  # sch
+    (u'ю', u'u'),    # iu / yu
+]
+CYRILLIC = add_uppercase_char(_CYRILLIC)
+
+_GERMAN = [        # package defaults:
+    (u'ä', u'ae'),   # a
+    (u'ö', u'oe'),   # o
+    (u'ü', u'ue'),   # u
+]
+GERMAN = add_uppercase_char(_GERMAN)
+
+_GREEK = [         # package defaults:
+    (u'χ', u'ch'),   # kh
+    (u'Ξ', u'X'),    # Ks
+    (u'ϒ', u'Y'),    # U
+    (u'υ', u'y'),    # u
+    (u'ύ', u'y'),
+    (u'ϋ', u'y'),
+    (u'ΰ', u'y'),
+]
+GREEK = add_uppercase_char(_GREEK)
+
+# Pre translations
+PRE_TRANSLATIONS = CYRILLIC + GERMAN + GREEK
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
new file mode 100644
index 000000000..a17ced9af
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/DESCRIPTION.rst
@@ -0,0 +1,46 @@
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/INSTALLER
new file mode 100644
index 000000000..a1b589e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/INSTALLER
@@ -0,0 +1 @@
+pip
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/LICENSE.txt b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
new file mode 100644
index 000000000..5ed2d0fda
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/LICENSE.txt
@@ -0,0 +1,134 @@
+text-unidecode is a free software; you can redistribute
+it and/or modify it under the terms of either:
+
+* GPL or GPLv2+ (see https://www.gnu.org/licenses/license-list.html#GNUGPL), or
+* Artistic License - see below:
+
+
+                         The "Artistic License"
+
+                                Preamble
+
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+
+Definitions:
+
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+
+    b) use the modified Package only within your corporation or organization.
+
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+
+    d) make other distribution arrangements with the Copyright Holder.
+
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.  You may embed this Package's interpreter within
+an executable of yours (by linking); this shall be construed as a mere
+form of aggregation, provided that the complete Standard Version of the
+interpreter is so embedded.
+
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+
+7. C subroutines (or comparably compiled subroutines in other
+languages) supplied by you and linked into this Package in order to
+emulate subroutines and variables of the language defined by this
+Package shall not be considered part of this Package, but are the
+equivalent of input as in Paragraph 6, provided these subroutines do
+not change the language in any way that would cause it to fail the
+regression tests for the language.
+
+8. Aggregation of this Package with a commercial distribution is always
+permitted provided that the use of this Package is embedded; that is,
+when no overt attempt is made to make this Package's interfaces visible
+to the end user of the commercial distribution.  Such use shall not be
+construed as a distribution of this Package.
+
+9. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+
+10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+                                The End
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/METADATA
new file mode 100644
index 000000000..23bd3d45b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/METADATA
@@ -0,0 +1,73 @@
+Metadata-Version: 2.0
+Name: text-unidecode
+Version: 1.3
+Summary: The most basic Text::Unidecode port
+Home-page: https://github.com/kmike/text-unidecode/
+Author: Mikhail Korobov
+Author-email: kmike84@gmail.com
+License: Artistic License
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Artistic License
+Classifier: License :: OSI Approved :: GNU General Public License (GPL)
+Classifier: License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Linguistic
+
+Text-Unidecode
+==============
+
+.. image:: https://travis-ci.org/kmike/text-unidecode.svg?branch=master
+    :target: https://travis-ci.org/kmike/text-unidecode
+    :alt: Build Status
+
+text-unidecode is the most basic port of the
+`Text::Unidecode <http://search.cpan.org/~sburke/Text-Unidecode-0.04/lib/Text/Unidecode.pm>`_
+Perl library.
+
+There are other Python ports of Text::Unidecode (unidecode_
+and isounidecode_). unidecode_ is GPL; isounidecode_ uses too much memory,
+and it didn't support Python 3 when this package was created.
+
+You can redistribute it and/or modify this port under the terms of either:
+
+* `Artistic License`_, or
+* GPL or GPLv2+
+
+If you're OK with GPL-only, use unidecode_ (it has better memory usage and
+better transliteration quality).
+
+``text-unidecode`` supports Python 2.7 and 3.4+.
+
+.. _unidecode: https://pypi.python.org/pypi/Unidecode/
+.. _isounidecode: https://pypi.python.org/pypi/isounidecode/
+.. _Artistic License: https://opensource.org/licenses/Artistic-Perl-1.0
+
+Installation
+------------
+
+::
+
+    pip install text-unidecode
+
+Usage
+-----
+
+::
+
+    >>> from text_unidecode import unidecode
+    >>> unidecode(u'какой-то текст')
+    'kakoi-to tekst'
+
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/RECORD
new file mode 100644
index 000000000..c6de40859
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/RECORD
@@ -0,0 +1,11 @@
+text_unidecode-1.3.dist-info/DESCRIPTION.rst,sha256=6Fgx54K_UeXRByELmqkfLcHlbXhsvNNJdkPFT0VF0J0,1199
+text_unidecode-1.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+text_unidecode-1.3.dist-info/LICENSE.txt,sha256=OTjnU1w-TvfmNj3ptpP-O6_jxKXl9JJc1IN1CW_nr9U,6535
+text_unidecode-1.3.dist-info/METADATA,sha256=B9j-1l4-yN9P5e8mpBrXCqAQsRUnA4Izyy0hG7Jyrn4,2422
+text_unidecode-1.3.dist-info/RECORD,,
+text_unidecode-1.3.dist-info/WHEEL,sha256=o2k-Qa-RMNIJmUdIc7KU6VWR_ErNRbWNlxDIpl7lm34,110
+text_unidecode-1.3.dist-info/metadata.json,sha256=vYPs2_8Q45eS8mrUw0qzf1NeShHDuX_lpyh8S3yqg9U,1299
+text_unidecode-1.3.dist-info/top_level.txt,sha256=SQH9SRjWlLrD-XgHyQOPtDQg_DaBt3Gt6hiMSNwHbuE,15
+text_unidecode/__init__.py,sha256=_hESqlvGR_cTy0oryPuoyrVntCOIID7bHDA-y22I1ig,484
+text_unidecode/__pycache__/__init__.cpython-311.pyc,,
+text_unidecode/data.bin,sha256=eSRmbaTOCtJNS4FCszDm2OiUZc2IOTRyTNnkt9gTDwk,311077
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/WHEEL
new file mode 100644
index 000000000..8b6dd1b5a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/WHEEL
@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.29.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/metadata.json b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/metadata.json
new file mode 100644
index 000000000..3d8b506b3
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/metadata.json
@@ -0,0 +1 @@
+{"classifiers": ["Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "License :: OSI Approved :: Artistic License", "License :: OSI Approved :: GNU General Public License (GPL)", "License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Linguistic"], "extensions": {"python.details": {"contacts": [{"email": "kmike84@gmail.com", "name": "Mikhail Korobov", "role": "author"}], "document_names": {"description": "DESCRIPTION.rst", "license": "LICENSE.txt"}, "project_urls": {"Home": "https://github.com/kmike/text-unidecode/"}}}, "generator": "bdist_wheel (0.29.0)", "license": "Artistic License", "metadata_version": "2.0", "name": "text-unidecode", "summary": "The most basic Text::Unidecode port", "version": "1.3"}
\ No newline at end of file
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/top_level.txt
new file mode 100644
index 000000000..2f7a53e38
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode-1.3.dist-info/top_level.txt
@@ -0,0 +1 @@
+text_unidecode
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode/__init__.py
new file mode 100644
index 000000000..80282c74a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode/__init__.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, unicode_literals
+import os
+import pkgutil
+
+_replaces = pkgutil.get_data(__name__, 'data.bin').decode('utf8').split('\x00')
+
+def unidecode(txt):
+    chars = []
+    for ch in txt:
+        codepoint = ord(ch)
+
+        if not codepoint:
+            chars.append('\x00')
+            continue
+
+        try:
+            chars.append(_replaces[codepoint-1])
+        except IndexError:
+            pass
+    return "".join(chars)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/text_unidecode/data.bin.gz b/lib/go-jinja2/internal/data/windows-amd64/text_unidecode/data.bin.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfae7c3bfe5368bae3efc7b8fa8ed47bd3e79a2d
GIT binary patch
literal 70243
zcmc$^Ra9KT(kP6(ySuyV;1UP~3BlciLvVL@2u_edfS>~e3qA}CZV7HPNPs|K@FCcr
zbMC``@5}uj?_OQ2tE+c+byfGOs$IPqQ?Zc#^Ps$(J|#w)OXf?Zl<%D1g!kXweGD7y
zZQJYCXftqf<{;Kg{$`?`^37Caf`-J_Dv69aH_p+eJ^1DC15_-kQ#5zlVREDYGtzdb
z<~9mlsnv5N{3Y=P=~)Gl2~|jVL3=hp%t6ng3W+Z$&svBU=wQMN#<Mx%96Ffzg8cjn
zQ4WnvctL+QM(jW%6JJoDbrFNmmjrqQmV81a<_p6!!!vRKj9@cf7s?QZa|c5P#JvJy
zK6oQ#!mz_I%10>S?2kCl#1Z&|(K{exxHz3Mdc9sOt5kxF7?itIk<@HHfdCLIa1AB<
zD-?AIM@bNh5!Qy%BIv_#cZL;)wS>Ge4u#NhTWm1UrMjb}`Jg2EP#BKY2+lGv8p#Vv
zvkk)E1SyQ%!3E){j|%X_=iMtqM&&NTmuFt87mR_#2uAq?*~7r$p_WK|M&wP?t@sC_
z4$<yF#&Um36h9a#g6wu^#48dvl#p>`dn8;c2thRvGxF$<W+=70Vi2(epE$UoC>!>T
zNVnA+3c=@yG?l`f5`?sH%lGv$#3T;2(5{ksqbAyXGlYdTEZL;|!8#3XB4}?~jzZZm
z@ILP%^``Vjp`4GCo~}esy)(niUk@k%mMYZ}%nj8BplyS=8^7Jy_Ag-o7jEf5m>WdR
zws?|QfUfmrZw&IfA?klB92Sj0(8xcM5kTG0CXMwHWyrj|J&Uo-ajACc6{^g`aJH2w
zn{C2y9)N^T7>&674M9)BeM2XEd9)WVok=ebaI~@^C;Sz-T-eLMLW{t1C9T^6T~nBG
z&VP>@MfcOG@I{`&Ep3+icG1QdGTZV4%%C=&<&x6H&-$8jP@`ZtIBYocV+8FWuXFBk
z!Ph+BiPG^KNBP}$b>PtuS(zLr<3Al~n_uBF4E9H{yF*cGoZ)|Q2z&(0grdYZL6X+t
zsZA(zFj;^KTKx)~riDK8jTQ_K@Hr+4Zy=$?-_T+x&Dw_pN0sD4n&P^6h$taRFu&Wq
zjDA>DDq(5)giMEcTcCn4e3eN#n7|7v+pXUHU9GTq$QV%%TG5MUReev1^|$2$aZOQ^
zyXv(JJRYgRX^{b%jO<b*s3305`+5-H=W!uF&Os13NdS!f_Cj?qVFwflN7)eAOiYB!
zBFLVxBQObJ#&D!TN`+p`I~Y13ss(0%K$cH1pi-iz048+7^O$-l;j{>oSNFQ_W#PCl
zPbha}y7olk>TFcQRZ&_d!x-B`8+QYJxa9+pF=2-dj6Gw_kF2a0-7k0#hj6?ymgol7
z=#n9QRj6*>fcT2WuFl1V>i&0hG2El(i`u!1*}Z;Dv~%j1TmID~@TZ)fE{!9WB39)<
z!=b*Y2JxWBFAxerABxCV)%*2Pya>$jsAr62TGd>+Ap9p@6Kkcxr1yL*LmXv70!K-_
z_4rbPHc%T<FI)6O?~5zsgRk+m46c-VgHcsUNoAl_WR|{Jbi8GBF+p!M*DiDd7%nv!
zg(EG6G?$4F<kPn_OjEDc_YmP@g_LG1Ija>_8^^jmE=1v-n#6QS5oa7k&KT65LHIr6
z<wDhm-pm`h6xn$=xX^0ol*LnbugH_-q*W2nZ%QdNIJ8i{O_8)u6uyo)_(q<oaC4zO
zBR;+2v)-~SwX53bndQJ+zZtayeGF^6J6fpH^@|5@VFvBz_9JvQL^c^Aj)S-jmUZVK
z_ug`{UT^bLkOQS>U}X>P72(Y%OOrEYXNn2mK+5I-YNo%v!0q^90r!AplvCxT@;{)y
z)p#YaPl*&|uea6d?@+WVSK?Pj8GUKFA?EO<{ek29wpWAW!{b<A+Oy3Tq9SGlWvr{E
zRd=_)n2Rt=|JfW+rh8;W-?m2Kf9lwfFq4Tvo&_1azaVi{W+kwq=WM{YKLWGg;MI?6
z9f7b*DdrO?g`y0o8m&P@-vul0Nw{k*c2|J7gfLbF*+2{?z*(B49T-e~I58YkutAq1
zWhq*kqSYPkXc56Mn_A#ao@|Hg7KB=oG`J!NqiMDRJ+cP{q2JQ9z>&^g<X^+(gV+A1
z0%DcEx%f;8?cxDx6`mQ8B5tngNEE!0y`U6~B%WE+8C;1b8RB5)Ugdn7H@mMN*AsPa
zQ6BN7955p&+MarV7srhFhA#+YJ8X;qSO_K5Ns<7vk{y~tr^A{7A*(@e%%Zk_l~g~B
z!~rMy&B!og3^%**M_z%eI6UVQ<wNsrn4)5tkxoHpx&sG<$#s#0gir$wDKg#eRIe2v
zt<4>V1nsJOipE=8BIlN<c9a0tJd5oiv9`fO^wM%lp-(w_t;xDF>G*fXV1vmM6qmw2
z3_Y(Q;eqX;293th`P32dL=G`l22U2}9i_Eu0{#g9>-ee8Zl#M;H!5}J$qlX-*bC7%
zQ#AG7`z>%$Fi~rrKx||If695MNh=|~@nDo0nCu1VP5^tCK|U@K&K-uvI2?{3laG&#
zYk^`SoDq}^hO1w`2&+WM=^XHjWwi`Mmna_wHBD8$z`ocP5`Zav9$snu)Lg%bDis>S
z3elh%NDO`90p9iEuYF{1gyNYAC0Yid7QlIwH*2EMr&;uxZE?D!hKTdZD2d~6+4f7u
zan$57Yk<+_LDa%<x9$vkHx`k!ti5o$ZCW@K|FMA%JgB$9-P^|7+xF14$(*}LM8c4q
zrt+B{N@ivw3yzY7)4#JVA?o?XB7&#p5IM{G^gSw-g+#(>w8p@pC11-<D7)PP^r0v1
zQDy(<tVWHA+BU9uWGZ@}(s#<WG!_GtKLep!wY7|WwQO(Xy!Pg-21bGg5`y)I8k5ih
zXwE$ihj_btk~!U(=ayqWCCUP?;ILUt(+12)k<oiO)bNn{9S~;jCk4m8z4IOV^C0(D
ze*;DuzrN9OpIC+C;~nQaqXsE#AGc7N2*%jn_4p+%DND#pe<JXOh=2jKmk4a{@{M#p
zX9jFO;6)4`Elo%-KQiw;<!wdGTf6eicGlP_wMP$S{<wJH+^yZ*n~RzF#%1KE)e_N}
zL=jC>@eDm0ZpR$lFCIEPVavMuWF4VdNT>tW9aU!R>)_YEuB}LQpLnX|MzABGJGz+9
zF{{bWyR~n?%XWzSq~mQ}6)govf(YWu{Z~#l58OXK-=*YVdO-nT{5FhvZTE27`;1co
zu(U!x>HEt0q{_}i)$HTBo*ji8n@8@H>d?^4v(b!)S9i~8xCbK!*QxxZMY)V4#*C#T
z>@bB;`Lic*5#m_upnwE6<ubk=<8>e?fiD|re+9Q!24_x>^dgQ6)O8{c4s7_S?04b;
z`z;5_2hm-K;V`TG^VylvON@L;%JaE}57M6oB=x6`mn|&I!WGdbINe)=5+5Gt$vhP(
zi{p;|T=yTkKH0Hq`Sx7d93Hk1(#=0AWE@KuFI~T21i_CY@6XPt)AxA)V8L}4{7+~M
zucRX2Bshp@u?vi8_RO4kB6GUByL92aUF3?bWk_Y}3&UA!e<eQfY9jHAEm>|L!`QQz
zeotzZ&gBe+Ih%4m!-M{Y$hz`-lq8k)vN$j^d(eQ6vUpW_LDY}zxv@9<Jb9Xz!143p
zm~^O{Cz|E9R{p}RE{J)QBxP!l{wd^RG&q`+`ByG|)I;NYTgR!{r`4_0Ev(FR#2*+z
z*!P3+Yo(59($!En+ASj>Iu=tGdJ)SB-ybGLoc@Eyf3Q1D+Wi8>-i+0qe?uNIRPsPE
zaE~#N&icTt{IUBNW38&RlS-`c`c!S#d&ShtYXN0Q4BR}L$<}7TN_0G|u78f3Ei7H5
z2_OIOSf;GglVcfYXsMeeI_v8F(vh*x?=l$L-_@7d7f;N9GeB?e)wA47<W9u(p8ND=
zEb6m8tBy)2zr#F~oP=+cZE*mT)BLSqD{}APoaFAvYU#@EC8<d`N~-Qq1c>z0kdQ}S
z&4|MO#1#sMP|$sb*Jiceoz#bgujk5yf6+rO-&z0jPW5{HHfWslQLNY4ROIl}BhDSg
z%iqDMUBKY`4Bah{N>Bg&X3>rK6`!)Xe`f!g#4`~4Unqi3W&^`$hIt@wM=0`kUm-6J
zk`{pQ?hB5|jJ!4f&icnybqfhV>3#vDd2Mb*+LES33ukRQ9Qvo~NvTJt2uf$5?%3X)
z3GFv{v&*zn=H<g{GH2F9Yv`q)M%FN9o1u-U&d&5Eb2j~PH)PBIq6N@jyk%!m6V^5}
z>!H7N%f2RFHsR!q($8<afxDK?wj}3pI<IC_O2oxIfB<7?iQ2-yf~(?=byj;kZ=0%H
zn4&Qg)md&+wKUuVx?V8?Nl!#tSsv+#cf*uKc8{XPB$y5-{1p*Z((Pk^wi5(=mJeVK
zxCjk`Vq_v7mLUX>PeI8KKAc18gN$BGw-h_O^w7-5a7@@h@{Dq~E+^ha7xS|~gdZuP
zJ!3EJ`oJ*#V*)B|m-|qt&mC&_1BON4=ic*Zg4NYZEjPg0)dO<bP9Xg89utBGbLdQ9
z=M%J{*55^;5H+y??c!|#C4t>BYD!GsIEc(<nG!43P@LTS;?wlLB^;pTmtbj?1T~BE
z<pT>rcCl3cKGbsq38SX&#M8|-tyUv;D5=tXA>PulQ|K|<Gy*Gb-K9eZ(iRk0DXCaa
z#%gG>SdIoJf-GTbh~x@6!3xw*;(i<`yjolo*~GlF5oqtdJIF9nkm6%OR9ubmAZ4Wp
zPh8YgBwS2fdmCGRK0ZDGUo$@0h4V$=MIu7$(dE$tR>{?jZ$Z<I=Y0%ar0V`gA;51D
z(%mNk97yLM`nx>(r`z7+)F%AIHayhB#?gk{=D@}gudy*cFFr5P@UbJ>KdK|v|IzWW
zGQK0x|FJHKf9SinkL($EE_D^qxaZL?0hbwa!)!^9URegY;kFzHTU*mc1o~_Yotz-<
zJKkXQfrd_4hE72L7?BR@gU1fJ_Sw_`TG6%KaDZCCXHisV<XO5>YE<WCP*J=nq4NsH
zHdPQQG(A>wY>3tkmL4z3ux&xRO0|l%Dz!?5O6z88Z@Xvf>jB*y3Xbx{JRBS9>G1Z1
zZI0Y`M0a6qV+5T*n}p%ZW<hQ+{;fae18ZF?0-m%%wCC3z0aaS4Q%G8vTJ|<B{Cxa;
za(pfLd|r0Az&@Y<O5|mC1?=mQ0J_-}tj1f~+pL(ab^uRo@79MlhX6yH!<$rv=D5DN
zzTcaqca|U5M?Fxlg3PZ@JAZlMPw!w94*LIR7O%ea^f~4^iA+LCNNvg9-ptiu>bS6~
z1C>H%x%y8H=O7oTV^jfw6%DFjQ+xr1)#9rz3{TWenWQ0F+q-2@QzBM(mzq1WCoW~z
zp3Y-m(#(hlT4oX(@%flis(nCg9W}Z<>JKCXOaprxSAK1NZ8_~0eC<8wixC8OL|QpS
z5bOnRv7qY4@`gb{RNX)d0X~bM?rsSoQ6XF*Um;Npr)AJID6Ls~FS^*Wx7)*p0%Dtw
zzsUD2^9*=q(2a6Vs)hQx<DizX4AuN+pH<;}|Fn{<8*T-rfcE{DBE)ZZ<;^ho!SElY
z{y!8GTG?(MfW>Hw`*JJ#YNO?5hU|s%$tu8|g=BSejKaqEWH(?l*}5k^{p>a`+8EhN
zI>-^PuZ_aWH0S_k*oTg4jND9TF**flFz>$fCf8p~kDj7MZSkDW6j6{p;`y5i=S3{F
z1VDL%5OCDev+b%-;L8yM9pF1=CgWBtXXe?k^FKKJ2bBMyAoC2F2K$yF{4c}|``Mje
zZLTj_QCt#BQvk&vE=y8FkB@{b^Wy>jB5|r8m{ln__S-Ov2RvJY51)*9p%7&uRRxdK
z<{rZ;F{zoqkAT1mldwf4Y6XVBhy;Eh(2tC|Dd`T7@L5o8lo}2C*e!sfy))!zYZE&I
za)Q~k!-1w~t9;u+s-_8CbMrSC!l-SUD-8NzT8l1<l_m)K<F7-vT|TNk4R2-J^#?9v
z*|+(Y<~??ghrf;$+!CG*L<yR0DJ6tByJpxe+HbFDW?{T0QEHj*2hrM9qcS9kZ8xRS
zJazFkyGPiGqF>fO_%43CTKp!u*eSE0&61r$ndUbo&1O<Y!y=UEz%TH_ZE8mI$E?<m
zS&fa~Hl!^SEo6f2!W!>(M_E7l2#^%^96BXkT9|w46bD!p2dJ+bVP3fvZlL^Xj_MJ#
z@x-YfyZ~jh$tHeV^%YgEZsC{Yd?PFPMwZp1AvGt=LgPZ&M_k%WzpR9L`{aLH$#(<~
zm&UNV(GZNs|Jz$RNfm8S$AMF|hyOSqWfJjjFpHUY91TEH1@Exq;8(TF;TIR@YR$x!
zB<5W;mSXQXo_}4Zd;fozhyO)94qUqNa0SQ!l4*|jkDK#HE4YzvtI1zm4EnIIz9*e+
ztEMi#jUFiAZ+dP}aKqvM^%a1e5x~Ox3Tw(&6ddrsOZZAKu~8Zavmt0=yj?bNT1JPf
z?b1hGdw=`Oh%sC51!p#iY$DrgX!UHifVCSWEza>4r6eG`KZy!inrI);+|D3@kbNYM
zpd6&k+%Z|*lv>>kTHWND`JmdxA|b{`GP(kIjZ5$a<M4Agd_D9d8%rQziCQ0+#mbIY
zu$2oh0~<dk`T&n|8qfSR%)Pa04m_Qw7>C3v*9u?&r}FK-8N=n@^%zU#-%S@t2}_a(
zh<K0vl&$sPVErB^gsuC_Z*!;-ONbXRjYDgGN;i!|@&ho8Bq!?gv)TdZM~*t`ABELV
z4AQ4dLCV0R|B!A~W5U3s^VWus;cyPejPrS#l{)p5dVzOe4$#Juze<dH#WK_f7ZP-L
zZ}k-t#G9_#BrX?{=Y7p^k<2Pr$hraZQRKtN(QIW{Xk;&oUk&`(%yh><9qiDD`e7sA
z#Oqa>lm&R?BIprGAsHg5(RrJM$?x+Dqb3#UM||QjXpG{Yf~P)X0S+W2rlN?Xi=`s)
z0<hvGhCkbKKt%WK;~$tWMypmyzK|x8{7bi8OAK8vk6bVR8;1GAJf~Z3*Fejn0BgN$
zcp2xE<(ZjdQq<ltzLx}hNOUI?1t|p;I9v|(g1@@veKdXC!eSV5vruat=}=9@HYVlg
zw9xIYh``b9M0Ey68IKE+zyAYBT=B-Po9T%sPk2DL5IlSzGs1M-<sA>Zy)UvFrp5AZ
zSGHs?I@$G_kuDOuaAdvfh>`xC0VlceZ(@G_=sDyQfnv{Ep8or7XJeT?a2BJ+Tir+z
zsG65O%YTt(0JoXJDYdT5Kz&&WvPZo9%OIj6$TwsA=WNe$S0645eEPXI24`+VADzd4
zT_?JSIryx97>rukU;y}HAu9)=Hqe@EZ4R+K?*JhUQl?oA(ZMU-^msh|!t#t;xJQy4
z75G2;(2z`!!&EVbF&%W0ruMew#7J`8l&-GnGvgI%AEray+z(IaSA*eD<l;)k)1j7C
z4UD_{C>qhoSr2yRXKFwu3D<`M=Rziz1S!Wi!+8e9OSIZ@mpIOV*HhlO=$p+fb3Uot
ztan{H-Tne{6He(^A2O1Q1U!XAZu1w(wrr-KK8!J1O^gakrIT9ukn8$teHAc*^LRdg
zv~?fCN|;ah6idG<EhV*z99yec_-0uj%^-lntYu=84t;V%8Ts+E;xj9Xc*1$}ig$#{
z4xV=`@gTbuLR4KdzscQ^*L-c#sIx8a|3n{*X;*B7q<g;sB*VAmKh~BlcGf;#2j@Bf
z-%QtN{MqWe_UQhZe^^)Bc)oEw)$1M4ulx3;QuXGXqv54B?nV%b-^pw-xS|fHDB;LG
zG#bKC`MfHP{@1P0ll}gM`;Q80Q5T`(!V~u&NZX}>(_=}~ZPmKX)$9rUQ^AbY<w(_O
z9=fb&f5vujPoS0VPVoIH`(apq|Gr7kp&It^&iRvUi}QIO-XT)KB|%xL^#00=wEb13
z^E3CIV#~)MQ>)&>tXoV3BGDb*CD`^r5)f#6he>bHa~>A9@Df7#5;?CV8*dO+fI?LZ
zztBPiQCc}+8#^#{dX)~gqbl5{MBW|5zwAU3zQj#f$&cdoGLF=igCGvHk7)Au{D3IT
zix*@-)L`u3gDf}E<y|K9oKY@CA?>BGTH$#x?tI<@N{TpQMI7;V6TYC`!DJEpxw^Zf
z44@}3sQIMfBY6bO_b321+XbK58kDNZlQNF_v(N6$7!k{Ena`->`MLasMAGM7IKdLd
zJ7e!KJpOJ!+#|)nSm~~W`C}FQjIwfNQVc!wr={c{<qc-Tf)*aOzW0ZMz=|{RP(s20
z8)wFc{zP4G*;~w2g|UcpnDf8f0NOv2HMG_mn!OsC@w7ei&mFuN1pP&^8cMB&?{at6
z!u`-#spR4pe$>u`CY3xcQM_CGqa~>{_JGpfUNC+PkQ63v<Fhw*psQXlZs1v1<lPw~
z^7lJfsK?;QcUnT?#DAv9p?quQ&pBy6?CJV1fz{ACRMG^p7jgRs@l5MJIMKO((=X8z
z0ibDl2@mkvxXZG-g9ZLe*A9q5{(BCI75{S(t%2Pu)`d^cT0VD?Uj`MXv<If#Cm;F;
zFL}4-%0mRRg&91APl6u;6)yZ=oP{P84#IXWPP*1k&<7(v^~>MqTAy28t%crQzT&?d
zJhJ1?_FQ{@uX7_9oA-iO%fB-8z)WmoLpW<g`3p#hi=deu9_9_gDgY+%BB=Q26p^iC
z66b8tcWjx4@gh>y9IfrSTR8vaeh85Vq9ox+&kO_6k%V_p{xGzcs5M%Kk#i{VCg{)`
z^BH>}#x05K3F8dp1uZ!~+yP1ckUPC|DcL4?pSXP+oVmmJgQ5S=6~iDSTww5gYQP;(
zX&JI{C>NmswT##)2ww}Des~-Zd}#Aw!gR2=&OBOn{-*2o&<8ok?3+4&XcMH(3@+cf
zbF`Kq*pG5QJt5u-0bwG-t#2Lo6bZ)11{fBaARkmEZf}x2>5rJV)^#C^zbLyipX5D$
zY#{%c-;h7Qc(7lu>I&c9yF=YRxC>t^Nay^f^?&8?H|_S=qx=r>6cu>?Urxg3R}TZH
zQ)AI|S?S?&pUrg<NdJ|EZX9`Sb%pi&jY-D;S_-OMwfV!b$@*g{!T(~7e17@gk@nk%
z|7DFT%|!bUqS{pkNB*z$Qdy{Ntu3$oPFm@*|2s8ih(_1#kJfMZ)QqtIV+6w#@qc;w
zS0wtmDbQ<`=<a9zS06I-D&ITGGrr6~LbU%oG&qZ(X6EVi{knjge4gdn|4_CD2b$f#
z7|dETqD<u>ywKu5?imI+8V5wi(oG8bXUZ~Be^yBF(kZ(gjL(EI17fU4yaJ&s|1KV$
z126}o|Ka5@>i}qptoPjpJ%UC(jEtA~eCX4^X7kw-5LHmv<mHDh?1WG??8gq_Z%0CF
z1JB?8Nm32>KdsXD8T8|bIY*&RpQleC18jPdi=umCi(-SLOrxYJxJyC{ZF};~QQa`R
z2$qpOQ5##2*4IaxAZ@xBxbo6`S(G+3Kpe7sNXc6ln#2xzV2GtH6i+LhoM0A6@|GCN
zH)I%vqIF?uiw_nhG=8TBu_eZ8v<|Ae*{H)nTaxrK!9dj_`w-3n$=lC|bA-)nKJQ5x
zm`)}{8lZ|mlv%y-5}fVBRp_$_1qX5bD)AwDvB-WE=>G4OQFSUXSqsG~)}ta&b!<@#
zk4BgQ|Ly@@hhPR$AvlS1ur*()(;<CK0$G2lls{x;Am5<BbXJPB1UCeau*(V)-P<Re
z$_C|>>DSrwfhW_?E*+*{)cK7lM?Zfy;9-^-F0OpX?*}??HK<(2ZPb47G+h@pu^vKu
z+oUJJ^Wgc%=+27VDACby3zL3}ch2^bOs7owNt%v+Sicr^u57qn2eYgUWE*zk2MrGM
zQmM5{9O;gvBBbktnbMZ||Gwa*KLR0fc7Du$Mq26?{b$kg17Wk*0{^*Blr8v&u32`s
z5B#%ppiim2-iMC@n?*bEvL*k}-vXQ5|ENXDgQ;6$0S&8`V`qE;C#$0Y#JyLmGxlA{
zTZX4Nk7Dl5ue;j=12NA|A!kehnf7;V0p+7-SF7Q~y@K{#cU-r7Hhbo*2*k2rOzQa`
zq6gBhG%wUm=}|%s^s}_^ik7|14NvJ2!CkAR{T+8|fKNJs1bj8AId~VZZ1B|%Bw`=I
zx}I$Ps{Wp`d~5I*_}AS+*!s@BdD*H2!^ymM00JT)yHwabI!Gg}Qd`}VcV9-9PjH9(
z9QHQo{_}8n2!R|oLvG8XQV<Q~Sr<96U*fb2R)L?n0k6g{?|@xNge@cpZUFD<@IymA
zRyVvx9?<3K4&#ei355wQtOC=uM`XMg_VGVpmki~_?KtD&IH1>YTw`KIB8WrI-_mc<
z3mH3g^n9DbFB~<r9kQ@m%R_H(gXU{>l}4MFQF{L=uvs~@{XJaT!iN9?x}d3Ag|vZ@
z2hh#NX^hz!P)liiktyFJiPNvk#i422X!EXb7_+Dmbendr#zKL(nOp9T0zP|-o(M$8
znmbY^#M61Nz<U6vYq<$9Z5-hO+icteHh~t0dIry1ppU=8Y+;)Ml4m4ZR{Rtf*l?s<
zp_{G%Y=hnap_|lrQzgK~BA?uJK?G{Nf4g0K0&g$q9I{|KQe@h6iqc$a3fbuWaL9c2
zDO4&|m!#!lvT>Ts%CtAS9Vl>$V%0Q#Nrw|UkQ^KAxWdqEwRW&LQvqz4;kQ_mN-%b!
z=;=<6<~`4+4ceom<$5G(4l~iI6iP)Wi|B~c3LLofKBk}$m<dKMa1u|{YPXP`V;t)m
z1?fjR8F{-nWAq}j#J)*7i600Qvh!I0y1h*nA12LA;@jin^ZMiRx~68P1(2P0^^rr-
zPbt0ihW1d($l#{P<&<zWWNQi_rNTC^jn`mQe=N!^110dTI;wvTXZ4{ks$cM5)fV;i
z3jGvvbxH}0)Ej!<L!sFk87E?t&m6&fMz{Dh*yTX8+|(5NoKCocfic$P6&BU$Pf1WF
zFvmEw#LP$NLN<LsZovS0B>F}E-nhal*#`S+)slYXvTz_EjWnSI%dtSTaIV4!_iBv)
z8*P`K*CwdKN6Wg>=exy_AMzD?-}kr!_HgBqkYMb?0-?dUsj2f@7$Bf^#%J%c7jiL=
z43_wphCEpv*hp;t7mh3Tx>an86P>#_))21zjO-#bJ{h;%{jz+!DOj8Rr7r||iqek=
zc5sP4ZLRq40|Vbyx|+~?T_912Q8^Ur%6XLio4qrGg?!Yco0LN0756*FS!cZ)LL0N_
zzi+@i=>pyCVvJ&pitYGU_-#M6Oc2z3+bmiq6yC>_-b+ypLCv0B_*(`hEfp^q3C`GZ
zI<}EGm<B<BcuoU^J5ISSER{P<I==sv!Rkf{X#1J$mY@cB7lae4`>$FfyOl2oZBrVo
zK77D=$gBY}&b2GVKgDvNDwKhqbGc6=CE}mvYJo4KWVeH*py4WRy3;pWTN?k9xB4I5
z+5f{Awszc&I~6tqY)%6ze&x5*zo!{QmFq%%0)d~hMFE8#gQ%o3tCCZH1WUW=>*DCC
z66xRfB3!oqH7MjY6u6ZE+r9yq--9BKLj+D0(Ocv@W%X`+8WO@8b?q(`A1NX_4$>H?
z9{g<R=5!B__o72g#>{bL^|~(h5TTDYZ=q{@mgV3F>CWq$pcvO-uU4-f_HAkTkk#mf
zwP@SN3X0xJ|FB22mi3fF+>47{X;geScY2k%5SRN1U<p}}aoIquJs^2c7(6#kAO<3!
zE1`dH+J7KmRhO!};Cs<^p><=ksCYqZ8Ooh|xWDM*xhIrKH%l+y?E@&qZ-+8o@7d!w
zkHl~uqcO&+&zvg$n8ZZ<aZaUw4{87Q9=_|MGeVFSa}b<7vXDu*BzzG=9Pwy}nL#0|
zH`)LV{w;PbAfK~mDZ@Ssrovp^O?wDZi|NLe^NFdeBA;aqFJ8}4Z-Cfq=Tay&W>U6m
zov~D>mB!%pLy)Od-_z2Vaker-F{SVm4vUd$qXT~uJX!$e{YH^dQ~AoTHA@Su!sb()
z=f^hc7Lb@W)$~-mWzz#wEc@E?vuSCkn4r$Ye(!B{iIDPT=a<+`g};BkAhp2#7Nvvz
zk?2>3Tnoa8ZumJpnKZ5TqZa;Rat5kg?saU?2tHtL=&Hzt{_>jScQWCzcfPYsS{Vju
z!Icikz(;RmZG`sz(!^*~#9W}y%4HxOz}75dc5}@YBtSE?*G+wXBn2TS#{2HG$;!3l
zJ?Vz*gQPIRm0@F0%cL_|i9(Y;B@8lzE;O4!3}_W-_bErddO^q02OPwuM&E?1$)_|n
zDtaUo1;f3UkGNmiPDmE(Q4VvK)sSLc{<g)G$)G{8K|d57f7B)l`HMd5P{IDLwXM)w
z{d*tHUjQDd(r&kuUE<MabzkzNkn1c0=o6$TFswwpXGt^5QOQ8g8!f=6XF-s7{jU^F
zS_CV6_q>>)oCldjo_>LijqPG}9t#Nu6hlAr{zaSQxc9~E;u$U2tmjjTj~K+GHb}(o
za|)^551>|=v8tC`-(RHYWT3{9BW{o?0y~kKu~D<?fXcp$WYR}=9xp+Iij)QX6jauk
zwxfadi&@~8#v<w#3kVBet3xPEJud&dt|&u`e?4w8cBIAMxcfb-saS1zbAwUcyIk&%
zJ|fukEkT^k*$EKRhqRalY41xcYi8H96=`hcif#JOSOfGit=$l=q!m53;3WijS_6FX
zelbZLRd8u&O1gQ1qG^JOFnS~<aFuCRnMg`-LLld!Nh2%5n=a1Pm`L*?WO!lZOA?hW
z9agCi`;Q+aAp4)XhahUmo(OtaE7nKOxL~;*%<w8@8*<2RDUcAXFNuc$9erV(&jop*
zr9MWnRPh{5U%ZT0YJgR>F-S|Bpsx{gw;FzmI;J6FpVZ@ap^6F~LoS!(>JH>zFr;%t
z{$5tK@RgQ6Ky~j4dhL{)ZO=!uf;vpOJrURC=o3g63up~Uax_blfv55}_-eZ!#SxW8
zVTt-JiA|HDowgphu~z*Ud2ndUixz*f)5emlGF)Q8k{fZRp4=Bw%ea#yDqVfUDLt$1
zenkA8*oBqr=D0XXnkaM8Riw=i3x$tGG6qjjDzAb_Q25qm3D?)makW`0;yum21gR-=
zO8$jL+&v93FR#{vsZBnPY+qh7jJ%mOYQON1s@18y8r#aXJ0ojlEVn#lII<RWxwLo3
z+F&A_j3yjK{L9g^+nUPp4VFMKIhxf@P~tZ*7JeFe#)A@dmIg9UG76J*ELBc(GLpWJ
zmb?!pCz>${$#sR4Q;Y%Z$7d!e;QIA#@|~I<TTCNf)`yRV=n#w%?r^n(FU9un*hS|Z
zKUDK^lB9@<uu>}^yIHaLX=#)BbM>?MgF(4NcwAN@d+?9m$q3VS5J-rwl<3tMA8{tq
zutU0}T&h%fL)gDe>M#Aj8Tzg(B%ZwjR9!82r`U2@wCscpfVOPR6CQc?ORD?Qfq4fu
zHu`b~JMGhqS-e&TRZ8@egeK=<mlCeYSB1$Y4`gej+I<{OQ5Q7Z>~9Qdy*%r}bmzGD
zSo>__p7O~r>C+a!ni1^^>o-@O$BBO_s>(~YQ%CdqPE$600;)_@aIC`ug!3zPlPbqr
z89_{pQLsz0rKu-hbFhHD#|mtqtO?VcG1Ewfsm5+*+wVmcD&`n<Gt0sFY%!=cbM~Vx
znvIQ)DC#qq7_AaBd3mwq#rnf4X(qacA5KjipHzK@+e|(w<*Z=N%FObH3(aGa+L`*W
z6qlk6yJs8uw=|Eug)d+m*f5e<$?GfS8FR{mxpgqI=~;D+YBwmS`T2?+=NmEG!%56=
z$4yy&(SLo-by*o#4guepaA>cYQHu_)bJ8ou*y*ov)o^mq_WaH7AuF3&oa3c-0)2T)
zxuEl^iI^;mNKR}Kg~}X;{GFwYnWWAUzQj^*n`82oXj^?CksROuZ8$%Ac=<j^0S2QH
zEjZ3U!R~_T8O9U4a<?xzY4Sl?@N~G`L0gOdg>SxyH@z1-X-wm5UX3nl@ZP+=QawH<
zx@dz;8?hmI(b&$ruHA(wt*}>qml8+><&+(LcCE8Wav-Eu&2J+XG2DIy7F?yzOGcTS
zQLU<1nm^VfW9#_lN~2V0yv(ka)fR)NFY1hLcl|*`Mvh#83QM%ogt<m}UE-LB1u&n<
z1OCKbH!S|nc+8}EO?8tz$cQz;?w3eJKd0I2;_?~`T+`}$u6ggbR9s1+4v3M1<lVeH
zbi;IOm3Ye^Im%xT7sU}}K|LpT=3!=J0^hBOBj&#BX!||EDvS}H@J<n(xS$Kt14iC5
z1u0@j4F%_li$kzJ0qV}GPtc*3|J0`I4+lxV9G4(Wr64-8<vtz$3#B)|!sM)@O=*;=
z5_EL}w?BMnw}g1d`7#X#9K%Ei-u+TH3eDjnQ!~cixp-g2wqy5&O-YG;0n0%*LFrqo
z&T4)QI~x;8iik(`%|BhB>-VP}$av(1QhRzABp|I7RHsqXz|x8DM0w<V+JH3qtuoQ|
zZ96{28#+G+*gl8`e!?bulg+BLnxa_DpCHXb%$3r~ryEc*A$DQLcZ&NhO|4(}+h@hB
zS~pC2;VYXo%Mg&!jDxz%DMWLRl8^P>cStk|-<Vv!bNn}NW>i_SrKDFm)HgDeuHd0q
z4TC&ZSJqGGg|tT4wuw8eOZ>d$qRhK!!hN-0791`0D3>agqUxM}8bOn7M7|j(310zB
zApjac1!)z)*FZY6C`MVOTKw%5vEUw6vhJl9LvCmKfpQxf8l=(wP2~74cB^Excg&_#
zyPhRvU9K-fpEg@)3hnZ9KluR?x1Yw<NQE%jY{zFln1<h!l$cb%N*)QP(!BB_bZ<XU
zBsxAyVb@op92-@qzJw`9YCBk~$@0-XDKp_iysAeQs=_oP+yd@lw!-p;*qzyi^%(cB
z38zw}KU=-)W5)ZoOow~!%=*vl5mI`~l=v3-?b--e_m5vGwBxA0m8kAvG_+wOo87xZ
z<KoPW@D}_zG|pq3>!=%2Y)hxA?0c{+s<}*-a;8Ut18lQswyB<Pr35JQ7ju)`6)BT<
z8aRF0IEkn>uB4|##q)SMizo*FMxW_5GTYbGPIr-d?6T(sg@`<>-NROa#Yt)u@k%JZ
zEhiZq%R*f-IC<ZR)u_&vcOT1lS3?fkPo^Kfk*tX5u}E`UynSY|lXNxc<N@NiDcsu4
z{J}wE6+e<)<|h&dg3!yj8in<3;O?Aij$0{uZ(j2)FR?Z#nax-4bDZ_Ss9y+TlyPEM
zKXZRXVTob;vmh$&oZ_du8<<+HZo5Q`!<%eVXUZ=W7(GIgKRwKFfkG{$<iH#wU8im~
z$Yw)8eV;qrV1J*luJf^uE1Km;D&bw)pf%?M)lN{VAJk_^&q&%21mtdRz*Vz3shRtz
znO|)Z;o9oU3YOnPR-+Cob&>KuD-0tzzI1qioclGIEV8`y#Ett@f0nJSXayAaAW-$;
z<gp`>=3wzpZuSG?ToRajfU{~R0W=%xMBQ~o;KP+a?E0O^7bRt;83JpRi2LLr?DjRF
zJ0Zv7ky@0Z*y}raF$c?f%#c_8?s3^hzn+Gc>w{iPP$%8jL3mPG4gG{RQwrZ7-*2!G
zvErpWvM<Q}Y$7Sg-g~W^+CdDiP?czjUhUQBrTcj+Bo;$p4w7V8RIM{iIA!OP<`kl#
zxvVLq>iF6Qi=o`DT%A(ok`xp6D<CIc$KnQ?|0xj{En~3&eo^(q9WTg`v!{vCq4Bh1
zSt<?ucwIC76i`T;B)aiV7S|0WF7*=`3KHM8G2Wb_mOFVIa?E(|egKH?y-kgKqwAf_
zo`uC5d_&RPO2sjn3j`AzoQOyKZQfO!B8N~_@-ur3k!u+_x%jXt@mj}>G6(+P{5Ln-
zXVYP=N!b=kvJOF1s$#=;=~0FH7J^Ac!jvS_`2x)cWLk9fP20G->gpmLGB@b^6A-4P
zFVy(`ek(n98OHd*GZU+<nhMj0zGLq_xPm_V@$P2)Aax`A$`MyUdlk~q?eO(3x!@RE
zG%ktr>XFEpO9kZ)jN=s#?r=jmhc{TLB*ul!{WVyEwey>zozkSbg)y7r#i|Nm>WrDN
zeXKDQ?IzdBbAYu5@pgcvmf$F0@mh^^v4td3oh7uv>GVVu!5C8&RjTEE$rw@-SD^^a
zYg%#UMjPVWyo>L3!NCsd=f4dfj*~S57*DF1m%j2C90p(PqHDnEQ#C(eevh}lN>8J*
z&vw_6;<OqU{lI`#pWYQYUYJw)y~Tc$5Sw4bI6Af7qwr7#N4YT<fPwttV#DDv-q6(G
zVECv|NMD>3Yo0n?%2In5Psv)AdLs}vA%Ef+q`If_ZmakWExmd+{ceTJ1o8W?byP)1
zDuzk#Vv!;@uEOml^~Mbc^nbRhCZ+*nrn#oxFz{?~5P$MB)z*6Tn{<V#bwTt{y|l~F
zUDR&5-3fhfVeX@G3vGv{iH{d`yKm)!xo5B6n-La<HvS~!Ud<+<56K7~)K}j0B&;k3
zALw%U(;{YU#O4jRZyQym?Aq5`+h!0)q`59y4Q*q@@d=KeX}1%MK+YAfuZ4Q{=H36c
z4HZ`(i#Z6D9#Z<Dt%Qr#Q0r(URcxa8nJG;@Gj1~3o9Ky6lPFvMT?v;}5my+%#n``Q
z{IM!So=>fI^OXP?NK?V98@0FPql{%H_PH-Wcl5g&OO&mSUG;J&sc<W-3qw;z+X`Yh
zvRnTf5A5+(h1at1O$#D5tDz2`cB~Fr`<-hM-o{&r3zM3>M(^<ee^T6d-JiFgAMfJo
z#x(DxDJ0DQ?DGHn3vcpMPEtPlfxPcqRqMuLHtq(sw}lJP16vO82(ZVpqo0)3^^Kgz
z;U{5wvjP=n5z+ACSJGOnNeq~Si<;|O$h?U;u~y^S)~BzdQ$eYpQ=ZP=A$|REbR3vq
zw`aSP%^vxMvP;J@C;MKCy3(6>zt+J98ZS=qd2*V2GTQYw<t&pl5?=0P6$E5-hNtvI
zY$+-()3J1+U7#hm%`TchG2yD-MU4zUPBD}jAKFX*S@erg&4p7ZN}Th%xX-M1TG9Hu
zK&Ur^gj?U)7yZsb9tK=Isz23&#^^Z)grn>yc%eFI?qorl4{|nq+{>)jM@km!WIAa8
z^d`NwY`bLA8<_n)i);;7&uB<tWnls*S8kvjuNg+;zC*!C^zZxZ=%ycUsymVZHV|RB
z-zR0hha#>ba>LiML?c51##(^}{Hh~-2|PYDxUNoEr^?#z<3l@t;!oqJ_BOuJLHUjC
z%XQIUSo@k*UzOCm>QP5Ks=i3nxvF?_$^Z7(>(@8z$KT+=Sn6(ZzI>v004BD#blIvC
z@-<dLEFbNQ9t@-G-3}~%q9nS~Pmgk4QYqKSWmJFvDH$iTIBvM+Tl&T5^Iu5gtZ{-@
z^_itO=Ph+EKnd(oJ`<x%+L&~eSF!W;LCc8hF1OrCqgf)mG#C7il(LQKHzQ~WPxmvN
zc!c}`ob4eQ2&`+hR5WQDVecKR%xTRDn;!2b`<Vcys^Db+kS=-LOr)q1ZR3G{|He7)
zb~q+2HaG5k)=21?eV=}Mb1K?%01oA%6=zYk0w{i1__)Pr-UsiS6j#0JE42QZ*v=ty
zL%R4;q^8MP1$N+6G|s5`EzvA!H|d+lF0*U24{`%Zm!08HkBlnAoNzOY`cRdi*_O?p
zP8Ly`I_VBVGhqX|78%P)%v6P904rmy>W!zYdosebak9sQ=)bM0HClYgV#eeFzXI*f
zhl|)NoeFE>pr(v>dL1YBqf4j-M;r4g{V2jP*q7}1(W*(x6<PLx?$O`+K6xKVVBngp
zEQ@?IwoRGa*oLIUO>Huo`bsgG2QhCu2Vk3+ItYVJQ0^~(1IPOAZv~1@Kf42&M^Xw;
zX)CTe8`)Ntm8|*MS&W4D61n^>W2mK{JL7~MEEg|0egZTi=wEMAH6O7q7u?}~v=L1A
z=2IU>>y6g>rdp84-m&?^v$4C4WyPHx6RB#JrM8HXVol#Sez=m<v9j*3&RPjJ^N7p=
zznKyw_$yzH&xQm1-P2O3OdEcqh4g)cVVb&*COlm`TOV@*{3<;jL##<vl59ff^{fWK
z2;bk(xJ0+)CL~0$)kCgMpEodAnT-@Xc$6Dm(JC(}#y+{(rt8`Pp!3>yDI9O6Gtoq0
zze2=_e)+0I{KwgMF6s%romt_Q5RzpRWC@#uN$wUX$?iK=P0OaM=`qb93iBWrjbbG`
zGL6Tc+0wp`bb&JjbYIzfh(CJM2&do0Aih=X-T8c|f!b7(3CE;m5Pm2tlY&*aezg;2
z%%m1&i^Jg!=poMybYJomf6d2dd8`*>kuagj&p;~z3CJOe*M6<hfQR|VgjJtpjrH$1
z19P<^81ly>xCuB0tZG(Duf|cJNKsxtHAt4BDt16CbYL*_SRjIakX|nAYb~xwl)(KZ
zG7;ZY^kb|wgfG_sjXSY%ohJ58!5^vU><l!UEFq|>bk4Ws;kqFqhhx0ppEM;GGWDJm
z?4rVj08je>RBUB8pJ)b0aLpkbRI`6A11mXQ$|9{u*e^?ox|Uv5maS7D9V9zL)~Tv3
zw%ydM&&kuLV{tZ~P#<f+8?qif_bB;yx87JXSx-Dx2Dvph*BP5F@B;|CvOmW*jd8Uq
zarMX{&7TyhxbZbqg!<$i2_r9bp)P&PXq=1RkS>?4PExG9;h>0A{>@+foS@!du}qqX
zICfZ&0kXx<Yy!1M&PeH{zgLUI{0dF1`7l`}MbantB1YXuB^6Y097md7otQ!{Z=L%u
zt?p@lajLkGbz6M-gCojICYw(sA*@{X6~wWsYMF4x#54i3H_L6L%jHJt2^oZ>zH9-8
z>JN4Ar8qjnxvD=2#gdcXF!@euHfNhwkUv=VZf56lE=eifPwkU4hGo1pOE$~>tg4s@
zW-0z-Mgg1emT3H$cl1fj5Ovv$=aL#n9bjnrSFyAlg2I7%9Z7*{3kuzx8M7C|n>Z1{
z3YViWS9ycanub`HxZhdCqpvs8T@Ag!a^<vKh+Dvilrn#&XQLe3$K77hsH*h0^Rl_!
z*CRtA51!v|60bD;rAGS|hkH>n#3zX}JUW+IUwN6La*(=IMxQF5`uGeo@#0_F<CkWr
z`{UJu$U+UW+8BGg$*Y4N6+>d)Kps1*Dc6th&56wHt_&4_OCeWmMkb9SvJ!tLzj_Br
zIqv4K*;AKjqc7RS-$*dP`5B8L5?UsF`Q5b^Qe9T6mdi1yG+aqztkR}I^qljj4lAbC
z&TIS{?0y0?AJ}6Zh4&?)8zu7^1Rh4L=3C}OdvS}tGuVmrkFvX7YZXC36(&xmuH;ci
z>eA++VD6t(zT6cLX{ubmS#AG0z4oZ$RzfV1d!KKxWWbw>mHqyUgEH*F<A8MpY>-r^
zzq!0jL?!3E7}>BukWTM#0iSHe8GYqkGav<h7xy`p*?f=V?`MT~@hYFB`?A05CgroT
zdmkAzqp=FG8I}uqE5zSaJQtvjX09DzSQ6^pjnmmoC7l^fGm7?TZyZ;Zhb#boni?Pd
zjP_|fb4w(t+{=TO@-(|3$in7Ie~F|<G#_Z!>0&D+#ZGCgu6{*r1{yVDuwuE?f0FKL
z6OVcPkoA}#O~Re&a`vV0H}NauuijaU8f;#4%Auy!OJC>wWIQ0Vfipurx>)CiOSOk!
zb~j8?z?1%*V?9j+V54;`RkI?EM<b;Ek#0(+U|a-WjQLaf(NwWJ_o842`|~whotE6j
zNP_FN1E(Oqm&2hXFSx$Q0>kVyYjFBd(HRKAi%#h9nN4JJ9UVB*bpvBh+Qua}>%Q*J
z$|*Ftu$}u<%2}l5^qFA0nuew8fS*;!r|<|g+T{7R&M0fm$;teqO4&foaOnBxaFIOC
zx>3F_5d9BAI$@{q{sGSqpTf@klr;T*a%xunJ}DlH&5ya<eFI7+fqH$auujgbGxK3?
z1~TRNME5fd^PD!n^W8XUZE&zs{!}FV`~7RI8y(MfSBm@9W>V)}d)|84Uy-Xoo?w(l
zZxH8YUM?^%Ji#*g;2~a0HQ?i=<7SuLXvP|r_4eDaCDQZ-J-jHsjU<s;L4YiGckKQ?
zRqmgdt-S=1lvnk>q!$5=>q)MYgNweut)^j&H`Ain9$M=8>T0EAoZO4|s*x8NOA|85
zcsblFbc&@fV5}RuIz`otvN1;*nt=w4meEetA%eD~9v)bUA&K4T7oG-`D|J*S!p6FI
zqtlu-vcp2wfqo|S8j4(6vyzDso_KB?9Dw$uice=Ci5RN_)o;>UgXKn}%L%eEBTZI%
z7HmBFud8T3_f|<eQ1x~+@40h$nP@%2bd*fqSa<RGIiC?^*f!@~uhLyq{cJ2iWV>b$
z;^Q@FWPbt>gEGw&I7ui2NCVs)<Rm*nCJj|S8AfKBX~gEH{SsTl&*d``8)NY&s?B%j
ztbQpUr^!d+8g}6}TxOd}Ai8dJsnhpVHoPBlOfmj!THgS$Ls|X^Z)<(K5aJo=61V?6
zQ*X=B!E=BKGd81XFJvJ~f>uxSCvi(nE?X4)!}68wA@3b}Gaz(TBhgu$KTn+QvpzUs
zC!XuEbyT)ly9W><SLC>GHQ4QHpyV7>{hr7~F;%dK<g72I`l-2dG(&h?%+RCE<?Gng
z+co6I@@X=Hv;4e%I~o2+dh4^>5Tpcd3}OdcUud3P_oQC29mG!^^Q`&gEIE+mn`cMv
z?N5mt?Fuh|k+f+{!sVUB{6C5i*DaKM3SONdU`)Bbmif~WN6V@HwtS5aB+Zo>%`O@6
zQ)I$%pN&h3-mTtU_NSguy6O!{{VI;8LGJNbJCJ&DFoawr7Q_ESLiivZm?vag^acH@
zk$(SCb+~p_TYB}IFUrbUho2z@FW7#UP0PSglYqTQ6mAk!$oCg$Uf8jIRn+_@ZM@ID
zxTQz?RMrSmQyqR@Jk7C+wIPlEX7V_Ot(9LN*K#D9@RX(dXUVP7<~+6Hy1dVbWv!>g
zHD0ZfSBA((4TApZigCWW!W4BK-#V(=A9>yNn%Sj8(wd)t03455{SqiRe|7E`zeju=
z&wPuKv^Y^qMS2UdVZHG%ab1jS)})vymU7Br5RewqQB5)M*D-ImfNp^|Kq?%e3~yeu
z^Wky3#)eqDp10cP`gr_Pe}Bg`Z=5%6O{2+m$->z{arna&ZC!4Uj-kkKni#qN0V?f;
zrAOlg1GwF#LKEp^<957L-PY~rTYkQ)B(Ivq(v_HWQhp9}_nWunx)2W0F*fySVX(Ib
zPjs}d3twi_hMC7c@hB0Og$2K;UK{EwOVA#>q8@tLx5s+56ujmn!pX{UlO7DOtVM;^
zbu+4{)-k23oexW%8%G+<u7-4ZfCB!4QMKwv%`LXzTI~v&&?F=BHhnf6gWPM^k0<=q
z^Zw$$$LTL+Xj5S6hu@FqMo}wrKKh)BUJyv*noBpB1pZ!B>>w)~^PIww*Fb`Hg^9?j
z`=$DqLwhs>S;>I4wlb%kwas8xW`FEYYBhZ=cARJ2ghqGVUlabWGbC=ZyAy#;|FEh3
z_QolQi^x_dRBbTz{r#u^<0<o)79woYn3GyNiH{&x`uO7|FWZJXKc6UD?x813W?r$T
z4D@vySq+_1&St&Wr|M5RfJCQXQVZa5m%7)YzJP40*Yd@SwpjLNgulI*KU^?<wdDBi
zTvn>lKGwtA&t%>z%Yn>;TS-o-hJiKn82!7^^H;*ZU}3TP*!fVMlVdd+Sh&>`R_q$9
zF5LgQIpz1G5SgU=MLwfb>8lx`Jaro{6LDZ$S5j6><-`X{ne=j}4Dr-)PJ8CzuS-D5
z^qimm+S^5@7-RVhapBy*%%7gKw+$`SaSW^J&FFJm)&FLYY@N%b|86mroAknZC0?Q#
zW>mPLeUlkAuX9|kF5sB^TQfuHl9FuBd&-qi=k9Y)lI~`}B<0NlwTY|0zI9fB1Qw+j
zS+C?(3nbZ}Uh2*2VnFb++$avGKzq$=rfs1$xqC|P$BLZ)4=+H_zu2!{3j9j$DB+!)
z0*#O|S9P2MnP~9TJsrJ&O!Cq&qQmd&y*>+Bmd2pk7*%`{ZfesC636CAg4`x~G;-3{
zPNsf{3}!{5YwN6ip)3}fY(W`6P24+nnP>Yk4`$aUHf0>dyh{!}k|MK`g27d-UiI7B
z=b1X&CWGQgTv3~TW$a32<eExE%{)8msZA<bm!+R09|Tr7wS%%8R-Sbr!97G&Bu>5Q
zl{adrCNr~o_t}}D=TdmEV#~BxDF#`L5l%HIV$BiU$ZM$+82ucv8Dfwp2J<O@$Vl^D
z1S|7^zIQcYRE~C_c@x4GKBgo&Dv6Q-`rUji;~*?$GiZ)K5->v+7dLVm)xw&RhNflh
zk*1g3l2zH!5Jd!XYHDt6WXTVExvR8V%!ervyt+p=GDsSy3{M;}(qR=1YO^>Auqs?A
z8;w^Ej}kQpuPfZJ6I)X9)x*1~*=mx=u$fI!OT?(A`XF?iu!Fp!)R|i{(5K8vV#tx4
z-=frMNUUiV1Ug`cgAV5<nTbmTMjy+448%tzkFYsnr^lp~*>-0|r9d_hHBtHEyjC^7
zvL2FGnF5riSwQx}C0$#UJ;OOkxQt`fCX%L3)q_mB($t}&WPqt#oli-kI%c{v%0f)r
zE^`%ZXV2M8zNW}Q9tmEj)JCj`83#$7U^Sns#Bq$%&GsoRk+QbQPmsJDf@(3wVVT^l
zd!jY!=N3OP;BvM$qlv7YRY${&W2%yWrWzC~5?DD-Szd5l$5~)WOT6<3%0gEe8TFEH
zW+QW>q?5N(!dqlhs~OYQ=FCbA+3x+!CqWd&1Dg~en(<W3=<NhpWVqC%pAF4-Mu_`a
z$Wrc!Je9JfasZcV0>rkhF33HXoIGm6@wUkINw|+*azRkVWi@4R*X)!oCD%^g+#z|U
zJ536g)P@tQ{B6r6Wk6G@h%A8QOv`B%Sw*O*fPHhF*fvE4URCMfSXC4$!580rL!Nb%
z_@|TXafgBo=#*hAL9E1#xlDGYk2@-q46^Kr>59x<8r6{3yqb`y3k=;&b^j+m@6c<q
zBSw*Zn+(KG5V!c55E9jJtC2HmQW8UhQOD&&-KvQ}t}Rxwwq2%DCysGJM`QFkMZ73A
zH0^jY(;kbvNn1>svYLnzv{S|cdJsZor<tPs#Hq8q0<*$TM?6mkNxH3@6iQN0>FiUw
zCkb@wCm)Sb7C0pFFLf0}dRgeHR$Iv@P-CFt>a|WYUQ2d3d5&ffk5h43%C&9jf|Mg7
zY~|G!BW|(;kCJz$amlJEP14b{B&w$&2?0~Ki%O=?*0?j1O09^j+Ysf;IOS*>h)+f#
zJYkFNc@<7;LIpQaO<^vHpEWLX@=}#XQ!P`?ZDTR{!ZCelN}9Mqvcyc35k`?80k)s~
z>N`$E0!~Ngm5&tXW8zsERu6s3u|_Ir;vGb-;j<ufVKDRjW+bAVXucw`Q=CZPV$Wr<
zqE?B`P^6Y|mgLH?W(|E1DP>6ttnSM4>WU@%kd?iIl*O<W67+IX8HxEyel41vo`Pz+
zBAAVnzI>7b7%P$lqLT%}Rtp(3!(>tIvty%`4wMZo#9V$HlA$YweH%7JcQkrCdrm1y
z&|)8C5i)wp#!<}#$!>(*Ax{eFQ@UoE@_9*Ory4t2oCMWaCQgx*hsj>au0&q4n;21{
zAim{T|D<w2_MF(ET%hT*7p10wZmPb5JU~RQ>59*#Ae8vn6|XMhMiKB<>?sTJmbAki
zpY(Zk)pcMhR`p#K9|X<$BU#hXOBREx!n$y)Aj6sY`w7SnBynITMW$}~0-Ol3rx*}s
zI0s5vs#5cU)awJMl{eU&6C}S!GntlKnwYYi7bI}W46VHEP`O0JF2`BU2(6ZZ+}FTs
z;ATUj+!=zrU^}DeikyS2mS?a+`^UQem5N~+#E@KXS>Z-GM1pWD$m3SBeAmo1XxQ>l
z9j&{P@{?z;?Sy(CYxeHIKOM4n@CnD$+hl9!WW?&e9yo@lV`MdU$Pg?^8in<#=B04@
zq;uDlrgftx<UVUyj0|F?n&!%8%%b-ko7K7+lG|giBPCBpZO%3eBCH3KDQx>i=1tL}
z3J575pG{>ASbT4$#QtNo`cEV}V33)ukV&f;m-3LahYiXD4RdDl0%)8qGq0}Vh3oHT
zp*fwDFjyQI6CV(i=149hQhA?xM%<K0$cVf8NIX(~COC7Pi3-C>#ZO848aC0hai(`5
zm);;A`6CWG8FGHLY7s=uIgrTvq&seE>Nr|jGF}a?QZ~!{QMKL?aln}-V=TANk!M1s
zQcjJQM$fXFq-0Dc-wL0SlVuS;z2t4(3pPbtD7V#D$K;Bn`6j-R190(<CDGhi{V|wl
zR?W61rtCRMM<}s5bOx2|+D=lo1!24UMT%9^sPe9|F*WwR8VIL1k&JXBXOiY1@dJYl
z#*Wz0F!-$`+&Id0=9`a%`)(S=HKh4gW`TTlH4#$ZXoN{nrxI1SizQZ>kz<=V7f2E%
zE{u{y;4Ir$J*Bx;6C=;CQO~t3&$nc!HY}N=4X>SI3+q9B>v8Z7bqXoXu|}dby+{vz
zq6=9(K_2`t5<D?WB}kG2hCxp=mz?O;5vg^ZbS*8+HgYMzrl|>$H1YFxvBbV%8r)E)
z`JUTyDPSVhaamc&+_NBL#2c$CY$u2#^y$TR5>)i2nXU-=A)&q^q+OHOX(_#K$c^+J
zm-(4mDV>u%aRx>uc;kiZILV6dalIp9h*}|00da`vYBW_!*H3u}jZdcRg!{;u)M@I^
zn#f>vuKZcaxXiIlUb<o^ZwqQPE@g@Fq7ZD6$|(K(G$gO74#V<^;}u5SXWeQ5q7~`K
zry^Ry2~hStBTI=^i-<zR|0hJ>BJv?3NV4)sxSg;<EynPTWQ$4}oVL>9q|KJ*J>yUn
z>$W9*(hI1rpSYPIp77#-I>{3HB#M+G-G*kH>m=`H`A#R<AX5(Ro;VzI#VwgAdecaf
ztGd{O>Zz7RB}LMTO;LSBnqGvRAv=aPwv<zC(Hzw+mn#Y>`<li@NJZ5Y@ywX-P(+vX
zvs#LE>o~OsXIZc`fk|EGp(#4vnj|o(dCfP+6&6xjh;efAZL8VyP?dID6%jS9hagH$
z{1&o`Hd+$MCjDR$e6HT9NbF4(fJvz_C|jFkp)|5I#0638Wn}Bn*=m{O3@n8heM*Sl
zO5rJujB2NXtSTpXmdaU_6=U_-C6t%+JH0%ZdMP1~oV`;(FHh;&bK7NlsfbcgIr%ub
zx-?Q!$in4L=j|JtYU*yq)L|h2>#~v#$LX9QuSO?|cuM@9^p7FsTE{qqb#ix^6k?(7
zCM~RZBpY$h9EW6`PENy~vW&4Oh_EmdBgwP}DRY1nKNv~mMniS@HMKFSFO6o~)l>n)
zR0XT8xvoi5t#t@0nsa_)Raay+WrY>1_Hin^R?lo{qpYG&Lvv$mV9;1?zRFr_t-nE1
zfSstRb&_1=Mp;<sh$RSJauPwHZt!ijmA8GKEWMF*T5QxwnaqPGYp@J8S%IygRn_OA
z)+IX396GX+LOk>m=%^7djbOGc;mXk@jK-0s;;Y)v%_ogy;H_u*mHUNB)$FX6M|OEF
zo)gu#$sMX|Zl(q1`K<&^fo!u#7Cxn>`531BJ-m*Cy03Oas;a4}44kMTlm1va&?Jvd
zG!i5C&(4C{hb9lYi#Mh!^ifC`GWkeo<tMVbsEwhPB`}sdqnS^hSsj)B#+iL{oF!ac
zW|d;SrX=$zsgh!(hRO3k9_AiesJNIUW1f^SX{#x!lhg)W!NO|>v&{QCk0z@n%+^&W
z!GRc!$64rt)YlRQtR?z_K^Eh9tg(Z%gc^b#M|qBfjJ8!WO6oKNs8z3JF@}tENV}<$
zN?J*{B9rTRLpa=#`pVPt>#&!bPlYg2y~eSYiC`xOn@Wn1bUc>WZISY-M!4gSKl3Z8
zpGc7f)ugElVg?<B?c|n{Sf(qE3rMC;GX+RRoRQgu&9YI0VgW)5Lk+5!Ze_9WCtC<N
zTOWgj=uX7I=~9TsFvBaYq$+3AlouzOT8hVMi*zHElJc_C6!~i<P1Tl0wk8ox>Znge
za5NLH6Nh4Sw>>(;5U`0!*?NS5si*v6MjaA0W9~4ITjpSK@hLmCs;;E;|7j^@g(t-3
z!j7j|&02(pdWO~8evZ1!OH2@PUPw*fewaCRw$Y&fwk8E0bAa}?PYNZ4@R|;3oK`T`
zD&sH%F1#oSZ^TNeh2Z;MVXCi*9myD@()Wp&#w2yu&?qg-l4?rr<c_A~3R$B0QBXa~
zn8Q@q*+kOf5bV`eCtvlM;b$I{36&i7q{%`Yd7F7da@qjQC)&$1VRce$wa_#%t&i0u
zQoYo&AZ+aFVoB223M+}vTqaD^5^J73**YQzTB$3T75_!6WHm*aaV!UwQ4|yWsm8mv
zQ<;^%S34I`uT+~|Ej*JTw5gMMa;sMZYkrLS?Fc1iE8nqdRVx}CY*{BX5r@u})A*W+
zRII=cQzE9i6amkJpr~T2CUQ;LKpOr=&@`Tqi=d_;EY824@>8Pr!rX`tODkzOC`>mb
zLsHMBG$<)mu{tM-Z&zP})SHQ;Jhciz6)8<v(QHgrO~<C85|cv5Zz8ouV<W4-hOji%
z^+ICIG((M47pdD+8BS8Xr=$&<C#I29bOX_x3qEe9a-@gMpPYo0*+h~=vpviwbl*3r
z&lEi;PNII<jwUh-Tj|zTNl4qQ6XF*`SSMLdYbMKdC>hmLf!r)+g=R8nja>3=vTDKN
zDutqFQ0*FGnnB7WKGGblB-^QT&QMba*Nx<h6c7Ed6>HMA8kf|{%B;zq)|AN{2*x_(
zYQq&4z#5YDBiZLG)@7=9wPp=-qlZRUE1GI$o*&48SdpaqKBe6os-Gm|(yC3#N`e>L
zO)kJm@eGv|kF%=Gvf5ZN9WMQb1edwH6abtkp=)Ky!K7@WoS~Ph%@--tHs|MbxzAOV
z;?I(AxRnZ&CPj()u;nu-j`=cXDJ|((bGvO7eII0AF~c;OPUF5Zx0GH=airP0byfBA
z;-%^f*wgiP9I_N*6VlA98iW-0$2yf&Mp`MVcBm<9TOluLK2AC7)nU+Tuw-j1;DpIQ
za48>F#ky@()5L9sWJrKjazt;2C9yI7(p_lw-nw}8)>MTrU+nuifyz|0mt>kpXF|?p
zYhDS?=w{<h0mMNxVw!mJSWC;0!YZiO%9b;$OUZunP!x?lO$oThA*<^&^pXy%q9r~k
zsE4C_STn432CcZQHbYua9B!H=ksRow)BUxD!dHvTM~MT<YzlVMta1qx^?lM2jIx|t
z6D|;7w3fL*i3A|_^?9p0h?J<zWnXV<{H)~i3R+7?4E+srOB&(L8uKimOGZ1aJS!ju
znR-zJfb245+vuCQnTuMo>$bFus-HWSTu*I9;-_9RLZ2iL7qjJ^Q%P~CW6c!Uc2baq
zuAxhaMWec=t7HEy!)22CVY%f>dzy4ZM5T!sE>ls&EYneze8(_MuqGwmvqXB=gCr64
zlJu0g`ejzfle1PJc@SQm3rcy-Qr=T_NM_uUNgjpd2I#kfsTyWoC||1Sdbb#wCVl1E
zN-#u{@T96pD|z^jGqhe0KCfIV0cM6sZeQy!arqT5;V3T4l&k8nv9RFv<R_O57gf%D
zljU3%BHgknW3*Mm({ft6Cr{*coU|KtO{_#lTdAYZxV7yxb+n|(ZHkIuAdYZejCLy3
z6eewHph4S90-bRtPAadF6~iLB)5w^IEby%1=V6^ZGY4j+`3<!K{v_2(nxq1d-H?ls
z&7^!I-<*`rK;z_UoD!DTPupvHL$CQtmRi0b31p{XxupwFPCo2w9+n!xY12|_XI0Ft
zu4i>994P#qi1l8}eR+|KPD85C!%@;UD>m-6C}BfXIkZ6W8CtqR5uZ-NI<mK6YRO#L
z7g%8dRxFIkA7iX0+kTe7d7%2tPF_1-jc>XNx5^0A1^-Qg7D$vLBbu`MI2o{OCgn|J
z6K%z95qYv5H`Q_FL~(M@sRX*^16&g|U&Wa$xLWjy!UZ5g%2GlPjMPg>Oy9t3elx9@
zEsUWGwW2=F3g<_l&Pt5;oaBScED#}gIHr<N`p_K9uW|LF8b}z77QNVlwV<=QTeQ`4
z=UI@YE-0#&atk^oFhK&%#fRh4=Ql%n0z;+_o}_ePlKiQ!3DY~`9nD!j)Y`|&k839h
zu2R;JvCCN{O)22Apw5nFY3C><0k@RyQ1XseGcQhZ+E0ZV)E#BpR$WUD>PMGikWNVw
zCA$=+U{;$Rr;}QTxxz-(ZRMI2KEJ2&A)}BoiUiGE=CXR;Bc_cbF>TTUXsP$U5ZVzd
z=0)|_2wHV+Dc@|G?aivx8ZhdKC-*v%dF#2Puo}DMVl+@n_Kb<*AU&;=#!5knBPqIM
zHPJcgw8iCq9JUKRu|%L*8!AE2H~Xzi_0N+mWv!!N3*C@}8$ol;NU`QIFBFb4m#&}H
zzqiRlXe{nR)sPXuWLm6ciK#~+&%KvIQ@Sp5mDCt3RW7zvGC0<SK9+E{M#zhHk8Mgq
zD~@6uhbFO(xfPCrNZ2VyB0yC*tfji;S%%b#<D(It!#ZrG27I<{;bxnGpg_v85^UyR
zcaq3)3PP<*L0ZXy^Gt58mYc)8xMiqdqJqJp*h*_ze4VszR^*|Y4C;y6bwlnUP1T%?
z6l`mY=8`Jhty1iXAewg2U{X;E>)8fs<~<2{<R&IiQ1Ov#7i95)1Bs(dx$gUl$E8%X
zPm+ez7YQo8s<Y}O5806t+%-)ARFhygauip^SJzohx}S1JCRBlp$f;xxC$|k%_tvtw
zwVum31xYG86MH1Vh7iV7-iM#Hm-(=;h_;l}K>f@`xRNWA#bID$F5N9lf*qHtZizxN
z`3&})EE&wZ!->NbN^6Sq*ugR{e5P6`&CM_fK8>W7n$;MH#&(SFP_cv~WoSK5K}Hpd
zY5Ad%CM%wr)USyF8EY(m?hc3CB>91PHI(*LX5cFS$r&%Nbs%mlNmtq6ARQ^Cacnc+
zj-F($9(tX!WHB12A~aHJLknw%rN~hdnB5L}n(~3kGtNt{KUIRT{?%!AD$OWA5pzk>
z=ufQhoKhzoJ>RRDc}DXnw#6HRcwtc}r#KZ|tSx5h#+(G@Sp9kid3r3vYFAM`^V~N>
zp5#e$eX@!}F;m9GR5aIxQ`4q;9<{7i_mgR_ix||_5}#^vs=B;xXJ0e#O5P$e!HcP(
z=cMQ%JG%s{(w|kIL{a`&i3L)}orDHXR1PP^Ua^`VGZla1?Cv}wU3LdONx6R}S`l-+
zl?`T+31{OJTki89J*n={XK{kXPpPk9q{Otkib-aUChI2>#ne*Yhs!*bc-srJxSf*c
zMA8s*4ixp7YWP$@Dfr}%qbUpGn8*91=RVb09A$YuatWcaWo7r|Z`q@gGm`9IbBw1*
z$Ru2(6vICAwox&mik8GhE|rNDPMDTP5N184t7|EMbFw*&k4-i2+G20<no^Xlf0`5}
zrQ7bRc+k=u4=tmyye&0m9H%VLs$o60DMdqaE$~`FU-V6qs3pZQ^)oQ*T9*O@ESp=<
zc+pLjjFVT3*8LZ!-GLVB&uzm*tXQBLqy&If%Y0tTDP2@Cuu!{OE#&!ATUj9muU<w{
z?*jq&G-SpRtrvY9wo^-x?tl%M6f>AbiH<ct>rniB$aleu6>;b_b#Im~L&}YD2@@lZ
zD76%(CAAzRwM9Jz@Q98=Xr$NZvPPDdObdb>Co<cT{4=DjRkx*<bz4D~$4R|C(8}pr
zUby2#oD_9aW}Hg(Kb$BOdnzH1HF~lyI&!VCKQt-%zvDsLQYR!|wsuNbr&-o3cDqR3
zsZG968pPDJqOa8eo_^uZ0uRlEEhn6~Q;|7^o-UPpO%KrLJn<oka$(ykZ5+1jm_5#~
zC#lXkU~<T<rkNNm=Z(~eOHH;>Pkcth=N_H(eC<?BJr(ki3}nf*pO^$4>5dVtOrHxU
zbyZ*8+Oh`{r^3ok!E4o2`nR2ApSBmjNtTiGaz%}h>@rzox2hsjw5q0{Njf@_fY{-i
z6C(BVbR6W}%rdb}QC_s5H0|FYGbcBKmcj0*Z#E@N67M~?<?5JhS%UW_PV>;EygH=H
zME{tkrc6rl{w+zcSXYe^Np0e}$le7Bj{E6GS(YY;+GNk=p`bdSj)H2ie2<e7aea2`
zpQ##LYe=)jrK=^E#SAQbK_0I)5jm@`rSYtUTX7Z|8EdJhkY!%!IMKqgY%o;TmeoX>
zbTUtw+?HzjENN$XqedJZUrRMng&c~VDHZG|{ijvMNo703T3r!Y-Dv3bq)7P&?A9C;
z9JIubzm@8LR@^d!+`iaWDlU21B+rXx@+#^VY7B34d_^lWQ*!1L70`suOo>)RW7k#x
zg|SJiK*AkT+QC-J;zH?TyqX({+cJ598G-+-e!17m8-xy`^f6G^&5_H~Vzj+JVI#qE
zOQL03d0PEh?mFC7YhqR%2#J^k9B(JAPEnkr%#7u?@>o>0(2Nls#vtS2=_EesY#WKw
zBiF-_r*q!czl^r?2M;C6ft|7_>R1zjhrAj?*JzGKweK6h9n3Ux$=7z2>aT0z5;64j
zHQ+_kCn#H4bDBqZsZq$OAR-wyY;w>PS%?fYTQ!KPSx@#iHEOj~K#9Co-)31Wa=(#A
zP#ER(I98p5mU-M@zsOjhrD_+I;2n$Ns$o-l?-VZ?$LpCIzgsDzg4`-4FHHFYh7u2<
zD&v;Z!q8guTcLBD<uI%!0I#WMz+t8WPT3dRIuAAVpa=>vgfDxNm`ogdj2f-#>hVtg
zNH()IaY{TsN#7^ulFZ<tQA;gVx^M_a*tP+so(+O-DXKO0S~pym2&L5FR+=kP)dnY~
z1NB00X*9$k%RBUpl=$8)#ZI5qrsE>^;{MLU^jujnqGG|T<s+-#FxIrIef85wfd^?t
zl3<=#ze<*Ix-F&QIqz`T0`7Xq&1sx>I&4+=c_-&@E;xy|n9Gau5Ifya@jSCQ;gB8+
zht=9<DWn*e2(WqeNHxB;Tvj=iH6L6Yz-VaXNy62~d7Z9t7DRTOWq+{ZBwAJOEO$;g
zHe0F2#)+!mXwYzGwNisz+ocHf<#vE&7QETesw!IftHoTNtm;-!SM^aM3iT~FvxY>*
zwOz{XU9%a8q;SB7A|WXckb;Xjh|K)I?7iD^B1zLN7?1M5$(VowJ_Ixp{9C}-Tx1o|
z5RxjAMnp^0(~tRSxl{kXor|$uW}VRm%1k07<Fx#+7U(`Ojzysg^TjUY$vI#1QhHjC
zoTrsVKqLNSWzMw~9>6}D@b$?vqJ`bta}p-asS2ZwCC0W!_MVYt^MlH^nbxu~IuE*-
zZ!j-z@zB&hxDq<o)?dLpz3C9IxQpplfLz>~BOmN*=W-i{ye^OpiPdQyvkKjH=k~|B
zMJ9zb(_Xi<TX)*NG{fOLWReN#oonInTjiIa-2xKO`%_S@6$?v`G@24f<TIG}Y<DsC
z2-KbZHQ3K*MUgP#gT^f`wlND#!;oB>jcr1!?CB?watkH}+tXVbSu;&t4fhY}_Xq&A
z*XClhBM&?aRQEb|D;fjbZ?kqsN9og+vf{)Ps-aPrPGNQ)H{(<DJ?l8T-hqXmG|+PO
zVL(Klx!}IuA*}1!OeT}&9F4(=B`?e$(F<`IO!K`Wm}!xAmMWLsd%0~<qxFs$!Ns{T
zC<7DY23yBvb8|&NwPvPwT|o5_bVl`=wMneG;K*>-xXb`AP_tBbaJjQf?@xE38tk4Q
z*d%I9rm>j@&d0uSY;0+q{50k}@Ra0jq?~Tr%+nmcFuLdti;9UNVkf*P?!LzSD`ViV
z{#Uyq>K+&=a4##=gVEpiqL#(LFl+2+bax*?zxVW<X_TRV=z-IbZunP|fv<0Gfu&IK
z)=<fyd@0`svS;^4$H`Os2AIX3(N(r3@Lsf_&g1#Qnw+Sfpt*~_7KHf8u#oU;zjdo1
zeRL}b_DBn`yoUYFt_7u^IWn;Kk}7C2saqq2wGhNWxZhl{0b*A+MQL88^gDjx%Z7dH
zGZuzN^qE;yN_GWJtDE$SXKel!mX!HyaprSn(bGw_b2=hqWX<pO@^=14;bsE;$FnQG
zg&mnh?gc-UO-K>3dt{LQviGGO;?_1F?Pq@L>QBxRTy=r&Jdmh1%Qbz$mfa%=$ELz&
z?3Fu<uh@scCy6+_BW9O09VDdcUwx-}L{xcKv7Ptna@DB`7~DL)Z7z(GGMn3G(EDkO
zBxEnt%ukR(^!VQ&r=s?5+x;y-skSi31!pZRI`>E~EWdc-viL?D#mnA01pb>VG`qA}
zGrA(#R(r{oFSEv|rl4=djTvNHJb7i+LzW&UFt)fqHH49lEc?MDmTgUi?Y)6aum$>Y
zAybi*ezhsU?kM7K9#yNBnE$-xYRX!o9h@x=21(6ZBxPteR&mNl;1=p(zB0|s(kX79
zhYG^PyB+Yta{nID6Q(A1uQDici?a*kmOI3#cqAthc?UUQ{G~^zub>$yZut8|<dyoU
zA3zDyJGrM?5LUgtQBO;pHjqQA!86BXWVLHqXpRNj_xEnYkwxnncS2wfMZ~^Z>O0pt
zgGeWY5ZBEGd<Jkv?GUjyx2O^`;z+|3u)p?3V=ApNa7CJV2Qz1gmwjwbMT|9h;an2C
zavzqrL)@%pEQ56HVmhC5dpmoi^}cxI?@RC53)qe=usO0nxgP}yd!CRn?IDEW%2NyE
zO6;7Ru@4F7a2iN5t9=}qLr&fucBH$&YuTJaWN`<TT)`pi3?4M$ZVCgc$_r%=Rnx5m
zjDfqLiqN|xv8zw5KjjRkwVE{x;}bB{Trg8Id^&t==<X}nUzR;64d$Q&o!Fvkk>Y-n
z1xy~(1~%=vTXLQdz8Xjk_ravTQ&-1}$4gB*GrJjC=M1=Tgy4w@Yy~?D{b(^|eFBA&
zu@U=<`Kr^F*QlqA<z8`$y_6R>|48<c;g*-MiI1aZ?h-var2ttK&s7;W$0NEv7G$({
zw$iTj`^T(X$hA|OX!o-V76r4=+z1Jrq}cWf-JRPaqMvyQ#tfG_oH$F%)-^-67FxJA
z>$ZdwL(ODhGScR-#Kb(!$bSibh5<q&)k?y97W25iWEVS7k_ro!GoyI37ZcKL5u$ic
zEV9EA_7tX4q}71$+?+6;2|9C2?^*=|$_K25FK)12xo_451a=|aQRmv1?C(@E13d&<
zX=-x`wtg8x-*iq6Of1rIU(8%O413dEhd5sqKnCNiZaFpE3$#_^4!{i55i^%$u*rCl
zk*A=k#Kl!cieX$Q%jO4s4mua=v2J&%w=oXOw_)6MGyu36v|0l90?JG+ja>aEb7b-B
zvfO$oO;sbXs;<SL)5WGUEA^%eY5Vu|KDM21K{wUz{$Td^&0QWUo^TiyAWXmoO!V_|
zm-+luFj+jnfw2hDI4+?Ys4q<kaioC*ygPS#nx_UCHCNfw7ryqE<mYwE*SPa&trkRc
z<*yGGSPjaw-}$2_t;U=uO$*NoGdJbVuQW4l3?U`e?WyGz&293Wx#mCvpU$MSz^75O
zd=%@GNb7hiPEs-PWPmP48+r~%pgoKnK@gO22B!wy2B8zo!A2vYLj_Fe&*)&xdYIq3
zW4m-e+nx5F@v&vl6{;w!1+9+q$Enzbi*mugH>bYFjj)TZvMVXSwQGOmbl4e;T4t|Y
zcbD!h+Y4M|q_6MQaPB0-`%@2oy>+fXq%uk!g2-?6=NM`9Uo8Y;IERq1=7AId@l-E4
zxYDrbYmP;RnQl{HH-!x`dkl0iFIp+Hg=gn+G71PfjM;k(H_RXkoCguNU0A(AE#%An
z@@{=Vwlr@$H^Gp;hnmL#S*jKmjyOu)RPGSPK5ovo9#}A-z9jo=L?3e|Lw8nOKQlEa
zaZoIM7m<U*RnrX?sx~TVh9=%Q>M-vpuOt6sC3yCugQKkr@}<Vr4o<?Ir6UYYXxX}-
zQ@y@~8s8g>1r5wiP<43fFpFPhG&Dp6dJL<JTw%113?g%&(g^N(4VG}-m<~qJ5wvPm
z##*SUT@<7_MO~nK`meM!1+ZO6^%cEXBZ}75#b6+kMs~)hddJ5+cE{4nh><2{Ru~pU
zlIw#h%cs4*4f0iIB@lRp3~Sp~b&)~nPTpx&q9|G*YuTA!$5p*XPEasJg8I~CCl=uM
zjDB8~mum)<S1xkb%&9#0WOs9=y+8xE1CM>&x$jD3bHD~_gEad^r=3TY@~l}N?5hD(
z;>`CxQW7Z$ehrPxLh>UUx|c@mJI$4XSoL6ZPJU@|#5-dFQlS!~jhew$V4lu3XpM#@
zGdMwnkfNa=8SM$APM##q#hq2jXgkdd+Jv3Rzyg?!oyHiatc%{u;~S;1Y;*M9#sfZY
zMu%KI4&r#HA*$NILH6HMp0@?>Z3OS*)Ewpmf9(*-gVgV?1w*!JyoL<VHIz=~1#|iw
z7L=8F=Z4Nuu=PoKA0(9K7SAzPN6H(<+BUdOb|x*g>k-$fzv}FObEJXrttXZ@Jnn20
zIPRic%9GK8iNC#r?0L3Os(il<90CkYI#5+3C@bR+57OnQ@URSQ)>e}uoG3yW*~4-&
z4OWzW*1<CMNP(Rud`vxx?xFnV(wk#{HT8%wn*vu7TF~3V!&~cNt4?`gI(8OVV>_EJ
zrs<3f**Fp5uE89qzoD#4k)U&`{5J#BFqvl1t_EkK{bgrSuw$^K@-B1Lfup#EWK(s4
z+~xQgYTbIojraKnXwPAB8X+BTqLb*N-DmG_G3_q8kTYky?+rTd5sdfxwpVWF9<?BP
zdkl6B^Di#Eu4>_Ty=Y1GR5A@4D1RBy+eJF>oli$oVQ;hr@6pw1O{dCtfeWLE)PM=!
z1ucqYMyP4fD2?{Th}JaE(m=_eIOzu5l_MBYaf5FcYYbyd2x(wqFY`V2CU9=-EUd~5
z<Xz~6{y4J+2hOy+%kePH0Rgg|*jfU;?$$(A=Uusv3f#B?=8FrvtOH5gT&!#*ijf0Q
z8{(Q-!n%Di3R$}gqrX}Pxp^@ibYSS+*+~nFuh|xdXVpCwzgh8Yk#z%x>bvy{3l_bm
zGLCJXT?B#8N6WVpZ1U(MNC{uFE^sQ~(Yvq8!yo0j_c_3MTL=GY7WwPMV{-_bEV_^v
z0$rwsuP)D$Xp|wC)+0#JmIRBPZq?O2T=v2&EnAqLC3_9r!&{HfM3&tt$iO44;R)#v
zCq&dQ%RO1{v>`Ho;pyfJm?tq9q6Ik;=tjQRiEC(XJ&;pFprcP=2B!8Mf}Mu8=|-f#
z?awS>&@8Yvhgi;G*JH<NPTQ!PIc+@zhX5L$bThdxffROQl!s5{UN+oFgkjrWgCTQf
zPyz(eO9<XS-cQz#*p7_VxVr01Gtc%&Ye<M_uNZ;iX$M2i7(0uF&3jKRaA<f^><B#n
zGKW1FzF1h7oFn~si6q9=?-{3a-2)8NKCW-3(}$g7q79x<rl-Di$F3T!n0j$N5$UnH
zK;$<|{VK|x@?yLK^XAf?n0q&YU=ecp)1ZW8@;wm!%H{6!V|Hxw<RPS*tB5TrVkT|r
zmFN7Ahp2J!4XK;HNPDCx_m)R9<jT)8tJyrzwa6>T&f@A)ZOTpP3DuI+H+1sAknS%?
z+uUrUf*AWz@H|XaAm+hl|0j<RALJ6lpN;8bjumHQdFqyI`2@D@=V<=U_VXhfTOoXT
z0I&O?ID@(qfCdwEXAX#^Z+d6g6KsHt*ZEB=6Gq9_qjsNKj-Dya^b^U?Aru-AOfqoY
zqo5InRF0unc59+*bKgNJ__S8!5iZP*F!UoC2IJivb`N+?^U^&AH`mbSL9NLE=`sub
z|FHemDTW@7Geh*)+!l#__DErmwo;ts{xfrqb~^TDG>r<V-ZAll*cBKt=rHYI&EyC-
z%~v(7_n09MV(>J?RKfJHa=B$~vI4a<`;q77n{tWmxeGQIZQbrS$pt5I+Mhy%$r!z8
z<x%fG?<wE8PLb;nj$uJb&NOf;L1FgUW6;?Jy4D`dTnimS1ASwN)x?5aj_6@N_wJxb
zfy^k`y^f8u8uBE?3^=ZLVT!n*6R`a10-4d`zGH<QFCdy<6~z5pLJ$(jz$ut5X>F~#
zi6Eqybhh;!8TJwx$@^4eaGlK|qhykVHR{N@jMV@c?#exA!Ini0z*8U5V<ghPv=DKx
z^U%)nOxGo3Z12PLwL^@>M1sUEC1{~ipPF~&gt6{dS%W5L(?K~4lu1hnIe-;E1k7#V
zImzaEF~hG5q&}HdX4BOFx;D1qO#`B`>;mjK&G6{1+~PDKyrY?dneQ>*r9n?%THl*a
z3g-jE3$1Z6$a>kU6JpRIYpD-GYY^~M;0bz&{ppS-qy&yQb7Xsx<kV<G&;wi;>^WEG
z@86#+nq!H)E$~mwVHuNDQ_I$V1ZA`fvRWOW1hfXv?%Z-SdH>!l;7-zIHKNa$9sE%R
zB8E-EBcwUi?iV6F*g1gtVT+C5On0w?0!nEo?Ajw<U>Iy3FU}pdFCGB04anVkC^Wq%
zAVr)s_YD{LaBRQ4z=&Ps8fK1pGh)`e=w`9U#3!2?DPK%2+X9J2B4gt-$L;Zs*EUbc
z=vo?6*}yW}Hm!j0%W=k}_t^+5;d5ZnfNyi#Odwds66C$~pO4sssu~JxE8r$>I%4Ob
zC6R?xRV6zM3fZ}I^-Jd@0KG5a&h6z2*1<Zx6D8D;M|-;C%GpLh%!piqZePrN^oWcb
z6DwL{7JqE!Z!mYd5)O14vDl1R&I7SRg~a%?gO^RWxy@y4<k2*~(vnpi2*@HG6Fi3v
z_RPHtC_Y7ZJ=b?1E#cWzXUr%z?gJej@;jao@;Zs?QO)Md*}b;6u5P_^Y(<r^V7yrW
zMldBe53V8S&{9fK%X6EF<IOWU)~ApRHVk{ip~eruvh?UtcP{6`U=dN4qE6r{zI@7m
zUq9OS-lAL}q0rf0WEKLc5H+X{9G5^r=&^P`lgSyB$nHJrJvm5CjRGrdVqbO;Mzy4F
zlY$<2H(To@In3&zU1jsY7TW|H-@sCLSt1bvC*C9@BMJg4Oj~~Q=+Cg5T=(rQ+c=&#
zON4uBQ8h2<ybOHqU=P(O$7~yf^>AB0t99+M`AgYg&oY87Z|DnwDC2jYOAV@6qlUD=
zc$=11U5w(HHD^h7>A4>7Lnj=K2tYGQzX}1DlHrZoX;eaQ8>NZ+JRZAa4?YsA)L-`;
znw|~obo-IFaFSgy7mJ*W;7?raIQuYD7Bq9F4InXqFk&91<LKacjQXE`j^s*CLIl=O
z!=_zA-zekft%tlSk~3x@1#3|7@)1VkVG;XNzE|h-w%7bx+n&5Y`F;z|hUm2l^etm2
zC9z<W5O%+hb7EE#A1~&Mz#yPgG*57EYKTR4)W$cy^2R5S7<+DRisxatEcyQJ%cMTh
zOinXX%!}<)!Q&=feTW9JVAI~S!HcQW&&?uhiXKCc<y7v6?0|pOVVxP-R(*kZeoN)o
z81NmKWTBKgbn-aRuW3vbNHNr!whR%JGPt@AX8cyVazy%dwTqHA3qv`9d}8EAAeRGj
zZM;zjOWP<i<E)$69QOVeM(AsJ+se^+HEuNUSC1my@c>b7ynB1h_cFS3XcXyK?Cy9J
z9-ZqmBT+qDCf24{uzeo`?xaqe7(FF7A0vK!uP%yLbfL|i8AsVfTOVDRLJ4NOf%@UO
z!SkqImIL{qlfwpOR3t8}3!(rpKrEZtJYZOgvN7z+KcTxmcN(?5!ZUW-B7Kma^QXnm
z8&nokXNP=C4fNK%0}R7Mk$8XWewGi;E;FbXUiT^x{Vqeqn~5=Pip#=j{AAerFpACI
zZq21(9ZZ>>Fude-duu;k6lGgnU9VGuA47C=Q%0L(hiZXBovXviuZE2nkLJgo`^Xxi
z!cYN#u9vKm<_p^+k$L6{(L;#U>Ds%rV3>(P`(S_2<W_mUA@+Dqn{O2wXX6!li~(DV
zK2~^X*~jy{s4iKB2Vf2n(@0?KUAp%B(l*U|^HnTeuy*d$ZL-cN=$`ap&mrjtHcE%S
z_HH3X;I{m!<rF+;3vhP?xzwH9Miz^v`}bLalH;kF3}Z2y{?v^LGs`F0K`n5Ez}+?U
zZr5NSc9w<5QZ4d!Y&N-Ji5g;4mp;>BX+{W)TeWV1M>48G^v)Earix9lw7ayrF8bkR
z?L8lV0J>!pfD+aeo)l*;hc<OFn;EjFb$M<U48vYCxPLSeLl)}{qRp*{<N&KSL}bjJ
znPE`whv_8$#>~74xmF-3d1}sXX1)rAOm1i1mOyya@|`Zv%;N<X#Y6h$ZYOzyjK?5Q
zLMV+k3|JFwt!AP8?Vf=Y0i+(r(9G^LZmzZ;Q_}Q>jp3eN_iv)VhV1TAL3MGbQxfwJ
zrQ^6-xQU&=L}sThM2W+6ZBG~lvj(<ox@MP+gn4uA4+Fo0j4VgB{{@ym1i(3;*xr)V
z_lQlxyi~C#jA<eJ9>Mi<onvXae8<H7*nMz@@YapoGdQhGpX6SU%&6FVXGKHwLeK^p
z7@$<z>kz=6oyTiY?qY}$%{b|sb0ub&;d);`cHo8E6diSYMEMM3Ft$==y95%fear5%
z`>*uZq5p6L?mGD2i|YhhQe$UqLaQz?0!u<p@4YG{ooZNavm8j%L+S&P48DSAb4+vy
zn%%;Qr}hHB!?eHj+Sdlia~xs=(Fa!aeWV!;lCcYTTr4nhrJD|0oVKCa+_ScBCGZZp
zXi+g<L*FYt1=7`Z{%JX=m=&HK!cCj2@#K5ExBhGw!z#vIh%aeIeK1pQg#IoPpMT2I
zLu@O#bsnAn*5Feh#9|r}ku?)Zh<oQPF>RPWYJ}{}nF}5Xl^}1%hmKb;H;gWNvGACz
zawH`1nSI}aGjC_Rr?8m~_-Wp}Ldc!HL&qXW-e7^*!tWB|b&Wq9xsbM8_wXG}GemTC
zZUoslwj<#E=$))_WsD{hje0k?Ko26@adzH5MDDp7#1hNU*6HQ3Uz}r=cM-gO*agTl
zKw;Xp31&&0dFI(5$ga(7;ePHcx_|2ZX5!4`k+wUK4Jyq;h|ridWJ5ylXk+GwO>ytT
z+}Yx`V8<`N@gh&!Zz+I_u#OF~FNB_x_7ujstWZe&Q;z%M3&YVtF}ko|N?TD~SAJc<
zJmr9H>jX0DDM#So94m&dWY}bmm55wDm^tLqOnkV{OC(Pd5yyfI>Uq9TgIgeQZ0i{o
zDm0bDuK%fE*jt{Vuwih|>1|UZy;uz6%`_SxyY4Mt)T*^o@=EgtOuFB>{GJL-hUNth
zl#oHS6<5qNlm=mgd<k2VxJ{V?v&>D8b5V@{&0HrI#x}8#uZcoRU2HdquN)(h-0g<@
z=8Lj<m4qlqb3&G$`=XH!3rngIItatiozo7g%{;g`kt{d^|FZl(KiCS=U4gUCm}?;k
zr-r<pPo_Hu^&O<fZQVD@T^A4Z1UQL*bRE5W-}1BbvPu#5MEel*$d&mxmD<H9J*c~9
z%s!Ehc<YNX(5+={qtnZ^%djNt%HRpv<u~Se@p<=1qZvZyactqIE6W+5ca{g}$<5GK
zZh;IZ<T#pO;*&G}1|GjPK!T3J5q>?}?6^L4(Q+B>!E4QltU=G;exz^CJ~g!z*cJRo
zmL%*fJNlqfQI-j}w>5P+x)B_Ab9cTW1A<LZPnM7Gh3AHSyU2WI+iv=7y5o3_8>nwj
zvXgFkV8TkHxg_$uAl68gZl@M~BwYQb2PeJhFSDvHQM(m5rsrmam?L6E_%C{MnTcFP
zhGcZsEtQ37VSipCz3Mcqg?s4Fc#fPU3T6lWE|4iS#lLYwBYjfo0(M4X#B-9qQV?94
zoQOIJ;eQOO)stos0b4gnn>q8XyV}d%z~VVn=Gnq*OqZ_m{Qu|~*(Q*H)8@gdE2lho
z<xC0yXA9Rk8gg0g;sG`x6Lj83*=O}O2Db2ZGx>U#*?$HhS~mH?rV*+`lVKfU(N^pC
zuH4DRKRYEO_(CR8xfW54FRqy|u^D4(Ys(n)f~L8Hy$3demfA?0$EndNDX^G?+^Y(?
zTitj*-4U;iv*|HQ57=}eM7s~(=wOsmQ4t@<NDmumqV^N~_G-55j18>>_4y@IpZ5h)
zHpdWtSrrVeatZ0cpn@`{DvNA;%z@8;>nywK+86Y17JCW*Fei=~IaPwsRDso9IPzg;
zk;8pZZ(_NBvrow6yUdudqK>J@P6?R>@XZipzbuPnAwhqAFSo9Hb6I^28|!R2elp0l
zK#0rS^|J;xf|cafwFqXvYda6cCX+oM1rERA$r<&wCKw_LKn=Th^M6FPwWS$3M&KP2
zh1+F+bE-=29P{E_<sE_&EdMtsjuh9_h38RB?-~eVv%^N;L-E*(><jjTS#vF8sf94g
zS%Zp)Q}vFJycoEfB#!pQ2$7y!px%(z3<K$3x>0&S#QV}BTr~1$2_uh=Jbpdj)D^aA
z7|21J-)=E;R*!-6NsR;j7A#M2c5NB}-V^AdUpn=9X>cR3$|NM*&EX@4cK5_`<_4x%
zsdbo}gv<(*dBv3h+;k0J#5Sz`=&w73gG$&dJ2{6Z*L94U154wk3at8p#D0@uA~e%4
z;LnTY6+Z`;`WmcKyMm-qVI3TKEa$QZmGRtJP@UxvYMe?%*1^ai<o4C2z%?!1D1e@g
z1$rNL#)BZM@`yX`tl7f(P$#sH)*<#G?p#^;oRw<tZZ7)<ZMAe>ftlk_cW?PZt#P6r
z+3)H1&6WhslxT6!KLoYd&ZAMc;8Y6%u-oEU_BIo()$vKUIP@1+-!{a!MmU#7mzg<g
z1t=+G5_cl5ux-ACBu~VmtYHIFf44s07)jE4qiJAU93TLFnm;&sM902bSOWo;gv?~M
zD+~}IG`XYx(YGJsAGT3Pa^LmN<O`cmvuK`;+gSvGB8_YbUCwD_EsOT)1<XQ1m+NBm
zu#gVb*=mXDLOIf3EId)U4f?-ZMT!6*{w`=z*Sj3Ir$BrL2?%B8taq+VBwbpJ(HMJM
zCs!VJ=1H~fppuFd&8=B><vwsyg6*6+Y8PVa1*V&p#1p!>=g4Vz*QSM>lLdy{6uF$X
z0kNp-v1yixcvA~$1Uj4f$mYdP3^Q<mnuBC!BF0aM!h<b9?Z}Flcu;ULMtT5GZWEW(
zZRP}fuuvNjhce;DXH(9I(k8~!QCxfCqYH$btD;-1$gC5{bZlcUwSV>u+Ks=eQLxp4
z_g2+1R26fTZC^P7<<<^r(Nc|PODB{tLuje{93aw?A%rgnF+I3^M<530F|$M$aq-B7
zZJ^ds(;;||#MH#?JBFUy0_c07-tR^4@r)qcm<6Py=o0{*qnLM*m3)#d({>Jz&Q4vO
z9uM0gWo&0#Lnb9OT^Xpb4>M+Uu=RoF6sDJ17-D09xrU_(#%GazJE<A%S$Wj)6N@h9
z2=w>LBij}zKe{`I^r&;Tl)%H{8)(}3KfuN;)byVBw+YmfzcJr+@V1{U300@>=T4RR
zB@z%eq9=rFN$|O=TG`$R+a%|IUc+U$a1DT<88Gr(V%w&(y*WpgkAVt;?<{*~)1u-x
zJdZ{LH?TBmkEa>ii(B-Nw1=Z)1ZFliY$+e0Tf1kjN$sy<R*<T>MQY^Ek;};QhhGqv
zD#}&O(idLb0IL2JAG4nS@y)bEEzNgntWS^74b+X?N%dy_`=dJ+C-?5}1on3dJ%88+
zHc~(got4RHIWbqLT~E_V=AFkVy?~csDP9_VcdKT}(7kTM#}*v{elm6jn0KlK)(dm9
zDn8q&F@K5-1knQuUPbL7vK%%itb>(&)1hC8B-%Z%FrWEQe~&Kc4X4kVlWf+wm$PkL
z@7#`4gVh_Cd(`-Y;L{vu<4<@(4_i6^`Ur`>({?Amuz}O(#X@*h&G6cNFBi6aX>u%A
zFGm?$NmO)pfnE1n?z!YcsdnKG1}RU@i(3iz`)xyL@zMfLU(g0yfX0<?+a4ryJxn5!
z_oA9u9=IUR>82?S0~pR=>3*n|e*jMj>@6!F)G`%WY43LvC-`j%EKQS)&7TFeVI!J#
z^Dc9CnB$%tDi3<7{MlB<FiybEE~Y;WdeATKW`1;q^QlRFtZmaZceDG>V?!2j0k6$j
zqVRU2k^2(5xAk=ON9bZk_VIb|N`;7Pgrwy96ihYcF3MuwnXyay+|;tB*P*A(i-}_g
zsIGh!#^d_ZN5)Rg=d)>c*N_t<Y&%c_GGMjrJdHnw)gkK7l0<lmCEL4i>g1XtVZ_*D
zG?~I2#1=;gEb|<EI+M;)yA1={iur7uSz9+(?jTPzDEHw=oo;G|S(R#BzHJ7{O0@W{
z-3wqLCu>u%MYBx_B;_7{Gl*}C>%%mp)HYj;R9mGOU;$1t>&GDE*bSUAY~I}dvIyc<
zwkWThWOQmy>UFck+x(kIq-pOg5W^i(={3S=>tl(=-a~IxJ{t0_8#7*VR-tn69xQz`
zG{e3oXeq7{9r4((51k@<*(Zbr%%|(V_HR85eWSj)Pr|}UjEZ$$V08miy<3tNAQ06M
zEaw8B6>#8iF}IMfrvg<16Cbpl+78susst-7|BM#+20K<p9Ai_L_Om&2Ra&=MJkYLF
z1|EZLBTw>1n54@l&0YFM!^1rf-!_-?5;!$thV&FST=u^y*Y8^O+~}#r5KWDP%oz>Q
z+(Tau<_&;a(0SyZ^w@WBhg)c$@z2Y)eB(Zi0k%AAx8039uq22?kcZ`BZF`h(G!u&3
z!d@p7JjED`)<78}C41E;TZWhve(TTBOx@UyWZz*oEE6C5M-k33@sO-7b|m923jIF9
zl0FETl#Aj*WUg-;!10q)6!6RctHrRqImB)dL*gFsxy$a4oYDZneLJJPn>MFi@??vR
zYy?WEN#|NaE$WR;-~dJn!W#O$50;;`?|Nqf%P#e8Y&tJ3j!xM+LY>jXo)#Y7xUx{Z
ztvQlCUsn0Uro8`OdziJmcd4sC!*}Qw&sn>7hwh5^;$491o8HBNoZaQg5Z&0KLOda6
zZp-RO17NQo%qZ-f7-G?J&zdWj>{WfOD~4Y6?io3wb4$g4v>bUgv3bl*E`fa<vVlMu
z14%Sfa%B*?wm2Wfj9XpvhX!Z1%_Xg;7OWSHbLN2<K%~f0anVMDt_CeRH5)vMYKr+f
zlo-M3^@L!*c%lvD*wk{@!$7gfW<*(oJj2*Pje4TP94E%LZ?ah(o{H~eAvEv4n}PKN
z6<bg{-gD?gpjB?*wo;oyy%T!eDbMr*!V%+K!2%&kcaW7FTNvxi!VV?Ip~ocVuBS~l
zs~FPPEW^#10uYrlYi=`m?u`6-0`Fh%oGExcg93ttiCy+&JC%)VYE6u7bkZW*i^cYv
zMA9UiKCBfBm;-j;cXk!IUBCzEb~Yofu&0`K)=P@D@8Y)!R}|UZ-OL-RZ{MB7!Yo9_
zC}TnK*-a?DFT<U2QLv$eb2PqbGp}9$aUA&ToG8T_IlJ12r~M8Jw)%mu+hPIk?Jywb
zo3^{S^>rWiFEXuITEeb@GqiIff9G2iq!(D0hpw7^WayYew7<JkE)ryKY}qDm54Ea-
z_~|7SlT7IjnO?ys{7t8i5#DN$QQdiRSdfOLRq|28Os4QJEG$@h;j2Q)ka~_`CmvM#
z3{>dsHVirO-Lt1C>^vJ61ZX>Fnly%K4>s1o`@6e`32ok)CJtuH3;`5~z8DR<>||>&
zAN$tLk~rbEviCeRb-?DaLuzhA5c6{%qm+%@tZ5H;GAsU|xLeQ2ti1(LT+Q|`iaR91
zf)kPe!Gj04;0}YkySuw3I1KLY1PJZ~clQAjba0uV1H8$XbIv>WzJJwwx9U~(?pnRN
zd(Yn8YyH;h-aXw^nX7gsn!&F0`fmm=s6G9&;Y2P%Vke)e+=jQ!(O7>dPtOFvV=vHr
zGSnFGY*+Wt0*lJ7XMV(*pL^%xbCl&vV#Q1IzBq2qiX|(e`OHac3%0FgPcBHO)w6#4
zEsX*b<1#@xGpWmA4T9MO))f0W(RLZ_3+jvM+69s&NwqFM#DGqZB_Y22i-H%ize?&J
z;<*L9YuLFir<Iw^13fC5er7+8_#RAVG1=VcPC(Z79=KYps56F~230SZ4<nTaMvXpf
z<O(mae?;UD$##0Pvm~4%4$mXqn5;DxmCKD*{7AEeZAd%!#GIM!cJkA*VGoR_bP+~4
zf@i!IE>$}7>6r|e&>SQjh<$vluft`z8mu29JW(hBZd!K|6}+FM9v0GWVIZuK-&#)N
zabIy`t69ici!j_o5M^Du39vprCtcRJUkX0w#npkM{UlW9g;vj2ZaN{j@SXLv#)FQ?
zLm=e&BHHO8i(%*bC+NIYuWeH-zyjY(0<C8d@0jE3kGBngiF#C!WNqMBpJ}6bg5x*U
zq;g_6%k2=<>z8pBAK#xwBZ>d&9KXbEaLpn4g&>dhDKqEifUX~M$3$<bc_xX1mcg=c
z{sy8+4*UE_)=c{IMcspzpu#S#*kCiRp2NXj+{E|h6l7-Jr-7k(Q|=d^#|lC>_yw&a
zN-{&_PeuX@+!!9LsI3VrmPmeV%{%@KhftIhiv-;(o-MAutfheR;xYsubG^Qe@0rD7
z`ayVLiA5cwEk#~0=lKzMf$<#qaaaDrukWMlX`UfHB!G3lR11edS0?1(2=x8U4?TWA
zKuNO$aL~Q=nudj&E$ibUR@R|HVY<v|y-Q1%eF@ojk<jZl7uoH}2_Y%nX&fF8!kX6Y
z?w$$(`n%ZOivePRh{@Vnsz+x-Pw9<c<?U{HoRuPdl<9cvk+EqM<9RQvP{J#61yG0I
zK1ptok-XJ#Sn;tAMXjaVFK`EBe?Xx&g{_Yz>YAkOO#8T>*I;Egy{V<YN0l~~&XG=_
z1-KD1_3SGqS-$oVZqj=hd!1K;oe~9KfP#{ZPUP91d1bb>w~db57h+(meEf~OBV4Wj
zYK?Hfi(yM*RvEEf^!z;!#Zu`rO^E#Woh>2*B$loI@g50`SjkAFTD0F^MG8a{ZTO^f
zn<RE~+UO$J<)dTtS`p7P%u`NU7UZjiBI%ji9;UK#jg4$s*Zk2&G~PI$E))ja4RiDx
zoA!sSi|v%xUaMLv*?vVvVnQ6qV^+&{-Li9%D6(AoL~#2v<7=YWp0`f$@NZ_vx0y~o
z=p1Srgz=_W9z7qRVK;bvU#5EsZHbZ3ovP}XK;O%f#{!_{IUJUC*UC%vZw243nLDPR
zeNW)1sPgzRr_R0BY40ENB5y9;nUqV~rr|*@f#T!DO>)9XPW{LZd69<v{P*)6l9w)_
zg2&&?3=jm$(rCEO4rNwzc|V>T=0TXN!zF!ZiGz4H7>NPPjKV9iu6K5o9y>{MSVikR
zxUA{LR9I><;P9}qvhVYFR!<MQ{BR)g*w+*x%JW@sh@`x8RC{N-EMDSb-U^KO5*4%#
zlg&en8R(ba`DV6;k3mS8@59eEZS}=+noF^Xe2g34*F=yIFH)6kVdf{s$ahrMkZ6xY
zZN#)y{VuV8n(+%giFt*^@O-V>?h#T&8qKN`cSV$w9HPax5c7h(kLyR$npHS0t#x(~
zBBJgI3$ahZ%Z$PmI;}$29NUZ208CMW6pkX+4@+O|clnCWMSj?QwTv;uRJpVHs`lhA
zsT`zxPT(nFPJM}chS?Y1OkHq{y0gKEIOycu{07K|t$UnQ^<G%9<agbevbh0zllOGb
zWY6yJ1LXl+x5R*?h~pE3?u25N7&0#q{|3>b^D%j>2M0NSw*y?bdyUA+$Fo>Z0~hCe
zpS8(?+f&8}0Kt`IX5u80JmX^zq=NGUJs+|zWbnn=yjhi^eeYq{WK;F9f_PjJ?wV>^
zS$GZXs5yxj-j>lEm=<edR?6?R;c#vUjZEY+6;SKIzH!UbkOt>m%lFs~-?7?J#~mwi
z(dpf(3v7xHI!UE?{Y%k$ax>Bvm?2KhIr8#|5jv}fb}7m6lkT|^LXK-UHS7aBPx_u_
zuZOvG`P@%U%)i`5ls}&`pWED{AY9l{pVH*G#K=WY23@WX7@Fwad{ggbA~s^@?l(BJ
zFa>&Kt9OCPiZI7`)52R^V)W?D&y<H%<Ht^!l8kk-CP&kCBqVxyI&@OxU7R#d>F!}@
zew0+3d0K$J^ILUiQ!Wc6W&5?dtpIxAKS3_Tn2TM4NA|i&RFKDpt&c_S5|m17Rf2kp
zI<L9mibF=l<zst@`sSW>Jhu+==~UFZRK;ligHjFQr0qkI)ltEBvBkTWbEn)_D($;w
zwdj_7R~n4p7Hv6sJwiKJE{MuHYQ8G-1ZAp%O-lzYohCh<C!2wG1s<oSD-l5VU?V}d
z>*aLSPWkOz+X+$T)%oz5b+0TD<5!`?5;=veA3UyqY(2S8GNrl`1vC1abYebF1FPnw
z1|3p}i2LMXj7Q&&<z`$>e9dk?67%KD%rf*8C)xiV1TqO7{?3YYoPf`;*Gu>5mXpul
z_^z*=B4<wAp(bTd`FtS?fpD<}lii(Bo~^NWHL|-FGU4l@&`QOKs(K@sX^B{sVas_4
zcg)qq=$*wNsdr9FDfZb2K~T-#U3#GT&Jy;OzAKvpautNCC31cnIm7fGGyF%mp=;Bp
z+gACpUt^H!)s2pZdI^)qZPja|yzrNP(^rRlYX0x9bV#Xur2?`&K1RRkljo*J=+{v2
zuKSI;5Qw$?ZQ0ZH=XuVd(xbpTv6H3`Qf)lOv)9?k@(hpa`=7N|Xe2;dfvlMgnm3Nf
zQR3rx62^;FjF6Dv^PEmnkL#NPEgOpybbRxqyefo%-^0dr&_g@JsNB$oPM@|lmtQ}l
ze0tKQ(0P#^Qg5c!L{ix|D36-vSu6%D-X3`-eOq>Xp%?hH{F&wEj`@wDwVe2rgnEnQ
z^>R@|`Ta=DJ$*t2TJOOsCmrs_5_~<BmY8N6+nHi8=-y%d9N{9v<EaTsP=m;_grxg*
zd4w6UA9P<KG+~4o?`EgO;^u&Pw$3Itv}`748)B+MO}ncUfOKp!{g$FYGQ8M*(N<Pa
z#rwPPUN<{prWBoV<Ca~tW)eRtw$*h~&${icaD1hgM_rVk^@`s>kb$y`SQfH-EthBf
zh#311H7fUMp=IG;C=S-O(9@6_54Q;A1}h(E=C_q);Q3-USAPY2H1UUsj4%$ibLP`J
zO(L8A;o$);sVQPYH*EnRvm=KW&c(76x<w7jeC3KFU;lfJ7m-}rpY!sRU5r!|;no=1
z)zL&kMGL9My{?Y&NyDu}FVH;@IjiCQJxvKaw8-2tQASBFgm#7(nbMll?ZNj*A=tls
z@AJ^Gj8mA6pHe9jP|rV3MFY&t;Ufo8g_`lRjk787^QUi2NlpogG{ez|613QgcFqtB
zpN0u)-LW~W&}=rvpFb2F*-AArYoFU`j@vGCf0%s7C6N|2Vcu-j;vb4tXV*LCY|15y
zLz!U(&-wf~QcjqMZQ_ck&ah&z{DQyfK)}b@y)>*eW*j!JAAFqBCTv>Cvm+5<ltB58
zYc^vd6d_{u1BF6<l<G}VA4X&9>sKp;1bgj)2ok@}=TAeovR-Wslnj`?gbcR0iQM7Q
z3tk=vwkEBh?5}L7Esbl~GfU*Bp8k4IRyNmpa&eoXvJ-pfCg`4O+rfE|R0Dli66p&b
zkGoXzB^q0MIy*vT@UfIgg+qNjtwZefao_-u+P-!N)wNep%Ywh}VEz;wMp&km@;%?$
ztQLXibaq#;!A(YX`*J}ozYUi<%qfXA>Qa+8Xc^m5Vz?qwi~SS%1@kw;`-zY^f5%iI
zF0=?S#>31#x?KLSEDcJ~5x<w`Dh5w8FVobP<;=R#41keYa+S2U>av_ScbpkX7U5o#
zH*wN!d+)Z(fyO-CZukkO`JELN<9w3&>?&WVWVu}Yj<tJGKgyk?sNI}be|{G!sh%>b
zfk@xWI@p%mS0T0)3NdfUnxY{BY3KU&;&^ha+4sB5)89BWc4E`{7tqMUOONSwnR{n-
zUb504#0F2UGOwOCiE<;`^6hK>K2A`>nT>JTHte8$qoZUkhzc;0sM((`wew+jxXGS!
zM&t|^Yd1Lv-^e|-0zGlOkTJbeFfs(+nUSD=<<R(S&M`4Zsr~kP{MY>=EoSa&YiLDl
ze)b0ii_oamwQ!R2HivIk&i>){HJ%Q<j!I;*SNS3BMeEO?P$Me6Wj>eGR^?@-#V!}-
zV;A>=mju;x`_D4ZJnhiPYSd@aoaj=^g-njZ;Y1{2o56H@JOS-F+;Ved_+viIRL_}D
z2@W5pobhD?CWIz<yD@E4;5C0X>8J2<)xuUm4li<!H@pVNR&E^9kuGDgNlF3s8`!&F
z(~8Y3AHeH+jMX4<;fol$>}*{K8lC9($)jEtm&+U17i(lKY-Lbzpjo=7Bz42vF2EV=
z!=>c|CAX}Ef}9OXcT!O>Nz!<)aY?kZzn~aeT7OA9I<4k5tI*9akFylto#c$^)}tJ6
zee()|HLXaRu%UYsnP23M)6%If@jD`852q4=m26!_^e)#^yUoB`HFzJLHn@RkPD@iL
z&5M0@2SIo9f;B28rCIIF(`Dh!pHxRpHUmwC5o&UQ&=9Y(h;aD}gzJ}YDS;otYXOdf
zy${D=?v$=lr<rAr$$|;_+4h&v2KNG!^xFPcQa_B9gA4Mf6g+##J?$n~3QsNLpN@ku
z$O;}`XU_!ihwU)1pL4Fo)HT|X%~z*n&q<18t2Sh05>o=fn<EakjVJW=*U81=!=}-%
zOO{5Si!l`vvgOy}Xqa>h(68#WBogW^y*P5@BMaWElA+jRw=t8N%5etQxnNx{0k8Bu
z3@5(5v4RA*GK-`<u)=R!x0I?}-6!)+lVI7FZ>)6u0!LN;Vq4J^<j#XF=1iWPkMecJ
zUat^jTkgiB3nrZI7RzF!O?(l|Zn`HxRQ<ZQbHJAmaibuO^>F3Q)Q0|MRcqomGgJkE
zXLF@-B>Q|z7Y!znt#(p#-}zX*bZ5+d?hld2?6)_Gk3eRAM*S8a`8k`QPiOg<ha>&%
zj-?%5KZCInP<{CC-XBoR|C&2rJPC3v{1Vq|r%L<Li#{Lq_<?WD;PfS0Q{dZ`#ichp
z1=a1%x(~UJ3wk%qm&NiHaFywZCI#RuhGiMpI>Y0=E)(UmnxXAL_pz&JMPi&y?ECAt
zNAY@mP8Xv{ZY6rr<T~MSd9BFsGK+xy>iJ%pdXXP#@Jb*KQl;n^QS+TeD-5?yoQFr5
z{Dsvff>A411kTCHn2#?U4;1){Duru64{J5)2sJapl6p6Ur8IS4ZkmkN2`qBbj9#)}
zmYi3U5+aBNg_$vnbyPkN7Oa~|VYl;vAU?(JW2H`pXo)n<8M2>iU8T>FWjFO#1g$bA
zF0pn|XeNX3LOtvXr>)t##4i=IDfjr6iK%<$1zt>I+}I{04w&GJv4JH{Mr1t!&sR?L
zu;XsUtT2sfqJ1|)tiNAD%=^$eyo_R?=2!?5x}<y>H$<+i2qGmyuQn0(Q9teXl<{Im
z$xj;ps+B^Y{lfo@PqQm&cKbXDiF$7RNTf&6emcSCimlER(|%}5B8Z0__<^~<T~&1;
z?@F$!F)H0Cgr8oj=_AWVHr~*0|D})owwaa4SOuz1c39fW5>)RmiqI^OE8<Ik)syRq
zqy&xOrjb*G2L}-kQu`9pnCfuj<DuQP5I4NW-jOsHHE1_DteZ1)Q!m)Ci5?Lbe*0k1
za2Cp#Xr$hD+jdhL-(w~y{~m232Hm(+H7n2OeLg?%8y?wxD7n{~`n5Bl@cYUROUG1B
zovm4jv5ke6)xak>x0JfP)~J<^GW0tCNMNCdzut(&z2%TXVV(p<=lOaSszBT9@}eDj
zV)C4bD+N?8i7%v;Zi|sE(anID9qU*)_;*3&PaG?1QroSPgEf+3vii`7QwNaFrw%sQ
zf;TC{IyD)9E&Imj3qejGSKa3*qk|-N#iL8cHlX_%fwqn1g#gAYuK6<uiVyGYU;a>j
zK(UZmUY+`4lM%!JmFRe2k6@MufuU*bT*J?W2S=wgd)z|Jm^q`sZP1VARR=hpblcT8
zGEp6~Lb)AVPt|0*cfUrcOQ=!sy|PbE&s+XQ6teTt9IV~##fX(&@5FR<FKH4>-H_86
zo|4_VhXp;3=BTCC*S2_O7+w3g>EVHz+oGyJPHI|$h>5(vl24*A&A*eG952{}Y}QBH
zF>VA{Yj;X23aUKb4GDiJyX9B1dHeIMoT&2$2W%sT70LFSA~~P6S{$EE$}>4{U&3TP
zPWm4XJmTLM(U{vh!%$E~{V|t*wg<mB?!^*aEm&r(KPwTFQ~TItiy0oiZb!!&D`Gyg
z%hcGcSU=DsO-rt6_@u4(`6#cef!jdI)_5$LRp+ry%e_~7p6M{#z1FQ?u;j?0ZHpFL
z^!V#!_}db#HR3ARcfrtvV)l$w{epKl!@PLu3w!2qUP?*c->NFaDWjznl-Wh0$J5QN
z-XIfGb|RA9XzX#}VFKs+L6I-MTj^0(8}$d_R1a=v**2E!@4D}p++~eHZU~}gVx5!+
z4Y<ZvtV<%0j-_0E)T`dY-LNTf-^OO53j#S2_*FsVumbteO%V>;&5ElD3%zj3$k_D=
z%k8|Gw2Ar3IrQ~_^<M6QzF#iBPs(}cey-f?k{eaMcH7eA?S#%<4<E5T$Ggiv*~!GJ
z_M&y=C$!f#n194T&K8&U5qubCZ!M*QpiEjteGRWP-WoZi&oP!}f<fPsp03f-<@z4A
zZOdu$&0-2a$q40Q@466dcak0?_>Q3cy|Ya2A=|xqa)>@{fB(ivja@=57i4DYcQW>9
zQdr2i&e^4ZBw$GxHFQ>!Xy8nE>Q@TE!?m?^LbV8{+~*pBFeH|ka@PSnMDw*^;hmsY
zn_q9e+?ur=)TJ&`QGz`kQfY0|3>d$ivO1!mGa?k8<cTRYl$NF;s;ojY`8VM##Oz+Z
z6h>pitP&xWJ<N&-CC9VmR-bPFOn}TQ3lfaWkbT`_+Cyk`Yw7NX2^Py{R&;EMMi5MU
zm!>xS%&T*E6GSfDOmM0Wf%N?zX-V}cxoU{akUb)^!y{~XnKFbr_Fe4hZatV@pV87K
zDLb0Egw6|v_01batheWSwwprzg5Ft17w6Qjds&>Mwhy_&E6-aOG`LuZzt!{6r)XR=
z-5MT<(1Lp_z&2eI{J%Fo?J*KEq`68`F`0x<>}((fxCI~jhH0(6&)2E_$YHwn{nVuG
zr3GgtNaIc1E>Ua)-7(|0RHB0iy|%RVan7;Sk|FNjc{kZ7%$|aNr+&ydvW>@Z&e6l7
z=PFl^Vu(w@cm*7VhmlqbKL`uBC5RE%G?z{jN2i$*4mKaT{DNQQg|ys<NOSV{(s!Qg
zp(z?-5?l;0S_ET$tRW`&jy^8b#$*0c%3n*yj6A5ZR_N=mhl{Vu@mE`VZHp815fe79
z?~Xc4R|rwOo0Ax^B5~_Be^mDgHFA*z^ZXL$YC5hIg9lhEsI#(gzNc_6neTMzRKR9S
zYa&uMQo*KbrsVfySvfX+5qUr-@dkFnqRS8dx3tdpwz2EqwuDGLW>gy@FW%w)m~ehx
zHtfho8XXvFU+<>6tdlUZwBxO=`0>46ur6fZ&M+TCJ!;=wF`GYTotsU$u=b8L_j|A>
zzQ79+0Ta-U;t6%dOSz^c9yYzSQ~&$fohXuq)^8V{mq?U0_tH(_DP{E!h6G7b89Ilc
zMW$Sq31=}|o>iWPWA3zjl*omE@pCc(A2=w+%D3&wnacYZ;m@^W+uSjTi!0&Sz`~a%
z4~Fn9@;7XVrfFL4(2i%&6Cc9Kd_kO?s%8gMsGqUUPw5EZBRiKHHK&zrC$aa8->XA%
z)<y@PYsAs}d(KUEBud!y-^HPS|0SuED@peId?&i6W}y|`^_i-52Fxwib>sqDaj}7H
z!noWcim*4y{QiCIKpVPAWCRIrGh0zT6U%U`0?l<6i}|JJ2giJ}vpG(=To;=g+^ERO
z9+HUA=z8?DR`(yU&zU1na<jOQl9v44JU)*hezFSl;{wGAu5wwO+#G+|N8BfzZwe#?
z{qsYC=h7T80;^P8FUay9CdU!5UAc3h0t1PSU6}*}<DQag9pVbKwKIL(N}Ph$n>;RP
z9HkkjgoEb0ddpcX6)~qcO*Gz)RJ5#5TFet~`#;Bta`a)^D$&d|SPFjTQ=-6+Yu7d!
zVvkT(%8^~`eebF7EG5jeKz8C6;!lj_5mbIw97Z1SvShWbShGmtUdous*M&G9ALQj-
zy5JD#v6D<Q8FQpMKb-tZ!$_Y)BZfAUw4F@D<drVS1$Iui_RF(RI_7Y{V&kq~yP)E{
zRCTa&3VEabh>s-ARgCH4dQLEuWFAD!uFr)+K3C{6)v|Rvs*=r}v)VC6Bll%zG5ts&
z#?=Hm`-EDU=4xcvUx31YIFA`~MCsP1bn<2@tYvqLT(eahQu4gQ$89w29KqHvrdES>
z@q+)l^fZ-z&$`PC{jE0Iz$y}E<#EY?bItK<@{+zF5`K;kR`!gpQ+{9hy!Wlr-_9A&
z7*EE`sITmI8&aQf9$Uj*Oako$P@BFkw-|<$B)FEGZw*#x;TKW3p?$oRb}sUj>6N=o
zoT%pI>SzD4cthP@<GPGcZm8t4>Mh`AT%Pu1I$0vnQfS;<(IXzjE64Xjy4G|5L}8ZY
zqtS$|^omFPz*ZOrhV|T=OJ-I~3cET6PSeE-PNwKSwLpQy#!n{*CKKw#F2OU8U}mgc
z<Wn1@!5Cq|#^4bXG^)hb-CgO1fbD1f`XmB34`zUyFM(sPO=2F%D!OPj-oyT-Yi!*a
z{0BmRPP_9pku?{@HZN9@p3)teatfPWzB}SiS8Ac0Qd+N7-!WZRwVA*x7v4Pv;%r5B
z7OtK2RlJr&Y^XFV(`ezpD?qGkL@p2@aM7_VY~we!$bpAL&5^5TlVU}U_jdkadmuCS
zJOhljfDRm6ynDAs(Ly`)FiUo{ThWb|-)PH<#B`Vo@!pS-81!o8Q;ng?V6A5lk+y|6
zu$ou_I!362SvDJID&ExEWPy4vmWrQ0iLdy`db0@>1WD^o&MZu9St#ct{ze^!P6s^&
zfPOq6E_z$G^lNlGTg>$IiN7n(XBt29HSnV5#=g_lKT8jHt$JlUc4P1u_b?Xh+s)yV
zH*}s;XQCHBhsYXLy(_f(<(M@RcUXs!-FO`|(io(!8_bWwm20cCmfuRSNUg0aiF;;_
z2ca?L%OF1Tq-`Qjv-ilyN57*_nw-o@nPcG0ayDFZ8MHkjd|Mz6SD6056@RN`?lE1r
zpyeB4zE}*U{;{Fh*=m%N-n1n%z7>1OnB(%rGKBR&kEVpK9mjnwXhkdG?I2TSZ|)$2
z381idgZqQXmQv_--urKHd#^Meo3T>&g}*ksNTgatihy!?X+c9zZWgD5d~^DaZj9MQ
zCP<@qF*>W<65^4upFY=k$Iohoh#T91tV+L~^AOd4d(&#>8wiKn;65G4m@h}Gtd9f2
zj&oae#<TIk=2yFp5{WC%7hg<p8&=Ulk=E`^)gaI=8PsJ}Qk=xsQ=oVhu^XB6uQlgK
zD<E8!Bs|n2wx}W~#KmU94V}+|pE}0(ZMTq3XTE0eaV02X$MQBc_Sofi=X<r|6qEq}
z3)d`24;kD++%J<kmWFcD;MEiVRtu{Ewc!4-cWXn>wJB(&how*%afRT<%nHZ0mHqX^
z{%MRM_fJKYe)}$3g4CHWwSElsk>#qYcyUR;EkXbz4n(%=$1e;+Y$L_?PR=U=?>?7k
zDjNEai=_6D_o1!i1kvmxGunv}e7&iLeoEaW@+mQITmI~Z52a`4y=haCe*2<cYtipq
ztPNgXy>4=|XHiQ36+vwY=g)1li(gXl5dP6>t9Byv4wCe6dl3rWLSuAdkWMJZ@4@#-
zs>uc9nkc3N<5c>@v9;L`&Wc?PAi6`4)O?u0#3bKi$K4gGapIzvX*zMnULJAX#W6rT
z!;QtnZCcV8`(<yeohy~JjApGshqC1SVnDwMur+2+^P7gql0aGF@i#yB&D!5Xk~;w>
zKC(3=-U{F+Q_Qv1`+c#1*KBQqcWd~l29dlgHz!>eO~_am_FG7G1fO^)UkX>Puyq!X
zGB^`i<w3tA>StTx1jGL7YH6!}{+r(%ogb7AJzl37vAZDSp7drZi4yu4l59(`-x*dM
z4K>SHay5+lbXg(Jw%{~a`0Rp%gYBgwN@{;`o1$te%8@hHQ);=9K+LJ`7+LR{>4Z}i
ztzc!;`mO`Pq(|NxI*ioIOGr4oLa6&m=c^lp1X*C`*o~4Ol)*{<DZpGon^nzcw5m+U
zio#aU*P-<tyNt+d;gmz$I$9TtIe!%eVGphmwr0pVu$A`yD#bW-Y5%j~J5z%@x|Awg
zsqsrZ^NEJGUP6m;O!G>u2e)6`-=)%MU&eBc`BGR~Ucaq$GTNsnp_=kF2@h}g-F&_2
zg{3%f5z(p(*d2AD<TuKUxynO@x;y=<T9h22r@nnKCuxe65YFko?)NJ;Vxdu0(Mzz2
zdk^n~uNgX6|FH7-D{@Heg-OQ!e4CGj>|E!%sz_ogPpEl<k{i-SlAePoBE$5ct=<AT
z;KJt$#5N#&qrJf^#vOz<(2rfxX<?i0-&_*mexvg$^4i{;n`~9^W`L&)1-pR8JPNPv
z{;6-2K?4&p*U>&0$>Xihkk5D*I}@A>JyXN(yu$nDO&YHc>$cPJERj>`nI&+q@ow0l
zHwk)5lw^=b`_1+^ys-{`_wEcdqf?HBK2eTwqJopg@qq=&6E%T!;ez8*2?1M~ZC$yl
z>Gjj@7zNIP*2MQ^S&W?6?U}_)nnIt=kJSwKb)L|)1RNn4JT<hE)|#;(r)wSFhwnVi
z6N1lO_2rhz?X>z?d>&Bpv*y@*ho%S$(!2Dqx)uFcl%)baZ}kBG6u+KgpCjF|p|?gn
z=&I_KH80j2xFsSNdbk8LiN+yhml8P`NISRtHK6kLw;ygrPQI!3%Z{(#QiMKwyXq9R
zx0MB{5)H0*TawP><7(m6&#ncQY!uMEDWZ|EL4ABs2l-*GMK!cX;xg6ucKJ<X_#H6~
zI?wV>L64*5?M^xf@EEaemL5LNIDTKg2VlH7bAME#M#^+rSfdHZ&GfUi{|Ve$LYs-l
zvy}uLan^HzT1{{sdp={MY<)6F;X5Br`t_+`xLo?cPS}BZjQHTzl6O99$am@U<i1Uj
zcMj_jUQ%UhngpLp!5f-!)x;0$V)(nUb}MA5K3+z<f<$(~rqnN*IaVEuj85eByiM<G
zB0+R7l{sXuxlamB&I}cqh>B1*_9?v!;U#S)Uj(lk57q}gc%yvml}V0|K(S?d!}I?5
zG{IERNog-Uks6C>d)S@Zl1h9^!@o|J@hd2XQZLCLvmnv^)IK-kslTPy(cJ;x*d+o<
zYn{QhS`<LiFXx_fkth&vR%JCN6WhsZb6f9aT}q?!h0Df0IlKq%!{9MyNwlE0Qan(|
zNv0}0!uidiuwh9Rh2;C(54}DOw<(jijAP^{cUX2OqVZFE2g-{ic+|laJ1#is6*v9t
zBnDbI9n#AXhqq}qtmEr)grRx8S}BRQ&Z#Sc-*{9%2~4kjH#$w{>k?mlwqozX`S$r~
zzq<YVJIRdB-4`J2no;t`X~bEQn4iP!BJ54*eHv*d9}gs2%RD9)OIizjyinshyW@uP
zS{?zXRq(gpxwU7N&n{jF3QZ&r912m!5UvbeE{-<xIl7~j-2&KZmT~*Wp2P;+WwoU<
z?P(A@xUKuuPx7q+T-vRc*L{#FCieWceXpyT*sNkctXH5KKpW=B2bLO9z6phTn;D`h
zrTc~+lC;eUuxV_M8T>1MHv*pvQhx2Gej3v$X5Rg#lR`1vI$^^(FSrqZRyzoS4v>Qx
zx)Wk(5x=!a?%f1C(1^J1b7jL`kylILSM)Xkt5Yn@xO2rJ%lQ~-$1_qQ1w&cu-k6no
zuYJZ4II#Qjqp68A7yETh!*r#Y$j37Tx2BhGkaD&6BC$!m2d)GqHjcI3?UY}rHjWq*
zFL>mU?W4B@fO|;20}m+}*WZ0!kd03n@<_|qEY&-T=g|xo>1RCc!L3)b#mPd&tw}XU
z@sFeQ*mM5)v1@sq%H$HhDH%#ytxa}1naIAt1vTf`CV9&|^OFe+VeYkEie`wNr$kfj
zO!tJ?5{9$n-aQCqGE>j<WW_+6qj?hJ<20k|xY1F-)N;8L>Nk!k6yd`4mxvMd>@9E1
z^Xv@*JBQHqUfnbTwouDTNI5m8T;X3z6L1gGZ1=NY4-&5{xum*~txD+-mB-8#_FI<L
zDI*Iu=8YfMq_@tLvGCUd++S}KK7TvV?MD1n(>H&%x|k#Hh{e-@Hon@jHL;kqRk|`4
z`HfnQ={<w{@EAF<p-LNMqd!-~gxY&_lKESM(n>b=xj3_>=V#(K#-zbn@lGp25%=(!
z?00k@IQMWlGbNeI%wk;7-1o4L`?O}lCoIFo9l6?C2@P{peyQO3S~A-egwwyfQgX)n
zrr!LCAm*xb`RAwyBnf9^GKaA3;`KY9WL<&tnS*fUC~Vt`qr8(-02L{c5bR%V8}m)7
zd^&<$)L&LlgyGp8F+@Jgf=5fP(TP#$(^o}3X@-BlF@5tBuE99;YK9FAb!8SQn2(HW
zeXCwAnZhj^H0@(CG3Vmf_c}*IW7_L8TU-4#WU_H@-bP}#K&Y7;zTIqa=Q?%#H;Ytt
zU(~zQhu6H#r>Ec&^{?qe%LnG4TLmeu$kE9j&t)Ad59lqss(raKBi?JrD1Ik{!z6m%
zglZu|<qkBre>Q|^%Cq+`x!OH<Ki59*PhC7eUKo_?s@};^16}CvGGv})s7n*4%G*m$
z8QjYGN*4o)7fTm&RRiQ7H4aq+6z&*yAuF>t&hndM8u$7zLSYjuxCxfnlr7oL>hf5E
zbUw&zwnIAkO3z%o&#Fsd%$p@hcGtn2$Gz0+JxDgQ4Xn&eIoPK#?)Ci*wO_a1+|8QC
zy}#_H!#?CuVsn!jtXl)t?V4>Za^WduU-+rZM!xTQS_5A9D|Shp1o32-<LocaIVtQv
zWlTcEb0;BndULHao3LvL^YI~Zve|}rvupM)WwP0YckV^5Ln<UYGjJ`CBuGajLu56G
zR8%`SGk7hSBt%CnBV<jCBvdCfGjuhSG)yNfBWx{<G+ZY<BYaJQBtj=5Gh!`*BvQLf
z<&l1&)}O`oTq9k`ocZ8u>?HVLEEea!qO{f<7KL<KL(~duNywoKVM6*U#kn<*x!(^l
zIQK^}&))4tb5qX6zrJGdP6AAy(pvLaczH_;S@?Jl7_2GjVM%Y^i0-1Z+e!%oPQf^w
zr^7x<aD)S-mXsV4LHhjDT^c}DF*TJ~#-&SKfvFK@ElO~=LR~R9wP=6`OZ5@tdn<AJ
zUq{hjB-KntRfuxlt>7+%REjj-dbQJ33{UA4SVQ${z-O1hCuZ=OvqAu@i#%?CPp7k+
zAf881Kymj2#3Mi<pxNfW-LJS?=f3@KGd^|c&22W<LT;EI{rE})#yB5!x@NnnA9W5)
zN~Y4ghF!Dfx<Q<eYktK6?GOhKh3D%fh{H4R>13|^k>^pibXMym<H^ndyqWT32e}Y^
z?kWm!Sc06LFg*ImKF>}mzkBj&FA{4l5xbL#NW|IA!hs}3B!WMcih0OKoHCHNxgJb{
zg(o~L{dgfuu6Y4-LQ`Pjr5)EihE+~-l58MOjG+F(W~wXGk}Hz|SbMfHYYynYr~OA%
zPHMobe#JJaH6R{6u$msYx#o`))<CfRW=a|SiYi^&W*cKBi&f_u|Gp^>)DUV4v4q-Q
zIznA9J)yqPKu9Pw@-iA4k9xn0D8wMdD8MAdEW{%4QHWKDO^989L#UCTOTeSp8c-o2
zfd98&Rf{nI6~Y3puG0oq)3av_Vv4AK1N(Dej%n}>{iD7B2k&hqW<W=gYO#p6Rs5pp
zQ2LkgO|vI97ZHOwrD_g<jU=qRSmP{=mSPAff}J>T+?K*pOg|km;{yEL-Pc^&el-DZ
zYLs<V?V<(MtGLYCfomEST@BjoCZg;|Z;DE-%V*gy-p$~3&ixZ!|3}^qv^Kz68-E1O
zKgGj4#Usak<Br{LN6{Cx4c<WUYRYFD^I)r%8Jb}2SlB)L9^zjZ@-&(>{cw_4<_&1S
zNi4HJn_t!ys-RekrI&Q`Im2Bz&Tiv|C5GI5N*xZq3M%iyits2;lo<nRZ&J$Cb?GYb
z)S|2*{;~kd8k~ha%^I*~*KA#p2~X*}g*~Z8o)ozu9`be@UUviVa<Perf@H-+g0+jS
z0Ic_l{@jop{0<a+8b6m%<KQZoofG@Fvmxp=;A-FE=ERLrp3a%LE+FhKoo-8zMZe-^
z=1#YLh(!0zqBrj(xVpQ9`@TTY0m5o9N2-?vyH;T}XTY%QABc#BmO-l^-!9{!$(L!+
zENC922wHYob@>hY{jvqx0queGLx-W`&}qm#bQ!u1-Gb~u4=#@(=R$Y;<#Iych=AD_
z&;0H%6;OPV{-eT{V4llV2zkH&cis`Zfe0-}*Oz}3nFS0H7yI=!yk8@KTTXoMj4dF&
zHLupn(08Wi_V6IDwv3<*`YRFhKBIe=1<d#K#X;hx;9?|BiuyGKSzaHK_j`Fp#9*eA
zL5LYxPI1Q`u%qaTvl)IWN>D`mQ${trydJQ`oLyF;t6W2?mSiKnIsMv?cSf@9W2vfO
z>C|b4V0$fOrFiNzOAuT?^#?L@A^D2AkSQoo(B*!7A5y71S9=Nc2SO^Rhvc3oVeeCW
zn&Ize0M<zLhc)Nd)0@iQf0$1h{xh%r?!_s=eOdl9W+xf`oV=Wm)_>L70EQfH4>H~M
z;H48-uIHm$dlBVshJSJ`q!31A`A_RWMF{ScVX6r!Y%ie%Y242gQ^K$(?+ert*5i=E
z?h;BEj{8sld2mWsEm)Zt1$iM7zmDl{7Vr@4*Vemc<8<zw_(~}O36#yU_XE|v6Cx+Q
z*q2|euVh!lNF}txGs9tv3Sfv$8loMN8L}4g52}Z(hLC>NhN1f!4BfTEGR0TJNJ>=v
z=od<#=v}kQhoP)6?NfSDlre8WP7Wcs5%5<1{rdT9+d4~EEVB(%lJ|BUGoZ+zFq>te
z_^EA1Bw!at?H20JN#4m&Qu`&l+~-;QCc~uA&vgkh<5wKV?B}`<5$S%O`6Gp}_j&=7
zLP|&i^Ef!<kJ+0!n1@~4VNZV2l(1H7fz{BtZ^@oRRr?ik*aO_sR^n`-P<d4o1qeIp
z1Lm(fy0xI_B3B@41lx!#Y<WA1x6l9xYA~0A7(^Pktfd6X-ga9iKNT3=AI;A=DRg_r
ztBfG~i6HLu8_aq@34T+PeCt+7$LWghvi7C>$2QHLDcyWhzWD??$m@2#`83m#uMN%9
zhJJE`_411x7Jo;*vYp_rJ%>Bl``GRRWeK-Cr%~7Q0bc@gDEN<Avh0D`nk;)5#(7OE
zaWbc#e*NOwIz6S5&Yb!rgA9Wd*iQeZ_w;ib=`h<kqY=YW5YpXtF4=Y#^W<F^$IW|C
z%l*U<6NCBN=N{}0KKN8B)2+cGKn|gsL!UolfmQl)tpV}*J^L4qPNg1m{cH9A{9Nnv
z+?k(}NdPQl@xt0RBr{!x`2h3KlJ+UFYrB@sPrUOa8N4-iP&t@7+iReA`|c6Pjo<nx
zZVqOJ89eyyk4`gMTH8M>GGZ&7$O}!`DHuSaNV76{Y3(hoEv)xaS`u1g%A?A|%7YxD
zGE;SK+@))GGxWzayqUl-)50(jRLe1~|HsAAFVF3qo$7ANiFNTV{)1JWvqKWJ)0=ZP
zfBl)xjT-RpYoNXZ__w=4EhMuRCa<Nsb3(fekE*jmyID{9o6rdVtK2`fF5rOs8I~;l
zqhvz=*r$L4lR~_MGuRP<lq`@l+53HW`Dd8)3pGQgPX1QSNuo^7O{M_ms!^!tq)=+)
zXygDX|4^y9sT66sX_V=?=@c2c+7y|&nUq<%Srpkhu;<mdzq{9lwJKXc>fP8lvfqR%
z@1t)qWlb$KLFmHZF3$D5^pA0p>DB^sA07SEW>(f0-i5i{GgF%w<QDY*sVEcxW3q;}
zDpT7-sr`lwX13a3ZcD670Tao|beBxQBeBDjr-wu)`$pykPBfR{_p5@KrPq&FSzY!^
z5ExDvG(+6}wv=*Ad0%s4S(~m-4dVi^(z{ThZ=rbA*{r+<u%MG$Rsc|}*sG?l*oo0T
zT4V;hx0kG)Fo5jA?tG=Bk9#NXtqt6Qzn3^zz;(KFiS!>kvghs#i_lLFY3{NJspY|S
z`^~Z>z79*@52mb^O4Zs+=mZW*+DoJ(NMq5y;jB{2TUNFd-P>v3A7z=(r(ZvER@*Oe
zJg$`LwU#_DFkAVx6+Z)~tTv0arf$+YH)e~vONf7`rV7SrYtI4LSa`4<tfcHdGVXH}
zr|8Y`OK4PEd6VQguU-*Gba{_ITM$J*;|F{Z8p!>ncu{(*3Z;AcKTSRhz0SIJEDHG=
z=Xy*}UJJ;Yt>Y^)xlurUe0-!O*euUu--I#C^HjlckmfT8x8SY2D;4NelGoiK!$D+e
znmRr9-D{Ouf>!5?QR-ZA;P9F5xs`6*IKhZ+(zx1)Zt6I2#1|vC_xFg(@Z%kgZ$Jg0
zMBA(j-XK6`NJnxg0h3OstV*}TdBlRe%yU0jvG5D1CCq;PGq-&qDfes)>_CzWI^RJL
zK{1S0q0P{<=a4Vl^tUL!0tPv)pJd9Px4*goFV&uCX<d-7+LN7|=3(byHO#ZgayHDf
z%ZfK-eb|@QYe=~daTdE1sd3yRv1m<SKT3{mE!`dtOQr;<GwZkRG~fU_TzX5D<y{mB
zCLZ|=L>I;d7T9jie6e%;EPVIbi{c-y<ZqvZ$~+5$9eS2>--ksg{L*$RE>qB@u6d;v
zdH7@D=c=Pw3$rdk4Z23?lT^UA_IYn}Atu-z5X3z}USLxeRIX*e&dhC<mic`=CUcL*
z&LwHE)#+%x#mjzHklQLR^ZT@X#sQ6;Ym!8pGy|w5-F{tx+p3JTd0sx_kjBn!d$7&P
z2Gr7Ozpl@1|BbYHIi`*BMiA^fd((0xJ(UzY^cdTo4dDg5&h8hDNyjDO&_2erliqNF
zZMFWk+Z1rS?E?GuKIy#$Ie6>WJMwbuR^-;lvfpJVExRqCmW7symVuVemd3K`vf`F(
z@BehO%9^7(k)Dgp&{XW7j`mm5YW3VroZ?lwm_*K%_<g$r{*_evRWXNI(5vlFqG4P0
zHu}sr9N#&h3w`q$mB0aTj(zLh#qZ*jtnxhcdY^u`5~`@Mhq32Dw`*H&k|JYXZkA$g
zUT%@{#hgcZGO5j+={M?b_+^Oh&vDL4XZF_Doq=+H<fQzuyh}i%d4Kg9u#$7Q>Z0aT
zV>Lx^(wZZn(Xg+5tve!kMdyps4Pp#i&vod#Db<j3J7V7qtSx1hK};E{#L^(H=GQc<
z8dcg&7)4YYEXPtME@qQ5iynOmd^L)gJXDG`rT@3F6ti<tY2sulQs$qvd7Ivm>-rX%
zRJwMkhy(~0nfR23JSj9<0n#PhtN=g>PAfoyL_kruG7|}<FJD`{{mnb_wM-g;Sx(5F
z6~)7j*RkqeonrcspclnM^4~<xe<xr$X8+0gTkKzTV8#CCB<<HJ{;dPc`B%b9_xxMD
zGF3?MP$(8U@hko}p8Ug(@iT8iL<WPgkcrXRUV4(9e~ed-Fa9gMx;!<cf7)UUlU$Oy
zs0dSb_ZLuB@GHIgM(fsGi*Xo(`u`o>;tPf_sQ*jq0d=AT48Dk6Ic=7Oe{^P^r@Ro<
zQVMFR1eMi-${Ii|&7hWcP)j$c<p-!`2-GqLYMBC&z%<8k-{D^>e+ZqwvyXwP&fM(U
z!6#=b>T1}YE#m}Zx^;2{WB;Q5N&Y*EQT)m7srT>d+Uw=UtuW#B_O22ABM9KA1GSCY
ze*%p75B-<(pBUrMBYY*G+j;WEgDoo}>KxViNqYX9Rytg8ws%01S0%eeM)zIC%Y}%_
zAB{gp9rar1b@6J@7D6g|8$bA-pB#v`f#O_?Huo8A+xASsL$GFp=GFg$a&CFQvM~i?
z4ym@prXzY@^im=S69s)ldWF^Z=Ce{{&&xq7tj|PImNFa$Q>hlru_}kpx4(3YeSyy-
zBf7m%=He_Sw{evb#>R1#3C7>!Dl?3<qh2aYRmD$v>q`Fd3|Xy%TJ|(I1v;-(UX>MS
ziuZoWBM4*oqJi`c%~*N3AWdB4YXM;x(-$557BuHq2L;RGJzoo6hp_}3AoZXHze0OQ
zBq1D~M-;{yZh|%ZA(8ciiKawvbOCV)d$<MGG*JPolu6p4a7+P77-zT*{xVTLt7YM`
zL~l$1X&Cnx2mGy%eXk-5i6lj0^T@(@zPKPApv@|m6>3WM#uku=@qO{YKS%rZYPc{>
zQaG-FB1|CI2k92=^3}n+WyzknqRXoh6_fIhOBxjnjk}}Hdc_qgs^w+#sugsN$ugI8
zzTxvq|3)Mq#7;PaDVC^A)w~3wcZiZ-VzDTQ1yurz&_>=Q8ofu94o}3QAy#0^E0U7V
zPc))NmJLtAVy4qq=_!horb;rVL6(osK;ojaSJ`?$ES;ZZObf3VoP#e&=dS`+j3z^s
zZ2SQkwg44Lf-V;KO|g_rezGAQylQX>k^*`Tt}yk^i$9uh)Ou39TMTMlXq_k?DDEt7
zEUqptF3v87efMe&EB5pGm;9*3t^v^KZoS*Grc-*D26Ql5keujtRK}_EWR+6;m<RMQ
zI`F;dAS%bjTe8!sJuCwT2tD{gbVztuG;idT(t1Aj8X@!}MbY82GnyO9&7}3R{xHE9
z#!n!A&n{=4H?EZ4%l5+zWgI`9j)UE{WNUmny_bE!0%ICKpYF42bjh0-<%}MV0V|Ao
zq;fidY88#4{B%Yi=YS2yGJYMMsp@!1p1e|K57&Sl0&IT;I#;}7nl1V1%pUGu2ZSx6
zUi45^tkO3MN?CoM2AmLfkVfc|RT)bS6=t&fcm`ZB4v=Qhi&W)k^Awb``*?fZ5RQ>n
z(7)r^(rzi-s>SL`NiWSkslUlF<VW#}zC_wXpTx_fl~T;hF%*FJiM}Q}Mc**#p^a30
zLun$2;un3Nd=*x^pEGdvU0CRcKgtvSBQca6S_-H1Do;fCM<5CUHZlno2bra?QbL}n
z$d6zQ6l`n~G5~*Bpwg>+QPF`=3=Cod3`T%%S&veDzNpwhI06nbIXyqXw+v4CRe|W|
zfk+HoWNHjKK-LFg<%9xJn1Ub>A~Rv=;&*%qOn6l&EHMy`L4wRlZwpxe(4!n*C@MJ+
zi$OskK<^8HmcgmKEE1L)h(~x!AWk2RPev!K5?>@N-J6I&LoAPx1>i3aRC!q}Dl?Fb
zK##0OUj@)D?@>u87L^@H!C*#)^)tYi4o>w|iKtv}8Uh=#8OAt%7M*ZXLW!{aKn4aE
zvK{?8po1<@^<}B3!ax=VFM%8VF<`yCM>W1wSaBc+L6E?Y9*Pg8g9E%Q6ISZYLl7kn
z!@yD_s}Kgnmx(G56d*_-$Iz3h@mB-_UX_cg3>0C=AOkTN)pY55014%ys=ct|8IZFv
z_z8UJ;naw#{^=hVzv4C(n18#ZRzc4R{30VzoS`CH{(dQ;@&hO1za1~KC3($8m<!<8
z@{bF!P&0cWgZy|GZ~g!7?NxwuDnM$Q+q`Y>=bUy#W!m0q{Np*5;okj0!lQ)Nx9K*C
zt@P<fiLGquF!XK_{FmdQ2pk1ej&pAvDVA^W^1>eWPQ>gV+jAs5!1vmhL@heV!faiO
z*j-&B8z^EyJ+6iBtS*rSgtIW~&?2^17tI9rm{V72p<AnqW&i`tsk5|*&DBNH)r8H>
zqP38X)kV^P@aAT|TFCn9BB^RUW(2lc$lB^6DQbacX1cJ`h}A`aKoK(nIW1%rb%|sk
zyqOul7O{f5L=v#qbVA^dHT>UT-FkG)Vt1h7a#qXhXH|!-x;6&`Q#$bVxXhT@?m+#e
zik4M=)pt2{?e`2!37qUKMgh3SqP$Ty1Hb}aCt!;NY#Q~2Mug1|;LkQkwH6xPSNHE8
zV{Cd+H)ENL)|8PCZfZrthW(;5!l;Z0K5HVsR38jc+cG5J&?LrE9}HH@GbDJgiHxS+
z8>D7vNPw@2jHEso2&6J3K++_JQ|}E>+cGeNXb?ly2K|Bg24*`N#J3BiZbGMivv);j
zPD@ESwB&IQ<Q{xrw^?w}lyqtm1ueP4J*fxxsom^K{a>#vmtn|l`;RTm&*cAO3oGWs
z*Mryn=e_6M*PYkx*R9vh*NxZp*R|)>=T+7f1pe*Vs9BTlwHDbZl>588!nOvx3>h6A
zU`X{{4Eo~1e9KXR8qzeHR?TKw8NE!8*d*gwjjLN3y+|L_II3CA2B-|3r-yHp`BaT7
zR~b4>AM{;@sG99_W$<(b-1pJjDh&S0;7R(BhSB9J435g+@d~&G`j#pT#>(K)iop8O
zv?{jumBGXGi1qZIRTyNI(S!6Mb)%Y9Z1|PY{q%@+s}_G`OZr6dw;7r`agZ8<A@E$o
z>{gA~PYuNYSf^ojphoPahN2I2)SzBgBX(0m&;zn+m<_9;JE<Y)0?*Z{Th!3)7IGvR
z8{o-X;}dylU#JsTvH`q`E`@<k^gjR+<yb1jg>0YALNDQVFX(<Wq>7$SasPZ!-QN$Q
z!xHy>lqOP(b9KB(u>QBFxViz(>sGb1>{hpGR=28Ew<=Y)%2g+QOn8!LwEVY&0a(ja
zY5nUfnhXPwS=Hd>fEOwREdXRDH56H3oeDu20GUn=UPjGPg&+-pOsxhl4P;d@iv%E3
zsi8=zohuV~0*J}gP$YqM%4U`TVq!HEiQh?s$S*L73D`b($_>ZIzv@K{9ty!iCB|kW
zGG!cAicffh7&HX`0+AT`e;plow{=Yaqut*Cf3@3q_m6h}w{HmZ68~tovG~6{Wda63
zUEd$=9`td8;lg3o{0z}5K!OVxC{L}cO1ub=-~@`uo5`sX&jKVkfbjCv{Ho}a010+r
zkDM8!D)A^llnodtM@?p;tLrPk)EV>7XmV7Rz~okixD$ZD0{kXxcA!Gs3P527I?0+X
zs}MH=P?&%pWvPc%i0c3djKB*SvlbQfY5)QQ@S6;EnF@M20D*p#&mHzS-fz8uSjzP8
zl4anEaRtk<6zL0-Mz@OCxXQ8Q>E9)d_7veVmm|s27beQ&6|vEjV@cCfCCUUA;Zm?N
zb96nu51o|cZMl^K9`>vKB2f-26VxTI!PW>r>Qnof;V5240l=;i{~6*S`Fi%mA2z8m
zB{%CjA)Pk(j~w9W6>kGE?ysoG+dOy=&d!9&Z(*=~=U@Cw4mn!}He&EA?Y{UsN)(#S
z_fh@g(iYA<@<*={YleYeHJI-hD?a<fM#S6RrZrM~8KyNddu^sQa(k+`ST%|%|B}99
zwgvht*tkxWcm01xSNNfz{|<0NL9hVh{Ehz-f0_Rs!w-qT{Ryy={~`WE|K<EA{(Jxb
zXW_s6zcJO#{{$FxEMlnoVK^OV<eu2P=eVwU1P8*H(?LtQh)hDL`hGYaw`7(lJkzr-
zdBA;P%qc4NF#iBt9KZh~u<cu&`UAHA^&bDfywFbxP@GS$t035C{ddv6^w75d5J<s0
z+m#pWGP_$eBps3TGzg0E$#iY{*Kl-y)CmNew|JCJeii!%CUE{gVlH`^on~TC4Nvh8
zi~ni1#QWpcr~eKww?4rFjPp1COTg&=Ex`C_|AhZ0V8<7Me3~J`?n^h`bT6o=bops+
zFmFYT5yI1Z;+>46o$@M+z$$8$I?B@i&OMVhQ}=!WI@=eQ%XP0qKiQ1fSo<8StDQ9{
zo)kXb9l?_&^|BKGuMvDKx}zM*5Yi`_5EHgfG(D{UFak{w$ndt(1RG%A-OKJ74F0gC
zx6+XQ6#iEp+@Cr<tmtG(|H}M_5oCh<iRNF?{dAqR=KaFSp?$FysM21I7bxMD+a?bx
zwpY0+)0roi37O5cpNb2a+J8B@v|GvwmR(i3Ig^{an|~Y4k?l}jk{4IXk<G&7S7Xaz
zAy3jkBd?VdUM0=G=z1vTSHh@3IAm2A%V5Rp1Fd|wTDaNq6bm0a@_)7W9Y9en+uEcV
z(hyWKL(VxT$sjrBAUS7H6cEWtB}vW-$dEyhAW2CoAUR4#I7kLX2?{ds&kTro?tSOo
z<E^^&*Q;AK)q7X(-g~cJ-|Ftw-QSu$p9VUuk<F>3f3wETrCbi!-r<=ck3CfC=^QW)
z+qUN2JoxH~XRtn^38DB)k=J9}p=S@!WNF;|(1E-;zAv|-<T2W@q~>t#v9?uDRI4@p
z^SB8aE9?gx@RN2rF=?wPL=_FJqAp(-4uUp5DTHgar#K3DL4ki#EJB5F?ZQw%>ZJEj
zMY)jhXB%sT<juWM2EpryP&fjvGe{5!BFZB!o@0jq5Rt4o5BXjO?_F6l!2CTC&`)*;
zb)vY3Az6wKqLbpj&`?y-klv&r<fXZ^l*`{`WqBh@aJ@c((O>dpIeve1!~FQpW$?W}
zG6(OA39!7t5GxRi#@l#xR4EC<M?;Zz!N<1>Pooh=yH6eeZT$Ykz<&Dnt>}|C%LiK%
zM=eL(nEhM|l3QSVCK1t|Nyq+vSXgK^)vjm%?N}1?Ra9s=y;$Ps%~yUYu?f1Wu<^#?
zjWOoaFar=#6hqf#JItCe;}DL8l%S|3tHv<X=+r@#?Kc5D7VIQfIwE+i%F--)m(s9#
zY0{&3Q*BZBa?_*uU<(9;CQlj^J=2$E)QT7lJsTJ;Jl`%qQJY}&xYCF@7v_#4jM4cT
za}n)kS(b&maOdE&TOn61AGNAGFx6j~!`wC$W7J6NT*cf&ySqvGs`CqvzYEo3=SdC`
zo~SjGYP0(IWCDA`RXzLlYmW*?Zl$OvDEPFKUj62WyWp2VSGRar_tLMBrO@%#<Z8Rt
z>gpduOL<7z7;Ch{wh(Nk)C5jOQ}xCi0&Of-Q++IUQ{%>Z0y8Y`@U#$B%L1t@PQ01z
zYRF7IEUN@wypPKY=XJiZAQ6UO$%N;kXz3@B62|gEWVEGOu6L(Z74)*)?aukq(!5VE
z>?B$1y=3ZLqTXkEV|;qdtK8Iad{VEVLw8~iDvS_~K|u}5)&9(UI-kRn?FHd{Regww
zC1+mGI+j;>6N(v4MUKG)+qSKLy7>YZDmxkxT6J4AH(M{L`W1*rg`L^UXtUkWVe^lP
zrDsS+_cv)LZL6?tQ@c4+OgWn@h<LFxOa-yCOs_Wi5J_O?gb#)|Sk_39Df5lA!=lGk
zIEsk$`QDY)&Kvu1v=UiiSA|caxawz461nls$iP0YGu`J?J=ZJry)Q`CgVBV96W{&~
zV6pv1L>2>a5_S(@S;n)iVcR6A{|Vn(`z?9XB2Gj5aZ<08M~?Q>q~6B{xY=k5TjPGt
ze@yyN<1MA%@p_zVzn1R%{PDAU`}2=qqJLwTNW|L-mKY^I`9k}>!RY9bAe8gF={Ibs
z=~2@WF%k&b4DAKThh|%Q{!MF7Ffp2Jh;&;|NN}4<C^7o0P~>)e%Q$XT66R~+c9!+r
z77nC9oL3PYxwlEgKvY0{+56J3xvi*&l=-i`dJtiy$W!FNMi%w%NrM9yS@iuO8xS9m
zth~d*x*o=11c%02cD7ot@_Zu+07)6gG1`y}-v`M7>9!PQhZFc2T$QXZt7RlEyhX~F
zBZYu;$ddJKD|t;wD?vs;j#nwcDjUNuK;~p=G`-XXF^)FI>2?K=935!Ybok0hCu#&k
zGZ)lCNB#iaj1WP6l-qA%U(Yx1cqikrrN$!PF6mK?B#tKbC|a#_j3$9oM1(BrlN1L{
zes-s5<Gi+^ZHFNKYh?5|i9qFY?P`7#r?d#w(1Pd1H=G`26z&%XuLnx+!}`jAFSi@}
zQ*7Rj6<^h1S{Hj%P<<=mgJNXA$Bpd+aQlIB?95TcR8`AicDt|BCHX0;(}AEy(#-hq
zsFu|RAbxO_KoB5ag12Y%&YnGXM4rN6_;~fRyNBb$=e_Wb(W}>8hVDyJLYg@mCEdgH
zYj(WpO16xt={9zh3z%QhDf}evc{C?vB#-qXZ&o;-_&SJV#>#$%ci<TWW@wZ;R;`|$
zk3=_Tv{rDhdZ&95i+I0oz|In#n^{=qbp6=A%<25`$ug(o$B<=C`;Xk7b-dnmo}Fn;
z4;rqgiMGysUUD=0_-@I~<m2-tH{*{fOKyfA>u=smZqjQA?Vc@|QR}AA`WSSxGf^~a
zX6OSh<JW_{J$hl>H$u6W?l@`tT=G#(|8h8U=g!9$SG{4x+KN6?u0GR>-bcjCPsf+~
zdv31iHEhT=YzQ=LFf?osHVho?xMi;gzE{JGCsbl#(x#<jfcPoib5V>iQ4CjAyhgRo
zS7ib3jfEL<K1m*Nb>HaJB~q-v9@ZpXzt}blo+)pm0DUy{5CV9scnG0+i+Tv5db4>5
zp?HJpWm{)aW{~IIPPUfc#~yoa*IBnv9By^FqX&FXeM(g~kUHS~uyiGJC93n~;?%*r
zgW-ezgYJWlgZ6{w8?*JU%`Vl5fsaY#<|5L*!AYsV21mPMlanH#IJ=~9N=sy2eyoU;
zFwaa^rB*w?Xyo3T8&gG#%2Rse#|=_j#f~S(gRoKRmr+A%I(E{l>p9(Xips4oQ=Ct?
z99)Utd6hkvtu@u22Gp9WPrs=#Rh|y7F_oXDnR3hB0#3yac<s2<^?P|dx2~S$pXR8Z
z<(}TEnq{9ZubO3^=9$EO>lNjKZqp?GJkwf~Y`SeC_Kg?wbGl~~_qVc*U}L*3G?@!+
z`qBhv(AJl6+!n9h+RzG$yIX_K3TC3)Q%g@xH>b45Id5&HIo~sBdR>cc()6M>>UvX6
zZQ!b*06TQu>vr96*+;!P)<?>DjT*BBAGL*w@4_NZar33uH0oA5+g3a=RyMwjr0p`e
z7Jv6Hfcn9$exOcYXRuReY9KX5!ay)%+)K^5$*$Hkaq6jvtK?p;gboo?)MAZRXL3!p
z__3Vo){whdU?=s68_yPSBsSH{)3GkatFp#Ae^z&jBY#$NY6~)}I#mvtRh;4(#*O#F
zc0^Zf@~_EM5WPCpHWVA<<xoSHM?tdnevG&#ys2GHTBDv}<`O>|bl%HDsGf8N+YR6y
zLLMxUgEIrT2&(h<Coto6TKvMuPpiT5Y)NjO=kj$$7n*0`uZiF%3zr^KKYN3yBHJ^$
z2OQwm0Mj8IxW}|KDi<m!S~UsCG<`a0*%#~NrCDvAK{32}-wvI>Nvt}GPc&mPJe{Iv
zQ`0Wh#!K2R)!K{4F4fA5#x7f<oT*LA-HZWf?zLNm&DFG7C7Vjou-R(c$sy`8snvsP
z?3HdyY~=O23Y%TjY;vKSvwX9?o3nKDNjGQlW=QvOExgGeKG-b{V-}T}1SFYCOfI~Q
zRrm6!vQDJP*zB@FXKXU5ieeCDoeWQ)NZgFGNmcX;wn<g+x?z(l?`3IYKK!(%D-x1)
zg(W`zvbF?7R*+tn6C%S%|3oYaXvBWjD?R-*KE5%Xn(<D-m<n$C8;j**1iPP;-gT;|
zWVh&tm*p^--)k?(QGfy3a~OSU{>D_|<#?{cl&<Nuk70vS+WRp14=fBkEf`|*lzb0*
zZFm#ARXO?I_KLM%`M@W7Ixq{c!Txw)!hGa#@6RpfHBu**uzu?^lvqNKGL%kMkFp?Z
z!qW`Bc|$<#F9~v|lSdg4enY6Wz-ghec|)AoUlQcg>i}?R+cPpS+q@wn<LnJP3NUQJ
zk?{U^6tYdboyNN)Q1gYz_zq_Ii%@+t>C!o=QZp&GPuY4E*~xVSuvNXWCi}5c`>{;>
zu_*hoyY^$w_K!wNl(iK~ipaF3*9+H+y>w$6wFI2x-xLv#X_xD=tn*h3tCQc(x;*&R
zIdQ+Jl@<F;#Glf)!URJ|_cKAr39DTYykeo&fL{dPQyG6az0$MN)H$}(xASIk?#7ni
zhTodsir<poqThnw`+Bz-LG$O62s=&$H{3w_?rbdSsK-!Dr>BckOueVGrz^^;Fk3_>
zkY_a-<y5R+LU8-A5-z5RQmIp3cM)ev_t$$cuV0t|4rj5_0<57dA)f<-z$6$ZRp~{f
z5OAF(KQTd64FM<c6fOj2KY)W*9adKaW*318vW6nY#`Ow6M0W5GD}b3r&<}O6!c7GB
zCb%T9hg`IdJ=x9@%Qb_#(xzm)+ZBy^Yr14({_BFbQyZ0L^W3z&nQ@c@8^tAYC9-9O
z%~P{GAY6_rvn_n(EAUx@Z*y%%h{R*qv1YfSYACDLsn=M*ww$a=zt3=^7;i7VO4tZo
z7<2V0WN*_^yjJP%Zsz!Vo--6tPR$P?Cjz@)61cu#=6Ml&gl^z<+VI{3xGp^P&>6hq
zhUtxlBQ04^F@xg<{2Fq-?a{n^4xR(5ciZOtj!4*!QtS+DW;WFf?-!=(Utq>`=_tG0
zx#Sal+Krv{XFg#}iY{kfii?&NHhQJG!R{z*jJhpydkE3c{;pbK&2I(K9cCIlK)%pK
zf3;6oDZuGPL|cX}wYEO{nFMgaot^+%DC=(_3wwBK4J$_#Ez8n1WgAFX65d)I&f7Tb
z;yBC)%y{|IMA&Bo&HDGfy~F+df+NL)&#)PK(wSqHL<O6n9~%=^g*^77z{(7v9J_bO
z4*Sq8Vsg$R>D&FAote(@KRRYXbf~c)Vcz+!AUbTY(dmKI!=^PJ5X<gi6MUM9qCf;M
z0#p#Za0sF!2Tz`6R<*_B#Ja%mLjF^c^M?;m!A6)H%*}8+NNk7A>ARE0HJ3S(?qJ%^
zNv9iVz9VPe03_Wxv3VK5>z>`)!?ZD*xVQe+cgN<XPt}~LQN<&%!m_{FiTzsw2d*97
z`0jV$_qE=)`A)OXjOf!x?vJ=0eafoHa?j$*`b0h+Grim+csg7p&<WvM1gae*R<SBk
z6hHaj{ITwm7}mVTBG&g*Fgsh+^t(b9U&t6v9Nd|N4oBcjX=hqTQ2>Hrh+Kf83XTp)
z7@_s^!x=t5pa_MbgTN8zXGsLgXAeJj#4aFz4i^06$4lUt0^ybc7YC7flxsa!xm!9t
zHmh9SXfRuHi#29l;&x`E$}HrgR$Y;35-?wK_AwP=NvEPm!+JQiCjaC6^e^y5sH8J5
zta}AEUbB(+85vpYze`FMu(9nkJQ%%qsA`mTI?`)P-0dzDbbJ`Fb0`Y@_p16I^}tYn
zV1-aVTy<wB2<0K4Hl(w*cCJyepQ}$lTHdMJ&mV%&KLQ50dHmWkzl_5@#&xFQip%E>
z_wU@EP&G`;mY}T;xhAiyco2s>83$^J!%C04|3#C`=GobpYxKUNV!UpnhXJ?C(vyUu
z=+$PWXb}1rZgCg9#aD;ilACy_Xu(qW<Y-}rG<F!c$h3-RkrtP@L*#qow-tk4(_$us
zDMeo{r8m6HiJ2Cr8p3Fq*!tkM)#ES?P!hf}{u_B7?J@$sH|jjPagoKB^)br~+1iq~
zBipQ=p&7Na2d8MNR5Hw5_IPHZnpzq4`LZu&^8^<#8erW%!7U$6cqO_4>?zGi@2Rz1
zrE0;*?|EbSOD`Zpg`e1wbHt<wa}3Rya~#cubJC;+a~jP}MyM@wTMY?)Ax+paODZ<`
zN-yRL$<-8fO{TId6PR0Q-tD5ulu?}@Fn37Ab01qgoVEUDC{gfm%lb%Ba=Y`GCkQ_d
z(*`w|n!pA)DIF2VV1qR&(}7PGBD;@IU3FiTRuwH$^AdZz+@yEL%?$a}7*23_EGMO@
z1QvC894D=*d}G`#mNhHb3OcqjO@7X>ZGP);etwk7LOznteU>f)J1qWO#%h)s0*|V!
z5OqtY#kam#65-h>nlwe!x+JXlwsPrO3(T^t^n^)O`Oz%S-C0$IAl3(1+LOBSgeAPC
zo2(Y$WvXn`-St&Zd)dBsx5^me_jI5b>8GTJR|gRdhZq}TyX5{KTX7nucv1ZcBo=1>
zzb-hTfA^r;u09G0NQH79g&%Vsn;v5$MIdpZm;qnl`><?V%`dfLhtRa;%-goL&gZv9
zg)X!qS>ESXBw+**Jdvs9HX-4z0fk0b$}SFG1yM%eq28x?O>ITO6X(E?@nGSaEDwZ4
zw}voA&UwhBh8RcwwF7SiDQb+qbtTV?gRpU|bZ4dYJkKtPA4n2N&7pXO7vy*?f;KeX
z3qs?ll#%cp!t;Q!@9nlt(C`zGb_7d|aw)GN=~Iwl1bb+TWlwAVZAY^RE}UL`JN%Ij
ze%^9bzL9=@{`i7o(sv*i<IJ|c?SeMP8$gj)S;769_LY1yq}w%OY6F#ppGglv0aMw)
zB7jrKRE|6|mVoT5Tx2a3er7Tv0r~Qwc?TbUDKc7|ga{?neEni0GEM<i*#c>u=~3ZY
z^*){Nqf*J5G$k=kkSDr)W9ons#WCGly%;^`F_T&Y9R1f=My~pUPPG~3^@R1b2CI>#
z;p3kb7vX*lKjqoZ1La@%HI8DwWWVXxjC}h?zoyl5z8_f>eI1<R*_9>x0es&RBMa3X
zw_XI&N8^HP<as|sb{HJ89LI;=3)Wxe=0)!SGcH$hqql;;-Aqe;)d=obs^qxmD8k-j
zX^3kgVzE@oie3a3T;gUye*zA=IsX=!2|WXBakKZI_%$o@OCmnEam}(q$Cn3HJXe!N
zd@ONaa-wtfw3Xgml@r;`0Q)N8zNEcp7AITL$y1p7_xu`qFwp`x20A5pdA<^eP69Uc
zNDFy&85}WRiF%JzxUAI@4HqO#Jzt50js)I+&wT<sB%gP;XhDVozmT`O`~8MrvzQq1
zFZnfO|Fd7?K%V9*^*ne2XhHsE3V$4EOx`}#>V#T?qvVR=B&$wtH5E4;5hrL<gFF-w
zE(od#9*DRjSXPbP4-_OXn5^uLuoT>^vP{7#bs@1uO~g?YWUoT*iVzp<eHPpSBq29+
zk$MLE?@oO3bH4_S9K!{}LiU(!+c~EKxf!@mHt0-Uf&3z3M&R|+;KqnS0q*f26WKq=
zP{!lxBI*So<)44gujxQ+uJxa;E|H!2HO{glQ-fuK{KYtZj*A!lnqlF)WaoZOdc+%k
zP(g5NL<4_WK5`0BpR8cGGASaLe-mQKh{NVcqJ&C^bDy6bf*cp&&)=ID919dCn{bfI
z3yubIll@2inovR1Nl=?zmjLQJkS?E8Un@WAFz6Z|QeT{XgfQPAtTzItkZRf~^2)}M
z-t5J<jv(L*OXE5BYnnm3ykV&{O`uiYxE>@<)H=`vuVxPthpZhbZI2YYtOco$ZEG@3
zImptsi&a*aG@%<`x8tW@^8^&ei<U%_4f5d~e2c_{nhA2?jeCp4D9cG|^;U{OmYFoo
zMk;|O9u#cTMJEd;9qz)H??{OF7yKI8|N1q5->-S~U%%!*wv+Z>zvllxzed4VEKwe}
zkNlzcFeH~}kte^C&9QONA-6$BHk=VF=1K+wrL*q`$fZAWPaMATi5vSS?XIrffOMu%
z3WzU5FoQn_O-h9#>mbtwFC*iis-i?A_acFiUO?~c?aYm<n7jL#ef1sRd9uP$Ven$^
zlW)UD-_!BNxi#~L^os3@_$)Fgir<*UB4b-G35LjbVUR4)8WIo!<kFbwWv&G=Q)1nF
zl54?CgcVLpL(PvKBhBo9kr7Odk3tr-oc-DUkTk$9dkFmiDZ2rEUsYTdZ#h`(KKk}N
zMSZ5E5|{9t+l#4Pv&H-la<vM+mpwl5pNSR;JHAJy61#JnUH7$L3x6}MT){f0^8&IP
zF}$JliScFHuKqBaqxueCF=a`|k$OqkI=6;n0E3>CWJ`cAbo21-p65p4<8l5KNVfO8
zz?$#r%PGqV%a51o`mPUu@;j!_v9%*L!tZJ2t!O2z;VtWB&FhBn7WJ}NV<{uE@L^p`
z*8~#yp=b<Z3b!#1?g}skV{!&FXkjw9(bFhhLs8tu087(ZphZc=E7Ie)(O6<&A=B_E
zVq6YJqyDV$?Eo@>kZa|UF6P(*U;Y4FG0Ne=-pGdixW?1$>ymr+YS~%4I{~{?TLA?c
zD%lAV;{LI)zho#Z`1FvzwUv0Awh@VVg0|*9dl2Ah5MdFDt_7CjB`q`pAKEObD;BgV
z7!0%zq-bL?=$>HU^T<ZyV^{^HQO%?Jl2F>+8?wAf0$z@IhAa>ik&eu(3PMFS3&M6l
zX14$oed|@q3A$n-lZ14cTjoAK4HB9k65b%Pa4T?-nim7)A#E6hB_*wjfB703va}dJ
zZnK0EcMu>)iXI8gLy80+5CpRrWPBtf?qj|q=iTx7fr*OT?D*_p^Tp-}|CmFvU4doi
zF3FJtRWcTSjjT@)B^m42BKbSX{NfI`24`||rLTl`0Q#_2GWxUlX|oO=dP$B<4jT<m
zj@*HGs=&BGW2B?v1$PzguYC>r_&IAKYiK64q4Or*66IU*xVzx5-2Ke`)E{}WXlCf@
z(LFlcBi!ZPf$kk{5g$K!4!8Ez_f?i_WlCrAT$g<=?*eq`aE@@6cLq9lI7K+cjFJ_R
z77D2HDf1~hN58`_zhsPB(_xP@@IDpNmi{a~*NBb}m2a^s!ZxNG)E)g6^ftN+)D_(c
z>LiO1AmJl&X11fZqkbn`W@(sL3ABu9BMWKihajhYPF*m_;|k@nu81&;c>#J6-2`fi
zZUi+(H-H+*ZV1ft&N<cF*4S2#8J6bi)0G2_W2(vQR`?v_Y@==Ok74v6^?WN?(92^B
zWwU0JWus$5Wm{x@RU)s4QxaWFrcJ6vswwc;NqEemq)pelIAXYh!I9b)Y)dl6+)dq0
zQbMCk$BfFn$n=USk13SNnn|`$UL7YZI+IM0RDhIUz|N^_^nNk2&SHK<4+F;l#QhyH
z*C$BDSRJR1v6+&2vHK|T`uE-2hl2i-RRs)8{v%J|T?YpT2Lp#Vhl26*n$c0pV)4hu
zVewOETV7L(`S}Cpr84@1i50SzI)izKn%TDg9e)VBj^1FXRnXYVRh!D=K+w%7cHlIj
zeEMbB5@VM&V|==*op$<LTgLQs1)mVVQ}R^>#Lia06SfWGWRCZzrCQ}^>1rNFLHWLp
zvPlxb%!0mx8`V7Sf;d?*52|@?3if5G$=Z*MPV##R_B~PywIBH~Ng|$UKd`(|&Eqfl
zFuQNZ-WthOHK&ixVFxrN7AB~X+h^^t1D+DQFUUC5!8|1vB^WWZ>{xRL?An_b6I{a+
zFDO6Up*lsPJbeUbRbAY#Rz2{X`*z{CyYgaf;LhT}ossOF4#clOaz!n$Kl3<C2rA-!
z=s5=~(N|oYFdENV5}_M+SnOLuk(}qI8<U~Mvo2Sw%cd83wGXl8SctX@oq~w7R(7`w
zPm2u*;?=}Fczy@s`q+_N*44VimC`wLWoo(Y`JF0PO4m&L>E(szJhOrw)5{0XdFBN*
z>ig*2tUFvm4KXZrJj;U1GaWh8&9|WS{>^^PcTL3Ki<ygkq!{n7>rd_X?l<Tc>L>31
z8ne;ix?`J(;7>@rjVDL1Y$@1RQcH%!>S_r<LPj;lbhe7XxAUAvqa(GrO7e}1wMW-p
zokA=yCZDWjs+;`j&v12zS~l=-2z4xVyqF<L%Vb<Gh;QKG6T<0>DQ@5q6zc0!3-uiN
zFvEXUsIOn`mFLLr3`ut8%E~fwBagJu!@)kjTh{m8REPSkZ|#6*#T11!hWqkv?Xb^^
zsR|XWbqLRjX$S$=mmf6Vfw=XK#^g5g=m~YKcbLqQlug^egTbX2xYXk_n^utt+$_Ls
z;;|C4+w6#&O{*fe_OkAG15K$VdW{s#rqyOfY<1MklGJ4`ZxsYLIsV~B){trUasT&b
zVN>u~*y!0T%;{_vrl7W?HR3nQPbJW&uyt`3rY(Bc>BlUrqkc}TLI`g&=E2K5Htvrn
z$z|_aJGoO%XRhoox4pb`)17iQ)Bfx7!b_f)LLFb14_@-L3TbTj(ZT-h&K>kQhNYRO
zLumP12le~^EYT5_4A&t<DiMv0z`-ylI5+}G26phtK@MTO#2=qy8Nx`wuRCZVors-b
zF-RZENX9>zgNg1c0p9?Bc_*3VngdBLCZ?LQ19$F17?6NW+d(teG8{;hQ8V~DJc2l*
zbr4@R6r^V7AS0VdmN7B-A%ao3rUF6C)PR^X_&I#b#l%+&aln6Kc^^ni7U{tKWZ^!L
zK7)Sf+Jgv&4DO-9YoS-v9y_4OB{F9y4%tL9>ees_<jd*P=l?aoF{9bsyuy7vRRtXP
zYMJ}0=DkTvZzQ}AmcA2|9ryMu116||7%0Kif*2UjWP0(zDA(dJ2-;{Z&|=c)7UGc}
z$X%w#OeA5@SE{5pxy+53j;7Ym7<^^pwHRhL2{TO+b!3bc#E``<@{v^$HK7he*=56L
z`XOu!grRS&Fss6hP&jf^EL7?l=B*miI4y}68FnxGJu?T9V0VN)vy3KTV<hnuSq@QE
zTz=APo8GGGu>42wQaUz&ssrb+NkN0=l@iQ%CQmUZOsX0jt~|$_33Ce(TF6AgZRfes
zE*uPIV@kWy&vT3YQI5JHQ{|N@%#UH-C}Knp-(Fef@s$y8qipKje&(l2HQo6wK4AVK
z)EbF~`brlNMVh$_R22%MQRyP63Xi7YN4vL4BV}_b{aP9ZK`yOfSX9O*{w4kxPI6OW
zEDBSxMn3{6EE>~mjnTJg*0hJ;z(S>olVp^o^Lvzo^Ho%cQ`=RL3-EQ~Sb7N@WYp|*
z>RIM(L;#Q4)jJaR2>h@l0XZ_7(nZ|5)ZLN1dF@&ex{9pKwko7L?~+7pHAr<Y6GEzr
zqgi!r^(XaOv5eC7pC{k2HBC3zPYw>Rq)v$eRF$#wVcR2fKmfIsL=!UCm-T(vT5WFt
z8rn_dQ^yE5vAh8<WXz;1Dh=j)4tZPJ&4Gp(>=<^Tq?Y<=q;~g6tx^m%H>)PXpAAmD
zdDdf%T!lX=SJh)f+|8M6%HCw+)y8f^#NXsXB;0h%>odC_krZ|=V5r?8m_Ny`AbbSH
zDaBZmqs*?%$hoa{+c=2hHIWT=HDIbtu$p7Wu0DJw#O-<JXS<i_?)#a@_vTgWxlO41
zBe6Te7eOK_oXo^2*uCM)A)X5jNRQ;~hr`#R8#PTU`=9c`z6L+i|D5k5MAXOrJ*f}I
z!0YPIQk30%JDXy%1H*iKF5=dBTW#WZ@wScp7^#*~{fqGS7bNEG4*>tAHU3>%BWtdV
zF8P?ET(MorBP`wcl47S)veI`Y4NetgW%miIrpj{0oCL1lVDpfBI!M@rRRIfiUo4g*
zDHfYER+FaEC>Hw*Vx#t*U0q7pFh9lX3}+_rv>=!XRsk?(f|%Xq^tU#Q$>}C`3F&vj
zn7Zt}PWh8g`ucqEq4~={l7WKk+a3YDh(?X1?BhkEx{UDcF9~DMv3pc2X3D`npI~=M
zAPQoH)<<hklx9@cYh^<eZKT?3Wl0odv~A176?NMvy2t7|(MXkH%9~2|`l{A$D?K7j
zBbRO~ZK7*NNVaW>0CggMqgI=A$v<xuvs4VU_f&7Mv%e6=uIPJ`YB$7Iz1`04Yf5C6
z5^i8S6jik<V6>aS?kh+1k~+%lp{=^yU-}h}c0V|c<BVHc!FoiBhV1QD_(Wocy=_)F
zMBIjz7Ce9`218Jr6*>`LrD5<J40e)Asa7jwA|%7j7OP{zU4vHhwgA8(;Rk~t^Mm2N
z#r=aX2On?j`R(|9uJ<+(eSg*b>U$A$k@v#p!taHilGpX6x}Iv7Ucn9AdYsYCM5vc=
zRa<T>4oh27Pop;P=4ecb79Xqp%c2ygd}Xadyi?+Yt}eNr{B140X33hzXq~y=;8Zy^
zEH0FXEO>+Z+}DF$0M7_p^*_|oJ|(Qt533Cs!_s9-FupVznWg`_hBlv&ro77m@PrV%
zoWuc;O}JBLXb;FDbkSF>wn`^_RW@P!hMi5{h^HHiku9#w&;}4kc(*Lg8W2Ostq-fV
z72p9Owf=b=2Zlbr;icBdBfWV8X>))d;ig`WfwURGhp?gazA4}~VQ#6#Q<R3t*LrAA
zY268Llqz0d`aR-L@($d@vre~Cbo<X(jFAPkPmIbPwAnI7x_{yQ+}zhyhjHGZ%X{7+
zUc#ti5>)^fp=Yt73V@xkOjkAEiiJ?NctYuoDyzOWPXd-aD}J$|B7mCkdr_JKfP&CN
zw^A!u9zaTHq5GfpYh1CaSVGj|ow3STiVA`<LL9LmEcXkLGH3?~ZWQFC)Akau>*T1$
z+eA|9d`P41AYduL;ITdTYy4PN^D(&OyjTYFsZ&u*u-sTG^K(*Aj3axsucd?-Mz(5i
zD+ja58MCx2$LmEFY11du7A5`kYp$_i<YO?)Nw91~auQM0u>@HLA=HT|s*xtzuM<L)
zBQ>?Tm4fNzXjxE{;uRu=wIT5^N&^Gozu?zIBK#V2r}c-U2;w62^E)T3Lmy@6=i%X%
z3OyRO)wkohl`N}T{zU^-64s}|9*22_$AgSpLn(09>}c!(oKUTOc?ZUx`M{IdrOL=x
z-1~tyv9}i%5hHQRAvMshuF4Pzf(q<a{Fxlb02IDDzZ#T>8jCC3*g6C_Js>NfgH7jG
zQ51+zGdVqO1;dKCdE5&9d4S!}HiUDUNe-T!Uj@SMqWDvh^M@b)<D~5l&h0swN2!`C
z6r*<lw_gS~nn^wSsxiJ%xU;|Z!mn{o+_d8HQz4D<sKSkxBYRV8p6ey_w;_=wG=z|V
zlE+R8OGV^*d3L(dzFHh(%E?dE`4Ig83$lL;j3R<nR)zHM3H<k|*W;s-#if5ar}Q^G
z<=;J>D&j4PD)|D<{Szns4iXH3Go_tr9d>9PLjDB`Y&beWc?hkaAI|VOgF*<74je}q
zFc*rPKl~U$dmS@BK>3OMIar93vzK7QF@;+OLL5XU)m42Qm6k@+*>e8UyJO|bg~LT3
zb?S<nM%C6SZ$~xCI%*z{Y#p2u_!^J+8U2;6uOB}u&W3Yyp?=N+0DrOkfHRKbn1J1F
zH6v45{qg8A4ValHy?J{&lijN>3~)-^Ulpoou|BWBS&jc@RZab+uh+B95bTCsZ>Nx!
z9mI1(_YTc$dpWP~!Bl@~6?LlBl=}i@tK~TtoaraXi3o4Fd>t06K=*@ajbJFk!W%AM
z2P488E?-ZYXorQT5sJenQKssq{O4G~m5)%}*-3C7LY44_bk^2>YILU<PS)uweU0>^
z<^6i^nf^~3C=8unTV~)-X5#PM&Q;9zzta*&_n?Qq{@=AnJ}Y*@-KsU87pG*?&pwW8
zJL4sBgu5R$G$#mlizG(vjk2Gel5#uq3KxHK#p!A@<)57!l6hgIPGn)+)*DE%vh%`d
zv8Wzkl+z3h@V(X>7Zdb(VNmQV_zjjGVBl#X67apY8y6E;A;k5dMQ&l-&_yILBIE20
z*2jMiSSffBfjcLI&XpVLJ=n&!I!L}c2>Vx0sORdQ=k~sc&jHx?E7*4r?7IW@{S5Z~
z1oqtmdtTL5T3000lVw$e>WYuWc54Zh$oCbI>^(6qNoJLMWQX8y>YyA3z=mZ)LtEri
z5r0Y#6DIUjI)sQn<pjZN4}{k)=oi6%XDh#xiQ=!jR;p8)>6)giF6o$@-oZacjGP05
zz=Q@a75)XJ5ODoSeqw^C8XQg-QV6(yCWr^ZF+pH<5g6DT&NuYo0K#5&W(7!aot&uy
z4Q?Wci|~wJti$j3B1RVB5hGX6R+Fxt`C8SuF-G?a%4B8V<&tg)UyK;Jl_gH`V>t<U
zhGOff`61*)V0SS=*c}Pn2G1<_%n%WE`u4Orhhv7&4a>KkV<9$&W);0Iw5hFc-pqro
z{>lu-F0$)9XWE4&L-T23c=QH&Dm>mv`2h#a503vCE(?pBeYlPGfa8=${(wW-WdUh_
zBl0o4-{UOgB>OG3Vt_mSoM6)@-yK$-i%s-b`$RNSMEgY`91J&;^Cb4C*Y&$1B;fuF
zju)<fOS9Sg=FuAQ;e8)?9MBmVsYd)SCW*uQtB!Xa689Z?%HY8`okxgZoCgQ67=tfq
zN;Zs%>AH3|)0OO&VZk`rr$G#C#YRSb@JY<`f981!wmw6S#qn?nvc4iL7;KFS&OFON
z>16b9xtIWj1w*a*gkd+3f-~Dr?*ew(dAM9mV1?k<$>%3Pv3>IsNS%m`vo~b^lc{2E
zOx<9Iio+sB&1bBsUEtI%%9PKEi!apWg}<PgMCP1$rkQx=oLHurSmvB)rkUt;mf&B{
z#L^L=HAz9u=9x7L0DU8*QxShkj|>+KA>GdeA!jJO_HC!qUliQDF<?f*T;jd>)5q?Q
zxhTKJI<H(`QCSgPVOt?z!Cv{^aeMLkK~*2Zj<Y{>#lWL;_LVaKC1TRl|2$zl2L^!&
zCS0dz7mz~0^&>gQ1W`2voG_#iaQ#f+4@6*s!0aM0sNnMja%?z&nCDgy1k(xZ#Rzo-
z!%YN!5s~qWb^M+;<|vvC+ctW>a~di2d<V8|lpM2Mre^)FfW>(vuGX<*O8ufc=4!7o
zT@2ehIt~B-QB{Qb!R16?_e+AXJ0RQ!&n)-M5D|6y&(0oyORXrKg6Bk~3r+L~AQxLI
zqW!`%)Zk|FGugTj{{K73qI5oos5$=gc+)$~I8}ycvk5f>U5QIzOrhjqA(18I(C5_0
zKKv`!Y;Q=%|2I3c^>Nuhg`ZtU1;Z8xTD6cB0ARiOB9zlZP##JwtA}oI9@c3lp>PSj
zh=6cO+s^|4JT_khJk7+3b@I>+h24eqry}PMzx~ggGFJE8Zk3`hxFs(_O6H{WxN^F`
z7q0K=-1)9+CZYG~afyM(SZ3k+8=bwmV&AP%5xu|JiTzsw|4z(XNw%)uUwVxaXW<Zf
z|Fb&=L*PtlXIdu|W}Pnz`UMIA9GzAzgx1dwXZV~!K?X+$jw1}13q{T!{xjO`C-UcD
zAx_R-0)Sx(697d4Ar3rq6px}bBHw)W=|}yHv6t)m`8tleUyG+lP1hN3KWvnn&E;o?
zuI(S4{wIQI09j%)gyZ%}zwQ9s#Lq(Aw8hPh4^1W=`b)^FOA5+LXiA+rN(x~!knTTh
zPFG9TCv|>Cy8U}q{m*(}Kd^!;AECO_6Ics^s}j+W&f3~fjUK>*<o1^Jtj=5BFZZ75
zA8|k+_-o5-A%c61lJNn_zjb@6ZZeTke9}!?23~EM?t8boB5b<Cb-Ti@CEXjQjtW1G
zx-B^j@PFCtU%ciW2>tqTkIK!z=@rFCk9(ps3%K6({})fUPZqadbrLT?k5U4J163rC
z99|N1*X_Rg)I-?Z{}pzklby9ux2r)JSQD`OZSmwQRr&D=crMV+Fi?8p*hh0Y(D#UT
z`@Lk~(AY`uHltYJjibZFh3^L|*!CwzgAecCoX@@-s3IEhx+3R<{Y6VYm4DyiHw7xF
z0kl7$#!p4^aSOrR`{9Qz_ot2)KOKJS?5W$mvK3p&>IeHI&8)_<+QP>5!?)hayG%XT
zr5|!k*X@epl^<8<a0CVmpUCN-02ZL17+xIrRvtTAE(Wc%41C*TYL|qj1gz|=m|p!*
zH}<rp56|oPj={;|0u;M_gBZ<!R`PJ?q_ETXgwz?@PzxP8#QE6czM6VW9+h$&xR={{
zQc<GYqIVlJkjOEy+xECz*)hOGGVGWG%1EUEVF}o2+K28Ra6p$24h|%fPTDgMKApH6
zOa?L>?Z{=9MnqlTV$!pR?u3V)w82VQdkL3JxP0&H^gNhcTN$7#@;p91U^+HD2}O5>
zeOKj`&dC<S)NWVYg*H{VuN6wFNtzC8n6DKcnoIiU-&lnyw)&m7@k$Nn+Sm7vTYJP3
zJGGGAZ^|cE^I675N7%|8)f5h|JC5>$Dc9n))io#&pu6r9K9Gvh$()m(&yVJgK5@7P
z*sV%7sf!GM3e;8?cU?<9et(kP0&4009(as;Ja97JQWjX}d0cg(cgS}Wx}QqZaI(Sm
zVl6dL1UiqthQ4N=ADDdXdr1C%xJ51S8wb>FcwlFI<o&mo?rR1C4A7|xf0dSm0FL96
z6G7-gwtkwqa!XQxNPbJ^vHIcOuE8+gE&2gx=-BS~@O#xjHmH<+zPZ|(dBKS=lxgh~
z^vSDl=7A56eU8`#!dnuK^L7p1LM!r5lBl#K-*M$rLCn<yMWOa<k{Ty+hg>5tNj7%h
zLtt<6UTe_^WP;A_vaK16ROFj$1ad*~)&f;q;*SFkvxg-WPq?9WhYD*{g;WJp`6nXK
z#9fV%ha-|ICn|?ZhvmC11t%O(ufvr!@8K3jn5?#kFLzrCVb8zq3&~Q>7|sgFcwAh-
zQ0rs;a)ils?PRc&kz!4?CA+!sgb((~o5W++!_eJ(lHQU5MlC(NDr@cqpR#uqRj!V}
zzO}It-`u~ur_`B#{B8hx@||vvVUKT5WKV<aA%6;gKmRhn#F`JpdML$Oy_4xB)!IwQ
z*Yr70-#~4DNF&6z;A-Ka(uQosAA27j9eKX5mmF?}KvlnI?Q0w!E4r_zJYG9c9muV7
zQu&loz^~@0QDN^}zLq@V3>l9%yFTS?tfMYcD7M>A$x=IN%vxMX=eqW=<$!99XJ_l7
zNMAPp$q+Ml;Bacd>ZgahP@ckp0smbk`$LJq;jbe8=1Jf7-ugL(86Hmv9c{f=lsv|C
y-9}&Y4iJFuSA02vq8_`Kw`3fzWjAR+zpJo7-y<O*otz-UlT_sVB!(6=r2hv{fc!B4

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
new file mode 100644
index 000000000..824936194
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
@@ -0,0 +1,390 @@
+
+from .error import *
+
+from .tokens import *
+from .events import *
+from .nodes import *
+
+from .loader import *
+from .dumper import *
+
+__version__ = '6.0.1'
+try:
+    from .cyaml import *
+    __with_libyaml__ = True
+except ImportError:
+    __with_libyaml__ = False
+
+import io
+
+#------------------------------------------------------------------------------
+# XXX "Warnings control" is now deprecated. Leaving in the API function to not
+# break code that uses it.
+#------------------------------------------------------------------------------
+def warnings(settings=None):
+    if settings is None:
+        return {}
+
+#------------------------------------------------------------------------------
+def scan(stream, Loader=Loader):
+    """
+    Scan a YAML stream and produce scanning tokens.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_token():
+            yield loader.get_token()
+    finally:
+        loader.dispose()
+
+def parse(stream, Loader=Loader):
+    """
+    Parse a YAML stream and produce parsing events.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_event():
+            yield loader.get_event()
+    finally:
+        loader.dispose()
+
+def compose(stream, Loader=Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding representation tree.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_node()
+    finally:
+        loader.dispose()
+
+def compose_all(stream, Loader=Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding representation trees.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_node():
+            yield loader.get_node()
+    finally:
+        loader.dispose()
+
+def load(stream, Loader):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+    """
+    loader = Loader(stream)
+    try:
+        return loader.get_single_data()
+    finally:
+        loader.dispose()
+
+def load_all(stream, Loader):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+    """
+    loader = Loader(stream)
+    try:
+        while loader.check_data():
+            yield loader.get_data()
+    finally:
+        loader.dispose()
+
+def full_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, FullLoader)
+
+def full_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags except those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, FullLoader)
+
+def safe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load(stream, SafeLoader)
+
+def safe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve only basic YAML tags. This is known
+    to be safe for untrusted input.
+    """
+    return load_all(stream, SafeLoader)
+
+def unsafe_load(stream):
+    """
+    Parse the first YAML document in a stream
+    and produce the corresponding Python object.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load(stream, UnsafeLoader)
+
+def unsafe_load_all(stream):
+    """
+    Parse all YAML documents in a stream
+    and produce corresponding Python objects.
+
+    Resolve all tags, even those known to be
+    unsafe on untrusted input.
+    """
+    return load_all(stream, UnsafeLoader)
+
+def emit(events, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None):
+    """
+    Emit YAML parsing events into a stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        stream = io.StringIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break)
+    try:
+        for event in events:
+            dumper.emit(event)
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize_all(nodes, stream=None, Dumper=Dumper,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None):
+    """
+    Serialize a sequence of representation trees into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end)
+    try:
+        dumper.open()
+        for node in nodes:
+            dumper.serialize(node)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def serialize(node, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a representation tree into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return serialize_all([node], stream, Dumper=Dumper, **kwds)
+
+def dump_all(documents, stream=None, Dumper=Dumper,
+        default_style=None, default_flow_style=False,
+        canonical=None, indent=None, width=None,
+        allow_unicode=None, line_break=None,
+        encoding=None, explicit_start=None, explicit_end=None,
+        version=None, tags=None, sort_keys=True):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    getvalue = None
+    if stream is None:
+        if encoding is None:
+            stream = io.StringIO()
+        else:
+            stream = io.BytesIO()
+        getvalue = stream.getvalue
+    dumper = Dumper(stream, default_style=default_style,
+            default_flow_style=default_flow_style,
+            canonical=canonical, indent=indent, width=width,
+            allow_unicode=allow_unicode, line_break=line_break,
+            encoding=encoding, version=version, tags=tags,
+            explicit_start=explicit_start, explicit_end=explicit_end, sort_keys=sort_keys)
+    try:
+        dumper.open()
+        for data in documents:
+            dumper.represent(data)
+        dumper.close()
+    finally:
+        dumper.dispose()
+    if getvalue:
+        return getvalue()
+
+def dump(data, stream=None, Dumper=Dumper, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=Dumper, **kwds)
+
+def safe_dump_all(documents, stream=None, **kwds):
+    """
+    Serialize a sequence of Python objects into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all(documents, stream, Dumper=SafeDumper, **kwds)
+
+def safe_dump(data, stream=None, **kwds):
+    """
+    Serialize a Python object into a YAML stream.
+    Produce only basic YAML tags.
+    If stream is None, return the produced string instead.
+    """
+    return dump_all([data], stream, Dumper=SafeDumper, **kwds)
+
+def add_implicit_resolver(tag, regexp, first=None,
+        Loader=None, Dumper=Dumper):
+    """
+    Add an implicit scalar detector.
+    If an implicit scalar value matches the given regexp,
+    the corresponding tag is assigned to the scalar.
+    first is a sequence of possible initial characters or None.
+    """
+    if Loader is None:
+        loader.Loader.add_implicit_resolver(tag, regexp, first)
+        loader.FullLoader.add_implicit_resolver(tag, regexp, first)
+        loader.UnsafeLoader.add_implicit_resolver(tag, regexp, first)
+    else:
+        Loader.add_implicit_resolver(tag, regexp, first)
+    Dumper.add_implicit_resolver(tag, regexp, first)
+
+def add_path_resolver(tag, path, kind=None, Loader=None, Dumper=Dumper):
+    """
+    Add a path based resolver for the given tag.
+    A path is a list of keys that forms a path
+    to a node in the representation tree.
+    Keys can be string values, integers, or None.
+    """
+    if Loader is None:
+        loader.Loader.add_path_resolver(tag, path, kind)
+        loader.FullLoader.add_path_resolver(tag, path, kind)
+        loader.UnsafeLoader.add_path_resolver(tag, path, kind)
+    else:
+        Loader.add_path_resolver(tag, path, kind)
+    Dumper.add_path_resolver(tag, path, kind)
+
+def add_constructor(tag, constructor, Loader=None):
+    """
+    Add a constructor for the given tag.
+    Constructor is a function that accepts a Loader instance
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_constructor(tag, constructor)
+        loader.FullLoader.add_constructor(tag, constructor)
+        loader.UnsafeLoader.add_constructor(tag, constructor)
+    else:
+        Loader.add_constructor(tag, constructor)
+
+def add_multi_constructor(tag_prefix, multi_constructor, Loader=None):
+    """
+    Add a multi-constructor for the given tag prefix.
+    Multi-constructor is called for a node if its tag starts with tag_prefix.
+    Multi-constructor accepts a Loader instance, a tag suffix,
+    and a node object and produces the corresponding Python object.
+    """
+    if Loader is None:
+        loader.Loader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.FullLoader.add_multi_constructor(tag_prefix, multi_constructor)
+        loader.UnsafeLoader.add_multi_constructor(tag_prefix, multi_constructor)
+    else:
+        Loader.add_multi_constructor(tag_prefix, multi_constructor)
+
+def add_representer(data_type, representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Representer is a function accepting a Dumper instance
+    and an instance of the given data type
+    and producing the corresponding representation node.
+    """
+    Dumper.add_representer(data_type, representer)
+
+def add_multi_representer(data_type, multi_representer, Dumper=Dumper):
+    """
+    Add a representer for the given type.
+    Multi-representer is a function accepting a Dumper instance
+    and an instance of the given data type or subtype
+    and producing the corresponding representation node.
+    """
+    Dumper.add_multi_representer(data_type, multi_representer)
+
+class YAMLObjectMetaclass(type):
+    """
+    The metaclass for YAMLObject.
+    """
+    def __init__(cls, name, bases, kwds):
+        super(YAMLObjectMetaclass, cls).__init__(name, bases, kwds)
+        if 'yaml_tag' in kwds and kwds['yaml_tag'] is not None:
+            if isinstance(cls.yaml_loader, list):
+                for loader in cls.yaml_loader:
+                    loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+            else:
+                cls.yaml_loader.add_constructor(cls.yaml_tag, cls.from_yaml)
+
+            cls.yaml_dumper.add_representer(cls, cls.to_yaml)
+
+class YAMLObject(metaclass=YAMLObjectMetaclass):
+    """
+    An object that can dump itself to a YAML stream
+    and load itself from a YAML stream.
+    """
+
+    __slots__ = ()  # no direct instantiation, so allow immutable subclasses
+
+    yaml_loader = [Loader, FullLoader, UnsafeLoader]
+    yaml_dumper = Dumper
+
+    yaml_tag = None
+    yaml_flow_style = None
+
+    @classmethod
+    def from_yaml(cls, loader, node):
+        """
+        Convert a representation node to a Python object.
+        """
+        return loader.construct_yaml_object(node, cls)
+
+    @classmethod
+    def to_yaml(cls, dumper, data):
+        """
+        Convert a Python object to a representation node.
+        """
+        return dumper.represent_yaml_object(cls.yaml_tag, data, cls,
+                flow_style=cls.yaml_flow_style)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/_yaml.cp311-win_amd64.pyd.gz b/lib/go-jinja2/internal/data/windows-amd64/yaml/_yaml.cp311-win_amd64.pyd.gz
new file mode 100644
index 0000000000000000000000000000000000000000..d212bc274a46887a8aaf2a0b91f6b4ebdb57f2d0
GIT binary patch
literal 101282
zcmV)zK#{*6iwFP!00002|K$C7bX3LjKMwcYVUn=K3Ch5*$)E!U5D1KsV2orWOApLI
zWQ~CAU__QE6A2PoOd?*JASx;-2r8&30tzY+AYljDK?FnrWpTz3R@vSv_c>MFcT0e;
ze$MmXk8?<J`&L)qTd%6>>b}+8fj%>cl@L;e5TYoAtR(zjGWmc1i?I-LSEJQ;krh>U
zHC}1)?`qs5>zT2x?B~Zk{rsR&t|5a)j~)|r4IbutK4-M+nbEG4uH9Xu#ta?SDmuEF
zTkv?HO4Gcy!)R;ue`3R<tsfaiTMvx!wTc@?TaRzZfA^^NO=}O92U@kq-~Lvdu5+t4
z!)WXO)%D@;w!?g_=MJN-uf+IUJ%qoLTY2y|6~Di0&3|{o>u%2s$%1y(cgjd5Waujq
zr1k!9hN@*3$bGKr(p?S71&NTa1>K(#Au;&pWD5#|5F!y0A?m2V$q6eLF5Vt!Q7fsx
zDqr(I=cijqKSIdg=~glg3QMizI{cn*B?$&vve!zgR3YT=)>hKs4p_P3tR%r=EU}X7
zRc=q;DmW}RNC<iLym(J|_X_kbLI$>ae(0d!AVMDL!+GLEgKP}{k_ky}#mUHwL_)|w
zD<QEUL~BL5(pK4=5Z`gWm5{p$A-UGd{GK2C{18I8OiHaNd-B??=!T6PGlZawKvoFM
zv`Tc3lmCzY^Ru6Qa^IL#xua9|yQ6yc>h0~}?dk31?M?H~#!+S)B3ntIsADdb3*7Sw
zA-<ySD=D)zD6kS=QRhr3o<#^r^^|)`Q$45P`ZK&%Qax8aS3TvPql)9PixN>BdoN0a
zvg@?4)LsA(FuyxnalCn1B2WuF58hfT!DE%uB1dbhl~A@van!ynk-}1Y;Y^7T&vwPp
zU)1?btusNZQ(dj|+a+FSps3UQvPAqWgyepW{7*@cFBjx(BtqCU_hj&gj;oiT&IzpJ
z)ao2o>r4`L{;}{Twjw!y!LUUoU!{^~2=d()LW;Ur700`mB>wnoG~zib@%@7ML%hXh
zPm3JW)caO(e~P$2i{B5b_fKBr_XnBp4^{7P6!*R2{xW{QhkE~Galf&-eu{cOU);Bt
z??0s8A0qDmN=(o1R_}Kd_t!%?o95m|2=VOa?W#(JvY9Uk_6mZRFAAYeC4{7~0{3Ag
z*b6kX5H+r6hiPGHa5yb;thYdu+Y|>m5Aa-o@+5$3?**U(jR>~%v#pfv^|9TG;|VNA
zvf4Dig(asdWjho{pL0-r%yYG@rlB<DoJ2fFX?|-g*rPZ+NT#WC&`$GX@!mGYQAgbS
z>=yU_Dwjy0usj&!%O6E7IaPgZm*O~sg{PqKK{poeR2=)TPzl<7*s2d&U5jN`p{x~_
z?N%I%%0W<9p_NwH%5KH+HkOqKV<>NhLMxM@kWF)!;$v+O-UE1@K&kd{yA($T-rq=B
zKX)$8-xTK^;O*~y%G+;1|ED(6{Ijv4Pd8Y&gwLHrY;x}Pv*^cbT1iS#a^&jkk$`;k
zYs5-INncusr<CSziru&q|53T0JBrF9-7&p-dwYS;@fW4IU7n+~sE0d?7Wv%+L$Mny
z;420yj^P@DIW;MZKOSQxYty3$2^SJ{Cs~T4<9XG|<V3FZMG;cgiuvI!nx9v-A}4Zf
zXSm^5Wkr42CZ4+g+CUV%bo|s9D=`Ri;90n@fFL!P{aAJs$~0X_I15j=n-)dyRwUwG
zSpy#GV92)^-np!XU(R+?IoCzy%vg|R24y4NnJCcy1Ns}};WBz*c9u>#I~l>S_3mUP
z)U%1osTU}FKE~d=)ZTl0fSsW1e|~o3vVBr&>1F$*z+U+4L;!50v6T>-e>1{9wV{;|
ze^JXCe<+HV6?`+Z9w9#KX5|EBk0(<(HALCt2~<vn>o_W>9;WQ^SSqLPrR;GRl~cF*
z+4D}noKsp>#m{m|Q4w>?xkU4C+U!$9gb-l7OlR!)bi9@L*iJut+^IPJC<DVzE#>&x
z3$DUDDLW{0OwKisZRBLzkmjgHllOvwW*(>6i!@a%Doxx31I+|Za~Nq_YBV**8EATQ
z8t&hFX*9V;8V{%8{l+9gQ+U)q-3$Fek?pU4BqWwo+_C<m0Qm5gqpXC=LANWkZl(pC
zoIKM)$m&g?s5ufKIW8t#1gu!}qrkq%)-%dV=++c>9E528qUa>J<}7Wq{{a%mBZ9;g
zfyz)-ag>%xWc6pjwGncSKK}<Yi&B|MoY{p)otd9AE03(mY%DNa0?hXFC;NyqD;AV-
zR?h5W12g4sWH!GNv!=jo1sW!2){`?Etum{^ne{R-`<gTBUWwU}KP0kxH84xy%%V86
z#ws%#XI9m~Y#3)2QHj|!U{(su%CKX~DJ`1-1`_m97QHl#jJHK_{NnsY(JLZ!rZJr9
zR}mGNwgaX|fayC}^tcPG1+`eWBGsx?D-%{1*cQrKY~glvUCFsyacuts-BB=d^*-=Y
zX_N)_hEkB`x=OQ9quCEM_fZx&9C9Je1*C~n98&~Mlhp^J;8mlSRkwm8e)2DHPN{^D
z(2`FrWTm1gO4$&f65(TAV`zReOHPF182LNccIt_MJTAs34{-YANiLr}E|x09$GXO;
zWT}G8C#T0zmKx%>6V%&H`R$NTPEYWZQWm&CJv&3QeuUCFyyKp-37ng;OPS%RO-Qra
zgfy;ANZs0m)T~WN)!KwuY7^3@HX&1L6SA;2A=_&cQV#d)5VBMJqs(Rj6cw_uLjMAY
zI;ouJc40r`qU<7NJ{MKiD~`uPrha8=H7i;BZdF3U3lPsPu}I|%8M>C)RS79`iXP;Z
zkk+@fSo?le>_i@~X6i)hpW&TIPwYgxQnsfog|f65$_`M4;9qh_r(YiHqVj}T%A!Bd
zu@c3x;&-jhhoP%k`w8cMs;ZTUZfE^zwcD9@1CZ^`yPf?DvD;~C=%C&`4b1FRw$sAx
zq9e=4vaQe|#X*OZKv~e8Oj(|r()>*>ui7z*f8pvx7xvDbJCnP6d(!-~2_WLkR8Kib
zd7$Sg$T`cS_~oJQxKz(6zZ`VO`cdGqet<x6>;QSlDbNd|-0vzHYx9;|twu=rWEDbu
ztcz1|d~!yO&~l=@CD*GFQuc_Cb#W<<X=gNvM|n&B2X|cSz#u`^*Uo4{dk9`9!&~xq
zH86qrZ@@L`;m|9mB(lziVNbce;E+T}c!LCur^Wf%?>@F0^*Jq$%IQwZ;9=!-7nR4v
zQh7j}4=}^~F;q@Z@UgT6ewje!^km8$p&$gF4WGlOc|7Xc<j=(TKIrhVv?xEDJcAGt
zC@c-yyvp9P2*uIs439)wQWkwTR;#KwZk)tOxnPSGRITGF&~7WlV}(cU1z%awB}Sj&
zgPX+l_JYp|A*(E?m*-Avg1D<FJIY(qraB?vd@CV7C6!Qi2z#z9r{YLCsmasfXYoam
zR)Q5Ch6;5tiqK-8jFY^}V<%NRe++9!e>V<Z*z2V2Z9lwVCH6vs{gUm07px+d$Nm$9
zQtJgP3CDx1+joh}+30KEB_?OBuYH$<obM=$9<4L-jJJ}UXDPG&FUKl^W?;~=EXPX1
z3(-8I_e?-R$Bl+x2PpI2O1A$yrRma(ltmvsiOzfuu@XPTwpA5J_9=;!^`xxf@1u~B
zpLKL9j<zRxJ!U%$ufeF3%F%Okp<8G<9G|H?7(ta(Qg*-Mh(65+CxxHjlkEukr&)Nb
z<@SO%0T}KudY;mNspdKAEm>Nfkg~@>D^^Ju^MD>jakaB0L%RwA-Sa6`+<y7#SjBPA
zDGjhVZ^`QFsNO%?tYn=X7#PC)4}Zl_)m{*=5E5<=5Xe~=iH7G`2&ea!d<j55!#mhX
zFT#r^ofrwf4&6qcpX(Ykp0a568_LtKfFf>1dAd$Yq^t*JN$+w-ewOZ39KZd_>oMD_
zIhs5df~m+2Z;rKMRBfY*6~wvjq!8y?6z87MKd<qw5?*JKF3yOPnmD7pB~w6{6oqN6
zB+Sb}O_-F~4*n)_g|zK}zvT2-#j)x)ZiMZ;CDXWACsnbMb<rqR&6jpQ!TotM8pb1N
z80}6-q^vcSGoA2^a;|`DU~E|%tnMwD1dkTsEvd&DH?3kN0d(E{{**`x+u~)1LUrd`
zi05dfVc$>3L9%&nm!F|C9SZ(B&z%JhZXgaNDh(e$J<bPi`I{2FPxVDd4&yaH>lEcr
zjP@RvNU$wUbnN|ABEe=5|D2E@r2X@<L;}p`q(zP^mxUAR@vB5uEAaI8(8^c~3aH6y
zQUe2v0agqwLYJZYsR@Ba&w1K7&p7_Y=dlg^l?xs3n)+u~Z!z<fOxcSu(2ewSX9w5?
z%Kq@P8#to*6g6Qhh`uk)zizP?zK<n+oIbV<=@rNE6Ji8^)js_+28XsDm%wN37Gb*I
zolT1z7rdZ!d2UyzwhVFl`1I9DH3$h$C(s4#RvhoDe3YE!lsN{DwjvK47t}w_`>$*<
z(_o{@?y@4vUWzG;hR!s*Y&6YREWx3aMfX0AapkeUBy11j%6@-KT3osEBAU*VPy}(M
zMU5+uAD75#%4K}nf-+uw31n=w5E8mLR}J3m@cNV;@UcCi`dGOiR|!-O7_%osfHh#_
z&Yj6Ud*PTe|7<o@B##0T%cATO^wa|>JK~3aJcXTy9y<fNYU(c<@AR=fRDP+H$}h!H
z`K4GYzvQCwODn1TQbK6;w;;QmI*KFim_)qmA}oY>*W`jAZ`x4HF9fZ`UzF;Si?4%!
zDe4(Zivn?eIcJ+siBKG09Rn$+MNzh!GRN`};E*eMn@5iePw)?h?MbJIm3Y@x!?wPx
zfnH0_1~^|@rZ~3#3_WJh8(@2AQS|tW5=jNq`XRJ#js>11ffn^#Ns9u@LP;F>hy5(+
zP2^Y|r?W;Sc-MT7a!++p)-#r}K%C-u^%r>1z&0ueO2aj9Ixv347%P^+(AcL$s2yU<
zpOJJKE!-Zgp%yxM;Yw4Xl@}(M3eO#tDzshW7ck8U&a(and)j&w>&BVte$5MG5iH}4
z+5CnJ5j5VI3^(MLT<{KZ@hpiDcF3O?f8%F~usv+6edY##VtoCh60y%*?@x^X@E7>2
zwEDK{-{(|EJDCcUdkgoEujyTP7eZ1cnvk$!CB$AZ7-9e=f-*J`{t|80fHy2kjid5%
zEapn#QXC)uY}AHf&)iZQTK%HN>-NI#h*;8ro1lC(vGo?ws1UiMxk9L_syLSXWK@iS
z=QYJx_#P_8GNBj=A@@{Nj0t|0G#)wMttm#AXjF_i0gg*?j6un!E~_}F_rOnBzOrJu
z{U@C3vlpC#00<nmz3>Reox2prr6Upv@8E&c)nUA|Vl2xbyS+z*$}rnOAdvI%t`X8N
zkK97lW*xbOQsy6#D!k2yKS`u)ScNwG@wzU*yu4Cl$wxGebD3^Da75^5MUA`b2x?p$
zWw!1|MGwqgH8fX#7<-C`kD_Pn{XW4UP0mM}qRvh#7tfFg2_=1FA>juwYO#$6rtQ<B
zat2{+Fa5;3@tWRs^-wEHKqsF?+TA!z=1slKo0^byD^U;QH~VK<$<}<Z4DiimZpv&&
zhun%jp3|=zqQk;$^AGa}3-+MQaT$Zu=%2H#B%~Bt)DWtscbyBL(smai;msm?oc@Z%
z7;_vt1e(a{ssi0yax2?fb_k>^?5dZ`&(dO`XK1_vTC@FjL=||pp-$c*eDKW(Onx?h
z@b5IzTm$J7ob)|T3U?I8l|$M9y0v#*6MVwJU1*q(`~}ej*xQ9N&EDeQwU83*yXsNK
zCL6e4{!t=+c{vub)KZ9eC`3FNeh6_O>=_8%TUJGzD*jP2j_elyC=s@m=5NX#(ElmJ
z5H`7IZ|(EeKu;-UH$2<5FG;fB?edi4D0VS^uwY%C{6iLW)p6KgtKTN_!xno%{pwJw
zpF5NC?sBM`VtHC55(Ina->?L`QReuEqyEV#D+yIC&`^&l>4c)P)FdSAt;Rv0U0?$J
zw}TQ9WHunHhh(<;hY=e;YgzNKB!+V>BcM<`yTARo40{2eGV7YDIQkrt^kyGHelzTZ
zgullLg{}h?N5UcX!$(dX%34mjA(4_qBzzAD+eIK@mg2DMXaiv;5I%~83xM#h2trmx
zU|>G#korXoDO&+$d!$?fl&5UKa%vX(zC)Bn+nyCx#mnS$r%xV$6Hfto9JmYjAvIvH
zcSr&P@Pc-&(8ddsLknKE7$5PQ>srGbpkaR$I9~1Z$;2NZI@}dt=d}5+A3&WZxrn_W
zg^Msjan$)yd+(T%4#@2{;5HRM8+1)p99IsS-uE$RHW>-e0-=o)QpK_Jph?yaAoL>P
zRUlj(sfn=pj~Z@3S$0h#C66H`i6JEXXrv}W9Q#IZc*ZC~zdY8J>bdHdC&Z>gwAax|
z<*^{hqX$))?SsGMjv&Y_THzXAm>lXm#bSKWk$UsBp!xf%m_|kM2P8iBq-+<JSD+$-
zI2#^7pD|qJ-!+4>hMCyL9Pv49d$6tI`0@wtv|~zAu#Lx{jo3)u24y=`Qw5&e_XE$a
zF2ylUtCfnix<jo?sIJlXKW!zRtND|hR&K-0>$Df{1xVZ5wq}XBg?F-ya|;cpW?9v#
zzv!{g;#j!WfIE$aKls5k7M^qfyRGC4`dGNu4`M95qrYJ+{NsLgESxu78w<C|!m+TF
zWgZKE{ey^rtrk8OzBoZ23!mp7h^Ft8NUBHilzSA~zGGC*gMK!_87NeO_fys}hO!+#
zB@(JAn!7F7Cy}+#sj+`(QP(PpqxgV9$J0@qGKjO8MDVL)q+iYjr>K6%^syhsSab&r
zwB?kWPH;v6dE`wT{s!csH)APV!#@Bkkv=)^TwKUDNz*E|mG_{PjTT~@G(EFdLgej*
zUC~qQP#g#LN+j&H5hALMfNBvo#PiTFf#>jHCOmr&)A9WH8N{<n|2yHid%p?KrTY-i
z>~lJvDf<PU#ZMXVjM%5*xp=6Crx#<ihWm$_@%(MSz_Y5rv+;{Mo>w@Y>-GSiSB-d%
zbp{Hr8t{xT<GEr_1w704X&x!cyXJ=&LdyC9he*Gi?S!69!|{+AM@7X^QE^l%;CMbR
zl=PB@qsP1EbPORSK75^)9WRSnr*|YGFq|d{4DEX)5}qh=7i=%AcT-V(Y)`nxO+~@#
z-ZkF<s&Ra7bI=fNGH}Td0q{3Ni~z@fGDHV>!_zn!Sl0helY!-XHTMeu@7{v|zm6Yp
z`DEaby&T|%AN4m(1~%El>oMDo!5Y9$jP~Li<1<|afFl54%RT|{Q~bR{$+;GFTB5**
zWnE(x$A&$8Ccve-*s7N#QqmU1P!0NmJ{AZ>;uJ^LUNL8&QXao3krEGg#y}azdn%XW
z7`DgM4}Gf>)&{~z3n89T&rvPWg4w$764CQRlyz}Zd78+;*bcgu7DE+_2%B|Xqq|gH
z`-K*DwkeKDdo<rs-Mc0cTAGI3wRDbP4WFFm^vjDyv!d(&kutyAW$gG<j^TuRtWWkI
zb9uHyK`dpqD^FT^m_~7Ko-*6XC#^^x=P3=ydFK+amrHTShCWiwsnlNh0fATVYDdjn
zbV10sVsb?8P5_r9VTvsWh#RpLZ=~(4oQlzQr(}9#BYo|iJWXRD`nW#m<D{JuDeG!*
zdKY(?BH7<|i0q4?I|CwLjDac5-!zbaG#l{LMxiZH{Qb6LlEf}r6g}^RL{ivR2)H*f
zkOsG2&sDVaO4Eh8J1XZn4Bc`2loh(;7TGBttgt2QR}_UZ+sLP^Vy;hrT;um7h@NAp
zJksst^M87>!-!@g*#YO+E_#mI8>PU2ria@_i@G>NZFgD-yRJCi+a=5lY`jnjwxdOU
zx2t`M+ZC)DdTObKC>zVRhk7iv5O6(imHK5u$m;KF65?Ii*Fs3yK>jgqw-O^9fAs2c
zc((`KeH`qUjE9&q`k8a!ETTsom&ob@B<X1(BsBOn5w<r&AJ^i0iIm;DdL$C?Ig04k
zyk^{SiG)0_;S4GByR)fhXQ*J6MEpf_Fz?LA`Z|5=S(lHEjrFmU12+CEc|8(ql-Cgy
zlt-cY>z(Xc$hN~mSV(b<+R48ON3XWr4G%T|Uap(yObW|$9#mrZyVt<m1L3xZvTc-I
z4_R_8WOZFE9|Yy~u?ZzZ6<E8~E%4@G{<4pk<I4^?CXrB@Y^kJK)wZLelr=`YLd(Ad
z1+7ly>f+nv4#n~NHlg}LNCQ^>KZQiuCT|Zq<?IX`&t*nYIqL$IvqMzQ#WWc?>#$$W
z-izNNJGuOF?lu_UvGaa8&z%fEV!iw#!OO1k`A?j&mGk&?sLL;}!Q3vzQT2PnfGP_t
zu;k^t2?>85tGf2zx2x%cId%LjKJKhUN}fT&X+XH>0VIr59P74g-==^t5(q~i;X6P$
z`2lS-(BON0+~8;Nzm!R&<Y}aw50t$g0Li?<M*}}n7QKSopIRoTIjP*=<(G%YQh79t
z0}gCgL;mgXmz)OUfOT5o3SO8T>Yk&GTA|^gdc!NA;rj3{y3=a86=U-RKPyulC$?#C
z7gI6{>#T=5Qyx%<P3yLq-YOE9k4C~BD5$3Du<7k>CW#*VLn0+(knkW1s;MTZ%iAR5
z^R58Okw|$QD7{S$f`VZa>t_}eXx4cugK}NtU*?B^xE5?vCG*}kZP@g>R#>=A44d3R
zi}69@_2w@_^GlkThD|p&ON0)I46wib@=$kjs^?Vxb%%Xw{ic{RnYl?(*tC~jLkOYP
z@0DNutVzRdFy^n~4i7@n*rNFpu&z;*IS4*P4|i;S*b>Zy9}ni=u;fgn%(k!_L@nRr
z#6kQlxX5pA!LRc<gB8cP%@Qf=Lz(T9o(8hnJ&k0EiX#KaJl^)-&XNepd4Mw8F(cc3
zCbrcThYRSfes+nn=$TJy!Q92ZBA5&HGezr1`su;k6^yQvBD&ovT6b+VMeCL=7|d<>
zO^?>!*&?F#wNDtL^~}v`w0<*F3+DRv#b~`pKXbJH&{olJ92Z|A$Bx#c^&Q*;$83^_
z2-KTXHr5I8MPuPxX~jUj`X-5#K=4%5)v7pBw-`($5B22Zdk6`?cs~zQBB-40^jziB
zJO|;ecKGFyo1H!-(l6(2cKMVDzZ~2g8(RFFrgti%uYggT`^_JPr)^Y6R*l>uDj&a5
zBH@~DLPWg+sQ1hLh{G?vHQ0W7Qoz>cNfT`MJ*mU?SU-d<@`*da_RMAzY@IeCY}J3&
zVLQG_z_u>K0NaNfRoK#dYp|tYVAybOrWv-EHVfD`2-wz))L~n~VS93e23rfto^{f~
z^5A_MY^lVITlWnbZj$0C+9c`Y*oi2%G7#H_#zZ6r$XQNLImhis6}K${w=J&F-(w7T
zaRyg`!IZ|_pV|w1-Go4DcbLNHh*RtYijMc8s5|!3kjd;Vkg3zlgiKT~9hn7vfINO7
zBJ<;IklC}*gv_!Hh|F{N0eTA}le&>36W@<B^0PFj;)vX!BJ*WW4VewS5Sjd*W@Juo
z6v&L=GxDMPp4E}*g+rbw#gVho)G?epC6SUTD1-X72nj#!0=gQCBe2obfo=i1myxas
z&~<PTf{7K1<LCy{aswoPS7+NA$YWfXBLU$Pm|Zz#wuee#c=Yd7B(79bkt&K~#0G<k
zOvXm~LnHGVnN)-_+ui`mlI`Jr$@&1M9`1H(>Ev?CZkMMNl*uoT+#So6Xm^~L7Xy;e
z;!&zT*$dbFqbQ=qG0<YmMudp#ns9A#VYeEkI38ZFPM{UyZ5eL=)(CIMz=%#xaVIDa
zyGHg3lD!RN#Yh%i+?^*%QlX3+dkST2o?%kP`Wd=1)<L(M<m`GUH}Uv-lQQ04ipqHE
zXWdP#EER5IPZxumc(FuPMpt)D8C&*5WqhZrSs8n+7s?nb=3?H?(v`86MN^&+N=@oG
z;5UhsOhr*F08t!nNQh5~@F?2cN(#h}D>!-z1X3>O@74-kYU^iXo$CF7p|_|st@F!T
zqe|5&HS`v|{R7axzaeLH7qssw)zqBXM)|GSaR}Aw??<q9!60Ini}x#jdE_pkQoBH<
zLW7>wRcZYVMG-BXLfvRU)HnYKuD@-FfPVXg=8WF&F7W@TiwXa?x)|_B-<1^C>5ll9
znDJl7@&Czy|2l#H?>-~`Yc>3z(D1jRmNvYrO9lK(1pX^TH}Upx9e=(6#nyJsf9WP3
zTx0AehOaaDfY(rL_c{m(zhD1fb`uAm(XluUSa2rIfJv|VgotYeuxQ=@g^PB_v1rso
zU=d-);#xq*g7rWw9=szK->x-b@$MSLBJ+rj#e-`F7AK8ZoGVtbnAugsLgrXJA24I_
z{aS&=a)CwFVLBG`I2NC*{tuDXhpUZH99?6uooOhwAt1$=djBrc3U$iTq4@l&q6j9V
zfys`#gox`DxSm%JWjn8n2E~J&1r!rHo1hrkS%-q4ze<wnouFv3#so!;VuWJXAsvbj
ziv<+P)Bweh)hZNKyJ%3n(+Q#Yy^|S=4r?ly#l#_%%%c9P|6&%7RYokj78}fBI*RQx
z5L<!sUz)|b;W`$(0SnG#IWXzqBt%@xaD7i*6z)9%4U4Q!0*h;%Ojv|E=~x8OcO;!o
zxf2%iR-3Sxyb7`K{-|T&SS_%alVZT)&`K4Hm;4$Q`+bPTkP28VUtPg0E)A+=7O#Kz
zAI##l?~G7vT4gYc87Q@KklKyf|I#cx!*nR#x~wRI$#r0|qBbGodN*9ZS_ftOYG)0K
zBA<X_f!Ra7ZRjn+=sJ?>rQZpPTB}S@T=@>6`1S`Kiq}>ODE6fppzwdELUE~+2E{ds
zP{dT|En-(yFpH-LRx*n!-~Jb~xcQ9{i-eU1vv?E5*0wew;Zcr%X%?Rj(Xsdru;5IR
zfJv-_5OIAET>tGr;r{K@uy}?FEOOIKSUi)aWAPOFj-<4-J7MwacP1>J`4+Kgen7|K
z=C=Zie^L!tlzyXPG2EwNaUdPBIF)L~V$OFJ%;ISON@kI};y;+h*cC=7zWml;7Bf+5
z<3MV^-SaQaqQPJtio6SoBAC1kOy=H0h`7##>*s2rY@eeV6s=MP6mOe*i&qT2#eQ@h
zNe4RI35tKdF+p)`1wt`zpAN;?Zv+&tbud5?ze0uLXu1Z)tQ3U8(%B3}&2KB1MaEN=
z%%c43|6&%ue{IB~@izvucn8I{2E^9u?tf_(GY0Bd%m*wuldZs{=G}yd>$z}!`fe2N
z=`;<C*U|(QPo$c#csy0dA`LxS((jMo35(}en6T)!9I?1(ua3p<%LNu6JZ`{Z(bp;#
zUDGry{!B$I)~1-TC|ps&EH?G6WEO+I`VVH&?<*q|?<_Z%#VnMXr4GbDG5^vmYy)&C
zhLtOdU{V8^yb?o*xc&{G=u;DA+b30nVqCg_qN&+K)iHReVssrzGatJX6lcCRL9z8K
zgyPlRIu!lB7EpA4%mBr`U#U=RO3|SBH4UM7vx0~E-`5q)qJ5uAX7S_F|6&$<mm0CC
z_O-z*-b1maffzg3|D{=se@e$f1}r#}CxFTS?jl57KLFRe@e^b8?v5H3-Ms>fwmuUU
z_xp4#TBAox%D$tE>hqNei^OG!#os%1EcPxFSUg~KQEx6)u}J8sVX-zDvG{<Ru^9bT
z1+(}vvyxeKTJj&vB6W!oib=~1W-$k)#z1N-qW`5?oa?JY(d7?C5lr3zCS#%r5!WN(
zy5n7Z{_k-Oifq+Gjq6~7BCCU8{tsP8Qgr(}L9u74dH!z+pa0vTLy@{vK(Q&o07c{y
zZT`=zLGcs!P$wU&F#or-f?3?xyOLRyEdDQMv1+jqi_1$4X7K@vZ7+x|w#L6Si@|+#
zES?7}IFqBm<YaY1#PwHj{T*L{@LjToMUTe>7GIdLm}9`gi5@NK$w%&lMaLy3EZkor
z7N@uCSgiU|U=j0(0gDNXRV*4OYgnvHLM-ZZFk{hsNd>cbr)MRz@O<$f%%as7Mkunr
zG?>MFl$yf{@lUmXX%>evbtu~Xt|)?u3z%e9BSc(Z1t=b@j<S8Qg9gREjsl9<WD^v1
zlXWPHI`Z#KiFblx<zf>Qv%f$n`fSsoXth}V&SZq*!sjX!?>weKk=PNTm{|deor^1&
zMfDz)%;K{}|HUjmT4coH=PwLq@ezux4~Vg5)qiOgoqOw8^aU(9lVQMQXA~jgIuWkt
zS5+sN4}PxB952Azli>Cgyd6Cy$x6f=bDV%|i)ua5kD4I6nW#hd6S|lr_VAq`vwdNL
z?93vB?9(keWD`CYkUjpe0kWh;Dr6@g)gX&|3?UnzXojrr7Xq?k0a<1@9WuUL&35I}
z|6n~AJ~e(CZ2q~ydKRMez5wYBh^$~e5xVgNH#^0Y?q-*;qS(+IJ$2+Ro>UaUY!xuO
zJCYD_Jq@nUM5@TuU!)@UDW7PD+gtH=^wz{m$UT}YkQ-|@wxI@NbD={@vUu)<T<1k5
z<R1Kt?_04+M{fOR0=boK4antxsv_4cQA6&N4v5_G3dS~Ikw9*ZK<<MK9l6gqa*3b(
z7h{Y6#0cG(&kV-)8K0pA@hz}bFt!NY)`DA9=(Y&xw#0^h?5;z12B722qU#b8?rkGP
zT%Q2uEh1Ft27anS_c@Q?fV@UT#jiT;HL@>|%mZYnZMX&!SLlbH9)*jcVoDYxK?fk%
zWFsV}31zl7KgE@m{M&ya@XBw7-~JOoAnt{@GJI}(%^g4APH4!7?Mxc-W;<O&ZYJ?@
zRGT|#NV88(8dB{O)Q}w;bPbvJi8_vIW6+R63snt?Y_Dm^&kv)9M7J|*NYbZ5Lu!i;
zLwQ|v4UzN@LxrE1J`AO8lSs)D6xKixR*BW{VTf-epnVPc>EnO@W%0+4jp`NiiQ!Ww
z+r}~EtxknjldL8+1EK7ra&Wy<`{1))sMz{g%65dZpD=uj=6v1;K3627Z)ueuYq1w@
zIIbv^Z40kBt|)@CKTs~kjNRTb{vz8{oWue(3@=pmYZ+251<FDze$RBrVJf*Tuu$Z$
zI7|5IS4ZMPp2Xs6vBzF8g%HwWPjEzwJwe)HPq1m?9(&<TZl6P1tEnfHIeNiGv-Vi8
zY&2!IgKZ3Vx3w|c&7jO?H{O+uciX}^zqMFMVM}jqC1tfJv#pD>k`$)!(y!v6!Xv;y
zPI0>cpNBs}ZD0DZrtJj@Lfh{*YkMt&w#T3wjrX;-@>JMcYJ1`WleRbb7`6SE5{U%F
zH~FtV25tAVc)}S4@SFVDk5p~1`>>|%=h~sRzy7dU+q*6h+Wxi$tv@uqv##y<eVpwH
zeLupYX`Py4>}T=aH%p|X1OfKdgIIvW^Y?trU`GXiK<)YNt<>{1YY*bPHeVts?3%Zz
zi%oH~{n)to$Mf|FDH~zv?<n&_r*qKDwot`FW&dU;6eWvv7~c8Cid%6azZfrYCmQ{W
z`HNk2-}(wJ(to8M;jiLn@p+pn@AH*0{}y?#iSuu<vs%;nmA7EKd%kIdIIi57RXYK*
zYA?-`NLe;*_7V|Hew`-~+AJ~r#LtQ%B%BV?NTtlN5c|;RF72!&^i{xO*b-$vkTe9d
z_H{9>Cwp_AM7$*n;2k&ccbv6R61xx_TOksL4~5<uU?HiVQ<aj0yU*jf(8+$5=N{;1
zL3fs)jdW*Imgml;Y=xVrqb_#8iofUZ^#T<#hwqwqn}q5sAMhIq6>t13ZqSN1Hi{c@
z6>oelZe&!v@x}+YN%PMA0D7`bbjl_$K5xH`_C{nyA|aa+32{G0$hr;$cM9#CLdc<1
zLI$T3a*h%*z7rufKOr*$gf!?%$fp^Ec)Ag?t~()}dJ=N57a@Z(38~+QkRSUJ(yhN?
zzaqJxJE}L|k7zbuc6oy)HcXl?kzfYy^I~f=Ut|}`#s!-@=HiN~T5waI%4?dlXBW-Y
zw(X0f`I}q=Hd5w|Q8J>0lI-!b=(+1LN%yYh5?Ot3eL}n|w_6Aay@NBi{oHZ5hl9(I
zfoy!<RlL<BG%=}Yo<wqbX#CMDwD7a&B+h^L*AiJh4*Bl}{trLJlb;PwW?GGUZVtRv
zF%~J2l!*nY8o4<iI*Q6ccMLw1k6owiC(15@>-6{l)%_o!Q=8a?7CDCFT-lybnjiNp
zxLbV&7IY_w2LX{Eplo-jEm2pUT^9n)gs0;4TMboq-a4OM>}ROT2|Si<II7-Hl!a;H
z^_;$DdBv>$4JCBILP!|%msycfC`aB0p{x~abL#`E#Opb=DYH#_U(G+wd0!%730Jp`
zjlp}Kx$3=Ub0rc!gM8DYDBDAs<J)GpTwcFtuC|V&>FP%sz(XD8N!_DL5YJX$NhI_f
zPAP8*zlF&yR?5y{5;e3uv7NtYg45n8nfO?TK+z;z&97{x>>9vnTnS#~eTn!JuLXzF
z#Ajpj_8I)tAMc@pfBc?!{-oLONw_u)98a=XE3x^#$`1Cc_p}|YC}ktv8GIkB0sS{p
zW^>O`+0~oFGaz%mz~&~rCy}!Gx5}><qwb%sOFX~6z|FzA=s7xkhQ1!5+jYJkq1xO#
ztVd`$TC7KKkLK$UX3jCLM@Vf5vM#^PdW1`e#2IZpLN>+q2uIc;Caaf9WVM1Mzk`kK
zf6}xb;r-dT9^rQ+IL*<V$7@brDv{8~PjZu-#^27fGj#D)o^3z>PD>JQFR#z9RghPO
zB?<Rk<4Y2LdS6|VkcV%7@pelRrsC~O#w7`((=BB6Of0`_T$13@mLz<FH~-}CyA<<P
za6U7%JhSqWgmJS>OA;oJth^+l$1LGgbvbRHdIvdCw#f@ZSypj90=wwhPUYMaetF<w
zzA#~L3j5VBXKzbk;S_d}$`Iek)A%lVvfoYNM+W@JgdYRpM;2cTCHvj6@FN?3B*Tvc
z$~q+|j^VSlpwV9PmxYkEwtEQ)zgu5Tyic92trM$FS^V^3iIn^ebatToqMn*}-*C3(
z5rA$u(ES5+b%8Fwo|bl>H(T9h83~hs@P9yfKM?johOh8NUk53RcC-{RHZPM?oj&;~
zS3rI#HX!H3QD%E+w(7o`&z687fihbot<b>>lS3;~wBQHY-Mm_Dw;i;5Z#}Wkh6rM&
zzaxo7$Yr3waf;*7S=tNQONd0s+7zfbs-C)hzWyxJiw(u3BB1L6bc^b$i|8-EYm(@r
zKqmoRCeTf(t4XTcEXnx9_W+>+Pdpe1Q|fAx;_DO2S{NmzE$e<Z7Pl+t==94IKwed5
zsiOJcyW0AM^Y5yKr{5Lp6AC(7jF0*DDz)_&p!KhvrsW9(-p1t#et8XQW2#5Vzh2Eg
zHM%Y?PgwO9E>DP?sx41Qn)t3nd`e_^Aijld%)5rw34`C|13Q`@wgexAAMX4cmYjhw
z9>32p9{XQoD|UTITh^X3TTBymKo-%&O3Lb`wEqNGAT*)O*6%*`Ubp-B@&hq0qtMHI
zFcZgRb((48vVN_^xNP|Yrg7PV2lR1SZcChnSakoLW+6U)$22Z0cpJxMsbA}}5Ov=X
zvk(LCH_SpDovDt?ro?LFvMnufT-N9T^SJE0cSI*qCg!QGCh6m{L)_iI^_E1$IID%9
zJ?jh@CK7y=CK8I?lE^xoNa$i!99!QuD8C()wP_<l!t-kr+>$!dFK0PH&6HGittO?6
z>jK;2lSgiG@&&<LV2I_D{abK4p|Mv}F~RjA;M%FSX^FS>Ep;J+r;b>NaN$jfgqzeM
zgx89MTBmCBePkcd5bV@cAox{N6M`Q#)e-!*1tPe#@tqL-b*2fy4R0ZW`O9<!d(RXI
z4sUEgu<lzbf+bBg1Xnac1RFLrBY0(|Kyar(@S#U_1VxVSzBd5Df4$QC`!@uH>?Xyj
zealSEL)lAeg5*Yn<bJBflY+Gc--zNtDv!MGgmJI{5&|<h?}95dqJsf8WHTPvyj4rv
zswjZ#wReR(+*A}!(G@7Xm`P-N85FU+{TNrWedcC_1ftFOXF*zW5Qk&-g4f}>qZG&6
zZ%KM%PGGeYSY55fqf|z#D30geGC9gWR!F3zE|C5Rr1fiQlW^oMlZ##tgvj#*5FWb+
z+-9y5LQy%>1py<@Zh|Z)&cIl6>znGHDr?`A2yTVuZ~t_Ry<i>kk9mVnWZ6p^09U(<
zkg&fNZrcQ$GNEmC|1V@XAciImaM}wdfyS}FAs(izy5iXShS<XXI}922K<$Aj218{0
z$LqkNbClwk^@g?~{fl6HSwNp<B3}DCuFdeVL)gFdpCOUL(%dAPzY!lH=T*w0>$)}D
z0X?=Cik0898*}@4l-tj1jjbfSj}TJQ7~Yb?TMoa6kP;VMJ_?t;;j$52#=#}M2aU~#
zek|#uhIcZy;2S1m>p26Bt@f9?vHdYa7~7K#4aT<kb=BCq-LDzjJQo_<VVBw1UKQdk
zY#}CXw<hSuR>wjJ+ZC#kscCs#=>NW!NQoQXXp9RFvj{K6tP|U#(>1r+Ts6ttX6d(^
zu6b3P;&^U`wpQ`(lKX-848c3SW(AXEes_kC{Q#qtINh_NrOG2W3Gcee6_E2b;WjSl
zWjDnM*B+2ZZb}G!ooLa`ADdeM;2ezsyVd8Z-YSxeU3)>1L;~!e@V7My;kAZAtsI_n
zbEdJCc&@e|7nN+ExkczsHJ9+a-X<o$+qQ{e{TDjKq;U=Ixc=*P^ZKvpeEruKhV@_5
zg(|daU|j!Iq^<vItf@k<5vszM?h5O_UKgrxMP2{(u&xTf;&#EI8`^g<bQ`ZNlSoN3
zki;2~#HX0?VtZ(sQ4jd0DvfWqsY>f<#@_Xr>4x4F8AmoIB>cF&!iFkp?<)K;+fku!
z4ah^c#HM;qg|@XfAdL(i!0_T-ykoT&Hb4ixJA4;7Xe2lVuQK1Rei=$DQaxD<xZ4`4
zzsys6E;q7@?I<|hWA7JmKW>KGV}QFWdX}WU_3s4ti$x~5`%Xi+8!Xb{zA#O|J+;08
z?ys2&cV;6E?qBXhxR+FbdwP+8d#iwZ*F!qo%f-F|ul)y$9`>3M$$8T>i?)|M2$Jgy
zlFN;*XwE%Ad^?PmEcxUfo19?d!l+%ssAEGn+Np5b3%mWTD4g>%!1>;2LipvQaCsc}
zHMF^=sk<me`B{^@;i2TAZrpmWwc;4TRBYp*;=54slW5@td~B!ou|k%y)7#HfZZVWK
z+yqy0KR52z*Gh3T(71VkTPbkMj5h4Yl;VyBW{)DX-Y$QUtq3Q%x;hodd9Ct8Q28KK
zt{)9P@Dy%SkUuHbvW|c6v2|t=@!Dr@@|3q9_n<xH9F7;_D08%Be7um{Vz>AZv^zMW
z#qJ<&u{+o_akstj4bGsC!!URVz(un*Sg#DUcV`{L-I6+ny8#$a81LSwZMfT-G8=WM
zV~fWeR#H}zGTS$`)uJzux~&*(B;)$OS8=qlsDaks-fSq0=%u<QBN|;-H==6j%#vEv
zxswsazh*L`+A<o^p@q5;eIW}Y`mMIXh(^7t8qqxsG$YDth(;84nvKZ!nlPdlMECh>
z8{LQo<5!@ap-mYkr`huhiIh+PdFg$GgrBd5o$R~}i*eQ<P9ypXhyvBL$SqAa4Voi0
z!sS5dt_G1?w#%dV<$>J5YztlyUrn2;Hr%k14L56p`7f_XgxxIa8mTyrziP1Gbm0FR
z@LyTAqWuQlF6@r|?riLn*;f2i#m(6#2RAu^CYCA@a8bEm#_^WloeYMaAPhZO+@&x!
zvOT2ReE;i;!k^}Ec$(%_3E`Iu;j#>qWNZ(<YP9)#Up3hLLyF^tsj8s`pknj;VGLhY
zw|Qs^&Az(gc(YI<W!3;YOPTG*sYcu1Hq~tVE{$sjaP1CU`&F%M`^kmqNaU#y_@h0y
zALmp}xB+F3F;lq-C$!idtdqDqryXUs_g_)xB;I&M;zqTyKrLDVe`!XAi3CRr(5QOU
z)r@L(eRcnU2Il<(8t6v#4aSg3wePu;QJr|jWK`=5(WqYjNH?lpuLz^sb+^H&oQ0}U
zt#fKdWv$Qm4`^UEsy|;5Ms>e1Do-ojsO&r@%?@Zb1u?1RGl`Tu36kG+KaU&hNAmoy
zd@UuVsTzwktQ3oI?O%}3wI9a0g<2ePH|Kj*@ck~r9E$k#fqty2|3di#JR-qSKJ;;F
zP$IguEpZ}RNuVsxEmVI?a>&uf5VBy~(QZP*k3|sTYxc013b_6<pza9|x}qqYXa}fV
z7&BIE%?k|{(6T`xAE2QHv{4+v0##T0L&ZekzAQo;o4E{Qvo~Hwb^WQpsQWt$%)0N^
z_zePnLxJDGh|0R3!kHBn+)nq$7F5>#dHJfMznw31f6WxN=<6w!bpQAi)cwrbn(hy)
zEp*@QFzLR-q3iytdZ_z<*zctKr}9m@zxid<{a5Dcy5A>X=>CUxgYGwYS=Idw4o&y>
zI8gUz)H3V-^?afGi9+|=wa|6{0j~SOPFhz1x^G)3k&+Q0`D1Rbqm8Pd7A&3&f>sl<
z{A`FbP<YBP(N)E5QvZdM;W5uqoFj=)9KXD*bu@Q#{*g^M|K(PKAN3=7A9IS^z#+dj
zO_Jh{6&vHZ@OyJW4l1!YpMr&PR6UB0UnlU-*m!Y1IaI5a!2qz~dz*+99bdC{V(YML
zlh6Rf&@2pBV0|z?t6hZ%f&2`rc#v<6msU&Dh`(ZlM*LC7q!CB!=o;}Ux~Zi3chrde
zQ%oAMd@^c8aIUTqbc)c3-bRh6Hd)n(W%p<rF)Ri(qE{WWMx2=<G-9=g)0;HYHG&_V
zVcRhAKa9B6PSoObNpW18Y#4Ek!pV0K_Fl_>9C3yEKd5)pA6`-v&TI%U%eN51FWbXq
z3O|ACo4YkY9;qn+u{ceDTrvPs8-u;1r>oux5btCYAooo|Ku*4|1M=M@0m!{o4S<ZF
zr~=aHZViwH9FS2J0O>hd0Mb&J=*$OnK<e`SwcEV(pXMi<zf@s<a?m8r_9EBLZ9+&{
zQssHcL;Ad=(VVWiLi?L*7BqhCXH5tx8G|y9KQg~^iq4mLl{e;_omcsc#KOE=oVu8u
z$Mbt$<ntzDao(hFo<z#B_=c5h&hZT^mz+}+e2TRb;dMGv=9q@wFnaAhRuXbGx9BGh
zZUBk~5c{oaZpz1z@+7i$3%t*B{C%p<S2J3QqMN+Q&vuei+;J&vD?1qaE78Ke0w{3B
ze4}qC@Z6%qn486Oar`0|$Iljs53y^+=8JrLUdk5p-Tl}caRQ_{D`xP7+hpGOCfp{$
zCQjVQtaSdRxG}Kejhip>8<lqTKK<fta&>mTc$*BO<>E$m#T)O58_5-KOnLD(IY(J9
zO2o&u(kYvk;SpsU?TtwHk%SB$Nyy^Sgmld&q<)Z)3ps>*HI9&l69_4uLdd5R3GwIi
z93NADPp+2V^HiRm-}6MCn%`sGWxZ@X1{M$HVSZ2UE%JM|kH2+(kJFIfvvw|i@s5}w
zk<}?p3GuE3PN8qx|Ev6-TrI!n%L#gZkJFIf^AzX5<#mayo{Rin0{*?)SI+M-zT92o
zF~28Q%kRnkzvuT{dQs2s>Hj*<?-?HZf64F3&HX>-_vEViJ+HiYi~Js^mfsWg07&R%
zNzd;w3gyN)%<ti%uqD2z=l9GTr^SooD(3feAFtl?jjxp7^P}yS`90^y8}fSw;zLcv
z<4mH9-bXx}PM1jNjduTk$nSBFyIp=ywQ;E68(&Zpa#p=iIlt%h3zhSG_Pub2{GOCt
zmE9w`ru?4wU(oV<RQ>kGP<BJf$iVE9G8DsfiIB2Z`6bsagjjM?Y0>NOSLlUKAd2)D
z%Jy*j7ONv;f&L9HwqEa{*z83T3H5ong6?x}Qm_GKwuKs!?~jv+$v|wYa@2cEbEI2a
z!_J+_-SuZbqCWcz_$=?jv)`Xz%v*~W{j!pQ+Xct1ehrCc^9Noy8y|S$G>L>3#f!6=
zTz%m&HjGnGXL9x3Sn0e!adZNOC%|(N`nhvc*-fyBWG_1gmYRTP98q?|FAsIcrm{0Q
zPD=&#3AzWuk1YP+wJD2lFk2!ebD#@78cRrcF+}-7=oViEp#%NdSrRGv0O-qsK97$I
z?&8lZB<*J{|9L?o!FF2hSaoLUOQ`-KRIk<y!f!ljaF=0l7z|348yyF=K7v|}pjKoR
zqBdnOxF4V3^*B5R<7$p%{HoLe>MewNZJUAE{|fKKxc&76q~4aJ9U-NCw5$PDKEWAZ
zXsRWrPe%G#f<BAtb80`oE0K~<fj$lB|B<x(l1n+J&!)?PZ~+iz0O1c(g<}I)RpYS%
zBBR7b<!58XfdQXu>N!70%Pe_YD`Yt$v!r=rQ)Wq`*6vVf_an)aSz;TDBio6QRszn2
zYljG+pQ|ncXlH~efUX*$2hazrV*q{brgVn@n&g-Q=wHWT0R7PnJ%D~8C<5q(oDmP8
z6UM3m^sxvnfIeCc1Ly*qIe@N}BLZlC<l&xB_Xc_ZeHPQ{Q=@!r7iEqQEw^;aeS(#>
z;pW>CDft|PHvxn<j0fVMJtvU>yXj>&|K;dt-gCy?!;XyAW<jg1odbNoC5C}ffZc?+
z1CKTSf$afAvN^;qD3eomI(_oUoi5639W3fBc)SI7;ocd`!#j-Gcj7K$^&44Kr4^z7
zm(2(%OEZ3xRI<6N4zM#qFUqsABlodmq1S+co}+glTOz0>YgaVGaQUa15-C|EPA4$N
z`-`$~6A8}9zD=|_F1zwbVo3HalKs16^RxH{@^e>vPsOx(b};l*oQ0Itqbxo}eX6z3
z!RsEv@3icSpAB`#QkJL2By6NR8P8R(Gzcjh15J!{yDGlc{xN{e7Mj0_dIwZIp0(n6
zx1y)J=uzmD_29AC@zA1<pqY-Jo|E`VNNF*Cwn52=<5`xG&7qrED)I5mVL_qxH22`$
zWpK9%Et-yg`pJ$KqBt&((Uxm8S=|K5zUF;RdrYW_?(>R7LP@PHAmN<*%34!4-FWWL
zU!y_&m+*6c{(^Wz$Kd#AV_>G8QCm4W!~LKAa<Y@k88O{^()_boRL%~0%K7%sNBr`@
z!=9^tIcqN-N}Ihc)l=@5b4xv?I7x_Wk-RZfY){W$x(;P6UwBg@#otPVc-M_-PDr?U
z4MKQFYqJ;LKp)Kr`slM`w38^IViHtbi4|XliWhNpGC%ML+|2J(UW21F#qmfs9`pL@
zTUJ6m+Y3wWGuIbxw-=;w?!13_XN+dL^(bq3{0)f|7bExC%|X_`hiC8xcn9;e{xC7c
zYmn|^c#0}`m<Hp$%Hw0SJ}ahpEfReRM8~UWUCF0o^mUBItC8e8AX$TbU%tNEbedH-
zgnV_kX}>(&MdgXHet9BvBE!b0{YBp~+HTVsT4CB4vD@_NdKTlMH&<s!L^Qku8g5+8
zwA*yaNbE%tELM`rk2F-jUbmD)A2QQoIxwQpqW2+h*zmxJ&#y~&I51+(Xw!iab4Otx
z(*HI6z=*b^#eornI3s>w#GfP810&ueS|9SR1rLlM7W07-dq<n*Nq2<owe<rd#35&k
zpOuJ5@f^jY8Xlx<qLcFDT`*Z32UEr)8WuilJffkB;`n)#ra>{qB`DErAkp`u2&O|v
zP&wC$OY&Ba!X7|7XyNlw=>30oQfB*Ll#19)Q3~Bb+zqv~=?z{Q%g6569h{8|+3Q+#
zRpX6EwIC!Ml*~CQ=SP@MKsYf1o@9^bYG`6zi}Bc|tt0Tb8^OvBtPbEOl9rpNOGFeO
zhSz%zUayFuzgqN|#bAS><_-08A|~PaOf9EE?e$o@1u#wI#o1823X7)$Q#Tgd-WVye
z#+pnWDG`<rjripSXx91HBXS-V&VhnC|5^nMYRj_%X&F_pWo_WR899%F2EUJls*yQu
zja5Ivs*G37=?3;+B$486SOAwmXuoYCRC^1nRkasRsG_+ftokfg%@9?=q832a9a!}j
zsG1oGA<9lF7l=ut6RHXgeg;NxO}=<mBKCs&s%ZYp$9_;8h0k)Qbs3#j{&kD+TK_Y8
zEx^xk7)di|dJi^T^+7_yzeE^Z)`}6PbFu!JCXwR3NP7>^)`~EAu2)Cso554oav#v{
zL)wNw8?tE*?92$w5w<AajU*2|h?1W(P2#F&FPw)<o_8va>@10d->?~c+ab!LN8FSQ
zzRfRB!tO#I7Yn1Hbf;f_8XR1~2-OB&9DxT4gM%BR6%ONt$)PH>P3Mz2;Mw_uCBm~i
zZKe~qk3EeJuJ_+O_EEjtr+-V_yY;^z8N6Fk*Bg@N-Ik-<iQkC_`QC1E>9J=t`G9vT
z$wKcoxlrHmxyLhN!{>a?h;R5@JB!z2wl#lAs&}i2N82WSf1RHuVxvkVc(+T>2%TRh
zHhgYV)5057>;-eMY^GQ|i24<Jqps=Xu}iN>r1%FEQ8y6L6;!cgaZsrLs&uQM+V+e|
z^_J*7dH@eRJzaM+<A&pu1Rc)5Jf!1h4dc|!8gNjEc>vc99=79f;bDscRTRfdSy~Ee
zOz{D1=mlu#QLAaQ2Fh%IT?MChknQ4%arP>D%w5iaoVSYyBDR>Ts@g<|yRkkcA|MBM
z#lZ+;{XP0Qf}*Xd(AHkbyx8HxVc;dp4eIpzFbVsY*0oGC(YaXMQkEqm_)Q0XOVI>c
zKCc&3D83iv-?A?h@517n;7IIP+%XEL@EzrsZwbrjr%h2(9pG^gc`O3f;`Gzfp<?ZD
zdQ?s;KO2KN?M(y_Jg41=#HyhJi4=Clhu?wD4>yE1oc}i9zr<1@v7Hs*6gi$jxQ8mF
zvz&4bx80theStXd3T51F(RShx><$3C0T$C?f^CLMM%%q_sASrC|L&m@Vb~Mpha-Yr
z^23(k1Nk?koY63P!wz?cl0l)79>qtokvc8Gx1)vV6v;r*w)hBASb*ZW3KR+aK@TBC
z89ZoLJo{Ze@=3)=K7UJ$z8_`?9)CtAt)Q7|JP^5mh(r*XG|I-{wgpL;@C@=x)k1iV
zOe3IW2SMc)J1yz~frnv;yGwCchDfBWI%sqUCu%f)**Kb$AzFR3B`VsbS1O-Qv}JJR
z&pclb=2M0v(XfZ3VSg}KB4vFI6^jO&vS25|B@>5I6_x`Q(Z3DF!_aq(M_;(<WpNOC
z=b;iQ{skY*#~<v;S8nkQ>A}GgesSTQ=`LCn{n~gKByRMwA4Bc#vuMqEj+RAoiTzS(
znECr4@%017nhAaw^uUmi!YDEWMv<BP@b?PC*kyxmu@wFNLF!rXS>h;ob-V;)CF7Yn
z7cf09D@555%H%i<<g-suIrp$f;X|i#K6JXO51sI9lw9EE%iL1j$=bdY{LGx8?gX3-
zR2&BeYifn_e}xh${uPs>LAma!YKR3s8!Q=f%q|v4r1&==eXpgq2aN~?UK(slAlm|@
zCou;aNayIMY5qLew2*Bs5S{?SB|tbfQtR~b!*F!YRb!{`lhd3&d7>*I504G-0nN<8
zs*iqcF!*R3&`i<_b9iBLsMcK;<7+q3+T8%{&W$v!i8((2WW=Z><fl014l=#pnS6;9
zpMmOop!zRd6d5Rr=LebIuoy^x2ht-z+K7{8B5C>{lYnOcX$VM90_mUnF|MBsGJ*Cq
z5T3?KSRi~NqC%+D;mR#SCBHll(<Ss+DRYo2rY?iDSgE5{*nW_Rl@8Z1<r;=xR$I5U
zA|za54waVohev(ODdDmI7M#vyG58om-3f}L?;suo1E+bw=?~y^7jSxq2bWP2A)a!P
zqZ*fA?2-tvB->|h_LSxqyWzq<vs5k+8yjp7K0LX7<D7_;gh7^I3&l}3K<D29_+LXg
z0sn_1xN*dWKbDLRIP2Uk9k6epN$8iRNTm1*Fq;X?!Wf@Mr(BZMgo7jJMKtKVphts#
z7GL#(M8ey6G`JA-nZ-YR_D<2@-T|5h^`I>JtN!Q#pP!&dgJ}aKQkF|ue0iB68jR}C
z>oMDsi&`|;5qcLnzTiCn_zn>a+Z8Hos*MEwl*QN9-fb4V+gU3p-Fhy`pe@yNwG2kL
zAteHX=0M@qoMOu2PfS*8y#uwrwGzUnAuORLO)ZA4aWrFCqSbg0Y7|(t4Af2iO>2h=
zHNrVS*cW%J$#&svk<)Y4bhbj>exfIQh_bGDa^gz;<ivD-a^fCysB%|7by$9dVrF@2
ze|;SkZ+A1ad&s!+4nI8+tY?8}I>jC5V}}BA5Q3FGS}xKxS3n+lJ~q`;9-3QKGabSA
z0Pvk8nIe`+eN7Qdc3+-d8cUgN#Z!FgCX2<%y!ZuA!Mzpe=pl5;h95oQ$0P8gQT`2!
zy-=J;x9xYs&QRck%6d^|d;AYWY5X4&DNBZNQ`k^CE-aC<=9JlX8#$~84z(z=B^YU2
zgw-9V_(Oqsm-fNoQtWxnHilgmwz1%xX{7Y_Ienxg<H#nyUieP7v7(=8r1W-Qw2fZ5
zx@|P?Cq_#9LI&G7+eaNKy?IWvjXjreq!e?`JW|@$PmGjG#Yic#iat_W%)_q*PpT*V
z^7!~cKbxeU^ef`yNVCqp_oPwhY>H!FUrpt!t$nLCrsbCnG@tRC;*Q0I+IzTWU2*cn
z6n^0{%<f!?HRQWpiR0sx@`O->NKFAdto;-lxms++F+#lSrOFZApP78RJ%`6ZqcILT
zo+**CA;$1(S7yaAO>w5-pvpws-+j0aCkK0q@nnE)qHM3?Xxm33g{9*k1OJ~Vkz$*b
zkhSailU0l*hi7uH)df3eik)*ec$g%0GO6E#7Q(X*amh@cI~HQKI0(}c!hB^yd;&BB
z@4PmM&6FEW+8DT9>wSwz^0(e<-bzvQXq>C%itdMTZ=O3gg>A$p*+FcSM_>3fa*Ep(
z+EK^CV@T-GDzrBhSqI&@5R6V1IY6%xQu!gC>dn7KWL1<<N^kxpB(oxrEs%GfJG)}a
z)!n_d4TNqHyZ+g$!X7-8=l8XEbutl4Nir`$yy|5?W1z||YGG^cVGLN=Sqxa&pAfKO
z-aNWDaHOCvT6h`<CG)XAcreoxaOJ!xk&+q!;RA7mglpj${L^`uYRTl=u<?`*v6eL&
zXxjj7RSapT^EmZjZ$oC{T|kovG^eAqP%AOhuw_GaphyLZjZqc$12|eH8TJFvzt>KP
z_4Dtw|Ld&=QWtt_-)m26g-3gf@3k*lE&5|)gHJ+(e?*x+)b{Hsk^FTKM_Ih=EM?Q9
z(4_vvMZOTDR*r;z?WIRT@#7^@;soZ^+7J@{Axe#ep2rtT6SFw|Pv0^U>d@QtDLa%a
zk&@cLtT;|PeLwn<u;%T1hb3Y!oXUHlOQ*TVuftdOoP<kxCZeTAMX#4b)uijE?(`LT
zbuS~#d(lC^A?o+UULfOn{fn|2s2OjjY$#<(@1HV!Sw7Z7LLM4BTV6=(6=uVqvf~ka
z?)}g!NM$V)$Jf0?uaFig&VT=hn3xpqw-+>z#BA!O4Nc$RzZ<6ttONx19#5zr)E!Li
ztdISzsy%*Aeu%Qp7{$!jqnM67irHcQtW3Kb&l<NXj!8WYE6}mM-=Mw72p+}E*Q1zJ
zr`D#JW%03tJ~`zdp89D^>Z$6frzcK*{o@MAdF8R8oy0Vb`sD@n%`QMoCvE1buTQ#}
zhWYQprJRR>&Cwn_u$f*9HL&3hxR&RjLx4!enSaBQlL-3LU44{Lcaf}b@1_>nL<3?&
zxz9uZ(yE(8Jlhq==xzp`5lJD<;gRo!NAB4MOz3R*Z63;xKf@CM64doAe~6f6)@ftR
z(ojCF$1Df`K+S#Zw>#!P^f2c?bmRFCV+{EZ-9`Sxm0ykd58br<htryNTA@X`VU^R8
zIsc)D(9Soji2R4Yh?f5_k!R^#$dKTDxz3@kwN!ViaNl;Pijx^eC9^4xdfiQ)`Djog
zC5=Fwlfkq6YBfyl;UXstVGbFNwKvb}DaI&90nJ#iq5EAoNzd*7OrHu&2&LX6x*x~Z
zXF}@^t0}I2Aj717&J6uza34EH6K%b^@l_{r!It84IBw>+S8+^x0;3do!y98IQqmaO
zSORT44Z)N6^nUDqum=3}=VgEE2}@g`iW{ozhbj+Q3CUjvHKObVYeANK6i2;oYFES;
zAORn2{QzaVm5ey?O|0M-Vw#)i-W93^-3eayLx82l_*j~Y?z`?!EcLQY_IVou?bBTL
zd8LJWgAS@#eJst{Np4W;D@wNb<g^$tp99DzzpF&@uPedl4FbB>MN(f!*@|xyOcKwH
zpa1QJ9r0B0>6Cx}$<XxrX^6L<mq<x-c<HFNgoHcrZ0cetjfK*iAc|%ZAtg=WvJ5V(
zaH4mB2unjyT7=?=pRARhfzoqWI-Sq5)W|S&<Sl^aZfJA`r{U8pp{^!PZ3FBc1kwgT
z8f($|{PYY%B;FKm^7YGxjgrouluR2XJ>~MTp96AEY=Hd<?ld631f9MuL)G2Cx@y}c
zUFfP7p6M#KODg<}7$5DO=Oj|n3?A(fXuXQX>_!I!cq|u(2IWZj1?+e$j%w4R{Or|P
z=y0}!!`TN8XHo_#?|`*QZ3*WK-k$e#@y(x;j5cBo=p7|=cXpcJ9QEOQ#qqnpa>o7v
zKX*Js%DNf2tc6lx6x&@ELX}8A`yKSu6)xoMex0p4ib34(mbrM(u{I9xznN_^)@S{a
zsnaqBsa^fIh|?eObHi}aqUdu&Fm0db1o>)MD!oOtU!<=?>`b9r287p{AmxD&l4nuA
zsb)WSZpGI3b-w+P{NHrGO)mSK&bQenGrzMMa8JHfz^%sHJ;lauxZ4zuw=2&Nd)YsJ
zdEj0iY+vEQ_DBe}M?$c@*u4#d?UC+e_(9=E9Q;Utd!=}9F%E4M$CrMS>0BKxkzx;k
z^*-olQ8mLX@ymXFQExGLy0r^|W^z@-^l*Q_HfpyQ#{<pMwqh}>Fu_fJ-JXlv0>vtz
zc%*8D3E`n9DozLo#DuVqPYCDxRbw0P*CvEVYlTDoVnWz@T^}v*26sV&L#mp*?P;Gx
z@{2{-T`ndkwV2z-{?Wtk<b?4Uc8}<+hu!N&Nu;;~FrVllB;2#A8g^6D1my2WZW(rO
z>uj1yeh!!=0khV?EQ;^mzws9>?4JCq2v~X_H%>q{p~oc>UdRI$H%2P)FCDzoBum%M
z8l*2$79H0K1D1=!^+}e^og`A$ld|}S4jLv|ruuk2W^4J27O?zrLLz>-$;M-RVj%)X
z>kzRF?kpk}zSsTk(1({W?;%il%3iRa$I-`Xn&Rj&BUK4_KmrMTIc{AF7F6y7jpuso
zYo8XC^N^2q!8p29jiY_gwJ8=K+wC_c=@43BHn3eM9yTr$VWXWl+6x-}41;N%YYi$>
zr*1$)FF1WLl(PNh;~$`wVX*Oo@c%vxX#Rv?`fO}y(iLJ1re{2>zTQx1sW8HvmGfk}
zWK_*g>3T3d-6v)Vc`%(c5w7JmXz-?BdLh;F->C?uH>9aWE7SNiBy=ot0aga_{F=st
z>Bi|iKF&}h=@TO)Qk)9UyWImG{dBlv1V3-+s3g8ZamB3ji%`sCM@%#0dyeRlG&_!w
z^r`)Kilo1#nnmFGr|JCs)1ij*PpOEc-`{VDq|c?PGvhOV(iC&b&p0#Q=?L%SY(Aa^
z_B|DPnP3y=pI#th*4tj-w(;{%Q=tbwEmV#}{10kfe1HwdvDGrd*R#5P7^Lk6wKuDs
zoN8R4XHy)d=_aQ;<r#?-r-69?1a)|!3TJ5d%LAPOc3N#&jj;KQtcbAr4)?bVuLq~A
zcxR>?!s~7NTEB$QnM(%eh>sBU5Fz13=J0x3ib)|?rRW=L2iO&wXuAdq#m<A4Qi!l|
z9uSe*t2mmcX%Y6jSrRFx(9C_%%s*B=Su77fNsE;fYIyxL(02m*B%t4ARkJ~>*$e99
zR-<|D<l**4DMZvg=x4SO_%J&#vc8Uy^*9U`ahp%<m<`Kj$~#I}6(9DXs0MXfiaH5=
zq-d<Os-vWS&A6JX_ILJz)9R-JFFS~*4x~HPsah(hy8<jd#>djN7=AOx@acLCAL(Q1
z&Q9{9B8E@L82%6fP|}gd@M8?~ejf4Us=$Jes-h{pfG62A9=z{J(H^m|fJbOCPfMiu
z2@q=`i1h^?oBwaPM2fpY=>#Yp$V*Q_X%{Gc4oWxhh<&$K`V5pl#A#PTX#h%}g3^0=
z=|@oNhtemYG)gjjLv58}>iNb2X*VE!9Y}jx4Bt?#DJG-w18H|4oeiYT^&o$6itg04
z^!txde~2N-_<^!$<&ZhZ;9Y${4!UCl?21oLaXSNijg75VifT>OQqY>*5O3V<sFwcO
zk(VZi-aKy#`9B^ek>U(^(C^?Gs#?s>exw)RNsYod-;uTtu6C&=e~XZRS_)cI-?ghB
zBAjo4ou(}Q(P5@&-{HMQHa+oH{tj?9S?|8UJB}>tZeX)JS<)=@r&<v1rxHKJM|o~n
zxQJ`hhM}taI>>v6vRK}^wefKLhnl>{1Ve-1MQ*hews-O^p8oM<J~)E7ziFn3`!}+K
zp(jY?9flprhPXcq;{I$u8|u!bY>k+JUm-TmUo6H;b3{^#`AK$l;J$9#E$)5Q;Wi6h
zXLY#EO5RBwZZkL--r+XGi9iR4c{bB2n_y7jeQM)v)@yo>(xNx6qrKc{Ur$V!=C5~#
z+;c62T~Hi9d)3{aYsVAfUD?M<NLhU0)tnLPDlD=4b7Q>S7jD<a-JcJKvdals-3rV5
zS^s~u{d;&!*Y`M%?{kuoM2tyr2o-{HzcfVLB4o&Lrk%7XN>PfoT3T9(OR3T%t?BNd
zs;aaut)jFpMUhCvEf+!5{npY_W{kVmo%4Iv+WVY2CmBAk=ly%W{*XE6ti9ISYwx}G
z+Iz3P7G5>jKNPPTl=Kye=ip;f<}%0JP9h0#ClsDHvp7_xZ+)uw?W9}B@J!KqOeCJ}
zmx*?<J8N3Jda?WLWy6+v<4z*U%8W<G5*cH!_7#b3Gw5hf++(8Mx(jf>PdbH$t$D*y
zk$8^zbo91p^u`$JZAlbKRt}@L?=_@X73l>7y`7H&(!=`_atyBV)T@1pfPNbNLh)iB
zTj;sQoOMtSEb<)mhD^6i$C-4GoRB!XGng^3>KjpL$$SRYsEcW7>B1gd90W3@Mt1h!
zDaa|;1{!f#5Fy?S>@52fX=NvE5fCZU#9Ko|k`vm75HC;s@_k2<pclNuN#Dgy#3Y$c
ziIBn6u@in3l~0WeJA%EmiydWpj^E_l8#29{Rvj1bA9fUpuOf4I_k=R*LqEs|bwm}F
z)>)>BZviLOG>*|b{|I4@r0kU?b2sw1Uy-aGMYU$@h{4&kd`EWwwIfth!9&~*s3RPS
z+G5q5(*o(d4&DA82Q2{wuEu{&5J^G$JXjhsfwb?){18%Kld0740Cu0W!y@s_^J>;q
zNKW52toxLBT3#|Z&U}y{lAKqN+z33MO`M8;ASJTfeETJl&?BCY9;jy~N{CG9blvrx
zjtTrI(a8doX2Zv1*ZMgkA+&phD}9zoh|f%?!QW)M4&K|E<|pj_Fi0Neku$HPHpM-g
z-SV(6=io$GB&Y9)k%NwTwzM^PCmiem^JoiU6{1du{}T{<T2q;tf)n}7XW(vO2bA?i
zkdP~VI`f(2_rLLyRiJxWd{_<bz%CyRDSh<m=pYhX>5Eu+`J_+Zmu<ameQ-dzM_EtE
z(=H!iZS>VV9u(hRO{VWhSYFP1!}5{+nC0an_<JXXUWdP%WP1OWWs0dS_6@J4DnO+a
zz<(Fz0(%G{gjgc&+bogx5=*50j3v^3%@S!>Qo!Epg+9%X!!4iAMIWfd>g^Q8Ml&{%
zy@WV|3Y4=l?J`1k*+XR7Wr*yuD>CiUPj=bw$h1oj*=4^b(=M{?vR{;Gmn7L`KO@sF
z?PQnzm`uCG$}W3}OuICaUG@T*c8QT)_H9l&G|K6EeUmTPNnhWDv+1A&wl$mnxV+`l
z{TMUu^G&hHK#B5~Or<JC=)>WpU7{4Jq&>8YeG^Z^lW_ucfKn`Hp0doi$27^VT{`$h
z?b)Oe0n}B%0}L=-k9eF8us{V|&HxYY)&ZvI083QBDGbnCr~|a>0FSAFeHdW7d>!C}
zc7DJ!Dqu4Pct%h9pbqe&3K+xyyXkBFlMe8j3V0ILr4+5lI8_IDM+IER0Bh<2U)BLC
zD&TYmn6Og^*g^*wq5=*U(8ccla}3Z0R*gGllkAo@Eo8BtV>~&35t5l_acv@mWNmFr
zh;O7!$4AKNj|BjTmEESo-Xh5ghvDHiztBe{vc*~GberqJPnQ#Ln!bJxm03hPk>E6K
zN!cO0rN}-aaavMX_AS{hRqw-HbXT+!N!G=-I1z4r1t-EjFM=9&1rg%Ox=qMt1<w&u
zs>yMCJz)(*w6hvP#i#8$fU!Poui6IL1`d98&`#*nzHzd<n<8V>`y@qCobJS(t#MR+
zI`IF?Q6*D*h=U$>(v$+crf%Pcfu?0@SJ+Mnwco)Y_cFC#<2xSqi~JDLeugJzv>(Gw
zKbhJ~m`}*p1Xj6^73GatFBB4zTu4aALPA;>64I=Y5U?t177|jWkdO+6gaj87^00uA
ze+vjnD<tIGLPB;I5^}YWkZMJQBoz_zRuLhyiwMasBIJA#A?7`V%r7Qnb}=EJ6%+Dt
zF(Drm6Y_pBA#WEGGPIbGSBeSgRZPfp#ijBg>F%#`qa;SACsODQFde}Rp*KBU%VCI*
zs*1EFUL;x7+rh-;hIuv)6rfU0rnFG-PXP;BLw{Niuk3M3vMZZi)ZQ;ssW49@o|k+C
z*0O04SvEv93s8AP=)S4t3(|=;&!$=@Fzlha2_~^My9nr7k8j;l>s0vje3a)wh(P3o
z=0C^7WO2+!OKh~jGG~XJ(7Y&4B$heb<%H%hwt-)H;f3LQ(!$aBiH{cvJ&<{DVnkLd
zvNH$R=`RwJS}_ax0NkTP1maAHk7y&3)OZKo?|FQe5PBV|@r)u(Yr_X^)&fNFHK3>p
zljcz@Z3E7z(>g>>Fz<^ONop%kuD-lYE58NHe*@)@3T4WV@N|DbFh6A0UId&EfWHVv
zUV{)i)jCE_h#wp;5=#bUiT>tq$9u@0UY9tMTZrU4Kr#Z5gdh@MUzti%av5v`6*i(h
zz%ByVjtmxzYhM$YN;~ox?0qkXZH}-@05*a#7o;**wVZ&Ps;~qrNIxL3w)Tv^&x;Pk
zqD!GDSbC`;$*$}J0^5k4j%5z3WfIgf)3D5PD6>Q@b68;Umu6`;)Nx%Gz1tF_;v5%r
zL7EWgtPbc91A<qIG^Lf_RLt6h1Xl&I{5aI3E3}Xm@?ar{zfk?Gd@S@cTRt&A7IUNL
zMB@4K23M257BZ#Rb;x=$WY=+4FGzOb_D(_iLqLvdbs(srQJ|Dkd2p7&wpaOzip9*K
zJ)`V#x6>~PmW<c%{0J6gF7#eYwI<<yUHbiUsXb&WJ+m8i|ENNdcuM{xe&49Au$Euj
zfe>#Azb-rEjA1?WQ>;iB)CPe1385S@iX^wvuBuzMK_|$W3;=B6GvCA%v;Xm}W1!3O
zHx?M2Fsc;zw~l)h;ns2WZBN@ep47_VgfXxsZXHLz;NLpF(UNZ+AIQ~h9j}j7oiO_E
z(zcF|7N8Tx%zUF0#>`fw@_6q*K}zTG9{DT}oZDT^#@I=wleBD%XLPHk5zhj1yYZZ+
z#Pj_>Z25wVCS1YD&%&aKU+g(_o-Z<#w1zT`Pku=x+p<BnUw2^Z@HlLm=GZh9p=4cr
z(H37kY9SI|GgiRW0rzLbmssdCw|R4SHN3*(tAxZUr4Li{TClZ85{3tu%%TFd(*o$&
zFfh=$JT0t^K4^lIp6(-0yL^^i<-Ps6ma}RxzUdO`aE-n0a82^a^uA1`%&j6xaSc10
z;u?9}9(N_hHTD3WbfP;WYjfA6LMOfFbg3SdB~I5U>ll_y!Zpg;Lp%E%0{=~L@?Zmo
z^RHOuixe70{70K5L4@Q6C%~*^MP?m4MD3n2_KWuB3%f;<HbADP_}zxy+F-XxyeC<2
z{XQR0;0|ql+6mmgXGQH&^!K>qm+wtyca`U3L31&x?ITWVk5Z(HE!11?8@6kmv_J6R
zieI^l-Ny>W{`IGCs3Ki_miN;tSQE1)pWhD)9RE<`C9MW_M|15KIC#!J#|^$sNd6Xf
z^X>HvN?>U-ezxXJxM0crMC5rz{*$THKMP}w1j>Kc!ml8*4}#nqg51Z{!wJiU0@&wS
za*hysJTq@1hiMEjuZI&NH%?P?ch+wvlFU<<%;ADQEZ3PW0nc0el_47oDDTxpvY%~X
zWSf*C+X`T=mN$@H-IS5NVu%JdA~4y%n(N3O29&)3<;RTd*v*XW`oA@@2-6#2#v94D
zMY3sQ{Ura}9Qgic8Il74orRIS{u?8iREp#vfC)B|+|>j~rdG&>x!h;U6%92W7nuCD
zW<0oW_EEt5A>jS84*HGnYKCFxckA{#Uu(j<ke#Jea$1w<5u0lbn1u8{&vSS?iN#v<
zj;}+AEgchx327p9Gk`wosjmm>RR_nfD_2y<?XsPGmU)zI7`IomMdDq}#_gpYIBw5v
ze%iQ|nrUO@1DTp{H^G6jsk{H=oHiAS?^T&b&qqY&pj=(Fif&ERaeO&P8^>WgaU2iL
zHjd*4id4H9AIC{CYzBVy5SwrKSZoZh8#m=cv3g?>Mqyet6pH89@;Z@pMg*pDIhsfk
zwsVn`-(e8RgYABi97AOjAG_&kA`zP!L~^b%iezawzepxD;Uc++9nXAyt4<_wja8AH
z*s6(SVIGQP^!73$snC>*q)u%nlIIT^L{h%CUL@rjiA*t#3e|Vp@f%ri>k$E}6W2sH
zbk5+M(2)@D;aa$D>e+ft8#DN^9DF>0fvf#@L1#8Z^^h^fpp}G;0SC*D#yWy$0cRxO
z999b!QblnGfohxMes@R)QyF0Tm7-g%A#N3TUcL-W!ZM?VBAsl^+m{ur3I%P^1}~U1
zxI$O??7u-Iu5Wov(=zN<Zme_U`3o@C0gM}>kzEJfZ*%t)JekLczfuTQ51@)_8tA@>
zboZsu|2#{5I+h!1EMw6IP;`{ZSl6ad*3IsfyS}x4&M(G}fO^>D&dXFfu}&m*`Y`Ym
z<ZPsq`aeLW4^X*MlQr{^E4-O2v5zlz#4~U2g<vBWKh|e09c$9J^x$;?Tl#oI9nA}X
zb|}!CSd;I_$2R1fdUutyN(^8)r~7Uxy3Om0M4t8l#`YAj;=jVl%e-u>NIYSO{8oJS
zMZhu!$W*Gy2F(0Jh6((fRU`~56`(FZLr7ea)BQ6#<~iM4`F)Mx`l?F51hDe}HV@NW
zO7E@3d7j5s>mD%vMFU;UeSlyoAovIo*hA$6le4}^QeTu4OyO3Mq;`|(KDi(tmOF~n
zzk#mDVd0h7`FVT_CtZA&`C_D1XP<wD&+T!S!VXIf2mMzsyBqcJlrgQfgLVsbB#eu&
zxCaN}<Wyi4Nm_)1c8ii}FuHOm`M#PCntVHoKUkoHD~E9xmEE#(TKj>paob4mEkNt(
z$5hIifIT9=zA6_>#tQZ7NulS?5w!&^8E=ZlmXAZcn5lH2wTFRZR6QVq44L-U6N#g}
zE!2`(1%u-iDN;|XW^-mFb2o>6PFl!#2OMFFbhs|yD0b4`)-iEc=#doKCBi|waQ6l7
zz0k$rf!sysf!rm+7lj_kdlX5ihu#a840KDR#js%LAyd<hx+-f4z?$0@<8Xz@)KtA5
zUpak<9rOEoes<Y<3oD%rOI}vrMs-<z#{iqQ2nV$p*|c#sYa*LA9h<fYUsT)`?`T|3
zA42K8RG0Z$bd;&-#k!o66xrQ1#^LH7>PRn$@D@B$l<aHJ!ya|y(E_ut!s88i><f?o
z!Q%^wgm}Bd<G=9O1s>b6UEhstoOa3*iRZNv-8j7ikZ%KIMZVg;Sz;Kc33Wumpxy;2
z58K?a<J4@vx<w?ONIkwA09hR%b6Mzh&-X@rz8H}(sAzzKB~tcfcs$vW-=Rx9o6I9?
zSTfn#WS=5!h!Kfz0)sr>kq}sJOsL1ybxoN{m$B6fWm?G-c@a1F+A7ku7=tUom>3c7
zm1(16(a(m_(FR6GTQ-&pJK|AUpJcp`SZZyDE?c&0U>8;eB{jaTPE$O9;;W%<QPl`e
zi^QYN-S}}Wd~9P(mwC80@ZZ}yB1hnTE{X2WJe5LAQs{1*#l8zSc$fKb+dXr<gmFVb
zlnP)x0~mk8RGOyp8#G&M^agHgHTczFYgPNzZ)=T2b1{DD>ZjRSbL$vvt?@BvYqd-C
z+gcUsa9e8tA~I*J*V$SHSUK~U_1xs@86~@<gYe`s(RGZqP-N{m*jkJ0a9isqiFKhf
zg$7$|wxqYU=GWr3)+dG~!p@ZeHQ(MCT~mp{gydH0M2Pnti8WQ93tCg*$13oVRw2aE
zxCL*iCbgI%Ov*e(kJv2sBc8Qhe^hpF3d@$6@vGJf)7J1-*u2Tm3O{Y~x57VYp~k=Q
z)K-XyF|@*sTG$G|Ciq+7liIu$qFF0EUZ-mX8!~Rbv`*g&=T~DZL~kn73N>PQD^#n(
zTA_b|p%q9KeJfOn=B*HJusz+Y0=7c8+WyOs*&!h40U+p$m~hfGJ(?~1T?4H$s>3)W
z5mrlAC=3d{2ZerxLXBI<ESf&11^%=q9t)FbrcP5|l&N$I8^qjkqewi1_vkcMIAEFu
zm_}4)6}`SkU$YK1MZ$pQ08rP;e0a+4mts7-|6v32LL>~xkZ6%)R|L>402;-rGjXlf
z751;^T_JvraUW-mzbl-?@f-hO<<q)?sg|KDT&Rg%VR?IhSC|ydyTY%C$b4&!t}C=b
z0h!ON(RYQGY(UOmU8XBoYN<hRD=`VZu-niTypei=g+0T&!t8STuJG|sB3=ZT71+Ly
zi`KPnB*^eG$nY?rPKY+?x`ZWzr8O`Od4^Aytbcf)(P5|p7|fjs@y?Dc(?8y<f&Jrb
z4PF1p##S=dTrUz&=R#fos0x^x0VX+;)&4-CzPdGPh=c*f0#H2wa(9jK-vLzx@Y?bx
zum0j|>UggX$OZwjqY+s9keXWUhgdS0$GvH24MXjHHFOwi0){DoVNQg;_CuidZ&k<I
z|6N^IdlRdDtzSjru@&fQUkfmO2bi9VV6{J3ps#(+>LOu4O8}^Tgj##PBw|&cu`KZY
zUww<k0FvE+<Sa|gISu*5MD7!?qVX)RhQ6Y8q0lKPw8}!%092S6Y69l}jl!zliQ-j-
zCCmFiV^!nUiNw=4UsqKt;JOdE23uHFFXkIem)IzgFsR1>)!xEd*XbS>lT1fOu&O@)
zqe$XTCDRAg7of%|HPq!yW5CloiRbr}6HIk$h{W>MPTdAoUNyGJd)J^+FD(ry%UjiT
z6I&BN-UX1)smPb}FuT23s9PN)OftZ%G8;@0M>V!h=Q>SDGQA6{!fJ{X&Nxr4zzTLx
zBE&bw5dW;2e&LZEn9G#vx&>KNK-3F3xN0WMW!)ZE1Uhe@XKR7B^U#C=_D<3oI5D?_
zNGzG#%-lHqx~fRL>&%7?#Pq6cPh#gOLa2u?@Vix47x;+sWuW~_1(vHU0xR#VDiWWG
zC$Cg1WBEQ{Wu`{ydSWv`I1&)nLAIp(%g`@eb}>&+&vX0m0MU}&0wAXX<edtHSTduT
ziJtX63*J}P0QU*Nl^`5Tbt`?$@Otj=<#4e8_ane9N4R_jSAHpjJ7|Dg1#llB+(M3z
z!>v@|S^?Z1fP1+DA!%b}D!svBJ~6-?0GK#{0Tm)HVK75gnAQMu4PYz)V+B3HVLBOL
z{sS0aI3cMua!rH~U*+6j_+!}ob<$+(h!nb4yHf~ruq)Nt&Na#!o9vowZItX9WsUJv
zzR70f7t6zpoF<7RyB!c|U?ar)2}V&iU0k8f$Xi$O8F}X~h8cOoFa8->{sm{`pT2+E
zj6AlgVMgvP;fyS`^3TX#iO<MG5Rv({6}lODX%&2zvO+&2*ItD)a-(0$%*Y>B<umfo
z@=R52%`wc#&zILL>G75Mj9fm5b!+tDmaZ>((m}~GN!POzKz#i{eBI0AbTmQI6tir}
z_<>DFhbr^wh-vA8Rdg6S0fr9%gQ>hxOXGBWyb@~Zo|Sc4y4g=C53nCSYx8tkItg%n
z1Gu(?v8vm)8?^Lil|;gzz5}Q)!w3Nl&8q!KrqYQ;PpbABJ=0xr7yybMVOZ^HRkUgk
z(W-sAlA+qKSJq+Z1{i#Rp<<Y^+BgsY6^Ye;rIN1NA7cBP=dKiqXUjHSwPnCnz6&AV
z9ign+&*d4a{bi&`7*s`o`Zg4*Jt@Yo#C}~EP>E$%*3BEwL-_<KKQNRnh>}le3nKiO
z2p>N%hP8`|WST$oluV_ri$r3hSGWc(vDmK$vj6o&UjV$r0Pn>RMzrL(Mif834j)Y+
z`kazWBls$e=4YNl1(8hmrO*P4J>NkO<6^n}b*2gI<v<gR1o`wrGaj%_W_SGlSgL7)
zp+9m>(DEmPCaC+9UlVk~UKu}n;nOt1Ta^r&;JHYa|Gb4?6P$_UnxMf#7XNptP7}<>
znwh&U)oX&?OHmWdT~S68jIG2qfwLUz7r$;XXoC21dQI?-C7>p_@ZFP!#J7>U4&4XD
zR{-KmEQdql-N*o%pvYnv61^gH82SMQ4`6s;3ZM!0SHvOF-J%;3b$>*8q%RkVXW3TW
zkaz`fg>)svyT-(--ZsZDB&Jpr34;m;D3__UCMa3(q-y`DXL=BzXa^{|nXua9BLZlG
zgB1<c9$?X77=kLas~V!ev?e%a#%lMdsH^r^Y=86T%S7T?ldY@vP{1_-aBU7|)lS-K
zsJ6>25(YIHpk@b`)&wi&2h;@XEV@DYI+Xtj%J&LpgR;XBZBXLJRq%04kU<kvH0v}$
z`vw1lCg`XqIs)+i4tW0vVnlZz)`;TAL-6r|sMiGZEBrq-!RWu4CP=`WU9W+BMgcZ4
znGo;$L2Uk7tZ9P93%Mp}yU?Hs8ZGo|g4Wn8<C}l`G)*wLqCpcRnNbr6P5heRh?#4G
z^9$JgzgVXUW?{|D?HB7cK@j@jn!f$6j3#)iBG&|MMAk1>Y&2+s+M-?)3=21$+Wve=
zw}<88ahextB02IM7s=%%29f-+#4nOM*kj}0pZheCIL!u;G_Qanx!TAtk{uPeNE#y|
zbB9Gbk$f1A?;0%9i=^FmD3YE_%7~<|S>40po7-P)Fz#UqdXe-f&qUIgiR8o?ok+$B
zg!`MQZ<y<cxp<yP<OK8Z3L;6hLf^kLbp^qH5vgHvf+@SaNYcV(dQ6e>!bRc>!=FD^
z&~^Lwp)bA$eUW8(Gk^U(tX+<JUiMo6jTzK1yn33L+njA|TQalpj_`g(`Z7!;-d~7*
zr*di-v$kV4>udRTm`E715y^!3#$}I&-<{$2+u85H?^^Kt)$Etx_u4Lm_<Cix#|5R0
z5MQ@!3;aIPi4b3hY!fab;dhH{0>2+565^|y4dXZWN&+Fis@bRD_g?s2KKlUtj!3{t
z+-oLk(v;oigLUv$N;2I^k9w{Y5)yZ%v_sgMP@eh6Nw-?phO)-k9LjQG=7q9cn1!Lt
z&GJAfyLNXxlwG&OxCW)JyS*Cvgp8K<&?n@;Y!>>2yLOdBpO6FdehB+eCf>(iA^xyI
zrN8YC5eeNb)6bc|THIbw!X1Ig({`N=C1lV}=1(1kzW6Wm2p%#uS>Djx+}IMy7U6Vb
z{K9*2r<5L{=uVoQOo(ms_+UbOgJk!MQL?+YHO4dWdv<TnT3)@kw+rDW1oL})154f8
zE5XkbgLU`zHg6;(>omUqAQ&A_t2RZ))7mj2@zf|NdvEX0aw3V#^OcvWsa_br;PW}-
zJ#Mc@zAX@^`&&E-cF+Ma4m!4xgPuc=)6)6tO670VMDlRBK_qnALv$3sEz=WtMmUHi
zTs|^iB<XhrncAW(85okiy{YB5YTVs#3_36D8^4Qab5ul$Exvr3i)g=4gNtbU5Y&11
z>-k+o_lIy7(SK&^TtsJ;Q(Z*c%-3907A!y)(TsUU7tv9nT+<bB7tvK~{4S#G7}F%1
zxP|h(>LS|ZNiL#x6EJ7GI*aS_63?V;znf?@x{1~?iNse)rc&W7re{`UX|AG{ZD4lf
zBz7ajJ3}y-Czpa*F3-=_8?LDx3Kj_~)CCHGeaar6?Z&5kxxK0HT;3%AeP?JAuwT_C
znUA(?;({-p)+D>j8Jc9737h22y8b3fD94+m*B81bc@(TR$q)0iCdvB>o8-0cj7@T)
z9B-0Kyh)-~`<vt_Ym$vY|8tZ48iY;q%uKCGJX=aP$&4W0B>&A|O(Jd4nxxgXSs>18
z-OvknazkX+lCgrfjwN#;n<EuT4ibrXma)}Z2eDQ=yw1>S(Lo|%cxys4^%e+!41-5I
z+u4f6(cuae3GpOnv7Mi7Qvs^Aoe*zrfe`idPMVB;3GZNdq71Md0QMFkB<)q1N*iYS
z;jVAta32F)e}F3nxMu<13_o0<0d6qBf$g5gFCtXPV%tqw%-7KL1+;bhbSRou!GBZ4
z7nYvQ`~Xe-7KGCp<EeR`T{&RdwBmOHp?4MOXfWS2-9~}rUOOSaxJ)H&s2WKDm1%`-
zpTpN<@Kus&p_5+sj9N>`HaEOJZ^s5JuCKaH->9LwO&4q@Wg<{f0aa>bvTOZA7E-t<
zsElU4dflK|8#(C6SO-0a$yS*@4WwVAbW_dJ!2$HDs#J3cv$vOP;`#1xy?CxIVB*;n
zq~1i?(G4${1oPkynM&GlzlhW{yZaDm0RUNeHb(mzoM%>Bah|zTT_jm25$fAuLOjd!
zSZB?~i<OzzSPpbWdXtF6`<HgRfh|y?mxv&zAa5Zv>~_r20w6s*N5uV0)BdjwYG>Qm
zBJqBMr4yUFMdEYFG_kH*r!V#qRbPyqqv?yYU!uO4_O(u53|6F{M6NGbN-*>9^PZ-`
zf<#S&)sw0DJV6ciW3*p`O%(VLKgOEOp$J5FZD0|K|2Lh}NfAKj%%qymN!?gl=hRRH
zrgPq+Oy?}wz;q7fq%xJXrZP<|U$1Nu#y=ke{*tUE*k)gYG0|D~dD~+FTY2y=2Bov&
zu|Tqxb;GgxrB>2O&CBazH@IF+B%W2dgv6b~Jlg(#fBTBy&xg)p9Ps-qrTe>+p2k?j
zF=0$k57fFlSYWCdao*t?5an=<ye`vA4%b+ZOm8?`lh`c+dYRoK_&3EhsnAXz%C6ql
zei)J%$4E*T0gJ<uu`GmO7^E6dSzHgSgkit1J0aez@=&i&j^mY_!_EX#q9PC*-Rq<t
zz%;}%XNQgMaweGiJQ9dy&UR;l>69Y)@0?*G?d^{RcIV8J{WD-*515CPC&ZF*7<<Ny
z;{rb<^4M4F0`&X>&^Z9zsyrKR<96u0CGRN$KTJWuZ2(xsn6%;XLqUh%HPD)bUYciq
z(NS3qh4(<=y<v<>gr3Tm8WjZG3xKPG4OHd<6?d{V$u-cLjGHPlopBc3&mKDHY0uPM
z{Iua$!0-StycP!4x8ep$?pdZ6WF<tAtd9lF7t)fw9twoWgm@E-B<ll7ogbtdr!Dis
zFGb=JR_b<ZHUNgofZ;0Nx1GJxFtMI`AP@#s4WQWSg|Xz$u%6}ar9EW#xBLNPTyzhW
z6HK!n3e0!$#RmfVE|$mzyP5CecaQwRpR+ds_RfI)?NBwh)>IWUW+dvFV}s8<(RVS#
zL3iO72fYj*TQhQ_BP{MCA|6#%dnk~!2$^<|l4(tktOUu*ZeJ~#4!jn{A0k0Y2UIt@
z@p$pS#7Q3*{07h7$KJujf5<cO7hDHfGTI|J22<06uS0Ot+Ybb$zQ*Eh{aX*TG=CX!
z0;i(|Q~2<{KvJkZ!bT4}sJ&D`Q@g>P(5~~-vq!*0d<a8G{CZzt?u6`I&9w5qKpgG6
zhgvdiYMdvByL*i65@c%HhabCzrlsO!+*ilk2BOtUt^d9MD|3-5a}r}N^?4R=ikd2@
z47}`ccZ-o-woo~Jdjwmtx}4TnZ<EK0lAR4bVg@w%FoBTlEO`7_<_28$c6dA^a|13r
z4;~M}V;g4AjX;aoeB%p|c&aSdb@rV&z5ucU-*5SGxuLUPy(<s~rO4WLhjbThH1iU`
zw`-XWUk*U71jw!2nXr!$-$KBLP^$rIE+Hg)Gdzxh$4}9NxYq+g^AgO*_CPN|UoLtH
z4pgL~yM{!>&%vV_v$F@@Hlv^5rBJuiI!30wtwYdJwE(vktDtU4>!e8K?+GNk2#CuL
zLc9w68YmNj!%wF1<!iEV7nV$4Ft<a_+!2WP4@`~T+d4*ezYyg)Je!$D-`-c%-X1{o
zibGAJ&cf(|J<p6sOLj2;ybb^q0no9wou|n%LbCV5xA)=OX#93W=@Eg2_Q8h?_|O;U
zPSX$f1a?=eTSN*-Xur}U3L*Ccq#Gcc1rtK&9#%!+*}Ox~c@5zFxFY?1Pv!golw1TQ
zZw3*Pc`B{F8U&bg{yVlW0Q?@L<9y7Igk&FtZ=2xTM$8&B@{Zu|7>D3v5qzA71!w3l
z#ky{TowJZ#ifyegb{L8shhnd>V*2Z^y;w1LmF!xE$v$a)_g$6-!rO!G6a4a-W)$|C
z&ex(RrW;a^?3wOgi&n%{O0*^YX(?#i-xc(!M`{4aZs}BIe+t?)cLbJ#HvePYUg&$b
z1)h4O+Gm<=x%E>_Jz}43Og)lvSI}<{6nj2jM6}c+e0!kre*(*Q^SqiIv5S`Zt(-CO
zTZ8|YT{xB7g~gtMt5m!2IJXPM|5UqhDqA|b)Oqn#nkD-uXo}44+V+4p{EGh-kin5Z
z7)JVre+9w{eFlY=fMUYO@$fjCS<Duf);cxa++_dK*g6^0HIqGh!Zc>GM~|MS6KjqC
zRI%nw*TlN-a};Ygy;uh;((T(^tRaknTJEPcbdTFwLxaiQ@;_|oo00y8&i@ZXi&-)@
zu_l>&>wj*NFK=O!oc~B`lA@nVH_7N*yh(CDVoh>;h1Mj`WG}~6ad%W!gQ~HLcJ(?Q
zD2lFmn%!c}vv-N1d8Atc$r;`qO!Azb-3dWtGL4t2sjJpW6);U6J>rR6A0QFQ;hO^P
z;*v17d&{EGZm>p#v7l*DVQd#SDXeTl_<2}%tMz(l+2!!$n=DOAJ15;>y&GC~r**(h
z0pldo&(X4nRl<S4aH|zee=Tk@#!Hq%`@AftU+yQn`bEgDF&>%Tbh?I|b-G3zce=(L
zaMBxbMNZd*LX2-h@4=s#WcruvV$lSW;S~!;kW9S}rhXKu`o990r`2TI{DLHs+~dK7
z*m9dZM~Jse7}yL5$Nj>OChWFkUPphTr9{j6yBf-!z;f|Wu6!6SeiBUkZoz6`r`)&^
zukNTD0{WCGp@i6!PwwK%0^@5d(%D;v<lOxM=_y3&1f&~TK8_t9Vjowe8#lG?9KqpU
z0Jt?F`s0QN*9El-xG+7cNYig>75=Y^Mx!T`eTZeB<(+LCmVM~$g<Jb3a!VkJ^qjx+
zCMf*}mL3hID~IZnj;xy!IRE8ME!!vH7z;T5L>v<UM+rIxn0IBsfFEUT#PvyVCfD}q
z8HO!@)C~UtSPZJ4MAy`(t=pf!sR?<kOwG-1pc1%Z_OIKw-w=rJWtm1NP1UKT^y^U0
z+$@9Vo3cg8F4McnW#YATHd;e5ti%~#b440>lWV3eAxz;f_=cZ+nY}n0J;1Gj1tEMG
z<5r9G!ZjpP01ye+ESYl!y+8{m2NdYU8(Kf8A=Bn{D~lxeEDCh?bGQccPEs9#6HKSC
z2_&_joM2jT6&EkCX5sg(yw?rg?_?zn&pc?Dzf9`dWyM*Z&a(#pJ|DhgSY0I~?snW2
znV!+9tch2_%zg+3T4QYNgs~A8_ctt`l=B)}%5;sAX~*jzKPBH+L#C5&MezqSNahHu
zU}|RvEn%rIsbW~1RJjUWwOa%Wm>Z`sJB#N2g$(8cgI{B^?w!~D=4jg+nmIaf1Dc~z
ziqzq%z&B)b*!jM9O)ya<@f#p|0pDY{?DHw_mZ<mr-SWssBJnQg`OiMVZu$4br*+E>
z*9_hAtE<>8`-c0wWs_^XTYfW9*DWt!QD@89)3n)g+b7s9dwgW<mJJkX_ch)vL%GXF
z@YlRsvi^7@*f6c+UKUtK{54455j%enup?f-s?`BH;x`c@$vuZ+yTLo+O*M&eg6X9z
z0!i&ICzvW-7D#F*nHFmuamZDzLx<aP?|{gUit44mwd~U0?X;@4+<WjT8$KyPakueQ
z>4A=Wav3__WsDaLCHO*me1ye)h%Kb|U)C+8ujAS|-&b3v1Mfufhe|Rnu_;H@MP#ZL
z-(7me2eR2=$w(3q*T<Iy!j`~De8Clg=bo@+6dCvONBE$x+Cv?5AB>fGP$T7#Jx)>M
zw7re%=zTW#XhAvT<nf04u$RgqY`;jHF>pUEGcUE4OwDhj)WQ_0jt>;HC8Iimj09qh
z-ywXSzkG?!^DHg%KBsFbOH4*D8-~;FOa8z;_PFy-7Yn26pw|pw3lVIfbqq#;EXLG!
zT_bSpSu#!$Ele{8EryqwsgD&U_aE#OuRf0#&b*URWY0&)>GwoS=4L$OpA;o0>_`hs
zp%<NWQj9Mog*Hr~ABDnFz@db&;hBiH_=*)N>XJab&%%>7&6<!gbGgenj0(!D;XzSA
zXMF;(<#u|W5bpzG%*e6ND*#WPlpk<e87k9#9^nVzwi|%&CGfM&^Mv@i=bpz}^x?Jm
zjSw=WwoJ{leMs{qBh67hf%wYHnMD&!p0(dY!8)uUju4qPA8BT3GHkHaCU*KT?Ok^N
z&npn$FhvT#?AKc#UDov0(lw~J8Y<GqUc)jv2p)O#TeMxgpR=~K$0_!>E4Ezec|ug;
zS1Xi_6uiSDlnu)J3%)d(f8XG{Qubtq$4{Q+X|5rH0h({4M?EuF5CT0vS<C8|3I^gR
zYm$==SK}K6O3~56!;|in{vhE8b}PK}w|f`M#tZ)EqCn_wIek~Z!Gm_nwE2~Ak>vi3
z4SJ62s&3f5njeBMXYfk~|I$oRl%$vR!6>I)mf2a4xtq369V?&>=yF<z$Y6MW%Y6b|
zxWZ+(NhT!I2WoOG2le9BUI)Fd`m8(Y-|&+qe`YuH0b~q3EangW*flLzZ|exprf=9P
zo`<523KvQCf3T`J2%Y!574($3gBLV_7cAjf95FPKC1V>~^Lz&4YHtfoOHib$9zn}_
zv8TL9vhM-5hk$La6%~kj00pW}UH@OeeM0e~KpgGup{cLRRQh8wyZ`!;NIb92A^NOy
z?*rZkfcF_EA>K|_HZl3;7|%ZuX}nznt_{GEz=V5Hj9Lkq&h(&~Jgi7vJc1gB-U6i_
zL8-1#>Qp^KY&a%tV9m4T_aWKMl0SIf!y%PcQ;{|?q6fl6l8yUG{h;`_^$1~(8*^BJ
z#Z%eN%Lpc|R3P~+lp!WUa^8kABkB<h95Wt6-RK-S0Co((3ILl1upR4ZdodF{=fA{t
zTnd1Q0P-<_RIdk>OtywP=w6vh-Ny!;kB3|oR41qEGK~)d9KnENkrOoj9q+-qXxERp
zAg}=GC_JZY1NKKn8gc<82xa$$iX__vWmoaCbL;AFXbcL>!JikjnH;cu3RubkmJJ+B
z55!_>ab6&Cr<|_I)+B${ReS_xQ>%39RcGVI(9vSf3&ckMa6d09(!dMqbemQM(*!U&
zhd^2t>aaCy7*D_IGa-bmlylG{u<|c)xKejV$%>sgT%&f!c(#3^+XO{Ce*&IeF~-Sa
z@j0PXveX&p1bwId=p2rOyW=%KJ|tabSX)ig#@#89;I75pr9g2gP@p&jcXx*t3+`T|
zXn_`rYk>xr;!YvOHN}E|`JVSz&NX|IlbxNNbI<JTy_cBl=2Ft5mb_;Le=Q(a!{5^b
z4to$sWCLHYf@FJ_rlA#cau;ifx6`;2Del;e0)4XP_9AXlRryJ%5NA7RZoGrYDr*)$
zmHp%3Bm^QwKiNBtZwLAU7_@x4a*q@vJu?!x9H+WJ%=?WTJi2#zG-?u<>ihAPLU%CV
z1TL#<I(c6sdj0_{Mvl~R-*=yTJAwu0n+<|h0`9rmJ71{3iPQ_b&t#d@PN9hRr*Mvd
z(*0@JHUSm4=DqSUKlTW<aguov73oh2upAf3U@az%<9%QGn;+zpt_?59DzEID6&jWO
zv<-E7{uhw_GIkWvaFAm%+J(`<f`m&$c6cT(ulYCh7bdQXHdR8t7|W%aaj^!pE>Cfw
z;vH%Q@jG1QYj2$dbOXscf{D7HoR*WXChY!5(@pMhmVD$1lRRsk%W^uU@W**;Uzm}c
zGC;wR*QR&uT;5#B&;Rd7GYT%3dgC0l>EVuE>HgGR*<=r!6t1H*RuuVbscZ$2nV1u1
z<>X0uYb)H6$4)XaB7LNhsiCfGIygPlKLQHWqzvSonsKXpZ@sLm+aDM7Hz`h}LZrh>
zx!>V*8fRj^2!9P^kJkOT72U<V4_#bHZ^qbdVN=O^*Z4}uJf-_^8c^8SCpM@x-e)uw
zT3I?zU9azMe$<@*>1h$!KH!HAdAHr5L)s8WUKQLggIj3D`h{%<{xbe~tpF7$m>Nh(
zbx|ftG1!~Sma@<pMssjaYU89vIoKISc5)xjJuJ6h;F7hV;x|0p{QNSd_wZr?sibDt
zyUY_5!y=cxB8-}EMuCM*+ys|z{vHmO7}S;f&fZlyc<vl+#YpgJ=&oF8e%0Xubm7gp
zoAR3Uwpa3ki7Wm5H5H!K*QF5|Yz)PxL&fs+^qPt%*0}(AeOqC2+b;plwS)Z*fd)Fw
zRAjYY(u~#L978N8s;B;qJtGT}7hef$Y<vE5cI1dWiK#-fCS8EbqM=;sr!u;V4aQw%
z;AfDf=VCH_Ht;no(+plGGk!hCq_y;SfITM0f?q%wKRiX8tRwwaIAPrTVtiqwH&*8~
zz#=6K_<4)m7LUvOUI-8C;MWM*`Pf|*Isikgt(-edKh5r?^t#>NhO$Jn-6mCGic_w)
zva{4#TN>Z**R$9!LE9QP6%9T0y~lKva!r_DoB$s4oe(<>y6@Y)8k@u?p4X?OJ5|rv
zTrR!B;b%YkXJ0Y@S-h{7eav>kBdSJ2lj>i1JbF#fUm){iZmUmw`>#|4R9?^*=SJaj
zsfH0|(}8E_^qn#Fgfl|uFS<ha&5;YE#`6T<We2h2qXNDdbwqhB>5fmzpw!+>QWmj`
z0<Kif(^c$ewsl;O_voh6C=EUDjGiu44zfFS`%&+-UN<~DzJZPDNZ}-`m9|T&NoOt-
zRz64-<DQJDzJlOZEw9MnlpmPAg4lzUcJ6FD<pCWj=;>ytsRWo6r)BUbx*XUuA!E{u
z0xB(X|Mt6e51*8z-)^p=;Rr&9Z!<<YXAvBfe4zxnt%ifp<B_ygB?}`C*Fle;sD1Rc
z*L2uloZi&1=p-004W+Ln(tJ4&i@wtkzKwo)QbD&M_=8H^O^f>S*A?SAARD8Xw*MF@
zKqf-;tp_=sE)MW#zxv}JASK)!DcqE-|3fvcBMPR)3FbNKpKGLb%s(txQzR=Y(&F&o
zunP=II6jhvX;$hFd4Vh*Jp0cZkDm!?ahSVgB9yyT;za8?)vxH2LW&|~pqSF1BMs1J
z_G=OKvLLE1j_#z5SDO%1(YEhT$>NV%$R;`+tb;pY;Z3-tMSE;rpG>H>-&;*9`<7l0
zV4rZfqm)AAswIi;)pcFvdS|2F=Tt2iwXSxC&-Sf4A)^<_{e0H(_&8)>@}>^W$Tc2m
z?bQQMzgD(SUA<??AE)C9)JPlA!If8X_syvS+;1K29#7w`C;0R^^Fgb+k42&U=Ny_L
z7khIP@Iq1y!LV)5LODz*j7Ja()$$O0HdM4R7uFSxH<$jjW@?f0H<l!Trs{>gJK6iP
zNMOkm2XRj?FCmAXTmDb*x#=&yu*+mG!Dp?wpWqZqT90p=Vh#DQ>8OM3sDr3lB3fJ;
z4fDeTDyQ0?{X0gXruL9wl<bxW7EIKR+@;?76#<K+zX*`kcHOGcedqd(Mz{W{o6U$z
zACT0lu}Y=gY`aRkpCM4P)t_Axf>*F}!QIE*ypt=}J(tT33VpML=T2*@$JA!<W^2(U
zk84ExvAxZRXCR2c$lEEZTX3F!#Kv;CL4|)9zfwciZmjzs@$a|_n@z1X<~g{?E!x1}
zE3T2l6*bG@Zr`t8Bi$E~M7u{$a_R9{K&u{redAVm_WR3X?%to)vw61+%9qa%gDBeG
za5lo_2#l%H@-GxSDmQ?O9NJOx9Wqb#K!waX;dRbIrx3B+w2XSyZ?wFAow~T?`jYnN
z#F6%<Yo3Zo&U6zry?~S9iK3AdVW@>RjP5f4=xEwxA+8@Z8g`T_=VIzk^L-BGhg>#|
zNbWO>zy6_FP#O?6$BmI_d&XdQKW+B8*}M0*n%UkLJ7vI0IYTVkgv&b9nc5yl;*-<5
ztG&Ww6q5wgK8)c^GdsdYM*2k5iv%fH%F=x~n&><W>&k8L=NE6!U>~CWYeWI#)bUpL
z$ArI2X^b%HJg3|x-gR;nKNGoC{M0EZgFS|};K4_-IH9maj7Msu6f}Z$sCD7%@uo~+
zG}H(&hc>x4ZaEeMa&Q_%fv!gqrl~MvE}K)^okXC7P;R_*u9Tz+-aoKhFE}H`NpUt*
zE8o3&Id5rs!1rjvJ9lAsEF5L@46WS|>FF+8S1@Jn>0M@Yc7RB-b;fjT>{G_H1p69r
z%uasAko&-Sp=V+Uiqg&;v4-#A`nofI|My!lST{1g2$DD!eO77CZ?{s<DjUwzz$~_8
z4yJMJSiGjMs4AT(>0A*u;Yz0$w-e_msx+)@x#YA&Do0#Fu?ypv_{XEN&+k3gcba5u
z3{t|EnxI>2j@LGnee$S}DX6`AkwvH$@m;4C{yvkJo5;wCFnGbaveCM^AJ#gefHJXf
z<#+UcZ&zpwwa>o=_GcpOr<dydpbXn~c%gfo`)=2Br+1APCK`&gFGT*mK#hRb8!h9g
zNR7`08vBM<GrxISYLn-pNFv!Kdw4k!IY&I-x}}T-S7R}T6HS_DJ0G#?b$`NpLi=Z#
zYMQB-iC=?xG6`4O@t>C{+%vI^39rAJ;BRDI3m$-^x9mc{O1xcFsf2N~p`~xoU`Ym%
z?DSYfdepr2lHtj=XPsW#UhM^b<z;-_Xq5V#>dA(p<5K(iI80Aw=*%BhDc3}U^p7%P
zqNe{}3I5zkaYv(P*M5o>Mwk5yU*Cox-D&2KNu$*D^Ad9OMl;?nLr>s}`z<r|AHQie
zgr|_z7v0|6O!1p8D-G(}-z54G+=<5py3ItiYd3mS&Twk+ElXo>V>}tOr>sfiC#~i1
zqoS-z->T_%4P%!TpqAkhE}hUGHp**@2DN4$fQw(reFx~gDx2;Te-NHL`0#*{^W0MU
zsb{?T%~NoW@RsF`)=Slj<c2z4a8A-q`BhKOW2M$qSg-%e*FLQix>LPdp5wmCJTc+T
z{+@B<H>l@k24O6JHf@K~XM=O-z=9`c1noRTtV!qcls$u%g_Fw`i$5H{AoHA#Y7{7+
zOpV0vygY2~p6v((=iJ_+uXibqq4)2kl-l0%cn*{J^Td|K|739N?90iccbGR_;kw|S
z*k?Ox<s&{!D|W#ZWSRf=aRsf;mv)|PRom45J<ncn?nLf8?!38Q80ruoO|nH*eQLs<
zj$OR$iB0K=^c6`H(aUVp_v%G^U;JVLcAFi+Xe9n0cb~_lJ|c&^I?Rk<{|>&1l5b7}
z3QZ>7?M4!a&4zK^PzkxCrkTrC81otd1^YN;Jd!1;+G6}1lTY%pPq!aleQW2YjKbMD
zFJ*+~vI0)>Y9pFO|G1!v8G2cK%_GI~M3gNLJ}DCCBjq$yBNpTQaQZukA=M@+y*VYh
zUYBm)t)9(L;><A=-BHTmM0VpL7az6C=$!c6udPXFOb7y;#?hU4Ii1Ir9m0Tbl#MGW
z1-9Aq0=VdDBf8?{LcBW!K1~$7Bj{Z64g?g~h<qbgL9dj`K~I+^8f!TD^{-d^b!@9f
z!q05v8EPaNw9kmOHQZgFOVvb}SV;)JP9w@Z0l`8wwfZ$WNl$Fx?#*~4{t(>_K%#+E
z2OmQ}R=ieLBj1cvcjz?#F>2ONGfNty3sO-kzLKa}NEr2gx@>ZySw*#ZOz8Os;-uqA
z<UX7oKYWR!1N?$O^n+KWqAm^mFJ=C?r~r|c>ra|2c(21WT3qZ(!+$513S^z_<0@(`
zgGK@1XQjQ)k9^5NHU8|R36IZ8FO+8OZ*UP8YU{3(gK_S}Rn{0F#O@RVr85}H!_a0W
za2=dqPWXF*v9I9W4DFd+X4dpNc!!u7;9z|vYie)1hwCH>TIB5RK*rTrvN;As*ND)U
z1X6Od=DyA0Fe=&G{*2&`x8GELQz*2hI(bfpGcmw!r}g$-|D@TOPs}It-smpcpH&mj
zhzyC=XxL;-nCPhf==Yu>(psw*tv)Ve0d=E4KiS2t2vxj2z#6!r3<CIBj(s{Gh-aV=
zALRYS>zi1bY477Q*=G&A(08(C&^fZZibA@nTr;mw3QaS3v4Z?R%cG-gi8Z218KFZ3
zTGrh5K4r=(`My~_zq3r}T-pRAtjoF6vQ*ux(~F+d(aW#|$Mt!gA{`+y*r>h9%ct98
zq7r`rEQ{syrWRTvJtl}xX<%hJmJSPiyjaqkA-1%O-0H^XoS#@zel@ukmZ0y}_OtuR
zCugd=UdY0I^X$4?HrKJ3fZ9<u57Ku`ta8H#aE&%sU}I@yBue*gqgdqUA>30x0E#i%
zQf^_JCA*mjtYXJtT01ga$i3e6#~z|$iqOxkBh8+W$`bkZ)eMhwdrv9ShH&`QQA^Tn
zrl!g2oat8&h3DdA7|nE)oKQ5{JZ`NZvgplTH+;x(=XOIv@*Kba68(?(xE-WY^6q`K
z&2_E(Kt=<l5Q>i9uq71jg(kW-fQY15kG|I<*Mr)H2a(6odH4kWTbA=pB87*qq}pG{
zwL3l(eoKP_!=FD)>!!hQ|KuwP_xqTHxs&HY12t2|8Vw`h3tuKJpA?GSI-}rU)xdHK
z6H8<4(OL9%xkyGT22C>neNb_U0F`-Tiom5GYLd&Tl!IrI)DkQg4+Oq4dy%Js`q{bw
zZ8r*(;n<blqPxs`ES-blQ-!=b0t*kg9L#1G-qwQLd%g8+v(++mYWrm|caWC=$$b;S
zWrb@>%JpsS6<y=6wO37+Dt%5W1`X3G=3u|%K&|k!0Fj=$@szMj7Gc?-l;59rXGH^1
zMmwKKHj!S?pL8blv}&ComxJ?F`yko*lHG93ppEOR{Hw)(eSOXoF9cV{S9W(>z#b75
z!prZ&(vh3vxeVXa@?%2jzcSp6G`urdQKoC#Qn;9MrkzNZwmCu{?<|QX7dOkO=NFJp
zH84y|_?P=V|8GUS_&!>?B!Ugk^*D1gCICIV`F7SSl3h222Jc&b2I~}Z|1Hr47m}0~
zd^bcC*PFgRd^;Wo1oP{A)0@F6fwb@tcZ4aoYnK4E;}Natl02+nKX_eaBSD_6-){TB
zR!!I-*08&Czlxl(7p4srYHdh8y#8^t+^pt>t|1kGcUz!`t<D@S$^BcEH1TDzy7Aad
zBz>mPG_t}{>oR&6eQ!T-xj6)fL8gx2$n4KTNo}Y{!)F$}@K`LqAbwDQ>?EpCJe}U~
zev^8sm*d;1{0NkckD{|)R!(<r4_EIm*9p>U4tw&~MM?b+x01g#XIT-Bj|XzhFy6X<
zkWp)8wQ4#ybt&BN+RK_36W?H}Sp4<EHIArWQQs5j*0>B~VmszGvu>vtd;k!0j@l1=
zjc1=NY5Oi>)6U75ZPcHBUv@5?r`A=-*d?&RqL${g??j8W^c&zjO6sRqGlnbCE-4=6
z=U@2X$~dDT-4sn-jVTzeXQ6Yc?r#@*-2p;DX?~mq=vX*q47qI#1z_~X4~OqI4?Ga<
zxF(Z9#wv|7x>MRquyi~M+zMaCnWnlV{o?!Sb{U@m_F$@7yPAH7Acycu&81)X2gv10
z{YupTB>6@e*z|={Ad=z1G}eXo%^qj;1j-1STy|um@>}@W=wV8fZrAAidICcjEpbv4
zL}FvFRieTSIJ;<@YPXBUT&GN@5K{jw{_x@5%wBg*k--WyuNI=}(4fNPohPm*s(ut*
zdl>BViC<O>r51a-VqX(w;cs28!Y$iek%07(quji{0%Bh&n?chbfSBr+bIPa{GYgs@
zf*#Ly3)f;#USR37?j-WnLtDwvgU{wvJ!ci7WQU2=nxXn>jv-$JQ9QM=rVi1(I!7Aj
zc#eOar>lxPOlVt>q8(4fs%DF$cUpCEsMF^qu#|sM86ij392ozA@t5ia?QbPD8~qDd
z$!C2w=~SLWv2yzD==={9^LDhnd`WS|9mm4j(}3Jk7j5=6o{`VTq|Fz`+SRCw@xR^u
zpat)2pI%y>THkBu<(s(dCceTJn^v!9(7VK3S)R$#zVq)$wiRq9n{KkD3_m4|{Cjm4
zE#LhC4~<vDS}SOBrI*1_tgaQHvEkl^h4yURM)?;8rK3;r5`R;wMfay{>M?ub;|77)
zZ%%U_dod(ma(puFO~!A`zwB+Cnq0P9twi&ZlTnn?<629t*+QfT^6J`^EIq0DeZNW>
zC;BGT*xqu?W=(1gf?nrgpEq@kG^XCVD>w5^Hq}!jOHu&3RPn&|s}mw|#o=?`_6nmL
zq2c1(L<Tpg?2=h#<4>>l#T>IAhicr)zf1ObQVvn1Uy9SKS~gtoisHT?iZ)Xx`GC8Z
zPOF>TMV7Zatf^7ac{AsI2!_bo9&R+Fk}b^OL5nIh@;<giqNq;|GB1a$8nR*N=nWOU
z=M@~KQ)tbh8FIQ%Tc^#=4@fLrC+J$#@0v_VZvV;Lt&+c57_LHV;>J68!cnWF6ETjr
zmu^0qMZ8U9;jiKtUfW9}{aDBg#22wT_n1xWrI<lwVvC2ZKW6^434bi;Z+xkI=DGO%
zJ_~}`{v7<bt;uiiW^3823)6g>=9k?rgVUzt4<_}=wy>ud|0^RcCvkbs{wYu0%G=re
z@%iom(qzSLf1XrqxHzmQ17);94r>(uOg+y3^{1vg`Y15&VBUL<{lr8r-HL~TmWT46
zo^7Emch`(H7?!p@PZDjEnMo%@H3=G|TqUpK9u{yqc9HyrO_h5Ab$+?!NC%X3Tx^Q6
z%^&DTcAvIV$B{9`axg_1a(=Pt^KeHvTJSNv#shNS=m)<UKSyGwC?SgLviP{Jf@DfL
zA%I7lKQh6YD{{oHdpx-+Z@rUCiZWWip2PRJS^CB6rNu@=B%QQu*mXza#!BPaU?9(B
zD%a&RKM?%~6><in{lBLrd<_|~sobx~5o$!BrjKc(c?FLe<a87&ZkkD>h4f4rCGK*p
z<$q%iw!)zr4I6P9%C#C=!^v4<r|n}lG@pxT6|u&twG*WuK2hbKjOTsDjA-;=H6z8-
zFu$Liwn4RQ>V??obFlI@yk!L;e#MS6V;emB?m;|bUxYEEDy2q41bH<)A;t#Xo0STm
zt(F#(b%_R~A%fbU<if<OaB5Wpwuvbu>ak^F6L&{V?`})UpdM7|{gMX8)L@FNh|gFT
zn~-ZFWm_Rf>f%d3)lWxZTG7&qJF86pI<3-RpenN(!R$^)rqT*j@x#>ce-i!os>1uK
zT5kP`Yfs|Ov1(-fx3jF~*JA~<x|OrzW*@|&MYkAZ$Q6R+N?CNOEq<-j>Kwd%o%zA$
zj+4-3G4xX==Rzljl#xld{8|@!h_rYwazx6;r@x;fh1&Gw(4s{hYRd>FR?fo6Z1Vwr
z`t%*q_XDrptqPReL*_J((2o(E32$A9RE(MO@*AHLbdO7&E~2j4Te_K0Mrm-?AJwo%
zIfvKSy{h-Zs1OtvcSyqBynPXDdKviN+S;Is*_B#0(Tp~oglqyOZdFxt5@GZSf(tRC
zPX*F0jCCzqCf`mkAFnV>q#xL9ZMml`9nIulXoyw(lpJ=xhr(|BYGYFFJ>NBv5B?l=
zyM$P`27AqWyWvsRCtZ7tFHzd%1v<lY_8Kh^{Nl<Z0~)Yg$*`vPJVi8N=jKL<TX_&h
z;kT(j{&`|%@%HcCzR##}ybFq4hW@kR%<D=}%v;c!Icv$Y{L-dZS@~UV(l#-*#xX{1
z`HC|b$fY-@zN(HHyrNZEsdY4d8pqln7Q?My$>s*aa%5;pF6<4IV85MrN?>k4*AtkW
z*nv04euopG8d<g5kbf~q!|hZi+97lnbi@w>zn6s^$@Y%PwCc&W&V~Qj9&RYL+^#rJ
z0Mc_M!fN^5TrciK7ARo?pvM^0#c#=2d7Ef1Rs=zE;`w<wi*hW<k&P)$--p<p+!a%W
zTa9a5X#UW3>t)4qPzP~IM^>Ae$*<oo3NReC?e!Tanf;k=>27Lhn89E{rhh9ig6|wS
zX=YYx6^4i8Xu=Km_p)(H?9XmiI?;bf(V%&k;NykA=328`v4??)o_?ZrR7m!L7Gx}o
zKyKPa{&&f#y*~r*0806dT;bdPh}H6}p|Kb2-It*K(OoKzS+351<3@odiw*`d6l1*D
zM#ZbvA40AD|LyyobZkt$?8D(c^%61-K4G))>LpeE;aEKC&Psf%ce|2b-(f1h4wjAT
zX{_r>u|6OEcDvhh8`D$Lzqw^v-+TKNa;vxUkg@uJdh+CR6E=Lrmej+R+;_hU4^~c-
zc?QOsG81%g!7WF>GF|BHj2e7M>ovz$MwGZ2_}#X)W^8CVr!y|VKlHy(f4F1Uj`ndN
z$GI%ne}4PA=G|8fWPlzH=XOG73r-L#y5lb^aQs*k7nSYs!>%?S(l3Z?%1r1pIFz>h
zK}z{HkoiGM{x&e`tT`jJxb{Kn{cVT%gOu5AVCR|lulM<5I(DT^IxX&pPn&E9gcQfj
z%47n%h9;W!R|^a8f*t1;G=f(&4Czj7h0VB&D`VAe3Fj(GI%KTBcFqR2(cXA}z%P4@
z=~RAR*|Kc#+1!Al^yl!wt4p4^57hPt>DiGU88Oa(3)gTJ5vIJU8yiTmyD0E=JwdeX
z#Ucnzfsa0B<z2IP9+Xr_oBuM19L^tJYP46MzaC|rlN48Io2$)Vjc#O#HLPH?9?q)y
zc9+<mr!?PUw%mR^kxmqJ9Gl&2v^|$TdAePF2t0Z6y?GWqebT>?$;AHil=bp*m|?)>
zbN{!COrt~vBXl;@7AdsJzQdvfOhsW73pPpS#vu83oT^~<t!oL0l#mcE)9|pK6e?5q
z5MprK!SHbMJ9H8A53X%V<FU*!>S<sOwv&q6wRg2v?8%3lzJpY@L&8Olu_MBkN{lB@
z1FX-oQVK{<o@R&(g%{p?CaaINvZ?P4CC(w&2AMS4Yhgn$iq3&8BZQuM+_`yiWix)#
zEwvPL75P6DA^*V?gp+md`Fy$DzOY4t+XElb%pN*t@A!b^Nai2LuC~0wqY;X_h{r{;
zXu2A`2d&zMojN#hz1u)Dh@i`HR6xNkEb_!K+#_+Umw)_8f6wX_M~#t2S0!&F7`J#T
zHiUwawjB%qBp*__lRH9h_rL%Vj3eV58ppE+)0GiM!}WHBisesk-wg4`MRL+*0f%hD
zU73JGTdv|m_^&E_MpK}xx-s;e$s`zQuj=GaKtv@!_KEuV;$%%6i0S}}pT;<BiC*p*
zO!0OE$%akv$`+a_hYIkl>v4V;$rrlT$S(tjK8jG6$+&qJ*oE+>a=VnP9JT1vC+KG&
zyXmh4#<9s)!oP&|KX0M_si!0IXiR_+Np4b~<xHL9?YL&u`Qnu&(plq2kLbluDq8Q6
z(I_^tV3`qU>_a`c#G8{;UL7)Fgd6-4%e68+$r+-@;Ma0(R%~VH>C95WNv~(}V2f39
z;J5#k0PnIeB`*HS(&ZY(7Iq3!^2@uaYYB=m%^hyJ@}B=f=5_TM-NR=$xWZ6<*MUxQ
zeJnitH}2f;;D*;d^wVd;D!grEywlSGYjT7F{Ht6benKT8rUK&e!bGY_+U-8jt3zMN
zFoHE@fkE%^)UMFp63zd$S<i3V-FkAy=d+xX*7y@OO*ROG#=JYkv{=fO0{l``K&JF=
z9<wLRqo9X1ZA9(qP93eu-(8nZs=$d^uaS{E*5I>O4C51W$UDbERpuKpC9S^33gMi&
zbCmC;tZB;!{Nsj_v%J`jo&v($c2M>f7KyzxCmSj$hpIvk`s;3uNm<^X+<8ey^4iDe
z9Y@wW4UqxGcWNSW3=5o~*0#~bFfBvQxc!g6p4(?myn;#@xjzi~3EKo2CWZIK1&-qV
z+Q>XjoCg)m^E8<lf2z3UNdL^B9=f7>Y14K^9Jbo1(#LJZp0Sec^PMrtn3*Ve?=*hH
zcTMPtoZ;L@V9h!Q_Ge91ub$sHv^ub##C(n?@j}J9fN|0|Mj*}*nD<Qu#GK8q`_8r^
z5U4!Gt*HEZZkRJ+r;bJMvgcRfz{<yo=0@2d9T6*i9y@Q&tTCO@@jZPU@|?<lrE0&v
z>fY&o`G;KPb<D4`(n3@dQl)zrSgQP`sL*oE^mXcdEqL98vm-1KJzeAc$ghl(QQX#A
z`rJQ-OsR73p0fp~(3n;CIB^-bdyb9^r;YG_Y>sERsYXAHy;{DIak-$D@A(k_Pi05p
zH)(EWp6M<Urj~qCawaHQlX&U-M6{^rq2r^eGA=6z_ND1XT9mH(Su7gXL<;Po%H-i(
z52;fTvq{?)Kgs%2m$TwB#xFb=bKN6{tCmV7t<jb#t==LV9COwMyKR4TRyL#<O)T4r
z1^?-;wUEwsj*a=*VgewV{$q#!(QI@{2!u<JsKa6-JKk*SGGJr}M8$$Ze3=w!TL=G{
ze5|h7T&}qtfSjj{CvthQn1HI-OiacdP(-EOYKjzJw+MRRN7{WCbm*G=XOdN2b8AwO
z)n-rrMTupO#3HV1JTln|$~7|Pw|0dk{$zgfcZ*obfFUI?<r(9&&`qzy)Q_ER(DhiG
z{QHxZzq>QZ#Usj%Z(?0}8GGw`P5&{1mp|%6B)GNz$K1W-*R1*c-D`rjT|1O{XU=(o
znEMR*1-CEqp(r}oehMDbzI`VN?hBN!;D_i~jwuWDhA1`_MZY)_exXs6!#uLtXI(LR
z*0rDPBV=+kW?H=p9_a5#F#Oh2e1s!hH6hr4>lbq+Do|;0^9_H+<K2#)^WE#VbNh26
zO`{ba#%Dz<D!c~rT;ZlP0GQK7`Fcxt+Zq<e{SlRMi0o@khEwXij#4@W&JYFHT#iD~
z59gS#C#s_p>iBKZmUHA-Lu?$gXYS}bf~av{Pu^AF;(8dK@f6Sc_i)YWh&PX<TWLYy
z0D496&`UMfMN@NHq0AwV>Nrx20qgeL$-5!nCN750Yn<P1{d^VHerKg}qsqeN^ed>g
zcB<4S;Z?gAhoTQp^hy$AGTcr-WkU%{WI{9Tbt_zM9Fr3+dKzLX*q-q)G@MA;gzMeo
zF0H+oe7LCQaVT55SjRN!$No0x6sd1Hyq(%^U3Y=c{NQ3Z^4yuab1`Xb$jGnVHXYwA
zG5NeR7Rl(}^_d(_%&;RV9B6#@3l&!=VbaFQT$E0D_@Mxe`_@|Yg#EW*LBddW7wW|{
z6ix*i%lFh&+Bw8F?bHy>Th~n)n-6K}RgpSHU>EL{2h+TK@9j{Un`hACgKkcs^~?KL
z1|QAj7<+MVzT62bk#{t~L?<YQX3>M!(;d=Me>fOnDkUOli+V6LjMFurJ~Z~m?^ayh
zOMzQgsBi^je?(YuG=0}g)8n<$Dmyg!v*Jp5{o3Gw=7+QfloHxrdjl}@U37bUJcvy1
zHaGJGpU;y1lKn@IF<9arP_o*@mJ+4Sy)x&W^eVt<tXM(>QgwfFxF7=8FOVjtl6k*>
zRS4J5leWDYWV>wEVH=k+sCwZe3)`tmLFdV<OF`=%7AsM$ybKZ9<j0P?!aq(hqs1M%
zd~d<}@mkfPrlEl?YPB&bVy{KT<~c;!#(>0)0aKbJ&fW^K9Z#TFFiYr7&F=S;FpKrK
zH5=hH;$~ZTcg0dDC1F<D9qKSg@nALMXl?a;<c^p|V28w4twGvq-&JqAW1$-=gQ~PG
z%OVj=5~9(~SI7Ftk#bUN4}5!5J`jnX$)hWzOJJ^c`G>;kuKC3&qbk8$w4If?3^J3*
zUlVml@yutRtJDa~sIrDj!^3`Egc)d`T5{zhO+|YzL<W$2&h}webSvz~N1ihUL!M1&
zGE;XW`~MxY&u(|D0=^y;6S<5_6MkG1Ah8hDQC&_Oa!_VOF?;ROL4oumBXY{$f}w~4
zP~=P~EK!c<GvLy(RO+G1R?)0lH%6BfsTHTjhIhD*HdBrrBmuM7Rtxh5opRa*p{7+N
zW!KawlMcS0xL{?3HCT-ksN>G7Ngv5*a{0oIn?DMEz*F*W>8Q?2emPpwkew!rbC1w~
zMjr`;oBjP;o#B_LTOr!Fqm|6+4LUXdvvutmqwVA}F}8H=97b^&tB5xay=%{q<=UE1
zETaj0S7TNbQPtVdk^i8tbc>eAeak=M`~maL!!)rEEJ3!Gg6Lg(Y0~RfQ!9Fg&CHvK
zYSP=d)q9qkTgCcc`65x|$AYnKx#%XZ0XW9^)D<B4xxr7yiBFs0w&hjjPvj=EBU{$d
z`BsVC;6UR<&6iq@#2%U0UoR&6?g&oFfW&LC73_ub$k+v%<CKW+P~Bqmx;E=zL>WT<
zu*0=!y-#YCNON%D{v8$jo}7w;RA***@4)2sKsFWfzx%c#b93Iw#Wo|mjfgnAiQjET
zG2Cqe^u{v=Th_b8Y4a@&tJb7ca*0oT1#L!Xtw!(J;k}X3TYdfH!3~j%*6t$2s>U=k
z=lFrN@{88?lnFzkrj>hZEs8tAs+BN9r&2JN$joT_zRP=v|B<sm!z`NZquHBsaKZGp
z0PR}jXn=l{1tePX!1nROpLhH>>OEj4*ACy(PtB`G&H=93=8!E#OvU-X|C3)MzgrUt
z0`k65oE`sN3;uFX51q2`0KP2)Q_25Kz#!QC8C8jEpb0rX_6EL~4bwy4__l-X-+BYP
z%HBb^>Lq{{d0)oh>UFG8293**cf;(^vK3Q^bucS*h9C@R;aZggql$d^Zrf@O$#Uta
zFa0#Rdf=>Le`Nb;F&Po}uWx3&J)OIan_gnxm>0?ur($fOmj&w#qKE1Uc7VA`!IE-6
zvtU641K&O$LWA<bZ%sPDT?@h^?XG4#P;%i8@Nqf6{h5I_8)!-6J!E=u&c<{uLEyPD
z6KwGkH4aZ~)qtq4-Pt}`ne>27q)Byz>g*0}O;@tl@STj7jV%U030?{K&11zm9K7xU
zbFF#NL^${qnnS`n-$59J^?_CM=)jbcpSGqz+mo264Ls_{ICRaHBPW5dnTYZBPYd)2
z7@7ksrZk1DIe&W?^YsyEkbRTo=}Dsr;iCKuPCNqIzMj|-NOl~wDV$&Ah2pqg3ApJ<
ze|G4co*!>d;BKRv_XsHL{Uj;7G#=n@36w1^&G95NIYW|rwW-DnB_vAAY#3dpLKSE@
z*%N4p5(p#1dEQW)j>N~!Z?YBw_EjGx*h0b{TUJxHs;6wFswKt()WBMhHCaR3M>{Yp
zH1;dqZH;p#%wMn_y!69PK!)Z#2Nty$1l%Hg4fS^G0kfE#t?9h6uHLq+&G8)X7breo
z95-s(?M02t9zL=)B_mc{s;v{4`id`L{-y)Wk_iK_i+%Z094#yJ26$UvKbpI^C*Y<#
zO%Js{@&qQnGlksNmV%w<7e@n#-rG{^n`C%)t+GQ&zu2sAPTH<>B##CtIQM}Ih7N7J
zzd6bM4!P<uhrD;~$SD1^1vzqt_kYRxUSlk$=qj@`-hT9w(%~QJUaLaaH|>}&!kwA%
z3T4-vUZK=9;T=bX1EH%WBlfGb#4*ixLy`)NyR<4y)WhuNe!h*J$L@wcyq$HjM9bWc
zTovdab+g8sx){6E6o@!qf2r>el)aoN%uuD`?Rw}ve>vZ0I-JPM6TB?4FAm)Evip04
z&s^HXF9nrVP+06Nri99)VnJ)P`61GgFjkW9+PVY=@`})p&)8jMydbH13lgZwJwK$P
zyC05;xZ~!T8Y-d$dQ^LfG5bvcusAK4fRj!D!o{)$&aAZgHpR2;Ll}hfdvopA)f>V-
zWqu35vlz%}y#U+){i0EQ$WiRc+i@?RK2ud50GXp_sLQP4fA*FgfM1bA+9~+L(iGQa
z@~0!o7%58*s|1TBBKT?7CF4DBH^DG8E|AnB4%q#8nE&}FdD8dtlBxC<Sw5M<oC!Fr
z3ILT%V28F1vjQX&10d5zdSxr67vSLWg~oJ}FsTII(on(a<vAu>g%nOH=%&}TGjpjh
zQy|2?7!6_;<N!WDPzPX&2ts-yVU4OoYw2DWm~jr&zYXmlYgmVyADH=zXJh$gW{dcr
zze)1REX9JP{F)(f2f8BIoPKgrXgYA89Sqwq=K%S?i-K+cmVy%3{GM1J5Ikctd`Zjn
zSW)SXiH(wiTKH(^>D-VPd(w5>hpQ^|-~>Xn5u@;Nl_p9&Cx{e+T4Do!K!V<?40(SH
zA&?^a-QMUw&@l72-A|4L>W{$(8TST4F})50>wCl@bQr=At{}FP1mu1=40#m1wLAfk
zl}QjtPS)ZpmQAql<`rehztsK*ei&Og&mi&B<lKJqUJ7J!G<JWTAqDOA@{M7>n(`=y
zS*naUE$zZPqy_@~$w2EAfO9tD63U<Z^yEm8+rNk4X=g8uRkq=P=q&y-J1cM!xuuj)
z3g}TT3t}`j2YksKgDE--fc7)Mumy#&b|?KP&#$TWAt@{@l+=HLw;6RQsU&VxQ#pKs
z{erY^T6r@S^waGnrlEz*LOl`orajnzl58PJc@Qzg8wKnsYx!tM;_0AE5JmJmpuTEq
zc_xFuI5lUeoiBwyOwSq|&VUSEEv5#6<Uo%F#S+lA`hKxRt~{9id+>LGD1j-uJj)ZR
zpMt%tUlawuCfKiAG$f~!WK&$Qgt&szWwa*Y=g7sL;T;lMBngDOz^#t7BTzG>{ihnh
zVtoW~iwW6R8CtapA;3V)fs}d)XwJREjc1cgnCjecMi)PXv<n%EZjcP)6>$Pr8TmqX
zL#spA<>?x6`5=qinXnRNW<cU#AVl^on?!SiwHSuf(OHyv@mHrerVSnliPdBK5kxv2
z5Mdgc#r)$=qS$jB!}8HZGzk_ejRm!T0>h9jUr$iPEJsyPKLQyk-H%EI&(_p4pf+aj
zst*(N%z#j+S)^yMe=<z54+5v#@P%AU*HGW8*sTYXf*upCGGXi6*pN~yDQJP0Zum=6
zn!S`x!<m{|`;A0z4BO%**xpw)PiHzw3L5FvqDVq%4F$>)Vt?rJ{|!joz=jUsgJE)(
zh3bs0YjEmyWa1>v4hd*n9=~~d!BBt}52(8r7j$xr0uIj|=a=a<2X!+T+Mfucf}Gt1
zpfA^gkn&HukQd5q%k^OP>2?m`{6^6W@a66iaz#v_DvN1Hvi)Q1eAe|az7#a1BZx@V
zVcN17=AbfiZ<Gvy+mjE7H6`;;VM0VmV6kuD)TYL`V7eCO6P$Sd=W_9Qn6n+EU0Vd?
zGKv9NG7*FH`cguBvt!H<=Fl}c3buEdX&CtN4q_6^3V0cV2!;tsvgGF=dW<=`pi~ia
zPOzuG9O^nN#w!eUJPw3J|8<g7J!p`Zf<8GPh&9$h0=o0~%)7JsX%){Sn1~y-$9{Sf
z{myk=1k#;096}pL@7uW$MBGDwmnk$bp&B)4+&BqFplWZrP;`W71^1Z_10-X0AWV(w
ze6*4=_Ju`RBuSw((*fU1rQ<WdSrb_dv>9B2&s8?)r@rn23A5{pm`le|10m}449>h}
zh9R>_d<KSskmyK$Mq<LfOL0I;e(}qaroEINsIchuuwri{%ry`Eor@G8yPO1i>{_6N
z=56>uP;9&P)a<@~wFMIrmVu9BnE@|>MAPu4JdWSg#)E>ijD}lUY5{)q76UbP=~v(R
zZ56Z|wt<9cb^EC?=74@dEfb~d@9#j50R&c$h?9X}M3y0J@o-CB0!q$ESOs+v?3i3L
z`HPMCBA`T208&B~>8VUGyxgJ&3hAwzg8SiSK?%T(CWC<K=_>F!O`+w<*gjBuOeKD=
zbU_MKVA>Ot=`oJf8&hTY4@{+t;HJ;Fcgd)uqsLA<oECf*XSUh+DmZnh21u#10lW6Y
ztw{KpI52PPE4Idce*@`8?7-8^f-<H2VVp($o4Eww@Rg6C$2+wo{<AW{h6xOa>`{Na
z9T|w4N)Ct{O#+q$_6t4-2dN3=)dfJ7Mi;UwVp^Y7k4v;Kz_J=eI=(E^aEXo}eANRv
zi((j>%1FYTFvQ(v@Hw3g06mU?1(CpVp5WAR2(K$4X=UgTy7_a084@f2gqC7J+WR6m
z4Ra^?H{mgm03*MFhR>m!of9^YOD-VDB76*9g-QxOKbsabcSUr*B})og>UFJG5wqPJ
zf{l5fzQ?6I4lCjcguK~3B2qngmXU%onM+udj(-=#y^)0jpr!o*T=4<kx&&bu#7WZ4
zJ`iUC0F-W@nI9q!_N*TPoWF{MS!hs0pJkFfix6g)iVQXr9|f-!TY`UuWqQIQ(4f2z
z|G>eOUlhH^Nu{7xUf0^H*!$Pp>g~Zw>1Juh$tEHHNx7IA-nbXT{*lc$@Hv2G$C<%h
z0YIo#KRkzd$07(}cZ9@A;S=+~I%Np_w~e@Y^(YJ_lE0V*3CboQ4v{o;08`i<fy15A
zAWxDbFv1Y9XEmYiqh}u)^nGXmB>a_bnfUfDkYZ$^kB!A;5~?m{ADAxF%UP**5Xd{-
zF4ypks(O%RE(LWPuaW5;n}Uyi$dL#1^%nB;AVJR4<FuJ~|6~jwKD`A>K)dk3Fjf!=
zluQ}Y{*<o*4EM$Nli0QM0NZmf0m5D9fdzQ|0blv^U`D*4^#XH!GP6a|pUcYy_EMUf
z@pij7#W0T!2@N&4HE(YWMGg!c?$2$jP;PhujvZg{WoCG*T?{KoO}#F4ri5-P544|n
zLITA2Hs3PtvF`ryjB}96Xb_~$83o)5vG7j`@k3<0#{jVh1RYyd-rzptO8zhoGy6yF
zTCN+vR48GNAf)d|3Fv>CVfkpvTMWya-&qP3pALvI-B46Bn$O_fZcc%L4MU3rN}p0L
z!EZ+vN>XEzZ~g$aKgE27_AUZm8YB6hulOMWXnZotjL(~6`}CLy5F~T}4$r8pSFd7g
zRId_*ELm8AV=a&&ZIoh=(qSQpU-VRf8>Lx}2(w_=AH@H6(H;vhF^}?mDVBn=HC8BI
zE(#QTmYP0k>kbeGU9h|k$+TaW6^62m2S7f0T|1`FB%Db>^-_?aq^FcnpkoXy|1A)z
zU>WjBv0In}(_Kyx`bVe;CMRDYE5bZYM+JaJpMqiL%QAVFA4m9UpQ|D8)M~+JxsOHt
zq>_9hJRtDPdb9w~d6wm)GGQ_7&%8sW3`CHY!>}!tgy$520RHh!i`7ZnDmWsP@pf#%
zm6?Gf$G)4Eq)B;I2x5T~<JtHY08Q(M<HW<2cuG*&6om|MC7=xXX5UR!th<dY!E`Pl
z@Oh=AwkS3=w1?0cOh@7aN%}EO#mp@D{Hq-Ny-w0LWH#S21ms@~yPpSZ%MJ+AavK(q
zV=26ru8B#c+X2437KWDmPwdZt{REj1JVV9)a6Y?h^iD~>rT3BuBt;4EXCfB;0H+SQ
zq37$>BNK)UDnj6+h}lpx>Z!~H3b_{Gqeb!rLc8c@0rpO+oZ@u2{cs3@mlTW`0w=|_
z?QVS=<(c%+ew|G?zkg5)%J1b%r#oOc8G^ll833_18H-_+nh>OAGQ4HO)=Ue4tT8Yg
z7aJtOe3!7GhlBzUP=u#Uycj(P<}rQQ_ubm5<uFZ~d$AA6T@GH4<Kz(dTkigVrT59O
z1xz7GquBzmq#LKROr9(QKo=gz-@B#(-1pVyyU7iNteNPQ0pUc`?J5nls%l1zFqX$r
z-D226b|yAWV5+?-vtbHC2TZZ{Ayf!oyivxFIPM-WoFf2H>W2rBcp8ezVD>PS!S1-Q
z#d`+;jfP6aFi@=ua4RI9zZXWrR~(A)$K_urp(YK?f8oxSQnjd{t!OYTXM-K;&y5Wk
z?t+2cy9!Ar&k)@P?H(1VVyEn0uu%JlBV1BG?B9P<r#$8#rCihSbrL7T1Mq&hCcwS7
zgr61{Jgz#lqACuzKmhTlmMJ)$D;Rb;3Pz=b_L<s%2`$hd6szJ8(alDFncoe9o2wY$
zT>>ySAs?j9iyeyN9R&*&mx6ld=$7R*XWEDKn3~C}9h{EkT$DcqKrZzJ&szVJN@p<7
zx8Y91IaEeg4ei$#l>vkw1^^a>VEc?Xip~r1Tm%YwSo482I(tbyIFUd(41rKK9zIBl
zDH3G*hbNeDtBT)zrBbl>35QR_T+{Bc>j4M?8IHkS+R&hloy@1Q&xUG36gd~*Q?G03
zikQ6$5*a`D*=J}X2WgNu_VhB3;nrJ{)wExNv_ZTZ;a|<BaxbF|1_Gvgz~5;Ayez~e
zqkG;LyVjQ72uj%XClb)(UKTS%wqpRWANC7iABqls`@;)N*I@`+?|E-e{Y=5v3sn;U
zEs?moyNK9!v&61Z6%_q&7ZlF7KZgRh=naEavBL{~<$N38sdyr@_@d$PFH{Oj_4g=?
zxipWp*z;7{C;XQoCG>j^HnfXe5F&~MU0~jctDt5_z#%{J(v+89074bJ*N))u@M8Yw
zg+R;h#*d)F79-H3fw}@6VpQnDiYDNf!9eKqhs^Kw&QYEQ<kRgU!ubQife_KL1?_Ya
zMpBD`rSm;tUz$XzUgCdJ9MyvmjOhSmW}6-h`^RmT0r<ZSFf6Gb?nvTk!CDfHm<X`_
z93M!R2@qPDs0u#j5rDK6gTTAq{qSOSYN*9VJ%4eKs(tqlGJtz`?nD688Ujz!7!xZj
zvV4rzD27GtWjZk4UVz=x>nvDV9_=wK2AY(lpuYRMtUsP<i(#6G7p98B@`#|D1s0fQ
zUkF0@n8+7qMGOid<$D&74?u*)PV{A-1ARUaTw(Dr);t(S5{$wg2<<CEhb-}Ufp?WC
zp>q_z5VM+w+~r8mmtX*tN{}5I_yHRdEs%agSEbwxcPoa8b=+&}D)goCZdc(3K%mnV
z8r9PqQczE?>vI)_!C6G;5EJt?2Sf>iDh&ioC_n<J`N9emyR)bEEoBsiXgfX&J|9G}
z4s(xstq%a)69gf3JN@us3Nc8y$!C57(;46cua3Bzs$I7?F~~GS3)p6dz{5P!s>yog
z?<oF(hsPJf8Cgzp^aq4510jpe9HgtgsrFLl4V!OBYSp1Y3q&*^o8Sx%hml!@SjvE;
zXaP&<ak3&8;tmCv;GFQRnPKjH8JUu=Dbs=w)G0*NBiIkGY!rjk?Ky)n!w}6m)iN?U
z69J0~kY&(ku*HN5AFaDeI@Cc;NcKa&U@^TR9WzS^ZxXLnW1tj>MHsq9egS41S%_6t
z@UQ_-!T*@`2aJ74f(_XXz@GyVQNQIQe|&%*0vI6?CvD{WLSWutSe^}pO$gFe28Pj<
z^|v2N4KGV*gSsEOr{Mo@4{!G~fZ@U={4zYc5G4p2w1;sT9$STQgrX((C#iJ^1Ki~K
z#}cwX#VoE>G}93%0Yy<cpu_#a<os5;#r##ppJ9Ch{o@@;C5G1N{<+2oLnHsN(%)O&
z$ulV%qX&`)hV42p3c62Q*cRK1;RK>QBf(dV9)0b4)7m@(<rUXu^oAu&*zJcft!9~}
zO<~f_mgHV_g@E}QUuKU>6#2NV;(!JBbNZj;>!T$!GZ-|I(xAg%bH-7Qsee@R|6q08
zAEQV0pXJfEgwaT|E8+AK{wAni%=3>^aFHbA<XGP7?^cg%vmrt=xbMsGcU2`tV@;$Z
z@@Mg!yXi}8&mj?A=va#j=JA{hJBziPBob}mu8r%;ZLg7TD{RM&D_EULjFU`hKWw+9
z^el)gNG4M!|8`ln0uMp+d>dad7613ALpDOA`WT)|q@qO+4@)7s1w)$qCfdZeB0H7d
z>q$dT0-kfeADxUQ+1xs_FHLqDnB6+VZa}${h)=tYkL~*;qGoJiQSHQ@b1iql@rY+1
zhQ+PLbw#uv(q`%|Pb#hZY)w1th!BfzI4=+yG^5E|KCCsxORBB=Xj>gi`5h9j4d0=M
zOe(MYoSzI|<_a}GjkSC$$U%G^))xO@yHok_FI;QgB(5L~7j`8jAJ=F_SMrrL`R&S*
zjCwrO?Iv)+Wv9I;blO0RT5lOMW{Gqd?dF%Aj3?N-WW<jtIppT!WmXp&!=_n-8+{+p
z>zeLdP33Z}E?!96MTQM0s*M_*)oy6i!a($y=%bfN;PxIekS@L#EfGoldPY?!fQFsV
zRFN3k#au>@)k|EvAZ_w$C;Gi}pX4%)8rFWye*f?!wC5y_Mu;NwRGBa2phN87AAii@
zZwaiqa=-ge#Feq<rZSa_Opij+6T{E)K6#{WL!2b&^0FC}Q-U^cfvpUMmoRadNdxax
zZe81p4Ay>OF+Om;mC-X4W}I$chPk(rkgm;G@zMdaFdH*tP0`KHY5!6^LVFW4_Rm!9
zLosGsN2WkCo6y3E?${A=Z-fU~55cS9^-?M)v(mil+LjmUps&On--N#D8<iDJLkEB!
zAKKSi!Di<x2ec*J?`a}m+2!hdhQvf^_6qWx2y|R*wKU74H|q<(ub@brG;UJVCbY^J
z|4skiHTs9GASG`>=%6Y5n^S!r3r>5MgXTie7WE<p{>SpQ^;TQ?g)S0_&vHfa7prGp
zKLXr05<EU-|2;0s2+3p)1heMVvD~G7W(gd4K*Ko^?4aiErD3<3G-1Gj#S*O_n*|Up
z`~aG&-Iv1Uj-m-Yim|Bv%;#p+)^@(}Xg-cT)9G*p;%vB$8`jfJmF-77-{sfN4l+}e
z_CF}CzL#RRDe5dNcJ`F4arSehs_~FYEP9w1Cz-l?I;E%A%l3~G3MTLRoeufS#8TAw
z;V)yWoaBH-+Qbw~9=9BW=;(J4t8}^0=w;%EigR(1#I!Z$8IamO31WCoTFKfy%AL%_
zGcsGf;-4q}>N?7iu$KJzO<j>tNXUAQB@*bJmJjKUCzR6bWcZR}!e6~eBX}5T=W$&{
zK|siDY=l{QVpU;7&qB)asiK_Cy-zcyAQdM)#NDpfJ0k?wt$bb$=>CMi<=6Y&1tnsb
zIBaeDtnvKx#K)Xnw=vk8)rgoPhd72bGF7zg@@E;*E&E}43Vn!13x->j{VAbAeWIK8
zK?7}SzVEp}Wmj>rDz7s4*=K5r-L}av6ssKUH(i;2MbzI0kP+LcnV?c_&0UUu-<%yQ
z{+u6NqZZ-L8z8fe)Q%T?AmzQ5v3A#~AGAN(UkNM~N=m&dXp6t+MxEygZj7QVoLdj5
z#okV_G5e6I_Vev$950z%<lP@U>ec=4+u{{mh(jMG@8Nd%Z&Ke|)s`D)TzjTTYy6^W
zn=4pTdGk?^py&o8CZ%q1vrV2Rsq|LK+D7d_;9S3|N8X+0&hlMR9`gP(Eo-e!1KaYS
zqE8-L1e04o-;%Cu2{SPaX@q(AR!3M;wOjJ~5GXTem^<YVjp_Eddrt82mPB5J=?*Y1
z7zY$=W~s;xHSA!aqfoTd>DGTCqakFamM|NxishCqd^@d*mRa=o(35l^Tt1mfTW(&Y
z<_I_a&2SR01}S=pH(Sp@CHaD)JGM~blx4L3{{fUhYrkHD@N{!9jBu?l9fi^@$WbE&
zjzhTeNM7Qm2fYFjeqt#Kwn$a)LgClv2~yP?f*?494c>()cw*I^MC%8`-rLkh6bx4m
zM22H<0mw%PZb<GRxF-?Lxp5j3822=&wG<6ewQhkxA3;*7(qV<G>rl7@q-;~nq;Or$
z$Wgz1Hn9D1MdB(dsEbaeq_y(qw2rm1)dQyrc8)NG&lFCt=jtgT@7je)MQ*CA-1sXO
zE`{E^mm4D!5!G(=kVw)`EO4oxxp3)Hdeo)zFumEi0(!SeaN2Vv;XjTZVEBn!6znZ%
z{3MeUq}Pz#YDTyQ{Rr7>QDH3#w2B)FiITPADS7x9x_kl!+EgStkHv`XgZCx*#W$cp
zO*#s+nO5F_LRRzCYbvgKO4u$6$WW`E#0&e8BG>$50P1oqJ~PRQE}w|Y!0#Rq#A9(g
zxJG*Pt6DNpXs#L`497rDoUUK$bc|g-GQv%~zE*uM)!H(Rj;(J-*qZIuE+$s31EzyY
zxKp)0>?TchiV20R!yl&eo*q%~;L<!0t4}<l5Vy-rLOycggVEY6L}N9_`y-sw;)eDf
zd5DYhOAnxg%P8@_#7&i4)zmH7+W&t=f&AZv{c8VTc{lO*x1Pr@n-OkrDK+OKyv*cH
zx1WfoBYa053gz7KAnBQ2bAMCMl+-Pq_2}JFgD24~t)m4S{UB>zm)xnlrOx-Y#y#47
zASUG4@6A@N8*hc2^hUVM+)`>z_e%CA?aq>z4fMa&`8QF}{T8*VDqqwK(5qRWgOv4T
zN6=&kk~Z2>YBqVT^gg#lNn?>~s!FSl>e4xG{uVh+mvUs(45lZPWqHx#mx;;6H{e4q
zPOT<)OdaoE)DJyxX2&3(QLV?OYL^gtWw@IUHzH+e9=oAVS(cAfLv%5`b&PgP*&)?>
zhb!qeom(Lj`#N5u(@|f**}9WVm;G8_=Np7@j`LQi*Iz%t>b3t=%_^nG_@^Ar6i=ms
zk)v8Cy0l|->$vOYb|6vEdbEPN)ba|pm1DnDwUcU`G8ff2WhQ(OACX?HLF1>Gq!(+0
zho!2nq9C-C<@?#;`(YP79c~oyo<hA3sn$1`cTX5f%rv_lbIei@(Fv_Qgs0~rM~&Bv
z0<Eeyo2Vu!SSShto|<2d8_MyNd>M!3npj#*G))eCmKiviS?;Kpf|;Tq>?#rjAv7tk
zr6%8-(^6B4_e<sV$Z&wPv8hOI3Fmur<d$$LlFA#A;VAK*gXBP)=*yC}i{;Yxw0I9W
z(3a-Ql6HvY(vGya5sT$GO?HH(;IGMeCeSWQRlg^lAFlC8Z`DSBSx!n*D!sT*uUlQf
z+}QX(E>XbyT#jSXi{W6c?>?8Km4pp`<-1e6ul*=p-$S~LTlMiqa`QhB?IuyHP?zjW
zlSQF(&y-4c%(E5Is_r2Ffi@9^j4SRX>a@lk%J~}B$#VV&fx!LXeo=4}hBynU*KI(_
z%8kjZYMtz&`kD-yce$91K0X;5dX8${Gg+6ugwQ7RqnWh7yxDWuSXs5V5F7c78@G{>
zY%gNd&YG+>L8%H(o5fLtbLRYA6yUC2)q2IL-6`f>uUdaNSwCfX*{;!WrfN>@VxnH(
zFQ+*zapMmo<uJz}xN)5eAA!3OLr9-79fxqvfGMmjzj8uZhN#wy@FIvSB*&dW<I?+d
zJ6vb%af+R;Rvz!9T4^q5g@?7l<-!GZsqE#%P{&&OQOZeL*A%_bd7Nz3tJXPAHj>X#
zt#+pfcUL6m<#**wLuz*CH{Ac2bU!V^)?a;0QY*)5IX+#EFXQw0GT83dO(t0+-M+U!
z!q)X4gHXLbg;YV-WKnQA_DaEP^jP;S`tT`uc-E;!l&U=Rx;hiW*3Y5H8@JN2P}2Di
z@TQXxp`R$wl;_Zt&o@EJMUe9IT*?;(J>>&U-;{D2M4&QPD?rNLUI<(7hWifdqjz6Z
zRq~8Zy=YVMWry_2aXXATlSRSTgW4fZdswxeEdx1?U!S!8uM4kl2*NqY$)s*f8Ax4*
zYF$?b_tHyMF?u$?wTaz?icN6p^v@t<<p6}OwFl{~5a55QjMluQ)Wf;?KXcM9p)bNY
zcQ~PmUsz0DUPg_epOuTk9@0cRUK;xJB$9y+SM#r&)cLmj#gjz1h0e@hEH@22TZqW%
zchXLn#I7MF`YZJ<q#nmrscH(GR{qa&Hs?_cs!^jIJeaa6++40(ohH><I!T24aIA;m
z&d(2{uV0}x_d!z4{h^VsxtZl1YVLZ-Z-<)uq)gWr0};-7ri|5`Pu6O#PNqelim>(Q
zhwK<fRy(I<+7sRjhnic98o8QtOky>+WimWHpjzLaBnq*m#1;Hfsu}|)o_|oL9U7*E
zdWwXaq#c0H>yKKn$LgK-u)RsO-YM(qVhqC8yC832&{osoQI}vCg=7^ehE)Sd0onIo
zrQCcNGba;I?<-|`gkCqYkj{5G?I+4Zx2XspmvNml*i@P4S-jt4XqfCMZ!oPlk&Ml=
znaGp%g)**{3+sMVSbMltHq@cT^~lgr?kGQCT4yZBjq!~2dF7$GqSNu0wV!Yg*Qcpr
zn#cz!@54%^zZQ9L%!yBu5m}pRJuwOF8l~J;5mcorFh|DUc=cmZkgDt=Js7<h4lqX{
zw+*S*AKwDX<;2HCxy+aK?&ns7iT_7OL;;OQdA_a)_aAyx6k-Z(x(~t~o%QrGcVj87
z1jT58Yuhu}lHd=H&_h0R)`D`h-UyLWT6wq0nyh<o18r}CjP-x8ln57+oc*`nEGAtC
z8NQizM#GV#zxQTQ@b*NG{*F>n@ZJEG*myGt?=XBVK18*q-2#hnQ*Rapd<|jin{ZoZ
z&ObgP<=zYBCS))ngMmy1iLZK1<v1c=J{C7P@%v6V?;nr){4muHBeAvVFl~%~xvHuT
z<NJq2VO>x3GBSkA$CvLl`LYq7w^xXzrBU?x`ZQ>fY8^;lP+pD?xkJX@GYGk(D3mjO
zA<5IAoAvoG4*)UUtSNGz1r*Rtpn!Hx6oq)96Tk1mN8z&MdR7@76xDMR=}^l>idU30
zWBJ6yRI{6lm~TEDvi>r=qDcxqBML$+AksP8e0_$sNVN`_2n9;N{At`E<0}Z?_@_pC
zHM>!ybD9%&3h6{GcyFfdz3MCskBl!iibBNrWTPmQ3W5+ZRyK+PQCUi*2`PE8Ix@%~
zb$=tfBpTs^(Fd=ns(W#Bx#QBh;Vygx8JfngJ!10pN4V<|r1U#N^BRKg;)f-o5Zgr3
zFb-=J1xM63I<&MD;e%-LC#dFBx@vuQq7Hk$GAgZ66!56lLvW;Y8~IuMiHDfKN7ff0
zydTwkmW~VuU4=*V^#{o;H=~fNS+dAx6gVUL&Up-Bb+0n&okOB9Nm;wkbgR;DA5sl&
zY~0ca3&4a~1zfnU-mDMIauBXBR~8kh)~9anY-$~J&<j6!lWdnm6x^YCwnZ*{SCI=p
zRP4elN?rIL$(LZ$@tB+#kBQ!g5uRZt+BDeYy#ocJqIW9%Ye&JRRiyu(>wu2+@I3AQ
zU&1I7P7K!q?-wBTIwDtC?uT7@sOIDV)P>%6hUGl?)kbS%1RR}h&`;0qhC*e!?j=J%
zxYR5^I#ca9>ODSzAN8)Kw~nN`KdwXhoG?id2&bb!t7+v(6tZTHzoz1<O_dQg5ybL_
z<-E(sk}}Oowwb&cGXAqPJ>xm4^Sy@UThI332?<kF&-K;;5mC_o?-~&WV?-2sa(?80
zQXZG1-j@LbojQa!&SfiJ!`&E}?M-;UC)luFMuBjid%WO1hSVAq2%B7vhPCH$ZJji*
zR6tk}z>2K*_CUb~-+6nJ+hIIcA_~%rwYatp?gYoRbv!>eu65%E<k;`aPK>4r)WCZH
zRSG#oLEt9Ws|vwBon*pWh+nW_Ro>-I`Xqi=7j7U)#EMi^m3DpBM+$tc&4oDaO{5<y
zmhpbThwy4M3aZjGwJ^w;l;?Jsq$)UcnwAYY4y}zNeB;OxB9nLKdGKG7))Nu#LULL@
zek*zZx+RHRdhc{Q8oc+r5)_BJajDsbn>@kr`iTUhG*Cd}P2Mu3)>4j*YtP4rxNr@>
zzUU`B$%wumk%IHcanPIVQtMEl&g6D{Dm}egRn>Tg%r0ABYs;63JpfZyny@e+NWHGV
zqr(W)X%8bu&ie79Amgx%8>JVCd-MdTFXYI1ahxc~(u-laOJkQtUnWwo%N{QZbt%>(
z2nM@~Kjm721*sy!HA#yArHerQ?t<KIrAtmtQq`M8Up8rX5B(ILmYR^mXdg!`h~Ei<
zkVu$x^4=TVxWOGV7Ty8fscnL&-8Y}5T1StES#bx#U$coj?fr_|mhTSbG|*V1i-`_1
z?!E&Q&Xzlv!Z});H1pJWlRkgVl2NTMj!#S)M#n+)Ra*3LvA)J#+HnCc*x=1Y*qBqS
zUEXLY7D-bx7T%=!47!N}oIIaYYHvaKFT@E;CW_ZqfFiY^7!|Lrh{%&#TUvZWci&}%
z4@5VR#u4`3OVs&7dOq)sbof3)niG~RnUZCSS+Y#Ymn>6?B+Hc2NG4pUuB<FY%1R`e
zNjIxZF+r=mAer4Z5~|{YWSPDQh8{%D=Ayv+rF4d*!XD;)I^>_Uw>%UovAFSJ<TxY+
z$WW{rZV-^RXIC{;=HMDSTnL=p5Whp(USm61683>_8u$*3mr2_XOWSMwr<!f8{`QkT
z6TK-Yp5?SRlr)!1<p+sxCawvbl;Sxh&GgUAc$z)zB(?;GiKpXJL;boV$EVWfHRSD3
zI*+4n#Sm$rP$q5fVV1V<_kR}lxA}eZ1E+4OIhkRob*W*Gqi*?0InXA0hr%3J=0qaB
z@m_ME&EU(ND3}Bxo?Y%Z=qs2g2%@ljkQ;wQ-m<Bms;X@6h`_)E23~8+17;@5jQM~*
zl;(t;_ON6T-AcNRbnI@W+-8zPrJ`h!^NGVOS>z(gB9}%)0?@6<rEWz=k~!U`%rHSs
zkszd|T#J&rErj1k%G^A+g7T4qOtWV57JY@&-hv{f(9G;7P^9#2P(hK>_dpHL38P4r
z?Pb~s1s9HaaFnjTUz9eKzD)XaTWG3DwI02m^j|b6wCCH>1OZEm2~ST~P`cakrBpRt
z6oj1u4Ar(>uNnVR)oY;HkGVsyl4nb{y0A~Mf9bTVnw%5)9@&$~_rd5ZSLryk60WOX
zXG#jwi-b88UBklM&J4j!H_`iXE8U-ay$BJBb*m6z530UQGTJGK)45jP^>lEcl-mkC
z#GcH7WWJQD(xI38tM4vP;TNurS5#HKMGBo41Yv5Z#6|}7y--jEjpV`yk>ot8TI<J(
zLOd4*+1$M3JfvEGJ62>@%1Tv#Ab|__xkEMy8IHN}SI_`mfxTvFPJ?7Ipg^7ZqO^f%
zFvo9gu>KwVD-2uTwQU7k@OCnA#82Da*4k?+R9XgUB$8#aO__WH!mM7D$+TTdmf6K_
z<q5N7nO%XD1$h@F%QQs(S)@$MNBF0<S811Ap&NFvcjIAOfg8*Vtk<)b&Wgv1M8WO2
z=)DQ<#WI&Qqd?re1WD^_BuhEnJwe9xMV#rMp<3T55(Ssz@4kbC9i0k!wMY~^LDfrV
zP@XTMLmxT@t11!&dpI^v)h;UgK)<gH`l7Gs`X6=`(=|Z)l4<bLX>;vgBIVIiq&$j{
z@@O%8I2Im012b95ql=L8=u)ISI+s1|4o`m`hNr)$1b_c3{edWspVt$bRR*}uY^|*V
z?w>-TvZY9Ql0?H@0x^SkULcm{oe_wM-U9MZR-i3S3jR==PowX8eN5uw{PpoCxF;d*
zNrq}&Pn~)3Pe_>fAui-%c(lfh9BcBtg$PT`e=7J-*MgN0XCMN>e8(XIAr8WyKSm^t
zo~R;&WGORCma=@wQdT5c%1R|mSp`zc7HLRW>4RNiW@9bs8lHKZsk~D5uEx;-xRFA8
zkN(iR&wkIiLKGVMmo#(~5_z(fK0ii(PSPJp$x-jE;OwP9xEU!BTrvxtq|P%sS?VTs
zeu<;rw~IX;NT0$8RQY`~eJRTcjgk<pi=#xr-Xy>GHr;GY`uzp5)rB1={ONjOBH;1p
z>_So4Nk*Tl^_5XXZ<ZB<HfV?Ul%btze)yvT8A&Lll$EMh9}PJdLQ<e*OLvyiKb9dQ
zi?c|zPKA(xt(q!+4Z;M7<nHum0I*V|1YU;m>Hr$}ZPuPwBPBrUhb0_<N-{z$CGZ}^
zI6D$zG_n{7DFISBpxIf{#~@%G4H#ts2O=c^B#i>Qu2&HBwY2=Z>PQPJiWq3GIaO<-
z&x{0lpKDi<vZfR%YY<Y_Xb&HUhnTkCHH(n4W+_tEXzh0<eF{ZWcGLE|o3`KGTN6?@
zk_MwlcT*YNO=Wa9mC@atj9x3GHx$zcR5*82;oRMr2zHbNQ+AUg+QUfMO+{#Tlv(UW
z+|9zub5AGTAZiZ>o1`Cv6?rZ73r)I4*Cqn3nX)vcQF+dv6doxv%x*=_tLqSdBfFS1
z*aVZ0lB-tPSk>XKQhq)AIL;#4Y6H<$4-iFlV?tZ)OV(CxBXpg_?0D-JBSazgN^-EK
z5lO16jym&*vr@IbJ3<uV%e3J4tJc?u$3pNRqM+%&5u8>VP3&D=u`M5wq}UdZ_-4g6
z1%j@%6@906>vZKaNu7*>(nnAuJpx;FBWa{c<cMJGh!lm44~*vRd0az#f0$aVN9uKN
z4(D|Qv;XW(l0`&H4>13ba=XnGngrG#`J1!;vO$t&lp<vYSbyJU`hC}YZmHA$r4xVV
zRvxzHyKpo4EkO7T`7J`Y%@vxjI`JhZzDf+eQ3!to<9)TZym;gYVrzXEmEZzB?;_}-
zCk)r8bf=?Wi+39B57oNz;*kSL_>bWJh>H-#0_IreaDAdNA517P1AbJ%n*q3hbo}v|
zxQg05-!P8J0<-wBQn&IL9mgnB`gIt_xRsSA7|OVn4d!y?e%Oq(jOg@AVo~|2E-LLX
zpOw7-6jlTjP9vNhMnvmb(%S4TNZCO($PTJHc5ngfAmA%`p#64GrL}{qr5&&j*6~Wd
zC<xy5Fx`;o-$Fz(H<M_@o=Erh3B<a2CDJ&v$v<5JZKBTx)<Acz@y!~R)c7V36Dhe)
zlCNcnzTLMK;b%>vp6PD1bj38&X8My)e^^Pl&?kpN=(+SkDgB|hzV0Ya1lvi2Eu#+>
z(VwOCXKo_c^EB92`k<2j`03BGM6icwux-%0ZhntGr#<+NR~c-Pnhh?ZKfqpqaH;Ht
z{zH@Pg`Cc*bN0gd>!=MtueLwbVWV&C;US`s=>Jb@{r`|e|9>6d{Yq7jh<dlXQwY;r
z`Dve7%5}jH&{$ivSmS7{mm!u>@9mM1C9##>>rP|Q>IzF$B8^2VQ|s=bMvW{9GYr+P
z+8|c37V7{FNh)=xKTYrQOCfM04Lny1{Bs(3ss0M1pI*Jc2!j8D24BWz%T^#I;D>Y*
zrbHzKtfT?AvVgae0&1g4Wc0J*Lr@P5x=l=29q);p)j^D~Z?ZZt*IKPM=;)zYs|mxP
zvqf-rh`t7?85X*=u_X~~FAYW;(r((2cGHHmn>M7~Ttj+^hNcZ^H*H9}X+zr0HKb)U
z7;Q+qX+zpg8`5sBA-QNU+K_hBhP0bf+s!qk!8F)5`hd2e-LJB8C4zlD7;GB?5^NjV
z;&#&(l5E>B`(&<Lkr&k^`p2D_B!+7dQslX}hSJlJA}>SAjHO7KQCZhv{s?x0=DV>4
z;WiKc3by}WaN+%KN3L(N3yZGtg6}R@VJ$L*J;5e#4-^dVVuS5Q)jDM`9e{_m0eHP?
zEgY;3z`b|E)zFzp%+UTYxNrvfBa|+?lnkUu2pe3E3|}F_J&~i)+XEHWx^X!A^gt0T
z5!@4D10t`lL5hL+DBbj#A8nuOTDogZhJ7mE)*std4;ja<CEan9{1za50Yub|V<@zc
z?HeK8@lDVjL;qS^T3o{BM>d?La~~xl`?&DegA&_-hS8Y}?^x0klV04$dT|$v^;gLE
zhpKhipu|Rw2pP!I>4sp-s+_Gzt#cOJpg+He7XRIa4<h_gG=nAaBS8>ClSRNC45P)3
zNOJC1t)$DKdrrKo=>{N#>!b1j5vDNm@zXG)U=P#2deXl1A%ZL76f%g7r8sW@qO#&C
zz)!>EgsgZ*;-_IkM3yYGie<%9ME<C7DeFuZWXa+|@b4mzvd-*L?#pv2^Yh~)6ZYV^
zeBQzso=>-G&^;P`^R<2K-(?#7C-$4^|0?@!`WeoCTRrgm*l+#LaQ54jfvN1b;{$lQ
z2L^mE`z`bT7yB*Wh3Tf<EEjG?g*BvoO;lC&mUVX{Lzrl|4jRNbptA;v^`~>{qlp?R
z?1IE@q~RBKL7}dQs0_u>Q3WKn6w=9Gem`Nb!Dq0C>yUa~TYpjbcjYPV-<GF;cfMKt
zH|LvE><<R$Z2-L)pr1(%`{jO}VXy6{@46{+;|zO~yD-xg>Y5jo`oK<Vin>rjqDMfu
z8~H2Lbt-&=HSjyO4zv6wnwGvz?_t{_4{r8gi-%+zJ~zWo!Q*IT3zo5uVJBm@3)j1F
zhO2Nt>~NlED|HnfMvlYMv(H2Q4<PntVI36qgtwPoSbTt%cU#}i<$b!Zey45KCP5H9
zw9FZ<P*)+^w>MpAD$GD)CUjL9D3o3XUDW^=&LFu&xY3Oz7q0i<UarE!By*0#(lcIF
zRXv5ZF5Kk84bgphBq68ZBAs5QF0Q3)H^0|bp=~T%SQr2N+xO=$a}hlINrS>ODq;6?
zqc00Zi1rrZ{SbL+19G$?X-cabN20fqcZ+K(k#h4l?y~)c`HAm4`kB)wY4n5oeB<b+
z(|EshCfazGeqL%st3(0W-$zQhZCN?qPmK5Zec`h1st@Uo=1Aan`pK@KeODDN>`z1d
zhKNWAQ&aCx(80N|h{l7(?VE-|FM!<_0@KkQ0`KUx7NT8!Mez9|wM(Pz>=R6y27)hH
z?H@$n$%2n}NmlQwLm1*q1?9GU$s$MvpfZt}c$7+((tP4mAz4rn@mVBUN=s1yqErC>
z_^bAC{C_%?zcNvNQuuH$TD1LwAe7_U$VO6lQ7e4(@WB6~<mo9&E~GB`PE%6JalU5L
zv*L@a_%5yZvQ~VTR(x46exl?F`Ocfe7|_l9bdf1~y_XhG73oF(f9y%!=V2%bv!HH_
z>CX$zq|j=O8~+486jp05NM=ku54drF4iJ88qvM5lsrl2QyhDJx6`F_wiMSO=Av8Np
zmbRNhkEX+DwW^`g7@91`3$;~KBf_=u{>0T>a?+Ri9;}k)_&;k!c%Q$m8A;`P-G(s9
z5gjPH)LQl)lA)wmk@r+JR8p<*Z@(cVi)>2R6`CZnd0tnjOeLc-cnQ2;dkHAS_)zu|
zZzBC&T>3|7`kye$2vcybP`X){vj7vb3zEfcTcpt@is}aPPYL;_T=Cl6#8e<*iCIlp
zE`=DCns|;&EuQzmw3V+nl}vkBUniq-xUiEP77>vvCBkS1p(MiSwk@N=NM(?Ss4j<{
z5=`E2LFKU=*OGQv+=EJ9H&GDqM$!U<VXs-OM}duG^mj}FKgqoDB<#g)LaMTjT2cx?
zQQ-knH-Za4M{txY&k^AR>7vW?8FFZn7`JQnp9!<j@gW@~pu7LGRu``Iw>8T<(@7Ob
z<uzJ88ERSebgUGuvfRq;wj0PlCFGy-a^-fLyId*%cPi$CuR2%E*8jIFW^0OyNzorN
zrE!7O(G6BwM+<3Q7r~0PfX2gYh_5dS(b0YA1>%m*zC_1Qbe|K1aoQW)ipi}Y^1s=w
zAi9PhfQJP*K&qISt{bGPOM<R})G$&pt85BerFEeOXl1_uvJbIo=S7!<`C6C1Z>`sm
zT7Qq#dYG$q#Z9W!O{&#Rs?}|Ce@8=w-7K9e-I2P|kDiB0@2^$5JM>d9|6TYlvkR}t
zbK!sd_Z1(1qho(q{CFpOz|;M^?18U~{)=Am+_}!Z;+d9|z2a-)|5x?^wZEi+e!4#m
zf}!y+Tj;GIMO^wYXrKy&>D(U%p+=5cZ@;a9V!@k(FoqLJ#v_w=01AW)kfYZ3c_dK8
z<d2_`!v~^yFni#8k?x7_upUGD=UKDopwPp%ooM6PFs+)OJ;tiWISvJOZljyVj<3jt
z{w2EdGOdG4S%MIN)i^;4-jZmUkwAqg2&9+i+UU>@ZS;>+(@1ueRs@d3UeD5-t6fD(
zF@jyhm1d+=<{_mrAJcVG)@Bvw`9zb8z-lOzJK{VoCR(s$hHhE1ICor-%+P8tNET-=
z^3NE_;u)w5(YlL7fRuG#E9(rJ92KUPqhG`Pj4wye`IjcWD)-O^;yf)CcrFuRF*|oq
zS@8^`qT=i&SxSlg=t6=cvEP`e8T6Zll<kk0`>qG6TLJeARO=jw{)>4pH?d7%X#6{*
znpWiEBjowVm+14`AR4Bk4W*a1TdJCTGwmuF19n4dfUUkl%4`D=J`jC@z2I)<?w&*4
zGgMUtC8q2q>=ox}q^yg_p1G!~uARbARtLeb6eNH7+pm*?Fv%UNfMiM_Sznf2#gW*K
zOj?*7T}g#&6J97Z>oiR~`ga?B>83<u=NkD9sVgTd4wcgrg*>NO8_&3?lJ`x?Oi@du
zIg^SaHRQ~sHRS0<+p=>Q-;{AAX3QjI8s!^SJVW#iE}oI*>t8NymkqMNHGgG>M|!Ph
zd8O=ct@X|FuSySkA7-YjUG)T;q#&svfBR@D_=+G1#WO@H7)>XCq)EX~(*>bpN)JLx
z6CkApu|KB^g6wZS<;(T2O85JI<zHpo=I!ENWqc$4lCvu8dvTYM$;Os{scP)53>LgE
z2`&ZKrwal^=|Q4+yTu+!7X)WjSPI^oE(p6aSX?)WJ1~Rf^DbZRu59LgU#qIdOyIr7
zm%FPg^PWb$zcLc<`M%s;U6}VvEvg#(3wW>d<?hO1-hSd;2i_y4;BMwi-a+cP^@^%$
zect!zbNSxZxr27L%*Gzop|?$KWk;wLyf5NBEhW?iGSm`zz93mVy|njB7Uw|L(GveL
zv4*cz)!#l!3Wh{lYa&-`4yd&*{#9u~@0eJoAyEx!ekpi4jZ}jHs=+|2;fpj@4S!1$
zgz>w<(hP1+WJt@zcxVy6o1qAb0fmfTNumIQZl%nGBU=8IHN_Vs%hZZQ=F9SlM^Vg`
zPMV5yhcw)|L*AJQfy-_AF8XBvDOtpYo1p%(XqDXeHEsL7n0waO|8*5vpo${S)7=C?
zh;6>6s#;}Ppt7_lkFY1C+AL6J?a9n*s_Or&l{rZz;s~k7*aY&R{T3<sfS4djGWqQ_
zbf1`9L$kyVHB>IL8ghu=R4d&RwemtYQHb4lO;r=9P2Ylgq=}+!Z=<Mxn@Qbg+H};k
zC^(|CrgWtj!yTy8Dp7#Cv^|?Z=ZTvMJ?qsJ#No-;S5gp%C!bx>h?|p%*OLeB6MQRZ
z7JUmklJ)@U5kOk@x8E!UYlTGJTp^kfC>%Mbs<Ai3gn~=+`x>DVx{ykU*AfM{hlK2B
z5QNwU=vhYia(Cr2CGvwWRTYls^S2N6<?iavyw?-&8Q?w0H;nk4WxR{pNeyWo4SAA_
z1R?fp8!6FRDL7qKRaUB8ZI&@QhGa7hk{iZ(7hF=+SR8cwU>`lCBHDxa9R<Jql^HJS
zwZqHj`P)J2#GrQu9PQ_CKjrJ`UnTmbV2n6drET+$^RG&K!#mdBKFZrKH0f_86IYsD
z?->Puu^<TfF6p)Ka;v|6Z9JQRF3I<rO0uNjZ*``=0)P80UL&cK0n+vvV&dfzdHDmR
zBBWqdLc2gc>w^X&zxFO{4_(OEnw?NEni{D9T|(?-&p2WxuWca=erju`LpowUE?h9b
zjufp2RAV2g#;wqno{D#^YVuaGyjsv=uoGR5S`blh8jiS?cWqJV?BB@~wdUo0oQ*wP
zh213c3nbr)b2obL{w4Ik3zGRK@czp&gbzfVJD_4}+KuesA!KMoh8MtMR%Y#q5<N&n
z;5|XNHmQwPdQ7rZL@!8|xvj~fv3Wd=@nlLfq?p+sE__5YL7qGXCddHJ1PPo`RX3)k
z!;#pZVBhh7Y>IFxEx*QZ;q9>A>sGwB{8_}fe*<ki3lk#v4@>FJiNN|}f>bpRia$AO
zSKT4S432407ZxQ8Saw}5Nao3{#8@6j{+W)Hb={G&uCKCgNW__G2Hozt1&!YbC<dd@
zb6}Betl=%Pm7me!_!9UU3v4zw8^YkpC-us$L52I>p&tH3&AMt%rMnGH=yJ>zy0xN1
zl@`uE=`tL4hti*S;U-tj$@HjGgtKH%GL>5xD1bqmGm~IMp{{;}>81=rgJemsm&}B@
zyPlZlQzT1yJ+aNlkw1!vcVfyS<UCCfA$-7%C!f3^nWwcPJiApI?mSI&`DIY<(Yw=_
zln}Fc{V^PgJue7C0Jc>KzO{j!x6@(C#*^ISk#8(CLA$DmC}e!nL>ixLvWH<#RasR`
zhSL`$iwl;9iee7{v*$qCL(bEk`xZS<(I$~*=Q1RZBjaI`LV7XGI*9Mzj}uWyGO)hS
zbOtrBQch>+lUSZ{o#(KK%q0t%g=XOv5@EX5=n7KX{yCpQ!^_rYGUATpX$vX}Flj;R
z-o>h3W;LHYW8n_bImE;?$eMf)UQyt}|Cq1OCt{c*3{)Nyywd}fe-*qg$&8{GBy(vi
z3K>Ub5EbewMT$%`>NTUN*Zc*^B3CeJpmiP*>30US#*6AArN;zqG+&o`Juq>+*D@w(
zGLCt0Gd=uB3Z5W{7H_Pe^9NGs0I=Fvs!gA5L<D9pw6O;E!GvBS?r1MiU*3F#pCxX*
znZ#E_6xd9h>1g9MRaG~v&xvGG%CS`<?FC*11^FyhkXiPyvIE{6Vtd@mZMF-Nxy(%d
z8cF`SK`FPDAe^B*Y$IhZw^hKuOC@s`$>O%nbp@`ezFEjoLsaQYRB!A<A=pwE9rQP<
zRi1zmY6hL0p))grWHwMW>W0}En31Z`M%}R**dLfO(GUJg6CI=yb-lR&O0o}O2<Ivc
z!<y)RH_;`WmijE+ZP*W5%GE(jxeAZC42@Jt9R?-!>J>q77w(|i4>lquay~WGb-S*d
z3`{pc5kNUX84}tlgHA5FL-TCQsEj_8=fW%UU3d+VQP?1Z0%zwk$#CNuUoTx4V6xiB
z8g!aH%+!;2Ey4;_$6H9=WXZf0I^1%bjq7n`$^0_wa$UGyJIJO((G6Q^pL@HlAo?*J
zdEqmn!25ISTzCuZbzwS9J|<aakZ$*mR&C;HZe8c|XQVk{gxe)c8p6jV%Ota8nUpVC
zCKXARNu`0ESLh_vL85WT3sP_|sNNz_z4s@bH_Okr(GMeGK4mV|mek#G-mPz^X}8K0
z({2c3NYpG!mQ2a)GE0`}X2~q)!`2M5t4Oj;FOtl1sbrZ#luRCUE-Lg=G!^n+;FdIB
zb|i2`;OFwVvo7#~=oGp=C^$wt217gTB1QjyuPvW$aKUF$;Oru&U6qEz(Q?P7;cMah
zCbzP#(MeQByBwNsmht6_(gtTZ`h1hBBE=borSnVBjFA~B&PJqo>S6hp5Q49$%<s@n
zV?SGpyC9i&r|3<T7r6DX3^_FA`%a8Ul9oeUhA`_cP@r90Vb$&Mlc#7Mwn6228eM;C
z8`!L>x1@9Xe_0M?X}dWz>7$bC!90F{d6&?nS4w(Io1IWj*@zs@`sMxIA!j`b&1ys;
zPdK{#?^H9u`Igwzh-gaEc5_uzW%?FNe1o*T7Ro{#w-W~`2yqN2j@FW9-=kYB2+wLn
zYAsR&Y)+1@UCwHhwwtzO|94M4jYzH0o+`wZVtj}KyJ0?eMQ<J4>z`3@VOBJCU+iPB
zPn}_HGiQBtQlqNc!%~6QR-qkRkne)ta7~d1FD{k}*4ni53+C5dkjyai#in0_E#Bc|
zFwz4h<_M+N4ojQ1!Z@hbH$(PUib1K$Pbw#Ht$V~^pvPu?L~Oc{@htg~%4^urBq)-8
zbp;!mOeLMi8q#;nEFzhXxm7ZZJLR*IRQ<l+%l^u=ZQfzz=M8UuRTCLoohWgvG^3px
zh5W99AY>sjUN!pL*ZKVA%7%2evcc?DHsnc`l_c>Er0o`8kSuc$$(^q!c@0vgm}I<9
z$&^Er&&5swF;DnC7?Uc~O$t@6u?F5ir{9m7kg^PBwP)%3&q7Oofi|9PB*=y@gZ4GN
z@;!u)+r!eF1}Bap#re7$w<E>5hqTX^Xk$D|{(h?*pTx}<r462l;@nV<o1;e#Lfd_5
zk2V=w<uvFG_;sXsUXkX6L(?V6B1GS$Vc&va10Yxh3ATqQTxHe{7A!!6MIhMaG(EMW
zNbwv>QU`ks-$N&qho*}u^+Ff=CBBSn<3$~mLmy2!7!i)dyV}G4&szO$%|s{ANF6jo
zZ#KtL|92|hWod#y)re-;ZqE+MpKQA-Rgrcdk{e61q|KYt1i{}{BvqXN%K%o{Lyv21
z$)(n_Y`f_KJT;87V9OD%iI4gId8WIR47Hl=8)y|*bVv9w$+DGYd8?>rmKIUZa`1DJ
z<g-xz6EXXpQu(Qrt(|5s*M(~nZ;HJM6GSwhJ?KeoiH9NfkYqX+;RyF=IeF!0t@g0L
ztr<9y2AOy~GXYG`7|nI(?77tXB!EUz;Um63yu@ogj@lJgR?~m~E3BN&*G_Xt)G}1<
z9|c;q!JmL`G2WsI+FVDvnivu(WhQ?1l;|0l^#CQKI1u){6usd9wDz~8Ibr(=(g<Hc
z%KVq2{i%0EniD3TJCHK}t*Ge$(VS#7(MU%VMJ~Le*oD`W%2L6KW?3p&bCNswWqw`g
z@y6KbYZ^RVVRvVxY&}7RV+Gi#T7M>J(?QSDqHp6n;QcAvnl7~+yWs&z;LRQDd}rsz
zCIyy*F#^&%hh{LiP*v5~hu2iKWQY_z3T3Z%<C>Cesj5K`gpyichJTe9j1MU}<?G{L
zCHi5`Xd7MJ^{+~ML#p}(HC(I0Qq>OyUA(@zF<PpcDzn%jDWq7n9g0=U7wZ%$R(ta<
zTC7@1+fc(dNHfg;{DlHf0~L>{P>CfuQgF1Ys_{ola=Z_gWP6vC)cUfZAM*{2-%+A>
zKe@E~8BDvMzExpwFBCG?UeSe5Y7>Om`m3s1a!LxelKLU>q~MqI&$MmcE)Z7=o=C_;
z+6wEgG}eKCahxsIT}{rQZ-jr9nC-h21%Ou?3dw2OieCVTU2`k%5P<P@CE4D=CAB^i
zOi<><y(Oo7%b-pkgo()vQXjqriB=p<C>fRprJo6%4z+oJJzVDz@6FhI&34s)s@31#
z{2s;LibCn*_2m`X?8s36ytaUAaef+X@%F$lSr`mgW*YV>&JA&c;@f~i&QGP`zRT_q
zn}l(PoRJHXWnCr;&Duc7bTv{kQ?95g?G4B8X6vL!VZQwseLn1ps$%Dc@pOqac*-CM
zbicM{<(aA)q^bi3qCoP!UHolX-VA#S-WN~D5qpa>_@!?;Q3w9<*}lonV2e)<hJ6ze
zc1FsJi+uMZ?0KD;m9KzV`3efndL4y4FGc%)OwG#wfwdOT>-)rfq&i=Zk3k`#KFVzc
z?vUp#6msr?XmHAc7WY{ecPWkgmK!^F*qhviHAwO7iB3ERlSGHKL?S5UJlZ*tTUjDQ
zXd)4NlN&n^(L|0$TfgM=Xj)0WH?thKlw|n~<@j<*j#M>`+S;#^Ha$sXZF;pBjORm}
zUM>24{rsy*o3@e8V>M~heMCVZ4LUbrY<Hw${D@}inRZI$KR32tPh~K_u9?&S#Z%Ag
zNyhf;-)?O8qUY>JOO8-^+tH>KOlO-T1-BCg)46$PvPhd~q&*DU4uG};g=XzRA<tXU
z#={ia9a=CQn!i2AccZ^j%$9;gq3#p2k?P!o0`NRd*AB^=A@(D%&9l9a69c^$*ynJ_
zJBiMs#upMZdo`#zue7~1Eq!i@xbnd*mJZnPtUZLKGHZ{<c26p{^l97x8Kj;hpQ&^X
zqB`fhH9$6-2X(gcExc;T6;+i3S5&X}do;A6jI4SYMn!KC^H>gC5q;ynM+1vB(#W+m
za)cPo_7kp1Cfui_EbND{^Ccn+lG*bqDy(-YQ;7ZHJTG7Vn@gE)?%NQkG0MvHJkrEv
zG9Zy*Fd~y-3Hf&livFrLh262W7Ir-ZF7xA$#Cga3QMzut*0#)pKV$Qe9^4E^aKJR;
zaapot+P{?lEOPVK<h|3))S7mW{|%_r-Y)zJAwKsbO8kOuZ{u#k25;B#)T9diI$@jn
zC*;%9JHE4HXJ+hP-tgNS$C}~NtAiQqaqNvfq$XB0d%=7{^7E-GvCC51lzU^NR8^(B
zHyoefT4~x|91S*j(;bJ`nVG=)i?gJv_eHLgAPvoHCv9dlX)_t5&BXir+fPZs$BFub
zUj2UfD{Y%MoA&8&Sa9b?pW8$!{uZVnC!0N?$tDyC8(j`zc@I};w%LUbM*sF9m96o7
zE=>Nm9N&1_+}{>x?0rJEOPy@~t|m`y_iXQ4e_O3@AZ_xmq)sCKpug>u6x=A#a{1QK
z<}Xj!yK)%`zQqKglbW~-Pcuu~g)QQ@Jc?)XFVnO@Dh&_;2@w*jnM6=E6C!r!RaFf(
z`1&iOspX)C9np2^N(PSNZnEP`S#p1<bd&MkctyEV7<b8%Io*ar#=?t&KqntA$n3iu
zSOFz=+L((S1_`P5S=htu{1!M_`{Cp>g%_kcAJ)vDB1Na^^v%X!cHC@?+qM11_&D2g
z?8H~uu46gmOLHragq<O0x?6dq)QLZLE00u2+p~#9HCM7Y>*-c^HEARIzLZ;JTzD^S
z7-3|nm4-V{qR_09tbw>g&M--`8OGP?r2YEBL=ZQmldAj>g{)`36oe&PWodhQH>B1~
zD9=`Xi&3D>=sPQ!o%QaJrvl*v7bLT1t~=x`C25m)K%&vvGL`+Y=>+%-{EiD0$u!V!
z+stm|u{`W7Ri>D*vqG8DH5L%Gm;1hC_8b3xDfknEAb{D49QD3`a`_-x(27WO@7xQL
z#n~KvbR^Bk9fnl-pht&2mgmOnO5OOr3b(Ss<W}xClXNA^oMOo`C0|Qy3K>04N4h<b
zn6(^nko8XnLD&N(aq{_yob3g}yG`F$Tc-Hp;M*!1N#&6avk{y0Oa?!sBf3Y(i0&t8
zf<Q)eP4I9(!iS0V_x`tz=zgt_=;+ymhlv6B-1i;PC5lp;RFvA}qMU-Fw6mfljpGu$
zcYQ#4e<JETBiUfiP6l)Lm*jXCmt=bv!dPgv81(gv&n!9R%LQB3Ol(>2AY#Yr1G%wr
zeIPeE&TfGu134=gyhP)7p{6g<_{0DXe$DOI?2hP$%^@sXH+RUEuM~!G%aBMX)Dj~&
z7e1)zZLL)*zai+NFYRIn=EaEdQ<CkyzNFTd2LrnT(rc{LpPwO>cFOk%RMq|5K<}<^
z80h_m8|YPQADh%_ADgiHsOIY960MKRDAZ#tQeL2{{$TW9J6RUu4{FUPJ{g6K|BUG{
zcgA32Mtz6*m{O*lS;H!;(8q~P0lV-A(I4zoRTn-K4Z-ihXmBUp<o#0{waVXL#Gl6Y
z!FTPS0Hs_CA1^tZ*;#%&&4M5hW9y^~7Ehvg?}QoBlWuk#-Lk}*Ni)o)dZLm=NTC4=
z_S34rk@WP{+L{Hzp5`T6Q?6I+)7L9*N(`Z*FdB%W(5z+@@|=v;?xm)|=X6rP`9B{*
zHK#Jwn>9oJzj*3tP8vcrf9nuR3N&9+RUO*Jda98=xu&Xa>^T|FCjZjq3KwpOzOX~P
zX_1|>iPzc|xv|%_6b0TdonJ>nyB!U_DJW!o?6fX)@17<?m#NFxbhEw#O56FDs?(1@
z?QhRtX-;0<SS}MIFcW5k;{CYwh>jCNO`u0&U+B4*eOeG=K2=rS?EHh6ogLJdSU-Rr
z@kpsKcU(hwn|&5Od|5rL@>RYk&1papXM_kYNG*yuC4our4kte8#%IW%DvCHiW&WN+
zDB`@V1v(wA+780K10?&V?z&`0kmA{+wFb!|MDL;jRS1}q2q+=NlgS6Xo(4Pw0son+
zuRDB7*By@P0kdep(-3fXuAbs$q<GG=l?N&+wEJW$547X#wCu3q8WS%z?;M(PH8JmO
zbm2(6UxzMIpLb?GWc9Gbh7~59>8|&*ieJ&6jr4EZM_aX&D+r0lC;-_JeD`xoev~h}
zSQdTv7RzbgZY86AQ;BPKv7F|cA#I;wAflD+l3r_+Hf5XXa#@CdRXQD6_<F*2@I3!2
z<2I@4j0C&9--xGGHAz)}mGoBUFBYV#TP$R-M(4k}yJ$9lvzKObsYUO1oc0zsc1EP_
z7JqxbROQSPgwUkR+uD6u{`PKC@Ww1X4`MJrh~$BG_5Em9Z_U!W`Yu_5K=NV85(H=P
zpHkH<x_43vx<$4DzKrO+P$^Mhdq9EhL7`a@6!PqdiZxV$)tiZx;Ec%ogkj_t;TNc>
z5O!m>X{pvt=ey}AqV$8z{ce!X7wE^InA#ND?01)hee`cszAMz#fZ#Js`ay;EVWup4
zLbs~y<4m`L6NXEV_mbz7WA|i`M^x|Tx-e&^#HO%E<n2A!a8-XeB0~`DVLEY|Y~IAA
z450hoVDeVyz6p&|)$^GYcrXKY+s~7NSBWLPT_$!;Rc;0`3Z$y+49#Lo3&!)P#g+yZ
zn_-(&b=C;`px=<HP8kKk-trB#bk`nQOM@j^OL{kh#6ZpEK-*)|=Gq)VK#OZo$a?dM
ztE#lUDsAfxX##$FQ^^f!0y6AZKa;l<k+`Hv6=x*&V^I*~eL^Ph_ayZ*@qWvxUl#AT
zfcj<gez#J;F1+7O)UPY=H<<e6@P6H>Utiv@T>!s)-tP<QH<<TpqJCp|ziR3?kN10%
z`qjehkQydxb)OLALu^SE;#Dq0`~i8Na4PAsKgqR?4_xvcf#2W*OD=plo{jM3xUt$q
zH7ol#`&$~{|LKO8ct>s0J8C<=BSnjXyGCo_BQ&?;;EG<%Lf;r>7J64I=}vnC3buG3
zanqh=35++(r0rela^n-ZA$d=U@rf=W`IQo*w0TLkAcW*S_;87Fr7<Ko#Jl-pcZVju
z;cqiOVF*oXtT~<TQfmyYZpXppJ2$H8Q9*dZ651@}tLj8`pjn_P1k?>Hjq;Y_xVK!|
zeh43u{h!@Z6U&hOHU5pNnkfh?P5xM^yu}oE`ain`AFVmll|EA8(V2XCi#guE=6tUI
z)Gej{^JaNVF{^oht)Eo>7BeRaTTGmzd<)<B0Mg5ej#mD2dZ#b;+2{Ijj<I%sxLV^<
zYvCjL6rbfM4P3vce7L0Yy~xnW#ug}WPW1iQjURaoi~;DYp>2MH`ugcEs=gLycTiuZ
zs)kCFyu}39kLWoeU}x)#qr?TdB)0NnGNCmqlFHzXXy)*L{FISrPoV-*8Ov@AKOV=S
z6}?yozyHrvY&U0VC1iF7^zOmIt*RQkCou(SSkW8K3LsIRWl`NMYNB>od)F89_cJL-
z)arj)ozN6RUDH@or(<9{jDcrr179)*)(=Iv#!f;YBV)D@84C(9?B&-p*Or{}Rf3ta
zoEzpYNhHagvyeDkfnV4BFEol=EvDXiHR@07bDvDDasZ<<_)kP@QtQ==)1<2B;JD#7
zaYY|J{+GLH{5Lc8^~%J2kyO=`CI}^2Qq_L)o8v7i$@Y%aSLphcoRWgqrE8NEebbXC
zDY~S0HWt^j*EztxXpw?r>GI!cSTsCO7Y#2*>kh+`kAy;#NSn)qHkXM)#K)sX3wF>p
zcRqs!OPaX0(~0Y!3xcpOEgPv$$t}VOfNpU&KO><{S-;Gtte5%QYJENFl=ZVTGK&~r
z=x;maTMt98N_~;)(Jk4X7O5n<NF`|vQcBezC2f%^ja#IWzH5q_ia;y`pFlW2MS(Cu
zb98xccgT4Zg=T$<LY_m>ob43N$HtEH`I9J?27$)kClEBBek&U8?J+CtYWjb;`xp48
zinMVYpPVFZT3RNB7K=BE1}zI}HM+L6NJ5h`ffTEtvWkkUvZ$=`LJpu72%bcG9FO9n
z>)yTXyW*>^`o*oXtdJIHsDNB{UlDZ$Szk?z$i)>}gr5Iro|%(dQ!cXK|M&MUA8pQM
zX3oqr&ph)y&pekx9BKh@wae#nNF6ifYA-Plbo;xLXBO{+Q4oh5Ua~<{YO(c#;4Tiq
zT?Pbq<$@r8o5)Z5@JTBA<BcYPd3!k^4hul;13>O0+I5GC*7!wi-J2Yc)RK9IKffQV
z)MAU%G_r2v&k|D&qGUX{$RO_b@CSrmcR1I84jaS${%>{f;a)IEBkYMAj$_{SJt%Ba
z(VJ4Qw0)PRUU~8@u3mZNJ6(_a%^c_<H=lStSY3$2zvVNqC0LE*%L#3a3Pn`*7F)A|
zPX&S`QjJk=;Sf!D3B!DGcDjXV-d#{loSpKzuZp_sVA(Wo0XnmT)0thdn>NE!9iHa%
zr#R-_j8Odc{osL_Z?w;DaPRgTMf-Q~WvN3?R8i9C9xv@>EA%by>N7}GyGY8_fpwd5
zb@q>&5Q=Zw2i@9dbn6SEc@OvQR_p)a?QhOWUhiNnJp?UTEjyD+qir7`6u%b~g4V{=
z;~(!#9$F=}T1n*<x1UY7Z;Ri`Tj-Z+f$T&m@fV_54}Xw+wuyZVV%`e0)ZBW~#w_g+
z!sh1YKo=SziIS#eHuoB?CiXgYj+lPz(Zwmtc+D~@+czlcMQ~ys^`6a7M!at^*!xFB
ze5%*xKK!v8m&g@oMH*GFU5S_vx^c;ZDiP4qTh8NH#+qM%gYqrnpgf;My*g_xb~}IZ
zg?O=pM7>+!#rPKtW%(1_YVe62Nhthb$0@-!k!P4wH@+1+_&j`2Pg)SJA?nR<#XfpI
ztApyzdaUF5tj?)7Z;8F}ykS=OddjTO<)aUhKFkVBhDk^rCZXRBlh7N(B=o*RLT6qe
zp`F7dH0}ZkExbTN>xW6`yI~TFJ0x_>At8B~gc^rQXxK0b-8M`@_g^5Pnqd+OTp*zb
zE|U-{&H2w%Dy83=Ev0?`vzF$S=CcbMzb_~)EiCO<R9afxUzEV5rKR>#R5GA+;7Qm|
z(>IzR-jAMXNR4mk^x)yH<!<e2y9W;^zwpz8es#f%U`_2;7wmIWon7zps|$AM9biuF
zR~LY_^=q-vbKIgDl#n;}>t#&MTE!(OHkFs#1?4VFmD@*Dm_DQ2<<F&=Qy2D2YCm^y
z?dKMwT+wrB*4cXslkIWq?8diniIBW}e=$^yLILVqX+o$8A=KnsWkm==>l@lo54LxB
zaOIZiOAXtN3x(~*Z{FY>-hx7eQuR`8`D>toT<Xio8S2Z1YPTf2)76)M!w)@DaD4UU
z-396D%c%t!{u;p}=i?A5;Pz&qnY3CmHIv_(dGkW$?qKbo!&UC*g329-wwt+0<x4me
zHFNDGBSRj#3;}1cJ#c66$S7_%;l`~lQ{Bh_9yzA&s(IJq)`$<k&^E_MH0y%DC27Eo
ze>(vU@ZgeqK?FRwWI|JXC_rJ9{8KM(B_?;UyJB8pBYt5Me&}-OT{j<r6i%GyW}NF_
zb`zA(atG&|m*WuTLomOTFndFtIHXIw<L3sCjKrY>jM4k@rr?qD<`v`Cb{~FWEq>@@
z38AnqPa)L1hSYdp!=cAaJQ&0Y44*D~MOYX@7@5Y`U?Y0VurT~+JwkDpU<QFF_#G$A
zQBQTXJf;uZzTq$PHcNS%VDU&BcM;wDqMv%dAZp{j_$TP3Y!@FBO?BpT)*{n(v2Hy)
z-IZ*$MYzoxt?pu5aqm{EMXPi2`N-h=swio6ikD`rd*jobDKLp@b-XjXpfg|a&g_f5
zwvKm^b&&PWKcdaKJ@(6W2)U_#9Q)AkUJ`Ccc^m+IK!d+p8OM0}EhX_qD5X*UUttU>
z2?Avhqd9|<Hc#iiDq=!f`C!HB&qathMX12x@4#*qq+Snhm6FjX*3GVh=o4JnJ=Y!V
z+JnQzRzuu1TQkMoZ!9?l^haOeJ^HDY>#;KB>yL$e{kJ~l>wA*&^=(=5^);59W?yHC
z4<5C!CCh`3^j>+lwS%;^Pe|Bb0MdLxH1?!%SFGbjjx=vrM6nD}(#=K5SGkbPt)g}B
zz7yDn`FV(__<xwWy!{`HPNiFgO6gXi-MOqndkftAxVX5_K(c+gkZfNrfqP#c1`5zg
z7*jmTnfe_<MBD-*;ufM^#};ig_S_#hkRCN>%i1mupl>-b+rdTD9VZE&YYa)dRY=-Z
z97Z)#?$&rKMr|w9-h;!1k|BE|DP8tH$jR-F9J2Qg4$K_}Fn8nv<_<&L+>sJD(>o9{
zCA*o}8P>VmMGfe|7T6fBH%NVmsGQ+9PP~#{LGI%@8#&UPjY_jjG~@Z)-H7{tay4)A
zU4qZe8ZozT!Q7@yq1XSO&+Y4`9OD0)9OD0)Z1I0hw)npW#Q)=%EuYp~Zsz=pbfBik
zXGlru52j1$U%$wu^yy4Wf42`x=`rH%*bnJCpGmA)4jK06-lxfk4Zdhz8OT@-<zPUe
zHrRaXM7tN4G*le);*yC>keUlN#|ueV4-}?iJF%@UHtgpa_QzlN)djm^_Mazxq}anP
zesw`K_T5v4;m=QqX1!u#l8+j{5ux~sL%N=nk)Dpd_Y}0SOSJHeUtREYY~@oqzV-X3
za(wIYr%vp6<;9itTfMk)LL@_0>SdqV%Qn-gua?pbGyPyHP1FShmw2}lbpd1f8mman
z8^B+e)AwVpKXB6i0*^Se^&qx4RvG8>^G$U)?2r%w=c-sKjECopm}5ey10nYse!`-p
zoxZ^#cv2hB_a->{R(hYlB?FRXSUeEgaon?&C^2vKX)aURnOianaZ*t(4qy7vMxF2z
z3>d`R?sawoNW9LZXBpi{49iT$bh))_Ohgk_qMYkm1>xfY*Cq|huL}H>Xx4wOPa;<5
zdJgVh+__6wmU*jk+K~~uCDynM(8?9_EHezqevxKC2B|#zriEo(?XOubGsxDc6fq3^
zzyL|vYI9bxfhL5Uhmrs~oc``GnBO)M1{A*m3m$YzhwXj=Ak9^}t_Q~qm2U|yGNHf}
zk^g;ZusPp^h~_fM-v*nj^`Y`r0DR5s@;W;K#$IQHTf%z561EDO26I>r@bMxT+~0e2
zJ@Hecwx4b}soF)N_A}s0w<Y$~6YTfBnB!+Dd{?+9wQG754Mo8kB<Dl2X0I!U?c7(-
z^Y*UpNpgX>wUCKa_LR|$55KTs_5`*UbIxoqV^7izIxhi(&f%fXz%T`fB??%B-6O#)
z>%Z0}F=<yjLh(0_>4uidNT|V=Vl=N*kWg-t?%m1;;l?G`SNqh3HaDZCjHq&qW4G{k
zB8mU!v80Cv*KgQ~IxCq#VVV(v)khCB()}drvLRs!E;0+Jg=YQuIS!9sA%kG_wjh4>
z6fKBHW_gF6fLvsl5HC*7)L7oL@J#R%eG~!=$M!zXZv2j_*gqcUw3<g2sPxe}Re~Vj
zx)$5>{Ti?FXOm%<=hr+A7oi*RaF4?UVUC+(Jv?^zvq?lLNq&Cqv+ydM&goSInu6U0
zfeA#jeilj2@*9!wWdaz#kgc!Y&{qDRK>Kgcq@W$wdKk*)6V2nON&(PV@E+RE-name
zjN-C|Dgb)3aG#uza!gBKefRROghr-2#+HC7WX9^-I(u}=Vr+2m2*mh<)ptLbQ{SIv
z26^L}<V@VRhRGW}DSUaGGbjB4Wr*58zUf$2{^BhA-87$yKFxO_4^|gF7<*RZ2E5!N
zQ97>mZVIvP{v9CJElESWp@EwK*u~4&AQV0XuqK-I$7{r<gS~A;E52t<FSSt?Rxu#(
zjYyrqIMUtm>m^~zo7>`d>n}OeJ50)9@tfaL0{V}1Rl$wvs)CV*s$gDANm^}?>my*D
ztBU4Oi|Jof;N-1;(?s&_-*BXh^KD|kZ;fFx4f#xsF{jL>qe*k=>b}jTm;HhRFZOR^
zE`1=~TzcKFIndrb#(@_9D-ZCpI~CyNwnq$$>1hP)q-nEbmXQJK=C#2iL&d490l>i-
z0KE2T2pabCX<**W|Nmg#agJFTM0{!<Kks1x3?B+4*u!A;P;lo%f!%y@Csw8DdyOq(
zLN(EfpIDXVB{rcCFR}O|JSvP4e?3jU@X-Ta+T{UxqA}bVC@0Y<g!be4!=mnBT@8{C
zB_yW~(VKn``4oVj`PEl|KZOWRB<kG?Cs-R=(jqw(n{!8U@@^osF+xVPk=p3I%Tn=@
z(nBEK_Y_|v>$xf;t;XCPMA1!i&+%*HbfR5vioN-oh?1mt67v?KHf~K=;J){I9{x*?
znm0&BU?sW9_fEJ+Kcef4Y`(uhT&$p!<&SUI#(rE^3+sFR>^fNAbFT;<85WosJTf#e
zB6wtB-~w&z&N}nlA#im4kO`sSmm`BmF2zgcnqXJ@8&+oa9q;L(C;4DMFy)B%bZbiq
zM0ZWr9h_0OLDc;XNP2mGtuf-JI}T#|L_1^Ifom~*-5wEJ>=f~x_#aL|q5J<hl$62N
zM2XU6!pg1b6zAHf`M822s8rm|C{9?H=O=+ymI1VqWk5jg!S+0&6>oeSA#Yd*m=VqT
z@!P50lP|lJBPL@Nn%~a7gW7~B=Zz%JCiJ=~BAi-dgs6py(#!}~)55@lQoe@#lrOAg
zCYdyuuh0BlPMy%5+B{2IKK))yQ_asgU?6mYI8K`@xTj#vKKbt8{iap&9l`shHEHoS
z(k)?3*+yv>Wd%CP<r+t5l-s3sq*=Ney(>@l?$=N8-hmg%kaSnHion?-a&Hlj%gaqb
z7?1nZDLV3f-~Rdl&1UFnXqI@AGrE&>WA{o=5?FUW4*!FPkm2^ZKDwc<5QnyKXGL*P
zIJ|C;T*1!?2a9vUKZ?*RFZt*O9O6+xH-sWM^wdd5*ZE%2==%(AXXfJ!mFr1X+fUns
z=i&vru4kM-+;5ye41#FprXUU%nM8=`LU7K2=-WBYAAY?|%zsv_8~Gxz!E8KEC>fDN
zA|C8*eL1ggk30uh{-35<U*6V7WQSGz|5XTMs6OSRx}H*5#-|?@ffIWr%gY&Gb#f|9
z!V}9u_2;8;AKlOQXy0FS^FoBsLgdjFS$xV7^PIAz39bKU9Gn}aw3r9OaCinN^~aht
zvNhOUFt=1AYl7X@xkVazCfIGoO9;HbR?^0A4R-$!FR7Mb%i4sMizS43>3NosS0)O1
zjd{|@8?^E8)EfNq%7k4T|BSe~Az==FSryrBk=nz$d}k<Pgy^{ow{8f2x;xmN4AOH0
zJlP-Y-Yw^I>m09Bhi6RSbYqVmxZE2)M6}|OE5H`Uy8;p|8e#eFU4c;iRnT#52!0v~
zb_a2ID&N=ajPdf?Pgi~U{e<MLKE?)$=G#Q`@S%U*7t(a3`nz0Bx=c7L{ENO}i2BMt
z6AnLlOxLw>ro=oxAHR76=HpLqWXwn2|3N5G!Am^AODxMQ!RldqUXqiYcyh`PPHEHg
zTheC7lw_oXseR@zHCB@IkW)AGS`e@JOG0<fu`||j@Z)^RTx`lvURB|T-cKsE>T2+k
z|1?++y#OzHF|`9}m$wSKqRow^!p-5<NJ`zJT|Vnyqj5>;0e<`#=m8$g=(57LB@)&H
z=epG&@~=%Ln)UrxlZ?wZuOgHfKs0N6>RJ9DL4RmOqHDCL+@4QyR+3pqPcR>@)Lb0!
z(HM{WV(1iGG(I8EBZPoXc(g@QGJjRJzU%2z)OV$y6GTr5_DT}=pFhf(fP3{c5q2gM
zVFM`<_SUt)Sx$CT`00AiS90wkS9Vp!nvMYjx;jaxFAj`{D%J~LNfY)ariTRi_~nxb
z2@+=<%kk`YIXxa`oD8IZutoquPXa-Q9u<vhq#c4cp6sYF{Gu|)6FkbLkS}`-3&uS?
zS?aP)gf8ZS$2L+6k<0^Qyv~TH1_gdV=p(Qz*O2nrrGyeYS=@#!2$9-H*g)nKcxqf0
zd5}j%JQngpkmhS04_A)u#C{OlT@^&LR=&hwG2TVgu?%G0%K?m!h(K>+o3Q;M4!^NB
zXCx}|An0S+D8^UiikFfj{yEPnCjwn_V!{(pr3F8Kj33iMrUI|?5a$PtOrvVRak+?9
z%dYDng&(`}q-72BIHtkh`H=ZC>Ty&RKwtfi8U9+u&W1lcJ1#xMx;Mhp-y7sJqNXBI
zr>D|0B4QIGm7dE;rI$<>Mob7D^@||Z6mES=q{*-HC%4;F%E!AIKVG4WdC$z}mmMTL
z87u#TzUf01<9uKsZ?F~{>ACoZh>v!=8Ljw`&;#G#MIJ{*W9?r9qy4ln6>qtbN<P}w
zIHFC^3*2fSi(8A(h;4E{(Ieqbd2e`oV5U!Lw>Q@QRo+TyzgTsMac2{3gm&>mqYK#s
zFuI~2Fk*Tq2}c6c{My5>Lu@3wuV#=u&_~}V+GDJfu^SXv$XEGjo`5LwDS38IZ(QNM
z^0%PFu`YQHp=h2ZrNe2cAZi0!#1pF$g9zOc%>x2BZXQq0GiF{|Oo5q>DU7^KBg(p}
z6ph6<M4S;^B4tM?XLwH3vD0c6Grn6csWHjL%E}fKLTBLcTSJmj{!{S3{sxHa?{ez=
zXxSSU(nk%1HJAIvUVmKI>Ar9zkWc8#<s8j^kxY#FtdSUVDNnk`?qj1L;s`i^A3;|T
z3gvJKf|J*S4EJbM1TrTIyet<X%GFiuyGo4&IV6s9?MD+)6`rXDItAe}%OB?-IWv{+
zgM_!^P@#knm6R?!Uz*s?$idhqMzu<SYT3t<%x{g7_<D2UC!^v+>MHi-*qe{>Z?y7t
zz`qf}p+A@qqBhOFU+FT<ouPCW1a9|h%KRi$f+9@`<<U8ovHRGCiy=6DKfV&UHynkc
zZa9ti(l#IXfJRX<mv`7ZOYAi}Lf}XYSmxI}jtU=rAJVzcH)wHGVUt{pMAp`-*bmMT
zmh(zi0nbk*+B*sn?%|T!oDl*2m`Yn94u465h5adIe;n-3<?N4#{h91m8}4vN^9q4M
z7+b-fRUgFm@#27yL7F{dJJWaq&!!nb%Yb*a1dvuD#<T)fa*!vQj2>b8jRxWz#P(~e
zu$^%!E<4ez=e(R`Vh;Wn!>b7*ME6Y<Q8Qm?CG|W|cg8-=w&+`Kz2y|~|It&&|3w^a
z@c&i(f0TcuEDQgw0{{E-2tcQY|5RA`W#RvG4118$)ju#@=_&}^c4FlJ!NLsWpO!*?
zud~xYd$!McnM`A#{+q=oi~0pA)W77+|7)mk`+tu5AHJAG{TE;SKB%7^pONE#lXEW~
z9)Ls*czCm;$}5t)>|}*z@ol%}B|yI7*zZ(ff^14=qad`KggbF)ID>5oZ3pMMtJsK-
z<jL186+oct)t7T(H{B?}5gRMo-i>;-y%`}yO-ff@;B}=-!lC67n~ZrCe$CJJ?2QMp
zeNh$Q2;){~#de4+zp$F&yK)g*IJ;V4->xQf6-Q`2Fj5&~#i7N3Xje04^1=TE(2uLa
zB@@yBTg6}v$$MkJypQeH&5jBN<VsTeU7(UEYrCe4^MeUpv3XFUU+g~itKGDpX!SNy
z8<qDEx+Qkwea0p~pU_u;Z^D&q0xFv!2S*dkmU6_5Ls-{!<%k7`^5DXXL&tj9g@i-@
z?9p|vv(xL0aMPU627q+<hZC>IUp<hq9{&UMeNYtN5Q!p7+6KfIm=(A;wn*3-VM~Oq
z5Vk<r`cND0;0XZpxcE4(LadOh8MR{z1fDb{pG+g_y*8rWYbWZx<<SO6>=NJGqw6Q`
z`mXyky8hFi-d%^qoz{8YsT-g}gosX-G&t0T%L(;3W-)$@T`<PX&Mqp6+E9*5=2ols
zR^XEB*@9X~4(3?aFQ=CE`d-WWWrpDKGkSELcjF8ZGpVG(0-($V#%P|@7X+&f2!7w5
zXoej_U-G$A_tGxX$42;K_>?!o%jfgee6#d_aU;ZG{*kHa<Y*g^44;XUjA9(Jga3*y
zPgc4x4(~xpz|m+QUrG_BS3~>@M^LXXd?ARE9fy6X$zb)9t)?1cv|sG3H;N`-Oly+0
z_cUv-L>v3fOWnGz<M8uL;5;&r=Pc$}R0gsZ6FBVd3If}quPRF@A2Bd<KlxGGesWFv
ze)8kzll#df&!576lBx3Oy=c$K-v8$U(Y+zH>3dmweBUoiXLlo3gc46FUByiHIuR}S
ztDHd#ev~3(nO_)`{)Jnt2*s;d(Uaf{jzjTMtZ<4QFt~vfGw{85f%p@B<XePgDpF3l
zjkPKl#|nkW_1{_ev>qW8)&o~@)G0j))Y)(6nV>{KJ7t~g*0oAaiTsY}y)&XJCs;2F
zK+*~LQymGos7Z+xzjTZtb?81l7oEQ(Yi<wEfw?U=GzZz8$~n=cX%n4QAwJ!V(24ZL
zK>v<p(7!hf`WMu7`t_;Nzd3wX?8l>j9evQh70080E7ItnQ1{$s$`k~yF>yhl9}Y!K
zocLV>#P7>A;@81HL+D0jRQi|38efXNE`%8=tNDW{DQB}+Dj*o_ZsTBg8&`@;#yN1w
zxXW?LI1ervH(4Dgn1uX-<hmJ`TsK#Xbu*5y8=}s$5p|xOy_psr2Mz<#ac4_u_?-nO
z7k;vXC~Zwdh1cqelV+;Rew!qMdwz2=L@=lFTj}Z-xUn}{56MF7ivIw#wsEvh{4ooS
zcK{mWbb9qiR<7mbh}AetACQmc+fEF00CpC!T9G1F9leMZz&IYyR`_~UzoWvVdK~4G
zjG)tG@mDPn_3txK<#qej-#a3p_4ub>y~9!IrC)h!o&&5dh}A6s0#ZciTO8jG$pf7c
zvUnXtC=(G?Z(2+9l&%5X(wHbqQqWmqKu3L?L#5t=OX^E;NxcJ?)L)KE>OHumezIDB
zN7QTus5DgIl6nS}i3}<e2(~v=^EtOqWKfwfjnD=g=l+*)=s?y+kNTnjj~hR^j)P}O
z5<DLD#iKl9ab~}X`if%%=z#yiIe+-R$1&v~wl`FPFkWpuBdKQ<O4mSs!p>g$=|Y>E
zt|N2{YbF95ZDw&k2+=Ib>hV>Q_|B6NbqQbd4Myi<e|eCv`M-mQq%j9LwAspPmg4Xk
z;LXN(<t@A~b8Xypg06$qntnCls7iIk_5HhYsp!hJSzQ^+Ht`~m@=I}eiFC^Ssrc7{
zOM8I#@nuV9AAfCOH3!Nw0C}Km)kF=!WQm@g`o}87$2i$eeT?hs{f;Ww_vf(Ys)x!I
zemc`p8B0vlby#MN^q-C4y*PBeNoZCGeGOFZ^zpYLOLjbP<@BY5dXb;D`A0;=`9)5B
z`W^gp%6hx6HZE_(c8`PjX~0oMH0wh@XKfmIInG7Yag4l9_&HEt&TWiqVplVGh;yQj
zvx!jV+|qtrRs0sfGOx`S?a*~yZ=^j!zwgtd4b_fn`7p?8)0g`6j)rPSm3-KzU2XE2
z-;33<@zNM!`~!4}Cy_OJ6t_Uj*V!6r)JHeRW-ej3lO2^4w4zHIX-Dj)B?6ceG|N>D
zEso0AOSf_#g38!4x3aDXs#Sd_3KYBPS8$iG`RM^jVBx9xz2gIfP+*#JRe$*=Y`-3e
z3yCga1gQ{=tjzgoJ%Ww1zQP#+C=#{43YSc3Qtv5ebSYYYwy>w?fUD;uDZWlZh|$0@
z9R8fi2@A_jZu&QDpIGgs>keZ3^+e8Z4DSt;CammdusgT_4V8=C)z_Kid^pxj^lJ?7
zmGj&pC2BSeHF`&FoRX5LIgcMXvVK+i)dy{S*42CLxMV_;Afjo#oMaHra#)^feT6!y
z(xcXoqz&b2ebq@)Q$a}MAHjMr>;=&Nrw&jl7eMDg`$h8ES?v$x?K8F|@jLn`IQoS<
z18$`&UoOuo%eLA0xjnkBblKz~Sugvg8j71BrZn$uV_283XH#(vwqIXCw6aH*u`j@e
zL^SJfmT?s*A=ulVTrX@vjarsmU$%qd80rSTxY%Z1l{klc`u*T$hQ3?bg1D5gg@n10
z9`(^Ju`N@1^z!Ib1H<2eC!1q`nyTy0NaCmPX-`Xqfgs5pHo3o63(QD^D7%_MqV*uE
z5Oop*e3M_jov-j}R%V)dPo+n_eI!F4hD*XuN^FjlZ;rio&rO>)xvra(mdrw%>G+f^
z{)*ewTgm?*M4ao0>OBmG%igDnX8rXtuseMmQb}r89DM?;R5W-hN4ewIF0WH3s=Nh`
zcl~O!qpFd{z4Qxk|Kuvr*gtOKXM`1?2EWkE^G#O~D-x-vD?K%94Ay*0ED+$dnv<Jn
zIIaE&hyKYHu370a<Ip2);dWVY_zc+B>njMIWAkf`FZ$^mICgg(#P$i`tw^`v;ocVy
z;*!R<nAqZCn;MC|zK4I~S=a(uXKFo;N_i-g^D0>bRYdbUDq_p0^K!G3<<u(p^{caN
zMDaMP?1{0B;m>e*goKdtpv{ECN7*db7wH?6E)!nzwFx1&=6Bd)AK%DOm%Ff>$Hp?j
zrrPL)B9&Ogigwd2$wj?JENc8@8(Y)r<FKXCEyj*EQAkOjm@=Rg{;)^a<DEQE)cB=L
z-deyT+3Wx@_AQ1k(?$Lbd%mAOz1%o7?qq->wDHAn@FKs%)mZ!2z?k&-ppCSUu<fl=
z>?a=FipJvBQk!Q)JKy29%L#8d68N!kWV|_Mo6dcI2?ZxZSM2be92W?j7at1DC*eq7
zj$d2C&x>uon*QRv_;ENdzVJ?9YOfLJ#V&DP>{Ft4pE3sF@DD+IAwSL<GyByG{8WCr
zF?=XMxN5T2<EWA^c78<Y2A_H}@~P*>N`Iv5i7N<wk1y$%<wyJo`REi~k3SAxOnETJ
zKGlm7XR_5@5!*FI*PS1Mx6xEb1t4}M<FIW$x+&H^#jxU71&ry03ZhwmyA)P7BcWGU
zaPk8iG$T5R5u(tP;}y!|9b{jaHieU!3W2N}0*!e1n?O?2?3rVbzP$?DtELmY@IdSb
zQ*?bgp7V)~-=3A-h`b3`@<w9%4P3R}c$hdh#oV)jgfQZeO2%;0&1?Jc=K?hVq1`^Z
zpJz^`AI84ELDw1K9K;8aZT*YwdCtxbVYCC!fgq~&<(k{Xh+dL5mP`<`M3O2_un~2F
zov0HkNVL8(D+za2{vL5uGmYH781`aN{U}|7@RF;G*cvHo2p-evqYsroD&k!$t9WK|
zIQ59%XNXkBF`iuJ)M=E^-#A(f!}D8iy=ARaSE@~cA7VRUl-k9%AMc|e6oaKZjlw|)
zmy3H<=4vKWnx4Ber}Av#9o*;v+g*n8j2Ox@mvK_SpG>1J8>r`xt3u;yGahAx3#d7U
zCfFQM6=lDS$3D~bq#~);+jl?H^$d9a@?Ha;hDxLlcv4A;NlKSx?l7;jleg~G+@{zE
z`*odm^(t<N`AHd{OZF>GhV(vM9O5$Igt&ie<8`|31QZ?2wF)`9fh+xv3XY{ua-p+i
zVl|02z>sjs#3mBW6IgmZ!_w=g5p|)Bs0-~xZ73(|!U_^?01REz#}@>6)}&x0|I~ny
zp$F^(MoLW{&tT8T=1z^xc<f3&Udq}ZgYE8W)>g6($v!towUI-CMyT>O&(P0kb6^sr
zLrSAR@OHl_h3$xuoi_HZs@OA=be$3Ks_A&n2SAV7VssKHp3|C?SMjwV8EYXAmo$L!
z4=!n_!X*tZb)jtypH+{;#SMhma9}a;Q69u44MZ??up;<)*yCxvV3>hjz3}($uXWum
zDBAm8+LjB)8@@J96Z=>M!&oE7TSLG9<alf7;ZL&G&~^8m<Qh^&^~YhSu;y{HEsjsT
zt1oMYUK5|vXYRh6a~tEcY#K(vYE!yP<~6;I#+ng+VZ)pTm>b~({{BI1=MKV#KRBP^
zLc{c+DfVV}&NbazDOi=I6zq31C<Xgoz9}uCq3JHnHkMfO)o}?*N^i&)u+14ci4zW6
zUnd*}N{$yq`V^_{13Qn0DN}c*Fa>nnBktmp)*)pcZ?rO2wWfq8ze*<wu2UfisgsMf
zGx&GDLYc_%F-jSH;fEQKP`V2Oi%vYTm)&%76Pq*vGp4sFT?72empP}FQw~7FA})M!
z{7ei?J!AwFj(PlP-uLfwd}WX|9cE3R>h!Jp{CLy%+t0J6Z{|-pSo2Mp(|1^$c77{P
zJKuuS&SLHub!yYeM_hssN=>YGwaJ*+A57GFvY<H-rNHlSxmv0-_d<1{4fa9U@)lOC
zF=g(Ce0wx@OxP5~h8SO+({90$ZU6TpK!sv)o~6f^^z?CBS&}~Yug7xEeFl7sglzX9
zB!5l8_nyOyF@Oc~>M5Oguewthmvv<}XzkK<YEokTUiwbg^}tQNM}1b-s4tx&QXd@d
zW3U6#2fOwQHrV*@4jU#D0}LKuxWNOg6!Ri@pKJVLVx_~n4i?U?mg@MR!&w;k<sBkx
zF+`+FEo|Q*<4gFYnAXCRWLo3zA3DKaIsdqO<&DRE`_-pe!|Nx8_rSNA!@K)iV|d2V
zuM5oOp;_o{dSH`p4+8Wn07m?i&Pa;d3_%@>B(x(ap{}5W1}&D*6%R@1O+`ZQD-t@Q
zNa(DPgz7>Px-ldn@52(B{;-5X4@=0>BB5a|5~^>J&<m=B);}Vlaa2MxsDvJ-68b%r
zP`W(kn&hS*_~~{(-RX<A>AJ4_^tQ3Vx<Vu$YSb(xjkR0l^THoRP5FSj#mym55<C^+
zUPnH)-sX(lv=$_~)m&TF>?kK|baM}+FTt&lJ>>`U@(6w*I=e)3KT|h&Zeg(d*1(m)
z?u+C*L!I|uoaL``ewNS3z_du`9SN%lNVnBjyH$RcNr84T`OS{<Ms*pRt45VpGg7bq
z+GRrMrnOLtXvIB>C`UBw4?+lqKXP+jX8Kq*Wx^*tnXB?ux$_WFpO|5Skk*nKaLiHz
zj%j{+Pz^Zd6WXm_?(k?6O=`el@z5SM;Fv+bX7aU-e&Sabv*qfcUwi21e!891Zk5j@
z>KpSxb)$k7SXDzNgyIwXiLgf($%WP9P4XGl<D~!&c3&(Pvs+vBcu6*UX}6c|{4)c3
zsB^xxk+vnOk|FTi9F#*+(YZM+`{UL&KkaaI)$R9VPdjei7TmMDK3G>(fkQRsR7;lz
zkEB|0WVbRf)e59v^<z(jHB!J8Zl~8sF%G?U+Km+A(A~U|ez<j8BW(-r+5J76YL^>M
zr!UP_rZ5iu-E_Jm+JnO_==2(Ct}+ErcQDd&9J2o_21EH^3UO;&BW-i+PF#M<E#cO7
zF(`L(1=M|?F})OUu?Bp!EpajHg&;)dWf7tQ;M(00?A{Mq&<Xamd1%Mj>a(lZYHV}U
z!(`>WLi8*`=t-gPbmP_mjkO1H_}2&_ZS1bPG4l#=YlPqz+Ggi#W5adQygWBO;HBNc
zBVz*A;E_>sp*I|1kFd8pc;q6vpEn!{h%&hKT?j>bn+YM!y}Rxf{IJ&qQAu%lAR~Ce
z2Tadm<%jU>YaF@=F81N@MPPT`I@VOTiW`x*gAYh+aHz~=#N|9PGH`}Awyo}}c>_r@
z)FkWX9J8AqfEe0O!C~qFui^1zbO@a7AtvsHqUGg*er_HWw+uAYar#%fKG<D>!=Erd
z)Z>`dSbNaJZQLe1Y;NpnQ$3DZK5eXt)V6z6zhefqIK0@i(;NQGqfT{9b7OCt*ZG-h
zad_#@P$zErPhf`H;+w%c`Q6}=^Kp20kFI;e9|gP|TJhU-UDw>B>xR$0Fxb5phhsgu
z4j`I+M&jJMHF609iDVh;9@RFtf3SPe+#+R73uJRFbJLx{?qVEr>ADUezY;Fmakxn5
zjf8RNd|lVs$Y2m&=V$RhLx|YoKtr&*FaUwS%b{rC3i=_9C5tVCVvs)c0aH-!&p}oK
zAPW>4#S-^5)*kd?Pn@IXw#22$eG<I;6GM~e3GV5M65QJ6+@8d4?AgjdJm05T2JklN
zr=+%>dK?x8S*6)A12NdnXRuX04vXeK9Q8P6FaSUZ_U`^T{8$eRTh51ZBpj^U=kRWy
z3*E+{dpK03mvCrWkFJM0acBxyOMeuf)Wb9Or)};PS!>E3{Its%F_skewE4|j{k7Y1
zXucUxw(vAYk6YW^!QH#v!MXtzICQqy-dJN7yMtY)&=PB*0Ea%5POF7t9QwuSwNQvd
z*Yg&N+2DM18ynyEX{lYV|DOFA8*CoHkbkr3w1%>WXFfljP6SVD3=DM(PJ0aD)Gp?u
z+Z?+Smz`oWxHTdMGur6M$huP<%1eQ<#{P8?|NcoXHg~X2LIJDS8A+HyB{JDz^Ve=q
z+s4A9x^-P?cFaQ5@0g~(#<|tUoB2<W|AhEY3mnIK!+Yg^;Z8Z<Q!~>sKQP$2-A&uV
zokV?_Rl?qO6%ObVl5@LK=RkoH5?#`4;`yM|r&&`<v%`X9OZcO}ptN@+x+Ekn!+Qh$
z(%w+G3LnDWc5hf$;f^1i!`DFTL)(b5t~@PEIA`?1HHS$rX;DE)bUhP<{PYN+-}>nR
zqIU%AE<^HRzvdX!SbJ11Bbs%@e1wElq`Ga+NFqSgsSXzte+Z!~;fTC;WfwvyFnW5L
zzMEccBlPb?UmL6&jO4?l_LDhwKV9piJM^+4KLMwbF+_>leYLAuW%<2Eb@dds*Qu@C
zm20ZQm6Ue~p)*s4w??c6Li2s<!vsp_6McQKu99_r#6NuMADftTG~$c#nx(c;{lhe9
z_+i$5;y?S$mu`3rt1u|-jV`bm7=&+#fL-*5{*=4$yMe3x^vvn${=z07UE4Tf?TP$_
z+w6_C?{a@(8_Dt)K0GedU-&u_js%(-wTB@T1htczLGnOC-}h;cu`b3g90%I&i%H5~
zm?Zs$FAeMRw?wl(Fb5%bG%sI-$4;C<=oYtd5Wb+6pYEPpYxoYi7?25rd6Qp&yUKm*
z+D(4CnA@1yl`pM0^gD!*@}(&-oBbKB9FcJNS1?zLH?Z%Fh>+1+85AC6&~YpCXB5f{
z2we;_Yv!Kq=EY2OP27@Qr+G3fZ<8Bym%mt9IUlqX7ZD0_CNbwKmQN^LkkM>9=9-<6
zwZc<5=lQH(Q{U#XX?@g0=uT1toszF2+7l5l8EJbR)Ex?Y9J|F0inj_vw{YEC>@U^1
z!Z;BM<q6%0?fKv*f3+Rl<iQ!oRe|kSSK$&;h3(^9xWwhc_N$w4328cr?c=5$#3in2
zM1dA&#8#cbLq$x05X(ymT?PFT#@6bJYW_p`PZR%{!hfdmpBemz0gYlMZpEQLuxX5&
z0u$Ju0;O9LT0MG$jfA%c27<n5V{FaWTo-f}m=oM!2WxFMvo&*?Woym6a`^#P>=)nZ
zdSXU)<%dM&PkNG-14CHF!kT%Na#_v1kzC<)<9EU{8jP66Re+Z2hVs~t_vw0K0BhAy
zer=3hEZTg8M^BE3$8Qbh{&{nF45$d#Le3zn!Y*UwS8{BhHHa5`yQi;cO4;~PmGoc=
z+~(I7e}II75(28rXOYEiTj5&}T{*V2p7(At*G;o$R6!<$RFjB8WucVahdb}LI3o!g
zRTz?*+f*o}TvaI7i-Jc9k2^$dL{Xj<57@5?4Nz|2q>89^$>po8t76EvF(zNehq^^T
z=n4p}5eWD-9*%@N8X&{bfDeM*$2N}TgLs^uTRaPv)}2w00~FL;kr?$jD#Vl|4a`|V
zOH9MP`@^gA3R>A)_wmD~*g@!GpsIJ5F3IXr_1NC-8<_)6?<UIKO?!GbKkwhWo4Nft
zGLQg=dZ1gQ58catF51t2Xg%Rc9qL`P0ig#^<gmX8BsU!DoIijSYOxW$o)A46|7}_>
zhjUY}aO*e|p%X}p2?{DvDKXdJZ$|c247ZMxGAfx9ZX*js^~qJjt>erYO;~j0Y>3Hm
z42REQOFs(1I@rI&h}fA`Jb-=Xw0`zefHTZ&`K5i$?B!WAdy5NZ_MEJlP4kF2+3D?{
zKE3(H2qjkJp!aF(d8D$^4uR84l$8$HSOlF(n867)_D~6*Mxd2f*-}eWPz}DmOH%8T
z!uo`~T(pEo&&stlKfE{>{Fcv5!S91hPIhISJLaTT20s$)4LxK)uP7aQo&EY+97g<C
zwmvFAZOk}I9?OPMYx!S<y`;x6i%MSF1%VK{l`b<554M0_ee(=B8UeF6Zt<pBeRp$%
z$0nj#z2bTbp<`{pbWLNt&=5kA(q)qSk+xU`*bvSwBAWH^JqX2zfT{eAcIRGFdt*5c
zoykylwV|K)Xm?uD?e(zTEK&>L;T{K=gtfV<XPQhr$AF(sc2xT{i%lFBEcNMa_0=N_
z<-?8UcYU=RaA<&pP_Skw4u1o>p!xbx9NrG6RM(h%`UYR^);T}HtrEn^<EH}e%`SzQ
zcZ25^)!iBxU3U=<%S<kd+<$3WK)aQON-r7EZY9^rIl2hlT({qcJ)06%Zg*kc=BwR0
z`<IQi+i=JQ$6yf{4Y$#xTVjL0<wP8U=PGOMzS>*LaTu|+tW9;e()d?wH;e66)P;s(
z|NT$iz$S?|Kx#(Fe{<8h72dEOu-4qy9FXX@zM6Y&a-okll>2HL?151=udzKMaGBTH
z$q<BSW!K*Y=9z%i(nWkd-46%vTVmTs@cX+YgjA@>+QXp)U+bcUa^3>{7TQ=nlGnLH
zV#}hzW|ZTf@YJ|0IJ|@}s4r$96nl)9hi7pF5z?(=??xz^pD!E*;$L#B&^t1p{*6C9
zbXUgH)%<BB^XYQ_^pVV`KZB=bcd%~ci*7G8@uBbd0l&W&bbPn)=?OiF5L%iV`NcC*
zu<H=88VwB$^a%_e;zB+>GPZi8Bp+t&;xW9~ASgD;Cdwtt7-l<LV%9od@+)!g6+QYG
zr6bIJx~?ZI;Y0E`R%WOu^LEArJ^qtaH;0IBLJFq)ngd|D{N-@|a4{o6OCV*t5gDIP
zdt#>2CCQU(7FUArrgN`HbLpuM4EPB`vGwrnfQ!&Ayi#l#G|Ob5EwL9H;QBn?e2LL~
zVj$71-%RHcESF^&>GL~g5$C4ZY?2XZ%H^Z?5F@3|)QtERIpTLIUsZXXhd@01(%=o2
zBq^<jNtIsOMzpfXbT<D2a%W2*N+j7xWw*hBrL&Q~8WGvOHyg>>N4hM?={2yF;ZDs`
zh<#i6&Z8?9#!4<gg*g11RH>snwQwsX&Q)?Y(o-|1Iq<`<F0&=eJMD}Rt;{@~bB$Mv
zsk?*wb;gEN^83mB=sm5*-|yrl&Ji^(GbJ~a<bL@qN^OjgF($0b=VdnYh-l`0@u39b
zos|1i1>_E3Ocny0^|K3knW#}_HpDMI0F3VR6EnJduH;}|+&829-x(}MLHZ{7dkaE|
zYmD9#t!&pFsSW&$%Dy)6QCXe189E`K-xmWUqEuG7Z%Jc=*e5G<bg(eJgJ#yj*ZbgS
zlQ_!_Hb!5-I<H+(aYrtG)>oe*KL5M<*&fc%Iu8+b1p`}Rv~qtllKa!efLx0Kxe8*{
z!(jTFoQH^3*6(&s?bs~SjUKJR6sx}AWck~LSDX@m+sC}x(&u%AgizwG6U7%iY5G+9
zV}xQq8OCS$0n^FQr<X403#Z}a=~GE>`eei5Uw&Wubo*_bOuXjc{caah?xOSg{r^GP
z^yvywV}Yo#6dj*FB?4hxJ~y+Cz0*WIbO%R|9E1sMQM=DO+0}om^Hf)VYW@VGcm!fb
zQC>QhSP`s#fghmiqKw0)JJrQ@0Q3>+aZFJcmx5+{v5nhk6tUSW1QpROCQuRKP`z>S
zGT16gfgx|Rom4e5{^(X7M%2)N3FX(u*ndNkfWQ~*`bYV2{gJZD0&>;_<-ukodzD3J
zOMx+lx<)9>MzjfKU_Yg%K+aR{pHUb%>+NE&#anLd>uKNOUCH^1eR`tERWMcO8ld;`
z_`P4(^;7LmK6J+xIP2|xeRs!tyzZp#;<CWlS1r6lt9n?6N<kpKq&Erf7|n}437V^V
z(t#=%Z4-1YQ$y5CH<aN6l4C!pAatkm5FKBo-D@H>ph=XkA~m2yl&|p6^)<6A<*J(5
zBjpi9v)12&kgzFAn|M0YQO$7H#lPjD9Ue+cLDl7klO62YTr;QHjlJ)B!<_+J&5HS~
z_4&1%Wgi8S5RL>2YgRNf0irNbT(bg90IeVuks8ol%KgI;*~+T($4rVZVto^`lU3=K
z<ieU2Ay#&1;%v=*w08Zx@|qPbtkL3{6&7fcHDGqrcUkpw*{BBBZVr?Y&3fsLY)mh6
z6)Hq3Rq3OG^Rb%w1QZEG3X6F=%I!4`im9!FXk#_`@|gzFq&s5sFM(yAua1asf(gXA
z>1BQvt)%ez5u0)73B-N_Ge&F<j2W>xaDMG(99|6iQe_tJA)(7=fWLh?Lh&#UX`J=y
z(xC_?ep<7lls`@ufVVFEWQT{o7dyK@LJ4w$LX4kHoPUBs4+&Dc^O&v^CI2X0&jx;c
zeM$U}edNc=z*jeo(St%AOX$utjqH#tjcm_F84)tBJ&{)S?C_yLf3B6~I@!dT&WO0O
zhxf`wW*ST?VbfN47W$|4U!0$Kot=LA1fwa9we4Jo?xslTG6%|)uKYkhrK>=m@6~=}
zPV{%L0&LE6ui}1g?~=FIPyA{f`_DIG134TgZAYwxwv)El7_buj>!PcOR<>;XF&z(K
zt?C<;u7Y`k$S>%l4=w+b@ZfUmZ3(km?_}7IeM)3TV{N;<oga-jBWsto{7FLEpCn}b
zE*1Z0KX*+64pPJoB6O$RPk4N<tGa2eveLzM30D7&ApZJbO$ET+c&qb}V5ESHI(Rn2
z54m4b%XHIPHqS0XU*=~T&1}B{(^O*KM{1AZ&_7Tv{`944j%eG^zl*+=bEm6~Q_v>b
zAx`IJ0)|zk*>H;apil7Q(48c_UA~vpJi&-J4lQHII++1{tchr4Yo-7u#^#*`^!6%0
zRi+uPAj_r*QuieY@qwX2KWS(TwX*OO!T&&Qc@!A*R^7DLPvHbE_5@dK#*DVY+XI8r
zzpyd(IB&Wm4P!+7NU^kC<o3mU+u|OHC3s074-o0iao~}-X|=#-r>?H5ghLY(4)?G%
zJz;*hQ!b?wZ7N(9M(g3cP`ld17qrqPHCvUgf`vE=_iUAc6#-qwmScGP`~l`j?bbzu
zqQKELu|-(OuXSBtRI}<)Mqvu0%A=xk6zGBu69(}gxtbhQt%^fjDcz=kI|FBdNBs5*
zfW(jZX1)&!=n<l_yHy!?YZ#KO;f*dAxpZihk)32XXV<N3iDun?UHZn{yGW)9dB(f=
z1z%>^h-bbm_!9QGEME4~EM9h5C6L-PoqEbaC998|KXK}6Gvi)634LE}7R;*!qV$h5
zB^g-Hx7=4Dvk9lpNJNuzl?8|2ln|mX1L59_$-bIZ4CH}w3Tvr${i6QzyqZ-Iu{`|8
zoOI(qF6VTknKcBns&tv;0zM_hiD62YB<Hca#2HGLSspB2WXw(>XT!LcXzhA+75n%C
zm~aulGvkvzPX5UPiFYWIkE8XZ=4E!(+?flNY8KjXcqph9uQ)ad4xqXx<r>&8oN0NR
zTl;4d#E!lRVnYT&?C6UiHe}GYh75w((HBANyAp0~$RLOvNrL#TAc%A$QDH9mqL2N&
z3`o#$Fc0aCX*E!at<}n8((jG2#o|o#QO@9ZC6^TEF(IW-z)KW(vtN|RblCiQaBqjr
z4+n#zL|3X2c@^|)O`l73$+hWAwU0p@Z@uR2KhAoM@5}ZV$$URNah%FUiQ`v(W$$q+
zKfd?)mGArPIF+yc?D&;`y!$wny}OTJdDx!gRJQHWb)s4CYRa6Isg5bEMsh-yPI+5G
zkF1o?f31{IbfttQ{#in!-jUFa??`CgI}&>O9SObpj)ea9j)V@pBcYPj61sS`geI<*
z&^@aqL|02_`RYvnlq7#^#80kb(%4=?$J_n%pa-{_+`+Djd3N$=<lw06$1k+czQP^s
zYM1*#wyNRr+u$gwYYz_JkW8P|n3X<@Ywuv^Bbwha#Zu*Jnd$gZ3xrmQq~&XjxT;5*
z<ikV@IHnNuexfxyrVx!4tL?y{eUN4?b)MFn`kZ-*P|Ezfs0)euas?dJOtdx9JoRNp
zQ~b4Uaw*Zu4opNS-VQJk=V`6i=tS?tt?iCTT`;gec%(Q`6+BWH7?DaST$V~GTm(~u
zA)#;q(aN5ih)_cI*R}<2HR5Gmqx)%FT9bQOlWx{z9c%Jjcd$AfxHKt@K&A(t<l&ZE
zZ&}Me^$&NjIw=3$9h`4k9)J{bFUeatZIt+7*^ir&M>@iKXEL0A%gddS#7oDK#~?gk
zy8lqsL~W$xJmjWv#_0R$9=|r4@lu2y@j5#h<L{$82;CX`#?H~iR)CO?G51H|w05q=
zua!kdGg(I1)8SxuVc<dV2ACTNcDKuy1s9o~opV>P`|H3R!R~!>e>S^yt7Knrk+ep>
zCe%6qJbHjD%9PI+#dnzz;zsg640i98H?Z2XM+gMO;i+bXSaAu84~ai&MyPI$T*#2b
zGPce%_cdh|x0$yFyBE!Sj(xExxX83hzL9+|ur%0R9H6X^53|mBgNsaI9Ga(dMNQ_?
z(8c*!sZA^m+;XYl1X9c6<2-IWe`auzDJcIrxJX)#Ll^409$X~7ghS_mo&I?^R0<bU
zai||$RLGBq_u|m|2n<ET?}3<`QcdE={=)dT+M_tMf?a4{oz!-5>ju^}Pk(Vbn~zX%
zk*Pw?p@njZ?q8R0a4%C++zVgoSU9hB(f#qW@>1*E4xBbIcWJZqxFlY%m2C&ZU3k$G
zk6RHkeBoB}RNS5pV(yA>wdSHUuZv@~^?AnU&*98j6e@F&^4`TCv!*%&)FiD4PzNQN
zMiWG(A6Zi!9hIw6CP`7E=3Y$<5>5OI2oiiezTT1=$k5|a&-gM+s`r<iJOPd0WJz`z
zhbLOn@$=NW9WQ~Fw&B*c;GX@CuHcc~vdzuS8VbD5&bs|x?0Jtp&8G*H&vBx-Za=@w
zPcRyyberZnh<1a?tGQG3ppa<Snv_q+w0)juKHyVgCOP4zZN%J_fgopqyeW<me{Vs^
zua(WJIi?$UOD7pzx86?FNn~+PWd%ZbNu9*xX1j#Y;vOc6;3Yqlz)vG|S!kn#-1O0h
z{2L|YV=^ew#-?H8dE#SNT8!0E6)%G1#p$Jvic`yyWU1TYpG(=L-WR13W~0=P<B?va
zUKgd-Crbt5zv@-$5mD-yWT|`OfnKHV5T))<mYN%%*sIi4qST~hsp;{`UZu)Ksf&`O
zX2+#or4C-eOXVj^-5LMblwE3*DD`PlVmdG0+N;zbM5$HDQd8qgdzA``QcopIO^n~&
ztJIC6)P2cPx5hoaN?k5W`I4pl@pDZKYlbsC3LW6Qk&7tp*2O(KLTKK(q;@N>d{~^f
z6(uXrPfT3gqw5IGb0kY`6Qw>EvY~r*5kjZ~$%*rlWnLYYVzzjhv!Tp&nPO$i-iLne
zrtkfAFIy+d|KPOw7Y*HSLP$AQ_;wXSXyuh`0gT<iT5w65)9I;O`P#xB-~Sq&>6q^Z
z&*;R6Oc0fbCND4<qijkw;5_8l%646GOlNz4cu*JPz(;>DE*F{a6pG|exVvE%N9og}
z@fXrK$|0#&?o4v!V=U!^21UHM&vNcey5?g{rN^M*wS87&S5P(C%GG8@W?BkGD}s#s
zYjqqRlxbGU%~hmaaq+8?E*)z>?vRial~83=LKCAB3PdIJtEhw`Q3-t>l~B<J30<~9
zLQ^(KXyFD4{eFXlj&6_;Du#b1$!xLa<rk;_v+<vT;_v&f@MH`2>-$yFiSp$co-0ig
zwaX=;7Cqv1>K@wRVFkR-PNJ3lPd#Wr>DRHR#W7!l)v#+*n;lhzZuF}GM>V@~#gv2m
z6#KlKti^Tb@fIvrLpN00kx~tvt#nBNyV7Nr2N_BsK!7ZbkcX>-)D;f+3qnL~4-PH2
zAmsiFTQbv^;@14SVjTLygiu`}4(&2Qp65KqMJCGY3@)&gbAfG4rUNeUE${~l+{OB;
zinFLGu-oR>RRku~6$Hk)>Av3MS}>HC9cf8&p#Nn^aeCBE4`(n<`^^YJ5Zc6_>MG<n
zs>hiEuVkEe|Bkg;Ain>B*<i!CCyJXMX1v?W=4>`ly!e?pn++5%*d7%8w95xcrrq?g
z4|~?J=eMP`^aG%FMt}R{;4V)4Ms@EhC+6SwN-6&B%J0Jn`OHTJ$)tzl&q$m*AJ4Ux
z;jw($!=vE+4m<>r+uLz#Q9ctY7BQjX0VY(G2AlIuVH|$bP+6O|Cf;W<!VLBzDBl)r
z&X<-4E*;e=U(cUh&7Qm@lThdV)dt84jH<sjAW{HOH*Za-!B4x~9NgHm&b&1)8>tx0
zTjO_e`GOlL2D=Mzh%%J9y&XKGgU!{ZpnOiSxmsEtkVkdO{rQuA?8!@k+e4j!TYKZ-
zx91AZ%#>62dTI--ck@3N&3jFT1S#L%TM0i4N(J1f-vK=uU&9?GvveK5IcZ&o{C#vC
zuG2@&v|+5~f%qMQPKBp^Cy;>cOnz;uqsd2as_@Z!Dt&ZLm5)AHowS!++eiFM3L$Wv
zhr&9cJ2C00c|&OF!Pcrax~RW=Pt6-#OV2aHy2T{9U9*d0@132p!T<iVL_2Du>I%@z
zU)dWA?uKs!8glF70Wi&*Q~LO~GnMkaJ-?<ps<_&)y4PWFpXb?eo+*Uz=;TR%OkzIl
z4Mzf3C@X<cV5pG+p4ZOe;JMJ0>o|dJHT#9SZhGJPy1PXqd(gj$zD|LYAjGwHfdNXh
zqX`B0DRm;x8A%j7BPz__$sFMKX<yegUK=S9dStb5;5dIYWa;(Lj-*j2-5D$H;ao<e
zIg1lvO$tt=JI>1tH|Lt3jl#FBpZT;nkrmmT2pp)tCUKUb7>C9Q4rI)6Igp`A4&)5Z
zfj}SgMdIe4NV!H(FgPVDaRfUn$!{FW;5SO7UK{+O6KwFGn0jsShfZmO|E=j?rl4`t
zL-C0@_oKXW!H^zzKiYl9>F-A?jQuE*b3giDu$I%tk+va$al|#p(l(@QQHeG?=JRxi
zYmY;3(^S<JUgu{_pzzXePJZ3=D>wb8r{+1fKIBo2;fP$|sd>)A$VfKny<GT`eq+f&
zdV$M-opJf^KpX<bl;iMoJarNdJ%%{<_i&bucH#WsB2z^G?AYJz;!A3orMGG|7N20r
zrCOb#$1k(wQmxMDi4V32o_bxdd;dE^x4NEj)p|~{Gr5e9Z=fYxxB5;m-Re8$EZyom
zC!t$yF=y#k-#KO7s@Htly!kQS6ns1Wt%MLGg_j6Yc;RtLVL_4<>L^7Dj~?Rl_EAn!
z*dr2&z9aRq*ZzN;Up!_Iy01Ly3l6yYCwN7L56QRJ70Nj{{eEJ|@17>7|3Yp~|CIr}
z`FoB_Ssxy7`jqvB|J9uSv5aA)_*Z_+!dR#4zteTU`a(rIW0aXTz9OZHaz+xnPDEd;
zyw1IxzJBUaXF4h%-pCQItBE@i@@ifaP~E+5`fcnV!sF0w74);nYUoEQaCjBa&d+$3
zOGZ1N>2<!P!9a9wT<OyqbW+<Dcn~P6%y8hx--vv`IVozmFN!*|FN!+Jps4H9<E62e
zcO8rW(2@&Tb<C0V=93_*|NK5gb<OD$)n@a*j344ub%dEy)jI@LoqAlVdR3CDUY^Ea
z{^0<hJBJye;Ft?@9ZtR=4lqs0<Ae({MY+u40a1Lr^uJr`anrpX^<_?qzm2asE-4Nc
z3q|^AlH!+hgLJ59e$jDB@pnb1Pl{juH(_#L?u!=ZeW&Z;LjeHTe?iQXz(^1)XBy5(
z%P;2V_OI*!_&^80gSY+tT--gmgM<_5+mjqJBi}|6)6Ty25Eu62Gar=tVur7j5Q0dq
zzITr4`Vn2%3q9HcBN=_in)~Cr+IfXO{K9(t&;=0r@tL~8_~El4xZ^?`8o;BN<*(-P
zjgoQlR%e9}Tg^j=IS+9Q0_-`6!+#Q}nzGNiM1POy(M;5xUdRWqCaFjnW}u$oW0PL|
zN>O|%WTJ;-vbLB-=_+*Nv0J1KY1r6D1BVKD16QXSP<G?GLJ(l_*e$N$|KO|>H})!g
z2#0HRU5|g5Q<L+oXtn!)xh97r3R?%C9P52d)`ydvU``lk^7p>;@dykapTz54xO|h1
z1JTi^PVK9V{6f9$-$Vod_;=B#IU__>DzfxtC#&#0p8QSdPCq?J)gThQLbx+fYPjCj
zK<p+QdeMrIzh=d9cBA~tijcBuD=g&jpP`04Doej9JolhFQM$|v2D4cS2~R)|v;d|g
zfxi;UOHs<}Y#>Uv)O_po#npO`TohHd3gh5J$@In5J-R%EKLRFDiAY2N$1h35nM#Z#
zO1HVWV*29heXHcb!THh}c_2|DW>L;8%Be4N$1n<k*tHeU@@|9ryLQ8zk%V4FYNK-;
zWJDLCTm3W|JEsgvwD6QfP|zGDYF+}9+B~_Cs1%;5{gZ&Y)QpgO4JWv3bX|w@xWDK-
zbv?Y7u~g|W=3%&Q7pHjVTfldWy>RaJbI3H-w&BoviSgqex@;@>s=DcRuk)kE5gU{*
zO*r(1hznPs95LbWpBdR#x+VP3rxHR=-K`vvT==Od`^8U2#^TnZ{IR&zg4%Z5%x!eT
z;!n|0gcf(BkJ*f$X@=_$5R$L;(p`<U8}UOetes9?ziljTootfE;#PmY)V9ZF-bUZe
zXd(PZ387&+Yi1Aot3+IFy9>?j@$(p)1nyPwGkCyY8xIg3>YQ)m{#J=gc$DT<nE{e*
z?p4Y7lx%T%v1b<!e;^^`rGIU#-G-Ogc-+!_+NSJYB%&;{>mg}Tmf1Z{3@{cb+~>31
z8Zv15Yq!t+p`SaTCh^&gTZ>9Ov@Q5)B-kCq;XDZ;x3YUo+wMHKIYRVyU+wnUAG($A
zOo5Bt%6F2S4}tFzXStQ{%yRx{WJ4&?-&?y2hYy+%8qGKj{LmNdQs05l+yPn(s?hbt
z-TDwa!b?76+iwf1geUn3&8^VLVx_xcUY-xXuzB_XrEAE%JU4z}-R%6)Jvu_OS$zbh
zb&T+mcOcbge>dGoOx%;!L_YvNZ_zxfyTz2a&4XJbbb~v%drVtA&mD{eN3-wDvjyWW
zcS}K{I{4`ry0z`gqF`HaG#JF#f?rm+TS^jx+F}EOd&Z2kyBVd*BQ!7A9&EAmOGf6{
zucrmE3mxqG1sbOzad`AGU9Wi=5_Nz@w6S0w`k$j<#SbopD|P;F5vgtC90}2iS6sle
ztR?Dr{lGe+Suef-p+rRuSXBpB5Y77cVF)F#DDgbete#<pIXQ1zt+zWP(fV@Me$))8
z_%8RDE4%<9by9hHVI?B*GQ3*+S)QZd7wjXW2nEOz&5GDJ%<n=?bpmT2DtXlU^299h
zJ`NVCTJhP#M6x(uTdgl=<b8sjS4p^uR{R`m{v)DUXE+c_em{K#>V$G<BvD3ae^<-!
z6ueKYHW2=56>!$&aa3`Nt-cOFJe*(cyE5AY-sbda1MC5RLP?^H!+d79`)MbseRs}z
zeoo7LwOi*5@{eeb9l-4MGBNS5b2NAxe3#k?oiNQeqMevTbjD>obv7WXe?+@q^E;~a
zNmIfR@O1vs`F#vOIe~0&H?8Hli%onF0nanQhvZ=)FO}}ESK((o2i@sc-A#o0s);&*
z_-Z!<hSU1_Od=ZTAJInWHbN(q>yzvdQHOIQ)kLjtB5FNJYnW}WRerjY?XT6KZ+0Gn
zgC(U4GOasxxOgfm?8!?)+vnS9yBlbZvU^c{G4LbpT=n6GxV*I8OW$R*Yn%tSw&T`z
zcX0Q9N0&R;#Yo|w4GYfgkYwS%8|l07CZD!5`o^s|+XZR!Dcz>IL%DAT9)jv|YpL0%
zN0dE`gqhnLYujcgd~_qBlV<rC4o@IJqvi~v8`|QwmZHlDoiMA#f{9W;OG;E*8MR@r
z1_a}kEk&2nt?Yf<mxV2**toU@zjU-r?k_=250;4Oo>`2;@iTs-eio^n(1gR^fG75(
zDGbQ|5$*aUJL4o>oR6V19aZ5-;QVxu6IwrosP(gmT0bKl{F?Rk^BAJ!rCj3ECmjBz
z#mB8JK5#GWxovIs>4)2NT{f*HZJqY`01HB!HWB5k%JB9;4ckmB*`Gnm5mTVh_+aJQ
z*pWPh64uy8FnW%_Gauc`e&ZPO|3>grZEy>@TQcI^@}tWNLJ#`s0cU6I?tFwo5gdZx
zrU$GDJ@P?|$Ki6lWl~0O`xPv=^$4M;we43Np<{J<tVZDK*n~oaVsots#eNG`R%PP{
z0&%Jxh*0d2BJQ6R+i8X36+|mLlfUoB-rrHg8lCwo&R)4L(;wLwn`lGG71HG~u_tW|
z**_pkH3~Qg-4OdVbTd%yryYQvKKdS^W<M?d!vKWb`ZnDfelkn;6)Y;m5N0IkmbEMM
zS^tR*p{40@F{)gTbW^MMN!H;-#YPMc2+X2yP^}}ML@2hyA|O+tjQ;a45t8I9V+l6&
zhb;)j78D?)414~U2%$$d#+KwG<lOFhWJ~P1e1r~taMnl4KTNT`R)px<#PhrpYx5CW
zx^xqv>xep~!mql@)h0VpiB0$bxqNg#J>sVa!rNtBQ?`5=LW}a9k@(k;V?kHCO!K^i
zT1f@ZzFEjfDGa_;FI!fE5dA>)Fa+k2Q2exm?(os~V$UAa_0+4U(_g7(qn4tZ<R6A3
z@@0P7;oQ#N{nX6!!avm(>wraL-7*9|9O!S9(aX**K`5*Ttcq@yUCCxIPWxhDIHA_3
zcul!Ln_^O@I;s+-Mp?aVr`_m7BG35|drLvOm`{{-E^ub)EzkLA7yXdX1IiJTY>k~E
zu^~n2UkO8y3^^tKcn?GtVC$=qx~mC&*GIR-iqnX6CFFyi<fY|=e&|;I(dDO|?nB7p
zr`rMp-PC1kyuHbC_yfOr8@YXh|NL#f+t-e#rFKH=?UdLEt+yTWn9MlP54U<uW@Yz&
zzj=e-`L2(4-W0bU)%Dcg=j_zW`azV%je6OULWJ}(3*2t_bAbhM`a$$zU4?A@`W-f+
zd{w>j48+QP1*(St4|%b9IMIqn{S2YlONggpt|qE==rXp@*tHU|5!L#}&mcNuA*86b
zKKKML=_0Ci(a+d2yzU8v*k_~GtDg`)r`8{dtG6Nc&^-~ha<5@EqZX5t@thV9g_w<g
zONH^!L};<acu2J3<>w$2(|cgQtOg$7dhYB^cj{&TC}90r(FLBtpxc`4m_`^rY%Abc
zRzs9K9M#~pHiOW~j%j|nfq|vUPdnJdS?s3L*$GLA^|I#+5YnTHE;YXaetSI6H@v)#
z(69IuSZCga5LtEE^Sdtk<p@TV*UAB++*yu@)>y8W{SG?iEhnniu9vkGAVeeNQg$8S
z*IHu*zdxJZdn<_6XeVvED~Qv}{<jlno54mRM9yy`E1juN!8w6yjnClR5+R4T64knW
z2H#R{UdwQlA+((+qi;W(NoaX`*}#GfOeI=z$x{dseV9}L`-WC*dJ3VqB_CKq>r)7=
zP5vrhRmQ#me#Pd9ea<f=(GGj}Vjg$-zmrhQuqr?$VoO*_?S??9GqRuHH;OksiIDvD
zWqiMR-IO>i)>7;qUN=A1YC$M5I5sH{A-W;<B!6tVERx8NX?X~}Zi1?;j<Yj18UkSA
zry|C>gSHmI<|4C717frJO@8byw&8u1RzG$_9zwBeQ;qgvSLK7`%Zxt6W9vZvmj@}|
zndA~6TZC>VG^&^VxQLB+vSSK`Jchlkf#U6KgM<F@s77|86>nO`XCnR%+Xvp|ty^P%
zvWf{3<9t=z$A51{Ja$F}ZnZ9fl>8uXV$a$Z>%3)bFEz8h#F~UaX>1n1DR6ei?zAG5
z`0|mpN!Eh56&zi+jInDw<)0|srg?YA{ti-npfdcC>>yh41+3vR-Z|Fmi`l)EkK*FX
zA_?boe4lmjnXHc+^l$JY>$g7xBGL0RgxGBlzs+BUP=|Hf&k!;J#4B!EyVA-wvLi_F
zEaiUM_IBfq2u-iC7UUh%<@x0H;<~(JI?>9yt;cj?es^(AlNTZR*0=jfteCr8p6nmd
zj^A>Z678CDV&01Xf9$;vcvHujH~Ks0*hc<`g)v|oLyn1!4FN}h0EfRe*kD?qiV+FP
zCMzFH$4HATX{95u)3obu($<8~I=N{t+wFFRF<^`VH&2@QrukZ@unBGHcioh2-EI2S
z-O|);a~n0KElIQCKJ({DN3tYmzrB0E@A<y!dEj?u=ACzD-g)Ppcjn9)ztEV|a=f5t
z_wj;nwHz&}+O_e!TIsP573|*laxm}MHk0)7?u}zXQ_ExDsQvX%*1Xp8$=8^i9($w;
zA0tnBBf_t9R*(H!q-t7vnaSvhA5Oh0kvaL3V_N>>KMK!k`SiT^pVHkoU5>wdicH@>
z)UqCbEnG152Z_$*Z%JImn9N&_XMZIETz;(j-v~9myTY`;<@j(_!=G;7Zu!KUV`P^9
zA-B}qn3%JUefvAh=r>POS8m_Fz2>!+<9niwqvOPL_%J;cwkLXf-jC_~!hc|YfZ%fz
zS?n&sHDkBueLIU;!A-gqJU&TNDN)=KUT!&ld@7607qx^Zd63CO^E4&@<kc+p;jgXb
z=qE`rq#`u3ar6XRYnob)(!anp^_&>bakQzb?bW6#+dQD*)ut-DK->2DEc)t(%rZ81
zm+$fBXwfs5>6N~u(3QNjhTHSXsY-?m9{*9;bi75H`r7;KZvxV9`aW@m$n4?EhI`6d
zjxTz3J-wB1Y(4Pn;+A6)X@Ab`d1QWRdF-;OW#dnRzcgO0Wz75cEblW(c^^%a_Zz^q
z#5+jLYsS`mv#7u6*vrjpe$;gA+l`-y`ZU$s_=(@{RDI#5W3L^HuK8x;@$Eu${?(%X
z#!tNM@u|CxW>q!kf9vQ&RawX0Av5+-dsRW$*78{4LML#$I=c0C(dMxn0b1?mwj2>!
z<>ml^^6Zg!-n;$SE%``Q%l{=nU`I-ePQ4r|X*!lY_*tOwv8zJU(d>WtEb!}DO~<mI
z`7A&$J!?AN@~4f_N0*Yi9?hz1Iz~LEEWPZa7k`!;%4^Plx#?)O@>w#Yf4ZH`=uJlp
zA8!YWUi?K#(PK}s2!A{9RkD6Ly2#Da7KXZuUi?KxD75CAMZ$Q?%l|63<d3%;wX;8y
zFE6>g;d1!?W7!+pfyb_zUd>+C&bCF5X4kX>jeoc-YxR#^m0!&^w*&N2wCvgKz$hS%
zH{ChWv~eO_N;y?cZkh}iK34da0yG?5^mB#HiM4D;nRJqw?kMYj#9__YJ=qfqQ1rPm
zy283$y<8*`UP1q_qyJmz|EuZ$F8Y55{ohUh|10{xm;Udg{|939*RG8Sm#?iEyL`L)
zvH+x5zulg^mf~kfuP)938ul|c<5y4Yp>xQ?zYP3|IDqkJdFn6!bo+K6oABcajQH#C
z=)~-<PT`oDj%y<S-Ny?jetY}&?qkh?WBc7L$M&>M;T^`w!Z^_!YrgpjvQ{1|dgkS0
zFF$<w8vY0U#_yLXnmJZ++`_SyqmSd093vc`<M=C%IKXf|M+?W@9NRhSKg)wG{5X&Q
z49623`#BDCypojveI7PF!0-=A>7zWpf@3YmbsSqbwsU-(W8{HEKHuQs;-vTo?`7e?
z;`k`Xr#TLC9Od{5$A97YD~@PoIGbZF$4wmX<LKh3aeSQP363Kizs7Nb<8L^=&#`nL
z!=)V8aooYNo#SDSPjl?&_zK4fj&E?h#j(Q9u%6>K-p)224siT9$3BjO9ADx%&hbr-
z?{h5P&+E^zo?{Eg2RV8<ev0GgISz4rk>h{m_y)&!ITqZ<Q08dmxP#+^9D^J`#qk8k
zVU90xyvFfY99MI>RB<$Oe9y*kisSb=evRV@#}gd?mZQe8o#PIUt2r*=n8WeSk1%|l
z<0~AW<M;)Rk8=!gypQ81j!QYt=6Gu_mnX+>aXiEEGaQ2)|B|DPV*|$}9L*fx-^1m{
z@n1N;!f}w}GaNs}^`&P|;<$~xC-w*i9Dko-GztHsKTF-}y0rj0{9&I<cDj|I;?&fj
zthp6Ub}BxfUz0<c64YeH*DY)QL#mJFJL2|uRXIc`Jidc+ho59oWuMxm8K?lKKkRkM
zgiD9V=aSW~fa=s#mt3=<CKVq=4tY8QUR6G%b~8Qk`kja5kownQ)#p@Y)u#nLYDiXs
zDrKs8z5XMrOZNC=&Fu-vPQOo6yELFv2?PkkLu&U2ppMfYR=nX4!vBHBJ-bOhd*e=8
zPbR;x?~u=b#3#EvLDi{w4y&?H=~Pp;Ge*MX<npAFlGESWsroe8AC$cwpDMQpRpn4d
zxh9va*DFTg^ZQmR-hf+aS2d4Q@y7c+Lp@xcgC1Ion!1|A4Aa_GO(c`tI=vohmljkz
zRd2WK^%G&M!H~!AlYQaN_Kf9ECrnLu#O=}4P(X3U%AH<6d*e<+^=9IeEc(>+ae)$g
zU$|2ZdYlP@O0I`bR(wvkKbWqbK3Va4lu%-MWQ4^>(3YB1?bDQl>E%;XS(8pKnsU(C
zYb-sW1Vbs4)9@!$`&)Nmdj2G_r{X`o|M$1<lGTt?38*gF@6=RH*CWLzdwfoRkg$`z
zs^TI{_S<)?tj|EF1r?7snb1JzQhl1D5jFGpTpp*Q`Gd0h*I~sgYkt|1PHx;lITf!G
zjOjUPPrJdI9&xKdHMta~U!G7*d`3GGA9{XgnA(6?rBc`9ufu*qu2*ClAJylQ{T*^h
z3#v+Ivb|zLHY#j#|0J<b)BkR@%cVL!or+f<s;nH3@37+axa9plkJIlm6cj7j?^2Pn
z{d}UB*4}_u@%UzvJDtT2d;DHSQ$t4Kr>XxYCZ3ga#@mv99BqpAicYE5+og7Re0(Ih
z6`#wi8ucbFPakh^B{JE69~Bmvb9`EAK1}^|Zqw5{y#6DG<aBmnWlc)`N-oFg_j<_)
z_UqGo8h-lhosJKmZPV9hMGc*89<Bj0v`cpjX5{m+%zWb2K_%}HO*y!sTj})H`GW^n
zthQKIZ!pedu5iFhgr!cK?sR>3`a1)P=4tn;GNa%MlQ<t5_$1lK^eOCTP!Y{do6<oP
zexJRyxpB|R=DkhHbUbCBy|L8}psubC)!d0$RksSO>Q<wgJ2NX+u8ikv`pEYEdz$y!
zSxzF&gfgbnvG~6LumZrt06q%fV*s`SAYxpZP_ONcyBk|q$orb_-QT=-dowF%g}kTH
zX4|!QryleN<;LB+8u#h#_o*JuO-8tKQ1<zQGVvNcPLC#cc$I_9e+vavr>Dci?CNr|
z1|a>r2_OSIp@&lVEb;LxcZNe6)vb0_RyzY)cdB&eBOmc-ZZ^p#rxWuVPo17l201Zk
z)RW*2gwZ(*$$p==o8=1x)ecWr>UvSHfqAhh37FTBo?u%34_LA3d_QQ5V&g4srHH_m
z0JsalqnzI33xqXU4F<Wr(r1{I&Oofcy{e`flj0Uc&!5ssNZ{`~sJY2Zs&Ep65i-zC
zo9SZpPN>JKbx9P4nU7kya4_gUNX&o|RF#zZ<0Jva6P#urQgR{d2cH)7Cv->Bn#U+-
zPe|7Me(JRAb~NbGRD=9uzfVhS-OBNH($DF4D8YkHf0&y>r{59qhlnO5M3eYKN2W)U
zc%RqrRJ@^BIHW1gLm|&2Di2c&fH*z%EhzdzTFAgh=~Rt$hm~MFitq`l>R}}q3p-V>
z*BB<t0!?XWGkj1Dc*(MZ%oz_k=*;0H@rH1qy9)?uL67fX$R7?ejX9`l4!*i^uryX5
znuFy_Nn(i1Ko2+^9-l{ZIP`WJ==LbVLv=H!hqR!>F)g0>QeAZp2Pw>vA|DZsA$eN5
z)9(#;`r;JR%MGfouv2w7yEV7pN115hfbLGAS=aCCx>f5!E98TIO|Gt6ZLx&XwnNoI
znxZ9eOrYCtQ-UEim?)A|=>dw41m#ab7gUZoh{KwekDf?6)v2ZB<DmN~4$bfIxBr#O
z2~*G!NyfHbQltk|^-zq!=~kWbP)hm)k~Hn3qR1$x^zw12hgF~U!P-ShGqp=6V3m%M
zr*9W0Nt@1n<}~$*dDLmriFfH$<76q@Pb|4Vq&kegp`IfXy}_N&NXHgOj65S9pTUfb
zGtqN*dB%Fs{&)D)uFU<HYN)5COEH8Ebabk6FsCZzxNPq9Xj;+$PnoW=2jd7&Nyqe-
zXmHB*>2!o$ruz5;vF*~7=}xad<v7yQLu$~Yc-aJ)vYyO2OWR*Dx)`I>`W=_w^bSi+
zH@(9QbpEh5y~7-iKzElT><f6DhrFtT*zV+dq$H`?>-VYl?toe&vtA)S3*Ed9w}+fT
zPk_(VJkj4FYuy1=He_=vBm;5qYM0Ga9&MR}HjUSt4tk#_5a9l1N~Nap(`BOX5z{#p
z0GT_Pk3r^0pgr8tp$jPB_xOmfm^8n^<q46oiG)dq*UPvcpD+m!zr|?8IepxEa(Y8V
zf^p>ZM!iZle$&S>ppOS#?~VFx)a5k#2O8w*yNEObL6t0ioo>Z<P?cS(#$1DyY|p;a
z?+SZW*{S&Gii4~xyne++cl9;D?Dwg%$G{~({ssL`H595N{Y7bs3k3G0_hX00tFmtO
z2R#QpzL@?h&O^#Uk`z#aF}aa=%^ml%Lg98+FGomKf=;)CIJKI`?+Ycm(|cIuYiOI9
zk}BSys<=oyR3BOQ`h%M4s*_vQmBg$O>4o?<ral4!oCZXfJYLNcFNG^%FznMjL<=1b
zog&#j>gxfICL1D&?#eaQ`)l;l_y(BHU!nW6A<Yo(^oKO4U5Zolc0;cS^WAEf$(nLV
z4awDY^&z?X5tkhBhdiV)idR;G2kA6fUAHPE*OJ78p2Mnd8Ou-d5+|@T?A1I0ud2Vv
z>F@{TLu&UCf6x`<Kr5V7E~g2x^=G>(b5C8bpUz+L8Fwesa+cXflT-0}*+!F%3R>1(
zoxS^a@0NpVDC}js27Y}tD|>vht@|TvX4$TIy@~puGpufvLvH#G$gLb!<)EsCgFcn-
zWQR1x=TwQ2+opun<}RliATnG*JE*#qjeAc>-5{%an(Xu{p?KpJVmDb-G8a~l8YZ|I
ztSzapk8R5l(eNyE*zwKqu9alvMu(z$Pz{2v?c~Es&_g)LHPxXSIjDB1LE@me<aV{g
zA5>)}6!IMO8TZrNN=VVPVC}LEGC@y!SYxlilKL~Y-{AMlor<qpR};-Ihkaz|%C)i1
zt$xI{EWY2Qy5vq$w&qrRR5fW%s*JJBvG%fI$tqC255RsOZI9-c^+EcGD$^N7e|=gV
zVtOXmR);oJ>m@rCUk%+$Ijj<X>OqCR++$lMnqMZ;b7(-dtFGEb=ZwyP$E%XT9D8e4
zO*@gB!J6v2RkRmeewFoEr=mICGPeMROx$jHe44`%S1_O7x6<R&<XSp^vMya#C(CxX
zDl6?CuSe@9^<wnN>Zr(Ut&^Z#gqtTMyVO8Xbt;<bS|KYwm)xmPQyo-0{fF5bSVis#
zYvEwLj{Xiltm@!!RM%NU$rUAWi8W<5OarYLRXI|2Q2pz$CrGRonR^}lT^||9VXb53
zs&y-=GKT{$I^o+JcXB_4c>r4hu(_?7I*dm=F3rvNs!}c9mjF<GPQQ!mV@T_!{PlUh
z5I_@O6Eyo=&HC(1JKf+HY%%ON(J7jDTBq_?)NKv$`8JQNm)YFetb4Q%H16502dFy`
z0t)lUTucPu@j0}h;#AwIPHW0R?4vJ6ntd)i^Br_QWUPek^Ne$hjVq09!h}?BM;)z*
zi@6c{p@Mc**J{;86eh_+(jlRb57JJ)zpJm22yc(8+Oo!#-mlX46^;9)%(lf%!9Kc1
zvd0`E-AU1XFvFf?LRLe0v>=%%=#uKtk`?TAakXoO%=$^D<I>^iR6IVz{I5FwK9}rw
zI>W(WeEX2=6`L4R?Gq>0UkN!?pNnMhdk+)eD6QY=@;D9qJR`inV*XZ8H{rx9i_hP!
zD)D(@YJ+_-dKRba={`*fYFtx^d!pyxN4nd<fbNq!I;qcYaN}?vk#oEl>|txny@~Gy
z<8MXSl4hga;R%McBryhvL5sDU%Y(PPQJ)-mSsh;g5r;ki0qpSlkMOeN$_`+g*Y7-J
zh*7(kJ~~vNi|yO8H>q?i(X~aAKbzRD*sxCC$8)Jk9U5x~n^N?4@cL-MZdRiv{pE!{
zzF%Y9cihL<_(pp|<>B=xp?EW6?O<ay-VTSuryg-QxE-LqZO8@aZP1s@33|aP^>vQE
z=VjanHOM`IxlNxU*}LnoQ<FQ@&UQ5zl0#vqTUJ6cH8Fh29vdWj|9HEpaaTk1ScgY*
z%MD6c^E=pLuGSt5tIPN}3o-p>a?%wq`MoYXl>szT{fmo$ja#}p3WYoQ{y6DxwbLK$
zX37>+<Ld|7e|lkt7BfDFssBX!nuX*2;PcDOtn<D1Ael8os!xA^K;&rX>sSTp<~I=^
zA7JfaVq)3Z2S0t2miUI!;n38O!CvsapP+G_O3&A|cWb(DMdl;k53%u~=ie0OFGS*`
zOb?iS!1j3knvMIabc5JnXJd=Nn0<=1KOrC08$QU{dw({U*V8e`Hx**`KRzUM<H|j(
zq|+Jc_b14h?VQFpX1;hnW3AY4JC~~-7c1W%<YzVH*ejU0mjZlP?M@hfF?&P}EFE9;
zoQJ(TkWijs{3h6e*!<38x!=>S#@-n+I=gZ(p<Lsb)fqC`=<9RCdscmTgydRFS9O<s
zm_DrOP^@d)*R7B(U8~nC>y@=m^0?M%>2TGrUnXysYnfxDPpB){!hub+E2xjXLgxO+
zvSqP#lF#q+I2CX5z5<=+^d)qBu5-}WL2-SL%^PYLjZDl>cPwbWO&uPux`oZtsU~P@
zM?=%s(GCaoe<|-yk1y6g-0sKD7gGCd=&1ygVTdQ=-Y^{yJE5Dzg!dHm<(`8N#za3e
zp<j)5#AuM|JZ+%l?|r8=o!Yk)20eacPG;Lg#sg0DfSazl?05HTU!ig)KJft&h^&$j
zsg9qOtrz}tzB@3rNh#0Q-pXR}rtH+|5dQ!DKB8w;ntJg1nK_nnoP1LHcbyw91t9i_
zJ$m@WDhVcf;2FSAMeN*e-%Xy!ej}nzQ@gaPPO2GW?~7Om#Nw(f7X0CT5l_eBy68<v
zx3Yjbk4w>%s<m9cs3kNOi?ib(AZN4k>bAGqs}5{$q~9JS#yv>SF(<_BqIC6%ag?qh
zA<jnWS`y<Zoh>2GPU#LL#!<SqYzguTpe{(-K>GtS^l;T-zgO!d3QY8t=r50d<dH{Q
z?ZiObTElq;HD}eX#zuCC-x&8GEyrYxvokt#LL8$jwMyun3)FS7`b2h0c!<!bEd1V1
z2}JT-=Bugi(;}fH9=C?X^|mDRja5IR{$fEaZXNqzLPB&YP{-IK`Y8#K5}>X<#5NEj
z66(!BU4RpeNob>W4h5Z6mQ|F+n1mDYxYZv-FNMW<SZpoA;@0wL>E!(JlCk2zoHnyf
z$P$pX4G@Y=D7NRL*qVpp*4dK<f&8|z+B}q77oz-ab9DA(!Fb-7DKM)o$JTdKM1b%t
z&qKMEi*lC<<@Q-9x8|UH_54Y}B*E04H7;6!%DW42_suNac_SMOujHUaD@38I0NM6@
zG*kdB6~N<GiJt2-hK15Rl)8#gYA-~owE(5Tl4$XyIUwX`A^)|kfYc`1DwpJ8$<16W
zx{-%@*Yi<$r2yI1LPYNbPz6kKzQ(Xnn1jM+bEC5+v&W@?XsayBLD7|5<hk;YZOun?
zIk4?6KweAo<^Wf60aqR{Ee#3bvZW?0aLvO4dkGd;=VHOz=0HqN1riE`Vq}j2l}l%1
z>CFNxyite+*Js156`{aohRHq$S=JJa*8{KD1JCd>jA0=!3whQY<gLyL2&CSwStzpR
zplEe|fc0M<imkaQUd{TiGFwFUO%rS?u%`pK#d#)%MIec$Y*{WAxXQ4=UWx_Q1y~@I
zz#ITbd-`JSnUCx!P+2n@H8;$Vug^i*m14}(=Ayt=0+W3nvaF?O^8j8C;9AGZP6+e*
zS&jlLpNQ8lG0f^`j1zK1<g6AgRL}l4D=JO`mCFmT{CXCaT**ecmV<e&StzudkZmo3
z<w;=clfawnIKS&zNpVOB3neC$xJ)Rq&q9ec2PLb`0b!1WIo~L>6%d`SE<p9oSy+6-
zgay}gG3QDi^0a(pxe74;H1N}>fdlJ#{~5x9S%O(8MlR8VRkN|`W<HkRD8QZ93$aL>
zjWSme^6h41S?2%|z#IX-Ncot6oB6<v0^oWfpv_K7&xxl`OUp_VFS7WAI3$Dxvk3Fs
zxnq@g&&J(1b5VOE50%&Ru}CXGk*g3U`)p)ci!d?-Tpj{;*E1f*Fl%!Oa>s$n6|=G8
zW+AF?%tqyvB9v=p%y-R!$zF^s>s-js18bfK`ZynBSePqe?%x(g3rSyRiO8}R09Syr
zE5HPyuggQ-^(-vEl8s_52l=j9$g-Pgx_kw=!FeW!jXcVh=cB?}jS8V0i58FP{ut4H
zYM1g*YR^Tf)r8X3+%7SloUA0eqvfK=WkQ~P7P7552#f=t90$7YVPzV_Ws4-_3l%~Z
zFC$_CDtl(5$66^^Z_XDgZ!8eXua^q*uapTUtz5`*EfnxQpz?db2<K-EmsQO|v8xQl
z)>0G;CCE37+p?Nm%(Itcp0y0~gc2|-VMxCt8-><V6bdECG32W>i7>eqzy<*eL;;&N
za64iMmn|kXp-Lb&j^vvp?WmoN+MA1o${TkG<=16lzE&v|xt0hf`<+6TwN_}51RRtE
zbZy{zdULUW8+Rnd6Fp6i1B_vzP(opUZop&%D&+#mH*>Jy#w^UeZlbo`<jSLZYAX`(
zaFKwUdi@i^1;EW5;KnTAy2)Vo6Z4fV%|nT>429AB$=vZ-W7&bMHpwPhNSiGJKyA{t
ztVuBdrjs|bu=Gkk7Q6CLXwOBq)r7uA0bgnq(6f=Z&z_qUhlFt19VVEq#V|ix5Y3y6
z&%p<XK2{W<!c~9@JJH=dRIDzI&Yvt9FCH@osD0IPVc9Rhw_m^w-PReyoTldi0bhF{
zPGbxUvqa1i=ICvUibT$fO;~&*3uRh9=D1k9pa}T5BH*D-+-BX#0<?U<l?x=Lmo1c#
zD=dY`_0KE-l{OP>H>yyoRl{sw4wH2mMw|j>xdaSu;<m*Q7Ur8U-&%nAt;JFE<m^CU
zTY-(ui@7MWno!i5A7FE)33;tK`WR($vF5=1tbirY3aHr3`(auf62jE?(DISrI%|^p
z4X!-o@jkUYC&2TZfQNWKW0=;#HH*&MdfD;|0(>tBc*an+F^<jW1t_-W6Mrlko6m3L
z!S+=FPkmLuRbG}cEKvRe*NYNV*yp0cT8xTklk~!xgXljA2)rV|Li{9C7ED?etw%yU
zryYMqz_M4T(<a1|`OX-gmxFm)77AU=4w|nDc;srF));2~X$clTo#dZVIp?Fununrb
zet@;hj0$@ZDy*|n5lq(i97O(Ez?$#JbvYr-Y49TfUwS<$?t21iuXCLzy3#7PRnE@B
zY~IIh;{rV60$R4}dGcuZjd20Ct*orXFdN$m`G^l>2n%yfnCr^JTzf9&t|s$aKJOnB
zA~yv5@`ivBo-Z*h(lKR>6XuyPPcu>9XPz|&^H$H9r1H}w<hht$lr14X&0>@Yr7+HI
zBf6cxu?V)PfS<f8KyJ|OZ(<x>GxY2J|6G*2icxN#gL11G<*&`36c*)Skv0#DTqRg!
zpNmD-Vk~-l{-jWtg+gly3g6BNRGPD3cFm=8|Hzbp@?Q%0Vgn!JhOkhagJRcQ6kCf?
z{C0kT@hGM|gvxwW-Y7$*R*Fj30#sV(qf#irJR49}DkAr7W|sqc+qAhDc|$<fF9etx
zd07cz5lE)d^Zi1=`^J0;VV=(z$McQ-MnK71@qCG4md_X`EXczG>pU!YHqiqSD)LZq
zqYxDu(SL61gY#_6ADKOUokV@uVw70tpoH-X2o^IeU0JAgXG6X+7qV6i*)<2U)eQOB
zvgm@zc{Zw#*14E#m}`WEd042;#zI#i7Fr9ikd<K*?km83*XLr_m14}bmL%p`T!6(I
zoA(ymbFtWJ!s69*Y>x?bb5Pfnj~aIY?$nmxPFE%Fw92?sC`W8G+W?`i0Cid(7T620
zz?zQ*tLH}NOcsq7j^(!rYv*8XS1#(@d8pCuK#glLYOEEg5$2;JT0U7iK7Xu)@c8gN
zeE38zw)N&=eOEp#GnGl!ht@e{jW{_gkkckq7ND|ALYX@Y#db4_twkt)nt4t_xe4XM
z9L$}ZGhQ@S7$|7Vw@|&lN!D{^Xb6gMghY6^>-M}5#nu882l@KCCJ$x8qC{W9BHDCc
zlj@MW5Rpej_&+XUcssWPhA`{@0+ibGQEJUYX)Eu4GB$7Iqg=~FxhogtRujrw=SP`6
zEkKbqpW0JuYwUTDM@86P6d^b1b}Km!3E{HZJe1kXP-ZPf+1qsf9V2Z@+#AS8xhoIl
z_E`CoOfU0LV$Vg1)r68(?mM@N7FriqF2=tiLV8}rbEMokIhdp6A=_@EeuObi5CzaZ
zhN3KL<FZ{MdY%;V>XRbgY~ntpCILzDtPc4ovFDMs9T^*Am1K_An4RzWI}zXhI}ugQ
z+!sm+6Q0bUF~$pXaxrH~vR4RX7zg8QE}M-Cdm$>U1*m9^&t+8aT(ePWFGQua0F|wa
zq6;U>#utpu3&eec_+AZ@cM-~6vr%p@M7gy9<xkI_WaZDnVwV|<?L}B@ovqKYW0hq&
zDAP=Aezxbp{FaFJx5U`IX$%Vh=Fs^iH(`DWzAw@{MMr-tqULRp?pc!G6K{+7oFUA8
zFWVf0KSuIq0r<b)7V(?6MHJp<v{&91k@GtdOL@5HcOuGv7f&bQg@*Lp@*I>~i%=e%
zKUor(+eY}3`ri9H5$kV?*l?R6*E5@tD<HR>`080O1?gUrh0QCuC|sRm%O&&M5<utk
z>vu$i-xU$K&5-IHu@&>OG0*xU<_V)9^C%lzIViGbqo|myyyDy2#yw<qOCj*uP9|6V
z-_@NGuI-dCzEeW9O~9KwB>?>6n82D<t5zQI_#8^7Yn`<&(Cvb)dlx;It-mF?x+}iV
zFWxVqL6GRaWbB<Yy-P=e$v}7GfP@}MXfecHdqBb%B#ap1-h4nptsuc|h@1VOgh@z$
zzK7_~_YnR09-=?rL-gl+hydil*1b&$sr*2)y*r@d88LQ1d7r8^YFZF@PO^3LZ(ber
zOulbN(BHX_zXx9hTle-IVIRFZfHA>G2$y}1kS`GQ__Pk>OSW#iJE$tIee}4;PF2GM
zY~9VlASs3wh<gbqQpjHQNHhI9_(e{$({ot$#ZD>jQ8cGp4dKT;^?oJjYwiNvf~|W;
zQ0b%$a7D0n@Amr+IvPX!^pmu?f~~u`%jsz1=TSX=AIVJHk(XubcI;M_!)mMQ3<pD=
z!zw+Z{RP3+y^EdCV!)2=?^X}1US4s0jn`zaKiEl65*SWYf1Rg&gq>q^0smF685N^m
zx4$<?xk)9k-@c<BSSQ-L_tFbD9Ia}n;_=aQMq0d|cB(!#=yC4k-StrepT-d3(dcvS
z^E{$rHR*+*;#9XO&O?qCHK+p1xkOso5n+Cu<a5)sK=18u8|zLU5H!?eyJNqPlyC^2
zh{v`lAvf0Ya`yY${b8SLx8JFFSz%|0eB<9}#1v##6Y#EN>n6|l@e^o|7+cM?^Obl%
z@Ari~2YsrG1ZmxJa~!sA$6mir-A4}~0UL-6!T~SSk*|xkZv7;LV>|n(J%mBnx|=+#
z?YlHJrs?Nm@kE;c2G*kFQ-?o{>ow2#@q}9Mq9>ewYS7&sL~Ar)6PJ<kyyR)U%)M%t
zhUa-MJx5=hbF0Vc-tO-VD5O`n#9GP5<1e#`9Cj$)kS>Tj;##%KXY(pfwbA85iD>I)
z>P^I>Yd1)&s=56x#_peWiPO+-QdW0Bb?gf53%9e=Y_ITowyGh`A5?KCZ`nr<tHBPh
z{|IZ`4{5EMRK@G{JMm0>ob6QkAZw!E&KAaNwNuqt+;hByX+{BG(PgA+PB*?D*AA)?
zPsSy-*RKJOOdBo0pdpT^xi0PJ2`^7bqpAacg5K{6?eO^M(0Ad}@s>2YT&(86UR_SD
zs^aPfJ~~a8bv=8Qw_v+hRf71kUTR|?p!!@`PONsfriOUmK9y1jw)y>D;OI1)0_<RY
z!K6mC)E++#zL{8HB@p5YfJ)LsDb39N9?i{q;%w4r0S4kadjxpJPzP4yhs1=BV06I+
ziL7;P=*e<$CTz%bIzH_4AMsIJvcjml^tj?mu3!5!e}IfHb`Q{M(i*O~q$)4zlBCu6
zFEN|V&T#@?LSm76e|#)?{B{CDOedSv4hLD=05!3miO-L^?frY5ca!R693C^sMIX4|
zj@yprF6S;^haa%=w#85T{Z=63v6Cngl~r%Ne!D{UU|7W+JkMT5H|dW~({sIb8)LS@
zMs?r?(&suU*VQ+9iF;UqSit#H@pDV{Q(~)|i6Kv%KTC94IwBZx3AM|ls=8ga=snmS
z($r2y_4$NZh)HdaK8p7EUF-swQQb!{$m~MW2-e&BorIZ}O}w8V?WHVt`~8Q)0pN@=
zHy``|r=c#SKOaogVO&gEqTc(}3FC;GFdLb>0`wsNnpLanTwX7JpVg{)w<`fH98|aS
z%LxCC#IcI$J{CO+2xMiqYTo-iK`pF!_xp}`d@kUP?EOCWMS&|e#CLeSbjBIT-luA5
zlUIv7Rc$*xXs_AW7m~P=ZC8Vx9-pGAdK3nwT_GOu2Y09nsjH2h(nTQa-mn_%wyD7m
zA~l~=-R=+5)5~k7bKm8{dP6Mp4tKeLJZYz@F*UGzI@QL|4v$wQPp}G2o{-Y+RT=Sa
zPkT@ab`$Z3@PxE0_U+X^GRRw0#f6BpE7YX6hYuc9gL*AL+}ygidH0&tRODztNDDgM
zL0}U))lO%in^?h4wX@TISj86d6jC+71czh0gI_!3jDOf%4TmG7x#%fwhsW39cevD$
z7W8*Jyq=H-+_$}T|6cp9J<Y4E7FJ>@I)bVSl%bQ4rg8-NNd63|jnCN`z&g+m*)=uT
ziS_Ykhl;ImgjBbqgZ7()uq=hc>GySb4u*rO!>0s;{v!@0c<?Z=hUL^h{ANk2@31H6
z=U>=a6Da&XwacS9_!oXl;843%XIM*0m=A}O1c7C6gtVY59Dow=tn3V}JmT@KbOyDR
zZdD1a^sZXDY9()VQaU?Hnu&scvt}gONPDO=fIt8Km-v0>VfnR=>$h*~e`!VEYZUmO
z*1TKR59X#mej5ubLXVyY?7e%+bFj6G`1fq(pqQ1Eex0XJzQfW@N$Ica>F=h_e}ktt
zKuDP$<>?klNXdV+f~Ai%q|QIi)8)q0`DgkKR%C9!UcRLQ8Ox7W;=il>8$7>lpOEpK
z@|&ElZ3eoVoGvm0-FuvFat69A-aoQEGo4xQ#~JAUy}z0C)56nx)}>Bw(9@l%(`|aa
zU8&O#EMVzlJUw~0yp88KA55J;z|-44ojSco&)=J-eWkoVdsCO+$MZ*@NS!~z(?^b_
zP9M?x_sPuqFJI2A|9zML`}Du>sl@a7X?15Ymy?(zzX$%m)wd7)Yf6;F<b$jpeSh)6
z>Jw;_{zLV)y^4hVeFy$?<)GhZH_5-FZ74~t57C8uylod!>gxxsW69#w@~P$e((nQ0
zmyTwP>wP3ipDg?T=g_CfeXJg~`#)HH%+CLqKJ_d~)Tajff36%#=W#trqesd1A#j}G
zfv5R=@EL9oc)0hoJe}hdr=Qa4^z`G2a*}y|+|4k5ngTIu8_(aiEHhmX=YL{3!-6z)
zw|Kj3wG4~W(2aAtUQRbV4c#QCE9Lbwr=c@*d5rS*E=WUH+sD!;csokd(7AQ_u3(s(
zhHiq(C9qUVJx_4DQBF6xB6E9B=>2>b!#Qc_B3v%D%QDM(g17fpRc3w-oUZNe%yhSS
z{US9C=ca3~-XF^{)46%ME!7MQ)6ki?{A%yc+}<u;zW~>(l639m<70}~Z+<#C^Kvb`
zKjx*O>*f5qX3)PL-rlj541;M5`y_8i>B`Ld7v<jpj@M=$AGdfrZq;NSzvFuU@^XvQ
z$(i@Bo$GUU8oGKem$4b_26(xHRhj9=csuG>WTp$~_K%mVrjheiK8|{3kc*Ae$tyCC
zk1>55%}_rJryE_7+3rqoIkzp%%&&pdjn!lxM<;kYT9##Qhl$HCuskzA@OGH*&OFW|
zyncN(nf3Gp=jUFTd7QhszVuelFwby)ww0ONJEGTb2Du#I{GQ=@nl(+WxINJM%`kr3
zI9&s$%S%Jo!s(`JGV4nz@3+1g=KVG<zgu;w$FJTFGuM{`)tT!jbGh8)auL&vHwz!X
zP1Tv{BD{WHPA8?I8{~2sNK>xv6Gb_{k8-+n`%67sevi)3j=*O!)9L)$IKS&N@H6*i
zrqlV2aJrXf;5Rx0ozAa|_eaGH{Zadw%yc@x1}^6)w`<ku%GLc}PPZ@(o$d$Q?#}Et
zmGbsJ&d1TLbmNG(H*$As|4%QskJHIB*eh_kyjhjG+#Y=#-Ick$rF#ADO5I+aPG2|F
z*JU1;qr5*RW}q9<{if>7b{xDvN~$xr_W+km?_HVg-w1C<%Uv_fzr25=wVCa63$I^G
zP3Cf^czZ|g%Ivr6>#m8a%>2fWXQtEbX@Kj&;0)`E9xlHTJ|E?zn+G|+vAWFtVdM21
z=X$>^jb2^lbfYu$o4)=$QJdL6(ATTAGtB2FbiGg04!wS3`g*lC^ZeGu^}tk{xxGD{
zU(fQ?>j0f@g40db&Y-8dzgsoK`bgg&T#;FRvTk>mW|qrUPG?%0x!=Zgx*68{ExMj^
zev8x03;MoA(~8XcXX5gE=B~{8T+he3T%CHH>+P-O`qH&D^ZG;IKM7Q2Zm)&YU7bOG
zQ7%7gb>?<hxLj`3Wu`On_Fh|-xgA$|{oHk#>o=(Ht1QcG*IIbF^>=5MGdMr<U8(0m
zozBALQnEC2duzE|HqA7D@N%uSnfbNxc04!3yx*tWtLn^hk$JgSS7cuQx_LVWmuI$X
zz52YhbcX#6Uhat**1u8C4|iqOXYldSw<7aCNIjQJbcS}caQ%C(CbOOfINi17nfoKc
z+tDzC9e3;dFEyF_qm9e2t1h#jIH=o~8T^eX=NGNZtS?iXZgK`cVuaI8EKS`GeH`7=
z_lLNi?nq;Iqg*ayGsv%A_pf+67Nskf?<4irrQYY#=_Wb9Hr^j)>HJuIyv?BZeZ0N3
zOEc?fDVN{)4C`NgU%h??dr+$Tb<5J#kFVc&dv8=_wnMjgdmpb(y)O{+4>%ooJ1Wx1
zZ;+QeI75G!IbFlj%>4BC1McOS$8R5(OV<qk-yo-R&0xnTcz=vkXI{_r>UQ_8%=6Jz
zt}lT!`^q}q6sH@k%}i(F{qf`s>$hIr-$=Vp!{EecGSlhh*6V&}Rc3x;Pi3Zy`9qxF
z?iH!^RHu_UUBL|gOBa`4&(hTU*)jdo_ibnJH}v;f&&@E7CiQ*M<ulN6ey`6kA2slP
zyIPmoZUl6HDDC@{f8TpReV*3+1XI#^0NwA?{bJpp)z{bhzJl(ze9-EY#?B=rork#h
zKj*#YWH~bPO?v;^*2?NJ*7^a@6DW!8k1GGZ_rZPh66+`5`#<PC`2X%dGd){D?=>X&
zND1iuDm^8@6Z3$2t3>(=SIdFjR*C2p?yLa3gx+xf9>MQc0)1AA;+vJgs8vF=lD_L_
zJeL5!xf8fb;thA~5&YV6;7zMU@r~txd99RiUmn4KS_@d#N)#Vn2kc%eQPkD}?zIwn
z)&Zy216^w+jI0N~RnMM{cj6H|)DA?}N))@Cz%`QB3DmfN*Vjt0xPa&R^Oy_Rt^!kQ
zrGz{02)@_>6s(gd{y!anyiTH6bP%wtlVCmw)VqPEbrKrf>@GX<Y`oKs;DS#9fprqa
zhdvE_k<fe^nAOYbVD1Gz&z~c`z@0}~eT;Y95&Xgv!0<YW;&+|^#@0y`-+BTVUne2@
z1Tb)n@fkS=-0>vnxBAAr><Auz3b?gSqImWxKwd9V{Kiv&b-je~r+}BA2AasT;l4V8
z-~30wwO*q5$A1K#TrVZu5l3+05HPr2qPTVlxV~PZxOWJ+xn81pa0oEhOB6pj1k~0`
z6i*HTo9d;6JL3oreg&}COB9Qr2YTwIg!|wK4!;b1v0kFs@(ti>y#(7gfU?U>p7Lej
zlb4xH`Yr>%=g$duz8UU=Be>{Q;8wjv(ef%#agRjt!><A>?vY@773jSNY`RB6-!<US
zIM8;FlyIjT!8cw5dhU@Z{_!;+a*vd7PaDC7?*LcsktqJRcYx?U5+>gPe*7+g4HBa7
z0vjNpVuO@$*BZgkiURB#B#L)Q0^A#<ggem){&cp0CpSnG|82H_(G3#C#YF<fH%Jse
zR3zXA;cvL(jNpgM1Yn~?akxxC?M8{>WSM~ajS|KF1_5mwC5$u(nAgbeO_Cc0e3CyK
z?=U0yq3r^m+$d3ec)Ng+jS|Hp+XY<ND4}P&fDi8waDAf$+YSN0_>h3;MhVdm37B`U
zKy8$KuYl9{vOA+j?iI*9N6R8O)+*3`C-{+lJbs^m&+lXOk$nQb&z~pv37BtZ&kc3~
zmHXMV@oqGNPu?e>V3S1g>H7r8n<PZ;6VP%$E6aAjfKMFY?L8piuODE1jQ6Jz9Dh)N
zWs^kl`wt3e+9YA}K>@vg!T9w3g@BhIV)Ww=3HW)N0Q)8>;m$OId)o!LH%SzSoC10`
zNeOqN5$roJ;H6Cx#dGHcyiRD&3n(5IsI8EP1vFd~@a86oV)&8(Y?jb-Nx<DBtUi_z
z0c*a@o*TX_An#cL=FL*VeP{%mo)u8FS)v$tRzUq`iQ>nf6|kG|d{)5H=QvNpooEE{
zya4xRiDK3B0v_Ki!ScL-SDt6|<IfB9PBf}lhP%-Se(nVUk<AjtYcB|RZnK2(7X;il
zDo{JtHY(spqr9(21zdZP@ic!`z=yud;*IyF5nS<-fY&!m6xEjmL`hp-5-{}=lUwv9
z0q4h<PL7NTu)NIT37&je0JcaNd0D`l|0KY)MM}6wjbPs^0;;x16kmQtK>Zde;l4D2
zEw2i&ZILK;y(+-9MWXn{R|Pz}MM}6cjbQkj0-oF=QGD#10tN}sZwmOsw^)B!zAfO_
z-xe@V>ho;@cYH^Hxj};b9RXe6;kx=A0sF=UjBb$<?j|$dWk&Fq-xc8ADp7p*y8<5F
zDpCBwYXY9!Dp7p<H35;WQo>zo1Q-6Z0P9vM;Vw3UpZUIk_qIqBpZmT5^HvG+4+MmM
z!0Yw{0WVDmnA{>^Y(k*-wh>)5-rq*>k3SY5Z<S#AZvqN`BH+EP63jml@PkQ~cXCp|
znxFFV{!;;u{ws^``BwoIKjZrOGXanNjM4OwIQ|^{nSiHmFugL~w?^>d&jnoBDpCB#
z&jn0ul_*~Mxqzvy62^ZnVD%e(9K9i6;0;!1;~irJZNCsu+9*-%_=SKKjS|JdUkKRL
zC{Y~d@y2_`2!3cvfUQxY*fu4=)hJQypAw)oN)*rVc;nq_1i$<%0fP+^#e04&V5~tx
z!><Lr_NIWz1__gI3V7)^0>&GpgnP;ew!I~wmz4FEfWvPI_+q0(ar7+#!;KQfmw5cx
zTLPM*tnJ3T<Op8-lYmVP62<xN39u3Ud{4m9+XCKfkmy_RI#GnTL4rjTF(ry{HAskx
zA{J+f0ka28_{^qdiFjd_h>C3z#%76FUm{{)8}Wffyu3ifwQUl{7l_!uNW>Va^CA)N
z-63M4Q37NUSSw;`n?%vwD8js5LZDH^51U0aY?CnAEMo315vFYt<Xs}ZvqyxT@Z2Nf
zQ}>GSZj;b=uL#F}k@j`lei4HQMD%WxFmgad{evR)6B-^AvF#xdQBv;1A|C!r5sx=W
zX!}bMUv!9wZkI6W5b=|C5huuVyNG{L`LinGM;;M2^6U}usZPeHuT#Xo_(VF!Cw(H;
z1bJD8`^O0W!y_Vkwo3{3hY@_~<07tYmni=1<02-vONf44#Hap-wWaTGL}*WnXxJ_#
z+@nRX<G6^MO%lcb<G6@|W(kqwA|Cxa5natv!W~%zw|+rHeX~T-{sj@XW{KjlFNkPs
zmeBVF5num%5vC>yeP0xD;Y+LzBVQ6R6cOpzABl+gXupU^lZ2jr5wD(N@#CjNyf`Sr
z-6UabP{iMy7tu>-&WpJJ0;6xcAmU?}c>E<1Pkfo_Pv4hCta(nPW4z%x5x?ip#{0$y
zu6$m^OHC5R`(F?-PI$f`(!0?Jjq#2&g5j4$Sehh?#s5V_Q<Fq-1Aiu1@^ujhNZzlD
zxbm`y8_g2NUlvh)O~ln^36^UjroJn}yhB3tyCTHzF`1aZC*t|*te#`nMT93r+#)ic
z5b>iQi*%lv{IQ77{Y=C#>6f302)`kskI=j!;&;Dbd@v<q_HP)y`8OhR`JG?J`@aZ&
zEh=Kg4vFHsQ4uXWB$$6IqVBgM4(yO%`K^ea--^s`|5n83-xl%E4hbjT7E$p#5s@7d
z#XUDg+}t6-c2mUhn_S0kinwr-<sG>xBLDYH#|nNgqT%<f4g`z;Afjrggpxmq_~ai%
ztk@}`_YWehe-u%_Q=)kP9~qy=|0v=g`E%rtB7Vr9U;m>B^DXvFu$n*D-V$Ns&jeNe
z?7k)9>MbT`g12})!Gd?#Gr|4uuzDVNN5s$g^Nn{zJo>JPrkxVS$h$0_;5Yg6>+g!F
zc~69Qr-a(~M7Z8#I!Q3Xp9kI((fq!MM|VmXe_zCF?~CZ$DIxkkyJPLdPKjdSZ4oDS
zNEDayXM!8}Gr_=Z5fwWnioLf*xOPf^-Z%MQ@+Z)9SEWEta=Zw@k|I7g3uxhgW8$e4
z95-$4>h$V=P;zt4sya)Jtp9Ds%{BY&J66`$$RSPfxfHM8r*5w4Rzo#gw-n}WQbHlM
zv)$V*cXfJwq0Kenpl?IS=~g?H(8^AaGw2WbJG7Nff9D1z)LD0URgK)K_&gnINWZCu
zl}1?It@GManD^&SPWrLGO>%1hr%k8Lr%O)*FiZ6P>&U6mQ;;QkwjgqP@brPR^ut-I
zBVCcc$cc!2vi@Yl$(ED0lW3Em2|!EaKqL@hsUwlm$arKT5{=x7m`|3Tw4AIz893Q>
zvhU=HlOrcbPexDPI$7E;_c!#n^t<~5{eAr>`bYc6`pu_GPgzdYpR%1ga4K-B>r~&V
z6Q@XB#!pS0ik`Z4$~;gyU>T?%unim-2n=)$^bMRC7#SEHhz^vVwwxY4J$8EPbnTh?
zGm$fcXU5K4J!3j6pRGOXKHGEFG-w{IAM6_J9h@4B4w}!Eo|Dhjp0k{*Ki6=s<(%!@
zfpcx=0_VEUoj4acH+Jsoxv6u}bLOGaq57eQp|&CSQ14LR(8$o}(8SQ>5YC&<*PgeW
zx1B$5zUzF?`N;Xf^H<N0pO2oub-r|19&Q+J8Fmi`hWmz3437?v4NneF4Vx~QFIX<r
zUpR1~?LyCm-V1{lMlOtBn7DB30xrrIYcIB3v|S8b?7Dd3V&vl3#j6*mE=Dh!FO^=Z
zztnK4?UMUa@1?#=BbP=mO<bD11Rx+`fF8~=MQS6Kh%Is;(iQ26L?VNctC4Xk_tKLx
z?IHKc0G0db$+44@C#O!D`px~8{`&p{{cZg{{k{Ez{UiP3{S*DS`f*A=ReP%Cl#R;%
z#Hq-su~S!1O`VETxz`Ug473fn2YLtksLUq@CaLDsp0=E}oj!27>vYd)qAOQVkDrd7
zzID3vjC`iyOv@SfnZTL8GbhfBo*6qcd1mU2>8$yz<!t@g183XL_MGiKJ9u{F?D*M<
zv$xJ-P#&xuY#Fo-1_rwZPYgx|#|E#)`it~b+d22S-gABDM$V0%n>aUl4nwA)+9Au3
zZRo&I*HF(;WN2{c>d^R5bm-Pl>3R8l!}*r;?(>23edkY{A3Z;Ie)9a(dDF0Y*fLx{
zd|<e3xM#R`cyM@Rczk$b_|`Bk$QNoav|O-V2wdp8aN<Jb!q|nY7p5*mFPJZuUaY^^
zaIx*8`(p3KzKbIlM=wrXoV<ujrc1S#ESGGT4qWQG)N?6vY4Fn3OXHWKmu_7`kAwkY
zQzLSuA<`0YM*?(gj7G*HlaZ;2>7<#CivuUyPWGJaJvn%C<mC9tiIcZZqF?T>?QiL~
z^#}U9`cL#n`p5dO_D}Uk>G-HW)o`lql>1cgsXjV3CQePB!hmU@cECc%Mb|*jKxANW
zAUZ%sHW}A4?W6kB?$bS|Cr+Ern9tOoX*tt%ruWRBZQ%dDzyB8i0RR6100960|3%)6
H0Fna$bE`H>

literal 0
HcmV?d00001

diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/composer.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/composer.py
new file mode 100644
index 000000000..6d15cb40e
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/composer.py
@@ -0,0 +1,139 @@
+
+__all__ = ['Composer', 'ComposerError']
+
+from .error import MarkedYAMLError
+from .events import *
+from .nodes import *
+
+class ComposerError(MarkedYAMLError):
+    pass
+
+class Composer:
+
+    def __init__(self):
+        self.anchors = {}
+
+    def check_node(self):
+        # Drop the STREAM-START event.
+        if self.check_event(StreamStartEvent):
+            self.get_event()
+
+        # If there are more documents available?
+        return not self.check_event(StreamEndEvent)
+
+    def get_node(self):
+        # Get the root node of the next document.
+        if not self.check_event(StreamEndEvent):
+            return self.compose_document()
+
+    def get_single_node(self):
+        # Drop the STREAM-START event.
+        self.get_event()
+
+        # Compose a document if the stream is not empty.
+        document = None
+        if not self.check_event(StreamEndEvent):
+            document = self.compose_document()
+
+        # Ensure that the stream contains no more documents.
+        if not self.check_event(StreamEndEvent):
+            event = self.get_event()
+            raise ComposerError("expected a single document in the stream",
+                    document.start_mark, "but found another document",
+                    event.start_mark)
+
+        # Drop the STREAM-END event.
+        self.get_event()
+
+        return document
+
+    def compose_document(self):
+        # Drop the DOCUMENT-START event.
+        self.get_event()
+
+        # Compose the root node.
+        node = self.compose_node(None, None)
+
+        # Drop the DOCUMENT-END event.
+        self.get_event()
+
+        self.anchors = {}
+        return node
+
+    def compose_node(self, parent, index):
+        if self.check_event(AliasEvent):
+            event = self.get_event()
+            anchor = event.anchor
+            if anchor not in self.anchors:
+                raise ComposerError(None, None, "found undefined alias %r"
+                        % anchor, event.start_mark)
+            return self.anchors[anchor]
+        event = self.peek_event()
+        anchor = event.anchor
+        if anchor is not None:
+            if anchor in self.anchors:
+                raise ComposerError("found duplicate anchor %r; first occurrence"
+                        % anchor, self.anchors[anchor].start_mark,
+                        "second occurrence", event.start_mark)
+        self.descend_resolver(parent, index)
+        if self.check_event(ScalarEvent):
+            node = self.compose_scalar_node(anchor)
+        elif self.check_event(SequenceStartEvent):
+            node = self.compose_sequence_node(anchor)
+        elif self.check_event(MappingStartEvent):
+            node = self.compose_mapping_node(anchor)
+        self.ascend_resolver()
+        return node
+
+    def compose_scalar_node(self, anchor):
+        event = self.get_event()
+        tag = event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(ScalarNode, event.value, event.implicit)
+        node = ScalarNode(tag, event.value,
+                event.start_mark, event.end_mark, style=event.style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        return node
+
+    def compose_sequence_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(SequenceNode, None, start_event.implicit)
+        node = SequenceNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        index = 0
+        while not self.check_event(SequenceEndEvent):
+            node.value.append(self.compose_node(node, index))
+            index += 1
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
+    def compose_mapping_node(self, anchor):
+        start_event = self.get_event()
+        tag = start_event.tag
+        if tag is None or tag == '!':
+            tag = self.resolve(MappingNode, None, start_event.implicit)
+        node = MappingNode(tag, [],
+                start_event.start_mark, None,
+                flow_style=start_event.flow_style)
+        if anchor is not None:
+            self.anchors[anchor] = node
+        while not self.check_event(MappingEndEvent):
+            #key_event = self.peek_event()
+            item_key = self.compose_node(node, None)
+            #if item_key in node.value:
+            #    raise ComposerError("while composing a mapping", start_event.start_mark,
+            #            "found duplicate key", key_event.start_mark)
+            item_value = self.compose_node(node, item_key)
+            #node.value[item_key] = item_value
+            node.value.append((item_key, item_value))
+        end_event = self.get_event()
+        node.end_mark = end_event.end_mark
+        return node
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/constructor.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/constructor.py
new file mode 100644
index 000000000..619acd307
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/constructor.py
@@ -0,0 +1,748 @@
+
+__all__ = [
+    'BaseConstructor',
+    'SafeConstructor',
+    'FullConstructor',
+    'UnsafeConstructor',
+    'Constructor',
+    'ConstructorError'
+]
+
+from .error import *
+from .nodes import *
+
+import collections.abc, datetime, base64, binascii, re, sys, types
+
+class ConstructorError(MarkedYAMLError):
+    pass
+
+class BaseConstructor:
+
+    yaml_constructors = {}
+    yaml_multi_constructors = {}
+
+    def __init__(self):
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.state_generators = []
+        self.deep_construct = False
+
+    def check_data(self):
+        # If there are more documents available?
+        return self.check_node()
+
+    def check_state_key(self, key):
+        """Block special attributes/methods from being set in a newly created
+        object, to prevent user-controlled methods from being called during
+        deserialization"""
+        if self.get_state_keys_blacklist_regexp().match(key):
+            raise ConstructorError(None, None,
+                "blacklisted key '%s' in instance state found" % (key,), None)
+
+    def get_data(self):
+        # Construct and return the next document.
+        if self.check_node():
+            return self.construct_document(self.get_node())
+
+    def get_single_data(self):
+        # Ensure that the stream contains a single document and construct it.
+        node = self.get_single_node()
+        if node is not None:
+            return self.construct_document(node)
+        return None
+
+    def construct_document(self, node):
+        data = self.construct_object(node)
+        while self.state_generators:
+            state_generators = self.state_generators
+            self.state_generators = []
+            for generator in state_generators:
+                for dummy in generator:
+                    pass
+        self.constructed_objects = {}
+        self.recursive_objects = {}
+        self.deep_construct = False
+        return data
+
+    def construct_object(self, node, deep=False):
+        if node in self.constructed_objects:
+            return self.constructed_objects[node]
+        if deep:
+            old_deep = self.deep_construct
+            self.deep_construct = True
+        if node in self.recursive_objects:
+            raise ConstructorError(None, None,
+                    "found unconstructable recursive node", node.start_mark)
+        self.recursive_objects[node] = None
+        constructor = None
+        tag_suffix = None
+        if node.tag in self.yaml_constructors:
+            constructor = self.yaml_constructors[node.tag]
+        else:
+            for tag_prefix in self.yaml_multi_constructors:
+                if tag_prefix is not None and node.tag.startswith(tag_prefix):
+                    tag_suffix = node.tag[len(tag_prefix):]
+                    constructor = self.yaml_multi_constructors[tag_prefix]
+                    break
+            else:
+                if None in self.yaml_multi_constructors:
+                    tag_suffix = node.tag
+                    constructor = self.yaml_multi_constructors[None]
+                elif None in self.yaml_constructors:
+                    constructor = self.yaml_constructors[None]
+                elif isinstance(node, ScalarNode):
+                    constructor = self.__class__.construct_scalar
+                elif isinstance(node, SequenceNode):
+                    constructor = self.__class__.construct_sequence
+                elif isinstance(node, MappingNode):
+                    constructor = self.__class__.construct_mapping
+        if tag_suffix is None:
+            data = constructor(self, node)
+        else:
+            data = constructor(self, tag_suffix, node)
+        if isinstance(data, types.GeneratorType):
+            generator = data
+            data = next(generator)
+            if self.deep_construct:
+                for dummy in generator:
+                    pass
+            else:
+                self.state_generators.append(generator)
+        self.constructed_objects[node] = data
+        del self.recursive_objects[node]
+        if deep:
+            self.deep_construct = old_deep
+        return data
+
+    def construct_scalar(self, node):
+        if not isinstance(node, ScalarNode):
+            raise ConstructorError(None, None,
+                    "expected a scalar node, but found %s" % node.id,
+                    node.start_mark)
+        return node.value
+
+    def construct_sequence(self, node, deep=False):
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError(None, None,
+                    "expected a sequence node, but found %s" % node.id,
+                    node.start_mark)
+        return [self.construct_object(child, deep=deep)
+                for child in node.value]
+
+    def construct_mapping(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        mapping = {}
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            if not isinstance(key, collections.abc.Hashable):
+                raise ConstructorError("while constructing a mapping", node.start_mark,
+                        "found unhashable key", key_node.start_mark)
+            value = self.construct_object(value_node, deep=deep)
+            mapping[key] = value
+        return mapping
+
+    def construct_pairs(self, node, deep=False):
+        if not isinstance(node, MappingNode):
+            raise ConstructorError(None, None,
+                    "expected a mapping node, but found %s" % node.id,
+                    node.start_mark)
+        pairs = []
+        for key_node, value_node in node.value:
+            key = self.construct_object(key_node, deep=deep)
+            value = self.construct_object(value_node, deep=deep)
+            pairs.append((key, value))
+        return pairs
+
+    @classmethod
+    def add_constructor(cls, tag, constructor):
+        if not 'yaml_constructors' in cls.__dict__:
+            cls.yaml_constructors = cls.yaml_constructors.copy()
+        cls.yaml_constructors[tag] = constructor
+
+    @classmethod
+    def add_multi_constructor(cls, tag_prefix, multi_constructor):
+        if not 'yaml_multi_constructors' in cls.__dict__:
+            cls.yaml_multi_constructors = cls.yaml_multi_constructors.copy()
+        cls.yaml_multi_constructors[tag_prefix] = multi_constructor
+
+class SafeConstructor(BaseConstructor):
+
+    def construct_scalar(self, node):
+        if isinstance(node, MappingNode):
+            for key_node, value_node in node.value:
+                if key_node.tag == 'tag:yaml.org,2002:value':
+                    return self.construct_scalar(value_node)
+        return super().construct_scalar(node)
+
+    def flatten_mapping(self, node):
+        merge = []
+        index = 0
+        while index < len(node.value):
+            key_node, value_node = node.value[index]
+            if key_node.tag == 'tag:yaml.org,2002:merge':
+                del node.value[index]
+                if isinstance(value_node, MappingNode):
+                    self.flatten_mapping(value_node)
+                    merge.extend(value_node.value)
+                elif isinstance(value_node, SequenceNode):
+                    submerge = []
+                    for subnode in value_node.value:
+                        if not isinstance(subnode, MappingNode):
+                            raise ConstructorError("while constructing a mapping",
+                                    node.start_mark,
+                                    "expected a mapping for merging, but found %s"
+                                    % subnode.id, subnode.start_mark)
+                        self.flatten_mapping(subnode)
+                        submerge.append(subnode.value)
+                    submerge.reverse()
+                    for value in submerge:
+                        merge.extend(value)
+                else:
+                    raise ConstructorError("while constructing a mapping", node.start_mark,
+                            "expected a mapping or list of mappings for merging, but found %s"
+                            % value_node.id, value_node.start_mark)
+            elif key_node.tag == 'tag:yaml.org,2002:value':
+                key_node.tag = 'tag:yaml.org,2002:str'
+                index += 1
+            else:
+                index += 1
+        if merge:
+            node.value = merge + node.value
+
+    def construct_mapping(self, node, deep=False):
+        if isinstance(node, MappingNode):
+            self.flatten_mapping(node)
+        return super().construct_mapping(node, deep=deep)
+
+    def construct_yaml_null(self, node):
+        self.construct_scalar(node)
+        return None
+
+    bool_values = {
+        'yes':      True,
+        'no':       False,
+        'true':     True,
+        'false':    False,
+        'on':       True,
+        'off':      False,
+    }
+
+    def construct_yaml_bool(self, node):
+        value = self.construct_scalar(node)
+        return self.bool_values[value.lower()]
+
+    def construct_yaml_int(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '')
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '0':
+            return 0
+        elif value.startswith('0b'):
+            return sign*int(value[2:], 2)
+        elif value.startswith('0x'):
+            return sign*int(value[2:], 16)
+        elif value[0] == '0':
+            return sign*int(value, 8)
+        elif ':' in value:
+            digits = [int(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*int(value)
+
+    inf_value = 1e300
+    while inf_value != inf_value*inf_value:
+        inf_value *= inf_value
+    nan_value = -inf_value/inf_value   # Trying to make a quiet NaN (like C99).
+
+    def construct_yaml_float(self, node):
+        value = self.construct_scalar(node)
+        value = value.replace('_', '').lower()
+        sign = +1
+        if value[0] == '-':
+            sign = -1
+        if value[0] in '+-':
+            value = value[1:]
+        if value == '.inf':
+            return sign*self.inf_value
+        elif value == '.nan':
+            return self.nan_value
+        elif ':' in value:
+            digits = [float(part) for part in value.split(':')]
+            digits.reverse()
+            base = 1
+            value = 0.0
+            for digit in digits:
+                value += digit*base
+                base *= 60
+            return sign*value
+        else:
+            return sign*float(value)
+
+    def construct_yaml_binary(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    timestamp_regexp = re.compile(
+            r'''^(?P<year>[0-9][0-9][0-9][0-9])
+                -(?P<month>[0-9][0-9]?)
+                -(?P<day>[0-9][0-9]?)
+                (?:(?:[Tt]|[ \t]+)
+                (?P<hour>[0-9][0-9]?)
+                :(?P<minute>[0-9][0-9])
+                :(?P<second>[0-9][0-9])
+                (?:\.(?P<fraction>[0-9]*))?
+                (?:[ \t]*(?P<tz>Z|(?P<tz_sign>[-+])(?P<tz_hour>[0-9][0-9]?)
+                (?::(?P<tz_minute>[0-9][0-9]))?))?)?$''', re.X)
+
+    def construct_yaml_timestamp(self, node):
+        value = self.construct_scalar(node)
+        match = self.timestamp_regexp.match(node.value)
+        values = match.groupdict()
+        year = int(values['year'])
+        month = int(values['month'])
+        day = int(values['day'])
+        if not values['hour']:
+            return datetime.date(year, month, day)
+        hour = int(values['hour'])
+        minute = int(values['minute'])
+        second = int(values['second'])
+        fraction = 0
+        tzinfo = None
+        if values['fraction']:
+            fraction = values['fraction'][:6]
+            while len(fraction) < 6:
+                fraction += '0'
+            fraction = int(fraction)
+        if values['tz_sign']:
+            tz_hour = int(values['tz_hour'])
+            tz_minute = int(values['tz_minute'] or 0)
+            delta = datetime.timedelta(hours=tz_hour, minutes=tz_minute)
+            if values['tz_sign'] == '-':
+                delta = -delta
+            tzinfo = datetime.timezone(delta)
+        elif values['tz']:
+            tzinfo = datetime.timezone.utc
+        return datetime.datetime(year, month, day, hour, minute, second, fraction,
+                                 tzinfo=tzinfo)
+
+    def construct_yaml_omap(self, node):
+        # Note: we do not check for duplicate keys, because it's too
+        # CPU-expensive.
+        omap = []
+        yield omap
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing an ordered map", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing an ordered map", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            omap.append((key, value))
+
+    def construct_yaml_pairs(self, node):
+        # Note: the same code as `construct_yaml_omap`.
+        pairs = []
+        yield pairs
+        if not isinstance(node, SequenceNode):
+            raise ConstructorError("while constructing pairs", node.start_mark,
+                    "expected a sequence, but found %s" % node.id, node.start_mark)
+        for subnode in node.value:
+            if not isinstance(subnode, MappingNode):
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a mapping of length 1, but found %s" % subnode.id,
+                        subnode.start_mark)
+            if len(subnode.value) != 1:
+                raise ConstructorError("while constructing pairs", node.start_mark,
+                        "expected a single mapping item, but found %d items" % len(subnode.value),
+                        subnode.start_mark)
+            key_node, value_node = subnode.value[0]
+            key = self.construct_object(key_node)
+            value = self.construct_object(value_node)
+            pairs.append((key, value))
+
+    def construct_yaml_set(self, node):
+        data = set()
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_yaml_seq(self, node):
+        data = []
+        yield data
+        data.extend(self.construct_sequence(node))
+
+    def construct_yaml_map(self, node):
+        data = {}
+        yield data
+        value = self.construct_mapping(node)
+        data.update(value)
+
+    def construct_yaml_object(self, node, cls):
+        data = cls.__new__(cls)
+        yield data
+        if hasattr(data, '__setstate__'):
+            state = self.construct_mapping(node, deep=True)
+            data.__setstate__(state)
+        else:
+            state = self.construct_mapping(node)
+            data.__dict__.update(state)
+
+    def construct_undefined(self, node):
+        raise ConstructorError(None, None,
+                "could not determine a constructor for the tag %r" % node.tag,
+                node.start_mark)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:null',
+        SafeConstructor.construct_yaml_null)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:bool',
+        SafeConstructor.construct_yaml_bool)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:int',
+        SafeConstructor.construct_yaml_int)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:float',
+        SafeConstructor.construct_yaml_float)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:binary',
+        SafeConstructor.construct_yaml_binary)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:timestamp',
+        SafeConstructor.construct_yaml_timestamp)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:omap',
+        SafeConstructor.construct_yaml_omap)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:pairs',
+        SafeConstructor.construct_yaml_pairs)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:set',
+        SafeConstructor.construct_yaml_set)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:str',
+        SafeConstructor.construct_yaml_str)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:seq',
+        SafeConstructor.construct_yaml_seq)
+
+SafeConstructor.add_constructor(
+        'tag:yaml.org,2002:map',
+        SafeConstructor.construct_yaml_map)
+
+SafeConstructor.add_constructor(None,
+        SafeConstructor.construct_undefined)
+
+class FullConstructor(SafeConstructor):
+    # 'extend' is blacklisted because it is used by
+    # construct_python_object_apply to add `listitems` to a newly generate
+    # python instance
+    def get_state_keys_blacklist(self):
+        return ['^extend$', '^__.*__$']
+
+    def get_state_keys_blacklist_regexp(self):
+        if not hasattr(self, 'state_keys_blacklist_regexp'):
+            self.state_keys_blacklist_regexp = re.compile('(' + '|'.join(self.get_state_keys_blacklist()) + ')')
+        return self.state_keys_blacklist_regexp
+
+    def construct_python_str(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_unicode(self, node):
+        return self.construct_scalar(node)
+
+    def construct_python_bytes(self, node):
+        try:
+            value = self.construct_scalar(node).encode('ascii')
+        except UnicodeEncodeError as exc:
+            raise ConstructorError(None, None,
+                    "failed to convert base64 data into ascii: %s" % exc,
+                    node.start_mark)
+        try:
+            if hasattr(base64, 'decodebytes'):
+                return base64.decodebytes(value)
+            else:
+                return base64.decodestring(value)
+        except binascii.Error as exc:
+            raise ConstructorError(None, None,
+                    "failed to decode base64 data: %s" % exc, node.start_mark)
+
+    def construct_python_long(self, node):
+        return self.construct_yaml_int(node)
+
+    def construct_python_complex(self, node):
+       return complex(self.construct_scalar(node))
+
+    def construct_python_tuple(self, node):
+        return tuple(self.construct_sequence(node))
+
+    def find_python_module(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if unsafe:
+            try:
+                __import__(name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python module", mark,
+                        "cannot find module %r (%s)" % (name, exc), mark)
+        if name not in sys.modules:
+            raise ConstructorError("while constructing a Python module", mark,
+                    "module %r is not imported" % name, mark)
+        return sys.modules[name]
+
+    def find_python_name(self, name, mark, unsafe=False):
+        if not name:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "expected non-empty name appended to the tag", mark)
+        if '.' in name:
+            module_name, object_name = name.rsplit('.', 1)
+        else:
+            module_name = 'builtins'
+            object_name = name
+        if unsafe:
+            try:
+                __import__(module_name)
+            except ImportError as exc:
+                raise ConstructorError("while constructing a Python object", mark,
+                        "cannot find module %r (%s)" % (module_name, exc), mark)
+        if module_name not in sys.modules:
+            raise ConstructorError("while constructing a Python object", mark,
+                    "module %r is not imported" % module_name, mark)
+        module = sys.modules[module_name]
+        if not hasattr(module, object_name):
+            raise ConstructorError("while constructing a Python object", mark,
+                    "cannot find %r in the module %r"
+                    % (object_name, module.__name__), mark)
+        return getattr(module, object_name)
+
+    def construct_python_name(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python name", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_name(suffix, node.start_mark)
+
+    def construct_python_module(self, suffix, node):
+        value = self.construct_scalar(node)
+        if value:
+            raise ConstructorError("while constructing a Python module", node.start_mark,
+                    "expected the empty value, but found %r" % value, node.start_mark)
+        return self.find_python_module(suffix, node.start_mark)
+
+    def make_python_instance(self, suffix, node,
+            args=None, kwds=None, newobj=False, unsafe=False):
+        if not args:
+            args = []
+        if not kwds:
+            kwds = {}
+        cls = self.find_python_name(suffix, node.start_mark)
+        if not (unsafe or isinstance(cls, type)):
+            raise ConstructorError("while constructing a Python instance", node.start_mark,
+                    "expected a class, but found %r" % type(cls),
+                    node.start_mark)
+        if newobj and isinstance(cls, type):
+            return cls.__new__(cls, *args, **kwds)
+        else:
+            return cls(*args, **kwds)
+
+    def set_python_instance_state(self, instance, state, unsafe=False):
+        if hasattr(instance, '__setstate__'):
+            instance.__setstate__(state)
+        else:
+            slotstate = {}
+            if isinstance(state, tuple) and len(state) == 2:
+                state, slotstate = state
+            if hasattr(instance, '__dict__'):
+                if not unsafe and state:
+                    for key in state.keys():
+                        self.check_state_key(key)
+                instance.__dict__.update(state)
+            elif state:
+                slotstate.update(state)
+            for key, value in slotstate.items():
+                if not unsafe:
+                    self.check_state_key(key)
+                setattr(instance, key, value)
+
+    def construct_python_object(self, suffix, node):
+        # Format:
+        #   !!python/object:module.name { ... state ... }
+        instance = self.make_python_instance(suffix, node, newobj=True)
+        yield instance
+        deep = hasattr(instance, '__setstate__')
+        state = self.construct_mapping(node, deep=deep)
+        self.set_python_instance_state(instance, state)
+
+    def construct_python_object_apply(self, suffix, node, newobj=False):
+        # Format:
+        #   !!python/object/apply       # (or !!python/object/new)
+        #   args: [ ... arguments ... ]
+        #   kwds: { ... keywords ... }
+        #   state: ... state ...
+        #   listitems: [ ... listitems ... ]
+        #   dictitems: { ... dictitems ... }
+        # or short format:
+        #   !!python/object/apply [ ... arguments ... ]
+        # The difference between !!python/object/apply and !!python/object/new
+        # is how an object is created, check make_python_instance for details.
+        if isinstance(node, SequenceNode):
+            args = self.construct_sequence(node, deep=True)
+            kwds = {}
+            state = {}
+            listitems = []
+            dictitems = {}
+        else:
+            value = self.construct_mapping(node, deep=True)
+            args = value.get('args', [])
+            kwds = value.get('kwds', {})
+            state = value.get('state', {})
+            listitems = value.get('listitems', [])
+            dictitems = value.get('dictitems', {})
+        instance = self.make_python_instance(suffix, node, args, kwds, newobj)
+        if state:
+            self.set_python_instance_state(instance, state)
+        if listitems:
+            instance.extend(listitems)
+        if dictitems:
+            for key in dictitems:
+                instance[key] = dictitems[key]
+        return instance
+
+    def construct_python_object_new(self, suffix, node):
+        return self.construct_python_object_apply(suffix, node, newobj=True)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/none',
+    FullConstructor.construct_yaml_null)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bool',
+    FullConstructor.construct_yaml_bool)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/str',
+    FullConstructor.construct_python_str)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/unicode',
+    FullConstructor.construct_python_unicode)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/bytes',
+    FullConstructor.construct_python_bytes)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/int',
+    FullConstructor.construct_yaml_int)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/long',
+    FullConstructor.construct_python_long)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/float',
+    FullConstructor.construct_yaml_float)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/complex',
+    FullConstructor.construct_python_complex)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/list',
+    FullConstructor.construct_yaml_seq)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/tuple',
+    FullConstructor.construct_python_tuple)
+
+FullConstructor.add_constructor(
+    'tag:yaml.org,2002:python/dict',
+    FullConstructor.construct_yaml_map)
+
+FullConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/name:',
+    FullConstructor.construct_python_name)
+
+class UnsafeConstructor(FullConstructor):
+
+    def find_python_module(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_module(name, mark, unsafe=True)
+
+    def find_python_name(self, name, mark):
+        return super(UnsafeConstructor, self).find_python_name(name, mark, unsafe=True)
+
+    def make_python_instance(self, suffix, node, args=None, kwds=None, newobj=False):
+        return super(UnsafeConstructor, self).make_python_instance(
+            suffix, node, args, kwds, newobj, unsafe=True)
+
+    def set_python_instance_state(self, instance, state):
+        return super(UnsafeConstructor, self).set_python_instance_state(
+            instance, state, unsafe=True)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/module:',
+    UnsafeConstructor.construct_python_module)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object:',
+    UnsafeConstructor.construct_python_object)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/new:',
+    UnsafeConstructor.construct_python_object_new)
+
+UnsafeConstructor.add_multi_constructor(
+    'tag:yaml.org,2002:python/object/apply:',
+    UnsafeConstructor.construct_python_object_apply)
+
+# Constructor is same as UnsafeConstructor. Need to leave this in place in case
+# people have extended it directly.
+class Constructor(UnsafeConstructor):
+    pass
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/cyaml.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/cyaml.py
new file mode 100644
index 000000000..0c2134587
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/cyaml.py
@@ -0,0 +1,101 @@
+
+__all__ = [
+    'CBaseLoader', 'CSafeLoader', 'CFullLoader', 'CUnsafeLoader', 'CLoader',
+    'CBaseDumper', 'CSafeDumper', 'CDumper'
+]
+
+from yaml._yaml import CParser, CEmitter
+
+from .constructor import *
+
+from .serializer import *
+from .representer import *
+
+from .resolver import *
+
+class CBaseLoader(CParser, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class CSafeLoader(CParser, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CFullLoader(CParser, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CUnsafeLoader(CParser, UnsafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        UnsafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class CLoader(CParser, Constructor, Resolver):
+
+    def __init__(self, stream):
+        CParser.__init__(self, stream)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+class CBaseDumper(CEmitter, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CSafeDumper(CEmitter, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class CDumper(CEmitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        CEmitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width, encoding=encoding,
+                allow_unicode=allow_unicode, line_break=line_break,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/dumper.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/dumper.py
new file mode 100644
index 000000000..6aadba551
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/dumper.py
@@ -0,0 +1,62 @@
+
+__all__ = ['BaseDumper', 'SafeDumper', 'Dumper']
+
+from .emitter import *
+from .serializer import *
+from .representer import *
+from .resolver import *
+
+class BaseDumper(Emitter, Serializer, BaseRepresenter, BaseResolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class SafeDumper(Emitter, Serializer, SafeRepresenter, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        SafeRepresenter.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
+class Dumper(Emitter, Serializer, Representer, Resolver):
+
+    def __init__(self, stream,
+            default_style=None, default_flow_style=False,
+            canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None,
+            encoding=None, explicit_start=None, explicit_end=None,
+            version=None, tags=None, sort_keys=True):
+        Emitter.__init__(self, stream, canonical=canonical,
+                indent=indent, width=width,
+                allow_unicode=allow_unicode, line_break=line_break)
+        Serializer.__init__(self, encoding=encoding,
+                explicit_start=explicit_start, explicit_end=explicit_end,
+                version=version, tags=tags)
+        Representer.__init__(self, default_style=default_style,
+                default_flow_style=default_flow_style, sort_keys=sort_keys)
+        Resolver.__init__(self)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/emitter.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/emitter.py
new file mode 100644
index 000000000..a664d0111
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/emitter.py
@@ -0,0 +1,1137 @@
+
+# Emitter expects events obeying the following grammar:
+# stream ::= STREAM-START document* STREAM-END
+# document ::= DOCUMENT-START node DOCUMENT-END
+# node ::= SCALAR | sequence | mapping
+# sequence ::= SEQUENCE-START node* SEQUENCE-END
+# mapping ::= MAPPING-START (node node)* MAPPING-END
+
+__all__ = ['Emitter', 'EmitterError']
+
+from .error import YAMLError
+from .events import *
+
+class EmitterError(YAMLError):
+    pass
+
+class ScalarAnalysis:
+    def __init__(self, scalar, empty, multiline,
+            allow_flow_plain, allow_block_plain,
+            allow_single_quoted, allow_double_quoted,
+            allow_block):
+        self.scalar = scalar
+        self.empty = empty
+        self.multiline = multiline
+        self.allow_flow_plain = allow_flow_plain
+        self.allow_block_plain = allow_block_plain
+        self.allow_single_quoted = allow_single_quoted
+        self.allow_double_quoted = allow_double_quoted
+        self.allow_block = allow_block
+
+class Emitter:
+
+    DEFAULT_TAG_PREFIXES = {
+        '!' : '!',
+        'tag:yaml.org,2002:' : '!!',
+    }
+
+    def __init__(self, stream, canonical=None, indent=None, width=None,
+            allow_unicode=None, line_break=None):
+
+        # The stream should have the methods `write` and possibly `flush`.
+        self.stream = stream
+
+        # Encoding can be overridden by STREAM-START.
+        self.encoding = None
+
+        # Emitter is a state machine with a stack of states to handle nested
+        # structures.
+        self.states = []
+        self.state = self.expect_stream_start
+
+        # Current event and the event queue.
+        self.events = []
+        self.event = None
+
+        # The current indentation level and the stack of previous indents.
+        self.indents = []
+        self.indent = None
+
+        # Flow level.
+        self.flow_level = 0
+
+        # Contexts.
+        self.root_context = False
+        self.sequence_context = False
+        self.mapping_context = False
+        self.simple_key_context = False
+
+        # Characteristics of the last emitted character:
+        #  - current position.
+        #  - is it a whitespace?
+        #  - is it an indention character
+        #    (indentation space, '-', '?', or ':')?
+        self.line = 0
+        self.column = 0
+        self.whitespace = True
+        self.indention = True
+
+        # Whether the document requires an explicit document indicator
+        self.open_ended = False
+
+        # Formatting details.
+        self.canonical = canonical
+        self.allow_unicode = allow_unicode
+        self.best_indent = 2
+        if indent and 1 < indent < 10:
+            self.best_indent = indent
+        self.best_width = 80
+        if width and width > self.best_indent*2:
+            self.best_width = width
+        self.best_line_break = '\n'
+        if line_break in ['\r', '\n', '\r\n']:
+            self.best_line_break = line_break
+
+        # Tag prefixes.
+        self.tag_prefixes = None
+
+        # Prepared anchor and tag.
+        self.prepared_anchor = None
+        self.prepared_tag = None
+
+        # Scalar analysis and style.
+        self.analysis = None
+        self.style = None
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def emit(self, event):
+        self.events.append(event)
+        while not self.need_more_events():
+            self.event = self.events.pop(0)
+            self.state()
+            self.event = None
+
+    # In some cases, we wait for a few next events before emitting.
+
+    def need_more_events(self):
+        if not self.events:
+            return True
+        event = self.events[0]
+        if isinstance(event, DocumentStartEvent):
+            return self.need_events(1)
+        elif isinstance(event, SequenceStartEvent):
+            return self.need_events(2)
+        elif isinstance(event, MappingStartEvent):
+            return self.need_events(3)
+        else:
+            return False
+
+    def need_events(self, count):
+        level = 0
+        for event in self.events[1:]:
+            if isinstance(event, (DocumentStartEvent, CollectionStartEvent)):
+                level += 1
+            elif isinstance(event, (DocumentEndEvent, CollectionEndEvent)):
+                level -= 1
+            elif isinstance(event, StreamEndEvent):
+                level = -1
+            if level < 0:
+                return False
+        return (len(self.events) < count+1)
+
+    def increase_indent(self, flow=False, indentless=False):
+        self.indents.append(self.indent)
+        if self.indent is None:
+            if flow:
+                self.indent = self.best_indent
+            else:
+                self.indent = 0
+        elif not indentless:
+            self.indent += self.best_indent
+
+    # States.
+
+    # Stream handlers.
+
+    def expect_stream_start(self):
+        if isinstance(self.event, StreamStartEvent):
+            if self.event.encoding and not hasattr(self.stream, 'encoding'):
+                self.encoding = self.event.encoding
+            self.write_stream_start()
+            self.state = self.expect_first_document_start
+        else:
+            raise EmitterError("expected StreamStartEvent, but got %s"
+                    % self.event)
+
+    def expect_nothing(self):
+        raise EmitterError("expected nothing, but got %s" % self.event)
+
+    # Document handlers.
+
+    def expect_first_document_start(self):
+        return self.expect_document_start(first=True)
+
+    def expect_document_start(self, first=False):
+        if isinstance(self.event, DocumentStartEvent):
+            if (self.event.version or self.event.tags) and self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            if self.event.version:
+                version_text = self.prepare_version(self.event.version)
+                self.write_version_directive(version_text)
+            self.tag_prefixes = self.DEFAULT_TAG_PREFIXES.copy()
+            if self.event.tags:
+                handles = sorted(self.event.tags.keys())
+                for handle in handles:
+                    prefix = self.event.tags[handle]
+                    self.tag_prefixes[prefix] = handle
+                    handle_text = self.prepare_tag_handle(handle)
+                    prefix_text = self.prepare_tag_prefix(prefix)
+                    self.write_tag_directive(handle_text, prefix_text)
+            implicit = (first and not self.event.explicit and not self.canonical
+                    and not self.event.version and not self.event.tags
+                    and not self.check_empty_document())
+            if not implicit:
+                self.write_indent()
+                self.write_indicator('---', True)
+                if self.canonical:
+                    self.write_indent()
+            self.state = self.expect_document_root
+        elif isinstance(self.event, StreamEndEvent):
+            if self.open_ended:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.write_stream_end()
+            self.state = self.expect_nothing
+        else:
+            raise EmitterError("expected DocumentStartEvent, but got %s"
+                    % self.event)
+
+    def expect_document_end(self):
+        if isinstance(self.event, DocumentEndEvent):
+            self.write_indent()
+            if self.event.explicit:
+                self.write_indicator('...', True)
+                self.write_indent()
+            self.flush_stream()
+            self.state = self.expect_document_start
+        else:
+            raise EmitterError("expected DocumentEndEvent, but got %s"
+                    % self.event)
+
+    def expect_document_root(self):
+        self.states.append(self.expect_document_end)
+        self.expect_node(root=True)
+
+    # Node handlers.
+
+    def expect_node(self, root=False, sequence=False, mapping=False,
+            simple_key=False):
+        self.root_context = root
+        self.sequence_context = sequence
+        self.mapping_context = mapping
+        self.simple_key_context = simple_key
+        if isinstance(self.event, AliasEvent):
+            self.expect_alias()
+        elif isinstance(self.event, (ScalarEvent, CollectionStartEvent)):
+            self.process_anchor('&')
+            self.process_tag()
+            if isinstance(self.event, ScalarEvent):
+                self.expect_scalar()
+            elif isinstance(self.event, SequenceStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_sequence():
+                    self.expect_flow_sequence()
+                else:
+                    self.expect_block_sequence()
+            elif isinstance(self.event, MappingStartEvent):
+                if self.flow_level or self.canonical or self.event.flow_style   \
+                        or self.check_empty_mapping():
+                    self.expect_flow_mapping()
+                else:
+                    self.expect_block_mapping()
+        else:
+            raise EmitterError("expected NodeEvent, but got %s" % self.event)
+
+    def expect_alias(self):
+        if self.event.anchor is None:
+            raise EmitterError("anchor is not specified for alias")
+        self.process_anchor('*')
+        self.state = self.states.pop()
+
+    def expect_scalar(self):
+        self.increase_indent(flow=True)
+        self.process_scalar()
+        self.indent = self.indents.pop()
+        self.state = self.states.pop()
+
+    # Flow sequence handlers.
+
+    def expect_flow_sequence(self):
+        self.write_indicator('[', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_sequence_item
+
+    def expect_first_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    def expect_flow_sequence_item(self):
+        if isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator(']', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            self.states.append(self.expect_flow_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Flow mapping handlers.
+
+    def expect_flow_mapping(self):
+        self.write_indicator('{', True, whitespace=True)
+        self.flow_level += 1
+        self.increase_indent(flow=True)
+        self.state = self.expect_first_flow_mapping_key
+
+    def expect_first_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_key(self):
+        if isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.flow_level -= 1
+            if self.canonical:
+                self.write_indicator(',', False)
+                self.write_indent()
+            self.write_indicator('}', False)
+            self.state = self.states.pop()
+        else:
+            self.write_indicator(',', False)
+            if self.canonical or self.column > self.best_width:
+                self.write_indent()
+            if not self.canonical and self.check_simple_key():
+                self.states.append(self.expect_flow_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True)
+                self.states.append(self.expect_flow_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_flow_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_flow_mapping_value(self):
+        if self.canonical or self.column > self.best_width:
+            self.write_indent()
+        self.write_indicator(':', True)
+        self.states.append(self.expect_flow_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Block sequence handlers.
+
+    def expect_block_sequence(self):
+        indentless = (self.mapping_context and not self.indention)
+        self.increase_indent(flow=False, indentless=indentless)
+        self.state = self.expect_first_block_sequence_item
+
+    def expect_first_block_sequence_item(self):
+        return self.expect_block_sequence_item(first=True)
+
+    def expect_block_sequence_item(self, first=False):
+        if not first and isinstance(self.event, SequenceEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            self.write_indicator('-', True, indention=True)
+            self.states.append(self.expect_block_sequence_item)
+            self.expect_node(sequence=True)
+
+    # Block mapping handlers.
+
+    def expect_block_mapping(self):
+        self.increase_indent(flow=False)
+        self.state = self.expect_first_block_mapping_key
+
+    def expect_first_block_mapping_key(self):
+        return self.expect_block_mapping_key(first=True)
+
+    def expect_block_mapping_key(self, first=False):
+        if not first and isinstance(self.event, MappingEndEvent):
+            self.indent = self.indents.pop()
+            self.state = self.states.pop()
+        else:
+            self.write_indent()
+            if self.check_simple_key():
+                self.states.append(self.expect_block_mapping_simple_value)
+                self.expect_node(mapping=True, simple_key=True)
+            else:
+                self.write_indicator('?', True, indention=True)
+                self.states.append(self.expect_block_mapping_value)
+                self.expect_node(mapping=True)
+
+    def expect_block_mapping_simple_value(self):
+        self.write_indicator(':', False)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    def expect_block_mapping_value(self):
+        self.write_indent()
+        self.write_indicator(':', True, indention=True)
+        self.states.append(self.expect_block_mapping_key)
+        self.expect_node(mapping=True)
+
+    # Checkers.
+
+    def check_empty_sequence(self):
+        return (isinstance(self.event, SequenceStartEvent) and self.events
+                and isinstance(self.events[0], SequenceEndEvent))
+
+    def check_empty_mapping(self):
+        return (isinstance(self.event, MappingStartEvent) and self.events
+                and isinstance(self.events[0], MappingEndEvent))
+
+    def check_empty_document(self):
+        if not isinstance(self.event, DocumentStartEvent) or not self.events:
+            return False
+        event = self.events[0]
+        return (isinstance(event, ScalarEvent) and event.anchor is None
+                and event.tag is None and event.implicit and event.value == '')
+
+    def check_simple_key(self):
+        length = 0
+        if isinstance(self.event, NodeEvent) and self.event.anchor is not None:
+            if self.prepared_anchor is None:
+                self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+            length += len(self.prepared_anchor)
+        if isinstance(self.event, (ScalarEvent, CollectionStartEvent))  \
+                and self.event.tag is not None:
+            if self.prepared_tag is None:
+                self.prepared_tag = self.prepare_tag(self.event.tag)
+            length += len(self.prepared_tag)
+        if isinstance(self.event, ScalarEvent):
+            if self.analysis is None:
+                self.analysis = self.analyze_scalar(self.event.value)
+            length += len(self.analysis.scalar)
+        return (length < 128 and (isinstance(self.event, AliasEvent)
+            or (isinstance(self.event, ScalarEvent)
+                    and not self.analysis.empty and not self.analysis.multiline)
+            or self.check_empty_sequence() or self.check_empty_mapping()))
+
+    # Anchor, Tag, and Scalar processors.
+
+    def process_anchor(self, indicator):
+        if self.event.anchor is None:
+            self.prepared_anchor = None
+            return
+        if self.prepared_anchor is None:
+            self.prepared_anchor = self.prepare_anchor(self.event.anchor)
+        if self.prepared_anchor:
+            self.write_indicator(indicator+self.prepared_anchor, True)
+        self.prepared_anchor = None
+
+    def process_tag(self):
+        tag = self.event.tag
+        if isinstance(self.event, ScalarEvent):
+            if self.style is None:
+                self.style = self.choose_scalar_style()
+            if ((not self.canonical or tag is None) and
+                ((self.style == '' and self.event.implicit[0])
+                        or (self.style != '' and self.event.implicit[1]))):
+                self.prepared_tag = None
+                return
+            if self.event.implicit[0] and tag is None:
+                tag = '!'
+                self.prepared_tag = None
+        else:
+            if (not self.canonical or tag is None) and self.event.implicit:
+                self.prepared_tag = None
+                return
+        if tag is None:
+            raise EmitterError("tag is not specified")
+        if self.prepared_tag is None:
+            self.prepared_tag = self.prepare_tag(tag)
+        if self.prepared_tag:
+            self.write_indicator(self.prepared_tag, True)
+        self.prepared_tag = None
+
+    def choose_scalar_style(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.event.style == '"' or self.canonical:
+            return '"'
+        if not self.event.style and self.event.implicit[0]:
+            if (not (self.simple_key_context and
+                    (self.analysis.empty or self.analysis.multiline))
+                and (self.flow_level and self.analysis.allow_flow_plain
+                    or (not self.flow_level and self.analysis.allow_block_plain))):
+                return ''
+        if self.event.style and self.event.style in '|>':
+            if (not self.flow_level and not self.simple_key_context
+                    and self.analysis.allow_block):
+                return self.event.style
+        if not self.event.style or self.event.style == '\'':
+            if (self.analysis.allow_single_quoted and
+                    not (self.simple_key_context and self.analysis.multiline)):
+                return '\''
+        return '"'
+
+    def process_scalar(self):
+        if self.analysis is None:
+            self.analysis = self.analyze_scalar(self.event.value)
+        if self.style is None:
+            self.style = self.choose_scalar_style()
+        split = (not self.simple_key_context)
+        #if self.analysis.multiline and split    \
+        #        and (not self.style or self.style in '\'\"'):
+        #    self.write_indent()
+        if self.style == '"':
+            self.write_double_quoted(self.analysis.scalar, split)
+        elif self.style == '\'':
+            self.write_single_quoted(self.analysis.scalar, split)
+        elif self.style == '>':
+            self.write_folded(self.analysis.scalar)
+        elif self.style == '|':
+            self.write_literal(self.analysis.scalar)
+        else:
+            self.write_plain(self.analysis.scalar, split)
+        self.analysis = None
+        self.style = None
+
+    # Analyzers.
+
+    def prepare_version(self, version):
+        major, minor = version
+        if major != 1:
+            raise EmitterError("unsupported YAML version: %d.%d" % (major, minor))
+        return '%d.%d' % (major, minor)
+
+    def prepare_tag_handle(self, handle):
+        if not handle:
+            raise EmitterError("tag handle must not be empty")
+        if handle[0] != '!' or handle[-1] != '!':
+            raise EmitterError("tag handle must start and end with '!': %r" % handle)
+        for ch in handle[1:-1]:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the tag handle: %r"
+                        % (ch, handle))
+        return handle
+
+    def prepare_tag_prefix(self, prefix):
+        if not prefix:
+            raise EmitterError("tag prefix must not be empty")
+        chunks = []
+        start = end = 0
+        if prefix[0] == '!':
+            end = 1
+        while end < len(prefix):
+            ch = prefix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?!:@&=+$,_.~*\'()[]':
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(prefix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ord(ch))
+        if start < end:
+            chunks.append(prefix[start:end])
+        return ''.join(chunks)
+
+    def prepare_tag(self, tag):
+        if not tag:
+            raise EmitterError("tag must not be empty")
+        if tag == '!':
+            return tag
+        handle = None
+        suffix = tag
+        prefixes = sorted(self.tag_prefixes.keys())
+        for prefix in prefixes:
+            if tag.startswith(prefix)   \
+                    and (prefix == '!' or len(prefix) < len(tag)):
+                handle = self.tag_prefixes[prefix]
+                suffix = tag[len(prefix):]
+        chunks = []
+        start = end = 0
+        while end < len(suffix):
+            ch = suffix[end]
+            if '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z' \
+                    or ch in '-;/?:@&=+$,_.~*\'()[]'   \
+                    or (ch == '!' and handle != '!'):
+                end += 1
+            else:
+                if start < end:
+                    chunks.append(suffix[start:end])
+                start = end = end+1
+                data = ch.encode('utf-8')
+                for ch in data:
+                    chunks.append('%%%02X' % ch)
+        if start < end:
+            chunks.append(suffix[start:end])
+        suffix_text = ''.join(chunks)
+        if handle:
+            return '%s%s' % (handle, suffix_text)
+        else:
+            return '!<%s>' % suffix_text
+
+    def prepare_anchor(self, anchor):
+        if not anchor:
+            raise EmitterError("anchor must not be empty")
+        for ch in anchor:
+            if not ('0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'    \
+                    or ch in '-_'):
+                raise EmitterError("invalid character %r in the anchor: %r"
+                        % (ch, anchor))
+        return anchor
+
+    def analyze_scalar(self, scalar):
+
+        # Empty scalar is a special case.
+        if not scalar:
+            return ScalarAnalysis(scalar=scalar, empty=True, multiline=False,
+                    allow_flow_plain=False, allow_block_plain=True,
+                    allow_single_quoted=True, allow_double_quoted=True,
+                    allow_block=False)
+
+        # Indicators and special characters.
+        block_indicators = False
+        flow_indicators = False
+        line_breaks = False
+        special_characters = False
+
+        # Important whitespace combinations.
+        leading_space = False
+        leading_break = False
+        trailing_space = False
+        trailing_break = False
+        break_space = False
+        space_break = False
+
+        # Check document indicators.
+        if scalar.startswith('---') or scalar.startswith('...'):
+            block_indicators = True
+            flow_indicators = True
+
+        # First character or preceded by a whitespace.
+        preceded_by_whitespace = True
+
+        # Last character or followed by a whitespace.
+        followed_by_whitespace = (len(scalar) == 1 or
+                scalar[1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # The previous character is a space.
+        previous_space = False
+
+        # The previous character is a break.
+        previous_break = False
+
+        index = 0
+        while index < len(scalar):
+            ch = scalar[index]
+
+            # Check for indicators.
+            if index == 0:
+                # Leading indicators are special characters.
+                if ch in '#,[]{}&*!|>\'\"%@`':
+                    flow_indicators = True
+                    block_indicators = True
+                if ch in '?:':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '-' and followed_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+            else:
+                # Some indicators cannot appear within a scalar as well.
+                if ch in ',?[]{}':
+                    flow_indicators = True
+                if ch == ':':
+                    flow_indicators = True
+                    if followed_by_whitespace:
+                        block_indicators = True
+                if ch == '#' and preceded_by_whitespace:
+                    flow_indicators = True
+                    block_indicators = True
+
+            # Check for line breaks, special, and unicode characters.
+            if ch in '\n\x85\u2028\u2029':
+                line_breaks = True
+            if not (ch == '\n' or '\x20' <= ch <= '\x7E'):
+                if (ch == '\x85' or '\xA0' <= ch <= '\uD7FF'
+                        or '\uE000' <= ch <= '\uFFFD'
+                        or '\U00010000' <= ch < '\U0010ffff') and ch != '\uFEFF':
+                    unicode_characters = True
+                    if not self.allow_unicode:
+                        special_characters = True
+                else:
+                    special_characters = True
+
+            # Detect important whitespace combinations.
+            if ch == ' ':
+                if index == 0:
+                    leading_space = True
+                if index == len(scalar)-1:
+                    trailing_space = True
+                if previous_break:
+                    break_space = True
+                previous_space = True
+                previous_break = False
+            elif ch in '\n\x85\u2028\u2029':
+                if index == 0:
+                    leading_break = True
+                if index == len(scalar)-1:
+                    trailing_break = True
+                if previous_space:
+                    space_break = True
+                previous_space = False
+                previous_break = True
+            else:
+                previous_space = False
+                previous_break = False
+
+            # Prepare for the next character.
+            index += 1
+            preceded_by_whitespace = (ch in '\0 \t\r\n\x85\u2028\u2029')
+            followed_by_whitespace = (index+1 >= len(scalar) or
+                    scalar[index+1] in '\0 \t\r\n\x85\u2028\u2029')
+
+        # Let's decide what styles are allowed.
+        allow_flow_plain = True
+        allow_block_plain = True
+        allow_single_quoted = True
+        allow_double_quoted = True
+        allow_block = True
+
+        # Leading and trailing whitespaces are bad for plain scalars.
+        if (leading_space or leading_break
+                or trailing_space or trailing_break):
+            allow_flow_plain = allow_block_plain = False
+
+        # We do not permit trailing spaces for block scalars.
+        if trailing_space:
+            allow_block = False
+
+        # Spaces at the beginning of a new line are only acceptable for block
+        # scalars.
+        if break_space:
+            allow_flow_plain = allow_block_plain = allow_single_quoted = False
+
+        # Spaces followed by breaks, as well as special character are only
+        # allowed for double quoted scalars.
+        if space_break or special_characters:
+            allow_flow_plain = allow_block_plain =  \
+            allow_single_quoted = allow_block = False
+
+        # Although the plain scalar writer supports breaks, we never emit
+        # multiline plain scalars.
+        if line_breaks:
+            allow_flow_plain = allow_block_plain = False
+
+        # Flow indicators are forbidden for flow plain scalars.
+        if flow_indicators:
+            allow_flow_plain = False
+
+        # Block indicators are forbidden for block plain scalars.
+        if block_indicators:
+            allow_block_plain = False
+
+        return ScalarAnalysis(scalar=scalar,
+                empty=False, multiline=line_breaks,
+                allow_flow_plain=allow_flow_plain,
+                allow_block_plain=allow_block_plain,
+                allow_single_quoted=allow_single_quoted,
+                allow_double_quoted=allow_double_quoted,
+                allow_block=allow_block)
+
+    # Writers.
+
+    def flush_stream(self):
+        if hasattr(self.stream, 'flush'):
+            self.stream.flush()
+
+    def write_stream_start(self):
+        # Write BOM if needed.
+        if self.encoding and self.encoding.startswith('utf-16'):
+            self.stream.write('\uFEFF'.encode(self.encoding))
+
+    def write_stream_end(self):
+        self.flush_stream()
+
+    def write_indicator(self, indicator, need_whitespace,
+            whitespace=False, indention=False):
+        if self.whitespace or not need_whitespace:
+            data = indicator
+        else:
+            data = ' '+indicator
+        self.whitespace = whitespace
+        self.indention = self.indention and indention
+        self.column += len(data)
+        self.open_ended = False
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_indent(self):
+        indent = self.indent or 0
+        if not self.indention or self.column > indent   \
+                or (self.column == indent and not self.whitespace):
+            self.write_line_break()
+        if self.column < indent:
+            self.whitespace = True
+            data = ' '*(indent-self.column)
+            self.column = indent
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+
+    def write_line_break(self, data=None):
+        if data is None:
+            data = self.best_line_break
+        self.whitespace = True
+        self.indention = True
+        self.line += 1
+        self.column = 0
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+
+    def write_version_directive(self, version_text):
+        data = '%%YAML %s' % version_text
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    def write_tag_directive(self, handle_text, prefix_text):
+        data = '%%TAG %s %s' % (handle_text, prefix_text)
+        if self.encoding:
+            data = data.encode(self.encoding)
+        self.stream.write(data)
+        self.write_line_break()
+
+    # Scalar streams.
+
+    def write_single_quoted(self, text, split=True):
+        self.write_indicator('\'', True)
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch is None or ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split   \
+                            and start != 0 and end != len(text):
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029' or ch == '\'':
+                    if start < end:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                        start = end
+            if ch == '\'':
+                data = '\'\''
+                self.column += 2
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                start = end + 1
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+        self.write_indicator('\'', False)
+
+    ESCAPE_REPLACEMENTS = {
+        '\0':       '0',
+        '\x07':     'a',
+        '\x08':     'b',
+        '\x09':     't',
+        '\x0A':     'n',
+        '\x0B':     'v',
+        '\x0C':     'f',
+        '\x0D':     'r',
+        '\x1B':     'e',
+        '\"':       '\"',
+        '\\':       '\\',
+        '\x85':     'N',
+        '\xA0':     '_',
+        '\u2028':   'L',
+        '\u2029':   'P',
+    }
+
+    def write_double_quoted(self, text, split=True):
+        self.write_indicator('"', True)
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if ch is None or ch in '"\\\x85\u2028\u2029\uFEFF' \
+                    or not ('\x20' <= ch <= '\x7E'
+                        or (self.allow_unicode
+                            and ('\xA0' <= ch <= '\uD7FF'
+                                or '\uE000' <= ch <= '\uFFFD'))):
+                if start < end:
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+                if ch is not None:
+                    if ch in self.ESCAPE_REPLACEMENTS:
+                        data = '\\'+self.ESCAPE_REPLACEMENTS[ch]
+                    elif ch <= '\xFF':
+                        data = '\\x%02X' % ord(ch)
+                    elif ch <= '\uFFFF':
+                        data = '\\u%04X' % ord(ch)
+                    else:
+                        data = '\\U%08X' % ord(ch)
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end+1
+            if 0 < end < len(text)-1 and (ch == ' ' or start >= end)    \
+                    and self.column+(end-start) > self.best_width and split:
+                data = text[start:end]+'\\'
+                if start < end:
+                    start = end
+                self.column += len(data)
+                if self.encoding:
+                    data = data.encode(self.encoding)
+                self.stream.write(data)
+                self.write_indent()
+                self.whitespace = False
+                self.indention = False
+                if text[start] == ' ':
+                    data = '\\'
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+            end += 1
+        self.write_indicator('"', False)
+
+    def determine_block_hints(self, text):
+        hints = ''
+        if text:
+            if text[0] in ' \n\x85\u2028\u2029':
+                hints += str(self.best_indent)
+            if text[-1] not in '\n\x85\u2028\u2029':
+                hints += '-'
+            elif len(text) == 1 or text[-2] in '\n\x85\u2028\u2029':
+                hints += '+'
+        return hints
+
+    def write_folded(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('>'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        leading_space = True
+        spaces = False
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    if not leading_space and ch is not None and ch != ' '   \
+                            and text[start] == '\n':
+                        self.write_line_break()
+                    leading_space = (ch == ' ')
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            elif spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width:
+                        self.write_indent()
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+                spaces = (ch == ' ')
+            end += 1
+
+    def write_literal(self, text):
+        hints = self.determine_block_hints(text)
+        self.write_indicator('|'+hints, True)
+        if hints[-1:] == '+':
+            self.open_ended = True
+        self.write_line_break()
+        breaks = True
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if breaks:
+                if ch is None or ch not in '\n\x85\u2028\u2029':
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    if ch is not None:
+                        self.write_indent()
+                    start = end
+            else:
+                if ch is None or ch in '\n\x85\u2028\u2029':
+                    data = text[start:end]
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    if ch is None:
+                        self.write_line_break()
+                    start = end
+            if ch is not None:
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
+
+    def write_plain(self, text, split=True):
+        if self.root_context:
+            self.open_ended = True
+        if not text:
+            return
+        if not self.whitespace:
+            data = ' '
+            self.column += len(data)
+            if self.encoding:
+                data = data.encode(self.encoding)
+            self.stream.write(data)
+        self.whitespace = False
+        self.indention = False
+        spaces = False
+        breaks = False
+        start = end = 0
+        while end <= len(text):
+            ch = None
+            if end < len(text):
+                ch = text[end]
+            if spaces:
+                if ch != ' ':
+                    if start+1 == end and self.column > self.best_width and split:
+                        self.write_indent()
+                        self.whitespace = False
+                        self.indention = False
+                    else:
+                        data = text[start:end]
+                        self.column += len(data)
+                        if self.encoding:
+                            data = data.encode(self.encoding)
+                        self.stream.write(data)
+                    start = end
+            elif breaks:
+                if ch not in '\n\x85\u2028\u2029':
+                    if text[start] == '\n':
+                        self.write_line_break()
+                    for br in text[start:end]:
+                        if br == '\n':
+                            self.write_line_break()
+                        else:
+                            self.write_line_break(br)
+                    self.write_indent()
+                    self.whitespace = False
+                    self.indention = False
+                    start = end
+            else:
+                if ch is None or ch in ' \n\x85\u2028\u2029':
+                    data = text[start:end]
+                    self.column += len(data)
+                    if self.encoding:
+                        data = data.encode(self.encoding)
+                    self.stream.write(data)
+                    start = end
+            if ch is not None:
+                spaces = (ch == ' ')
+                breaks = (ch in '\n\x85\u2028\u2029')
+            end += 1
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/error.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/error.py
new file mode 100644
index 000000000..b796b4dc5
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/error.py
@@ -0,0 +1,75 @@
+
+__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
+
+class Mark:
+
+    def __init__(self, name, index, line, column, buffer, pointer):
+        self.name = name
+        self.index = index
+        self.line = line
+        self.column = column
+        self.buffer = buffer
+        self.pointer = pointer
+
+    def get_snippet(self, indent=4, max_length=75):
+        if self.buffer is None:
+            return None
+        head = ''
+        start = self.pointer
+        while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
+            start -= 1
+            if self.pointer-start > max_length/2-1:
+                head = ' ... '
+                start += 5
+                break
+        tail = ''
+        end = self.pointer
+        while end < len(self.buffer) and self.buffer[end] not in '\0\r\n\x85\u2028\u2029':
+            end += 1
+            if end-self.pointer > max_length/2-1:
+                tail = ' ... '
+                end -= 5
+                break
+        snippet = self.buffer[start:end]
+        return ' '*indent + head + snippet + tail + '\n'  \
+                + ' '*(indent+self.pointer-start+len(head)) + '^'
+
+    def __str__(self):
+        snippet = self.get_snippet()
+        where = "  in \"%s\", line %d, column %d"   \
+                % (self.name, self.line+1, self.column+1)
+        if snippet is not None:
+            where += ":\n"+snippet
+        return where
+
+class YAMLError(Exception):
+    pass
+
+class MarkedYAMLError(YAMLError):
+
+    def __init__(self, context=None, context_mark=None,
+            problem=None, problem_mark=None, note=None):
+        self.context = context
+        self.context_mark = context_mark
+        self.problem = problem
+        self.problem_mark = problem_mark
+        self.note = note
+
+    def __str__(self):
+        lines = []
+        if self.context is not None:
+            lines.append(self.context)
+        if self.context_mark is not None  \
+            and (self.problem is None or self.problem_mark is None
+                    or self.context_mark.name != self.problem_mark.name
+                    or self.context_mark.line != self.problem_mark.line
+                    or self.context_mark.column != self.problem_mark.column):
+            lines.append(str(self.context_mark))
+        if self.problem is not None:
+            lines.append(self.problem)
+        if self.problem_mark is not None:
+            lines.append(str(self.problem_mark))
+        if self.note is not None:
+            lines.append(self.note)
+        return '\n'.join(lines)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/events.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/events.py
new file mode 100644
index 000000000..f79ad389c
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/events.py
@@ -0,0 +1,86 @@
+
+# Abstract classes.
+
+class Event(object):
+    def __init__(self, start_mark=None, end_mark=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in ['anchor', 'tag', 'implicit', 'value']
+                if hasattr(self, key)]
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+class NodeEvent(Event):
+    def __init__(self, anchor, start_mark=None, end_mark=None):
+        self.anchor = anchor
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class CollectionStartEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, start_mark=None, end_mark=None,
+            flow_style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class CollectionEndEvent(Event):
+    pass
+
+# Implementations.
+
+class StreamStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None, encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndEvent(Event):
+    pass
+
+class DocumentStartEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None, version=None, tags=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+        self.version = version
+        self.tags = tags
+
+class DocumentEndEvent(Event):
+    def __init__(self, start_mark=None, end_mark=None,
+            explicit=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.explicit = explicit
+
+class AliasEvent(NodeEvent):
+    pass
+
+class ScalarEvent(NodeEvent):
+    def __init__(self, anchor, tag, implicit, value,
+            start_mark=None, end_mark=None, style=None):
+        self.anchor = anchor
+        self.tag = tag
+        self.implicit = implicit
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class SequenceStartEvent(CollectionStartEvent):
+    pass
+
+class SequenceEndEvent(CollectionEndEvent):
+    pass
+
+class MappingStartEvent(CollectionStartEvent):
+    pass
+
+class MappingEndEvent(CollectionEndEvent):
+    pass
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/loader.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/loader.py
new file mode 100644
index 000000000..e90c11224
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/loader.py
@@ -0,0 +1,63 @@
+
+__all__ = ['BaseLoader', 'FullLoader', 'SafeLoader', 'Loader', 'UnsafeLoader']
+
+from .reader import *
+from .scanner import *
+from .parser import *
+from .composer import *
+from .constructor import *
+from .resolver import *
+
+class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        BaseConstructor.__init__(self)
+        BaseResolver.__init__(self)
+
+class FullLoader(Reader, Scanner, Parser, Composer, FullConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        FullConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        SafeConstructor.__init__(self)
+        Resolver.__init__(self)
+
+class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
+
+# UnsafeLoader is the same as Loader (which is and was always unsafe on
+# untrusted input). Use of either Loader or UnsafeLoader should be rare, since
+# FullLoad should be able to load almost all YAML safely. Loader is left intact
+# to ensure backwards compatibility.
+class UnsafeLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
+
+    def __init__(self, stream):
+        Reader.__init__(self, stream)
+        Scanner.__init__(self)
+        Parser.__init__(self)
+        Composer.__init__(self)
+        Constructor.__init__(self)
+        Resolver.__init__(self)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/nodes.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/nodes.py
new file mode 100644
index 000000000..c4f070c41
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/nodes.py
@@ -0,0 +1,49 @@
+
+class Node(object):
+    def __init__(self, tag, value, start_mark, end_mark):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        value = self.value
+        #if isinstance(value, list):
+        #    if len(value) == 0:
+        #        value = '<empty>'
+        #    elif len(value) == 1:
+        #        value = '<1 item>'
+        #    else:
+        #        value = '<%d items>' % len(value)
+        #else:
+        #    if len(value) > 75:
+        #        value = repr(value[:70]+u' ... ')
+        #    else:
+        #        value = repr(value)
+        value = repr(value)
+        return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
+
+class ScalarNode(Node):
+    id = 'scalar'
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
+class CollectionNode(Node):
+    def __init__(self, tag, value,
+            start_mark=None, end_mark=None, flow_style=None):
+        self.tag = tag
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.flow_style = flow_style
+
+class SequenceNode(CollectionNode):
+    id = 'sequence'
+
+class MappingNode(CollectionNode):
+    id = 'mapping'
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/parser.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/parser.py
new file mode 100644
index 000000000..13a5995d2
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/parser.py
@@ -0,0 +1,589 @@
+
+# The following YAML grammar is LL(1) and is parsed by a recursive descent
+# parser.
+#
+# stream            ::= STREAM-START implicit_document? explicit_document* STREAM-END
+# implicit_document ::= block_node DOCUMENT-END*
+# explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+# block_node_or_indentless_sequence ::=
+#                       ALIAS
+#                       | properties (block_content | indentless_block_sequence)?
+#                       | block_content
+#                       | indentless_block_sequence
+# block_node        ::= ALIAS
+#                       | properties block_content?
+#                       | block_content
+# flow_node         ::= ALIAS
+#                       | properties flow_content?
+#                       | flow_content
+# properties        ::= TAG ANCHOR? | ANCHOR TAG?
+# block_content     ::= block_collection | flow_collection | SCALAR
+# flow_content      ::= flow_collection | SCALAR
+# block_collection  ::= block_sequence | block_mapping
+# flow_collection   ::= flow_sequence | flow_mapping
+# block_sequence    ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+# indentless_sequence   ::= (BLOCK-ENTRY block_node?)+
+# block_mapping     ::= BLOCK-MAPPING_START
+#                       ((KEY block_node_or_indentless_sequence?)?
+#                       (VALUE block_node_or_indentless_sequence?)?)*
+#                       BLOCK-END
+# flow_sequence     ::= FLOW-SEQUENCE-START
+#                       (flow_sequence_entry FLOW-ENTRY)*
+#                       flow_sequence_entry?
+#                       FLOW-SEQUENCE-END
+# flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+# flow_mapping      ::= FLOW-MAPPING-START
+#                       (flow_mapping_entry FLOW-ENTRY)*
+#                       flow_mapping_entry?
+#                       FLOW-MAPPING-END
+# flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+#
+# FIRST sets:
+#
+# stream: { STREAM-START }
+# explicit_document: { DIRECTIVE DOCUMENT-START }
+# implicit_document: FIRST(block_node)
+# block_node: { ALIAS TAG ANCHOR SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_node: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_content: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# flow_content: { FLOW-SEQUENCE-START FLOW-MAPPING-START SCALAR }
+# block_collection: { BLOCK-SEQUENCE-START BLOCK-MAPPING-START }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# block_sequence: { BLOCK-SEQUENCE-START }
+# block_mapping: { BLOCK-MAPPING-START }
+# block_node_or_indentless_sequence: { ALIAS ANCHOR TAG SCALAR BLOCK-SEQUENCE-START BLOCK-MAPPING-START FLOW-SEQUENCE-START FLOW-MAPPING-START BLOCK-ENTRY }
+# indentless_sequence: { ENTRY }
+# flow_collection: { FLOW-SEQUENCE-START FLOW-MAPPING-START }
+# flow_sequence: { FLOW-SEQUENCE-START }
+# flow_mapping: { FLOW-MAPPING-START }
+# flow_sequence_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+# flow_mapping_entry: { ALIAS ANCHOR TAG SCALAR FLOW-SEQUENCE-START FLOW-MAPPING-START KEY }
+
+__all__ = ['Parser', 'ParserError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+from .events import *
+from .scanner import *
+
+class ParserError(MarkedYAMLError):
+    pass
+
+class Parser:
+    # Since writing a recursive-descendant parser is a straightforward task, we
+    # do not give many comments here.
+
+    DEFAULT_TAGS = {
+        '!':   '!',
+        '!!':  'tag:yaml.org,2002:',
+    }
+
+    def __init__(self):
+        self.current_event = None
+        self.yaml_version = None
+        self.tag_handles = {}
+        self.states = []
+        self.marks = []
+        self.state = self.parse_stream_start
+
+    def dispose(self):
+        # Reset the state attributes (to clear self-references)
+        self.states = []
+        self.state = None
+
+    def check_event(self, *choices):
+        # Check the type of the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        if self.current_event is not None:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.current_event, choice):
+                    return True
+        return False
+
+    def peek_event(self):
+        # Get the next event.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        return self.current_event
+
+    def get_event(self):
+        # Get the next event and proceed further.
+        if self.current_event is None:
+            if self.state:
+                self.current_event = self.state()
+        value = self.current_event
+        self.current_event = None
+        return value
+
+    # stream    ::= STREAM-START implicit_document? explicit_document* STREAM-END
+    # implicit_document ::= block_node DOCUMENT-END*
+    # explicit_document ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+
+    def parse_stream_start(self):
+
+        # Parse the stream start.
+        token = self.get_token()
+        event = StreamStartEvent(token.start_mark, token.end_mark,
+                encoding=token.encoding)
+
+        # Prepare the next state.
+        self.state = self.parse_implicit_document_start
+
+        return event
+
+    def parse_implicit_document_start(self):
+
+        # Parse an implicit document.
+        if not self.check_token(DirectiveToken, DocumentStartToken,
+                StreamEndToken):
+            self.tag_handles = self.DEFAULT_TAGS
+            token = self.peek_token()
+            start_mark = end_mark = token.start_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=False)
+
+            # Prepare the next state.
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_block_node
+
+            return event
+
+        else:
+            return self.parse_document_start()
+
+    def parse_document_start(self):
+
+        # Parse any extra document end indicators.
+        while self.check_token(DocumentEndToken):
+            self.get_token()
+
+        # Parse an explicit document.
+        if not self.check_token(StreamEndToken):
+            token = self.peek_token()
+            start_mark = token.start_mark
+            version, tags = self.process_directives()
+            if not self.check_token(DocumentStartToken):
+                raise ParserError(None, None,
+                        "expected '<document start>', but found %r"
+                        % self.peek_token().id,
+                        self.peek_token().start_mark)
+            token = self.get_token()
+            end_mark = token.end_mark
+            event = DocumentStartEvent(start_mark, end_mark,
+                    explicit=True, version=version, tags=tags)
+            self.states.append(self.parse_document_end)
+            self.state = self.parse_document_content
+        else:
+            # Parse the end of the stream.
+            token = self.get_token()
+            event = StreamEndEvent(token.start_mark, token.end_mark)
+            assert not self.states
+            assert not self.marks
+            self.state = None
+        return event
+
+    def parse_document_end(self):
+
+        # Parse the document end.
+        token = self.peek_token()
+        start_mark = end_mark = token.start_mark
+        explicit = False
+        if self.check_token(DocumentEndToken):
+            token = self.get_token()
+            end_mark = token.end_mark
+            explicit = True
+        event = DocumentEndEvent(start_mark, end_mark,
+                explicit=explicit)
+
+        # Prepare the next state.
+        self.state = self.parse_document_start
+
+        return event
+
+    def parse_document_content(self):
+        if self.check_token(DirectiveToken,
+                DocumentStartToken, DocumentEndToken, StreamEndToken):
+            event = self.process_empty_scalar(self.peek_token().start_mark)
+            self.state = self.states.pop()
+            return event
+        else:
+            return self.parse_block_node()
+
+    def process_directives(self):
+        self.yaml_version = None
+        self.tag_handles = {}
+        while self.check_token(DirectiveToken):
+            token = self.get_token()
+            if token.name == 'YAML':
+                if self.yaml_version is not None:
+                    raise ParserError(None, None,
+                            "found duplicate YAML directive", token.start_mark)
+                major, minor = token.value
+                if major != 1:
+                    raise ParserError(None, None,
+                            "found incompatible YAML document (version 1.* is required)",
+                            token.start_mark)
+                self.yaml_version = token.value
+            elif token.name == 'TAG':
+                handle, prefix = token.value
+                if handle in self.tag_handles:
+                    raise ParserError(None, None,
+                            "duplicate tag handle %r" % handle,
+                            token.start_mark)
+                self.tag_handles[handle] = prefix
+        if self.tag_handles:
+            value = self.yaml_version, self.tag_handles.copy()
+        else:
+            value = self.yaml_version, None
+        for key in self.DEFAULT_TAGS:
+            if key not in self.tag_handles:
+                self.tag_handles[key] = self.DEFAULT_TAGS[key]
+        return value
+
+    # block_node_or_indentless_sequence ::= ALIAS
+    #               | properties (block_content | indentless_block_sequence)?
+    #               | block_content
+    #               | indentless_block_sequence
+    # block_node    ::= ALIAS
+    #                   | properties block_content?
+    #                   | block_content
+    # flow_node     ::= ALIAS
+    #                   | properties flow_content?
+    #                   | flow_content
+    # properties    ::= TAG ANCHOR? | ANCHOR TAG?
+    # block_content     ::= block_collection | flow_collection | SCALAR
+    # flow_content      ::= flow_collection | SCALAR
+    # block_collection  ::= block_sequence | block_mapping
+    # flow_collection   ::= flow_sequence | flow_mapping
+
+    def parse_block_node(self):
+        return self.parse_node(block=True)
+
+    def parse_flow_node(self):
+        return self.parse_node()
+
+    def parse_block_node_or_indentless_sequence(self):
+        return self.parse_node(block=True, indentless_sequence=True)
+
+    def parse_node(self, block=False, indentless_sequence=False):
+        if self.check_token(AliasToken):
+            token = self.get_token()
+            event = AliasEvent(token.value, token.start_mark, token.end_mark)
+            self.state = self.states.pop()
+        else:
+            anchor = None
+            tag = None
+            start_mark = end_mark = tag_mark = None
+            if self.check_token(AnchorToken):
+                token = self.get_token()
+                start_mark = token.start_mark
+                end_mark = token.end_mark
+                anchor = token.value
+                if self.check_token(TagToken):
+                    token = self.get_token()
+                    tag_mark = token.start_mark
+                    end_mark = token.end_mark
+                    tag = token.value
+            elif self.check_token(TagToken):
+                token = self.get_token()
+                start_mark = tag_mark = token.start_mark
+                end_mark = token.end_mark
+                tag = token.value
+                if self.check_token(AnchorToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    anchor = token.value
+            if tag is not None:
+                handle, suffix = tag
+                if handle is not None:
+                    if handle not in self.tag_handles:
+                        raise ParserError("while parsing a node", start_mark,
+                                "found undefined tag handle %r" % handle,
+                                tag_mark)
+                    tag = self.tag_handles[handle]+suffix
+                else:
+                    tag = suffix
+            #if tag == '!':
+            #    raise ParserError("while parsing a node", start_mark,
+            #            "found non-specific tag '!'", tag_mark,
+            #            "Please check 'http://pyyaml.org/wiki/YAMLNonSpecificTag' and share your opinion.")
+            if start_mark is None:
+                start_mark = end_mark = self.peek_token().start_mark
+            event = None
+            implicit = (tag is None or tag == '!')
+            if indentless_sequence and self.check_token(BlockEntryToken):
+                end_mark = self.peek_token().end_mark
+                event = SequenceStartEvent(anchor, tag, implicit,
+                        start_mark, end_mark)
+                self.state = self.parse_indentless_sequence_entry
+            else:
+                if self.check_token(ScalarToken):
+                    token = self.get_token()
+                    end_mark = token.end_mark
+                    if (token.plain and tag is None) or tag == '!':
+                        implicit = (True, False)
+                    elif tag is None:
+                        implicit = (False, True)
+                    else:
+                        implicit = (False, False)
+                    event = ScalarEvent(anchor, tag, implicit, token.value,
+                            start_mark, end_mark, style=token.style)
+                    self.state = self.states.pop()
+                elif self.check_token(FlowSequenceStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_sequence_first_entry
+                elif self.check_token(FlowMappingStartToken):
+                    end_mark = self.peek_token().end_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=True)
+                    self.state = self.parse_flow_mapping_first_key
+                elif block and self.check_token(BlockSequenceStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = SequenceStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_sequence_first_entry
+                elif block and self.check_token(BlockMappingStartToken):
+                    end_mark = self.peek_token().start_mark
+                    event = MappingStartEvent(anchor, tag, implicit,
+                            start_mark, end_mark, flow_style=False)
+                    self.state = self.parse_block_mapping_first_key
+                elif anchor is not None or tag is not None:
+                    # Empty scalars are allowed even if a tag or an anchor is
+                    # specified.
+                    event = ScalarEvent(anchor, tag, (implicit, False), '',
+                            start_mark, end_mark)
+                    self.state = self.states.pop()
+                else:
+                    if block:
+                        node = 'block'
+                    else:
+                        node = 'flow'
+                    token = self.peek_token()
+                    raise ParserError("while parsing a %s node" % node, start_mark,
+                            "expected the node content, but found %r" % token.id,
+                            token.start_mark)
+        return event
+
+    # block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+
+    def parse_block_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_sequence_entry()
+
+    def parse_block_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken, BlockEndToken):
+                self.states.append(self.parse_block_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_block_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block collection", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    # indentless_sequence ::= (BLOCK-ENTRY block_node?)+
+
+    def parse_indentless_sequence_entry(self):
+        if self.check_token(BlockEntryToken):
+            token = self.get_token()
+            if not self.check_token(BlockEntryToken,
+                    KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_indentless_sequence_entry)
+                return self.parse_block_node()
+            else:
+                self.state = self.parse_indentless_sequence_entry
+                return self.process_empty_scalar(token.end_mark)
+        token = self.peek_token()
+        event = SequenceEndEvent(token.start_mark, token.start_mark)
+        self.state = self.states.pop()
+        return event
+
+    # block_mapping     ::= BLOCK-MAPPING_START
+    #                       ((KEY block_node_or_indentless_sequence?)?
+    #                       (VALUE block_node_or_indentless_sequence?)?)*
+    #                       BLOCK-END
+
+    def parse_block_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_block_mapping_key()
+
+    def parse_block_mapping_key(self):
+        if self.check_token(KeyToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_value)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_value
+                return self.process_empty_scalar(token.end_mark)
+        if not self.check_token(BlockEndToken):
+            token = self.peek_token()
+            raise ParserError("while parsing a block mapping", self.marks[-1],
+                    "expected <block end>, but found %r" % token.id, token.start_mark)
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_block_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(KeyToken, ValueToken, BlockEndToken):
+                self.states.append(self.parse_block_mapping_key)
+                return self.parse_block_node_or_indentless_sequence()
+            else:
+                self.state = self.parse_block_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_block_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    # flow_sequence     ::= FLOW-SEQUENCE-START
+    #                       (flow_sequence_entry FLOW-ENTRY)*
+    #                       flow_sequence_entry?
+    #                       FLOW-SEQUENCE-END
+    # flow_sequence_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+    #
+    # Note that while production rules for both flow_sequence_entry and
+    # flow_mapping_entry are equal, their interpretations are different.
+    # For `flow_sequence_entry`, the part `KEY flow_node? (VALUE flow_node?)?`
+    # generate an inline mapping (set syntax).
+
+    def parse_flow_sequence_first_entry(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_sequence_entry(first=True)
+
+    def parse_flow_sequence_entry(self, first=False):
+        if not self.check_token(FlowSequenceEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow sequence", self.marks[-1],
+                            "expected ',' or ']', but got %r" % token.id, token.start_mark)
+            
+            if self.check_token(KeyToken):
+                token = self.peek_token()
+                event = MappingStartEvent(None, None, True,
+                        token.start_mark, token.end_mark,
+                        flow_style=True)
+                self.state = self.parse_flow_sequence_entry_mapping_key
+                return event
+            elif not self.check_token(FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = SequenceEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_sequence_entry_mapping_key(self):
+        token = self.get_token()
+        if not self.check_token(ValueToken,
+                FlowEntryToken, FlowSequenceEndToken):
+            self.states.append(self.parse_flow_sequence_entry_mapping_value)
+            return self.parse_flow_node()
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_value
+            return self.process_empty_scalar(token.end_mark)
+
+    def parse_flow_sequence_entry_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowSequenceEndToken):
+                self.states.append(self.parse_flow_sequence_entry_mapping_end)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_sequence_entry_mapping_end
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_sequence_entry_mapping_end
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_sequence_entry_mapping_end(self):
+        self.state = self.parse_flow_sequence_entry
+        token = self.peek_token()
+        return MappingEndEvent(token.start_mark, token.start_mark)
+
+    # flow_mapping  ::= FLOW-MAPPING-START
+    #                   (flow_mapping_entry FLOW-ENTRY)*
+    #                   flow_mapping_entry?
+    #                   FLOW-MAPPING-END
+    # flow_mapping_entry    ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+    def parse_flow_mapping_first_key(self):
+        token = self.get_token()
+        self.marks.append(token.start_mark)
+        return self.parse_flow_mapping_key(first=True)
+
+    def parse_flow_mapping_key(self, first=False):
+        if not self.check_token(FlowMappingEndToken):
+            if not first:
+                if self.check_token(FlowEntryToken):
+                    self.get_token()
+                else:
+                    token = self.peek_token()
+                    raise ParserError("while parsing a flow mapping", self.marks[-1],
+                            "expected ',' or '}', but got %r" % token.id, token.start_mark)
+            if self.check_token(KeyToken):
+                token = self.get_token()
+                if not self.check_token(ValueToken,
+                        FlowEntryToken, FlowMappingEndToken):
+                    self.states.append(self.parse_flow_mapping_value)
+                    return self.parse_flow_node()
+                else:
+                    self.state = self.parse_flow_mapping_value
+                    return self.process_empty_scalar(token.end_mark)
+            elif not self.check_token(FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_empty_value)
+                return self.parse_flow_node()
+        token = self.get_token()
+        event = MappingEndEvent(token.start_mark, token.end_mark)
+        self.state = self.states.pop()
+        self.marks.pop()
+        return event
+
+    def parse_flow_mapping_value(self):
+        if self.check_token(ValueToken):
+            token = self.get_token()
+            if not self.check_token(FlowEntryToken, FlowMappingEndToken):
+                self.states.append(self.parse_flow_mapping_key)
+                return self.parse_flow_node()
+            else:
+                self.state = self.parse_flow_mapping_key
+                return self.process_empty_scalar(token.end_mark)
+        else:
+            self.state = self.parse_flow_mapping_key
+            token = self.peek_token()
+            return self.process_empty_scalar(token.start_mark)
+
+    def parse_flow_mapping_empty_value(self):
+        self.state = self.parse_flow_mapping_key
+        return self.process_empty_scalar(self.peek_token().start_mark)
+
+    def process_empty_scalar(self, mark):
+        return ScalarEvent(None, None, (True, False), '', mark, mark)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/reader.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/reader.py
new file mode 100644
index 000000000..774b0219b
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/reader.py
@@ -0,0 +1,185 @@
+# This module contains abstractions for the input stream. You don't have to
+# looks further, there are no pretty code.
+#
+# We define two classes here.
+#
+#   Mark(source, line, column)
+# It's just a record and its only use is producing nice error messages.
+# Parser does not use it for any other purposes.
+#
+#   Reader(source, data)
+# Reader determines the encoding of `data` and converts it to unicode.
+# Reader provides the following methods and attributes:
+#   reader.peek(length=1) - return the next `length` characters
+#   reader.forward(length=1) - move the current position to `length` characters.
+#   reader.index - the number of the current character.
+#   reader.line, stream.column - the line and the column of the current character.
+
+__all__ = ['Reader', 'ReaderError']
+
+from .error import YAMLError, Mark
+
+import codecs, re
+
+class ReaderError(YAMLError):
+
+    def __init__(self, name, position, character, encoding, reason):
+        self.name = name
+        self.character = character
+        self.position = position
+        self.encoding = encoding
+        self.reason = reason
+
+    def __str__(self):
+        if isinstance(self.character, bytes):
+            return "'%s' codec can't decode byte #x%02x: %s\n"  \
+                    "  in \"%s\", position %d"    \
+                    % (self.encoding, ord(self.character), self.reason,
+                            self.name, self.position)
+        else:
+            return "unacceptable character #x%04x: %s\n"    \
+                    "  in \"%s\", position %d"    \
+                    % (self.character, self.reason,
+                            self.name, self.position)
+
+class Reader(object):
+    # Reader:
+    # - determines the data encoding and converts it to a unicode string,
+    # - checks if characters are in allowed range,
+    # - adds '\0' to the end.
+
+    # Reader accepts
+    #  - a `bytes` object,
+    #  - a `str` object,
+    #  - a file-like object with its `read` method returning `str`,
+    #  - a file-like object with its `read` method returning `unicode`.
+
+    # Yeah, it's ugly and slow.
+
+    def __init__(self, stream):
+        self.name = None
+        self.stream = None
+        self.stream_pointer = 0
+        self.eof = True
+        self.buffer = ''
+        self.pointer = 0
+        self.raw_buffer = None
+        self.raw_decode = None
+        self.encoding = None
+        self.index = 0
+        self.line = 0
+        self.column = 0
+        if isinstance(stream, str):
+            self.name = "<unicode string>"
+            self.check_printable(stream)
+            self.buffer = stream+'\0'
+        elif isinstance(stream, bytes):
+            self.name = "<byte string>"
+            self.raw_buffer = stream
+            self.determine_encoding()
+        else:
+            self.stream = stream
+            self.name = getattr(stream, 'name', "<file>")
+            self.eof = False
+            self.raw_buffer = None
+            self.determine_encoding()
+
+    def peek(self, index=0):
+        try:
+            return self.buffer[self.pointer+index]
+        except IndexError:
+            self.update(index+1)
+            return self.buffer[self.pointer+index]
+
+    def prefix(self, length=1):
+        if self.pointer+length >= len(self.buffer):
+            self.update(length)
+        return self.buffer[self.pointer:self.pointer+length]
+
+    def forward(self, length=1):
+        if self.pointer+length+1 >= len(self.buffer):
+            self.update(length+1)
+        while length:
+            ch = self.buffer[self.pointer]
+            self.pointer += 1
+            self.index += 1
+            if ch in '\n\x85\u2028\u2029'  \
+                    or (ch == '\r' and self.buffer[self.pointer] != '\n'):
+                self.line += 1
+                self.column = 0
+            elif ch != '\uFEFF':
+                self.column += 1
+            length -= 1
+
+    def get_mark(self):
+        if self.stream is None:
+            return Mark(self.name, self.index, self.line, self.column,
+                    self.buffer, self.pointer)
+        else:
+            return Mark(self.name, self.index, self.line, self.column,
+                    None, None)
+
+    def determine_encoding(self):
+        while not self.eof and (self.raw_buffer is None or len(self.raw_buffer) < 2):
+            self.update_raw()
+        if isinstance(self.raw_buffer, bytes):
+            if self.raw_buffer.startswith(codecs.BOM_UTF16_LE):
+                self.raw_decode = codecs.utf_16_le_decode
+                self.encoding = 'utf-16-le'
+            elif self.raw_buffer.startswith(codecs.BOM_UTF16_BE):
+                self.raw_decode = codecs.utf_16_be_decode
+                self.encoding = 'utf-16-be'
+            else:
+                self.raw_decode = codecs.utf_8_decode
+                self.encoding = 'utf-8'
+        self.update(1)
+
+    NON_PRINTABLE = re.compile('[^\x09\x0A\x0D\x20-\x7E\x85\xA0-\uD7FF\uE000-\uFFFD\U00010000-\U0010ffff]')
+    def check_printable(self, data):
+        match = self.NON_PRINTABLE.search(data)
+        if match:
+            character = match.group()
+            position = self.index+(len(self.buffer)-self.pointer)+match.start()
+            raise ReaderError(self.name, position, ord(character),
+                    'unicode', "special characters are not allowed")
+
+    def update(self, length):
+        if self.raw_buffer is None:
+            return
+        self.buffer = self.buffer[self.pointer:]
+        self.pointer = 0
+        while len(self.buffer) < length:
+            if not self.eof:
+                self.update_raw()
+            if self.raw_decode is not None:
+                try:
+                    data, converted = self.raw_decode(self.raw_buffer,
+                            'strict', self.eof)
+                except UnicodeDecodeError as exc:
+                    character = self.raw_buffer[exc.start]
+                    if self.stream is not None:
+                        position = self.stream_pointer-len(self.raw_buffer)+exc.start
+                    else:
+                        position = exc.start
+                    raise ReaderError(self.name, position, character,
+                            exc.encoding, exc.reason)
+            else:
+                data = self.raw_buffer
+                converted = len(data)
+            self.check_printable(data)
+            self.buffer += data
+            self.raw_buffer = self.raw_buffer[converted:]
+            if self.eof:
+                self.buffer += '\0'
+                self.raw_buffer = None
+                break
+
+    def update_raw(self, size=4096):
+        data = self.stream.read(size)
+        if self.raw_buffer is None:
+            self.raw_buffer = data
+        else:
+            self.raw_buffer += data
+        self.stream_pointer += len(data)
+        if not data:
+            self.eof = True
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/representer.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/representer.py
new file mode 100644
index 000000000..808ca06df
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/representer.py
@@ -0,0 +1,389 @@
+
+__all__ = ['BaseRepresenter', 'SafeRepresenter', 'Representer',
+    'RepresenterError']
+
+from .error import *
+from .nodes import *
+
+import datetime, copyreg, types, base64, collections
+
+class RepresenterError(YAMLError):
+    pass
+
+class BaseRepresenter:
+
+    yaml_representers = {}
+    yaml_multi_representers = {}
+
+    def __init__(self, default_style=None, default_flow_style=False, sort_keys=True):
+        self.default_style = default_style
+        self.sort_keys = sort_keys
+        self.default_flow_style = default_flow_style
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent(self, data):
+        node = self.represent_data(data)
+        self.serialize(node)
+        self.represented_objects = {}
+        self.object_keeper = []
+        self.alias_key = None
+
+    def represent_data(self, data):
+        if self.ignore_aliases(data):
+            self.alias_key = None
+        else:
+            self.alias_key = id(data)
+        if self.alias_key is not None:
+            if self.alias_key in self.represented_objects:
+                node = self.represented_objects[self.alias_key]
+                #if node is None:
+                #    raise RepresenterError("recursive objects are not allowed: %r" % data)
+                return node
+            #self.represented_objects[alias_key] = None
+            self.object_keeper.append(data)
+        data_types = type(data).__mro__
+        if data_types[0] in self.yaml_representers:
+            node = self.yaml_representers[data_types[0]](self, data)
+        else:
+            for data_type in data_types:
+                if data_type in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[data_type](self, data)
+                    break
+            else:
+                if None in self.yaml_multi_representers:
+                    node = self.yaml_multi_representers[None](self, data)
+                elif None in self.yaml_representers:
+                    node = self.yaml_representers[None](self, data)
+                else:
+                    node = ScalarNode(None, str(data))
+        #if alias_key is not None:
+        #    self.represented_objects[alias_key] = node
+        return node
+
+    @classmethod
+    def add_representer(cls, data_type, representer):
+        if not 'yaml_representers' in cls.__dict__:
+            cls.yaml_representers = cls.yaml_representers.copy()
+        cls.yaml_representers[data_type] = representer
+
+    @classmethod
+    def add_multi_representer(cls, data_type, representer):
+        if not 'yaml_multi_representers' in cls.__dict__:
+            cls.yaml_multi_representers = cls.yaml_multi_representers.copy()
+        cls.yaml_multi_representers[data_type] = representer
+
+    def represent_scalar(self, tag, value, style=None):
+        if style is None:
+            style = self.default_style
+        node = ScalarNode(tag, value, style=style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        return node
+
+    def represent_sequence(self, tag, sequence, flow_style=None):
+        value = []
+        node = SequenceNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        for item in sequence:
+            node_item = self.represent_data(item)
+            if not (isinstance(node_item, ScalarNode) and not node_item.style):
+                best_style = False
+            value.append(node_item)
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def represent_mapping(self, tag, mapping, flow_style=None):
+        value = []
+        node = MappingNode(tag, value, flow_style=flow_style)
+        if self.alias_key is not None:
+            self.represented_objects[self.alias_key] = node
+        best_style = True
+        if hasattr(mapping, 'items'):
+            mapping = list(mapping.items())
+            if self.sort_keys:
+                try:
+                    mapping = sorted(mapping)
+                except TypeError:
+                    pass
+        for item_key, item_value in mapping:
+            node_key = self.represent_data(item_key)
+            node_value = self.represent_data(item_value)
+            if not (isinstance(node_key, ScalarNode) and not node_key.style):
+                best_style = False
+            if not (isinstance(node_value, ScalarNode) and not node_value.style):
+                best_style = False
+            value.append((node_key, node_value))
+        if flow_style is None:
+            if self.default_flow_style is not None:
+                node.flow_style = self.default_flow_style
+            else:
+                node.flow_style = best_style
+        return node
+
+    def ignore_aliases(self, data):
+        return False
+
+class SafeRepresenter(BaseRepresenter):
+
+    def ignore_aliases(self, data):
+        if data is None:
+            return True
+        if isinstance(data, tuple) and data == ():
+            return True
+        if isinstance(data, (str, bytes, bool, int, float)):
+            return True
+
+    def represent_none(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:null', 'null')
+
+    def represent_str(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:str', data)
+
+    def represent_binary(self, data):
+        if hasattr(base64, 'encodebytes'):
+            data = base64.encodebytes(data).decode('ascii')
+        else:
+            data = base64.encodestring(data).decode('ascii')
+        return self.represent_scalar('tag:yaml.org,2002:binary', data, style='|')
+
+    def represent_bool(self, data):
+        if data:
+            value = 'true'
+        else:
+            value = 'false'
+        return self.represent_scalar('tag:yaml.org,2002:bool', value)
+
+    def represent_int(self, data):
+        return self.represent_scalar('tag:yaml.org,2002:int', str(data))
+
+    inf_value = 1e300
+    while repr(inf_value) != repr(inf_value*inf_value):
+        inf_value *= inf_value
+
+    def represent_float(self, data):
+        if data != data or (data == 0.0 and data == 1.0):
+            value = '.nan'
+        elif data == self.inf_value:
+            value = '.inf'
+        elif data == -self.inf_value:
+            value = '-.inf'
+        else:
+            value = repr(data).lower()
+            # Note that in some cases `repr(data)` represents a float number
+            # without the decimal parts.  For instance:
+            #   >>> repr(1e17)
+            #   '1e17'
+            # Unfortunately, this is not a valid float representation according
+            # to the definition of the `!!float` tag.  We fix this by adding
+            # '.0' before the 'e' symbol.
+            if '.' not in value and 'e' in value:
+                value = value.replace('e', '.0e', 1)
+        return self.represent_scalar('tag:yaml.org,2002:float', value)
+
+    def represent_list(self, data):
+        #pairs = (len(data) > 0 and isinstance(data, list))
+        #if pairs:
+        #    for item in data:
+        #        if not isinstance(item, tuple) or len(item) != 2:
+        #            pairs = False
+        #            break
+        #if not pairs:
+            return self.represent_sequence('tag:yaml.org,2002:seq', data)
+        #value = []
+        #for item_key, item_value in data:
+        #    value.append(self.represent_mapping(u'tag:yaml.org,2002:map',
+        #        [(item_key, item_value)]))
+        #return SequenceNode(u'tag:yaml.org,2002:pairs', value)
+
+    def represent_dict(self, data):
+        return self.represent_mapping('tag:yaml.org,2002:map', data)
+
+    def represent_set(self, data):
+        value = {}
+        for key in data:
+            value[key] = None
+        return self.represent_mapping('tag:yaml.org,2002:set', value)
+
+    def represent_date(self, data):
+        value = data.isoformat()
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_datetime(self, data):
+        value = data.isoformat(' ')
+        return self.represent_scalar('tag:yaml.org,2002:timestamp', value)
+
+    def represent_yaml_object(self, tag, data, cls, flow_style=None):
+        if hasattr(data, '__getstate__'):
+            state = data.__getstate__()
+        else:
+            state = data.__dict__.copy()
+        return self.represent_mapping(tag, state, flow_style=flow_style)
+
+    def represent_undefined(self, data):
+        raise RepresenterError("cannot represent an object", data)
+
+SafeRepresenter.add_representer(type(None),
+        SafeRepresenter.represent_none)
+
+SafeRepresenter.add_representer(str,
+        SafeRepresenter.represent_str)
+
+SafeRepresenter.add_representer(bytes,
+        SafeRepresenter.represent_binary)
+
+SafeRepresenter.add_representer(bool,
+        SafeRepresenter.represent_bool)
+
+SafeRepresenter.add_representer(int,
+        SafeRepresenter.represent_int)
+
+SafeRepresenter.add_representer(float,
+        SafeRepresenter.represent_float)
+
+SafeRepresenter.add_representer(list,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(tuple,
+        SafeRepresenter.represent_list)
+
+SafeRepresenter.add_representer(dict,
+        SafeRepresenter.represent_dict)
+
+SafeRepresenter.add_representer(set,
+        SafeRepresenter.represent_set)
+
+SafeRepresenter.add_representer(datetime.date,
+        SafeRepresenter.represent_date)
+
+SafeRepresenter.add_representer(datetime.datetime,
+        SafeRepresenter.represent_datetime)
+
+SafeRepresenter.add_representer(None,
+        SafeRepresenter.represent_undefined)
+
+class Representer(SafeRepresenter):
+
+    def represent_complex(self, data):
+        if data.imag == 0.0:
+            data = '%r' % data.real
+        elif data.real == 0.0:
+            data = '%rj' % data.imag
+        elif data.imag > 0:
+            data = '%r+%rj' % (data.real, data.imag)
+        else:
+            data = '%r%rj' % (data.real, data.imag)
+        return self.represent_scalar('tag:yaml.org,2002:python/complex', data)
+
+    def represent_tuple(self, data):
+        return self.represent_sequence('tag:yaml.org,2002:python/tuple', data)
+
+    def represent_name(self, data):
+        name = '%s.%s' % (data.__module__, data.__name__)
+        return self.represent_scalar('tag:yaml.org,2002:python/name:'+name, '')
+
+    def represent_module(self, data):
+        return self.represent_scalar(
+                'tag:yaml.org,2002:python/module:'+data.__name__, '')
+
+    def represent_object(self, data):
+        # We use __reduce__ API to save the data. data.__reduce__ returns
+        # a tuple of length 2-5:
+        #   (function, args, state, listitems, dictitems)
+
+        # For reconstructing, we calls function(*args), then set its state,
+        # listitems, and dictitems if they are not None.
+
+        # A special case is when function.__name__ == '__newobj__'. In this
+        # case we create the object with args[0].__new__(*args).
+
+        # Another special case is when __reduce__ returns a string - we don't
+        # support it.
+
+        # We produce a !!python/object, !!python/object/new or
+        # !!python/object/apply node.
+
+        cls = type(data)
+        if cls in copyreg.dispatch_table:
+            reduce = copyreg.dispatch_table[cls](data)
+        elif hasattr(data, '__reduce_ex__'):
+            reduce = data.__reduce_ex__(2)
+        elif hasattr(data, '__reduce__'):
+            reduce = data.__reduce__()
+        else:
+            raise RepresenterError("cannot represent an object", data)
+        reduce = (list(reduce)+[None]*5)[:5]
+        function, args, state, listitems, dictitems = reduce
+        args = list(args)
+        if state is None:
+            state = {}
+        if listitems is not None:
+            listitems = list(listitems)
+        if dictitems is not None:
+            dictitems = dict(dictitems)
+        if function.__name__ == '__newobj__':
+            function = args[0]
+            args = args[1:]
+            tag = 'tag:yaml.org,2002:python/object/new:'
+            newobj = True
+        else:
+            tag = 'tag:yaml.org,2002:python/object/apply:'
+            newobj = False
+        function_name = '%s.%s' % (function.__module__, function.__name__)
+        if not args and not listitems and not dictitems \
+                and isinstance(state, dict) and newobj:
+            return self.represent_mapping(
+                    'tag:yaml.org,2002:python/object:'+function_name, state)
+        if not listitems and not dictitems  \
+                and isinstance(state, dict) and not state:
+            return self.represent_sequence(tag+function_name, args)
+        value = {}
+        if args:
+            value['args'] = args
+        if state or not isinstance(state, dict):
+            value['state'] = state
+        if listitems:
+            value['listitems'] = listitems
+        if dictitems:
+            value['dictitems'] = dictitems
+        return self.represent_mapping(tag+function_name, value)
+
+    def represent_ordered_dict(self, data):
+        # Provide uniform representation across different Python versions.
+        data_type = type(data)
+        tag = 'tag:yaml.org,2002:python/object/apply:%s.%s' \
+                % (data_type.__module__, data_type.__name__)
+        items = [[key, value] for key, value in data.items()]
+        return self.represent_sequence(tag, [items])
+
+Representer.add_representer(complex,
+        Representer.represent_complex)
+
+Representer.add_representer(tuple,
+        Representer.represent_tuple)
+
+Representer.add_multi_representer(type,
+        Representer.represent_name)
+
+Representer.add_representer(collections.OrderedDict,
+        Representer.represent_ordered_dict)
+
+Representer.add_representer(types.FunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.BuiltinFunctionType,
+        Representer.represent_name)
+
+Representer.add_representer(types.ModuleType,
+        Representer.represent_module)
+
+Representer.add_multi_representer(object,
+        Representer.represent_object)
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/resolver.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/resolver.py
new file mode 100644
index 000000000..3522bdaaf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/resolver.py
@@ -0,0 +1,227 @@
+
+__all__ = ['BaseResolver', 'Resolver']
+
+from .error import *
+from .nodes import *
+
+import re
+
+class ResolverError(YAMLError):
+    pass
+
+class BaseResolver:
+
+    DEFAULT_SCALAR_TAG = 'tag:yaml.org,2002:str'
+    DEFAULT_SEQUENCE_TAG = 'tag:yaml.org,2002:seq'
+    DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map'
+
+    yaml_implicit_resolvers = {}
+    yaml_path_resolvers = {}
+
+    def __init__(self):
+        self.resolver_exact_paths = []
+        self.resolver_prefix_paths = []
+
+    @classmethod
+    def add_implicit_resolver(cls, tag, regexp, first):
+        if not 'yaml_implicit_resolvers' in cls.__dict__:
+            implicit_resolvers = {}
+            for key in cls.yaml_implicit_resolvers:
+                implicit_resolvers[key] = cls.yaml_implicit_resolvers[key][:]
+            cls.yaml_implicit_resolvers = implicit_resolvers
+        if first is None:
+            first = [None]
+        for ch in first:
+            cls.yaml_implicit_resolvers.setdefault(ch, []).append((tag, regexp))
+
+    @classmethod
+    def add_path_resolver(cls, tag, path, kind=None):
+        # Note: `add_path_resolver` is experimental.  The API could be changed.
+        # `new_path` is a pattern that is matched against the path from the
+        # root to the node that is being considered.  `node_path` elements are
+        # tuples `(node_check, index_check)`.  `node_check` is a node class:
+        # `ScalarNode`, `SequenceNode`, `MappingNode` or `None`.  `None`
+        # matches any kind of a node.  `index_check` could be `None`, a boolean
+        # value, a string value, or a number.  `None` and `False` match against
+        # any _value_ of sequence and mapping nodes.  `True` matches against
+        # any _key_ of a mapping node.  A string `index_check` matches against
+        # a mapping value that corresponds to a scalar key which content is
+        # equal to the `index_check` value.  An integer `index_check` matches
+        # against a sequence value with the index equal to `index_check`.
+        if not 'yaml_path_resolvers' in cls.__dict__:
+            cls.yaml_path_resolvers = cls.yaml_path_resolvers.copy()
+        new_path = []
+        for element in path:
+            if isinstance(element, (list, tuple)):
+                if len(element) == 2:
+                    node_check, index_check = element
+                elif len(element) == 1:
+                    node_check = element[0]
+                    index_check = True
+                else:
+                    raise ResolverError("Invalid path element: %s" % element)
+            else:
+                node_check = None
+                index_check = element
+            if node_check is str:
+                node_check = ScalarNode
+            elif node_check is list:
+                node_check = SequenceNode
+            elif node_check is dict:
+                node_check = MappingNode
+            elif node_check not in [ScalarNode, SequenceNode, MappingNode]  \
+                    and not isinstance(node_check, str) \
+                    and node_check is not None:
+                raise ResolverError("Invalid node checker: %s" % node_check)
+            if not isinstance(index_check, (str, int))  \
+                    and index_check is not None:
+                raise ResolverError("Invalid index checker: %s" % index_check)
+            new_path.append((node_check, index_check))
+        if kind is str:
+            kind = ScalarNode
+        elif kind is list:
+            kind = SequenceNode
+        elif kind is dict:
+            kind = MappingNode
+        elif kind not in [ScalarNode, SequenceNode, MappingNode]    \
+                and kind is not None:
+            raise ResolverError("Invalid node kind: %s" % kind)
+        cls.yaml_path_resolvers[tuple(new_path), kind] = tag
+
+    def descend_resolver(self, current_node, current_index):
+        if not self.yaml_path_resolvers:
+            return
+        exact_paths = {}
+        prefix_paths = []
+        if current_node:
+            depth = len(self.resolver_prefix_paths)
+            for path, kind in self.resolver_prefix_paths[-1]:
+                if self.check_resolver_prefix(depth, path, kind,
+                        current_node, current_index):
+                    if len(path) > depth:
+                        prefix_paths.append((path, kind))
+                    else:
+                        exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+        else:
+            for path, kind in self.yaml_path_resolvers:
+                if not path:
+                    exact_paths[kind] = self.yaml_path_resolvers[path, kind]
+                else:
+                    prefix_paths.append((path, kind))
+        self.resolver_exact_paths.append(exact_paths)
+        self.resolver_prefix_paths.append(prefix_paths)
+
+    def ascend_resolver(self):
+        if not self.yaml_path_resolvers:
+            return
+        self.resolver_exact_paths.pop()
+        self.resolver_prefix_paths.pop()
+
+    def check_resolver_prefix(self, depth, path, kind,
+            current_node, current_index):
+        node_check, index_check = path[depth-1]
+        if isinstance(node_check, str):
+            if current_node.tag != node_check:
+                return
+        elif node_check is not None:
+            if not isinstance(current_node, node_check):
+                return
+        if index_check is True and current_index is not None:
+            return
+        if (index_check is False or index_check is None)    \
+                and current_index is None:
+            return
+        if isinstance(index_check, str):
+            if not (isinstance(current_index, ScalarNode)
+                    and index_check == current_index.value):
+                return
+        elif isinstance(index_check, int) and not isinstance(index_check, bool):
+            if index_check != current_index:
+                return
+        return True
+
+    def resolve(self, kind, value, implicit):
+        if kind is ScalarNode and implicit[0]:
+            if value == '':
+                resolvers = self.yaml_implicit_resolvers.get('', [])
+            else:
+                resolvers = self.yaml_implicit_resolvers.get(value[0], [])
+            wildcard_resolvers = self.yaml_implicit_resolvers.get(None, [])
+            for tag, regexp in resolvers + wildcard_resolvers:
+                if regexp.match(value):
+                    return tag
+            implicit = implicit[1]
+        if self.yaml_path_resolvers:
+            exact_paths = self.resolver_exact_paths[-1]
+            if kind in exact_paths:
+                return exact_paths[kind]
+            if None in exact_paths:
+                return exact_paths[None]
+        if kind is ScalarNode:
+            return self.DEFAULT_SCALAR_TAG
+        elif kind is SequenceNode:
+            return self.DEFAULT_SEQUENCE_TAG
+        elif kind is MappingNode:
+            return self.DEFAULT_MAPPING_TAG
+
+class Resolver(BaseResolver):
+    pass
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:bool',
+        re.compile(r'''^(?:yes|Yes|YES|no|No|NO
+                    |true|True|TRUE|false|False|FALSE
+                    |on|On|ON|off|Off|OFF)$''', re.X),
+        list('yYnNtTfFoO'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:float',
+        re.compile(r'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
+                    |\.[0-9][0-9_]*(?:[eE][-+][0-9]+)?
+                    |[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\.[0-9_]*
+                    |[-+]?\.(?:inf|Inf|INF)
+                    |\.(?:nan|NaN|NAN))$''', re.X),
+        list('-+0123456789.'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:int',
+        re.compile(r'''^(?:[-+]?0b[0-1_]+
+                    |[-+]?0[0-7_]+
+                    |[-+]?(?:0|[1-9][0-9_]*)
+                    |[-+]?0x[0-9a-fA-F_]+
+                    |[-+]?[1-9][0-9_]*(?::[0-5]?[0-9])+)$''', re.X),
+        list('-+0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:merge',
+        re.compile(r'^(?:<<)$'),
+        ['<'])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:null',
+        re.compile(r'''^(?: ~
+                    |null|Null|NULL
+                    | )$''', re.X),
+        ['~', 'n', 'N', ''])
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:timestamp',
+        re.compile(r'''^(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]
+                    |[0-9][0-9][0-9][0-9] -[0-9][0-9]? -[0-9][0-9]?
+                     (?:[Tt]|[ \t]+)[0-9][0-9]?
+                     :[0-9][0-9] :[0-9][0-9] (?:\.[0-9]*)?
+                     (?:[ \t]*(?:Z|[-+][0-9][0-9]?(?::[0-9][0-9])?))?)$''', re.X),
+        list('0123456789'))
+
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:value',
+        re.compile(r'^(?:=)$'),
+        ['='])
+
+# The following resolver is only for documentation purposes. It cannot work
+# because plain scalars cannot start with '!', '&', or '*'.
+Resolver.add_implicit_resolver(
+        'tag:yaml.org,2002:yaml',
+        re.compile(r'^(?:!|&|\*)$'),
+        list('!&*'))
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/scanner.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/scanner.py
new file mode 100644
index 000000000..de925b07f
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/scanner.py
@@ -0,0 +1,1435 @@
+
+# Scanner produces tokens of the following types:
+# STREAM-START
+# STREAM-END
+# DIRECTIVE(name, value)
+# DOCUMENT-START
+# DOCUMENT-END
+# BLOCK-SEQUENCE-START
+# BLOCK-MAPPING-START
+# BLOCK-END
+# FLOW-SEQUENCE-START
+# FLOW-MAPPING-START
+# FLOW-SEQUENCE-END
+# FLOW-MAPPING-END
+# BLOCK-ENTRY
+# FLOW-ENTRY
+# KEY
+# VALUE
+# ALIAS(value)
+# ANCHOR(value)
+# TAG(value)
+# SCALAR(value, plain, style)
+#
+# Read comments in the Scanner code for more details.
+#
+
+__all__ = ['Scanner', 'ScannerError']
+
+from .error import MarkedYAMLError
+from .tokens import *
+
+class ScannerError(MarkedYAMLError):
+    pass
+
+class SimpleKey:
+    # See below simple keys treatment.
+
+    def __init__(self, token_number, required, index, line, column, mark):
+        self.token_number = token_number
+        self.required = required
+        self.index = index
+        self.line = line
+        self.column = column
+        self.mark = mark
+
+class Scanner:
+
+    def __init__(self):
+        """Initialize the scanner."""
+        # It is assumed that Scanner and Reader will have a common descendant.
+        # Reader do the dirty work of checking for BOM and converting the
+        # input data to Unicode. It also adds NUL to the end.
+        #
+        # Reader supports the following methods
+        #   self.peek(i=0)       # peek the next i-th character
+        #   self.prefix(l=1)     # peek the next l characters
+        #   self.forward(l=1)    # read the next l characters and move the pointer.
+
+        # Had we reached the end of the stream?
+        self.done = False
+
+        # The number of unclosed '{' and '['. `flow_level == 0` means block
+        # context.
+        self.flow_level = 0
+
+        # List of processed tokens that are not yet emitted.
+        self.tokens = []
+
+        # Add the STREAM-START token.
+        self.fetch_stream_start()
+
+        # Number of tokens that were emitted through the `get_token` method.
+        self.tokens_taken = 0
+
+        # The current indentation level.
+        self.indent = -1
+
+        # Past indentation levels.
+        self.indents = []
+
+        # Variables related to simple keys treatment.
+
+        # A simple key is a key that is not denoted by the '?' indicator.
+        # Example of simple keys:
+        #   ---
+        #   block simple key: value
+        #   ? not a simple key:
+        #   : { flow simple key: value }
+        # We emit the KEY token before all keys, so when we find a potential
+        # simple key, we try to locate the corresponding ':' indicator.
+        # Simple keys should be limited to a single line and 1024 characters.
+
+        # Can a simple key start at the current position? A simple key may
+        # start:
+        # - at the beginning of the line, not counting indentation spaces
+        #       (in block context),
+        # - after '{', '[', ',' (in the flow context),
+        # - after '?', ':', '-' (in the block context).
+        # In the block context, this flag also signifies if a block collection
+        # may start at the current position.
+        self.allow_simple_key = True
+
+        # Keep track of possible simple keys. This is a dictionary. The key
+        # is `flow_level`; there can be no more that one possible simple key
+        # for each level. The value is a SimpleKey record:
+        #   (token_number, required, index, line, column, mark)
+        # A simple key may start with ALIAS, ANCHOR, TAG, SCALAR(flow),
+        # '[', or '{' tokens.
+        self.possible_simple_keys = {}
+
+    # Public methods.
+
+    def check_token(self, *choices):
+        # Check if the next token is one of the given types.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            if not choices:
+                return True
+            for choice in choices:
+                if isinstance(self.tokens[0], choice):
+                    return True
+        return False
+
+    def peek_token(self):
+        # Return the next token, but do not delete if from the queue.
+        # Return None if no more tokens.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            return self.tokens[0]
+        else:
+            return None
+
+    def get_token(self):
+        # Return the next token.
+        while self.need_more_tokens():
+            self.fetch_more_tokens()
+        if self.tokens:
+            self.tokens_taken += 1
+            return self.tokens.pop(0)
+
+    # Private methods.
+
+    def need_more_tokens(self):
+        if self.done:
+            return False
+        if not self.tokens:
+            return True
+        # The current token may be a potential simple key, so we
+        # need to look further.
+        self.stale_possible_simple_keys()
+        if self.next_possible_simple_key() == self.tokens_taken:
+            return True
+
+    def fetch_more_tokens(self):
+
+        # Eat whitespaces and comments until we reach the next token.
+        self.scan_to_next_token()
+
+        # Remove obsolete possible simple keys.
+        self.stale_possible_simple_keys()
+
+        # Compare the current indentation and column. It may add some tokens
+        # and decrease the current indentation level.
+        self.unwind_indent(self.column)
+
+        # Peek the next character.
+        ch = self.peek()
+
+        # Is it the end of stream?
+        if ch == '\0':
+            return self.fetch_stream_end()
+
+        # Is it a directive?
+        if ch == '%' and self.check_directive():
+            return self.fetch_directive()
+
+        # Is it the document start?
+        if ch == '-' and self.check_document_start():
+            return self.fetch_document_start()
+
+        # Is it the document end?
+        if ch == '.' and self.check_document_end():
+            return self.fetch_document_end()
+
+        # TODO: support for BOM within a stream.
+        #if ch == '\uFEFF':
+        #    return self.fetch_bom()    <-- issue BOMToken
+
+        # Note: the order of the following checks is NOT significant.
+
+        # Is it the flow sequence start indicator?
+        if ch == '[':
+            return self.fetch_flow_sequence_start()
+
+        # Is it the flow mapping start indicator?
+        if ch == '{':
+            return self.fetch_flow_mapping_start()
+
+        # Is it the flow sequence end indicator?
+        if ch == ']':
+            return self.fetch_flow_sequence_end()
+
+        # Is it the flow mapping end indicator?
+        if ch == '}':
+            return self.fetch_flow_mapping_end()
+
+        # Is it the flow entry indicator?
+        if ch == ',':
+            return self.fetch_flow_entry()
+
+        # Is it the block entry indicator?
+        if ch == '-' and self.check_block_entry():
+            return self.fetch_block_entry()
+
+        # Is it the key indicator?
+        if ch == '?' and self.check_key():
+            return self.fetch_key()
+
+        # Is it the value indicator?
+        if ch == ':' and self.check_value():
+            return self.fetch_value()
+
+        # Is it an alias?
+        if ch == '*':
+            return self.fetch_alias()
+
+        # Is it an anchor?
+        if ch == '&':
+            return self.fetch_anchor()
+
+        # Is it a tag?
+        if ch == '!':
+            return self.fetch_tag()
+
+        # Is it a literal scalar?
+        if ch == '|' and not self.flow_level:
+            return self.fetch_literal()
+
+        # Is it a folded scalar?
+        if ch == '>' and not self.flow_level:
+            return self.fetch_folded()
+
+        # Is it a single quoted scalar?
+        if ch == '\'':
+            return self.fetch_single()
+
+        # Is it a double quoted scalar?
+        if ch == '\"':
+            return self.fetch_double()
+
+        # It must be a plain scalar then.
+        if self.check_plain():
+            return self.fetch_plain()
+
+        # No? It's an error. Let's produce a nice error message.
+        raise ScannerError("while scanning for the next token", None,
+                "found character %r that cannot start any token" % ch,
+                self.get_mark())
+
+    # Simple keys treatment.
+
+    def next_possible_simple_key(self):
+        # Return the number of the nearest possible simple key. Actually we
+        # don't need to loop through the whole dictionary. We may replace it
+        # with the following code:
+        #   if not self.possible_simple_keys:
+        #       return None
+        #   return self.possible_simple_keys[
+        #           min(self.possible_simple_keys.keys())].token_number
+        min_token_number = None
+        for level in self.possible_simple_keys:
+            key = self.possible_simple_keys[level]
+            if min_token_number is None or key.token_number < min_token_number:
+                min_token_number = key.token_number
+        return min_token_number
+
+    def stale_possible_simple_keys(self):
+        # Remove entries that are no longer possible simple keys. According to
+        # the YAML specification, simple keys
+        # - should be limited to a single line,
+        # - should be no longer than 1024 characters.
+        # Disabling this procedure will allow simple keys of any length and
+        # height (may cause problems if indentation is broken though).
+        for level in list(self.possible_simple_keys):
+            key = self.possible_simple_keys[level]
+            if key.line != self.line  \
+                    or self.index-key.index > 1024:
+                if key.required:
+                    raise ScannerError("while scanning a simple key", key.mark,
+                            "could not find expected ':'", self.get_mark())
+                del self.possible_simple_keys[level]
+
+    def save_possible_simple_key(self):
+        # The next token may start a simple key. We check if it's possible
+        # and save its position. This function is called for
+        #   ALIAS, ANCHOR, TAG, SCALAR(flow), '[', and '{'.
+
+        # Check if a simple key is required at the current position.
+        required = not self.flow_level and self.indent == self.column
+
+        # The next token might be a simple key. Let's save it's number and
+        # position.
+        if self.allow_simple_key:
+            self.remove_possible_simple_key()
+            token_number = self.tokens_taken+len(self.tokens)
+            key = SimpleKey(token_number, required,
+                    self.index, self.line, self.column, self.get_mark())
+            self.possible_simple_keys[self.flow_level] = key
+
+    def remove_possible_simple_key(self):
+        # Remove the saved possible key position at the current flow level.
+        if self.flow_level in self.possible_simple_keys:
+            key = self.possible_simple_keys[self.flow_level]
+            
+            if key.required:
+                raise ScannerError("while scanning a simple key", key.mark,
+                        "could not find expected ':'", self.get_mark())
+
+            del self.possible_simple_keys[self.flow_level]
+
+    # Indentation functions.
+
+    def unwind_indent(self, column):
+
+        ## In flow context, tokens should respect indentation.
+        ## Actually the condition should be `self.indent >= column` according to
+        ## the spec. But this condition will prohibit intuitively correct
+        ## constructions such as
+        ## key : {
+        ## }
+        #if self.flow_level and self.indent > column:
+        #    raise ScannerError(None, None,
+        #            "invalid indentation or unclosed '[' or '{'",
+        #            self.get_mark())
+
+        # In the flow context, indentation is ignored. We make the scanner less
+        # restrictive then specification requires.
+        if self.flow_level:
+            return
+
+        # In block context, we may need to issue the BLOCK-END tokens.
+        while self.indent > column:
+            mark = self.get_mark()
+            self.indent = self.indents.pop()
+            self.tokens.append(BlockEndToken(mark, mark))
+
+    def add_indent(self, column):
+        # Check if we need to increase indentation.
+        if self.indent < column:
+            self.indents.append(self.indent)
+            self.indent = column
+            return True
+        return False
+
+    # Fetchers.
+
+    def fetch_stream_start(self):
+        # We always add STREAM-START as the first token and STREAM-END as the
+        # last token.
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-START.
+        self.tokens.append(StreamStartToken(mark, mark,
+            encoding=self.encoding))
+        
+
+    def fetch_stream_end(self):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+        self.possible_simple_keys = {}
+
+        # Read the token.
+        mark = self.get_mark()
+        
+        # Add STREAM-END.
+        self.tokens.append(StreamEndToken(mark, mark))
+
+        # The steam is finished.
+        self.done = True
+
+    def fetch_directive(self):
+        
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Scan and add DIRECTIVE.
+        self.tokens.append(self.scan_directive())
+
+    def fetch_document_start(self):
+        self.fetch_document_indicator(DocumentStartToken)
+
+    def fetch_document_end(self):
+        self.fetch_document_indicator(DocumentEndToken)
+
+    def fetch_document_indicator(self, TokenClass):
+
+        # Set the current indentation to -1.
+        self.unwind_indent(-1)
+
+        # Reset simple keys. Note that there could not be a block collection
+        # after '---'.
+        self.remove_possible_simple_key()
+        self.allow_simple_key = False
+
+        # Add DOCUMENT-START or DOCUMENT-END.
+        start_mark = self.get_mark()
+        self.forward(3)
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_start(self):
+        self.fetch_flow_collection_start(FlowSequenceStartToken)
+
+    def fetch_flow_mapping_start(self):
+        self.fetch_flow_collection_start(FlowMappingStartToken)
+
+    def fetch_flow_collection_start(self, TokenClass):
+
+        # '[' and '{' may start a simple key.
+        self.save_possible_simple_key()
+
+        # Increase the flow level.
+        self.flow_level += 1
+
+        # Simple keys are allowed after '[' and '{'.
+        self.allow_simple_key = True
+
+        # Add FLOW-SEQUENCE-START or FLOW-MAPPING-START.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_sequence_end(self):
+        self.fetch_flow_collection_end(FlowSequenceEndToken)
+
+    def fetch_flow_mapping_end(self):
+        self.fetch_flow_collection_end(FlowMappingEndToken)
+
+    def fetch_flow_collection_end(self, TokenClass):
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Decrease the flow level.
+        self.flow_level -= 1
+
+        # No simple keys after ']' or '}'.
+        self.allow_simple_key = False
+
+        # Add FLOW-SEQUENCE-END or FLOW-MAPPING-END.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(TokenClass(start_mark, end_mark))
+
+    def fetch_flow_entry(self):
+
+        # Simple keys are allowed after ','.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add FLOW-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(FlowEntryToken(start_mark, end_mark))
+
+    def fetch_block_entry(self):
+
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a new entry?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "sequence entries are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-SEQUENCE-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockSequenceStartToken(mark, mark))
+
+        # It's an error for the block entry to occur in the flow context,
+        # but we let the parser detect this.
+        else:
+            pass
+
+        # Simple keys are allowed after '-'.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add BLOCK-ENTRY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(BlockEntryToken(start_mark, end_mark))
+
+    def fetch_key(self):
+        
+        # Block context needs additional checks.
+        if not self.flow_level:
+
+            # Are we allowed to start a key (not necessary a simple)?
+            if not self.allow_simple_key:
+                raise ScannerError(None, None,
+                        "mapping keys are not allowed here",
+                        self.get_mark())
+
+            # We may need to add BLOCK-MAPPING-START.
+            if self.add_indent(self.column):
+                mark = self.get_mark()
+                self.tokens.append(BlockMappingStartToken(mark, mark))
+
+        # Simple keys are allowed after '?' in the block context.
+        self.allow_simple_key = not self.flow_level
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Add KEY.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(KeyToken(start_mark, end_mark))
+
+    def fetch_value(self):
+
+        # Do we determine a simple key?
+        if self.flow_level in self.possible_simple_keys:
+
+            # Add KEY.
+            key = self.possible_simple_keys[self.flow_level]
+            del self.possible_simple_keys[self.flow_level]
+            self.tokens.insert(key.token_number-self.tokens_taken,
+                    KeyToken(key.mark, key.mark))
+
+            # If this key starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.
+            if not self.flow_level:
+                if self.add_indent(key.column):
+                    self.tokens.insert(key.token_number-self.tokens_taken,
+                            BlockMappingStartToken(key.mark, key.mark))
+
+            # There cannot be two simple keys one after another.
+            self.allow_simple_key = False
+
+        # It must be a part of a complex key.
+        else:
+            
+            # Block context needs additional checks.
+            # (Do we really need them? They will be caught by the parser
+            # anyway.)
+            if not self.flow_level:
+
+                # We are allowed to start a complex value if and only if
+                # we can start a simple key.
+                if not self.allow_simple_key:
+                    raise ScannerError(None, None,
+                            "mapping values are not allowed here",
+                            self.get_mark())
+
+            # If this value starts a new block mapping, we need to add
+            # BLOCK-MAPPING-START.  It will be detected as an error later by
+            # the parser.
+            if not self.flow_level:
+                if self.add_indent(self.column):
+                    mark = self.get_mark()
+                    self.tokens.append(BlockMappingStartToken(mark, mark))
+
+            # Simple keys are allowed after ':' in the block context.
+            self.allow_simple_key = not self.flow_level
+
+            # Reset possible simple key on the current level.
+            self.remove_possible_simple_key()
+
+        # Add VALUE.
+        start_mark = self.get_mark()
+        self.forward()
+        end_mark = self.get_mark()
+        self.tokens.append(ValueToken(start_mark, end_mark))
+
+    def fetch_alias(self):
+
+        # ALIAS could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ALIAS.
+        self.allow_simple_key = False
+
+        # Scan and add ALIAS.
+        self.tokens.append(self.scan_anchor(AliasToken))
+
+    def fetch_anchor(self):
+
+        # ANCHOR could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after ANCHOR.
+        self.allow_simple_key = False
+
+        # Scan and add ANCHOR.
+        self.tokens.append(self.scan_anchor(AnchorToken))
+
+    def fetch_tag(self):
+
+        # TAG could start a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after TAG.
+        self.allow_simple_key = False
+
+        # Scan and add TAG.
+        self.tokens.append(self.scan_tag())
+
+    def fetch_literal(self):
+        self.fetch_block_scalar(style='|')
+
+    def fetch_folded(self):
+        self.fetch_block_scalar(style='>')
+
+    def fetch_block_scalar(self, style):
+
+        # A simple key may follow a block scalar.
+        self.allow_simple_key = True
+
+        # Reset possible simple key on the current level.
+        self.remove_possible_simple_key()
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_block_scalar(style))
+
+    def fetch_single(self):
+        self.fetch_flow_scalar(style='\'')
+
+    def fetch_double(self):
+        self.fetch_flow_scalar(style='"')
+
+    def fetch_flow_scalar(self, style):
+
+        # A flow scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after flow scalars.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR.
+        self.tokens.append(self.scan_flow_scalar(style))
+
+    def fetch_plain(self):
+
+        # A plain scalar could be a simple key.
+        self.save_possible_simple_key()
+
+        # No simple keys after plain scalars. But note that `scan_plain` will
+        # change this flag if the scan is finished at the beginning of the
+        # line.
+        self.allow_simple_key = False
+
+        # Scan and add SCALAR. May change `allow_simple_key`.
+        self.tokens.append(self.scan_plain())
+
+    # Checkers.
+
+    def check_directive(self):
+
+        # DIRECTIVE:        ^ '%' ...
+        # The '%' indicator is already checked.
+        if self.column == 0:
+            return True
+
+    def check_document_start(self):
+
+        # DOCUMENT-START:   ^ '---' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '---'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_document_end(self):
+
+        # DOCUMENT-END:     ^ '...' (' '|'\n')
+        if self.column == 0:
+            if self.prefix(3) == '...'  \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return True
+
+    def check_block_entry(self):
+
+        # BLOCK-ENTRY:      '-' (' '|'\n')
+        return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_key(self):
+
+        # KEY(flow context):    '?'
+        if self.flow_level:
+            return True
+
+        # KEY(block context):   '?' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_value(self):
+
+        # VALUE(flow context):  ':'
+        if self.flow_level:
+            return True
+
+        # VALUE(block context): ':' (' '|'\n')
+        else:
+            return self.peek(1) in '\0 \t\r\n\x85\u2028\u2029'
+
+    def check_plain(self):
+
+        # A plain scalar may start with any non-space character except:
+        #   '-', '?', ':', ',', '[', ']', '{', '}',
+        #   '#', '&', '*', '!', '|', '>', '\'', '\"',
+        #   '%', '@', '`'.
+        #
+        # It may also start with
+        #   '-', '?', ':'
+        # if it is followed by a non-space character.
+        #
+        # Note that we limit the last rule to the block context (except the
+        # '-' character) because we want the flow context to be space
+        # independent.
+        ch = self.peek()
+        return ch not in '\0 \t\r\n\x85\u2028\u2029-?:,[]{}#&*!|>\'\"%@`'  \
+                or (self.peek(1) not in '\0 \t\r\n\x85\u2028\u2029'
+                        and (ch == '-' or (not self.flow_level and ch in '?:')))
+
+    # Scanners.
+
+    def scan_to_next_token(self):
+        # We ignore spaces, line breaks and comments.
+        # If we find a line break in the block context, we set the flag
+        # `allow_simple_key` on.
+        # The byte order mark is stripped if it's the first character in the
+        # stream. We do not yet support BOM inside the stream as the
+        # specification requires. Any such mark will be considered as a part
+        # of the document.
+        #
+        # TODO: We need to make tab handling rules more sane. A good rule is
+        #   Tabs cannot precede tokens
+        #   BLOCK-SEQUENCE-START, BLOCK-MAPPING-START, BLOCK-END,
+        #   KEY(block), VALUE(block), BLOCK-ENTRY
+        # So the checking code is
+        #   if <TAB>:
+        #       self.allow_simple_keys = False
+        # We also need to add the check for `allow_simple_keys == True` to
+        # `unwind_indent` before issuing BLOCK-END.
+        # Scanners for block, flow, and plain scalars need to be modified.
+
+        if self.index == 0 and self.peek() == '\uFEFF':
+            self.forward()
+        found = False
+        while not found:
+            while self.peek() == ' ':
+                self.forward()
+            if self.peek() == '#':
+                while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                    self.forward()
+            if self.scan_line_break():
+                if not self.flow_level:
+                    self.allow_simple_key = True
+            else:
+                found = True
+
+    def scan_directive(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        self.forward()
+        name = self.scan_directive_name(start_mark)
+        value = None
+        if name == 'YAML':
+            value = self.scan_yaml_directive_value(start_mark)
+            end_mark = self.get_mark()
+        elif name == 'TAG':
+            value = self.scan_tag_directive_value(start_mark)
+            end_mark = self.get_mark()
+        else:
+            end_mark = self.get_mark()
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        self.scan_directive_ignored_line(start_mark)
+        return DirectiveToken(name, value, start_mark, end_mark)
+
+    def scan_directive_name(self, start_mark):
+        # See the specification for details.
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        return value
+
+    def scan_yaml_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        major = self.scan_yaml_directive_number(start_mark)
+        if self.peek() != '.':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or '.', but found %r" % self.peek(),
+                    self.get_mark())
+        self.forward()
+        minor = self.scan_yaml_directive_number(start_mark)
+        if self.peek() not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit or ' ', but found %r" % self.peek(),
+                    self.get_mark())
+        return (major, minor)
+
+    def scan_yaml_directive_number(self, start_mark):
+        # See the specification for details.
+        ch = self.peek()
+        if not ('0' <= ch <= '9'):
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a digit, but found %r" % ch, self.get_mark())
+        length = 0
+        while '0' <= self.peek(length) <= '9':
+            length += 1
+        value = int(self.prefix(length))
+        self.forward(length)
+        return value
+
+    def scan_tag_directive_value(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        handle = self.scan_tag_directive_handle(start_mark)
+        while self.peek() == ' ':
+            self.forward()
+        prefix = self.scan_tag_directive_prefix(start_mark)
+        return (handle, prefix)
+
+    def scan_tag_directive_handle(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_handle('directive', start_mark)
+        ch = self.peek()
+        if ch != ' ':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_tag_directive_prefix(self, start_mark):
+        # See the specification for details.
+        value = self.scan_tag_uri('directive', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        return value
+
+    def scan_directive_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a directive", start_mark,
+                    "expected a comment or a line break, but found %r"
+                        % ch, self.get_mark())
+        self.scan_line_break()
+
+    def scan_anchor(self, TokenClass):
+        # The specification does not restrict characters for anchors and
+        # aliases. This may lead to problems, for instance, the document:
+        #   [ *alias, value ]
+        # can be interpreted in two ways, as
+        #   [ "value" ]
+        # and
+        #   [ *alias , "value" ]
+        # Therefore we restrict aliases to numbers and ASCII letters.
+        start_mark = self.get_mark()
+        indicator = self.peek()
+        if indicator == '*':
+            name = 'alias'
+        else:
+            name = 'anchor'
+        self.forward()
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-_':
+            length += 1
+            ch = self.peek(length)
+        if not length:
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        value = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch not in '\0 \t\r\n\x85\u2028\u2029?:,]}%@`':
+            raise ScannerError("while scanning an %s" % name, start_mark,
+                    "expected alphabetic or numeric character, but found %r"
+                    % ch, self.get_mark())
+        end_mark = self.get_mark()
+        return TokenClass(value, start_mark, end_mark)
+
+    def scan_tag(self):
+        # See the specification for details.
+        start_mark = self.get_mark()
+        ch = self.peek(1)
+        if ch == '<':
+            handle = None
+            self.forward(2)
+            suffix = self.scan_tag_uri('tag', start_mark)
+            if self.peek() != '>':
+                raise ScannerError("while parsing a tag", start_mark,
+                        "expected '>', but found %r" % self.peek(),
+                        self.get_mark())
+            self.forward()
+        elif ch in '\0 \t\r\n\x85\u2028\u2029':
+            handle = None
+            suffix = '!'
+            self.forward()
+        else:
+            length = 1
+            use_handle = False
+            while ch not in '\0 \r\n\x85\u2028\u2029':
+                if ch == '!':
+                    use_handle = True
+                    break
+                length += 1
+                ch = self.peek(length)
+            handle = '!'
+            if use_handle:
+                handle = self.scan_tag_handle('tag', start_mark)
+            else:
+                handle = '!'
+                self.forward()
+            suffix = self.scan_tag_uri('tag', start_mark)
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a tag", start_mark,
+                    "expected ' ', but found %r" % ch, self.get_mark())
+        value = (handle, suffix)
+        end_mark = self.get_mark()
+        return TagToken(value, start_mark, end_mark)
+
+    def scan_block_scalar(self, style):
+        # See the specification for details.
+
+        if style == '>':
+            folded = True
+        else:
+            folded = False
+
+        chunks = []
+        start_mark = self.get_mark()
+
+        # Scan the header.
+        self.forward()
+        chomping, increment = self.scan_block_scalar_indicators(start_mark)
+        self.scan_block_scalar_ignored_line(start_mark)
+
+        # Determine the indentation level and go to the first non-empty line.
+        min_indent = self.indent+1
+        if min_indent < 1:
+            min_indent = 1
+        if increment is None:
+            breaks, max_indent, end_mark = self.scan_block_scalar_indentation()
+            indent = max(min_indent, max_indent)
+        else:
+            indent = min_indent+increment-1
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+        line_break = ''
+
+        # Scan the inner part of the block scalar.
+        while self.column == indent and self.peek() != '\0':
+            chunks.extend(breaks)
+            leading_non_space = self.peek() not in ' \t'
+            length = 0
+            while self.peek(length) not in '\0\r\n\x85\u2028\u2029':
+                length += 1
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            line_break = self.scan_line_break()
+            breaks, end_mark = self.scan_block_scalar_breaks(indent)
+            if self.column == indent and self.peek() != '\0':
+
+                # Unfortunately, folding rules are ambiguous.
+                #
+                # This is the folding according to the specification:
+                
+                if folded and line_break == '\n'    \
+                        and leading_non_space and self.peek() not in ' \t':
+                    if not breaks:
+                        chunks.append(' ')
+                else:
+                    chunks.append(line_break)
+                
+                # This is Clark Evans's interpretation (also in the spec
+                # examples):
+                #
+                #if folded and line_break == '\n':
+                #    if not breaks:
+                #        if self.peek() not in ' \t':
+                #            chunks.append(' ')
+                #        else:
+                #            chunks.append(line_break)
+                #else:
+                #    chunks.append(line_break)
+            else:
+                break
+
+        # Chomp the tail.
+        if chomping is not False:
+            chunks.append(line_break)
+        if chomping is True:
+            chunks.extend(breaks)
+
+        # We are done.
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    def scan_block_scalar_indicators(self, start_mark):
+        # See the specification for details.
+        chomping = None
+        increment = None
+        ch = self.peek()
+        if ch in '+-':
+            if ch == '+':
+                chomping = True
+            else:
+                chomping = False
+            self.forward()
+            ch = self.peek()
+            if ch in '0123456789':
+                increment = int(ch)
+                if increment == 0:
+                    raise ScannerError("while scanning a block scalar", start_mark,
+                            "expected indentation indicator in the range 1-9, but found 0",
+                            self.get_mark())
+                self.forward()
+        elif ch in '0123456789':
+            increment = int(ch)
+            if increment == 0:
+                raise ScannerError("while scanning a block scalar", start_mark,
+                        "expected indentation indicator in the range 1-9, but found 0",
+                        self.get_mark())
+            self.forward()
+            ch = self.peek()
+            if ch in '+-':
+                if ch == '+':
+                    chomping = True
+                else:
+                    chomping = False
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0 \r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected chomping or indentation indicators, but found %r"
+                    % ch, self.get_mark())
+        return chomping, increment
+
+    def scan_block_scalar_ignored_line(self, start_mark):
+        # See the specification for details.
+        while self.peek() == ' ':
+            self.forward()
+        if self.peek() == '#':
+            while self.peek() not in '\0\r\n\x85\u2028\u2029':
+                self.forward()
+        ch = self.peek()
+        if ch not in '\0\r\n\x85\u2028\u2029':
+            raise ScannerError("while scanning a block scalar", start_mark,
+                    "expected a comment or a line break, but found %r" % ch,
+                    self.get_mark())
+        self.scan_line_break()
+
+    def scan_block_scalar_indentation(self):
+        # See the specification for details.
+        chunks = []
+        max_indent = 0
+        end_mark = self.get_mark()
+        while self.peek() in ' \r\n\x85\u2028\u2029':
+            if self.peek() != ' ':
+                chunks.append(self.scan_line_break())
+                end_mark = self.get_mark()
+            else:
+                self.forward()
+                if self.column > max_indent:
+                    max_indent = self.column
+        return chunks, max_indent, end_mark
+
+    def scan_block_scalar_breaks(self, indent):
+        # See the specification for details.
+        chunks = []
+        end_mark = self.get_mark()
+        while self.column < indent and self.peek() == ' ':
+            self.forward()
+        while self.peek() in '\r\n\x85\u2028\u2029':
+            chunks.append(self.scan_line_break())
+            end_mark = self.get_mark()
+            while self.column < indent and self.peek() == ' ':
+                self.forward()
+        return chunks, end_mark
+
+    def scan_flow_scalar(self, style):
+        # See the specification for details.
+        # Note that we loose indentation rules for quoted scalars. Quoted
+        # scalars don't need to adhere indentation because " and ' clearly
+        # mark the beginning and the end of them. Therefore we are less
+        # restrictive then the specification requires. We only need to check
+        # that document separators are not included in scalars.
+        if style == '"':
+            double = True
+        else:
+            double = False
+        chunks = []
+        start_mark = self.get_mark()
+        quote = self.peek()
+        self.forward()
+        chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        while self.peek() != quote:
+            chunks.extend(self.scan_flow_scalar_spaces(double, start_mark))
+            chunks.extend(self.scan_flow_scalar_non_spaces(double, start_mark))
+        self.forward()
+        end_mark = self.get_mark()
+        return ScalarToken(''.join(chunks), False, start_mark, end_mark,
+                style)
+
+    ESCAPE_REPLACEMENTS = {
+        '0':    '\0',
+        'a':    '\x07',
+        'b':    '\x08',
+        't':    '\x09',
+        '\t':   '\x09',
+        'n':    '\x0A',
+        'v':    '\x0B',
+        'f':    '\x0C',
+        'r':    '\x0D',
+        'e':    '\x1B',
+        ' ':    '\x20',
+        '\"':   '\"',
+        '\\':   '\\',
+        '/':    '/',
+        'N':    '\x85',
+        '_':    '\xA0',
+        'L':    '\u2028',
+        'P':    '\u2029',
+    }
+
+    ESCAPE_CODES = {
+        'x':    2,
+        'u':    4,
+        'U':    8,
+    }
+
+    def scan_flow_scalar_non_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            length = 0
+            while self.peek(length) not in '\'\"\\\0 \t\r\n\x85\u2028\u2029':
+                length += 1
+            if length:
+                chunks.append(self.prefix(length))
+                self.forward(length)
+            ch = self.peek()
+            if not double and ch == '\'' and self.peek(1) == '\'':
+                chunks.append('\'')
+                self.forward(2)
+            elif (double and ch == '\'') or (not double and ch in '\"\\'):
+                chunks.append(ch)
+                self.forward()
+            elif double and ch == '\\':
+                self.forward()
+                ch = self.peek()
+                if ch in self.ESCAPE_REPLACEMENTS:
+                    chunks.append(self.ESCAPE_REPLACEMENTS[ch])
+                    self.forward()
+                elif ch in self.ESCAPE_CODES:
+                    length = self.ESCAPE_CODES[ch]
+                    self.forward()
+                    for k in range(length):
+                        if self.peek(k) not in '0123456789ABCDEFabcdef':
+                            raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                                    "expected escape sequence of %d hexadecimal numbers, but found %r" %
+                                        (length, self.peek(k)), self.get_mark())
+                    code = int(self.prefix(length), 16)
+                    chunks.append(chr(code))
+                    self.forward(length)
+                elif ch in '\r\n\x85\u2028\u2029':
+                    self.scan_line_break()
+                    chunks.extend(self.scan_flow_scalar_breaks(double, start_mark))
+                else:
+                    raise ScannerError("while scanning a double-quoted scalar", start_mark,
+                            "found unknown escape character %r" % ch, self.get_mark())
+            else:
+                return chunks
+
+    def scan_flow_scalar_spaces(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        length = 0
+        while self.peek(length) in ' \t':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch == '\0':
+            raise ScannerError("while scanning a quoted scalar", start_mark,
+                    "found unexpected end of stream", self.get_mark())
+        elif ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            breaks = self.scan_flow_scalar_breaks(double, start_mark)
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        else:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_flow_scalar_breaks(self, double, start_mark):
+        # See the specification for details.
+        chunks = []
+        while True:
+            # Instead of checking indentation, we check for document
+            # separators.
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                raise ScannerError("while scanning a quoted scalar", start_mark,
+                        "found unexpected document separator", self.get_mark())
+            while self.peek() in ' \t':
+                self.forward()
+            if self.peek() in '\r\n\x85\u2028\u2029':
+                chunks.append(self.scan_line_break())
+            else:
+                return chunks
+
+    def scan_plain(self):
+        # See the specification for details.
+        # We add an additional restriction for the flow context:
+        #   plain scalars in the flow context cannot contain ',' or '?'.
+        # We also keep track of the `allow_simple_key` flag here.
+        # Indentation rules are loosed for the flow context.
+        chunks = []
+        start_mark = self.get_mark()
+        end_mark = start_mark
+        indent = self.indent+1
+        # We allow zero indentation for scalars, but then we need to check for
+        # document separators at the beginning of the line.
+        #if indent == 0:
+        #    indent = 1
+        spaces = []
+        while True:
+            length = 0
+            if self.peek() == '#':
+                break
+            while True:
+                ch = self.peek(length)
+                if ch in '\0 \t\r\n\x85\u2028\u2029'    \
+                        or (ch == ':' and
+                                self.peek(length+1) in '\0 \t\r\n\x85\u2028\u2029'
+                                      + (u',[]{}' if self.flow_level else u''))\
+                        or (self.flow_level and ch in ',?[]{}'):
+                    break
+                length += 1
+            if length == 0:
+                break
+            self.allow_simple_key = False
+            chunks.extend(spaces)
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            end_mark = self.get_mark()
+            spaces = self.scan_plain_spaces(indent, start_mark)
+            if not spaces or self.peek() == '#' \
+                    or (not self.flow_level and self.column < indent):
+                break
+        return ScalarToken(''.join(chunks), True, start_mark, end_mark)
+
+    def scan_plain_spaces(self, indent, start_mark):
+        # See the specification for details.
+        # The specification is really confusing about tabs in plain scalars.
+        # We just forbid them completely. Do not use tabs in YAML!
+        chunks = []
+        length = 0
+        while self.peek(length) in ' ':
+            length += 1
+        whitespaces = self.prefix(length)
+        self.forward(length)
+        ch = self.peek()
+        if ch in '\r\n\x85\u2028\u2029':
+            line_break = self.scan_line_break()
+            self.allow_simple_key = True
+            prefix = self.prefix(3)
+            if (prefix == '---' or prefix == '...')   \
+                    and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                return
+            breaks = []
+            while self.peek() in ' \r\n\x85\u2028\u2029':
+                if self.peek() == ' ':
+                    self.forward()
+                else:
+                    breaks.append(self.scan_line_break())
+                    prefix = self.prefix(3)
+                    if (prefix == '---' or prefix == '...')   \
+                            and self.peek(3) in '\0 \t\r\n\x85\u2028\u2029':
+                        return
+            if line_break != '\n':
+                chunks.append(line_break)
+            elif not breaks:
+                chunks.append(' ')
+            chunks.extend(breaks)
+        elif whitespaces:
+            chunks.append(whitespaces)
+        return chunks
+
+    def scan_tag_handle(self, name, start_mark):
+        # See the specification for details.
+        # For some strange reasons, the specification does not allow '_' in
+        # tag handles. I have allowed it anyway.
+        ch = self.peek()
+        if ch != '!':
+            raise ScannerError("while scanning a %s" % name, start_mark,
+                    "expected '!', but found %r" % ch, self.get_mark())
+        length = 1
+        ch = self.peek(length)
+        if ch != ' ':
+            while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                    or ch in '-_':
+                length += 1
+                ch = self.peek(length)
+            if ch != '!':
+                self.forward(length)
+                raise ScannerError("while scanning a %s" % name, start_mark,
+                        "expected '!', but found %r" % ch, self.get_mark())
+            length += 1
+        value = self.prefix(length)
+        self.forward(length)
+        return value
+
+    def scan_tag_uri(self, name, start_mark):
+        # See the specification for details.
+        # Note: we do not check if URI is well-formed.
+        chunks = []
+        length = 0
+        ch = self.peek(length)
+        while '0' <= ch <= '9' or 'A' <= ch <= 'Z' or 'a' <= ch <= 'z'  \
+                or ch in '-;/?:@&=+$,_.!~*\'()[]%':
+            if ch == '%':
+                chunks.append(self.prefix(length))
+                self.forward(length)
+                length = 0
+                chunks.append(self.scan_uri_escapes(name, start_mark))
+            else:
+                length += 1
+            ch = self.peek(length)
+        if length:
+            chunks.append(self.prefix(length))
+            self.forward(length)
+            length = 0
+        if not chunks:
+            raise ScannerError("while parsing a %s" % name, start_mark,
+                    "expected URI, but found %r" % ch, self.get_mark())
+        return ''.join(chunks)
+
+    def scan_uri_escapes(self, name, start_mark):
+        # See the specification for details.
+        codes = []
+        mark = self.get_mark()
+        while self.peek() == '%':
+            self.forward()
+            for k in range(2):
+                if self.peek(k) not in '0123456789ABCDEFabcdef':
+                    raise ScannerError("while scanning a %s" % name, start_mark,
+                            "expected URI escape sequence of 2 hexadecimal numbers, but found %r"
+                            % self.peek(k), self.get_mark())
+            codes.append(int(self.prefix(2), 16))
+            self.forward(2)
+        try:
+            value = bytes(codes).decode('utf-8')
+        except UnicodeDecodeError as exc:
+            raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
+        return value
+
+    def scan_line_break(self):
+        # Transforms:
+        #   '\r\n'      :   '\n'
+        #   '\r'        :   '\n'
+        #   '\n'        :   '\n'
+        #   '\x85'      :   '\n'
+        #   '\u2028'    :   '\u2028'
+        #   '\u2029     :   '\u2029'
+        #   default     :   ''
+        ch = self.peek()
+        if ch in '\r\n\x85':
+            if self.prefix(2) == '\r\n':
+                self.forward(2)
+            else:
+                self.forward()
+            return '\n'
+        elif ch in '\u2028\u2029':
+            self.forward()
+            return ch
+        return ''
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/serializer.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/serializer.py
new file mode 100644
index 000000000..fe911e67a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/serializer.py
@@ -0,0 +1,111 @@
+
+__all__ = ['Serializer', 'SerializerError']
+
+from .error import YAMLError
+from .events import *
+from .nodes import *
+
+class SerializerError(YAMLError):
+    pass
+
+class Serializer:
+
+    ANCHOR_TEMPLATE = 'id%03d'
+
+    def __init__(self, encoding=None,
+            explicit_start=None, explicit_end=None, version=None, tags=None):
+        self.use_encoding = encoding
+        self.use_explicit_start = explicit_start
+        self.use_explicit_end = explicit_end
+        self.use_version = version
+        self.use_tags = tags
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+        self.closed = None
+
+    def open(self):
+        if self.closed is None:
+            self.emit(StreamStartEvent(encoding=self.use_encoding))
+            self.closed = False
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        else:
+            raise SerializerError("serializer is already opened")
+
+    def close(self):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif not self.closed:
+            self.emit(StreamEndEvent())
+            self.closed = True
+
+    #def __del__(self):
+    #    self.close()
+
+    def serialize(self, node):
+        if self.closed is None:
+            raise SerializerError("serializer is not opened")
+        elif self.closed:
+            raise SerializerError("serializer is closed")
+        self.emit(DocumentStartEvent(explicit=self.use_explicit_start,
+            version=self.use_version, tags=self.use_tags))
+        self.anchor_node(node)
+        self.serialize_node(node, None, None)
+        self.emit(DocumentEndEvent(explicit=self.use_explicit_end))
+        self.serialized_nodes = {}
+        self.anchors = {}
+        self.last_anchor_id = 0
+
+    def anchor_node(self, node):
+        if node in self.anchors:
+            if self.anchors[node] is None:
+                self.anchors[node] = self.generate_anchor(node)
+        else:
+            self.anchors[node] = None
+            if isinstance(node, SequenceNode):
+                for item in node.value:
+                    self.anchor_node(item)
+            elif isinstance(node, MappingNode):
+                for key, value in node.value:
+                    self.anchor_node(key)
+                    self.anchor_node(value)
+
+    def generate_anchor(self, node):
+        self.last_anchor_id += 1
+        return self.ANCHOR_TEMPLATE % self.last_anchor_id
+
+    def serialize_node(self, node, parent, index):
+        alias = self.anchors[node]
+        if node in self.serialized_nodes:
+            self.emit(AliasEvent(alias))
+        else:
+            self.serialized_nodes[node] = True
+            self.descend_resolver(parent, index)
+            if isinstance(node, ScalarNode):
+                detected_tag = self.resolve(ScalarNode, node.value, (True, False))
+                default_tag = self.resolve(ScalarNode, node.value, (False, True))
+                implicit = (node.tag == detected_tag), (node.tag == default_tag)
+                self.emit(ScalarEvent(alias, node.tag, implicit, node.value,
+                    style=node.style))
+            elif isinstance(node, SequenceNode):
+                implicit = (node.tag
+                            == self.resolve(SequenceNode, node.value, True))
+                self.emit(SequenceStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                index = 0
+                for item in node.value:
+                    self.serialize_node(item, node, index)
+                    index += 1
+                self.emit(SequenceEndEvent())
+            elif isinstance(node, MappingNode):
+                implicit = (node.tag
+                            == self.resolve(MappingNode, node.value, True))
+                self.emit(MappingStartEvent(alias, node.tag, implicit,
+                    flow_style=node.flow_style))
+                for key, value in node.value:
+                    self.serialize_node(key, node, None)
+                    self.serialize_node(value, node, key)
+                self.emit(MappingEndEvent())
+            self.ascend_resolver()
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/tokens.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/tokens.py
new file mode 100644
index 000000000..4d0b48a39
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/tokens.py
@@ -0,0 +1,104 @@
+
+class Token(object):
+    def __init__(self, start_mark, end_mark):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+    def __repr__(self):
+        attributes = [key for key in self.__dict__
+                if not key.endswith('_mark')]
+        attributes.sort()
+        arguments = ', '.join(['%s=%r' % (key, getattr(self, key))
+                for key in attributes])
+        return '%s(%s)' % (self.__class__.__name__, arguments)
+
+#class BOMToken(Token):
+#    id = '<byte order mark>'
+
+class DirectiveToken(Token):
+    id = '<directive>'
+    def __init__(self, name, value, start_mark, end_mark):
+        self.name = name
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class DocumentStartToken(Token):
+    id = '<document start>'
+
+class DocumentEndToken(Token):
+    id = '<document end>'
+
+class StreamStartToken(Token):
+    id = '<stream start>'
+    def __init__(self, start_mark=None, end_mark=None,
+            encoding=None):
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.encoding = encoding
+
+class StreamEndToken(Token):
+    id = '<stream end>'
+
+class BlockSequenceStartToken(Token):
+    id = '<block sequence start>'
+
+class BlockMappingStartToken(Token):
+    id = '<block mapping start>'
+
+class BlockEndToken(Token):
+    id = '<block end>'
+
+class FlowSequenceStartToken(Token):
+    id = '['
+
+class FlowMappingStartToken(Token):
+    id = '{'
+
+class FlowSequenceEndToken(Token):
+    id = ']'
+
+class FlowMappingEndToken(Token):
+    id = '}'
+
+class KeyToken(Token):
+    id = '?'
+
+class ValueToken(Token):
+    id = ':'
+
+class BlockEntryToken(Token):
+    id = '-'
+
+class FlowEntryToken(Token):
+    id = ','
+
+class AliasToken(Token):
+    id = '<alias>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class AnchorToken(Token):
+    id = '<anchor>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class TagToken(Token):
+    id = '<tag>'
+    def __init__(self, value, start_mark, end_mark):
+        self.value = value
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+
+class ScalarToken(Token):
+    id = '<scalar>'
+    def __init__(self, value, plain, start_mark, end_mark, style=None):
+        self.value = value
+        self.plain = plain
+        self.start_mark = start_mark
+        self.end_mark = end_mark
+        self.style = style
+
diff --git a/lib/go-jinja2/internal/dummy.go b/lib/go-jinja2/internal/dummy.go
new file mode 100644
index 000000000..b34ef7a19
--- /dev/null
+++ b/lib/go-jinja2/internal/dummy.go
@@ -0,0 +1,3 @@
+package internal
+
+//go:generate go run ./generate
diff --git a/lib/go-jinja2/internal/generate/main.go b/lib/go-jinja2/internal/generate/main.go
new file mode 100644
index 000000000..29059b3ac
--- /dev/null
+++ b/lib/go-jinja2/internal/generate/main.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"github.com/kluctl/go-embed-python/pip"
+)
+
+func main() {
+	err := pip.CreateEmbeddedPipPackagesForKnownPlatforms("requirements.txt", "./data/")
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/lib/go-jinja2/internal/requirements.txt b/lib/go-jinja2/internal/requirements.txt
new file mode 100644
index 000000000..f5f0389af
--- /dev/null
+++ b/lib/go-jinja2/internal/requirements.txt
@@ -0,0 +1,6 @@
+jinja2==3.1.4
+click==8.1.7
+jsonpath-ng==1.6.1
+pyyaml==6.0.1
+python-slugify==8.0.4
+MarkupSafe==2.1.5
\ No newline at end of file
diff --git a/lib/go-jinja2/jinja2.go b/lib/go-jinja2/jinja2.go
new file mode 100644
index 000000000..ba8e893d8
--- /dev/null
+++ b/lib/go-jinja2/jinja2.go
@@ -0,0 +1,334 @@
+package jinja2
+
+import (
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"github.com/gobwas/glob"
+	"github.com/hashicorp/go-multierror"
+	"github.com/kluctl/go-embed-python/embed_util"
+	"github.com/kluctl/go-embed-python/python"
+	"github.com/kluctl/go-jinja2/internal/data"
+	"github.com/kluctl/go-jinja2/python_src"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+)
+
+var minimumPythonVersion = semver.MustParse("3.10.0")
+
+type Jinja2 struct {
+	ep          python.Python
+	extractDir  string
+	jinja2Lib   *embed_util.EmbeddedFiles
+	rendererSrc *embed_util.EmbeddedFiles
+
+	name        string
+	parallelism int
+	pj          chan *pythonJinja2Renderer
+	globCache   map[string]interface{}
+	mutex       sync.Mutex
+
+	defaultOptions jinja2Options
+}
+
+type RenderJob struct {
+	Template string
+	Result   *string
+	Error    error
+
+	target string
+}
+
+type Jinja2Error struct {
+	error string
+}
+
+func (m *Jinja2Error) Error() string {
+	return m.error
+}
+
+func NewJinja2(name string, parallelism int, opts ...Jinja2Opt) (*Jinja2, error) {
+	var wg sync.WaitGroup
+	var mutex sync.Mutex
+	var err error
+
+	j2 := &Jinja2{
+		name:        name,
+		parallelism: parallelism,
+		globCache:   map[string]interface{}{},
+		pj:          make(chan *pythonJinja2Renderer, parallelism),
+	}
+
+	for _, o := range opts {
+		o(&j2.defaultOptions)
+	}
+
+	tmpDir := j2.defaultOptions.embeddedExtractDir
+	if tmpDir == "" {
+		tmpDir = filepath.Join(os.TempDir(), "go-jinja2-embedded")
+	}
+	tmpDir = filepath.Join(tmpDir, name)
+
+	if j2.defaultOptions.python != nil {
+		j2.ep = j2.defaultOptions.python
+	} else {
+		j2.ep, err = python.NewEmbeddedPythonWithTmpDir(tmpDir+"-python", true)
+		if err != nil {
+			return nil, err
+		}
+	}
+	j2.jinja2Lib, err = embed_util.NewEmbeddedFilesWithTmpDir(data.Data, tmpDir+"-jinja2-lib", true)
+	if err != nil {
+		return nil, err
+	}
+	j2.ep.AddPythonPath(j2.jinja2Lib.GetExtractedPath())
+
+	err = j2.checkPythonVersion()
+	if err != nil {
+		return nil, err
+	}
+
+	j2.rendererSrc, err = embed_util.NewEmbeddedFilesWithTmpDir(python_src.RendererSource, tmpDir+"-jinja2-renderer", true)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, p := range j2.defaultOptions.pythonPath {
+		j2.ep.AddPythonPath(p)
+	}
+
+	for i := 0; i < parallelism; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			pj, err2 := newPythonJinja2Renderer(j2)
+			if err2 != nil {
+				mutex.Lock()
+				defer mutex.Unlock()
+				err = err2
+				return
+			}
+			j2.pj <- pj
+		}()
+	}
+	wg.Wait()
+	if err != nil {
+		return nil, err
+	}
+
+	return j2, nil
+}
+
+func (j *Jinja2) checkPythonVersion() error {
+	cmd, err := j.ep.PythonCmd("-c", `import platform; print(platform.python_version())`)
+	if err != nil {
+		return err
+	}
+	v, err := cmd.Output()
+	if err != nil {
+		return err
+	}
+	v2, err := semver.NewVersion(strings.TrimSpace(string(v)))
+	if err != nil {
+		return fmt.Errorf("failed to parse python version: %w", err)
+	}
+	if v2.LessThan(minimumPythonVersion) {
+		return fmt.Errorf("python version (%s) must be at least %s", v2.String(), minimumPythonVersion)
+	}
+	return nil
+}
+
+func (j *Jinja2) Close() {
+	for i := 0; i < j.parallelism; i++ {
+		pj := <-j.pj
+		pj.Close()
+	}
+}
+
+func (j *Jinja2) Cleanup() {
+	_ = j.rendererSrc.Cleanup()
+	_ = j.jinja2Lib.Cleanup()
+
+	if ep, ok := j.ep.(*python.EmbeddedPython); ok {
+		_ = ep.Cleanup()
+	}
+}
+
+func (j *Jinja2) RenderStrings(jobs []*RenderJob, opts ...Jinja2Opt) error {
+	pj := <-j.pj
+	defer func() { j.pj <- pj }()
+	return pj.renderHelper(jobs, true, opts)
+}
+
+func (j *Jinja2) RenderString(template string, opts ...Jinja2Opt) (string, error) {
+	jobs := []*RenderJob{{
+		Template: template,
+	}}
+	err := j.RenderStrings(jobs, opts...)
+	if err != nil {
+		return "", err
+	}
+	if jobs[0].Error != nil {
+		return "", jobs[0].Error
+	}
+	return *jobs[0].Result, nil
+}
+
+func (j *Jinja2) RenderFiles(jobs []*RenderJob, opts ...Jinja2Opt) error {
+	pj := <-j.pj
+	defer func() { j.pj <- pj }()
+	return pj.renderHelper(jobs, false, opts)
+}
+
+func (j *Jinja2) RenderFile(template string, opts ...Jinja2Opt) (string, error) {
+	jobs := []*RenderJob{{
+		Template: template,
+	}}
+	err := j.RenderFiles(jobs, opts...)
+	if err != nil {
+		return "", err
+	}
+	if jobs[0].Error != nil {
+		return "", jobs[0].Error
+	}
+	return *jobs[0].Result, nil
+}
+
+func (j *Jinja2) getGlob(pattern string) (glob.Glob, error) {
+	j.mutex.Lock()
+	defer j.mutex.Unlock()
+
+	g, ok := j.globCache[pattern]
+	if ok {
+		if g2, ok := g.(glob.Glob); ok {
+			return g2, nil
+		} else {
+			return nil, g2.(error)
+		}
+	}
+	g, err := glob.Compile(pattern, '/')
+	if err != nil {
+		j.globCache[pattern] = err
+		return nil, err
+	}
+	j.globCache[pattern] = g
+	return g.(glob.Glob), nil
+}
+
+func (j *Jinja2) RenderDirectory(sourceDir string, targetDir string, excludePatterns []string, opts ...Jinja2Opt) error {
+	var jobs []*RenderJob
+
+	tmpOpts := j.defaultOptions
+	for _, o := range opts {
+		o(&tmpOpts)
+	}
+
+	rootDir := sourceDir
+	subdir := ""
+	if tmpOpts.templateIgnoreRootPath != "" {
+		rootDir = tmpOpts.templateIgnoreRootPath
+		abs, err := filepath.Abs(rootDir)
+		if err != nil {
+			return err
+		}
+		subdir, err = filepath.Rel(abs, sourceDir)
+		if err != nil {
+			return err
+		}
+	}
+
+	ignore, err := j.readAllIgnoreFiles(rootDir, subdir, excludePatterns)
+	if err != nil {
+		return err
+	}
+
+	ignoreMatcher := gitignore.NewMatcher(ignore)
+
+	symlinks := map[string]string{}
+	err = filepath.WalkDir(sourceDir, func(p string, d os.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		relPath, err := filepath.Rel(sourceDir, p)
+		if err != nil {
+			return err
+		}
+
+		targetPath := filepath.Join(targetDir, relPath)
+
+		if d.Type() == fs.ModeSymlink {
+			lnk, err := os.Readlink(p)
+			if err != nil {
+				return err
+			}
+			symlinks[targetPath] = lnk
+			return nil
+		} else if d.IsDir() {
+			err = os.MkdirAll(targetPath, 0o700)
+			if err != nil {
+				return err
+			}
+			return nil
+		}
+
+		pathSlice := strings.Split(filepath.Join(subdir, relPath), string(filepath.Separator))
+
+		if ignoreMatcher.Match(pathSlice, d.IsDir()) {
+			if !d.IsDir() {
+				b, err := os.ReadFile(p)
+				if err != nil {
+					return err
+				}
+				err = os.WriteFile(targetPath, b, 0o600)
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+
+		job := &RenderJob{
+			Template: filepath.ToSlash(p),
+			target:   targetPath,
+		}
+		jobs = append(jobs, job)
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	err = j.RenderFiles(jobs, opts...)
+	if err != nil {
+		return err
+	}
+
+	var retErr *multierror.Error
+	for _, job := range jobs {
+		if job.Error != nil {
+			retErr = multierror.Append(retErr, fmt.Errorf("failed rendering template '%s': %w", job.Template, job.Error))
+			continue
+		}
+
+		err = os.WriteFile(job.target, []byte(*job.Result), 0o600)
+		if err != nil {
+			return err
+		}
+	}
+	if retErr.ErrorOrNil() != nil {
+		return retErr
+	}
+
+	for n, o := range symlinks {
+		err = os.Symlink(o, n)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/lib/go-jinja2/jinja2_ext_test.go b/lib/go-jinja2/jinja2_ext_test.go
new file mode 100644
index 000000000..1fe71e343
--- /dev/null
+++ b/lib/go-jinja2/jinja2_ext_test.go
@@ -0,0 +1,97 @@
+package jinja2
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestToYaml(t *testing.T) {
+	type testCase struct {
+		v      any
+		result string
+	}
+
+	testCases := []testCase{
+		{v: "a", result: "v: a"},
+		{v: 1, result: "v: 1"},
+		{v: "1", result: "v: '1'"},
+		{v: "01", result: "v: '01'"},
+		{v: "09", result: "v: '09'"},
+	}
+	j2 := newJinja2(t)
+
+	for _, tc := range testCases {
+		t.Run(fmt.Sprintf("%v-%s", tc.v, tc.result), func(t *testing.T) {
+			s, err := j2.RenderString("{{ m | to_yaml }}", WithGlobal("m", map[string]any{"v": tc.v}))
+			assert.NoError(t, err)
+			assert.Equal(t, tc.result+"\n", s)
+		})
+	}
+}
+
+func TestSha256(t *testing.T) {
+	j2 := newJinja2(t)
+	s, err := j2.RenderString("{{ 'test' | sha256 }}")
+	assert.NoError(t, err)
+	assert.Equal(t, "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", s)
+}
+
+func TestSha256PrefixLength(t *testing.T) {
+	j2 := newJinja2(t)
+	s, err := j2.RenderString("{{ 'test' | sha256(6) }}")
+	assert.NoError(t, err)
+	assert.Equal(t, "9f86d0", s)
+}
+
+func TestGetVarAndRender(t *testing.T) {
+	j2 := newJinja2(t, WithGlobals(map[string]any{
+		"g1": "v1",
+		"g2": "v2",
+		"g3": map[string]any{
+			"nested": "v3",
+		},
+		"list": []map[string]any{
+			{"x": "i1"},
+			{"x": "i2"},
+		},
+	}))
+
+	type testCase struct {
+		tmpl   string
+		result string
+	}
+
+	tests := []testCase{
+		{tmpl: "{{ get_var('missing') }}", result: "None"},
+		{tmpl: "{{ get_var('missing', 'default') }}", result: "default"},
+		{tmpl: "{{ get_var(['missing']) }}", result: "None"},
+		{tmpl: "{{ get_var(['missing'], 'default') }}", result: "default"},
+		{tmpl: "{{ get_var(['missing1', 'missing2'], 'default') }}", result: "default"},
+		{tmpl: "{{ get_var(['g1', 'missing']) }}", result: "v1"},
+		{tmpl: "{{ get_var(['missing', 'g1']) }}", result: "v1"},
+		{tmpl: "{{ get_var(['g1', 'g2']) }}", result: "v1"},
+		{tmpl: "{{ get_var(['g2', 'g1']) }}", result: "v2"},
+		{tmpl: "{{ get_var('list') }}", result: `[{'x': 'i1'}, {'x': 'i2'}]`},
+		{tmpl: "{{ get_var('list[0].x') }}", result: "i1"},
+		{tmpl: "{% set loc = 'l1' %}{{ get_var('loc') }}", result: "l1"},
+		// TODO test for this when https://github.com/pallets/jinja/issues/1478 gets fixed
+		// {tmpl: "{% for e in list %}{{ get_var('e.x') }}{% endfor %}", result: ""},
+		// same is before, but with a workaround to make 'e' a local variable
+		{tmpl: "{% for e in list %}{% set e=e %}{{ get_var('e.x') }}{% endfor %}", result: "i1i2"},
+		{tmpl: "{% set loc = 'l1' %}{{ '{{ loc }}' | render }}", result: "l1"},
+		// TODO test for this when https://github.com/pallets/jinja/issues/1478 gets fixed
+		// {tmpl: "{% for e in list %}{{ render('{{ e }}') }}{% endfor %}", result: ""},
+		// same is before, but with a workaround to make 'e' a local variable
+		{tmpl: "{% for e in list %}{% set e=e %}{{ render('{{ e.x }}') }}{% endfor %}", result: "i1i2"},
+	}
+
+	for i, tc := range tests {
+		tc := tc
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			s, err := j2.RenderString(tc.tmpl)
+			assert.NoError(t, err)
+			assert.Equal(t, tc.result, s)
+		})
+	}
+}
diff --git a/lib/go-jinja2/jinja2_external_python_test.go b/lib/go-jinja2/jinja2_external_python_test.go
new file mode 100644
index 000000000..7e55b5ee6
--- /dev/null
+++ b/lib/go-jinja2/jinja2_external_python_test.go
@@ -0,0 +1,54 @@
+package jinja2
+
+import (
+	"fmt"
+	"github.com/Masterminds/semver/v3"
+	"github.com/kluctl/go-embed-python/python"
+	"github.com/stretchr/testify/assert"
+	"math/rand"
+	"testing"
+)
+
+func TestExternalPython(t *testing.T) {
+	rndName := fmt.Sprintf("test-%d", rand.Uint32())
+	ep, err := python.NewEmbeddedPython(rndName)
+	assert.NoError(t, err)
+
+	j2 := newJinja2(t, WithPython(ep))
+	t1 := newTemplateFile(t, `{{ "a" }}`)
+
+	r1, err := j2.RenderFile(t1)
+	assert.NoError(t, err)
+	assert.Equal(t, "a", r1)
+}
+
+func TestSystemPython(t *testing.T) {
+	ep := python.NewPython()
+	if _, err := ep.GetExePath(); err != nil {
+		t.Skipf("skipping due to missing python binary")
+	}
+
+	j2 := newJinja2(t, WithPython(ep))
+	t1 := newTemplateFile(t, `{{ "a" }}`)
+
+	r1, err := j2.RenderFile(t1)
+	assert.NoError(t, err)
+	assert.Equal(t, "a", r1)
+}
+
+func TestSystemPythonVersion(t *testing.T) {
+	backup := minimumPythonVersion
+	t.Cleanup(func() {
+		minimumPythonVersion = backup
+	})
+
+	minimumPythonVersion = semver.MustParse("10.0.0")
+
+	ep := python.NewPython()
+	if _, err := ep.GetExePath(); err != nil {
+		t.Skipf("skipping due to missing python binary")
+	}
+
+	_, err := newJinja2WithErr(t, WithPython(ep))
+	assert.ErrorContains(t, err, "must be at least 10.0.0")
+}
diff --git a/lib/go-jinja2/jinja2_ignore.go b/lib/go-jinja2/jinja2_ignore.go
new file mode 100644
index 000000000..5b5dfa0e3
--- /dev/null
+++ b/lib/go-jinja2/jinja2_ignore.go
@@ -0,0 +1,107 @@
+package jinja2
+
+import (
+	"bufio"
+	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+const (
+	commentPrefix      = "#"
+	templateIgnoreFile = ".templateignore"
+)
+
+// readIgnoreFile reads a specific git ignore file.
+func (j *Jinja2) readIgnoreFile(path string, domainIn []string) ([]gitignore.Pattern, error) {
+	domain := make([]string, len(domainIn))
+	copy(domain, domainIn)
+
+	f, err := os.Open(path)
+	if err == nil {
+		defer f.Close()
+
+		var ret []gitignore.Pattern
+
+		scanner := bufio.NewScanner(f)
+		for scanner.Scan() {
+			s := scanner.Text()
+			if !strings.HasPrefix(s, commentPrefix) && len(strings.TrimSpace(s)) > 0 {
+				ret = append(ret, gitignore.ParsePattern(s, domain))
+			}
+		}
+		return ret, nil
+	} else if os.IsNotExist(err) {
+		return nil, nil
+	}
+	return nil, err
+}
+
+// readPatternsRecursive reads gitignore patterns recursively traversing through the directory
+// structure. The result is in the ascending order of priority (last higher).
+func (j *Jinja2) readPatternsRecursive(rootDir string, domain []string) ([]gitignore.Pattern, error) {
+	path := filepath.Join(rootDir, filepath.Join(domain...), templateIgnoreFile)
+	ps, _ := j.readIgnoreFile(path, domain)
+
+	pd := domain
+	if len(domain) == 0 {
+		pd = []string{"."}
+	}
+
+	fis, err := os.ReadDir(filepath.Join(rootDir, filepath.Join(pd...)))
+	if err != nil {
+		return nil, err
+	}
+
+	domain2 := make([]string, len(domain)+1)
+	copy(domain2, domain)
+
+	for _, fi := range fis {
+		if fi.IsDir() {
+			domain2[len(domain)] = fi.Name()
+
+			var subps []gitignore.Pattern
+			subps, err = j.readPatternsRecursive(rootDir, domain2)
+			if err != nil {
+				return nil, err
+			}
+
+			if len(subps) > 0 {
+				ps = append(ps, subps...)
+			}
+		}
+	}
+
+	return ps, nil
+}
+
+func (j *Jinja2) readAllIgnoreFiles(rootDir string, subdir string, excludePatterns []string) ([]gitignore.Pattern, error) {
+	var ret []gitignore.Pattern
+	var domain []string
+	var subDir2 string
+	if subdir != "" && subdir != "." {
+		for _, e := range strings.Split(subdir, string(filepath.Separator)) {
+			x, err := j.readIgnoreFile(filepath.Join(rootDir, subDir2, templateIgnoreFile), domain)
+			if err != nil {
+				return nil, err
+			}
+			ret = append(ret, x...)
+			subDir2 = filepath.Join(subDir2, e)
+			domain = append(domain, e)
+		}
+	}
+
+	x, err := j.readPatternsRecursive(rootDir, domain)
+	if err != nil {
+		return nil, err
+	}
+	ret = append(ret, x...)
+
+	for _, ep := range excludePatterns {
+		p := gitignore.ParsePattern(ep, domain)
+		ret = append(ret, p)
+	}
+
+	return ret, nil
+}
diff --git a/lib/go-jinja2/jinja2_ignore_test.go b/lib/go-jinja2/jinja2_ignore_test.go
new file mode 100644
index 000000000..27fd84169
--- /dev/null
+++ b/lib/go-jinja2/jinja2_ignore_test.go
@@ -0,0 +1,164 @@
+package jinja2
+
+import (
+	"github.com/stretchr/testify/assert"
+	"path/filepath"
+	"testing"
+)
+
+func TestRenderDirectoryTemplateIgnore(t *testing.T) {
+	type testCase struct {
+		name  string
+		files map[string]string
+		r     map[string]string
+
+		subdir     string
+		ignoreRoot string
+	}
+
+	tests := []testCase{
+		{
+			name: "ignore /f1.yaml",
+			files: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `{{ "a" }}`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": `/f1.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `a`,
+				"d1/f1.yaml":      `a`,
+				".templateignore": `/f1.yaml`,
+			},
+		},
+		{
+			name: "ignore /d1/f1.yaml",
+			files: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `{{ "a" }}`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": `/d1/f1.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":         `a`,
+				"f2.yaml":         `a`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": `/d1/f1.yaml`,
+			},
+		},
+		{
+			name: "ignore all f1.yaml",
+			files: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `{{ "a" }}`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": `f1.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `a`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": `f1.yaml`,
+			},
+		},
+		{
+			name: "ignore f1.yaml via subdir-templateincode",
+			files: map[string]string{
+				"f1.yaml":            `{{ "a" }}`,
+				"f2.yaml":            `{{ "a" }}`,
+				"d1/f1.yaml":         `{{ "a" }}`,
+				"d1/.templateignore": `f1.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":            `a`,
+				"f2.yaml":            `a`,
+				"d1/f1.yaml":         `{{ "a" }}`,
+				"d1/.templateignore": `f1.yaml`,
+			},
+		},
+		{
+			name: "no ignore via root templateignore",
+			files: map[string]string{
+				"d1/f1.yaml":      `{{ "a" }}`,
+				"d1/f2.yaml":      `{{ "a" }}`,
+				"d1/d2/f1.yaml":   `{{ "a" }}`,
+				".templateignore": `f1.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":    `a`,
+				"f2.yaml":    `a`,
+				"d2/f1.yaml": `a`,
+			},
+			subdir: "d1",
+		},
+		{
+			name: "ignore via root templateignore",
+			files: map[string]string{
+				"d1/f1.yaml":            `{{ "a" }}`,
+				"d1/f2.yaml":            `{{ "a" }}`,
+				"d1/f3.yaml":            `{{ "a" }}`,
+				"d1/d2/f1.yaml":         `{{ "a" }}`,
+				"d1/d2/f3.yaml":         `{{ "a" }}`,
+				".templateignore":       `f1.yaml`,
+				"d1/d2/.templateignore": `f3.yaml`,
+			},
+			r: map[string]string{
+				"f1.yaml":            `{{ "a" }}`,
+				"f2.yaml":            `a`,
+				"f3.yaml":            `a`,
+				"d2/f1.yaml":         `{{ "a" }}`,
+				"d2/f3.yaml":         `{{ "a" }}`,
+				"d2/.templateignore": `f3.yaml`,
+			},
+			subdir:     "d1",
+			ignoreRoot: ".",
+		},
+		{
+			name: "reinclude /d1/f1.yaml",
+			files: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `{{ "a" }}`,
+				"d1/f1.yaml":      `{{ "a" }}`,
+				".templateignore": "f1.yaml\n!d1/f1.yaml",
+			},
+			r: map[string]string{
+				"f1.yaml":         `{{ "a" }}`,
+				"f2.yaml":         `a`,
+				"d1/f1.yaml":      `a`,
+				".templateignore": "f1.yaml\n!d1/f1.yaml",
+			},
+		},
+		{
+			name: "complex reinclude",
+			files: map[string]string{
+				"d1/some/renderThese/f1.yaml": `{{ "a" }}`,
+				"d1/some/renderThese/f2.txt":  `{{ "a" }}`,
+				"d1/some/f2.yaml":             `{{ "a" }}`,
+				".templateignore":             "**/some/**/*.*\n!**/some/renderThese/*.y*ml",
+			},
+			r: map[string]string{
+				"d1/some/renderThese/f1.yaml": `a`,
+				"d1/some/renderThese/f2.txt":  `{{ "a" }}`,
+				"d1/some/f2.yaml":             `{{ "a" }}`,
+				".templateignore":             "**/some/**/*.*\n!**/some/renderThese/*.y*ml",
+			},
+		},
+	}
+
+	j2 := newJinja2(t)
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			dir := newTemplateDir(t, tc.files)
+			targetDir := t.TempDir()
+			var opts []Jinja2Opt
+			if tc.ignoreRoot != "" {
+				opts = append(opts, WithTemplateIgnoreRootDir(filepath.Join(dir, tc.ignoreRoot)))
+			}
+			err := j2.RenderDirectory(filepath.Join(dir, tc.subdir), targetDir, nil, opts...)
+			assert.NoError(t, err)
+			assertDirSame(t, targetDir, tc.r)
+		})
+	}
+}
diff --git a/lib/go-jinja2/jinja2_renderer.go b/lib/go-jinja2/jinja2_renderer.go
new file mode 100644
index 000000000..3e80e7b9d
--- /dev/null
+++ b/lib/go-jinja2/jinja2_renderer.go
@@ -0,0 +1,274 @@
+package jinja2
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"github.com/jinzhu/copier"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+type pythonJinja2Renderer struct {
+	j2 *Jinja2
+
+	cmd    *exec.Cmd
+	stdin  io.WriteCloser
+	stdout io.ReadCloser
+
+	stdoutReader *bufio.Reader
+}
+
+func newPythonJinja2Renderer(j2 *Jinja2) (*pythonJinja2Renderer, error) {
+	isOk := false
+	j2r := &pythonJinja2Renderer{
+		j2: j2,
+	}
+	defer func() {
+		if !isOk {
+			j2r.Close()
+		}
+	}()
+
+	args := []string{filepath.Join(j2.rendererSrc.GetExtractedPath(), "main.py")}
+
+	var err error
+	j2r.cmd, err = j2.ep.PythonCmd(args...)
+	if err != nil {
+		return nil, err
+	}
+	j2r.cmd.Stderr = os.Stderr
+
+	stdout, err := j2r.cmd.StdoutPipe()
+	if err != nil {
+		return nil, err
+	}
+	j2r.stdout = stdout
+
+	stdin, err := j2r.cmd.StdinPipe()
+	if err != nil {
+		return nil, err
+	}
+	j2r.stdin = stdin
+
+	err = j2r.cmd.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	j2r.stdoutReader = bufio.NewReader(j2r.stdout)
+
+	_, err = j2r.runCmd(&jinja2Cmd{
+		Cmd: "init",
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to initialize renderer: %w", err)
+	}
+
+	isOk = true
+
+	return j2r, nil
+}
+
+func (j *pythonJinja2Renderer) Close() {
+	if j.stdin != nil {
+		args := jinja2Cmd{Cmd: "exit"}
+		_ = json.NewEncoder(j.stdin).Encode(args)
+
+		_ = j.stdin.Close()
+		j.stdin = nil
+	}
+	if j.stdout != nil {
+		_ = j.stdout.Close()
+		j.stdout = nil
+	}
+	if j.cmd != nil {
+		if j.cmd.Process != nil {
+			timer := time.AfterFunc(5*time.Second, func() {
+				_ = j.cmd.Process.Kill()
+			})
+			_ = j.cmd.Wait()
+			timer.Stop()
+		}
+		j.cmd = nil
+	}
+}
+
+func (j *pythonJinja2Renderer) resolveAbsolutePath(template string, searchDirs []string) (string, bool) {
+	if filepath.IsAbs(template) {
+		return template, true
+	}
+	for _, s := range searchDirs {
+		p := filepath.Join(s, template)
+		st, err := os.Stat(p)
+		if err != nil {
+			continue
+		}
+		if !st.Mode().IsRegular() {
+			continue
+		}
+		return p, true
+	}
+	return "", false
+}
+
+func isMaybeTemplateString(template string) bool {
+	return strings.IndexRune(template, '{') != -1
+}
+
+func isMaybeTemplateBytes(template []byte) bool {
+	return bytes.IndexRune(template, '{') != -1
+}
+
+func isMaybeTemplate(template string, isString bool) (bool, *string, error) {
+	if isString {
+		if !isMaybeTemplateString(template) {
+			return false, &template, nil
+		}
+	} else {
+		b, err := os.ReadFile(template)
+		if err != nil {
+			return false, nil, err
+		}
+		if !isMaybeTemplateBytes(b) {
+			x := string(b)
+			return false, &x, nil
+		} else {
+			return true, nil, nil
+		}
+	}
+	return true, nil, nil
+}
+
+type jinja2Cmd struct {
+	Cmd       string   `json:"cmd"`
+	Templates []string `json:"templates"`
+
+	Opts *jinja2Options `json:"opts"`
+}
+
+type jinja2TemplateResult struct {
+	Result *string `json:"result,omitempty"`
+	Error  *string `json:"error,omitempty"`
+}
+
+type jinja2CmdResult struct {
+	TemplateResults []jinja2TemplateResult `json:"templateResults,omitempty"`
+}
+
+func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, isString bool, opts []Jinja2Opt) error {
+	var jargs jinja2Cmd
+	if isString {
+		jargs.Cmd = "render-strings"
+	} else {
+		jargs.Cmd = "render-files"
+	}
+
+	jargs.Opts = &jinja2Options{}
+	err := copier.CopyWithOption(jargs.Opts, &j.j2.defaultOptions, copier.Option{
+		DeepCopy: true,
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, o := range opts {
+		o(jargs.Opts)
+	}
+
+	var processedJobs []*RenderJob
+
+	for _, job := range jobs {
+		t := job.Template
+		if !isString {
+			p, ok := j.resolveAbsolutePath(t, jargs.Opts.SearchDirs)
+			if !ok {
+				job.Error = fmt.Errorf("absolute path of %s could not be resolved", t)
+				continue
+			}
+			t = p
+		}
+
+		ist, r, err := isMaybeTemplate(t, isString)
+		if err == nil && !ist {
+			job.Result = r
+			continue
+		}
+
+		processedJobs = append(processedJobs, job)
+		jargs.Templates = append(jargs.Templates, t)
+	}
+	if len(processedJobs) == 0 {
+		return nil
+	}
+
+	cmdResult, err := j.runCmd(&jargs)
+	if err != nil {
+		return err
+	}
+
+	for i, item := range cmdResult.TemplateResults {
+		if item.Result != nil {
+			processedJobs[i].Result = item.Result
+		} else {
+			if item.Error == nil {
+				return fmt.Errorf("missing result and error from item at index %d", i)
+			}
+			processedJobs[i].Error = &Jinja2Error{*item.Error}
+		}
+	}
+
+	return nil
+}
+
+func (j *pythonJinja2Renderer) runCmd(jargs *jinja2Cmd) (*jinja2CmdResult, error) {
+	b, err := json.Marshal(jargs)
+	if err != nil {
+		j.Close()
+		return nil, err
+	}
+	b = append(b, '\n')
+
+	if jargs.Opts != nil && jargs.Opts.traceJsonSend != nil {
+		var m map[string]any
+		_ = json.Unmarshal(b, &m)
+		jargs.Opts.traceJsonSend(m)
+	}
+
+	_, err = j.stdin.Write(b)
+	if err != nil {
+		j.Close()
+		return nil, err
+	}
+
+	line := bytes.NewBuffer(nil)
+	for true {
+		l, p, err := j.stdoutReader.ReadLine()
+		if err != nil {
+			return nil, err
+		}
+		line.Write(l)
+		if !p {
+			break
+		}
+	}
+
+	if jargs.Opts != nil && jargs.Opts.traceJsonReceive != nil {
+		var m map[string]any
+		_ = json.Unmarshal(line.Bytes(), &m)
+		jargs.Opts.traceJsonReceive(m)
+	}
+
+	var result jinja2CmdResult
+	err = json.Unmarshal(line.Bytes(), &result)
+	if err != nil {
+		return nil, err
+	}
+
+	return &result, nil
+}
diff --git a/lib/go-jinja2/jinja2_test.go b/lib/go-jinja2/jinja2_test.go
new file mode 100644
index 000000000..de68486f1
--- /dev/null
+++ b/lib/go-jinja2/jinja2_test.go
@@ -0,0 +1,541 @@
+package jinja2
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"io/fs"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func newJinja2WithErr(t *testing.T, opts ...Jinja2Opt) (*Jinja2, error) {
+	name := fmt.Sprintf("jinja2-%d", rand.Uint32())
+	opts2 := append(opts, WithExtension("go_jinja2.ext.kluctl"))
+	j2, err := NewJinja2(name, 1, opts2...)
+	if err != nil {
+		return nil, err
+	}
+
+	t.Cleanup(j2.Close)
+	t.Cleanup(j2.Cleanup)
+
+	return j2, nil
+}
+
+func newJinja2(t *testing.T, opts ...Jinja2Opt) *Jinja2 {
+	j2, err := newJinja2WithErr(t, opts...)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return j2
+}
+
+func newTemplateFile(t *testing.T, content string) string {
+	tmpFile, err := os.CreateTemp(t.TempDir(), "test-template-")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer tmpFile.Close()
+	_, err = tmpFile.Write([]byte(content))
+	if err != nil {
+		t.Fatal(err)
+	}
+	return tmpFile.Name()
+}
+
+func newTemplateDir(t *testing.T, contents map[string]string) string {
+	dir := t.TempDir()
+	for p, c := range contents {
+		x := filepath.Join(dir, p)
+		err := os.MkdirAll(filepath.Dir(x), 0o700)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = os.WriteFile(x, []byte(c), 0o600)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+	return dir
+}
+
+func assertDirSame(t *testing.T, dir string, expected map[string]string) {
+	found := map[string]string{}
+	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
+		if d.IsDir() {
+			return nil
+		}
+
+		relPath, err := filepath.Rel(dir, path)
+		if err != nil {
+			t.Fatal(err)
+		}
+		relPath = filepath.ToSlash(relPath)
+
+		b, err := os.ReadFile(path)
+		if err != nil {
+			t.Fatal(err)
+		}
+		found[relPath] = string(b)
+		return nil
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assert.Equal(t, expected, found)
+}
+
+func TestJinja2(t *testing.T) {
+	j2 := newJinja2(t, WithGlobals(map[string]any{
+		"test_var1": "1",
+		"test_var2": map[string]any{
+			"test": "2",
+		},
+	}))
+
+	s, err := j2.RenderString("test")
+	assert.NoError(t, err)
+	assert.Equal(t, "test", s)
+
+	s, err = j2.RenderString("test - {{ test_var1 }}")
+	assert.NoError(t, err)
+	assert.Equal(t, "test - 1", s)
+
+	s, err = j2.RenderString("test - {{ test_var2.test }}")
+	assert.NoError(t, err)
+	assert.Equal(t, "test - 2", s)
+
+	s, err = j2.RenderString("test - {{ get_var('test_var2.test', 'd') }}", WithExtension("go_jinja2.ext.kluctl"))
+	assert.NoError(t, err)
+	assert.Equal(t, "test - 2", s)
+
+	s, err = j2.RenderString("test - {{ get_var('test_var2.test1', 'd') }}", WithExtension("go_jinja2.ext.kluctl"))
+	assert.NoError(t, err)
+	assert.Equal(t, "test - d", s)
+
+	s, err = j2.RenderString("test - {{ test_var1 | add(2) }}", WithFilter("add", `
+def add(a, b):
+	return int(a) + int(b)
+`))
+	assert.NoError(t, err)
+	assert.Equal(t, "test - 3", s)
+
+	s, err = j2.RenderString("test - {{ test_var2.test | mul(3) }}", WithFilter("mul:multiply", `
+def multiply(a, b):
+	return int(a) * int(b)
+`))
+	assert.NoError(t, err)
+	assert.Equal(t, "test - 6", s)
+}
+
+type testStruct struct {
+	V1 string         `json:"v1"`
+	S1 testStruct2    `json:"s1"`
+	M1 map[string]any `json:"m1"`
+}
+
+type testStruct2 struct {
+	V2 string `json:"v2"`
+}
+
+func TestRenderStruct(t *testing.T) {
+	j2 := newJinja2(t)
+
+	s := testStruct{
+		V1: `{{ "1" }}`,
+		S1: testStruct2{
+			V2: `{{ "2" }}`,
+		},
+		M1: map[string]any{
+			"a": map[string]any{
+				"b": `{{ "3" }}`,
+			},
+			`{{ "c" }}`: "4",
+			`{{ "d" }}`: `{{ "5" }}`,
+			`{{ "e" }}`: map[string]any{
+				"f":         `{{ "6" }}`,
+				`{{ "g" }}`: `{{ "7" }}`,
+			},
+		},
+	}
+	e := testStruct{
+		V1: "1",
+		S1: testStruct2{
+			V2: "2",
+		},
+		M1: map[string]any{
+			"a": map[string]any{
+				"b": "3",
+			},
+			"c": "4",
+			"d": "5",
+			"e": map[string]any{
+				"f": "6",
+				"g": "7",
+			},
+		},
+	}
+
+	changed, err := j2.RenderStruct(&s)
+	assert.NoError(t, err)
+	assert.True(t, changed)
+	assert.Equal(t, e, s)
+
+	changed, err = j2.RenderStruct(&s)
+	assert.NoError(t, err)
+	assert.False(t, changed)
+	assert.Equal(t, e, s)
+}
+
+func TestRenderFiles(t *testing.T) {
+	j2 := newJinja2(t)
+
+	t1 := newTemplateFile(t, `{{ "a" }}`)
+	t2 := newTemplateFile(t, `{{ "b" }}`)
+
+	r1, err := j2.RenderFile(t1)
+	assert.NoError(t, err)
+	assert.Equal(t, "a", r1)
+
+	r2, err := j2.RenderFile(t2)
+	assert.NoError(t, err)
+	assert.Equal(t, "b", r2)
+}
+
+func TestRenderRelativeFiles(t *testing.T) {
+	j2 := newJinja2(t)
+
+	d := newTemplateDir(t, map[string]string{
+		"template":        "{{ a }}",
+		"subdir/template": "{{ b }}",
+	})
+
+	r1, err := j2.RenderFile("template", WithSearchDirs([]string{d}), WithGlobal("a", "a"))
+	assert.NoError(t, err)
+	assert.Equal(t, "a", r1)
+
+	r2, err := j2.RenderFile("template", WithSearchDirs([]string{filepath.Join(d, "subdir")}), WithGlobal("b", "b"))
+	assert.NoError(t, err)
+	assert.Equal(t, "b", r2)
+
+	r3, err := j2.RenderFile("../template", WithSearchDirs([]string{filepath.Join(d, "subdir")}), WithGlobal("a", "b"))
+	assert.NoError(t, err)
+	assert.Equal(t, "b", r3)
+}
+
+func TestRenderFiles_Includes(t *testing.T) {
+	includeDir := newTemplateDir(t, map[string]string{
+		"include.yaml":        "test",
+		"include-dot.yaml":    `{% include "./include.yaml" %}`,
+		"include-caller.yaml": `{% include "include-caller2.yaml" %}`,
+	})
+
+	type testCase struct {
+		name  string
+		files map[string]string
+		t     string   // templateNane
+		sd    []string // searchDirs
+		r     string   // result
+		err   string
+	}
+
+	tests := []testCase{
+		{
+			name: "include with absolute file fails",
+			files: map[string]string{
+				"f.yaml": fmt.Sprintf(`{%% include "%s/include.yaml" %%}`, filepath.ToSlash(includeDir)),
+			},
+			t:   "f.yaml",
+			err: fmt.Sprintf("template %s/include.yaml not found", filepath.ToSlash(includeDir)),
+		},
+		{
+			name: "load_template with absolute file fails",
+			files: map[string]string{
+				"f.yaml": fmt.Sprintf(`{{ load_template("%s/include.yaml") }}`, filepath.ToSlash(includeDir)),
+			},
+			t:   "f.yaml",
+			err: fmt.Sprintf("template %s/include.yaml not found", filepath.ToSlash(includeDir)),
+		},
+		{
+			name: "load_base64 with absolute file fails",
+			files: map[string]string{
+				"f.yaml": fmt.Sprintf(`{{ load_base64("%s/include.yaml") }}`, filepath.ToSlash(includeDir)),
+			},
+			t:   "f.yaml",
+			err: fmt.Sprintf("template %s/include.yaml not found", filepath.ToSlash(includeDir)),
+		},
+		{
+			name: "include without searchdir fails",
+			files: map[string]string{
+				"f.yaml": `{% include "include.yaml" %}`,
+			},
+			t:   "f.yaml",
+			err: "template include.yaml not found",
+		},
+		{
+			name: "include with searchdir succeeds",
+			files: map[string]string{
+				"f.yaml": `{% include "include.yaml" %}`,
+			},
+			t:  "f.yaml",
+			r:  "test",
+			sd: []string{includeDir},
+		},
+		{
+			name: "load_template without searchdir fails",
+			files: map[string]string{
+				"f.yaml": `{{ load_template("include.yaml") }}`,
+			},
+			t:   "f.yaml",
+			err: "template include.yaml not found",
+		},
+		{
+			name: "load_template with searchdir succeeds",
+			files: map[string]string{
+				"f.yaml": `{{ load_template("include.yaml") }}`,
+			},
+			t:  "f.yaml",
+			r:  "test",
+			sd: []string{includeDir},
+		},
+		{
+			name: "load_base64 without searchdir fails",
+			files: map[string]string{
+				"f.yaml": `{{ load_base64("include.yaml") }}`,
+			},
+			t:   "f.yaml",
+			err: "template include.yaml not found",
+		},
+		{
+			name: "load_base64 with searchdir succeeds",
+			files: map[string]string{
+				"f.yaml": `{{ load_base64("include.yaml") }}`,
+			},
+			t:  "f.yaml",
+			r:  "dGVzdA==",
+			sd: []string{includeDir},
+		},
+		{
+			name: "load_base64 with width argument",
+			files: map[string]string{
+				"f.yaml": `{{ load_base64("include.yaml", 2) }}`,
+			},
+			t:  "f.yaml",
+			r:  "dG\nVz\ndA\n==",
+			sd: []string{includeDir},
+		},
+		{
+			name: "relative include fails without dot",
+			files: map[string]string{
+				"d1/include1.yaml": `{% include "include2.yaml" %}`,
+				"d1/include2.yaml": "test2",
+				"f.yaml":           `{% include "d1/include1.yaml" %}`,
+			},
+			t:   "f.yaml",
+			sd:  []string{"self"},
+			err: "template include2.yaml not found",
+		},
+		{
+			name: "relative include succeeds with dot",
+			files: map[string]string{
+				"d1/include1.yaml": `{% include "./include2.yaml" %}`,
+				"d1/include2.yaml": "test2",
+				"f.yaml":           `{% include "d1/include1.yaml" %}`,
+			},
+			t:  "f.yaml",
+			sd: []string{"self"},
+			r:  "test2",
+		},
+		{
+			name: "recursive include succeeds",
+			files: map[string]string{
+				"include2.yaml": `{% include "./include3.yaml" %}`,
+				"include3.yaml": "test3",
+				"f.yaml":        `{% include "./include2.yaml" %}`,
+			},
+			t:  "f.yaml",
+			sd: []string{"self"},
+			r:  "test3",
+		},
+		{
+			name: "recursive include from searchdir succeeds",
+			files: map[string]string{
+				"f.yaml": `{% include "include-dot.yaml" %}`,
+			},
+			t:  "f.yaml",
+			sd: []string{includeDir},
+			r:  "test",
+		},
+		{
+			name: "recursive include caller from searchdir succeeds",
+			files: map[string]string{
+				"include-caller2.yaml": "test-caller",
+				"f.yaml":               `{% include "include-caller.yaml" %}`,
+			},
+			t:  "f.yaml",
+			sd: []string{"self", includeDir},
+			r:  "test-caller",
+		},
+	}
+
+	j2 := newJinja2(t)
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			dir := newTemplateDir(t, tc.files)
+			var sd []string
+			for _, x := range tc.sd {
+				if x == "self" {
+					sd = append(sd, dir)
+				} else {
+					sd = append(sd, x)
+				}
+			}
+			r, err := j2.RenderFile(filepath.Join(dir, tc.t), WithSearchDirs(sd))
+			if tc.err == "" {
+				assert.NoError(t, err)
+			} else {
+				assert.EqualError(t, err, tc.err)
+			}
+			assert.Equal(t, tc.r, r)
+		})
+	}
+}
+
+func TestRenderDirectory(t *testing.T) {
+	type testCase struct {
+		name  string
+		files map[string]string
+		r     map[string]string
+		sd    []string
+		excl  []string
+		err   string
+	}
+
+	includeDir := newTemplateDir(t, map[string]string{
+		"include-dir.yaml": "test",
+	})
+
+	tests := []testCase{
+		{
+			name: "simple",
+			files: map[string]string{
+				"f1.yaml":    `{{ "a" }}`,
+				"d1/f2.yaml": `{{ "b" }}`,
+			},
+			r: map[string]string{
+				"f1.yaml":    `a`,
+				"d1/f2.yaml": `b`,
+			},
+			sd: []string{"self"},
+		},
+		{
+			name: "with include",
+			files: map[string]string{
+				"f1.yaml":          `{{ "a" }}`,
+				"include.yaml":     `{% include "include2.yaml" %}`,
+				"include2.yaml":    `{% include "d2/include3.yaml" %}`,
+				"d1/f2.yaml":       `{% include "include.yaml" %}`,
+				"d2/include3.yaml": `{{ "x" }}`,
+			},
+			r: map[string]string{
+				"d1/f2.yaml":       "x",
+				"d2/include3.yaml": "x",
+				"f1.yaml":          "a",
+				"include.yaml":     "x",
+				"include2.yaml":    "x",
+			},
+			sd: []string{"self"},
+		},
+		{
+			name: "with include and searchdir",
+			files: map[string]string{
+				"f1.yaml": `{% include "include-dir.yaml" %}`,
+			},
+			r: map[string]string{
+				"f1.yaml": "test",
+			},
+			sd: []string{"self", includeDir},
+		},
+	}
+
+	j2 := newJinja2(t)
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			dir := newTemplateDir(t, tc.files)
+			var sd []string
+			for _, x := range tc.sd {
+				if x == "self" {
+					sd = append(sd, dir)
+				} else {
+					sd = append(sd, x)
+				}
+			}
+			targetDir := t.TempDir()
+			err := j2.RenderDirectory(dir, targetDir, tc.excl, WithSearchDirs(sd))
+			if tc.err == "" {
+				assert.NoError(t, err)
+			} else {
+				assert.EqualError(t, err, tc.err)
+			}
+			assertDirSame(t, targetDir, tc.r)
+		})
+	}
+}
+
+func TestCustomTmpDir(t *testing.T) {
+	tmpDir := t.TempDir()
+
+	// first, test without WithEmbeddedExtractDir
+	j2 := newJinja2(t, WithGlobals(map[string]any{
+		"test_var1": "1",
+		"test_var2": map[string]any{
+			"test": "2",
+		},
+	}))
+	m, err := filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-python-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+	m, err = filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-jinja2-lib-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+	m, err = filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-jinja2-renderer-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+
+	// and now with WithEmbeddedExtractDir
+	j2 = newJinja2(t, WithGlobals(map[string]any{
+		"test_var1": "1",
+		"test_var2": map[string]any{
+			"test": "2",
+		},
+	}), WithEmbeddedExtractDir(tmpDir))
+	m, err = filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-python-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 0)
+	m, err = filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-jinja2-lib-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 0)
+	m, err = filepath.Glob(filepath.Join(os.TempDir(), "go-jinja2-embedded", j2.name+"-jinja2-renderer-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 0)
+	m, err = filepath.Glob(filepath.Join(tmpDir, j2.name+"-python-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+	m, err = filepath.Glob(filepath.Join(tmpDir, j2.name+"-jinja2-lib-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+	m, err = filepath.Glob(filepath.Join(tmpDir, j2.name+"-jinja2-renderer-*"))
+	assert.NoError(t, err)
+	assert.Len(t, m, 2) // dir + .lock
+
+	// now check if it is functional
+	s, err := j2.RenderString("test")
+	assert.NoError(t, err)
+	assert.Equal(t, "test", s)
+}
diff --git a/lib/go-jinja2/opts.go b/lib/go-jinja2/opts.go
new file mode 100644
index 000000000..3cd181530
--- /dev/null
+++ b/lib/go-jinja2/opts.go
@@ -0,0 +1,150 @@
+package jinja2
+
+import "github.com/kluctl/go-embed-python/python"
+
+type jinja2Options struct {
+	DebugTrace   bool `json:"debugTrace"`
+	NonStrict    bool `json:"nonStrict"`
+	TrimBlocks   bool `json:"trimBlocks"`
+	LstripBlocks bool `json:"lstripBlocks"`
+
+	SearchDirs []string       `json:"searchDirs"`
+	Globals    map[string]any `json:"globals"`
+
+	Filters    map[string]string `json:"filters"`
+	Extensions []string          `json:"extensions"`
+
+	// not passed to renderer
+	python                 python.Python
+	pythonPath             []string
+	embeddedExtractDir     string
+	templateIgnoreRootPath string
+	traceJsonSend          func(map[string]any)
+	traceJsonReceive       func(map[string]any)
+}
+
+type Jinja2Opt func(o *jinja2Options)
+
+func WithDebugTrace(debugTrace bool) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.DebugTrace = debugTrace
+	}
+}
+
+func WithPython(p python.Python) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.python = p
+	}
+}
+
+func WithPythonPath(p string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.pythonPath = append(o.pythonPath, p)
+	}
+}
+
+func WithEmbeddedExtractDir(p string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.embeddedExtractDir = p
+	}
+}
+
+func WithStrict(strict bool) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.NonStrict = !strict
+	}
+}
+
+func WithTrimBlocks(trimBlocks bool) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.TrimBlocks = trimBlocks
+	}
+}
+
+func WithLStripBlocks(lstripBlocks bool) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.LstripBlocks = lstripBlocks
+	}
+}
+
+func WithSearchDir(dir string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.SearchDirs = append(o.SearchDirs, dir)
+	}
+}
+
+func WithSearchDirs(dirs []string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.SearchDirs = append(o.SearchDirs, dirs...)
+	}
+}
+
+func WithGlobal(k string, v any) Jinja2Opt {
+	return func(o *jinja2Options) {
+		if o.Globals == nil {
+			o.Globals = make(map[string]any)
+		}
+		o.Globals[k] = v
+	}
+}
+
+func WithGlobals(globals map[string]any) Jinja2Opt {
+	return func(o *jinja2Options) {
+		if o.Globals == nil {
+			o.Globals = make(map[string]any)
+		}
+		for k, v := range globals {
+			o.Globals[k] = v
+		}
+	}
+}
+
+func WithTemplateIgnoreRootDir(dir string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.templateIgnoreRootPath = dir
+	}
+}
+
+// WithFilter adds a custom filter with `name` to the engine
+//
+// name: the name of the filter
+// code: the code defines a filter function
+//
+// By default, name of the defined function should be same as the filter name.
+// You can change this behaviour to set your filter name to 'xxx:yyy' format,
+// then the real filter name is 'xxx' and the function name is 'yyy'.
+//
+// For example, you can use
+//
+//	WithFilter("add", "def add(x, y): return x + y")
+//
+// And also, you can use
+//
+//	WithFilter("add:my_add", "def my_add(x, y): return x + y")
+func WithFilter(name string, code string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		if o.Filters == nil {
+			o.Filters = make(map[string]string)
+		}
+
+		o.Filters[name] = code
+	}
+}
+
+func WithExtension(e string) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.Extensions = append(o.Extensions, e)
+	}
+}
+
+func WithTraceJsonSend(f func(map[string]any)) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.traceJsonSend = f
+	}
+}
+
+func WithTraceJsonReceive(f func(map[string]any)) Jinja2Opt {
+	return func(o *jinja2Options) {
+		o.traceJsonReceive = f
+	}
+}
diff --git a/lib/go-jinja2/python_src/embed.go b/lib/go-jinja2/python_src/embed.go
new file mode 100644
index 000000000..cf3e1b764
--- /dev/null
+++ b/lib/go-jinja2/python_src/embed.go
@@ -0,0 +1,8 @@
+package python_src
+
+import (
+	"embed"
+)
+
+//go:embed all:*
+var RendererSource embed.FS
diff --git a/lib/go-jinja2/python_src/go_jinja2/__init__.py b/lib/go-jinja2/python_src/go_jinja2/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/__init__.py b/lib/go-jinja2/python_src/go_jinja2/ext/__init__.py
new file mode 100644
index 000000000..b9750107e
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/__init__.py
@@ -0,0 +1,5 @@
+from .kluctl_ext import KluctlExtension
+from .time_ext import TimeExtension
+
+kluctl = KluctlExtension
+time = TimeExtension
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/dict_utils.py b/lib/go-jinja2/python_src/go_jinja2/ext/dict_utils.py
new file mode 100644
index 000000000..dd3d95065
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/dict_utils.py
@@ -0,0 +1,64 @@
+from .jsonpath_utils import parse_json_path
+
+
+def copy_primitive_value(v):
+    if isinstance(v, dict):
+        return copy_dict(v)
+    if is_iterable(v, False):
+        return [copy_primitive_value(x) for x in v]
+    return v
+
+def copy_dict(a):
+    ret = {}
+    for k, v in a.items():
+        ret[k] = copy_primitive_value(v)
+    return ret
+
+def merge_dict(a, b, clone=True):
+    if clone:
+        a = copy_dict(a)
+    if a is None:
+        a = {}
+    if b is None:
+        b = {}
+    for key in b:
+        if key in a:
+            if isinstance(a[key], dict) and isinstance(b[key], dict):
+                merge_dict(a[key], b[key], clone=False)
+            else:
+                a[key] = b[key]
+        else:
+            a[key] = b[key]
+    return a
+
+
+def get_dict_value(y, path, default=None):
+    p = parse_json_path(path)
+    f = p.find(y)
+    if len(f) > 1:
+        raise Exception("Only simple jsonpath supported in get_dict_value")
+    if len(f) == 0:
+        return default
+    return f[0].value
+
+def is_iterable(obj, str_and_bytes=True):
+    if isinstance(obj, list):
+        return True
+    if isinstance(obj, tuple):
+        return True
+    if isinstance(obj, dict):
+        return True
+    if isinstance(obj, str):
+        return str_and_bytes
+    if isinstance(obj, bytes):
+        return str_and_bytes
+    if isinstance(obj, int) or isinstance(obj, bool):
+        return False
+    if isinstance(obj, type):
+        return False
+    try:
+        iter(obj)
+    except Exception:
+        return False
+    else:
+        return True
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/jsonpath_utils.py b/lib/go-jinja2/python_src/go_jinja2/ext/jsonpath_utils.py
new file mode 100644
index 000000000..4d7f8d494
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/jsonpath_utils.py
@@ -0,0 +1,100 @@
+# Add better wildcard support to jsonpath lib
+import fnmatch
+import logging
+import os
+
+import ply
+from jsonpath_ng import auto_id_field, jsonpath, JSONPath
+from jsonpath_ng.exceptions import JsonPathParserError
+from jsonpath_ng.ext.parser import ExtentedJsonPathParser
+from jsonpath_ng.parser import IteratorToTokenStream
+
+
+logger = logging.getLogger(__name__)
+
+def ext_reified_fields(self, datum):
+    result = []
+    for field in self.fields:
+        if "*" not in field:
+            result.append(field)
+            continue
+        try:
+            fields = [f for f in datum.value.keys() if fnmatch.fnmatch(f, field)]
+            if auto_id_field is not None:
+                fields.append(auto_id_field)
+            result += fields
+        except AttributeError:
+            pass
+    return tuple(result)
+jsonpath.Fields.reified_fields = ext_reified_fields
+
+# This class pre-creates the yacc parser to speed up things
+class MyJsonPathParser(ExtentedJsonPathParser):
+    '''
+    Dummy doc-string to avoid exceptions
+    '''
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        start_symbol = 'jsonpath'
+
+        output_directory = os.path.dirname(__file__)
+        try:
+            module_name = os.path.splitext(os.path.split(__file__)[1])[0]
+        except:
+            module_name = __name__
+
+        parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
+        self.parser = ply.yacc.yacc(module=self,
+                                   debug=self.debug,
+                                   tabmodule=parsing_table_module,
+                                   outputdir=output_directory,
+                                   write_tables=0,
+                                   start=start_symbol,
+                                   errorlog=logger)
+
+    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
+        assert start_symbol == "jsonpath"
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
+
+
+def convert_list_to_json_path(p):
+    p2 = ""
+    for x in p:
+        if isinstance(x, str):
+            if x.isalnum():
+                if p2 != "":
+                    p2 += "."
+                p2 += "%s" % x
+            else:
+                if p2 == "":
+                    p2 = "$"
+                if '"' in x:
+                    p2 = "%s['%s']" % (p2, x)
+                else:
+                    p2 = '%s["%s"]' % (p2, x)
+        else:
+            if p2 == "":
+                p2 = "$"
+            p2 = "%s[%d]" % (p2, x)
+    return p2
+
+json_path_cache = {}
+json_path_parser = MyJsonPathParser()
+
+def parse_json_path(p) -> JSONPath:
+    if isinstance(p, list) or isinstance(p, tuple):
+        p = convert_list_to_json_path(p)
+
+    if p in json_path_cache:
+        return json_path_cache[p]
+
+    try:
+        pp = json_path_parser.parse(p)
+    except JsonPathParserError as e:
+        raise Exception("Invalid json path '%s'. Error=%s" % (p, str(e)))
+
+    pp = json_path_cache.setdefault(p, pp)
+
+    return pp
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/kluctl_ext.py b/lib/go-jinja2/python_src/go_jinja2/ext/kluctl_ext.py
new file mode 100644
index 000000000..bbbf2dc34
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/kluctl_ext.py
@@ -0,0 +1,155 @@
+import base64
+import hashlib
+import json
+import os
+import textwrap
+
+import sys
+
+import jinja2
+from jinja2 import TemplateError, TemplateNotFound
+from jinja2.ext import Extension
+from jinja2.runtime import Context
+
+from .dict_utils import get_dict_value, merge_dict
+from .yaml_utils import yaml_dump, yaml_load
+
+
+class KluctlExtension(Extension):
+    def __init__(self, environment):
+        super().__init__(environment)
+        add_jinja2_filters(environment)
+
+
+def b64encode(string):
+    return base64.b64encode(string.encode()).decode()
+
+
+def b64decode(string):
+    return base64.b64decode(string.encode()).decode()
+
+
+def to_yaml(obj):
+    return yaml_dump(obj)
+
+
+def to_json(obj):
+    return json.dumps(obj)
+
+
+def from_yaml(s):
+    return yaml_load(s)
+
+
+@jinja2.pass_context
+def render(ctx, string):
+    # TODO we should deprecate render being available as filter, as filters seem to not have access to local variables
+    t = ctx.environment.from_string(string)
+    return t.render(ctx.get_all())
+
+
+def sha256(s, digest_len=None):
+    if not isinstance(s, bytes):
+        s = s.encode("utf-8")
+    hash = hashlib.sha256(s).hexdigest()
+    if digest_len is not None:
+        hash = hash[:digest_len]
+    return hash
+
+
+def slugify(s, **slugify_args):
+    from slugify import slugify as _slugify
+    return _slugify(s, **slugify_args)
+
+
+@jinja2.pass_context
+def load_template(ctx, path, **kwargs):
+    ctx.environment.print_debug("load_template(%s)" % path)
+    t = ctx.environment.get_template(path.replace(os.path.sep, '/'), parent=ctx.name)
+    vars = merge_dict(ctx.get_all(), kwargs)
+    return t.render(vars)
+
+
+@jinja2.pass_context
+def load_base64(ctx, path, width=None):
+    ctx.environment.print_debug("load_base64(%s)" % path)
+    p = path.replace(os.path.sep, '/')
+    if ctx.name:
+        p = ctx.environment.join_path(path, ctx.name)
+
+    p = ctx.environment.loader._find_path(path)
+    if not p:
+        raise TemplateNotFound(path)
+
+    contents, _, _ = ctx.environment.loader.read_template_helper(ctx.environment, p, True)
+
+    contents = base64.b64encode(contents).decode("utf-8")
+    if width:
+        contents = textwrap.fill(contents, width=width)
+
+    return contents
+
+
+class VarNotFoundException(Exception):
+    pass
+
+
+@jinja2.pass_context
+def get_var(ctx, path, default=None):
+    if not isinstance(path, list):
+        path = [path]
+
+    all_vars = ctx.get_all()
+    for p in path:
+        r = get_dict_value(all_vars, p, VarNotFoundException())
+        if isinstance(r, VarNotFoundException):
+            continue
+        return r
+    return default
+
+
+def update_dict(a, b):
+    merge_dict(a, b, False)
+    return ""
+
+
+def raise_helper(msg):
+    raise TemplateError(msg)
+
+
+def debug_print(msg):
+    sys.stderr.write("debug_print: %s\n" % str(msg))
+    return ""
+
+
+@jinja2.pass_context
+def load_sha256(ctx: Context, path, digest_len=None):
+    if "__calc_sha256__" in ctx:
+        return "__self_sha256__"
+    rendered = load_template(ctx, path, __calc_sha256__=True)
+    hash = hashlib.sha256(rendered.encode("utf-8")).hexdigest()
+    if digest_len is not None:
+        hash = hash[:digest_len]
+    return hash
+
+
+def add_jinja2_filters(jinja2_env):
+    jinja2_env.filters['b64encode'] = b64encode
+    jinja2_env.filters['b64decode'] = b64decode
+    jinja2_env.filters['to_yaml'] = to_yaml
+    jinja2_env.filters['to_json'] = to_json
+    jinja2_env.filters['from_yaml'] = from_yaml
+    # render is available as filter and as global function. The filter should be deprecated in the future as it is
+    # unable to access local variables
+    jinja2_env.filters['render'] = render
+    jinja2_env.filters['sha256'] = sha256
+    jinja2_env.filters['slugify'] = slugify
+    jinja2_env.globals['load_template'] = load_template
+    jinja2_env.globals['load_base64'] = load_base64
+    jinja2_env.globals['get_var'] = get_var
+    jinja2_env.globals['merge_dict'] = merge_dict
+    jinja2_env.globals['update_dict'] = update_dict
+    jinja2_env.globals['raise'] = raise_helper
+    jinja2_env.globals['debug_print'] = debug_print
+    jinja2_env.globals['load_sha256'] = load_sha256
+    jinja2_env.globals['render'] = render
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/time_ext.py b/lib/go-jinja2/python_src/go_jinja2/ext/time_ext.py
new file mode 100644
index 000000000..dcd2f5fd6
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/time_ext.py
@@ -0,0 +1,79 @@
+import functools
+import zoneinfo
+from datetime import datetime, timedelta
+
+from jinja2.ext import Extension
+
+
+class TimeExtension(Extension):
+    def __init__(self, environment):
+        super().__init__(environment)
+        environment.globals["time"] = {
+            "now": SimpleTime.now,
+            "utcnow": SimpleTime.utcnow,
+            "parse_iso": SimpleTime.parse_iso,
+            "second": 1000000,
+            "minute": 1000000 * 60,
+            "hour": 1000000 * 60 * 60,
+        }
+
+@functools.total_ordering
+class SimpleTime:
+    def __init__(self, t):
+        self.t = t
+
+    @classmethod
+    def now(cls):
+        t = datetime.now()
+        return SimpleTime(t)
+
+    @classmethod
+    def utcnow(cls):
+        t = datetime.utcnow()
+        return SimpleTime(t)
+
+    @classmethod
+    def parse_iso(cls, s):
+        return SimpleTime(datetime.fromisoformat(s))
+
+    def as_timezone(self, tz):
+        tz = zoneinfo.ZoneInfo(tz)
+        return SimpleTime(self.t.astimezone(tz))
+
+    def weekday(self):
+        return self.t.weekday()
+
+    def hour(self):
+        return self.t.hour
+
+    def minute(self):
+        return self.t.minute
+
+    def second(self):
+        return self.t.second
+
+    def nanosecond(self):
+        return self.t.microsecond * 1000
+
+    def __str__(self):
+        return self.t.isoformat()
+
+    def __add__(self, other):
+        d = timedelta(microseconds=other)
+        self.t += d
+        return self
+
+    def __sub__(self, other):
+        d = timedelta(microseconds=other)
+        self.t -= d
+        return self
+
+    def __lt__(self, other):
+        if not isinstance(other, SimpleTime):
+            raise ValueError("value is not a SimpleTime")
+        return self.t < other.t
+
+    def __eq__(self, other):
+        if not isinstance(other, SimpleTime):
+            raise ValueError("value is not a SimpleTime")
+        return self.t == other.t
diff --git a/lib/go-jinja2/python_src/go_jinja2/ext/yaml_utils.py b/lib/go-jinja2/python_src/go_jinja2/ext/yaml_utils.py
new file mode 100644
index 000000000..84ffb9b0a
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/ext/yaml_utils.py
@@ -0,0 +1,49 @@
+import yaml
+
+from yaml import SafeLoader as SafeLoader, SafeDumper as SafeDumper
+
+def construct_value(load, node):
+    if not isinstance(node, yaml.ScalarNode):
+        raise yaml.constructor.ConstructorError(
+            "while constructing a value",
+            node.start_mark,
+            "expected a scalar, but found %s" % node.id, node.start_mark
+        )
+    yield str(node.value)
+
+
+# See https://github.com/yaml/pyyaml/issues/89
+SafeLoader.add_constructor(u'tag:yaml.org,2002:value', construct_value)
+
+
+def multiline_str_representer(dumper, data):
+    if len(data.splitlines()) > 1:  # check for multiline string
+        return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='|')
+    if str.isnumeric(data):
+        return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='\'')
+    return dumper.represent_scalar('tag:yaml.org,2002:str', data)
+
+class MultilineStrDumper(SafeDumper):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.add_representer(str, multiline_str_representer)
+
+def yaml_load(s):
+    return yaml.load(s, Loader=SafeLoader)
+
+def yaml_load_all(s):
+    return list(yaml.load_all(s, Loader=SafeLoader))
+
+def yaml_load_file(path, all=False):
+    with open(path) as f:
+        if all:
+            y = yaml_load_all(f)
+        else:
+            y = yaml_load(f)
+    return y
+
+def yaml_dump(y, stream=None):
+    return yaml.dump(y, stream=stream, Dumper=MultilineStrDumper, sort_keys=False)
+
+def yaml_dump_all(y, stream=None):
+    return yaml.dump_all(y, stream=stream, Dumper=MultilineStrDumper, sort_keys=False)
diff --git a/lib/go-jinja2/python_src/go_jinja2/jinja2_renderer.py b/lib/go-jinja2/python_src/go_jinja2/jinja2_renderer.py
new file mode 100644
index 000000000..52e547b04
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/jinja2_renderer.py
@@ -0,0 +1,97 @@
+from jinja2 import StrictUndefined, ChainableUndefined
+
+from .jinja2_utils import MyEnvironment, extract_template_error, MyLoader
+
+
+class NullUndefined(ChainableUndefined):
+    def _return_self(self, other):
+        return self
+
+    __add__ = __radd__ = __sub__ = __rsub__ = _return_self
+    __mul__ = __rmul__ = __div__ = __rdiv__ = _return_self
+    __truediv__ = __rtruediv__ = _return_self
+    __floordiv__ = __rfloordiv__ = _return_self
+    __mod__ = __rmod__ = _return_self
+    __pos__ = __neg__ = _return_self
+    __call__ = __getitem__ = _return_self
+    __lt__ = __le__ = __gt__ = __ge__ = _return_self
+    __int__ = __float__ = __complex__ = _return_self
+    __pow__ = __rpow__ = _return_self
+
+
+class Jinja2Renderer:
+    def __init__(self, opts):
+        self.opts = opts
+
+    def build_env(self):
+        debug_enabled = self.opts.get("debugTrace", False)
+        loader = MyLoader(self.opts.get("searchDirs", []))
+        environment = MyEnvironment(debug_enabled=debug_enabled,
+                                    loader=loader,
+                                    undefined=NullUndefined if self.opts.get("nonStrict", False) else StrictUndefined,
+                                    cache_size=10000,
+                                    auto_reload=False,
+                                    trim_blocks=self.opts.get("trimBlocks", False),
+                                    lstrip_blocks=self.opts.get("lstripBlocks", False))
+        environment.globals.update(self.opts.get("globals", {}))
+
+        for e in self.opts.get("extensions", []):
+            environment.add_extension(e)
+
+        for name, code in self.opts.get("filters", {}).items():
+            track = {}
+            exec(code, track)
+            i = name.find(":")
+            if i != -1:
+                funcname = name[i + 1:]
+                name = name[:i]
+            else:
+                funcname = name
+
+            f = track.get(funcname)
+
+            if f is None or not callable(f):
+                raise AttributeError(f"function {funcname} is not found in filter code")
+
+            environment.filters[name] = f
+
+        return environment, loader
+
+    def render_helper(self, templates, is_string):
+        env, loader = self.build_env()
+
+        result = []
+
+        for i, t in enumerate(templates):
+            try:
+                if is_string:
+                    t = env.from_string(t)
+                    loader.root_template = None
+                else:
+                    loader.root_template = t
+                    t = env.get_template(t)
+                result.append({
+                    "result": t.render()
+                })
+            except Exception as e:
+                result.append({
+                    "error": extract_template_error(e),
+                })
+
+        return result
+
+    def RenderStrings(self, templates):
+        try:
+            return self.render_helper(templates, True)
+        except Exception as e:
+            return [{
+                "error": str(e)
+            }] * len(templates)
+
+    def RenderFiles(self, templates):
+        try:
+            return self.render_helper(templates, False)
+        except Exception as e:
+            return [{
+                "error": str(e)
+            }] * len(templates)
diff --git a/lib/go-jinja2/python_src/go_jinja2/jinja2_utils.py b/lib/go-jinja2/python_src/go_jinja2/jinja2_utils.py
new file mode 100644
index 000000000..bf38e1230
--- /dev/null
+++ b/lib/go-jinja2/python_src/go_jinja2/jinja2_utils.py
@@ -0,0 +1,147 @@
+import io
+import os
+import posixpath
+import traceback
+import typing
+
+import sys
+from jinja2 import Environment, TemplateNotFound, BaseLoader
+from jinja2.loaders import split_template_path
+
+
+# This Jinja2 environment allows to load templates relative to the parent template. This means that for example
+# '{% include "file.yml" %}' will try to include the template from a ./file.yml
+class MyEnvironment(Environment):
+    def __init__(self, debug_enabled, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.debug_enabled = debug_enabled
+
+    """Override join_path() to enable relative template paths."""
+    """See https://stackoverflow.com/a/3655911/7132642"""
+    def join_path(self, template, parent):
+        result = self._join_path(template, parent)
+        self.print_debug("join_path(%s, %s) - result=%s" % (template, parent, result))
+        return result
+
+    def _join_path(self, template, parent):
+        if template[:2] == "./" or template[:3] == "../":
+            p = os.path.join(os.path.dirname(parent), template)
+            p = os.path.normpath(p)
+            p = p.replace(os.path.sep, '/')
+            return p
+        return template
+
+    def print_debug(self, s):
+        if self.debug_enabled:
+            print(s, file=sys.stderr)
+
+
+class MyLoader(BaseLoader):
+    def __init__(self, searchpath):
+        super().__init__()
+        self.root_template = None
+        self.searchpath = searchpath
+
+    def get_source(
+            self, environment: "MyEnvironment", template: str
+    ) -> typing.Tuple[str, typing.Optional[str], typing.Optional[typing.Callable[[], bool]]]:
+        return self.debug_wrap_get_source("MyLoader", self._get_source, environment, template)
+
+    def _find_path(self, template):
+        if template == self.root_template:
+            return template
+
+        p = self._find_path_abs_search_path(template)
+        if p:
+            return p
+
+        p = self._find_path_rel_search_path(template)
+        if p:
+            return p
+
+        return None
+
+    def _find_path_abs_search_path(self, template):
+        try:
+            if not os.path.isabs(template):
+                return None
+            template = os.path.abspath(template)
+            for s in self.searchpath:
+                sabs = os.path.abspath(s)
+                if template.startswith(sabs + os.path.sep):
+                    return template
+            return None
+        except OSError:
+            return None
+
+    def _find_path_rel_search_path(self, template):
+        pieces = split_template_path(template)
+        for searchpath in self.searchpath:
+            # Use posixpath even on Windows to avoid "drive:" or UNC
+            # segments breaking out of the search directory.
+            filename = posixpath.join(searchpath, *pieces)
+            if os.path.isfile(filename):
+                return filename
+        return None
+
+    def _get_source(
+            self, environment: "MyEnvironment", template: str
+    ) -> typing.Tuple[str, typing.Optional[str], typing.Optional[typing.Callable[[], bool]]]:
+        p = self._find_path(template)
+        if not p:
+            raise TemplateNotFound(template)
+        return self.read_template_helper(environment, p)
+
+    def read_template_helper(self, environment, template, binary=False):
+        environment.print_debug("_read_template_helper %s" % template)
+        try:
+            mode = "r"
+            if binary:
+                mode += "b"
+            with open(template, mode) as f:
+                contents = f.read()
+        except OSError:
+            raise TemplateNotFound(template)
+
+        mtime = os.path.getmtime(template)
+
+        def uptodate() -> bool:
+            try:
+                return os.path.getmtime(template) == mtime
+            except OSError:
+                return False
+
+        return contents, os.path.normpath(template), uptodate
+
+    def debug_wrap_get_source(self, prefix, fn, environment, template):
+        if not environment.debug_enabled:
+            return fn(environment, template)
+        try:
+            contents, filename, uptodate = fn(environment, template)
+            print("%s.get_source(template=%s), result=found" % (prefix, template), file=sys.stderr)
+            return contents, filename, uptodate
+        except TemplateNotFound:
+            print("%s.get_source(template=%s), result=TemplateNotFound" % (prefix, template), file=sys.stderr)
+            raise
+
+
+def extract_template_error(e):
+    try:
+        raise e
+    except TemplateNotFound as e2:
+        return "template %s not found" % str(e2)
+    except:
+        etype, value, tb = sys.exc_info()
+    extracted_tb = traceback.extract_tb(tb)
+    found_template = None
+    for i, s in reversed(list(enumerate(extracted_tb))):
+        if not s.filename.endswith(".py"):
+            found_template = i
+            break
+    f = io.StringIO()
+    if found_template is not None:
+        traceback.print_list([extracted_tb[found_template]], file=f)
+        print("%s: %s" % (type(e).__name__, str(e)), file=f)
+    else:
+        traceback.print_exception(etype, value, tb, file=f)
+    return f.getvalue()
diff --git a/lib/go-jinja2/python_src/main.py b/lib/go-jinja2/python_src/main.py
new file mode 100644
index 000000000..a4d440bde
--- /dev/null
+++ b/lib/go-jinja2/python_src/main.py
@@ -0,0 +1,48 @@
+import json
+import sys
+import warnings
+
+from go_jinja2.jinja2_renderer import Jinja2Renderer
+
+with warnings.catch_warnings():
+    # jsonpath_ng contains regexes that cause these warnings when importing:
+    # SyntaxWarning: invalid escape sequence '\('
+    import jsonpath_ng
+
+
+def main():
+    while True:
+        cmd = sys.stdin.readline()
+        if not cmd:
+            break
+        cmd = json.loads(cmd)
+        opts = cmd["opts"]
+
+        r = Jinja2Renderer(opts)
+
+        result = {}
+        if cmd["cmd"] == "init":
+            pass
+        elif cmd["cmd"] == "render-strings":
+            result = {
+                "templateResults": r.RenderStrings(cmd["templates"])
+            }
+        elif cmd["cmd"] == "render-files":
+            result = {
+                "templateResults": r.RenderFiles(cmd["templates"])
+            }
+        elif cmd["cmd"] == "exit":
+            break
+        else:
+            raise Exception("invalid cmd")
+
+        result = json.dumps(result)
+
+        sys.stdout.write(result + "\n")
+        sys.stdout.flush()
+
+if __name__ == "__main__":
+    try:
+        main()
+    except KeyboardInterrupt as e:
+        pass
diff --git a/lib/go-jinja2/render_struct.go b/lib/go-jinja2/render_struct.go
new file mode 100644
index 000000000..efbb2e0ac
--- /dev/null
+++ b/lib/go-jinja2/render_struct.go
@@ -0,0 +1,182 @@
+package jinja2
+
+import (
+	"github.com/hashicorp/go-multierror"
+	"reflect"
+)
+
+type structStringCollectorEntry struct {
+	s      string
+	setter func(s string)
+}
+
+type structStringCollector struct {
+	j       *Jinja2
+	strings []structStringCollectorEntry
+}
+
+func (w *structStringCollector) extractTemplateString(v reflect.Value) (string, bool) {
+	if v.IsZero() {
+		return "", false
+	}
+
+	t := v.Type()
+	if t.Kind() == reflect.Interface || t.Kind() == reflect.Pointer {
+		v = v.Elem()
+		t = v.Type()
+	}
+	if t.Kind() == reflect.String {
+		s := v.String()
+		if !isMaybeTemplateString(s) {
+			return "", false
+		}
+		return v.String(), true
+	}
+	return "", false
+}
+
+func (w *structStringCollector) addString(s string, setter func(s string)) {
+	w.strings = append(w.strings, structStringCollectorEntry{
+		s:      s,
+		setter: setter,
+	})
+}
+
+func (w *structStringCollector) walkStruct(v reflect.Value) error {
+	t := v.Type()
+	l := t.NumField()
+
+	for i := 0; i < l; i++ {
+		f := v.Field(i)
+		if s, ok := w.extractTemplateString(f); ok {
+			w.addString(s, func(s string) {
+				if f.Type().Kind() == reflect.Pointer {
+					f.Set(reflect.ValueOf(&s))
+				} else {
+					f.Set(reflect.ValueOf(s))
+				}
+			})
+		} else {
+			err := w.walkValue(f)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkList(v reflect.Value) error {
+	l := v.Len()
+	for i := 0; i < l; i++ {
+		e := v.Index(i)
+		if s, ok := w.extractTemplateString(e); ok {
+			w.addString(s, func(s string) {
+				if e.Type().Kind() == reflect.Pointer {
+					e.Set(reflect.ValueOf(&s))
+				} else {
+					e.Set(reflect.ValueOf(s))
+				}
+			})
+		} else {
+			err := w.walkValue(e)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkMap(v reflect.Value) error {
+	it := v.MapRange()
+	for it.Next() {
+		ik := it.Key()
+		iv := it.Value()
+
+		if s, ok := w.extractTemplateString(iv); ok {
+			if isMaybeTemplateString(s) {
+				w.addString(s, func(s string) {
+					if iv.Type().Kind() == reflect.Pointer {
+						v.SetMapIndex(ik, reflect.ValueOf(&s))
+					} else {
+						v.SetMapIndex(ik, reflect.ValueOf(s))
+					}
+				})
+			}
+		} else {
+			err := w.walkValue(iv)
+			if err != nil {
+				return err
+			}
+		}
+
+		if s, ok := w.extractTemplateString(ik); ok {
+			if isMaybeTemplateString(s) {
+				w.addString(s, func(s string) {
+					iv2 := v.MapIndex(ik)
+					v.SetMapIndex(ik, reflect.ValueOf(nil))
+					v.SetMapIndex(reflect.ValueOf(s), iv2)
+				})
+			}
+		}
+	}
+	return nil
+}
+
+func (w *structStringCollector) walkValue(v reflect.Value) error {
+	if v.IsZero() {
+		return nil
+	}
+
+	v = reflect.Indirect(v)
+	t := v.Type()
+
+	switch t.Kind() {
+	case reflect.Interface, reflect.Pointer:
+		return w.walkValue(v.Elem())
+	case reflect.Slice, reflect.Array:
+		return w.walkList(v)
+	case reflect.Struct:
+		return w.walkStruct(v)
+	case reflect.Map:
+		return w.walkMap(v)
+	}
+	return nil
+}
+
+func (j *Jinja2) RenderStruct(o interface{}, opts ...Jinja2Opt) (bool, error) {
+	w := &structStringCollector{j: j}
+	v := reflect.ValueOf(o)
+	err := w.walkValue(v)
+	if err != nil {
+		return false, err
+	}
+
+	var jobs []*RenderJob
+
+	for _, sv := range w.strings {
+		jobs = append(jobs, &RenderJob{Template: sv.s})
+	}
+
+	err = j.RenderStrings(jobs, opts...)
+	if err != nil {
+		return false, err
+	}
+
+	changed := false
+
+	var retErr *multierror.Error
+	for i, sv := range w.strings {
+		job := jobs[i]
+		if job.Error != nil {
+			retErr = multierror.Append(retErr, job.Error)
+		} else {
+			if sv.s != *job.Result {
+				sv.setter(*job.Result)
+				changed = true
+			}
+		}
+	}
+	return changed, retErr.ErrorOrNil()
+}

From 14318dbd2b384c5086eaacaa526762ec008fc717 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 14:19:46 +0100
Subject: [PATCH 2228/2268] chore: Use go-jinja2 from lib/go-jinja2

---
 go.mod                            |   1 -
 go.sum                            |   2 -
 lib/go-jinja2/LICENSE             | 202 ------------------------------
 lib/go-jinja2/README.md           |   2 +-
 lib/go-jinja2/go.mod              |  29 -----
 lib/go-jinja2/go.sum              |  52 --------
 lib/go-jinja2/jinja2.go           |   4 +-
 lib/go.mod                        |   7 +-
 lib/go.sum                        |  15 ++-
 pkg/controllers/kluctl_project.go |   2 +-
 pkg/kluctl_jinja2/conditionals.go |   2 +-
 pkg/kluctl_jinja2/jinja2.go       |   2 +-
 pkg/kluctl_project/load.go        |   2 +-
 pkg/kluctl_project/project.go     |   2 +-
 pkg/vars/vars.go                  |   2 +-
 pkg/vars/vars_loader.go           |   2 +-
 pkg/vars/vars_test.go             |   2 +-
 17 files changed, 31 insertions(+), 299 deletions(-)
 delete mode 100644 lib/go-jinja2/LICENSE
 delete mode 100644 lib/go-jinja2/go.mod
 delete mode 100644 lib/go-jinja2/go.sum

diff --git a/go.mod b/go.mod
index c6bf76685..f34aa4eb9 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,6 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
-	github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f
 	github.com/kluctl/kluctl/lib v0.0.0-20241216101058-0040b94148ed
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index fb0b0c7d3..3daca28e6 100644
--- a/go.sum
+++ b/go.sum
@@ -461,8 +461,6 @@ github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kK
 github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
 github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2 h1:JcYhVgX7jFN8QcoBxx8/kLxUyeUzE/JnGf5ntulNPPM=
 github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
-github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f h1:DXcOryOSs9LG2xd7LlllWOL8fPA8i4OTXJzHOPtz6hA=
-github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
diff --git a/lib/go-jinja2/LICENSE b/lib/go-jinja2/LICENSE
deleted file mode 100644
index d64569567..000000000
--- a/lib/go-jinja2/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/lib/go-jinja2/README.md b/lib/go-jinja2/README.md
index 8c7bd4c59..fa9d15ace 100644
--- a/lib/go-jinja2/README.md
+++ b/lib/go-jinja2/README.md
@@ -13,7 +13,7 @@ package main
 
 import (
 	"fmt"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 )
 
 func main() {
diff --git a/lib/go-jinja2/go.mod b/lib/go-jinja2/go.mod
deleted file mode 100644
index 516274742..000000000
--- a/lib/go-jinja2/go.mod
+++ /dev/null
@@ -1,29 +0,0 @@
-module github.com/kluctl/go-jinja2
-
-go 1.19
-
-require (
-	github.com/Masterminds/semver/v3 v3.2.1
-	github.com/go-git/go-git/v5 v5.12.0
-	github.com/gobwas/glob v0.2.3
-	github.com/hashicorp/go-multierror v1.1.1
-	github.com/jinzhu/copier v0.4.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
-	github.com/stretchr/testify v1.9.0
-)
-
-require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
-	golang.org/x/net v0.24.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/lib/go-jinja2/go.sum b/lib/go-jinja2/go.sum
deleted file mode 100644
index ce740ce6e..000000000
--- a/lib/go-jinja2/go.sum
+++ /dev/null
@@ -1,52 +0,0 @@
-github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
-github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
-github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
-github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
-github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
-github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
-github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/lib/go-jinja2/jinja2.go b/lib/go-jinja2/jinja2.go
index ba8e893d8..821f20a94 100644
--- a/lib/go-jinja2/jinja2.go
+++ b/lib/go-jinja2/jinja2.go
@@ -8,8 +8,8 @@ import (
 	"github.com/hashicorp/go-multierror"
 	"github.com/kluctl/go-embed-python/embed_util"
 	"github.com/kluctl/go-embed-python/python"
-	"github.com/kluctl/go-jinja2/internal/data"
-	"github.com/kluctl/go-jinja2/python_src"
+	"github.com/kluctl/kluctl/lib/go-jinja2/internal/data"
+	"github.com/kluctl/kluctl/lib/go-jinja2/python_src"
 	"io/fs"
 	"os"
 	"path/filepath"
diff --git a/lib/go.mod b/lib/go.mod
index d09b65263..2f63cf116 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -3,13 +3,17 @@ module github.com/kluctl/kluctl/lib
 go 1.22.0
 
 require (
+	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/go-playground/validator/v10 v10.22.0
 	github.com/gobwas/glob v0.2.3
 	github.com/hashicorp/go-multierror v1.1.1
+	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
+	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
+	github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.15
 	github.com/mitchellh/reflectwalk v1.0.2
@@ -42,7 +46,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
@@ -50,6 +54,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.2 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
diff --git a/lib/go.sum b/lib/go.sum
index 3fbf1ddd2..a9f502871 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -1,5 +1,7 @@
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
@@ -53,14 +55,21 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4er
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
+github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f h1:DXcOryOSs9LG2xd7LlllWOL8fPA8i4OTXJzHOPtz6hA=
+github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -95,11 +104,14 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
 github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -176,6 +188,7 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
diff --git a/pkg/controllers/kluctl_project.go b/pkg/controllers/kluctl_project.go
index c398f2eea..32d663459 100644
--- a/pkg/controllers/kluctl_project.go
+++ b/pkg/controllers/kluctl_project.go
@@ -6,9 +6,9 @@ import (
 	"github.com/getsops/sops/v3/keyservice"
 	"github.com/getsops/sops/v3/kms"
 	"github.com/google/uuid"
-	"github.com/kluctl/go-jinja2"
 	"github.com/kluctl/kluctl/lib/git"
 	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	helm_auth "github.com/kluctl/kluctl/v2/pkg/helm/auth"
diff --git a/pkg/kluctl_jinja2/conditionals.go b/pkg/kluctl_jinja2/conditionals.go
index 7cee13000..645e0965d 100644
--- a/pkg/kluctl_jinja2/conditionals.go
+++ b/pkg/kluctl_jinja2/conditionals.go
@@ -3,7 +3,7 @@ package kluctl_jinja2
 import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"strings"
 )
 
diff --git a/pkg/kluctl_jinja2/jinja2.go b/pkg/kluctl_jinja2/jinja2.go
index e54283f73..502956311 100644
--- a/pkg/kluctl_jinja2/jinja2.go
+++ b/pkg/kluctl_jinja2/jinja2.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"github.com/kluctl/go-embed-python/embed_util"
 	"github.com/kluctl/go-embed-python/python"
-	x "github.com/kluctl/go-jinja2"
+	x "github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils"
 	"os"
 	"path/filepath"
diff --git a/pkg/kluctl_project/load.go b/pkg/kluctl_project/load.go
index 8f8ce36ba..1c2898c8b 100644
--- a/pkg/kluctl_project/load.go
+++ b/pkg/kluctl_project/load.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"context"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/lib/status"
 	"time"
 )
diff --git a/pkg/kluctl_project/project.go b/pkg/kluctl_project/project.go
index ea256d7c9..2783c2482 100644
--- a/pkg/kluctl_project/project.go
+++ b/pkg/kluctl_project/project.go
@@ -2,7 +2,7 @@ package kluctl_project
 
 import (
 	"fmt"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/repocache"
 	types2 "github.com/kluctl/kluctl/v2/pkg/types"
 	"time"
diff --git a/pkg/vars/vars.go b/pkg/vars/vars.go
index fee33c87d..26686f5bf 100644
--- a/pkg/vars/vars.go
+++ b/pkg/vars/vars.go
@@ -1,7 +1,7 @@
 package vars
 
 import (
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
diff --git a/pkg/vars/vars_loader.go b/pkg/vars/vars_loader.go
index de739c7f1..14f74d72b 100644
--- a/pkg/vars/vars_loader.go
+++ b/pkg/vars/vars_loader.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	types2 "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
 	"github.com/getsops/sops/v3/cmd/sops/formats"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/lib/status"
 	"github.com/kluctl/kluctl/lib/yaml"
 	"github.com/kluctl/kluctl/v2/pkg/clouds/aws"
diff --git a/pkg/vars/vars_test.go b/pkg/vars/vars_test.go
index 8b9748d83..a7b2a84fe 100644
--- a/pkg/vars/vars_test.go
+++ b/pkg/vars/vars_test.go
@@ -2,7 +2,7 @@ package vars
 
 import (
 	"context"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_jinja2"
 	"github.com/kluctl/kluctl/v2/pkg/utils/uo"
 	"github.com/stretchr/testify/assert"

From cc34202707d911c183781d0070038ee04ff19c03 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 14:44:09 +0100
Subject: [PATCH 2229/2268] ci: Run lib tests in CI

---
 .github/workflows/tests.yml | 4 ++--
 Makefile                    | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 0cc6e9dc6..58b0240a8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -199,11 +199,11 @@ jobs:
           key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             tests-go-${{ runner.os }}-
-      - name: Run unit tests
+      - name: Run unit and lib tests
         if: matrix.run_unit_tests
         shell: bash
         run: |
-          make test-unit
+          make test-unit test-lib
       - name: Run e2e-non-gitops tests
         if: matrix.run_e2e_non_gitops
         shell: bash
diff --git a/Makefile b/Makefile
index efd31d74f..3c901b0a6 100644
--- a/Makefile
+++ b/Makefile
@@ -85,12 +85,16 @@ vet: ## Run go vet against code.
 	go vet ./...
 
 .PHONY: test
-test: manifests generate test-unit test-e2e fmt vet ## Run all tests.
+test: manifests generate test-unit test-lib test-e2e fmt vet ## Run all tests.
 
 .PHONY: test-unit
 test-unit: envtest ## Run unit tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) $(shell go list ./... | grep -v v2/e2e) -coverprofile cover.out -test.v
 
+.PHONY: test-lib
+test-lib: ## Run lib tests.
+	cd lib && go test $(RACE) ./...  -coverprofile cover.out -test.v
+
 .PHONY: test-e2e
 test-e2e: envtest ## Run all e2e tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir=$(LOCALBIN) -p path | $(PATHCONF))" go test $(RACE) ./e2e -timeout 15m -coverprofile cover.out -test.v

From c7c1e91742f5825826f3c1b350526feda6c99b72 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 14:52:13 +0100
Subject: [PATCH 2230/2268] chore: Add more error details in Jinja2 renderer

---
 lib/go-jinja2/jinja2_renderer.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/go-jinja2/jinja2_renderer.go b/lib/go-jinja2/jinja2_renderer.go
index 3e80e7b9d..623c14b94 100644
--- a/lib/go-jinja2/jinja2_renderer.go
+++ b/lib/go-jinja2/jinja2_renderer.go
@@ -58,7 +58,7 @@ func newPythonJinja2Renderer(j2 *Jinja2) (*pythonJinja2Renderer, error) {
 
 	err = j2r.cmd.Start()
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to start python for Jinja2: %w", err)
 	}
 
 	j2r.stdoutReader = bufio.NewReader(j2r.stdout)
@@ -209,7 +209,7 @@ func (j *pythonJinja2Renderer) renderHelper(jobs []*RenderJob, isString bool, op
 
 	cmdResult, err := j.runCmd(&jargs)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to run jinja2 cmd: %w", err)
 	}
 
 	for i, item := range cmdResult.TemplateResults {
@@ -230,7 +230,7 @@ func (j *pythonJinja2Renderer) runCmd(jargs *jinja2Cmd) (*jinja2CmdResult, error
 	b, err := json.Marshal(jargs)
 	if err != nil {
 		j.Close()
-		return nil, err
+		return nil, fmt.Errorf("failed to marshal jinja2 cmd args: %w", err)
 	}
 	b = append(b, '\n')
 
@@ -243,14 +243,14 @@ func (j *pythonJinja2Renderer) runCmd(jargs *jinja2Cmd) (*jinja2CmdResult, error
 	_, err = j.stdin.Write(b)
 	if err != nil {
 		j.Close()
-		return nil, err
+		return nil, fmt.Errorf("failed to write jinja2 cmd args: %w", err)
 	}
 
 	line := bytes.NewBuffer(nil)
 	for true {
 		l, p, err := j.stdoutReader.ReadLine()
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to read jinja2 cmd result: %w", err)
 		}
 		line.Write(l)
 		if !p {
@@ -267,7 +267,7 @@ func (j *pythonJinja2Renderer) runCmd(jargs *jinja2Cmd) (*jinja2CmdResult, error
 	var result jinja2CmdResult
 	err = json.Unmarshal(line.Bytes(), &result)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to unmarshal jinja2 cmd result: %w", err)
 	}
 
 	return &result, nil

From 7849f90264ef226a05f25accf22e40f900854d28 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 15:07:20 +0100
Subject: [PATCH 2231/2268] ci: Enforece fixed setup-envtest version

---
 Makefile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 3c901b0a6..8e35e4c04 100644
--- a/Makefile
+++ b/Makefile
@@ -23,6 +23,9 @@ IMG ?= kluctl/kluctl:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.28.0
 
+# This is the last version that supported go 1.22. We can switch back to latest when we don't need to support 1.22 anymore.
+SETUP_ENVTEST_VERSION = v0.0.0-20241011141221-469837099f73
+
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
@@ -201,6 +204,5 @@ gen-crd-api-reference-docs:
 	GOBIN=$(LOCALBIN) go install github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0
 
 .PHONY: envtest
-envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
-$(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+envtest: $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(SETUP_ENVTEST_VERSION)

From 6b221e1a70227a956f14b925a46ee3159c6c4792 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 15:29:49 +0100
Subject: [PATCH 2232/2268] ci: Use cache functionality of setup-go instead of
 actions/cache

---
 .github/workflows/nightly.yml       |  9 +--------
 .github/workflows/preview-proxy.yml |  1 +
 .github/workflows/preview-run.yml   |  9 +--------
 .github/workflows/release.yml       |  9 +--------
 .github/workflows/tests.yml         | 27 +++------------------------
 5 files changed, 7 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 8960b5973..1232d1ada 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -27,6 +27,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.22
+          cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
           node-version: 20
@@ -45,14 +46,6 @@ jobs:
           registry: ghcr.io
           username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-goreleaser-nightly-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-goreleaser-nightly-
       - name: Set .goreleaser.yaml's release.draft=false
         shell: bash
         run: |
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 28b3be36c..405c3d2e3 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -38,6 +38,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.22
+          cache-dependency-path: "**/*.sum"
       - name: Install some tools
         run: |
           sudo apt update
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 3ef59882d..74da142c3 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -21,19 +21,12 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.22
+          cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-preview-build-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-preview-build-
       - name: Install some tools
         run: |
           sudo apt update
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 18cf1e392..ba42d14f5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,6 +24,7 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: 1.22
+          cache-dependency-path: "**/*.sum"
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
@@ -37,14 +38,6 @@ jobs:
           registry: ghcr.io
           username: kluctlbot
           password: ${{ secrets.GHCR_TOKEN }}
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-goreleaser-release-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-goreleaser-release-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 58b0240a8..31329696e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -20,19 +20,12 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.22'
+          cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
           cache-dependency-path: pkg/webui/ui/package-lock.json
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: docs-check-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            docs1-check-go-${{ runner.os }}-
       - name: Install some tools
         run: |
           PB_REL="https://github.com/protocolbuffers/protobuf/releases"
@@ -123,14 +116,7 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.22'
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: check-docker-images-${{ matrix.docker_platform }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            tests-go-${{ runner.os }}-
+          cache-dependency-path: "**/*.sum"
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
       - name: Setup Docker Buildx
@@ -188,17 +174,10 @@ jobs:
       - uses: actions/setup-go@v5
         with:
           go-version: '1.22'
+          cache-dependency-path: "**/*.sum"
       - uses: actions/setup-python@v5
         with:
           python-version: '3.11'
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: tests-go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            tests-go-${{ runner.os }}-
       - name: Run unit and lib tests
         if: matrix.run_unit_tests
         shell: bash

From cd07500be6d6a0af24f4fc7b26d80d6983d19064 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 15:51:58 +0100
Subject: [PATCH 2233/2268] chore: Update jinja2 dependencies

---
 .../MarkupSafe-2.1.5.dist-info/METADATA       |  93 -----
 .../MarkupSafe-2.1.5.dist-info/RECORD         |  15 -
 .../MarkupSafe-2.1.5.dist-info/WHEEL          |   5 -
 .../INSTALLER                                 |   0
 .../LICENSE.txt}                              |   0
 .../MarkupSafe-3.0.2.dist-info/METADATA       |  92 +++++
 .../MarkupSafe-3.0.2.dist-info/RECORD         |  15 +
 .../REQUESTED                                 |   0
 .../MarkupSafe-3.0.2.dist-info}/WHEEL         |   2 +-
 .../top_level.txt                             |   0
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../PyYAML-6.0.2.dist-info}/METADATA          |   8 +-
 .../RECORD                                    |  18 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../internal/data/darwin-amd64/files.json     |  88 ++--
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../jsonpath_ng-1.7.0.dist-info}/METADATA     |  39 +-
 .../RECORD                                    |  30 +-
 .../REQUESTED                                 |   0
 .../jsonpath_ng-1.7.0.dist-info}/WHEEL        |   2 +-
 .../entry_points.txt                          |   1 +
 .../top_level.txt                             |   0
 .../data/darwin-amd64/jsonpath_ng/__init__.py |   2 +-
 .../darwin-amd64/jsonpath_ng/ext/iterable.py  |  25 ++
 .../darwin-amd64/jsonpath_ng/ext/parser.py    |   2 +
 .../darwin-amd64/jsonpath_ng/ext/string.py    |  26 +-
 .../data/darwin-amd64/jsonpath_ng/jsonpath.py |  34 +-
 .../data/darwin-amd64/jsonpath_ng/lexer.py    |   5 +-
 .../data/darwin-amd64/jsonpath_ng/parser.py   |  40 +-
 .../data/darwin-amd64/markupsafe/__init__.py  | 359 +++++++++-------
 .../data/darwin-amd64/markupsafe/_native.py   |  61 +--
 .../data/darwin-amd64/markupsafe/_speedups.c  | 156 +------
 .../_speedups.cpython-311-darwin.so.gz        | Bin 3830 -> 4712 bytes
 .../darwin-amd64/markupsafe/_speedups.pyi     |  10 +-
 .../data/darwin-amd64/yaml/__init__.py        |   2 +-
 .../yaml/_yaml.cpython-311-darwin.so.gz       | Bin 144485 -> 140254 bytes
 .../MarkupSafe-2.1.5.dist-info/METADATA       |  93 -----
 .../MarkupSafe-2.1.5.dist-info/RECORD         |  15 -
 .../INSTALLER                                 |   0
 .../LICENSE.txt}                              |   0
 .../MarkupSafe-3.0.2.dist-info/METADATA       |  92 +++++
 .../MarkupSafe-3.0.2.dist-info/RECORD         |  15 +
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../METADATA                                  |   8 +-
 .../RECORD                                    |  18 +-
 .../REQUESTED                                 |   0
 .../darwin-arm64/PyYAML-6.0.2.dist-info/WHEEL |   5 +
 .../top_level.txt                             |   0
 .../internal/data/darwin-arm64/files.json     |  88 ++--
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../jsonpath_ng-1.7.0.dist-info}/METADATA     |  39 +-
 .../RECORD                                    |  30 +-
 .../REQUESTED                                 |   0
 .../jsonpath_ng-1.7.0.dist-info}/WHEEL        |   2 +-
 .../entry_points.txt                          |   1 +
 .../top_level.txt                             |   0
 .../data/darwin-arm64/jsonpath_ng/__init__.py |   2 +-
 .../darwin-arm64/jsonpath_ng/ext/iterable.py  |  25 ++
 .../darwin-arm64/jsonpath_ng/ext/parser.py    |   2 +
 .../darwin-arm64/jsonpath_ng/ext/string.py    |  26 +-
 .../data/darwin-arm64/jsonpath_ng/jsonpath.py |  34 +-
 .../data/darwin-arm64/jsonpath_ng/lexer.py    |   5 +-
 .../data/darwin-arm64/jsonpath_ng/parser.py   |  40 +-
 .../data/darwin-arm64/markupsafe/__init__.py  | 359 +++++++++-------
 .../data/darwin-arm64/markupsafe/_native.py   |  61 +--
 .../data/darwin-arm64/markupsafe/_speedups.c  | 156 +------
 .../_speedups.cpython-311-darwin.so.gz        | Bin 8041 -> 2703 bytes
 .../darwin-arm64/markupsafe/_speedups.pyi     |  10 +-
 .../data/darwin-arm64/yaml/__init__.py        |   2 +-
 .../yaml/_yaml.cpython-311-darwin.so.gz       | Bin 125900 -> 131335 bytes
 .../MarkupSafe-2.1.5.dist-info/METADATA       |  93 -----
 .../MarkupSafe-2.1.5.dist-info/RECORD         |  15 -
 .../INSTALLER                                 |   0
 .../LICENSE.txt}                              |   0
 .../MarkupSafe-3.0.2.dist-info/METADATA       |  92 +++++
 .../MarkupSafe-3.0.2.dist-info/RECORD         |  15 +
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../PyYAML-6.0.2.dist-info}/METADATA          |   8 +-
 .../RECORD                                    |  18 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../internal/data/linux-amd64/files.json      |  88 ++--
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../METADATA                                  |  39 +-
 .../RECORD                                    |  30 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../entry_points.txt                          |   1 +
 .../top_level.txt                             |   0
 .../data/linux-amd64/jsonpath_ng/__init__.py  |   2 +-
 .../linux-amd64/jsonpath_ng/ext/iterable.py   |  25 ++
 .../linux-amd64/jsonpath_ng/ext/parser.py     |   2 +
 .../linux-amd64/jsonpath_ng/ext/string.py     |  26 +-
 .../data/linux-amd64/jsonpath_ng/jsonpath.py  |  34 +-
 .../data/linux-amd64/jsonpath_ng/lexer.py     |   5 +-
 .../data/linux-amd64/jsonpath_ng/parser.py    |  40 +-
 .../data/linux-amd64/markupsafe/__init__.py   | 359 +++++++++-------
 .../data/linux-amd64/markupsafe/_native.py    |  61 +--
 .../data/linux-amd64/markupsafe/_speedups.c   | 156 +------
 ...peedups.cpython-311-x86_64-linux-gnu.so.gz | Bin 18030 -> 13522 bytes
 .../data/linux-amd64/markupsafe/_speedups.pyi |  10 +-
 .../data/linux-amd64/yaml/__init__.py         |   2 +-
 .../_yaml.cpython-311-x86_64-linux-gnu.so.gz  | Bin 718197 -> 724560 bytes
 .../MarkupSafe-2.1.5.dist-info/METADATA       |  93 -----
 .../MarkupSafe-2.1.5.dist-info/RECORD         |  15 -
 .../INSTALLER                                 |   0
 .../LICENSE.txt}                              |   0
 .../MarkupSafe-3.0.2.dist-info/METADATA       |  92 +++++
 .../MarkupSafe-3.0.2.dist-info/RECORD         |  15 +
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../PyYAML-6.0.2.dist-info}/METADATA          |   8 +-
 .../RECORD                                    |  18 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../internal/data/linux-arm64/files.json      |  88 ++--
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../METADATA                                  |  39 +-
 .../RECORD                                    |  30 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../entry_points.txt                          |   1 +
 .../top_level.txt                             |   0
 .../data/linux-arm64/jsonpath_ng/__init__.py  |   2 +-
 .../linux-arm64/jsonpath_ng/ext/iterable.py   |  25 ++
 .../linux-arm64/jsonpath_ng/ext/parser.py     |   2 +
 .../linux-arm64/jsonpath_ng/ext/string.py     |  26 +-
 .../data/linux-arm64/jsonpath_ng/jsonpath.py  |  34 +-
 .../data/linux-arm64/jsonpath_ng/lexer.py     |   5 +-
 .../data/linux-arm64/jsonpath_ng/parser.py    |  40 +-
 .../data/linux-arm64/markupsafe/__init__.py   | 359 +++++++++-------
 .../data/linux-arm64/markupsafe/_native.py    |  61 +--
 .../data/linux-arm64/markupsafe/_speedups.c   | 156 +------
 ...eedups.cpython-311-aarch64-linux-gnu.so.gz | Bin 18869 -> 14411 bytes
 .../data/linux-arm64/markupsafe/_speedups.pyi |  10 +-
 .../data/linux-arm64/yaml/__init__.py         |   2 +-
 .../_yaml.cpython-311-aarch64-linux-gnu.so.gz | Bin 694195 -> 700886 bytes
 .../MarkupSafe-2.1.5.dist-info/METADATA       |  93 -----
 .../MarkupSafe-2.1.5.dist-info/RECORD         |  15 -
 .../INSTALLER                                 |   0
 .../LICENSE.txt}                              |   0
 .../MarkupSafe-3.0.2.dist-info/METADATA       |  92 +++++
 .../MarkupSafe-3.0.2.dist-info/RECORD         |  15 +
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../PyYAML-6.0.1.dist-info/METADATA           |  46 ---
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../PyYAML-6.0.2.dist-info/METADATA           |  46 +++
 .../RECORD                                    |  18 +-
 .../REQUESTED                                 |   0
 .../WHEEL                                     |   2 +-
 .../top_level.txt                             |   0
 .../internal/data/windows-amd64/files.json    |  88 ++--
 .../jsonpath_ng-1.6.1.dist-info/METADATA      | 379 -----------------
 .../jsonpath_ng-1.6.1.dist-info/WHEEL         |   5 -
 .../entry_points.txt                          |   2 -
 .../INSTALLER                                 |   0
 .../LICENSE                                   |   0
 .../jsonpath_ng-1.7.0.dist-info/METADATA      | 384 ++++++++++++++++++
 .../RECORD                                    |  30 +-
 .../REQUESTED                                 |   0
 .../jsonpath_ng-1.7.0.dist-info/WHEEL         |   5 +
 .../entry_points.txt                          |   3 +
 .../top_level.txt                             |   0
 .../windows-amd64/jsonpath_ng/__init__.py     |   2 +-
 .../windows-amd64/jsonpath_ng/ext/iterable.py |  25 ++
 .../windows-amd64/jsonpath_ng/ext/parser.py   |   2 +
 .../windows-amd64/jsonpath_ng/ext/string.py   |  26 +-
 .../windows-amd64/jsonpath_ng/jsonpath.py     |  34 +-
 .../data/windows-amd64/jsonpath_ng/lexer.py   |   5 +-
 .../data/windows-amd64/jsonpath_ng/parser.py  |  40 +-
 .../data/windows-amd64/markupsafe/__init__.py | 359 +++++++++-------
 .../data/windows-amd64/markupsafe/_native.py  |  61 +--
 .../data/windows-amd64/markupsafe/_speedups.c | 156 +------
 .../_speedups.cp311-win_amd64.pyd.gz          | Bin 7240 -> 6106 bytes
 .../windows-amd64/markupsafe/_speedups.pyi    |  10 +-
 .../data/windows-amd64/yaml/__init__.py       |   2 +-
 .../yaml/_yaml.cp311-win_amd64.pyd.gz         | Bin 101282 -> 118881 bytes
 lib/go-jinja2/internal/requirements.txt       |   6 +-
 201 files changed, 3152 insertions(+), 3317 deletions(-)
 delete mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 delete mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
 rename lib/go-jinja2/internal/data/darwin-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{MarkupSafe-2.1.5.dist-info/LICENSE.rst => MarkupSafe-3.0.2.dist-info/LICENSE.txt} (100%)
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/RECORD
 rename lib/go-jinja2/internal/data/darwin-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/{darwin-arm64/MarkupSafe-2.1.5.dist-info => darwin-amd64/MarkupSafe-3.0.2.dist-info}/WHEEL (72%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/{linux-amd64/PyYAML-6.0.1.dist-info => darwin-amd64/PyYAML-6.0.2.dist-info}/METADATA (93%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/RECORD (75%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/WHEEL (71%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/{darwin-arm64/jsonpath_ng-1.6.1.dist-info => darwin-amd64/jsonpath_ng-1.7.0.dist-info}/METADATA (91%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/RECORD (54%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/{darwin-arm64/jsonpath_ng-1.6.1.dist-info => darwin-amd64/jsonpath_ng-1.7.0.dist-info}/WHEEL (65%)
 rename lib/go-jinja2/internal/data/{darwin-arm64/jsonpath_ng-1.6.1.dist-info => darwin-amd64/jsonpath_ng-1.7.0.dist-info}/entry_points.txt (98%)
 rename lib/go-jinja2/internal/data/darwin-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
 rename lib/go-jinja2/internal/data/darwin-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{MarkupSafe-2.1.5.dist-info/LICENSE.rst => MarkupSafe-3.0.2.dist-info/LICENSE.txt} (100%)
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/RECORD
 rename lib/go-jinja2/internal/data/darwin-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => MarkupSafe-3.0.2.dist-info}/WHEEL (70%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/METADATA (93%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/RECORD (75%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/REQUESTED (100%)
 create mode 100644 lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/WHEEL
 rename lib/go-jinja2/internal/data/darwin-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/{darwin-amd64/jsonpath_ng-1.6.1.dist-info => darwin-arm64/jsonpath_ng-1.7.0.dist-info}/METADATA (91%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/RECORD (54%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/{darwin-amd64/jsonpath_ng-1.6.1.dist-info => darwin-arm64/jsonpath_ng-1.7.0.dist-info}/WHEEL (65%)
 rename lib/go-jinja2/internal/data/{linux-amd64/jsonpath_ng-1.6.1.dist-info => darwin-arm64/jsonpath_ng-1.7.0.dist-info}/entry_points.txt (98%)
 rename lib/go-jinja2/internal/data/darwin-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 rename lib/go-jinja2/internal/data/linux-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{MarkupSafe-2.1.5.dist-info/LICENSE.rst => MarkupSafe-3.0.2.dist-info/LICENSE.txt} (100%)
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/RECORD
 rename lib/go-jinja2/internal/data/linux-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/WHEEL (78%)
 rename lib/go-jinja2/internal/data/linux-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/{linux-arm64/PyYAML-6.0.1.dist-info => linux-amd64/PyYAML-6.0.2.dist-info}/METADATA (93%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/RECORD (75%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/WHEEL (78%)
 rename lib/go-jinja2/internal/data/linux-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/METADATA (91%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/RECORD (54%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/WHEEL (65%)
 rename lib/go-jinja2/internal/data/{linux-arm64/jsonpath_ng-1.6.1.dist-info => linux-amd64/jsonpath_ng-1.7.0.dist-info}/entry_points.txt (98%)
 rename lib/go-jinja2/internal/data/linux-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
 rename lib/go-jinja2/internal/data/linux-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{MarkupSafe-2.1.5.dist-info/LICENSE.rst => MarkupSafe-3.0.2.dist-info/LICENSE.txt} (100%)
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/RECORD
 rename lib/go-jinja2/internal/data/linux-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/WHEEL (79%)
 rename lib/go-jinja2/internal/data/linux-arm64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/{darwin-amd64/PyYAML-6.0.1.dist-info => linux-arm64/PyYAML-6.0.2.dist-info}/METADATA (93%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/RECORD (75%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/WHEEL (79%)
 rename lib/go-jinja2/internal/data/linux-arm64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/top_level.txt (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/LICENSE (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/METADATA (91%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/RECORD (54%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/WHEEL (65%)
 rename lib/go-jinja2/internal/data/{darwin-amd64/jsonpath_ng-1.6.1.dist-info => linux-arm64/jsonpath_ng-1.7.0.dist-info}/entry_points.txt (98%)
 rename lib/go-jinja2/internal/data/linux-arm64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
 rename lib/go-jinja2/internal/data/windows-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/windows-amd64/{MarkupSafe-2.1.5.dist-info/LICENSE.rst => MarkupSafe-3.0.2.dist-info/LICENSE.txt} (100%)
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/METADATA
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/RECORD
 rename lib/go-jinja2/internal/data/windows-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => MarkupSafe-3.0.2.dist-info}/WHEEL (68%)
 rename lib/go-jinja2/internal/data/windows-amd64/{MarkupSafe-2.1.5.dist-info => MarkupSafe-3.0.2.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/LICENSE (100%)
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/METADATA
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/RECORD (75%)
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/REQUESTED (100%)
 rename lib/go-jinja2/internal/data/windows-amd64/{MarkupSafe-2.1.5.dist-info => PyYAML-6.0.2.dist-info}/WHEEL (68%)
 rename lib/go-jinja2/internal/data/windows-amd64/{PyYAML-6.0.1.dist-info => PyYAML-6.0.2.dist-info}/top_level.txt (100%)
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
 delete mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
 rename lib/go-jinja2/internal/data/windows-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/INSTALLER (100%)
 rename lib/go-jinja2/internal/data/windows-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/LICENSE (100%)
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
 rename lib/go-jinja2/internal/data/windows-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/RECORD (54%)
 rename lib/go-jinja2/internal/data/windows-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/REQUESTED (100%)
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
 create mode 100644 lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
 rename lib/go-jinja2/internal/data/windows-amd64/{jsonpath_ng-1.6.1.dist-info => jsonpath_ng-1.7.0.dist-info}/top_level.txt (100%)

diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
deleted file mode 100644
index dfe37d52d..000000000
--- a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/METADATA
+++ /dev/null
@@ -1,93 +0,0 @@
-Metadata-Version: 2.1
-Name: MarkupSafe
-Version: 2.1.5
-Summary: Safely add untrusted strings to HTML/XML markup.
-Home-page: https://palletsprojects.com/p/markupsafe/
-Maintainer: Pallets
-Maintainer-email: contact@palletsprojects.com
-License: BSD-3-Clause
-Project-URL: Donate, https://palletsprojects.com/donate
-Project-URL: Documentation, https://markupsafe.palletsprojects.com/
-Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
-Project-URL: Source Code, https://github.com/pallets/markupsafe/
-Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
-Project-URL: Chat, https://discord.gg/pallets
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
-Classifier: Topic :: Text Processing :: Markup :: HTML
-Requires-Python: >=3.7
-Description-Content-Type: text/x-rst
-License-File: LICENSE.rst
-
-MarkupSafe
-==========
-
-MarkupSafe implements a text object that escapes characters so it is
-safe to use in HTML and XML. Characters that have special meanings are
-replaced so that they display as the actual characters. This mitigates
-injection attacks, meaning untrusted user input can safely be displayed
-on a page.
-
-
-Installing
-----------
-
-Install and update using `pip`_:
-
-.. code-block:: text
-
-    pip install -U MarkupSafe
-
-.. _pip: https://pip.pypa.io/en/stable/getting-started/
-
-
-Examples
---------
-
-.. code-block:: pycon
-
-    >>> from markupsafe import Markup, escape
-
-    >>> # escape replaces special characters and wraps in Markup
-    >>> escape("<script>alert(document.cookie);</script>")
-    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
-
-    >>> # wrap in Markup to mark text "safe" and prevent escaping
-    >>> Markup("<strong>Hello</strong>")
-    Markup('<strong>hello</strong>')
-
-    >>> escape(Markup("<strong>Hello</strong>"))
-    Markup('<strong>hello</strong>')
-
-    >>> # Markup is a str subclass
-    >>> # methods and operators escape their arguments
-    >>> template = Markup("Hello <em>{name}</em>")
-    >>> template.format(name='"World"')
-    Markup('Hello <em>&#34;World&#34;</em>')
-
-
-Donate
-------
-
-The Pallets organization develops and supports MarkupSafe and other
-popular packages. In order to grow the community of contributors and
-users, and allow the maintainers to devote more time to the projects,
-`please donate today`_.
-
-.. _please donate today: https://palletsprojects.com/donate
-
-
-Links
------
-
--   Documentation: https://markupsafe.palletsprojects.com/
--   Changes: https://markupsafe.palletsprojects.com/changes/
--   PyPI Releases: https://pypi.org/project/MarkupSafe/
--   Source Code: https://github.com/pallets/markupsafe/
--   Issue Tracker: https://github.com/pallets/markupsafe/issues/
--   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
deleted file mode 100644
index 3ef30fccc..000000000
--- a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/RECORD
+++ /dev/null
@@ -1,15 +0,0 @@
-MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
-MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
-MarkupSafe-2.1.5.dist-info/RECORD,,
-MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-MarkupSafe-2.1.5.dist-info/WHEEL,sha256=2rnFQKN1y4ODxAzmbuA5Z6aEng-PoJTYpqGpnJDGdxw,111
-MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
-markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
-markupsafe/__pycache__/__init__.cpython-311.pyc,,
-markupsafe/__pycache__/_native.cpython-311.pyc,,
-markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
-markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
-markupsafe/_speedups.cpython-311-darwin.so,sha256=dLtLNhRcybjKGMYMx94fHSTTAPgtYoW9L06TV79sZMs,35272
-markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
-markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
deleted file mode 100644
index a88b33b1b..000000000
--- a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
+++ /dev/null
@@ -1,5 +0,0 @@
-Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
-Root-Is-Purelib: false
-Tag: cp311-cp311-macosx_10_9_x86_64
-
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
rename to lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/METADATA
new file mode 100644
index 000000000..82261f2a4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/METADATA
@@ -0,0 +1,92 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 3.0.2
+Summary: Safely add untrusted strings to HTML/XML markup.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+License: Copyright 2010 Pallets
+        
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are
+        met:
+        
+        1.  Redistributions of source code must retain the above copyright
+            notice, this list of conditions and the following disclaimer.
+        
+        2.  Redistributions in binary form must reproduce the above copyright
+            notice, this list of conditions and the following disclaimer in the
+            documentation and/or other materials provided with the distribution.
+        
+        3.  Neither the name of the copyright holder nor the names of its
+            contributors may be used to endorse or promote products derived from
+            this software without specific prior written permission.
+        
+        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+        "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+        PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+        HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+        SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+        TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+        PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+        LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+        NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+        
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source, https://github.com/pallets/markupsafe/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+
+# MarkupSafe
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+## Examples
+
+```pycon
+>>> from markupsafe import Markup, escape
+
+>>> # escape replaces special characters and wraps in Markup
+>>> escape("<script>alert(document.cookie);</script>")
+Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+>>> # wrap in Markup to mark text "safe" and prevent escaping
+>>> Markup("<strong>Hello</strong>")
+Markup('<strong>hello</strong>')
+
+>>> escape(Markup("<strong>Hello</strong>"))
+Markup('<strong>hello</strong>')
+
+>>> # Markup is a str subclass
+>>> # methods and operators escape their arguments
+>>> template = Markup("Hello <em>{name}</em>")
+>>> template.format(name='"World"')
+Markup('Hello <em>&#34;World&#34;</em>')
+```
+
+## Donate
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+[please donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/RECORD
new file mode 100644
index 000000000..f99a453cf
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-3.0.2.dist-info/METADATA,sha256=aAwbZhSmXdfFuMM-rEHpeiHRkBOGESyVLJIuwzHP-nw,3975
+MarkupSafe-3.0.2.dist-info/RECORD,,
+MarkupSafe-3.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-3.0.2.dist-info/WHEEL,sha256=HhlOYVXy1Wa9n3P9SVx0GD3487GzK6yrtex_WJ2pR1I,114
+MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=sr-U6_27DfaSrj5jnHYxWN-pvhM27sjlDplMDPZKm7k,13214
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=hSLs8Jmz5aqayuengJJ3kdT5PwNpBWpKrmQSdipndC8,210
+markupsafe/_speedups.c,sha256=O7XulmTo-epI6n2FtMVOrJXl8EAaIwD2iNYmBI5SEoQ,4149
+markupsafe/_speedups.cpython-311-darwin.so,sha256=waUcSZ9Yl-0bacMoWW2_J3dUQtRqGgaUpZHEccQMe2I,67056
+markupsafe/_speedups.pyi,sha256=ENd1bYe7gbBUf2ywyYWOGUpnXOHNJ-cgTNqetlW8h5k,41
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
similarity index 72%
rename from lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
index edbb92f5d..ed9b49798 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-macosx_10_9_universal2
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/METADATA
similarity index 93%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/METADATA
index c8905983e..db029b770 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: PyYAML
-Version: 6.0.1
+Version: 6.0.2
 Summary: YAML parser and emitter for Python
 Home-page: https://pyyaml.org/
 Download-URL: https://pypi.org/project/PyYAML/
@@ -20,17 +20,17 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Cython
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Text Processing :: Markup
-Requires-Python: >=3.6
+Requires-Python: >=3.8
 License-File: LICENSE
 
 YAML is a data serialization format designed for human readability
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/RECORD
similarity index 75%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/RECORD
index 88258ef4b..cb0f31a7a 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/RECORD
@@ -1,13 +1,13 @@
-PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
-PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
-PyYAML-6.0.1.dist-info/RECORD,,
-PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-PyYAML-6.0.1.dist-info/WHEEL,sha256=zATDCBMA0NrnUw5OGrN7taAN4ImJV7kn5PkKRuCgN5Q,111
-PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+PyYAML-6.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.2.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.2.dist-info/METADATA,sha256=9-odFB5seu4pGPcEv7E8iyxNF51_uKnaNGjLAhz2lto,2060
+PyYAML-6.0.2.dist-info/RECORD,,
+PyYAML-6.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.2.dist-info/WHEEL,sha256=LEbCNePz8y7PesR3P6dljM_9-vCh34Kh1BfkRxyF9i0,111
+PyYAML-6.0.2.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
 _yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
 _yaml/__pycache__/__init__.cpython-311.pyc,,
-yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__init__.py,sha256=N35S01HMesFTe0aRRMWkPj0Pa8IEbHpE9FK7cr5Bdtw,12311
 yaml/__pycache__/__init__.cpython-311.pyc,,
 yaml/__pycache__/composer.cpython-311.pyc,,
 yaml/__pycache__/constructor.cpython-311.pyc,,
@@ -25,7 +25,7 @@ yaml/__pycache__/resolver.cpython-311.pyc,,
 yaml/__pycache__/scanner.cpython-311.pyc,,
 yaml/__pycache__/serializer.cpython-311.pyc,,
 yaml/__pycache__/tokens.cpython-311.pyc,,
-yaml/_yaml.cpython-311-darwin.so,sha256=9rqdpMeZVNxWDZ56UEFXdbczGQdHw8YHXxJkbZSz9_M,429464
+yaml/_yaml.cpython-311-darwin.so,sha256=NyiwVq57ST7jr_m8ZDCrZEATp1-1-JyHzz8nlWXIB04,397104
 yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
 yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
 yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/WHEEL
similarity index 71%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/WHEEL
index b77285b61..e3328a793 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: bdist_wheel (0.44.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-macosx_10_9_x86_64
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/files.json b/lib/go-jinja2/internal/data/darwin-amd64/files.json
index 0b2e283b2..42b2a611b 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/files.json
+++ b/lib/go-jinja2/internal/data/darwin-amd64/files.json
@@ -1,83 +1,83 @@
 {
-  "contentHash": "d6fc8f26c0da5462509c87d32316bba4e8766aec5635673b2cd5cb73f0be68a2",
+  "contentHash": "b0bda8aebc925623072dface975a71cf42040dea26fa8a6a91d5ad33d58a3288",
   "files": [
     {
-      "name": "MarkupSafe-2.1.5.dist-info",
+      "name": "MarkupSafe-3.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "name": "MarkupSafe-3.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "name": "MarkupSafe-3.0.2.dist-info/LICENSE.txt",
       "size": 1475,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
-      "size": 3003,
+      "name": "MarkupSafe-3.0.2.dist-info/METADATA",
+      "size": 3975,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
-      "size": 1190,
+      "name": "MarkupSafe-3.0.2.dist-info/RECORD",
+      "size": 1188,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "name": "MarkupSafe-3.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
-      "size": 111,
+      "name": "MarkupSafe-3.0.2.dist-info/WHEEL",
+      "size": 114,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "name": "MarkupSafe-3.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info",
+      "name": "PyYAML-6.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "name": "PyYAML-6.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "name": "PyYAML-6.0.2.dist-info/LICENSE",
       "size": 1101,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/METADATA",
-      "size": 2058,
+      "name": "PyYAML-6.0.2.dist-info/METADATA",
+      "size": 2060,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "name": "PyYAML-6.0.2.dist-info/RECORD",
       "size": 2773,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "name": "PyYAML-6.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "name": "PyYAML-6.0.2.dist-info/WHEEL",
       "size": 111,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "name": "PyYAML-6.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
@@ -417,47 +417,47 @@
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info",
+      "name": "jsonpath_ng-1.7.0.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "name": "jsonpath_ng-1.7.0.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "name": "jsonpath_ng-1.7.0.dist-info/LICENSE",
       "size": 11358,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
-      "size": 18072,
+      "name": "jsonpath_ng-1.7.0.dist-info/METADATA",
+      "size": 18400,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "name": "jsonpath_ng-1.7.0.dist-info/RECORD",
       "size": 2549,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "name": "jsonpath_ng-1.7.0.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "name": "jsonpath_ng-1.7.0.dist-info/WHEEL",
       "size": 92,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
-      "size": 69,
+      "name": "jsonpath_ng-1.7.0.dist-info/entry_points.txt",
+      "size": 70,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "name": "jsonpath_ng-1.7.0.dist-info/top_level.txt",
       "size": 12,
       "perm": 420
     },
@@ -508,32 +508,32 @@
     },
     {
       "name": "jsonpath_ng/ext/iterable.py",
-      "size": 3680,
+      "size": 4302,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/parser.py",
-      "size": 5351,
+      "size": 5416,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/string.py",
-      "size": 3261,
+      "size": 4045,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/jsonpath.py",
-      "size": 26402,
+      "size": 27219,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/lexer.py",
-      "size": 5231,
+      "size": 5276,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/parser.py",
-      "size": 5883,
+      "size": 6077,
       "perm": 420
     },
     {
@@ -543,28 +543,28 @@
     },
     {
       "name": "markupsafe/__init__.py",
-      "size": 10958,
+      "size": 13214,
       "perm": 420
     },
     {
       "name": "markupsafe/_native.py",
-      "size": 1713,
+      "size": 210,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.c",
-      "size": 7083,
+      "size": 4149,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.cpython-311-darwin.so",
-      "size": 35272,
+      "size": 67056,
       "perm": 493,
       "compressed": true
     },
     {
       "name": "markupsafe/_speedups.pyi",
-      "size": 229,
+      "size": 41,
       "perm": 420
     },
     {
@@ -800,7 +800,7 @@
     },
     {
       "name": "yaml/_yaml.cpython-311-darwin.so",
-      "size": 429464,
+      "size": 397104,
       "perm": 493,
       "compressed": true
     },
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
similarity index 91%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
index 86be119bc..3a7d08dd6 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
@@ -1,22 +1,21 @@
 Metadata-Version: 2.1
 Name: jsonpath-ng
-Version: 1.6.1
+Version: 1.7.0
 Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
 Home-page: https://github.com/h2non/jsonpath-ng
 Author: Tomas Aparicio
 Author-email: tomas@aparicio.me
 License: Apache 2.0
+Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
-License-File: LICENSE
 Requires-Dist: ply
 
 Python JSONPath Next-Generation |Build Status| |PyPI|
@@ -32,7 +31,7 @@ About
 -----
 
 This library provides a robust and significantly extended implementation
-of JSONPath for Python. It is tested with CPython 3.7 and higher.
+of JSONPath for Python. It is tested with CPython 3.8 and higher.
 
 This library differs from other JSONPath implementations in that it is a
 full *language* implementation, meaning the JSONPath expressions are
@@ -147,19 +146,21 @@ Atomic expressions:
 
 Jsonpath operators:
 
-+-------------------------------------+------------------------------------------------------------------------------------+
-| Syntax                              | Meaning                                                                            |
-+=====================================+====================================================================================+
-| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
-+-------------------------------------+------------------------------------------------------------------------------------+
++--------------------------------------+-----------------------------------------------------------------------------------+
+| Syntax                               | Meaning                                                                           |
++======================================+===================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*        | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*        |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``    | Same as *jsonpath*\ ``.``\ *whatever*                                             |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*       | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*    | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``wherenot`` *jsonpath2* | Any nodes matching *jsonpath1* with a child not matching *jsonpath2*              |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*        | Any nodes matching the union of *jsonpath1* and *jsonpath2*                       |
++--------------------------------------+-----------------------------------------------------------------------------------+
 
 Field specifiers ( *field* ):
 
@@ -236,6 +237,8 @@ To use the extensions below you must import from `jsonpath_ng.ext`.
 |              | - ``$.field.`sub(/regex/, replacement)```     |
 +--------------+-----------------------------------------------+
 | split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(",", *, -1)```             |
+|              | - ``$.field.`split(' ', -1, -1)```            |
 |              | - ``$.field.`split(sep, segement, maxsplit)```|
 +--------------+-----------------------------------------------+
 | sorted       | - ``$.objects.`sorted```                      |
@@ -377,3 +380,5 @@ limitations under the License.
    :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
 .. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
    :target: https://pypi.python.org/pypi/jsonpath-ng
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
similarity index 54%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
index 38ffaaa74..0c0566de9 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
@@ -1,13 +1,13 @@
 ../../bin/jsonpath_ng,sha256=tJPq7KMofc3ePZi4qwjutVB0uh2l8XT9xdKguQSjUks,261
-jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
-jsonpath_ng-1.6.1.dist-info/RECORD,,
-jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
-jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
-jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng-1.7.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.7.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.7.0.dist-info/METADATA,sha256=SeIBPNOSwzieZEWYZ3rJOhSej3WLUbmbudGwGZVvzF8,18400
+jsonpath_ng-1.7.0.dist-info/RECORD,,
+jsonpath_ng-1.7.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.7.0.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
+jsonpath_ng-1.7.0.dist-info/entry_points.txt,sha256=X7ZlkFvz1kYSNtz7hXOsRc5L2o3SOCAV0f7IBViZkGQ,70
+jsonpath_ng-1.7.0.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=DU869YGlpMHa48K9X2Ypgb8OwjYU7kEtcea5mC6wv1I,116
 jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
 jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
 jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
@@ -27,9 +27,9 @@ jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
 jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
 jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
 jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
-jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
-jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
-jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
-jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
-jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
-jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
+jsonpath_ng/ext/iterable.py,sha256=f8PMyfT2MgSCvpQgNc0GNr6ULhxv3kj7tAqA0f7KvIE,4302
+jsonpath_ng/ext/parser.py,sha256=0nkxkF_ComJUMs0jUGzaf5KthC7phlPwcYQy7IHaSxU,5416
+jsonpath_ng/ext/string.py,sha256=m1fUl2yWTyI7I5auWXeM-O3gf0p3WV0CTh9be55Q884,4045
+jsonpath_ng/jsonpath.py,sha256=mfQmaDWfgz_Y6sAqTX-8CUpxoiOem_dg7R9S0ZFyBQE,27219
+jsonpath_ng/lexer.py,sha256=ZXGwVwv8RFPPDswue7pcgCMP4KIlYH_m6xpxQakLBA4,5276
+jsonpath_ng/parser.py,sha256=kirRhGux10hjc5nXqWtz1Ko2P_cfypZciekK1-PrWz4,6077
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
similarity index 65%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
index 57e3d840d..b552003ff 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.34.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
similarity index 98%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
index e1985ff19..105e6040a 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
@@ -1,2 +1,3 @@
 [console_scripts]
 jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
+
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
index ed6553b2d..938f88c0d 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/__init__.py
@@ -3,4 +3,4 @@
 
 
 # Current package version
-__version__ = '1.6.1'
+__version__ = '1.7.0'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
index 40ae1eb5b..c5cd0dc08 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/iterable.py
@@ -116,3 +116,28 @@ def __str__(self):
 
     def __repr__(self):
         return 'Keys()'
+
+class Path(JSONPath):
+    """The JSONPath referring to the path of the current object.
+    Concrete syntax is 'path`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = str(datum.path)
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value,
+                                   context=datum,
+                                   path=Path())]
+
+    def __eq__(self, other):
+        return isinstance(other, Path)
+
+    def __str__(self):
+        return '`path`'
+
+    def __repr__(self):
+        return 'Path()'
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
index 756b72c69..fa67f4f22 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/parser.py
@@ -96,6 +96,8 @@ def p_jsonpath_named_operator(self, p):
             p[0] = _iterable.Len()
         elif p[1] == 'keys':
             p[0] = _iterable.Keys()
+        elif p[1] == 'path':
+            p[0] = _iterable.Path()
         elif p[1] == 'sorted':
             p[0] = _iterable.SortedThis()
         elif p[1].startswith("split("):
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
index 1cd27632d..9bf912dfb 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/ext/string.py
@@ -16,7 +16,13 @@
 
 
 SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
-SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+# Regex generated using the EZRegex package (ezregex.org)
+# EZRegex code: 
+# param1 = group(optional(either("'", '"')), name='quote') + group(chunk) + earlier_group('quote')
+# param2 = group(either(optional('-') + number, '*'))
+# param3 = group(optional('-') + number)
+# pattern = 'split' + ow + '(' + ow + param1 + ow + ',' + ow + param2 + ow + ',' + ow + param3 + ow + ')'
+SPLIT = re.compile(r"split(?:\s+)?\((?:\s+)?(?P<quote>(?:(?:'|\"))?)(.+)(?P=quote)(?:\s+)?,(?:\s+)?((?:(?:\-)?\d+|\*))(?:\s+)?,(?:\s+)?((?:\-)?\d+)(?:\s+)?\)")
 STR = re.compile(r"str\(\)")
 
 
@@ -60,23 +66,29 @@ def __str__(self):
 class Split(This):
     """String splitter
 
-    Concrete syntax is '`split(char, segment, max_split)`'
+    Concrete syntax is '`split(chars, segment, max_split)`'
+    `chars` can optionally be surrounded by quotes, to specify things like commas or spaces
+    `segment` can be `*` to select all
+    `max_split` can be negative, to indicate no limit
     """
 
     def __init__(self, method=None):
         m = SPLIT.match(method)
         if m is None:
             raise DefintionInvalid("%s is not valid" % method)
-        self.char = m.group(1)
-        self.segment = int(m.group(2))
-        self.max_split = int(m.group(3))
+        self.chars = m.group(2)
+        self.segment = m.group(3)
+        self.max_split = int(m.group(4))
         self.method = method
 
     def find(self, datum):
         datum = DatumInContext.wrap(datum)
         try:
-            value = datum.value.split(self.char, self.max_split)[self.segment]
-        except Exception:
+            if self.segment == '*':
+                value = datum.value.split(self.chars, self.max_split)
+            else:
+                value = datum.value.split(self.chars, self.max_split)[int(self.segment)]
+        except:
             return []
         return [DatumInContext.wrap(value)]
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
index 19e5a9eb3..c2e392b9c 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/jsonpath.py
@@ -369,6 +369,36 @@ def __eq__(self, other):
     def __hash__(self):
         return hash((self.left, self.right))
 
+
+class WhereNot(Where):
+    """
+    Identical to ``Where``, but filters for only those nodes that
+    do *not* have a match on the right.
+
+    >>> jsonpath = WhereNot(Fields('spam'), Fields('spam'))
+    >>> jsonpath.find({"spam": {"spam": 1}})
+    []
+    >>> matches = jsonpath.find({"spam": 1})
+    >>> matches[0].value
+    1
+
+    """
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data)
+                if not self.right.find(subdata)]
+
+    def __str__(self):
+        return '%s wherenot %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return (isinstance(other, WhereNot)
+                and other.left == self.left
+                and other.right == self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
 class Descendants(JSONPath):
     """
     JSONPath that matches first the left expression then any descendant
@@ -597,9 +627,9 @@ def update_or_create(self, data, val):
     def _update_base(self, data, val, create):
         if data is not None:
             for field in self.reified_fields(DatumInContext.wrap(data)):
-                if field not in data and create:
+                if create and field not in data:
                     data[field] = {}
-                if field in data:
+                if type(data) is not bool and field in data:
                     if hasattr(val, '__call__'):
                         data[field] = val(data[field], data, field)
                     else:
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
index b2ad5ee6d..bc86488d5 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/lexer.py
@@ -48,7 +48,10 @@ def tokenize(self, string):
 
     literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
 
-    reserved_words = { 'where': 'WHERE' }
+    reserved_words = {
+        'where': 'WHERE',
+        'wherenot': 'WHERENOT',
+    }
 
     tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
index 87e353ebf..a2ea6e678 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng/parser.py
@@ -33,12 +33,6 @@ def __init__(self, debug=False, lexer_class=None):
         self.debug = debug
         self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
 
-    def parse(self, string, lexer = None):
-        lexer = lexer or self.lexer_class()
-        return self.parse_token_stream(lexer.tokenize(string))
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-
         # Since PLY has some crufty aspects and dumps files, we try to keep them local
         # However, we need to derive the name of the output Python file :-/
         output_directory = os.path.dirname(__file__)
@@ -47,19 +41,24 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         except:
             module_name = __name__
 
+        start_symbol = 'jsonpath'
         parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
 
-        # And we regenerate the parse table every time;
-        # it doesn't actually take that long!
-        new_parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule = parsing_table_module,
-                                   outputdir = output_directory,
-                                   write_tables=0,
-                                   start = start_symbol,
-                                   errorlog = logger)
+        # Generate the parse table
+        self.parser = ply.yacc.yacc(module=self,
+                                    debug=self.debug,
+                                    tabmodule = parsing_table_module,
+                                    outputdir = output_directory,
+                                    write_tables=0,
+                                    start = start_symbol,
+                                    errorlog = logger)
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
 
-        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+    def parse_token_stream(self, token_iterator):
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
 
     # ===================== PLY Parser specification =====================
 
@@ -70,6 +69,7 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         ('left', '|'),
         ('left', '&'),
         ('left', 'WHERE'),
+        ('left', 'WHERENOT'),
     ]
 
     def p_error(self, t):
@@ -82,6 +82,7 @@ def p_jsonpath_binop(self, p):
         """jsonpath : jsonpath '.' jsonpath
                     | jsonpath DOUBLEDOT jsonpath
                     | jsonpath WHERE jsonpath
+                    | jsonpath WHERENOT jsonpath
                     | jsonpath '|' jsonpath
                     | jsonpath '&' jsonpath"""
         op = p[2]
@@ -92,6 +93,8 @@ def p_jsonpath_binop(self, p):
             p[0] = Descendants(p[1], p[3])
         elif op == 'where':
             p[0] = Where(p[1], p[3])
+        elif op == 'wherenot':
+            p[0] = WhereNot(p[1], p[3])
         elif op == '|':
             p[0] = Union(p[1], p[3])
         elif op == '&':
@@ -146,9 +149,12 @@ def p_jsonpath_parens(self, p):
     # Because fields in brackets cannot be '*' - that is reserved for array indices
     def p_fields_or_any(self, p):
         """fields_or_any : fields
-                         | '*'    """
+                         | '*'
+                         | NUMBER"""
         if p[1] == '*':
             p[0] = ['*']
+        elif isinstance(p[1], int):
+            p[0] = str(p[1])
         else:
             p[0] = p[1]
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
index b40f24c66..fee8dc7ac 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/__init__.py
@@ -1,29 +1,84 @@
-import functools
+from __future__ import annotations
+
+import collections.abc as cabc
 import string
-import sys
 import typing as t
 
+try:
+    from ._speedups import _escape_inner
+except ImportError:
+    from ._native import _escape_inner
+
 if t.TYPE_CHECKING:
     import typing_extensions as te
 
-    class HasHTML(te.Protocol):
-        def __html__(self) -> str:
-            pass
 
-    _P = te.ParamSpec("_P")
+class _HasHTML(t.Protocol):
+    def __html__(self, /) -> str: ...
+
+
+class _TPEscape(t.Protocol):
+    def __call__(self, s: t.Any, /) -> Markup: ...
+
+
+def escape(s: t.Any, /) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    # If the object is already a plain string, skip __html__ check and string
+    # conversion. This is the most common use case.
+    # Use type(s) instead of s.__class__ because a proxy object may be reporting
+    # the __class__ of the proxied value.
+    if type(s) is str:
+        return Markup(_escape_inner(s))
+
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(_escape_inner(str(s)))
+
+
+def escape_silent(s: t.Any | None, /) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
 
+    return escape(s)
 
-__version__ = "2.1.5"
 
+def soft_str(s: t.Any, /) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
 
-def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
-    @functools.wraps(func)
-    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
-        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
-        _escape_argspec(kwargs, kwargs.items(), self.escape)
-        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
 
-    return wrapped  # type: ignore[return-value]
+    return s
 
 
 class Markup(str):
@@ -65,82 +120,72 @@ class Markup(str):
     __slots__ = ()
 
     def __new__(
-        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
-    ) -> "te.Self":
-        if hasattr(base, "__html__"):
-            base = base.__html__()
+        cls, object: t.Any = "", encoding: str | None = None, errors: str = "strict"
+    ) -> te.Self:
+        if hasattr(object, "__html__"):
+            object = object.__html__()
 
         if encoding is None:
-            return super().__new__(cls, base)
+            return super().__new__(cls, object)
 
-        return super().__new__(cls, base, encoding, errors)
+        return super().__new__(cls, object, encoding, errors)
 
-    def __html__(self) -> "te.Self":
+    def __html__(self, /) -> te.Self:
         return self
 
-    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.__class__(super().__add__(self.escape(other)))
+    def __add__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.__class__(super().__add__(self.escape(value)))
 
         return NotImplemented
 
-    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.escape(other).__add__(self)
+    def __radd__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.escape(value).__add__(self)
 
         return NotImplemented
 
-    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
-        if isinstance(num, int):
-            return self.__class__(super().__mul__(num))
+    def __mul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-        return NotImplemented
-
-    __rmul__ = __mul__
+    def __rmul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-    def __mod__(self, arg: t.Any) -> "te.Self":
-        if isinstance(arg, tuple):
+    def __mod__(self, value: t.Any, /) -> te.Self:
+        if isinstance(value, tuple):
             # a tuple of arguments, each wrapped
-            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
-        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            value = tuple(_MarkupEscapeHelper(x, self.escape) for x in value)
+        elif hasattr(type(value), "__getitem__") and not isinstance(value, str):
             # a mapping of arguments, wrapped
-            arg = _MarkupEscapeHelper(arg, self.escape)
+            value = _MarkupEscapeHelper(value, self.escape)
         else:
             # a single argument, wrapped with the helper and a tuple
-            arg = (_MarkupEscapeHelper(arg, self.escape),)
+            value = (_MarkupEscapeHelper(value, self.escape),)
 
-        return self.__class__(super().__mod__(arg))
+        return self.__class__(super().__mod__(value))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return f"{self.__class__.__name__}({super().__repr__()})"
 
-    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
-        return self.__class__(super().join(map(self.escape, seq)))
-
-    join.__doc__ = str.join.__doc__
+    def join(self, iterable: cabc.Iterable[str | _HasHTML], /) -> te.Self:
+        return self.__class__(super().join(map(self.escape, iterable)))
 
     def split(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().split(sep, maxsplit)]
 
-    split.__doc__ = str.split.__doc__
-
     def rsplit(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
 
-    rsplit.__doc__ = str.rsplit.__doc__
-
     def splitlines(  # type: ignore[override]
-        self, keepends: bool = False
-    ) -> t.List["te.Self"]:
+        self, /, keepends: bool = False
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().splitlines(keepends)]
 
-    splitlines.__doc__ = str.splitlines.__doc__
-
-    def unescape(self) -> str:
+    def unescape(self, /) -> str:
         """Convert escaped markup back into a text string. This replaces
         HTML entities with the characters they represent.
 
@@ -151,7 +196,7 @@ def unescape(self) -> str:
 
         return unescape(str(self))
 
-    def striptags(self) -> str:
+    def striptags(self, /) -> str:
         """:meth:`unescape` the markup, remove tags, and normalize
         whitespace to single spaces.
 
@@ -163,31 +208,17 @@ def striptags(self) -> str:
         # Look for comments then tags separately. Otherwise, a comment that
         # contains a tag would end early, leaving some of the comment behind.
 
-        while True:
-            # keep finding comment start marks
-            start = value.find("<!--")
-
-            if start == -1:
-                break
-
+        # keep finding comment start marks
+        while (start := value.find("<!--")) != -1:
             # find a comment end mark beyond the start, otherwise stop
-            end = value.find("-->", start)
-
-            if end == -1:
+            if (end := value.find("-->", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 3:]}"
 
         # remove tags using the same method
-        while True:
-            start = value.find("<")
-
-            if start == -1:
-                break
-
-            end = value.find(">", start)
-
-            if end == -1:
+        while (start := value.find("<")) != -1:
+            if (end := value.find(">", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 1:]}"
@@ -197,7 +228,7 @@ def striptags(self) -> str:
         return self.__class__(value).unescape()
 
     @classmethod
-    def escape(cls, s: t.Any) -> "te.Self":
+    def escape(cls, s: t.Any, /) -> te.Self:
         """Escape a string. Calls :func:`escape` and ensures that for
         subclasses the correct type is returned.
         """
@@ -208,49 +239,90 @@ def escape(cls, s: t.Any) -> "te.Self":
 
         return rv  # type: ignore[return-value]
 
-    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
-    capitalize = _simple_escaping_wrapper(str.capitalize)
-    title = _simple_escaping_wrapper(str.title)
-    lower = _simple_escaping_wrapper(str.lower)
-    upper = _simple_escaping_wrapper(str.upper)
-    replace = _simple_escaping_wrapper(str.replace)
-    ljust = _simple_escaping_wrapper(str.ljust)
-    rjust = _simple_escaping_wrapper(str.rjust)
-    lstrip = _simple_escaping_wrapper(str.lstrip)
-    rstrip = _simple_escaping_wrapper(str.rstrip)
-    center = _simple_escaping_wrapper(str.center)
-    strip = _simple_escaping_wrapper(str.strip)
-    translate = _simple_escaping_wrapper(str.translate)
-    expandtabs = _simple_escaping_wrapper(str.expandtabs)
-    swapcase = _simple_escaping_wrapper(str.swapcase)
-    zfill = _simple_escaping_wrapper(str.zfill)
-    casefold = _simple_escaping_wrapper(str.casefold)
-
-    if sys.version_info >= (3, 9):
-        removeprefix = _simple_escaping_wrapper(str.removeprefix)
-        removesuffix = _simple_escaping_wrapper(str.removesuffix)
-
-    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().partition(self.escape(sep))
+    def __getitem__(self, key: t.SupportsIndex | slice, /) -> te.Self:
+        return self.__class__(super().__getitem__(key))
+
+    def capitalize(self, /) -> te.Self:
+        return self.__class__(super().capitalize())
+
+    def title(self, /) -> te.Self:
+        return self.__class__(super().title())
+
+    def lower(self, /) -> te.Self:
+        return self.__class__(super().lower())
+
+    def upper(self, /) -> te.Self:
+        return self.__class__(super().upper())
+
+    def replace(self, old: str, new: str, count: t.SupportsIndex = -1, /) -> te.Self:
+        return self.__class__(super().replace(old, self.escape(new), count))
+
+    def ljust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().ljust(width, self.escape(fillchar)))
+
+    def rjust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().rjust(width, self.escape(fillchar)))
+
+    def lstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().lstrip(chars))
+
+    def rstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().rstrip(chars))
+
+    def center(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().center(width, self.escape(fillchar)))
+
+    def strip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().strip(chars))
+
+    def translate(
+        self,
+        table: cabc.Mapping[int, str | int | None],  # type: ignore[override]
+        /,
+    ) -> str:
+        return self.__class__(super().translate(table))
+
+    def expandtabs(self, /, tabsize: t.SupportsIndex = 8) -> te.Self:
+        return self.__class__(super().expandtabs(tabsize))
+
+    def swapcase(self, /) -> te.Self:
+        return self.__class__(super().swapcase())
+
+    def zfill(self, width: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().zfill(width))
+
+    def casefold(self, /) -> te.Self:
+        return self.__class__(super().casefold())
+
+    def removeprefix(self, prefix: str, /) -> te.Self:
+        return self.__class__(super().removeprefix(prefix))
+
+    def removesuffix(self, suffix: str) -> te.Self:
+        return self.__class__(super().removesuffix(suffix))
+
+    def partition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().partition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().rpartition(self.escape(sep))
+    def rpartition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().rpartition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+    def format(self, *args: t.Any, **kwargs: t.Any) -> te.Self:
         formatter = EscapeFormatter(self.escape)
         return self.__class__(formatter.vformat(self, args, kwargs))
 
-    def format_map(  # type: ignore[override]
-        self, map: t.Mapping[str, t.Any]
-    ) -> "te.Self":
+    def format_map(
+        self,
+        mapping: cabc.Mapping[str, t.Any],  # type: ignore[override]
+        /,
+    ) -> te.Self:
         formatter = EscapeFormatter(self.escape)
-        return self.__class__(formatter.vformat(self, (), map))
+        return self.__class__(formatter.vformat(self, (), mapping))
 
-    def __html_format__(self, format_spec: str) -> "te.Self":
+    def __html_format__(self, format_spec: str, /) -> te.Self:
         if format_spec:
             raise ValueError("Unsupported format specification for Markup.")
 
@@ -260,8 +332,8 @@ def __html_format__(self, format_spec: str) -> "te.Self":
 class EscapeFormatter(string.Formatter):
     __slots__ = ("escape",)
 
-    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.escape = escape
+    def __init__(self, escape: _TPEscape) -> None:
+        self.escape: _TPEscape = escape
         super().__init__()
 
     def format_field(self, value: t.Any, format_spec: str) -> str:
@@ -278,55 +350,46 @@ def format_field(self, value: t.Any, format_spec: str) -> str:
         else:
             # We need to make sure the format spec is str here as
             # otherwise the wrong callback methods are invoked.
-            rv = string.Formatter.format_field(self, value, str(format_spec))
+            rv = super().format_field(value, str(format_spec))
         return str(self.escape(rv))
 
 
-_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
-
-
-def _escape_argspec(
-    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
-) -> _ListOrDict:
-    """Helper for various string-wrapped functions."""
-    for key, value in iterable:
-        if isinstance(value, str) or hasattr(value, "__html__"):
-            obj[key] = escape(value)
-
-    return obj
-
-
 class _MarkupEscapeHelper:
     """Helper for :meth:`Markup.__mod__`."""
 
     __slots__ = ("obj", "escape")
 
-    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.obj = obj
-        self.escape = escape
+    def __init__(self, obj: t.Any, escape: _TPEscape) -> None:
+        self.obj: t.Any = obj
+        self.escape: _TPEscape = escape
 
-    def __getitem__(self, item: t.Any) -> "te.Self":
-        return self.__class__(self.obj[item], self.escape)
+    def __getitem__(self, key: t.Any, /) -> te.Self:
+        return self.__class__(self.obj[key], self.escape)
 
-    def __str__(self) -> str:
+    def __str__(self, /) -> str:
         return str(self.escape(self.obj))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return str(self.escape(repr(self.obj)))
 
-    def __int__(self) -> int:
+    def __int__(self, /) -> int:
         return int(self.obj)
 
-    def __float__(self) -> float:
+    def __float__(self, /) -> float:
         return float(self.obj)
 
 
-# circular import
-try:
-    from ._speedups import escape as escape
-    from ._speedups import escape_silent as escape_silent
-    from ._speedups import soft_str as soft_str
-except ImportError:
-    from ._native import escape as escape
-    from ._native import escape_silent as escape_silent  # noqa: F401
-    from ._native import soft_str as soft_str  # noqa: F401
+def __getattr__(name: str) -> t.Any:
+    if name == "__version__":
+        import importlib.metadata
+        import warnings
+
+        warnings.warn(
+            "The '__version__' attribute is deprecated and will be removed in"
+            " MarkupSafe 3.1. Use feature detection, or"
+            ' `importlib.metadata.version("markupsafe")`, instead.',
+            stacklevel=2,
+        )
+        return importlib.metadata.version("markupsafe")
+
+    raise AttributeError(name)
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
index 8117b2716..088b3bca9 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_native.py
@@ -1,63 +1,8 @@
-import typing as t
-
-from . import Markup
-
-
-def escape(s: t.Any) -> Markup:
-    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
-    the string with HTML-safe sequences. Use this if you need to display
-    text that might contain such characters in HTML.
-
-    If the object has an ``__html__`` method, it is called and the
-    return value is assumed to already be safe for HTML.
-
-    :param s: An object to be converted to a string and escaped.
-    :return: A :class:`Markup` string with the escaped text.
-    """
-    if hasattr(s, "__html__"):
-        return Markup(s.__html__())
-
-    return Markup(
-        str(s)
-        .replace("&", "&amp;")
+def _escape_inner(s: str, /) -> str:
+    return (
+        s.replace("&", "&amp;")
         .replace(">", "&gt;")
         .replace("<", "&lt;")
         .replace("'", "&#39;")
         .replace('"', "&#34;")
     )
-
-
-def escape_silent(s: t.Optional[t.Any]) -> Markup:
-    """Like :func:`escape` but treats ``None`` as the empty string.
-    Useful with optional values, as otherwise you get the string
-    ``'None'`` when the value is ``None``.
-
-    >>> escape(None)
-    Markup('None')
-    >>> escape_silent(None)
-    Markup('')
-    """
-    if s is None:
-        return Markup()
-
-    return escape(s)
-
-
-def soft_str(s: t.Any) -> str:
-    """Convert an object to a string if it isn't already. This preserves
-    a :class:`Markup` string rather than converting it back to a basic
-    string, so it will still be marked as safe and won't be escaped
-    again.
-
-    >>> value = escape("<User 1>")
-    >>> value
-    Markup('&lt;User 1&gt;')
-    >>> escape(str(value))
-    Markup('&amp;lt;User 1&amp;gt;')
-    >>> escape(soft_str(value))
-    Markup('&lt;User 1&gt;')
-    """
-    if not isinstance(s, str):
-        return str(s)
-
-    return s
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
index 3c463fb82..09dd57caa 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.c
@@ -1,22 +1,5 @@
 #include <Python.h>
 
-static PyObject* markup;
-
-static int
-init_constants(void)
-{
-	PyObject *module;
-
-	/* import markup type so that we can mark the return value */
-	module = PyImport_ImportModule("markupsafe");
-	if (!module)
-		return 0;
-	markup = PyObject_GetAttrString(module, "Markup");
-	Py_DECREF(module);
-
-	return 1;
-}
-
 #define GET_DELTA(inp, inp_end, delta) \
 	while (inp < inp_end) { \
 		switch (*inp++) { \
@@ -166,135 +149,29 @@ escape_unicode_kind4(PyUnicodeObject *in)
 }
 
 static PyObject*
-escape_unicode(PyUnicodeObject *in)
+escape_unicode(PyObject *self, PyObject *s)
 {
-	if (PyUnicode_READY(in))
+	if (!PyUnicode_Check(s))
+		return NULL;
+
+    // This check is no longer needed in Python 3.12.
+	if (PyUnicode_READY(s))
 		return NULL;
 
-	switch (PyUnicode_KIND(in)) {
+	switch (PyUnicode_KIND(s)) {
 	case PyUnicode_1BYTE_KIND:
-		return escape_unicode_kind1(in);
+		return escape_unicode_kind1((PyUnicodeObject*) s);
 	case PyUnicode_2BYTE_KIND:
-		return escape_unicode_kind2(in);
+		return escape_unicode_kind2((PyUnicodeObject*) s);
 	case PyUnicode_4BYTE_KIND:
-		return escape_unicode_kind4(in);
+		return escape_unicode_kind4((PyUnicodeObject*) s);
 	}
 	assert(0);  /* shouldn't happen */
 	return NULL;
 }
 
-static PyObject*
-escape(PyObject *self, PyObject *text)
-{
-	static PyObject *id_html;
-	PyObject *s = NULL, *rv = NULL, *html;
-
-	if (id_html == NULL) {
-		id_html = PyUnicode_InternFromString("__html__");
-		if (id_html == NULL) {
-			return NULL;
-		}
-	}
-
-	/* we don't have to escape integers, bools or floats */
-	if (PyLong_CheckExact(text) ||
-		PyFloat_CheckExact(text) || PyBool_Check(text) ||
-		text == Py_None)
-		return PyObject_CallFunctionObjArgs(markup, text, NULL);
-
-	/* if the object has an __html__ method that performs the escaping */
-	html = PyObject_GetAttr(text ,id_html);
-	if (html) {
-		s = PyObject_CallObject(html, NULL);
-		Py_DECREF(html);
-		if (s == NULL) {
-			return NULL;
-		}
-		/* Convert to Markup object */
-		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-		Py_DECREF(s);
-		return rv;
-	}
-
-	/* otherwise make the object unicode if it isn't, then escape */
-	PyErr_Clear();
-	if (!PyUnicode_Check(text)) {
-		PyObject *unicode = PyObject_Str(text);
-		if (!unicode)
-			return NULL;
-		s = escape_unicode((PyUnicodeObject*)unicode);
-		Py_DECREF(unicode);
-	}
-	else
-		s = escape_unicode((PyUnicodeObject*)text);
-
-	/* convert the unicode string into a markup object. */
-	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-	Py_DECREF(s);
-	return rv;
-}
-
-
-static PyObject*
-escape_silent(PyObject *self, PyObject *text)
-{
-	if (text != Py_None)
-		return escape(self, text);
-	return PyObject_CallFunctionObjArgs(markup, NULL);
-}
-
-
-static PyObject*
-soft_str(PyObject *self, PyObject *s)
-{
-	if (!PyUnicode_Check(s))
-		return PyObject_Str(s);
-	Py_INCREF(s);
-	return s;
-}
-
-
 static PyMethodDef module_methods[] = {
-	{
-		"escape",
-		(PyCFunction)escape,
-		METH_O,
-		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
-		" the string with HTML-safe sequences. Use this if you need to display"
-		" text that might contain such characters in HTML.\n\n"
-		"If the object has an ``__html__`` method, it is called and the"
-		" return value is assumed to already be safe for HTML.\n\n"
-		":param s: An object to be converted to a string and escaped.\n"
-		":return: A :class:`Markup` string with the escaped text.\n"
-	},
-	{
-		"escape_silent",
-		(PyCFunction)escape_silent,
-		METH_O,
-		"Like :func:`escape` but treats ``None`` as the empty string."
-		" Useful with optional values, as otherwise you get the string"
-		" ``'None'`` when the value is ``None``.\n\n"
-		">>> escape(None)\n"
-		"Markup('None')\n"
-		">>> escape_silent(None)\n"
-		"Markup('')\n"
-	},
-	{
-		"soft_str",
-		(PyCFunction)soft_str,
-		METH_O,
-		"Convert an object to a string if it isn't already. This preserves"
-		" a :class:`Markup` string rather than converting it back to a basic"
-		" string, so it will still be marked as safe and won't be escaped"
-		" again.\n\n"
-		">>> value = escape(\"<User 1>\")\n"
-		">>> value\n"
-		"Markup('&lt;User 1&gt;')\n"
-		">>> escape(str(value))\n"
-		"Markup('&amp;lt;User 1&amp;gt;')\n"
-		">>> escape(soft_str(value))\n"
-		"Markup('&lt;User 1&gt;')\n"
-	},
+	{"_escape_inner", (PyCFunction)escape_unicode, METH_O, NULL},
 	{NULL, NULL, 0, NULL}  /* Sentinel */
 };
 
@@ -313,8 +190,15 @@ static struct PyModuleDef module_definition = {
 PyMODINIT_FUNC
 PyInit__speedups(void)
 {
-	if (!init_constants())
+	PyObject *m = PyModule_Create(&module_definition);
+
+	if (m == NULL) {
 		return NULL;
+	}
+
+	#ifdef Py_GIL_DISABLED
+	PyUnstable_Module_SetGIL(m, Py_MOD_GIL_NOT_USED);
+	#endif
 
-	return PyModule_Create(&module_definition);
+	return m;
 }
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.cpython-311-darwin.so.gz
index 98dac3cf4941c62d239335529d257e636b275c04..39de62caaed5d9f61c97e8e925b1958cdf3e764d 100644
GIT binary patch
literal 4712
zcmbtYXHe6DlK;~b5U>FvT|pv9k=_j=5Q-EjQVmE)N~8;fB8W<nVCXG?4@GIA2_j9D
zsz4B>MhGPsA%Q^Xge2#?xpz1B<=%(e+1c6I-I<-8o!R~Eilwmw|0HGxsf62>*FHA^
zW~V-W?5oO|Xp+4L;u1K_lKd>te9@qqkGG*jz}))soH1hOG)>~1a)Y^<R0)r^(sBW*
zQB&JdS2<O?AlyeeWt3ESw-H&|bZ4vPdvJeQ@cCKM$Pp9wUf?~!&hA$D_cBps9}KD!
zr)k(p-H6?vi=^89u)BvoqLt%B*nmRj=O+Qa1b)D~lsUnZQ~V<94zLNEVsbkt&Yt)$
zro?AtwbpU>u~^9fV}RZ{fOP_>MaBsNo<9I#pBe|B^hG@(=Zvft4r|qcwh`<v32)Q*
zspVdp=E(D!T&i7?y?jXVxAhsk;168;cup!;vhYob!=f`Q2><KqTEn9P^yt@neVkFG
zgEf*`Ud-@8So#Na?$BB=6qHdN+E&7k{jGScDH-3y7s48y4Mx<?xGM+qJ9p|n?bfxX
zzECO<1>I1xOqE{pF)3(}?LQXqKqCX)U5eH>-fDPIe++u&+}34!wLKX8;(c*--^Zc(
zLCs&IcjzieaLMglYFgg!t><8y+V%+20jFgA&4QXP^Ld9J%h&f;Qd6%y9rQ1=!J8p1
zO?vK(^WW!BXw_?!FmL|&vdwaElBtFTKwE?vnho?bl?Z(4cLaD$b?6eIA*szT<E;6j
ztgLlTiC;3J(X7D(ZI;l2t%D^t2(CQ(g6oFUb&yi?6N7{gCZCi0-G_2}jbPW(By<Te
zE~Cdr-=rFA{es&@COgP01x|u;MFtE<Wa(7cQt{wRJc||_hUjyeWRwOt`x##T^c`&r
zSSDxq18dv)!}q=%H4c31a&2iD{_v)dTXy2tCY@zSx~cjm+oz*$cG(G$&FDAvbObf7
zipiH-srH&3@HnJ|G2L)xy`7g#v~O>Ur8T#Ip0ZS|Ws{+VJessWp;jN@mfTVm2(`8|
znVvaQc+EHeE?ASD`I>{8Rb6dBQEOA9Wbc7g6`&u__Ns5yH%+PM@@<wUqs)3<*r&`b
zfow5)u0yh#3dE$X@E<^c^C@yXF4D12^vW&xNr3CwYq)LG4QSs%t~HPh{}a~}ZODXe
zd8%9HQ*eb0N#5ZyubIXfc08v)&wD77CEdYj>I!=AMpXi2Ijm~P`Lhe{ZEp`BTxlYI
zXlg~yM1Br`xf@>nnc%)B$z!e^VQE7o5+P89ci_BWj&1(cbbhUNsj$72v6(C7O{W5`
zVMto~O!c<=cTiLMxFHT8z&~?l*Mn2M-Y9bULxx{$jsvS&eR*ev-fS~ZE7Kn;*0_kf
zQH^dav^2O7k6CC}u^N0<sZ<bssjI4G_dybQ8fYSN18*se^2Dg^xFm9s;mE$d5>@^q
z^7)<o`$~C$ts-@_?WZK3^Y_SZw%cx*TaJ{2c{Lg#7~iZLo3|(9jyd*a!E9G>Z^QX8
z+r3Y=<d&mQ`N{lSI<QR<d;3F7eXZ^W8(%Ux`N!JIq59^4jM;porE7mjL80g7+_~-e
z$wL#qCUUkcW5YUE%kj~20u)2i3?}_}gnOoalsmw|5pH=dYt>IYg-e|e>P90t;Is?5
zy)1Ke?e@Yh?%Q7YR{i<X{n3Mu(?SEgvNpjttjwJn=&3fS!mppy)Q)%ZPu%ubWz$R7
zx3n5pv7c3}{pLIL#z}*BnmMT(yFirk&be(EZ@8Fa8sfms4w;j{13Y;OFf&?m<|&4u
z8X@3yDS5k!DW9YP<+d8Fc)On$sW5}S#|~7_ieh1#;gxrJq4#6&J?NRb1hBt__oQ_d
zomTM?TKlPBYdv*1{~bz5h0-1*Y%;MhGVnc7IwXNWoww)Gg(iUVKphOC<%77>8T8`n
zKPDKLtGe%)cx38NJ>But7jD;oCWR<^h3@4ItYrFp#25H3)W~HD89DyN@w!mz!hMHD
zdsv+U8QSRBl!^Cg>X|CJ`uiEbFpU$)Z@tWMH2N^{Rjfred@_+w_{@!ey0(7^1jeL@
zu6DEPW1~<AHFnbzFBYCApNSK9YPTN`;%}COO9z<ya%jfAy;hFCboaraN_qtW+`Ci!
z3iynur>Es;mfk%&G-a%Gg$R~)IMYgMW(-f~l{!#Fc0bFkDJP+|GbEGA=bXCrLnz*o
zpwOqG=T`pkU(u|3ul2e63ddO|ZObR>1~a=>Uqo`BU|-q73~gU*Brp2isj`=-8VQot
z3-{HHk{CLy7{{Eq`J2Uiv3Bd7P5Cb-6j=S!wq25h^Sn3)CXil7RcjG5rP`m2qC=8&
za0*y?E(-kEDr~N`!OQGM9?#bC@g)?aAOL%#cbm!^j_Z%Goh=nxilX<Bt%2ht1V{V@
zj`&?XtuFB6W9F;QU%>hLOr#+3lTm+cPz0et$jF$OiF96ewDG&d?D>@;#>bbKJbZCl
zah7a0-YEID#mO3cu^Dnm)8Q<TeHH&K<z8)Q+Q4E}tvVrC{@F|bMZ@J&!M*VJJjy-|
zGlN5*!wy=)&u+M-8KEzFRp@X~vlhB_5m9_ul7;)-_{Aa%t$P}s@)?4}(8chfDLFrM
z?kGb_aXB7Uv9TFiNr7kQX;gH!W6-rov31tIDDnSZaf#v{NF^H&PZ1|b#0yEHx!en>
zt#6y={6#~gClluNLWL@6J1*g7IdgbFmCzN7&|0ic=}-UUqxWiNC3Bv??-mxBc=cb_
z1y$E7P8B*Ccgh=L97iU#PQI)-#qJWG*5e%<Dv@{VP09tuIuO&RUCFJqju*i76hTdL
z<QdKTc<Q7GvL+8-Y8-+;VrB!RX8KY)4RTi&6ZPp_z?vOz@w8f0Xhp23YDg(FHxTNn
z^d0juHqZ>8!x@W`rGu_E#2REYgKJWP#J*>3c}e%@sg52P!_#XRw%@(4zQR}!BCg`S
zUg?m6bM&R?<A9qCP+^9{$`JJi2mVY&?&w$#mwgWfDft_jj}E?8M)>jwgYq?sb8FuR
zDL=g1Ad%HJ@80x5E&}^7XMz+|U*wY6J?Rzkky0XBG(sANwP?5E5iS*37w(N}wXuI;
z`C8o`3M$gcHL~f#2881s{fVTyz_w(zs4H!vMPAi2t5t!;rOpK3VD;(1HpArPukw)S
zW`v-|zq&CPs1Ze+wQ3B5R=(svxG*r+M`IjKQ|9Iw@f&x7T}8l`A#<>}ynTj`!nu7m
zCC3eg5Jr4Rc6S4r;R-tR@S+@Sy@+Qp{E^*RN{7%5Mymq<eiL8gakO4@H})4p;XUqZ
z7A%s%a6OGXjmbefwe<_Ag8Qc-8??#_YKsSs0iG>2Qp5GPGfI0WF8GT)wm*wdk8s&}
zD7=i8c-}lUgpYBAlw}=@Acv~3c<^tn#4`6{q-?i5U#Q4UD<{Yq+ZqXWQzCm}YB=jn
zKarlT7#GMx_;EOEw`OQf*~*2!C>SWZ3iXI`geI72UKq%fthrKlnP`HntR~3hUY*<4
zN-A?Nd7O<|MZ&92=|Pqme5^Om{5#IXma}NEqHj`hU_z~?`Ar$JO-a{XULS6-N{?Wn
z2u!5jUkes!@uy?xO2qslop;;c?1oB`u%HN@-0In;iKDm?BJSFK5K)w-ZzwW6xrz`@
zSYqp}l0JzmcSESNiTdTg1|u`|(T>H;=1|V`wDV;qkfh*XVU_itiCaKPXPKrMu3PR7
zj=@)Qc44)--juCB53t6SWOkNaGQ+`4e(qbE8?$>_+kC<J_c(B6ewF$f7W^tmfyGEd
zuWCi3nc>DifijsRz>6u7gRx*RM>@yCdcmprLOr8;(8anv7aK3(V+FgTo-DtkrL_W(
zHm6P5J@B?CL`u?i!u(0Z*par<YDG0$R;LIYtg=G-HMbQl4DSkkt}Z3{MMz6VLhoqJ
zqeHd)Hf-efS|2q6xdr+p<XW{LKEza%-Rb6^+r=<3gv+jwp9{J&3!Lx4Zl8JN4;^LS
zyZxkEH%n&c*}5{A^w#3>-kSok2-!Cv=sn%Dv!_7aKYMJ3><fn0Ma1@R{h*Y9H^gti
zZ*>Gm>2#D=o@35CfkPduu*HN0OEm2CrD-Y%UE`N7ZCY~grIf{C=lVl(a@`l>p-q{I
zx;F(<Rt(<@nDOha@ow&Awkdz;toqxeoDy|W*Y8nT&ht_JP357VMkAhjD>OY7b9&Hu
z*Y^HOY}H;_sy0@SNL39Uo7cO=An26Ji(&Sq;|J23b|8X(NNnJd@%_rad?5q0$+=zP
zz<6cKQ4;WuzC1=pR=D0e)V}fN$LAfc>u(;nLjGZTdS~P*o$JBcNlb5yKizlMZaZKy
zjsR(&eE@A(k3@A-LPl`Yd)nla)19$~e%dUV(dib{g!IEkne_#^1YPbhr-XxOOmlTV
z<+DNw2d{7e^2GZ7YrUZvjxp5P)1@cLEX(c9T?Wg~CJM~QcI4Um_fJHvpKej%B}hu1
z2($g|*oM0n(j5w|TP;5DC)lAZ8SAXRr?=rBf9-V)?=f*^xLE(OWFZBc9Q}U%@E}p2
zfx3-r<mD+{JPh+1eH8uRAjZ$_XF@B8$*pz6*xrxK3tMe@1bZRQu(9`3SeE1a+PyBb
zZcfRyV41#Wz3<R&wI6No2kWRHlVsNIqRdR>e{@A}3}11S?Pi_6byPp*_jq2q$691X
zPR@yYy-)ffo;WmSv6P>~+<&GPjQm?h+H03C@Swlgth+Q6mB~A1Q{a;m7x|5*)MJe_
zQ#xrPpVLwsf~{~{9Z(EF<pdbdM=vM676OsrBo{92%3l^&W@9ys;`XI7@aov^fa^$X
zamlw6LvcaG#+#Qa#Zok5|2%W2b>w;_Wf{v;BMo*tjnpy%I8UU7Jke=^|HUa=hmS5H
z<S05&yWe*fLthU2@USJ_j}ql;F;v2~@pA3;*B4y-hRMC)wgBfUDo`rw|EuvfFu_i9
zXGVLpbh+NhJI`dDB1fAD^;xQ*tiU3QFSRr;<nae&G3~+2O?4kdKeto>G%8;2()4^#
zd|%Idt{6B*AsysdHEa)bnq6J@A}a4rwg`&<qm+<5ko1zmjk3gKes$f1N7vbQjc%{<
z#XlyHA#v|7Q?UFm#fG0B3mD-cn&QgJp=-m#0>dM40q^1bmv4&BCKX@Y9tbMPa(o0r
zFvRu`83a+0D0;l-3+g(Gf#$n6Ua+++uL$|Klkk59;Nv--?QlKzc}+_jkHft3)n4PF
zNykT`@}}22oA%l(_F@sKG2C4S|8wsCYYqJ$mO%!KwfE!TcejXR6UL46KgWHST!JuC
zL0Ns?O4|3s&y!AoWXD4%<m@7{D!&isXpg)P+J;-B&#q0)%7#Z|6*&6^N#)EMMqAu<
z_NY^RpLvwdtLvlcOcXXaSN>s*KWSv?w?^KV0JSJ#`Fx`_yN9Ek0HMaICqM$Y{mKY+
zYC$}NIl&^j?h}v6XzqWahBg*nAm8(};<TBkqp18<JO(Hey{gd=Ncn9{)!|$y{t5ms
z*uVtHr4L@?JJNAHwzP7m-Y|@bg@;j}qtX@36uWAI`yopnp0vtTwOeOnbM@m4E-9Q}
zxsRykRocos0oX8!ivUXQKhK6;KiU=1Mer*7?)*v_F1(YKrQE*uK*W1gqL5{PLyD);
z%fA-ORcuEZ^sH;0mJLdqQ*-fBZ5JX*UBIKm3rgzXl>^?&+S^6zqjHCnP6U3$7dvNI
z?*9`%eCVxB8@dTNfnq!%YkyT0poFWr@HUr{svwhFNku99Shy+V7Nw-qqt_l{`ehM6
zsa1=(QS7t-VUeIMHEISc-lvdZv#y$b0`td&TSO>h@#!i_S>cA_nS6Sm8Jc`B0h^q$
ze6p6bhOj7|*GD^D7ywiIn=sAvMOT)Z_<1^Zb&57Ksn}O`_&tk_IRBA8y{LeO&IZ+Y
z?%iZ0@BIds!0X;FLut5b`et=Zt9LgojFPkQ@$soegLTUc`f{^f&f`+Xswoz|hMM%F
zkJBs#9~IS^sEUp1-VIy95E<0t5i*^cN@mPqxVn9Oj$h5S&C<btA4&`c(?12Bm{GdP
H#svHa*BMF^

literal 3830
zcmbu7<y+H_`^Ddgiik3U7)VHqQUXJ1kWw1y8X(e=gE7hxO2-EQ87L`??(S}+OF(MC
zq(f?MY+wBke%JMTJvjGuo%7&64-RY84d5SFNW11pH>T+T(*Dl@8Okq7Ar7f}-Be&T
z_L($lQv06>>R0=c{`am7bn`#;D{4yGw{$&kZVD?_&+C^S7&!F}LFcAv=4qsWug`Nk
zOQg+nDu91@=&0s(j4_0Mu#A4X?o#TIl652DjVpGqb$YLa6RU#bKsJvK@8jPupU?U&
zA1u_>+MfL!lErUL#{kjv00Ahc1cbc+nB^)A7+WJ-!Buo9SeG*fIQ{lopO<U&fzroq
z>qF|=QZlDU#PobJCd)v!U-?FzeBoxMvl(TRj$zDFnDX=c$On#uqgOhE;oFSF-tabA
z_+h$JtYB$>YU}>R5)V<CsTnjwG1><)*BD6Hx!BoZ#~e=|i%As`Y&HrKzpm&Wf2a&?
z<JqsAM}?f5S^Fc>nnx^U$yX~58F#GHX4Fa>liUaHm1*Sl(MF8^+HNEgsF!x`V0>Ll
zQ?NPNvxhZALbpX!h&R5ewHJD?6w(S`6Wm%!BZ^&VzYQVY3l=DrZRLq*J7*@;%nsC}
z&8=I1e{k{q^}MgISjX_~p9tkp&@F1kU5GHIkY}~c!r~Nj;ziZ2E;-&+@xTtC7GED=
z0J;HxJQz@!*>Szn{?Qsh@IGUqK#WkirD0MW*yv*?Zvq(&%Fs<LUz-boE<yx>sncX`
zJQ``AZF9%UW(1t3SM0%Kw;uqg?`};`><}4?D(_0L*$vcjoT%xk%tXe%*<aP@sIB&&
zLEY7fjCH&4JF?hVW2gG0!!lM_vBS;(Bas%SOo}*f6&39YY(^>hBW7nn4o2lGI4GFC
zmfqGv4QwQ<#;xxA|NO`gJi<aM-zOrAP9TfMyFTCUu6zWw7<tT)R#rU>$>r=j-q7)E
zR*(*pJ3-O0nFNY_?ei%*kr%a;w0<}F<aq6IM2@12v;Y=Bdo_^N%ei&<%C8$<&O}P?
z{TJq6EV{a(Q(luzD0>B5oi?#&B5u1x$6NVW?NJ+zi9lKbMfkc!^tu>hqmXFbS80<J
z#gFOE&tDS#f9VUiA1YW8-Ec>~Qn1}`V+R)LI7z^M7>?nki@*r3d9Ej`3WjXW40li$
z3z>qn9U?blCJeX9+#ZUZD077?@r1i%VO<%?vT-&{HJ(q-Q2*Y5jgg`xoh_Ft%;~lp
z9nY2BTH`9Q-CCI{nS7_wuvzk752%ydyrzY;v#>$Rfny%_t8O@bS-I)X!Do+mEmBmZ
z2a%rj{xfkqRYCH&b0_jZ^NhoeLvZOhiJAuC;&vAE&Gd+~b)N!dYKeUT4GiiGS(GE5
zPI77OclIvYWDs$SHgQYwO~d6d(`I0GLrFj~`sTNMj~kP_iy5fgU6t_{NQ|31Ry_w}
zF;_-}0Et5^Y8h$xIFmG)Vi<u7B!^Qmdd=jl((|4M3f)!MZ5J>0(i+Fg<2qpZm|I``
zCdlvbo-u^rL{=A-1bxZ0cK9?ez5B1Q$~O!_#p>e7ZZK?s7<Q}Mm}x<Cnp%=!-UKLU
zMq#<;(uk!ZW6;(NlxTXaB&j-YeNA?d|3Z5ovs6G*-i=6}^1kc0Mlmn>sBXQaxk2-m
zlP|69Pw;6iDP)(Isonbeg`h|~mq@#kNPFD)*N&0*A!OmgYJy;8jzl7i+$Y$U0k%Q=
zr@>Afz7INzrUGRjV^Hk|6OpuXTRF}UGwY;^l1d|SB;&>s@oK<H*MB;zj<Y;0f{$bW
zR;Z3k3t$@MM#f6x7!vWu2YUD4Xf>mqJ0+5ODd7u%+z08S$jvU8rB<vEdd3xH@<6>L
zl(7Me?QcQ*UmyA*t9`qx{k0emLue3W&^^KEFpH3q)nItKKlUPbK%78U-kV`+$<Azd
z!hN>R{bW_Pr@&x2qMV1Q@3)|S@xXp$>|8M=cTBj{ffe5!mAAZr!gpA6wT#SjGVbl#
zASvuh*>8n@9$FTArYv}WAVX00<JMXbJkeBf^o$LD7`EE^zL=HyF+rx#-+`Y&G7Jpx
z3C0OIeW`*;vt$d~%iQkTQ^3WsH*lT2vq)qnAcQ=5Cyq90BEPn-^HxCv{US{>u2*Se
zb#|N(zfDfa%K5#tX2?#eO#Mes1aC`C&Rqk}>6$Vk)<4%$hYDmZW(&^ijHf?Az^JgW
z<S*#p{Cb=@2#CbTvTfpfKTgN8)-pYtCDTifT^|wdj{5V{V_qnF`a1LHj!=of<9G-}
z#>wI9DVd&&34iM@qzAdpq01&>&*#0eQK9K_Jrt$3L9zm<Y3f|c{`}z<n1e~K7|dO3
zT9sRRCO+OKDztUb>5~$@{+Y438Q}&^x6@kfR$m$ZFsDnEU*E8h^3`Pa{O;_P95(W#
z`<&0_5_~6yHA;xzW3xQv#H&=v!h^3$c*^G%82FA`zv9v0O{Yu=LhdzZmUdz17EJ*m
za3c+WZA%}Zx37r%Jw9`u?Zc7UX5_m_KGwGGwB){1`twqdS`^<Hipo&*Q1dd-1P@(X
z+WV0JUB>OB3+T?)UvSC@QRtxGn&rF0>-N-N+C3({{AAUrt!2nksB`%a;-a#Fi1~Ft
zG@P@g=(vG#e4*C<H4o+_N#*Z=CY=I!QlFK>iEp+fH{s{4rxHYui}F)d+q#anfH&Yv
z!@}9KC!y|#s?N)K?i%rDqov?b-yWgIu{+CU;9gq8ziz;4;WXR=5{)hjeY#Ws+VD1p
z@}GT4?qJdA2<~;36a&C@HK_B2?|9AMEJ6o+o0rtTTNj!SAP4wizdWA<v4fUPY~p5}
zs||zhGt0+81#tCC0rVZTvJjV*qb#~LvcN?>g(TBJuDjf&M}>xVOwkLSlA&wg42}Yc
z4}`o#&~E+qN9bCKz{7m^1#RYbe-F^-X1f*ok{D({h!T)6T28WpdK_H=a>yPkT$qws
z(gU9L7e9@(v{?siMXg?ZU`y~kxr*TDh>UorOs*3}#c+3@UgXmqdU0u9kE5K-o9^a%
z5COV{yHR`VZz^1hwrWys7jJk3NA<Ww^wcN5n>Wq~^3dg#9>}W5vVTC`<FFQA{HRZf
zznyu?Eikb+m%HA9YiJ-Fwc`0vEvGt~Qytcb(8HeOWWu(l-oD1JMHW->rc72I<-qiK
zf1I$|+lQ;8;**ZTdg@2GuEpGcD?o?A<)nW`$k1UXveWhMNj4;o<cbOiy!?a`3X9#-
z(-|!kKF@z>qr^ui%KxRdm-A)eBTjUKd%Q^A)2w{>*hqBdO$W`L_0CFW6T@;_vv^io
z{WL`R{orrL4w_dPB}!0fW~iNLwP3VYZ}D-r<8hdZ%Dds}tBfym5&T>cmDJ-?9PG2=
z@kyApr)u{wy;Tx<McJ8{&f8Ba!BOtPwm4P06Nh^peBFu$mF&C>(z*S?Z*AlkBKT>f
zc?)%UHAII*dACRY^uGB%=MCfQ)!<SpI(foSjk(Uq=<DY<Kx5)&;S>THr5kFTX5)c*
z6hP|40@3Qfn$bmLt~PYZb*V>5xAM4){|tU_G_MDqg&LYD(?WCt^roI$wfGlZN#}=p
zSDMRB=8eQq9jO#Q#{_?lydRSG6>Yhtr~2u+M&G%6d>4owYMfeQ=Jq|0Mk@Wtk?rFv
zHm-zWBZi#{5l^*qc@4b=?F0T2{Ug=Khkiq!Ftd6Z`zE61&QEJhiwe42he``?ZyGGb
zPnC+nDai5e!fkfW?D(Xr)Bg_Eyc1gTV*M3bzxa1GQTmU)4Pf4lAw#6U4eU@ZV=5Gp
z?V|+?b^%=kBoS(bq#)gKNXXHDh4;&m)|~g5AYOCGVBcF#I1`^pXWNUDbi!O_hqNr8
zwlv9)fr%TN&t4JC9%Ap#Ew2yeAl2fgJ+e%2ViOj#YQ!g7pDdQuNHa?E{|_o;Y8MyZ
zBarB)lO9Nfs1##sSzR1!N~@_3=lgdO9Gw9wgx~dcZ8<j@r)`dPl+w+taPbcBjpBQB
z%)j?~p_V6-QJ?S4fVSiE)<5KT65`>LzcUMuFF!rX7XqoArI^QiD(iSHIff=G8r-WW
zAEhyoS}uzW7FY_x$NxZ<`AA$_7JNBDEM}V3jr2db=(6&9-6g@{!W`9|t)MyX8s%#=
z`@N!j<`-+tdp9IYEN9w;&Jerx8FQkpI~UvWU1NHEpSHrBA_EmC(a;{=Me(kaREDai
z1Nx8MqICW-H!jF@{^R6|#c!tY2l$()_lX$wTn*9X&hu>btsjnoqE=r?+g;2B=e01W
z|D-sy>80Sf)qbjeDixyep>9+V#n~JH?YP@HdWQ(!d{Ee?K)SlR2cu2zBzR3PCy}^U
zNna0d0h~->&!tBHo}B{)`cVYH-F#~i)^)D9Ak%Jyg<3vh3EZP5q9`n9tVqcMEDNp_
zfv6Bx_}l_<kDwP$qUtcg%b;h7!9z<USc>kYO=mpZ&_7RVrN6Du=|>!a34b@a#k@@8
zZ}O$t32QxbFi0^@ilny;`?jRixo}E+GAy}$DY`maR7U|AskGLaNEkZfz6;2#tTmYv
z@}uG!5Ys)QO&59Q1YUYlWfXF<2f4d;sm@RGp<muzJE*=$y7hBo?Qg3zPLTX-Z?jZM
zCOgeNvcQ%(dhvvtf};k&1v^kp)-D75BG3l7m-`|Md^o1wt<|`OdWro`o$c9{zMOBu
zrQ$EPnf+T@n&7joGw=823k+SyA%0c(G&|RcBB;NVI4-J8+Az{W++%?5ZHZ-jUdah(
zcSPdX&H|&YO6ngIfpxLqDh=|24?Z4uu7Vu13$INV^F=wjsp_y&8h|)ppHdmUE6ZPR
z%Ms|kh0`@&MPv$~MS`mD7*>CC&N`D*Sr`xS!?iRmtfe?e7xX(fy<qdMcNDdW>8UOC
zU<w|es(+k6*>PF;AKlSd^-4Gcw~*EORn|ND{JH%mZiWwOZlc%g6E(u+okVSuy~_0;
m;)aqpCnL0k?{h+nx^UA}Ab>;x03;IGKPfY&;p>k8fd2ugp`vjB

diff --git a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
index f673240f6..8c8885852 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
+++ b/lib/go-jinja2/internal/data/darwin-amd64/markupsafe/_speedups.pyi
@@ -1,9 +1 @@
-from typing import Any
-from typing import Optional
-
-from . import Markup
-
-def escape(s: Any) -> Markup: ...
-def escape_silent(s: Optional[Any]) -> Markup: ...
-def soft_str(s: Any) -> str: ...
-def soft_unicode(s: Any) -> str: ...
+def _escape_inner(s: str, /) -> str: ...
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
index 824936194..2ec4f203c 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-amd64/yaml/__init__.py
@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '6.0.1'
+__version__ = '6.0.2'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/yaml/_yaml.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-amd64/yaml/_yaml.cpython-311-darwin.so.gz
index 60b429b381dcbb9fd12bb1f3a28f4c384cdbf30e..17077873dbb98d1ffb9b7ca5f1306e0358e11061 100644
GIT binary patch
literal 140254
zcmcG#cQ{*d-v>;r*s-_7EUgjLCWuYc>QZ}D(b^OhBScXuR!PkoRiiaZt)i(}txc;&
z5meQvRm6Tz@8^D=_qyKyUl-RoIXUC|`>fyh$O$wFO!n^wbg|JMcKgQHlk*RLf$TII
z<rU?`yhVm@mJ>!6wNG6vuU#!K^>lk#YEgQZyO`gc{W*sx=W{Vno;$prmzij7B$*^r
z7TQ>7^z`-aUR3YTu5Y}<6(F|Oj~zZ}O-<hT<E&Zpt7Fn3eDfE>M*XWbt6+g%4fb9<
zm+NbUtJF;AZMv?p7`YY4q`I9Y!^eg=w?kRu0-q-7#ShaihoqgI4A!N)_2FT^DR#EL
zy?;`-i9B#KUK!k3y4QUPh2JS`dlkbH(Vn&57`VgQHZ9Y(Q<vfJH23NcMp+HYoe&NC
zrVHEoZl0ZS$AaUrs8xDKLv;L5^~})AZ<;?eB2T+Lt?zYTyqa&m#ZvfNq)BrsN_MI5
z5-MWvXN7D^RM^_Gr%xzi3)cENYqoknYI|9QmR^8o%^i(xp1;{0wX4x~ReDbURk%Z)
zr>&g8O5T*rPE7|qve&l841cgjY9{?Y+<8J(gG!rmcM$0PzId^x(Y#By62s*>eg0v%
zD@nHd!}fe6g%u=!;<nGld|TqUL%8?!#Kq#>s1?b_RVQ^T{!rh}WS)z@qfZ=djZX)&
zJEQhUDwc_CJUiXB+qK|d_%9rm#)2|4<mQjK`4y@(U5&|$^Lx3+12k<C`V%f5nsa`Q
zuItt;xXQAl+i}{)|JUvQn%vD)7iYPL10j~eW#uyG^e)MYHNPIsZP_ob+{V}Rot@Yw
zYS0u5s=FKiIehf3x|p~%IVP;Wdp|+B+!j}NhtY=Ou|`Mng=S2w)U0z2mS;S?{dkx1
zd_JMcz1#fJn_n*qWIOiPzOWItL{$=LG@h?~yv<cN81Yp~(R9$Ne&YYn#l?ke$@LQ(
zMQPHEpSe<_+pTw<;^SlE)9%&&8bPSl)e*}g5ko!w?^W-NTRX2C7UK@|6diY}mAf-4
z`kVfe8ofTe+4*rJUQ86&kOEU2Y@A-~Z(s}IxH(qE>00?CKqF7Ndg4u>?VbSBhYx+B
z@`^t_+OjLJh%u5nuI5hv$k3nm^>W;!lx+Fd@>4Kb|NGwc@Pco+t$JVF$QxRRw1@Vl
zL@%q9JHP%MEYLn_pdNbhfF;v?W{GyrdPrB`_Xrbk#Wbehl@YlQf2MRIH>31c8Px**
zhP|n(uHDWw{Wj4rD0;t+FcIidiDy$VcX|7#C$E|luS7tx<2OU7$_NAvNjcfsq@&J6
zNjL0oF}Sa~+&qi>D>VYE=14}*NtI{gwFUj@FYgSxza)+D^(xbwkG?rT_1^A3Nv_-0
z)<pW^{V-j}R;)j~qHuCIk6YJj+eqB`rkj7g<6bWJ;>MX~Z{F_z>1BUQAgizEW4;P^
z<=JQE<F%mLDix9@)58hQz1Ud45nFyVlxE#y3)s2h#@F>rp*!`>$JL!6T;%~$F)V&E
zuxL0wg;9V@Epp=^D0`=Ts0IJ^IkSi<Xb11bENdZ<rEIvP^Nep^fAf}S{<^Wq;M*(T
zRWHw9*LYqwck^~i_4=d!b>HnYHjM<D-@y$ZeD+w}RX@|X=ge!_YuK!2-Dw;4TyE>f
zS1Kq<t0d|Qc1Wv5#nBwhNLNY7gwko9M(=HB_Y(C_Yeh)&X{Uu{^%Zr}>B=2QduKDV
zeOODsX!caokZM1^dbp+Mc7#~uBW#3i_c!_uTg5{7`Y}@RsQ8vBLxrc=%#{Ku`N5g#
zo{Tt}g2Y<rt?{hK>}$s>XoJaKUpiN*tFM57gDVH=t&SI!C^E~)g&EE;3ZiSOr_J@I
zP2UkNdl>I5EG?m4R1X@~@IyCg4eQ#*$6~UNtg8uh(&wCt--!>l|MH<#3M|HB?(un#
zk@p8Q{-!Z<kTx&#Y|?X#kdmRv*H?S=7yL_v^m(NqS<dVi(Q{PL%ftt(xDi@<*5;*E
zG+0?oAU$U}(7JAza7%yea_{YQ#k*QEnca5^Ub`JJ{AqD>&~WuC(C2xo<-q)-6y@@|
z)Qx(xUG8(sWX9GHt=O77BrgQ7oiZ=!T5)7zgX5JWPwM<?LmDS--`AxDx$0<Y*E=`G
zxcK=wR{9$}MqlCvoTTL6^p!Zzeh*vQqMv?etMWasE69{jE%d3(d4bpu;{;|dc@Jt=
zmXz(rH8RsGxVgL8k*iu@W5du5mFc;q3d@2Ap`XRpXOHu;+`}-;55no7v|c%4Z3^BM
z=qs{fl@^mnp%!~q#q`1X?`NK~c1=DkYqKa{7gV<v-;SENY8vk3f~lZK@xv2YGu)i4
zFm)95+D_MSrGy}-^WS>5JOnq+wMP_AZy8WZ@cYp=SKwbT{p9XK@D{={*IFwF9z<ac
z9&mO_0S|~eJ;8)=ax>!JBJF*_sFxV$c-kd@Jp3IK#W*c@O&4~DruP@z8O^-j$_)2r
zR+l>`1d*3j5%Qoq7;=JLL_%XsG_C6E^+Aj!BZ?hvPQKSba3g199FTExiB8mfz1~6S
z=E3VZ&4Jv@2yF}~R=8=jF_rjPZS^FTco)G9w5JIFLRoeNZbN9J1FBVx4{qmxw@`~i
z@miQEG5AY!YbSCzk-!eJM&F)1iymb_@xX6kB)Ra==nBd*4)_Mxxh;izsrOd`+fq0d
zE}a4?`^n<uKvA~I(wVnqWP47a<R9HPAW-t)Ax=mPk0@LdV~Me$0E!(oOeS)<0#JtW
z;3YwUKPByw38J73Fe<&flouc5gaEl05!@&;$Om9f@|b?L;&rp=exO9cDfIv~CQJZt
z=fn%jU`Bmpu|EWrjS$!=0$K6apm9C`P6`2!DhB*#k=8j@?uQeJJ8CBQRzq6rEeZH!
zv7elv*Z__|5)?ztl(e41;OErhWO!|-NAv@-1WIxRW}wmu;0-dkCABy&{$6z0O()jq
zL~?fxcpafzK(SS2lpsp3K!ZP|EMtaO0Ec8Sp&nn)@N{|`eI$r~1`6CW28MDKBu;~$
zE$MA|=IcZkJw-o&07Os*!HaCly#$pAeBJLQWb)umoP5ZwffOb0N?}>K=hT+M()$bV
zZ+0XY=rS!Rf_m?Y^^9V`pA$$Fdk8o=fl@%h{R4!e1jI%@V1a2lqm(gl5(oH34ajv}
ze~n3`SP6D2qaWA;fZXGT8xu+e6|RN0V*1He0-ZSN2h;(^$NBM6PH)A;`v}XRdJeqz
zza5VVneVzX=}<*iZ#;0i>SPk#0)rp>0fRWDMTx;Tn*Gb#Qq<)TeYE4ND$cx68gVY}
z`6cWTH@>ltb}4EW-w0wrLEvZ6zh&Wp(X`|%s!rFPic51mDA*_l=m{tYUWd>P+JnIT
z38I3^e;ACZ#W}du;q;US<l+K&Q*Qu}49Tx<JopDr-^l83Iz7}|bfI*=^v^G*C=5oD
zas>`Iq!g#ZyEt`#3@FMrn&o^hGcu@Sj#ntxa@hzB<h|>ZK5zmlPdg&8lhB~)JfZwQ
zKA9i~sD(TIGfC0<TycjS+>)R{H82j!&|=^cf$syfiXUM8%N7|>!T<>h)=nD$xAh+w
z%dR_(nR91&JjV1>uH1LZq8+gKM=v>0V!*Z4M+%nn+<3IpIi-6xVS=WN4A1UFhmk}S
zt()mbxH^4~ZlOc95KcAOfom*9JL{MGK1pUBd-VxeTFkQ-bx4B58S#z!*x&TYT5xjx
zR)qb8GPO7*-olA`M_O@kmlA#%&K8{r5^wz^A>_({l7h=pDCn2hf!JtJTu!VQ<ID1Y
ztShJi@Nm&K5^yS(W^Rn6?^8(*{A=N*mxhgi(pHq6l)wXq|43#5Dy4gpY~1jF9@)DJ
z=Y{V@OH!1*HJX$z?vPYk%XOJh?g8q<c!HA6<(wZ=EZHU>mwi_u{=e=Z=KzM25AbUs
z{cWG~ADE*A4T^z!&>k&Zj<6bux56Y|Q7U_*N0C7}!0$B2h94!Ag7z-Ke-qr;`R-jF
z2cl_D6MluNOcg#wK$D@E;4Q2f|K|=#G(T{Dk!VS3gABYpg*EMfv{NM|Al&c9ok3*1
z>!NG98LbH83FS*qk5~S^DEGa#nDdB}I|>LES~Bs~(jxJ0LODT?OyRHSL<2~i4qryl
zqhJdhQ?ah27H7gwVxG&u`yMa2P?oLgpehKZCW^nQ#VPQ^7#k_LDL}NlDv*P2g;(e7
zKFI;%dqCx$OGu^wvhX(GV989cCydF|C|WodWf>#<F5xd(84xa?o6W=W<=1kpfoh66
zRH;z@Dl)y+*a|At%)d=M_WVwO{C?A*qA*9iK(d_s!~rx(RESR#y2<uHa5hSJ5RfZU
zAfUi*>t0QbegHF98g~pKhz#I&GP<8kd@oau>)!vlV+czGM!@{f9fj#zfDVyPOca57
zP90Qb-1xODfCb46ya`3uwUQ210I93+49t$28K435zb)Q*6^*Z+9#i9G2tge9Ap#{C
zFa_ukutv#VPQ}q-bof_P27Jj$Ecjdh@kT>+_><#af~fGh^oTp%z#-s{C1%uR`0rOg
zPXNiX?Ks9ZqMXXeGN=aPIDt#|tG-#^*8@DTi#cM$+k?g#@gS#2N+9<Z$9p-ddGPX1
z)gWsbI2R2t2q3J!^Gqn;V@Mw60ZNNKUSU|vRUn*#Q8NnIx_=iU@GPzHxj7*rP`YUt
z<~dz5-GHJaK%HKp+_88sp<DR;?noIJCF`^pZNm&$*!W&hdsewG14<1JC9mIR_``6w
z2=E3lS)iQWii*z=mdW<`;Cz(si~xK=Gyt_R3a!-%zzF|4dngESGjhLC1?+$MCGW#;
z<-Vlp<+jY$d%-`tbj|jdgpoPJHuk^9S8XP)-g{~h#iFJvD;C{Xn=jcuEZjoXA3Nld
zh1`Wet{W$$V?A_2Z$i%LKHjB4GDBQ+5;CxQx{>LrT85vR(3Hr_;KZ8)xiB{iC3ZP0
z-K>#XD-Ui8q!PF)$N4j*&@Hb|*;r7=XHzan+gU>D%>)@KgK}}*FK!+$jU2?%9k~<k
zuk(vBYX{T>O57Uap_~t-F4|NT^^IccuTM-}iAqVQfn7Cv{P>f_K7Ts1e)&%UQ5<qN
z*i23+1|mXRmkzm<ZqC(DBN8T@eo5%+jmKqQMi|o2bw+<;m!BKWLHp~qKV@P0jX!bp
zHzh99Kuea7j2xmzkUV#!bQRN1V~oxRU7IaZPYY?_KQM%$^<&-Q0~KEgdMI{;qyd(V
zT?iMfG1vA87rfgSw#0ZyW(;P<p2v*PV<8Yu%!?RE@LZ^?_#IZ4p%M!5yuRdzBHWYo
zU^!SfCN<Pyay`LCm(_~O83TJjDI|c6*ZxE%wAZ$y<d7xmM$dIWE=d)(9Q`6Xl^%H>
zR$?WYibWO?6GpaGz&)@H?-*J}?AyKFA8f`>yx@0NA#FO_WAGGx=c1z8k>p5^Djv!x
zoz=_W6R5r!dFTBR2qiMXJ<se0Yw^{;UE{pR#6U=~4mSwN0ItjNS6UJkvV^$Pb%sLH
zwLKUB%6{imPjWuPin`HpeZeLHm4S#(t^@aB%N}nNMv{e*T@Q|5iMx-Fk(WcYB_R70
z;GP`I>HAi?&qpj|uD&KOV#W3p2TADswh%UrXN_I31tGt%LgpxoylGjc6D!HF(X6_<
zsiIhLCrk%StwU8*3*2`=icOPu{*e{~*N3n}7PW8FA%(%lV!f}fRHUcMfa$4-!{^Oe
z+ITQh9Bd=j+wzY&o$oL(GzNf33$m*tA(6HfZG^0Y<*{NdVIHunG(`;9&#X(IUAP!x
zCaEB6_K+G!o$Z$B5MIBigZ5}%VvL;lnV66^<Pm*me<W~j4=FE7$OL_F%m2#yW;BGN
zGYNs;(@uErbp3l`da5XRi?;JVtTbkX5gP=Nm-(cuCMskKxk=aA1#^q_qqt$f1a5f?
z-4!d+h8)m#zJb}90{j+nQ*OrWRK7&9UZyHCfiy-FOm^trDXp|wWzxMg&?04hwko;~
ztS&})K~8lniiF6pFRZ%s6GY2n;MXCKF%T*w1;AK>q+)f_ZR3P1JyOc;?Dcjc5LTV-
zE^jSb>~&+KY%D{ObKQtvxoou<WQ@;ch(gHrKsQBnnXXew2LKZRcGZ?3E2^CcwYQR@
z&4JlLu!*otjGx^EGpsg=`r~@>Yp6`j2uT=huf5%#p!%6Fa87@Mnd@mJI28-iS(OFf
zI$pQ~BAP<3LyBd1Z{2JV?Y8S~!TYiNauER6!BCV!OxW%u19Nd>WaUUL8E@M?79r^~
z;b%@f;K9ry8~LlYqK;RVtBeX_mv8Ypy`>OxWTg`=vJll01~ckNP&;dadBJzNo)YaO
zX*bd(_+=6gUA>zVWLTWV!H8@N6+3ybw`_l>4y2W?(**+34rRc?AV?V=>!i!HmNDB6
zu<mFGV+_|ne>up{g+2jtNCz(o&et{qIY&jH9>Pi;<*AX60a16#>ok+VGQyA!N+CXM
zo@wixK08x-Y836gz)3NNm+xTg(WxM$5V$8hxxT^}`5#q_##qoIMZp{Lbn#yR!tAo*
zy6#%4*l`xVj~O|T_X&ZKVj+H0p}CihSdo;@sj$$P7cqWig5v6sV%aa9I;<|TCD1ZE
z1Felm+*~Z+`Pfu2a_nx&sqr&xP?2-dNGcPO8a%G^iBf3&t-s7$F(E^b@35=M)IwZX
z?tjv5et^DtQ-Zc9#?J&INU1|XWPyCvE^m9#ruwn^QzwxQyk8ydSE*e6@`@jZFK&y2
zo#|HcZl5D7s5+sO_=FV60oH+OFeAa>H4axjePd(;OydgJS|@@0BNTfZvRKV6YsM-j
zWDJ>O!y0NEQR(ziK4(Jqa@eRCA+unw*|C+{fQ}iu--y#-?WUNI(k)=%6H1^sB&351
z5Vx6^L<ZJGr<@fV2CJ19*265^c-&buAVCrF#f@koP8Tl^5mpr%eE*6|MpDqroSsam
ze4trLS5$`sTNE?GjkOK-GsZv|k*MeXcY92bc`y_gwv$Zw0ksedRup0-CS=bl|G8V8
z=`MGMV@xW;zXX7}WdmYh4TyW}jqFN-F;EFXu^<TDm*lGVw^^_1G{eC5Iv!L=9`G|*
zZB^^s9RQKLM86xrqUQwHp5Vu}U$}KcxS{<?C$VyrnLHgL3O=hrc0Gc)JI64P>re@;
zRr*gRWnsB>@G!7%ES!xOnA<3Xb}DyVl#Tx<w;4drl;Gbmx9HTc8<7}Y*0(iJj&=UV
za)B>Kn)0m!v_DY^IeJO_H@IuxUt)P8-CU|YqAl^>%P#j>I^lCs(M{E>QlKJPaif|5
zVNzyEq=fQkLgUZ3krG_{x~f+-=sVp!z+^&TY-)h3UPU@Y3~Wx1w1qtShZT_BKYPnl
z{wwoek03>zY<DTa6|mCmFUo?VLe`Kh+D>NJ12Q3c>;p)Eo7S=kvIDlkiv101qd<~_
z<6!Kjj5(s2w8$11C1zVKLKpFpmGU9uewU(d?69JZmK__g3aNb0M!XA|b`Xit0+UZB
z7cit_Av)ZmV0G>9r7x1ngy^uV_YEwe{|#===mjz$2J|55)jX5>m7=ANU3j}tMpt>0
zW-=iPEDG|rnkS_Ff$=96EMv?F1GY)d@MlaaGZM4Wk2IFxl(|OB)z`{GG?30@0kX*=
zY)~b4qxChkI!RfuI<}Spd);HZ<r?MudO5V3kN5O{vKuJ{_C@MKz(TO{$)9}8=@4n~
zFdfnyB1k1f{U34j$^5Uj*X`vh<-WX(0qoWrytFoyiIvj1EeYn+-X;f<fFBYd_Aitu
zoeN>2nC(WI&tS+Coe?*!Ok?Cr*mc@Y2*jbAq00yIah-ZCp0Bt3pj~J^p07BvnH-4c
zpvTALSTabA4>vFJe}r9IL(g&$3uO0Iu$=NTm%f<LHAopfVD$ND!2Yb@3gzTmG{4hR
zg}_Nv&ir71m|ILL74m?wgzj@1)=uZUI9Nc3n+ynUDj54*>U>@*r5Qv9+({KBd|O+B
zqKK99rgJh)4V{hF^@QUhB>I9Mn=LnfeDg(Qx%QcbGg?Sin>B{A=mV^cyz@kDFay8`
zrgwu|lSi6XE(Wdx;6s!gu&n#nj@)*h4a*P}x&h$?Bc&lji_<6?fUN<#qw`px8R@*E
z^Jxo(jjFQL`qz#`#>sWD8zGBe{47{zplbpA4>TimuGepwfZj{aMK#lQ8bM^T*gmd{
zuf^w<Lw$Jf)o+^FXn~QpbUbJ~rR;u?1A>DDj5o^w4J0e}6;)9)8w=CC7~|-_3=g-C
z^b?{@jDcH2Iw**?Ku=;sC3IFMSE=w{O;^EC6#t`XA6^AiwdgW^r;N@jV+`Xz|LaI(
zQJS%SrYy39T!sqA(EPK%$prH=1M}nSpO1@J4+pcJHT(KdJ8ua9TY>%sT%PF|l8Q|=
zvDCVb?6QMo0l^JW7WA^3nPop#w41Jzy~tStJnS3^xSs`EYO?g%1PE=N+Y(nv(QrXt
zd2JxHtH!u9rqWYIz<iWMC&TMKu;qWE)_J*Os27)RA@yiC({G0gY^DQvpQ7mP7%4~Q
zz1VuZ?c!OyEeu6Q<aH1r%_7hI==Zy%mvXbt(;+Z$I~5Sk_Wyta#XS0g-z*UoI?e*X
zEP~2}5bT*nF8@c{K0FHE#iF9Lo#8Rt^k9(}LLC3P5+9y=yE0KX+D;Q4JT1}`@>b^)
zxzJ(OYpCddx)NX-cvY2P0Y=J!r=?5iF8?>Wr(v(jFgJ=K%aLamcLy>$ZoG{wXWiF*
zM(PL-7k>R-k1`6Fb-|VLe^i9hU(j`qT+SPeg9XJsmiX71RLI+P|4(r97V9(vx=sWv
zlzQhb+EEI~Zc67mSOc{)J@`4y4U=jwcG0HC8bIZo3(ND2KO)DXA#~ajujQ+gT#QF3
zi7~L(l+K*syRhpq1Rp-inwhte&C+Y}Gk{RH8NeM)mRhq0XMQsz>l&cpZk6sJ`SJZK
zW(G&-fd9p|iC4mZLpx;JC6Y{t6RQGYefe0_*oXs56;sQIz4A=Y=s)V7>9xxjqn#>-
zetQyWMCB|E1{&^|)F|7?NFmy|7(YEo0U1&HUjP7sEv@w-mGYtC1apXXC>hoX()Q;?
zWOM8>F~$Fvcevp<=9rNikdy`?q`*IjKtjtY{@#`Ujcajm)V$sq*}uFFaXW+2CWdr#
zLH{h+p{Sjyz{Wr)nHt#_I+!a&`#h!=1!;{1S`SX}6l{4`uKKl|@h2{<eT;V0tJD=u
zmj92w1GGaau_lo3_CQrn3;woTS&x4YDC+%c{}gPtQv1x03+T+rL!PQ%``=!h!kGqq
z8EgsDn}0T+nTfqET<)1=@J4fLC{q%h!NmkN)ALAYFnd<?JEVt?Ib@VP{?uYZB#inW
zYsSb%(Pfnk*~6uN<%H!H@SvdwhCw>Bs7LrnG7U|aUf7IzLXMS(T;BQ|!e4o}$3pt@
zV=n-V+te}Uiooi1hOfI-Oz98{={f&$gRNT{370wl^>5l1RZq286M@^vBBD(ZF$B`7
zoj?wd*6daC#4HmlT13<Yej#hIsdPv+Fwa*5j$BDvo0wWFpbIsrE^#3fqQTC3EnRW`
zZ%<Mr1h&<d_}6fo9k@Lgy-tUG2IKdL3t7`~QoBqoz!B>MK?mE&trokC^!$1Y(_s2H
zt-&aN_nrz0(^kS5IDmdjtx&&*>|bcNTB`nUH*yV@nXl8MjU^g;IfPzbd$t`!`S>0j
zmrqQ39*nAfXByfF{FUW!6?|bfQ2Q1Ke0;H;Nw+@x^Ka?XmvwQi4%5^7M>=UK@n4rW
z&nGqn<_6@dZU+yHyk4i7uT*Z9?=TyCeVKFKEO)=EQ+VUu*UVY$r!jkZhp!>`rN8m?
zflO{yrLf$s?65VP;+mJ(Hh=Su;epk0+PALn$%Xg5**bxb#|}O}ihDLN5-fm|pQ=qM
zK#sk8d5QkV#QpTpw_kR&dmBUHy$wAobImV9P5N&~E+0KtxbJDK(wS#Sy(hBXRmJWt
zpJL}DloCWVT$vwy=aHroFc8+w`{{PT_U_|?<esKm0w1Fk|GHIn9XJI(f(^WMFF;+n
z6aNZx{m=!aevs6OjM{neeH4>iaj@x?^Jc~~?)AHiIKjyDkvqXx^T$&K#g}yBpEM|a
zhz@wGtVOT%l2$XcOh@E=c*&tsB(ZSGC_GM$P<%^bAje8JwT=++!4gV(eW^NU<?v84
z&gPd==|I*OX-(BC1)Z3{h}qgm@tbUH_xsd#+_Jw#za}r0qZ|yNd2W)*B>w6BH6wHF
zMe?I2Ii2I?*dQUJXxg!PS{^c^`K$tz?GbxPWX@cyoU}A2U(F76%EFgH&F2T-uDB$i
z7`oZA_&?^p2^u>X3F&S0tePyYy7bpg3ivc{fy47d#j{=OC6D7linfYF=D`*R(<jd^
zmfB~s1zCg2O`I_tcSi1`9zs}?^<(;(VITd{Uc6EL2ohbzQFf)i5MdRCeSBr)w|XP(
zg*@T;0@LFkKg5mv{GWDCT>Vh&QegN_mhtjL@O>{GX6x3QnL}em<S$S1`<TJ|@5)Zu
zw3n)kDa;LS9eEe%*1S=B;9#a<gLO^NxT0*Vca6;T5jnIEecv@&vad#Kk6-B+@xrxM
z!Qvg4<#;>$r~SP*6y)fKkl~~pGt9^Qg|$@NrKE=J`-9(J%-q38B)=%jy0w;pTc5iI
zo&VSuxF3h3c#KP>nLQ?b>gf}%$6dMK-)DZa330QPL>k?2)uf`v?TJIjUvKZ|HF7)t
zFjM89nAi=}+#UU~EysoEsJMiFt%!DO(SnZKp;5{ws|?VahX^Zsw8{WNrbY-_s6+@J
zgCJJUD4|uY&jTL3D$AM)?(a)t%tQ2c8hY9jyPQeez8l}-*A`vzQ+=VIovX%2-r%_G
z&}|+EqqK;J<4$!y!@BxbzHa-sS4sA5KG>DxMs$>K{T-!22tGUx9o=TRAG}_YpM*<s
zhZb5g&74yEMEnieVR>*Mmja5t-_^IoxKOfaNCGRJgmNSJ9hR50HD57bK@aS*B4U0v
zd#!#mydhhUd*6;yJvh}v?5@4vAMNfjRH(<9OTtNVynh>y_K790ws$PKtW$24SKN&f
z*c~No7wro}XV$^cK?W%KpNNf+9siMy5+?NDfUPAL;B;5oQHX~%;!xiar#kxz8fZpT
zG*0BajDOz3+VlzuT($nUjsvl#9%1+U=ij0h=q;^g5~+W~751}M^Uqu#R0gp-i16y_
z^Wv3iR9i%&Tj&svawGW9($J{aW{A0ifaBW?P!TVB=+RjG$zIyxqR7{cC9}`Ye7A?+
z;AHL5Xzzm^ZYt`+l535>gNaKECL~g2y`&)<>GoYA=!XgaV>~(3RI0OY@-Z{?@Rw^|
z5{_#C5qXS3^H;8a>&ulvxaUN)>0my-AucHpONzFOg5`g58<<H?YV`N@OkabhZTnAK
zlklD-iywu!4jII8ZbY7=J|alA2~li^PKKY{2E<q5S^K>)^kZM@RuB5_K^n?Tnqr}(
zgt#O`T3z`o*SVdxy!kC2mxL2{hk7rRm<co?TAN9$J_r6jVn?KC>ZCX2O6Y;17#v+a
z?&-ut`s-BOFX?O0ubTaR4En%+q)(m;-wch->v2gd>HZ8qYujyR-r(-YAf()(Z-}m!
zg5SQW*{+MELMO|gG#_Xlk*YY4ZZH4-D+l@I>MBiKQtUFci2$zInuily+1nBNSsQWJ
zf8Dh<2`A(ZEs=yb=cr97&4HlVA7XK*@hH{Sj{troTmR$jIOd+;t_j4h`F7@>9z*YX
zT$|LczqSARk`5QtdjNrWL0CX+?^J=H`B<EcJCv=W;-@O}F42?J{KQ{zK$qm<N=m5s
z^{r1X+y91};H_i2-O;Ib9G~VO;&ONndZU!EP%+Wpxc6?sb+&2S^2>%Rt>U|pCQ*LU
z8vW6CDkv17<n60*Lj(IJ#J3jGC%KbVdZ_ugfOXfVBwV{Y^y_>YZmT@Q`zCQ|{O7ji
z>}aN|mg2k2G1tuYCCxlU2L@Nt3WA0+La7{lBG3zqOCt3+&&;mIo^~9E4B}=^#9s`K
z4JaTa4)<f8(C6z8-6t+NlSmlVh&D#3Kpx^IFQRSsB(%S$kG&qpF`tgx6ZDA?Z6O&c
zo#0I{9|sp)<7m(moCwaG2!^t<ESu1reIB29baD*tR%IN{t;^5|;2LR%W>7kjxRbKp
z)sDMoht}{t*b$(j)+#E2a-%gG84wO~CwP4`>A$x<;}2sW;|jKS_UwsEVO@qU-c5)*
z&7@GkaH?pH{@LTz&BZSF1OG+7UAY?GnoDsw<&MWVcs;JLqT(e2o&5UYaXAIFX$uTh
z>N0HXd4t;(bcZSrY>{gmF*+1lH_iPj=}5voc83CmD<syNjdSeQsj(qW2M{LNX*iaU
zPkkpL`G_assko2Vpp1;roL9Ecs20+9?*q9go;AHg#L!>(iOPJ}@)9i_Lp995aTtpW
zbWCh5jg>T{A>9thMQ=1O{oMf`NbsSD{t8!#Xb9eNZArp$xI=9_#0B(2W{<xwFN#cV
zxC&BHA7XJee+Y*6iLSV*zQBnI<UFTe=zPoO-#Q55;1(^k<uT3!7($30TJ(9u>_B&L
z<m4NiIpBDogSzLS*h}-h!7}LNb5_J#K!^bNKHED9#3c@r$IrhzEku#_EL&)aJzB%{
zV3Z#5=*Po#*PJBWZ+9q%V;WA@IB(O01C6d_N37r@P66x{e9~~Ys`3z>3$BaOMAufL
z$b8ouoP*52FlzhDQ9XXS32~hZ+BJZ9)Y<pZc9n+c`ipCO=k-)P2+DV*zi-#}8Z>gd
zuF{Ic?M`y~6A{`%DhFu(n%z7E<i<l8gj!Ans*JGkczb8cn^f)qf|?E>s4c9MK+wL+
z`3Mc-(zF?|q=_h!(6aCU^8J)y%aP_6T~p(}nm@zw*-5x#cc`P4({`#!TO`Y`65KY6
z?}1!w&Yj0UM4`;w2$T02IPz;yX$Giq2zv;Esg<Pi;K145E16yyF#^2NM!^83`2d5~
z`z{_gQ$ek{y88U;aW{bZ&7bNhq3!qII%Y)r6)dwm=~K(*w?1($Xp1`(XU#N&xAlqO
z58CnnzEL8CeqBR2+3)NNDeN-5RF4}s{nR(gx9sW@=YJ86`{1Lp1^w}KGWLc~gjC2*
zUFXKq4>9g}<sb7}cIaim9YutNFUlj#%ETo-YV_*nU||#ikPPYU@wlNl`l|o&cW=^m
z$W|9|afzZH=g3v!Q{%V(U+L6yE$uOrLYqK{99n3cJ5+>oX%Dx)ymTD=3U{=<GaF2F
z%_oYi0DO<zqebx%c1Qe&b?ZJ6Dt2hJ(?Q*NAo^Sf)5tMNTuK~XaD6%zzXWXYe~J!L
zMx)|zzSXo)M{b1t<sZkPy*+(<?$CVV(h6e}qU=4%2!7I>hZ)wYcJ6pj4&6h<;i%l9
zGYZ>BhN?%QJ2^YY6bO?q`88S$P%7mg$6)^*x$hgU8b52FhHNeIa6yN2BZ6XZKYoT@
zn3BGq(xOpUPnyqo5CB}VpYsvDAN#tlL9H2}4u2vhLUu++HkRs#w~yja{5cjEU2CWM
znt@j|XbqX(8$H6L(1{Honf&a;pfuHL5kb*7n_F?XR}4@g4xfmtK|7<LHe82ajrb3~
z!41hET5}@M$C8MP<|o7T)gKMbi6s?NeOC$>_i*z6X7o`3L}NBBROd0Sn-Adk50EGW
zr&IO<B>c@k-wbuRpic)752Ip+wLbenrQ>n^(5}9p4_Ah@5FdX*w^?qk{2itIH={Sm
zp|7_drmZi!zMtwNnEOEkx0Vc)vkz-ppKAeQ{Cdlx&^`_)%hhREFx5AzPdbgwdGsNo
z=XXgZA5fYwdO`_J*?d^n+0$oIk5lF%qV0m$m+(nApf~H|B<|t9s6YX);TA;3H%e&H
zuZzp(KG;1xR-uKO%FsizTX_lt9YWTZD7c`|=MkrW<yLa#n-GofN#8vWc6$3rrxb`M
z)dWLb;*xYd&UvEYw`U%X`ZVizZC-o##ZKgg_?h2uZahchREAtxgggozyIAG3$j6?w
zYpMb7ONy-SZ?t0|`i`ZoT?(vRj4Qo-nBLh?)G+rqtn_S|`epu;hVaW0-nJs%_wP;b
z7);y9cupqrym)UEK9_fJxAf_P=V6qdr!4XHJA>(5E=g~Ov2&YM)O(k5qnTc#_220a
z-x<CCqg(3jS`hkK^2T;Y65V)#;WV?vbnc&DOs1@34(&RgulPJE@;sAT)y5+OM)Mxt
z;Tc1SkEO`H%8zSc3!AS0o%xVqj2h-`UmC&eY0KjomE>3Oub%7%^2OPei0B4r&iEtY
z%^s^bPwO<L?Be#Q_XeI^Syt2HM(>wW6*gi2DV*cwO2aU?$x_(6K-HV~CEc|JPv1x*
z&qAGP9itgK&uqt64K+NT7gqVdz8Uc?q#tA&g{usjvCJ}fR>?}BOp(*i*f-B^slK$2
z#Eea+Ha<^#SgPP{$#rjfUIstj*qYqHrZ?TOG6`|CtXw$K0E*4WG>D`%(v1CSGw^KU
z4=U3<Z{C~b^`vPjeah}*I&V1bxzccMwB9u?a~eH%ZZ<mCS7SB3FZOS+y}X{6)W;FN
zrDs*$c@JOv@yU)=!(Z9!R>Ww@TH?Rad9tNGlpkZ#yYnV*Oi6ysfk$|(5k8g@WNa%v
zHWv)@PE+-cD)k;7moYDC$d#NvG2wYRI4QAdYxJJzcyC(o-n8lYP(z<$;Ispm{@Il=
zCFKw1t@&0|HDl~$``Xi&(v(;{3z5^0jMPVs)`_SSOxnY@rqi=lrSG0JnCFZe2ycpL
zY#tv<dW-3Yhr>40_A(##-!PdW7`=ztm2TcGZ4a2s`zAB%E~Pzvw9;^4Rk>jHi=&KD
z?~eMIOf%B+lCXD3seK6Hd1Io2x6VDFpzH=|{pp9on>vBh{zmH9SA!uI(-G{OKPWwA
z3xE-Pme^Dg+2nE--drDQ_-H#kI`~fOtbbg|`>DWDR?eQiL5gzf(yK3-A{?p?+9_EE
zDX@Df@yYzIX|4&M<m{Fc6n@=~=6_XQaR^^tP2lHTR%xDpzC>_JTk^Yf?=Y@FA;d9*
zezn88Vo?#JdV|k|<ALTY_+SUw9`l&s3-zX-ef60K<5w~d>_s+j-<y7JFl~Qt&@)O>
zXZn`jwED^w`6Mf<dwDnT-?%+B(;iBV9q3FC8Lj)4YAPF*dfzP-Af_KQ`-Mj!#?F1N
z@g+2DhE9t;9MEFlj7ae*%96e(;XQQM<b6n?!sb;#OVEHa&4;~tS&oGoo9e=wGb;^z
z5;wL#E6|Or347l!&41i*dCUN|i4yU?TW+NO%}BjpY*Ucf*l2W8uDa<|8i9XxCiiTt
z!+3P=SrGlZ4NWsooLzB)KypK1o@bT1TKs0nE6XMaLhV_Q;I8Bf`XsG{BR~q7GMVbC
z6u`b2ys{m*a{K-=H<tg0Udo(spU$55Bi?}IJ`LVz{@}C{%>bz>Q%A;gO+C@jDI>pK
zcCm#+@&YGcI##srwGsFY=jlrJo!~V;kpti<QO-pKOP!<0x10d_{SS@d9i1jJW4@kD
z1>LuQR{{TC$oZp{rE^4gcCG5n$f-IDUt9~0P)YLT7Yyw`(#@6}91m)rP#%la&sBDG
zUJ(hIpWHV(3G-e<NA`v@sJ<LAcP^U^b)0-!xOrXRW66`|AWejo8Iz291>D^}lP@Re
zhseZzL!>(J*sH9Wv-80h=Yz{%BX8eFBy=#&-K5;Vu_uMle?mH;ypOzRR`{xRtZ}-c
zg`^az@YR_o^;JS)ZvL|}_~y1<9Mwu?|3|}X5(6dr)oa^xCemw_6py)XTL)<HSpVAi
zv^IeM{mVx;Y6tvd;vTE3SI+!GA;(SD%0TGwh@k1hFe$JAY2Rl)k(KPx7aqjQq^ty8
zDXCayQ9C^r?L{_C{8U#PNpYKY{;AG8o?`A1&pc1mQNKBoVt_WZvF%t=o*u<-NfZl2
zji!jB`+TN}a*1{6%vCM3OF<jtkq@K=-Xqm>b_E=pdL)haa+_~Di^*C<_qj#3@n|99
zL4pglern$`YYtw0b<bGsGdFD=zsW}DH54l>xhgb08neYclGU2J!~QiSY`r6>R!r-A
z&YeR;S*T-4ZF)&aa6a|JrAL2RpPfToPI%*NtbP7`3*KDOU@rR+%6#elv$fjfldiD0
zG!Z)1W=_?OiO}Kt(>pO3tAOz%zRvhHlhx}n1;0k_^5=NQd{capouyJ#7k$kinXOvn
zh<_msew3gaAGiu<`<pFr&Eqk-H>kWYI?I3<J|gbopmgcaV)u-sAnLuMA?qdXZXs&_
zb$;PLlk7XOEk&z8Lh3ng?hXk=f`nHo8y3a08duD&N4hw^aCIfEdEALe$<h3j+paSx
z9^>}qCZ7ANW;wCs`&OSqL$PL!WjQoIiZ1`L_zf+|p&iG_TxE1NZ)4fcd`|UWy2yFs
z`hCsM7oNO9*PW-8KPEprm{@Bw{Gc@yE+K|y#zh)BXwsZYsKw8#9BMsLO;eVd8RQ#6
z9@}IVOb<7|S)XoIeKK0B&XOUzV_+(CD#H5x@m8pSq=C*th@sKK6A`*`FP(*DRjY+6
z?1_cLAhSrTD%bZJ(OOkSR4hTHisRl%#EsT!O(#~B7+&D9<TPoXao!KFYDdiGQ$IJN
zw;Y+R3JQl(O`zoux^EyZBq|2X(l2YlRwe_U80-FBKTSD3C#!f1RXnA;3>A7d(V>1z
zRnfQ-_2TgtG5=utxu@$!PU;;cSFEmL2_eiGgwig$aU~`g#v28iWchPX^{4#<{ZXn{
z9A(cAvO%upL|*VI$*^Z?&fj$MUDVt&(1#a~*TqJ2>1W3Zs-Ly>CqMh120WADm9rTj
zMB8Rn4u2y?ITU$|PQ##CYnfexVYI!OP$Z7os~|oEOI_&rH-50FSicjJLD-ytJF+_N
z|Ev-)T5y)JxNj_Zj?f47As19+w%?qKZj&BJT1YN5>+T|ISx2FHR``PmElEGcpJ!a4
zLSf7VB8EO_APXdG(It{jx)s<lokp1zfWe9AD}zr@Ahf5yQac+uBSp6@GYHk9wR&^e
zYr@B4#&Mnw;+PAoxjhKJ-2}LuYpqzHjteOz80fW0B-$G<=!$O3aFOikP3jgzY5B=8
zxByIqkYB&L)q*wly=H&2T(7WNIz3v_h^|c+<g4@I8Ku>Unw=BY*a^Z?B{n*jT=P&E
z^DUeEN*zq!SdP{%ES0iatsK5N4r9H&-^h+PQt=IA8`^uhdZUMK{Ncefkh(?Jafb22
z#Iq;$XUlZ<lW*s;Kz-J_P~(Z5-LFHUwE|ouVXJb;cM!-n0Hb`IPPm5xeGs<evtbWH
z25HJ{3uO?BCPtV+7e@~MjTcLgtM3P+K))=z4$?^~w0|#Qm;*60xz<lO^hM$Oj;tOR
zx16Vqzyr_4sQ!rBy^um#LCylwIvZLdN(qw{&a&W*YoLk<Lm9taDama^FH(YN<RO{k
zCKA-uLO3w8<OBH%!Z6Qh*vrml<0+MtY1{OgKkoKMl=0~QDzv~qoEE2Yx9G9}2f0ZO
z9rRBI+n>0Wv4=+UGNtL!({7l6`us3~sV-x*tSUSp$3+mI?gF2}O9IV7z^sIgJcB{d
zJsH1L;|0#o>L8HpYm2;1bNlh&Hzmdk-d^0&iLy%0s4B(rqsh9eTiczh6HNB9s(s;(
z;a|esSOj*?btg@ychcHtROB;KD0f7L_e4H$8@jB1(u;Jnq^g;IZ)w;zpe|e|X%lv?
z65M_Nq(Y?Z&n^7TNdtkMY1_9V2N@gLZsZft(Kom&sP)5yjfANQKUTHH<q&`vVu1bR
zopv#G7YfBZ;lyFZm8u`c3sN%MBNUk~OLDBC51_Of9p=t=Hbg|XxAY`ypZNLqcdiHO
zeF#K3-|6kLT4<WsHUl#V0jf=)&wDOGRZ#la*L3l*0s7q~TGSHg1g38a=BLJ_**VR1
ziPq*CJE`-UFxiCOP%2t=ZR2d4vZXuC-JKTNuJQ%KVYqs&^&!bjawI7MYUD!C`aOv<
zvWF@%hTYfltLIE@Hl@#O75ohwrA(+b-F4cg>)-5LA)3+j{NAjgPbp<Egtebf>Lc`@
zSKrqW$FwKlB@+`7XvJvCY9gpcxr{yT`tVe%w$m*c_)BG4sW4r-JcH&!x50OUqe)>r
z%`z5r4~!Y3u!K6%)M?xzNGn{Ij^B)N(qvKSiX)>aW~PO}Vl>JHQlK+h_(erGK17+W
z{Z(|^I)zPf@@Ay2&y!W#HU>076dqJlUF8`$(_xv+>rL-_@rA>F@-k~FAq3Se(54S%
z{hs^q^b1wBx1J>8Wz6_Z8W4~oA0f@cI&`yoDid}msxpG3qjn3)WRh@B&`g?k!~B;S
zWg^J%Ii-v;3-c~#;nigjv`pYv3&Ft1KXy%ZhA-S`Avc`8Oqw2sd1nS1hA=5k+N8{E
z>5hKbmG^U$mE6_^qwbV(D^7dPMIPTpT=bY?qMj%4`uhLKrAK2Q&MtzMQe8wT3w{6x
zZ{EbOkYh3yUlNW_RDctirK~?)b+>bRVZ87NEOmTG&Z~j1?QG7pwOUb*R%-rA;*GW*
zFsnz2z`iTbl_}Sk>{`~E_xNZrCCvo9gQ#C0gJi8Tt=`~`?3okrC@t`{hb>7e!FWQS
z5o~&rxJl7W_^nV%;1qYE;0<7GCLkKRaP%9A>`#UKPPBldwdlr44{WBb*PU2N3`C2-
zcZ<z$AG1e9-?F*&$Ouz#Vze-Z>M0++vwZ+{m<aaX3X+6(>pd{jO`$w^DFEPlwKOz;
zP1V*HjK<SHV8m>hWdmPoh|j5_>C;SHjc*}bLV@1vEaca)ml&+~&N#|^4VET|Zi}(W
zML)KSkg0{veOds?K3dv`ehqA_xe&*EIlqZNxW>#Hx*II%M+FqbxZM0T!Qs;v0`$Ep
z#$0zHP!zHm8+JmpTZpeQ#X#{1v7t$t`^|*&23JZh6$Z&iIxm<hl@>v`;7b@Gam;(#
z_?&ggls$vLHyrLN!fDa;AZ2s~z*I)t88cUq{d@jPRMiSBhP#}a#tUTAa*6bIQ)D$4
zObh#mj-h8~*_{pK5Yml2_E6Wt*Ky(jvsDQxiy+6}Kvp50=vfmEWVa9YTL?sPOdqPd
zzfJ#+{i81p9u>c($1kmJuiO3EJkG35sFbnYkx35^08V!JK5h1`r<G6FnFjAOOHjNo
z^6zBZ?UVMZ%oD!lYc`eK&n6h=&W~8_Cp+@Qe-=}W2&Xlv5cLCSa(+G<AvU$l8i_JQ
z&suyE=>93VWfGuk7NDMCH(|V|+9p)|CG769clvwg0OiOc?%*4Az858B>(kFFtbBCY
z{K<Vs=>x_;!29=$x+?7cj6KTqW4hticsDA2*7y86{u^5W*R^K>y5N+`-+@d}-0DZW
zKg}{$K9b8yuojOC9$&`@hsk%4jM*XaMXok|D}nU)zKO;@%FK^k^S-p(WwZV%+3hRS
zuD+Cg;=`35eylitYV0>*QKh26H<}ds^>4-p&+}RHfIb<^<ec^JoT27foP)w(q4=WL
zoQtn_`picu<@9Blr2raXXPQqDa)ry+J_Gr>U>*RK>(9UDcl~;<$}Gj`y|BbiRKOW5
zWZ$KyoS?LO@cdVhz50G-=1FoQ-c(jqNIA03_zzS130rpVAAQ=TimPwW(hLJaRwPmP
zX<8&}Oj?*?N;;;yh~^@#%-JW`?@2Z>FRv9|G0;3<_Kn(qU45T9clnw!%i#{Ef|TeX
zZrCi~LcHZeV9TX-i%zX_i?_isvqN@&{tk&AE?lwt6A)7}t=3PRhdn}ky_H`&dr3(7
z$#QW7i?3F~m;93_nd@+t;cZTJ4PzgL`q_5TLvxuXWmcuw*&}shpS5doo-^uc0G=(m
z;FRfg-me$$EHCz4R;G2!j@be}3|S=K*}Uv~vBP6Od7kf5sb$tpH&-mV+>z;=9v-tS
zxEzpiU!hDoM_B9`8`;;axTa9@^v;Tbx0|Q23_s6`;BQWadQJGsQx;_GeDKD9_&-Ts
zpyVzq$JGzzeG7h*Vf;tjT1j@!<t;KG5TVeYZ<+MjCXy6QwRK_L<B}AOFR~jbjV}+m
zK-=7DLHbSH9Sr;XDxsjCKHpr;q$Nox1m3TIQr6b~^h?CvUCF~2iQm(kNbflN-`vkq
zPg>5}>0-9w9zVv525S&(U$Cxs+DfDbo%^;$y`$K2+_b<qmY1yl_z-%-zdAPaL}6Lx
z__|zW>rkHJR%Z46qdF@YH8SbeJx+(zlZ{v6EykjUGFqpPFS$;i-j-CxFBi-35p0wH
zini#a+P=+ScKBWm-+VwLbf_cKRAc;SJ~jM+t*3nF*#BEmMr-vuK=AT+!;_mrdt;ZY
zkGn;cpDuq3e_ofa5hwR%TTC+KD!Ii=#$VCC9O?I8t@SCf2gLigMC1iHE{R!sg-aev
zEguNAI593sMahJGHns9mw{DcU+_EYZ0gMwBpe5Ea*kb1>)0AZV=PKxhJKr!l$2+4x
zESE1msA^1`g*Hl}a_1dB{TR5P+_hOc>-8!BgOS|Yhq}D|n|0Oq`7W8ZoS99DcaJGQ
z5*dGBE@Q>r@%{Z@u{gv!qhwj(lQq|eby&NgWtoC9q2<ZE-J<B+-o3B-x4ZNYIZ*AP
zx364#A>ftc*xyG-|Kn;#{N|P7T3u*vCp+ExaM#cXc>BxI_altWYFU`Z1KLi6eEiw#
z?JnKW?>KPoHD?Ja#EP@5@P<v`?U+j(`x+aJSjHFd*#(8L+sxQtcznB=vz*2QSf_?0
zgYq==cTmBL+9Y~2=Ol>@MZuN0+9=Ll`0TdQcC9qn_8!y8lTP>D+V<5hb71cR4Z*A@
zwGDBH`O)lxjoi*lz_w@#jSWfcQ-{!bTBE4vbz}WN*~(8oN}<#HNJ3?2XBC`#_&MOV
zcMuoKP}ccHqik8Fhdm-_SotziIpXB)(boJWNmTI2_>Rdp>x6k`Z0FVB+>(y&bNvSB
z9)_z)h52N@?5ue^XZOsy?m~YWS2SC&1$}xpJQ}&W_3=>a@mZ{=*0FHH))w}Rc`P!y
z5#I4Z=pcM7lHt`W()knDh6@+9dEAbC%9a-9jK)KYy88<H;@ZYV{=ri6rQNftx{F^y
z6$;O{F4#}9OHK2k+h_H4T2m8<*sa3kv*Gc`zh}zm3%0%>djxY(rk56<ns`vqYWYZ-
z$i#9|M`agh(~XZM>J)+R>e*KPb7|FkZe?^7nUg)Z@X0o7Eb6Zx5;yjEyTClPeB~<7
z>H~RBv)<gCwx{9(`DVu@{XKS5%RE;r)*p=Vn<35a9KY!Qsil{({uj}{Im<LvN}ID0
zqBNBx-d`quSJonf|6ayd57v8LyUaOK!Akxw`Xw@EpLy&S)Ei6XG$>oHl=Pbpi4#3`
zpI7uJd9eO|FeYerUiJ!n)xHVk925YQc<wRvb?R;UTw#;6-WRd5EQH7JpATC2q}hJw
zUNZYNqBS?(0;VF@mt(hR(4~~pCxlrKU!;hu=b5=9w1;m#4WbM`t*$ld)BVY}6B2gX
z_<&h9A?UBfz)RnuH`hvhhs1DfX#%+;XEGMduOZC5jLZX!XHQKN=>!yd6oRg=N@y0r
zg4|X=v7AN~xi;)*D1{j&d(F!fUg*V~MvChgz6ms4Jwwm@wv!J_JKt&aekNYkn-Tly
z8jY%19uu{XC=I#ah`E{vn1*Zq5{+%&lTQ^-2bnU%1tx-*oPK{l5ttR$iEL`5r^zS6
zCW6A4Ff0Bu`tIhs^{y12k>M1c*QVS(1Y6^-(&*GTS?>)Ql=3(=30z?LrhXNCa6Ev0
z5?sp^nB?9gS38$bJ0B1~X1WVHT%?s%=u6A)nZXvn=)ERu8z~|?^&u^LE09t4-RMP)
z+9%W1J>j<p?G74S`-{Y0Q&VM!Iha}GUL&pSm*1P{nHA~fy9=CQW@m`3iNdKh{)?x{
zJIwn(RYR|ha_UAf4Rx<kabFB4eo8}FIDV<<_}0D_F<TyW-g5HwSE~4jm^a8XRp@cX
z+h%?l2@)09>%&*bRYZ2C!9|Le5~h0WUR*W$it6z&i@aKvm#oaa>#O(?IlBe!NZ-+b
z!Z;;|Jhh9r8z1Z1$lhtT-Z%}Lu{aj}c(CZcW}~&{w8a)gwCO00YHN?Y^_`QxHJr3J
z@ndV5&VN55???OgE%~(5D=p!U4-b8FKYi0ypL#^_T=(e;r%w7=@F(Tv^!B;nhwXtg
zO$65M$ZU{9Q_#GS@jK$XUUlRTslG2K!_FPE!fp)j)EGDH&8ZvT^aai<@lnew{XYPV
zKy$y6f!V2KV8k;bQoYx}z2hZzhkFBE+!#n9S$^xb2m?Piq#+Ybnu2>m(-o<y`(_e*
z7t&78Cuup+LfUWM|7*zn{U1XnE&Bc;Q}QegnRZ*mkZDezOxOZ{$8(!$cJMC!9e=m*
zo19qMJxg8v!e*hW$lKY~lh={@G3&@y%qGLu@f`Bg1b(zJBJxIq|C(6ph_2r2zN<Hn
zxxcGhk}SVxH;b-T>0<)h1iH&K?EpK+=vuWbrGLC@|0b`1Vb74Ok2eWzbq!bPzmTgr
zc);|6-wjtkZ6H^{^T<_Wr>kxa{?`?7!o4eP^!={FNS5FGn}n<B4QK$}`I!dLB|I#8
zx71XMd+QhI@MS3^?ak3b+86cj89=q}9YFL##mxYU9DV-)%8I4|RQbCYKnLrSwisx8
z3fdY=ZBIg*?{B27HnbfbCA2lD|Gx(JtpCuKJ?egK4WR8sr?&p|sex@I4TGj*>B94F
zMsu6x@%3_WhmE0OuxO)DRja;p7}(d6`k8pHb@B$oR@pl8(`PREsqgd?UhjVmZhBRA
z|1dZ?^8R5EOtSozZWP1dm3q|GH`Y*BpTje%S4d4~aFZMhX-kqxTHHt>?dQ7xtE<!g
zqpQP5-rv<<kEX7!yHRxYp1P#%8E6{{ZS|!#71})3lQ#W5(sp2k(AM^UYWws*w0%F~
zer*<LOV}W^Jxre$*oM>Htm#g=q`f<@msM-nC_4XN{N_CWb&d0%jq{J^PbcRXenQ0g
zhmrbDBQak0od0_Z*VrZhasHonbN)x+KJuIM{Cna2|Ah08XGyP+nhxNmXG0$^nS=BH
zwDSc@o&V9tQ#{;tu=@1<9lU%bbuhm_PzUd;L&Bbiu;CEaS_&HgVGSUx7K9yoN(g&Q
z2>Y*EZS)kyov@#tx?fm*2>Uok2<r!7+gFpYU+~oGgkKF|YawjaS`zkh5(#_EDQtD^
z|1~P<Ee$u?nz+$6Z3Jo4e-+x6(x(KrU-63xsWiiQzfSXwWx`rHIjwk_24|gLg{n!l
zorCk@kEH%M9{zl8onh-5{c=L^=kJoAsZk>Gyyc#v_}-E}mfniFe{hCH-9I=pNtR#G
zuVQfSrnlv78r=YzeoqsC_j@!QSUz4O?G!#mc0$$*QS=D|+3|y&hOpCI+S!5Avuifl
z`RYj#+0ODmUZKRk?cPqpllR-%OS1f4UoY(F^tQdN1?(Kj#@~}?%Q?dbK9Zb2-?7`%
z>0{In<YNe)W&PwYhL1ZxVf@3#p(jM-1ke99XDo8><HslN_fZ!<)~pjg`ohOkG`yNl
z!D*>avzq07x@UX8!#yTn^xD#ZoaweRKPgPN&0E9&pPJ48U%s0E|NXW6{~yr*)7L6Y
zYk+YP!u#PD=WAfa*$=~4Q9nF}XJJ47vz(_eJgeTOe%LcyL{3!h8J-R9?T4@2_rtft
z@9zhXDD=ZGq91xGG!y)`l4gRHc&_y;Qd0(v)Q4_mleF=W_J~v3-dg`pb7zC$_fG?{
zPtr8d_7^b?@EcpC!`2qU8bR2pwT3Vqcc20Y+c}GbEr}GuLTmj$&7CtM?-#b`2@>|<
z&qCN;{GIBGpD;hsKi(hF6mOYM|9H>(NtV*=30x0rg|f{a_+21}CH#BCOm95Dx?48w
z$&YkA6oqTz@=WrzeVB-z?!m`GUU*;yuDAOuYSj^55QT2n6Y}|}7{UJ+rF}NcG#adY
zH0av3;WQdHuEl6b>FmK+$%FW;?BE)OmDI)hKE8ezA4=`!>sPV9i?5%>`cA%n80*{k
z`af9T%-6SKeFI-#hxPS*{d=sh<?BnazM8Lpg!PqtJq7FEtx;I%+iIHSTfQ<wO|vZL
zD^t`o%Qt-G1vSmGjITtiX_l|~%9CoEC6liVQPV76@s(gT&GIE*c|=XKEafZR)HKT%
ze5JjbW?8~lTBvE3#eBs_O|yK?SL&!~7JeP5dH4&t&AP7ZVfHdLd55p*4?xrD{qE5t
z)U@EP^!<+DSt}H#HEWHZDWYq|(e$Mi{4{K6%deD#)~e$@dRoo^OXoC&B{byqK^l+6
zZbxu5p5nVVOJUlKVd5bL_;AmU)AI#=20o8%v4%z)&1Y$r+wJM6lRU9?w-;?y(-mVW
z3ZSh@Y+W5kTjki=Kc2QOVk>1HZJoo`oAYU_7+aq&qOBv?dgW`{I)JSof26J5*xIv^
zw(@bkevJ;A@SVc68xO)lwg+ADPkg7ah~&+pgCZRBL<iM=Uv$u2hr%N4*qs*KIa{I2
zKwG6c-wVeT7U9?|{-nIY5BLk`pH+p0(v=-wFFd8<t!5>`)U-$|9jdVKlnQHVcZvw!
z^{v9R;NPLk7yEYO`Mm?_QQA$jc#BgJ;u*X+SBv<*zJ7>0g;A^hL?^@pop50@b;5qS
zxGi_K($+uN8dpJEdD!w%JowgDOat}k+gQN^c!Hg+kYEmycK()+r!B^KnlHNR&;rq2
zyBF|S>`t>q|D-TY*~k%zgH%Vbwp?M_2yFM}+jzQf3wqFY(_Q@N9hJLGd_Z*sZ{XXb
z9%RhEH83~j&$lc&{8D%>bllkO);6x6_e81o+u9$Gi*vG%iN89xb*9^1i1D1L0hS&l
zaBM-O{iZdAPZZ9d0P7pUPjnvsx)-N1;(LWf$R7_=2UxDy6=qGzqB-zPq+NFgSE)Ss
z4>ct>{-MYLJu2-Ai}#Nl(4&a2w22(h;{;!67HPktDXPLseSh}g(_)8`c{FcF4(Ra*
zCojrP$+f1e;`@#cw_l9Vt?{vQkH*K9@b1@^4spJS<Xe-5IA=7z>nOvMuk!FsFkRQR
zSB849(qWNy{K0a8Xz&L$h~^E34)tI^dxQs`;ZidA4E>a<u(?MQnuQ1I5qg7;eA+&*
zJ*x71k)F_AD-Y*4Cq5H-nPwsq+Mr{?(bB!fRPV+6LvN@$#ukX@A3v@zZBaNGi0{sI
ziqCWGMXG&U;Gf}vxmu$k^r=6Ge9j@;A6HoEhv9)0r3<w0hZtukWkR*Cm-ul99}jVM
zyEP?+@AcPp-P$I}?dO5R?Rz5a;rS8v-4XVG?Fk1W>~~a0aPTsPX*TD`>4mG=5q`j)
zOs70=us{7+p?#u{YJbjG%^MuYw}+=x#48bc?MVBKw$?GZ)<%OvBJ^+;X@4b3%^Mue
z5E?}PI>Pf+``{Q==e@|I>O|US#pWfGN@|##YOD@U<o{Y5C1>EDEHuaw4RSu@FI+o>
zb@WNDtTX$;;P+}V7VjVY9%C%NYjUMm!V_wmrS~5mth94-r4rvZxzaOXfSP8Rw!?#!
zKEUsr{8)W8%@VxRgO%0_%vJ4!1Nfx$C_gv$!h7yAs>8Blp7XD`KYT)ATGuc|K2)vU
z5QPOEEzPsG31QCrk^Q#n2;M@EiI!K6{e(KevUZ-r5*~D3GI`<7?|8&N7-=t~%bIUI
z=6rx#LW!33xChg|8;nt7;UnQ+)nTb;D7yT-!omY9@I;8ogB4b~PJ1`Z$xX;A-E{xw
z!y}?1><1(4HzBkk2_509+D~X*!l}BtO^<Dk@Qtur#qUKnRCR_yPo1JY07VIn`RFzF
zmsC~jdSGtpzmu(P!tNh`L8|?)Q2T*U`^^aZUF~0}3{TO+?2`_t_OZE<_SbT(bM2UC
z=YK^Hl(5cy&4aN}tIv=aYnSlM;f|?s)-k!E)<#2OBJzgNNYqlo&^^ya*mv+=aXjv;
z4zNsKt+0gIs>5&6YEgTCLo=A)@Dznv=VoIgiZ;H(6ZEucgXsp7@-btmiNXVQdK8E1
z2(G|$rhnyE%k(f0%J?MDXwTF7invecRgT~7xe6;u$19%sy#2E0J*Wt^TMB>V6RKxN
z)e+*$?>9e+O7KNp*Gnzh!ccnP$^zsXhL3x{n5!`D+#r6U^$5r8nBk7eu@R1OaaRBE
zOzMf@_Nj4diXLxKb!&Ww;VEb0YxDUizN4CQG`_p4*AH_{I*`zrJA9oF5kGCpU_PUr
zNhmBm#wWPv=yV=UIKUf*+wX?nJRWWxd@(%bQhX29VHxlvI=G#~yX}t(v+ve-TT{<7
z#_Z+l)>EEg{a*F)vZj5=?>UYkF}$LVa14o6?ctdu^Pck+&d+Kn6}rLiJWJn{n#2Eb
zB;<tIZw2ORZw(T2kuSXxqaGgM+=p*ky_2ijcREHL(7J`ttcWL^=rm8A*WMqbu#$4d
zSV~3w;6S~!A;x2veRpWTTeJIy+RH+_REF8NZN1PY%wyZ$DvzqjiQ6K!7JCkHgfXvB
z``++=+Piz-X_Yq9Bh-GiG%w5%;uW|rup+#l7GnKkr^i8idB0uOG^?)b>cm~@)|0#o
zyu7R_cdK<h(($NQgkDE=H2sC1cX2b)ULE+S);PrZ^|AN{VfKmsG~<NwdxW@Q915j#
zz)xcRc&nPcBgi}p(Pd`ZQ<6m^<(*t~+bOO6K<bF$ymO2Bs}^IRJQ2qy;0XJW7}XJ;
z8DSq18(|+u<HbkStqJv2`(N6#oMu1Fht30ZD{B~OKhF<@;((g+XS}zn*X5Jm9<6&Q
zFW)X%=ia0$!P07#^S124n8WYRN`=`E>whMWw(sKOBh-G3hREBmr~DZ|C~#kC1Dp^0
zt$v4Q2ibRbIT&ic9=i2nn^2GIp?mLydK`$DcwOCk&eIVe;1y;+AJ*^kyZhhq3r!o@
z(Zjx{G~W^D6&`pd@XxS*m#trH4f8k|YX3X5-?4WZM@;-%o{YH@Js2C{_vT84CG<?*
z9->aX#+iIDl|Lr*_NAMh<vA|cZ}>`uIs68$<V9;?c$ebYuc;HSaio2Zdh?KKFAuHA
z^@x8k!d}LQikdcBkFf8J*m}})kk!Z2Yml{(CsRFc@+&C5ziK~7$vk$Ne(%@nGo;w+
z^F*1oQA0I(TeY>(kTNxSXR+FE*Slv*>qJcao5zv?`>S4Fk@iQu^zC-P)!!?uWYt~W
zRFC{Hkj{NRKZo`BIkae>V^=0knd|QAx~f~PDL>rR^^#?L%i%XVi4Qh@nN(KcK|qrR
zDy*cmO4qkAPsX%^!MMsFQtcLA_vKmoey^|)##o-^q3;#O?^$8?Sg%NXP=sEGYb|L`
z=toH_*Kt8>G*Dr5=*}HopX~a3$NYYPI`t4wl|0Lz#nVl6WiWo0_h>CV$dunu#+GCT
zE9|~_)n27K-i%Vyf}iGh-rTVz!yZ%EJ@=cDBTP5A#{;;jP7#hLeIk<ce21r0V18Ha
zMUnPu)xIn6PkvePi%KtcP|cHEY~f|Y=m^IcpUoaLsp#4g(LJ*x>^pefTcIV3J#kdR
z?ToaainL$V-oP7h@@!R;yFzD@?W$vjFD0*vv|n}ZEg9&^SVZz{A7-69fqruu$g1JI
zFc58)Sa?}nx>mB61=AZDU1y^naEypj(`-+K^O__uSNs2H`||jxisbR0_cBR1!URbm
z9Dx7<0*DeIa>OW+4D{$5!BtjV<WS^L7evh{DuHNbB<(XA@2DuO$BH)|tQaH&IRc`B
zAZL(Ej`tWjl@JJ|f1j%EH}f(Hh~MAtAIhX(cXf4jb#+yBb@ksfRTA`1YA`-*1ZA5%
ztjfbU)n}tLXhzwtY`z8dv8z#l%ub0Y?jni@M-(>`#WbS$H0}qpM?@6w5yhh-ir0$b
z@e#$Ji{dE}#jlIv0TIQ1EM8WEHUX>+`NcQQqc59ZuXL10U$(ej>2+Rx@{IIykcIuT
z^=Cmz4XmAYxjX$xFhTz9;j8F`pVG@c12^ZjxIw@AH-K>1f{?pC!aj)5$8il<RFAV1
zYS_Dzss0!ey%Vh%l49l1N;H<hL^d<N%!Fyi8opgre{8S?V6YtkwE)mCfJX&@2L%9X
z0T^Kc7-0u6$^tMd3}B!D&_@6mWdRs(0T^!wFvS8eB@Cc?5CS+c2mws701OBj2_gN3
z>PxH%OrsTO23TN{jL!f}bK?U9W7YF*qxuqSdgEzD!TfL=gtyQJZ($vHcL;d@5bze-
z;4QYnTWo_jUeh0(0oKp;IvOy6@>#vz={(r9*uyL6gf*Ul>+{;)pkG}Jjemn)4jDBA
zRU&E!cR+KDX&a!1tey07yK?=*K$XZ&e6I(84Xs}qsLFMknFCZI33&`<)nisP5dR7C
zZ!6Vrjn}V>FWBSaYYM7k9?tf#D#~g!{km9Ml$Z)T--M_qsAB`)1G{@G%GP_?N~3Xq
zm3Y}6k%~uTq|;a}TIp1Ge*K7Lc=)qbVsz*aGB_mJL|w|hvr4iB>=qLCCs$dpeK{bH
zX<)5yoW@S4R|UJ<>pdB+*AD9yoN@R@c=U&pG<Mn!TX*)B2<b!OsUA;@G8$(CO2+7`
zRASx%f>d`ljjS_$uu6hSRCk`75%Fc#U~HWXtvhqhix1Rt-js9Ri*ugM#c%7syE$%g
z7mUB99=6`YHdFSyhn+*iTOS-xnY)}8T^&o8A5x78S4l<W1qJ;zsJ%^e07G~Rc(m&Y
z6KCLr*4?B9XHr~GYzN^}bn7|FHqhmULU}n`Ua(iC1!tQ+7?r*;=%WRD&ZTb@`(d^#
zK4&xhU)vm??P?yiCEL|p+Y*n(DOlV)+toa0OA40v#`3{fJ_5@JWBCXyACKkJv3xw1
zPp1Xn#?ylGbG}zJRt^2a6kg>i>bHd!td6He37g{qd&gnAe6KT|PbzlB=L|aTif=l|
z)ja2#<F4jSub~AMDRkf&-vMo4HEg5H>FJ*|#~F>Cr3L%c+zxg12ale+ig;MR)s&Z0
z{+;g_EjXh-FmO`%y9VEzu7)469;U61g<tXTD;|C&!LKA*P#)zOSmE0M>a+1(hMa;n
z=;~jkv5CdQi&AT8g&QRWE%Gg-MI#r}A}=&pV{GjUwqEW`jrkU6EN?z#V@j3~LgL-&
z+{=z?`qVX2-c#MZnCdi^c77F|7@SbuyMc1Y4J_xHB&xeN+`yu)*4Qz7AI8IdRpKeA
zhz*qc%4ndH>SIbYJ#W63ozisQ0+)X_Le4AJSQV-eCf|exke7f;aLjl%1Ej~)a&O?s
ztS;%5!RBH4!B=<&{*oK-(XZYKa_N{cAwwlW12b>-1zV+>7ObSUjmt>si&kfFKW3hn
ze{7|?bFt471dX#)Vzd;W01H=O7U$f&pEs!gQGM75%1Ow7dGiRW4;uwqRAbA<0M-uZ
zZSho}kpx1tl`*v+s8B<oo^P8Jmgt&cK9vMl+xAz=s%fCg7en=osemGnruvLgluaKM
z+F+v6%g3xRru0MgaYcRoR3An!gwFuuSYN~hYWQ}AFbV6QH;(`*ok8`Xu~qpW0$b#!
zAriwVWe?NzN&p>4c`R5`6~?~4DnXZ%9M2uO7Fjz1S(l}&WC`b-2X{z%H9)@$^f!XC
zhet&A_drB{Cmyu=+i|r@jN$eALwXFZPY>g}-be`e<U0^1L<9PMUHnpVGX;KwDSLQu
zBz_zF)Wz?n5Pp-chK-u)&TB$NGXdqfy)Be0Bz?x)=|gqrL}&m-^7|A(Ifm*^&H7;D
z9~kc(p;pvmfr4eQj7e@H*ec^x^x<Ddb<|LTKU3XV^MFc%>q5i``vWySWA_6pZs4tH
zX2zxmRFWGXrb(2CRpsVT-Ff{3*4R#Gs-zUXgv+l~#aj`m?P%<a5_FE+Y`-_sfoQ^g
zs5{$-U=(Jm#F%-dMW3Ca@y)-4@y%93<C|}dukA&~$L|l1@Av!bjxWU;-#zzRxV;q`
z-`*>%@y!?Gn;$v8rM>OryCwt!lu={u74^rru)*;et*#LES|iF(3k>cF4aK&8(<{HW
zl&y9&Gou@frG=e;uLS;OC#-(hvsQOuHg3|pE*n2J-NLyE;B52?Ewcvohg)u@`kck`
zU?cD)_EJ-YM@q52<Pf}A%1|?<1<Mu6V$Ej=9_YRMth`fT{M<|KZO`Cw&`Kop;3SRp
zrh3+sMdBb&V|(4{<;KgsLXI?HS`NDs4?S{oZ0A23;~J}iu@2!IWbYpC^0~l3Zh0jj
zRUq-sZAv)_X@<tvm!qM&_db=F*Kza`?=!XleqktUgNqyX7w}gWNTB_wPLn9pafNaR
z)oBW4`h4+MdSz$=p1Q&|0fN-WizDo>IU^hb=)+W}pkpdCr_zEYc(Rw<lk&Cc8|&_0
zRG+yarE1Rmgb*e7KFYtP1Ap=z4h}%?IbWMzHK|_x<DvT3h7JvHrhGLWc*3{Gh`L-Q
z*{mX8hbk(*J=zP8O!MD{lJo8W&mCs$@2QgDV5;8=8tdR`7AO7tYE)GpfUoVSJ{-Pw
z3Vr=le7&WoTIc-SvN0O;&nJ0UE!8s;i&SD{3D(K&gs~GD4)G$uKc=e0=+q1MdOC2M
zD{wD*V>A9Ho=3=p&#J|AA6k(Y8GWB=@R6HG9E9)<01Ez^3DpN~%WdXPuX3j!ai{M$
z*N8*N{i5?<{;3k<-ODBP1k{)-sGhN^s6pua9O4Nbah`d=L5Mbx=eD7G#$0H?&KXy`
z9YkY?;PWP2V|g2>o-wOFxJ>7nf2zb4fDu`TH;pYsK1J_`b@n}=NQ9K&`FD45T)mLk
zYqSUQ=F3kn5ds`Q^^E%(>h=lj_90uhFZ2wZ_xT?c0JDlfbvtHE&2fNY+CIG;Yz*@r
z2OeLz)Au7at3Z}M5WE-Yy3|34aa#{Djp#SQa~sOs8`3NB-!)<ejLW-=bDnk{{qMkF
z|GL*=u(N}Z!G2FuN%k_1hF0DN8sM7lTVo0CsGj0PEl_EbjmLUmU{7vbC`RfREIE?f
zEUd(Shei9L$dX52^-xI;YN+<(IpcZ2P#%l64GqJ*ipw<B-5oMjvn%lTTF#AIFLw|z
zL~UT+2A7`zE!;Q?Vo6+H%egtFRzf&i=iFEaAeUY4AjZLNDp}|NTD#MaP(5Rj-oOl&
z-=h-WG;8)YcUSR1BT$|@EzA+QI!xd`qoA8$iYIG14}Tr2tHc=54J8G91-yW2$=%W8
zy8#G}&fez%>q3Eb?pVMWI`X|@+||=T^7G1xE6^2?AJt98wBi=Uf}d$DZ-dzwzU8C|
zt`77#&$+oCiqg}<C(O@4X)TntO|wSg3iJW-`s$?ONO>{}&zGI2?gm6L^hzI=R7B4g
zoKYU=R8XzB{P(Ja6jVE0ftgXTb#?gw76Fe+H4~!=#>d?awor`XDVUi$f_T|^m%j-v
zx0$J<jD&7-1%4Kdq5w+A8?{}*{OL9QZrewUPMMiH#n{_bmVSgyRxOLhb65+|msq;m
zqx(~*C}^;G*w7>|o0Z~WW7E8BT5nD7)e>;h-NehL4WI?(iihFv!BkJKc|yF&rRj_F
z@raze{PQuTOIDw&RAQ8MQ%Tu>k}#emP#G<K&{gRhv-wuaRv7Pe1ETK6!^)G<;#mNH
zZwzR4&YJ?tYAn)VfD@_n^c0}Z%+wU3v6?Vt1{i0%Sl1e`4|fR^4>o?aiU(WcoS90E
zA4I9frWU*Wx64ptq|2ukwVt&IY@^FCFknkOY*>nyJ)GuY<A642CtI|+&qka3fHu1y
zw`j9a(5A}epDt+AG6Pe*sH7~mwV=(@7Hw*QHd}x;g<a(-?i?hH%jF+}2dvH~CnI4r
z9q_*a`6%lFz=OxY0MW(S-RNnJ<$zP}8&0oi=xa*#tnA4uF-CS(k$@@2d5cm*(V4$I
zyI^K&k_!4uK1S0dfzhwAyh2yt5g^Dw=NcU(^_3XsowY(&#pIuhB?6COu{6{9(Il0)
z{Jmm8y@dtH#>}U>yO1*X0*y^w=wUxn=3NYA1)-9|_R!^fRC;<FE$Wv>3sx`4F8DqQ
zHL!ig;{zOG`JrT$u?R19L7^#dg83|apfw@c-wbmQV&09}ZJhD=T1#B(eCuhtJCVJT
zi7v^z8vf=g&>_wEtTXOrCE_k4P;SD^)ZWI6oh5meJ41|=VysD3N%}@CUt|$^2#otn
z%naZyaryT;iFlG?>iiHhG4}$>ybCqvTTFH5c+4U1F4tJz8nz*V00rMVVVwT{IQWPy
z<CRpDhb15j{kJG`_1vaNZn;AtNF4v&$iYoqfzL!Rn)!~1gByx(og|N&Bc!-}4bR3*
zJXzEFsKhwiStZ%uT<;*HYzcC!ZzxE5wkx!XcXgJe{3!}YOWE%9D&xK^2Xrf&E^AGQ
zFCGT7r?V>lbf+Hyw&3Y&ff0(bzU`|LS`;^B1Z;czj8AuQ*vs+7jxPuy<~IZxZyd&B
zwH6ZLA51dd*U@&y>w6b4UMuH+f$?ImYJl<Dbry{0KNUs72inn{K@#T`QhiKG#9ReC
ziL>r7i0z$(wGkI;UePI1Pgv9mZHRX#i2Wqfy}=de02>9{Lkm`pvS|hQ{=cX_c|u5T
z2G*PfH6`no2`VwBbW(}=6`q80W3;H7IUy`c0*h*}ayO`)36<Zef!(l^Dqd@O@4VQC
zQ?S703d}n%V7WTURrtzz&dYL=2r)Y-ungTW@xxjZVz#d3Jo}qL@V7q+Ca%}=J5d?a
zSkOEN&7Mhu7MZB{rB?>y%1W@{YEiHj6_`R;;^thHkg~V%>p=J_zfs*e6_X>li#2xG
z!&aFOs!-=z=yVHa_fFRCREhc2c|2^yZOBMW3CEbtKEpX~Ru*8yZ)$P+Mzah-4F*tq
z1Sp5VKYcCLN0ykCsz6h=5CF_V41Mpl<qnmU9Y(m>7F=vKMJ2>o(q4)dkmU7XAU@``
z0#FeE`U3%71AurKR5=nn2U_%LjVojP9V#*Zbxw}8HhrVfy+b&k&qpxU*w!IXl@=M(
zH=3D>m;|dxR54Q(LX0>I+r?@_l@O$PR>ZTG&BWY5&jv8!r8uAx<K7*d2k$EDm;|f8
zDt)6I0!RXYQk?xwAL#0&LuivAV~hvd+tRkz03U^9krW^9^dsiif_bl>sS;!2b{Ms2
z(d8_(0H|dhfRuA;I4|pI^&fPW^+I~~wI(Kn3P@J-ZqSumCtFu<6}!+v49x5r&Ncns
zBoI^n?PwehiT7|fI=^`n^!T{^H;LN<=56@zI;v-_eGG~7gdd4h;8%%p<95!?@6aj#
zBXEF6AD4t;m4PJJ?~8|Bio0R)Wq*T)HHwYm_A2qRW3YxbcEWt68U_ztbQN7(DZ1zl
zT?DsrZobh#7rigqMX$PDe2hY5YH`_oWFU`Rw3<G(L}MpFo^?X_Je!@?*wlOv+iV<8
z29^J?rcce!VYM1Nf!#h!#6)luo4kpy2W8$u%JNDm+s%Hr8h@NDb~*`w?V`H35Y(Jh
zFuOWHn{eg)a8IHl$kbjSQ`0D0r?J!7tjel;iyf;f%C-li027S`X<(yJu*RR^obtx5
zz^(9ujVS@*vaQ*y%4nGkI~6noiEmzY#-jXhkEq1hy@hijT4V)R;6N2HBWNdOV{w({
z6`CZ}>LF<Le*IQyXP^~Ox$J4H)pyl0Vq%3++)g?cLE|u=Kh3%EY&(?h=Wn-c*Ofg~
zVoYeG67w}&C(eDLPw&Gg3ZHtN!%r2VPtU-oUhpaUJja!>G58v8s3zD&;@6?`oY(Q^
z{T(bJbT}1MB+(+@d}C3igJiSS#)j6yw!Q||h&xb~n+=~S+s#MBg9-NtEZU;H`9{=d
z4nhkuWwx(R+gf3&BhV#UwxtarrQ;lg1aE@I*mkUktxm6`tRlV2IMvSq+Dp#ms81wO
zm6RQYCU?MU9t8yE&3qrjUUo}c3}*dT8EH#M>761(uc>IaXP8Qi9$R3X!Thql0AM`y
z`OAgQKOg_C5WSA4Da$LSy7TDhkQqqzSt-WI)>4jaZz-IU`s_4guvK`zr8L`S_cnT3
zg-u(Dn^|a`G;d=?31aCgs)Llu4;d)#Brlto;$dUbyv)~I(=*152F)(o%Y4!{fuCTS
z<oGPpWWG@O_PhKEt#I&<rK!Y-X`_;gzzohg6L$du-CIff<S1x;KLg(xtud;;1Q&7^
zpcK+}&bL-ESjD(A$+~JMQ1<Av2OD0ia84_W4%8T66@JmmW{|bF2w`IB>bgUwY-p0k
zrln|XQW|ArdwcX~jXh+IRb$6B<}1|LLono<a_d`Td$9jgv?wdkO(jP2)-dXSa?bzh
zAaeX`<oLTJ;rPAmH%S6C(GDbm_OJ^n;7KAR?7OK+Qc1QRLkp@Cz3h*NJJX`Lf}R+F
z@Hlm>;d?YaW7%zZ3;<h+Ikp9Cc)x0Tm(TL>I@-p^fPy)xv6{X>;Csa7AC!bsw5_X3
zjJu$NvZ);fdP6#39H=xOH+xux;YpI3u`iVnOMT+$RmRqI2gvu*ZykhWm)+kHB+Aqh
z58LVTzua6_&4(Qhw?R`RjY({N8)%A3wmvMjpjvhL*EJ^uJsRSN!xcD;72U-Ji%S&P
z^a9&O%ZDFTiTM%!cCN@nW9;b%EMu%pJUQ}3o{W8du|3Re3}8fsDnDfusPc<iiH)KX
zRC$d}U7)dv3v<}<dV2ehiU;)elg5Z14iOV>SGw<NCGOY-4m1XWy*r+BE~b1|Xv$x2
zM~L|eJ_+UQEb!fVzlHDJh_ACnp5)7xfG@+l6_i^LJricf8h0dG-1In_UCSv8j1WFL
z7@b@)6J|Fx`X@?YXOqMCFpbVFRXh|bclpnBlEx(h@UUS?UiNSb)t6$of=t=B0+~jp
z%3CTE=TqIe8B@1|$&<HGW3V|-T}<`Bc#O7lm$Pk=*5<k>4?9oU4x>ePhltLo<B;sy
z5;cE~9rHE8^N*J3hxG=kG#v--@+YQZ%n*(+P}GPJv!D?MuEiR!!7z~w(=Au!-&*3g
zcw?6J&0UNin&H!A&MzMm@0(5+<QGtrI^nnZk6D+iJKLu~5bt0D>WqT^a~y)JCHX5|
z{y#bb2!RKPks(PaSny{AUCog|*NV<WSSxuz*O3pX(uyAwqN|r3(AdOss=oxi)Hme6
zi}J8@#*%K5u6Da`eF9#u(AXhg6JXM12|(6ED5Bo!jP&%f-+WHv-wCQvQpFlIf5MzA
z&Nm-LD)qn5V$wF^eV1n*m5XY3+sH-L0!P(6QK-;Wm%ONIx;C(=TnTbf6~{y@s;5GW
z>ak=(%-iq@DQ7K4C&kT~X5qU^yv1_#5sB~UdiYMb1@QeQ;jiL*LqqtEYa#L76CHu?
z(;<A{2Yla0Q_ne8;JbCIh3|BM?~N9|TiZn9`^C+G@8rLX@9SL}!1vS3B)+{P@qH$Q
z?^eL~j1W#`Gen+^5WZ~%zMssH_}*L(UlsAa>@VXROl<&P-dy6F?~K5=IE1gWJt3w?
z;M-o{`|v+4d{>LdYnoa3u5TTQ@6CS$e3!QPtN3O%gzs<*-wja__&y)Pw=dxPDyD37
z&UzT}t+?01_kMxzw1*|WH`K%T?VAAKDSsJXy>kQj&Wo4$rbOcVVhG<m0ACa3fOFSF
zh;OS9zU>6QKRzV!#mCv|;QRXsz_-O;#<#Ll1Na_uNqncP5%|6w!uMIgcc8%c8iDWR
zdn|k_#8W(1SojXEhwl)?x9qaNif_+`@V(Z;w_J(9w<Lt`Qoxrb2>FZJblg{WTlhX8
z@O{Q7@%_40B)%^U2Ym1T%lJOlu>pLaZ6@)JkHq)25WYdccY6yVe^C{ViwWVIEbu*=
zEAj1958q#J1bh?zGQR6l8o+mVoWys$BLd&KA$(hRAjIr0@Et4gy>*I(?;7ze(Tx_q
zr7a`z?Th#>YyMa9ZQBsOS6cWkBoX+&8NzoM;QPpBLjGdBR@{4&Eqoso_<r)B#J6uf
zd<(pQ?>&DR-+MbWfbZ<4GLgjJo7<ezcQ*y)!BXo(N`$Zs&~!_ntVUzUJnRSK>ZYKA
zm|*b)_UE=i6;OOW<YC_%$@qCMWxHu$E!D>qYWmdT+!mBK@-_3YbCj(&&Ne|M#un6M
zG^uy!y}3!G4}3)v^z`K0+AVAn={kQCD><LhY;N(dQTI4bA72SZc-`x)Sr3T(W0R~2
z`G<J;sn-K?Le?cjPRPj{U_x$+|Em+SBe{VIIoeoGNLIXULbf$l(S>W?gQwrKV~rV&
zrAj*~-a4{-9%H}aMo+X*A1(IsCouSo3rk|SSg#WG{x<;SQHOQ;Z>YPa=i%{(#wIRq
zXcVheIf{gaMv>Oo+9o5H!MmYl@Cz)1R}!Sgzo3zociCl)XCuaO#p!oh<2fSsqHm|$
z#<QTMeLRz|w~gnQ7XO#=<g{yGJfj-PS^2(&ZC0*pBxXe{6Z;y`gk4~6I47rTZEQV*
zrlOfNXg-dWLtoiK<|SB)l`^w7craSI1OSV)1vE43Ll3aqD)Gm^@ehnD6RnIDF{<@D
zQ0`*y6GBQqLi3&Ci|JhY?uEr(BW@?fdi00mX;I?eTdTxqg18DJ39}|*_DN@^2LnR0
z^<hbTO+j@O(tplTO!X1hqpi(hLG`#FfeG0f^w4q#)t%=lo*q#>v4*O|6^K_s302VA
z%FH@MWp)E!E2<~|gmqQ1q<@K#SpWo4bmuw@<BH3@(_#zpM5S}dG)czwE$bV3ju@Mf
z_enh?uVrGSktZ+j*ER5B0ZsoqEyD&L8?!)Kbqj@6xA=lq-M1=Obq88EVAY+8u4~nq
z(P69Z>6SLDZbP(6B)5fZyFwv~kUZu%d1m)sv`WxxW8=-jI_?@AEdGGSNQ<)WXoarK
z#J=dLHf~?eIjkMYjCv7NGx-_#o%q!h%tWInmSNz9LUm`mVIpAQGOB0A!*909=m_It
zJE-nFh@nw&%f{QSb0S{j+IX)NtyS^%wfy=}Aa-q&y3U*uOSIzMk&zc)%QKQ1Sj$g4
z<ytnH5aFUQg^S`rCvIdH*!BQr;egi@(}t=fcoWs*PTz?+di1#3J26L(9_O4OC==Io
zLc|KFaa$|EbgKmEWVi*L&O}*ssugs4Wt_#_1I6}pG(@B3f<{1dBvURX-H<MoUhzn+
zko!R_0(3uYqHN?sjZIxFTn~7_y{19xIq^cyNn=o}23YmRsJg6rO_ar|Qs%k*CtcF7
zgGl+DMw_Vma?)IM8o4f*fLu4Pw@S)xZA(b$6bB*3?lQ@I&doXDjoUx0nsZ~9YB|g9
z4x2D-Z7UktC3vl<b5E$wy%BYS$)d*OPz|5GMgvPm;4T)<M*KM*K^@W9Av383y3;Jj
zw{gf3jt&XLnb!Un?v1r2Bp4Sib*Jx->}{>B8;u=vryns>(EA$<H#7cCEWde+KLsKJ
zF3ify2r0$X5oIs8wLHET9I7QF-0Azx>*Fl+=eH$t8m3v|bi5$U+6LE8h_JydjlDYp
z6#{_sK?u%$mjs9E?h-FM>S3$QU~^P1Mue1$urL103l7Up4jZh;FpK%_^o<_&htZRS
z-<P??kR)iRn>B5vbh>125eJ`#Ofx=`V=oy5V2!%>D)a4lLX3B76^v2S^GaO)8O<*S
z_ab<)V_tUNozBhS@!>N7aY|sc<w_{>;g>_4%kzM#9qSzd)aM#`U|_z6qBE=47(8e`
zI1vw;4^32w@kA--<|YhktESc=^Eym(zFgC1h;!x`%44(3#4$5v6~=0=V8A^{<pcvk
zmySlzuM5y~0dzM2{Xw)fUCY|ph-0pcCZsfgBXK3yV;A#A@r0FMK%FR{P6DVuea*S~
zZ3MzS{{-Pg8^VhZBf_l(=r#g$TLAqKfPNtY^j_D+L6_EsLB|CV^sd_w^!mFH^oF}s
zVzdR&cSV4H<xfD5vw^--fPPGX_6yJf0A0SAb2B3XwD(UyN7+DsB|ygu&;teNK>&Ip
zfR2s;t^Nt<_s@qxH~kGk9}%FBPC(GdCaA<{44}6<>w^Be*~LNMXajwR0R5Bz{k8!8
z4uJmjE6&XY5uoq;6VSh(3xocT0NqW19wk8E2B2>N&<{m`?(!#~OKhN<96``4M<M7q
z0lFE0KJy>W&726(m2npbon-?(UVy&oRs@aD<rF2ZxKky@n*jQ<2++^{3Fv(_VbF^N
z=xBlU!vgdS06hdiAB(CBdf1<Uo?`>u_$Y#|6j)y_K=%UB#v;zmr4gXdH@!IM%Wa^?
z9R<m1Gk@oYm5mOB1RtV$*3Du_EAPO5SKXl!V><LZEu!C-|D@k9&xZS*aV(<Ww?h5C
z-Qh275E|nk3<otPr1Tw>mEQp3T}t1>KdRu5q|y)YkKQSS1e=sD#6RAsXKh9TH~+v9
zZUR0Rv@airG*~`PCB{F$<lOunv+i!TlVN_7i<9BwGe`!pNn&i@x4%aaV`hjLQ``Lo
zVhB=b?68^E=mKLiZxx%yu)l+R`2uwB3hNLzaO+;qOJ^Z*=Crf+8*}j<<i7K_sKnUz
zIkXT;djV?G#1+^C&GNC?qIQIsx16!Y@kD4GYuiaZ1Rq{3eG+T8ZD3P-OuQWUDfD*F
z=XLRGx}WpXr?BbdWJ1hYA~f$osC!LB-D0TwG}e6y>i$jCoqV%OjLRbGCLG|r^ck$X
z0_t`Zb^AiygP+x{TLN{9vF-_|dsd_uJN-A67^M+)+a2V*^m(k?p*<nykD{&$_&yU+
zcRtj85$k%P?pvbndcfh%h`Onu;k=A>A8SuY@DZwKy$KZuMpXO|Dwbfy_o3nls%K4w
zit!N@`xu;;zJ?XILd9-W&$=9jbZBASieE#;xmeNJ!BVayqr9{W86^rj_%xzjy2*Lz
zo7k>z2Z>1&sQ6?=#l=u@K32S=gT!PbR2&mgF(t@(>04Ow*$(x%-E1O|8Fmw{+ay%#
z5?hZ^iSgw^&dpOwUD>6?UVPD3p9;w?%XRj!PzjEV5bv|zF5YLoT_wifpoecFdiX5n
z;yt`vzlQ_C2)VEzw4Pd}{8b@o0c{TJ??a^9)fbh3mTqi54%-h(!H&QZKYwDM2+DT2
z0zs_t60|6tiJ)(5_h(j{*&_t@2{B1;j~4pLXq6bQPdPVB9YXxFYE7S=gz-N!qa_u`
z$9s5;hexGGka74Q3I-1$8Q&GrAv?@xk69#K79!y-9UCNJed3wBR6>kBClq1DUKV}H
zPAh3zpfzF+I$~LroBo_QHwY0_I2<YS2x?i0kKU#d<J8BTo8Q|Hn*d~w<c94$QxSl!
zy-_7bn~x)887$^^alY1CYpp$0Jn>Q8ir2!TT!0nTl!iuc-te0>nTv+2#8~)IeI7Z&
zdFe8Qk<qaZjQoZOCzv%_XqjINGCUy2@F0-k=trEJ&qtEs?vy%Y2orXr^pl#GVWRZO
zNf;)0C*DEA?M&0B#{)Zgcr@j)OOT<O%0|Z76AEV1fz>dz(qg6j5Gz%+`)jtc`J|YY
z_q{4H{2$iaQw7y)D>*NngA_|kt}AO{X7?TrNr%w#__t~skbQ|P#+X`xV0c`ePDCyi
z^I#=F{WwfgZ}Ojv&HP$yRSCd3Uwv?a!L$Sx`b6yADTJU&9Ep9CzlQx?$LnF=$c(_=
ze*rmZ;|%0b?(#MFvOhd*ixG!lPkPxw%->Q36PDY7@+Q7ESmQ@@_HQx{98(BoJ2ZB}
z%MN-2Rk^J_yqPaSgk=MumB$beW!p7<Vj<O+3U5BoZHe7cwhn5&8LCCuI$D(V7(svI
zmF-lbFPecNa$EG5fZvRJK7i4kplr80y-H&f3%!9OR<K$i`d7})w!h*D#7|dRQO_mk
z6=L*1q7btHmy+{8p-*}6sU3WpdQ{RzEY=G1uB{><y2>h8up^>iSY<@P!N`KZ&WM84
zUm^-tL>An+E26-$JECBIWWlw2A_{gz7Ub=XC^)}Qj+W|PC_p9r2Q$lvsFzS3Q82L@
z8-j{$-(4!C=g2wwict2Ka|$t*2Nhy&IwM2N<rxUdpdMRo9=ix|vdXw^e_AE^Am>m1
z%z3}foIkpm^B!9`&)v%T`fZ%g-p=`zJ2>CHgY#!AIlp!%=f`$(KJORKhwtK?@8bN^
z-JFlx!};;OoWHz}^GUyQ?%vP&!Tp@?-p~2!L!7Ta#QC;EobNrvc{m<^dN>}w(8%yA
z7!O~5Sg9WmUx@MWDYkg{LL;Hj9uGh7H$}$7PZ#m<|4t>O^u&eZ;SV@59)8Ao1(r!{
zYn7ChL6hGdgc$TaTReQuZ;FVA-vHnL5b^MXMY|12uphoB<KaJp3Mc<09v<^t$drrD
z-Iv?L;RhH)4@>R9Y#}4xXAL&et-=8bGGKfbHQHH)nfNSgpf@Nb7$071eYq+@hLX<-
zg~R8hCVANHsVQFe&(t)kV=E}_P4&1Th>OF+v{Vcir_4c_Hy{2UO!ef{p;oYXIQV*C
z0up2N8HE^!4lAVetb>rUJGzJf?3@G{AAb-7uqj(%tO4BEm_k%#A4{-DhyQX|As&6!
z2;(|a;{RQEWFCFiD5Jaep=F{R*sSqJf>n5DqU|#GS*vt$qNL-TP<;H5Bsp-(hNNh0
zLYl_z#qsyV@l$p~c=$IA*7Pnt+zrH?|CoqFA78By<2O?wr5uJnUk-g&BF3J}3!$4m
zY^CvosfbGjUGbn(9?~5$6_Tw-(}L>8t~ocv;u-VM)H*@&y*}un5)XG1>BY7VZE%AN
z=>o75RfbO$;KvlZDkSz<P4^Yz#l`YCLd=gbRyOha9x{x5s0d>(ZzjXo#Se!ou)7%{
z*#*mF4Es-bPM-M14Jt9;5ohMZN8oYZnjzM4-a{A`n0)OBc?<R~4F6N*UEl@XRpRpB
z-%{qLsM46PSRU1tXl&yA99CWTxUM9-V7(&Jr5bt-PITQ{q4Nv{=Oyq*EFq=M6++4$
z>`I7vq!p@mgMmW&tQ4we+>RL&qA4$@EZU>r7)xQ-TqF(<7m2-fZSH+^!a(EmgOZE>
z-a#(Bp|Nzrj40z(>%;1l@QXJ_;E*is))6|Ll4J{TXQNW6p1daw`c^4lLzybh6%Rrq
zC@QCVTseGa4$J_X!<P2OW5&!FLX0~OC^D`h6s|B31Gb${r-d)D=clQ}c=3=zy!y0w
zZ|1Zlm;ZdUxWu<Vl#hm?D&o=eh|$)<__73<r9~WqhXaj<9fDPv7i%21hTIILN<~B%
zd<Ptch#_FRV49ZfS1^x7H>h8*DxR|KUUm+V5-0KO4b)+$L=)oHABv^Av-^$Wovv(o
zcrND66?h!udy+4^Q8JSoV|!G0pvo2SVUCE5XS%7xoF0uCuValN7P6Cs2pJ$EDz<wO
zey41UOFLt*ZSq>L1U$M9mnz+WOWU`q%cTMsbC*blov*Qp3mRhB3RN=fj_L*&_UHk@
zu>R9R9KgyHBH`x)%AYUw3omr@1zgq1xm{I@v6u=}LDle$@nU`@ZFAF&RtF@lR<)A>
zNy!7d)??Fa4<MUrtVVEZ%dUb`^;z-2ExnBm`z;0?Z!zeP;=V|*OPE1-cTtJ)`+k)4
zNgn;76k3${-6@3_vqR0NSj~@uc+e-Mx%F9>Q$6mTE;7yl12iaiWa~qFV}Oop&h<@D
za1QKHH#jH#I+d7>@JZ0DiCsX5$53AGVKG1s7>b<^uKkh@8`{d7WXb7W>d~S9eo2R5
z2vWSp^71vdR8lrK)5Cr-mj7Ch9PN=D$vac)0p0hj1=Ow2N}@&7LG{Ehp&o0Tt>4(L
z;EcoN&vg<~a7J+jUPRYx+}u=^n3F_Wkij<~V|%W#82depu1xNIgY_O>f}OFurvhWY
z)jS+S@fXBz)2arzIptR=etjw-rBgxtKHifMbJ}G{e53Q95dZmo)`D$g5&z51_2^W(
zuOZ^sB|P0%kMPUdATcJ?2YC0s1_+<oxh~;5T7=IQgzwy0C1wjj_^lo!{D!M7!as>&
zEXfrfN%(>mcET_01cZM){{KYy7yf8~@bB%Fgg@sXr1U-@{HH+pQ{rLphf!%uo}Uw$
z&cc$d7)e8mvPzCA#7NzXB0KO|Linn=OlRTRtH{JFLa9ryGTuImf~)j?==A%Z(4Vgm
z-vTk3?^Q$*ezbXKX4Df|D8%HA`LOdQB=15JkfNr#o)%^8K7p$D$T*c4^IjKmDLRgZ
z>Mubx49NUGiV$;0RLC<aPd1jOiLKz1VIuxNGjv};C@gQ{3pkZRL3H_}#ZCi6IWO|+
zb?K-Qvs(Oa)KMla#L3;10+V~K3xiWcWKw8ysg7?EiS5F-pk8u~lI((&V!PO9e0WmM
zvppPX*=~h|CjIl>IO%fKE`M#ah%Mx~-O7JMTSQIqWt9-KKs;EOlwu$7z78<pTN5u~
z!19_NW$uOHV6DXslEEp-@Xm<_$gp^qjSL^|s!Ilv7$SqF<3#&hK#hW33Xuhu!ipP_
zf1XwdF<-;n1#ulQNrX2a<J;oe;$IFhQejJL+Ce2o$}W&PZ%94kIq`r_=>Utl`Ut7;
zxLZmEy!px1>;mraHPZBq4eeDDjM4OruiD!Q{CIo3VGv)Jz%~WMy0$23jHF)}CjDZn
zyYm}N=2DVf@O`u-bms8}2tE848=<fJr4FG3T|w5|2Frd@4?;`@M;BL<Y^Tzx<T_M3
zn5+`x>`ptC9>a*YxEK3dR2qv<>nGovBdPR3d|fJikSwY6T(X@?qmzM3gI)hyDkUCk
zfJ)tW+NjiSXI*yO8@VcLDlbv7tFsiTjs$~lnn{n~=as^>Sm&J<`0%RufO#4g0hHW0
z${R!PTaCO*)X=5#P}ARqt}Qixe5DeZY0oR_N7w`Xu?G%2h@O{km3FLDBCaF2MC<W&
zTc6nh-BeNijTwksh<1B+L<0B`tJ;bE4b;({AGNjJaLC7<%Ak+0TpW4BA+hFa8M~`w
zS+Tq0+lFIzZ)q!HQYY?EWK8O#_?S+dnjsjHGTcpEf&Gny{*W#C@|Py|J$+{zV84Bh
zE@aD6HuB=;!IIw^*w@!@M`n^cn#=!fqYyK>0-eudq6_1L?LZN%VY)D@QQVFFWuWfJ
z{xVSa_Wm+ZcS8RN1sd%3Heua-NE?+Hw{EvD(Zz$2A}9J<OVlfDiv@!vDV~p$OY|H-
zYt#l`hdtR^C0=$wbLAKw?k2E)HCN6a506R}hVt#(q_)>44le=-sqAIblDuqEilnQ*
zH2{-qsW8q8MZf6M7RCdvZkzxa11#-L_Zq5?%#RFMFDdvo28h`&*uVm(+iVLwbDK2T
z`o~4A?2g+mZDqUj!>id9xcVIDX7_WPm)1B4DZ8@Ee^FJ!AA`kVg}Jhd^HNX{%Ld9m
zP`z=d9|?9SJrCtW?B&76!jI>@B!tSPeSK+op@^<BGn-mT(a<|+ytNtF&RvL+mqw8D
zuqQF7%Jf73O^OU@N{BJ?XUT@w#)}+A|J_c)Lok1CLP#lr4RhN6WRigs&0T+RUN)l(
zA*BwfbmO<WwHs#7^tG3u4Z73!2X8NX0y<FsCmp~jsE%GQ^O43xx>TS3pHWP_Q=m2`
z!~_v<`D=~DO-d-M>CJ~_Bfu)`;|(^lucH6KA~6#i5n_DtlZ<%w6}tRi#?@WB|ASt`
z12kWaC8V?iux$5kvfqY#30_{B0@X4uUQN3DBpXmU1#;rqUNhw+=cOG1Q1-<EY3$5}
zV3}{niu3R*@tnVOAfEFt8K@E?x`=Z#s1V$k^at?)Fn?ZCuxcj6dw8@sA#Rer%nAY7
zZD<=o)%n%Selu@3F@C^vg~(4P;1&SfPoC!7T&{$i%%weH2)}i^B%U>QqGpk`UBG=*
zz<mth{vF_^s&(<**5qRN&iyHbZ%+~Fd8QY_?IYm!1-P|3=jPc6I_MXLn-hksVYsEt
zL3eb$63Rh$_!#HH5wND`MQ86%7OL3;-%fl?9OQp_9P`MD6MVNwoEgUJqYZ#p(0uVY
z=cV1D?@itQuPemN$6TdbsGc=b5N&FIB-*t8DlyhR#kpDKs7tgv8efcPt_>E^ECp@<
zDb7n>fTp|a|70PX`!Eb8>%+@cVm!pc>Hg*%<d(ljoQ#a?N{D$ozS@`N>!}ih+G_vX
zu*msMH$uz|QSF)@NR?NvLaLNpr4r){#<`gh!AgH`bTO)&`7y*wpF%ePd_aT0mqRyk
zX@8L%<|Yx``4*sFR2W7*IT#)&`XHzFB*c6WQ@CaQ)<Y%6I9u&0zlCd~<Lq^)?LLR0
z5>(H65Wrs%YM`-`u0ZS`;Wjvz>0ST-cPHGvQ;u+6+7Cd^NF&7jK*ZOs7i1rtfn?9l
zP>FGMA?N19n5|YWlikNIwoC#)h-I?u7?R;scZ68m4<Yh?Dlrbv;oS7tA%1buh1XX?
zd;u2TJ%IAfJ?l?lU0PuFQ>tfGbyJD4{mJkw6x)~++2PEk$WAlcL5T6<cT#~1M*kOe
z1elJnEHmeb_)K?ql^7{D#IHTdxp0CE>p@7c6V<a`O;d?+E)cGheaxazzXru(Fpuh4
zOVV&gG|cpy=<TZ#W7LzJ2i+Qbw|7W6Dy0DC@7=BBt``yljRoUO0#xp|p>iASufqTa
z?H(f5CDTKiE#{+#ZQ{AuX{~h`VAVthSh@2BqcmQphzxExz2-F`6dvi`;F7;&bR@%2
z-o%&WVe2W|%{FDTKa5wugAUK+u!C%eNRuoP&rQJu3vE1Xy~d8Qk%igplyR?B`=~zB
zQaovZ=eDEV<!j|(>t($m_IjE=H6M@h?=!_?thtReHZ|WIFG9vdK*bLlJCx0~0!q=?
z*vw%EbJ*EX;DI~eyi({C&aOE7?bC7gJEW_`_=lf!6QB99C_VS^#n$87YsGq;d6@Ik
z&OqP1|MNx|G3!NXFmXk-i0VJOsKiJvuy{&-m9Fx@HpA+D>?LYHHR3hFb&XUjD6cdL
z+OPV*%T)6{gqi$sBbAi)24I8I2nnWAJ^3yu@<P$SyAymwD)}ZT8Vf})^tgmBgT1Nl
zOcvO}-=%$_>4db4G`(bwHd79v$E7Sb41NTFUk}J8QQi5D?aLjwJ@@!;bPSC1&Oz+^
zy4dhUw8p->hA!F$dS9aV{6ZbmI!4zs=Qua-6S-B_#YD{icDsJ`Ur>%hLzQx<Or(3g
zIVP0;p|l<J8{6%#@|`)LmUAOxH998Wj<(|V?)h0EMx&JqG5?L5uCp-oX*hg3x<Vml
z`bl&Pxznr6SAVx60?ljw2>sOm2vt~gD)h6w3L#z<f_Q$DLX5cp@oaV2ROjZCXE|R{
z$$96UoKM=xdGs%wFWANT@4GlZvzznSy__G|%XwfQ=VO26e8V2jR|Gl#KFImzAm_V+
zoVz*<w!K&DVYOP(vTBET3HinG4&u>=##2495vFlCP1zPc0^eD_6GN_s#%t^}A2A|O
zp8FuQxO2RN7$x80o}D`tpOPrcSHv5vPUDxA3h^>gpsOCXi!zl4%7ut4U#VawoABF3
zv?%NBW;_VgPAH_Tpf@3<pDKhHPtO*&-Zzvz3uOxxLV}IU{sq53#~dD6-->n#Clq3g
zoektvDPM#6Q?SREgHK=NJ<n12Wb$bbJ5P0I2d6E5Z&*AI*5!XDiV$znBA`^Z9)N!e
zs-3RD6ZitqQUX~1YlT!@UX7BmY)f(EY_*ZHLIlpd5=Ds1zXJ1_oi@6R19FQ>`tVq)
zXHTKJXF3h6b@_Xs;_r#YKa#P*LH-kEE38+Q21etFvw1x#&T+S4ZUaX_b)(#A1=TUR
z0}HC7U4e~Z^e_X%w}cSmjF>LpcunupDM}?}>(U8XvPvPujBZr7{_{|Ot*qZ$)4QBh
zRZ^z*A!NxKsJ|uFUO#t|@y5531|P<X7yfnUG8O&Nxy`5^_l2qw&%p0}ZGxFp&w5u?
ziSaeG(BobeUvfK3f@tiZad^3)8Vt3d+TrqFi-`gEQsyn8dd5{9@l6uzSsv8q^YS%z
z%;mpEl}|)j)XK(`Y`$XPL6Li+T2YBBuo=lL@8O)nH%2ClOE{qXxTK-uG+KPC2xk&L
zu#hjZjrtbWI|NveU9euk9294b|NJb1Z|a<Ze779WK&U>Z*ySG^C88yBul8_PZjP?P
z^l1gvF;w@J<W9sX#8;_xcf7`q@eu>WO?Kb?Wta6OWXV=o2>;O7A>+a23g-6t1{UR{
z<qAPqzAt4<fX7Er*}8ApHPE^eTDJ?q9xT5mmZibh?U)3fn@(}wPW6ng9qP~<zyfL4
zs`lr&zDIUM3cu_C3P0hnQP}6GN8vI_;m^v$6s~aNdxh5*MV-R%wlH~RdXLeYNd4p}
z_mwLmIm%d7kk#c65cyh2k@e!oOIQ-)PCw#hwc??hl^Uz@;$ZA&WgW{S535`PzU@Tk
z{4(4nju6}NRSjMg-d6A3ibKZwWr}!V;z2H6m?&F@UAO}GilZ4f31uYz3B*|<t5HO(
zgE4WbLdqV7dHDs_-E`R7g1re@@*kMQ3?%)N&~w3zB;xWv<`gUFg&l;L6*V%d-JDm;
zd08zqTdc^lEqsnG(Md>IV~_%019ajf#As2bknjQuEIY?}*&$f?o1w}v%)PV})G@>@
zoYB^a9|ph&ZK)InPN$66T{;-b``ODwX}{Z)S%HgKd$mUo*z#Xv;#xK|g|e|}8hfa>
zre{s!3i0SM8k;3kVZ+bCRL}CZR*8pI8NSWp*)RY8C=u&v&6~Rn=M5hN(&G*$Sw~?%
z3vbJjE;3<FmeZcpXLYSYT>kH)>Lm5a!>q$pcTUH{ara`4O)YOQby^f<c_qNSZ*FLS
zc|Tt&nfD9C0bjfEIgQtsD&mmrbb6KH+=|>>HWg-SnL>ywFj^H`$%DWjP!3CWs7gqB
zr8&HY^Rk*ggjBfmH=}nyeIvf<5d2#i0}#t$CR?f^o~F|5P{X;=?i(fa>RLaT^O3-G
zJH?9-nm)0_G=TT+?u%e|+Q1&cwbKdBq$&{oY)mm_n~ZJW$ivt%#Twg_!>VYY5&+4I
zGxz`kkb{jZF+PI2`p6QE9cQ~}V52@JKesjIjeQA}ZDqa^4_j>%euH|0?h}s};ZqYl
z))g3mdu>HFt1>2jqmUd{Wo7}Yqk(CEfT5--VWwSJs)QdvnyrSJ_LWk}hL5Q72_(U^
zv#s)(sx5K*#3i!y3AJISEdi$0*h84Oo$Aid&MD%7&!Ge4>z<Si1*R=&DVVl=BMBXw
z`EN!^Cb{<6CCIh6V$54y@0J$V{tZR0bC~sZ(-cGn^E}%&Q@RCb>}N%;i2+!vg6bIu
z@fC%^mR$F+T9LF`%60TL_($3?aUv$}Vr-S^{I~`d#?7kjxO_g<oqul=P9IHmXSa4@
zfyi^*@&@<LDDeRHS>ur(8aP2Of;q5OOn#|6x^1P3gzS{Z`WiudV`8aXHOJDcjP;vD
z%Kjyr6heGWG<M8z%kTQs!m{uC5E5*q>0MgYD5NYCm}Ol^IKm!Ll=aj)R4%_ds1UZp
z;JM=34cimiH(Y_0XE-;1IK#P7^R*J9x2aWeUX}oBZ3)Qf4>UHhq^x~9&crvNwG&Lh
z@-$JtRF(@2G<{;R`PMnuFea9i^$}G{u}Zjt#!i~EV6hH`u1Z7bYwWnWN4QEoiRhDP
z+!1{eO**Q?Sp6X9!Mim!wa_b`*S2=)-yETvw4sf<&P`e;j`5I}{RSj7PoCwxY_cVk
zP+4%7n3F}v8xmAvEP24X^yvzG0<~|p)iz&-ZD}G<emyMH$7?xXvH_OveSJ{uh?91G
zWQlpAhVvyqp}Q&c32X@Xwi(1-fe?2;+DQOk@m;VFYdANbhH9^btA(T@R-RbmWq+7`
z#3MV22_oN52a)fmgG!9&AK*OLvh0&SgqR<S%Z<lcsKnTDKe~X5X+d5waRvM^8SlV|
zHVI6SPM@6T+<+b1a^QUk)fV;<&&uFXCYC@=F{j7P4=@14U99QTg)4sUIjdlbaL2nr
z_DL;O@c!LjDfmR3`49kKEe5*DK2Uov=CHF;Igpb{S%ul@jCkSwqVIoD<}1e6cAZC0
zD`A6a8A{i`Es|ofB3j1&E<xcs$SOY+Ed$e+pm6Q9$maD8X#}zVk)_qqKxth_RtIG?
zNn=w|G&UnmW79zu7=0R40hh*Rpj7oR7e4quW3Z-YT-)3Vlnp-ua#Flc_|Qs)7|MS{
zglsBiRz2-yN3GXCJZz<Lc#*u~1D`{JC<-vsmr%fc(w7p;L3oW{Bx2N;z;<L@Z++_<
zgX7ZJyCNmyl2P!vr}f#5pI6HFPb^~G6(fmPV0-&Srh4=+cZ!$!(!6Y9Z;u}1WqFno
z<Yjp<Y#Lwxxx1Vg9QN!L3Ne~2Qb>h+?iKwAsR+#EoFBk<!DSGcD=<lrL(*a^?7X|a
z#GO}TzI^1yj2Qc4D967<n#7|u`$ZDk<%!EzDa3f_OBuf{ceSB0gyiT;QWW^-i&Si|
zBv#sxSLR>a(HEUR+d*<ujT^s|hviw1oKlD@Fwa3q>1kO1wfzV&<M8RjjHQX<8k=PZ
zvfYAfVr<X5`fJ29iQRFti#yrO+C5K-^49I-?g=Kab-v9p(243!^%NSZzx|;Q5BuJV
ze9A7Ub$Hm1nk(nHhewMzs9V0kbYp^~r>vNYDHy`cUH-RY2=TJX_^<`qQkl;C{(zC4
zj3vaY`@}Lof`3f3PTYXT);(u{B<P+0g@VU)xY=4kQ=wQ$jpZ$-`b$$Tkj@hTv|Nqv
z!+6-r+(u|5iO^UP;KyB>zDVRmeAjwu@ncJOSggp2$KCYw=fD<wG(GF*-@(F((O&>f
zi+@*eHp(TQ+%JlIB$g05A>ldd_>S+>^sKw%@gYyD$Ibg4HuXln2ZCcYJ?oB8`5amP
zkKj;E&$=yCexEGAE_j8eXWbMkzg3p^2)5MpEKjKXT3LP>rl-y7{kuYpoX>^tNl)zF
z2KixMQ{ac2lH|<00+r|s=yh2eRVW!#z*OOG;$`PNx;K_)#(i}Xw4TjTVXY@`zI_I4
zLD5z;s>UW>AZ?|_j)7@Vu#(hITlvao(ljWE5@gT4jOxB(nwfFeNnn9PzBa)tVIrn|
z23(3?t`}c&TTy+9&;U;wY@u+cd<PcB<14DgE1AYT%|S3@?C)~zhi%|w1Xw3abz@Of
zXe&Csu%Wony$d7l=k*IC?dPS~()sZTC2T*hA;NyHm*5&2JiQQEtv-_mM#J7ZReZ)*
z8*i4cHr^(ifQYB(Ij?ZfJ<!j#EbBO!MaIUpUiODOy-K*Xdqfdpwi54zrhSWw;3qp3
zQns`&A*FjkiXXj)^YlupI}aQWkHbHJb8Z~{6oqU>UrWgDvrB|vlE#+8j|%tPpF&lB
zwW<J8!49&D#uiN%H7i3k_b9>?4I^GR|H6JT0<Z_nk!qdY&4~IW91zvzj5Ye~rN_YB
z6M*Z(GxJp|Jx4>Iz3gZ(&Di*n+`fiKU97ULE3>;wNa;Zk>*xAf{(7^AgODYM6hg9>
zM)#|m<070uxHz2V7vF|lVqk;#3pbFpC9j)0)^F2~kR=C{3*w8pBt(PWN_by1%09Ao
zwtQ;aI}cUcjv4B0vcXoyCm%{04OJUr#S2fWn9-LVgqQ`e7aj(pW%jctjgiSxF$Zl?
zmTwudY|VCs815-}M%NC*AwU+kYm5qR7qkr$yC$l{_-r!g=2M_B=y~FxvV9Hb9^D&{
zd5Ii=fG`DI{#)^-{vS-G21og7hBZp{;-m70s7duAd`JpMRZa*oKPEDdc-HJjDlwjz
z1h}q3-|lf&VAfgAO96UWAOm?n*tpaQe}0w$;#$m5G_1T^K2$=Fn>(vHFNM9hY&mER
zTgB05hejg*Q-a9<1ZK*YlQ=h<i_9_NZjrCJ!aa9wKe-$<ebM+Z@8AyD43l~sGfu*c
zvh7q~DlR*6{SBZ*jy`p6ZhMf3t#jDax!LR&%GMdHMCBY7gzvV9{CYKCuTvAGXGf5p
z?ZQ<+Ec)ugV?`nvL|(B?9^V9Yin7pIR}>fAs*oIZl<hEjPr{j5LZogSI1i?5w0Kar
zCPpPj?Om9-#kzYJFsg96SA>|lj+%1;CbrSc71&bCxw)cN#O-FD4%HQ5B|T1KN>>m2
z!I=92NK_FXGPfF?r13#TI!U)K2HkRjLd=)N>EEft)~9da(`fiK?;PjF#iu!6aGLY-
z)0}TR&H3@uXy9D%JZMHJnZsqldbSPph--I5j6CL9hPKUEt9(L?yji{sZJVJBZ0bB^
zD}bqlqM!D@mFFNvx|-(Hd7XYzikD4G^PuA>ZUzp{;bAvgsSG^q#=%ri9v4;rkwYpJ
z{g=N|h|%eNVc&@Et!L@+X~VepZK)e>5e80fqFaA29zA8tq)zTj4&DT8*6e+S)ccrw
zRajx~X}qz(T6UV=Wt9n<?KlURpvAkcf`8^F!DckDG3xEk#$cih3m+(mvzl{_gx-!h
zjQt$rDV@*7qn<WMwe<ED2*de!ywuw}G)Bs07o2l|C7d|IRK!)0{wC;u3Z@0fjB}Xi
z_sf?#$y|X4K_l0viHB{$=<(=d<-@kBhc}Z!87*-93-E4+xWVJj_pn_Wn<{la=QaZY
zFBFO0>p!%;QpH_kpE0i#*}xk(lG_-UgTIw<`R1cO)8$zM^vVucwp3i}aCz7-E`Ms2
z%u~@l%4Ui_@*bGJQK__uIy|gtYPSAtf<j2a8Aoojf-{QmN=@&QV<>pbs!LA;6!fT6
zs>h`vzM;!ptqp}3z1~wuIyWAASMuef7<iP}#f7vlbA)tcLAu8=SSX{Jd`HN?2X*9V
zOsSCReC3c5mZKj}K~v&h`BM22agb)+?N|`L&k?%jL3Jl4UkItqMm>_Qaw16&8`{?*
zL@DC^vwtgu7Ubm<aoE<~Dfrt(Gn0D)Zn`hu*9tV}(?&n2nwgv+i*ws}^kw4gb{A;Q
z!`~H}^KjsmqEE$f`7vW+wgdP#USnLI61Tu-@b?G1O{(KR$>uBV^`HxvzXCLmf;<xI
z^1lz8-h^{T;yaS?4=VD&1RH6rin1Nz9Ny)htcV@b8s?05l@O=s!{VtvJcSNiKC37F
z=?opXW>#m9-i-3)RKGPzWBtCx+yTSlDPQYh&0K*yLB~wdSe5bE+X^YD=JJJoXd`M2
zmWNf%-&Kg&7qd((L%+wgx20{4Q|$6*L`fmG3|$|?-<D(P9VN%I41FH`t@55xHlIiG
zJE$mwA}IVN@KJxZj>l(u3T30xG&a6B)f4Z=<OPi>8zKGZ@N=-HXN<s8p&MhV{%Ss+
z3Rikqh0A|JMTzMDTp>n0c2<0(zewy76(u#g+VqWl6UfC=Z-W%uiDI#lc=;Z=1<jaP
zm?S+TNfrJTs^^!;(`S59`B$;bU48(|HvrqjMA@>#tbJQS=1IFYY<A)5kc7ko!HHmW
zOpOw3_R8CeO*~BB4?=Zs4d=$Jx0MJP5!eaklirpW$hV?mR=i4x-j-^;SQxyza|B;n
zUaq2;eziZ=?Wz(Iyh{G4a2LPcAJr|1BaT#HZ9Xh2d?wnZ;ickwmF^dn-V6h8pwhLX
zQY(RN(+gqiPUmJvQMIF}8mESHxgQB8RJe<KiVw}gFe<S;LzFkMHK?i^7-YZMRcKCD
z!h5Fi(|p^7rj4P%oC<fbCk!^&C*tpRb^kWLm?!!F#fuHFZ|IJFg}b=BAX|IY7H^7k
z)<y*2`f5R^%b0}<Z6fN;hevZB9Ou!;3XlE}6*jp^mOCHzwWZdx=ckRU{-qEvJ1D2b
z9Df$M#v^*|5JJ-&E)?hJT7?+qKZFqhv}ht4WJESV93K+fe?WXph3$Wzcx4+5$|cp<
zbcy)d1HP_2FPK&o^@O4=!fwA@%=-HN;&Jf0>&84v@auNu)FbA*1hyJ$T^kAW!uD>j
zbJ)WX(L;AtSQ1S!qnj+itf-M)1ZR8MIpgFTN@%s~a$h^*kk2)Rnjf;-++aB8;qJlC
z)PN+-E39xAAMYP}VZTZfCPUck^4>f}JU4s95((@)^k!-DbLK@}to6-{^sG#nhuZ$U
z&rsVxzfK{#uUH>B*U0_{*nl9->N;ooAc#7zmUWm{?*ehtd0~kYHZ7{&jO>2@o9Nj2
zdAH56Gmlt-5i@LFoeFpH9bz6}O=GNrQSycodcwki#zygnmm<QN;1-xQsRozBxM*As
z<D*q#RF2|22x`vtHK68<l9tT+QwaRys|YbG&vI^DBk=xcmt{yi_>n@4%jPP?yy=`s
z*LTGHS;RQb301lgDjj)UA!ao`5`Urh(mkw}>ds}m>X{Us=SrFIeT>{I%h04~VwE3{
z5r@Jay$o%NldsDU9b;`7(zaRE+s6V6=H+|zXKXvDNLb}9q>QF%Y)WrU@6ve}Y?e(^
zH8x%zoHR`puV;)0(;})`k)}oX450}oG|S5TP$5ReTwz*V5i7jz`j|p1!H7pZ+W+BP
zyn8&}daP=2EbgXYWRwXzqO6XQ!HxIlf{_vNv96IZV6GDJAX#9vkTMAakxgJHG1oRh
zBV+z~#oDKZk#QPHq&E?#+ww@_8LaHQ0d1+cpQ{vUWxS8&$(d2|a`d7mw)_QDk2}0m
zSQ&9Y?Nm@GQSR`FaFJIqGeVJ2l?&0Mf1j{29>eM3UVSzi8t7PYNkgNlu>j^)JXs~o
zi!oqcJhIa=FT58tFF2SNgFgwKLfK4==~41}bC=#b!MvDJ$GmX)^WpCT^g|GrKM-Ym
zDK6>tNCV@UdIrX?mD0fYt}<j`R8-b6Fcw!T#Q6R-G%ylh6(W?qE5v6mrf&Y0>dqYs
zPQcBl6zjgew9=x*yXuOx_6|pjAPb#>QFnQz*qL4a$<aa(b7^2q54|BZa$)$C1dNNc
zO1p7UKNO+DNl~9WYaIPZ9K+QSxyozuGXI!-m%k5U2b1s0Z9+4Xzu%z{Uwkml*!e2j
z72oVo2-p;5A)Df`QBxvpirugxipqpHKCjq_&k!-VR-CPf^o($xYV6}tu(@=f<m!+^
zZ1pvE1{Xft2|Lus;s7U821pbPXzcQH5~{DUqf}4qutOo1ZLv&|wrL%y-||((-Xv^_
ze4xlv+&V`Dhe{Ora^0{JDUhC11PQrH*{CEBkI~qSlm?8JtEAC#g-7?2kkxW|9jnDl
zTmg{u!Jd;W`$}U+jU_Kj`(+wR4rneb@2W+Ak}<qQA?8o`2xS>sFdw}v(K{vM!}KyV
zU0$@xk7Id-M=wLuW#-G0ZSx9U{=-qWFrcxop!qVwGGC5b4WA4-bcQ8)*?lQs-Fn!t
zG!Glso9c0IZ<9`);bEuFaFD!DowOwHLLqspT>j6|9>^=CMOjPVRfyqvMM&Q*Q9?;Y
zcC7{Jy9GpV?^k4cr)BoleElnEz5JsJ^XH&TPIzEKM$E^;#p%n}7^iH9%l}EpkonAR
z$Pk2-S8R;!1C~sT#%j>$80#d&oa_{~OXbUolsk*Jg56SBBhp-~c-d~cxB~gG?|%Y?
zmJkX&CXAPw0VvY5Y$`i!_%by^9gm~=S`_XAtHmy$A=|$s66lF98^sqdDCUDI+{L@Z
z-#4mqzhpaQ1G#q0(W2dPQEzy?dgh?05QGYM@xg)NF87HdufV_WCEy>v3b$Xhy;ZdB
zr;2=!M=Y0WzIB6RRQMsR3qWcsAl)G#WuUHmB-pINU3{-7>Z67akuDuB=n>{Jr7q(c
zpT3|FyQlavyOA_I++T2P-M=rLFs4xQZEcM^pO>rk?x?>4X`0=_8Ykx0t;&Q$N76T%
z<Arfmd>pmO>~k2Ad)+yO7)3X79(>r#4p4nmQpiaV5iTWSa$J;E7+YQl`3*5OH~Y;T
za|W4vw&-_g1Pww=m{(}77Wv>C9ao5v>qWxK&#u6EVLjd3FckAmp%i^CK3@+?(QHMA
zP3<@5oyNvz#n+qQD@Vg<?%xE@L=Cd`9pIO_H;d9{gNV2Qn3r#HdbOC8B&feOguAcM
ze3OJzf&hO!`&>Bo=^nAXFCRoglG7s58FzY>nJ<9C_h6#@VLVhU=lU&c994B2178NI
z@%(eb<QiTRPWtXHzH(4_9a;5x6JLUdZN<dx>x|2v$Ac7&ouz@b@}XyZW@5e3{CSzv
z-B&1w59(EdI0W*rpF!Fkc@8YMeNsfg^kGsZ6eYPWKn4ReeE<155fsbhkb|@+tKB<j
ztc@rO8EY?UGQ+noU&`eO6K&>m4JCA%Bub~$EgkV(L$=$X=OT^CwCC!XeTmOS8h9!K
zbN>F5&A{7_J8^aWlluyH@hgJMsGUVE_Bmb4x$(}kHs{I%f8c!W{R^W1bK#rV_ZzO(
zf@)l?{%VC7yRVnF-|F8KVx(UmzCU}F=;qhI(9PZFI5(1taqv%Wuna)&n+h?0D^iF#
zvqo5n+-xbV#5+Qj(x6fWR2p*r0`YY>kHFU@3h+V}@pS=%vFIyQ4GSugj049UB%4(j
z(~HD~oXgw+o_htF)YcWMvZn?SQu+_!?EK?j$WVL<C=1tPLi3H5s))(cGi}M!7c9Uw
z<)Y2HB?>8f3t-(2GPcR}B3s!DF!wRfDkR9tUV^WqL7KlP^S=YS>~wln`bJ~&)8a~4
zhOlO1QHW)HkMAOUYdrWgCWg;mUfUtWcAq_?kQ{a#Greb*aZvD%U+8=;jp}oVP?*c9
z{_F_+>0Ogv30=ldD&{Mwo{tp*<-U_eLmYHMHC=v4HD*4eh#2Gw!o?}h8d@+TUU5DB
zh(bu9()G;G(CTq_IkaZmDf2EAr`^FTZ1d$=elUeDhF|c><5=xkUJI(-8g1b8c-J$%
z6hf}obB-rbeX$(*#-m{UJZ*W77UzBg>M#=iDjiEHb8ql9GhUQ`>Fy1%+`J^W4-DeE
zpiXt?xgRWMy7euE7?0{0hP?sh!FC&dAR6u{5+6}q-oS;|XJR?p3tl}n)vI5=+f#6!
z`^I_nZ&D?iJps)wa_+7G)gDoN;VJ7>&)3*E`IPv4BgnHj5N1_RD<Y*6jLgd}-|eZ$
z*&QnhyumYYmCOHKt&m+;c^+Sh6T?@~fnyfB0{6qJ`Un@VGdVQ88UIp<@%mHZPSg9r
z*Qo9;2RWmUNCGlT;?g9lJ7YtQV*jO(^m1d+Q<%=q@IS4P#ef9H6yU=0lv#78>AgPv
zULjghm$-i^B-pv`c@16uYl`Ohoi4AzS)~I<#m^c|^_*?C86`&)Vw{z<_%TGPDNL-*
z#>RKzSFQ`j@G)TYqppzP+a5g+1H`{!VtCI7e>HL$>e7pi^*W4!7OYIO$<N|Q{)chT
z_&(%D(uXA#RLA7@!o2QhaCBV;9=8l}=Z)Xn!jjeyLd<*|!t4~|=u_5y>X6C8oil#N
zP{*GRST2yIcxNkP%I`7?t-oSF<@;=%LR|hu4jBcvUxOvd#;mF5qga#8SIQI6H{QUL
zpSljn&z_QjwsRfw&em>%)`rV}NL(s^a-D6nS&D4FhZd|%vd4(&T}B-P%O>l&BTD@Q
z|7(eee=Sjn(c~$GEct0Lz6z)k5-9gwW4#%R+5IbwV@zDn@;@N1$EH^q1#hD%wPbUs
zok0E%hVEA5O%$Hb{6`^dR}MRAY|23gCDom4zq3uk5YD-=k>Sfh#$tvhk}J@f3)|>D
zWCrIe_7=@S9)7>%W$d>Ugl=)@h1-FJ;TLX4a?Wj|GA9d{Xu$#87UyD`-NZLeD8yJZ
zg!AB|UVWB`^0@{Us6Nd~M-V>w#_c`<NWqSp?Q6w8fQ7se2mSjSIOtawDWvSH!Gx49
zfgNM}5HWHX*x*{u%}xT7Gy4@{d~{v-@Zihy_?Gs^0?N$*<?X?Q1Q#3ZNx__fw}g0T
zxz<|gzr3svW9E|zG3V5BKB+j;-#P`oqCb1sDG{Nrt+lyaGs+Gs4c%j06ptRk06LaW
zbMEpl#w4iDhcK)!ZrMI-MSLw1F;6-!SH!A#LOl5VfQLm>zQ)6%1%-Z@qY!UVUM$rS
zqBiij#+EKd*ssY`T;17CfFB<M|CY!s+v>Qq-#@{>W!86*>e}Tmhdu}Ha{1Q?Bu^Ye
zC~ZPemI^3)k4Y$N8-h}4LHYInQTFBWQ54zZHJwZnj-(SHFbIJF0YODGVvrC52}z&^
zW)$U?MLYoU08wTH<t7=WZAVbSMOPG8aq&P=7ncPI6OJT!f#}K+?z7wB6iLF7^zZXt
zRrT~Ffv>+mluTFEt5;R8-c_$&F(?}tlwXesD8IBuD4z-_hgvrP<w9!?<uaDq{S3;h
zCX~%>5Q<Mg`Ke6<P!6}@P_#De{Rswznowd>*!vR#O7oO@P?#z)@kNP2Vjci{GJ{lm
zSU`H9JwmbzNE6#%2U1%B>1_t7;w(b?w+ZRFRD|^XSq^DI>UALP@^eUo(erA5pFw)U
zgtWCILV8U=+S&0skQNF^U07tyV+>NN38{Y<gfvn>y6xucK<djO`S0k0M^@VL+igVu
zw*%!{SIp=iTW6CDYsF%7*k#|5tw3rl4`RSp2o2(lNvD|j9kmEg*B8255t6HHbs4hv
zrrcr)EJFWrZ%53c<%hk1IYXeu7ex{=YxoXQHRD4}qK~yu`bUKKufNHP%0^5GpK<gg
z>wVv=toKbfnY||$_>YHsmHi;<L#?24&mxIL6#AZ|YR1jS7}JRCHL;zw*XHf8*YUj9
z@x0gMcA{4%9{yJdBa31qv*1v)hv^dE9&M<rE-k}dQ59!dF6!2j9iTYeS=ke|O2nJ0
z77_{X$LGuW=R+N!zX^pBac5;0Y?X-ba2b{ZFK3#pTRD}lRBCY@ZA>Xb<7QzMw{q51
z@!(N3fr1$G2)s)#!DQ+gNk<wYi)|^^yMpDoG3}*WBtkQ{u+veV0ru@J67k&z#OGRo
zzM^GSJfr{an=QV@51~+9j)kmY$!3Yj{`6FKhN!TjKwhf;7MsH74>yEYaeFIXCAiJ)
zw+p=fu$y>ECSG68kHo8YR|{TE>*3W6@mi3E8^J{CeT1BG{BT3-`d$Ys3H=kFe935i
zoRLt6R~QL>*a1kW)Fh$T=YwKc;IEXI2J-`VkzAux-+(4&#+*Y94gK*>)}cSu35VWe
zGaq_htU2`9&0^@^%!?fQO6!s&&96K3+e={RqdP|q9j{g~AV^R_Y>@Hs(T0%xp^X*E
z9gOk6T7pP=AK?8=ED;DMGXxi#G}GCF;M94D;NmcXfgm6_x1FGw#T>^_BM!tQeX3>z
z8$@t&8|zw41rfzg_kIpa#Fyq)uEOHXp3BwfxHNVkB5>M2R}u{fA~T^4A-U?nM8&^`
zb^F$#23VZvJrFTHi`!U6yI?M!EIoo*6IQN5-q3?>g#kALIiwv2=~h;+5c4>+9e)7A
zxl3E|4nM;f){dXq@E#NAvcRP;N(oW66jmF)1nuN3uA;q~X1xk_Vh$cMY&_Ty`^IBy
z<eM7-f$$Bjw04AW4t37COKbHG64E?@WRG@)D9eAS;(^!9|Aieb$2!U(twkyFU548r
zfm`o1e)fq2W`oI_BM}vWh3o~+<IW1IX4Kwj-fp|en&sk-n+Wj)o=&A|#wt8VM6FI6
zzmRR-ZXk7v*~?lf_!KDgd^<}1jJYh0IyUIR8`wKS)j!bA$(U%V(2Q4zP9t1`$o}t%
zfSAr8W?LE@d5JaXn+8=^Fo<cE3PE0BK^K4+4J!U@2JKD;&Da;N{06VQq6;Cu5me3i
z-BS46O9GF(qFJ@|2-6NQyHPb`o29agLn1d5A}<Zf-vAf$<E1ur<0_o;wTx9PU5M(0
zp0DB_$yN5|j>sLR?df16v~X)8O#e{_sVBQkN##~oFT;OU!WP#XB{JP+S(=ULd*lY0
zQ`3VD?ftelS$ALio0y*cEn`k2Igi=?tzb?wW=1lnjE<J=`pe9^%<23F;0OD0=iQhy
zJy+2XcHJVd1M=j2fM%r(`&J^}Jerk~1%LFWSt-5Y4<|;&z97LK@duwzXNw04X_+6k
z!h_T@qxwK}u^*>dDfVwAk}EISYL3P}6YtL#_>bqxOG~Mm@#wxAY@Lr=hcV@gBNu%J
zrb1TACmT4XuWjI%F5Vz8UHg0;Oz$x<eK7*lhfPe!Y+#rcEUYq-9R&j}yk^T?2OBcC
za8JV&m#<vbhIO#v6<DMr+5fymh*mXS;#7XW+5K8dh+gYxkd}fCuGUv=t*f<`y`r^p
zeIzZ-UN30rw&x>h>E2WeExq)7U0V9^zd%b}{{k)DvbQ1Z{uP1UCvB~?6t`X?-mx?*
z<=lTI;vGh_QqIC3g8`G~GsFrFVpB9B+OjTeuC}|(^F`dxb++eCt;O2C_uo2H_TG#-
zR93V522|FuZ39%+xh+yzK43h8W~JN;e|TtC$}R9mKJ;?$bTNiJHik*{$8e$E7#Q+n
z9Rm5I>*^EUq3M5_@CK(^39sm-Hsl7nIpcK<gIk*rqD^{^dytvm!cXx@a~R8xC_%EF
za|zL3K>Iv<@~`L(diM}|gWfwN5pBJbAClbnt3<S>PSZbAl$*+(8|5w~M)r3<XBc`a
z%R8IQ;7nw29s@Yf3OJX4k%+c6-8^h5x>Z=lXzlxR&M}d_{yA=g_QE{Wr?g<Qjp*rk
zxg-1AUD!b~>!2lckR&=-u}dP_qm~YiwU6kaGw)!u=pY4=&d~NWv;$f<wd#3on-Z{}
z;{PKNx#$5K{y6^){P3_JA^efU)8;kxNkrKK(rs@7zbf6^hQ|p-{h3NOZO;uT_lt<W
zziP^zjm}+Ki#NEw^i5M17bvWOBA<kJcROta9qo`%$3{-$Do>+kJZOC_nzPtu2w=H<
zD&qr3cT2dck(fNy)XE2*Zp!sBPz`r!FTKu@nc6f`$*uA-)8)-?!;0aL&vH!mCRu_{
ze)IwgUSv>+N$6&0g*z+z!?hBTmu$g%yQQ`4-tPNe31-k=T+43P^2y6s_M6qF5||e@
zw$9;;jZK@xos~TRpcie7#+B=aKi04xY53!VXts<6)5J1%iRa6>92A=ht}4q#E18Cr
z{M!vyb7m7OCUcrF*v(;OFg$5NlgOp~FO<x`Iv-TK!1GNQqcOBUo)Jgorn8`!1vLKs
ze+^B*`iO2fVkgU)CWV}wTOogZ4U%F@6T;u_Ly!Gc=Ps%&MY#dHJeDDrI!z+(!0MgA
zeJV`}=VtmGRhZIUxDlEWZ+AREUkl99V31V&!G_?=)ep8N#EjRXYF;8$<0pI#@^5gQ
z>_03K;>z4A2cmAmv~MS{R#cvYst$~)*h>AC-gs&x0LfKpMbDyv@yf5(y^JIOOp359
z*mShU{7!W;EMmSWkzp}UV)xIKgT~K{^HFsp^SBr+{eibJ^&7s{p|)~+Tu~dMfOV+f
z@Y<;%d+(;Iece|usJu8nQQkgOIVemN)qdqmC>;<d7wsX0==&r><n~1S_cQ47pB35G
zw-vTm>NDK99L7>i!M;nt>AtAVLMk~()s0NPha>6w@JPD5s1ZZedmU7{t3*W6nb<tV
zvGLxc!)%1thpnXc*wYwO#~a8+$>;@T3#;017h~}^hsM_Pv%r8<mr?*j`uIy=zfkF;
zFkrV*rMaf^VSU10T7Zf4D5pJ2jY}yr&lvtO6@y{f=yDUO>cY|8&PUe;Q#>qX#e*Df
zr4Jiq|HM!yD?V&~+)AysWC{-xoP=5KYx!_I$~jDVzmf@N`~7PK+J(sE&$|_r*)BG+
zIDGw<6Te(^Ta97pSFWM5<{gMR_`ErcoU}xh5dGsC!$A7()C%eQ7%dDs^!AvCA8A$l
za7y?P=e`=l2u<Sc$t#5DkJsS&ZC3URYr>rJ(W{J8PJddmFe(3-t6W`JW7SMeO#-hS
za01i6X(>#&)25~%<?&o^IAHw}A!J>+G&+wE1zRA4>?NLP6ZNUG9QxJE!>diz><z!*
zer*ae`;eb+)wQiqj(`G%N2gsD;zncmTrhham`6xxP#D(J3|9Hi64Bleuol#TweKYh
ztSS@MvOGd^Hxe|XS0oUk2NJ{toHZ-8$>UK=I1)U*L;BaJn3exDD?bI;wP0V*nO|?t
zGsCPh%|@5Z;u);iqtrr;Rtbb?A3hac|Bp4HzwHXo0_bn+WkS}4zq#Ps%khM06V2Ab
zQS9HX3n0Il4VFU#A3n*KJ!CuTR@*UgZt{2klZdwVX0BV^wOt}w?9E}_>Wh{Ux|MvA
z=~gvQaos8wvrT98`Jo}*YGp(sxm8i9l7G1xMDI&B{ILXoyuf}e!XJ})c9JzuqNc;-
z^3NFcEz3oZ*$8n~`YUqeC8eM=exLZ)oY}xv?!p)MO5F--&@N>^9$nP9lpR|4r!XtL
zM>*$G4zMiui;-`f7aZ1aczaSq_BpQuA@t;RAy@*+cDR&ME%+qMLE{gCV2fj!)joZ)
z-Zh+MPu7da@;_NOx5~69O;?L0xN9tawR=9Z9Gs^%BLvf{Op1$qT~9gWte{!hj?a+8
zU{vl~wT7WNo|K5bh=o@*DMh0B@E0VSm7wF#>&%Jf+%}15yVAl$^G1sZqDei@h^G7r
zPBf0=NHm+u8zP$cXnq<i7bT+Bg@OKKK9z{q?ozge(x4ZmOp~7AVx)WHNO$GKPw-RT
zEW7^`P<oDn5)kmE!UTpAz}{k4s&7a)dTEVeXt9rnH|Oz-VqYCH_f?1fgy;zpA=-gS
z;hHa85;aelHJ^o=$8CgYUt4PCov6Rzhvf1*ES3#_KYV+OJuoziEk!ppk&<r#&U&d6
zUy44Z643^B3NJ-^b6g73L&gY&FU-$J4MX30)G)O6lfv<tqpk^@B-8Jal~0IX8%2nA
z>9H{O_n0$s*u?a980R(X#I6e$rbA&x93k50kA*vY%>;AAtl1Z8t`%U`gcVO#oYP<M
zR%oK%Z6`z<W5H~}p917b6Xe|fgoGxn3xAjoedM!OrrKaIQO4iCmxy-vTmk%)2<vat
z40U%*D-Ke|J0IOL49;u)L8{!;nDMQnk4eNrOO<-##sb{$X4h+>YpoF>+RBL*YA~@5
znKeuLlQ1}!a!}s@RFGxwzY3UT`kzb_cxIxw7-f3RKgU<Y*>BA8x$rPb=5ne8n0slv
zT=Z@d+5@h#tt@DZ>4#_w$o}e!hM|Wp8pgUX!FK}06JrTk7ba~lE;-(W$qsE{@g_T1
zyvYuUXrnrC;@q)CBHAaZVdDHO@dm^>=dfYu&m1-kZNUU?Ql7sm<|o#q%tD~d@hnvO
z9*h&p_yUC3v$MslH;Lwp7)Xp<#4qMr7V+DBSj5t%Y!Oo?N<<&tgb?k*qrwZAVD@<g
z`n(%TPmK?+-kBo;yI;e*9`<bwOjr1u7ry;y7wCmIS$4i<*N7Xzm6i=~RX@QVgsCaP
zSsw5c&ho&YB%=M%p3m};5{YQ}?ZdM?MZUo-KXS-0^x=mLLu)%eyd!%Z6+=lfv1?wy
zv0G(H+k(2}ow30G9t}5l9v979hu5iq>x<!rCN$mOm=NtBkA~-Ru?Zp7gz&pSAXo>1
zFr0B{C}$7AsGp4glu1N;Vy2krG(iU!6C&y0U$ZTA&}jhB!GT7M4wA=9M1KqTUd<!n
z@l7?c>t<p%dH^B%(@^u5N5YAee>VC1ZD!3yP_rP)dN{-iK7;}VrefB^g6MjgrGo}q
zm?37JLzkk^GnnJkoF9EH-ox1#W|=)qmU%eJ0x8l?FkvjNGE+&Z8yQoOWq&a++kZz9
zvM$W2^I-SavMUn@Fy~Z8F{aH;-UQ6_ffP=cC7UFoebzQimqX&MbSVh3%>l#E6Al=L
zral~=@qUNJJZ6~_GHc)sDC&K@hjoCe*_mZX3~z&yGWK~f2Q39LB*jM(!`m}0#4w@&
zh~Z0i$yJMcL?U_?NU!q`g;6_VE^(fT+UbFW=m!vmLsZTF2HzCPXb&jtn;}qWCs0`4
zG!lhYRuoDRg|}iD3jT+s|6>n$lxv(8^pAlW3oNMqYN8rG`uQ6rMBf%oh}OoeDZJ?Z
zVJAg{@Ci&2WzSDkLz`3MBocX~>|brN!CTBW69*6y8s4xdpEN*B2qxV7AjWj#Xv(;7
zDzE(}*jr7o&keW^N6_z$6+pwaXTbKlh>7P9u(C#G*;~NTCx8}_JTA<I9z0l|qt68H
zeXA6~(P!u4{TBtj75K+I@dxg#im=`6FUQx|tQIqux**0s8YdAm6$E!YxYf0&MKSjb
z4p02Oih22%oq<axymS5vx#(*YiemHn>>3?s(M%d-ANpJ-NCO*iAIFsAK8`Jyi1vDG
z!_ZkgZgv7}^Q`Pc?|}+(7PV606Rn*0DIp}$8&9+B|AKP=PmS0$&8ZJc=Ba)mVnyVl
zpO{L!6tspi|4#UbUZk~q5FD$m`0>|z8@hDJJZ;1?eCK@HhzBpTitO!cgsqKv5T>#c
zgB!GM)A^2qWq3AB%7X~;O@MvX{XvO@Mo~5Ujr9`IVjN*E^}o1=xYVXShM|A8$1t=L
ze+%!gCHn=v3^)5YMZ+gZ5gS$5rdIZg<PgZ-_$-FR=DaKsbu9o<m*Rey<G^%~NM#jn
zcBG^)u?tRjFFvS}u_h=HZJJkXfE>YQevXS|Gi#o+u$fH*fz6ZwfBzATlmyGL1|Ji{
z8fy+~r0e>_(!Y@e=liw<QR)mR9iApoq5>sP9h6e6DBVE`PyDMd0+eQs38OT^L}`MF
zQrY!T!siOLK4a>!w+a)=B=)ug19Z+sNT{t=HChPar>v!^gDeWU*@rlmyR8;C;i@VD
zxuc06xh}U_C5bwp0FQc65-U18h|_nlSR&f{&x+}LKuljsY~=JE^jfCx78gw4CGJge
zkCBLe!Y0-wjR6h-U}^$>L;(IJCK9mU3ixdoA-*Pf{_}uDt|x@_FNuZIwlHU*$Mw`m
zAe^(9pmINJ)7EVB!T+iG3I6rXwfe&6$pO{~rMx;gH_QhoTodAH<^ZcCsjoKG(U9J`
zVi@}CS6~=?=zUE@-no&&a`CEV=mX3)O+h@DnRa2iS+E^M>NvBPQD#Bxjdo_h+RH;`
zo9Qk>^oRd646P>;J$&0yhg=(;sDi78q3s<ZnWqEjh=l3z-bK~;VQ)c+lPYD}`wwCq
zP|=H^H_RS^x6s#x#h-a>#QrgWz-VAOhy<Tq3ygyLEHXjO_~}3OPJezP4V?b`Oz^O;
z-&-K37O@{4@y7!8BjqiLc%KK!+kYfpO!Eijg=Yyn_VE^A*k!J~B<NO7QFSd7u>0JK
zu8pr^gYk<CM$G5S^G7klViLpSucRsu5eck8wlg(k82X1HHmh0LE0$pd0Y-ej0=TRg
zDUr|up#&9;2rDFa7=jS4n##wXJVHXPHP>*#tqilMQND#$aXq4r{LurK>x0~vSI4*S
zR<7z#m@F;qq0h@BL?3Jxgx&2+px{okV5eE&1oi23wJ5mLB*C-5`P!PEpbE1^2wHr4
zRumjC3z~r8@%mY@QU3%06@Q3&#Dv@#bh{@^0CuxrG8A;XAOJK6rTuLafNa*QfqJ$J
zq98M@)<TQtFA4wwK*(lxG}Ns3Gi>52Q{!z7&76OTpX&g;entE&7Y-lT6`{uL<9Gcn
zo6%XZE)-=wjPXx9X&CxPrq^+@RbKTOM2J4y?7aPe2!`^swd&uX>iuTb`wL)ouZo|W
z;pg0oKn-WLuZGsw=KOb73b4;w!OjM-S0l<Ijm`RYC^tX3<8BZFv$ENYONOD}dP$(R
z0cJGT#Pn8}??*3-pIuxL6Z|IpEVx|X)%HjKI%Kb3J8{GJFbYriaw(N~(`eIqP*Lt2
ziuyZnkyEHiZ#a+d1=^@GcBgM>y|@1G&Z#(wF2nQ2O5<n2zINMqFoMm-xr{q2`-vr>
zRKL@h5Iq`OCy!bpK|Ae(`&nL@uUO>C&tEo}{^%o{>0bXBb%TN+RqeOo^GosnTP?1V
zyoW$i@KGo*CO)+_aB*iNe9Rmhl#8}uvHj8pcK^o&vmgBeDJM2?Fq+f=m@D{kc93Qs
zl8dA$(=iVQl&2h+)PzPXnBv9zC37Mkegh`r4KyG;JJtEsFtDJ4|I$aRwar8L`9L6s
z8wuI%zLM}!#uNAPqIEHmM+aT*=T~Rdb?4b?xRu|vLHF_W`7!)GAxwhpcQhhIZ_<d6
z+)aBh7s$@x_knE~!$s1lM&_$*9>l*=t9gnLJ*Cz#ayRW|O~yf!YC8Zqz`iVlFDJni
zeVLEIKN4FUWaaNec`5S)`aVZHZOVGI)1C&~<@YAs-!l4hiD-SAge{rYjUrBE@@m<s
z%$+b9u!#OFJnG3<^L2xS^O@Zm2mOWJeC==9Yp@W%;s+jCf{No+>?zh~*LDnHH$44O
zF@)R`=!0+j;f?!px7vBsYZ7s852ecObASx+?M=6G))<oLR&-ZkS)9u#^#{GPsj`Er
zd5P}KN8@~HuFTTey{Ve#aNDZgYFA9#>o>fcz|vi>Jvc-np|7D%%RzzYi?lH42v_n|
zgqBgI+I)8zNYB@dvb1GsFz3o1_~xu+1gP(if#o^ErvK`Fgg7gKDCe_>>mUCN*Wk)J
zT!X9YB%)1h%-6v4nMAa8jlyg2uh@t+h^b*~@cF%xxdZ&Q>~cr9uNqv2#&+wOYJB)2
zOVVOkh6KCVV2J#>0%s+d5|+DP{qL0s&-zlnm=?}nM|^W!YC$4Z<9}Kt5m%-sj$M&*
zWtPf;pgsH=qbsVw49h9yy>3_}5#O^^9hyiBuSl{V*b5EhIcQ*Ts$1>gR(pjX6qkz*
zu<0(Rena-3B7~qv!L6L5if@fEd>vJNYk1($dwL5y$Dt3$!2xw`nvRJqvh1mgK$B~S
zOw6|i0{{+blRSKDt9BMRo4^-#@I7o{G3PLiqv~7iIHb(@#k}N!b2odH@e510Yv&J{
z;uob%Tl6N2WJmi;9lHvYRMode_IEQ3gXQDm(K!b_JUR!5%0h(FC}@IXcY3p^k>Kk|
zl`8E&9*Kl*i-@05E^6=d#;m&U=ZJDOFOelxF@_}igWl=phm*KpPP&!Z<^JG*S)fC^
zTEhrU7mMSIhy6kWG){j6c6#BJs97_pYTt?Z0#K3#GCp}kBI_mGp4#t&P_Q_+=WaU2
zi2srM3DFhI&$8|~`}F4hnES)6oOJHu8t`^~5vy{7Re7&omC!R0AgO=XjJv36AHXo7
zg;#7eV9$6Sy&xk-NrcMz<qW?bkKk4Rdj)Fw%ItNR%7x`|aVeGB!)`32%3jeORSU{J
z{xjaLXa;sfdh?XKlv2DW{EK#nn`d}AiwFLma@ZRlzrg_V{4H+9a4EaBD1?5+<3H|g
zf#>oGZsimd{5}{9sDD?!I(wZrnHr6AzlC-1b*IX1?fbzJ33V!P9uKw4-BiKG?z@k(
z!JxB(ZAkWXL-fPU|1(1(s&8k$az!hO!L<HCs_bzqmHHqFI1-04Jq(4t7*Vc|0jq5A
zpzt}weOEw&9A*vH-$zI&P*$+>h5K-sD#S}R$DO-?>2Y8|{l{9|XuDO+OO8fujTSSA
z@31oxm#aB(Zgs_Bk%7Jnqq@$y)B@rvE5&0)lmoK=@@2!&&xt2T%7G4Ah8aGiXm;n{
zqtsI6P_FSS%OQuJgffr6(!0~GRJn`<U%57OkVHZy+C*2_DRdDB$?2*ykm^b{fR;Fb
z6IU3sEpUmnQ9L(YozqdzI#kD=;BQx3#t<d@H-mk@_KIO>#|N@35ACTMKlx?T%w2yk
zvkV7HglKOLWRV_LQ6u|5fO&WY^FX0EaVwXZc+o$=kL&ml=HAcJDixF?UsQ*$(tFkz
zhW5ljeC=lq^xlc8@#hq?_ddLL9kfvguZJ&pusi(;Nc$JHY@D`(&LCjqQZD5y$AD2K
zg7|FWQcAV9t_EUMVqKD8-y+cDPg*Z*<p`Asrl#p-2{JL)WjY^}Z;hUVf^PPzP-FN%
zpCN?$E|rM3<~5{F-tMLQVPxLs&h5@!p<Ga=4v!~9-}xsd&Zerpk;0P%*wcpL_POL`
zjDrR;YQ|!ECTCD<IY1)LUC!+o+{GqVKXMi5<`C;=HK<pUufdn2?27{^X$&UF+F8PO
z%;Cr#6LfCZ-@j_vVOwBJ^3CY10DM4$ztl%!#;cvT-EaL`;5@@7MeoImZ;vSEWo@ls
zLt>}1=5FPJe(j2tVn#3!obBm18O(gS{(FAaNc7)h%7jX)T%oGH^+Icw+Vi#so+#fO
zWieaU;%lk@i?Cd_u}kyCFM&Q$=2q6m8HV9)#zT=8y(AHDqFbpB^`r`>nRf<5gFwH(
zeSpYg+kyp;CnMJ_)dB<919U1v!pxKS0O^M>g3|LcX6M@okX(U*sZ{ZI#pKE7T<S)R
z>G9g%3z!l=D2hEP?tc*v8rXAE>RM=^{q#HAJ&Q14Xs&|>@YNTs%N`q1wrGFkaee$>
zQH1y_sER$xMc1N;`AS=yNE($c{^%+m<-w%S-1`Um&u!hoyzb8K>3!Isve!1s`XEMo
z3})V>F|+US7t!ek9cruc+29_;dCzG1q14dx8n27@x}Cf5_fnj;wbiKh<H{WH!*srn
zS=xEZ+7nU8j@=O{Yw;+?*I28}m&kf{antZ9RXpJu&+bZ<<x}fDLN~t@iVDAzTuQC>
z>PYiJ3=98wKc5?m9oWlNE+fIMB9?N|RgoEnFoSc+YBV@g-V+8V%h8ikw3@?6k7~f+
z>>tGwPOvBR?Q<BE-R}x07x5NK$`k>`Xxsplq$V6nYnDQI6oc}b31u=y;G|Fi<@uxr
zpr}b4${R`CEz%1pXS*|qvH1=|B%j{hjS$VB$5X}-o-)Rphk<^tV4z=ovgo^rEo$~%
zE6_NZj5bR06fj4&*VGz%XB2(^Lo)cft7)gM>dH3D@COOe??4~8+c1nv(S#H?AIjcB
z0u)p6)h)b@3gtCWUO1Ex{T+5dxb0tfywK$%iD>$0ZVwObj;qa@Toq2BR5lQ2rIz|P
zT-)MtLkaOsgu(s2zeMn7NYNh8k$7(g^!9i7>eL>~4JQmgV&WTZC#3iw)R5T+0v|pe
zYU$F=Hg5qkQl@>eiHAQN*1c=)X8q>wV!(EQ_d5)DV+Ufs1d_<I``^aARbpsm&PuId
zjA$uA%aWn6!4QGaJne%V)YI6e^gnsc2+uKV69a87hTG^a#Qco@3XT{!K<qHl0aV8J
z=W98jL?j_l?8JFvFP1$W{{}+RUvEtaNR2akCVRX0+H#3##+6#ra9wa~gyC9zjgjA_
z93Im74KrH5{U=7F#u=QYSUmKdT3H|E?9vK3)wTB<<Wy~2nNF(qt>E)&q<1y>-yb8L
zcmIck57M}lZL&WJL8ZL^G2dqWT4APcs%D(LJ~q{uVuMXt6ZUos^#?tQCKsJ*2}_Dm
zr$4f^1L>G^vrQ{PJnAII7F*(vshlUqxQsZiVaaZ#Ogq>Q?+K-&6gtn@B2|_%w#Xlf
zwYUEOp@TVFCutVrlDUOjqdZEfTPbrZN41CV=ee^Yn5DNLG6auuUM?Dk+-zgINbUVZ
z6sqKI6=zQ_dKO>uj^jcU+Lvi}^}`39-O5?C`m_OkxdhIESx|zeiQ`tbXtDiZx9xFf
z*-y^}jrwCy^|S0d@W(ss$9MQ+5gGwy&`8V1Ml6oIWeTDo7ZtLsdrP-aHKXdi28m#I
zG9ws#x}j)aG9e3>JJ`%^ME(-r<t@Q#4<{oHto|3Lfi5it4IEw3pk)0XffqQ>u+yVt
zSaNq7tohzKmNl1K;vI62IzG*T)=fwFpiWO@k7>kEL+0;kG}ZKMbI~!~*~$hN{m%C-
zi>@`a=-Z-PO08S@U3+>6uAfWU=1szNXyR5*X$!Jp#WXN_@euY|{@Yx5sxBu;cz^oh
zv|+pyPupRXCY;{9L@A@nL0o)Lv<CFy>z|*@-Z&HYahgE&tj-r_ON0}UT=YG9Vmt4c
z4NG3ketd^NzGUfUv{06~S=YM_>s&7Sl)%#G%1gIV)&38Jw-OL`Wo~62BFx@Kv+R$}
zmWZ!2<{=kYbx-AY=tMxgw+}wpBbqFk1q#fQ4!l@|Km++{srq8}BuJM1uG#z+O`PnX
zjqik(Y0f?p(WmlzHl3S^8cow!QZ?u$0jf|ga&3Ji;=zjnVyF4vyk;1ho`v5nJI?>A
z$)HCMBSasMfnLaRO{qfFjDGJnNTSItte!qc3)9ng?<|S<(g2m(-h5taQ<$$xII_oP
z!Qvj{4d%>*S+TXitAQX6)G>)v&4^vzV87lLCi9)%0+qi4<up|T(9j)tK9#B&tCt}W
z_hJH0n^+*EPkTFakxgwuNbW|K2ctPVkC?v<nK8bOno+>2J)2_5elf{Xp@j*t1Bdu#
zdw|IDV3e>1{VWZR<@4-0?Je0ax>zb~&KD3nafojtM9hORjj9<oOXZ~;+RFAk`^D+M
zhYM$zkUDcn`Dp;j%zja3sXUlN`Y0`&{o*!1J2Boae}k$<?!pphFn{6UNNa?uOBpM<
zoU81~9X>?cd61ZSFr3X{VX9n#Ii`^^|9do2Ja_X{qfBG=-`yN9vI-gSKyzkfn#v_r
zks|aNc!@f@)0?O;KJ`yj7$^TzBHFTxwal9x`=&&+-~R|J1xq_cC<W*KWE<pgFRm1v
z`V;B<UvFPm47YA>RSMeTWrd7WZ#5_nnl(4+GP$``DcJEoN(09m7NsB-L8W~AJ{JfN
zHx~lo=j&s0wpmyyNRLzs4m2~Bf^{=20wTM)MJedj{6<Q__PhUzQt<kW{~x8mJ*Xk2
zVBFndrGUBI!%BfhB9(&k80`?pw1F;nM`{DTdJ0!rv-;Y=<(@(tI5=G*-Ur-S_HFRT
zeeNv#R``Q*4d7%3R^;Io@3qDbz1hwRjILO^73{d_Kr-9BUVd@sDQG{<qny<PguOqO
zWuGx!#7V^Ywg9#>dP*epU!b@tJ?pV#plxkL&w4C5(GV>8KO+dye~vL(a)Gll)EB02
zRR$k*LL2t5ojI{FJvqnBvfuI?@YF9+KUj;Brmz%P<NZsoOJ4nx7_kT0%l}D)6euU$
zS@!n;RM9e~KP|u?D*G`Tf6QUZlt;PdQOdMscfpvdJ<2IeULh|W?;s?9VF=Z#$@sKj
zMCOSIrs7uqQ1)sQ_cK4oZ;6Ds0^<Y=ftk!Ivyoh-REz1seI4H?5>nu=WR<C!@%rDd
zJHD5atS5voCz;}gdl#Pe!IZt2Bn}EOKo<QZ6)xqPd0P1XUASl6%F152VxO^#EV#0P
zw%Z8d_Eo9V2z8%WCx36@mN-0|Vl31s1?5dS=T;Gx(9Ue<LD@^BYVv+B(A}`KII3U^
z*^f^LW|qr=*SRL*pte1h6Gra$yw*b^u19ONzuhU!(tJCghD!7Vl`yODtVgLqAJ(5#
zUCMk{JB%R?eBYGC8Oi>E28;e()k7kBZ@@FNe0ED$Ao|Zb2bV>mS6oUBY(n<T7&G#5
zihXwN@gA^wS36Klv*(JHD(&qG@sOQ1ZW~I7Tb+DqPbEf(hEDYy5EUNfq&|-2X>n)S
ztERD3C!E;)Z*T?b{GAffU#t=Ps&*thA?1e}%>EP>DOH)nZ@d0T5{OY~Kt@4>8`SnF
z)z0ngmUb^R#FK;sz8p<RaUU?m$Fs~N6|bWF`r#iazkd9OM6^Apx%}GnszkI~PKV`J
zP1^|h<vYvvK<b@beoa1$^6S(a*CqLPldSUVeWcWko8M?qe*G)SlwY4<#pIs&;8Xm#
zSD4`95)I`SBl?uK|KRd#Pm+*dNlUJa%^Mt>t!#2UR#$+>e;ftb^LXP6ou}uX0fO0>
zigf>Jl0}exlvG!c3I8U5VzS~&I`UR7$MDs!<?Oxsm0XmSJ!6V8sxF0=4f+B%b9tuC
z&1=XV_<A~K%SK_Q6J|uXRfcuZpX{MezL}K$Xx`#1G9-tmM+&sZ?%=Hbe~I-4TGw<T
z(Bhwwi1!h9mi^DE67i09XW1{pA49l6OTNP@(B5sq1X_Vrplz9o0!=Pbkd2^F`}<Vj
z=0$kEb(TMo0fOzlsbRsk0kD4W4vB=m1eUP$4xD7`nEg$;QSv-1gW>yarc`@#RKxxs
z{qDx~C0+6Dd^$$As3Ymx-eF3*oTq_pr#7oA=_b8;T|(@hXq9y7i9*t?1yGn$*PUfw
zhCc%A#~b)#UX)eRecru}q#M*cEa{$(`YV#|^lwbkmB@s60*?tv2h(?75V>K>Z9-p0
zo7TTtX8C)*!CP|~A1rRrMmi>2Mcqjm?M+8m)D=yEIg3sV$HbgLY1a$4N?6vd?ar@c
z9InM=E8FYJGbMn6tPrgULY1{l?Oeu%QzGcSQ-IXmX>lfnyo=Er+vLC<%`tM~42#~#
zPjk3c;xdTK*v47FwaI`dMti73cnC*F3ABP7hbur+sk)KbA`YrH!biNyse+auHEg&J
zjq$MsL-r@z2+@=AwB?ksl!;r!mXQHR&iA7JOf!z%Yt0B59Ed)RDKQ>lK^=nup`wRv
zoDNF0zuzhZ>^M8&cU)04z{EFgX?YL(@!QZfaUS3K!WBErS4{D1wT2P4rIS!=t1^~q
z7z0(pHwl*M$q{8`+FM>`!NnwEUmo)miqDPguK`1={XF*mLYa2tR@@g|4NHEQn}urX
zH@sP(LG;wt-zt&N9d*`Q`;ax}b$!3qDd(<c_Bu6H<Nx-QM7TO}AYANLH=?nw)Iu#~
zuQ9~oR%)rT7jsP17>53vWyO7WxzrpM7ZQ&z^MkB!@>Ha(f9)ER_0hLVL@&C=!bjv+
z*02QqfhR?R_9t>A;;i5iB(Q!fyW%kww|c@W$+*?d(d;?Y>q&m9BK_+bjfBL1$ZQ+^
z0MFL3m#S;ghP@CcYCUY$iZ^Sym0EoVKEQ}tL_?@h|1R!~n$eG{_HUlB#-pqpfyc_F
z8RoI_NBv;1Y@8c!wvIC-IV-pa>MsmW=r#Ao5uz>W8ou<lPZM}Hwi8m^V;CX&;6{XK
zPj}@y+!3=z6R6P-YK&o*s(QVMs?hw`Q59P7x<s@ekJTEX+cjrbiReVP;KQaM4_e1y
zbW`>fzeKc}qo%Ut|4f6CX{=_hdENls>gr{7Akj=W-}jBxt%$K!V*!3aEFsz#H-{hP
z?ee>*84p94HLU(Ijs6Ks3pc^f?w7vC?w7tM5$(#+S|c<-d+=t7aBr^v&fn3lPBg4=
z83yx)q5Ferr}_?dXI+M&HnR+Mn_j==9Kc<PLG}jYYx{fsI&VUq2{9sySg+Q_%)V{T
zSNvZ;pE0%H^SA|Hk0C^VHii)GnJ(d=7cC_4XlbuMaa<WHP8klEH3A`jkgD1E(2JV!
z=F1Y%Tzv&<Hwg<yVc8DqoX^e6VG(snpd(-FB3-XDw{r2X9H(&)Rq+Tw?S~{nw6{BR
zqE^f?rQBdlFARs(W8SM*;;vtB5p)2yx7ImL$dYb1fSWOb5WSgcV%&0rssl%aQP_M8
zbFEoU0w<ycTxQMzWxBSrQp@Nkpx<UUkM)YjS)k26W*C~17G?#<Pm4LZ19r)4fMkxH
z5N&)KpS6%#BOPiihZ;jzoUmsB?wgO$I7<E(*g=~Q)f%A(v@U59(Hozs#|qvb!AFhM
zd0pB>!n_<sh`yIa!ycP25v}xKcrU$t+QK&88zIIGDC)y5F}893w8=J3L=1wp+AxB@
z-liu+5u#1&1haywrGLX&QN1^edEiJw^v7U}^zJB@x-S&WfP#BsMDP9J+sp8+cZ~J?
z7FB^%p$dE_6XL9(s#vwT*`j?ewErix|Bg-YuNX9wk^PcHwCdiXS_`qEmdFils5`PP
z8|u?e^*5A9Iq}zyro~>m3=C*q0wLNx9mBzY&zX~y2Y7D;y!+cRi^#P{G3C-((9&wP
zTRU=d;9Z%AzUIVHb=hHIWUY`{K!zGa%dlT-bf4?2Vd(wN;*GjgrepI!+OHFMZbP@a
z5=ugjT%(jb$c<lwdAvA*KelW7SeA8UK9=fKj@IfJ?peuCOXQ9n<*eyf`H?F^+j*G2
z?=3K7hIW)lXb~I!!0T`2y7L?{y&mOcahFkq=$+%QPc3pnB(>a^CCI=9v)*@<xzR<J
zqC<UcQ>!#(L_cmA(~P$3%cHHbgO$D`O8+lM3mUjLyObR`U#DHlB~VuSb^x>ZtVcP4
zDXY#4ugos0pytj3S3UlqHx-Q1HZJ8Smr{lLAGWM@D;I<c!%PxksQ4?qEr6zFpy}PI
z=<&ueGshHVnkn@QlJzFRS~t}`3s<G;MyBA4iDK%uTRFyb=_ItIQdu0B{(2J(4$W2m
z)F!1$Bwslhj!=272_ag3`!Ew7XYK?ytjW|-4X7HY4;Y3fx93cCgxSJ_%1J{lHXcCN
z(?he6$v%uPLM1<<NJJaEuht0Nrj@jlh(6)0MJqvF1Ssm!^Vl|RmPE8gd&6wA`B@9w
zoHI&L03e~KoM&uv{@Jj02{WcojX;)b9;1L#f}B|NpKAc_C8}n3C_<L?@&buy1wBOv
zcMFy^xk*DTYgR7{%c^cypJo03@vEDF73~Ct_T7{)Q{Q<`3}YnBd6&_I=&yruG@-3v
z>SLf_<Y+=dv)G5f!H37;!;{zBplcgPZqPM%i$OmKjpvW9yFo*lT5L*~jox(LYBUtT
zG5W7C6MbhKGTJvD1V(%A9AmVb+j5S!zOjYTS`sv&`Rv~=7k$-Ouv}N!HiJ!FoQ3Od
zItTp2oG`}?l$9Q!2R&+7!i(xuSPB(d$5}-*qoIu>SgJ!IXW3WRNG_J0mCg$NdzLxk
zdweV;<F0uU(a!Y{poR&mTHUB2s_N3yLRJ54+mIl<^#3UcVQ)>375z7BU|Rma0D6=Y
z#lL}Y?G!79e`Ykl^&5;d=C~24FSsHWCEuK~T0Uhrbd6UEb1)|Yf^+)~J>;6zm+nz&
z1dywj>+^(nMupdNr1`b$X!e3WGK%^=>AOux89@J4pkEIC<ND<E@8MiOVvX*HM!&(j
zw7Ws0_0VYP4XAi8RPfqaoZ^9=gy=8*a(!@zp!NVzlQSIQaQ)&3%z*hOsmww69ayEO
zT1g}vTGIL^VC2ii$ymu2JV<4V{6VeRXXrjW*vfj`Zk{s!Cb0-%Kcfgd<&ul4B|=OY
zYYFe<$6%cHsG6~MdV?nj=WJH5;~$vKVL$gcc6<QyJL4`K$KIy?2H$U-%igArrH0I&
zf%4h4zO5ye^mzFY=&%f*{RWXQu6l)C^!QM`Vz`w*v_rSDm+K-P4Zi5$Z{fYfZmaUB
zXrJs>4DB}udb5}!l3<OIb}PrAN|p9?xQa9AQBIpPi8Jk1SNGy>vouf?+H(o&RxY}f
zQtdehhJ~Y1yPUi5EcX>gI_kb&T;QmeQu9tn-FJ{v9rf-s#5?Nd-Mrc=!pp~1))TF)
z?mO{y2Y$708fD4G>Bg19xuEm6R!6>@4BN0$A6sh}n!jaO0wvUn9XPRp9a22@0YdZz
zlGtz)uj6Up$4qR~Kl1<~;ZwFq7Uot_XG0q=xzaH7OP56dk2chQw+9Gmh^y*nZP!<u
zr$j|c<(tw4{u6*<<UVj+wK)tQNKc#9QsRv41a~Ulh+Ur7Jy#4vP~>4&gf(~)A^2Ns
z*-|1}*Kznr=v@>xwEdqW#5I$R9oU<n{Y`)1o9Mh<ioX1y_GxoTXkORDgW-D#6rAGA
z*XLrjz{Td7;nuM*F)ctE^)nabYBV9mV}=r<kJ%-@b%%O0flaqE>)GJjzoFg*v)&;1
z_5g6^bAMhRiRiF*;{TSHG?2aK7Mz}$xe`&ALO0r`9kmARaD`QmGwN+~mD7bG`xCAi
zhTi?!_3^oXI55VG`fHV99Je+^l=s8<N12Lo4vcjvsGT{L^<jgUzXTK8yAm&Lc$6CL
zT2feW_=lN-V^?b?IPL}7`#cHLnWS2Lxg!pXE-7^B9CZV2QNM7ZJ}$*A0n0DVl^Y9S
zyg({1UJ{hEb)=vPu<S9XNcbnKQW~M9g^6f9fV=B~8)5bOHNz;r)Bxfh<&y3&k$8JF
zv7FH8?L+l_>+jrHwXp0;_l5dHIEw)V|Cin*Ccg27`u%SmZ5lxh0MN54#r@skR5>wp
z2xfE`7)J}&EkuF&6i9{2L|FToiNM#J(XzZmVqRA}mxM*>q9{FF^eZdsC5n25i~fs6
zc_4D|9rv-uiX5J;X-=X9EN3AW2jVAUObAVv{nNNIQh*iYqDS#?5E^eW@yGjJ!|+XZ
zb#5v(%CwC#H#e5Co0KkfPFMK8Qa1g_n8{{S6j)hmA|v=YE@i7r9gs*3;!^U{93Ev>
zTB=L=TUuADW{0Lq_?GqCi3q}_MyFxg*yuD=Jqp=Lus4ntW)YtwlmL>p9O}Yvl(Orw
z<sOiF?1o^my%`~)?zzRW@NZ0RF@MX1$y<h%RZKshh_4WDZ-acMc{UjTmFtJX5QcwW
zYd9-HD{_ll;IZ{F>JR#U32k2-esABU{6;~EFeqq9e#6_ytyCJn_=CPKE_H5t#FrK>
zb#AYSFA_f0E#BU*bH8rHP$ZzaiEcGx!w{IKX^Ac)#-b1u%Zy;$%Cz*zk`Gx)FSjzS
zS7gb{GT24<O8)il^DRSpws8mxz_@3Kd6iEd8I-#fz<+DxZUrmc>YPLxum_&T2n|$m
z1NNKQuSx7zF8ei={rX^XIF=(|?~K0+=Fx!tE38(qkd_rJM%wo8@(yzq8Zq)q`IrFn
zR~oSY98JieN1Lvrwi4qAkizt)?B0%=(HPpRBOLH`b^^j$K^0U;kuJ~UrG=kD6k+<$
zqnmkvgI95@Q&Q!`0bOxii357U81?&X5p@6}K#wx}>^mjgXCv0<D(vh|yvw)^`s)aw
z-OA)u4M6&D69K8M1=6N?gtP`BZIu|>w@`IJSNM7Za8H=vvY!fro65kgLvUjRI5F58
zfNNudoAYECTn7e@MP&Sny82I4&A2!@T&1=tRw-vLYgPqR`$hQnk#bJ!+nyN!?4_S$
zjk%9(1<v>EHCns&%$vc=w}|qWS@}AxmOm`X%0Ce0UMwFQbgQ$=sTvr?q6?_%XJkAB
zZzVU^l&1J1$S9^LV3|S_-O5ylTX`tetxW2Q0a7#4nMd&ftj_C=O2_v?X7plZeZysL
zWkxSB;p01a;9Db_<=H9wF^SClt;-_Sa;gr<!3k0a^n$tk3ybk;BU}tup<$PcUIAhA
z30OCQ_+@BaE@fNK19ib{uhtqjXW<6R@nqfH3vPAtDt!j%q)#>C(>5Bj0woc$&Q1u?
zUj@c@uPDre!m30<)<qLSLf#F{lL*nz5<)h#fWMBzU&-*-K4{lUv}*?K&Okem1))A#
zO&l))`*6cCD3PF~<A#_de&J8sE9xADI(rkvbyzii{9u^WObT)#ka2HImKD4;a_r2O
z5^)FOpKB?R+;uT5<;3(jiG&7g3*#iRVMij$5MLjv+S?+WUT&oiz=>sWhBG)9k`d1B
zRycP6fHq0^=>OfU+8;e7q8wab00?Jnt2NfKjOX#)28Y+ZC=O=$&c+hiU?dU}D%o%e
z{#m~v1pj=!;RyWm*@oTl&&pm`4P*IL!#H%+FuGhb4Bs`wxKd*nf7BR;l|NU$^a&v(
z(RZ7(()fG2jS0pSs>Z*E2^wf3Rg<Vf)2Tvx(ZbD9R7nC-vj_3Eea7hV5^?S_7WZN;
zeWjrzk^Fz?5bEDGw>9-|_qnN>;sU5f6vZp}pcqiqe!#_y7NrGDUwI3hzW?UqynNLH
zr|(<~301V9GpJpNkw~bR7CxUyysK#-V-eI;c4$-L&=PtZMC-&zeS_!2a!~&+dC?&B
zOrQhP{{q^6bGvH2V!0CXx{Wbeb*@9}6dTq+-eWaWwFFTUd62So6D+Fsr}(<i#$wgf
zf$6B43~+dqDXA{y!LA-<VmjEF>~k-dI<Ob}Gl!}fjUIzJ7!b!Z)XGK6ZKSS~CCh${
zN<{X5W+TM8>%TV9uegM^1|Nazd=e@ZZLkrt39F12s9h5BBRb8kJmkRGqf+gK7+!oe
zir-%H5N{Kgks$k5+6W0H0dM^jx`9uxBeSj2-j0=s?q}DWQ>b<Q;+o_7CFU`@Zief3
zM|1XOA}(OMT_U<&A_Uh^E}DrZS;oQsY#l#}K_25DkKsOsUV%w_va=Cx{GJ{XDOQ^k
zvL5(~)@XArR{F+9NO7P!At8J5qUIRm5V9A))|?-<CAgJyxk{yWEC%(kvVtG%BFWQE
z_V7+_G1Ct!yh)(LHKocS<)Zd=3~Woca?#^Ip0E0Tkp1^bgy;`RJmZ%=94N8?Hs?*T
z#Qg9K@YBBHjfVD7mivPK;ZQj{ju0&?nscWX?6!B;fv`b{TkYI#phP^GkEQ$Cxz)}|
z>_?(6$*p#dW<PrI9FodKw=!WTRqaJ6QR7!XBrYD_gFd#-UiMUrTr?iVW^@`;rE}~O
z$t{i-VUgK_@(0EtT^2Z~YJYzcqT^BuQmJZJ2Z&!?8HgH=eNhHBE@N~xDHXT)sIG2x
z!cJ2oe#~CayEV)X`e!vQ-0FxBWcKecwkiJDI5CoE*v<L%Pw<H2*K8PZ%&?dqEs?T<
zA7p}~Jy{^aMjIN?&d1CFxr`W(;_JEzV{dzikxXDCp~@&6iCgWwv_L{z{!V1c*>6t3
zleAV(Ae}p&kcifNQ>_tdS)9}YT|1$4s%B4}AQ5d$ajhYid||C&6w56LSs#yf&Ow-*
z(3Ik~E%?1hutIW`Dy?5M&}eOeQsq((di-agp0^p2aZ|T)PPwS1L<3dQKz27YGUB(U
zLyIfgwPM^1NUoKPBK4P{+ikF4;xMH|_9YqHEKZk*_C0H$w*!m*yXJ)CZi*v(%d7~!
zPSxy>$KzmoKaPXVdR!t}m*QF@lnNwQ+^>ZhO;pCNW<Nh(BHH+k;iJL_p#N+bHea5B
z`4Z8+sM}1~Sv-hA&=+1a4DD_yyq$VnH4J?(*!W)n@-c+f%VNo_8qRk}(QLX(RXZlb
z;Auhv_Fo_6x^GzlOHS_J?!CjM>=+b?u0-$fD=_H7TAS>zLd~EjRea?h^|3^c|M;Ai
z`aGK`-V-jSEdF>@9<bzv+%#@1^Ud@*(kJ)yPL|kvN0=S~=z3_LMVmW|H$%44h)0hK
zR#9c_3W35<x7uBP6hvS|yrn1esY4FAXdN2uTU?p@eP^JCB_7jz$N}v8(WZ>0E)3T^
zrj-~r6!x*jAGZKyimLXZ{kbA@7jW{v@wn&{vyouB#v>=sz8w@9mI6_mXxK>ce_J43
zp@9*I?{&LG)+fS_n(}R}fx7F2{uUjknPC{(6q`ikg)iWKDp*C;yY}FW!ct5?pY9J-
z9lHX`fNj0{8dFLS^no6Rub}}?Ii3%cdX)3pbQJqD#!}T+u0Mt;l`@Xyf(U#P-7ge&
z{R_Dw1k}d{H7Oo5b*-$mk>aB*P;4Ay<EUzi<CxlABI}btb?pJ0<MS4T=q*{sn)>!F
zQePrk?6tJ4U=I>mS;0=06m1}v>e1d@SK%Cxc!jt)_c*BH*+W(P{v3hbtxb7e_<hcx
z7FTN{`O0}(xHZxAL%0L8ce(=;_TU}vTDNl4xn29F#zv^>+2ap-GpL#?bO>JsRqgXl
z(4RN4fL>i=BcTu2iA(4o>|fXwi}lGyq<&}(p3kyBk|PmcJXb!(>d$c!YJ@jOyiLb$
z(WcenC*PmigP^7a8}bJX9imZasQ{~AgxLtv-GP}8QFZ1+G_y)B`X^yw+eL}YSOyGM
z5kfwOS@cb$>b-H5^I?$ly!TeV1b^gs2Xw~Y{VHE%zk5=3(I^`mR$r>#m*@<F`uFN`
z<Rn44eGVCv=`C@1Gh9Z{ow?a}L0<r5yX=~cV2U{HM-cUX^jTEH@SdUSJk0EpdER%9
zDz$EP+9axunJSMA=E_O2uCjs5>lX1O=rgspI;TA2aE7eDA`g5~?cMt^{t$NEID<4R
zV?<wx$V-C$px5qF?+z)>U}%4&emiuCR$U|JvtQr(^SMII=MSWT`FzYepKdXqd2BxW
zi23Y6)t5$b`=Ae1X(IJ+pEK9F%X%Lm)4S8*?Lm#rH1lWQh0w#=;Hx&`4|+!d;_b9q
zpiiFXvpM&#&!(Lk3EuWFi*}ch;7x<svs0sqx0_|IV6vlYaI$@SL;GQ-FI~f#_Wc^#
zE!>z`SKoilMsRMg^uf8+!HAuR{x_Og<;|mh!#lX%JY`$wsf(DW6gE#S#XQB2)&DJV
z8*}WIu{ynC!)-8DpH1*N(gyr-)l{APkXxNPiK?TfQf2BxR2edfDs-wDqTd2W-x_GB
z1&plCH5&;v)>>R+<2_~0h#g&UR5=9y>VICfk?ZBx8sb*xBzpXY{OXG+ynuH(gAw?-
zGre0Ja?v=HWkFYFnePlX7;a;i?$qw<vm`P|^&WG$Gb`nyo@lcOBW9jlv>Fs^J~499
zd-aKLo_D;Mw=pjD#ZhQoTmbUO79^JJ+=X-{7wtyrg|v0XWo&f@J(<^h^Y!frR$;Vs
zK`vUuc$qKc47xMV%1eSFC$68jBUJ|^Qh#vHX6JTyruQcYyY57d5}H}=JLB9QY6)}u
z_iCis<)J6Aq{RCMRfqlLpy~^8Y|ZC+PgX8qNFQ)#{^9NKQi}m|yzXRpySdeYi5`D&
zPO!kaeNg7G9S(1*%P8?=misP*KJzfDcV+JMHum^~zH{!(-+gZ)wS-K+t*Hpq&yPkk
zt9-GXxWb}kp7(A+kGI#GVp&Xa%vim(pl0|n3z_)8s%#|8Pnd5cv&wtFg@0xM|D^t1
zbJ{wM$o+oV;q69^GMahCcLAuJs+-tCRC$xA-|(HoZT3bcZnFl*quztd+{GDOOfzSd
zI^-fu(_{o`W{K|%6g6?~a;x@xGbIvgg#yLw-`MO7(#-F?A*$y8=5VVtE?4Z&V{Bq_
zy!&Wowb$)tgK;TWJpS$89v=0+M2~;hoQ(y}iZDKdGxPW2Vr}tc?(<y;z2{M1XN$EN
z7HbzQR?w&L*`K($p8n}pJVB3AN)^u<m$I8Gz7?R33Pqr-pq&4^jz=?WW(i*hiuIyO
z!LoY-w{2s3!|a{r_U|0lCRl>QyQm@i?$DZ7+eoOZc|Rw*+D7Ws^!;X8FOES~!7^lM
z?eP@@-#Qu?z7v!x?Ws#Z`aY+Az(&Z##Z)a=N3-%0<-m_9huvF1W7$bn&kCwGEuo61
z9MgprtYc~%=DLQ>JHoB}PL)!cnc!{XQoXI>XyN8K>aX;j31vm(i!CUps%H&VqLb>*
zl9L^@8eqd1c!ep4px<?PIW;7zx;Q6Jl#7OQsr0Z%IUVYz>3`aoMg70J{C2RKe{-Cx
zaBCdY?g45MzD(`gNwWqd`i^KrD`EIEHu`=Om<>{*I}9%Db2E|sPk|DeIeV4&VOPn?
zC}&0JCT%Y3$@etBUxoL(GY@+Exzy<PRE<N>nHRim@r`Kc;{a85Xs2<OX9RsaaK2Rg
z{+>cfdsmW3D4DAE?fer|2xPQC17dj48PqObw3(#A&t4KLZ6;kLQA6Hf7>40%s#RXH
zk&qpKp}Q@@!iWU%{Urv%Spgq^hL1mlim7VPHBkedo#XIy7zY^-T|)Ef=p(tCI2)0R
z_L<U!WoiVgDgKt867kKUS@sU_hcCBsK<Ydeq*Iv(e=R~uG9t0SY0#{piL!qQ5@4Q#
z7FHYH=BPUtUN*dqXl9A*pKc>0SA8y3IbWhlg@<F+!KuoQl5<kwso2bF*$*2(r?NCv
z_J0XRllmOh(PUDSKgf^>b?&6jpQ)Psc?QeO>->#6_t8e*$xBM0`$na5QA-;kMcZY6
zf{kC<V=0NWZ!R)YD>_G5w%IKE)C`GuyV9(bk?==*nw2sF{%8q$-pq?OlB<+qio7kr
z@LS>dQu<`zbv9P;31OyWuRm=>2W8b2n3L`*ETuV>r8#c7psKPY)fYq6F*GF8z_fH)
zxP?}h<WRZbU}3f7O(?9k`I_a*-z3Q2^av&7%Ku4_|I;I6&s7uD9+?+>_wc1DykhhA
zr}7s&*?2VLqKy<d4Sx_233UZQxaK0hMyottYZ#$K!0BE7<zY<uZeSLWYU@$s#2dax
z0G8OOyTX=vRz~l;z)-7{OcG)CQ4`GZIMd-WVqNN-bVj2$U$haAGAErD&P<f#1<6?F
z(NyNnJf-!sGrtWxzBzuLGl5aj#1b`k><@&|6<|ck3nT`ktAKGe+6rTZfYBxb#(NBg
z17JkU3(iRhBVEAwPXvs=2^a^XtT4tf7^wimE-%=RFlP2*<4t7ay_?lZggP<u0-e>#
zVRd@3I?Y*~UR2FX%-x8tJbXnSvmX~$$I7qV%93t=Jfx0)`LIM9x;hNK@H7CYC5sE=
zlMArrGaebz;DzHB!nv8dF+sQ!Td|JIhe|wUmS}Pciw%i2DYG2TgK}APUScN+I8QyG
z+rpWNvGM{$M;$|{5ydmL{^*p5>~AW;o_>raKr=uM3nxHxnF-MFl>Wqdn5`<eG9gHn
zvE_9#oE4Uq=NjAGis4p%*Ir}3a*zMGHwKo?JHWKo-UBH9Gjh=ai9N;B)Ma>x>@NZ9
zrWy1z`@D^?Z>#y)<df%ZL|?(KA8QW+O&Cpl>qBd(YCn`NIP4$SY(&dGYa_WEn-W4c
zJT{gPy}JamP<!{Rjiqld)na0Z`Q*;QYlgvVKMu7G)9XJu+~9xquv2<hxPccM`~(e<
zm-PuZ_|VeeM7Y6hXt3NSA~BkT8%(n_s17%H5gI%N4WgmJzB6Wn{`T+~8rPT&7D0n7
zXn@ZBkHZa;EDdVHJ-iJK8rulj@EQC?Y^Fc56*_<H^Y0L|TMe^&=(LS&_!_E$a-fx-
z;k&a%jbUgno<=kLqdSC~?z1~AZn|B}O=opfZ+LDjA)%%l=E6Vr4GYJzEzWTBJr}xD
zn{dWPBDRHJzh)R4HbR3D+Q2h5qF;s&o5nJt?+^6R_pFVCda-k*k4~FYkPuDGdzDw9
zQ7P-T0=t!2AKo4`kiGMYjnF{+>YF5@9L!gK*N&~?uDE@-TU>FsV`{Q9HsV%{kRrD?
z?NQULuz7n^bzCC#SIijYZAS~QO5P^4@T$#slRC~3idV-u)PZej$>Dai(H4xBd2s9&
zG&~Q4Y(xvNvkz|%7pTN#+HyR3-U3GKE|4!H&e%w(oT~PJcNdG4bHzrq-XYLpw}5yF
zecX^d89IbLY~$L*Z+Xpib=d8F)>UZOWdH9d+6RM{aa(tgF4@R9>}3Nb0@^}Rcl`Yt
zvu$?CMNgn=F$k;>`PI)r^{k|7_IbRopZ|x$l^K+aE~6DtEf-<NX`_^8Uho|WP2v4)
zy$$+d&pg}5iGGIJBKtW_Ed4AH{VasG!rnIfbBO+AOMk$8PKKDu*}~&Dd|g6=;oC0u
z&D)A)(s3(SoZG`f**M(bXT4nrDN9?zA#Qf78F;><=Eb?yb@T9wmBEJ<$Ub`6Mzkp*
zl>aO|7@<0M<r=%GvPBz>U@Bxkpssho3g1!xF7K_B8BsKIv+rD}Kl{qwIJ1<5^f#G@
zanh|40fpKA^sN%XOD1-76Lb5%#1{ftr_#jAl4!X|uQd#z4>|B!yE-+F2D0x0Y=gfu
zY~N)Xm9sL}_zh6~{CDOSdL}fRX4$K5;T_iA!aH12dz}vB<f0jMJM^eM-RcbJGgxgS
znj8D{-Ogr*&rLS#(3>ERy&3z^`e|(8+Bhph$HjbFmZ(ZYhP3t;u{~x%7i}~f3H=E6
zkl3&ON^h!5snnu$8{r!aJ&l*}H`|uZiqN0JpDQ+Z95rI8QVrHX&O?AmI#uV*<H2!h
z%%__|&2;9&VWxJ_Kt@TWjf~ZA2mUnc6r-M&RJA9Ycz#%EBigi6Hn8FVKDUn|;uqa&
zj)NoOOQp&Ms@i|;CIED-0?fa22DPYDHWEq$dJu)lV=HZ>nC0~@aR#+kr_f&`n*zF4
zvk_-SIK*ILef}W~l7SXd_x7ZL?5lwJOBycXK&Bd-B>tSnma%i>GKyN3h3k9DMzn`d
zvek`tR)l_}s{L$NF}k(T$*_|)5<1?1KLjHLV9vyRsdF9LvXeH>{Jo7W!4rY(C6zW2
zCsAD3jF9#HU|Ih7XRQ(1ZMIL<MqRJ{v#kBI(Ei`hJ_p)=71_S4=D1$_ds+KCq5TPH
zp9}4uHQQ4b2w{$gvapAU@r`h3siy>dpIxgtj&v)QufD(ZB2_b{<NFcT!-;J-OT^b#
zL`Lj8Y2(Say?w1VTii(-CVidZH22Am@QG~`sNO{+wfB{2Z)t|1O+F3;722<j$3LLm
z&QPhg@Pz2W_ipHaLVmLIAT;bU#@s9sw_H$5m8)*`u{f7nlqTGAIlfNJJJ+bP5FJ&%
zY^vIKbrCf3eWi_rQt$-Wkc*ly+48kn+_Ta~#G#Ph=(r6Dc(_Zc^wjOgd$TKZzg)D5
z>)y&i?d);J7r!KCh)LMV-EkA!S+&lf*7<~ugkqhB)-pU&duW^sxCUcZ+OXp`jM)`a
zx!?ptrMJuUmFM_UsA{k7EKvXK60Gh%XHdKOn2m&*uor{0zQ=5+O*aakbt#59#9I)9
z{UJNp{|7K7R;5`Ob<9QtKdkc{gtsYw3c?#T);Pj0;1teq5O2&_Js#bkciRZD@F#Je
z#~B2k@&2u|M0}(1F(ZEvG@xpmuaTPP2sL*GLo!-i{!j5l^wvCw`_XDwp<(!vw1<w`
zh^ws3V8NokJa%S>FA|ujZ|4WcSB^4f@g1nqN}2ZNQ9iFt(|l_{DeQLKMnWG^HU6bE
zGs^$W5#)SbF%VlF<<PbsL4h$WP0aN|bFMcWv0;ENpIcg3UF&U43#%nxw|sS`L(M}y
z&ef<)9}Z@H#3xtPA-yY)?XEe3i0KZ)Fid{RZTnei!nQwbaZNK>FP<XIID|*BV$UX}
zNyJCRp6znX#<hGeH64Nh-yXN(+Y^3a8%(SVm$)t|`wHN9V<4q0XgFHDu<F~WRU9`A
z?Tf=U7Rjy-0VJR9Bqrw{f7<XykoF$duy5=nZa^LOaZ&9MqWasTHlqFgh|M%Y#)5YG
z?sfbf!-k6CqM_QNlSI5DX_o!gPM|3M1692llicb<Q^CNT;3}Mz7Dv2eVFRr_%w0+`
zERc*T|G5Tcf!u;ISo4|Xt+hOABcbWe?fzZ(h?cUG%K0T8e<hV&C2re!nz?h@1gZ{p
zP_=DI$PK%4gsX6_gLv=t_$!}}_V4mdaj63xY%dGSFb>}kU<<1LZHt3N@L4u$l~!|z
z5%B#c&YJhIsgC@t4>k<LrOL1qU#7|-<7es*&WLl_O4);Hs{M-&xGq}EAtdU?TGc@t
z(Z}FrkI-x3`wvKKkyjvOe|x@-&H)yI*@tPsr_sRh^IGvi8^#+3W;(R7UZAE8)iy%3
z+*x?3m#VW5Q`M(Yb@+Mh8>p*pcnBR3hBuj(6~f=)I}t09PBu)kRG1V|p@>zOYN;?a
zqQaxB!VF7=84(rwvkLPp73M`$=)fv0v{YCaQGp0@R}LAA@yZ5}F`fx(TMshM|1)a1
zcza`2t+>7MEq`+HC9LEt*FUYj&ikSf_Y*dW`7*B`Jn2$5O{)8GgiGBtweH7Um%3?2
z-H*4q)J^m1er)AZH!ZCDvCch*#n$@`h?ZN;*wbDjZsqHT&{t!<v9RZ$xtMO{>q+&>
z*Bvz1(ye?wwO;wMgXU7Ym9J;iE1z-DTuHa`^}KrJqYj!2=~lj8Sg*X-L7TWyaXo+P
zBotA0dwa{9NDn5`fPF*1x&cqSytlZN-Jrep1Os07Z;oZx5M0VOeCbj#w0RZitOymb
z8Y^O90;f3K%H;A;Z>TViRiJ9d1N}r`zM)MxU<(K4KM>1fOn>nBkIRc{V(>&~4L{jg
z$p2k|(Md)DaRnX({-bT4Oo%_|QO?OlZ7>XV`3#H@o4q)<?8R!%_}yyv#yJwU)8bgC
z%cz<&1K-d~IhO(pJ$Y5AS@?Vq>=sby+-fQ?+H<bV{odbQMs%7-os|~nGGalp9@qz?
z+7^moo+GMe{EBZS%wAkKapYTJ=jc0D=V)NR%^YRqJ=|&gZFOTFAHq*(-0JMb);qke
z{WjuOC#=dXdvO`x&+e?w9aBJHq+=G!&UXCKiTxn>qh%CxDR!v9jlFO^%lTf^48Kp9
zhtA?++@VNR$0}^Zqu>W^TZMHBkB1sB7W37~t#<YJ&%k^gfcYvQ9(6(-b8w&2R`0cu
zkey!~Em%d>jN@4iUI^dIy~6B5_<npJs(6x#%SeU`e&8fgXR0zP8l0+j6?pu#3Ujbb
zm?t(&Yz4A<ms-5g?BgP??Yp?U%3fS77-b;i%XWBQo>AE!n)EE;ZKs-T|HIm{4^TA2
zEP96(!3XWmJzQY#WiJl8)Z%$&#c8Y}d~jCO8QsWzw(teALHkez>D|V13Hz03!k(&|
zWbrv_wYzO3ccU+vklf-J=I_*hi6%t5%n|XAuQ3dB)2SIhVL%Y9^NfeI)&~p&ko{*A
zyM1sLtv7FsM2bI2CS-kM5RU&|QfttFZw(C$Uq}O<6;z$QO#7k@yZUjJ#VOC|!!KDG
zY%Q4l+lwo+#=^#)*&E&)RGq!hQZ#}UE#yTjEJazYXazqd2Ha<`csIAAYfIV!Gnl;?
zRzGsT{Lxw>vVSLD%ynmVKGvFtPRahW*DwJZsAH?)Ytej`95U{177rYz%%<ALJ-8TW
zFopb!C>mJHUmO5_H8QWrjrH;#b7Q#z(^FmQ$V5(F+H+It(3b39Sz{RbKWbQF?cKX=
z=9a-naFj9zvnNAiO7Hp@wqZp>dz%>Yd9V=^*)D)=(NGq&{Bs|?uJL<siD;M3^4n|4
zEaIQN0@d$=VbK3a+`E7`QEY+Zvq{sIN7)on>jSM?wOkabQl*wkb7|TMB(#bMK2Q`v
ze4q%4pa`_2fsSjWUQzLl@A|k1@{~%N@@f&m0*X~s3Mg!hV5!m<(D{FJW_Ghli`RR9
zzwh_=`=r_3*|T%bnK|do%z4lrwm_<ckZpbZ+03qDGbZF^-~*S!?crx56ncV<`=|Cq
zjN!DCh7lJd=CP9L9AaYpTI^8fj#pp&o{zwv_`c$*FpR(^vk3*#&q8QjGL$O+7mUCq
zVgxRO@_Rg{x$HB(7M^=;XR^e73uL)B!nl}mb#RYyTt$t>+C5RD(Kv?x%^vBa@Q{=I
ziWOIdnsjbt7)A*m*;jUg($Jg};I``gMKZdrW;8oUy;{xZVc9RB*QV5l_Ow!JTQ8l(
zNZm_9C<GBrAHp<elafbJC4H^=>|TDR@Y#LiED?Qiej4^?KE+mm{xj=;=JR^Lgq;2)
zVlw#be!5#if$Po$;t&26nt4nnw9d@vzOKB3R`Spz%hIzVvZ&O3f>L$OHxjC>fiCe4
ziP(vGB1NZ2MfirwbigJV&cy;(unsGgBj8?di8t(ms%rqo#9|xy5i8@CMSDtK@{JVB
zH!Hto<nk#-C4bIsA;9iM$%OLA(LB<m?p-L*gL>bOwo@8<qMcG(;9MBopF>qC8h%Zi
z1g5hQ3NM`0RlL+_W4u&8R+7HW(&D9(?md(JECcDFBx6zrBaxI%<$q@KKgIkHj2Z8S
zcrCE%zCJKh(N)obRj-Bjmv<3Q)z+tTJe9wXF&<|oEQ!wip1b|uvkykZ8~Y?Zp6bn=
zQdB(EGMUHWT(FxB(Z7nP8Vm7MCt-X21jJMIXMFWfPqD3sY*7B$Wl{cwumPf8`W!+w
zvPsR|$@h+n?7pAf59BEm%h)tuFc~2m-E8;$?D;AqX!D+w`bhHXptnKFlT<vRRb8-C
z(xbBW!M7RiV+}eoU^^F~b)&d|3BdGAdX`E^-Rtk5;Sr)LwaA0{5w9(kv6qX%!M{O%
zh%)}x?Nma6TN$*`Y<j%n@1Sfs`!x6o?t)#xVysxsJHtrv_@98{Q+ol$8-E0fU-?sn
z;#bv4C}fA=cnE;{f(Jki?ZpZI?oN;mz7-vmhF=T3!9IUG69EG#r2!|qyqR5INKd;y
z1ID}nm~{YSHh^B>#!PnKjlE6Cor9^_spPEbZGyU)iW!q?Ot)gf%aW^W7@eUYq>FIX
zrPYP>WP~qwDEU?=X`w}lK*jmO0Y*W_0+M{vKD;xsovTOqsL4i>?fwBsmd|4d*8cz`
zYyTlavXeU`6kaFjbq$22W~L-@dU@(Nz0RkUhWlcF&f$Z=yw^`jC}6o5p><ms^L|n~
zXvW^qG^*#r*4B&O->hs>-Kr7G7e%ZWl1<1nAO_zuq#1h=gK>VH(O~2lTlucCVrjJ+
z@nv>6_MbVP#~N(k3;1?7;M<eo`?<iEN4aNS-IL?%`-<axE8iP=0sC`$bBsSeDWSkj
zhVc%D@o!HVFpizS+8Ky%m+T`vn##qoac1YdWi=ts^)WavlSF<7-H<6g4&?&0w;r-G
zi=!P5%4b=T`(dnPs#kWoHYkvcwPT0#@AE>mVXGd$LTg-EN8L}j$ZyW<S=QOtj8q;v
zkpk-x-_P#-U`p?0rgYD*BoyB1RC1bRKA33_*+&pU;kml%P<OBeR!)$&&^N4i?%*r5
z8v)t~1}(6I`)7;@+nh?y8#+k0(?$MdFMbu?tiH5EGGIPUW`<!rghJ<x)87!|pM6>L
zlQP8k>{D+BAb-NH-V91<=mE%Q^(`jfs!iL(x?+Nm4&5Oumbzd&=f0DNM~2^3(RN8M
zGrGEi(!f72L1<k)Q@h;*VKy3eb5YnGjDw{4?GjS!${_R$D0LV6^i5hh=F|Ic%>=PR
z4f1|KjJ#hz)fk^8<o)I=C6M<;93#&tChw=@DNu=np|mn0^1tj-<S*LRmB^oI6#2<%
z2(9~t<7sQ)^S@0(s=DAmihTPa5cxg$Ta())6zIpG9cFW=Vu3;Azw@Oo^3#)y^ZAT=
zn9uJg!hAmUEzIZZ>m&1d$QRKfzlJmQu|z(lKi$Tex{QnbN7(0&=pz4oc6mq_`TvEy
zpUFko?w%2OU(@q6^1f!9LEg_it-Me9kMe%bwl3s-YmX@Tw+HA|lECHP9xngBHORlM
zo#p+g1R?*vh>`aXgThT(+9ILAy;mT#4i@G|egCDr7sPt6N0huziIMk_U4R$9(02hk
z%lpJAeE;|c@O>p7@cr={!1vre5q!_D?JV!7#B+R~-`Yvuzw{$u{CTs40^c%>XETgX
zmj2iBekPY+pLUOu_bD;*erAlk7jHe;y|cV;z5M@yygz@dkoTtUr<M1uwIJ{7x<$+T
z{k5Is{f=6ry#J(Im-7CDTFHR<ylw`0Kc!o=yq{BhI(dI@?dj#cX-l-ce<F^{`xk3s
z<-N5gM&7@9B|_^Km_XhSXTRr}Kn^|&Rz}hbe@aMgnD;m3ePn(-s!4gC?So6uq9WGE
z<p?3g+bTh|dQY0uzoJzn22k&bZTkj7$fm@5TTPyBSm`@7(S*VYSm~ReXzF6#)Fl|_
zP310_H&2*h-n_dD=FNd!k$Lm;Cd0fL%jb>L%;(LxEu3<;$h>*|d!R_^9})_T9DvZe
zXBgE|us^4iKY4&Xd4N56md&USOJGKgg&AeYXEB14#xpA#RX;+=3kOUlPfx7$y*&X?
z4ENTXr3)vDX;CY-z41n*x9kL@%T0jvvYmkRk)08wf8VID*yPeDIMVl+IMS0hbEGFQ
z;n**5oT2g}9~#}RLTKGfd}yrr4$z&|Bq4QkF(CPXHXu%`|Hop*vN%3+*ua#|VT01?
z!{fiW3;}{%AtB`Q2l(Ki>bCK*4bJ9q{a42Wp={ovCU->iro(*bCU&V5OHXJ884z<&
zya}m&HcK(^euHvLLrt>Jq{*0O2id33%>$ca!!heN!JbjjV%T}z1BWuLG0RG<Sgy7h
z8P&HA7<C*0qY~<XQF(PzB-Mp|gM`9w3Qq0k6MGBdoC<8@occoKxnKez@EGIKtDIkD
z?Dy-OUl)Rbk+iK*Lh6}wdDMPBq@-ny-ZJs3gZ`YBZ=v1WjS>pA13Ll(*+3q<K>(FN
zYQIPqWD-dc0)yH8+zsLofIa(zzmUrwT&}%v#F*wJX`{Fs(sTpgWuwSJ3Q}C;kyNbM
z7duEnx{KU55G$5j;~2pb9i(6|_EwuPVLx-Rl9PJ@q-s|uf6pY~mIzR7M||)`;LB9V
zTAB1+Uo8{FH?Vb-Grqrx`zM})mlCj&xhhShtP@8zWFJ5cO8TkIMnJGI5oafrgOIQ<
zmP-#xB31IwPBLW)R+21GoxoKACuoZ0r&ONm%1J!In4+iNEfqHJmvP`Ten1`f4MQci
z-09Q}us^k!+YI+?ka#MNca69@H!zKHIHOtpY%kA>Z>!1}h>&gl2PT9(sZ2|yv!Qer
zR{F-9O~_XD?p5sZn>yn=z`{uS@Ti3HNJk#|RXzG-MB;ZlMQP~dNlMi}swEWI&IZl9
zCWJy;PElH8FaMT7t9p-(yQCU>`F^;3-^BB%usdP6^NvX*hXBl8sFo1+&R&e%y<s1Z
zCNcp(d$BsZy3?uG1J!I+G%KF+JklN-b&68k=M+$2Fhg&HhRMn93)v=~><2OWv-_El
zx^`9v4X3N;2gTt=P6vDSEFjK@tiKOpCCA*?gw&%?bWm+W`sgW213d>Kw2l!lbnqml
zF6EIF#+p$Mr2t9?Vq!061DDF84lb~wIw<Kolc6y5v%k&>onfy88JQ2|kzYd#PHN>r
z!rQvgr<yX&Vd}z-m7D@_gvtzFWJ2n;?_lLI5%w#SPW>jKKyo%h+)-`7EO6TPZnA>t
zS%ZwC=dEoZdOkb>Z$7;ZM9<c3jL1yxY+nxn&iq~2+4C{Fvex7)HLr?Go`;!^c=h!1
zelRAxv0`}_8Ix%&NbQ_VBh5i}VE>?>uy3#XCVqOn6hf^Ywz_;r=E$Mz!4HAme}Qw_
z26HuYU8)JGo9lrJrMm%_mav2ZFET2`A%sG!U?zJiG+5ZFTpE`O*@Vgqv+nIk;kDht
zbUfubV$Yz)ct3Xs<c^ylEa+z<Ef1>IpKE*RcV=t(FQ{bLOTXa@pz$Q`O`rY+&^RY7
z8S-CzE}_7~*&v}egQ=1<I4q%c5FhdI;~f+$miquEC>GB>z>~oSog$aHMHY<V-XX0>
z%YU&QE1n9M?}+?N9nXESzs-1v(BdHV>Kv}=$x>zlPRK?m^cba7?H!Q1@@Mn@mWs(X
z2ifBwe}dme!FZl5u3$2E94MHIiM?JP6O@w+#^aiTsr;mLb}jaM>ac%wz4}z8gdE<v
z<B<qbQ#|$9*X&Nm%IrGzwMu>hUCvMJ>KSEw!Qr5*mJR)+aIcJ@xNw_!Bqy^V*l&}A
z^h|S*voJ9`l!BR9Nx{UbMKp>%{eJ5~jMf`&owXihO7sbVv|dY^k*fPAIcnn4V0}>&
z&rhbz#!y=A{O9vdft9P^*0_4@3$_46RxSy@z<-5b=-Pf}bZ&;I{-F$!)5P$P`5a>S
zi$4GB82*8ucjl)yKOJN{tR7Ba#X?U?`Yfdhn6x;Rx52q2`_ivZO32+uQOZrsYG1^4
zMyLRMre-hGT%MH7AI^_<sbwm2rOCK(TO$%*bz3LwfHh!FY;uy>6`~;LbtjoFo3d8+
zJq(dqb5cM}-wkiJxRl4NupEoWdTf?Obyl)>W(S>Q;_0HYTAbup^~824K<n~RcQ*%H
zkNzncqv|Y`n!iAWTzV<U>t1qcmZaA>U2#G}a;Xhs^?$?J7V`-v>{(wQ5t*?x*DB8c
zb*x)J#Tp<RBnnfUX;uQX%m}*3A*{?^)~`A*tIbK;ofF!eva6l-FAbnAcK8RyVeghy
zCuvvTS|=GgJ9Zsg3(iJ)=1K-SkH8<Uit@568GLt7HXMeq(UBJ}bSgPLPDtF=(K_kw
z<s{;F56`#ZWYq*+)^BZMQ{w1nu{Q4ypMh=lWxEuyc?%`hiG~>Y#9A-?OwtHAtzAO0
zuZqbe^1IsiGcgLjg+;)oh-onEGYQprBL~uXY3%JqZGzmT&w>M5PWA<$1>EPGka}00
zIF;UpgyUmPMzi|CE=bOAtD0<PN;qo>LY`US@oWs9{TU~x>`UyRG<4z=n9=r(BcbJ|
zC{=%56ImrYm>#d103d$K=2lInZGA&Fr1D*VoZo`)utuJ97}{&rN+>MbswSFYxY*Vw
z4dJHvb`bQrzexO8v0W{l-a%dDkUisPFt*rAJ>>16RGq(8LR!}|haeOVb}26+AsHh1
zfl^?_-d4%on@Q2$5K3yz*xUcEl<?!qT`6IA#@_H$>}@r<FU8*04$sX|fmlo{7h`X&
zgtInIKfh&f*d80Fg?Y-7E3sn9YL$dHY>({{Qma-;2o6ZYRyAog-*la@5ogtVb_)l2
zb<K8O$e><CbzMg(<xZYIGOCrVkx+QI;k@vcQP@X4=cu==VPBd#9wavPT$e{0xtxQk
zHXNQ>4zy_9srphvqEM$wS4v1o+^u{i_%gH`sQ&sn(}C_YAhFTDjOL788C%tN*HIc?
zB3@YBncnKQ)lpqZ)Vl((ZxFDb=?b=k!Tw6XuIa+w>)Jo{4B?+zxGKg!^@5cV|J1%k
zoqbX-UI|`;wNk|0vsN;?dnN-emGy=O^-&EPS3!dYLxYB>24C?8s-b}z)nF-a&}eAT
z7}dbf8zdThQWK+mQXg7%dY{yRE4feVj}f2LmAX%At?)_xV}<ZZUDMG;{<mm<RE<_q
z{;2g*7yhUXQWyTHs?>!)YNOPJKWgHC<&Rnm>()$soC)X^wNk9VCtj&D(n(g-cY2<_
zQs<+StZ3-;JaMJYMkiUJc6zR^(7EU&D;hgJuU(-t(MeV$cJfE9Sn(hHQA>VHm-xw$
zVwv`*6qVZ>5_LP3hppIexd6N)cuix!WpOfGrSPlk&w#5`e)St~na-~+<1GjBE6iIC
z=2yLY!&NT7x`SU~ewEL!iuhGAhsn1JEeHBUQjFI?ZgK8tn)&7*j7_V!f1sz>Njzmv
z;wg6$&tfO>EO8P~g_C%eIf)1M1u%g!e-PRDIV2N2)k9t|D2XWyOSfK-U%UcK)libY
z(Mg&_v2rJAq5GX$3Aq;a)F+yUZR;7Dhi!{${#4SFoih!&y(iy%5l*&u@R4=23A)?>
z${7kxJIN}Q|KZ=_wQI<#dj2QK|J3n6Y^sGmibu%dw^QtG?Jh5H_XNPtH-W-?ieWP$
zt^`Z9E{4FdC^Q6E7rPB0U8IpVIF-jHGx|7{TgE%d=(SiGITjPwGOXNEgvsa%tmI=+
z_8n5ID|2!&nZ1~&u=dr%?6;RYm5~FT#8t+#mHX=W?P8~rpX%gU-<{-nj<=s9B?QNM
zsP;ibwQN7oM46M~Bydg{S`Xz-^=nZsUY)rVm;k8<-vOzV+0=`3Lu>NrGGY1jfpaqP
zIp~VUm9tC;g)^~|pBnwViw`D5KDclnXXZu6{&!}Eet{y%QMCG7{h0gj=zfGspfisR
zWW)b|0XX2_42xqNCg#kM7c$urTFya>(UCvi30Z{l$MQ`#ZFG#pnE3hVaOtDNDN5qR
zuve7Zh#EOq$sdS`FUT+dCmbI5m`%P74!`{b_O@E&1#`f4Hfch4eLBzv2l*Oy!|NE;
zCYcdZCwwe6tV~cG+EVnpqz@D&^QM^bbkS127g1#B9Un+@Z*?k}XZ-#@jE2xpCWO?z
zABlcUhq~LATFBbKKcZwlWsUB~OaJEma6%m<dl~P8;N0AsoJwZd(f_6^q1#v=#%O&|
z6QK`zybnR%hmk#^`*5b{12#$kasbmWoJwZ5zxR30kGXlF?<IuPZ$A{@zdI2o*QO)?
z4Gvhz+}ks{i_<uB-4|eDU(EZ4iO=xiGeUQ>58tVMct1p2WIh;!>OTx{mgsO0HNZKC
z!8uEV^Dho(Rt%g2A4T9)=x|hHe|92-)EyrPIKw!c{xNV~Ho#e?!)Y|aAq>uZ4bGqO
z98Sz|zDdA2kMElcI1Ldv)^MI`(|}ZPAh#q%14$C2rgVk2AhZVsEH>3X0!96AV4{Bl
zZ1a8mPageny>=wP?Pf4vLLb7ynBA!HBF#EgG8?+ZB*sbZoOm7bcWb8zP6fn{TzauF
z#qU!eN&+skj6*#b*Tz=}1cOY^_>+dQ<+A^IZus~OGA5(hMO1a^a<<->`Iu7?@`u+m
z(PW0bSf94`GJW>g%e7ge*cXd2C<-$mExj%u30Sc&(}kpct>A}K@dQJwIw%b+&p{~E
z5QmWZ>iZH3oOc64>-=VfLQc>omg|1imS#)WNJxF2H5$emm9s{dvlnM@gf$BJeqw9j
zf$y{TcyFk_OaOQ7(H}$}5m+){f9Byd5vcsV`ei-@X#oD&IcNPUA-QxXIBDdxh1kU=
ze(@(<tYM-irGjrmW|`Sga3?v*VMrCAHgZ^X9M*=AgxpuEvl=P2ks6+=Y59ACU03p;
znmp2>exDBo-Z)j)2l>lB{_+jRm)+XSCr$dx+oN8t=PwsQU(<NUuYrrR`NaUZ=+3aX
z>3xpHTvH4dALfJmftmH-9;{@}vv4PYd7pB3@@q|qr$+D$!Aj;s;_1EO=|k)(8~UCL
z*nAUD^Tkspssm<(kQ?@=?#gE~g();%En~gP5m>0QZayhNpQpjaBm80tT-?Kk{<H5f
z1Vo`axoo2Zcy#CR*nc(NuQkZoIYZz@2ZwSYTnynC=fcHR4CD>(ahiB_SYHcRaF`>O
zz})})JvP@r($-L7@e7X*z#~{bsWaaZ0!9@AMl6DP{VU#(-B1g)hTHUpje5g!-VkoU
zfe7WpxfRkMV<l<QVJVVDXc;fv!d6Pgii$y;opbGBNefoVKSgP1<SD2EmYvf#^5BnC
zVy6op#PJ7$%<TCqOy@4?5YK-;q`$a>J=o3W`KqA^t^3G~Q24RHCieSd_WOarF*cW9
zW54eVc-Zen?DtK9ZS42U?00_PHrD<f_WSz4T=x5Y_Ip6!71riO_WR<%TK4-T_WP_r
zFV^M_Gn{7kXTRU%VMiB#&JVnHO1yHQn)$Yb0+VvMtNWcU-w`-rv90aFB(OX(i2arq
zm%%$Pu|M+2TC7;!{Y6M5O9l6l*t$$&t!tg+iZtxcoC9y1`6Vn|)pc)4DDXoLeE+RV
zfHixkgw_#et!=m~QgUVWFA;u~7BLZ4^^SxBALk$x-WYh7{rNobI{ULK@FM%OG*Hg|
zydNO!&yv7A_UEO*EcWML0XO@j1g5Y*rIX6fXri?I4@!UkgVM==Qo8(4N{1b%H2XNE
zR~)A_?Kq|9AE&g>aY}n0r}Vw!lz!4eX-f;GLt80b&`Rl7t(5lqgHrP!l>XU7>2FPx
z{@6t6H%*joX`(dHMCs}#N|!cK`d(Al^<Fx~FAVLb$1l7C`8Ucyc|!aGOf6E@!2hWH
zPb2@67!$wn{z1qTm)jxzo%n^UpQTRm3)>G$hLg^<OM#2$LKs8RTT6k{`<6z$VfHVH
zj$df}iJx-b`PN^@FYtO~ddYyQgOcHt^O)4t#sKzhbzf~P98jVc4mhe+23R$gQmQ5H
z?;R@FYX^KOS}4P;T4^P+j}|2|!SW_JuFguq{#E0_fEpwr8`+}vT_V)V(-J~<_C;RK
zs;_hq=oZ?}ON8<|Qm<jdrwg6RmHj2C84y!1p!Pr33%KTEE>0F3>jgafhIU>W9xl#H
zFF7C?>IL-rH*l(%`zE%244g{ZVK^_n_6-RIP7H@RIB5+uYuhfNbslCt+;B$+&De_-
zOXdN?u|#)?yZd%3cO{oSV5qePB?MOSx@^sIX`xm{07xPl!GeA^KTo|8Iw=ZVLDjBE
zMS)8zxI%=~?+O47<ulRwj}Zv1n-K@%>>BoaW*ngM%4$Gmz;+3RGU0m>Z)5k322bO?
zpTSA@gS>smml6t$U~rxQ{BH+OW7*f%!8e1hT_T~-uk6E(!x0KGGe{k@L_&cZ*gKE2
ze#|>v{s~<2TQLuCJlvp->w2)8Wpl)RJKKzq;yuaT_~g<pi2b0lj~DjgmYR}zrOAZU
z)DJ1O1&ZT%3|>DoLN>@7=y^EO@T6oyYRd<ldhf&`<he2O@LTrq`wtkDc>;<O$DlBi
z!;>Cq_#SJxTtJx?hmibyP+lF(^AABbT7wmCC}vwa_A%RFy~I#phPSs>%9Hb2LzO%}
za6uwC4lQYugyYa$0N-~;q9`FV%FO+Cm0^iE+foeBp5SMrP()=Fx56#gBE7g^9%(h6
zO_pq7H(961J|}5c?^w<jI5p8{ZBt*DxTDgI;!F;Xsc(B7f<7~v)tWVIsLGW~oe0?i
z<qTgC6`?B5zpua{GO4~*!{cm@M^%ErV};3x$J(D59=*H3V-l2H_&azkTGj;~6|V_A
zLXrWGf4!#RL05A;_5vRNiqjlwroINjc;zc#%y<7nf}Dg+YT;O@f_X<|)x<N?I{mA7
zTtEx6q1&>#V04mZHRmcW6cb<3R@ItNRAE(jQahAT`X2a^s};qf{-_C)df7L?qzRK^
zLlPdQb8h|7sB`ivK$2x}C&>X7AjuxAi0GUtFB|;&)|~{uKJ#~6?;LuC3(vPtQW`p!
zQd$`tfl!Dq19GN<BS&V)0xnL!T1-g&=9Uf$>vN|vJq6Ut<EPllY=RY1n8u}H+Jn=E
z)BJ*08O;xdZau{&Qw5`U6&p9<JF${u<?vtP@Ly)|Jq-R!M)>>x5`N$n4!;`Ue*^Ft
zKXs<R_6o3c{c<4Bb+r=8Bh7iFJ#;z8@#$6xsdtTz6aiX%lG4gW`T!68b_&|v%i3LM
zXgBy2rIpqC019nl*JI$C$%@d*Q!&DIqCvRMSqZ}Ra^9;qYa|qS#K{)1Ot|hJEre_6
z6c?`Fy)2>7lMMbA#+}>PuV2`&BK9lHelaUt-T1PED(`_VJk7e05mP^}lf0d=H(K64
zCPn1!TaqSkHD6T_w-<AXb=(Xy{pg?COn;f{`d`dqrk@ct(|3H&X8K!F=b8TWiN8D3
zKm53hnI3pa%=E{NGri&^ZKj{Og3t5`E=H9X^_f2ZB^VY}p8x|=w`enc;>|GA9g&%>
zP8%GV)|2}4X`S(+nAS}2!L%NsPiwve?c3vfZCWRPZ<yB8rPEF8dEXhQ^^|vDTHnQ8
zCC9u2(|XZ6k!k(H3x;Vuio5G(e8Z=;yqHhxA#5deC6B6q`#4OtA>gTfW)9PniK9Ab
z`0>iQK%1A@hzY?qi<o&gcKp@M%UjH6UIvtU7lglRF_3jK*uhC#H%TZk&c)VS4EP&-
z#+`dyLh6wlBQvR<jbew+pwPV?F*B#YFmv*j!_0~2U$~Eb;YId^SJ}*Y|0XeW<_ojr
zjTa>px`G)a@4qOa%BSEXudt8MQ>UqqB<$_lM8>Dx4ssGJmcn|Yy}h-CZ%em;y<Oj;
z+uN9|U)DmYd$5D-aQfqZf{9==Ywm>aLpF+DnABq8uWe!GFZc;M$mTicgnmoZ+RcSb
z-vgZF->i{MDNW;650y*5M%?`I?cvk#8E|(@y6>1a4F|!_dEYrmOv6jN8>eBxw`>|t
z>1LRQfQ4c?#c^WDbee|jW@H*(@<A8V@VXboG|cN}n1&a<AVKXFn2E|Kd?tP{5<FDF
zcG$&ihYeg7tpMM{q*og?RLWojzVF+VCu=R8*UgB^lY1B{2NOG^a{b>%Wo$(ks66z%
zKxJK`0hL>xH=q(+%29a|P<fvTl^#r}Wbj7z3|<jE*g`3Hc%JqVjMmSpC6VN~qmYRi
zm#-Ns>sd3|cX3Z9uzNxR?X2g-9?m-nqCn^8Y4v=QY5g}0?X~=330!={FJ6I**CmA1
zs^|Fj)5G1k@aFY7IgE_vj9n^SE>34}NfZSHYt-|8pp<OnJA^m=ONh67x)~gaZ(1ZF
z@>+Qdr5Z5UzRTF9exkuUBLZ*R-UvLC2JbQ>JQKiM#JJ|y!8UMgzWG{0vhM^NAIt)G
za%yUhwS`XQ(qVr>?1DCbg@5gXmjC2mYkr-}#%znhzxM8Dwe@0;kz&30$8Mv4?N6_R
zINtLWFtYY_5XV1O8P<#O&q^q8-bh$v&HI4MzbXl>dxHt4ULzrF#n&D7*|Kw*ck8=d
z6FMl(*lR%jd-kmKX*1_HT+HPcYvE#=86owDXE}=(CqM?OvKEGvldM|H22<&yW`tY<
zB4m!D>NgBSkReLEsGTa<FpDv#<U|QVNcQ{U8L|Jp*vJi@qUFRc#*uaGWtt!|D*2Xh
z=GDPSry0$dtgm3VyzAK$<nD*bD#keaJhW8cLS*O64b4bED3brGz>1Zm=XXg6XB8&O
zK1gMgwORJRmH_o<jzBAOL5fou2pVZ~bn&v4&q^rL<*3A(a;XW{A&^{CE<FxzCCzlF
zR*ZJ6iRZ$yIH>Ht3@euFc1g&Qm7nMy;3UmX1*jT&86jlM4?$Jiv)~BUO|<5j!dI4y
z$$JwlUbis8(hJ<6n^o(xOlN8k9ZJ5{p^Qw$S=Dn=@y<4!RXZmI(|BHOZ%{R+K?ljV
zhSTH=b9pHbAfMW2p~SU88YmRFS&kLU{yIjx{6t<17yI*5F=6({{X1Fz^3oFB-Cg8x
zcoyt031DnSn6w^On~;{s(|w_#cXKZf`D5$TuorFRJfulO;z5DL1jslvGQ~-TXh?`|
zI+b^qaVb5hj&-UaQT9QNV}C&^Cc_f3ccT?6QDca&075Hb^tFiBPJ9MvA>fL`3jQs&
z9{q}c#Qg@8>1H$hA3UY%CCr*z`yr*FmQ$3%ILoxaIQt!YgDIgG!SrrcH-AKF=xc2g
zduScs#EzYCzJ(|G1kl7jGt!zvCJWOKYvT~ATwKVyENH;T)8IIr3s}kd0qWFbUfCoe
z6}>0K>9_<#(xc%OJn7N;^>GN*_!z$57b4`o%S8@XvR|P?W+TL>IK+d;B&05VS3tbL
z2(k5j0db=av40UlE^^Y{y^{S3Ei!Xoz%kEA$VCn-udz0vIc9|9vYK|-tzusruJmjb
zHVw?MkJ%$q>!8~OW1PGlH+JM_(pz9-s|<n`o(H|{hqr;NTO6cbbw1BGRUo`g0ZS-!
zteH~V`gM$+OC$7jk;58Ee=#wF2U!DJ$PhUk+6A{N*{yZrRu$Z;X197UBtL;MlQRzz
z3}t4wfTSPNA|dr~K?e=--O`*1{BckIIEg*3Wsh4BLY3>m68JEVStC)(KQzH)Sj*0D
z{ws^R>1l3JPhx0({<dx>g@@_@tSx^9V7UO$2ml__trOjfDSuju?O+}`7^(u1nNt#y
zka}}|#4z7-oYKmLdOt#`d|=(m+FfC2cYiabmG|hM3$?QAAK?1mtp7bKLvXP)hCZQu
zki;<EZR=MshFr$Rac|zAosBSnd;iYX3vaO|E8~Qx|NJ<^FwS@vhOt~qQ8aupEGn-p
z6xI20w&mt8nGVfrqg0*$6c~yiY#30OkP5$6aucyq)&PMRoB1gjv)Y$vBm8P+lxV^X
z5D5L*N@?XTK=fmd^|^)Y;?p=3YZZpn<CF%hBM}PifKe|<z^GOE(@0*MMciXVs|=6i
z6~G18v~TiLy>(B4*%^B7ICnt(@TpE_XcQ$LJWi?lNSUMyN;v&w@Z5v2lJqN^l{{(l
zb>%$&*?r99I3w~#H0GMfp|aBtM!3hKUiOs4rY*B0>`G}`9Vn#rd;qN~1Du;M`A(hK
zkDI8AAo$jumV*7OQn?^d+s=~^*{E(_AdE+!#NG3)Y&B5E3)DEtQCehW5I)eJVx{lG
zFC_60lkYM4juxe`CeK0bt(9qCLne@SQ-%K9d8JS%ht&D!@%8<U+Bc_Y+jfsK!@6m{
za2gQW<^@T&&m*U?{RxwmE8&hBoG*0i%t+J7c`Oo5*&SO=X<Do9s%(aumB6&fD#6`{
z851(2%@$zBdd@!G?{!(36qD5R^|DUkjS9SKnYGn$a&fl4E5X*i#uSd(^CeX2E@A_D
zE1TPuP%H<ozhKuNaa%xSEBTrSSMYiH(wmf4z79>lgz3VC^lwd+RxX3v+u1yMsPZ$o
z*ugIDs@w(_b?o9MtgPqbtiUQhP;C6bVD^E7(0-TU0}A`Vak#ykPsF$z*~Qm!q7*1^
zc5f4#UQC%*?h%^dU8vT>v|;7tOfx)xl2Ucb0tr<<3*fdfaGzK1fs38&;*-j&3*i%Y
z!CYU{d9G`pJARD8W(_LuE{vYdT9eC8>P^ZDBlyTCDJ}0ZKJ)!BNXVH7C8YLW0vjWj
z!WMSYxD^r#G~A}eXFg+#iqAZ|#<<l4t26(Z-8aCSzdZ|Un|}Y&;xn%-?J7R=hibmn
z^p5YpiqEvv7<W<*L#2lQ)A-Cc!P_Tu+5rivm%ag1u)oT;%|4Y-VAAb>6`y(UA?d%1
z&)m4Mi}=ioyxRKl%G<^Iam8li`tkL0pz)R<^sB5KX#Co8!}@W{JP8GIZin^beAu*3
zTD)9~&)hK-;xlVD|KEtuv;{lGXa1xZ;xn(lU5n40R(jfazI1*Pow+$ClFwTS4r}gz
zV812ddB)y7m~2p2d-bXeY3m*ZyLdbM4D4i(J?g_HdIVJIOZ-HSAL(bl!p2BUpx^Z(
zL(8Uh(=6gvjueUA8o!AxRl7rdwTIGDpa2@r{5Ni`ll<XQ+-VS14OUdoG|hx!+<n-~
zv!0Nju)-Qo2@1FQ+L*m0i1n)hCDX3TFTkocCYt_YFT}FRr5_+3`RBeF!nWAg+;=z?
z&syCuYnc}t_V&v>kka35G)QSSet8kY^r*16!|IxO64GIN-hup2^Oy$a-*_kdGK788
z&_5VkX92Mz#Pe<JV1j2a8@gBWs$jq0u2JL;0S8)#d#!r}n78_NEtvm8*hx?NaVdnD
zscAWpNPhOQP+#`Ne)A;MMZ7twbt(ncJY``yq{7&5!JlbWvhYPaJ@GbgTbz3=8#I??
z1la{!eD$mLq+@SQ3cJQ~UI$i&I+WbRjOKB)0efd!k$X4xXI}V}sKwJCavBVFC|2yx
ze2##B&24if6h068GoM@xR8G*_WCYcmxx5JW|JvUPtiKt?{$g*N<hhFVIdWI)I8MaM
zpe^I*e%|$3?9aTHh^|kqHgp~FuD>xybiMjT=(@Ao(Diw9c-KY#7YDOh8=Xp_6)Q6a
zNA*>Ck)hx{VDYxcdCp>T_fqUHO2l+40J9|mF>6vV*#N=8`aQ++eNcQcnXQ&ygkE(M
zAC9G09itas7y0l8WdVG+!QyR=^Yp^LUG9spKR*%EFT&mV2OBZzz{(9SW`dI~<81KJ
zi9rJ?w!8ozT{K(6R;#yAq+Z&SP4gOc?A+7T0DAWYeop$agaRp6gw`cM{QLDCH2m%9
z{1cek_0Rqq`#ts8Kl%r?t_MPR!tAfrirHN3yO>EbVRpUx;%vQ;PcEJ?`v-NtXfeb=
zYIrHa$L8=mgPdf1ijz!Db&{FsJgbm63#z=|icok&<%3pO&V=R4DdLx<@)4^sh&VVW
zR%|St6Kes!ItPwqwmlDcU;B}S$WQBfvYtGi#f*Zmx66E~Gacj`tXM`@MF&TLt`72W
zd&|Im63<NGw<PToxmo;{-u&khTw|{gN?k5(;DJVFdBGyE;C2l6#~p>Z2EXOqZhFiS
z-S1HDv|``hId?ex`BpvB;nK}Nftrr+N9gNkpxkMVGwa0Z^z|8KTwmWAX?ak6be4o{
zfzfve`S-B}jv!D#xCntuUbqZY_8IGdaNm@H%I-~=$~JSAeFi|8eFs9J2P_;v&ssRS
znX(Kka}qI`y%y@Y6MInIo5=k!;S_Z_Ge=$r(|Jl6R^qjYDPmt{z}uzFu{y~KmygN|
zzcsT3c%1e|ej+B|>cuNs8vz*K%3>z^oXA_y6|HNcr-I`0!V4@2se>Zj^z>34Pl$EU
zfOtrP9AsncQ*pEO22n~=$yo|K-=fZ%#kZxeu^>b?Ld0|FL4*)nv4y#{_6H=W&V1;H
z&T2i=0)Fcv3IAY=zW2QFbEeQYfsHS!r>+5{PPoYLPUR6%L)FffRknZ#)PH*xTLk{@
zBBvZ=pOZ{1cakZK^GIW~7GG?mTQE7{Bu%R08KK3amP>cc5?Xu>-${{6=Sbk#{152V
zJPD!DC!$*FK!*Na*>@(Tl$SPr_;Eq2);K{c%Z6_yo($ZXmV$|dmA=dNN=SWSri5(k
zEgCI4M0Ry0^Qmt{S<MYjvfrK&R1+WP$@qJL8`ws5-4i^AA$zSxE8W`*{L(k7uknXY
z<<jAhaGdEIQjWCk6DK(Y^YgJdgy>GK{=ws{v)-XdF8vb;q)&=MKC5O5gyQ%n&8vHW
z^Xyag8m>Ra@iC-XH|IP7$MH_mtoojV82QTjJGgz(qMm#l<kRiX!ZdsLJ&;e3!0Ed|
z9n?W(*_SRdIqZB~LZS0ad`oiE;}YY-JL@FmzFMS_pRtay<YKeFJ$%`GZEweH2!J4r
zfJ(fR{NW(+FuZF;Mz}}V7b-;tuzMbdTzj%FPSlgSk$sZ1sLN+)4)h(AR_<i;|9VQP
zT=vch9{n&}iED**4g2)M6O_XA6H}CK6X6n0Ww6Uf=ZthJm+ttEiMJz@qU77r6!%RI
zy4jWWyXP1@jIIywJ__>f8ZWqxUM5-|R-b=N^lq9NAzR?CI}n03Mra{IXl8@xp9+G*
z7j%E636j`;4R<P6=0m@JmM=twSq~jb5nknVlPl{mlea%d_2&@yW4=94xOYcd9#kc*
zPrD&M|NX2_CXfe7%33xovoMKcLiaH*2;J9L!e|)p<?AG`LFm5jf$`FRAx{VY4mk8c
zy)CukYT=dn##)2b+{fHi5>~nFKB_aT0mLF4+HguZm4Azv7a)yqul&q`c33>cLC;2)
z^GyFOSn(7)6?>Wb>Kwjb4Kc|IlmD~Vs)tPmnZLfB($I(PY{mbxJ)=2v{|QP1OYhJY
zr~45?mCNp6#x=VRTPlNh7<K*Ej{)A-Jj30=-xf#7p?GFrf53<$@=4XUQyTd74q@6r
z5R@&@!2o}rz&A)k+hOkF6s%Z!uF*ne5;*DG=Yer`om)bIv!H5k;Oud*DqZV`Pn+JB
z(7JAn-h(qbs6&azv^Ha}Hk0ObP#Ri(l2Th>CYu;HvK3_|>kWuDf6g=x<@2{B6dK+^
zsd~g6DbBC}CXnTFNE9$weQ!FblhQxf*Pffsi@@IR*2E0rw%$V?af5p;XWDj4yxa$=
zQLomX@vH{+GA{GfbG7?c*q7VP+P*Vg)Uk6RcOgVB(M0zch-RXR?(s~a`VO^I8otjK
z*bVe#VhVx+Y=Qe2viE`)+Bo);JG?#2evUlFQ;_ubKxqaB*7E^YW|ygm-(m1QORzG#
zSUu|I-Uq(faJpi-a+SuOTlwC-lN`thsxM7rmd8fugasLP_?Nn2lq5aP_dnhg?rsOv
zr?2Xu0GN%y(4Lc&s*BtJQFK7|oyV4IY~9aqmch+ajGu)(r{ulOl#Xhl)Yn33WlI<S
zGtu>!AJB7yoXG@D3fL6qWCZ&cq~Hnl;p-Lt_v(xw`_mtigrq={kjta9fVAxWtNP8!
z(<G#BCp^<fUy<o!N=*Ic7p6n~W>KlRN~}-(mJCIT)c34OfN-C9CYfqXjIPo71F(;R
zB*k)G>$uSL=@N=v?=)gxbAUIoH)0=k$Bzq5fN|S0F7!|KLJU0C;DYI_4_)PB<Ie|7
zk1R;L-d`&MPo)+pu{9JcCQPbvzcwsw#aXRdcaAY=3F<e~Bou}N^A*!1Q3&0giIr<y
z$^d7-qYnR&L8^y6Q4*Z}RHxM7APHD8JNm~v{Be1hm|f&DAVOHrAfe0Dzskp%!qyYS
zRqIr`If=c_p;!TmBWtHzdIXjPEts5eC@zGR8!*{{`*k?`eSx#~$O}IPchGAv*<n2Y
z?bnQ@W@pwhjU$bav5N7!=}`%V&yJxd!?^lUeRVd=p?Hu}xy0G;ki$RZT6Nx|0_6s$
z)aW1y4#kdef3w3Mm+v5U<RsUy7aYn^2WfQlYsHGa4l7oy*lV3iBI_tQ=E$m(pP2|w
zgFDoF9)+1*$Fz{*s>S^!hm>HXo3S>#ULRSj$Jl|D?vRkH7WZqlXZ(zFIw&1FH=nZ^
zOF^8~7B$QUtEZ;&W#z>VMRxS>g{5i-k+IT){r307nDlUvc#*M*G(`LkNsIa+f7P=&
z{LAUamxFw1NLw-#XW!tt*P+Bavg6V`xBtaxyKkyC+U!#`4dtE*<0%14t&l`5p8s}`
zc!v^~#xDGE1r8FI<{(2I%2_<|mLt1Qn&(QaT!XXrxX-}-n$-BIV8mhN42Lo_Y{sMx
z_p8(3Bw%9BBWld}v}YU%hhp|KM-^col}mpFtMWtug6%wyNT>?sBBU;Sg!S6HOtZ@8
zNW#C#8-y|Ch4>T;Ym13@EkdXY1rbumJi<pB@s???Uc-}_ECxGz#S-|_h%Kx+Cf;&*
zl`X)|=bucJ#Cs?Bhf+a*c~d0#o&_$L?y7<s$cG<>mj-JuZQ(Cr*eVa^V&ctZZHr9^
zsg=C#Sgq~LyzOLw%nQAE$Lo;&y!BKOeKi#mZ*c_bOn}O0Hj%e07ws@6-X$C&@AzWY
z60w%qyk&)Gc>yCF$BMUHCTRw1j)YK+SrXnhEmI^EP7>G33LvZ>SmX3pvMb03h;U7=
zmDgu$cK2Z7plXW59y$Fh7)@<*a)P6#z{-7&DicMr9E-Ym3bQpU842YvL7SYMZ?(zE
z@mQ%GEZQWhZXMLv&Y;HXpj;f(R2@{jqb6T#HdTjqnGUVIGqiFY8huFW0t}F^WMhR6
zt)4fNlg+qh7_^GY@S}coyM)5ObyZ)SjsJgh&u^!{3dXv^|G@X>KE$wDAt)Tv%`&8Y
ze{AP&M#*2L62@+JB^$}^-q>GIB*wGK#%A~@r=N4f$P_dGc7!Pfj426GOxgFKAY-Lq
zijhnarmTGsKt-5hL?gnKXLV@houNgT^1y>qESMO5BUq&H!JSp(z5@GkBPI%5D>ECN
z%G6d4tnY(-8*dvMuGR-76t3nE;vSSxfJZX!Gn8!q<^c(*J#LebfxlY3B6Z)5$q6OF
z8$9W4O`dT9_9u--hU_0$nU%<azyE+3FvD`?<Y5El<YB3D@-QnKKw5aC*7V5-m^Pbb
z#Xjn(34fth-72B*cjfyir5pZ-|5u9t_lduHJ!~I!UxB@I$0E-a*w^eHfc=(1Ae{=v
zVlsC;CNm~uGGiu|nlKqNb=*dE(yh#Ng8q!#sFuN>==e!y8*OtcGp1stV5T#x(S4DF
zP)ENlj;uXSc~}!>X2%vMX;PQnFCmvSV`kWF&uDg%Yq(uuNRidGeRdJ=??tS?mtemo
zEvCQYHmW!B-hIgbOou;_d|TTvX#|a5IGHO?QlrM-&qSozq0E`A{yAAf8C!ipc~Lc~
z6)COqBHurYfB!7@{S-`QjKyTk_;DN6hxpev^FPnrDoo5y{ZIB*LFsCbOxDza#j95H
zcYeK9LY?zx33<_5=u0N7Rr_R3U*0vDb$r-hP%KHBvK)pn8CImJ$zi!wrecKDYbFaF
zIczL6-vM%d`eY}WJ{43WYlX?M@mvwbO_nr8iM3SyOvxZ!88OvbRUD6yT7REWZM$b^
zidv{`OL2TeUjy*>`3rSOi!mnNh6vz#r0K4?yq$_7x~ml#bXOzNbk`wd)Lq&4NhsW1
z(_PcYV*jwgPXDa2r%_ow@6$B{>Z}=b$^6SC&@;<WS9)fdE|~+9G-!1knl41^bWkr(
z>PpD~o+TSq9n|zmf30K=jbTd0XwQoAa<8Ue<_^Zn+`;^#mqP!ikL@InXN~2bi<_hi
zW7Js~>z)5`Vkco-j+IK_b#^7=Jm{Org8wSx66l*{(WJ7d&rJj+QHMI|n>w8ak4)@D
zD)~a4S_&T!26+$HQS$!Ei3WL}I+4kHr+<a2_abRxSIk(fE1x6xN(g3Nv|0$<D<O5!
zEm3M=QtbMiF=G#}io}$}DQ|21j9J*9^kvsdV&1(H8?aWFui4`a-xPUpzj)xxo}S|A
z8Sd}!Zh_zKoet#&-X#BCW}(l47aG*T_cEQ~RHi2~)M4xQ(t9-xRMeFgsu?yOL5$R$
zMqSi6LDxlYi+W&!q`6mmJ`R7XZXPY6@OJq^bPJ`lf>Qb-rSvOGX^yzgiP1L$v3IT&
zc?L51d38kJSTUK)#AzxfW707x9EfYcH*4HR^<SewJcjw7mGDQ;pQwfCk4eW$!9c7G
z#{Jr{c~+`3t7&>4)d_tcmX4JX12K^@g5f?)^<?tf1D(=95FUW>U+5caXMLmhcicv`
zg!k-w{^#w{y1s#Z0!$jQQkbgin)mKu`UPjzgMtyNpW~zH7pp<PSTPxsGH#>#F^6us
z1^(<9eLDTp!#j5-^7JG#W{%saCh*n+Z_zhAI<@ba5%e|7&j(4tljAn3*WSW)P=sG+
z`SUxxt%<OEEdO&0Sy0TmGK9nI1h2QR8IonljxA(CDQ}zm7vGn)?=L9hjfdT$(+}o9
zS@Sf1aN8|X=lvn~4KSb+<m7@}Ik{k<oLo>OCl{nLNrGz%U_jR-K%&*;g28ff0hW^s
z#*!I{!1!?+)j_xL%^nS2_TPbLih-vAJNuR>e*oit4CcqV<$8r#CKwo1?PL>dGc-HM
zDeT)NKOe-tt@865aMm_=VrrdS`ZC08gIgkT1>OIsN@Oy1;&^SN6%K2rEXyMkzji3S
zpo&HfR$RewqIMf+ZF7>@6>{l7eNlLs_PQeWV}(YwuXT~%!k11ecajFIj1D^dE~|^o
zMlRxkU;zi&j<a^lrN4q=&4$3OpCMfz$QfR`mucYN@8Xq<$rkmPh-tk{9Qu3>kC+{(
z?h%iAh__bU1zW-pQw~43z!#dhvX)CjP|A7ATG@98&%RmfB1c{Q4mnCXIw&0~FD#T0
z8sQ&wtt;ynOgw81n^ix%yF1BY)qa<@LvqPoKmvv(uQlV4wqS`7;JAZqaw?wMPzPko
z$=E8731Y>wOiqrMlk<z@<osMYIe(y>oS({;t+*zikBfLS8yD&JaydDFFjht{!Q>V!
zu8YL=c&v=Bz~q)hO!BRmj7(ANUz7Y)?nxAO@H+F5tGZd#F?U<khwhY+E9*B;AwvUB
zCvLlw`yGJGf$L65j1Vs8bMBOc-x7}AEi}wOSJp4?<ql<bqeB@d)MWgf5^{JqH)7vj
zcLOH-)Z^nM6y5`rm`W*C7mt!q_zbn0{pqRR#{O8;gQM7(5C5yne8;|K`5Ev<mO4IT
z#0g)buh(degS6tT7J0#HV1A7wt5Np8Eg_UAuRhyey6f>D@<^Sxp&^Ia5S|`3?|}=!
zxiXw*Cv`S&L!+JSw0ZZp+R1L4_h3RsFk_dkq>b4c@}doSvc10gfXU`PAlph>nQbZO
z?X=7G-M(GC;FyinIi%K%Ap7cqYbAud?IwAihf<m+uP&7AWSh-<FlZ||Q4C3%`><E4
z55(KN`-j@Q?PQHhHz4Ti7!&V7r14?Iru8;k^}%?X_rOp)*=g_gowwaAmo5~qm}6gA
z+4U=N?(wX7Tx@e6hjW)DkL>jx4D#EaY4Ym1@#IA0#@)8+{TyDmFL>_{4z+jN&A#G2
zJT$M{J{xKCwwpZNZQi!I@`4#1lzQ9Eo+MjI8%;n+UN8~v#CcL|C2a^vNcN8Epfub~
z-&wugxc>Xw@;L7F@_5sY5qYfJv+g+#(#$mCY;YZDQJ=kC7a`B_-0r@hdjxy(=<R%8
zmiNPKuycwuTSqf=YRnes$FRY2@-QqX4;zcgutYu+^Ryam+|Iu9Mi}c0pmX70x{&Yb
zAkaURg#Qh*7VTs+NcKP3a+A1f^N4GcJ%cBqDHS1IwYNz;qumzui<8{>KVLXEynmZ^
zULcoV4RH6m$Fga;=r-Y?utj|V-f=3kYu!og(e&H+*7CI(dv#H9)ouLP$+wq_ZPxC*
z+awhF5l$z6#=gCtiVOgPiM`J5JMuV0*Io(V-|U$1BgpZe)PACamC*NzYi)EhCzf5#
z``t0&l)Cd)p;VsdUgLSn6f0)R$Wx2S_iEr)3E8&9ov+#2HYP~fKLgo6McNi%eyT$V
zR9j7aJYR?84`%;h_Rm<X*w;Epej--vbq<nmb&*La4svIzV&7yV`RR7@@D++Z#YXZ6
zcHz6JOk9hVadlARdtV2op#vS1s{0Coy@^G@-fdCm1N^*)G4~i?^$jnQVk0~9i2dt~
zy=++C&**$=tj<c>&MCE2aQTO^5mvqoy6lKM$4P!yx57KWvv;<^JMJWQ`{S{kjpuPT
zKEPm19xI{nczedrF5eN)#*Cm?fUz|bBVqv~VnLC%gepjNh}mYVNk|aOP)5W8M#O@#
zE^=R@gA`cpWCqhfHd1hYC1a&lnlloRa7iH$MLmsu{I~3-#M9VIEhD?Om;M&L{bO``
zFKmmZ_d{b&L+@M1==8q5Ekf@hV>;8j^_Ksc-rfFB=zYe>|8shGKMlPPyH0DLj^*}g
zF|M(f>-K4anMtwjntgh*OZ)UU*qU-J&Lj4fRVW@Ib?ay$2a<V!D>F<k=Vt3t?a@&v
zDKh12Cz)8`B(sCubPe}1-pdGrUt{*T#d7Ij-E@6W1F?ozpEH`Szl8gV^Cl-z9e!t;
z)kTJ+xrjSWSg&7lXh#j^YcG?*eC;7zp9YTB&DX12_~5!ln6GD!)^*R>;!(CRU;n&W
zH(x_HN6goBNtmw}f+yR=wX$!VZoVFJ^*gGYukA=PUw?}+UyrzZvynRgW<FBS3VkIG
zS?{=6kOM*~G!ynu2iXjUTZ=GZvEm70(u7MkFcyJ9JG+7pB&!%e+F;7n1`;OMVKOEW
zR-s_Mj!D6!AQh9sbj7}s6bxjxYr!Bn-CoQ_8_zgffW>u@xE>D!J^Uae(A(Ttyqo8c
z;KpvaC%+2Eu?}Npc2IqC6x3T<!tK(BM=|U77mtlm0X+Th7-g`23mMG4y78MkN<y8g
z{!c1*W&P%^awt!xH9C|#(uBp^XB4w|H-W|b6Vr=kX48JHUN}NRp_`e>YiGZPvtN6M
zODL4fe%;OPT}!*pXCh=*Jl}sao=;>$j+Lw$_b}|oOE4K>%~NJB!OF}Er!sXJ?~wN<
z3E8~V?6%sx)a34N^HNFneJb`UD;a*{Z<0`WId6XRO|jd9Secc=pAEhVc4|_c+0)ZK
zBXsgybkpD212Wh?Vm^uergV2-eZOhXjmG_^+8f1wQ>x3?>{%3kS$%1^gu<)Td)S|)
zn*6%V*F5KPtjMGh`}^eL>H`++AC#OC#Mv{f*zZhUg5~_`aU0dAhijrLX1@R{az+qm
z6<V=uXAPelZU`SZy+6cctXNu~jReoYA+*GEJhC-GJ*)|~V{#&o*k8rIW~cws!YLAR
z%JxG{9b9;$u5B**Ls*=0X`-;zP85kr*upIzVMMj4YLPIaj)TbXl&c4uxXjp$ps+bl
zW-8k^;|Z;5xdx^JX<ky0zQ9xNBu(m^A_)!Kl9$O(Ui;aX$o=fggm<_oqk(Je#e5iy
zu;T0yiE`=FaBOQEj|nq;CB8v^ccPQrZ*`JKQxyBF#FnbqgT$66r`wmv>8@pRvSW~(
zY)j*LrEO#7bbu`<+b|5_{$^aQTJr91{piCFKMaG7xvda_BVH^w_yNA9o6(b_3Z-Uq
zHw)oo;q1b@B0+tlP+O(XF68!n8la?{ftBfrxZh4JRpWkpu)oh#OhzSQVh){6d30%R
zA*lG!WHwdb!(iBbg`s<`3nSrN2^qoA-K<H+NC|bdUxO7(?ZW8sG6lv6Y&gRB82?~o
ze9)2l_>hk2<KrALKK70jj7=03Q{fckP3`WloZT=l?VmHYMr{=dX1ecm5*3a}{5Our
zWEA74$-qxcY$;B1e`+3iG+nmZKbMnjgXMJlGCA3H1<(7<cxf*`4I`(<vZk;L)(lYN
zc&FVN|A`@m;1brNR=T*#`ie>Jw_HFb^<@`uWYRMcj`Z)mWufL5K(nESW^oz8aJ`CM
z68g*e&iI%3%wO}b?*0h>hPrhA*?#ZDzw=x%{DaKI`<?#_|I}gw|IGi-`IqPXFZp+3
zgn@qtMsWUpKLQx@-qU~0ztwhVHuvdR{*{gREB<jEdWM9MuUUTP6tk0e!<lUYRtl}8
z3H$rp1gb;YfU~}k7wkm{(H%~I+GCFDpDq9N4oNl1zP&sS;u$7r$@j6Ze1Z@ft~gUu
zhi5xeQ`{-=8~bmJ8%}OcO(o}u4Y_F}{a2(qyqm2KWj50M!>Aze=q?C6NIf{56ZkrZ
z;<7rF(a52A1ce>MWd$ntoa!L1L<g}WhY}z5GBPjXuX(oSbt(_9ew7CsZ>@Q-@%C&U
z2(@$VU`y?u)KxuyM!$SPzkU)zWSfob0cWz)kT6c-B)sA=NA)j^gz0A4*F!|(KXU|R
zd8e252oitOC5fvziPIU0(^K5%!*A@rF>yG#IXyLxWRP3qxQASL#&Cb1bnM+=#me=u
zUU;`-GP<ryE%CTR(-LDGVlQ`gox4AV0KBuYGD92Kq);O}CWVQZBsi3W&=g34*wAUc
z%cy&<>f|K%aFYKt3`qWB9+3RY&g)h0+_6Y5btPzym0pk#$lV7k{0uxBPQ-bD2M?KX
zW>qpZFMHR;BjkkxPvm}B^YKx*=bG|19Jpt-$llHH&LP<gMWp)u=_Ci#M?tZ1r#F5e
z?~pb*$>GpDvH63rx6L$nAhU5ljpuvrxlmez_fApZyuM$xx03g}j<tU>TV7)=X{Q~m
z<F{B4n&chaA(zgx066os^W`;(CC7fRL`Ys;WGZQ544>5P3%Qh7pgsT+6)(~$r5xwb
z4htaR>4ixpWRND6OZYaFZ9TdSp^U9MSw4(IsJUA5oS}E}Ip}0oohOyy@vDX7F_U$y
zyi+5&v>(XoI!C{t0w>J=ksaPP)AZ2}Z>uEF_nHyP*p;!>+hLLyZIGX@mRI*olvnq$
zRv$?0wzK2_I*Cw8JE}*>JqofJm$aiF5R!epO$dcPGRM$2gMP;TKsN7G6Qjt$+|uTm
zGjY}ixwO9-A@8BNAX3P&&@#yT-D;NSUk07vUBF}u?zcx?{g_!^{iMl6+F3`MyoXPg
z&>vva_fa!K)%&}b>_;bMRC0it5t4S6R5K!1K}f?)DU#od9P{pPC~1Se^I;Bet4W^s
zu8H;HLO_P^q(2$yzv5+#UoJs7QU|4>X@KDXBfLfkjxT9zU?b!#(&9bb3b7O=w2^OO
zn-L=4I<i{jd08f{p~vDqB!_#m_glS(68H|iO}76juf~#%)Y`laL0d^H-`Bo?p?E0X
zyMJi6V{8F5LS8-9WFw7Hjnd3ajn~?$8{)l(hLU4>-KyD==|Xw+R5R;Tu!Qo4*8{;=
zqi#FMG1%w^<h^ZkXIupv-BlbRnt;%ZzTWmY**DaTI5kV!C`Cw~KfnzB2JF&`<OQ`%
zn0`@m0JY8)!$U4zDKVHyGy2=)x3^Efl(b{1PV;?{o~vi9IUYM7{m+i4l$NxQ{}!QX
z|0rqmF`8cNzp=sFe%G{f{m-IQ_O#<dgr@b>x{}Ji-5I#IZLU0jQ3R1bq_$d(j|+zH
zkMfV>t~>rB36tm8Px1waJEKqauRV)5G?ZDxS4G-a|Ju8FLt~kh!Rnbdv}Z9^p5p+f
zNtpZ7mYLu~r+Zkue`xX6;?CbKOT^U6rg#XSq%<QaM2=iK_Y|ce$e9?q_aM9XWAwc-
zkm(n^glfzX)#OhaFhN40H#nZg2WQ?iK|<kw#NOS1kA%W~V(&hGkA%4OGt5dxq=YVz
zba>bsH0d8Z0PRNbcB4{4&5`dKg1)nA<$3#zef-t%TFtN&)(X<Qa7hUha*$3gEMcOs
zpIZ>p==H4T?L>BjC-Jw;qHo%W@Io(4p;c{^!kK+ICnAWkH)xJ-XbwHy)|r^ecS|S$
zg+O}0d=3PFVRQ7OtM4|TK0O5zS~bR~&{%Ni-7TSznRfop(7Qzv``8B`kC#wrX9uO~
z=p4|vuj&4K-ruauey_2s$ly4utO#;7>0wN*<qCH#j26GHaJ2#CtKe;?U#x43J=4#^
z{hHK^ZIbSvBtVi@+^-RvHGek#hr2o{v&LiPxwW7;H(<X@#bgT|HI^?{?JAadYhTcF
zeGN!gFm(p-&V(<EMf&jgPQybduT^tVIo*C!wFv3(HH#vXq(eAVMK-Hbb^j{Zk@Hra
z1V_XtZQdJ@=P{c%Fc2bndpb#r%BbcGx*vBa^TCbSkBc1S8TM1Q<^srE*@|Q<w#wF`
zRM|R~ec>+l&lvWZLimiWX8u6E4$u5_w)*l8HF<j2YUZC5<k0rNx$X60Hket#Y<|r4
zSNVeL^?ITg7aLOCEa1Ie2rkXUUk-ViUrgmU$MT!$aC6~g$V&A|130u-RluJGjqvAv
zFirexir@ua>CL~!%CAx>rSh1)*uMtz8@2rLV16|alD^Ey#r_$om{;4w{x!M$;b49>
zUO?jYC<pRVUTb;5La16w{JAhK5Y9I7Q)8_7(#0)BJnY6qOldJBm)sD(JbM4j`$Qa)
zeeOJjYE0bz+mMd4zHs;VUXR>OSecfBv%v*!+BaC4X01YTa7ypU_MmAS!#m5dH<%9a
zQ}Yn=4o2>ySSd=x+0QXHdiFcKLy_k~;ncKGJ^Clm#Hj!>%!as?y;j-ECH74szS;1`
z=bhfTJdZURj680K5|>sy_;=5P#WST!&&1-HrYg@}kU*w}*9@n!ygCtLP)oNyel6MI
zJ=6dOO-TovnC>)oM;I#|V661^?r+W5rF#e9>H{V$)j3F9nqJ?8b+2E9etJjG=+x0U
z!w_O!lvgKu+fv<`-b(0|ySulooBQ(6TOev~=Ea@aMR8j<+4oY6e?HHLgB*&C=~f4k
z<<(aBWa+NQ^T@Z}!wpc3tAqkVSF<~fP=Kq10z#?Y1Fad&CG8BMTzSzJTz$wCZSPBs
z3_VCK&sOrG{;**k86Rzz@HAxPi*S!mFDYi1Y|@aO;WOn6a{)ntvpi<6ygISCZG-zC
z^6H%>?FU!~uJX1g%@`h#(h!p0-ZMQnv<*esi^Ve~pXVQtS`gN!#WSU1&$(=!P<)`H
zxV?gJmHz)jj{%fYoxj)c{a9ZQMx?iG2=VnaV9KQG+%vuH-Q6y4dy*T6+DzJWL56cm
z+BX2B_n8n{zJX!wz6g?FGK6Jct%)y=iVt)wKfuuTtv116lV)577_lxaJH`jrr8a$F
z8A-pjqzyXa^tN?(KkjWyl6}8$3U~KB;HUxg{;<i9*wG~UYs(*xN$hH_9XY%S9iOpp
zgg(*2B_i}FY1;r(rKIfu^#3`eb(yg1)!0<LzoWRV!krkN1-$gceCdScrO21qgtUI9
z^J|ayP{U`233)ZU)A*TTLIS_Ga(>B+s&VyxQ%pRERLl4!=9cVRe}d8)@696Le`qNL
z`L9an6?~Y0u7ToePGuDnju5EkPlc*<lBYjb)~AE4ZN|#;?5=vMMr2yN7(r?Ro!r=u
z(=kz)a*&h9TIJ*vT$7v1%hG9IuK}N9=vTkjaw(-XP(z59NwQn9-+u=Paa*EIw%U=L
zY-@%4#J)tM-duZm9$%GWg~ys@LwK1d2P^AAYbmQhAt+oSD1N4P)IFlx%Ps<qz#pNg
z-WO@FknWg^%RDkQQBH>f*mAnR2)6Qbd&<f9eAx<qbaHZT`Xu=gd-)&o+}y!faV^0F
z<F(v*9%vl8>!PkzP`HOU9}@b)eJ#@!O;{;P!P(D&e(8;sB5Q!_mnKK{Xf%DdcP3L#
zx7~mcA5-CK!DrET*_Xy6lN!0^0|h(*;j9|j-yODOIp@jx#T}G}rvlofdkyNwR<ck&
zli)!yIHyBJCpoz&O-{yr<mBAA&NyR*YjY(Y`|(Lkdf^GVC$ZvZ9Uu~X|0y_If6d8Y
zaqdU++$wl3X)Nd0{p{sfF$q56Y)SSN@Pr2jW;@6pjnPLob4Cx(;p3Au2~IF3D}Xj+
zB5-(znrEa0;)EobbOc(kH|vM!!o;^#E?o}HgmL0f1~Z${cc;X3)1|U+G+Vz$GobVV
zo}5*fA>NtwNG>fjA>^I;1CmSakir+YV&YmNTXR*0UX9tz(-b{-iwH_l>`NRZ-zulu
z%OSMSZ&}12B?4^}Kd-%Pv+`N-hdfux2#Owrj$9Dwuy?T5F?VlV15qE`hY%t|G#OD!
zOr87uA=3H`>niB8pO*#Wm_qMipy&wf8m%D!^P1xTO#~X-NB>7OLRVgZkpIROu+FcJ
zV+!Lt*2x98UI3*`Kh8!7Pw4XkmYV1Rc{P?o3z8A4$*qrw8nB&`$Gs}|8&}T9nCs)t
z0}P7g>taPzc8wA#xw@b{&0s6u$Oqdjvk->R{B%;K29~OD5RvX$BBzgD#^w^AQ$=Zt
zD@gF5N%AAm6EV5`P}dgb7eL`5J3ab#fp7#9C<)9_gu=9xhX_$%Kc-3r7oLkjUHxCO
z2C?71SWZr<vO>PDDp4q$(dME7h-cX%)!18Y#l*FElKgw{4|y(_j#ya*#PUtN5~0xh
zSLkBPI~d7j_np$URcIbx-bWGizZP3S9F4d@9Zp;>yi8npbr+vd3?j@Il*_(5$>9BM
z2?o@UW=o7DyYjCF*Co|_a9tpEJ-9-@cj!7Ch&4Z=+QW0BWM9mP)F}r;E_y)z9csmh
z`dBh`v@<gO$LaSUsZ;b<)UgD)_1OpH4^K_%Bu$~8&WT8j%g+Ugao~D`#L(@cjO&;X
zAL{PrZM$CfU2+}RZj!L>uHe?4`x<Xss=Q#|IS7$j{F!u_*bb84u9m%9&p{{@zLr^k
zCZFtE$1Z>1m&LO0qjMO*Tyt8-kP6xN8hcoEE#Hj;7@pp`dQQv;;;gUaML})xQ|jgW
zDCtrp99elT6~=+fiiy7~(t+jWeY~D6ryl<S$v(&y->)54x5weC?O*c$u>8rl{~vdM
z0v=U$K91w(PA02_lOQPWL9s#wno-dppt+ENGcu#0iu;1KTDyucBcKKb?+kEzy-EvI
z>e8n5tHsu~Y1N1zGNDKk+ybR)#a2Wra~-XS6_OC<{Gao_=ia%KnXtIDzt8`92s3k+
zv%Keh-}CN=DSKMgH^GRYzRmQh+g&TICYga;LsvT`GG%xSYlY|JSK=1kvPCqefiFUt
zJ;;&Oz3(GB52(cLH9AKbN8^9!M+g=mt6L*0V0}^nwTL#tYzZ?}C7}ClKEaG*m^ndV
zdQreQkC~G=l)xA_w2n4o)e04aX@4v+cY<GEuWCECs~}LT3%Y@+jliqBRS>Gx1>I<q
zSGDb(eqXz~pcAd^%US|0?|Lpay)-1ao7Un9=pn+i^#ViD?oi3Jjp=}X-UQm*j{*bT
zr0v+g3Oyc@fo{@v>;`k7><1WV!e*ce*0S9bP!d7(K%uL;ZfJ!qUU`Qy{T+F9jjugu
z0>qOiEI{|o8v`XEYc8PizySNmW*i+?zD!-;`c8jXMBm=z53eD_T8JrqFB~lv?xi|H
ztgyTSOBoQ)d`n&#0BNh@888Yt0<b_;8jAwb3Mm7QbTiaWfl0JNO<M2nb=a9BsGOV;
zu7XCjs?8H^{Jb9_0dvxuR;@Q9)5NEqZ4dd*DTG*mC64s#w028zuGll(5!EjDWQjfb
z<eeSCEO|$A+g!2d^`JtmD=QHoWl&u60zy&~#LuII7=O0-2DL7)6E}uCvoOwb!SzoU
z5t1qwKg-3>vs6Md1{PcV`}aV!A<+1+L4;WS_H&Nv>2ZS`jT+1dd%8Kdyn_g7Ro~23
z(_CCe%HYUjY(b)x>1$lF#FvI<F1gI^mt^)@x%1lmDYNUk*q7p{eXgA(@{QiAA#Ne-
zpF@sBk8;F!W_aA2Bn5dbuT<d@+-&)yFWF7%gRn~0B}Y55o3j_tWeFXC-v<ExD-xXS
zyUDfajcFk>K=vK2^gqlD7@57DyQZ5T>?87neab3nv>D(Ay94uz!;+C3U4luI6ilpd
z3;_&RnATlI7yYS>5cYy=&wib1kCeG6z64p&QDXV^wt)UB(-LnoJuY-aDWduxhV3k1
zOzLz=F_V%Y#Z2my@Ddx}q@>u28&M>a<^>ll&OWGhqUPDm-k5nkU|yVLy4iu-`(VJ2
z%eS*L!II3(aX)1(yS&UiXADzbV_IuH8{WoRl3w<lYqM`*!#h~Zb}usrMw54+0YMMg
z(#6}^nFhAhPiHOfdRx6E0`|tVgnn5`FRAddlA*LRSTc}S)|GhaFvN_?x{?}ZEJyHP
zR>GJD+EaZ{-yJgU*v^bv0U(A;kF!u6!H?di*s_bm?4InOZM1-Q>3z%Lve_nW_r`K?
z28=C>jAq8#Y6NPV1ZtY|<kin0G&fMEIm6w6In`^wp&z3wY{6R559fS7y?;sO9cGx~
zx?Uo2AuhO&7<27maG~BPV3Y>5G^eq#<%F;?ZHK^zVR8l@>c$6&1VMez7r=ozr#m<h
zJQF0$DQ3TBx&9?${g(qf0~E;1`Lb|<8OwLu>+gbqzzm5E*6aP;R2eMJrOKM(jNw04
zSPD+KgD44ZtJZzvIst5ljU3~jLeT!E{IHNCupo_yF+1~oonHNApu{1$!l`noJ^iw<
zpqC0<a>RR7KBdn3&tA@j0u=2U85t9u;~7cgNmw{mz(5IFQ$h$^?OM1^RQpW{N+*Sc
z5DRp!=Ju#~IHKe}d?N^iV1aWau#fW?o^DcX3G6E6kP_JRiHEQ_T{BT3R%tQFM5AbY
zU_VgMM$vd#*6fP&%<j`-oE_Boy}6nY>%P5Ei8YUu?%T`E<pQwDhi?btulOz&&sR!_
z8ogi$jX&iP-{vWV##VY{;ooNjG?G0-1WlUad-U!SK7_^>dHPZZe0$xx0F8hy5O4Jm
zVr?uTM0zD+$9Qc|1-)V$jh}RsR8wPjra8CzAJxl%q>%s9!p9MlR_h;ebp|R2Bdz|Q
zTNFV%-BqQ8Jcp)<cspH|u-<Yrx{JLI%n#1xKp>&_ZSCoU)A{mqx=a56d3xs@-WIsR
z-U9FYTA^JK$a?JfgP~zi|HQ__MKe(+omhmaUai0593sY&Km46k>yO8CrEX~@Lj=gh
zYtb6Q^p*gvdzI;?xDcduyTPA4$ni41@;6*5tI)B^BgH;bkV~<@Dj-C#W}798&w6k(
ziC+V49oym117%dW7uP`@;TWRT6NCCQ47obNFatD49Wkn1`+J<g+++JdHLLa*IHJTV
zDzv?$G#2-W@9Q&;Bp~CfKN8BECr;y|KjPdv>od;n7aH=uFx+{;D_(e@6MjbFo?wcO
zg(~(fp$+aWa^dG)p2OXUeeJLnA9LWyw&Fkk4k2@5(UEP%9~S=Cx8eunP;W2HSw!6s
zVh--Zhi{5@ZM|7rvSA2xwqDxr>~XCVYiuK%%f0|yQf_f;FI0%t4G~ej-{}45H5VSj
z|6=|57}!@w)GEaCdC;2a#;E5%5OP9&fwUsTpZtJx>xn&xSMCRw_Igkg4<56Zb9;;W
ze~Pn3#s8p4qeX0d59ijOlzfxvWBREJ+;duvbDEHulgIk!pv=bjUP0Ez==F+@y>S{l
z2hKh#$UM0v`^mQo>?f1r$(IV;io%L7O;I=`D)xIq#tC(2v7=sFSMir46;9ua)}zR&
zw7J%UoZ_Kw&Qk;I*qzd7*9aP0BnD#^{(7upubWx^-dG6BLl?2J9R1E0RUpgt925)1
z77}|5tpBjR%z2D+Yrk?hs?$fmLGZLHU%k-G4A`2{74Q51vJGb&9e&*sT6x_O+i=dz
zZ^K#iILH<^=Qo>GelfWz+i8`mvfVqfvmBpRJi!bI0;KVRH#xVCJqajP>~fJaXmf2L
z;_aoMa-KTYzR^E(WAJ}4n)=XwnKur@FOy|4b$Ml`YjfWw;j7&y?kwm3&(7`B`TxMV
zhvM36`+reikITtp#!G+_2Gik>fI+JjFbcC}AF0PH(=%6Q;FYMnVrcaWA!tTJfADvI
z1p*Y1fuPNw2wfUU#PJH7CET&P5q#||d<}*mUb`A!LtL?6Tbb_t+Wtlq*X-9$!`G%~
zy>?~JYa8&j8TM-*!U0_{tITV2T(7wVBlnuSykNFt%<tPKT@Mg-a+)1=Ql~%CAp{|7
z6X$gXe22Uo)c3)tuhmGYw<27jZ;p1KM&oORWd3m(A$9sYA^j8Dyhlrq44<H-M}>##
zo3-?5A^lZV-%sPq#Dg2l2>H{<=p1EaBqG%MRKGus5~^_IJ3<Y{M<YKJif}L2=LoH<
zYId#Oo@K0gRo{%S%sSutK^bm{`sS1=s48+aZJtqB8+|{mZ?27|S6X4gJ>~PMGAX?K
zecNdB=4khNW<DbjAZP+mnF*XeJW7TK`n2w<*?v{;2&^Wu`w)F}J-w&GOGqf5hzz$r
zES15MCtLdqWSr#Dbz+}VqubMJv~wkm?I>_OLgDdR_to>~Yu)ENk$MVk-dtx+Xi>G!
z3uX@t2p(Kd2&u=O<{d?d);%I}oD~+@bJzLITn>a0*W~NbuJz$b5N5ao=mu_w&liBZ
zskgs))>Lb3sc7)d`J=S%YiMjF{JJhRLhBxpIztHQsUbp!iVU-b^2o_n2|RQcjqwuk
zrNJIT?Bfzb{PAt!Z!-f3BwABO<Bwp_S3UeDK@+f?#)g2Y(5#2}YM_H;@h=h8ioqVf
zwjMeBm4NGOfl`L2lgCyn#5x!EQ6P)4Kn*ljj}6Yi2F0~x^DnT$=2B>I2DSvmW5&e-
zTONF=5npP851`)Uo$}o~;a#M6N#=+Z5>@2nv!^0wnH((}8I1!#L;N!<aU4x@M*a%L
znXa6t85ggozT<3+tdNZbW;Ann-tLoUJ|Z<z9IkvzVLCW`Hj*m2LD{2_-J5Y3j8QEH
z@;p_D(=2u(ThbDRY%DO~nFH+}pL<w}d?k(!9Ba1&XY`*!N|Lr?yYxDL3%t(K;e3|%
zZl{zK;)`W|OhE59lr|IFLuF1?n7&+mU95=K|2vPs8E9|-0&fE!eqVtNTBkx6t=rGJ
z6G^ZdL;T{u-Osr-rC5fbpJtm3Y_7WW#VoFRYOw=6+PvAExlc<UEA&zU!$k&UFBDdt
zNJ!wOflWbWJ>TJvZ=<nxFvJ}@X1UnS?k<gXmD1S8V(Dw=>zRJ+m+5B@7{ykp*NKrn
z)`^k!BC89ZWNr1@;l`W1pueM39)I2|qoYr=;bg<X*pLN><BNcE*g+<^FCx|nN|<>n
zGm${dXOKXaBYi!Hum3G$hr#G-dcPO4_{x~E9Do@+#RFM=7~T|}qm<EjKToDFq!sbi
zdWdAWh4IWB7t<J?POj)Dh!yz&j&G$szD67$($#WcBFld+=|6XTkM|ni_w4bRX?uKE
z;P{#{;}c&ulCps29qM7236cpFZ(~jXw^7WrMB1wN*vg_!m$BCsN0*GBmUg`GX|S`)
zAaNQmm0f0N1%U*#BEIG$rz3v^j;LUUi5z)qAsf3~fO}>QGZFmeGk6OwCnv8!XciW_
zI1XL>2X`a&N<be7y<s=ev_sfZc;UpMZy^H7i0DyDUR-$JiLJ-#5pq+t!vo*#u_5?I
zPc{TwdwN5#DKqz`KEU&N9$~FT5OW>E@QO>o9@~2!8Jxj~tMa22_YUoaRr?F?ndHVQ
z0GkR4XK><Jt>AWpF`6T8<8pixoI}<Z;-(%ttc`)?;9xW}_h=vB`SKpI)*Ns-f&cy=
zn30$s+EvDu(0e!h2j%YkhTTDZ8+J1q&Iq^WbE0k5wWBoRVCx;;B3(_b@hds!5J?u_
z7B0&;N#v%Ue1BPHK)rM%DPSc3;(DZ)(j<9avT>QqesLI~6BQ32S&mflgic`fu-aNN
z&pd{WVUJ)fqAROuWqlQ`WEDb*K}W?CyX_!K+u~B>8ax216~q(b0>OJr4+(<A(nEsa
zk)@!+yR>_ZlR0Cz%gcAp$Ub%B^F|&@Hy-Xph%$36)FGSu5a-sDAG<pE>xe!(NR3cP
z>Jj@y1Y}{ar(JnaXRd{Hl1XkLgj;7RSu&Zt9lqR6fg@ZLxU08l7HUMonbw$xYQD(L
zR7CP~b81JlyKLsk=G1l3?&D`3V^000`0THB-4HI-x<=wD?y|i?Hg?*IncrY$!xCmj
z8ksq5Me?+tf(@w7wLg>sLWUacV9nlp1dK^aew@<y?E;ujr8CIauq1i!PdN7_WEc*7
z5t56KCujWxWNMIUzJuSvdwLDNAe|}y`bgYqSi;6OG}73rOw=FvrMH2s+&li@MO<3M
z9cYx9qc1pJA<4_Vc&_6n#8`Q2n7B1o-nu1Yt2PS<obI@zcO%^nlU83k444nCRG3*<
zbb1D9gZiF;{%S9awb$+AUOP0aQR(B}o_2iP<aC8t4|p=B>j|EWY5gLPZCXE0z-O#S
z%F7uS+xJ!@SLrHrWx6<7nx$G-DUCmI@Jz$=axx81&&f1AI!~ryCb=+juQQ&vo^#lM
zASl7Mtm_I1aVl)OLXWizog^+0GOZL!7s&L{YiV<Ra9lF;8Q@-n>d|BAEwrO(N6~mh
z`KqF5nH}PL(2)Vtyz3Gi+4sB$b7mH}T61rE63g<sG*P$4y$;O;I`}FwRF;qdTh_U@
zMWuhn@c;K77g7#8H47=TLtkCEX`Ff}{#@j4cJZl)ML_qQst{{+kBbXG_N*IeVuK5^
zQjH6>uF}Z2zgh%dV%_HQ_vBk)9IQEQNpiMa<J)to@$F_=HPw?fg9>I2I`veA05yK9
zIFy<yfE44Za6j7I4mV?8IjNe?V879v1@&JmIA*9Jct}V9Rb^sXCVmrPa-EU`lQtO-
zH$mwY1n>)z8wBuUpp0otnDGqZ2NN5;pM!*$-of<c9awPyWJY~A)1LteT7RY<O}s*i
z6;i-DVzcD%smvS{t5PIaj*JE&-W+s$l|pFjVzG{=3UXuSpzEs?5*dV4$IL;OR4GId
z-`CwcLf0vWK_&X7a)0?mP^FxMO6M2BHhcPyGw!wHew?+_+EUJsJ6-hUe_Dp9y3w*!
z5LQ*>`@MMPSA%sr(3jSAT3Dsco3-wK^ggi%Xx-&BR;*+~C;q6|kq|U4)F(_X$K(C2
z-zwm4i*~IKpP0$XKT+#0pFPsa$v-Xi3otC70Quj*1}of=^FJp!+r(EgWg4IAPPkwH
zXIz5&iKMc#1=($(vB%&PhB6v|nMfnhV8>Wy!b{=n9n+Vc6n~}GRfebKgDvDn^uU+V
zxCLZ^GsCllGKP=W&dbe_uTnCC@k1^p{vndFe-tRT)v7ByNq)YSv_U)|E8RbKjvL`u
zpKw^)!b>L{T&`jUg!)=dpP?EZ`BDCf?l0VXZvGVgb8}MkhvuZ{56Df?mr41y$hvZ&
z7{oTtTeWJbSmMDDH!@>Fm5eo_6%#6YhdbVW{2{^}e{g)>?bc4c6LNC-*Uwi7GfLUm
zP)FoiwqV1X3L#llh*(u7;<Cb;<LFPRgfox_kHdlF3o>auP9fH8DE-_?$o*}ci@(Qr
z;Gg^Z7yT1$^>63A{iRI1;`7ayIRD_K%yT{Rd;ga?ziz{k_cQ+G?BBP&%(?OMmphk3
z{guChpC`WZ)xh#le_wlr^U<$xKJ}IVUZ4M0{=)xbm}swXe#VRVcfmXO=l=dh|3q7l
zzsUKGZJBn(=ZrSa?`g|Cw@iM2yp8jTTR5-!>yh>Ix3=ux#qFG**8b(r<xqc*wd3d0
z?OzQn5B2v#JLj*ob8fZ&_xk+5^4D+E|F-`VHgRsf$N57$IlscfKlk@9`X}1%U9W8g
zAw-YdizVA`JIg8Armd4X6t9Et3XVnB=DbP5*J*R!CgCgktTHlk0B+rABA-}`0p1hq
znOQgrZ<Wvr2v(z&6RVhk0c-liYHLYBp1Kpx1OBM}nk=brV8k0%WZaI`a^X?11ulh(
zafURDEM19JFgeqoS_v80%{4D%^0{kcd~U6(cjxAFe;u#(%I6-a?dtUV+OfW>oy|SP
z99JT%=LXGsPf%ZqCG4h(uUNnCo9UnqLzzsQy(RuwV(x{0y+zgDMLAx@y0GD|<3$wZ
zRaw_{kg9F(^zD@?<hC>)G&Ss{-+4jZSdl3viO2S~6fhluqOCu`uy5MzJrCv0#N5&P
zdToc4H*vzJi7Qgx#K~5Qe%r^p#La-xE;|btwG~pHRA~i~@?=(Cg+I!4|MSjS1^y?4
z=2KNlPJN|e%ru~opFI8Cd`c#xCGVVvddc^(Pz9De>~Dnb)k_W@1!zZLRzeJ5y*pjj
z`WlqhsRtBae9{5VgXW_M$jFmHa}5?I)UaA%d^!XY{SJo*xou33--^+Jsad`1W4VL2
z4_yVrfeX|+ielKO#;~+w57Q0t)u`>!A?hujpo?epxXWME4YlQC?@%}=S6mUq0#_ud
z1dQUqSU;ih8!&EUI($5HE1b;G9n`JlF%6)`9ThN&=@r|o^ITOgm{ES^sEkBEfGyat
zf@Deb$xA=V)HinOU$O-sE*9vk??v8n^eCIRZ1*K3cM12Gv5%3{trQ%*Yt%zcSvJOy
zH4L2K$d{0iF*s6Ukc^Q;4A(<T91h`+x?>}+gV@L`7}5$ergk!YT9XWsY;+=uXO&|_
zF`TynoGaAC^eOesEDz(Y5`p8uwFKHvthOG6BBN>6lFkl{Of%&TcVOh)?dU#JlX&=!
z+9_Eo8>>wh=sz@Qu7Tg?(&<PAR|5K{lc_slX+{Q&Vs{O+D-yJ_wgL~$uEMxT0n+iD
z^ZAi-d-1G`6he4HhkI@}qs>&aK$aatETLtG5*rvwT=~WA51%l}sSH-ZbcljR-Z9<b
z9gTufAgKH=Bk26k+jMz&jH5fL-ieIkV<=cujEsZU>DA7GD#NBFve`xlvW@8(wlTxa
zHkeT!JkzFy?UDX$!G^_nPBGBIln)Mu|7SY*&x}RRc6tMBr&r1Cv`KEK4pJ8Wv&`8}
zB~tpE<aYW_*}=9`U&4ZvNG<UuMv!CfN4z~udAn}NgW7LZ@@}@sl$`x`dTxaIe+fGT
zO#^af;ROl+fEseG`ofN(ePYLHb8O4i5nu+mzy+sX;>L-Z;TfDbE*mFgrrT|4&XXgO
zge=J?e<6<K<%;_b!4=;)G*@iOka(k;D}EQa;!RmxaXFf0)ZU4(<yVy0yix9{0u$w)
z3LNsACHXnz<DMhnkd2Z<Hf4v5<M}OZ7)X8BELi#kL{X3N5K^Z{o`)jCP6e<wc)`Wx
zvOtiH$A&~UsN~If8`HIwUpgws6E1JV)iS_SgF43zZ9((q4to)F{|divZ_xZ<B2|j@
zOjZ7BCXM6JPW36U^q~&vRBxL(EU14R)ZZ5vzj-Eh>{Z;UA+h#3Q}GR`1dms3hkD0i
zC2wX4jepy1I$nekq*&1QcfA5euXjf!jB=t9B9BYa-R==bZTBiA_pj&?>qPE~3P>dH
zxE)*+Iiig}zSo%cJdOFGBx3_z^cjI#U1s@W0mPfU3z*Wzg+SANG+mYeCWQook{58U
z;UFJtZ3A=}IOA`$c`Bf~RA>AvfOg_@;FlmD|6*qN6Eb=zzt}vqPqBI8EZ}c9WkhB>
zf+v4wQf>ebt(5UQJJWVrUHDAtVLA_;9tE89)S21gFL%!2-1?)8NOU`RUx!1Bk7j1!
z#$rV<l{du)t!tB9CQI~kcDa{|ahG!d<YF$hY0l{>WI>wq-|>V0iD%r;9nL$4`<Jh+
zgSG#8`|hisFLN%RXDt7#{&UU)W(z(XtYl=ajFk0#kg{%;)gCG`)gFl3{V`LqWi2cW
z1&Ao~hyWLVh!2!}N^b+E_$i&AZNj*_f1b(*cCnwfTj+d$BWv|H5x6=(bE<2rUoak-
zD)jRoxOTW*kY1FvyJaU9eIK80gr}dwr<*cQugrdWJU$(Trwx31N#^Or_S4ytpgrGP
z==^-LplxMAS&+9g-N3T_YmnuBIX=r`7H^LX&eVVZ8SZ8;_ahL{YJ$0?jy6}RTF*$P
zFTav=9xhY0o-=7Y31=C7q(*zrROzw}IWj=@z`vpq-?&_c$m59pi~lv*tQ*O3U-$cV
zM!QStq6eWceKn20NL+zm#}^=G-a>DK1rUf=>&U@?n}Z4zVx8zAL^Xp$JEC2sv%jlG
zd#Y)Chr6N89tXvzXHeYL%&Q&;#XS<eCm^%E=_ny<`5%_W7YU8;R0y#)2@S&kFp-Cr
zJ2zX!&EG2k<vapJbM<PpyzQNPuD(y(CBvS$bb9X7cFC|OE}fq5clx$0NV~$Gw3ZI0
zbg25v7Rl}9zqF+HEyX3BTn0<3Y8yIebA{GDGF+&2pBZWJwMV<pq{~{qDj3w6-cpsf
zF{MMSj2NDTe`HGP9JwmarJB?b+(;q%_)~hD&A;SsdQYkAc!j5biZlCRDa=g9W0Y!L
zRWyD#ITCn}&w=-uIq*I%-!TCo|2j~o@raNvufZS<8vjrzPHUB+grtgafYGk?;S(}Z
z7bj@l<+H0*`sm+gecgJ&KKkGkt6ByNL<YLT{9{mF=#<(cn3q3iUT5dbYe*l*AM`r^
z0OvQxEmEKJ6BMb3h)E}*md0kSyWhN1wC?ioOgY6N7>E)Xi9sll(^FT*x8Ql2T6bA^
zN@}1jgJnV=!lNB#upvzj&J5n_Cd6tx!1<rnJ0(|7aAH4xvP9NGFSb!66aEp<y2`?L
zK<LLi_L&IZag_+q>?m6c|2{|&m?%xwpnl2Nk6+|D5MhaPAi~1l2O`V?Ak56$%^mHx
z(ETk=H#P-+DUlb&%rLLySq125g(4Gn{qddQqcLgO*B(#MOWNv`clFQ;2huWrO|o_G
zP-aF}FmqaznI>eY>F*@>osF?;+Y4RfoY5#t?#G2_DFhxY)JMa=VyuS2-^Y6G<!Mp`
z4O6YFDqI$Cr?CSCg!mHv_}<9z%xGwgURXw#xA@~b>GJg@n@T!pECq$6K4xa5gPGIX
zm>Fsen*OGs8Csb<?PlzB64WedXk>ar6Eh+!+3<97+#9{$iv~^qlAsw{oJ@Ti-|LU>
zMVS#<%=CsO;yv#h_E4i;Rdm_<XjiGAn%a`r>uB@)sZx3h$&mUf8B!NSF?+NVV0ET-
zqAd6ksj@0<av$W5vD#1M`6tYn*1@#(s4SoC8g%m4H{n2UcHkFlpF5W}x4V_wi`~lY
z*D}iOcQG!W=BT7-Zu$~$^`W0{b>|T5x)+(rI>?GEaFEDdK>08DOzdu`JmPP{q&WY|
zna44+p^=%9CT31snY{N~_}C={HdG|V*FwM-QDnf^x1E5mkBDp#wD3?9WDga4SZgB9
zIY&bGWQw)KHoF45PIdyj1}bi1r*W@hr!+{AG)a&&<wEQ5Zl%J^@JFLHgvP6()R4ae
z({)2_Gf#9QhJGW0Ac$4eI^@JUHj*l9Pmk2<U6bX-sp9|{FU=1IF2Ddwm4|UL`lI$+
z=*IH*Diq?mg>G&8l+H(Qr-CM{KG}%=PA^W9Z2AV4b9-k$=hiZXkUFE`VO8TiJe`>h
z2|?cWBposzCntM@V%O^OH>ny|A|vH1QP(R-;idAG5%@|}s2IRz=(2=6=|_B4K)5WC
zSyuK&G(3(~Ev5AxV(6SmJXv%_mPs+OidHBAgp73_*zip<6Ig5W>hZzwL_=e8$qkNw
z!PdeA2TIPlp)d1F-(Ja`a+1FwZm(p<<ydPgk;72k9Jag)tt{1jSXokjmp$tJ>z&AA
ze}c98JLFg!lP|mOWY6Ny*Gn7L;Ou}q$2tSSxNqOWdFsu+&u>Hhd0$`l=wjvI_UK)Q
zv`3q@S*``FEuFDSe;=&UH)mU=Vd2p#-H~=#rCUC+%|>utTBUK<1grG(_&`anuzTfk
zhijJ>R8`G0B~5C1?~*2N1t06UwE`YXH6IDI)gQIhe&+;o)XAT?)}`-XHuw<w{$1B*
z%Edwbk-?6S+Esrfr`ky!zBa>t?Zaa+sKQlzB<G!qYh4FztU0#NgElh8g4$ljg6cfR
zg1!vyzAvf_G4m-jqDNLS^C=urq$y}Z#0OJ02hHE%(Z(<WUwfUtHpqp5#_94Fv!AZD
zoT{56ph`k#!R$fK;XO~pk<`~6WABVLBw+XnZ7vB96mnG6v4jM)3lzF&DV*M`b&U)k
zt#yrx?0`}zJEL<vqay!I^@B1guSe&2Mn*bZB~hek8$Ltps+#?5PGyhBtg_><6iVbl
zix0-)Ly`OK0z;9w^}*nb|J~WoKaJt2OOGM;XtPVO7|)2=hc6JlUZrnh>s-CQF>A7=
zmJ@Qz60vdNlaX_*QRO-3mF1ovS6c2qKQ6wP#+X9L>NCKwaR!ZFh<o}OG(K8!Hc;GV
zPr^M#?z2O##u=!CdhfGmFe9{z8I^ceg97`w;bZ0`@e8>z59s{^Mgys%&Bf1sMJG4-
z;lzfZF>O^qAHcMY9%f8yV)|K3OQZvO(FEE&kbZvEBA~R1F09`k<%Z|#QwbqsHqqFx
zj}pL*To~=THgdkKHnX7nT_{OFT{#M;D)tc~K7|nL>dNf%4w(_@VA{q)eG?lSX`6Xk
z)(ZUcN{RVL+c;D~n>WR_%)Q$!1Ao&k0}so{z%x+N3XweGte<=ZH<{sI#W>O^hh3Ss
z1@t28)-pSNBT@}DaK4_Y92hy-np}bT4Y3O<WWLAf3PDhKewsi$6ouPn4#|Sff-4X@
zzZzgeM=U~%me{9t-bNQK97Kq^22ku-#qZn6%<?w|xtvDXC|zp(TFDhB@5{M%s&!}1
zwQpFr<Xj`xH*>D-$o?74{<+es%6Vgb_RqL=fE-z)Pr&(;>Y5TE<v*J9^0n5J<Pd!}
zT6)eS#i=>j7fMp!$-Zzx>hkOh{Zjty3uUQuvM-dUPE*%-(TtfIl6~)}TWoq!pH}=n
z?)Po`LM$kdmj#`jmj#`ap9M+$JR(jsA%_!H=WwEv^PT{iIS&-Ml0UYS#w&^m366Pl
z)`d)eC#e6E>5sI*X^yFo{+VBYKcx4B^mmfqo5y)b-yhO<`St&V^nVBRe=q}{gfvtN
zHi#Ifu|Ih5OrC(Y-vhEhfKL1?ZT6Y-I#zXX&TFH*Y-W`?Z{4bP{8cn_fI07%tDca*
zsP?ByLX_Pww%0&kyj`g?Cv~h7Z>!PHvYDsWnUmJ7Ysa5OGmow_C;f8W6Zo@`F1o#v
zke2OUWw+9)b$e*+$JmJHh#DE;ZlnNx$F%wOf+K2VSB0w)FY48_`F8ISHS%kBBZV}!
z2IQ>U3y-Lg>)eeLh3}-zw-+5z11Gv0C=QRI&4FU`_KwxKq-n9Fx361`OPUr-diyU|
z<C3Ne>7sv9e7jBQ7>_6Y|C|z{w=8&<baK9+3s3rwQ$n=P`FH$iJe;&&rnj_MMbVZ-
zYKnV@(ASTLgZ0bg!TOb{A@Vr=O7TKJ`(*rS9e7}Vq+_vcDbEc&Uf;d_01|&zKmdW&
zRajJR!kd87#xX%-T2sI{D`<pP1&lGwoU8<NMevJ&?qTKx9?*;GXmhDQ)-D8;O~4&i
z^%77v0e4u{OF((I)9*{Dxaq2NSt8J~-4j$=#1;vp@ZAETEKT+V4gacuPMA4Kd~JfS
z6VlkP@}-JLL8V>vu4?-|H1>f9x-ZCdUy$kkz*pOS0gZhhyZ2_g_h!29`D(lO(%6S!
zHke$P>Ao=2{r<1E`$BXDFmrNIru(8y_uXG@_eC`JZ_v{x7iYRJ&UD}P)plPTp2f7*
z5)caY8m4V5!KjjIrVEL#GoTlJIZ<Aszf^I+C<6bH)~V2ickJQZTDXVvfYIOY<1F4D
zInJ@hUNsxHzS~M1&1?+loitWj3YsK|oRo9k`Dya4F`2i_sr$6<W9cHSyf=DGxsWdV
z{fsG}@OOn)8^d!RLaP`@0fj38-rrSlVnR;AiRzq!6DQ{uoXGZHbp&+35VozR0z#HZ
zUG`YJKFGvOZMhn!w%n+!+HzH1RG(eO=yUIoCe~s?{Ba(h3wA^-(>4c-C5n%kgPFM&
zOd4h+n*3x6zEoN4(s;2(+kYSrxs1l%v+dJUoZ@jEwwV&8y{NSej2Di6)UbpZkrhmD
zXk^3F$s1q5@?x1{idS;GtQ{6}oQ~rYmy_4aA<Zkw8PfL@Iivx0y|`6Qy*RF9I+3-%
zxGcNnCmulKRyjKVs!!={;70ptHw2`B-lHYb*2$SFEwP`uip5QJip5RtRV?m2r%;!z
zTt(&X7R{%59qvu*Hl<gkpAlJ=e#TrR>rWOsK#H}~#S!PNdL^JwBUxpB`cU=!K5l)Z
z_j>-tl{KDlITzRg8xR*9$Ogoy1HAxYPR~@BoGyz{_L}kMdL(rP7JFNZZUbk`sq^wL
zKlhW=P<-XbvOe4q;K=^Md7T*?0f4FNoC<Ki+0VIU?&sXC+xJ;g>aHAI$tn!h8y&vD
zO{)mJs66~bnU)@{DGQnnZK#JgBxqb$96tyarkw-K^i1$xb~6*)2tm^yP5y`>s{Px8
zCBiTf1~`h|5Eb;jU^O8?I&M{;nV}^?)88008&-t$uH+fAncsLMgU}lqtu*8(^=Dd_
zXZDFN6i80?gWK`ZdqBDA5A!n`Rx#r|W?rr^{aDb{xQCf@c|gB_HdmnJ7~3+pR@FDF
z+PjVz*kxy=iK~tn*d;U4b_gjD_a<8iyvQ6#1m#Si&0c~lJsz3Qdx9T!meJS`1Q+To
zr}0k-A<;Vp^MPZLw2cK!M{{b<x!z1`IUvI!;KWi48fJQjHL#2GfZl^Zha)RZnLGs+
z>Ey?g<j#i+hT-G*guY7vJA1i;=322d0^-leH_>E>tk!tuN<3^HXkd6c`Qoa~s_G5V
z)NSLD=og5IgZZZ-dZ!YNl+or1u=j*#K*5zR>zdA94!?mxy*t_H$4(PD28b$q4A^<l
zTze(tS)C__altBd32B`LbYZi_xwX;aJbI@Rk1PS*{2+i$J8>qS7i5m!xq53a$z-Uw
zk|mi8fZV|G*@DR)vG!tF8un!cJL`3Mol7vG<PYjxHTAMx84|R~fa?*rYXb_ujHv6&
z3nhb2w!ZBIom6LnPHHnjCwt!}#G0L7a`~d+8on(W*!)3~QQBnLEPFB?X>>|%PjlW1
zzob*L8l93@8$^y(7I;M7`YD|cMU~OLBt4G)1n7r4*87Lzk8mF0CXc>62~8o$yCxhG
z<gZUS2*{tCaOCdG)BTxJk6G@^3hBPQh2DlfwP7%5It&itqr)B{eU^DFcDd#XFWGj8
zWnQ|C5NnA$Hu1zmy;8G{kkoYN`5(VUoS?{RS5TzujfHO!k{Xq%^YYdqdUzHeC~>W;
z%V+pPkE_%p6bigAz`0d^fb%71eZcv{{Hyt!B-_6FbM*0}4>-T)D;!(Czn{te+T>>{
zPyZ*S`hI_y>)tr|{e~3hGhEjfq&WX+>fqyewAcNo<!`Z8FQz!}kiS0>-}i7n|5MI?
zxex!`-@oXeXgjaJy*_}E>e{;AAzh=ti}bl1$aY$VjIpkx&BIhP)Di6}rHfFx#$XUV
z)ZzDW_4zV5?m5f9123wy`IU+0z;$)zxT&hv+L39fjA}cf;MB`B_OBxf?5xXCna|2m
znXCE;fON+{+Qkdw?KFOwI|j1)Rt#H$%A1CpRV21ZLay*25kri!py0uOC4D4CrkG#9
z07EV6oQ7u0hM4KE!0eJ*N$#St-)wQ%K}WCL6JLU98%kUooV3Sh$5Ut@)&%r7RQ*3p
z-=CGm_RKh!&;RHGIJ>S+zxnx~-mntf|5~Dg>Hao)MFPqm<p%v7{T;-Rw>?=H60I3R
z<I9xZNl!uj6UJKvny8D5@`jALnqGAaHoZUy(B{n@LGy=gGMGP;sMZuTBZ*s<U<_E_
ziD@IlrCQewG=90An5MOWghlW9HIb)Oz8};-NS-rJ9vR`uMB7n)UawrTzQXNp|I)+l
zT>1P*5_b2IJM3--hDgHxZ=E9~?S|)}xaDSuUh#;J?DVG`bRMvo9IRx<J7CusLgPrQ
zZty-pP=}H5-Fm)MS%@o|@s7iR?Tue?C}SV6OwDzPtgnv&sZ!fe<DxhL&G4l{&WhFy
zi4;ZWC?uSr>^-j?jIvk1=1_K1FUn4tQgmC%bOrgv!oK3Av=3`SdTT&`S=C?HBToum
z9&Znq2lZXag-;5ielb<x_kDz<pFq-IT?3@Qip3M*%Yu4CW1Sw^Drj9s)(E;{dMJTO
ztU<G3RkpugD3AUG8{Qcllbn5aQ0L5yv<aE+lNzzak$*UFTb2ApO&+)fv;&@*#{~F>
zklDaxZs_XY5fW4y+8jnx>0t41A>uRq$1Ktxzr9e#%lA%BJzesElOzuqWKMlY>%NXI
znyA3(7Y_uLZoY#Vp*D%D33^W};_51UCTG+jvYv%?UYtx-sy}kLr;#klm-pEw(Xg%W
z)X>lMNOt{?zMt-$HkBO$72q#|A?67;4;g`RhVf;BhYS<yL&KAV#u5dDXf0c{E+1X=
zG#*t7(KsHgQhLwBPNc8lZ<Fy0iJ61lKwf_?0{ImPc7+ju=Q}&TC!ll$aer2Ygm5K>
zM|oxsax5G_o{sGp&<@NzI_7j5|FcJcKvm3oz>CvpbBDHmoz{IiUG#w1vtGE65OSeY
zC0m2X10IP+r_tt5w2kYu^yzfbt>W=@uE+OL?J^G`=8ScEYi(kex6Yirq&Au^s-?~Q
zRNCB0C+r({Bb~U<RM(kv+v`mAiD=i2w0V<Cn>*-)&Ev#_t#so0TC&?8-x)qZZ;8H}
zh;~K8H(C{*?D!b<d8vj^qRnl9dFu17ayiw2f9mtDdO0U)?{=!sd%@6%xcHbS6Q9)^
ze^7igRmHB^V=Tq`3KPVYtRhB;F6NAb6fsis7BM<AZxN$G`HC1V$*N*BHB-gto0%#`
z^*L3HF3MNMXmq|RMpb#M7`fmbG`;6Zgp=iqFfC+#fvoAow8Q}?X0YFR(v?B=OAm0~
z+nqsU<K<PiOM}MFIKX+XTf?e2z`5byiqcf1iJ9Y1+(bxf05iv5wTTedt$2c&g|D>3
zHvXITLv7>wT_v=l2=|yts7hYn&3P#PQFss-vW-xqz1LWmz`>h+5pDU|vH*3r-~?O6
zMmGtEQI#`{{5#*7?Rj@T>t-+{j}NpHVh!MsSA9)4=garwpZLB(e&+jIzCZW(;r#V}
zzxTEO#ozzBZ#VzxEpH4C=&v#T(}134<|4TtcQ9iSiiB##r}VZ(GBsHVn%}Dse1@45
zN`$f@*!$hR;y2v}cknPQ1k!V5B?MX*I#~%Sy=`GuT0(F;k!cAkoqykU*f18Zw1rVa
ztqACo#h4Uvzc`@1fYQauw`BP@gZjSYL>cXQegPrIQStWh=>g+sqT?}}>3y%mNMUHH
z6MBt*Ar>NoXK8bFZ8Tj)<8jze7vgriKA^+hfN`HxW&`?tUuIV5LPvj{AXHU2q}bj+
z#%!&l7w@Qzrb{DdSkxl}Xh*s3tMrnsavHR`TGhAK(&pC}bVF86h1Ojbo}hJ?hsRru
z3L#5+pWS6Bj(;`kB+J~Pxc#fQLdEkJ+zCGd;9F#HXS*V?KrkF*T7r%B%pAy!hPI&o
z@8lz+@S#T(2h^FApG(1ixmqyOu5vtU3jLSAIly^u#M0p9?6jX>9ROr^!^3venJ!0N
zljEp+yqBZyXO5%pJ}Gepj1ag91Nt-~l#PWe93}2^KVp4^r$fbQ{PezOX0`Tk4m>>G
z9+_LGpQai=t5*myFH&%kU!LcUx6i*p>+--;G}xvem8w@;i=@Uf`bD8JOtSg5N-HM;
z;|}PP1mnIQZ`;NQal1<1u1*!Jtwpk4o3>%FOW1e#2XK#C7UwiJqeSqEPg#5~jeWla
zj$sF7V`9D7D`@4!YOyQO%83=UvVgTtoDPTz{v&N&4-jyXs$D?B6?J+i(>BzK{-8J2
zSO|qtw9aGcqCq9FF`ZxP3VKzw7pftZq(Y$Jx*HI?QsA*)2zesn_qJj}v>JuRM;8&I
zwnCeVT?nWk-$3nA+PV*`X8IIHD{95v8u?i-uTM8>OZ15)YU{#knZXg@3x_Gr7<}zo
zjfXC4QT6+JP~xZ$=y1n63Vc=jnEp=?JW?h2!?(o^2J1H^gk;b3Z`b2Ym0mObq=*os
zL~BWFUEbM40>*t&Fx^b;3Fto)UyVSIs^2H(Z~d(h=+^GqqQ$*CnISuQxG1}mdy8z4
zK!LF;tONzWJLK;K%DGxiQRF&iFeV?Z5s&7=No`%&W4o?0z!BR^6*JlHfPUX9F!#*a
z9W>^2CI^3A0F5UrzAlJop|}?qvv8$CNTfrquIDgU*NbOA3uLVUmz+M4$)Yj!vS`fo
zI{l^+l%=L0$XYGf&aA&@!?BMg95|>qbO&6A(7m8A8@i(k1>E}6cmmWdfL(`#UE*+I
zCp!4kwVeBX(8vGl0Z2K0EbHOiAX;Z7U9_l>kmtyR0zw~cq1xO+hd|22<ir>bJ-L0y
z_MY76YjJWndb1}t)hi}fN#nsUIJvFYIFoDLpFO!}_dAoj*efRIk&~<SI+N=sCikA_
za3=S`@x3Q^<uy3DSb;M+2+B&(*jUkbiPlv~7Y!&NWHnjrA#lux_Y2Hdj=55d`5T_z
zquC?{oxPr%(fnRW^);1|%Z~)Icgpr=bZ3KgdN)k1-K%v`8o%G;jB9`x*CM6&xXzO8
zT<^(7fr~S5(!-=uK*i6<;jGq&C)!W-x-n}=?*abgDjeWiC3}Fs&wzZO==e!z2XL{s
z)*>(NvM;W~ZB%d(xrh2Y#2#wh4DI&Kfe&ZqaPq(0b$abW^~|WP7W~QD*vYvIuX~Rb
zHrnLUp^&K;zHQ^-^c*y2Rks!t0e1`~Xyud|^gT~u@^`)bJ)KrgEMfY@!K`&+6&`mr
zahT%l@2LX6k4ss?I=K@tN<bkncHtbsuTKw|kHc^CXLI1=g&BZ`?<XgI4a|gpk%z*0
z13EwwkLyoemwaj|A*sUT+e@J?>BfCIO%Lz0>E!9S@ZXk4hh;TCfMgKJ*Pew!^~k9Y
zuM<sn!qa&=>6eYmu#u#$IPA91kZnJjukEtzwtel%6@u^St=6yha{k(0&X?}vym24r
z&+X$}tVw@?KV6)k&N;uli}RbhIKR7#^Rv4-ukGgis&39J_H%yHe$LO`k9zyHJ)FPL
z!}&`+obT-6{6G)qzu4Qm9=P`5997>cy^^i|Rd)5o;r@iSPLd+i-$@o-juR5vQPB9E
z<YA%sM>O__0z&-poitV>$kOl=lL_I5-s6*uPJhR@S1eWX##6AW1y&r;q8PY<pbVOi
zA{{QBgYgSCDBnI!1`Em)xCAJfZXhVVP<KnvRUr;srIkg3$m>Cv7XMWP&5Qpk0<Du!
zvPB78r4=D@<Kmit;ja$plbCa*US63l-YW^TP8y8wO{&UJj`fVt?Uvw?D>A5O7*toa
z`F22iu|BB(4(mt1lU#op&ZNQPzz_iVLl44D>nsZYN$d2`_|Khb9eZTc@}PomPsR@q
zi0Lt$OohJ&n#mb7Gc>m#tQ)o*%yhURr@USPu=xesii(aPTi6V>F*CA?nbQ(to_C&v
z%luO)x$Q!tmP-);)o{YkqX>YVG*$&$)3~99H2yb|gBrtv=9+w{kxsS@krhc4SrIHR
zW)uKS>V`6?WI!wGhJuiLgvi1S{}KUJI?Nvhpb8-rUS<&AK506GkoU|!Qz6hrv|!x_
zT%c}fwamwcK~%|-kSO9Zvv9(5((~sO=c&pR=cxwoPU2)JY>)tR;h5I&D5keEWB%^s
zZ%&prL?L}Yc(NUg)X>JX*4<2RXk%kKBY#UqPX?I`mAE-MB^+IKTvJ~gS5ZPl1Voe$
z5drCLq@|^6jF4_&G)xpkkd*Fj7!5L7x_fl@#;8$)0q=hAAG`Onox6L__j#Us&Uv2m
z1di6x&{)>Wq*v<$Zn+=#gymXG=43K!U>i0_zbY34!)EmJaIgxuFq2#z<RSmv+YkM@
z#pOP<<44gJBksCDkH3q~IdUF3&*^3K)XN`YUL6qxQ&72d9RIGUlyd^a$3kA^Y&5<%
zK53T9yXvGNKahjPeMcnUm44%?NZp?z6+9K12PXE5MRp9;LxTAAo(8Qb&hE$h*@<&V
zo5?AE0c|RjJGVSm+|yW#k@pjk)iI`Mdh<!?p6Tf~agj#aoR*n5qHQ92U%{9l{=f&a
zWh%*sM;(^C7$<x#X-*Me@w5Hk&$d^S)-;R%2*h8t(#n)O8{}(-#ej~b?=;iOA4)El
zJdBFX0Mfcb5}51<Xg?olJbk1HQPF}7QNSH8d*~k#4W89f5@+18ItRcW2U+?B5L7=q
z2B)ny>L2^gaUcE2Ub>s~PO+hHNc0kZ`8gu|l(gi%kg|N!C$>R?kHjAX^uly<+0Rt)
z8r8)~8u;YSUx~?GapIF4Dq5DU4bf9d;hj|}@q0xWb(w{5s_bPQEFWAVyAv%q_$3E$
z5@`Mv@kvbf4o_T45<Q1UZCSm`&u$EoV}{xN^5%u=W9{@uHwzUHX=VHu={G%XN~Qb{
zt$IODA2)ZN=a7|4Jhupq8>0?Qs0jp9r&7|2saG|$g07vh4rha=@&N&U`YOaecynE}
zTKHk6N--AQ-7>wk?6K_S|GH>*@c+H8<q>~tX3`O%q<FgS=l1ur(&eH72{qy8tyr&V
zn8iRxS>~(o-YrU>In<Vs_^r=Z2|mK;F2C<hoAYlH;>x~ogQc@fke4UfBw^p_3c2L=
zz>j~$lp@L!@`!5_CdWe5GoOi$Jf1yo4d!&osb=iRx1f}AeW4l}e=>-ZzWCD8X}=mk
zdg1wbm28|&_!ODD$8G&1;rBaHzCUSwW?!<%%FbB3;Ad$H#XrGSlGWGlj;t^uJmFbU
zmAx7{U6neOuwghMsUl4$qhXIkIt!hY!qW#Qk0V#(y08@zijlkGk9AY*FWXG17L_*n
za<0bobfod9nN)f(DhyxplE-h~%v?QG6ll9gJ(QUKHCRG)rYZBj=$A}(vEJW=Y3%%L
z{;ZB9;&-yJOzsSU+50s8KjL~`_~egiT5~uIv&G0AQ_L+^=KhlQ8prKE|Kr}}i)&yr
z_${5c&@oZB;88CPv#JZx9#tGMhXPH78HeW!JImg$zlKe#UTeMSM!^+aNWRwd;jX{`
z!$M4YVB1J<y_#rClrsdI6=Y8dsq&`y^MsGEPcWzn^Y`7^<{+{ORxhFd`=}rI=$hH*
zjf#9+mq95YqCl|A0MnN7C)CIRnj`TbzikzLc!`vIwK#5GA?@{r7EOFhP|Qa84RgZ5
zfAPM`E&gaVBf|KIHkxUbPu4-sFffE;NGSJ1`y(qfvsU80V~h^BM8gNE<b4IEaa~QN
z(Q=vak%X;Z^-1xwv>Q*p{+jhkZ*(*^>BmV#L$oN%9uq*MBJ*^`7T<fn2pO9x*mFd^
z?RyLr<5S*qY|eg{3rhT{^6}9eWDXvlZI|EYhpUuM1Api%ZW76CW(urmcs1X^Fz)&!
z^2yonlz<#l)0n3aNjq0*d-fpMCr(t1_~^gTC#{a29cKl9X!dZSV6%ic#cb^aC9&7f
zN^@V4>prySdH)d3m0!f!p=2#rU-GGtE2L7P^~DTLb6NoX3v5Vh4z+0MoK)7^fQ-%>
z)F)#VoGiJ7C5}?<guqqx{%6uLBKCT{`kr&|h#7EyfwGQjXhp)ESQX5loVPZd@4+R~
z%X}T+f$d|G1_BpNdtOR37tQzX<43k4JFv>cz+JU&XXk-})git!Kk;#wCy|Z*4A&Lu
zd*d$pT-Wt)Z}leSH}rZ#V!z@yEir8EUaQF5{XV@12b)~nTgkLthe;Bkp)Ai8`d5CC
zeEm6k2b$xT_{F&K6E)%CBdGSHKW+Lh@=NPlqVe-rbUK@JE_`yg>=d8z9I7|}Ma-O3
zh57n|{k>}cs9;^!3vYoj`Cu;w&r`MmhW*gDpXlT_%lhvtXl$G79<-DwA+BW2Xhp+&
zM?=2vkb5gUtO*Zisy+Sgtk+rkR<^3B!~U&ou~pPQWpw$Y+A2xADuHmqsEgPcq=L(^
z&R#Bm+bac+zXxt(-X?#?lmuNc6mEJ>^t(%^vhYpw$pJ-0^E~i7pW)l-9J2juH~A*x
zq(XXX5velQfAnw5l$7)))~mvg#CNK~gTIi|{L%G4;tAE|SJq?rt0Zt5k}B>w%_Ut)
zJk*lhJNB_s&FboqSRBaEdPuj((wb@fjU9NWJC4wAo><!cXq3Did*%!IK>a62UrmG*
zUWIZ|KmVfL_h4X(ZJ&{0w(?yh?}PQ%(Id}s&-a<yDwLE-?=e{_q!gV{@MDEYu3_as
zzMZx5{Pf;kY@B1D-x|KbK;`f12~uWac99*k^87Ee9}Na_3ZfhWXBwwZ$}n1roa_Vm
zZ;sAWPxb>w|CZn%O!Vyz>zT#t9#RJ-8cikzYHqt0eYkX~9v%}h9LPc6{q2;8Oxm+C
zCDGjdkqR(<P8D=v+QIB{`GAr+UE-@*mYf^tA+GxHEgi|@U`?ftSHc?>x<Fsx>d<8v
zMdHzZ`Zm=Zm0?D21;X>fs?rUOcywL%Fo69Uk^EV>F=ehOaLPQS*It-~=VK`OXh)@*
zhrv2OX5m+g<L?}9@2`y;qN;FbdD?fnzZ8F8Q<NFDb+kwIK54_XzMM;Vp@deI*j+*<
zzQGm?;SF^^TvX5~Ng#QQSI0>_L;I+<TF5^VW+=T`#<1f{6$uOpgph{x{+{q!iEgyZ
zpe+Tl1(%b32TWEfsT0sz-Ex(#b4?I-=UvOW*jwY8GB9b8@;XDLQO3)fe!tJ26T!uc
zkBH!6{>Xt4TK;>kScsV*tX=pkDIZntaKs1mow}ZZT0+;hZYDaO6Y;5RQ<~`_FfCpF
zw_Km+YuyCSy9=vR=|#!~C!>vOnp2x{uH}f_T+5FsmUpC(#NGX5$Hv#Vd^-o$y$Klu
z&G^3R)=j47*ft-4NeeCKE7KExi+%$z9&Qq0`shj7<2s76WD)58M`49#f*ZouNnW`F
zCjb5@8RY8m(Q4F3sp0w|njSh?KKXqVS;vQ?)^sBG_uKxDlk6A8B|RI)TLXFh)UGWR
zwotQcw5opjOqAH1XVs0<y>G9S_D!}WTgD-8!e~sP)~X<4EIXYhH>Ld^lRaV}rD_vV
zF7$MwQMa>-ogpOdi-su2*jv}<KjH*Z_^Sklv{Ycxlj$r{e<h0UJUt~IO4JEtx08JH
zM`fS%CA=^^DSvS-Ybi;n--%`=A)WSOZd{J~)=sgUOrFD&CBH%@6ycGIcNY0*KKHm@
z;N>b6gt*7YTY237rCRm^+m@Ny_a7O<!vgHFKLkF(K%4^$K5UPC+jG8MxpVUhkxS#g
znZ9IhCeH7)YTT7hEoyt%SpT!)?WuqbPJm~Ks^M4C)NA#wv7dN<F9SK>Yp#w(sIVEd
zWb`KD$08si8?aXC^jiC5H&)B*f^*fZp7Gj_-j*mqvq<(>?G(3JGeLji)o0|F>jhx~
z$%_K9hCtMd4V9|}fy103G7m#Sz9QdX+ZW@Dj}{KUPuC6m+KKIyIher*rE-J<YJp%i
zC-mPh0<YTr1hOk_dI5a!SJ7h8Z)&Yojh2pH>$&bfvmPduP4Da-EiI}xj9GV6bsSof
zn$ykYMso6+EV?~S%y^!n?cLwPkDLYS)n`0`8@XoKEkCJ+)ZRTdr!uBzf3b3;b1tOg
zq+h+-sFp|yz>A`Q@3H|dlB9?HXr1s9ntmXjc0aaV7GpbaCkd3UC!+~<8`b`ev(PLN
zxT>ghA7_iQ%6qB1=(hfN!T<8T#!ytC{ZJHRy~pnc#6Rey(7Uj*C#4N4OYM&FjaK?n
z^;Y_^MuYV<6tDzOygG{393H)``3K<7GeV&oVqG@4@ne`aj=8%p3)Iwd-D^F@3(XYQ
zD$S4l12WoJ`K=wc091p7P+^u}P7}uB2@C;4I-;@><0tLpv6=R0q5k(+4hLO4!8a~i
zgSUyYkqvFF3+(Lqp=akXFKL%n2W~!V0ITcz<kO(_Z}`3O>`q_IuH)aRW_@+Ar}u41
zHoO|cdl66|B}xU1yJ=TcDg}PsyJQgOJqrj@E@^b$cepowcGD=nTBGK{?HQ{HVO+&e
zby%ok#D8zRlltz;o9*Lq2cq_QzPYTCz&H%o#R@usTYkE+uWB=;Ys6EMsRx7o=Bmf~
zP3skq%d=JdHE=x~D$_A?3jkHts(kO&HlS7ck=W~)U#)^0PP8^*Z$^OogNA0TkC!N(
zblCWWqF=)I{h;dfBhY?6A7ypnz*B2Vm174czLPb4iRp&JK8rM<K$WKB#ce(0`>~sm
zzMXe5OqcpZ*81~cNmf`+>Mf18WaxY>;z!qIRpQ~Ji+{f<z<)ntEYG4VYkAW40*FOn
z6i1pqdbAbg6@U7WWeTy0bCn?9{oIk;PIDo%Z1#5MFT?C4!;UA!`55S)ZFNBrt|+>_
zB_z@=uNo+`XM&QpA3gZS)_;`7H#?&+)i;I-6+tB(Ta{sbF)^vI09o%i5Pagag$?MZ
zxw^S=-)m?Db@UVo@K_xVVhixN{6Opy-KdCbV96aC*NC4OT4Yq-o)BqB=hJiD^?+e_
zn4N&&m9V_>t4c61%6s#{>yrnpT>U2(Vl^i#TZb0G2NsFTJ!*4L3W|i0mZYcVjlebM
z_TOeVii=2!t%mlC{snNI7C*s6xazFEw0lW{p%N_Z_H?z|zgvurz8X%@d2j?ZF03Ii
zS8gSZ210>#Bo*Qjg3gFgCpmj98`{%#f{QN2l7*Je;NF1Ss?`hjs#S(t{Ay*kkScMP
z*OG$Y$LAvHzXQdE%~VUD!d*#;r|REm{h}b9D+ydMDY0M9`)5;PblKl8-_~mH0paD<
z%2U|&Rrslx--eyR0ugR9w#@GZw0vu6#lv6td+Ow8d1DX9Px|tg^Yh`i)g10o-+^td
zYRaVz>PO=ZE_B3VhCF{xx&Jo!VLV&j?Fk9IfPk(S`kH??GyD6^6ulG>h14kr=n=qk
z9!G{q1b36J@3T4Skyq6Edv3dLIRuX@8c*Ah`;PHPpAGhF1<8oLi8c(C?EI4JE-|45
z77%STEAW=|ga*X+vY$9~lEG5wNnG4Ywd9hO({N}j%CL74JwOWVIVB;I`6|n>+xz5>
zY~epi1w?0?C$BlWC0cTj3&>e9dZ!f#=)>-B!;*)sM5t@oIta6EFln4!t^Vg8ooHQi
zNZ|GRrEd)W#vb+AWPMfmyeKiZ7u!$yUyU!kbTkYYMc8{<c%+j?J~KCJKJW%GytFL#
zQ+q(2qg_51Lc*v$>+?&3Rru|YF9q0dV`Jh9*i#_1#dI=lR#-petnX93EI0x27XBJ~
zj`yv{8VSIAC9W-#P3}O*?Y?Bx^TzWV4AhyQx7jPlwEIP3%*fN{m}ZH{7BCyUw>*ss
zzAh)ttb0x<DK~1kTZ(eUWn{pY+^qKhF85J#Wx0GWs@TKOK@<FJ(10zcN2{FJVq#V_
z;P+}{?MyrASU@19RO+!Md7yY0-PmRyFJ_KS@+{zED+j0?z!c9ZIj_<myeIrUBg&5O
z{+FOjDc{U1T|~<_PPo3bk~B8Znjv5EEl-gB{Yn2c!uHZmW`1e0wAi=k>D@c2^U7$?
zETH0T1*p3HH<0c8D9kgfauO<m-8+I?d$r<57-_3rU{hfu4>nUoY+t}~?s&8XQC<&I
z4GLrsE!-yg_8Gg1*I{>SjORr&w!2Eu@&ZoSIkoA2?wtnw>|9upT8qZ%Fv>H@yyNxL
znob@kg}qM+FsDgb4cvI_`U6}|V*ig&?e0pQsZOilPR-ZWD&wxJVlH*HQ9D36%u|0t
z-iA=}$=Sn-3B~4O&!;a=ce4Mycq$P|#KkB_%n{qSQa9BD?x>z-gV!ocBg#_&<OWVc
zB)QR$qRU}5o86;LGn(+UL$}XMXOC_IJ)+j$pFeTci=b?69<Tk=t3c4|qFCwsc1M0O
z4<JNOqu4w<<xONAaQ}x>6v)sW?(H|jHL<AUbmIy7$P%;d1gb;p5l7rf&m069=G}i=
zsoi<73;&LjY$VyqWW@PvYVKaFqv@QZ-$j$c^|ikvJvV7obS874bc&HuT$BX+&o;_Q
zgX7^xw*usYkq5dNzD!g&97lfnG9;6iBC5~&JxQHtKU)&JyRM1Ma&vU7`LQj@20YMO
z0_uKohqDbdd20NMDvO$$^OHz7ZhvHXhEK`<Vv6KGg(5QAGa$nr_+vV_Ck9C>*4z=W
z@(23Oa$w2crdlU5DP#zHn7XQXV)16s7K8UB*q~7~48HiZCc4c3QwtHfAIX!7Z9L&<
zCz4X~nRA@)93CPCfuG~@suz)nnmMl150uTysx%!b{olyg?u;lp@WtII7hAL3+0_o1
z`z2Ms_byzxLv}<ozxUo%(S_$-1%w?iF_&-Oh(vpWBSN1R6JE8ipAgC98Fff~2hD}{
z&nX?DTRXnJJ#fJDlv9tr3Y`g=`LBed!=BeS)btGg++1SQxnLWlXX2mnI_d=O4C08Y
zBNIN>Y+2a942Tzbyw)Q<)V_57<(*s~(c;HVE)b#X*qdO-2Ls3+=TVNSCk#y>qADK4
zgTBb+^rE&(cxCCr%^QBtE<jHyFGbqQ-#@huPhr#rCuqA-cYT$%l-2+y9QsTaTgUv@
zW>!M+;+n5KDsa5}9+1HPvL*Y$%%7m9m!H>%O?Y1S6ecCoGz^}%3Ogj#4LHeon5f0~
zQvBnV8f<wo?(s|cIiDS%dR6!5`V&fxGuIV3u<-BRc3Tu}2Vt?ETg{i3v2F(P>m(Mn
zgb1qT^qYlP+f4d-Ih19Qep!ARN^~>S_(?@iymQcfOM34GDD0ujX8}|B%^y$^;wZZ=
zRZpg~7G;DfOm<9G9#WmtqhL#JYFHrffk9!<F5wyolht5SzFNQz*VUg5?B?G^j2$iR
zTq5f{*9C-G{XL?y2S)@2x^C3~7T$LiAkqGI4+HaMS$d*XC;eN#4Vhhm!isPmTOy4=
zN{0R_`AQD9jOz@ZDHobA)qb3Ctbct|8BS66v*^?K10P25U-dG1^klX?=n;GlcA|=B
z6y_tsU~v*iza7ZsZ$B$OT_oz59y2qPX-o0w=GRC5sYTQ3p2|;aK55_&UrV4BYvT`T
zO8~{=SIwp}5n=8dVM+z|s+?ggu40uA6D*@V5yf-Og@-fH%aOtgBOL{XZ^16&<Xt}=
zQLsn^zekpZl=JTBLXWeshDk5+$@$nsyKd}$6|;{Y2?NZllZ)1nggZRD4rajo^${N>
z<&SGqtPie=WQt5#A9p2SZ*It=ipxwZxy%mOyqfgwky)u{PExN1D))}xpF34q>@o4|
zPSOk2`U%*xu7jw5kE&mGIU-$MF22P{amJ;59qrit#jd7&VW~lYJYcxAY$w(CI4k>S
z*Oo_TAot5f1#Y5=x~5tPd&*!b@UYcqEeVS`>dfH@B&n_bSIjWxj~CHD8}TQ2cuVEj
zy+1m?uMhPt2#*d4Fe#)Kt@0*hwlDP;d?f@M{=7i2URrkbBmhZfWA6WI4wLn!U5j4v
zMRk4*6^9g^g^YH`{ETa-e!mOG&-d>5*F=+H<9rK{t);rSS%?$Lcq_=sIHe=FHqf9%
z5r<tuzH562J~2$)HRv|kVWZ4CCE0~3g~ZHY1MaT1s=XId{c?(x4a+<$-$v-E(UXNT
z{UB7KePGJ_dI_lP{gm$=Z@G?Cf#;5Ne_uWCcFQ&(WM6wu;neM7OkiGWw*FBQ&Pr6b
z8GSG^y6!`MiU+^?4Y@_0Xskjcw&?O!_`4(ZubB_0n2s^ZBCLj7HDtpG%@bN?`Lj=N
zT$dqlYEZyEa_<|UUFJgY=|_9}UI*7v@T55CVPPY8?XeV(jFye46qqY8a}Sfw6__X{
z)&8cIsD^H4{}a|IYw>5ddu!Tnl(6ftlR}GTv;cLW;*g=@VtYF2f(^w2hNF6kMYyhh
zp>&tiSI<ax@8{#tDn|pi8HXUQTV_naJThQK@_zAl5v=d!c4tAcYYY`$o$o>KIgcLg
z?JVu>U}Bv|@0Ui<Kd~p+2>Sd+B&$9Pbrm>Dw={;1yAc7lXQABoCE;FtNLk#(tA7*3
z!jc|&N{F*ym&bJHd}i6`i0AB>3)v`RiQ||}J-QGeRSHi@H-VSgPkNNn6NgWFc40V1
zyAPpzZY)W^Q$lcZgY(-$Z=zYga`Guwrn&6Gntxre=)5pbwjw(aNN_#>aB^Fpu~sNX
z^r?=Q>>u~|KD+2@A^B*;zu(}UuaAXZWiuHpc9?YMX&CpOA@qVHl;mw4zi>ykMpR3G
zlpyC-2#GLO{(jvzU|ckRqLIzWAH%?JnuG6lduZ;DPnm~x5^;GyB}#bMCR+UVjSFG&
zRQxp0{OQw8#C-C3t-USEaHr+DFypDL`wDd7y;R_i-%bngUs7Y;8PR&X-G1!)^D_Nb
zn1NWTeab`?WAQ!J@{N8x(+wLA%b^r^rwh!CQi^zqEDzX32v{2a>m0J$SBsbctPGra
zjW?@Vi6N#8SCCFdUA&~6q|M$}jO{Kq(hlz#V(m&E@C{|9D=NWttP_E6+o=17PZ2#y
zPpuO}dy*`y6D!m3WR}A99{tX*B}IrbG*JoZn`>J=>;jU!M$l1T{NAn8{q|s;(mKj?
z<y*3aNh2ebvGX5GiFc7F4{WqCfXB|22)!>=_}BPZeZv!-KgDgmS{(PtKP2eoj-0T?
zG7M8o)CI*%vkF?sL5};pa?$^;@o3HT(kq*iuFc(1^sq8>`P0t3M`}o#9WgxNv9$%>
zFo)g|_BFYbiL%4dg}$AEUVps5a!NrFi*2kI@qmxFtE#}P79;f*YNI=nY=rwEi>uSU
zR#0^7>W??YPi{{x5fZJg)~}Lqz>P~1$5Lkx*fPAm=nyBfdB;s566rXFIx<YeDtjwG
zSrjU4BcD!^mnu0-$M*63<eBU8Ih`+=zsPpH|4X()zA9rGy~*a!;YWV#DhXs1`S{$H
zc<0%-0Z{qLyUy(9)f@uP{j@#5gKtjPs{^r%pC^4uf2fC5zs&uiI>U}wh9~@F;6yic
zFYYs^5p|Wl(5ljTk1s0jpsssXVA>CB%YN(6yAV-Ns9fdxKyvJv?e9ju+BU^L6@$Mp
zY`F8s_|rZwg;5;gYpk*8(7EUpL3ql5OVauQ?x1&_``bck<DI>aB3$VlKyPBJR)ung
zIi_u;JufS34j7{&u&vCCk1o-Ik66X)Ggoz6*6ShVZ~oqp<q?DT(Nu3J`De`<y&uFi
zSrc@2tlHeOX47WIlzb1Waf)Sk9X8dMl8b3FnS?Dp^whB_t<#_UvFILo*D1R>wdl3e
zS0uqKj2aSG{HAe#g|{)~mdS;aHOPCVa}jd9FXir6iI5g)7JDm+j7RtrZfIkNmm~5`
zoWO0@<NcS8JBR7kw2346PX3f@y)3?~E(Nb$Q>e#OqS8p&3!^VaM!JGo2K4lyF#wD8
z{g0>#e}k*Q$xA`AbtL3UUaqUA{7PQ22Ojd%@BLXq$Aj_2Tce~TPAIP6+D98!P6`~p
z4rVr8rA#)N{E;35rxEJuIXrU!+IK?vVaxE-y8SC2S%$YDaz1+A??f)<gwV&Q6MpLl
zSlesj_!Yu#R9p5`yyg`hYu-uGWWYJMX*MI^Oxu6$c+Y3n_`!h7S>f)a__uD0H5lF0
zq42@7-KdM<sY0rIj&|mNh?Kwxx@SrEe!oV=X^?0&r=sLRP|m-j#gd9QrP(~LvZW8S
zepIWY4TzLL2ID4i(K=HDwJS1O75^L=-l|x`{FqtynQ=9>#CcfuqK}?wkeEn(4Iz5j
z%q#kq@WK8QUypf(tS={w@zQGK<ljOFSjjIUSsssSaLIgtkxXec=TQ`@u>aFFHEZ;u
z6U?n`?>fD5f6)pI3`EEwo}x9)91Ci-IJZELe%=hWd%_SqU8ZrsmN17&<>yWBnDM*f
z`;uJO3|@V1A3tqjPFbfiP5uxeHz2$H*Z8?nLg=8=wa<&1dvd=bQl;k&dT&qqTYkg}
zHSpZnJ5Y_jO^Z0nq%Ritmw{uJjBW7YQO`tPTXC8EnzI@ij0W6TbtB4}%00ZZUSHfH
z{yMAFPG!FsVmqy!nywFx?D(CHc2!fKs?)&TTsw~E^&?smZvKKz&p2;4nx*8PsqWtP
z&|`1mM_<{y&K!&*%Rr>Qg!@;zlhVaIcz2m6MnK4vJW|=#osw{uRl3EVbiK;>k=gp{
zBwn<>gpj2Vbg$AjCG~igUn3(qOkZMQBIO=@&`RJ>)pL6<VKm_BEMoErn~{F=G3ok)
zpvPbPyVbXPKdC;)FDh4ZFqTVvX-B@8{%G;V?BnUL4bpCQLDGc3@)&|u)|LP1K6J`q
zekq$%@Aja+j$vyOm6|f9R8|lB1g;x9LQCEEbBzuA?cQYg+1Pk`S=*FvxbKLs{+irw
zuc?K5k!Q45>|t=Ya1?hNTM2h+i2HOv2bziv5<{NJwGFesD7N}Ohwi(NT!!rmUll#t
znUg(ucMMrQ@e5M9dbyxAnQ8mRC?hZgxkp9@tnR3VSW*K}G#I~^D%1|D<goJu=0bRb
zetw(raRIr%3A4ozOUiDt&hkZg6WHhC<|747u|=lk4)&4{O{iPy9Db_B56NxI3nwFO
z9?+V&1PV?=*dl42MR}vsA0fk87r0}dq7P`azbRxe9Jzft*ZM-_61ODcwP;(Nr^oov
z-7*fFz}U^)E{8b+Jtyoo7!@T~0Qy{tluvvQ5~hpRRo4IjM5<1$+xpm#tS;W~C^X>3
z8CKXXvX-D0JyRKnzQzgFwDZ<bM#=@GR~~MO<yRd^p8{fx!|n=?`%S1DQkcW;CjCJs
zxxn7bVSf2evP^Z4@Mk6<ZFQczsO9^BByvlJ^L?<L@<wjBiX92j-$0HMkVl*TGTI5W
z+tz^1G#M%)DjAVJwQIH+()3{oUQ4kc8#+-7*#eky^VPH!!bd~+0p$CLXu*?udSsVc
z@N}}L!%^R`mApy7g^AxUC#IVsuPP1#FjG~r!~}1-Xlv6Efs9h?9Yz=mb;$W~^cYO*
z5|2`yaY`#_^IYENVa;0mCaVQnw06J891K(+KbXO#=GAX>YN)#7=?kThKR=7EpwSY|
zfUNkpMx<^N0ZB)Mz~K0jxTp$vad-p8_{|b~jyIUSdIM0^uyP_J!p>#%-GOFc&#OzO
zs2tSt`u4D2bKa=0by{*18aTAz-dK->j{A0fax~*c5m3h5REbd+0`@fwCl>`zlqG-a
zjU2qKOdTpvok<_wC{cHT98!M%$LDMC$yvd8YTsj3=K@Xdw9F%K6eQxC^7P=fK@iRp
zJn9W{gFN)O&aVm+5&D^jp$5!5w1;An8S0y$Uvh}EQI3=(2J2Ibi9M1Q{2+>n1<85C
zla>oVS+G^(G3Td?F-Y_TJ0*Kq_?hv{{>VhTL0)sHg!{V$v0bNA#XGli6t%<8Y`HSg
zHV+TLpSp&7f1oJ98~`>MEfJ1_O=_(42L8a-a$2k1wJa%4dl(MVY*8tjL-)yLF+-dE
zm^7y7`Vox90zE!5HKtyatKZu%U(g!$#qN7R!GY?I2jcgA#^o%j7E8t+s`FxVtbg{`
z$5zwSD;JW~wQr>FN)CcB4%_E$)V8lzFQtH(dzYRJE{^M6_Q<Hw<qWT9JS3AoDEtfG
z6{4PDD4Ls$VLs_3ZEmq_RTLH_UMYwA^9UQG;K9h*1-qCe6%`eZ0642tVV!(?guHQ<
zy}sXthq+0wQ1JygF4jThx1$<tXdEwi1}82KzOH}-tA_0Q^xDY2%!oPZn+&Xq*6X!u
z&r~NoKXKLGAQ$~QZ&l-2SIZC);_`V;p5+7Vg09Ng$Z2d+B&q}nATxGRi^Evky>pKu
zyUHOPywdbpAP9DRPoL6JPJ<2H&y1p&2UI#lC6*&KPQ0)95XM)*yP&@M=DFa$1;N($
zyyX@3ZoleVe`hjw^$31QnQ)d3u=Y_|E$c(QO^;QZArn434HMVBq|xaAnd?}31*q$P
znMis5wk!UbOPVCV)*Ng>Se0Xr`_IVXtW_gLxkzTr-;!KpDna*x8yOP107;Q6r*S$E
z#MgqVFytRCd5Eg1@P_}%Pv9P&s20%bcx6`4GR^oZ!e|<;zR1aHkx^5RG`z@+Jcp?{
z88iEi%*{3ok-nL_IG}{Z{M37H(}+LwNUs`6P#@nzE7E`zixVBKZdjwGp!!o?z@0Wf
z9n0qFx%^A{1KYq${YCG<J(!lM$@)pkV(d-UO8egs4YDy>2jSKu(jSu*<ggHzw0S=f
zfD=E1|3&7?KlLIBUcdF-xsz1)l0t-GgK#$D)55#vg+04z!}=#(WBvY$eNp{N6R?HZ
z{uK9LS>}qOqEe7UjLlJq@ztjbvXqh5(<~brv2vt)$u~RT$U@Z*C!@=PJib2%jg2hj
z4w3@qs@&l~k!S<U$!K$-+VwV86hS+Df7NKQT_lR=Lpkg`ZNZb)rgi@vqv@r~Y6{@7
znK_qHKP*aSVd|O70_mG1ckMuL`7_EmN2K>?dP?-mZmYg|m4h5I+vR%49TAKLadYsi
ziI)^rw}XlzP{slH*^X+dk0<)P?dZFQ=yHR5vS^*tu9AZy%et|K$M`GSTj%8ZO`&(o
z{?Q<#F2PzFf;j%(M2US5>jg8X_82R<ng-w?kfz$Ryx;$5S!Y=UF2Gw;nJDqCwfAKt
zb&moo^Nlq&yUeBTrfX<@z^nG<iki8oyLVKJ+!xQ3voeQ(L&|4|ub9VqgQKdYxc3$9
zVxKxOTZh_2PxjWAAmeC1IEZt#&pl?fd1-?bUhW<e(bw_%7P)b~!xa8<r40FZy92a&
z{dM}^H}rIejM0UCLyYN44`GSZF1JHpwI9f8urP$hx_c&M-fmr3l!IEMD1^*?auU21
z#1aV`6!V*-YES+%Eb@(UoTfwAGah1y(vCS6YA!AGhbgAnIG<0c8j7v3pr2;Kj`*iP
zTmKCZUOYzmu~Z#ZEMs`Q)Sd#*(NX&U`24rjre;LzQ3VYeewh;=a72P=KS|`F7k2j^
z4#kwJwfCTxn#3|->OAkL4L0FfWdlc{&Fvb2H_r1Tw0y_%0NsI92yncux#o9d5Vb>5
zlzUCt$HS@2ZQv;{`a(%`9Lm<|x!sOXlCg(ElsUPPITByb7Y0c$-fWh#0-Yhbv-ba*
zcUrer_fri&awOjgIou2=o{D6FZW9}hqMCi71}vcH9a+~tmA$fZ8hsS&2IEN$w_j|2
z<!8oxq}albK%vP6H-^QQT@{DE=Q8~f=CG*B(-rPTXqe6Afs4E7m>9mOMuRQ|Qv8Vd
zdNi(8V$^SdZi@0~=G;he$7N>bI+I2I`QP0)XsII~17|7K<0a0yoPE&F!PL3vL6duW
z*qxAXI>2vgKYi*t+V7sP=sbF^4}ZHq98${BRYnTC*e`rIySF(PsLHirNpe4Enx|MB
zI+%xRnkA&~M1ridM6Y;2D?!g33^9L%J;W{sFf7FO3Wi(L>9J!uI)jn;;CqeKsecDC
zMXIVCX95CGDBG`W4&~44f+#-!@D!ZRZx)3}9eZB9qS4L_(4Abk!$|s?j>nF9Bx)hl
z+OZ@2Y<j>9?h><EUe3kh$;LQ@%e$r#95<DBH|96hR(5gQSgC=D)IGB-Pt`}N7v0c`
z`%8a{9x$G~)%RZwyh}U+Jvtj%Eko`KO?%ubiz&1(R(rzZ2~W???%GeFls>|=ToJE3
zSJGFiI?lNI7Fgy-lInG_UiI3w7f(Yik>nSw#tx!sq#o}N_gd^#LO=lwh>x_{5^`e#
z{^fuPG#gk4uqM1nDH`7Jbj)465Swgzr}mdAkOrXdWN3EHe#BZ{8T)%GgnahUs*-id
zUn(u@uyxM2%MBZSK8-LCtJ!xQ`SO-3P)%R^d*8<witmM@R3C2#ko|m7)6l>I9eN`v
zP`idGDtB-0_eHsqoi9%`IFz5`+B{?sa3CzC?v*s6E8}U6zw_u-fkiRR{k^iEY8~Oa
z$lwi*33s?m9N_P<sh0ojCuR^MHv9}~IAdx-LdCiD?sCb-tx_sMs%f+h#^}3aFx#RR
zuQrEzl~^SaYELTY-?<FCU_PLt)0>!xBuJQ0YH;b+U)DNs{E*+7VcN}1Vh*|%SSju;
z=P4jWBXB$h#ZhE><n87??$!0T$pQQPSqvZ@18-Ij1F_Mn7nAyfq{4hq#9IWYJ>LRY
zYjNfFkbw`)%OlE?H9!$2q0^DjTrpc;rE3vVUiGfOd~5E}Kr0!mN4nW4@T+A^$!H}i
z$;4^(;NNgJWLOnnL!*y)M104lf@apW=q$HhR)B1BmvfkIrZTHj&j$B%({-SJ43O{f
z$XMH8WmE1^5pL>KHo7XPa6#WDyU7Ko?TKyn{*l;(G>Y6d(>%Kg>eBp??~Z~0(mw@Q
z+jc~NGh$@h_9gob+<|9Y{86gIGya4&L)_HG%$-z1BL3*3+Sj%#cq3iU__+@Kmb04#
zWl$Q6C<o4i-*0Revge($4X3<lkL)H7o@>5^wWzM1TvYbGy2Slhr_*AVW8+`ZJr-%3
zpYsnI$k00zOL$W%V27ZT-Bc#CXbo~Qm%62)9XS8>#Rhz*#7NFn#pQjGHlEaiq9Lyn
zT@b8}ryaTIlcv|WKtYs)v5JF8x#%tB(W1A|%x?T?WKhi`tiIr`Hse(JDS+(U3;)iH
z^fq5l$4k1@*>7a&vLGxfh>@xs**;f5hjVL7L4zX?Ggx$)OHk+9!?1|mOPXh8<TT9*
z|4H0UV18$~#q>3`&H2^s&)uuS*p^>-{3Rai-$&bPLa$c6UY-jc&1&p$JxRBLdQt$@
zeHj*Og1A_2Em&xVt0hl1GqCGWMzUs%N1~>%qVZ~@R7fj-dq36>iOp0v_4yUy4U2wV
zfOUm|vG!N%o`nMDZE`2SpN6|FIGqAL`~Sl0-7j_OkbL?cZJy^Px*3b?V)v#eE1qhf
zTBVsj$On6!ZOhHwqgaji=e4HD!_K)z-!L6Eeh1+VW1$<?;Z22TH*hB3CDdCUG-5j<
zghNT)4(g=)zU|<xtvRiAHWe@d;4%<{wr$7J@`zB+!`w}J-0R*IwJb^{&M@M}=sHQj
z!gp;WCC!b-Q%Y+fmuZ6MFZJpIB%3Yv%1i(>#`E*W<^XJ&#PgR80ldw*sEY8M%7*r`
z%&KfueOsAl{uF<AhOTzo7F~ICe8c%mU2(;+^Sd+(k2XDXfQyj6<8@0_g^lO-_)7Sw
z{tdO5E#kI(tj)3`;5Uv4;Cc)_ruU#?tu0~I8m|Fk{;R8QV8U<)xo1)}I$=oeRh|L$
zH_z19bD96i_2QY;Z{`h092o~UU7^L<64a(C0ajn-=3m`Hl=QiUyipD{))(d%!o|8D
zKRb9SgnRK~LjH6|s^*CBZeb#Opv~c9<`<Wnm_B32_ye?o&GC7R|G)}W-z%i7ZO!t+
z7ooJ+gR)^IPvZ-!RIFk}!py(^(A`>PHRIq0sqF=OF?l(}0HwA!PrjHE$1syD2V|yl
zS^=<QnSbZmSOt=Wh-C4r?rS`eV@PM&*m3AP=7Y#A?C)8xs>#a34Q5#?m$3n9UnA?C
zX1PJ?i;!4&dE08$^VkY0Ixi%rr1PyvGtix!rg24`j5|>#e$}C}3IgmMn*qhL&vW2-
zx}~}h)2ORlP(+*e1(G2Cn;MN#E1LE}#Y`FQvIB$8M=G!j*_5s?$k%Z@t%eQDFY~AN
zqbk@4cii}&l)MMN4Q2c@_B56@FvY+ANE7DJn6A9cj=REEJe}dC`=8Ry-0)bDrRjb9
zR`F8WQ<5=hp5=!nP^7N={fvnIIs)$^4L3aCa{Lkhf#Ip${`2IrMbi=Fg5hRrP5seC
zD^!edRm?V^8JX5BgbKlP`?I|flrEu$z^)U*xsvbd>ocBr3F$M>H;CrTrGMhvZ#lGP
z9ZTcAe!QJ74>VppYWQ^n5e_RCl9D0x$CAeuOCJBC!l(*Z6z+nPNkTrE5np=-bXc`N
zzI(Ilns|40s`hRJd0dcjB&=%8R*q17iPiRzs&egd`rv;@tEGJ#na+J`?_}ntVD7p4
z>U^MLmntu>H*ys;b&cYE&^BvInjg;j`ki}Th-ti=#3@scyiYQQhTs$EIn;|;=DOJ}
zl@7Z%q(sonOeIoy#EOlx<Awf%-ub6v=Za?LRAvw_LPKh8cVgMv^f})bL`9nQv-*|m
z$(Y#+1n|ft=1b2K82wD7MwGKQ4PdXWPvJ*9*OQ4SYA0+RT>Em}tfM!+y|1-$xBFIQ
z;!UI_DhqhhfA^E3z~IBio!OU;Ph(z7+`eR`%HYe`b1x0aboE-Z`J&LbBZyxx&opm{
zHx&Cxv|B6Kl3N}*-c}%ZKTMOW_z3TgO>dPlw>hD0GG3|(_gaeIPAmz1-zn6@n=w4%
zcQK3e%y%|(Mqytzb>T{E#pH|7%J6k)RbC0E9cHyPQ!syXsaTJUpPp>UDC}p2zC5S9
zIbx0#tn2ea9B%Y^-rKB()E=o938a<kgYubbZzObSfTx6Cp1FtuFG-A*o3gc*)?fb4
zao*v|%Y@G@y<0h1xW5i*vurGw^3Q|yE_pR(VYo9SeT_wF78BK@G4C@ZPx3sV_hb8K
zT#_n9&236W68FkQ(F?KaM;OKo&Kt4&S!nyweJOID+vS!qBT%I0zW(s&M(V4d;Ba%h
zQqgQc#=TU%M26)4kjDbbO7ymtYiggkO|^&^&6WW{4;t81-6QZOR4~L{7%3!pR$l~B
zO+6>Ix<LDds}bqo7wdGrZ(wXzW+sc8eA?h=Za)~B`lee0JT&%H>?Z$&aB2>Luxoqn
z@NpJr+wo!NYQ$>v%9V<v30N9|huf0k_&1Qga;w7<XO@_{YUBUstpK2J=a~d73Vbl+
z^CsSDavA;6TApwvbgXUlXwP?{6R4}jP7P?B-T*-Ij(tUpEvC-5zMcqb$G6Yu*$jGU
z8T(b5-)iSqgA=^XHCyMf>o<W~lz6F6O8cm&MsNus++$@%&9yv3)TW`0t|bWZe3xrz
zqRm6m$|k%umFsk>p*4BCM7aS%w_$su?wpC7Q{tkxC?}Wffo4|V*Tz?tT*K>2E5j_E
zw#t^gqbyJ4-d&E2I69ZULVW~&ajff^&XHUMQaka;Gj)|CkO#U<=L~%dPkK^0*q{nx
zP`01KFm<Oa`CpdTDlkt`fq`<bYKY4xu}Nb#Q7=6?KT`6EjL)FvyxQDk7ctMsdJYNI
z3R{(E9h<XdjXphpoEjdBynl4&zh%yo+Yn8B_Q=0~LfPl@z>7A~g|qUQsQphM5#v=y
z08nKUf%zeEJsT_m<thyv$lXMZka#5fKh1E-oNmX@8@Gs%v8nZbzAqJL<sIJdnjc}K
zw=vWWwSluEG+d6!U$)d-g%l^x%zQi7j%q+!mWfSa%$FKlLutRO2?UNd(D+n95vC2f
zrKnPl8Guj~vu1`aLEl*t6H8SzPAxGKVmRt)6Ey{!J_-|AFy-`25BMZ=TU_YCym+&Q
zo^S;B!o$+^!A8qyWwqVegG1w8l~&^F3OPm>QRt|r2cV{BV!#xPY<1&L8>k}7En_pZ
zgu8h(oET(Q41MSnDYtMZSs8jZx|OAA#$_5kW8&`CCITC6v3$f{ftMn18icir`2Tq^
zd1KA9+WEmIAj}du%*nYrysfW|meNKy6K!!xgbj>sp0cYme%T~`E8`o0ds^##W%(CF
z!tXDd2hT94mkJ-cuZS4PQrO-<{_7PSgvm--n=Wd?Bv}PJekeFyEJttqbZEP*oz7~b
z`ARUAL|fReW4ou7n&^F<J7pXn+T&?nPB1}25k=w(B@Wt}^Bx(d8rT;W>{woSsz}w3
zeSBIIhLQ5lpRGMWClJkJa`&9`{uR+Zp3a>J4*C)2YR5LB1oIW9N3;bVdt8(`u<cij
zd7^V?frEaV#I<n>&OLpakoAQ=Ywh$Xi5DGOBAyX;cK9X*csCQ)a_f!`G?JuCvAYq9
z(f7F;F}cIz#|YV7c~SN2e?|M4w1o|}t8HUphq_^(+!jCB-m}miggG&}b758uv}9$V
z@-x8x^<I(H<=&(%co00eaQ_Q)%H@Wp`ipVWxg&$!5pB_Jp6<G%<BBm-|6SYub12CT
z-KUH{f2HwXD}@`{MZ@g$2|vc=zh<epA(x#~se<)1+xyx8??5yoCm1hDD*h+eXY}r~
zEe?~mprI`JE;{*b7yg)gXmBH#Qz~MR?$b7xU<^2G2zxiF4CxyoHmL#WyC<CYcPA~k
z+Gy<(Or|+{n{Mlr_$zv-1oMIIzAy-bW73u~B&9M1rb}pFl)f|Nl!_km`iy2VxObt)
z_8H4&c^%15+cvNJXWh{4kv6C8d8b)gXcFAhZIe4Y&i2^B`;b8ws#IX6>wj=xv)ywh
z+}8(TW=!t<Il&YhV-s~!O_S1r<Vjpu87je?=(P1pw|yT14<(U&$lVtS8l-cg2a6_Q
zB`$R87^xF@^Ww+F@b=N#Y3SrJdojix_Y@<SzR<A^28lCJb?MwG;GmHvcdDG=CkgEt
zgFr|6d!GL|j4Hu&=>+}>!uXlo-EJmhKI`0Zu(cQUuVFU+!>eJ3PB+Uzu1ep1{7<+g
z_%T>PT*f^eF$ttix__8}m0c`@QCI++_iNswk~yb*&$f!((d{%tThT@PF4?C{&$dFp
zqKlgRc@kU-PZyt}hKizgky%6Sa#LWw{~(JWc^77mZG%;}!3x`z{4wB^|9DKUb7#i}
zw4?_UCf#4Wen(fhUHgB?_m-UPDMKp!7%XJJ&g}Ko&h6EL^=S5NB-j;=%ZX)2*8jQd
z<&NfS@+VY_{y$bQ<$qXRKBJZY<L%1u_Nr9s!0czVdohMqB@k`Xg!y4|r=1cL$<NyA
zLfP--hJBa7TtxR;Y~aQqjQoFKiz@6kpRyhC#Ym+LMX#UU6t{#9j&aAVN@O<P=Otr!
z*?@}MiUvxD#HYZMV>OJgeIfF`&*QFUBpn#Ya73JhIvF@uB&n&6KEL0=?29B0X{?>*
zSYibk%a2KV|Aet<h&imE%<ihaaKD5Hzx~e;w#PP8$8<T^H#wLtrF*L~qq|Q^k>so4
zKu9a_lTW+Xu7Ox>_)yl+c9JUNR?Q@#ACNm<Dt#z=_tfSynvCn9^%LV;z=B9<Dqz@T
zXgDne&1AjuZ+J1;2agZ@Z@4+xhnVlkYG*73O=!I`HjI~oe!&Os8CFb2zviQ}*@+v*
z5b<SM@9+)#C#H<?q2#TdEp~>6{S#8sQkoJ{T)0sj)^~|1N8Bh0>$}X9BR*90FeWC2
zjt6CF9r$m!og3wDeHWP$FnnOMlQfJ;O#$2N2n}N>_}Z;@yoQ%XhFgbK`KEL}sqyg<
zCL4AS=L}Pi4#y7H@w)T#5nJu74^wvyyA6wnr}S~7gsr1&b_j+)SXsZ}W8p=8u~xU<
zVI5BYH$0Url8|D<>n_SSX1$|oJ!)<Jgm0I-HarEDY&bHEt(Vg=EI%xsl%kT{6p^ya
zhk9gf+C8k2y#J-}cZ#z$+pwcqVNwcv%6#|m13rBozTshfzO<D2!D04fA9B7*^PT!(
z$FjHi)<~W#T~e)TEH#~3-oli|;@jE_r}ld{OB|>`BZUyJ5{EY+ryR&TxNi`2PO&^Q
z7lK!eFo*l5K%pfF;%Sf=DBvSNNGoYTPH7c14f+78*PJbx-Y$YPO>gILin<&&$3Trr
z$`YZ@78;W!2m*NOM}Tn&Lgy78NX^VmDfo;=1z=f>;D(EaK!1Lo6^AoUgLpv5xg>QV
zg<=OW(6TxpOKWy&`uriN^&`MVTb~%zDg(IBheS?WVXYAqMUc2+#6x&#A*8v4T@D~s
z2r({pAOcCq0ra(J-KPt*W}Bx$Z$RhT`ZOS-`WKU4w4lf$2qj!J4LX_wK@~etf_zGb
z6tGw86M&YL0g5$q#bwD*(_DxQ{5l4DaZrHHhJZDb>c7RbnZiX=pm(Z(GyA1WF*r0B
zYFY&01~C_x#X(`(vvJes4shQj=wTkj6b_ApDlsqw2z^dc1t6zEuRs8G!0u=L80e#E
zT@8TH=h>d=b9xX*A>=Vgq!>#_f#1-(kANcW*(yevYxP{nX0b{kr|2`J*!O}=sDkFK
zJ^W8GLJ+>t#FF9c9}jKIh3FR}_~6$O&^tN67kq|*PjJycP}4lfR53yXo~i-R&`b)2
z!anO0f^H+AFs<2&X^<4?HU=uFr5_Jn$%D*HpA*ARKhOTk2|laHhG@Z!)B&}{4h$fG
z93bI8vKdaFGr`$xu;|H35CFJnD)des5UM$w(}llJB?Hhdc33_1fVz=@ZsVYOpJyqi
zd)joyWdRymvvkGmp8zgevr_Y3&x#$cTxG5WHL=8%PzGQ-mo#1f4H~EnNYd1gfa+<_
zo=?ww1n6tca!ixwLY(3D`H;S1gw}u3mZ&vrJbjJ>Ur+#e!WYy5Hkz}v@YHTCf$uSG
zn<WS(IHd}Jti<6ZNUex-=+I+f9&Ue10_@oSEYrQe^}HzVvCIl?WtMQpxoOsh$DeHW
z{43oJ4_v@u0tDChJ+<M)%VRnJaK7@tGKUI9Tx*^sE8nDsyQdY3;&g6wnO{C*EhYW4
z9LWj(!RYr=*R3pEG4n%N<Vw|WSIjbJJN5C6(KdPbu-1BPYoGu<9_A_Niwwc!y=F&6
zaF<}sH$-B!N&G-0r0U=_<YiJQZr+uZi#GQQE%InJ({j~|>(<iQZPZUgMk^PC3p^bW
zY66*`<-fcGN@wZb9qQHdta<%p44hfae^I1;C7coblW}U#v1M;5s4#oBs9#45VikUB
z&-}9RbG)x(0j-E8*QtS?eVUdjEoYoc7w@C71m?_d|Keu0w3Z{g!{XC-K6t68$RzSZ
zWw0Q+EI%9n2sg18t8Wqiz`MDDhr`aPy#%M<sLP&KkavFm1Vi+7&aa90lb&qFSEcp&
zlWQsuw?*l5lJ>M$S$r?P3bNW;cF0=)HSYP`<dJfqwLQ7^f%K#jUk*c?LU{5kNj3TX
z4S5e)A|P;{-2NB;gkZgvozwGRaq}itQa!u#(3zOo)fex?tI6ICmO3!ACq}3nWNP|0
zDLNlR^e|-SUzL9kRa_ex4v{<+Io<s$UbDE38aS8Kmo<P82XBc~xW|TwS2G69&xK8e
zB_6%yN2qIbsHIQ8#KUmHob}{QB;mvTKFe%g0#}dNO(ZEvO=P-}guzS<rO)(xnbyn|
zaWWlUm0Q_2EcZ#&i{gYc*wfs{w=eN@0<C#>SO;G<<__9Rd*&?3BPI$1!8N&eL;rY3
za)s8sLX5WG>9ac|u<w03($?vb{TE)U)rxug;S0D!DkULKP#cFVTj6_~s>&`vCHeXb
zRUQY+H|xr=KCR8DU|anihXla+dAP9^%Rl=huH4{lrDTv;%2u^CDJ)^Hqi%fbkc(A>
z!M`2rQ@FcUGT^Dx@B}ihEU}nATBY3Vm&A7SQs1B;s!-a1Svc&>Mz+Ms$e^%Di~Gez
zjXlar{kPU){1Qsb9hWL=bGk9e6A&n}p>OmZvyd&djh#HLtbDZSw8Tjo8KG=8Z5UR2
z15gQNifX(XNfx}I0{@A+*mn#`ZLdP999+38&ftN#U%sPxN96}6A~vh{7YFrL@^dt&
zxVp1XvvSqarrtO@xhY^iR{9laxJ~BQ#ETkgg)MG#X<K=9v>OqW)Bx>VOIBu--c?vG
zn2YIdoR@WP+vxY<GRrX$v6eBe#B4CA7tL0RW_(rp%*4>XVQ!O<bnzo~s6#I81DBJ|
zm)WP4V`Vi{(L+NYrmNtm&E&r5jiTl>tA3<=NY@!X(Fj$dgfe&jUqI<b%G+k!|FQQT
zUQIP!-!Q#Hq(*84DIy3eNRbjn6p^N)0t$p8BBE63kWdBWl1LNj2r4K_5s^+3dXI`q
zC!t9TkWfM(?LB(k_wyHg>wDLF*R#liojH4E|8||3oWlgM>6T4={$0#|XtK(p5;%?Y
zD)~CNyeHxNrTpRRlPj)KCMz{lndz78#@@Vt#Vd+U2W|xmUlY#>wr-NRxbXXurnEI>
z`KD!XviE80q=bP74;G$_q*87)j#ub#DZKv>ZxVCJ%IndZg7RYi{MJ6#XQe7!>F2Th
zVXliqBi|#PQEtmCLKFon#y`3rWvg=Q8{6Fz)IRjKln;aoXL?kTo;_9T)mSq1x+V@)
zv%O_6c`ZC@kNd7lGhVMCU<`a!rB6-a{UDp%k;oSxLVsRTQfxMqYaCp^wi>3Xz;>+k
zQCzT96A$}Wzq4KfpXEIJ!Q&6VSe)j|q4b`H8u2gtpE}g+m^RLf*5HYGu2-O)aJuZ5
zIG>t)o>uQel?v5#uiPsscX&TlUUPgP<y0X);h0sdws76Q|IoL?SHJ_a-RC-&W&?6`
z%Dgw08rrX9@q~-;*FQeR+t}i|sBV?t5^lO3xR@`ae|}-;+SvM*DE#)~t{uCYILcN~
zkDI*E_$GbS%;6*DC;k4&E9WC0zPj>5k_43(%1S}H&0D>@&NqSo<ULX#UTo%-V;P~0
zTu!@u>3+3O+OSmQ)&slVfeAAQuLesY)!i$XNzLNO7L#|Nc(HMDp$KUj)#@G~u+hY@
zF0LPl8EqQfLZ>nId=&~~|NLg`NY&@^mLJ<ZizEDvxna`1^JWpex0w5eaZf*e9~+%6
zZ{Q}qt&#d7CH3)|MCj)yZH5!{P-$`bXCWt1)uTAP^y~Lr(wuh_xP&;io(d9jS{W{;
zK{`z|xgrsTob&AK<Lxa+9foe7Zgm-@w)pIRAdH`{N@7bIMNKSjhsTE+<w3rs+F06#
znZ2{Rbu+{6<~Z+=>@w^2Q)0$Hg*z>BoqqC1sE)6=er-RM=Uj{bNy9YIHo94?<=;;&
zY}G#nPD^}#lu<m;dcE+u<ohh=jhxHNAFO>!RNhZ4Z`A_-59I3J{?9E2Psf!cm>}1$
zlXtgPzlrp%3G=K@v=NI%-_yGC%uN_#LKEmu*W>D|KTM&OC6dY~bY4j6fb!M7Gne1R
z$Y+Vh717$_pJgncyS0Osdo#0UXGoPyf66G-wK1MJ?qqUh<rp;b);mvy5op3%vw7qC
zjmaCqmmMo>!Qpd!;g5Vo27?n#o?rz6g}%j{gswdQNSbor`tW>i>+Y50<ip2)MMUwr
zUUEh#w11@@hlijuL_L1<h>DlJQuciM_SrpJU86|PeM<TLG|f<}!k;o*@2@C(I`&^R
z$g7GeWJh||W+tCN6qZ*{E`lhnKH0v-;8rwsJ03^aEq}%iGNU=y>lFkV-ij9kZ}Oh(
zKJVZG+-3+BvlA^4NbtMZuSy)ed5PyZ9QcG-`AE0UC0DDfPJ-4*-Pa8(0&0U@3!*le
zK|SIq&yvW+tN{3aj@EWxM!tK7Cu!m*MDR&wxNnL^UAJVweoH0s9CXI3^eW}>{b&IQ
zf1vOw+NonN9OdVKBw@a}V0a|wuTrk9t7fS3Ji9-9@{Ag5UBL8g{;7)_vsaHiAH^<`
ziV62+3%U$`U+s8pJ1}5lr1s&-R&r_5mg=#Jtz*R}w|aFOW5f4dp1*K-E7kJ;yD3Ls
z?LxqWb;8bqgSMHgwC{730m(*5E$-g(m?M1^A!%Q84HreE^YBCYs<5jy#odjsSEoE~
z@-N-c2W!0lprEZpwP49Om1O8^e9?fnsYRY`45ny8!1XI;axM6uzxe3UZhM$vidxn$
z`bF!D0t&w`RMD3MUtyl|fZtyJdcjOwO<{NUO43*FBeH{s;!+eK?gwJv_1Q%aizVwq
zW$vl>B_dTt)(@6fN{sToj!Qb7S#U$LJnmO;LBvh;Zu0pvSq}z6M>U(Jo#eCcc)aUR
z4(pecf(|)BVZ{zYW+t!Bu@^Kqn><xR-n$iDmx;-oW<^QyQ9h+5toXyhT}%AhYI4R&
z#T^Pd)<P8N%i)mmY-JdfszCd6bYt*bjMelCKItbrYPQpUs_&|_c+N172mIRnQM%>v
z<--nHryAxy#-!FXe$dd)mLY$qjr_VaMVR3%ilrI_D6e^VW(iNk_kDjF#?IdB`0#mZ
z65<W?D*-F#dDLKz^qYS|_P$&Fd3O2nrCqhtsBmc|Q}F8~&G}6bMWs0sb7_?C;+s+d
zE3L!N3D<LvTFq^jVdozaKmEuW@7I1sdYL70=C!tJ+pSx*IaDO$@(7>O-9yFJ_gy}{
zxHUNG`#x8?^}UEt(-al_HH#2UxnUQl+!Q&(buIImW}M!mFWoU7Q9%v^r4J8@3kHwR
ztvcd7QYt)@2*I4<pr%94ss!gWgF_|X7S`WxB`vO}-J-B<WR3F|%-LOV_CQN&M9^va
zTI&Lt5@!Ov9NvAFYdHBEMHL;jL&Cbz>PT+cUdc>Pve>JS9T2bUCeHP5gO=`-CO?&Y
z_skM}c=XsY<ImqRHDs~#4h^{ZpynUvF5mjIL^|uP2~PjCdi&K%bFOsO^ODh}6XU?+
zsCQiyZe3*4j?sVjbw^-M>ZMixIms@p+}rK*%;?`aP_~($q~QBEVsm(;vLujmWSz#y
zxt%4<Vdt^atRvqRqSd*hG^%hXdp?g0!#W9D)f3Xh#v4i>PAuhD96~(<cM9sn$qeBW
z&g3`&TU}lcK8V|VAB7b5r2KNFipb8l<JY+!e=GUCtTg#1+>RoaW0CZV8qLDB=|6VF
zNla$Lp?a9hR<+g8cbW0f<8JHf3Nd<rL6aRgNiSTAdNa;%nzhJgc9ZAuPD93kHt<m3
z5jVEyP>%34Y~I%3;ejK+%{>TGq2><oU5vZ<gk9F+@UOL~G{2*+^~(48wHh2w5i8lY
zdm7Ab(GQMVTr+w!XYoR#^1c1Z#s{t*x7d1KsDHF?$sBvA)1C{?amzD#J7%r)`Q!7x
z3>8oD<KQ8OFU1dLuUDGX7W3+qiLXjO_##MJ(hapZ@5T52BfH@~&qrWA@yYxBOdk2l
zlfuszzgb7`E-&{w>9c>2#`Tmg=(26S?jb(zdoh*&H1}y&#@$mE^PH#6yZ^c5azxSY
z#|=Amd6hKLWQYyz{tq}DG_e#EakEA2Le=Bh;yLoK2yu`kG;UDAV<9v^DaX<p_%i3u
zotg?6y-Evw0pdAU!wQ6hC;G!^L()J=O}+Cz%YeU2HS-eZVWmq{_m0~`k8Iavzq)wy
z=fvzuv86q~lXLNONNR1>^dXXEmR_rCnZY4G(;HPVd2#K5n}lByff^pQF?=uN8@d8F
zj|bl?xIoP~j!KM}ON@I^o&~wr5?w^MxNk6=_Jk(#SVJmiupngG_j$xzI5Q@sBS?2H
zaKUKC@44JyYim)24NR@5)m^i&hC~!7;$5M0E8DD9MHOacFk?WUxkz?_{CDPy`Zl7?
zeD^yBriP_DVbquEMNIUMyYw?Qd;ie4IZhHAOKPBbI@np{%?mAp8TzaUd%=rS4_M5O
zU)=1TbXB?}bQ5lKvvBU)f#y&~>pxKMi7=C1(vo~}0%>7zmoxWFnW%fdby(>S%96qK
zOO)R97H9D;7JROb{JvYtLGQcR3zf|J%rCtaIrBfXoIIP}HmUS2p0J%>+%5F-yuReM
zTRBozspno|Xj_Q(RkTXqzoVK#DW#e}lsKDgHKo#rVTo7@o-;iS^ZNN(J}<=iB|f2K
z$ZK0e(L}9wMK|=3#byz6L5%UChT4iLE=lLSVteFAzgkNDnFin>)6bs>RkvDv+n0oe
z>yPWIK7I{((IFgCO5huC?XvUjC|2GMPW;|pmD+ZToSG$aFC#SkXMMB619V?eu9dyi
z(_^B2Zo!E@=cab*?RlSMR?lIztCfI5cv7A=J2(WWXi}7D*0wW5?MJ+>c$No>WhWNB
zm=>nG$J0CB@{fPzc&dyB9Zq;LkG;8E{ODZ;>sKk$tbDVoIw_Ss&v~N<enn|_4@>I*
zGpMW+AaV&(`<UbbGZl1oKIXZx?BV=mKn1Hwo{&__8}XF8<2sYdn($i*!dTD{bsqaj
zF&cg@B1E~RCO^kle=t20eIn2awDdOQqG?u_fFZgYmecs{AMuaxLsK3}_%}~IBP2*0
zrUvSAwfJz}df6&V;7hD46QU;13qD=Fne~>H;S-*2&<Zb;3TVs{*Vwxf3wAQ;ELcxT
zHaO&(wRY{X<U-ZSh!$7!hP5)OFd9l#yy5B_o;Da6jhhC2RD3B?{iFkOQ2nF*nO)Z5
zB)5SXk+l6qtBBI*=>zmMi+}7r8SAdiJ~ru&3`yXlgwrWsRnxRSd^yNu6}|3^^BmZn
zxoV%q?!$mr8U#9w*j(Co%IDH`ts;|*2a?MMI@eTBK!+}L_U7sp(9E0O-nyInY~G@y
zXM4j=V>ijiL1XujVZe|v=ZKCGSu{l1{#D-_*EzxM?|X-CjnLkfjEpaAeRuxc7vyln
z)ZR%uj2?4HHtYCM?hb|h)AB)PB>frm$hLtH@g7LM)17|gPA$6GBz7s6eZsT4uIt@;
z{=TrkD*F~#o0V2z4}70iub&DcrF-Qr$dq_P(Exwz_Dh?$^-A|Kb8SZ7MQ=^9qRj4m
z`%J~Y&2|#7CliU+r@p{mC1rbwfe`CwmyB%5V&__>E}xG3$-0=c`zk8UzS+dAxdqq1
z>p6c9Sz~N<`0<(1t7jLBZS~7Ch)bV8Fv8x=5oT55Rv&yV^ToTbpQrD8-6LQj=a&wa
z2D5jg)OU3Wk+W3=dfr_(?AX_j-Bhx~>KTVF`pOWU6B|3mL-Jp?Z0NF&##y31P(6H3
ze)@vB?dgn=0PigUcgN#f6M8F>On)5o*$%&KQJCNIAJr~VJ2fP8Gw&v;1nGBoz%hG<
zl~FFj5aDk2?|A#!)S$axA0e3NLxku(cJHwGB`Z8rCv4c)c_ah>MW#sD;~w9*YRbK>
zR|R$+OETl*8TaH$3);QjdN*pR(p!>;&W_*Bz+S5z8T`<)QJ}V-a!V0+=f*@4hx8;h
z?em7209^UmN4iQ_D#VIMRWUwa2sI+SX)wV5vNu#A$5FYq&(!kmw~iBU#~zxz5M>}X
zEZf*S0-R{~OnP|&AdOj`Xhl(zrXt1bd*LSix+1ELX)o8YBG;Rf?cMT{RNIop6k!Ul
z$>MIQt(PoGqnFR`OPD;s9eLZNo210xI`wAe$cwSO&L4E;nogX;+aGs2-4J<~`|6V~
zGESt;p_E>@q>Gv2<X<cpbWUw+$dj>2z<o0Ly2M;Xs;jceuue{&fM_zO)$fU$%BpSs
zrVCY;FAA$HITbxlkG`?Ie%eC;Bdcs1kl1&f`Z2k4<ZbNXG)p7X(`G~Isva+1pG`4c
zFzFN1Ouy{*@~(C2^UFJj%+o<xgNtUDuTKl7zgyzzyRLibbVg13yU-7J%~P{1-_@jF
zlv6QJ_P-uOKh`H^bme#w<V22W&t=Xn|MWL^UJQ~+>534|w2cg<3`6rzk8RSErj>Kz
z$}V4bYBcS)$sP={ReDDjNH#4qzrOdlPsG4Np>I50^+ERKb^Yt--BK0%vP8^>GG3e3
z-Bm5p%*ohRQguF>)|8@Ti|tB(vmuf^w)Q&qZmDVP$8_^HM+I_)lCAo2hwzf?=eKSr
zi{Xx$Crc~YKK^L>!1o1TxX+8r3d%X|_2w@oCY5aW*3)yQ<Z}oim#^;#^<_3)INh_E
z{<?EI{T)TloNwl6&fMPR7jh49YH5_H^f%P(bk$vpKAC2iLQPQmJI?~s-j4KlWY^@!
zP=y>(<dwHuJ&GpInXl*K?<(ghUXLsvcQpQG*|avunLIG4_|r`z>C%v5W4Gg1`UNd>
zLl2E(h;GZLMOqe%*u0@+@Zf7Qf8hD|ICW0c>5QhTA>}Ou#y6*+2x&d$JmxxPhiPLa
zBVBNuRQMPY1Lq<SRO4dl#snLey$%MLpiOusK4mOMK2<&7ViOakLpVN`;sRrt6l~@V
z)*^VjhG5zR$*t9pSh^x%$<_A>U5Eg3MF>&7$8Z>(qK@^n>K?Qlh<bO-))o82Nic$!
zVBw;RcIKq=jmcI6?4o0+XgUv}%+)uR&PBj=Fb)Sp2)-_x2~OIHlclZ@&So*PYIRvh
zA$tTXVcWIYr7B)FCQ6WCJywry<0i*dLlWug1Upxz1R3JW<RoWTqY@syUm*L9C3YAK
zkxj?SFonDka)dxv7{{F$+30D$W<m1pu@E#vp8&%!1PNeQ-vqiG0qMdNB;#B+pEzCZ
zdZb41ueOOck|gI;W4(LpvOC(!G3oUPO331~ZgDF0=8Z*=raw1SZj-V%mx3LZ1&w3-
zG&Q>~V${MY0kPi8?%r{TuV`kh8YQhstAQDGmU)C0AwY8{+6?w?GSAZH)wZc9er5m+
z&IHXCJ?!6P>eI}Rpb&fvRm$34)&x63KNE&Jw3yAaw5Rz5ab;)|Ax4W(*q_&oL-<?3
z>9(`5nOq!BW0kpuS*zN}1%BzB4W)B#4sXKLwtVp@0Y+cMHWkK$pwjp0Yj{|_50RGU
z$%TbY^}^y&swmVosNXlk&-~LQx%-)$OOe@D+`l@;Kvz?LTy9)c_HUJ&_VbI43CDuI
zr8Zr~Iqg$VG@jHoq%yx#Hk~2E6|Qd)6(|YRJ?>FWvHgR>l}4f2H_zp$M4IaA*>jC|
zj(`&o?dLXJaWQ?<al{4T`$b0u+T$Dr80PGaDpB0Zdt&XiNST%=I<m!6cb->FBd3al
zu5MI4ub4zSuCgq)iSBYWzK)5!wj0wY%hlL)Z3=3995u!Jy!K8b;zurQL;r`gDg$dN
z`phJ4>CP4zMC$tvZ02|-$f7<TJ_reegn=?^{py`eTzUlr)wSjOrmE5rjFtS3s6%MK
z&%OiRejKt^f`lEXZ$4gV3RkU~U%C8C);>JF{&t()j=!Cc;i4KdWOcFC<8b0iN!2=y
zd8t(q-aB$_G{|Ko8ONZncER0!4Bs^~niq+<Lhki?rpV~XHaB)jQ`lw?z91*D0;uHf
z#;A?-Yuqh~Bp=;td8w(+#Qqw^ge@?~w|m(?;+UvmEf7QK|I;7xp0rV0&yA3RmHan9
zF>_rvG4hz26zo2Pc9SzDF5s%r3(ZQ$0PB+vZX4<@+XtkQeM$KQ*zYl#i+{C_o~yry
z-(^1&zsn~NtH15f!gz(-50~Ur@V*IuzA!i>pNn+}_I$LaUs)Xsx}gDl?z=E`Q?Wa>
z{{5Ag5H~}!$N~Gn5AVCye>^&ptM8m_6B^FW*mjafjpCl~R@^hVwIcSOF8AhQ$ir6^
z=8%n&pI6Ff!1sU2IuD{E3z*B%9O~EDF%NF?k_4-36M@t6zrW@`+Kh7i{q;0May2)4
za&aWgi(Ks9^Pt7`rmfo<Rzw^ZxO&sxTc}w1w<=s|AqZ=G<95rGx0m9wt#-+nu47<l
zm|XBb$>RlLOThD)9=wxLRx-B_6W3DJ1uvd9yEIu~?P(v>Xm@t{nOcFMuwCy3w_uwJ
z?7Toln)tA|Gs=uN?J(5l*6z!D9(ny!SBt%PCtKgPZ#vAiI?A8=^gi2S(4VtIxM(iF
zth{clNafP4HvvZA<3l^k)-rFx?v!iW)vO1&-@SRGUmxCP_vnLQJa|9qqxh>QC$sE3
zl#aLh{B(Fnd4KawvRtZ{5CA>=Wm!h}%sY}PTT`G=UHQ(~*`XRGLxFHTW1^qVvfyo-
zOtV->1z$pbVC2&j@s1aSn!!;caKnv|()NI?!Eo%&8zD!H$T7d|kNjA0^CI-g<u5sX
zq-=Bk%FA*%jGuJ;l>1dq=uFK}@+X+oo2+zk`_B3^+tp`Jc?xOXYJYH~^K_$f#N*_W
zE#;x(3QG-dg+BGH<lO$*{y=`uMJI0!FQ0C<_Soy*{Q29e;W0{QV+0*te0qOodIj;q
zAI`{lDt(cEeI`TSei7W0PCLBWo-ZzkWg~wJzNMz`ye)QS?Pmrq<%{606Z$h#b0TN@
zA9Q7(XcyyHQT==W>~=f3t7N??{iYb$W!jpP$|X{vVnIH3x`iw8e&P+`w-Oa4`K1;_
ztNXXj^yLO<uD)?F5>K7aGtG7GPEt_Qyv6C+u3h8tavi@a&MO&#K9^_9tjJ&4vaw*l
z+KE0n#}9W?mAkI}s#U0k;E!lNelz2+zPA;4Y3;nlDchsrpm0^UGtcL1u6hmM8n)i3
zdmgojaaga~ZJfH2kT`nod}WcD>&Hl|;n}V$85TR$6>d}B-$XpeAOd0Z2Syd#GCw1)
z=e}S@mj<@N+Y%rrrurX}J`7~Nj{3U))O*qGP2nzxB;$LHCLNIaJ<!zkoAORiMTdg(
zi<J}Mh;XS-wkO~1IsC>_qMom*RL0!BX=99hsQbNQPonklaU?gtpJ!@fhxok$@6T5w
zKA&yjC~~>C`)0e;&gPbbeh-+7qMs4yS2H@Tr}9<oG0FPVWbbzVxoGi?CYczeakr$U
z?XQl(J2NGRMH=NA6dv{IhZoM>VwbNUSQ1q+NvEb5AqoO1GkYJjjqz{`=?hN>GFE`E
ztj8n<H!po9#b1~m-$>w=9=yMHIV3U}yLOMypiWM&p!8y{d)<8<Z@=m@<$7QaLz*=E
z=Lgz7U^NX;Gk&@c^z_t?i=pG+8%ONx7PfmOHkurLt)jYjjp4c|=SRJ}<u}G|p+6gM
zg(W?H*ta|A%t$|ryjrZfwvRc7eK-;Ek73<>oug!M0cnXVV@_fG#hjQH`z@!bQHP6X
zz-k+pj}e?cCc%%Nji>%PR{67^1$X9$o$mF(;XUqL`rMCy&MQp%7GIotx7{lV9eGu9
ze|S3l{IB`ZEiG?Z!#ct6oTByZ^3boJ=1rb_Da$?Q;-T34Kr-=SpU3UnY;x9CDlHy7
z(q7H&u1c@ZUO2ASs0eMC3s4es3DP&!m8l8|b2zno6&c=kQ{&_5Cl67#ZyOweZ=A$S
z`+ffoIXkiOu>ZB2;DtAR)13i_L=P``@>Hu<=kD2MUdZL=U96Uh4VGCx@6Qs&H*kk-
zIdMnAuXp-oj@2O(OY5!gSHGOo3Kpz+PH|5>#GmXVYdu|Lt3?t%V_PJkVmb#qm)@oO
z&{{E_a%3pY^>m-f9NqFucK`24u20H)^VuoM3naZhbq410rzw*;gxe{fSN8&>&$vUr
zT^+ku2-Wd`?uM21nS{@{^G3Mp$tP%h|3@>?*|(qS@m<;q*c&TCwY*Y|yiQZTu4pOq
zCqw&AllawYo^KRg(>ge8Bmz7^ZiM|5e_HE6MoagTsc&(g2W)3r(beqRP<p~^9U)!)
zzB}m&J118tfgQZ6bCdc|MUOpBgk}H3TDmkZ^&(Vl_6{0i;byRHoV-aqs59kzz6mjZ
zSUX~%$jB**P_%-><rBPqGnE`JyBSr8GcF$a^z8%vmUq>-NjlVZydlG5Yj{?<=ESO%
z1b^~r)L}L9jr1oO_2rN+hsC_7OcZ}5A-rav#eS%_zr4jNv08WZe#`U+KatY=ugV;*
z$a%COt9NL}Z5yC!=bGRSF7h>IUbDuI=RPHbc(O82?gVmvZanBi^517|x#c214f{rp
zmD&9CV<fqtR`t;J{IPR-w~NiUb~z(0CZze>7dm36G(*VZ_Lo;ZwOyw_xHQ2$@1@s0
zsTWM~^nP`oMEmm9Bz(g)VW8cj=EX01i|gfjG0FIy3<dsVdZzfIlV$V8HzR2wPc`^M
z=?ioPx3>jd6AE2F7Zmp-YTi@IlP-To#SsKA%5Mb;pOTJ@q%4~FD`()q?_awoB|L^2
z=0Bh1f@mA7Z-?1$m6*%JavaPWyGy1Y?cK7-NZGkfG}7J*!n{usxn>$$s3GQr-%fB1
zSbCn1v_fgezg(FbtT?+L68U7SAR>?Ah>`wn@U|A~dfrWp{gVgJI>T+Ww<dPk_WFZ>
z&()LZ=}lIcF`nkB6BmbgQ)JGBfF(vJ)`Pl&$S(dhj?!8`yDiD(s>(mRUoSi#OH;Mo
z>r%CKJAdOTWL!%_UkCoU{Ra31LBsNla(58y#mOLxAk4;W&^22u@&0+_I~`S}H!de#
zEBTczYuaBb8MjP|si`A#OWyj})=c|oYG`cgTpS`dh-HMoE^nOt;r>*vpEl&L>hbi>
z=`We5m7a82nFn5ZZy~Y!((Ucp+&DQ~n%;4o?Q^MLPGd%eR}@e9+fIp{;q<nB+v)0W
zTce&m5KynG(RH7aU>?|h<Bn(j<iPxkm-@;-e~k~UF9w7)s*nD<#Bck1!p9cbc<254
ziw7AA(;`_GFGYXHXQp2-b<;Kq$q9e*)x<LOicDVaPxlSgE8;3o9z!G`B1Y=hGS#1g
zgFsff5l`K&e>xI;#qIw0^kYx+L^-b|bIEA+Jh=o8&dYe)pzm><31W<S4BJ`u9<vQb
zwI8!5*oBtiALSQuWFtEEWibYNdvV?&bEnVd2F@7_yQ71e^@_NxW0zvO7~UGyW1b&5
z)ycNa7vdA6z84-k7}H!2dWED9Gt_r5%@+@z>On$yc513dwX4ULyieH^_7>SwqMChJ
zQs~Va>?!mnotUmRCnJ{{<}aV>vBb5c3&Id`)>&C~a>s1}397@Hm@fDY-B{q^9F)k`
z7-H3`dJMU00q_)jl6yi#+oIiY@800&zUANalMNNr3*}jA#v~ur^W{{r!PBycnzNCF
z*>Yr8z8a=aDG4OgoWD(vt-{kZ^lF|2&I;!@`_3D(=O5@V-E`4UJz(F9F5;MkEVVcg
zZSzB-*9w0->Ts>Bn}x-=8|c@^b-{11q1_-K>Jtpf^#@$)<mR)H>T?}!H?+`hu=gnm
zP)d0981tTyJt1U-{|mO8p*Vk4E_nD2{zxd7-Ze~^QbVZF(qTP5I8QzsiZ|8HpK*H`
zyJ)y^c{xrEO%BV~<Q!#0Z$I#pC10b7H-w&A%0~MWd+?p7hjB5s_zOrAIQ9Y@qe^Ua
zslnOs+Y{DC1SP0@54lpJ!mqp3K(Gy^!jMoQJ-)WXGTimC-kRs=u^He1hGYXpVb~^a
z9URCg_=<`TMDakVNwNU~2Wo`*APHcYMUE7D{aHY%z5O~OH`AHojwt%f1ETKdKUSa6
zBroYh)X8frfXBk*xKrq%#(x~)Ip%*1L8#XfR40#KL%Tr>4%-uowngj-*|isz-4Xfb
zr`u5y>!Oa6-C_EALTw^4t*oS&wO@X4v3xca)6g;K2e3MsBxNLbFos>TtR4&T=Cmg?
z2LZOjih>#VJ&YT(AWFfIP;VP-IM=~AYk>h|SXYlhRajGv2lfN~w!(%l*hDk=^Hrh;
zV4eGdsd1yRUB-RVfGZXrxzvCN&qeZ)zJA7Bz{Ag(U_D-E#f5tRHi3uCq`*A9jXsVq
zb$y=pnh5I+2|g(0@jd1FPORmhZBxIw$l*YAm-VoZ-^ZfuAQSkBB{S1d-9WgkOl!in
z=bI9SKFC0L)@U$HMDO6((iM!f9u-Yq(qr;C=Hpvf^FwpCb^N9!7U~5S>1UVbF<rh#
zjr~3&1C7QQ;!Dz)8nGq4269n8jypp(e=l0pKp&!e{vW75mLp{IcZ(xsb9PFga=K?<
z$PXF6DZo?MyKm*Ub9WdaevnbkWSG9jKH21nw#7HP?28d>K$V;@*3{T$j6bmgFGmF9
z=K?wrBK@L{LPD|G(ao3&v^jCe<uoUCKW+fy8@Gmr#ksqz^&Nu|`|x57eCkF0<J^^;
zIJVSS-Pn0N5@X~tpt!))CX|7`#8qI<SA(YnH#k%<D7K6dk`b?;z8+^KJJ{wD15*|)
ziofm0C&MyetIrg3<cCYjaFzkFdP-*jLSy$MNm4dA#)R5HG8`zb4K4($b?nEoBTUZ#
zV_8R`;FvYEZmc_A5YIue_2YY}Va6!)*I*rutw3M%Gtv|C0g|v8(=|eJVy~8^f&C6W
z%!#GNSzyeo*)50XA|)GSBBdLI@>zP&bYO%e+cZSAta{NiBBl<12Xl?ckJoDePqE7d
zOKm~fajq<r7%lX9Vi?}X?@&HRNDOaV-VRHHOiOYAt9+F^ZU7gD0Bryg_hRbfka`8%
zKE%6z{-OtF)dH2=lNjCT>^KCQP;3!r4;m5&VMXv;N1NF!(u6|UDDK3EeteO_V+1oM
zrv_IQXLj5?{x<Or{zwBzh8<jp(HAlXP!@4+uxfH<u(bKIy}+CT6!Hej6u%xHgTFz#
z1x(YURBNTlRSN<mYBX>=ax0%7&W`gSuDcjec!?rJ2|w8eZW)eEK)jjFh5Z;Tn+gUT
zYl{yiKD~Jvq{jmnkl{qJrN%(HaNLaRogg`5SyG%0R~h=Ii!ILzJCcJNJ&#_;2M~|q
zC()WQ^Y}-2D?BO=#|F;t+Gi)G;j!pN7m@B=E<-6t?iU!l*mZ!f4sV9G1_J5`#obSU
zCQDhux7X_9Kyv(WvB=Y*?4ddo4*=Sv3z%Y5&Bx%0JOP-(3U7lBiGi|1c^GOGRX@#8
zQ3^j`i*-CS7R81TvW{U2DIaf3(Pm#~HIz1lM9NXv{EQleBH8u$Hn@7wSOA(FQ5uhk
zVe)(#G!2XCiKe1G@M57-p(>$r4SMbS*ZuS<0Yn+%GrSZLiy6T9`^i#*h{uUV=pj6u
zcn05!KZBpG)vMx!2(}3t@<!^0N>Jc_Cn(pdMQLJVpcx(?b`%$bmtsV`07#0!zpD5K
zM<+&y#39)sXY*<W4do2Q4aFaF8(_{8f8y6LP>zt;O)i`e;|xWP7>I|(;<%t}3@ts@
z8Fq$NXneu;5`G@@S`zn&9m%E10pWCJH5QiPC}L~lG8Au-h?JoC0KPud@WmlATWFDU
zhAUMkW%K(h8oC+djp;b9hhsAqq1h76@p_>`lsETCQD+^C^1Aj`uEO!h0LvjUOg1RX
zm(Rseb`aoT4K5VOSfWKXQY2K9a)VeN2(TsNyYO0=AixW(ejNEMI3UiT?8+Z0sdAw*
z6boW9ej0C!{-s~;ORRA*7~?ABF64D)VX!s`If7DSCo$7_Dw>yg&kqEg!rmyeUYfrB
z4PS#N;YBejF=ep>7$^&t1;$gz?hK@SNNg#d3iPnTt6(;xb)7ZZ)Oy0SLctVSV(;-`
zNGy^I!DcL(&xYj&yFxZoFkSe2fVZrx*=a{Y<wK1^RVm{A9XzT%d-xglNlZ~p*WO%k
zTm-soaB+&i?XclO`0!|qN;HJi0BwZ7M0DNOt764+Rk2rb__E@7H#mK{K#i>1@<a~5
zckHCN>}YAsXv}DI5la<2f^CLP?&dQJW+^)H!|W7WAxmnUED+<D{4k(H&@nD&?lzVd
z&K9mIez>sV>x^w{A_p;fTNv8FrruT?By1n)tHvgQn{JYv3Ki{cb`j~=6^vX$`XRX0
z+ibO(xYl_ikK0FTE*j1vHy=Bm4>Kh<CqOy&qJ3HSVqq+0Xjn{0EYcaBGnKrVADb9m
z#RdjSKn)%WB=B+qFfDlkRac&<?Wa2?1P2jV@+AB#Ig5mxg`8O{*>PMx94G;y*pTQu
zXr;RRQv5c?8!d}J9Li3yCc*$?`!5AJa~E=_#%Xf<0;;N@A+hz*i5kE2Ij}4UmNtPY
z_BL)nFZO)4P4-O=o7=GmOy2GYyga@R@8-v5C_xjq=R(4s9&l^2Wye*q+pzawf{8G+
z5OLX~9O0)Fs;|cZpa20VxP@Z*u@~rZHr!?yK_HDL(Wi(K!~(o5-iO$^eT@k~^CyBZ
z(r9TkuOBp&KXfYK2eg5U#!3kQ!bjLolXAh2&v2FP2Q-xHB~5G(g1&&>i%!9q6YYt{
z)dGb9@~aR62T(`_3c0MK*YUmp2ujLTCjJe65x<5G!s7s!B3QXGW{&?HaN7aFc8@4U
zJb|ZZ`nPiVvY>daqoLfstYyG}r0n9zjUKud5MHN&<i1A?AU5OA64SC3P%dDg9CA#t
zF+^lIi&jnHm<r4(VhY{>^ZV@Q5I@1tg3FqELU2e6Yvc$1MWrqN88)~~K2TW^ER~Ki
zWTDiUh>MYUF$#z7L~|0zQVvZ48FI9M9R(`M#jU`sDcK@u$Ql_NdjOQw5z|N)1N--8
z5nxh`H>N%&JB0#h!7Esf5QYFCB&HPRyiMtG;Mmb53SdhWyurmt=O0je&MHw7Q0Phq
zt}+#j{n&u~mjF8O7Pg4&YR&<3kSN|+xCpcha%P+1ZIiW>>!ffRayU-JA8=Q(Avt|n
z23%4gyP!gl1~-niP<al>B^A!UL!F?65d(x_hjxJlf$mcZFyFz@CluOlmLrG{h*E$I
zE;%U^IxwYA<MYsK=uKd<FKq`d@&O=@h4NDj{H}MFl`t?+uD$38bSu73_y?3CMYJZ~
zJL!<P|MLOhZXrhjxQwAh3%h#U`Vi1H2$)oE5w(fE5&)|qkm_1~CmJ9vGLg5{Rv|K+
zx<IhT;X5?V=y95?W*AW1Xf%^GHO3PbbHI&b+2CRdwFpJ-WR)YT!7b-ARe-X}J;PQQ
zA-)QU<fpI$^;wQMRsn=w3b5Lx;|uW4C&PHK29@XOad|*_$;P;2I!XW(VR&AA1bPu~
zOw<;})d3AzE{RDXNB%F)i3fml*3f$~(wIrW9@icL7de62>H~xpH;`tI2CJ~;xMmEL
z9VjDwsc|+N=jd@*ZWXjQ`i^Nhx-YRaWd9n|MO41CbYE{tO*TGMoBED+p{MyQ&pX|`
zUhulj5B{jU<mWGcQ|U@lZy8Fto0hiD<=gdMGi4}zcqL?XrRTLHy}=sRf`FX(eGr>q
zyzf=n_6zqm492v6g*sse4T`r$+^K8}MKR5n`G-4whkuS9Olq&O&IlhEJYFmtKmp7S
z(61o+U^v?{w^if8ZA9L^))+7CQS8Z`=AhlO-FmNID*wc^;Vo%rqduanY71wzmsNre
zx)K@>%nRD=nI}Pj+%_lh-;p$DW7}Lx$rXQk*?m5Ts~jE8LOGRb{&Js^@3-myiCo>O
zW9SSWJX0}c3^mc#CXj#RZ<3mN5wq|uSor|zUhC!LC(pk7j;^HaDmGuFs(tUOGC+L(
z(<x(K=sY8FaTUC_hOn=MU#W$^G3_ux-6|{k4lticd8Ij4PWPfe%H2I_yll2t3LHbL
zqP^yIMO%GmZD*;<8up>S5dizF-)7Bs<O6n`gT5sk*8{5@L3;h#%e+5!jCra6e!W(%
z+_d8o-R3%gnqSuc*sAXWe*dr0Qmhl<>+l`#po5^?U2`QVowLl<#|PJj!rzJrO4s4a
zt)cH6m^Vsh2Y2mY@Pi#>e`WUZZ`Idme@trhGw&-BDP_n2ob>^9aQ#P75Ok^NrX4(Y
z_l}a(@DA)?YXnfj$+lQi&z9N5_zRKy4qp`J(&AqqAm4qhk~RvZ1)YtmnRzI<!|6F!
zzp(24M_aFu3ot)rMp_eNiN}d*Am7~f(X=Cnl-))zC{95sHp^84Z?}8irl3qi==S+e
zP`eV>Qp#UHG+kNdmpDik4O)SftT8pPl~}cJe)nkQ70^GfhHt`OAud+J8!KslxWiE)
zuQctK_x|~sh0Aq}sxhu6@>FW-jlduOjT)m_0U*R)BQiG*sDabFYK2Zn`;uA9{k1BX
zzZ2d2m*$K6W6K9WOGm(K(naw=n2`R445-mz8G437G5h0`qAAuWOwJl^rD>b#<wRY_
zR-)9u`Msq*{x=XkH4=b8JSbb8z*##nk-PcpU%?M=ApRJbzI1k(Uq=e@*CHjpDLX|9
zg14D}u0*ZqezjTI*_}sb0=73Zid0{%GPFZApR+?OHXgXqR{_{MSN>wz46jLol~th_
zKUa1lwAVZ=wDVV>k5@Lo0j~MH_DWMv6y?Jx`4ikYvI$^wIDHopT-jz{<t>-U=+F=h
zr~mwuT@e<qAV1dDCW`=h+=YNfm;M@vP6Vv2^WZPsR)2wmZ}erepaa#R@I?_p&taI;
zfi2+M!hNehOsKy)ZI3E21NSnRjZHM~UpCqI$I6+>t2<o>t9*c^|3U1~_gVly$WgBY
zZ<p65{_22gl>!nH?ubMDSnl`r52l9z`Lw~j|0hyrHP1uaLW#7VpaVCf{hqJj{6@yw
zQq{oYb(>nb)<0oycLfOh3P`xvFm9V`^l#WtdY*#@&EOZa|700)$plvYjdty?vwUOV
z_0}*bbLH2{-u+)V03VT&1L%y!3H(=QBLv?;&;U0UQD6-%9|si!G7iocz;Dzd&H=C{
zU^mJjqXgZnKtLWK*LJ$#93KIXK4w}1;}c+hMmwC+S%0(|-^6<YX!}qa@IQeGZ65*H
zw3$BuYg1Ke)(cD#CuS9vsnoQE(r$)a0EYgX<b+Yb-ct>To4TQY>jGVNI2QiNhe$F5
zlA9do_s50w3qdO(E8kJ4n~O|=ZU>rw#>aJ5U8GUJ{XxVKLxD+Dpj4_M{#+@#csmm|
zf?xlWp9F;e_nN~@uGi<6HvhN__0RSzpcG}VRiac2+Qwj|>_D;Essh4=JRd6aKlCQ$
z@@tr^;osOq0Y`<rVj=|!{|*lA)dqZ@i}+K+=%!--4a;$aA{USq3>#g>w?7JJwQvA$
zNg0fTz-JoFZv?oCl9a@Oc@(1*P+zARdZmxqF;j155s<l;r8GV!csFYy|B%2Jv;d?x
z>03b#l_Twbo#w|kQFk{hIf5-KHZ7-HKN^e}t!|7@tL2408l=9;l8<M>ScnX&;fMUK
zg{<{L^@a5HP4Q<A^9vmzkGXIdqvarS@|XbYkefr1^t{T#m1&0NzUL-mmD=`x_5H#7
z2k%h~@s2NhA&xV5X{yb2t(Y%#t!!OMT)#yfowFJhPt~o~rKzJT*9E@}ApoXGjit{3
z(>6@Q_cS9Ld7r9QbppXqbMd9PY2=b4oWiJqVHu<W!#^F`pixGKOlf7Bw&0UT>phEB
z-LTq{bwN2K&Z(NwCOolOAj-(&>i9+9HgIL`R`SBE<6PGm`%YJl=SRIx8p7fE2+Ry|
z)9^jeXAeSw0=QsU(YN%O2&eu1$%t3X8R#q(VBBCz12kxD6k<(@krJ5v4fzAEc+`u^
zkFYmpI<iD`=svzSDQ#$sh$b&>DbK4MG=0$>yM+MQj7y8cQZ<<Ki{w8RFvE_Lx$f*i
z5ghA1lnh{~VUR|2>#SXP2EZQ<e=JN(Bx#*F{N*F!0$>&^*e@~{aumwljZ?wz%`@|f
z&@+d1$Pf$;d7F`(dWa)Z;(uTNYk~hCEYL|&H_mp$R~`Ak^6G~9A59U|`QK>&Ukm&{
zWPuy)o~J^C3Q=<f(YWmgU7n;3I`dSIr~i)dE}W`5x)xe&)<2)zXcz&hA~D;nQAlp;
zyUj2R;{$Ne*kVzED?);R^``Yp?@(y~V-7ZsuJjC5v4-%vw4aS;JoQ2q{U8}?5vro;
z&x(GLswZY#*7kUco`ecLbAN=G9a$u0g3*jE&z(JvCc40vu2TOn2`ov45A<h_4%N`W
zcH@*1pbxuoZ`Q7$R2H@d8G(Gz`vj<+9H?{A!Ej(H$gsi(8ut-r3zwU)nHL{{7il6B
z8wJR}+iHqNNXNMD>~k<=+RDCCB%5e~2xmDELWrPQLmie9xHG?kVRV~`x1G=StsW{I
zsAY^$?!0Bno!G;bx*%@NV;S*<P`MMxB_n<^xUHNx39Ja_Nl3=_#iTN7daBv??L^G4
zP1ZIJY}IB)L@O|L>cAUX`Zh`p+~#uH9F5__ajjqXMt6huxh4;g19=2SGc{<x9`UAy
z>BCKZ)xFk4oBd}i(FJjSKJPO<L2?nsLLHETRjq3x-b6Cm1juuz=tl8gsGk0TrL95c
z8HVo!-1P~aZ46gN;vPDnj{UO>CSV`XM!OOB#)>$p+fpcdY|#=#4T4(2FrIeX=&mgZ
zP}N)zRJ+}S(ly`e-H4s4SUSvd!}sAy!&Ea<CY^s7Ri#R+&jk&-+@UubdLy1qPA~|g
z{iDoU7v_g5HClBcLQt*>MKS6gb)~^C%woMF;vV6&{K9TA=J}Xys!Wn3sTdi@^o}&a
zGCO)aBe6o{rM7pIHj~m1)rtnRn4=UqBe+JX(LY54E-2!o1eEImb8>NaY3m__nc9y1
zwJ7~CkJ(@t0e?37ncldWiG?ho8719&YX>lz_5MMaFrmuvTO`-tu=#4|!eB_Z!vA0(
zI~G1G+Ek_WOw8c@sk4-QxlCph-KboZNnONU@C(bB9^G%r+uhdnJ@yD#0DYnw?Ro$0
zHgk6`CVYaiEI<XE{9;;V!e#8h=-3#{We=%y_)8_q1(7pt2Q=P8ND_vk-r~NKxh4sX
zfLozatD39(h$r-Q7wFx+GJts;gkcyq`_^HqclXrBU~YT0e;Q$I5rK%c3x5zZ-elDS
z1EYZE4H%kX91MFH=bA^4azUg{Yfie1on^+*F9t&%0qem%iVGrP8U{43GF^N(>Zi+q
zmE{3KnpQN8{I?MRTlOC+W*YS$Drb81zg@OlXC>B|1(FOLE7Nn2Rrm0h1LzoNoQ@HE
z@{s`|FO5fa{7Yqz(L4X8elzAkfH6NZP&^Fm2Gr-|!(Bu*3OSuU^%n+!vg$un+H}u<
zsDx?Uzm)Grh!BvZx0o<CK;DIa<rR7Cng2@xdfWVmy0>@pUn-CK0bveA#xB!?hzN!R
z$GKK8<LJ+)i>CjTS2$h&A1Zko`!D6Yu{je|L1t!2GEi&)Nap{51kd~zq~?F9v}v>d
zP=F=>rF=JZQSkFr=BfY_#tFbI{U4a`{s(5&|G=#KFU%<{5G;UMxB!W9zJJXE`9z(U
z7Pv!)5U{n>-~UoT9a;I88lvxpJowXvsQ_rkjQUrzC_)>JtK$}vn;J-f)BmMX2*!+m
zDK!G)Un(LH#asvCrGkk%OoPo+>*(Jk$!32_tnW{<r{|yC=9fY^P6G8|shEjspwM?m
zXQOtZkydih?K7+N-OYCDnkW5g5hQoJ2hzSjlu=BF^DKGV9HZTeVt7}t(*?6Vx3l4e
zJ-gemLJ}?e1QwUD6m^(rZ~}{9Y~F}!E5<?vzeL$!7st2P*tc}^wr!vFL~<nJ_j3&M
zpdd9G_iq}_Z-!xvxBb2KfzczzC<#LZ5e~j@M`&OPHpe2T1MBF?YZjXsc%V>i-lW`n
z<V&Q`z}=v1&oyKPQSR?sVanwO!)@HT*~%}vp@wi@Hl|=P!}mI+-ja@c9JR6!&Gua1
zd)^MwS>HP}=1zrX)<dZh3D7sdwrG@D=E?{i*hTl05JwBWDfY#5pL50%_nDKA4X>Nk
zGaqUFVotiyM=AOf4Dw_@J$s;$$xx!K;Si7Hm;~=EW+6AzNw2DKDPw{uAcutEYw=qT
zX^~f56L%>4E;De}2_#VdsY&hi_aowZ7~G42VfUEV685C1$lvRl?UdQA4|M2TKNt|Z
z^X_w7ADBU`ARt0|w!ve8VZWh>4@5H{73TMRzrr00*I|sr_CI^3$vK+_!!@SO%Klnd
z6BBxK1L0U`#Pk$na6a;_eng+!ddPg=v;8QX2J)m}57Cxdy7%r=x3vJG3t>piPGmt%
z&q1*VqPvEW(M^<qTs?G<2@GEp6!oNuk$umQsT2w)i6r2Pfl{$i1Y@ImK10|{YDUv*
z{h74%IWqP5=TTc&c8^U&!2{IZIjYmX?N2$#_jOOA9%Iq#BolbLovB;LTqAiB$Cwxd
z;2h@Wv6gqhXrxpAVP6o9B}C~z)9`-cK<)l^1Rv}xun$}U{R5#o&p6Z0&HmMS>lMSX
za0tq@n1%c)uzT`;jZN4qvw4NS8@0JL3?|PnCbN`i@n<)^H|kiJ#dJ@AJ?LkWcHfX}
z9SiH2qI^YvwwLSv^l$}V#Qs^?%__j*^|);pW|V9`bn3&t&p-4b-OMeAfG`~ftQds=
zDl&2jLZk1nQRu-b4ET3L<_X<QB<hX}<J)FN(R&<%FO*4pl#j^m+BQ3D8B#-C^|2&n
zBs3JGkdM3@lcD-0HDM40s$1C@Uw=ktlZut5Z`#a^Zn|yGqh8e{BPn;{P&&!Tv93AD
zFKr!?z~23bb6QWN@<NO1y&lf(8NaT{!5UZAI6#amYLdY;?>I<aXUe)8$we2qJmCDg
zCVB7nXlU=;dT>o>)2R2uIjV6vDN5b=AvlG3@Tpt5kk~8*b0dv4+qdl6R*vr1hORlO
z7dCwaMC$|c>%+c|tx?8xrK9NV>m8RW!BaL59+E3yU&m+++KX?Vq|#>l$Ym`6*?Tpq
zJj%GJR32{o!ZWK#lG+&^(hNwNUS%_v1;~Dl1@Pp-@Agv%726`fDL8l&MxF5poZ=gJ
zrY)_@bJLA9TJ?RbQxrv4(JG2;r_3j^FhkG?E=m;(^Dr?3aU5C18_G#!MWgt}xFh+9
z6|5+JA~y@u6J5kgQ$pi7Xtp-}^9YVmR^oazlBEqqWRFI$6FZ`D+!WDhrT`Jf%8<vG
z(H_e|`H83T%`7MxKORb5G>(-5Wn~E9HCY+TcnC`{Tp5Xw0~oT|QdyYFcwJUFHy*^o
zsEUU2Q#4tbEY<T1q!AV<w;w+s2gJ^}iI&F$!X?m~?6gy8K(GL%8Mrx0Bd9Eqr0@o;
zC;>kX%FRDwKr9Fmq8$qYOtdjnLi%#h9MJ>Odu$93G%wzc9j=S#k7n`^!7K>r>d*&r
zOm;MuwS|Ksgf?US3spQC!bUSjGdYPzqao}xBQ$h(&&7y+iYt<XsDp>G(+r}aEEEO2
z84I8`k_GAx9^?i9!u5fBl6EX`Eqn+&BdL8J#sYLUM<dx75_l9V?I;?-O)=N~P0~Qy
zut$pGm)Lz+o!MKYiRaNhEKEK;g1|!(FiY}0YeLIE+KDwVnOZ2{9``gbp~aT|raU>?
z87SN3v}0(Nv;<rNcvDgjY5K)CbP3NTq#m*|OS&T~FCkMW@maQxix3>&&>`%GJlg4O
zmK2qGh$<^Dq-Qd<!sGu{crIH;ej^}WZ=pPBF6n6JHM1ndZyx_a;kkyRoxEmA5x~`;
z_|TlAotl8;r$;-XAwO<!1(@-S3eOpv@nD7BI)qEsc)kV3KTkcBmwHG=R{jgnB_w_<
zIDXl{L_kKK&Fmxef>{!`jJ$$b(wMM<fBa#6lYBtpI*)(1uv?Gt+<CJkSYSLQ$SlcD
z&xFQrmW1>B0o;K|Jyi8Lp7IE2)i-IG5S}{&GyqTvj&`oe%Fp0=NSDl#boEUP7kK=K
zh38z&KKlCx#Z$6V5BUOv*#Un-;whu4hc^A<L+g)rZk{#C2O8>A4>195oPkLTpuwI@
zopKvac#b{w5Co9*{Aee_FP>6;w9`yR9*(=VMj4TnhyM~Tndhll=BZiWsUh&x%<<H$
z^3?q1Apz=u0n-DN2w=219+Hi${6=uReMo%hyQA@&JpR9g=Y~=bq2_r=)@Df|`X)4K
zv!p#e6GuM=Q;&)W$~UrTFbfglg3mP>%oJ-nj>>N2`*XYc{>ZL`G_zwtr_;Q(Pvdu^
zG=mpaB^4_nl;q7_I`<n1a{I>p=T};sv9h5ZuORvAB3({Zn->#A_R*KQrdI?KFG&8g
z{W!4@;&8)KsIsV+b#>=1OxZT4>|Sl*@@vbfBLwlcX0G<?pFP1U&Y5F;S?o~ryO~uV
z%`KTG-|r#Be9z~e8L?O1xTM&+9=lTsj*r3Z9&nzPeB3ef8rs+k3O{|Bk7M?jWGaCz
zWMtE#S=+i~ZtGGEuHdsyc0M_xuR+P$YL{|PaR@O2H&7}a1I4XmMt)<j!hxFIi!ZtK
zy*zdNO_bqI$>C=EvPb=|n-_)JFE^PtoQTuY{Nj;C?^Ee=(u~erDZDEJefb!yygi(o
zzBplFVb)QYeL2MabEE3BTH}-HM_2l_k_E!gs;0Mu{Ty`h{#@gm{h483_IZE4bIoT-
zO+@9IuXaAmir|%jYf@TQl0Vh3b-ni5OKe-o{gBafbar`I)>$3-a7wc|IU>@tJUv)M
zvYA@yR}GvQC=|ZtaO%=su{{EWb6QcheO}D>aGC7^YmST{{fIf$Ej`@6aM)#RfPwNo
zX&D^a-U|N|r2P+)gI+NGtxr#UeYZKe*^Uglw_VZAeK&nB$Vlk%`(Y<0)ABUe+7;PT
zFZ0Z%z!x_P+jbP#$ptI@t_PWkEw7uE+%wvsyZNVhN@KDQKSo29*z=}miO*%?zYTMk
z#eIPEa9s*`Jt=!JjUX9m*=>IKnRlax=+8iP*R88w?XAvY1cMIYilv;&W&?8tgnMRh
z)HSh7%0X2!mp-k%Ib&{R3HNN;z+g`Plb*kYDOSNQTo;Oni-en5_ua3B6b>uNNpmKH
zo}LxtbFyil#h6~2Y4G~qS)i8|mmhSNE09+u_L-m9&W2F4GgPIaXAK$f{{8rfe~{tU
z|LN<#qMGWq1pteR{32kZ3W$X!(v%*WA}A$-2?-ENXrY%w3tjvH0V&c0N>f@O37`-_
zNk9dp6MDc<1p*jI=s{_EbME-h8290f`?A-V`&)C3Io5vJ4{PpC2xw<*x5U~tidb0e
zR;bSVu9>y2*@yO?^$LpjR9+E@6Pno!q}3$b>u;kY7kfs?ViE+KqReBX&tkwrZ^0h@
zhigUvcJx548fu!+l}OZ_sz@oW@!xy4h!06<H3|tS`0ePYy(gCK+Xgm0UHj~AdP{*5
zzyv5!welD*-aWt@WymvqOwq&qer7m0$SIn|C28Y0sP*^5MO#Q|&ttV2geiEWQ}MBe
zkr9WqiH5A1S>Dd3`}^xRe>(WpZy=Y};R?CmvfKo9Bu9O`%t-!^#%I(8A4a8nyFPi0
ziD-@z`yQp+-K=e#@3KK<dua?{PTy`}I0q=X($E>oz^(%N%4MET$qhI>oo9v-Ig;og
z13Gheo5*_b1DqPs609a%;0Q@S-(<cqBz%iMmSd4Q{P4p@hrj$*sPckYggQ_VupIJX
z?|E#oK+nRMW?Q-%>0s<smCaR$r>kuJ*thfAb@|Uh6Kg+7@2%A||JHU)4~<IK?%Jw0
z3~#B`bv2^x`adF^|7ea47Zc+qhbkMSULHS;%EkP+^X?01#*0&k!|)Fwp{?jM4L2}&
zDb?s*uAGw8*i}{J!s4N2g}EfR;|T1~G&82g8UXBtV}d(h#l!*m3;m6Gd6LX4aNv&@
z@3eUzoJ-<<ya)u4RD^SsDKoi~SF>h7yoVKK{?MPkw8G5Mo}aIdHR*cO#F)*XxADk<
zjyhlbz9oSSdLX?b>oGDMRM~b7a53luBE)8|ZWwX!b6s)TR4s%48kt+cYD<#4^=*Uc
z+*G80)2=K+ohv|{`SDJ0i+T=d;i1t%^Ll6OUCz-zl`p+RyryP$kD_#zsNKooZ8O=P
zb~C`+3cG1<NuwEWeAP&4`OzXl91oZwAG3}{pI4N<q7N>L_bT`6Xqc9K;;Q=`eNlg=
z+Hg1cKwHi9q40WqQ8Jm*=I3@{Z`xP9rQV@Pa<F@yDzfln;I;Sgw?*U!#J|i0za|QZ
z*Iwiv5mSg-ko1Uf`(yq9F6_F-`n!w~H8k2XQ(JSfrS=L3Y?bZx^quX)M6pU0!*bJ{
z<5S0e?Q4OQb$FVO7J7UA<)NTNhR8$q9-7~*C~gUVuRtGufUEy;hu~>eHL|nj?|5tf
z?l$~KN6%I51j1CsIj=ckWU^<*Z{Kx39Y1drqT*K7<JRsQ#?@B^!;UZYUGlduTbhgG
zljAS9kiy@&U{f{|C75=@CNa|6$%TqmTa~J<)(iIcY<U_U{}iK_7b|euG1F(>2bS$s
z7WS)lio4V=``7(pXV>*aa<@X9j9gBSdv~W5K+T(wOxakJU@C>V41$pF9e4zH>s24X
z3Zwg<fOT85hPauHfkjvP$G{aQcUC63IocI-7R}q5xKC<#FN4P)$&$VMbFi5xjlc5y
zq`kmu>2A9oNkT$vcblX@y0ehB>q3RuGPfG31cKWe9o_<w{2VTRbWOMn1Me@<%ia8z
z$d}V7X`bp*Hjof-&@&`^C9M4cyj~kFWwzpyj2W^swmj@c!c1M8-n*f=$Zep8_c^%f
z*SY-Nqfk7pZ1kbXul8bKuZpFu_Vtf5g^1f+k`e-I@5;FgzEajxY!HE9f+f*py@02*
zXfmgc=Dw;nHt+XFNIpC*of8m2*0*q~jJmxblnPP+5CDRRDWlSQg{0k#OMfL*<KKvc
z@%7!$1#iXPd+3tH(74+tkVjx-0O?HRDLh&w|NB!~n|GikN}V%4Duk$jzmttD7hbXX
z?vVbG=sZzib5CJYj%%%Hm*c)?rP|?T{MJRi0CDh&glbO<NU%UlauK8p(sg)?V8-fe
zcNo3qD)qBc)**dD#OJ*mP<CBqGBY(FR15Dtign;I2z;Vz?(d$O@mPs<GHp1o$d`9y
zMQlSSEi6hlS<C2nSKd&K1V((X`Pn|oURacx2pg?}N4pLbkA}04N=wh{tH9Tn^METP
zZ_G*;Ek@JaUt-&IMOEK|)DV<25Nv=KD_6-5h=4Dd?%~4VjPm-nCQ^=Fh(vXOFS&88
z#sykr)-(f#7Ma`VUbFws=rzfj=*2_uUCGDa5%vQfwW>c4G#Y93#^Xa{wcpNNEL1nu
zkaYH#Qp9|CZUY}$+ev(2_Tx9=Lx^Gqh`^zBk*j5W@6+2{xoKO%-1#HAL&Y?PS>)Ad
zX?B~xNyXjql<8jRj>g_Jg%rR@Tu$QTdR5-Y&%;RVx>}0*T~%26&BCo2Q}`gvWBqzh
ziiNCmokIbwn@!N2&T&g~TRjr-v-Z^565vs9$6?4ju{r$VI&p@$*FvAY*|k?gOxP3s
zywg3KWYMVV&KD=niwh3e;_3jHupd_4vZp63{`__D7%AQ|TV?<iiJQwcpiSP;w3fYl
z>ry2xAlti!KmL5#xqI@@uL+2^-tY;JnlNe8t0qN-0%kav<vNpw&C;(Q`EQTwRG_1F
z_>5E!978n4W|i&kWvJU_ciGMCl-8fDC=*6#4xc1{)x=B<-w-i~ihe#}X290Leqa0o
z8dBC;QW!uZ{B2b5@Dk%2v!AWCQ5FKOR#AEf^eL)J8MyUMw{7x~qh;q-8LikZ$PYGI
z=ZuQ^QnirN=Rp-qV#hr8daP@1$}u^agQ~{791%%FAMro+HU@~EM(dl$BCV&nV-b^D
zxMzx@t1jWUS6)a1o3r9NmLeVc24`id!s43;n&*vkS|L;@>sR3sBnyzNCH$*%1m{b|
zcx((f;%d1mOnoAyO;UzIk!g(S?UNpy&BLE{#Jd(*y4%Fw+!3OlQn=sQb~d>httW6B
z)39Q`mi@?lKsJD2W`d%3kYqe8uJ0WsYfjV*%O@im+)5;6iCW1L4avw0Si9>s@STN`
zSFL*Fk`rH>7gEv}a8G<KLF*6@yg+IjV86H!y0ed*T#7Cq`r%^C*gpxp-c|R4-0T_l
z&9BxsZXN_H);1|tGI6X`Kbi&W2sHZ4|Ky*t<^5#fwmsikz{#jP&uhFrROmb^{R>!J
z=NS=29yr1#2Sy@6aIyz!Z#u8ANoD2T3fRand~3FNja}(9BW6w@P7*jGf8bOaN^>Z=
zgiGDe_{>;0b^HAE$PZj0y5d$fwZ86+Pf0X?hlL!7(j>#|hfX023-mP&Vjf_RCq~a!
z8Ty{wN#fl!^v+ypdkrc+BXWW72Xz2%1rT|E=dA7%=bobzFD1-GV|^C)kJXE*iJhE#
z93wL92_w?fuCLN2Z}%Jg2rBgstA5%FGV;9vh(gQvV~B(2R}uU~jM|y7i_Z>g3p*h3
zwJ8p}Zg<><EAyXAQ@o<Cw{OniDoUQ-KX031B&+&b)2b@T)*wy2lJYw$l+dj-8pL=t
z3Uz2J$pqK>PdY8$&D9YMYHuAfIePgCQYwFy+bLu|C8ATCk9h7fi6}lE4t91Ilv6Jd
zHa)tC-j!lIJ9R*=BOTU{u|6{0d@a&(3i>APURot6A(2Ay0yz-^;__>*gs$J?QAO|)
zw<?J$AT7z3Sx8P7RWY-c3*GfKyfHtTAC$O%2I4Wqv1X_67kZ~4g`?lf<eHa`9$I#{
zKm%&Hw^s4?udGxkY2;k;E5k3#zt&H2g-U_6_Jcdbx6&X19u5a}GYRVhHx&bHe0TsN
zvUk5UOqz(uDt%$sdK!2947vSmP-HYAV;_YX2srxol6tE2B#Hh-8P%usfbw|ECbD{T
zBcVdd9+8^G?6JK{j0F{Z6b>j*GJip&@yloWf79)l04mI$B}A#8RZ5YndkI?bjW2z>
z5`O=cclnyY^8p{Cux4U`O!XS_gLuN?2E5D2rg#qZ0!BGFmnZ_1;;`>hc!khSuXz)<
zWvUn7094S?a%o=Q{Ce?OQBi#ZWN<?=vU|5*;K|~1OeZalEz4v&rsvw5R%+j{kuia>
zY+luW9%<D|PJ_B@qF$ZP9K+a}q_qTXR%){!&eJ4qG)SN3mh#oIN@jlm%U9dOvuZvC
ziI&p8=umpfU1Dq0j2WXSz4IH7b(1cu(St#Oyt`DiSQ*MJWcl)z5jq_FPBV))(B1d_
zT%Z7e&UVD6Q~4(Dvy#Y1fBsw4y&&=QJ_hsk@#!_O%_g0_SabNC8V7gPc2w1wzxwXn
zHhu>89XV4Z<`<+ZCbr+Iw0TON3nEQC<LIyGCV7kVtc9?H#oTr8t^|0SfF;v9d*0CZ
zz)f&g!@N1N;!oc3V;z;=n9gmFp)Od;->EYBWd+9DMHM<T-(Tpym>uj^((-7&^*xbN
zaL4Ec`O@Gegc?^k?ZQ=qj2lj`UL53ym0cO*O7Z2FD;ijzQB?0xA>FXg&Z&`s>pp#3
zNYCXH1BO-8ISQb8{MtTgJbdRR0@aZtIbzZ7>2m2JE6dSzzKf^m$Bt20HX)$;HS&g3
z6NGeHV$BT;k%zW7*(Pe3+;E1sAMreD8ISRpPUi#q{orYK;J7;;5r<iL)Ea!DhzB?p
zIUtb&?4qr>P>OllVa<TOBWX&IP2YNF5Lhhpo5fjxo)4>?^sg;}sZoVp6Md^!=sLj%
z%%+^^0~-w89Op=V<1~nswha#mlxcl=I8RmLLh`)L1wY#+1t>X3Ii9W2z1khCoEzp0
zL8FpOAm|3V|AMMrMA=7@Q?)qSeX{e42do6Z=LIX#6!n3X*z*1hhKBR{!_c~-fiSeT
zC=!OYyAT2^feVJg(DoN1U}zn_r!cg4@@H8*45ujX*5$xIMR8{D3kn>LaY<?lZM|#o
zLQoc3m?|U-wZ{&n1a@+p3Qv|S#y6>dqW7tM`u+aG=lgqMF1FG=Jb|3zv?6=cs3pW)
z{p9EA*O^YhgZh&qxHZ6J-w<EjZQkV*OzH7kHNAq9I%j>cRQiP6L-m|WSKY0MeJC=u
zD!&?qZBnzrp*XE@w)Y~6joBC$%#)KS&L0p3hgvY33Hh8=4dfov)Yo#A8q73ZhpbXf
z|NjAAHP(|%)(oo!ODR}vP&<qZo2^>11a2d@otUQoK@1C_8`N?ZLRzwNWsuuo7GlSG
zOjw!!;1UaMS;)!^U}4QzPag}LSecd^)PK;Dm1)dE%vjHD7M6ph-a$5~C{`x8CF?&}
zJ=TL`VFL?U1(8{3%|h0)o~+D&u$qOef*M$8(ULX6TGpC{xUn8DR;JH%&ncu#=?hd{
zi2UzgE&cH&i!w==J0%O11~&_nrWIpozqpxs)w{Acp+b_wz{1}tS-A_5tnQz-_SGfK
z&bvCL3|x1~W)*c6H{xB(J*8q%LCK?2mv20m@yP4lGhhTXpxjw6;X^9WGD=>*>BN)Q
z!FDJb#ASkzcU7jR1T00WF~+wHVQ~P`o*uDC2I*Nf;-n3=#?~75F(Dr1oif$q=H(3s
z*fHzMa^vbN2_d+m`5CN#=!aFI+5Zv}Sz5!=HKADsYw~{&Ls+?mEUjQo#`uT+moWJp
z6Y5b5Me+Rfj5?Ez0MXpO(6P!>$;n7)1qE)4tuXFWvG6D_VpV5V-e8TbuYY2X%CTlb
zFm}!;0Bh)+Z-ESM!dZnXkd>NqJw;|sm|Po6R}y{(;4XFjA_FO^hsHb16l3M7zT^f-
z83hg}T)DyY@(?spwIu5-K|LESt&tWu3f#k9H10^HAy=*x=T$32X5HsstG33s)CEC#
z4<<(38zXD5Bv%NQ0*7H5oJgt>9NyfG@c0u9&JDxmK16C`ot>8Avk6kxgNCFps56#O
zRHoKy4G{0F4XJ_`yLN@wTQz`_krtj9w6WX-41>y(X|Q%HA78~}GyS$aWn8qKs;n^p
zj&LG6dbTF;?FX+bKN$ZfoRFDO354Q5c6^%Tg2NMCD@HNpH%O*#wX1OeOS1HyEViMq
zAFHfcNG4!M=|SV3n2`m&r%-EevUz#%OX%vDd3nbbTs_1LmE%=4Vyq2i?HRr@!pjvm
z|Kto`@V-RO&gpw3`Hz&^E^QJl6pyb5XeN*A?Nu*9wIiZ^8Y=$P&{Y_U<dbfEhrdMP
zIal;KCrMdTrbdU@KkuuXe%S6FxnHqFb6e%t_UL?(em3tMyGM0Qed9-_zHI5Qad+O+
zcL~fOL7zFmw2|1Q--tib@;$C0zPOhea~m^x-L3C6HVKZA%W>6l%ai8@tK^A&$qIBH
z{FfGiU~4(l=UyGzW;)U}<LR@Thr*9$Y~s{*S1^*S6S2oHzm+MstW?0Bt69og)?#hF
zh5@;~<z6y5UUIVt^QK5XMo4wXnypN3(XfqeAno6{mi51Qc~<u8ANCU`{`_J4_oc<o
LB}wu8nG^p5Et0_*

literal 144485
zcmcF~1y>wR6K)b57ALrd1ee7L?gUsILh_=EySu{@JV>y`ExQDVV8Jzz;O-jSZE<$F
zeE0r_J7><B)2FAptGk}3tEOw3ArAY+|E^b0N4Y+}WHUEUr`F!`Y+!l9cO*&UXrCEB
z7=j|YxSY|yizJ(T|M6Bwp6|2SCj)Jw+Ja9qdgx>rZ)N1v3L{s)f5>G*kocdRzTX|q
z4ZplYZJKuO{*_4lmihiB=hA;o+~;JuxwZA_{Hn)1Vjf-Y12)rlGN!j&P$CAfp_SZ+
z6-GHsf}_0gR`I(V;VI|lQ>`bwkA#G@P(eqXZ_d|kog$m_omE7wjV>3CtO8$K(Xcc=
zsM1Spgxo(USi&eU_aB7i?}%nhYyPfvCHMBXNgf&Fg?O1-q3)NikOfZyolK<PR_TPC
z`=0*rRtk6^EYvTh*242r{MNgeHV4!{+~>FPo&LN~Q#*L@zUXWULrWP@rxkME>(btg
zOl&&K$mmg>!=1c=pa?_8HCVvnb_{Eht3^S5pHJ})LVnk`^?#)j1z*f}Zw>$g#rId9
z_IdkicqujHgAxSX5-9U67eyZMw2|9X*ZDUht9rr11y7uvn`NC%7(r`$grcygI+GDp
z%XhvIf%1cgC!cl#x>UivkjtH*URCAv>6<5)5c&Q@I`QD;rwgA$o7Tn0%B8AfQxv8q
z^eki=>+Xx+e@2VGc1V|y@e>8a=2hFZy<7mHOK+yPhwuUFU%T)~;)H>^oOS;X?_I};
zoF#kK4a}sdrDID)9J%z9x)fKeOKO5g<s(Zs9J!Y7V$q*^lw@Xk+PKMVo*F`>8qk?M
zo(OZ-@-`R=xe^TYH~Ww}bt=k<;ulNaL59ofJPkj|Z_y$D-eK3Ky}7#UXpxm(mE#@)
zmWhY{a=VD|p-H3?qC_1E`^in#)P6Ow6ZE`*YC}FZFP7!wM;%$#eogW}2+m;k{+UYV
zq-Z$tvHtb{&&N}zi=@K-H%eDR8e3Mh)aZZS{B6l~{?vKyA6>>q2X10dsn(b~0-AW}
zOSMonzjC8dD&UK1rZeTesxa?2aH%4dWb>g)6@0}`i^(C^qA!%ul^gY>&C1caY$FhC
z;&%fig25kh?X+bhe39BtN=qt5r{+31nq}?j>g;&dVe>mY;^(S_TfIa*8T+6BGswRs
zMRr3Cyjs%4dU?=mTlZ+T+%#$41fCo_ET;%x7^i!P$$<|I6Fs{jps&Ly>pf_@#J-#W
ztrq``>^02Ez1rNHg!g#bxQW}D6{q8Hw3*onYJfANPII!uzTu23CnN$MYxN^4YANkr
zrp2{#KB3TEp`Bi~+;et^<a^Xbw!T*x9}y|b)?XgMol$pCRy7n?DPzSnr*I2l-Tu4B
zi}(0WU-j&@D2xG{Ni~${+d4-V5I5r74Em~Mi#cMellh)5zqwY<O0y>SmOo`R$q-{H
z#=SC0XW|rEl;`+Iqko9l_2--4DQMFv8s0zCLF<;Z;#4JhZJS*wzqjxR#Q*Z*afh))
z$*4QCTeIR+#hL8qKwFr<n+87JzC3s7Bc!bf5_S0wzh)n8xlWQvqlgV2kU(fCurp~Q
z#0e5*zJ5FKGhB6tbH6BjOvrZfm6!ZDsIiqsAif~O4jVk~kNA@oyYTt2bev^c!>FXM
zYp3-~s<RuB9Et>+>6}KDM9wJF{oG7Ea~G0gm#MO{X-K9<4;=GJJQj{|nV3k=5gqf%
zKc0(onc!nvkQ_7Ux@O)q^d$RMoCX(mg@GJFA6oDuc+=?7pF}75rX>Qr0!*?=MyJ0C
z%l!=0#AAQA&=GY;nCCqjIL+2<Pfl+~CS9H3geIDK_bXYzN$Qs!b@Z5n?(%!qG$MYH
z7az^G26OIyX}iO?)|eYU5%H!AGIqMHueANj{PLT%L+WNqxk830YwWqPQm6D&KF+Dn
zp-82>8MNFBYbg$?+Sz4IhGL<-4+Q5{EE#u|+QEDvGxM|ME>c^OFx)w{#Tb$GJ!&Ub
zb2FSU7Gmts$ki7+P4BP_FFzZ=A5&H|gyqb6I8<%6NW5)%N1Lf8TorguYUJlGd?|0^
zI9@xko@dL7wY~jD-3|NKu{f?_gyEhO3Ll6pr5I-P_9hfJ%zM8$IMy+XeV;Nv7PSz=
zDm0Ioku{RQGSsZ%;hLoCXx<gn5s~}H<5MW%-5vG)-HK~4y7&{lv}tVqO>1@+U&t5d
zGfhVCcb_u!WN(Bb1eyOWE~*6fpCY4cQ%vTnlw!P-Rnn|ADpkH26@}PGKenuBTm%pd
zplAr9Q8-|8d-AkR$kE$1r=yLSy;E}Mdg36gl-O4H?ebSfv40+Nf>gAB#st5tqG9lY
zzY~6|;LLgE+|K<yORRy17!7$K7KFwI<Kf^Xlsi%_);l_jjIfmXGRROPKoAVCdC5eD
zECJzsTeGq`NzfZJiV!#?p~rJ~@!nwwwx-C*yyTi<YO=Dqz7%kvCi-@Oa*NJQ`kqy^
z*6xCBORILCk8AlO_s<$8-&cp115(-lxq8U2GCh4{FtQ%v{i*wxHyVZO5ot!p-J@%>
z{ei~g+)!|jjt{TsVdWC|VSs2t+C!>wOJL8>NM6pC9(6~6>GpU{PN_6)`Mc#aMSv!+
zaOUfP{MQbHvHEp9!p6M9ajy^ipFv-%2H}nynT=Da_{7aco(-HF<rqz453!c79qPcS
zbXS(X3ip`9A~ugon8Y98>s>0=cPj^`R26%r7-as{cD^W}&zcs7PFu0;FK+<_GVQUq
z%vjW#|GEr+Z|dHXkR@dhxl77?n>en{5B+QFd_gXdX(RI#o9Vg3@<xCPj4ha%DY(g^
zJ^Ver`#Y;Z>9Be@RD}wnqHC@5hc~g#Yhr8Ib>(e*rqMb}HuSHze9K(v3zqlGTOQUV
z*4XuNnU90&s}?LLJHD`KXJ=L_*<p9~I)sNBZyg!biXE~YFzim&RPmQ<jS3!h+z&F@
zWT_{}YO@B$fLYX=|E>*h^=QTWP(I;EN=|F=qkjw~HxDCe>*B4Dc@1F<5lG2y%ZJ9X
zyynL&suMyx?o(`<cV$c7Om6IuTGX(pCa5Q+e(;RQ^*rX_RSS1^R*q+TAH1uvSSwl$
z80cHvkS>&uI*h@$(SB!Az!i4@);6sD5zb`qMlFtCJZh~?bEw_E{C9PcvVkh@zc9rh
z@UL87Bmr)dLWnK)*1FcxlfZD{D_#^6d3DVtK3CHTzK|j9)|sHAps*YE_X$5yc&&MO
zdVex;Sw2C-xd!#jipJL67&=LQ@=~H%^*qt&_m;z(8q!zoC7YWk-ftSc9Ubji|H2eI
zH=E$|p(UOJ^rbJYNtOVu^SH__3o%BwdNP{3#n|VV=1txfy{na^pF>x)eY1n<bZ|sl
zzRI{r*R+q59knn1Z12BxtHxO3yyQC(0tZBmuA9g=-t2x}E+4s8ny&9QdAoFY`Q}6)
z9MGD*Y2w!?Qh;`nW*s2lzhQ#C6vyy2K=#+J$qQ9{gTHb`TE*2uUuh+^iWSxMzP?gV
zI#BZYF}@cjsZ}<-0d#buOHE<Gs~{Ji4gYV51X+t875+hF<GuNTMVRj+?Dur#G;>;{
z>oH>vFGc@6;Z}zxhHGP^^g)L^(LpeSXFd}Brv-$4ce${kCQ`FIli-wZzjd8&V5pa`
zb+tFSj()RZ?AnAbE}&t4^;^TQn^#NXt#mg%ZezyHQMrFs@_~xDCJKu7S6i{SnQ!cP
z^pi_@;xnhwUN`rVy%z)NTmE6zPkznou2=?`Afvk4^HVfx0K`UXY9+fo6u!xCi-`q&
zxmWcc{uzK&oHj?Nbx0eox5XQHJZV6>axFO4`%BYm8>)996AlPb$&G(082C-M3rBSz
z>~ZZ_Ws{~%%?zp+CKOwL)6fX@^Q^O4vxbdDW>!kdTH|=BS71P&hRoK4Wn;sWs`{N1
zEmKbeRj;|1T(1fZ?Yo?1c)pY6JlPKlk>rY_y1$)huIJCv_2x>oX&`H{?t47^!UVV*
zh0}k=pyqRfj{7!Gy9Q`X_Fux?#Buv+=<QffR^s@T7O?gA6OBXPks`i{Ok8g-R#=js
zw1+2?V3W7Ak98HDL<JF5I+)tN@Y!mj2g01QQx75=6RZK&HVg!$A8Ek$ZcrvM&@Um-
z)uIwKtKqA5m9zqMD2NN(pJlcx-20fIxPnhPOc+EtJcj{b8ATVMaia4WpGDS)MA;3Q
zv0Q6|rDnma2NpOfw&DBc;W3s#?n-cnV0WNXWHaIgcy;e9kkDTMigrT<`cK^g+BrV!
z_EV%)+7@U*Ib5~M0g5E3gEhSy)*~JEBn64YlRU_}s6mZLhv@}CqL8~^6g{3g;3E!@
z2EGN<0Rx+K#B6o%H@L$LNKCuaLZI7Ey~9d6tV%lU7*7(=nDK5Hjda*TV7UC#bbB#t
z57+*0Gn1A9Gu2G9G685N_6h12Yt&yb(B(!4TsAvl7J2<M;=OhFd%N(vL#ZCY+Q^tP
zi-=Og0dxVnxE6->6{hQtnwSFjJdk~2JHVybq8I_wuK;C20^KgN#v47bgxK(XUOF&A
zObMDK2EXr&0(LwXS3p3?5nv}+oA$%A-Ml%5zlj5OE)V*FQuSWb)<D7*59ohhMDRCJ
znLm0{Ya;FJ!|j~IOGnKTZfYVjt-@6VdX3uRfM~Ac6s<q7Ab(p&%rrX90Cg{&=u#FW
zJ325g#UNBO@?So~djWf39DzUR0@LW1VoEViX83iB=$EZja1u!78a_Dn1fZk^wuhQs
zoH7p63op`*f9)N%1ZKCC1EV~lLMz;0DgN$2^YC+U>iqt5Nh8~AG!rZa*1ox(BZhy)
zoq8mPP?3WHm#-kt+U<0Xf<N+6vPRX;%$V_b)<rBhhW{1pcKr1f*u268R-F~<Nv(1S
zSLrS~39rHyD4~H+d8Kqe>WxssITyv0EVx^me71oh0?>{XJ!roeNYMcrNIHy93PN#5
zu)E+-O`=cr1L`p2S`PW3kZJ*FwKEWUsQ(o_IX-*NI$P9QfEUHCO#x1Cuj&DegC(jB
zd-SRtB1%8b={*6g*ALTy%phR#2#~`04d{sno3ya!sB_e85o$JDTnPa}{i#8Cm>%Wj
zxSMlexK~5O{xeoB!}nvg%|lM?aV|@7tZS*@Zy<L+1bX6+2F=3tpuhFw!Bwj=P=i|X
z6{NTabOQhvin>#a`n>X+gk=F;;4gYgq_+8~Pi@44bNFBWUf-G@0ZR_pb&YtCnD&0N
z6Mf;x7&Bm84fzT~dq0?*AG%<y2jvtSz8g&ku4S90XPeEMDnmsbpi3;!0Bfk-r|BSR
zVlb|_05tgy0Ed@aw;0)s34Dq>af+d}rh&X4|NNy?OA}IRhVRjZ?lF(<aYfy8EB-tS
z)ix2OpU2SasGp~fpE42ma$6sB>Nk2yY-2(sV5cLa7xW_vI3o&5Ct&Wd#<>iZWR9=S
zD@9QaPt0+FFF?SkVc_m1F+86FOy1FNcFhj3Zo#ppTNGn4Pw||aF|(ghh7wnwZ-9dE
zt?i4hT;UydqPlB(Pn7Q(BZY=5?%~fhq#z8;%Z+ku58>qQc|B+v3*|OPkJ-aT>qGk>
zH~|P<Bh`nt;0r?aP1K&9G?bGCsuxcp&N4v)S3zS2IiiuqM=P!viZg+NUc)no%`~#i
z%J`sKn3rHy0)f_-Jrb8?Kvqv^h)F}lU40m_wHul)k`udb)d9z&8{K08An-b_<<yUe
zWnsun$w-@Z6?Bt1YJ0f%ReiF3rWb5t9}Rrw+ME{Te=sX7B<`OY*L&jcLI2##<!Bpm
zS5b&#{hHis4h+n!=7;j~2tapOpf?k<=aRxIH<HP{e*o6q<s6_xTYR_$s~QxG1v<b2
zwFj`A>#IQ{Y?<RJox<;SaeEN2iQ(UI>uyLORQBO_q)v1qH7YHKw!nO4=HW~Yj$t7>
z>(~JjYsGrvoeW!Dq($od?_4f0E(n-74BVyy6)^W8j{3}^aW7+Vlse*p+*F{ogvAIY
z=7`b(aJt~6S@3Iaa1RX?xJ;OTMp`MReZ4l~t~Qx?XIF^@n(%2lci|<t;|d6cQ&556
zIB*V#N-xVkf#*7q_$x8X-{PLO*-w!7a}y*ibLe#g=$E_iBJ3>jr&?=?;ieX(!(?0s
z9oeD4IR#9C$5)VMaJV176WxQNaA#f@_#;0Qp#7y#4D{Xsis)B@a(`973Lyrw#H9m&
zTf_rl<{)6FxwelJ=H)ls%R4_z-4TR@0G<<_KIQPrHLbN0peJ=5=wL1gC7|O1Q}<DV
zseeNc^1F}rY;o!)(CZce9w)DQ5O#^cQy)uU016Du1pz|}DlI5YOivc6K|&Ngh`k>@
z@jiCI6w(T?5esETDT+_EVv5@O=Mc8Qh*dcIfSHtS6fi&>Na>%@4dU-MdY=e%IJ<Yh
zu^RyA@j+p9dQc^GLFkuRq01B;YZ#6-xl#<>ayJQFk(3#9$if08c%Hv=+#ZE8pt>G(
zn+3`NP%;BDwDo}D!m^aVPKd1Y2~wPl1unBF!LQUoS5JgJk6C6o9?R$+g8%`lXYlng
z4;$hDtmi*tJ~J~Vx-ntyxqF*F4``V>F`PS!YEBR0x4cRM57uP{dFtvS^W~vY$J}5R
zA)y|SlYRK-7{wKBfVFV|X5B3Sa-L~zV_j6a>Cx7)?DJ0)BnC-dEC<4}?SK=rz*Z12
zKpm)02@-dJo>?nF%SJ#zo3S^bQ_+apQedlQc`wye+roeKUPgU~Lv*likV7OeYN-_X
z-~|;~`rLDyO$C;6v@Q#I_OoDdH7F?yv~vV#MHSCL(b@06#0Tx^q#AxrI=n4_Jq7JX
z1ZVaF;uWC>wAR5Dn04!~)u7*Mm7tTg@cRL_T2_;12)>!cu6sL+o)Y>@;Ket?Hq}7N
z4BWbT!8xPMZcz7V&#}u8_)RwR@ScGlv}!~MTH&h(m1Kb;S)dIi#PD<>kf#ST2;@OJ
z{Pr1wU-9HD#s&nSg(Z~n0|@f2xW<HB-=OBEU+;%m0Xt*9udQ1NF4;y&;7-p%fgZZZ
zr?0@xO>S@pUw5EQ<Q+y_ivu6j_VrF(3Sg%e#~O1{tcP;=Sa=cdKTLU1(2*K7NdEt=
zw=B>>fVD-=J5XjuJaF5TzdPss7ht<9o%7LmQOvqSbjaOr#Ls=7dM`xpXpgZPWFJM+
z(?(s=bL$BW<2CFFy!%GHbC?0TO4K%|n+2A#Ko_i``~Yhchlm9fKg7>FryC*CKGo()
z0#3KE**KZW>b2y9D)N>C2|b~Hv%o^`cp#Yj|B456I^uY&p<j*zrs(5ZM4IHFu^gay
zTvB`gCE8Il`Ua~*dP6s82RD(DU3t&2U17JQvjYyPV>r8W_#G0xCva_+#QFms^Y9rt
z3pD20hm^nT0oV_jMbcUT4MD)_qRL`P$inisUM?Hpi0CjM-A?)v$xaK-PCCxcq+3Mu
zMq}`#V7CN+?_<2;3NJr2%^9<9j}1cQ@?RkzofGG@UCfZQlCVxjNL!$uG3wl3t>bai
z70**-cqBc<Q*R~6>A%>C+g~zUA546|e!La<D5}J5B*$IR(F@mDvjLIc_49?XT|RHj
zP&wQae>3HgvaptxYYY29ueUzbh&&NnA5%_Qj43_&$bA&?c7_P;WV-}o(uBj2*Z4~H
z=}(kc(f(8h)DDkt$?f>vHI2KuJztiQa-J86@h<ryof+!lt~hZjsvFCDd+PBYqq|s+
zs#kT$Uk%4J0mTs8F)dM3Bgb6mE}}Uco7m>q_X9Rx;02?UMUb>yYF?_&L`FGJ!iCrO
z)K_L~FB*$d`)$65eYSX<!U~z~k+$j0PdgvW-x!;`-BrES?UFX=&i^GPy=f_JWIThL
zfq!o)8o7}wG$PwQbmXbOX-6b;N2yr?DW3U~I_Q!4N@Gnq>db?}U8O4AH1a2_appy8
z?<?XuIw2Ell71UU$Uhf(H$q;isMk*_oF_A}P1e7w8--r`$exq5-2y%a)_;`H<3u5d
z$W0x1f_JH47bm^;=P?z&XqC4eoNc$(9|N<RZx?MC|K$cp^ttd5w15)6cwD1gyKu0S
z{)LU0Nzi=d{MQT=-Tm$1buL3CI!;Yk--BkgArmCA{u^z3U1s}}+*UO6tC%rgw8ZqN
z;#XPiU$Hp4!o)|`$6}#-4@ewsR5x1MS(lt>QWO@)X4tkXBO0MzHyX`)7l(w_Yr>;&
zG_`e^em9xBOZNH*d*2fmQ4zc`V@ry~23FTXu=pK1KJ)k)CgrtKui>z(ICYV0@%R~r
z;9InU&zl9}Vy#r3rjkAFllXU1(_zvGh_#kvo~t(Qh*Kmd!dpl;BboruBH!!m!{@<c
z($v8w0$hb-`XHD_IO+?szGY#GjADvVF~r$NV94u0pa(z)J1r-jmy4y?<+j{@w<^~m
z@uJ}(HJLpTgMPc1HFc1gk8sCg2<K1lY<`lbAash1zbs+T>Sa5Xl!W4`U0JcTRP-K$
z$jrD)&AUpG?6SR|FN4Gj)}#xH^ShJ4{!`-P=o89?(l?yy+!K&N%83C!#3U0fvMG)>
z$d0}s<0NrUgdRs?uxB83(1LJp?~*UkJv0H6K`<=-4RJepK~o>={T`aSr>Fmm2@0W!
z@gY9M1ue3YU+lgl6eX&uYzkp=IG|Y2rYK634>?It=b8v&L5N10R8cCM`h*qpE)nh}
z1CS^3Vaj)p#ITE2Ke2nWVP@R%iFFGKOFguSY&3tvoXi-hgUN|w08%X@ay6WL(rH0K
zu@fxA@N&<yGXW(P=?M2>EioqwdUfv+V4S|kWc78=ipt*?sH`bHHW9LlwWm&b-;4Ds
z@#0Eebvx$43t<f%P<tLloH=80Ry5BmfAJiic&XRL#S~-m2pAvr{fkEG8~lt|l*VVe
z_ICwK_<JjSmRRkZ5_6OjtcB7(bChbHojAyUZVHL6u883f(ffn;(AB&`X-*>F)Kdm6
z4$Y;KVk`@KdKqO1FO9qs?;C$p849;Wk$WQxx^_gcg6Zrh`4DN$30(_4L;xn@Tc}B3
zeu4>&{PpZ9K?XIGKkmK9jiY0XNlOlK5S@Ir-R_?Fm>WX+`h~w{Bz?plrIq4K*hNLV
z*!}rtlCt!3FR-tS#s5W1VUClY8!I4SN@D)aLD47=W_;v8e{@GtZLCynPD1d#D9nBT
zSxO%8{=ZH_6Dx)c|4!ln!o@!%NDI<?qev6w^}W_ncSNT*+Wm(}lcSEV;z$2{9lvXO
zI;7381y@0F_fOkDY`7C8X!nP=8tnJ>^$GMH6cYx@4toLAO!uow9QPJz_x3WpP0Gq^
zUzkd+c5i~Vt>qQ+A*f{+CBvc&UKfSap>Y~aHw4l~^gi7<RO(A%Mhoj1TjyG_-u3D1
zL<yK)-~}CiuroH*j1uB5bQNz6Uun(pN3rseEJB*vey^#R7^zVoo2O%<oR6`$(dvb$
zX8bPJct_Mvc|*;3kF_@@SyA}z-i8Gc30Se(+>6rmKpZ!}k}+uEv}OK5$T)c4nmTyt
zv%gnOS0b286$rpAr+MK|Cviqsa5F$LJ8?t3w<qMod~b>`h=>KWlPI&k_Cz>`($}gf
zGeqq<k~NW;OZAMkD+b1+mWydV6&aM8Dey`}?v3CmOP`A<kNuTJ*!!S6Ron_GEO<ug
z+)WwLNs^3bcHfwtDF?|^$6=vfAY^}?G2Uwj(Y25AD6Hw2%Db!(O)LrOP3Yq9X@{B!
z7$_&odkUK%>CDOhDKEV_BTWguxxG){Qv>b!0osLL>v`sI$syVoqD?j%3%<tA$)r{`
zv8Q$ZnV2}GEq)%;BMxTB3>w1Uml1C~YSSLN*W)kd-)p3>W}+#7y7FS;K~QS~!g;Vq
zn4rxu_jh7q=#3an=4mMOmHZP4vN`48bCL2#!J?3X@lD+K_g_+Ik!IvYa~<z&H=mq{
z-W`&|E<_f@?g?aUFc-{fU_1qL184&;k=#ZzWZabF#_yx^bPeP+tHz|NjZ77vhC}o4
z_VDYx5OD(tti)m>0d(mzidr&cGwWP~!qZ4ZUf(!ro}1?#y0Ua5=>*L(x+nQIP+=h`
zMdvPxi!O+`KmbB&R?|*UAku|q@Dk}{G(knDW1#Gk_jNDe&~`6>S{{LMrH5!q^F;8z
zTuFl!SBt}?RsRwRkV!95)B=#rC3Ce3A+T@6?P&6+h}2?J>CuU&)v!H2kr%m&&GCe>
zB5Y|Pi>1Yh=$_U|gqZIeUbZvQ`{M5X{govtR-cftDuy>fI6FITFsFzR^3q4}0`@Fk
zw%=*c1)cCAH_rI_xZ)Vt<8P^u&AJYTMNeQkLYuwZd{>0{fatyS60zj9SV0{dA=6;;
zVd`MH_ugLRi(D!RG)TL4=qfg0YA}Sz3OAUGy~WXqPSTmRh#_wB^w4WQsGZ;`H27Bn
zioc*~wXpa`(ev8%6Yg{+*_XZYiTnWP)OY^JuFUr{#nG!sKIIVC=V7fz?p0RdEHc~T
zM7v*5!!8z&#r)ZyO{4)7{e(A8vl;e5CSMzGf>UvS4@aB`dHNr9iw@01_3X!q5}NU$
z7yirMbnQ$<by2+(jMfeRMWd9t8wtLrzq>aly=RGB-6d8I@sB9pbx}lQTw)v(*HbIJ
z&(<t$17{}$@36u4hYK(%X#<jp{BAz>PN7oD5757H(%Jw{+iX=wI9Ix+O@OdjAqw54
zi=-0ay=a-XNqqzOvQ@co!1(K*r7nNqsywj4t!zehz|J)KbW?luK?tg-D)?Gh@98Ur
z(3Nhn7P6iV)old1ccF*rtv2c#gdAvNcjswZym&aw`Vs7b*!AwPEk)synybK3rC79X
z_uwkjJV-C3{Ee+<_gB{f*EF5xnUA?5)YCSY>fHsJ>T+9spxy}i*rGCqv1!dRyV780
zU3)c;d8DS=aSu}!svF?+YBNc$w2fbP%vz5CrrM34)c@su1J;$UL&3ei!@)s7W6}Mt
zz3qYWwA_{H4_Mh#gDi4JnJsO}hC1?6nGroeAsC~E`T1oU`<gM?nHs$i2u|%O@ikHu
zgEpD=-@)2)_(4+&#<8pfL6K1sdzy$9<+B`{x(z0dnJdRPBEKi{-W;s<qO!HLQd6R5
z1r2rWMe6t(oNoN=dkNgHT3se~wESg+zXBE<|G@P!Lk~o{bNs{a6F%sLsC=(NodEPg
zT))Fn_gOzsky&N;0{90M^l-h=#iDXksu>&2{gsywtp`7XIT5=&6n3R3OVWRuQN-s*
zk_oq{msKe7Y;9z228I*Qx>q#+5iZPqiCgUSq&F2V05LHG7Kkyq&y7UdWqi)izZ&Ad
zV%2Zb%g=KD;*@!R+%R3W<#v_mJPCJ8Fox@y)O{X<Q~n4!6#Fnm=0S~fFy{AirrN~V
zK-vwjEaV(R9a(itWjb&uq<6K6f4~}k|IgYOnH<H0p3O!{FyCMzb0zW|o|N!@Dq9=;
zj*=Hnk>2A`uHSXLI)xYC)A8agdiH5WyKj@g+;>>yHSrDvAlkkb(ToaGsm{<lVxH0i
zhO&qQ>4X|R>8bC*jCi_3Exo!l4f*A3;>Ou32WSg|e3nxJaXMC9WorPBtXBsVi85E6
zU&m+GI&o$g=nG5pP3dMjKjwzuM9U(p3A8y*Rp(|*L$Kv)nqyT$+uNwi*2s~~oQj{y
zp86u@lS@N3gq3sJ6U+14h-b#y8EpmLoXVzZQ?RF*s)!)!qyA@K-Sd8}uSCrQO1)bt
zr{QHNIXJ4`KK)>fA9j7C0aBmV8Cn~fk-p0i&h$EX1-oFNxpGWD{;t>TkN-W!O7}%U
zM<++wlev&FvTFZFhmpSS+Rdvn=?4sb<Z)!OGfGy~>Qu=XX{ML2o-vGe)S|DA1R-`&
zZDp|gY*2I@!JB_IhO~T^yarF*n0ik$m*K+f0u)7C`6YU*=NW}1k{|5E1hCh?7UD8p
z)Z+KwRbQ6fOG59z=yT18NQVfT9h|oO)um~TDqjnM2<HpG_-W_-XJ?f_HI4Y0hr)O-
z528NGUS;S{%t#|B%A{Lj;lWqfdeZ!I`qCo>!JJwlYnaAJdaP&b*52XPgjB^JbcUmr
z^~*n%<(td3dA=a7US5yB^!B)7tyaFe$s?`zE97MyoDX436L$n6>I<X<ZZTZ|X*kIb
z6(XQ+m0i6nPW~&KkBxe!K$x%<7JO$$r?ok*Jj6Oz80K?L8y_-vxKNLF#k&I$<gJY%
z(t0X(mD@_3JN)-jH2?DRmrom?q!R}Hk%B9sS9P35<@sY}=18upvRO?pd1Sl{JF|B|
zLx9RJuTB>^$Np&suUzKz#osd_7p!G#cNGQd>Xi|KE_pD$(a$z}c7$44qk!OE8u@o}
zTe=~*2YvY>MEVz8r#GBM_p%$a$PT+jCLeKl<0-Y~ajsDnDm&z&S<#Bfa%wPXgmsBs
zAG7eDd%+0s!xYn<qe;V{ld5bCp36^M{-#X2<XaUg|4=K)<(+zv!E3!vmDi{%70j!-
z?ZSJy@kQhIZ?Jpkl>5?8eaZP_#L~kX2PKbT2MnUzwsjVUj3YjyS{y$2Q{z)R+Rqv`
zZhkF%!*mfUjqY_aK@*Le^KnLca9XqcdHwWGx!(XGdH%EascXL9ox9jq-|n%ad_oo4
zT#gB=rU@9xE`4+q!=5(PdfDKlr9Ia;mjC0p5;v=Hu6N;PKjM=2mEf?$%->?Y6I7H*
zQ1zB9wy>8sQH=$M*;vYR1i1FGMz6CP=X^a_fi@tGInv7GYX9^{a8oCSQ#cP{(K0ey
z$8YREdCk`RNl$B6bQi!jPVyLv=f_n3s!Zyoi$3xn2)T}%e!#$|UY{@@SxTqpYybDN
z5wfuJlIo)srRCIYk~-kW8sUt~i1l|FByN%}tf9sC#VG3<&zq0$D;Prj+JjO5#a&Io
z+CED6a)6P5>hH6fA-#?sKB@dgr2n;=a=DbE6iChS;VAV?=HQ<x<<f^DdQX2;WV4wi
z5=pH}*wRcNR>r5o?}yiMuM4)Zld+I2KLl!4Wu^yM^{;wsf`09$*XccF?r-<ER63%R
z)sDLfs!-cPf!_?8-AVd8JNFlc=T%GHjSBSuq6c|`6)%2*Bby3%zW@B;`PIE;GB-pS
z#+xy-HfLaYddOL(%1X1kQ?Z6M_v8{exQxX#?`i%rTC0`I1jleZ|Do>Ztf`;vEBZFV
zuqdOAu5NK(<7LyYUK{V3Y*W&27-QYTb^Mm7bETXZo*nc$G3BFfB+=a;d)Zu)Ys?~A
z*6EgLwz1imwAu>1-w6M6Sr&M@M`p?OthWh8kiq3=8yJJ-)NqozH498t`6ETx<{0;E
z?3nK>uXC<=qRcAcHgsk71%xH`ryShg#VjqQ>PnY6Gp7c&;+c=CeifDb+cS#?mcGZn
zp1dX$>dzSc8E<6_5O^7qs7O1&<F?Me<ZB%N-xsgiJ7~d35vF_=T0-xwOM^zI2k-yF
ziMN!97dm4cvbn|2y0S3n9u@_@uZU~v<vRSAvyTyi_mRS>etOh-+pG4}KnlO=NLs11
z%{(pdEB=9bE~s>l!B_;8@pIQc^`b>L<>Jbn&8o@0EcKLTb?IhRt#sKd&BT!OTF$AK
zYKB9G>bNhmlN8z9>HS}<<cz{wV6C$0mO`On!<7rC_7RUVhSRDrZPBurYH7|xc>)E7
zxc~$kn50Jf=BZsr%jS1`*bkk93y^70o8U_Ll+MwsDeA1>RM15fo<xI>K=VB0<3)^*
z70_~OF=?a#pqh3KIzmjg%nw$xT@O!Y&5sS%oYry`$F|Sc2wL~jt8T|}desshPq1py
zyt1-pi(R2XHXFk#4RE2+kw>ycHoNa9CILLx%AE!C6a;9LaXJjFxQSXEH>RbVch~=0
zfT$te(^_&{=bhLG5^W+xSNNtmlm?i;O~~xoz1el`37gF9Aq~^CR7OVu(wC*d+bFOv
z>P~UY`jA{T4Pu~mG$-d(TT-b|JM_igyc%1+HUwAqw~5uKAaVk8%|}Iw)_wY*j(Tn_
zZ_Y2~yBX$d5WPX2BL;Q6)5cS!qPr*8BDmqNd7%)c+BI=>GcHw{XdU7+XH><e@uK>(
zUx~(oOv12}Au@zHcQ=?tS+qL8PpBfz=Qyp{z14N?+cW2H#?Gh7U3SdJ?qWKPw07u=
z^yn@Bz%iqdJFk;4ZSIvrWplb2cSKavQYwV`)eaimHf<{KO;sv|vqWo!v&3c=Z&yp_
zl&V)!2M0C%o!VLr^QDhp@gH%8HSoPaHfLwlSA4C`QQBhsNFz&q@l(A`n7pcMF^TZS
z`?w2gg-krcB}nk(xxK6t5aMhGtV3sVpTw07B3;K<K)T9Qel@6N^$hvk^HZ23Q|G}^
z051HGOS7_%#e^m?c#D@NbpVSkjj(dO&d);trb<zPpK~Yu60?&A&|h7sx8U_f=dS#9
z3)IJZf2t4?X0GGb_B%3d{IL93^OLD^ti#onBHQd-M&V<&tJ>jJT0Ndi?Zd=kd(kg1
zWxd5{+GpOV*oeBrJWXi2rOllXBWUjFJK0G)7QQduBZ?D5EGeFOV@652jKieR(PpHz
z2Jl7GetqeytViv@T>spNrRwn>3+TAdE^o2^Yn$-uf1{>SY!-~!=<>pAjzxMgy^CEU
zFRR04xgp(UGpQUjg~F;&KjtDGGNdH4(8&zqz)o!pMRWaG47I{yk+u!m<z%x;dh8uJ
zf_l|o8*abxyrHjL(U;?Luu%O$>}UNP(7)XqVC9-49UX!R=2{68^FMs2WV$%A3KzRM
z#aF0YDmi#~w;H?LNnSVIRL=fMoTy9y9ZwiNF0xoaODboOw;^BWZjyhc0RPVo_SRA-
zD1(>TAb%|fUj;=Hf6>4RAG#TJPv!j%4PN8!K52cYcUP4<xgBS7fl=7-pjQJ6#DK*s
zz+^iD#sx$K-acaf8Q@PjBOn1qFP~${=C(bfkL5&vyS#6UhQg73%|y2bZ9kQxmFd$p
zp?{61XbZ-6Z}V+CP|wgAINuPf1H+(6ohF$5z25=&{ny9#p9ELJKM9Vi*iC_G5Ai6S
z=1amzjDzNTz^-|L<9b(~pZL8;$aYQYsWIt<!TVGW7qkiF=~YDa_A^6iLvRv?#Icj*
zJ1C|Xd|VjIe$(rBVEDRti+Fz;+~vcd!ItxiF!R9gmT*N-4MwHxGxYeHMRXU4{1Hk1
z>+`#6$Y292)dgmpaw>y8=#%tB9y`Lg1_*@E)Y4Y22ppyVi^#mV3K#XAlSbw8Jgn0O
z*<add?GlC&`K|c)_vp$<S)XxI(!PW&yI^?TFVjT(*Q=$S%BiHDrkk;wny6Ta&57ug
z9dY7}@kg2stlQF1x%Vubjk=;$I{<$@mZKhP<;J(g@973bK8|laG*b@V;60tEH^1|`
zlgkXebs!G*$uVpHFqwM#*HJZ1lWA?Nb7s3Wt#VA=`IXl<2zD}Sa5*dOs|!8|0Qd<V
z^D-Ux;IT=BsDaNQ%|$Tfw24ve&OdW96Ibpk)Kir*93N7wt1Xo?O0a~nnGb7`CHdoH
z8u_rMllxD$QEH%x@SBlSZ%4I75|8Ue6Ps%(qx!mb_ffzjL_e%Lqid|3J>?wVK>?@U
z)3oMutQtr#S7up`60L#n?Q`-Ew$D|LmZUFD!{ol}g6?&(NE4lvT&(KD5ao7q<Cs2~
z%L@jO<G#s-m_2k(KqPPR?j<v;;ra<OSPg?_M1aW#t(tA2pZh%s)7YNncUeH@h0~mP
z_p@!|cZhU~k-p}H*%K~v_EAlEAcKu|*(3Jd$0w!gx*EqI>$7E=BS@$UtPN%5&ID71
z(O&yCPpx4`Fp!4somP*W)=y<d;ko?C4?|!U9oXQ#Wq)fTR!RE@lUHPWOvYos{-+R4
zUS>M>!DGX7fC+_tl;QmN^2SYQzmuaN0p|zd2RaOyYO0@hSjtmY9dLtvg6<-G%<Agz
zdNE&cu@!={Fg96*DSXftm7HpvV@tPdrz6j%QS1q&R}C6YrfwGY!5_>u-Q>0!)DVCE
zx*{CD==jBK>?tRW#TneG8f`ytfw)6hpT1iK_A>`+XDODp-Ezw2-aV`8?p;<oVpVEI
z_8&amQPoM{E#FHWJdwBO%(S^)Y1J|MCZT489h3O8vgw*tIvfUFWGA&`B)+(GpK+Zk
zbZxCw3n`7>t22Jl#3y!^$GyB@PqU#+NRJr$?f13%lYXE$dz$o}j@EATbAH81e3~r$
zGj51v9caTj+HQmLyDLrqt`&awf4vhJb8Kn(!KDnxFWDnZcR7{Q7(aB!ut(I9ne4D1
z0lLYu3`@>h*}w2I%~OBaV3r3m(5g3Ulu9hPB4|D^?O~dBmk!U%mOge<gp0BM!&h)x
ztb!-?>wJ2c=KtaYVmAsm+hqEp6KVFau@_B~I*4Jqr~LZE#v*>lHyyv0T%Bf7_;@62
z{9DO*0*uHaS1z9YOFwYj4xRl&q*>aA?Ob;1ASpmOy9c_vr`}Pdoe5wcMj2@_B!VA1
z)zz7zVP}V=LuAh60&pNzxN($CjG255lWYAGx9YZG{-Lri<ChTUbE_cLZedlcm%6?w
zu<_KAng&X^)|%KCeK=X8d`()CTp81RwX0{Jlj?SDWbr~$Ps386Q#Sug9cVM9j&BC6
z#=1PK2bA8En8>Y58OP4%B0H}W`QlZ;Ds6*lz*DPEz|#X&z*C$9=Ryi)pPsYx|GsW2
z9)30B1}WG{xd(5IRUArhsx_wKYdNwW*?g~^KD8+;rLZV94Y16-Z#M%W2_(8bg(51u
zbW9r(qmJ+KG$j*Y9YE5ex)R3dQb7o<9KMue`NCuM4zr#ba{o=os)}E_N~zH+UDG}t
zm*2WiKuTSo&m~f6Fexe>Q$!|xBY_(7#Dv~^Vobto?F|TtUR7$T$w;J|33%V;e5U=}
z_<xt@_hS-Qw~B$aNf)?ehkyqv&QAvd{L|B%HPdSWwweA!YPm88CFJ{H!=KZJwqQ+U
zpYGZfI~?^2KC1LYq`UB~dv1@-L7;$F;8%GMTdL&p3YN56Y-#?5qR5~i8%uX^zmn4V
z9C_M5i@+_9YCkg-zLhYtsrB>9a3)9EVqXJ1L)qdQf!Nhw72oiCnBW(#c&3L%Mr(4V
zIaj4%`)}H9KbnXB>t;t8{h_F4J1m&@o*$d<Wjk^H$Sz0qd*+o|?11-oU)!kK3MNNo
zrCN6p!X-b965CcHcBuux#DXuSIfr`VnIfwy-G?a3<ryn7G(jJQ;$O|7ysxyKo#1-G
zm=9Dol!}5SNk<>FhqC@jDkY<nP0IBSbW#4^HkPPBFqc5<U$9@VzfluDh=2}4M*`0y
z`LQSMtX$`y+JW$9hb!iiA5EdWaIFKEokOhDgY}J#S1Y|rJB3j@8yoH?8-uKYvY~HW
z{_#$vO=YvC%~46btpMkT%t};DNpL+xbWVRvclqbyoW|QN|E*h|{?e5(BjCfN1mG^B
zGgd#+`5!M=n$&t>Ot*aJ+IX*WRuoHC6m|X?MYQUO`s2GS9UO_}`@XZ~VTrf)^v>Ly
z^rOMUYq9LRlXuxn+aJUvo+u^SF2()XO8q{;{61aqh0GKO=8l^Bu;F#}QbM9ihUJ|J
zZh%Uc<EIuVl-z#)Xvtn$)p}t^cW+L^9ynpAuw$q2VjytTxb)lTF6=d{Z<6$^WGWI8
zgi^U=eCm><%^us0N!z5kGb;P(!wkD{heW*_h7|aHs`9(_l<I8fh!eipSNKgxA4x4S
zjU<(H9ND3dw5M+w+4Xr3dr*>Mg8O#Kt3#q1hI;`c^6De<nRk!Y#i=WQcD>0cn}>FH
z4(S)G<O!WedYez1qmT^eQl@_&;xt{@#Gi`vP>btK8GgRseoF>c`e6t5Js58HcHT~h
zf5WA}r;+e9O{7OnN+9MW+U|)@56MnVA7u?<un6@5^rQTQq(X%Hf`q@N{~_ab{_(1E
zhm1AGu}KmKVW=?C?+1sMGj_U%$F=;Ry&+awU*kfcJxu0^H=(~FyvJ@G_?}E}7sZDE
zCuI$pM7Q@&bxAQqHP4`hOLeL38%bg(f+OE%H>FsylbKW+e@2e}u}~&3Qw6f+?D~yD
zY(Fg(-2mRUBOjfYyT|!~CyjxCDpwWp`fb{5CkvaU)U8CC-hWT~{~j1#-t_JU{}$<1
z>>e3?M0?u23Dm7_AcFM?=_K}^Pf8{tKs>$Uq=6KQ?BFi~PQt+}iQ)(8GSLFZLXUpi
zsrcrM?{xu)Kgpd0>pt&ZquH(M!TiwDY?<!GBjYORV7M6n5VDTdYsM8?jL%6zkT~W;
z<;qtd+`dfj<YU3^+!WuGLU)(xKl?-djZxBtf!YfL_U3#KOkqAJ+0N=j4^CNF6G53O
zq%vvldvBY+&YeoN$ur(nDug&XaLou9p~CjLR1=!cOErm*ZW~2gdk^vN_79cWM-tEP
zS3EY@`Sc4k@;|U+4Ae=JMNek+++vY+CH;N*{tE3n;L}mlOM-P}0Eg!y6VcsJ=nM2B
zX)DN{<|r9b(%te2>y=6p&w#Y()anAyooje?SLQX{!^T#4$$^hdkQ}z%sSj-sN7D7=
z>~y8)q{AeS+o4~;L%Ir>X=?RyTf?W-HrTH+7){r4Qfl9OsAvBQ7IcLR6F02>*tGKg
zZ2tNat-JEF|H8>B1L+$&r?rcdc+x3?os9Dv0yjF(?M4^Bxx1N<OE2vV9@3X|%Hrg`
zV+^0d7@3&<TD75snewL1h4tRO-D?&;`(nz7(-Ef<^gGn>PKnXHpy$e^KxoyL7r8l@
zI)tg0elNS|63>8=k&Ik@WOq<tA6nb2F`6AaKwtC{A`*MUnDqG5Y$MG%^mnD-!HjIK
z9joJ~PX_hx;5zFdns6K1^86oQ`X!nEABlOP@lT=g?Rr!&Jka0sj^+JhBdp7EiJOO`
zFlS-APQ;IGzUj*!o<0u2UP~)znvPL@Og`FU-=ReNjt}V=WqB@9zcj+~FbZ~Y?0g>5
zDRc&7<-HyJ#ir8bg)56=rHMcM<dpJK&awF;>54J9oLvHMBiluzo1>Q>)Gpaz2$_~z
zZZ$d`Mu21Fy+aM`I&asZ28;9tNmgoQ|I&VTC9{ra$4;ue@QhsO&9OS-Gcokm5zrQc
zxH*3QFTgF*OLP|yaGYKTvg7j#D69iT8JgSAzOUUrp`y6N$ZJX^Bl(xM7|~a9Qqz!8
zBql|UEr>l~y1`z>uKsx=4cEB&!Y{@YUj>H5iGq216_PZK^m5|1)R@nI(SF}O)>1?N
zX(m^3-!V9RHGAe9ufjY?u=H*45>%dNAi;_{al+4+YrvO_Apv$`3*N&Nzy|12sFwYt
zJA30Dc=3U8At5snokSV?uXlXFTcW+6OKL7rzA$oC{YT;};Xn8txgA=+){&R!*ZStY
zPsj(P`9Z^K%p^*|E=qZkQ&m#9PYq*|lrM?j0PuE<0!@;9$YKXq!Fx<!_j6=gP7-r&
z8gGq7QEJU}W+PERcWtJL-8^n}>Q5y=UqW8>Pt_&MU8AsH?o)**;eQnFPCd_CSx+wD
zwQ-E68!Hw<OP~4$2{W~8w7V-o8yvrN*CE=lUm6=tB1_nAbRbvb=iBG?+h0HSG>3->
zeR6dYo)17ZSLyE5>0Dq|r+&+1TLGo=_<ir)du?A7uPnx_+PWP)|5n2n*7{5~_G!I$
zQ+KoXex^LjlaBM)*F!?Ekd^Hm62b3rDjL0-^U|4k1693z$DEH<!$<>&xP*a&PEm*q
zeAY;~cGH8YR%;?(!W41yiEAwjUxkiB*9Re7&n(a`#|8tfih0aex&R+k4h0wv^o2Yd
zWsI;kG#ZPNCa)*a?#>+>c%*)>*(I)E&Q1!mttbE7g4dmEYz%?QY${$=dn(`kNYb&u
zbT!J<`BQhBF3#i3jNZ>0Htz$-%t3^09(D|G<)5?KZu>xkCe8VXmU_)@v#mwd0DX<S
zHjk3Rf8uW0OI(1cf<VXmU@_giz21l8w|qo~#?l>f^nVgM*)h#~5t|NM2}i%!?gJva
znalh&oQD$zqEYl4=8V@SGLj}Sbc7U0N!Pv6#3?~qtr=ih+ImY>+c}_KyWD~9&#`8V
z=j%VnUpo1l)o0dmsMMCKSIv^rk5Wv1Ys~$e+S-HPbSI~KEpXW}4rPw?+74}o@PZz{
zfF{i-j9N2!IP%ZB|3=`u);Afnu-~VMtRJgbvhr{AsrgSi;($L-n(VDV{-sG}$dlW#
zr;}e93sEiQ6j<ZAClwAQY`?XrAjK7t-Ch?^{VG!PE96RZ<N0JGVgTi@&UnEfHT%N;
zUo`i%$MvCzk1(zR%E)W+;@8v--za+DwN)p=16xD$y!4x%&gnjCes&I{oOi#?k~v~0
zjPo&1crW-rdQDufTvb=&C??~M(9!C;`O~mV?EFPif<JC>eF7Z^Ht#v1p%(_gP&TX0
zRec(!)pWg7or`agzQ_r+`P1F_R>Y&$MCPnuwEEVGS*IQ;I#0DPjD`lX{_hu*BgxmU
zgm>z_2&PUb0aoO}Xg#@X#M|2{@u|hl`FD*ootO5<t}YSaQ>`P=Qx8_yY};$~FXdC6
z@6e;zYHuzU=yVrZM1t~zDtBL+3yP-k5@r4<nU!5ju%EA-v9%EhX0^u>28d-;H;RWG
z)x?F*P!y>O7n3v0YvI{ygW@ghZ^^RDA_TZcB0C2UAI6oU<-)O(*Fy4zs2;m;5PGhX
zTN_UvzFtENW9EtSGYXxXFM{dIz6`99@?2oO4Ex2uJ!gaSRtoa3UF4l+1o5s5k$L-b
zmg@e&ccFGH*pBI<^LK?f*7@4>4L7@GzKhMvEpdU`0M|bh);&(6OC)8)|5edOOhhlf
z4QywF4T?PfDHbw1xmNESfyQZ#t8ho&cl%27*vtW(r_F(7ZJvmqaaf8@p`RBv^H##w
z*hQox$0oH0zkKT9sE}|m$t7h~9{kyNGTD&w&0E<sOrl3MQGGOQ{?Bx`@Yh8HzIIW8
zA>;tS*d2cgODt+WJ618}(N9uPr7f;p-Tezat2&=h%Qh}xeQZe0rY6>fP%_`!yW<U!
z-x1)K%+H|A6!}!PHZ0>lmxA2Cd(%sYp`YiQwxe|t`~z5hdB@V1M(*d1C9P*WUAAYe
zkq_w%;WcM9G|s=o<u!#rIP`V&r&hX{4lH(k-M6O^6{mxUPASQ+ELhj<@*9m`#y@Ws
z1y4At=3Q{)m<U05djeHUFGy+c-6Kujx8kvnJoU_PpvpU6OHS&B44j4Da$RYUw+iVp
zV7{MP#eehms&HgqJUrJ_0UAD*A#6orSWD5Y(Uoy7n>TIO(9$IX9LOY3Sn03-uYEgy
z-(K@VjqiwNV=wzc({-A`?OgL}Yt&q{emJ6z*-DzXj&R7*3SAz}w&EWwx4T$e5>@{n
zGvwC%OT?K1`#T*3tEK<<h?W?V<wW_ZvtkqB#MF5?&<KF!UAFS#X)?)X8)}}ia)CQ9
zCS#i2W^vX0R&7<+Y@X)5JmUgRRMY#<a}$#2*>HoF4Y3b|F_YfSZ+AQfGiMq59v|`r
z&cuu58NE3QU2V?piy4qiL^l7)zXX-c#J)9A@rL7*LP6YHzu6y~Q<!=uMDK!vJzpv3
zeN;;wI4kzhYB&bv0eSx8p;%<o95_?3Gq)@f?5I+v#-5D7mrsKWWMKZ+p8BhY*$dNe
z@Xu5F^O=_^mjoHhCC?-qJ42e6X@gN=swN?xpSuvb9Pn8EKflFNiej$_EwKpM?9OE?
zI!%YX#7+=igl`mLELcsfrCr|T5#MSSZ48MiTYSbq@}ZwK{Tq43h@7&YNfX!99ZMLf
zTauKA&%`EYYe1^%O7RUB%&#wB`386Cu#vMX!)0vZSWhAfX2(+%LX4v47q!9M)46q`
zOh=d-$)lKXv8`&qA1uFTPCGRIgcXK%4otpnRX!kct_Z)LWKNt8HvOf1(80?uHO_|}
zc|u<r@bTB4PlW{UkE`b@P~bsu!2bbhK$gE}X-r|b*FP-N<8NQfR0mH(unvy-1R|#(
zRTK5*)~L8TC@A2fkD8{69#>rb?(MXd0>3HxHVA|$zX*5{ce^AIuRp5)C4R%z13nAJ
zfWskRDG0cwlMSBPY-RA7&Fz(LdZo)eWWiK5WGc4Jv+}4PY&adoi#f^=!aC5KU>a~A
zn2o<JKlpp~`@HYS!Pnr)K?%qH#+~__K;-RUD-FoeuN~ixr<CT`fidOssd&MC_M6s_
zlAWU8JqHTTo64Szq=Xf4iDDz^0*_Di<>;xrm$9oA?&z+%NG>J%-5sHPr>O#AEu?UY
zYMvKFNPOzFTH%6M8VkeQHBKM9*Eqgnzb^IZDc)p-5S&W<;1WLKdHut3cx4o`d0>dw
z+Oc5`G_Ii`gy4NOFx4(6@K6h|DQ3ZK#-1pR3-|iRZa@s_c%n2WD;#RlmM9I)iWL2c
zYs6HWEp>O0NAjKt7yXGVVBaHovtlrkp-Mk2j#auKRUmT9DR>=sWY_T*VXQ5k!nQ;W
zZ7E`kTCu-tZAr56OZj75ftS2O31&L{z<!u2aFXi~hxZEi!ixqSmWG&gShE^*_@fvh
zFt{iH9o&;u9WJo$FVR;3I=~|pJXdUmOGY~Gk-R%KC3Zfi#OZLz%aa;xOO%p!{!58<
z>}rzU7l_<=GAiL=N?cNvxEi7=q4oRaCaX$p<^8@hZ3*F0EW^oTs3vU$5Ih;EO_Snx
zC;fZyaCVZwW*2=lsXC5GD(9C4<E%*nF}Pbli9ha(h5-c_E<wX$)ae_KgDooiCkaFu
zT*wy2P1jEMqwMq;IQ<%a(|iKM?iNOfascOD+%Ki#m6`L6K(@?x60)%s3~NW?a@MGN
zt8mDeC|$-ragFPgQk+tnov^gE+LWAXce%kM{VhrZRw#vdVrd(8{)gw!Ge62jX4R5e
zt+KX)=jA@dpg(z;*`3GFoj4Z!iVqJf;CxA&e#e%lyvOJIoW3p(Ay2%sCrVG_Gg_kI
zFwJ#=E7x^UnS<`*nEPwYeKXxXGlrI|e2JFv%(8%4mQXES2UU4;(X>f1LgZG-YO`Jf
zjs0Mv^wcY*7^Ab46bHNCWvpbbvJ(!IF#KSa4d=GFXH*Bgi_%%wDP>47e%TevrY-vz
z>9mysF(mvjSie2XZzgkP;6AVtZr}YMs!uCx%y)PeD!&x_*APB4!Bvppx{l7bIS7$^
zB_Sfa&<_OjqW><UEO20k=Z^~78r2QSxJI?}QGu^fZHC`z?1<%Gr4js)Qu*!#xEVFU
zyGn>teJJ|n5e%f=RgYRO1UOxcJ$}Q0AtjSIeK`+s+<oz9{z`7n9R5n~y$J$Q`ai-;
z2XAn4^CZ0u)p$gy@lL2Td4!Fsgp;VZWN0I~39bU=w2l3~4yNRub>z9s3NW)A2g_`$
zI_2W@MYGgAT58v3Luz+inewT3&E(3TtVNf1>S0|6m633{?tPapS9ys3Dr^4MrU*pN
zdRHLIdxrWxT+!%6ueBBIg;1vGAFvdLF3J<UJ;Q;H;q3cBuqG#lF^C)-&!h(1peIX*
zC%9yX{B!~!Bxfoc3!u+w!kSiVjChfSF*cM0oKecrLe3D>hO~l@bL8*d)$63n15}~2
zRs~+^3X-@Ex=tA{mIT*DrHz2G!T5ifY21oaH<qWpgB>56pth@5qIEftM>&L}*@zm4
zLHBOqqI5<+_AYyI<afM<zmtG(^4>fR+PDXuR^K{45!me!FRDCj3=#Ot7^;&`G$*xn
zCk>dBhTKV%-QZ-wLrN3<<HPZRGRaOzqJLr-8x^Gn+dNu5;Y3~6cLkCtJ%EC6EB^f*
zwHb|NB1>U}4;vC(1^GP_{S(9SmvCyM-w|QVrM=ekejmL9ey?!9eYxKV)`Sl;zaI4h
z!k*$Ucv{8RdBdSw{0GMv5qbDK3vSmz!E#Z$z~+du)m{j0$xfeCz&`)ET>JcIDqrw3
zXFQCh)nU+RxC<U+aptl(xd$xcylNSz9=mn}TAUayPIZi<4l@3PIHPT9tIp&jE_u&*
zy;aXIz`LqpfR^C8o<Gn~0`6~L7)p%9Dl!ga@}uRQ<J6nZ_dz@y_^BkX<R_LHP88@f
zw&L6HWQ4C>{V7ZNORX9>K&c83P@<HWBT9$l>Te^XcE$QmB~`=el8T~qmK!}DuN(Oe
zwwF?tCY2XcgJ^PTQ933{yX6yTa6<I=*pTSE4k43j;vgw0Sd@Bf$gkj)Zi>=wk90&{
zHC}xgGj_vsZ(|mY#}OA)hH=!DG9I5e22R0o&8<ZO@h2Z{FFlqQo~5{O;UWwcoxZpN
zN|jEmttdb6I!v7;5P8v9fhZ#DO804}M#8D7aH{+xO64e!)X<d=zD=nT^H}X<b6lsC
zjknRm2bzc4;GyMM>{^tco=_^6A1m;t$Ud`x&Cwmd-?AMxwpq2q&+lRwhZbhVOx_MZ
z8^hbXq7+gpFB>E97K!0xwtC^<KFe^YiB-5J_b}X|?|HbETDZDn1fqOJ)Q22p*%J^P
z?v8hX^&Xt<{FGApD*W~9Q}i=V^Aj>rAaYeW^~y6m)lEBf{XK!m1Wv_0qg4KRj5>SF
z?(gzVN|mY)DdkD3$OT|K9ZKaE8c)JCqnv<~gWzOUYJ5X6d_K;X_3S35Uc<#WsoCLT
zAbF|$XKWCOm$KwRZ?XB}wxYjXSc0!0DIQLX(plOiO!Q?Yjl(x?DNE({C4z{U+FE@O
zzC4Bx=)3fbe`CP*Ew-|RY#eAKB)<a`4%6P&N!fDcPi@eK+f2eX+;E{lwp0f5L2$F*
z^Eah%$t6X(PUWxM(g02jW`p^XtiY260+E;f4eICn@%elVT;9qwO6itTVE-n>-Dmy2
zc%(-v@JP=@|MW=t@@Tc+c&7@^s?7KJr`MJ9_|XYf@U@=DKRrfH=LaWNF-%wud`mt0
zZ54IG%4eLf68#DDJyOTWL}>({v-<Pf=jW{0WL4DABQSb=Zl+{j6$Jk^Ng#5!x3G1O
zz%KERKgzOayRB8!853=q>ZP~T>4E_>(Z{AL?75D0h3>Z?%=8xW)lq8dX$;8YpB^V4
z;Rm;Kp6Q~T$q!y-dNA~%T#(SJgn0Y`#%;5Sk{B*Zy(7KSq`F?|%^1;NVJm)MtAr?Z
zX(6U=4H6~zGtTRGzkL{z=^P^ZKUa}G(hg_ZJx0BLf<WW}qk;O5yJhi4Fh-pxDpgf|
zqSYpC;z#4`%3MUgTZI^(Ha(*S67LTdQy*4v&Z$}!oQHZ|B}5!zpC#II=sB-HDq<;n
zK(*nRo~rK_Szkw8r$p(vvK+sE#No%$uRCcMpBVTFzn3v;>JgkcccvvovFJ8dovj_8
ze<KiQ+KZ8FT7U+o2FbNY3Hmf%yGR@xi2lUINp`O^Ib8Jjm?@?P*`OA?Z-w2tunRkp
z&$SV+G;F>zt$IUL%=fN9<OZYILaydbSj+GyFIMM3Jkk!i@+g+2&xWIv!%JCniVP=2
z*%ym|^Kh8wUXaTHi!;C}hgHBGwVngq@HGH_RNVlWFwy|Hy83?we5U~d{_u`K<W3_Q
z;7FGhV2hC|V5AcPzhZ!kDiNYwZ-#)Aaj@zBJ%<C1!tZvB8g)noZ1+6iu_XZb<OOYF
zCrBPTLT&#ws}ptkV3Iviniwwn6KBGOfU`Q;usc_s#mcs3J5V3la^4n*JZ=Ow_w0(8
z`y%Md=aqo#YkG(rH-g`iSFn$ERK^owavh#Z{)=pNi|BVmu_52SY|c0WfBz<`!a<d>
zc@vc}1K&7)IvnoX>_M((jQR>VVTGY5%TfQ1<f3f*3PkDI1aFA(f$4U+%WyT3X-x>u
z4cWcY$Z*kLq1PUPKn1s#Zi`a)oN%u+EhmyUg80;ZL7k-Tw+zi7VKJD+Sjx4a8Ortf
zc!9_-4`)r`X{=RKh#s!8UN`;lZmZ!qNi|=6W7dF?yE0w5qLi44Z}wAGDCO~k{f+@R
zW_Hic;yQkf-!mDNctG{Nq~>#N<(Dr(mg*6Pi=o9Z!^QA&#DBdQ4%S5lJ{u<x**%OY
z@L3}(1sV)fFNSiZut6<m7egty7|!7@lR3Qj(^u|gJ2_xsB?N4frvg@c9&pze0O+q~
zxEOj3RV)7YYX9+KXvo;o#|lIqG!!oeH@g@<fr}x9%_r5_&wl@O2Tyt)OS;m2HR<dc
z&m~;}ldf${`nw@&(uw~y>7VLg(!r4Q$|0C^K{-r%x_ZM}+4%X}^!y?4?E5#~uVywj
z-lD%4VrrlMA?n0erqYGA$w&Lxx{>XiJ{P}zGfLT~(!caPeWlNVeo|Ef{SSjx`fsZK
zNBYyXkv?RMK;%_}k^WRAr2iVKY!`ky$B~Agd2+k8q<gTWllH1fpO55851Ae!Ck(>T
z&Mcd{c%&4|(lcawDY@PtzF4<58;fBNc4!c;AYfAA{J^3Hgd|ES;T~y#)@g+<1|{Me
z5u(lwZ4XSc%b#(NZ#H^f49D7R_F_vq;gQ<!4^NcF?2i=v2{YjsPSCeM3*F;f_2t)o
z>t3r|42pDNv_NDD+5Q+`9z~j|Hj&R=&o_~=gY+gc)@5uW69<`^$jCvs62z71qRKM-
zMh!=gJ*@xV%H^(u-y#~7ut$~qMD^#|$lXPt%$~}IHZt=~RhGMz|6?1WwGjW}D1pfH
z-bDPh6%ZfSvn<DnxX{Im1RO)g`#XfBJ`|j3cS;h1Z}88RgqluVif{3Yl_DfQb@O8O
zOSO;iOB_P&x$q=}e>)!Hhp^lSGCBNP<q=-qt-`l?9=_mH?6i&WsRQ}))&C0LjKN<S
zDG)g@5aEY~Bm8#&{}X#xoQj`!a#z!met_RA8Z}{;nl$^xeM8dmnDoYQL(==+P?P>A
z{68kW{zXi>2_${|4NSTotFd|5V3Qk~8*AnpT4VJ+g9o`v1JqRdH`Xq;gr$ZV(j3De
zdxMhRNFC<%dBZ%+ag|etIdPn=AAUoB$_lZyd-y`O^v{`wAEj>X9<UHJY0h@yaHn1f
zGndB?U`wZcnNBG(1mC<=MxvEa4e%rd33&YPg^7U*>!GQpbA~Nt*$Pj8#JvS<?MS@8
zLwNjpTWTgveQ0;i*;N7`D>}Vwc&rfp5npd-)}r5$zJR@$b*9}c34%~%Q3>{*C71pF
z^%h?7L-1=(qaNp|6+a{5xr!GT09W}+hKfJZU(K|2rT<v*w`yR;w;V1I`D}lz_^zxw
z|3dAlJ}UiuPqn?j-ct=Jt-eR}trYMnP5B0|ZpZKV(I<E7&75;n8RYyfTjhLE?K#dj
zKLO77D;kDU*ZUcUQr}hluS2O=2J0Or5cy6&Hk1lPSq-Jm^;3sZIYB7K2W%)ct^y&-
zr*+k~yQCj~D8R2z3}v4ebBmh*xpO!)cc<^|YKZ+7$1eTibJ(Lk2JAfjc~OuH`Wmor
z{rh<_Ia5pxM(m`mnhJ=`Z%wJYgG8zQiEv99eq}vW!cc+8`F)uT-_)^^;Y43G>)G}A
zZ=wHU$5(O6*SKueQ4&8J=I)-(tGO<|z>9jaQ!V*h)#rF8&j;S?<qg#wY~&5C@L#JL
zZgyh8J#2_T<dQ1ilNYV{9`#YH`5%JSypUBhv_WN6ZFarlr^?(DHgdqZPIkTSPyu6}
z2VDFSJ}DUiqxu*C-z)!L0UI#Dw7~+A>-S-R(UySWDqz|{(=Xv;KKh8FVjmcEx+p#q
z<!Dbv>}?kGCp5_+O55|pMQMAYbRX9^r_7Yk_7<QiBuY2L)Reg-sk++wXmSP3YOeg3
zZsj|bR0Sv4%d6+5v+@^)(^T{i$k9GKFthi+mN1U({qIky^y&StPa|~b{jc>4O)<<l
zF?GjC;~E6NyTn$3c>S?ew+iI>wH9YXQRaw20+F}(VvFn4PH|oJ=a-wT>ZLBS2vle5
zh-%DK*AZp>P=)Za3}bmOfw*%2*Ub@Rmv(!kJz~IJdk9W~7EH&rM*bd$<uC9{gU+#+
zbt}C7lnr8P%1q+)buFY+nSd)vr-#V4UTWX;Dn3Po-o;<+a<5!(?3<3Tr`xmJ)J78W
z{6J~%2hfxs>d#Sv+_$Id7@m2}x1NMd;}Vx_?Pi2`A4AWCgJ{c!Jv9;)|7D;+<gPvO
zZWPLH+ACDy<D;Ix8^!k2??x4(jN|5)dzxB#OiyDgSE@e4*Bh<f;Q+ZX)0dg#@JP?{
zD|!9V&-`qOs7)<;zXvYZ+JZm4<sPw)_XY3#Ki0lHK8j*_ymvO61VY$w1i}#r5Cpjc
zL{V5JnBXk#atJ6Mc;oRNc)dhXiK59$#xW2)@c<D}gMvgv30DYb63!6rLoR{L5bh%h
zXa7E3)jc!2S-|(cKmWk&baz#CcXf4Db#-+d$cSHgVv$UOE}0zGQM6M!4mToTGktMr
z)iA*5DoM!~ZWdWh$>G6!BUCo%E!wa_Ps$z_Z`Y0uvxtuYZD7D;b@-Ij5LtONCRsV?
zQO2z_hFexVD~;h!%Ge+cP?8VFc+|9<!0^b&a3kpRgq>)Ihrw`vj>G+{4Z|bT^PRqS
zZ87-5U$PVo<4kio-YQwv5Az%IrNh{mdz8~w(W1}1LaD4q-nq<9D#BznvISETAeeJH
zbU<~C`^Xa4_R2?gqP-4)9TD*Qmg~p@F$L+hala|x<n(J4z{9mZV#C?qY1v=D7-|_$
z*(t>FbR1KU@;2LJ#~XVr8``ui_LKdH<FQ(@;@K0Ni{sIwee`iV(bS<Ro_EIv6VGoA
z<y4Q2vku~iL;VKv&7s^UP%K>4LO7>P*B`wM2kp-;vXhD?vKo6g`y)zLW0Mx)=*Gq@
zGPKgRie*@16g$zH!B9*ci{acS3()`dJC3eL8CB@?y@IynZZX1x#fF!XNmFZi)Xqg&
z43kIgyeW&x(mxn59=nKB@L?823^p;Qz@asG&@u%Rn(!&G41b|z_&v&K#?d$>*$+sv
zlDf{&Z5g|Fb7zFwGS-K9l++u{$>`=VCqo{y6Rm0p&dI$kgU!j&A-tbw{O07`5OYp=
zAJZJ#z9Ckb!qohAaMbErGQm!?f+1k3>)%|bG->$<c&hQDI6WV)hoHLgF&4aJ7Ic@;
zjg1AydHZ<yH|yrMRZ2po-W=Oc$M!G$*X{S)Oew3K86-@!@p%2?C<H!Oj;8STi6xe#
z(7cyYX~nEpVwgn5?Mcg5AaP>^aap=vO{unNpc$>QGtP{&xdGrTK4Mdmn)L|uWdkT|
zrU!VqOF%!5z%n|i55czEvF$7WwCzbf2EwyPPT^-&MJWpoh|#DFLUc(&VM3X#4A0VM
z5%WY#%NYnuAq#VP9p#7a(;46TpM@b+74fX3qCWdqo9^X1&$^bP{FbxJMszQB-6CY_
z!z_=S;`JS2az$3Xxv96~v07`7f@@k?D=X_gO1XA)AP;0X!<T|rxqzjznm)y<oh=zy
zLp#fbPbXz%WNvB<L`o#9=?gHV^y7g{O*>l==26bFuU_Ste!7xUZJ~#E^lA%}CvM8a
z=r@Rc^fxmCDQY0Z>HYMp5vMn25ya`uUBsbpYaz~aSL+>*fMj)B0BrW+`*$XQ2M~Zq
z0BF$C1h5_f<mQ<GCL(~gCV)Np0AO!E2k@W;z`u_&xuKxv&}TD(61nQAUx&<ov0W_)
zIwOMBa}5LvBKSxkc+G;~j&h)|V4ex!ga-g*m;hoBKobEV&jMfv0yz1r3E&q5(9Z<$
z!a@M>;zADKG@PNW*4-L3CKmEv#>Nh_@nvj$MKo>_XJU`g0l)+c_Ra`k^&A7hr9T0{
z<v%%q5f%XNA%KY%04E;6{+j@*5x^w@;9U!VxyJ!Oq-6kqK>+<s01smqMu;vfvjBLh
z0s!orYXbNe0<f6?9zqHp78G2y0Qjqd@kl#V+kUnYqR%+bzRbffdF)FLMAgLJY3Zf|
zk$n4$f#fwr^148B#e(FulK^0#h04_f0Kj7=fWkijzzT6i>h4x1fS6N^ruWbfI*ZYC
z^&EhF%mVT?1Q~9EoQoiT6(C=*fShw0034rV0_cVSihec#co2YB0Qk`Yz;lL++FT=y
z&EYnK(t4d^Bu_VOH+_FCLXwtm#ZLUhzTAnO*zt==!yGrzaGy!Thy_5yBMUeUGg=}0
zKXei97kbrk@i7ql2);O_+5^FeVHk{P1fx2A^AAv}{o8FPdhP+(f%$2EbPOSSS8&T%
zfaTpBSpS2RYAqPBJ_i99KRH($6QUmmS6(?&q%czU)mC_4NWcrN0dFURw@J1WeIvsA
z0^u!fM2J393LviY&58T-Fs0i24A`8*0F0kx+8A*ufyAARyA^Tw|4pfuz~H(526&$!
zyzY#+P$>Z3&$om(hrv5^zn$na5Z=28uc84V`m?qGcrV-%-lIn-)h07|gO32bX$Y^B
z_4j!U_Gh|4vxXwzvF7%tH?IbEGVxw*c`Ll3$0*gBFuYe$r<;g)bE64fi1mZF=$7z)
zXYfk;+lfB=7{Hr>@E&CxIxP_18@GfPQ%<S&7K2x}9N>L~@LEKJmZkq%KLBL6TY@am
zDAjIbAQxx=@@oXyzcF~}8Pvz>2XJe7i<@%mP@Ph3Yl@xdZXG~!XYsSqB6#pi5&&_=
z%^_;X8UHhg`;P-e?w5SC5g`?_AEZ$?hxA?rrP`egQd$K-%0WmcqtO-%)KvBQbplAO
zcXI@D&rquENVXGw<{3aR4iU_3z&n2fRha3R;CZcIj}UzxoaDv+3h!sQoIeB&;ruMt
za*N)Vy$9caf6I9P{UPK1_kMPgw7jyh5%Q!@IstO}U4%bxR#5l@{NUH!3-I4D;I}Z~
zM*{rOjg5#Sy(_{mfbeP8py2R{AN)xOznKBQV7P!kH;KWYYKaQk44eGts0e--s0eb^
zS6_v?L>y94GBYR@InAw9B>n|dd_GoC(aWHs9Z+$&kr7IwyAgg4OpoiO;PCtV!T%HC
zCmQf~4HNK-`ZD+pEa4tHDpS*8_*}Ju!@t_h3O`~$z~BC+fIoJa@RcBzrvb|bGd{ym
zo)yIQ0ruvb89}kl^27EGVtc{BR@>;!rF$8k-z<?3%@F?anRpHs9R8zz@XsLpFa!S2
z!t+yzSUv?T^~_KLJr7NQ4Txp?_d&7L_QP`N0ATt44S^+jsOUuxfUj82>W8C-+zIC-
zEjawbrdIf090d4D2K*xr3iw;^Veorfj>9ja4X_V}#}yqM{u_SqD-iynGyy;JL5yYt
z6t4mb+R!+>zOkcS|6F6sst0Pyzd&7mG!hhn1DZKKC_z`6SP2?>7~g+22s%GRboj7~
zQPa*mQPo2bz8yOp9~}N~e(?7q{4=Qn{-*}~4*-60v~ftO&q9lA)eKW5ZE`QDq<P;N
zD(QB}q3qc4GgnC;Zeps%&;1PmR>D-cGQJB+;B-F%TY;hL7-SH5Zm=NmP#;F%h(^Zo
znr=q|yCeKI!QnsT2Y&{_Km8x${Zj+}`v89v4glNS^qI#1{+{p60f@N=24LPaV*rjo
z4r9mB*}|fVF$aJm02@q=>w{@Q2~6=LFb7tNW1vCc*+KqdXislQ=8a-#oDkr-fyX|o
zce+lFQR-0>2YhcQZuOxUk5Z|PZ~^_NryBGpBmF6Y{tXuTM;$lq8q>L{-QLH{tZ@$1
zR)_=UTVzE-kS3MA%_hsS$rt9XhdQYKg1F;0-S8L|SlS%`Tg5NNwRMEGg@G;0(rO4|
ztJB!reO{1i;CaZ>;!VV34If-wyGDz6ON+6)poJxNPtU6DcVCaSICr<%q5<Nt#Jg3z
z!Bz9NC~!VtQ09i!z&pnRW#fK;VvUH3s)_e)ON(!?g(ZxLkNy5yH8AzFw0joYSt5D#
zA8WRVvb0FR7M2hYJ+)TQ+1hiL*=pt?X!Wv13@r*&d2<`xRF8Bp<96cRcA{Sa61M$-
zdgL!LrlP7Fu33Ll23bgnK~g?21rFzI|0c~XO^$-Wx}e&WAzVYq4zyU#M&HW3*uyN>
zqPy%wFGb5W7rQ}Ygn7ZY9x2p1;|5)sy-d1JfK9gGw*a9L+==Z`&a)Bfcs#(T@IdrU
zhCR)pHM`3=veBPIqis2o{CZP1@)q449N3_<KjA>Xx9&h4C-fVO|DzZBKfW?#Rn|<9
zRmx0}I;Wv2tH$6n{L$ZntZnpFP+42u&?;+J?*mzTc#M#>z5!x0NWB9d(#K`O7)YN?
z2+`iT!-Dyy=kDn5(bGZ0i2V|}<r+UFC{>^OQMC@05|2UEX}6$ie<GvmV2p8&?N5Rp
zdJqKuBZ#g3l%UtGd;4Mg05`<_qXoA2-QueCtAOo(bXzSCuK(nV8UM`Bkp$O5*4S%Y
zq?m6vJP@-`%uO&BqMtrBqulDPfw=QG%(h({`Ze++2#+Q7m&&aMG(=k^+Ji2X#}X}K
zZZ9m9MdrL)&=l)sSFJWQ#P%GNjJ3{JzP?eaA%d%VnmB$$(Qk=H;3BxpW-L#>SoI<)
zD9O1NaI<iK`_M8?7LseOZ82dFpmGrXm8l%`PJ{(l_PMd(8h;N9F6MjA_R;)lXjw_g
z(MMrNo-)t*g?Jp}w<ef0*?tt(LAx)3Gsk`&bRBfBZ{^Hy@s;T0e+kYk@6R=%d|VBs
z-5Gz*u<%id-sfz9>*_*1OmHIv7u@*fk}J)jJ>Sz#k_wmv(_h~RlRE*2e=85V3UoQB
z-dqq|KfpU5S18q9=*|b{%X&BVsd2WB2npB+-mQ1TeIU)D75A_c$WE?*yak9GkHkIE
zkPva%tj570%5OM#o^hE{S@GtILqN7Lh90qQij32BXAK_KK1tx6I%offhh!I}K<?GN
z0>}?hemhQ}va0_n8O+OBS>KJBBi{G|80P*@gNm{jqj*k>962LBhd6y@DAA){G!i`|
z3u!i^8{?KIEX-QM7*!7e=RbtZ;FNTV5*e*>WOYOo=5esw<P1WSmcm|FOIFi!w2s~3
zm@~(toY%kG2ZQ=6c3?siGjN$t45W-dnNa9aN96$jjJi&#E?qK@Xf4aTq?@_C)7Qfy
zJ7RLV-oM(~3gpX|mKJqOp@rp^K+S2>M_&u%0`0r5e71TxZ!qP0-RqQUZ;E=i-LT$@
z!`AJe&8L<mT17Z-#!&g<G<oC{A*f~?5|_uVp+nlNuA<8rTeJ#A_vbg1Mup<E+6!+8
z=mQQ}*E<{Fist^mwU4`qlg_$<q3D5H6QfwKI!LMZuxRvfUBBEfK~|4ALf4nT8H#9l
zS6#~x1(BxE3y(TxivA($3VlZje&5r}PPCJq@h*J?x@TG&rAt}q=FWDaH^YWuM$z}I
zXaOtIvFOBeqUb|b^c5?D3+r!owhL2F_7$exFRQNHNkQfL$B|Zfe%l&+|Ji`sILUbb
zxwHLN+EgV|0lMy_RIBP_7ixvT-#$40)_(XWApQ%_3jAO875G2wbW8lB8UA@YSpO0K
z7uNny42nO$jupSg`)}ZHY~T;QHU6ng+33pfS9P=tOV;RraQp-P@PAf>{eQ;j|Gh^4
zJKhriVTOO+cGiEy|B1E#*+KCiiLm0oi1<?t{EZF#p|{500Q%4HS9P!pD;xWTkFmxF
zr(v2O4Yw7e|LbYP|8<YQTXb9pJJIC`LbM!2GtJV?6(0vhF~kqW3Ph1@py+mwk^iK_
zExY*}V>5XhrCJo?A1}IT!*05Q(-7fD!#Sj(mO;ZDmwz`uzuivsKWY=A&A#0(d<UYN
zd(@yP3Tj(XT!%Na9X~!LP`F*9o4szoWj7V3CqKQFQtfucKf{9m(ct)p`Qd*DUz5Mh
zz+ciw;LmS=OZ>f=+H<IkQf+p7yYOfL+z@;ob;n0RX{hT*!yKex#*>1Els*>saYB1L
z(erB&qNN~?uPuFiBRKrkwXE<{HURv72K=MFMIX1dyJa8SF;=>^g;H%zJG=0v2>g{w
z@IwSY{Bsfi$|nT=Q3n2Dx5l5$<~W_<PeJ^jS^FOx|Cw+r{)U^d{|5e}cN_h`?UwjQ
zFo|)kl=c5MyU=fq{$~Zn|DhlLG{nDhq|tu^|FB!*-vs?<_)`%7IKg9g;M19}2dAN*
z9}VNT0uA>VG#t9i-ygiLt)1w{dFn{&R<7#XmSKV!_>o({v(2y{<Ca@WzFA=@d1a;L
zN8?qNAK|MlKU%J}{BRaoek`>9m|0@M^X@v!j}aRzKRRu+{P>lv#`3nN9$UGTQvJEZ
zlxkZnUso)nRR5KIU1ItAaRH@zHT(L5<?D<>O7$22rc|3``8s9=rTTpK^)1WSIx8vF
zud=VtTE1RjUxyu`RP$QCe!7ZMeH#0Er{(L3)s*U|*w<E;uUpqps`oldsTN`R`ubW*
z^$*zBi}B{y;l-5d*VxwsmapwfDAn&jMyYnKja|4U1Rr<#Fenc-47KvmK9tp$9~C?_
z^-jUZAGZn0$H>7SGby=bBc<9P3q5Q;^%0DoyDVSb>zS&~zCMgp=31!C@&%<b(_y8u
z4DJ1429;HJ2r7@Yz6q5F8I{qD%Gqs9dgM|{b%-J<YHb(BrJ$!eGpIRP+mD_X!J+6_
z{fMCFg*${T`OppML2sEbT;8|x`YXkj^>N)=Qhc0Jtu+!kL5PUY@lnS?nZX@~Ayz{F
zgHJg&GYBn6v}{8^x3Ux69YToqQEPK}N{T4e37o<^B%|TCo$N%L#~Q>{P^vv*Y0z^6
zrTQrL^*+njWH!pn*w?39*@fN3MtOj&x<1JWI?5;P0Y-Z)PW)pd1R2+Rih({EXXkc$
zfC+?_yxw9xrP};fCP6POp;TXc65izCgZ=dq0N>mI|7S-#(Msa%L?3vHnU=iX?S-fx
zKP>7^Wc9vh_4=NsRC}P6omi-TfelE`X~?IqPsN=w-)Q?FYdeayoqq<3rW!?evZ4X3
zXgL;rU=%fHMO|6Z9xQsnD6+AlhO8(R^QU=?qGKKGM7z||PV|XblwcICXGQy2(VVlC
zYFTmSNPW4GQhoF}O10N5U!TdRRNukAK5qHic@d?0-}97e{ViYbV`Kd@``XR&wJsCe
z4KGlU3h746c0&U~^e0Lv)y}mvTl-k+M=wyS?X!Fx!-W1%w}x4-At8Eg26LLF^%2(k
zB!ih{`RZCuseboG)_=>_c(!HCy2xg=^2Yl+Mg{28iz(H5T3Ua@S|4XHTUfrn%Qlgo
zm6U4Xmal_h6JcM^wJ^W7V%tS{73;s{>k0Pt^(rHYUN9#bo(aRbZ#bjtTTA=iOgR6^
zpnhoix`t73<PxRYtCp`1uuUlSGNsz1mamU7Za;O|Ixfao%wS`|tV^xErNv*2zeZi5
zRIA^@Z{c)d`&pf<ls=zRxPa1>0!m+AOlhm7ls>(X(tgV+ZL^ZnoMn_&tfq9)B1&to
zrgYAql<vx>wD$^1*Z)E3=p~dMUqESg0i_|UD4ovC%R)*^3MpM)Na^tPl-{?VQqOuy
z?_N)-nZNE;Gk;x{mXeP7>%MOuB!68N<gbgf<gd%pGFR9v`Ri_LA@bL~iuvot#S*gk
zZ1DVbkMxK9b%nRXP0Z0Lc2e*etA5@_h*oE!U;eruS-}O&UpEOG^iHu8?P#`{zixJ{
znZIrVtAFk$`Rm3S`RjUVw>9UUra_J2mSGkoaf=dPhcp)X>tyXpGjW@su_b@qccSW~
z#y7}cmlcq|?&5>N-(1M!Y3!zc7$l8dW@G68v9@-iecT*UlwanzH+MD;yuJBmbG&u}
zEo;SCuWycT4$12VYn?@JzHKa$*NxC(#K*2NB6;0Ynq7Q+DaMk#?kDjzH|AE!>p~v9
zLGrraeL<7gEsTM_UXHgDZF)1jR@SyjV7j_bn(-ukQ(vW&LRX(`;+M4Uvt}Y`U2W%t
z9gyul^2NS>*(D-h9O8FN(vrZp)JWiKCbKIEkh31;oUEoy5s9<sGD@7j4fP1oOY0Gm
zq&^WYtBy_+z;o|=M_jL*(iCpEHlM)LV`IC_NPY*zx7X==8E#-EZW(MR`b%Jl$1WR;
zPkv?;+GNEJc{Y>-vXAoisok}woANm+?he!EQQKw>W<wkjFJ}}|w-OScR)>wu+f9wH
z999(E_NA#^wdMjy%N`<O$9)E7Dl7K12)5$xYzp6!)F)!(Y}qEO(XkLeR69u>*gWHs
z&6&9)f{=_$lGAq?{58=I)|X;TFLMdhVAtz!iy<j(g87$xa8J;qF2f;tIWS>M&LBJS
zsAHyh6kemXH6v5~CY*M6Kt?97a>{%$p(sXHvw>-Dkj2B9c@&cYyxH1LwAd!df&*&Y
zl6E%X*V7-ooxdVtth1OVOmRDJ&HvxTZsu#x_gCVqS+7e)iguXQlmx1ea}tuGz8fd2
ziHqQ}RVdC|s9PNvE-U9`C9POi(jfh9n*8it+5?UGFl_F|#aI7u`Ps1{TKC50t+>pB
z1VZpW^<GiGYj=1{#iKlh`IwY-vf|B`m83XXjdcyI$pr~9CQqu7&EN)`&7JXX6me!g
z9!7{3+DP1UEXMbLFlE|VujS6{5wD$S<&7CjJ`v^a{X~p2GcJsfWF<WdGIGm`w@_Al
zYaa+QuQlSc>;H7ZELN_*6RtfXDjsdbS=c|j!8?ud5k8M{-J=}VUXI2Wqt-WK>u*(*
zSGnd<4lzQ~GQG;RWHmiY|2!1d;9cHZt--$<i8s@_iZvMG4Ymd=8`W5Yva(xNM&=ny
zak79lv#VH&`JS4SFsD)AQvAf@zZ6f^;!CkUh?3~HJ$9lWgecd@=RE-#qcTLsr~&YY
z&7-DGar(ZAFf&Gp<>|}D#8K<tMG&&;i1F|gJ-*k_OB)8Htk=ST5q9g3M({*03!-`F
z;u`T>iH-*F%$V!(H~39yAy9W<a>=Xsu9mENr#LhBh+Jo~;+-O-!|M+~7ENnv1=^6K
zS>2pK{)!Nf@@kAbBh04k_9)|uV`O#s6rLHRI1Ypa+(Y-h2(M#|-W5|rI84TjH%uwi
z2=b2aSCR4N4{T?ou&8LrWrWsV$Ov)!`2s6aM^3Q_i9-#!ORF?MP?Q9S3jJw}?#~?%
zoFP-YYePlPTXhzk`1XKcoH)8+O-_Wjaq0;OLp$>)6CJ$<SQc)_0d}HwX($eVm%)8j
z_1ze^`bM0b9lfxnooGuMa2O3CwZ)ng_4)QG>bsp}HTHzt$OF|)B!RjX0o(M+Uj9j-
zzIw|}^wqd`xZt@q7res&dq?Ajz=fUJcVCIIot}^38i|_3c;g|69r9*5GkwvPE#p9a
zPTwMkLtD*Q#Nky^<6{`#yWzgPS4mwBmuhWZW%O!H1EKcy<B0-HPtd=)ooFZOGyN<x
zw=E>Ge?>wyZA(kYp_OG(VK&$2yiwdn@P@$&JL|&+0`I&+Dk#ZDh+d6vZFhjj#auo9
zBZlBfFnAnI-}Bcf2FDmdDp@=c#vqw(plMT_nc;jGj<8|aRS%yR!F*wmE$9ebR}S$g
zPsiXec$Cx?F+9=6=oN7ubyQZ3v;Yin435R!&Fn-wSP$37p%x-7K(1wRY^uixpmCeP
z#j&$qjm5FLo}KtF3q1*6R{HvF$T#!*+cope<kZLf&rR(_8(I$(=hyg*^ob43H*=4m
zr$H>{oB8c7%s0bZp{3KO1|7yD1wvKKskxyiEnVA|ao7$y+jY1(m@%on;Aw1G*{Tko
zu0_93DLAU&tXmzG!&FO;q6cV~FNYDLzaB>T`;8uDRH3Xo^2Y&3w0cc&#CXiKlq+5*
z8`#cdg%lrk`a&VBr0pyH?L@a>h{@3Yb^<{jCcDJ-XA+gM7iSf_HrHuk6}3SCs|az*
z^Ddd}lCfU$D5<++g0PJ<vk9vFVNL7=;IrwW&4aPbH%>l9_q7USnOV*nEHl{&nPP4v
zOsQTs6h`5Z6rQ`<SlhiFZBtm+-)d_J3x_tpuDGt<mLXrs_mkISWHoJyUuqLWzl6jw
z*$+q_<vB>Nk#D5e5D9@Z)`!T-=P$ww-^qJ|kI%WbnE$Y`ooLy0aeVH(?FL)U*t&d(
z{&kx<L>@&?i(sSlZe1o=baS90*g(CAUtz2S69>~r_0!;vjc%XJm|%;n49|njQ;lo^
zUu?3k5cURVvYlx4>q35+f4`0QK3+C5pyW7x_cjKp{V=>JR^rTD)C|RS#uZyyEm?K!
zxDQjUIF{YV`HgWe%JPry6S90lV+=>xoBd9x)*zBk&&I|9vK;pNU0!9}YBmQsT=8Gc
zCPr3==em_)8w`2Rq<uH82!wc*(feY=V`8jH-(b>T#zZJ`BRkPf)dA_>0;T`IxU4x=
zQ~GbI!>8%qRyCym?mB+bKh2>P)d>_je$FR8S4?c^9!M4#?dumfMep?Uo1)SE>_mH|
z4op!#TqbiJ8f~4TzoYRTx3PR!eN9n@z!Z7Z#2)=HM@?eWel-L~c@kSaQyLk9BUDR`
zun3N_MqF?V2f^_SpCU-Q#Cid%(W5-a7Z2v9nPSOJgY)B2M(;7^hm{1KpIXgeesUYy
zi8e3-mrqs;J|q6}rFR6Mm5P>u@+CO}<%?xj5+eS|tmup3)sDz-{$uFLXZoTZ#h5Ow
zpRBqL^hG`SKyA>IE4s*P<YQ+2LS8?uzO1@_=XHO_x)2G5D!Hs=zld3fCcsTGSJc17
zghDxN(7xFbAoNDRArcWr1z6b~`m)J85ot;9w6K<C^6J#(xrI13oWr+GJz=F#-i7?X
zX@)0f<_EY-hc#gGzZOo=;Ko7ae=R;gGn$$6BdZ`k)12`B9jk#KOd;oFt181Ru{v@r
z`$14s9DI?r-O3KH?_^p`MMrqZX1!b4p>>Br+06{mXf#CY;=?prj3}v;)sgwB4S|d5
zdXy@+vPruV4hdP9!lb6<rZ$9Je0345wm+OdeUo0ywD5YsX%VbsH81gh<>uG$n(6z#
z4zH0QW<q$)M~VLvUL&R7Q{ntAWXKzsXF!z0Yvc_~gsLgi<&4#1t#2Buu^nILd9$RK
zdETsAFY~-v2gewBvrf7!ro=&)ooIiDfh=kcSKeI1Ulgo6CRbKQmO6c3HUfDRk}BTK
zz&A&DPPVHI=ybT%6|1=H#I5Z2IFrvXo=nQ1HrbiHi(y8WhZbtQ{GB-hcME10%F2j1
ziwe-%C6wi#n_}j;_rkQfp&b2TK);d=3*?NGRUf4M!hC(nN;Q*5#(o2eKvMP~)C7!m
z0a><^vIm858Rw@sFkx1Tz1tkhm4pFG^5vMCLJn2$&rr}UciM?ID%1|?=0K7+6T&V~
zS$F_?v)3>gE;I`id)`ogvFA~j@kCucLT@Df^p#gBO<L+`0h{0z5rR5J$7dlkomg-c
z9}d&k!TpHLCiwN5%?L5|F`{lPU}3yb;T9@5U$go`1la~bUjF|9@_D-@fmhcMGuN8$
zTMgR)Y>qBz>76YI;gPc3r7R%k_+tuiEJGeTeTkj5t{9oLG#UFq_zj349r!2qhyMO~
zO10IJo$xm*Cbr<S@?R2X(2$Z)iJgR(@sgGfL^^GLbkhHRpi>fP#ek%xBM_YQe+8FN
z$(FEw2SnCSr^tZM{Lgb^(1Q9RJfggX+2-HcEcwTxB<}b0;ps%7)Avj{TX>_gic&J)
zXkpM|cI|%{Cye684knc8>mas(VG!MXqs0w*=6}Ia@$Z`8wbuxDIxqqBQ1kz92!*^!
zb;!!jibN*h+{%7Pmc}*&5Qc8$qBhrNho?Q2-EgNTZHlZe10ko5$z?m<ow(z5lNF|Z
zmvcB?<%C<=C@bf+F*expvSekyN722?Q31xcH(4E(nc5Auybi3ntQ=s-A<^z8);7V~
z_N-Sqg-B^?d)RqfBTnjteV;WT0S&H0XMB}N)yC9NIU^K$e7T~otXz?mDs3Zy;2$n_
z^~I-|WbGCQ9MqC6j<SjlNlW|Shd2ozlf72as3>K6EAh*tj4Di8D#!5^A4EJbWBAF_
zY}8OuR1<yAnfIYO61Wew@+mX_)@aPXHJWdRW1HeL>=`zjSGfjpULN%iV16~W_H*W4
z#)DL1px!h=oq*@I94Ey~V4vY5S#00)Dpk7e80&D?R?xqW#x<~8NkE-mwvuqag@lnv
z!i6Ud5_BZtxFF#j(Hlm>MSW3)71V}jO;Gg_)NB*fL<BWSfGV~Q%tigR6Jn_w39^n{
zlZ*se6HZd$Y)UB8XW+@-@6VVBzrPL$dzlEQ!n<9LY2r1p6Xx)N;A?jw;3C+VW;efa
zo956Sxh}ymoBrbwA+)B~0|A=(a!V#TExNMxxbzmnv&^HM_bR7S5>D#BfYUY!DSG)h
zCPGwGvOMZjR+0!OsTQQYUU^Ld0SE7Yu~B0~c0XLtoy)i0SCGo7ZG%%;Q_AZacr*ZW
z446YtG!-9SjpC1&hSnhEP9P;M3x;^H9|>cSgb{)SzjtASQ7}J>5U+CDkBGmU2qIn-
zL_q3fe=2^v%BUEV#g^PtC#*!=jzomD!uxTzB4JEez}50GO>Tb2`A&wJ_5HwEgG2E4
zT;^@SAz=3Z_Zuv?&vdmuzLyMQ!ZqaapaFEdV<3QzaX}H@)rm_G0bi>k?Z$(u=MoCF
zIhQ1owDbsy$=hLl1qcwm03Q2{eH_-7>#xUxMjVcfu|^y|cL>nV?k3QBBK?Ds69Mg@
zmVmaN1+9L6B^$V9m?b#2>yzdhUv?SR_^`*!e2dRxzD4mmSgjaijmxTcir5>@U~<gI
zumjD5ci{CH@yImmz<x-~;n2E@4ybiRtm)g;jP!TSV+{SnivWK;grU2ZJ{lB$dvj7U
zAuWkRHGp?9fX4#xyAU{AG5YNYd@aOxyPgaVe1Bte^zmR)hFgn{b_R}h5&oBBf3K2+
z)t|I93@3tds$PhK5%u{et4$%CaL~}y-m*;G|EA068R3j!HLr5btrYnQ;*O1PDTqs}
z*#fWjDyQAb8olG+NEl}ubG3KEmG@Yye<1a0N@cyV)8d`fhE<tE@%&K>8takP|6o6*
zh50*lw2Dd-(RDvW&zgKu(cQ1jLQ9)#<<>UQt<0tU-xKE&`9<>m(8(5b6Hgj!(bHt3
z|B@lNYKuayER@+z+mY~|0$Aw{R2z%ZmZzV*NU2x3>QNJiKW6G_8I>S8nm%kuj?>S8
z<TxYVD%;r5qS=(|6Ey*5|Dz_DJ_u&(Lk5^B2<9sRra`ntt0~uy>uhK^j~m<i*l2No
z_~zSs#YNoK4Mxv?CsgZyk?-$4G(%3B4F4~_y|v{jK#uq`dJPtr)seY)o>u8r*6N)h
zBi}O2vh2U{!T{ZJ<L!0P*m#BTZK4OE^AV)8vW;~czA>2|rBct1u*eHpjg5w&bl1S)
z!KJMwhXrf}Vho+W!~5aR`xIGq)aqc|e+%W(F_+(eJICa3A7sH!!L~*2(fRQLrJC;?
zPD<vI2IPM_16|pc5WVVfpi=o(OJgCG`8#F*iG(f1R0me)mNw~}xo~~^gNx0~mn_}B
zkq`ey1}a<{<e(Dv>OY^f>VD6*HOg*y{CEq2bX%w)&bV+B$gp(~m^U3KeY?Z(4sb=S
zXUqR_SMw8MA2_W0o0_-=q=swSgF#icsr5|l!@{efn0)2wc7jhsLd4C7^QRey?u$3h
z(<=UDMRyyb>lz$guX<b=@hF!7*G8w$brj$Kzs-36-!5=X09@<a0Io-Fyc+yYciLmF
z8Q*YIfL=KR0`!w1h5)^PBnVJ>q$L9HhbR;^XsV6L)$fFqXJQ}TaN1<yeSg;!F4i-~
z;OE<7-q4|vP^Rae;s}fl?ga~y$fH4!M8=zgaWf=>Ex^bF%b@ou0PuTj03g>GO}}N9
z2aoR<0-Bx-CL%P)DK39bJO3{Nql*chYfdk<GByNb-JZM&xj8{af*xwDQti=`oYYs~
zm6ZQU24tMLfl$$|p5V|s@gx%e3;1F78;BTfssOLmH8Q#U*8=CF6inb~NdoqUy8jpP
zgPuNd%$KWg1RqTzg(c^T8yHj^q}Js(uCm~DEw<>Kz7;4Bj<y!^Ad5=eGmcW>wF)K`
zen39H|0a9nh!cSe=tdK7bV`q^uqp~{wFUCwkz0V^(s*PpthzOjJ`9eBPz#$HX=q_J
zvbZd_s5GP4yeK2Ha21|stFR7aOM@;KrDPs%EgTxAX;IUbC^KjMhHFc69p^kyHxg4C
z|CcKbCm*(ZeOnE^OWUstF;VBnYtNj5=K9U2K$|GwEv`ezKb#OGab&LEQwVjddU8e=
zVwa!1;W^z0kdi3#s)f~VCNNR3m%-lAUNYKn2safADS0AyN-lpH$J$i;R^vVXJK~=L
zN}IxfiCMV^Q?j-nXu36y>98rL4=^@G3DQ41?Be;e$q|NCp%2|1z{hXwu{a6Ga%&>2
zhGsrZXPS9>R`xp%P2%(B8@vZ*xDEC&C$1(V*YIDKVWJ{&7@+I~iQ)8(DyLK=gdG6k
z;I7}@K~?kk2*VNb;V!)2*g}YywpS!Le+C`AUOAI5qtG?g23^02M{4S{OUli?Iv#qI
zIm^<>Uu*_lHkf;fnHeA}zB*<dmRWIDAZ51#!)F=*4Xy!5d-NFRpl-GQDOkv8WC5*T
zI!bBM(%z_nJi%1I#H6Jg(DshOH-CSMwW9#BM1`I?%$jvTEzT=Ji0FH<a8_L+E8cwZ
zuoS;rpqD`XFVPt2hV=)r`mDJ02CWhbD_%`n`W({sG@~stY3WeJIT&e+xCzdO0cRoN
z?1A<7HopZ<)2h<jVgBM=ybIO@2YyFO)8)(><RLWCK8O9A4by;KD6uSQ>v^W_D5d&_
zBaA{PGFWq@@UG_OXcy~QkT)vxpx=ZvYL53@0&lt8LKpc0G9)|3HxnzQ>1l~*osUQ)
zp;8}?Ue;%g!fU4_qD38%h(76WO0`peOG1%>#i7F+_pWCBgDL^x;e1_sm1|DlL`+>$
z-c-Q;s7ms49RKHUiRe?q2+<}WntB4wc0{uvCFt_M5N2BDUZu+E>$M&*r5l*y1Sak)
zuEj8Y$S}nsrdK5M4*9^~SbhpK?J2Kv(dmoC%leHCEQ`T~#o*6AEd5VL`@76&@3)oN
z|A!^vmlGKT{!9+;mk2Wk`J&VJ4ifc26GQ$PL^b>$iMopsHMfjX?aU!bIOAYiR>55z
zS8Q;?%0mM^$f3JY|BEs7zl)Ne2l=%_l7HOTKcg_LB_Vo58P9g$QO8ViD_8YlJR`^v
zo#~zUm+KhMf&gn!xvGD(i&E{#A-;Q66j7?TET>f4a!4|+73;;6>f_nh(+4Ht#(<I*
zH~`J>3pxNvp#dHv^j|rB^EVj&qTP+fSd6<M`T2`R9h7cr6zBMlL7!HH=wVwZ)f%zh
z@I!}}Hc_g7$VexmkB@AoR4-+pP9Btqb$VXdNvYmc6T>Kc25gv`ZJ<;;dq5IaFhKgZ
z1A5=0U(m(>uEV-s%ALNCF|AB_BV+xam$*0Jtpn0OaR8umLT^<{srDQa^N1j(JrXlH
zDR=@}hp|Y?oxUHo0VN|1N{B(p>HYtZlJ#u}(ZAe`x6}9PKOYw?Hnf6L?UMr%(MvJc
zMI!@Eo-Pq>)qaWS9ZpcHjbW7@J4LDXEc>gF{gu665*i|OYYHaiSll;gw`PX~v9caR
z73jTafwuKI(Yt!L=v|(kf)8UqV>G_1Nknt9b^%u^^-4Ssy3?q-g;hQBmqhe8FqK4e
zqv%goRKkiDVUf)!`i2$#`j;dECT?zD>({XTiiV>7W32tl40MyTlxi{iB@!?o0~lXt
zo`pM}341|}`gSM2k77WHW>DG-DoSr=CZ!~t)OW(uS&rUD`|aft(X@RM(JQei&L~>U
ziZ-&Mj_{J1!(kMC$BO2&BIyF9TFyR6=$J71<*?DamfaInyquK`tv3hLnS9(p0PcFm
zqV+ao2&PGdXjk@eA@JlzX3t%KR&N-sq8K@C_W4f*0GU8$zYhB!7lZplA?L|WMDvk2
zLiAUe^mq?(gDQ}*l2ZMQnOvewT=f1Y(tZ$=_OT3Pr+q?z!M2~Yic&qKno_O7J|O~O
zQ+&3BQhf+3xV)DWanb1;yp9RNYX5++f4<=euk5GmDb;4|^%teh%P7_BiBzk(|5%Rm
zErN@4rpIXa@0EzY@X`$<5v}xjm2xg4udSn0tFzY}hH|Gbf^7zGU;gKiK*s&fAg$cP
z$F1Dydx32r%Pv!4)CC7-^yG)ugy=6bAnAK*EX{daDb)vE!KGPt;{j(Tn|?b3(rXWA
z;cwaWg<Yfc`JC^UQ#x}sr7<fg^{k}SR!C`+HIzQRmeSHyls;Tcsi%<AVMUZSFQW8l
z8KqmxDBV{^>AEsXoh>s7`%mPr7&=&1u6VMSS7V@|7V@r*$m)GjvKsw;6f>j`$jS~n
zxSQ-NO#L@l%J)S<+K$1#!qj(Ii?VbZ(f+dwNKH+H<E16zA#no)c|W^{No4rq#!KdI
zCDfyw$Lpe@7!G_74A(9>V|DmrJmNdsmB@^}?8uomJ1Ge3K*-{GY+c_s05WuJDQLhx
z<uMznc0pVA_k0QBl&>F!W}|I(qBR;osap+A*ekGoU6B(!e@8F3vO`wRyA>*{_eVkZ
zoSCyi2=QkB#KtB`oxuK=QSC^3#;q<VjFkSnxiz{X1iWExbvblgS*xwzCBgOYB_V`3
zGtXdNYVD_SHo_};luB)iWHaK$?+t^StO<MdDRyQnc5dV3FPmpn*YYT7rLr<IFZH>M
z>af(F8P%aqUkPCY3WUf$>dah32+<bcG^9OLlv27zBBWqUM?&-!wf(D3WK|VjwPR6A
zX)&w%1FQOlU)9tXv}bnlKE7I;d;A<qU5v3$t?N-ckE?4Z-n&kvHLd6^tFD*p+KKks
zE{S#E87xU{W9jjNoj5G7g~2UwXXaaBgm{&UvYNQ$9&yi-Z~HhdsvQ-}wFxB{U~Fdu
z_79hPJ9bCfiANce?@>k-JAIoRP=Ib7M<~II|2&)}!)|kDgwjRe(urgow_&G5;3tNE
zX1^tAx9^mAT7g0%e;QsxEHthm=2@;G%Ife^e#v`9oL9Nv|7g2g+2qWe-~g7)JSY*Z
z!%nv2m2T&kx4v}nz;7dJKAPe8?ZsA%+|&^sr5vnhk2)$p^(nYBGD=ocidB+PT`P4=
zMs=7oa{^&w8S3=?1RQaH6vhkF!M)td8W10o3A3e3cd}Wo=tM}xST+Ldc1XkuKW)0U
zaEAmpQ`5eI{5R~EK$iBY6|{_?)9x-xDc#G!HttMFMJsESzPw7~qLk9ztctBO99Qf2
z<IB>rnwZrm=#+QjdE(Y$`Ur<H;aY^9IDN4;nA;c_swf*FUiJAXoM8;B<5vuhZ-@TL
z%6{!YHD&`au9<AwE)lPCjCC6V)BYlS#Gi9#gwfQ|Uf;>oR9JoBnX2$A$GpBH);ld9
zGYI~-Vcyy<1zu-)9%#_yjMcp?w^>+w&vpqj=zPYS-UHB1rhP1{j>ENuj<Su}G1<`%
z9+EH}z2@2qEc6!}PIqUva*pYz;7GUhPxkGV4un+P$H4zZc{U5`^tFLAx6*y!&dKZ3
znZQH;qw=}GW^Y1?z7Wbv^BIs2I^g|@PZ01T_HAMZLiG1T3DIV4WxGFLjlS2f!gj{l
zx?pxEM$;+%Q8=<n%Xh2GyD>o-y_E}*yikyGZgqJt_WfEJ|2{iZ2++Rl`_VH0m6#h!
z2xbWK2}r-g3ZG=n5adx_jPoe3wr2}gR^)CTwe9{|jKk{0dz7ajO^{ou6OXCRpX%#T
z6DPRrz*`<Qm#tc_@1!$xQYb9hE&C**y$R!;x4r`|*~Jh<QRPw7iecF%(d}&Aj@$}o
z9J#=d+e58y(Lc|MRL5y}*UPo5hsZ&Zp6m2IABz6DdqrOOFmah0Gn?RTp$p-5g5$$)
zq=snki&5K$qsbG}q{X<^ka%UcS9xw@jGR#@xs{N3_9ISK9n0>r<1Neel3Pjs3ob@_
zm2n&K!f?RN#yVjz1e^9sL`yA$AqekC;NDMKzSDObc&O5gJ<2H|x*jd#qN@el#?0&~
z&$I7pdNJ1p9)@{6pv}8X_zn2d<;D&8yUQ4xpDb{)eW+OooDk?wUuL|USKNs)t?4G+
z>roDIrt|tL)85uUCm>vkQc71aM(oI7Y~yb$l<3Va^Ps%SgfeYisp;_k0>N+XM1*Kg
zD5+@8za*4YH0FP5hc+{-5Yu;s@Q02P3cboPnCqqxgja=IiT2tSiSUa9N;SVl$3`x-
zB@9Cora`*#US5Au^@^;rk3~#=_+Q;?gH-}9=tXXkh?<tCpJ&S@sub2F^k~avW3d->
zL5a(x#Clxd8`<aUY;YDx{!8@r&HhVnEQnoPrVklqm~ZDzEQ6(b_h!zFA3A^;ahdKH
zU%!9{h*rAQ2_k`+tn`bK)s#Y6=@$pgr}S&@QU29URvq2oQdqdG^y4|b!rjU?S?R}?
z>b|>hsapB;Roq=~+bt1o!)D;q-kor%9)kGDDkkI2%h3y<A0tbl@dAgrP|LMtn_;0o
z)Cc1}x`~Vj9&oid`uE|BbRqNy@7N1<Pfg3$HdYgJ7-XgcC%%0rgVonGWv^hcso^UU
zLw(4Bs{xlmkIlI2iuE7D*8dR)5A}lezljfSvrwKefZ|PAS#@ko#C5LhmX+jne4vxp
zF%dBT4nqV$P5^NYP*#TLvN}OU!CoBVRXZi3y|f92cmf~d=uj>O)bw1Qzsjww)dp>1
zTUn(uv)q9>;!@w^NeQSkGYhu)D(%-w9DHZyWLUT-J!*O>TO&m&rCVXcVQNZ~qLfm`
zxCMW8gt+af5IYeM?NrFwF0dN1BR{w(5p{T}cKbaLVBu9Rz!M;Yt0~nVsfKgXTy5V*
zKCF;O2;-yEi?uZyB_JqP5afFWPR6RVUp7iae+IYCC5(u#*dB;c6L~W`5R$ZXspS9C
zm;MKq&V|xtfu&z#=|U)7Y?SIB;2FmrN$mTnJ0zk_SkEMm{s|h4)@?@%-yj*+rhStx
zfe2%JR8dMPfGshO81wbKD{!dj>S7+5{=NZ@Ob2u}j!XyL1xKcX@8VoOGQ>DCWwWcl
zbcs@J|2ocgQ$aSLM9*?QM=Gl$ixW!pBtQpzgqrw_5PTp=O)18!5AZ@z;MIp>t<MIy
z`T*R-REP%9E!ZB4Qu3-gAeSiB#vzkBvREgVp>t0`Ph9VJ3hF!R5+b6tVB4Kqjrm<|
z#`|A?!M=n3qrD}dVKKA?yV!((Kt!yHvE^x5>&$a@wjoB~6tF!qX(?;U)Tenw{4$?u
z`o{RC<&^Nz{LyZy!APtaTa;3|nGsN{lX!~`rZNm3l_@R7A!%T2iF*@DSUKBi^sjN)
zwqTuDbKArkBa5L{DiYkT6C-C65}c9%_v&e~GO83e@7e2MU~sHGO0_;29xgY8sy4m^
z_z?YadAODK#;tS{@F5RP#UKWK3ygg1{Ej9owqFOVxV(eGirXM7wPQQ{kMB3rfWK0T
z^$#yosy$T9N3L8l-n~N%244NyY9QvpPDq750a6^r-U+B(BRT|Slwyf{n2Y6%^kU-l
zH3Rl?w1Vqcj8#_ewXjNFkwgmQPE0bTmvXtK54}#QHon+zFZH#=p&8c6c;l@Q44@R&
zY#SU6rxok-s{)oz#AQmsog$V_SkRRtmEg)@Tf_5wY<x#?hTrJKZLJhRVM2*VxdQlB
zRiX?u<Tvz4=n?&p<_Vol?(_q**P~nlFjp!m)mE+*vccvzCzckn>dl1)>sW)yynzo=
za;vU2?SoE<&*ryw51|(~=bD(19(ybk(sHdt^m_oFBipFbZi_^;yVpu67HbMEePSg)
z*Z@)Y%>_!e<wzYO9esgPeI3X(#~lV(whXnu*GNRa_bR2@iZ#4H$AQya7uyBxk46Gm
zEFUJ_QE*kjeR{X0M_va18%)o&#Hccyp?-0V6u7`R`|HnNq*S}QMj{qGgR3ajyIlih
zuNjac7^D^qiF}=+oJr5+<70}zN!65UbJkdf<dO4~>i;pC`0d<mMd**SCU5zZu(6U-
zJ&IBq)c-a@R?@QE%5|CRqlZ^>jyfSs#sbhq*NN|!LU}gX0?<R}i|?01EeT~G;?sh5
zi8`^SxhN9KM*e<<jY>UPk$cG*D<xT}2Wf@nz8=-}WLI=lc+}}=CmxZNk;TqTinihp
zn<Sz=um)UPzHVXY$x!w)196*MDbo6^0bhYL^MNp8C?S0HCa;l*TP=`TA5N{pF;>#2
z8~t#r1%p{x*(!e>{BGz_!3b9N=PKUIq2NR;!oEK$M&zY1K7t>bNrY2kyviuhzuiho
zd#{qth9D2Fh}qnVS0oX3D_-b-mzp`ydZUpzd!t0OL91ccJc{qk*}9;D_-+`#yM79F
z!_``k)e<I$8SZZ;-n$wGAqsrNe?rVhcJ#*064ADZuGzvs@y<(9r^T@iOD%|p+6Ce0
zs`MzMay?2~PU@ZG?`@S9I{rNyN$sS~T4j~Q9yNWs)3*TMfjrp-HmWMNVwywN%EYXW
z!p7kKs475xfWH{B1`~9^>mrUma5>NAh!>W^G5p@Cn|Q9UmT4(uT(QZj<B>~jcw_rr
zVp4XW$C-Q(JXSUHh)iE8k%TggbE?JYcnWfexK(es+&l7cwM3l0Z)>sMdt*RempC(b
z!S9h#Ze=qtIQYX-2wf~(o~O0lD<!fRU7ml*%GT_+?b;nH`S6aY#gkjnREJj?7aybS
zl2vc9Tk)*+%TyJYv0m~jsrzEwYKk8_JOinaU0<)4h}L%{umgXxaBCOtI>^EC&w(zT
zw%BFOSEBb{8CeLho~p%DE~gHHKBPYEQAg#<YOJ$b;>jI9Y%dXl`5oVULC%is9O0ka
zaalVfCCr{G2~)z{Tamy_y|NV&=e^l%R93B!NX2)u8oSPH@{?#%M^;^5S4l*hx&lnc
zd|7oo2&%LzqP3X$r6J(3@7KkS9;77>WNsUbQEx{=l|-DG{T%3x*qi;1Ln|oc<Ni8W
z&1=2BBdH-?<#}$f!A&Y<ms|0ywT}MUIHm(+KOlLPahqb;m;eKLmFLzn<1L>jese3y
z`)kaP3hw5#DRQ=}vP2@<w}miAc6>zkr>?kU7dUWk#4~_w*%oQz3c36;9Mer<0A+P#
zPHJmeP0NydC;q2WB555e?q#;qD}{WBS&g*)Y?vQsJ;s{uN{OU4=BGp+<+Aq4ay%6n
z!i>%LS5@0EPvTq8+6elou6xumOuwDZ{YXwA$UpDUmF3`S%Cn{{D#verX^gfm2Un|K
zlHcXaYdCY~EN5EP898J12>(1p8Ep+V8GljYd1((_qf{@2?KSpwv%-@`g+f+g9#%*&
zE8JsL_>NVW$SP#JA~%3t`|~l06y$U!Wbq*;<p*>HJw<;WZPLTIy1wpgJaAhVeLR0-
z!K}_f9`VhyTx>AHj*jT{(bdZz+x_()w$%3`ON-r3dv%!vZg%hvfC9R0WoH9&0tF4s
zKiZh;EdjTG#ftliQnqczFUKSd=JpR#)_c}yrn#0%grBC#q1+4(XvPr!>VPKY*xB8k
z{T}elODF@A$LQlgtgT_~zi(8Vi8j5p19ujr>8Pd8WtO1eTzzwhxiM<Jms+B)#0h<#
z|89!yD*6<qY^#gg*72I7qPKDoqV-zBCCf98KvILvd^E(s#7=8v+GL*rL2G2y(LNSD
zSTVBV7<s#$c$Cgh+>SEN*Zc~l+J?nUhHOjiN`xqZUc8FoN#~jeRe_&$n7b((H73T;
zZ7HjcKhFx)^pQ;>mQP*`X(RIWq!2>9>L|QXISqcKi`$f8xZ9y!1Z%otiA3NcW%_g`
zaXoxod=tU2+4iYPw1`zrDA7~FD2SaD2O_>(@E&vyvFHQ7#z^_qGlKH(HVVooE(#nU
z=*L@jz5!Mylxckyn``EK^xaxyvaAj-G$sq&KxY%E{w(A6L5uiAFJN7ufi-2-J4L@6
zPsEoMfjoKiutW-0bR}f5!%m2HxdY0R>CC9!xCkd5BK@lH8E)jXi&jq4mw~mK_;O40
zTH14q!G^!m)Ue^>+JOz<svW9AzKhJ_`!3(A6nxQzGs`HDiLNzGg9d%|u?N^o^TB9!
zOgt?{J7I$e_=?Myh~5Z&Bpl1PU5vX9B@iNXKyQaxY3H`U`>(;#jx#+0@RkiCZDJr@
zx?UjtWg%15{QISUdKE4eFk$mqC5+`7>sTJKJ}m7~&UzHeHl#W!IE#8F!HEZES%U`~
z31zw)QahmDq&f2a6<eWPt*Ny3f2*bc=BlR&Wfg5S=R)CtvRUpPS*zg&*<4oA3q8td
z$ThT8`wS58VY{kFIqUUNMrCSi*f@Dr%B#K<Q1u8SF|`fu*}QH!uj}%wD=WhbVZxbk
zNNs7DOwnK<rWeb~dMzR!JhyN(;+N6z+(L0+!VD?vp~)^*lI{9+H7th*4oE~z+oldL
z)lRnqCu>pxVMCvhKAkvy+00`863z2_Pl}n}T__Rl#2;*<(Z9Kb@BbQwOIhLOKO~}O
zT*f<Ad-ZWlP`>h~xw^_PQmU^<cS89I(e!=R^fT5p;VPxtJ%37u`^#6rtnG1VyZ>Rd
z7{ppU!&=;X9d7#M0>3n;lxmcH{)(;Zi+}jp;QwKumR_YaXWs=%$5v5#M-`<HS5fM`
zNa^!kM0C*eIYI1m430tb{JuXp_pC>|EJvIbbr1zRh1H4YMD@k@OJO`e#mGXmQ|F74
zGhy7~onYFj$?;4j&S8JVd6m)e?Y&BBJhN3pPH<b*6Yu}xO+Ne7*P|x>+_L70(N;8C
zFBC{b`}z-%&X05>WO0NY_227Zc*2XeiCbB#jsF9^YjC6y5-tpr=p^+!G*_2%12iqR
zLWca8e@LW8VQOd7Ds8RR{lh$goQ&3J?F2#=$Jhzc_tybi^lI~<u@N(^Zw_bv2z4E$
zuzS1SiWU~h0{mXsirb<Yk!GH5o(ef~{c#DhXGYFHE`d)(<Z1nY{Z_m=PTv<`Q;NhQ
zS@7%e_$bE7Mo>*iJjDn8Q43F70LE=n_Pcg%_wPbRO~<pdI&j1;t0Sk&YFdu0db3hP
zJj%agl9e;E;#n0VtC5{KG3<9-QpP4}fRcJ1Q@eW9JaoQPIx`zb!aR0bCK0XdcbLaB
zY#tl&d5n)FJoY1@EQ#)5M&`obC5ZL$?PUZwGh0RCshczN%@97T&dm2fGdnM<j#+S*
zZl$aec>Y4Eoup1`$ZXC_w$!>Am!z~iWHow%j$;`8GSuE8E5q}7TIA>8i;)(2xGoWG
z#P3XQX!>u!@Uk*8*O{q<vJ@GM8podv*c1+mk(HDwPG7kLQtH-<<0*Cbh6be6-KjCl
za<~W%NXmZKp*=gFFDDfpXOKzMt&C*rDA!0Mdd97I))?83*^f9`9bU|cPs$!Bxs_oX
z*>p_PIBzJPHHL|ql(8w~0VVlj&1snhaUWxH<ZRdEB@)r@oDWm;Spp$TTJovc7|Ij2
zjL887m`_j4d@!){V3}?SC5HVtCAASQxfZgTRw(yQtgT5T?Y4?OOvwwKFY(8j4m0kn
z`VEXsR_jQ)L{ejnBiiA4TBqO8${fV_7y}+<B|S&0Kinq5rg+$2cBr4zd*qag#yLqD
zYi$0tzQR+9oQz)K&dgFmi2K=VTH8E6`u!vx(E?3mH7(DhoWnRuQMejR=|&iB`9Pd}
z*NXRAR6Oi#$%YdSCEG)HjM8^|%UdqVcNM?e!>!hdmorw_Ae==V8skyoSK>n(_eIGW
zD=7Q!^tmae6`eUe$TE0LdtshLGODRF^8!Rs0T^DrDI9#3YxDCYqDR838_U5h`S3j6
zr^ya3pqGP7@?P=%BZr9I0e56O@%<Zz<xR8o;_GxrkjR~<Fmgv3(M?vP+aHqx-u7Yw
z51#i*+}5O~R3D3n)GZcCL|Z*iB8zXgqsu8h&*_`y2oeeK^E^~HSnG%|9tcnu)QPRy
zZ@f@VyuXnlgr@+qLdFfC;cRzijsi=DvDAwWKX>M<^T6$pqb+>U>cJ>xn>1KYZ9)mr
zJBOm1qu)Hv!%pA(S8xit&Xb6qdIeO+V{B)*4Q+>FK(D6f=}R4iEV&I01uX#!nJLc7
z644C3&KkDo4WVEH7E}m`;#CM<+#HMBF+p0#Zp|%|FP<$sso#f{61owxB+`yncBRm1
z3oT~u6#te~*HI_!&05w4@Rb#Hic+?vun!S-Q!~C96gI3LMaS1mm?5S&4&g_`xNB<_
zb1bUUAUFp!_jn8Z={33sK}R>O!3Lm`*-mA@NQB>>gv);-&r{GQfLSlV$r{cEzl9x6
z&|uD}eg@_!v3q^friz-2P65?1E7GvRFTwL)Z7(;$?Z9{T5~Z5_3%6@q;=RFfkwGn*
z*f48?xuvMN%7=wASy2EXhG^65{8=LU)==x-KlKt52am@`!DfD=&4271*!<c43R}@G
zL0cNbr;MBqn?O;@w($wTU2FijUHLiMm0jS07T3Z$K|8V1?*ZW|Jjl;DBsy`MwG;J!
zhOOsmHry>Os|TVjAQtRYLYY?ZGcZdY0Q?ADR>p3{b2|%u^uYQ5>4XwwzC0Tt`qwtT
z0s<>CKE--jtlsN3LbR!~xde=I+@uwt#-?7@^iEU|%UDO^86$PRDxTlfKS%2_ygMO_
zJFv1{C^PD_4;=&e-A{gWvk|hS6V68S?xG^AqUR%w+q#>l)j*qaV9D(UY4Zso`nSYS
zv}&);Mx9BB-XGD`ayO&qcFP=Kpv@%);uwS`LlsfVgX)~VU91ALf3;DwVe3|=KpbCs
zUQx<6SNA~K!{^5!GOb>c@)t7*4*^-bla&hDSK?K!Sxv$<vmsiE(QA$F{dG3K7&Kkk
z10moer=&)sqEXkQlqV@WG<CK_l9hA9z03_zR`ME_c+|A%USFjpO+PCfhJ{|`x}5Fu
z{0Wxmic+vdwHKRUtPgGzeje)B*)=`hwOGG0((_4b1Fo9kp<=#vI=4n7^1fUtFfD&c
zE~EhraB=h5&`$p-i4D)0`Idz91Jh_s(4CZ0Js#ZA+kR#I*^2RCHWN$fKbc<5N6$lz
zB|<^3AtQn9j)N7O*eTMKg0*wOv-Ewq;aNHc?}9nX`5R)scIPS8QhtP`zN{N}Dcz4(
z$zBf+Dn#x!uacd_>uX7W2?=s!k^e32jXy|4zYaHJ#uOH%Y&*=hszw&k5M+}wR=?`y
zk8FK-jZ*#9YtTI}NH*7wu%NVcwi&byLE3)UCuoxcXiNCP=rxQgvTH>TVfJW;e=wst
z8k`qb+N_pRMW}iItLB76UZYggXK|VJ12J{tAhiLWzUL|s9c2*B^ek=JEJ3-xvzk)v
z=^sqq=zgA3{SI`Y?%pe!{f9OCaF#^$?O0S`6pdg-|7Jy_8GX?|@GYj*SxWWw*D*fC
zsNI3pcCp%hDPLPCWUO0*{>oKKwe_=1s=hr(slK<`xCV&lD|Sk$Hj594FYgScdcieH
zpTAK&!+E!IRrpI9h;cj|#={nt#)H4)@=RWEEsQJCOXI;|a!3@k54Qx?`UIS|;qatF
zsayRx-d~j-3#zn7d9j<UM*g*@W>kZB3iw|jvcXrk=E;7Ya8Rc=&y|RlHVdN~?hg-q
z*6f8@V6fqd?VaKLV6btL`fWV=K9<G{&q&LP0ZiUJGD{*siv4{f=VqF|k<m6nl9s*O
zgOH@9_p*r^RTq3C2P2HfjQR2@$BQF%#q!DQ3N<5lL}A|75HzdZ%37yy02Db^MRDiI
z*1CpsWV~>W{JNVvM?T+;UPkbbz$KJtcY}K*-|0J6iwVV7V&KqsH~e_h8sHcvQXx6C
zCuT|{Df>OUwq}O7GFFQ_L%ictLp;ihG0DnhS@D!ItGoSf!wFIvmz1$tl2vd10L4=s
z1CO&B4;wo(zp9HDTe4lP=14><nt`*mqb}c=uUQ_J{c{G7(O*%QTPx1YUqVD2?(cXR
zdhV_oZjX=S{rnz1WHoZqE<QYOKz06vk{bESE<dNoQ@bRhJv#%O9v7wyr$?4E^8qk@
zQu1Zhkqqyvxt2-7cQphaPfP6Sw4+a91e#}J_>b(Ah%<9_D38I<e#fD`_B|idv!UV%
zS6LmNpBmy-Ug1y9ng{AdF>;1vb1TD&;$(GrA^Va2faF$&ZDu3?>rTVpQPd4yVK$D`
z55xqTot@B`_|wl4(Y)W|$p1??5RGBK_j^9<PljPUv@?^*N*whT@Tyi?soXoU$4(Ih
zk&_z3mIq!X+@qyVN54hS2twT1OXIoYqEve%*#^rX%A=HXpF}@lh~&b#WJQ<fg-4eu
z5xb^K)&{^HXJL!aac0^XQOagnO)1UjRoj_qw-KYVtn8Q7=*c@IB0LzAB_6lncWC~m
z1pz!pV0b)yQqb3R`%jnnbHQ`I<C8c>LceiFs7*Yo%48bTYh?BQC|Ml@zL0ylFXT?Q
z>Lut4@e)~mIL4!N;=Yjkxi7>^oIVFrRjRL>_g_8ADeci|+!@jlBoe^k^|xQAR4-;K
zi83aS%?5Zvywf<514K~T(s*!%^b`gCLJcVnzK~|3U`VLN7qWaB+q-8C<|n3^PlB-(
zD9B&5`a~LTmx8``p13NU2}6IekjPzs*)FC+X?fEmlC*R%cfdUz%7w!z%LSgVrlIKu
zuUm#&uQ1JIJx~+-IN*)!9E>ZmxI^;bOzN;Rvs<Wehx7>bdoulLfRJ9Q<tEt(fARDb
z*PGcIbNYN?gy@qnTukfENCExw@Kp@OkDJCc0r+uRYhV<6uVAr_75BY@bCtAgNKdw3
z;Cpo`aI>0;Pp?v~A4B(KUedCWP{+%3pcYBXUV>i(*{?cD%ie)sgW!-hJ<qG0v4YWO
zK-|HsfnYjqc&(?21#(S#^YxhywrhRUok8g#6tldP1aSqv#G*51@nmrxfV$y_?f|?e
zoamyBXFbBdIgBGA0An7)NCYkQWJTSglnsmUQ+K<6M8HkKd6X(<VNMD$_kAtr8?cr!
zs5w%oN2Nt68#Y33EeI+Z{e=l-{-E^(NaM!tModF9{!@GJYwl9P*WjKBhkXCRpop|2
z-ND)rKAXIxWhI~~q(IM&uIXNUWxIlyAr8NNBk{Y;DG&<_?v=&xfLh`be80@;o51WC
z{VT5Sy%3K1f1rMikbtys%av8%5OlBTr9ut;c&^C(h=BoVUr9u77H+w)-1QQrUU)Gd
z&Q^G=w;9h+r8WCTB3|V>+wjJJ&53e?$6{80WX20U2uUb2*|AVOxyjhlqnt`sN6mts
zJ;DYq3l>Q1HVAHarCbTxuc}aMzurQROFg4s3+DLuYw8q<BrV$x)6m~K4SGH<WsEbI
zzcO{a<KUs&5Z)756dRok%B9w2m_YT5Hlqb^U(wwEx7KM27ry;N`GUG7V0{|soGy?7
z1K2o~*u`xZP~buYL);6;@ndp}QZ_u)14waMh`-U|61Y6Dou!Z0y8u2P;2Xm5-4E`U
zSr1}ACiN66MYIH8a(bSgeT7o5a-k??)=;ea)eWnT0+1VK_Jn{Wzbafbx|IX^EcE7p
zZLl_>Oq=ngX%L;fL}}8pg+S%tnv#{-uON~$ZG`Cmwgsth3Y%lKk*r#>jSx-!5<NQ`
zfs;2Z?incg0swiHa=23##_WoA6&=0G1-Eh?Jo1}8$|~*RmlAhLxs_cW<r1?mLgB%u
zdzkJq$g5oNDr?!O@TV2w>8I1$vM<3$lu+qa&cNGB$7FSQ4qq{89V<q1_@Bd|Fvwot
z$+X`RDp@sIP0!<1Q+vYB*(F&SmG4$Ic$FeI)3U1EN~Nr9)gA&gdocP3#^q45Ix1gQ
z((_~m0Oc}@W5Jo!*sW~xDn+t#UTXpE_Ct%avad2(9kU^|DI3hRhHhn(M_DB+Ra*5I
zoVc^l%$x5~({ki&mva`z{}f0hSvi%g9M-Off)9~x-^Rm?DN|CNfVY-5?+dsrhp+Sb
zsPX+v@!eOLS{M9H;j&Vsjfc<a`PMMY(O=Z?H$C!2jVR0hU(|3^_4q<unYVhSw5LAf
zYx#32D0cx{T6yde)8GzXXMEcl_*S;=#d^DHO0}IFsBg<zR<A1vF4wL0Y=K?>0$f(E
z$(Nbd%QVmH+QXlN%j(ocNw}<r!lP}DVG?&)O+HJh_Q|JA0o;(#gS)IAK$q3>i;}-v
z=sI4<GhJ2>pT+p6bw>QtPa>6?N4cC(s5SjmBD#d>CaWRf-1Sm$s4tk#CL2QSWkB8g
zqd(NupBVJ=0Sdk~8$(lx@}6yHAWVjTYKr{vXGN}{qLdBKnILZl(4(BvXIupt!CF*A
z^FK8C6V4aE5JUO686d>vQLgJl(OLCuiRkpTZzZBdeIgP4sVYjf#h;k|v-i$Ys@rf|
z?`|~Mz#1HwED`-XENW~N{l<z`v!cP*DAiu(RQkR=O{qQ^-Bfz9sGY%Tf5B?sEz$u7
z-=3_StKRr3rCLJ^mAlVSs%KOgnV2g7!AR(yE0k)RCUg3#PEo3VbB$6nKM<bqWWa$r
zNoy-BSLE!4V1#BA#c0o+wUH#HNGr_2bTSQ6d^ELNGDJ>`Ts{Sj5(!!Ss2$AZU%mrj
zv~iI{v^OOPL98ehS%spQWa$kTZ;CW!F*JA^8+^M+A_ZL-pvUcmXnn9L$c@QNZd{ox
zk%|cgtyqo6m@5CN8P4Qv>F=K#tll4!Q5}}rB%|8q^nHSt13$TpmkZ!*L{{I6)1IF!
zvd!8=?wdd0r8HOFa}sw~41jn-*ALfuh<pPHtb7|d)p|P;izMRAd{w;SSg8$LKyV@K
z#mGDK2>e9E_2b_OA^ML5ZWP2^mWW4fI|Ss5e>ndf0%OzhYl&!EawL*ekassBNz0dl
zk(cK3zhJQ>hx;J5@zDA%i!k^lsbGQ848`w)9Eg!qro*7O%V%3gWwLTvTTdYGQX?j|
zC*?>M3-SFNOY$Z|VkZ@h1JH}vT+B5B7d?|qLGU`I)Jk~8hq4;G6+(bfPp_4O!Lh1i
z>KQ{%?+%Zoxq4i~5%*2JPN|kOkx$jvZ2Wc+LcHn=7%7}_ovGHZSl(SR_n)<sBz_mg
zqny+7e}lQ<u|Qi0JfNlzVeS35tx1z$ke)-%lom>);LE!SS-gaC<_vnBChW!8Jjynq
zU9j9^FGCkxdrt?^v{T<?S~f-juf#~dUsen0Fz|a3Q0&SEyeFms-jDv2NP%)U8#gT}
zn=jzLC|k0P*6pT9M7uj%B6{2F7+tVsq68fq%OumbY%~5?zD8+9W-x#D`zOYNzxnei
zRg{8f`?{<;asUZl0ag<aUw~*8vttKfLPBCKnL!ob*eXh$nPIWuZG01~4p-qRTurhv
zwU8D28bEREQ&%|K{t-*?#)P3IL{4N&V;QUN&b~j~eb+u&@#O;SNANm*M}+;{DX~(!
z!`tk!%>>XTEli-!%uKd!@7m|g{1}^Gg}ZRBwnp;;$b%Pq;xcdk?>KAow?y;zvH3=9
ze(a=Z-mn!kUnZJQZDnn~*Up>&4a&7+8aDsQXnq2lPZZ6+YHe*kI)pb*MKA6v*!)GK
z`GfJ${7KP#a(v)`F8x?S5S_#DejD$<0V1*;faoMZc-jSmcuRnI96{7V5Qk3)5aVwL
z5SK1-5X)~51aXG|F&drpJ5Yo9&HzC=1BkT(M6b?)AkM2C#3}?a6G1#~fJjXM5T6PV
zsoeuX<Z%$b$xw9}V|wiumyJ}sE31%VlySX(VCIGv$mXz;GB*RSB~r+>O0_2sfa@)5
zOAA7nd|@Jg5IpBB5kh=>oxY*WB6^xj=WYUjDu@Ea-@Chw;8x6SOdn%@Ok%1W(5`;O
z+q?&D5@#{g>Rh%Y+-gc7wY%c1)b5QV#M9gLTOr%4&e-6`9Qg4!{+I+mcJLH|%N2<v
zDQj7WO5?>2w#7zBim%d{xf^!R#Q5{DX$i#OD}?3h%v{>qihOx%LilD`y_}&5a}Xl;
zc0>TqpCCN4?~8cTA&wB^cKlCqKutm=EtQp3`eX+ZcYzVdhc&eU$0@5I8}x~=I1`@&
zNerLNiL_D}={G!4fHtwiIh@Q-{=&(uA7@Txo{i!2$L934lnBx1@kxD5;S&@KdS~L5
z(?N(3^Ycn8>y^{jTd`T_Tn~olB|H4613w<eAEyi04|G|c)>>vsL|Mg1Ol@nN^teH3
z_wDWL{A{gYsjQwhqMyT8%sstbiwY!?<os+cbjjBhb_=S_%#vVYeeJHpn^gTA*dH~E
z_vd4XWl#L&)J^*HSsQDAzWjfbJ$HN*)z)_>*(8*(p@$MkXrdHZB^nG70$G@aSp*@V
zLIgn&3y6@FPy&%;m3ia(_@1D#pxB<Vpm{19MIaPOu!brS2pwivdPzb_?)SUr+$ozZ
zKHnetWoPEzbI(2Z+*58jr!yh^Ze*|Z0`Yd0<N!l_$4mMV!JfE&ZOq6HO9j2glyw4e
z_}=Ucd1aP?{P)J|J-Vl_jX>yxE+oWcfgej5BP4KE-ujYIZ`{03i%Me3IqM_`q;_|<
zGR5A`z!cFJkSVguktz0f)|mn=g{dzwb_^pS*dwni-a6iKwq8@~+T#5aFq86%+oG|S
z*+xu`YrIY%nF*=Ni$s7BifN9t!+}nWM%Q0t5-u+Aqd>feQcIwK4FZnXh#|((<df=i
zy>v-pP)4WHQk_c6;0I>G6P0yLYlCCo8M0Z|=((pit9dVi@rQY*F&UP}ciehdhLw60
zOEEL51rVnRTpHZ0y6{7t1%*4=TV)+X0+uGgEHIW9n&Q``_|<rQ-B<r&=Sg3^^@W{2
zi1f5;EmA$%Rp#(5xQh_xvb?Z`nK>3C)>$qk_j+%wKpe|A<3#d($M+!=pFp%vaV~!u
zV8V6{3fqV}yg#C|budSD2GicPRv=QpfFrLBtSb*@oSneh$%}*S{(~BBsV|Npj=Ue+
zfryM1m00Z~7|X<zz+Z{?W!<bzzS<2G;f@~!BKF(t$oqFgqscFRVABucmK{<@=jpNa
z`fxi~xA5Q16Z9I#zh~2LZx2>tB@B>%aJ)95p@FOekewI{DwXNiEA3H7;Di{Hhauo5
z>?h1`%&n&0CTi{yZoRtDE}@dLh7CE6SVA6iLe@=(xs&+Inb1AQyZUdnxAy#<_C`;c
z`{>A<j=JSbczDUGTi$4E(Je2xB?Kl2^GVBi9L2ohL2<g2T%7r@?qeO<iXHjk1wCSK
zXKSY?=CU5Fc?QU}5<9|WLE@`{x{A_~H>HhL)J%h{$t!17Q7R>;Gy>co4F|;>0S}|_
zK`UYpX}Dvfwpn6m>HFh!Ej=KdYw4k2C?>WF(fHzaAT1brCJsy5A=I<1gRp1%VLQ$w
zdMD?zL44uH3(Vj4zuAruCsk{6bZ@V&@Qa3_NnCNdp73kg-t4?6uPlV(vF!~jVaIm@
z$&410?b>&Y6-zs?FOe8nIMU@j?vZOCB?-s}2>Tm}2<~IJ`&X8M&Tz$YDTjHLWL1(^
z=YVsw24b@0f_x#FttI(9UBQ0yc&3B2$9fa8%&oX$L?znw9n*rID2HzecmP`*{+D_a
zGRz--0#4m4ewZU+Hc9Euea|hnI^JaJ3$Vlb4=uD+;>a5)gcy;*f_{lu9r-CQ*rW;W
zKIcX<24nreh4NN`wydGOIUqQTxZuQf@m8W@|M*+h3s+QTJCA%mu)xuAAW=Vq!uFT>
zC+`U+^!ns*5%Fpa9%C{^?E)z8D+C&D6qSK7qT-Gh`)zc*QpP$0+x3oDwh&w&5tS8C
zR2dd4$^AFtj{Tq*Nx@N2><iYghKEKueDk6Sar=kHi*lH#*l)o5AyJvpl3c0nhSi-k
zyf5*u#T>iaVjv2$aq!YDSE}WU1vqCH3dKc_@zVqki@6b2)I_<jfm+}h>-{)US;q=V
za;@5Y5ga4ns5^WED5ctOF@%ID&)G{ol+BMGY=d--@G@w<N>uFgzF`7;NR-3Z8Lm4G
zi5KO;QDW}qm^w`A$eUS1srFzErNDvqo(v{%_b`9>VJ)Y|5IE}bY}4OgS3_xuue6HN
zGhu|3_<pUTbZ>t`w6Z3;P599_R-16+4YUdWxrp0@-`}8c!ySzVh7%@+_?YR3+yya$
zW68jlAcJEiB`XT<Linh|x8^z{#Y#pmEwiOjwna;(92dkJ<^0zv4eSw>#MQ^^$%*=I
zgs3EXPoh*lyB+N@R~>t7ceX&B#lCXKisCeX7m}L0#isoUsR|NLANwnn`ePTXV%Y%x
zw0-f{T&1Rj8;WN9*A|sZvUQbudmWW3Wg9B>|Gr{!tjTS`D)lmKLj*+Kv>o5eMzk9j
z8Ql)41q(Uce%<R>%2yT|mU2IU`vsGaepfsnA5lrPoe)TUGo_Z>oEy1WjZt^nfwl7b
zSIk<`GRKNaDuX=tD}i{si}Ej`{D<0J$K|)%>fkbcAsY;hSNiln44v?fted4=K1=>5
z;{y#PdG*pNz9E%ZemoR*Uj$ji|7mNG`^<j?Sd>1bE?>a$NbSn=*z0&4Ucm4;#%pu}
zJl=0>C{<-}j10Wb`0Qw?*4wwUw%)Ow)egvA0A_dQe^?u<SAn*=4}IWCNB_blYSz&T
zvt>u4N0$nj8h^?LmWrJrn`aBRSSso5ES8E0TKEw2f*}&{Sx4STn-#s|^I?TkJyXUe
z0$M38=5Z@!Y`36$OGWcR5q)yxR*J~iAxIISH@CC{dUL6Ag_vyb3)r_r?1#d`)G!P7
zHC8+8f^KIqB@1r6#P`t4HJR1Y9TAgx(~bsNEIKuF+goFXzX--f+~F^os;J0p!_N*D
zf636Pgld<y7#qeTkF%ltA&$K3ZFE_M${H?f6~Zpxnpstb$PyKprYJDe268{DP{(wY
z6=jsKcZ3t74Q#}yoy`PYRU4pLtf)K`rHv6n_Vke>A$xiu-rCd4ur?7_`33aUk@ttq
zh?c(N3)b7tc%xNI2}d0{GmFoXK$kia>4z*sBGJ`siWJ5ZBKa4@i%Q~ahw9sj=i7x~
zhD*SYD`9RY_nP>HKr;JD$-N$BKl(_?y<F_aZH(FG&BaxUd0ml?DT9~_V#FHGi1igj
zS(cJ}b^gNizK~6uW(maQJnkz`b*$JbDv8@GZpE+Jp-{|e2WuvqS99Dpt>(CWvRcRO
z;Pb(_O*L>E!EkG(<Mz^Oz|FPviUqyda|M!n!<JekFy}jWukLztEicK})8r#+|8B5S
z;bZ2yI@c?3^}F0?=|R@gsCeYj<$}SZV_P$k{B*3zppKiAYL77GkIeOEYX}7vZ+Kwf
zl9>o@e;!@1eZMl#<tLO0#LH#Ej80bZ@zL|lbGa-kiJNap<?gL4R2I2D?g1}-;I#O&
z7!TbAiE7Xa8Syi!=MJq1NnOtf<?wa4>0R%Q&PfBfMt~LKc!e)IvZ6KU1YamO3*6j>
z1)QB2#4v!khv*RdAjA?&g<p7uyiTm>X9)2NOMy>$fpJ|K#BhL^XF$9QA^I#8=J5(o
zcO}G|Au5TpEFULq(`)t($6|8;uALC#?W4;VB{9uXr#lC@s2d@U6~&Hki_`pleU{Z6
z&QhYXVij=KwKN5|C{^B<IyN<3txB*FF?UN0EKs)~#;Oml>qyFK)~MG09G;^boykSR
zeF=5_|4h^W|AdK#Rvit|u%NuYXlM`@V%{~5vx<haPx<s4{3)M)cYLZ(zenc;PruIw
z>$IE7CdKQ7Prs;7>xzcTIl-dg+x@p<+QRlBQ2e?*h=zhs1d=&fO78VB`|+@p-0Kzg
zV<c-~(`=602*hotf!lO`5)sYdAVq-g1W0&M0mDbTpv#cKpM;Phz32QL8B*FAS38@v
z54GB<^*=*tk!jiQ?+^YcFpLcUWWd`rj*DhPOwnR)$7mRuwyRtY`CRsw3;L}KeIHtq
z*P+3)AOW_c-(DaPb<k{qQ{<x2cAFGDdt8=aUcSVw>G;`v8|LE#TvvYeO`aQ|4v4rE
zh77n^D4H4qwi3ER+H0^{gVa&F?%B^!PQ3FkP_`q=+I)ei|9nnIxr!f>zAM3+oy9G0
zRp&m(<C=F%Kuvo34cxOgD<YyZQ}iR7)1O0nYGGl7s87w(&(rDKpuTHIbpzoKqk4F<
zWnC72z}AJm6`V7u*=3$J3e3XA6~(@IyRkdo1#-g0b*(_M`hGe}soMEjy?<p!J2A<a
zZu3=9Ng295<O!kWx0xoYq<n-pXJL-m#{bqgn7>>im<Z!>p%pXvjVnn>8NLhl-;S4s
zY@&I*#R~SdN7#iQ>99xFhuv>x=)P!WwK_4+86Ph8XHBia8Ohn&xs9`t_6+O-06$>G
zD@MgZDTHWUFjmxiI|buP;@oF-nl~ylXkHAOEpFohPV;{sp;Y~HhK^^s0rl5pe%`BV
z3pnrf#~(tdYk>W_)uTJ#>vs4?9HCU(iikx)c99f0G?d>vSV`Lov)!hDsFSujhm*Dd
zNPEdytX4b|8f9&9^E!k&Z+x#YDI91QROYHtW<&~OX}GQX1ID6Q!8)V=E<lO26#wA~
zgU#F^=Bskx*xcD1M0Sq87hzW;X9lsy8kF-sgycg=V5)1En*qhnZ8wMV^BMY34*cC1
zN;{;Hi;F1dL)rE)rRwpgb-Elh`gB$w%14^PP=@~=auBk*+<GWC9fBd*^u9hMQy148
zlHpGaL?ej26J}}3o4<u@3C~&R!#xdQPcvXQs1N)6Q=z-1Eo(}My7p;vp~!heAJiR2
z$=g`TjHZMXneT3A?~btA*-x9td<LG-Yws~iX0wtVn?k>yD>DbB^)vdQeD<p`C^>ND
zF7AbWd{DMjP^vy)U{Atzs5eshptvy@!n41IB-PnYw;q&dDk#;O;r!YQ6D#HR&`>^U
zcWWr!Dlop+DxLiQ$QDfF0Lee=$<Q6pR^Sb|*?*X1Ay4aMS^kSbmU(d7E^hu_PL?wV
zDOHmUsCENt+Wnj?cVQ0Shkgm!p~DHc?$GjsnBUdt(Dw`Lb?Dvc0@3zD%%a3KFdb6P
z{T#BTm)hRCr8}@CxDSSb&g!?6I6ZVHwMXoPsJ16f&h2_g=e<LwhV4&?_CXUu)IX=2
zCEq-$mpoyVOlKwE5(rUOTS{IyRDU+~Vf_3+lc3pf7kjs}30LP#Y&oeKGo2gRTQF!2
z?1OGqAD%AgCbz@)({VJ&yFV!qt?0P1?f|z*)!(1MREq=PL?Vhqd8^tQF|_1An{KRU
zipolqqSWEL?*ye<&S`!5qH}-UemxTQmkSwq=i7%1b(Pwj>u{g_#IGikj-ReG>G@KF
zNssRaCOxs6n|ZIr;%S@UVb|uA1Gv{<s-=8a8j@`e#on52?kWei@vhX_CU!n&n^gwe
z)K1me#$m9{ZpJqI7~A|j%?#4_N`*eef>E*=D|vx2!>VZ}Go&8WOCB}`zG;6#0#6i~
zFPbwx+SZs5b?P)zE>1qCS3P2sOkh=e>JH$&mWCD`*Gr!?N>A?3hb&(osbHgVUn4?_
z%;JwTGzK*WL-NNzz(TG8ArpN6dr51&|NX2$RPQvMWTy-;v--ms(-(v9gO8iWM|e?d
zG~|DN#cIf#)ie7uPx@niEGBK5z{9BM=wtcQM)`b(_2nzfAD*g{L*EzlsRj)LMuiXi
z*LB2#s1i)DWmaa_er-rdktr!6Skp}z5lxvej=igC2vUx2Gr2!ws?Plve=@kg5)z)p
zRq5%`erpwy`-}Dh_ZPzP@s#g>3d#MKTHTua=VBi0xo_&+-*&DZp|rsieQjw_sy@~G
zfg639Qg!zflj)y4pwlwaVEXa*|BtlP=E6nzlrg^nf35kgK7ZZa3i#{U83IvTKCbgu
zBcsh__oENCIHGRMfy+}k9S65W?wR(omB&mF%kO7Ac7FsRnlpkBwbf+3nI=Y=@7a9r
z%jR?0WOJHzH;Ayy81e_1AfFvYNRjz&40~6}-qo4rfhe8Irs!yKKgQB=?hxe_KuPvv
zmHvaVvUcbS?yaRy=1~(tW5CF#z!n-lLw>HMhlzC;1rh-CY6<(`?vgDO9538Q#r<!G
zFPymzRfmDi=9QRS`|)I*Ym+w{Tssmn<i(9D<J1;fhU8k;9sqYo32<%L=8#-_TgzK>
zZTKF{Z~nT@wU1}&TswM_&b5Wcis)#@wMQ;cs&;(Ll%ii61J=}__ZgjQSN&bC6&n$v
zmQDiFTQ<Oa)R4Mu4ComH{tI;NazjGY`IAf}A23YdcmvE&e+@?a7!vLtkd&0DpJ6V|
z`?>yH+R+^5Qs<`xqHdd{GkF)Ik?R9+E?sY4cP@QAiI48~<~Wzy%GSALf~Xy!-wnv0
z6y$Dw1ZWmFAVhs-qS@CY2FY$WVDueGh&CtOSaMS{paM?0-I{KUJUvh!>z-_^2ZdW#
zgt15tgLGFoA?lz<br$Jn2(~0vtpyy31&as2w=!&;!*Fk=iqaxe<#uDUwkMdaAvSqT
zi-@XY9_6;%y$vwzhG~7h@u+}N3-q<LXIKYyv+JzG_tbGpwKXRI?kvNW6Lg4kAo@ay
zB%f!{hCeFkXKNh3ekuxvwi5-S^;BWby|dYz!p9%gr*PH=V+yZ?6mfCy{K^M8wpq{=
z)_&aqaK^%<O&Pi&<lIeZ7GnM9UpsL9XSuQdGfSVe?@Z7~q(hoc@fmDHdY+|JeJaD`
zks15+v3b}SyJS{UI17tLtxAC7=a$sx_}0yU<DE|kMEx^E=lE6zgY*QB_qu|){re0~
zhz1Vi_MR_Vx!tVZ$Kdu)Glah-M7X%n?2&}1z6s`atog_EPX26kaxm-UMqr=cBqgQy
zR_N#JTkH4psix3R_cVd1=O^g>>|h|eGGsruPvHHW)|A^<K5IYC>hBr-+%(}Y`zgt*
zSueG25$5cDcf4seG&!#KGC6n$uaDiVFw;^Y$EYwRcw6mpW`(DXH@PHm*t&npjhKN}
z1G$w2Zq^YU?t_LH=@D)*Ecten1_#V>7IIx4RNk@-|M7T>z;nw7M0q91ykEnOvl>{h
zfq~z1f74(JJg7eWNGLbLG%?2OE5QZzK-D*2Z?Wm%PdWM&To%e$A`oQ_1FNiH&8Rni
zuBDK1@FO_Kq&teZ{-&&0hKd@j;tzsNpA3fAHc|G2ON;p}xD``xW5MD3>=dQiJEuV0
zwBBHftzM7lVr%0MroCK(_Hqg5;xI?B*m~%9$QE$tMuCXQDP);I9C;tXJr84#C)vL5
zp90BjDJnSygpjU;kQg9wHk5;NrE1Q@tR1wdazTg_M;;bPd2<s(XAOI){(GUm+1&)M
z?QtuN=LUkB>I)C^{nQt%Q*E}v64TRQdsD@uJEI>Kh}I6pc;tEzzop-Y6u;}5gb=@D
zf5ZD-ujt~p&(pg2?Kn;szXJ^M`z)JSt4~p?2F95aE45r_{Sspern8c{rx>3fl$4a^
z8$mK%-B@2T4Qc|C>C49iqNYEjOQwNFf8R(&o8xDpuFY}xLwsCGW0X$+&aslr1hF!e
zkxUi{(H1fbz4tg%tVSQwkxw%A-ZB{SPeH0thWww!fc(G^$QNVe@Jo{fqUMj&kr$1Y
z8xBI`H`PP_`EeZiXBr{$+F~p6CWt1381gSL<TK5ao9a_zO<8s2sNRQ9g7!A+3k*?S
z3F5c)P4f(2yakfSP%_(tb|M39)P!`M9|VIRo(bJZ(3-jS*$rs7zz}bpjJ}nJG+Kk}
z8}bN47(=}mnc24By7kbEDcS2UHfb$Xoe>*tfU$gLL;bP5voYp>o+uFY*K~a>A2E=P
z92`nTev!_{aX|wd$Am@JaWtzp8mz0xchd#(H!OfT*L9@Ft_P$ytgnysnnr;1bB_u{
zZEYYu*=RK@B+}Q$aHP*iA=1xeTah-aFEo%oJth>=x;ihpW^4eaKv}<zAcz(Qi0A=?
zXzeZ=yocZ08{ZfG7sushjbY_tg`q*C&F@isSWT(+di5>NR{hr#RXq%J#xd49egZat
z%wt*e4U_ABHXBAs@|t|(W5D=0gngWD9umRtA2E=>Rn-Bh8nW`Ckh92Hto;C&Lo6*l
zY)r~YA?s)Zswq`Rjn-%CXRPJXtg&ZD@r0Y;$Y=KDduyT+{mD`$`<<d(qDFiQ(kgE|
zbHbuW3HlB>*W8l-BRK7DS~R;Kv@8ny3&E_Z5M@7}P)MBief`56*GbUv9z3rICvcME
z7A<8O_%nQ%2M_Py!vuKvKe$7Eg0Z7K3bZ6%OzUF97`@#3aO5d)c%j%=p6Xa$Y#w%i
z<3sXkNxrDAy@p*~MT~PSJB$=xD24PrL@-{&T)4HwOoJlOoQc0ss!jTZQbfpEE+(gJ
zeF+X<SW)qLDW&S_Q3BDPrl!pOe59#9!yr<=WvlasVH<ssLP#K<e^lRnK%d{#C~+u-
zkiWGgF|hKMtrVu<dXihN(LO#3x4JQ&^|=Qu3nRuFcJMh2V?W%vO}liMSFUvKQ2+CQ
zsbt$3dmQG$hNn^p(fS^xRNXm(yRDrgiFpPiaJ!{kxS^%lqxzm+qj4mnuFW-!`@4*J
z_cP=E^edFADVB~zY@$><afnj&Hp^QVdwYjr^Ov!zZCO>pQfMM8#FVXiW`sbr2MpKa
zJS!f!%=@A}cY;#2#uIvb03fYC3zlbGVMtT$%ZOXAa^-IVi>*9Qx7ZdvR&QtGagRW>
z(acLuW9YOwWf81K__d}Z%#OXKQW|PqUi<kVrRv=tewZ)yG_<|gXuHir0#SRi*1Dah
zRBfmiY>p9N#u^1Lj1!0&#tK$n(1~_+Ae+rs_(r?7m9coKBv=-e&4p%w+86fnQq(U(
z5-rbuYoh&oBc<9SVT3?mv<NK}L5RmB$T^MDPz%YLr&>q<)BcvNxIjaE`FVeyDX=I2
z2afCcFM<7(Y8Cq_RSymqEGv=b>Ll(sAAqjbtPa`L55jNV)!Jf8wP%@?D@p><wx15w
z)s~WFG4Twgq1O5I6}jG(l&XD(^9grXcqnbHmmS2)h8rE5VF2uqrf2hmjkT06p*way
zEQF8pEbGxq8zJiR!_7?j{Nsb{<66e*{$ZT?-oyNAa6b#<Kc@>seQ}sTv=<qEkLv|{
z;nko*qu?-BFoP9rRuzhD6~ioI<Q%1;7K^kVm7%JBV5$1GQ8jq|Mf-@M_mi8W_w6~1
zk7uCw*%*PS>)is;-hxl)e5MSm?|k}lFY0Xim|?6l7gD>hk5YBATd+8ErjrNF{=N@J
zXvt?GN9ZXb#0bS~08EGG=$M|KpnH+~M1g1v_8A+#x7ZD~>;>2Lcc-K=8|DC|>Rfld
z;eTyCrCRdEP!xB%O^P2f$nl0@t1<UbTXZE<)k@K<`q(ACYD2?dW6qgY9kS|LOVx9i
z^{SDE-NyU@Eh=Qy981;dSM;h`Mpb5&YfCU^{mn%>sb70gAnGSW1)^=jc#21iPYc+m
zSJ<b0)%Eu^OPPExX7*x7u^wHI{6MMp_+F;}*Z^)|TvN>;<&;yZo@2inG1YLK{fe!i
zRNc>hxvx>Gma$)%*C|!EvR~<#oNkzb*6~pSQLBasM5{eTsruf~daY;w$lS&nO4Ypj
zA3yk!r?&me{BmyjiYVU@l?@jlF5plMdi*0C<XOw!<yPB7IitvXk0hT|GoItt>3<?|
zVJ4SQM;>LiA*`&6$#F-s1>*2^k0wMD;66^vvTVlWC)G|IxB|cvZ~sCF8BTmjq!CWs
zhgt5*M8!U34XoKTF3{tNECwiXqt|c`t$7r#Sz*jA4A9aT4itII;EqNMz{Y+D0^0ns
z4k#6_g2%Ph0d0-4#&~Hf7$77iyU3B(Nzgm%EQa&k+6lfeabbvHlA(MdBSQjYg!2?B
zFH|#97TaX_Ax^1QXS?)}<QQmPR8rn$!d~90K0G8i>HNv4pykn}Lm(Vrk*E|w)DQ@o
zSgLMzA$h|ZnAz?fzIPdNN_MICe;mtULj;2+zB3TED6!%eL-Bf4a30XSH={UgWnh$;
zY+t{C-wEEmfc17(158%|t_)lZb`eO6S}EohQ&I7hin5I-;AhxER8(ISAs&Br>@a_O
zxVy^}JZuYeb#xp^+__t9dJJkwuB0PlB>AG4yE%%Xw*X9sKlq(s=K{PF?Cs+2w<Y@?
zw-PDZ_DV`0hzjqcncu+a#V=I1OCW)dS(#?T{o$v~65fiyGEuGu;xKA|k5|z>`Q9e5
zL9|(I;)1XVF6VJ4)sFIYjB9B^5Qq3GFcgfuIy6zsk-zzcjS666xM4kOKBwkO^BFZi
z23kkrJ=jP_MERO1XP5G5y^NxAq}Q&_OB48b7sraSD+jRCXS|r3T|gW@2k^e9R8&%9
zM5SfKe1VAlMnyS%t!#w2`)zgj&qTrX>8p5s+LIG>cY3RyQ~m5bhFKLM#I2;qh`HAV
zhp&+UHyvZ$eowq4pB9w{qC)g!h4L?$7GI#=SdV<lE#DO7Kh>>+nM63{k#9;oekERt
zPVo4SXZFMx7F{Lzl)7@TKmzSd0k%w4217;`?|zJz#S^_r@;N#Z?pvI;881b-f{u)F
z%LgR+ys!9sxZ&#y)KaRQ#aQlzj1y^kfv98`>I-|#DW%%KBRN&}!05PghWW!UXfRol
z?c1`Li(Nnv1O^L)2-$-mO!HDEgXO8kj=Xz<r|tGZj8CR6)lbGBMxLNM^=lBVqj>hj
zj8$|eyorWYr_HQXIwW)SEr=pS{be9uqnKLky$>So=MpMH?w>-2qg<jsJ_ysYYwy-l
zs*ja-3S55ki&5I>T1*WkD)#MjLE)&w2ZH>_d!zv&YSKVJwipBEvU1i|hSgFU$X|OT
zoQcA%!^|9FrGX?d_j(v3jN|3rC~*I8uCCDTc~Brf2r$Q0ZGb?W+twZf5DCLk$jTW7
zX>xWEBOi|w3lr}bbww(~iPf7~<t!JK^umBt;wr%S+ePUNgnU|*Gm0&x7*OZ7K$j9%
z!3iw)=q<~EhzrhoyPGkHTmD0BnaUXUG(@&7cgw%I<v%l<i1H!0v1L~)2LiQMS>vJ{
z9f+xeIs!W@8AXzODh-lu!(q0~0|la;6bMl=ir8yyzd(qE9HMUrLn^DcsMsHP9x0f6
z-6s0&wNJp#(k5okI?_r-e`4e)=Gm&R-Oos>eOJpPQRb)qxHp`TwRa37M0-ZyqBTGD
z$9?Q=B6~a5^7bHm`z(74iBRquz|HFg)h4_ORwj#;X^*i^uY71;jMy<i-&&fs%Gg@^
z40KxD=d1Z?*@u}S)$o1}`!+l<eE+JDw-oM-w4SZ*Y~Ud(_HeJxR3DELFcIB#XR-Qf
z3gjZ=X>ZEmL~qJSIDDV7@7<7%EVNr2Szl#o1n*z5Mh00M>762w)E^HqQsgmGT!gTZ
zDK-l!O77Q5G5%eH6orr?FYZ5|b5gv{yb{`<lj0#fBz$*hEFX!mV)+<4WOR;>-}@si
z_`T9!AX;PW`!gRv-w(bM66$N=R;Y~->L&(N$qF^8KkM~T*6U-#h)HF}rGa>zLCV>8
z3BFfi_--sE`cqnu!2His1tM3Z$w$=-t7|Dl0HI9MX#X;JacwzFgAoXZhfyswWQ?}^
z2Bqr1`Uj<0o>oO^>W_z6^Zyz~NMH$qDsdH!8pbAmK{?#~($fX%DGy;Svr>z^NzDY@
zfmWu)QOniJQJ~rlNj{%S_lUmY%zm(iT%Ng0mjb`27y1h%utmL=Y@V^{RL!trvwH1C
z#wr?$-DPT2GM*;xC@Rq-XB!L4t6#;{R#<}h<~}qmAQN+tLE`YutD;n!1_PE|s^%wi
zTe4i>w&cJlNhv(6Cy2cu=w=(?2h}VFnZuV^$$&vpyCNpd*B=Sa$XF=J*~>h>vzfCI
z9nUg0VDjZOCA&xyVfUp*ZIK*owEiGiOhwDlIZpwcoBIYf`pz>`(Ot3?&(38RajVAR
z>jB}ysxY0mRY)tIWlZ$T-U4knbDcKyLq*4k*@Gz#QHiFr41!Mh7ZUUxCeo(xvJ87&
z%oia|UHM)I_(9pFYIo?#A!jjfFh5oP!{e*WZ0qKMziS|4>1LJQ2bcVLAgvalHJUIe
za*2BEJ^^EKni`?(zWT}Je!Nd0X(5uq72PwOkoCu4a~LAR1zgU`Km$n*;3B-PkHMN=
zs(SAei26+u7bSCTu<0c#_Lj5wT(-ZOhB@yZGqlF`VfxxbMiNsTC9Z;Fs3V6AH#Pby
zBtm+jcA%P@3`V>#3iPxWKC26i^kJrgkE#Roey-ygEJ+S9OGuNMGT4@6y7L1rQK~Iu
z<NCGb?QHgTGDOoa%E#G!_*S!-HK8R{Q@Zvr2$4638Tk~M1kqMh0hn(Yn;+KMywu9<
zTC*BTQ#VuvSLEhR)6@;uf<LeZL2qmKqx^hfCfZXs?m>HM4IxBT?-7VLy_U6Immtn<
zni}+><#1dZH5gyZs^z&St(npCS!Jsp%4c+2aIZ<Xix()>wp9n$#af0O*Cw-CE=#TO
zi<D~bT(e>{1TfOnn&4<TA>!4l%r%gIcguge<*TBcU8b)rbbbs>Sy;`P&IAy1wL7<k
zo33BZ5Qx<8SY|VR+4-L{1d`d*EguN<MzV`aMp+=0Ia}TC<&th_$2!qQX0tC!Mwy<Z
z`>SV|tJ1tJb57E_#3Pusstt1xy^n*l^l%$k;lL~AqJLdAIK<vkb;>am93$JZ_X}c0
z{~Gp94V2i3yjc|!`CNOpEkqK{`=%{qXyoDqx~MCZvzDBN#g<eUIp7;p@PY>=5~2-H
zgoTlqm3rW5uB^|aY;R+YTvE{nIwC1E%G}C26<1nj!Zj{$vHD#i>z*jDoJA>hEDeX~
zABlgw9RwI0mGh3gQT$p^iL)F)k7;YTq-URIM0^-uVDOMPVa%S5!Nby7pi2k_c;<3W
zO%w=ZQ1LGi)ZvM`TF8g$9RL>AgZ7z#%?uaiRLD6c@0H|*8)GpIRp!QcF=!j#E&uMw
z>)96bf88$-)srZY)D01KJUo)zmS9+EWB<NiB45<$)mG2_)xc&1=WJ@zbJ4d!SEU15
zOCPV$*M<_{eO!|dIGEeoTGxi&WncRNjYTE9*pc@!f{8>hlMFD+As|Lvm7WT&b9*b8
zv-Ub*uEI$<`(e06n9{}ovkc>_l<8pF$63LA9aRU++Nhw!L#37^Db!i4op$1d>VAC%
z{cynfS`4z-t*?ND@tvy0<5MmAf~c=~4^Vn>IY%k)5T*~^oo}8n`{i!k_MN!guzj~c
zFzvXXcvdzab5hi>y983=S_KCK+4yaNtMVy*mWNzX-_ze}tj@=P+c&4{y60UNH&&TO
zQ=9_Pvijo!%|i?!3t@Z@<Eq!Jw}L~0Ln_dqK!$xVTHdKQF_Tu^!h<Z)Z$vqx$dTuQ
z3igxW&!kLz70D#Y-U3OUy3FBAY7bWV@2hy&`Yv&LShmDR0GsUMx{d6FMqJM0mI=pv
ze^-GcZzF`~gQd8^)7eZ-iX+6M%!&o8&%=N#55-_w#4wvX7ndSR)FF3463GILQJU&s
z*d<JT-^nHG&Grz*&Eu;SmF$Ada7lhXHcdV($qTo}ii#f)kfp8h%+F&u=Mr0L?ytfy
zIqhVuSm)HuZib*-Df&~YnT7I>lTFt~c1#n`2oen;E3ykba+PJ;E^!LPEgu9BX*`Oe
zs4xP*5{2a<#cSScQB3Hb0~@RY3=j3AKD--epy^^G7@Z_<R!2B7Q%kbF{}Tdn<lSc{
zL`t^b3lF{Up)EYbLtNt$R%vJ-sDvjdrbFl^COlf$LGZ8GEGmgx^FuSp?x65UdyzTz
zfiIRa=>L#8mS*HTd?(;j^j1h)x6P4vF;34&=P4AG#QWa}%^SWr<c+gIyy3{38)t+g
z>M@P+MavG1FBZiD)1^S<s7GUf@qjNPXzDsM<yCj+a7C&=J4}7~PF;L21<1P?gZY^2
zP$(+tOBr{}k4=+RQI<AYxMLIJj*)NZ-0>UZj?;BAIYKi3ALBrn?@tnlnsX=Pj%Y5-
z83|z6jF=VA+{xu$yAE80<BI&75xQ)DA9MRlaxF4Les9hUtK%?}gkdeD-6;?$IWci6
z8|<+V&N;CUJh<_pIXv_aLm4@^w;tPhUKhQwdoX4e20f9K6zy>^K#HV(Hyn9gBaFae
z8y{zoYGIZCkQU2VjW_qMBa|9J%H72B*Xj$U>(-D0c{Ld1{K3~k^ISy7x<aV|1Ua+6
z@HX(>&#%-KN;f+|w7DnWhCsfKyr~_Lyi6)>c`Y>O*`XC@c?h9&rGp`qzL>(8Z(c`u
zf#$>49YI3HpwSQkLTN4c!3t4274%|`iMPPNAWUuCi;v)dj{NQiWQ`XUPeEq5TOJxK
z@Ab&fl*Ee43WfwvFlwJV1z9im7XfmJLM%LsT)M9#u-%k<1fn+Rg*ikQc0|!)Ng{f^
zC(Hz>@>xey4&hxB(n~O8k)+Hh_S)66Juz>sE{$6E<miv@SYH|y_td4)7n2!_R0HSP
zKY@n;KD-PM6=8-n`o4!n8m%y-(GE=T4a~SjRO}NbBQrvn#7$uaGxnXV$L%}NgQIr7
zd!4z_9XfHD*LdnN7()nKwpWxhawPwpc<uQxjH6?}@fZ&V#O#MNkSM-HJ=sGb+M(-|
zvLcCl^&%0};rp2<m)y*Xth<TU#kW1`Oa>R8i~If6`jg?d1nXqD0}?bOx?T-E8SY7_
zI~n>x1^aT4s444|x|1O-0W|c&H@JrWA;HklMX!dQ3+V~BoC^#Zp9}9#VszY{z}SB}
zCNGZagmb}2UTjPToCxpUVNQgwJNR(Dm7r%ZF2D@Na)l%>yr9njQ66(4UQ}96nZ#y*
zz-9m@3LLYy-YobR#^TAiTOa^Gb%Tcs-`xp(E-2ZBmich{c5^<o=~Q<<T)4g7d^mV}
z@O+58o%iB{g!=QL@OFJZyfcw;{X-Ej1>S&%;rOr+9`27Y=EEo5E%RYXSA9O*6%jli
zq=}aK(8(0eT_y^|3vt|k?aona)eW<#$eX!86MMT6hAZPyHi+vx69Ti~5YK*4+1>29
z!}nAbrRuTnJfRh{r}uQ%lczp<4cUJS`#kCzoL+6K&!sOPwalg7H*qe#$x0@`L}4Cd
zrKlv1`)5c8adbOmc1RSOHx}aU*+(;&d5;M2FajPt_~3+xfr3HGM{l!`QtCvAYw0PZ
zW?zBSiHl`=%94C3O}?fc+k^h{CGhWDWs-lE?lZIgep3W)bJK3zZ9dH1W)(ftjAbEv
z6y46cRT=}qu)RyUZ<?CHw@V+&V1sfX!Ma@vo1~?%X_{@>EA`yQcb%&c%>uq@S|};m
zr6c@(YY4%mukt`s++WNsvAJ`%M&UlRt5mWb7M1h@Q5hB^Dv9eSFu655$~#}|SL*Ql
zabd1dRET7|pl_en355T1H-WgP+*D_G<^1+fIOMRAi?0|+%5Y9p(u>{lZ**iV#5{>K
z&Tl_Wk)?9G2}FC8P56GL*{xZt!~EgZmNvaF2lAN>ZA{3i%S0t(sn@QG-2@_;Lo;s=
zH<~KdCf~s*J>3QO7v&j+4qrq&9H}1d>UoncC)El%bLPD?o(EJzp7H%!gZ#U{t3b33
zH7Mwx&^sNMfa=^J%hz26BOl2lY&?&((Zf$Of+i-v5?c6rT3FS=$QH)T9yVUrbeFpD
zMic6;8QtI28lg7l5%!dw<M1W5(6wDbnlgorbbo*7=09y=99CHkZF>qt|HJX3lK8_v
zc-CIIMBS4`n4{YfrR&nKTM&}E0mCm|#R!PY|AFw;&$4*L#SZN2pZIl={?(6w5;&lV
z2@DWMUHlx2j@OG$=71haU|(OsuP*&-8UpIf0i^<<aHe^l5S7Gkda*bTq*nqVUXQ3G
zw$Q(XA%LzNz_hLm07O;nCMt<nWnS#ST>Re05=*ha4`b$S`-dw(b?HXe(yJD6A}Z;H
zqP))~A5I;Yny!9cMvPF3OPix;5&c=la@>S(fMdT;(09a_Nnk)^Hb<^q++1JcHC8{g
ztMQy=2Rv+%x4&OQe!Zi!K(vk5FwLFJygOA6Eu7k$;udX-7>HwNKl~6Atp7p-t{fhG
z_^=)xvP^3(kYEwHJ3ClJ?lWQkRpbub$!Lpd<O|yAVmHeayHrj2+D204t?C=`T<)%D
z$1@SU4HXiP|087Iih>01+IGf*;IHGj&^<PeP146Y1PR?r5W6{$8a8{CE_NHa<tlY&
z0-Id5%$#xihs5d$rNLY>258zcF*iGhIDB{D!L0(fG9*S+qQ{OCh`Zm2D35%`;kye~
z-L^XX+gao0k(H%zWQFN}n+PXX!0bwf`*+?#hc5<BhK%H=R$hfuD+6QQelcEBk|f2+
zlRsOQNjfIrhD{`F*kpDVmF!Z{M>FpO!=SH9;{_7v6%;>Sl255>JTN~i>fK#uy&TtT
zT`{msSqmpD<fEbz{rOmdaA7|hvf}e1m6Ci^lCRN`v66gIlD(xKxrU87>rh!OrP>fY
zpH=`?)@7QWBgz%XlR&IWR%SsQr`Wr3eCNm?egOjaiOKfs>5L~|Ck9Ur@5n5{iF{Em
z@1^)ULbE}<8Qsx1!y?J2^pNn`@q~EfGoqZGFUl(?QA+t~mZ#!*I>+pMx?&PvtMKiL
zCq%s#hiNQ(vyW&+<uc6Y!RZx!%nlLmNczPnZ741PHc!Xh7JnS>wsh)Fh&n$`02B;h
z_b^~RYtbRG4^0nNRm-`lb!SI`XfNHQG<8Foor$-ygi(xO89BxVkR=s*zQMmP*eWb=
zZqxE%zoe}5C?*XVj9?zm$7J<69$7_jOhL=P@XCY2nXJ1W=6HD(aI}5g7=3Z`W^cg+
z#dp})SbfkQ<cCK-Q{pNMA5Hkcas0MnuHhn0wIl`4cWz^RRN^X28qEgkX6lAXc0vLj
z>laAX3p{3rr4Cr#P`m|NKBT_3G${IZ!1~<Mr!bM;%F)&nE0PQL9%H&2dynbX{y2->
z%>3A_?rz5uDc?Y-9{G&c37gt69MsL#@Ot7Lw^j7S)kOex7R3Z3<=T;0s6JSN>NVkn
zXusfbjXPe1yMoG#_3sLP1cD{S)lDF3pgpWn-@xd>zCee%_fz+@=c`hiI^fEV+r_U4
zy2?6Yv#hdr9Q*cLdw~QzYHeEvwCo}LOv4EYB&i$QnR{@ZPEuC?T`Ul8H#3}<23nW6
z%AUdx#QwL*p>1ysl=uv5+U<mBFml}NgdDJrytEEzm&qmS3u#bc304sPho+uvO^AA_
zEgXZuJtg1gCtw${#8vhU!i!)C9D%FDH3lbWKf`^(smpLrr^HpZQ-Xco9eP{G`OYh!
zf*x5l2&0X%1w(U|Yx4nKrE`Zmysb&y%e<8mS6PKb_y$s-o8?uYjpacd-$qaS5XXtI
z)ZCvfcJ6SNTk&ufYde9(5;rWyeV_#)_cJ1cB1e7-F-q(`N9t4lkDiwOjJ2`AFlUf<
zk&Jd9h1HWT#=Sh(QV8-{gpod7#U5W}<~`tRcgHO4X>#@|NRoa)lz&n01={SB<YOMW
zI!$4puIME9Fl_^EWcC5gc!$L5Z58G80tUs+Jmp{1D{VN48>~KaktF$o=qq;1dswN=
zI5;)XT4Z&h!e*m_BwqqS?W37(L9w>rMOM`*vb27YY-<tbuZX^F%og*=Co-Fhxi(N)
zf2d>Iz_GAEgv&|Y@*ZX~X(cUSjP71!?p!r(qwidOG|$+%y6+{}xk`SC?_8xFr&M*f
z2C2|X-?<tIX;4z0pBHkZCwH=rbmVau=|Lm(kv?$;&-z`AgZ+CefoS2K0KMgquOuZd
zG~jS+f(+jm$1uOOM+f|J9l+jJz(xKCh>pCrB?_k5O%$)!{wMLO<uwOM8kKDxeEYq%
zPQuAq1_@h3wz;_27dZ*VW0a~9fXu34ItfQ7;Q6<#kSEoqCIp>S!=6&fIRAFL0GV^}
z{98+bXpy*%_sl{(|28)y)cw{ib>A8cgZzmBRkA`&Y6-;49z}Gtwe^h&Q5&{01xwj6
z5ZjGCP^O_(Y=@+#*1s7cYH3UT0w}l<zO@J?7NIm^Eqw-usp4iXFq1St-bzo>T>ZR3
z=^1&Dq<Ll@Ptv@KQTpu`-1xr-vR0&&Js%<!vLkOSj|sgIrfrGC_XJY;jo~^y`ghke
zBKK&)lqX*b$k#=p&N|2SUKc~`H6^16H~mUnWo<o#Xy4qRRNc`+AX?XBOcH13m$=H>
zdkEhf3<jrlf;$v(vmr}LO7qajcZ;=TCGxGtkvud^$9&0cI_A$cN6a}c*rIlKV>oK4
zU4&b`-lYsD1Lpw@=YEa(na1PVuSY3$%T>-DYGrdhA_VScj=_=hcnlNF)K$TB*@3nc
zqo5>T<5;|X{qI({0FdO1+LY_eX65KU=mEAfP1bGN$j0!60ajmW#+6xv*8gKO9LvgU
zl&US7o0pcmW3Qh>evQ5r*K3jk2J(|ElZoGLj@yfh{q9VIiHlxfFQdPI0XIW^mvK-E
zJn~7ktSRT^jd2+NIWr_X9E&q~*&|<JMytd3C33|!QRj+hx`K*D#(1cyKrA%7m7$N^
z9F3%&!#Lx^YD(4cW&+XX9A(46zj-~DWAT3lO;kLE+C;dM7Uu^!mC}1o$X?BEY4*zD
zJB*>luMgF`v$Bh&J93P^nac63*Eg+-V3w2SM~z9C4^sk%u-M8F2BIr5cc067Rx3XO
z3y63HJ`iJy!AVv+{5wS3^=QDrO@NbmP(Cn<S*mrX!M0%4RLuN_z0Msj=W*~DSbN&T
zCJ^;Q2j}#WE$YsQ&{$~uDk)X_S$a|!0C0DX0M>404>}fWJy26A$=OBPjK+HGz+dNq
zcabu`zIPG8*ny|o2t@VAfD&xWw_UolsOw#1#c=Q91`ih)NHV;O>4+7pjGp<kF+ynk
zJn~7cI*brCgOkKJ8awtff{43S$8cpKyGUCPr-RGh8$pQnG*ep1O+XzEMO)%_M*Gpt
zV89>7S9bst(Lm2S9>$#JhKJEH2`W5?6?)e9Ftp_kLezpLmKYF60FMu`%AL2uTYG~|
z%4eGdE7q#RP`MB*_hC4H07+TndS#k2sS%@*68%1$YIVnoa`aGUgvoYM&nmaM8Jx1#
z{ya>n+OUa0w963CVFu3dV&>&Mz$Q{3i!ZJV0-R6UIPksVzJZyZlJacG34gYkC4aMT
z#$lN74bt=p|9QNw)!u4sXtl45mbDDM`9iIbBZyy0TxEYg0FgYnJ#sc!QswJXAEx}Z
z%iO^zbe3yR01|wcT)o=ZR0D?&8)D={aPLE#1{M{ly?;5V?teEZSUuj$X_uL_;oUm@
z0Aobhmdnmp-*3c6?1!d*2dDvs;lNtZ8eXPU?GBwRMmOy^u+ZF*z(V)2_Fp1|s689O
zbSS|0_cMQTc8RO(2YepDo+sCt2&qktiO?z$7dfzWsvYk=)M4qPHbT_58=032E+8&v
zvDV;_wfOA|#gzm0X4NGey;QmfLdh8?hDu`aN(WrU2((VkEwS-(`jT)#3|=j;9B8MF
z1md1T)sGu;G8fj}$~q^>M@9J;zOwmMB+qfRib<=DjRX>SO_H;7BqinTOpup$Z+&_B
zSPaO^?^*~%%>Xj5YQg2@n=y6erPzqe%jaTHUaq}cmzPir1?7-N!Yu{4PAiv_O7gK1
zS6L$_^WKPn5ptvTKQt7rO)5`|sJE`tDaIJ=+wTTYk0B^`NKjf_v~HW0xXQ*bGh-8C
zu)3~>4)XsE-qvhqC{<@RFeT@n3gDLI*sSyy+@einTz^-CVBuMU^;cni&tKJ_hO+I#
zOjD?S+W>^B=P5&|Hp>E`+FVbJ*U^EzlS^!FxkP)pf>QO1D1m4nR2Z`1Ls(b!*#FLC
z)<&EMlj<qJBBlJvkP>!)!|FG*#{3Z<-){uEXs1iqevyWReLonBeC=5<A<k-JDp1Ix
z_u#?7D;aeQLAy<tV_N<>Oa))AHLKv#RX=y3z8YytSU(QI?ot1<d%<wgQqKL|>Ks5|
zp3#f_qj<cQ|7y}|%g-{I8NrA3O7!1t&1j1uXeghhXCVZrq@>K71tQ|;tokD2Q;aUS
zJVqeueUTs{?&TulP;^}p(KV8bh;O4&MC9LTh=_X)5z#qPxFv&2@>C`sL?vTciK}eb
zNJ6xE0wF53>xu%W%ms9eo_G+Z%s6fkjZ$eiD2sf2Kb|RvCreyqpW^cb_WW=i`7t!w
zkRMuapwcER{ixMy(zZqrqGs7m9pOS9u?q`Nw3`?ALM-uUU)un*3$4P~TUv#3HuPWK
z%Shmsw`%jT;>S!>N>RG<FL9NfVfr`{LMGgYZ|03;^FdTHazf3CkX)tB4Nxk|H`Ky#
z*i$b6l4LaIM>y(ScAJkuE=46wEOC_@m)+z@htF0)saACmVjbTx6WHn1naEC(vML84
z9Czd`zyOD?CIV3dFjlL^aCTbP*kq?vy2~wZRd<K;3}vr2#>1jwFP@<ctKp&Ao#Db?
zk)AOO=coG~BqY$Y#8sxEL*48zybe@SqCcfaOW0yL*FzwRw@gW2rT#0k7QAMN6d}8E
z+;WAad^C$vyl}EzAO!9l^Ia~>?vF7=*&qcv@%^meucDHk<Cgb|@=m-0Re;-F+9Hh^
zV|*eX7)3}RI(5T1e0=i3TS>x@qYgqmTf>q6R^amF=|+4LvCgf+95^@aZ)A==UMe*A
zp&h=(M<~^vMGxXOw3-tCN{?;Rpy*b{)z4!eTH{1|koEP>oACKp_L+Avz<v+M-xt|$
zX8Eb@Y<StTv#3N*Niyyx7C($frj|A$L@gl#?syxCWZn}XZ+<nuf${z~1n-#373#EC
z;nc%sVw`$#_~r|E;^B26=$uX=2r6U&lqrczr`JDKX&1~5e@V_RcH~6~aG{Cs`yano
zAP(OKxZg4{7R2XQut)zy3?3m5@1kG-(QE>SF{n^0x)`T?9C<x#4B%mpk8(bA<lSw<
z^Lm->-MNv}dUq<b3*L<K_6#IRa*4X!CXl*iyayzis`G6yu{^%YOvpLU=x0|Sx4{ai
zHQ)azc*U5tH0TOuKO1b<=ZHSWa>a&qn_%OI`YaZ2G>l}>d9Le3zkq5MJ4xUuHEYHQ
z|F8qzRWgk95#9h*@jBcKTU0`b<qjx={SK=WL^9uRwQPbh3kwX0oRCvTlD$llybJrc
zXC!4tp{S%6XnjuNWV*Kp8<xFpxx@;2PA#Q@57qmqjac}=S6#!neAP5m9VM=^{~L`b
z4h(a5KHSV)HN_~AG1>^@VyG63ZWN@`UW_nwTFdS*t)}v&vk>(~+!1XvI>fG*8x&EI
zM?Rz7fX$VR(m)H?Q&KWYb&kQCYA`%Qsg0;F*4PMY>QaaAmq>oC!G5f-eq;8r1|U-Z
z+0EFseiv2-R$$ZWZ8bI~HA`G&x7SB1(BHf!ySLUxM8z)akP~}5%xkhoZUPiZUc)Lg
zVa&)YUqg$C?}EFWXJOwx9<_N4Q>rJ3sfpAXtTWuu&q4v$&fI(cJDWL@d`v50!fNJC
z8;XQ>k^jqP5c*22QEdj?9WC=B0yZWp$KhJ#%)50GL`4cjZFkc~w9k)Hs{VA-#D7&O
zrLYiR;wo$PKq!MHi2Lq5PO0j%)c=^(zrx-=Yk9kuz3p(4QuX1RHY5If-p`b3J5B*|
z+wanmdpbfO>Y^Jqq8(6~Eel|9(e>$HDb-%Y@Q$mD3iq)Jo*TA0CbG67U<q5c?S_fX
zU1y+skDDuab!ZHdm-q1Ya6;5Suk&GP7D;Zo$Y=3gxiP_7&<^0D=;OHV)q@SlWab{`
za+tn-7<=No2_b!?YZ2B}s8bjTJ=dvszFQOBM{0T9_CM|laVzmF#?bE^p;Z0xy3L5O
zo&6i7S|bPmYVT___j|ZN)FanyMC*b6%ulGv2eNM6Ku=2j<Qk_|%`S-Dd$y0Eb%#BO
zTKBy$Lex<V&c0oiQR;l%9Hk%6Lj#dGN-gZ6W|A>VMK>u`oqD_Fe_^!MTVY@gX!qg@
z>lpN}#X5G0cK10-)g9G*z+MLrJ0)U#$N~G#US}t7z#l-wKkn3tIJ>bvW{*|>uVcoI
zJLUyzrw>u8MqM)})b8IY)xN&~&E*))wG9)9+N;_|w2K!lwEnKzr1hLj(ETAenD>UH
zHS@c)b~ZxPZB?AkC&J0!bki7QZO0X8Wer+!8H{C~goal=ZfLLRqY2TnQHEU}$vl_A
z_W!aI!K`6tv4(N*1|xm0jzkrmo)f$qR##UCS<%|K3JZN+ud*4w{|A==p?eVXF`;=;
z&d@u|1<=vUl&Wu6a$@ZaBY)EeVa;eCVUznGtaGgFR=Y8xl3s+pflV3hw}Z@7naF*C
z2l)cRUyy>?sQ_Rzt1cac=9`YviTaldUd$E(3f_c>u=X20@m!$yDkkf`#2oa=S8YUV
zQH>||P~%GSHLi3a8byh#tlH>rs0P6+c@iT?zS~o0@P0%fs>GoGjNumkV$<K4_Gg%~
z9C(RRb?a4gBD}YeQmxZwN^d1T>Ok=`*?IjUrD~1^%KHq;YX{*J^R43$m{79WZ2pEp
zxz7US0|w>Q3ZwUbv6!##j9T{jVQs6loKp4V6<vdZIBK$)QtkaiJTArmzU2zz+=~JB
zU$GIbCGP7s?P0`!t+f$#{bd``c2@r{xLdRl;NF-uamN)?BL%ins!<&L_wO){MX=@`
zV9hnW{=YP55v0)E%Ken8YcB_p%D0VDEfubY+WQzS{#;`t>cLAkq7e)l+S2&+CHu6A
zeQI_Ss8@%Bk>8ocs=aZQ(sWTiF?u9Kz8M--38`CbnGMC<qNQ*R?OEo9bYdte3u2gu
z(_AbW9D{)c!IZv<-}>m^`dGdl#&1dbw<OEAE%0q{6hu$j5;Z=9t{TWwQ?9<mW~|r8
ze!q1IXRjBGcUEq*^+5GNGyce!(Qdg`R2IjJxg|EW-6byaUV(TdTinW`?(jjlr0c58
zMR0LK{S=F4&K2d&aNHci77mV;<SFrzyr8?Nq;!OwITh;0ODK<(FkDgyWB%OZta6k)
z_kQAy4K!g$tE?D%1}AU-B^#0C3(T_vzb<wC>kSAA3`|}B2Kyh8y8f*O%nLUB(N8Yf
zz;*2au4}9$(?FBd_5W^wdE>$7e39YoPkEVH8~*5PZ3L1gSN<@Xb?2?gkY6b9^0c7%
zETc!d<vnh>3PyS{3}r(}u1uwW`ii~X^$|2*wbTdBd?h%GVF<7rj*dBO3;_Pv(HyL#
zBp$nsdH-`_^r)M<OT6<UGKwV6=~MUHcla$ylIJAV{r1*H8*vtoPkod%Igo^iUt1|E
z_Uzjj|3j=;$GBq0?Jo9L=(ydrN>UcZh`t>TUrShPpb-w=a}YK(dzo8-dkFcW>{{hf
zX2whMjDl20%#iM^F8h(h05RYF`DXlzY&G>ZQKj?T3X6s1knBQrY%{*j0pEM--!cAe
zc9D8dGafA$zBkstpMhhdQ;Q{KMyaTH^5Mq6;#wvuSuxQ4rlRaxrsiK@<niRgCs~Y<
z<XN$joE0z14|T_d7bU9?ly4-;o7E>-ae1#KPwK;Oac3o&Ux({orzbg!wT%KN%1aXj
zhT={}7twFuEf6wnO5-BYwviqI8F0=9w*ZvH2gfl|kBwz-53`=gu2n{Kmu3KO3k@W$
z-5y1VHb@|3?GE-UiT&Eie)Wd?4JPT~HvCx~{N}MH_!kg7F85}_>E53JdPjY@>cUxI
zz)>u4`XQV`fD>=yD2{e3Lk7Yjd}T-ylgw^qNFSyY-O7;e;85M7kyhA<JC}xKHgV_D
z@XVg>Tx!o85_nux5+|pd4Hut-hKumxF2ROHC9#R6%-dL|n2C{R`S%VM<QL-iQuci?
z`|j}_cf2yKhEma=STjr@lHWdn8PfjrRd9{(n)-SRymS=_{D;FMDKiSRJ~foCEsi3j
z$W90e^j`Y|`yI}HcUt=m`^`jRpw-$h*l&UTZn(C9{l=JM(Q7(0#QKSHco)&17zWL@
z+*k!-=xmjZNdD+Ms%<2-C<0eE!p_)8V4#Q1LB*a0m6Ig7KdZbIYPHP6%7s{&!7wUs
z4cN%qeNnI$KMjjDX(<r7;s+O#bpOeyrA4s3uS919=mui4r_Af96HHBg>a2~d-4aDe
z;M-+=YbbrGhSHK6O1soj+P;?37PXW%uBB9$FO@HSN(hPZ_H<U#*ZV*$wc^Y;QHhRZ
zt;k}Gs5BL2v5zQ=Nn-A%Fi~!ru~}5?Nu3xHiK9FMaqghYlCY+CYv72fvlx6)v9Ifd
z@d<*}S-p5#xo2YCa*e1g?ykB6T%!db#NSr8k{zq|4H&jsUKLEM?0B`KUh*82+_Hg@
zQ{Ak;Jq~Y6+={CY?zIk$^~iJM-SWil9{Gtr5KI~0C%F|@68}9=R1)(aWc?cwRhjb{
zqmLu+Ww?)HjVG14P?FEnGByQ$#hHtx<gPmt1mehhgAjtLH<NWdnulXQm;jUHNwGX5
zyK-7zeu89w5H%pP5mSYk&E4{$KsM8<F9vL|8tgqQ$yCi^Px7I_WG1Q?oJI-YEB3x1
zD)t}a(G8fXp&{{oI3enI4Ho2*5^xYCrE9MQfq42&?c?nrDP807A;#NOQo1(Bha^Yd
zE?97zS}H2`u`qvA77y1WGaZAq@UBDB1-^qMph~x)jWOi3jjWB<*V;$xBj}1k>JEt&
z75k+J5F58VBwkePZ^avr-4TdQr%blMqXILc&5C#DM%pAftGlF3Ej3rWr<}Ic3pV(`
zX^{P5?v_~VLbGCj4K5m`d^t?-&wt>&vHis{eAnfwzyq=865gdbnvM1NN=H44dB{%1
zSvtk=^vH|4!^KziZjJXw2;(XKTxDo>&54(ku5Wh~h}N4zD#dLVVD2Y070CL^hJ^gU
zgqQl&!?n~|uJy!K)9QwV1R_gZW!D?RaYOih6H@seG#A`QXg0Fet_K+}O<hmGV<&j?
z(c?RtrpzcaOpkaCNa*mjwh^N7P+*-$n1>pUs9f9Fy>9cqz-VRwbxj_Ptl+y^L#f*4
zl#QgW=N#Z2Dk>?%-65B5HVL@awgscnLL_l}>khhg{{yT}?ROTdpPXd$pIW+paU(*s
z?W`Z`UT6f1A%UkvC2j%S0!TS7hHU01o3)v7*i2!Z-ppvDnL#IQ1e!qXS&M-uQrErQ
zh#*5-xa;C6My^U$#Jb6`{}kA&;pbrxCpeg`dQRT2UK+>7Pm-(Qp!(n%N;Rp5()CVg
zEDFN$rTl&lYITEJm(=x8M{89>Y3jOr7!FYc_gcMg2mU20aX!f$ox!YOC3^o*<H*UE
zkPFLR2>)DoYkNE1*)P));J*6Q($sZd0vV4pN_s^l&IvG6-W(c|lGTKV$S)Ifv&)FX
zcMviL+NZSFi5YQCC+5}THnM&-^v?mr?7F7CK(rQAZ}|sod98!+14M9nF^kb=CZkPT
zs2hPX3bX^Yl&Z=JUEVo-|GYt|b~k(b$#I+6$jJ71xpJ|nr0g0Jq8FLZ2KAsF_TasC
zdJod7^&Z@<_duJ-nrU*vMl2PNvi1q36nd&-b?rK(+C2<?sMw8F+<iQ#;wLvK4ZN)D
zUokmxWjldnjuJ71RTg_l6P4(D+oAQLh_RwSan~6zAk;I=K~Uc~W+Uq<CiyFeFVPno
z3*?8UOjf*@UQ3<D8JpD<uBN(+xrAm$i;Dg3cDg1O<r1~m3D683jF;<4V?qL-O|$B6
zLqCrclM^quW%}(g$RmBlEmJXfQ4De9&1El?30-2v+%Q|}y2koRmDl0@;yzr&tOGht
z?BmW|*d<1AEXn27;vuXbt56VzUh!qS)dkshl)Dg%?EFX__=Pi%+lWV=+a17#IhH)n
z!F4yly~V+O7zA#<4({F{a2*j`EPxAlEP0ZH>tld>g@a2E0@p(acOl#guIw0qiwAIa
z$C3#gT#^Cq1*A?4r_Q^_fI2ZyA;Pg_2Cp#CsPHeWki;v@#0p7nC9O+L>N=3Oxz*H>
z=M95jk&c(Af*4Qy)m_JySpbkMH-zw9q%X{f@30hL=$m?B#~7z1=DCGX)u!qBnNrs^
z(bfKwa5Xk@&~P42MxTL)@b*oZ9;wK>y5PtY!z_OPD@U2#v#?7{q+?0{FhV@a!Y(4{
zRUhR{h*KspRv-@FKfok>6u0Y{)!<QP^6h#IIK)Nty+>^r$GAe0udBC*8yCJa$9Uv(
z*afh_CNPWQaWKgmpyY28a4-m0kJzlL;N%gQMt`=(X@tuLK|9-9jxb)Z!1jK~td`YB
zK;?ShPTeqPES~4_EfWaQO3@%mY^}?rcAAZ-`w!U&POj7q;bRHW-V+FMQnk}zZd~}#
zDuLq&Th*rz+jNuC;d_DyqPp*hjcAX+rSAv^;!#02RSz7(m7(q?gxjqUCU6MVhiycA
z03b9S%R}R%k@IGK2&WENAUw$-e9ItA00?avg#9)`(9C+MK7@~~5T54{G8u#?0YYa6
zA)i5Dj-A@7K7=V&2)P`>T@1qW0HG&?FqT08OKVp}JqQU_2(vka3x{k(n+g!_We{4}
z*toda&jvOg%&%7c8NCwB^7c7XZDDwm|KXPU*nXheh+2ElMp8G79LsNPtM6BEp^|lz
zQZ@gejc9K$)9N1;fQmWMe6Irv<5|uBV>PE&*ogK%yv!JjvuR=AadeBS5AwcYnhn-B
zSB1?uwBq}KM<{E-`t};Yczi53IqsF@szAro4b8_A5@?dTq5W7`&)d*-ESGw%Sk3(v
zHWFy8b17pn(Vvoc5;W9^2xiyRrpc$(V<VV~(zf3Wk*{g&Xk4BB3|41TL}g-(=qu0c
zAm-i>n6-Mt=54D?j15F96JwR3?Zu6UJBST7i}GGrHWPj2Sx)v#yLP}v)HelGfqmf;
zZ;ARQ1Pz0s^#00*@pgvrCQ-2$G}i}&p0E*h#sM1<OExo)JMck0eK=;cTmDm&FT3Sh
z<oyRZWiwEg*hKlESnjICLzs=AV33)~qCaKVNgGk;AB5%K5x_1dojd4Gw_KvmI*5y+
zy)YEVeSq$;z(ALi1_tXz)oBM{=ui?J2((b&D@P=Hx||f>G7eUU9JCQr{3RV^;;-6R
zp%oSTPtEkMPh>dFF1HZ_LSEp<V1Hg;U*(IdQDSmRN;83E#)wK{-(~_)M;~Ba%1jrP
z!7+*$Q@JrJ(_OhS-Wwq)b7BKwuqFIZl;}^{$>=-}N;`c2B>J4ebE`mqUwP&%bm8=c
zSd>-A%MEI8<y4MkT1HZe@K__w93uKtX0rxjp#krM81%`xBbENi;74=#eSk7=GRkx~
zU?YKL>iGQ#yo<9uutcw=UfT~7FHoi?^Y01Ha$ua7n(EX`VD0tYZzIlf%>_#}_NR=G
z;p}7U{WcOP39_#&`w__TO^|=~@*MzC890eGH%?S?a=1Y^T$B%ip3Y1KXA)w++}2be
znI#;GcbKR|UyT6^Qi32NiOr6~EEJh4mw$E^t7G=rNMN}7^gig1_W@C{Z;sK??Rv~c
z)ak6my`mERbd1FoZ5hw3Ps|CXj@pMy4Z~s2LN|VPA`$MP_2;*!42|K7LCbjmmBq2@
zxPAKKPG&<(=lv;F#{g|X5Xkzb%pV>A@^M%#4g6`;k5^mYs{U@QzsV+$^#fV`fvo=I
z;QHOwKlk3E{#RIk39J7stDnm1cQWdW%FsU6{)o!ZB<r(veJe?lH@oFO-108BTq%~g
z%3zPE#8t}wV+aGkw@CD-mx+E)sVHX`s!RT~5$86zl>(ba8O0Cyd)5x~hu83k2L+OR
zEYRK25i?N8;f>&go&}6L;7=T-EQku^BBJ6&Gw(~n!+6P?Sp9x?Wv+EAW12*Xxf`QI
z-wy9tQ5g|c`2sf^Q^1@|^2lezepQ*{J@T30{V5pR<RLNMZt8P;S&LcW-gbez)u=zY
zHap7Lz|3!jfpvVvnf=|lTcQ9dB}wd8<^2|-&&fxm+b^>IxO4k=Ar4<xCXAZ~8M5r3
zr{7gcnOdCrq<iD3FlTw7lbXK=S^D`p>y2XW<|uc+Lzx5IN_YoR!4~^n%xn*t!WiNQ
zMfneP4Nxnq$oq$=c*;b@{&}=MEtI1+5@;zZ_BZ$|R=}S)6l}_)&SI7Bwvq3d){slZ
z+$~8KL(sV`5D*pnBm>q3up85hoyF?5-8K>^U1rKxUAQVQ6%ax`A%qO{_VN|aYfzc{
z89dx2D)yEJsIQn0Vn|7?aJLPdUGq);ZW}WdKSRP~J_aWd4~g<t=MJ^Q9viMr>Z@rj
z|Ae)T%w)GQ_yfIhqGJEBu@R!@i0&jeVW>CaA@!WQQPnU#ZOCj%uCicKw8ut5>eEUt
z2Sr7kCHl5ywh<L~6#Ef_z;%s9kBEvmoqd=m=FW>HnX|bY(5*3Z1D3)v?GT9AU$swk
zNTp)#HJjt5cXiL?TSACSSriNITL*X5A$KmN-j?c=T{hw_DWQ6(rXPqAUfISEt3n4(
z!6b;zZ^T97NG4qS9R<JKwhQ;~CKx?ezu1K&f0tPXa)~-&mqlymG5!4S-8Q1l1^HQB
zo7qXstrom}7>23J5HN4t4NA1xJPO5A?0=naNfb>|8-mt);5NaYhQ={4?@pZmlPIO?
zu$|zqz&$o42`v-o#2d^xU^2VDzBiTq$c9|m4{azAb=oda_9G2tAD)>OQrVw8Xd~*&
zP}=*nBv&~rQP2B!p&s@G>v>5@tm=!dqeZFTBl=TTGC+e7P^UUdJqdw%zgAz{fmCnj
zEDwC7m$Go-9Y}*;8t4o?m4VILVIzUxLfbnAdnVi0G=L?VWc#n|$J3IMH62`1-1Ax-
zOB{L2@P5X;DBli;??1qjLt_yS6AOCSxy`r3v3#Q>UlOZ!h#OB2a2AUVeioJCF`^@F
zqhz}v_A8w;R8)q?ic0&9fgXRWd}~peusPOhMVQ=JxgF^;0qkKW0Mx-d4DZJKJ1f&_
zr;P-*xRpqlE`z~hMsp)8%5B@KInlJ48-<$<w(Y<I4b@9!HeB9wmIr*s{toQx)H!m|
zL_c!j@ZHAGL43v#^JgCx{a#h{r(aMD%WRnL!M`9@4V%gI;@WB(A!>;i9S%{+J}fF;
zRaDY1sGqaa%Gya_?$gXxVo5IhZ8?K6a0ir_ZYeQ6xI_mmG0Re7R&a@%+o433r9@V6
ziTzk2$5J9ExI___SZXP;G`PfT+l|vAbQzoz$=wn=9#;|;m7%%3jo*`)4$t0$T2U>f
z%R-)i*q{@|JlrtLLJ0HiBbLsaZ__LtHsAKPbkckqYw6gnj#7m3_Y5>8C2?7VKqUF=
zNwB9Bd^#e#%osvR{(5?d664E^A(Z5=XN4%yugn-iN&Y%3M2XgA#t=&K*Eu0dT>Zls
zLP`F5X^0X#|1i#R{8c_;5nRX`QL%q&H;#1Z_MoIp!?PT?y>`>)@QsRMuNTBha(1c3
zY%Jja3;F+I{(qI#tb~O#|I}Efake~xr-CJckkk?%n^xFj;xI^$5@8el*`=c2TOj(=
z3svWDu=@AKJt0^BI`YdjE{w$7Nw6*){`|Ym#E1u!)QR*3ek<kQg07zY3%?ccZ$bA>
zp2u&{+td<YKA$~Oa^je9fjIIMi1?iN|HS<Xd{f01IF8SxO<UHRDoS0@ipAFoDwRcQ
zsWi~QTuiaD2v4o>L=bn-1W>ltG?eigtO`$_ilCz6jv|X-)0C|Rw}J==JS`w_V+1N-
zY3VZm&zzZileFb+-|zqX^YfAB-aE^gb7sytGjo<Z;9;(KxEUU%S%lBp{oi5{=rvB@
z;W3NAkE)fzViEmx{tlyDD&F`&q2}nQ)VqHJ=(wd{o9Ot`%ra=0LVOj=*?;MjaLZqO
z%LVmPcmQQUn!jUc{VfLh;<w>JwnUEm+bHBjA@#4{Mk2M_;26kl!$-Ct+<#xuKg`?;
zIC2ylkA54kgb0^T`kS8pC_=&Szzk&%-10sdV@$&x*6=js=sdFnqu_Hf2<aDpjnT%L
z9TBpB6^BKTp&nL*^dG)9%|2wtU~^7n75B3s{i_{9L0K6KCq}m(giTkcvl#h5?ugKa
z_MG#7Jg}J&-<$yPxt9~)nDzSamkZO6d9g59Z@L_;dDw9~kZMjK5<|Cq6E!8H(wJT$
zzAcyE)<^mOe~lxlRY|}vW6UbO{|*cpM53nRcFdJgcN1gj0cU1EzWr1d1^Dn^ZemQv
zeqO}i7IhMNl+LBg+vA9-(ov^hgQBt@a=Cbc=ZU%j#5+)NTQhg`*XGPseKV3(ZLEzi
z``m{BO*dk5PD~BgN&Xt<gm?oVXNEt<h>!e@exfo=%c5M^P?i=LMce87c5r|l0hM|S
zEMaz(exQXr*s2}EszLGYjuCO?-{8}zLO%4|5zz~Yk=7B$4&|vGku<b!xw$RWjo2ad
z+?!3*NfKc&ll(;@at6alDOv}qoo=x7u^^|`qeCAfP;l7odQ=Qd&2B$nq;K9X#PF0D
znS<+?;cvZWI~K)<#E88*m(nRB5Jf;@6Us>F?O!Ehgf_P8j8L#M2l1;O{5h9DH;Z#*
z{pAY4#S)_RdnsMmO7Yiu+f7?3rRZjhkuhWmT&Q>h%EF)O!EEZ-U%+fC;Ri6As)SRv
zL;8eMjPbQo3SxIoW$?p##`Nne#W9HFUEZ7q33<dqsI9~olrluiT9<A?`tRGsdTtgs
z+Yj%9^_*3Mk-ujrgf=Ad_59BPu%6e;^&HTz>?+ptkAkdYZfc9HGb)8W%S|R(TdveG
zl~F4-YK3Q1My>Fufpx2l;tZ?g3a`{hZ^J0~$$7>$#&+T)>WmQz-LdgwV04@{g*t59
z0S_H;G;;{0Z0reD5=E&I@Nf}s(ZQLmt@+do6}T1jv&6fo(LPuKCI|6*0mb`IVwrGu
z-Yv~+BQrdpJ&lY7pKoN${?+Atf|YebD74%O@!qZ9G-6?^mXbnz{VoSp{E~fD&|vIN
zuvMFW5+nP1dFXffR*d{a_>I4?2a4T)5~B?<oT~9gzeKbC01YFO>8Nri!e)d-+N$}t
zVRQNDuWU7@o)8n88yO2-q<^zT>{z<DSTR<<LJl@F=FjSg5bTeMW<B44<%Vw2_ZaE#
zZNVtCE$Y10uy-31Y40|aXq^W2HtgLxbp#){1;A0YL_!z9ETapiia#^Op91km$kk18
zhGE>*07Ab3*F_t~Ee#!#=Y!Udd5QnT9&VgUo1MOSN%m6k?)FVu5PjYTzB9-4KYa+%
z&H7uL#i`d2?*Z3+TK)pg@?X6lA-iWQ_8xHW@-*O8xC>I&20Ya`2kT^FoxWexaZPVw
zM(BSu5upvEFp&6C;2fRi{f?2I)~}g`a#U@o%}LLJYpZK0P_070?F1Mw>ARrxoxfw`
zFXF9?;j`k8zReNm!>hM&{W$cTe+Msc4__Ov_-F9nqxo+w(%xF`XPSw&4Dg@X?XmM1
zxw5#Fa%x!<&SROf#<)p#ci>&*@p+@g<Wj#7X#q@V4DlXtC#N3>-CztL4~`#u!6~{~
zNH!zle{V6Y$czmP@nu~jhWL00BmY%bAhcmSA7bae%`Eg*oA+4;<g4p3a`%M647173
zQ^6G9A0dhtZ|2hW4MP;0S6jZUt*|sZ{rMY4{u#VuuAu3Q`!w@C_ui5=>?vziu9xmo
zyvwlIrl=+`*KuGnRR~?g1TacbqA<5pwK4-BrN|0epi%8q9haBwp}Dy><a&Z={ccZd
z^P2y?NW-h54<rN-t2$&;u13VO8Rup+Dn;`VLb<d_&AiVxCnHyz{d1DI=Re^(D4fcF
zbkbA$oJ|;ozIJL^t~x<;aU;6~Ar#aM(<o3bMs32#sbvi`%Z2^lH(_vAA1B(qlegPr
zle{3iGc?SpWnCK4x+^c29u?KMhsyMZavXt)qvtRZLFb)XR@J$1Edj)L<#5y1!T=HS
z!<2LVOth<bA7hLKAwoR;fzZABiZXFpzA(2L6y>N}0;g|MrPKFV6`Um<bJE|^x9fi^
z1C#kGj$}|*G`n#^?%qo@>xo)}DbD#CSo?3^!D;2FGPvjqj%AGLy#rw*rn@*>z4c0j
zHtgfevAzE=pKCt|ZZQ6Pn1j=FjPxtgn;Bdcayr=fIAY-Vbh}biBFyZjnSEa?`hHyW
zz1J`LKG4iq+xAAp^ZS$*{11HhBkm6*|8rao0V3Y=3;s9Md%*QK4f1PoioY_^WP#te
z#RB*G!z^%0Bnv#w5pYxtntlg^o_!o6{kq;4WPzDFu)upn=@G{<@-yDbalTAX-W16K
zSCvT?=;(&fh7*DXp5}#*NfwyhivP`&{O`|5{`cnv_+Od9|7QLx{+IOc_+MEY{BOy(
zg8v=E$e(i^LK|RX(D|kd^FIms>a$V&FDZimMeH^f`+@(>Y|Z}$ijMz0ijjXQ?|2UH
zc=3(@9siTSTz58#|0T8He=}S1KUwY6nKt-e%KsDoS8DLTGyjhNl?wiMrZxX7ZG-=n
zM)SWj7v_Io;Rs9|JsrvaPPgKJUtN&@ef2N---iE||84j;{O=Ew|7`;vbjc3E|29PO
zzl|;U--N#)w4vAn{4at3eijabvi9r{{O<_of4%-K|1<l(R`mUk?SlV(c_IEM&qMk8
z$nyqVs^+P~kha^M?DVa!lY7GQ`yls|jnH32xlFqj=c%)}+Y!y0^9M$uc%oTv|3he+
z#`?(+u&+6ckw3)8w2+T4iTJXv7GGZDU*b~{+VCP@S(!bXSqpzO!(Ksx*WUxD@)q|+
zM6>R$!C@0Pt_(}~QaM}x&Ho&4_a6eI)A{dL1V+oZL*G{)#z^0OJ?~LA&}uzLcC8eB
z3G=~3$tU^IC{c=5z@g?1eA@{|fOgMq7S~NtU@1ktVnnD%&3cIdpSe2{Ei0i0BfSI6
ztOzVm=S?Wymyt{w3NFQ=h`={LeTiF!;@S3PTaE}DUbi6RKak3?vEdE=`$Q^W<NHd$
zM&coi^o?o2*~&M(#S2`W1|IFim-V42bD|m}{S_z^6fWf(dvmh2Uyo%TTXB8@GgsR<
zfPXu=PFf4jHckvSX7l%ZjQ7t*I?_C|UcS{VG7^<XY{d<y2S-4qLz8pq+|*n;xi`_Q
zRVO*h5>z^L0P&Pt2<1Psom!81-NTu5%tMttF#{^gG14Djk5PqV_XBC*D7?ZVVvudM
z$Ro*GVI8$aAGuz5Dijr4B6;5U^>8jQr3V<W?@TgsT~4Z0yh-A2VRR1}yljPWX0P=d
zklbcYsJ}|r1S3uSy%y8lblV9o0Ja*DrvkoNvHC~@drV-DBZdn%t4ecHl89z~=qhoR
zL4Q(d&NoT9boMvNe81W)GIi_0B(UHB<mP<SJKAVWDT)&(P_G3r((UU2Ssx2zy)Th<
zMU1qfGS8!Wtdr+ar!7(b3+d}3jl!<wrRXpEtY3r`kKO-1M6vrKO?W}Lllj-CwHSpi
zwfo<MZ|&jR4b{JMM)oV;CIW-&H120C%=}L4jo0z1nM;oc_ct=O;T=ASZ%#u94CE^u
zRqsMXw%r58ycPlH(+_|_sFOBSII7+g1%^fz2yQe#uMnT}%+JAPaO%vA38N2Q6XxnW
zq0`9u75r4VxfFE`J5roqBi){@3okX@TrR%Wf}FHpmuuzx`BjQ?j+@}RCdTw0UkEgK
z1MbU+W_>bbu>Fo@80lAwubkn}=BnW4FW{zLri)o20GlNM`v5|b9S>eCVABDLtag{S
z>5%ay4ySzOz$o4{A$NBEW&q%-FibTjuEuBsC#-*3n&{)R2F7w}qpFQa5`pCcAiL&Z
zNT6+lSq!O*g<RhlPMiJ57hHrl=hEYR`j7fT8u(!FD`{|~|61YL{d#zEI<+~K#4{&=
zTuHJ~#wFF9fWGnz+%m}6;xAfza}|CeY*Oxbr2iVqG;JX7UmcF$aFsw~#F7Yg)_tGj
zu-ONPB0TADY@?gYzraWvQ>D3g2N$1bOdlbudtVZVo6mM>lMKbEB^lllp$div4KkeA
zYLMaJXB>6MLqqkiJ~u+1h)Rz&FcusHiMwP_zSo7d@U><$rC(vBSAB+2@Fu>$(dJZ!
zDH=Rn&zSyTi$;@pqtp1tsU*VQ#;NtV^hyg?5(iz`iZ8pKAik`=yr=!2V`TRi_T%iu
z-3OMHnICt@=Yn$MInC?`49?;0XG9hK_H#Iyyk-;dg**0RaNGxb*~8t1VqqG}h=%o-
zJ~Qa)eqZz(D%H2I5*xeKM6+I|8<<$V5hH!uDvUy}wP8=>)Oz&40><~?6>X1iG_QaD
zGd{jA+Z^9-pGA!CZ~Kk$m73!_@fnP7ayg9eiJ!#yzz*GVf$@F5Dsp^Zit%waWQ;H4
zxG}yTHejS5`?SsRNqs0)rF&I+me4s>#FxL`>3b~T^tmfRH$Lg4r}alZ#VGtV>r;&M
z*|IYi<e&7`y3$}7zVIp7yxm8%F_px-%XKmFSTMLLisNQ?V(8-ZT@f!_u>^LV?f`Ej
zmT+lG2dK1fib}ic-9N=B{QxLEsZrjSjw(_CV^J$&Q^eo+wr<;AT-EwSe2#cmDNdKY
z%(V<Y{6l|$&w`g)->;{Fi&8vR>34*l%hle4EBnkIy^e9T<W>?oX1(h#xxRHJT%u_&
zh(E=PI0yE9%KxPAB6LhuFc%x~0s^WusL=Yo(Y1AC$tJ_2al^zI`3gy|A@?Ve6E#|d
zZ$He*OzVuJd>8dDIIOr*l0d#Ju?XKE5m-WooRlnThC$O>Cw;8SNq^HP?PLss1sI%d
z^rsjyGtdxZU<_-gnV(8+puo@uM2G;H6E>EEQj`kY-Ge04dhf3sv{6{P_o`Z1#3k~n
zPdFO`luBgTD*$zHNUu3lYzAT}AT~V!*&QeG2^2^xC)$|x89T|upNNvXpD(lPM0AHG
zs;_S>@oY;bbiZElNtCC}>`$<?aZR$v<Rd%HNA|C{OtNQQ<xU}5w^6@hd3zZNspAva
zwZa=MzbdSm_xhxj?78d{zKW|`%v;_$`xqN|I(UTRWuLUcDfn0tRs?O>A_9PZ2-XS3
z=6$22b~|3R=wo2(-4=mRw|)yrl^m7A+HIw<b~~XI^%ZANAFjnnzw=|xsP5`7^t=&R
zMt*fyrth+|A33|q{8-Y~Fsb_FN5Qf-Oo>6r?!UV~LherdL%)wP+90kjk8p+R6>(&t
zcjJAu2KlbT9OUy&j0K4}Q*+Xjdd>IJlL8VozsJA6$`v8~L(sU)`R_$djM@Eh{Sit(
zz=d}&yFZ~nLZJ?Jf7kw~l>}b$5f%kS3%;!3Ujci?yMevxE3a&3;@)_0Gh@Mi&5UiB
z1OvRWzi@{B+Qf`L<ioIf5acBVDmWU0teG+W@ejn|UnhYI_#S$WXx7gT8GQKmH5lpl
zeSlHuK=?e)4vq*U<D61-5U3uuULC=4w&4&)?ztqh6K}`uE|`^!6#5)S$X+m)|9lY^
z-6)$QovE33*%a^Jv5XVqsbj8-!Q#(T&s^<DM!DjB8Y84Vl}u~Ob&IDu-mZ;Err(#J
zvUrZiXVfX)yD>u9wcC;v?`q(r_mChMuWFa{;iE|3Nz$u`c1iz3!YVj@4{7(EvZ&md
zewyzl+ig;ck}yI=+eOw`!CQowc6=bG_8&<2t!G+msxfk<k<4zV_>W|g*=-O1(Uni2
z_8(wmH=K#KAcR6myobzgo2xOhD~sfp59ECN_ydfBOW}riR&V0jOtNdYWfR5m3s{im
zYST$bQGL^UtDbG7wmjRZIBGq07FTCa9d=)&tnFY|*7gr|R@QZ}E9?4)tXc=V)<5G9
z_XtTG&w1<`Oq5Tnq;azA12}T=1~??4R1QIp58#@bPHtu_WaF&!V)<q~M4sh>CI^nN
zTAQyaSEJVcN=ngU!2B>9@dPZyQx`iUJ^cXjb$W-to)}w5a3!mb@?2Vv5Go*P`$)N-
z>>hCLK<Ezr=9OaFPTWi~_PGXyx~CuLIX)@WUmKqkN{@DXDr{hk&6|D&(X7XQHm2;%
zFEP?Td=Dd#l=ApgU-&IpHoJb4zEHREZ^G{LAo#z$k5OpX1B|i7jImvevDX=6Z?>=p
zCK>14@o*8$#rd!V&w8*!QYar`Z7~>&D@98H3w-+uCZFEG)1zwV!#CG(qP;K<E=9My
zdJ^qU8}aU%`yd4B%W%~vx!xw83QRK2yK8s{We5@=pL0FWm5@{E0g~CT^q&|hivszZ
z-$w|=x^8l6ciD2iyXJQ1P0Zewq!isN;-F(SW0U)LNBVZBW?k@4j6zqX2l6-P2PeOa
zQEtX&rKm4sO!buG^gwRLPS*<~w0plxQnew*pq@Trm-hCqpVW*7r6?8-SzZy~?{ZxO
znen~b=Wa|7I5Y0ul%y0LZWcY0jB@wyp|=UG<0yZLXa#&A&WwHTQ$at3U-{4MW3Q0R
zTzj{LeQe1)5%#gys%_ZBE_nyc6f1Gq(zFssS(^5G4@&HdD6ucPM0-)9I-*2%bP4@k
zD4|D`(4$Li6D4XQO4LM`SRqOzMA*b8MBBtZ`|gEpVjq4-7~}jX<?-luq)qIW=E&P3
zW4*Srk2Me!Z6CW2w`Ct&joY%1)p1+)u{F3Y``Cp4)jqZoqOSCtdH^FQU0sP=Tb<^=
zW0KQJSMO`1MCLmtIh}NMbsHrvd&eZFldjg=C~<CuNlqtSUDHO1A6J;<bkfxcZP>@I
zUhyB;#}@ux35HsK!hMmoct4JcdIqtWl{80zlIAE;(j3c`G{-8Z)`Raeo%9_M?s8Ir
zlTKRTq?1aVbkY(howVFZC#`hSNvoW6(t0PI6d>AkVP<<COb>@L;;Cz|6h9LO(IhPU
zh3P{_lY2YqA<$#r83!F4ang4tz^`}m;LkB9eJ5L}Nvt|on>2-YqH4Jl2+duuYGcL`
zI%busIr0egj)O}N$4XVpCxqrNS2agAp<Zzp;#dL^iKsVEJeH`MyEmck1*+yqCDfZO
zUKgm^oMb{v;ry4D_J%)e2Ed=i1pfF^8DqKHoFpeLg_H=s$CLPOpmeY>f2Fa85uqQ}
zf}oM|HrMarjlE(%GS;KkZ(+L@(FF2i+l(ggNUV$|;M7V}Ap-v6v5~gHpS*>QmW90L
zdb>X%thf8#f_p%C<Lfu5r?j;@t#=_D5HZ%wto!zH{j>{*JTvRB@DMK^2ExO6uE{*{
zrZD-v5mH-oeeV>wFzQL7t!&ZOMf)&vrRdkzanUH^JKVlp9syk&3jolc^;l77fT;8H
zUZ`{GT)0kGqfSGNQ3r`Sd7{n-yv`hwne{&Z;Ubw?CH%)Ddc|@9=Swjy;H(}7^(Tn>
z5AWq8dtDIZl6VW!C;Tbw`Rp+Wx%wH^LNmC;%o?&68|J4mjIm$`5g{`(>w4pZ`|qJQ
ziPmpdoW<xx?<`v!!dq<5TZ9;CJ&4wCbwsh_XGO78UJT#`U;eydFmI}`q^?#vPJsUD
z9uE2_L7@-eVW@cU!9xZ{NDnOIXdqfCpTWw45;)&>b&w4T%kTNSjkYth?uM#YiFU@o
zL!x*X01vUe(MOgE+>Qvhwp+F)r~kh2^tUaC>Ax?$`Sn+azn)&kzrM@g=m(cdCHWI9
z?~eU?xMbxrn8f^z{<%@I#4K48F8PKi32(r5kwL)Z`E?j>8njN{AF&blO%aBVg<C44
z^C$pO$NUIHmDuA%=aMkEqgfKY-;d^OsOKLT=q$}0l;XLt<Ls0Tna$QDbAnBb{mkHc
z$NvS_BXsc;4sSJ~dkOtP|K)WfHsLRE;qZP--{6WZaBdMtOC&{b@(p)@1wZ0Q`u=r{
z{Fe<tXoD{Xq2K{w3!1juP;Q@k4<r3MUdYZ1mGDAq`HXv9VAtR_-j^B})AL`)Ejf$g
zeXoJB;L--h{Od9h+VCOY^iB6~<G(-RzaRFW;Y}~)zwh(A`0qvh_elRY{P(N;_fY@6
zy!;CO`&NG;|NS2SeWU+1Ugj14ySx8O{`(*N_oaRtFS9HLu0L<!zuy!a+y_4e8I!yf
zqtFaOPZPR_cxyq$wy*EN8LBcOKz!DR-h*<F@IT6kN}^f2{2-BH-Ma;>G+%oU^U{@s
z_DvzaetA&ilFskJmGc9yVdOu43-o#B6KLzBEf{T}5F5TzIKE)FAHwsjXbIocU$PXV
z2mwOqUcLEMc}t&z<^5^DtQbjYt(4CN{nOWh+Pw{GzX_XO@oc2-&^h5lJygw+Y!nrr
zT6Fh<(cP7zyWstBN6}Ke&KXDOoc}ZNYD&-22<h2M=KdRStN$V5C~Mwiu@z~8fIP*$
zfaIN&SW};n$YRw_t;eFBpt_`rl_d^aF0|s_5ni8C*La76669jbsrAVHADamtIS025
zopy%lruFM;iKgmLufo@CK~>jiqJ`1o*~<I>w(7s^UpAfVJuz=s@V;{}hy_*u+aP3H
zMC;dCPDlMOV(z$-33V*sFcRu*(QU`z@!H6`w<1|L^p9}e5?ME|W!(>>>c(MN_tS{F
zOJv;%E$coJRrh+M-=}2VD+zTh7j-vB)w?CCUU#EjW<;MWWuN0(_Sx`fWZj<`7IoQ@
zaNSk1E@@e}EUNBX##lE;)Lk#@rnao>iK^Rdz+BAh%Gch2>k9Ccb_94Ux!x1<i?Y!1
zC%7~GrH->YYsOoggDr*yr}_9Q(|vv}?Pkt&YGNH~BF?@slN|-dwACC7%qid~F)8X;
zViG8SIV4*%aOYTMqQbFWj?Ae|3Isnp%Xz~XTX5KU#{6I1f>7{{^L%%Y>gpKVd7iNw
z8yNetfw9jT7<;RMv6mYd(;66?-N2Zufw4y$7<-_Bv6v>to@ruiZ4+asn;5&EZ(f@j
zd#jnTpPLy=Im_5(XBlgMmNCm&#?G8!?AJ4l9X!L>w`UmJdWNymGmNb{6MbHDL3{TZ
z*tB=Q@>{TX2jw5^-9Znc3#!E*UHqvLe-c{QyWb?-;mA3BA$#}IZ~m3N`(2}m=l7}7
zvWNJ_EMR#F-hitQ@y$viKKBBB@?S8r({1{uMdIeFhr?Uz8bmbfq;E`fqp7f$^l!{T
zXv2(H5V2eM@0r4%%qc`?X(>kfgK^C)lw(-+fcfUF(tLBaAIvwe5~W`##mIk<xAIIZ
zLi$Z{k>;C!EC%z<BLDZiz|*|TS6baaP0@-Qh3%G7v;*-UOz}DajeJL+AnuWFYsN@_
zGsu|TUl1!CU^2nN!Xkpw%QFM5UngF0W>Bcx4l6?Lk>QVe6Gr+y(8{y2m0T-tg=^#P
zv~a<7yx`5Um3~%)l*IvMZ6L=t5Q#*%aP~qnt#My-&6$gL&BHfoo;sYP<kSTR3xBmc
zfW2l-`4h`9sxQI;#SMdEEaLhC!uvt&HO-MgGOY`DVCkJnw0>_kg6oI={yMlufQySV
zi>M$ks}?R2Mk&X>l2@-~R}MwU?k|Z&NCXTDJ}Z>N-5{c}{(05_rC5Nn#Ueo&+X9pr
z0Oei*N@oemRS}?+M1v9|LAl2SWiWv9Qmk<oeCTDk3vOHiQ)l!>(*~w4rkSM&LirUQ
zW1}mMr=7kv!b1664sF&4-wLPTNlsd;Pfro^eb<X}6Io|L$l<LOSBVv#M&s~IvrgP@
zu7F6>WqVm)2SUL|flKv>`x7Ho8=aEmq{s9tUY3f9^;1Yn0Ol=4ki_l=FBa(X4sB*k
zAN3+e_Of;+$^n$ifCpyHg1Qkq{$rrv-4qj<JIUJ2SZJP8>)|~c0l=#-835cE2H;`=
zKo<jmJPyFF5)QykCZeIyC2(_=b^dgl0Bo^D0-y-viES0e*5RQQMwpgyB^U*r&0KGD
zi!0YDO`ycVjjOPCF{y8Ti8pY`$$Bhvkm+Yun_<M1qHU1suPHbHF1or7MQ9_(SLklD
z?N=_`_WLhF+s}pDekHQ)XJp$CLfcuqZH|hT>GmeR2(xc4$iz;2*27g9-5;C_#z5U-
z0n=Gq|G;e-uMEVINV`MCLw#|ZfwaDF8-^>_z7Rblf*nNj?*K8fCb!-E85G(4EYbYU
zX7fM3Wi-EKVKlviA3+4VZyfxE#$UV!mBWl%Df&p>OVJ9wY&|gVXWj%H>{^GB|5pd!
zMRMl-BofS9@lKU7?t1eXFcEsVl`ob-GOk}z2?mTm+#sG4<nz%6Ui7cLXcwq8p8ssu
z$e8};!f?_Q8{b-f#i#Et5pTWxt(Ea=dto@w^Wl8MH>m3)iv4h&vEXpN;d(3LE#Z~>
zHbumDXdz!98Mz@|f`T*bYyz6>IAyTJkg$a<Z^D8lcCbXV#F{OfCAvkx&<^JWOYHD@
zm?gfCqgZ0iLctQrI>RvLT~4{OS4@`p-9ng@mgPVY`&yWkIrO}Kw7H41#9Trf!dy@<
z>lbE$PhBlo;P=l<7WfU4ED)0R0t*zUO4bQm+GK%Ftw-mY2)1+WLWAwBJ880=kAU;v
z@NuKSiT8I-w|kz)$nJmH91Qf|SMWX0$u`-}TTv_ML&0|L*lbMk)5{FDb4bG|s5kSq
zya_sZmCu8{k$h-w^96au93SwC$Nw~W#Ur0a@QS0ti6A(l8T9Qa1~J$Nw3z;eu>bx7
zBmbL25!%297<@!nBm4}5%UX7#&1L*b)H1FRR)&vkGRD|>nX!zUo{Pp`u&yb3)w(9h
z729bItk^?K#rX#ZYCi|+b-rQ)jZJdJ?rah(cJA{S1-CSb*)r{Uu`K__SBpyvua+B{
z7z_T5FE#(S0K;n>1{W`u8&NEd7rU#ujrfxh_Ydn6V2X9xWZpcqrO*u*`p^^S0e$0s
zH&)zB5UnF?{CThlSBh4)H_jQs?|fc4UvM9^g9Z2M8K9~D>L=j^_j5ZLEEa543N*3a
z_N|udt@MFme0cAf>+L=b8`<H!mFF0f$)>#P&jFejy$)#p@^iipPx5t`-_QgxrJn8#
z1Mt_w0A2|h19(sj;FEee05y65{s13<LkwW&X)%DGJ`NAy>8JseJtqdx)f~WcFo5?#
zog2a!gV<9dBnlq~(^IHCFMTQj!VK&aN4k#%-~@t?%k>b+%$gLy$TfjvW;ywfvATzf
zbKdJZz&Y<-Dm|!bOZSECoX(bE<oX-Qw07VX9wl1#6zFCLj3rxm0+qIdo7ePOh~^Rc
zD;%AkFEh@|KLFe=KgaifrPTtk-TbTf7K~8v?{L*I%Z8L97qmJgiD*e7MZTK=@9s%5
zV>|B>z3K1&!kC?I6W0h;#ghFcbchTs?WUZBYf7N+$Z=iC$8|HwwD#dYZZpSqL*%%U
z+aVFXQABm3n?tD_D2wuJoC)Z-1Ocf<dG-%j1NVeuba$1IvY#U$z0QF2srHeOe!T!7
zT?8}G%K?@+bJ8PWv@P}XiS$4WJS>5SvEpGCJPeOPNdKf*5Oq9szjVPl*uWI25C(dw
zIGT^aVE4pffk4;`6J(%n1D?zU7^#KLg?t0*gY`*2UMbL69Y*7ir5L$7kxc9FrJSCb
z?L^x$shKyx;rFenf<X;QBGkL&9Al6&k}h2(#>m$n@s#qS$dyXyFDl*57DG*XSfu1~
zJA<>@MTSG1TmoED>olemBa(4@g5te}3+arlim$jGLc@KrCxqVb;~kP1?9>Jb5wR5$
z?=Dwo;<3O$_v#}#4m9sdIM7=!?t7c{=U2&-*fhgSp%ei1GFKe&#531bM6<H5Fj6yy
zCAhA2((^=H%9mO2C4f(Fm=8V{2W1iWKY=sNm#efhSUPTkCEpn`ocy3~pAT|Dwj&03
zdosx=pWB`6tS1?jb1xT`rne^%+NE5$AP%vGQXrlr$J<^)_vl@`7?^F*Zn#uFFY<j6
z&HCj=j;p~5iq{2q7lV^k8b>s127s88lHh9Zq}8D(pu9@=I_Yu!d#?oeNy7@#bqUc%
zNyv82yEf<%_5x0NT%}ud>wM1Jsw0Zbodm$|n41r(2LK<tlXx~^LPyyI-e4wZoss}R
zlAw4e0)Ql0r6Uql&o*0&X`&Q0ahX)r6h6PnrDp*J+X&sJCl&z;WXnp?FF@4uPFe%G
za65gvL3HGLEm)7_w8@Ky6L&schWldm;MYy^3h3sI;)=*zNZxggB59r>IyeVD5WF!S
zA$#eg1fdF;_v`uQgEl&~HN05xaX5_sk!anvp8$`;%THn%v~QI#W2{w*yzSr&=2ss^
z`g28Cwp1z(DZFLvj4+GoyX<U_N-OkfMN;4_ZYP4l{Q40Co4;^PAyOXY1?jO|`n$dK
z6M|6iXCzE(>29aiufG84g%cRH^rY!3K)REIbk1Xdv{{05dpjc*v0)1Si$~g4c9+a=
z<VQk?g)0gMv)>~ly)%MPXr#ULSrc^|0CmSgx7tg8Fkc4b%O3X9h33nR@}<pQ`iuFp
zTwtDfN;&zFlL7@?*W_q0eTW9{<yGP+52yk`E9B>_m1Tmp;%FW6RTzqKdyfbJu36tW
zVk*XO|G{T`)`~v_A-s-rjOl|5C6B)c<V4o=BW)_fliNwpDX|9^R|<pI8;au5MF5)6
zhj$iW6ja)Qsm1t6s9et)P$h(+>L#GN%7AJrhw7sO3016ss`_x7P$^MR-728^Xq^Go
z9g$FFa;UiOXD@vNRFn_63b~?|E9NtVmaf9XgHlV6O~GM3XKx{B>6Jk&{nqrYZ%1h9
zWzxOpvRcOMrQ?SowDCQ8S|Hp0<ic&w5^X;aZu_Cgwx5!1&xN+VyzTd6QA>Zs{)HFT
z6YcbuU=^Iwcl#a?nN@PA&F#Rgagq2;gDTd0*Bba_FF_w-M-ZBek-hXzQ(X=IRrK(f
z=;6k;dpK#0>|ufE;rtq-hozA{Q0QTXsZR#aofXMonI1b&GW*F`Cg6vtm$~z>5mHL=
zK2r;Mi1jNu;UBAIOoSQVJ~x~SKvuhSUPLN@6SZP5a&#U>!D_(y4gld34#FnLQd9~r
zKIShzgTVp!wwK163wyOl>g-7WHF$L+xKev{$Tqc2$I`4O%(xP*z_^wyz(~Jsp0Ilx
zV3oP?O{c%!^CY`ctb$#={hpz7cO~H0#~D@%|B^NjqtNB{($xUxM|>uBw3jx()92xI
z)5b&zu0A8i{Ks5yVhWCw&xho5%vnCV@Tf!OyqBYMKw}3E#cA;l1Z)$}T6O}_7F2^P
z$X2+4rj>;HfT?-6D@D&iSwLIRTgyKS6hia%(z0O)g)TN<egZGQ83v}{Cgc&^QSlx*
z&sgxM^Ni_JXT!#v(>RT2oz|?zM!?*QeiZ8EXucJ_Ocs+e9h5oZTUr(7w@2o1ih(NW
z(7aV3=u4BK<2B2n&VDETL%+9&IILNQ5z6(slZbCk@;QOO!p;!G;^$e0znO^CZG$vA
zSoo!CAgl@fndRAdGw;hXPA%*1)e%WeoV1?hCGiqVFhX{1&29i_X|jM`|1%Zj8=*hz
z?M1f_8r{ys2tjTdjF289--?TSx>?mqBMe(k&4!q8VA%50GqU6Yvt)!}%T`gc21iAk
z<eDq6+-jngt`}-3(R?7)lAz{Ad@e7T&4~i93Ejs@bqSb|DV$7?M11sa=L#?e1^9dY
z&e_6WFe2jIZBW=c=yNkBmEwIIP+La|w{U(R8Jmhc!&wSZ`9$6hr;&AhX5S4jcED+5
z9Vgu>c@jAWi@gS|(EF|6C7*<n-|&)iYxs*Ic=0WNF#+20!He(si#y=OGI&wNU))v)
zMhCWV2i9;0yWi%e*FouBymU9{U^~3{fxlqDWcI;}-TcK#L3`na*6W#Y4*S<@S%h8{
z>SHKAdi*nC--&kTScIw*x<T*%v?O>FsHs8)`+%!p_i&-y)%aWwpHJFL8~C?D{M+_t
zFw!?Y9fsidlZ*xZ^<0)mynW>qV~}FnUOEYe@iiaDUtnAxz>A&y#ihWPY7PFU-}!VH
zYD)tze6h*#f;TrXrq7xwVY>*oVsBBUD^K$3gW$zF{-TCM13&Ghc0Qhe2q#bPr-o3v
z+JljP^GtcjM>Olh=BHTxsVo2VdoyqMUQ+<@1`UO}TdkSIytQnO6rnv&GN#X-8OGPU
zC-^q)UsjKhkH4Q_OwWp_p2~?31e*funomr%=vj>P`)6Pj{2?;Fu<)<ka|rb7@rQAn
z{*`A7G16b1iILrZdQ@BfmCwzL@UO&g8pp`BqYP!*Hxmvm>nR*uDa#}LN8i$$+Vrm+
zIU~})lJ^@b)#>!Gf8|dfn|5RzzWLKH>_1vt4dW|5)b{wg@cJ8O@bO(gx~=hjFe74o
z*DN>2cjIVdd>_w%@eLB=yJ=a3|LCUUZIAEC>5=2({f0{Q_ub*~)qiA+@8trF^mpAC
z^dHTW&XJxnu<dpAB0j7CS>F6PLiZ55N&j-XnO*cc|KiaIZJ1_7DEJ=mcwR^^b(!w<
zMe{)#32S<--#>oAt(+roiaaJSx*5xSs+m^TM_hVMsuE5^s+KR3c&+2iLvza{UU88}
z;T#V_ggNP9{edNn8A-f4<<dWMy}!CIfsi;H%|oYi)r7xv&4MPlP>4;D-t1R}y6^_C
znJzsIO&|B;dZ+1-buz+Xu)*EhW&F4sBO^dkgu~z|zK!`>0LJ0*wmg#m)D6_1Ukudm
zz7!+>XB@{*S~>lXHnH>rp+fy1uJD=lcg=8+J6hDJc^xDF+h&ats1eL#jQQvCw@(OF
z@j6j@)9V=Nj~;DeBE&+P=?^|CPd^Hq+6w)E>jF7Y8s|eBb9s+-@d#~*=X3O`qfIQd
zx6Si&xSg^Q-<;jV=iWzrV-D&iypxG@cIyv5CA8{X@Nk;5PrvIaGfTalOq_F2cgPaA
zsdS4-40cAoxrNYikPX~PC!`Y37F$H3`C$nNh3>Tb)db-Nm}vLkE`P?^{kaK|=aPL~
zt)jFfyIPaBqYFrMg&6+4*Te$t$RWDsSH3_Y>PqW;0cO4zm7XP<_1pKOJr^9Sj98XV
z?Q!9J@FN%~G{q?1#yIH+?4<5hB0D0@U(Xp(Dxr=*E}!(j=ugH=S5r8BT{%svZ)xDQ
z@K^x+RprZ~su&r%C2Pw;PT+0&OHX2ye!v@07L_Xt0x<|J_}Uu~zr;pzs#F8HIw<x+
z|1erRVzg#`d>@wKSw|!hiiwux1lNmNJ@#;u(DS#(i1f>*4z}S*j*4!5_TiQu19I25
zBGQDQ=skdF4nj)NQW5ExDMjyq&UReC$^hwOYz%PoUNJ!Hlk!tpO8_#S#8KCt_3vS%
z6#Znx@om<V7K<fIPm12|#z;h)xgSSHoB3lJY{7N)RVFfJZG2{o!8d-K2GgcX5lox0
z|G<d;yaB@Lgbp<^=`s5-?AlHN?SlDM5yI%TX_({PyFgeuI1hkn)sOpH^HMc79C1P^
za>km`X;S%syzRi9d~y;%-UtW_<!X=H<at6=Ld5H)8BtiB^t_(*G9Q0M#43oJ24`9-
z{U;pCZIyU%O>$=5aQIz}+|z=mMC2U(z*Hls^F7UCOTB%nz|*uR<P;s%%-F{J#~>8^
zNfvo`s?0q623L%}a*u)3aR{N{Lo%`xpO4PW8{F@5T6vHuH=OTc<Qh%1P94BK%*d6x
z66ES7U(Eos=f@t$$p85mV1|Xy0!g;Kg3*R{oFI2sH!)R<Pd`9B0jAP;5sf-D5cJ8D
zdc$*a!<rD44)g32eEP<Nharu3(gw5k-(~pfT~A;Xq{gBy{tHaQy~JmICkCP66FaUX
zxSSp0CD%SCn6B3Ew!K)!c4oTkiHIcrzslH4p3O|92ZJRTA^&Y-5CT;pc((;1y4f30
zXg1g-#6pbR>@l46oe1tQ^Q!5$y#$nnqq9sv^{asDc*wAO0>T8p##>y05b`_6$lTMx
zddO^Og=X&*&4#Ay=<%>%`l~SN$O6Bw0s5&&AtT5YM6=$y!ca$g6q@l*9>o#Yf-4_~
z#d5p=D0BVaG4hW#yUw;4bHV=A17jlB-!xHem8f=RF=x%ka_D(|!Ou+$F7p>PG8T-r
zMCcQjH^M!8Tlz%z$HV%>dA&=CsZS{0KO4lZnLWnU`Uc*F<jx%YbB`E)4iEkqCf^z$
zs*L}C7|H16TUe-<$;eIC9@X4R(VXgOvba--)~|a+qZ1yB2#H<@JLoNpFPw$PMWFA;
zz6HzJZOb6g_bQmfL4C%{!ql%j*u=S45iNgxa7{g98!zFjuoCi<KWfB`QM_L?Fy?=L
zjFj@km*t!%%pn(H6#SG=jn%x~Cyk74j30y0dhiNrzY+7_!YHHDthdB^q_HW)*KhlD
zSdTXXT%A@=2Umrf=@{A9$B2N^+aJa#WY5(eO|kKL^p*@q-HX@OMC}@3y5JVIKaZ@f
zJ&e)D%f$*`HW!K=ei@i9h_2}exn@K(tK+S3H0q0lf)kmbOTXz+j5c-{gHUMg<dO#(
z8N0lhu?fwLjRl9@>^A(pUHOoo(l<o-dUq$jPO~oP=}pcZ2=##6ly^SNSyRtpNo3-_
z&_x%{W~uLgLD)oJC3pVMMC7mB&)302k6;w4GBQ<GOfFf-7<->Fwv{oqnlW(dD3Skx
zJ+9AMIR~Ts&C(xMgkPzM<5aA$Si!G5%HP||1XY!sy8Phvk6;w7?+{u;ytU#&S#i|B
zU1EOl@<(7Jksqvo7^BH8+T#U&e3-+~hCQ(SeiSg&mcPA`FKmxW&#APLXoHAmA!&8Q
z*O5yY1Cl>@L-G2Hd}bvOdQN}hVN<*9uWJ3(o_$k@Z(tw2&%?mX)t<2_1n*O6ysE{)
zgD-Z7O5;>|WeOl5WQo|2O>P~pJCD#GRQe~Oxm83<S2deJTgD!xXcwG<Yym&k7*(4C
z!THkaN!n?Wu~T{B@37CgZE}f|kD@Ohg@N)KuBF22uY3rj(4{T%?a_1kl7~#~`B9?v
zQG51ReFJaN^Z9Gdfz+OHPF$x_2jX4#j8lEF!w8MZrME?aqH0}IME<@05~_tyFvj$u
z&`fL!<hkpKRqQ|}GFohTqUi$`&K6Fbv^q!nuOzFPu|e~ONx$nhNHst|Hbq8yS2cz7
z>_Bk2N)=V>%zyhj5|wr)G)BaG$)VNZ1g7+y{<5g*-Woc3L3^G&m3|A|L*jC65XrpF
z{Q#$RrUSX}x!?rKn_^6$8+j)J)3Z2E)SmH#qc%1LW{h}<6G)FIzSv<L>na_jYL~*M
zQq3HL+`Uz;ZwkrS<LW}vPU|Ng<mip#*jKedp%_A|NLrQAP&{wD)z&ioKq%BIK05Kr
zyKzDrz)w-X_d$%xP&Vg(4|2FYs|?j~rg4zy34mnsa1lVPyey%f^$4Ld6hKJ7P1IXp
z)C1=M>RBQxEf<vn@K6Gk_%^hisFZ+Zr3O(tS=3F!Pzi1&JT|_$fNY$*CqtzHMx||{
z5`iP+KsKSCY+km&f{?yalpSZ3eN~j50xgS>{GJJB%g>0?Q>EX-R6;!k;Z|XL!=Lq$
zqFjkANB96mi*nGsB;qAgMah-2<W(GHVpO8!DlEld@K%gaMGO`SnEvY|j6!kZnfQPj
zPTy*dT)rnvM5H3yCagO)3XC&Xg8u0w%s)GQ8#zMlN@AQ^G1MrQAma;I^#zl-P+ZON
zr;H8QmBe8-yOJ1Bw2cF>(bNNGQ{!4UHO_1*OEfjrY${%@7-kfkYPNQ%*;+~K)=JFQ
zPCbCzXa;asxOt`7TBRtaB*u`6Ay6tRB!Yf+6h@KpusMI>6MhxU<YwYq29sMWTZN3C
z-49@t>wDM4ui3Jy`NR0VLv)<$^Gp23rl=J;DK;r@RL#$4teWZP^Vf9|@eRvU>3sf9
z=QA?&v#Jde{aGKtNcFwZk_4*e50l`~M58y3?`W996xcWsAa8>Ls^$+<V3BA{^}SKj
z3UpQThiUN0#Fof4<*};ySHdaWe3-%+6|P>yM`~2M5T3P}HAEX%Cz?r_C{8oK1{=PK
z7=_AJ-y18<Zem+?<FA(6x1IN6GkxY}ee6h1%z}vg$6n_88=(zayeH7;sY{%374dZ%
z6RAZJZB~Nl<&FDgFGI4G#38+v#39K_;t(6})rdK46n*M`uI<gT5ifIBgm&l(^oxFB
zjBWZK{{KS$|BL)<%tzi?FXEXu4!N%<-dfl7#AodbJZacCLg!5&bjB1yXUrt{G@)as
z=5N;5-ieW(I1(fM;GGz?C9k-w`i^MhrxI=0Op>wBbqyC;X`4yL4@4QV9}Zu)5xQT0
z?{65Xc>K(eCH;U(uM%2Ac;OiET_fPTn!|TB@mW(^z?Z*S|BM6Gkps2&&M5lW?-~W+
z^J+k%-!Vm+4p!)$c;7URXtSp14HIOF;zi}OQih9;(C01{{deL0cOi7fI6}ux$lt7g
z!#n*8@ANdsM2S&8(NhLNzuleax+>5}^>kk9-jNr=7qEkNQvR(1`8UCoe-k*z9x?#L
zMZ6*Wh7dxB<QZabNOqZ}03m(2C_4_yehniXGKJ6~Q;C&-Cv?aJAy}@NfDOS1WtT-r
zMIl_coGdGdLrDK~e53$&%`il+6u?$q$dJ6y_!d#23K`yd)KeX9cpoxk(d(j|j>592
z4n@eK8f3_#BPdc9jT;{+i-rtv`korsQVPu)C-_XS@g}E7tvS8PZ>{4&ZmdFW$&FPe
z!~OX_qqQp0+EC6W<A}Dg%4}-GeQgO17-ZpQ-E8XR`~J1i7@rq8S)%oIDL<we@?-n}
zqRks1y3f3i^WVwiT8fRi5+PUIXK-<ekQR*B9LMQ=VB~F}B!d42Kr!_5`2g}|ic04P
zAl?TO@?~I(Xl+G42$(9fwVV{2=v?zxnMj$N--_8stQS@D>(K3dm?jbY9-gE4ec${D
ze*c$z$?tV@bX{8Yq-y>pra1WXUW{NN^7&SEZ=?XI9RXXy2>(w`i*sPQ*UW`Llcz3D
zDgF{BXQy8y1%ax~mE3*ty<Bsi%elMarF@E0K_&U!4d3sxshRgBxf6-^fct^a!^E>0
zUbyZcTBazMdoM@{s8y{Gx)-C+PqGzvztDhigDK$-T~_^4@sz}ibq*!+o;b4La^d_v
z#{3<c$N$OZ|McenB%2dntr$81LFf*?%kMG*BL`#bJI0vC82dY8tcQH=(K7y;m$`Zq
z&paD)-^lstjbV9XBXnL8p)-;R9h*w%9lc2f*jnUo)(_`mq-Tx5NKY8iBL6n$?|Xo`
zk4=SS_SyiFcAmt{N_J+PeyWQ;<Q_2TOeNawy$QwXflwDGJ+1c=uX{Uj@AcRi$p!ZF
z*9dr9${!Qn{LT7K4qz`1;JMtE`T_lciy!TdWK;Gmy_?G$lCcj2juic2`EjY}&y+Vd
zLdPcMZ`K=mCu4ah-A6>qn+~3NGm*PJoiQ_iv;H9e{!-NUj_Cn!t+F^kht1C4tiKyI
zf1y9$&}L6v0-S^?gSXM*0)h39Mzoe!y!=JpT8OowsM~09ktn-r1UB1KjQ)xjh>x3r
zXy*3>y6$=LVgHC$=P{n&lf^AlHK}maAh}>iDT(n);;=j=aagvJIIOplI4qefsia~U
zOvH+Kh&Pw&s8$k(4IrAMhR|U|KIh5j33Nt+p<{5OJ>S;&+U`H^-}Z0$5BiVne9(vs
z^LHbEngFE4O!&tcO`ZiI2i*dv0ec~E=bQz^yGvONvCkKmJ2QTBB_vlWMZGLW+RD_j
z1kRFg7$<L)9<?BpLnnP>*E-V#yEY=0l2}4Fhhq85+>BF%=C5+~7BaeSY?KjIIVmg`
z(m8j%NYPNG(k;O+k<2Dgl^#&W28cFhfs$xZ5(nogiG#D1#KFCl#KFl*;$R!87%UKG
zi4h1ZQ4$9aAX@HnLWdLioF|_r5G{8Vp~Dm4{Duy<5jr?Yb9_SwC&Q6M@GWtdua6uX
z8R!#lCfKoFz;=*m`2p3JlVVfpl_|N@m6D)(Dr_p<lACc#DY^q<pWFh5tG@#W9-jb*
z?Y~N0qx)ESvc65vmA;BA<i&jaSnvqqpKg|)sH}DDE@5Y>%>(v3L;vwEc|v`_^%y6~
z6ldn7^@?{QoQLKIob(9M=2Vfi22$7nM@@evzP?uw?*T&H>&??Nm;fCaWBSu~$@?fp
zgi){J!wg*tx8siVT9sCW+QBdWO{M>o`FY(}hq}Y@QGOs4)UR}6qz~i&9KIbR{W1Ql
zaSTSe8OL4SRc&@kjjG+7A_eM^F&L?yEj4@yKNI>(Xm>7O%5b(fMkM8dtB8$bu$*>q
z(ecq3X<jfc>Z~oyABneCSqRAjaI-iP4_zz26Hf(JX+6m}rxe!%X1`Z6{!lze5kfi2
z+N&K!2cABVL-%>AtFyS$;qGAf9J%^SIM5&Bpg-9?hiV*jzuj}VE{E>-9F9*9q;Izu
zp69DtSyZk#s>%;p?4Bcvy|BI-l%br;9L2HUyIrI-veO+Sd>y-{2h@x|X3VsE&Rdjc
zXEMgV#A1J~tnH%EA3R3_g$*2D_m~`dp!`Uj=kOpq{lVVu0P&P#HDiZ+FR$uuZ}&9J
zQ;Kh4jM+WsW89tWg$*noA*DD)yoz;qu@^QVgpuM&WQ>KZLNeuVP7j3Y4gUGR^2gZ!
zfj<tvz<z~zeoqoWRFMitwaJ_QjzlbBzM5WuRnoxcz|W)1HPo(|F$iMo8qdG@M~O4j
zkwO(y5{Klq+#8dMAz}nERxyGqC2<I67}bQ{PULf*e4aq)kOUE+Aje4EB($~~6(jwM
zr~$RkXD-IH+)P}}$Mlhi^{N!D#GLVNg=6xwT<xa0RXH^G8%H|hf_k!(9@o!~gzI8H
z(yN<<3GUtUy8nlfVOt{z80S6Ux|Oq$z(|vggc^ArzGPiC{%P4r(_HG3^aH`uaMSrK
z*9NzxAK=9t-V;xE0Lyx4eXBb0PcTMsFVUAZivCNHNaSm0TLoeqO3o>DVv~N=NXau_
zF`dwf=B{#Tk1cW1-}DY6F&exrwx`qu<1VNV8oHppA}&r)XgPn+C)p~M4kgBmJo#cm
zE}fhpGw;|`dS6m5eLPund}F6WQ#FUpPKWl=97%RMw0Gzl&Zu&|zq;Te|8I9f0Ay29
zz4J~isT`G+buz(7f05wU^i6GHz5?{U6ia#fBe-rdnp@>a=Tq4AB=4mAohEg18w5so
z!R(r}8*<9zg{ith1U`2S<!tb`JZaIqO}_-{L2N<&+dOg7pW;Zb1>*)U64Rq752Mg5
z-mD}2*Ie%j_Xd!peA{K`OO*e^F+YrBepoV`(5Z59+biPZ1?E@T#q!P#sPqnEyvUO;
zCgjow6I43Pra7wYbXbz+*lnl7uC)8bdZ}p<HC~@R?Ej*El<;5bM>h@oxBAilLeG(R
znDm@e-<qB`+;IVVUVev3Pe*;2o=qbzK+i8m{2$S?-Ty!6*>ULqMS8aXFX>t4_)qoS
z0#e~9G3ogV=(|$cRcT`m*d>_y?j|+kdsjkomGB-SG<SI!ibF`x&J~g+ozTr(8R;!_
z;Iv%H^hDORNvjCWuZ+}#Ly74Jf<8<5V|pNmKK2!%j+M^LIm?xze&$umKb@utNzr;}
zPB)IO9D!W=d&tgb$oEd@k!!F@(OPV%rvdQuI|!O-E@T~XnwqKTXeV5&3f1&=9HE*n
zlE)IoPE)LYUMr^ZAQ^7^QKvb}Uy+|uWUbo)>TOarRf@Xuq4bCH<<M7WL*Q9?jm${_
z#d{a1skv27dc>I)k}9h50-UCpYHH-A?+L|=pw2mc-R&3!8$j%zNDn}M7P^z~BI4jA
zh-mIrN@5%rBwV6!(ZXc~mor2P7D6v2bVLH7ciD)RyOPimNlyBBG68w9o(}D;IliJp
z`zoo90x5S&2pviQn?Pj0<lhPMeV*7cd@hyuF1K?vHTbr<aS=XDp|0jrsH6B9iWPU_
zb1L;;hC>FIm0Xj)G<2DM#So12clked{?DWQpN+%00)4c#0{zzT)(W)LnTv-DZx7Iz
zpBc^}gY5v+dw6)88gx#p`%@;4pu&qx)oxR@p*E6H;TlAIWVuR5*tBuWi8gbkQ=7R;
zG~Z!3MxKTkS7%Ry#nsN!fEDjXB%JQbxMmSjF$%2_Wq(nPqapJYRh}ZbtokMuj;xZ^
z%==Q^BTOm%q57X6Cq<lpf_;EE?@D!bGtay7)yVU%J5+Jrbzd^qiCzr7qN{^3(p`hY
z_ieo3_1@aK-HE2q8sh7cP09~jiLY;BdVplkuo0g#aXC?jmUAsTf3rSiaP;{SoM#YC
zNe_^WJ8VR8l;>~OpBjv#>^UU=nn^V4^0_U-d_zFK3WynN^0aesaJz@Iu_ACQ;{1(s
zwiU!%OMKlv8;=oD9DJ7OZxVAUe{)(Y&q~o{a-q*5lAk3A&n2l4p3@&DVTJG<D1-}7
z3r4VqOBl9Q1ZY(pTgk*a{UW28FNFs(p%qSA>(ty!ob<Gg2u4G;<@7_yP>d@aE5*6C
zh=ofXTa;87sgmgUf=~!(UI1PPs^(0wk&JSs=y~84_6aJ@NwJX%EDpo|n&6}l*_?D*
zlIB=J?a7*>lG<|=n`5P7%U!P|s(qD2dx}`g_Hkk@+X-*l239WRx;5vax(`42;DZoM
zw}HdJOX{*Y5nfU+ncIPx5laZprqk-AX~)>M%_kCv8RiqGh6;glBaBFxJh)O4NZL-Y
z^x&gR+e3U^rmA#wN`gvbQ-YnDFuhwj6m*B+c)oLgFdHNNCH~L6q0thtb^d6gS@UMM
z5jLJwI10?kR16d7N4_J0$@5Nrc=9|j)SNso)R>c}kDNT&LnYO_i_AYcG$bx?VvG-1
zM60cEd;uV)ilFt0j`boOrK6Hi2wY#HYC{uLZ3L&ZYmx|yn@xOoPEa}1uD}-1iv9+)
zCe)tfqz@(2zosfS#}|-KkJ<-_#7OpRCDGoCXpZHQ+$DnCLv3o$xJY6@scN@{sW-YU
z>fNl5atNCB<DjY9rK&dFB-n^Bz3xg-X<Trq6j*VhlKX4UnNQ>h``@EEFs(K{6E?x?
zDyCFq)F%D6+c47K%fW5yH=LdY&-}OawB8%0=b{{wo@FOn(Q|4}YkC%dePqu6IX(4)
z2zti+e?w2tkpF?6{f9)*v)d3s&r5~?Jx|a4*Yq5og^|8@a9i{gGMDpVZ>_RW+{-pP
zwVQ}G%trqpzK$v>KV)^{AZLEX#}PuFZH!F(j`*%rN%;}0-7~uzvMAnzaL}~JyGvPE
z0eq@e-BloFo!ydDEvH*D$*6R7AwCkTQfIg19NJs#>O<32ZFV;sNvr2u<idJD<Nd@J
z+m3j*N0~Qf>jMW1G!7Z=>)4Zc%9DwfNVI7+B<(c8n+Q!L+MRX$!Pg~^&^zl0wb$fo
zy;7k6kcT7nkX<0P)J!iFMw)vdM*4F8PbU9o+rX&%vS|F>Bk`95lfDWJBCiG%^4>>+
ztj7CE#wMls8Z1$`$LZ@kQY}Ab9qbv{Cr0sJ$#;C-fU+<abNp>;S@8ry$h%!x_!~lq
z?r8aSH$rHHZ(twQQ;|Ge%juIeTpQgdnPhBoB@y4?1eM0;PzxO%YcIvdHQjJ+b{`uU
z2A+`fb$SkU?B-fxn?mH9Y(t2AkPT?la;tJQ$8Oi4;l6==h^Hb+)w&XGMx7vlO1l!R
ztBL=vgbu4ywb+yqzJa|3l%snmgD}bA3o{z|>oYOZkMMswbL2nGfAt;M!v09$-!pF<
zQi|>ZSDbSyZPs4l%)-0N)kW17ii_Qam7Gl!ePLY0=Vti1;8#3}@d(*HaC3_k?{-ly
zL)GB&SJj{%Nh>Fwddr-Q(8GfMTra7M6DQ^0#X$qW_S_Y1R-F62vd&g`o;4%n8Z_B6
zpxHH)c<N(jU#YB1DE#BpMue2Ld6vS{WqdQ+ZiiCzrB&o?Kq9(csGl$%m=tHehNIyQ
z@*zgpBv|B?wd$F_j~9^^R;spk3GBe$T`p3kJ$1b^<JeO@)U>lsdRRYw8`pN{LrFTH
zmsIhVTndFl7dtbKxjU=W5AUgexj4A9m!j(snyfr=iDepJ6Hjz&FaGwpXc|W8+fD4w
zi$$om9J{-kcv%a0$*57hCGv{lQ>#Fv*9te{5yf~1Z%!2*yf6Ot_-rahp>Zwt-{pE-
zY(Uli4g>T(iB-Cm|6E`xI5enWdx5IW7hm$QN}<q#1l2Piay+#Ltmq`)f2VD;i~D@v
z9nGG4%TrF`X~xQY9dc2oZ}%{ZvS^dCxLjG=F+o{-rLFu(Lc5;|kDx|`3LDTqgj~bH
zLsnULrmz_u<dbU;Mkp8;gHTEOF0P&;55tQ0Ys|?%AiIdooC@d7f43myIX(|;=4pLU
zm`OIrDDxLW-=b$iw~@3x%G&8M%G%i$3q4<cIHBEX&+*1Wb`WOr0SiLqhuRk&LX8S4
zJj`Mc!aEDg`GgYgDg^W9J%_3b>*31ba^h*WD9<KA?^grtcHvSmh8L?5R~q7e!PS+X
z_Z+UXujehvYY6XOVg%F5*rPnV3mZk<R?l%IbP;c&&T~Azu)aoU>y64<g6VgjV}Ziv
z0;vB5hxmA$=g^>b^`7$<mqS@Q)k4pCjt2^vDDj#FA^JTpb8Ha(gO`eNU9GI08beQe
z4hIU)i&8(q$a$G|-_bwpo;r)WJq*WFKW|1qyQeP3-D!gu3yVi+Mt8fXE>`hs7U{@S
zSkE^&%KT?6$hiOJuWU#up1^VTUEwiQHxCsyb1ExEPR`BiJI#o*D{p`M<PDRR$IB-x
zQv+zS(!6Q1a%%Hr<%w@5E0Zggyg#ywYTX?R>%9QxF;3oH1XmfW7XN*p08*KMdlO@{
zQoyIozp9Bb0o086a=l}0b*Ou}eo<^qTN9pEmg^l;26ZgB(8oCbF<8|Y=`LAf*XHwa
zeum-brIE29f?OvCUvnJ|ei;2?ckr|57n@ZLxQ<<TFc4p-L1QoqE*EBvQC}{(e+)*U
zUael&jK(N*NvqdykLDXdt_lsc+3AR+;Jx8CIoAvKcoIsEkR|U*3JTX|z$^KZiT~!2
zj2*yEm1i%(k?@`}Yu{xH)(G<)fkJ{+x{&|e2Fw-shTzCQ81jUE7kWsnmir?ZH}M2w
zqM33`aPoP^TH$KQs7T1?CWU6TD)RIwj6$Pf5vnmQzGX*MpPm#N*sA)BQEef&)3K2e
zH7kZDF_Dm{g)IKPZyWb#cM0EO+CVBCI*PFS)m8_DpmBF0ny|3T1fx2o$j3VerNXnZ
zK#1IxQYdvN+RK6k?|JG{l6G4E>i}%ptjQ*69Z9PpF^1Ki__Hw}?Bpg8?dA0#bT<)S
zu1@GSHfo$V;Np93onTSg8*txR;VCc#>x}}K&~-!ubH0igiI--$u(~~g&>^;pA%GS~
zdaXE$wp}n^n$!jT0M{Ad=IcOkvbJqyB`V4qL3x;M_Y6Yr>2^<9Z}5HZ=%h?9gshFO
zd{rw>5^?MDRQdw{so1i!p-mf7Y{aJ6@{$$XxZX<QJ-wC0QOQc;?a)O<ac?uwOK~bj
z2zxRuZkxTLxY58uj5##ZXz%(y80lmB;FkFTk_m0F`%x@Hq07S<;Cr?tX*m!B7R$oJ
zAQSuzT-8Jqegc{X?g1H<t~rEm3MHELJ)2TV#!lBQo?DUYG|`?+BAKiCoO;qmv?py&
zTuU-nb7}I_kDg~@kvp#fvY>@3jQjPBN_Uq~+T?J1fmFWX>*^T*?d2tq%$NDt-ABPO
zzrxd71}+v(G^2?&IGIpKwPG7=Q_>t&6)~Vw`K*uJDQs5d^=vlL9Mxd2>a#v7J|!qN
zFbd^lB^sD|5;~+eETUvFQ(DEdodTOIMl|cKkC?k?;wgi(DEB3PVIRu$E+X?+(fK}H
z$1JOZ6;qTFi%_obJzhB1x2^{Md<t=!e9J&j^9)RhY~?$V7_8`vKK$El$UT*4F$Duo
zxu+D&#2elB7tFMjx$hOu$Q5zmAp;qy*Cv1tQndZ){#;O3gAgrj=F82M!r#;gG1?3&
z!9|`!b?Li=eCG;E`C$veRfNVUS4)VlGU;Q2)<=SNSsy+-VwANB1@+0U-gXaMOdwbL
zg8Fu@Yl5#MgbM20DPGQm?VhsHA}8ldhW=+bQe#!?m_j_|Or;%Dl(jbKr)byHgXmt*
z@oGq$R>%PU8~B?V$dFdZ0RAgHhwIX7g))<^EZRoOk6Fz5glh<mA>Qrc1|c|*MaL^H
zsJ~Y6@|`o?5$f>yweZM^MR$hc`F;h)b!cvC(e|hN7Stbh-%&6V7r0erEwL0FYA&c>
z>COrsjj%^8sNdx7SuhiO-93USTn#Du0N%D&ir$1DokV6=^L+gO-T2cPV<!1r@+9`|
zbRb`_i?qitsBbr~XF>fYSHFV#!;1HW1tC6S#e2kp&~tf~g2T<99WFS((sfO6rv;&s
zg8KHZOAG2dxe|lr7KA?A#K*39*I2}4#xpMWTV$75c6q!vbopEY@9QSs*8|YkUS#z3
zEkfuy1Hmq5uoRj49PclaV-ciJ!A#uV-Ak>A<Dbshl_wl%va;Jc_5sYF<~d+FG;>uW
z^fVA<dW*6R*377~kxM71)zZ1S)zV3By>wdm7s5g^R)yldypb_`Me%6K#DeV`8T)J#
zph}s)vzf8rv1Z1UvAdMC#d(mOb8)sfy`LaY@9h=Ed01w)(~5x~WrBL^?y35g!L#p`
z3Gk;3SU3Gyf44%Qe$q{1v5wtEd?Zz+F91{5d?KG0Nmf!JyU%3h2_NtLj53edltdH(
zu)U(VP6{6-ZA^i@B~`Uz!95)-?24^eFjdDQ^R?H;TeB-qz^BQ|Jh+;3XyBTl`j#bw
zwpW}i24mxcNmYF>*u*Fj;LkdcOLV{fkQ~gC8(}b9t`gdTR3LHXJT*Z{breiip2#gx
z60<w<F<hzG9Iq>h*{PG2C!psu%Dn6WMDy9ixQS2+^KJwv#sM%d81in|29TMGjF&6r
zQ@WH-Q<K!pbs+CL5pAlC;5}-l8$GqpGcy(`-mx(VRlr;bZ41wVJjlBSs8J^ZG1ZKK
z;>!RfVa>gqu)bFS7rtU~rvizVOoRw^f_k}bql`V^q#~sU^_9S%#S5Al3r!=wnRzNL
z<Ly+Sb_gMn(uvOO+k(nU>SA$il9$4f)kR6nj-9ML;V6(;no~mPOrmPV;7sV7*{ISo
z_&G7V(M}Ec=gd(OmpWm_F3lF{-fV=cri#shl*Bmk>?je>X^sM-Sx6>UyrV^mE0IcS
z4Ih(Uyj4(mZ7)vY#Uhl4#i@yL3KS6yhO3M{5WEOdP!CLrnQ@6fRx+DKCqxs^^peb`
zXuDFB36#C9puUIVy;vj>R=n*kAeaPgijpA=2rMhl%zen!-ZS$cQoKVr7PI%s^*7o`
zpee=z3F^f7AWxR+foYCa573zZ<;;pNS781Bm!xwz51>s@6W}lw*JR~X;EXa4Qf`&m
z5JLL2awwc_<PsctBg`U^ysw;i%58-DNVuwy{fhToFNA{s>?Jf1*Tw4pkGwa5lcKs7
z#;dw#XSqEriUf7gF%D78v<uD%;<QY|?a+-w48|ByUW{lG^Hl7XK^-ZqE}<w&Cjk=j
zjL%8PLZV5=L`M{m9#m$=br_8raRFTDdhG(D!z|GE|GVehs;-`eMe*hPf1f{_>8`r#
zx#ygF?%8e&%u0x*9QEZ4_?qM_@R9hNTuSC31Q!=-&@QSY*7>TEWCDyP(2_4?w#R1h
zGtG<&fuZ1_LJb&VNT0z)w})rQk~I#p?b8yfN9u{MipzaUrjZ3sBSA&95Udx~#k&HV
zOM&ByU{ls>!z9U^JrxcDKk!PD(zAgqJ@q)gVja{xZ_)W2=STg5%Ac}b%c*Q_BLg9Y
zfL?ILe6kp>Ipk>nkRXHLuU&YOg+52g1b?^%@q6V2Hxq1;gbTPr$|CioY)%6wW>U<F
zx~9~KH0qR7e+iH~a6q{9u)Bw`fV#N`)^OPrAhP?fglmo;>(7TG<{t;-L#ajLh~r{8
zCa@fOge+%3-s~_QdLX3V%fA{9-_a6enR$>m)SvZCvssT<fZXQ-xdg@XLX&e!i5Bd~
zfx`NyVSQ(kB@oDGmGPCy<Gkhs<_1+qufvayie*#XM3%jp^Dqv$FUPChfZK$C8;E0P
z18#Khz<}$^v-<(g=G@c!bM6;5Bg77T9pnnwkPO*o+4{58fQfTR7BI$u!kS0e6qfI%
zu*`nxDdKY9MbSc~`vRhUR>*}z*_?fn(leDT{nHSv%}?%CN}*Im$=X-RT`v}L_TE7>
zeFzs5JqppjH$sw@S9wd*Q`V9AUkfG4nlS=INR4P0j*z63iPEQkge~bRJ?lt3$|>Z;
z5vVf5A;n1OntN;TPT|Uz$f|^Mu)(A<#xKh-lOKdW8%RS&g!9+_NC<+4x(N1~MSQP0
zVT2^n32EA#&Y_!Mcpm?w<Zo#zzt$3X9duTKH>tj8hil~nNor`g@_{ZFH=-?2LVPU|
zU&X@K2&pUxA{k%+o@C{PqaCsRTOZ((zUu={qtwb%i1v-)cBUG{Y0Pj&Hoy)ei5*4U
z56LV40V>1qt<b&D%|)b;F`SyS<&b_HB+xJyu#kRkY1kMNAWi<Nc;}*T2lPDwb;l04
z%a7`tcz1y%U9ekD!gqTh#a-qd?3-iN54!wpNm`tWT4?ibk0?S7_!BbEt)%)nXnzSx
zRBiTz^x;(9k`C#kN&}=RrxM)k<B3J*>08uYJHV}fNe^^=Du1%)aoDJPpu=KyN0-0t
zLgCp@n|FGs{9;IdYz=y;;67Vj>f@_cg{ziR8a823!a5$!{2l(bWZ6R0$Gk8eAzm?+
zXn#D}eO5e{hkWa~li?bOA79~eSFuWA@%^2t3#gHMiTl-y`0B}#T&kT#ja<L`ZKHS#
zxUuAEj@ub^q;=<I&=vchtHzz8#)tuHym^r$jB^?x@t@}LZ(N|bCXY83=mK9KUm%$+
z1>A7a08)U}1nH&kmB3uv7Avb>UL^<28e}COpEwXJQ6D*xi|c>nLkOsMl=4BWE9}3|
zSC@8)jlQ}xi90<!()Of*<oVMH+Kx2GyQL+rJwj~xxK&Wy1k@A)z&U+(eq%LqTPT#g
z`Uxb>d&WD|MGYxrURjz98R60$p)>A9M)XTmKu*zV^X?pKo_hh6U!!VE4V}<Vo0B>8
z2^X8$LMOD+<{dfI9Hk`hJw=v;{?gqdHHYf7d1p>bP5~D!jX90_cM8tUoV!5q_)Y=e
zqrwHFNO5&R4k?4V^Y0bZSiJ|fzwZ>#kP6eU;n3Pa@hB59qNQDU-xUZ-`^b%6&Y?<h
z^A+2|B`3SiPg}`77o7}eNs7le_%r$5Dh|anL*_55P>iY&C*oD>5p<W9NK(MSMz9h!
zXXj9Tq%Mb+q#0w2$-Un!aTXw`KgNsN!gW{(+*PnO3%N?e<B2Vt-;j~fGd$myk@cv$
ziO-pl_~$30KJ-kn=zUiEW-;W3le1RaxEC?wev~NQ2%YguT%svI7pq-K<(F`^TVb^y
zcdd3apnzEI-;`ul`-}&~Lf<DAx_~b<To#OLJ+NGoz39|fjeF8}3aD$dsxGLom)+7&
zbREC6<KaHh+_&er7{uHX!HcZDUP&61dT$szAoZR-77CMiQQm+jyC3aiObGFr4W4i5
zI_#lhr)*DWw(Ugvf9Hr7(xELef<3Mg03o5DIw=mWpazVOb01O$!vpqnlqZT2O^9BB
z6SGegoWQO9<6vE;f5){h&zyveyNGWD7g8g)%>DL{;_VQKk;IDz^W6pR76pb5$oE&B
z>pqpg3FbbVwNI-=)(+qR-p*kpPI$D^IpGEE;~l&#xBe3+vE)+MC?qk8VFQlhtn($Q
zCEz~cfsTC;QBL3lh74}rg9l_li?0A5`W_(BldlRnP#8IoFT;UI8H`bIr=!J<&VL|o
zoc6VB+#u+|hwLw#5x9<>a0s-P>}5>p-a@o(c_5K%Bt9X{n6(AA@!ZsG*Q)$@+@Yk1
zF&DuJK<S<so2}G(CKBz=JpROMp9zx356B7{kH__Q_aup)AXnxFS(5BF#^nvzMk?2h
zmv49n<SC;+ad=7=+Wf!5N?IO9bm<(EjV{AEkRKWYhpw}T)|vx|a2C;?%*k56|2S?y
z*iSeP*01>z*ZNhB#r4Y@5L1SqDVYDZV$R<A*HsB?{P8YRRQ#-w5G3j%tIUxIG&3k-
z(8?Ba&&F=hi5y<U2<x3me<MO+&+!9^7$N;QU8YNVQN(zjm(d?M2C~IbF4Z_O$eG7y
zFI7Q?vit4vRXIZUVAHlv&mByAW9eNm;DJv+)Lbp$>Brxh96uj)26%cjxp>0|);h|O
zc9e?oM1zZ1#P3>JBJrmnDeI#Z;tt%;kC&y3l{?DWc%rS7kLcv(?}TI5!#~2i%QlRV
zBy094H;$ZNeB?OtVee7k$gscSET12JcpO<b`rm{jU4Owro<2GoNAiyqjy&FT2pq{?
zCu#s@By+CEGxDEC@G*f7D!Jp&jDeOQdH0_)iU=(cJ!5{0G@gsoCD6k*s)JyyTp*G7
zdY^L=vzmPviG{yrjQ|x=Y_wAAQDP@Ks-uJ5jHQUuy(LzJ+t`QQj2)43=x1L-IW(3Z
zdZVN8z^kDKJ&?2>PcnAQltngLl?k-s{GYbKjvxuU-41-T$MvWIA2o_c0*w)fXnEMb
z4wj?D)&{i<0hpI(Ssuz<mIthsz-llGUacOh;Ra<_Yfbm9ren1ocD3(ewLMwYlKrZE
z8>=<g)lR``jak*!xvCAK9qpq~%V^sC!bmk9j8v$J3hOLsbufksDc<ehizG=;ht#QH
zw(^nqk{n6Ww<$fRlK4N1B}w0(DnNe=Kg0cU;e~v!)H-6vgKxrA(qt<yV`p1G%8?}4
zN2QEzbPims+jA0$-(8Fz3q_y>jZewR2shF5mF_DR|4`|^AhwV+QQ4f`%=<bX_GNx@
zlO(AI+nYX=w{m7|gf#`eT|hLr9=6HW(k`4YM))ltrRzu&(o$@$l>;NVZSjdp_xDM>
z)5m|!jRma_ec0w?YZrXGoy7kIU+Q9I)=NGyDVM@`gU^`?r^$zWlBBWdB5DBsC>2FS
zdl40JJK(oO;&+Hk#uzB^0UOQLW$?%3g~BEvP1po%NzVQwu23P|lDG-*%Xk!SDbhCq
zc1=hp%Zg<Q?)0PvqS9o*AQHdr5S=w(XN}ky$Fbylf56Uu4R;4`YQSCq8BL9suueKe
zg9&V~9UJ5%l3XbooCysgQ3+Z)auCcCjpP+LkhCew*pxtkwBk_P1wfAX$quvxm`sf~
zmYQepQ6|l$lY#yhOc-!5$?3lriY~m2Rn(HH4)&|9Qi<KY=-1R>6h=88!D=EqmDEHo
zoecbK!6^fGwf%S4)v5WmUsJq|=qn&@L*2DQXn(KbKlTX4Z@Id&OGw;+_&Bs7q)8G6
zHfqk6slJ+jT_)oW`jr-NIThuU;>8L%rLH|D!=hk^RJ&xdbX_lFj?VwG7x6~hmA#Bv
zCH%bBGckIW(sLHkZti95;j>VHzp0lCVO)Tp-^*C)RADd<%9512{o#p9tvr!vGqKP_
zq6K;x<5K>jld2Rpb>Wn1($o^s60wt&+8iY|t!jB~Zk4h-t#7MR*gB$(;GORpDoJ#+
zP3mE?wuRjF;!q^@Vx=}m)3*^V*~6H%ekkXY)|)-T%PGTPm%ZR(u-YH_Atao8gzLH8
z+h;wI1OeFmYyZ_aHU+FXUK{_++545A<H^#WNw%HrrITECGL4b=%Wy}-aY}b#Y-lCO
zHpJXJR9FnCx&_QD$I@uP5zBhc%hzF7bQB!x+r4N^i=Jpb<F!4xHhB4%t2`h%X@BwB
zUSZ<_)iO);{&Vg<@ULFZyfI9e8pvOeayjDw%H4sUAjnTv19KYx8?5~!Z^k3BklY)W
z0b5A?R~{HH(JsQXgF>|PIHVj`KBArGFcz^CdopXaXTY^O`U2KZJsFm6Ji5-s*(aov
z$s%A@?U^aJ+EY&8l##)$2Bv;i15Wu?Pu7$#wx|4#ET$Yz+f%+cojv8V(|xAgo*8ia
zfHOM!0@iJ^@PU+N^nuhi9E1TC5$$8wA|p@dU#)d`O}ikLTsnC*htz`esfmy?AH`Sj
zIC<Iw2#BA`F0Q?7EL^H0+NhDKK9Ud6O?m@zN<Xtcx1Bcc5>A_1kr;677JGScu>9**
zsfemxPd`7zmnJ*Dh1h)BS~=isQ{`xe{yhx1-`n#C>rzggiWP6bibpiA-rN~|#|6^{
z8!jYti*wHVSdZJ-68M}kJaq>q=aCg>f6kai^Fb?%7nZ<Ynw)z-%E$J>n6|*ai!la(
z!O06;Mfw~tgq)B(-c_W}fkP0EwYkuJK7Z14<mYp^J^Dz`=Rf^##H%y&4u3u`$U9c&
z^X!B9H|_KKVCVD8#UPjFI_Go83+GtrafI2$dhA2TUn|ryqr&lm>#K&Jb($<$(d3a8
z{-07=vSuXRo?zFVemGCCYp_HCt~5tym#Y7UgZvcN5jzQ8KN{a+Y<Z1WxO8a0d5bY?
z!Y;-FO4k;m{q-%7P&A?~<1c)>vg$^&>t4%?Jovs{cY#wk%wPQcefK2tPCeWtVCFAm
ztQ&^})9Ji$$!^Ai{x<8Z6!5kR)Rv*r3~{|r48iiJ5jz&k!V}Wgvg*<RTGm^>CkQX7
z@PF!Cg32hDl7B+5!BNx%8wKde;^2DW=hkW)CiUPlY9I^HgZ0)<FX~dp;3o8-BuUFr
zDu~`|-H(3rC_LjybRlER(j=@jj?0Hc`_;#cEw9Q&CCs@=#;m0u3zNc~{7Y?)M&jf6
z^BX_L6%-Zcxhrn47_(;C6@yO2wfy-ccz$MVc!u$Ply<M^x#JJFqED9$j+VBf>ijiu
zVB*lRI&%(b^u6Q1aP=OP-9}$f!HI%;(XpfQKudM0Z3_Lr)BagHxc&22kWww^)^HXd
zi8m#>H2@qza(QqYV2q4uos40{=W~&+kWP-Y6Adnv=xe8VO5fj)>P8Prb*{w=u6Go9
zKzb#JIpsD5PH3ijq`oD%h7U$#(IGB#l)WGSdG%rU<E5()w;v~exOy<X^576}_$5Gm
zQU>CrESMn0RaIFqFPqy)iZ3rG#Wf|Q7~&DEaJvIyYSt;q&R;WT-J3<JUq39Ro<Cle
ztS7n|OD<xrz@{sN3*!ZH<^a~N^b{@ln*OY^>m6mwW~FEBg5gT{)zLzwdm_=MBGtn3
zs9U(CN*QAd%BZ=i3iS&$s9)fZlee$J=3kNA`h|OeXxhG*ilHWR{;wHOLGTq6=;Mo~
zb#TmIpUy0c0h3RLS26}kfc-34wGvG<6)Q0(QTa;7tbc*zia{=@mZy_3@+JNUDPxX3
zULMdS_yNG;yvI(E9V<ZcAX*0Q$5+2`y?Q~s`g)c-fqH_2DJ3pUDbHZa9VZ+@)Oa`7
z-Poi|W0I>eU#79z6J*I+DrFQ|s2z6u?^oH|IMFzoSWiffB|-*E1fHkk9_F${@NIK%
z776@$%;Cl|@=z12OuNO@fyS8aT$&IpL5#f6BT3dLvWv2$jfnaW=eR=#bCvGG*!72t
zgFC-p9NcOB;^0OO5C`YPzr{@J7IsKe<fA*pZK|)&Kr|`L5&oBF5pA#3-~ZD0xES0d
z{Z;h?;T>x4aj&W$2=7pPkK5JdZ*vkqqkCwp*y9d0ss=Hti^ZsJ@#6U+Yq!8e=6Jxs
z-J*PO84VS;dT<%4sP*6qFnW!_0CIG}v)=Q#(fYXK564YMA1_PRYX@8*hQ-1=@z0+B
zBbVE@JVTes-wEg*l>0~F(#LTkJ7p(uu_SuA(p?z6Gy@^yxWhq6Kkg93rpf()RQJ^b
zsot6657D_$tK~9j*I_)C6X^`(K+f~GC2#o_0&wF1Va)lq=c3f-2+|=9$kl%%Wjq0l
z)rqttePj?m=V%a~>aD`Bmg<pZRBxyHYV?+zQ!ls`?^1B(O}yXa$`y`LBe`@1<Ph*P
zYTOT|VShIsF#0m&8GRY@q^$6!>qZ?8NA4cQspz1Kik=g0d1ts)d>lba{`aUz={_}j
zM!bzIgGlH24?IFS77^OKc(u%Vy_6Z@&O1xuZHvxSx_8CS0T@kmMNE&kMxcTcES6fV
z*h=$}{I}9w6#bRbJuJHFE1wwA=D4Gw=Rb<re<64Q;BhoMmXH2K82$0?$mc6k1sLWW
zt;sCy)Z)Vl5#K2uocvQY4{u3%9^Qq@@#7pj%!`kJgnYIWE`2c{*g{b0zUhQZcVvZ2
zUu|uHg#b(qV_Xh3z{l8H)X5jqj-dXp!6T?gpWZ)$`X{hh*Y_!VYukL%+dOat^_L89
z1fk9P%|6EF*MIMM#v0!K_kFJYH}`+2&!^Af$Nl?Qwyi$T*wrs(+U0+5dx^0%FJ;O-
zE509iiLv_Dqwi;Cd-m_QUS_QDm18@X!+q3$;@{u=^Q(d7;XYgb$=GNAWQ@Mb*pJ#6
zYux_t`^5gu{U7S%X~U2E_pxkyWgBBRKA&lq|6Tq(W9y#JlzT&bANm4gCI4jX?N^Vk
zpYOkr{rjVK#!lFFZ0B;g&&m$``*6os1IxpGIyxB3d6}`xUuNuros3yK8T-Zi_;G*#
zvLD`d)_rZRd_Mg2rN>sl<!!mwo$93Yaa_Eg0=Y|dT)gM1wQow%?_wl-qyfX&gY{0@
zq0b7Ov_thG?NEbAJM?+Mq0$anH+h|K@)p&J-?R$^6}uYd>kS+CVd9`^vbftaZ2SXa
z4$SGYxVVxU|G?AbO0cGy7c;7>klwK=F96}2n?-!%B)wVPi6NGlR4`h~pI~66$Q(FA
z-O=S|7rNsq!{(@|VSVKq9Ee8@BxFwa*ds76PCI?(OpPZNRYFggpHOu5b?7Q9OW{a$
zM_16FxDZngu1bWOcX-04!Qag^&-GCKADAxbDQ{RuIH+5_VI2TK)h!394pW{+nsPi}
zI)>Bk%?Q}8d;#K<?Pv?UAB_|Te=QOiZ_MO0ekg4IqXe^Rm0(sabhV|X0l|KFDK$0!
zF$V07pC-+_P};u=^r(4g${TJ(R_FzQP-T$@QZ}bCTMwPc1lS8bbWK)XlM^`ZZV(~s
z<p&uHn`;4K%-BO=a|4XbR7KeOJdRuDgE%}@gsopMBK+sqqoUSuMXHPL-Gi$s#lcnO
zIH2IeiYR<c)KKkseySTHEL~UasPy^+y!hN-lL>R{F~vFtr00}EmVW+(69YUEq!2Rl
zLz9CN(XK{OcOC|$Uk~T|p0I8uCoKUvdPvB~C*R#}ozED<t6M=qf78j1f<88aE_r&5
zl%<?cUSUa6U;e>)$1+Hp+=;y7jFWBNvBRIReJF>k8-S2wr&%eugwwDcgAGKngeV|x
z$~7R>88rmbY{1Aq135sX-r)d2MI>Yc*WkI}8vI>q;uW{X>@KR$X%r!`4K`;Qc0~>(
z#^ao+0Xb8ok?J#Rs5$KW_^N>T1Xrr^0ZW3LDvrpzSY*XdiY)nE;#wSWl~qEpvg?ru
zAX`ys*xUfW&6V?z7A^-ONGH4Q#8Xem$fqVPqdMlEGa?DhQ50+-Wsyc<3ouj;YJPBA
z92;gYsx^zlCL!za61l0I#Z9wdsj4Dy3*O2$AXVU7j2Z^ow2Hs{@pCWL4P?pGM|CjA
zahT&34dUuA&NmQ@!RHaI!HqVV9vL6$Ne1skK9WiUc_1Gl)q1%Dy|OupY%bD{Tx4E`
zi`?YqBGed0$JunUBQ~5ad3qV%Sqd~V=>sV%zjHtO7&6YG59*4Tx*E3A?}_cSQEaCU
z(&qkNcD7T2w82KPo&G^SbQV8rekN&;Ves|W+M=V>W~RdrswQ5iI-ukL+byy!XU7GW
z^6x?uPWXVRSqNfZd+~hc+KWNZq;ya;Iq43dw5yH^ML0$RJFj;m#~EWY$Z<k8av)V&
zKTb229R8j(;C+6!JhtA!nE|=z{=;z5*ACA`8#9#O;O3$~0xo(@78hM@$61KY-r=Rg
znIw3r*mgN)iftD-Y9SWr$5GdKj)J2$2#(swIcf$;AtPz96~h+pTL@T?pth2*T90jn
zq?C5hLZnq(OztqhED-d?YC~WiU^P_}8JY1|BDR(g`eCZSliV#lHy3cUH0xT!=C$qi
zI_SYQL4Rl1{AnVUPfnHs>Q+V#RX7<O#xe_6Q5kdE(JVWsbwNp3|0Jw`z)^qSt=K2(
zy6pzzZA4$)-xm7=w=MQ;mn~LvY_Wp)CAcOQETwbWm&u~#|Aiubmr-yfqCJ}yicYwz
z2OUPWN7IZs*Vh|$iRABMVEkF~^!jY!hZ?ap)VRzie9MV1PsAGswN7KsMiM_CRJnCz
z>BlgvW@-+L%C7sy{Ry>aBw3Zf_+(6JDE#4q4K`;5Nd$L8$4jo(?aL5Z#<zd9b%e-Y
zhKb4smaa<&m9D?J5ZK+^jASjiS=GQn%w_kZ@S5d(fHHMQnlYt&SF}v&-V&RH%6_;o
z^&0}HX#7uJc?V<GTH$>g8|GLF-cK{8_Kc)vu960h^7AxYT-GXBOqQJHY<XH*5?fv#
za+T@GRVver&97gbW~`AN`oqh(%N<FbBmE52)}h+}qJ0n6&#|1#7a7aHtN%moryTY5
zeQ>8qM(C;qp=*K2#^=jq;{!K=mYh-{e3f-cQb?~Zb$Jj}mu6fDs!KUeo-7K1VIy9;
z18oC~t4m8lM!Xa>5_)xMxpnDqSGK%(sV$P*X>?lWlf{{9Z|9T6S+^32Jfpbft-Hy!
z<vlV?lKO0S*>QchVd(}aeK(eF%#>c2T{;Y<v2R{s&M-;R@4p^JEhQ5OSnJM{DCQ|n
z&lx!IS%7g*#osdjg8p(wycBf`D@t*nZDt`IzemiCrO4xtg}p1J=TogMHb&UGb|-HW
z9);>q-hF<=#Ic3UUzcJ+>PJd(yZ5O*6RAFTeOM2!i54n7XAo_;EJ;ECM@r8b0kWz&
zr1E{nD~F8XIR4?sbjW4Z%Ob0sVL$aN#==H$4K?Pj=fi(`2n@e^d1O^^*$dOm@I<CZ
zR@pK^AzAt`nDNS^H#@^r^B8F=2jf&#ymQeceZRU}Sf`lKdF@ws3+ogUI<F79{2iD?
zOjxJX=5}yS%n#@<q`qx_tGy+-3NsTIF04{|%3~2X1$7Gwnon-D)2%H=8k*;(p>9dC
zMj~)S>Qsqn7t4}lfg7Fv&#xHHB@T?QUXu;uc|`!@fci}Pa-Y&OQDDIpj4^*3|LVel
zV*^~dji1jVs}RE0o;1P;cuR(@RQZslBnlnxqTR{g{xW;;YYSoUZiD%PLqf8;A0*H2
z2g#BFAenW4UIwhH^&i4?epb9Ktba_F$ud8p+-O_RC)n0=zRcD_IWt^WzVVAdZm4uw
z&nH?t`s5q`8W?6rgW)>5Qt2*=-lKF6i|YJ5e#jYL+;7I^{bqd9A!l6g%$I0^j75ES
za?~%fRzn-l7_)o@Xjv}?1GXj%*s;Z_QNo~pLh6=>w}kbNQ@*hNvCHNjyE3Fsl^32S
z4CA|#kFL&M?52Ex-tvO5{;|?sxcFKKe_APt@TXqKR=zjOR(`v+6SgCVUTZ(k?07Zq
z9nVdz%lAr>b?rekrB`H|(kIXsuWcR&OZs#9Xi1ksY989r{}Yz$C)ouvW^@Tj$uXi&
z>1#v}>mNr??`ucr4+nFj&JV%q({`b@J*c(L=%|1ZFNMQ&o0cG<R(Y=;sTZ?#Jb!93
zK2x!JYC;MyJ3Lt5oqXdgNrJnD*OT}+^Ta&`Cpd^OWEIHwuu8r>Nos+B7tpnsa}#0n
zrwvB1ezHuo898DJ8)Z(gMCmSx7RB30{Hz>)*jG34O<0PZM2)%z<)R|8x>?->O_9}G
z3Z5-!C-JkqaLA!%teu*3TEn^(HiL~}GqNtZ`bW6w-3=i!bq!RnYotbO9i5O)#$L{<
zMol<~gw3E5HesJnepl3{P#aRSQsYrLpy+i9Z^Qqx7`)P5!l^{*E+nhAR26(mnmY8=
z5aMIR)>ETyO=@HozsQih<1iBjqL}Uq<G%o|!{MY3abmG=Sf>Ch8E1#pjkH-wkt}83
z=b3f<{km(K$xpAtN!^lTGah@0@wP>a`W%2~xevf!cMia@A7L6#((gQq8l_|SimLfC
z1>eg&Mzm+rE?%?lXB@nBYxwv%uYvIR-$AVDRC(cv4%1Mw%f**KplGlW11*E=Ks`Xs
zSR*y(tV?#x&n`XF>nw5M;@g40jI+ZlXUH~xxlnfT7owdd+qV#r<q{loaYBvmxgPl&
z>nS@fafKb1_`J<|>R>9MB8W6@m5M@YzK0559dctn=S3HJWoaK-oX=U29f^1o!)yqe
z1&-Lkb_~alv@RIu#+IkAMQjOzITT9qj@q|MCDwyjvrp%8>I6X6vko_|-rUDL&bZj1
z+$XH>?$3adSAGL51F-J@=w-}$NR}jH?kcsHRig<gdObDk64Z<|IE=yO3X8?0ZUQAj
zuz{Zp)LuC@32UGNJX6Wx2Qx&y3fX=Cu;NbywNA1sVTVdc!d04|me5mL1a$~4h=|s}
z>4Kuei6#+&J{UcW$_}u9aB9}g0{(Ntvs8!difU^PI`4AEmfU`gV@R+MQ-WnB6W1`t
z#d{3Wh~wYM@lv0-JYq#D#%XLU#XyZmN^QkSr<m|s$!(U**c_|u^m1i*nk<7%JEZLX
z@<H?`sc-R3*U>(G{hEx6XM(l_+i}=+4auRdH~l8`$q$6mYD{)GjnlS?zMQZ9n6cEW
z1Kfw}Iv;1$&Ax!Tu@n`~6RZ<CB(7P3n`9zXxuR64oSi}>-VIP$Rf>6iZ1`?0#RNYq
z#M#h9mroxax5xza4K!AiIvVI(K?8kLNSw%o3K|dsRnQQH<p?Xo^duKn!XT_*fEEfX
zKpFf+4K;@;qENxUj08;`3HtXVk0#f2xhs88m6JXQ&+<~AvpjkaXRa*)$6eYIY#8Wx
zk7w`pd9HJP!-&J2>wi1XiA#VAH;!;l;F)9k<^7Th{RBIyhdPt7lZH$uYqCpUI4@fr
zP=pl@uL!8>rwAw?L=mt;C<5Z8w!%H6$Hfuc|7FipoQP449$U}9<LF|I_9>sr+al&e
zI079<;&0RMKa(-0Z6~Xn&7r#5d<rIKqH0&>hK=3HvzH@JU_N^nt$@Vd%L}5TxY+hc
zF>b(QsR?%jE8P>LBbDy6V!M=D`K;J`O0DOt*xRY0O07IG_Nr3rnHXz#asVzY7a4;_
zL2i)8MEGXxuh!C${d51^G7_budZji;i!HaV8R^^?<ZS+`j>E0-Nn)7Tld*|UcHv~v
z-^n0+O>y$S$Nbj%e7=D8eM)`0zAry3gVKt8%v^DvEJ;tE4tw<JL^~73gVTw2itKEk
zxXGS~TaDOduewU`S<-ixJ)LiI)F`Ir#WK}p5DN@H1z#UIVw@B*XY#{c#E3`%(sTlP
z_n_y?_C=HQchud&^TkG<chud&^TkG<cf0&;OL|?dFClYWVMw1VQFV)l8o~8c_fd7L
z2ldhAA@!+rL_aA&nuZp}+ZJ5_;-c{DL80+<5E_MF4~mYX)SX>Hf5N^?R5<p?Pw{T7
zsys=0@)SV)ZI!Q*_(gdfn6W8J_m#2pm)FQj&rWg=;jrx4MYQ8&JF$Nm$Xs4q<~o5N
zr>pbC{YyryovK@N>Eu}Jf>W}9z4uB4_N3u9Mv$g$T=vzsId`i@Yxs{n!Yk=?bypXj
zgkv|@`RkYW6JayC?T^(v06ss+1DQ#%-s)2<qMu|9&E??O5<6X~^=Ps2kl04)DI)P{
z@MRc@Uy$oQ5&%}AyxY2<BnuupzmM?v`Y-{H8d=%0U+KA#ERFaiDFEJKRZVixpCC<J
zs5xwf&t>PyM%O}Xt=wNwytm)8Q>@$jJ^QA0UB73Nb!oq6yRv^O*+17=<NMXvlKoSI
zxPzl<^iLKSw*#9CBuTQ?_N#oQ^%v<deKuIj`xVJgEy{jSkh(tm!PipX&3-U6H9h-5
zQR=+x2g6dOfz3H^>2o4AKKtE}3_b)JWq)VT&!~=xyMW8sd<D5oB{gUC<uY?PmnjN7
z?nD5=eQD3B?}{y|SLn~4Q{NR^RPT}9mliUIj^HF97|nXBms7Px@SKVa&lxoW^jEK{
zAM6OY1Mj{Gfp-CS<lQ)RS69#uy#u{<^G@e}ys+HHy9>q>L`%q$6shdJWn@_29oEyy
z8WjoR#3C;Hg$+o>!%N2B!z|E}zr&wMjdR;y<o(S%a^x<^xm5XDw45}ZTWns{zPX(r
zvwDjbyklOqd2<{5$Xn21UiHA{KZzgDSZ5Z2Ba=@eORpa)NqX~=ol+NLOS<v8;_nQV
zB(-bttv}YAFNEul3!1Gwr8$wBaUt9=T+nO{RhoCCPHwhFD9wA|tY9vXsUB-zR-`xc
zw{WL+{}*`!y(qnCsFKZwVCv``5L{1<0$3Eo$MM35@m)fuYO|ag?}i7J-wx@Smm#%<
zMZb>=i}iJ%U}dCf>IRf{*rGPQOWm<!17Ft*VOiJn2YWW~RlN`v^^fZAF8}r=3=!!m
z+Wf93wG#MZuT1XF>tf70u8Ygp!~NT-*5*=3-L?c*bw&ZQInq>63GxkzpI?aTE27Qu
zNcIiL!>QWsSvU@KqP+eEqJBQq9}axms9R5s^Qn26O!ecbF{hEL9yx3VSVYewO}-6I
zoak%nZk(3055K1F#(6pW@Gd^F9@oUEIciKupCc{L83Qd%DO_ASWlQv@Q+5%};xfi<
zvO=_XBuQF+G3L~`+}g&=6-6(ZGK^@?V40#=fT~-)Ast1+Pz#En7_u8LO`_XC^FiAV
z#kc*Cz6ylG)E&xgvKG6OljY$WNZSpNCeM?Oe{oA6O>-%KlBH<||KiRIvyBv=@`+Qu
z-8vsm!tG(b**Y_w@#l7yb?svGY`BlJ=AYzcr+2%|t-d<b<-f7UD>=I^s+<&o?@IQT
z{H0%7r+PU(2#m9Hx|sl`XQ?@w74gk<=yED=V>`9&B>sC3YBs1UBO_L2xsPi2;(qZ}
z<^AHTPC69F<@DJe(u4d^Z>{#ieV%qcw_j!Qx!vRBbBkx?bGy~nv5j`b>~X^J(8`e{
zK8uZ#P_3ZMv4)y+)+`uJ&ANJO#u}18y;Nj9&2fkkGML?NXE0lACvCgJN!nJ^Cuv)i
zNZOVGc7s@nhJjY%NMBl4dL*fSV0G`sn?Uh1FOyR8ayz9YW=eQ;9;STYkCV&3jgx%A
zn?1=X_9S1l^@uSiP1{fUq-pzpy3Zt0ZG<Tq=3z>PzO(s4MXYOWrE;gOVtmKR)%LEv
znkY&%SP#GhK>b`gc{PX8g0rc)NodX#YQnRmHXA|ktj7UCyp1fo95jc#dX3Bp-AT{J
ziKwsC8#40nbe!kkZha)~g1rq!c%hw~?I-rCU=p->kR7xrqy{AvAzEx9c>O+MpE=`W
zNy4*x9wca6(PxUOZ(xSCH&Dr$d0sJSS8}Qp>-+(;vK`HUdUOB$k$XUVx*MFtY)|$w
zW)=4G!+G>75jm_>6j5_-D~j=T38E?3V7*cyh0Vws67PXS{~Oed)Q8PrLvmRSF2;o*
zAlKD{kC$H8z%l#!CnU-G6!WSi1~7?G^Zr^eh5aiT5Y2REG;*9itTwzi9eM<Js<0`d
z3P2r`EEM&gbVr$E2_4m~nXyuH?i$|LKQF;LLU^tRrHz5aW;}X1G=YBq6Vl1wJuc>@
z*EOW3W*xVEkk5P;xPb-w98c`_L__BN(5!I|Z*unIsQ6U7yyWigkNGNmg1R_Ihxvn9
z1L`oL&15k1vae!{k2HCjtFogdv(=mhvj$gl3cKYW|CO;@mb>kiRW7^bW>KiXMz?<I
zz;m+we?EEr2wENXFG)(R8+fPsvKcb`9V)12VCRxsLpplR*pO^bqk?@$nla2;BoyrB
zs9?v$#6ndmt}YZaCyO=EqN8OLwdcVE$h*4sIwa$4raEX+)n`3AWEiy<vo?I_#k@Rx
zh{c>7{-R3wn`a>nboW)l`-BpHKDiNqK+0g;qzp2SlCt}yK3aIrUeJy4j|a0BeBNtE
zu;2}^Ns{$QcEx92b@{oJXZg9ft8RK#lB`A9RX=?72>N`VSFAedA~_Q>Jtq%*n=$L1
z16&}K>ONuYLH5;rekR)f{TJxt@lP0g;VT^5K%bqWzma?J@1#Bb%Ur)_@cOs7-Ypg1
z|GbB>4X)?U?_un%J%=90$9>*2@td!eZ!cqC+l#-a>}9OzbH*P1oUt>y@#FsfWk0-a
zcYF%ie`-Q{XGlLt@zTpo#*$Bxb8ZpWM}z%#jxS_robgmIFA138(snMsEqxo5D{KSY
ze^oB@&7xp{G(A7f9JRUHoH9G0wzOB1Cc9=4QQP5k^%Ns<xc^+$giSybCIK_!5@@c=
z_5{4BpUcj~el9y-8^C49(f`SNLb`@7_-%OkwlnE@3-Aa9X%`f5j0sADN=LuMsWezY
ze4YR)4pvd)VqZuPa@xG%B}qzE1of$C*$caBz4Id0qGr%Xe3GbHW!D^zjTQumPZPH>
z2TMYRhEAiwa({xVPZzj$yuSXe>W5_^{ndc}Sx9GDQ4!j7mnrEP$PW8dwSMi!upVm!
ztCE_4%rH>N8|sSyEcu<A5drEwHUdDRCb)uTnPb$ymp@xBQT<<3Z3a1FnRl?%h_1%>
z--L~y<B_DWd2MUh{Aqj0d|(a6WG1rCXOK|E9p7-A2znT<bWe;HD&1G(h4NXB9^=CL
z{;>XWSl^W#G9CL$xH2OjoqLC!1TI@6?LD@y27?;WdeW{$Et_sc6n#I<nDv<?Now6j
zj%dGr0W6}ozJN~jb~aW05`nNY1j0flmiP<OpqGF{GN$|Ba50`}8}NA3PSs|VA1N1$
z1!Nzt1~Kx-4ph%@fs|-3WYY949~2J#-^3aR14Zg4C%0Z*BDrsxZRdA{O(2&t7r6j%
zj96oI5*Kciit({LrB;@rr)Tok{QP;Cvx`D!0EJqRQIm^AdLGjCS{IH$qZ3?u6q-q#
zel(Lk`Zw0wSq|_0_`&57y(OeSAJAXbV-HcimuhX%VPSoD@~yw{i9VC^2K^r)t5}b$
z;);tgZxpbK%kwy%)iqS>u~#@L0uOPF!|O4SDx@CtEtnWK>l)|RhjkX#JE=KmeeyRK
zBc+YX69!Q(5>IFjS6a9JE2JLuEEpS7pOzzL9iw`Sh(en17fA}sbqT6&aC0E4zmx2^
z0h@a+7np=EY+krOH`}|b+6i4+p2Z?c1dAAB&VEPfnM;;dV)n$)HKTqRmV4MPYRpLp
zX0d+3cxu))+LL%QfW2Ol>uNjRM)aTekBXY-<{JJ1GgKOaK^l>SSi{6X;Y?piiGG1?
zeIwdJ>N7GNs~>ZRNL}$0WHG<xEM`^?XE6^+B%bg}k~#YorN>W}KH?Q=%fRnJ@knS3
z{sXVE2A#?hLgBT3!5BAq>#D?^aG(mpSoV4m%N|t35QF~rQePAD1eISE=?4Pp(~QJl
z;QNu<<ykoTNv|02pMH#O{?_X(nNo2Y(H``OJ9utxuTs)Q3r;m>Z&rFvBTIko!QpSd
zNRlM}p=9lAM7`aEy1i<%sy(1|6)iZ;tleCtu+zxWc^)oFG%@;wt4a@1sYjB`MVrmp
zg;fg6t0GOEq^W~k{HfACkIeYAD)B*%N&hruUVt>UlcqK@{aLeSvzlmAdh$q9f=p|!
zlJ*3(_o8F<W@TqW=~kliEZO76@%q3<p+TNbnp)AsywPQ1E=LpdMwf~CM0ICZU}FyC
zl0bC)yC>r>osA=5V<pBuT%1V&i9mM0qH*7zOj?bsBpQf5CS_DNP%0blPNLDaXc~-f
zvuk*M7~W>r=uTF5cKI2O%+8|W-tWWa(5YcW=#cp>57iAE;7tA%GiuPZGk~E}!9lp6
z<$Xeb%lmNyS>ET@&os}KoopIgykQ*yf{8USn?~ZGpqFW+X{ao8&qV*hLB{l#vYk>$
zJS?8N9aBhr(m}@h>!GcaAs5B9K5M}N#*E-A)Es^DR!K?~QFHWPw@Q)`d__x8Gxr-?
zVRz5jIzWh=B0}WqAw*8Ubg=9y9KaFnqv&YCnj5Gt;~6+E^`Y2NZi;<w3heS1t97sN
z{qlilU?_{8={po8;^Jvlf~+xK?-`8Ov#xV8PEez+F*#|9y?Hm<*%4s#zT6#oX^vK(
zktAzB#P-eVVeIx^{P6F85q}5z+}_*&_mO=1*6;i5-|_i(_uW^%7!%T83SmwIbEybW
zZl@?aQa#|?M{b12`^aKBZ2s6s^*OE7ytsf15}dEk@3ViqHS%y>2k>v1wy3sgZ6CQ&
zMIW->+<RVwmiy!#h_q89z=d1hySy(z7Uw(i#L3RScGnNZ{mx!DgAEvyw9Y7@#s=PB
zWt!actUDmur}UH%?U&eH-#Bsml<Ke}=agF6@05Cazf<byfdWhFAw#3;oKNR6*Up@{
z26tvIY+APgQ<reufyx8bB)nVej2-uImI1n6yz#f$!i=vneP^N4Q%K?;gC|kp;xm<=
zEzwEfQ}jp2kNbW(b3;KXIIhfx^-_9@qN9|aVNrsY+JK%P{D%?Zwk?d0*N5Ycza)!w
z<_v~QUXwiwMp2`#HLQP}{7D5C`km|&xWGL0GjT0KJY|Qm6g%dj{4`@OH}kH8w)ibX
zp^y;)OG-$eBMmGp9c>BgM+Z3{0?W`0h<zDGG{vzDoqG`OIvfC(Jp<zME4hDvr5`S*
zt#4w38qrQ0yg}>j1B|W5eJHvxsDIs9$xp!Mx8y+OD*<xJ^IF@Txq-@87JpxBgJNV>
zYd{~K3OiXve%1_p**^8)7E)z%?G5<0fEvN}KKUE$n0esVV_e+2Uw$#*7FASZBz|Eb
zZ*L#fI!Sy|AwPzs;UF=shIdSgr<L<ANbxiuDfZHqY4d<EL8?$U9{@7W3#e12sIOY@
zqUzICykE2c7<Yp*LhU-9ERE&E)|4)Ed1VFEC(FT;*%#LLCqEH!EHfcm>Tbx30dBDQ
zlB8D1L}Pi96lj4qWjoP?cc6jVqqO%lT2A$ul=!On+Y0fwMm(QqR2Asc3IZ*6m&>-h
zz};mssJdVf{x-G3Lsm5h^m`7V$Was0;f+;<*ZNZZZ4f+C1^C0?;f8~CE8GU;o@$Pm
z>b$({sn+C4l2M>Gr`7J9h2ulUJqq6Cb0DPuf`2ta2Lk#%901mD;4J8LZFS`L?c{;$
zv6J51>`qd-HcTL+O$nwNf#2=ocLD`lwIVNe6*VXoMJssG0RR<fx%+^iAs2M`hEhUJ
zx+kRHvmW?I?Vhkv+m(Fv9LyR1;yIj%?&j}8m3Oa`B`MY}*4J}{>x+q&gB)Eez+k3N
zqargwjmS(euUfyR0P)qj;$YT#f&It&uWU#TvWW8Wec^kN2vNE(CmX&7Kb2JsC)#qz
z(EbIX$9s5dK4U>YCZ|3CuyQ)7=Q63Jb`_JQGx8+qap_{OMAkMFwK78_MSOPm$VW1}
zeJAvt-G9u-*=_P>&+ac?KD%O~jsCK;W7j&f+tQmoyTA83vm2JnXXg>KV>!<3hVt1p
zN=Gug&&Tzhohm{`-tjoI3;NNCeiHAyK<zFjOW*KH(i74$k3`l!OVsDRUt+>y(8ZF_
zzUaYrj;GcKp1wm%3Q4HC|IqI1VN9(kj(zv2;QUL`;M|^UAV+#&qHQ^9Hz8V;*BRsp
z4%tAzfnD;$%w<3BcJ9kej~pS{0%rd0h%nPSsqZ*igy3?j+z&vvbpwEi_B7ZBjsi#v
zM57hm*+44mMj(0AZW6sYWZbQQMfC1k&aEay%s;?y^B1-7=gFI(xet;rmt%7)V2nAX
z)TB8f9oTt`G>XrDtQ)>VVgLI9oaHXbbRV52;0iVV=ImuIKHZX+gF?f%H}I`{dI9H#
z0a84@gtNntKD|8XXVwqE*>LdP<Ve;GZgCP@XrC>$h8k7noYh+0`x$f5XW!uh7f#+i
z5idT!aqE%v95!z$Z}H{<qmLv=@yrUegU_Vmca8Wxj}%WUp!&2iv}IZe-uf|(ueuOc
zQr@7S1zPfe=g-~`%j{mv(*|A4yl=w7Jk@U@IW?!glWbZgNy(k702_}CJsvqrTnGt4
zR()C>;qWwnhrcb07#_+!icT&OofHhz$<S=Z2|HoxyGPvizKPiOL+Jt9F3N7(-<JH0
zvu(Y_dgF7(hIBI4-pSZoos4yMGWPxbjLqE7n9{}AX^gSeU5x#<i?Iz|jNQ`BMR~@4
z)y>%K9>%WfVQgU!V<UPQd$5<WVFwr+dw{WX4lp+4AY;7!!Sl_iAJzu+SA<oyCAi+s
zRyHA+P&Yda=9A?7t8sF}VPn7FVKCcCJnfaFp!Ob#Pv-RFH7S?W$X(}Rk+A-WzmqRo
z@~M;XzKIuM_tX%mnhn(7BT!c(P&e5?{qHjcgY~+ZhKWGU0geXNy<8l3fE4F(O0VJn
zRPlexf$;f1zEI0_6x3Vt;Pw^YO#XaU1vRFXhxF;xeo!MG%;U8RLM_wBV6EvT8OpH=
zyh0xkXwfn(RTC^#%dpg^YC`(`$WlK^o_v+ttL}c}Y1>Ks2@eOI+Lae=RJ%Or6DwwR
z{L#$}j<U{#ronqYL&_&aeA6nhk^X}Y8CtevZ)PNWcq1lG_%Yr$tpwHI)5;+<&y2KE
zGq#?Za}s=-uaCo}-odM>n_PHw(%ekqI5z-(AWM=uITvGr`d~*{#N0FxcBGTaH?Xx|
zVk(Zoki&~Gp_oW-8b~Qei7eCz)&oe(A_^c4DT_1+WC=EM*is|79ygl^Z+VuFBMi21
z^sshFk?&^+_g{*IbuwM@B>*?3Kub^(JD&Ck+UG@vNiffgc;}EFET=}@`s7behrr_m
zHG-|QvL#wc^%i%25M%M4<P0biY^D5ca>41guT@<uRa^E@y{?s3cE$dgEIA#-RXpU@
zW;wbA;XImp&-tbb`$*q--gS^a@<sjSkiI{pA8>J<-N`*yi0HapNs1T`fn!xf`-sGU
zo-0WKBO<BYBZ#(1L}Mx<NpVPD0pE?P0|7l=DmL=~Db5d&;u$qyG3Ec1gBh9s;|sOS
z5UZV^i#HgShx8dVKzu<cP{F@dK=qIjq#=FAypRzr0Go76yfm}E@lvtC@zU%SUQwD^
zVtfZqqSmuHlBC}s<qKp6OG3t+a;nd1gpNU&7GD(crXFgk-J?jHccgZYBw8gflSl#8
zBZ)rwNBLkm*2C~oI3HlN{zO2nlRRWqg2U?o8ro_i`a{B#ZFlmz?}-o!Z=Z$e1d**y
z8b!1sbe1mQa=d+y4+o@h6%{kV^jgPgSnZeNu)do;ERNkoTj}8&P^a~y40zh{O8rQy
z$mToG$>xiGsb2}~&JcrqQ|<%1=VXN4NTR(jJFrU}tA79SU2!d<r%%5VJm`^N-OMqx
z!=K<Q2LHDDS-=QNL9LU-f5q{vYdF#Bks$hy$v#gX1##tz>p6j@kf+W7<pfklRyt!|
zNMBrlqWTP9K)-rSpk>B5K7XW`H5~7|ib#Add>KmON%%6FXg7l2P~89^RO`mbWK}}n
z*10X{@5Jz)W}+?gNK(8bdKxv)d-Gv{N;}o(v?k}6;Gfe9G9U-y4?U8kd@5IyrceEC
z)@6WNaKqGgfaLpN1n%^+uu<1)y)5;GD-`-onlV3S?0_(AS(20riNvYb9`&zF*9j-n
z^_a#TLKrHaijJqoWNO6PlN(pyct+)bY~iDo;N2a2C(x2pDmH=qzd8Py0BLZ}<e)~+
z%!7XwPQ~twNhPj~N##L*Ck*(T3~tflbHWW{ZhLa#c)SYowDG90I&nN+5jlE1WB%>>
z>vYM}>#`G)4vIU&j~;hY;Xzv)d33E6eql`XIG8w`F{W;cVoIZCwJV=!V`Z?l#z)A9
zAQ}ip-FkpA8%eCY4=@I}mf6Q@4uteoUt%B2JE95leVy-O_9VrwHb&fYRT9uIDGTZg
z&kPvBF#&x>`4`^ptepoLQ@aYt>V&daE@&oN{7`&l$kDH+wYHa|W-rxSl1onlECmrp
zOAyWI$LYih@+ul5s}h|Z@hwEV1M>H!@l5{di6VzYmn=zJF*8U;T_Dybbb!zH%dJhM
zKBQmbUYkf`NWWxWL|<6I&+#Gs5+AHd%M27K^{dM$h=(%zznzJbSq#A|w-+SWF3T_v
zPP=+tYx3S@&b<)SfE*aqoKis57CBjD&(jMUX%ovp7!Z}WImv8pDWG}_)t^d!eHo_T
z@@~Q&Vy)Cz%_}8`E`tCOUVdwi7uad?z&IR5av%Sqzs@;{e>-P<tDgG1oLLa-u5O2#
zsF`d28Ehjz`7@gBg&<Mo5+uq+=tGX=Bvl!R-CgzP47)3Lv%4x6yYp`stb1H<#$(<3
ztS9rszda20zx`n&)^2^?!&qN=7VSr9YBrW~BGEcX{CBW{#C)7*ju&w>xn4;M8*4Gk
zx!Qo4kk`ObCv0wLz$+HkU_#`2anxCTBG%pJv5z`qsBU1uYq+$W>eLq?zUtBvQY^Ko
zHi=SI1q!8x>LyU#u*s9^@FJCCkFid~?c9jB=(shBS9`z`(_Kj7r-1A^oM_L={T0Cd
zyKhn5Dn`*K?~PpI=)2`ihtS(zPF<4PRTwP<F=Q{K{pW;M*hgWU(V|t26_|XQ2PpPP
z4|yT;s`5Zfo~=+5S^-XZv#9-`Mm!K&0e$+IkT~FlTBf^nY9e?3*_guK<`-07DcFT>
zpaBrpJ$V$z&;p@6ghBbL?2|pEd{7+r(8$rRy*OWj3!q^j_RUUGeI<M~YWT6k(N@}b
zlu#qk#Thr6o2Z#P_K(tF*FKc|QRKizqg077N|mRIgZ}rdo&&a{jdPOBm`kalDo7rv
zCkmTu5uz(=kvwcY(XC?<ZSQm`->7aV&aF38e<!SW+RC?udl?JpEvb8he$ja<e)RM_
zJ1mr9Ux1#UIRWdw@fFkaUuI%Iwf*V&`V2jv0rc!6+RI;#o-dl|&~s5AdhQYQTuheo
zR~h@&0f(@M4NBP89VZC;Y5D&?!Y=whny~L)J1Al6YY#=(dk;m}8M=G_h-v)i$BF!x
z1JU@fY#Ik)I$8e_lKGND_@7sx{yU4vf9oRh8>moycsP+icvM8bV>H%%S?*8d5u3(?
zUzWt5oguuIq<$oRzaa4;M0;HN|JjDL6X#+5OBVKp`#|$Ggv8I|=Pu5zEXigazN6EU
z!|BgQZT-JJ2U;N*LKSuN|9D@H2ZYS&W2}jACjQ9kI_Sb~>pb9}glJE~h>l$T5wSj>
zOWDlweaTt3k&H2G8pL)SA)Wkqq)5>qWo#x6oe+mkge9#ab5ytH{SWVE5LV$h#t2rC
z5UirzVHGPMa9Bk`u!?rUDt_^R!zvmCtKeLu9QlH44C3yg)CU9K|9E(M-B>Mj#$SM5
z%SU8{->;5d$5szYuPeN`?!&$cdi{#`nRZl)S*;#Hujd0%40F+|CLa}b>=p4jxAqYw
z<_oSSM2RP)2H}p95hX?sYH1%gT!<25kM@i(YXDJVPJ2kd%q>d5gTsmvGC=IV@%{ko
z$}C>8><jXer$itSm9wE$Av-v=FwGc5kRLHGIf-DS9}UDyjyn`D8TG*-c*zln9rq0?
zb}YMZ5V2!+pJ|;o=(J`G2ls`s{iek6#wv4s|NFD2`ho0MA^rJ~{!gm!3+ZWU<ZgRN
zvTvoe1OCk1JMObHmj>5SGxx^(#JwhF?sfQeJt+<@gN(Mx+9Bfh5)S&G%Xt4G&6V)m
zvTWa<=Ptq}S_<}sCsEDMNc;vUeLq~gr2nNB{`~$X+`ioY)<(Wb531cVSy}^n^qlCG
zYL}O2%@}_{v~ghLSzI6!t&NkrF=MEjU}~3#s9el~+<M7piUe7`3-EX*V9Y28=s_qQ
z(1SUtm^fdB^;E>Tt{`IE=nEM$${}rZfcR#Vkm8(Dh=TnftpAU{E%^@*s=7awMFx?{
z!DX=%sadCBR_Qs*lFCq=daGT;L<>$>FA3|{7lib;zK9De2kNa;#jz<HsM?F1g02DY
zt~?~zkHY#V){V0B^@o|S-{XxLzo(E#wxxuca~r97-Yvh%ikG6srClLohR+5>zJLQt
zuz$r%R^u4gbPlNewa(bH5$(NbepufT(a$WUDk$P45`PTCRTO|lWefU)+3G&M(zzj0
zwl07@ZHCJ@H^Vm0W&Ee^{Dtj5Wg7~nXY2&i%W;;eTMygLaffb)H{$2Rw(2DZup#{|
z{`>^Krh6z{a!|X68kct^A1pu%#M%N-EZUQey_)=4fgPlyP;vi|e>*jD1Ajt#oE&VA
zT|SVB!cGZp=k`I>DgH`M?%yitTO-<gvEPREPm*H`7)z~5zP|wC8?y5i=#f`K`fI=$
z4up-rtpkjBY(3;H{5)C$_X)&+eeYU;EB!Mx<@q9&AIIM1FSh4%Fl`O%EZGiUTOwL#
z^wNmNqO(HgufbGgn~Xw}<E4$9^_?6tH=;4gTm?_4{&sS9A#lAh7_94~`jD_*9@c9M
zFkX1Jt?T3j5X?vW&V~7mrOtx_YTYYR>`a%TY4IvMJ&hBK>`qS8FBw4peBL$SZa>ch
zT6fB+0IqQ249A#NtF@8%ED*(Rtq2*H(U5*wO-R3$VtS>@S4n)dhwqhg?39pk=NLNS
zQ`QdN+yIg36(N0kO-P?kt&e44uX|7J_5{f4mH=7xbi}MK^+fb{L+U<nYL=5PSlzui
zunC|bf6P16yPA^)PhhsRonbv4GOoI5S<aA<G5w~hWmC#S-pg(Z8MpGW-4vR9YYn<V
zk*29takl6mkQEUUBF2WOyH5^m;_alSLvBR9Tiw~E_o%z_gZ_`4D8FYO2fvTtwovo?
z9(6Z?<cSa#7$((866^`72W4{i)#xz5B4#8V(6<ECU0$>wsomZM5vuMu;BUkD7t(a)
za9Mr#BGUAo;hyH*Lz~~tE9_NwT~zo6f8&KWcMQ*I-UV-7R(D@i_zqQ@b7*C2>?x`?
z%Mq<3dNP&w`V*qPQF8O{Jl?`<R87dC$}O>!fYlO6szdH>O*3XLl_bXWX2@;%ddRr!
zri+&iJ%#@+5<f0zP8Q_6`2?n?ZVu~jTMclszjI8;xb<>6;nM)S%%>$_wfR;(y&`1H
zy4+sWkUs0CkUs1B)F>g9Q8V|ImB?to5Sfj8$@mSDl>8h2=ZzcO47i^^9JOy>Yvqkj
zUb>#I-Z>HTk<wNW16P!;moVQ?qlEc>@Q#;HlS}e&)94vx=li)nq_2Q#)R;Ms>U19Q
zO{*crRW-yntqRic`@F<A(?@)lmJr|f%ll;Bj~LiECvWJyax00i8ik`M2dV~Z4gX2;
z=S|}09r&|W{A>^xQuFWi_<arkz6QUq->{t1-1<@AS2JAg_C}9ay9=YIsNMOoX@LEy
zuOU96WAbo^UY@{s%B|rEowPaarJJ9b_2JX}e@gzgpA+dl|AjpDdU0WLv3&yrDXuCZ
z#Z`Qw0V7XM^r~GsWa*p3!SHkQC|6KS#JIJ9Go@#LDrDNXM)D0j<s&CckjJC4mBjxn
zLl&1&!_5U4KK;J_vhwab%2S(_-mwc_S9&H!Usigqj=pHsjdbM)51E%;@9$K*ix!SV
z{9gOqg0BV0+SXgV>Q<(8#!j#<f{gJtf7mK(og{t+SmxVFJa?od8AVjxa=qGJbZc|!
zg@|!y0SI81$(RCTls)R>aMWY7?|ZSwKSYe59CrK<jo?Cw=;Z>@%U^F0y)=%1UPjsR
z=yv;`OGny%*xmjx(f%yE{hC4AZ$0AnKP;A{i2ev*a7d4rR>*k6V3mksvR)s`3v3*)
z0Ostu)d#^@k3pFI9i?|j=&%yjcPF3w9&DtTSG2YG2wS>#sNGU*YRZ2^RnE>-84^(M
z93v6!<e@l*8Db1%s3cj{#k|~|WmxP?iNxnH#v;a@V<N_Xmhi5w=kkF5Q0YzRq7(gk
zfHdXv<Ad6DR`dd;u6<(cJ3)V2Kv^tLj0FP9V$a0rxv2_LmOJZy$c7RxtreqOCPrzk
z8p8KHsB>0q7_W0yED!TP!*2etocf+p*Dlo#U5|on+rx5d20u$VTUI_qsHZ04!#%JS
z#qwb@N{!(U^=5TvmmQ)`RwZcj4v)Vr=x>8lZa|rmU-AUrxbc7oV*kzyET1967^W1E
zd!CXc$-HSlUYVezJ>;%hk6<uUhLQMBJdy-CJ+lT?9$0>fN9isg_iW+S16X~Ehuk&U
zt_&9|P2{!T#cSx>A-Z0FQT?FH-)3L80Qu@fb`<?Z$mmN+^}fLJbI-3*(goz6yLkK4
zGwpAeMf+7sdKig6FH4ejmn=zBwvhO9yv#15{e>@sve=`<d;w*#cb%AigZ&s?5g>_P
zqilWC&L{dCJ7Dx|Ea+8Y-w!B@bJnFoRZ4mbi7&-&cM%OP%GF<_>WeZCenXBua%IZ-
zO6*jswuxyyk&ADh4JcEHJ(SV1NYNa-0<!x-Z$$e{lBCCTz`qI~dNiz{y}=*8BT8zi
zF;s06J+Bu%xAOL}cr0o?B4KVL$iv?!WEj)(Q}f(M<^ChD@+a(Ef(g6eP>qjqy_iU=
zKf$~D6Lb}wg}Dk7vB?5K9?ztoE)zKWcqRe$XnfS=Z@VxnVIgl(BCEDU<by52WpG3_
z=C-#4pO-KfdrR;kywLP__@@#7tiwN#;GY%v=V_>;zZllLQYAnH!T5Hv?93cVQl?b!
zUaCk_nlyD(8!;tZ*%iGxV9sn-x~Gz*cS16cHb_xYBS}&XC2L<K>UDfyMmMw$_!A)2
zF9wv}3j!p_|DH-#ZP6H6{Z#x7T(97>)g<^VFHy}`UVkxlW1suQBJFDPJ4*MJ3s2_#
zndgli28oRCq4Hj~GXTNc*rQU{eo-_}scXL=HdO1tXF(F&%i$AHdMA=q%~}Upy(PX4
zUR9Ie-f9wTgK-4#U!}JQRhdvCT-jyB)&)rQr+RE1mA8Z||Hqi~y8x-~(C7S4t$Uug
zzD18bjY=|HfvP4sV9q=VVALQZjGlljE_kKKvqb&2EJ@XR2bH_Rl}Qrcnaju0G$u%z
zUJk}Ps`Z$n&skPGU*AWXsQh=?y!oUmB|Via{gn(!Qab5oS9|-3`dwL)^tY|qkjEil
z&fKANUrp}%2asm(7NRY|IPwR`(m3Y<@8!7VNxYO2gXr~GYwR4-bd%@rGF8(h3rEq%
zrLW^2N6Ff~<gO)1)?0}72M=%4t64vX8{s+aRO=o6Q;Q42(BF7cFsxTe)44uupDe9_
z%E5S0Z;j|5MD!0M`oYj<yU!3=yFa3T64Bp}=$};^!8lR#J(6U^TH$iUfYN&=iQjvW
zF{}O{V^nL4osGfkS3vrlO!WG<ypjYtQZj2~-JZsLeF&mwB}sz3DtODvRcXeoWt^33
zow3sp$CO%+qQ6bFGdz;?cR8Tkk>^=Q;%^>c%t~-jW1;RXMEd|sYx>(HzLCH0;_uCw
z7b@M~AnNhpM!T^TNSDMf%gUB8zdoS!7Lt2sd&T0#HAKr@M4RQ6B!36a5L4-7X2`c4
zkZi4K2N?^-w{z}A^j~l=k*4SR=8YloI}S3|H+Kw)&lhP_`s9zXW;s#we9H&<+Ir&v
zWBS|HI9aT}XuliV-_*+(q6K!)jUD`<m$3lH5*Bc{EOxP?7gqEW68}3Q?#Cql&on&y
zh-l@2ZgK;;tC=s&cn{)X>=dd#Cu8G}3-0_cWy%=Mh_#Y<RWD<yv-vh;#9Ct~i3~C@
zg}{@z*j|OiznNw%bvdqIFur|J1W6*`&Mr}ja|t||nN0LFc-9s4cRHuxt)V{GwN^<N
zD^tpM5$%B<SeDvRn{8Yo+OK*z>Pj~J5OlHAH#<Yq7WOcfx;g0YfM@<rfxp(10NoCC
z*PfvMYJiIgEP!$Xho=w{%qg4PyH>9<r9vUvW#HB8D$SvfH69lv+WmJ~xg+26C!$&1
zj9J~?j0OE29M9rS2cTnE)68(r?uA_9veLadx=88XK(wy`!gw|lt@t2gsi>Pn1oX}$
z*khF`<w~{QNwjDhyn3D6H2}t9$%UR_ul17yu59K{679YNjI{(;2%cU@?)jVTvC3I|
zv@oFb4vTt?$kV{_<0E?j(T0(DVGm3;p!AjyZF~=7;mR(+3}enCr218T&Lh;Ukzpff
zgx`&7-7?9T^H59hdEC!l)#p3}i|p^HYLfNH(-v>tnDcZ%Uj<?>Da$?o=RyqT$6h0{
zZb;-2BiLBjJS6hF=+ICLK9|5s7#->slhwM1r05uT3H~-NzE=+ku80m3`anFpY8}}P
z2DLV)M2mRR86C@8QS3|BvhX(`?hOn2Kce6bQwG5;8{wc&&0$i$I~zm`y4b?N)Qe=I
zoe3xO>e5;*5gQpWW)x@%SO!wv9MG#vYXioLQhqKoXQ$Pkf(6Ae5MjVZdCz#Hl#fR1
zB+I%zk|ei1!NrZr7s)-JaFO{_4;*2_dfEv==0E%$$-n1Gl7+Uox%JfWLb|-ka_nnx
z>8AcRHRh~Oe)L%ybRa*3P<StfWTE~6W3pUr^P@t-Li55!IYgVEgQus*$Dk^7cn%sK
zBogoPAd@dcnRJ2|7plxYF^=(OwVccwB1zV>vi;ECk^HPklC1S|cCl{`lO(wK$SHOr
zfATY1hrgSe=lz$;Q7<(`9Q8)<1>{URFgXr@yc0r|a>bbWR_Ro|S`{Y-m}ycz4$DmP
z9vX&!+J`VK@eTk(a2|g>8<5G<eUfBtmt6B0&7ZXODb`plNg$s)#r~T=`K{y{^MiMR
zt27^Q>KhQhay*V&@wiH9cR4e|lxoS+(OB$zhe43%KgG#S^9(S#;jXdSEeHK=$^9ov
zQecxLf-yS9b&W_dGp^^SbpAcrkWRA!bY?E)7ST@ph%u{%@4Ae!#hi!4CB!X|;bXua
zRtSpW-#LOYxEwQghbh?17_gMd(Mv-{bt$DL%?(WsmsTwp%>g#n5*Zm~Oc_WqBTl%K
zZk0ai`(Q)g2b+1H>x6T+H5%=82=v*Dv(V}9BM}_Cr3^7hLJ4xKSdHhz@4J(XWdQi7
zsIg8=(=9J?xOD;C@PZf;{~6w7v4<~HmxM`6z!Ee5lQdXjPWU9vQZ1-8PhIIG{MO$|
zl7nfMn!%ssqlWfrMUql}*Mr;ngA&(+nfw89Js775D?`x#QMI1z7ioySrQUN@dA&|l
zNxkTL`kwQ2z3b_(7TZsMTfZj7Snxx}9{iB8ANDXd<RivD`84zC{j~q@-ahYokHP0y
zxA#T+{NL{1{uGKBce9(Z2f7*C+s)Xd9>!+&FgCY`u?0Ph#d{cA-NV>vy^LMZ%UHOV
zvH$30?3P}}^j^l!OAnAgoT?vQPW4`D<W4jl8@-XIc6ms=9%$N2wD&;q_n9!=ht2bv
zZ|6i5YY6jGtC{=A?T+dGA^f_Y8q*7?mWYm{2ImVz`<pCDv^iN~8_FNxN6I;?s6Ka1
z#JHo>7nyuV=@=4!8p!k7WkLT(5##ibaW&s<lkZ+8RIN{d<UXZzJkhqwl60|hM+qBG
zv~B!|u-r@4F7F*RVR;AKI%0mOR89?<Uk?{|Rc^WEeA0Bbd1rf-!ipB8^u5Z?ca-MM
zO83|WZ&xYliP6`ql=Rin4y&r~{o`<Fn2r~XtO@HMQ2h;mTXNEH&N;%ywabv-gwz%>
z2W=X}lFV%k8+B{AP-9%$g*kT7f_-2Z@|=f3u>uzCh}Ic<U9DRsMTZ2`#dk;~ehzH7
zogwv((gF$Z<hIV_>#>0|HBW33HP5^BHWZrlcU(O1uQ0CYcUx4O`*F5Y>w~8O{(Z%}
zVDvn@1rnAObIym1>eLpmU;(3Ulcdxz=jR!>p??WXCO5}$jK@U#6P&M;eG@+#ku@!{
zsC^C84iuykS&#QE5|96s^|;%9{PV2GvS`G@2piX%$@ZJ8_|9NNOG^-Fv7wO0GBmlm
zbWAizjo=z}J%A)yLCy1yUxctT=B~+x-+zkL8OhM7K9%5aFZ4TiO$M&m4Yc+`?EouL
zDq3m-8(wv3fm)j*$4;f@dB3Zbq}2Ef+Q+^Z)H;cFfh_cjT$~uF#g3ua;=(lE>z@40
zaJLjNFU^>nmR3pbIa2eyb8EA<OI0*i#_Q=HM2yoptu4G%_%MAy^)1P(#q@Ka?dyOV
z=eSECPPh87*jon?Y6Zjb_X`Jk)1M)6+&PA5w=gmE4~Dsi{(H#&cix(XgRIKyL$F-k
zLB`bE?~tO!IDY}+`QX77T+^a(lm<PF;+zryxj}1@y!6|B{hezZ=Si)D#Q%W6|4S`8
zAc`TNn$Mp|ep`%UA9}pQsdBRMx`Ym658^3v<?HZgLpyM?kCPuIQM~&LI!#K(O7L1T
z134mJuU>2z5`^PvZ6vhKFmhx`@~-^<*!vUsrmFn^13tM)p)E^_BBG*Rgt92qqM{&(
zEwqqoiyaol1=En+(hO-5lAA7wPR6v-Qqhjfh>oKj9UXL3>N1GnKtKd^949X0FpAj0
zjabpT3?g9jyv{kFliZ|Pn4k0e|DWgio4$JQdEfIn`?=@t-$SoaTA4PmP1njc76)cz
zt0UOCE_E84pQM+K%*)iq;tFhwnATJt<8l+XgxgkhtTjORJHx(<SnW+Rt(p94y(lD3
zZVz~K@hL6dpPPmL!Qxso`8Rz6%tQb_r&geYn_oO;YHjNf>8^_z2>COw+<ASXIhw<x
zxt|u`hLyxOxGg}hC#D71)x<!Wm*-j4tBoR=Y0QqIZ*=*Z%{<vVx$(!%?S#L%TK8!$
zGkOav7|7Eu(oge>o@m%o_O71h;dprM3F7mH?wo{I_A|V{k*q&i>yq~;2?bv${RjQ&
zx1aF-bgJ~<=uf$^{*?RU`qK(uV!MvY=EbW+fBFW+t>*pdiar6p?#~6Ky5s3jXYy#I
zKGFOU(e#S`bb_`&8E<<W2Ssa6?2>@$j7{yly`ER&+Kb1!5V5Y)bawQ@{PHyqC+mfu
z9O(Io^}^+v*D858%#C|fG<sc^&<%&MiOB;&{_^{_qk-=Y##Ps{(~FZP=`^z~n%V+W
zn88QhQ-zJszCAXuxq;s>IEf9!0XFZ3o&`4P166$G))CTuwW+O*y{IvMo9UO|)81#i
zmCYs9P?K$Jey2AQ=^mLx@@Fo|H8wxnn<|A%XkRq0x`PXjZ-0LDLspaLChpHUNh*>*
zm<g}%)xJgC(;JDj@9B+1bdgA8LL?Fy)f<Ui5z*L3UNAql=iW^F#O6G9zK~Zs>7&5r
z(fnD{T|2t<rIS9w{$ZLHV7u$M@->^2?XJBCzSz%q*D?Hy7rtwn)>Im>H??NBv7M<o
z*szH1Py_V=wx_a<bd>k~Ow<uZ2>$Ln+Y`%<wIaThd&ySz&NPYMGMkaDuBV;9x*zY(
zt-Q;3EKlh2xQSsluyJ?gargM%f3bEd?bG82CLegCX3O#i@vb{0+GLtu9Q{m6`#xc;
zy;SA6+vECw@%Gq7GPXxHZ;EbdQZU*axxV5b)g13)Ed12KipX-JOR|&mgXKvZlkDVT
z_qmV8cbZNdsAwNw$*vIC9`3s--QLaPsK18YBI~mkubfGDa`m+Ci~D+wr8~E8WV#*u
zmRoqAa=ViEsR4M8`Srdd>G+iW>d_B)yWJW8-aYSIdC5o9?(2@b+s<Lpt5f<!ZA>}7
zM0@VCT+s&Fp4$Gi-bjR=sXx{miS+hHB0G{@f8%}FvetjISL_}<z%B}(Kg^yDf1{qs
zo==}&-umT%x8}rNho#qyWmEV0KB6A4?d=t>!){~Fgx6sY<K7=zPva9F^VeYy5dJzW
zxBR~Ez|4KU>0XDOrhOgu!o9uhb=ZQvy^-!SW3R&w)7(k=vjcaM`p$xt%KlzuNo(ob
z#jSrUZhfb$^;>4V;=2PM&1P@Vmo^_#2L(3E{I!h=VZG;6>d<{$9h)CxmWfY<FssPJ
zzAw7(ZGQi8A%CIFFuEz&kW&`ep$oI;b(ocdKe+UrZfd*S#OK$TZ)(vM8#k1U)|CZz
zNMYLbH1oyy3X&<4Y?I0YJM`U)Vslbmd%OXYY}1zob{G=gU(kvI>{LfrG4*p}^VhwR
zNJ%TJFdV;(cL!-J8SmaEZ!>P#)*7H&dFx)n>W$4ZdO7NC$y@AB!ASV%Os$ujb`n`6
z(R|R@9H8d`zscObSI%eOrxAWzqd8b&Eb9quWqDEu@YA!BsXaH9^liNN-{g(AgN~1Z
zTbU6iy;>YNEUA|V4(ogi<8wEtyTn(IPNF`|zg6TnUjwozYj}m|Cb3}gn7fN*i9HZw
z9}ejz1-oVbzNe-pc*X-kU8^X;jcekn@hw_{(^v`Ae$=OX+oa&N#n)?VNc8{tm1VTk
ze`jhv8raJ7pIgy<$Tu_0KVZ^CJCsJd;|*Rh({+i3iM7xn{uX70t~Zum-zr{#n7-yO
zEcR~-HsqECcIm=T6GGY(_Ky*LI^`T)SzwpMCLz)89utxX`)-oT0=x9xm&bOFxyKi*
z?<Rd&V3#5F{_vf#Sz;eCuzo<qTYvQE&O2|P^9#(ch&E|{MKkz3Dbc~_kg@4~iPdiT
z8mnnbA?_EhKDVUxz~~PQTc@Au8C$%jG&DWeb7t|H(!JBKF|L}#-q;D6)(qM$X`XAw
zHOg?>C?EfgH_94`&?s5#rA-GLWZE(~OzFy62aYaj85iD3V)FwP8#lb%x-Is&e?)?~
zcr_X<KpSjZ;9oubS-0<;WWu(AqxlR9Lr1shidRS5tLrd(Y0P)U@dZlU!Wyd@^M`2t
zwC(jwZzK}Ffjx}$g~aO<2ODQZONcipzQ_C=+Y(=(7#iq0T)f3V2;pzIu@`5G13M$M
z4&(NyQ)rcYUguSQDhx8SI*;vE`N&(}fKw6hUqlnIq%|B28;boubZokaCO-2W@~Vie
zB`;-M2mi|Bx?3ApvHxRZvHyqM7kEssmyob&O(pN**@%iB9&<{K8_o@%8i_>8+k7Eb
ziM2mOBHdH_4(`n?9d%Obp`&@!59#(7&0P>u{6i#S?u|s~`gs1S_IUoa`ouJjH;y0s
zpDg|VQ)ws5OXBmJnzGhN>pj^zLRxPh$ljG&mB&`M57iM8`;Ne(<8yed88k0nGxE@r
zxW~rguxxA^olp0WtwY)IXL4EF96ZduqR2Cpz4iVV-aU_vX5Y)<LG2Z^>l6o8jo{xC
zt`fIy%35#7RZwv&n*x&W#o;ZZ32D2$uq?3E#4c6_mj$*i;zR2=9U+r~&9C6)%{SNs
z5%wOAvE<d#=2z6g#euE3iP6ly4AvQ&FJo6{TMayl!JO#T5P!Ei@CGRhY<2TML)oMp
zc!_`gm}tq*9?dsRAIDF$PaPeL(>H`=!<QSlVT5FCUU@1Z#k*L6vSNh_kBXY*Gp)(`
zr-e_^Svu)Z_-~_l)WxyXUc{!?$MV#k7?m=$idbs>W2xORijYoS;D&L8e}oyhVFEEW
z(~FE)9`3LZ60VO#BE^BN{$#b`%cV7%#omKy3ab5RbZS=Md&!qK>6PNZR`%YH@vd!w
zS0s99?+qL=_=Xn;wz9W{)SS`*x6=%(S*(4Ug6inN_d4}VnibzErZrjjnrR)ZqHSEZ
zi+xSYE}vR&zZKPAm>;c>Kc0p8QOEEK`OR6hgRz;Y%BHR2SM_CU9^`Y$-Lr?SwuW%!
z(((qsI{e3Q_6|jH+wJ1AzO3~gep!!gG__ZXji%R&^|!MLg4<Tn%oMjWU-op;U|e;^
zS?txLOU}~lC}nLA*02M^^X&b;wpFwvwU!2pakl20Yid5^8yxF~kB*G)B76rrwY)V_
z*81&%+}(U1+BlM3e5Tlq*e4ZBMiOGu?W<T*Zz`Si5ql!!3w4(^1&uAAGouGD>B`y$
z^TX$`7G3eKRU@LedR7hRwzpS}78U;@|4#55V^i)(dK#jio@2aiH6dhruCeKl_{!j6
zx|WU2Y%Cd28}yx8+_s9p-?NI{kk9qspp%WwuQKztSI~2<tWLRX+EqoKvuFcO*u_hy
z{~;1FZqU=L4rkKArZ!)Q<~WvJ6cx{CmP8_v>D!G>E%<hT=FESC&TnjH_Z2qGVv||<
z>eyRLrOhAlr^?fF`K(v08Uw+svT1WLRz0+nS>t1$K>ChFBDAgf^#eBwz@BoK^EX%c
z6vX@^HC<Wj;GJYpc!rLp-)wA}!xL2VXtd{i!wYy8n{GvuDD$1TllvNuq4*7_B(@UG
zQ}`2I;-x3u?7LJeG;WxsGX-9f!cXe>shT*ao1auQR*E|VH#T3S<MpmpCa`1*yrd6T
z=;BTVjm`HQZ^&m8YfTHeN%~{oW;(hf)=aM-VYL=GoNH`8`G;in``4&iofm6R^%QzR
zIFeovj*rVu_o@F;?r2kmUpdBJQpN>IQKouGV7)2uk|A!V6uq49iTo>ygQb%`3NL4U
zB(V<|o8KgTYoE37xoD^8JhcN@AN+Co3-3J2KW(1Z!@F+T_pA}{H3`j9<K))uf&Kh@
z5=_uJif-YblVE<%A$`6jG3ow-U3=A0ybX?v!!gIxxw>a*N*X%)KQ3vwjfGuR!_7s6
zD%#fbA^gFi{29{y*RTUad22-Tz{hrw*TxAW2x(oso84>La2g@yZAz#@_i@=8v#D%N
zX~fi8+EF^`5az(-L-W7c>j67-rnUk6O7z5xLo++5S4{of*fjGr+@+eHbCYX&u9`i4
zkg@rEW<%zXv3Vj!y!^xwkL?_t+hF?QyZF)WRf5s(b%N3EO(Nbl)R|fb(9w?OfBJUy
z96ItANc5Ux<!Czgo+YvTl#dqQ0yI5FTXcYsG#i`N(hWxv#;DWcN*}w8c2(k7bChKz
zQQKz=yNwn;MVF9oEo2;TSS7Uuc_l45#J*iHjAo-vNpHevGmvV{Oq*(?iOWd$ssCBN
z0y}i!BR@nUar^T->`jKub<t-FyDzBS8gBa`5}7Xhs@qC~14?)Er>Y6ZYnc{t<yKxD
z^Z$+NpgnjDdn7%8b>e6`7{_*%21RFWp8rE65^fvLU-CYQMmOkl9REag)5rQQh&v5B
zk;?iZ)%U-p1=h#Tf5yfxBN7|#%`H64W8X$|iu<^i^f{QO?0zTc5)P6t{wLk<Z9+)-
zG^NAX^mK0|Qa()y8Jqsl%XT*Q*6dW4cjIk$vJXpEj@HS>rd7Rsc>U%xp8e0hLH04g
z{tpM&GTm$8<-OV?)$IRH&q;E;D&E3B=VN0WYxrx9Mk3)q3_I>>_b1#PJo|X7yt_=Z
zdo=#o-6LG^LnKnsww|BKKNxo=f4^zX<hvFmITBp+DJDr8hRIou3?!sn*IluORg`JX
zEP51ZsaSJ`sbbAlMU#RRt)G{-mWIk(D}v>%3wN7Z7k3mJH;fn^IGSs0rq^+S4}Za*
zB(?4=Yt!*PBiC~#?Ii~{<9_#7kw|%4MX;<*SKd|{DsNl3yF&LZ-%oOOlIw~CMEA?1
zwA20KhQQJ5jH@m)5YoEGv}TZXSlm^Mh~Ct;xPvFL8cA6CCJ~LlFkGHPi1^g6A&U_I
z(d|Aj>(dV!S1rvVB&_r!<d;Xs%7hqizm0a)qs{EXr$kTP9jwKkW2gRo^Ux1@c)urg
z9?aq0*)$LAv$mVRHPAeKX>9tpo;toTHtlCy4jP*W7;r4=Fy8!E10mtRWYHXqqd9B(
zR-*3l)ZIKLMQ$24;SKdPxv30aoSi)M#RxqlO=wH_SpVdqkG%k!m|vz2y(GLPMd&RE
zeRrDBYS^D5v>&0bN)y@{o|z)_OoToqP3XF?Aw_5dLcjM#>d@8Uo&A!B-no&7{%xAj
zo^VTw&@BjUP7_)QUzQ^DWe7boP3W`215<<^h|nJ%Oda~V@atL0L%;q!5B*4*&~wA>
zDMGg+^wKn;%fs{7-V<R@dTZP3ixP*Z%Mi=RG_f@B`|j)!k_g{+!Y_|TB81d0GfjPi
zM-|z?qk8A_)KU40w+y7G*7oAn<)d}}@3$J8{=vS4-E3^;pW&|@Ep0V6zeUq~Lq|x{
zd&buLjzl8i9dvXSN!^8{mZeE*Veys`>>Q2gx{DJ;#et8F#R1%d-^3pF%zU*($8N-z
zwGL^?rlE@0%sy5e=+zgu?!0MCaqIgftzQ+tbx>1*FVL*yu&nqV2!GHWiA)NXx7D`O
zHVS{BCxjMKd}YWcASe!OWnc2D<JfnGe;{;7Jmmj=xN+5sgn$0M=A=IuH7|-Zy=QEB
zMI*aAD*H$)8&G<`vFQ@_8ext&DLjGom2+q&ZGYnRHLW`mDPB!awrGVITTE;W%@Nfi
zP7!Gp=x7!2N328HAiZ53>p!|*o!~$ErEfkPp*Q<3=k2AQ-CgWIdY!SU=Wry_eIdV;
zP*3Wfz^^-eql;IUjOI6dPHEi}wRUl3;KMVS6^?KldKNoHl=!)9=X1FJ`Hbdy#Au$$
ziXhD>t(7n?%y@&)Hg6doHcN!G{xk5ep4N8*`wzG73w+XFV|ZZ`H$V0Dwk|2~p;7Z$
zsIg?5v2-83n7U>1;YfrY%GX>ODO*$5+ZqaV@vCQ3pjYp?+!WY<Y|<;m#trH~UEq^T
zi;Wvr4wSZiIB?r1{c`pNKD{*OJLae7e%B2&Z2Oe?^#(q?H0K*`d+Jr+R%Td+y;1&M
zBvP*X*Q7UF_Zc@#AF}O}et}OfZ9Ph*+jXX?A>XIrN57+&@Gohv$4=E2npQ49F<Y2;
zIi}Z%Jyt7aT?CE1T6-~8K22#cHoZVktLW8h=MQ~PhVTD@p8$XT0sGLlIY>L1vFU|@
zIBLt<X7Wu<9B$rwhBs;}J?ly}V6vU>zj9K|A9Gz5eZo2GI4UDy13TN)ZlndKIh+(M
zo4VK7{N=wRk?^0S#FJ-QD&NV8k+Ej#uGgMCkL#;R);`@cW7h_=jw48>QqUR?pK>gE
zFQu&QcJ?xvZX2`V*;>)bKK)rUxv~sjMrzNZhwkOgSf0xa*lc9>9gTUV>$rW#$bmcY
zt-(3D$!=}@y^{wYluJm(nx!V~?TtEdGk2x9nR|0=PF?n7dM6nacCu~hbKY)BlJjfc
z<4NC<lOpH;#ODsnbCTu!G~|4K4$ZkMF6a3M<op~1az2SoC|XK*&MOGb`RQy%>;7zD
z4X`v;@h>`WPk1}e7?{%Em&;z!ZMyd3NCc0K2E-m4m1GE>!-D4;n^wny4~hlP%3(Lm
zYUdCV?#%8}$MKk}os@?^Lg;(v%ha}bqiNdWPGi%=Z1Ifws`Sw&yKhTl3B05;wJzR>
zD=U^lEcU<kr@Pw#|Mxk+n8-{F?GPr0UXDIy*vt-;^CkcOUjLDG>WSgUnI>1w@qa(a
z*nB@pXkK<FWBOCPc~y}>u5Ur#PB09rt0M7t=1z!2*avY<!<j>8Y(6746>qfb=0+ls
zrdNzDe)e2%mX2A+-JoZ7LHH92TZG-HVri{@m#4MAU$X9a>yx;^?8hDfH3b{;v{8OU
z;&0;>YCRuk6|_z3f40{D#Q1}WuR!D3JwNU+b8kXXXx&H0T(`z2{{0ZP|FQdO6&sBk
z$bZXI-1C?e3~&D-68XQFk-mL9d=7gM5;r8o<8ke1<!#Ew@@Yz^v1x~akX@xAw)bsj
zN#%&yov%rsPKG^?+cawZu(<X1(K>C4^XLG!+Aw;0&M(fJzMb39o4()JJVY0}&zwcw
zs~3#M-p4I)g?C7Vh@0Ra(xI#(WNcn9;jy1Y$fV%Yx!t*~Z<utui;Wuw8rCd7qcvFM
z@10R!%59SwHykn<AO6O(*VKH-clu2KN?GUkO`B=lP%hK+Y-ZHP|NT1k#qKf8j#81I
zFuO-z8*iQ?F@rn4LChcx3)-yS)pwVg`Z$au>-hs^v2(v8j!S#RacRG<@96%zE_NsV
z?>a)7Us1==SYLVv&l&ZoJlS~Hw&^*>yS8V)YTWQ@YelI0#_6)Ju~X(}QL3xB?RNg4
z_ICE5)=Xo$5wYx*@L1tTpCFaDDjUP!65LG=Y}33QQutVGz5ssB&~QT8nv&6M7or=&
zkFpUYs2xF!af<F`+5sfN@BHYF>5B6xYpWo9A6iJ_cd*suzvCAjAYKWdk#ToCuE!9D
zb-b=-v9GK5(*1}(`Al~B_{Se`3X<>`yW$uQAM=ml@NxCAKDi5*9*abpf(=G7n61`_
z?@Jiw2gdxm6>SS>Jqn}M?}%;vKT!8c#>8J8jYRmf#nR@3zOrst>7;|yb!oR!+I)x~
z2XB6hS6bs<_I2ro8RFiq_)_eb?8R60{IXrE<ft)A_VQ9$+wJ1(4!l9aCN^X*iG<I3
zFA^zf?J)&*)M#FVd;Z->r0~5+<mvY!k*vLu$eDX1k=NdjMA|-#M1CEPME>z@B=W0&
zM<RyLB9Zd1_`lZuWB*%wVsUnaBas6={9o(-vH$s+I3Ep1BKr;||3CCuByvG_B;x6g
zL^``8kuSO<kqMtiB0v8;b(nPj>(Ye#<bN3F|F8XzKA7<R$b$JMOb%{rVplV*M*~}#
zQC8EMth=YN6ZKoCF=JOfrIQY6E@)cuzG@LWNN=7ZW=J@b@xz7emGMu7J=;F-i(mFI
z53c)v>3fP}{Cf(``>_0ysHC+=^L3i|9+-XaU}}4wy}I9gNG&$C-C2omzXpVO^|4Qo
z+MZp+CB`Opa^H4m6@N?3)cV1sR}Q$?2<5BkUTz9(W^YKU*O}H#{$#4qXj=8z*Vt$_
zN5q*B)o4E0jWey8{CG6D7zyin*a5su-TKl=hgiX`U;L6NPvG-BW|O{DUY+g#KIf((
z^ulPO|NBAeIRE#uI;wlF|NHIgF#q@aeI@<|o!>WObrHLNr)GDb?{CmG`z98zzJ(Uj
zP}oxX#m>?%iD`}Ri%IX5w|*zG(Sx^32eQX%H|7=Zx+QAHqU~f;+nj7u>zq8(n#ny=
z2r*6F&W$X`+Y>WxFhxv(V5Idg{ttuxqki=Z8iro?<<ksKVAp)V;+7cw#^zOokk!J@
zp*pmC1ufPfTCD7DC(Cw?Y3g?MXVLGAj2kL>{BQXG74&~E;y;q}i_`o^wyS6PkL>qd
z#wwshRKU>gss1B0)+035i7eK!D4WDTmK!;RO{p5IijQAqEt18oy)*0Wd8|45%-1%Y
zeI?}!nOeU)uxSVkrTmUv3hXLxd-ec(MRM_OQ(J)9DrzkamQCI18^xvqZmS5HT3Z&e
zw=p-;-qLMrFAMC<E1&8Ms_&PzU7t-mtc}@>K2|n<N8SFi)|c5l!Zf|@2P%iKd8S?~
zYnx$eTfE!Ux|w$P1LqH6AKX;(Sx7?Vx&x-x08i!Ns^}L-Cq@m79KMJf7-6rL57$mE
z)85X?Yg%*38KYP|6|mKyiK7VF^eiFdfHyC}UJLXmaD6X-lk<nO2-&oc>Sv|Ue>|G$
zU+4PpXhJq!CJ}Pr#1#6MnQ-z0T>o1dKfUHT@S!oe{%)>!a{VT%A4B!erqC-~KZEO4
zs?VqTKngvNc=BMbA4K&RQT_ZBdLHrQeIuFva;l$7^`lbgdBl^S;`)z960(UNHx7I=
zIJv%;2`Asg^*2&|8P&g(LjO9~&*l1esQz-QzcYpY0j@uT>laY{WmIoXp}&>uzmS>!
zpiIc7MXax;&|k;(TeyBHjsI$@*Qd~5#r3ywy@l!(s())xa{U~xzn<$SQT=MFe>jD{
zocGTHuJ_RPdUSnvJk{^}f5;A5M-twYBrC}tr;H*iEA!Z^$jlzc7LrP#tYnWk$U4TM
zNFrn%BaZBStYaL`IludS9^Zd|k4MMjy6@|{p4Ysu*UQN{FI$6CI0M1(!x2gP1Chyc
z7VUOcXS7QChO71?G@2Ml>at{Ks*!lA;E@}7pYW(!BJ@@>Q3?bbE;SZdL(Egd{KQE&
z5mQ~+YM($iNFoQ$*3it22SdlCZae^vvqoVr6vIFMAjy!KgeIa$73%dm%9#Ma>q}5_
z-6Ia-8jT2Ym86m(uYdSvYv|i`|L14TAXHg$sMvy##Pu&C2hXfY-D|q2tqW?hOvU(p
z<JFC(2u3t1Y2BbGB%FbOvxf7atx6*<jG^9VS=;`?q5TNg%Au+2{QCKlb9l-sv?1X_
z`BCwZ!6JT^RTr8zKB#U26^)CyfJP1AgdY*4J<bgBp&vH*=kSC(P=RvNE#YS3h;$HX
z1@CSFFUGqXujZ}bxvgz=ar{Q%|HVacqFI*lv~Cfzh4>SZ0}Ex+slFq=t~7#<*WiB9
z5dZQnv>Ruer~k9Ku9TRyxrm>!hO?tl>I?juILV?RuVoM_oHhmZVjZiS@3nvjDO9}-
zmm0G&UOjmwf0Atcfv9{Lm9ai(kbmS$fK+9a6455r2Km*?_~|C%Z`N3kknDBLdY(0$
z32i%wV*y{;Qbzp8f!}CukKEX*RAu@K63XQrjup|x=q&&<ppTDo2Tq}A)IFSWDG~HA
zx*2qn<R^SsISFCw8~%DD$C`BM%V3cS$%7$W2|YN64=ruaU8fQ`z>!PZ2mbE8JTFge
zkT$pXG+vq@VnRAMmijOs^>PDr@GWudz6nY1u`i*F94Nm+%4<EIGGY-2-nc130^K-#
z3@yPcfrk^(pl$VVB~E{cc{Zf(UR`MJy6YnX$Y5T|93gMxs)?-z4i7%NN3N&jC!B>E
z&Wro)hM6CzFi9i@etis@tp-h7L4hE@s#X_-crg&@tuab3*LsG|tPOCWb&vMXS_g1n
z<(^rp;e?Bapx<#U-r>??)1^f9a9_f2YwRMv?Q5&438^yob-)%&2>&2>aMSFU;$6(W
zYFkQ?1Nh46DeYO9-Ow#H*|^E$JV9uxHzA~oM08S<4Zjc0Y#01p9{jM+6)$Wc=rqE9
z2a3@W835hF+i>}7&JWVHG1N7oR8oPIE=D>&k96Vc;z~iaf_I?WW)sQ*OdUUK{zd$j
zBi%_bQHJ*2JN)%3uN8bxX+*ya?e&qr8hgpb7ukCAdeenG6tcwiJc7Bc((9J28!Dap
zf<2le#jBnAG(CcutZaJH(RI$8Ruc9)JXVkEoSCeM+2Xt&Yfd_HRv{Bc&V7mv9(H}4
z9?fsXy&QC)R<r%-0F2S90kQP7q4mAEmt$W*Lu-sU)}ha~ZppHtHB}tz+DAK48zau|
z(1)p8D)4B2CC=~KCp@ty(y-~&=Q^>c(D1h-ooCXQ-Kza(y4A$(pXt++zO+``PJJ^T
zCpWFyf23E}IlmCcIQ2D7?(sJK{hp4kU9xHT+mjCSXwDOdI`kP#?47fU_>rDhx5VW!
z`8^$&ZuAI#A<j~_#M+?zBfZT-yLh;$E1jlcvnPGh<3nFM)uit&tL2&{dJlzn;t4fN
z-VMtBH@8}4JeFe;4q`{MyNd-rSBZ@J^Z5TRs=B^j?s8qPbmRWIuQ8W2v#B2Jc?qNK
z1K4z_JD>knz685JAq(m9$n4dt*E`gs{)+xNda#i)o#Lv8>zD7t4nE5&zeaj~mPkbM
zeXjb>CLkmE2+cK$lgOfvN49^i3M{KY#XhNVcUqs)h8dS`Xs(wRN`wr+)Q{$O6xWeJ
z>r)kN*@nb=NILSdF?wTksiZ1~O?MYPq#MsW>d)#go?peVZm9t?9hJ#Iu9sHCB0Wp0
zlFK%<*KZb9Wt1h`phm;)!mgHX(D~=wh2015yLhaBE>Zqx!z&;oU7BpeI&Q5A%QMVK
zK(3m4{(d%!WA;~3gB?6<y{-kDF5BRxBHL1rI2KvIoUW;Ld^GAW;6L*KwqIJ2gG@I>
zi;vcSL_Rh`e;-}Sui`4Jh)2#AR&A7RNUvMog|V(9Un1`xT#e;cu4;}&N)%R!o_3CU
zr=%hW9GXk2{*B^7*Dv?`8o+4QLo$%BhWJjI{Be)WNW|D!XnqyzXnh9qx-mLy)bt*#
zrOch)|5<(&5B@s`{I^%>hR^zx28?$UC+ko6h-5ZGe;IwBrKff5vVK_;#x!cG0n=Z%
z)P>2e<AwZT>M&FZD94mOtgg(R#b2+aN`2Iy&!1^f;F|I)WK!A2g>_^uGTta773o{H
zA-nDXSw?5)LK9!lpS(GXNuzsG9sB|x#+In@G`FOxZL~g_9Hhkhlpf612n|`sM<H_y
zs{UGAMyxBwAr(vAuaJF`_*`XG<}T|$qYE=LGNbZ0HO@#whK)KGfQ~}OBex5yera8E
z@ccTe_~N^BjR>EEtY5;Ut~KAOQA=9p@3DXc2U+&U?gDvJ2iX?!ap&}+=V|E1!g1$)
z1&%tinxIM<mxR8jhFcOP8NH*I>pr|wFzsGAyiq>?=8Ftu#YnS3q};)jGfUa<vHPaY
zhaLedasA1q=XZYTaC}($c6~ahTqi(*bN$7S`C<}ZhUsnyqZT!bQu=#`N^8g6Uyy_c
zH4|=kl8hVBNEn}K4d>7OcZmTduzIU20g`=%9!J0QGj4{4d%FE(%bUrc%CT{HX5wzG
zU)Qr@vQ^I@l@*sdsp}?oTdyk84A%bTKg|8gD$B;1{722!B|)usqQa^-%OTx7S+=*z
z5JO6j8=5(Cy}xMIkN?zCXMbT1b4hkB8(Z=#AKeNFe$wV9CthLjcfQacYiHk9-i_>c
zx6OZ48epDY`{i+l-aq#eGiR&pbjvt}b+O#imZ^dp{ty<H&+=EkZ6TC6$7;LsFQ(21
zm{&3+n%=t?*Ig&}hOytJ`k~UWk)}*&PC%oTVVawA(r;JO{!(vgk!Rlf18;0^t*K$p
z2bbx*-)9^U6+2)XTM4+)`_|B;`l+GJo0mBozBd^!&-^l<tY2J7GEJ$+u~m;b2JXLg
z`+PfVCWXl*Z{%5{gx?L9%hJgc{SMb3C;L_2w1N#Nb{G88cP`VcM~nF8bpJDU8WS3s
zlC9|4Hc9O64cRd2R%gfE=nD@>b-3zMH&gcUckKhiaJ~|Uv>b^QjTYngJ!L7L)S6dp
z|LbFX$}w5nwT-Aqx#LomVNq!_HvjeJR|5;D>h&5ci>ONG<P85im$PO>r#TuQ)L5Ey
z%ie2{f9CroZp(<TXxy~tP-Ifj?9?Prcznfr%vY$Qh0;NGh0A(Qum8pjB+uB$ao5sh
zOxp9T`!;Mk<Jd&Act)!V7i{`b@b_mwkvALen;u62@|y!iwba`A&OiUgEiKhP*u`Hd
zxArn~w^lWMtjw2@u>7@lm!bIfV6FU>@Q<_GUqzUxU8J|{msQ)p_7op{MP6yQbRErV
zc%|||V%^@*Il*DKeAIAbuUz8^!rb)1)qglC&(=!IbP*c`lwFe9fUSMnj6`(~vos{Z
zV^<6}c2i#lW%t&M?}19j)CR{&(0odqP4S)a7G+s4wXI-nRa{YMRJX`!cG85(r_>+f
zslRRIWv^G^6iiyCqa@bfSHN;P?m-mS+V8e}yu@dA<MuR@oBJQ{6PsuC{pDYST9ZmT
zHeKAM-9-g0<>0xSUwlrk$Tt5lD(O-*R3qhp58o9rJ?_?XccYw^*<WEz?cO$(Nay?~
zuwNzqw2KWrz3^G<<Gt#!`D@^vpY>{Fx`=+=`t1VYVlgKp{vv&!a&EPenCQNW%x4m!
z6+ZKYG2V(o>@Szv1POD__3~>!o+>?iusXT>*0f&lNv0O9P}ZfFbV{l}{UND2^+yw7
zSo6sO6H&hIC#D{IY(-N`hEB<7ciVNRV7&}IU=$J5&z-zrnttkb_Tha!q;Y!N`lIDf
z%Ws<|mrZPN+8SLhN5el~^cW3V<!#SYen_-3Oz(X1#jx_5-uu>+vUd;q3;*^OS<3bC
zkKO0BY4Iz&>Q7$~tUb@wXTxTo_bTo9DdQW#v3KEek4H^<ix0*gYdyr8n6iFp;E3RU
zT8r&fGcv@CL>1PyQ?<{m9hNO$P99l)r0f&*(0!}?S3t;i$EOUFZ$}o2w{|SqR_G)q
z?RUkTslLdk+BsHzR0hJ93*Y$eQ=u)hQygxY!D<J!4Zbh={8_k1WS9<`H{r;#);V&l
z|1s~BAOMNw4f>q_R(RD^Icx`OMH;$j88YuX0{eL{u+Hsuq10{v+bj_E+bn$UxAP7}
zim;cYO!2v_Be<>05_um#dksY-kKB;f4|;pb7T~GD((ItzC^8mM;?U=P`6f+BgwXdv
z#NJ9;SjhE%ZSok|+&E}PLgU+S(fbV7>-6T&@hVlaCr{hh35A7b|0tH{Fio7+Fo-ze
zi*iU=<YRXo>Z@=wy``NLdGPBELemKT`HTLS>iMro4<GIOjkn4s7-fXM7YD(gm37Hp
zhFTiGW3*v+9Sz+qXA|c(E4sidYGymwKJBQPRGi+bYvNHa57TcMn_u0~Ox+x~wu_#A
z_EZn^TeW27=Haq@st{lIH(JVUn*1sUS`JH<q@r}2bHUzCFDiCc1@6*umVBvxN#C_*
zP~P;TEWOAjYo@?_&Gdan-=dV`V(eDZh^&oGvypxkYVoa82wUT``3tkiM5`ITqN&-}
zuct?;Yvnf~UbawGmja_>ZX<pso>T!=;Rhn+LN@Od<>p64V0YBg6d~=VEqxlIYFATo
zdw+;tth{CK_m=`1QP;EdaNV_L@=@T|6p7`6YS*>ceFnzCmWhgxx4nj%y_7fl($3#?
zzV-)g`8P47F>Bo7EB9u(k<R&E=|#0EgSe3S3zmXj6xi1*KMiLNbntE_8Clnu0>9A7
z_zcfe2K0va3hj+`b1p5P6hW=b6$2la1#fc-6~!)JGp5PBt~syWCxTC$b~w6tw^$=~
z6MFL+B~HXq)5qC)@~=Yci@tY1bQ6uWlVVRkn8oi{zpF~}w%codb}(w6SdFyYy%=(#
z&{gbO_r02ddBn6+f<yk*)>iM%%|v6T3{z7RhrnSSK4goV+=G^fcPiIwCV0cCl3(QL
zj9rcpesOw4k9y5Qs0EE$V{V#W(ezFjR=PX#*TTDL-MM;j!AHElG|6N4M*1}YN6K;I
zVd@5Cc6raz3!&wr=}GR_-T%DDL}eq`?inOcJgMz#ey0(l?G+o=94va~ApG|aJ9U7+
zfx#<trJXF@m)+rv_4nVb;Xe1XJROtB8-esut7txU&bHp2y=zd@EGr<Jyjef8H!^#_
za`TV|br>+U==P__Mmc>*LKng@xW;quz%C~2IJ+;qD#X=8NvZCtY-nximnzGE??0B_
z@CK9!?iU1>zr3a)GMtQ8f(;}>5?X%LY8b9r#251%^aiMkzq!8OyYE^jSzq@zMf_4l
zVoFKnol?G{$3Ayz(^F>sp5vcpAao9$Sg*gpySU%m&3@TjUR_g>gnm}z0=YKok#}Iy
zXQb!b+iHAGDqzw4=aWV~UW<OYd^c^%60M~BE#5X3t=MnD&b9OPmVc9&)akr90@8l2
z?+rP<Wj5A!(tc1V#GK)8v3a*d-ZT}qR+rEhAPgT@r==>om%<0GASpePKbE|%2RrP`
zJ7;GK?S2yW6<L>VNFJK~cQAI7uf=qvWkKyv&GqqB=^uw%S4(e1JS`}Lg{Y>k80u%u
zJT-*zSy*h>$*)p}=0EyX?wshdSzc|Z{Lmq2Hf?Lx?LOYcp?OeK`cekt@1Os@imItR
z7`vg*qq4n|Mg;$d5=<FZx<I&P%5<N-)bO%L(wL3A&x@J72Wfj9kd(|^y+e`OY5N)_
z<Md4CsosiAUcU8Bi3Cm4)~S$JN({T99-e;*4-G%Bwbov*E$Dw~^4V=k{YRbielzb^
zk$0-<HKm*(ZVjb}Ld=@W3_eM-!qEp;8I`!XIAcTEJsx!m8Gp_VbaSm7cC;BgxD$DD
zO|l}bo__|G^E4^wi$p?<%jlA>Os)QvinZe2tE|HKUdK<g`-KXrxjIE!!QadSDy@`d
zgLe+fl7{47rJ!zB2OPJ`#Lh&2QW5FaOKcBh$%GE1-r=kqM_e%-sZxe_whqrHB^LSV
zI52o*p*{u8Qr>?1^2&$Br!P1-I4+KF{Va^ub~5S=jy)8(?K9tHt|4UBZ)t9*7)X(t
z1kp>gw#MpicGR?Y^Y0EJEkFN!_{Hkk=0fk_(E8R>CZ*!*AtQz&MZ#N8o?o=Psz~Fj
z^OwG?Z*5L{kB35gFU?mjX>7G}es4aQ-O1<u4^gM+m!g-WBvP%dZ5}J<W$XR8SmI#j
zzG~-aaZ?G#_aWDL>PvvBOX}9-n}LnTm4{DT9Ijq1N#k}BQ%J77#@?%-Z5cU!T<=6_
zq3ijd+*_UA?pW}pv?(Kvx@U;YDJ7{LpK(Ww8!3iH>pl0O<4WDf)1oPGIsHKs?OH66
z*Hix5;UmE)AS+3M3n6{#kgm|w?YCjnaMWMuc)x7qhsqj@m5ISs%#WsM?Ck!NgqPZm
z_>)U2ccNE$pYMKp3W2XL{iA;Xud~*#Uf;Da<qCVKA-Aym&dyEJe=4YxE#fjMHoN<@
zu2LvbU?8t2GJAisKcHz{W~}ql*qb}rDe&5L2jXYsTg^{61IWD(0YUbIxvlM%)yh=}
z0o1)J$5;Cm;#|5mzW>fQBmT7}i*Z?8w<`0itw&7BE`8qJ6WWuH(1hMwu0F3j$6_Fi
z=!>G?WOy3A8BoLZ`bVm8hG@!1<*r`?qU_2Ud?$B^AJ<(14@BQtW|X`!6Tx2eu4^HF
zR5cXg`@YXEk!SkeoipU&;`=sL_Y{xaUpC!_u*d?n1MTMFjs(^RS3@Z@cWWzn6_p_t
zVdZ`O{E{!N=5|FEdX)o2ujUKyVU)YK3|o_=rzn=|MsC<}Y`Zuw>Dx%{p9lpHAK!VF
zB9EYufuP5=@hf4wm$aM`a?H9N*l&D%;ibiCl?`Q4OZ8+F)1gT5yz}Gz^GCz-%}}LV
z!_-II8os@stbIk|SGi*^GS1F_icy8qzAI={{Om>ZB*IXIpSr$eZ_`0I1j^5K=h71y
zNv)j+m;W5MKJI=Z9m-MNXIK&he(kxLti!^kw4-4FDUp0)(yb#bt+h!XJJ~<mbSvvg
z*khz|<`%f=t1*8s1lhP9y>i6okdgxXbMWk;8cjdA2A6;Q{bxny&&Z{S{Xcat=XB#`
zGvsR89MCSe;g2iZ9PH6{O=7G{cSr3XXE$6zq|x7Qo7#TlaxrAU<*+=3xoD7Ex*GGu
zw|-{9)H!2peIJ1q(uiOiOg~w=7FzZK>UM{{MI5yg#=}Y*;2^tC8(gX8{Bf&pug!J$
z-~EBcM0>4)MposGKWAM+7b|!bFgoU;JE0I4zc1a}ce1p<EUieel+`Q2zP7KO`(fkl
zdlT2nDg!Oifv6|E^?>^$og$u4c?GzdC_|rHnYc6kQ>Q;T+bs&Xv|!aWbYamel;W5%
z;O`e%WL({=wj~GII;Ag7GY>zrg#4B&8Sc>d6P5I-E-^G_YA=YhBH5<>@X60oQ~@%Q
zlf^*0i_j^Q6y#=5ooJmXSyMBeGM`g6;kc`c<KE9dZ3r?PTY8)wcICy9YwGuBW#30$
z3REsnHhkDwx$EKjZM!41@u|hf*Lhv+OI=d2_>wEubJZ%2<G;Y=1u0sZlyT@EU^T`Q
znih5PcJ0#O=LP+5k|8UR_0$`@+60Tuzj>HqVb%JO`9elv@NUhOzcSP;bH@gLwPnAN
zK@Nlb<+Y4r0ma(*cDIWpox>ywr5rn@oBvv5JFlM4HgWqd9Q@(#DGi18VaVMxNj3rB
zYet-j8c4x6bOK%c;DaDom9*mu;=MB$wKF!gwa@traEBk(Irr7yA_7k7)U=>#KdC3~
zqwnO%L7Z#st|k`NtsWo+s4gh-{#h$eq7xB5BQd8%#pQdd2sr(>`&LC+AV;^S55p#c
zrBFj66FKnNuMhqF@rP=>YnA9V0+XU3OIj^5UYq8&^{^RJM&XcmB1f*onxa95){2|9
z*$2rta|&-wWbWNI(R+80Lv8f9r}=HwzO_gn?8e#@qY#_2!Ej)%B==2W9sFT(q1bKH
z;XwWOg|Cu@1T(adc8MBlMQ_`~8?L=kV55g!Uz?W9xMn2rX3ko>9I5t;0VcqDa<g}+
zUQ5svtrHUX{+g-9HP{N9h)#nx{<YrQ=p>E3*0)t7qS_Irf~Kgq7xr@4L|UzW?P0{Z
z&rs=FV^nXiL2s-f`QBaFW==eY3v=)Bz1132f7`yn+B<YYE7I4dKTM6*#<%udgDp9}
z9VKQKZUpNN_Zeu#4+smDZHQ=_HQBtKLhB%hLPV0EKUCa%sS%Q!R=ddbw#qT4Fc2#F
z=9S)C{aG>AqvW?$E1HQMG(zD^vfAioJwce4meF9=Th)W~YfA)};GS07tjc|Zq|FfZ
z{BmJp<m{t~V&OQegZNilA;ZL4oAtkCXs)gCv??zg4N0JF)Zg4d4YQHvpG88QrnF=q
zE$kz5U*S9|MQhq=+<C_JD|ry@+#6OkM4543bLcCapSf3Oh}^iBLmStI0b;uoPd6U#
z+s^kA=UqAYErfEM%K;XPb2gXkz=u@2BM$A_*fy*Xo;`TgN_Z;H*xaitL}|R*p1?c~
zGl$3H8qJR!a$uckVLKJd4JmUjhj6KJA@jlR5Y}-WM1UPEp`L$Z%p4PkqcX4lj_0nl
z?Ftbd7pTN^<F8htI`Fr~hppTBUf^z3I#&+<z*APb+CBRg!Z(h#ho#i>Y;c;(*@yFt
zyVpd}Z3rV~BmFOKnAH&JHY5?MFYBLE@1_3#6~X_mh72UDgsFTQq)1|cY8vF{xeSR%
z4=~Pja3EXtw@HkvFGZfq7<|sn=gGdQS~yJsvtfV<&2PkRFLEG7hT=Z)<f_SCS&}~o
z(`U%JFk?34Tr#ZENk9!gniX8#YYkJm7FR`!d^3B1`x}E7?Z24!GNi2k({#-7-=UmL
zwTzVGDe2YnN3Rm{dETkXF|P%<+`xJk^2B<&G0a%5B0uq@tD)(64Nvfe9E#BAwIAC_
zDe7>M=z+A&t~bk!yDA06Sa`(d$~_qZku_SPuowe(|FjXk9m|1Kd$-`eT5GiBH58s9
z0E>?JbX0`q6i{`f$)Q)|Rus}yp(Xt!WJ!0Sqt5(~Z*M**MU_Z*)6V3Dul3A84o+vd
z=Qq?8W)F)nsW;zv8pQj0#Oj-6sJ4p?EsYgn1_`C8Z^#3}ofqIKwP1PlU%Tk-)p3FL
za^%4hlb|Y`1}20btNtW?u=dz`<vubHU4(&i3AEFG>eG|aS8J@22!|`Y^jVm^fV|w*
zSR`>m6#exlDgtK|f7Z;3vCU62+Vo-?B8bNfu*~obtr@RcehO9644W6M;6?Vz6W5Ja
z$JLJX<Int^h7ym*?==dmhvjfT7i>=%YReL6x1-5<;U)JxRJx1n*C+Pft*9zS<QWH2
zVs&r*1pk!-Ni~#XoJVXeqeYet;SB2GFBZJQ_x8aj^@A=i+z-d^-sC~5i;k3J(dH<r
z2Pdeb(?7SW39AQsh2sgnSDv%D4soiXE%G9+<WbIKaQ{-evaqIuTkAoI47EMZ``48E
zyk&hPb@2LX`>)sAf`y@ls)XQBq4~7Sx4Sa#3I7<mxk}^o!b|+eO#To~$Dc21p}&l2
zZMuMF4WcHes)_Pd5A=^eleybi2)^YjieJ%89l!9L@wr^ljR()KBvdsE5O$x5Ki}g1
z1zHgyaN-|1bn=I<z*84v!1JlEMT!vdm3gf_EuW~Ee|k&3%_DZZ?!p!%c020=u8~J^
z_$S)6P*LJ;;C)9tv5^*;`nVW72>YBTdmS@a&_iuF`+lt&8uCfhQ`dI(=2xp=M?7BX
z<uOFISdun4{?s<>UIr5^UpQO=A^=anaMGt92KCZ~Rxu?E<mKl&uPR<n<EJfH(Q9H}
z?SC};{YFpx1%mUHVS-=$F++Z+h<cdur&D`pe27T2#AqfFk3K&`{Bf{gDfHY{rWiBG
zbq_tA84*?%EfJ`RC$`dV83sAxPyds7fi2`*>-!h)d60BKcz$&%@GR+I>(77q@Oa<j
z{0-|5?JAa^vKj;l!QdgcM}3bAt5*WL8odETE$tF4`(7htx7qBP<b#8t^Dw37b;hs<
z`B$(`r6~Uw)wIYF<HBir*ep{o)=x84`t!^uC80P8I@l!B+9|=a2K5DGRecB+tR5f1
zlCu<lK&WO!J~Svl`zKEY`^~i0lh3!BEq4tid6AdY)x<dS!UWAf=<xUV5Z~kwwRBeo
z?aV9>ctj`ck{r<=RI&g50c!B}=)QO1=@=7tmFuUgq9gpNKkf-v>qbNfJ&zmWbRN=+
z@{EYz_#n7iW$|HMF{xS?boI=`RS)iYt9SQ==PRNIKFpszTz&e<SUNkQIe#ChLan;c
z=Vny6UsXh`^7X&=WPG0LG&E-Sm*5z`50!h)<r36B_Ud`Ev1%iJFgKLHx^;~~-Iryt
zrS$s_f6<DhpwE%(qD3!mz767&GfWH=S!)ui3Pc(mC+{a$1r`<_tr?Ad&x6PB33(jZ
ziV&(>6COP`jSte9*Lht3Vk0K`l_ZomwJRZmU*_z=iD;{$YR+LdNeTD53?^X_yP&VO
zr-CE3oG5GuJXr)E$MFd}*(G)EEDWOrRC(beq?~}0-}UlP9W7PtKN8lBi-ZkUW#Ct6
zKWpMY_1O}HUe0@UI!T%dIli=DIyk?$@Tp0)w?(xXC6D@TT)5cNtGht;N~bHQJ$s(`
z(1s?b$;;@&J>l*B2G^m)Q%wE^MIXY<5)s>w(UdB<EuDC(J|9uvWFWasb&YsaYWvOd
z;#MOa(U$?vc*f|Zy^Xp+R1rDbn6s_FdE#^6@`kv+_|J=Ttx@QRRIde%BVjf0jn@rG
z+HZ(kz2CiJ;kV*QvTsm_2dAl|+=Ektu_@9du}(ODMl<wCIZL?>=g=Aso?txKiP~sh
z{AU{p|FgVEwEBms5eh#0tQzfASe^Px4sIR(Vnu6SwMyQAYjCEEV7z-p<L@BX5vltG
z)ztoyuY?uVWYDn6O?9$%G=eR`7@+bZpo9oK;o$WDyFucDtKZ-LW2%t6@*BT~g>O}V
z%aN-d&Dr8p^;&NIu>Wu-c>Cc|Q?Sss$B}$s!}QjG->Lup!@tIC_N*g=<6R~JOZ~xR
zB$t-Dg_EiI6X~S>_bJliHq>=Z;%?7H7hU`6rY8^Yo9^!Ey>$J3sPLiF;CI6?O@%_|
zL)+(}^vlh4E!k!k%K9ySPx`B0PMSZYd$bJRWv8EBwtULI(Dqq>*F?!0N1wH_8+@6)
zVZaQwecN=`yAM(GJH^JdOmFDNW}>E?_;U%Llk5iHjInvGo#BZqj?=%kY)p-%mn2q<
zm>%DFn$lN18F@LcK%O&oM)85+6B*xXYSl*dKU(&W<dEIglWw`se1hJe^yg+w+(9qt
zPSkcRBztljImzyS5dJ;>(RsN@HM!^hRI*13bJk=9K0PyIB1g7ceQGTN6_)CGzml>4
zu<7ZFw7Xol{&d(WL)_Q2C787oBXw5A=*SmZ#Mt~H{z}rsRLqyJ7yaJjja+Wk=7>T2
z8#5-pls9YmyeoSsKC_wOkhOB-=1hNDNv`;10}TvcW7)l;>G7uxzgK*Qe)ERQ^?bG|
z!D&b-oirGw_9*w|o4XOjFqftwIdfItK3lqTNaC1(w7QCx*T;KKf0<m~8?`j&Q?E(!
z<Ea1IX}Me(V3?|MnI$x5UN`-rnXWXtn+Z}&Gvs+VdfU;Y#^Tt`s_VR&x3rb)I7iLz
zeU9q&J;d-S?$4L~1>Xs_mCn=K?nzBsHRUj#Y5kt)VVdzvyF8AZb<BK%m^)R}hRFe6
zO`Gf*dW?9soOn)TRckYopUJA?#N6M=S1Tm_YI9Ss`;oZ6ELwHLY@Opl<#Pc#$F!LN
z*M>qjVR3t=9%_#pH(b~Q5XHkDoTv1%f9`#r&@rogHs3JNQ&{xXe_k1)*mhW?-+ev$
zgh|R4S)H^cPCvc!V8PwsAW^73J=F9@J$UNp_kXpu=}FJBOEem*zCX74@UXtQ|B0*5
z^QS6qTQ5G&URsedD@z@F_B!;pGo<^s^T5M|?sAT4bLwsVojQ?9QtZ6!pz%|22Rf_v
zgix3iX44<35>R6K`!c1KjB)yK!)l#>!%Xj&rawrLM9wB*eFfL_=6=z_FyV&>wyT9R
z>HZe*$Ju$8u)TZfPJA^gB`SZcE;zfV1tI8^=9P6Jk~~r4-Ot4LhaIWh!5?4x!CG_X
zWe4i4++CWV&OlUeoHq_0c;0LtxBZH}Kb2GFUH{d`qbiBBpG#r8e3w45?0orly(}0a
z=g@z@hi|*_(~kmkk3Tu@>RH29y>F-SG3hb<Kt@PA(AsVmi%&g!@75dO;qhE_`8GBT
z!{&m1)$rm+!8hlH`}t2|+!_Xr#bjk4RWI;#*R)NvfcJt$D(}4wc4KbkNjvGeDRl|^
z<w@hruBs42oyo&2p$`c^2Xcc3C;ppxKljgP?1wVT0q&)9jqv-D;&%xPG9Ewue>_;g
z4qjU}T9-4Z!7JN@<_I3HLyiXwM@8*(QyX|2(nZr1iwrXBN9F$Ye-CROF~xF(8q#uT
z56)KAR>(LMT4mgDa<mh|uqgiP4bf=stM6ZN5l{a8dFW3&TWo@bG-PXga9~x;rh4A+
zH{W|s$u2nwi~OMDL=95xNc+>|ocCXoLrnY%^1n7;x~-G@HT-U?z$I^<<gdeZ2^=5X
z3!2^ROGho;E$FAHkrwS}N_UvQm^ZC+>hd|Y$%>GRNOm`M|8u+yqE;7I7oQSGK4?S!
zjHuVbWc<<=GHzE83g1mTbe$aqNH(_rI{U9x27MQKrl>~a_Dr6}zaFxetG~F%!&~tJ
z>u<yMNBl@cwHv%`e9#f0`;CKr(IxyZM>uwsbMK{qq7T>FdWM4{@(UsHTE7-i?*Xw&
z`XXtZqU-KdBlCY64r~0QyC>~h?hR4TZ(}Z6;bW-i{!}bViF9iONFH%fT|Lo(3kLs8
zX4|6vNf1a}eWHRAshK#^N-7%H<y&|CkN1uPeJ%J3wU$l&;j7$Qw|=r=?q|Rx|2Pl6
zqKG{hxpq>{XL@lswAUv5?4>oWZ~59JqIrDDu>Y1E{uy&#-h$SvsMvsE`Izb&2D%#M
zQkT6Cvrm2AO8UO&Dk*%qS^!DRyLGWw*Yd)mA=R5lDM#EBUsHK$sOZ}|_l~bywQFYZ
zdX1P%<xmCx{*?0wn=baYNTipQs^PS*^$t&?%kCQgS+mFZsFg3%wF6oAczEsEHt$_6
zc)$3`{l|Bb+bpEif9nzKB!m2+o{eAI@(>WhM#Nu@9Rk5EarU=hLfvN}ymIpU)eSK!
z`fW$&lgRqJTslX#&nJ7+1sV>pu0qaza}k!a9Cgg?Gm>j2G1x=t*AfuqhWZpzL=8F(
zeX`1hcegW>UEismd`^4S%h~E@<0Q>6j<s*~Uc*_mGokMeH$foShyn=>`#vxK?)t&<
zW?_D#GtUc>Qu^VMM{um^iX<(YU`?<gvs2IYyJykYIWK8#sNSWP&H8X>W#{Dh=kgW7
z;NBSp2ctL8rHkzk-uC!*-4WXGyHMDccz<Y2EhDFK*loT<>~9vkTs?+(g=)9a*k^~i
zp*2fFJ+*djW3_hSOXr=w!AoVQ!N|>%mg9)JzUnlkS~Xh#2$6TwZ${Fl6^b8l;Zv#}
zaCwZM2$3dUNh=L9EG0b8As{`+;uhy_!XBXoOq*M3E1XDk%&@@@=F5-Q|15EGaxN|T
zUk-WB8-n6^7gDGXOC5lJwiRyFxtF7q8E2X>z<c>`(Z;a97Ho1Wo)1PhHB=Unb7k0{
zX>%Pd70)om^gg1j@6zZ}uW!Cs<Hl4`04$?QShSF3{ibMg5(A?W(-vO8thT%q@%o7q
zYM^?fcm3TN@^zIC|7Z8!YR1Ej*GY@71qxZ#V&2+f<r;Kg$WI(d7+3%HD*6c>)3*F~
z_`OG%+?n_24>Nvmp~BCNO5tXt0pgYd?<B8L=wtAwcz<6DOrVSnbcTztucvUl3dCQ`
z;acb_>>o}d7kqKc?|Ij~3r;yY50c!HXUeXsCq^}K={TL2dW|9JJDi<Jvsq|gSWFCO
z>%B_ja2o05rT8B!yVPq|TVKLIQCwkZUertP)n5CYsFzJv22Q<qnW2@!Oo~+8gzQ|C
zKSAxoX|D(FK0aKxP^P^`Wrb4dxO+vBYSJ$^YGPIPsz8i?4YvMARQHjk=3Fk9{2*s*
z;y#<V;p;kv?WxXYYU`7mE6~J)*_AViiMCWfPrmuANbGuN9Q*E!LQ_xoiCOeac4Op>
zUN(wmWhM@LlJFn#fxINm%Cp5Vo+idK*MB6z70C|IL=-k`iat9=*t`9TSUbO8RCl0l
zU`%%)EK4J3#|ClC3?_r?F7Nma#4)jeQmp-`$?#S?)|_SgJp6n*Z+2>Q%v@T0wEHeE
zll)-!$!#Fz*t|oFVT54(&UenYq}(zO%k%lBUFx-Skfssp+kROrRKYA}-()~8N+~=W
z%}}L&q8WDVxyg$-j;Ju}O29VVXHq}eX)~oZ5A#}r5RZxTzze<wA%Hy3h&Y~||C;tj
zwY~ZVRWep2%x;&^h3%LRO+;%3h4K67#`YXBFC-KYIvBxbf>p=-X}q4@u8KNK)2dA?
z7S3>nT~KDe5*F#lDj&;&gV2#MK2@~I*zbJjld)d|VnD8KBfA4lOR|#)Oqd7Oln{)L
z7<DrCswc1}Ks*n@KsN!!OOqXc2A~BI$GQ1@oABg)g57S;x&-1_qTcFOyShs7`FTuF
zFr_)OUoO-3d0Q4w(p$f)O^Aej-nn0JzlclL&nZbpE=m*OY%3D~P?>(H5ko%46~9hi
z*#Wa?^|9<3yUE^WUhC&qS8&nTe`gYzfBR09yl1@>SQMyELSy$e=MGooZJ7o_qxOBh
z(K^{!>cH*!R?S!v<4S6$CVU~=@A|KO$ja_qE*z9~lN9gwW$t@6mg8TlcLd+x*}h=@
zCOX?6tIqFiSx(32l&Ll?V?t}?v*O_Ji5$v6r|*1Mo7^sLj?v}zpNM;-<FZ+zl_aBi
zliv&(ELoqEXwCGaZep;e@}$LFV2&o8+onL#q?dHIQ#P?FABc?#9}9X5A7A$7YNE)N
z<2@Yf)SO%C@Z7<4^3JKxT@0GI@wG<?L1LCTpAl2hVdJfItm=KSmFX`P@x0hzM<AiV
zFv444f~D$wVD!wKgtwAB)@Wjenkx!J)6$8FQtA+1DL9*B>@0k-Z#t*u&D+FqrUWod
zy)T~eHqk1FT=-?%f8sj#a7WJ$dMpJTsh*SAF`H}s;D)NX0S&r5!Bj;N7>PZf&|%f-
z1X;P&bTM0rd5Ja;M3WH{GiT||5+q~(Bk(8uoLO{WG+}PABWI3c!7yUyytj?W=CA1F
zj=oOM9l{**j)XVenM`JX{7g<AU|;d(3{q&~J>vn6+-{;h6Ee@G3Kd!TbT(Jl8L=bg
zEgU4(#AwYj@V)hFU}SQK0SIp9U7f?>(ou9A?+G6Q!IdWyRfk}NE1FNhQRl=qTg@Wl
zRE{hWi0KF(^9fh%IYy;TgP6EB+>D*QSvb^u!T?GM2^db$UliNS=ZcJ*+3)N4)*dWl
zJ|SgG4>|mWrDSYb1PX-Ri{=yDBucT(L>7rTvCVh`3dYm9jHozXZ&CA!Q_pjZEwh2q
zafEG5R9wzBlbwC)sid8KU<;$zru#~EpT)!<RVuMfXQ0(G!D(ktngUj<HafoL;=b6~
zH{uNu2m^wk`9%IK738oO1&j_W#AU}3z(Y*zg+nfzPsG^JK?3qJBICkcImI^Rt0@^n
zf1?0c|3>FG;$B|ow*g-|u}u*a3nU;7O2v5k6ZpaFM7TEaO|^zqY?CpM267nH6CD?h
z+3)=J3hRJCpigxWh`ttx*e14$iczVh8YF6lU}w+LhzZV)o0%Q~d3Z))K2g(lUTkyB
zh6!@$0>Xt^fSjeav50MU0j*GkB+x>mK;FiWI=`uItk~Hn;4Ya@Sn>L)y4suhGk^r=
zFhT;1DmuUMl`}vB46Fd`nzWsL&jAwxA&D0-pI{}>h;7EXz&b1@s8#62HsQG-2vt{*
z#{rO_fnpx9%_p<xApz285Pkn?=ePDHcA&pUjX;>4K+GqK&aQ}U8t_pwDy30fcWkA|
z17@xc(lEB9)&W}!V?eeBL@9&s{3fx$3(CF=vYmH)#e72hF9qcAB8G-BG(ImnZswb#
zoqeA7P@Ftp%-}i3&=}*+Z&jZ_wrR&>;&M7L(QzsrzwPXgu;B;<_DINlVr9fO_V9cj
zD9phCs7LThbR4Xe8WeYc3KForO~Du%kP0$`bOo82(E*v+h9MAgN1(Uf^C(j<a2<Of
z5bS|c<`cmcpe>)7f~NUR4GBPdQZk-CWr>XAt;gBfOFm;XpU^x7O$H53^_38Kuh+y^
zq#XHrC<Y<Q06FZ^|M+W?NrFl)a-+k&^C(6x+Ljti!GCdAC3az>JG%~^x*v)_q?s~9
z0&1UjY9i1FbmkLYA=K8?E%)M|Xt5~U>?~wrsjg5$HG&`YS51xBaktVdGoP7x3p6n*
zQ=fTxvo>*gP#)zCG_!?)L$#~ICAP_I3sSsQb&m0rT;L4m$T-;gX@~e+M(36w3M9A{
zBb42J##|DGj_Lyk|Gk|(1}BTigf6k}c<xxuz1H%gakZDkaUe1qo!E}gO<dTfz<^4`
zz*!*sKRjq$W4_NR@4V1aU~D;vvy+lE<_@~j#Ai(x0qQ*FMU{N=ah5i#gDPo=IL8gn
z7}3>Eiu8upnyQ_4lLiGmvu){cuz6oF2iZAx_zFE%L?GZB)XBlmJZY<`NZfzvL1kL<
zhIIk!!j7l6g8X?RwR!)vuVfQrD`VK*i6z?P;HvlmwbK~aX!>QP-Kg$X<G|?sj_Ho?
zotWtER<mFsH~7v4Z-F2M^M3vSt|q!xUJptVkJz%1QZvUEiv+b<6c6y=t8LWG+?P3;
z9kiVkc64YGDCv5)l=34okJiy(@-goy?gRqY$9nySh=QcKPd}mN{V0DH`STInt+Zj6
z#Fm>cy8$mGX^tY@I~^jj&SlyWV@f(F=TbWyh)r}s@<9&VQ?~sq=OOzqzntTWMn{!I
zVnBNK+bOd;Ty5eHX$Ps2gAX?6ZtkeeUEZm%lS&;@^`;7%TLP{W*-6=szMl*5W)BiS
z4hF@U=R{;mt~r8P-{t!i8YFApk2ay6Wol=-LP^f~g6g@zC|c7`gzhr~J1O{#|J-+j
z#FOiPhz@+>Afg>{@7&CurxH`}woGBREtd8x%FKW1B&;Qu!!=H;x%O2)6VS=Qe1C{@
zepPo*V^$)$qQZe+iik}3mNSCqjH!u2xftk4&@@KE<^p!q?d(fP7KqG*O-^!}=Ja<a
zq3Yy{#MsFN$sOAxG6Ox?!PzI#nondAIl|7Ji8np?ictndy>=@qr*?PFV@JqNihs$}
zPO5t0HX;+XdmWLPhfTGU8k})KWDaiYAu>}XE<pANa_;bNvG6fL_QUl+m$X%#OAc=C
z2U_WjV#|Yg&>Cs}O6K6<mFLX+Lvh#4`@L|2=KYR1E<|SaIt-DSaT9<T@X{m)7vm*C
zXbGTS3{UK&prgu&OxkiVd<SMIAp430KCxx5DPZPKIG7lGBtS`|n1e51wmk<q#Qy4V
zXfJdJT~kPdKnOQq2F(=0A-2pvbq*4+Zv*^_K8)%PyK5WMt*qi|lXys*2ZrR41TAA|
z7=w9#fiW#)f9Wp+WPiT(9AqEU3YNoR^pO2QEwg+==l2c=)ek;)QeL{;<`bN)U>N!-
z0(%({a9L~yD;8C1$bPj4u<}^V&Yt!w2weSyO>9|(yNM2@27tZNrA|K41m;fj(J|d&
z0x5R(*c~&_ygmFK-<ao<!Bt8Mw4qNJC1l_83T1MzbZzzh)0hX*-O87^zz>MCofJ#A
z5hBxTUIMh){2(~iU8;yo(mgoS6o1%l^ZpfYK5z)_z?Clz9oemX!3N0Y(~B*eHnEE>
z8%%&4U)uyeT)cq(Oz2eabWn|^1U>NSg4i-wDMfPd`NtqV6i48Ao+DooNqu(qD<l;J
zVui$MKCy+iO*rH_0au7KuBf=S-{2B&vr=zo4+T>vV9P8D9nDV}_~PVh$3_PU+%Tai
zyv}bx3V@l8md>l40z1KTDsvX#28eQp0ztV=fsSHH-iz$@yCm5$IoHz>Jf}DJZw?jd
zykoN?zjF@^PA+9?k5;}dmh{f+JJ-C0g02U#1_^+BJ#f<`2kuzLz)bK0w=>CLLeb7i
zAZB0UsZ*(4N%ZIqF!#0q7#x6co0dxM40guN^>i9{*n&Hz6{|<KbMNOKg8MwW?7H(f
zp*_Yb3Ji5X3<ga99!o=8JK-kkR{Fop<C6$fq-Y1PpvsOSxPLS*EU|-Agm&J0!xtpi
zWGi#X1qha78}AG)maucm_9Ens<6A+ZnI3mTWWZ=p_U1db+40`#vEx?me04}G7s=RZ
z1)QLYcy-9N7Ns{w+wmS?3+@y;yTRY^HPN(EZ9>)*z&NhxhyZKqGwvo>p;_`FErxFU
z;u^RL>}Lbmu$}umULE&#BEZm%V%%amj5>;JjB4qa^aSIEqUk{)t?C6Lhi>kJkUlUb
zI6*38ffN6+O!2p#Q{E1if<mYG&qRV4j>9CUYzt{+qXMHvI|(M>#QS=49tU_c1+h#p
zsg5KZ(n?aDcJg$H3$`hKCG9)dJOLt&VBosW`OmH4+~8p3T|H*<z8DrlHO0RP?qLU`
zk0Rk<yh%ROIF0e5IEu8T=BLSPqTE8Ut}uc@qUb$)U&{6pXw+UNpe`MB<yg;K;CS>s
zh|0*DHArRRyeduA`Ha8dG?N&tsfof(G|J1@zd|SIJ<oa3oOa@EKM^{~!&V6lTP$!z
zBm%@t-^6}K2VD72p00f^!wrt$ze0(n#8Tu1Ndr?%$LEd>y;DJrE-A}I9>OWsqUt)U
zqxL(5Wx<hlL0o9(Qf6+YwWi}6e+h;NlLRG(Nj3^YVV1Ph2&|!_D>_)B-8*Q(FAYPc
zz-y5S$vrAh3Uu^zC(2s$g`Q*H6BuP+m0+P|^;Kic8T)i)f#c24ytGr-#*4Qtzkj!+
zdomnbg8y^SYWUsHf7klciK-jNJbRd7(s5U-ilC}EmmByVLF!$4$Uk-e-GB8!fNzZ=
zmP_ngGQEdJ5SeWoq85wc;BUVzs@j^)cn70I&1&QQ^(;Pik7xdSGPYn=BdAlbRY@Q`
zPz^sHT5fRBW+(AW?{vXV*YWXJGG5<U(qTAMHOxSbw5q+zKY#kA<sv{(5oMdI6U<lL
zZ9_B1a)q_7f!{q<)d5zRw@cXnEDJ07%iv>lj`DEAVeo)vI_xVJtU)Opu0}}4j$I~W
zK)KoRX;P}K$L(A6v0SZi|0LqAYx&R%+HNdi{DIm$Qwwj7&tmnp+y>d%_V!8k*xw6F
zrN6-UxYAqEU*;v`-+uatm3DDC;0VU+qWjb3T9neYIa$lKX_(v-&p=aS)0{=Ymp<wb
zSg$6(XwvZEHq4e^zcBa0=e4HKoo_Fbc+3pryZ@X^VvI(anTD&*m>QV+o6Q`!+h9JJ
z?b9}6{c=kN%IZx0$M(yp2-!?<-)Y-}71cj^qZk-9Dfl0>RcjRf<_3RA+q8vh(4V;8
zt(suHgCKi8hBd+g;~(hUVMvWeC6~@;;wY^R9o#oGtcqj7uP8Hbh@B{U*82?pCpT0x
z)Cexm0(b<jh0wA~m{CzayuP)84J!^K_6z(gY2Vd2#&Qz%{$bwj^Mw3l+7WK-<J#DA
zshKr`u6@hPt|yLK*)Wg@-%w~=8or-r&cL%;G9eMSbn71rVOes`OM?)Yya)c3k*q@u
z=THxh<ybhk;H6DA>ii+s&w4HTO4`3NliGkj{-Me`^#LvX`19h4vd}9zp;r%7HWuXh
z6gF`2cytL$bVqmup15Nx*h95xOGy&?25;W6l{hP_o}na_WfMmiY|fKl3WPEYf$JFC
z7fc*I9rzAcErH@XrzC8=3W(q5iGJp@a5aN4WnlL-55K^AoHo6G?<H!+;mokQm5;bs
zxgUjJ=Ei%m6NJw)`c64l^9Nl|pK)zO?Rfp#pg0)ekAr?7hH9K{z1gB|!^urVtSo24
zhg_i`yQdKwbUrBm*rr^y!SMbTAC>UB9j+zpyCroj0lg#a+Q#=tvYnc!6GvkEL)6hY
zHMS*s9;emKvOG#9R_|co_u4n4a2rRRd4DBr`%!Ja#CzC?gKl|J<BBqT^`99?^~ssN
zS0|jL<eLjUIKn1C74}cm^GN==q!wQr1ACIyF*e+6;8Y}xWv)5n6Coh+)WQdPTWI^i
zF(FcqoI0C#P|0Z)3{Mab2%m5g9u0~$5C%=ga{nFJ!(?D1-eRCZ=ZTBLHXp;FwHhxI
zgdCK2PU&$vJ}NUgUMh=6kN~n55p)>WCI*lzG*!glKUoli4a+eh!S;JzHty`C?FG2!
zJUQ_3AwEdlhdw-O|9*7sF_{(8fi)bRLy`Ox;QVu;oEaSe>ge`nbpok%2P3wPl}kPi
zjo@Dp1`S5&#%}$dKaxe2<hPO6gSN^f^P9Qwol~9#kVzQJaoa1!K9oux6ovKS1i`FG
zqG)|VOK<H8|H^wypgm3a2PNg5Y|~C-c$%*eF{~?+<NLuix%;QrME@BSlj=Vc7tO4z
zMj6%c8;Y6ujU2o6YDp?%csLVSR7aPgh^&C<=@_+zp0-gK!&NR66GN!MmRV#Os-bh#
z7R9Sez&!v2=3Frme+tz3fmrw=XDRgf1gyw%vp@-t1sL#)K==#TMGY>*@Y4Xf<I_ic
z$H8ES5xmeqHbMq~Uk5KyvOLZI$-~bBgnPGe=mZ;X@Dt7qytn{(Az)!e_JRT|H~|Ed
z5eUkHT_~+FoNy7~bYoe-&jKKnM+bO9KuGTYd_q!y4Qn9mMGah`2VyKyAYu+cz{x>e
z1q2CrNmyh#5AYcQh5^|{p-j9x57-DLyT||tCICtzCn6jW`~a+NF-D$$haRkiflM_>
zDB&rv!vtO{z(hMa56~DuZ~`I~;6f=uM7s&MP#p%q@o)xU`8KdZ3)ooz!IlPi>ImSx
z&I2wj;MxL54kMac|0_gA2!gdMfQ=y6Dh;5K4Z_F~@PUm$Alc3afX0A+H5r|(e+p2c
z05zmHfeK(Z10K1`)s(<_dR>A)*|7lNE*H56&H;r%07JYChy-AO|B$t^dM*tp<S`Tz
z|CdJ`K#(Nc<ODKs07GyF>QHho?U-J|%q;-5Q~+i}4~&vCTL(5!tiTK{AZ%HH6B_`6
zT<H)fU_;3P%|GyIpA!H$|3fBQC-+D$PQDPOidlF~#0vr*KiP&b;Hg6)WKpv1n}ARv
zCyrd=WHK(f_)=iEfS=qCX26qn4q)8hY4r;nWB_@bIN&7-Zx2^11CQXF;Jk&K@CPrD
zuhej<%#ck`_?}s+V!l&Fu#2HIP9?Adf+f1FM|G8-670KyWr5v#4LSx0GJ_3vu&Aa6
zf>=O+rbtye=mj7)WZn|k!jQErfmUNwSx-BUuF7FrH8Zee3V4ISz|1*dS_o`-0V6~a
zK!9WBNa`*bB8^G|BLN+wjwnW;mH`MX@Uv}oWEH+61=P_1QI!R-y1}BF0{B1$>=?At
z5Li^1!8QX}K>%PX@Q0`j2++4R`~U)Wd;!lNb`$I<0FgWz;DIz)*aCB^ME*adQO5r>
z48H<kP{7PA3y2~(bci%312AA@E#Nmn1`sF^bNDycKP2#u2MCGmh9TIN0}w<RfVx1U
zC$L121A7MeP<jC54hT3SAYupeNu3)YFfVce$kIGuL81g!{Zvzlw4jrEs(|+qEPyo#
z7VYFr7`I0fX;E~5svswa9T4PfqL_;LLU*ABq|P340cZifGH|2?$bhNEcM1l}L;{Hs
z&#z2V%+~^5r~W`ol5CkBz+*s|5x?qJ;p=6f07`&`0f47{fZ!)LLe~a}9vnMID>92*
zRX;#r$?;wS>g?4INHMnLpvXqe$kDTsQU90IWKc1(ujDWZpgkurRDiez_>Lq_0?X|A
zV!ml|KFM8|cODSxfIxw|5dKPn47rliKt>EDLzAm14^#(%!|l`{couTb7y!X4_leX=
zZYnUp`A*4|;vxG=UOWVvjbu%7@6iGU{sZR&=y5OLr-A~)fb}+V+Bq`8)17ox8pve|
z13F+Z^nkIVaySMg!N5rk7X<)Vuxr!G1^SE?u)ryt0E4MVl?yDKfgF?qXlDW9f7!VK
z6t1G8iL`m-DmVe*YO*y>APg=EHGx2rNS5&;N2mY@Frggz30|NQV4gdY$ZcT(w6NsF
z*aISuT(bYU0W=~w0FI&DXAn3!Uk-o|u577o++bS)z+>ouQSvUh5T%Aw0W2(8>l|Q%
zNn4W<2J-*ED99PA1}2_?*dne1xg$UjX~8b}thZAEg*Ko-KH`LzS^swu!~vV!U~me+
zMw9Ds0TBG;0D`5#8M^{-$n~xOfyjYfTTtoKJg^`aC6o`yl84Fv>+U<>nrgnaZGcEq
zkQNYBM5IaYU>>C@5UTVlz4s<9N|g@MLlco+Lhld(0i{ZlPC%r0X#tY#v-AAk^S)os
zb^d_&L&)B1tyy!=J!{rvRxYx0-x8vdK>2IX7EGwqbD+up3v2>!)}Zu^KotR6zOy_K
zl1qqp!qhwlRidC2+yeUWgjoDHG6*ws4|EPEM7kJwL4|{Wh=f5sVN!DlYzl%cksvR|
z1V*2MnrOmU2rG*P)R=;?9Vi7#TM5$u0i|zD!645iq&7KF&jIrC?7xF$0qg-q0ICXV
z;z5mx8`CTq_6!vN3;W3BQ~TF{7kxJY6zIc$13hYDM#zZtpnoVqG9)%?vg8Az>mV%Z
zF_*mduY~lROIR%&;Dy8Kn~ryUgo)$;VXbt;o_GBvuu52VYM@)S_ItP=1PQ<Zws-R}
z>v%^<NP)bdbr0|!48dEVr90>eN^sHz2g7Eaz#28d0R0>YDI&Nd4A2=g;s^jke38JP
zGUz-W!*Y?k3Qj=~^#5?e*GhvM`L{bJP$Js_W-J#lv;zsr?k(8954eJ(A|!Bd-($J_
z$@&@4X8~2*pk#y)gro640W%U1X&OiX>xBilAj!dI|E_StLZDv=!;|b2JQ4;#SQf~1
za01W-d~+b8+!LB(C|JSp+i@T`IMzCbp3H!9G@-jR@S<-|0W>GX93g3?;mL7SqM#Rm
z5JTX8Y@vo_2BV*_g}^|4d<zLqEszh?{kvn(f)|It3(x@}fe<oDt{dM4s}aZ?4*YmF
zO)xTf%X-0zr3CK?8Lj;|=os2WSo~z5HB}He`e%d$1%7t3Koe*zLHz?JNdkOX(14H~
zjIl1@5D2@~zX-7GpgY38^>50(0wVa01eY3$ka!45nqwavzZzi)f}dKZ8wpFbD+Elg
zgbmh(U_>Azp9KUB5Q9E1!NLBEzL9|bfFE?u3|f+K7L<~BEwZMv#BEg%1UE`EZ`4kq
zsV8mr+qgd<FDJS`h_!L&;;ra+P`3bMpVerwh3l95U*T%1KwuS$34a+1R2{IUUPQj#
z5Ce}C<+<;0tjj3jBEWr`_0Zv4E7+(Do+b^ShLYhg*N!&n*WlFCd?8Q?hx4Ia;?pAV
zC?K-vwdK5V4xS$S45NLga1R%~&Sjpz2-)?C|Da2^j#BH*L^DmJu7byoi&(JJ<XyN+
zhp*ut>P!th5uCVm;h7wP%fFlJO=xuc0Xk_M4h6p@xa|^T+Hu}^9Q2J0Jc3NZZ=Dih
z)E08p;EhN0(`t9|e@-#<D>iA&P*f-j6aJ6)c^6y{!`Fw868-mpcqwE;4j7~QOE|)D
zB0DJ4)ou75$y>td>C#1L2TlwON#J}s@d7yjK5L3~8j8CU17zVZ&7jwSK#6T6OK1)=
z{?8z&VLC8HjKd{%OsRlX37l9r-W}r-#Gh+o#d2yI3IwPELsUekQ1f%D)z%<aU`!s>
zb8(m%aOAVj_8zCT3^IzwI+;PQ!rgV+hn`L6k^<mTHJN~$Z27=hr=>swCLKx?s{#IP
zz_#NEO?t^!jbj<o#dko7Pob;lfPm?_Ry@&Z1eOv9r0W5pi?+=_nRYdwcX@!bRSL{`
zsGC7=!QI!k`F6y<!chnNC1;Z2RZs#Wm(k}!>}w-yJ@0XuAP_%5B*4}Tobo^A_^pGl
z_-I1kxqQ%vRVXq7n|JV1R=8?lrxT@!Gi?(`pHQ9lb-_JU;d}A^f>@u`<Mkl$i!itg
zC_r6GV)jQiM{s^V;M|<!sZPZ@;ao+~v+Eu7cqxwy4`7J{d-X^RlrXUbgCxQC)c!r9
z<L5^(ju<{d(|9y7U=1qLu&*%t!=NAqMF~=mYi2#d5yD~}KNRsS>O6Nm_fm#03|Py;
z&$IgR{s+g{W9-@5@j8AytrHFhedq?tV1Hz+L&41)cn#i1v}5Aa0niux^k^By0m7Iw
zAp*`p7rCtjvd*b4$(B&kpd7%HV8lScsDrsBloTkShhM>8x?gxe-FF2B!5Iggs)Yis
zpi>`wO&=z3Fzbl*6f6PugNP@fH-UDr7vRF_08Ic|4^V<Z0~++n#QlrBGxsWxO~8RY
zCj@rx<q(_!e*_AkIPh3+lLJ(tSn&e{!Y(;*q(@K?zyOpH-wI0LINk$v8rbB}^xA(Q
z^L4_-L4!*`04uhBj3&B-cEWX4f%YoXQp#Iva8&?TWqK9BN#N2dUtlHwLx?E}p}ZpX
z26%?qAKXNdoPt3DF8#OD=zsZ8);S9K=RH`Bz((MX2#mmKPRo|jpe55Oj4&-Is#D!A
zxTz|<o_OB^3?gaZ4R9YD;c?*-juRju!Do70><8oQ34EaFPw5ELf~LCUUP75-plX<i
z=DEvlCaPyoy3pd7Pv6d_{OgzA4(0N`z=<4U6#`tWi!h6We~WIM%7SDB!dpCfe`hSI
zJ^OjoNGCr6ch+#l7eyZBUetc-Fnxahr+nWuA{R1^2G`QBb(^6gqEjlc;t~|ps3VOs
z<emjY-s3*@*aA}@{`Q=Wq(<-O?(&eFT7Wf(TzJ%aqw?z6=hElFlwjkth)e5hU<9ZQ
zU*K8_9_PTja_1{in8j1g!}i_Pb&^y6nV@w=+@w&?86t-h%hz|Lc45kLg66(}BLnb$
z@@B|;!6!$z1mJQ2?;Tv@pX={&hhR5oQ<kTT;HwwickPlE6kMt$LwWjhy8;MBu6l`m
zRx=b0Ug}a9K#D(-1fcFO|6<X&A4>uIvgdzJFZp0?z}UBwm817y1_mo}xu0>~{rJ|W
zRq)fi4b=8GELf4ESsg)tI42`i69>_O=J>s4_LsiAVDaQc4Kp%uCe}zq>JkiX#<l;m
z3|8y-0G$L^5m1Y{IvUgpR=!%<ssONVw|mZqO#|zGXo?*;DHvO4Y79taO4-X*X5gp_
zdKG^Z2m#6{qvHUI2%;6hQvjbf&zQAe@FaKM8D1T<PrZHiG41y`EzT5igl9Yz>w>>k
z1s?Cf$$`QHs1AlTvl<t~H|sLG{QMI3<79>8xqr5w_^)`@59c0r=}^V!ll?b?P_TM8
z#aa#jKz$jpgEcloCE-y6XLvU>>$S`H?%er~pvd!9-C>|FBoqnW<^bmSoy2`A+C2aa
z!V8>n{msiu=J(s{pL?43plLkei#Nfvwhx@K2K$<URjo=^Wy%ni@Kx3Zab4`hUUwcz
zFjQh2FES9{bw&ejRPiYKsKc`t%g|ea_i>8!>lZ;6SccyPpl=AO+J>3q%NyLik*S~o
zj=a8iVAT+Hdlh(Sg*ymeO?q)D#CwQ&S#WyfFaO;ppnub>0|{js#Jm?f^8G+EO|f=)
z!t_?U4GHk^uW+zj7s^?i4!LF>@a<9hA*IcGM%3sHA(jmpv);47TZ1Qi#QaFsMzA4A
zz?DHvu{=rsvzt%+DANyZ_=tsA9NE$joxJ#0b{8qFvFJ&&UXMW9K};2EFry2GdyNf$
zMpaJrJ1^cS^oWF&#JbJv&LAd3$S&SD%cC;}*?w~n9X<7q5#>*lewL56covkqNM+qt
z)aWR~c^B$Oo_<)qV%9sAL%Oz)d%SxGj(t44f?b65VsMK5D=B+dgz%eZX1%hkZ*Oiz
zp9T`AAKJr7t+APu*3ymFtpiRCzs86K?LWY01!Nr^Y6ZK{VOfLs?_ilaqp4#5j^AMA
z!0-_vY1>}8Y9BNQqq#7eow;-Y*-M5u(43e%oe?Z_s|CRkL@2of^vxW)otr@+OUgIk
zng_ALC^n2qCyE~XtverU)VUID`WQ1AY}`qIbCDMV=`_6)P_(2-1l|4c1ZsLvwS=N>
zGdXY|YP?~3A9Jg7>Sl+@K}9f%8^h9xqA9o22x?gRxRerX`qWp!Rr$c52(EK56ueK3
z{j|iEb9>d|M(!hwWhc`Ol)-^SF!}-JdNArfhOQHR2m5ZRkBCn~uz!R);PcX}&Z1j*
z!%iErXKDvl!N@ypx(B<#`?Oe+PUX0$zhpO%cgx8d2nYlTgN$CfyaBvANXlVYwIHG*
z4T@YEC)&Q+xbMpp+(;Ufxx`Im%8s$`^uJ-s?TcJ8B-*C|hm?D(!}LHl7`X2{n)DfK
z2`eeGSCWBgZ2{xSk_K8^n+VO3pUHlOg%bh@O?V~e2@kJcYfe6A{cEi)Jy^*)Xso8S
zb&k;Nv+MLRjh{;P%PX8PwN=Xg#Od|9a3Wf`;IT-7Njc|98bXu9K?#=vY8{l?<+SXZ
z3nw@Ys!l7$k_{?2>lL)@D+(thVI^sHN)=PdvtV;X;RM*b7T9e*r&oC4gaWJthS0RJ
zSIREnJh=rc(Y04<SJK*=1P#hKPav?8DSIWbL8eGSKSFaHp-BrXDJ@LSBXZcLgOyYu
zG(}(~`mmCg!q>7|{S(PG!UYI~=DMxY3_>%mFu9D#;Xo8tvWw7^5-u2?O!mtzoOlcB
zLCE0Mwn%|D*xPfhtyqL6y{%Haw$_#tLem8tZback7(#P@BDv+I)|N3svsJiYv4Yd9
zx^RLWp_yi{WL(I3lCz}0^%uNV8%@3tf|Vo*7laEJq}nM_I4IEy7epDj1~QH&Lnf0U
z<H?YzWW>*8gFMa?O<0Lm{Sw5Zp>QIra3T|Q3$h4~1T~f1V#E}a2=rLU@oHa8%uCj;
zZCw~OYv{IAimiKZP?XJ<GWiXSGOZ#uZ8qx;@{Euv_ZFtD(<@Dc9GokRkl7CRYwfiS
zDENwuDz;+XYxRX1A6ZGHxVJlUtTC+Dk=If~&1&t^cP+Mt+=o;JmhT)R9E88XCX1Pz
zcb0MtkwUZPO)YlXG~-SKO2aD9td&$Ju?qEk4G-h)xL>J}i>QZog^TVDQFRj`lHp})
za|&-oAGB+V^498bPSN}&uQk_}!Z8k)W@vYN(g>EP&N&v?YzWo2B<5^4dAq*_%{J@2
z#clj6wi*o04a@s%97EuKxQ3ysY=l*>)@OOK{*xAMJ6Zl~tuc%U&)pU48E;E^Hm6=!
zZo`vsE2b8QAxI(3kg8NNpeFpIBpH@Sz5hd9b!f*kO@-1&hlg*><hzqdnbp+KB10h|
zVvcPI-h8W#Udk!{vX?cnu1Cb&vIhC}>)vU<T;@ETg8F!Mt@CN!j9O>yy}v#YYe}Wi
zJATr0+86btS6OPVwAuly>Kq?h(yY}V=XP;CqtG)cHY5`AMPkbJSfpWcdZQJ|U&e$p
zPnYjbaWJs%ISF@_vI<#tt}nf?>-A<Gfb|(JN9s%h{$BZ;!*5B;>}hpPttO_<%Q$>1
zmi^l9w8y+=z6RfSovRYyPve<?d#%jL&{SWnZTtC^GN0Emg+7!_{mxcp%lv_{Vtlh^
zGqE+w1`bW2>Q{!4j#NRz5dV0bC!)U7R`1j(VmBP^;zY8RWl~b-I9L2}gr9k;X6|H>
zf!im4nK+PMX(OvC?ci^XQ|02F!k^7M#T(p4Q<bnrBa3<`Ls2bVM%Y|&a(m0$r_zgY
zQ5}_|b&g`@ZNuddsfV0JDNLg)*&RbwHe0_=U;bv~9j_qmj;)+DT8DTyFYuWB&RT)Q
ze#jPEd`N187}psnuWaO6^?S5Z?%qx-K!KQdD1mu5o2#U8*P0ANTIX%4CYE?kXeYOb
z0Xp{NhF`8B!Y+DYV<GV1@{?ZC{Kd_5uR@1u*qkecfBtrb=HgA$)zxyOL}f=8D#ezq
zbO{);t6vms+~8*3&%N#JX}=C>VN#M9_p~=u$%hCWKX&JNV=*zQMjc_X%oG#eadp7@
z9~*`T$Ls!cqP7qVg|od=NzO&i+Rg-bM0NYPTv0t_JiG!aRJ64kRsGo@_K{BPy$8>_
z5BBKF!qIs}E)(}^?WR<Gdi%`S4fQLhh$>4m@Ly`%wTvevuBMk8mmocCwPLNa?EKiQ
zM6+zu!;Q<zMT}hVa)O$glC?ES!&clMsZRs#W@aE=Uc--DtwO0)Yv*rgYm_+}+le5o
z=3c7G^we}!)ClNI#d3NrFqCnpjmNg(E9z7ljf8OWF5^0LPju&G7u5b1&T=kl9~3C4
zx5Fx|*Sl_iy$g}JPszD&8kk*MEwUS~C8{?$tHQg%1zjf3H#(V`77Ae!b&+&55W1sA
zYCQazG5g5cuUI0ZuK(s9u~igLS?yqhmSb6B7KBgy@b`cUTt*=2-i-Z){m2G+{#Z@+
ztY`>L*LHlZFPo%D5mKywj{FUKW%or%Vf_MmxcMx(@7tjTh|2zV*VB)MZFhQ~8Mx@z
zE*h&9cWsCw1$Xr~I}z>+0-`P6WQvn&wSzbPJ@SV9X57f<CY`2^Z7+<v8`_}3Qpo;a
z`hkT;Wr|u2b^YGjn?ee%Zs~`_6<x-cgWj!c3#^CEZEu9RVyzEcJcfbBH%>yY*Tcu$
zoY28y-f<376yw0uv0$mkN$Flwg<T*dTK9mdNn)z1)UQXh-{kGGutkK%Ce|beG56kq
z+)ln8(h^K$m+j9}C>}m%zty1Oq&?f0JF1BF?;Kr9bq!d3?MgG0X;=4>YGo-16`|qU
zx@pi7R{u<y!q0%n=j%+oK{W(6ATW#iAS87IRVxHpS(kgp`t(zC8z!GGDGB|h#ct;-
zU&P&r$dt0fxrU={)PVTS43g|6FU8)Kw4r{TG6&hPn0wunL2Gh53xy^Wg(eejvNJhO
zYWcgPZFl&zSWkXkF`SZBbl<HxGn{`3O`e<JUPOksh0%HfJ_cWe$ES17_zQT$%cQI;
zW`yVWQdcC`T1+xL8V#(A{#ahVLcTZdL+L0}jdDCUA8`D|RqNG_tluxcT+F7m&EDMN
zX3q9WQlVUkrq!J`%=(r!4zmbrFG!l~Ao5ge4Dp}-L}y6eXlFR|MM!Xff-OX!x2bH$
zP8XS>PpMnIRS}-inV|N>4<cHD*d$I3GW4y*cmj>e%|WFCjSDqpyQ0$hMjkPGAq_49
zG>{8n?ulXkV@YS&jGO<EKsk>Lhx+`}H<YAo5=wIedW9LuCuaGRh!x&1G8BEge^0-M
zJ)LwP%lwR=tUN2ZiwGCUoNRhMWB*#vFy4<g&PZ<Dsjr<&F?Gjt?iH$kCMG)UQ$J&c
zTk!Iv%z|&-k!@RA3EWS0XkJrH&`-tMM0)O7!HfQDQEzGedXt)piPeM~Q-|zjgs0|w
z`pQP^QnpncohmZ&!s-XE7qc8OOo30<k#J5IP6|tLtQ{7SnKK#=Xfmm7wvb?H8`-cD
zwG$a%H`oxqmEu=uPF8RVQz2d%9n9zdBb<YijH74C6G-#ic`?QmWjU_-=R~1q$hK=i
z)=_V&;?yEgy6H41$;%$nrc*K*`^D221D*e9^ieQ4rD%0n<xvOh;Mdr9rm*i)G(a3=
zz+GDG*r3v&EZLa*kU_}Hq19(!T`YKg1AiUQ6P~Szy;Hk1EXirp;;e0*zyD%|=#iDb
zF6#83;$M!)Yjfla$NPiSDhq$<>fDvA2P)bBgl^Nf33^g5ibwh&UeV?0<|lgI{rR?J
zW!7WU8yhC#@CZUwF?podp?{I*SY|G+TBOm#xN@&{%GxO@^sM%W6Ls|m9kJs|NoQK5
z(>H}W^Vz&HNTLFxDsMW{{q&pr%6@Q2`80owjV{l4Z0qHT*osTQjA0_@W1)q=so#D-
z%=dQ~^1L^5-@5skPvsrSe|Cs=)O$*GBW}Gydgkjd>jp%s{?)dp%r~dY*KBNTk-4><
ze%C+q3++UE%wB|=j3C;wh(+37T_ra01Iv8~{K4NB8bm)#s&9rHS@$?v7wkQ!m5Giy
zv(wE#{_U4CQI>GL!r|lGB42IzkMhOyU?OfAG!^Ho5d|KlmiO@G7;7JjdoP7yQL-N(
zryqC>-nj|HyK%-JzD&JRZX27_JzO()x3w?rgTlV`>p?o3hjG)quI%=+GJa2HMEefD
zJE`wjsc%{Fe`F3z(+m=?O{WV>`^`k!t6aVLjn!KCiFdTtjyt)hDnkB6ow@V4x%arH
z_jn?CXWBv;q>;zEfyb(0&}3xvX`<baGs={j8MgfNgYAc-?8#axx8_wkJVR?*d{Zzh
zK{}?(6+va)BWDQ>oY-`C@D|N8Aa}>(+p$(#=ATJx?R2)8`t^^3qBnL?qlRBU{$<Qd
zu)NPIFw{@-y*B8^yH$pU;w_~CPpr>K>Y#p4uF&UlZ3eNjp;FsMbye_@24{DXUyi!$
zA`ulOhI2`XQDsH$-m=^MDqKGXtjRc}d>jBT>mGaI0cWQc=NlvDSvuXL5k4DI$4+t2
z=BuSA6YBRS^n}R;Rmo%yoj4wgSYmeP%2`6UB2&qT!&Hu0E!o-q2HuP0lU$c`VTiTs
z_Vz5&o|zSp?tY?c5h2}eI~#71e%LX$Vfs*RDCFBlB(dG+3Q?W@LPn@{5&F;jL^jHM
zdq2`ia$I_E9lCJRM47dem*(c^$#E!R91W^PZ>;hPw$gBa|Kh4{_6XM0;ocK|qCu_d
z_vR6K{u>6e=K{w*(@z|QST6iOANgdciSlNOZFG(-A@b*XB`R(VI4zd=p7+KTYPiMP
ze=js?Z16Fko%`Wie8;MN)ZHj>)|OSma_MzjS+0|~PN1Q0XVz&@zdmnmX&P)`VGCD9
z`<%Y^;yBCUTO7m3>vc(6R(+%vL&C?1lGf!a`af^7DU0gTHdM_gUzYjQ>yS?VOrQ@}
zW$@?dX~jfLQL;&jV*UT9pUg0tI1sxOyb!ByX%#WoM{3(UOSAj#F)8<iKnqDakDUIp
z;+s7Zg;5cuyd&sVsps&K3CF(43MF}ihQU$+Eur>)f8BG{Q@S?KjV}|W7p|PIe;CN-
zs8rnRy&>w=2Op`_J!CPax?Ev2jc82S7Qx>j)$V~_`}SDHA=$w?eVEcmJ>NQflt(P)
zKu#p&KG(YxX4;kYM`17`K4IBOhbXCN>lq5u+reiKALPs>21Fj>M;xq#Cq=V#7Get{
zhYw8~&L0FXCp$U6l{E6cO-f(r+LK>xY1vK#TV}84vs{*g4|`E(E!Esr;^#`$Kj}3c
zXt@4HhokHnjqn5iMUMvTWQlpkTvuw_UG{>vW#-L$*<)GGA{0Vxq6!sQAODhOlTkOg
z1buMs<f!&Tz3y)2j12tsrQ1snyweJ%g|>3$>S8ly<MtHt61O0#ws$pXC*CN#Bo9d}
zhbk-W{N(lcRo9S7J`)`yv-aR6KVlvH)&FX#eEQzwO<zr8@F#k*@nPy_Y1X&*`E5!L
z>@9BJRU%hrbX)Zr7}s#Km`smk-%wp}pW{0T@kwZUI3cO|{(&hCqtZ`@-RfTlaUV~-
zoaV(h!<^>1c2jt#5}uB_R~s?jx+``Y+5_pR{Q8QoyY+yfvUcfR+k^1g)Lq`i{(Vng
z37=%m;qG;+?3cXv2Qtr0>K)hsehAD*)yHsX*plpHo1p{;;*s;yxsV1Kq1(A;Bp0lO
zeqvWgm8;UIJKp&-=XhAkq#~X%$~hZ+6M=kh<s7sy;M8q^OoIP+n!?a5bU<wmWfy#H
zR?MH%NGTf@=~^<%-JJIEKuA~%_Sj?Ui#YRBU89TkFJD+o^tUv5{veetKghcbwk3z6
zFEi{l`%RM)U7P<Z#-ycUu5f8NDI85%^B81KQx$)D@gu%NaFP?a`BXun3S+#+&Mvdl
z|2hq8(RBA-cQq3X&cFdB{h^t!iBB}*QdsxdX^=|)^CLcm&?fz<e6Q#6>8MLyGKoY+
zX%bvLt@n4>z`ANi)G*XrIk7quYbmZZdLFU$(z3V^$}_BqeTjFI&{W|HdNB0tBm7F7
z9I;t^<CTo91o%X3OwU%r1%r$h?cey0#7I3_x{0gjBxqa911~sPLcy*4bCM-n4V~q8
z2)Hotg!$ephtM$ac{TV4;*zOjH^{i40EQ_x26|4+p_O+Yv8ZRc(UZGr!|BZfxH54+
z9uzq*<<*)wCz;iA{KQ+eft7XS5&ZU>@0}2BCfqVsUO}fzYE5Nzjn!x+v6CGwY{ls*
z4g7@gMVY?(i!&*7KcXr-{9YB+F?hStEm6#iFxcW)4s`D-pCsr%_hoxpzi9woLrfsc
zoiC;JAQGGJ@|huX`8;|Eig~Q?JLDO>`CM^E&NI27<8b(O06tMvAn`RexJ42W&y0zw
zo%j&RQ=qoSYMay(I!5olmUON-XK7g{zc}X=ZYs|3P)i0R<;S<twALl;inIH}yu<F*
zi;*8=Cd3%%k?ekqec@c>!r`ae;fY-va(O?`-F_Fu#>S>8v1L0Sj6LpCP%em6<-XWf
zGyjtgytenk{zxESv)@u(OUVCp@AG>4ZKgj^UKL;EIZMBNz57}&VQhL>DKf_Dv5qv_
zk_y|<C|!H;hwMulofZ$A!(_Dr?k?t!8oBYf6<6Et`3n0;Bc$#O#hR~uO8ekuKOa36
z6q(2uq#%6S12sQ8pht5{Bzzl)Qo`b{TYrc;9QyrU0H37C2wC9>53vXitvg6xvUA2<
zCo)ko;EBnlj|x9@0pu{zV#mMjRHdKvN|lwr=fhu>+fWwgWyVs!iVsKm%7?R=Nsosz
zFraxH7*zVi*{O;5Q$FtlGDutT7@Nn}%@eHURXaB!v@5N0zs=KY*bIE#%gN(;Bp@<0
zZ9!5}Ew|*&tug&iyYh+|k+(|T3w>9K$|haxZ%X<8{R8oL3}-f<WhhdEbX%a-a-MuV
zKT${}*7Gq<x5h1%=-!b7m|=3afKc|`HZs`vjbqCMhS=;w2%n5W;U+5kI|DxrGnZ_D
z%Dj5$_iq%xH3U1OX~cfjy=Y_k5k)k5qa=|ZVV&?=s8L*JAWqcFa`94(JCA`0Ii}y`
zXgf9jNwJEe-{*5sq=1Nts*)ZoAqApOGaN@U<*R*rS;XY1hs_b&{pgD%X`a}FxzLI4
zI4fbUKA}yP^p#6F(=Pv4iA&7T2h=&^F>)lncDw(C>QwCg8vJr8Va<-V6%_M^_r_pk
z5UhfEim&)cbM6{3q>>V4s3(*DP0u#F`dH=r4Sh!qI>Y21@b>}b^&Qv4L}?VPy3$n=
zM0ooV-X@cN9-WA1hEvKlmDy=U_n7qOh6e`YV67cPdjhad2wH^eyO3Rrw_2uO{B+Tu
zmG8InGQJ!XR!=v|w#e7;EZu%}=P8MLO5Tenw!g2G3BBGR?@%!n-x(8b#wE>K<)tui
zc`lkWtILPq%GPBhQO__(acT8mHh&L0R!@`tv-M?Bn~^Jq{z5xDugkX@s?Bv$t;B{a
z8M9?A6aJOU6?;~#L<8Ph0;R$N^J!eLV>e&5V;k`Gzr3G<`cqK<zrMTp(nnkhwncY`
zJ<}<f&gDwE&?`v9zqYH3*M@AXrSx9v6?BmAo4;v-YjfTG8-xyg0KMMA{BUaI9RV?&
z0s*o4n>r|HZ2?+q6+}MMv8&<J=At}9D)qd8m%iSyNKwL-XtGB5R71O4r~8(TcSa7L
zg23o6h1!$@nHLLQRKkSlYAlP+*A0;Vug#0~Ae+ka;ZX&nVLRmR_bHOx(~0WU&bTOO
z6>s6nf2q5DX{wUZpe$}5qpYi<+t#Sa`~CeTyiD{pGo$g(9Db59Tf07e^~{sv33WHi
zHY6<*m-n>+gq<Q!Tx9lD_cpd4-U;MRDGdv%r<DWlp#ijan9g~Mxs2mR_xs6dwQ@by
zkU!N0PV8(Jm1r;ZOEh!2M8-yxVoysnEpX)%zToZXh!X6yNHYn?ypa?L+4vvdSDL-`
z41aRv{LXbD+Bb>J8*|O$qh;ixpg(eEYy70}3M$v(y{Vs)H+G<hDiwMSVcAzpc?@#@
zqvLf6|2&F|_7=!lbvzgdMM`Xe<zu$+(uuz1dly`)Tb+-~3*W3Y4ebBUV82r8(<xi<
zb6uZK2cuqcbejivJM0bgrO)&AoTbeD9kL#8j;H0<e&BKC-_$ve@1<Wa`L53CJ1Z*E
zC~Ml>VGVKMX>FHr>7O~PgGp*ZnWsk>AgV99AAJEI`yh0$+dFlJcU*YKYL3_6Ti;_?
z>J@$k;KLlBsTVY!dzR@SpL)b9cob_?>J7&w-RhQ2;@C}R81GY1EfvP8w<jruy>MMx
zYSO7<3>xYoX?>xe@@+REtpW*~v+{S&KuMr<DQsqv;Tw63g*@HfzlLkZ)bpy!t#!64
zN~?K_-{*#MWEukKS>tBtdU&eI8c9<>&Apv@EVR+X1KwI|;xRwievY!x+Q5q@05hE|
zyu#D2epSn!zbJ|>r6fa;w&4-$W@6i&&c8wy%1K)Fsl00|r2<VH^Aci^4I%9{B>q-_
zDVp2Aign5iTG<(76oP9azI3BFU4iWMiA={k{EvzgxEb^*JjRbK3wm*2@JRY6iIg{m
z_YP!dT4cJ~p~_;)tgo^&&N$>=EAjttiW6v+g>Jj(F0ehFVpTd{ZZ*@uy(9D*36oM`
z<U;+F3O%9kq%(`mUHQoP(hg$^KD9_8-P*DHYi^u_uHg{n#2{}=b@$21gXOx~3dD>m
zCs?~ySg(soy#sr3-*BkB8EYRP-fllZk!IIPhI~mq$lM)f#OdBpoa~fbmhJMD<C5qi
zWvR}=i!EABx|!|gp$8`6zPJ0}hb*N7GjYTXsr_k8a^Tqc`J3s_HKdh)@76Z6TYkwZ
zOrxb%?fF}r8)<dFQaW`pHLl0~e&!oChE-xYvgd5Q5N6SEeORq6*_Rd;4os8fKz2rg
zvoYoFK&qw#ope8JU{!Wt&qlHAY06S<TP4Y7jZ|-?kx24oZ+n}vWZxDi{T~^t_O!go
z=^;m|{oN(sY7nsfKeN0#M~#n^>fTrg4~R%PRYOYkPD*`<J|Oi+%MZp<HXi9#F)Q@&
zC=@u8nZ|cXKJHn3Y)9n9mw&me6+f8r<YY-B#C)rZS>_+lK)SbiR+2N^4F>Ci+}1+e
zUZ(5*bd3Asl?t0ZCtM}E4>tSM_U1jK%^SBhz@ou`re6o#OKGH6o@?PNN=Lr7)ue_R
zmZbBi_)R?7^tG7iw=v3ZV-#zQWb#E+J3d%9a(bf{qyDWKcstQ4?s!MWA-qwV9CK?7
zEX@>A?c_@B<O(16Z)^5b+0c#eJ=6?f6Qki2&GwIqA?|TLV=<0<Km4lpWfRR0Cxby}
zgMMepkIQkz{@N?4J%gzQgQ+vy5~aa>0<0VHj?4u(DJCDt`-VmwV^k<lYg@aacS4V7
zPa}e=u0}eh+^H(WQrzmlzbV;8_Vw1{hQg~4Eu_VS&&%qSW`Iz)`F?;)uBUV=Hi}6)
z^8m#*I>&$d^*;Yfn%r-Raj!B#Cfx3AzWbbW4%w%*NnEJ=WtsRzBx&J2PXGT~P?~=z
z?pF3^Zq{2tgXk5Bq`K=}3Dqh$8=hB2D@i;rP^%9&#kYrhe%7y#?TW|S#LDG=BJ*b%
z5L1RGJ86^mZ64Qc5c6=FC^o>Tm0s<XsH<w6s~J)@mANK+>mDk25WZV_T)>V_3$KaV
z)MpR-cD+J`il)rFO3{jk^KGa+&*yB`3r5z)sI$Ot3Nb(GWD6)>LA)5B2$Qlj{U8!d
zWrDw?v+U79_<HvUE;O~8!iDgUVlALGQT-~w_&w4ddAh0!5x_8IlvrTkq}c=K$B8`y
Vu3xzV09OfrM##x!(_@LR{1<|3PALEY

diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
deleted file mode 100644
index dfe37d52d..000000000
--- a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/METADATA
+++ /dev/null
@@ -1,93 +0,0 @@
-Metadata-Version: 2.1
-Name: MarkupSafe
-Version: 2.1.5
-Summary: Safely add untrusted strings to HTML/XML markup.
-Home-page: https://palletsprojects.com/p/markupsafe/
-Maintainer: Pallets
-Maintainer-email: contact@palletsprojects.com
-License: BSD-3-Clause
-Project-URL: Donate, https://palletsprojects.com/donate
-Project-URL: Documentation, https://markupsafe.palletsprojects.com/
-Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
-Project-URL: Source Code, https://github.com/pallets/markupsafe/
-Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
-Project-URL: Chat, https://discord.gg/pallets
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
-Classifier: Topic :: Text Processing :: Markup :: HTML
-Requires-Python: >=3.7
-Description-Content-Type: text/x-rst
-License-File: LICENSE.rst
-
-MarkupSafe
-==========
-
-MarkupSafe implements a text object that escapes characters so it is
-safe to use in HTML and XML. Characters that have special meanings are
-replaced so that they display as the actual characters. This mitigates
-injection attacks, meaning untrusted user input can safely be displayed
-on a page.
-
-
-Installing
-----------
-
-Install and update using `pip`_:
-
-.. code-block:: text
-
-    pip install -U MarkupSafe
-
-.. _pip: https://pip.pypa.io/en/stable/getting-started/
-
-
-Examples
---------
-
-.. code-block:: pycon
-
-    >>> from markupsafe import Markup, escape
-
-    >>> # escape replaces special characters and wraps in Markup
-    >>> escape("<script>alert(document.cookie);</script>")
-    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
-
-    >>> # wrap in Markup to mark text "safe" and prevent escaping
-    >>> Markup("<strong>Hello</strong>")
-    Markup('<strong>hello</strong>')
-
-    >>> escape(Markup("<strong>Hello</strong>"))
-    Markup('<strong>hello</strong>')
-
-    >>> # Markup is a str subclass
-    >>> # methods and operators escape their arguments
-    >>> template = Markup("Hello <em>{name}</em>")
-    >>> template.format(name='"World"')
-    Markup('Hello <em>&#34;World&#34;</em>')
-
-
-Donate
-------
-
-The Pallets organization develops and supports MarkupSafe and other
-popular packages. In order to grow the community of contributors and
-users, and allow the maintainers to devote more time to the projects,
-`please donate today`_.
-
-.. _please donate today: https://palletsprojects.com/donate
-
-
-Links
------
-
--   Documentation: https://markupsafe.palletsprojects.com/
--   Changes: https://markupsafe.palletsprojects.com/changes/
--   PyPI Releases: https://pypi.org/project/MarkupSafe/
--   Source Code: https://github.com/pallets/markupsafe/
--   Issue Tracker: https://github.com/pallets/markupsafe/issues/
--   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
deleted file mode 100644
index 1a6655059..000000000
--- a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/RECORD
+++ /dev/null
@@ -1,15 +0,0 @@
-MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
-MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
-MarkupSafe-2.1.5.dist-info/RECORD,,
-MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-MarkupSafe-2.1.5.dist-info/WHEEL,sha256=Jjzc6ISFgDOOsYxK3rGIIgg_gPHXRI2MDFtRxyygFgU,115
-MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
-markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
-markupsafe/__pycache__/__init__.cpython-311.pyc,,
-markupsafe/__pycache__/_native.cpython-311.pyc,,
-markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
-markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
-markupsafe/_speedups.cpython-311-darwin.so,sha256=IDqfQnyjAd2Y15LBPbXpZPSBjstu6YWSjwT5dP2LeHk,117484
-markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
-markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
rename to lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/METADATA
new file mode 100644
index 000000000..82261f2a4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/METADATA
@@ -0,0 +1,92 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 3.0.2
+Summary: Safely add untrusted strings to HTML/XML markup.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+License: Copyright 2010 Pallets
+        
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are
+        met:
+        
+        1.  Redistributions of source code must retain the above copyright
+            notice, this list of conditions and the following disclaimer.
+        
+        2.  Redistributions in binary form must reproduce the above copyright
+            notice, this list of conditions and the following disclaimer in the
+            documentation and/or other materials provided with the distribution.
+        
+        3.  Neither the name of the copyright holder nor the names of its
+            contributors may be used to endorse or promote products derived from
+            this software without specific prior written permission.
+        
+        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+        "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+        PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+        HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+        SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+        TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+        PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+        LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+        NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+        
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source, https://github.com/pallets/markupsafe/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+
+# MarkupSafe
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+## Examples
+
+```pycon
+>>> from markupsafe import Markup, escape
+
+>>> # escape replaces special characters and wraps in Markup
+>>> escape("<script>alert(document.cookie);</script>")
+Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+>>> # wrap in Markup to mark text "safe" and prevent escaping
+>>> Markup("<strong>Hello</strong>")
+Markup('<strong>hello</strong>')
+
+>>> escape(Markup("<strong>Hello</strong>"))
+Markup('<strong>hello</strong>')
+
+>>> # Markup is a str subclass
+>>> # methods and operators escape their arguments
+>>> template = Markup("Hello <em>{name}</em>")
+>>> template.format(name='"World"')
+Markup('Hello <em>&#34;World&#34;</em>')
+```
+
+## Donate
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+[please donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/RECORD
new file mode 100644
index 000000000..9e23e00ed
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-3.0.2.dist-info/METADATA,sha256=aAwbZhSmXdfFuMM-rEHpeiHRkBOGESyVLJIuwzHP-nw,3975
+MarkupSafe-3.0.2.dist-info/RECORD,,
+MarkupSafe-3.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-3.0.2.dist-info/WHEEL,sha256=wZi4olA0NR6c8yfzURN7DX9ImcSoHfH-g7UT7-9uFnE,109
+MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=sr-U6_27DfaSrj5jnHYxWN-pvhM27sjlDplMDPZKm7k,13214
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=hSLs8Jmz5aqayuengJJ3kdT5PwNpBWpKrmQSdipndC8,210
+markupsafe/_speedups.c,sha256=O7XulmTo-epI6n2FtMVOrJXl8EAaIwD2iNYmBI5SEoQ,4149
+markupsafe/_speedups.cpython-311-darwin.so,sha256=NHnXuz84IzAulUxl_VDkSUlQVKrzHXMIAWxCi0e01dM,50688
+markupsafe/_speedups.pyi,sha256=ENd1bYe7gbBUf2ywyYWOGUpnXOHNJ-cgTNqetlW8h5k,41
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
similarity index 70%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
index 2a4682fa9..d71e2c723 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-macosx_11_0_arm64
 
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-arm64/MarkupSafe-3.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/METADATA
similarity index 93%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/METADATA
index c8905983e..db029b770 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: PyYAML
-Version: 6.0.1
+Version: 6.0.2
 Summary: YAML parser and emitter for Python
 Home-page: https://pyyaml.org/
 Download-URL: https://pypi.org/project/PyYAML/
@@ -20,17 +20,17 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Cython
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Text Processing :: Markup
-Requires-Python: >=3.6
+Requires-Python: >=3.8
 License-File: LICENSE
 
 YAML is a data serialization format designed for human readability
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/RECORD
similarity index 75%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/RECORD
index b6353a4d7..9828953f4 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/RECORD
@@ -1,13 +1,13 @@
-PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
-PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
-PyYAML-6.0.1.dist-info/RECORD,,
-PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-PyYAML-6.0.1.dist-info/WHEEL,sha256=GYWT1Q_60SI2bAUaGrkLwkEA5yYDmphib6XcY6K30ZQ,110
-PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+PyYAML-6.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.2.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.2.dist-info/METADATA,sha256=9-odFB5seu4pGPcEv7E8iyxNF51_uKnaNGjLAhz2lto,2060
+PyYAML-6.0.2.dist-info/RECORD,,
+PyYAML-6.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.2.dist-info/WHEEL,sha256=LFVzND6nAdWMS-norKkn42oL86bk-j1PiLvh1xzptX0,110
+PyYAML-6.0.2.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
 _yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
 _yaml/__pycache__/__init__.cpython-311.pyc,,
-yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__init__.py,sha256=N35S01HMesFTe0aRRMWkPj0Pa8IEbHpE9FK7cr5Bdtw,12311
 yaml/__pycache__/__init__.cpython-311.pyc,,
 yaml/__pycache__/composer.cpython-311.pyc,,
 yaml/__pycache__/constructor.cpython-311.pyc,,
@@ -25,7 +25,7 @@ yaml/__pycache__/resolver.cpython-311.pyc,,
 yaml/__pycache__/scanner.cpython-311.pyc,,
 yaml/__pycache__/serializer.cpython-311.pyc,,
 yaml/__pycache__/tokens.cpython-311.pyc,,
-yaml/_yaml.cpython-311-darwin.so,sha256=YiF55JiadfOvw_mUH-lONNnsiMHj6C6o1SBfTCvvW54,362008
+yaml/_yaml.cpython-311-darwin.so,sha256=YdahBTjS8KitV8Lm6bzs2ON1yRZtfHTI-UguNFhwElI,359272
 yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
 yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
 yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/WHEEL
new file mode 100644
index 000000000..cdc482d11
--- /dev/null
+++ b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.44.0)
+Root-Is-Purelib: false
+Tag: cp311-cp311-macosx_11_0_arm64
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-arm64/PyYAML-6.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/files.json b/lib/go-jinja2/internal/data/darwin-arm64/files.json
index 532a10fb7..98fe74971 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/files.json
+++ b/lib/go-jinja2/internal/data/darwin-arm64/files.json
@@ -1,83 +1,83 @@
 {
-  "contentHash": "48626c321042ac4869cc81d1f50b4d8e128dee0402cde937bac10c816fbca7cf",
+  "contentHash": "3df1fc1ab2f06f51df7c567c9e578ef90036ae53e1743079997397173dd09e19",
   "files": [
     {
-      "name": "MarkupSafe-2.1.5.dist-info",
+      "name": "MarkupSafe-3.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "name": "MarkupSafe-3.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "name": "MarkupSafe-3.0.2.dist-info/LICENSE.txt",
       "size": 1475,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
-      "size": 3003,
+      "name": "MarkupSafe-3.0.2.dist-info/METADATA",
+      "size": 3975,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
-      "size": 1191,
+      "name": "MarkupSafe-3.0.2.dist-info/RECORD",
+      "size": 1188,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "name": "MarkupSafe-3.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
-      "size": 115,
+      "name": "MarkupSafe-3.0.2.dist-info/WHEEL",
+      "size": 109,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "name": "MarkupSafe-3.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info",
+      "name": "PyYAML-6.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "name": "PyYAML-6.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "name": "PyYAML-6.0.2.dist-info/LICENSE",
       "size": 1101,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/METADATA",
-      "size": 2058,
+      "name": "PyYAML-6.0.2.dist-info/METADATA",
+      "size": 2060,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "name": "PyYAML-6.0.2.dist-info/RECORD",
       "size": 2773,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "name": "PyYAML-6.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "name": "PyYAML-6.0.2.dist-info/WHEEL",
       "size": 110,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "name": "PyYAML-6.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
@@ -417,47 +417,47 @@
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info",
+      "name": "jsonpath_ng-1.7.0.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "name": "jsonpath_ng-1.7.0.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "name": "jsonpath_ng-1.7.0.dist-info/LICENSE",
       "size": 11358,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
-      "size": 18072,
+      "name": "jsonpath_ng-1.7.0.dist-info/METADATA",
+      "size": 18400,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "name": "jsonpath_ng-1.7.0.dist-info/RECORD",
       "size": 2549,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "name": "jsonpath_ng-1.7.0.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "name": "jsonpath_ng-1.7.0.dist-info/WHEEL",
       "size": 92,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
-      "size": 69,
+      "name": "jsonpath_ng-1.7.0.dist-info/entry_points.txt",
+      "size": 70,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "name": "jsonpath_ng-1.7.0.dist-info/top_level.txt",
       "size": 12,
       "perm": 420
     },
@@ -508,32 +508,32 @@
     },
     {
       "name": "jsonpath_ng/ext/iterable.py",
-      "size": 3680,
+      "size": 4302,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/parser.py",
-      "size": 5351,
+      "size": 5416,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/string.py",
-      "size": 3261,
+      "size": 4045,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/jsonpath.py",
-      "size": 26402,
+      "size": 27219,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/lexer.py",
-      "size": 5231,
+      "size": 5276,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/parser.py",
-      "size": 5883,
+      "size": 6077,
       "perm": 420
     },
     {
@@ -543,28 +543,28 @@
     },
     {
       "name": "markupsafe/__init__.py",
-      "size": 10958,
+      "size": 13214,
       "perm": 420
     },
     {
       "name": "markupsafe/_native.py",
-      "size": 1713,
+      "size": 210,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.c",
-      "size": 7083,
+      "size": 4149,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.cpython-311-darwin.so",
-      "size": 117484,
+      "size": 50688,
       "perm": 493,
       "compressed": true
     },
     {
       "name": "markupsafe/_speedups.pyi",
-      "size": 229,
+      "size": 41,
       "perm": 420
     },
     {
@@ -800,7 +800,7 @@
     },
     {
       "name": "yaml/_yaml.cpython-311-darwin.so",
-      "size": 362008,
+      "size": 359272,
       "perm": 493,
       "compressed": true
     },
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
similarity index 91%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
index 86be119bc..3a7d08dd6 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
@@ -1,22 +1,21 @@
 Metadata-Version: 2.1
 Name: jsonpath-ng
-Version: 1.6.1
+Version: 1.7.0
 Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
 Home-page: https://github.com/h2non/jsonpath-ng
 Author: Tomas Aparicio
 Author-email: tomas@aparicio.me
 License: Apache 2.0
+Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
-License-File: LICENSE
 Requires-Dist: ply
 
 Python JSONPath Next-Generation |Build Status| |PyPI|
@@ -32,7 +31,7 @@ About
 -----
 
 This library provides a robust and significantly extended implementation
-of JSONPath for Python. It is tested with CPython 3.7 and higher.
+of JSONPath for Python. It is tested with CPython 3.8 and higher.
 
 This library differs from other JSONPath implementations in that it is a
 full *language* implementation, meaning the JSONPath expressions are
@@ -147,19 +146,21 @@ Atomic expressions:
 
 Jsonpath operators:
 
-+-------------------------------------+------------------------------------------------------------------------------------+
-| Syntax                              | Meaning                                                                            |
-+=====================================+====================================================================================+
-| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
-+-------------------------------------+------------------------------------------------------------------------------------+
++--------------------------------------+-----------------------------------------------------------------------------------+
+| Syntax                               | Meaning                                                                           |
++======================================+===================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*        | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*        |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``    | Same as *jsonpath*\ ``.``\ *whatever*                                             |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*       | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*    | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``wherenot`` *jsonpath2* | Any nodes matching *jsonpath1* with a child not matching *jsonpath2*              |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*        | Any nodes matching the union of *jsonpath1* and *jsonpath2*                       |
++--------------------------------------+-----------------------------------------------------------------------------------+
 
 Field specifiers ( *field* ):
 
@@ -236,6 +237,8 @@ To use the extensions below you must import from `jsonpath_ng.ext`.
 |              | - ``$.field.`sub(/regex/, replacement)```     |
 +--------------+-----------------------------------------------+
 | split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(",", *, -1)```             |
+|              | - ``$.field.`split(' ', -1, -1)```            |
 |              | - ``$.field.`split(sep, segement, maxsplit)```|
 +--------------+-----------------------------------------------+
 | sorted       | - ``$.objects.`sorted```                      |
@@ -377,3 +380,5 @@ limitations under the License.
    :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
 .. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
    :target: https://pypi.python.org/pypi/jsonpath-ng
+
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
similarity index 54%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
index 19f4cbb0d..48c2be260 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
@@ -1,13 +1,13 @@
 ../../bin/jsonpath_ng,sha256=MEQkAoAy6N4XZTeRMhkvVFsdFVAzzCOXEgaf5k65IuY,261
-jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
-jsonpath_ng-1.6.1.dist-info/RECORD,,
-jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
-jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
-jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng-1.7.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.7.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.7.0.dist-info/METADATA,sha256=SeIBPNOSwzieZEWYZ3rJOhSej3WLUbmbudGwGZVvzF8,18400
+jsonpath_ng-1.7.0.dist-info/RECORD,,
+jsonpath_ng-1.7.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.7.0.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
+jsonpath_ng-1.7.0.dist-info/entry_points.txt,sha256=X7ZlkFvz1kYSNtz7hXOsRc5L2o3SOCAV0f7IBViZkGQ,70
+jsonpath_ng-1.7.0.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=DU869YGlpMHa48K9X2Ypgb8OwjYU7kEtcea5mC6wv1I,116
 jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
 jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
 jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
@@ -27,9 +27,9 @@ jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
 jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
 jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
 jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
-jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
-jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
-jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
-jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
-jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
-jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
+jsonpath_ng/ext/iterable.py,sha256=f8PMyfT2MgSCvpQgNc0GNr6ULhxv3kj7tAqA0f7KvIE,4302
+jsonpath_ng/ext/parser.py,sha256=0nkxkF_ComJUMs0jUGzaf5KthC7phlPwcYQy7IHaSxU,5416
+jsonpath_ng/ext/string.py,sha256=m1fUl2yWTyI7I5auWXeM-O3gf0p3WV0CTh9be55Q884,4045
+jsonpath_ng/jsonpath.py,sha256=mfQmaDWfgz_Y6sAqTX-8CUpxoiOem_dg7R9S0ZFyBQE,27219
+jsonpath_ng/lexer.py,sha256=ZXGwVwv8RFPPDswue7pcgCMP4KIlYH_m6xpxQakLBA4,5276
+jsonpath_ng/parser.py,sha256=kirRhGux10hjc5nXqWtz1Ko2P_cfypZciekK1-PrWz4,6077
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
similarity index 65%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
index 57e3d840d..b552003ff 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.34.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
similarity index 98%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
index e1985ff19..105e6040a 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
@@ -1,2 +1,3 @@
 [console_scripts]
 jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
+
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng-1.7.0.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
index ed6553b2d..938f88c0d 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/__init__.py
@@ -3,4 +3,4 @@
 
 
 # Current package version
-__version__ = '1.6.1'
+__version__ = '1.7.0'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
index 40ae1eb5b..c5cd0dc08 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/iterable.py
@@ -116,3 +116,28 @@ def __str__(self):
 
     def __repr__(self):
         return 'Keys()'
+
+class Path(JSONPath):
+    """The JSONPath referring to the path of the current object.
+    Concrete syntax is 'path`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = str(datum.path)
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value,
+                                   context=datum,
+                                   path=Path())]
+
+    def __eq__(self, other):
+        return isinstance(other, Path)
+
+    def __str__(self):
+        return '`path`'
+
+    def __repr__(self):
+        return 'Path()'
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
index 756b72c69..fa67f4f22 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/parser.py
@@ -96,6 +96,8 @@ def p_jsonpath_named_operator(self, p):
             p[0] = _iterable.Len()
         elif p[1] == 'keys':
             p[0] = _iterable.Keys()
+        elif p[1] == 'path':
+            p[0] = _iterable.Path()
         elif p[1] == 'sorted':
             p[0] = _iterable.SortedThis()
         elif p[1].startswith("split("):
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
index 1cd27632d..9bf912dfb 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/ext/string.py
@@ -16,7 +16,13 @@
 
 
 SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
-SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+# Regex generated using the EZRegex package (ezregex.org)
+# EZRegex code: 
+# param1 = group(optional(either("'", '"')), name='quote') + group(chunk) + earlier_group('quote')
+# param2 = group(either(optional('-') + number, '*'))
+# param3 = group(optional('-') + number)
+# pattern = 'split' + ow + '(' + ow + param1 + ow + ',' + ow + param2 + ow + ',' + ow + param3 + ow + ')'
+SPLIT = re.compile(r"split(?:\s+)?\((?:\s+)?(?P<quote>(?:(?:'|\"))?)(.+)(?P=quote)(?:\s+)?,(?:\s+)?((?:(?:\-)?\d+|\*))(?:\s+)?,(?:\s+)?((?:\-)?\d+)(?:\s+)?\)")
 STR = re.compile(r"str\(\)")
 
 
@@ -60,23 +66,29 @@ def __str__(self):
 class Split(This):
     """String splitter
 
-    Concrete syntax is '`split(char, segment, max_split)`'
+    Concrete syntax is '`split(chars, segment, max_split)`'
+    `chars` can optionally be surrounded by quotes, to specify things like commas or spaces
+    `segment` can be `*` to select all
+    `max_split` can be negative, to indicate no limit
     """
 
     def __init__(self, method=None):
         m = SPLIT.match(method)
         if m is None:
             raise DefintionInvalid("%s is not valid" % method)
-        self.char = m.group(1)
-        self.segment = int(m.group(2))
-        self.max_split = int(m.group(3))
+        self.chars = m.group(2)
+        self.segment = m.group(3)
+        self.max_split = int(m.group(4))
         self.method = method
 
     def find(self, datum):
         datum = DatumInContext.wrap(datum)
         try:
-            value = datum.value.split(self.char, self.max_split)[self.segment]
-        except Exception:
+            if self.segment == '*':
+                value = datum.value.split(self.chars, self.max_split)
+            else:
+                value = datum.value.split(self.chars, self.max_split)[int(self.segment)]
+        except:
             return []
         return [DatumInContext.wrap(value)]
 
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
index 19e5a9eb3..c2e392b9c 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/jsonpath.py
@@ -369,6 +369,36 @@ def __eq__(self, other):
     def __hash__(self):
         return hash((self.left, self.right))
 
+
+class WhereNot(Where):
+    """
+    Identical to ``Where``, but filters for only those nodes that
+    do *not* have a match on the right.
+
+    >>> jsonpath = WhereNot(Fields('spam'), Fields('spam'))
+    >>> jsonpath.find({"spam": {"spam": 1}})
+    []
+    >>> matches = jsonpath.find({"spam": 1})
+    >>> matches[0].value
+    1
+
+    """
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data)
+                if not self.right.find(subdata)]
+
+    def __str__(self):
+        return '%s wherenot %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return (isinstance(other, WhereNot)
+                and other.left == self.left
+                and other.right == self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
 class Descendants(JSONPath):
     """
     JSONPath that matches first the left expression then any descendant
@@ -597,9 +627,9 @@ def update_or_create(self, data, val):
     def _update_base(self, data, val, create):
         if data is not None:
             for field in self.reified_fields(DatumInContext.wrap(data)):
-                if field not in data and create:
+                if create and field not in data:
                     data[field] = {}
-                if field in data:
+                if type(data) is not bool and field in data:
                     if hasattr(val, '__call__'):
                         data[field] = val(data[field], data, field)
                     else:
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
index b2ad5ee6d..bc86488d5 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/lexer.py
@@ -48,7 +48,10 @@ def tokenize(self, string):
 
     literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
 
-    reserved_words = { 'where': 'WHERE' }
+    reserved_words = {
+        'where': 'WHERE',
+        'wherenot': 'WHERENOT',
+    }
 
     tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
 
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
index 87e353ebf..a2ea6e678 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/jsonpath_ng/parser.py
@@ -33,12 +33,6 @@ def __init__(self, debug=False, lexer_class=None):
         self.debug = debug
         self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
 
-    def parse(self, string, lexer = None):
-        lexer = lexer or self.lexer_class()
-        return self.parse_token_stream(lexer.tokenize(string))
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-
         # Since PLY has some crufty aspects and dumps files, we try to keep them local
         # However, we need to derive the name of the output Python file :-/
         output_directory = os.path.dirname(__file__)
@@ -47,19 +41,24 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         except:
             module_name = __name__
 
+        start_symbol = 'jsonpath'
         parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
 
-        # And we regenerate the parse table every time;
-        # it doesn't actually take that long!
-        new_parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule = parsing_table_module,
-                                   outputdir = output_directory,
-                                   write_tables=0,
-                                   start = start_symbol,
-                                   errorlog = logger)
+        # Generate the parse table
+        self.parser = ply.yacc.yacc(module=self,
+                                    debug=self.debug,
+                                    tabmodule = parsing_table_module,
+                                    outputdir = output_directory,
+                                    write_tables=0,
+                                    start = start_symbol,
+                                    errorlog = logger)
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
 
-        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+    def parse_token_stream(self, token_iterator):
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
 
     # ===================== PLY Parser specification =====================
 
@@ -70,6 +69,7 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         ('left', '|'),
         ('left', '&'),
         ('left', 'WHERE'),
+        ('left', 'WHERENOT'),
     ]
 
     def p_error(self, t):
@@ -82,6 +82,7 @@ def p_jsonpath_binop(self, p):
         """jsonpath : jsonpath '.' jsonpath
                     | jsonpath DOUBLEDOT jsonpath
                     | jsonpath WHERE jsonpath
+                    | jsonpath WHERENOT jsonpath
                     | jsonpath '|' jsonpath
                     | jsonpath '&' jsonpath"""
         op = p[2]
@@ -92,6 +93,8 @@ def p_jsonpath_binop(self, p):
             p[0] = Descendants(p[1], p[3])
         elif op == 'where':
             p[0] = Where(p[1], p[3])
+        elif op == 'wherenot':
+            p[0] = WhereNot(p[1], p[3])
         elif op == '|':
             p[0] = Union(p[1], p[3])
         elif op == '&':
@@ -146,9 +149,12 @@ def p_jsonpath_parens(self, p):
     # Because fields in brackets cannot be '*' - that is reserved for array indices
     def p_fields_or_any(self, p):
         """fields_or_any : fields
-                         | '*'    """
+                         | '*'
+                         | NUMBER"""
         if p[1] == '*':
             p[0] = ['*']
+        elif isinstance(p[1], int):
+            p[0] = str(p[1])
         else:
             p[0] = p[1]
 
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
index b40f24c66..fee8dc7ac 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/__init__.py
@@ -1,29 +1,84 @@
-import functools
+from __future__ import annotations
+
+import collections.abc as cabc
 import string
-import sys
 import typing as t
 
+try:
+    from ._speedups import _escape_inner
+except ImportError:
+    from ._native import _escape_inner
+
 if t.TYPE_CHECKING:
     import typing_extensions as te
 
-    class HasHTML(te.Protocol):
-        def __html__(self) -> str:
-            pass
 
-    _P = te.ParamSpec("_P")
+class _HasHTML(t.Protocol):
+    def __html__(self, /) -> str: ...
+
+
+class _TPEscape(t.Protocol):
+    def __call__(self, s: t.Any, /) -> Markup: ...
+
+
+def escape(s: t.Any, /) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    # If the object is already a plain string, skip __html__ check and string
+    # conversion. This is the most common use case.
+    # Use type(s) instead of s.__class__ because a proxy object may be reporting
+    # the __class__ of the proxied value.
+    if type(s) is str:
+        return Markup(_escape_inner(s))
+
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(_escape_inner(str(s)))
+
+
+def escape_silent(s: t.Any | None, /) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
 
+    return escape(s)
 
-__version__ = "2.1.5"
 
+def soft_str(s: t.Any, /) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
 
-def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
-    @functools.wraps(func)
-    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
-        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
-        _escape_argspec(kwargs, kwargs.items(), self.escape)
-        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
 
-    return wrapped  # type: ignore[return-value]
+    return s
 
 
 class Markup(str):
@@ -65,82 +120,72 @@ class Markup(str):
     __slots__ = ()
 
     def __new__(
-        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
-    ) -> "te.Self":
-        if hasattr(base, "__html__"):
-            base = base.__html__()
+        cls, object: t.Any = "", encoding: str | None = None, errors: str = "strict"
+    ) -> te.Self:
+        if hasattr(object, "__html__"):
+            object = object.__html__()
 
         if encoding is None:
-            return super().__new__(cls, base)
+            return super().__new__(cls, object)
 
-        return super().__new__(cls, base, encoding, errors)
+        return super().__new__(cls, object, encoding, errors)
 
-    def __html__(self) -> "te.Self":
+    def __html__(self, /) -> te.Self:
         return self
 
-    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.__class__(super().__add__(self.escape(other)))
+    def __add__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.__class__(super().__add__(self.escape(value)))
 
         return NotImplemented
 
-    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.escape(other).__add__(self)
+    def __radd__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.escape(value).__add__(self)
 
         return NotImplemented
 
-    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
-        if isinstance(num, int):
-            return self.__class__(super().__mul__(num))
+    def __mul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-        return NotImplemented
-
-    __rmul__ = __mul__
+    def __rmul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-    def __mod__(self, arg: t.Any) -> "te.Self":
-        if isinstance(arg, tuple):
+    def __mod__(self, value: t.Any, /) -> te.Self:
+        if isinstance(value, tuple):
             # a tuple of arguments, each wrapped
-            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
-        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            value = tuple(_MarkupEscapeHelper(x, self.escape) for x in value)
+        elif hasattr(type(value), "__getitem__") and not isinstance(value, str):
             # a mapping of arguments, wrapped
-            arg = _MarkupEscapeHelper(arg, self.escape)
+            value = _MarkupEscapeHelper(value, self.escape)
         else:
             # a single argument, wrapped with the helper and a tuple
-            arg = (_MarkupEscapeHelper(arg, self.escape),)
+            value = (_MarkupEscapeHelper(value, self.escape),)
 
-        return self.__class__(super().__mod__(arg))
+        return self.__class__(super().__mod__(value))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return f"{self.__class__.__name__}({super().__repr__()})"
 
-    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
-        return self.__class__(super().join(map(self.escape, seq)))
-
-    join.__doc__ = str.join.__doc__
+    def join(self, iterable: cabc.Iterable[str | _HasHTML], /) -> te.Self:
+        return self.__class__(super().join(map(self.escape, iterable)))
 
     def split(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().split(sep, maxsplit)]
 
-    split.__doc__ = str.split.__doc__
-
     def rsplit(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
 
-    rsplit.__doc__ = str.rsplit.__doc__
-
     def splitlines(  # type: ignore[override]
-        self, keepends: bool = False
-    ) -> t.List["te.Self"]:
+        self, /, keepends: bool = False
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().splitlines(keepends)]
 
-    splitlines.__doc__ = str.splitlines.__doc__
-
-    def unescape(self) -> str:
+    def unescape(self, /) -> str:
         """Convert escaped markup back into a text string. This replaces
         HTML entities with the characters they represent.
 
@@ -151,7 +196,7 @@ def unescape(self) -> str:
 
         return unescape(str(self))
 
-    def striptags(self) -> str:
+    def striptags(self, /) -> str:
         """:meth:`unescape` the markup, remove tags, and normalize
         whitespace to single spaces.
 
@@ -163,31 +208,17 @@ def striptags(self) -> str:
         # Look for comments then tags separately. Otherwise, a comment that
         # contains a tag would end early, leaving some of the comment behind.
 
-        while True:
-            # keep finding comment start marks
-            start = value.find("<!--")
-
-            if start == -1:
-                break
-
+        # keep finding comment start marks
+        while (start := value.find("<!--")) != -1:
             # find a comment end mark beyond the start, otherwise stop
-            end = value.find("-->", start)
-
-            if end == -1:
+            if (end := value.find("-->", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 3:]}"
 
         # remove tags using the same method
-        while True:
-            start = value.find("<")
-
-            if start == -1:
-                break
-
-            end = value.find(">", start)
-
-            if end == -1:
+        while (start := value.find("<")) != -1:
+            if (end := value.find(">", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 1:]}"
@@ -197,7 +228,7 @@ def striptags(self) -> str:
         return self.__class__(value).unescape()
 
     @classmethod
-    def escape(cls, s: t.Any) -> "te.Self":
+    def escape(cls, s: t.Any, /) -> te.Self:
         """Escape a string. Calls :func:`escape` and ensures that for
         subclasses the correct type is returned.
         """
@@ -208,49 +239,90 @@ def escape(cls, s: t.Any) -> "te.Self":
 
         return rv  # type: ignore[return-value]
 
-    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
-    capitalize = _simple_escaping_wrapper(str.capitalize)
-    title = _simple_escaping_wrapper(str.title)
-    lower = _simple_escaping_wrapper(str.lower)
-    upper = _simple_escaping_wrapper(str.upper)
-    replace = _simple_escaping_wrapper(str.replace)
-    ljust = _simple_escaping_wrapper(str.ljust)
-    rjust = _simple_escaping_wrapper(str.rjust)
-    lstrip = _simple_escaping_wrapper(str.lstrip)
-    rstrip = _simple_escaping_wrapper(str.rstrip)
-    center = _simple_escaping_wrapper(str.center)
-    strip = _simple_escaping_wrapper(str.strip)
-    translate = _simple_escaping_wrapper(str.translate)
-    expandtabs = _simple_escaping_wrapper(str.expandtabs)
-    swapcase = _simple_escaping_wrapper(str.swapcase)
-    zfill = _simple_escaping_wrapper(str.zfill)
-    casefold = _simple_escaping_wrapper(str.casefold)
-
-    if sys.version_info >= (3, 9):
-        removeprefix = _simple_escaping_wrapper(str.removeprefix)
-        removesuffix = _simple_escaping_wrapper(str.removesuffix)
-
-    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().partition(self.escape(sep))
+    def __getitem__(self, key: t.SupportsIndex | slice, /) -> te.Self:
+        return self.__class__(super().__getitem__(key))
+
+    def capitalize(self, /) -> te.Self:
+        return self.__class__(super().capitalize())
+
+    def title(self, /) -> te.Self:
+        return self.__class__(super().title())
+
+    def lower(self, /) -> te.Self:
+        return self.__class__(super().lower())
+
+    def upper(self, /) -> te.Self:
+        return self.__class__(super().upper())
+
+    def replace(self, old: str, new: str, count: t.SupportsIndex = -1, /) -> te.Self:
+        return self.__class__(super().replace(old, self.escape(new), count))
+
+    def ljust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().ljust(width, self.escape(fillchar)))
+
+    def rjust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().rjust(width, self.escape(fillchar)))
+
+    def lstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().lstrip(chars))
+
+    def rstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().rstrip(chars))
+
+    def center(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().center(width, self.escape(fillchar)))
+
+    def strip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().strip(chars))
+
+    def translate(
+        self,
+        table: cabc.Mapping[int, str | int | None],  # type: ignore[override]
+        /,
+    ) -> str:
+        return self.__class__(super().translate(table))
+
+    def expandtabs(self, /, tabsize: t.SupportsIndex = 8) -> te.Self:
+        return self.__class__(super().expandtabs(tabsize))
+
+    def swapcase(self, /) -> te.Self:
+        return self.__class__(super().swapcase())
+
+    def zfill(self, width: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().zfill(width))
+
+    def casefold(self, /) -> te.Self:
+        return self.__class__(super().casefold())
+
+    def removeprefix(self, prefix: str, /) -> te.Self:
+        return self.__class__(super().removeprefix(prefix))
+
+    def removesuffix(self, suffix: str) -> te.Self:
+        return self.__class__(super().removesuffix(suffix))
+
+    def partition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().partition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().rpartition(self.escape(sep))
+    def rpartition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().rpartition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+    def format(self, *args: t.Any, **kwargs: t.Any) -> te.Self:
         formatter = EscapeFormatter(self.escape)
         return self.__class__(formatter.vformat(self, args, kwargs))
 
-    def format_map(  # type: ignore[override]
-        self, map: t.Mapping[str, t.Any]
-    ) -> "te.Self":
+    def format_map(
+        self,
+        mapping: cabc.Mapping[str, t.Any],  # type: ignore[override]
+        /,
+    ) -> te.Self:
         formatter = EscapeFormatter(self.escape)
-        return self.__class__(formatter.vformat(self, (), map))
+        return self.__class__(formatter.vformat(self, (), mapping))
 
-    def __html_format__(self, format_spec: str) -> "te.Self":
+    def __html_format__(self, format_spec: str, /) -> te.Self:
         if format_spec:
             raise ValueError("Unsupported format specification for Markup.")
 
@@ -260,8 +332,8 @@ def __html_format__(self, format_spec: str) -> "te.Self":
 class EscapeFormatter(string.Formatter):
     __slots__ = ("escape",)
 
-    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.escape = escape
+    def __init__(self, escape: _TPEscape) -> None:
+        self.escape: _TPEscape = escape
         super().__init__()
 
     def format_field(self, value: t.Any, format_spec: str) -> str:
@@ -278,55 +350,46 @@ def format_field(self, value: t.Any, format_spec: str) -> str:
         else:
             # We need to make sure the format spec is str here as
             # otherwise the wrong callback methods are invoked.
-            rv = string.Formatter.format_field(self, value, str(format_spec))
+            rv = super().format_field(value, str(format_spec))
         return str(self.escape(rv))
 
 
-_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
-
-
-def _escape_argspec(
-    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
-) -> _ListOrDict:
-    """Helper for various string-wrapped functions."""
-    for key, value in iterable:
-        if isinstance(value, str) or hasattr(value, "__html__"):
-            obj[key] = escape(value)
-
-    return obj
-
-
 class _MarkupEscapeHelper:
     """Helper for :meth:`Markup.__mod__`."""
 
     __slots__ = ("obj", "escape")
 
-    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.obj = obj
-        self.escape = escape
+    def __init__(self, obj: t.Any, escape: _TPEscape) -> None:
+        self.obj: t.Any = obj
+        self.escape: _TPEscape = escape
 
-    def __getitem__(self, item: t.Any) -> "te.Self":
-        return self.__class__(self.obj[item], self.escape)
+    def __getitem__(self, key: t.Any, /) -> te.Self:
+        return self.__class__(self.obj[key], self.escape)
 
-    def __str__(self) -> str:
+    def __str__(self, /) -> str:
         return str(self.escape(self.obj))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return str(self.escape(repr(self.obj)))
 
-    def __int__(self) -> int:
+    def __int__(self, /) -> int:
         return int(self.obj)
 
-    def __float__(self) -> float:
+    def __float__(self, /) -> float:
         return float(self.obj)
 
 
-# circular import
-try:
-    from ._speedups import escape as escape
-    from ._speedups import escape_silent as escape_silent
-    from ._speedups import soft_str as soft_str
-except ImportError:
-    from ._native import escape as escape
-    from ._native import escape_silent as escape_silent  # noqa: F401
-    from ._native import soft_str as soft_str  # noqa: F401
+def __getattr__(name: str) -> t.Any:
+    if name == "__version__":
+        import importlib.metadata
+        import warnings
+
+        warnings.warn(
+            "The '__version__' attribute is deprecated and will be removed in"
+            " MarkupSafe 3.1. Use feature detection, or"
+            ' `importlib.metadata.version("markupsafe")`, instead.',
+            stacklevel=2,
+        )
+        return importlib.metadata.version("markupsafe")
+
+    raise AttributeError(name)
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
index 8117b2716..088b3bca9 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_native.py
@@ -1,63 +1,8 @@
-import typing as t
-
-from . import Markup
-
-
-def escape(s: t.Any) -> Markup:
-    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
-    the string with HTML-safe sequences. Use this if you need to display
-    text that might contain such characters in HTML.
-
-    If the object has an ``__html__`` method, it is called and the
-    return value is assumed to already be safe for HTML.
-
-    :param s: An object to be converted to a string and escaped.
-    :return: A :class:`Markup` string with the escaped text.
-    """
-    if hasattr(s, "__html__"):
-        return Markup(s.__html__())
-
-    return Markup(
-        str(s)
-        .replace("&", "&amp;")
+def _escape_inner(s: str, /) -> str:
+    return (
+        s.replace("&", "&amp;")
         .replace(">", "&gt;")
         .replace("<", "&lt;")
         .replace("'", "&#39;")
         .replace('"', "&#34;")
     )
-
-
-def escape_silent(s: t.Optional[t.Any]) -> Markup:
-    """Like :func:`escape` but treats ``None`` as the empty string.
-    Useful with optional values, as otherwise you get the string
-    ``'None'`` when the value is ``None``.
-
-    >>> escape(None)
-    Markup('None')
-    >>> escape_silent(None)
-    Markup('')
-    """
-    if s is None:
-        return Markup()
-
-    return escape(s)
-
-
-def soft_str(s: t.Any) -> str:
-    """Convert an object to a string if it isn't already. This preserves
-    a :class:`Markup` string rather than converting it back to a basic
-    string, so it will still be marked as safe and won't be escaped
-    again.
-
-    >>> value = escape("<User 1>")
-    >>> value
-    Markup('&lt;User 1&gt;')
-    >>> escape(str(value))
-    Markup('&amp;lt;User 1&amp;gt;')
-    >>> escape(soft_str(value))
-    Markup('&lt;User 1&gt;')
-    """
-    if not isinstance(s, str):
-        return str(s)
-
-    return s
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
index 3c463fb82..09dd57caa 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.c
@@ -1,22 +1,5 @@
 #include <Python.h>
 
-static PyObject* markup;
-
-static int
-init_constants(void)
-{
-	PyObject *module;
-
-	/* import markup type so that we can mark the return value */
-	module = PyImport_ImportModule("markupsafe");
-	if (!module)
-		return 0;
-	markup = PyObject_GetAttrString(module, "Markup");
-	Py_DECREF(module);
-
-	return 1;
-}
-
 #define GET_DELTA(inp, inp_end, delta) \
 	while (inp < inp_end) { \
 		switch (*inp++) { \
@@ -166,135 +149,29 @@ escape_unicode_kind4(PyUnicodeObject *in)
 }
 
 static PyObject*
-escape_unicode(PyUnicodeObject *in)
+escape_unicode(PyObject *self, PyObject *s)
 {
-	if (PyUnicode_READY(in))
+	if (!PyUnicode_Check(s))
+		return NULL;
+
+    // This check is no longer needed in Python 3.12.
+	if (PyUnicode_READY(s))
 		return NULL;
 
-	switch (PyUnicode_KIND(in)) {
+	switch (PyUnicode_KIND(s)) {
 	case PyUnicode_1BYTE_KIND:
-		return escape_unicode_kind1(in);
+		return escape_unicode_kind1((PyUnicodeObject*) s);
 	case PyUnicode_2BYTE_KIND:
-		return escape_unicode_kind2(in);
+		return escape_unicode_kind2((PyUnicodeObject*) s);
 	case PyUnicode_4BYTE_KIND:
-		return escape_unicode_kind4(in);
+		return escape_unicode_kind4((PyUnicodeObject*) s);
 	}
 	assert(0);  /* shouldn't happen */
 	return NULL;
 }
 
-static PyObject*
-escape(PyObject *self, PyObject *text)
-{
-	static PyObject *id_html;
-	PyObject *s = NULL, *rv = NULL, *html;
-
-	if (id_html == NULL) {
-		id_html = PyUnicode_InternFromString("__html__");
-		if (id_html == NULL) {
-			return NULL;
-		}
-	}
-
-	/* we don't have to escape integers, bools or floats */
-	if (PyLong_CheckExact(text) ||
-		PyFloat_CheckExact(text) || PyBool_Check(text) ||
-		text == Py_None)
-		return PyObject_CallFunctionObjArgs(markup, text, NULL);
-
-	/* if the object has an __html__ method that performs the escaping */
-	html = PyObject_GetAttr(text ,id_html);
-	if (html) {
-		s = PyObject_CallObject(html, NULL);
-		Py_DECREF(html);
-		if (s == NULL) {
-			return NULL;
-		}
-		/* Convert to Markup object */
-		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-		Py_DECREF(s);
-		return rv;
-	}
-
-	/* otherwise make the object unicode if it isn't, then escape */
-	PyErr_Clear();
-	if (!PyUnicode_Check(text)) {
-		PyObject *unicode = PyObject_Str(text);
-		if (!unicode)
-			return NULL;
-		s = escape_unicode((PyUnicodeObject*)unicode);
-		Py_DECREF(unicode);
-	}
-	else
-		s = escape_unicode((PyUnicodeObject*)text);
-
-	/* convert the unicode string into a markup object. */
-	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-	Py_DECREF(s);
-	return rv;
-}
-
-
-static PyObject*
-escape_silent(PyObject *self, PyObject *text)
-{
-	if (text != Py_None)
-		return escape(self, text);
-	return PyObject_CallFunctionObjArgs(markup, NULL);
-}
-
-
-static PyObject*
-soft_str(PyObject *self, PyObject *s)
-{
-	if (!PyUnicode_Check(s))
-		return PyObject_Str(s);
-	Py_INCREF(s);
-	return s;
-}
-
-
 static PyMethodDef module_methods[] = {
-	{
-		"escape",
-		(PyCFunction)escape,
-		METH_O,
-		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
-		" the string with HTML-safe sequences. Use this if you need to display"
-		" text that might contain such characters in HTML.\n\n"
-		"If the object has an ``__html__`` method, it is called and the"
-		" return value is assumed to already be safe for HTML.\n\n"
-		":param s: An object to be converted to a string and escaped.\n"
-		":return: A :class:`Markup` string with the escaped text.\n"
-	},
-	{
-		"escape_silent",
-		(PyCFunction)escape_silent,
-		METH_O,
-		"Like :func:`escape` but treats ``None`` as the empty string."
-		" Useful with optional values, as otherwise you get the string"
-		" ``'None'`` when the value is ``None``.\n\n"
-		">>> escape(None)\n"
-		"Markup('None')\n"
-		">>> escape_silent(None)\n"
-		"Markup('')\n"
-	},
-	{
-		"soft_str",
-		(PyCFunction)soft_str,
-		METH_O,
-		"Convert an object to a string if it isn't already. This preserves"
-		" a :class:`Markup` string rather than converting it back to a basic"
-		" string, so it will still be marked as safe and won't be escaped"
-		" again.\n\n"
-		">>> value = escape(\"<User 1>\")\n"
-		">>> value\n"
-		"Markup('&lt;User 1&gt;')\n"
-		">>> escape(str(value))\n"
-		"Markup('&amp;lt;User 1&amp;gt;')\n"
-		">>> escape(soft_str(value))\n"
-		"Markup('&lt;User 1&gt;')\n"
-	},
+	{"_escape_inner", (PyCFunction)escape_unicode, METH_O, NULL},
 	{NULL, NULL, 0, NULL}  /* Sentinel */
 };
 
@@ -313,8 +190,15 @@ static struct PyModuleDef module_definition = {
 PyMODINIT_FUNC
 PyInit__speedups(void)
 {
-	if (!init_constants())
+	PyObject *m = PyModule_Create(&module_definition);
+
+	if (m == NULL) {
 		return NULL;
+	}
+
+	#ifdef Py_GIL_DISABLED
+	PyUnstable_Module_SetGIL(m, Py_MOD_GIL_NOT_USED);
+	#endif
 
-	return PyModule_Create(&module_definition);
+	return m;
 }
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.cpython-311-darwin.so.gz
index 4b2e8d832d53986fbdc3eeab9af3fb20ed756168..7780f8ea037d650b40ed6461298c602b71b61293 100644
GIT binary patch
literal 2703
zcmaKuXHXM}7KMZK1q4M!x}X9Qn$naK1ec=H6bVI|R5A2W!iE5fjgCU3NU;FH1Ote)
z7@A;$M2djaU|4}bAO%o*%5#6bnfK@I`Eh3M%$YlL=gxd{lru#D|L6dZJ`0JGUTPCw
z<6-Nyr-T+V>raRtHX;(K{`8_$#NqCz0(yn1hx)srYWddgV&E`ut<T*D6{G~NXI)Oa
zp78XJiS$Q%{+LTvrhyso%nVbBP!pA+Gb*QL@^4l96*`_%Ii*^}sEyB_fD{jZj@^4X
z6iH~@r|;7nS^LYbYQEr7T=HVDQ5PUpsY?Lh8rl`nr^c^wi?2LE3k&r#(1|OpW>*0V
z6G5lmKYTd)esgdjKetJ?=PU+mdhk|U-_LGm(!;r;%`3<Hh%v6USd`mJP;L#;Si~V&
zCGV9_+4VY`qm<<2O;Dts0hN7FW7F}?kLcs_LleT6_*xQ1k8dW4Ee1SMQ~H>Lp7=3K
z-@?IK5?<?Cw>vI!H_=7y1MEt~hX1?4o=k<zok!q0&(-4%7KHOF1s0+Fa{1el8xL&0
z=*OA2-|3{?*rgqxvJLeqjQDm<;=bWeQB=7M9HQjl2%4l$%|U)}UUn62)}r0b>%<rL
z_3%1{`U_)N==o;N%^bA<Y|F1sHII<Rcdo!=7WlB`#w^IVtefE#n(1q_i^zQv(v0>~
zkHFV>2Y>3|*kw{C34+`^nXQ~dg1V<1xb2s!Mf*@o&PTB?4}G5aWr<l4@Ux5N=qz4P
zCoy-q8NO~#)6h~x>)vxJbX(KBa3W8z(!s7=9gai{waWH)$f+VIm;%oc^3=F>=*TS8
z^WNPH4ory=%5<}z-CBXUJM|7ECNhr&1g|JOCc*1&q)P%hc-wT!Dqnx(wzbNADJzlx
zZ<oPy8V65oY&6$%4APR;LuY9~WN7)_Vp=)LTDDvsgrM)KU7|xk`tjl3VEW1meRA&E
zdPDc4*e6e;y{u9ex>riPR`I&A_HOCORZtds7lFfLDf-LeOLH9$t*|qBJy`FeG^!py
z(Tcz1t(Jn==rF!Vgm|ktkW2N~`C9V%bVuNTqAEmgm^L>lwoqZOTTF5Oa++N1<^QyM
z_|`2o3A(|@Yk~_CfoQ_WLPMJL-%)^Fru1X8YkhxeeJSWNsWwMr+o1;(gzm#bPK2@a
zi15a*6u5N=bMFK8#cDx123;1f>G>p0#F%ko>>fRN751lJSgz+}Eq8+)b;JHeTP%^g
z{KO!sW4?M>FL1sHc{agr2xo9MtTRk>26Yx*P0t&T>}tT6#9lV9`K(#Y3p`s0v)AvG
zt2Q_BM+luicZgY*UXQ4_@ZD62(=L4sN<@r)&mO0q7%^kaE?dPX@k-Vo-&kN~XV}N{
zddYUb@&!r?Suh>VZ?L`UW%u&C0SW=jt$I7b%z1H>x1l}IwgQ#yq_6JKYkM9=&-`_G
zpPIOhP+ADG?Xm6@D`Z%fxaPH$mA`add|^q23}lpbYv=Z2u|BdNnj@^~kmN-AUUg7|
zd`HRT;;X9PkGyK;rYQsOMa4a7&9Rv2iV;P~sY+-auE_Mi`<FS7^xk&+NX)E6*k`u#
z5vZt3M!QP(YU9E>PaZ-(m7Bn~%TSk^!erG2O~0<FujY%_R8YGQ-^AU^xoT}!RD79b
zhCI}qvOFC`@l4WK<6=V?x-dyWP;2WD_ay6Omv<Le8yNN^{UVp;K59BrV)3mQhvhGm
zsC{z@z1a*YoaKB0^6{rJ&7@UbVw@31iie;=pj@ZB^QTCzt1}IRkt}MyxI(0420>j;
z9(_fkSP@K!0ef%1!ZCj#wkCHb4sc$%ui2QW^1pI_G03@ygd3+Z#Y)ykFNQeFQt$%A
zAqas2&Ti4}Uf2JfU=;T`%E5*O9x46p!(UICo()(fiOqQGf7}XWH!9tv^ww)9a&2<o
z>H@=_i_`0{DJP!d<12~dg)g&+e}y4%^$sglG*WnoP7QVAkKr@sJp&~sdmBHDfYQyb
zSj$RH;aT5BRn>vldcrv*tqJex978dr4>#J`U@$D!P1`syE-GuWwwak6H=7>)eC%qd
z<dya@DigdE{3*PmvTq8#V24;GJ)Rjyv0!sv8TeEaC-tRvQ=1gY;Dg&Ol?d9LbL7<o
zEyaQy{diqP`>kJyHk3Zkw*!O;r_BkxDNJXaEN=%l<s24DLsoqTH6xH`wxdIA-sOg`
zfVLp}HE-H3x;7Sc&!ysWOUPGTnc_leh%+(4HG88w;t@%Csv#wsD4Hx8=G1T5S}3?t
zcQjgb(`Qg%qsnXR_t7H-Kb<<Kl5P5f^5dogBaDW3ALw+h{&Hw|p>Y0AV4HwDX=))6
zw_@fJ2eJg!0dm0fKNlLSA_-Y&ID`*sbwun$r}CW+wG6@FMYh;At)jQ3DZhtI<hG76
zp9o*8Z~AkC2I*AcRNwSWz>Nbn<Gs-Qb+!9Z78zeF70TASa{Z6IJp8RcTF0-!UCp7f
zQm^Nnj0?)q&;wQNY_j>ifu+@S16F#Ma4coG?V84XTC!zS(@xsl1HblB-L;51<6Y(j
z{<(-nUci_wI8nFU#b-(JFQWJUA00Zo<-p9OMMltTucu9c<gKI7f5YYfz?A)b2T75d
zL@R7-5C;WM{wy-BMR5|AtUqzr%4R#Sw(&;Hc56_%kN*|F|J~P@l3HqY{@G4;GR8ao
zg4@mfOv#6yMr-n9pF*jwl3=<mK<s=+GviPNrt0#X@*g6Dc~Nz--W7Om&4f1#D$3Tp
z)foG=HFe(Ajd5@Eo0_-rQWV~HZEU~Fj<D7gPQo*#hJ-oy=I*QupY_0DdoD<(LX`r}
zg`1~}epzE3*r}QXxFab?C$YV!udwllB{@t0e^=Gsp|rH?wJSY|4s17oeD@2KVZ!Jz
zCrCWXF%cx@htqsUK=JGOpZBSf)pZ%5boXuhj*y3fvhXRly*zyzf)SruJSq%2)6q*y
zqzlH62$_cKh!WTv1q!;=Q~K(rJwT051K{Tv?co1uc_`r*XoUXaD?H@(MAmdEUaB@>
zPq4$<QFut*h0V8}KbQyje$t}vbXY8WR;6VKzWUTw#Bj&U@=KzDhQK}O0d1c;siMXy
zncJoF(L!=J*_KN-mIyiVG0Y{hr?UsAOlE5MM?}nksHjp(G0}r1);x%<(EwI3#9`Ed
zGH+I-nBfk-5eU?L?<AjG6ggJ%4VzM`C_L$buAujIa-)sJ>Vxa&E3;L?v%!G4{vFth
zC39dV-E?2q#)dImjOOc+u3*Fn8GUFEvQ(Z1cew6gzHcRO>9jL27OdEXWEk}UFOj1@
zdh-V{AQA3uVg8Qutzu%A8<iN4MBYa^8Nb7<j`Y4IHiMe>bvtP_p%rn<GlW$xHJhqE
zn!;+>!1*R^b**DKGR;~)m0;@8pm)2kU1l_2Q<}I5iWc1YG^c0yUD(#AmX*j-<vs%t
zZ)QTh&Sz?U#8##P(Zr3$aD6#!@=>>KB<EfHc;@$46S#Z2yf^G#Gv=eA0Suc(IQawT
aN42KuvxR^6P9Bf%ALGUg_5%n2z<&U}HhGc&

literal 8041
zcmbW+WmMEp+c@wqBB0XJAxMg_fOJVoO9~>rbeD83@e>K97wHs1nxzGST@VD8?w0Oa
zmRf4z@xIUbzxtnZpXYw&TxaIRyqP&OXU_GxhB@W|@UM37Za;_An_;qf89|5qw11O?
zOY%_oce1RwD0{6Y(Wir%BoAnOhZ>`aV;k(_s3E-x>zHZ=-Aa>=&ThK0h)e?}fY~+G
z)p49p+~jAgO#X=872_+0+x>9%(>GkMFTOO2Mv4Z@MeAkHdf8W1jLv8|rui-A`oWhZ
z#@d#!w+lgtAfIPw389mP2xjbkz!2Yp4-f}hfka6hfRHZiQqH1x+6$E^Do1u-{=bNI
ziml%#C~!JqyExE}w@G}5W(;F0LofoLjR5&0SI4tKvUaJuYz0{_hq|W@V=}zfb_r=9
zk$&6&x>?7#y^n?Zl=t=3>r3mpz20SP_{Izv-k1q5W>@&XQvKY;VH@c$Lytlj+ng7y
z5q8<=XZb+v9a=eK_FH=;AHI^C{8GIjp#IWb<Vl*4iB_jpOj@E;r>D+?{(~C2Rbn?m
zb%c@~zo1O5HrP@%d(a2|lkU6+R1_ZK`MsM%<$eRt9CgeC56ujb+<sOmkW+0gVeRHD
z`FQR6zCRy5Y=(7yjd$QUA)1E4oGy;0ws*?k3uk$(!e9Okg+22UR(O#v27(SA`(8$q
z;VxUbW#Uq?W^HF^uoyi)Q;q%3o5e5|#O`RK&7Idf*j3YQjFSlZ=39umVV5gcVt#$^
zh^W2u8b|!6dD^}9-VmTR<phOK>kACj-PnEJi8|H02c(&@^JAs$Or`P)u-UV%%WWO=
zRm|AypCge!((R+(6?uKhB4`JNmAgu?ZLQ<)I^XiW+e%FO!uhsH_^}&XUMin{azQS`
z%Z@75romI50uQZyG0gjiDdw~8v*QmwJpB*Rd-r31RS)6nxO(k$>&Vo;4Sxy1?G4K}
z^m;Dfd+`If%X&R3DAvK!>?9=s@<Tzp>0)B<8-bd&`JnS9AbZ&^FRa}ng9xgSB+ZA+
zP{uc4k}rJn%CBA2De?jnP=l94tly%#1mUpn)5I@~ox0&YE`H1x0>Dw5So6g$-qr#@
zKWxB%AzkXST29ld!99I4nRm-uTCt%AJ1NbJyA_;f^wC$?70;6dhxneBnubMA4AcMI
z+RbdL+;Xv6@+Vj_(NmRF%i)t%A~5t*&#4aDFK@QlWLI`?+jBV%#gPlKV#}~%CWa8J
zsq9{C$5?z6@zhZyB3Zu|%kQkQ^Ub^$@9C4~esczXj<U{)#vgWE%=rR7si%@Zp^6$$
zoVRnoJu{6fB~@{MK@Ua}Z5g)onEAIGGWdO+He`lh{UoKn=iud=Anh$beYu!9yoviI
zkC%B-+P4oc5&hz15aX7Uslu0c^&T@b&Q~krMJwaO*@CMI)BaN>$!zpZ*8PyGiI)I8
zZy?8sCZ>@au5Kw_z^QJ=oGffk@TjQF9ws&a*~*@y`m<$NS$oa6c4)K?lt=}|s=I6j
znOvaX>H1-A+G@U>L9E?_Z_nW($jH9DpNJbxfR@2pGstgPeO44~<%RJAwa@T>`VK3K
zMU`*u4KbY@9}Yf?o{S6DO4W9i=rEAkIE3fnIc%Ton&@gz`XF|eLtlMA6IR1gc!!Ij
z|7<ZH9ugDDHOrjiD14YoLkEi$g)=pfpbnpaYSu!(#9J$~dvwzzo-MZ|NHOrJOtu7?
zK`_<HsN9l+8#a{8P4=<LV(<mtnHU7)(Q^T_-|5U=6c=)4Zr-_QS&(IaQmsr7`a;sb
ze|uT;Tevw|`sa1~54ter%?oXBX=df6424j60$S^>vnel9&%<0;A{{0qm-(8zlnmDU
zg{FPm+7WhO1V+~ze4s6kKmOwm=?cAYYL*$YMQICy;V>l9kJ;xZDI{fp)8`j<h694R
zoEx%jy*}#Sg;)vYE*<hM5REL$Ky-be5>3p`Rz&6fMCB5Z`ry=DEMZ{OSMA4b*Xp0E
z_7wLH<F|imfx7Q0+s+`1bLXbKUe6oKyo3)(-V9pABZAT$OCYaJHbY$C8ApC<WhqO-
zO{B8ra7*?Z5xB~9m9tHJS{{e<t`F(${x)jU7x8|&B-NVf@#W4w$1Ndpp{c3pW`Cx$
zyJOpeUbnahuCN;{mV*A%b3xG78q{Cz(`NE1c&%|!>JmLXSm=d0A_7JeL<EFdT7sMm
zooatyh`8|2r(RWmy%xXA|1sKTYo&f^LY#s)TxW=f|Bi2d0*IYcL1<zlBnQ)4HArCA
zT7aL&5LN;>J5(AX*iCQ`d5WM1d{12=`CqU7J5rB-TpU^tb@zFkp}{Jcqn$&qeo6I9
zI3B_l=OWBYcKGGD1PxM1Ii0@`N&AH#!_PcB2g(f<>o;c8#ZqrGNxVFP?(-psnyz~P
zxrZ-qcXoEYNEEP3+1}jV_?OlxHbDc>tik#8AKi=gfZHyQValg7=~{~fnvU0o1XS<!
z`esMLp%AaA^33(3Z-3X5n?aMhzR`2Y4DG5<9{AD{Dn5YWopI3A^4-o6u7B_*y7R&^
zli{&iz(B8NBi6HDhuab)GYFK(-xn^4MBC2Ji5cn5TRI>$wuwxIwjyAQ!N2}sB>|V`
zq2)F12PoPw^ciH=+Zu_Y*9)}X9UO(#0%tur<uUK7%1iEMHz$X7T?bGMKNGgnB`gQX
z*6aObH{a(jHdWNkU}xSdSa^{N3x2y&eOJve*3snvxnXt`j3w(EMVr)Wq}g0mG9skZ
z&&U<@$tweIjzN<Qj`~r`Jv)rfqdqwruywJx=Q)POi;Tg)#1Dtk)7G-~e6!MQ{8(Pz
zB~?vp+sTx3`UFqg_|88=?-XvxYV7_LEZtj69Y$#EUKLgzBwv^Ybb!RbBWJcW-q^4W
z3V8lrcw?jX>IuT}askh58pfT8n{Te~0x@@mzy#pZ-F_M9;7YWaCB)nv;{F0&9*c_W
z_N(-eD)K<hr)xN+L5&k9`cw~4s&UU6ICWzZ=icdF3zoXFi>xg@n}*IM7rxVQdZu>p
zS~n<R;*sj$Zy<IfY0guZ%}n$>IM9_u&MYQmvXL?DcEm^VL@LMBVVn|2jsS45STs;x
zkJhBddHM+O;D+4~^8s`mlX;?ZO7_*d^lQvMxGGPMt&&ePvExyAP_c_V?dEVuT_qQI
z>S3(9dXMD|Ic{cQN%oTYItI3Ka~o&(#+kZYjipb12xY#4@v@vf5^~4gknA*$UJIV5
zpN3Y6>(6B+u7?!{HkonnJgx9t@vY)XUA9qs<Y^pB7&+;$xW6jwnAh#d@@B1IB|fnm
z&#IO)(pF3J{;R1s5w>jbXZ*0Qf3_v2e9I|Eni5Mq3kEK+AIQcE$mNf&n@b8KtU5$Y
z4cC5g(~z-|KX)L?xp)pu)v-Ag6@Vs28^4`YoM23*eZwv=^SePUTOjT{9eP;L&Btx^
zMX$U`QsPeoHCyUG>5!~K2jN$eEQMl1gYw$olv#T!gC2c6)`GHkmxCK<`;COy_$yjR
z^!jMZ<B9i*P!R_rR8mvf`A5c*<1BjF>C_Q%%_PM*(875-=n|V<l37#WQ5kb?0a6TN
zwK}Jaab8IWDGz{3oTF7V2-RNO8>YnC?j{QFU0q?z)%GVtWT)w%14Vg#7C+6k!C+Tc
z-ketgjyy=AEhCq}G{aMGEz!D3j)45`IT86u$`Ual^;EHBbSY8P{NP!Nf%8tp$$OdF
z@zu|Tulrn~eV^(!OvsTgNO<x%p+nb1lc+#-&wjDy+fJO_>PS6n#d*4TMR9$$CD+F)
zA*MF=rJKGi&Wm(xYmWV(!WouG+e|tkYmptI%9$qh6w0brUnMnV>6AyFe+19g1yfR5
ztn~Fh6YoJac6%plCD#-RcS3|4#&ZsG<gd1D7KVSu<{C^vi!i?pM(UnLEh>QJQ7bv5
zT84IuPxg;+t1&|DWW~vq65R()tZNpu7U_3s2!ldYI3gmI#hAOkH9XaCyf!a2%Hi^f
zaY$Zj!uauX<J&Us7DR&7jNLr;P?7_22+J}jh!c91r;-SNX7K$W#%Tb`Gdx8zcAjl~
zWv-SLV##}3N%-F+)b}%Tl=}O9-Q%`;VzTy(ca3*_rvf9sS20-CL@)1sR<HJgmFLyF
z#C0hSx(Kd!r!NR_Jkm7#_4lkB9A2~L%ipoOSMxj;HZNJCP7R0N!v^)o_L@*Cl_aPZ
z+{0G;g^x~<#r05XzKC(Hv0!B-FPhfLtkr?37I2!W&jox7jzW7s`U;L!Y~)-IqmD;P
z&AC<TNxrojxA`GZt~lwWAFMpKD?CUW6B>C=eG+kvtroMHY)ohJ_~x3%NYeEII`Y&R
z%IdCfH5xk&2gMxdK6BI%Y*6kV8ytkv?z4Ulf6L;M+NH`){nQmZzzQQvDfmZRK)^z^
zZ@rq+hKa9k21o6mDtp}{(mGq)qh<WCEV^gH0svvgzzLCYX?946JVDC%Fwczo273yI
zLW2K<=}MlvIIsNZ3F~lwtHEv1+gth+I^cmZ)9R5m{!@q9Q05t%NIVC>7t1ZDYR?Z)
zmIGU0vbWS0DN2WyI3$KQs2|9#P%7Yp_t-ZkR5C<THnb3}^12S&rqOs8Jt&(qOj;Uh
ztaY6>d-Y>iI`wAQBmGu0v;%?M%mc$9yLqV+Jp-5G%e5Qfb4xn_S8W9bNEzS5^0Jyt
z1x5GORf-V;Zt8GCjVwY(tY_AK4U)mtGe+}#-sU$aW_}$tx6VAbPUCtEb3Oj3=_@dM
zOeGr7pb2*G)1#ZSNrvHvi3pPxdH+F<nK}n-PWS-tr9Ua<sVOzuKLkv10cRWwT;MG>
zu0}jP1a4zSUQ2@B=jjAR1x#&NU1fxz$06NbkgJC>^Rqd@PUicqjX4wJ3ELHQvmt}(
z%wywxkbA+$X^B|V=a#!k>W)gk_K7~0WaQ>gFr{{~Q|W1LDm1<&8&HWYGLv4(N3TES
z`cw4!vvC=_jgjtaDeJ!6v4PIs3Vr>DhDzziPTI?B1di$-**bJJKX*&N5g^mURPyql
zysgsgU72TBqGFq_BJOIb*U<pCRJATF+J5huA!2ZQw+4I>jhv@^v%~$TEc(qSB5ht*
z!Jp{*Vw2ahJkOoPIm?UoUT$m@SxS(p-7nJh5>`&We9xo34KvTx{vMi{p-V3!l#K{R
zlmG9?nt1oN)&KSn;mHoRm=7>~01$WqfhD(|0GA!k{f-|+lVS=0YQU2OJMeYzL%!N|
zeQbs_ID3)#=DnM;U8P4(V*Te29%)6A&M)H^X@l~V8oRwl{ZHyvAF@1uoc4uo6`S52
z)WvEJf&7zR;Z!&L<MZYcs}z5&)(0}3K?Z&M_#dTnpx_}F31TT;@T)_jet8zqj~=^d
zu_h!4OP$fyd(kU%nMrQ%l>^f%S*mIKoz@_0_x#DJf~W<2W$CX=yCu9@t@=Z}4EK>C
zCKe3S_?%CA3RLI1ld}U%<4Zjh73B{;H~waQWvXZQZ?Ad`;)SW#Zc<T-jLHnhG8UkR
z3~hRpFe+JPzxL6_m@HfP?{4~p3`^+%HZAMU^Q=Y}H&s-erO9H+jTV?QUS#S~m<?S6
zTksYsZoTp8S4$ul$Nz#0P{Hiz0<;oNi^(CY#eltGSO74h82oOObZ3j(1biTjrObaH
zd9FPgB1wOHu}45^umI%_8kz<BZp1rxFh)s41pov0zPYV`E`4w6+P?w`L}15Cmu7Yu
zSIshYQpQx9;vmL9-)epibUV7=!nz_l4vX%V@R$IpmuPHiUI?c|<>451uKGOskFV;w
z>}QPMjg7;xubo3J6aF%FG>vC`Xj@8ze0+q;qE~y;x0bJ;>K#Eu)VSGUQ5LLSfzM1O
zj*7_$DZuy;Hfa}`n#-vi<R)@{FLH4SJrOQer;}JkD)li<g)xokjUlZDQ@UGAa>P9>
zZ8jv7Ku9=1N=kT^7#Agx&PD~0qVE3jTO|%tN&b<w=3r}iL`=Y_b_;MqwfxzId!*#&
z^4chj2{RTvborYpjB{e>hmr$#V=}I`X}*g1KMW0#z?EUWMhrB<{b-2vt6zu*ToWsx
zP$djw2_15QtyIFKD5>QKxJW%`BU*L|3DvF8#E6FoTnN9!%BU@XhnM(LWR*+YD#7PD
zVYp3pRg_zaw?xw!`}u2Xe6@vjJS_RD9`3lc5a=S>jfyaw5O|~-EI}B~OY~CG#GL(n
zQkXj9o0#JedN_7A&*uQ{1ICbFUxJ8+C}S>8=<D6?O*hfB`@yRCM_X2G0ui)mL~r9R
zN%{q`f~TQap<i)N2jg?!Os~y<Ozwj4ADLR5N-y6_e<~XIV{N@<&$D1{df-!hWi|tr
zYm;7bDM`v(tCvCYx;fzQ2GeDQ1Fk=OMF#c&bS*I_GU%r+hT7d%JoxzkMC_4N9myoM
zM7z$`KR725TAu$x7=#5~h;FolBXO3vOj>UjSy5fn$E_61)#^b$zG(k8T!<eIrRgK2
z9!5y#Xdrv_j3B0!qVy%I%eJ|>4OUl$u8CNl2XxxEjJzej^ZBt{KmfebVvA)Sp7eiS
zZ9dxY(%4OGND$i!=cj=dS4G-*p~hD9PF4=|P?D)km*LjPBpR9^F=5_Nw9X|f?GfMK
zk!2t>%LKqp%#(cEI~3Hi4_#*ozIUFwkCHvrA-Qq9!}~)s6s{s}=g7a~JdxwV#G@g~
zZ%+dD;J2<iJ2LkFxW1aPuzGf<v!3Hn8<$|O8&$h0Mgs{*eCb2Xo`o`!ggD`}20N`#
zqt<FR_!*sy@8brgA>KPsv@9Rw5L)ElKw*qy8JF%Y{B+`{SNHeZJnjrgsRYyF{LDv!
zRXmr;`IG0byVqsS3r1@$)CX!lZl*UQ+!|{}Am15<VmG)^aD*>NOwb#2C6?tkR@1J(
zX=qB~1u_6AN0w%Q%eb~JE^*ynn*>yy#;#6uY#uKdMiuakdboN@5tV7bd*>#KwbBc{
zpa1lRl4#-enGC1T_TQ5b58}9>Ryh9BUsLGk&7lFZ<qNtc^hzE?JYsTyf7`~{pdq-*
zM5Qq6fP?pPH(~vxT$8q&bldn`;(dG}xi=(>-XP93=9j&Eha5Gz#7qt(OIX<yQ~X>m
zLn2%Q(1*UXt@ie@=A+^jo^}k;UZr=Dh5ZV6=9&l>ZvX7;#su?G^vn9@nWx4||5Q`+
zR8#q(Ba`t_@P@0I`SCU*E$#Ff$GdsL#2T~ib_(~IQ+phIg3{Z?%A*TsQ7kj)3g#Zs
zV?K7qG49o9(`qSjVVd|->A1b}!?iM>=G1;xmJ8=GmS-7G?pGT*5v3LkuHBr}w=i`l
zy54xd)N87T+W0%CQX9GMi6-!apGMk(hH;6YGP?V#i%IHH&f=U#dNmaIqM#4YWLodz
zd!N^$sbbp2x&!mL)H;SVh0}&LcQ2>+AG$XQ_<><*&mpr+m^aR*nD@j;j@c;oG~ao)
zck=<ABCuhL6J95UV^KlBCQb?ayKV!!>XvDztrrL2bPj|<K*o)XKi)$2&_P{V=U^e^
z(6j0CSX<smvUr$ZWS$}I*C3%9-?PKM-Jm>Mrr$&w@4nCm>|ebY9#~7;qz~Ay-9)<v
zF}VuhrlxZcX~dhHIMlf|%zy{m*L#UXr9hWEZ45GjKKNOc)LB7?kqKI4463<SIFE*^
zPPGg%o=l0(X2+D*9Xb3PBUf3W@I4NzetHk1&PK*wAIunA@(*{0z)+R7k=fxt!rod<
z9@`L=&Jh)X5C@kH`@heHOB}q#P5mv(SHmoM*mSt@o{7VRw&5<R$u2fEa6#9-cA_72
z22sZj_@rK>UUjAhB8r%b&p5-1cm@s1?v;9Vi%eC7(&y*LP9f<A#;+cSeRxnw15iRT
zrf6^|A<0uncp!9Y3x_hh(1%8@BdFeOJwsrReV7sVs95l1Dbrr&WLTjaBK<;S=%JZ;
zZM*;~Xcqv8fwG-o9r7&DJvmBX^(|O!$-wxpTZx)+|CSb5qepZ<a&>)u@a~snNue#C
zoTcT8Z9k#?^6sxkO~-vaG+qWna>$hFp+h5G!`uLM4i}-N{&YvQ4cI|#NpKeQo6SmY
zwLY;6?^OXSzOdRG2?U}SW!`y-Wf&}&0=-Lq^(8!e3GoZH^{aNpei5(FC$fR8=ekj(
zio?vKtX_--iKBM*zUA$hyy3>L15*P~2NFuTUQbIyRF00G`RzC+6F2^<pj)Z)2}|7H
zqPiwge|F}Bj}_k@^(#aEf={7kwC*zXH6MFfHkVfj!lKn*m+U5F2qLjT&sX7LnL-$y
z6iq1{sdYoCrp_hkmqn|ls>oaB#Of5U7R&WF$zPpgA4*pa(opj=rlO$|=quGX&B;DA
zjv?=t(|~L03e&UXkd0+!Z00|M_3hVvE?+CVNB%~?{ATm`qV8BlStU5O-v9XNwRC>m
ziu7ZH$=pO-{Sdvit+~ha#m}K7NfGl*$sCA03Voq>!c{(_OtBFT+KL0YRvx^J$-kpB
z@O+5T(T*%?J4EHs8jUAVJ2P`csK}?bIn<V<0<`&5k4^)#hwLw}tSr*w;&kN**nAnI
ziFzE9JA|}r{K-!G9qeoDZkGyj=UmgHBl(fF#{-)hBiven*cAV!QcL+V&z?eI-~WRZ
zItvYcR!lPzUFzX#WsxweomCQvJ7Gy&+#TI0#Q5obnKFEyJ^rStcSv{e;MG*CkaG8U
zs*!4q0#U!PkX^Ua7@cvAM;iBY(}07|(AYq3DkbvDxd|E{he@Mmo_8WeGu3>^!Yb9+
z?s6d+#mqw$J*hvli*$vdTAOXf{o6}~6&&iQ7+Ajjl4qcHAYPlSkBqowMgUE-H65V~
z58=QQklc#tx1=VijF=_6`2SSv|Np-MdP9L7%$%%3f8My~$5hnFF(YrzY1`Rly{U4)
zmGQfgG4*~6ec#Z59>!^{`RhHOJ|1Mk){+)>I3=?vrcuQ)C?w8kQ7^X=0d16Wb_Baz
z;Waeb{}*3M_vI6{bCq~3FjM{^+0IqYrOu`EMtfA5Ki#5#vwnc_@O2Eejc6M;Dq9uU
ziPCvmYaFIOj`+@J8KjYFEX+YZk{_BRHbeFBQCX@3#oRAX9o>9$9JXU>CGuT1Xo;LG
z7vHy17W#zenHJRZRvn6ptbGs#$G%r>te-Nyc^%E2>QN3Y`i~r5wb6cZ(d@<fd#(KH
z{}>m0mvlwe&8O=Za5t98usQl<+Qk;R{6(<l!~Q3VEgfa90@AI@^L!GF(RdtR<)_${
z7R$N{==f#&ty(73=(C*SJ{Fl|aR|&P&6y1PTGp{Ev(^BP$Na~S-aMy|rU(}%Qp;eR
zx-TE6uKR-Az_JE+XyMhQy_-ZYk)&wV>nyQ<BiM`VUkE<@H-aVpBG|8_HLtfBV7Xd|
z2;uH2g{1fGYzf{_B%J`pnDLc+awEqhQPxCqBei!jwMahd{3o<WW><w@&M_|l56N5p
zYM>k>IGT)P`WV~#=R3x5GnDj9*8YUqrWQLqdozAXUwG>%aex?|Lg=Gv)-f;6Lc2E+
zeVcc&gR*T*q;Ky0TyCkn>agQi&y2!Y`vY_GJp<d6qajIWRygghNc(>ry;v&E-IAq6
z1HNgx)gVK%DrVM0vTn?>ZWOX^3N&vUG;^zwe4HlmU!1T;<ep{#w?dYSCpkcg+dc`r
zCk85T!WxA6*&}QLxztT#z>ol##%b3tWCplc_8tJ!cX1vM7&T;>Yqd@*6vVG>@-|)!
zNgfvGA!%ge>|aI|=e5`6w9OVD{vI-!SChiV4oaFGOjn#rNFDs*P<4`HKM_@zCstuM
z!j+F}aQ;xHN%!Dkoe<f5Hf7U?OPo%RAG{GVkuQ}7MXA|+&n$paf5y`%`{)WCW5JW9
z_|));oa(h-DYPJ!`=L?lm$9Mr+G1gD?x4pW`YvhzPsJYp2Ni2vAHs(InCDfT6#r#c
zwKFJznp-?HP=>Ib4{u71<b~(Q1GY4oGIQW);6=}`n*<C$JL>HqbV=j&6uwfC5GZJZ
z_H+r{a>t;shq!GE9L5{|<P5%6-njF>oH|!YbJ@uWy*%H-Fo$ecp|JTP=XEvbmRtN<
zxeJ|#4uhj8|MhtO)0<-?Sf*j~pMEo+IR1ksR9YVQ4fJOBI*lf0F>vMO-Kaft(6;~d
z;<!22JpD_3wEI#h<S63G;Pxy&Yj{a4?a4(W^xEol5I)+-ahS*Kid9G7wVg3^qVGbk
zw(gG0N&9Z!<oIQVE^i@9D{jX45A~wfA`o}7b7FyaZP)G>V^d;}J7BIiQ*6aFA;m!$
plBGBXIQFzXJIbK#;xe=!fw5V-!vlc3JDh)Y!F!Jw_WN*v{{cu9zWx9J

diff --git a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
index f673240f6..8c8885852 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
+++ b/lib/go-jinja2/internal/data/darwin-arm64/markupsafe/_speedups.pyi
@@ -1,9 +1 @@
-from typing import Any
-from typing import Optional
-
-from . import Markup
-
-def escape(s: Any) -> Markup: ...
-def escape_silent(s: Optional[Any]) -> Markup: ...
-def soft_str(s: Any) -> str: ...
-def soft_unicode(s: Any) -> str: ...
+def _escape_inner(s: str, /) -> str: ...
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py b/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
index 824936194..2ec4f203c 100644
--- a/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
+++ b/lib/go-jinja2/internal/data/darwin-arm64/yaml/__init__.py
@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '6.0.1'
+__version__ = '6.0.2'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/lib/go-jinja2/internal/data/darwin-arm64/yaml/_yaml.cpython-311-darwin.so.gz b/lib/go-jinja2/internal/data/darwin-arm64/yaml/_yaml.cpython-311-darwin.so.gz
index bbff99c9918f1dda98c7252ee461b471933b9b79..ed249a3d2c468ea230e15fea4755b93314830d20 100644
GIT binary patch
literal 131335
zcma%ibx@nn6Zf~pot6T{tw4bQE$$R3R<yWN+)8nm;7}-TB?O1y?ogn(2M;B<yKAt#
z`OQ1?{{1F1ncKVD+x_hB?cVdug)RpBzyEz+B9ESc-f!j*$oQOvg`9=Qm9Q{$1?eDk
z#tWuzZ`Bu=*}om+lO()JeV5<U#?H=2Q##JrnEM@9o~*Jc;8h_fK&v|mgTqnrGlnd4
zP*8Lw&QQFE8MZN+A9n)6#Af$bhB4-!&H&RKB=~US%T4D*>%^uHG~mQdK!3AyZ{fr;
z>}?n^4^x=NE9oM+Fq6+0Gns#23|fYw*EgV2h0Q64PJv0FoPA|wz|Oj<*vt(3#}!te
zi}}$m3!ryp4AJ4&u8PX6+p$NiU1Q#r>`GVgOhoqlfwwg!w=kE<F*uUW?_#}}f5Q>c
zPObLpvx#Yr6KsifN8C-NlT&ot`^oqE53ImJvazv#NBpwk@aMvO)a?R;u!)P}qr>);
zF{#rt37(OfnAV~1Mq(@Fd1n{kR<K^Y+GBp5$;VZMY*%1VOWtw&jm`CJ%VQ1e7GA*k
zH1M6LZw2zGb)wJ3eo(X$<lU%IC)U+=BGNY~s<Juv6}cbgZ6K1)^MyLKH#>Kxs!|h)
zHfV9(co{ZG2Y%2yPM#18828TlKH<Qhj>FI(qPi<{Ju%A)HJmtvei2>)k7dsvU0*t$
zY{pLnY#5x|pUjyyKFlGyjYv<seJ&>(5eK$^dd6s}{Ia|)X;}I<9>3SsAKWamaI_vy
z4c_Kf?;0J{mRVfO5AlMVn1nsx1@d0yVZZb%<Smk3`MS1B=uAd&q@Q(`$vcc=2Ymb+
zgj-Hr#~5~^bCa+5EEus>ARL(WI)@dHphVEEQ9LJ(_vXf~ISoo@qi5qE0KL&AQhlqq
zvxh~X6NX<}durj9x}+-^cEYsHaP5d6EBnu*%lWOssoCYOxcJe>`Oq!X#t)|%k#t=y
zJ+VYM@vXEe4+Qxx*;o5tSwknk-Gla6)J(0wtOT}kq)%6m|9@ZL!=5^;y;?6_&S(8Z
zIPi{J+2(OoZ3<Bhuzb?>WOx*h5g^NvmauH<Jym1O(T^12OlJM-jpn-u%`M%ecvEIE
zIXi=Yz-P1g;-lx@x5?=I9izuR#VtR)JOH0Q7KZPYr?CLYpiIW_JJCNg4(V|>ch3)0
z#MuQhYjW?)Q>C(GO_`RU){c)C?=Bh_)!oQr1fH+oU4-j5xP&e}KVs5^_=Z86>KCZW
z)fiU4aM=H_ail^zzeb2rxaPd=T^6p@qs#u>Da~Qunfs59>E<YQ@Sh3Q1F9<q0B?yL
zSh<urGNE#k2=^DZON`dbSskuzO43s-(;FABO{yYsIAhyd%vQDtU>LM#tOb<mt={&v
zd2hgLeY2!H_Z9hIK}&iSa<4~!frfqiVfibB7(>+d=99B}?WC=Ip0I%%k|FsWTejE^
zt;qjA+8*$+xXz4YTUjv?Ro@7|vty@Va(#`^p<p7ltf~f7TmdDmLXbV~k&+q@&k<xz
zH_qRe-UwsCRq0LhUc|!vULs~M1!J5|5?&rO(Sbj8l99#Qe}zvYN*Nrv2bu$J(J$uq
zCrg5+(+;{~8e;pJm;GNNh(qNZ#e)6k%^||xfl#7LhsC?<<RKfGY_$0UH=mRC=e_R(
zbft3$lvkfnUVW$r@ZD8w@%(%J#J@V63%!y*4szclQqp+{EUo(n{B`Ie`kO-Z`?pI*
zQjv!3D`n9!Gj+EYq0+~t?nDGy$9d~McOLmKe0aR93o33hu*Vcuc&)>NDmLHJ7zDHH
z+aijqgrS4Eq_(OOCMY<Vhm+AgmTz{s|74{udS9NOqL3!@uT1Pu;#LU}k%NdECK_ab
zX*|cngZr$B)y!-fuQs1rD~4T1ldHuHR{P>@lB79B_~u-Tc5)HHR|ltW8#bVbfO8W}
zkG6JV!qkt?@)Sg;a<md!5s%&GS;)7cI?64rL_Z|sKFlokB10>VUBX^nQ18WyJqB2g
zS0>_Kh#=lwq`n^as-3)ut7;9G$|@l-i?~x&Ulj-ZTb<&kvsB;xgG}-@UsQNROX-}^
zvxQeV#O<$6lg|@B`TCre>;^TAH~kAf%G3#s^ve0%`7#XZ#OoWV=2{hc+?cqfN5e5s
zUB5!OBgpFP_RE6Zyzxlc^gC2eAKT}SZQ=dsFR{nFMg8BaTiaMu^JFv!)RGzD+A1cU
zQSg_j-yAs7jjV3o2eGp7{*W&ep7Pjv$9X|oH5Ge*+B_8LUP90qKbVvKNn!#i%Tec1
z!s+~7Oh+ibc7bY@UIh8JGS}lxvPjv=ZY4hG-Z)L{#|@RqGcLk}^^_F|p&8)aN!Yw?
zD?O0lEceh<%sk4eKNAjx`#({DpRkPGk_bIk_J;=juuqRg9+yR6P6Cf0HCV@ANvQW-
zebNe@a9mB%WG_}TWA_*+Jv9;R%u7AW!u_ECswd}T$#H$L``wsO0rGq3Fr6g@gXNry
zq?`IGoyXl6VLcFIb6u1<MpADaJ5NRAgaotEM{>^0M!d(obq*MDer7|N^wjO~i@3~O
zc$YEk7PT5Uynh4w1{pZeo0G2b)ct`eOd7Cjr1V5c7PC3?6yQ$#>?#u>saHxOJ$hyI
z{YVy&Jso}4N|W*ICPD;MtwV%zcu1Fw{S_7^{$Zw0br0%i%sdvXqkXoN;Rc?ysA3=U
zJF7+{J_#Pywg?TH_IckCvdz;0Y{C;3-w#&LTll>ST^!s-<XDLNH!!Ty8I9pGl>c-S
zu|=vWASIrg^@zB?1Uz+zRuIE2H^A4kPJ-VOInQ#;C=!(M(POTqOGd_o$-g4G3G|dL
za+e1_0ka|{(|UtaCO$c5n_!2Jf!#Pm`^_=U#VRoYX&;<Bf4#7Ki`H%I%g`{^BWy?k
z(3uqY_IE=F6B=*xsmzkzmKQs(?j3ZY`&(^v6NOpd#v4r9X`ef%a*6~9FEQAPSlTaH
zh_#^CoYV34&#RdFx1WARI^~Q9ZCTT|%+ZG}=|J@hd+9!u98Um0n7h!Tv66jQd*@b@
z@S-$0nBL)yG|UpZKWXNI6KnIq%!LB2i}^T>m%h@HUeEE3bY_yUO$T92xm`Pg1yE)7
z?I*N1$6zq1Av<_Yq=2~W%Q`q_ujMqerX?eo#E|07Qxt8Q5HrNAfEc&P8QLfUILWW&
z8Pi)D|6AIDuki2|TL%<2S*HbE__8^hQR^KROd?Ow@<@O-?SdJ?p(0%Zh;{Sat9hI6
z0t3~0#|1BX&^~|u{bHXHt$UM&p+PX#jR!!+4Ck^PU@Q-{V4+dap+O%VmmbQ33diUH
z;O?%Od1Qc{y*0~D!ors{=;WE<3H+gMNk-gxj+C5wfSK-}W+Kk8dOd3S<4AxWbv4>9
zBN?5!x?wKxHCgdqZn*&#v=KmNGvyi2YUa{J2(AQ>k*gch<HX>3tQ~!;ZTSU9wMRYH
zEU)y8WE`0)^o)wpY!Yc>3`-q5Nn;j0*4+2DU69uO8$W2=kD2{_0klQOZ54Wt5oh}-
zIPexrKm<+>Z47{8(L{M5|0jk`Ic<#aY?CBK3<7}umgw|o(xUbkoPbS_dLShE<2M(v
zMq!N_z2T7hp&%mOlH)TDHoXe#^&WRJFd-V5&5URF8$g@BGmNUHB?10JvELjG4=RfZ
z;3{sK*Q{+x!mufeBsaB?G8mV3HYr;(QreXK9oO#xFw&cl9%La4Y1hDDU5H;K72nre
z>h9Uj0-!tEh1B;3^>@tPN{Nu&)=v5)gs)ZbF*G#O?OOgq!MJaquJs0olN9SENCVKD
zAvg?PFLnVu<{v9Q*nB%@#9K^=>~j8zp=i!91i@o)VAyqkTWdQ#dVDhcH(#4*clwHc
z;flCIl^lF62iVa>W>V+@CPUp4U(s2qFG?G-kVWpVYqZjW9b)w=3XdUH<}UfP;7U1w
zYH<@eZ>@I@Etp0Q&{oQs@Uy?w*O`X}AfUeZQyIVo>opvvH8IM^vPr~=;V4xb>e+Dc
zbrw<9Gg5PW1^|9AT4dCCC)Q-t3eEqgTDMC^WjjU<p#Ata;8$dq`|N+yf|%G`&{xth
zGb7tmb?C63bB&lhcB|8tHJQHitrS|6sNE`z8gRn%Y48V{f*--!cYcd=ezdTW2v;Z}
zZ(0)-z5AbZ`XBkntI+NZYqUqYi?e0J(&KY#K$XDXT7Jv~7zKSxT{>|+5wv?SjpCER
zkDzZ>+zbszm{o3#w0+DCs|zMVZ=qz;c|5A%;=a>x8Evbj3=GT!GRjW|1z5GP|5PI>
zax$#`vuk=0a#)AqlK-O69u2*`K710w0Ipy8)&F4otJv49cH}=OAqk;=q;q=l+fNOY
ze}{k9>U|4x8l?C{=@dkt$r-j3Dr}QT5wqQJ`qxCSB6l@sV!*uiMcWsA`c#yP{7SHE
zYXJ#s-k=nVptTAB%I_(nP5MOUl*g==o4K4y*r}<m8_aES$@MO_`Z)8<`%>lv^p10(
z-q97sI9?G~^jR}9&gm+|xBF5eWsz%QnZ&pR8(;?&Juy{_tMP#iDRH4g6(KGDC{e%9
zL>q($qM6~MUi(t;%E)iED%g&cLqA0ox%6wiqg{)(HrBe8rSK{K>N|CBFx&6Cx(taV
zkT9bOk?Ys|woW-F+TB>&P?l<-=x&9D^qbq0ySmtFGO(t-?Ow3&HpghJ9`B##5s%vZ
zwRTj4N}KSfRz0veI%{%Rzk$7<D0xi%uQkAzo((Z3AsR(JBk2I-SpUXLrl`?hYZYoe
z8}{}{dUC8$UJRGmSKyc=RCa?)j`t_|{m1%)8LX(cB-@fy<K2fXm~`2oN0fDWMb9}Y
zbLJgE3^yE8WcJ0bQX&^|xTYVUmT|U<AZF*-k=B-7s>Kyo*t{afFUIR0!DncwkR-<?
zb;;89O@Qn%{8_}Fqfr#1=IN2bY#bK_$Mnj_5=+>G*$+hbCcP?)sSx_kJN%5?+W6oQ
z;v9!lMx#T`^-;>BgEVsRD{|O~nu}M;`wvbTxxR~cG)~#Pfr~fUbxf;}kz>f&cM>fo
zB05^9Fz3csJ$SLiCO^W?M3};wsTdw(U-g(Vg{iP$?`G1AjiIl9Aqgwaq(2gn@+c>b
zB%l0^vZ;3-PSb(7e@i#|97?8%Tmbj&!1OD!o>3L`@pqeNltpSz)a-|Y;qw`}ZSN@}
zn>8L{ee~e{(%zy|>A!m0OP`=()CRD0yi;c1WS6`5jZR~|)7E4?tHd3{LjG~^uF+nN
z5+ZU!lBZ#zF_6^*2UD$9RcOsHzM%)Li9wHajgU6B_Vs#?n|{JhEwR{d#xQ|xw_URO
zZyu{7`jwl)hmdn46$hTUt>5c-n2p;yTbl}<6rGbkcS8XHg+>56c`-JFg9N#lEtzyC
zPm3mrenOcZb{eYFi}u#Bh_LXdh>#{UM5|l+%)5>lzL<$eW*DZf%`&h3H$-bp+S#g(
znEh~E@phkHXoAt-!Ak0j1%qA&AS`X$b=rsq-Ag~riTmJFTVd$8f9zq>!r%ryEGfez
z=c5+FLQN6us(ReKGHO*{6|8Q3#h%&#kp#j6R81w7&h&MeW}!iEX2G%X-1`JC4W)M=
zm4=xZxfkK&V_5&5O8iw|WqlVd<;V-$-b@h9j3MOh#b?2gAJlx9^7sGVL71Ov{rhW5
zNWt7JEp#xiL*K}~jlx<;!`WS+G5uH1uI>T-fk5xC`#03a3db|@>+1Ss<c=SDf61~5
zwSnQ}X`2=VB2iU*y}ue!9dYo>hqXx_Dsp3|2#QKnM;4spevRY@&1Wy-=Qq^L<$b52
zGI`2eZSiNt8+(GYE0b72QDdyB%`iz)`QF*ib|MKs=zmi&|07k%7P18>mCVpSSCaky
zniE}snC<-bj*xcjRXzsU@7njI@{wQLE4c|BDF<XnIX_r9vd8IY_{p03r}0a>qo6lH
zHul`@bC$`KSeQPa*8lw#r$z0d=_g}K4S<s7yK#O9RqUO@v?uzA$|2wwuBN}g^7*KZ
z6_4BRH}HhzqB^aEDdJEaYRB>q=4`9jQz~JS1oB?$59f(OeB8QGC+{BZgxcca+}Hhi
zlg?be31`LYd*{CcMt_9_-f3jK$}h$SQpTAS-e?xo@Qq<lDgBSVQn9Y%4_zFDxf`E_
zMjo%EvW+f|jJ5k$zB@IiS_nm)J9U;qfZM~mt?cX1<w@V<0z~3g<c~QX*4L_x7z{Ge
zdC7`4_l)dUSBN6hV%PF7lfDhW-KmY0k00*MN~f`>m=!-1@YBef7Tjn)IZwh2qpDOx
zC}{SD+J3^_aBH*#l45?aR8R=DCBw^cYxtJ2r;Nh{(d3CV9*$m8gXavRXc-<UgnXmn
zmEn4D(WICNY#?TwN&bylxDflR8+>Y&`jIC6a3TBpo?nd=LI%o?4!AB2eYm^^yv_|F
zaL+dzdqNyzdqaPx*zHBNqY5-DKET%23*?jO4IINMlv(0n8pt|E>MX19-Gs<^s6fb;
zfV8uNlay<^n?~rXknh>Vb#WVosdCubyExO3ui%Ci>^u*j5G{UCvgccdw@?!4yeT8w
z>Q{vUs3|*mi3>U<Y$JV%J~|pi&0DnGJ=1lWEkiFkK9d{d4J7`w*rWptCNk?pan(z!
z1hB+aK#s}ddlLC|O7v5HGG&%JKE0=2unz|{W(d_O*$KXs_cY9d@RP{LsT(Q^$5A&*
ztH`s&g_Ss7+fobLgi{VgFukT&jbLIPuB&d5j7wpbQRyI%ANaa>_bkLCL19m}U<rM=
z-yBM@jM8D188@Jc8_PeYM0Fflme@6}552TsoTZZ|W9cQYh>YiZC!-QcAfLu&LAp6~
zVOe5U=WI#Ps2$sv=rOFWnG()qn0g-LV(G^-D})*mY~*}Dkk}E%izgqaVF)6W?_>b$
z^X$f%Qwyi#PkmS)>v<(0`$N#-UEFVtTnIm&ylcs^_s6)c;!i5_WN|594dMS$Q>4A*
zR~Cr-Rory(LP#UyCBN)~kcNt*Hkz}gFRoDwH-<g+f)Gz8+yQGXN)*HXpx!Fmi8v0R
z9BeCtI|~>YNZf8%{()&K@grnt<V}fwW-QZTNkI31{yy!bjE6W50&(AqZ{{)Ah6sB=
zu}prY$9w-#FQmUrCwjeNB6LB}cuMt?X%NSWn;J*c@c9#UtAd{2dK8;>lQCsD6HKe5
z^fa6aF{>j%ERU;^XZ@8s132;tr84f+g;t6FBAz^ZYUj2P&qq>w1Hbhlcl%6@IHubo
zl!LgbT{IVuf`xblN$r1AQ`_Y>jWfAey0Fi_*<Ks^Vs9u$EN`L|PAMNJb^;0(s*@ni
z&%`z*j62FbRwd|5%nIYilE3+Ccur3(tZ?V*yd~7ALKntV{J$wig-y(%&Reh7N4sA+
zfW9w^Qp!(H=SB>t4lave%i~Vd8-OwSWm|<bR2LoD2NR?DN?f)!hCbU{jJg!E6WAZP
zxok<;iwa`P+t1`$f8~lB(}t(64gKLmnJ$JYrqq!?lu2ni7ott!g&y}O4RdPFPJJdZ
zhA9(U(}{XPao{MHsdz}J!)5Dr?e4mQqe#|jw-65pjeYcmv!#iM0>Nyc`-eDyLgf34
zGYqK+JZ@zyLFpb*OEoCOae!bTNtC8yH*xZtoRQ@h5pbm{mYuJN9*nVDBx4;H5LLdv
z7t5r*uRa5(GCYwAnTu~xz=-|ILn%K{)LV4EPp=J;8P8u4N=hR<5#MYDHFnhU0cZgD
zuNnIr0$kYQQVM&?t%>N^3Yr=;sB4RQ!@=$e7c<>+CiFvoh3GloW~6wELj7ceC)Gu=
z-Bx46qCW3B2jF-v;Gy468@4J$!P8Q{-R>K<+_>4%htK4ip=~hA4;kDH9Lvvqx@RFU
z%6bYLl7a{N;-uX`g3C*D*0SC4$QNXfF_`~(cu975tXo&Pc~O2ADDEa7>TOq->~`$T
z5bfe8C_FBtd%cwW7TQ=;y_U@zCtAxwQ0QTa|E@)i7d#5ZJ`uNQtskBKWRQ({QX~Rx
z40*LwWYM}8!k0jXl2cW^#$_d}E6UW8?z$ANZ%03_il*yp+T9VkZPe=#@^JOG%Hj*9
z!kpcj{XSF6?w)YEJZlSU>^fJh5}KVqWlQ!EQ_DCebPhtYM8)31%WOxVS`=Jf6Ti0d
zZOtgWVogBTx%j&s{dQq+Ij5<!8jougtA4lmF3U+p3hwJnOfI#~H3`QpBhHGo6<*LG
zeo=@!7pYP2CC04=$?lhVyp!oEqxnRwgg8h@xwx8hI!IVI%fy+Rrax;T6?ghX%eiuh
zWXW#~>=0w(oWr%N`dt;n&Vjw<$S1@vF5HbFbS+y8Dyv%@(!fG$l+}UJEd0}L*^zjO
zO3w9INkhsY4Yvxi65=QGde@!@`^TjMmk2j$Ax7z1TYK|bw&k`_7G}4&4Z2s80BNCq
z>6&y0#;qO4ZWC2_MA7ilLYY<qq%g!mscOx@?9EaUn^7SnX`xH$TG=S+l3#>dm1n`)
zN^*~EjHVR3B8IMS)fyKKv^63V{T8fsB5lB~(4^(uxP^UE)GL%e_^xH#&S*;mS3v`}
zC421EQnAyPkt0iY2SaSTGdo71I&KTD8~SY_m9STyzU}W6Xlphf-gM#{=jQ9zlmhtM
zOT{z7UNQPYO}rR|#%yahSFb6@WQ1?0@u8_dUcm*6f*OP|jC%cWPJ{)WPo|Zj+BUC5
zOq5>OdEmCd>oIP#d7vGv$!?Cd*yLozK@IOPj5z8ryzD4;vn@7_-YZ6psl2c=!EHHO
z2=Ut|hB`twjJ#NJP836hO9e2Dvh-0=@(tR-5aY(rjB`RzWMpZMtDw!cW<P=o%Q|5%
zo1`^?bXS^fHhS&Cpu-bD-nzTMZk-{<E%^1xcPU(jezrAf{SZGpZfIi<JKqsSpK%Q&
zC?)M>6{kSAF{rl{UK!HvPVBXB&ZCf?)NO2oa=5F|?U`ks+5V@K$8*aBRpwBRWfs1%
z;ccUA%kBW*|Gd7N@+e>>cP}TgwTyQNdl}ZPW%C7zb}>;DW(}|T@@U%ro6K}0hhU!&
z^cz_Q@F-*^b!-1-<5M2lTvCHz6YQ9Cwee6C&L?%xr7`e<p_@jWY$ydKcC%-4lF3*@
zN0S*^rZrI(qJwr6M~NP)V%q)SX^F7Gu4>cj?kFajS2yVMP*%g-@3eGoEXJ$iEDiBf
zHHCIGB*f^jgz|l)SmKz*Apb(Lv=az^aDPEglZLP1!_#uKA98rY*WHmvw`>1}r0pVE
zid_Ly*9L?N;=kHt3ui8dJV)k}Y5F$NXXn)SPZM&Ro8Ni-9ll@=gYZ-1#Qgmg+m71J
zuq8SHG$Oq^30wwJM%jeWdoe(jYUIS*hHYLk^caWf?$-B2F`1<Va^GAWL=*-qo%g9Y
zz;M*WMjzBO*%KXp_p}5@RQpW#0w}VdX_l5cMD*4`N(@8@jS~Yzl!&+ED~VRnXDeZ`
zCdbSEgh!^CC651R^HqY(k)rPS1!jye#hUw;MQs?ICEctRfCj!spxzWYUR&u==e(df
zte~%K4r!RiT~4J~GfIi?XKNVOw7Q#i<%pU?b!5i(>(4$<@BsMrq`+A(pfG;`SMJR(
zs+z5)kd_Z<U>by;k=!xSYEbV9K5@EDQ1X6gKmTmt9wzmVq5oWrF~jCbXabzSLzN=U
zT^ul}SF>MCyO%#c6rvu?Pw3n3zqtq=Bk$D#C(Nk!`TNEW;Wsg>mY?LqF`#kHAzF6f
zam-|ULgvA7E{c;MnQ`*1bP^);^DJ~;yMvWNc!hNmE-EK$1!+X$l7;s|``!3fp7ZqZ
zNuB~~hODPOD5GUHS=?)N5|nlJzzz}6`LRiTt6(U<B7Jyr?hFVA3X{+q%M0*bjp~0?
zcJ{pLHm7Ke?R*u}%d`IIOQNv)t{dUX``L>%xFOv?2S*jcO*S~w6pxxcqAVmZ@zU5Z
z`4c=FeUQaEq`riktlTcM*{N^iO4(WD-rPl?(YW<h%!zUWjJdm+T;=STnb%)b9Idm1
zo1`-<69;<Vsb{3Hs7f2rAE6utP<m<S^ZK*bZ+d%v8TVw0{C=`1fWk{Vv)7-Ml0Jd5
z(7$S8e#YZrXcHm<$DkG$j=enl0H_)ZQ@YKNDpL(n!Wws$stf94k!t6}DFnYu7+?+7
zN<%k3oX$IJRCca9j_LQXgrXSz0MO_O6S|20>kMZ*O_nIpp{48o4HF*jr<ywg#~BfP
zQ+Ni>MyGO%`v;P~%?#)LHyP=HdiXN}-DY}!6n2W}$W#Ot2Ji>-=P;r7fi1C89MhK(
z79UqJvoHi~SM4Hh#>rZU>w?^&FOS;+&Q<>~p|VdkLceZuB&n6;IqB0Db31x4p^Z;x
z5}1`j&GtfM9FERE@(EPIJfRJXFImgJuYEs`?B8!V?TWNGm!JYK*}SwX$54gA|1L}s
z#r!zvvO*`@h5sFX^Q|@*4vGD{VNRvs03gn=jZgq#FgB7USnGc>unr!w$5X%q5aSff
zSn6SZ=Cb~@rNQ!f`a5xkP3X{TDxnzMnwF#iKY#Sj8g8_{`R~qVjRfGhml<7nW-c8B
zP{+FNg??+H2Ne<U@^>`5XbkDW%kaq!3F(rSYGU}DF80Db&a@C-nDsS@^oe0h!nF>U
zmNC6T<~V(--Y2*f=6)1KVFJawVf>`=mpWKXdLNneB+Z4(l_vB#F`);7&ah!QC?%gO
ztlJuTpO{hK1^~|`_31w;f;}pwYO)2fbt1pk5UQ?M&=ooB=(5{17P{yFDQ!4;@L<Jb
zA&qkYJzhY_b%8SUpw0#6mxO+Zc-MVUgA3~x1~>My>lwF#=cY63@BQ3h!#-gC--G(5
zBfAx$56)gN^0iaXe`^m}0tq^q>&k(c;03GDwGn>?y%l+E+9M_fr7>dgye{^SV^;Kq
zmkcdcpAxt-K7ni^zO{Txm>wgp0K6$Q=T#uJPOu-R*Uspk?#51gCDL7|z^Zq1h_3XC
zLoeGLLy3b!kLN0+$b?&O1%^j9K(BZ55u5D$8vu=5H&4$yJ+ch+(ZJ+yrOnuB&72|O
zimw3<$>?}ZxM{D3L#)2meOt%@=tXOwk7}}o6!FW}SQg@@-D^pS{6H_Q2ubFml!Ci+
zux9ZDH#CPNSFj{3SqPQ>MNdlIEDU8y7*U~j+z_(M$0;nU1-s|q6lSp`NLvWoRpAs`
zZ3@|a+z0ZqI`RZ-dGfM$Scin9yMr5eXmBy>!3`2Lg*5y0$4tAXA`0X)QgzlrS_v;O
zxHE)G#n1|WQqV7_znEUaPav}ix-!6gquk^=4Z(kpZ6IvNYL_{th{gL!B=yB~5q`on
zj}$u;y_Aszm!;TEL!0Fd`V6Wdli-?+tQGoXsDBVjPENB7X%HbP9M4eyHoQ@2oT0up
zu~EoWXez)OuF&;eHA$h%1Z-I!tYsb=67MQxM?LIDrBMH!p0g&n;n$Ji#$j(b-VwcH
zV{pSF=Cq)|r`7z{;!4l&&u+AGyXmXc56@<Z2YYdQi2&;LipJUrA*+v=4M<aYi=0w4
zQR(rnXG(<5v$b^JK)$sa(iCCpo98(;T0I+=F{T%B*Ix9MyW^|qK>TFML|58_cU#fl
z+oY7skSYOb^NvV$-WV~g741je!oL)XBZ#0*IaJF|aYSm!jsEuV->zbFZcb)y|0o|h
zBaxHlccS0)x{*zMoK_%l?NOhH6i9J0sc8oeJpIEs=VIE$O$4MkHu}ko<PDb@XtB9s
zeM(eCjj8{HM{3#WxAjE_V%O_&c`WzqG4C<4pD`ab?}F##N6+8S{1=UYpy=v2#+)Z+
zi11i`Y-R0)72}_+_ZN*!Z-fM92%{^r8XdojMf-Dd<mEpm(ctQf_DP@#ED)~p+J;Zq
zMH0fAYJ-MxNjc3R2MN2MK3<$v2gLf{Fn`PzxDr6y-aZeg_b5@>Z&sK)Evinew!@iO
zYKRTKV3#+dD-y47D1N#$WinmY5P_~zywBNa*%7)f3v}y}lbFzewC<bYD>pObJbf+k
z<|jvhOd_I9L>h|vg<lQapeBr7P+J{NrUh{k3GN@&2wV#Y4ZsCfJl`O2bAoXzCv+t)
z_%AxnFVOYUeW)H4Z6YO|{tzS(R(|qe`WPzqDB6)2Um^OFCI)d4rZ;BxZf6Gm@s!~s
zupk;i7Q4VTXe95QUSj?%7ndP#E>TKzX)O$dk6nA#XzBE<y%Bx$Ax-_s>33=055Iqe
z9O)liax7Sc`>~sQsSCsg{Y)&)b5!KU?s`}2Z7oJ)Bpc$X%A<DJF9#RD*%_@?=&gP@
zE`L7CS`u`yU>U~Cw}UW2_WN{)bni-<Sd#OHNvlgOKF(dW(0u2%w`<$PQb{Hobg1Ko
z!Q6M=&$;Wyv$Q(JvrOwM&2+_UsFc=0I6u$Gz(Iu6MWF2H`3Bopb9}3WhNhE~VSapB
zH+>HFx3&)OD%-Ntsdu->Q=jkc?clk#2iy(@3Vh?Uuq%1lWa8?dcDbPJW|>xbnVCIW
z6}Lc?3Maa7kcm2<urJ?mfFECCrvYe(4dh-25siXSI;yz6QHgmC+fUb;iShh*|0jZ_
z%0@EF<adoKUL*f<k*&zrg?d#y5|~|H6U2~I1z0=CXGN^?rwQUJJEMeictt%oYa4kH
zP6_(4KgB1npvNj@s9BZI_OC$kq}%{SB+E`Ue1%<Irw{ESGMXSK)g>%o)Y>HwZIm=T
z0u`ci*#1J8hp&#|%sFaIt}!QDMX%VVkw4&>bnYs<!cKh3J+cWB|3;;nwPMD<Y(L)f
zJy1txCP({WKLf=lXE<XR4Jp?8e-x$cjDnA(_!BegW=SJI;*E*}32fi4Y=6S@pNN{w
zj8a+KtyYhScu}RII^S}ENKW<_p`7e#*i}hBn<mVCG<_)Y2MnfFZhNuVoiAgEDeCLq
z2rX(`X^^=a_BQVDuvK~`dX8mW<hJQS3Y~*#m+l$N7L1AsnvjFaD;-ku9YQKbKf~-B
znyR|psV^5l8gtCH{T{SvYx?&Rr8uKWy1~r!;0C`B?F=l1Js$OdtA)7LlYSP5R4U#l
z*;8^jh@4?uEJQju+&?Ro?Vsv8lmS!h?~7@4+Nvw}8#ow{MsQH)W0JkdqUOU*%j=7Y
zqRM>>*%?FEth-I}p?R&UO1t9x(rbH_%KB0W(GhXBo1;pyHS1EmHEPM^{QWQSkm-eU
z5U!1bgF%t)eR_o*lzd3ntDp&zPO3s@Tv@6xbyZ4JR$XA%%XAI`(N4kmbf;$L3hee#
zq*%PILzyO@V={kg@)A`=r5z~W4mk%R6aUOlQ`ZZNtgak>RR6<rmCyvKjfRkGd;QeM
zv6%%ps#rxsL@ia8<rAul^b9rg^7lu}`8{SeRgg`gj<81l@lrLRf`dkW3REom@~M=m
zwPemaIJBLGYus9@(9uXq_$4+$Cdsul2j@W4jaoA}qSO`bO%QQjk`)<L<j>xqCi?Pa
zIFQ);R5n3$WM}mBlTWcP8gFM{4JuP_W=pn-)KzSbYg~6c>=92mjgNtjD&?dq3uSJ%
z&tYv|T}>?2`TI2$r8n3YbJtU_28AhilY*1+Tu|GQdH~YnVC7d>o1l#03{x~Dg;qt$
z=G|-*1snw707)eC6EGak8XC?_yiv*h%4A;x;qa^(Z&8gcQ7n1I4+qJ;2k~f~dN{nk
z(Tr_^JV!&&>L69UL%Qh&m2C1;eL__$YPT9Hm{`={z^o@ePBTfB8JIf)d(QIfa_ou9
zKebzX2NAz8`+Ggutm|6@yuN{-MpT+#zY5l;Tm;gfu5pEX+-Q3A1eU>I4Te**x{Wzy
zBsZFkO%Sg)D#%2BPNu_@(#m}mS<QhtkilslsE$V6I3VlEU9BguP2O;ZBO0Pz_Wvkz
z*_n=ufK!t?RXaE+FwgcNpb;XgSpw-KtXXzLsmF{`Zwhu5l)sP2Ht00_@&^K8gM+})
z5W{T`c9CEHH*XwOQllaH<@}W$G4_;uK^JWEFfCu*9>3W32L4ob5PsQGI|sw<$uw-%
zaOx_rVt<Tb%i+s3ETznrvLew>TWdxgOKa65YpMLpPzSrC%6hNX%w}2pSM8qVk}rlc
z&5@-LDl3&mA_h7hR5V|FnB&{9SD{HRg-j9t*7eA0pV|s*pR#mRL2B@c7q!VRWvJht
z%)%P<r}#8rS3L|{<-E54+XO#nO8k;bAciROU7(!XhjQ*$!x^P$NV>0UwYvsNT}3!3
zTa#~@Z9b}<kij&@#Bjz)HhI%tMb=AQrCIdbVc+4O`4;i@j)7xT7_ftA)w5c?-ho@a
zY#rK+r)Je)DSp@pTn{*CfE~o*0B&vW=c}w)-VO?F9&~t#=|RSMh{*UCF@kQK3U9lo
zk?Ta=rL)Y|-EZTRns<b^O}{a29%+jUi1YW*_^g?p4b4H&Vxd#aQWQJ9oZ}yVfyF@r
z`%+{V&$Q09J_&mx_L+ZN_et4Yx@Y1Y3ku%>@tk{d#s2t2V)b@i6C@zA1d?M~S-PUi
zFTNI3vk3>O#;e_B^m#j~j7PJmcg#1kg4;bERe(Bt9USvNP5tBivrC#Fs~n(%YFNXb
zPT9U0*1w~9m}Mvb`cj9sp=N0Q{-1-Tj{i%|Bu7KKhC%F-@)CZZ4QG0zS?1?JuoY!~
z@spqn!|KY?tDP{nTWd!ZFLsboSq{xI*!g4yl{mopc2N~<*KS)f<PH1;x_sgujSyI^
z){H;O|Nf|qHNXOHw`k<I;s8NP1Aj;etS`}&R}Poh9x$I4a}zO|D(M-{6it+}tfTyI
zQ3Bbe`QUVf$|DrX&L?qGu-Ru}RMkCr!c2EQafO3!fK^M(mMTDzDF5tBI7mW^kF(7{
zGckW(7OR5VEvrpXB<~~^wSg3;u4)dJDiwshI2!n$q^9^3V0^dq7Yh@14n3&g;Ny#h
zfGBBdt|1N%@DJ?k{*<WPt1mnAZ4SXFf}$!b?V9rUMSUb=#iRW9Dw-e<q$+v^Y4Q0W
z9pSaLlEc}KL>v#N!X}o;{89xEiBwjw+BPafu!G`I??kW?t3MQ0mVTbPYLnxnQ{;b|
zda<5(4q^;*)SEbU9P1@<Czyv>X}doe6*+tksd@!(<Dx5UyV!bM^!g8h8wziOqDYwi
z9;K?s)544O_4Bq_&=)7=l3hVm2Ju%f-7ULq?|ltjHiLsaIY1FZpg`b%h@)Z@PMN8#
zd7*+Ig`gGpAjf}={3>k>dD*MEm3Ec+cHiP51TrMh<vi30;wxWP%H`=g8md}I8_pz!
z4&BPlu3QRdbS+~Z<J-%4Y<s`DI5UMX(V4y544BAOU9A;U9{9`+H=7E*u(3X2^l^?A
zX5ud^&7t`+EQHjKt&feH;fk;4r9p_vY`FwRNtW=C0k2+cIY?I007YVRR5wi3`+>Ss
zAKA%(0U{T9-8knqBj*papE@C@4V&@B=S)}$r?KQ(=g6Y7(ereY=ht&$`xkyY`ypUM
zKt?eyd=vlO=2deqa7f6hWWYyl>Z6DN^wE9Gf#P>AlP2sHJl_9!z9fr{?>X|_Ge_AS
z9lOZZ9Z|wHZ31yl)n)h7(7b!>CFC%O8p-(@d5aq7cogj4SXI4yVC|D+8C<QULmX7O
z$RRTafT?}RRQ6{Z+%9V1`*rRwQOGJW<lznKG|Yd(Pd9nj#dwZXBSi-Fn7)e1QMto=
zy-_@J+4XA-c?&;ZEj*`VI7b~;fqLudo2H5~5`JA_cYnkrFNYpYH>+Bs2fUK*s>?Qj
zMQ8Cp`y~@2{5b<&Zy@F4fOHv1hoy;};&Ug)^BnDdWPA_zAd-&&0eZcORLMqu;X%%O
zt6hGGU5)Pps*)mq_e}I}U`;1XB&QPtGpYY4p85FBYwAw!HPTA^F&U*iGTshVnKFry
zCO(1REuX7x2kBHcV;&MuV^>iMkjHdk%*Dp`0~0Hps>AMhx9-y62@`P*z@5qT0ZHWz
z$-HRp>APds$HAF|>JLiStphl&KLQsc{EwI6N43H}2Beo=xR)(@W0X9s8D+mGhCkjm
zGMJ9??`(>#gY%+&q}Ed`bdtmrk$EOfi2L$`ZQ%CxlIqST<>_J9JBN=$gw+Wy)@1`f
z*^dMV2Pl+xMET7++qdr=u#x;1wW$NZxIUmdX_w&?!{7w{Wfqti$?GGYP8>KHcUpW-
z_wM{uyMKOJ72))=KT>N;M)BwQ{!`AG>7Rk8oPn<7KHz84RfWyw(Q{Fa#Omb~Vx*2w
zKrzX)!z@+s0G;B7sP=jCn`c9dbIC8Von*ap2wSIi&&prpIMvY^WgkXAW)6e*s-c5*
zO%7d79Wi~>S_>q+n(Neb4`OE^t*!b)t&jW51-euh{7<@~JHMZXY<|deipb45WiD}B
ztL@F3B|Z==#QRIiyf04y?^6Bo$C1`|pqSNZ$fH~7&E?#gx>&vZ^Oup{Wfr*muS!O<
zK5;kbex-RYkE7Pl6!!cttCsU&7r@7B8&fSAS}g9)O#JYWb@=D8W2jgD?QB}Kx{hdO
z$J8G>#A^#uac`>weZ>)m?~%`pw_nX0QMYkp2>A`!In2aDp;&IPtqh93Op4J24NPsm
zL=j(MI<LtteSh#c{GZB&1B51lkY7n0Sbg({f}zA_a#quE$VTe@VR^vC?!LwS{%UO8
z`0%#><F&+=sCe>H{S?A;5kx`tk0LStZG+X>rsvzSAz)-f0k%qNg(pCpY>flY=@uxt
zEr1N)PkmN6MhCh#^#XlPB5S+mM17NQvBW<w#<HZ4-Z{h{YisZ-zjwGY6mQCWOC<R>
ztZv6?zt;GhnE#9Yhh|zs?ySfO-n@z`Yi(0hi{-qjd|=M!&i(c2sd$r(2knY|5)yW>
z$HI+_c(;x2S<>Q8o6TH{T(DS#T%Ik<wW`hMbUd;vj!-O5Z%S5No{^UT=cr6Nzb3hw
z1J!N_xRE?h&y!Rpfj{4Ej{((+RCd?ZsJ`l~1*8(fdg*jyWiOf!Wl~vCZT=BqamS8y
zAZTk6eO7s;JORw{rVZ_OHQwLj!5kQ>Z?fBYArh(o8P-<6mmGL!^RRU*j^V`n;bmS$
z(M|SS&aOQ|t>t)s&A@j9EdfK#Zd7Qp*j5>Xw^z-`e9;dlfm>8arl-+25na3qaq2Lz
zp|5!Z_Z}gBD;?s;W8zz%uys@X1jO48hCsSRA(>%=fI<Txte3msGX41W;%T4u2)?(C
zH*|lbz5ViVUA*D=vCG#dsb09@sqEThMb33sQ#-qc_L&0Sd8opzcCo;&C~W+o)!O6h
z-Tca`QHWI<Ybr=@sf&31RAcK&@c{N1Fhu^4HSM+>{MVWr81rsB;bu`|t7}lz-6wF0
zCd$R}=E5=_e46H};OJ|avlMYPzQXw6NvRIoLo54ZA^w<UkJ&zUmKbfuZuM!x3#)DA
z=0Y~bEH(NCX9~qjCqJJ$*2VX|$0@;ASvP_Uw?NF4>tTtl2Q#8W@yExB4*yb6FOyq^
zuFJ1NY7c_t;HhyF6E)$TQlW$Fbm6upUmp#um3->{l+Y{VIlx1p-6ws?BmRy^BI=t9
z7JiwSu`?=C8B8l%(^;C|UE`xUCutPkq%wY?V;_7o(^)-=6M6RDqwV`e-JfWFTq?gk
zGdA@`Bx8E0?pfdymA@5{EVw*7Jo&Un!;QqTdYhLWNp7q9XLDOI%kLMDyT9D-`uuY6
zQP*f^EqjE`HErP4S8il5sGEy-31a?Fo&pY>q1p4DA9X6i-#_rV;~)R&)ge||q@9u%
z&XdqN<2ls1!XBZkDDk*Bic}n5OQeX_#&=@7Jk#*{b|u;I=#a8*RA*0{HtByCna<ki
zhi#=-FxIQI9ITB@33wGi)GLrgwCauMw~rvpkSaE})!H%B_xkp%%8le0Im?L7dtwF=
ziFSwy(*aV}bw|VihlJGmolNWzz3=Em{yc`dAihO?bbojIK@2k1>(q`Gtiyc@!FSTY
zj8ET@E>CCO9U~NZRu<{pZAM|dwOsX_yCYZN@;}^W?b{9!3oN&P%$YjJbMeY`NKfy|
zj9XP0Z00WZsTmzj=5^$!LF$Nf(s*G(I=CN9G-Fps*VcD)t}dQ7FFw%%EA1bt_U<@2
z+R+LmuP!Y1?&4?8r#SeqB+f3j#*7pOPm9NpBPV~$h^$s$&fN)8i21KIq|f(n2Z=p1
z&fN`<Ja)lR-W(jA$lF|%9dx>wx?bJf9?o#1qv?9k6hT&dViA5_b)UPtr4;j@_cD3@
zZPM{P@bB)r?0mxi%i-lADv}3HIze%gS{casy?fx%_OP%(TpW^4Byb%yc+^o>EgfIi
zdG`ikej6Em@@bcpZP)F-?T510+6XCIv5L>Q2bKaCP})>5_L%VMAk8(fgc*}a^1dP+
znF(6ux{OypM}}SqcC66s-S>?W6+G%zxCguku90x7LA5!yfiV}&e^zLI-;^Hl4qrAi
z>c}fRgD)?tuYRrSY$Xm(sK+9)L^_{{P{IE2$DfM^x$5peaccMMzk>ov)5aK&G!zM3
zrfWkhzZve-{629PsrU@Oy-+J3bV?kQbULO$rn^7hAP))0R!_J6X3mj{gWQiy<2g?z
z+2DD<{X4bE^C{5DUxtIlN=oF*;hdWE-MLLB&F_y-I$KJR%~iF*+lpgCbi#oXOpX+{
z)})&!ajQ~88Mpo1bk=8rl%nXmfAgMLb&}};K#kff9^bnu@;{Fs_+yN%eU$opzNV#l
zEWaq?7S3!Z^g&3&y<S+^8F1A1K~H2%o@GZg%8trW;~SZt|3<krYL_gp&MuiuB!s!R
zEz_*n(@aJ>@0Ez~gbU<>>)X{euB)YA;;NGM&28>paU<!iKE4;e-#z*7yz;(hbV93k
z$>HiOxFnsZ?tnT`f2TyRCufp+d9qg;dVnzXK~&qWzWUPnC~N&QYa2zLr)>XY<ues<
z$BH_g)HMkNM{nyFM4q-CZA)s^)4ToJ_9RuJvO52MWX53Qx#qy#m35<{ePI<k_F8nN
z>*gZh{iy1Q`RYF!`pzSuAHs-qwEUgvJMJ#kar1Qj`*OXNLI5Z57{%)~5B&2d{)T{g
z%75WK3il1t+ouIk{}^27{R~HO+oAR>mod?(KoYky)9KfGZ%Z<^(#UPAkr08~ngm{d
z_sDc$^v$x2J{-x8V!!j`2L7(YPAS^1{2%axvkNROK%`=4P3$9@3xcuUztTLTa%*%^
z9Iz#p16&$K-D{TAOzRoviD_Hj+cc5r$>lswx2&=snQJH#{qz_a=ZEMjYvD>*`p9=d
z>e6cQ)5THKMfkn$I*gXf6^f<mjnIHM2fOAqZ?>A>29xm2x2HIi)Oi9A35kI>irh#l
z(s>mYB1!ntkWJrq;#i|}e`<Aw@h5FBg(tD?ZI6c2iPXjiLowZ>Z09dK7hkzZw#yt&
z2#JvmGbWv?{T|iBy%TEoTQVXZs>4R{Wi4$t)AeSVWtfR>*P`4={$oScRs+!gL`UY1
zU88Rw{8PGJZbAXCzK4#+YrBX$T$}}O$vva->&A?EWJWvCZQJ|EYsU}WgBiT+TAiZn
zPMiAO`cE)yEUOe#9I&?8{fqyH8tRPzc&r$TJ?_oQ1;&E#nEPAqOIsdO%J+@69T^Xq
zd=aD#r)+rR8D1MG*%)7U4%Aw8zH(jt@Cv%CpYZWX%roMp@F(#>=D>#V?77;<NNca0
zIdxi|^U4S;14KF=3mTj_w#)nkvpGED_flH9<gKb&apxu5(E22g|D>-LY%reI*Yi>$
z4q6_QS_w;9XmgFSfu#rN`l#*K6?<b`>HNf$r%L>c95ISyo3|X9d!G0oYFs~r;9KoL
z0#uxj$pzXP1r8elwOzE;tJ=u4v*<lqMn`W80(LdI9=cv1pbLw(SypkTl>c^ZJUT*|
zJdcYTsYE(o9xDFWP$9SSCf!sA@zfQ~5$d|IsyT<Fk<2|X5ObX+-HL07;$BZ*bo9w^
zHAehCNra(f+sLC%m-ba3X*)UE6HmX*BADIgN?WAqX4>vM%TyCU_$JT)9gF^U&Aa^{
zGgihS!-z+itB<D#Rus@+c9clh&4o5lTa~FxW_&xbb)c+8BG+h72Br0(+rlU^^~Q=#
z_n|6GMCy)v*r-{fs+mo984HydOg$DxSxZ}fP#&(!-~QOrEp0WhtOAhEQ;y7a8fvo+
z-MjlCRwp}=0yAI){r@cXBZDK|m9xO;W*NmTIeWa_C0lmS5ACHJaoF1Bxws=hWzWGf
zKRkV`*&)e%Yx&`iHzd|u7Kz_iRa-%xgQ#F(EBQEZZJN+Z3o#0(L#Z#BX}5(e+VF+#
zukYU4ZLtn+r;F{-x=r|NYpy^#%I;-h^7BLSMFAhTFZ@%~yP~+V#;$R;Db-phS5S6S
zv!Ft(mbOB??~Vdv{Xb?^yP}dguXYyW;Wyi@%MDj`YoIZ|>5mcZX2HC`SAiX4*W@E}
znXZk%X&U-x?FhMNJ5t^1c5(mQ+{7;FU1r&Jd(AmC*QQKL#A%`kmQ|Gxd(|Ra`qK=`
zbSD6oj8U1^9=fkp6R1c74$Z!O2>46n0E~~!(U~2h%QGsL$iH3-Dx*!PU!EQULUyFt
zK327B8DZegccS>+^)0I?QVumo=B8mN;YWpXfe9j~K18c?U5P-HN*Y{Ot!1>o#r)G7
z6IXM0>PC&2*||PU8Le=;A>Pg+db9c|Hw`{UyH*w(sbKvt)Hz!d=kJ$bLGg+4eQp0~
zK#9)F#2?FE#6DK<pW=~<wuZVF4Q+0*9q-fRI(%b7;(7Sl=cKVTt7$g^)BY(@A_iZ>
zlX)N1+m=j<cYIJMZFa}4!`I$J`XZ8=KY$F=Gl7dvs8b<B?Bi_M&DO6`Xwo9E*dBS{
zN|X~I!z9U8`}CHGZYXULDZl(oN<{Y-KC}w{mwkCQ<GOW&rFG0*adkEm!GF<90#7zr
zPUUDuet0dJ6TBY#7}STL+g;b)9zI@;?VGT<8IqF_bO{902D;O=J{jVi7pDqd4F5bX
z_P&z|*uHTpxjSVRE1>kbK1~(JR^dzqHn(pyVh;;1$~`86mHKYJe12X|cpW+$i@<O_
zvci$5^Qw=rT&*VYw?v}fk9O{o_`g#tCP)aFC<_>&CQJ!%Bk`|AuqOt%y|$1zT-QxS
z6~WKYRa9Y>v0VLyPB)w<V^vozGIbjrnIoxn^91OYcV+VXebjC&)BCtycdA1`5Ggm*
zi5nZZuwCcm-Q#V^xf`Dp5Xz(x*H`zzJ;8rpP_Oc=P`Lm!YwJforMyF?hU*|xjYX)f
zC!>AZUMs_%`C@X3eeMGM5~@#{MczO1+Q%Ut;-fB4Spr$n!h!kE<O6*Ouh&Q>Y~1;;
z$k6lW<31#MNRMF3-T9^y%k%1Ct~2NL;l`k;+9MH<`oF@f`1r1fJJV0<Epq3&eF#&g
z=Pvs9kCNfsD_!8b)lceo^0KC4t4Y62vBH75&p78#R8dGy^ziahBmoz+>r+O~YQat=
z{sCBUhH%{SiMF=)Rx@EWPVAAy&%BG<B>34j<YqN*$GP!)PQkx<Q0|%6$m6fx_)fFi
z_Mx|#36evMB{H<nFL<Cd*l<&A_dYjersrMahUz3Fa*~{)VPhlIrzNKOfl0CX#iRX8
zZ!P5MV!J1ksS;C?q-p=blTu=&q&VRdjq3iR@gM~<oM~vapYhXBFYi$AVL~Lg9IXlJ
zpQpV;y*ZZk0@>#Ef~rfLIf)?T6Zc#?DPQ;dim}tPx6K^Ggz<3=GR`CyIS@*$K3Gz4
z+IC$8-M^d|o6}}01aA6GO*)SxR6;3K{8r>Bne?Wf<#!uCf3o=Rc850t_2O={3$gz1
zb6z}*ivLM)r}~@|xBGM&IW+$)O>{~dGe$*#Qm)w78xLq%HR12=xYCJx>O<oHoL@&C
zu_mmF)spS@w?IU+MbhoBSMOWo{_Cw<dZI2H!HYTZGPH+k?MH4c=_|;H(DSXt=gyv8
z?aSCeFt8RADOuGE^c37a<>}rfNJ0Kn5Zl!e?Yoiw`Nu|wWG4fk?}<Ga@zZ-pn~u?R
zG=$c=UNv)}%Dig!n@J$e4jJlp`G*7HS!F#gF;}WSS9&%Htn7PYgxIC8_YVH!s_WkX
znrzAUV!Fzc{|DAUDZe})H3NfIaO@CVdY=OZ?{L770y~tkcDP}j9YR|fzq0q5kcYpW
z?5PGFw9o6A*J#phaA{EdypAV29#_?k!Lp7^=XCzAkhYF>8alY^=y+7tu_cQ^@XTD)
zO!k~*bx#iDk$qRjfai($IuU&~e$KN#M83K?D%LToIX|w=s+9w&*I^y6uo@6#J=&84
zF`f(YJe?mPU*SV49`46^v~u9P53bFVukct9_#UQp>v$<PH#op@+yT}yyFW;3K$%<v
zc7KR`Xp;^ISKPXP=7?i&{Q&tqGgUQU?2oUzQUgw?*mqoqoz%A&dkTW)TGSlN+X6cb
zAvrs2qW`<Cj6bx#Cue_0>e4bD*k>lx-~RDA`^pE%*IuKlzvF&<?`h?%_d4wVRM;~R
zeExHq2hY-4@JM_fJn;eYHBD930_TtOXyxUc>+rm;@MI&HIxV3#{WqTH&JU2U?rs&&
zl>e<Z-F6+G`3g^O1fSoHnq&Dm+kRC(7L$D3s)ME}33q@G<MXla2grx2RQ3IC?K{Aa
z<zvoum?tUBeG!bRir?GtaXb&ak9;k6^zdxB=f`=p<}m#JwRr}7Nb7qMg62CCcpi<d
zX`8}x=zZk#Oi<-K|G)9<yABUhcm^UEH32mrB=_I<hTu699I-R|(QWbfyT6h=drk)}
z_Jp;4BA)#(?;~IP&8mE?{&9A#`(4v@*!O=x*#{$-db4USU#J9-?>|5AyzoBqHI2FY
z{`3FuT>kPpJZ~yILlJylL3y5_JWs^)%zPjD>PD&N=NddecDJdy4$n&p&j<ul%M)@f
zDSo}izK?u`!&N-b{%`X$>N-3RD?FnSe10Qp{(?cBxx31+x!3`gG`Wtb@3tAFKGf=<
zZfL^U&?}zZO7_VR)xQ1hkKYru?zV>Ou-~Mxa|pgKrTgT;GCb!-d7rp9I^t^JF|xi-
z=)hBwz<x5G{p(%G*FHdXpIH9C-OCT}x;DE>VZQ}IRxxTO^PN;;_pA5yw)c?_&DH_x
zpRlh_I^uY@>_Wb#0u}Eo|J%OacpcuO?^9j}0$*P`*Aq(doL3y+>hFL@$4&tEO%vd;
zuN?6BVFx^MzyWi0c6jn*J3MuV1L}27|9O+af38yRKRb@~hst&S_A;7RjE7%H*5)f6
zH032|y*GZ3&fkT6p4=X-r&s>?9$m~_t#$5ov^FVPZ$~hy*Y#`IJ-d+4p7sA;!>X>s
z^Gk(iGJ@ue>({WMyO0m1|G(F;lI!r)C_Hx|7?nbE;f0ad{f5K;=peiQu_QZ?J7sWl
z&z+Jb>-#DLO;*+V68^k+{wwbxpFQcv=d<od?vxkbyEcER!ha8fQ6|)kkcS_GP}b>V
z1Mn#FRW}fiBwzav#KXzg2?Ozs<m-b2@eSnb3j^^G^7V~@xRiW-Zy+8N>pu_=i1i<Y
z`^WkZ!iBN^gK)oC|3SD<tp6aK7wbO==f?UE!o6bs2jQ$({}P-T>tBM?WBp5TYOH?=
zPLB02!AY_HC9(f^$m#b=urb!Z1nXn{OR+B2zZ4fRv7gsuURhY>|9;Ay{tMG5`y;iJ
z{L$GH{g>z7;g?tzx3IN`BennVUzpDLzn`M>Us=fduk1p&h1|pJMoiYXZYB$?8TpVc
zQt{x-N|?054%-;icGzi$4G0A$O|nA)(<|gaXzIO_5OgtUMbk_>>|szRGxRoia2N6w
zW<)CLW>&(@X5?#0k5rH~Ff*yxvNn_GX}hy^EVeKRlBVhYf5g3cd=y36IR5l>j!D8H
zWRl6HnE{1F!~+r{>Pk-n2&ka7qY>mtV3nY&ym<xXQaVfsQFq@rBMk!)A;EQ}8+Q#l
z0}O~HxQDE|B8sx2O9JjIhq$mLVJal_?^9jXnV!i^0>6L0e@)U|UG-e`992&}g%beI
z=RQ1wJU>6B^mcc`bQ4aTWx}}thjMq=2>lODX}ZasP-?=7PnhszfSTNgN4lo~)J(Z!
zlsjR82`4_IJ#WZu8b+QUnsUcrcS5-dCoa~WpU-`mBhSxIY07gaEH&Z87fo2hxvro4
z8xGDl&*kx7;z24&3KX=?EyC5WQCzF11aVzI1#mM5HBe{M<ktk^VRQhb#sn(EVilvo
zf{EJsw2}yNSpwknLST%8?T?8cf%H{;prCnf5&rirAeF=i3UpeUxlA`VnckDqpXkCk
z+V01AkZf^`ruG5u1a7cK%LRlkcf`4$B6Mj<b|*MYIB|lBJU^dnzux@{d0sKVoiN#i
z6CY&wLo((0lRT~>`165+k|&F>xrX9zHt;%i65tjNYV0<fyZ#oCz(m_N-2ze_XMo$D
z>E>>ta33f10ou+_`iDRPXmc4XR91`R)@g-ud$B_f%=y!{X!1$uJM{oab#dS&G}Y+5
zZ({eoD!P0USh+apzE>svBaqs7P@2u))xJ450dHfq9!T5LSa24Ah?@BnMgOMXM<5Zs
zC7Qsyje|qxCj@-lWIii$;FLKylsk+3pKuoR|4ZrrqNa0FmGuYc9wzyw*}5ge76bWK
z5RvhWA@JZV=3$H-z|z_Tk`M>p@0&m(I%r!0JqtzPF6mHxKTZY7%FYu`V($oiw#%xo
zc`8T+VSPKgR3~YB`T$4;92BI0c=%)X{^M@ln5wiK04aq7-~J|$wA_>kyfF4lze`cR
zJOEOpz17bSfb>QaNR1}&w&^@_6k)C2D4(M6ARZ>V`$Q9+7skH1P73n}2cpAb0r7CO
zcf$`bKA%^8URAXYJwSN~|51IrRMpxsf3F;v!^!Q%Cb@MQFLy1Ek-K=#-Nwf%?R<<9
z;CbZ|Z&EPNDY|^Y^dek!fbGM_gLmm`;9r>vc+pf&UU?Vb4M5k`%(37$^MIEO2E6hL
zFRvU1_!O&6a>@kwg_mOG=SKl%Ja7{ptOM{e{M`iq#bW@kTm}A>69KQh7qt7NN>;sm
zPsyrR?pZk-aP?rpfBIn&nYo0-?CYWYK@ObR35n&++OMe`OyJD6LwN-c&Qkz2=8Amx
zKmbd2e<&w%n>`51>rL!k=_qPT$lpzOx?}af9d~QC#0=u$vJBAp_K7AN$x7Gq@p9|5
zBDuY|P!7y-$Q|?lOyz^jk2~nuyb2D^+s#AWlbb*a*Llex9{yRS`=&()KqCL2QB|w@
z5q!})jgz~Uo8&GRo#z_uClqzhZEcP{sNc7gaMsQR=ePX;NHz|<UCRsQ)@cq|CAN&8
z^YtVXohO2-`m9qy%50)%3AcrvC9Gg)3FFCo;**5+<8A`U)}{LXt*X}c;(f9a)>hu6
zwDFumVE&qeLyd(+c<ulSXIm3U9~Ty3bAJI7{)%MIbKqrXa|!*iK3042M;a~v(@1nB
z_$a-D?{=}fyTaS6yy=V1g(kUUJ}(F6#K`T%v2yFQIJs+iyxjE>k!@bN$eWZ)Jg1Pk
z@Ex0X#r+`fW8#NRF2c=8;H`ajqP*!Y0dKhyCvO=A_;bQ@6L>M1KLp->0zSyW`CME?
z>+r;Ylkh05s|W{TH67Vto+aRH-h5Vw1E==?6ZHS)SfU%!6lW7iC9#k{0>DDXHajxh
zga_Qe9C-ADAc;I3Z%PwLdVewp4Y{Nrfbu)J>e?JS*DmDnfJ-%fk*+ilSXI?Z`s7AV
zz)4P!0!)U?P1$aU1)R$ZS`8s$BkMX;ACd7@jUa`?v6X{{!kGdd)kO5Ih{Pu+${X$y
zaP6~k@}|20H$pf6w6oR3Ce}28gaN!Euxa`*U3s|)q(D$dTrhXPOH)=gfux$Ce0iK_
z#&;Z?C-i-sgS={fJT`OS&6NfJh*&89T^u+QA0F}Qlmx*)hs%6g;lWwU;L`cEs~_Z5
z6MXNmxlbJjxt#~Pt`=i+-%D&uI`zYc5m`<HZwt|9+WGNh<)%ieH;wk8DUsTT=}jR0
z62S7R3G(_AyJ!c^_k1uG2K}2)QqJ-N6_xA%^k*D6pW^!8KZk?zDQ~@!p~SwDH1)+5
zYyW4#v%CMzCo0Fe%%|VEqB`%tqB@DLNdyrMND%zwIcYzKOL+PztU43ExcSxG1i?R!
z%Y3>epgJeND6Gvrx8lo`1q%X3T}k+6((H;wX<>Hd?ncUY5x|=~0{n!=M;b%V^%Fg`
zoA@-$mfD*@+8xFp8wbv=<@d?0(<aL8#S`SfobhtU{35w?VWF(@CQT=hzI$tv)I|Gl
z;Zrplf4ZO2IHf;$#n}_(^+cwgjFUG+k*Uj#ARXo4{3QS{vm+Nyb=z61a<LJlb^vcA
zoBmTHNST+^Jdq!dOOn8A-Y)nPVxfFI56;Agay2<>=gkU{rL#OZUp7Hr5{M|#23kCE
zn(wdd=aQc8Zvy8nT+;npI4J+kTffP8KK3_BpT4wW?E?#bz55)Ws%&9AP2|A&NgND1
z$0sNkRMnbF<isra$@{N=zdqx*$^5he;7m9)rkl5d8JwCv*&+C|xrC=395}5UH>l;M
z6>HV~Ai)Jy^VQ7tCO7<n$JPY!n>o@p^=V@F5?>V79(+kyn{+7W)hV&?MG1HOo|4!t
z_sroE&i+PKon(HK_X*b}yn1&6`13g+bQ)yd4*q9}u82Ul&5a;+0C*=cS(wy4S2Gk(
zBS_PKRzv1^(>bbtY8pX$n&@XyM4#;k$#ymr_5`zt5)#0l3nEJ3z@KRbe+mG8fWSdu
zJh$RYbJ>DGA}8RKvfRMrShzs+RLd#Szgbz*2-0{}wYE<CQ0`jJ$z4U%MxNRaQdz2i
z%K)@mXGiu^JN-52_Szx0PCKye$bPV>F8D(K)|{j5y~|o0KHlaY(+Co2tGcMYQ+e)-
zaNnEQxprpfV$uZsI}W@D=7Rg9L;*YFsl969P09(L*XE+pKT~<mEkgF!Wv>Z-8JPbv
z2+B)&a2`k$FrmF2M0B3OA5Z;8@{Gh+1V=Ge*H_esJjq)W2S<If5P#Z4<Nffl2~MR0
z1m=U%dKuwuMsjq%Uf-zGu4f<Bi30vOpn55;G0G1S`f+n$iR3TGH!_>XYL1lMO!FTq
zI5=eAWOJYTkorT>#*Q2hnUq$ZQwY7_PJ!qxFY!A>)3~o20rDdG$aRASO!TAPuK9|Z
zUpFN5nLwTm3w>7CrRLY&9Qq8%vs*)-m2|54b)!O`HC|Tp>&ApWvyo>vggz5H)cm@s
zVenx!zYc}LN1n|NgD;@w@4Q#QV@SNVO7LgLLir~|r+|1kmd2UrQXII|1371>TvDBl
z%U%eSsA};0b~T@T*G~N`6p41>zTZVgccQ;ZEMU~(0te2L!2&Mfz`JsA=({EWr)xh*
zMAugA2Z^+6zM}d{hOoYdMCfZ6>uXrgzW$5#^(^UY80+h1*4NDu`nr|%b!*SQX0g5=
zCw<+@`WnUh8Wo|hF|4mKJ^Px%`kF-g8pHa!LBK0-09+Sl^R&LEvc9JF?5lwFl~4Mb
z%KAbKE))T-8LY1vJ^Q+m^)-a_HG}mvoAnh|JEx8Z=c0QB{FMp3WlXM;SZyHEhc6D?
z`-x0(;1riF4v4DiO#lJs5*-eJIaPI<iJo31_}f&~O8O!`%QGK>q{VoetcCjYogack
z+DV<NFQBSc2Y~k%ACj0X7&mBox`^oM&{#IXEa03$g5TU92AgByVG<{rd2qHdT|s2_
z##jNr%t1|V)4lFj0InOcpzO{m2}!RCT=v%=X|{w{ei#UN*FKPb7%1QpO}|q=%NPTy
zMO3eAdMz0L9U}4H!F_rx722NqPP8v#D<bu0gke2{LEyo+Em6QZF%%XqLf_%vuF>J=
z=(pLiaKXWYvwi^OK~!9H9i1p(GiT7#;!tg!R*OmUiN2-zce$K^PY(rIYqQPnPUx%6
zq#^EK_d=h(V!8kyqqOt9f_anD!Sw%Hvw+J?{Ht)`#V_C42U2rCx<>XqPv)6;`1laG
zz?+D#m;T8(j=S(C2hNZG^Wtl{E^xoH3fyOTvto-~`G+C>54<D9j{8Gl|5fiiZHEh`
zs_M+<QqK~f_@K%BN#cbUzpOSTzIrpC`0D+ug+S732oPDXS5?jSnmz=nB!R|po&l+^
zssjPH%mep{B5<D^3U1;zr|r{Xy}ULaa2ubY+%pf{nXnag@K)til7JI$66D-R1bjD_
z`O4&2(AG6i#|!voPQX)Q!F@9axOxo)PQ?p&(i#Ya_YeC(YV1<;JNOi(jTi9pSRxa|
z7q>9`pRNczU0aJ3vt^OF83z~6aCA-U5kgN*_Ir;BE)4<qb8&E?<cjKSCO&{ckJwe!
z8TTPbmsHhy@dH{9?5s-9E&O61{r^W*wQl2}Mwh<|4jSy^?e2Eg-UusqS#=&EwkoH4
zoNm1k?kB=60&a%zbqDGjlJ-Q-p}(N%<emG7-UnQFMfDL_>o}-^5&;vxzH9k@xr+z)
zDIOG==#NqXj{~@n%T?4Gc|*oa7}-<DivUil@0zr6570T#{eKU*Z@db)IRXDKfq59<
z#w%1`>Touhz?%~zVDlde$CjCFV{%wOIRMyvqky>^0dE8FCU8t&b3I`s{`ZD3ID7C2
zhP!|Jf!1cQ-X;=Xt_rRk0dqN52iJf11y|j0_xv!pdeGR`JB@Gt0Hl&3fI(G#9Z_hT
z!{>zJU=uKByE+^kec|v>j<(*=<9Tb2`}S~}-`<nvy8MPeH|J?<OPUO4b8x}NRoC`8
zj~?hl9v>BO8AoHWRF3V9Obs2|*gg_$#`n}d1pg0*M>|V3SHLX*-f>_#TL<9Oc|vUc
zDbsahG`i&)>3Oqz2#Dy1z1{2g?rIZY0_UQsV8pL`E#l}0I*)>|^x((ua^0Wq)%g(}
zW_al8Y4~SgG(`U|X_(WKhAVE-Xt*|<hDgARP-Ggexf&XNI>NpDYH0Xa?=<|yUXX|%
zS~3IhCBvLe0P%1Ir>)i2m^IyP*7mP-e5*~N^Y}E+DdxunobcGy&E=^d^ra_nbr<ao
zowE^Rs+j^7;=or{SUC0+q!nm9o=JIJLj3at(Dvm&=AgmSHbKj^C?@^J(lt&aPt5%U
zY~i%^!Un+OvA$<}l227)Kt#gco@<}_dQip(AhnTrQm_5b2mJ`(#(hm-F~<58EY|Nw
zbmnZK&$a#&dqC1~`;~wXYQ6yNd+}cKeQ4kHU8?hRgf$?ulZ-R&YtaN=f@|4Sz>H6t
z-(<c{z-1`xS(t1#@9im@;W8L$O^A%2uuZ^|dGOwxAmBL(aN(>8oMo>GcoGNRoC<JH
zj)gChH~~NPR^iyEV$5UAc5o9JB7S8*087~b0q0hLdrB;PF@h8Duiq*hdkb$K^J}+&
zf8xQHYuDagApX-|_E26C9bt}L@?P1abbspEy=;%2Jjc(!MxH+ckhgD7&wWIFJ*BKa
z)BnszXFh&|UHXN#FSek+fE5mErsNA);Aqag_Wt&J-7oF|$pYfwXnm_6abI*U<m8U|
zCOI&Nm)nbD<ko4ia@X=Wxy!}539LsrXsG}D1We|;z|q_R^1mhzAYdW`*^qp;1i+aF
zBKj+UMf;{|Vt1Qg?`8Xv3E(BqyYHFk2i^A<l=K5H>8BCEnF``zD~N~FK|D<Q+yG$t
zhJ%Kdmx6tgc~lY)-T)5@dER}`Lt?N`ZBIH5yx(%ru-}xX=}d=fBG&e99|TE^hdlDX
z{;i*bnz7Sp%$3chpKUS+_wGjRrF*oEX7Gwt0w!Y;AARs1nukE1k-kiXm!?1gf$JCt
z4W+w+{S!F!zANH`eP`|k=@Ji$7!O{@UIL$0ksbue#zS5fh-fT;h4|G*x{z^g9QdjS
zF!{JCL_QALo59`X2PqB2!6|0&O#rYETBfr;NMCmWSjhilv^@rkQbAz9sQSoQ$siv7
zf%*N*nLIbPslMZ?YBl!{?(5fGQhjG8f<)+Bk_675{2-CO>yp5GiBDB9pQ;f5|5OtF
zhTz#8P<`J|1nE=1ws&>-9uN`1Tc?vwqk0344(|bp#A<c%l>UUSC-`*bJwHfwmsCps
zy%X_PKiyk_OKO2u2W?O2zKXui`Pm-2e)?qu8%XAFv^|Ucdq9e|*Rgv~^!>FR+IVS7
z*Yb&S>$C}Sd+~TVFsDfFm|rM&E_BH1M|4i+@RUvj*T#VATRRb?73bp%*84#syb{i<
zzQ57Ei*8wH<I|KCs%j<tou{hSfqR&&o>6@pRn?lbhsu}joa)=Es@8Z$OTy1ns%lkT
zB#w`fJLbpAfjMz<dvUznI?XJ1El-fUicD_ut!5*iVe1UpfX!)wKcPQ7JT3vs=V|-;
zP+oE!IJ0A+oJ-gCTn|}yI6`s@+<GmHxdPT~Ujns#r*0PT*Bmr#ivw@-tpa|-50Y&R
zcrO!K871J2evmrI{1^k?<}m_Z=cn-73c%Y4A|m+uIH>W>6|h(U-cBBrQ)3*Vw&W*H
z&iKJ36In>fqPCgHLy8UXm$Qqs`&cXv0p}HfS0pxg#a-^)Js^o=A)l_JXK6V%qKV$q
za?>7=7TpQnYR2no9<Z1SPNS?frh@a-U;(ey@_z-KV+C*X4FZ0`4-$-~YY)vs1YGI|
zNywvcHxCo=EF#l+;3YT{{J!ynL};;rgY#+g1Po)q8;)PukDR>XtVuTW0$!3$@ze4=
zh5|k^yGY9;N_7Z$eZGcY4Z-gMrE@;D=b0LQjV7u$&-p=0$p>#4!>^1741>XG+<z1X
zgVT7gP4mqHt{V)#I_C43|KY#~xv=|1M{Batknz0(*N*Al!*WmJ0XL@#_y&e+$!PF4
zj}rY>KS+cwb%ghW1-#qO>MRt1cT&8zK6pNNGVNQu6Py+h51T<mr-y=@*yJ-~9JqBm
z$d@m2^52M^+%X=X`P?MiAI$m0lmdgA`3&XxDRh3c0z|w&=YSt1BOMyA2d9zma6>m8
zv>X!Q25@?A2;HA^WYGP&&lzo!_c@5KS7Rxs_gbbn1l)E@kT<Uo-rS+fo<-wLor&J_
zQ{@LK`F0w65I?c#fzTWlJ)czaYxe)JuFr|iD9#m8pumMR8L#Br^Efy^&&Ii1_%!7N
zZ&lV`QawbkyrS8JEXCyy)t?ooRj0OJUn1ZYevm@s`?Tt7<CB$enE(^`GPV9Pm4$wg
zj55Ui9PF>m-;GC5o;dK{?FUKA87LKS^9|GoG5Yw#pVj*)_Jc&^<W@h+i%SOY=?uY7
zXl-`T9G7wZq1+y;?dvw=wm4|L_#7&ing4R&%cHyH-c9&j7A9vUIhwB%B4>fmL2f<9
z$!%7^nrv}5j3W3RpG;*dT5iP%KS%|!;3IlG1H{9R-ReS@azr$p1B(XVX$l`VoWXa_
zfiK_IJAC4>tA}q_AMo*hkcx+e>H+#LQ|a6dQnWeKwi~3jVBT1W?frQ-NEZPj-gEWi
z?&!9+c{fO>vKg+1TK}av)c$rYpDeddn<Tdv-zNv=Oq4t3Pmntoj+a%Jo(qwwe7+kb
z<J@(eP@P215AF_~L);0vPW;hskiKbAeOb)bX0myd%;puDUmMIWR6I;XZ2*>CIU)+=
zxKNI&TD#}ma1m{|&PD4y%oT7OZ&7TjYE3uvwT^@H#C{ze<U%hD7f~ypq8tUVguhQq
zb|DXYf5`CuF^dZou;+gRu;^o78ZM%v87`!MZ(@0Ex;^`87ps+bQ1uNmd}qxOQCe2;
zyDuZa^4Rq*RFEU0KLc2v-35}61>T4_r3PW!W9a9b;UXfw%Z3|V==bcoCr3n&4RfK3
zyjl6?iXLlH+tjp+`k^JCs6HOR^6)N@#B@4lMuc(G>@GycsG>Tz1|A%bn@DWbI6$l4
zQ_!w@QUNSFZ^QX|XAI@*N|yhu>)|cCSbeCkRG+S2?S?Vh+f<L{uN(}%@0NvOA`0*>
zRCgtm|N59qVqNHkVIrE#eDhSpyWQ;F;{cYy1oy$<jild~6u40J71in-C}8hjRqrE7
z%->>b4aWSWNI4{NyJ@YM4n9S>^@^6SRs*Gsb}&$*-KjR!^B90-$v^=g{YLe^kR)JZ
zeyP##i=;cw?V@8`=B>)R`WOy2hCs*oyiN7o$Hv(Gk82;}E5jHcGI|p^Ny~Ggf?N?r
z`sS~@K<Y4oH;c{nNc8z|7f6>OvQFH!3#3j6^$Y2{ETv%=NYnommYeet&CQW_fs|>W
z^%HHXhxkFZPgNhW2S-P^P_ltev-J0eR3E`*!yPWI_VgROn5_)%bJo}cce(#}CrIh4
zYK`=+dM8M?MR`}T6QucC?ko3&acw}8{}OPw@ZcW%9MvJu?9^gbUs<Anojl~369i1&
z>-QT%9JSreJh;^bRNsEga)R`@NRNZavtRAfb6i5-HO+9L6C*@)1Av9ZBYOXJF?27H
z_(WGGgQWR5pT>0iI8C!$Xvi%hBD6~myXU6mvZ~pw`*s=gTSCX>N?fS$77>N_JDK$t
z=^Oh@7c$)<qKg_0Nt_iccg&BI19Rf#_F}W#IxRu&TAnC(xlC@%a$hw*=&{ytz_#lI
z{1~C_UYc`cvkKU`lhvU70KB$L0Y9{p)wkP6W1_$9q<*vbA$UIyixsNB;biG^lkDN(
z{H3{qHjg|kW*~FPGZgSq4r-F;1mhy_zMyY<lEAV*a$IzLCrFkLBg_AJ@?ExoZ(^{P
zd<b6KPyyQ+tgs)vt?__u!v&nR6Qsudl%E8j^*ceTYh=0l;j!JPoSb#YBojQWSwTFk
zHo!(4TK5NWc#rnSa7gLKfxz|0ogl5<AK7==zZ0Y!Uhro>0_Cmo0xmOwa{&j3a$D|o
zD*)GxSX#DZN<z}B7n1-BT=v&#2A?5=*%_nW>g25o@wfkn2TLcPtc1h{i-WPjkpn^4
zU4)Lea1mpJl{-O79>I0T2KP)3^=k;sy07({open>x1E`Ey-izJD7;fd_FF5_MLtW>
z<o$uzZh8N0tLh>8v6Kgk5tp1K!Jpk9%3&>C53sGJ>j4!KI6tl}^y~6wmLOmA$4B0W
zUyEU}BJLS0avxBiH>Jyg+uB3VAdq-A#OK`$PU7#9d3bsr^?5IT$;oGu1bn93=gl5P
zc-S$K%3CxabmC5sK9~o-WM+4x(dgsbM06@1{H1GMXk{$JgDb>x*j=!kU&Es&CAJW+
z`%fqywj|L%+s9(u-Qcwi6#X-N%)ht@UV+5_KIWrc&v`ffos${vhjiQ<hjSsgD;%7k
zvT;1tXt14=&%_J3b-RhuBHQTyrzpGnpas7(^7)xA0%MYZ?-|C0%o8GC^)tYE*aQ|^
zynsLT(e*gteel|n1pKj&#`oem?Tk~6IiV-Lnyeh9SN}rnyO9f_7oo>mMxPQZ7kZ{;
zK(`;D#YM{pcgsmPt(u2YT3L*=T1{!y%4l^l3ax(4XcaBy+3kxQhrdVo7cbzMLqcgq
z=%?!y*+<txUp7%c(mbdqUF-^zqm)9t_=kw|p&QRSnVw_OV!%G;!<ar~V3iM~d+zUh
zK1{lU&4+hgXm1R|BRv8hZ!<iuFT^R$ec<u?tH&dz4?G?s^K5+IcvLey>^>KIS;xa3
z0gvA?JZ>t)zGHph@#fXzad<-Sc--Iv>4ST(LO(G)TK2fKyIV9oawFhT&+r&oh#&c;
z4?OCw9*?>{@c79K(uzC##=|^{;!)q|LO1Dn+z|nf%?ywHLfm$^4?NzudOV)(1CKpk
zknS0E74w7PQTi7W-!eSLM!@5BhQ}`o@w&hFfk*At<8e<PcvO2q>Kt(u^Mm1G|I~$=
zbUYjp@Yulcm{5rG|JDZ{o~y?ru@5{R^@8-lO;<5L7#=NOxX}OVcubCf$2x|`gN69W
zpZmZ=x_Ug0j_)0h8_E30zKZ!Vn$3@IT-x0m8XgZvz~eQB$0LP!aZ?|7xUU|M-}iyX
zf8Gb_p7g7j9}JJu?_Fqwj>q%}c>FKJV^$$f+1Cdi|8w<tEb0S~#`i($9DEh?gW+L6
z=|Why=cN(w_zlD3i9+n#-3K18UOgU#ec<sw?}PL~zpI!Z43CymF7#I&j|CC%c$wkx
zOd)>6+Xo)iSC7Yaec&<keUMhfUB&#!WAo!@7h0#|Q62%0Du&16LfrOlA9$?3dOZGF
z)H@zGzYo%;)ezM;9P&Q(4I{;pk^Ioq_oJ_`4}3rR{<Zo2=x0E=_oJ_Qb-WjS&Hmzh
z(a);=^j`G+@_)St(y8H$=7zQYraZcq(6xMu+&XQt++I9M4$Qev?wCJO?p!!QRzIR^
z{UrAI!+UfO$hLyT8cTcfykaZk`HO`(e`oJJhpiEKevI;*#8(>6`@<l@v(i3zPGI{k
zg6taQcAGA@mtE*bj>c0<7*68z45x|+a=eA%w7L*KvZD_<-hA~q-O>k61h!3^qs#Gs
zy%#FS(^S<;a4LEaBq*nAgCs^A_a58te*?VLtfs|Ellg32EI40gH7!<}63*IU!MW08
zJ=+{Z$3M9Pq{f)Qm~?{<Amgpd7ZI0GiT)V_7TX#@Ud2I8;q9^REJn+cXS?SEUB}22
z{Mwn6K~P?1(bjhwa^2&4oI%;f!TI!k<1v$8cMe;VUdutlb59Cb2C%GTbu~%=@&bIa
z(jP+COb8tVWbQFq)-zh(^d3kXIA}<lCtxy;`Q<`dTfo5QmbbL?>*rH`TZnxP&?8Ph
zxPz?;z6CwvWaGa3vS6It&>bhg3n6i`79W4k$!E6<^4T!C_<dpTaq)k4M2?Gp+Ck&u
z@BSEFW(ZHM2EF&u747W7A+!BH%+q}9L+0H3Le>LMo9N!~X%pZ}yjfxU!wpa(;Lmqx
z=Nr$PFF1P8(>{mMv(15zyb^KVbknD9b}#Eq$3y8eyRi3pqwD}_)9ju!s5nIHjBMQj
zQpFY3s>#)C0b|~(q%qvn|2!Ti=zo7U9>?i_9~s|GpY-pe$mr~#4KUKEN~e*#r_43E
z7>(8y;{2LW8X5QQd&twO2=a6+Y`x`2-jJ7(qFmR9T+NIkSC2Be+Efu;t{&VGs*8y3
z9eG8ymT+*Mt#vkNc@a;!kZGid9{M+3^JF$D<gR(~6V*9x2S{0LA1<07qN*V0jAXvy
zuU*>REm?iEpTydiKI1}9vOU3QZBO08?8UP#ZI95nKL6hh>@Juh)fcS~0(%mG<?_2A
zm8=cjR}F7R_}F%fi0tJqG`knLwvH50(|^0r!VcA{CIOD-$8d{W=*UPBIRGrZwR0?X
zp|+7CBK#fG8$FT$uNx_%isxNuNH;C$I{$4AY<<;1_w{1|EFZoLQr&OpzF%MdB<Z`F
z@r7IJ3aMvQ&*ZC(=M--PNMy{mc)_2?h01U}li^mLQxvV8MIkti=0bIZZVxW<oKmN?
zOIEaXS1xpqrJn7vbn=|CUTc@7gv;^?K1JF5GnHfKA64HAU3xA6-9tG2F3YXDSM^Qi
zsqTQK<LMptjdV};sh?HPHyl{rA0Xi5O7MCUg^+n4VV^l<|72kU-IHx&_@;DFeGcb}
z=s0klHqJvotDa9envc*MFLG{YF^b29HmkusUZefrdb@~P>RssXn2puN#uDjR`9G_k
z!wjeQU%Yml?h3={cREgOY@9|qPUg?5=db!W%dUMKTi7@s=;N%`X*Wn4hx=Lee4vl>
z!nKbR7dFmU`ZyJA9D$DW<2lu{Lmy|+wU6`DyP@O!q>r;y=MNp{vvaEF_xd>H*FMhS
zuyJB8vvE>%*{0*Xe@^whu8;HVwU4tqY@958oIz|H7)<Z~I;VPS^l_fP_Hj0cjgzO3
z)1Qqa&~a9tQ$4HoamucJoXW6q9?-{0VB?5%oF~qyo@M$tPh9&rPlb*1D}9_7_4z}`
zx&NH%S*VXQ_u9vKC~TY+`Z%#Vf0F6_-{(}%uk>-|T>Cg<!p4#Gajw_-L&ve6Q$5r5
zab{loI9XxiyrYk^PUjCDr|T!xGgTjF`n8W^3LEE7muYTWuWNZMb}emnX?Na7if>ot
ziKya|3zY>Tzdw;DqNXb@R1)Z^*Sq(rNo*HaiHJ>nG)h0FF(Rr@u0&G<x*pT%Lv5Px
zC)G2H(dXhr*G`{3e+;EhXJ_y9sb>4e^}ltY3thU-8;{F=Qax?N-;EbABt-Yq4%{Z9
zmKqnz2n22Cbi=nL{iA<tx?M!|>s=@*pjvz7AG53WjV|<YS1A287;YC)>6<QuF9mJt
zody`h%;+!_-XWrvcU<VqrJ$Y6HGJEg9sS!?cZjI|Jr_E5DQNpL4BrYj_CmKiL{z%l
zg+9F$v}Z|%Z|ib;q1z}C**|oleV2kZs`IRYUn6_Lca(@)K60Ty(r+7x-8pCYw&adp
z@Es+h`hzaCMgMltc>GVpw~hI|;5$l0rJuV{js9)_@%VGYx3;@_!FRNX>_=RvLjN{l
zJZ?06E8g1+zN1Cd@~sQ~xBl&mMR<qd+vdVv@Et9p`eqlJr+*te9&a^#E8N!$zN1A{
z`hPCu)W5xcJYH+~w(kC3@XZsE{U;Zipntn=JgzkI_n}_!%@a|}1s58lfBTGPw+`7G
zss4TAtm=6KsD2rJ>$U5bt$zsBFD)HxoN_h}ShR6mXH}0|A7{k1k5e5sPG?6?Jr=UA
zp3i)5QzhEp8O&$Z{qDK>BC3e5L;)7F{M^pqt{9I;8s%_tWZJH}O+@xrU8q_AZq|5;
zuSoH|@2u*X2Vn6I5OC{I@a{?s&2u%bvqi%9fo^=Q$}xjY3&-<R0mZZ8=1R1>Q?-tM
z2c$Y%^!T{&P7&3Qtkh!EhW6;TOOIVjYh7qzC&Td^<EcPnh5=_)&wRE{5U#H^*jOKq
zw_Ip;XHfo*oH6K#$wB&t#O6fiu?tnV2j%InhVSa8M*hx}FQQVYM9U0(@f*imsQP-?
z@&Xan52JSa*ZOxaGkyw`pI@F)J&%UrYLussnY`KiSE8Yvs+Gw3FH^v~Gfd8nwQD2s
z{qOJSd{0%p?S1<)W=7+t%`Oyc;L{2N&cd-PzHr{0xLritTP_Xf+uBttkyFcc6kem8
z_66@&1H4~Gf!8Pt^|A{cyBwr3GQv5H^3+Jz1NkCq=|_1JtHYUe?QkwJ!1-L5?uf+4
zit8%Tj>}r!agCmLT*^U%J#d$M-gb~mqP&~A9i;V_RjV09^l$b%q?7*M#eNa{eTx0A
zV!yTQ_dWLeH}-pi{dTb5!CmzCX7*dieyiE<<}37fC;R=RBQmUaYzL{GwMlQMzjN8|
z%^j*$Ei!%4IxSxAT5guRcvCR1dMLOTyiC{ZtlPu#ss{<UWoU%F>Y?DiFef~(dXn5a
z?LJv8GIi%w4|qq<s}6nFBvqmz_x7Gwz3pC*N{IjSowlx2qvch5D$(3~MHGJ~dS3N~
z?Z&+7&~driO0?=;5ry}A@w73oI`kX+`bt!IFUzZT@n3W<G|L_H6Xd|0M7g~<Np79i
zPwraYU+ya6wY=(!G_Sh*4C^*mM!=ROVAFPXws|AXMZTiYe8t9E@Y;q8xI<yJxi`_g
z>P6e>-jwYP@Ro(;Ay4{-lOH>#<yF_{dDX>+yz1hifcJ9HuxL(^cGfw?A>hTEz+1x3
zoBnn?Nbm;a)4F3B-Fdx)_AhS-sWlVuSFcCjOWjChWQ2hKu7D(NqV*+gw+Z-fN^mdD
zHd?@cVffW;ruYa9|GF(b@!9q*C+|5y^Qw2<5X58G5WqSPsSW{uy(NePnVTJ%0v79Z
zJW{&Pm6CCbw}Z4~OXS?@vh6IlIv2{fnZP-jgY&sE+jnDm)dH9OHPIuwjnL1|s4Gpf
zIuLMpesw#`ul^5P&rIIuz(g-vmIiaHQ+^+W|Ca3_HGdiT+-1&okiI+|Ja_r8Uqs%2
z7_%KDRpn#?i)sa&VpvnoGU&k}Q$<v<bTyUx@p0X9pMP5Q5PeDLSi1y#2czU!i!*4R
zb=?eh?s_IT%V?gpCV$nBL%vogZsdLV?<TfaR$oYKRU7tnO1EfxI)_r;D#UH?N8I<S
z>E6fLY}ofY$@aa@@^WB!XwF0Z-E`hW+w(f7fV6WI_yQ`(Y1;lpkX{jKRVbp;zgME=
zF<==pRPY<=ksB}IKs?~wQQ)<4qCZgqsqR}^8zP7J?y;gjR-tlkJ4th@S1BOXa!@m4
zo`7xtN6(t4eZ|SfxmCgD)&T`1@|^G^5Ff$^oO2s^UzN2pH(ITlk`weCcZBn)TK%7Q
z6_5&sI%L&kJ_}B8wvPb6F2~I#0gF1E{{!A=`(B$BkecHJyjY=k`u0ZWwWKYd#p)QQ
zDo@HF*?t=+$QdZ$ONHQW<x`Z4e5yj=;W||(`I|gzA0hacnZPnSN$_iOv!kcnwA3)U
z@fG6y--XJJMvqxccC`I_C?CyL*GAYQ?3OLze+_$tOtxByY<(URvY(pBWGfnd9#taG
z%ZC(@QnRl?<|c@!w4)OJlc%{C=|s2w2E5HlfHj)<BhcgxT2nq{Um?zqFqak>&k?`T
zb1t1p67a?Cyxegz6z9+G>U};D*dBc&vR)mm1ozO5dXwO->&$JYP#r_?ZA=62cQQze
z*?CH$1M8YX$IxpDVVRy2Z{w4d?mm(PELg$&iA;0;%h(xi;iJ$RO^#G>may~NKguBe
z5qiR6O9QXp081-7+hl~rZl$n%&0z7-{qF|zKMHA$6yrYjO2((}3vvFs-uWb~G~~$i
zqVs;$2ag(LkW!PbUjDW|C?flRtw#6qJ?T-B4Bo|Iyb*Rq=FMwSc+)(H=#CU+9^;SR
zml&lVvAdsCr9!7|OHbO`moVD?s}Mi(o8D<#_rlfDwtpYAoi2m4^M%OrkL1YmAMQ7t
z=D>29=HdkP`xk0=j#ejcRq{Eov>DnEI>KqyN4~SIamaHyXehir)*UO;+=a_lz)%g|
zylE41Lu~lyV2)AsEzH;9pog!sjf0x>edBQ%2bR{baZBO||18SIZK3?DQzG;4I>x_N
zK2=GG1@~za;L*d2a>vC&d1DMXF>h7IB|v$7EI5~PaDME30S|$m_?G-k@iq3bh~0tz
zJO}5$o-JU~C-e*U+0+l5FVnmn_siPa3}DP#6mviD%>+vKaF{ACs}zno0=*X_7Tmc!
z{k9swr|XPww}I43b#jCGU{86(3r#ZjB9qC_3h}z?u)Gzbmu4}!B(^FpvaJfy-OGF0
zDw;FL%a=cokvmStQvDs9Jqj0qR&#3R*xv2dwr!E^*4AwxJ)ZzR;^U;Tc$&y;M4NTL
zh?*W)jqWgk<shT?!ESn|Dn`2fW*bOtI^DjAOt*^X8QqQ);v-@x-3Xo5n%4JDr^VM!
zr@?*DX?7GkJ+=*`M;Arb0S|ABVgvQLuh;Gj=9Sf4O<tK!%dy*7-TaL`=~&@pG<>5F
zA9<p8eMo%5i2n8QP=DayoxSVBlx-lTIzwr}9i{nX1Ga&*?@DleMuS`K33vT62KOHd
zvG1kc=ge^vloxQ-wIOS+;kYfOxTP6z3!LS(9I!LTW8}*hV?*-4Y8Z~ua+1G$8>C2i
z%wN9^67kd9qu7JLzuhxFBeHQ<fABpEU?DmymC1l1zploRUsq$uud9iaUuVp#(`BTA
z!1WEt8oir((z|mY;QIND=6^24`3rid`Ib0(*H9u)YZ@o=bWV=ps%wpFbtK-I_%_Q0
zeFD5ozNKeKL+tSU;5-d%7vygLo6XbCvy3;_!=S*AaWbJ}&Yiu_(?xGbo~O^g4bu82
zBlBkd+fn9eGT^o(A!5CX8E;3=TmR+T(evFOcsqJd`-Hcn*KxR)^l24vG`z>W4N~hs
z0Y{sgx4s>{HqP)~;I+LSz1~jx+tG9B2fqzcbFvWe{+^__LE7e;5m*pbQ^&E8=I?hc
ze^73n_JG`8e7_u+Gez#0KUwZvI7wDr^nT9nd8C@;NcM=#^||9j)bds(`pacnx6U~C
zR23qAmjUA8RpUftf4dUB1Yo(^Z?=vTQR%iyRDPA;6pj;7y<CZ&U^Ni+b+=)^2dOy|
zaNVzHt(l!~fz<dUc#Zf*Th~cr{o3EDM2o`U=<OSmAfl!}RH7A^wOW3Muf}KP-mOGK
z1QAUGuv|@hM?)nl6hu@M23I7Q)Of%r#)+t6M<p`OEk_(UM|9JRuJ3*O7F}2D$P}=x
zRQ08@yvnk-Kx&=^-c*L;)$oLj$$2YLM`q|gLrZsVCB08z=I=ow{5rv>D1`S!KP=%w
z^*{^L11FNfAK*D<n)VI(U+@zf@jMrLZl#5tTOsY+c}^+P+NWymzn!aw)^wYzYWk<0
z!E<LfJgG|3Wz}lLRl}=DMD~AGqL{FEW_@36yol=muM#DM@kW0?WW0#%rz(-YMniae
zp(8YhbIDt**6Iw^7cO_ta$u<@wrH`o?^a`n6m8$F?WF4Y9osj4?%`|SH|}^VxNl7O
z-$D06&clTwI*v%kId)R@)Uy5BMN_YRf2sMc;QkUB=Y=pjMw?r6Cy1z`s}lWQhwBN3
ze`6}m|2e68wln-MPX7Oq{}YD)rORv_yH01THqPrORZqP>&ctgUr!H)qyiV16wQC6{
z9u!f_;?-ybtMdad>NKExuZvEqo>v%bzbw3V*p`OD_HftL!FIwSqWX_3QLGNv;_-Oc
zNxENYdmvPXqpb_Kd{T*SGss*j`@Z?{tN5PC#-&P>t$)9O$!sH)*;`Ml9);26%dyu^
zm(gK#iMy;?^*F9C*j7ytQ9ZXBeRw4(x5rN~+@9(ix2+F~sQ#JN=oAjh<LB)A#^?I}
zp2$q;bF0x&9F&>;?0ccM_wNZ`?SH962XSzY>TSC5n<ye~;A+&U_x}u&NrBEw0_#ks
zFY<1^c75^H??UxOY9|{fmyIK``F}$7Abp$>*FMgkuyH1K26^0DtX@dy`_yVQ@rr8Q
z{3b}^aD#u*$G#D_bT#^K9F*DVx?EhvoFQ^$S1S>*m!$^UPhx$DFVGx;-qsjeCau=K
ze;5a8dZ#WMD|`Q*;9c<~{obK}|A?+DDNi0cp?dleJD3bO{Cm@65jEYs8U?z7-=^#M
zuUCEKn~3r}Nkm-kY83cJkcVQL=kQh5we$PlFn)VGslV3Sxc1vtqfd2sG1D;u)iEh2
zRF4h7vU`AlH>6Q`jOX?Gf+r&ko?IOsqp!uz)XXJ5#=k3(Y=Gr&EtGa86```Dw{JRI
ziM|Q+Zfi-~<s2MZK2N}=A`#UetwhAXIvDm{4_;0bkt2RJ+8@>~Ib4?!p69JbzCQXp
zaKDI3(Q33k&{OZ|aL%15qSAh=(J3q7`d-=%c|b%J#j8X7vG6vgDI#hayBf7wL0cF9
zZ9ui^IXThhq1Jbih;(|j{3Fc2-mW@-*%h7M+8izt5!X_QI(f75Ux5g5RZ`C}3195T
zD$!*=Lz9!7F4gLO6QnZ3z1R*8&f5cbxm{a9`g5mhjr4BCR*?F!JeW%MyNUfavfrcZ
zw~PHcuJp{CiPZNKTS3~-+T^PA_x_0YS%Z?&9PcLbpH~c0HJLN%THehedkL)}e}d<<
z{1uU>`7v6XT>4JCb07xt$oDrEgOsrqBq4^@mlF#eJ?@@xyb02}LQb>&ty+y^z>{L=
zT?66wWt4DG17F3ti#Rwm&&Ih+ud6~Q9ud*F7S$8H7e4fxmO)j>^r(nPtZBDYp~6SC
ze3+1aZe!mw|Kke+gSk`H?let*Q@=wZ?B4A@YP+|wJGTRLf9_C7jdwGpmzHBR7V<17
z<K5=V4u5tEl-qf50`I_IZDs39W5EkW4(&eiO<O^#8yhIF-9_kYQ9gYXB=SzXBmJ$3
z@`3{J=Ee#*w}9S@X=8T@5E&OHg7*@iqRipIvXp~EW9Nmg{b%0<<suKx?CU|hPyQmG
zu4Jb}xg&+b(`W(jyIYw|mkPMq1itRts$;8=|1l9gY61&sTapak-x=D9oT05yh0>>s
z=zi7~27`B_p{;FF&pOm4Bf+`Slzz5xBsg_iOy3HUZDODxI|j<_*MSo<9r$1MAi=}5
zzB^<)a7#U{!AzdPPzV0L9wgymnv>87A}ZbrQpv+~pWj>%R{QW2CtH6q$vM1$(^>7q
z93F7GP1}P%53`CeiC>@2W9L5~id?7R<*nNKb&dH#A+4)tT)&>Ctx49TwiV*9gWqfR
zNXOHY&v2Ngo!LLnHBH2)*nJL@9wPI^+I=Snfg#fRR@qjNKBnuE-Sr8?X>?tZ=&#d7
zbWQRV4$e=pk96P93HZ`&oIK@%fZIlx<kn1My|z>ZM$<KksOx`QBi{`%aVtn^QzO%9
z+*W#zgO>l37h20)UvnI@mEME5VR{u>IzvQzIj}s(LBn%%1;Ud<+=L0(98YPJb3LI=
znxfyQVY?o@ga*qvXqa(7p+Uyk(p$j!j{yS4Bf)ztQ3zRUHrBg~1aI<I>KnB4nTk$7
zJcpCpl8yVTsfuqD%{z&<hRAINX<bezO`1)i_Z`@Ha8{cHKbfN?Y>tXC;3V_2J{Fwj
zBmtYRC;B%{X<@mAn$H#kTAk#_=2js*LqrR;JC0M8AL>K-WACE-7yqo+Y7%PWv~;Sp
z-<x{&YctV)kIt_`OCP5-)wQ<vo^2a}woQAY3XOeSL{m9>=ZeO!w(;HkG7kym7Yw2N
zB7CwB0q0i(1iWY%c)#f-7d;Z6<a&^XXne9Nr;5OBwu8HMB`0(JO`nkW502{nj)IN#
zAbD;G<&P~6oJP4Xi36uEj@FDe?kf;|+pevvS)%SIRn$jcvtCvoea-s0dRnu6LD-r3
zQk%ZM+*i%^RAp{`=sr&iR<*uo)`R53s;`WL2J=|zM@%Are>Tc}iuh65S-S-H-F5UH
zgut^^$p5&Az5%e5uv!QA*MmfKcEw>;vn4&|=SgB;)091Rtd`74wcADnW>z8p3=w_A
z?&s0hT$fy5h5qrVi1q<kCZ&Vd+@JU+)Yd(g2hxNqs#R})G`k9=7mMgULm!XXtI*hD
z5&Z$cLhQx#I*>}NRR0ru@kkxJBg0DV#lv+p$FtE&b2>k%W4bsEyy5oZ)VG{``HV?^
zo`Z(3=L(uEwzJ$$A~WqnG`n$#+6}An{U~NPQX}*CaviHTeY%j=l`-alq=1vWvz{x&
zFQkRmSUDBPWJ2G6vQRyrV$kz#k8|=X92}Y=Pr&Ux^t)B5zJu~4np}QW2htczWVk=8
zBYK?P-TvHYkRr{=Kh;q^zI$X9!o?z*3}7*{JCy!#MYUQDXCpM9VGflCD}d$BJF3vw
z$7s#_yV-YjT0Q$TWjK>1;h(fV{O+f!(8k9_bO(UN#QIXN&^SWx`_5-*n@Dih)<xgP
zT3Z*r{?c#iK=PPE>BE^QeOA|j)Stogok3og++T(K(?t|#kk=*mRiUNRMXhE((Io=$
zJIdmT-`WtoTO?gs`A^kDzR`8fm*1(rvsYB>f7Q{t20xAl>7}mVSQ~~^p{2zlI;#e0
z-92xHR-ui>BKm;6)1Rl^RE7M-BHF12`+00w6`Ecwq8;qn(H#2!0lMaR2>w-sD>Pj}
z*J<zgr|QW7u(S;jux|i(1BpUN&HM;8=tE>{OdYkkm-sa0K{jUK7Aiw;8OHqSd(}hc
zY2A-hr!2Xdwt3e8`|by-5S}g~MWyF8$@BCXA__cMg<ds08#_ZpcTTH9RfcbuJXD4L
zF+H@-ef_^x=Q1@^b~X4AYa31zk<x^~nh0PqeslDZDztHih#oh5v+H}+qsjKW6sHYN
z>H{s)?wznIWm~A90S$&TLXXmZCabFTn*jnY=D~Y3Q3$b_5!ORO=D<I;=zdO`@_biM
z{Ej|G;kcc}ls~c<^Xaa>>#|?uIR(@BsKHp59nu{5Kbt{nyo37cwrmIfc{A0;FdDqJ
zp$>dzGtC2Q98GoeueMO1v?LF_7vllvg!}XV=H!fvCV4Rj4ZgWl?ozT1_f-uAEOBsX
zExWTS)gj>2(cl#b{a4)OUa<uv$kX%J)4Fr-NvyJD3rH77f%jrkH$6lA*6J-F*@ipt
zzRmQ0Dgw7{gai9GQ<z19(`^py+YFM;a6i>;Tj+gNga$qEInT*yry}3GCC#R12$CHF
ze&2w@{aZllOcJmyUq3@Y@Bb)aXCWqT0Lef$zX8dT7g^sG6C9Ep*gnvK3pqGnczdjS
z$QD-bB@es>Lks<5h8Oy6@eaI!gG0KX-AM1i9Gkrw%1K}57-4J<2YFdrSdFlL;M4bM
zPs|ok)0Qgq7rLKzi2LnCoTK}P1;js0*Zf054=AAVkQo=^gd#)!X#us3X<dalaBpaR
zE=|s6G5h$0fYmrCzlW=?eTC(Dyut%M9wpD?)6LZO*X4t^^IJ|Xi>JP+;}_suHc-HX
zuFHM_-sgk46j}{1V?UAT%5Bl_(nwYG`b`}tIr(Bpt*cDs&D$uw_Jr9SF(vfwu*Q^7
z-&E%Vq=J+1<<Zp0{5`(8J0{TNC}%`rcOK;=PRpZg$jyZwwb}@utoz2}0RR?aqf&wL
z&dTz8w7*$?kM=jq@6rDLetgukq%6Nj^Cfq0X1)+t6vAuHPI;XfTZCV~vFF`Qgg=co
zaAt(n;p;fY$rmr0<ksWHx>%XYl-t-|dlb9AeltiLY@zh418}y)3wRu)oNWPcCbIju
zUfm3m{+zV26*=$;K1~_286?3LD6pN3ch5xKajqtxnCOZKc`-{iN6$|w-yFRr<x`uZ
z*N>dHIeKg{b93~(pGP*+`jO#rhdqwQvwhW%By=3VIW)enIHPKP-@7?99?@mjafZev
zV>Z*;eW_=tjmy$=AL8knx^GhzItXCV^j%CM@sqT3KlLwEp&>Ixl>eRTNoTdj7I08w
zgx}VoI&a)eYmKF`x?fhqJwjStt|e7y`b-h+pm%;oY?HsN3N4)}qHWsRcF*^Vmsg?m
znIfv|uAN0~Ny!^5zu+@!-}Ud}0W9Y>fz+4*UgLA)8uaBCX`gQbSS*G+i*&tuV5W#F
zR#qXRqZUSJL;A%tMRZK8La#)5pFT@OnX9VMDuNfIw-JuVT~)|GQ`Bm&8EwnWZ_qf0
zj4gZ?nQy6v8fous0!grdx3_j=yd$gWcvIQ^R^9nQvqV(7rV8a#9n%2Q$J2XTAx-nQ
zYL2O%EC379*~^Zr-X&rBI>cT?(39)l(Diki@)L_CvKWl{?^mIvB_hf-j6L}ny-!Fy
zruwv;tr8K{H&h`K18gl3k$q<sqB<j8xwMJKpTa?!=cD7ab+(A?8>&#aTvr^U@_do*
zV+V0<q`u`N$5hW)084v3V14f-e`6K$&yIXY)9g3M_$g8K-=lAU)D|z`X!(0n-=O|Q
zG~F@rjp%C~<KEEjK@P!>$PkHd?mMP>^gZ9KZ&cqt1HKo&RXs#!+nR#1Wt5l28>-Ns
zRLUn}0|<P>n2&lR-7Bdv?3HL|i!(NXbdwtSUGgT7reDRKLmffiwkF)Sy?YZ#bz@jv
z)@%nZ*u?JXDWJaXXeI}Z>>k!XY+}Cco#5@^2Y$}US^qZ4iwyU_T9{u;?1W{gw(ii7
zJgcbtTxNcO<`Zh?GXFy6+nu3)ZJlY{*94ven?Sm!Ae5KDfipju`gv<PXjslc&GP#N
zEO6i(s>yMh^64g!BDE>ud-{SOn;>uFCU!RO0cztC*ja{LYoT8|L(vbMtx15j^A7#N
z`4k5=Q=Sm;WJZTGNq{GFfVDm5e&CzS=3j{aI3?&mYWEmVVKs0QitvI$!`jLe&8Ik&
z+`kAX-`{OlwVaePcJ^)oJA1c34$AYn>e`SPR`WYD&o)g0XX-!!w@(4@B|b~ZN)keR
zK{kKf)qLcbVfiMiX98O7L2I{f*#0>uw|-;v4bzmYk<>Tc8D{I7uMfRH)pkSZx^l@4
z;B4cq%B~wC&(|57KqCB$#FL7PD&@nh$b4YuA+)oZlQwDh%O8IBb+$e;jM08j8108q
z+NY%y;m2}AeRrL%%{N7;tNaZow_h~L`uT^TPnV_~xrNdunvZ1P1d`{bQ2a#z=N#U0
zwyE2nOH-_yKqAi?nJ-845v|G}Uk9l<KTvSj$#^%>kv~oYDJMza52f;EyAkq|LDcrU
zNnbIWKzc3?28Fj1Es!^f7yQ|FC@+ZvXUR*#+L5n=)Hs;MfJt;Omb7o-t;z{Lvs<2R
zgG2pN0_Vqx0zNpH`ZxVJa9Wse`orrW8Q*=zfit(uv6k@Q84jEYY+vwi0|flo(wu-M
zvx$In7=7#=s`KyKx<jg_GumoF%8r3MU?BZgZ`Tq~okaJN*!M~;NF`bH>@bOaJJ|nP
ze1Dq*x7X5pE{RTTiwE4sXK67oks0m&=FFbDulgh>zy7&NCh{p6be<HZ^DGVlFUkn&
zyq8}GsV<}EJ!@p_)vtrJHY2iqTmQNihcs}DC(u2(2L;@kBxv`_pWu^~kJITL<DGnp
z(wH77h$L^Me<CNdrgi(eTI_R?w<^T8uDBk2=Yj6iEPFjP&)?4OPF?hR=>APh3*EmV
zw9@8t3-up}pX5JUg}$9DhU7um)4}-{0L$2mRp{GaiHP9vCjblid+Eh0?f>`5`}Qi7
z@dSPU0f6NnhW5t(>Qlk_9?O%~$4z0j7$2xYwWT6@$B;*zW@txjwYJXorz*6kR79&;
zyGU)8{<#W$TPmUzVPom<{eP)K%SuHpH{58?Uan<pMF&-1IE-chOG+(Ba07TF!9VsO
z?K6aa1Ht(`gJJBys?fLdC{3Qz{k{dv4-=`+dGRRm)4-BEP{6<ZR`ptwLUSD>tjC4u
z;Xti!3#`gVS5)iR(^aTro~YGj)yI4HDD{IHzot0)|BtpIa6JfM@t?0kwTyR@0W3=|
zRiPP-w-d<wKowf{gos{NRcq}NBEp!;!5u^nE?1$uSljEv>K~7)WqAt!r}}i>`n!Vd
z(*P{{HiAU{ZcGMmc$@10EX5jsQb-?TvJ5hkeucJ)G>_h|jed^g9o8S2Ptn%z->i)u
z<8G>DzUc3azG%8~g3nNXca+vni8l6cYoq(PRkhLM_?5NMWA!Dq(PQ=U+U|HfB%Upe
zr*!Ho9v}Nt6}pSb#Yb%YTAu^|I97!+=80&Zrt8y{&o{C==XUm-M@x@TJ@cMHCbc;r
z&^a*bsOpJlu^O@6EN4$^2S-(pwvOoQ*{}ad1pReUb*^XY&3n33>zG=QCK>Knb+9{D
zb2fsMq^j0P@9Y~vnnnD0p8ukAVVvACKVA;ZG0W}633BVSM7e8ulHB!?$sOQ1h1jS`
z#=AprqkjD4jUb74(cGqzYzLmOk=1#=8@we$9oVsv>K)rX)Q{i05hU9$z*`pX!+*ue
z$>&Y-bPmpsok#N!BIKOZ80{J9H}4+JrfGLqezg&##(N^$v_l&~djD?lUL4r%chdXy
zIdCpYF7%hgJ8&%rHN_m9zchvV@)_)&`hRQ$DPkK_PhWl;2YJ8WNaKA-0-qkU={!}F
z0apxJgD%e(QO7_5Ba@~tYlxp-#{BfMUlKo^`ZWZ{l3!}RVuLxo2v0Vw{k8m3^A#JC
zuP?%1Iz#>RN$fn|WW#yBJg&Odm^V<Z`IFYO6$qT`1`7BQCwSK<h3-d1@Yh4;`fD4h
zUhd>mmD6vsz17c6GX9b`_~%(l-p$nS^@Zt$<{@GJ`A{v-qgywW3<YN^pQ`K}8menb
zOyDFklE8Ae7BHW@&IC@JOyi__9-LD+I3E%xB~$;L$ka9yX!nv6_)0cv^?`cySKp=5
zK4wMkgZTIYJA*lGBlYnYZ=kr=<ubn6L;2Q}OZk>{QxPUIuxVsBZdxp)^QA7=;OD=o
z-veQi+t2dynPdUu?J)*FKTA25+q<7Xd?QGnTzU_#k(R{Q&*sw&zJ8XHwGkxpjQG$c
zny;Ux`TFl~0IBX5fr3SvuWwO)dH|%dZXce?tS<Am9LSr&!TA~U1g!TPx3OpY0H2~@
zK3S<tg*+|yCKt*Z&EPES_VqKFub-i{7cA6Aj+Re!ZUY-5<Xf7LL*j_GUe5jga|1{M
zh{(MGq{cyXpUOC|lKX|;ah`G=;NIehmkn{m%&<5@tF3=Yb?)hoBeIl}9vVm32GVc!
zcBSpAvq4p@CBq%~Cl5%C*HhR^MmX>(4@k{PfW_;<TXLHN|KI_s?s|$R(YdoXP@PPk
zh3nn2|8Vjt;){K4(&`f}WBD4|-7Pd<qb6lmk#^oX!y({|tf0PKvO$Yi^65SL$(p_u
zc$)LHXah)(WJQ+4)f;F{BV!Cf<^hc%Qj~3(G=`|l3=~B2A;|n9viINvJ>!SgcmaQF
z17DJs=ar&7wIM8i_@2fOzuFLb_iW2|w3Zy9m8NgLQ$ut&(c7ijYtUY%x4#3hG~Kxd
zy}m$1NdOkdU2D+Z1tKE$z3J{X=-2|9Z_C}g23=l2{8lRC<Xf%oJ-ds7v}?L&4bq?Q
zVe9JQHbbu+TA#26Eq_u(e`2*PNgutnZ%JH(UVl<VHEg`z+S>cAL3^L1@kd{6OZ%@u
zk3T7*WnsSXLJyU-#y`=st?GJ^n(g526~=+IuQg$~w~SbW_Lfn4SJSwn25!=Pss=lx
zYd+QYM^q1)2c*pnT0IeqvUZ?=M`wdqN{W7-Dv~Wb?$K?TMLPre<`sI@fxy#p+ZuGN
zOw{fp(cxIj#@=)|R8~qy(zcHixfrtsJ-&e6DN;=SAGZeG{gjAaQt6!~k3S`%3So^V
zE6bk}QIlg0y2z(1ZG4)tTve@H(HfNb6s5rpKxJB=YZeb(Gi?5W-Zet{tC$dMPsYpy
zuxwrrlKy{PD!qrq*mf|0rGV&+AJj4W*$DE!g}o==MZ1UOH4nXqq_?|8UiPrNMHpVu
z?iV3`=1U%WhE|_1oxR*gLi+yi?!K*xwzly=l6xq-OZ)_%sVqIBdI(RVt>@46M2|-v
z_e4M2?({^DRUY(2-;bQ=iGG%ToF{rbcBcoVQ@1gH&Jg3Y#L*b2Yx(_h>$E9yd+}sB
zFlUn7G5<cfbKyi;<>^`aZaE&c24ymNd|$IWnM&<?w!ZX^>Wel{?O8$H$MTGVbFq=e
zHyvNm_$Gz<EGxQ#?LPjB#y7(D=wp;-twGz^zQi+Ks+IFZj%hBg1L-H$E;UMQb7mb#
z6IIpPI_*QbYdI%(6@l9vaQL?Y<k>((UCSME>$C&fIR*k3*BtML5^xV)M1A)!)`8Rr
z;PY}l+dCd!g9@J(ktT2FgYx#zuT)PefTb*v#z@^YPEFKb;fQ|B)#B=q?;OrGXw}mq
z`ukU^Cz8zg*K2-d2n_XT4VwG3h>nNhNMLW~Ic+SWBYsWrVB?EbT8?-Pw_qYB{?M{@
z)HYgHWGCxm*6DY!8^$6qY*??K0SP|0fH*k(naZ2K=v-)$JLdCpU`~wOUK}g8PK%Sf
zmdDFoA8{IdY1;&B7HJ*X6cCXw4hESk1pKk8`b<=Q(6%@j1TVh0_O<oYo|r*=jm$lB
zl7O=l;KKI7;M{M5^56Cc=gX!Tw|O48PY>nf4_<ol%ez5D5(hPLgctEJDDy>Ot@a(4
zdG_3O;5;=@z~-gP1F%}a6;DmX&4fl*R4oUV&@F2n)vF}{zG>?~Y7U#{bsRX`IPjg;
zW$z}#{@5vt`~G#IIiK}cR8243w;rT*msM?Fm-t-ioPeKyYFXfT9PDT@fz!5z!t((c
zlLPN122Vg@c|rib5$iw_!}2QY**eH=>p?QH^@TE1#;XY+zLt6u$j417XB#i6&M_vU
zcVgT#hJt$wpP|)c+)Z&fWWb?@;E=H{G!LPoOLhLJs@7A(9Ws$^bAJKnE?piVG0hYX
z4o%4?F|)S6Cu@ClCc9fDS_?Rn%J1M?2yFAfT>v6lO5y?z4$T-YU?&GP(iw}J@at3@
z46=6f%X;=19-JR9dqLxs{ppE#F`>;BRr75LZFWc?5xV?K0tvX#*s`AG^q*b_(iv5?
z3cP?@c#CpU3Ok$8sXE(L)w-X-`|ox7e7jF>oi<T!FP<O==8Ts+<`>DG3kzkHr|U*)
z5%)!Vu}N;7#>-vHW8^NLb5Am!a~cTPoF@47^F-OPP;O7qV!xWy9gdLLn#knju=_|M
z9-NH?mg@xUUI$Xi0Cv_)+mkJ#HFk_Ol?KqhE%`<GtK@E*M*W>Q)<4UMwhaKMuBT5A
z)#G+x^|DAjX;JPQ)_V^0+I1j}84zkaOX5T0`MP*I-@<WoV3p<QkC$7g70K<zg|b@2
zX>`@rdG<N9nnae0U@hGvap1L)SbN1??&<455(Y%BrTfS_kVf|p*3uoE6S-E<ymcVe
zXH=tAFKD{F1}amCPS(!DJ^dxElN$+kp+j}nYPQp&pmm{r*9T~P@c@}W5xy-6sLoea
z)!H<;8Wp}Eq7!Opjg2i5TR-bieRmQ4MeyY`J6mHHsn2WsQuX8lSk?^?aLRvF@A|}E
z)@&m9H8-uJelCe~Du^wQ(1z&1aGJEFR-?Hui0DQ}8zbH==T+wcnlGTi`{`lTqviJh
zr24}9DYaCipH<ZwSgXxluRWt0ZPE1*v*UJlW|OoDsH(Md;U2kTJ|_p}nB?|iUT&Qh
zBX=#2mAi^Kw_0TX0`n%#e{84gl-+Z18=ny%FmX3cz^C~%CFi$7;B+Qv>ujf<2%fhg
zy0-ZVZM~+(Jhlig;^6$thJD%6C+XZu{zVbK_+;o>n@$5^J~&lV@>y{{ZEJQEVPhZM
z3#^X`MR@HCk^5+Vf%air!upsT+DDV#$Ad-qmrEk|@&9r5=J8QgXXE&D=VqA%LV!#%
z*(4KiNuXAgEPx9)2}{H(db~*8$^@!}MKMB<otpt+NE9=0k!tm2aH*M5+gLJc)VBty
zeS=FIq*(2u6VNsgTZvhi8%XZ&bCx@E?<}F;-(Qfq=R9Y5p7Si{Jd1lhg%PlV;@9BZ
zVT5z&T?S`ig);5E=y0U>D4e$U7>v7(F!DcPFz&BV4u29I27F3k2%j<-RbenbXD}Y9
zP)>Xv9fo#ZACp1GuppViS{}Bh?-;CyDwI3_Ju<AHGgx*FR*ex>)p-W1wn9k@j121z
z2CGejwZRChE`g)4wp1w761fp!-K4=9#bDKi&CAAMJzk-lxN2lrQy8oxc^t7XF3bmc
ze>~+W+`nflT{-lO;IrWTA#@h-xjjD$6zK<OS;#?$Z;7BB#5zO*h(S5Bkmc-701?~E
zvmiR$0*;G-YvVWrTzgU^T(E&Sz+1d#E;`)m{7AU={1Du`IOzC1fx;IiM#8sU2jT_Z
z;(dmr`qD){-D_b!Xv^k<d`mp_;rpL`AiIk>a@Q7(Pky!!WM?9S9ZzAGT>$av?cgHw
zJ~`JgZ}XYZKEoMk$%FK6;K<v7aef?#gFJZ0F<-<%Hor6$<I)ab!E$2VK9Jk4<%qw0
z)cU{sK&}j%U*{l*qBg&4=NakX+tB=o&G0R>REO=I9q`_zc}KCkpM`i1lQ`nX5N!^-
z_kmm;HisjpL0q3Ev_8hcxz4}NG0dS0&%sJ#!-+rWx6y6sHTyu`W=ii4OoCQ-5{UhL
zhIfF^^@hW1SD+=pTf7=f@(!**OCO)*_4B!!t%R<+3S@-`FAPS1*Icv@>xWt1d!|tt
zofik!;%{^Jf(%!2zGyc6{CyxttnYkieF~vnLGhobzFGMoAv~A3t3Vb4^o}<g+@gIn
z_j>6xI%jPzllFovUC#NU&Ht)>*v`)&@t9cG4v>4UEN>Rg35xJM2u&O}(ro)*L-Qqf
z%729x((cG?l2i5ee30R9fl@y}G5P&N`uqHRkOhlU3h7WZ4<xj7JGiJ{Y=-v~pXvQ(
zlF<4spXU81pXD8>1i9@?D8jT}6GzY9`+GsQ<#EI=i+1*U_tKbdJzdqAIPrud`q^vh
z4AHi`^Z(!3yTGS=8v!hs=N#AzvXDd1UbOjryf^afRhc+)_6AaE&Q0!1BW)Du=1AU6
zJE3I}2OZ}h6qJL!wOcTONc5Zg@!#g|HV(vte0sOUQ5?_M%lyl@K#7_by2EWBwHtNu
z&|1A)LjMO~!LSCb2eYHm$@6<b{@MgJ1BnN-$s7+E=h*ZQ;~d@pfR_JeZsYe-yE<ZS
zW9i)5cT=Bm468qEZs&vbwR63-dqKvw|8#s#5`U3ReZkVar?73uXLx^C39{V+#rL>C
z#^aDYg*h~53CTyFLC34Cm(X{KOuihWH2b^_WEi7_X!%q6`vDus{;^7_G#-kUfrM^l
z`hUh=knJgy_eG<D`Fknv%i}V-k6Z+CO$@nEa4xi`wsWy*vkfS1j?vL(Dx=3<7sx_#
zY<j$k(IcKq-32NGE>Jq`2&cp9b4DE7&k;Io#&q~o4w^F;Q+fmw#&Ko@t`E4P(_z63
zy7x^_Na%`7(BTD_fet&u>9Fg&5MLtqm*0ix5YLIuEuG8_!+X?4=}!uu(@k_v<|if8
zH40kKqzcM`giF)m3D?MU_#mdkGnA*LGoK!f1}~-x%1oZnUI%xa(%5hw$dDSOy$<dq
z{XLKevU{9T>Rt^+yFfy}X0g6Ma?$r*`?IPK>p$u?nl}{Fx<xlu*9N+-rpujZnwgFX
zTV^X&r2Z|nDI5Nz9*Bd`xBLFY?rW1cgY4y=q4urpV!GuoRI!$WjzbTJ@iEb;PufHx
zGdj4!c_c^9(L9jb#6W3p7_DO6Vj2&{aV&;nqYLE2CMXVv-&A9S@2+9+ub}W>%>!9@
zGz$DU5D&*ekq8nBhgo@tQTGw<FzOvxE|44mRf4k3WbU?eAhw&zTl3<frY_@Pb`sNv
zZgr7+>tMUiVO7L({fNobifN>44p|dfUpZdi1vO%Ql}{PhCp^X0mrvKXCJ$u)Q<3Y_
z&N`-zH2_6xK|+5}Rci!(-U`FdTMYhX6#l&!KX1i`Z*gJW3u>xCLYDM{*{@UEzXNI+
zT|qX@|M^E9UDeK3{_saiSMETVPUoa_HQY$)DxdtF<^9bZkgH9szfwVA3l#QOde};Z
z@*4&l&WF84?V_;%#b9H*xM~-p+nGlFx8VM;eYqc6?&6^Nb1Z*N8Qt!y84X|=XEJx&
zt`5-z{@eW{x<88=SzPG4K&gTLegxv-A3;(0xYbLH<Jy<d{7;&0DqYUrXqH5Ot7>kf
z`rzTIM&0z_Qy@blMAZjh#B;nJTEpkkWDk??<nP>|ZhHUaAls{G-L|Oye~t95pfPMN
zo1X&N_9XbC&0oTEnFX!=r-^**;ChVmv1^iXfBci61>?hixe*`s%Z>Q(Phz^_Q_M$m
zg%Ka_Ng(zw15fWHD2g_2)4h>)vHM<%8w@iq4&D&%12NV)ncoQVwggkp<oiG*{{I*s
zi=oAz#^i3;c-4!;=wLClFx$1cu#DMGi$S!q9EjQ-FSfzM$DYy%vX)nFkmp>4j_(qb
zg&Z{d5(IMR+yxZ3`2WGUViWl8OaRO77X{CJ4w~ne3Cb)kxtp_qsG7{(-j6_ZrV5HV
z#oCa=35GmD=M%sc>wPn^k><FH!0os&UYAMNY<_vJXLl;i=XG-`-SbX9hvf7MU>dN7
z-8}<{hXH(MCOf*H0{L**JFFi-)bz2wG=cDRh0pO$X1x2Wr$YJ~{+_R@#8>vYr$F{+
zK?{jz3X3stCJV}LU5vqa7Gv=7Q#5y+_U%cXZ_w5F|GL~`yT=I14CWu?Oa>AwOxK&`
z{b~>O336LOEFg1B?>;gX#DeWCUXRTeufLbi^iE(g7OU}jOQ&xJhWO|xbIxIX{wHkC
zubV=1zSRWca#r_axrxqsnr_Ykt3dAR@%%bdK&*Cvt1=Okdn&+%>C5?VwdDb(H)B1i
ziLDFwD;rkDCjcx3CYsZxiwoiVg^3{VP*p3Yy^r3+v}bKFSAnZarFziWJ@n1i{vXvh
zO&5E4b|T2@RMm?4L@(Ck^!`34sK3t=Od}`MVyrhsJ&%8<IeLz3WBff**9zJdo2i~v
zd7Be`84s3d;~rvuMzfy+8S|Yre^-mMbae=_ncwfuc$yC*38c@QTNqrsljy1c;=!W*
z=48KNz4Wg<doO4$qr7GJJS8q4WT`b&WAjh>AP3=^1ZDD837s7Ut!Jy9=qwMd;~@;j
zlk=2b8_2@jAsD|4gK?I@NM1u>1ZXWNy5995w(+60w6l3vFQxPL>ApF)vNb(KzrCsZ
z*2VgD{hWULjqY0$>t|j~zv1y;;VC^YWq7l_78`Gs8yV~ZCt4X#^TOsboaE@f7Zf^?
z#Ngh#hspQfMAyBEUCa74O>?4!@k~$YVLFUNb(q&b(djTf70T96m=1H;$hVGEP#xyY
zJyeIOt58LPA6J;(IKe2pg$d9?<lzI<Cby4fc?^h+p49Ch#s03Mf7?f~yCSx}wi^Sb
zdKqsU1tQk_I;{tZy@O`c{8yTNqs5<Udy8$OXg>Qp_QdwP*|I0LkIcF~v3+Y+?};4`
zQN1U2uA-_vv2z^VvnO^e!<~CTZsP9=+#Hq%pzbN^v!hnzyM{K+@$@a2?HO29;R!4*
z_Y5v8^ITm02jVM%@zEP*U*`9#WWG1-0r^)<r{=z-cHp{PklS7gl-edj(JLS!E4>?U
zhUFDBH)$KCsmu^fk#A={W;*vF<Gz(mqcoMzXo{OgXsS8lZQydFe3mW`>LiW&J7KJY
zjAHz^<4KU)5X8JUkJ}TxH*eJL#<)o!){#5HEbkvHKyJIjXgg!tTETe!Lr=1E{bKBM
z-L;9G+u2T38%NLWV%E>S=hFPZJlTns#l_|am6M%lvk5F14%zF4vnd`Rhv4DOkJSV5
zVEn$5;lh4^;sWz+EdPS`b)hQGQRo_ro@6o6r$)B#D<#HLcRA7ZY@JuIb^4!=y-qWe
zSM770=xVl3ZH?MD^IRvYFj1Ie*?imwN1jiC26vtlS>x#Xvvm0swA@K}JaZ-G*;*fg
zjn)4Ioj=jHUs8S1=HJfxbS-eAAwCjM+V_InooKvfLsGwjX72HM%8hxH#|ck{d<7D1
zG3tLk33AN)6>S{kM1RBch=nI6!<z1LqT@`Cyvx?<chj5~TCE%0zM8c!_^A_p$b*HP
zl{?t`n49VmEl*IK*c+e)pC@w-^*d>5puE)z(q4_e@cFAdsEP{Bz1+<GgYp%74#?83
zKxrO8O%q5cG5ugRrc2A9Y7O60?MzkAcB22~BKKU=ft<HFk&n~S{zL3+2=r`x|54c4
zcxblr{zr^YZHs<3>c*?0E5Ob_+qbsAjd1?8bJ6HTwR~`_4yM~QbFO*HdlM)P*rgB+
z?97W!1AlqKNCQDU)v+}naH7MEAH3TTy=^;dTkxC{H8EPB$<_ijvDf0%c+QWVs5}a-
zYu}wecA`aW-!*+QNsA@a@rtHh^xWOA$5A1}kwkH{GaN^Svz5CTj@s5n$I+2QRlJ_z
zC{A~V+ft&R;Q|N4(F;yAnw^P(29O17jP~1E`(`KlDcirZ4NO<bruq4`K7_~ZVEgvJ
zPBg?Z9-!g>nR&_$4F9&ZA^a!A!2hBrLhlJdyfFCHzjvai@%*iV@&`5_yKX*Y?vFFv
zf9ymJtSzP!awmO7sI~xs%i4Awr#h$pTRZ#a{Ie5n;K5>Rpz{jy^<8YuXPl^pADRDF
z&!u#r@q0f+(w4@Xt1F$TO-~OGFnVdD^fGuXj9wm?t$cKh(u;pth+cxU5*QYbo~N|3
zp&>*oHgz~E?yK3loZmZ9ohb~Lu6fF_%h<kGhj6)XLUdey6YG33dTjSPQ5#3;3pIf3
zo)DcLtDS64Lr#<uPG9@yDKD`(wf#Iar-x(A>HUW2?^W%L=G)(PqMxuiUERRqD)Wpq
zAEY1Md*3wH$Hw}&C&uWbdxyJ{qwm9*M#r;$QbMR-P^K|jZ2yGP(IWOvN@V+|^f#@|
z%|K~>xSqaQV_LAAjWDY<cz>jQE3h8Rel!2ciK;Z-7L7M(ymg-wDQwNB>zST-^QC!f
z^)*h^&Bf-eP1n#l>GfH{+koa*!+aLoo(iAiO(gH@^#52+S2l!fW-V{zplb5;Vt&Ub
zdHeVz?|U<%+b%O2Xs*}`IiL($fz;UjK+m`HHN7*J>i@^o1J~=%Vb2_;lGTvU19P|i
z4iGi{KI!%H86L2e=ymz3+d=HK3d(=#nQn1AeH*}Z-Nkb*E+1U#nmEs?#IoQ1E{Ew*
zw@06Qas&0L#dP0%S#-MR8e;2K&fD2r?H-DQ9bxPKZ9C;J(!5CilK;i9_`3nhU#jXu
z{KfxObpFzn%ibpI=~&CTNFLLi%k2L7q4T^k#=1VPkIrMvjAwM6r}TvJc^jkG(t40>
zW25t$uE}hE4HEK0B(K@c=4P84n%kW*=Jry3bY9aH&)!0J(>eZ}*<0fnE%;NT^Nz0R
zp?6&?JLhp4{iMa{b7Sb;H5tJ2@b2hyGS8;%oa}v;oPkt9;W)7L=1@Jyz>}CvHn-9J
z{Vf+=epa4zB2N??m$H3y-w@hIF2+8h7&xxHg3)b*glePUY62TWm>C+QD>wQWGh*PX
zavB@s3EjT%Io@}{XoCdLlBR3@%1QF~sSBdC(e$epjW%<=uK-vy9$w9OdbGQl)cQ#M
z=)|yU)!%Pc|B3e3c>3>$Rcll^tjYRbC)$bUdS{fma!g*a^MudQW-#K~ypzd<FP-Se
zT=aeEvN1Yrplw&i7_aNctlbmZcsX7>faNc{!}KpUX4jWaG>!wy@0>I?p@4&P=BqK?
z3d(00Als%u(F;zHvHl#5cfPwD^DNGVd0Ghv=RSXs_-8dn-1)_a-TB2s%RxS)yMW~Y
z*pXH_Nd8|%|6d0n;_v;|gW2&cE_=#u=9`mfyzkTI@{8Tn*WnxM!R$_6@K7IzZ0}ER
zBJo8<mav@2)3rFtG(oZ2RbTuC%12ZuyVJNp<*{b-lG-!d*ty;0BzdCn_vKD1`?NM)
ztW7~3r6U`b17kB>Jd363<b~E#qlDH?|3~uW5udif@5?>fT;94@^_?12tr)f@kF{|t
zH#yNGgEUVb{=I<RD_2+3vBnRFzIADL)sH&SQU)*D9k5xuJHFD1{;X1aI(U8=owWbM
zNn&4P!Kl`3?i-!xs2Y2$CaqnW6Sc+|%lVZPtr}r0vt}ReaH6J>#?sn7=_EOL47Lj!
ztNN4^-2svJA>=GEU9IV$6YWurJV0wxz<5CWcTV(pj5gZcOVb@rv^f@>Y^Dn{xxOaG
zd<#xHiBFOqhTgt6A8?{~S#9$i-TjRDZYMgZME+iRw-Y_1M4yv$9+Q_$rrpNolpbbR
zb{(a(7t;N5y%jOm>AZ!)>|!uygtgP#H<ex|at?>a41Q<)zw&J-x^`H#Vm+{L7nA+J
zG3q6HJ*{cMZuImJ<@Mn<rlz}fEuiz8HxxN9O(&{8??mqoMb4`_emDASlz#1(??zWf
zTgP>~(G1;r4dUcyPV^YYNrmb7#nrrLa9NxuusGf`uqeUPw;<6ow8`ul;!UnTR<{ZQ
zf}-vMSr`*2?IL_jP>8>eiTdW5U!Lo^c?^A{P8tI(oxFv-PZQZb#(3ZEP6Sco!`n>e
zZhs<(m`}P)V429lxpF&=Px~t#FC|b)c>NV~NbDB5hfkqzqL|MQVx2dI=;h7k-4)6j
z4jT1&1glbj+~ub~S)uf&7;C+2?-;@u5Et|5-O?D^*6cFoA}q5q82c-flh)`kY?%~>
zJ(Kz*SQ!5Cy69bQnm5S_vVPrF0aY|#C~Gyx!#MK=t`)Wj`-*mv-1042zEC(hN9p9V
zyr1r(euVg2G@auI-0uS2w^MwEw_z8^ZAF37c9WpsIcPDM+&mDAP4vyss>`jE_Dc!9
zJ-HsO$9mu`^zFIe7K+EX9FX_0ys7#=(|#$Tz?6Ell8c0Q_?HsOoK}y1&e3;}ie0RJ
z$`3TJlh*FUFC{d+s2<%z_0L9FPHed5e1Y0<uY4GM!y(_+e@N>ny5}0-qPQPujAQdI
zkTD*P^pH24M()~qLAo(d3DFJN%PF+3&@>LtttrR2P9t@owAv0@{FuULc*A4cpWX#>
z@zpe6eL<?FA-xJ*SXPtTM@d@kBU+EkHxXQN0=NWH3(x8;d{OYs;?lY~6Nm>*=I+TR
z5DQWTB`L+yP|6u=GDt(JA?BVNQpLx1f&5QZwVvVAy}19%VO2aI!#{r2E~+<J7%l#i
zqyDn#j6SD5C!zJT>d{GUkFQ|+FVX#<r{Di8W-FO&|Ap&~`=8%M_y2ab|DFGe-2dt;
zL;H{E+kPdqU|wF3C@7^IoI77mV_mDRr1^d@O=)$w2KX#*_}YqfYbyW=b)|uFI1YTr
zUcmcn?e2`jXVTp5oeX087(p?oWH)4S#@b%@B!UZ%U&z5Z?M>kb4`Km}udW&mV!={y
z6>bOD4V<8a`}yee73ufCEgnQm0x&;}46ofp*X+Ki`U*L);CY?B0?#X(_;CDHRjqjK
zHZxtDv=d~1Dk$#B(a-z9PLMCA3M5BTRt=`NT(6C%eoO8`>dS=xwinX3M}MlI;J<IW
zisqa@lPV|$oS-Ot65Ur0l)6FcYxwm}kXypuq-`9CwPA6^TCMmKJ3-d`R6BNp+&`@P
zjOT#nH?s3kWc)ps)dtJ;VjIHtgIbJjW^M1WeooFsKDZ9y{YinIL93ul;hFrnk=3KZ
zxaUF1$8_6lbxmOT7_t1@_nd^jK=mkI_uJv;Bow%_9^o<Z*jk=J4Es$Ud=mjI?Ofn3
zLK8O%ij5=m(OBr2>PqI|-25JJ<;6qK&D`#1yRHHc8CT47ZG0SLJjR;mB=pmt)T3y4
zbMB<RXxf;ua%XJa8T&2%v7NEs_aE6A+h<_;PLPS6@FT0vPRJxVp=y3l?Sy?0$;;PZ
z+3@3f)DuMp;BSE+*P{=aKhv?tnZNr<BcD&hds14D{HkirVe8M*)fCcd$^7)1dW2!V
ztEyK0nY5pvankQRPVY?pR%pTJHoZnr_Gi*Pw1Bi%+sFJ9s`&J<YVGB-z1b{xzLEB5
z4lREI6rJa@y?B4zrdgl6<7my5w}w?iZh`z^T6Z9GC&>R{Yu%&G<xAsQG5+74T~F!|
z6>`uKT*H_2eC=j?WKW~=C#^<MdebP*ve_Ci-txax#Xk(I)^j^(?u7ylIyAdEE)8T`
z8WjC`2bQa82Hs!Sp^A0Gp}Iww&to2s*NNL=o_{yX?}+CbSWu5J?JKE*@@BW{TcWDg
z6H&(e*LaZaW1;A+9nouf9cT29<qU>5Fhc(LKRg~gkLCN1$M%VN`|;TMX5M(5){Pw6
zRO#tkFwZlvXs#!)c#daq*=*0n)fFDKg61m-uKPB+?hIygXgpElhXih_p#1W2kSAS9
za#0kM{a}2@jQ`(5@`s(nykQ#;J(D@-vt4O|(lv$fg+|O5*6yJDqMds(_U-lP8*Eqb
z7OyD_<Pug-3FE96pSR+Al&*$;yYo2-WmeRqvAXl4KReT>*CTw!{yiM(ga2MXy&ip~
z`%R<IU(BIv|4Wo_U$Ac-;WTt(J;L;Z;T~iC^t_DponKGlGSs7S$1ko<@eD2-;|VNI
z^$aW;>*-rC&NH-Wyk}^8oNIvRz2|w8SK&D?)+Y+WV%4#|q1hElxzw&WmV@=ttf1d3
z<U&gk2OaVfLCNDSG){=hazmWZMLv_n3FVOZR*QEW^YJ{hgWb!%9zEC4Wsg(eoI+jP
zT7C|QzuXQk_kck3@^^NCY|EmxXFE+G`j^sL1^$^J+b)A5_Y!b*F6CU7RrH>7XgkR6
zJn&7MNbia?Jx9xjOlnI{0)^CP014et4ZgWNSSnfUzLvwjJtvgIp6Jy%(1PbQk%Nx%
zpVPV3W8N?c6zQ@+>BT&n3zM5Ohvcv$KHWA9BR%BbZlk^vg}VG0W%(ffB2`enm<TQV
zMj30S8*++8kwu^G(DI0-dCx56NN$b5*YTc#Qhi<2T<_|1$`51Ze0p~W$m=dM$~#*!
zh!?EJI%W1`Vy88lpQ%vp<>1_MeSM(I=(mjLE0m`%GuGGD=g42oXLQ>pFgR~iD0&!m
zs~8Mlg_7}5bQt!BC=B;Q48{>7jIv)c7#~(BpZ_vC4BK-QhW$AZW6=n~W&i9DE^h-L
z$?>wCy=~qGzVm66jskgta*@ySp67GCzFQj5m#<04Zl?F0Ki>gz_&#>_Q(1fe4v=3{
zRcrN3j@pAWIdc9aE66sL)kB{|-w3Tbzg?{^OY8qgsCG#`nq#K1<+!amR@;LTs(qv$
z-LKgit!0#6UGtRm3>LF6hYP+De4P>fjbQ2ykS{gXhJzC7Us;dJ0W4|TFWp|j?H{d2
zB`hw!aXYnTrEh3%_3*x0zh~SMI=QJH6~Lv}pXHWNacw=iER+{H`aZcOv~Wv3N&~Po
z1@mjA2W?vaO?Z!J&CRDXKptt#yYZOo>q%V+jKjYr(!6><)oAGJQ0<xUzF)c}RJ*kv
zVcPmMk=EYK1nIK`mDbeP^0w>gH;3Iz^-J{#_jj{?$}r6z1$PtMvoXJo+MZ2EsO_nJ
z+i--|J%l38DF07UdVOO%wmmbt^G~T_C5tT$^2^o`zr?n3TPw8O$-%j*J#&L+sQMiv
zKeWF??v)zNhm2?Vd=4m`@6dCc`ErF4c+Xg$qLSqk(8i{4Lt|sO;e594JrJKw6_kzd
z(cHta>c&Omvun2Nat|{;J9s+YL-O@LKTkRTYJwpLahiql+gQ5U;_b$oTy5FLI&#xF
z=*V0qD3Al<T{$u8|7@qVU(e?Vq{eMINa(K)=0D+!uD_LS2l*hM+3g=k?7Lw6w0#_i
z2YE}kZ5)ODfrHN9f7bX$;~xv+*Cwb5Bp%Gx<F#O12(P5R@HmE7j}fn(Z%~|CU$0Qk
zA2!y~jlk&}M)_-hgX;1IoE`@8Z({^y(_v^ik!-v-(96zfdok?LYHfyO=Y_8sP7lpf
z1`RmP@cvI4-P>3;<5`C>k6GIo5cRl+R1h()?n^b|W*P?_YaSGW^ZLR;<Lfk>KHvb^
z{Ti*C9E}b>ae(}_DUIYz(Qx{;$=od@U|d<cA%W$JbTFT#f6zNiZTz-)>Sy1ZcraUK
z?Yk1fbi8B``*^GOXC#g~Gcu0)d+JN>anLyG2>SS5C9*S{(Ut9c)pwD%dZY5+LlWBm
z6y<wQC4dF5t=D=mTR&%dkCNei(m`WGwYirKs$vGyL1!`@bVnFow6j(AEwwi{J3!9(
zR`rd<Q;Qqw(S}13`bh$YY4xslfUL)DS&vH2^>PQu7{|Fiv_6)$rc8~;r-FjlcXDq%
zn#y3=9Lz8GTy$Gabb#zk2-A_@q(1OZJHQowZk*2<d7<<iw1nf6=2fvWA9|}-tpnNi
zEv*j|Z4T2MG*+#UgXUmvmuEqIEKO*wByr^-IZ*I?XnfoABqpST<nKrW#Xc5f>3N#J
zgZ%y>{#{V+84I#-Do|?I=kLIJzEx08@fqH4c&qnYKGXY8KFymj9c1CTklvrMoYJ)_
zfh;`-zB`{c>ir6z>ph=FYN~e_^tm@wqi+6&s>zICJ@2Y?ny<b#<NrNh{XgqyEqp99
zx+Za?7Jk1P$7<o{dh5rJob&GUI*>mfXXO0?i31Ov1BnAsvtusi3CiC&@TIYL_CM4a
z?+}i#+>mW`R3Fp&#JcBtvo7{Mz;Eh6_D_nQuePZ!_WjtQy4ZJa&(_7huh>^NLjCW$
z*l{|K*Tuf)*jh(pY6`<^`hP|De`pi(^ewo<GqC7(Phjx^&)~A#JQr8r>QRrzkvk4T
zPsb?zdQ(9bzR=P2r}X!iQbBI}GEiy<n#*H8%RNW(Fr*2}bEzP^ztr_RNq>JD!}}}k
zw+q{-TE8#p_dTf~!#@M1evZcH6tQ~QCXhaR0PBZehj>}>Z4F4t0R`J6x$(3X`h6O_
ze^7WE@jT8N{qplz8(2PDDI;-Yml2&Y=l!70NWOjdJE}AKzcJEE=Uz&0m)B99@z7qP
zGj<qs#<~!%Aik@0j9)yd(-|FMI-`TMIcIJ)>K46NXLOL5>~op_TcHGY7<I;bIq0aG
zrqeGRVLGD&BF=x^4yH5iptiYQXS|ec{!b~=Hpe>S`BG3ObI?5h0YN!?J+sr9-uU>q
zk@d#ol2LC2TZG=&jAff(1Mz8_@m%-jgz|~JFHzmGlTRZ$#!n=6PqQWZc|R;sy-~0d
z9iuszcPE4DjZy}MTO`r>x3w7cMj?ahjRT1Xv$vUO`|1R?*GwkWarDgIC(&FZ(tFX*
zbfbj%z117+ugSziAYvMLjLJlk!$re&S6T?y<gF$RT8JKOF|NmMVS2EIt_LKhGyNt^
z4^E>x6UJ{`yfZr_tE?m+%iAR&+txzSVJ4&SyjLxwa(>}9klky+_vczD($k}PlW~r)
z30iusv_?k}2hB2hyR&rHZK7{?_-s3aZ+E%gaQd4of&A0W-~*68Yaf%=kW&S&^L&~&
z9>B6`61XxG!F4_XNFBXuQ)a_QzY;u)IZJn09Ef;7SH#gbz2p>Y!#$jl_M`Fr$r8x0
zP1tweHs&wB1zL#xoI>qqTEj2Pdz!sT*|tED;oMxHI%K8<@)xRVJ<I2K@jRwnR7oBp
zJze%%L;CV)Ov_6-ms|p}w%6m9QM?Uq1zD;CpOPaeYaAiHK)dG&*9n~OtG-<qRBJRH
zmpe=6cWzrKR}iM<BWG0NkI<I`N;utBe~0znEU&gF_U~fb`**)0q5dwa_jd49&km2-
zton}5;ZNH@wlja(Pqszqw}c09eyZR8ejCW2e?78(+y8kz%KDXrWIl9{5^at%4oYbM
zvU=p<8UMe6$p)A}WP|*_I@xf=Y~_LfrLsYK)5urye@<n?^V_Iw=v*2p8>%-LWrKY~
zq--#6G|C3p2ra!itR~U1u)D>LR5n;YtxyhZHrk%yvVp?Y)i2!`DI4-PQ`wNc`Tt!u
zEZ!DHHhdlL35*~chEqqD4fDh3z<#;0R{cy4n(tXADDKOt9XfD%biHr-Hcd8A`}4!C
z%#X4*x@`E-Hjt-r(7fhnn1^O}+u|_~P3!i@QC{kfqi|o}O6M;%7<s8ZE+iYU4Tsxz
zMU@R!@5!wo`=6wBEu-m)N!zgO$n<uF$%Z-yUNb1?9pFkOHf(mp`R-)=C$KeizVUnx
zU5I_Y%{5^>y9UdZ>~6c2?t#rp_rTBO<EpLfo^^+D58N3e%aezTLAI}kqL!dMv3S3D
zfWkVm1!Vtf@TJul<w^Ua#<{gU3N3w1o)qeGyp*j0QHyyVNuK<6D~-QT)A@o7GGCC%
zy4)?DaUgEv&E1oCYCa)34Y{0P@Z;E&2(I8fbUq<Y=9f@54n*ftaP8g>u1ro)N;%`Z
zi2m#v-YgP8T$2F466O;k@XWTmsQTjLz=G$sq7Kh1C+HKR-wVH)u2tDWbr9Rm=x1d0
zR**4`<<`(zLK08;g#B^6=k)I`Y}-FhbL)4dg5u}R<o7oxfZX<I$Uo$w&Oao7kka6y
zt&#a;Y#fMdIioGp$!wWhwrc(%Y2M1MAomTcKBMf-B(irB2hB_EH2;o05sHj$tV}*@
z@%L75FQ4i4pHqvc16VZNRK?MpJW2WBdPc>vGCM*}9XdnTam7}U=My<)^-kPs)LmzC
z(1`ibp}(o*4Jvypy*pX=w~=Ml$?*-S)gz%Z99Z&Fpl2oZRcQ?ORpB`3$Zxi~Y|P&x
zm)*bMHQ}}G7aCC3YZ5ZY`0gufKr>#WckXyDzvqHJD~+1ZN)o0W>a)@q?z2M17c*U-
zZl>{A`a7WXnGHyJRYJev=zE9A=uMhS^@H4K`oSRy)$XMF!7)~IYVH>1FFS|!i*={A
z;gE#-chSD@a6~?ndhTT;mW$eTFTblE7|Y&Yrn329xEL4VIH+~f`!J^t){1voZTN~1
z{vz(tSig<TpV15w`VsSkk9Jpv+xi;n(F5Ug7U-PU>*maFp>Ib1+f<(hE0@93?%mQG
z>k-nyy768006FJBG2YjO_dEGiJ(|tY_ia4qwSyzS!7SWYk8nSM;rH*G>3+5?W$#(x
zZ#^$a$oC?}51U^Hd!Hk*!&j#=JLKU|4A1%0=<jotTiAPBIQ_gRp_ATv^e|87^wwsO
zZ87H4`l5su{-z!+W%{7ut?oq$^}kV%?&HCdyP1w<&=Fsjkna!mNQ~0=?w2Lh-(HVy
z<)go?2_&ADzOB8VO3zL3tq=G8xE|fa=D%w*lcifjXT}<q+emp?LdBoaeZ9zPT5Z_O
z&de6=%%nv<Ggu$?ouGaH4UA@%Gx}?z^!LR(A^Ka&aE#$bJ2S<9raJb!I#|!Y!_Lg6
z*k`8y1nu`agwD)&7h<0o+_v^F_2?G>mX=KvKT+QoUy)Gy_jG+N>`gT4+w3b6TG&I|
zd1JhZO818Fc1J4p#fh*Tnk2NakHW!oQ+SKlK<E4CDQm{CxWaovbbezDI^VN7_S%XM
zGMw{S-e+Er&=!WH!A%tR!sD^+unkQT@|~ys9|o`#>T+QSJE&ai*#t74BVM~XPEayy
z1SN0})fLj1e;KhEcc|iJ7irB!;Aed<h|rP-SmsEdB>-5~B+$1dAo@Z!slSSOSQkJG
ztDV@Br1?qlX73%FLAGxd_HAeD0Mp1eHkgbycHKof|5=+s?o??UNjUvH(<GsjYCVyQ
zvA(B61Bzw~6mF*RX*na*Y_@HVU3)AGf6Eh;Sogr=HiPU>jehT(%;@1fpX0rlgLMJu
zfODBHK3G#ao$O8OJL-XSkkAF*>Q(q$??pb7yblECslM5R)aN4H&p^R@64yXz;*6?V
zqn!cw+|U_l91}VNLHhSd=wu>=@r63F%<FHcN52khlN;q7Y5%@@5)*}KyJ8bPJN})q
z`QbAj38jyrb9kHdOZOIQXJY5b{1EG0`%`IO54{_1X7+zazQFAN)(}6;+r;Wu?~Kk5
z)5lUh?lB##yIZL|mbTMAQT4x6+HX1AAIuN0xfpvtaodGy4M<c~tAgcY7|*#Yg~i~`
z2=N@-nCLvGW(0n^@N|ghD8G`Bo#Evl8`=Io6`SWMUJ0GNobK%%s%o9PG4?ncUX@V)
zWZHJFYNS_#ynIzc#aGjIH^iV>|8*gnJ)IJrZ-0s5Or>xpvo$rbHAzp7u%=ffRC^um
zmrL!eARm>UpnT}yMv(o}LVPs4Mo``<qI@Gq$4ASaP{qX;nLkvxoPJS4wZEc!&$Imq
z*H?VMtw&Rt&KXN)`u<Xnjt|GCqq|>`Q1O|1)IN;q$QnUMzaP!?kspQVXirLXI{JD9
z{1)dmgk+ajLVp~lYl^1Z-~EDwPCiT5{(CleeC~ZWQv2e-@W|(4e_8{QM`(lTGX07M
z)DWCQnm2+k{7ORoU(q?dI2^hEGhUL={x|DU2Wa(AqT48U<1>&=*Y1h|XW?7*=ywpQ
zS8jMoLdEaaqqhJooqU!zVGPK(_p8>1jgk5(ZrlHEJ$enm^5}-34|b#GgS|5mWcNfU
zx@$vpAM8gq();G}YuSCXRZwcH=-t-OHh?T~;9F;cBE3JMk|R($(cLu{j8=W$^+%rH
zi%Tm!#d8|ahSwytU^x1@l`=!;wtuwo+>-v44XE`s3C&`-)odBx4U{g%u{cH(faN@I
zj(V3?vJvFpWmBJQvo02-3*a2{$tLj{d0{@;9E;UR-9YvCTpd06ZldG&3`OF%^(6_N
ze7_#eW%Y)m@)Wm(_B$x8nTJFEk>)6}Zo@$d)vl~Z`2(sorvK#25~}?Zh1WNvT1WEb
zn}Nq(SC3LgfOj{RHKQmE`(vzee_K6D(fk#4^TqbrLT^1v03)B;@Uny!enjVpb(@cv
zAA1BJ#Cq!wv|Za!BwgV)zW=F5GlwWm99|Eyy;yBA>v9GBUjoSPBq%zt9^{vl&^W;{
zJQ6BSpzC`j#uz70)uWq+qtCJRRSE6?G3|d~Xk;6Df1n;=U3~SBkv|3XB&?GK>e0`_
z_5;)Z{<#h4nb#z=E!I9vXh5$FU&4l;Mrn1yP;@;Rf7?H;0o|ng9<HO2IS$pM;-L_4
z)_>nWosMz!kg>LEFO!Gn4+W(w4t!W<v}1fF3kv2}+mbPz8uj1#8$h;av+voF-^=m$
z2~>C9Ho^Fv<f={(6z&kMC9Bn0wL#wJMH>LgKsLWXj`a=y{oHzx;euL>+nBQiB?+Lh
z@JNb_+$|5%yq~+)gX~w-B7ObVfkpr8>07{ghBlczL)&RRS@T#yfp~D;wjN}6JgqD5
z%%H#Byq?*H@z7!i2_41b#xuXTWWi8t-u!3IlV&0J^^MRuN9p7<yeHQO`T23;JCnfj
zRkM21l^m7ZLz~JyeGAGw1B;HbnzR|--t|n5t17|8_v>k{q42gXf&+~Mu=EKIgn4UG
znFB@h?fH6rY@d}c){`6_jnMaF*J;pV$SmF^$rAFvsUE<z7Hw>~+<|)e3~#}(>idtX
zS|j(@MCw@MJq0tdk4WsX-8AcSH$YK1Ja@LBNDyiRs#@%xVEoNKtQOPyrN+MDw2a5I
zaBxmuA}DK<jrGypVYZx`0}<2l+H7OHHZIKO<3N0JJ;>NjZCFofKfI4Ltoks`ubps-
zF@faFH`F~|w?48KvU-$1KDaE|6IeXTGq7m1r*A=uXK2$H&(L<>#c1hVFvezkP5{1v
z)&A}L>;4?+#v-#ob7OU0<w`nYb|qIOy3V|6@+5I)SMm|gb>>yxlT?-L>Ut&4qh15b
z!EEUHzyvK_c_0q(CNGh@H-c+7z}V#FYo`|`B{$f(JVKuZkI}m)44+G%t4th?&uWHu
z>UyGIE5c>;ECmwaxCOvcb{UApe=qYCSOlf(dQfbm+ivu4-*rQQO;Eb#0eRDS#Z3Jb
z^5Wo)&Lj|j0$?c~EhzodfWRL07`5-nm}lk$$4tXxmVyFS`u35T2*<HZ!{hZYPVnG1
z7uV_f4u$&0;l9^{B3PgW_rtg?wUv9$znI|BkNus#e{raP-(w*AXMy4#7wTW=F87?7
zl<3iq|98XqvxEJ=!Tl>pz5>#pe7`xgpMS^S=YirLO~2<QLeKnUsxRHE+b?{U|F#Zf
z_h|6>uNM^2O!Y(U+n?8g4EWnDLAljTai@LzbREd{QQ%XSR(kaQhM4z<^Yl+21GyG)
zo^?MndGs;Y_$-9C{opZ>H(<G-dq=}(BfQ<)k5Rf`KLM1c?e_+f!s@`6rGhxL={8T_
zf?GWUi+<t>EWX7vxNN>hJxc4pYcy1lD=1wRpxC4jZt&+xH|qC)Gu!`z8PMbJQ^jAa
zsx_X2#+OIm=sNWxxK3~9T$+CS4R7%##)B-x1xouD&-LKF2HjqB{i^t~s#>?L16fK2
z-!z*8HGzb30W2HWfow|#U+)A5astg4wq~LOT@PT{H_?G+09X!Bbf8iI%W901B=8-+
z%z>&wLZbmJD=-et;9HaHK$Re&L;%YPn*&V&uq?&x&ET7s<3I%<A+k@!^j)Yc4HPr+
zf1m0)M(Q4O9`g4y*HFDV<wn<;Nkms}%zyhD*X(uJP65kp>u8<Y-Yf?i4`3nuq&OH0
zN#K1166!h;39su_@SLIVUIgYf>p)&J$$^M0nR=s6mZW)KFiYrGpLzg58XpbE(4&es
zJO*-ao&%jzRqNpi4pK*V&1DYsovK==<vP$=RkikJJ5ZOZT8B2h?-}C3Wo{~;(azaQ
z&A$*7j5~4%iTO6m$ze7Fk<(@y?<q{7vU+IK5yD$Z8~p8gnyWki)(XX>!5CJ31FC9O
zdG7eoCf+l26kLnrpl3b@;&vW<z`;4N2Wi=bX?bW<g-7LSo#$x#*wql)!!rQq3hS<Q
zb*aWZ{Hm6mh0pY`s?CDpyr{Nx0-Vd2u66l&-dkt_*?)n^LPJ}XHyw{vpB~TuY%++L
zFCQHZK6i$ojKwsZLiG~&7(p4$&Iycx7Wa5TF|T893@Omk1`=|t1Gz1Q)=Oy04%2}?
z;XIjtH+h=Eb)#HRnkIz(W}~_ick>*j0PCHvm(OTQv6X1HDxr^CsSQfr>Qg|(xS0eJ
zdVU?tJDL*0^EQ*2)cv-BgzjDkvOk~dX?nkyw9%kwH5$+1eV$1DIt;N10HXfAn@a&P
zk-hEjSqHNITmESJ7VcaJ^3P(Nod}%25sCAvTAK4>2Y?0Ry0Vwyx|!no*Br?1A7~wq
zO#l{hzP`Jbp0E2jS5=Jzy#NxbZ6Wu}pFPU*BKT??C=S5VUqf}n;zu1QYX0waAZz(^
ziOmEOigjOpE1?gI_b+MSdy&0w9jRsanZ2s7gJZe>dR5;k0E;sRS~Pzu_YbP?Y7@xU
z)`BeLfKS7no-Qy=rE$=)W(m#R(g`49dcyy&!~dT^|8Fyc7@+Stjpk!zG}ni&UOdJP
z{$~BOOtGdIeXp=C-%-o_Mn^#lraAo_+Q)!GbNb8+{+`T1$9ytZP;O?w-Hh8#HhD0-
z_i91*CsUor`UU6F%e+iWPzD<Ia<DeGPTq^*5ufnLI{jLWezNxCvDcn?vP{WLG5RFq
zxw`%z*N%VR&1&Q9Hi6QPOdbIwv<>5N6kT)X7n}#<L&M$gRn>~&zyou!-rSfkjG^&=
zht&i4JhgHXDt0)C%+uPfJ52B5p;z^F);Z7%oP_#V%^%!;|8_^zdK*o(ST<*RW5o`*
zYssD4Id*0`@R`xxX7GH{Np4$<x9<nl_nfL)53P3~6G!rp8u~o1Yx{(%S{H6`pe#-@
zyh|OqsEVh<*DleuFK27VXS08ogWSnz?Me^RcUiplL%SU46el5VFTY|r0~YRfAVv4P
zfu>HYVy3EEzgo-A-(OVU73{sOv(|w=01179<=Iiw@r$eDJ%h^<Jb}fDo`FSXPv3$h
z&(Nl1&(L-gv)PDU5scmMx{A?6=XI{GZM>&~!#L-?C8I43G6yXO6R3|)J_t(ZBv9T?
z7L*$REco|BeCT(q`@EAZC_hbvo|PsLN&Y$x&ROrDtGv4eT-BR41oAj*w-68Fj6`rP
z=Ciu1RF$-=+O#2nalMKM*%k-I+V?V56)#)MYVGe2>M$J|AMOI0&tWptVTesbd2vUf
za&1tDA^i63Yh1%?K+ZqlptxUqT@d#slY}litRA4bAi-k4sFohtxFLYo#a&ceuwMRA
z0*F|aCF$~mSXeHD%g2g?crWnTKEZ<weB^uLz}ldEAvR;zRScG17mlYgXK2%WPv3%@
zJp+p>J%PpZJcG;TdM>V><57=N-ca=%JzM4!27~E|L<Sw7Msz{4=B{b3BWpk|doFU#
z6HOAy$@ncm$IF3hU8jzM>okw`<a8oKv7UUR3GaQNv~!Z698p#4k^K(zhN@bRtpyqD
zPJIhZ9!-Dh<vB0b8`N!_$IN8D(=@iknJg%kJhV8+(E1Mg`Sxn_oPMqAz#7dyuJH6N
zC=cmc@f21&XDjKf0N1Idv=%cD(r2}6K<-Kv6#uYVTsfrrY|;Ab=%rVqh32WQO)<s`
z>Yi~yU8Mu-Dx^+7g!B}wXFj?XEKNXVpc|k?(>?pvfb3RP-*V9Oy(3ZYsH)j{CUZ=o
zccvs)+L*b4Jm9(^9z+`tEkuV}C@4<8qckZ_Pzql!pK-=Cy(H<i@);h})DovDP*U((
z`HV`_)RLsv1ZB4gS_+a#zQ3N8W)KUjz%`i@l*JrJYRneqgA3CpK7Vw6#`~7iH6Z^O
zz;X;g{t<ws3+qvF&|<E``@nS{QdO~&2k+WH&h@;%6+G`JlYMO|U^HI<8h_@z)7Qq1
znYwmuY#BLuExEVqh}6T4b0vF+&kvZp{nmroet@DwCPC59t?Yv8`&w14(bgJ{6aEr7
zX^R8VpAf=Hr4A>{8BPjKQ%lSYC+!@?$;~>PbjKNS0%17G1F(GlD9CP}t|bY;@*seG
zQB|!N7v}hpad9XN7k&=J@cdwH9H}{I%=5@$TRi-}lJoxG8jy>IRbL;=qjYo)$afB_
zzJBtz@$T@wHH=5=aPmi0wUWK#Ky2eed)LH;_O6hldv^w=mb3%iJ16-+Sn#>Vb8$Ti
zmdgPw`ujkV+j6R)SU#QW;gS+O{EW!^I2#9|80PDGgwbH*8jyJa%bqnLTU6B-z9$mk
zJqg{}>F=!T)__Gl3dc3tDKrbpta#{Y7z?5qq|YYX!F9`q>cBP*x`k8_F%6TLKvgAt
zgy*1RDF{m0h9!Yn0K~@8cxO}M^b+%H<uj@ir<MfwD=ttn<+bt|E90h?jDAf}x_R(^
zXMz?dqpMLIhz(WXTEz*<L5}Noj{<R}j;_ogq4GFzErz7-s*9?4FMwrbouCw8eUIb1
z{Z|Q|v!ev%h3$(2QZk7CtH5)16eurj&kKA!tornL?Xn)s&cZg0siS0ySx~m&@rP9L
zJD&HR<4xZG@X6lq`6TbZF};HH*|m0X6>h8!%;HkI{Rwn0wz0k7NX{a#;Bn5p3LZZX
zO2(rgW8CWJr0rL`q842VV9AdI*DM&-?dMaxXZTd_S$>T76hGE`njh_T2UM|eV^yGl
z$&aStStSLpm(QpkE-k@xXfuI$mQV4zUl$ZGL5tbU_~no)CfmU!aDtKtNu)0LeBB;m
z{ck?ov&CFex4?l|ud2RT-01GQ3#y2J_w#0QCe))qWl)sg@Oi+zPNQuN@6{Z|djS{1
zyAuK>g|C&*xEZFFka!sAD6s)pKCJ-@krO5m@m^s*bA}7?8B7m)K7;MwFy2qbw(0)G
z@=VWL;vw=p<F*>Dk4lK7bz8iV)<=Q#*=P<rp5O$9zyk@bB=}G27UDp>b;HU)6T?%1
zI;*7V_3{~A!=)wfb3pKv`kJ8phX-$}30k@|9y+9o|EU7kpEyBLxfFt@KkC-@FIBbv
zk>TlUE`{Wp+M}wz_qoyC+(k9G@7f+<{E$1AOXSz><>S5me4KZH=e<~;KF{*)s@qH+
z;@2@cu7UWTEEE*KRfyn4m|j#XkT_X;*c$}4hgUrcGTx&VkAkeV^AFQH1RJ@I($1y8
z?liF;l<6(10ogqkiVAo^Ib#(Rvk83Irb-$`>*Qj+#hVIZQqPtX$$V17{1ibsvtoJR
z%oLM{*vzRk4<_r|(#@N_XZbAeN={HPelY*L<w+sXpsJ)kEta8OX@YVyXZg5&MPUH1
z8x+;|v8q}zoz0KO^aje=G(owA6BLZ+TR2b(<0+rtonk9#GC|7)K8wT-UQq+GKLLEz
zPYHo84(n2ag3n^7RZuXE5t~<4#ed^<4y&bY!)h@ee>qRbujU1%y-)Sc;w{~79z@>{
zTTUbZSW;_<E#Z?Vg3C7%dN3Vf{*U2f*!bLFxq!#g#yK>siYIWtVYO5kR*NzI%p5dh
z{n1SIN35@Q<i|~OVR|vsv(X&1N321ewgc<5ryc=08Vz7t#dvjd(2@ki$8)?Hr18W*
z6Ug0>c(w-fKN?^8FT6*%J?6n6ji<b1<eYhU+-QD{e`c_N3;K>CJO^#;{2^8BR8=ef
z{h#<>-TIjR+=2DyV^Q7&$)1h@QL_cGY$yE}3d-a-YU2o8<)A-~<m^Qm95jEvL{PSw
zGP-SC<=`3X!R*DHxmz;bHE82OOyZ$btGQba5-PzoFedoUN@|1Vfw^0X2Qi7&2Hj>#
zB6>51Npv+n%{#G%)(9}@I&oTDzER(CI)oWb$<s@!9m0&R<mtqIS)R;tl9@qVK8EnU
zH!v@)A0sG><KYcEfQV%Qmk46RM4@&0xbhP#CJL=T8E3k47B_ljSptZoOa-OVm4bq8
z*li{=sbOHK^?rfAZLg})?uLx>dg23cJvotcZR4^Zb#qTVy8;SItFEN{bma%&S~Zb#
zE#|Txt>YS=os|SNcz(0up$7AmWDsUd0bvF{7s()Om;%BEp8mge3J9%>xlt?gIS?^l
zJ;Z@nOypJM9MWU_ZrYOc%e!kp&I73FC-qg+qr7`tyw}x$EcB}-T5QpeYe0s6wIrR;
zbYvfOJ9j*=*yI^l#C!S{#Ce7`#e0S-I2Xaac7KryN*V{vYnEX7l-6y_1+h=dQD_#F
z_FQOrdW>Mmui=jJo;9Wh<TtZH!T8Qgf}V<85T71z?C0k*ytSP1eXV~r$hIrM7wv9J
zc?9IQG8oJh=sBGY;?o(CFzsP5{i{K4n;0GDHyGv^26G(rY|jGm>Fh|Dw}ip`cs0m&
zTXdLz!Z61(nCZ|nDHFt}Cxq=;l=s3TkAVDUGV7NGJug~8e0pM7zbJ2lhjG6NtY195
zVY7mmcNz3_XM$M5LC2B#x_5(&(7QpkH58v~w?^`|=N|zX_tn~0W*hTJ3E4D1DwjS_
zY1d+Yv#IYJ&1)QdFCac0kPR)>06zSE=OeVfIG!h;4WfLdVDJH;cdem#UM?HNH^&Id
zKrXbrm2BJ-{e5*be~y)p(0JZ{-s(Lw2}nHezzLxFqvBy4ZZn4A_sy_-QGqwUacH*o
zU5|kLmvm!p7|bK|cdnhIwfB&8@BBxM@xR<?dLKLc5s>d^Zzg4r7~f2|Ayxb~OlA;y
zQCZ|FS`D&;lThz#4M=8s#LCqmW7`$a?-0jwIh|I0xZSkZ8&Ey7{i<~B4zPA^)^6Xg
z8;}HG5kNwVbnTvG?ciJ5?(lCK&^iE%9VB$CuHAOl&i+r@?nH9~sWT#hger9HHn4VW
z|Dx@B-)KNf04#2h&<tI>)vTS+McdtZxB>kX+ctQvz6P`~OlKhb^TiC;cMpS%+pKxB
z0sVyGV99Eb{avc>{~iwd{gSsXtk)%l*KSUtvM#)Cv$~z$Yn}LY19>m%{Y?XTFG_pE
z7;}MT7@qId47VRKd=;{}%v#O%^Pj5k1H7MaHK2*C?ex`DzUt48@K4pJot?K<gN*z1
zzSV%Ro!15u!t2%cY$C^UR(-4bPQ2Yfa(}a&ibzmZ>za2PqWV1@VsQNc9q>(&>oh<!
zz5h@1dS0i#P0{wMZ9o-&u^MCyzkuAE!*RVH)5UZbtgj~VPy$JU;*Sfwh4raCGxT6v
zA}<bl>NpS~OK8>PR?yzNqM{HsBzePs*K9!Tw-+A9`)BrE1d!b(s@MEORS)R(0<4eu
z6M^{3J%H&UQBWer!}OG|qo*f|T|a%8+&%6MZyV{y#gR9Gg#qCQn+e4C6QJivB8V#z
z1O@ZTq`NDq4wr;&NOSk>aW@ZE#erCzEGS9igjP>{X36s8g3>i(1O;KcWrTiM7t#8i
z;m4LFCDMMS0G3-`7nJT4Xjzd&bgG_F$sn!_-en|p?-*A(Xd70^ea8HF=qXcGag5e)
zbf{l97unA}XzYjgvhQJ#zri#I;5*5IZ#vUS{=<H^G5<YUpCg^zH|zBiiTNwW`u_aG
zEZ!-e_)vDh=9#X)Vw@yEvF6V&ndsZ;UmgazmjmBbEJjK;2}-)I-zN`)EX2`%csw`j
zckE%1@8o0o8K!yPWov0uR3FBP<<<(NIzdp<%LHX%0<>uGTQGbs1m6VGXWAIe4}+XG
zr25`{2xKXq*bGtq1-toV?@A6@R@PCw@sO&DkE^N`|Ne2<?=`Aw9mPTON^%}Yb=$vJ
z#TC73%ltY@E4a<Nur|_nsyP1#W1Ge7{!yE=eohx2Vtn>m-MI+NbnShJzK2I!gZ^Hz
z%mgj?Y$QHR?}PPn&J7x`)!z$RyjvdD{5V6uhsFy1rhj8ddcAzcF@O@|9XIn~xmHk|
z9JH9rs6T1Y|0Ry`v^gx-0lBxOeeQUOyodTCWX$vu*PRa;-y_KH1tl*0HwR#eeAA(P
zupou<!kalLCF8R9o6Z-()2Z2nMKfGiJ_K?yfQ7Uf$9$J~P)-4Kl*=Wqe2~!ehseEt
zQM5b%s~^_m#`rE1&bKrh6YmA4=VB9~=VnaL@Gz<ER;<~MdV0S25XgsP`sRk(>%Ub$
z1eOb{XlzF;+97@*AzEw3w03?~Y+3`e@m(XF{$RAA*dAiO7og2oM{jtoFI|si9*IY+
zy4`_JB}%CKRrNr4TLav&f|7hGxVbk3;nv;dKqj+<PF@PGMNs-yT>@@n2=1Z#9B86h
zLhna`3z?C71Gyvb*Tm6+;v8XJ>sCdcO`~5i=Plr%nai51=-&PswYR@IQ|Rq)?L$;w
zkxaBcj&?sWj*Tyw0;Ptx7E>g@=rYmsO!S^1)%P<+J#Z_f7Zl!h9{XJnvu=pi(YHSo
zxvoF2Vzq-WsJ^qz&uw54=LtXCW>#Bw7MQyS__}A);{>JYE<tJM&Xra}prrcO<uls(
zsimZyo|pJ}mv%k}7L}1Rdc!KPtfRhp#<pftMB8gufu)a6^U}9wi#PoHm8-yV7vsMt
z6X=`@xN{}%o6@@7iB$I^I^HUf?TJuKY`KM)M|PAB@StFu;j>lrT?g~KPuPCAfz^sJ
z*vcXK@$f3D$40ZC5*`A%*2H{j$a~e)QbHfbx9pDmPfV_FR)+GYbn@xmA69}KZg+*R
znew0Xh`s1q1(tq3&FfQDYhD~&TQ#7HJ=n%#wH9^*v`mZ_lyZO;0rEa~0<8sB3DAP|
z{6&nfN8+FIPv+CmsL2wJr#e~z2Q7K=(1X`soh`ItogCZhbqVzEF5Y|#w?)`DD-PbM
z!#4d&;`iX=K-x=mdfnT)ww5hyPe!c*SsGS}Z_!sPsU2X@?}un@s(zmHHm$<n)4l92
zvJvaK949DyR)TEDawI`e(ozIv>q?Nx_pGqH%I^|g(#nwEW%!=wCDFUQyd>!1I1ral
ztSHRiVD|n=Rjv5{1slxXPTu_SADFK3TQ=Vh@VTnM`)cy^E#N&vo8mk}Jh_`{)Za~M
zGJbd5^b$?iF65v&zi`foJmy|Ti<rlBO#)iG`UH6JzMM)d`|X$^T0dI9Z*?YmHgMl@
z0G1}6@|b?cW99_Z14S!o{0;LR3DR$uwqLKAUAT?Tc52kyPMtyBXSSzrL4{{vQMpI0
zpnF-d3S{3(I&b@+>icFS-lNeS%atVY<PJ9&)9a51(Q<OGr#OzDxh|sTa^9b<B);y{
zM>RnRo?p!m(V(X#YIBXm`(l6^Ge~=FV=D)jCksl~(cRCQIj#YZy(Es_^G@4P9k2rC
zRn&h4?`IhV-aHi##f~vr{E`tiK7%8{c5on8k1;o3n$_F%vF3@_oR4Wej;>i-Z`I03
zz4TCk%7nkI)MP>=yv{@#yVAsTAiQr91m5aQ6ci4)hL3dT44<P{SAZ-56#Z%i$hgf1
z%<n7~{AfC)7JKGQqOoU%cz#R4Mf`atfouN?<Nbzx3Aj2h1KEBm(dEbsemjo8b@FAN
zQ;CA|><W<W*Ok%uwClKtJH}`6o|UlgC6V9v;_oxr_nDF3>+$!S*!P<vzdP{va`wGE
z^7}^oeJ=YxH}d<V+Bsx#a2OBaIxmUe!s{Fei-$XO6^VyC)K6{MqbtapRk7z%aavQ$
zE*+;;QWhDfHM1-tPRo6h@wc`iwb)&5{LO}cn``_{y7*tlcug%+EF3hF7_aNNOUHPX
zlqqXVxJ$-(Sys{*uknmN!uyaIubE}a+L`~wm^YOvYj3*rnCDl}G5c3gnhNhj#w;&W
z)|QVvrXP<vw@g_(_tJ9<k2U*z1*OOEz5?^(`QwTx@o7AN{Nm~a&)~8|PhhdxGq5Ph
z)3+emGqh=xXXvQO)vxK0n!LLPlp-_H9h%K$C9bY*ah`GxS_XKNw}ttV*3ANO+Gs)P
zokHI!o?H&{c+H>mrqH)kcDMNWa(d5Abn|1O*r_L1fb5?FigW|LH}faJ@w_<bIXeSH
zRpmWujxlfMn@fPi0F~#0Y)glt_XoLF4AXM|Ji~r$UqSPJnQsu3Tn-waTPi44PEb@6
z^n5e^K5~a;ju(__RrO`D*xO8yKErlz*MovbyVuvpPx*PPcgu1bdqLJwJD1$UkT;ES
zAwFy$7x|`9y@J++iIoH0z9M#>^Sf8X&W(dsfc*ZmrdEQ#2L$Dy$=ofaGZ}n8{yV7~
z(m_0E%I$8mP#w5qImp7)K&jgjwBO0zy00sX;BPZmfPDBmPPs<6pRx8)t4sFZ?BkTs
zK9bl(Z6CYxL;H9E(?dSAU|tqJFUty$-!0)3OdqlKbkqoY8aKk84lM^+pO+HzzVPw;
zmV^A>Tuy;+V6}TbH^gC`t8F}?%~O23_iQf6j{;b}tfu)feZO{~&utRAkE6Qt{mVi2
z|3~#<njo~~D^rANf>JP`9%!2cMa0f7NOK)!@mXa)2P)5((6_Is2ReDqb?P*@P9LRt
znhVV!`>za?;=Rndd!DgQY7`sj!{xE_^#5)-rBi=i^zU!t?|Gp3bE1F$HU6FhiZF}T
zLZi7#GrgNgY+jBR(<<@ren3#R@#gL$XH`;**Ka+T?e3=Xk@!Ee9Iw(S5KB2|>`Itp
zh;_g;q4#&dYkO)r$hcio38w_%XnDX>K)e*KZ(B}jy~+WuCCQXO{U|q#7G_5FtHHE@
z<&3`FO_A-E;dVE1N=Y@yLNbkm#j-ZM9j1*8kkDJ@oD$3DR$LxEhs<qw53XTr*XjF5
z(&-!V(572FeGBG$1{U4y2`sMk3@)4Jxwv|+N9FmTuEJsdkWJ?oZH(gOB)4y4b@IGR
z;$$+OXYxFPlLC-X)3c`5UfxP_@#^to>s3k4b!aV92v2xup3*<49<XQ7d2k?o)^<TX
zfX{Nq<q|sScc3Q#EN@;ep@nB0Xb-bVcU6Oo`G)-~)u+i1{rS4RUp?SYi9BE2hYmDx
zqJ&cL`8o>pd=WqTZ0{Y3Ap1uLO0UOjK6q(5{C73TxE)?|taI{BH9aS>&e`9q**S}G
zPXCN)DC~^AkO=Z;!z31f#?11Z>vV-NW_IR)dO%1Bl=e;$l!9T^THNM9pXW=Y#@a%k
z1KpJ`p&tWS-dINCH9B9S@fzgJviqQRmg_|quc5`x8DdU5fyU15T?TUJuSo2IVb7P?
zB=p9w)B_nHjgLmN(pgn>SA*RDwgaupr#V^EKXjmyi4u8Rtb5skx>eO$d(46Enkb?0
z{rFiT$mb`;&KtMA8su2}zZrjvfxFsja))eK3yoFE@NQx2S$j(LWvZ(6u1ONw{}%`G
z!NPRA(C<K}!(wBbOvcz)KS%r<n$1VbNNg<G`zk>(PvvNwY!RoJr*n$=22L>xoMN8M
zDTP_axLMMN#myFm#m(A=Mvj{$F(xC#&FX1^;GV@$YIJZ6<FWI)U<{>32V<ATj+;FK
za4z3}9f_s9w^uz7HE#B(>3Dc76rOjz8APl*o=yhe+9lw^``>w##+MwMMDH<%9t7ED
z0-ukEqW)<@tN$pt_Gg3qz6okRPk?dl2~TI&4y(nmMc8-kGLWStXwk>-XfZqamD|yh
z$r7dIj?qE<t1pwd>Cd9|sSf69qIwM^Qe7A0yJ1j05DqK<mhI?;$r3utU>bNZ^Dp~z
za4#dr`>*iBO^d)!(}S^LVmuY}Gd#gGf~TGz)B{qVTKtu&T08IDj+RW3&^xMXt-E<U
za!i)cTbRbSbH~H|zA(;KB!bw7ah3$WeKX6Het>g6;zO8De1-M0TA%L#|DF^NJ<Cm?
zKpcqsXL3q4tKmuR988h^6PoXY6XPLXQ2e@kCVxUOPQayy(>X-<dE+we4ki*F{{7Kq
zp*xT8xg5Emir=fM^}oW$6_NOu{h<EcDRO**lL3a4%PCHtz&Pnwi+@m6E1@ePB}i9?
zgdJ$&3<-%ZYi~7?Fx3j~xc(j#<I2m^^Tj8CZ|%&oAV0!-+Yyf5Gt+%d^J;G)LISkd
zqv%RkE(1B-Ca1A-^d3^XgZ!`d?AFLVJO2RHx1+(t`(++v`}GsLU&0US0lT6W$Ld4&
zuqCvI+=3nGgBcRy$sR_w4=jGq6YGwC;yCc>X>I?^GGzeZ+~-RK<$Y5|cP9s8IE~uJ
z)7V`pY%irGO8dB<JBi}J8Ao&0aaV+V=bWh_-#PNul?p8xA)Z3!Q43U_`Vzo3z+1fs
zP1bHH4#cK0a9s15O*Vn}*v8s`-skP<Vb$QX#<5yruRjR#zg5*r&h&$Vauta$iPR%s
zd=O;P=4ZwlY6f346Nm)>77bQ7FBsr0-k>kA$>=jD@E|_TgD)Sz;(QQfZNCl;sA9Bn
z^>gHS5Cx`FZqVlWARRB<R}SOqkq2YfMO*%$QCAn@HJ|0sy=!3c?}^;*=S^NeZ}QG~
z0A%-n7_F|KM&dd5_oxTpKQzZctp51-KRiI+$=c4TzOw2a$aKAgcmPY){X5W-nM`*5
zXiSi%Z-0r#OdHnE<jl+mH9zLau~eQv9)6b;Qy#xa<?+f2Dvz@s(8=Q|LaYBpa4A{Q
z<?*c#X!1B@yJ+@GzGDY^;Rdp%Mra~y>cDHtc}bJUk$pyz$FBs4JT}0}e|!fzb%TTw
zUWzS`&pn{Y&dBjde6wD6X1uJO#W^1X==lGLd-wRLs&jAryZ6pzW|BY%lS~rOBv5Mt
zYE>p6Et(y!Nw~?*2E1p2wj^LnQ}71T>;x%<sAY6Z6zxgC<0*S=D%MGL>gj8u?KvQ|
z<)YZ0o@#<t6XGp^VRj&_-)F70Co`E$M9+JEpZBj!_Fj9fXFboep66L>J(mI_EXz8q
zIOjjyHF}>B`uK3(J}%2r`Xco4BM&KiuebE^mWPzrXMF>Gd;`<RhyO?V_=az&k5j&x
zKHl~Huhz$pem_DV-!Q5^zBoOOjHHL>uCJ|+59b}`G}-sXFnzoe6UPqmRo%l|6>+Ji
z{P@}b3w?Y;F^`{**2gI^^l^+ciP_(W9(|5Iiax$L&diZG8-Lf=(#MDMf*fDBeQ{BJ
zyc0XaIPBWJRoS~#Q*xgDU(m-lFnxS@gg#D*p^tBfp^tAEsgG>}zW9Hwj}P88q>m4O
zl|Fv$E~e)We@%US`2R*9|La}QL-?}v@!_wlkDmy^`4#&3;k!oH$6N3E=K6T~okRNg
zaNf7vOdr4a`Pb9OC+-aE<2?UX<;0C#9~T>2mDx91y33Y2#M5{09bF%<xa%wQaST~e
z7RP19mISmhxlj<63!X%{s|Jb#Iq|3|7NBl8k;rtkD-(Kj+s*{Iw~KNh$Bvphibvou
zZj((q5BB@6=<|aAf&5tR9w9%ZJ3~5fr0m#kTJ%ueOm-~(oHTU?L+1uD<i<l`9CsYt
zs=U68=WdIBSNzsiWs;&Pj=dopVt8M%@Vvv4$#ddI;<+W>!n2*@nc>Ux)%aq4q(|5&
zgtX;#ZB-_fYsv(E9(Qqk){VsH3#*`~S~;u^gk-PA@i+JxY04cSg*L#s=e@1U3B}^g
z^I_clanC3?c|$xhTD}?vYefD_mgCIM?Tt5*(6)UDUtGq@$#6fxcro3#!NucsBHy<p
z!EFMEXWl6fyI0yL%7N2TmXG2Yq9wc2!{3GUq?X0)y~tV`Lp<$~&CPd?95dGr_dbjN
zi|tUIQ8N2WX}m95p02%f^qd)Y-3fi)mRo}?$4zAXM@C2%jm#YralUhL+CMjv_E)ds
zIm}KF;$k_>&RF#SS5E)UpOL1P(_EhYjSyGIXIqu}axSZczOBmZ<rY8OJubXf_HbGC
z79lQ*lj5^mmD#GM+y^+d>|(QW6?CNX9B$gB#pdm+tXy?t;nyY=n>VlG@hJ5Fc4*46
zRnX~g=D#<+cz8a#PQh^fmFKj~nh4Wo=XB4?WqB39!0mI)E-Bsj@fp&@d~8x<*U*l?
z6FST7UNDE}u#3pcwP!4^8<u|M95a2~(DzIqF<ssfzN^e18@{V#F;8Q;j}xP*6+hNF
z7OYO74Vu#P29E)A2>7B*$oDRML^jWUM>5I;+3cShXPlX8)pisvy_Ukc?KICfHQM<#
z#Z@f*_SP!s_m7D^_y3^yl``30=k6~_Q>^>X->-t6m+&)X(sFKxP`d6pvsIa-YRYNJ
z=8NWm_Lh<Qs<@k|MTEHauj2OK9&@X*SJjk0s}{qT16!59sT#{`UU+`1Vyc|a?it*w
zJf&(%EV!ChjeeiIbJghjzQKYaluzt1A+CP1RcTT+ma~)b&Ohgvc`OH77Rv*+x`i|)
zS@y;$E02F}A89)-{!Cf9TvINI`0kn((!~67J|}H;0>>NOYrQ;1HdlT@{I59VVX=ad
zx!z*Yh^`SHH<;;LPl)T@_@5~=mTNI%r<7IDyV#wx%eOn$nZ5{hOB~uLPa{ywdH5Ie
z%}>u*``n;K$J+#N-l}a1tNYv%lJUdN{3B(~;Ru;?*pfN>Bl9LQxkBy#%2Cez&oSAv
zKa@Z5j!#Kb=Kv`@!S<+Bm&6;viUgy7WukFrsm&PNWH$!qh~CpY=kfl?yk{)0g_ZYA
z65u~0Nxs75@r~mJ_-hl;*Cj!1a`5;h`hRBv)NH`{6n$ppIm@JLRKVek+vl6RSHWAd
z>Hc7jkilZmGZW!0k}_Ei4BD=E)BQopSJ!?)_Z%n;y)Pz2{lLTT%{ta@3*DRTkHFjh
zp?kBxMBy$X&shj}fAB!>_~ACC9rywdr%^hwxVTl&SU&NV^JK=pjrRwu&J#aLK;Ie(
zD&t8`=fjlF>(7v;=<mCJvQ4RnrW|c1P2HC>c{Mx+QG}IGs?<2Mw8ZFNxxffk%r^#B
z&ojstu7myv>>r+Q%*lMDKa|G%@;)a`?dQn!%DcBIM+kAfPzgPjkL_tI_r{l!;A6F3
zzBS)qIdQL(&F(~)IS(cnIoH9A^fBD-fqvjxmNT}kD^WI!6X5SmlFi)|?}@<~-HEcf
zJzOV?>5ZPTve^Lmhvl_MlFc1}KQgz4A;R3j_8l+}+#s9d1=(~6Fh{E`wZ4+a@r}q+
zBtk70;deq)0Bu-4PftA5SU$HlXh$iWJp-hT>fYNbp^v{n+PE**$o8*^Fq=h~wc_aT
zEu`=z#eO%p68h;x**tCKxpzWK1GKcE^A;;d|95F05&P;$7-;)g&xiW}QW^_Bmfs1o
zDGJ{#uTyp<_y5nV{N{O`k}BaOl6d6&I?)&{-!7FE{T2_N<~7!a<s^u-(Oq+k&2zy1
zO?S#B5ht*mK~x@8KQ=p1wQF{uK(H+=5;E2nY?dFN{^G9P_a>pO3UGR^wbtW3;h2=|
zF7DIK>>?MBUC;19Z?W>D+Y+sH8LBJof|@;6Hg{*jpA}VCI?@J?r8f_HxIPI=SwnH?
z1Mf%1p=bK;?jud61mEwX>PUOW4Ua7k>07@Cx|ufIf69{tH9rKm<-gOC1obQ(7ZEl2
zQ-=EFxn5)VS3Tq5alQA=7tGpSVxT8Y4pcuT27;2y7meqB0sbB<_i2v^v-|b@MxhRD
z|8PRe@cq&=JO+N~{@(+A7hUhWW(Oz@Z9+y;j$mI~wMz_C3Q!~csA9pm-UEHpe8F@_
zt??oI-!r<8*<Bu<^DtWWb|r;!M~=)Xdw$*Qp}exRk8(=aD17fZLzwSdDwBttmty(G
z&9!)<YPT4$d~x<i`r-`JBbyhPX{Sh2ZX&nisqOfWQ`~k;|DmS1w{250nXQ!VyDAFT
zU7rzk10k+G72Myiy_@?9-gCF6yuE1~iz9bFxQ*GFp}K7=332&<x=mqrvm~3eZ3usP
z0>_`z13kgYLA8(&SKHm1;;-ALP+nvD?#c07-&u7sPDts#jDKOdK^4kFk@V_1MO2*-
zSG)&0osa)#+mz2^#FG!@_DaO`P@XX=0}k*Qn-}v$sJ2Ww&?(s#M#pO-b7XvZr2q6#
zJ~2D`S_Bry@?x<B)t<{^S9%hKYbkAJv-ywgpSH_=z~-}^uQ--}p7@y@vwZ*A{_kHi
zynnod*<xwY-+poj^qltG-pUI^jefVFk2HBM5Vl|b_o$fmu3$K(eSbylnD%HK<_c(g
zrh>;j;A+|I6wx*!4nAs~Jyijn%_pjsGn?0bmv`eR^J3pvHH>zBLYh1R+@Y9lmbVYu
z(f50qt*gYK&4~UY_1fBqIcT7Bh=>V{82A29NRu36+>W7fBjP35n2~<lqsL&BSTPs}
z?ie0};l5*J491_*V#i*5?+)mmkF452AC0UH^t}q`p3kiJpN)J!jlMr+y+1Yb{Z#tC
z-+JFa^8IA`e!zM^F!KEb`aZ#my+{}tdojM^>&0F?a0m33=-7)FuVk?oT~_SHU3c)<
zi{~#Ed-37dsFCwoj2bzoM%Kt_>6b^wUJS@1V=of^hp`tQ%H|nhKa0Ki=xfy1`Ajx9
ze0K5rI&F9GIEa_-;QSH&4U2;~C7T;geT^~uWphLS#m9Wo8gthjoTs9{VPg)+=7s@W
zJoX}?*xZot&0{a_yMyy%^tYkdi*<LzioHlUa(-Q!F|c~P5v*_;{VUUrGfOj!!A&k>
z@QrwHw9UCs$_}#qZ1LsZ={DK43uC>GJi*)Ze7s@rO7uFq(!4#-Cm8k)o45OyiH1Ed
z&g-a)_x3z*GwhY|UPm2$Z#Qhksos#S+D#k=`8>%u_j$5$?(-Dm+~;GAbDxhj&TWIa
zHy-}?uR@<~1=RDB=nL@++pFFT@0XI(XBUv_sJ@rg7V4IqzLS#EcUE%xdL^fi*BYAW
zOSzrjaoC2%cTDu9Q~6W@Q&YI@usZ=q)I{_->`>2u#|6<b&XmU)w9hkBVV-CIONJ>q
zeH&MCANMQ9LGLU;;Z_080|_{iQ-Hpz8^e7ZWbsrS-W>u`r&d>8S7uLQ@b*~nhWh@*
zf}Qp+3pvN#ZrMDu4QAohviao}nE6-8W_K;jf_&NR*#vXOw`B9|eK4ow%I3+bFi)<B
zIcuV9o?i#^icH!3WG&38PTA~T4RdCyY?^n%{Ny{5(K9*DxGq^XgB37C^B72l-ZB}5
z<pP|ccN9;*zm3ONIOEW_@GP^x_6sTVhVb~t?a(n6erlt4-U)L+a{8JR(06hSRJty%
z`>@yuew<{`wmz#b7DtnEaXg1$JC+K){ZbTOA;38^cec@;1Jj(GY(&EOctqc8lfmJf
zw_pg)r*7xD{W{meyd@DwDiYDxIRU0`3{;j&|L|<1`&csTI}+y2R=?EtrQe*H0Ml_1
z*h6qXmkJ$OD7*kTN2BGGeAzr1LCdMRve~;HX7>wmZ2W>B&oO$|rx<kJoxc=~?&l>V
za_-A5_zq^^NKrca4mhE{3G6IufOk8Py0E(XI-5PI5kk&!3V)K*!i`|91($3p6gLj|
zJJ)mEbWVj?VbzM#0jGK!^iCOVCa`nnojm8F@Xs(0%)TAEM})sK2WIE$Fn&*-CSOhC
z31R-bh4SB66uv}x<~HcL*Q1U3)K$tRrAahBFQYK`k+v&ugRXrqqU{8$Z4a-Lb>7AK
zBa5~d;6E?HN8yWvt8*R9NZ1(c{X|_3IMZ)~E?<YXubM|RJ}=w`z2!^NmO$q*o##ps
zemHOFegADd*GK1l99MKNM916#sMi6`;H}Ve-PU(cg}>_#eYeS?(_{`S{cZ~2JW0R1
z*81*=@OS?e`mWac?(*<=69MOc)9<dfzMHvV=(|6KzT3jT`!WK~F@W>W^t-F9@A|^?
z|3A0!T8HeeV_TRXd~r}i^nPzFbR@z(tiH%cBXjw+-v<5uk6_k{ES7A)P!rDGcOX7@
zx-HQ<w@84W?!Q>PaYBsvpWCc`r6>lj1f0#cLPtK@*m+^{_1+VA3f>Ps5Lta(9+Qya
zOFv1PJYsN0@Z*I>&uZE1UccDrzFabTDwY`Cn`E<lGR*FGmm1x_j5E$`lZSZumt&#J
zCMnczg<ko_Hf3*(rhExF^M1QcNf+4J>rf60cGmpYncjzJ+XLGa@h6&clI>YDeFL{b
zZ#PL>#jVi$rF7r0vx$U}`~G`wgMMFvV6vDmIiJCDLK^S;ODemc*m?E`viT*jv+WMq
zERtNkS|ZdUDZN)_e<$=Jk?+AjyA`^e5uBlc?hmqkdC-)%Q+Z564*2;}#d&@Q#BxRe
z>O#s38PxXA_H{{_z9XqTP9fC3JgR*W#eaIZ{oz#T&62CvBSCGJ(tC5+-wC~)BCo@L
zkhV`74%44fp$DhRW{xz0<#}fOv1hJHaaVJaG_{Wn&Y*iM+BOq#(m8j!nzKD7DSV3%
zSF`oMHb@FTv+@cG&++doDeY5(GdzI17(B*<y*K##o2~vSJe4e`O1AICREx)s3W3ha
zbndR+PCL{bq%+?eiVKe&>MlB$<lqb$aMvCc0_>aPLZI_<{!P1$f1}y>H?j?C1LXyW
z_04f15Se3y+PcxaaOzg*_eR;j)b@>T*L^E=Y7f7B3(vnr*DSSTquael+x5e2y#;!U
zl`DYSwIkwxZsoQnwRiDR;&(h3Ft|^;CCFlMBF>Y9WT=CiRvKrPt}yynE;oV|sxh#-
z+&I5ZF^H64<uK>;>Fg(kFS8u~{C@;VVLKtNJ^kC1RrhGhrGT?8xJ{|Qhx;Jpy|+!-
zyPng0&!4v`^*_<rc~0fuwkfmMYwZ4`xObaUzd=*R0?w|_w<#w!@EUrR$F?aaexfOM
zz$v`DO_{Ww-vxGbZBtIHxBONAxlNh0K~vg+!`MI3`-YWsXfohzxW&3>`PDWh8*nmv
z^#SWHW%+l!YXnVsKLLIDFK*vm`dstwlT=q1%BC#H=9|F&GUICRAz<g)K6ux>xMTOp
zzY9k9FJZ9nQ?B<~_b~hOUipr9)h*ELUfnhVj!89|QumZqFE0k}<ugS6@vYG7+P1NK
z&pm#AuGI0;Hsw=7TwTA}#^RTR-)vKQ2yx}TxJ~((5Lfa3ZOT6haaF#sjl~Mp{d$|y
zMZa&|ro0~&J5&`FJJiB+_Z+tUaVU0(>1*4ER*k)uOAK4frG_moX3WseP|T2B!2ZaX
zA<xBQhIU>gW@zWId$92R;eP85Y-eQ5Pzd+ZEngWkv@;YlwB(~vVuqx+Bj?vSjDgij
zMzA8;=wF#)oLM@?7~C}07<@w-s-?u>8}d<Md$9esyemf3QraN$`1j&?t7ejm*HW5e
z#lF{BHI_m#5hqw25<i=eZ73}MeuHx2QBAouMx7-(rfciGuU%&;t%o#4*I9bwX1*>e
zZ*K_QKSttxXJp*oFx>ys9eMxAaR0A2L$9o8;Cz2LYl!dnKB_5iJjw5fvm)y(xx#gp
zP9}!qLLza1AaS$2AaB6iTFm#1yKZKAGut*uEG}~dAMM*Ra%~kSQn|L&IJ0z#(Z6!B
z5v*8b46I&goL^UF5Gjt=SNcJNBK}+(0sj#~T+u$@opE6w@Na+0?o5Y$Q(4`h%>KEi
zY<+U14|vEoZ{01>UnRu#M_}i3AG-P7=(8ABi|M~UCQZ3Qa7LFaHjm_<C587<nQ%vg
zvX>B-=N9N4s~eO_Ki8B$vs^{ek^Yqq<IK_|V{lWlF(^si;k<hZ^RJqcW%=M|qpj)!
z_wl2;J|`a6?6LDR5T<7f7MNN$X==$1&gcXRhn`=yz}(nPnmR8J&d5!Ly9An2oltDP
z4PLLgNO1Ocrb4Y2X9tSnQ6r=`XKxMV#62>{$_W(qs}VA}-7x;0Ip+A>;Xd9~32guV
zMd+?ebFsYg(LOUf%Ub7~Urv=G?ybiA{?AG7>+>aI`@1-9fv&n@*CwK}h3+>g&5ch;
z6V>6zo@h|gALI88tbSx7)ajvl{cYsDI;?%(_<zhX%d@|FUb1tPc^M<;wf!RVdi!SR
zPG{_Sy>)YVUhA!St$(^fSspR3kRRIXH$!g+_QRd+eKw*N><KB|_hu8XrAGHI7GLZX
z@)nq9J|<0?D>y@rgS#pQUsQfhRB8)WiXw}%Tr>uHXwC1JdHlyyH$iV7hqm-IxN9#6
zfnhngx7;2)7#+Xv4Bd+@GR`brX!NfvGsqks3o!)SB@4{AJ|;~VADoc`)KJ)L>CM?A
z;5$jwzY^j)Fg&JtXM|2-F=hsZ!5rpC$70OxxC#32EFZf3e-i&5;ETK<_o4gMhonjS
zkQDxg5ZCzo8<g~&nzGNz#e|x<ra<+ob}92QTGB+CWWagP7};#=CjJeMn10s`C$Z>U
zelxd&PfJeUbV6KCi+3k-ehrV;&d0m9i8NhdjrV2mHy>|C#CSIn;_~n2JQb_$6*2kB
z>01+liw}13+-K+{ZI3_3VZS}%{ok$k?f)cg)1KsGEhofvdPjqDk5^Na7;?Nt3d?bS
zFO%cLVR)oL+3VGm@fL3n^I7|Z%kjaRpwA}6b<CpQb%eNHdayxRzEe{Q33098%zs}?
zh%0y#^zw%rlqbBJa@8pEnekbae0C&r`TRx-m(Te&xT$O|wsU!6>l!I*DpM?3^Upcv
zw6u%JniTG%IzraGINv-IC2M}z!~NGr^HmMp1U)?^wygQhP23-y;`^pv(iBTp88<<%
z{8fW;;xVR+_v6VhJzm_!_31de7k>lZ@|3Wwc&>=s2am3V?nyw~h9tPz9`1q=Xpa%2
z9!qZQVf&wvGUIEl{glEHYrkS8^tVI)v!|@JpIpe+e(MLMsilt;{waFBBZsX&Wfy7s
zHr)rk(4fqITvL8eh-<?b**tTK`0sH<)gc%q4kCni^`_8TO!sZ4@Wg1d@Fr^wM&NtT
z^PCQQBVn}GS?8yuEzf9BcEwm%niyVJ@13;PRYbpCziCkFAJ>%Yca5}<icj-(b@@%u
zw-Vx-dK2{G7aNpSk88?<gt*SH`<*ecS}<bO2qAMOA2}_FzH<_M!`2bMC)sH$zQ)^K
zo6KzVkl$aqo%{XeB}1J7**seTbC*LlH(LIGl}X{}RfO3_*9c>+b=MPP-OaVu-KTTR
z@ry5FyUdGNcajvf?vjVCyPtP|^}74}O6bey#a?%BuMDrdjVEKTyF)9XXR?}Xyk_)7
zXh(Pbr9nBXYsv$b|Ks%G{*OCd1(E)beE$*K|Iy_;^-sS4i1dGac7?V7=-~U0$aS_a
zGH=LVqSo4Fg^~LYw$>h60lo5#1}-x&VTjjGJgzCvK0%u3Ug)^U_a85Bygx|k={isR
zbl>kNgc_o)+()S0Thn2)XxulF#(C2%8h<&*EHC<M8e`@tG;SS9<BW^Yc-2bi?_3v~
z#<xb$SQv%IN(>rLf2Tp2@q{)4Zy`Tn)xzB~i_umi^4z*rE1;jJy7nsgj{#q-|AB0J
zK9|koz!%5wkj;0j{0uo5-`kP^H3u2Jo&<h=mYV?e)fLdS>w`0L6X2%bS-uX+sgwLX
zGIu&ZH=cTy+qI$dNf-MLZLxf$Cai>hW+4K!KWb0X{@%0tlij>OS5$w}3g|80i``!$
z?Qbap=48R^InC#iCqR80aMItMuIB9A0a8eD6MEm0Wz99qnrjwRZ3Xns>A@MfS#aNf
zS{~-lO~-j;1@xRayx9I79^(=VmJe4zZ%z>V&QFFp<vUQ#_eF#Cm1yyrl~46t4ou-1
zem)TLhYF1qqWOR%c^S=CSoBJe&3D1^(<v4mr*wsgwr2!5?a#`_o4^-k#Z*5!diRWj
zS|r(ePfmks8!MZ(l&r>yf;=pj)yzbAN8{h$(DhE?w(=NPkAa`nh#Lccmo(9rYvpnC
zq{818wU_Ax)a{8@t$2arYNGG_WZ9f*)hc;<1@zGSJXY^vqVJX!&@rB$i&`-DQ5b1o
z^xN%8ve_`6>;5YQsN-2*6Mfq$e@DH4M1Wc_So}D}^OXYB$olCGV`bC*Kz@+nAPHuI
z)ep5{cQ0r3y{2<4)a?lrzKmYM0d;#l_s6WVVD<p&m(m1Q8@*GS;G0VMCWXhgSiXgQ
zRT9r59SK*m!2Q$dH*~(kU=|}_7NHsz%!UPXVFb+Qa%2{F%HT_cx{tz_2=kUX@V@&w
z@!!vKAx~s}+uyh5M8B!L!0+U$1fGLBU*NR#^pK`U2ysz<Su=_9OID+;65b7jxaj*|
z_mHNo?EKhTOCR%CB3_T1`#z-zaJrf_CF6915~BCjq5VpL=N1tf7MT4XlP0>xP0Qx!
z=q641l5D=*q$w-TH7Fr}Mj;OBxajX6SzvzjF==YKHvIjI*7x^4sVVoy?@-Q3>As;p
zM1CJbmP1bloGY6&<@lEzK1x3dBdZDjq^9(f26i@mABE#=gF@dA^MM7|rF$+=+-CYt
zF6Z+37Z-?Y1|3`2p`0Pa^&D{cxo;JEPe>BK4~y`hUq<anXK=>Z3OQ__yh+r*4)R<w
zmR-3sPv&;zzdufz=2<zqhTduXUEAZNsT6QV0KGs$zv_tJzT2Rzd_q(1zrgKJ|L?xJ
z{pnvGwm<)4khqTjncEfVfRpy={?BjTXLCfKQ!WtKy>D|p7OSnke5Br+dm)UUMUPv1
z%a=%7bh{OQYEWK_z-6)3w!M91+x{aQhAS@+SLpe!zc(l^KcOl45znUoqd|H12~C-N
zfycqo=lAW>l;a;ZDEEhK?cZDcxpjeg!^d22wO`6>4^SSpb@Q{DXc>ER)Lf5$)Sxu&
z(iFy*7l@0+`&s$6+y6|Me)+S?{cYum@Kc@Qs*%l?C&Hfv?Xh#G=NL5?h%2(s75~+s
zG(Djyrw5~+f6$<;+@&d>4icB}dV}(d!SMVj4vzo5fz@^jJ)=0d_a6<)_Xu(2s$Awm
zfS<*>SU!={PLL*K!7ZuKDJ-${<HY6A>Dn;gpKaWAtT@m)huSY$z7M2q-{0-fJCotQ
zpZPrstbS_tEa-Ht(>`00(N>itn`ScHHap$JOz?F{E`C0c0ylj}<=Wq@7}C)D6RiI%
zejc0*cjdc$+<*gmXdKMq@rym>(B)*by_^j9>*ZXo)90SEBk$^ZROt7eh51T3^xROp
zb0gcmuW~xycMfLlIUx|~*MFYs-w1uj@iftQR2@CW^pMKp<YS&6{y`nxH~sf2^nKDT
z!GqDUsWwYa&YA3uu1_|wy4X0s?myT)(lh0J9=pcuP-Z-(DR)>rbv$*4vhpcSxn+>9
z2afkp3`Bc8w^!&onEx?pIzE1f()5(3EVaJP$k?I0{FJ6FwEmy&+M&Grl%_1O{=YYC
zhvM3;DRTyii_tf#|6D2D|5YE8rh6yuP*(2Nlo{6dzrA#aa^G%EnP&aJD|d&|v|CfY
zGe}%i=NunsP_|wmE~-EJ<8~-pE)drPD)i}TJCysL(v-`n49wo4%-F3dlOop8ijNwU
zbP|>m{k;v!S!?ZPMyw_JZ2Bh+?D^dnh>QN8(Z~O<x-fcN-!Q#bI@dh=5!;*Z#Qn_f
zXK{VPZH+9hZ^dIH<N6Ln#P#iqh$Y@<#S$Bo2O{G7_E@pRmz0kl*SCk&mgRAMRqucO
zxV{4sapK*VTX_%v7vlP8Ki?#-Z`O&CaebdEd|$ig`;DP}Z6w|fNA7Ef;VvSsFNC{4
zE713>Zd4eZQYQ}4=^}A`!|1#@MCXX_JML~|aee>o<#Bx@*6-Jd>tlAwC~<vLyLen*
z@edkVTwkCZ`e?OXyRCcGNEmv?B9trDYX|*3J5Vja{W`F7_SNy;PD$`}NjBdP%dNUM
z0@^11T2uBs(5O7f>|y?XnPSy}83VuPBiX{qf}z-|s-$qe3{Mh|$vzknlbx5uYkJ<B
z{LO26-dle0nx0u7k|rwSM~g@PemV5}5{JuWk1#yWs>Q0`JFJGF$o;|S7;5?OIGa5z
z*Ne-yq#SzTDDg-O%174~aygGjisqTTq1-63>rp<h@cW$3Go)?yuQjD|QzPTyP~FFu
z330{3<G0G8)An7Pd7Vhw_E&_sPPA%D$Gz6t_|_$yw{r#W<z5zJK5SllOrpL?h|9(J
z5Jy73?>3uk+IPwUA2g*va5&0>@+syEH4ZhJ1oaI8ZS;4qt2w(&NMd<@93FV-vjXhc
zoh!(u7|+iz1~(NOWD8h5khM11TzJ7c^VKGMlK>~fmsNX($*rj{*!z8XUK`+KXIT$l
z;vLaWg88RqAsNcY;I)#!-aOhRsFFBr9)~L8(MR_(^jVLqIh)RD3U=(4t@-5LR2__-
zPtw<&PsyZ<&gaRC%;!T%@^wps&u)`VVWMo#3CfQ-cFKY0p($lTlA~fAYVriA9|-V^
zdGOvDha*(JUKTH#p*~xXbNqy4^VvM`#(Ebim-8*SLNNdMBJfeTW(VcRY!=RKg2RzB
zj^}KdB*LGc3-9bW9La@jek)!!yI37i-j{})<8*F<2j0=%e-&({F<^^~=SY^IU#*N@
z7mcl#V0gU<QoV8lnsW2bk#*T()$-|_25;A7cu$On_lyX=bF3Cvw+y-_!q4(^Bx!-Q
z%lKN)72)qp)B>xQaXAbTeh)O|!)4Gr1^6@G77VA8`~O7Om6?`O&wR(I-LpQWp4GB_
zDW#s(vOS$ruf&p<S<2{kY??B<OiNOrx6nP_k1wTo*&n*wt`{_A{LZi~G@|y+9O=mU
zb&1BnYMT+Pup80$d6uoRKhj@_)W#cR8h9?YJ=c2emGJgVmJC}lSpAHOWb|!`ga1H0
z)Q}yskM{8vybVCAqk27yugDd0j-QpBzJW2t!JCKMFo!cL=bKM6-yq9|`4+cfDk5x{
zO3Q{x>Lg8_lei62Vc9VMek1gD0sfbEG_pDbl>*f3Zjz1Qt?@>_O*Xry@md~Nikz-F
zad<H=0qRvD|GG$f$GF<NCT#B<w(On#1qTZw?H!iK;ISK_zx4A)rAUDDI>=^lD$LLv
zO(~oCI<L7DY8-uU!L!>Tn?vvNpiUIvoZccE{m;f5p+2m-<9#RdIiC<A3^(Ng?MCP=
z*P!joX*`e5t2aW|3OGMgeB!wUW|x%VyL=h++=AeY)8X33yq0nz)Rz+BW;E@}X7Wbp
zm_1}?94O#+20J?_fZw_&7>e1hD}Z|M7}=aY1?;Xp($2WpUHfgz!guYV``i9Ihu_<h
zE`EkEnw_z58T7X=8-BOYk_?s6vQjo*6K%a+$xzo@HCl?6L4PSo3Ui?;ciqVRwuf+K
z%bVo23$huRL&1?Oo23HG@xp9VxDmQ1ho5cI_CoO-c6WF}O80#rW%%NtDf4gS@+;Ol
z&Rqt5{Ux#Ik+qD)e;&@5H+Lxaj_q5ay1wC>@Awv%5!>y<=iF}R^5A=PP7Z#L$>^Uo
z*QD~`ZORvy^E2gGv@mbv_b^?O)7Sh#>@%7#ZiFs8-Ka2mb9D}vH@6Ai*P$uFM~C0t
z)TQz{e{du8IxELa=Z(-K>C!Gh-525~>ue`4laEF1@#o(sO}Saa{qG_0e0!%^PCS@Z
zDQIIk&~JoZ1vvlnMqcNA=zTKUg6s@9-PeBO@SJ#c{rt}McQ<lhqED7Wm-|Uu-tI=_
zKM8TQ{DaJRW#j!px(;vp2k{SxGK+Pf@@hgzUM-(*KC=qm?VC0+c_oWbH!*oMfypb{
zu5QyNCa>Oqk2K{9C=9))@@nT&=$;8^JKfl*(6x{QI6Z{S`0d6`!T#^S%pk-+GZ9B(
zjqSQUa%>m#xsN@z%h&!MY3ht0K6VYAuM2I{9%)ocpec+Fp&EPRF(d=4p(#C+N6NsS
z$;@tI@=sZ6>7fX|pnNw8no{#9uW!C@3p;NamJ6UVGn6|u?7tAKC^ZIFml)^QEg14;
zXc?gU#Z5sfze@&)KR*#is9aq8E>WKY_CI%^kniW_4ByYa{14L9k{X;5ymg*IY48Ff
z<mYjs?!Q1>9Z&E*Wf9;UzpGKv!F{vGKiR1Gp~ckKSKb(Vz9%H7?+=8y{$;6EU-dX?
zEB-|zvr{gQ*fadWI#+$Wxl!qdru@X(AN-#S#AQpd)`Ue1!^+h<gzxTY-u@-fJNEMW
z_+5KPuE|MM|66#s*76a$9=cDHHa8)z@jq`=bV6K}O^wQ4Xd}LVe5hV^hHvdsZWGD>
zP1@M{P2oE7FH4}yiEzKUgy*ZBu@riH0{pKng{~#Q&tzoVT(i>!^ZBLFbM5?GkoNgY
zt51)>bA_H-0==8n(Hx$$j^o?rJF=9%cloRw7=1k=&q34elFi8W9uaE#yQIwtI5+HW
zRE~rD@t=OUQMri_*Gr9!$_heU#~x`^R5nMK?{~ECsD4;3UYBgXv=sUiZ(H+D=kx9l
zopbyu$Ez>l`Q|n}*{J+>ls)O*m}|qy@^<(hAx+DVleX(Do}qn3!%}Aw^&el6t06x=
zoU4KEv8$|H4IKi{)zB^37Gksf_=p??nQ|c3^Bg<R`H*AheT4EebV{~Eqvd3XejfS%
zBTL}?jM{1f*Gqqn%CS&<E}Uaw<<i(W769$B=w}S4cja2~9SBevmJbB>K~qYAfc3l&
z&gR`WFNL!R=*x39@0J07<x+muQoa;U`v1bEaMJelx5xS&JFhO!qjSc}^-}^C!`N#x
zYmW)(&AVGf_{)~^Tx#ti*U?R)Yzl(wP`fBJ<}bDC>k6(z2Si(A=$@#7J+mJ=kYH=1
zIN2rg+Q13cnNWe%r#2YMmozdr>cHw(jbMdfjLbnL_$ncr4Uo+u*qNUAQi}71@&eH{
zN$24aSuUtUlLX;Vg&_8R5(hOXQeMnFRAAN~%Mmhr^U|Al|JAy8PhD!|I|16JSa6ah
z*0VTn=a_8nS%)AAjXg^&{VQZ0vPpcNv`vpScUz*Zk;>Sh_1we8#vz|5n{}dW&K872
zMS|G-$T_0+F5!5jcw1wAUn1~6bEEP}1uKe;fz^Ku<)2W@nE4Ml4k%4euFtuaj$0%+
zdVdHWBcD!Xh(&vj3ou-GMEL)_gvW#Ki=d+oBWY`k<M3%iFh<vO7kn=)f!;ny+G4@j
zZ{-pj%F_VZ%!h2|z}DL(al7cCX!&#T^VA`})Byj#E@5)0E#IOQm0c}yoJWlaxT`GN
zJ@VOhizY_ITn_O3$7bZXf(W%z<aN3`0aX-)LtB<Wr#PVFw1~1vbykmL^W_V+p}zOA
z_p$L3jR!52%MpBtb-<WbAf**ZZUvHB0Y@ufZv||vKw>M9&<ZWC6`IrvO>BiGv_eBG
zpk2?_=$OV?z;<QX5>|)b%uVF>y+=$oY^k!h>JFH|lS=6lZZ~-5v;1cM4M*+9_G@Kt
zRT)gQXiD)C=$@a!)Z*ax)Q>Z4aC)nDz=TaxzDwWz3(OXY+OmSTN^}~yQB&OX`LAJi
ziuAd|TP0=~wEb1|`R|y1<L&ER2CmkWeER%Nc8=<|A;DW!pJgCdQzp^p$3yuY;=EPj
z1cTynI^g7SstB-igeAPzcj(!M`LcP>B+>i+Phq_8fVlzup4PSm`i4ny-q(H#<246N
z&(CC&%0+Pr^m|Ukc`4pC5v`to;m^-6hQ47{e7OCu`Sbq8(C>LY-rM|B7|rzg@A&gC
zX#3d-;r4Ix=O=0Vy$Rv=$NBRQ7xOs4Q2S{9c&HS5G>^1fd!R4b8T!H??dRxXO2hF!
z?a`88s4x2bPm7@sjk$N3LDy3YpxR`?TlFZ+xqv=Eh>PMRgp1b}$Hqlq6kNPC3NBhl
z!No5lVLC3GRqye2PW7_A7)Pq#gNbFe25tKco!14zX!jKTO^Ay=-$n8EA=Y`sF|8gk
zrPU)Qw|c~+R*&dt^@#RXk7#T4h>5KpF`?BX#<zOJxK@uSwR%Lc)gub69uck4xSm!D
zJ@U*>vwYEQkOQ`HSe7#nH6;R61K3%RHQl=d;XD<xkaOIVz~{Fv1Y5n(>ZwPoN7Sy5
zJiiOI`~G6+9*4|wpU`<-QVKm38>rEBaD{AE323WiYXUoM-mzYr7H{N3Y!uuuZE=Z4
zDE2S26#CRs=(#cY<+LRE?70gJmd{P#K5Yepjp>`hYwCB0?q%p+f6-#-+i#$9Fuig6
z4Pf$&+HLoYBELfL$`-u&0^0II@LrR~;H9vJ;7l%so>L0l8HH<}XAnNgEt{;?HZ&!B
zG0T@=YSU%Yxfps5P}AvZ&W^-oX#7s_@ecrP9e`ih9zTSe6bmou5%^^}6%WgSeL$gb
z7=ch*+O8l54&{^xxvV9(LQ86e=4gdxZ-r)Sg_hU~jmqQrQDrif#h)#rw$6B8`=e5@
zJ>HVX^>JJtPoisfr}EE5mOQ?S)#UJRIGSLTV5hQOv^7>;%jNEWFM{r&@;M}T>+J>(
zYszu@{1%w92tSka$mVk1rYV1+@79E5Ed3^h$=HMR`Mr@cb}W;z1yM3KuqaB#UL~9N
ztP)1Z*cTRAvS>`{Fj-_QqWhxpOlF1FKYjk}Q2WI}R*zLgD}DY83fH4chP8ci5to;>
zKZQ{nLtg%&BnIsw<>jMun7sU1Xv|0F4TDh|g0XbixEmKiAChB}7KP<#i{PzV1@pU>
z91YEne)Gdo=CwLBM#S9qIe0F9&%Lr)_0uSM_|vdFylGKb9xh)LmWN6te1GQhW$~hr
z97=BW)F-ui>K(0~dV8y<-qz}=Pi*znC$xI%<6AxTajl+usnt_2whotB!*P3G$?!ER
zCq~G}6fDchLd}7Ye5@Q@K3={E`UZzQ#4nQ<L9eBJ&E$Ecd>$z?GwHXJij8K`*4qWB
z&I_cij}TYY7}?Zk!%Ls%4iZ%pdHdu=biXc}AjEH{Yme%>1ld&2leP~CafSL77jaok
zf0KpKnGf7K()M43xaO2Z$z@xVT<*KfYlC12HqnqWVb&rn?`|l8zN`fL{3zUo;+E|#
zvkjXdn~qf3lm%PkB*Av50?yvo0kvl#=k=<8n{DI^Fl~VIgyi&nun>AxwzZEIoQ-rJ
zog0<6YM5NMMagAvK8H6o4Cl2a(C3vv|87aNTo!#&YFH+}x{%6Y?jJg;9JWQsVVf`{
zhi8;PFDrpwR1zhJ@3-Xe{b4yw+m%PPD*|e|6PvSb4~E;R5p5vApKrsmQfNv}9%}Nh
zZpgN2;kL2*%WrAE#r9C_{)UaYJ=|t_BtOtOJ{*2`Q^dPY0e)`Bi>*0VQ(IeT1<;z$
z^JD~|ZJ7n_p;^$j&Jt`0a2oP{Zj6LulzvKL^b^@fX$ka;<<BJq1{n*pWgOK-alW7=
z`AkV<Ie+OMq5|l<D^nhzIH-WsD+6j(DyI8w@I%m)?=FPyv2^2?i3n(-JP2U0NXqPm
z4Jy?y*DU1vtkVwvGh&?gEVaYgKF#IZJ{#WMKY}rntqGftey1fs{jMaN|CJ2?_Y!6E
z)nqCsvVHD_(7RZUsche!fUYIN-6>7*T{ZN4g70>)b2^s$<g$gKoKzEhlNR#2!rx7R
ze?kKM&Emvf;XF~F5nYG6*XLZ@EZKS&#Y27KT<x)D(bc;rqj~qsOg_1MDGT}Da+0;T
z94v$0DZ%f=#Kwt8Z#>J-eOz?@<Dng8K1V^qe06Nlj#ApSi)d{Zh1P0l%0Ur<t}X4e
z+7raqj`}ULddAA;!EeJncrDCh^)L>M;p@3OQ4SoKMEiu(W%*!FfOd4fb$|R$8FV5#
zd-sS?@3UY%Tn2q3IKJL0gT9IVp5S}4ER@^stMk&*xwlaHxr8u%^Y3NQ*Av3V3zR_*
z65{&L1<(&Kfd1+N=zm=Ry(kWSjY&{#5E|+H5&@?p4&DmE)@x(=a2-DSdzAyK1MM@X
z5Hh{&5~MA(Pe`j3Bvy}R@i?R{gr=kb&V?xx(-w`pByF)BY0Vu{&98*!>`z_I*{%0n
zT3%Zx)l3y0$u3Jl+G641>?9l94tZ)L?SEe))LJ`gwwxzwa-2N#(fI7N_XV-0D*@`m
z=}7z4xa?{4y(bQ8icOyR>(KjnsIBQpd!!(H+9y(quQmlWvII3bIowA_oYhBh_O#k@
zsF6jeV^ZarZ^dV)y++?lP*a@p%opOb(}*C}6iZOYX38_ah|f;T5yhGg5$d1Qk@o1#
z+0)+oe)hB%zE8&*>!a{g0&4T1P;;Q4sB~=pe@;zFKjR^Vj<<(CE0$~aeo0hnlT-c(
zo%sxtzoW>C?O#LYtXnW#_ER3Ga-hT72T@&JUKUzwPG3DCO}QdnYffKT8NZtj>2Rvg
zLwbClWiNW_x6Ja?KQzlzzjYRsfu01uzp$~qK(=8%4l5QwuUG*6t6~eOT}S2BWM<zb
z`p!rRzAvSC-+&ayWY}3thE)oDZG3A8c9*Z5kR}h4A1>d7GOMOZ0{joKwpqTcp|)AR
z5<;2~PuphsQp>oXa!VZiyAhn;DP{V`lyNz8ORfAk{l81f_I;0#CQX97BoWux3Y)XB
zS$_QUQs|u`{O8y`L8kA7l<oVX6ngF2?_S4cgxLE2wJ<}n;sCp!L7=^U%dGbLhi0|c
zZ=Ln-M=<_=QZU|8;tMG4j$Mm@9dKqrI~tM!e<_9j0QfxqR2o|Mqx<`gT>w3E0rXgB
z!kz?*TYjE;RuX;v*7+RAX$BjM<0->;;R0!r<0zgoeE(5uofAv&pSAG+hte?qPhTKS
zJV%ww_i8E2pVoFSc%RJ{%wxf0+qms4w!U^PJCkc|5rx)nXv#hjftLC$vs&sOn$=Rj
zb=Gg|!S*fwB~n4GGvuE67uTsa;j4A(iTVFCJZ+7@lRpAa55~aL#t1wa5qPSJ!qf7v
zfv0@oo8#%FuYsqMi{R;3^P!VD)b@~!fz@$Fup-{*UzuQ>S(<1JZn7DJlISHwFo+AL
z?1cZU6z>a4alQdb@|}yQDG|&5=uX3Qv}?+QQeK;g%BFWLdnAMI^^>_TK(In6XtC^(
zS}D6X*Rn@aO8Gf{ZW8=wl3==|IIk&XS~f|R&o&3%^z|?{&4D*4*?jcdmISExNV3^B
z2L1;VW%HRa{BCdT5UtXEH(Vf1uv1!1^x21=PxM_!>20IW(|stl{4J%4zQGb6v)Psi
z|1*j3=SVJQlenZTW|I)n*88UfsAmRhkL5^Ny>%JQy93s`?k?dr$yJt3^4AjRo_P2(
z;c9fj*=Sle3B`dE+EF@(ydY8Od}G-qRQ7ak>6q2ErDGPAH`QXMm&&4J--gkXB%8;+
zEg0>SMEX0>Jys4JoRm<|?UKzNmuw!eY!^!ZjtuSk36@WU3vf=f{Nt&7ii`OFOcIYx
z|JM@ep?%;Ux;KzAnLQJdU(b|4zXu%GPnAG_ko}(M+f@>hYbC~+r3;MymGg~Y#XMtR
z^<3lpx;X}!!|fT0H)_vdDYs{~mxS$^ttH%^NuLk>()rNs^PzuxevI=2YoF^8dCniY
zH_sKJ+UtZP)ee~H!Y!}h$VS%xk4vDxHU>2<fclyPH6Hpm0X4<(Y_H1Zxw?ecbENI>
zDuEt4%kYfh`_BrBlS#AL9yd>f8p6-bC8O<=hwsy?GQxXd2pHN6)BQkbFHHBNY%iQ9
zo9;o<c9IZR-#q98^M>zVisDeSP@uM*Y}%7GB|q1A+HR9gN1bql)yLYhV|QrHbALSk
z`&48<)}GJ~tEQIJusgCHl@qb#!@gm8Hzo#i$54GQ`ouAGeaHFwC5i2!nIE2anzsn(
zOBd>PQ(h@339rkW21yg&E2R5!OQ47DL3UaC`_d9FgOC3-q`xzK3+XrUa34qr>u<6E
zdS_hdo<Eb_af9x$)=X#myHgTc$s7botzeKunALk_cIKKJ&v?a4d8GmPBKOGrK?oR3
z{|AhW6qe7u6~$X-Ir9+cnIi}6^AHe<>t}UtX`h9<huHqWekB<1Rfq1V2In2CUjBqq
zy1eZt*leE=XZe*=yPU3zeOqn|8d144D&wF=ub0p|p}ZY=H@HZII_xeG@E=;hYq?N)
z^Y06w=L+zz*()2>5qD{&g8h&^&fe(xHjFnc-=ya$-XxdrZ-ltCdC(i?LEpUqI(b7l
z(!Vm!II}d~7~GU#3~mvkXnsjhqcYk$D`9kA?jA<x7Z!x+{N8!e)MClme_H@uwsAVc
zrYSoY@Om1Q&P?x2LxAcYw*QsFw4!$ZK~eBJ>ICl^2h1J77xFt6z5WKn{x`vJ79h|$
z=k-~r+cJyFOmx)G>Xh2AXS7PXIIUPdri<ZQfS=mq+C^~u4#TnFyJ-RR_6wwq+67A&
zaDTVOL%eYN2wv!7b$8|)XO_-0`d7|1$Q#^u_KJDXr~OZ9lU_KCHYE|Xxi5k?MUk{g
z)s%v7L>qB9ZT|NEhBmfuK%2h#VcK-h=d}4~{x_%1U*<ypQw;s&vB6&$hnili1~`?~
zj$}=ln(Je-x>m6F+7hAqe(HPLQN8As3Om@I__QSYDyV!<fJ)o1ndE!ALa_H9pz<nN
zQ+$)`PcM9~*eDW`SbRTywr`UCY5O?YoH7nx$2geN1ipu)cw12nZ@Y!Nd;y1YB76*-
zbf0I|9xD>i%X~=$_+OsS_l$4um5qZDI6UBhSz_J8w@-qxU6jo(3zz>gAG&sdv_<Q@
zXXZkGZZ7nlbD_7+jcucAcKD}LJlUXrIU1g9P~QyUDFroxjpEe8QzFOHju4(04kcf0
z9BLY)aA-^5_<A!24iAKIn8$JGUW|ee4p$b#+xZP}_yY@vC-=%mPXrFTBXHO`3C6w%
z94;Qh;Yi#6Cv%~1nhX7*xzN8q7y83<p^xT!W4l5&yWRYZfZYRVa$q~)uKM;Owq84@
zK&@Iqb-uH=p8h^62M!2ud*;h#<=#>w2SV?pt4jvv#6c~Bt+y)<s%HtzZvoCl0{1W5
zDL`+}hkH%E9H9NOdrLd|9E7;1iclRw`vVp6ao2eAt>1QBBj-acN<rUbif=)F;N<2e
zr9g0$IqdSxUKfj1DJu{hQ%du#d{jpf_&c=&1>w*MDcv__KJ=>jvRSnRCWQ1xj{?&M
zO<4g=ap7qtQ+rw|gr;P*KcrNz;5q3|<U!pI%&3||=kDm;WBJE<DEyP)4n6lILR~1>
z4&8lJ4m8-YtjLa<Ng~wRc=Q!yL2b69#vZ?YcYz?!bfj<JT_(sg7vG*)UV2I9G+%l~
zT7}?RD~nJogv_;=0JRL7vIcNA$Me{mWTAa#!zD<&LJH2P5Ny4j8BhzdkTwN8XQ>0)
zQ9GS8;H*tSUugy(^UZ`^yB*bQt~->mYj;xh+UwR_k~wW{`lV^LHBwDS7SyuKkT&JA
zjA^CC^0*z)l*NE^ihV*_g&?u`np!*hwv2~*#W<vuS$U+Z>t&X+xu>7Fe*rkJNST<{
zTqm*ftu<DS^eN*mNvr6PYPu#urTx|lj@~)rpoZFAk%BbZZtA#8(hBTItL>0#t`M5D
zlj7x>)$!SBMS@r(OoUpUj<kkx+0!cQ=z|C~$u7^lJ3c$DSrBVFGNIm`j<hQZvZwV(
z$-asd^mPJiQcAcFI!D$=G4F%YuV_%HsRqY!GT@}&@#i`0`5McItzsPd^0J^#*_>K_
zG81k(kEvItr(Ll*wY<3)HFtSeZq&v=Eh<FK^OFu{uNAT!cReL<q%hb7M`P70m{mWb
zYuC|O^&^;c-!!#OT()*|e0lAs*)>}Ps72{wjVwT&T8Cw|n}wPW0Cnn2dD+^{LV4|A
zQO%w7|IMl8jdr+W^-1S)08pzG*>uFiyGDU&7ceuQ%9K=1$xp{LIxm|5wP15Xd4V7-
zTcgP4!gzSsDlkh0%*+CuYZcjCV|`EO=SbC*DOV;;`xQ`FusONBpbpEb1<Z6%dT&lE
zf4CUS?iMgJDOFRZ&P$$Ft;psT@$lZQz?>>zCjEb^HO3U{|0!1g`2uEA`N8ryt$_I*
zLR?k#a-bV<ZvdS1H<dT{Tfg^>MWLPfNoq>z2gFV1YLADvT7j7p)fbhwSMzfdh2n{=
zBM|`~u)nNT^o|+rU9sRz9PM2-yleKtsLn<pE253f4sR(mrCLOQ`IlcWdaL)sSd)#w
zSPJ`(=-%jy$EeJlW7Vx0)_$hM+S{O|Rb?X(I{zKb53rQwT7t8h_Hh&eI{pwp(BD6T
z*?fVxmRs@41)+8+5$#fVyC*IXSB$ytEPLPv?;i<q-4m*j`6KQ#5&`$lg6bj$_u6a(
zs4Wy~H>}M+io6G7zuRAM1m4$2`>y8(@2jJI7ZALDLR=rurgrRbzhbJV=-v!B$z~<X
zhb1ssUG)RmtiFTqPwAeW^3wspog1sh8-!j_;NMWawb$|m)aF8`eR^(@P5RCb;gBHM
z8$AihMpgYhgZ4j35DtAX8D5qvSb)1bQ8uf8Ky5!;WAzU>Uv587+C23LusYw-b2EnX
z0^L(Zp4szy5`wQQF6^(O)eEg!Jz6zUyWVzQ4pae!RU*4{bw}SDS6y37*Hoc(exv6S
z;;wpBHtofNxB5}458JP&{a~xyDn3%&TK}lfs{IVDwbu%Ps$JIl+Qs}PnO&G;M~yH@
zRL=zjJ|e{R@NDQ$%!b}GIq<{t>jYz9wP*w@BqMsSLAE3xq3|br;=KDJ@(S2<<Gei;
zFf+6`?>;Fj==8*UT`lq6iJIh1ZxOv&?UHwbNA&KKq$8O%@Mg<#UIzrPU4ysh`DDXU
z2d}-0{+5iMEs0)ggPoiMb4oG1J<le1rxwH8I~8U@9=ts>VD`+ho=vl!eGg{O2l4#b
z<<_(Bz%-<|BU5YO?Oh6UY971=w7(Z@hFy#I_S_27whZ3xJ7I38b2&19kp4x@8`pPB
z$-d61+V!8TgL$$DY>pv+Q#p?Nz4loD<A9)^lx#jKe-_5ef!_ZV3M&Kz%J#rZZO(Rq
z+7@!4kr4O76xqD{UTV`O_da`ps0;0~xmHN^J}mKP(gmWPBE)6e16D^Z_m6_=5ahrP
zLfnpc*<8CzHY<drUV#vm+K&6c>(%8!Qyv^7O`iV{+*Jc|;6N^`t3T}h2KxSwf;(T5
z&F(m~RY}ZOVP?_qrJBk(sP=eyX3?i&jX;0f<(Wl;V$B{2YJ+6u?~-6rnN%RbwDMye
zF+`XSp?xNO?hu31OD{oM$o`;q0$n3i=S)eNm{wug4%L>8Q84b3w4x4)#Z(t;{^>EB
zU~jClYIjG%J%5liwY(;{hv2OP)46NJ;=m5TU33|0+5z=4z`15caiBs#O|HFkV_sYo
z?AGsC@UKB|2DQaf0cYeLXr*OmIIR26+9*4z%(9bCx|*}g*c=>e4#og!J4}eH=n>S=
z{Y6o{RCBitYEc1dWCyo7;DGuu;AC^MOEn(au0g745%~KO5h{hLEbn0URP7<9LP%Oe
z-+fAm%MmZntVkD`ZFvK=AL;*s$nGPlJzbWSlUA`utm#bne}{uolMK=Do%5tgdy&)d
z4-_vAQVr-l?NUvL)8f5!v8K`qwKS90uVBxp4LF|jV?kC<TG1Y{rg%Km(utbl6J@g^
z9(~=GO<xR6dG$PLl7Ah+EAdjzB9Y_0Q{s3nPPE1=0J{$^l3;35`}JK@+pot%T}w1c
zyPo03&T&I|cq-tGq)}eH)rWNl9SL6xpyq|(Pv>{gp)u$>$xE><88*)UPwS{kEDm(P
zPYT&yYK0Iue}TAyy`mA6T)wkXhL7ngMF><+TEX^(g23Y-2iRF_rtie9vU%(@X=+J;
zyM*F%54_dCg_$#spLIjvJ~OoMssRLEt92W%N$Ic9dG_2Xo4JB^{q`i;%(uhbCyfiX
zNIPe3JSqpO9+S=L9aiim9kW6<yVl8OKg$*6@_jHtHs7P;N^l<#xsK}*SzWBbY&!xi
z(%ZApq0MTM-kF7tx>+r6yfX`R^|M-}!|Z&?kd_7QmvNm<`|MsPn`fm=U$A$!(SC#!
zo=gt=N_Jc0o|UqFK|)-i=cfsAg=Bm@UtfVWzYq#@1O!5|nXbhl*_<MqYwzW<naXvC
zT{g>vRBxlipM~W5zywa0eL&&Hjj~y#)CDReTkk>}m^{x(LEk=$pX;D0iRVdEdsCR7
z58C0*lVo#Xf^2>^M>Z={&{p&WYVuN`(th)^;O?e4tGoS`YQSypxc!xbb`<8+UGhrp
z3L!vg)A=~3OZQa4ton&%8~g-j)kf?0MwpgOeuUcORZFa~bFP~~`7=X+li3}Q!7LCo
z#V%MhDYj@*TsNylIz9`<^|K6V<tz3=`hGZVs{Tzj?Qb=|QuS{zs}&(oA=!H!L83Aq
z+LHdtYf^fU!U~DQYD<Di`G@imi{F{R&*fNc=5u6-hfYWtjDMD#CQTl%!1#ySxcL^&
zwgdjEd#!n17-O(CVvoRC9LHHf9Ng4~wbxYyQTN`gDvK}n0XuD*<Godv!t7ovn-H|?
z?RFNoy3_V)ytgWWuk)VO!}&ka4(F81u&m<yQccG=_)C5d^$}oyYw-+kBar&52iDxb
z)}Gwx5ps@Gxsfix8KT*1<Z9zJDK+@omT`P-Egjx>=O*p??sG6B*Od^lt{6_FY@hu!
zX_Ci<*VI8vwsHC$w&-`nqTf-Ae&vjQotxUPr}XPNC!3+Qb<_rDl~Nq&7K79G6XN=&
zJkj~M)#ub=Gt3heLp)J^n#}krexQ6zd6>?pRO0jQisl6=+jr;`Y0~U`-tSV|-GX^~
zOqef%hl{{m@F9iyYJ<}1HECQhCcR?7-4O%sUz{RM?UoEYPKayY^A^vHyI};+P+O>M
zqfl5h$nQ3bdQj8xfWUQ>U1Bv#sNV9>zjdf7F`zPk$Gn5P3)&w#T7dRbIfDJ9whwB1
zQdmCTYzv<!h4fHHgdXY=xE^A;LhbU*9IC_r4eAR?a55WG5No=ggKA5WXWFuI(sK5Q
zHI>gn{bkbVdaHY(Z02l+0Z~(0`=}mB4SJH`x5@DC+j6y$^B_MrjkFPeKR}u^2ZrS2
zlnyML8ZRunVym#Mq5w6Xf?GCf1-EQ`mf~i!z;V=u8o>e8_sbs}Q`6zC6&$^j1*k1j
z+>x%v65|(i?8H!??K7*z;0!9i*g1{F_5?Gh#KY^8#s%{Q%#6(K8<}G;GDm@Mj;O~7
zaTP@9_fBf(S@_fhs3E-64HA`|lUQTXu_MQ0aQ!d8|5JnxY>{pZuIM98ga`(p9WC!8
zO`T(9a~b_RUN#RW!b#isq-DVzIC|UDp$1(r2PBv8OcG4WXO{iCdusbbN2j9wRGE;p
zWA0P(fIJcE+499kutGLF$Ftbxoq4w<c%PP`x6g;0_RpUEIKjJ1hVEGmHyO))B!<c2
zx&$VR>ALI`>AEU5yB#5UoG_|9j<>@}Wxp*8ZX3@-;IwLqTk)^seU&1wn-}7-zm0=V
zb%>tGpB0OmlAFSx{X7xQ0V`H~O5N?Ryg3%`DIK@JvSTdQBl&d|!Q8s{W>rU?m28gp
zR$mIUXDx><|7++GYNycg)+fSAaZT6#luO}0dkn@IQD*sHwm*9ND<wH#c3+Nwnr>Hf
z_FRF_H~(g#Ff`Ar!21Z%i}vL!fICDNX7knE{)#=>vLli%t`jK@dK_Opk8PrbKOq9w
z0{53<c8{PbzewVEotentt}5qnQ#yQZ;rv>Q4toSmxgnW9yE4(*3(>t%J=EV_u=YxH
zZ&WvYZ{#^nR9hUJqw!OSE|jN+Xfw_>Ds9|^xcbM#q;kBd?vhv7`JH8RQQM^<Nj42>
zT(J5ld=FOr6PN{Y@K$exS-pbq1FBcBdU7-E)3~kW5xE^eaS)<qRYae3Y-$sI6FbhZ
z`hHu4lj;O{2H%Hu&46l)=Q2F^1ERi4c}A%V6v5U@$E{vb95CYHUOPoG?tWA@N6hQD
zvUz3Q?XRRra9`PR`zvpW|GT_T>D!h7=UO58(AvSdkAL#9_?urn_0*{~1<6lOrF*oz
z?-fiDE)7y0o?G`Xv-U~Lg86khLCWKFeNdi0yH+--O+`+_B=5o;fyWg*r@_96J>|De
z($sk+*8>bceW=O11S++G;=dqG0}^~KpTJ)saUEcf*lSaHJ4J#?_o@ryapZXs=2}TM
z?-tr;e)7HGj4P<_lq{aDL(TT9pwhXl&3kkA73~ily#np0YK7#J?N>q_vBsyt9cdqR
zOD<n${d==|To&KfR|F&N4Qf|J+s?!HUm~-eYrh~(Ez{u+wWrSqR^dqXqq2EYyd$`F
z7v0+=9qN@FhcX?SQhZtF)48(X<@fe;AMg2C{EhL{Q>ScK+Ml-BZH?lm4<5@Yf?o9~
z-A~;ST(gUg?>Lm7m-)0^<aSqhpTKRzu+7MA$dJ7ivcIUUYbzGKRgb~!s;>y15bp@e
zbZ@gsyS{|(ZO*~`a7!Yq|0W5V@=P{#Z6TNS%_0K-w`-_0ldqu{gfQ*$C&i|nCoin)
zs#X*SN-l?6vtZpG1*-_{F$(XGv!UZ{QkW@P=LpnR5v_B%Hq;c~3e}#%&%$i;ht7$H
z^lXKYbW)zjd3X;r<-35B*?q}SPfGSF6wWnyZw_nkNrD>E1!t_aLgh}$SZn`Zcl#?w
z64wRQUqcr#e*7Bxfb!_v&^!aEsZ_0b22dlY;d$oEvFGV2;`8i)rcAbTJ@9-ywM`Ds
zqP$P#0Ox<Z_X7*hRR8_R1%2SOY_|V@)V+IrROOjC{+x4WCUeO>lMG3~NkAY0710S0
zC7Uy%HGo1h9zjtz32sXgP&&3+3q?*yZ4>aqsbi<oZIej5%^906_7l2Jce_kryG8Lr
zaI3anm_S`8p$cdSb0XpWecsE-T#`WW^6mcqn&iCayqD*Fp67k;@2g~e<<3XJTW15Q
zDn%?Wv4Lw)C?Gj4-~9*hnW12Z`E<=9{Epj-WyHk3|0-CN_jj8{`{qeKANk1YDc}=B
zP<D?A?4*X)E3kK+3G62XM*#EQa1Q0YX9ZgT>+?;wfTYXO?Vlh?=l{B$<@4Zde+I?b
z|KwsaJ(o^p`u_&7W893`DQ?D(@pHk@tK;TzEGy-MPd<st-i+&~E|vCk0>G~GR#IQ#
z4cPl@Q=Csai@sOJjoqK|V2Je~(-iQv_t4y--+YApBFLU!;$IHBOAJIt`%dIdX7A&`
zYk`(s{cnO+z{$II8^K-x@{ti^%%0c*6vnzf5_%3vI{vl*oVt(<K-#+|mH`HBB9YOe
zCvH%$9zl-3364NbtKbb4f>cBHIW-V<P}@!MQ^Zb0WEJj*NNPEc9P#gt_Ql@sP-5>l
z?L^Xv^T?s=4Hzf!`6|WfW=)y&+4tjO0{ZeO{42Paex~DI$D%|%t^FvHLL9}5gU*Zd
ztR?y2t1SW-<{4{8m=BP_b?apmUYH+{?^(=cDVL)(m_XCvh++74ynbn?YfyE+ZBl>z
zjK?JOIWv1qpI2}(o%SyP_Q$3{_T!eq?0pz_3qiUCWY0WqVx2VEZnh7()O~_IiqBq*
z$Nj>T00<P9%{I`6a%f$`__LPdK#I3f{o*6!5AopA-_>n0{h!f(LUPkKirOcTWZ%pY
zwU6L)tnI`NDuyGGr!0_Qx2TJgAI_3{kf`nA{*RD9jMpYO$i45FC+q7g<v-v0Ho#c>
z?bqXQ#?A2ldjNJqF9gS9bl33^lB{VlJ)rm@B&j3Fp}(6<cf}7TzTfdJB&D85j?WBF
zCZEN_GagUe9KA1~Pp}8DKB41Fz7EqQe6f5UcnbCaUavSD)B7W2Tu~cF<I}Lt6Lp?P
zXm0OVI>vj0_x<eaqKaWzJd7NVr%lb?*CY_T%Lb4=9*CWVVs_$LSZoK$oJG&VP!LH!
zjeEB!>D`{}*t_lfkn}_N;%Iq1Iwtl0;%NCdA0j^piMG`jKPMgQc!*(mM2qc@hLGd2
ztZ5_%^KXu}g2%Qz^7?u%b;o)ENE`{VKUt{lsmcPqq$U&>DzAs=!V>1+Gf#tTi={BT
zlG*jDn19KVHZ{AF`IqXMf61IRE!){65Z%+f<&oFxIrEPC6`)<{{4S1@f%5Xe*WMhn
z%~fjP?cpZpm$Y!9@)sdW<d$CxU?=BqTArc_V2`(<^?Z|_Yrhb{ZplhK*ZMe+%(=01
zt@f8lB5O^0kH`h_?{y*KQ>h24HyB{7K8*LK)o^j0_(P8B#9iF@Ix(T4adhGV4LL4V
z-^Kdv(Ji1NRG^}xprNh#Dta9-+NkJ{pb`7`3<v@*dv5<5@`pbGEp#WfuSS|LBlcC?
zwgR`k30n9L)+Q8=w%v@|4uJ-GTXX(sn~2-?fmXB{y3;}S&~K-Z_GH@AeL7g@(EVSL
zIRDp28K8aT4Dx@JA!=a>Tyq3b)A49KKzHTi;O#Jh^gIvtlR|m`%Uf7KB0l#Zc*FSj
zaUlGk_{@ZiK(P^|U+_$C+Y2Pmnecx0oobXl`MOU%2;L5!wFklL#($@Y<ybxouK)?l
zYp@a|tp8mFvgf7Zmv&th`reVNh^;f7*gE6K7CDf<&x8F%qwI-)j&TdaYLrGSf;Yr`
z&A?NeeJ3B&-LQ_C8mD6xPXj5y!QPF0oc)Uf>G%a=1LQ&)L(#~CtFnRfK4zeP1CIH&
z=ZrvgjRqw4a8zFe`G^eyAKPGn=w5CQNR`inw+BFak_S8fzOPc$M*ZV>9XwqJejZ|L
zDKUT)5iD~sU6&LeOz=U70!S64FOK@|@8i5hH-l99Am`1(dhGMy&4}|iq(V%V#qvnJ
z4BH1F&B1+r$a&!=kSfn`WFGA|g7gFrF0410IkDVX3f?{eq{t!q|NGaATD=Ke;pP<O
z_!5(HY>BA-^;%K;uM@~$D}pOL<4!gFI%pgRhYnu{KCE9y_K8~mAL$v<o&pm2_PCLL
zJ6qJ=pC@YF`1^kVS9qVOh5razWS*#zTtWQqZZ^(bQG0)(sHrEAA1de^BS%5g=hC<1
zW);r`&$0ak@`tYnS9tdtHGGuL=U3N(FMLSU@cbgzi&|csowtAYKdRPT8kckc=p1o>
zYjHnS;EH@o?N|Muf@U$0^Q$~wrwP9)YIvN;LK^pl$J==w_%KXy-{xHE8{f_P#_L&r
z0{KG=;`}Iv=z_`kKS&%>oPVPKQ)*8e_>{$<CiySE==O{FbI7@>^E1rv`{#1Rc6hK4
zjoJ<!gUB!Tp|XcLs{cpgd{&sZWeif@23LU#@6o9LY9>_I+ymYcf%yD(cJ&#?`20S~
zqWtj03^BNsv#u{vmu@O5PdrzbPH?8S7SJ>GT8`R)!$9S!y4i6yU=E~(Tug6nnw6+G
zbF)~?LQ)J4Ue}*Lq3aT7gX<~*T>ZQ69K{WScNmYa6}4m6i`sz!<PXh+gqWRQnP|)o
zWYCzMx?(o3Qt;NLgA{q4;pyw3O~v%Hd$o$`3FG76%E8w^<F3T<cAJ#GxuSM#p{V_G
z0Qtq~iQ~PTO2=!@rsMTZi;c%+gA_T+#ybkyQYzOG{2_6>0%+sK5D`3K^4B{oekh#A
zcwqrZ{en3#XPUSO^X9sOMBdz&57H=JzRvLS^$GCy65GE6)K@hy`;Jk+=MpT_9ycm|
zvqkOLJW>0{0pzbOiP3CpMsy+OZOOjRfj`nd@!2&QdWq*HKgK*WZXXliY6N8kgPCZi
zFmq=m!mKAV5oSd1)7N~It@-E#FuBC`EAV;4=z>d2#J?f{JC-}*d0L&3%A<GUHBN*(
z#u)Bk*&&o>UeP3kDvG`rj^Pi3+pY2ATPBZ>$?<0KeSRcZ0t@5yW+T;`@meRtpX*K~
z`lm5|#N)&mn0^86_oA_Sw=PG;$B$xocK!(^@Y?Q=nH>2)sLT$`ulOreRw9VO{uyGh
zk~6PA@f?ya!!lDAm7yLOK@Rda=6}CIk~KGmZ|g^5I$8J=QQOgv{AlZCD*6;Od`|uV
z|IcJ_d>%KGb}EbG^M7kUxhsX}dTWM|<7^6OgBwNdY>i0b>)M6ux;lB;(<#`gUOFSu
zZb0ml&P4lU<P%ZD=U6FcKGgY3ms&z{8FOE_A6QP+DlUlUR+}`pyOZX2M?dn9Z<lZo
zyTquir%=>B=|}!rL(JBr>%T<r<>ZR?A8hJ+_Q}m%{Nr2~JPKX9-Qn!(qKfyea0of#
z?5~H-Uz<wouVl^Z6W2`I-<>+4{q<)F@e4xl#{&$;f<1uecN|^fSo5bT@5l8S&%c^c
z%>MdW;+iu*M*eVI%nFh5jpO?`!Um9ZoM^cKP7s(l6Jdho$KUOCspH!*rX<)g<bLEA
zQxfeM7urY6E8^vc4lX7?$iqlVi;LsM_!BQb$QqK2IvoPIuv{OGB8kBL_o+&pZhW}(
zOd8RR@tOyi%~utwqy1LUCc=fVP!RZ+2-aam?dOpgtzo>|awZW^>IaZN%I+V)d!wF4
zela6)Z!XXOJI9oNiuS&R=lB%0F<_d<x^stM=smWC+FfqW1fOh)n|F}LJ5ScuGKbCc
zmb9ta$@6Gy61*Eg_H5_2@51X?j&(wA`>slkdw}ExaNBngTwg(X)0jCPH<CGCmI*%0
zFHi<(NPtmZhu<Ce<r0<9o=w!MFz!C(4z35;^PFIRp|jckLS(Z$*m=PI0`4F0HQslT
zlPmTC*puUf2p-*I88<$NwDnn(=n!(~-^J7RABJMMFbm^C?*Bh<;aS1ZtNS?d+{-Ym
zGsfnEoIZv8?dfCJ)XsxM=&d|eNq}R}HVQ|b{&ZM2OhAA4u-pbLOX&Ug{GDN@umAZ|
zG_D=5|IKmW_;bO~8*j^;&TN^-GfAzHG4TB9DdaCQ(Eh9(jRzn!5$9ts<!sw8e?}aZ
z1&{_l5w#O<#?JW`pgf(N=`#|~^znH5Kn7@me|4!R*tt?~fW72C{7*!!;RDL^)_s8d
zOA+-c)^coLf1j$<SOjnJX+-$6{tWZ$rc+4z3(GATeHY8wC($V19(^C{e<zXjY8=nJ
z`xNrmI^u9@CW}RF0`K3GR$4zrd*5WaIDlo@X^>qrAH26(K&mMNZ>@#e@x*lMcP-9{
z<)ieZ(|nX07%r1<Ssq9Y%hjo2xjM{7mXNFSep0T^)fceG6&e42Fe;79)fqU6{6*{x
zIe?I(F%4WbSnoE0G+xfldne=LWEs83<=uo*s7_sMi{;%Er%W#IW|^)78mSJ5b)Qi`
zzBw`PMmB&X#>pFfkl0S*m#4~}*AivGJrl){lD4{(N%{K2f~YMzgB*YFoS$%xs5SiW
zSlOM6^C{}Gp78_ZujM8u>z#=v%1cw3JasCH99Ryly@m_gnUB6IOVmVTs3J~&+cTbT
zgTVI!F+rWeozd2$dvmdlikefE_&O}nnkDM+x*ODU8{KOEj6ZJB>u*}JL=B9giiEu$
zCwJq$IQjl~lFyTTbCZF5GlB1OPw6X$1m9;bLXN63@FBs_dv2pu9bRWsqcy4O(CRdG
zaAmqWvN=N?IUp!{eU6s6Jlf9Yf~XnX!4@O9>VHdPu3C8-bG4KoKjunbS8cXj(J+V2
z=|dx#Q|)!3idw5&(XdI>8m0^C3qa$EB0^5UlC~o1d=P@bg(|`}xx#7@wSht)I=Gbs
z4gbH~2#U=Dnyu;X=msP7rZ!EDrZ(LbeVh}^UokCOcqLHYSnqKMTZYlX?`#v4NHeDt
zctLq^n?ZSKx<UE&4F=`mwFc#Sj@C-ib1uRuOS-@<FD~RD$hn&qhi8N;z`bp8|5IX+
z_(g5ZFIp&$n`>b?ix#4-CKYXlAi5s3A}k9EazzQ29c`fDHAM>P`KagW7N0}pE;U*w
zEH`jma0Hh8FY-e=J=6b;kmJ{u!tA4r25)6F`0KQ(*+&@--p6RLD{ETzz8=9#YT#~p
z<n_n6v>h8(fOe$?l=~h4?N<D|3AFnx(0ku1&>rVP<@Z69zzp;4u4$0{dB-YEqjAJb
z(^wpF8jT@t<wE5R%x{{RWY4)&-qOlhb~LP@Ip$$Ot}t6fEn))=ArrZq6~iCzRrtUU
z7Doz2Eposd#e1Kek96-12BmhoL8)77P%!M@e;@fpp28jD1m=f2PS_{H34!5+O(cGD
zj2A*&JV<BrnlU^BpSvTQSE_?6SExg)Z&jl;x2VJGmaFGBE>n?UAhiSTc7YEq5qgvF
zq#d6|rx6<MWPag>RqmjLgR-lce;Csm9#{7fFO7?t#`G92r1aQ-J!rarxQnO$;rk|t
znQqu7DD`s^d1gG_7jcx%OD&Yn?}v-WNrwwV6-7-yTO7Gw)JmG1(fB;j2cI=6YquGd
z+O<ZdPsj~azmNPf$M$NRJW#B|TVPMNle4VvV0Dr7Jy}l9WXQri$CkDtYAJ>wmR+oI
zyvJg}=M`w{F~8w}-eqqA&C+yt6rYurrm0a&(_PWIoLGK>TeP4t4wrR#r!fwfb$O>T
zN!}^ttX~Q)UxVQjMV}j&JDcwrgTFnb?pW-uO8tJyf4%n7aMsc-Y7xN_us(jz3)^{`
zpR$afFdl)N*%-Hy@lHQe>Nkm6{VYNKDn3&<2sZF;{GF@R2-OWd7p(s+XcszX$R2al
zM>XDF&*8-KMp#7T+zc$wenuJh%i8n3f2Fmgzl=SnJZtQp$LA-{!~5SX^hRr}>d<PN
zI=C`b9od|wjx34cz~|yq0^<PfKoY-Gwl9xQ{cJLPN??4-M)?%U-`JW$VoiQ=9Qnfw
zK?`T<F)Aq}&g86+6Nsd*h=zHr*Z*X3zg5&!VQSQD1SP_QR)T-6phdRbji2>KwoQ%p
zZ~NkLF5X7q`y29yZQz;$vL~{eQ*w(z$#a9k1K6jeK(!vHJ=xsF4l76lvu{rH;qB&>
zK4P2C4cvDe`HRfpqWy--`}yd?{z~S<TM_5Ot7QI`3&)b5u3rUO&oK3E<Mq`34f(}k
zR5oXl{vuA#XJljJxg?Cgg86&C!1jZ2vVC}=s7*gk^_G#%x2l6HZ&8O<FIS^A%T&}%
z>FdX4a8;h+ya$aS)dQR|cNociIktv|(fe{pP1$CyD=a`)+X}4v%N}!XOF=|{V2AMb
z;y#;P(J9;=#j+>Hzi@N&;)qq$BC~1SL?i{YZ(WqX*aJU3j{GtYt`^2$S}}jY{DYG#
z!aoqZjy>s4u*Dx@bv0yGSEHDZ+2U)NEk1T{6e!RA75RUUn9e$0TzoVkE`F!^Pj;mh
zU}ve<uHbc-a4oyqg|`=Dx>kj|qfGbMSz4A$bPv3COzW8TFs-*E<UoR{_uR&8b$DHl
z8m+ObL#uPu!IgRH$YzH+a=;klTiuh^eRd}4K07DUeePyC^<^M?9$du*_ibIEqOCR+
z-HXoxi;7l*hWs=x?#W}w-`<=XZ8xyIV`0H)d|S&g<PYBkTJ1VL_RTih)`Z(uf+l}m
z=SNo3c239%v}CM^()hq<SbShXbktvte{G<(G~XSy7@@bdd1~}iVQQfM$-AOfPAm^F
zo|FY(e~^dZWx{9YO}fqJ#W>z{-wEU|s*AJT?Pa#RE+BVg;9orcQseeD{Z0tR=P+XU
zlE0Jk7;Rjr{5eB(L1UbKiWBHuomltif$Ex>;5G9gE$jg=7(tp$zg8|(J|~6RzrF%s
zM@|Sj*nQTYb^TZ3_1~G8KaS^ikfU?!;UJL~9?etQg+DXgUlYUqkvt`xBlp61Rsh&1
zvmQ&Fu2#u->6KrQT`zu(g9FG9p7Hm%PN2Vd4s(pHYX+PUY<xh}mf^GF0ni#ZvA;Kg
z*0_rN-P_3aV%Y??tJFCCvV-ZDDQv$|E>yQ>RibVEzXy<CyaimHyZPS!1H3YDFF$&A
z&UJ%wT`?$CZcrls3Tjm`rny)gRlE(l!!UXL`Z8?L`g(qd_u*4ib|nw?%ExIf+eILI
z%H{8oJK#rgklC7xn60^%*_tuESZBOcP{ZXD8}rq1wT7_VxCjz+o#JhvV#?nS1`TmG
z=IR0D4@FVg-#D=A_V~xy`a(QiFFwcc`Z-g~9^YZ4_IP}j1yZS9TI4{Q9k=GDq<T!8
zf!cjB-X`0w=M5l#ZTVQ+^#%irKQpnKQI?qPy3PpF)=l($X#m($>^(s2*R|Kl6$FMB
z3d5x=?{ZRnqb^0!{b=~i!si1%vwqGc)}7+w>P~fxQ+KK;4i`Fv*gWHH(0HE7H2g)`
zpXvGLXSst@qHhAY>OC}f-Q3ewVCEdQh#!I&24Ny6ts!z!-)+2d>|S0u-VDmmm+&Ot
zaA7L=<SW3H%n$bWBY$WvxTb>anPQMVcXG04A%^kCVzA#&<9M2iLDKgW%RHD5v@<?{
z`9W(D)rssJl!fmicOa0xm2Kjt{uDe<%bcnyu%LZ6-+TN3KPprI)h2513k8AwVdSr!
z4KDm`_+HQ=H8d9Xm3iPJ-`pGf=KUN|{cRZe!!yAZ-n~=}ucmQ|`{#i#+5dXZ(N+-8
z1BmZ~?Y+$E!j<qK4NOn03AYjw<Gz<)DDK+~(sOekQkRi9VA~0S0}0PrpKnbV`Q@S*
zO)NDmT5zecx@z+(T5F^^Z~R&#Uv&E<beFm_G2LZ;Kk|nMQQ6BR?{#d>e`!DRw@(3A
z|L*09aika*Y@&8dC<x?+kzaJcxV7dmjPYLe*kW;{eJLPC?qzX%_kxz66th<X@((f1
zRp~yj6uR#nmc+QnVoTzFc9`Sh9`9v3(Y+JI&|PBt3;=s%C5?$c7(r#~jE6?!$B#oI
z-t-<t{!lu&I-6Hv8CFr7^P*EYC|`(>W88HcL9xcgHP-PLhL0KKA7Va+d0IH#yrO8D
zc}3lIG+t8Yy(OG^2j1(+@E4~Ie6{bPGE6IHonjD~U_L&3CZhR2;Ps_|D{_~pMX=6b
z0us|S9=-qWDDu~uz=dHKSxxPvVSyv@e32Q9|K+gx&BgP5b8)!&(Z!v@9nr`_&^nuM
zk767z<;;g7zvR_69=znPIIL%04?)a#HXcQOU4IF$6t(q7k$*CJWlEUFDkSKYHeIiD
zcO853h6KGbJx*_IZ@xWReH8ikp)z$}b6ynB<JP2kEIq30*sImSm8;aD)wiqB8c7{q
zcbj@{qen%8DZ!Q%ZU)8Nhy0&l{qO+R4|CPwb$M#E#-R?ao}vz}%vVP?7pNo6rZ2{>
z_4(}YJLBwHJ14ShEi+xZ{hic$+qy`_dg(sF5hZzv&ACyuHBCj|1P$w#{qJGD)DbQE
zFI_KPG^%?Z!)-!dR6L;9%8Kc%Z<Fur(c1m`cV(k(|MMR5hu4E9_ds{&48AwD7?d<O
z{+{o(xIr-&gVH}kP&<#)|NCcymX77@C4xf!cYtOQLCL`HHK&n&qe4!=oUtMbOyAXn
zDS^@qcU0GT%}nPl5kNa9ObN6+N$qf07d|UY3G_cfZE+u7Yg9j)0outN(7q_U+<-y$
zG^_w^se#l2@s@Ji3;Hu4*Z{Dz$a|n7oFZ3j0@$;r(558UW8D1#^2;yKybBWR%8BKT
z4?y>ezXMl`F!mhre}Me(Z>+u`JI`fyo|F8p3)INM=lXp@;<?@+Onk138$jwdfUEMS
zG?$6I_fzmT2_UI69!|*nX`jLO_StSy|LHyC4?T~0_8p98Pl@)kydN_=8!Sn+Y_<!u
zmdy?Uv=cn7W%F_dt!1;F13QLq4f6w42w-2v{ukGQ<l~^M(#sLPN#xW=1@B{KYOiWy
z=NeusKJ)%j0Q+-uA0Cxcj>pY=!F$LLzly>2Qe+fbOBBlxcQ6@Z3Xvg5UteOonVos&
zr2Gh$H$ia!8_b5+!7*5{xY_vp^Bw@nA%LCatE{DRM(tXV0y7?FvWhhURwv#?{`O}X
ztc+rL$xNtr{+{!8c7c=!GPyHjJ;0vz&!i|SKxX52>K`t(Sa;k7vZsi1zL5*Erx4^L
z@i<b-$)0DE>nH%NqhR5{uIG8Xi)fy=fdl(^{a6gLXD5u`hUv3)g0_C6?AbO!o0Eg`
z?@rX`REpaPbI2U$SuVZ5W86NbjD26tls*6WImax`rT2H}ds4{Bp5+tt*=nP47n7Zz
z#V&gmOax1;2T#yuVYwwG6SOx7vZrXGIdU|QcHB8~vL}0jHkFe-wm3Na1ZX|zamQ!#
zTYzPwOW;=<fby%%32+#nCpr$}XB*ggGG5;O37+QNo0IbHF+DeYfpHiOoMi{*EkiG-
zEOc^(<bDHu&h!a|fsyx-KhzAar#W!-^P;vj1x`2qplw$PCzjiKpn7X5c#i={Cya7-
zJ!iHp;9<dDcE|630N8Ctu6k=ecyXVHO!S>R4i@|hw>?VR_!f{3S!vrFc33#qD3)*N
zf$FwW@U8`r{$`Z3uK=)bFmlyxxGw`pFPr4-+5bo2mVX{OHayBzx8;Jjvk9b^@mjLX
zHZzxMtFgf8qI8hvTE?!)8n-6=46g}~qxV&{HL0&OI32QqG&k+i`-*%wsjn<JU26ep
zZq}vu)v_t6uUt3{DIm?wz4X3H9!}~jA5OO$K$@F>>3to1FsZL;a9ZR+DxJpc?yRo?
z*4G>(S6##UdWrQl=TWY@CKtT*-vsF;tDIdz`m)-rTQYB}af7$Y3zDTeH`@k3@l<lQ
z^`UQo<Q(C=5dbOqT)zD`DGM-vBRn}5u645ecFbE$x0yMvI?#Mabh#0f=bEQPt2ij1
z0$~4D^BvJ0?3pc7_Smj8T^j%>GjB<~&D;dlE$prx>z3@>mbsyNJN`dY_E>L9y%zJY
zR3j+AYMv6cGCpl(^RXrUk9pheT`3DNJ#Y9y+pZ6JQESD#O%OGkAZqnYo~UB7L<y54
ze$9#H_rs!vS220{HA`VOVzje@(avjWQ?n7Ho%<Q>yqYyF`)H5g{m9W)@amRFUhm@4
zcYMf$wn|M|SkGv+iqUF`MIS3vem_LXSeRB{od(&Tcf2+WoNoUGlIqjgm}zXxv@dbY
zG&l{<BB?%$jhV&9%=!|?#Pt0$B-Q7#F>~3NxnJU#xo|qP3rY3)Y|MN%X8xBrW<H!Q
z@*}B!8XI#O8*|#1IOa4sEkA{%`eHU_F&nd(j;VfuXN=0u82KD>U^xZTXuR(&_pitw
z`btb+8ORWWSSPAo1`?M4J9A*~j{)qJdzqa&Nc|cOkE626xEhdskD<{TkWG&vDFtG6
z6FI#t2;Pnzh}KQC2;Q)P>YGJIR(m6<?zfq<Y&Se34#RdN-NS<&%S-q?)cquNAbZ|F
zj{G4JT-%x6i+N8&oUEniDJ(TYZ>s=WYMhKUHA%+m<EV_4M`{aE+h6hbk@OFItR_##
zqbQ*kPw}HjTEI_ECNp!XJ0d)ugIJE`$2Ozj-N1u{&!{2;NNr`{E&c?J`g5>;+>i#!
z`iDdkf7tK<XzS0Xt4modEwMkY01fxG10hEn)8X4%1#jOeB&8a~@;0WAr&`4F$MT)o
zZ5=$hlLmkD2tp3>PA>0lLP%<`j5C(y%kjHmIN&+l6PKs+z;WcSy(Wf>daa3in){Wx
zd~@T&r54)`toxN^fy=`7H+ipFt_s<23l}P1nontIc2Z4=;+csxC1%FelyG037<1Ay
zgVIB?9pxsBe^-DjR{)nf<H3YFBkjle-eV~@s`LMX{IzrAY%NB?`!cH|QN-@~!}_Rh
zk8er?sk8ZZrc2~T$^GavZdJqIr2d&TrQlO{Ka@CDGuEk>sCj=ueke&CE0xud2xYMv
z5>sPi6=#9eDXgYr367|qvmc=~B1lYHr2rZTp^Cl~nh!(nI-vG%!mrARj|=U60wD*X
z>s00+$WQVQ<R|$DrhpW)N!-q4pWF#-7MIrU1+WkN^45g<`QaskaxCQr^_4#(fA}&T
zMxpW-)1wRfze(fI2Kc!6vu{#gLoU<d#<P*!3}BDns|5IsQ!9c?suj_cR4anZjDv}=
zn$^X3jKAhfY>%%M(UY2pV?{~lOcSdUu?DYiBK$DM@B`yOd%AfA$Ld6k;s}%b>if`M
z6GD#B@y(ORJKT3iI`t7J_uKg%+IuR#-smOPiYPvf5^Qf6590Se8Kz%EdjlH3Mk8J`
zUK?I-<W02qcjuAgK^|P4!m6lV3#wSa`zDe9BSvtw&)|D^AE)-T_j7JkZ}>CvgBe`y
zyT7HjH|It%zgSTMzWD%l{O<83f`Z>YlXHXmzK|PO@Mq+gP2dWz7d6aZ=CJp6H}kzi
zt8Y?AeNB!f>fApgf02>Sr&Dl5N5^LGoXNS7^jVDQOTcq`NNpD!WDZxBfUmt-isCtC
z0oW(9`~L4+$Pav?-B+*o)Gn-w;{MJ!MUp#%`*oCnkMQL*IIZ4{r1*M~?aiyBFTaKS
z`_MvlU-OhG{{A5TpZPKHeEy5HQ-21ALFg^rN3=#ATzRKDwE7M;TC-XmUbjj;xAArr
z9iToUJ$9lV;IR3bDPv+M8UPNL{vuzw5z9f7Jf}(pdQQ3HVlznp#RcQ{zqe4iVzTe%
z7AnOP$dWVTWXT?Z(oa!xzZ0!7H(#+$b`H-JkXRC6u_P82OY)-$=z-j)O#G7q^-tc*
z{F5`7e{wnPE8N_=*leTz%+BW3QLIN(|D=idC#!V-<YxT+s_4y0IItuM2P)s1oWJtz
zw`lH3g1@p*_g60II`-s^3I59U@iD*6oO1fl$p1Bj9B2vOJG{=IMr(}f&}x%9xH3f@
z*=$xv1YS8K@PSd^qLdhKGOG{yWgCs7c3|GJAF3;7g16oT(iD(A4{Z~aJ2~02hNJg|
zkT~R;{K7>&P(Av7DR}u5kk+KY>7u_^4Au(Jmd3@QoeCp=`!Fh-$?`T^tfD6KvAj)!
zOZQktb3h2r&9sf117ZiTzrfQw=d&j0Z?uo6t)!27R-Xa)A7Zh>FS1zSk<C@=;L4lT
zq19heqcu0F!|QHT(Gs5U1k{Z8(WpjiOzP0;6m@W=SsmGIQAd{W%Ag<w@LmqFy+m6L
z#K-xQH<3T=1WnF|?z4E0No=lx_$rg*ivnTfm#2VB6LJD2PcDrT`R-Bhy3-&re%(ZU
zp%EU+hlQL#RmKY9+pNO6rj4H4RW{J7nu%}obXD`zsDA%A9%pBm)|H4H2gTtAWeU+x
zCy@i7$8B!mNKW;@>>Jh6Tu>@G>xp}fAcc>E(ns#nn-bW7*PR8flFwLsuT+l<na$4I
z+4Q_EVYc=!t9>%@JRL)^c%F(d@)r%EvQ>mf!eR4w(iGJyYDanSHUb=8b|y`!;#zjK
z^P!4Hc3-j{Gfwb)Y5KS^<2PWr@=+T9cOf`uze(#!Tq>OLIq?4)&Xa&Ixi{eQ_<RAU
zsJ;G%er7LK2Uk|9L#uCAqcvYqhu7VtqGn2)Lp-=5PNow*3WO(NS+oSp8dgzjPvkFq
zN}o@U=P!HAOVbH&5ZT#<=?L?eFhUO8ZwpWBBOfLFT<ATwF-09-XI7&%7Bx8!Zb&c&
z&IpFUr-Bd|6!^ed#uIh}bccn)fN2)^q5=d+{td`S&{h-S6+7QR{_s4|fQRnLy_}No
z2E`(R(l40Qf?`lG&j|0nNi}nD$jMDPf%WF_y`0h~<Ohxk1%W3qoDjQr6T@zvsC{n~
zcCnnUXw6b}cwLoxZsX0P`CUUc(400nEpQ;!rGQeH0=>tC!obTj!AEOu7Vd~F92+CO
z<tXxp&LLO*HbIGGfVLQ9&s_kgHot9C@=|5b#d3@Acyk_w>Y4{RZ<Ph49RQgd);BKF
zYfTQ!{z@Y5$F29aH;}(QibnH{F1fy^&QBLI++8?9KF=53J_#C_k^)M}Q0&Z{aTNL6
z&!Dm$2ssu`1y||wP+j>4@V3r)ao51j)xTK=;g3r>E2;BRH-x0O0POuUzLFS27zaDU
z8^|B}2)PC`AZW+B9UrP7abZ?bi_E2SG3j@~vpj5{3B0v-kers7jie4_&$;)Izx{8>
z)vyB7xLEFd8oV7jAe9)!a%&G%WBCE^Io@mQG{|0N<f?0)2JiM6FYQ{E3qQQ^8F9EM
z8>BfFv3x1UlWCB>mA$`w8f33Ga@AX(2Jem;hjy*cg&+RYGvaW2CP=nvkezDesvnyM
z+2;GE-j>$Gd_TpjHgz_&6f8G#)$6B0_AS#O`_^}%df7c(bz2kXUE0)Iur(jN>ipJ%
z63%QhPlKFp0GH)!1=*DxKVRlSdVuir=t38hfh<XKwKR^6_FG9dT6YdeK9D`*?Y|{X
z2AdO?->}>Wz3W$jwtmGI?=N1z0<=^MC>tIC?F#(63A9@*(7Rz3d?{m@(<qLYq*45?
zN~5^lz=g_}eux%~r>lHzoZ5D^<LD1}A><g$5QCUbBJZHR3lMS)WQf5N8RVXZJ&)a&
zsSw{E{`=7^MQ@AKWA>O!GZb<b{31iC;b>l2I44wr&xQWEqK41t4ft$kF?J0s#x8Ik
zIo<;3j?5Faej7R0$l37A^T=@_nw$M6<S%+1x%9EIoX|$)ggwiCk#Qk8VNdCq3|i|W
zL)7A9{@y{zLDtxxsr(V2P0f7oc=Bm|LQeKnQb!<Sg);qYGJmxx=;XK)%d8*`35I|!
z&ptfes5H)!RLp;|j<l9HDz(Q9N}n(#(1_Q=(K!2te-X8ko8SctiI?4zjd=5kuB3eY
z#Q^qid$=G%yoz!_L)SwP%irMx&5I9WzH`734GVHb#0J_!Oh3aq8P?JEnc#Uy0g2qT
z3LwSww7h`#PskrWhe$n{h9^X=@kgSTXO%qx-b(HYbI;7X=sjV%m(zQ~8h#{dDsMSd
zQk?gbaEd!Ir#gq_RNpo>r<&9WiMt!Dh}6HlJKB(xU)?8wlq|>SGR$~uyY5fO4?`%S
zR?el&OV9Ow7a>Q_4DexH^xQ^4ok$<Wdw)Cyw6k$~X(7m-0$EUCQK-WFu&A||L6bqQ
zxI+Zx&LU9onSVPcdmI4v_*j@+b{6V>3_Z?#>n70Tj0?w6V>t}VU<a+Bg?PDwoQ*u}
zwM{gJk&dCqYJU*tcaYvi{vrpsT6r;8%7JS=iPN>Mf7}ET{#LJ>7G`((>(B6e_&JxH
zzxDq}XKo!vdtXDyu~o3G-+W+4LCs9?)~170V-&m_IFRs}dSm{ro3NZy3t-pZ8(ou8
z@P2q6k(?&Hwi=7z?Xf2ML_Bf%8hw^TpGchrr15eT;9cZzPX!mTndf2|pW09ezaw>8
zrv#1(`GFI!BY%-i&jY8viYqvFC;n+f^At{@QD24oG?Ko-d<-J<9rm0=3HEgNNt9qu
z@A(Kxx}0TUu~$}Md^zk=+wY6BXE&Wd(nPqu79mFi2W3CO=ZeQ2+$xyY*Z;Al;6A|o
z3cQcuUn6+Ue`qUcVYZ4~W~=B=5w#Kv<>^WGiaq9EICOi(9`mDlL|@VMlcmhI7GHyA
zJln;&jZ0$oizR$-GQAg-L-!{F7vRdFdr*MD)@!Iuu9oM!YI&}!mWM9$IT4?iWi7lI
zi~zWbh&~Y;OYgsByF2K-2fPPM=pB_y0Zx^6q$z>(D0A+2>L1qg*juh~2U`Hj!h$`p
z4a<%r$kp<MsF`O&w}lgfl}7OP&7ytC+qoc~51v>2oN9Rpf+bX8$rrVTS)kQ!YhFD1
zKYlll)Y}NwTOrtX4Hs<r5vvjYBhc_z7UNAXR9b+@6RqbV*zyEuhX~KG2l|AZz;t%+
zivB-8&YJ&|1AF{hR=$V);#s<u&LX;&QVUd9W`Xx0fYiEQ)aGPC@AmzmmG;!UP{GCe
z$K!n`slV&rL;lbp?XToA=*H_KHEZ%|%^EDP_s=EwwgxNn!P{{ejjM&G10)B<GLycC
z*WdahR^RVOptYTcAU>z?nomLE9A<#*xg%*_7lXqzL*l&C-a~#kN#|WZh3#oMc<ZKt
zMCO*m<~H}jbHjZNze{xsf**O%ZRW(F^Cs|`OF?3HcobN~7Ec4TKj7pnjbaH%RUGwe
zUCJ5)No#oLUE~i(=(ttcYz;R7sgHlDYk2Wp<d^@K_7%y9t)adsehu>I8rq#8wQ#bh
z^b*%_oiT9@&%KNMp<@hxQe$f%`Sisv7Fa>?EQ9t3N;#|b@@K?N;JCE4mGH8sWjhz#
z35nxA{x0&vQMUi)*to?!NEd_EBlxU-mwww~Vl>2Ec1>jkcsV;rOL^I|F=;$6hVR=9
zz6R*-=VVXo1bkyDNAD`U6u3TXym0&XO^Nfl6|etIwtj%_R-VR8V}Ade^R&(%reRFa
zEg*YZs6MjOe9vV{iwQK@Dp#}?fQI#n1uS>n;)dSV_dtW&x2hROkUuQs2GWiof9o5f
z*76>cEzcuzpH>T7yT0bWoKVFv8$LJquDWf_i(B;j*5-;@{VdQTg`!q}4V76RvO=)+
zJaQ!Ss)^uf;pmw)9xpcM(|$28{wD5I-xmwDHQ@HhT<TlKV;}BC{&pU^odD%@{?Iij
z<OJmO=EeBTJILmZ*HdevYth$$$Ju%w)Y|i$S_QBNdcQJ4>O<zi$kRLoB|QGKt4HgM
zJ<XexZO4p?yr0$?TZmz5W;K<vKxy4i?+e7T+_#<JlbztZ(D$?P_ol?}m$Liu;&De9
z2Y*HY>=)`g^9b^TA+hgPF0pT&cMkyg@-MR1bG>mj)%3ZJ(;uGe8vs7zdFt1~c*>ur
zI%cwd8Sls1x3xmuhjq-Wb(+Wtw7i4--~iV{Pl(!Y^Pu}dTI)S%VdvwL6e?eGARpmD
zJ|cj8B*z54+FWoo#I5B)-lVKOW>jj~T3+l${;)l^mIe$PnhO%_#Q4JSw(T0wWS;Mm
zd9F+5p{t&)Cu9v(94rvEmRX?5+nN`T{*T|!lPlUD;nX%0r44yH1b=|#>}$ASJ(DNu
ze?;&uc<=^JsV6)vCvfXK$lsnp*SabLy74-l`QR1LBgtt2VtbG96VI(`qPcB5u=wDt
z*xZumQJ*B&G@OSZo>LLK4+Qsz=??da>8|rQ^a{nGbnJ%SXO9EPP5rGAd?5?C>aU6I
zUH&^1x5?g_*m`ooTWkdBLVL5e7x`<=<L^y9+Z((lEUUaYi^?h(9vB7`7JL_mO$*~y
z7!Fw1#jpt5LKP9g63}50n6X7wo9~Xc{0pet(?M&S4#5`?a^SV%b+^WB|2s=hUq*c{
zR=J|S0JQezd!oNPjQs7pzpFaId_pEQYs~?GnrQc7<nI*ji9%CN^!dZcukQY?3U26a
z7p6rkIUqduxx-`q6S__xe|Mt(_g_gpq6^n()dV3B75D&_&CduBh|yARVDH<=AI=5W
ze>@>-|C|fmt%4Y=TngSg14y0w39Nh7{h*n9YF_A^fNyuQxyZIqMN1*&p_p&W%?B2@
z%#QKxmK1UynYQm5F4)O%t@B5qbtd7OdLDwE4A)xl`P>W&?mJv4S8Oj7wSntFYZsnb
z91sekmDMyJvhr3Sxp%%4k<`e;?PiOpbqWPhJP-UWo=fEVvE%Q<GW!xv=_E9l8~DcC
z$X{!tFj;Ja?iN7|I;+9kkp|MPqoPXYk|UF~V%(n!V8_o%ZN3~<n{O_i<7XNFt9VaR
z==lGU!p6T9yv0_!zDw<IF<uX_^_XFA9>_<qJXlELSLGuPkdN3wK5`ws|0r0V2`*<j
zc>6LyN*)W#!xP~_M6X{etchYAAaNa-z6wJXc>g2UQ(XAgUqHosyNMS{@tKIn$MYy4
zyqe@pk@?{B<Ac|*d{Pj2pZq!k$H{MApzk%EPA*&%HGYi;5pv*u*BGF?N)XFC1#tcQ
z8>05x_e5>0kaq$&kZJ`{>k|qBbDZF-6~MK52`ISDjS$v{j*uGnx{P&Sv7!oVqAInk
z?kw#oR#X#c{c}Z4oi3<&{q5Ou1?DsDR=MJ3q7xPbe)AggI}ET_pWCwtIcifxEyoGI
zAprt-otaMXh2I9%40$^u8K8j?l%KqY{J1@o58ZVsqK4t{DXHU77&vno_(FW)4&uvA
z5w+8ofiIFFYDXJO7U40UX7GFJHRL}l<OL$USnlM&JM3sHxE^HBkl+Yl7?J%yh02_z
zKzv@#`9SO^&fDo79Lf05QYZ$UMxghqa@Sj1QeffR0IoWKoyCti6+Fi`@!U+{vXHwW
z!BYlcPwwa7Mer(ZoNwy+iN7h~CXb6%OlI6PT`1jvki#i}w?Cz=;4K5VoYR2R;z=Ic
z%*mdAK*(VRtXs*Rz<yC%o&~+n?FVgHPt6N~QMnn&oH~R*FFsZnlbc^+cKLv?CfYa)
zw1MkIt&z=Vdy1$vrh~TKCTfk@pfyZ4mSQ;9UjxDC&m)Jkn8Le+Gg~q2d$_UltLH8Z
zn>>UZZ9JUT_pQnR3l}jsaG17IsO&u1GvMH8U3Cg)9q!}78_U(3=0K3h)?IEYTkq%3
zr6J_d`2eQVDu7ewE2k@XKZyP3ndwRi*Rrd%P}DFF-j3nUU>KMK+A@Gs%eWazzyunG
zcSp8N=nm83hfMCov^#JfIq(=S@DTg}%b*9i-l5e7b#SFo9ocMBN1C}<jfSh;!RZEY
z>GDhepOL>ko60W@&)yl6SGJjywQEgE?F}X(uPk^C`HOT}vJRAnBS2(_7YjtqVgXXO
zeX=qa59H2ZGX9Hr{48+ccOy)vt(*zokO`zp%(Jab?~b$C;Bgw5p4`A>OyXN$GG_Om
zksmT>pH&8CQ(!g6@HtRt1BuYnb}p#vR}a6Ms9#|@>l48qs7-HPEHnKI%UXT5P=##b
zyPB|mRY>J7EN8Wy2UVu})lOZ%lJj8XK^}s)GyV290DA+|9UGbM*sz@oHXISP(mLqH
zFda|k#d>6GoF3WAWL^vx^UTjC^Ipy7gvXv!2fd9)Kr3o`Z*gf;O_XE$>2^lb81@+M
zeFF8l5!}tXoXCmf@5g5l`)eJR8D|M<K0EU;@41i+-0^Cnu7zdb(otP2hun*x>sp&f
zkU!C$8@p=&9pI=9_Y&}aF2<3Zi{m}U3;9dHdmA1<o8f3m4DX9lK&o_u*KNCWydQcC
z`D+>8cN${0G~JG7E_P&_zm}P8ct+e*YXhk>i3a}dmH)dmu=M{T4dl;^(Ll%L<I+IG
zMQ9-W%2*mu$Dx54AbWmyZW1&g@V(I*gF3X@s1B|)sUw?H)R6;RVk~VEE!1PYNd?!p
zlW5_g1X{=o?0p6K!<p=E5=IMQYpA0CbJ9Z9TgWf6GoaJTXyHmKr~F^xmums+PYd9}
z^Q!$65gKj6I{pN9iqc8W0n-eT8=iNM$muZhHbM?8xBd(vM`Z<gdyF7mjP9dv()$4k
z{2&IuzF{QoVRxrogX!)9c=!*mu-t<<JnT=x!<dckW_57oSJa`^H>uH@8&xFmO3t~M
z4)6H9bfv}7RnyD_x*Bin&x-efH<7<K^Wu1a_GRRk^S^k!-~J}G`;mQ1XZu$6+426%
z;E_8q-lu?z)U(m?-g0rAyzNcoFUq8AJD3vlbF`$<yELhf#YcQBm7KLPlnRo{%bo_^
z25w_E@WPl4Jmcjr?|fRt^!7&>-PKKk?h5e!S(50k47`0qNZQHhPP_=+)xJz)l;i2{
zMSk*hSN16#=QGpV=~*#a+cGPG*0L@#_xUd)e+ZJ!E?)NZ#@X{Gq}L@_R^!#dm6)at
z>WDCwR&_cFy+QOh3TG2^Kg~l~yx;6%`?LptZ;Z)B)Nke_ezQIUNUiaBCosIT#qiF1
zXp(p*#NnN7a(KrxUOBS)Ms;xI5_M?x4Jukf&+-ew{>UNZ4=2eDtrOx+V&9!{d1A*%
z%(kKT+(w%^ye?IZ)}*OJtJBrNl^N>D=1g@&FeqmPA)v=R4G9pSwjvfUClo}<{~dw?
zMzJgW1EGt+akgARVz-NAPw^odyB)Sbw;2pdL@=obM{VeNfvPu<KV$*dJ5Pw(-4^K1
z0r^PeUQU_f1|`23lomk@TGF5z^QZl0kepfIm3feyX+UxwpGt+jEjDVmDYk*sk|74o
zMyPgL!22xLA350rhmarRRoDpK_+3)_H$x28n;?i~wOuEf9aLa;P#b7}6+of)QWXS_
z355X+%ZCAcAuG80XM9D~W723GBaQ3Xa0vNBJh&nYMUB+qTL@ageV`t_h6^5KJon&_
zKs%Vkb6-3U!Gi=}^GN)0dkTfe;wajC9e^Ff1n=2F9)b(l|1S26&-NcTgAzGF<Ko=_
zhl?L`D$|>5NUcAD)3(GlVR`Z<pm)9&r?{gX=h0pXp!+EvwD3GpJ8Ob&yap$jPlzUv
z!aQi5JZSouEzD-o3bN-#9)e3rEMJk5g3q_{+CFqDFPgCKBv%|P0L{q!wirHe>sGbn
zCFI9=+x8Oje=<)bcQS0{soypiWDjop@k_|xDXfVSUKM};91l`h$PJ8a{;E2-a-}-7
zdW9OTxm6urcZ+&%<8l=(p|;a~JZOjq?fWkwKSD+oEu=L5tr4_0f{-JW4?e6z4zJ_Y
zXpNvI>yq&~OjG_x)bigEHK&k&LgYXi6bym0f)L;YYR7yvpTc&^5>W6vZba`mYkUd$
z2Z>EIH?Zy{<Ub=oz{Nv%E)U%g9WyBn)9)I^tJ-Hx%G&)@26+R+2lRUZfy6r6Z>M(W
zyo5U>?12?8Q6Km%FHxIvI)MG#EH=rOln18!e#jo3E=utIjCY@(u4fFc{7-dcGpCL$
z0i`w_x(UxVi&{xKbT@1ggO+q~HO>;Xy30hZE?`hA!Fr;I1E~_zC<jt)x~Sd2afg7b
ze52L|uKLSFt^Qd9S<l@hZydall(qs)8{|&o+#S2t8+Yv50J0|sz}}S)*;j$=xeC&E
z+&>GnUvDwrc2ckeP6_5fHOQXY>qITRe%_+{uM@Rb8m?Y+-*uwa#bxcd?>f-xes`l<
z3F!o{uYyqdE7KtRi4n9wzxS;}0I4ervR8oYIc$X9`36u<3Tc5W^Tb6Tey!lzOcR`L
zLP&~@oq1dOIpq4aTdY33CHuC_XQA4Aov2;iSi0!dE!Nw<f#=d#vgo6)72Njf7V~Yd
zDo}k=um(;Ewtxb%=T8VZew{Wo`(LxBW$&>-HtG?)nS5KpX-8YZ{6`*ny(<mK-E&>s
z&Vna6Wfzvi@H@p(B)x@@qn>xGbytbnvkaaXPjq<JUxj~71g<6kyKdL40yu1LEg>;<
zBb(jo;L81-cwhYv@U=U@r#irg1flobMw2?cE=7&jnAM@x7Iko?RUO%EQ%4T)$|nLB
zz_^TYSbbu7bV$ez987md^)pM}&nr#5Kw@=|3%LX@ixh^#9h}nob<k=}V%J)0sDf*S
zE-Xjae&5}-HZN4saE+*0=7Yvr_%2A3E1sEti+U}{o=U-dLVg+~bsMMr^L~T!<LO4F
z-wE0rg;QF2lhQwzQ@2kyDXrUhrGEx!tvB#W|6EX8*YZmLJkVBE%O3x;B>rw^Q9qS4
zb3@-dQU;-q3q#-YlnP?7GL6Q&R?cL<(}2`RS<2#JN<sGEbGrd#kCn?mv}|O_Q_sEC
zdSu5>U-<Y?>$@NCc&q>8Wm{}Nso^Xqx(pz-Z3UIw$tFM-*yM^5K@6I6p&FlKk*|}w
z;5*m%q${m)bsmd2=Ns1%pGZNVXA1agx8t)@K4Kts3_!trxjhY}rR(b#O_V=$;5;IE
zi8B7(!Vw>PnE~t;kUaxJeqcE#2Dg?1slT;;`k{g=j8MImb2L7d)mpHX%WG^kwic8Q
zBiFJHPO0I{Cz{S9$zcFHp4TQTbmO`0ngYJi_r}hx$a3j(Gqb*jjkNFPDc}n?jk9jU
zrT2YWpnVqzwC@d5zz18$_8sCbz3;yWVBf{(sBJfJ!D5@Jx$l7PmPf>36%Q`VkAIZ|
zzV_8n_9}btsT;UpkWc)khoj$^Ir>do4)}^VDC-fxUQ#FqJ8y@w53yW5m&Tix%oBqL
z&m&jKzq!?x-{z?wa?sr`m;+W$EMGnia%zI$4RavX?4@-Rt}u$_ZF|9s&&n$-^zU{K
zBz!hRoFc6?oiA5JQbbMR!A{-}0;y|C-Vf5e!7CW<rxM;Pd**@cDFCoP2hoM8?EjC1
zj6g1c{T54Mb{j|U8A&I1kI0^t>^!<9ZEAK~Q)1gj7SA>MZq_uy3r{-Q3Qlf$<n?(C
z8yBG_I*)RYJx>AHpAcZdRYtM=YLGog%fQ<SAZ?ufYJnzX1`t=+=*|M^s73IGEFc|i
z6})wsAYEk<%a3xrw+TSHDordu+QEC}5j6U|E{#6Ned2zO{(|>*q=WQr0Q*W-{|dwL
zYKvIzTmaq{0LeT3a6u(s*y#QgNlvTaCHWZJ1!Bj&I!!Eh^7L+qtFy#%=d-*QhLKbZ
zVE<~`)a>f4Y1x(g1+UKUo!bO&Eyx}KWmi!{?INcOymiw<1;tQkz5K`GCd~JpX2Dx)
z0Lj@Rc#F*-74hP4@OMpAXQAH#@5Ow0KEIW;?E%@7$t%0AZurI`JcsZZB;mDS{3uEj
z%kjDSRdNpy@5MB>2*8eEG75)Wp4>NGhM!}&<?`OpCv+WGvGI4}{pFw7bydUti%9#&
zNXk!IXFFb-p>5ZA^X<VhLJ};#0kS6x&zm>z$h3;(&VS*(a0*HH11z|j;gepI?5ix7
zU`5=0t>0j|1S{fdk{#ai$m>@%d}Gm34!oM9t-wIeN8Fd}LCBzD8Hpp`$sU1A+i@Mp
zo(}|D;6oubfX~sCtms0F>jWoRA6OO@1&~foh3r!!Q0*KBZ;K72Z%jYDYd*+FvLNtr
z77Tps<g*4sR!U3wUDOZWQ;xO*p3k?U$ARKIS71HH@pEbbyj{k&f($-m4j$(*V_N}+
z=gLQ+8hJTy2?tU&z|Q#t>B>%k%;}9A7iC)c9l$%^xRTU@kv%md)b~}>4+Q5c1$Y4W
ziQBgBrQ;zkzY#yf{o{3#d6j~<kEgVT*Gld{w6_(^<1%(2PB;Pfwt}Mo-dBxn1()k<
zX##I257Mcr;t%n<oqX;<5f74y^)W1D1l||&1HS{XpOm5c<TS`eTR3lX8igCOP}-Vj
z6wA>T-dmLl(!F?pTLo{e01|08uy%}(M%wpv%$|>)2d{VrNdbf$CkG*m^sj<fu(JMt
zPw#L*L4n*ckM;^AmxJ`z#Cs2zLAn{hPX6b3ZwH=>MJzv=@65*YMjgDjJrkrK;IXE{
z1H+ECf<JPL7UDVJcD%-B0Q+k;$|rirJs`5@A%q;b{XPIY{>8lHq?z#&j;;Ye$M1d<
zf1g2X>ftub7r&0zgYhbDYBr_`Hy``v>-hbgL|(ZDAqQE*2v7Jt`j96w3|<R<*2Dq1
zdk*(;GKtUr7=O#wj5MC$&Xe24;6{KlyuOpGAxL0p6uf_9ycpw35#FCN8fTHq_6*DX
zh~0Y^zh~v_ELgA4ljDglKRRv)Pwv$zXXip4LJmzZj^d?!0+F#q{M!WHCLSb=pC^}#
z!IQad1t*t7aGntqjHf48vS%wH*aqM|d7BtKX>2Pvc^d?;V=$b>@YBHb3;cTvLJk8t
z-zaZb$?nfGuyYFk;(214(s57#u<P&Rd6#k-J1RNhL^ube*<7gn{8Y&PfR8T3YbJ1O
zqUXmqroTpLrSDxt;1xE3gyGkhO3xWQH~c<6N8G6(o#ZS#PFh$W9lW>b9VC?l*x$Al
zW^WZ}t#bU`Ng*@f+(yqu{H{)u9e+VFT1pek9RT*j8B??4@#xqV%75`XPIB9J>F2NB
zmv{PWyDItI0ry+9uRen7v2!4Uf0BGd=9tTS;Y}oA*v`}Eoy&V`-@tkl#TBd<;<@9!
z#AoJ85}QfaEJu-aIe>i~L>J<3i{sXcdHkKMrlC$Zm~OuVH17^SJDf8u+qqxxJ`b{I
zzNu{&erFrVo@!8b&2R87s>J8>2$JwSm=|Y0^2qD>9lG|NyMB(4BOW#ykw?C>2+zCY
zH6(oi(S`HbSxI;$&wGnsLsDTJFTgte{4}xrs|=U$JKU>C%4V?NpEE7HCKQ_^hT}8%
zZy`3vx_6O;-_dDRKOZysCwFD=aX9e{-YXwM(yH^cMuV{qf<*>c3GVMN?#~dlff-9n
zw*!>b0hCn%l(hr6Dmju*<-#(clY=1Eha$HTd6TrYeV+?PR*S)doOw<aezpbFn^@Z|
z^fwr>iQ26IF8qB<faRl12Wi(@QJV{JYJFYi7(J(L4i~HvnEh@hNG+ShU?-lJO{8~J
z<+c^HY=U6xHZeG-l-vP0zn<kpw{C;r_V0^9YhH9=jnT5+oClJ{Dto#{^A-w{@)!z;
zUG#Dee7gYb+6<A@wCkTo?Mb6HJrXyUA2>Eo)V}@S$Y11Sbwsj2Y4yZnb>qhn82{J?
zU?=Oz0&krY_hk<h8o?LJ2NzybRW7(%=D33`c~JJ$94`2qq`BI8@O?9Bz8O6D?oWE}
zF&=ykN$>rD2j4%jXKsK!#lEW*p2<j9zrb*9xy&7G{XT}RW&Pto=l6*Ld?7p4J@oJ5
z*R&b8=YVT6@S6MI$lsou2rmmqYu(4sf35(&@}&9C62Rw5dT)yWzIjRSJuHB4&N%DT
z=WAtczc+vn(#KyHmRWAX?P-%+*O@;ce>gpHT`zKpc)-W?jb+DN6ZpUiE_tn}ncF#~
zWi4o%4kG_E({E8L1@nof?;`02z&iP!?AGr?u=NQs*Z@#QaQg`eT0qWj<+)%#)6t4J
zxdPJ(K4V*_-#A)FZa3S<f=_8pyOvorAG389X#LY@4Y~Md4UVzT`q{Im0ucNkmhVSk
z_T$n7T!;!ZmK4)1e&?SI;0rTdcX*iIk4xh80}yO|NYq*$p?2EvStOBMoku`}hOO%5
zf1t6j)Bk|{LkKypC3g!@TV@MS{TTBOB7Y9M3jzN|SX&jq9<%ovrDVM4%6w(|c+Yd^
zD^tgN{?n_KJoa24J7>K2f+b4oc+cIXifO#(X;+h+CA^N2&CAunmCMwj)l1cAO_e&l
z?q>De#;>SI5Ju}~o!e+oC#s?Ki2#ABxH<(9Cuk)g2Avl0Vx7a8Mq>qZ9~ybL&Om)K
zDbS_+R7(t^W=<ioK^n#*a=-9M?d#?=sCK5o{1OwbOAv|K3HO+PI)}imevX@rhh+;L
zFT!#8Fc>$y0{BE8Tw4il<OJRoz!xGmjhw(YhmpUQ16K(zd+Gx;*EfaPqZ7t6&LMV5
zd~PjGsu9qXKek4|@VcASa~p3Q%`13jx|`6JYy#;HfIU-k<|=Cd_N@8AT;(o+J)4Cq
zl)C};{PS&BDhp~vH7w)>B01m_%_M)L-1#Vt4K_pG4$DZ*qRL0X%cX$SkK0n=^m-no
zmrS7GGi8|(h;3{?2hwtm*4@9)$W`C}C`an=x0kNj6k>Lxty?%^H^MrXcpgcY0oYp&
z6gISuq=WdF-r>Pl6h*G`C7`sViyB@_&oGiA0=-|A!2U6(vVU7m6n{GdWY23n_~aqv
z>M^;aZiMze2;iz`HmF>TlO|E?<Y8|XfSthP+gA{rjS2+;1Nki^HJ75o)Ij`xJZu8(
zX9zi-o-PJ)A1wfTTV}b5k0Qi@gmI#U1J^|O@F5Sr&}l^0xCZl$(}>^(?#s+WH~Fq}
z>~}|b@WCnMBJUZQY@p*^s8lfn*!|PpD&oy2ux?Rirgx2z_QPZQJA~o$A)Ut}0enRt
zBA5QXXaMPUfIWMU(eL_%+=Orcg9l&x3FI2$sc+|=9Pk|@J{-Dl-xR>tK7d?9Cfa^`
zQaj$CR|N3M{dD{(c>I3k!h3u622k)E+~;WBv@A?N5k%oRICdS+@Zb|aKxA)QfZ~n;
zkN>~OMe>FM5XA5$@ofk>Y&qZ?TK#)<a3!aXZ06OGW=Qa}Z!@sH`=_f%$C|;$dV~jG
zI1OCKgq*<A$8L=d34Gw-6C$zi_W($>HweTxHSfP@{1~Y*!n=c(o8X1|2Y~$DxJ?XJ
za^NlPX)9RDS!@kF7i=)OgL90K)o9{^+j%iqQw&~UcjmV6V$fO4?gcivgY~qwM0JCS
z3tC>OVf}K!KXFh-V4&mP20H(E8DIsTe+q@szvKN+Vefux?7K^Fy9r$N9vUCs;Gyy1
zI-j~y$E|V3abf&0P<q4iRsCh|U_*j@l@s_0?qAShxipIRpfdrMJn`$lb08@W3(FWV
z)~~Pck&*cKZ%_wUy49i82Rbz&K0Yw^oYXO!3?6)UEFPTWz$ZH{jt5<M?s=aB4@#5p
zp!AEugO~CAvnU>vW8Rv@-u>R#cY8SSk+`J^@L&_ggPr4z^BWF)V*2=a@S%a?K|UTo
zjqzp*^PR<yT|I`*+c@xrZ5PLvuO2}DT5BS{ES(^3@A7f*<vs!I^=nBDl3-~r%{Q(8
z6iIUc4lg^Msn|Y6nYT1FjMkj1|Cy*cu`IC39V{6}W%&PwfT%V8hSsMsbJiUVzr!+$
zWk)W6z2WQl>^2{&bPK1Siz3O~K<V3!|4wc{%i2r9>pqL5@%nah{OS53BwY+H)&t1j
z&LzU7^a60139{#R32{porX8Jb_6y*u&!+cY*3Y7MDi1l@3V3!`mQFKc=PA(m-~BW<
zt}}^d>UrE}bm1ESWewZJU<qfo@$7D>dY%jFe6k6j!4HU9JWWi5yR(T-loNOu(}RwC
z=jJ8g9)<;QljBv-?;p#nTDi&ds#p2R^QuvJ^D#a&5lnaNNB;KA@nPBm(S;Mjv-Hy7
zc|U{a<sA5GF-<4YQKu0o9T~Hf9ROqLh~rPU7>G<m>B#^Wq$m8oS)l%xc)G#zs7_Z!
z97q|-?Hr8K6^GY10bTVAWG-X)5ypwl06x)lah$kfKk|nRi8x{5FU*gy?sc(#^Txro
z{)^CaJWgGE0bCni_wQ=7hEtQ{5zofO`<xLV5PV`qbWq3*>`He>D}@3Q&k_}cKrxH?
z>CFV6XaFL&<90pf=e{1A=NJ|ofyN%>KPx~WkB9EF9CVX)7rmzH>kSLJWG#Q`q47Q~
zEZ(P;2QBX&8t;>x5bu*0@bu7J$glR$cpoc({b3gGGmd_>)BJ}kS=>h~E-+f-R)^R9
zfxshL^B?NaYEB(o$*Uuq1$E>AD4z(1z!{czJ;dTZ!U7lAl?gt)9z0&lba&8f1=qLD
z(ETRw*wH%u#?g9z&CEXW@euNhW-KFw%Ip6>_TC0Qit23mzGik4!lwwq4amoU2_zWS
zh(QP<Y(n@_KwK6|Ep{{6on%)wyPMrvNRaBPs6o&Y?`UXCOH`_W*rqMEL~RXdEn2GB
zqNSC#sMJP9MT-a)GVkxqxz6s{+1&*1-hJ=qdEXs=<Xr!Au50Fe&p9(^&XWEu8=9?#
zJtRpT-7uc+H+A25y5H1+Y+Koz{h;|WZePhq(&#1m^|O_|IS86_x&0>}5ii^}$#0OY
z?9Cz2Z1is$UEYzC1s6As7CQbWT0RucXpV=*2^~%2%R6otq24^)wzjL!wh>L^>G=Ho
zt+RKYx}jp{>93XVJmY*(&-+x*bbfeRYi;Y+5}xU>-v!{Wx#pDi^l?qI82e84+sx$N
zl)G=+h@5<V?PVz$pNtW5SKTjy!<$rALwDVKI=1e%W6VI%e;b#~|0R*`*>#5q4iCo3
zJDz^GG6*17CjR5fI}Vs($_JWeG3t<b^M362FGyc}`)HxVJEFX!C<`w3ju7<t-6w)$
zn3>jV-cH|V4Abu!O?4*<G%c|_?56W7$7!uq>ei-^xvpe}i>e-k^OB*D=xvOgBbDpV
z!k3BgwEi7aQdte%HT^VQ%gV=-l@%Y?NDl0INF25?RlXOUrt3eOu#L2&X(L{&f48vu
zmu)L+Nzq19=_UE~vz4`^Xd@SDo8&jhR@O3vq(9N0&x38^Fujf3j(b8H%i>(%nVnzO
z3Omm@#hs_WX4-k`2J_DIw`T1;KRa=)xQo=~apfI_xllUn5}L28#|h29Fh}iYvZMCl
z*-`s+fI~N3dU11;Xe;Zx4{q$2CEVEmZbAPI09(;bYpZa-<-W~u<1DXG-<1Q7`v3-C
zzsfs}?ag+}`1oGq?_yc~>T~-2>;|#3tZ)<z*&xvJdRe6Denm{3?tTB#9Cwp4?R)8v
zSy-M%8&;klX_}?)z>z~{VR@#~OY+0={424=@_hSW+6CJt`C)m!LfSJ-n|cjI?W4H(
z%K(mVK-8W`{4lP>?^b-Dnsf1}A!BgO;`i`<1eqspxCn-jGMISP7JXjW59^Atz1-Rd
zZv4h+t#s=pwrQ!_-OA7DZ~Gq*<L%C3I7ceG#iabq)Nb2dVtvt7TSgRJyfSS(_;XzL
zCGA_TCFeM+O&OY|PnhyK{l>4iK4IAh+SBp2FlXnf8!C66{@U!FXPgx~zpO3ac`oqM
z4z^cePy3XTHX-H+9i{<7hk3Bjk(DcS6heH>;ei}*khW6<aH#0+A<d+oU+(q9>bd?+
zSq`)u8zq!_E-CNm8Yz^fN|$y@Ywa8<^qQ_e=0NU-$+iy9<NBUoPkVl3JL~DAuf4PD
z&jf~T8*$5RwvJU0wL1w58%HPrrMIjt@A#lEOwso|>_eXe-13a=?1F44_1;!apC>@n
zUNmgOi2JhP>B%@Ae>n$QAWzWe`}uvLrOhIgda}zq4gfwY(BFa4XXj%d0mlw9ch5;N
zPAanM<D{o@=y`vZ11+{;^t^-mLd&t-^yhth8#u_hw&p-?(?r}O(rW8C@CuZYvD<!4
zvv}`JOan>tbpTH<AaMXFy>Fte;}(F@S$*kqdhb0{e*x-GY#cMhc`@kkm2bJPyyHHS
zXW8W)*9ln@uLCIcLeyR;Kq<Ly7tnlc18@`qoXoj@O!Gwjd13BO?*sH%{jDT@gJ}BR
zB;`L)w0-qkTh9|NQi>HR?(R@rixqb$E=7w=kpRWrp}0H6U5i_>VnvF3kl+#s4k6rp
zzV}bK&;4be?8)xVJF_PzGrN1<iJodz&mJ~WQ*y7{Fkzf=tkdM8tROptQ-789_it8!
z&u0t&wus@R&Aaf8LC4-D&;{QWgUu;HcLP75K9B0RDG=<r20z)X=A4DxGe|<cMAhl;
zgtn2Rt~%KB$|IxkP|JA!%Ka)O-tiCmlwU;U%c=AN%#yDTS^wZu{nO#TD1By{*AEn7
zk-G;%r5W4uf@Pz`?1;I=;zs5~*xR-j3o&4blXq{8WZwC2V4;ZZ#HKZmRQ=)oq!-@n
zijM|Eq1TyDoi1L)+zeM}!Up!5{1(_n)UP$E+f8k31F9_80}DZ)7EHj;S&o%<H~qc<
z^ZC9III-Zh98g?$_C!}1#DGb`9yNqJr*H~pi;}wbWLh@_0KYy8Jfto8*5>w2I=$!G
z91BeRD)YMHl6>s5#3()5_Veq@0Eep+CgyEK#P$(ye4e++r{`*N_tdR@;%p~d%qw5Z
zj??_7iY234E*8ce2DLM<-xcVe@5&H5G35tlcSX1Vd;{X0P!s;%>7H3~8+=zb{qbjC
z2ad3F=1<tC_rkRZ=M5L+b7I@If)8HtHDrRflpQ>5KYZMm3_Ac$)UHkwZRy{hGYksn
z>qMq8lGd$FU4S+dhMvVZ!fl4bPu2gnX<ne~mIKM0^<1yojuG?YZZAba3lf^a&H76I
zwt3mgy9?=wZfo4XR=wDG)WK#}r(^G*)bk{h3*!2hN+Pz$cofd9YPpTVjSn}=ea(o3
z^KPYkZ?en53dR!H6d;(G4M{w>0cGq1jDmBk4gW;V%ntjIOYL@)6E&)3NQYXyP9#qw
z_XN!HN327pHt61cs!2b1Bab5oRo7>mMfUN0=Xkz9r1W(UbaQ{I0FNaRI-mN+holn2
zxH0w~lMP<S6kU_9hO(}|20SXdI=!b6+Vn(vg{P;JRP37`M!fmxfYYW6uP1skuA4@+
zDdV&WrQE#Guio`ZEqwREX(NPxSJuzG-p8A?HVscdRvqL}*XE_Yvg=uKYo4pIHnYy^
z#M3J$zJmQ+u|)RrCAMeqG~sAK@VU^)aosHCo7ax#^S$}=h^>+1;TP6=$MUvAn%-~A
zwnnE-l4UIPPGQuy=Fb%~zx0Gt=o+51*8A_wpC@dMYHn;|Pm9kT5jxlTwF45+DUP3(
zumLYa9qMnM7yF3+1*ZQ90Hcg8uE)`wI5sHxSv<$4iY&Vz0^$$1yq~wrsIkLY&&a+p
z1Yt9pS{~B$M1Cq%OX(}U7EnvHRge7@n430J^RxxF1`qKEY)N}OTjY#)QZcxZqR2eC
zU8|R1=T>Z>B&{b-iK3P-u@43eGw0wPva%&?I@3PBV&p$h_aFV$Dc0D%ef!B-KWKgR
z+t=x+Z!UJ&u+525A%2C-m`G2ma!bhJYgsGRGgjKkqd)44y0D4QhbL9X_`bBP%&Lnp
z2K5M;8P&y67lck<Nk7xth7+8GZ`3ij5cV8PZOIeno??+c?4)N1=Gvke@|g8<j_TZf
z=+BKOi_Yxg?=asmM1YX0x1;R8PahRdycT7eMDQlHO@Vv_&OI-5m9Lqsw)*)=biIdH
zlzdf%GxNe8I|XL+og!=WyAhctDb&;W@vtXh`CrE~o?Fb87*{DcU~hSM|Mj#7;}Wsl
ztxUY>m|I8I@$0~cFVnUoPwhcvA_w=q9%CfXKc!r<=gTJVWcos`CsCZH-)(m|)4XGy
zE3}-qEr#br<A}3cCXP&M>*QJ2YjY-fXXtYkT?6M_JS6*8IApFkzfWHeK{5`QPHS<5
zzeL__kyPjOhns}A*?(9!v2d9qQ~Ktfp4K7gOzd9t!`G9WQb$yJMUfw&v`(fkZRj@v
zaiin~lg39PT)+Gud}UAWi7v8{vq$|d$uaa4ZUUD2JlCm>hV$ZOgHp>4>A)PoszgT(
z#zaT`fT~tKar833;hy-ySE-f9PL%1sb0m`nc1)w<?xLGt_DA)|I64Ki0gIDfA7?IS
zhBpcw>U2f-X6U~01`w?>&D$nR3ka`lyjmwq*q+&jZW!bxFpb(@WWsOky{f$%X`){g
z&lWRoIk#0yYn}Oi5?yZ#69u=g|3!j?Ut;|vUB*L=VM2f?@<2YXa0Ki2M52#k^sX>o
z>7$i3)SL>bg)MH=qZOMjkjz5}Y<<JpvJd4}<9Nna?N*ad_|G=@gUgXj(EJw?qy(&&
zZ`N`{qwlhBqYcc`%U%l%F0$w<g>cM%WgJoQg!O3@_q{5{9;TFQwCb(jrxv0jOW<%4
z55SM-ewvF)7Ji5C82~VQs<u}r%(P@~U9$XA<PnA*#3eDscP69(*SVtAAg`q2NMa~|
znDO?&{R8WCBHSl}drr5%v#S{TnGr#d857{BttEA%t!03d^_OR6NiVgsOwck=ukE%N
zbXfnNBj}Y}=XClxB||pIvfwTMl=Ma1K9aClxdp!X6W{4XK7Q1{TPN_%&ujb?7&Q{;
zVx(0bT)1dd_WV<)!5tXoE5$G7GV1R_v)}SQ$d=-84_uLzSi!~zR;nYspkFSU=~tp4
zD)olt*HhR4_GzpFS^*tMqqNsbP;j~1(S!tF`cbO4PU=-5>-|vMd?e49{nXDy4OJ29
z?}7CqV*-jWy#RG^Cs4GeRc|xG{zPLGx8T(^yX6qiKM<Jk5((9xa@+9O@p%dYY#z*e
z!JR$dCs?J(_bfbc8Aw8q8klH0*88o7)pig4<z;a&|IFkm$|{d`<)ck}F>tQw{$kX5
ziGqsO!G%xCS@{J?y&vs_v7#K@zx-AC4CngY%g!aixBFu!JEr3v&z{+<9`Es}HU#1C
z(Kl3=$%@agX^tLZtFW+zA%*6Fe+&s(S@aAI8tWmJR=kOa&%v=2Yp6-5CLF_H!hIXp
zo<(Xf;fwZtH&&rt-Kd`1eJn+f{>_M=9B|kVMd_X*c!Sc(lp)v>Rgw#-OZ_XV1kUjp
zast?*@Mf2^PT(YDPUp%17PGXbhgl|iX+own`O(rWrC2@XRBRI`2mX+*gvvVBX&w1=
zz5NFZ&O2>~f+_A)0ty)V1KXM_P^GTbE*B>ybjcI~id*GtiaaV-u6tdNnBfm_H>jzd
zs1!KjAO4ML2RJ-Khl$sVi{aR0YqB?Ke;v**vDngY)Mvb|5|ljse*>{&+VPi>X#SU7
z2Hu1HATOSp!<!f8Jv$CBKA6oHAfHi<2Yp@CwVW??XJkXzuKwgHX1)tlqatzU`53pg
ze=We`I=*6r;^oWP%Vv%>$M2s_%=LDhg!sTs0wjtFQcpSeYs0Cp6hWz1sNm5hs#^5y
z+(+mVcxEpKGk2#7ay=?5ELn$lmn6dAXU6>oXwmGxPdc4n4_*oq(gSz9Oa92P1m;^;
z1F^Qv18NyU!+wa4ZiDBO`~01Vguh#_Pvkv3d!Qh6e#9(>Q6AO@Zn*Sk{~qXXu-R*-
zrFN{F;|QQkhjjx0IZc7nqfg-3(PuE<uZG~3UkxmhH6lOkUt7x!1<ec3pwf=w-_=ee
z9_JH(>2*Xd?I5o-7%M=uvdSkpWnNVe2>;ywtEHUY-jeFy4BPrzAHQLtT$c%o`Uc{4
z?)fyaU9*xwvi2`x4IZqB@;=>14BN`LyMmuz@t66Q4&~NfoyaHIL&dEEC%5uV$V^-c
zL;U8**VkQ#Jmrl)`Gs9w-3ii&Zf#v0A!CDSvYG+7l*?#gzmt(QpFJ5ao?P_SsLp~`
z*@3+#9XDZ>F)+c^=kh*$%t=h4i>?vAZv!kOyr<ZeL7iXbgK{;2r_~KgK`y;5#jci`
zMES^*0Y_dng$_9p4;sV3OoqLd;=ZfL#}%ii=f2ljewF@7)5nYbwj(fC)bvcA^efJv
zI~3Hb!{<oRaBtwJKk9<@E;N?ReJ)8)!6j(@<FR>5M(gsHL9VFdaVU;6hHdd3nK$BA
z8^Xd862Gt_!$oGaiFaDE=Zzda7{1L!5cz8OqAyF6tix=Xf9V}-U5H>y$V6j!7<XtW
z`rGgtH|&}9ZfKi4<G{boExUJ{o0Lr?XV%>juEH8saw(im*){k^!c1C7T6&uK<GQ+G
zt{nu6dM2_gFcO%OK0vOzU_Vu#bqQ7!hy4C!Ky~x0FJ>mJU`gmU12y2)?95E^Vu|B*
zIxi(J@rOmicgKtm-VIKVd4YVQL`C^^0^9xUq%o&a&Ox}-rblZxTY=z(j%gm-xN|3M
z$&Jw&y{(@OlO*19*RsKPr;#TA#N>mY02V`DkB1c%8auFd$=RTLZw*j)TZ`XtUYaAB
zMu6fnKjgX*({MhkKED(m$EwV$b1n#u<D4pLIFgNvmsbeHL;GSF8Y0fyS`yJ3D||E6
zUe!BJ-0O6CWvZa`>#G4wE7~vGCmIl_2%b$S>kuM9T(UV|oMw=!cbY;uu<hks+at)}
zvCmpG`{iP$RWCRA_RJ0--hG|6<Pi4~`ORPB(>aQ__+mRrgvi7Ch}SG|s>k_k5_nE+
z(g3We$A1FqKT@t|S~-hjg0-JsKC43G_kY4)f8617;JFgYxOL$fj&05haCKW2_*^~}
z+T7j{QtB<LX!Jbik|6Y><=p86^{IXEo8k7u@3a<nW=vD&z~z9Gyzc=^(X{QDUwhT&
z@9P|>{Vrl{m=k(eUF1`nyjZu%P@&)KXvry_T%;^}xOM``bN+Td08IkF6!nh;{*|3m
zZrHqcKl~MANFRy&QdurylYE5=+j56p$~l(M3CkmbnuU`;P9CmH{3XwDk-6zhKOpZk
zo&I#uUWKy8?8AgX`SkdA99Vs;#NueA&`Mm?SplXs=%nUD?{3S12e)thB!mX)BNy9R
z;@ekmdZ$(cD|G3EIi6q<875OUc0TgqIC1<_1ASrM>uKGml=F<;7eX>By6u7}s%<U0
zi9@S?e`n_yOq-h=HX8FCgOu-8^nnya>-{OYd##5Y-PNODl4;-*bo!dfE@SKgkiQ^C
zWPZIuk9Vvh*sZQSwU{Y;F39(b;RuT)x3v9ruJXm9#MD%?*i={3eI&H9ccrqO?$O`t
zK;eAPcYcz3xkpmcVdhi~yuEUua9wgICErWBms0;c{ZP5Nk-L@PHnqnjdv2EF`%e@e
zEal<07V@8nXZmlt$!R|O^&an=E*YB;v{Ik{Z-Ch1%9nfj-nq$?dUjK)R_Y@)mr3iX
zJ<es|B;yGs-_a^0m-<7(+C9l_H6-<ht^UWF7o*Ajgsk}W@PUHMVj(f}Nh@<9c)Gdr
zWoPR~kdPnD6}KjITdr?B3$-&`2&~X_QIMMR93k~6OsBg2{=>08>wW99-#j~~9hDHh
zgBSU&e1gVwf41hc+W(;WAO5WjP;&7dL77_QE4k~G@AVvCrnHS)v%M+z^7nU-_~20J
zw7{O7<k9!Cuj%(w)5WpbbmXiu;Fl)YIQCjs{v6(gFk<{Lx2FGD@K=dd@5^=ZckUAb
z0>;I8426Y2BmRTyVXNMK&1duy(=W{h-r5T=br)aJ*j#o!`Ev!|`7ouaMfQ?AeK^M6
zp3dF!N;sSPR;-fJ6}diTtEA<EXhE(1PQu!{-@Lm)Zq26V^PYTfk${L9oKkve>n7n#
z?x;`k9csMqVakmD`SN|S(!#pGT*?*<ck`6C$zLU9o;+qvw`A+Ws#k&h7MRQZi(cl{
z>uloS<W|#9_kTcuoy-nqTe(!K4n*MiHR8K+eP5sJlGBnqjFJK$fEILXm7rB)?*?I;
z;U7MNI-WTGZ>8nf@hPwvZtItLU){IjfWCuDabV@Waq|}JHFiyb<TkcJSpqnu`Mmu<
zgd<Cp;_H>m>HdA9{TlbainHq`Ii*4uO_eWvB?T_ZfR6>yYu&!{qI_kB8}D0RTZMWN
z=X1dDkJJ}xTrLjoBMFr+ge6<S&7d0z(pIm#@@1{1p4aipm&4xUZ=L0xU%eLkx`leD
z_~4!3He1Wxx;UQNy{HU`({!0^)xojR>V;-c5z4^r^hPE?;%o7(Pigi^vfIj(=JV6m
z&6x1rL1jRlCK$w0E%eRf%-;(;ZY`|$I2mScuwZJrpnU~f5($B~PY`i1TMeT+e`VsA
zbVyh`?>%0{$i2@kxqC$V#erx?&9OEeDtw@3GJOCF%oB@FjdF!B=81)-D!4<0)v0F2
z@kLfA##2Qe9n=e^$N5A$LsJg{5YN1xtkm<op1f3-U62a^Ai%ur3i*(Cb_l{{Za4t7
z=J}H|1INejT_FK^Py}Ylv2h%Ch?mGCY95q@S#o;3Tli5S52~#W6JeGd8t>l)z2rgh
znEMCE8vqcn$fKG%jF0&>Jr%eEx)**#R)=M!O74N?^Pr5(Uhd5X(~Cjs7o+20!aius
zW`pDO!an@WiF=@{Jh9}|x;(M$R5*m=Jh9YN_@NX|X0y@pIFZ%q@kx<KCUqDSv%Wh3
ziy1gL9;lA(260d~og8m>gXHJ=<1hn9$8lUCVR=w)=Ag{fpx@((0LWfmPh4uy@VMkY
zsL&n4mj`86-<lcca)YqvLD`sJ3sQj~kfb}rOyrSLJuop9{(@wp$RnS+gxWqi;#$K-
zkmmKc&kUGD>8u1YebPVr_7iA6r|<ix%-1UW3`b3gDtjW)3HY+@NE`&dJl=`3A7qzP
zhPA(!W8;Ip-!3o(VVekA<eyw;=`XX-;QB04Y@hKHDIGY=Kk1zo)L@^%n`So8Ke_x_
zqS8L&%jZDDd5-p<(3EmRD!E4#wHA+}4Y(M|5~zw=i+?PHFURJXUh9!K$A&ZvLZ#NC
zD)-2oV`CT%N#vg@E`pYp8(v8HM3oyBe0q$610dR05SRj>?SIR$5lMjPskPX#1S!mO
z(5vbMW|b1}zs~Wi2u$R{n-EXjJLc?*vH&aWGd5X(HTD@VEDg*2lV4bXKfyTa`|JEu
zfTrw;c88pOKpHv!6fg09bh%+)0zh$|BQOma4k58QaTw9Mq1-Sq77!0F<C^2(64+8q
z(_EJLC(8_V`jqB5QZ->Y<%UE*&u01KF!#v?rskp{U)5T~A|ba7y(}|ufp9V?yPSQ7
z2|~Drd20KHIX2nRkazG=Ci$m!Wgi{1GC%hz&vVqVWWudXxvvCQ5`8}gUZU=!=h!^r
z?fa{>7%xOkSPD#O{eak|$ft2F@~dD?_`s)zeBT1z1aU%!f2tXEAO2SdAlXM`h-bNn
zx9F!}vxQrLH%$%R@U1l*AM*b7X3j_$By%%o{|igdzdA!I=|?yr=4u3_0)7c4?LU_a
zTm-dfw-Jc~=(pRDE@e&xftNV+(tyWH9LpupcIT;G`A55Un@;3?Nl(WN>LREOyniBu
zx=UaZs41~fXQ=v83GH^C;w9SGhhO7J3!1Mpv`RBOTjFrk+**c<lzG(O%qhd)x9t{~
zbW6L3du~BLp&sov<L4Uth47kmTF^$FVZEG>SG$d20z^H9GmRRK!6J>C-d?t|?n{eU
zFytQI_g)j`43`}baBTnYw#aavf?!Nc!S$G7k({kFl=$Rh3D+YIpba0I^wWNKw?G`q
zz9_t7I3fbK>%&S2GHM2bY8Z+uyBH2~grRirW!7cntO5tVehiS<3?F4)muciifBy5e
zf6My2Z;9f4_z3k8Be)Um=4p+_b_9YL{RCU@5%Q#4i_oYLn*mQap(@Pkxvvl34LB48
zVGmWzUJ_SBqeVgAK=lU}GF*Lj=KXn2Eoj`HOUC`i6$tzjo)R^w(8UpUkAGxNPQj!W
z0-)RFNaW-sm27l%TSYeo<Jft0b>^l;l=kH^yaDp>T}VGa$=*H@vfTUZU*;{wnw1sP
zH!5GrbOQI$!$0dSCbfSoW^<SR`3a59A91-_Bv1%TR!b(Hf-5CVs-gdT6<d_fv|p7L
zwI-A^;<`}0V!EbUnT5%~QqxPIx*!;M3<?{JCDXGO&@GxIMq_vL@EaO<gHtwL^M@4|
z#OaL1PTO#HU9W3?hbKb7^zWy0^~$icmh9UhW2%wXiK?UQoTEdW4#KcZWj>^ruUGQ*
zx;jHK(HevH(F!Z44Y#c0uoz|>wpbpcF8yLXMbo`^csv8lXDKh-qMsGM5*G_teE&_Y
zC-Xj&>{Ft$i=tcA)*{A-jfr4(t%`?5xGHt#c?!jmru2B89m=62vJE`T#0Eo)LZJqm
zUv2lH9WA(KddT=X+B%acf%-+9EHzsWg>=Uw1PKcfWrHb^p>OS5IaLeTG}0?NV#`t@
zS?g2C?tfLu_EgJr=4%CbCVSNB7*JMKX-bczuy4mLJjO9L0PFY(R3sYASTht$I5I*J
z8_aa2<>Xv@L(yZIBM(p^U$vV3iw*4T(qYVUYI0zZLpADA>mNAtHX$Jqt7ph(`YAIb
z5R0EljXwsn-%G1jk$iC(=OU};qB09d1U+XWLsVJgZq2{-?CS8+E=7a%YC<J@H2CS_
zh7-p$X@-)a>fMYbZ{0+zRC<Tsqzet2M`&_sbdBuIxh5O+Z)B7Wu11vut5ojBX>**}
zPP3)ua(q-wnt{~wiNu0rKT!qtRPrM%g?_6SMG|y!I#1&^l+n9T-4~H1Kzz279N&|L
zWu;D9n}rkGKP*oYe^_{(O$wRCd3zUTXdV&6jreEaV-|X|Y_|_9E?o-UvXW^Kcd_zT
zV?pOu(ryBK9TPLNl(Nicw<?CQL(Ez?d8jGzIHDnV?_W$hF&`?Ne*x-jtB8*3Uz3hI
zwj<v^N#6L!nbM*%p;AkYX4gxlS+dACEeZ5z36rmyTo*+{0N=QIvLsmL4i##ed4`<H
zyzR+)6h3h5@d$D?=vUIL($nm%);jbEjr&Dhu?*IcX;!JqFsb<+(Tm%$ONrZo^u8a%
zc?8$-r5x4S#i0I<6*sOxbXy;xhK(gq{PR^el5+|G5c+Yhk)W5wE~@IatVu@Xb3okg
zU@&*1Didj?*Po`Iq@F;fTNZ<_zsY1(UD*P?C<aSmzkiT5Xk?=cl=cidlxQI4%v_*p
zrs~QSk9?2U*~5y^W!(nINz-Z-YVz!Qu?v_=#^7|;$kbuxG3eXtZ@)=A^Li$@?7~#8
z2ZXg_?}0pgPeVg+NtqNGw)QXv_v|tm2|En+nFu>VJZu69^Gy5o7s;{4g&Tre&#t=|
z#Z^i}xxI(@T{ep{zj`Vr>xax6GW#h>>M#TG&_W94JxzmXWdE>DkX7JA5o0{*f1yDU
zmHO#NR_nq;e5F3?nNStIpuz8x_;$p+X>-f4RB(SK&gtZP8D-&J?e{meQik8&@w&At
zYi)Z-D<*F~QESy1xYY0;(Kgj%G#*H0eV4=4Ge+#s<)WEWI|-`wMcTMY;CTNMy!FNe
z@zsG*_9TTY$;v)v%SGi^my$q862WjE$yek|T;>!eu4hGAaz@^1&5g)U0hLxa49oK0
zE()ZKtb{8&^3-S9nZ6P8S2Rk@pHxk>g8JvDA`vWljmUfK_65C9UI?zz?8;OxVigUP
zHH_9+hZGx%*(|hDk1yq4<FE`eWAKwstb$5PPiKB7@GLpXL2IBP0)e&DzUk(sPw2Dk
zM@*gX(b=1v!lI4%jwfoEbw?Sf)5{UnIL>oYi+hdGBYF`f-S@K7&cZs|{+#NGH!^{A
z2?LZ7px?xO6q6kIi*QtK?$CevAX9cAV5{H!dFy0MMvn1EA#(#ah5Fy0sN^di4k3j7
z(XovcVZkne1c%$JZV9If`j>~Se7k1ozz<MQBcTHHSD5PweR&`g4B-fs_?A>3Apqe`
zQB-t2Iv&o!%*{pA^Uh|iSIZG_3$}?PgbpN#zIdU*bPjp&iSTNHB9*rGYZP4!4c>=i
zcE?_sMO`{CxerE+&OLyAcI0;22ZKf-l2_o_e$vz--+v!wj0)sl@9uE6y)L_)5nV}O
zmFpA{`-Uz<WLL~z9dfU|5Bdgab_VOeLiIT~X1b(1E)B?D)riV5_#$2t_JekTXF+^S
z*KdNG8f6XWX8U_zkb@mBX|&$$q7K7I!a@woB((}tFi~BtO&<Dbw<pL7mZU?`&5oU}
zg7jRir;zlQZh4;5(QT{es)&pYEevWVy$0V7wF=U=hq7aCqh7LfG=E3@&635bO8lR`
zh`;khT#?VY508ei2i?6Bbrf6%e&3EG-TfmTSmdT;GZ$H*eb-M&W=>ffm48Vfh7}aq
zKj>#p#PCy=h0q2q9f^Tbx;Bv-XIVOCeBfh{=9~Ajd&v`AJdG8uFCA~>f0JY(?Q;{?
zM=>_Oa}NDNi{UjCaQV%f<PYY^lD#?d_4bv|=l6;Ba%TvY@I;07IO09UqsZnfgnWkx
zirgp?cu`ph7kC$V{~;ZB%`C7s+bmX%e(feV+U9v+Jqwe$Y!6Qw4x(lb&j(9gOWwK!
ze<~b#LK0>!3Y|v}NorqGiKMb3JM>7&j+OWVcx%1P)|ufQLBHsU=ryb$9}gJYcY8wO
zG`xKawJ=e;70z!AhI8T5MyQ4xQ>~iSC_2lP&Hq(OIk}2t^u^}&NkR%VqbF5AX>wID
z?I(lR<RAcB^pw}1!7Aucb&b($>a*HBQjoDLADPzT2gZ+tIvaZ9^{QX-dmE{g1TE1N
zLMxFM-#2L7J`DxaPktV5@I4*lh>bW3Q)^&zOKcj~**eu`C?03}DD0Ywv9W~IPEcuK
zpZD3kx4D!-Oo|On#Tz1P;)+T@R`)SLdF)SzzKBYmzA3tjI6%=&rR7+6Y{i7FQJs?&
zy=8c80srv!cu`3{8T}>a^KUcuh+fC^uS!?~%Cr$oQ9nN6H+++;j(IR)c+Lw+YEjn|
zM-=+&D!^-2WuDDYqa~H3DqekSFQ!{eY-(h{@JKj9nPJt>5an>3`a@TFFXz)3Wx^EG
zr5eKQ7!i?Db&v8)MwXfZ8;8MZhC^=+VNkNB20Y<Qb%SPu$X^<%e(CQjoU4ba4*q~|
z28D^!&UtZ4if+0;%%LaS9$%-tkd(USDP2QSq1IGS>(~`75_Hd(`zVXoT{>)wPe_Z+
ziFxRZ<<bXllaq=i73Rte5VB>2J(<6MER#=oxOw2#ETpS5N)3McmDi?v;i)XvO_;7e
zzgi+<<oB?0Up_ezByB*abn_MpsMM@ZC1>=f+1B%qt)5xYO<yS!oSiwtd0;+%9A;({
zL2_U?id*zpYYkUY?BO-SS8x1tdVSpVQ-enlCE3w|AhTNNO#mlZ2AxIkdW@V#1Cxae
ze1|MTw!OWQA#Vp5rz-7pN0IBTV7*uo|F-Spxc~g|8^d(}SPH$E&%|go!SQ1&WEi#c
zgLwAJ1D{rEh;zA?I52AUnc7t9Q7T;a7=C4Vm;|!!CW?ph3yRoF4>Y5*es%E|OQH)<
zO2qt{SsVAD!&N1hwNpy37+}%cJU~Iz9qQT?h?FCi)hN8JPZ2L=jpR2>*xjxZWkT!n
zISBS=^ux#x(?nK@0rznjI-6fK(_^}k;cfjNyA)m~$~JA31~Zh^1|X&5F@56-y+_6T
zseZmXYiVV2l9}6S-Gs`M)P>+@t8|7ag=COJ!%WS|RN{%sli^VHnHMYQPA<1wMI#CJ
z5aXTF;xm-;1wE1=vzG1Rs}j>oZ!K_8M%lz%psv4J2Vax^=R+Om=P)5<cHw-KrMX6)
z;$beH^6liI=ITg{xN;R<Klmb3DDMJG(vo-2lj~qb|0$1{fB48G5og+wjP?tqI!*B$
zb2CG^3Yp7nYhH_WAy*aWabkAu6W<Ymz|`R_yFK!;WtBmrcF<8?bJy2TtrU6;Ig9vq
zM5@uiJ@HtIQjLqWx4KuSKGn8*s_7fR7sQxe?##iyU?UD)1sx?xw-ktn($$HJq*eQu
zoNWNRz%OD8=B!UAZ;x}{5x*;nm{+R*G;w8gOs-dRdypk{=G&+ml%Ni^)YwR0aX0Th
zw{YL(WxT7-kznzfvpsC8uHx@VE7}rh{t~ZXS|=H=6ADn&YZ^zWd57|y^$cCs-?^H&
z#y#@Hlr}0|<ZNN&$p`ZcH>KCY`lFYck=O?P=Xy7WJUZ*x8-=7_hGp+6aQqg7`8t_3
z{-&qV-n^*KEIr^&kouJ^q^7{$;8R~Nd+XNgrAT!ZggBR3;2mdg)GCB#X=!ZIWeYr%
zE&|4CmJ`uYcF?sHt2A%)v7D=ns?fs;l(3_ETVbXpq)TRHb1Qe1QDAky<=PUL+IjYq
zi0vD8th4uS&01{TE0#wD7FW#ktVo?vi>%U*hs*Z$Ic-bBg@B4~r?t;8L+`b14?_~a
zuLW?%+USDnH@;*jH@{XG%Zvaswf#lk=Y&LQqp`>oXNbxv(E|qLomT`T8dUPBTqr>a
zV>EYw_lw7l>T_33_H5@Yk9H$O*gNa8XNcO>v-0v};vY~2jnNb(M09HIdz=)1dJQ_9
z%+D@2^S4_zWV(izzAcTGWa-vZifH<2G+^ZQKFKg&M}e&RB>CkDO;hOKXgE*J0`ZSt
zR3%P}wl=o(eAq`u-C$TOqb@?gc?uf?jE%|qonNiFc-=XCgUNUV>3w>GWs`+F#44Ll
z`D%&9ljUfSfj7xooV(8uY^^x)<Yy#)Y*%B>N|2-(=<OTQ9c?yr7>ajlbxN=qw^_d@
z<eL;`S`*g`KJYyH%RLbHF5JFk$SS@JG1VrLV3l%`(S$MHB7V6d7{+WZ+~`gsW693)
zHS@>gQFSdTfK|KWBN^tQ_6T(Bv8l+gi`#Ba_2tEu!&-;E&Qr`}JY*bp#V}Hz@lj1y
zr0+K)E84OO!{a=0htif)yt)>GiS$puc^>QoU1-66DR}?5`#Z(NB`H<+B)8lMSY2<P
zaAk#QvlBzRcPsNxVrGgy5`og`l2X-eL$6?Z;4WK;5}(^Z>;Q45AHyHPfY6&(?s1C_
zyjU9yN@T|4*(PpXi=jgP)s)IK2|*{<g?ald^{1B4W_{zsyrJ4^B;|huW^0GH^SR3v
zZ?I92Sck0I$*&XA{&}qNL^;GUXQrtZQ0d83E%3x?k+R&fzT@W8I$9o=DhcFPgmCD+
zGu5p^mY-9t3SZDJ7q>6(D;`s32kmRAy8LNX`shG|#(Lg2P|IZE)1q6rZQ@sVa|@Bf
z%vU+w=y00eU3JfkbE(WjW?<@-`?Rd&ewB7?b<4owClfroE|;~YugpNkSmvhrn8Juj
zG*hBvT*iO*-K{v~V9?`eF-~0fgf;H+kL>cHu$v~PNk3tCHq$1-G0A+zSZP#dhRA_>
z4ik!Tb#bV^8NO-`CYZ8@jpvI1!)XJ;yFX{cFr!78LX3Zx4A0gb7~}iN@F-}}GTn8b
zz2RW6qav{HHyJAhdIVDI)6?%Hx{Agh>_-A+%$EAU8zPbV9!3U-3nk>P9+4aggogDB
zPxe5;{Y1Z<kCwJmZ3{;mAEHGCKhIWNczEV5qTGa}PM;}7o@g@g(wElMx=LAc5Lx}8
z`0_!)F|03KWmzCkEo0C$B~WYqcbQ~&k+y5UXd9be4tD^ONx&&fVWxlR0~tqKV@f?j
z+~X;|sH>lL{u*KBJayPxX%8&MUcZXC=$*7P-zL|f-;zpqDB^(D;uOud`dBH&CZDv1
z<s>|z8(T&VRNd%H=o_m?>FI9;N*7rB<a@0wXQ*G2yBrwP4#MA-f$T&k4sXe71gILS
z!{KSDyijDOnM^d&9Xlt>Fx1^+&@GvZK326IYY^cGFnow`%TY<5=WO9pd}m@~M#E~6
zNujf`644m3glE4%3&>8})WK*?6W40x+BPEW|Hm3A0Mbn{5;o~R!%FRJsOGP1`ZCE@
zb~Tvp23ybVYVwA5jEU$5_f?8`2L8!KtD=M{=Ho%SI@a>d<)|l{r3*!9I}^<1|NX?u
z?6wk11P{JAH>l_#(<)UZj!E!Za#`f0u<5%8ER!YTY5lnS#dM8%n@Xoijh=+YG#q+L
z+EI2ul5Ryg0{-J71P|Y<e9QX~>Vp<fExIUvnEWo`?;y-<SHEjI(9lS|`$HtkL#oEa
zC~}nA3;V^&l>hyNW61@lrWdiWmd!$<5dT8@hQ}0_y0J{@-@6>c)SK?Ve?63&{wlOK
zaesG;rFEFY2(%=g0>nMvL_0M8^qWKXy>Ppc>bi0ae&9W22r&Bhay1x@x|p<sSdXlp
zjvCl&ti*R$V?TY0@!*ePLZ4JVn$I6n(^sW2$b?We^T`>)YDq<IS=I@-dh<f%eI34V
zAa0g!8009u>(u*)7=3TfNo#0MtX46wx+rR|BWBWkv1GI|Qs=4+`#BFHmwLca|HH8e
zsHM=kiKtgYcyofHZ`2UZUY8oOK$yjEueDJGiCmo|nld~qVq!qwu*Y}!*;GuHd9ufb
zQpQ;+$b>TYJ_j~H+*v^urqqxon6$t$hkhjf@jD1G7|g$YFTfOlo`hTYYl^YJy=9U(
zV?B;hP^E-ai(}_Uqy-H_I+yY1J_4pe@5?=MNr1g%z}vc@PhoLi$MQKTbd0yi8g?U_
z_{^CChXl|$H8hbJM*9&*T=_OIfT4!mlsC`0!vRc5NlZ{H_HT{<9+0ki9)FqrM3|F%
zyR4b;CRhT28%zI#`p|wFQt;{<b1G!>w+QakC$YqcSvUy@2Ix1hA%*|aAK0-@`D4Hc
z-bml0pQHzC5fKiw@T32s{;q|=`9HkT%)v4=e}hPd=jsp!>de==2*XpTgMDTMabu|?
zY9|z=NIEHp9}{JkCPoqO#IVaZm=W|O5X&t!J}p%-|6XWBHV0#Ki+q<}y30rC+ccl>
z!3ejPM6!E*kERgx?yEZU@4)~Xy?{53FP6BuZ!x70M?#P4aknp>q|Wl#(MFchckg<U
zetDotUm7AFNHSaLpW~}yJx82<Kz;KM`UNoorpK)&%7RwbfNuD2`3;GyBDXHgbnN33
zs?^`d5*lw9Ll(}9TJT{4`e3pbN+Tt)szL&05zGXa4T#^Y*Tej2Q8K)?JP2)eixKTq
z61RCx5;r`#5UugHltx&Bu;`Re%GgVtyS0!w+*s;O6id!G!{SD9h48%qx$B>ZbR0d3
ze<kwRbK2hFw*(Mr8t@p0?+wXml6{cg64n&vSAXNx$8z!Ez1nC4!H9TS@vKK3%Y`XR
zPH5cl*#x=l^#Hk?cCJh~AGYS$7tUDJd^(CcycV0W;>U0fo5N1oft~j|jSBqxK5`bl
z`uv{0a@;_=9K9_%42OI)iGDkW`#5f1njF11vMU6*YLB<YD+EL>Z)Igu>FEZqqFFc%
z>2p-bWwm9(>`Yf#a@NS?+(tfX8eDz&=dt~zxbynECP}9$zuyH>%e7F<<;Kg`!n{m5
zH?WlEWiMxrLLY1Fm)~jU<AN~<Ax!QtIVMdq2fXizf-%e(s?y8*OxFkFOcqvEN*s9(
z6Q;aVZ_4J?c00+{2FF~on&b3y{xUlYqWe{=?rt-s&i)#BGm@*iS|OONYWb$u^!4??
z`yNv}^x4a!yN~-N@yIseZ?Xul!oe6tHod#m|EJ39v|CYF;7lONrsYw=r~7wZ2ey@>
zB%8@cM8#iX>#;T?j_N-x$2;S0dL9Y>Tn}|7@9O@y8FvwPL?wOC(q(c~AWd9Qc7fn=
zJv*h){$`W(Xj)-8#F?;5!h?L)B=N$=qrJErc~ku8d$AwxCjAkW!aYOR;p~)8LRaUJ
z@)1#qDAuO3M`lqso(WDDTbHJX(9dp^&GVzSl4pu8)LHQ#7d##sMSgEhuDP0^|0rXe
zX}ijf)@DtjFEBhdkKX<>iE_s8`f$|tvzvUg_oy%Wg4QFkcs=5R)niBB0CsfnGdIy0
zy^C))Kd~Nplg%UGNU*4zYIEwyS<VZ!%Ww8v_MWCoVOBihLdj$1XYRFFhGZ9B*T|8&
zOgr8t<59ira#($=Gr^|Xk+YQ7^L5O#9vbnAWY3fQ$qQ$7#{9WVHJjg-e7MQs7}`lQ
zuqNVP)vbV-!$%&oyMWe*<{>DvLt#9}OYRFu&bv?ghlYolLvIh}Lh5HQNhI-wMx8#;
z$HEu?%D<bZhcA9hXQ9SF1oA|zby|1c!`%xIE4=wS^Vt4?bn7hLJ7;?1!1bByhcBkz
zzvm^Clg%(+sq*{N1>X<EmG@{T=L44$nOdi<C0nHL3h#0ke7!6>DPdEue;<lYXzped
z>@j=haW950C;CgV`>}>L!R6TC^Q_ooQjTcx6Y=Qfaj={V=1JYD9Qe7?tAn`ryi%Xz
zuJ)ecWYzay_pBvX0k}v`HM=37Bj2ZL$n4K$%KNIJ*WjH|PBluH{<}>1f3ABbyU6dT
zY0BCpBX;sFwWGW&y)T;=b^?N;_OhW1%hZuOUzkhVGPyU5(?0f~4P7(EiZ4C4u@4uV
z2E;r7tM6<5Ei4?Kc{5=AJA6E1zA`75t0bHsR4DrphA7#6)q`Zd%^Vl*Jc7%DSWSV%
zMR$KR<*_3BvzVZgn=aOCz}L-l@ayS0d-$Owl`3U{v)JaXLM`#1V6)E^rJ3JF_lSv?
z`oxJVM<=2v5ASw6p0Z_I2R-in@(L-W+FjL89w)L7@mBBpZ^W2PI>l}?Sgm_PgK%N=
zSCt<(CVjB3`=*5|VLybpI3(tvvd?XgX5U07HYAx$D;_E@;pyxwfg^!q+_k4C>@ctn
zjZCNa)4aDLGAD<GA2HN#J@kS!%RB#(=qjkpxO!{ICu|4O=Lnl&$=u_!6KgZ|v$$FX
zy!7jHGPd9~w7`6Mt}jLZUw`j=uY-HLO(vlwgFM*P&bj0iP7Uu4-dvx#hh1mtUA~^R
z?7e;sygnzq!+194{P9!@6KY58nhkOf4GYuyjFGXzo~iey9c^G>fN?-td@f=j&zxIW
zn1t{weZc;0$9wbgsm{_SX>4{O9bj>XPDKe%<?s00M#Fm-opkQoIiI_YXkeKya^SR!
zdf234eKoC%r>yQlxOB+pjef2F)(ccQ`k11ira|AtoTN;+aka4CVnUtE2DaM`>iG)p
zBNvq`{}3BkUbZPftA&(E15)W4b+FzLS1KzeQXOuR=%s%g5>W(TnNC6%L!yDb+}kMu
zkwyE>T!S@SH<7xWqeO3^trVPEIvT&He9V>pYD1OBPID?M8T{;%=<#k?^G<mCmkC|3
zC8qb4S$?3?3G3fQq?b9c>}q8%?*;?6_t50NN)WH-saH(4u+`QBy7p(uxWv=>YA5P-
z8Gaj*C(AgmIJpZwZA>?kRejg<dvRublZ!|bE}+~X;w}@?Rpu~u+VJ7NJJWZWt&vn(
zq-)Sgge2jC;80A?1n=@mcT<dCnAWMOInw(;QzK=1WFkkzQ>r!DTLpc~?7F&uG2{{}
z(9F`OQc#ru!!ts;LB&&#tq-MIOTk}dx9^%D{b7zIrP2P1yQeMw-u`pUGPGk^%NJ?4
zn_*liaE;KI#6~*(LV%e7Fn!0`T<~4vucLaH3VMoBry_heLQX@Ko9LsyrU}*VBJMp#
z_=%M`K$G@BWTxBbs^X)rwy~|7d9oHU+VNv&_C5CExCGdU(MFx1ZJ5y6wUh2=(k|21
zH#e7VJh&4r9wNHir$U&nXTJ+9*ruK->2(X5(>mnGotc)M@#e)bM~I_hRaQ{^&brv_
zNT?}nrDNdmSy-CzAQIGNASWvSaxnE>&vyvWs-dB%|JOaC@G-wM@E4|gM)zhM(ghmU
z$5dQ?4b43%O&)99Dq`OzhBw+#4jejq?0w!u&hm0|cA>O#y3#7ThKsp#p~}5Qm7!bb
zX{cebg&FvVap+qirlm4$IQR-&#czOR7GR^1Dl=~v>EFCTD_>6aH~!Y9VlrYCK2mc(
zaK-0?lXw^ctLXXdlC=)=$hB_HM2YT=7@qwRGfh9bX>{XVi;w%?77*h5y@dy=>;ls$
zfn4ACm^gz$Uu$K5AcFKtGe1fH{%Wn(<JvY`H1c0;1Tx+>+f6l5?##^yru|!Y)atJg
z+HO*nYUoAgP$4D6;TicdkhI*ebhIDbcO${`<?itYssYJAy*;fHmgQ~dEf7b=6Hr3E
z5s)*r)_1sp?R=Kzo`lh(_m#%8JXt4_z7U76dfv)<kq#;GE#z)1S&s1rah$1sCFw?$
zW^qt|j|-O1`7ux%w3SEqNpdG6Joph{0RFO$=T97-DPL_OAyRudgDpeS>30&5zTGeU
zX<aq6V)GR87kdH4dQItjIc6=|o14GlNkxtP1z1s9D8nr~(L7n!Lrud7J>;H@51jhO
z4m6;Y0Es1B^|{M3<p9~MZi2(JV6*hzKyjhzS?(z2(y<Ezg;HW&A}rcXXB1MgzxsB~
zx!j+q|6W>KU7DR-cX@<;@JA3l6x?z_*UP0mS|!oRi$ijDiO<v<{5}n=A9H?*Y|r#<
z=F#!-&bGYZ?=^tK;Jg3ym0Q0c>IZEgajzMr(z{BX=#or@Y6POh`r+RX=ipLW8iL9=
z)B+{!AEV+q`AkXVMFNZ`NB5*byY_<G>E3E?&DkNQ#{3H+Q3h*-`V0hj^?C-9i;+Ju
z34K~q2)e?;$==#cpT5AivzGYRHR-op%;Q%a(G*D}Q?F=irt{_HdPmKqzbqlX1F_%m
z_D_~{=&?H2u0~~HS7~4(hv+63nNA!{0XX&M6D)#LPs6*LZ<E_7u-R!BNwseCM3uz%
zEYHbSYiuV;@jmzJp`+Yrow+wn8J5hFz75auVEDH<`8KAFf^sRmr#j)=o71muD?dxL
z4y)()fYaQH>!@GhtE=aAXi**OXgiH$(x)=f&VS#@78X~WkrY$6b|=Yj;^YgXsjmR_
zf!sUW1l&W(o5W$HYimy-q~FgNgT4ex!<>D)sDqDE0sv?XXNl%w(VhTqMYh9eZi3vO
zr<t<%BepS|k-}lkLT@mKYH_Yp)JL(4*U!VVpJ>L>+5a}aC=5f!1R-92qK|&X`FSH6
zWM^U0EV!TZyL#lfhhivYcdQ&GgPlm1ItUAk*<2Gpsh8L4L96Fa@2gE;Y|wJUjpRHB
zao$XWZKVy;WgMCTQRb0*_o*!kURZDVoZv^oHr=S<d0@C7*I~Gi>!q*awXf$-To5mC
z7(<tUX(7_{F!#5n{`XU^rDcWN;lLQ1mHKrB>I>A_ijSpZHRcsZDKCiq%Z$(4qs6;k
zC>z6P_Q~&Lp=@I8Z|NMkiwA+jXm#tCeI5U8I$p-08D?GBXjWZU&$2B&&{^R4n}O!8
zvq+d?UXA%>4sCjMdaA3#^DciVX?!dwp0tWgHM?O{T712DEN<8ymK8G>9Fig{w|$OF
zOua7sdt!3Hzq;o9R<ogRed?Fi@0lr^75B`7^oG>_Tme7?z6%!3>QhdErf)g516|Pi
zMZEO|PBXXZddpu|JLK^V6GPmYo)3nmlH<*X&5EA4Lt%yt$fgs#Lj~$uX51rYIgVrg
z(}u)otm*>r<0etGIU{n91+_&K80?L#?C)Hx<wBk3Xmu4F9MW)m3aul{uNejvZhqJY
z$tGUzfxt`W_AQ6|XZ)+zMs1`CuW@<Dd4YYKbs*JIYIVQz*OSx(Rp7B@WH}#*!f)n|
zaS4kpJF;i%Fe7*wC+G~BX-;hesE~Y`*I1WmN)U96Om}?$`F=}+_MsFf>!z*1KZ3Z~
zP$g2RS+_%U^xe1n8{{Ld=N^Etq2w~9tK3O6vlti4Ws?$^F86P#X8j*qrVj@nNxS~~
zMn>gbD(MBt#;|Zm_mA1+1G!p;8W|P1KIpmM9|p(#9q*~0Uu9W-ENYl1b#iiD`X>@9
zbjC2`D?S!O7UmI*EP{Z5TJdfrIbb`yG4Sh`C5vmKd1s3j*W%Y7yF~N8^Q7)u@8_M}
zFJh}7Pa`&NL*Y!?xtaZjEA&aPZFSP!D~(^ACRPjXi&vU=<*pvidUx;MD@0K?QcwmO
zuQ23|eM}A*3t#{zU6;D58hgpE%+1Vm{=yQrkf5t|;_-~Z6hil#x+YIR>uyQR?uMs7
zZnN=gL;DgTBYhD|$PRG-W-@4@ef8e0+k1{c;GED%^@GeZ=J_C%c6XJwSn|jQXOo=M
z$!oFeipStDC2!6{xvL^vF?zhPA)nK=2pPj~FZWh1)N1@W&DdyB;er-5jm2skd>$>r
zG%laEf)URLo!z=;8JvX*aZ9AjT;#2lcHGNLc1h_nGYAfd4-XUb%zQR_w)lfuT&2Z0
zb*PBh?rr2o9wTg3zo>mtTOSGAbw^Ib^a~HGS${qokIh+sZi^TDcphBEYJ2)y@VZk1
z^=*IFrpS@%($g8A;dy{ywxBf_H!)ZJhh)yYRUqecsrO)y;TgX;vor6v@jy2isavA!
zoW~~?D76@ZGvzyO#c1&B!#At8*FF5P>n|)|1=EgH2oDHfLkk9Xwdp6qxc*$fW<k6`
zx94f>N$x??J|ev9GfdHc@9H{<v(GiIg?ZP#Y^ZtHgAO#toL;jMlTcq%0R6OS-GOqe
zv48Jc^P>LV#ib>$_9eH|wY*SM+dOsj?`b5h_9aFot-=xuX<7m(p0P%tQk<V`o_VL`
zZJyaC#+=NCJ>kU=n6~8wt5C}3nY1tB@11}cd@LS{e3k5TTRRz>XX37;DK70kOdm=B
zJ0wA$MKWds#<ov?<{wn<PbC6o*;g83AwHbVm(8F<eb(y3Ty+!K7az-wW$lmOFqQXN
zVI(nCdW5rB;!S9RQgT^e--z7jrrp!G)Ao-~Giy&bo5MO;&Em!S)0;6n&v_<Z;SkWD
zP<YpYhg@(~sd#YKkuUaA6aU_=cT#1ax3^$qpSRrM@~*>AM2|U9w{j)nyyQcYb_@c+
znw)ZiugDEiJ!NqaBddpCh#)9p%r7~SrawaLfqr6hj6Dfc!Q4M7lLq{d1)zlNXs`m~
zjeX%KKF7ZFmqI@R=KEQKe)RO_0;bE-Q0>x2X<Zchs8%CI_x0cw;sVRrJR8GE;AVMb
z;$3gog4;%$C}H@Tem$9TtS0G8Qf|_6Hj89<4?`S8n}gz!5j3=#29%SSkAh^5IR%wA
zl{EH`1jG{2w7kSZ;dcM|;lIK*c~!!H6h3o)Ve*!KLjiXa@LBT}fUDL^WYy+k%FMgY
z41UAAPVDkP;`G{qvn6KL2F{1idFOg0eB%8mv(GIv87=$<0#56t3Iwwucp#|OMC;i3
z7<saW>d+}|rfLOL1>`=~K-&_K+y|e2d?iaB@eYlD##U{GpT&9CHI8WEg4VD96L}98
z?t?sP0o#-C(Wh?-xH5)c?STUYb}uKP0;L}bAVk#rJ(G?7H6>z%ox>WP*pIjnJvbzg
zOVX-DDm7h8z%9q4cW-N2Tyi2X;xVGfUVPt$u3`OC=X;S?i3uD!QK}*+31obf6|5iu
z<=p24-M$w2yCE)R;;?8~`XjB20+y8~Xh9V50KVpDtqo?XPH%#JN!rYWGN=Yf2H&-R
z{E7rfH<6mG((va6JDGgKHAn;0E4a~s-x(mdj|~!ccau~FZDP8<j-jXNa~6xe?{wtZ
zKTXouj9!+x^I?$;_WvFA%&lR5i+Jy%K!saeOWT0C7dRB*-HW#GGiIx&t(SB!xE+{0
zRzb$<B9pMC{OAMv(5?xihx}7;EA+D({XP*E+XxL*^ud5+kFo-THy+<uO9F@?Z$Sg1
zERvC8SdRz*LWshc+L#Q}S07ppDT&Y?B+~C%eT1F3kD_BLNkJhS!O*t=a)><$c`ReH
zsgG7eZhBqLhqW226MHpmBeaL~(Gb)-2Bx8wxzPUc_`-1U{KGiZpB{n%@&&N~_#oJz
zLK<pm7&3$uG?QGm*+G56(DO>GAp@rs!}7rdAOn~I>~KVZpaBg{7_JW)pn!0a+6Nne
z4?ydr^dX152k9s6D5OcsbIMWyP%<PTI-s|p^s#Sa<ViR*U@3_h|92wb(X{7u^GABK
zgfl7A=pNEeY#%NN^4Mrnq3pE%=v|0$C=>@oIQG&o3{l{e-wNqLd&C9cKE8v5jm>GW
zyyE#t0Ehv&K1Ws@L7?oh{4pvJCkQne^_Ae+4`e?ErqzeDUSYsd@d894w_^%Pn`4)J
z6YaFbbS_e+p-?_JApPX^Bp|cXTf092J2Uhya(x|X5d5*d<e*3~d>=^&FGyxA5M()q
zLlYDNwFJf8X>LX3ML{_sx?=(5pG`x>-mb<NM^ea|hWe8OK0ug2-AV1V?KF}h(Erok
zm%l^#M*qtaS+a#J8EYycA-l0AZ(9h-GRanm?E6fX>}w?=rj%sgLzc--LfQApUbbNv
zW}ojf_4)h@-=99$<(kVq_qoq`o%4F#=eg%%o<|X_wI)6Q(;*AttkzPhKYA~j&nCY~
z&|q)jXb}igL#wTAXCX3nbeB?ubhJ_z;v%_l5d)+WODJ;-4bFBzA(LH9&XCMf2g1?&
zbECu746_*9wSftjEJ~_FawJ!akgA8kD=Gg|b%HHiVORZ?&`nt=eW*~Fvj0-bdC*$z
z08GDw3rCM`9EkdM3Helmbv8PZ2YqF&cwjqgI}@ba!Hwfwvso+23=t0zK}2idr(c4#
z3lqHy&2R#1%L9j*Qlj%&(wT^)Hrg;Ae<q+ea|80*9k9=WCAA6S*w#F<z`9U|mQkgb
zNL}HSNZMHd)ogquFQBnMlHQ1c*i2so;q<msVTx#*HQlv>0q!hVx<e|F7R>{63P@7q
zIoy@CldKXESh@y}U9L_GYnTXHX`nl++MqDaVR$Tscy(<)Q&|lBlqiDE$O;h!X+uxr
zRM4o*fU4q!XBx~nMSpp;>YClaETZ$^8d`hp%9``QsWth56A?%f@shtJT6oQ1Ku#QX
z0moFwjZ;_?sZ)7@_FQ{607yUtnF5sK;@W>}ysnJslT5G7CUIpE@Uuuc^k^pN=AJf`
z3pYJL$b@AO)zI)v$}<_^uXu$Nf7sek=3!>FPT|uw8X#i@e|~iPz~n#%u$XcVXS2qa
zm7mEj4if}`b`O+fHHmu6*FeQK#X;J#22eJf+8RQnH4}W(DJ}9ePRn(CNJUsz_$iSd
z&9PRJb#*{aEJGK10Z@S6T6xy+`pZo*b_1uxNPe{C+TZ}huu8j1_p|u4ShcQ?eg|F4
z8Jy@^LS~2vIEKiI_5rjEH_%F6NQ$JzDGvys1qWJqULtSGYC}Od&o%QbU;P{Hy0b}d
zVgX9z(I;7mbbt!awWcg(v3z%z2z}vrA~%p6T&FOZ=(W}|fG}`MCq}q3;F$cGaF>8>
z2^T@#yg}jJ^a3~n>lDUl)I3KA4ZO(m%6tr5ocP4c2b9ID4bF-pV<V-|qyeN3Sr}~&
z$cu6oXm2N3u#8AvocRFX@H?U~T4n9UfK?_!ze@i!u|2JLV0OTH%>qy+3$TC8-4IPN
zk#uOUfuT%FGLdbKJC1Pb%^TAb7=;h$MyCQU*CUr(S;G|2)0wlV`xD~z$nKfM?@+$g
zgn^wCekWab#OOY|>#_PN(&jSG4~FOJW4S!f#GXiT`o%V2v1UD>UUun4X;J?C1m!r4
z#%C|0xP+B>r14aM<JSxxK6NdkoaRX;p}jLQ-6&LRP&x7NfnIZV1Vl4Xs}cO5Mov+3
z4kSNQe=?60HreG@AmGZmcX3aoPqc_<8a%%540m(=9g-u#a|-UqJ119iH9<b>OHClX
zh`#Sj&NZ9el?w!%+|NS!dZd`d+~Km#UKIIPiaZ7O<{@JKHZ&3lMga>`T@Rm*&|3Ib
z$@fVcSW4EnDWZCs;*&81hS2zBJYZ^{!J$v!KTUWLOJa>}Pp}`&9F?#4m0v^j-yfY)
z*GNB3eN76F{kzU^hl-%1^EM3oM7pVP#r)xD?(8Q2*l2=%3x*H$PSeF5*24j#Mx6ew
z95<(szK#$jQ)3{V4I;=PCP`6M|Hkas*>_pkj-^?TpPeRLYATd~ySPK#YBB_NGW@p9
z(W>bf$Z3L09~PBSZ9BNBVgpM(K*Ap)^6in&NBzDK=O5Rg)~34G0^aQ53r<ITcG}>k
zR_^h?Y^(n$pCf=`Nj5GNml}_4Kjt5WeqWA&GWn23yc^`AYB!IqJZm5Wm6X9v0Kec4
zAMmMoA^crr`Zxxm6RT-&exyltcXFOE3Xz&aEl-KBQzJ#N9(%Ws**_drS;PQ*HFf+E
znuCXxZsG&_fKutDjT9fJj!%N9>BH;Zk(^_rlHO6&y#WZ74#1)*m|)f4O4)_HBdNtk
z)h^?=0gsxt(o~vNH}wBfMG5EH<?r7@J^eT2Q}05fMw5=S`-p^qB29ZpFu-g7oUh+M
zCf}P1+}!0aY1N|AT7A`k$};w@9$`EG;pkNB;xj6Firs(FYWc8J388%b=eQ(7kSdV(
zB-V9X_hzVDq^6Tr|97%BtQ#ZE_6NcRLFA13?cn3_-Bfa;EE+t7hG2SxWk7r3U*T^7
zsu6=KP^^1VlwecgHTdcbcJdnZk-|(pCf>J>_=0;kDjvs9MJ45KS3?Pqnv;9&{hP9o
z1SAYRJz-Sk23dX$Oq~aR`2h$S9QaI>l)*nY3R>BgI#hK(mP$LR220G<W3mx|c54rE
z-jVhJ27yNmQq3VALWs63AV=TiFcny+!cTIdA9?@dJ2FYWgRDSB)2Twixc~(Ng=<pF
zEBvnrg@HVCP3L#!*^aLQvLPRdQh6@+?j{lB0A%f3)jtdUD#(I!e~~vqqX9zK|Dx<Z
z%b$LNIN{p071*J25B+=&sCz!;0Kn9~ivbd{f&Nq9sACGX>bk4g-B^9XvjzMTRaY=T
z?S{>muQ;LpJxDxS{Q;ngXGq<MzCRma>IQ)<q)~T6-@!O@EJ@TS%3rJh(RM~>VI{;V
z<~Y@5RZfpGOeJC@=&zFa(HZPb{@d?SH-XyVT^_=yKFmq10K<z2)<4t^f#05{b_md;
zTYnSqf~5k<U?6{YV?n^>Mh~F~vfJNY629;E5V3gQSBT=P4Dh!){a$l*hBSKruUI#%
zfq;v|7u0a$C<8)dZ2JMupraFdp{YX?z8ZK8XgHw-vyT%hsRvWFzOK~Z@kW;PHz|k;
z*CB#0BENH~vvPEF6Y%rXxyE;S>TomQ`%Y`>i8-*@P{=rHy_{Ex!!I9>b^w2?2MQYj
z9R#vPohf`UtvpkG%?Wvbv;!P^29W*+s1Ii!T%<{GT6P39DM;a`@^KQ?okML#hHS?`
zV1n?2olB9>dGJqYwI~JXRVSn#S^(7^nVJ&nDiKJ@9XY*EbiEHa(sE&$Q!qOrrU5A;
z12j^O8QB0HkU%3KkXKcJifSU{r{Hb+5y$NVZ-1)51f82ZIt!`BIWOO7uHGdm%}`r#
z#7hAngb%ro8p8J8|Mr}{h#a&3EeJttgB}Q#0|i<{l(|AA>j>pA!i-8!2jX=CKu;Qk
znoE0nGC(=0$&ctjtq5v19w<=M3ukf<)pfKJwRw{b^hi{ePxS1#Mj-!%?;-xK{HX+_
z_KNaXiBa$ddZ3hoh`;DQ-fIBZ9lfSO@d8Lj!EY34t_F^dQj60*af7-I*ahH76Y~ae
zf0S=Fa0y@+*cs*DnLW8%4J0{3?EKr;qYxMdAcGLfFKTS3vAf>j>Ep<MBj*4L=y*v{
zEBQeLovhslH%^YK#6&^8LAA^@>ntWCCJv@JZSC6E-vghEDlF=moAbJ6SqIP3>szeR
zilxN7jp1X^;V|Glcdj#q$isP?H$=a=4Y601ryAuR&gBH|kOSpv1dWVOIy&0h!b|cF
zRL>&7H@B64?9qqUS)`8EF5(#*)T7Be{C%4<KE$WNQa{Rf?-SD!VH_vm#8J%S5`OsV
zJ|Sd+{BH5g(UYJ(4-%{@8=hJSc?*mKE}REui6ydm;0-&RgYTw$Wcn^1^e}`rYKaSQ
zSVf5j93Dn}!wMx3%<qtasCWdDx&|+&1_R96e_a@!!54tZhui>)jvDdR0HF>_GbOW<
z7^@BcO*6BHLy4>ekX8<<P!HJwqoo77J{af#WpILu>e<8(fT#e8bi*Jjz?W%4JLI&_
z=<Q{Ulsh<IpUD8vk$fb2?vLK3v4q<n*x%g(>1JugiADY2#Q&A#|Cbn|wbpzuh-)$#
zgacX>Irm5B(pc>64~*|_vFm0D$BF%&U_KJT9C;YNMgFdu|0mG2_v~SBbFA5)r|iFP
zH;Ec}b7aaJHIOIueY1DYdX{h?Rn{|^pxt@^ja!zso*{7d^dB_Zb5LC3^XrM=DiKNs
zC*@N2i?Uj5JTn@cjLkXUF)%{0WWYgmiREp?vU<!gGuD<9a^B@Z)`9A0dw6Vc0U~=@
zWYyOoQV8;e=fFHo=>SqeRM{YAheicfWP=~SNuo;~^#lGjYMp&o4Yn7041KW(OYhze
zco@YpmxfpF?0FCD#V3(m-#~L|7=zE?$#XVPp#-G)3Knhjn?&DzVHP82NG!yX=vNL&
zwR1I?0;@z+_j(3))*D=TQ3jU2d!z)k2!da6J<-E79Y(I_ponx&-X$|~A~c=gdXd+A
zdp2iCt11<8-P_|<6+~WESTOgvtq3_dkYX=FE-k(2)C07d)gcZ50rvD~8iLX`7|38q
zrNdbu9MN+O&hNwu&1Zuf)H}(KGU^G+?%_nd!s&z2YdbDD_-kPV`HfCw2gF`=h}xqx
zpa`YzZ=)_M3F~lWaVTj}kNAic*^M1{@2LilbHK#At@&Z%D=ty}H+#U}pYZj8HN>Hj
z{mwm73Z_J@)d24taD(9b=>EOFkUL*PM4)o<FjowMZw2{mm74?E{ls<(7R~|cXAI|n
zX?Caa!${w;7?|b?<blf95enBz#1E|BnFAa-=FpC`K4XSt-0dT-KH`SB)G7+iI|8m(
zM;*AOu50xN<Aok7Z^?BZ-leqq`4A6$#aEC@$R4-?Fm-_Y;WL3`kkLv5SZ;;=@BzTR
z8NyQvSyncY+z0kDuIv3kNdQXw2%_<f_4rjiV&x|?mIGNk(*v#{^viE@1C85fKc@zJ
z@fEl~7{fT1cIeTp0H#PD5Wt`nIoD7Lb;`3u7=Hmpw+G%h(evW(B}26*A$XOn>AOM(
zTK5HjkCT8QleT;SMT&21unRGwvuEhFT>moGTL^wko6H`rT8H>RcfS>#5G*wVvvema
z@a&I@Xd$cp)qqO&Q{P3Rk*Ua1TBuYH=+tq4AdPoFC>lHd6`FVU>EnLi9wgH-lKLhx
z5o_29Ejash7i-7~M{T~QCO86t)S~U5lC&?-%pcf`KyS=|Cr;H|01F-reTBZK+PWno
zgm%ogXlBw8LI)?&BonITi6~jJhEhs*U!5%3vq^X#><V1ruvC$jZd`+&Fk=@v5llP%
z)K!o;Y(OWulIkje6DB=_ngsmAq*vhdgl;vO&#Q3#$PSoy+6`}#i({k~pg?H-<MW6p
z2I6rdobk9k2tYonN0jO$f2O)H7b6SQfU2m01$w|t$D`DFa3VIR6WU6h&jB*)C#e5#
zX%HvrpLcNYX`ymG>`zHBDs;L;1pN-*4mBV8gOC`~GvLj1N+Rs^jv?@7FwqbY`hhHP
zl@2B%pZ39OkhOI8=MO*!hEGXZ|4hMbJ0<^2iD~yKZj4_)uYy-V3<M>0n$H&~)Y1|;
z0RZY`L^7}*)bMY8eJA-Rl@M5u938>*pD9dr20nMHW*3`*C47ZW{hLP6A0vWkfaT&^
zNDx8dpQm`h6XNqfPbpua3;#^vEXSySrevEMWYfQC^B7X+KcJ&0><}u+=@h}ASoUL3
z$X~Be;hE}%e?bA$;eV!x(>n=!f72(%-lqiq%L(|@T=~B_^=rWajb5NAzdHc!Z2pfa
z%?xGnpC{w5(1U-NkY|o_{skiQ*MQppVZuQ%hx~At`2$LjA~}|{_dkWC-N`^vgE9tV
z$#{dK4m@`pq9zPh@cqXAklS_!&?G7MqcHvr&^9%66hGtF;Oz{m#wgRq4-Rvft6+J<
z80FyxCtpxpfPxEzvYaz~sQPURtonH#er9eM!^b^Z`fVEW18-~FMvhs6Me^Z<Gw6Qp
z6TCi*0!KQm(<pGfQ;8%$B=O7@{32*!^6T*tXDbn6R2iN;Rr4d8|0ZU2FjFUW=z#58
zqxH*X0xI|JgfcCT1o_hlK`Ehp0+g!vCvrOk{X^gcSJOeaJ)d`XUXD`uGnjgIgk63Z
z5`zLo^#Toe+SiZJ%AN*c*YAL@(Wp2;f0K1uxg#N^H{5ocinC!nlVGZGkVM^aYi-PN
zD<=kK*m<HQL^H1io@t=CeQHM;VrxtZl+wzuHq8o>zYr8AA`%6$52UE+cbKo!s1V8Y
z*&r(T^3(EK{mxNdY)8Z&{KMc@!w%Tr=~Iiq`7#FOauwLH-GuI<L!g0R3#V=XP-Xwl
z_!dyNGX5VB>xi#w0YXy=MaL|=X8TdqHq;9pnF;8MX8W2oOTeg^Ttoy;m>nLg&KQ8-
zP2})z9A6}RKcI?3)W*ziiIJ~Y#GroYecyVLM%vt{qpFE{*Am=MNSN{yqX#5k?Quq(
zvco(A7IcL1W0x`jy=?mSK+blsuhGmL<K{mS3k}vWr@9inzm10am4gwr=v5%imQ!CS
zEx;!~B>b=z-|rVn)LR8k!JQ{t8`re@mk(GPA=EVIABR2NW~n4HmOqGkmpzI|2zd#d
z^tba5$h2j^5FSzhXnG#P0uUS#k<ME|N+|1_WYh&<!R2BPR5yqPp|A|D30RIn2Wpc_
zm<qXu6$4(+LY)Fy*ER(>?04{C#ema!Iz|74ovM=<b?P}DyQw`2TdjyBYj(*2x>t`<
zqk?0Bxd64@Kmi&?s<&mggVzCl@KS+_e*|C$<L^IAASF1NZpV;TxBoQriiXKRRkLQp
zi2uRjaRg!(>mfE~ko7P$dY$#~1l7vFfjWfU&+WH$aLMhTUkKr@j}1-wA|m|YT0e{U
zfqsxq+Yhn$Fd|YdJ`8p&+Z`E+O?4Lb#fo=pK+8ONxP9plyn=Kh@A1X6$6}kmh>(Z-
z_xU-%clml4tK4Qztqg6&U~8-SHx3f{_&exVTDD_CA4dsW@b$oyJ#zb9q^^Ho_3{U%
z)!qXyO#$aOMqdb?-#BQGIKOc?`JVM~b2<RP`onY5B$A`2dy3(p>H^iUh4m2gl%`ul
zD~zjK!zof2K(nP3AEq(B38eQ40eBc|EYHvFhbg;<Y9_+VSyoo{;~6-Rj(k17=FYkO
z;&P=v4TF?}<L0x=?M$GXSj8?|&Z?k#9^|tphH(lU!s#`9%Up3KVnmIuY7yeaE=CTm
z^nJTH-zw+cCh-N~<vpeo!%+IJ_Z-3*`x<eOn^?^_cJWAoWiV&e)w>7nOd;CM>|Gh+
z6(SmJ%f(E-I#`;neon2FeGt=hTW>PzW;0z^7*jcuxpwG{E@Mt8!!kvL$lrw&B{Fs?
zdEN69kINT*^Ylqb96?k=$Qk$&9+R9l)-A3{oG9NV#o3X#PvPjOe#H}Vvzf0;kJE;;
zFlOH}PFcK-ahW0($+?{GY44{QmoL6>YPpb!UGJ`5=#?%xkv7id3rrvbtVY*|bRJ~<
z6NNY{4k-PycO1y@u1=^-m$^9cdYA9t5FBK-<$Pa*RsOCdAkpUY%TgSL8T-;qD1EF;
z984Q47neU_Kswb$;(!V*({#CT7RK(gFd;lw_PM_X$ANXQf^je%z{<DGqnEa;Ni0&m
z3wRVXXRz1;C$)6CDuT-zagIzG`pxm$w@jlm@5QLznC4_^u@?DIrF}~?IulPT+H@vP
zk%Q^cB@VP)bmlyRuE3eN1yPQ%yCQ35(U})%MMHpj9;Oz1ku~8?p?MTH(<3R4F((lT
z9T5o&5eXv^2|E!9gKPbSbXw5@dR;Y^xIj*(u-hVQqS2W?w4&_5n2*Vbhv^UC(@I3b
zR7Aq@+Vo2W2HkL$4UKoz+P7Y5-vUQxl4(U}X+`Pibx$+Ltue*1axo3^F!9T9T-O(I
z{iHo`EjrVXL06cYiC;GNki|m8HBLLxSVRIM(sPw#g_9|ZUY8m8VbD#c*KMN}6$gG{
z(2b-Og+_A#=tMZK|0kl)!*qr@?jfxxfQu_S(=s~qdUU3LbmmW5QFEraR8A&-DURz-
zB5Ov`nMt&wFX(kIvc#EiGQGaSfqr>^<nc$AxbM77VfRE_3$+I#qca(3MOheh3pttW
zBsl8sinu0e57ft~Qo_tc*21DQ-DpMSnBv+laroD3CyH?Rr)Uq5XhnzVb%lUe23;T_
zI$F`I^t$($;~Kb_9$n=ayD9RaQajN~<U_gkfH<uvKdoq3j4HdJG{<!v5!ZO_0h8!V
zJ6h2Idfg4?I2k@N<;yW;@{9ZT!=zlt!pjj#7BV5YDE)K2+F`GM+iHlyCBkEikn7oO
zF9tMOf1$%1bu6xAxtbn*a~j@8hZ!1w|821#itzCZ(<nmnFomvn-TnA>em$U6{_5DL
zOo`U_?B|(o`D1e*d|kJG?11IeufB+@%`ik8-J9qPx@TZ}=hCC1iqHoi%agh0AHtg7
zZdfX{nn)sS$0a7iKWkV}42&2$Zr3ms&k8GEdi0><N=vfKhgQcrv4}-k2y4DXE06ga
zRQHAL@vS=E?zeFb+5<}>yrEIg+m$|*)*iA9I)!{_cvn2J{j*Ebf-9(><xUc%6xqaO
z#1_t@s@9v=h+IFsym#%I*ZntY-Ht0ut51#DR_wozF-r_PO5k~{xs;0UK99AjUwoGe
z^0NG~``qHcqXK%~YM~ZK75=4)OZmlZxk~5un-z_|v-6z0)mEF%Y$R&*@|&X3agBs^
zOt055Yw$B(pLxIkz&qSc*x0-wM{munw;#iGqnR=t$j!K1VV<=jfglFA_a$j}+K5x<
zl~o<M>xMvn48>%exMb7Cvsc)2jn?zdog26Ag}eN)ax+iQVpI0(7yctUTlvRY<;@B+
zJw{ejZ>)}|y5i4?*z-B_D@t!y<jH1-j1B&|*Luo%+@w3nb=4ZyS6R0{7CJRuJboGZ
z`X=SullTvRR1zlXUVTd+A<K?;iS!5dpZ|%I{8(Bx(=F9<=j_<G1xszjH<_Fb+2=7D
znvTAz&Tl_KbNVdeoAjUWhLT>&3|4<y=d8e|5zb$HVhn3i|4{ZkVKv(Fw$;SG-NvoF
zuuW~<wW6aqQCVv<=~$*W9<S|9CKV_1L1P~jt*!4A&RH>kdOlwaPcmEXmkvmIO@3PB
z$-8MXE1qp<iEklJtzzV|CTQW7o<>6FpDW4vyFR)!E@XPf)${olGhbTaUEv7{#Iwq2
z9b?_9H`Q^j=8)c9v>j`#V@GE1q)c$T6Pu-@&t>Gg?B{#_nUan{xNeN<`-GWs!N7Hb
zMEscR+3&R6R+@z}E>(16*CmFvOslg*7K!qvQN>(?d@ZQg;o>Zxo?k3g&0AvFN_$`8
z^JkmQ^Ff)s`5C?7zCL8z@UiupuDsGG3QaEeQTi)=whwFHbbQ~*gvq3b%W-CBx)ci-
z{eGfxC^IPcQIM_}7s9&@H&wh%dt2I4gGhUx8PqGISgJiC^*ZZZ`?XMuo0dn+%$9hg
z;;fY&KJ=z>S?*;If`iZH$<<nk@DJCYGX95em~=VzBL(!l6}sJCXLDb>-gtKzjpHym
z`F7LG7W3c_e~b2BQHZ9VgzbTLsR+|pn5g`xY1Kgw(*ahrOGL%#_AOrf7yj#?^o?HK
zsaDq;J96rLP-B#Iq?8r7^z)vjNK=mVUHbd(*Q8#ej$2}Mj8{aI=&L`&i%u#2*p}UT
zhozIXPA<SF7JV%mO#1RvD4%5@=?jh4m1`<@{k@X6f^m^;_ty9Mwb>1(9GqsG({&8W
z*3fbD@3TIHfHHm`K6QE?wiK&-s$L5%(|tx&t6H$RM$I?IJ9yfpNAM|G+WoSyZ}fB<
z?q-+v;JSSLYlncd<;p8Me+r7M#27lqb#OPIyEdr??!PR2uBy;?S>?sRTW&K89@x&r
zZ>uC#&gGl$2`^l@!<O}Z@&=@2!s~KB1~C4&mnm@c>Q-B6a+IWP(zybS+)?CD8T}n`
z>Eb%O%B!Z|n;!@78pF48tp~>L9)0j`FDv@*rF3hGL`dzLyeBsT5yew{7p@=U<=*4~
zUVefsiVe(>yR`n$Gtuqxv6U;!l)c0Gl&br;EtM=LkG6Rh4SIDd?;bTzSXO7<H+u*S
zA4Csr*MB@0?@*SIh<h(-E&3qZ^=v%@zLDeD<j(D~aLlX}Z0f)m+62B&KK(5Xg0K|J
z8VJ<<R2t6+zrm<9DK*$v{hh6>^_FCzKirVj^IfDoJZN~sQt$0Tb*O&Rm6oGa=e#=?
zTf~RBX4l>N&X0Ak%Rbl8Jg52zc$m_FDU@W_SDuvTMC^mOv)tEr$=xe`n0HPXWon#(
z-oG<j!F$s){(~kL8n0OGeb&g`)0H=K*$VBb_0Sj-`c*?>Yo>7jYCo?v^C$V|n7IN0
zMZ@v)?xsP1*h_0=yC0in4F_)T3n}n<2~XYp!|bVfH|Gj(PM=1E`M`y3nWO%P=HFS)
z&fQDx<+=Sa(bZ+l?!B%oM95vJ-mlO-AS0}()>N(h$0s@+!SeYMdc88o^ctU)7g@{>
zqHx{@b<v3W5n0*Fr=V#aaE$RQp5fe|^B2TA5}>TUw*#fixW?N2D~1&Fq_o(!2OfT8
zki2@1CddRO$lT+)>ZjTp>A5!}KJVc1Yn!dYzWnQ~16S$S!AP;`a~96^Kfb-udFHes
zrn8>0WkWnAdFdG+o3v@Bon-k-1$)01`Ll56MUIr}6zgQybETJz-MsytO{WSO30Axw
z^>^2O^?~<4cgr6ep9;c1)GBoiT=9JKjdo#Jy%<@)Z`32z>>85A)ub35aNBZtT`UE`
z`ztm+J9phOrF+%2bn;b&VDGu8AGQXZLP_j=#|dM!8(;n2zm`mN4~TCWwEUAMe9;JX
zBc@K7BeMZpc)?&wG;z<r@>Z6(YX32+g0F^G@uF9z^N|sLqB7%-Q`slsfLF|4-hVPI
zgZ?K_E$f~BR`7Xv-UU0MBHZu9oWSOYitGxL*<45e5=Cn_X_Ent{Kp#6cOAW_+D-VX
zWsE&F`g{Hp`kq(1<V_HC&&lAqcIlp$l-W3=d+Ubh#rU<S(~dhYQq^1+{*!-rHQL0E
z+bUKJ(x)AA%FOv|!8n{fP%NKd_;8trp%URK3!kxz|CH>Ya+^6mG7qN_>wg1o{=NLt
z%Z8_A^baP@wd6{_4tvS^-TA%gqUXcl<I~HB9?E{QwtdW_b{boDUG8*)h>(}bv=lQQ
zli&fTb6k3Ru3Yl9`HK8lSZ$A3qN-N0VxQ^sw!Xolj9~PY9liIY2Z8Sg&V<}qUaqn%
zc;v?ZYUSWG=2Vkze|lN@#C6d+%udD0SYO4b6=Nf&Tb6!q1us$)et!!u`7P!B+IyA|
zJYhb2-E*E0e8a58e<bP5#%0^Fd`A(XU%LfXV!p4X{gq_perK~pSxWL3NNYmlRgKR0
z_1$iFjy@5Wk$-djHuHbM+!qgvowJOOvG@Bs)dGE8Kj)Mhm1!}4&!&?N@ypwhKkf6-
z^yHh9OMw*hy?a1avVBm4ONDz{+mll_H$t<$X0o*$3{2HmW`Cw~e;TN)=c@4y{dJw|
zsDJK1*Zj<Lg%dVis>Ng0T$yTf6NBe5sSI3ilTQoZ>U?g9AeYi9_^%L-GJMU<hxsSO
z8+{?Q=5s$pNsPzeIqSzxW44for|p8>GC8DmML&BzmuwULZ2n(rn9Uvgqsz<F_?_Oy
zD=ivXTuR+n+O#g)sJWasPN}_A%jzD&KgO)qn|kpFBaN|sw4^&N{ZeR~PtM1lqbvKD
zi}4x*Qnkfw!^NK2eyMFeP0g=IBWq=FTD^|mX~D@OBCqT~FT0!OR;@AIm$LL{bCdd>
zOgcQP5PF;{I_cH;DS6a`Z6W$x=!$#8?Q1t{&M<o<ub(O^lKCSOdrKqX<EweXL3Zqe
z%O79ZrSb?5Jt_bGuGu_kh_B0|`ijrx^QjBmcVuOlOy$ru#;G(_Gm;($HBRT4+*6K|
zJ1(ZMU-4?yo8?goDeEbI%_gASamg#NCihWtS?^ExCNZy{fvd#z-<j8-O)^){2`bq-
zf8UXL{C2>r&A)~>aR;59@#^cTBC&=yKE0cM7kiR%b$Rz$Z<}zXH-0%)((_G4vX_NW
zCQ_eh{GeAhn7?;aoV@%v<GbFXH@i>Jtp>KD2H~#)Z<D-5cCOu!zS46LzrZEE`RW{a
ztFBAtJ?fEz6k+Gex6&e$oebdF&2zwgH&Q|y!HKiZv-4@WRuKv;HjN?I;%&=SeY~Ab
zrtd~4+w?Q*W>6q1QcH;eV`(Z<wik8h!~1Gi$D~m&&Vy-qc)~RRR18H$;(aOJjbHlM
z<<fT}=q6X=FK|iw-zpmr1)lEEVM_jy`;hOWZ+D~q_B>Xfo;f@4R;rY1VgPG!z>da)
z0e;~2EVbw=qwEmVsyH=qa_P;8i#Br#rDKKJ;L(>V@3w0<&-&yzM2pJz9U7Q0*GTkP
z2KNZ7J-vKZItfhTODPRU<(#&?YBwj+jJ+rGQQ(E!oAa2nLnbhNxJ1dI@Y=|8rACcc
zqC+wip?10yx6M<LwL<&%>?92IQ;g&_e|)oG1r6!)-7=K+{Yq;)r+wYQj&9Im+od<u
z8T^K0Gr8;RF<+0vg9;lLaR+eU4K^OI!p)r13i_2_>`iOy>+FU;tIfPIIvUfgo82#R
zlDuoW-*~H*GoqAUl4lYse%_R=MTx;a94+N~Cn}<@>XPa4+mB2#H-z4+&eS|m;;~u%
z@w%Asa_sI^D{~Jv1^l_E@-}8)UMtVdtc9AYSp`dzpBf)-5G3lS81%?*XF5z|xQ$~T
z5E4B=XW&6=sTQ5r^uWeJF*zLTprkvO+);0K?}6&)ZfJH3i&wq7tLS#|cY1E)St)^(
zx>_zwmhokd;bbYiB&_4Z>E8PTj_3S@F12V_BnVw%xO4f^;Ljkj{@mfWT=LwN3=coP
zi^yCJ9`rww7ss3e<=Xvt=ggM$phipK3is+CshhkS7vN=C!U`#g41TAJ-D!SZ>Dfr^
zdnTnLpCZX-k?_$S(<r9T#myypD@KH$=67~3tqvp2+fyGy=wTtr#NCzcljLvk>%)yg
zzPIlbTf948*cVgklk<)CxxE4er2vAPUrxKE+&$>+Hj-=ryYwjuXNev7D*Ah><Vo4N
zJCTx4z6UZ4xi#4)^?*)`e<o&L<h>+1EB?jRKzgiS?wpma%tnrv<sBcNoYq@0*D5mD
zq<AhnHO0vf<X^rla~mbpCQ}nF72#%dByiB4b@ze0ODwy|nGE%7^7PgH;<MQ=`?sg=
zXCFK%zM~>q_CzC@b%(1k#;6WM!};uygaJIbTh^w|CP*<RpS}Fk&UbyUBMIYYP8EB9
zvisjyJ!Levkgf~GxA~}qtzO<JFZ^`p^WD*LQv>hw{4B@!S|o=*1r}zGOdB%Ww6nB%
z-sa|M5{!s<&A9U`8}nk?V}mn5^vPA%RWpfaa(Mwen8e)|Ul~G4Sl#xU4jNzU&MWFB
z>a(+Oa*4t#XAQ4KJZ)NVsdiXFhv9VTRKk3JREYdaylG<+KQc~~t!Djs>n^w=yC0SP
z&f<p40{`s?hG7D)?$&l~(4T+fOJmwkC(CxWYJ*_;)VlPm{plxRc00@V6!@rbMQItQ
zsk^D($qbY5{bl#8mt4bhXcJRL{e9h;$eUMUjh2m0nJD5@Z|VLJTG5GFvvJLEdZt(A
z=`+J2k7KSFkh$$7zi{(>%TjAAPYZoGT1U$!Pphms63>t=Xl_$;-L5^AQN_NzFh~)k
z{OP_nE!&90qxvarlWV7MC0->xJxFGv*(d*)n-me;dXkyl4v({`mr7KCZkZiax(B7B
z=mk<PGA#4o^HACFx;l||Xv!vbmy;yhB6J~ln5U?YeXtj}i`3zhaN`%hZt#BfZRAf;
zqY;eW!Hy&}(8|Ay%>@;#=^5QGi}Q(7Wvi3ZK9_4DMEVF$KjYE&xs6HBs=rs1+k#)9
z;_24aQ`4S4n3XK%BCejd=1IR5z6a6Vco{A}=U!5)$9jvSeL0y`%#j%X?b7-22O3{`
zYJQ8qImbUfE4rgM^cvBw_g(z0Th5GD*7`-ghrb3B6Ja!$S%(>QtwddqIBzD_KHD-e
zGZWqQk9{uST@ruf)96@Q#M{L3a$B_sv<eOg8~szIC=Fi2gv~vA4*qr2y6|63#be!=
z`Y8LHEmY>h)P-xpw(}PyC2|v#fiECVtXt>4AI<kAp0*BAUttcF4tSNhdK7jTtI_+%
z^BqX{QCKW4Z*>7YoOfY8KENY(6+B!B+K4|?E|I1vMg+eU99jJRgzUGsb4mG)dj22M
z_zuqb<tutptAEk4nXV^~LC1`lfRn04E3;_h>8vZ0Or;OJ{i-;1(YaAfrNSa7HlmG2
zZe(jm|7^-&Uf74I&q|o~k+-_gyHODtmrI8fjPurzjuFm>C;`o-vR+IFq>(>xH`*#;
zu9|Z7P}gXyfI-^GXj01@L)be)Zy_M(iEatXaGbk!I2!G>SMjpITyok79!gxJW4}<f
z;pjj>?d-CAn`&45MVeGZO=?+dnwmMzBbw~(UQ7>`@pRv76bL@<Y2L1MpLmVk_!zNg
z!aHIjeDb@(2^6^GA3S%}%^2nR1ijM69`&bs<d&K(2IUyC5LrPgy&9!O@cdm8bkPYL
z+!(S%3=0^IQe2*i2c2j%N<R7GI8_RHv2;&#xTS8#d+~Ki^$B9Lo<VbZ;!32Q!=Lk$
z5A54*&t_8;=NIwoSGG@Iy_@r#fFNjD1Wyn(g2=z&(;Y!m2e{$!jxxTo6QmcUp%wZI
zqk5sK@!|Mej7#M`pIak)pK*bn7?%vxpVl9<dl1c~u)UAp<<pylL4>`|mmw@>-zhD7
zhmPZA&~{S(Pt)KX(2xJ{`y=OIqdQw`KOQ4LIK4(kWRE$6y!WP8OCZY0ltF>EU$}Df
zh9Pyl<;Ic~#1TYTU#<5aOewZK%UI$y>#}YUmP6o`J<CQRMs9rBSgcC-ZQ1&BL;Q{L
zV)qxfiJ8`i{m(jGs=d!I9xcZlxI{9-_)iX&?s0EJDW=n<d`%i(R{k7%;LZPFz2U*?
z9^oO?6(Kvz^Aw?l-^9l#Apx>?>>e(u>F3fQ<6bCs$Jd<P+ShJqWBs^!U$-FdYX1kv
zd2H0&0>7TGR?dOb`-|!s9=_5Aizmp<i)`N?Yej}QnT@4t*-5r~er`s5IghO+9~d2m
zcwcaM;_oxeo!}G|+AV|GJ@Lc{6MwB#ZzCPiCxwL(!k%h%y<Hz<r$=PU4op#6l|HcD
zbZd%j(3mmlBPk@;<3YmK5W5!7Z+orf5+&)4k4<tahqu`A4o!W^SC_tEJ5yQIdw2Q;
z<Up4%+(vC<EXj#<)fWV&qY~sievbt`>-6DAwuPXuEE$f{->{IA!Rm-5HQO|^+`!29
z&A)msQ}+4u%S|8(2U+%2(1ZOo#`2xP$Ev<zq-Q9#Dwv}p`ZmGJaz&wh+C)Pp5Sl@@
zsGpnSZ4?fLnxuVB2{t3_%`hTZk(%UrqeXikpKL|6!-}A^T<V<4W6XT?Q3O~kBBV91
zzr0{51on3Ex+g`>!wLSz&!KR2_88wlDa8FAvaMPg^9rth-AE?|T?p>a7evf{+3M))
zC#$HfhCB|ng-=<3vRF+Tr28CoT@ALZ8PbNv8%+m{^POu9ZT7PI5&{tqda#WV>}YW)
z!8|@=>T6ezN%xFGeVScPIHkLsIPQ`YY)Zkko&hP!2`SY&|CvTyJwsFt#uBZq>B90~
z#a;B7n=e~^<^$ZX>C49pyOYFsOOJi<TT}OqUiq&a+hst5A$^~gSBH>rjxV28%X?pR
ztAW}z+&zDNi`RQ>Pw@*Hlvb`JMd~iohM{r3u!nOyFQ8Gunn%CqEMRRD$5T`0?W#Wg
ziO=ZZkRT5ugxPRH;Zo=*-D<}+3ApVCoUoqLvuF!N9^+xjv{D+Yr_E<NX63h6_C8Lk
z<ENzBngb`kcohB_8&z$qSl?I3cOsMx8?v1(ycLdE{yCP{bYtsvWaz<3Nc94AbfHDb
zvVP=hp4Do}s9dm}1R|*a&Biul(QgN>sqiIzpi+K^cXV>l-+5`&7X)37fgL`>bmv?9
zB4m}<!{<Tv#KmO<e^8S*ekB`jg)q?^Uo8$8%0nCmk0fOXylQ-XvYELF-HIr4b;tOg
z<dDRs&j(M#UnE?}x5AI@<JHrBa$Eh!#`#CwUAU3JXHsGQx)!hClPiyXaQHG0tEKX$
z4Bs30Ap|3Fd!?+miFYv!`BJ^9!%wW{!M*T9$rR9I%yiMNTomlrKBMMRd11gK104Jj
zzt_^OsIbL8!eEm0Vlah-nQ~-LZ`rJu>M#o3L3`=VDK_IV`Fpliu&~{p$8tP@;V#G7
z!zri;sW2nL*KWr6HPiysV6oo!@MShG=;g}M&crfh{-kFYQt16Ayp5C|C1=`-y)*4o
z(m}G+yn!ZXUr3ixQ+bQ&r9bJYd?6U6j(fdoNutYG`}m?K<`qm+y#=N-^;<c(xS~07
ze4J87N+0`ge(asw3$W#(&^+us#cI_&zd;zed16}bdylX*e`x-Sw*k6}p8POr-=P|~
z7i|rfgSAo`#wCr%(9gZnRME$8D$T>BE{;ILx8{(DGsTqBpp%(LC<xhSY%eRv@a1%=
zHEi3<E#HZ>LhAY<#|?@wH4B0fPvY0^IENIO&xgG=f{xHQ&ls{(Zd`eH@T1=;qRCSb
z_uaH$!j`+QAOwY4A5jUdaHV8SFA;aE-5C{NZ^E`chEVVV3OrseD71BIl#zYdA@_&;
zcK0c{jwfN`$x)*kTbU>|s3?K#8_-1bEpB)`@m>$)yKoI$AKCLMAu>a<iHvw7$>^kV
za#VOqdT%$36rPd63l2IS2&wm~?oin7I6<`C#?Ro1A!ZHRb&aD>7xLyk%!V%^Ctb#V
zq^*8)-y8EE^{BKVYkGxz+RU4%gP1%1ZZjr)?v9;zDxdH03!r2W3S2<t%55RQH_JVb
zEXErN872=^TL+P=bfBeU{W|{-5PZvrQg)fPYv>aK+;<VZ-4u*^qfk+S%<^d*5qeYi
zq?4PCxdZAoQSsi8FHB-uGpJ7Mb$jK_u&um|Em?wc*zd;Ft1Pw%&2Z$?ct(iEn8@S%
z<SKm1Qk%4G**!HBVex%yHmN=A*VRKaivP*C7qcO+kSAf)^V=v0c3U$|ZGm|Am-hC}
z`3~$OPq=4O!(gEebUoH_>3x02JOORr?GECvebOoDQUV@7`5=WF_$rR1)OgJNe(%cz
zlJ&i$2nz7rd)93*Z8dVj|HWrq(92v1wl%|y1YHQ0j4xEJ=m2{Lk>6e!tk36L2;1FH
z(3=>pZ<WhyAouq+9tT6Fk6Vr5l?Azxm#(48FVkJT@g4ii1$WfDm<A`|#{OXPKkhnN
zy!XvGsLxiY`pj5(SH%lc{Mxq#JvuVq=Hc4aGpzSfQaGZ@N_Q(D1Yx0!F_~Nq;=ADZ
zIkX##souOCG0MABalHOcuh$yCX^qfwAIkk{mENvUKYerqcs_2#i{fs32so(JEUjfo
z_?{AiK;Aa)51CcAQ1J^Nu4{Bb_k(Ay7f*NhJDoH3c#IG5u6HM!Z&!c09<-@4{p`mc
z#+M9%XMl+%xTe?W;WBiiIY<@thP-SW(MtZg!xr)oiF*gn$u6e<=JYTGHF6q0f|u6J
z+$Zxn9!HIRb{RUfO6U*_b;eJ!7y73|B0f*o6Cl2Xh-DIE`fmONX^_RL)mMF~3~vaY
zxTU^q6zSJD7vh9daHG8(Fmg9<=7ZgV6oRdtLZ0xFbNsz{f9hRI8f>=#SMU59gNNmJ
zkhuHz+qk>Wo|H{RhTm&_{K(5`=WwHHWOJHC>P;V2u+m7I-%*Xa(qfvAu({Dbb_2EC
z0>3&C`uX4jSkn^UHxV`3_FC27X09?x3JTl%{1_7F)ZXl|EI7>@`Q=*ETqk&Q+CCez
z#$q&-!;67kSKPr%*=k6Ie2;+5JU?LjvS_Jwyfb8)Bb4`ZBWw7w!8qvdjb|prCp}3w
z`+c{um<2OItw%_a+MPgLzoShmCc;19WvfA5t8oDy2`Xr)MM4e*c0VmGfYm*Q*nvk7
zjd^H=VfLSzT6t<^oe=STuD?p-=WULieneU2@Rn5Pur@1iM$XmA378Q&BHfX%{p}CB
zKZ4U74>o^lEq34|wL9Y_&CR^Ws`@{YN^U}*`+EbGg-XaGLw(blK10>lT5Qz6MB?@f
z^KxE6AeLi)#tjg`UmmTuroqX(DThkJ;qE_cmS7s#h*&rKj)9;B7<qBktAB^o2&+E}
um%Oo?tGSba4)>iFK(>@v!ti?FMtDOLi9$z1L!q3azD%PqRSzQ=X#O7_V1u0i

literal 125900
zcmbSy1y>tgv^GvDUR(kcEhV^Hfub$e;_mJ)#f!TZDG(@H++B;iLvZ)t4hiJrz2E%>
zH)~DSoRdAzo~^U@oD=HkHwgcIkl-iT-d+Ui(EIaY9{ZUQ3rR`cTtvdR4nS7alyK%;
zLc)YuBV;y0@09H@IcfY~)=tbZy5@vwvKUW)6<5uXGze7|QUN2h4h3&MN$XiN13qNj
z3kh2O9(GgNyS-;})z{;3-OqyhcHa9fWGHxKKk~ZaBOoIfAqL(dB#_}=&?nFl1@Iv%
zWbU^w?4bnHO<dGvyhImU7AvxJ?rd!jsXtwP>WYDF1Te2$EfMMitDXhymshvZ9djt^
z+FKh6vJ_l*>l#HcS<mzSUKJ6oIZr-&iWq$}7>q3tnV@`J^?0@z>vVK*9(!8TQXFA9
zCw!ztuZg#wwHRadH(K!HHcbKFU^Ab0fTnZid*@2q(a(LX7X08KK1ipqB}K}CpzKwf
zLgHi*-*Na(0h`{$p`PVg{dWSUUE%!g;Mso6=dqc9=99QB7`G*f?EGwV`x^OHLxI5h
zne8m@^xkRF-sKU(vE?1RfIL|Pr6N-C&Tfq0j?S_3<c+oK!G;g?#HVP@5GFo$b!JJI
z({TH>`!-@5c7L;d^ka=S=bT!41d>kpIMxVotUK@Uyz{FW*<tEyuz6m7Fw*(u30-Z$
zYx6IxZ`WLwov5)-34cx?VLJ$`A*k%~xY6SE@K*O^Ja$d<Dk`M3*A_*5c)4j6Ld&hB
z$7!{a07V3AzC$$dX2WSs$1o+agBA)LrXWm-O=DF;5v$AjXMoAu!(HzYss%nRD?jxT
zIflsuUmwj)jL!oUgW0Hj=Y?OwbG-JaaXoNQ5M(hW-yviYzGPZ8^v}gN(%p7Hui)tr
zSGGNFkYqTYl~H9uyVdW<S^@CU9I>W{IG-v?@4c>r4Q_}>QWZbzL2{w<#ara5H2;Cs
zheH{$u8Rn=ugRM|&Rfk+dID^eBypI7p*#P#VZgl><S>29=>7nJtUFuJ-Vuu$(`1}C
z?Bjq45p6;oA=kPPb;XjZc5=BlrO{ESUa<i%$8+=+QzB2`V`Y6X>y8{9(wkmG#bP@6
zG;`_?dmQ_YXNXuGG*55Y_pcZfJ?tJVbnjGwk`SekWydM0ortk}fN1xt%MJSgvzE_r
zof8j`EiTmmvuctP52AhXD;WX@@&}0ky2;Fhp&C@koGo;65`0T(9$0<iK1r5Os}B67
z=H}GMiOMJ?iKvFB$ZJo@*V%rui-a3KvJxWWKdYir_2*SQqRzzz#evO#nJxRX902pR
zKTKH53xF0%P0$AONc)tA2hxb*3Pr(Rb#&(L-M3$9%x}{H`Wjy-%*Tb%wrfL*vX*_?
z8V=`u38f;?F`$?^b?wV*zYtRisL-+)?n`wxYwbJR;(kW(ek?Rk`z?-!mIWPG4E8}@
z6he-#w{D5r?&H%N6u%kd#Xdtb!i2WPJou0|j(=X5%cprF>Zgh;CXxFM`4E9aV75n%
zT9Z^nB&s~a2tZ9VrGbRy)12j67fvSDJIhJ{QHEOYK12{BP{jTci`H?IyE8Z5K<*-e
z`#Jpk;Mm)jxIXYx&vCXsb`Q~G8PPo0TlxA#X`P#!{f<vj{*I4$u^pR0*k_Ve?h>SH
z##UCWW8OKnW^OFd;`?1k)so<Zt;;q>uP-p=AAJr2cjS^t(46g4w$$kNbh3wNzb{6@
zo`h26KKQ-)+THm(9o@n%#Ibc7f9y~%hWrToS~pt$s51`f*lmZ!838>tYd6cw4#J4H
zTrYR^aDC5s_~(93G9<Y&Fgh({?}epuCp0vR3Tlo9y1sSL?auH2VpNCF#ZT3piXjq(
zT)l@Fub{<$GTIguruETSMaD3Fr}3xiBYxON!EfJfw!<vcy0eb31j@!mgba`+)B0Q`
zi`Ba+*{HJof@Hy(Jq4j@Jz4#XP6miZbs9Yd_^%@oZUG1nnEUmbF_BW?H<D@eNv?4M
zDl$x2%BmXpm=ig?;MX{mMIF0Lw<6o<nVPvPa4<r$e7FDawu^8-g=-V0oos-#DT0#_
zd);phLEkJF#*&2C<d(Bx?2c9F_r3_c2&WjsSN)@xJ<_=tf5}?QN|c*ta3T0RDsN6t
zP)qC<jS4<+3z47Qe+u#;F#BLq(4AVj#W#k~bw5pQy_|*8;>1XY$}c-}rg|-!PJ@1C
zRuCS*;AhW;S=)Htd+D<+i}#*vw;K>+hL~i5n1IQY{9-a6Pg9h>ncTgD;c~Gt4Zcu%
zXG>k`&io}o!V|kX%dXb-D#};I;9cBCiOa;y<63V{|5ugsJkaWtc1O#fjF>`0B5{rH
zVh(>pgUUb8))#HbO4y+rv7EF_jiwt<UQkQaZ<FfQPDRgN3i1c`A$5VB38g3lG$~PQ
zhWvC1IB1gLf@BUR1(ISvNvQ}JxhL|Zlt5786mvcn|ML6M5L5mWBeOGN85e~3kvUf%
z(j`}Jx=XNFd~+lS9px70FN33GUeH~t(#Luua#8T(1&>a+h)d-ndGF1qdy(pIqHs|<
z5+&mTCn)^ibRi`TrfuJw{PtgBKMynL4_1GgZd%CnJWIt-eu23?;P=r4!YkSah8W7)
zW@_k{z>l(cn3h9=qc{ZAU@<Ng924q6=UQ_h(}ALKfezmi`d9?=Dxu6<kN9NBc}!=~
zS64*@!&z>nO2a%B%hDpsv3X&o$^a$Jxc%SVYBIkwr|9&GdsZ@>R_AMIOcm31gf@nU
z{!x%Ix6rl7WOiZ|pQ8v0BqpXV>lTZ}&khDrW_8OwGFQyz3>>}L-Sm?AdNwBnfaYEB
zCIs_yB;CP$eP0w40Q?*(*t0?#lvyut=!7dR3wHY!j_RDACTWBR$X2rBX3vqAI8zgo
zgzJ@Ze$KAZ2w#y}TSFI)lAWG*UP(A+W?bVmj!b(W$(Eb}bbE$#LIG?_hDfzLIx?l4
z9|ArobzztdTD{BZS8Z#%fD^rb@A_WsBgYGDPOIAh!L?lcphR*DnHjG6dQ&^Cjo--?
zkc^;H*uankn+{yf_l2HLSU^VSiDH<)jOn0*B{4a^3)jF`|NX_ArqG@<M!^SmnUSXY
zeYx%<+(1go3AsV7i;7jLk>80!-qBC7sg}1pyL13?10<0rL9&m>Pk|)ymZE{Ovf2yx
z1fx$cgSDR+Q2Tlgw#_EzW9UZ;u+|Al4So*{H#_3i!kqMS2xP@~(Yai<I83VgCw}!Q
zi7_ruxMgRXE>4U(yKLdfyvvLLY*px;C#`4QXGkf%cr)yXzHn~cBgA_c`!L5)QkK_v
z8l{NX9?O|1_l826K3i6iulR5);aG607%|s0ZM}&I)f^F2A04uUXekZAyM!9s%E-Ip
z517dmjxj{gd;I*43oSBkbm{h*M&v-XbTlq$qk_SQmaAfZHt5r?8Cj|$@5HoO*xBSe
z3ELOWfR7^m^zqNQ&rpqI5lGj~`4OYHMwi#sJ%G{sQvB&2n0)d~7X<UG`T}B@?K(&|
zV{v>RAZC>WeUX5J9Fr{9j2QyNERrf>Z_eK(>v{S3E+xx~-`u3Smc9^d@$Ej(QZDqi
ztl~QmtO|x>#y2o--m_JqCU%9~fUOx9vokrq4qPwL+0{;JV$uR!??VPxK`u)8fz-Cw
z3-}@dduA5Xa^3}UC$6&MZZ|2eYF!G0PqzuKKufFV^ytxYtfBdjvXx&N4YK53Iv40C
zZNBDFGI}p`vC{^`^ABGz4vP_|<-9-8T7SY^uiEZy-wwcF=aKQUocsA^?M+pxdt=-$
z<@o9eHEoi(l#L(17Wt?VITIKU1P%|@J@8t11exq6Wluy+kf*sL7RgnVDlyYc56tWc
z=6@bK4++X#-#E*PEAakf5>1Ose0+>ceZ&Vb>8WFy7$Gq8>lvUipBp~-dhT4IQ6u7~
z?Rg2bmRC08JoB30(wggQVA6V)IBR#r1zH{ThOQ*s(w2AJO6{pDcuk1i+lQA~AP_Vt
z^&i-7xHLy?4{O;TO@@F$UgiC^2!|UkeklM5KA!XXDiMw*^SG`M!a+mm^|sJ8GU=DL
zGg@!^PVR;|%iuSYM>G+kWCJ2y;Gb5*ockpKz3G-u6bF-aU8xspo&GN(nd+eLA(oPO
zed48@ljLLEj9~!=ky|<DuOvUOb~}AvMA%D39zzZuX(IlanSzQrl_jv??WDb8>>#np
zj?w@FfdJ5o8i*|9V4o&pYCWBa`g$y8E5{O0DS?a)yB>SI#!`Q#lkz%t6ZuCf@~j4G
z2`N^_lM3%oXF|RfAsnC07rULD#R01zgN~GCy`tPiLOH$0N&`SK7rWRo`&($_*F0$R
zmr)mU)MzzRW@E0jZ}RqztU&KZxWT7R^AwN8^gXJDI~aYNO9TZkTXZ6OLR89Fpxcj=
zDm`^)91*^*$?qp^#_E8-i#2X1^Kmp^XprF|<Xgj(c;h>yMq}4#dnLZ~J*H%Y<H*4=
z-XK-)bw-gMV?5E=0g-5qNuOzv7UaJHR4&aL<QH=j(HAMlUJs-qb!u=C(k<qhOTvN8
zjMA%edJ)uc2`rfL7&rcPdECCXg!l1*fZnk7w1_q113iCua&+FZTL=?rFq7`><jEW5
zUvW%$!NpA@bwL+5LRcmjmZl)Lu{ws|;bd~puJOIRnuGb~%;bL|m}um6=^y0d+j#sW
zQY+bqxGetJi;dMrSHmumBjQX4fbQWE^>c?$NFyq)#l7kqX!6-{45Y#4VB;Q@E5}$v
zH((Gc5b@WZZqL;`E)6jipT(tVYOhci7A-KiNLbIcZslT>Cfg8=tPU1lJGWkRDc?B3
zzBB-wECs^pfb#wboL)oe{ju6ghp^Ausp}_B^G*L$icK*Fj54IPU5c$>d8QbBMj55G
zbF+7F<cJ_Y&SfzR!HR2nVtaTppt2=+<w8Dnf?az67|c8x<r`~=27z%crWeMK<l&{h
z!cW(YrWdkU7`x^_f7ZTobZbs>HL268b-(^?XG)w}%R#_%O%9OfK$GvqO<`c>AG<oZ
zr$IBRri3F($%k8|QZ0p;?+Jw4no|Jxgou@~QrE=rQjffU3tGlGOk|jjsg%?%VvH`I
zOJEHcX@_dhxB~@47#?-PZTF`5v|QYPf}8^ZBPxO_y<BR8Ts#90Rkb&?z@B@Wo-@)N
zF^i*oQ?jpvY4|wck+KydvQkqrn=uy>^CM2ZUYCZrJsZ>1O!d^VH_;FuJOHPbLmx2M
z4X8PLY5upj!NrRLs0q=k<g*z517r{+Pu&tq-5LO9d>ow**_%0+xal)G3e%Q3)C!xu
zWEkDj5zNE>UlQk(LXW^O^N=|65YEw(bLLUf9+xX&Jb+J(w*L#2)ab2HD!!X<%gmNe
z#tPc#8^CA;={5ZP=)t8Wj6riSiNf@ys&<zk)qNxAF!En5c^%=QmdnvY(vedI<vf~v
zWgG)IeNS<uHm@nnJSEONg>&@!<0wzh71rITfoUoe$0!zH^n+06&8xo~yyAa&9hs)K
zF=Nh3_PSKW?dh1N>Z+x-VT=-<q>%!XIYv*cQdc2|4>RMhG8DxM#{7@>y)n-KRT`7M
zs?T(6M$_CoqWWgQzl77`C{COBQ0wZIy#JNF5j)k^9S9!Kf~%&EOpvG62&L9=F2FZR
zAOSrpaMlPADUhkN7ZRW!6I-}5+W%?=$Vx;_O)Dvd?O5%-uu!MlT(w@6Y0G-LdGN@U
zh%tsQW**(Z>XqwQt=d5v#o>cX;;SKiDg38vP)w_V#XyEg^3+SA)XM=N`(I!cL8@hq
zp-Ht!q;~47PlDpuF<v=D+CP}LPq6RAYM=c9HaL@~Mhc}y4gi}<f#>+CC5!CPSZzED
zZ^KvkqlX>=Jr<@0o$IayA8iNB{~ywpZ}u`O&7|%)7>{0$ek=ILNt@-DF4V;Mf3tw=
z^2q%RCGVt6ZoON%0}5>Uwb)jHHclC6G4Pj5Na5R~1=9~QP`JigSMDjC0uO+0QV(~O
zsJDx>D9Msq2`~*~*&xegz?H6Z`j0HN5gztNzKHvG|5nWOi+ZYl{j+Imm1%vzm`c7a
z_hbDtJn>b@f_(Dcot5LegI4gA!ri7f@<(R+nHiM%&t<@knY(!H&dBK(&QasF<(V%l
z@JK987YRG!QM0vW7nhhjWo;V>Ezq6+Xd#vVKT$^ER?tD<#_MVNo)izJs`v`L1`DjG
zN#XB&4BL*Wfh%jf1jJPDwz%2)YsNeW{3--h-~0oLk=B_RrOviCp66YU_L5cpX10IW
zW6U;m;IfD;2C{UD1*Fby{DqQ)6mH=~#N~31vTp=h8OxH_?gm^3^r~EAXB+zay#OiH
zQwtJ}Q@@V6^raUf)wxAj3>R`Xx)`ni)lpk73%k?%CAEvrMFUc~e)TJ9fqH?mvD%;>
z;L!kZxQ$DXWyOj;m074uA<`KhU#sTu%5+67)gWZgV(coJQ~s01k?9y$Q!B5$*GYgf
zw?V7hP9e*yVMJPVc}!#C2Jy?D%S3|TDCbDheAbV-i}!YM6S0AABy5d<2QyNo!R+X!
zH=~y+=F){0C+t(P&#0Ws@b@EJKdX6sv1$97JugS!<FV%FX@7LgI}NZ8vrS;(lP{TI
z_r>a(qs%*n%f}iP9m2R6WT2YbmBpvjb+C8&&(yS&z87^|d7wwF7v2aM;W#%n!53}n
zty(4WwA-`yc%p{Eq*ME&Oph1d%BpUiU%7|xN8aPHzc!!~1mA=aD7clyHDK^(q^}6o
z^AiLKg0L}O?}hygNt(NKcABG!8>j5+AX(6B-;ssUGkH5Nnz>cWK|=&m!WEN^I)x7{
z`-(9IMN}aZ$U)A&CLFo82k0Q|zV@vL0NTm5P8hE@F)z&b$AQDv!EA<VK{>b!tp--f
z>4JtFfR>!5%xcKffRR&mHZwk-wzZ2Nv)30Dw<*%J$@tpo53dg(6*pPybl#6C?An7w
zhs*3Z(oh$z(Z5m=PdP}}nC@psnXtDQimwp$cW(P5+N%@#>^&ou_8j59wc=I^_$E$q
z`G}5MZ}9yD6%&PiP3FN7i3(c@W#ykNs#*Sl0U8yy9LmZ~I7<E3?<Wm*wT|3(Yd(KC
z(h8BcN-ZTSv*kcd0I2)J(f|pUf%)DiEl)~n0i1OP@2F+zt6e1;@5=Aj?f*usc_z^p
zamH1D5f0aFqa_`D<ehx0;UIe*vU3VZV&djZ3U2}J9+m8ShyQY=CdRvKaU(Eh{r4mS
z%mqF@az1JQR`@hI_(PQKb?D8}o1ar*q&t8q=a%FeixnTI{jYKRJ>pv7hr3`0#4nHZ
zto?oY)a6EXV$3uYqWp_}`H~vdL?W!YCQ{Ev+tZ&|7RebCC$AMmbQ-n9+sciE?|37$
zZ(yU0Q~*L0HG9-dFFL`dkv=-8E7EerwKDwyPP&)c#m~S6?SK0P2jtEf>~9Y-Sr!X0
z>e+ztI8jJfy8kTl4;)Oq%?ufHmCKD-sFWeSSARFv5jz}FDeA<<pNaa}*2N)xS5`|9
zq^Bw(JBIkTRvWjwFqO^khSD{{M+fSQ3lvB{u+uJ^1N)qJVKiZ~WKkwf)061ce(`|@
z-R`xnwQZtI;99;7*Tr}slkW0s3;R6_e2E|>svHlE9V936dGL`nOg;~AYLk2k#zehI
z%3Gvh+s^|HSGG|X=-9(Mg9kiS!A@Abn-5f<P5z$HL@;2Y&T;&ns{w6I592kOUo)c*
zd;UQZmVEiw9_X~Jcarm6&9i(>7pYZxkefG(X&tk_#@k<rbgQNfRn4qh^)`@G`6ve;
zbcBpCS%EH54#fX<*(C=^Rus{Z_inWI+HXM(nU&dW#VzIpyw+cEqHjfU#h!%m{S>|&
ze3O>spr1@AJad7??E+x|N>(sevaKT@JgI#QMBd%0bgoM)j6Ln5E$!QoKqsAdcauiT
zXxm<H7y5|2T6x||RC8DKKag?z_r3Lc>rR*v8OSeECZe};^2y<PU%iw72%PuKh(x%#
zJ1LQ}{NF)j<e-6Kl#p4R?biF^Q~o$vkE%c<AyC725fX3FYt!qP*$YY_(YFPnME_w+
z#7xlml@pKddvg}}ryh-&?CJ_p1d}f%fqni3V=atS=HD7enRVYg$Vb1*Cqi6pep`6A
z^Xea+fy9tSP@IYFxjWEm{O*mpe39Kh{r3UR=W<;(Bq%)KzzR2i9*S>`rO5b=L>@hN
zH;8!mw|UPwk+Q$!QPe!+s*Q8PuFtU^otH%<#Or`Yu6G6Q-KWQri0=U_vES_g9UxiV
zI#H>mPGRxI2mSY5>G)*SZ$U&;yfXf}c;ov^N{h!H(u*I3-!)P=FX?~DU{Mq?dHuOK
z#h%st`sB?kZmA_I&lFPQwwn(6>cA)BZ>@2xyiunnRXdjpcKs=*fRX)0qAPiQ+MU(f
z15`7<tCjp|J4*99HQOg#7Grr)ggn;J6m8S(?`PLYKSF9n6_=U;@5PjCeGSAd3A!1V
ztpH9wPz7;Wg1n_T%Bk9=c2H==(*Czb=m!diS*Vco03_HPX*t7avuQAY>F3HJ%+fC;
z))-?Y@tMZLJ$ENHQkKCSiClWgp}_9n=_@b=EH99cF;LM)781CUNuP`BZg(zQQ|JX?
zs8~A7w-ZdkZaNC<8*1-mdux?}sC(37#Rsb0tB9<=wPJKVzP}GXte^Unv-f>Z1yNsW
zNrjoBOLTY8`dSK6G!voG@6wHu``T*hBjWgM4Uue(`{j?-SJ)yu@ui=_pZ#_9%wE(k
zY6IWK!ZhBE@8{Y{tAwzoRgy&A2WyQ@z2xlSU)KiS@e}Z!%sLs?{)by;Ks=?m2uhN<
z;k`cGJU}A<V@gqJZaUi@$D~s?USKy5E!pr0foUJi=<ElL8sL93r0Z&N_Z!v_>h$|d
zw&71_*LxrQ0rcK{!rVIr8Wp%+V0W&{cjB3~@DLTq#SyMh*)=>y2PH?;cC)+u?k|7;
z17tVO7hKyRx8$@cOfjpoUxRK)Fg5Ij+$H+wn!=nVK$E-kIlj989Q}JKlR2BYx7yY3
zKns;dlX=IL&;D6_5AKNb{lTmd`g!nJ{?96udZtgm?ZN&P8?D{|<tB?vnI#8}=SI<8
z_7~9#^E3MZNpV}O#jiPYj}^b;97lO~bQ7vim(jO74dpUeoPD72flsQ9TcsO~VK4#v
zbqb^>9xA&D0yV?c^#zPWUcd^APNVc%$G7F*rxqg~k;hH;@4K|p7HSPXXtCuoVJ$|1
zW*%c}=R5MqHgND8HSdBJonlh7gI88u5Qi->blZ=cDqdYew?R)lzAw1q;X?(ogX1rx
z-+xRqsrL9~!cb&zNH5l;9{rbO5A@Tk_$thwtL;Jq9XK{eeRaT^8s9s)ur~~PG$Te|
zf>N~OS61I5s;hKnLl4`_gkFso%Ywr5?%GfJ)zMaE5cP|8AZ2@y?xBRSA=vhUZ}Nv6
zsYj;`8vo>lT9Cj)W1t<Hue(s^Ch<s<RBu!4h52?ZZW34WYZka_3?x?VOk+08{rHL+
z3}?yh^QyjGL8sL$dO(hkkL(+}j-p=CQ@HM~cn_x=k6LTYS>OlBqGqD1S;j4F7yFU3
z&XAFDkqTOELi9@eDb=G(6U1yCbw+jiUMd6c(sgYUi@_!Yr-p04U)+(Wx3#b%w%Jtn
za|Ni>JLz&Ee~BMUi8Cc%jeD+-XwMmZ8o*0K{E50k`lwDS8e&B?IQ|~KHXfzFtOTK$
z%r{p@`XO7~zoNtX#KEQaTDb%fBmX7VEY-2YdAwIIZYVc>JA!)iI=k2E0az735R13k
z7qg8ZcAO7PZwO7vpdO?v(h~>H=jE674<t|*S9~OyBCx1_ZbFlKS+ZgsLCr&zzjjjn
z{G$7tsLhqG!cin1$AM_-REYI$gASI7*^sf>S;>OVO|DMX-#<EbSdY;xvpNf+qrOP3
z>vEWDi-hF`&-avy@Mp4V6CLab=)#QiYwm9OgorwU$LcZnjddX$CQvcWl&i<RSOg9{
z#LsK^tD{i=W=bR!^*#K-qJO<Q>_6?^0gy(ftfv*r`rpWeeUBL<8<P<F&N`z0-}Q}A
z^{MVN|8P;vIA=cdqhnO&UzchBe*6`0HQj*Lx2^7$HSpYzj`SnOrbcR>7Vm1O{vY+*
z4}|EAXS_5*sZzFynqTX^USF&*g~M826|46J5)F;kM|xso(}{Mp;nC5X9O6h!6bx=*
zlx%30{0~7sr=X#{?1UQAO7&H>?Ml&AhfkKR7SDA*t(>jcBO2omo8zF-@hChoHk>l^
zCiX+|v-^I)TwZ4*s0VulNJU>yM7o|-=GyB@^5w*$A9VYvg8hvB?#-ckHt}e^4j~8E
z>evwFhEBAYGCu2%Qk`<_$Lu|8R!H?vWz=21na^DYI+6#DY~!#~^}PO3ABmLpKi3GW
zhQ1$jXSt?nmFBlc|1;&2nmF!Y(CM!Z8X?d^e}A%6^sJ9H=*#<n4U7KHb5<S0Rl~VA
zhm6_8N)^Q1q+}LcT$a^rm4!N#>+%f`T)U21poLlo-9{C0x|sT@is)b>H$V4$3qN(4
z`k@WXylZSB%kJm?uZUmNqQCxvM89(6tt9;BLAl7d)9j@}LJ}Q8{BE2ei}cFVR^z0<
zYWivWWjio1X{S3Z!#AbmVl-jn(MD(V$7!yic%)DVP^ZI!n`_K`x0|lwwp3{Thceqa
zel~I05zHjU!vFi%`ojna{mf%%hAe|W;`kpOkxH9O?^nH|RlS?~LTpF!%JVY`i9=pL
z<!^Mx5LosFY+G8Wi1Fg@rY+*BMI<q|I&0^fM+$?8^7E4%Oe;)^ivFSwa#msvE}+?N
z;6H=K0~wveyPrS(g}O-pWEfsZMFV`q33L8jV{*rT)WkgeTG~HfN?i6|(mi)Y^c(wW
z52nHsb<o#)rDU<D8pM9zMK;M!Jj=-&Bs<!PKUF8BBr*EPLl@jV1Z!W&%9-Iy%4<wi
ze-H00riBdsWJlqN=S}xKz5@lb9KmR1xx2j5t!m70Bea#L{u6SH1W9OGs@`f@vLWG>
zXX7y@;#%*|(+p7>p|5VvH3?SEKlir=LSbIdTfjf2Hc0U}{!F>fJZv`iQ_WgLSC*HF
zw>!1$s3~Q$wjml-g)vy8uLf>ffDi>Yf9Oyy?k{%pcP_N>=ghR?w7`vk68{g=7Q?rH
zvuw6B8y<lF<<r*@J7!~z02}e~_BLmpbW5qU!4RBf!NgzZ0q{LINcN5zB_(%<$5t?n
zo2z|%C{DXVaMVh#U7YvEm-uRBUwWYg9sKqXH~F8Acac(b{1Gg#>6K-&6@C+X-*$_e
ze-Jdf0jV|E<}$FfpXtA1p<PK_ETfw^erMbHHAKGFzed}3YeLsuxe3X+vTaK^bjldf
zo+q)nIfLsmCluCSM+Z^$DGXdl&$}&M%%6t%$%Ms|krlnlX`J8uVb1#UeYT++c#PeF
zPDkwwZQ6q$pz0iekM~Wvv|l}i<>C8(ajE|H(4JtC?*wi7`Y#(B)q9;AwFXka)wx*N
zVuOORRmK7bSGnnK_c)r*J`bAE-_ygLgs!c)p&v~~!GRVOed7CSYyQLNZZL)Em>kp)
zpJ@lYZ0^H{NN5-~lF*OePVkn@2@<jYD#B81q}E=PMkdc-QZ2l3ef}IL>O$|IbdoRG
zLT8ZrRb5iDMoyQl-G$ZrZ)c)y82rA3SC(tU+AC};^tp&=tLl%f&o}o+4^sx*pA_g<
z!DndS+cV;RU5bpX(dT+H-+vw1e4zQyY?&x?gD8!hZ4xK|PsTle&H0b~yHzvJy7jBP
zF<9uAdab<oZX+EjE~Z^X8-&_}RI9YPKL(6&t=riqI_lxk;F|!`H=aEXc=vm=&YU1w
z23-_2sTS%2EJVZq!c7z7Pym?^;(*s8>*j-pOK?W3&ce29Shcg>s@v<Ap136|bGJ)&
z!utJeIE4bL_#02VZn^30kYl$!S^kRd$Kq4nFY)!~_#tgSNFo|34oOKT^G9qDZ}V3L
zQ~pd*yyj+aUDTUT$c^@G;#kMctaBUBY85X;SB`@6#{nhB{Ce>AA)z{>wm^_s9<)JP
z$6kqp3pOznx4N(#!*d885nKbk_d8=acMEA7#Oq-_L7Eo)9p`x|V$z6tm?qQnx>e@7
z?dreexXhO8Lsl)?hACx0a<G>ICHY<K<Tccl?E-fsxy@wXb=;)29WfV1<&hcmt4M|N
z(DiD|;9%K~XPffCDT>;}o|T5W!vC2@jW=oc))F=?Wh0Rf1loVJ@KzYC4XjqP((23y
zCWT2;5^EDst+LW&#_gG~V%jFX|3@$E@<Jv5xVZp)XRcjptR1<sMTN+~VFU@*cDqh+
z5yJKU+ItmU30OFtIScx2CdW4nDqpzWwGz&f=j}c%@iH=FwW`AZhD}=ED^a1H`aShC
zwmi0jE-%t@_~;@AZB?dW>g=O=XIP>3;5N9nAk%D!W0<2my>Q+)x2rP8mw(r=FF|nF
zX#V^>6b5~gUhqYQqTX=frLyn<Z<{+#NT%K*=rUMn7nm}?2jXClN{>$i9a!b5ld;k=
zc6(S}Z+&gALi?-$2sCH*W#47*q_4Hm_4p>v{b4jCyMBWW_Ys}p;_qc{;2CnYXt=hU
z?T$+;-;29tNTDrv<geE3xm5PurrU_}NF1tn->9UT(jfKif{bL9uVO0DoTGDJX%;z%
z1n}=tOYhjQRA9zU!%(QOUu4ALNY!hN1bw*<IlZ6neLM5Kk$NRx%G^4KrWWi|zJzfy
zW}L4rljLI`TOU>UH12jJz&{>i;?6T&7z{Z=-f1%}brB@od4H$s)}AbSu+eTi$5_Ux
z*jjvlKn$YwyW=k1SjT)kV7#ze_xwEPlO~EV;m2oEoT_*^{^yb0^QYBpRu?qIM0r3*
zv~V`+3_~>6h8MVdK3l%nA3fY^fp_uu$_H`H_iIg^u*9yL&y=(q?vqCYi0<=C$#|4#
znW@g`b-5@G=HZiSREIx$1gNm}(UojCUJV}i_A$p^<HY@88SDn`{9FmhH^?Npa<tJn
z+1RnwJgn4Ls_c;I@bDc9sMM}GUqhr#f$Y1TC)uJ;*@}MHJr7W-aa=+)*^+IA;!-Er
z`jml*Ltxw!%y;abfusp;uDg>%4M)cfO(8J$9MzMYGlc0HnWmyr8nB02RW{X?=IiA7
z8A4*!T*IXMu1?*L)9m*F*Mj{oLKfT-^#T0Jwv#8h;B`fC_{-4h`zB6S5l=5S^oV}O
z)=zz|yV*!jof0)-*54ewd9&fOE-g!L@T)qx7KYn`RbkJ-56mTI>?D&Co|snh!6rHO
z-yGI)RL+!i94-)B;kV8Ot0Q7^E&OK)HGeWvq6dGEbRa#|OVlWHerU2GVZL|OVH1l#
z%kd>;PJ4_^5w=5*(6*FoY2L8B!#uo2>;E*8yP8L?a;96aH%O;um?N`6P_Qar-C6vl
zr5SfZ^g}Ka1tFA3=2ld0#7|~^i?j6HhujY$*K%6ZiCv(#%AZR4Zt4WB-+_PTo<ikJ
zL_Pdn>3IO}6BXSapFMibma+=lna{^AqN$Wuni~p)Vy%l`2y(H&9r>bjGW5-Rp}*NO
zW8yj12P&;?VJ8TjLxFRBKOL_<TF;`9nTI^?=4<tP&U4|3ikJFGB2gRo{^;#)zfm`6
zh+%7pb{?De%YhqhGbk@SPlCanuIpEf#@bzgzRzg2oy$0RovW{F`qV4K(Caj$hl=``
zry)liDL-liXcJ=hh49<vHB{}kOX!|##vRY3MTe!ufOlq5#_QIu%k{8GjCEH`;JRyh
z$qC`;)3J7PRit?j`PO2ujxXqqb}^aPp9xW!33(Le2fmbfwx6|h+_@*-V>?uIB&KbQ
z31;O0swOtt^B{n5R~rkgL-xtw2NZTz8GI=P9n+lEj~aIANfZx=5Aw(9GbL`D3~7i9
zKM6u;oRPX(Kfmxqd!Zyd0&68)EQX(=X`j@o8TNWy0piEfW_!<RvP0qM>B+q*ovFj`
z#<?z^PRh6Yz{-n=+n!M-0cIREiK8wqlhFd+hdA2=XB;e+Gnazrx*8LL`48g=jiskF
zCT*ePQ2}Efc+q3i?tKB71`3{lWgHWd&F`$jGd=~#OeC96H5``yFc#HGu8UzZG=qfk
z1of1FY&{1w>yt1HqO=U-2?n450h2ysOq~nSZ2DYVQ-6@_AF};bdn8L?%4mefON+xB
zip*W%e~tG5i{-VBV8jD`g*HerCx_*#u>6egKEoH1(<3Gk)4h-WrUZVY8FOu7Z<r?_
zl2HWQ^hoh+wJt;tBAx!^rX4;Q$Vw29|7SxMP0pWRIx>yB1@AZ=tTzm)D{3Zx&#TFH
z1*=*jEv-|*mc8V9%7JF;_KKMBGx4?fO?xv59F1g7U-0Wvd)zKRy@n(D^fcn6VfDFC
z_y#KUxpAS3ZaVmV7oD@4aKz=7AiaYa^A_ZO3ZmK6yNBoZ%brH5=Cg+Ji#yi_e!=So
zv5(~z>D=THZ_|xxP_b4tuI-PXs0VLKt>4YxJbNA9VA|dSEZMJEEt7hF-<c-q@c2!&
z(=$7JdNgMlE>3K@)c^KCqhipBn1r2orZi5NwXC3T)}Ku{OxITfBE2EQ4*FcAkhK;p
z0ael>)xDi~Hv4#96Nyr2a66RhB_>U^{F||Ha}-w5_1X@Z6XT}=*4s}LtcuIo%rV@(
zpwIgkyrKJhU<K21CeU}nVvO#v*$O~K&o>seU5>!pla!`EexVBiTjznW_3=<BjtJN^
zXrs-ULO&Q$P97?Oszeb6WkQJDf3B-6oUDOTZQ$f_v$cwqntcgKiCc;M=lFB%-*Z@Y
zGV&DHBzAz|2a;}Y5+!*)rOcpNA=2WtT0oyG=GCi?2E8aSE3f$!+ZKE*_N^SRPre(N
zr!d2wX*Rv<T__^-l4<7w(TBDT7eh9oQJvj%EXYJ9#DA-ihy0~$(o6vXe)R(?JY~ZM
zb4|k|PA-PrFl%#h3vy>_lS}LkobB)^6L{Gt4GRKa%SEpZ?S&ItiyhxsAVgRZx_Yr#
zYAr9>7_{h05fQ3!CCn_r*Rt``-VF;a;fI2p?V~8sDlz4XIF{D?GVTi>)xeGD!34JM
zb465tNAe4w*`N(u9*a${Xx;^SJM>G!K(iZNzG^_948rhG*Hz=<rOWHxD=r4qvo}`T
z=#Xqg+S806BsJzRT9<U@uZU9)1g6N&UTGz0hRn|NJfp>Vk45a1;)x4gxm7lKvrysA
z`UQ}Ybf0&aQ9Ndo$>!5mkQUB2)>Zvri3lxDvGdhm=EK`cp#>QK8;tpC`?v<8`$AK-
z@|Kn(!MwoF^c|BAVLRjT%w#KepHW20_oU2)D+*!Rcj7Nrwhulo+E1|JuDy2l4^aTH
z#QIxWP*q@_+%LL%_tR}3SC$ApxnVXGs^_>-Az6qJt;s=Q1&z=I^AgL;uLZFr@R<*l
zD<8{}Xx>Ee1F<9Ow5!Ij0jHjAS(zg~8$2c{TUf8Ry9i3vyO;C5*0yRIq<k$JGMe`5
zB<b&UNvB{ljFAD#D$K<FyS~l&vG|vr@;fH(S22;A!e_sF!7kir4!E3G`9E$s?^YP-
zp~iJVYMy0W^iRL_xOlOURS6QvX-SUq;Z1Hf_9b{rvSt#4lI_>O?t59f@8HemhM4;7
z^5JcKBNV=i=Igkl|3ck}EroxNN|7!)UPpGGk-_LV%d@beg?C_|ZgmIJ#XA>miok$t
z%rm1IXkAXrwM_Dv5H#7t1joeK*5*wqBFGYa^YFTtLT?lsoj@tyw``G2XZ7{1a=M$4
zF>)Lq4Q$b^9t~KiES&`rb>f!AHXokQy2B1=S^#nxahykN#DiY%G6;6ASvQ6qNSFzl
zh~!YdyhPpPLlpFtyc9Oay!}&FgZFk_c$Lw)(gwV%#hNcHYnwRUdEKmPaD@pA@$6aM
z0#6Vo<^e;ib$8oxfSwJK4mME{3v-SmCYOp$9>lIDk_#)a243&A4~ra3H7f=Zw{tJf
z8xho8MCpr@*3d#O#a79Te$C5$@p(8`?vdCw1Rso9PJ^xcCH;8roPue~_T-cM*)Wr|
z$s2CPrLQKKNxxm{{m9Z#CcsHFP(&`}#j@Mp2^%~B*0cYKQ?0`Xdu9I|T2J~l+)A8D
z2KGBcl$W+ce;r3kNWe#bJt~9qtZze|(WWd%leq?$@PZF_V`f~M15W}<EW0mrcqRwD
z<>=xI^7Aw%VrarYXEm{DD|7M*49*K4%=r2}6H@I9KkX>7yv*3(L8rXQ<Zr{ph`QRy
z`{srOLc$Ohsmjo%aYUkQ_yZC=TqiZ~G~s{D%Dh#qI{mk5Pdg1uzd*5hKD@M*Nt|F9
zWvXMFkYC7^ak@s0LG*Pc6inZ<P_78#!%Ll2Gw~ub^_KZBh~M!GP&sv_gu9n$_BaQR
zlBy^^t$ns4k6H1udAM)4>-@$WA!BN$<OTb3H%~gI`Q#WY>VLOJ?gKk%;k_fxplSs7
zdpi7ce|`Fce^6k`_+%EvUV$<MXI4an!DV(vJv;g!i?u%fM6IDQ`WmC+8YgGo2vjCQ
z=Hw@Qr4KKPQ6}Jl6XwQfT;?bM^ysT}4SOl$izlTzOghTMP|i=o>+2;P_dXH`qRwcy
zw5VM#vUYx5t*mP@Hfg_K{fTnkf~`R2z@5sb7uo<&AU6&b<R*2p&@xuaMHb*5<0z*8
zHI`}k+?W}Cm1g`Bi>2*&4#_@yJLz2hE$l$RJI&dJ4w*e=Ft|^@e^^r^_>k=LlZOKy
z(|s9Q4cXw_w}fU&r89j+Xr3_*YM?A;NmuWN@X4>UD=cJYb|%dt*X|2P8!dm!c75E;
z_C<I$H;o;|p!k6S4Y-~f;4d4*nwH#eOcRtHBVDBt{HFK4Fs%ITN`LrH0)L_>NxKTR
zN$>phHJ$8Rfrd-<bfk%Pvl$Yc5jjuw!oWUrCl^zqh|u8S7Zh-Gva&|d;qd!s0dRP7
zKp7H#SRkPV8dYow+9hx=xvi*8L{j&f2w>5U3(joUI)6;Twf)pZG6Y?T$GN{|ZpngO
zeM`ut+scfC)*7edR?W}!`XUmLald`_5fQ=y+7ZpZpIF)5C9wxY+1)Lq-TQi<2U2Gy
zWk%b-T*sZgr^k7ztICADdeq0lnr~51Eny~k^$->g6nY0d!%JhLH82^@yR@<4=MqEF
zUWt#2G(ta;XM25!IFPdH*`-67r<m2GO=(FAh7o2;?r0#qLjJ-j=1OF9YJ|Aim7t_0
zHM0@YbY2E-7*23rd~3@)G9@a@uv#g!-L_@P;xXpu-%$!{=r|ckOChIB2QF8u_%sqC
z(^Uj<xHu3nuZWV#^IOG&4v#+jW5a1b<Qzn$(tkNx$ODKIt_XaiXnBTQy~BJg-b}g&
zdP*P>1p4^M#U4&%K^x$5PooH<i`bSLQN-=i?)}GecDu*y)W5t)3zlYvR25FmiTR?;
zu8GMf^Wy?#z~1LR&#h1G(N&!vTXV`qD?^^&EVzN$)oDsOJLZzkK8jX8DAx>k_BpM)
zZA^c}Yv5EtqDP~|II27^(>W&g=YQi##^ghqprM}FK_l<m%CZ<eR#gw-Z@}UxZfn#G
ziZJcfl^)~}mh(Q+>re2O>W%T>C=N%>O6ASZ-)Ksb9?>E=+!yjul-En!YG%u;QOBll
zY%afmVcusC{qvv}P>rqlN7I5(P;@ul)u8DqoWh_?wp_m`Wny20vD=9;HOyD&sLCs<
z89P}+hOAn2V}CW{YT#Rm>~<_t=txj0nWm@oLU}KCTVf0!t3u+uU_ZIONqs;{?F09!
z(`aCUV?~L%?wq#LqxP##lpm@p5BGIA=+OdHb<)MAsI$@m@zm*E%0$-TtKtc75$Juw
zt^7x0;1vEoY)l7OXc$U(FMkRQ3t$Cs?3p{>g13E|=oD4TvReYPH@dsNt&Uzq5i+)r
ztkOlu!Haqgc+Jlli>tK-aSgq0>M;R%Wv<>ksi};;;_W1&ir)co%q5>f`^1WtQ$>^Y
zveoMYEx&!dPWA^;YPmNHmv=qQbSyoZU1$KFJ|7n2X{w<1Pno-|=~eELS~DS%-c!=z
zFHAFf#afw;`FV@U?mpPp(2EaMo%HSTsgxPLr+y8%@n0#ve#-`Y?CHXF&r0FUj@09?
z$Bi#lO0*?koaik1&C`M#@8G~DAy5Smu&yjV5>=Y_RBfE{`Ikuq?<Zd=$q@PROgZd%
zto7TrvPhv2c}SAm`^G+^h+5HgZ6xqCZJb7^66wn*aVIhOPoy5pi`=nTBqD{9d_H(v
zgxD#ZOsS@%Q_|0iC*gI{hiK)iQ~r;IZ5E?BKLswnyS2~z$Dz7}VwgrNjbweB=7~aX
z^HwpVK;9PJ`ms-0`^VjZ_D6C`oua<Vf=f+in6ZN%S$a>}Sz}dE$u0h7tCKjP2e!tH
z!fS@#AnO_HqeEq^5_RJ9=`k49q3ca6g%9lL)xYA4O-G%S2CfHEMIS#+UHQZ<QgsDQ
zu;Ug;uZu|@NSuw+#GQ=O6*Z!aKSuxfMa7KK)pdwvdtCxPgy_46^i9IneIK;rA2TIF
z<i&e-RB^*8T0Td0BsM%69Cr^dr3KP6I&;})ZV6J@_inZ1e_tVQK<$(0&bL_Dw>47r
z_41!;&bZrx5Q<f<l;F^;SY@lh6_3XA^WcfCexwV$T$ND1*#=pL%V+FNiCu1Sm4<Kk
z0XOCDgI~OxPc#wj?tGO#y}RpLOKX;fW?5!oLAH0r`MJ*f$wgL!k~15bXC%L5DL`Ae
zRwu3R!(yKVJuo9AgJdn8;k_Qz%{t~Ar4QV~iRmfa-gC%cOPPXCV)hGjmXcXmy019o
zCCbinHDYr?$+$(qH%{+J)Y0wNVvb$C>U470I(=TH<cXa#wlbu0FMKN0{TF~9$m;qg
zQWNT>-|jJR`E}u{`BNz5OM5E1TsvsM6+5gC5~N6D(wVu^GM(*akoV;L=9aEW`_gjr
zE>Ze)t+XzU(w@CJqcOgU_AVXoD86eEh1Nnld0S>j=Opn{6-xujV(G&rrS&NzUU0Vf
z@mDB@-ekL(=Yzgs8LxHo+9ua%+q;SwH~n_9KDTAGny~RHuE97PTulC8FXFs|D;qLg
zN3=^UsdKPWF|@(e>65S~zAd%a!u}!@*5nx1!PiOFbk82)!A<k)lWP*yx+xY<V#{IY
zZIqa(R6rM$JJ0(Jy1V?CDeg8~f2I6o*^T;(j}bux9E15Tz!9nDf?}KdWyYa06?$&S
z;=g)cu^|OcsbYD#tuJqn|DvrR$ZWgJh}VT3I;ea@(ZP64=c0Jpw);DiFX(Rwp$}E#
zJ!TEMDDR#Bz}-owCx2o?+yQcbJa`+t2?@x*b+xL5hw8z}JJxGdE;p3!IHo8L<N&}=
zD&Zqda)4U?ATQkKifaY-ijB8P9t?`Ad>lUY(BE4Jb8r8Yr-s%pMGrOGZJ^LPA_aV>
zWs+wcs?~DtLNGrThQ8eyS```kyj1gO##Ystc2=xthAX```|Y0Nhm(WbE*DkdrXX|g
zu#GlVY6|a@2A(K&Vc7k_l2~g9WYsi<;<i0Ywl_1y{QIOh=VqTDL^;YN$G?Ii_H{Z4
zS8m;)E3y4Kb4c&dCsc%vXi>_4@;M=IQQl>3$W1W*7(O7H`{PHz+H_(v0e{fpBSFE%
zVouNSW#*yCKD}J1b(URT&29-36rbNw<-S|Il$^2yZCqr?tL|8F{o?+1L&0^+gEyoS
z?7TuggSi`w1)HAock^P$szMg#4^(@gwPx?vI#Bgevb&zIEn$U->*cgG8w}IPV-G-;
z;<wTv6T|3yNl!vf&ps|!>#=Tjy&gYYuO?z?u8N1Afn&4i2e$OEA5^2%G5qdL!_k7R
zZm~{o&Vl7zo8Heysx;1%cwyf&#dnp;u(EacZ=03q_=6s-k}vgqVMR`3>ShXIg5w?u
z*Dsh8+Tjr!X$WrZcK*}7JLO-H2F)ntiguh!E#iJc)lRkMyFD&>8C<XCEvn7?r$u8D
z!7``DH&*nJB6Q5wmWu}5R?;uRB+T(lw#7S>i46p41DmAMC0iYVF+ql^6)lx9JgDM7
z8YFMLw1tpIS{2CVZtAj=2UYY3xo9S%!j&RbpZK<}l3fM8r{rV$S|a^#DI{*xINdgi
zY)3nh@4&;cG|L94a0UvA-Adjs$1oNV8K7DFk(<9s{<2oBms%PMQEIdF;aZ%Lt$@6L
zU5A@dJ<hK#0zfSj9su?@Amo)pD<uB49*12OkUJ_iYkcGygA$Ji__X$hww!-qD>;_t
z%m)!B%NIyW`2rS7!J!pW%XZ5T@I=W}Q+Ah&UNC-gCdbW>#3^PZg>XQeTT{=Z+z!9G
zJIyo_%UKlYA{5xV37M$?exGKwrx!x3QxB)q^Ch2WV+hkF-O@Yo`+9gwaZ0`mtv2EJ
zl?McG)FDdwJFN(93Ta@|3(fhR%7_a8tl$78GuhGmu!f5LR7)Qk-r-AvGNyMqQPK$p
z6zKpW*WqQp;q4@Mg;@@jC(qMD&fWP+YM6sIGWwEfTf8@$I5e}5a%7-*Ect~#uwI_6
zlh{su88o2i3|W%GD(8-uU_D=JAxMP(JGe4ae#MX#gujGLDa266Y;$Ha^5*<@i*(HN
zuOHfO-rZEmM#>oR=>f>7U=tt(jnjgn?U0^S<M)Nh3^*yJHcmengxH%ttdFj<j2jW)
zs_Og53>uw*>Cx`*nK;u$dj!x1*QM*PIHv8L8RkcNU+NkK?j>ZdR=>I}My_OlwZZ`u
z;y^aEu39RoO7O;EvXw5d!aY9;$H<kcK!{!j@~tiWaH<9OG&7tGV$_j+_{|F^Z+SZl
z`=&D-3I3OLVRcY0G&vGy(hecfXQi3-Ers|hKN`%i0-ZDc1#DmA8%;6q9vIagBx1uC
zJl+_6T+QE_{mYI{NI|LC&$Y1zXI?b|2S-pRyzDPdTpe5?{FijhE~&B`X*e_!{%T$i
z<cRGz7wlTNw2n{;znLAW@X|7`n@}=4D4!}I>}cRvQ7Sx5#d>3PLo2*L*@}7wucEgK
z5{dI~AfQO{>NJLsQqiq?)8jI!1_y&e+-*NF;P3|?;PfR7r(T~h+dZH6^xxf;PM+jE
zfBs%z<A%Qc&ilwa+%#FpxAY-Rni28`<bs|%-~NzWH&Hhhx~<NoCXl~oMNFcB=&+aW
z(*~zn8*amn&V7*M%oSyh)Ih_<(}^7T?@Lov5qvyq8gAm(a3AFa_lYfnS730cIDMGD
zCs<7_jlF&L5{;M`{b#6)VY0O`)pVx)&NB5y#AWlvlOeW_yA`VAUs@H}*d%Xq(*@7d
zc_su{KH6l>Kll1uzN7O-!vmb@;^rNEF$J9I<K~^dyI`+E;dBanlm|p<OyBVZ%8K;`
zv5v?_>PgE8r>lA~bsYGh3n<s=`;u9t2R965V@w=_Wy0=7<XvA&J?-d8A11S%$<a7Z
zcR;ZZd{B`_c5SC6*ou5i$<^48OS?Mq{QL8ubklXxeaVYuThhZBxg<PD4NjeRTUAx?
zgbvSmaUJAHI#9_A@DXWb<yhzfEOcQ$$g2H3e0;8Y{R@lh)m1d{pAiouSGHmy7$qQF
zbp6lHMwL`J`YGo?m%kg;g<?HUjtW3z<GEL0m$amsV%pe;AtKIuK*+8P#n}-3A_p^Y
zX#TkYC*yqT(h(uPGLp`9`kv*e4s&!^@22BxtuoSZjN9Ve9!d=3@44Hrt^hu5rHlN-
z1JEva4DG!o<JONj8}jlq<6@N+cJu4Me<o=|Zea<Cx?8GQ_jmp!TL(wP>f4;L<<a@e
zQskP(oV^7xN*u*jd;-vQ>vl%$0Cp2aP0hIu?(t5Y3j?Pjg!ppcV!=VlB=l&(xN7EB
zmi6*+H`=6JZ01nNPP2Zp?(d}Wq}a`)xXjynx=%R~4M48D$B?gh(Q68G{wV2rImw#}
zn{xx7KkBzJ$u2<5Hk^?J&T+fwXy^GWxqiHig``}-yxkZgx;{qf|42IaQ~`UY;Xf<Q
z<2~PHnjV4^k2U`v0JA_$zYS4y=c56-j@<_TXzrZcpOFGA(N7707?@@}cMb(W6w|=p
zKL8@Xi}}mBbJd5W&6Ez{(QKBqnICZZ0!Tlz;A?o4>Vl%<3TyFm2aqd)tl3WO?&|71
zJjVPffoQ{Drde0ChfZ%$ZTKr9>k7F8Cu^Sp!uq668PsH@v1O&P)n!WG)|#0z25L3S
zcQKOVOqZ}`p9MfHoMWunrvVV1CC2NnF9XKwu2liD?ozeg#ehwmOSQT<TB{Xqy8hZg
zVyLqW#^X;Ym5e`MM8{A*)hYPpKZ~KIy%@>!C(+|R?Bg4a^|&_xVzCAM%h!R(t^Mm5
zDy4e>dAr@H$3<Xs-c5Bd>DHl-()somv@dEf*1_6HbnvW-)}a&C!Sne))1kgABNZMe
zI$RzA(J{_ghs$tWOplI>AVl{?4u<qaH!$S>Uw>V^^iW7Y(~ri>NCs?{ce+NN-)R?l
zey8(8AbF0Gdc_Ao#2N+bji2F(3xJq>DfxYzg$2gX@U+v#sJ5S+JcLK0a}nZBbqVi>
zzn$HM-d7>d#@}^PS%&@lN-yyDU`W64^*Rvwxujpnx`q09s&T)NOZWf$pLBIi?h#{s
z`4jOoT&!6ew1-a1*3mJ?7Fin{$Nd7`W65O5xMPjcFSHtqOc?{UV^RJ!j8u4t=={Mt
z5QF)~W6}HTKy=>D819X)T4&rZe6lWDb5(ELuW84ol2mY3tKTOKriSMlLHqKwLV&C$
zHpO=lM9-tO&y1{~&y&8ijywnT_4lbRX(IK<?Yi-w{wDdU|8{k~G_m!b+BH;bZU`f3
z?G5SBa&I>L%+J-DJvHkg;y3=rXutJc2ciQp;pg+Q-@a=Pa@Fmm|NeRINUu?wY|BqI
zQy9syo%m_wIuHZ5s(wm|@>A|Q5T)A~!)I=9h~cN}sGqcRxkkFbuk};zMc|x9{dDk&
zt}d4TeR@$>m%%-4;#>9kvpuP<%h!>1ERCf8*{a)%nM~(r&vkW8-eue$F5W@(cDx8t
z<L8dGbPrSf|LYI6Yb&h1UE4?g1QHh@+W)u~MBZ-PM;=)VqH~b(*!k;PW9|R9mOO*5
z?~`!5HM(#7E#{1IuX^9w*!PXGKCzy~-n=&Uee88>V?T@i`P$g`#y?#f``ItwS`dS*
z?JvKx6#lOHtzBJK8fSBF>FSE7e=ofy5`Tkkj=e5uiNCK>UC*oqaWL@V^~p<Dk{B$%
z>sr~PiNOXukE44)*-vzJJ$NEI4#VrAFH*zbyY2f0?yF$V;7+BlY4_mOSnc~ciPgdb
z;Iz?L<x`+jPa3P9ui-D|dRa}2<DpZ^l)h1Y`(jhZK%+U|;`St#XVF-mWy05XADB#I
z*_O-6&i0HH^paTakNt3IbS$gSXkWD!L@~=amWRcN<*c=>`+I#H_xM?HPEZs(_Cr0}
z#rFoi_YR+=x-KDY0lh+=w{LkS%&2`hZ*-&1SMVrVeWuDDd0t9CH|t9CE}rB@nOE?r
zt`F1qODov^Dj&{Mjoc`Y=K1(<<gq&4sP1xd{o7XZ{S|dAE&2+?U^2+iPVu*+-+?z`
z%W}Dq{|XYP-=0(K@D+%T97e)+)O)kq`?BiuFsCl(k$96Ey<r7gTXig+;zs*v`Ah!d
zT4|~qoubz+#Mj2C11{qwtkcb84TZ12yM>?Jr_TI}uK$u0e=D0EK-SKs6TzTfx@%Ow
zDoG$0-A31LSCIMlC@a`L`;v?|jw>0dEk<owvu<;vQtIzPR<JEaxh>Be-usp2nZuE0
znZM2~J1%FU-eYr$-rF17q}Z3<70G*>Ht#^Q%nvrp!OM*EK8o`Wi{zcC&6{SH`R-=f
z6C>}(O^V%a6jNnx<nK@Xc-=Y0zVymS`8nG1dzxjww^`=;8J9mqR_setB6%~lc@xbt
z-`*@kjJ$W_ygMV$aHeYW?v0cA195VoFB5)NLYp7weG})M7qOeD%{$C2^Zzo-d|zX`
zdt}AF@0-Z`h|YcqVinC>^-Y`{_#sZ_V%Uv4qu7^*B6a@dOO4$#aWWr@lOcxP@i^~o
zkve~`%{$I4^ApT+Ak#SSn>g=J5xYCJd4G<R`QPGXKGV3)d(Ifgz~pQmHC#gW=QcHy
zYmEAz&VzZ>kWH>z)2!H+UKe5bKwFP~W|_azEC(+&X1M&UVqbbP!tjPR@5wlsZ;X>Y
zG4kGfHg^49%HmN&2U5SKxPCn&^?O2V<6^VSr<i5OCB`<6;rb;;@;<1|Yck7xyjc$R
zGS1rt+g%@FyHlHYYn;sQjFUaRjQunI9C^M<UB@0-L!LVhuW=VEek1Om*x2L6sVp89
zrx86SHY@gu_MAMw2O~*|x;cgB*<Yjad-Rv&+22#FjXa-V${2Wh4ehg!hWxSmey?c}
zQlEvnH34kcenq$Qw||L&{e#p#R~Os<tUujIeFkNC0@%K6&&kcH#J=`k*k9R?GqAsU
z4Sl}rm)Q0fA9N%2*^h3Ne`w12^B-N)+Ws=i?`e*0zi-fu)cgMD;tBtw7oR`>Mg#i~
zQT`w(G41D3_OYAY=zD7a%l7AQ|Gx(I3#fgEIkx?(tBCzskGauT)P8f~`P+ZOz<v(3
zUucbO-+IQ4)cebC#7DPN!+V5_+^C(I*3*3c^_*%@&vt4(?QQ5ZfYj0IccZyfr)x~-
zZ-1D9{a?SJ_A_GJADgrYsrTpd)i@2odD~Aju)l-a_w;HbPAPx&+io;SjngydZ~x2}
zt?hqE?Q>VfwqIT6MtL+&lH*A~AveN#_Y>b3*njp5+D~T3wqHv5XMNyC^=8^n)t|rp
zFAVJ8OYIkqif#Y+PB&8b$7`tl`M;mP{nrfakEixMV`AI4P}|<G+-N1WUvc96?LVTo
z-yS+$LG3&4F}7c-_EE)dB$~li<)gp7J3cq+yA!2bBi}6w&o$<b^aki}VrLFYjeNhT
zn5^ONs))U>-8qX#`$BFs?u=s3dym??BidehRcm`ZeYbb{RS|n7_Y->)+OYT1ARdXo
zy3v(q6noX%)LwS9y{gTv?Qx$_zRNXy_Y!*p+pxEPAdjRPH@cY4ceQEKi*B^PKaY~m
zDE6Y|v@U(4>tfm1x-Jl)@AvK#smqEYQkM>GX+4NX&hOmlcUiI5y-w|Qinf=z-oUpT
z>HDQGiP-CL2eDWGd2D;d>)mMbKpxe|ioNI+YOgx_dpLOk1K+B@@8{6)O(*sawqZ}4
z??(Ht;?Zi%CsKQJqWOx}8u)f6<?E*5yN%de(}unMgLstH=ti$&zA|FZwm+J$^vlS*
zVO#uHL-|ruBkyOQO6)Cf!(Nu#jXL+|(L&7kEaj7<?UjFFpyxO0`~Nk31;pN>w(NcC
zM*9cwXa?q6LhVh_wUy5e;`2w!cd^EQ`NZDLHtbEtYlMVFXbk3iirTByeQ#@(L45v?
z@^#Sg-AL?R--f-0<!&^20FN${qt~K1?ZIpw7566Vm0p<NP3x1ZYoAi<`UFo>{zMJ`
z^`t(1+TtI?qlTkylz{mkr}lo0=Fj}BwY@@_@+WBc^N78qw%SX%8@)7u5C0a-Qg>vH
z`Q7K5bs{p${7q&#uo?{4nDwU>d+B^y*KWGD_EGD)I^xN9qUxAPT`NbDx&~Lb(Qgmr
zk!_nB1)3DQWgfL>){RRa82BQQ*eeQkX|b0(g4o;GhP{0iZq#`okN(@F*h?Rv_P)}!
zHJ^dKt0>=@h`q|IiM{gG#`jUg``zfJt9Z1yNwG`s=C<qsJ@Pr-!*0jP<#(B7&wXZ@
z`_R}A?3vhm5tE1T$mU#x=3qZR7xDA$T0c)U%lvI-89p#Be_{ByP$GNqKdh$DkH$ss
z1!(s_UvK$-HOaGw<^lHa<RSaf8`V7DhyJ#m)ih5)iJj+dogJT==a4RsZjXNKKpvHE
zaiinCn7;ei=rUeaH8~jD?wdNh&!~I{+RoF~dd>TU8|C$<`~SK+6|3df{QWx3q<ISW
z{QW#rRsD9w&g0YN8Bg;#cK)3_#J8NvlcxBMu7837+i5n%7oN8-18J3R-W+ug%wXR9
z!D<k*!t>^oaNIYtb|0Stoo-uA=k9$Je`6A{7qxDjun5)Vkoof_Q*@n^X`Q(fu{j@O
z$Xq}5#q*!*FI?Svu0N30H?TM4SCT+B+>`3O2$j>d?kl=F|Fnw6^0C-;o~856A({t{
zww(vBX}b#Nzoxy`fU{{8UDN&&oAY?aB4o)XoVS_4w)C6Go@kHNnm+JIoXr0eCl@{i
zhI^vhPAc}yk#wH7LO0fxw4Ue59XQ#OOvj(CT_W%QP9o#MC97KBi#(OXqlUaiDE_o!
zulg4qcOHwjmG|iX<Lt}ho2s(M&r4`2t+dvrdEKM|Mk%18WvL*-O93q^;`b6EEF%FI
ziW|e=hM+!{wqcd!u@!_A25llJO9B>ATilAHj^dz#%oxzYLPtlXl)i57_qp%f*Sw@J
z1%H1P^6ql(+0VWAoZH^+(7E6Ud;jL+knK6$8RzP9!1$g^V1P)Z<VECsy}~CQ0LdnT
z|8jPO&iC(ng|8mW;9C;m6FzSYU**3Td`EQfnGn9y0b}@52a3d!wTK+454UfT=WN;;
zTbBVMiR-jT)z6QcBJ^gIK1=$Gr22Q%=~FM$CyVttO5^lzu@7N=jP}vo(n6AXg>ZD~
zFB11@9P@V5<@e~kA1@^8zGg43_bpcn_lpaOx)<4t>;0!I?bBZ*g-r+--vL}TMR>lM
zb2G}?RaZFv%mWLFy6@ME>#cBC)@Sqpk(6JBbpD;ycIgPWy`Nb~+-%)vuW*juI~S4y
z2G@xzg{!|va?T^JKIN{A?nieoByKj(dl5Qyae(RJ@^GE1jZ+O*$m6*pDfj~6di4t7
z>hj(~636&!Q-tk)AP{;3+6b=05WWtgwg0_+d)jtwX~-`<9MI|H=`phSNQ^8@Y44W~
ztq;X*+J2Tsi+XdKubS!nxEmIc85~#&EKFZT#OT!%3}V<mY=3D>NLMZR7q9B71Af$1
zVRt>Gh2-MRBH4IR;mZ>R`I0%#S3MnV+&MGv)89S2oSj=1h}=8umOCuK_U>|81DAAr
zcNC5qCT}xK7m`;2EcIrKPqndA|G15PJYsIOzK*F|ZnpqC<G8OiP#10QlEHCw*+Q}y
zz%tJdl5H~hJGzUU^9;Ka(N83AUsCud{UEs}!R2#k*d8^NwO=D-z=)T<14NR;qrNx`
zU~%|C0w-KPSM@!XGnOlowU@$ekdgd%87PwS?l{k<25{+NI+rJs>ie*56@aBcVeb*H
zi?H{j!uhkA7i156*R#At$Dh^6pNW3syOPHTisYYtaZlryI)$e^a_YW6&LcngLp<{2
zMTOU7FGKUUZeBz*+0*W5o=bv?rvdzQ{lx&5iwQ!-ng|^++Rtj<r=pI~>!mv(T>lJX
zZH339`<ev+mXrHI3XTq^vk`x2elX>cDFBvF_k#o-^wa3A`IVIB_X1en-4BwjpnX66
zTw0t!X>ZrPr9jse$JS+gtu;{p66e+ENawwo@l!N??cRdCs_BCp;L2>)xfKgZ9E%^b
zss2a+`Dy^mvi%^5BXBK-c?7!oKCM@H+V92vAXVmLA8pRa`%8M=T%NnA?JkxPuNC+~
zqP!CAtrdadD@mw`cHi_?KS)$wqTLU@*$+}Mf!c%c8b{P$EnD2`$nk^JvrggZ|GU?*
z`aDmd%vC+itMWQ#KS=rYtUk}<`0eyV`0bAUAT6y|_**F-4#B$85X@++2UI-}>lLlv
zkG1F2{k&5xf!(sg_uUVYi}i8+JJhE<5Bn_9^?@H+0*7UV??&etjD0Fkh5EP$W1soD
zKAv+efxpWNpG@areQe)_`V<VsKC^UvY|Sl!)3U;MqVwE}eZ&)?J~_j%&vad%N>gj#
zS6SgN?E}fh`UJlT^@$U(&;5EFbZHGJvcjL=2U0K(`v_l$`qbF5Pk|l>SGNWd8x{Uv
zbRO2n^G_YFN8npWx9M?UZ4F%8sPJFVc?L21e5J$nD4gde{XDkTzzvNG|NcI;&M(sE
zOC7H7#6I2i>*>=PxUEs)572oAGWz@@)TeMX_Oa;axurF5SEIsv={&5D?Q<P{?!i8t
z^?io72BtMC{1!UT07jorb@aIx`!w#;!FFeB;4h5||1zD2^$C8W!}b4RpPzMof)iQ;
zD;pJlA)Ti`qt8(tuE$}YpstVjKx^QYMumTx&cph6KGxy-e(dv=9=4*^z^+ED(bee^
z{_Vm33heI#?C*T`x0L;Ti~S9<zpd<VRs;SW!u~qh-)GogiT&NzpzwF?0}1-E^&Qdi
z>|%tqTn8)F5y4Tdf$V05AG!}D;U<RvN*yj=L>?@S=;vC~8mMnl_?swhZe;xNu8yaQ
zaK7ac{cI1m2KqKDyahz!XhOJOVt)@dDSXC0kZd<F_z&yGE64Gk)8qPBOJD@6K~^&g
z^;p?3)MJ)?AT>5AeC$4u#6AqZ3LQS)#_=9v<58U}KH3`ihK*M^0>|q<6vu;oAbt5W
ztN)gd-|V;HH+e5eSN+23zuEEIv?2KI_q`z9$-Y$!_-(;p{8qacq|@wM&2R?)t@!Q7
zy&z@%kLhprttt<{{cA5s6WF($VN8Dy!f#*i1!)cYR&YCh<Jh-<>;>t%U)lPGvh@wb
zZ`FH2dXar|-^SKA0KZl31*w94D<8tv*B`$f+6&T4zp?cVX6wtvZ~OOx)a7@iZDTY3
z<u&}?%I3cX+m`PIsR#S!&SUf6jNi)kf|SF)l@DU`_rq_cdqKLb1;@VhJL^A?^}h+*
ztlkUKF0KCn*8fKQwsbE@``NeZ{tW&b@Y|xjARW^9E0@uyFMgZ97o=4heb~3EKKSkF
zy&!$h`sLih=+hg&J-HX8|Fm>)Pn6v+7}wEVO?D^Xt`6F0=lJ#x+GywNw|3A*I}`8M
zK^yHH`}&UHVQ0_RcF;yUFSc~lhMn;ybkIgSmo;_JMmtNDJ35DA=bOKF&_+9x{HcRB
z+F9VgJ7}Yw-yLtnw-TbAxqa4X9Mft0qDclZoVG_B7bWi0_AE6Wz4o{EcR#fKg58bn
z&z|+M+RjF-Wf)$&kkxkV39H{*$@W$DMAUXn7G(OpU2Vsnu-gAfcx}g7d$rn*nCqnF
zHZ6E_5$Q23dTqzg3P1{W=dnKHG^;9)3-&D{(}#)VqaUKzcC7L*A`6F!1Z>!M#8m8C
z@k4lR$I*L3wH;6ISw!-OvD%LBo4#zG72|E35$kQ3+Syw_A<kPjwu`rAUc9$uk!kfs
zGv`xds4PKVy9et>2#3J$=^@B3?_qak-v+<udO=>cht-*X2Wvb2xQD%Q{4V(25w#Et
zf8o4yPhxGygGp&>KH;<7uqI-S3FK#cfczE*Us#hy%GI%goNgCn`5o|!W{k^Q_JAZ*
z!a#g?Cq<3-Y-W55rkTRg3uNni#`$QmdqMK_5#*^FyobT>xk->GGkC@K!0*Ww<Oytj
z!Ae}u9=3kh5rg%7$9d=cWb&%($kwf+C&(#D_-2OHF38Uu0l%xoiuFJCfYi`SkZm7m
zdCsACCFs1L>;WnLedBz)<9pQe?27E(FuQOVIC|e>z0atQhN76gTCHU*Zq#C60P&c9
zFYTh4_fh%zb^!#eoxtLc7b=cFh5IPwOT+W#?5uv&=1()6xBV1eBVW#B^^71*&6_(1
zY0hmXm_3klm+Eutv|9QzTY1cR|2#a$)4}ND`2zFiP9%oscverx98Wn@kbARyx!x=n
zI$h0+%g)v6<*PMl8o)39hPZ!X4@kjuj@8Q#<<wGt>+wAx9lr$vTi*o9wv6+4VX=J%
z!=FWs;Z0tOTVAJYQb9ac-eWQD+m8~-g?O;&@#~2dWXJ>ms6CjweBl!B3_gfC!+JjD
z1|gqL*@L=e7Y7!p5b5B4KBBJMA*93P_cEN{{oDAhf|(Z(zrl|&FVU*z{blDizscU-
zI|}~s0RCqp@LQ<jcR+(4w@Vmq>DU&#AlLm5{K2z`)3iMxL9&L^l(zgric@|MNKg0X
z!sW3SuJcw7EC+fBVedG4V+ECu&h-PojT0+ozX=jd;neq7%PAgX#EQq?Wb*hB*5RsV
z>rr9(nRf~^IRD&VIB#TrXwaPIi`j$qyQ%z9{&|FJPb*J<@Sl7WX|?t|?+i|CPph(A
zT*Gf~BCS?Oj8o2PKzSx(4Jeolj!Q`(XUD+ovMJzLqSb%;iFei{f!t*Z)_+>MDZ{Dd
zdY(@Lc{CSZ1FC8gIF6aXLgC!|CP?BgtWDsU!1!cMIG>#7K`vu80O!4#;k>Qcm{+=-
zL0)nFfU;<1vPki--edR=^2+)|kn4FN><)l?I;^%vsY?(hpQh~Gbe&v|<2ZliKaqz@
z=vp|9hb&=oS^OqQ7yELCdsnO9G=9fo8RZ)$pL+SFxQnE>>w54%!04Uw9q$a@-Jagl
zu0wi1&FI~W1B?G|hVw%awYSO`zF*C7zWuQ=zL$KB_@=z>dQ*pUQ+BT9O?JnAFXDVq
zl=?&GGmUfHHT<qU0shLPh~It`zYW?uA?acGz3EMm)+HL(d>9-Bzx|`&*UJ1eO-E80
z)5~GiSa3XN0?R+yTaoU45x8Tun=-d#I5$_dw=Zq@`xNm9zVLb}AHKnC`>y{#+o9p^
zt1rPHd=GIKd;=ucuV831zJCLx<FUqd7|y>Djyo5CgW~K46V|^!^9JHD#{`zR`5B@5
zD9NGvD90u6d)`Jk-hBfkvC_CU$~$j>)c-WTZ*=P&#<fvCdIKbFFS#R{^|)6g)o-Ca
z3x0-v<%p~B@989=!ggBOKy6+yNsw<9Akf7GmU=VqYm=#XL9XXP4t52<`wgsvtG=sK
z$vZ1^xiG)x^i{}D+Ze7M1h8Dtja42m$QKeoF0g=q^=_2Wns<1oXAtLajPeFj@G$RO
z_6A4?d)U2-DXvzy6C6!ut4~{R&?Lyy-vFuddGx`f?R!7}21vnJL7u>PN_-yt(e}`1
z(YEFc)&89^TYZo321$6nAx}NW%!k#@<`ngv4GIs}tT^bu>2LMsOrOO7f6y8HgLSx@
ze1Lb_`h??-i$&bs$8dK8v>(US8T`H8VDE_gd8g2uQ{Sr4<84|jdw*&_@4WpDkou`_
zlkmPStWJji`Vqa=J%oL{>en6E%R7h1z-(I_IEHtD+4e5r(7#ti=e}f4^||BNzV060
zslhN|5APgiFg_hmNWt+ISiqsZ>HN(bd{{li@)Wjjwwrfe!^S+gn|E#iur!%@ALTnw
zvE6$nU{&kUeZL!VC>{j=0Wzw0n2pX2)ubyJ363Sdr$((wcj}G|XQBx#nlDY^f0YA^
z{_Q4Qx7Ak-Y+tsVcb;QB%a`-c#uSj#GEmOrULO_q_SEV9NQ3X@WH={(8Ls!Jud*!`
zW*;!E534_+>B8QB3)zyOU-#x)Y<BK~-CF%<eDiH!63FL!<$I0l3K`iFYO^EjQp`+b
zwa6mvkEvU3yBaH2Nal5V^}<)+x2;2cwsbd0)RzeU$Jj2pcZ0O<7vnRhwY!b&(u&>2
zc8TgXs`E2d`;WZ!?B;OZ(&!c}<(=~w-6oXs&c?|m@BLS?cxZcgJhb3777sm~;k@l*
z<9H}%Bg)Opjl7f6u{Y-~)$o7O+{H&}(DuIAI_9(M?OJShZqjb{9<0u;MbeSlwvOnS
z8ikJSY@w-}>Zf%?$Ne9JKUmECf2!+F7~4mFH%RxNF|J3`BMJ?(I-p_G<oqzd-rf})
z53%|%Glyri)rwg%EW@ec=3ElU6hHcUIhw5ym+?;64U(e;-vV*}H6qR$&*(cY!`UPn
z`*OYA%olkS<17ldm<Y++cQIe&aqyo{66A3J{;v%E5#v}ZtmX@=^VcRvE5RRp9`XOy
zE|4mB8{_}rE|5|`2**FQ+Y1;Cs&?V~G<rHLV01XdzFp2=2=ng%95v=NUxWGvN}SKT
z3*T`a%!SKw8Gr-Zr29OqjnNx9n|4L7FSKS?^m<0ic15qBw3v?BQ;?(C^7*?!s>>GS
zXmymH+7-PX(i0uP`v@I3%A8YoMX%}PRPmGQYngYKw{GlcZ~cS<Z^P6(y^S;O@HWpH
z<yGFty++M8T|A4tT)r@3@8(nXzTvP8=XVh{M)j-yih8Q|9A2$=G??ls-5qL;-@Sif
z`!;{q#VuAyKKnYpq2>7u<CgjeUay(naonQChvyR_zO#BqqnV71W;!ZEFAtxC-!&cO
zq3(5%gnxv;38~4$h1Wr%`Y!N~a9m$V5ZdtF{JODTs(&5zlE7*i4UNlat66m_HlwX(
zRdZ}e4{eFbaO&>`>F2CsI><GHcYgmmzWd*7=6y{mARqsh(Xcd}hRwCqj)7dZf$jg?
zlHqK6tvxN>4<Rj&KEyk}kHtMWp9$Y?^_f8RCkAoh^{fOC$<wd1z1>pq5B!evw(Sp0
zLz;`P>uBB$l4rio_Re>Q_6N>S&i5Ma4|GKHFxn<Uaz>=BGIh%}v{hErmEm=Gv8JBJ
z8~yiyU;IC||Mxmbu03G5&+z!`APwAWET7Lt;fdL=8`~<X7n>sL>Ye^Zaa6E6R_VHX
zJ(0Rq)2ro`c&}&raFJ|nX7#TWlh<%xG6iI<pZ<Nl^Hqz8d$>r}0jp_s1^u<YecoS0
z%7=@j_z(1@{T}^b5h)lhlIPTWS)qOU?LLr#y+F2&Py)#SmS{N8+ZJ~<;=m+`g!;i#
zniYPK4<zvu@TY1usiN$4t9J<*t||O?4HrqxM~le$o?LHV49;)39v<&_>DN?!6yeAb
zM3M+#xzc`df5(0W0^Zf4YgiD2Z{};TQ@k3%T{E23nEjO9@9HJUg)!P&mUw0`#)tAs
zzlp<?z?IObD}d!cUXX+;@Lx&$^a!5%<nu*Dg{?2wJ1mxe4ID#a@Ey^1K0+++C!84}
z5~^#@Hz~Y!m#&T0ow1E+q)2FNOxp!nySRw)x^!7g&Lu%b57w5(({xVS=c^`#-+wZ6
z7kaKwmjk#oM)s_Xk%dF}W@A`>N-shFhpg~xkA(U@>eJn$em+JPUyP9<O5Yxh2<zqi
zrJCz-ozq8&q`XPt*Y?P7o9|xze1~FW@!c5N_LlK{KQ}7;+W1i4;rhP&Vr20^j2t{@
z-1kO0?}5-dZ`SwyYm6*D6C-<~^v#c`YqZOY`|oN^gd~vv%z<TYk|0k!2>z!MqUT{5
z>C<a{crUieY*BgIl?cgSc-eVSKP8Z&mz$T2<)+Ulk<{206VeGR&m;-*`2FCYlMudV
zt*;|#1V@t>bJ&{9DJWZ}?A$llI$eX5fc%o#o62NEg{LRTQQ^rKN%hZ*$W06$>zjy|
zFdKOpynN%0z>6t6cd3`1Q{Jltv^QEWha2Di#iV8o%5Fj@q|*uCAE(oP19%=`bP^nY
z0G=@-iF<u9`N<5HIZ1-N|5flmogjqKC+zId0G3s4v`R%<B|`ED4HoIjX?4ynlIkDv
zF8R46L4My1mg?o{EZ-rb#>1x2eex!ze<6*%f11jN>RXIQzvKDx=zFhi`Y#LhLXS}*
z+1{w|HEuTdJK=NJtZzTJ%Z76oB!}kiPH^tYS1@<YIkYi7@<p;ptw|Ts4ZXcO-LNJ`
z7T3qfo=wKO;c;2va~3hUugwq75n0n7ZZQwxb|-}3o^}tyed86teP)bEs^45p?r&81
z!k5^*G2!!;uWCQ9=XRX8x^rmWvI3kp=?dn}c@1f`eT+!*8Wr9>kIlU|BBya>`?-Y|
zS$?}YG<VfVocq_;@V-V=It7tVXY3+Lze0P{<6e;zytSBI)kyVrXpdl6Io>n04N(GD
zde)u5X>a$UPj@351Co`1^3#?35^)^r!a+;^xGt2++uMjc%P|fKW`yKDB~s>7K#tTu
zOGk;Mu<v5>u}NDO?m=F9jlE;u>+-nKe4|Tk?;0b1&$2OW{jMCpbrEA6XJf!$5x<wi
zt$Ozf&<9J2*gI2WiXq6i3-1s~Juk>^S>aRokPmTFx$b@I*JEUOGe#EXqpVMERQUa^
zA-&MET<2G9kC8pE#>nD)W4-VWmCqzWzG#l~<-CA2KW9$$MSHW{i0;-%y2obc9(|4N
zZ;wXbfUeWX&fG<9o@X%`V`9F^+&^yf>R)R=zxOrv?&G+Q=kIg3NUC34Ol~xRC1(=T
z6{jQg`mFZ4Lfs!XvHa&V)=>S8o~SQ=eAQT2wb_(jjNYR}(p6UYpI!yYGaLMWL~m%Z
zM@xgk|B*W}z8;H7&M1-8H!J)f(G6<s`M*UZCtoB#HETKxea&Ph4<4m8aM5h>QCW{V
zZcnTQtdC#%+_;#yM~URi=F6`oERLprN?>vH*e@Cm#)zbF*J3s14BKNJ29E!6V7XG6
zreiHRyNJ}-SzT)YOU<2(kCG$o-BbhL<R<1Hd=cWI?#akQ<2v9W_hzJj{uq(G4`3-6
z$>x+J>Wlq33h!$6{nOCA)4Jlk13Q?va4z$O?iNW?iXcDGpz!;D59yvxujzD8X^iaI
z8Y5RuZm)Y99~|jz&KBg`nlwH_{r=Lc$VU`LxG{=;R?J?F2VRcQ%d=R2VQ}=m8ts-x
z;TdhO<<aqrN!)0W+|aD>awf>FJ29{FO888Zmz@8x{fT^$jN`!a^G=W|$6tO7J&&t#
zK>}1zK2HX)oZ1PJct8BHdvI(F%JUSSA33nlH65jEa)AFz$I<gT<)w3xXB2+|M>YqR
z>VAwLe~!rayeFI=H9oLSKz@vSE5whd8&Xw%T)oqnA62{QVEY#ZB9Su%xoL8~x8hP1
z9irnKb-!fCVp1?hB>tx8?Zb4&g2g1~ZrmGCeWbhpxQ}%At07yZt=-iPl3RAN{aO+p
zqea@Q^93R)n6j8G0I;ZfHWOqgrQw}X_#w)EQO=EsH>z`Y16b~)d^sx07!i1@-hq87
z?zRG0Zl!%kM(-QOhYQ$!%)3Prl3lbR;!c#^%KH@6hD4K1{W_LTT})~UL^7gD;c1`L
zogfKzV^|{lx~C#6wEyD(mi?cH^w_bTIz6^9M)nlP$gbhWKGX&o`N1k+jBHScCu)rR
z@lK5&Fh+J+A^G{8?7Sv7#0y%iPS^G5NRh-{gSIO(4gz;l{cmCNb~Hl&4>5>IZ&X<R
zzg3t2kFs{)ZzyYF``uTueX)@!W9t52y{5PE94DF4j(&$+N<SXyXP_5Vx>**J!jYK6
zK-<3dH;{xujBZi-xGe|=?WgV8>Ty~I;5e5Avbz7j6C|pesEsl@<HUC9z8S0?g?kVe
zey$j5XZ8J=wWD^aKNo(E7;2Z|8^_ww{}1Ha-Y!w|ektC{SnluWop`Q9e>;;PR4lI#
z?WacDbDvp)d#gw87D+D_OLXKXx@ERUKSCtx{pM9xCtc_4E0}Ba!#LOW(IUBu&DBx+
zbGg{wMB^88ijUH3LVYL>j`V+*ENA<~_lRUn2kmA)%ErA*BqQpL<Lb7(=UcJu^gF0L
z#rg8;6<(7ctA5Xm2U#BrP@Yrc{t~ORCIRG}5iEzjaS@4Qv3xWfpW|@Og(F1LXpZw`
z)T1rw$gWeE;+q$dxDmMD*N}jEM9<6i^NM2(JI^c>QBJ$h#d}aSJ3x9(X8CI`;Wztp
z`0ex#kbaXD{;M4zd9v6&uM26R9N8I|%XrJ*@UFJ%gTB-nxV1^)KiUCOCF@i9Tc}Ur
zOziU~T_4Yq*1%m&3SY4Uq#)~K`!&?Z{RH;mb$x<=YYjZsr0~0R^N7EM`jpSYKJmIf
zw%x6P`ArJHO*c>Qzo9-gv$0Rh4&8cwZ4Insd7}3>V*cpUEYEfW`&+?&KiR18Zi=f+
zmLGjyx9(Lq_F3K7RQ_#iTLTMOj^am63jf>=kX%~-8r^z4*#B!?fARCyK&KXke{2Ux
zHrB^=R@Y}c_Bk3cr|V>Ez`}ADd$GAkH8cL0#rUHTdBC*;q$isdo=~{bS$^yfp*iCG
zIL96~hvtVsf)d!K<u^W#V=j0Y$Gm$7NZT*4{Km)dTiHYSZR8Hjt5p3r_O0qc{C4{e
zkVa|wjgR8D)6?<WpdBEMW#0;B;x~?c>$d}>$!xs`wEl&xzYE)3zXPQAwf-|$fA%eV
z2S}f3`J<08{7l7fX*)nVuH}zD%;e_*{FY4Rr$yn-l;5sq^f{rU&xeS+X*&7@e{T)k
z(2B4owKDuoXZV|p<2G#vX>{wA?F;Jno9Xy57q9UAO1D=``(3KLvVPiL?SGrDti67Z
zmCp08I(6+G!=~FGrG37L0$XO3JrYe0j?_iB0s5F&-4|(&-c}#S(zd@xX&V`1(6(n;
z+sHNQ{Uq8h(4z456W;OGjpe*8^Gx2BMX;Ls_^H9ptEmsL#0io+UXbI`@h->daaLzg
zee;r2{WTlQYgF6x7UUqS!6$Zt0kr>ICrG*5L2`A%nto!wU5>n`MdfH+J{NXwQ)f=`
zMc#qBZin_JT)ww%tle8b;r;ST^VF{^8ULC$S<t=+MdZx=A}KnKZ*pEx6n<KM5iyMy
zi5b9BHnNE1j~59{!hRz*V86Mnz20wH(5yI4t2vL{m(8;{Z{rM;w_&Q;TR)+bw{C2V
zw`E?ew`CExy54N^T{3g(-L<$l#D$87p)kPmL+90TP4<fHRG7WM1P(CU<uA9hJgTAK
zhY@zwpWm__B)GjH&ohkT&f@Fi1WEh0c?d`pw#u=f=9kboVikw?geKl;b?Wc6WM2of
zMKd_EuZ7t`4jdQE>AviAm|d2Ra|>zU-@6^}s1}a0I)f$%X!7uuQzR8n6p?ZhSZLdz
z75uNVws9k^PLT_>O`9l^il>UmE3B=U3jWQkZF#=c=_1G*`upOQ7I3^|O0Tu0f<s%|
z1C&4RYsky)g!i{0(=NwQTs#EoJ$=Zw%iMO1H|THB(=NA^u`{}dFwb)QcDCpK5cuQr
z!t*T4&vV{`Crw`JUstevQR-t?^uYU0QbU^4t>s!i2!6=LIAiv9ki>^zp#FWbO7`~M
zU$%qv)Pv!^vsN=_-gb}<?!xzBYd#qz2X%L_xChz$m2v6L;}3<u8>r#KHiWJ9LGaVI
z_OofunpoybJPiJznO9|u;wJd8@x8xE+d*o3e{`S~-@|;k?HzDZY3i2SWjlM@eFpd^
z0QjFx0=fJI!cFnlhr>HxeK?RGeGpcUo;axCXe=a8n%KJ`Zmtl9<D;hR+=7X{8}xe%
z)rpYon3$u!D@buW{vq(&dLeEzwu5AQ7}&dlp&V99)Aa2iSsyaKBl)N8#_tMt+fH?Z
z)#o0}-tCIGcWK>@wV$7xB$5-Wi^y+GcIMn@b#`X=?cheM^Q!G2QU2^+tDxLa{C}S2
zjO)y7tBvA6t*sWA#|C~4&nJ3QJg3)Ay9FF?Ckk>?F8B|{3t{iVviqj13(Ur~z5ZJU
z(onUwSB6hCXXkp#FbBcb5B!q>{F9T~?g6TK2n7$qYJTF-27NBUlFs-Zq=xtUo51hN
zM7$p^1F5o~hWCsxyuV!r(t(@8@5H*y;qNzl%-{&S4{Qd9+ay#_onz~SI!A~B2h}&z
zV!;uYAjomoQoE4m(_(z}K1K}ck%mbknfpo+S)rZ{X83lMh10jJ8Q+6`wJd_J>hD$`
z#g8_B_htp>yRQ9wHm2jAn=BG}dl8w<fkkcGy?xtCz_zze7Rg{w5qX5ww^VJ*+aX@4
z?j6nxmAx4+aOt%Rx`N|iq99M`3jVj^1=-;3TlHS65f408hIg7zn|a@#^Kj2iFXNs#
za9lK}`Rd}r^^Yw^rA6EQLstwq4#Z&1H~oIkMYGix?Vj;HWzp{$k17M{A{gtuVPz<P
zE%Wa1){PzIt)DQ`+c0&6w{b?kw|SP`tGv&t_l#-V{$=b=02}{wqoR&~BjvwFc3zc;
zzG+-H<l7oE$P2nNpWK7C@GVLoZxLx#_vm=vwG=*cn(wJgN<gcHM}41-lSQ)WwIX#7
zF-7P5eLG$x@|Ys>3#$P)XfWdXsf$YBS4EAz(9TT|$;A7L$d7<IJoL9)Cy3<4{}qw%
z)xK%IVh=l8`d$gy(n%s2ysn6R4Pc=*?LH5?i<Aj|YSZq~`edR_EAXJKyRy)xm3f#Q
zxVF7bt2xPeFP_I*2+qz{r<#|{Y#ZgP24>s*RcPB%?SdT00>7=vqT=(A2PE-Y&9?Dv
z`G9o&6&{eD$}+YqA9z6e`f0Qg)kj9jmHIp4S!mn%FVmbGY;FBjp08m#(hF#dge=T8
zN(YhH%-wPyVYsn%!(5}|?Ed%B>9G3NiGv%ob>(!1<Xb1^G^laW-_o4%%tpm?Aonq6
z=jKf86J~>Qk|24&#GHm2hJ$t8zz-J?2Xj3j3E30}eB0TKhu!CW&I8iGZpL@`7kNN3
z!p#dFylekcp0SO3+JiQzVS-5HX+`8d081wN@ua9V#BV&~o%BsbWS|)W-2g1NIz=+~
z;UZFRw)pY^EVR#at=gLasK-xiV>u(olz>*7G#0=zcN<8-1n_6--pZwO%`Gh=bRHvE
z@A5>?j~L;Jo^LSJ1JY!3xb3boq3s^%0V##a%b{(^`{LIqFH}ZP>?|S)IvIOwqDW4>
zR77HRzdc8N&Ur=Tf;rAd^_Z>2g7r@ZGvD8w?mI)}@tCqfz0>)v68Mzi_PGfn89c6t
z{H}y*zNmO`6p@V+M53p4RT4PnvHCK!O~w61<gJJ{Wr^VUD}zlQUqqad-@Ah2QRZ6|
z{*;RGeGuWaZ3AhGT4yCBe>1nSnwmc%{j7|BUABQFW+DCBXg3k()6>9Sr#QAL3V-~s
zg1lWlBS`ff-KKlT^hk_c`B97vnc$~-B~4NIi;04K@dw3UA1{QR1L*CA5uJ~018Fdb
z<PxQUxm)ftjQ4D3Q1@nPeEvWY8LKFKp#ybB>Jt&~^YGxOa8eseVXFK$yWeyQ@pX~%
z&$Va+-r5?HpY+K^L{#w?lHGL1Q!WNW41nd(R*)bS{26RdGksbSX^5bcCf6&r;rJBx
z9y<NsFi|9f7Zj0)bidIyY1DUFSVZ#J@AS7@CyAtDQ4z^yzsZY>$hQ;2=R4i3IDTxS
zJ;oL1x3b!+uY_b*tL+;HU~z8+$&(b4;S4=5l;9kRio)0bRgjOUw72^1+Q#%$S3$1%
zBt{N?9wWOFF%Cb|tnm8!!4sDjk&Tl?($cE%ad#rEtP!*->`G~6ZS!};Qg%N752RH+
z)e%=Ct;TE(`P=DBibyJ>)#0to#+8P6d=s1d->nKyeI|ah@`rt<ZrkwPc544=Y;$ZY
zt2?v_->Fdj{*^^!SDVhnm}B`?W|Ozzn<yDf=5E*uk{BDRqe{n+R}~RDj$hk9tHyON
zs6v_UyA>o}QTS`Of>e1PapM^p+Lx=YQ390S^R}X0cYUk`Mrr%!A2I##9*&i^6{K<O
zoBKojW`7sIC2s}kMMdGwTR{re;XJOvy8Y(g={#27w5{x(!3rg?o{g3BK8|(zZ5*rh
z6_7qwu*OyMEVH+9MkjB>)EIC5gjlb>=G8?r=Tl?FG`rkwD@eis@HeP$Iojn6#=DgR
z!0+m5m#tfIZ=-S``Z2S%vUe8;f&XF($b}KUOwJFScfdc;m$_7#s@8SN)73-D>k0BY
z4)*L%#F|JJyC6$+Y(LuZ5-Q_)T5W^$wi+_cX7Ckn1*v(UaUSsMtsuF2+2!-Es5Laz
zy$V-fyL|Q)md7*@{H}g>`OGVL?x(I1L~`3!wN|OR{>Zh&ead;$zrdPKd{$@;ybWYM
z{FXuBuY3dHpRg4qTO0goZSYeV#%~2_VjlSQxj@rcJsL`1SAt!hmSmUnD=liydM<^H
z2RS$Z{Ll2vuXwsweub;ET^^8wGOgAa^rt#2vEJ_B>>`*=$BXME49?+TKwl;gwnR|R
zb>IG15ovfpB$s$<AJCRnO-*wavKXkqPGg`<RVPq<2zKzxb2zX2Sa>e1-HyKD;00;U
zi6ba3Gkp5{bE-V;NmcXCy6jC=^UnHn?$SqD-r1ujkl%}i*+V&ZsXix80Fiw23d_?U
z4*qc$I4_OQvN=m_)d+B8B?<DBQQ%KW2(PiN-)l6&ZTwb{27*W$%qc!kA|${23aj&F
z2mcfR|NKO(b(B7FV8eMnJm=8M^3%MgY&Fl2!b5$}`|aSjZ9|%$q&zmq?ya=Lz(%vh
zr^TR}4@zl3*EJ~LI8LKHsfT+&I?`8zpN_BBpM`z%+v*j>bpprepHo7$zh)NRs;^gY
zzdg-)74usz=BKsgDXz1pwdE-W>}hRziuVg?PQCA7l&5Ihp6U#|g6GK>&AiWjGMqoU
z_rP{<{Uy!$?e%T^uIhWFXGX272iCB&fJj6uBu~`n{wMH{1MrVa3in$I9)#7_i38fv
zX9=T^KJRad3G@EKa;XzBKTuzvVu`7nnhPJN<p=%={NgI4>BCfy{E5nOTANSqVl`GC
zdIh9$*M<AjHVzzm8oD@eoK6ws;lS6Hap1Tba8G1L1g%fEDk%T2fTXqe061JD?D83N
zim%fvAh~)r<hg$6ym}L9tLM_TuTEvzD7SeG<;f^@y6<=;y3arS6_BFkJKy?B^gV-H
zUWuOX+~*Z-uODk7)=#*@+c0&Mw{gZuZ}Y4XZ8Z{I+Y$FYPo${)&+RKBJ*J4H_#e2J
z|33xm<Ll40Gjz4k)jIW4L{ifeDkkqQB6bce9knlHZ8!Ui$e<3|#<6za1&YWGoR)Wo
zwrSQD_73jfl>m)*Qgv}3oujFuh<rOmB=>M&iQfW}rw{nGdjR^jbneM-6_K<lBI!+G
znPUt~!xWL+_I43T@1RZEpG7k7a1pthwK1CS?RSdETT?^=ZR<f>b=ww}OZ15nh&Dcr
z`<jzLj*nRHcU48i`Dc+NbNK!9%^<;_@UCA+G^4aFXE?sCvWR>IU|E|Rx{JPSi!Sfv
zWQ;8SJ4UwkK%0H8RpA@W>AsXCK~Cuj{`82PA-!EPvJH#2V9rp3Io&6lGt~FV25muI
zRQa6}p!P4F!8`BwB2wrQ$wB~2!GE!4Zpw|}cWw*1h3-F5_{48ne#uj*q5P5n^7*ry
zLE8LF5qZvqHu-%PPiy+-+s(}PI)!j(IHR$U{{I>dDQpynO?5@;cnes&$2WsS|1V@9
z??vnLG=N1YM%c{npbU0zC?eZkBH8&l%HWT!cn|BH%^=bB!FzaTjM8@Vu_E#o^DkCK
z&@e+!!(%bB_;rlzv4UF9@7ETrE1RnE!UIe$zruBl1+Y{Hjq#mh4dI)PMST%C%<`{h
zhH%dLa9tUjF_sDE=kR&IJBIV#f_pQxE&06#@AlBXZ+}}vw6?U}bL=gS>i{ebJ%x%}
zP%g-S)cnYhFYwT2^v9^LK>Y;IdrE-XP$Rj}!!z$B!qb(~vlMA*OTxEcF4xb9=Rcyf
z>lytWh<7(f*X0K{N4G0`Hb<|u;idf&1bGM-Za15gv^#1UKF?-W`yfe>;jc)q_sdh*
zUQnjG7i9h%>)O(FPN`M`cWUw5Bo@Do!&vC;QjlI{-)bh}w=#m?{G}j$*Q)TZmVyL7
zBCk|_#)s~!oWVO6ofwb14k>{o+yfw&*q8+qa7^w#9CKSKNWB$>r~J2yj%#N3bN(J0
zH^&^#tCg=Rf$@sM)8EdOqTW^c_f;iuAB*wg95_$aJvdKMDM$;Iki6(=e=i&BYc^Kp
z4ka+`3gbbU#e=1#>N^?gS*<PGF0U_TI%o*^Z9VPsno{<r%24oMOaht4Q0Ge#Pr~is
z&xwqoYB_JpR~QdIeP62TTc)yjkopg)JuzPRDn8Ar#Z&&F;1@<RJ+v7l;r90N6pdd^
zn?bs5sBt{ibu&mqQt~Too$a#!UA`?|;_ps%f~kGHRLH@A?@K`nrhsg_3fkVmQFxFk
zo+ouLCg~4~WCM$vxO(21!{VmGi8O9XZ`1j%iQspi3HOPc5<p%s5&hyhX=%<mQ`+Q9
zwNt9Tx)WojnRli-r*?+fLpXP-{)`cQXTG+~369JpL4Nzs;Ll13Ka<qQMMik}xD@wR
z8q8U~%0x(>R|=9i9{kjYnGE3HoCLD_L0FwKaZs4Ad^8r4sjqxg7YC{J5$W0oA+0u+
zg4C2C$gWA6-<%cZH><pq0&@R};X1<BGs1W7iRYAE*xbGO{0g-$oCzEkd60*9f!Sqd
z#AW=j)KHyN9_yr*tM{PUy~3fX&ZVX79>dU7XCjMpKDo`fUk$7M1-GR-=d*r=LsFeJ
zJjejzvG+Hz`dhuh?>-+<BdRyT)X*i(nRb&=+{4$}`e5CZELJNgvlOJtz9?@r7M+p=
z^0^d2*4OhYV0GE_=fX2%@mzQ&i*aVMx~iEGG0x0Hq+4X%q}6EC=s2e@_&qsD$LmW$
z5^iW8`&=@E@48Zup1t7;VxJ@$%cO?IJ~^evu}_aukhJzR_OYq45AXYM6G$+uA+P@r
zoz>dw6UTy-lc3#ALU{}Jh5;EMk}k}5N-70uQfEkxZ0EWL1{9ivitO$%TZ{#V@RG20
z$|jIpSL0rg+CClIpEmQpGwkjYmFLQ&a64HE;HZul<fGRJ@^CJ$_9_k>sp|X|-~Tp&
zr2qCa2aet?_O+BhR&e0Z*RuH}QIMT;a~jkbHy-31h8M0;aeSukv07D~*K-p{*`45)
z%B!%y)~>2SalEf6ysejAzJcP3`NX!qb~%UrU)9z9?DC)JT6-X$QJww5CXmD)DEIAj
zc98R0YD`{LS7+&TwGH*uQ~%=I&LNL?2Y=AY<R9l`=a5-#`yX`94VyqZ)ZN%O*uDwn
zY}yeX@5YP~<clek7L*PdzH%G*)mr(shCHJ)tTmgk=Kh!WhVPSHF!R2*uZO@8HO9&E
zxi>}d-znt3g_}U4e(lMj#pJ|8BB66%%Ymhdy-iGi%ecK*{k;*ua&mYvNq-pIrRdsG
znSTEE&={9=ZyIQJgtlw!R7^Ha6G<ly&zsV8?+@zR(zt18Y%!^rCKCO+xeRc8#%l3I
z>o>o1F*y;@&z=U3_t-h5QJ=$c#bj<opE4^r_Ca`zxNjrdkN-dkbONwAHlhyGa9}j{
zkOUliAH&I^KE>q3gNUaiG*%cEiWQPJ>0*WRF|znejO^)+y#0Es!e=E3^5H(<w<JV=
zYtP8`#cjgemj<)NSJtZVO)M^@aLW&hB;#hJv75$sFR*xHa727}eRzB)e97Xw7+rjK
z2g-x80pAWBazinZ*;-2?V!Wvv@%%tMt^}GALhrj}va^fG-{^Q-a&f%g?0ek?km%S#
z5Aa888^%9z;J6*YGHFOL*~EBt8h|CkUQ8x3zWy_W^Yx_sVltO~v+KTXdRQc-BZ|pj
z1@Wo9WqE33F&WI->*wy?2^`&+uGDlyw~g#x)b~nY(w(7xg8(e=Xlu&?zxM5B0L!f#
zLGpaB4ASFAlZV5sosq66*%&>x5mh*{e9_{f=Qe_*?!kbu&-s^)(dz-u+=#wWwD@Qm
zh0DzQ#02K|+O@bR!*|A<?)&f)WrJEvEXw%*w=w$O++7<%3i5(%R9A7t#_0QfLp#9L
zKsu(GzwDmg$$`aWFypam)uyHU-q?WgLhx0kouB<YUrbI+7s)${!ml5e-*)~Pzfu3T
zc#JHbjgiHx@SNwS7Cis7f=KRe!L!=Pai?VAxO$$b`k&&Mrzm{QpHbGW5wczwA37sd
z@AqzJ_nFRG+RjMry^vm=Hh>gO{~cm$nuBp0>Cv_?fc*c!2ILJIdkC*70W*L_Sq~C)
z4!`H2jhE34$D7Jx#F{e*PuX|KGtKKkdZkt2f1zWXV)5;GU3_~I<J)@}9c-^Ffq$@k
zg2`HbLlDR0*k0^U>p?olV&B5=@mu$A@mp{`Na>2gA6pMn@Dk1^j0??Ia}m!lZ{C2h
zq-UcNcteYC|Ak{!9mlagTMyFvR}iya(w$-cydETR82UP{Y`c7JJ?_a00IWb$zr*ni
z^FQm^T>=5mFo$hmwHoZ;k393MKE`=ZeU0(z#gi5_UOnC|<O3aNcd^E;<J;m@iH`eu
z3ZDOM015K7c-0zqemQ;vNX_}ivNml4NKd8U`QG5sp?G!Uaf`D#31pW+%v#OCfZPoj
zvsQM6fd1WBE3>=lAReopRjlR-G|do6hMC2$A|E>Udm?o1NA<Aq1o(3<jFN4-y3|!q
zU~IEx2k$)fWSb6C?XJo%Us}}Ib;*|&wYKp9&Rwdv#|51QSvIHnvbnTc`xtPHP7>rU
zW57Q?Ar$L0uo}o==RO8H+`0knc%#|sb0tFZC+k5H?#A~ooB)1jSC9*)!RoAu{ljA+
z7Q@mw$uhBbLxJ}G#N*Vri1&Fak%ng}|0D^r?MX_<3}2lpt7&1e><{ZPmfioPv8|vy
zsfWG6obJ=$r{kxyH~92%?o1Zv+DzbRG^hI1n(8dhJ^7KvsjrQx=J&D~*Ylyp`Q>`_
zp-VrsIJ>eK_s|FJ`)IYT;RB2F1J>vH_bpBu+g`OE<)SeG<jQ{F&uI$hf$lf6y83H*
zXXT*qH^k)>N?((g%DimmRXTfa!B{tq#k#KbAbI+uoKiY%Ol%+Px~E5vb;D|VvNJxT
zSl6gNYz<H6KzgSP0Kc#oY5mxGkZc2CAf*qrk@{Mo)GwR49;6KejcNSUdXQvuzE^Kk
zMF2;(IkmP7z(HeDIzIh>B|Fojd_-g0#PuLm-q(;fUyW_EeB18^sjw|(MOoD3+14Kh
zsCOI>Se$VHmdJJ&%xOM#KiL8U+-7_e%GL!Og>5lyCW~oV%$$rgh;}D%*m?#_SYMV4
zbT#_n(fopbR2D%b|5=B3oYea5Iz3>yD*XOW+SMR;6ff)POXKDHBjRPs(+e&sj`+43
zqp7|L>o8u1uGn8|XRpWm=dtTSdQ(w&S1-H#z&eniFT&~SYnLajV|On4;C+$t>p&9v
zhVF~JN!Qgk%6*Z4a$c3szQFvH^sG>RN;-?3r3XW?^Zk9m-(*hn1-BqCR<8qz%8{op
z#?TEa?lZ&g^M1GvB<Xfz|MQD=D9_ysLUA<SYY)+{vUfwC5ieKKb(^z%aCdkNU1#Qf
zR2QDgg}`PGEICWjmTaDh^-s%};s4*BiF+{L%@hgc$D9?#gvN$V?Ei%?V>`;H%|F?_
z&vC343J-GiOw512ZDlc`--dH|x7)~;QU9uN9F8^b5mCL*pUTGRqN~5#*6$@ezbkhz
zxE~RTg#*jw+SlCA*7b-;;-a+I+U88awv!(bNlRO-jJE$LiJcEuVttr+HU{NYqxB`Q
z8Znn^NAXZTF*I)i2bMas)i+xL35H@_gLtF$Md?p@pb^6Ho->!>pim@~FX<fp?+(T3
z*R2C7ht&wnX^N3;N{sCKhZ3Ona;&8KWSBo~3i*Q7!$R>hrFCP1Ak%o<_PG+cf#Qxw
zdo%iT#czpg?;C{0_z|(p)$7nNsN+GcYw>{ulIPRVUBDEUd;eXbNZc>t+RmHPd{l?K
zcnG`?U~#wL`!*?~BI5pB-PsM5(P~ydrq~jyAM+8)F(-v;_o;cB&*NNl-a~ASnw^;{
zVf?S!pHGzlJ8wLu=e5qEbI4<nJQ%kiG`7s*_Fvbc9uaQD^WMw#yN}9o3FC#CBBAoW
zitR6{?}sEpvdUKhCD6!XkZ64M_6(7nGpG5gAI0$o)3I0Kzi)d~B%H!(-|!$8Jc@GP
zw7QtYFupHjzumUBnADjwd=2IlUsJ2XXR$RDN;p>LqqyGgZF>pmpCw3mK1II;zg7Y@
z>qG77x+uL1IA-%WkgMXsF%H0@wWDn|u^betGrLhf{#qHN;Zf5A1sg)+>h)<E)2DUj
zF22Vlkj|MczQYkQf6xSur_JDRqH9kQDztUdx%KgTQxa5Y^*b(@yZD^ycqzVk_1zhZ
zkLuN?1fhcRlZ&JNKkjqVxyP`%FE%Ry+MbS0+X)eG^H%{lX#0!ic%LAFbl#lmqy2hw
z;AgV;8<jhRql>T39Pb;XwzK%oQ~yDSOSC2NzME7U@IF^@ih7T6$DwQ5-i$h9&h)MM
z2=_9g?S)XBM>}KYC6Iy%#(No8OVRf-x=7J;p-fWr{D`Kt(f2^=)?V2j$W?1Gp711t
zU*og$=1d>uoiO~>D~>%%D7U>}G2^kBBH5+jy^E=9ajy*4hH4<|<*(*prn6^=WSgS!
zdVO87R;RBo#K^WwG3wh~)IKe5R`~Mc#=5UMQKz%b;1gG|`xOs_bRV}3b>ERSAcfnn
z3`6^s^GFCzikr#m`Z84hI&F?uWjT%EjmEb@3GHV`W4a#?jY;|Q4yJ3ayib~MFgwHF
zwgx0mXSAcybe+C0<s;g^H`~`J7|-@k#^S!lhBY8%w&MBxFKbXgi|duZEbab+1KTec
zgYB2C0co{%e_<Tk-?<0BEnWlClZwLEQ@@`F`KdJ^1v|0&CLdcv`#iDXbZg|Pt+o2Z
zg-T!*yDRYbHRzuN7bt;c+WqzW*#6FFoUd>VNbl<SGSa3kZ^5zNqGRc7y7;mZ$ZJI!
zbmWUf@&eUU-!NS5VDM?Md*&;FX_Q7|-}Sc4<Gd{+V0B!By`mgofDJ^_GSBX<8+$~p
zB|zhJF4%cBxL|d`U(hb}UIS7kK)}znZ(p^&nB+eu5}1zb{y{>$^~i_HhEy7N#S60j
z?Pk%0`;QOw0m<dUJ|os*pQ@e3WZ`2Xnebuw+s&Hp_|F>ky@;^+yZ^12On*!yL3RI&
z`?6sw=dGV$^45(tdt2sp^0t_{)p2P;MfSBY+s1(-I|gP?i@}(Dooo%ew@Yn0TrJ4H
zH6V%c2<I~gP`<0<?+DBFqc)KKKETR5rQ|jpsrp!Mmg_g#Zc%gnD&tXSQrdWPa9{1|
zuHkys76Xp3dQ~yt=mTKMxo8c&ZP-2Zw&BGX@K+8%{ZT^Y?rP(=4U5-+v^ELfHstyk
zzis&P8ju!@FChz`6-jUg(qu<5(xmPKe6O$z^BJfd8IAGc8tt8(k>0woBfRw!^1TgH
z?OtUB=DjW$TSD@m6-kW}UjP2Tt8sr5nv{S8z;b*|D0gep8eQ&Ie5_oV7%SW2F|PcZ
zqVVez1$q2M#lIn5Fv{0bV=*J!HEs>sAR2F+F{k)`>xDGY+dx+=weh@fJ(Zg%HqgEX
zB-aCoubwY3dreBn^k+r#D#KgY8^xCtM?g{dxW6GyQ&)uN7v*#c<$|fP^Uo~5=mtw$
zF4(jukmdtdgCtI3@-r9b?*4xz<g}vjx331tWdc7pzJx4eXX4g1=wD1%6rT3AwX*!2
zZ6V#4(~S8!Yge;;mUBuVsOh)fOuzNOId5JK5~XGHtV7<$8JxFas>xeF!R)OY+sWH9
zFUH$4f?KUD>i%W3+2m_5bG~}^7Gq%_i<9bua&v~7!&>%<)hW~1_hq3$)xZA?&nXWk
zfeilye_ko#tmc|K!s<yh%rJYq{}W|#T%*<5|9JQvAwB+Wso;3elv3+T1xHOr_&D}&
zag6;9R_C}A9gJaRV_3ma(<6M0vhQ(>luK6U{$TVmf)*Tu!c)^He2i&l*?p&rR_C0b
zqK{G82giWE;Hb%sSj%}F<Esl+=eXMFV?aL~L+A&NnjsNmG~gKhf44d>$kE4WlmFEq
z(Xqt-;Hb%u7^^FX^!e55ypYIUcC5$PSi%5s)Z7(5)`D(0)|_9g&i=N`kL6@z!Ax+}
zkO*84!m-x=*Xq2GclohKv9T)YSd${)x);aVf8OdGH~#Wt<+8EL?&Vbfef?;V*0Oz&
zzU<rS^NQnX4!$T`n2&d|X-xfPNIukD*)Oq1%Csu1OO!kSq~Mngc^5)^h^o#C#(`sP
z0t_r*b6lg%aZXX^A9N>3bJ({8_N{v@n}6kqw)qQBh0pIgh4T+dusFAwGHNR`kZ)?@
z>Hp(u1?~S`@c)(Rs5_UeV)cI-!}r$c_mm76pr5m#He$`S;MZ*Iff#CIt+fKnpXnXT
zY;G@b#0?bWnp5Cc>w~IrTYMad$FyAA4ZR@nzgV<upRWRGtqBI|aqa##d|vTeTx(ST
zaebgaNVXI0ab0NzM+y%E93T??cr_n}##7h+VR($B`X|)a0E_b_Q(Uc!14p$fzk>QK
z3#{8Rx-k0eScQ9*ZY4!+ce+(^bO(`CnM@UwmgRSVq}>bGayONp=r>Y-awv!-m?X5@
z3tF)%dfZmLDtdhR(khUGJ&ohb=T=3JFK4fc9z#C5Dthes;Hv27_ET1YRBoQ6+LkVt
zQk=ax+#_G$LOD|wbzj{wZ<M!g>_~6@gc06`srlZ<8Fp{;tdGjEK1Yi0?p4VD_T!35
zkE#t;r$)n^<KaAEJB~b&b0J0LZyWOqYktT7d%Cdy|Hi&|!8IIxnel&JIRDe{FPUKW
zX?|M<g?IFwAg$2iqhE213;ebWeV+wqv3|(4t3VoeRvAd?eUkA?8e0qZC9Y-K3f)@H
zhSt(V*K!v8ZSQjaHwE7*j0Z=(In(!N=Kpn~bDUGc<Rm9TK5ezEZqpW&lmF&|R9V|z
zPBeP{?`4ou2E%}-KqLdS^Z6R%wRXRRYd!NaNC#Nks$$)mE<~*90>U!zY>M+Gb84-4
z8#vnD<@*m?<88Rc|8QV&#|v`7+u(O63Np_LazA!1ShgrMM_fD?HV4FW>Kv&*;2f2=
zhvqnU8s~t!aSj)IE90e?K@!s0TlofeQ+zLjRISyo`VPmip9DwMLQv1X{(T2XwtvF_
zy_|Pe6kdft0R9b$;rZhS4;ahRs+Z9hzN$a+V|FLFg?`($5~RvH2pHwNEuy@8H&p0#
zbj^Day6rvi7pk>@thJ&EWnlCPTt}q|b#wJT)XnaF7@trbrty&91Oa8NNj)o|y35Me
z_-!o4l-XV2xA*seqcBmBEir-|1EJr|d%*G3HA2|Fx4%U()NA*>jCppS=7z8T@s%J2
ze};e&&PLGnkA;f*p4@7c&vm?!vok^#c7mVU#b7q#Am<qJwM+Z|m-zo+Hyr!@l}s-j
z3D*nsd;e@a)2w<aG+%Wfe7?#6+PRNbs^@uo#RK4oCU?m%gY;6Y>9;-y@NNBxEAft^
z?GVb$g889&$`6Il)06_T=MeboJL}@zqfDMy&g)V3|EkZyq2;^jX;R07+?)XI;Hq5-
zl9rd#ID%VU!wYiiG*EFp|Kk+(&cvJ}DbBi{Ab$hk5328cFnKpYU{x2e&^}$t1ockJ
z(hpLc!@2lc?iz4>Z;GpZG?&AgUR|xrGP&?vfUjd=bu>Ho;Yzf-RdcM)nrz(HP-&19
zL4zcu!D(}*?}_U{5~kzXr=A8P9TRP4K#Q$+uS7fQiLj$VVETm1ss#=lvN_Y&lp@G~
z0<d^if~0-3D~hT+3Ri+8`~~yGjC9LdO6L?oE=&;QnJH)=SLn`=Z>0a$zZ04y$b;D#
za$y3<u@HLi=jaM{ZafDZIVv0}we~6C$XTS%zsRa}se9&WzHaO;=kS#v!Q&Xq>(6B?
z0ngwyxUS;Bk;(czyb{mYwQsvkA(+RQz_Em#doM8|%mZ{VH)IOPr(8;H_sQUJFND<v
zok5;70#;K#+VG3we^Lp(m$H_vi}tg(Dh|;M7RozIZJeV#(Yoxf3f@PnUcu^?{E9VK
zD4%b5K_pq5O9-XY1a^0*aG$X~n|2!Q*-a}!>VH}pn5n&Q+7s)Bt2w-JVA0##@|tjd
z^VBeTb)mhz`WBFcbJ6W>%1V%^k5LFBv7~Oxn85C@Ex1P~?-6#?!|dqA*HQkSdKGP5
zFfC;3miSQKg~4d+j&XQzx!#=Wv#@g(xC5k#Er{oLSAgV+k8T6ctq9q`bK99N`3E?@
zS%|t|!FZib4usnu2!Q`3Q>rR2g=~x^J8=x^XE&Nte97!ycO!!@g~9p)^PSeO0I4#T
zQ}6#9*^a6eAQfnK{uKt_7vPw@2;sBeAA--lHyl23FSCzSPkOK~%1DYYfzAKS3Xoiv
zP)3aAFIxc;)t{RFJ-P|US@0$}HeDlB%;#Xwf`j>Tn69F>HWO>JsyS-=jQ#zkD=3eo
z)&|Ysh#W&60Ttz6gvRlFL3Iu9i|d4N@SBiFj;rwSwLu<af%*Vks=9BY+W!5__U}ji
zt;J;&ra4v!ycPqN26Lt_1w@hwB56(#WCg$y7bnOyd%>^X8R;s>DV!khVEU-f3Xq@~
zqVm)II)0kD3US5#8ysITe&R-k=v7l0E@Qz;YR8eEG<<hitLG<+%1;&pezI_=-%Tq(
zvNd2niIH61sN<)Z%NTs$gTul2scN9k?pKB2Q|m@mfnPDDw)t8$D^r|`DXtc@|F6LR
ziyZoJ-sK>jGxI+69zEAENa<zrYBA#BJKf~jB_hdTd3)~V*jH`OZ_Ci1aZY1roUO}2
zQcN)WQs-?M>Rx0&9WLJq!K&uTzXSf^=G0mjgU!7p#W~y@R~uyUuiK6PcX4QUUtG@a
zqEa|#=-|A^O}<$ol2%sBw4en0UF5fAG?=q|MmGGP%V|6WvuO;xxbv0_E!X&r+2Z@b
z%=^}lRP*l#o?V79bc!x^R#HITLfmA+Qjz@1p^p*QMUV?$L4Hi>8lFf0)mCcvGu1nC
zk#X_9<(PkS)6M8}X@2MD%Rmx-gn*Gu?pzL1q%4*P!sVIDi6@}>-aO)zORc?RPN%U4
z%3djxz0z>MTYVd3givw62?F1D3i;C`Hi3ior@nS-gs=VJMsPfRO?d4zI>yCK#(L$c
z<#<l;Yrk-Rd(|?KT>pZAQA|H$IrF=&kMO%zgx0RsA6>!hU<$Q^slI#rffQWPkQW3P
zsLD6{y`UdR;%5zcf(ZuP2_jj<Vk*3|m*)G?obLONIn#I6oZ@?91W2}Ll!4Qifu!ey
zQ-5+3zC<KXFy5PXHI98tKagxELvx-^!r%MSIZrj@37Ifp28iSb=4-Ujb)Sf?vvQU*
zoyA#d%c?`Vs;pZ`z6uV9>jL30>H?~(+Uia|!D26<x{CKD>U32SySs668A!ITQ9l{Q
zeKE_Keqyj_dWlQc>7{of^wK*>ljj~qn@};6>XKAdFDa(9+DeZ8O>fgni<X7-k`SSn
z=0EKw2bYV)#DRtO?MNTdwdnOxS$sI}#2pIpjvB)s0>A3daNu~!oL1{m|E4n?l<E8P
zGWH%Ng=v-!rsv&+Um=oz0a$21P4^hlGO(;;-SgE5kSY&^VtW0aoux_Psb4u|a|toB
z9b1=y)K;g>oaw8ewlYO`c6ejx>@f8>_=Dsc^&IKBWgv-P8=oCMy9}f`$5BW8-oyCZ
zPt?tu_o7G+?<gUg04&s}j!VM%Eu0{y-h%#jid~Q|d<p*Gy*R&<^8Z)iHO5`+-sXg5
zAUTd<EOo3$c+FgG-7ekymtGXfsof>ydA4U`uS->B@1C1L3Vsoi$*K$Z`yDrd<T>7u
zSD6h1N<bv7t?1K#wG?R`OafWB0q=}xc~W{EaA~ecwzx{jEV|wUc6nhU-ch?@nXc~O
zHL-Hg8Y_D~!}H{cvckuGfOUK=5%1j=d=CE8?9QqBCU_rq{&!D`diGXFd1(dWZQxS0
zPeyR@&x<5$dI=c~V9{{%%?lzKy0wHf^aPpm$1S>V8(tL2l=2eNm#*VTXdR79b?eB8
zm4n@4<;tVDj$37guYQNEBjSza!cW520oSwl6YmJEqk9Ri!`#6-o}DL>Eptl<uY>i{
z3nDqZ4cB2|_sb}K8q68KCbQK??QkK7K4qlMJ<jI3pxzV4_O992sQ0aUzMRZ*$FkJB
z=7Zi*He{*!5^277W00RU7!FcC^OmT04(dJ+;p+`OzIw#U!RupX*ZYXCmIj3{@H2cx
zy#E#VK{&oV-B^C)&=9`LUO;>uToN5$2j_|8@Czm6?<_X$z7%6q=ofmU%&6al=S9-|
zP>Gs9roMyJ6Y~`5??WFhAwM#?=(?1>;XVY%GaBog=S6aORtfP@+?)*IW`-U&ePZR{
zO|f$DFyiLp28Azto#7_pt?=^0;kdb&B*+ajMtD6udmpWT2uBN^LL5EW0giZ4B=g@Z
zAq&~waoJa>3r5@slI>7Kp6xmq@EVAu9|xAYvmyBN^zi4#%E3Xgva15&FQ@SDWbjA4
zOPf<+41Z+`ga1Yy{7)kM!#bj|D3UGJC4?{<moH&&H}~wA#+Rrpi6vwt>sQM9*(P_~
z@8Eoq99~*N2C;t2S-;9&m*=UhM@mSJ0Z&bNq=bxZRd@jL*u6_Ys^k!l+8vp>OYnZL
zk-hnG2}l%w2S+Ob{kZ&mk<4FMLI$@g`~@Cl8;B&2j-A8C=J7t?bOyiC*q^bnFYtow
zzgG#k8Wq0o_Ye;pSfb;BA+d6BSgZ`M<M{f#9*xF>8Wg@<Vtf(t#%7Msm@jNGtp0CS
zh%c)CjC}EyJ33!nS|F0cCrikuOjdhn^zC~YI*B5ga-@X3%lcVZKS=GkAI103g(YMU
z>leF(=>{RXZpfp37MGA6tdHzwduMlbJl8k#MKWc130c<~&P(+7Ez3*D;TDCj`Fm=}
z*SRj_>m1((elY>@cl#2MM31qrGjs_^bGD(cbI@k&>x^0wiU|#AK;c<gLLO@ky=j*g
ziSHLglC`#kOlLTFi{U`sPahQ>56`|Jk}XmRaj^T1-QPgHm3jk6w#^NB*#NW4K_s11
zw`I^6@bAsxxT5lZN-QC>Tf%>*^4+|&ggn-w@O7;rUT<>ics)N>4&D(fdp1Vr^_7<t
zzTgGM>k;o8S8s^I>%X?5e-oqgZ|*=^wUk8X^(i@Sl2;;<WQM~TZgy^w5stqw+EBg!
z_Y%^nRpAQ`>3C&eh*zFo3w~Q;vO51hH%K<gm{<0?K}uPRymCVnUOD6r=an$OW`Rhy
z94jHg7KQ(`Bzn7V7Kmi%Hznk2miv4o;}zRwWOD=6v5%IJqY<>Gzi)Z8g#1c*BZals
zovl%SYX0I9LgjQ1?K{rojl4fV^~IJWC8Vqc>vt!+S?<>|wkH=O$oy<U&RdS>jaCrX
zG-To%pZc>N?iR&SBrANKHNTDL9?<jLU9ocT-dI^&8lC4lT~he+nT+Qm-|=2z%yYqi
zBhS_Rc1=jX<|5CzI^emi@ow_$Qjt8xXz@u2<GHTUc`k3ENVfc|gv?-l-YG#HDcl{>
zkzwr@iR5r?37N#&?`7>P@5T1|wuc)^2)|e)_qHf}^^Oofr{0eI%-aR|*@fWu{DA!2
zS^^R*()bzUtRUlODr*-OAU{8sZOqTHjGx2yK$H@)VX;VVpzvl2auI`99Mc}&EwOHr
zS0s||tnKq9?EQnkDgk}F`CZ*)Ly<^$%71$NU+pH}6p196{yw$+xiID3QwvK7wM$$C
z-&1}*wYY@jHY<FCInzh|j+;x+?`UfC4KjU`8T>}E`$sCh(|l{EDFMCgOehk`mN+;0
zv034%&yhj#Y{K^i5ZAnK6kDs&p30sQkf^@CWKLK2-kyF$32cdXlV^)WVnm0(m9(eB
zr_Bmq7ax+N<s~{fBC&FCe5?#l8OzZf^$PDE%Va1fB7bX6dl?cwX7clmPJYr*epVGn
zm!DIM+~nX2k^HS0dAqTg)x)W8jVeDw`?|@qB_i3-tnlT_jdk|LC&4d%iabv7?D>na
z&K_9;(%M<b<L`Ad=J7Ed>EeYV$vRs?<}mm_DMnrF8XjH#rwn$JXWb%sgu-8}gMY9N
z{+ZwxKSKCZDNjCT48Mi)=3@x|%TeIJw#0bPdT3n<`DT$wMljen7qj{~!*p*~>t&Gb
z|L3vxFBfBNL|1-zd$ldwgTJ8}<$7^3NS=P}<$p??n^0Nl&e}a+jIyTgSKnpOp2<LJ
zb97%SkJ`u2OGpxf^I=948XI2DKF)uvgmBI6?c?FcN=QzV!q@c($<tfKI(eEDD+eEl
zl|9pq<*Dc*`e(M8SeLNy$TiMvh^rN*f<xPXRPR?+UDI~v7k9rP7d#NmJ56<HG1}7_
zGx!P~z`fJTr&67#c|k7C0!eh?yyy6~JkQX+Cojlbit$__HVThO#U1;wSu5OR!b*`G
zYEt;>o0wj>Ho~?}Zm$=D<){~O4u<ps*MNMzv?#h>XfAP+ODjaOwFzlhSA=@Ob5(S?
zYIeHG!KETu-K6j}k45q2oZzo~9p@ij43ce<v0M!+1}SAC%2ma+#yGpPIJ#aq+}}-j
zw@98~@PAOm-mDrK9saBtZgOy$NL&>DhmG~Z)8oKjxf9_}DhA1QzcKuY#UPDyApA?B
zz|R*O>xENxH{q9v<aP%8ItII#Z>$%Fvi<j4nox$9Fj@(BL}}0V#;<Eq_-l%cVVEMi
z$%Yjo$!bD557R?UC1k>4k)$?-`vRw!FOW#_H#v%3xCi`|n-PES6@lcr*BF2A7J;;O
z4B~Ha6#RW$6rKL_r@6`hBkteBqpGgPaeSRQxy&TwKFK8Ek_3DufqH|Gh!;2s7K4}4
zZUz|?$b@SGB6pB$&Ljd!XswZh)JtUoS~G+8Q)Nb)xB3!9Yw*$*QM9(T6SQ_PR*fWK
zPDpZo&pvCP%q1t_`#!(t`Thl&z0cljuf6u#YpuO5^Y)44KfQ{jZl3;L9+(9l`$2@|
zncX0Xck9FQ^lp$g+=Z}Y3<Jw^!{G6mHFad(&qeZ1@9_NcV2wy#Yu`&w^-?(~&8;`i
z!CI00{oB22?d?9svqRy?drh%^M&+w{K^ctl>Atu+a^wngFSwzOe7sjA&#7~pb?4r3
zdmZ_>P9#tDhVS=l<~m~8Ba+9jF#f28b;PnyBtKWjx9E<4+p0QZ`MF4HdKHUpcldkW
zj&z)3Yp-Hi{RsL;<#Nb>%NkQ{9Np6bkn92!-unnhnobjGXYQK8HI@KaZ`ln}&qee<
zJ2@pi?Cr@P9qtQ4b$?$p&gFkBRrTps?Z1zu+Lor4^{W0Qzoh@4)$0JT()Mo4q3mep
zC-UkeOqPxg6ziV<-T3bG1@kG!xF@swb3WTmZUw2;0EHt%;{DT^k9ZfK=I-G~y8VAH
zan(IK;N9AVd}7}tcz08{?Y-glo-NfP`MY;7nLzjIk)e0ZrD~D%{b4T|+lzKOO~0hy
zje2!2iSG@M4_nIS@=a8{af5N|sJ|?HBxv8JZAvXj&YQ5-mG&NW+mXGbTUIQAh_*|+
zM6%$ez2sXtoYod()scC7L~==1EFHBVi8rzO;yvcUIH|ImhOtR681PE6VxeuN3~pF3
z;QghnSU#x*$$lftBh(cfEB{9QvFr;5yvNvBH?Xl<9~kidHUi#J*$D5uvSK+w;k};a
zkN7SG-s^{%<ADM1mu!v<ZI1f~yzR1Ld6B|<omT%pI9Brv#Y_9gvHpX$oCgNHqax02
z-{?AWaF0lylNHOaYSo-Dxc;w0)_*6C*Harl9);uPUd7T-3zDyZ)yMxT<h%RuJAds^
zIDQvFLuXl^+zO;sdTusST#X0M)$Dnr9^Ff}MBx0jF}SXWWW}<$7Np#38GQc=!dF*`
z@U=$3C)x(QGcJe2ca-%JR|ny{rxv8vapCYq+K@(lu$RoHuvtLXWY{e`MY7<)Ua}>C
zFl)a(b6_u7A5bhs6rXu4&+|V+_H{GDD@DL-pF80748n`&u3Ce47v|l|qh~7zVGTP=
z%sz09tXMKBJ>{_d|9fy=<1cXD%^~yVS_ix<`oeLvn6<;>h@*tToH5vbzt(<G<40h=
zTmw?>sNr!)b-HK%wU-P8g7->Td#y-bySSHh2Na9H1|(;8aI7$TxQO~yM?kSq8UCi)
zpbT$3d}Uqawx6TC{aHY<{J91sdnP--AB619bBLqsLU3ficffm1|L}G^I_8d_*OC7T
zgyS(;+q-6cJQ}t3m#{qv!0f643CzRe@wUlzWO~11IYe=krjMfqOx8Rc0ngVpY~MWk
z@O;7A?Z<=g?5+VxNEsfUK6@Q`x?izuuK~%ItPjs9CNJ#@u=rMjdQ0Bj_zwJV4M-0$
zTYKHlu&v}SY+J|L2Jfz&A{q7MUa}yBj<N&DS6gc$&i}*#Z+u9<Qr7R)h<^4T4R|Mq
z^m~N$doiM)aNU4+Q%Jv4A^-m_<o_FFR{!p9Tub{5T+6f?kWPfWS6tJ};%{bQzot^`
zS6BnmKSKH)XZ@PXuwO+9_M1=x(m+VRotGJY?_~HDuwQNsNZDF_znKib)3Gh92Bd41
z;27)sSp3tEu^%@L`z6(Y^nezhd<Pr<c5E}&fV4;(e+C=>Hf-Z+Kw8JznoAk{w_;nb
z1Eh^VAeUwr&#6925D?^t==r!gQ0!OZ83j2f8rGfUz)JUPbvA7avlXavqB9nK9V<&v
z-fM~n>on%K@`jLVqu&xbZgHSk^)G8Tt2xlr`@9%^Vl;nBp%^@qU&dM&m5XP}_RzXw
z#jM_bM!Idv&EfU-Lw)Uhv0$Cfr+4HU!CJX8e2kK*IL1fjblcoph99Ff3CDnBux5tT
zrYQodL*TjISi|ZHOvQD#^I-M&mb4h7A;sUzwZKkc|0xGZzNzSkrruNkFx%SsY&WG<
zwT{44{g}ap^t|_?&E`Cx;WkiybW5OEFZPh)mcq5rfVHoGQUel&JukrG<o>OX?;eJ4
z&5!ulO{umVE^RR8rC<`;b=s$aRr5~?%}vnDXSgF_xuFImZxMJY&gL$G#wWhtdDaAA
zmSUjMABR4sn6ChJhI3<~QOtruDvQrLBDkh=X&syatcMK7j=K!3UOktwFO%vUA$bGE
zekClfgzHzV$u%H-sVElu?MeV^bE0|Q_X^daz^#Yls2Z$2p3e5QlSBLsI1qm&-!c6C
zBZ$AcNkROn_39>pN48*oQ`Ikjd}>(SkSQPkb`*nkutr%(O^+Tv+Z_qlXO19TpDc#P
zd=QC04dk;%@SZ-5de~jpq^fa1CykU&jU5w;Sq+AStbN(sV9srIj;XQGI0)Z322U(l
z%i_`RwImU&WlNxORxLE%#tCv{98qYlS3Nww;sD7T5yP6xfpsGn9;esN{M>%y04a*q
zX+PosscS&-hSLV-we-b7VfgQ(m=F6XcQ-%MEnZTl%wc&S?X1o~Ye4Zn#DSUOq~Ut7
z8k4g2y~g;XE1TIVqY&<NdNz|lhROP8aEAk=-XuZY+fnN%4B2jxM;}YyO_UC@-F@*O
z)8E9KFpm=b%^#1xm|`J#e<6b8<iHylqwMHWtgk4FMcacs16a$F1lg1ajfb?j(KO`e
zD@2f5Cqv<45u|U}U82=4p8SkRKDO19>nOiXfKJ&W$P-!4Sbr*hUq<PN2f1lRis~OW
zhUIpncmDooL~?v(y_$bb`|TJVb5%W|IHtHBrRB)C2=c2uc*g>m+ql4SHBKWb)t1W%
zvMUMioUiUr#@xlx&^e2%f66}|TqW#2y;TH>&avSckrXej*UitK<3JxsZO-B1t?Awk
zmkT}7F?=1WSO-W?rHAh~myUCT1El8x%vnqh)9{@3v`FUtxSl+#(>D2OksO~{PY&v|
z9eY|Nm+q}6k1<_;t%z?Aa9Z((_B;EuNG!AK$sPdn=8&A{?~BZCmLSNLi(_Q_@)+5E
z4dyB>8Bi?w51V!Kmgip+UfVhMZRVc^se^gT9VKYPJ6DZ+LgBdhv`7yAw4N-baNHGy
z<7g-xD`RB)Lou>558=3RK(Y8YFgPOehE?W;!vSxx{ONru!TjmBBOIO(IOaSfk}V7B
zNvRG_H&7U7)stI?Y5RCqJz2@>ahpX}Lq7uFY0rpc9;qi2f;IaGbq&q_L&q+@tDev?
z?TTWdJU)x%Vhra=tiDVv6skEK`E0k-F#Vj!W6a|32b8c}t$D2G%`$eD)x2TVtlr@J
z;c%+wWKliwU6Z2LcU>YRGrvxYn(L?a6}2utnE_zlPz{m~Sp5F?DXNWc<TW6P7AUk<
zgGA46SS^q?#X5Ze^XZ&r^NVKiP+ph5PLQXh<GC|~__%iVN=_=)*a56Prs0b69?FC0
z+CTkF@z8nVST48Mt6BYFGs+lg>je3j8P8r88&|C{(xzBT2NX+b$Qq1a;~Ksi2U4pU
z3ddEm{7DgfAdT@9dVkZohl_VLi69MEx4|F|pM&9Y_3*hHx+uJS##QtGQTRSyUQg(L
z9#>G$y^y5y=9MJK|EvZHszDM)pzhrE1)i1s8*%TezQBL0dFY(L)jj1;6J-BHaOGtn
zk3GK&@uBfhI_Jlg^`vn?u|)b1zgf-X*Y=dKd!iy0?}<O}3i9iZSJbQcrT5_zXBBVL
zfMPkf3#3*fv%ky<v1k1q^ZgfAvp9nziq|)wSl-#C=F~&`5()PAe}?_@S^w4}innI~
zYdVaIIG2_=^@N_^?E{J>GxR*qsV5Ic(&l~G_kIQYhMucSi*P;V14G-2%dySIbmr!d
z5kI?kft1^=6pFh*dXkM9dRM9YySSbdg^cMA`Tyww#iG<ko#|UM!qvMX!4)V^boI<j
za&^s4cJ*&harMuLYP`tv?rz@T?hVn&k}S+uip8=QolCJDGGv6u?|qaq7!z}uH>)u*
z6t2sBh8oL9={3C?B>QLRC!$BsLN$xOruX{$IG&>gtUGF<(bq%of^7GfyFjuZ4;1G_
z!Mb(>Sba0NMk<%BE&|E-8Wj2#Lu304uCaVM>h||i8aV;pV{bsAk^{2FTeCxOuGQeA
zXL$Q=&U@ns)E)EInr&sQMnUr*P~KAI!f_xw>EAsF>-qOnRGq427f8O>1I3pum}|TJ
zAv5N|rZjmH^I#9=(l{B+4^s6GuC@InShpq#a?2_3JRC3R)s9tl4?UTqa~IZ;z07C2
zMMKV{=XYUk4d)5)%m?sfB|%tRnQ;j;rq3@7RIxbkDg)NCPMcp4sAP2sj-3Dxyq2uq
zk0<HcPQVn5=?<?&(7Fqx$!~=7Ho*keP&h?Xcuu}n6Ii>a;Jw|vex~dU(UE({gIw}I
zEdSRtX4{;TSIGYr3s(O)j76vVc5_4cSll03KC`FIwzRj0A4ez%jw2R;wfU*=aq`|_
z@H}O<O@8+ZdBAQDjw9R-Ry~@dJfd%$ApayDWASTtffS0XlRcPwV8^cTcT0!*dzyRm
zE|6Ykx&Joo0!f=s)3@^~gLGSWI!L!_J>b*ena{!R@<z^(2Wj)22-<uHJk8s}*Wb?8
zZ+gsZyYT*CZr;WVX&}@4Lz~w(J|q_7U96kt8woPJ8>IIOucX+h?ym07aj;e;3G(Sz
z!Lu=>7DtaxzHL3apS%lmZd0CPPlS|z?_}>-Uhv!p;CUhuYdTy=6J*o;$$_dENcn1{
zAji!wQ1cqisx;dsaDseSG&D}&KwfFcnPi$jVeky>r?@$SX8`CKcn79XomtCm5PA*<
zc7n9w-H2S2)5Fh!eLB7)(lb;FB604-cYk}EevIekogh{78EOtL)&AyAu~qZN4nh0d
zg@3nRi}={HlhwGf$i<=a()MZttm}<ElpVVFZEpwnUOmfigQvMBeD5pTa4wf<wz=L7
z?!C50YJ8Y2eDCYpaPP%7@X-C&;`2>Mkk{qC57w=Tg8bJ%foD@(IIj!kQ+hagbtm$=
zi+s9j)9P+Yv5AS0Qn?ePRyAG<+?3}{9RYIht<aKh$J+h%5qs~lh3|cXw)d>APT@P?
zq4%I~KkmOs$A1_74JZw0HPp0vu)B7G^tbo)^~L&~;b)nS*Yk9WO<R*=Cza(!4$?*T
zPLP~!XzSFY`%RQC3>h8vOuDb>9l4pfN5&^pR9m3ag5w(4d2kx#u=i}c1+0e*u<l~)
zq3p~2D0dE@(czl_R-<O8c>?!I{1N6Fq5SGWR;&HKok5;+@*MIU#~neQ<NqMYbJQ61
z4_ID3A$T9woek$X;#u%CKORnZB`g=EZ?)Oh`bl`b7d3A0@f4dciP2xk{Fqma-PI#O
z&ix2HY8<J?e;&oPReTE8K0d=u`A^l~|8M*!ZD)}GbnzMP9)6U{hu+$Ob&=o`@LV`j
z;<5sG%n2YHE3m#yC?5)|A!Epylpb;ir+oq*Up3O7ZwE;BPw)=zN(-+QL+RwR9Ux8q
ztG=#qVMq8Kqrw0A4)k%OdL*U09Xl95`beK2eY^wtkuM9Z)qHw~GYj{qY&Y_u+$<b-
z=?;B9<jX`pMCooipP}~8*Y>4`(cHC^=Ca(kv3PKQ4UT=$awt1=EXQB*o_u8oNL03^
z=b(%B34y!ak9VeP2S|6YJM%X?g7nLsV)T1`h^+TrkbbCM>imw;?}QL}t~27!>;zBq
z;c)sr*@?K3ZD!kFy9f0`mB*>{yCX&QYpl3Ff_Hu&yf?+~DeYzq(ynPMlZ!8bb#sy+
z-zOv8hT6riMzhOzgx{IjJCH{R-Qjm;*8hS|=X8U|xf1ELXa`7Qw<arw)992PAZ_T;
zr%_=T8ogzZMzd8KJ-eOxHGZ#8qu1|1y|QI3rJKwSNJUz0O~E*HF$Kr{!*=#Qn;1@`
zLQ0TE%lS;Tzh=Kay&CcF%%?P(?Y@`gBT0#Xy}cD_Gkyn1Q3F^Luy4g3u5oH?d-@Ps
zuJ||hSGHq5A?<wR{aaDrK6;Wsu4cKLPHhK?@?(1pHzeniW>fgjc97)pLNK4$5`>%k
zGgy0gvs=>g{$!g6>xj4gD!h((>#xA0-3O-SDT6+?-Fzm?tCQ(=ZU;%|L0g<29Pe%i
zshPo0P|oiDgJAuAs?eg&pBkLs|5R{(dhUErv2&-S+30zEX$(lh(;@jF2JrV6#(-qM
z7$_F9F$cww8fZklaHQ&+^#z~l{@1NS%a?qbJ7F?Nz9)lv;zx^-22O1QNq7pplb;UP
z6PFqF_lx@$_iKO1eo<OE`Hf<wGCsXCd&dj%dn%r?-1kvD0q&QceaNvLByF!Q%uN~0
zSJRaQvbI-ry&8{dI~wFs^enU<1rO!Rkiuv^naPJXCNCx<%@1s2`Cq;cgwZ@CgY|>~
z*5!jpqN3}v5r3J?w=K;*ZZb%%E-36`c%wAGhv9DHHjr}N;GKLFbLzFnhUgzJhQleo
z2%fGSkTrgmPUu?G2j8pe39h~50$8(|%_a0L=psMT9myXiZ3ihpC4LY;*s&NItrvHm
zrSe%cfcabuG)iNkF*6n#DW1#t%zZ0=Be=@B^p27!u+q62qQI)!>N)eiEG}FY)yu=0
zu^l9+7WO~5jop>`;8AU|2|=6e`SF7Mx%Q6ahQhG3ei>;eYCA}uD2j!`uoA#pmz1&3
zrzjRVBBr+c;tW?$k}$~MdbWW?_Xj3}gnN<h9>?|~WgAGM2fQ1+K|0p-&R1fQmb)Wp
zx#T;9$F~inYWDV1@&%r)zl;XS*AbHM;dA``ozWoW{wGk}ItFvFjAJ&}XDBUnV4f|#
z_m#J|fz%tqm+Gf6S?q6MJ)q@d`FD`co8JwmpRRb2o$pdw&+HJH?BOp#8iy?8@2#0g
z7c;i8d#yd3)@l2pA+$cqeV$KOY5mPfAURKm)B3v=h~Jj2Ai+D}O?ww<-SJ%z*2?$7
zVYR;pp01HWT6f)&681J*a4WO>`~$3-o$+e4zGWM}Ptkqds=dup9$^A+6?>aqS)8K2
z%{okAJ;WP3zWN-jSa)UAkQ|NA#6sgBd`0Z+88L5QjtM%sG_Y1KfySy@XiVn>xrhtT
zPZTP5=-u6SZv*M~5q9rf4y@a_@Hen_Mjz9+X>YTc?%OD>Xm7KFXDi(u7%#}@`Ak*!
zJ9SfvjpAEKVsEvB{W8@2L!Yx60KI&MJHV&ATYHo#TbN&zrnf;r@xB)WW{RtZPr;g>
zG-{ug57%^EO30h-NO$vAl<RwQKyK|G=KXIQ%Ly4P$l2?#hM~Z-x3F%kbxQyCbz!a|
z?QbCf-n^|K_2vk&`evIJ{$_i!Td}^VC>CvR@?yYR$=+<A)bbi%i?-t4he2wcz!i2s
zjN|=B^WVwGv(gnQOEdZ7pIbqis^xQd6VLjeM}gG(ryvi=W51tfzuS$N^JOfvH7nJ;
z%gpL!DQO`4lLXlx4|4uB4a9#pv>a>}36)=RqVUa_{-5G=6?-?%&kKJKX#ZKV`W}$W
z-piB+co!Yl%<gE*iy|?uXduR6+KXQlNq!~HO=+Ny4|zWxor3Sjqw!titIDLI@5i&T
z?dZcGDI+mfOB?&rQIXWyaqNGy{FD`cK>RpHfh2s5Jn{t)$*28_Mb93n#DlEapv$(^
zt79F1RwSlaFkh{IWgY8(NF)ydnA_e@(~aTy$PXT80?Ow<*$R^Im44jBy<0(=d;#Mo
z+LHC-Chpq`($(Pd*CJe74vC};z`X3?tAAtMhu>T}B&zSL6o;oC21&KI-=TP~I_G};
z{-9G-^Y2_0*T2C27N<yZuFzk_^8tour%1Z^k?y7#_72M-zZtZj`4D$oldrtqvd3_|
zd2GB#V=!;n-iKK%^z`A^OW~<|0>A&*DUzKr_!eyjk#N0=MXu&uv|l>=PRswRok#jj
z<x}`QJ$rZZYW_0vy{zSIMf<+(VHRUuqId&oAk%Yg3aND;30K?GL73>clXx(DCIw^v
zS{??enZ4sTuaA+Pn`30>C(NI(SFzAJ+P9!?)B0EN{BP#7@L+D<fV6MEE+Y2!lZYHj
z(^&nmzT{wh-R*cbUfDAIzSaGj(Wg@+xiKs+)-!n4_l(5+SE0EhKI_BxK&^(M@Gz4{
z?pC~ki2YIdW)8?(nndD%0q6M(#ox3b{;ERp*AOE+AB~aWEaLASS+O*)V(X9a$7nkn
zzJB3mw*Ib=^-sa|ufM|jn>*PVcwQvF=&PTvx@zoSd`KkcqQUIBE4Y@T(6u}jBRijs
zk#qlyYjMenCBSF6^Ov#pMEG_1BXWCDd9sJkbhl1s{vH1buB+sFT-R+^Sl2w4NSbeG
zAns`7IltM0Z)dGVcm{RPUlTjOO(OYqG@jjGZDD7(2=`ZSK9$cMVZ5<PB#%ae`Pigj
zjlA!+gy3acjO^SMBMWUo+b5Mhs4VcDtXOtz0m(NKWMK-M?+WLo?nphE4p^g=_AO)e
zj?yB|it+7W&9*>1*1qeZxW0+yPdlGHSaYvp9OCw0n?a&;Q{FP%{AEY#RUR8^6B4!{
zf1$dXo#8AIz#L$8+4N)yinB6zJ^49@{XW_ZlJExd3T^(#xtm=<d{f>s!hrkrBR0Qy
z^YHtX|64}$O(Gc=9nQ~ohwfEPjO^SKBe(ufaIbn)KV^`AFDsUmEg-cP<2<2j)7GWt
zk7*J~^KXNEneNp&w$8SD^m&`{_25~c`$gvz**VDnDCB%+;9hOpjQQa8aI3*k`P+I@
z$OZ3|7i7gEr-4l27|HmQh9~2(AbvEMpXcyCc~VAut3l1(%emj&jOPP%@L<+*WHpJT
z%@f4I1wO-lfZ-sO(Z<zit<oC~(_`%WyC|)Az@s;>w)XJ3v)!9HwBIysMxG$97|Ih=
z+2bvC7abN!brhKE93gU8NFI^mm%(E{nWXN;*A$*t!sRe6k4VR6kS4#3vc&R4eL1Xa
z^H83q@|X7+Z#p89o_LTqMd2FOZbm;V`?7G^Lgi;?7|xD}WOh_IZ>R0~AJ&t%4Pd^w
zDSS?K?S97RpBIUs_iYD*=XsIb9HlQe`P{hHiHYIk=YPXwy5~hw5QY4C+GdtR;kw{D
zhVbVuc2_?yk||Mm-fv{|*ZL#HD_@B}_b|EeHzK(<3V9~&e{5QiPw&|ra`qpOk)2P(
z$j;}%qsA$5!FMV-UXbbiMEBeKTC$Du(m68PN=9r({+&CK!BZX7TZZuO5SUcjOcLZz
zAqZRBL`H8BcfY?Wq;7NwEOUR4uxR-t+l~eKdQ%tD=bBAFfUoz|lVX<tR+DpLHlvO#
z<m0;Z<Qz5c*>6PR?+rO`NrL=b$XM4gc{KE`>)0k1!^*}^1~AK4xG(4&W&Oc9YFPg}
zH-Th-^2#!1b6+^lcQKvh*-c1CqE%l;r!+M01(Em@8_351=4&_U%O14f$1jM)nBG9%
zA4dP6eJ;Hqk}^vJc@y-{4oG-*79{A;Q`{_)vg`)pVemi1;BTEXJp5alMbbRFfxN(M
zCBRQV*V+gk%GZq`e$YK$P-|C6F_5CQ`}r()>tpD5>Id+cIQ6}#(=?b%*yw(H6G-AN
zVgG0ih7ujyscMHq+bMA2wo^wR+9|x7Kx$X>A%>rsgUuqTWOfG4?m+j>#MVaFxPc3Q
zH)>-1^dfI^AKHX9uC>0ma^W_fCT8QIeI?fSB5!tM{^M|4v4hpNZrFsiuzhn%U3z_b
zc$3?q_Q`NxfbhE4S`Ox|n?O2d$9)cky#&CzeiPPv?>B(?GH-S_-<zhJJ0X2Hc*I}e
z*}iuZNWva{8^ArAK$^T8=X!gD{@pY83N&4LlJV@rBIyXB>oA&b7D;|V136~Ur)hf)
z&i}%Q;5>u$>=H@-kHYu(H3Q!9LwJpj{8;C%CnbG~Wl)~c;k(TtGQ?VD+jefm`_q{e
zer`hVor5ls)J<w22bqkye<RZgk`!<674DqlE|C}u8%VtYc{=TT?5^N_^VP<X`{r<r
z?EFoPoVyLrTBu({Z#?7g^~m2V1Bzw+M!aWQ6BI9%<9e^6D^OVK3LD5=2*T19NY$;)
z?cW@{U$nV5?M}AIs$6e&gNfZQV#xi%<e!f>=-)4)aFi7`kjVgMO^>z)P!{bS=3epN
zjC4W2)#S${tQ}2$90=B=q4b`+k@+aZ<KED_r1uJUN!hL8V}CoKSZIIG29RLQm30vM
zP4g`cgZEI!fMTI%wd_Xyv$|<DcyiYwo)&Ke$@!4}S*_Rz(*D(WR{kEZe^ys+9R93c
zqW7Z-;kq0T@>d+*5&znNbgRC%6b^q+Tyl%Ve@_GX8wchGHw-_|mZKsu&S@ZLxZ&@)
zgGWVDHn)Maal_cwR^U1h$Lr7YG5y}wKz`5G;9+a<O}+yBM@3S1e*-zn;Ogcx-I4Ni
za~qQbj)<g=8!F%WKV-7z5s`=-$`@DTLsX`y>#rv{ELYE!`VQL9lW?D?Y(Z&g{s7W*
z?FNvXESD8MmznDXIdd`ITiGnmLG?+<P^_MSVrd=~q`7oPa~UOq+*1J_aRJiYTN^;i
zT@s$-u$9r=n;Sq%Ta0@#eHfa1{|dBl&@Ga(J8><PzV2oE*|75X>r8(*ERrsZAkUzC
zpmXo%U(-Mg>`Yz_r*#o$IcDJM`;dPxenV-Vej~HmOXD_x<hwtJfAcy){_p|B|ELiB
zmyA`cNmQ4<!dm@N46fgZBvyyk+CHf#8lM_g_M~UBw1M=%(C_R1%5=5oMDmeNd*wgs
zNsP|#`JXWx%5x%l8^F9}JxIA6czSctm#K~<tMM{pEFk&jLE*gh`0k`f8#6cH`}K<x
z+57cKLEdmb^5Tm1X#b_-LI!x#EKnG_z8-eRaNnm6`eIe4h5KUJ)4+2n#Am8%b~3&(
zr+{^1k{}nRfM;`jcum8ry<=u=z*rl~f8$LEYp4&Ca|Bo~^BL|g-r~MEB3xz^xNzTh
zkprt1Z*bWn$baL&o5pNo%KGs0baDXw*W~pm<7wXv7kl{a`r+%&`qvL1m)O33_&B3a
z*AE|`bawslb!XpOKYX3rw<w%Bf;?PI)azGR$E)kLxTl}Fx@P~>)iZClD^UIuSMQ2@
zU43iraVfP?jaYxy>^{1l-T}BT8!jqdW5{_{MuJTF4?W}l4S4Q8eo-VmJJ)Z;;Xc!E
z_jfAZPE`)HxW}w#_sZ8;&w_rFzaGEui3geTsB9J=7<LD~D3az?jPF?lIb|4qPP_?u
ztKWpSx<MI&e*aMLdwNd9RY~gGXl-pG#^&8Ew4CQH?!P{Vv3dS@K}O$Hqx<P^6z^85
zGwHlx<}bl<y?u&BNdoyonofLJnjq72{qQ=FpqRynO-8vczZ&PSnvCzKCk!k;EQ!U3
zEyLgMUk8#Zb2AuJ8_zPvR{+OAIKPjI#0+4L^tZWXJ^J%i-k2QrE}U0^YyUADQ(H^V
zNRacFGCc9=Zm}=?-BrC)&exNf5&2P`S;ul4WnTHMF&@BNybg0<UG;sowqDH}bESUG
zk20R@6iI&o-#&8Ifh69*^4C0*8jMxDLI3T;zGA?8H_J;>c`f28F9&g+xelc3SZ=B{
zY>mEU1K#QKP`tFAXL`?bBDq&VSo+q21X}*8Uj<>QyiOk$VcCGUlFc`V&F5S?;9bJr
zb^L2Vvj2$XFM1+myqhpL&rJ4>HXbY+@HWVbMSHvWWGzVIZKzj(6#TwzLQog+srG6?
z%^O7Z5aX%=?_X4y(%jdt11a=vBX{M1_cX&@-6+IeNjl>0^jeTE$fzs+_gav0XX3oV
zV<B*l58|PR2R9wtzGc9h(~CGrW%JQC=jH)#7R&dNpM`U^r{G+_T?^9uh<sa@*0Nk;
zvxm~85x{(a!gS40I#loa_v*>6-taxH`<mV3&x_=v0mZU=El55)uE|*+vZh6JFVftf
zuLbFQEk8{f!do!{;jLK<(v6q(Y1`5)lIF|?V(C*X^!HVC&rc6vd~gcN3Tf#ewWdMg
zJ!?U_qbGdbEo|Ms?fPfY1Yo|8u6?xr8B}Gd)_U?;2z-OEQT=v81NrW<V)^k}RX4`<
zJ3`i9kLy3O7Noma&Yb3Ww*Dwwf9YC~Y9n%M?PG9@`}N`e7{HuQ;m#T!?lvRihrbcY
z(|!8*J$_Uq&G$8sodbwp?e~K(ip03OfovHF+Qx>{^S3mMq;kwqTiG3#am?ZLkY@JH
z7UsuuT|`c^yBH4O(C~Zr?=>L#QisO@)e+ieHjqnwS6>I^`DG6@kOD?)k#B2t4+QTQ
z3NLpVV|ycY2)ds9u??hC%iDB0N!{-k)_`PBgu=sXK$^kgg6TZ;o}u@PdVel$AUCo$
zz5CTz-aztMJa46p<K}&jcjoWbU=FM+`FpfqLSCY*3FnQ@;sNjbm#+M6D$95EUBtI=
z^MH5YD&I~GAkS=H1Jcm}9Ott&7*|huTJBE=y#Hc(znZ_tbyalWy0)zW=~K4mwoYtw
ze1&Zr)_|0%48OP4EZ3FsJN)jXAHQ3+=E}AVdUoDt-{yaV-?o2=-`=+dq@_yu9%ZS%
z+H4P(HINhiiluAz|G4_MbFTgw(5UHjrl!)VRRBfCw*)yq3cQrwpQLmVC&)ekPjws&
zsgX5;^1N);o;|cZinfno?PG?v_pJem>gHS%l@HV0{o6}iU9;b4&V`(FY8>bqkXkP*
zs*b*v!g5(D)cR2Qw`bn#uCCdftAD$})nCirqmu<0qM=b(15$1@`t7%6;BU9CVX<OS
z;IV^9q%|OkQK;9p#R)RA=Qo--kc}U5F0&bRKj++38>JD~nnB&=jH>5Ep&xLardM#_
z)$**qwFYa@RRYDO*?n>i){gJrUh3+aUE=DQcS>Eu#Yqm50brgy*+C2d<_(h_L{ATS
zc@0QXM7|%6L;c0Q1|+r4Cg8sPW(`PZ3mwG%W}<5AI8wl5XFkonI8G#Shn0hB4FpB8
zMB=cEH@GkIoLkK&VnmxiJrj1r^m9&t!btd?*@7%Wun#E86z7=m-|Pd*6abM#ej7=L
zbUrnI+^0#ljd9^|K6-xY53WJ_+n9azz7=bb7B`Lw?;BY^-3e-adlE`#WDQ7>zbP~L
zGrcQ}u0XlT)iW>7)ipcb)xUj&tDol^13c%x$nueueVAmU`cHH1$N+o+YkakamwajB
z?Nf|`d?Fh<#~Q)w$Ofx9Nszn7fef)FFZpU8xvjl+_ie^;g6uB_*#gU-rTWvsD2#2$
ziGr6YUHs%B%n#w4D9DdRA<xp<?tBQOT-tVnAlFA>u5PVOcnBmh7QFJ3nXXV=(6b(i
zx3o1NZM=_jZC+$>g~km~yhrvmt^sLlc6cm5#d&1Efrk*E503%)w*cn4RIv8&26ujH
zqN?xI10=^)ZMwO@6t^#zqr4!)9azoQK<RjGs%`8D$}=+De}4%5Cxv7@i-8z8GlHI{
zYzO%zfO$@~gZzS?t853^2VmClOuzknHTpcLe*X^!$9$WPIUZyo9&2-C#=@Bx`t3hU
zTwUc+F52hAkZ&ti1;710{dOYAU;+>QE|cneY#)s|g6y9RvT>xU=g1J>db=-4yq)fM
zC|s|zv3*Icx6{2pkqDiw0M-+!&?$0YJ&^&Of&r{qEC*o4;^6$hqVwMXGUah}eidKk
z!S=^!`(%&>KBRp`u)U797lZ8MSbHpVPW)Q2I{t<EPo6uDJmoykHL5t|)7=k8gCv*&
z#a-ohxb9OFOIoIbG=oU!KFqN=NF9iT%0&A!9HbIN)&6!i-9f0H%LACx(j6opM55{=
z$CFflWq%sT#@{2~It?PZFphIodhzf2V+g~Aap2<EZ#!0llm=i<XZEu?FW!xQ*8UFF
zsXyjiWyhEv|1yr@KMJl3Jjf?s!QWS|25It02XX!`QOyZ-N=X>xorjGg`GZqA2q305
z*FJ#p_1+{~0Vl}QIb#Rq$Nk&yadpkU+toAgE?1y@maBI~nM;|$tM;0i4}r8l(?KpM
zilu-130FT4jmGBEscl?tvGG^Iy5_)giThtpvKft_-b=<@-c^u*cT@lNlPV8V`ODEH
zoAKAU=BB(<n?W06K=Jl4KX>Q<OR|N&p{e|<mOInCf^!AR4X&PfysK+=l&gPxw5xvx
z*QoM-vmmco4N_|s-jB{iL0+{Qd5n+^9%rf`uV7~~Hyb>yAd=SAAVD^s!{+RW`}94|
zmGO6jt2y$X9Yy8sh~IKqzJ+^IZTVDRd8u@2Wpr*)GqZ;p)tu<*gL*mb`($&H4WhwQ
zZOH2IMT0dLMDh%UCl@?{V7!r<&mwIEJ!fXs5BToYAm!#_oI<Fbj-I#ByS6C`tg$R^
z<4>!@>&u?x@g8nl4bn)KckkZStY&pC|53}4B%5%V`4>KmbotJMAmxsO!nYm-DJ(ZY
zwjk$lSsm>FR*Eb7e+T{l82o>(5#t*#@>%XcD!y47kK7>xAB@X&u-Lfb1*x`6Dd1tX
zgc|*n$Ad`jWBkRL3?7QpFx<0vb7N7eE$sI+2#Xubvfx-VR)Zv_pqyp#ajsB1bB1})
z?i`jYVAty5ZJ%3KW6kgW?LT&P&A!9cGjE0~P+sclT~XpvYB}{B702Vc{q8$tUuZmX
zDz3Z7nrbUD59TRQVWF^QYJ4?y_;r_EKXl!pccj?@vH&89Uak57sq4=0aW1+iY91CT
z$#zOnEY7XSU&eiwpx$XG7dgmb5XsR)%0Vj6zpW@13zhB59V80CJhvR>zXRnC-C9mJ
ztw#H}mXoOkL^53NzH8NUYIa+q!FwIOw`K=@I+Is}gn29l*?1&Mh8Ln_dlKGrn-#^<
z!ii+cS_h$bOFkf;&9fr>trLUxAo`vCKP>-UT~e?<>1kYl#)BZWuW^vWoJhL(4EGoS
zGo9nWItS6KadqiIDx+t(hqIf1`yfcI58>D|&LVE9UVfg>a$6a0>DsMdE8Z1~V#!<X
zAO=n(xvQBhd<MUn71DQ}qF6p!?jTv5NJ8g4*{4`PR}{;|p9K9BS|1Fl@8gb=eZP&8
zeKE*Cma;wV-sB+J6n{N<XQoBquPi2L$5ZpSbuj$xN*eSbaGXGR|F{aIrcDlVp2Pcb
zjw8wTKAUIm76*~p@B76hTPQ7X-znCe=oj!o$r1;714ME{Q7k7{fh1nU`Eol`f;s3r
z(Kea$AoBFq&lK-IMX`8SfdqZbe)es!zp)qXM`;hT9Dx5)ynm+p?kPAEs!ve<t-`lG
z$u=F*)LIo)+mdWiDYJSV99XXbkaDAj%IljR9MrXtXERyn^k$R~DE_PLct=w?Ag>%{
z$8D=XYOi*X)^fbh$Gw63J=P$S_nuV_QhcDUiMoh#3RIrLi4Jm6Q7nP-*IYgGI9Jzf
zgR6f#@9IB=F`N50A^feQz}m(1qkN+vSB?hH6N%yZ30@ro9;c3cEIbI(t5jEs!}zvS
zqrv(_YWTMqIrMJJa6iL^%j|Pjfs}hAc=gWvga<)7p25aVfX*3o+>G#XpBRJV?ui)p
z_EjJ`uhSpbOvg=R<EB98sZn5kB0B<JHtyPpamQ15C+d$ounMH(schVI=$t{v9TNfX
zXz)07^pS5@f%Iw|`!)+YkI-+&hJV{bztzz@eDvEf?AvH~8AgLOXEb!iCxEqxgU3$p
zDwQ>Pqj_{t-l!ZClsD{ShSKUgt3aaPYW?d*2m7o3>Z4JfYci+W+O#~;qY-af?oI~(
z847>vDDa>zpW!~X3M3WY(TIQP+VFQ>^BBC#F#kZ3`VQQb0oLP*g1jXIJim_<<k0&+
zR5#PJGaOt+@83)}=D;+&r*L?_^?3EqS5bX5Q#aS$?o}Xd&I*51r7~40J(O^oOqK55
zx=KI)<c3w@d;rhx3|H6eQdiHs5?7%7%|Th%KNtBYSAu8%@s%Lea3a~?+CW+X%mCsC
zudh_|1+$uqW_6wZl|$Fq-ma)?q~~sgqFCrSXImQx)mN!(c~obdb2{TV*f=GtKr*p$
zCcn`@o&hjZIpRs3ao*G!hdYns+^`Cy1UAl`Qw^j6z)WSEy*lH(q6ZHfXY?wNQrI{f
z-fSQb1DHh+$tIm~oO<wlj^o6y0x6x1v;VCIvK+wd1d%M!8Rt=*ahe!B@=COq(s3^S
zv4L0t%v5HWe7b@BjL`_apS}PbBTWAOTCpx+x=!1V84cWqG?20qBsxyoI}K`l5FKav
zN|1c*iucPZkgC)-?{s$sgRS+v;(deS<X!a3qcnK`N{}pyV$sgzpH_lI`y6|>LCtYX
zb)WHUy*-2L&2W>IXm1RqYs7zso6;f0|Ni$HR2_K3pBl(;J_xU{`I2bAHyTuVasR0X
zRbD*yW&;Tw-wt4<IE-SjA7N)eEWrEmNWCUArMZp2#`|!h&b{sD!EK5X<bsz<r<!;u
z0+XQH)pCr`2^?5+qM(!B-;gD=MBb&w|C&(%TTMgmSf3$q+{YWke*a4qh12N%6M*D2
zpsx83ML8HM19Sa~)fbCre+}KcSV4{)TRs1U%mzOWWv9ohR6En-k$od=p545`-NS5l
z^h_qM1j){9yJ2_Ti16HP>B%5hUMsjX-ZZ5|kh=}wu@~U{KccYmL;V^lzn{1gq>l^{
zx%BvOKbj^UtW=Ifzpe1Md{-6P0z<#g8&Ir90CQOtNOl9(G6`#^c;wCQF)Q_b+A>#a
zx>vZJRy|h}262nI#;ZW`>)MZ*?U>1ZZPzBLH7&KA5GB_p*<Pdj!b72I3rG=KT!ze|
zD#$NBmMF-Srq#M)(Sn?tgLwRut|vN(M~XwbH}v<7QCKe^5@uEZuL8-*BTa?fnRFjn
z4!kY{czh#qo>n@Kx?hynqz&f2qjR080?BF!*I7&Y(0A#bDv<uED3-4(kq1!y>~D;(
zXye>og}mT9`g<ivcGmA}jc?^J{AMD4Kd;0Z1*f(4F|6H!?SHET={t6AHQcN3I4_k>
zy#P=YYVV=A89bXe335IU9%BiW3os8CJ$FX7U#CZ*3}GKotj^k;03GkN0o1x87qU_I
zHYEshvkBqwzW^@PS0xGg%Tp@cV1A(zq+A}~o%6HUd!P}&d9f0tR3^{Q$_UEybezMn
zI8Gjjq`49#k%PkK+VVhTtcA0-Jn$f%?+-%PM}H6f8;pZ;;Gpd*^xXkQ2(q`5`EUUG
zC577gg#?7BwjAw%d8H0=K2{_xPb&u_`-Y91EXaqhFs>MnG<RwNj?0xfh`}h5BUc;O
zEXeg&7}se+oru4m*)8vNkg-OQ{6c43$Q+6r7&Y`ag*Tk(UBSBo<x#GldC{(}*)gvE
z?Xj-@Q(WUkKFWQG<y59;pWc6Jo!lgl+m}G&`6JNyc`Y<5D?n<Ehr+=3JI_8j78(yG
zTK1U$%>Fb%ZeCds2<=Pnt&1x_65^nc$_nikLH0+1=K`PU{)#uc@8SfxoZ~uj2Ndgs
zRaJq4JZN00DBc2gUsaiMi_{z;yv3aZT!&x)EB(LGD98mymhTn7O6kxJfnpJ03WcS2
z1xR8Hc*}k%1ll<8(0S=NbPUQ{DXg=2^Scz@GG34?dlfIeX9snL=-eX3VD31{v3flm
zvq4(~`QkWmH5ripDKG!$3OpZb?xu0jDGn&Ay-|J7wcwn&99TnPZW>Um)%08qD8<5n
zGR0@XGn+q<sJ<~><iXVrNLTbuJ-$LcAF2J@?{sy|p6TkD_hVO}{0>*|iWx42Hw@mJ
z`F)AOnCHF(m3}%YZ{fK!k-G3j#@mfnL2l!|E3Sk<QRQz-r{)`ORCz?3jAJ<rcy2;v
zb%o~|Us?g?_6QlC{{Gwwl+SOd1PP+ht`_QZ@t+mQKlS9Jm6afEq<3iy^1lKOVX5j)
zRCx=<efwox*ZLJ&{vEta_N)lE<x(9b5;o1(GV=F(D#1)~6p9~}2Tv8`3jm(6(Sm#!
zz@vRfzY!qkoN0<6o1(x|kRZsXdGKg9k_+D@s=W7P6j<q=Pv@XBe{TJ!IrP4X0c%w(
zc=9uamg&*(GS!{@yzyPC$5L8uPXfAs?pZ6Sd<0%2h>znMjqb7P+hq`jM;Y&}`Z_U;
z_vZDZY*?^D<Ez1MR2;-|E+5ai9V?jcQf!H9PM@Okpa*bXU4LjpC2cEl`C|q7Lwf(k
zgFM{?FH`!SZbCV-Aa_PV{#K*g7ca<X6~$r%@q;spV$pu5Yo%>(DvISI&$%fa(^h~)
zX-Tc66)(uIYjwK5NL2l=`j>;$Dl3IwFK7OhpCfJhlPHYAbvN}OuY5yCp1Bwz%T)Rj
z!(^HEe<s@MSD-9YIVj5{tFp|75Lw0?Ey%5(B&g@|1<D7ROvo|$g3dvIKWotV`B3@m
zLy}?}jB_)9M>vP$?WcT_(~q5bd<97R`xWn-%hf&})n`lz_vZ?o%e(^VqVjKur@Rjl
zFRjZ#>eSH@G~W?bZuk^wH`jo;ne{jPTj0TJo+8LnG<fO~1-UF5JS7l#^?VFWsY%rQ
zK7#T&Js;%&>-?5O*%$acx3PbgyGnfrfzEvH&{IZ^+egPW@L;V<6y(WUD+37t<{$FS
zVh*g8iN<|t34?z7AvT2wU4`e|uPj&hO4S22oc&|@P~UiN0Ojhk6(IdbQ7rAT_-4?|
z;eM)lq9Jg+Jywu8;P$<t)uH<{;`z?yAc+8lrOQF0eg2!-Z9io^IFkQH`s>u0(C_1=
z<skW%Kx6w1Xgog-8Vi?)+fM9@q4BkBknHDU8yAfV_ho74OI+t;1^Kq+AlWCCpwG@E
zZio#nX$463BGz6sv^|!#-@@8&8QQMU@u#u&X+zsD(e_f-UOKe>TiQO8wa*;d{_o}J
zQ)Fa5MHKf#_!yt&E~n%4pl{K9injq}%Ky8XKg^9KSNDf0DjDhzb4$q(e;DVq@ZVbd
zl_}2B@ZWOjZ!^Px6Z?LkFU^f5>bd;zM51luB<`yIF;6bXecf1e^}dfT$35P7%hmhV
zvi;sT?dp9WW_!P}^y+<AGdkEfllx!$^DJ7f<IhuTI1?z3arMlLb#=`)y85@9T>Uc)
zjhEQotGbRik@@nB3Y_3a1qzLVJa#O255+)dNhw$_CJOQ~9@~`aD3|K{XMr$Y^Xg)h
zZ|7uzWY2@b6TMtZF{>5YWeB(JI(hC)`#7%gJkK@WxeTQCTT0YeHZ?zUZjiV5azM__
z9g3rCmZLABlV1?f!{MmqAW>L-;{{zDo9XxCLH3Q)Zy&K7>!P1{%An@DefY&hHQ#gP
zi;1>FhRhCU9M&1M$FY2nN9pgT4xb5a#QT?l<hw3V+-ictP#ifYl?*x8oy$NvHi?sc
zJl9BZa+v4N7?$C^Uhz}B8&%u;*dSh1+oJ_!aV&V~xr`k1@5?|sUc||CkA_?0*=4xK
z;c)csGQ`nvI6k!uaU5!Qr)N5{U&}I(em|3w;R{&fyo>91d=JSe$7iVd0y48fnh9X0
z`1Dy0Ws5z^6s_h!ffMgq9|u+o2jBUZmxjG<)3uv`>Cb?2*{_#@MEf-taq?&;4=<zp
zkpr@QBHC^BWVv51Lz+tC;JeDjGp;&M?J|&PKRQo7)#;xyv|QvZZVmSO0|<M?m_ggu
zur#oi(LhBFG%k)qf2BQH>^)n<?JYyUTTF3F@1oFt(}wo5(SFl7`DaTJ56%(bX)Z01
zLv0TZmgnJK6<30s0U~jha%!yNaPeiO%fjt#?c)%aw=Dx{6bI%W-r)9_z(e^6mmB0G
zbbYrh1&IKd?_J7jR{qjK&gF{aEZehV4Axv9`l74#=kG|dO<D?)Jq-$>1!el$zm8Dp
zsp)`&l;(+~{-AQu_c=7SpF+Lc9RpHs2G)<=@?R;o&^IH!H6^h1>(P7+qY>Xo{q}*S
zm}ipeuX^o0wB3Sd>U``SuI!~$_p`Xa98fH;ULz9kX$N_V*|)!667<7sDoPpjV>`DL
zBqu*AU{6Q;AH>3$oG9p=cvi8tpTK;VcQ{anro04w+05>@E-MG^*@5C?{DQ!v11Kxs
zzZBm#DKBaLhvFS>-EB)*yg#dtlzVfE?Jr9}f)P;I`XcVbjQ4RLDxP<cv13Itp6<gD
zwhx~}V_6JHzPLcKg@eENpS}7yKDrbn+K-;E;qZBw;d8kCcuL!kVb=BdQnsJ5ceoDo
z3j(h$0qMN~#d5&uAm{Q#awCA*d%!{N%M;010CV$=c%P+nf}CLzR9ma1M365ffJa=5
zIA2EhCsDJtW(?+rqId1mr63(h08clalTUYlc3C+{VH@KA%izkmMkG^CI!HQzdG3=A
zvN=yA8toVX%$uHfkfO2ZYxt4NLGBwX5^XKDONOUoD?MAo;EbNf;qX0kDM-SvalcQ!
zJ|a2jqmto1`h*&{nEK&oiudw>V!3aeNV<<Z$d`&@>54<1*t`byg1SH8w-Z1l{<EB`
zay9B>^{W!Xd>7jv#NTgS0uop6AoeG5?$2BB`^C8;`30M|xpsl-w^+X>G0blf<4tF|
zx@MQTdgk5f3Y5=uDYdM=-co!Q(Dtce3BEm0z5^H01~zdC))v(E!`td0FDr_rX|IF)
zUDL}eaa|P^2=9a?AazCfLN*)1eIb3!7t;7&DXK4|YOktFv>9*Y&@Zx(lZ`iXvhg-f
zHVT|<yn~YqvWEIe8W$%H`bk!Nl04`qncE-qle8~SwCUMChuS>BZMH)r#b-MYYX0n!
zJjBU`#UP0W@NVLvu$vcJd^|M1ZUO0B45WAmlqn|+u&xY5VvIhNZR8-;$YsRCPGNt_
z5{yL%wbf}hI>&W2Wbp)%z%JbPaYu1qGoMfnQkt(EjIl+zM|($0ro3ziepBnhZyYz)
zki!#1VtOL{jZM4X4=zF5&u5BaDVbVB7Ect(d8*T1Uqfmph~%HTIuf|kZbp4$?t(;H
zwIRKu)ewH44_EWZ!RFn%1n<ZL^qywlY%qXl@D0!aR;uUM#i8xS7ZR7*%7xb}i(J#<
zC0Ji0QfIPnMBE&4B5qDDsU>5lisX$0%0Wt(p*oeezOuQAYW<;;99Y%b6h?$+FwYwY
z9#KaIDOm#2{#!U5yF*Y1X<dsp%5l#yp7BsEd1I<bo;@(scCXZOXY_n`sjf=ls!0KF
z=v)VGLHO^RooG8@$mnS2z#56mTr=8TBjFcKV5R#)zjK<vO6jdG3eP3?O|nh%dnro^
z`n{-mU{k=80pbUtaBKomt%dB3fyN%*;yz@sbcj)4ZBB$UXtObO#2LW4W!t7es0{MN
zfD-2Gh&GoDcgJG1xv2T)$`Wnk>3Pth>-NQ{E2Q6<XbYvqFguO`toh6~I(KGxKRTuw
zXUoQQ8p8d91s<$V@Zik@F#mBeNE*JHda(Y^+!;g18+=FP!D?ah+;Ily+|oofzfl-`
z?EUt)i$NOB_w$9t`fs~Ui}n3#HJ{pU-r)A}2KTcSAgOZFH;PrM=3J^RX$hz`7<dpr
z_(cUs{v<)RM?s-#Lw%`qs()a-DmVJ4GW+UWq+>O=`BePBQ~^>th#&luy^BUKW_9eo
zRlFs8Yl-1jyq`;U)RM)wh{Qf0?}$^icozO4p}%Gr?~oPiX+^QL`4yEGFHAvu_JyA%
z4EhCf#W;>nQ7lx)kJRtOc=<Tw<p-uCFW+1d!pq}@7T-8%eC!ACa*9Lb<-z+@yGz@j
zsU?SR6NxZ~$p<@dea}l*=H<VZm4nWo;Wy*9GyZU>mYly$Bu_~Cy!@KQL0;a}TuTn$
zj=a3&*;?|(ZCBvsw;`|SzV83V%VQV~9+>t6czMGAj+cL1q0h@(XW>52SkLacwnvCz
zwn%16I=q~%&ws5BFHeZz<vM!epDIAwKkdrAJa;DEEvHs9z3c2F<nU~fOqBlrz{{s0
z{5`o5ygWgNmrv8-<<s<edDDsiZ+ZE{6+vD;H+y(q{!j(-NN?s3<K^9!|2r?AQvs5O
zFO8RXn|~NDzk|Wqoi;o#zqMj`US3$C&&#i`_+h+!qW#LeJlj4zFRzPdygZ-j8a&93
zc;u^j_HbVQxIM_rxvw7~=YNX4oNIrCl>SsC&g+qHEt!jFVdeg-^YZ#w#>=ls7>xC5
zG6s41kQioqb_?+A3Op26_Lj8dM8mog4y+r`$EtiiF9Rf%zZL}fYpVeY>kL9mjtSN|
z*t?!DI?={6+JTsGognnw`tlJUM}ER|`u<1A8$T0CEPxqU+o^jQuZG=ZED_1X{c8N!
z2gCVyM6N|Nu(g<AT^{o*$mNEINnKxhaDBOo;w?$pO~%f_Jvo`Uo17;ifos_PT88jN
z>%euT7_qKMoExF=fQsjI_uJ{{vy6B~e&meBdP4IrC)grtp|)J)v)pujU|@VKJ@}of
zH_8b%U~y=Xwm3B|A&_9JvJagzHyR3?+1{2!gIZ@Ulz(;eY3|6gHP1eLo~WPNuO6FJ
zGe;y9BX_H~eq)YEnnv#?Viw|h$?b@1_v1+al-E(1O06PkAGe$A2QZ7-C30iAYP(b8
z*2FO-@-NC+++7-Y#IYrEeL32roM{+$cfOqI<7wcjD=G=I88x5hT(5qHvAZo}KsK5X
z?=53dmo~eTZFMX^-V>?d5kDWHp11yTkc2dtg1)T5{CITV`^rHoOx5>QjkSYRya?@U
ze#6YL_^gT)+^<cqC)+lq4SuikQ1$%$DtXY3UzrlL<I}a<Q-Xf(7yg}q_U<&WW`RgD
zLHr<>A2Z3x@M2E~j}5>RNCdg84q-7}C&;0-aKBm%jkD%Y4HU#e%6;<-0#xP-#ajWN
zGpTHTK_K)!CO-*Mtn>2&%^JSa!2_QnzFsZ|DK|s2XITdEMPdJ4IY=4lgK>CaKJ<Sm
zXL(N}@aQea9AG(@l!JPA!%O8Ljh!nJN6~Ke4yJT8)+&;cyxrs?Z*=>j+4(L&noD?m
zD9=6VSFAG_4IZZ7Ub~xo&;C~P$bk64X{$);#_uK<#&HGn**vuEf>k7K`S|-B_Itfm
zB*qE&+fP_ce2sSc7vUXY|3>lBaVgBtE&{1F5j++a(^mhZ-K5Sck_rHG&w4?ALyfu0
za4#tjiMcYw$iA2u*_VLw%^K#<(76cDh>wk5b;E8_HdiDR4*x8qfsEBcSR7XK2=KIr
z#9;VX99HEA3F_U~!-HIshWF3XMTqab>vt2EqF8>PD9E;W@EoT+C*)lrRL;@c*XiXT
zO$Cv3^A`6UMX}UR-c9o7io`#jE6C*ZW8Nl}4=*E3q%;ruv~^86NC$YtZ^EDtJ<{fr
z3}5yR#Y=hBt&2c{Xz;kE1mV$xKj{kd8OuRBA6rsT!DP7n(}>6RlSqTtF9K<|qF8bl
zf#mFF`K@kG9*ik#zNmQVe(YMrYB>H=@jj!dId6zjtMBzk9JAyEj+wOxq_aADOx=#;
zVBXoRkQ~ub;IY4kXZB4BN0h$r%&A2n?dOpPP3zIuuije(Qq%AD5V2zf>T-$rZz+i6
zrbg{P4cAjb=el_j^P}p+J@|AXNOk~E-tYF14z^z730&{V<4g};2oi1oTxZSxjUj6u
z9lqvP53YId71q2bWX;?#YyKr&^YJ|-_g@IlxL90s4Tz-cv8%87^1|>n|5{t~@!*;(
zkK>y2eur~7>6(w@nw1&cnVxwDSJ!Ob)xSN;)z4Es34Kr1GaTaovT<R!KTP#PkQ@tD
z-+pg<tROehwZ;o_<3f;H`9SgcST%pXr;N!~WdO1-33Hi*%3JO60+l^H`RuoRP<05|
zVE}ot0py1kYW@XxxVmP~aP`b9btyAYK2YB|=$QSA_ZvmAoG^fV$N+M+0q4?tPnfg_
zBnqcq+r&i}524p~%_8*wr22o~n*VkUFU#@nOCd23p=-^&19i=3UP`d#@S{3>0BZf$
zZKZLIRgagpY$b7xl~0tm+y`K`Pr|-=^MYr(EE9dqsVpO8Vjk1^bPqCFZf};ube0S6
z^rm#MW+w^qwsi1}j2C2<ceAmKhp@VidVJEqP^&SYt;PfIxu_iM9;QwwJx2k4q;9R+
za|=Q8rs?zIKQ9c{`>lEoVa|;MYk<}2HyvW@hzDy}9u%E7|JN3RWCW2sJd=|t9;=@)
zw3yO_7R0TgrJK)m7jVYAr*oE71v`cP#V;Rx>JkSY6VK!niicDA`#1;sl$_@+?za{W
zzK4gw-Lw#-g9bH*zs1N|;`4cEnZ*k&Ih<)#1;^^cQaNWBSm_zrF_V)ELDY>;uU|NP
z4%M24TJEEva&zCBKQbPX?*8#YkeqQS_v($ab|FalbpEFdErWIZ_anZYU5eFz5Ar`V
zC&=k}Sc8?yX`7AUY5h6!zdPyKH0jH=GZ%u?6^rpCC%cq`dOE=Dg&-MLi^Tfw9zyqL
zG|LIm&S$xAXY>|IQz!qUSXU{E<@5r4rv|^`rRQhygChB`bq}HUviam5RbS|OV-FcF
z?)|2PsB_crgg+q9{ruB-_O@ttANZx3(<y9k92XVqlZs+FOy_!Qk1E@RuKQODP$m-t
z$ct}T0Fo2HL)Z7=JGj1oY4Ilw$det+9((Hoka~3Ppd8>jS`)yk*{)2?KQwM%f||=?
zIv3Xg++Dp8t@06)!^L&@Er+t{@9O(RLxSxq%c1N;hK!C2mP6UqhK!C5%c1O*TwL7B
zcqq>2jB)w#P>kzHQ|qPgrErfx{ZPF>>Jn@@kkLWss5TfoTBDf%(cT1GwZYUOL?O*?
zSb%aynEl2G)?5H{U5zj`-*j_PWsNYk(sXkX)h#uf78i@Yr_-b1<yHV|L!uy;N5ji@
z0BbpIj{)nxu|i8#O6l2^V}+J`QVesZb0bz!9dsX;Uo2iLsCB?7Y~2y{{7V>Y-UT4#
z0GNON1~mR+EZ11gWv_Q~KYwZ^<QG?5E67xSUiAhvJ~)<ZEa$S<JGgyMO*g?h3eWUt
zSl13<jRRroL=dLN0GQ)I*g6q}tvvp}Wg-YI<y`!#CaOb6LuVcb)+r#WF@<zr^y0t_
zJ55i!5w3L<?n{iGDE?b}lp@WqzIFjfVvkak4r1yzSBWhwh=n4PNstRn&^SFs#ewRt
z7xzZIYCqWrkbF;7)y=C+Blg+395uGkxYgt~!S6@`XMDGy-+tD`gV)C!?;h&IYjnTz
z07yBlxg8DzSck+ZW(h5N-(4xD(b!jhwyh6sRF&(PeA|R)V)Fx9yv0yBp7>rln5!r%
zjlLEU-&oQcjBhMnFid<Sa2=Ev<bp_4c<BA=5?b=314YIcOQ-syZY)ycQ05A9nITYA
z@M7syli|i9<BMuOKM%$6^l0c@#e+4j0vgLWO3Pe_*soaW9duV7G!{fdXNjVy{!Mg_
zGQ(er)HsA_=sd~+?f1b1J2c+CwK7o6L5K6QVx@P+bk5jOp(xgP5I<1kyOt-|GBDm+
zg>~cuV5WSV@)i&=wxvl?tY2z+!m<S0bTF!XK%4snH=@HCK-gAALt`~(>JTm~)_b?E
z3N%NvwJS<dvud*}E;_+MNA4xXn)sq1Kgxlp&7{Wocg7DW)<0E1<DWS}R=9)?=uxbH
z%7aFVdkV8(Q7qr^;C{4E@%+gls6J}{<Ptg@iemkrALxHw#{94EeIQ)k{P6yv{@1Q#
zeZT9^?gz>KCCiog<<MM-FFyd1{TtT)&CqriZU3INe?PRniMIE!_MV~bPtx{Y*4{g`
zy^*%ZFu&`Vp?=r(5BxB{YwiJ%oXqd~^8M&{{qoiPuD|#Jc?iGJ$wT=4&^(0B9$~28
zb+0hg?>grH=y&}E-gjnef^FlMSI<j$E8EwN-(0=#jckuMet-48|HbxuW6#z5X0yHD
z*n9Q9NsJCQ#{BR7uHgYazw4+oeQQRzdRHX40_BOWo_R^GuGz`1{_QEQ{uxoK|Fw3n
z`)4Jf|23bj`Y?5uCD@dYqg~w}$GEybj&*f^Y;<*hY;twa1Nmm7AfF!#USlkr$ti%&
z$}*Gztam2ZF8nfHm7gy2W_JSz$rGz8Z@$YEzt7K`-4}SXnoqlHBFG)Q+5I(dcFVlk
z-N&2V0+(~Ht4NT$=7D^9k|1B61G4{mLH5rE`N9N2zHm3lJ=Y3y&z&HDHCB+nnh5e&
zGeGVbBgh@oLH;^hkiWhaWI02S<zkTgQU$qhGRPg1qg?*+ysI}+kb7?cd5h{JZgJm~
z1X61*6o%?Rlt)DFiTi$#wtY!;Nc6*QKc6(1H?1ruw@9nsZ_EwW?*|=!@n7A~<ZFYW
zh3ZCO`Lkk%>I6T(AEeDOoZNIB$9$D7?(=+_`=`nH?p1VKg6a>x{niBAAwIps84K1!
zd`5>|{dZ(XZY<VjNTGaSlp2RwNXN(nk<3j7X*!?YVdqdM`?g;>*o*mPZld?#FXw~Q
zI*RgLi>mLDWRQI0>D`jvA#h;*yk9vehxD(V50Z1F)<4VrGunR~_P6t3rSf8~`tQgN
zp8>32&j(4KD9B=FI9&HIxSUL;Ecr{4jlwsrUpZ*c2oyWHVBe7dX1ZRV<xsXDD^uR1
z_Z{HhbZmRSGDUmuEcp|T^P_&{U~5Kj&Jvb8QMHf1kA24VD+eK@PX&nNhGe#PA8;+c
z99);rgzIvea9ws2SYMqFl8_oG761yXKj2!_Z_aTozLEG%s}a8ujrfgV1gmR4NRYz5
zImfkx>9yYsrN@~2L3%iXpHaRwB>(SxkSH(fwyCkfYMd42S&{v|r~P_B?y!O6i(~zI
zhxYT&NB%<j7<?IfgM9${oB8`yUSY~l81#2MIiAXbSFWw0?US!ZnQ}a2-yon&X{CSP
z0G)0Bg*4!~Cc)PHAo7%Y4wB=l9#(UgQvO1D%2$l1X#C_qyxD!;0y5?{HMo0tgS*v+
zx|q7pe@PnjV}5Qv=JOQBf``)o!5BDmJAnDL4WvANFFCwUBsVbn@Q-G8Gc(GgAJ9I=
zy~MCyB-gUqh~w%0`xNgBHjrW!#nN81mn_~Sk}&}0lQ-`rHJgxbE5__4hc}2M6Ts|9
z+)HZKi>iOEBWo`y-5`=w`u~Z0NzF#gOOkivUUGgT=KQQk+e^-`N4m|k>?LD2V9rl&
z>|Szy1HMBx{nuVHcB4pqR@BRDm!d9v3BauJL5iDgHhk0Rih<6fv54=y|7Q5H2=apY
zYMxt9pIQeC<V(ESP3P+UzQomgG1^7PsA6L%G0+*u#xPqFY--(*IlP*?uj_1-t7{y{
zl-D~46w7dY{;LUs{8b2_?-(n{9Wy}wdd&Zixp$9`qB<MLpEHw9W;O{S$tDW{OafJt
zptV8*q!2SpxFm#&3<IIsHjB2JfYz>;dO^)3!FH2)>DJLzXx{|wYcs2{uQgG&?OQj}
zz6I$Gv|he_-*y4D2|)$9Wq@#gpEKvo-q;AXeZSw|U&+p#Ip;ag?L5zOp7R{ZI9v_J
zM+K7c(R?rt&rQ*XX7c*kn-=P4Z%#FJ`^Y8=&te9Tm<4;Qr@>M0L{RM4Q~nWBU}Al9
z^E^RJ?*de4?tk`Yj}I$Zm+oXW$nT#>^=<JhQT#ZFo<ua(b}E(Ddo9n3_7|Q@?})Ja
zBsf}zKxt%szLh!t*rwhJMaMFT90T-+=Yv7U3SUn9>)K88CbkEnZ9lf!R<pKj?3uf0
zTl7-2?Ln(;4Qo4-w%zkzv~BV8(YEheZI{xvCmG#0{f4%6#kBps)wZ7XTS)s&|22bG
zkG6f?YP*WHokH6_|2l0u_-eH6t5(}JwCx!NL;WCw_vL8Y7g$^KjA;XHPuh;WhLz$P
zdJjX&*>qZS_eSJ1@xf0DZ2JWJ!?w}6r;jbxjh`&hhpHuG=<*bO==xfHXeJoL^^!64
zNu6m|9B+_}kumIiZarwDcF7nzO=Yd_H08OCNR<oI;AqK9-mP{2-o2GP>pYXOUP6*_
z=nQQ;b1D71@ukkKhYlir=qI4pouY7=^>at*`>hS2?LYfnxo8fR>z#|~^XVQ{KHN!b
z=WaWPovo+7E1ycp{ccLg{qAA8-%SHqk=*ZEBV)brKC6k_GffwIF42XQ<T>9>pJqgI
zz6YDKB01mgn4Is>$&B-JzH7L>$5*B4W19tijOU^`88*ovew~?Hz(G0j=l0J4-~H88
zcW-PkWo@9Jqqz>@V;Ko~8nycIRZDeTLvsN)_`ULhN2xw+eab6ykEwFcWfX7x0*bfp
z&d<&Z^nZf=a4G%f#xK)vTDN)Sg^#K7_dApC;asxbI^Q1;&;F;q^7O}OUSP6ZN#QKb
zsgZayW^{G2017=HPvidE|1E3%+0)n$IiqvK02Rb$G@t({YyHX7*soqXIv28_ycSfs
znZ0}KP{#Ud<QVBm2c?-?7_7E|2jz7aTo2$laXsb#-oO&0Cnk@;l|^;<%fHE5|7Jma
zzMyrkZ1;y5^!zz%+o}=UDL3%eN7zqjbv!$H{n>XKXsp`xN%Hvb9~(ex-RYINAE<IE
zfaA~W7>qwl4rA_M*7`M*lEbL)kB71NF$&}J7l83a2IHi0V0^9tG}kV#yzmFA9Cl=w
zakTbQ${XpOwD$i*vNnS%Z{RpHul2c1&@6u5bq$S+zOoLqumc7v@}Rus916zTb2OfR
zetxS(^T9{5*57*?`z7b-TsJ^@6R2`K#!l;f>%&>=J*Tn1Cx3KqA%KUx7xKCb?!(yG
z`kYsO2Eft(j1;L`dqYFa{jh;lqvyp`qllgDQZaVkH9<1|d<6G@$1cU?r^elTmjsvB
zH&9=tt)1XL-;9lq9;Wz@-GhLMgxB)}w`1%){<>GrWAu-Ou`(9MpQRc-ucR7k_CF8f
zEC%EB2ct0lF$s+B^eBw|zxB#%f1t|a)mfg_02-uF-gtIWbRXdWpBK0rV`r^I`P%WL
z_?(F*d;FbP>ig{e+g%xv+P~XHs*jxOKr0@kvhsC|oxN4b`>Yk?`-H#KK1=>9+9yh*
zeRAtS+y5J{Tu1mM=#_8qsq#{cor(HUN~3sR^)dE`&eB-&joC~;{?aQy<5T6@j)XYu
z-)TLsx7UF-7h|XECtjKRzA9hE@*MxP4m5(_qvz=F-?88M7(0uf_sR>uugYH_HZ}Xd
z7-Q!LYe5U2V)b(?vZD8#ouKu0Yu3^IaOwZxffq4$zPA=MFj#%w@@RYE6m373wGaOf
z9w2_n{-1m0HlHe|eumDjO@(rzuUpeVS$j3pS3i%}SNoY=ocqJ9^><82uCGdeN%d9O
zvcor0ebvHvQL`uKwYGIsUmgA^xxTt@9cY7ZdF2B?Q01Z{)F$CmD6RhHr8xz}-!SJr
z1AI?rM0M4Vs_5F=wH7o<fB{E3l$$>7Ib_B{La!#S!RPC&SQ)Ne7bC+zPc?dem1?Nz
zl$U<NWVmAV^UJVn9n&-Js0{yg<a`<KNux5{hp}@!+5IBH=Z6$eJ5SqbT{4Ehe!{o!
zdgX<Wt1{_Bn4VnbcG==(E_{U5rw>GBZo>$*?=D>n+J=2z`KcswR>bblx$7hBmkv;v
zW}Kujx&Gpn+a6ctZ+YY8to10Bv$JbK>tM2FtfjJa8^+E_Ye7?4&1sk#l>zT*Dg)nH
z%VcH*54?%7bNhQ<`G&_;*>izB2fTB->HqZpBqI_>v}_tkr8Z4#1}GJin2fw0FC(qh
zl<)6o&szU-eR3HQpQSPqa?!SEHI<Q97_IMIl$@r)wNyrCj3Xm2tpzQg<=&C?dn%~=
z{D-~rsHVzS0yv(?VKBduV28}7aIASSYyIrH<S;k?h{-jZUvWK!xr4#1Eldvc!wlw=
zhm*s+B?-(8N4@gACsaAKm-5!m_w8)$aRv_XlL807hy9a5-FJ2a3^;gjjPfWzd}X2o
zeyM;~Gza>_PB6kBQ`rCesf_i7FxA{U{`pfG>r*CPciOCv=qLYQf7;9uh5|EoL+tF6
z3TUu`o^!8!B4fS8LHY5IX|8}-Pw5GQi^;T(5y~A=IZ%WO$*5fj{btSlg)~3F@==I?
zna%1vg+G-H0?P&w6dR)FTf7pjdz6nPBZZxL8LB?NW_W%Ltp`0YN^x$*E!Qfbg_kF<
zqkY9%(2mcBU<7_Nc|=7NZeVaXT|?n6xrV|`Y(5L_2@IY>5suEN0>y;WM)#Jj=Ql1m
zzef4VDhg|70<2|(KDEhVMFiHl5InXMd={QmC#8+#q_IYDg7T;W+F7S$grw2A;Dqv%
zpT>_(`r4|P=NeuLSJHDk$;SIY0j)cgJK9+Z%4j3f$(UxXDl~cISQ_1*Fy-~Tl=oXD
zGnd%BUm<qAuz2@$JLe1Mf|2W{_2B(mGR#=ZlPwwR-zC0&u4DjT{q|WN0!17Qh#akL
zC~lW@^ZuDu;^){$He`WP%?l$NUF=L%=H#xaNHSvcZz|KkH(n0<PZfG*1CEmQYHGlJ
z82jB5p#KaHfq{hln=pXlO(S!5nzaOv^HT!^x0kY9&>t$GS?`O@ec!2pZz%L$3-eyH
zB=;yk#^~csmyC{F8c%%$fl@l=dYs_#N(4#=NAr_9I50Z0B%}P^l2LPR>0qRqV^1~n
z0e`c`q~q0U4k(m=^G7xapm^I@z88bd4WOLhrv$#h?vS3ZfYy^m^M7OSh&JzRiGeEv
zfs(_%*+Ay{88GV%W}U%Ykrd{<z*7w7o=i}B8O*Jzp!5=$)4;f{27K#};QsqDb`m<5
z%>t!q!sM>+nK5LlhY0?pVO(MHRspE{rhvNdF$4~OW`{h<ugWgs^Iw(~siWY$lGahk
zbxFn@i=bb+iR#Z>1+<g7lF_p$KKI<sYAIwZp#6C<J<Ij*2=>SEhYgf>@;c-lepM#;
zeKHLOww}YzUS=~mkz`D|S~7;%xU&~Rzj^~5_rw}Hu6rRF*J<9RV~tDn^|3Xey|a+!
z`+aK!`;+AhpIrmmslpEVo~Km#6&?mQpTo|Ei5>EK1`pxalXooC-{xT8&U4s#cR`0d
z=_ysVGyXkH#)yR<!NA6I*!fO&hkOrvMqqp!VBj0)u=CWE4td^Fs!X2c{|+b3r+#M*
zU9;Ao!_HW{@bxt@cH!%(M$dnx8tMXS`<xq#Z~JO&+c#2;o<F1-J*;ifIqXba6W=-J
zmDfL^%Ja`r`*Q8CKEHjbuVMCOX4Jl1GJL*$8Oo>j<zL6J^VA5nA1(oKn09UG^N-tQ
zjVngSElD!2noGz1Xbd}FJwk1O@$B30tU2FqI6j7*y?Z7kwPj1Lj<;odUS|HI65~HU
zLHYJ}`TV};9-?^o%NTZgcO@Ugn{Y36(JOQeVRdwj{XROzSCWiz>SM3``WSW+JLZQn
z%WqGoYcj#vZ)KW~AD8#|8aDGDXRQHkbPPL-K$Rb1-%9rAw>y%2yZ?3i?Tj^`InH4x
zfkk4q#22x@1h!MqA>Z?)D!=k~Jg{vHI|V)~nnQUhwJV71A1i_Wo`rONCuPt=rSUnG
zZk9uNLI$nBgu?diL&@#Ja|!r4#dXL}J*mn>FWxs6FCTZG^vX{?LEqhx_zrvJ^-rqu
ztz*=O7?P<EaXI__KKp$w`;L6`>M5_hgZ0-K^Sr_E%I~u0Um3&Bn;1@uW<dY0RLPj+
zk&LHiK>uV=e?Zz0UN^>~XJtsAr%rhzXK~0g(x2b(ntjHdcl{r%d~gms|GJv4rPh6K
zP1PA@-O`6nV!t{a%74Y)6Wbzouk%bh=W_ulFUX*cHoEj<X_E2&K3CAJ=fvj*4)9X~
z2l;})hXQEf3@ATIeC2~QM|f`~Xa)~~*H)W3lLJF`$uKgYToCCU{X~zO=MFQWe2ASX
zHt$!f%2;o`Kfq589ONg{^OG4+zW;4Hwl0EZjq_?H#oxcL2CXOq2A<4-^3AL1Gc^<X
z!%6me?;$up35I7iXrT<62OLha&-*RLKclC?z^73#_B`QPVmBqRTQ<n!pX<9$9zS<^
zjXeI@o8>ZSk^SY0jL81-_H>%FfOk&!eOAu%`qgwE&e9Hf-qWi5i?fs;8)kOM>z`KT
zSI=T6^|hUmb8z8wYI{FDjQtH??2w;&T9y0Qcm6MR$UB}^Wu5(g_394!-KSOg-`Vd|
zvpeKTTUB}cS?nB&`0>%c-6HL~Z5aDc&FPTWZ&l?d&tm7?$`1LSt*ZPu>&H32Lw;(j
zDnEACs&P+kjxDRHZX)Ze`b#{}5VJPF@@qUm?-GyN3iqt0`=F$K=vR2)Ze|Ot+ldG6
zA!DruO%<R&wx6?O*g28#t^oa3`%`1s`N?X~?1b0$vis||PKd+}O8!XW22HD3-Sjp*
zaL+mHJa;W<p?$P{=&5M?U4NqOzslN&zKaJQI)|OFUeO`n^Rz0jK8u|V6&>=tt*X58
zY<y02&1!ZQ`dvI==_+DB9=sMbDTSV)kLWM1Lw=p<W>XKQb;zSk56(Lq)h*=NT%kk$
z*t%c)61wITJ86vU-D^R6)jA(FjlOf`(|3EX1??4#o&I#%_X}gRUF}rb4&~8yzr7Z;
z_mbq{)$W@RJyTQ{f2OD?hpnlr$3Ig<WZ61Xba*KFe$;)dK^uIqQwEvFkJ`UskDR0W
zTl<C26n%JY{Fx%}we(Dp>%q>*nW9||I^WhzI^V8qK_l;zoule~BWBJk;^(Z|>6|M*
zW6tF<bN=Z#bFLzDeyCIKsi*xN{Hi^2j_R3<n6sWR=Xz_-4@Ku(l1b;h-$v)WlFa!b
zI_G5foF$(95ny4^i=cd0KBY^TM}hr37dXHR0m9FO&x;TYZ2v*0JpDygzSp$NX`7E%
z(f85>=y!j}?kC+GBa<2QToBP0MH$hvy`o6{@eOu*ht*vB=fA^>@I&k!R$D&A{=|ES
zz(#z^Nr82?c)ef5$KO%q=4oDh((`}Uj=!e-=348l`1yBLk>~$;ZTx*#`_IxE7_VLn
z+WVO5$^L8U{aX2F@W6QM)AQGY)-#{&Z!BZ6;3qrfg)ge|#CGg2h`BrI35JI!NAbX6
zjGbS&mg?)G<9I-=q<z%X(mpn5v=7{d{eu`g2OsN{5A><BG>^99m(q5p+UR~_9;ouG
z33VBs<v_dP+VStI2+g5<`RpRv7s9H1095%vTap?nN$w&D&!&3-2XevJ#eo*iQiHFp
zGHdqGdzjMI;4fCOIdae+PE&)gGQI?k-T|LW=!Bp@pWXMKtoHvgq1DWZBJ-Rr()&8^
z5b1rLFN>{mGTUJBwd30q*L()w%q8%Ak>dE^e0${X;WnhoKWw9V;T`iFB)508(Wakl
zNY!I=70ej$k@QHNVzVCQ3^2+C$>^Q{N2eFVz+fdPvoj>)*c32|giuwuy?sHxdB=Eu
z;0TJpN4#PcXg#xG;KU4S^WMA)v`{gP51H%ia}(AR-rBK>o(marb{9Ces|8RzIydfK
zg$z)fnNUuAm}RR#lUN_SwoqLwqWJUq_6*6WL%`x(jzA8Xdl8NKB*WYAD(Z(SZ4)9j
zY=lA@_lVnDETlf?(1ZlJ&j7PPOuwRZyJ{6^?yTtipoPvaKw$oi@prERE%q)blMV;c
z*AsiNr-;=c<MRUjA5a-Q&gaJOFK2+VE+aWl{A?Ai1u*sR$!h@+*jzvDlzT3reA8Y=
z*OJ#km9yI7*Ps1YP*{Gn3bbz^dPaZiD$p8^;fkj3Qd&TT%Rn){@6ZgYtB=$Dw|*;D
zuKy+7)YZi~pgcK2GEQbgzuz7ouf0$m+0EwMoMvsw1AJ~^@(0*|EFq>_B!F_9cLwed
z&c83q#Phr9>tEx9kqta3ORZYQtK#b_6d$Gja3jOzz)H}<NAQ5_g--crY!7PvD$w$e
z<AGOR?3Diubbp_~C^Oz_`ZFCTWMi>E!nbcx901D)-n}<HdOzte?9uy4e@<y4uLRBY
zN~bJkQ(DcKMxReds{G?ts!QYc$_nW{?*!&At)g{skDbB;>t61ZPk<^PPlthTMD8=m
z3;gK-_V+l?&+RT=6@M1xcx>&HsqFr*Rb~xO$F50aZR7%ilfqB$<G(X<AO9)y{*Amq
z?n<UBi0;070?S#=3!EajodSkCpT@l2Nrk-x#=)O-%EZ3;KHD#O0#rG_w^RONq*g?3
z;PCsD{%;<^1HZ-C*{XM%_a?WqZw5e>=L9<C;+S>q_LXcua6hZxuruAXdycLE4G_)6
zs%6j2ea%#AbA7TRdF_q2R}x#D(Ptv1Piug}@g#tQ@Wzubbjr#2`L`=Ub8~DhonU8o
z?a><ESF~dP%LnnmcL5xCPmqke|AzbTOt5WYb8M2?96w!2_uQy$lNVU={`t0z>woB-
zia%Zn+TYJ%r={!3+@4#(?rA0VSW}c{ohw=GZ+4gQsZ`i&2XK@)O!+rvzw6SEUC-;J
z?GvnzZaY0UXy*Ie6z%J7($@?ydU)u!@)>9T9xL0~UHV^GWvBU!J83PdgS;bf^9R@;
z7DwkEyS_&M`Z?@;`I%0+0>E)*1*;qK-*}+)rB2g6aG#=lS;JHOUJc;b@JgpV6JzJG
zo=&+IXinYio=&+0=>5pz0F}$3Trg?}=(^ersysXc>AgQ=zn9q~wWeI`*-a}z%LQ;)
zwRv~_jPg;*%k=$5R-4!RAM|%!tv#+bFJjM?6`-wowo_J*QrK@C6C?L9P6t)~ca_S1
zq(1M@(i7_QIs#U{-pPg~`e@_gNZ#I;R)TiN_D*^DLT4>)^d3i1pl2<2AyDk2;%A<-
z4D-UCWak-UpM7NoIE2YkaEKS`;Q{IK&vTwKS>N^VV?VLUh)n-3;jHBLGtsk>hgT#&
zE1B%h$D$$1D>Szsf`ms(0D`@s%C!JN_WUR~y0?D30vy!<M~fZZTP1-0lPjoSGqeI6
z<ac-lILy1@0Qyg`|IfcShzp!xXP^Nj!>lQRU_>xl-b8ubTSJ`L53O0l?iK9dBm*IF
zPl!WZzhb(HJQI+(XBQ`QS+(XO&r*dhf|Do7S_m}9p1}Dl)~|aE4<tLYmfZJ4fej!T
z9UvLiAdWy9Sp!l6$9dj7pFrfD%)!k`h8@A4=?Lv<MBK>X6i`M@cqT>WX6}dblLEaf
z=$ZErz(5&;&2K$Rp)s{#HfP{bSL+J8Mh&z12|S(OuGnX3LKm?KM%i-$kBDGTfRl_?
zPBIoEw5J+zBafWHN?QyLH?r?*5$&@m=1#0w-;Chv^f+}f$@~c|hwmtyB_P;C*8N-A
zIk!ABKZ(*@G+N#)L~yh?uY0STgMOkzdJwfYE!qiiK0SpL3Y!{%FVX);fu$=z3yt9c
zBMFQrc|H(#ZW1J;1SF#ngpvI`t#P=UW3{+=P-6K}1?XR}!aV;!P{L?+#R@aVVe+OP
z19uZ!r(&OZ89nrvx$L5~6^+<&5eLc!j_{aZ))L_m+B0PZXaomjoF0zen>EY}ff6J{
z`tCK~C&x=79;At^=KuR}8^DA<fXqICj6Q($J^*_kfY=8h^Z}&x0i^bUn$ia<-v=t!
z2P*0V75V_wDuTnF30(^Syz=mJ^L|<b(%AVUE<+b4O1`GAg8}fAyni`p?j>NjZP4#-
z6LsNBlCNnQ7|^52|A)N$E*NSGd6%sV;P5qdf&qdmze(Qx8(k{}K)xo<p~JPR{Co2J
zMKFkN5Wwzh;_`LU{<q}$&%r3-So=1o4qsB`LGt_!Fx-edPxUpmP1d1Em488=zipk*
zOz|~wQ*?quvbNH*eh?&U%k#@Y<71w^_8{o5*=dcuo=0m(iLQHQIcRrIPw`pr+~1W9
z^8AO(LA&cfijUx1<)F{~Z}j<-r2P%HX!{rG^Y4@PuiJdx4}#uJp8uRa?<DOPrbgSp
zL7#6S?Vm}Fwtt&Ge{eZH?`5@5<cs=R&=Ps0h~@H`buT8=oAbJ5IcQejvGcttalX&2
z)~);B1PS??9tC3wfJXF%%2AlUG7c`*jDw36<KSZHIJj`dz)JAY^j9k15&}hZ!QSS-
zf&r^rbkcUta?p;S!{%Px?B%r9{+-XH`pCPhV)`Mly15B`ZZ5OW&1Lktx%56aXYX@!
zVxOB6`rKSvpPNhVb91&nH<!}q=J-B0$Mv~6)aT})FA?vjmVy==2U6J`yaGr;Asbc~
zE(T960;L0srmfTo(KEObDtz0WO6QtN=u2R0Lw)Wx=yP*wRcuViYIn9CG`C$c)N^=%
z%yIux(5!PMDv^gPB%=wzzy<{UO^DvBBd9jL1h_6#4u+7Drd#Jm{(C8CpDYFK{iWyg
z&M}@3h($|vv)&A=8C;44bG@m!x@{|seF~;sey|=i?=?gh=5=|m0fW`m*mu`BI?RGs
zV(^wA7$`>2UlIc^fz^WZPfI~NxD>Q^6L5XZTmvA$mlInYnfYEX)tmQ08|oa%c)p&-
zX~NF#f>>Ny<A;HczYAbs5TGA<Z4un;Wq5fn2EXPR@jpqyUVsYpCkR??NxP4d;1Dun
zbhDb#2WomBsP;Zk#XeAlK2X#8KqWfaHm+VK`uL%G(5S5PqdhjJliO0LPM!{i1mBnM
zC-eRy7+~t%RJ|6yFPrPvEUJ6&B=3oiwsdcssKcLB`CH`qbzn#w^qYDf3aFkJRQYD|
zZlk4V$v2s%p4~v6e<xPYW|?}nBtg%vu1~IKi9fDBy4ch^we?ZiG@nnXGoLR!?>W_9
z3+kzy5Pd_RuP~p_iD~bCbfx+1>Uyd(TOI_xC5g`LOhPls9-}iKtugy4OoWBOKDj<Y
zmonIM>p{EobuOyUrZ11`(jMe%x&e&J1YMds&b%OTj7L|F_Sz+b;MM&d$!K~oK_@;K
z)rm)!MRnrG%cxEy&qtPl7J=;#bo>vOS^6iV&)t^Z=Wet2x!c4(cbm}XZcFQPx25*E
z+iZRAwv;}18{g+{<ND%tRXlF15@fX}Ek-Y9!s^1w;1N<mse6a|hU4kQ&@!g)QefZ<
zWX|mQ&zF()%B6R6f_cC3ojeRo1#mP?kPK}h_{ejW1I5Dci_1V$QzZj1?tgw6t>;Ag
z3LzMn5Yz9E*?8pt?d1On65;a!8-U|ZyJXx6G~Z+EGSFIPS?fvc`ViGKsfoH-NTQno
z=}6#oei9fh5Y>5TDQJ$Rpos~1q&6=E#GZw^fF#2{Q8FYXbWKOXo<?wtybhqWETeqi
z^xQ(d1c4y{I1ccRz`e^rYbs#1Uy-9rM3#O&UpGn&-t%-bfp=mQ&J#;O6UaQ5B<f}^
zz)y_o<<-lGF3uhKOkFI*=wbmybn)pWpk*!vjZ4(U_b^?2PgEC^cKHeIssTJhY25|F
z{n2*Lm^MJ>C&21DQ02m6@RWS1qd-ujZIks^($jsNuqAnaabtR;Z6?L?1DWH)(RWjp
zf);zfJ;q?(E8fFFKjE>$FA>|D>jOZ20MJKtssIoSw}%#(cl>?<3{cw_M1GU@4z&si
z5VY1{D?VT!XDoG`v1%`Jti*8$-7wGXJ$oCck9VhfWS$eC{{*{VeU$li#IJ7zI7;x?
z0&sLVt-GKRcr!;<K%%`Q6Xv`uKtCW={$(9#65Go-kp@9GCyfEXSRwBm0Ra@UZoOPb
zW2bIA^xw~=_|EXTfi$8sYQT5zCeSC<fbR@11jsi%sh~{eB_k+8e?gjLY&G*mCI?=v
z18u)~NABdnO<<nKFAwttftMoB3j%Hc&7DS`PY(3f(Hta5lZ<dG^#8aHw9`BUf~nBI
zH5K|>_^Bi4ELQI4bN3A0Q8=rc7e;<(1LcV`EpK-7aCCcq_tux$e&S<w)Mven`K&E<
zW_{28DKNEbD&%#Mx&0nvCz-zk)O}<gu2HPynt9&pK0@2S%>pCDaeW~U^@TX-YX()`
z%~9G8XGzBH%fJY=QQDfnN&9@Y>a9P3zH0&)LupcQ*L2ELmjF1XfVyuo%j<m$V1VHB
z`%6H3dI@M-mVmZ>360^dtOKoun_~LG?ySbqJJYC+t*ryifvJyw2b*V29ccFg#kW)k
z+I>K4xm49zHFeIv<NfSy3nO<(Rj0twku*>QKwV^h1SWe5_!^NgGL#BRn70SW|F5Ug
zx^ZQ=dQQDKC8q`PW?lT{*^pBYs#&kFK67f$^6Y6jD@4fY9^^eQpzeZ?oZSU|cU`ik
zrIq*0M2{3K%Y>Ze=;4C&6eu6z)649T-bMQN@}RVc;AuaLm2cT#Z&nKUK0;FEf7l9g
z3OUZx%7OC8Hw$KeVguh{J~QwK8yrO#o8N2zP+l8Dp5D_~Y00#H7kWxgV>1TRl1=O0
zz2=fUZ3b3SVrr0Cb<;kNKJoq&`ec?V=kc|}tns82B9kak%+5{`Uih%qk`+hb35@+c
z9FY}A;D2gClNfwtZH--5do8<?!P9gZ81A+xe8kRm=c`rj)cAOpwXdDK1hlE2Lmxpp
z^pEm<;Gk&_rUj1kseu!`EpVDo2^eOKkm{!mh~|C26q%DV;KtYw0<BlmTTAy3)HLY7
z7g3&mt~RPe){^<#sIK@?E!7p04f?mj=$tS=DX^`U>Wk}Iq{nHVM?s(#V}DT!l-H)g
z)j~yg0X!f*et#`!#P>YI1It@12s}^=TFa&{&m;IGvQA~5>mxc~7pU?s4uS-C1cyZC
zcU=ZX<afSWwQCj_?|caQUk)Mt&$6xb%~_Q8B7lR){M|t3-cTErSEcsiWOV0Z(0;cV
zwDInPvFK1_+Kn_eYt`*N5y5+YU`+&<`2h}Ne>jEUGC#1amc@lrp#K!3QEd#3PMyPk
ztENzOt+^LC@ExFi&R}zJP?<9I=4-Qv>~MWO9O~=gpl=9Nxi^L%doKf{Cx#z;N&9@Y
z>XkOo`&aU%lqZwlVWKVmeCx4*{;~CV%fA5Mr<O+X{oJ`IzCT`iKE4kxjpBP-48Dmk
zAB*qbF1;|mOVGa#-^)KIzH9$Md@ms5)DV5c>!)u{(Uaw{V2sQ=RHba_KgHVuqo#i0
z1E(+22I|d%IS^9i`<H@Nltb;G*@)UicP|A^%Ak21qq$L=i1?1=cOIzwPB|gi$WM;g
zNE??@eHF4p|0tK@JH|T$$J4+(Cug2-A>-I!paH;fJuex5Nr(Qgrb)&x&0O6nf!iW9
zpAxv_9QK1qXg)R29C<!9FzFojOQwFD5^ygCjp!^XO)@}${;w_t?JN(0`2zG$6`;R`
zn>6C$K)Hu=n)Xp4FN`ct1LZiM7sxx)@@65kk>;Mk1H>l!GU26E=+A{oU6UZMi_GN&
z?+6@ElZ>W?;M;sV=+~M4i4Y+3-fv)q;KRvmqz-P9FIHb#_R?FIf&SJyq`xzr(+}lJ
z!6By<d}DfQX}EoG!H`ojc17$a_M6#FgePXQJ^#xA98=l(Cu);Lf7{sq1QrWk^KO@=
zpyeT&+e6yCv<S36ECMaK2(;H1fi_CkG%j}p5Gd{mjiYxmKlallpedO8{--c@TDto1
z63{jSrPc5f(C#<?pBngZiKVyW_gzolyhuNLTTNvD^}Kiq^XuK5WHi}nETV`5MQlZT
zo9$raq3d?Q-uujW#P64Y_SyvS^botn4j#h8ucfm4YFM1&*GuTVSfu^n640#J4e`Ut
zvtKSDe*Z$#?=R*+vHbB@mW=0*$Hyg_@}uzqf-@^V@Z6GUeBjw7G(K==j%1XN;ekUK
zJ2x)^ZOfvl{}x8jU!4M;db3unWQZB6TvDWO69vhzx1zn~8RPcOt(JdBb6n~F_s90b
z{9Y00o>7?Z*c#hzyu13%{rMgCXzm-+BgBs){!`loq6<<2CwbnC7Yt3Kd-2r(NApnY
zR>DujKBqF77nnVU{bAE*$qQ^IxJaXV<4I<R+`EM8_qQLk?2!DxW#k(hl<!K7+9B61
z0gc!%ry_Ppe&Bk-qZ{YU!}B4Cr+`7^V`yi}D3O)$&h`aiUacBR2c!8J$&5D_*-ZZN
z5&j`Ct4qYM0)nx;{{cNe6AVW&1jFBR^$o9)g5qKbB3JtYaJ4N6^P#HYbjc8}1Or;P
zEFk>YZ0*sFEq=3k?Gtj{+JW2Q0dYzS%c&`0d~f9<l)h+><RY}DfHK}a!Gzxr-BCEJ
z#M~RTkK96dK6Wn@pnt{^8vi7E$wBafpnu~tlHMG%msp3yJz|R3)%*<TZVrssS$-C`
zgyxF9i?K6h5ono<Ks(CTlVo|2O}!Q`OdG{5oNnH6ZPpp2@uH?IniCL9|CAW|zkJrx
z)p>z4i|LsIb6-_Z<qsBv7D}VJGPoLoLsKMUh_{V~(?eBZe#?3ElXy^ebI50JMZS%U
zhCTBb4c`M@d=Kf4QV523?p(0H{nranYx@Ei{CxDA2H?054O9gEuP>(i(HFw|TPEI7
zAVAumBWp>1VEba4*WA6>;*qb>^DjS&@(A(4Vs)maC!enY?V-=0*U;7r(2GBxUQaEK
z(ral9y&j9D*F;sm_aCAc7e_Dm%>Os^TK75WbxjPtDj2<HC(x_ou?y3yt_HNpi$P14
zFA@@&t{2(enM~i8F@4{N#E~Wel(PG!$Jg3muRTMR0}tA_*_$`+XcWP-->h@O1sX{o
zX`qnz8>a`hk?(e;f<pRwWxBZSjYnOhr}+H9@T1Zwy*q%m?VWDlR+bGudo~!e5%s~Q
z131WcJEn`<Aj>s6d`ID|+Jrof$)rsTeu-~=Zjre^X5MKe@=^Q_S?6D4@)>}q`3z(n
zeY&`<G+Q$Mo8djY2(<7R9!Qo~Vy^)$w+6Ix3qhMw1KR1Ef1!^yB0cdgn;tvGYq}kj
z6XW2uM5K6K$ME`wh1X2*44S#J6tC$5#Z@Q6tJlOiA87duoWDC=+-84_;Cxa9=OF;4
zq?qO>mal-)SX{q1UEEgmIdJ`K46aKPa4qmrTnoIJ-)rW5ka6CbE^Zs1uyFLR4A&1u
za2>s4XSC6!pT7AwCcfWZ2-@Ekf;O}ewA~9qJF;+moC{Y-#?UMplQH*WR4M2MC~q!X
zu9NwPOF(H}M`Xn@(nkK@Ck1sIR5T$dZ@O%`Ztek#aC9RAWeUs1-GV@qE{F1_HYqrC
z4p+ps%fwi*qtLyLwv?+S4(R_PTup4m>P$FF>?aXP_a1t{FP9?wGP@{MjyP3$8A@MP
zitJ_8Rd9Pz2`IGQF9huXjyiUCLo=vy^F9a)BA9z>P2ZBtJO7%#1%`WxWNdh*PA>#B
zGW|=nr=JB-szDejCU$b0sHXuq@(|i{fX@reSp-_s63GxzURTp|qAr*@PTS;lpvq2l
zn>>%uH?&2z@G|`pP`m(h$vn;bZ&<$SLIfHVQaqV?(pjL)M8ckp`=nr<2&=0_@J#1G
zX|ci4-T9yp-5}b$TT78tnUUw+`Y@6zANks(H67C?&3+*-Kc^ezZR+7b=|;{?Fb$Mt
zpvpx6jz$}JS}EQtciZR9?aG7x(#eohMtqIcc{x`+FmX+{3q0TOt-Y_61Lcr;4~8m>
zEO)CV6OPt7==g7>KDpK2ym8*1{3o}jH*cD^aoVKWoANHnY4PwLR{<!?E`^-3OY>*f
zxuon)Q03|h@TAY!U9bsFwtwSk={{nE&vZ$vThJoUP6W!#N@?|`2hf_9v1(5Z`Q6H`
z-t>TNP0L3Go}GjSd7MWD@*GyTJb*k0azHu6+sg!G?~2fn{QoU5s>hIL7l6_vONQMB
zzKt>%B7({<130S33eCKVk_S@P2nem-C`(4Y4SbtqFlrH03KLbiBoAg2-)rUr6W7=$
zs&d(tsk5!;&vQ^w`as5-(pFf#NtTRTY~Z^^2BR54WdVSrOq`O_h<MM26f=f<^hP@<
zGqWLw&|o>J@|OtzwMk}8>AFvF`5JSaoHd(Vu=*BRG9Iyk?^YR%E(De76IFTU;*8nN
zvSeJr#+iwrlKh^@U@l|7%h)_i5L7m;V>#^Wz}SSb^UBPrIj^<yW-NFkyN|dmds<H8
zAn)0q1qz|hVcuTWf-*)9rVx0i<$O_uoR&e}vj=q-lxBkY{if`Wf-4C>G~YV!i?)KC
zzah@E!3Ik6Hw$L>*}yl#i-B&GIf5`Yd4%vcp+z%L9=sW2C(*wMk>`b;-3*=$7(0m$
z=tWR|1L4zb@a)e3rR;%;YXTWiPT*V5+7O*{Gl0YVKNBiMGk-vphu_ELgx;bJe9bZ#
zg$Z~lWN~iFCz)LYo{by?1Ah={j`B00Hy1!KKc=14#{L$~!6E)Ic`m|{9}qbud`j99
zz0%A<aQIEy7qK-2P;;6JAV~C0QNlfEu{t<$tT%p7bB)P*8G%;>pEbtrKTuf67#j;9
zcqpb_1l~6&9D6W!mRh<lGe*~Cg6}uy&i`)XujzOH8PlgVZs{%x*X|_mntwxKdOgWI
z{dL;sFOq%tTl%gaW9RiQ8e5CcC4vA>0|VAe#)cc%ohU@EZ<37WuT#I*O@6mY!CgSl
zO(nY%hC}olqQ{?M`INt12pZ|reVt^GcOsxY2#H<p)C|3;ZLv=JpN`O;gH|nD1m#0%
zlF@vVWRxPItNA9nU*J892i$ECJivG(GPhr!&kOG*oc#kET~GI?MDu;rHq@uKL7&R0
zRl->**aT3~#F_im<%xUlO|x7?9?bK#P5`Y4<MO6QB|~%}U-P42018!+e&8Xgk9)+`
z*Y+stQ@;y+EwfOt=}9IVPnx!xX&V-b;6Y<pai4?WhlE}(&_vhydo%=A>mH-U02&BT
z-t^pRbM10ttTeqS8O^Uy`ba56PYY)IW!u4L+NT^S^+*bKVO(CHDH*qXM>2@+A$q=E
zl#ESiqVJa5>9ZToVWr+C1vha}(TE`U3C2!q?Mw%72;1r1I;PEwq+ln;<#wB7Y<iN|
zf$63$dK=TaAnsWxn8)N>vW2Q@vn7N0GsLfHV*5mOKc~D*e3YSd$!IDA!^@sErGn9P
zpJX&$#_R4JwaWeFP?g)RRweEk;r6t>XK$ONpT2prKH6BIpKO?-A73?9AKN@lAFE08
zjk2>P-YYC$Zt|$<yFI#Wv=?9?%uh0NAAU53{o!>`ezu1931_5WZxNJF-pTt4+IioU
z8#!M&sPbLx>_$;Y_+dCpt(v25G0)+~_R}?n{XGhlm++F&n*sw(yqU{US^b~9r#J-^
z(I!<^f5dqPc~C@As;nO4JR5jW>ewB6bvzj5JeWROsSWlvb7pPnN@6z*qj_^8YaY|{
z#MUayoSM^^u;!FzPs^zu<UPaA?t-!t558%x*F4Sdj)k{z4Eu{#L3squR`5uKzPu~g
z2~b{rDZRt%3&cKYa0SV4NtEtGDe*9uvj0mHV7DWwawE)}OW@A}a9De|vGCVtPR(ga
zfPWcVGY>ht3zo&ezxy;E*o(2V`Vk6e*)+&$wDF$9X`nQgf+r+`(pUi=RRrZNV($~&
zkv1alDMFw$cJLlIqHP2Yl+NjI6f~mzjXemIk1%$c^vUDQyUnjA-;>{nGuKx_uhPkd
zIn~=aPuTYP=bxEm{sNnS;(Q4{0$k_T$h-|4q1mTrv0rsjn(ZR%d<X9#GD+sRKZo&H
z9_MMz0i|vd-3zqlu|GS09viYjshdjHB=gR=qeJX|KNqO-yJxXqx+cmSrPCm%+Qxg9
z6ThGoJYgObVrvejvN21+<08*^FeE-ywLdFV1zYy7lz6qu#ED38V&3^p>_d^#qPm0k
zY`0_saUNGnJd8a6$~0>Zd0gBWtrLWmabqONjGjbh1ST`FGE#ct!8aRCoOeWUF7U3P
zupd`A8c;A5V`q0Rja{oe^pSN&Sc8J%jCH0iCU%zNS(}e*xB1{kn{Pkw2t0la`=Q*t
z&)*QYgHL=F3^h&a>&TT1G21-zPjiGCP*6An!S0q6{WU&s2h0yu37aLuTa!Af);zSp
z`aN_b7~!kbs@ylFprbv-Cp<10Vi!BdfI#7EQhYEY#fNT8@g3kDfgh6bzr@COA+!FS
zslT2U%(zjm2thS%VPD(M-z?x-+ZLd~)&(%AE(l*0sv5pgGQ>;4fY$Z}M4x{ffkXJI
zWQeb_@pw=swDUfKqmP|n^omfCw^=fTHLbzdIANqr1ZAj(_c=Y_Be04yQhfO}DL&!G
z6yMNKkY0x9o{QZk1v|5$q7XsQT3@6w99>^BB_sWAy1qPn4l8z1GM1r<zIvWM<IiE`
zQ;eNtjvqTEgY--0Dn3qRkIYZ%YfBGR4fC#`SOG!K)wTe+S{HyzU7+TMsyb#y=PCTe
zq|09MCtwJJ-8%?<$z0wb{#^^`cm#so>0pFVsA`ue8AEn3!kk)V{r1iTL(NsIV$YXs
zKZBM1?Jk|r;~<|On0pNSdrsqu0t61CiwiU1=q@I6t)R+h&R{>8hdMn*?l>qf<|U*0
z3GfsN(&-*MC}o$z>c(&Kp6&V2U-Dm|q(3Z}HqgTW6K}nD<2?_HnO!O>e4EJ3qdYjs
zdgKM@7w%@YD)0oI&~7Lb%7s@YLu~!pj%I*zaqw$9Is~XFY@N2FumMq?Y|q=#Ju^CQ
z@6Oawb>~A1B6wH>M)-2I>SB2E)Th|*o)XWK#EugY<HaeVDxGiGkw~lX<)NzKHIi{X
zvu(i^suHrJI5+FH^AObUruGA&t#_tm2s6PLV$UE~trCchJ3mwf>8dGH!sWakB(@Ea
z^@&kj=p4mGGY947c&&e3Ahb4)degyB`RI5hchbIvLh?LR<xQt!*4`OE=28wE7EU90
zWAZHA!Dw;^7$!{Q|IJ_s4fI|<p#cnG73GDF+<9|}pV3QTUgHXue2V81Im=~omdE7G
zd1H#N646+KB@dG?AP<RhA1@D$rabh1jOQkkg(f=~?ig9H<`ydpgJ<ZOcdHHxk%v1z
z#s09J@&n=fKV$6d{V6Cj+mrJ%u}cmufQsrdx;I%p44w@O*xJzw9<qLwnfFKT-a0e1
zW#3E)ecFi954q;kb*5+&C}iDfeE}3flqw7JIFI|wptx-mpTZG}&%AN;)?B2@P5_4m
zuZ3IZzW}!-hm+&B*A7O{Mc_78&rBnDJ&h|$7@zjGf5nWm*S#f1@142?DPx<zrXOGR
zRsCec_4;Vzb^7U>zoMVLZM}}$(@gt1cI~W7VsADlu{TRidrdUgP%>|#8-{MAdZHVH
z4xB329mRf?2cst)`UMGm-geLn?*~26K7I8x_J{0HPH5sN249{Fe3o7;8-&#}?=8sL
zWJ9Zo?YD6n<VdC0-Dk!TA3&5p2Eeny4ocValD;eteCC>gKnd6IzWscj$%hq3vEQ8*
z)wgviQJW#mfnv>9MW9&oM5et0zGh-45V=gJaiPw178l}KeB^)Wee4~4vGwL+&n6F^
z#EON-Z=S|}=_IbO&Uz4@P<hEXawJkOXJ0<3`@(#FVB`q)6FD6=|2hJHKVsH-k#ED;
zsqvE0nJyXKoPET78Syv8G9q^~L6tWazY&qSWhlLK(bLjt_Z6TFF1P$VN8pWXK<lZ6
za@TSi<1lLzT?3lB7RoIcEZtgLPumdPO8AKI5Yeqo^-SjyU7o8}4Vg6yLsfz(8Nw7W
zh;IJ_#!jNsn@XWv099U&z+uTi=`W))uss!-I6^@05VP8dzlgSJwb3>kIJ$>mwHXdZ
z+iXZd5nO+kOwG!U`To_I?>YLti~H>F<qU8T8?3DLYdhYU0_A0cU)#|+g|1OWt$$rm
zLe{8+HBqRJS)<sx*l-Rzi7s7+pd#HSRkpN(N033e0#y0o;yqih3~kwWC4@fhMwy4C
z)u80QDj7{}U)wP>7s_LGl)LS(3!2&*N4-0_QFUkQ0_%5VZHuu7h)+dyYNAc>=@IM?
z{U2<u0e9X2d&S2jV<Y$V(R9CL<k`)AhCL&^eUIzXylq7i^3lD^MUM~vo%@;o^wXaT
zSBl#NQRw16y8q29t^rMWOfs6euaDaOl2MB6drFG)wuzi&V~nq(iGC)0M)Wh$(*$<G
zg?z%}U~Fh>9KC`2`l!l<s?0j-497p_`Mrd0JW}PSCW97w3!D7b(l%|!-H6&1O=(aO
z(Z9Vh`u9_a@SY8U!=%SlC?DF%`Ht0aK8w!FvM8PHS@Cq98N<^Z{~qlZ9brBkis$L(
zA4l8l|CqMffM~t`2z<}R!1oceOVMZZ<n4AkPw!+3pT&2(O6a*E!gto%MdY`nG+urq
z@0jeaJ%^nZJiGrb3Xf};!n6GX@T8=henn*?@fB|c<=7Z@n!gd}8N3CE4^g>na$!#6
zcFv>zCssD_;ILrsy*x(eTpp?#T0>zL%INd|MBu1yowkG6U?Q{S-Vi0@5aW0I9kgbY
z{SGk7Qov{542HeIe74u#K;r>ru6c9n#3?z|WL=#_*VPn`_ABzPU^N1B9VPt_J0+tC
zg{n$L$q+>_0I5~t9W>S;-T{WVnf<>R46%XwzhVOz;wrO#RprJK8hfZD{de#l^(t!r
z6n_a6!A9*LcoQoR5MEu=8no`c78_hak%#j1nX;bom}Js#w<sCIY@UQSuWbF=j#~lB
zuN?f^jz_)$6`N4To=szm9zXnd?q@GN{q(0BOEb2Sbzx@l{L(UX$*85nOIiy@i(3C}
z0kMT~Js7w;#<yVhHL-mQZE&<VCLYm0iv2xT&~@5`{U~^fo%9a!ice^b=Wsn3>O0Wi
z%|YcMr)1P3x{lT%8lxd=Xc-S?{e^lP?A^qHv5A+ATaZ+F`09CciT=BvWBk(!9&Z^a
zWDc8(-`ILZXv@AUAoOVq$~Y7%1x09Z1&6)}<+1BeqF&%Y{Q=PpzDb~kU&iG`u8Dk$
zILhPt_o6&rybmsF9l_}=9x?!)L5{@|$^UCX5i_YR>|K)F77i^2B_dz#G4k~XCSRb+
zRY3R=Jl=_PjZa+PNk2VVpqM^nUes^eoy~m6>;%6lVNGhXpT8y%IrG}%{iaylj-F%j
zxgdC2SF$+=!Bf04I%h#jK4+;qI_J{+W7hxwqH`X+0KRJla2%Qf<&B8eloJ|IFd5xH
zk1w}7jrwv#k0;v6#Exrv9R?<(f`j;#roEp|ZT|y1Ip4t=&S$M1*X4nByk0UwubF;S
zW#L2MDb6tOFsK|#r{^|qUjUi_jxOP7<2>_yIw*<#zQ2?6eQ*#(`sK{JMe4pq`JjdW
z11dhWQ5{m0Pjv|Ke_RWrepJsVSed|q!=wx1JR4k~2$@o)Fu5?Na69KI`Xg3Sx#+&_
z;6$qXMu7UpmQMX=@JjTny)3F<U6;@?>QOZI+L}e<fX9gs-QWuD%DJ!%9|TqIae@{a
z!WDgIu``igM2F$olx`)zhJmR`=#~t>2YE-}a2{ykmnfYwKE{3tR2h97)o1V$^p~Wl
zvX_H<hpH*>H2)YXhU&pMUJb@^UI-N0z)_buHK)3j_iWFke%Wma@oPdSix%!@u@bQl
zj|fTEyxwENxUy)i)t|7sz>PL=v~=(u_Y_cC7;kK7$4a^=Rko0IxD6|}jnP;&Y13%&
zPn#LjGuP_kR;)aK4m&M>i|{a+$Bm3mz4;fXYv(vYQ@yyH*i#OSo!0(B>jb*L@EwTq
zD1o8)ig-SCzlW8tBDOcpa8y_bhP4)#FgvCeQ@lM5;CMuwlJgqkJ^LquvYhesg}(Qm
z5x&jp**WTx_|L+sc$`~tHq-XTpm#I>n%Lch4~Y$aF)_G&!ecEsE(SM@&bN;X&tPZi
z#lXdEf>^kSPA6~?y?(K99r+0R)%)V%D&=S$-w1EpDNi&c*&`}N_AYT%6wkzFYG!e%
zSf3@rKg?&j7}$1yg#A5t#lv<nK82eLRW;is<I2<6`3TDmK^dUj0;+t&#qh{Slt(NX
zwBA*WVW%lujE7w}V<kOPs@ycWFsEfZ=NY^SE03SWPE)olKEDYo_ROg5yZxJ3`QsRN
z*8N|k@!cO`zk5?W9(SV)<MA&Bc9ONHCnLJ{Y?uIwkWJSfHHa0W?-JX%GNWxEgq52B
z91mwtGtY@0c6Jv$eB!}3H=&HKO+4L~I_#7TF9M@Pr16wm5%!vQlOd_H3Fgf$Vf&b(
zWxoR`wJa_sG9D$*npj*+$exx{ILK3*;lzV)HX*^p?PskG#W8E|HyxlsYs~(v0iOK`
z6k^-fA-4aB#@~N5?F>Zi3@ygbsr{qy?PPK5U4NxI|9w6tzlz2Fw(!x|-}c+69JcV_
z5VNDYbP$0e<VAI9=mo5p`;Reg%(W<{jr1}$?Z_sev6>V(-xuk)2w&tQ=8N<}yq}zV
z8aw|X-vo;~#%VfU3I=XT)$x2VFiz3&RbUjXaRq@>W#?h+H+_x`G>$pcE}C&n@@^t|
zR}Dswo4w<O$UBj|n+-;&(fTem@{S|#E(at0b?A43Di76gk=W<ZLFBW$z?WW3zCk|G
z1-{{*B0Zn{p22?41YMNCCy;09U<~s%v+r2lV#%}hJF>6A_N01a_N3OG!2Zy6P+rDM
zhQ)`S0R7dEfCr_4@*?pq2Y~M72EpUPSTX&lAegxgrVa{%x&OY~7TNc!Y#ad3c8<Lt
z0Q0Oh(NDxSaC3C8zJ~*4gtwOwUyR!Id(Mk7hB;6k;lM%qb^thZ8;yIAzZ1z=+0?$+
zjzDSW*l$Gl`0aTy`Vc_b%$euR<VcK}<qm{c?f?+DTEWxH(VR%jH_V9f4F`)r2_P6~
z;-YZ~G8Q2Ao7rQrafqTqmUF>Dxw+5Yj6Aob(ESZ$qx&0WW3al>0FQvEPip#OpzceD
zz^CbOi0*T&0;T#T@C*VdcXQw{`x>U_w@h15q%m#Nj^{xkK2uW)C_}thMs!3;@vg0<
zp)LDLA@pe>5)Y|7D02vXhmq$6^4+b-BP{`?`YvSB?ke)`CGfa7P_E#>Vfg|?50u3C
z0xlG9V-fg@$hRLMPpAfz>J!ML)`0RV2j#@Z6_8X}SPEv&%+PH5yEYBV!!?}mU^|M$
z?%&Unj1Tzyz-=Sg?_Lb$;TcQx@O&^3f<4)lpv?zx3|%f6!&lKYsV5B-vyT}ueeja;
zLAqpoeFXcZ8YmB6E*asgz!*xG46_z6X@4-LeVSx^kSiJT2=<3u6yBkwV2lS_?Fja(
z5|op949y24{OnRayp+N?G!L}!Y{?)n5Apc{!necE*6DV0uR<I-2ozqcPx}b=7hMD8
z#6}lw;2T~8hL~cmpOxWi$sqj><<h%UNdJGD2O8;5$O9jl|IUQ|P9DPkp83)BWtfZZ
zeW)n9_p#j;zuz&uhQ?A3tx3LL@p<2mI3=>i(mXkobWg)vhutVt)f}Vy3vF=JdjLmb
zL^F?LKODdn0TkVnB7GN+;r~_mFZ6yl#?HjOEjUi|Ga|a?Qdr&iHSm=1p!~i!ZK72N
z_l0{m-ec9lb>>h#Tzx5cYWZdN*=K=5=GV+@fo23o-8goDSV--Fxro|HVPLVq%cHSC
zqN6KN)NgcM7VkF>UP|wYOpML_{uuW6ltTGj9?FNGT@uf4L?*H%;{cx@xb6`47nQ`=
zGdA9nkw){0LOC>_sCYVqhsb{pC`0oZug?c#Dv`%$7wJSk34c!_{5_*Kemo+pX_9du
zS2C_4{QZUa@gB~m;}uP!<88krI$o<2l%b_;yrp2&QQOp{uX%2P2cw#g+QwFn6Ck>F
z3d~-d3#wdu6c0Rvv6J99luLE4$%|7!8RmsR*)(aMxfT?}uLZ>gphWm+KI5bL<M7$%
zc>iqx$H>gZ@%x~r9+Zp&>5_4582hCu|J*(((X-}wSB(SDzxX{_tBGAx!gNPTg6<%G
zVl4l}(bIN5Jqg|Rvz#(Q(;HcyT3C#sUuFXRG7{*Q5ktSF4Bn;V%;$5yC$PE`;B+Ik
zsxsz0#D1RI>s7>#W^zsZg$-%(vQ$iPGaj$U;D(G9o*=9wI6^2?RkS4><#(o+hu*^j
zZ^XoITs-v;rY68Zo?nc7NeOe562@zK8xOpAE_r;y%5x>(m;4zI{P-N*3og-dMF}qj
z8+l>Vo?fibTt2R^ms90l-m!!DLFyFhlX>T}*h>5NXl#Y7tM!sW^m-{0_IQ7iqL-NG
z7xQ*B5Wl4X1<Cq5br}0CpMk9FlgMx8I}p3VF^v6dV)o#}^^%cgwh?u_1`N_idO{y*
z34Kf*#ZJqQ8+stQA6N3=g=2U7akQV_&B^=m-cMs(ALGx)b?myf>{IM_r^n|Mdu`+F
zMWjH44&HI-V9K{heHTIxlNQyIp*@?TUrfy5x?${Bx%iwjH8)g6cv$`3!oIf0YWlcG
zP#-)5edb=$DHdx$bbZ{wMc2ok(^$!kp<fTr?`=Lr^CK=l#r7vGdpBm?43A>P2Gmw2
z{xspo+EH8)*(;Tk<G**+h3OdP9f1djh_5LbPn^QeYv<7WrU)(meiZwQj-HF7#TO>m
z{lClKK7$9|!`K<VJXA&eO=8Cq-*bNr?>jJq#y@^G0W@_a2Ie4m_NQJPyjI@tOmRxi
za!}<fGpFW!3sm{4>}ff8koSDz>@N7^#Dj0X*2;T+j~?4f=F){8*;<Vz-(H8hwpy{T
zr10fZ_&N!EAD)Zkt62O?Xi50j)EiUi-oSYLJN#^IY47Ewr9XyfOs1of(mFN<KU7KO
zFDd;m=XFB=>{Hlj(R<TT>~}lh|M&DhP{W%(l?Asx0kob8P@bqu<{riVaOU~*DNYCF
zE_Sa*Tz)!x?@IZ<o1ZV9jppau2@THR3Ky|e6XyMX4e$G)Jv#5{EY7zn3$&ip^XGr+
z2(8}{JO4yIYQ;e$8z?8LCFA65$%yFG&%u*V{3XTAzuT1x16RlJrMHykVkYhn?PAYA
zQ#VyhM#JB+pR8kR|Bn4Pous<e@;zEnjPG$8E5c{&Srr-4J*%NFB!{WwGAcuV!BLrb
z?g;ivyJPgpr7U-}mBtq?HkSIYmW_@xc;Fp&mSuk$DEAS5SGUCRv=x7nSo}$4XIDzN
zNDQc;5joBCD_@K`BT<Y%ne!RvSJbqBY~G(&MwanW8R>{Q!{Q=*J&G&dKY^X*9Ipn?
zBW!LVE@rMG??I{2GcDU~^h^tZqbvi;8%yaqpvz<C+L~~F#MFJ`oN*~Ug8l9t=gvFh
zl957v#2y<v<03@QxF8!ne`3W`Eg!H5oqx_{Zj2o5N)eLgGw!m*>-gWDpgyB@HfDd!
z*_hTOXJZOu=-$fC#t_;P8=Cn0#hFnXn&4oW4fbwibbSNG<RY;+zsUC6HW59OK-210
z-qVaaw?^`Nc}Jjr3_Ec<zxV8If`0mDQ6Fuz>n9u1_2a8D^s&vE`dAI`vuYWb_key|
zU}y0PMg?#MhlqZAh31clJk1~3osf4wG!u+)ZuIP6^Jp4fD|16tLo?~w!Cv-kyt9Kr
zmS@ni4h6|G(q_o4>7rIO-Ol{3+renQkDc+p4~&iLSf0>2FgC5Ec|upD(LABWgtoFP
zSaKTAy|<0`4e`iV-~r!VZ7II*Oi%IMy)eah&kZTQ`7wF;%|8HR3W8ubZDHSmDWR(2
zJEZe-#nVGo!&9QU;!V%dT=C}TXs&pZjDp^icrI>9(ed>V#52Jt;zLy>>5@^K4u-_5
zRn~87e!c9@nrI$=KCAtd7dXf}1HKRGI!oHUjj_|(&n7&voawelV$QbT!gO2WUfL}v
zqwAKHV5E!S+jKh^Gs)lkz^E4~4!e+4xe4aYy^`tBTVuvq!N$2YW}I8uIGeJknP=oj
zoZSVto_O%hO>MmIVU%f(WuCXb9gGt4_dYOcGhuJjIxxKdqCGn=61tjJQop-NjGkjP
zagS5X`z+16Jv$#-VAk>3nL0{%py>ya(cBsJOKx14;&V?=@ol()_$7IP@(;0J;wa7u
zZ|EEtjtlXIRnI5pY*uXj{@!+W|MyxUnp1{A8QZ)<KfY?YezKunA8lNwpT4<HKYLrP
zj@x-N&%b6iXm}^L_hf^hA73TvW1H>zSUVRdw@tDTsfR@5wwLYKHLr68MFbV)raZI;
ziTsdp3I52t-8LxSR3_`UJSrJP?#TOL#+S{n(7n4WdAfJ^5f{IAmnir8yXVXO(7Q2m
z-^Tlh%v*MdsRQh4)g6R~F0==j9;zbrv-SY-Y<k`=%yWIs)1&A7?s~@NyP?hIbKhVy
z<LFO+fc+|BbleWU=2yTVG#s8CJ?GcNxq>46M@}IUH*IJ2Xe^p7H)AA_-Nd1wSwmnQ
z3Yzoya;R$KeUfpA;cDaUG`Do)?O>4S%VKntsngeiv2mqj)FY{K1kIb%oS@eUzc<J5
zyLEP>Il-^5Lt<C+%4nX%zlz`Q`2hRfqxhfZcdKU9a8;DY2hEyM%k<-`>hzNhwL0EO
zYeqdX>%x59J3of6`#;}0RQl`l`LXHOpS=#rY#nOmTtOY6ywnD(n>iE|w!_}0SHNhA
zp?{pL+|FYBY>hJizYmP&b<9><2S)QsmiPNFuv1Hs{eOiIPQGuR{rQ*ifqrG8t~;L(
zELl5-u~RU4g5NvZn695}$k30k%GAd;PteEOqjt(atKW2f>SzzYZNUZgTS83){iU??
zY9b81bYcDW^hM~m9{w*2dik%8TKbLf8E#26a}GW@i2dQKz>p?dxe7EN!LpNj*?fqd
zWX6VXr@U?ce;*jE{)@Tp{%`Og^@(#$-(l8A*e|6+`6N)~p&OAeuNZv!F7Vym#``z`
z$D}k^-L&%aoe|qFf-*95N&Mc(jmT%+mHNU#c1CRFKd?8llEw1pvRM9H7VBThY|j6!
z_n%Fxql8x5%`;*Yum61*`-@`Eh?%wAuab<L57PMN*yfe`@l`AIlMT!D(Z+fm@1(Xv
zm<v@MvP;IH8Zg3zYSmK$lvkfXo?SMYS1`OYbz-vnW9ZrneS|Mf8<qd+sA;bj(mTM1
zY9wRmaxjLjl8o+^;Hl$Oxiqh%V3_#-X<*!WL0#hr{N>>Jv0oxvfYhq+_oTi9kGbMv
zzrV#aKB2PMZ*ffQS3QlD%((lLz<20<><{8-+&3|15gx@#?@MWBY*+t}G}F%`b16gK
zt<9`{jU|^v)&<s<$T*RAg4-cG(F0V@e`wydp1Sw!ZMpjCn;rUSW1fDpAzwef%BhcS
zo}`cQsZkwvp|xx_7-45r_w0Uz=^kgOYG^jqJ;I}(y_R`+x|UUdD&MsZ1z&5KqvMtg
z9d7~yW4n$U!N5NOGgs<&2e7}VJ#RFeLUl|pKPQs&^qT|NAHER`*l6WLWklZnio9z8
zqo~=^P3aNcbcW9jG-a(C?d1zbd-$j0^;66~)>%F`;C-xa^b|ieFg(FEO4iF^<^u<q
zp2`Mr+{HogYW|;#?Ra@GcE{+e)Wg`X-U#JhUNY`!<9%ifYJkO{`e+Um`AcA^vvpoK
zycB{Wi^YgM7|rbeW*$r*&VoH1NtMs1%$u{(%BSa|_2-D*YrGUZyEsrv2f<Th17&#j
z#r13E&<hkN#5Uc?blV`Cw*cV4OCgA7L-2O;{vvSjn-T1HUr%vh>17i>MBy7m)c+!U
z=-ozTpy?7YdieJi^zzr4vaxF$<;83S4l?!{0LR77$;_Dtn*UG}vsda)jq2`jD%IWd
z;9pDs?~Y)<x+XgJWVHYPxO?~bsH$smeC=~)CNq-<B$;H$1WW>oNx(;SB8ftC22cSX
z+#HW$t-VRGmISamUZo0RPKeqGLG0-0k*G}~wdRasA2<BkvGtNbdy8V#;4QvdNwC(0
z_(DURgM|J2?6ddDoS94l+}h9Q`?-H5bIyLOwf0(TueHwFYZJIit<5(az8oS>o}D4%
zL0irKU(JJdn8j`mvo$K^VzHYJX5*)^wMjGOOq*@}WVyZs-hr{WGlls(Ls;p%3cQ`$
zx!ysZ4<6pm={bi(XM;xe+BrT5>NPme<J6@-2reQ2pN-T&k{GKVvpPk-`=;Wn1SeIm
zH&5|7YX~caU*ociIdD}z2>zZFkS+#Uyc=Y(jKy372{G4X^@5hodc{+Xa`brXISKLB
zvdQWN*-oDZryFZ6WwF-4SiK;M`#%n2rBK6VUn6k+Z)2^SPcznfI4;(jt;bsba2PAX
zB{4ZLVy#<PthLa_@_!t$SZkvdqy`=|;JX(P+4p_l_N1Ph!OIH<S*&%C#ab_Bu~wo(
z>h4aiL+Wmzd$6&;l5y?C&h~&t_OoB3__{<rrr2w3lGy7RCLXBeW3Zazt_0RZ+5KnY
zt^qy<cPBqB+RiKU2QL(KU$Rd0MeG|pop$6%9e9@57Vpd_dpyCP?DzeTaKS^{x!?zj
zQ1EAqxL&e0!%hgv=Yls;2V8#`E8XXSHxFd-21Mf(WS@t0`_+9@WPLrlSJ<A^{TE({
z3_dGFDv^B+ngx=v#-tC?1?@~15S`$dN&PAbL0R8TdR={etp`)uJe55752v(wmLf-~
z9XU#i^WdWP?Og8%JWp-$vjy$L?1k!=eOPHP1~2K~w+6I<RW#o*bS{MS_S-pAd!PDI
zA65#_25;Z?WolnF%^hn#7eZ!zMQBZ69CEjL?nchiWI7?)cbM?ZS3Gm%`^0LLs_TV+
zgZRAPD`Dci-*!7l&&^pE=XVhJ4cNE#VWp-hCNuSx@{5SvoT~59%<_oTrt6}_HwZW7
zMu~3_V0lLWs`qwgd)fJTJ8Xc}rx@TsD>@qUJzg5bO8YP_+YjIxh|4dex?|@cR%-IV
zJGlMIv0T6H`g=ZjC}p9#n5^$K(;jQ({U5VBWrBl!!%2(f`E}Sq8d$^fkk)|aVK@;z
zLgdSk<9?py_wn+A0hZr)4a*4wJJk`$8J`c<=!joq<N(Q_)8HEBqphJnS|S}!_k9VW
z*9w{+z4s$rrp{Uympg3crLPZS1*U+vv+24h8B=Y_jT*Vb=VI(mN)KxSJ=nLdDW<$G
z#GRa$?HTr~5zlhR3|d;Dm+--<=%{@T2=)CHmn{Qu9lczL?6SeP+Bu3}qHg&3AXd6l
zz^k9lTmzbZe+iSTM7_{|5Gyq{@DdshRI_+*6U_-5xQ6M^0tVY60_$7z`<eptJNfIQ
z1It0{Y`Qi|c)tYM_YFL2Rogi5>-V(f1Uv(4AVTz$au6$qPt><U&>lI6l~eIu=l0P%
z#NvEcH}hRn7VS7RWpSMEnql%y+ncV9-hB`&yKtGht0^~1;J7mZ4*x;JufJX$UcN#d
zS#g~jt-e-0wn|cu-+GOT7un)sXMKxM@Z5f^e0e%P=sz7tqki2<<7k(F)|YSkKImq?
zY<~BGflJu;LHEhyXi>|l#L=idVUDBiYA9EU@4Jh4M|WYbx~nNCiW^c@Onh2S7Sj(B
z-`5@O+h+K_<zxP>jlAP?qhP#iiuuL(ebUbrEqvVQS2p%8`aV|rz6+Y5Kv(B1t~a*`
zf@wa|pX+t_==q<)?Y!Fg0sTEV2efozr|;qDIiY;e90CLfn_~X-SA2GOFk^W%qX>d(
z5}%sMtzLUS%4dfi4=s&q{IqcK6kn9cb1@Hk?C<0AK>Oru&^~p8_D$II_iW;WMl5j9
zB8$r`vPfiYDQfl%PJxJS(`DP9>`Rds+;E9axA9`<n6mYAOlJ;YrEn{Fi7jSl`vBxX
z8^6RW0A0-w(|WCB&sk!lc0KXY1a_VYVJsPS2YOE6vAP4bC$N+Pu{sR>qj;<iLnHY=
zou0R8XSQS?qVX_dV<eunu_MQ3%QoRy_t#i@$^tIq%%bmWEN!#I&d>E6!*OTle8;d9
zw9xv%WS<=R2rKYo@EZ6f&VRCcO{8sp!nq|kH?jQ!3qkrH3wSG^0^R1&+dT#T4jv?R
z)?M*?(JZdF|2%pQ;QIHmA~%w~=z6vnO^Xh)y~w=h5gT9M?>Nv(dHOAW4i8!?tJ(2t
zD*YC}1;BOKB8%1R``Tdyu4U|Z-+Yil2+At`NZ$wa^}3(;KX0coKA#iD&Y;&iY2WAO
z+!b$=nP4v=GPxl}<I{-+JI3s#>zTbYZOmT!SH3sz<z^W!ru}+Lc+gtexe%XmCJ%A?
zSyS_w;aUXJ(<pY{y~9HD1LhK$DFJ`Yh1Aw6ybz@Dth<=4<{U@ExBrF}+0STb6)H;3
zf~v}wkiU2%NOtCDq~%gM4g*YWxx4<ZWscOA?}97}sNg^j$YMUo`_24Qf@JZfQ_NFX
zgVI`3*_mHLlVS&@$5IESMdEp1r|B%Lkvrft)xn$eye|*hA_T5vFcbUhCy@NzQj07$
zPw;NgDvO&Ycvpa+;+~1doK9sd4u+{op5@5m>WRjfHom<&RTlsKpPaKKM;5OlG-T_a
zk7V(R3C3(rmBodp0iVMqix*8qOOVC$CV1yy=M#!2cwf)ccxzG^5v>=O6h>B?E7?00
z$zrOB4o|SyK+^fg;FHB>R^MndixpmBh2Rhe+8kcLJEM0l4_X>8Xb&Qx;ucd5&I^wG
ztb++TI4`76&pMcpgR>)ZM%Jz#-ml-SeDvNox1jWvG#<1P2i4U}9S|JkK&xjmwD}u~
z=WRyL7AFtdk_?zviSqS(1;~Ea&*z8F`v+F!<<!2+v4GdX3)*2mU%xZ_W2>Cif>KlK
zGVQ4)RtPS$!V$6u&Ot)O+8(HCD*^upC$O~EimKZ3z`qhedetUp5&L%S{q)(U<siN4
zl(Rm?*zK&!$#QI*dQGJd{HgGSxHx#l`u1x;Di}q6yA`BFox9Tx7qt+0jJt(cEO!m@
zive6@-?F1LT|XGlH>AK3NCBxuUqjI2f`pc7NT}FyqVl4|ysXbLtt*kJ--!Mr>-Id_
z()tm`?t;+*e*i#oY_wfdf>2d9fU6mx%)#zg(a-2_%(|w;2UX#w>!XBsp40ghDs)-B
zH0{Eq&(E<Xf1U#u5<Yb@dJrDn`Bln1LWfE#9BF<LOK**0H{ogW%p5O&@k6Zi39<e4
z@Dw3J_VM=1KqC9q-gMYm58xv9K(!+lW2^;PeC|W6KqWmRN%|A|*PCn!!Uu#$mzwCh
z7N`v|#Z<@Tbo1VfbtK~vnQgQ3{<R!PgvSakAhnf&zdwp&aZMhi`g91cStn>~SWd^9
z6B+8#behMZpM|;_G%{8MV|SZ_+7oTfyuV`vOKDc2qK(;OX%3-cOI|@%TL-7t>L-1k
z$Jnj6$>IEs7)$kzBy&0FT;F8eozQ^HzeUf#rt5jxhghk(Ahw>yIoCQ4q!xgwS8j-%
zZ!OCNZ!?RHC$1UGPuAB>uZ29Fe$OdPIM3=kGyXj58K(2BwX@>C&-TxxJe3%4%KH#2
z-E+a4!-H3yb!S}6sr>`4_t1|QtIxiNm6|ywTieR}U$wEA6FbXVTVRSgWrEb%bS=}}
zIZ^#?u31;8eK*l~<jo}zQn#;*pR0-M?QdD6Zg~$YP#izk+^Ou`Y!00ZO*fsJ%>k*C
zUqR>M-BIJ5ot?#H$U0$;o;B)Ep)nnqmlqV%_qrcP*0JsjymKo%!`hz7V&c={<6XXK
z@jgM18>E;WdM(q5ITP5ar}zFb0N2oSSB%-_`uX@hT=3A37pjZi!%E*7|D0VucoXwC
zZldwEM0mdG_eB3qWSd{6*X4}yOWYb-At<sqWVaEAOiPGErY6K8Q%&o_ub_10-O1^G
zn(xmyeN*jV=T9#-#R!X1;(5P-;5HF|T4Vf4c(6Ugesv>@9gguRi#62!4e$Jixn>wU
zcbadS+sB`}ERgv+*qPJBx$N)ao%<#@b82UGm`VS=Z{wXkC$Rfb4!oWGby1_1MJ<7&
zNz#9J+Q3Wvq3s`Vy?;-+R3$#qhi41gOYdT(+Ya9L?RTi{O*v7b7pjXPG!MW<+JCTz
z3mQJu(MJ}lAM!cjU%rc#!W8iKeOJ(kE;*02-QL9Yetn*x5j*Lqp2w6M{=2eB{n@)%
zX}40?I(c{0fP=If(d$CwgpWS5SRZ@ayI2t{#7~!^olQB>_F3!HcHXVSRZ$F~_9iJx
z;MD7_Oycj~_%2p}i}&}9*mFC7U6hP@be5psuSmw8SqvdvFQ>y1$L&~p<ZJAX#Wq(&
z7ru*?U3i|lt7%%4^#3;b&Ejtari=CWG!94Ta?!h|7V9+Phn+vAzUR0cgf?4TevWZg
z)A)Y)4m(q;=P_)fc~9fUXr*I(hOzrp_d277)A^=voPll0VH|jZj{g?M?!+2Sg{J!L
zW?3=D9C#!-%=Qo+bGI44M<<}sqjZelOmt@WY9p_jr*Zb1Se$(pi?d$=8lkCPBde)-
z{=f>*I-6ERiG5Au>^42lzQl;LZy^1zi@x+uJP$<PiRXcx@0?oP{pxpVK6hN)J>SR~
zTeRcQL-BF<H8{qbeN8BM^Ltpi8DlrzgL;px;?!t0ua2y+sKd*x>gWcWI@*MSM|mzh
z79*G9zq=kggq7}8nroO#)_ylsRh|X@VjD<qkj3i}&0DwuQNNJ18@zW~ehIoLbzTot
zjrA!3|0WwqH>ALkb{j~il0W=S<R6grZ8qgz{P!Vx7eNWDcW2blPRxA`)Y{HB_{p6A
zy5#$m_lVE(8;;(sn|qS6imQ{4wYP?jHI~mt<TmbpvCGuq<(H}>D;BHK>P70YRSQ+T
zhut;CbG^q_@oKc%qK>Svs>91|>ga|Pb#xC34)c7Ntmz0_Q{2GmG5RU*V5M&gXoVhn
z-#X1-<LF%n*Tt{<J%_MTm<L{s&kh$qv^1*QdG~|AC_N#M)CR#pH?b8?F~^hHwPcQ)
z4q*jy!8>ph1l>gtoaTdIagzHK*35vchI;TX)AMDQ(R^7WZ)qd)ccg+eG-qK#zAOak
znId<%?`^EeSv0PGy0%z}VJo?rt>mV*5{p&-%if=EzU<UPG+*{c0N21ZROdBIl)nyg
z;4emj)^@IYf$9{rLB^j(&SxTD23UV%UorU6;L%0I*1I449S)EVpS@5m$)WfAEwaYb
zebd`m>9+l!qI<7#r|6iDog!!p-=_OH#z@6(&_*|0t`0B1OdVNqsT!?btR7pnNX0zO
z{m<pVJ1~X$P4~0<3s#|G2?8%!pUx!uWAEj3Z+i@5H|ZPT=pB^*AbP!t>pgy}MLo94
zsz$4A>d1-|b$Gd59o^tiM;CFy5#Aa;%3H!;^L%)i=fYnxov<CCtB=nQPniv&C=X#h
zR~_X2xPjMoh2?Fm^tnNk&xNjm?GVf>f}s9=j^|a64}wHz6fA-xi-@dkCu{BrAL8@E
zR?=@Sc>A_5RPFkm*VBd^7)v85pcSOT5h9zlDG<z0f!;%Wez@-}2n`ennjPi03=~j0
zoAuBQ{a9%)1@C;2#SJU1IvsM;sLyY-sp`jyToTKNpG<d<`AhGIs_HwDztc{A{<UjX
zmm5C+(40l_dc=g=Yj0r%X8)6U_XUjK3MR;#|EAxc0zXenfnf0n-uXPnZp8!M(qBPU
z^&i2%dDbhfLzh?m`U>b9`zD9J!qPqf*Wj#0@pZ0Dbh_^?taMKY?{Er4T*PNG_&OW3
zz7%-@ncD{7($AN%^Iahu`1`UzDsaSNAGIKh@AhG(-2>j$SL^ljD+(T^b-0#Tg$hRx
zwJV5ypK3)_4UdAqW!ApdH97F`_qPeh`lf=k%pp`<(F0WttlgDXRMqw<__xe@wRKAl
zJbd3a;aK|=kkYKEYRe4BYRdzE+F6jv6<xPJ(Aex*YDHC7{tc?G`W~vPZbbfYV~eLU
z5B$yF+UzOLw5N6fcpX+xRwd&6G6&KRb^En^o)>7nM~5jtipaW@<ldq?67DVPae)*9
zSxmN;r+O~<n}{RowP>#fEzJSJwYP&dm;7B1+LaFIU3(pT<MT{(cDA1Q_@7o@l;}VB
zam?2?@`~3cvGZ49>>f@LB81Ne-p4z?IDy@VQ-nxMA+^ga#EzUv_e%17$qc&x4bGs?
zsuA5k<Mzvx?gazcbiX9~<eDV=<k<kOw*k5a+=4ckB9JxI_4e$O$WPY+taNkWwdYYd
z)I17DTjD;><Y^+f0@LFC!?(@8fm_f*2aJ7-Q*i;=x0b5I%a^DlD=t@~)t9NqR$Zzd
zzjd*So9Nz^IxXf)k$orGexu)Sd#8<^VVtg?%`MJ=GGpJd|660E0HLAH=^%~pmat)~
z-Zj%2Ts>P-i5)@wpp~38SaZmt+Y*02fE5AJeA4=#3tDL=%||ar5V6BAvoL2L+L3UM
z^;!Vek3<w9wlBT}A~+wkZmxU5UZRKgSfYJ<n&yxFX8Y|r=8q8{jQC``Z15}D3KChP
zegG-vm*s{B4q&DIIQH)41g(CnpsjvP&~lx!80MVpexTfw-Vb!<nGmYmDrohO37X0|
z_7xZ9K0(hO`gR=3*6$b`e=ks~K+g=Zdw~eNb{`7XJq(%~z?BTvmk9m7qOcMl^5wBJ
zjuX$5{EXv`^nRZo*kX70=x1Hy`NrUv-dPYjxqV^@e~<#&S0*1cA7s%Z^Fb)@USPjV
z&;oYQWRMqJFF^1+g%F(2?miZx7Cp!2T10E@n&W~wY;QEaT{Ntx@@d4EYc8hykX|G4
zI(mQWl2k$4>m+<a-*s}ZbLvFnT4UqNQ|wpQUQA<xW8+$(_ps@^L-9eZbi2XZ!U>TU
z0PouM`aRccuCjt;*b|kFG;if}edB++{>#;%E&Uqr{0qkJwO<I420m@g6Tf=G^Bh3g
zIqZ9{@hn{*TNVwN2@VeeNQe3Ku%26;4pOC+_dgHxd%&4_SFJDPK)M0qzl-!Z<G+iD
z=6iu1@!v&i9Uu{!CVm%r^L?xorqdWZ(WNCkjic!Lly|e55_#d8zhI?3HD<Tz-zyNy
z^FM;=_lnPPtnTLLSh|IMXAmqbp8Xk)k7s|1<Kx+%V#%<<9PHaS(^2DWw9|c0_Ai50
zJ%_P05ue|Pv3oTF?-LwE>P26qfp@H_`%|;0zzY8FZ(q883xGuaw?EV739#5j9*bQJ
zq?qdK8+AyG{KYS=`aWXRB+z4UN3CPA3$ni$@?+#Kn$K;XY+u29P;X*PO7=n5mplsB
z`k-r=hj7CMG)`B;aXV@_w4;WD9mYNR0ZxbvjNOwTi<ua)lE7wPq~Lqtx1Ue%XKLoH
z`aTvufv3*7yY4RI3}|5NUVT^CN9@i~><w%cv?b?4mjelrN-Ow_&ZT3>n^A<oL*O#Q
zRKr089Nh~Xd4g6y8?>5DP4mZoleW1sp>d?n36Zu7P$a<a;}1Lr8kx&sz4W)04tnQS
z^9hIqwt}`#*CVcQKc5|*$!gLYzquqhBMw|<Tr&Eo{wL!PoK0~laX?jNCiwRPNX@(T
zJ+*i9ZqQ14s(*VAij7a^`#p*u?-<c#!*sm5v!Khs&xk9G{bqcm(=HGEMYBQ5)z5tH
zneR9&)}GLz`7suIehjp>6A&SL8o_;T0xYvY7PlolI~hGTS>oY;g~0zQgTH{SZ3Xzz
zSs;zU#$cZeHZs<44q~O|V>*_726Wkx5GlA6{Kek_iRD##96~^>hxXeGkYjbt`5-Mp
zvUmfW9u9fdcpSDJ#7g@B<Ig;X!=>PFEINH09yo{<;UA1Ya$`6Iip@C4V>oo54N?Hf
zV##UZ(3OBg-9fC#hv>Y;*)bgSv!_Kbdz=symqGjOCCKSKbDOZfu;BD?E9PV|uo*@4
zx)8jq>n>vJmFeFeWO3h{SP`Z}R{=mpoGfo5ax5<x=Ci|cM$`PgV`r>cjEu>(@%v?n
z$Lj*ZU+*#gN{iuD#DR3OwU~7fD}C?Kz5yqbRdmJ$l?%XMln2sMP8LH6^W~EDdz-DF
z9l8dQEH+P|pOzweht27%o5PkM|L<d^`+pdI));<0mXqT*^gdSl_A~r=1HS?tzitks
z=BHPT)wX$*vjsODvIgbdw6@KmH?h(;jn(SNgkbY-(3&}#vuK8IKY{Oc1|L8dX>&Q-
z=k7Ye?(BASFR<su_PPM^xA$3fe~|2r%{E$3gz!wj1DfoV7u27??u$Sc^*n1I^ftc_
z8eH3;E_{>TQ7gQOmF5G27I>f8#wW0zpBb27EdmB#8T)DiU)8bwVx1ErOHW{TqMn{;
zjU9;kgUR+Gg0nHMmyBufN&-C$8R6c<N+Ew5GLndk@te)ra01kt6G+wV_idINYjR<f
z%=0J*kxT;5B<sJD(Agfp{v{lZv#ctB&}{_}nykM_`rG3BFJ<>8nfaejA_Ex+T$7D`
z$(vXKO9F4A__2-s>uZ3}fziovJ^M{l9VY|UB;yfSKLQBt9;LoL;oV)M*qyA-koh~`
zuBI8$T@CY9`}v04WQQ&9({DcOwhG#TY0!0N3J{+$;$XJIq7-U-BaruVAn)fv-hb2z
zA=wSydJ`^pa<<^gL)Kso!)16sR=^#@rJm4+-Lv0G_=fRu+XbM>9JfQ}&<>dcy@oBp
zr`y@RV6R8e0<%GrH#N;4`%T*C$_v`=MQWRk##ZE+5P6*VD;J<h9kZ?K9s{l61Vr{O
zM8P^;4`qj6{u@@hGbyg?GNFs$S&#>Q;RKcn9N_QaK^ovDhHc42ux;8ifA8!VY>9Bx
zCD?fNCm=##BCxLpa2ewnwVgV7)XSrdzwX!$y-)K<KY#YP6+(T)pSd8mc8~rIE8t*j
zXJ`22fWOBE(qwD%;C`&g&g5%T$JU16^z!W3o|}vwgce5KDT5Ze?DLMWL5t3&??nSP
z(AxRG&X;ZSg0`6uIaT@?{94HJ2FB>bY)GO@9c}dcfbO%{Oy9IvK16%d_o8q0Vx@i7
zJ!%2ihh#+f*&YU{j`sFqrL*bAC^S|_U+cw+I_n-4e9+t8G(B30K-cAadyTw}iEBD(
zrWo7bF?M6#(tG??r+REvsv50MQ%6>$tHaAP)X@!7)X_bBP~-V<l;^_4*Ez~VI3|xd
z;ljURg~-<Lw+h;PH*_`gLZosj=x4t>chfqI>TX(xv2%jGpp(HOr*<z0nDnyTv}b<c
z?3i8-qzD@E<#t_wBAskKIv)eAGhsc{6A<ZS{Q4-_cbgzc#@?JSXouOkH{*Aho!P3a
z0>4cB=&Qir?*u7i@->ZGDF!^o*||hG0=y6*ayj5`^K=rwXb}o_>av^@KJZtp)TA*w
zr9qe8whH_m86dU3C#VMQhD;R!xX5z?gTo<cgY5Y?3Dd9siWR|5VVZ7dFkJ=yMuz`C
zGj=P%7Z|>F*y#p&Ke5I0K^EPt4!8^C{TI`GzQ}i`g13P9H&a1MoR|0_6Y<V~k>h0K
z(-?cYagLGk&K>WAE|=>$zJ%<>WPSpNN8cm#JFIkg$iDT}8^l)fgpcZfbHiWif8F6D
zZy2(*TpeD1wK}rmDm7YtrFv}D73%R@m#LVy=yGPpaWAI#eXh4a*AiZ+*vo_WcLxOR
zH}4Bt1MeOJ1X2wzX#Kn={Q4OXl6mlMSOh`L<q!EVmdH4IO==Dzb&b^a>onyLb(Vs*
zq><{B_AGfpC($WP$8~x@Yj?^EsBi8G_q>6XTnp?p;OoHHU6Ueczc~X!U-1woxOSZZ
zp}vEl+QHp2Fh#G$7!1FG74p8u16{Q#f<|cZb*i8p;`77XNP8~7ML#2)B504E0il5@
zf`(TYmy<bv#%TET8(10P-Qm5QP*H%uf6U$HxddeKD?T?&=tOuR?{i#MPy+gQ%7Sl!
z9@i?k7W}@H@jMa87a|2#cDFFP#2H9|dG7&uI|4LrLSWo*286n8;C1NtlYv+U;7S~4
z?@4$oJxQNBZsI=0=+ya<?9c0G@+C%2Q~^(GIuy(Ry@v727Vsv{ZAY@W0Asfuh;J*4
z;oX9EMJDt<w;Qx&J=MPrPXN~|WbbBhh4~wzt4(knzC_Sgo8a1<B512KK--)uXsfe8
ztDk8tA@r`h03sbHu)ClL`~xX%o)QG29XU$(BA7RhMrd*xWn=7a<KT#~eoHJcubkQQ
z8E@#d<8*ueRQHg*r=bUkZNI*ho`LONXSuOvH+P)O>%`b?=ma9Ob*ren>FctJ@>MYk
zv=Uw2oFB6_h%KUW5J{9v`>F)FWPXN+?Y~5(|9%3y$$Y=%Aku$==D;P!8OQS8&i6%T
zTEJ`AQ@;1G((R)5RQ=Q6iP=w^Y{8W)ZNZv_Hr;+&@P^5Ls)b<ve$a?*^0Fs(NB*hW
zI2_qe+5AQCVWn^?cuCuV6y{@}1^(_7kSZ&{-=8`@7DDE!XTEnmvw8JzL(Jw)dk-se
zIvsO~mBo2jZ6vZkG^T^3%UF__30cF2*W-P`F&l6b?2tKm!I!)%T*G|9fGJ)wW)B*_
z4ZHmWs50{f`-&|$%FGuu>?a@d*((8D_00EO&3xbb%_vg8U(iZwp_kA+nN3Rk;AWE_
z+|1x0bhDrJzq8S&GnmNSrM1wzdOv7|jqlGdX{?Tp*~f-2ZL&=XKAT0#^M+ll=f{fH
zxEesQJS-YVPZrN6I{mvCyC<{jmDjP-eH6#p^(ABeV|KWoca8avD@L*M4}5y^are7e
z5pqs0A9ucv6-fQ&<>Nc=Vx^tQN1Z(;AA%jEN+0-Z(@tML7Qc%X$e?5HwZ`J0i7`++
zayTv9g!OVdNS%|&%YVN1ualRWDc`)jEd75>UP>>avSF5&z$MnH{~LK(aT0mi_u6=Q
zQIp8aERe;P<4j(7t~Xi!ZCpNeg4{g!4)s-jlpr_j;^Zbb{OoI3>6;4ln>~}8K4<rW
z!GBV2THe7*Unb@8P8MITJcriB`+r5pt^#m9%7d4{Rr590<+;%cQvC$6n37Y3fyj>@
zcbsLpQO<zT_n1xcQ;gk}3&7uF1?glu;u1o?6h=RY(Xam)mVSw8Y<V7$ze#xQ{MXp|
z6BDluCh%G;4jG?Iig_+LWIBKH&&b!|qVe*zWai1_YdkzgKKkj(!ob^9ho4Lq{{CmI
z)OfymS=dW+T&azf!Pc_ue=iIF3jL`7xc-s?UILdP3q6jL^J(yHtN@d9yFK=erY?it
zeMi5qh4k-hmB_ieJsl*Klg0WZ-vS66@Mo+D8K<$A8Q)IKvB3P~dl|gLkL_jOVex`{
zm`v85f=pgV_{fnUlVzZvP2S36^3s#Y<P`+Jlz5qZnLBlvw0%wI`QON4I3<Z)m@>It
zn0XR>+<(SOH^k#Z*7sFYd~!lrUc~nvzcocYw#u$Xs~zgd3a2`}JXIatkfx6Ed~k&4
z!$!W=QFd>^K$&&y9vzIW>XH<yM+Ua@>VS>n^0JNMIq<AS#h6o}P!?Ceij}@>(E1$E
zWd}=epovpEFNnoJ559$!ZU>EZ-ROX>Y>@X4G(m7$5d`ym5Df4_#E}kFl~(ZYwS!cU
z33?uGK{~x>{F*e_8Azq^j2<UQfhj`7ZiT7>2ly8{K>{R;OJBtb(NBF==pt?P^FLFB
zNSzHLc>u1~&rC5ywswE#AxPk(Ih*-m!WZ`fgov#>xP75&<l*%-L9n0C3m@XAg@64j
z&Fds`VAQ<w+yd&U#$3sKPrOC<A3gRL#XIK%xCl)QpSPU-zKH$x0=S|dKyX_V1W~G>
zj@`wRfCsT_t|stX!E2x5i*}yCJ0*awM>x=almcCS*+d@*S^?OH3R6Jp<3QWXfp!U-
zCy_pcw_pCdMPF|_fGg?yL-aj?TQ%{x5nHpe@2rGQa8-jkun#Ll7XLy1n&9a_fu;U^
zESI%`Q*l0M#@#a|Mb@!g#SRXn(G6Fs!^^KwM^-FTqt#2*W2=^^$8Wt{#fw<|_-sMr
z0bB<;dJcErKCBpH-oef#{P#Yr5MA{V#_q@SAat^`b;dcYY5yZ=d4CnO0zPl35P>wz
zTf$%Qd>EzpqJ4aB_~&^L5-i}Y<fjeQVtOyq3;VD#tj7;?!q4r)3XwN22VFTFbgesN
z3)av4?ijDtJZ%fE+)ejPH<2q~d!`R)&gZo>PV0%Q8}AA~ypMjr{t2UD7J%zVET3x1
z1ZUgy^*dmh^n1%>=hudp|Cc(t0jZ;lAP5=IrP~K~y`Dx_{dysyrh|9&Y(c9%L(po&
z7PS(bI?ePPECf<bhM+A(Xdj@;14QQP&JeV^r!A_nhY;BrNNMvB`MCmQadl2h>l$lI
z>spY-Yyj7eJjgm1Wbs_cX!+r6&|cVRzveUE5&oRFhpRvqYc3YFjJos6e|WK={ki`9
z@>?zzv>hn3<(7*<t9@~?S_v6LeO8dp0ij~YXyrvl-I_)KX-6hxUCnABzK}jW>lc|b
zvVQ3R{m#!RT$|@}cbjMG$h~jwNC&;H%?|XCXDj+i>p?3VY5p2ZuUnz_d<z7R@af_7
zT%r7&A9ybO%nC;uF_vQRPQB)b$FTPWpHTJs#;j{T>wv1;E*7*Yt4qpX-{`!C{$E`F
z+D7{|uLYs%Gu|2goKFo0$-3$Hzx&kMa|P{bMnl3Y1`X@ZC4X%?Eo}fUBmNgSV3}&<
z{Ecq#sl&^6capVy(hZ?!+z@)fee!(YFL@Lu{7m>*-FiiIgwF}@&G1EyeN5iX1sgeD
z&s+Y0&k1iOJozx=;|>&T{sCw;Hets~XZHfs3_FPJSMz{x$I9I91@#vQn&VrbAqTeu
z(&Yu)W?rdYNc>^mK2-A<Na`jOd~&xX`1nj~a4;LR(jW>pZ{qaxi_HtU;NTokn^$td
z!2-~(tCB_KX_{v&@8R`4<DBmM_Lo8T7bUz9sZ0l&%X$|3I|KCkWXo7S4Y9F^t+^Ux
zF%{+QTQj=ok>}rT-oNFk-+u9G^WVPM^7h~tYc{4m(SV#o=~j^18bBp>6*R#PplAIf
z_8h1p`&nldNJG1LdZrIx>gv1e?kaIOTMALZfs6HT2A=R!(;(E{0$odZXc^=^VX|(A
z`O?y5Gg7W8LCzMU|JsS|hv<2jEARGXZLuQ#TujRh$f_y1VSUpHELHEM-@vOkB0rqK
z(gF*(oFI#Hwxi(MnJ;^;vO-lGa<ATzx!Kc(a#ufZ-R!9>0spebEuO;~_7<SjA>lrd
z>hHhox5F5_34E=o&_!UpV;Y3|?w=gSKF8_9m|+1Inde0to#%#W5Nh8v`8;4f{dtCY
zI?sBZ&Ld2NP))<+^K_%rpXXg3T&-NT+O`lyic$rw!v|e~dxgjn4!lHPtJx3&AC$eu
z+C8!mMJ!x=pB_Z}*b(jXWHy8f5tQ}t;401+BKArs`-Iqnb7&52@p(dI?+NTJ{+&+^
zyqK%LhM;SZw}+ibsHl#BUayhBiB^C#$0}4b>;!)!2htn|{l6W7G!?)#kS*wEP#{lU
z(6$*x-bdil+eg4p<Xdka0lijGHOjmFV|SZp4wIQwkVWI!IUtMY)ZbFRs}cO@8jvdV
zHbfuEVw%1$$zrB{#!42+{)EWhKMx|r4&zWp%h@1{AM(!dr+jLd*bx=_cz2iYLg3fj
zZ62~VG7r*=(;@4-7^)h+2LC`RNE>Fp*Ln`f`_m!(MLHb*qJd98T$oDlHzjQ=dGNnu
zZSzzQf&W~7tA~tL{Sf`;h5`H^rL=i2=Tla{W^MDF&8L)-XKSo&o_qk;rT0VCuG^5m
z7=g5-gV*=Y9|KH%vHs@rkL;e7J}5Xq_9QY_^(c+YR}X@|r;vHcnEJb&;Q!D~>ywlD
zb^)D_%tLT~b~<F?V(=p#B%Rk?ZJr7iyPAdgmImO4zLneNISAn2Vr}!B39|SBpBMi5
zbjUg=gTIpl>DlSR!>eZgsTD)c;X)21LeFP1%jXgLp9Qk`B!KH#8LB=abKQgdvr<SO
z$ijABufcq_Rj9!CaQ*=+NaquKD!}^-d5{j0_ftTcZ51jGx;Vd(0n!}+uIm2;f8Q{c
zp2gVx>@Z~N<934o1D=ihds;IT|CaX)JV>~U-s`W=BXj=k97wqUE`40!^zS3H9YV#Q
z?kdQ-4#1_iJI?948h=b{iJtAC&w2p#+NtFCN7D+jaFo+&|KrU<WEDFD@yR@h=x|tg
z|HnZ2k<ggnguV2;Y7T%42k03GLWd#_q%*BTMVpJBaVQ0F>Awkl7Ld+#2o*mj^R;t&
ze9Ks??b9Kvg5~CGJRc^%8;Zd%a3D2!!4KrG99!QaSDR;+6@p}4r{=bK+5r5Y5&mQA
zI-9MTMYngrWz2K`XO$Oy-=3e<2E3oxkBdMS@50z^VRj$+yB=frO=;7!8f03-Z98gf
zy_L232jLe2JAm}ebjUiJoiW)p9d7@~-R61b)5?p;^Pk)Evkn5ajcmFvPVWZ!dD`@>
zgL3To&CK2)|35QzM%J!wUgz^?hVOl|1X)`u5jRwr3({FgsJN6XpLelUs33HzZUViY
z+$}TTZQX@(4j1)fsXCSS7urFpZsGOsTIV=~ii<%ON&8)h^Mezl9{{)__WZ0$p4V%!
zUg8icj`8{7h9-Jf%`G$E)5ojf=z4#70=xe!ZF<&=Q)gsV@8NZs|L#}!zIm{T(&k0<
zMC--%>&po|ohSy6fN1{@PGC2Ii}1xc=|aV>98SMWp1k`jdq?27g%^HJ#@t497XM(Y
zt_O1{kC3*#q-_hWcS>MyM0C6xblaEV$J0BQ3En!+Ih?=dZ7h`lxL!<~p7pz_GqM`?
z@ctbji#x1st<_Du|EC~}e>UbroDL^xW7JqAZSDqHyqJHm^(x-cvcn-%?CRk3^F?Hi
z=T2bv%}_qCg7J?*Tk`%p>`c;*wAgvjyNz0oQ)9IpBS-IjQ`gh%zKds|e4csjQcU9#
zo=wEN{|zi<od%A?W;-d4&%|)N{RDPD^XJNo5^<|Pf!&F?eV;r_z^(cOc9T7luZ2jV
z1(t*Ff%$eorFJy6)Q&Ps2U7%X34pf}f%b0zUb2VY%6_*!fFc9)gh&9{OZ7GzL0!b&
zT|xgwt|ompp-3Q1zg=~fgVefG(B}A)+mCIfD6)iS@sUeF3al3*od9J^QiVtX0>3?{
z%@bG;k>*W8q|^ab)kWaHiJiY~-UN}&4+s(G^ys{5t7A>tbdVfQS^V2rKDj3$zucq8
z(B451Y9+eOE$DTs1`7m@_~>IX6Fp}qFMOy#&~Dy~mF_ZDLn0G`&0;J+(L4vw^xGx?
zmyS;+_|ZjVELZqlD}-v!2QR^CNj`W3rM^gDI+Q(9iXw*+V11Q?(0?Sr`zH=UKTK$M
zDG#CggmwZCq3;{dHd^%aQ5^FFi7iIx8aTrjX?}pv)}f!9BW-_8;G0A3w4!@xKQm4h
z<b5f4PlaB2d$A(Sji;9b(R#CH_&?+!RFMFG9}gjKLc0nJgw9K7=e0nnls)TM7sJzl
z*U8@9V}(%rnG~<uJLB;pHV04M&pI`{KKK(><g?=OdKty@0cRT93bOdN4MOdO;FVVj
zn!Ozb11mvW^$J#qUr2nyo*<UK0&uP6!8_L~RFJ*rmGts?#119D+Zw?yJdbs`Zz}_T
zr@qI$>Y37gpSTN6S>5;?mh@VfS+o`=$_8n!gVw_A$)>t#F40RJoWCy<B*ODoI`XsH
z5bv)|Wo?s;+tEqK1vYL`7D#i`*|?b?&CL`l+B!IY&9hkA4B&FWFSD8-fJpOJAyN-e
zrpxA5h&VvbYUWU6klEygNM1nXoY*SOGZ&B5N88T$@QJUnQs@S6U^c6HJ{z>b8LSSv
z=~=yd{Ify!?2#};erB9kTS4OmW?p{40wHjLm*^eR=1U8N<ZQ|#8_4|G;MH@h!w_j+
zCuo6tY3#1=2$u9S7x#h&^$qHW|4s7<KlpE~j9~0G&cFJsAQAt7tl?E4i=Q3G?yJ(L
zXI*KkIq(pxNxK$gaSM8=_5Av^<pmdk-#_yW4|Lxrev1R=nXSV5+9$D8;H3AN{RG)t
zrrLyxf?Uqu{sflvKAY*@JNAy_bRXw4)bMLEzP|6Ehv;5Icwifr@<0{~OlNaDPz+vT
zL+m+@-DJO;%l2&YUgOikJ;$+oE~_aqhF?Mr<Sy2Rv?si*^GpusFMN#7tJg-aUt3Oi
zs?h?{I{+6M{90t8^%?R_JWA~1F}~wL+QMRIgr3VYXXx>)UlN#XZLI{~AjsnR+)rB1
zufMIF(1Pr(qz#$(b&$o6(Uw+&F3+PatvW2vaQ?y|mhL97FuP$)Moe`iu1uev)s|34
z;>v_N68d<|zq|7|c3-I1tfsL}nqQF}UiC6ovRRF7@^^r}E0$<1vpC^-XBB-uGvWEb
za;nd!Cp=$rHH~TKvggL!*$M3e^Qmm4B|P6dpU!7XcwV=RjvKJiZ(b)oQ#--;*s=T5
z>n!^Bnt=k)ih<@D*YNbaNxu~&<GU@!oH|fWVO7g1Yy;attt+SS3~oniu|?1VHt2E`
z2_<$b{T9PH7OwxmN^3G0dBk-Uv=5<KU8zr>lkj)PMHZG<njN>7Z{Q&$aNupwbwze~
zfQL}G9?!@Q-*yZuH3+=LoGjLb=~?C!<1DjLH_>YuJEJ^MAZR)cHI}jO0muW=MBl(3
zcM4h{L(mF%`;cq}DYsfs`}o}Oo@@xUr|9P^Dhloge}4){1DsIdfZUeS(dzQ*`@xUw
zAQhy+k>@y&Ua>)ttmP0tr*zGXlxvou)E1(1cO#IlV70$*x!aSq!;178;Lp#1ESbfH
z8dzMYfyIT0KR95e_|v<9-THT@PdEsHhP~4kLGVqC-6OLg*yAMdX6xT|J|yp>*t<8w
z7hQt!&N~6Tb@vL9B^L1NHD7Il)@gyAMG5o^oJZ;RON`ydv*Njw2cBc!RgLFM=F+y$
zBs>qW_H7Bz>&~Umw_)slbfyp?Fa!X024?&8?-|_)B*G&B1m2FblJm!x9E5};Sf@uV
z523!#vCb=GEIS8X=*;B(2tDM_uvc$qrM7Po;lr5}COd#jndwt8XCERyP?;Ud&IfSy
z6w&vI<Mk5yenR1><RR4lG4>k$1q(=Jg|UA9d`?{7-5i7php=~q6EwnKbFv|HNdMkL
z*Z6K8LWPI1cf>~D&q{bt)^|S-AsD3d7m)b}u$S=eR|_FXVDKHMb>gNG`S}QYd-Ca8
zCF0S>L8$v5Sm%uZP(Di~^OI*l<&4mm$l6?t-S1>UXk^7p>hN-;j&9)8(I$w?_t<0s
zukWn*xn{As?jtnI0Pi6_JG^AeRnZZi3%|Toh#L3j*DR#>Xx;ortjKBLeVG%q)toO<
zoJng0l_H4LbH2#xO+ut(qv~9W9I5pjiqzYDkrFFp*4t2IGbcodztRUFeT&%OoDeA}
zqUTgeyE<BDql&b3WI}KK?KBU%jzf{ZASl!6fWYf3u$*t;V77Cw;ULtPLg~~)cq#?F
z{WD_tn%gcR?``0%6KT$My~yTby6YSO7n+`Yo(c{^?G`Gt#D}Om!xyQK^C7as9UML1
zK<K%2%hD)Wht92n{#}LAlhgA8GXI#6dqnJL7@y~0tdmvGcUY(nFZZb<EB18q7IR&P
z*mI&YPsR&HIWhdqynqOP?vwMvp+8`yF!!I}g^~nbC^>yz=+8*LMsFYp$(fWFzD;C0
z6TBVi$$8<A2ts;p_XNDK9>CR+ntY!B4?#%CNX`qNSST-?LFP}7>G(!RJl&14wj+9u
z@MJu5-yg72<BaE-r4!_<otcDZ*74w~TdCJxiIn8fv!r!jV=4Rzr|aj`ukq9?>+8pA
z@YVfP&}%H#t@lNWkKr=%yFM&vtA8zM#mL@bN6wb|7X{6Z94$EjuKFJkztO(0(#Icp
zE{Y|4J(Y7G`9JafSL}TW_<dhtDcRTsh&xg@f~Awu<=cP2N;`_DOUWd3ISXX*#kl;N
z$>qn8okKi$>$2$Gb#=3SdR%72-R9xwSu2skc~ufPc^ys{ksEeyn#hSW6N0O62TecY
z$@wCCAv*5>Kw14JAySO&sf6dr*bN+t7&?>KX?p#+1lgE~htFp988;BQAp5{DKaK~_
z)W6l7n%??g&v?Dnj80u|{e?Sqy){O6&VXxT+P<`h=IKsE+W<u88Fb~?Jvwy;T}w`%
zu0LdSJqtmohRAq=Ty<JOa=yvwwASylNR%tY9SK-K@)`1Ffl1|yw72v0K54TYt>Iuy
z&I%DoQxe}J7?U&N6Hg>(gFHx$e^1UE8vsIr?c}_1;~uPZTjF`c!A-88h<|pnaW6~4
zbAu<5Z!>R|Pr`G@R{c(mRwH#}1*Z-#=he{-7Il<I!LLmDLPvQBN48!a9p-bwtr@;(
zCGXMCG)8$oT*PvQwoRouL)CoVSk6$#Zmf*xHljQH)7|uZ;YA#DxjE?4aZXzvU1Fhe
zwjSMn$kB0e?x8tD0hTk=%z>8sJ(@F=6_+!V8@_)xJ-6Ako8}A=AN?+tGnD9u4ZP0Z
z7Rwu1tPU?<q>ijus79-O>akUS)aene{=GV~0;$8xIdyacua544;Fr85e3YG!9$|SS
zeLM=UoJ!ABlKBENeUV}(cvsk=>n+aR(mZqVSY5>?7T5Z41S>UmJ%>cUN9}+Og8F^w
z?9OY#pUtz`eO0q*&8@vQq2hoOg0o0Fc6WWp1ntH>a|#s)G9c(8eOWEa4(`<Zj(e6N
zR2;~HVB+(@8NP_!3Ymd3P~;%z9x94r>Cu@e5@378KuVjZfurXhi;>+Km`!c>(G82#
z;pGd}krh5QTKxx|{>kEj$_Q54PvE$Cpm9%vdF~a%c;_MFcP8jj<IYvr#!jdGOg*R5
zOYD^b<XZC}2U7jGwaN~!AHfRH{Q5{iI{1knSl|GEAxCSMHF6-;F?i}{(=!?w0Ipi{
ze5Nn5*8*jSF?J`mAuyYtjorHeve<A2iqw0Ut>{5Ie49Ctax9du&HeOxYYg|gGicjV
zL~$9T-wEn(T|R=9!V|d60^lmNz?7PYX^!*h*v<ArU!)Gedo2e$MWSQJty6aRoDr7)
zY=YBRCo`<q+M(-FE~h0K-KURWh4?Q4CL^IFGE&d@Z?(aHHlZSvL`IUe8~4m9RD_bq
z$f@=n_bfxG2xSr6<DZ-HZ{u=w8EJT!=GG^!!|_{RRFADfYP6bDM^^Ca@N$bfy1}ZB
zE{Z?La1-I<nZC$?3%q~Hr8HeP69s=`k;SM@7V~Vf=utS`=YN9Ga}QM2Z}4Q5SW#8U
z49Kdi2fuv=WC5#3UH1r771SgD5(h}l08^K(sVg_W&zaZCSnppQ#fp#(UNZLAY_0VC
zI4jNb%tuf`e4M(}{Hy}Dc8TxJYgadAdR75jyJYQNX7`@H!i`_Mx@>yKBw4#t?K|!n
zTf4;PiEGz!6zg>)H<<3iG;lQEg=yepz6;ZUvu6}b0g%P%R;VI$OD0d>IZA6c82Au*
zawou(tlt$!u|j-&y(Vk{WK}kD{?ZE{_bkm^n(Aac={SXPDvr{7ZuD`cKvrc5&~cDs
z!f~d5g}qPY3gu6xK-E5s-O0wCb(Gc=I+>n$bP(^1$;hSZ@bbm#$cja3w0fa>Y?V(v
ze(QgC(sKe_@9|rC_1G$l8m+dfBP(p`@bVOObc0<T<vCsdb9NNr(@?}R6-BHr6e)&S
zUgKUnNJOTZWooZ(2ADdhzOLM;$Ee4A?GWnAN8Y+zUu3|8yvgwTWEd;m9&}Q?{$vMN
z^94er?&o@4u$^@;2wGhVbdf!v5`n)Yr_HnaULmqZ&qD)$32O1&4B%b8-WPE?p{&wM
zW4rY>U!>j!-uioek<~8>n%);=u_UM26Sl$53z>}`u|o)QkscGsc0i~-2YKsk#NT4^
z1pRw3jlH8bkUBvYpSCC1P7m;7Ik!*Q>A2hN5E8QKxTAzVSrd=j^At#AtSxqM1xi`H
z%yWgvz@NZNWN0_xl}+RESPiiAQULE#0tbM1bEyzn4dAVG(A>TH2YeCIekp5TdUruq
zbta9YuHNj6Y$kNG`6A1ZwUqo{Psf=@<g*xom(a2gKq9bo0+j8&lj2#b#~EE}{Z<<D
zuOs-SQe1c2Ata}wF`sOh=fZ(;KA9_geK%I*Rn(46=93YB%)YVHY52NzTYdCQ2;oT!
zNF{5j?$-IyR3G%tcdt|L$n`~t?yuvZY#retn=evlP0p8>4`T&vC+Ev`JnEWG?^6~3
zKQ6cBM>A3Iw@4PhgJf|%$YQI7^27`~xbArOI`z(6U!?JFK4}d1+)=F5aL9WAL)SDm
z=3{Kky*B6_NCho|=zTrMc~{uRgR5@;bt-vI#_eCnCyf<N8^uaH2Jg`+5b4@UWo9r{
z&@Mu*mLJ`23BF>3-ord-ch5w@^&ARLv&rI7n=B6Vj__tqsJNnp^39ETkVW|JYu;Xp
z5V)4kfb6-AP}Q~(`JYB0t=%j{uH?X5eGBq$v4GT23;s?gNS{{ISkV>^rvABpP5Bl_
zdW(z-4peIJtwsw-TWmr_+eXfBKY^uX)986Ghdnxv^be$f^uoVW9kT`E`wvbLB6j2`
z9moK02`^~HIS^c?*AaFOEldZ=ZjnW@Pb}lWReeA2f0YBN+K>E&R*<S4ynbes>~jS<
zoL@MO^&G#sM<KIK1^;#pOVuy&et9ZL)e+ubNPh36d5b!{jhw$JilyfPT-D9Ie#bj$
zU&OO9KjHj697tr(EEwhd#K!FaaOv+@?h<)t)JYbyK_c=+;3Io}c)0SSB@Vhj61(}v
zOvqZI-{A|cVpcQRz}4W{)-SPA^Er5%IibSAQQLyFCHqb(PxqbM09;Gbr)MoS*V(`G
zjBCiATc_V6+w8fE%rOJ9jJv7{Jc;8NHpum+`>TES<n2mWP2^HO-UeC9bnV(NvC@8+
z+OJC-<@(*O1opooa1HQ+*2dX~;0TrmQtAKgpJT}!J3Z%fYO}w794j>g;MHl|NNaZL
zIVX%(l_pv({}L<k5z9$ocgi%UQu!X>^mAsJ0~|yMOvPSmv%HMJrLX-c=NGIXwSB_*
zYX`8j#Yvx`0W1}p?(Xj3PMsd(o-w;B@i~#*87OAk*Pa8?xV~&{S_r&OcBiYx`Oybh
zx2cw<PtUp{b4J#c4#;Zg;r%VB&9f{WbRXcJ%*}eu>A^lM5jn3*f!<~t1WR*-^3AI}
z7ar%GVLLm|G7)W~Utp#1uaveSF27|m`nF|r{xlw>w*Nr>&KV#L@Y73&Dya_F^WExW
z_H?3*8}t433#_!iO?3dFk3oxa1Qq)MTmzQ-#5Uf(M!!eb&G`#+L27H_{6!v0yJTbj
z=?kpDf$?J=PL;*q>vuxZG36YPirN1i?up0y&o8hdzd3$9r&AU?0bCRHd*%zQboY+$
zSDGe^t&{Xq2>fr1@3$;X7Pm~&ulWnC2(OLrw>d*UBROHe4Ftbe$M<_BT^4Vfq~9$B
zzgLp<%aFyDlk}@5_`RH@Uz#jRlk}@1`28sfT{2|xvPt?aBKZAre7|s-ES68wuZ-Zg
zC&_#kSuCBT-`NDe-AUFVmDc5$s9zqzuR94{95mK4QNL7z-+v{U&moJY2r33SL65Nv
z5}D<4hkU!R)XIaa4fB5cBzpGf5v+9oE?&<%rcgcb1gkNU*tex&>NPD0%8W7oegrG+
zk@zvx3^oS4<KAfd&JnB#zfEZCWNmp_H0z#BHh1&c?|Dknsjud|@X;|}&CuEAK6Tkp
z)i4G8U-S0xRVWGGqjWF&%@M2=j^eU5EB$WppBTH1IE#-<uCpiFC-Y3PoPM7A%Ci$<
zFQ+=*sqQmooXOtTWP;!9n;UzbUa#!vy>Es%dkbm*BaGd59=cBT%}j3V{>L$_z;od3
z;-<A6eG{oi-Jtc~1VMehtq>{<gLj0_4)5K%I7)1tmp4^M%`va)BUk}77HfnW8f&bn
zp|QrEn)sN8iewRZa1odqXC$|iuReyAnx7|!X_pm3@-vgebny|a)ch<4Q_VUGQ};Rw
zQ_+vc!}OngEH>}5f@^@iALKyGqw6sC+k>E@;S3b1^DzIzgCb9+K(HKS@vhk@(#Gcw
z$xne4;Dw5Ujo{y*$6tB9erG{5@9&=qQgaHsry~=j=2W4gB(ET=vV-&2SV7N6EhquM
zCGV>Br0v@l(CZHBH8qmN9Z!6YmA)s($9sXrdkLQ>;*$>G(qYKq^!B&F>EoOXmiIo#
ziu^cub=*s6tT|b`-p{d8GlIupmWOH0;BNBQ3Vw7HkAr!;ephYzJVNWlxauH_dmT37
zVJSkzld0q5s>#}odzLCxJUL~2T=i7@j(avmsCY7);1T~kk)F3<>?ZcI4}nz2=aeo<
z2XEc%#cHYU6WfP&r&3>v;J+Qf^;?!-^reQCzAcRAPl0}RESWET$LCmSZvpRsDJD0V
z#FtLCUN?V^mF{Lb$N!}@F#LNn{tZlq(IG62^6XnN!M~B>KfsmGBjXSn_=wyPe~7ma
zwSR%7Hr_Q<^F_R0^vMw{5je@(%17wF^nivHp@ELKB!&7lm;E20r<snIfGiR^_Pm9q
zXL*yaWQsGN%3k&)Z*TcT{~mRvYJ3|X0+93?H8behPUAZ|)L^L&$zlf&uB7eHGPN%O
zzfg<y`g4!+@%nFCg8s`(BCk7b^d7ByW~0b1E_X<{6{Jp%>ikbQs_VP0O!wPBBJ1B_
zBeLx(wWIMlXr0VoZaf1dv)pq|D)(eQJBsZMJ_|_qOrd*2(UjzR_D7##1=gDO!Zf-!
zw5QR%p+7BtZy<ORd%u&#M~V<gou>Fm2Y~eN#`_%3Uy};blS~iwMzPXf2i|0GT>BYT
zx>xCW0J{DlxRjlQ-^m<1oe-R3=65c6yK&E)LdDJu2u^3QjWRO-O?3W&G%CLYhOU#y
z!$f0`dzK+o?93W35Ba)nJzl@ufwB8^`7Ie;@uygU?@_!a+i#D4iWT{AY`<+Ep!;p#
z0Nrnk2JtvPSj_fYLZ^ABxK`(w)~f$B*Xj(@9K_a{XpYPN#cP&G_Y{-O-FTWf<um?s
zMzPYpobew|^?k{|7>`6<{MHHVPSnA6wqA)km*BdD547&&>@B44-V@ke)J@~R7jyC7
zSN6U{pLc55ooH7R+rs?J$Qk(2?UtaK#=7l28|gKV3x9!b?BifGx){1jKo*TSeines
zJl3>?u_w~e`W?Btj&=<R3z?2)_v;zDw2%Xd@NNOSUytbQA}dH?n@~~B?$<jDz@`62
zoS*34urqddT@Me^>e-9O?(sHkE;o@+Ats--6WH+SpJJu`SWG^<qf|aYqw?v~u#|}V
zA2D_}Gu?apS6JzupIrBje1es}ODGI`nLIBgIvmmeSDNIG_zH>NkPW$;Z}xvDX?L|r
z2Q>1@+l_n1<i%{;5c;1^-}4jX=~VlUd&cA`@wo%y;}&a(UicTzm&nUk<8Mg5LQK9&
zpo{pd-z7E-$YP#+pLj8=+wMw`waMl>nas7%j>%k_BPMf=PLN8Fr?lQ=!`ML<m$Fz=
z3A^{Xgz-Z&-{z@CyuY4r_6+il(qdn6i@Lh5ymSU+RX5Ul0dr;u52wxA*V=~i4$A=2
z;ArJM0?RPQ?$lZPTIUM#{<+ZoMFUDZ+>r`Wbu;e=#J)ozkirX#Tb5a=%)@akIf%?J
zEN;2NDpWKeYX2-V-C5ap3@4T6yic$q6vpf>-Tou{t&REQDdS@h-UR*Ah+_JO*kRu?
z=^p}zS^o%Dkm}jFu3Ja2QZt?DoU>^CJ7QNJcDH$MK#tNo$vlnVug!?roR9%=KFclX
z6ptH6umT>oZ@K8c^{an^H<HonwU4pVmwR#><_{lZrSOxOj)WnqBWs4Jj_eu2<7j%l
z$%aYvS0~b6iT>5;=pfg>SO+E2b2i3q;v1ZOXH*kG`!5{<=}3owihxq3ONk&wiXbQ;
zT|_}T(jh>o(xgaN1OzE60@6F7D7_;fHK8{lp(X^9+|B!*`|1AghkMW26Xxl^d1iKY
z+1Z`Bxd1u1exjGy*i4Wd7cgcdtjX?wBmun^a$s6``&ToiR<&+T#B5#(b+-6hNY%$A
zBqQJSbs%Tm)PMqL>8B>}PHHpoPU>CYoz!o@JE<>DF%^kV+v4)m4Tf#%z!I<h49&)j
zP+ET$zJ=Cf{b|jCnI%TK#*YrA+am3=6$fQ?Sr>T~ku$&N(l<rJq&1J(gx3;(@pi^z
zu3G@-=`BR!fBxlLOB^_28|aX+$S-R4zg{SV{qWgOVB3<5{iL?bHRVOgIN9<%2Sr6}
zY-J{_bd08*;QO>n*Di}1@g1T*e&#(MWA;XOOioSuU8Wkv^8Co`cWnZkw<MriVR=|c
zwV=)qSYYO_O<Og0L?GkIEoBE|x0Iz&8`_$tAKM!<PtQAWKA$fVUy1k~uex_j|C&(F
zNoxHPk8|u$zPI2TAnWYfq5SdR1HZ*?S_tDy25Yiwz}DGV$-=`xnMFAYb81!BMU^Ly
z$qmQHt~6Sy-y2@&@xODD<}{T2G~3Sp^yPcp)6Qoum;5CU<Z1`X^*doXbL+NQv+9Uj
z5ZRiD^}1fSBWsduJkP`;!*S>&E^fwuca5gf*P{=3_H9xwoLHAFJ%gMxd{7N(c*Rf*
zJdMEbi5gV?Qf}mOzuNL@$Ghjn`IVcHmYq>|O+RBB(S$#?+16z*`zqu%jN7Oq)AKx~
zX4+G9Ru;sVb~g+6L>O0EXK3b^(3A6DRY@lKsJ;L2lFZg=G5r8uk75p4`WIH5$$q81
zzw0qgZ`zyD!h(Pp#>3_nXyg5_n-mh{w&N~g4D-M|8kx0+{>U(|AFk?~${dNc!`25b
zkMz7poJ&9T`8EWfVd#pd>eo0Pj%m4IDJM4^UsZ}ZS_!<YBcG`}qn!7cpsQOt2(j?Z
znLlmUgmdhFhJpj*8?2h1vP*+p&HI<pU>(9iP;$e9Z>bo+T>YK{Qn}l$ZR>sV!hy`I
zH~oJq^V+LSckJ*=w8$x^!56R~+q1T>>GgZX$NV3~6Fom{nL4-P3uHp(FfwCVzrnd%
z`!7!*Z|fmh_|4I*->RklazAYL$DXwoOawV)^}qOa6|`qp7wV?M2hS9$!O+Qsj7eec
z{cUkCgK=c_ugaAAAIa1~b(CFa4YxKn`&U^@{kz9rx6aGYdniZwZ1P%M{doA?iv#ET
zBM*PE(_Djbkm3IqL`bh&dbGd=3ejg*__%VR8ik~hUuM8w?9kU>K#rLFQk<(57f4D)
z-n9Qk`!_ycDNKVjR`t<NO{)fb`J?@o1<nv!*V$1_i3WR>Tu<Nj%poUEc~4Xuc3u-0
z!=<L(IIqJ61{)G2K1n93$%MS~&=PFmH<}D`8qNM4<k%6MP=V}u7q-BO>kv=e%9)Ki
zMP8{10+pOBoVZ(jdS#m;%t^q#ysCyn4|)#0$PZdJ>xD7`JH%!jeiKN1GJNdefKu(B
zcmHxM!S-^(r4$s^>Ol7ee#5{M^YYMjlmf(4)euwRnYz;YkUb@5zFwv&QNA_^+TCj<
zmI(UL=Wv2#l)|e1>TNY(2Nw1+vOl?yj`F<2gY>otnfg<ia;Upc?$*}F)sZIF!3$6B
z4gm8Q+3#1T|F$_iHo?2Tz|{Dyc?kIbj2}&r#=5`2CL9vFd0rhV$#l5ox$vx=zuHKu
z`D_0+Wdiol@si^OYDpkb?=E&}2ysE<uHaK5rpB2fnF&vFQ{{iL7HY?yJB(55JsDEH
z$~fb>fqr%9@kIH<id9|21X5i)`<_MH^dH0Lm@~L)Zy8$$Kq}=+_=X~1>=SDwk_eZp
zCyxpPzc_JqycpiEdG@MT;nz$6UzB7gs{IMOq(c3k<31Mo`~(udQ{VdPjrv^-K5AqL
z@hqr7%$5`8@l?&j>1e@#z#n{{U4Pg&ET?PB2_+{Jdg@>yCUtC@+7)nT3W}D-9Hjr|
zl?hRA=m5V&Ne3y{X|X>UK~?)zwa1JMoeURN)UkK}Z8Km<oVnYg(%(xrxN6=nyKF`U
zcWLmj%CT0vo>-7GKk&mwM>VP{CJCJ*7WUjlSfzj4ybs}k@usa<Qjq7La?&d23?Xe8
zQxQt6%ANPC1@7w{QMjC)fqlR`ryUn6w4e)3(z9k^ahVs?CVsUe_n9&k^{i+j>~7C&
z_e_A0Rb#<8JonzKLkpRXT&@r~2XD<&?J_a7R~~)XfTy)VJX{@P1FJV2Rrp_^aLQ9W
zZtVeJ;lvT$ZIcsKdHw|$yP9Moy`u_e2M+!U8@^NWXl!UT&k@7f!Kd)k|6Ts#aZOY2
zpGp*SgHi3925|TKU43@fNBb^+@e7Af?lC}Bts0R7tF*^~M$(~UXDj>VfANQ^7HxwD
z*$O$!fl(71mTz^E#U$=dZOHYat7KX(!w0OA#msUR_=?98v7G#H`!$P~hbl6-<+6P&
zybK9`4l8KrU$t<=;*tiC@Yk)m&n}kOErxZNCS3*R#AnIPy}~aEtW$)>4|syY6k#hD
zU*Liz9B2F`c;?^<B|C(I96W5~gg_WuZtWZ}&VUfcPTX$gGChCarK!m$B}jK`Xp@YF
z=|$E{p9t$LH!|aKL!<%HqgH0=LBN<JN0c_@yYBa<QB?7Lfx{DC$3Hk_ufO;cr%ooO
z5PyZ`n%ota@z10;&Y>-P=;4z;i>mo!5Ij;j&!}O~>Qu#V@B8j<Wtr<evV)oMR#Ai+
zC(SRA7bErJ1JZzdh=VIlR^$hz;TMRn_b*A&UY)9JUS;G5$>FVX2oKsOMtO==#->>E
zgTioSKCb|Z#R}4ZC!L{Eym4RzKSNV2*@18860=t$)#4*kw7L)zv{RMWi;;41C%p9r
z!h^mkm+T;_@PBk{B7hHvC?fc2o2EzubUK%~y%Z=HsZ-wi98xd#kfI-V<}oxW|8K|`
z?f+4m!2CbK=(-VsAwO6Nhln5ysTcW316(_o*t|fOkpI(1*OI#Iinw3`3v<wcLaa#e
z?M30YBEbxcj|3BJucE636a2eW<=2ryE3G=QA}urrZ<(}UWC0?Y6P`UdD&rI5CW0Yb
zD9u5S=7a(wEK?*{<6#rQfK8R|0L-i<8GZ4pXuHG<_K;0(1ut%VGUY}1C=$%GcoAO&
zj<`@N+Ll}idn<xfXezjsATQdDyJ=j<b<h`A1bpHZEz-h$5ZmUvviyLpo#p_<tOdJ@
zW{fLB_uy2Ewtc+dI&4YNF&7J(69Zn*bdg}vMYuqMf2XPe+y2`NiK6XTL`R+oma++^
z$JS1L;BKqhgA*b&N<?44<BN1wIsl|5QC^<65*j)~WsH597XbwRU7@VTCsAJThivU!
z2Pv#tu`3<<B3P0|kWhje9h$1D?Mw6pHxvn7>6mXV^{Tp&V9U^`&(_X;P##xQ5V3GG
zVVNcXWPC#Hg=Wzzh_Dh)z|$N6P@3Yr$~7mxdD*G6*<3+G;)?DqW(U8DZcQiVlcDOJ
zm*nw0%OVG}7L*=+y-K{Ry;DD+&a07GOSnsQwzb2nz=+L;2JKe#8no!ds^u9Dxo3Rh
z-!yhT;ovPKVKxh)7A1ncw^+uiW#q<o5Wu2kwUW%NmEDDtFWNTsD)^Vld~m2a(YkUr
zyRo7cA%eAPO1Y6BpUiyV5LYyX@VJ>E5eorU`}DeF8=5Q_{LlGt1l6SlKZff3+@UV~
zhdG{~__7A3KZo(F-ouxB5jM6b4qFjwfhXG-9R$7y5EevTpmkD`p)?0@K0rrmQIc2n
zUf9XA75oMug<nNWCiC-wX$}fN0Q=VB1wg?_4$6psXb<{Q`1wGw7ZYD}`WC#9s=>aO
zv3<c`HdzN%3w<*CoV9bf)k;(*5YcMWQkqj5Ju4e0jpK^JTFpQ055F2<rtFIz=5(*1
zz-&cZ{iO>#f%gm&H5ez(#w~-5;<gn_jFq&xO2(V|bENVD=app28Yknwz>oZ0V0G~N
zDaWJ1Wsii8wc*+=n~)t{;e4;lY6qSh^t8rD9~sA+Q1Pq=;w7x~F5g}z?&41KoX$tH
zP7owYmF_vJ$(hw__v(e{N1TzfkIWU#Ekav#-5uLzYgYVi7PbeQf?M6K<ZW{5Rzvq4
zH7FvjAyS<~b-wdbkb5>G{^ZMfSW~X0cYCCS^L^1CKfm0~fY%Lcc@<CRy?w2U<=}Vu
zW=DV7(DBn<wMuE#hDrS4cy?%@r?BKNBbdO1>d!_^4QJE5ByVPN7BjHiBNIAeq8#ky
zM$!FRJ@@81)=XpziRWrGaUPLtNedQRF7LbeWH1;n*T`VN9d~+>%(XN>T-!SOfyI?C
zM@>JsB##gM$*Iq(m9^F>kGWM~W-)W;U}j&mx+!zGcvw`r$6%ZM$qU_{KV`q#%%p^}
z8m>-F@5_vSPV{3FG3PV}AvVl3%AOZ0{yF&aDtNGlTI)29j<S&%slQ9wXn*$W$3afh
z>*|dB-AQ-h&6lg~(j)Oo!8NT~9DaQIuXq(^O8QPBd?(|0JiMhGA*bt2!Pgr`y&w+9
zb?;oiIfIinP5rgOQD(cAk*s##%G{SGM*hX@y>rzaVV`67fEjd)4lZ-e8pzx!Xf=Br
z8T**dR+gcWUfkI_FR8QMPdxL9lcuE_)wB=4#tYMh>y{;_Bveyh2lVS--r8ncK{{JC
z{2|=XNG_@N{r4<b;Zf<-Yt<1U@mpBG;TqNK%90mvKa4g>_Z;4t`FW~o_!XY`mu`}J
zGI;ScGELVt@1t~5lX>t6h{S8q_KunGNc^6oM!jF3-r1hK->b!EjhWJ{(j#??woA!E
z<3q0vXFr!e@Ray1H+46uDeI<blCWH#v1tN?-b~J5y1u??x#ahSNV0wSYBO^<OH0Q0
z@3-DHm4A<x*J|NvWU<AoRA<b3`@w2_tMGiQHNhKF!}-PeBd>;~96YL$6K;5<Tf~0P
zjptQd7AjU+(l#m3U$U)NI(Tj(Y)l^iPPnu=*x=9dd9_E6|6<Oy6eqU@R}-e;9Gdn8
zsrJjj8<O8#QV#A_Zti~9(|%#H_l|-~bY0Ul>FIn;`($t1V!r%<(j(u~zr_@cq}94K
zM^vO!LOuUx)3mQ|a;VA=2*T1@-E8)5m_BlT`|W$iWM!S39#`pxX{o}Cuiv-EXTRP4
zVD|3f`&X^0gc96n!AA5!Dypb%vlpW4Yi2Tif(Ym4<%?!y^u2Eta95WD!NKbhAT=@?
zX1=EvJXhl<zCt*ZY^xBy`{uos;wh<}i1IC_k2Fd}W9eV|#ATS<uHpmNx4?x7!AF|n
zuy1|hwRVl|y{nee;xp3QXO@n`yDcUukVi|&CDP09)A_EE8CJPE>q@ppN#Ci+4c4H2
zCoEppIi=4t`F(etI|`1_jMApNMn5_o+(xLj9Wl6h+U>C$bM4e%A-GZcvFxyGY~?{9
z{m3a5f2{RTLW!)8)Mo5x7t{OwNv_(lI^YqPGrq(@5=<6Y!n%Aq(zNuXEKjEX&Ym9a
ztlN>!&BI11J6y{?XO`~XyXXb|J-41|oW-Mqqdpwnx<Z`W?^n1>o-c6nhrVnqjfUO(
z?}L5KwYYDmT@5T0bu^f0GbQ9J%JZtk^_r}|Yy70)#AF=zs}R9kdKrbY@SxuREOWz2
z`xjh~;6IMm0ACHNQGV^Y{VjD1ojd;Fz4?QuCeXU;qpq21B`r_aq2z-f-ZS2r-ZH_X
zX*P}rXEUJM$Iw+cjxh4+vJ)1K`-0Vphh^fK`B?9%tq-s~x{}9zbXgjM)v1pO`}(-4
z$<XQHC*;-8J5OzHAHkLi@y3j?-^WTWk!6MOx3-KpnU4fkLho&YDsGLf=!tXC>!631
z6(=ciqdhClHL1!X7di~LW^RYFrQBsQJPB#SLZ9rMqlVMCx29s`erH`YM&~oavhx`O
zoK9yqexHyQsA-JFf^`)x4kX9rMJtp$1E!Aci#(?S0IQU^ZFkulvNvwx&9FL}$D0#c
zFFHSMv4Z%==z`glZ&Mxz{`32{w!?cbMWR^WS?JZa;)V-Wz{V(G96HgsZ82{|y}e&}
ztichJ6)Qm>DwV-A`(RGG{ewjDUgn*^pXO{P58tP}2s@A1=*F#$_}*=g8ZDK#e8};H
zx}p?4N&TAKMyKF&?so0T@pwkooNNmBN5g{q`^}#koEVGzB|o>Xuf#THtHv4LbM<JQ
zZ5=J#ViQtvJy^8xp=0={T>g>-*9&&64{({0Q@FepxOm;r4mSdZET*^1uev{+?B+F5
ze3~h?ur1xz+NSWu+|*NV?@^(tT*dE;I({fs){dS<yn%^1pH1yryUS#PYo+~%WXa95
z@3+MdOIe()(2m20wj=*09B7uV8Sy>=hKiM6n!L-hGL9bx)IF2ewyrbF7|bSEl=91v
zRTsAt8m`UqmBnPyEDeN--s%gkU%XnYKRc2Ws5Z_jUY&`3+9PZ2`C<q2VZFH|UH8G;
zmb==Mat5(dx-~MTuElK@3bB~uTRlmXwl^Q?)fwnv7@f3D(7zmV1b^RBTJ`}aC<K`d
z)y<eWd5hWaTwlpR`!YS?CKXDs`tFGSRq<{o_@Hhh@Ra3b*Gl*z$973L)TVEGH8lB6
zy+YNK*7W5|S&wgc)*n!LzFG7kzk7%d%+YCSsi6|>+VFTHUDqFStV#IR1NrpO<&7#z
zqT+YKh3;ZeaJshX>DIes=i;drD^2bEZw<$5+r?SVTZ&I!sAlox{<+&;KP{+`Zn*n9
zO*CiT(AMJv_Ip>I+6Rzf&1}n1{DQV+#!V*E_X9sb()pdMAC=}d`U-Nsp<h={RISBC
zxc+XNH*4S0&z7C?tWaHD5xPiIH>IC4ozAIf<ywHW$%*@Xw{NL-MCy`gseBP)x0){R
ztCP6l+!SRytf98qx7+lQYqnipD4%pSEaFmuD!+^a*mR3!c`YCPH7|!{YFJaO<lJU(
z2KZP7UiQNBhw_@^KkMAumP4^wjqmrqy(+!o^yheJO!U+xd9%eI*e&C?Y#7%r%x*~S
zE8>G-L**>0HDD6TdP`M)@@QH=yZ6_FD#F{L!KPK?`61^%1g)K3UX@TfW%e>O()ke1
z^wmZE>+B1Css!PDx1Rxi?_PM%k&Gk>`Hj3$)fx1*o}{j8%H_Rj3>tCzWnEzu@FLyP
zQMp>zT=<3akaU~9wtlZ{Yag`m?zdMTSzXV_An(GKRH8n8@-I+p8m(bXehOiDbfnR4
z`}srlyAPpO<mYaS)dT5fMx!)kcXekU3QuVA5mwro23@B1=xm>?tsJ_jUhpFK9(hMj
zM`lloe-G>{Oqk^l@e{6ir_^qC>qFeB3of{lS$7|;F*310y&61UUMLzi`>8I?ZN%&3
z_{BZyUz$@4Di|tDh%K9z%=Rz2bWN}*_W?Mryt1T7C`;_+1QTJPBT|0(@3%R0SgFF5
z?DP}LTZv}IVW@7a4<0?O$*E{$c9^N~NyNA1&l!lWxXX(NKkRDh3BgAB>juel!Hoy7
zQ{7)JCmusH4j<PzRZ9zIz2|%{XZu`!uPO%GSzFu{vaQKxKdFj#*(I<1ioLFpA;l|s
zx2E22br;gU02|JjIaO1{ad>z^(pI@4Mb}^0Jync(J-)v+mOgUtm(^4n*Vtys!)Fo@
zEi!T?2^MZK&G@JK4NKO>`a)KBWuFNOMd_PrHO%Wpn|>YW9?&o@?B2O=T-{9yx8r*J
z+x3C65skjR`0Zufi}5?RuVa5GNX1#MDn(w?ckxdFj~}UYgM5}&C*o$;izI50+|oI%
zW?~M(Q>bS?XJJx1yT7<z?gn4aI>J^jlz+gx_nRMjs#sL4(m2|+u+M<2bb?ES@9g^(
z7SE2<+}3h9DM_TnNVCx~RkPEH7MPsBeV=|Ce%ISO=26dJlhC~O`|RT14+aW&f*P&)
z$EwGT?YRfZ+XK^>Wq#=9$qwY|DsDZ}`^0QLko?4T=p?H)RI)>T%VV#&Bq>W#(vad6
zOR!1bg2UO-Em)Dx=VxUJ;opE|{mR`;G1rCI+J$wF2yFCa&;6(#)ZQ_hyIHH&A%gC{
zKM+`bM^fe4?X%<6zUg&u!PmRigloYKFEzdw`&U}WM8x2mufKY7$M%+yVk7@Ers$X-
zWYB7=$B2<T*_5O&MuyPrz$b#H2XBiKw60ZG#?Bf3?5=GjVgECtS(qc)IaOftMy}N|
z<>T`^R623L4Z*6n&i5Qw-~Gj&R<9m$SU)z%2QHbT*UZh&uIYnKJoGvGftmQLJ=mXL
z*`y!bPG!DxPa|4bN9end-B(|az}=@3+*zW0i70yi4{ll%nzb@>Av9m>^_GJaE<-#Q
zY7*W$$5ZT%wrX$1Ps|>C00u5UY*4Z*2dmDtYfr|jZWo0Qid-+4oU94Cw?A!hc9*j<
z|9a`)#b@QSh8DrQ*3k1tE!qBn-!<Mo5+bQ@DrB!sw|=TGHH6qD68b~CD67$R;#S}N
z8|-RYLeDS#{mv68_t!UyO{hXXu*7qS3pb|MIsT>insFs@`sqWFYZ-4WtaSR)HWD?N
zFHXAj;vv_CSlDH%Xt5e!t*@>0-kfnU{qa6Q4*hSW4pA!d?`m4hW)iA;x}4oGkFR#M
z@*r)6M=5AYXgkmSwuQ~?%)6I`cXiy(n%Y+%rCyO7w@bRV6IkWw`et^_)OK)clqQ;T
zS?p$opR};Uf?0}ZrTv~I^T?-gxXGYspZHXL#Y+k4zGJl0{f?ld{LeogC4(O|4D;W^
zQnkOyz@OwH1;rFrMh)36%OLi><1E65X#-ASo-1d&(#Rm=A5A?SH*@Jc6F$|uGgWli
zjiO(b{H@Dz2;4wh^8Cil@~qA+7`$|kd67PrEB5cbS-tq}cLI>wf%)buuHipm;My<I
z#$vlonMZbipEXE%Fb5z_xZW47pVX|BzA~In+p(?C4`{d0{>;Vp5|U<Kbbm8(OVa*?
zGwk42qXEOOTP8Eq)>cM41L}l9N4V0*4^OiR{kCEnx?iQN%IDclho@U?d#3a1*sH_@
zrrp$oD`!|ARzCBJzj>?R9@naEtvH{B#M9fB%o{AaK@*j>%{Rfmr-MS$OYyGGsu6<G
z;*&3I%Np8WCNMnF`jwFU&_?&pa(3&)PN^$TusS10>C3lks@N86cy4?B$xhTXu)$<w
zT2n}n!QW5U=uqy%3A0X>iGdY8!^OS}anzOp`B@4x>k`<-ff#p+YeJ>+5%Z^;$Invk
zvT9rVh%1-cWlp3mlSA(4_gYunk@BzDn|8OE;Sg7P-SI3nzWi=hc2}D<h4$O<4N#4V
z$d_E2XSKVQ-#-Vj8<8|T4pSC0jhdqfK8=XxS1_?mYlX#?t|y7}R4e3)iFn`p#^pG`
z0*UfJynW`$h<ls)$9joo#%I~)VVi^g+P--_%LsF(+%#-xSX?NhA|!6$ZTivU;d+*z
zAJ|z`v?Sv`U-qvW^}f0>{7KLzqV4s#W96ie`qHv&C!?sX*%U0yHb8EP<*>Kn<>b)U
zS6SQ^Wrhs0Q>*V$ny|pD%Oh>CM{9k)v4|Rd_y^xxR%mVtK7VR)@p0hX2v|Dz9r+!#
zDxu6kQDe+mCu85G$m1@Ls)8>bRiXivmUGJuZY~!`lu9%hze*RY<^;o%Cr08&vYO)J
z;_C{^A7}0+mDU>wSJ6-W`S!$zS^Swa^t9$|qg?Z;?F8AtM!jJ(>5%qEsk_rpoCAIe
zJRTkoVGTs)-=>CqF&VgDRT2~x4lZ&Km_52xob`cM>?i5SkkNogM)}0KyZ(ZiVf^8f
zk6%+orBx=REd77D@1!*t-b*(WexeZ4<0a`lRpa0`$9tT;k5kS|pIOsxEEL}Uqa@3b
zwf|(tMyoR1d@Xy5Ef^FUURfA06|@eAzaYJsXuI2$+WzwA59?Q|?Alg6lp>j2aI+1z
z>)ektYwfFLcuF+|i{45Z_bA74YqQFwVybwJ{`@?)!3XH#2^>fcvogM)!20^2B5iv)
zSr=Yoj73aFX+2y1m-jV04>T9#Q`5rUz3y2n_I*bmv*@5P_%HE+ti7{H$XY@wOXxk#
zF*QC~_j8N585Pz9H@w!@h<wJRkEjrlH2kADODGSm0zpu70{m9vg7Gc)_E@3u1UPm(
z0~W0<j?ovnyEXmz^}gMMKf#J@mRQR;%amvh>g4FJ=ShzP7habXHXC!vRT<NaaFvgD
zRO<yUzR~+yty}2+NG}i`PdlQd8_ye9&f*dhTl6EejHSgtO#@<Ru07&v_WFWL@Adu%
zTKCZGA~#hlXT=TPSAT|m*gmT2)9{5f7S-7nMc?why>j9bbN0hb<3hr;n;KsAc+K+F
zQ>3L3+jIu%pM;R?_?Ph&{t|n`Dwg@>a@n@=^2fD>vTjlt<Bv@WABmRO+vycjmQMcc
zdipx{o2;AO9lbAK-nn>ZzCEqfV3kRz`C>-{Z!~nyQT!ZTcJ(%WF4Z-mYFiqiN@MQ)
zHf<UhN>Hc{@kKB2xL)t&S`w|_VzG!-SW&dR+V^M<m2V=Fuu@HbkZFd}doRTaPBZyr
zx>y!Znmg1EE8}egE2!wKpEZG&iZx-uIc6hQ?~F;%#&U?!$IetS=y<fr@*X^6WstMs
zH)9XE$vb~OA!YL>RB`gM+KU`#7yQp!G(rAAxM&1)gDyJSbh%4EdJ#kGofL<Z?N7QR
z*jWCgzyAIKhQ*sT^?))}x$<d9YAdJrBcb&x-q{a4LTH-F`7}n~E=IF>Lmnp^-S;q{
zX=d&ZrSeWHSvR}VY;`9CEwJtpwMZkh-cZDgHv76&(d5Bs7UxNEsQN_R<Hjn4##=Zm
zbs-+J{8eC<qM4PS#k&unWA`r3Vh6JWNW7m2a)=8ya(cU`LVReN>r-2=dJAW!y2e-^
z6&~$-g64;G1f4kg<ENNbA*TSR>e^xZ;p20BHK}*szBn8zeE;BOfBU!S#jyTI5sP0<
zaP;0&w~LkE`9swyo1@}9bt#*BQmyEf+BH?n-XFAITiv^_9QxcdCM+6%=v#tGh1ns+
z!3U$-A<!R8aHhdS?D7#VF7;qLb}0J`hc_#~1PD&L?m5}BaS?Q9*Ym7rW5JpGP&}+D
z1PqVENR$gSQXTr4i+FM$R+J0qlt(XW_sg-#-Vx+@(4wGb-9eDQ-jOS)(C|l*rdbl8
z+uiz_-asguY2uLiv59Cq2_0&53hjBKV8>GG6TOp0$9~nv>Xp~LAp#r{f(ks|jG1vM
zV67bLW)A+VTjxXGiGpaam`lH>scV>-`v()WhZPk9eTSzS2i3HPC3pJYgpj8~iZnua
zZUaRgK{VU?t;|%O$i=->h$~I=NUHMA`=jI1id2a3x_0(1C{_9R{pvB;Fo4sWL(L?t
zZJwqX#kw)IMA@8~k|BxY?=R8I$llNvKu72dqK86LTPq`hG%uYzJb!aZvYxDB+tCJ*
z^0@4~vC#)3Pi<X$Pm2yMzNpX{Oc{#}TKt;oaijO5k6#qn$YEOJz$tUJT%d2wnRPwP
zRIuas*X(Qo4pF(3&d|+F+Wj!HN!6>(GJ198oa=_6bs_kVf&rUfHnylMQgcsVpI@A~
z^^1qp1uE67DXwR!TH^5yoZhbd;&#gn{h^qN)iF}B*@Qjmo%o~uIxcU|;Gz()Wt1=2
zybwR5;b9dMyc4s?cdc^aY(v9CCkD&&b`dRrJ~Kgc6<;iV*;s&+tlI{)g+P``fHaFQ
zkJX~N`f>Y*M`NG|sgQb&pj@w|*To??ckK`d?ZIq^JL}0+0*!p$W8h~Uyh;6V-D^h*
z?=Z_i0<9Nlnx}LIXOATgU^jjvqvnEG^Euc}Z%YnVyA^li$agBgGr_N{FIx$Agr@Rb
zXr2epF)FziUmgSB8!7=wtdB~)=zn+~7RKqVkdy(k+cs&_;TDDGD;)WtSvTNOve!GR
zo{H$Ot{-rT!VMwkL51C?IpLTNyFy;+e$|t}^Sz0y&Fwcfw&D}dRn239J+wk#72_%L
zMQzX@0t!5bxO&aj!DYC>EG8$_>e;Rm?Zz|wvzQBkRS4tyve~ZMm1cZj0&HtgZS4L5
zReyU)^rB_IJLE@5D>7!$Cnejn%(*|bT_cEEAOP+Fq>ZYdFZAbAyjMZQA|vPyn1NpX
zpbN0)0G5#uKufI~iW)<$1ko>I_Nw{3J)g#Ta(WA!x7fW{4D4ImK+3eghK^jzC-=X;
zRLd_(P^qQ!=1{T4ht*Mg4}m1rV1sHPbwl9vV)XWi@%|UPNX;*K$}40@4fO05YQX@T
z7z~4X>QF~t(^Yf|%kiBo*XYHOYn%3uQd>_CSCO?!9W<$}7l%h{c2~X8W)A~|H}hI=
z_dn`vy0{;6#v8Th$u9=>ki7w=28sEBim}GvT^-z4(CL@3KPmqYL?2=Di?hPNEiaGW
zpj)HIUbYFx+@Dw#%ih?g9BY44SZTYqrTk_&{@CM_j#n7_7P%s*`$HH7#PpLeLWOzD
z?9&#ajdROXvFf){{4vSs?5axiG5e>+wKnoC8%5;rAke5JB7|w{hN6NR3B>S|gQ8Ja
zko+i}*Fonw?I*|^|2NCw$4QEwy+J&qJ&N$yWByMCzk<M{l4~KHTW>)<m3&)I{$G%t
zA+T#Iq+9WdjjJluTfY^nx`V_=bw9;=Ek_>ve+odf(QUOWB74p$KQXR`P;6=c9npG|
zyrM$6HK!;UC`Hg8bs5=Z0JBQ$!kEt@FSfGbgHcm+IEgo#NDhU1wrp_1n(Ej}aMCqy
z@7r$KY9`k|?SITQVp>U(OV+=%=?6AQeYJsU{n&nO9Rv9g?<pzS2S-;_3G~5L)hyJL
zVZg3x>Xq|Ru-p}70tT2xReKK`T1Tp3{^DHUQOhLQRkdFMTVKBvjZRT+4a5MScR#&;
ziM|55rxQI?fvvg%5A}Ex8cd2iY+GG%VD8wvTwM_syi8E~Jq5nD@&GAO36444y2c3R
zS&7}uL`qt506)3x1Rq??K4D`IS8S%z9)M>+Q&t29k6Z!&HMNG`?ruC~XDo<7?T7we
z+rldT><9@}fs8<_)G!cxylu*U_4$Ph-Y^*!uz{36S2k)m=Fi&AhUu&#3mNorNw6q4
zyw~B;Av%LcFZvj*{{SSqY^%QnF126G7e;$(or6ArJ!sA20@T9>&g8C~n|}E|G)AEd
zJ&v4jsB}qKFPoA!I|t<%Ww%J!=|C563xT~_j-ZaKlGAGu1J^-Tx#dG+5od&D_7@jp
z{YF~}Tm+}ep+nBHkHzbZ0eEDSgsXXCh(S|b%jG|-6L_nHtHh9zQ&Q<4P}<)A&#CZ#
zwZSv;3xB%DVyOhfBccD`&UG`^IUbhH0!umhKaaXIIV!C=uh@h*=OWE7f!#+P)a;gL
zMAsLl9_=Li)`DDpTBP#~6-pGM%_JU<Wg%Fsx0;XtBzMut>DW#9mGB2ln?^b3Ni-+C
z4I!wT2SjI&9dkGiH@QA@?5qkEsBCDiboYH_-M-WyuDk`iZ?q6>eJm?6<u)Y+@wV4D
zaUSv)iV<?u0Ht1Lxr!<+U&FO5<<-sTF5dy3rm|fLXfX?pFJB0gCtHq6E-$-jQS~fs
z)}?l6Fekpm%vxVhJ=<l#;Bm;em8OV~7A_xDNv%s;+s&>cBDn2}b6ebhaqLu@CtZJS
zdMob_Ij~ye4G$r2HJ856Esyo@1(&%xtx7<|8x01WGV=zopQMaTO^MH1UD_Ir_6J`3
zN50(@qDrTkej{V!l5Ky>H}`Enfe+u@%>Hw{!6c73|LN{nG}UBTCRoE08gVW%;~ko}
zHFr~`zAjyN_n(q_U@+yg$|_f*k|p&q<xPmB)M{nReItoCrx{xdpN?&cTl1?P&e6G!
z#0c)rsTYvW9)HX}-eqGB>`0^w@tN?a=ziQJ*J0l3UVfb3vN;{!F26Ue#xy%+>uOor
zd}zCLr~#=hr1Mi)-U}-6vCYbxyd0)~iDTdKxVRq@Kj$8V=h0{;`C_M#C{!&iT)Svl
zS|+wo)m!+vF>f-hcRJW?iS_R%)@RJXG?<l9;Ifs^@*TgvdN&wi!KWiHNQrlpj>&!Y
z82(|ap!|=G60{20$QYOpIa2jGy&Fj~+Q>0`+bVI-#<FdU^{+4m`@H4tg~~HJuyop2
z_xN9T@4VN={#H!osCyWol^T%Lj))5CTD^HQYZn)M*Sw{NN!Dh`aG|AqArF{s3!Ab=
z*eSm9XxM8knQGaY-R}*TysJzh>G}AzPg^?F{U}74Z_UN#ly&(d$Ip4+cl=L`e$JoW
z|2nHQ2Yq&g9PVv=!Z09IuTLR9^<?+1_=mbxeCA+K<)7M)8>nlU-vY|@4SG@>?4&x&
z`6_pCL8L>ce!!xF0+CrxCN?b<64J_Pme!v7m}`NLY4x|mE|flPwVN0@tGt}!=?)uD
zFr1d2YOrrv!pDSHak^}|4irPhX+t=;OW|+asyx`&Y1@>HyeC5Z;(LmUSO-?hA63m^
zANfPVI8%@>89C_sPe0{(OQqPiCQx9Q4+iL-{ZPVVWYV@;e;poB;_C;G?L6Z5GPas0
z<ItnPT=k=?wA6Z(wy!P1V)%zyw}-EtdR2#88!N~@?6UrobWX~d85`|c7G|ogu-0-9
ze%EG13ODhl_KMZC>z?KH1zntLG?S-d^LXn8Fz+`b*a@2}%4ML&-SZL(==PDSDA)fq
zYLLALj~!UPcIBC)&^wO@vWcpsgv^#K6!k9i$^iOE-s$vvOf8PiL`=Y|Y{^bc#XO$+
zD2jY`|9MzH*^=^kcF8jmC#RmTZJmn(?Z&h}E1pVteU*~R{ykDcMqaY`QF4v3*)dFZ
zAtrAAAg1Ea8rOm}*6(1t=L*o>vv(V!TH%HmiRt>V_WMrR9Jfal{v<wf%^PTc&3H3m
zbVfpE(UyNl`=vVc>OUsja}XJhz4}iL_O3HwusfG7&;1TH(`TyQqNp#IT%R@-TlT*<
z>~SDbBF>hx6<lEh@|uP@W&So53-~3-7oDY+oboi)^)IteF3ZVTvb$pa8deh2R_$-+
z#@d5UpQ>zZL4_UW$4(`l5ALEf(SdH%9w2_@O8WiKPKw*)Ie&0zd?X(=KBlDVeG&P$
zltyoEN?rdnZFwJO>KyUCl$!caM$<HB^6nB}2+g%fg?IE*qeF4YI}<kbAoq1hVTSft
zv|=ul;au*G;`%sGVfo!)ZSzyo+14t8jjn6MmxbG*ivKJ_TfW^oDL&XedHSrZO5x^@
zz*{A`m3m`3b;X5B-<Oev_S}^#aOrLQL~)?j(Z}N(g28wH+;3G=$l`vD-0Ec!4Z}*t
zPCEDeGj?`xAa6&+@}Ceq7FDuD{!RJ|RSL<qN}Vlz39>FOcz5e}DN@At%l!j8Q;~nB
zCk_dqi>ZXllBZac;t2U5<~vLf<L1e`2H5n;`&J4U7OlU>x+|99kL)=0*=TN_Kj$<>
zz5ZKR5G%72t#IJ~s-@L0H%y^)A(ysXbZEvD*3F9@;)F5m)JxOXZ6w-$QilD*@!=B+
zsLe|_dfto_gWn1MmYU+qUcR#DxTqIs>aRmCdOP$-1im(c?dh60Jup#UCMhpFjxul0
zIrBslmN#*HElY`VubL_Yrukh^u2+>hJlK+GGuG>=Fd%oYHn&Bo@5&$E1n+Efs=jLS
zUHVHkAJodRH53p8MPE%3;&y*!Etz=ZOO3^4-`6Hb%Tngqw3CTA1tn=4Y~ahh_g;{l
z(udk7J}pX<ul6iKOWcQgC$+{WjmC2<?XrWC6L-D<`CYQL)ah6$Ywfvc-QY(eJqSor
z0<zQ-Tfa>RJ<GKX;xn&Z>fSum)Kp-NSq3M{j@#Q^#CQgoH%0?VPjo@@@`Y1#8^=O;
z+8MM{6kJZSd#UDIr>bg@LC}DIM>1I4T`pA<m2WAs^5a9Ts{0QZGbTD3tG}LA_EH6(
z^@T};PI6C;E_ZnkU)*iiKWf!psIi_7AQV<dG^iZVfe&bIvfQ>&?k!j<_eFA=@XpKL
zDmmxN^nWKfal`q7)Av4hK8LF1kOmx6hWnF$=rfF)LOCjdw>bX*kFQULr0IRvm5c&k
z!k|geecaNS6B5}03xo#n@ot$SLi<d}mzstyT36`i3SyRn=9=CcD<9A=eQT3C>+OBy
zP!Q6WT7%Xv6nyn-zVsj1Z##p}bK%|_==S56a72>llK*M`xW_A8XrWC~JL_4}!nJ!L
z|Aq?N2j8O1gjyU&KE6Kj3e3IBvRuS#!f;#pL2Jeh&lY)E`*d%CI-$B7-COO2BZbN-
zs%-bz=D+=OU7Y!8rSyXr^;<!6)~LyB?#*!hdz-SLl?(2ftD?EN@^{v5y~~yISj;PQ
zA8Z)cex=`I|LVbOb??#0nN7YGr%cyO$^j)At6X8j4~mBwFOh|Blk~hHuSMF7cb2}M
zB)^;gEat)Q!pXoGTkw=YRHwI{X`Y$eOy06p2gy_aZKXqcw!__O=wYD4+RB>+o(4I!
z^U|a*o+@FkFBQEVULv<w`War?1+J}=Cn?DPOW-wQkh?0{+M}GAw6fA)pU5bxtU=ua
zc`!ogeqf!gz-Q!ZEz&r)y7PS5>5W9-7=2`RB;%4upm^X&8RY`vmlLHOBY%@AN}*F9
z$<)Re@;fh*CznEj@W6{M@Qf!C&gh|{^Y5K6Yv7<*7doO(oIQjoWUwUC2&|5JsDau*
zMBySm*HM0vFmhWIX_sV_(VQqo+>@mZrxTeS9t5vp%R%#8T+KnVF3@a-{>~>o#@iLL
zQUbqakwMU*#ICl24eHJ|=!Ok~9AOuMHe$Nu4n$f}6mVWsS*eJ$>dZA_ZsQ!ju(Eu<
z+;`;je7Wi<ObV%gt}KNF&-t<(QL8bAP=s({9vgU(sjSF$?O71=BEfVXInhT^L9iNO
z3;v6@d_Yk9vJS4(sL&1xs$(^~Td`4K>P?(5jByip%Z}<8pXSLWnS)NZrr5;Y;FCgf
zoNGxT8JjtVFVs6m5A6wk1FTHRI9_uAai1%Ic+F4>*sDwj)hiU4*(iWZq$ps>|EYnp
zMt#yx<qz!9>*4|+o>2lm&Pe)VL%VIMj>Bx%jHn#IRmWXz;9`bNoPa0AF+K%OavYX2
zMszFfsRii_OZMq%gE~;D9I1B|P#@#tz+}f^agvcigr0Om_22@gkXx8>Ckjat&$*iz
zTGY6B<ZOf!)E31QI18i0vji?1cC~gU!I>}Vl96M7s}9{cJ@K~#ZwC&#{)IECAd#<;
zh#NYTP?ok8#cIN$4Z=PB=a}f<JTZ(Z3LCHzfQ2U?8TF{8Bc3?Y+A=Kvc^mpssg3VK
zHmXtbx7s8^^$rD?Qmu{Uf-j0k;<s8Kvhy^A@hq2O>VhI5LP6=TCr`-BJj6m*k~v)%
zMH_}YgQIOPD$*#KCjZ>NizA#PL=)&Py{?q#s4W{|j3X+4j}lI<cKN1@F)C$I2!lqP
zK<#1wo=EdE(uHv-1~(%7QDI(Wix~PY5LsiSCutQaoN<{1FBhoXbSV2r0b_&cL2MxY
zGIW_oa71~Mm309qqCjLwGT2o$61B6urh?@gK;`8FX#&L+8J4f$DFQh!{ZMKsHL1`i
zC~)TpV(Qi^p5B&%p9CG=7zw6YCdc2#2w>Dv(VjG6G%AcCi#NO45$r&ExdMg%QXr`b
zJWX$e&#I{!BcU|5<Z1`L)=<<rVjp3Px&qY49wp)RZ{cqhZyV>LBG)WP<ysq88%rDA
zr67tFwT~!;P!iZwcnn6G@Q5c}JY5`-v0ZNfH1*H1$q31a+%9yKa_3kCb!VZB7p|);
z0v)~;#TePz#d^>acqN}2Pu0Y6Ne5sV{s1`mfWRTpQ9Q6jOjiY>wac}0EK(u-2D1B<
zS|LiO(;dhRI?@5Xh9>V!>?)ur>uLm26A%>;QGjlWc)e&uL7-IOR|!r)Om&upTXo6+
z%_B)=chxXllG={0p^HF+r@&Yt#=_Czo|It54*E-Oj4g`h2_^VS7zc*SOBo~dlPZin
zgdP(eO97?2^hfa_z9Cc*@+f3yc7#s-6~jp32r#WJY1p+N5pWVadNmKp-T>49&^exT
zDtAqFGDb;~5NO*dE)`HNUjM}Y2xHt(<cMpCvMw4_RTnt|97&+RyoVV=Ofb^nB?8GX
zG^m@Xg3j8mq>4z6C<nw4P+US}BK#0H18)Q}h1|eUp+*o;YAADv0>&S31?e=3L{btM
z+IT{)T#_itK0@)M-XLN-g`+@J1q@+qDtwomff9gQEks$T1jY~Lh|*2Df|o=ocfrXE
zXqFi}h~tnD#(jzscuB1bMA8^lMP5Y)r!b5nkY6$b^&N|VQR43fGH!7Io+vJ5P*t5U
zG7uSzf?<s5k`|*0bO%br6Oa~^q=06otG07CoFmecM3NlJ+(vaNfaw8-yRis6YESZ%
zym%~W0ogKXJ{g`La~<UaG@TuZGQzwIL_T$8^9Dj1;f`4Af|C?b-~}=J2xim{0v_cQ
z(c?sCOA*Ez$c2$b-A2ixAYJay=`U@6k{d>W$vW6WSTQ~bE1=<FWOxY-Kk5Mj(gmi5
zf-YGCB{B3U83gMX^Q9F^69wvWiXzY+kSM6Vy&w-%!lWb6;Q`^mie^!sBp@<Ravet+
z{5{M|R478G3rtZ!7sk}abSc%uczGSOhEV9VBQJOdj{ryplo4=BIdwWk*pb?i@XPR=
zlIBy)bh<z12%*7{BPcNUQ1?)e5PMw;QJz$A+74=<sYp@nK>k}hCBs1^gt;~CBIZjI
z&7Nk>z9b>NH8j+af-zh;@*Ev8O08fI4Wb){RY_57!p$-F0y!@(VOKUo2`Q>ZDE@y6
zFyIm~R+hs-*FmoWiATUAXTu4*hfRw}?xcHmD1THSN(vYVgn^-e0~5N%Dn#Z#ntOBE
zTg_M@X4@xaX$=BN0UiN|0C!zIK5@6G{?ZjZ)Lawk8+vfQ$P!3^lAQ$TV{hnngr!=M
z?NO$G9vjBWz_Y7B>sg)HZpv{dN1SM32u`4pV&;a#TQ!+IVeO4Q>Sm#zVTBq6N>)&M
z6P(=o-f?iBDN*%nM%Yumf?1u)C_ob&6!KrMq5%&IKAh$jV_nmBQ)cb*iEfbl{j-eT
z`p?@PPbf7Cn&(e~LY;1(e5l>`%=&|O+yFd|Ul6gdmYfLd?Hpq#gbM-cBKPPtYLVrc
zCzb)w-2fZjCcHVvwyB*8Z_Cu;8FZns#bbLG>6^5njx#CkqITeZ@rctZG!bc-^W|U3
zBv6~JKY1BU!VXTq^`B~V_)DIAuz<op{kM*5wvhlhc%a*Vkq59YixWX@k$uBir&f*a
zg(ebVK#H*oH>N>VjJJpsUGZ7#eHU0;KE|1dB3Kl6YJzRUW5kJ6Xc};+Rhi?jV&_iv
zx5v_Z$ATs?A8?^xf;51nKuS)4BS=-23YV9L2cCri(-DGD<`bQpIJx)#g=AIrpM0fF
z!i7r4_G$w(2;s%hXL^L68EREqcoyvN4?;}_eux+n!U<5Yr!G+alC!?O-<~e4L|T0k
zE&yck=;^kMQ=g<R_}0#G@X2+6K*CJUzj&VmYjZ-YiecK5b~gYC+Np5Nx<aig1<HZl
zbN#b*dIHxV3^dM~h1o*Ec#S$3_i0c&-g+DK{)AC~7Wq>J+JnWHj5}4H;YZF$-T-d5
z7}M}^#bamWAjA<&#*V<I3mgUe^d4{3e9rK~JFRJI3&M*uKoc41W1W=<Kb-<2kHJcI
z&@x|~zus)hJ_yecy7><yUII4KE7%u$aV(AhB)A0aeTXiQp1fo|W93i>QdgCE1g*$`
zHuODwgOzdNA<TuX)sBP3c63UPfTOm(PlA|#Qc)ba3DymC#B#!@i?zCm69=NF8$1&L
znsv->^3t_bmhj>tJqD;i!=+o*iw8hoJgN;Hg8jFkI{e_j67VtiEWGvj6s@;|%$$l1
z9ogA`2(|6NJL*DfLvVsn8lw9EJv2eN<N~~K9Kr@<9{Ny^kg7t6#*H<8Cgya34o3>G
z!B#Hd+LE)LGp)jyCOn5O8tja3(*6jpQJuU=Y!%StMPmHq1zm$(3ki03dK5Odyu(7Q
zOL#F@V5c@TgAT~frTHW>^JFgHh3@1-IUivTzpG;n&7P6R*S62-1E*prcP{Z94iBBp
z<xsaP-#?Gp?;4H5r(3$OffrJQJ`-w+;R2a3_1oZu+$9pg;c@E;-YND3AG<$w05p_*
zsPm;uYOiF2(}fa{s#zq(4mM9<1oWIR)5Likds=@AZOCpV;@hna%>xj*5wfvJ?r($|
z)n#!YW&Zf#Ge~P8(D|xP@Co}khWiCd3wZ95vsn=v@Ly`}Yy>t`V={ZvNzH*~VuutG
zOV{a!^rFex=WFS5L!#8B7L*sSIznQrBIcG?m;vgNX84SuFp;9Ry(gEbN(HEHMgc-^
zK=_i#VFfq`B!E1H=z$lYY$=J_66}EG6rk~w3@ESzd=FB9&-c6`;4eK8qJS8J31DZG
zM9wYSs{p0a@VVtedO+J8;H*3VG@B>^%8necV+1^*WC0~S31B=iL`1Yej4uK3%!vAW
z0HP2IK;Md}`iKag380LKaYz8AWTJQHX25HpGBFsyw<j7)Pyw#E0ri`JT`G|X1_(D|
zfLlOekr9YzM|2_wQ12`R0h3XpFa#h^0H5}%0LOz2;J}E9u?5)wh#8P1<|BY;vvWT*
z+=%Fy4WNdJvb#W`jS)ZxBGyeDz=V+mSeKmt8?Y8YeF}^R1UU>qd`h73j1nk#0Q?gm
zj6E^!4MbF}#0p&n?8b=EQ;4pp0a>z5{2^<|U7+MhOfMHus03Q+0ShrGvAO60&A(KD
zO9&C?6+j+F15hwxjeLc%%9xu#C<9`(=7_<Gy#fuy>mpV?mYCrnK>m+dD>b0dMheKE
zm=Qe?GrUa<MQnFsg4JjNt{|YaNDdT)iH%0A=lf{@m>^L`tfnFeVC4aYpF}x1VCF$g
z)GRSlC}8^zz_mgQ$qTR_OqIL_Ap(dEO6(v$Dhz*>#n6h+;h!VtItl?#^o>z-9V<Xg
zg|@4X7jNUUX@K9~&l@~3B02j!4Kh6)E0lonQ;Rn6Yhd+&jqWeVH+Tg&AtZnhO#qB0
zF2J!J&|{+%l75?%Y{OlT_W2m}FMGM|38=x8<9(3-QaCbYISNg!AR;#h{udJhIzcZ#
zUN~N(ONCKkCI95$)%&4jSZY@T*rB!{j0-qvOF=Q0*@d7AV=&dZ{dV6?oU#y3c>^1J
z=}}4GafJ||D0uXxQ8OMdZU@cHz{{WGW`z%N?7*cGW~>Js(4j||d?xJh+$s6a`6=7Z
zx!+b9>Jn}H!!GoD16rp7lm7z<Gk2=+?UJYXi17hFWSdbROLr4Td32%Q52MD$-ozCb
z7i65wu3jim69+||$pYZ=gZ5EShYpp_AHhIJb}{%cU6|>lXXY%-vlm@SyuonPg;`7%
z(4U8n7l`j5Q!5D!J6PDIg&=_zfJUIz1rF$;qadi+dRxZ)0`Dr?VID#pAuFKx<wNUj
z#w8Q03nj91({Zr3zWaVGtg5bX?2`>R^~6aJtJ@DJ!L4t(x`M3)VDwlkH9M<|Ir?*?
zI<&DEY&=;YQbo|fZ;b<Eu+jUIvVL@mRm`Oz5GEJz)}PW!c53$pe=QZvhc$nQEd!2J
zH)t#pTJ`**b$%XBmx_$U(>2aG0w3GZb&LT6tUvBq3$$qx7X_p4-~(D@8Fm(8+z$nE
zF`Wh7G!rDK5bsM`i(xil(5vS+#-V1DptK|K%?<E5NCUr)E+pV|+&2PXV(VM#z%^?R
zEw;`&4m}&HFClcx3le|}vH4OMp7o3z7>sAa&>8y}eh{%mcti;|HwYOEs8H2Ccvcnc
z*&yMCD1oLQ6dAVKFy9N~5rlSM#Nd<C!qT7OZ+*M8I$+{Q5^sta^*2CSNN7M8{t9u_
z2c2{GG7_&!w{@YJ#c*k{^{QAkpZYW5OB~vrc+JG0Lk?Aef>{Afk|1|t1>8#@CkUiC
zIl0|q^j_JwXM}IY1+V}+3fw-CbEvzW^5^Rqd<ss1>mf4Gz+GdrWhma3Ai6DC38*3o
zbSG1QB#cD(M-1+H61EN6X)z8r{i23c7$?P%10p<yIgpIqE$V(KEw&bjh+{m6#Lok_
zEU;+M1E>RF1M3DAf~^6YKCd*Yi!XqP@K)(RFwv0l&v2rI@r~+<vI}5*^B^35AFv_(
zdN2;R1SIB%EGK9H<%JdRR18{y2!`{?f9{u%1=VEOW1^9~+ctUzQ1J=j#y%iw@Y}`W
zM~QJ#`U+t%?a*b(^=m-ugc4#eMc*tEh$tV<7s5&b3GCNf{97X0bV&^;1c(eCwEa(7
zF21!<{U<H>JFKit1ZZpT1$dp~0rU;AM*1w+9l!{jW26rC0T|F>g+f?4;LdY%b{zZ|
zz-{F7zpDD~u%?>mO;Ks0(xeMW6Qv6xg3>|hNJn~+-lX?Lkrs+{f^=yj2%&d~U;w3s
z-h1yg5JK99@3*_p?mv0%oSA#(%-lP3-z4vOZ}wL-zFm9~&jDmZI7|`3TjI`#He3g@
zCAIDGOD7LGg}Q@?x(+4)a2FeTJ(<#^1lV$pWj`%!@x((2O-QBgU9nydNx^NHy_8^J
zAN>xkCpdv@2W=k_E+<mriVs0~J$er8?W+NUB|HaS6tOiyFbKvUbz-kapSPp1O?hpR
zEY6445)61JF$D5DBxNiCPyFw5u5TA?>Ee7W8hAaTiPzg6rSj1EtMjyW)INgV61s@>
zJ?Ypa$nQzI;00#z5b!=e5Z}8bM?i*_iKqCm*FgC|mb(L%IOPr5g}+;dim7<GE{Ydm
zy6(?4>M&FZR3+>my}-XfwktF@)^G=FRF1&KBKt8fuGd{50*iXHgZ5suJo^vSyZ-|O
zH-3N)qCIi92&?EQuNVnN7a_rIz^xslRrL8((UCtlwzLS24i)-BfVpVP9ds<Z=twvK
zILt->b<m~c4oj%v6(9#mi)ADLsy*4Y;`6+dWbEq;b}V7@D#zjyko=){3C@v7T@*|4
z=^3sB7=FD^SnNV?>EbuA?^w`P02$3);OMza`qI+cmlDFQmt7(I6i-`>Im3m-=F94?
zUH(I(Dk5+zz>&*m(_lFJ4!;awAnP95xd@&e3KR+jHmP0V5|LS<*V{8r_<Sk;+O<=H
zdI4_k?A+s_;DM}&2{W)d?_g)xVF-X1C}vL?-NJf+74sxt;Z(0Gl4Xv-djv4&g6G;v
zNI?Vw7vO{{G&Z{kYD8!laCE&3pti8VKq3OFylNlEJE&pvka<N9a)C#X6BNTKuOjdS
zi_g4}6-$FN6vZ^+za2$|iV&{JqHNLWQA!^i?cyE<Xz4jU17ypF<2J9C&XA=Xa0*(A
zvq;$$cBO|vJzY+)AkdNjlo}SV^b?==B%Xa*c=o^PGGqn@Z=iWEz-(bM-VJ!wHT+8_
z4B=jak`v-VTI%Az@t(6ULa&$zYtRMQgEo&6FoRM?y3|-MW2?2VqhGQ-0nDoB!?SaM
zs#mQWDE5n`!_U`t!Vk0y?1ZBRtjZOO9hzeQ2+Kq8A`P&WJw77Lf(uk!r)DYhNxkeo
zJ5G#H(+U_s$K&Y;`{mG5An>&0`6m7k>WZ`&K}q;d3)rm9XHT1i^oK%OAIi4b2ZmVT
z>mDa0aLnEa-q;~?K&R7LSsXzLIEi#BY$n%=KVxbONVa*7TlzeMTV=Ou=#>-?{|EyT
zkPVLzaV_?3Cewvd9&v5xGOHEa(IM#>cFj{{j;rIgJ-V!lGvi=zk;oohfA-r|dy)V`
znz%C#&SeOe&bdxk$_AE!3p;q&jKztzRRa*fI&d++*tT)`DfAkAxoA5?Vh5c?=FZIS
z*`w#R!%%@|1ayMOkqw-UgjxYQums?#%))%T7Q16gaQ2E~;G(&_6VvgC(0n6-5IaWC
zssVC!4J@SzJ^q|BX1^F;dqYU@gL)8v%^b?AAy1ER;^C*64z!fW9KQ$K2J)Xolk6hL
z$t@b$rzajf0E5*?6`4Hl6K)V39FPPn=hjjQsfV$r1f;<H)i7=#puh>78&?iX8bLiw
zX);*#R}TTf%xPZH0F77SDj``g+0@G)H0+6&;-CbVfvqv_T%HqU8cU&S{*!YWkF-l6
z5LEcuLo19o{@)gerco{AGfbTa0EIDuAmB@S&{6WG1qi8vse?h&E~{X+y_;uqJh>bv
zAt2$DCezh8SQZbi1xBfYX@fyjUT<cE0Lo!{Jh@yaq99@LB_GHm@sfg|Wqp#sgZl{+
zR>efZG}lg1ZZuH!Rd1dS<5hm{4&Bvrnk9h~a~eWlo*;s&7MLcXn;jZB*f?!E`7#LP
zk$$OlJ=9nl_O#1O!uk3jQ*J;bjGx<(*ukOgDM*(4<OffO@~W_EoB1k46{86{0$&n=
z*pn`uKuGlvxz#T;?CCFkLS%rP3J4GC0_``^?lDyNl%r+nIIeucx5cPEp&gP6h#9hx
zEl#B@E~Q4LXc=~n7IB3-9tA`M*$DJ)bO$5HEHlTIZuqt=r;_DYDz{iFtV8(rA=!uo
zr_w7<C8Sbx2NTDYVYs7%()<~emZL>j0kJ?ff~77vQjYdhjs{S1Tv>;2zojl9<+PEh
z;#ELcg>Umx7esL?1#>A;zKv!BQAsm%1PLf00>ZaJWFslm1wS~IWaFu%Svh7IsJ){d
z2&DunX%>zkAq7M%*~l4n0l~ZFn`i(XM-YbsB8zOqgG&h-OT`*Z)y~Lq6&k)>Og7R_
zT_CFzjU$xx!nX-srjd<Uaw-veg}i}b);*}Jfg3K=1yfu~zyvDRc&ZUcPP^wi0nc^*
zI2Py>c4O=ijs-m<O15uk<5@L*1{@1K3qfBANAr#aYj0^oUn}@1hHv+fjTjMTC7#MH
zfog%CqeWW5=dIE}#bFFpsGtJElDc4pY=qDQ@=bIHJI5?52Q!EYE2V(gA{$8}8zIc6
zM}T+Ph>~XE-oY9ka=`V*dC|kGoDLXgDhIOcqyIdUH$F*2o(A-2R7vCl02__T@SKo`
zj{yS`M+^b6vFmt82=|wzSLq?KxEs~nV})ytk+GLsfN0}80<7jBc13z!DFD$c;l}+P
ze4B3v_;O<}1e%;A)lweAUMqxvW9j{@jW2j>DZU)n&O{JhwjbycmEr%)@F<?3XCqcH
z<?|5)N$=K`CCiW9Sj!lOp=IGdhRb!{c*`*dD#0p^EbFA2DMne%Jh1d79qvxB#mAqe
zFv|L^KuOQR)Q~%n508{EVZok9%iVlr{pG^poA{<SvOaVuV5J+nCj9s5i7AR~qr<%9
zqE^(de97~cY(3n<k27WHb7gT~2^TkCkqz2SS*_>n3|Mb@dC4F-M<YcdJpM3Lc`7Yv
z-oWTyNdzGy{?)F+oSN^|?lqrCJMxP$;dLN!O#bbUv(MjO)0q^^D<Nk(>aP~b;Ep^Y
z{=s|)_k-9d2#N7R!zt>R5!yBtf9XS*L8NfOr{Ld%3O}g8?{&9s*3C6Y$^HyR-Xc1<
z<tcrTX8nzjZ0;L{WeCD@QV{4uW+lokb23zxHh!k>*$F%$_3pa=NJ7CPy?%XA_xHs2
z-~SIeNCYy@I#pAPIuuZ8)bsDIrwCZTa~Nn=GGmXHOT1~v6kYCC>B3^pWaQE4)^EQ=
z95g$*mI;>7j#y)fF8`0=brufJAP;>6cW6%UOYl&Jy8H81_y*=)Q@m8daw^j-R(BiH
zE9l|g!=C5*x!F^Tr>_mO%nf@q1nO5!M1_}i1;72Hr879382>+{BZ~KqE<arr>5BE|
zXh3$j2RzG-D*h39Q@?KFR=LCe;~Du|r)N~U6T}iG4z#9NireTrep9@6epxxYsm)Up
zEpX|6Xs9k&`_|37P4C8k3?tuLGUb}R+t1FGa`UH>C|*mQ8H5TymC_3Nma7Z4o_<iL
zOPRm4R9jQvjBuaGI@kzl<MfW`bZG7nGE(jr`zf?w2+m+t6|8LJp$W_-4EHy`uSY}1
zFqWdFK+kue&Mm{eF~NpAi;!wcBlKJYIyPgW!?1qmMw0T`1ke3`?$cX_Sr+O$6hXTs
z?kp$DEqmvAZJ%glnk~MaZCUffc}rW3y@PHw!QR_BAU^ea_1_y-<63;Rq*g3$Dts9H
z-HzC$xb_hwhv#(meWDSY)+-cF;(r)I@*W0|3Kx*89<sfy((k)JgW0dx{ffRKZwV42
z*3u91^F?j7EwG&dpJw?yJHxK+7qH?}X@b^77rU)dEP2)xtD#`F`8I7+&Iajv-yrVu
z?gt2QOUAuE884G&>lb^rraxCZBFGuqQC|77xf$Jb&6DGP+K$C+@aeB35bvnt%HHDF
z)CY|E;9V1_kg6)u`rKyB#381{xQx`yzNx(+cuU*?UjE0$IwU^b#4t}{kNg88c(7li
z!6>NefAjRH%3J0|&!+b%-W!Vdj<^}sn~!llTZutl{9MRP8bIz`v-QR+%YElK>rELN
zBi$kYXg2p32+9IktS4r#i+`;Ctb6%`6zko$JM~l|$H#0AyzG>-HmkaTfR`{NGHN{5
z?;Z5{Y0lUJqx~2pV#hPyRN-O~Brh8(m#~$aPLQ<v7-j9O&V3UpyaLX$u1+Xy{Z{9^
z2hw=W0&J8T%OlSfd>mf8=^y>{xpuJ*7hQO_D>N)I!?h*d*}4ewn3S#<hH1PqUNhu#
zlMK2DY;q<(Ni{DPVSDU6wz5+DSP-yYuJ#Y2J26grJpWF?`U2zkdS){h+h6zPQ&SV!
z;zp?`U@#78V#m+-Xn(sQ;P1Z_|1oC;pZ1V$yUYdf!JEC)KlVYNcV`ygS(Q6KdOS7R
z#_QScqwj7K9}K@+|M-RGdEV%$uGqP6{Ts2uxBdpb&qtjW1cfEll`W0dzPLl|Hg$!B
zfR#p_m1|2s?e6VllELG?y;u!ZU4Yj^eqGHrQ#*oo%G|#8d8=OBAAprK&PZ#GB+`{E
z+9TJ)YG~#BBLwZMI2oi{vKlIUs%gHNs6iA4sJ#1Pyj1`Edff7#gbLqn6jn*Ov(7G~
zG7+)Ywb#v$;bjmEto|=6dPd6ZC(~Dpci(5o?UQ0G+=+LY!WJV;OC{ZlWg?S`ZAkf2
z`A4I;Ihxb#qpHh-bnBCHazq|_JgRu|vVU@NV_{oOEqBjX2k&mw{A6sjWzneOI4%If
z1~IvE75)<_F)~_H+a|DeZ>HD|eqL*qbBu7}>^D#={M0$pUUxjx%&?ZGgk6=4oJkok
zAAi}n+bLEqW@`c>dVu9Sj{LEm&$sAs;cU;zw7oae?1?sDB8YCrRYWo|8uzyW%7zm>
z6DsDDD2QXvKd7oz*3L_}w{)2K`lJPUYk8#`50-NKRi+6oOx^6xpw~7`+plAqQPrU9
zaxhxBb4#tZ44Pou%r(3j(=A;weWm0%!W0<G(rq^+BpUq0aZ;5Zt;-InXm_YF)9NmW
zNg9tuDgFU|<S)?`kc)fG)EMkHQh(b+V9-?iuj#WBhjGSq3dLKoUgTVr&4wc{TT&*a
zJPs4byG?!Y=K%4rW(G{4jg7szKoP%FH~Q2_fr9o4{r&>B<{pRjv<1nP?*ziZURlY!
zg0$X@Q^b}9#nF(au_?SuY!Jr8zz@<&ig@Dmvo=G?s{1*doqT;V$Sk<3?xAeZ`Hpgg
zlDJ`9KLbB&np?MT@4tx#eH#Jk;IwaaPitIF+q6!(Pit9>yM$8t2HbMv^ka()_zXY-
z`pP3pZ_`^1<Q-RNs>%2q^CCJu`+X=Tu$Zg}iq4Sw)2rNv+s@L;Dg7=B?U6fDUJ)54
zUdPVTRPvoIuIlq@k4;MGOm_w;?^I&w43dqEU8piG;)mnBV%zCx`av2H0bRcDr%tH}
z9UlhTew&M)hJ4=P(d0el`YX|&*mbjqq`UskT^47WEQ_4!xYGuDx)g!761xaBUZbbQ
zYM|7w(93Q?!DsE+IqEwquule3^Nr7+vfial8@-8(7n5!Jr7W*AVzWt(3ZuLG6-U0Z
zQ%?pjRSvKh_j`|$6mpL@Y#%_J+VkobgK0A@a!{ZLwvxf=AtR@6l)LR*9NEMvG$7m}
zg~`7MR(k?@Mkz_Ogzd786eQqpAmJKA0@Z4tcQytX`eC1A_0$TYsci=f#>yFTblSHE
z_*_N%9qQkC1x+N2m8JiZ$#VcdGv=4^k9M(-__U*(D-=_9TcL!Zc1r-TM|L}HB(qZ+
z8|s`TaaB)hiRtt(IL6xL5gvl+cG~|QfUv@d$NvcGOf*rAE|l~X#*cTQV=TX8B5GF@
zo)MuI^ztzF&2WjkRSy@^YY2=}R-o!^vLgNQT3qVn&AKdt6w`$1qoVMyc}N<Q?!E{c
zRY}u~x=Fh7H*ofP<BSM7tLoG?tICztzKvbr|5amZ2~b`8p!;=JD*t{d_UmkBN}Dm*
zJEy-|{~4JvTL4}5xqx9(r(Ls*f$_1bI4^U={tk47Z*%7!sbM1@b9CmYo_Whbsn+Ag
zELyXlE}*a{M!Qa?{yw$Gv%Xi2WKXxc#Gv_I+GXWKP4<})o|~0f51%O%m3}d*k-H@<
zLqT)$BUL%s3Mg6L0UY7>;z%AUYfvT{4q9K%Cg%tyb|XH+a8F!kfoEzbCri26Qw`nk
zk|fGt`$!rQCR%&*a7MDR2l84li+6kV+4M(!Qz)OFQq2;73_~Sl(Rouj?@iHvMfE}s
zySe8*>hU3ldQ80rtq9ivA|l?y1+42rbuzY-sJ1^iwN}(#VM3$-;GE5s$0bgt-eq`#
z!sc!WPvW_n^H*A>KjQ{}^cV7_?{<l3k%rbN`V5JE2lx4RMU#4!_De)&`vwp7wxURT
z?@L47F1^>~E>JcB^-t5wZ>AVe91NytFnj(HL{JNdQ-qwXCSW5pL(?%};GtD+9x#H2
zNqZ?PXF159rD3hi@U@V-{XqDlTZYAEduxbL6KOfMBs<slh9R;KqbmO*p4D7vTIu;>
zhy%nw6Z?smCisU)9!@2b$cEjnS?&Gg@orkUn8`k|@~%aGsx`^TxNcBYVP;p$9V<Es
z@QGr~j2<X$NbX{Ebbzy>xsxT#ScLp|S?<I%4hcR=Lv=J9en@uj$n){U7`$Ba64@R*
zayIX*ivXD=hB3h<L~RYd?dfxkF5b{15NNZZKh%xIpQ6|r2g0Xtq78x_Q+>odt;%$#
zX~<MTpihjcJ@8$!hjKTjO-DyPNSRr`qRyS9w<qK&a0K$96zuc8W1azK>x+BB(R2K0
z>s$j*{PD&yP3yqBeeyI)&Htp0ES?POnlF&oapH`h^rmNy4#=yLH>QS_irMEmRfx@`
z3quY(8Gn(U{lWB>+-P0ct@9qQRDcw%(>3{DNhpx_>wl?hn(1W+*y$L@ijqJ-!g8i2
zT2u@|xrXc95Tt64WIk(bFA%eprPR&uuR@K>VfVWJhQ1qK1xhj<zl(PrQ%5zRw4A)f
zJW?mkxAI=NxLAKN7(6_QRQ=)FCq8#I&KP<?LdHW|YL9KnI2Bzu9HEU(He}d;akJSD
zap*i+A#@O!);t#|KmYeM+3}m_kfhI~^V`Op+Wj~Q=iFixKWs=pzh$TfJ)}k%)V-X7
zfBPEV2y-zy>SO!|dtaHW)>u^6v~gD>=S4-aZ<+m%p>LAnxfg?!B|{l6G>f>Bt7CvS
z%p`!7S+Y}ud3&31-?Ob2l=lLr*&X-)n(;@OvQtL7d;CAo)5fpVoI`o)JCaQ-RVyGx
zlmDMtyoq3z!U8|+)D4hy;?)_9Qr>`pe*2g234#|u`v`Hyx9X$YUeiC6T`mghhDz&V
zT~{J&1JQk(9$%QJOAQy(>tgOH$GW<kd{~>fGxu-vKqCvP>_iv*I~`}%Hs4WGEW-n7
zQ+5L_fXe4hnm_(nR-2;+qng?=GQB*qp%CY#b<r#l@LX&2I>}%ln#ZXAkJrb&ZNA3e
z6;(;@zQHyO`*+_B9xm8P@I$=HS5Aw|Z4_6_8opH8nC|fT(Fu37qh#xSQL@dN!QVoc
z%BOSN5kg1j9>4aMjHjU0l|Wl_d`}B5-WSWVcO@}NsK5iy;_CyzR}jGVn_n|qhoZ7l
zx(jSJ%1~U--Yn2}Q_@5d83CQrU1_x1Wy!;O%wGN~J0J?5g0?7g7&gn(p)~Wa4qZPB
z4mi&hcLLqcgrPps;=wz8*s>|8l>=D-u3Wuyg#JO{-=nk%WEUFxQTX*v0G46RkD9eM
z$qUNE97-rWD6lotWsZKJ8~vB3K%C4{v9OXY=IQgVWs=NZS|Ji?=piR(h1w}5`&e5Y
zB(SY|y+}evG6+$4gvZf>^TbXY8YtVZnstCuSlYhG4Tu?T>%c#Bd#H8Fn6hoUy?kY-
zmu*ka@E4P>5BBT1ktK4#-@_Pl^3)QG%fp@aF$|$MPLUQ<p@6Fu?F5ac^?nc2+?ms5
z2`IHGF2WM$Gcvoxt{yLo`R5^YbxB8gueYO!ebK91k+#vi9Pk2{hQzG2k)k^!&tipf
zE7M#Ic3-iBMZFD&X5#)n=u~1`lR0R|ZdStlLe+`O1$p5i^Bkrzr9?V-s=goc4})U|
zyIu7(Fl}i;cko>GTKI1tAKv(?{x7YtSy9x!X0jv0`zuEZ;XkBrYJExH2TK2XLE^ep
zC}uvCBxW~vtjlcvO+)h`OGP%3ydmruHmD^8z6Mv?b>sWU;!_D(-RX&n^r|1_eLiNy
zbRng8WU|(4=Gd4^9EWAPi2{*C<Sm(>8~vKb1lijA4Ki}2v-x?)WWQ@%5RZR$L0h#F
z0hO8)^&Q*YXl60&YbWu4Zg)R7`IB%^o^mAR2kr<Gh1g$CLt#Bf5{IoS8gDQ1Jv%cc
z4_<gAzkM&gH_Uj>>HkB;b8t;&?UK}iB;ZAT{x|r6l76;dIr}BxFaAX7w1tYefB7wT
zx$U%8E2bp0V|k{DtKfsJUyLc@yxy<*{>0Kmoo>zS%rJqgs_u~XFa#EnQ1#d4T|&Mi
zSo0TDrH{lT2ui9g>Ps=TfnMzD4}DhXIiC^^3?$iU!=5VK56-{w8KYC=o@Ta^%xDR)
zR^_hVbP;BD-CWNEGt<utgvZuYmu#_aljX=2L~;|;Jf8&Ry-7@bG+MXMR~j?N4R2zX
zsx}Sts65NU^!2_R7H4URQ-aW!<}D8g-+ip}t#Fb0QFWSGer}Fancbv!RN_SRi^Py0
zmUW#)EZzIJlwAPQ0Hy%HDu^P^60SN00uDs1vE4Cy&D1X6{QH^vo#oViFP3jYjt<-t
zPo{=F7IRZ2fm{j(b8brszzKz@qaZN+FDvIWA=)#FC+N`Nb6ugxeXEbJnC8d5jJX%V
zX9Jzb7x$|_{Ju!g8L6-M>ZiaMvZ)&b$~{}(4_W^3X~O;ZfnZH`CFLm{%N92*hPFt<
zdEb%qH+GDZhWyAcI!Mc7zkfy#Xq^&L%|ABw<&b?BFx>VkLpEi&oH!eg_<fiAjp`ne
zNcdh+*qtjAi%??Z<ZK#A|F+s#`Nc9E_~65ad>QfLZMU=bB7VosfT|zFX8;d#xtIM~
zvt1_b{Z|%(RG^l9)<^5;$4o=?Z*P{X?5HO*DQrzR6D>R|Z3eR7b!#Vp`+POGaqnzQ
zR;oqU`bi4uXkEB(oi5LL-JJ9LUb{*BSMs^up1v57=;}j}WGa8=JIDuVV+%u@0c*j_
zQ@5g?AE{M~N{XDB=ADIG_p)1Cz_d1)6x9H}E>F&%LYCvtg}d)|B`)Th?5`BkuePFI
zsOChaDah9rmCGm0=~Q9V?Vx``G6yUVzZksyq)N!={!#Tx!E}sFVlym+j^RagnEk2S
zj^Jmq@mIn!-h(H(7)|X&_rM(BfFS-ArfA~8(E4}uVKxK6dh+DRR#9yI+)h_UP8Km9
zQ$N2jeN#`VFz{pj!{hh6^wz)iCqur5z@6qK&L=(>8YQM3<Uh|0!2g9gLul=N=#rbB
z#wPDE3;1$)<-ATLU(w5tdg^*`%X+DG{$*##_VD|TlIJ-t7XN;|Vqkj+ij5t41wL-S
zV>2*N&^Pk!5uD|sT&nv$LvsOndSejc$We}_=)td^8x~||)Y6gX%gsl-p;Y(7)OXH3
zj~R12@7Wsq)+|vhb)VQ<Ho%H#{40{0w>Lz!(#LM(#WxwM<;v`BY@aZYMElO%WKlTk
z@gF2%T3PSr%T{J5D{JB`ESm@U+UT{mHFxE{c`<bSw|<4=+d@lQV~-W=@MFfi-(`b}
z6N^|9-AJz7;XBfeWgKh4a7lQMbX{-MJ*tCTV?&k8XbS#B$*r$6=3k#^FQ+;mi|AK+
zrFCW5JQ&m$wlb6L*1OB7*4L7J@a0+fdC=UGsYHb2M|<<{ACQNTC{W0(_*X-or%PXy
zFG76`3T@2vrhQnILu@@>vafcU<(-c7+2Z@DQXs#&XHwg;A($#rG8Z`G^bS<Oa3KCs
zrkjcba|LDgX>+hLP2DInGwqPm_|0{vSKp^(Tx@s13hZe_OSFX;SEk8VTc4Vo9P;Qz
zek#2d(-}7pW$Csw<xje(dU5!PjVtMfuYJu8bSR3?wUCE2^x^{iO)(9V9MBW16CC#3
zg{#H(mmDxE>eo^9VC;)Hh##Lt((-Jb!Kl>US*u|Hl(?*Ivfy(-NOh!lH+jJqh<2aF
zp1+=6{MI(Lm`R4}7tM6l<6BS6J;vaV!V44^A380@Gi#Z-f0piBktgR3=5GoVVhp>@
zVAqjYA+0cdJ|I1}U-PU|f$`Si*aHEKhTQ3d$?pu2e>Q6*uR8hFk?@?j&KGR;rNY8x
zcac5^z(GCY1+1(VIc797{BaO-9CJ#JDUas%AujA=rB-}LJX9!VqQ0!*qbR=B76_hI
zo?97BQrGc)G5780y_tT=d$qH7zj;wTv88{y!&8-@RXhPfY*p{piJp&F8|;oiI?CTI
z<$X)te@8|7;}-|19`X9R)o~FN+k6p>9f$Q5b{WsB={Z_!{E;WTXZLR$*Q1^(qA%2#
zL>)HO`*qgJMH3M-X4otpxO6A}!*qTw@lzd*Am}=zO;grrb*q|-x28jIt$t}oaSv6(
z_^fONUQTb(kS;X*mk!k3_4$k%h>Ut2b^rKHvAzjG{SY8|dkZUXXOi6en|aZ?V=?p-
zs#N58-9rn#S*)AdrTio30X1LX0V-aN{Mc$r_VJ4vC&idDzj{tLh;oGrVr?slN8Y;k
zP_t=9&ZOFmF@JHT&q~i>V&}N<B3m!@etIFr{d#eLbsF=fCGgl1;K5CU{8J?Ij2X8Z
z4nr(+^}}j0Pqq-<Z^6J!oA%eHxFsAA6=6;E4|p>KtJ=SjF4SKo8PS81hP94SAp_2*
zf9HHiXmn+Bsq^Bw*uWSpyx0l4KZykUd;a*sw{`zfguDksgz+%Lv75hTv9qs?<dUA5
zqHFMW;Hx_=!9Vl*pmxcD>OY$hTRhYWjA?R2qW6AlT8P9>Ji77;UDOw|-`kOuXG2`N
zJ8Di3$&RQ6K1nig92Unt>tm|X=gsu3*r)&EdXaPSz)EQ=!~#G6;Jt#!XpHhb7w;}i
zuhK1$Y0<MT`)&q#rH=&+6AH0LB&>}=mMUZU6ki9X;dTd_@}|!%iF=)Biz1dlC;Iqc
znRX6RxsY_8pqdQ1!e_O<6bxNWPuy&H5^KBV=8GBmTF5*oVHc4bDhKOL1`z@;H!MAT
zSj8wM*F+TBw-bh=`_cL)Wjqx0(UdQ(fhwN9-}U=`d|&O)^zP}C7@sOBo~T+kqHbog
z0Q_~7mo=^Nci?~j<Y7Efx}kH&8xddasQy{d_>^6D@l|$n$#~d|jS6!=HC1XB8lu`m
z$u9mV^ObbSMOA^cjeYkbR`k)w5BsUia(X-Ph2DFOeB`tRro+WvtyT+DqMsxNvkzRF
zCzvENO~mf}vC<3sH$|p~SSh@@F<OVJ8S$#~qfrzrh)qmzdYOi;*sQ99f&)5g-qAY+
k)>%b~b(Lq#KTc#sA@ATxZ`{D+iLO6>ftOeqBZ+VPFLvg3H~;_u

diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
deleted file mode 100644
index dfe37d52d..000000000
--- a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/METADATA
+++ /dev/null
@@ -1,93 +0,0 @@
-Metadata-Version: 2.1
-Name: MarkupSafe
-Version: 2.1.5
-Summary: Safely add untrusted strings to HTML/XML markup.
-Home-page: https://palletsprojects.com/p/markupsafe/
-Maintainer: Pallets
-Maintainer-email: contact@palletsprojects.com
-License: BSD-3-Clause
-Project-URL: Donate, https://palletsprojects.com/donate
-Project-URL: Documentation, https://markupsafe.palletsprojects.com/
-Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
-Project-URL: Source Code, https://github.com/pallets/markupsafe/
-Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
-Project-URL: Chat, https://discord.gg/pallets
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
-Classifier: Topic :: Text Processing :: Markup :: HTML
-Requires-Python: >=3.7
-Description-Content-Type: text/x-rst
-License-File: LICENSE.rst
-
-MarkupSafe
-==========
-
-MarkupSafe implements a text object that escapes characters so it is
-safe to use in HTML and XML. Characters that have special meanings are
-replaced so that they display as the actual characters. This mitigates
-injection attacks, meaning untrusted user input can safely be displayed
-on a page.
-
-
-Installing
-----------
-
-Install and update using `pip`_:
-
-.. code-block:: text
-
-    pip install -U MarkupSafe
-
-.. _pip: https://pip.pypa.io/en/stable/getting-started/
-
-
-Examples
---------
-
-.. code-block:: pycon
-
-    >>> from markupsafe import Markup, escape
-
-    >>> # escape replaces special characters and wraps in Markup
-    >>> escape("<script>alert(document.cookie);</script>")
-    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
-
-    >>> # wrap in Markup to mark text "safe" and prevent escaping
-    >>> Markup("<strong>Hello</strong>")
-    Markup('<strong>hello</strong>')
-
-    >>> escape(Markup("<strong>Hello</strong>"))
-    Markup('<strong>hello</strong>')
-
-    >>> # Markup is a str subclass
-    >>> # methods and operators escape their arguments
-    >>> template = Markup("Hello <em>{name}</em>")
-    >>> template.format(name='"World"')
-    Markup('Hello <em>&#34;World&#34;</em>')
-
-
-Donate
-------
-
-The Pallets organization develops and supports MarkupSafe and other
-popular packages. In order to grow the community of contributors and
-users, and allow the maintainers to devote more time to the projects,
-`please donate today`_.
-
-.. _please donate today: https://palletsprojects.com/donate
-
-
-Links
------
-
--   Documentation: https://markupsafe.palletsprojects.com/
--   Changes: https://markupsafe.palletsprojects.com/changes/
--   PyPI Releases: https://pypi.org/project/MarkupSafe/
--   Source Code: https://github.com/pallets/markupsafe/
--   Issue Tracker: https://github.com/pallets/markupsafe/issues/
--   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
deleted file mode 100644
index 3d3704663..000000000
--- a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/RECORD
+++ /dev/null
@@ -1,15 +0,0 @@
-MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
-MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
-MarkupSafe-2.1.5.dist-info/RECORD,,
-MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-MarkupSafe-2.1.5.dist-info/WHEEL,sha256=AI1yqBLEPcVKWn5Ls2uPawjbqPXPFTYdQLSdN8WFCJw,152
-MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
-markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
-markupsafe/__pycache__/__init__.cpython-311.pyc,,
-markupsafe/__pycache__/_native.cpython-311.pyc,,
-markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
-markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
-markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so,sha256=9PMBIm-zJzHm91NC-mblTC119_dIAldSQ4xFsE1_NPc,53656
-markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
-markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
rename to lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/METADATA
new file mode 100644
index 000000000..82261f2a4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/METADATA
@@ -0,0 +1,92 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 3.0.2
+Summary: Safely add untrusted strings to HTML/XML markup.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+License: Copyright 2010 Pallets
+        
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are
+        met:
+        
+        1.  Redistributions of source code must retain the above copyright
+            notice, this list of conditions and the following disclaimer.
+        
+        2.  Redistributions in binary form must reproduce the above copyright
+            notice, this list of conditions and the following disclaimer in the
+            documentation and/or other materials provided with the distribution.
+        
+        3.  Neither the name of the copyright holder nor the names of its
+            contributors may be used to endorse or promote products derived from
+            this software without specific prior written permission.
+        
+        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+        "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+        PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+        HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+        SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+        TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+        PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+        LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+        NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+        
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source, https://github.com/pallets/markupsafe/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+
+# MarkupSafe
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+## Examples
+
+```pycon
+>>> from markupsafe import Markup, escape
+
+>>> # escape replaces special characters and wraps in Markup
+>>> escape("<script>alert(document.cookie);</script>")
+Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+>>> # wrap in Markup to mark text "safe" and prevent escaping
+>>> Markup("<strong>Hello</strong>")
+Markup('<strong>hello</strong>')
+
+>>> escape(Markup("<strong>Hello</strong>"))
+Markup('<strong>hello</strong>')
+
+>>> # Markup is a str subclass
+>>> # methods and operators escape their arguments
+>>> template = Markup("Hello <em>{name}</em>")
+>>> template.format(name='"World"')
+Markup('Hello <em>&#34;World&#34;</em>')
+```
+
+## Donate
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+[please donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/RECORD
new file mode 100644
index 000000000..af0c79114
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-3.0.2.dist-info/METADATA,sha256=aAwbZhSmXdfFuMM-rEHpeiHRkBOGESyVLJIuwzHP-nw,3975
+MarkupSafe-3.0.2.dist-info/RECORD,,
+MarkupSafe-3.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-3.0.2.dist-info/WHEEL,sha256=OhaudQk1f3YCu0uQO5v6u-i01XPoX70c0R3T_XY-jOo,151
+MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=sr-U6_27DfaSrj5jnHYxWN-pvhM27sjlDplMDPZKm7k,13214
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=hSLs8Jmz5aqayuengJJ3kdT5PwNpBWpKrmQSdipndC8,210
+markupsafe/_speedups.c,sha256=O7XulmTo-epI6n2FtMVOrJXl8EAaIwD2iNYmBI5SEoQ,4149
+markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so,sha256=6IDH6Z1ajjClhfGerTB8WLb81uXUpLD8e-e1WzCirVY,43456
+markupsafe/_speedups.pyi,sha256=ENd1bYe7gbBUf2ywyYWOGUpnXOHNJ-cgTNqetlW8h5k,41
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
similarity index 78%
rename from lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
index 4497ba573..35db8b0bf 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-manylinux_2_17_x86_64
 Tag: cp311-cp311-manylinux2014_x86_64
diff --git a/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/METADATA
similarity index 93%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/METADATA
index c8905983e..db029b770 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: PyYAML
-Version: 6.0.1
+Version: 6.0.2
 Summary: YAML parser and emitter for Python
 Home-page: https://pyyaml.org/
 Download-URL: https://pypi.org/project/PyYAML/
@@ -20,17 +20,17 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Cython
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Text Processing :: Markup
-Requires-Python: >=3.6
+Requires-Python: >=3.8
 License-File: LICENSE
 
 YAML is a data serialization format designed for human readability
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/RECORD
similarity index 75%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/RECORD
index 365419bf7..4f120b974 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/RECORD
@@ -1,13 +1,13 @@
-PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
-PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
-PyYAML-6.0.1.dist-info/RECORD,,
-PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-PyYAML-6.0.1.dist-info/WHEEL,sha256=8KU227XctfdX2qUwyjQUO-ciQuZtmyPUCKmeGV6Byto,152
-PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+PyYAML-6.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.2.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.2.dist-info/METADATA,sha256=9-odFB5seu4pGPcEv7E8iyxNF51_uKnaNGjLAhz2lto,2060
+PyYAML-6.0.2.dist-info/RECORD,,
+PyYAML-6.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.2.dist-info/WHEEL,sha256=YWWHkv6sHhBDPNqgSfLklIm4KZnZJH4x2lIHOwCoU7Q,152
+PyYAML-6.0.2.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
 _yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
 _yaml/__pycache__/__init__.cpython-311.pyc,,
-yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__init__.py,sha256=N35S01HMesFTe0aRRMWkPj0Pa8IEbHpE9FK7cr5Bdtw,12311
 yaml/__pycache__/__init__.cpython-311.pyc,,
 yaml/__pycache__/composer.cpython-311.pyc,,
 yaml/__pycache__/constructor.cpython-311.pyc,,
@@ -25,7 +25,7 @@ yaml/__pycache__/resolver.cpython-311.pyc,,
 yaml/__pycache__/scanner.cpython-311.pyc,,
 yaml/__pycache__/serializer.cpython-311.pyc,,
 yaml/__pycache__/tokens.cpython-311.pyc,,
-yaml/_yaml.cpython-311-x86_64-linux-gnu.so,sha256=ls52EONnCPWCytU6wojl6RE4BhAUdu8LH3XIYfgpH0k,2504120
+yaml/_yaml.cpython-311-x86_64-linux-gnu.so,sha256=sZBsAqPs6VM8YzOkHpNL0qKIfR0zNM9gttjzjoVPaiI,2466120
 yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
 yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
 yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/WHEEL
similarity index 78%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/WHEEL
index 3bed0cbcf..a9a865296 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: bdist_wheel (0.44.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-manylinux_2_17_x86_64
 Tag: cp311-cp311-manylinux2014_x86_64
diff --git a/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-amd64/PyYAML-6.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-amd64/files.json b/lib/go-jinja2/internal/data/linux-amd64/files.json
index c214f0c15..1ecc049ad 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/files.json
+++ b/lib/go-jinja2/internal/data/linux-amd64/files.json
@@ -1,83 +1,83 @@
 {
-  "contentHash": "6f5a4b4631b98d625713e403b600d43fec26e0f95ba727f6d81c07b4530b369d",
+  "contentHash": "908ed24d156a6ded3134def0411f4a9b4ddbd94e6a3682f64fe742cd6f01ec26",
   "files": [
     {
-      "name": "MarkupSafe-2.1.5.dist-info",
+      "name": "MarkupSafe-3.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "name": "MarkupSafe-3.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "name": "MarkupSafe-3.0.2.dist-info/LICENSE.txt",
       "size": 1475,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
-      "size": 3003,
+      "name": "MarkupSafe-3.0.2.dist-info/METADATA",
+      "size": 3975,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
-      "size": 1200,
+      "name": "MarkupSafe-3.0.2.dist-info/RECORD",
+      "size": 1198,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "name": "MarkupSafe-3.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
-      "size": 152,
+      "name": "MarkupSafe-3.0.2.dist-info/WHEEL",
+      "size": 151,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "name": "MarkupSafe-3.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info",
+      "name": "PyYAML-6.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "name": "PyYAML-6.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "name": "PyYAML-6.0.2.dist-info/LICENSE",
       "size": 1101,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/METADATA",
-      "size": 2058,
+      "name": "PyYAML-6.0.2.dist-info/METADATA",
+      "size": 2060,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "name": "PyYAML-6.0.2.dist-info/RECORD",
       "size": 2784,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "name": "PyYAML-6.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "name": "PyYAML-6.0.2.dist-info/WHEEL",
       "size": 152,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "name": "PyYAML-6.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
@@ -417,47 +417,47 @@
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info",
+      "name": "jsonpath_ng-1.7.0.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "name": "jsonpath_ng-1.7.0.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "name": "jsonpath_ng-1.7.0.dist-info/LICENSE",
       "size": 11358,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
-      "size": 18072,
+      "name": "jsonpath_ng-1.7.0.dist-info/METADATA",
+      "size": 18400,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "name": "jsonpath_ng-1.7.0.dist-info/RECORD",
       "size": 2549,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "name": "jsonpath_ng-1.7.0.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "name": "jsonpath_ng-1.7.0.dist-info/WHEEL",
       "size": 92,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
-      "size": 69,
+      "name": "jsonpath_ng-1.7.0.dist-info/entry_points.txt",
+      "size": 70,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "name": "jsonpath_ng-1.7.0.dist-info/top_level.txt",
       "size": 12,
       "perm": 420
     },
@@ -508,32 +508,32 @@
     },
     {
       "name": "jsonpath_ng/ext/iterable.py",
-      "size": 3680,
+      "size": 4302,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/parser.py",
-      "size": 5351,
+      "size": 5416,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/string.py",
-      "size": 3261,
+      "size": 4045,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/jsonpath.py",
-      "size": 26402,
+      "size": 27219,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/lexer.py",
-      "size": 5231,
+      "size": 5276,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/parser.py",
-      "size": 5883,
+      "size": 6077,
       "perm": 420
     },
     {
@@ -543,28 +543,28 @@
     },
     {
       "name": "markupsafe/__init__.py",
-      "size": 10958,
+      "size": 13214,
       "perm": 420
     },
     {
       "name": "markupsafe/_native.py",
-      "size": 1713,
+      "size": 210,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.c",
-      "size": 7083,
+      "size": 4149,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so",
-      "size": 53656,
+      "size": 43456,
       "perm": 493,
       "compressed": true
     },
     {
       "name": "markupsafe/_speedups.pyi",
-      "size": 229,
+      "size": 41,
       "perm": 420
     },
     {
@@ -800,7 +800,7 @@
     },
     {
       "name": "yaml/_yaml.cpython-311-x86_64-linux-gnu.so",
-      "size": 2504120,
+      "size": 2466120,
       "perm": 493,
       "compressed": true
     },
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
similarity index 91%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
index 86be119bc..3a7d08dd6 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
@@ -1,22 +1,21 @@
 Metadata-Version: 2.1
 Name: jsonpath-ng
-Version: 1.6.1
+Version: 1.7.0
 Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
 Home-page: https://github.com/h2non/jsonpath-ng
 Author: Tomas Aparicio
 Author-email: tomas@aparicio.me
 License: Apache 2.0
+Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
-License-File: LICENSE
 Requires-Dist: ply
 
 Python JSONPath Next-Generation |Build Status| |PyPI|
@@ -32,7 +31,7 @@ About
 -----
 
 This library provides a robust and significantly extended implementation
-of JSONPath for Python. It is tested with CPython 3.7 and higher.
+of JSONPath for Python. It is tested with CPython 3.8 and higher.
 
 This library differs from other JSONPath implementations in that it is a
 full *language* implementation, meaning the JSONPath expressions are
@@ -147,19 +146,21 @@ Atomic expressions:
 
 Jsonpath operators:
 
-+-------------------------------------+------------------------------------------------------------------------------------+
-| Syntax                              | Meaning                                                                            |
-+=====================================+====================================================================================+
-| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
-+-------------------------------------+------------------------------------------------------------------------------------+
++--------------------------------------+-----------------------------------------------------------------------------------+
+| Syntax                               | Meaning                                                                           |
++======================================+===================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*        | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*        |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``    | Same as *jsonpath*\ ``.``\ *whatever*                                             |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*       | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*    | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``wherenot`` *jsonpath2* | Any nodes matching *jsonpath1* with a child not matching *jsonpath2*              |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*        | Any nodes matching the union of *jsonpath1* and *jsonpath2*                       |
++--------------------------------------+-----------------------------------------------------------------------------------+
 
 Field specifiers ( *field* ):
 
@@ -236,6 +237,8 @@ To use the extensions below you must import from `jsonpath_ng.ext`.
 |              | - ``$.field.`sub(/regex/, replacement)```     |
 +--------------+-----------------------------------------------+
 | split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(",", *, -1)```             |
+|              | - ``$.field.`split(' ', -1, -1)```            |
 |              | - ``$.field.`split(sep, segement, maxsplit)```|
 +--------------+-----------------------------------------------+
 | sorted       | - ``$.objects.`sorted```                      |
@@ -377,3 +380,5 @@ limitations under the License.
    :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
 .. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
    :target: https://pypi.python.org/pypi/jsonpath-ng
+
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
similarity index 54%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
index 28c135846..568e35a95 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
@@ -1,13 +1,13 @@
 ../../bin/jsonpath_ng,sha256=kobtzF-MfUVWOwuEGnHuplhBWwssjmIPKgy0IfD-hpY,260
-jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
-jsonpath_ng-1.6.1.dist-info/RECORD,,
-jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
-jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
-jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng-1.7.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.7.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.7.0.dist-info/METADATA,sha256=SeIBPNOSwzieZEWYZ3rJOhSej3WLUbmbudGwGZVvzF8,18400
+jsonpath_ng-1.7.0.dist-info/RECORD,,
+jsonpath_ng-1.7.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.7.0.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
+jsonpath_ng-1.7.0.dist-info/entry_points.txt,sha256=X7ZlkFvz1kYSNtz7hXOsRc5L2o3SOCAV0f7IBViZkGQ,70
+jsonpath_ng-1.7.0.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=DU869YGlpMHa48K9X2Ypgb8OwjYU7kEtcea5mC6wv1I,116
 jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
 jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
 jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
@@ -27,9 +27,9 @@ jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
 jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
 jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
 jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
-jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
-jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
-jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
-jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
-jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
-jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
+jsonpath_ng/ext/iterable.py,sha256=f8PMyfT2MgSCvpQgNc0GNr6ULhxv3kj7tAqA0f7KvIE,4302
+jsonpath_ng/ext/parser.py,sha256=0nkxkF_ComJUMs0jUGzaf5KthC7phlPwcYQy7IHaSxU,5416
+jsonpath_ng/ext/string.py,sha256=m1fUl2yWTyI7I5auWXeM-O3gf0p3WV0CTh9be55Q884,4045
+jsonpath_ng/jsonpath.py,sha256=mfQmaDWfgz_Y6sAqTX-8CUpxoiOem_dg7R9S0ZFyBQE,27219
+jsonpath_ng/lexer.py,sha256=ZXGwVwv8RFPPDswue7pcgCMP4KIlYH_m6xpxQakLBA4,5276
+jsonpath_ng/parser.py,sha256=kirRhGux10hjc5nXqWtz1Ko2P_cfypZciekK1-PrWz4,6077
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
similarity index 65%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
index 57e3d840d..b552003ff 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.34.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
similarity index 98%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
index e1985ff19..105e6040a 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
@@ -1,2 +1,3 @@
 [console_scripts]
 jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
+
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
index ed6553b2d..938f88c0d 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/__init__.py
@@ -3,4 +3,4 @@
 
 
 # Current package version
-__version__ = '1.6.1'
+__version__ = '1.7.0'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
index 40ae1eb5b..c5cd0dc08 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/iterable.py
@@ -116,3 +116,28 @@ def __str__(self):
 
     def __repr__(self):
         return 'Keys()'
+
+class Path(JSONPath):
+    """The JSONPath referring to the path of the current object.
+    Concrete syntax is 'path`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = str(datum.path)
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value,
+                                   context=datum,
+                                   path=Path())]
+
+    def __eq__(self, other):
+        return isinstance(other, Path)
+
+    def __str__(self):
+        return '`path`'
+
+    def __repr__(self):
+        return 'Path()'
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
index 756b72c69..fa67f4f22 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/parser.py
@@ -96,6 +96,8 @@ def p_jsonpath_named_operator(self, p):
             p[0] = _iterable.Len()
         elif p[1] == 'keys':
             p[0] = _iterable.Keys()
+        elif p[1] == 'path':
+            p[0] = _iterable.Path()
         elif p[1] == 'sorted':
             p[0] = _iterable.SortedThis()
         elif p[1].startswith("split("):
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
index 1cd27632d..9bf912dfb 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/ext/string.py
@@ -16,7 +16,13 @@
 
 
 SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
-SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+# Regex generated using the EZRegex package (ezregex.org)
+# EZRegex code: 
+# param1 = group(optional(either("'", '"')), name='quote') + group(chunk) + earlier_group('quote')
+# param2 = group(either(optional('-') + number, '*'))
+# param3 = group(optional('-') + number)
+# pattern = 'split' + ow + '(' + ow + param1 + ow + ',' + ow + param2 + ow + ',' + ow + param3 + ow + ')'
+SPLIT = re.compile(r"split(?:\s+)?\((?:\s+)?(?P<quote>(?:(?:'|\"))?)(.+)(?P=quote)(?:\s+)?,(?:\s+)?((?:(?:\-)?\d+|\*))(?:\s+)?,(?:\s+)?((?:\-)?\d+)(?:\s+)?\)")
 STR = re.compile(r"str\(\)")
 
 
@@ -60,23 +66,29 @@ def __str__(self):
 class Split(This):
     """String splitter
 
-    Concrete syntax is '`split(char, segment, max_split)`'
+    Concrete syntax is '`split(chars, segment, max_split)`'
+    `chars` can optionally be surrounded by quotes, to specify things like commas or spaces
+    `segment` can be `*` to select all
+    `max_split` can be negative, to indicate no limit
     """
 
     def __init__(self, method=None):
         m = SPLIT.match(method)
         if m is None:
             raise DefintionInvalid("%s is not valid" % method)
-        self.char = m.group(1)
-        self.segment = int(m.group(2))
-        self.max_split = int(m.group(3))
+        self.chars = m.group(2)
+        self.segment = m.group(3)
+        self.max_split = int(m.group(4))
         self.method = method
 
     def find(self, datum):
         datum = DatumInContext.wrap(datum)
         try:
-            value = datum.value.split(self.char, self.max_split)[self.segment]
-        except Exception:
+            if self.segment == '*':
+                value = datum.value.split(self.chars, self.max_split)
+            else:
+                value = datum.value.split(self.chars, self.max_split)[int(self.segment)]
+        except:
             return []
         return [DatumInContext.wrap(value)]
 
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
index 19e5a9eb3..c2e392b9c 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/jsonpath.py
@@ -369,6 +369,36 @@ def __eq__(self, other):
     def __hash__(self):
         return hash((self.left, self.right))
 
+
+class WhereNot(Where):
+    """
+    Identical to ``Where``, but filters for only those nodes that
+    do *not* have a match on the right.
+
+    >>> jsonpath = WhereNot(Fields('spam'), Fields('spam'))
+    >>> jsonpath.find({"spam": {"spam": 1}})
+    []
+    >>> matches = jsonpath.find({"spam": 1})
+    >>> matches[0].value
+    1
+
+    """
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data)
+                if not self.right.find(subdata)]
+
+    def __str__(self):
+        return '%s wherenot %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return (isinstance(other, WhereNot)
+                and other.left == self.left
+                and other.right == self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
 class Descendants(JSONPath):
     """
     JSONPath that matches first the left expression then any descendant
@@ -597,9 +627,9 @@ def update_or_create(self, data, val):
     def _update_base(self, data, val, create):
         if data is not None:
             for field in self.reified_fields(DatumInContext.wrap(data)):
-                if field not in data and create:
+                if create and field not in data:
                     data[field] = {}
-                if field in data:
+                if type(data) is not bool and field in data:
                     if hasattr(val, '__call__'):
                         data[field] = val(data[field], data, field)
                     else:
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
index b2ad5ee6d..bc86488d5 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/lexer.py
@@ -48,7 +48,10 @@ def tokenize(self, string):
 
     literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
 
-    reserved_words = { 'where': 'WHERE' }
+    reserved_words = {
+        'where': 'WHERE',
+        'wherenot': 'WHERENOT',
+    }
 
     tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
 
diff --git a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
index 87e353ebf..a2ea6e678 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/jsonpath_ng/parser.py
@@ -33,12 +33,6 @@ def __init__(self, debug=False, lexer_class=None):
         self.debug = debug
         self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
 
-    def parse(self, string, lexer = None):
-        lexer = lexer or self.lexer_class()
-        return self.parse_token_stream(lexer.tokenize(string))
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-
         # Since PLY has some crufty aspects and dumps files, we try to keep them local
         # However, we need to derive the name of the output Python file :-/
         output_directory = os.path.dirname(__file__)
@@ -47,19 +41,24 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         except:
             module_name = __name__
 
+        start_symbol = 'jsonpath'
         parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
 
-        # And we regenerate the parse table every time;
-        # it doesn't actually take that long!
-        new_parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule = parsing_table_module,
-                                   outputdir = output_directory,
-                                   write_tables=0,
-                                   start = start_symbol,
-                                   errorlog = logger)
+        # Generate the parse table
+        self.parser = ply.yacc.yacc(module=self,
+                                    debug=self.debug,
+                                    tabmodule = parsing_table_module,
+                                    outputdir = output_directory,
+                                    write_tables=0,
+                                    start = start_symbol,
+                                    errorlog = logger)
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
 
-        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+    def parse_token_stream(self, token_iterator):
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
 
     # ===================== PLY Parser specification =====================
 
@@ -70,6 +69,7 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         ('left', '|'),
         ('left', '&'),
         ('left', 'WHERE'),
+        ('left', 'WHERENOT'),
     ]
 
     def p_error(self, t):
@@ -82,6 +82,7 @@ def p_jsonpath_binop(self, p):
         """jsonpath : jsonpath '.' jsonpath
                     | jsonpath DOUBLEDOT jsonpath
                     | jsonpath WHERE jsonpath
+                    | jsonpath WHERENOT jsonpath
                     | jsonpath '|' jsonpath
                     | jsonpath '&' jsonpath"""
         op = p[2]
@@ -92,6 +93,8 @@ def p_jsonpath_binop(self, p):
             p[0] = Descendants(p[1], p[3])
         elif op == 'where':
             p[0] = Where(p[1], p[3])
+        elif op == 'wherenot':
+            p[0] = WhereNot(p[1], p[3])
         elif op == '|':
             p[0] = Union(p[1], p[3])
         elif op == '&':
@@ -146,9 +149,12 @@ def p_jsonpath_parens(self, p):
     # Because fields in brackets cannot be '*' - that is reserved for array indices
     def p_fields_or_any(self, p):
         """fields_or_any : fields
-                         | '*'    """
+                         | '*'
+                         | NUMBER"""
         if p[1] == '*':
             p[0] = ['*']
+        elif isinstance(p[1], int):
+            p[0] = str(p[1])
         else:
             p[0] = p[1]
 
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
index b40f24c66..fee8dc7ac 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/__init__.py
@@ -1,29 +1,84 @@
-import functools
+from __future__ import annotations
+
+import collections.abc as cabc
 import string
-import sys
 import typing as t
 
+try:
+    from ._speedups import _escape_inner
+except ImportError:
+    from ._native import _escape_inner
+
 if t.TYPE_CHECKING:
     import typing_extensions as te
 
-    class HasHTML(te.Protocol):
-        def __html__(self) -> str:
-            pass
 
-    _P = te.ParamSpec("_P")
+class _HasHTML(t.Protocol):
+    def __html__(self, /) -> str: ...
+
+
+class _TPEscape(t.Protocol):
+    def __call__(self, s: t.Any, /) -> Markup: ...
+
+
+def escape(s: t.Any, /) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    # If the object is already a plain string, skip __html__ check and string
+    # conversion. This is the most common use case.
+    # Use type(s) instead of s.__class__ because a proxy object may be reporting
+    # the __class__ of the proxied value.
+    if type(s) is str:
+        return Markup(_escape_inner(s))
+
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(_escape_inner(str(s)))
+
+
+def escape_silent(s: t.Any | None, /) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
 
+    return escape(s)
 
-__version__ = "2.1.5"
 
+def soft_str(s: t.Any, /) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
 
-def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
-    @functools.wraps(func)
-    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
-        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
-        _escape_argspec(kwargs, kwargs.items(), self.escape)
-        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
 
-    return wrapped  # type: ignore[return-value]
+    return s
 
 
 class Markup(str):
@@ -65,82 +120,72 @@ class Markup(str):
     __slots__ = ()
 
     def __new__(
-        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
-    ) -> "te.Self":
-        if hasattr(base, "__html__"):
-            base = base.__html__()
+        cls, object: t.Any = "", encoding: str | None = None, errors: str = "strict"
+    ) -> te.Self:
+        if hasattr(object, "__html__"):
+            object = object.__html__()
 
         if encoding is None:
-            return super().__new__(cls, base)
+            return super().__new__(cls, object)
 
-        return super().__new__(cls, base, encoding, errors)
+        return super().__new__(cls, object, encoding, errors)
 
-    def __html__(self) -> "te.Self":
+    def __html__(self, /) -> te.Self:
         return self
 
-    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.__class__(super().__add__(self.escape(other)))
+    def __add__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.__class__(super().__add__(self.escape(value)))
 
         return NotImplemented
 
-    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.escape(other).__add__(self)
+    def __radd__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.escape(value).__add__(self)
 
         return NotImplemented
 
-    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
-        if isinstance(num, int):
-            return self.__class__(super().__mul__(num))
+    def __mul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-        return NotImplemented
-
-    __rmul__ = __mul__
+    def __rmul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-    def __mod__(self, arg: t.Any) -> "te.Self":
-        if isinstance(arg, tuple):
+    def __mod__(self, value: t.Any, /) -> te.Self:
+        if isinstance(value, tuple):
             # a tuple of arguments, each wrapped
-            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
-        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            value = tuple(_MarkupEscapeHelper(x, self.escape) for x in value)
+        elif hasattr(type(value), "__getitem__") and not isinstance(value, str):
             # a mapping of arguments, wrapped
-            arg = _MarkupEscapeHelper(arg, self.escape)
+            value = _MarkupEscapeHelper(value, self.escape)
         else:
             # a single argument, wrapped with the helper and a tuple
-            arg = (_MarkupEscapeHelper(arg, self.escape),)
+            value = (_MarkupEscapeHelper(value, self.escape),)
 
-        return self.__class__(super().__mod__(arg))
+        return self.__class__(super().__mod__(value))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return f"{self.__class__.__name__}({super().__repr__()})"
 
-    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
-        return self.__class__(super().join(map(self.escape, seq)))
-
-    join.__doc__ = str.join.__doc__
+    def join(self, iterable: cabc.Iterable[str | _HasHTML], /) -> te.Self:
+        return self.__class__(super().join(map(self.escape, iterable)))
 
     def split(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().split(sep, maxsplit)]
 
-    split.__doc__ = str.split.__doc__
-
     def rsplit(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
 
-    rsplit.__doc__ = str.rsplit.__doc__
-
     def splitlines(  # type: ignore[override]
-        self, keepends: bool = False
-    ) -> t.List["te.Self"]:
+        self, /, keepends: bool = False
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().splitlines(keepends)]
 
-    splitlines.__doc__ = str.splitlines.__doc__
-
-    def unescape(self) -> str:
+    def unescape(self, /) -> str:
         """Convert escaped markup back into a text string. This replaces
         HTML entities with the characters they represent.
 
@@ -151,7 +196,7 @@ def unescape(self) -> str:
 
         return unescape(str(self))
 
-    def striptags(self) -> str:
+    def striptags(self, /) -> str:
         """:meth:`unescape` the markup, remove tags, and normalize
         whitespace to single spaces.
 
@@ -163,31 +208,17 @@ def striptags(self) -> str:
         # Look for comments then tags separately. Otherwise, a comment that
         # contains a tag would end early, leaving some of the comment behind.
 
-        while True:
-            # keep finding comment start marks
-            start = value.find("<!--")
-
-            if start == -1:
-                break
-
+        # keep finding comment start marks
+        while (start := value.find("<!--")) != -1:
             # find a comment end mark beyond the start, otherwise stop
-            end = value.find("-->", start)
-
-            if end == -1:
+            if (end := value.find("-->", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 3:]}"
 
         # remove tags using the same method
-        while True:
-            start = value.find("<")
-
-            if start == -1:
-                break
-
-            end = value.find(">", start)
-
-            if end == -1:
+        while (start := value.find("<")) != -1:
+            if (end := value.find(">", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 1:]}"
@@ -197,7 +228,7 @@ def striptags(self) -> str:
         return self.__class__(value).unescape()
 
     @classmethod
-    def escape(cls, s: t.Any) -> "te.Self":
+    def escape(cls, s: t.Any, /) -> te.Self:
         """Escape a string. Calls :func:`escape` and ensures that for
         subclasses the correct type is returned.
         """
@@ -208,49 +239,90 @@ def escape(cls, s: t.Any) -> "te.Self":
 
         return rv  # type: ignore[return-value]
 
-    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
-    capitalize = _simple_escaping_wrapper(str.capitalize)
-    title = _simple_escaping_wrapper(str.title)
-    lower = _simple_escaping_wrapper(str.lower)
-    upper = _simple_escaping_wrapper(str.upper)
-    replace = _simple_escaping_wrapper(str.replace)
-    ljust = _simple_escaping_wrapper(str.ljust)
-    rjust = _simple_escaping_wrapper(str.rjust)
-    lstrip = _simple_escaping_wrapper(str.lstrip)
-    rstrip = _simple_escaping_wrapper(str.rstrip)
-    center = _simple_escaping_wrapper(str.center)
-    strip = _simple_escaping_wrapper(str.strip)
-    translate = _simple_escaping_wrapper(str.translate)
-    expandtabs = _simple_escaping_wrapper(str.expandtabs)
-    swapcase = _simple_escaping_wrapper(str.swapcase)
-    zfill = _simple_escaping_wrapper(str.zfill)
-    casefold = _simple_escaping_wrapper(str.casefold)
-
-    if sys.version_info >= (3, 9):
-        removeprefix = _simple_escaping_wrapper(str.removeprefix)
-        removesuffix = _simple_escaping_wrapper(str.removesuffix)
-
-    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().partition(self.escape(sep))
+    def __getitem__(self, key: t.SupportsIndex | slice, /) -> te.Self:
+        return self.__class__(super().__getitem__(key))
+
+    def capitalize(self, /) -> te.Self:
+        return self.__class__(super().capitalize())
+
+    def title(self, /) -> te.Self:
+        return self.__class__(super().title())
+
+    def lower(self, /) -> te.Self:
+        return self.__class__(super().lower())
+
+    def upper(self, /) -> te.Self:
+        return self.__class__(super().upper())
+
+    def replace(self, old: str, new: str, count: t.SupportsIndex = -1, /) -> te.Self:
+        return self.__class__(super().replace(old, self.escape(new), count))
+
+    def ljust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().ljust(width, self.escape(fillchar)))
+
+    def rjust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().rjust(width, self.escape(fillchar)))
+
+    def lstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().lstrip(chars))
+
+    def rstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().rstrip(chars))
+
+    def center(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().center(width, self.escape(fillchar)))
+
+    def strip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().strip(chars))
+
+    def translate(
+        self,
+        table: cabc.Mapping[int, str | int | None],  # type: ignore[override]
+        /,
+    ) -> str:
+        return self.__class__(super().translate(table))
+
+    def expandtabs(self, /, tabsize: t.SupportsIndex = 8) -> te.Self:
+        return self.__class__(super().expandtabs(tabsize))
+
+    def swapcase(self, /) -> te.Self:
+        return self.__class__(super().swapcase())
+
+    def zfill(self, width: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().zfill(width))
+
+    def casefold(self, /) -> te.Self:
+        return self.__class__(super().casefold())
+
+    def removeprefix(self, prefix: str, /) -> te.Self:
+        return self.__class__(super().removeprefix(prefix))
+
+    def removesuffix(self, suffix: str) -> te.Self:
+        return self.__class__(super().removesuffix(suffix))
+
+    def partition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().partition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().rpartition(self.escape(sep))
+    def rpartition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().rpartition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+    def format(self, *args: t.Any, **kwargs: t.Any) -> te.Self:
         formatter = EscapeFormatter(self.escape)
         return self.__class__(formatter.vformat(self, args, kwargs))
 
-    def format_map(  # type: ignore[override]
-        self, map: t.Mapping[str, t.Any]
-    ) -> "te.Self":
+    def format_map(
+        self,
+        mapping: cabc.Mapping[str, t.Any],  # type: ignore[override]
+        /,
+    ) -> te.Self:
         formatter = EscapeFormatter(self.escape)
-        return self.__class__(formatter.vformat(self, (), map))
+        return self.__class__(formatter.vformat(self, (), mapping))
 
-    def __html_format__(self, format_spec: str) -> "te.Self":
+    def __html_format__(self, format_spec: str, /) -> te.Self:
         if format_spec:
             raise ValueError("Unsupported format specification for Markup.")
 
@@ -260,8 +332,8 @@ def __html_format__(self, format_spec: str) -> "te.Self":
 class EscapeFormatter(string.Formatter):
     __slots__ = ("escape",)
 
-    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.escape = escape
+    def __init__(self, escape: _TPEscape) -> None:
+        self.escape: _TPEscape = escape
         super().__init__()
 
     def format_field(self, value: t.Any, format_spec: str) -> str:
@@ -278,55 +350,46 @@ def format_field(self, value: t.Any, format_spec: str) -> str:
         else:
             # We need to make sure the format spec is str here as
             # otherwise the wrong callback methods are invoked.
-            rv = string.Formatter.format_field(self, value, str(format_spec))
+            rv = super().format_field(value, str(format_spec))
         return str(self.escape(rv))
 
 
-_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
-
-
-def _escape_argspec(
-    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
-) -> _ListOrDict:
-    """Helper for various string-wrapped functions."""
-    for key, value in iterable:
-        if isinstance(value, str) or hasattr(value, "__html__"):
-            obj[key] = escape(value)
-
-    return obj
-
-
 class _MarkupEscapeHelper:
     """Helper for :meth:`Markup.__mod__`."""
 
     __slots__ = ("obj", "escape")
 
-    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.obj = obj
-        self.escape = escape
+    def __init__(self, obj: t.Any, escape: _TPEscape) -> None:
+        self.obj: t.Any = obj
+        self.escape: _TPEscape = escape
 
-    def __getitem__(self, item: t.Any) -> "te.Self":
-        return self.__class__(self.obj[item], self.escape)
+    def __getitem__(self, key: t.Any, /) -> te.Self:
+        return self.__class__(self.obj[key], self.escape)
 
-    def __str__(self) -> str:
+    def __str__(self, /) -> str:
         return str(self.escape(self.obj))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return str(self.escape(repr(self.obj)))
 
-    def __int__(self) -> int:
+    def __int__(self, /) -> int:
         return int(self.obj)
 
-    def __float__(self) -> float:
+    def __float__(self, /) -> float:
         return float(self.obj)
 
 
-# circular import
-try:
-    from ._speedups import escape as escape
-    from ._speedups import escape_silent as escape_silent
-    from ._speedups import soft_str as soft_str
-except ImportError:
-    from ._native import escape as escape
-    from ._native import escape_silent as escape_silent  # noqa: F401
-    from ._native import soft_str as soft_str  # noqa: F401
+def __getattr__(name: str) -> t.Any:
+    if name == "__version__":
+        import importlib.metadata
+        import warnings
+
+        warnings.warn(
+            "The '__version__' attribute is deprecated and will be removed in"
+            " MarkupSafe 3.1. Use feature detection, or"
+            ' `importlib.metadata.version("markupsafe")`, instead.',
+            stacklevel=2,
+        )
+        return importlib.metadata.version("markupsafe")
+
+    raise AttributeError(name)
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
index 8117b2716..088b3bca9 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_native.py
@@ -1,63 +1,8 @@
-import typing as t
-
-from . import Markup
-
-
-def escape(s: t.Any) -> Markup:
-    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
-    the string with HTML-safe sequences. Use this if you need to display
-    text that might contain such characters in HTML.
-
-    If the object has an ``__html__`` method, it is called and the
-    return value is assumed to already be safe for HTML.
-
-    :param s: An object to be converted to a string and escaped.
-    :return: A :class:`Markup` string with the escaped text.
-    """
-    if hasattr(s, "__html__"):
-        return Markup(s.__html__())
-
-    return Markup(
-        str(s)
-        .replace("&", "&amp;")
+def _escape_inner(s: str, /) -> str:
+    return (
+        s.replace("&", "&amp;")
         .replace(">", "&gt;")
         .replace("<", "&lt;")
         .replace("'", "&#39;")
         .replace('"', "&#34;")
     )
-
-
-def escape_silent(s: t.Optional[t.Any]) -> Markup:
-    """Like :func:`escape` but treats ``None`` as the empty string.
-    Useful with optional values, as otherwise you get the string
-    ``'None'`` when the value is ``None``.
-
-    >>> escape(None)
-    Markup('None')
-    >>> escape_silent(None)
-    Markup('')
-    """
-    if s is None:
-        return Markup()
-
-    return escape(s)
-
-
-def soft_str(s: t.Any) -> str:
-    """Convert an object to a string if it isn't already. This preserves
-    a :class:`Markup` string rather than converting it back to a basic
-    string, so it will still be marked as safe and won't be escaped
-    again.
-
-    >>> value = escape("<User 1>")
-    >>> value
-    Markup('&lt;User 1&gt;')
-    >>> escape(str(value))
-    Markup('&amp;lt;User 1&amp;gt;')
-    >>> escape(soft_str(value))
-    Markup('&lt;User 1&gt;')
-    """
-    if not isinstance(s, str):
-        return str(s)
-
-    return s
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
index 3c463fb82..09dd57caa 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.c
@@ -1,22 +1,5 @@
 #include <Python.h>
 
-static PyObject* markup;
-
-static int
-init_constants(void)
-{
-	PyObject *module;
-
-	/* import markup type so that we can mark the return value */
-	module = PyImport_ImportModule("markupsafe");
-	if (!module)
-		return 0;
-	markup = PyObject_GetAttrString(module, "Markup");
-	Py_DECREF(module);
-
-	return 1;
-}
-
 #define GET_DELTA(inp, inp_end, delta) \
 	while (inp < inp_end) { \
 		switch (*inp++) { \
@@ -166,135 +149,29 @@ escape_unicode_kind4(PyUnicodeObject *in)
 }
 
 static PyObject*
-escape_unicode(PyUnicodeObject *in)
+escape_unicode(PyObject *self, PyObject *s)
 {
-	if (PyUnicode_READY(in))
+	if (!PyUnicode_Check(s))
+		return NULL;
+
+    // This check is no longer needed in Python 3.12.
+	if (PyUnicode_READY(s))
 		return NULL;
 
-	switch (PyUnicode_KIND(in)) {
+	switch (PyUnicode_KIND(s)) {
 	case PyUnicode_1BYTE_KIND:
-		return escape_unicode_kind1(in);
+		return escape_unicode_kind1((PyUnicodeObject*) s);
 	case PyUnicode_2BYTE_KIND:
-		return escape_unicode_kind2(in);
+		return escape_unicode_kind2((PyUnicodeObject*) s);
 	case PyUnicode_4BYTE_KIND:
-		return escape_unicode_kind4(in);
+		return escape_unicode_kind4((PyUnicodeObject*) s);
 	}
 	assert(0);  /* shouldn't happen */
 	return NULL;
 }
 
-static PyObject*
-escape(PyObject *self, PyObject *text)
-{
-	static PyObject *id_html;
-	PyObject *s = NULL, *rv = NULL, *html;
-
-	if (id_html == NULL) {
-		id_html = PyUnicode_InternFromString("__html__");
-		if (id_html == NULL) {
-			return NULL;
-		}
-	}
-
-	/* we don't have to escape integers, bools or floats */
-	if (PyLong_CheckExact(text) ||
-		PyFloat_CheckExact(text) || PyBool_Check(text) ||
-		text == Py_None)
-		return PyObject_CallFunctionObjArgs(markup, text, NULL);
-
-	/* if the object has an __html__ method that performs the escaping */
-	html = PyObject_GetAttr(text ,id_html);
-	if (html) {
-		s = PyObject_CallObject(html, NULL);
-		Py_DECREF(html);
-		if (s == NULL) {
-			return NULL;
-		}
-		/* Convert to Markup object */
-		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-		Py_DECREF(s);
-		return rv;
-	}
-
-	/* otherwise make the object unicode if it isn't, then escape */
-	PyErr_Clear();
-	if (!PyUnicode_Check(text)) {
-		PyObject *unicode = PyObject_Str(text);
-		if (!unicode)
-			return NULL;
-		s = escape_unicode((PyUnicodeObject*)unicode);
-		Py_DECREF(unicode);
-	}
-	else
-		s = escape_unicode((PyUnicodeObject*)text);
-
-	/* convert the unicode string into a markup object. */
-	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-	Py_DECREF(s);
-	return rv;
-}
-
-
-static PyObject*
-escape_silent(PyObject *self, PyObject *text)
-{
-	if (text != Py_None)
-		return escape(self, text);
-	return PyObject_CallFunctionObjArgs(markup, NULL);
-}
-
-
-static PyObject*
-soft_str(PyObject *self, PyObject *s)
-{
-	if (!PyUnicode_Check(s))
-		return PyObject_Str(s);
-	Py_INCREF(s);
-	return s;
-}
-
-
 static PyMethodDef module_methods[] = {
-	{
-		"escape",
-		(PyCFunction)escape,
-		METH_O,
-		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
-		" the string with HTML-safe sequences. Use this if you need to display"
-		" text that might contain such characters in HTML.\n\n"
-		"If the object has an ``__html__`` method, it is called and the"
-		" return value is assumed to already be safe for HTML.\n\n"
-		":param s: An object to be converted to a string and escaped.\n"
-		":return: A :class:`Markup` string with the escaped text.\n"
-	},
-	{
-		"escape_silent",
-		(PyCFunction)escape_silent,
-		METH_O,
-		"Like :func:`escape` but treats ``None`` as the empty string."
-		" Useful with optional values, as otherwise you get the string"
-		" ``'None'`` when the value is ``None``.\n\n"
-		">>> escape(None)\n"
-		"Markup('None')\n"
-		">>> escape_silent(None)\n"
-		"Markup('')\n"
-	},
-	{
-		"soft_str",
-		(PyCFunction)soft_str,
-		METH_O,
-		"Convert an object to a string if it isn't already. This preserves"
-		" a :class:`Markup` string rather than converting it back to a basic"
-		" string, so it will still be marked as safe and won't be escaped"
-		" again.\n\n"
-		">>> value = escape(\"<User 1>\")\n"
-		">>> value\n"
-		"Markup('&lt;User 1&gt;')\n"
-		">>> escape(str(value))\n"
-		"Markup('&amp;lt;User 1&amp;gt;')\n"
-		">>> escape(soft_str(value))\n"
-		"Markup('&lt;User 1&gt;')\n"
-	},
+	{"_escape_inner", (PyCFunction)escape_unicode, METH_O, NULL},
 	{NULL, NULL, 0, NULL}  /* Sentinel */
 };
 
@@ -313,8 +190,15 @@ static struct PyModuleDef module_definition = {
 PyMODINIT_FUNC
 PyInit__speedups(void)
 {
-	if (!init_constants())
+	PyObject *m = PyModule_Create(&module_definition);
+
+	if (m == NULL) {
 		return NULL;
+	}
+
+	#ifdef Py_GIL_DISABLED
+	PyUnstable_Module_SetGIL(m, Py_MOD_GIL_NOT_USED);
+	#endif
 
-	return PyModule_Create(&module_definition);
+	return m;
 }
diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.cpython-311-x86_64-linux-gnu.so.gz
index 85d1350e8686485fe1da3a7f9141bdb4708be38f..126739e99ed27fa1cdfa720e179ed1b6e4d65a23 100644
GIT binary patch
literal 13522
zcmY*=Wl&~4&?U~`4ucQw?rwwY;O_43I=I7wyTjn_?(XjP;O-8~yZh}{?fr3+o6}Y4
zPUmz|xoN`4A0YodU|;8*aPG>Btpe}sUehv<#uO|Gqro7c!eJ2-wqX)L!#+_8<X?gc
z*6{{_bJBuQnanhhUY^+{^x6g0@$Sk9zF{TJ#^EM$s|$oi6|XY7HQ~<Od=(_BN);_C
zOP8)A9j{70ug3}d+9R*7D=&UbBn_+1v(8Gl&NH2>>{YMF#z-xOI5L=g%2cG&i)-u;
zawhxc@W12}A-J-sf2l*x1TUF)q^f&gP_yRenwJU7Pa2bAM$3WrS|1IWx>_d^!3At$
zU&kHyo@Is$4^rG&6DQt{c)S9gTQo(>!aC4j0vTrp)#dTJaJWsKX~%{a)QB~Ut;ece
zX~&Mc1CfkR)btD~I?7y~$+V8rsofx0^m>6*fm>Gs?>lx=*IxXTttS$|Y5|*zSK{ZE
zbwj^xmj!b}>mS)jJL2ox5AP>#eh-;1oyCL)a~#IAtD4lb^!jv)h@9b1W&u|dy?(BU
z{N=RLMs&4!-rh1*JVrH9y>Qo0x6aQ;*xLO<hzzLUz54Qgtf)~G!nMB{!}K{(<$kT;
z#{{8RTj*h)&l!2jb7s#NU5sNsijsJG{VR~?7^;hf;Nb`j6Z*%{Au3*DV=ha&fqgL-
zSbndtjI8)^@JfDv_K^h+VI3ZX)~oL=xZDl}y=RWAiFtu@J|75Y<Vl$~EvVOG^lKJ(
zUPPzy#@vSQfv1!W4y&n&R{dw@AD)6oy!uVX`OH@MT@KVYiY29?SlT9hJS<nVrG31|
zB!<mP;<fF*!){_z81O0iP`Lgw_Lk%Ag+xR>j@5r|t2@vcb5@|;fA<ONde>Vv0*`PT
z$1}Nxn|m<e-tpl!+O}ggcRVoNxl%IBR@-T{HFs1$mFVoPw5ywYvX(v!0<;d;HFl`w
zl9UdVxm5mN@ztEzbDgu;!+tdGBDgce2XmBH|MME_bbrYGHgoyRA828>0J<e9E0Hbs
zp^JmVmnuV^P|_*kBSk0vRQKt$P@?SWjCA(J@jx|*=i~oCSioPDT+pumg>tGS#nncV
zCIi(pjav#0ww|R`YRQ{UiD2zCwRhT@0Nt5zjEWe0$6e#IMF#(ssiK_qBB>9|>M5|x
zA#}h0hZ>jtgZE7`pR{K31PH$X?6tir6s3ASJB+R@84qt`3)uCrn-%rd2TuML(tqm^
zkcCF1lO|6H^-LHAqD{G-ft<_@+uVv*f2+IMxFyNK=yYM;)$)>m$ToRlrHY%}Dahxz
z+36e&;Ou{!xgF~n*|vRNobe!$zu+Q8BAm#ep-7%^aksl3>Cqnb3KR#!<meE3w8Q6m
zUX{*RX46~i=;C^IZ$?J``7)e0nM0buaf!Wg<zsGP5;4CcB2G|wzxAwvg}l<ljl6>S
z)M%T7ZDr#<&Es7H!Ago0d$u*p=iNZPOTh2!`E>oqB7ubQy|AFj;cF;-i*PJpcNloN
zTi}FtI)v308aqYkP4f-U&9(T=p9SD1Y~j+!`}^O==8z@y<cWTFO-IuGW20r*s~=#@
zeBxtnaBwMg6@5XU>#}|jV0tAIS%z(#4rjjVs^XIC0<`aU3b<e+3GS&IYVOR@+6U_p
zP!2&-aX})iy!P$V&HKz2Jj%yKi9?*#44gbMG_#ZoxR^JC!1)5=f7)Gh)jniuC5_<n
zJHKl4mk9264RBtGuu@oDZUkBFmpdIHeTE;RnQw4BV`fbM@aHS2+FdR@<B!9P-9(G~
zob~<?(p)^;<y)r5@z_(i-d`YnkXKB&=e7VijFU=dc>@p_8f~kw^?tDOF0VazJvj-e
zMfuF1`;4%8|Fg6We!9~mo)PiVG*7P_V$DGQsalvE4_<&8p0;2-;gujV;Z<7g@^;VA
z!2U_q)lKBl!hB%gka>EYH&0jIYPbJv!|DKCX|gqxVnHPyU9{1BGT9S7I#3CE(kviN
z?!)Q)AfUv8_sPlDFP&z5#_YS=Yqr9C>)P)`7wxy&5;19oD{J*^K3F{0^Vqiz=Py{Y
z|LT8_E^CDn3>YTuv%>c6tF5^CknOg?{)|L-zjtXpnCNcceZ}$^bshddhX*seM3Cr)
zkLvI_j*kV5&LVwDn*Msdz-XT3)e?_^5YvUvd>PBD_DPg+^(rWtq%52T-1a=u@!S1T
z>30h4zRXI5{9*?8>+^zCeRn{Zj()6jHyRe0?qPT*ANF$$utS7n)spHEeffsiXJR;>
zjG#V337KE#)Y(1#`ke}{d>v(8#o;|m1aLbyt~ZXK=8ju^!24sz>7uLM1^gH)j~@?4
z{qMEU(h361#KG6GS`T{CytE4Snqs~+t|uf<D9|%=B7JMJ%{fDg>X_rcH8@Ml!At)#
zU~V<`8a@AxA2mb9WdSIyyRH50K^@NC^00oT7=8@`qst8VUr9)SQNmek&Uk6?Hu2<t
z0T)`g2z_ai{a^DZpZnlSQ_?Roh<O4snQh{j|Gq8wyi0IyV-c{xf4Now1{&X*VR|$J
z(S#<5udp)d8Q)v3mBQICqou#Tql=iXHP>CzQankh+}p1-yhQ;Sa-}oi*RM2qiCBTs
z%&mk}v=!f?g59G2*h`7%Za3wqr?h=Ht)U#2;gZbFpWoPBcyJ6C0z<T|B#(mP^ET^^
z$Oky)I~mut5#}cg-Sht3_4jZrK{r(+;(0Vs?dWv4-G6zHT=eetS7Tr2#n$!Py$SZH
zEklP8BAwg9x?_D*nHYZ^mjj1+G@JBPbhhg{JJ)``*x!?p_k<AsT;+HzimlrdxDmp9
zPmcE~(0ltu^I1elmhf#hrjPaUL;Vv*GAZd4h*-f_ZvFU(ha%Nfsbg6tb;;Ow@%~kH
z&IgdW^bmOPJBl}U3`BVBzUj`s8~Cno3IIl{@gzTTK4Xn<bHwKizHq;gu3ss{0i#)d
z^5h&}bPs+P+X<tNxaWTRUqreB@6E<_0_g4D_P+>Dm#mcZ5}_X4&CCUnLP${fpfY2q
zIB{7#HpAvogax4NxnJXY@G@fvR3ja^{i#5vpcv<u?0_H0{=OjK9ox{qKpE*5u4?a#
zZpJb#Kk@Ys)<=!e{F}PT6FNZ<2_(tCBFE`=8yie83Mct3yoIvcM3^r{{()S->j5MI
z(6Luw@-L{>O_H66N3j_!7w49bY#tyz#CtEU%pOhz{*VOQSO<{Vw_1si*<%+mklCdi
zJQ;isIZkX|rbtJ0x2!s8S81IiO55jYZ9Ph@JxX0Y`&v7HQp|^*I(a~p2_?xR<!pBU
z|8?)bFI%Ro(1y(~%1e}Y_PMvcp$)KJ|Lri1k@mgM#o7*r%Wk~sw>^R$hrik5<u%dW
zUy{sH4^X}=g)Ph1puP$DEk_Q}gwsbKSRR!(nj3OfTk9iN;^<H6mo+-eVP06n*RQ!O
z_@5mlI`T=lLpBLdl5;bD9K-UrT{ZhW9bb_ApP*Mq9|Az=J$_fOw87;kFkQWYGh1Cd
z;KPyk@F7E1F2P=x<{v-@p7rbUA;o1k#?yNCdFMYYdTn>zg9W&hYOeaaye?NU8<B&k
zS8Rj_1hZu|Ih`Um6)0gCeueoNd-CE8`r_j7PM+b{%Sz1V)iS^^B>MXtXa~IscTk5O
zB;IrkSE#q<q?Z~Lo|>e8fd;i*p3k0r2nh@&fSZU=0oZZJCg=dfj|UZXlr<DItCU)p
zGRyLpPVy@On}Qx5mQ44A`?+`W;y<gJCC_8A!w%?@ht&QURKuS8qMh#{aP)iefsRwt
z+Y(dX9s|F{p{6f>oD6b$Onq3`IssYOt=-OlG)+HCk=i1aLmal|U~<Nr@qgEA0bS(N
z;?n|actG9ZpWf_ybY_!G@8?DYmZn3XBPYL$=hOUCCkB04xLi#BH;w%A6lQHP3V$nS
zBSVne=y?UjsN%JZU_P#1qWe~aHk0fnk+!;~+NZPoR)cIl7os9)MU!;}4yMU7TX8>1
zJyYB%YhK<^K(Al<h>bm?inZ{s2Wo_YJK()<lp&6L;nBiLC7iKKhV|~*`cehNrmHEK
zE4)Js@|F)Hm^n`VV(hQRDQrGWxnOUr@8d>v@t9!mc|KN$f7u5mA*DGju`T}vO%Qu%
zUXsX`B+;zajmDnXMQL#QEB@Y630N?sXq1*gY__0*L9ZuaF6L0_K2^&E^fPRGeir3D
zbA#i>+3$U$2vy<FP~4Fx6<$(s0?Tm``d{06pQNL&*<jB=`iE*#D+x%T?RJLD9X&#v
zSH!xub<;YYps(bhIP(s^0~in4wAw=TEcJWX^VZ>pFsLp~3dr<@cC<Rd&I`4XS}9x2
z)Bwk-<|n%U(ODN6b>+bW&dy87wE8%sLwmtL@uEg$bKq3|SHYa-5~cr9)f{+mL-JP<
zSav&~mx|^%$&3F{cHJ^u0KyvV>AUz#p0HzCAnB2o(H1=fR0H?v#u-;GSVp7hz)n}b
znRbuM+Ee(U@6ZK#WhT&jxmyR))jU@5NZ_MeAs}nb;MBVtcop13fAM4TsMm09slBlf
z?)p7W_6_vHw5~Vy1L%xo#ejO2g8`Vom_<Ym9FE{u4Jc^<nY>T2Uh`^1F1=HpRpz+v
zX!4)&J;*tMLbPOp-tkzIpYoCL+J<q@zUc?=DELSf^WAsz@Gt1{DeTp4(v0)&Cw<Vk
zT5WIzTu~IBI(?FJ>?C*-FrQw%SK8)k-y)zMUPZG3ygA}d-*~Mydz44ruup2Y-$XeS
z7+#7|Hwj_eH+rl`-5{ynJ3=4j6Mz}w+PeDn@Dg1%tdGPATjVdQap?@TTbiRK$kX5z
z%|f?2vPKN`y4ApS`8hp<PS8;|o>8x)ml4xZH@eAP7Xi_tGtzA()<-DZcFEgKA>M6T
zE)K#KqP%~TT6^RK!T5oj*U5D@{(a`dCfCW><W%SLB-b$p^^X=TcOZ6LXNgvRAUpWO
z?A}F>6%g*j^>U4_EYZs598A!kY|%25=~u+ih;t*qm(nWvl9AjgYUL6hYr(HonGwK7
zl>BJHsV(A40IaJA5FH6g)wTArJT?EcFWu(l4BMq*+{3^$nUUfOLfYcg&`$gv<Kf~;
zFhFh@#%xV^-P%9|YQK`<DETw^(ok~+x@q4)MV{jY-Nk;{SA2~?11ZLI_0_9kD+(;s
z@g9T$&xOlE6d~z3(9fg1Mt3qnS?Jq2)I8BdnW8@mpFF67U<P*8im(`imU!u{0|hBf
zcg6Xmi5IK+eBf!wf!5Ofd+<l`9@#hENqJjD3WQ_h`91`qE!&=iM*rkt7Qj7D)I+oU
zJC?n|3_9s*%tdh3CklWM#tmkj1W7eg$}uWNhD=pZr&)!&S3c4358fD*M9T+({F<je
zU6Ct0+&JfdWK}*Tmp1fp%mUGK(rTMBgl!FJvx!tb6{N~(zcMMapSJobFEK1Xh@=0q
ze7U{e{Y`<Vurj{Fk{(R}ib2NdQS%L`cgWIi9mqR7_6Yzwz>91-h}<`|X(DtnBkM(!
zbcM=4>U!M-U_1xS6Bx#-lL6zSPw|k5IG)N0=gU!#S0_I_JDvT*S1AV+cnt%l+Kd^{
zas-lnv+}m+6bM=Wq$wqF<69Gb={&yoA|$FPcCjA@@b0WJ=L9<H4tv*a*=i6;wZ`^M
z&|dLGouF`V6mjT<nbNUO^17f<)kG7|wswuaKyZ-|>I+c?!@pQYyhaznVT(!gFV_zb
z7*?`Ol8q_h>Iixi0n?6bX+Rq23g^JKn^!EfltJ7v>tf0<;?6}Y_UB)ZIn^h)57rLQ
zvl#TVq$)FF;^0<$IaItB5!}JHrfV5p>6pw7vR2n@f|`O{(i^$~Geu(V%dUSCZB0mQ
zH1VTpjVhKcwIq)nmsWFS3;a9(x_CCOOUmJ%!JAJ5U{vd-Ol`2ED-1WP=1u2&Ytw_r
zGa8)C3$vonXD)xGNB*3Yo0K=ls-L32=#~g<tf<#|1JBdx<3=*)bKdd`nY=f+psnjQ
zTOA>=;l<}UQ$M1*C}(w~Iy+y?CQg5-xa)WnV9oh;hPPmw_Y$Oj6vv+9e5Rk}*5F5C
zn^obo;09efZ&DEpJR|C`WrtR|#V0!K9D<eX!Xbvkl_nLUCuO5odc6zCXP3`;L#})*
zV9ogyj;NaH5|KvTEzc5{CVWs*f3P4D#?{Yqydd853XXrbkO!0+7NKjGSeBc^I<PBN
zZ^|S{KT}FgEqM=kk{E3kR_0S#8*YHbb;~QQR8-L9&X3j)`e+j6cFGT^Id=MrT37FR
zCLzBr4x*R%#C=6R>lVCc8TLT3_MVL$VF1(^Xd&JkpqDX<2jNeNW3%E#ld>x>bx7%c
z$8b$l{J5|+^awOiyoe=z6<fNoXpYC=KeC`ShH1>$xWAJUCsF|3MYTMkmfWy5G9-2g
zVSQ;L7+BLVOq#)5TB17EI}$3{VZBM?(#!J=d}a^*@><mk*Aevz{V0mkQ^ohMUjG7X
z4=Hqw{lc~+ECRMQAO8UnMLb|X!s6{&fzVmm)DTOH63Gs$9mf##7&xZcXL@vQTX<`o
zO&Kzv9n?E;*dmOqjaB@j+G2o?I8E~R$_YJ!AFGrjF<TMBiqSiynu2dLe~Wn1N#4UN
zmToS&JLLoZ`a_Y+yHE65I-+z0SmQwHvqPV2qRf4t@=3><2`j&S+e_gc@Wy4@9!_1h
z`Vxcv2p|)yZ{(aj^kAQZc)4P|&%YHQ(9bOEIPBPfi$W3&$?do#<EVJ1VR|jd*};Hq
z+`iTmvPoLAd*$#*<5BiHw&Qx!64Y#@s&2btZ{$`N!VxadZ|z80-Z6=JLu!lpBs{QW
zV9e74yTvnRF4A?J9aLY%2ZEcxQ2a`2R8&=X#BZYx<z+&mq%<|N=!(3^IO$^X-ssSb
zHcV|!pqI7koIlx%^l>g)^oW92ERypfYPBaL$5|zq9UqXfQrNmj4Wf6wTOi~21)0If
zVr%}v=`Y;qj513%2@bot70sXDGBzxqx9)9$8yYW5Jl!!2t(@J@-<$Rx1t#&7f?TDA
zk~1PhzyLn?G(11pthL&cr*b7NILnH}<heY|g((2$i)R3<-B368Gg%WW96l-;T*-BQ
z1sAowu96-#RBf>p<UNO>Wa<UN#P8Wd658froch;?HZjE8-R&Glmm);w64J>m7>>Y)
zPK@CDblg%QtAL25+U>TQf2n*6hy{fa1%G!dmwXLPIoOnUYC6wwZ8-?NxhCG+lm$d9
zWRD5RR9iFmpdh=}A%&6N_}xpui9jiolyQ$d;vc8@;32B(CDbi_wi!zBqp_a*EldAC
z7X_#l2Big?N+^B?aE`jz97|O>P(#r@mKM)fuadKpff6U!YjEsmdF+1z&D_DoHMnAl
z&16rueO9GVh~qt!OxEtHBp5iR3HzkREwJuu=yj2wTM1wLOg;D2%Ajae=+uIA2n(Ak
zkR8P!Z|J#~Thu#_&@(3>r@rctK&}9a(mQtydwGKE2j1MvW)(p$lR9dJyFn@{1K4y@
z!BZ+r8qnfxK1lUSFdAk3A!tn2l2ueu4XRcFHF%ljGSIdjyu62un@y@7ekbC5vTQ%K
zwW7ZzVdm55JD?cPRj><uvaHnCJbU)+7HWF*oZ1wiQW?r)%5MsgF=agySah5btIPtW
zx@0fKUmmcGqX;tg;4I_iO3!ljCUPbLz-<0X9CaWR=Jj;mG)^j5hyLl;UmJ48t7qI1
zL#+}J0}jFPV1reEz2i?14cCO%EJfQ@t<9cETU(8Q;#9iO!8&N^789hl0JV+2x(o6v
zSHEJDa;a96EcA-IR+EwgaHYFo6Ss_HpJB_@q?evLZ`;+)ViUKcx^udh9<1Be|FF%h
z@w)CY=xpFNBO^^E+e3BXPV;JKbClLemiNx|%Z3!#q=`jQ1(14QHN6b9#HvqfvpDJZ
zxJ9jEZj_cq8WinfOOhduNnf87j|`1X9G&WG8PrCx1I-0vWdlh{l5aj}tog=&*u{uR
z(K73f%4g>|7lR7+_T>B9&)iEv3<V7kPFR19s}vkcc@^;6pO|(B<pCO>b?Dv^pl(AB
zbktLEs$<Jw^_c3&m?k1&8p!w7KelUsdDFuQ_n%=xy#2yCynV>Mi^@Vhr}~>NpaR<d
zPTWCA8v5M)UW?{`LZ|{t0~>HCoSO`Fs*Mf}8{h^T!2N~(>lCz)AlG&eeJ2dsJ(YXD
z7-Sg}G$X>lO+(3FEz&<FqUGs=xzi3De`Gu&Ird<SV+twprS-eb$2LWP<#khGs?#os
z(EJYW>aFR-XM3tnJcsgVt9cX&{<ZbVryt3ClA!~s_~}BCcI)XM;d5(_7op6R2>q4U
zI8w*%(H8XlTip0tgJF-3b-3?S#_P6SMtFnw`%*3M>mn9-<8N2YQOWdr`8D>6`?QYG
zu#n%CR8Xo|k?IOcwC0a<mKAD9QTyc%vP?CtsnsEZN)yR!hOfgni|%bdpRWvSaiYnu
zhV~{F%?XFq_BRc8st3K<#-#iKsI@qtPHf(Y<CYUNpg7XcmJkz*KY*IibYwk4s9pbI
zV6CeAy{J3TWXWM%(+l0Bpb|pO+P#&|xe)GML0Xczt+bViNv5$!s?=1F??ru5(y}z+
z-+kL+PggFe!)9uYRW@{?tE*90G!VHMYE`mo!)oh&xAiv6g=nj;>A=2=Q#H>)%}e1r
zYMi7g?kw}-W!L)yV4-We!TxD+LXI$iZ&5*-X0efDB$=xIM7hJ!U-E|Yjs|tp4QxTF
z-Rr4%zzm9BMXvhxKO1hJ8{H2iGa++#6B*Be2E@Gz{KX#GL1NY|<2wV3Xn?%I?Ubed
z`A>cL8*Vp82kJ4fdaCIyi#qqv%p<Lr`RRXP$x)z(F`$+(>Kp~I?tbw0sfd{`DuRW0
z$JEfL$;zPn!(i2lNBPt{<NE>eH-b9i7&~PkBUouEm#l0ZF;&1ShBdx;FAFC~#_GRb
zCvx)~qT@IkdTBkK&i}wxl!-d-ZRe%0rs`5?C>$9&>%pGIAfM)jY5c`$f>M$*blZk4
zZstTVdbBV$q{n3$=%x>fg3&;1z@FwD=cUJ;JWiru1V138jXQ@Iz6jnTZ1Mf{iDN6U
z<Uy8Xkl(ho3{7o~R~bqj$(qky(ERDpT1+6*4Vx<dI6jivu5QbKWM}`P<=F!Ab&<~3
zX^}gOf7*auUqaZf-i8aV{x(>hEH*jQ!5q&PKuKkZ*K)15Se<O8^;-O`fA`z=Kak@)
zNFY&wA;~rT9+fQq#64cSQ+-+(-H@u5fzZtysU)4zPF5Y0I-_Y#8Y2fKO9)D`l=*Ke
zNL`izRnu8u%rgfn8w^lud;v9c*$bn#jdRfn{=1SJQeNL;s->G!+i4Kz+21n54RhJr
zs;?KMJ86=<QetKPo%B072?1^97;$<q9UL&JE?$z<s6M83C}bR9^#pZ2)tQ-OL!Bl<
z&tmLB%+f=z^VUDGG>~;i|IXNZoiODa2Py)R)wtmRlKZylLrD#4RVF!t5^8FoN5Ld<
zReXWzCBY=%aaGIg9syiJ92a~AA7~hHAsTND$NFG%2<PCjT+ukcHr1cW{ac-UWi?Jy
z4mhH{G8Wo91^2a4i*frtNrO%>4fxhDifeQWCWC@C){$M)L{|<}4Meon_pwP$ONmSm
z(CJM}MJJdq9F-;<3nm9D^le0BGDIh&%2N@vCpxl#`F_bOM<TGIl`pfPU<)<VfJ6L3
zr!Fm=;Y)#+{GXS}IMKUu*-+MbyH^pr?4?UTtMbmuKnQ*Rz(W__t(YmD2liu*J{P-h
z`Qs|2b6rA%HEVD$>mQKW7b*Ah%NFAIhR_so4P7g?P0{W5A4Tjk=N(Oe2~zF!V}<X6
zF}+9O#t8t(Od+_VGCWzK(l!pk(&@*IvYe(s?LXyjL0^p0Hvjq`3e3+Kl>Tl_VM#)g
zR>GbiBBb*7?uXdRjT6biy72cF!N=9U?t;Ke_BRxy2FTr^TSb_4m`$b<k8(i8jpw>g
z%^#XaYf3ZaDvQh?T17zHU!#;T?Ey)scW#B}{dvpGCHU}_TjinS^k}IFWLY?+2K`md
zQ5dzrVW&)1f`b*5X*QJL2U*-`cT8wAsW7`(G39dqsn<nZr%0Ja*-#am)+R795dC<N
z#-H<!ZeS%B&aEp|;KjgU3}J%}xHTN5wyjXfEXJ^e#5v)xl}VquQT+&r=ws!PvzLe%
zruQ(Ul91O2kYb;z%85xkWI@SfTM(s;2b5`^yw`&LR(4wTE>6`i!O*rDrU$%x$R6nF
z^oYr4q!pi@kZ6&WO0?PZu7nuwL@`(={Yvq(5aMENR2>@y%9N<|GYM!jLZu!yFdo*_
zlS?2BmKTO%afW+Wx`w+lWxP96;6TVlhu53Rz!s<`EGd+6vIMK=#2m9C<3_>6J+hq7
zagMEG2lY(Qw)AkNFDP`F!lO*0dY3v~j;O+f#I0hVf<>Pcml-QgI~8MlPED}pq?Swe
z@X8%E%uOCSdzWVku-F{2am}|)sv<&t{MF19aJ^g!8%BoC4f}v7&)KWKk1s(64ERcF
zf)%<~)YCt_lbq&*hqvi-0%nZj74&qDdKB_Ga7ww_oAUCS^1A5pPR?=9=g#06h2*n^
zbAKk*Zne?-7!l)KM4pAGhrG6_v!?&UjT%0E?ZbEB%gS=eFq?**O4mS}Z}$`lPw%of
zws+ErVES1VH-{oOFi&)o=M19Hzo)S-i5cdqUF=3~=|uz{ID~YZ{tGgUqOI-za!prC
z15E_nv!f~HmU-5hDat;m=FUGLFTgyCMLOus1>8tKY^MGGvW01G+BaaCx<ya^UaY+$
zj-GD|yB@4U3IW~)-qr1__FQwkP>B}rgvt3d)^!jXTG4az;wStQnPnf!evDxWL^EyI
zsDi5$K#AUUWC~`?1Te304#)&ZbM3`tP63$6=tqgT$PSul$U@H-68{YQ;wZT4whrWR
zmQeZiBZdMKb;eSvWI55zYHxAVjx#aFvX<>l%Wl(2>6mJK?Hhp;Zjy2yXMm?n06<_l
zk28z@07j#8USkJvSY<MC)tw$^2TYY4Y}}xtlKob}fpSXGM45PM3f3f;Do@vuTSw0|
znHmNR1B*qm#L9w6Nzau^uUpKKa>`+hBC2VHYj99`F7d1?@1|&QkPJ{i;}WTK>C##I
zTk}k+<&hyiGs!B;v36e4v&Gg)GNj2brO+@GsH`*AWL4Pe#%;398*^(?ybWjZ%2m=@
zNG3dp8=JS+DKn^e@B;6ce>o-P6E5kq%?4;2c-Zoi8!VD3z*zUGw5Tz70V25aajeL#
zn$|Q|HDOz)obmVTyR9J{DtwQCeCuEd(^T2*G2153B@4VqBrW{Q<>H)b$$5H?>F^VO
z7QWqqtM`-A>dpAFgk|4D$SH*gB49p+vY7^$ln%Vd6;se2>n%?u5fHvG6MEFON`Gt4
z=@TFX9{ToQ=IBY^O-E+l-c^;1Y;0DETOW2QKOaRF`)wsG3iy4VoWDxjF6a1AxAQwh
zH*CA)NbA(Ogj-zz$eeU6i>%6>P)k+Lomnm}?JwMHe1Z_Emr<8Deph7!*BCn8CaTW(
zQs(GvboSQb?Mr>zQ@wQD+M4JMMxI&^`2nlzz1XEmb3UbiMjN-uT3t7eJjWWB{_eI-
z7u_>zRN1x{Mm|lG4e%@%F9XixmQfdT%J&sNjLlMRV@SC+$)*&^#t^oqtj_?M{0Fp>
zvdD6~UmuiO+izc(Sgs3{NILy7wG<A7m7&vQrE!Iy`kZq`c4B@tEZq7ZFYn2Vy}>le
zjcg3o;)c>SG}*Zcc;Ny1c9dHgFW|5EyAqV_3w%FMey`7n=B>cGBG!|%NXL@Qp}>nn
zy$WY}+W%^kjLowNV}d20A!MEU;A|_X{Zs(E=`shi5y3hQU-UGL-->R@{y~OXOS!*A
zc>ZJ1W#FO9cCJ_&>ES_?rxJ`^+$iiMugbj8E=)oAM&Hj|{}<j#p2p)z-cN(4P}JJ%
zL;Wv(J!0M&aTdE6BvI}Z2c7SG9TNZa#MjBN=yeIS8(VxP%MOl@5r^*i`Ouf6C%|n)
z${!?_srmR<QY4yn?oNa0=!{!G?Ts1phB;0gXolwO3*j=jy+msD{~Fgm5tBmw4OcfW
zAc#CWo+q(xv)09ZNKJA-{42eN1)b7Ft4Au+udv^l2Z|qGWiQ~cRv1cu1viZL4>wG7
zRTCnR_6SD&?|b79KFqyO{wDZD2QtIJtZ?%v3iDq2&Wr{)agwEGI$FKj%yx16KTclt
zDuxa1JXP~;uEWmwH#C2DgQk@CZuJXCJ+atNN&m4dEDt;XgcnCOoBlzLe2O&mAd%wo
zM?^<QjQ!^_8a&rpFaB<Xeh$Hj<UMg8FXtRe)KEntQ>VahegY9a);XooPk6Dt-R!U}
z73>(sdbbd6FPB4%K77SfF`;?FFj1aXmf#V2!L4!hyhWqC)y$rQh6)=IxKy`>!Tc<T
zbZK*?5p|t@6^=nPCZ(g89YIzCxgd^H2`4%t1`}dy_y>g3A2`_bHo1?|YnW&;D};uF
zuS)!QaBh#TVsFsGOj%ZTp0@UreTxVk*}Z3J8`~)iy6f4d{qA-xJO;rl&GNC?630w{
zS;9y|B}#%QJ(Q@YU>=vqeOUQg%AbVi$LDZ^`<{3<A{Qdyudq&@H}39{1TqP0n^@69
ze|2`Fcj>bjP+B!#545r#*2u};`vxz1mj=fftdSVSGw@{uwX5S<ZLu8H=qp%oPT<LA
zFr<Qd{GdYhj3F$taO*(LjKQZ^lhgVLDmz6>LKfr@=N3`))+NLl7f@m!5y+hn1%P^m
z*vtQH%+pY&f7hHM0ZM5<Wo_w%?}<BkTGEA2hwOO|hCe+0LJ1<*w^AH;Z`qRIaHsg<
zL!oJ`UeN+kd~{<8W{q~I#?n6(D(c;~4p-|fO(!cVPD(2@99&IgpNiGZ^^Htq-L%Gq
z(^V~5nh+`(DaJR)Qw@mGW7Hos8(TbP$<i1+4SI7!p#z-@=HJz=_21|)#G*}#M%aHn
z5@!9HonqCZ`!(iE@DYls%lPxexHlG)Y;LgGOMu0_VZZMCe?Xo(QoZHI3fRVz$PMSy
zmoG`1+gaX#z6>SSr7_+LV(ei5tOO&<DG{~>y&TE{d^AG+UzjcdtZL0h!z73IK^~(9
z1arBY-WYc?THZMS9}-c?ykVjxO?mp`x54F@dV-0YK6%-kqJPF^R#<6^BamE44fCcT
z)PLmdcW~fHGhP{5VJ{ouKG2i+KR#$IS&NNTd$<>ZhomL`o^M4agWAkO;ifzuh>cW<
zM5CsYGSg#~gTj?@o-W2PoRWJ18D#VM6>_X^=$~~jvIAvCAv+U=hkf+{Gsx3#ps8ZS
zudQ<#HZac#2OYJ@GCBIJp}MACj9f2F%>FO(z_7RgCT-ZAlNp&+o_VaE);H7Dw+W#(
zil~u-GE#C^w}Ww}V~mmV08b76G+u6VLZ$EHHQD_45en<iAA<}#Q<x_|#O||^dGz+e
z75;X_^YFrf7*F+1J;T4UpxKCwL&H%2%orvmqgEY0W?`qTwBcP5sUkc<4JG<M%0cc!
z?6dryq91<_8FhB$;wi5Qw9Lj^&9mPdPAFyW?g5C=5O);)!TW*uPz5a#=J{aL5|1m`
zD*`?KK6$@6=Xw^SYDP8XW)@<IJGt8|jBcC)ZiRf%P6m&*ik`@Xy+sO((2~(ei;<4=
zAX>R0-BLG#xF|~{dG-S_6OMgUX^dO21w!avB3=|L!n(p`n`pRKW=pgJapPTo7bI6w
z-`>*%)y2mwG@1DlMm+o^8UgHRq3V$EhLWhkhZxZ!<Ze#Q{6--xw_&r>&>>0RX1;oU
z&uBQLpM4X8{lkissD<Lh`$0cm`h`uV6zMwKu?SJw#TIFJQEX^6iCe82d5G^zlYczP
za+R-6m(GE%g(7MPcyW2MoaJR6ilFqgIc#1l7j^2iNO<mF-Xil1JWzF<ZKoHdPj4=a
zkKE$30OmglMrgD8C5zE}LeGt`V2%)}=Fv66x{`*j#{dPDa$l?V_eUj+-}V2d2OJ0s
zyU4E6nY>*<J2<@zC3+fO5Xy0dXDK?swy9rQNU~RZzy9_)4Sm=05Kq^WISSED)J*ep
zfO*PVLDk%PBfnhEHj*<aO6_wYKb||Yt_Ret@fXpKNw+LiDPWFA-fG6{486)=pV`$;
zYW4kBVKJKsjLhf6Th){+Aw96&zm0mSMrr%#T!8Qy$q+Rm{};tEE;A#=Bhia-tE1tM
zh{nkU>AXqCJxN7`b$tj)MdXT%27o+f44|nL{(TgY7)RrAH<pOZ69zL1=4=e!CbRR1
zuFxs%+?54**V%fvm8!!ZAT<N!t^?H}zot+f&A-!>x;5D1%>-COGmUEa$5;!dz`U<e
zYd9;~c9GAQECW9WQ}0^Un$ovcm(q7@&X_so+a@L(=#{S9q7*DvE9^21+CS-Mvv;RU
z>xoPL9>SICXObbWQDu4jy*$|v(gr-4Fi*=c>5d3$rdceY%}8>gkd{!#6(5O7@p0VU
z)|!g@4Jt7vvm6D*hE9mc+e`CBC5T#k6_3aiR80!Dv1U~Jdg^>(7?ya-53MG){&19f
z8~?!00A_FS^c9&-`RWwox3i>~t=-(h7t->4K{zYQL5!Ae8IF_I{~ApOj(vVPYE=n3
z{9@5ir!t%dy{pltLL7geNN}*!h)6TfN%3g%S^7)9mSU1Er&pUB{>Z@+3n-y8&;M{V
z-N2enm^rTn=%+2SEG6CqRnrBfo@1esQBh#VA1Uc-0p$<|3uu#y%V;jjq|_PiGXY~W
zr#5BM>UJqvWFjnMfxhiQk$BkW^qPsim-+JX*Z2jS$xO3s!qFC`ESfUTy08lq8Iz@j
zD~O87DVJkliLyI$=nAdU&h)Y{FgK=@WCMtX!gU}fXzr~lVaM88sE&Mgx;dzZ&`d-c
z{*LUqhG5M_{xR*pk3JKDS2u@Gihzq><XmtHQ&7q>JF%4j(W8Sz;IjK&W1=xnnB){#
zVm&AZn)?d%i+zar(ZoerD>!><%*s;SZpImN^GMqS9e^zw?d^g|`We$k-a+o+xDY+>
z{8L#mj*QnNJJHQpSIRUyaeK-*+e2|HCm@k5ng=v15lzUkOq{tQlPnso&HL(Sy;B&)
zC*X4*=(+d8H}2rjcf-%JjJBZ|i(-nho=U|$e|yIqS2uJgUwzgse6EazFF-?qgt^vS
z<U04dZ-<+b&h<vyx-}<rnC5CdE;xn?vy?NU$`49f(za#VoiO$g6r(d(sxX^`5~*rN
z4pDyQL>NIsySfmuF|4`p7jx2wann|)o$rb2HVE<}e1qs~B-O~+<uK81s#D%rLshXe
zt5txmt8*Y7;FI+<apnR=H`)=#yE`2`*f`s@U*aoca8r?GUDl@fk9!$HhjqEQGw8u}
zk*uP5d<sxrH1?r=ojZD~INLGit$k&AQYFKcf@rEetesBvI#+S|NhN@h*_+fdsq7j(
zbJmM~%(UfAYa-1P=A)Si`7gbPLb2!Xx3?w}<DT5_I{$~H%Cb8s<;b&CvOaAZgBdEN
zR-FHvyUO*Ta5DNnu*dDv&P#=)Zr7&b|3lrfRewlw`<`!x+Dc1)lH2*RkgXyb0_s5)
zt$V=Gp8Zwojtk$pw8SWVV>20KYg<=r2C=mqbPh2!Qd&iqOl;#TEb>=UkTeXt&He1p
zS^oredMP^80iSb1Ta|^H@6<=fHq$0pkXF6E{ZtrEk(=O1EFq`zD+%vxo<DEAIWjf@
zG{P)_u4D)%^kV{E;hV6;S)%99GVy6*S&0FOY!!b0hp*hJ@rWjqAi<9;QgWu^EejK?
zW}_fh%->XX5Q9=o&his(zlVs+Je_71xSq}iH9hoWvBm}&1eqm}%Hkou^yawh@EQ`P
zTB|nBR^MZ?O?JC!qPUyjTK*>MI15skEGFx07a2?XR}HIMo!Qr|2VXUhV+YKo<2u&p
zBSRr!jSsF*{(UXp^B!D0x1T4SZ=@MgPR1CT=1slsqvrd-SPb5Stybsop#$_-Y-P@K
z#J>CO#ewn7#dh2|f6V8jW8L%P6?}}DfESm>`?ym@^>ZstVo~+e&64;vwpONYWP#c>
zlV7m#J7us9{`muxR_6=n?VuTjE0?PW_5tb5MNS!>{1^Nex1{&m5j?Kk96v=Q18~Dw
zOW<ao|KahW0i*U(+`93){`U6VrBjx{tFyl;_7NCH(t3{~Ie!B*YZ;c@TX(A3pB&be
z!`#je&aCi}!}JTeuryGUe0@FS{@S7&E}?@Zok*_lHM#4QKCvJ4-d5z^Fz8C5!oOtQ
zwo62GOS=-43O!1@Qj-cTKlDnS+qJ#>P&&ExRyGZ`T8YQd)$eMi#@GF!Y#Qk0UuJF3
zP;46fHu0oi)E_zVq*v7cap=`Dw>zk@Jztm$0X;np#lW`hmW0UAA5wA6^v`+<ieY+J
zz{sg*_`pAQ8nk)@G$#(6p9$Jq5lY5zndFN6;u<Vj)$}zmwEt;kCxHvE$@xl~oWz8~
z;cj1eX-a#0oHK_UHz#_??%w2i)Q0Q6JL9hQi}40LO5W1Pi|f+}kKVVj^@Q`$BRSgR
zMj6v@D&&j0fBJs?dqY~h-NjI0vtKP0lI<!$Yj7>&mrZVh0Gdi-vf0+64)(6`_*Mj8
zW%6$8ObVS-j_sS=z!b{wcC>S6L}f+UOZf9^;`z}L@$)!}Y%jd`@^Vei`Gl#H0#E+9
zRzF{0Wfd#>*a0F?XI5WcuYqI%>s;!$(T%>jJ&V_Sp}hRDPUFKW)8EZq3C^DpgTf+0
ze1I^7JRZ!`<v^Xlj}MU_P;`8cjB+?-4-QQ0fxpvY1=k2_;h-4Q7dxyS>~C&Gdw-o^
z#zJ|C#8>g-_ll;_+UYLUA@}YCk1s=DL33K_&r(AKey0w==EG^J(VE*LRJH8<U5s20
zyqJX3#DZqYaf5AYV1O&OUh1+Y(x~8D5XzV6oG8)x+nfDqPWn?m$S_<Vc}OWoR`&nq
z2COr(+%f5rleI_bA05WML<vQVN3A*O^X?>mQes=~i+qGDKwIvIr~Y}0P$f;DvGO7g
zY{U=T?W#(*$5M~w)6iaLLk~xKz;z)ujk-1~oa65OX=&uC7l!O%mCF#ISuAZMyqzgX
zS1)ZtJC?m$zUb9Ta_>5*$QRgm{UcDgAw1&e@=(4^mV#dkS|i^q#G8=>3#Z$_{=bW;
z$EP!tzbE*Ce7y>^=qI!L`M5F8;*)tXF{xdD?qB;*bQ)HpxH#9S(lh6~b%*ZM9>VV>
zfGYV_Q(<{0Mahb<#>~{mqMu}^ulL_KJGb;WGrI5QysL{cb=9P(S^>ejLA~TtS~HQ}
zatjQmTx#?5-OoJqkewrMzis@GO03J5uiZ=|x<-&hbz;w7Bj*N(Av#A$CZAlSRxc>-
zBkW%xI~Z<d|6J7^>!k<#vMfu#BNt#7dhlIxo)I?BM!u^ofU|q!dTARKV0lFU6R~vl
z{9{`)8+rF<;d1}@3sTNbmq2;V@@3`Lu5n(iXnA;DpxyeO7zyj4d;R+2^A11z4dx5k
zV`Vn|{JE^sH;n#I<yBgi-RcU3;MdRP?R$B-YJyPR#O>Qgw0q+1TZh+9#kNi5b#7j}
z1coXK#HAtzBl-`$rr8V+O&@B0yvR>F+|Cg_4*OR=cF%Txzr&7iYY1s@>(<8!y0;E$
zJlpZ)^il$K7YGmChc6;R?w^ySyR^pS{OC%)d>(2~q@8A}54S-+B)Ql>67lZu`1@bl
zV`cRyOq#c;KO6SU;9_jL?;J<E1;##HZ)*=2ri8xu2wG_FVq_UiLMV;&ycho=aVaea
zu+$IuH7`C@5`u3UEQA&rjWdi1`7wO$89g{0e=&TgE`5E0{`WFoFca@71p)bA7WxXO

literal 18030
zcmXuKV|XUd6E6Hbv6GE$+qP}nww-M3WaDgX+qSi_ZR;27<bTflPJfv0s_LnkzWctq
zr>2G=8Vc~g1LXU%8`c+9Y?;%$!^fLBN#2}1qbm>qN=`)S6*RFCazY9Ll|Xn6k|f0}
zC7zVQxd05JY3O1#c2{!p=v_i{dw!_CD9!EY==?f>ozvt0qlc!U<V&#+N<esizPVFg
zbAEl61AThk{r%m&@<gHLcAmu@&wZlmrcnAe|LO+o83*bP&4^QXG_JU=hU)KF8wH}q
zh<2$6UfS;&Wb^xQrDX91Sy%eEYe9`2ZG7=?nm6~rtjJ!NvxBs6d1+$-KACE+*4>f5
z5EUZqohxrKkMvpGOccYj%UyA7qR#2JidV56Ei7S=DSK6bg#EC$+OOv3{4D4@vO=A=
zxJ~O&mEQFBG$sG>OXaE2w5&J>^gE2e&}f{!&>g>z{j{`Kce$R&l1i1F=Ht)xwMPTN
zcNf<u54!<rG%Sd{cEGLUH$~j@_fx&eet;TZmh5(dy!mHJtqbte%>?;Fot}x84SF-z
zG%JeqMHkuY4M@lW{MaWwpp^#+;ELoWApgCS4fa(^daEb3%O!P~@mF-GTWUlL0&sxR
z#~>GUL+sv|$?XEg3(r3mA3nQ}MBgtDV=&C^+w)Z8IEIn(`D^V2)PNB+xqk&64!mDu
zp>AviI|6JyScwbCN|Uvf1s8_(C6fnK+F&2wVA5LvVfO~k9!k*fCh-^+gs#D%9T#Ze
z=U_s)ifj-6k_!G&-JREr0l6%skylxa^V@Atv9mV66=xj7HSDut{&wm44Lw}s_mOi^
zsaV+CHrJjb#bBW=I>e#1R-9#E``3(oF*c&kKNRaf!F&IHJXDZeDKWov1@<<wY!;wY
zl9NIb=Y#)oTyf??hHDn_yZMkD;%H^rmB44q&%1mO>jeG1oO4YH($O*aYpoPDdZ3yw
z+k9>DPqP2creq%jBy~Q^>L#6sD9G3Hyk%Px?gpJE4=nof(p1JpC2ch=pGvictW+}M
zONf>*;jglf(ZNUV+$$`sCX;VE)Rv1115Kyo_qG?`(feorjxRj+J`d%WJmAc_Pv!pJ
z#mJl!oTGx9@A$5U@`o{~?+FyP1H?-=YVQP~H*BCAf-^=rDh1+YVj;O<9MBsXw_p@V
zP~xuX5U4Q+ZnukD+=P8>U5h|}y8G_tn2F%82<dUU8}8;<iojnMe4#R;gr}Puu5h}m
z#qEioU5mQ)SK?R(a^=P+%FR&;l3}I)@!~-hk5>$`cE117{q}s<9j{9tQemlI<9s&}
zVY?`}^lTT8+p_~<yE@q7boau|vDLq~H2C7ms~sT+UO@N%FW;REH>rrW+j#pbW`J!w
z&<0LVA|St&kMLQ1_NzITVAbsvGvH*EIs(nO6SOl7Vbr)@b5EcyR_5@Z|2%)7o$h@&
zgyg%H?SZm@D}$9loSiOrxIO8W#E-@CKl%9{#Emvp1Uup@p1Rn{5k(HGoftb^?C`&m
z?<=b#WKLx{O|>KJ^r0eZMSkEdPSCj26j#%$BgGD5BI`Imm)K5-ZX#J7sUATZGG=o4
zuG)46IP_xn8?QriZFGuk>Q|&s;`3bMMtd~fg3)z<Hd;e{Ww_L(zf`y0ls(tS&)o65
z3*S2Xbj=3PSa^9v@VNqXE*&#nE_q}97ifLB>@_B_yLHT~DTjZ(Z~s~7`fMyw0KwEn
zjUI;JF|J?5zl&uC*gv8`e2HNEJa>!o$!hgP%Uq{P==6rie=o;8P9mfmT{=~pC^PlD
zSMSDUXB(PTZ(ZkTOR-Dvv6J0?28Aq~1iJfcZ?ZRQem;;8uXN!m=J)qq8R#d=wOoN2
zSuT}Bz^PhK9KE8No7;E|joJ!*z3!6r=a7QYU7DRC;|&OJeK&s38VQ`j6NOQN2hP^5
z0Z>m5+GlSMQ9ZX$6=Jsqem8rs7|5~+JS@4>jg~A-hK*J@^kzG*{^~~0R$jaEjHmr|
zrkQZho7B<Q7CH*^iI!%DRy!`H&J(?x)Y8zuRtz;h3!QYwo9ofRE(W~V(Lgx)S9bKu
zGoSfRyS{d`*kfPEniKYT7oAG9Jp0kmZR?ZZ2N)>R4zxV;Q3aSTH$Mq#1kZPwuz3Kw
z-1}HNpCPy-KdCJi?oP{*XwO4~G5!YVcB<D#-z5D0CaBT{k-W;}hCul|&z0Xv>N8it
zvg9y5%jhJP4n(xMa(35(eu4xyfoOJH28-Fn`ijNOwHLwToxD%}iC)3%6>eW&g4-m{
zW(h<4D+xr`CdQHgUreKJx7qHzm!A(rnr|W1+Ff;tX-$N*xSKS3l<Iht#`&8Jy*y|c
zry|Eyy36~G7g<eZHllVbTwHF(P1j{9l(%CZ#8Q>YVwLiLF~EffT@AhOBARnW1^qb|
zgE^Ga*%q@pNe&-|D!gV;wC3H-;wrun6^<g=E!c}~q6+>fP?uRg?C5sGy64=#>KXxs
zR!cTQ*Kg(T-J#ZM3(rc!zyDehaJL2w{kQh}Ji)3H@3TPQlLoqP!}zs4Z9^tV9vaEv
zd(+wB+xg~hw4!U~^*y{KA8S;-{Fcsv@^;+;c~HRUMF*^=<Yp<q^?Q6h-bMNq%z)*J
z?ZoW)K=+X$&Z`~N4JEv57SZedWX<bl=#y<z#m$cZ9>!qQSfurX1zqJ*b47q<VdGg_
zZ%4xor5Dflxl*&LMZl)QBiu6#HgwzY;pq+yGHw$y{<$pdxmhKgV=<V>5dYc2VAvRO
z766d`FApWJx_0^aYA2xrX(op1ZD^tT-^-=q3*j4qV^K>FS4$MA2s-H2ki*4W4>s<D
z8tqeA+>Y%4L&3qb#!`*~()*I_+F*X6{req9eR}H+0UL@z<pmG_%RpNF>c6*IllqRH
zgYBLGPl_J)mzT8q^faG+tNb#(oV}~wRpq;hKcnu}pB$B++1B539bePd-&RSbUhfR(
z&r{7)Wu9i1BD%s$w`t`sUp4l4{&vV8cO7@7r?(O#dn~=>YYn3fmg`I>W=V4nExu!3
z1U^Z%881fDCIt7*pQ)Wrz(@Jbo1>ijCqLG<6H!`r)DLR(jkBxSUiO?DJc@s%1EDUs
zoJv|=+h6eX79%fFpb|BMZhaxWLj45OqkHjHoQ#V?%OWKH)j_%b1|31)|KYB{A#36^
zWMP$~L55Kq50z_mVV$X<y<JX6p0dy&Bp~60eXTJ-b#wCn;_Fxp7+zptc((T%@X<+G
z;kt2P^J75h{x4<wi|tc@in8|1fl`sN2m5VO<1_(++hGS*gzpDdJ07_gME?vxZ^=z)
zK248ogu$m9t-6!p>0~WhZ>_!Me@}Q1_OFDqod;9N#+zig9`=3-q}$?|9^y}j#DJ3;
z;7yDzPdT6Y&PBFTV$GtRkI%BFg=r}&a4dGaCmwR4_n-4w06=iq$zf+9Sb;zy_pfT7
z*LzMPhF7Z}W$p8Iy4wPnE*dq&zkGa7{AjOMSK!H}cX$KQl#X8ad1OoWHeRDQ1toxi
zd}|2}bg43|g+Sv$ea9!5B5v4N!d_#2`%7!I3J}bUuu72=+2rS=m}6%#WL%$(1}b4M
z-VM3KjUMggG1cnz&d=WyX{+v?ipcLB6UopU5ybE%jI!B2jWhTX;Bb3y@-us4(v6>c
z;=BDGU~Gexn76w?GO0To1pf303guuYQhvp-<T3yp?T0_@v+ims3q}IcF#~$0c|?5c
z0@K%cM7k0e@mu+J7LKxsz6t<>_F};X0kSMFb`|{^xC`Umk6;LGS0X3NGUH>7QPHe}
zv%DqPU%mf@X?%K&Rx!ZJJ+<PSJpGKvqcc%MH6|wa8`oOzQv@J5H$eXKTQJ}J+t~X1
zBH~krpJT1p%<<{u?&+JL8-Jss{L?P?hn*^LPv4g;*5CQ%Z!Z!b!MVf6A_hsKh`|^H
zD#r&d#apLWxy`d6jHlvWE%0NoU49B)@3X$h7~egmkhLE%>!TYK_+phOyxy{e_U^l^
zflDF*pD{HAeguf_0qD_q`R^A|zn2seeDJQ8kHas*FTS5O7Vb1{kC?8$_Ydk<=S=SE
z0!F_<n?9E6H7|n?>NS5~e+%Hn57)5vec^q3%r{(n(zZNDYhJb-tbeB+FdGJb@_fw}
znjqlE5Bv5Yv{x>i1k(o`4&+>y_0j>NCDkCQmi*OVMRh*5fZ8tw{WF4+VU}%jPhv+<
z@1Lyyw$2=&JrCmoON$2y?pnuwOD--fsxB_FjxQ{-s!*BJ41>{r<f|*FEWDJED=><l
z794tT&35E%?%lD|R?rA>@y_*$@%>hmA=Ey%iXjd*Ttu;b_%F<dH(xMsi6oq_y5G{H
zw0DIBa(NQJeUQPYBj^gRp_B|a@v}dHVtrvgKaCob_#myMWVz|rjM4pjUg;pg<BLd6
z3AuUxk3$W?Yp7QFdoVKv#&fGX4|fRd$WuuS=rO)O2^Q78jTC`fUzSa!GJnQ*u%KUb
zeE6n;h)RWYxJI(29`7Vy^a`#WrQAcBlSV_f(BaDv#LRfVvB27?MjYtmvTJU$uFIcf
z9nSufC|t-)ZnueQB#@S{iqMiii)VD}hXu_!v*XK8J(H6TNGffYcpCc?XfX1sjf(*O
z_b=~P8MCNH>!u7O`IE!NnJQ*T=aC`j;f-o?yu5H!-R7@|Dp+w)Q}=by27m3$zvR2C
zC_kMpxIrdjD#J{CWmHrwW^?4o7{phHRK>cDL%j=Xaytrub_1fSZZ*bIS@P2Z6=K15
z6TV^OW3~m-eDJ4QTYm&uk+g6kyg$Y-aqbHLo>~yG8=1<kEnGUZEAA~^#zW{(_LC~G
z#&ll<WoPG<#eB0v@?u(@N+}KVImWGoD&?5l?SEW-8AkjSWm=*&|9i)RQ}{cg)cENo
zQoGd}v@1pR?XHAn#&TGROIfy#!kT?hXBZ0`zGcdlb$5D5-2Bu+%n@5QjH)RMLTopj
z{xppE6b#E;@K;k(qMjJQ5gQ;25l9vG#Jc_jDu@AaU2vxWi~&qhZCfwaHz|!qWZyQ9
z_wqGu$pD+4r05%908k0zdOd*Rw-&8C=Ee{2z;OjX?=-7YzRD*2Ne<a*LG8PvaZ*x^
zH^!-M#EwAwO7b;hJ^&YvbdHBh+{JD!a*i`&SfvW|n6ul68IS-k31g-w{3r~7Vq6eO
z{b~vofN^y1jZ0wk&ohfr+~9&k#sOuIa+Q0sL#sMZiM^E8X;}y35|dj_Vb{76@918}
z!C2;j<FwN%y7a`mLoaAxoPtR`y*$>1bkF*qRz1yA$`g+g?)wVpd)>25Rf%noaGRV#
z_nM(^;VVtbd_M@F;fh7Qra)XhseKHM+M@QEuEcf_AHqskFSo70k5`PE!*aYRuE17-
z_~Eg4+9iY)cYl+LL3I*3k5&KGp%2H;|F2lxsLZ9g#oScZdt}rc?r*FtM7_x)`FTZk
z!wzjX;`VP(797m2j4yhmh&MbpS_bswf3LRIGq&FpF@)B86hqLh`)G>Vug`8<y|JXk
zcTXlu$UNdPzxn_2S*aSV>ovU5JYx3t;oVF{W+;tDFy**?XD=BGNPxjEv@;(qZ1RJ>
z`c7=Y`woAD_KDx}%oaNd0McpvYluy?v1-pw?ae!)Yw}G<^|5><rrRk#a?;i=4>&d@
zO%3J|<6HGfy^NZR?lyS!V|d~x_xYZG*(URuO#~0R^OJu1BK0wtf5|x<uL*TIk$*;I
z(B0&mQ&G~_*3#Z9r>(7`tWDRwrqV~ZeDwTezM?EIONUBYM5-IEmrFuM{MM%OiJcqa
zvjUgYAqVlD1a4+x$B%ulAsBk`Kg-5&=}dTm1Rg0P^eImtEg9nK3>iv7{BDd*1Ay@t
z^T7+&6;&Yvz-F`s1C6J`7Wd860hO@<LkNWYjMPy^mhV_dLoB3#VtW)0o%#dq!!HV+
zz~;$Ml+br(AP)p1@9QJ6ptP4hpRrvtut@bVH~g{p0YH`HvSQe+2v%o@<wUd0QBb2{
z)*VcuMQftsBp6MGNBB6S3dr=Uuw#ZK-2065>*x+U#Lc34hnuexjFQ_2%p*k;M7vtO
zHscCXFY^>>Z}5`_K#k8#TMIFyZA$|a&a*i7*!8({U<m1mW1Y{8X#$&8e-Fr}&`WHR
z)u2KOrnvsb6Rem;=md1l!xd?r@7n<$=T9P9WVwyNHL0qPfJH}EWbA?DyB^v=<%QAi
zn0>=7vgszLh&uvFmS}61br8boRCXkay#RYiNw>q&2SB;zb5XXLP7v$D6~M~EV!KE)
z5K=Pp@1Jv!I;ns(z<i0>t|k4Mv1q2yzx%*mph^qN_b4a!a`Xb(1|F{wLPAcekhqKk
z;#fjX&XWr+9bXi@#JU?jK*QUn4SYTuj80)ahLxVU4DuzQ1f;0rp5PFOt9df13{Yly
z$Pw2s)nYVjUFR3qKiL4ju&?ll-qS1qUfeypQ!FznK#I(d0;WMZVXFYW`?#I9z34zv
zd4QuXjeTDiUF;qJw>Qstss+gDFBSG6xl?3lGR0#`pW8R&pIx~e=Hlgp9eCiK#+=4c
znA|&V*}A8j^P7*u^dlVp<R1I5k;jJ;@8q7FC-8uL)E{T&2vhWZHY<Js__qiGy3a{w
zn`vM5hB#NprB@#EG<BlRsq{b%r_Y-T2eOUEBp1yvsR_~Qn!Het-cFSN+4N}x;4ZDS
zc=DW~unzDi(+i7zZ{URNi=E$5Y=_*$TyB*L5IVvqw%(!Hi|e}^m38e9kmQ|svgGF8
z3Tzqz+4bZ-z`^O$FGpkZiz@3js1S8}GDqD2B1pI9gUy=C*Ms7w@{9cKH7{^Ml>R{$
z_nmnG4<JES3$^=_E87aX8)5?~U6(tB?pQOalz)<)<aEu6u|DfW*f@c(yRU1JFB&je
z)d+g%R0ALJ>R}egxk8Wn2|g;#v(3@@REW#KJ=Z?TrNKAfoxE)gnLg2eoYx15hbf?z
zWrGlR&pbCj*-pIrj5yGp<8mbdu1{2*l0_3?(j%=cmqml7#wn_emvy0X_=Rod=29c^
zXXj!_V%ep}MJb$vg^9*)Ust03#%|t&>%^Hj+@s;R807Mhuy8xWY?Ns}(`UUeLv8>t
zKRAsM$Rfcc<!wO-Hlth6EHe;uGer{1dxiwylt>JGmLzZn%qSHp5$eVAy^^k>%G?;u
zp2n=HyBZQa#Sq1o&%YxFy3kswN~J{t<Prb$!BVvd+yh$1Nx4WkzQ`}}DGV`-6QHKX
z4mvL}rARAY5<sa0h0~4(quTlyB<AgnLeT;ZOn|$&Q|*6aUTJ6q$q@o7(far@KEQut
ze0x!!_y^rGimZ+zQ7)Sx19~Y=%z_@d2f2TRizzY4K<?(cYbztMv4In!OtTP+iM7E$
zyl-a-2RT9z=WQ;qg*-TgSTtZDg>;}!R7DcCNxkhYFsghG&q>u0$IQlY(sJkFO*hWo
z$ppROguNL`gPiS%FP>z@qbzpAJuW4CR%QNcde069yC4Y*1y&pWir?4yXF1D**XF+7
zV2fHQI!s(hU4}up(c4+_Yth9Ppmo~O<bsUY*So7N#I0du(J6;UhR9<u6_+@pkHe<k
zJ8|gDJj8^0RBW4N_J!8;Ep!rq9L1BNsW77Sum7emK;OM!??r*>`I`iXFLEb#=2`lQ
z5Nn?VcOM1tBAz5Y(7d-~+llup%bgm{oFRL7ykPtr*Wx{a`TEl`Y$e$nGovRbmVPuK
zP8whRunokkH-GUv(sq05n%s7onLRyTvS2}BjV<C^{mBjNkv!}zFiJX$`kjAhedfea
z^C$wHxw7{F&tU`T9PK!o6`tD7>X8J_@h{cOa$>`C&#7seeu~S2tCt8jMAdrbLzNt|
z{8zS$?So>a1LIQm6}6n$Sh6Z0F`w0RH+O){P}`laU-OT2XsQ~ma%S0#MwH!OG{cZ^
zm#KzYdC&xV@ju6H_GB_Q1+IWm-T6AHUx$40th)1_x;V#4;yH`4<=#LmPf~=Hq)<~d
z+SF}%a7WMV4Jr9|Fvzl>NvF(Ju#_mC;tFxkr7`|E-<{rYA*s;qiXYV&0oSekH%b;G
zNj%9F7e_|2P^1Iwbumf2RW-^tHF3lnI`&XgTzrEx--RnRY16Ac<jI*eAt!sD$Fc=2
z<X9syWIsy+n?t&`0E|ZJfZYlP!H?f+lg0?Z<uA(m8LS$|{=#&Il~6OfWP)aOnQ}dt
zvs6@X@J6u7SVa^YjC_n19?yy(BQP-cQN%=vR$x0_<fKYHidG%UD&LkP?4+IYx~Cic
zt2Xx3@Id!_sGlbpYhU*{4@t-@igTAmDF!wKz8rw{7$^VElx4?rzL3Hn^kJrqA}<v&
z^Q7A(#EIfkCDQ>`y&#9}H7~<?EjA&q*a1n0Jw76<LmMlER!~%``!{%EoL)9VrI<%4
zwAu8O+6uIyE-vO6{7XPF^ih}*K8<=5!pDp|@IOps1KFbv@bFLQlnWbE&q$o47T6b9
z#lu*TaOgc<RYw(lJ8o|`KW;(t5kp2k`rn2q%40zpdrr13JF%NN;xx8I>R?vn2<>W2
z<*b2Kt$)H~xI@%euhX;T-B;vY7bZg-xdp=}=PU$5NT$V>YR2A%;z;)NB26T=UsM}5
z{4g_gsd#0FIx|0_foaA(;$PLI2_lCEU2>8{I*+IgpC>B^aUFCIW)0FN-Fz+t%RF`4
zf9@~=rkWu(!v@>{@vlfoB>S;`yVy_yP?B$)n>T!=^#MxESMcrUPln>@*pNRAtH2Nn
zOCPY9F8B=}D;`9`LfzZ-9oK*GA&$*uwuIM1ontnq{-ww_yY5^9MDN*!o&?V;$yx}m
z392-Kb+f<!8%{9Jj5H4awHE-E%sxo-F|B_FmH>wPadRyMnc<B40nY5%?g|d`AMzTR
zT#CMUQ*co!%!@|d1;M}xLZA}+9=uaG3gHgHIryF&MaSN$Zr6h!4a#1j9p~vr22OoW
z+@l9`D|aN1D(CHv@cj)`a)rL<mVZ3;(w=WJQjtJ3V4#z#F?+~~q7)SB23ms?II<b*
zVkVRXeU$a6M<IBvE<4&TPXkEf!A|nKCh?3$FxmM9U{;pc-?qJU!4)L0R%ijV;T6sF
z=7J;~lSez81Ce!-bZPWlVTzE2GJ=?K0#(m-uZVTzL7XUc<Z;+17Urh;c9mMfC1(!|
zl|vH_grT<aN>}OK>&5<|^<sIAfF#&YUJG^T;s|zZdC}x|Zis1A@YS^K5}O`qUjniO
z#hYNC=Oy?L=1K(|fm!1C+JZu8^x?Q^j}@?Ut4aAmjb4D75S&ntJNG^DH^TZlyd$j9
zqrE%}Ge-YIh!)FIumm;fj&o*A*MZiyXuct{H%xX^vs=JgDUafW3`<$twM1Y|_)oO0
z<6MXyqrP_1@LlLXNJ`zLpq{}$@0ah3MA5Zqz<Xwv=%-SU!%cZpPa+a~45c<ua4JR7
z@1cJj1P@ViXN_hR*mi@}Lo#68>`BB5Ap;_9B$K7$W2#HsIG>lyAbL@X_lR4pQ^x@L
z0AvbN?opz!JB7RUi*EZsmiy=?di)6$U|WW+bUuzDGP|^NR8y&0aW@J8;(m>!-(J-H
z-oXqcS&v=l)ul*1W@8W)oT50$=5Pf>@W_D@iQ<n(5<(}E;q2AKccy#1sugt`MCZS1
zKE<pL4|ZYlVsm-rem1D`QLsQNHV}YE(CK7OyO*k;h8ZyHl~P^7lxSoc;0PLr0e&qC
z6xN3f)Bx;W2BS0qJ)2AT;XkR5q&NiE{(%Ml!PPPa&hSe}kW{cm|9o}?S8Oo{>Ep_B
z78YKchX!2X3I>8wwmX6d3P9Ec$F$gh^v%JUpBIkIeT_5p&DrMwZjm5w0TTN7c>&6N
z>P!i@SStX=W;(pU_w?0}jT~^s*!10lUr^~SDnoCg`wA*IvcTQ1GDCb7rtkD}qc11k
z<xxLd(A}>~b&yYX?EZzqKEA(Ub!UH?`}m{_tVT*B-cGGFbGb}lnLT4kDFUek`j@Xl
z@RB|zP}#K{PytzJa6pfD&Z>LfJ^{|a`7<%>mivg5&INBTc0nz@Uwxk-eK+8NEW9YJ
ztgx?Y!Y>hx4uV}1&;SXrKq4T(oK2Y&&WBP@7Yb=g6%Y5jo5Af}GLYGTs1I}VTN6NT
zBry&i3UJT_=+^;~tLVVm6u~Ti0j1e7K#DYhIU^&pFu>cVGj1Hg@mkoF9o~jZK=DO1
zt2sy;C&1osq)a!kfhG!&x&cgG1)BGki=ZrFcZL*a`B@<duAPVhcrF2cZJ-&Slf;1$
z6_TVZ+kPPs^jFxV9o<m7`aA&pV`+R!kUqNp9mfzC#f~mpc40n9!bO)g(Wcr<0L3Lh
zP2toLthwZivMI(T<>y_8ksZy@m0A#uLue3V>2JjZ?u`C%4j|Bj-Q_gtrg4@5M6+_D
zcR3Gwg~u9N`%;)ynOcx1@z*3m#kzy=q`v*dcwuTcH`?xms`Z+X8wf<Kxc0=_%~WwJ
zUlz=*Hg)6W$@yw7Mcrk1`(gvJJsYX@+5(yGREC*GoFNI^DP5;3h$gAhBr~p1bq4J_
z3-m5bq;{%Nr1iAvngwZK=~+C|kTiwrYkWb<+vQ4Zo;o)*(3en&hKaSZrbO%PmDjp>
zpEa<6)tsy{^K8tzU`G1-*P?XvJYYtyP(7*$=vvA|qgJj?ed4D6W`^C@Y_%w@R*_PX
zsCA}b1&A+F`k%5w+Ps)!9-v<;(67FuT=pT0jSsEpY(o@Cf!CLaptz>+`8=!~=tnZf
zJY)c(=oOCe^#=r_(2?p;!%^l{21t!~ij+lyLU_xCE$l@ca>gA}42?8F!VP9Zk=!dy
zaW@aw;W=V_iiC&?qS~%y-;Kdx`dre(hn{DvK-7l}DcB5Zi0q!sYXEhd0=ioUns=y3
zB)AHV<O-4uhX#V{0rCOF8HEATPlIWuK`RcR0lRXbZ>7l}`A4Qe9@`vi$1(pXbUPH`
z5RS@q$LDJ;{pEkB!xHOu$iT_lp6;p@f9%0-<r1&O{t;#4<oy`kcysjCZcV)lPW$tK
zXFu~DL%bN+pZn#R3rMDZZo7eYU6pJ@T0aGwt|?4_)LEQ0>=3Jci9yJ5?v#nWvc9KS
z0F#N=*2XMaD?aT#eEXa+N<L7n64Xr4`|fE|VV}xbK{;`ZHmVEHY;C7NG;_r)g7cxR
z<#L%2j~3QmY|#4}wQSk-)kpog`fX$I<SY)7XanOLPi+rPK~2pX*Es){excgUO^;OB
z23oDTvSY^OE%T17_0jdM+j8T;$*9_tta%dR?0(tmjqnyt7{qZfZ$0^$l%?oTLvW_c
zRl7>Ey%V)^nZW#r8k_;lF6k+8W$N6CgeEftBGs&Pkh_<-*2QdGfJ*1|6kY3)%Vixa
z8H7Fsm$Lu0T*)TWTaN&ni6Yg9$}A-`S|gijptl%*ohufi0rpLRO;+^0AtkVczp#$1
zka_p<9aX3}g{D)nfRyjTV4o3cEE^Khlo&MdvJc5{#cZhlKb1tR6vFA%BCCmjeBNZ7
zT&BnD3HQy+X=Reia;H`DF2+>*QHev~VS$hZ-|=z-ZC}<i3?Qm;(Fevg=UbkRM+u;q
z2Fb{RXow6V6Cw;afdUwT2}U*|?Q)O+Y6eEigaJE}flh6xa+Iq2kOP_3iQ}PwKXZWm
zxkVW)5?I>-zxO4qIj2RL8+>@jcgyo)xao@J|1uuk5g+G0#6i2*{(4!7p+D3|(YnwQ
z+$l21;ei_Bh;%o>(U_#CrB-IR2`+kB4PpkGnUwvn+03hDeuW2GXAk!{@66ViN-<f*
z5d&=VkD+hODW3=^5kk5CtJE4-nDH3N1c;9{y8G5qdoQ$H%d~qRQJM5-gxK9;T5N!m
zQ?z-brHUy{&E`ipJl8Z|+o?49=KpPW5?`A77z?h+m#Xc4p&2-Bl3^CzjF+TlvBonB
zvdNvQ-J%)$y>EIaz=;mP@HbvFX8Vdx8veGz4|KxUOYJg9>4m-_53u>ZWVJ5VM(hJY
zY@YwD__ku3mPS!1RA0XYt{xhxd&@Q>SDrN<hL$SPY@GvN6n?A>_yDus=_ws*G+Sk@
z^Az}j@qCNYTNNpqbQ_k%Sxx}0gR=iA-6$I8W1IjBr=YRtE-=8S136=$pp+U>-<uP_
zW(26pUpXln3ND?h3#<5AgV2*lC=@q2zJRojLPYzINH+({s1srD2@LAU=RRya@u+ty
zYC|K+sy_WbNGs|JpQ3LOk<r+l8WHnW-G_dA_a-Zl<7FW@-+s3ywS^mKPAfSKrF!1m
z4C>e^>F3=h0dcK;A7d0I03Y}+_QnHXbP;E=*YqDv+Bq^jml-p!9ykV$m{-S5ds`Jw
zlxUQru;WPT8M)NQO)LCoTVrU8FTq}k%Kj>rJWY+4$u{qu607iIBUe;YcXzSMda<TE
zw7N(fnNlefkgX5K7;Nf_lOOCAtpW%^<h);1=*wak*o+NCF5ZacSz)&)^_sKhyRbhf
zq1tj-kQ;!w{35%kIgw7e#_qbfpTDNiY)#9I+kzbvxx<$CA~W9hDhCL&4f`eSsk>Ov
zh;aS7+`Au7a*n~6zuGgW+>*JY=L~oE(eyw_Qjv#5nzwxBs^W=t`}Uv)e6uOolKv+T
z(0qAd1;NsA0N3<Pjb)wTMFF69kpgdbZV&ZvZm)$VZ24tY#UPIwUyYf|p0SF!2h5;*
zE%YQfi*2map!y6dS3h>a0^9e@cWcSA7objTN|QV+N^*>VyRC5}VU96G_H-nLi?*}#
z`j(f*3?K#qZ*YOka7ABtfDOi@1CT_2?7q<hpmpv5Ql%flH{UZs+mXcCwc<kt4S3*&
z&8HfZ;FbY7AQ@g3z}X7OD*+hJ3E|b`Ew5q^eiO&?&R^04p#ETx$S4hIEV`-}^Ah-8
zxKi)Afdf`h6`@^VfsPl<(Dl-aQ<_A56rlhz%B$LFfIAv6Iq#oDG+>*)05Q4!&$%6X
z+;<nF8L?kpmph0cSlUwx$pHc7cL-k$e)0UZ#5z$==G-<9aF@P_k9Gco@h|Vrm4=m;
zoL`R*<&g)<*~3;pG~h<waMlB>L`*})ia%R2_of5`RC4&g*XxX7KvMLN2>}LZmO;$f
z_ZIEZ)xVqtp!D`6NLv-Ap$yZ~#V@rMXB@zD$u3{^`D1Ss@Jkm?v4`Wg9JK>}IUmrT
zTTiX+gC9m9wOGVITK*Ci3-F2Ue3XXzB?-}oSIQCuQ}df9T-w}8hrDm0v~jpRNM|Bt
zkk&l;of%+`w{Qohsar{MIHQ=u<2%AenS7Mp^qd6uW*d<5w%cp2milDu(2Gsc29n}t
z2J}^hyCv7|#L#ml7Q7KXZ@*TWijuP&R#17DDQ}G90tIO1u_=JO%#j94MTqfw+>i!R
zP$<os!P9M$mmLIUhv-a@`nBDW0ThJ?WA|XJr!nnOqyaE8i;k5hH}@j#*&!PZ%G4+O
z$bsv~75$H70F7jTtS~LHYZ+=@c`}S011QpjWm`2psHVQS9!&w(u>8PPYf_ob6$9vt
z4VK{R+Xv}hi%fC%+>hK%JX0INkPed4AUl_IbAD+jcK$(b@0dP+kG&K(uOcfHXRzti
znmV>OBuvMLOE51hY-4s3_%><P#;1tj7{CSF`sp6nDr4E!t%TrMmUYgimjbUW)yAhP
z{D`dtOwa);UdtIKP29a|xAAEdgzA|22RYhc7Kd&KupLgoid*fm7c3&#Pwiu}S)^bO
z#A1bpY_xo|Ir^wetm;|AwIYg>!E<Pa+_e~FTdA9jzBm)OkX}|$1I*O{i$<$*{8c8U
z5eRjp!H|-B;|7(ESi1RxbkK21aU+{>GbylrCxN@^^wS9?Qf&5sd;qCc3n?dnwn;+O
zTXfw7w2oUS5ujYxN3ZkCtHXi;Bv6%uf|FDV>yHbl<QX@F3Rz%NBec6WHxxVH<{m^p
zlM7g25*(4WNZWoG5|DW_D@V+nox?~p7N^qw4_r<tlC6cp9F@}y6fXbhz;vpjBY2Ev
z`!FHrJy{^HvJ@od-tm9PF^e*UQfJD4Lx|%iVv|S=YLWX+|KnVUt9J|<9P_$F#fu}(
zrNB|d33Phn=SMW;9i`IFVMnmuG(#5rt<NV)MSC=Z)i207C2Jf;j7EFbkFsBnX6Qt9
z>ZDW@>DlYl;dBZ|&r(c%ljZ`ogjLuM^UQpW=rT02nKJ*n?<LwTg}jmutH=yaz3F=`
z;^GXHKKMljUN5`IIPuQzq6?w12T|5$%mV4Vt>$tMpvJ<yqo9ekIf)T$qAJePZ|Cfv
zL48zL<;)^GCyyGKQ9lxPmTM@#Gx33P{ENxayihtM_Yp(o)XhSMV5q)hj(}Qhj>Dy7
zl5N6FB&Y_W8)zL_>Bw<RJcpaa1w4*&+Mg=Kj_`&*R>8&If-M;We-~z|Ia`X)`?r$p
zjCL1RGb}Yi$c;e*a3iKdC#$3BGv4|jx<hvD$RH6$7<L5I0Ug*0$3Pu7SK?fEIq%KT
z5dx!s_W7=(5y_#QN6ZEZxa&7Jv^HngDLe!DiQ~m+XvG$3;39O{eAU01!K3<aWcwIV
z2P7r5Yz(V$5q@?a&QfAtTBNwClime?8fFY#w0vY_*51l3UT6L)BSSa2zZ@mb7?xT1
zX^C;+U_#L!%;P2(-X&N%@B#$+(2ASDA2nuDDX#$dc@nRtzhRI81<p1$dDTsz8dmMC
zJV<m`0HsQ8XmQ4nRVu(%_tqX1o-BepIBLwbzNiCylUPa){rwyWpUF`KGG7rJl3nB}
z&^y1w=O<vj4)SM6`2mpqlUv!d^>e4^8+O@7y;YE4ovi(5T128m0WPX>FKSGK)pI%a
z@Qs}uNRc5Vs?{0OeEst6q?muJd0F@SW*RlbLr`!j?(Jb2;?Qf_l2OE3Q&6}n9XAIe
zjn(Z_DYf*_<qty`=xfl1wTK<M*9W4t21aoyqJoAZGt_IA2O_)F+H6UbJH+}s6lI&8
zSu~=u&@Op>ScG3bi$jtKJ3>c2arLG!>{rX`NNN3Ds4RXBErhoArBbbjaI|T2-}jN>
z#!=p9+6*ri5>pgSH$fFxqTwIgHKdy#sTVX2kfaelu}4wEEDsY?OdW{wPZCG04G5vG
z(H+Cel>KGT&q5KqU^8wZBpJIRFDiJ{6(ioJ-faFQhE3%wX}Ps;71fgHxFmiluyQrC
zKjeBbEBa-9vC+IKU1{rApNhgqBeqQ!MH&96O;ZZ>jy~E>mu1-qv*K`QzD;<)tc7}n
zO}w+s`TCRCq)Uh5w82RH6&aCE$7@F{ao!TLcv86-usybBU7hPs4Wph9MX^^SqZaJ<
z#s}xl#<ptK)o*B^Ys|PByWEKyyk*FmE{60F+F3TNKtZw*0*bTYzFmxYkF%7J$>E$S
zw$05m6X)P7!1I;5es}xaaB#!!%)a*4LWctX3YJHvQ6A>|pAV)pBHQ6kOpeEicoNZb
z0ntWPJn2K1g=#Qg`oD+kSATS$KiZeqH)i!|Kb_+r?KaGD2c?fUa>&eKjkq;I^BbKD
zWH^Hx$0L%y7z#Bxvk0=RWsNsNUP#F`Llyjmm8VH4_pCOLwJ+q?tS6i7(MJoqHw&`U
zujDV_m#3TC)OBteW~yRs_=2jli-xuA@UQ8s(;9m$kE(cX8m^mb7L7D-8epzM(we8o
z&blxxi1*=X4rFG$gPWIAGpc?Q!zPU<G&i$Uv&TEF20n^i97{lXSG$#DRSjzy9P;C}
zSbhGdTH^4~Yw^V%@b<k(X}b3-hn(iGqF35j=av?+g<C{irkE1C*F`OD*C{&sul+gU
zh-8EqoH=S!N8xmpuVzPSc1)LG&32s8s8#mpuHEBP-c7lE#X5bm63saZy8)IDcyxK$
zU-%uS#gv*BzXbe{ldR$_8=Z@z()fL$DYVA{!ZXsOXkL}oF}vHv``cpZOQ2~;Q6)H%
z0OueHbd}H&?W*dbzmPV?nl#O~1zXg-qdR6>U0QoC7i8%soLb3>>G(`re~Gj$BIoT7
zd5s@lO*b5E?(IZsZmI2Y%#q+-s&SPfCFwN-iYh)J{aKW}YUPjK)!0Nko3}c=8r>S*
zj-(6b9-_o?^oM}zGomf?=BbZurDFZ-M9#wS<_64G>0`LUepk=gZN6svPhT_-%jP+)
z*@LqiG*PK1Ys_auazl|kh!pn3@|#|qPAE?MGc?_>;IzA<{E)**GG;}(9|4PtYtq$O
z=js9NAq&UXVuVSf(6jppL^L=?&-ZQfSG_|d_satF#nzRSN+mqB4mzB3^thd##bY`?
zPzzV+ei66od#SM#x=sP8S0;2_YM!AR<xqV_22``4qi(N3`OAIYr}xbvosYS;m0H)C
zou*2DkDCw)95331%-gJin^zaN5<FA695x7HAAh!6aui_~pKER<P9@eH2e+{!$iJnr
zv1TYl(iGa~B7}7~=a15e*0ECadpwK;_3;x<z}E?}6FwVop;7Slddve@0ds;DI1`J~
z0$1qPPv9blRgybzj$p*V02|K5wP?z(vf9a=tytYoU%EqBhkSE`G=n&>mG=&B?ju7F
zigN?JEBI#Gf`+lJo`hZ+z~c!+R_|)7t-r`Y!|=b&<7hB$&@W5D_NCu%+eg0@FB$}!
zN>$=o4Il5@+1M<5YYfXI5JXqN3z!imTz|XK;eACYlz`0N9oip>_&K*K#J#LQ5YGWz
zA%sPp3ij3oMQ1H1vL0}b-)E||cp0uMy^^7cqTOFQL6NNC-S^5aK)zskf|al)I!KI|
z75E9-MPPn7&*FE*y<a2G%;k9?(KC$^_wQZQz$Oo#3_eWct@fKvzahON&OzTzq&df=
zt(p$IZ_Pd$3<Rlr3?ms-Z!n-k;rdC*$dx)52d+8D*@VC{v>Aw6F}$-Tb$A6Gb~v8G
zkM*I~V@bGJ;Q<?9Q|Szf13w1FwJEE2Mr>d~xJd7D+D4nTvs;<j>uD5>Axz3EJl*3c
zDxgdH?`RYdWhs%m4__1hv49c<u_5wX{U<$(ym5GE{uiPC=%(BP9h~LZwPai9TM)q~
z5+ip+`YDR&#v`+C#Kg+;4AHhS0d%XVlFB!C?>>t(WmWXVFFBH{%;+DGJUFqFgKa>O
zPDWx{&1DJ0nSvOm`0Gw>ID7s5KQwU4NnEXfD9|mgO(C5fpML=VohAm=I$htxXsgdV
z!^Bn%KWMP0_uiMay8I-GlV1>xjM*WMH6ZioVQPGpF?j!BSjV!3J|$0XCqdEp){=yq
z%rSSSrjXJs%XzbsGGN8tM7kZ8`nQaQAmLlx-`u|p$d>x=>Lpy=?9GDvu{#|#;@6x+
zsqwZ-5Ak@8((f1)+;1%DRCGpd%8OLTvS9|1N`t4yB$u;7bOLS(F=9hA;$75Xf@N^x
zAtTq4ihqew3fEU9vyMnxJGk&3Ph-G+*VE)dKP49LUnng-9)A)8w4AT*^X1&`f{X^x
zQ@wt(?>Os%EJGA(>$-w>{003}wl`S-i^1W2te)jZZ2|5j-Eo+sXsGT(h#CQ=!%L?3
zB`Gsn^{6sS&1Dl+TC}CoVA@bxWT!W@)4i-RuWrDC!M0rR6F>h=&0lUw`5sKvtvh+F
zG0U^_A*Gt=y>4|LnTxm>Z%Vu$r`@1o&WmeAL59<lw7xW5fV(1e@1-&w<l@*x-x2mW
zV^*FrWn7j*o<h$Izjq8fFpcp-ay7K9ME2Jb^R-Y3TUu{oViEmzlJ6I}b6seRptA%i
zHe9%GLoc4!kQkJ??@!S4#E4ck>nO>JIlb3*EzxYE0^csuP%}SqF6Y=%hIEw<bTZhK
z@xT5AWR{-4!!Bvl27$?T*<VkTCGOeQqP2!JT)tS6K?9#s5}d>+qa+Km@+Wp`&TbZ^
z_S`hhmU$VN8e+y8rs2_8*bsa~)bAq9M)=T8%^{}VmuwwA7MgJlR&o0PP6N8^J<9b4
z3H!{bB#8o04&HPb(5+uk&tqGrGz+k<^kW5QDlUm<GR<F>GK>)@HI`B-c{$N0)RW$=
z%=HyU<DT3Uist_mY)K@%L2Sv#!S;!3uH}RB?Q=W+?Yk?Vyg2Fne$#Itn-79&wZgvk
za_L^0T$MNH;>*<8iUIEg!5PR0Oi%OI3Uma%5tZD%n%<-MVR0^A!h)}VnvO?L_+xFQ
zi^GglSYGC&T9SRSfS>zdJQF6@t7$lGR-9$Gsze6-7hYD2XF|R>v1}cKL(R`f!<5+q
zvEm*YnbZuSvl<uClIUxS=@%T@?#~j;6mtQgXX*r<6lp;XM0)l*wp3^wpqXIzFcL4a
z4IdxaT9OOQ_UFQ^$om`e^Jm1nIvuCdf5+@GN_IEcFjXQ%<zCvL*$ufPTAN{#tyy9q
zTfp8JqF@^MvO=cly%IWmi~R*Hx_{*yk>d(y_Cl=(%Dwt{FjXWIEnz-?c@F*+@=YJM
zg8MNKe;qq&rlGC!&4|hVR%{fP3K}P{TCwo<?(o~B3u;gV6Tx@{BQeDY9uGyTkN%{(
z`8>Bld8~SCgVFB)(tWOj@J>?SS%E^yX61C04kqK4jQ<R|Z+=T_jIFBpWIMIcJ-FVB
zFrju5p#?exN2a$j&JSXj{~9;uAlAy8(5ZVr^yD2YStzz6r==NVzp!d`G7oML!2jZH
zca;65|1NMRcBNSM1vDk8lvfj))M{p*IjnLM7BOAYvgaeV!BhUmHs`8DH$D5Mb>aUQ
zdV5s$CWcFF!&VmHQJ1B*Gr2(0upG%NC$8OG;UFXa?RaLtOpTjQVNvb;=r?s##my6!
z)r@^Grd26LVzH!%%Vnd-Wz3m-?1sWFoXN<J7`x7!?)$I8KU=4eg)6mRCa9FVS8MUV
zq^ZVw8j1K925qYiDs3s1;7_+ZnhF@13>f?+ERDu<S`Xz{E=_yXoZuz#-^iLddN?ex
zyvylcRT*~wGK1O7@okXbz#-ZRHEAQQ3&xzrF9<XKb1-etE0?!ASZea_gy;xYzflsB
zi6sQm?|V=Hv{iQpvHx{svgNF#ca43ushb#s{UV1BL`QoG%Yn9Wtk}aL(@s(Sr%V#T
zC<SOD1<_X9wS>3an8sdUooTdkYZ+OCBF;hq&_xESqiL3&OkrbKWiga2MYGL_Bkg4Y
zETzDjD*F8SESCRmcFkQb#E!?G`(=yIKw87C1Q^1Us2v+>n<12_nU7S)T!QJ<T`SHO
zQ|?TkLncxv{$5Eu)~2%}my8#eW(u7HPoi*&i%*B-V0g8Wla!ej=L63OQ4vD6gQKG1
zN_3wX4BKlWIZ4S}$x_kBmxYP2ZR+1!^|v>-Vn2sQnLiipdHXc`)QAw%DYUX<RsgA$
zVrZ8Wnos8?u3~R|s+@8+wGcjq;Mh=NCL)XYP)U&DL?fMJ->B1)2^_k(R*Cs$q2jZr
zLrmv@mC?HX(~K5Hm&%c;G4k8ij!`{exvK?lF2DXwW36PVoKQl<<Wc%Txj{O7<XrE#
zt5+u6d@2QsWyj#OHKw#{)?&j$Z^kgI_2dhu^=7;^>~c30XontK;9M65?bh2Og2OmA
z-j7Xk1IEL8UO|pP<DL<w)9<<*rgO)~?mM^`|98mJ)R?!RdQNuE5Bt<h+fRQ36-Nj}
zw0#RYunWdl3>2nQ>p&!SoTBM1a%2dKSQZ)Jh4#|?17}esyZuz&5*%97=KmGHiV6yW
z$IS<(ZdEbK9O%kbE@4}cL^#R=4pD&MXr47WEH<t`a26~@v;IFg$0$HxsBew`2PZH0
z+4i;6dBkj`kmh&SIEO}th-nI!D6;*5W*6JVJV)hDk}q%|C9$|cOq*IJp=pZdi1wkn
z$g8-D3DI7k3L_%{+4ewQh<r~qL39Hn?1UD&)k!wBc+k?q=w#v2J=e6hb+$`4%ejZ+
z=5f{XJ<R02A)|QhK3rB3`r-9C?a_b;-7e<8?k=NeZ`rrPb@!<*MY7e4jAn(p6&_>!
zP215z@*=Q|T~t$Kd2p#FCen-NwF@RJIxX!ALpM4MIt~Y@R76q(RD+eP5`Bf9s$o~l
zsvJWj>WQU)QHiz0G_IC3iKQP`?Sq%+hWK)5ZsRHtTW{qAQQSust(W%BIqd8x$7^lV
zJ1*^!Ij1@IBwFsXO;@TdA)@f^=2Hx+XsOI-Up01XU-lEpHZk`ubt9C#kTx+OWUu2Q
zTXLB%Rp!3-8n0F6OFm0%FUa<-8L#KU3)%my8+j|gyA{x%(^)M|v3U!x5Yp>zEb|ns
z9#znq7NLj{^N|5|)VFOAvOf%5s}RE;T{!prznUMA?WpT06-GnYj%{R9=gyg9BY%me
zlLFR}feWgJNf54A=CO9zCzV!@*0GJhL^&z`pJq4Kd#36xdE^yPjsK4mM<~PvB#-VF
zqZ~N?vJ1bhHYADzt5w(=o7;ennnhLb(qV4p)Ss>iT-nO0{-&Q3bZZf9nT^{8T;;O`
zd?%S1^ph-IKe=S_F?e@hS4;-Re=rZb$Kao`D9S-}XH;XPSulx~nXdPv@#|a$3k~uO
z8z0qPe%wdJLtPuDg`e)6ExjC#tT>PUD9QtBd+(EPwMfw|!VAkZd-h3Ey%ZOnq9IG>
z%l!TJ4@?ic<~-L-L}ZeXrKrWFfu!rg#{?Miey#1Jb(MXzhTH12X5**!c37t4r)&=s
zFR}I#qvr?@>*_hBKRmU4IA5&!VQK7f@u4~%cBO#z%=^s|*^XU9baqxzw%_7dg#dQ>
z&Op6-r+0}wNu@u_z3EK|X)oq?rs@~Gwc1frkeZCdxdEY3wKe=7H5*k$(8@2$xYTC)
zB}*+go1b;!Q~YNo$z)Zjt8m}{2czyMV9&Yyrdw#Xgo1q)36{#%%Q#rx=&o=-UF}FM
zdFh7XE~%!p8M7QGdx$i}=rAI*^S#Y~Cw*_l5XB;5Hvs*ac5*iTy>UElXcI+KHn<22
z!N;Z9pUkT;$UU3aD*sf<R#ggrPMW~n|8D#rQ-xIAn_tsg1%&rf-|z5Bb%fH}PFG`v
zvM-I<3U;?ewPx}w^?Isq<%8*p?{cGVhk1K7;%D|uzF(7~$>x<+s}}4Hk;;ano{tm~
z$hP7|Lk^7@cb=Ly-kEg6A!eb?&^zV}nYX>H7Y*k<dvNz-<A3(ErKy@0da$(~*OcCH
z`?VRYBC5PO5&kr9FCb|(3w*!Vih3K3mWgou49D&YjC!|QGXJ^O1=G*i<<5oqkpI4h
zuefHgiD01k*DbWfSHfhZCewrer&-*_!Mov{6YU3&^>IBK&Bw&HJx!ZR@yUubo2IJu
zT!D`Uw#}oj9aivfgNCYiRg-I<@I<lEQ25A=sX>TyQ5^;Ol#3XpL0cVpAoQad<mXkK
z%2eX_C$g}fv&IJB`8Sz9QUKH4N+tGEEr(@Ml6C%*G*@Md&4-p-c3AUFo;(Oul0Aoe
z#$lPk5Pxm)Tn+OW(}(*3FSoiPPLf(cMUZ;^n#{s#opnBp_L99a>E2hLtx?K-;vUsB
zgl7Git=q#)P_|}zj=<E+Kt!^wh0%~qS0ke_d~2g2dDXwF$%^POma+emNbWj(UFKth
zq!<S`R<XibJ1*dBU301Z+>w2s)c0J%68-$eKIfD2O(||_i;ikfXH_m`ct)Iy^Do(X
zrQ4l{Ztv@#!4$~j@7`)&Mpoc7azy<P9`){G8Md>h{6{W2_bYuj?;b{b9RH&k^v$vL
zU*$x^k$xmWS&NimN8Bd$Z%X1XH8!weO1*q1t)k_R^t}WRO&T}p=ppI3Tl%RvboJ2m
z+>QDc>dBku-b4i~GWOc`tUl{Qz&%)WVQ!&?A;URY(PrdgeinF&?l(*zd2C7D%QL^O
z)<RMwje7cN_#VU~QY?&;-gpdg@W*}EJiXSu_`p4MF5I%L`w#kJ*Yb#y(%)b)eV}kZ
z5f<g7$~ARu-l`s!?TyFW8B-Jm@DSf6F&(^6_~<t8^zC@+iS2d5#lt*P{GR~W1t<E!
zXUDxiWO!(p44>T)u`<_i8)m$tIm591yO)*^(ejV995CG0K0(W;Xu038`{~b5EZ>Ba
z$dl}5h{<QmAAWpx1b28;;#-eyO1CNh)b0oB^W*7^R|bV=8ScgEli;)S#LqU|l_kSx
zAM|DARfa#PJxI&JB=qcKybsfI;5*W@ze)Wd|9d>i5`crLd?GkcKE!B-3$QaG+yaA^
zL~s#qu_l6B;b1~|3fNK-!ENMQu4cGhJ1sp9o(i6Xa0xsaiQs7o4Jbgm_FcO;xC5$+
z62YCYDIwei2WKUMXTafv@Jtv?2zSHLgzzjFI42Q28=xu?JO^$}2+xHZs}sTVlK9Vv
zB=C_*;G>ej^OL|wCxMSi0v`*B?x8L4Nz4dOBX^2se{fKEy#YRs!gm_rXA>Tp-Pqmk
zTv9jB?*(+6{f2SYDj$_G`N_3O<iClIWBmB`9TaZ-&hx`ee#2*Q2B`e(+tTd5{#gpY
z*8qQ>jc@o&$m;}O^Q#Vu{|SY&ug`Bf$-I!mzrhJlPB71JB76tIH^<8;0yoD?0jJEe
zF@DeHsQd>1pG)B8I69w8n0nv>E@8@m?Md*jNdmtk3H-q%@FzH&a&sPgCJFuv1Ya_J
ztp433@*m^0XB+y<#wQ+sL=t#e68PLC@TMg2a1!{%N#K_yf#1w0*7r|I@b~cm;}gJ#
zc(jjsJ^DDwIM5Q2qjFDMTWJfl1|os>U{nr7d~%nsr867~M8W544g1<V!_EFqU#lFB
zM1B6A_2lrP&VU?fEiF%s;cE+qf<AvF;_vkZLUN=R+9Lk0fUmWutE(4$K3$8P=M;yk
zKd?+a)Xs2J6+McIo~Be<&dxZBKj*}JNTA`gIG=C9vg$?iee)O3^Z8JfXxP``54Cm%
zz&G#w#np>y=7P_+aB-t=zL%nU=Pd)DuVK+#MzpYQ$(-ss-;xCjmd|hSHB`^3o9{E9
zyXC8CSme`8+^}da8o0sV+!=^J&o0S9mHLC?;!f2erZybdW;l(>=WFi@hkQ}lACY}N
zP!3qEs#;iAGiR=^vb17~`83VMrvN27+i2LM6Aed&=?{n09|<_j@omIzNvvi#t<UFc
zS?^a5*U|K=EIkvHQ^Vp<ZG+NiZ<p+EhSI1UQOXWh3x(xCX?v)rw7DnP*;*281=1o%
zkCwLfhN8V)N-0N_9(wRtT*DWE(nz4wkBGF^-6=yUk)@Ozv{y=IuQU=SC+U?2I%sHg
zv_`a+LZQTnLc!`tg#(vH!bBW@SFi<2+ru*XN8zT7+#HQUX-l}P3*(}+HPGDC?(;|d
zq4q$OHG`qHu-et!90{ytt<GR5!0JR}3J$lhDjn%xy>K~C(Y+hT?h9C1kl@!n{Z$G8
z$78WDuglx|vRvJx#qTHBH5CAN6)JyrpTWwNyvCQ)(X*Xt6&;(=v-=TN{+S#87iKR2
z#B}nr`xaJK8sz5<Wg`H5tD|T4H>@m&#PYMNmG&`ub|1t_7oXUEO#cw2pTpqx__Bl3
z=(7{hucvaUw`H#Qa^y+oKWd<7_h0ILn8DzN;bEhZJ|n*TtCX0YU0V(GY#+o*`$^=#
zg3_zEx1RX2$~rv%s}1yQf62<3C*gmifu7w*veIj?pV5Erp!Y7!KiGZ5!IH%IHbeO!
z062B@?7rpjDbhbq<!AJ4KR$R8dUicW=Z?{{efv>Lzn_b@o6Rr}2Mzq${qR7UmLG<b
z|B!)RC7^-3^Ca}|8tB=5(2eDZ{olCf{D6+7($o8p8!O`DG@1QAp)AUcensialDr4P
z%CC~Vb@N<BeEv$7KkZy%`WU5uvvhd+>?HJWG%4j>mf`77OG4itp!p?zc=|FfvHc{v
zv|g7!y#1yp;eQLg;q9#$p8xzL^keU%{+~KLeO&I+|6ued`a@BQ_8encg8XmS`@ZhF
q{7L$No*$lnMiTmMPb=l}ldQl07XSbN|Nj910RR7TD0YOH(EtE2LN@LI

diff --git a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
index f673240f6..8c8885852 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
+++ b/lib/go-jinja2/internal/data/linux-amd64/markupsafe/_speedups.pyi
@@ -1,9 +1 @@
-from typing import Any
-from typing import Optional
-
-from . import Markup
-
-def escape(s: Any) -> Markup: ...
-def escape_silent(s: Optional[Any]) -> Markup: ...
-def soft_str(s: Any) -> str: ...
-def soft_unicode(s: Any) -> str: ...
+def _escape_inner(s: str, /) -> str: ...
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
index 824936194..2ec4f203c 100644
--- a/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-amd64/yaml/__init__.py
@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '6.0.1'
+__version__ = '6.0.2'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/lib/go-jinja2/internal/data/linux-amd64/yaml/_yaml.cpython-311-x86_64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-amd64/yaml/_yaml.cpython-311-x86_64-linux-gnu.so.gz
index 512f2245287c63b28515dd811a6fa72648716d3e..cfbb7c829e29cab4ac6e5f199c5e69cbe2e57030 100644
GIT binary patch
literal 724560
zcmYIv1z1#3)36ePfOPkQG)M_b3rKgnq)4-bf|SIHq~y}g(jC%*gowyW=MvH>EZw#6
zU3}m7|9PIhduPt%nVECu+`BME;@-Ra!?^v~=4+~NFp1M1NYjn~iHdx$q{JHhTE|`|
zCkIEKuKHjKn^;Mfgq@mvhh;wET>+vZZ2J&a7(a)2LR6g;XCx&2R9J{ls4w3-u5j5S
z0N#e2$rRyON4LQjWMmeGt^^>JdthJxNps&l5xYTkwRqiMmsb}LPxxQVauw(cVy=0Q
zrX&)%bpDKdHKO@5QuYn=YrY?69WB1Cw-LnGtkreBRHCC9H;kNh-srW-z@pE`MI8rE
zmQGSECKYi>ZaAa3f2e6deOasQzn*#Ayf@=DqcYh-H^t}{-#i#yqrAL*1x*})vId`7
zB+38b9|RwsT(J&!T<ozrhfG>{%oSK<*3E?9UdiNfu#b7SACA5_DC-E|op;gZmy61H
zuHiRc^?vL0D$JtEQVCvZP~9%PG#0XQsghZdPQ}H)GhDZiA4SX{p%m2+jQtD8n75lj
z!Mm{gO=T2410&nDb6y5+)F=j~UBoFvdc5klaAh@#j$PzP0Gn0>2lmCvt$AJtKR(Eu
zM6QBL&WTvgiCoT!<&Q1sr-@uRH|QtjsQ(M741lAM^WzOZ*T+4e*=)iGdE$ajaY52l
za(<xTDURTCRb(OYat`q_9q6amj*vOz`Z89tT!?Wx#W>q<C}wzr{r2lg9owAD*&jjS
z<uk1gnGa#UD$UR<htiuRqDJs_PxZ*>YW3+uw4w85HH5Hgj<Mcv<22N{dd>v8Dc6mC
zmgQ<U<ost$Wc{sbzVwCf?QfZmg)@uTqFtY@%~W3~w4vGx{pnAp7$^&R*?5#05IZn!
z+i`{3qvZ7!xoRSzqGCK3Tip6O;Hya(<7=yH)>%E7l8FxwaBnJj2p`|AX^x?K#JeDP
z6G&I}-lSuHIlkC-$PXIOb9Uo@^IJ(c-WGmyu*k|v*u?)~amfHjCfiqOt8VC&KY|7+
zc9fhhQdh2ayIp@AX;xJ~YN>^GJsF=KD&e}>Q-6)RRB<+*>~M89yN$Cq>lo<pKp!)M
zTI%y;*1Lunq_3k+Np6oiE3fu2Ddtrf{q`@1mF9)~e+m~kqb{ptD^WYi$P=y0{W^{u
z53~T&h2Nx70E^$^vx~(O^KZzLF~7e}=ZiKcooYu*c1=WRA10qyi&pJVna+cxkJDq%
zsjd)1%uFA?#a>JJjsGELIw<yV^l!gxa%ET;P`Y06i~80VcB96GI!Gk){}}s@$N#6;
z_nxnv?dxr3C?Dm6xTX~UpUpi==(7_YqJ@jp9uevNKL2y*pPu#){XH$i{^LoztTHIS
zbFnQ}88!dK;tOi87$Wl&zy6g0>0ggd<A$6ds2igzgh@=SWa~n%M_Uh0HHZJ=<oR=@
z-BX<*i2rKmP*3wwOzfrDN{}lK(>XKKd4u#}!lD%edZNbTx?K9Ybtyj}`?Q8A>VRa!
znkj(sbjhxm2vD}VVaRmk(T`JY%XC7#k$>YXy(QMwb90m)D-Pad&A#&A-`VQY3W;rH
zy9$RE63O)W{k)Bj_4d4cwTJ1qD03)iLCCZcu*G`gFTJ%P%Cz$9DqOfH48GyF<o^>o
zpd^)f)`>D?3h4FUHnO<dlJW1qdct&Yy=pb9BYoY!uftL9_w%TnNXGRF(S^%&lMjsB
z1NL<Gd_B8Zq(fOj=hv*5yvLQyk}elL#&H62V|~DTteW3q#WQ(>siz{OCzKdZFNUGp
ztnfa+sH?o#Yd|(5O1#%+o0;46{@3cb_HVGun7qc$E0>8S!f>K@zAGHqx$VCLF9!=;
zCm){J5ar+aj6Q2r@V^v2zP0f(E)FPZ;*-55Ziy92`_&*7dYO>~r6AgLW%IZ69S@_*
z4fs6M!#P+IrVZD+EGO6MR*&M~#yzRy3g}4)XNrUd3sawTGZ5dte0p*lNUlY{<vaW+
zXG3K#=ep#|yh-PpA~sK2wGwjZDiIZMz4@tuT&s)rr<V4WiA35FBTL)pmIs_CeqSe+
zIe=nQCjUBI;XdD0$h8;v0!nzIKz_@Z6lSM=i?d0_1sD0rqg!b)YLvRQ^sua{mUO&{
zO$OyKA8C|-V>b#_dWV!;mWq8uu60>A|89`&)+07QfNoRbO7B{~$#9e-4({E1`~FZS
z?i%;7PU}GT=tgpj2_&QQv_nKctZzbE-KQk)gKy?>?kYzc{RtYOMMwKAfTmmi<P_uL
z^N>=v`e9x0a<vcbiU02*6Gzh@t{m5rWlhV4C0cs^`DF=qt&=1Es~o}0d#abu3<3;&
zhOFp*EQ~TzFifD|_G;C1{n7H4C~GR5zxvI?EhF=qZ7BEhI$<j}W*tJl)RFtHkMhH0
zbH=^~zV<EeCevg8clWn8bh9(`=O}%8$S|%fC05$MMZgciibnyMo7F~FTdI4Kk@fXr
zM@MdBc$qX8gY{42lCv^)$Q|nH-0KvK562%m)NNm!icMo{`reE`v~oLi+tCxYU7s33
zwy^QlamtG$5Wmfxs2my<9LSD<vCNB*G)+sBr{ekF1BUvWPu1;a#uW&^ec@B>AADb=
zQO{4_s9;TP=f(a!>*7ZvXDKJyYn6)&ALfmX;^=`sIDF~xN}>X`=9QmI_8TwFck6Z=
zgF02ki04j`>{D4_pE~;-hvw-tpSo>_-_4r70lQPztrvWgoC*4k1R^f##&10D6W8;_
z-!If?wCgtxPA)JNLVP6MiShHb4HcH)Kbw!bHa+HAi6^~CP*JJ3TU}kX5gN4`En3qY
z7(!$gd(UL0f#2x-y3Txhb?sC<mJJu}%eL~G`7J$dzS!T_<m;pSgjy{PZu7UtdUci4
zqrIT;*Mo(asB4Ta5yGbL*{EYir@Sarab@n_dWpvptC7_<qc(p})2O8%Ns2BE{-8^+
z8bWkTW(&I3`g;Z%jekC+2j+^sOGi7^s+i_SX`Mtu*6GD<3Bec^YncL9v20$g9i@01
zcQM=iLz=;UUf=trAOW#z@Wp8qSTB=C^BcYL6s4@s^TQorE+WOn;zE_P_Yi$v+_z+h
zwmSRNWx2F=UcCYug%hMZ<8nBkidL=dW|}{hXnh&d%E*bpj^<S$+fmTO&}n(s!alXJ
zvBsaL%|W#;Ubpe*77SBSsHKih+cyuj8r7GIXK#M3y42sF8TAQcZ%ZiI9N&jvJT#@4
z?e|N~Mmx%NDr^2PV{8swr%~9Rb%x?C9Kv-1GE9!I)|}Mm{gfW)U;S0k^u6C_DYwgO
zylnOOZJz&9+w>r>iFv0~vsfhQ;Rd+?|7XvO;)zm$Sz<xHeCEFLLwjlcte83pXP@c#
zRIg+Mg%Z%~j0{&eTx`MeYer^PS|R7}o!5>5xihSV&qY~_zfTF9)bi_$R+*M-D6c!2
zo?`gA@K9vOn+?}aEEm9F@hK8G7l56O#ia}<+1RJo(_%jO6puc#k*oLdA+i%7a5ja)
zwHQ*oM1`0zk6@l)O1!F2@+%BqO|>|6-b@)F9g;I8`pm7LAI9KBai?wq*=-(RtEj0t
zGxcLueI|@kCNvKDhdM+juCd>yN=imTk3rZ$nxHo7yI%U)ya3-b;l6CKA!+<)4{26^
z5{T?M)ITXTAKe`sFiFKP{23O=(D^`#ev^G&#lq@Hc)fh>5#83`sD2-Z^eopSJ!4HJ
zgFTfahCzjjWm3E%4F)>3Z$GTtr^|z0-ki(;tqeb2szwYaq936UBJ7$iHTj(J@9RQx
z-|D9kU7R8!b$loyt(W@}J-g~AuZQ?y366#Z6eZ}|LR%*>nzYkkaGgHKV!!)iiJc1?
zeR92RB8nMz;kCgyR6k;nZ@+g@CML<+ia~1#!BsFFEP$5@q~L|a=`8rYP%k?d-4$JP
z6+@)4Cz~GWTNdNSOK25(#K%WW+q||=`FCH2(O+#k-#n?XPgpC#t>EdpI!m<zn<N1U
zWmPFOQL*o%!x&dqqr#cG3J=0#)ow%FE)v5oAi&nJU0KbYms>R>wnyJncIG;2d-iEg
z<^yO{&97+(^l0xg+q_UZ4az{8*UsF)CS~(Ixwy$B?U>6k?TUBxlEK8fV4`_TAJ6;7
zs2?ZO&2`(&m4B&hhumz@dQ!p**@AoUt^TOl*4gd;s7z=&UJYfd>cc-fP;xTo?1zM5
zQbtK9^|NU{A<cEVheE<`>TSQCf79EQFb}hKDKgeL5~h#Yo)xQ1snikV`<<SY0)B4s
z!w+lYk>do<3n8~!VLZPnJb+E;(4S`F6M6wdyW-}VdL%2;xC2g_Q_6`nezL!tOJiN(
zdg<s+-B^Kff3ieJs&m-tka;S6$LVwT)T^V5ClV&2Zyek0D8yf;f5=S~5LD0<8#vlI
z!r#{9@0)GiHZ6o*$$(^!v~$~r2dlE+O)uIvdpSA3Y)FjR+F5U$zfu9#@tfx3?Pg%f
ztew!j9XiQF!uji#66s7@DW4y?Z#Nf>9)R_(`IIAdv+p<ap?cJ^;3<=3d{#)_vU((e
zK7D0sNn=0dt7t_Xn?8+ZgYYs9B}LD6qau8UI_m|2y0@oJ-<oV1{bEx@W%w6jiX8*h
z)11ihGcTGCtBqXjHpnThKWA>I5pvYCKBHWnqh?!Ezt}Pqe8T2)oLW!vOmSiK(Cufm
z;JR<cO;Lw!#_jFWh4AgI0_qPGk_^qmxEad7yoKjocJ#O+uh6&qP)BQMjquc0rS{X!
zjTuD$HiwyI^|q(b%-*Mv$)kWkJ|?XEV&#PP(A^+~v}4sLP^5{4FU6jhLE7=7_g2;O
z1zuQWK^v_n2belckWr%(CI40xrU|+eFuVVGhmL3J@n!+P&?ZFL!uC}D9XC|9V~A-D
z5C`fVg3uS<Chv=|qu-5ArXOoy4r^tpFfm1Zm@9C7ETbWP{q$;|On0~PHu5?+?f8J3
zh~59)<AD?vXwvo1tNr|o{REfMriU-Y`nJQikd~uiFgR&KJI@7|@Mc#Kv4u;F9p_fL
z`eplS@k|(;mMLIM;}W!5+*#1%q0Q9ljdEr8TRf^<Vb!?&hRb9#T1+-?J6cREJ%Q7X
zD9~c_t5Mlw_6t#wN!U-4-fv(>Oa7QlJ6-}MY9+K=;%;TAUn;B?PlqwpRC&l)vZGg4
zIc5v0BMPrGjt^Ej<_n<7*Y@l0Bt~0Pk41tUpu(HaU`$~uOpHobK`PK6L#j-O)U6|i
zc#TW%c#(t~i{nnYG8O3YqYs1M3!t&f6+)ZkoVPXn>B#Dt4UJ2ond(~g%l(v+D)r0d
zjQ!v$(W~4KdXrq}U5IypLi%xclddGYe<sdBx(Zx6`cyE%JRdF4S3pD)_Kq^+SmCJ!
z8@oT)?x#`e@t@z&LK-NhrwTCV_J<ab(a1A_n+FLu4A+!l!y1=GllF`jr^vlrpQg0q
zZZmsy`Z3`pb4_PK?AGVY@3*N)?B9Tjd8VTT$I-Ci%d!hC)R8%4^x5o-gVbZ!(N+|@
ze|JzlT;Chz&gmM+-iF8(f4a#*Dm_}@nyThuKf3VJd!V4nMu#E&SWD*`yzb5T0+?r+
z)a#VgW01Q&{MqIo(sqEjR_{jRL)LPs$mW<Z*DX6*p8J;Ff6hPg)~NMl4427%^jUun
zFw=StW-rr^4WK$V77qRl4(x4}5r?;`C=_R3ffkhEV1gY@;z5{xF!y&B>^j;JajBmm
z9gH+;QL#WqUb5A}CrgH&ZLU}p`gaw$et0lx)}~^ij?y$MJ|+p`bY=I)-5CP2qa8fv
z(~dtKn%a&&BWVXh{2}bnX%x=t7p(%<JO^eDZ^<J;I&+!GZ@`4<wXE3Bf>;*67L|^q
z(?Z?^>8#Vj<w@h}F46?)o2Qjyceknu^NpArz?53ZZbZ6_QcaFZEIq2cBAOk(^dV`_
zJvnE6Rv*CF?P`y19TTk&m@fqGBnM`IQRCL!lcN@EdDMnScPR2Iu=i2r8KwxGU#0||
z@!m69zg4}3;mdZAXk+%!_vp$!wIw?LZQp+%lLey&08_q6XR^>#C)(KVO6BT=Hsze2
zx@^|28R==RyZh9fxL0~wp*D=Wej$f6{DHfosqxEZ`md!Y?qYrkvF^~jj~>cDq_Om*
zoy8xxQ$rRZuacKFDktrJ19y258q%i;8kKt-A{l<i@C@UHYFg2TcBU=hj!2=f=_a+e
zL&f5Za&4jD)&#f^<)UTwxyGAx7VHc?i(H3}E!7v|WW2hMW!0H}AN!|CM{K$-4$%ms
z2d;hI7i~OyFH+Qz1YP*JdBOUoR9)ut=2%()-k6;r`svNJ)Yy>qB})-};J8~|2EM75
zDjmDom)ibOW^eEq|NM+5^+u<t+WL}B-J<(gEv-F$Geyw<(OC8COXDJFm`qRqad~Qc
z_9ieAxCvihSb1}4m)8DybMj!XPymhJ>e5$H4_`hjG}%htM0?K(Np)~Ab{}6$`}2++
zan!G*1&~#n6m2Z{HVOKhm^Z02AyCPi9g7})$2$PAKMsKEh@Ipc^I8T_t_LkPm#+cT
z5Zo8gKhWxu)-DXNFZ2RT7iY|lsqH)fxc3VH<$dOa&^UJ#5_hOh0EN1fm^w+-O@LM`
zBDB8D_FJ&MG;h60YkyV^E!yis!8aEcPlk@s-e_TesQIn>P=`#OAo?C~cl!jO*jQLm
zw!4%C7^FW<%8U`M1GMsYw0yuIQ!l{I>Vp<WL+>sg0961rfbYl#NIUw0L9hKwyUQg2
zf1?OUgpvV+vCDvnkvmc>0D^{0-qOlL@$a~z0j{1yfFbT~l>82r1)vr>0YNK(PIMN4
z&%R|0kKWw76LJ86(t!X)?44CscUG|gOj>tidq;qr8i3$N=1v$rfS<f05CU$Ph5&(k
zcRXBoV;BGmj<_@S0O0WjsHFB}GSUKss&DNG(E5PgGXKoz14ufS0It$Iu@-k1vb(_`
zzyhN?bys&bez@~f1`v5058!3K158Y-0F%QV{XGD$wE;jh03@9N5DeWJ3kSGANC0Ed
zJ4HixI>2`X8F$bc03F?#P6!Yz+?np~gRT}iCIl4S5(BuQJAs-2Wbx05J4-?U?)Gqi
zoBvLH<Xv#O?(~z~@!Um-|IT~YySZMw!?ObTj(_$J0`lQ^3Bd;7=eq%D?v6n3jvyTn
zDDxXYT@Wcw2>a9A8Jq;*T<_>1cg_p9-oQnUA$R&909$s41)<gD&Yb|UJI$`Z#o|r_
z(cMgM0A&8r=eIXnCO0NI>y4UU`?%|qL^R89LJYXQ9_ZGgK8ppU7<fN`0|TF~dhmx{
zb9Kddm36Khct2o@tMx-c%LrG4bdy~#v?e~b8ucDl-js5~n$*DU-7*IE4-L80go=A#
z%(K{BB;V)@A~Fhj9kSg%wwm`I@?Dp{hfS)0+ZAMNFnyvE|EP&Et{MQ6CbSd+Th)6R
z3h4<C-*Dlmh+(bzad~}$Gh_HvC9atq=xIzANb2>1zB8@T=<X6+%VzVgJpq6N-CewE
zSw_A!7XZ-FCB(jAj)l2-EfO6HaGl+|VJ1p+qu$49PD%8|fWp2hH&X#XTcR%}6oxLG
z#W@f1+te&aY~f$aO7pA*03yb8cZsg6RWH6Kb_L2HlnNy80W{jZm;m5gD2aO>)N0mC
z0?<|JG6F`-v#i}&G@#1}7-7!8rVQv6=d!>70M<22V8lSToe|(s?|pU;3Zqi<dA^S$
zX3_f$uw_H_f_)K+y>8K~1JKdv#yq%T)=ECa1tfTLEda6spG-c=Ao2_7F#!OyW&)Vd
zRp3XrkK>b*XaxXm1(KxaL9+_I`2g8Yp`XM)&a_3Z7odp08?0bRzmIcKk+_F-!wgS8
zH2Z!l)ZdY~^3SKtdw{!~Ya@W(HeE(Q`uvl%mw;YFE{^+9Sd+33FQB6?u?GMq)xelH
z%+(2QLI5f{u?LtpBb5smfLMsD_&+XT{Bwy6knCRQN3`F8b;NITXJlyNoiq+LpF7sp
z#5-ywH6LyONK7mSMwFC&!~q~RaSw<Y5GG&*2-7Y0wd^j-8Vz9Esct*bdC)fh+7%!>
zW%o-&1rFe-UEwt|;8}g**vDIiR47+5U{b8I80Nn)2?LbAg_#fkxdaAeRO&VY<A6(|
zfU3I04Zw&=H8Ff3B$~a`z_^HRHV}JrwlyCBu+bg7f5Xh5eCW4G<kp_({?DaMoa+qB
zo5F1%mxf@6@&MUy-9a26%TnC#12XFqvjCKi?h|01V_}CFz|076@dE(h5y?M~r~qHT
zDf<ZiOFSkZ%2#R^Bmi0ApGp>#4sZkJl6e3Ggl~=Q`z;0#q)0%oQb8;EKactVmwgLc
z>Hj4j4*-}HwgORaRp^Zc9DAmA@eq*kfh*<CF_mdx@_@uM04y@l^#sOKRD47LBWn`X
z0GSuM0RX3@QLonh+arNn-6ud~0hh-9xnzEqWc+J(fQJ0SR!V?QwRZ?eQzhjKv41|@
z(g8T_-Zg;QTsHtnY9R4Y0QFAcHIM;7;_(C2{L!@$6)6A~h!PNXAWFBG*F&AxYRwpc
zH!pju0W*nIeWU=JsuL}MxVxqtLI8=Cy7NFz0@W1#{Wh~FLBL~%d;py|poKf&0XDg4
zcK^J7^VBqAH%zXvw_T6U=e(vlUE<)y)Ww?%<Xp#FU<nIxa6x67RLJo}b3u_Tq{(|n
z_PbMmY5m7VVvFBpH;(F27xGmnX9v57uOnBno0hS)8cYS)2>5GzBV8sW|IopaT4wv+
zPbXt%biLU8|NLxFlX*X~GLqcREs|Z%sPzf5(JQQ39&i%TlknH^>t0~+mDgi+4NtSr
z(k0DL)FY*3R4m*lR^s@)RBNwR!e20xA9WFw51alGnSA0uY!GW_6TPlUsvsqz<@}>(
zxbj>4OH1g$Nm%<)YtI;UnUA9^1*gGY_L;Z!_~)un8iDy^>&cs7hu>B1>8LOLR(X)H
zfHnFU+Wa{ez7}vyW4V9;*X7HDp@6}`bkzF@lwSmjsBPbMF~^5J{0FMwsMM|XCjF1`
z+d2a_y^eD5ufGK2J?6*W@p)RaDSsWknU`*YaYz|w;{?nI{Y5Od>Qyc~Y}{rQK$m}n
zJa&f@Y7BGvI##*13z{pG3KmP>ojTJOL|3?<j?E$)pLIP=l!B1BrLG?>qQ?zDFC%>S
zy@+0Q2Pbi4?!-$ahwHVdt2wA|xkSPO&%`zk9)I&xi@16^$%xkA@)f^7Kt74>FS0MQ
z;-?gE?4}SHWQ3rAYd<>CryXCSh#WTkre_MZFU;LBufauULE;@pS}75Qcw&n_!I{-x
zaQ#K(>M0Q_gck;KwIo8%xmpx?9*O_h2`iMM*+E)Qx<;E>9|jpc@V0J1=R(m<J;JOZ
zYiILVlh|V2lcYr&Z+BEv#Wmdh#n`$}LK?4|1O^z41i+fR<KZvR5-QVDA}qw-n)_sL
zJl)>z?oJ!Ob#cxsH+Hf4U6oZA<SspS`m@XK$xOEQS0nOSG3l4=eR)3dFKc-?SR{S4
z-eAp2r|>Vf*RCIEd1^#|QBf$X{my|yW-3Oq`8)e@ZsqknO^y!+>8zFfr@cxQ&pD>J
zq%U>~!7bG+)gOJOgW!iLqY>fplzkE5svok5XMGf2Hh<7z3w||E|F_jcW$JMK-o{*C
z246@*y)J5`D_-NxOMNTNOv&KPpylKXd>!iiB;yqmC(+9B8JlnMijYEN)&l1yB@Lk;
z`IvXsdgF~B+4yo*N)4s^P4daOpq$~D3VN_3M~F`L?{!m8KHmaO@+Xwppsw6ZOt5c)
znFX7=*4wODX}ADir-uPg^f!070+8+z(t^$rD2SK^SJlt(@8m{3xajV>FVa8|$tH@L
zJ=t1rqNM-&FzGJ;>VFB>dXKhb&DubR*WRYcaP21I@>%LeNC>isbe@=f;^S&zUo!U}
zWea~MHQk`+B3z$h&jWcYk>=AVB0g5H3#rg3di=NUx1ped$)(AKcC#RxB9>zz(tQsc
zZ1@5CGDknyz7Xj`%5zkfWDF@BNunkxPcr5!(3()K^f1weS0x$WwkvJbh}P?txAkJY
zc^DxBYas1Tu&$J=F*H7VtQhR^kybP6Bayn@o=Q|WdB8U^*3b(To7P&#UPnxn^_L%6
z_b-0rRw%qS+b-S#-=8LUa4(tVjp0lE??$_x)#0!WM&|O(qkxN+P!NQ|ji1?!hh<CP
z9KN9V<b=~W+(9@(CCQ#5fcZw6q;iSVWhNM@Opf|pmizZi+Sr-Xg`*s^n_o1q0k`|v
zZ{wI{tXjjI^UV5PFv-XZEf8W-+-kC5D$BqJhGRk`S5}QwwoYXN`CgC+^%BW6r&L?f
z2$_SFc&y8qq!U0E#lqIfa)SnlH!|1t=Iu``5keuR`LLvbbHAj=CPCI6zWB|Pd0zuC
zY!#K>^=8;R%e@l;%U{bz<xdmHzq=2%(jj1nNJea0Ybd=NLD>(;y}QQh_o0aFFz)U!
z=(gCf)3=q97v)@i7vgl<#UZx}IkAs<`QVbQwoL}qg^s3;u|{x)(C5Nv<!7jc3_y0A
z1zk*V*0}0O>e^SJl#8(zPT9+$*2rm2c|k#JcY}~On-Kd-#RJ7!Wd8YJxxMoX!KjK_
zn=#c&A{}R(yuVt&M0FI2P=qYIdgV`qzTq^>h*)0w_AaIueXz-L(ekOLTz^}%Typ$;
z<%sRjgHImGwJIAjjz0KJdeQP3ltFPAFBginSoi$U<JHGN0wU(s@Au?>J)o{59)hLI
z#TX&puj#pvD4(_rAlj(AS5^dtDLC6-_>{kV#{`Dxw5ndcVu)ahZ+O^!TcHFIj-ar9
zRQK`uN6E1Kua1)Il9Ane+6Nou=V};HS!Ge6J_@%iIYaEl1g$T=!q(ApE=GvUdsf&Y
z0tHpDVhY_?QBr)vZ<ytIgSX#+tP8rSr6NF96mE$jNCnB!y_WlRxw&6iXxx)RmY>x>
zq32wWZy@Nt9c@_SEQ)WS?T$;_pe0vIXt>`kSTC{3IsXFrf+xJk-Yht0N{VI!VJo=B
zmsF!>v~61^NiJwDD4)!^${kYinx@<u!5uQ22Wz0TYTu%+H3!9VS|@Z*^`z5~GVUZP
zLwP`56|4W|z^B)QHv&_nU!6OmT6b_vXImNhhJ44GPxj#Y`Ifu3qzWnzulqqQGWT2@
zjMABvAarMR5m}DaKOoXO=rM^tlCx6Ikkd3o@Rr9(;mA{Rt-cB2wL-XsR%jzm@W9R@
zw$1;FqgqZ>pkNTDf#-u%Mdi_KQVsKli!$%ht7VZ!bZBR@>iA_;&_<wnO7!GvGAjtl
z(KqtINFM?y3__qVQst4f<U9O&{DI5IHP4j-o%bDFr`rB}*)56QikT?^z63352xzKd
z`4mD8(eLmI{#y^rqUZf=+X)2VA{d0cw)T<qz{9J@@`gOCh9MOYd35$H3v4^jW1K7Z
zx$tN4!p143kpR-rH+Von_(f{&dy~7eLBu1phFuau-aH4ZY5S$v))91{s-zx$po9iR
z+<uMdXnrJpcJG^)36i0~U{1%RHnd5kWmq{hN*6)mY~VGHd>-UPkX8m0CLbN4?4Y<O
z0g|WWSrrQ5b%ksPP!NDiVHtl$TT0|EaX5!2IE_h5_2dpxsP3+3g5zA+Z?Y|NG#_?<
zs8!7Sn<uH1`!%aV6ex`ZPKvulBY62iEoJ`sEOlmndgHk>-c%dSH}US>oZg^$q&IZr
zCu{)EM+GF0aiC%`)rJZ7A}?vle=)&;O?&l9Qr;0y%p5d^8GX_FMmbDwoyYpKTrVHS
zZ)vRtv(L+yBfy+|U0JxhrdMciYUV&PbWC3$zj!hSsD0CT4lEVXN+YpV6Wa7LwC?7=
zmidhis`U<x1dApJ!1=I06t&XC@QP1!86b}k$x3nSX1~Ot@17MBj>Rqco@Ek_cKyoa
z^1rxOIYa6N;iUv=RWRW{BP|HI%OFlVLUJ-PAPwG4@&MYsS;6HxtuK-+g5FSr>9nH)
zK8v%Fqkq#*G5&n^cZQf88mR;!k6;?kriol$^3Kf9^E|J_yqgEoZkME9dF(!UHhDv?
zRmzYGXS+;U4+3yCOo_bq^MIVN{12+k90|wjmi*Juq5abeA{~S!9?e4bpjWd3^YkQ_
z>n0~-M<k%_o33+8&ezzAB+eVTNyFT85E!LxDtGlt3RoDN6$Jw;gt`vV-Dauo(cP|k
z2U>;)b`8%?J^xn=kfB`$LF*8?DkFqrXoV%hIApdQ_Gl-XW`w3z1vJEM{Tc_8W;D=)
zmO;OGBoL|ad~`t(#X{Om;iX#~{D!L%pDv==+9T(jaKe)$qSTsC>40JaNZ0fV5l%{=
zyu0ZTW%*N~d5&^5S6R=MbQtzc<bid_^B_JEHm8F#!Qk=wEQVT0ZOyVuj?(M9>u%@n
z0L%ujSrNn|L0w)O0V=0(E0;qGTK{i--+jT6Gs_~5F>T$eP91@{a#xV7ZTR6FaTS}K
zH;PBVLUkblAP?|slXItDAi2rC;u~66o&PX^O~&I$XWR2z9L7hKO&-fDdgwdH$vH9{
zlv{pr7Pc;v8`P#t4FdgVPvEllQMxv!aSHrb0u;5O7Zo-L@es+WILeop1t1XdX(+Rw
z-3x3++&6N#yyQ=%Dq28KLpr%-$KD7P=5d+2SH_g245mOSANFA%C&;Z{Xbvwk^9J@Z
zQ*>>GM=%@jN6C^|4OgtM#xK*7S~GWjdW9l;i3oJ8i?Km?hmL>JN0Aj6!<nytFgbl9
z*wmIjN*W?vuLD-|q#+MHa3RbMZ8fN<H!`Wil5SuOs3DBZCHww?l(&`a$5ZWC!ZA|_
zYx*i%UlXPz{*pL7OF8Ru;n(B3S2C@=BcEyMDQ%*c>&z6uL+4L{ZQwl9P<iC{iwB->
z9%*tMP8Y77a?2|UT03z}EY{DO+aUBq)s3X>xUEU#DTS>+A2yeft+mkCVN;k#(-_yJ
z8`C|N4SA+r1utkXV(Z~y!3cUMQ&c2^^>YMv$oX`7lR=R;J!esGL|=|@Y=oSRqcW-}
z?^9ff_2V+~Ilc%NXO3${+U>gkCVpwcLFo%&`CfS{*v;1QBYe?aoDiHkY4%qqf}Lft
z4~zC@5Zymuq9K_TFmUI4E$t_+>fehR#>ZY`ys_-gckrMQd1@aK*6^_?rYu7?;Xxm!
z#+bvYH6$-7rm=Grw{s{hJKvo_qx4Hh?Z-%cQp)njiP&^}nqu;XoQ^1phOO70CSiB2
z60jS5dA~_8T>!JA5EA&AS^*<Qeht>nY}0qr0sXS>7P4-Yiy_RdhonXvj9dQ^pxFF^
zowKRNy~^^`<}L@)?MnS+6EF=Qri<#hKt}Yj%CR)K-W!mG_eD&M%+pllXBX!){Ip?n
z^bcE1$*}COiCR3cvNx2|uOt1DP7%thhY-O7)4XXFEO~=)44Ey1d4MXwmWT%-l2x#Q
z{^H9<!S^^>6B-GFWfFhYkDhp8thT4=GQ`gIA<|=zRDGrIWFcZ;wc*QET1V4iV_773
zy<(E?$|s~M(9np4N<PbJP~G{-d&5a_i%ZdgoId~9^9xprCngVK$cm=ndV_cqVp;@S
z%bKpF53SHg4B&ysre9e!5P*weI25{jPWqZ;@}fMeg@faBh};HU)HnT>K;|dqMWzaQ
zCn{z0ob^c9L@4rodWe2KvMe@oxFt-ID!)N<4oeo5@l+|vzS5{z##o{>gW29$`|1Ui
z)fq18$7R}+EkjKz51!)4k=-8Qf+E-og-{#*x1=r@VMxCbBL0b@OCNQuDQJ?*+JI_B
z!$?FP$+_woQepHC*cO`43NoLudSz8unjPE-G0-eAKY_47B#nFG4dfxh;JRVs6N0(J
z7v(v-#RQcQhgrA!9|;a_6Lsev6t@l(9lUBu3E!(K#x~1b*4`U5xwX*pZ~|@6x6vn3
zss>-9L3%VoW*3>Iev}?SzmN)2BX>)ZGkh=N!fPmGoh0Y73A7Bfbv21X;Gk*TTvL&p
z69I$v7^Fb$15eEI=tFvp<=VHkin$F`W^{j|MI~P<kd#sDaAX%D?^RBfR>dgqJcur5
z{V0m5SROM{W>g<jg7vhfKvej#pY^@7w=Jc<&*!2PDCeV3r04AOLQA!1mcP+#PEwB+
z`Dq$T*HMpl!W4QpfVKu@%Nwq$u0X<8fu~2J^|?$Qr4Pj0fE6NaypZRt82o8M5xKAJ
z#~4%*XRpCl9*VSiiY;1SH1>(p?!bt%2xV|RF&Blc(*<k5Yc>MWQR~_v*h3`CVS%~7
zC@DyLjdQg<h&c59jmaHnp^?Bc6+&MLE6x4I`=93iQ6cuycPCQ|^(+!w)<`#l7-XlG
zj(e~n4j3|g>H6$M$)1m;JO-IvUZNle5d_P(1f6I(26wesMZQG7sy{8HiBf{l4CuV$
zyy3=j`V(aa=A8ILds1p>Q=*e*Kme{h{9<5J5wq5q4Wc7I{3<6JMtgQJ9-HyPWZbMl
zVa~v0d@eNv=xeq#-^FOd#~kKLxe_EExZO@#jkAEx+<Mg?8dqB=@{t<z09za~|Ea}<
zedS|_l<}>aD=Y1=v4Y_UCLA+26X*1Ma-f@w)j=_LkubTQl9!cY1aL?YG%HF?_If6r
zRq-038Zui^Au<=8A^ra<!sV%r2Ela2a%;gd!KUT7{3{~ln`3Q0MIvLWxYX!sreey6
zbvp9RwYd$|k;aefk?{?<m0lw)oQe<zFwgLZoZvfTLPKNN<TWz4A+SQjp6~I{fc=C+
z%o|^7*Ue=b35^=M1^EUAsaGaH|631?|Gyq6j=%#j5xizI5XzVOkt?SB7M_nW@GN$V
zd4eTmiNpS<lq7-4<6d=1V+(d5?6$SGxgO7V6bS3_ppJ3FANb8oVvsLt4f8!lNF8a0
z@wBjd4VZq-<OxhrhLkpP_D|i<qZTp*DRCA2s{|?axqG@=^b{dAjo~1*#36%TJB8E(
z!|HfYIk{V;95QrikFrw}0XxC-c{%sT{=3slZFY}-Md~%~FC6pAY!GEFr#J*{2-4R`
zHxf8<))wW7Sc=Vw%0bA%ks~vKReZ7#UNFzd<!`cawH%S`^^(tPjcGMOL@~J%Tcs`e
z*}qB|<`X=W@Wj+XE55W%Y)?b$xmK-1`nP^(*IOd;vdbiN;T9=^@HGN(u3wdrbh+<n
zS)vJ+n}wFIj+EOZr|^LNoU9L7+ZR0+$n$U{&fgj3`XXSRKxxjDI@xOg$KJ}e%^8+@
zTb)73tLuh{P4n*h+~SexEnq)L%{EZS^raD@AC2@-YSZ@`R|CGHJV^Rr2Y6z}AU)q2
zIst;TLYO;6?bj3%yNB}0T&wBk@68jfM3LIqhOb5G6U%Aqv)Lhh#*si{<Uy1r0>qjf
zqU^ez_;=>Z{1jK52xVnksYy6c4B)Ym4^gL8y!FXr^aiz(`huPl5p#w~VdBYQA3~k9
z5i5Ap{kF2`0^0XVZ9pq;0+<qg#v4aKQwU=v*F`y3Fw@BwoffsE=en?oe;9kn*@U}#
zLu}JP&}^h_TQ>Y55vd?z%=6ng7RlMtc)!xXn!<k{jcrCZg(JZRH1sDVcWYLtoB7XW
ze!~NPy@Ql9(L>WtSQ0l!hJmKz2Re77K9~odk2c6-z3zXf+GERSuP=dPPwZCAWeJ^t
zf7HkdjjkTzz~A0%N`USef1xH&32M#Ua^*=C-S(BN5Nu<fzb{K(LZrZu5%G@|9`?@6
z5He#XW?<3ss0}^o-biH3HP7QeC4H*2=^rJ<5n1ET>3P9T#6|%A1zW>w)&!Nmaw(^&
zRRlHhSo<?snca0XcL&>J5x)ngHvY;M6Jf^&z*h?m*PZ{n`Qu!mGuvKuN@HP%p0_y^
z*_A1gxRol$E;aO(f!39ZDClqFAS7|EXwJzC;EliiqkLZm9p0N)6t|od9hKDw**r<0
zF$%XLIm#1}`5p?OBa*AqMMSi3gK0x6bP;@b;6Ib8YvQ35MhI5C>G4T#)w(oLZu2M2
ze5T6C?*XuA#q<zZz!aBGRo?I=+s;;vee`1pxA9({m@05o07@WT2~vhtSz}%K5|#B-
z$-q9E1Hxb|4}{4udY!WZE{MN`e&tm#^#}!=RRVr}dk_tB#uEdB>Mm=1l?cEEut<v9
z3V2OylJI}J`mKOpEhYc!>(NnXa{~zUkit0ENss1dA+mX<g_IFLg*=g@3R>eK-XhJ1
zm7732FA{58hg%5-+Iff&utJsX-rwTAVW+qSQ$SxsSL8!sHx&|Fz|rKUOk!(DTG8si
zn*lo7BW@4|#uGCFMPAWK82rnB+K>w1v>#ewh^Rz6n2o;{oz>h*6rfW`<YB1P(ydA#
zHdaT%-hK&4m(S9D?x|`Wt$^xayfefGc-(`Udm03`=i`7pG{$!?O?d&q9?)UP2>I}<
zDpw|Juji^<Dz`(YYb(qmR|3yyPUq`Z%#VW<7Rxi+y9YibRY;?+HOT)Qa1*tZzShK2
z2wK<3J<&rPzFqNkH%NSj<DrUZix<+1MgHLueq>+CQcisjnUpy3{r+7kl2$UNqyF2@
zY-~npDnR(wT0eDL&{XX*lxB_x(`hwM3R!2#G3qNz&3XrX{a+Oj2xumMxnChco70ki
zzf6Mmbtc9EK`Ga&cZfRE>+JwA(9t8V@7F(x5TN7dEx0QQrRK61<uVhVY{sbH#*s+s
z^bqlSQCP#nN-ZkjoMi|!Hkb!<Y-V)Q#6WHS%AZhNakO_X662=%-opB;%CyF$_)uHq
z`(KX#RRa2+m8<J(WiyZ#PXV=krePp(ynd?fp@cbcNoya)*bS?}6LZYjl7BEt_Sr4+
z#V(Eh1>x$GfiDU<BCn-ARP7%<hKLw@jc6MDrxZM9O}7$<X%&&*WnT{zLF6A;ZoJOj
z4ey3mEyGKf`DqdDVcjq`yk=Dp&jVVXlK*W5Le>oONS;-a5GPuDzm1wSP&e~Q@E~(T
z`vV&3E}R-oc~ICR-G$K~PNsu-z$}ocG^;A0UT%qvjnFC}-_#Sb0b#fLZTuN|Qomd_
zOsj<iCS_d@n2+d+0eiIf{S#7>DYaqxZX%(>96?XfZkO6#c_i~n>stZq5#|YoN4j$(
z%vKy+b_l!>(`wj6(3IUP0&qFZm!j4ZHuCWA{~G)s-uE6$Vw{nQ^RvYHa@#1%L#!Bq
zIrz5~*p(bc4yP+1-Rj%rk$Cmu2w-u*n(1*IF@7mV^!fFiPViO?i@q0mXA5g+RID};
zjY5eR6Unc(@b{tpx`<{xFui3(1L=QT`roj-P6lQ|QTyb_6ncxMR#s4)QFbFFX4*UG
za5i|FGkN+|OIxrmr4V%oR6&7WG}ZH@^H)&NChkLKWlGuJ2XtBw4M7DTV-B`Dj}voD
z*GPV)l?J?Gyv*t>TcD``zP9gM{d=~vPo4vDe!2bHSZo`Q?i-88mlmFaY`XUXcZWEh
zg}&jlt#Hyqv%#v8*GBr>3mHj!>7DiItLz^?ry9Iy8-Bf#rYwl14*gR~LYtTU*_4Fj
za}ieW+i~I*2U)sw#{MEo`|yMM*Cgo}2+ITF560S0tSR4S;hpE;y<+Om2E9SpCPk?^
zs>+2@Tl~PI`$3xx+PYW<IsPUPoVfx{x1lAWcHxfRq12Ubl=9-_LKYx3fU@=p@LVp$
z^jWZK8;0JyLy%)YD7BUnGSA^z+E(cBSe%<ejstUHo6nu*Dedcd&aCYv`RHQom636~
zY-}SGF|z3kGejSFxRV8JkN?Yk$L)(idGLae{t2J_gjrUuB9!7k$<JA+Os9&n=KL1>
zqe|JxsGq)!J*?tOz!Zw*v?bMi&zwX@C{eQcMR9ZWq+#~E8KdZjt}?bC*8`qwyHf=}
zw~An5<jiC^&f#N>T~{TI*4Z~P%|_4k1`X!?9XbK`4$DK$+qO%5PEluVf${4B`u03h
zz)u%^lJ4GPkW8OPHNLmI&<5o}c70#t+}sR49$-jdaH6=(eRkkg^Xnyi($x1U@K$b-
zGL{2)^<V<lqpte1aNph1Yrwh9dz7VqH1*ndpDNH6!6QZXSLv&Zch`!Fj?8xt*B{4^
z&nMuezpHr0itPKKk?QX{Fp1z_;lu%Qj}xWWIh1xvnj>XB%^*(WLQ*q!9GJ&O^9SCi
zj}_nlEZ$z~u@{-FO6*r+5!d{R9)T^64h0i?eIu(5b=ci{Ap<&A{^*nv*mwX?J4vQ)
zn?LHHAw&EBKrk^v#*<~-)V=Xsk+Zj$LmtgViop(5iQ&ZPev#|A5`lp%Qj)x8(%8?V
zf&s?OjU4Z&2zN9k+3Vvx2BXvM!sso@3C(Daj$fwX^6^e<bZ7<1w0m9}A++8{o128l
zSW*~l9`IJ5JUvCuK6xmaw07WqeCnFppjOyJW_I^p=r>f#!Lb(Qnp!9;YnUsueoU4Q
zNuig1C9}_deICyX&yAMSHSKWe-Xq)|xka<zV3=r(kXYFwTXzKmXm`vn*Lcr;#Lhb_
zQY{%O<)FvTzu%u@&|LMV|Bz0Xum!^mzVCrl67Wliq)#Mo%>P^vz8*7`h|e4Pdq67a
zrnKK1b{%3rTiR^(>j79H0`)0CTJM4F=Z_YiA6}UASbiH(v7`M?^k8b@kjD)8|CQDo
z`L6*usk<NhyeLk`X9Z<oz&{$ml|6R?r)bASy!xwR3=uzjCau{$D=WApVdVZSm+HFp
z8{^6{p!m5ze>pa?@2`5I+nS`ZlSDe%IIx?fxfAj_WHl*IWUz_6Vk9YBm-Rrw(j-P2
z`@LQv#400pPrdqm$wwzI9Lqi##Uyu&X+Kf->c_W+@>_)RrlcGhTD8hW*b2PVdph>T
zx>uRe>2rbm$}6#hhnG~Yi@mKH;{Mx@Vv7#~oMW-Y8M~ifUj52e8R6JB_%bSLyp+@)
zL4Q0liwxl4Wto;TGd$TjD>-yNYwSt*a;+BIc<5^fTi;~v+f?%JXKyZ_B>~|D(N-Ht
zgRqlv2j&Fj+{a?y_&AEBz+2aOq`VV)ge?nuXcD&{J|R$l=W|?6cd+qSoW|qBhkUH8
zxARys!k%UksDhgv#p{E%RGi%T)5i+%;aH2n3*(DRkyxC7Qe%^LVcwC#qi$gaJX4cP
zI!QwmAzF*097gxoV?<;Iq1MU6!kFj?SsnV4%a<NbmkuH09n*6zm>4s3?;hB+rnt0z
zRgC;~@4Rq-k)la6*)})n*PQSG%P|ApTg*o=@e~jECo>Mq!go!|{m@oH1Jack$mHi7
z%LGtwG3FxGq<9~X^z=uAX-svbbB|3pOPS)Xo7#|Q1B&>q<u_tREz4K+N<>fwmj3U#
z_)JnBKJg#nde`biW2){f7-U6`@GQdVP$JITxO)pj_&58nRUL+NODPXz?#qS$Hg>Qd
zz>56hP>7@|HV)=%QRM$rI#0v6)47oG9$nS*!Zgy5%?ZB-KTcQN`}T39^7%`b7b7CY
z?OW_Gk9{hiy3ANn=0b01gFS}f_D|AYBL5Ve_&%?$VB$e_B`{k&(`dkz+7t1>!mj>k
z=Pkw3Ep=U-Kv}b+2wFTN+?xvLYA8swy(s(|kg`U4nm(hPdFHtLFfd)>7}LkLd8KQJ
z-(MbA$8^fb-6R288%{pyQ2Dgz7RvzTzlQNaovwK<t+KgN-h{ZzggE6{7pc3+#!c{=
zkR$6g?rPhIPwILOvtJS@bN4W8M(it})=#QzVqsjZ7!1$n_*76ne;H<ho?yutBui{N
z5VhjEJ}>Jb^DjCG3wE|lUE|G&vvH1{(73HZ=n;7)jS2aEhN~~9EmDYP5MLH}S;l-|
zbNcqMn(<eaw1>YDC{HR?CPk!_;pPTC3GbyrhUJ`!js_fVq9duUP@s~wnEDK9w7{nB
z#{dURd*6i9O)dCWW2*_R9MKX64V2t-xymtG-ZwrKoZDqkbXm<G==)gW=qAYS@UHV}
zM0oR~o1Y>LO?YU0#A;qOY2%zD6}j~FwUO%PB6QA*q}cYy(UPDUyUFXG4qr0Lm;3_^
zUKt$*fAh1GnrkTQd(PQK=8Kx;;m$;m?WxE3^ir`#-<hufF$b}-H`(?i#Z{ikD1Mig
zFL>y2<F`}z43wuDQ_1_Wk<v+26Uzz-*5rFD3O$@^7WTVeu}YyNCvez})BwX#bBDqA
zr!Ob}@-M~DFErXz2;NddBIr>8)I99tj;0xblT}@itV7B9g<k@(ibrljuEVo}8L2+R
z>F$W@uj?_NZ34l=l9hY|uI&A;>ZRQuuk|0obnr-HVI)p4XWY$dW`B}H3abMQIbJ-s
zhqMi;u`~s^pyC<gRg>V>WxE$eAnT4#t+6oEbsH?Xc|BM$$)Ru%7Hfg2tlNDd$^BG?
zg0DDAOm*Q}4$du_#a{y^ptD%sVLujpG(>xPL?-uw$7E!Gz7P3}$ryBMvW9^hB8iow
z<kkPpuzc8P1-okkJK6};OHFAbD%ZlPykii{(e2CtHP|(h^|ELPcQ7d&bN+ayp1yeL
zRMkx;JiNdyDcJO?lBF~Gb={`be6X2}xjVRr%P97Tz3jrJym$AFWNTV&=FlSLL2c3#
z<<6Qji@=(WmNz61_1^B^v)cE}PEEO9UA%25>GbLt5jvM$Q)8YmzyDyO#~!W=voexo
z45G`?oi(J3kyeS3_W6XWQ*r0`@a98TxC$Surify{?rwG~#)#1mF@|x?R|@Y3iYd3*
zXhArF<!mVYuhRx5e_J;BEML8%hFgRRoSHX=2dfZ=!a0hFtkKR;ieD)iCO@7R&Nj4R
zbkJV6FhxzN*=F@_2-16J$}xT;xL<76h)d5jPx3XW$f7aacZo&WJDj74F3K0u_jN4l
z9Tk_WR&LW^FCFp7tZZNk-y3o3S0DOX=CyFO`qv<oOP|G*2&Dw8AG`|L^=a!yo%EuV
z_i4u`SgE2<x*?Ql`aB=z{WXd>k1>Rz59{#I*xQV5`Z6Ayq*x~iw#X@48(9j|+VJ1R
z>{v+{vTeMN`;IA-eH10Dxx=b0K5gHGSOxG#ZHKN5Q<>1Fs5u&=r|YxZaK|nu6(W^W
zpA?HgIHKAZNZo#DMWc;u`lg<h)`VF&R+{q+ukehnJl+3FBq=UAx<V_HwCw%-1wqpz
z?%^&fkkY`bv%L?Ke4JK<KD=@r_=B$@Ut4z9A{mE}jq5EtQA_XRmefPu625q@Wf8Z8
zRZqPA=H+3|VJb!()}v;;1oR+<^z?%4<6N`X77;Y8m>+zlu#R12S|tDG^~NS)>(3J0
z=W}kvRUaZE9zwzPF>;r|jiqeaUA;>^1C<&}8h-`Kz%E*gHQy~hT$4}}5_2y>5i7SJ
zx^~EVE8ChId@4HbxpaKXInAmF>vZlm*z~OKk#mVG_#;neGW(0WDJ$KQG5_t#`B81i
zzzVbWulKFCB$q#on4Q6L1Ggc_bwQdg8mR1!47i(k@YXbbX;yP->i9tMF%x$z&yyFA
zou8CMhZxRH9JyIJOyj9`=3>%kw-=o!^_8N1gK9dstDogfmK_y6vK{lOezY#OFTPTH
z+|t;Mvfn(h>4NaDHQY$j>nbtJ<{mu(Pk}tPBNYA`V;AsrT6N-!W`zk<Nw{`esf3UO
z%tO?C?*BMvL|~igO>bGf)Xt^Xlvywq^9vw6yLG3u)cXUqC=qCW0vo@EY&{}t$t*H`
zka@;!3Vq*v&+Lh0@o9GR{p{4Z#iMpg_@oLvBy`BLcSB+WIMXv<(!Z~=IrHIvLAvLm
z)3W1f&^#9~!EziB`loUd;k+fLyn#C_>e7xV7k!W@cqln4<4aQ{dl`uOG31k#{_-HL
zqjO-U!^9IV7fG-&VM{aE%j3w1Y<H|+qWFE&ad7=>ZO3svuJvATs(%WQ9*<Z*8^uYU
zc|kV3B%%t?3yyz$urQ|ae45?B*rT1es~x?TqYK*cXv_ZLeOvSR6&oz3RxFb3b~&o|
zkk8B?750Bx5X=6y;JX?(#$9T}7YbJ310`0tK3pQC_;K1HnH~I_Yc~fdtmUy7ffkOU
zV+^PMxp!ec7}o?J#qgwXAMOS@%-nmNl9_V*hs^MW>-j>v(D^!*NhrQ9R?&4K?tANm
z<}2Q)x(%m3%3~&G0ft#43tg<!*3sp6&4+)_sMOaF>x%g755Vo%zZDGd<A%PLaEquL
zW{kb1DK~BRr#v%SJJfSb3C&Kr(o*|IzWDh9+qBX7-9_}O)c3bO>q5<~M5Yh2fFFCm
z4P^2bclw@-v#8a7fDd#AhZy}=L@9p{rKv~ypk=%4_xSx!wc06E;$6R+QiwK<Lqlph
z%3hz|KJ<EA7Tf35{B9a*9DK8m?=9~T@u2+m44k-cPk{fOnsuJ-H66*w$MA1p^M*b0
ztxLyq-*64e+@uFdJI4uoW@M{x3z2oGkkm@-jew%02O2W5)eztv64GcfbkJAk)z9t4
z%%Or7O`eAKvnsz8I<NZQET5|Demw;nKe>VPdA~yg1Uts1CoOI=4`~q0VbH^%$w$C%
z-#mfeTJ<d8C<_E(Imv}fOFXwLHgwF=1wCHvWx`5h$gERy2TLrUZ`^#rZF6F%ZT&xz
zt~(sA=X>kD_ufkoz4u<Cx9HJBtWKgtkG6VzMDHQ&Mi7xjqAaqAPOP@VvIrr{s;mF@
z_k91l&oj@x@637UJ?G5anL9U-qo;VPkKhUGyf^J@wGYkIC8#u`XUGB&Il;3R#X?5g
z<j2B?OpZJQ)4Zs~wveX<9NysE@5x^1(>6_>!s!Mr(F7<7xMB_oO&$5s$)6|G3@`h0
zTnzrCjt5S8c%$F`C$kBIuf%~_t?5YjzT4ah?J_0dZD3f4aB0aFNZ$pptWtnY?ipWo
zCQ7{g$KC&z6hmJeKg)NvQmwDY+#{;vdd~D5<@BG+wlw9Acu3Yt+d|h+JHwG@uu^)Y
zpGKF(>K&D<G>ci|gU+0a)W*}*`o9tToo-Hg$B2Uge}C&B?mnuN={K66NY!Y129Xvd
z8EWDwMrrK6A}yL{InP6=m7|7sYV01qWj2ms44;~et8v|R`Z@<mx2OrH7%fE{X$F0+
z=>5U>bvyL$Bol9i7i2pWT9x1Wy5&=7T0>X7@yp5u<4xnEFF?J;=-yev=x_Rm<znhn
zD{>Z}J4RFz<ITQ>fY$mZHvK3TyIbTntoG4@zZ1C<nAfZ*V%aoFGjHzR=mXaw^2~b{
z;%vex_nT~aJGO1_8F)qFZr_c}Es1SkYy|&n2d*<F405Jvo>BU%SJ?=+j6SXiJ$#a>
z5xO_x&y{z7B75ex_&G|AtJm~<-HpiVl!Ko2OS7|`GXL(1ZbpAJ^i=y{qom;aUE{iW
z+;Jv<)WCBk%FWz+A>V_qhxK2&G>u94hwiH0tbRU-UZQM@Z(q+rnhCG7fN+^>TgN$l
zFe-I+8c<F$l;2W0is=W*%DKeH;~oPH<_XJ2bGX!?p8TLY$A&h?hJ^AU^E5mEr+(Tr
z6p4qN&b$*x?S+uWV7Bna)V5pBI-2Urx1PyP$tawfTQs%Mw<1u^;=dO?X5k}uC&l`^
zkfAXDm3iy{dW7@8r_b14pUX`gL*|%j^IRm33u<Kt#0I6_Dwsuahe3s$iiRj!A5j(R
zED%3P6fZo9OBRARnurzUY{}mf;k8!a0zz|?)RAhs>|Mokf{BncUdWS1R*0&3IT%t5
zpL#3}dZtDW|IPzx`45piP63cLz=iBT=m8RPWI?^*{COx802p-|Y!rB;l#Ey-FmI+x
zGD*M($Xf72O#I(E^%c)8;`ryNQo?<zJ>f!?GB(|RKk4s2V}ZmQ1@4N}Fh!5?oo$;?
z0wi+@07G*A9@%9>Vwv$Q=v0IHixG$9vg7v=Q<VL8QuLt~6*_>s3`Et&@4q{VkSR4n
zIM)IzWchn3!q)M+Q{Bgs{Z!bpTbCFR`dxpwaEJ)P?U{rqMdmyGc1T7*d)~7o({iil
zz`siaI)}pny)+oE3BBLtD%K{kWmLA3jnGy+fW@v>^FM*Qi{mG<5d9OHz6YyhC#J80
zwFSplDWk&TIuBtP+TtAG^J_}*q^S(3Hx56KkNiFGiAE~iK!_C{c8G!>>bNUmagz#+
z#JefL>Ra1i#jIoKHGpJ@W3f8Bi>6Y<_>72}r=?h`0`JR<R;|FPR;JqOxQQBtQ-vCZ
z7Fw`+{tHX;<IMMPLR!h0d_-~v5#&5F4A4%agzLk1c-v}pFxvPQak&3&&Y|Clx*wlf
z+d07lu5jzw(4iY4$j+?*3cTV3so#=Y#%wWX&BRCnT35;78X7t9H4ZOJlk-eZ6H>j~
zp(phnvDw<q8o4&%ydmlndM?55FV+f-nmdc<h;jVYAIR6B8Uvs}b&rOI>im%j&tycW
zZ=%yOY0bqMY1Yh96ujobpTcsy=8c*ZqUK^jifgFTLJRgvuQ}|ic5?wUq?5Lb6g>3s
z2EJ#KU-o1CuS~yF3_pZkQx@QM7tp{Y0G1b*0X@5-1O@izO)1_7(7qn#CxRH&E98@%
z#J<s<M2cmK<>|t>Z!_V2rcxlmwE=KkPXD~6cjyJZ(ZL>|zGGkI@Fl%_GkS@@MQsXH
zsT9<pfKtqw(Pf3;8U^l$)?CbnX3cOXEY&DnGGW)TLFYd3L#*{U25On0${a<IcweQB
zzbk3~lu_XPv{4|B)&BPOOK$h(i|QmNVe<o&g%99T!6`-K<Ifs}4q8y$IlX1m%_!fQ
zA`?4&t%ns<IOCL+rwHn09j#-@qD7vPTkj8mp5~z7*L)!)43585NAeL$iq_+&Vb?ok
zH643OYYEpGR{LkvfV`g({DHOFfm~mCYlYbo5t5WlwToCf?lkZ~y|2i?%SSSxt7v^`
z>i58J55DygBhQE+ZoO>Hvm`yNSPjfr7>WBbTCXU-Q$5IquO%50z42scfoN0u09t=W
zcn#qtJF#MsnG*;A#qnQB?p*S<#mT^&@O;EaRZ75I@B2s2xz$-*h5*(`Hu!avRe5qh
zUr9z+7NyaFAG7uT-|e#qtg_^BAf%cyfHuuC@IleR@O~;0gt~^3^dJTPMiAnf?G!I(
z*&RX$?xpv&jPWALLnS|_L8oi-LPj<z00mykka?2FsinYuL%7CcZNN8I^Eq7q)Sm8S
zpZk808D_w=*{Xy6rjiK4Ka-Y1b&U(szjdd*enw6SI5NbAXy_fxa1zOHFb?H^z{Kwx
z)?W;B5<&i3QG!I$M$ruBu%Gf<-`tbdcX&xfey97qfQ=;^(guNlq-7yAPYzn~lFNt@
zZ)cXgv;w!Jvu1q7r9hQXQjj24OA^?#u*&~1rZ%$hQSk#_b+W@dR>#1c2J76KIFL`=
zZ_9W99<Jt!_zNmTpS7FvWB}xOW#FNo=AzkFSy}-4Ts%mIp}0;YBOBZ^AMwxat&^rf
zU^qb@A09u~J-)T7;#kc^Bt>IHG%1d_QS%v#HT$iSb@|cunOMJ5d+x?gGEx@M1XZ*t
z=T!xF#U?w+ymY9Qg%Sfwk<Kai9dk7u7=xNW8cFcsY#C5A5&F@8(x|6;&CGQQ6Io75
zc(QL1MRi7jx5o7ytK)x>dAN{Yby^2M__GmWh7<6jpXPu+x<n9{-OoDAT(|&z!^b)g
z-}`GW&>=N;=d#x0Y<`yIdyM)LdbFq2UPcEk`9zR2XC;ULfka{{@a7_>zNqs})xv2Q
zf*u@r#RZB(bJksKL}EoXYQ9IBu6@9Y1-4Hhh8siMNqUu$H4z6yH5Zei^>%FjmN9WW
zd8krDUR0c6KH?KL;D#%P1Hx%BqS#ni$Zr&Q5LREbxqW8d?*vuHgR||iLL~Pl;Tpx2
z@bYLP`7X(4Y}dx>md<X$w6C!nFSx+Zu1Udx-zIA!0&()*U(*6HjYs)q`wGd3K3dny
z2O0-TSz5(J(A~65{Y7c<oN2#PYb-H*DsCJkAM4+6(fzNUYKsk?tDVkxz0s+407YW`
z_?kBv@nt{BDdGLaK{F9V#MO!;hJ~*$9~;J-u<<4faYOQz57LI@g>V<~K@MHbO>q1<
z6XA$(zz$V8_*Ef%YFZI=#Sf9B!iU7Ai|bTxN`VeIh~RYWZxMwo$xhFe@&>v2xpd)u
zxzeB^gKz*+e0V4REu!ajJ(CvvPqcCz`R9eU^AKb!G&{7O5)64DmS0Z)+sg{6ol#3u
zh{cD;Uk~%0%|{bK6pX}g4C@sVt-2A_hSCiDxy^=v$xaq{Se+8YKMRM2Vq>^4E(^|=
zmG6{OJeQ2khBr(;2Sve4pUxkKO%HIFpA7A=z^!Y3kf}$KfGRb;X|KD#5y>B@)Ld*)
z8wLIoCxVQ+TGhM5PBWa`3=SaWN)T-lQ#}AThXH`ThzDXR*~pxUjrJZTkS*PSg&<|`
zh7QvR>kDkt(y^d{d2kgYK>7|l+)f`4a+%8uiB@EXE1YjysS#MgCe*Uw2FL(Q)iD0X
z2Hp^X6!yq1_WGg+7VGl;?XT3<H|y*@+;{Tjkge89xWcG8VBQ5Qml==Liw8DPYC<6G
z^)?5#pKG<6?;lx<v3po{|0*^_|JDIwz`<`36|_VU8cDz@trGiS&MAiu;31v?9JjYE
zhx>VfKiz$SjOvSH%yCU=nOfvo<QGZ+H&z3$$F*yi!e{u-LJXSet-G()t#5b`H439*
znR!fFFyR*qc82WmVX7VY0?#pj1%%}N1)ATexx9F8IT7-@Z+Loz`m>{$l6%8NBUV?>
zS>bG04$L$XtM@oQlc@VuX;bz!?dGx?!E^Ok;R+WUR&oqFu%lm}dfA_2b1;$l0hHwN
zfMfFau*!vm*DT=YG0Ly-7uay&I&L4m+U=};8y22fcPow5_~-+u7jPk8RkCJwrsP4*
ztQ7FWJ0@^+5H?XBPS$<)gso;EHp(dg&MiCeTov4?KQ!?{(KKKPFJPso!VY(#ESAP6
zaNIs%!S#B~^dMqc;KB=@rhUrdbj)ZO9{-&7+Gd#uqD!lFkpII-{EbyRHpNiz_ubQ2
zcgNOgn{f|=uXty;!Rp~S;Ac=4@T>E%YcpKSadn*b4qwf3i1^JU{MYjWC7%xM1Fjcb
zx+WL+@{93VGstNf&?`egYiu(7zhF5~;O<ae7cq8Fqz;4+vO?lr;b}a_LfHJWr&90Z
zoC5#SQ{g&B448%weB!+OZxT@@ISIEL6OtYevJBTbWx1w{e{+3OjGbgEj?@ro`mg6M
z$B}@ysT4ua_D1VM{%n4WzyS+VDuT><b8WiWlQOU)!;wB6K&rmc0lj47UB1(~y_A2#
zp;vpv%j!~u&$2+#lnh9ndeUpRC{F93H;$>+tvt}uS&;@LAD;uS`ZiD#k!Q~^tw}&D
zc|!)C>>a2Pnl?x-!%up66S8@mf%u+!_N}RSPOsl7?;zdLzddgfQSDX&juR}0iI);V
z0<pe(c!dX=kN2Rx<}o<f#i?P^fq!hp4h)!v>z4i`0*m3ikj558&^*O9yh?xl<)bfM
zwKw^QM)J1^4#`HW#IErnGiz?29sN(K0SV(m=oKt%b!{|-`gdj!=ZZh=cOOO2xh_DO
zI3LmGK?KQCk7Cf=(T1hJSXkrsu~gMev02INR}5LO?$ZMZljS2uT+OQqKE2v4#`NsF
zD){$amVwXT!CSmp;CT6n>S}yQd$n_lMnaJ`WjxCmr|c$<^{Fph=(RpAkhU6;2k+~i
zs)<NuhH!`DI^fIFUe0LLFXVz=U4&h8xi^d4xG(&t;oHu1{;d>I`Q-^mKZr8@kMvhc
zYkx6t^QauC`G^``gtfSKkrnQGFjdErORIS)Xx+_(O+LycHtjqi8rYN&?#2UQuQUqm
zD4x5%(mJS>bYJj+e{nSVC~q_V&J4BmG8y5Gl~~Lo9z+AeRQnLwpnagHS#yD~Hxd{8
zRkOe`R#&3Ny&u4B%?<+<8ioKCc|%ySxP~$Lh<AAP7x~3=P0Csa-+HC|qhppnO)hyg
z*zuLaqWy><sn`xPIKTzW#yr;1Ec38re*;&U`=l-huTdBf%S@%wH&wGrM&j@QZiqtx
z^t4O(VENcwc;-pI6R>zL$>^YN+GD})pHF*H=ZfipI96WjFDzqd%SLAESG5BF1!c|L
zvB+c4Pa-Fp<@~29rLlwz*F}YL>GhnD*DE9dwI@;f%{WPyy7@zn83+?<Uit3gxzI$2
z0(|h3Iy7q%k@?IAK>WM_Gk{M7nXZYZsB9w#t#*#{o$>x9f=tFGBI2;(F-)ceFn>RJ
zq)|>zOZ__wUUMk`s3QskY?JhmU^C+<CU9UR52V@EJp9k#son+tvDz#|ohg>cK`dwG
zM8wpaSV>2RdQ|*9XeO%u5y4=G6OXWT^}6ea_!4)O9QhUh$GD+GoNr%shihmkIuUPb
ztjV;fzTk|YwsH5*+{b|Rci-gPXa}=Io^!EWj!X6q-|<q91a8U)JyFQMkyH*M%k8Ec
zIe-mw0ypm|ZVW2I%k_5!&AooJDg`NWL>6Cmwfp_fd4}oYRXVizQbN7m-&OlS9URQX
zrQdc(z3A=Z?hxaE_k+tj@iS?ip6u`oB05kK>HEZ*{@zD)+Dul$WMB3sK!M2FsMU~-
zOw{4iR(3w42`()wk}r=W0(2DdQ}lHlWX?5qY=aB*TGozkZttHoXf}Q~p9kCQRD4uf
zoxIYp_c)F#zFDO)-<zmbSOWf&LqD&~KiX&fsrW@X=?EQNaRemj6Z7Fi#v~pwOkL(2
zy$z0}M~W#SXDfmgj-Q2A4_v;QisacTFHq{cY>K6ZNS~T*#7-xraaZKT&M6@k$0_^v
zX9xun-pHz-BHadcmSBt1SMg4{u{%N+iW<eIaRNz4E0KK2^u!~Msm@#Ht(b2aM^aOf
zayu(rn7+8yfy*f2tr+p07@_<leo>?bX>58(-(=#^Q7o6)dhFsm)>y@G>N`5~hl!#6
zKs_!`)Q#MZvt3#&aiHn?iqp39hUwD7q;8)@;WDtN<n%6({G@jZb}2L!sj?FjQknD9
z|416s5Z;G76$$W6s4lOYLK5^jRs;*L`)|gcDkC$klaKOVSQRW5^CEGMCuPug%c-$Y
z$?eVZCFG$fQiwEGaZ0PNwFm*c&2#*@ICYgPjqa^Ht(>}wzfR5h$-cuL%l#*|F{H0q
zLGU;(yh9~{P!`!%5v;ksQgs@4!M@eq4qJ~&xjDHs&JVU<S6zU0O76sbCb;sk6FBa5
z*;eICIyzK+dt@l6zz0>Mzq<Gn`{09$k=!XCxJp|@0DEqNl8+QQ^ReVbnndFv<s-qT
zov#M3BzN`+`+}w}+gtOGYCV&WuFQU$7x5tLs#kz&ldwy!smn{xt(ySPgjSm?jsN=X
zt8!zrvI6z)FDrj4rk_^&qHd&iVz_ryxiDj=6n&gZ$f1hhBfUPxcKB6!f279FK5?I}
zGLo}AKiDjPpi_CLyN~56{@bv@)|F7-zUuK^!Wnrfdu9~ifS_=r$c}Ue+R0x)STSm&
zpVmI<m^^jirZ!kYA`bBI4CD3<!}pbW@;uB_$oGp{(r8x26Xq%JnhfkB{7=|;={tsH
z;O!rm<WU@NPj0&ux_{P1JOiJ{{N3?d$Ab+?$t>r=tUoV%&3<0awNj7<!F+^~*4Vpl
zOLKk}mt%s=4EoBY*NmLq%KAG$j9r!&`Ske*>Gn<Qh8$x>J8<Rdk5Vl<ecGqfN1XuR
zKPgitLdH&E<#DNnRl_$M^#_yn7|xv)e2h?NpIfkA-}6)=<SJtiwBjh=B0#Ti3f3vR
zbK}K(Qu*w^{?4YcPDeasrr*y?aS~%LDE^iCpICgMzBwf~@|_s^<K~jU<GYXQCs=)~
zRxKeHPi@JU1}7pZc2rp~9ow;9g+DKED2d#@Ra|z`T(#UR8Ei=l^+kT&xq<Hb$+#i<
z3onfeH$Vhwnh%_%Y6GRedj~AnHn{6fB>wbFX?4B-{aotrSSba{w8gqKRyA2x8Tos{
z8`l@LVOkb!8NQpPsY6vc{;FG46M*{M#2L2xbnLXcZ;Rs(h-1xSeP-h*dz5<B<M*vH
z^c!jL+Uee8@_ae}-lWdfMCa|cgX;Zo317l^N$WAwy-WdE{A+RPqxLd-lvu?8nggb7
zG?oKI{y=L374d&(Vd!#&`6Y1H=+QJI`(^u4vasqcOfXOtS96)-*jKr4s6RpL_GxZH
zS`>SK7HvY-rWoZdCrooAiU8e_sF{jk=BV~xC#RL%!4SY!aO2rgZsBTk{dd44R8%l*
z1^-a{);G6P=GYu4#-TY!aqQhM4zv%y^~Ja6NOW6|Qbuv&Ak(@8snM5|x8yMA&|62C
zD&D;)>OiRv)~^qX35g{_RpLO2(Q6#j^2g3JmmzAD=&8gT8fe+(Dn$=B>W6ZWVGsFw
zAkAg?ZHey4v^-%f-bf_R8sl*s(Bcn<2p^e(spLq&M+YS)q+ncf4JmI4Va#D_+~~tZ
z%@mAGu7&)uBhZ9nTDymMPZMPk8v8aWhSqHq?G3ZBe4urkM1OBkS))KxE8nxD)U6)M
zaqd}1I$1E(K<4mUS(v2mong;^|0AU{T<uMiBs>9@u#R!TcLQRAIjR%8*w4AqEF-d%
zzw<DTxt9h#ir89SaRfhKucQf%5MF!`O1#v*Gjv(UOcS*%;T{d5!(cb>@A=mXHjmgb
z%s^@srXARbEr=H!DQ4*cV$M0LlcF@SwS+5G`LB2K#Pg5L(H!Mn=VA16BV~`{ffhSm
zoM>Fo18^FJk?zi|ZpW>fMsotG_3jK~X-5=UFhVfyZ45imE%!Pv>fNRlegZC<S*a=y
z<BkP&+rZf3SEpiPu!O{tV4KSQKSGfGSVGjXpv7T5Qw^JwG!MC(P~LdLJt*TbCkN7V
zU6ZFTZ?l>=UJ(0Cx^myIex&xT+z3CATK~@QmSbdx4Wk1)ko|VgUzLWfmOR&&t&1C-
z%W;&0d5T4i+>8>#KT3(x%&l(2i<ie@BrD&yCy6~t^bP6Z2$jSZXyihJ*WGxk#?ijC
zP$Dd;p&V|W>wKt$9Sj9b7TZ<T185g~C?PsVsVWV_g0+P?ya(^bA4~47bZ&zC++7qq
zta=;MCIC+$--Qw$FDmunqjA=6Xdd2fveQW7$I_$R!fq*HP~2O7m}00}CPty(O)FM-
z<dpV-@Hm}DvmXrxB8v&IOq1sB@br-!v(vV2Vt8Q1_=oyESC3mBfQGn78BvD0i;g%6
zRL4HR?*G?}ByK!ibus4z`lk828rGNCavvx|#jpnPEA`RsU%|+*cuKj3G}E0)_xu_;
zo8h!>0sI0TOZG~|$ptjAME$C9snlU1N^e?mq6%821_z!!aXR%Z?Hk0SDiZJu%=&Om
z=C-wdV=x-gH>jxOVD|L|eKJB!`r)~n7Y6wG#9xG<VH`c+!Ml;M8MMhtt{3x=zJ!^B
zjWs&J2faQp1OKMRO7abjiHuLY+cs(o9ixyHq!x)VXANv1c>Al$M$Ko8(dfyacey^9
z<RYAKOtB-SaSy?xJrfe@5)tD3FtcRe2J+IvM}<Zexq9Up7*QIeK5Eq{z=tm_iA5j9
z_v}3z+MH*~(32s<oIaF+W`q~bD9|BION@&a6^KuPbqKwu2Ufmy$b>}*q5gIiK4Q*F
z>cY=BFoRWU-7;pR=a&TV#pA;01gdmBiRsbLdHRxIOwoEdujElOJQ``RAftcYd}~y&
zWh0Jk*p!eb70n3GY&uLr$WxR?-H0O{)*|Fd&eLItq7aCXrOjJ(%n0is0aEj{b!T)@
z0yX)p^gOBQ(Kb9mS|}4EQ)$|2Vw9*rUmmPV2$ifw!HX6XaP{FcC-mf^>*Q@K&L|<&
z)1;&3nGNK-z(Z*XRB3w#)3=e*5DF;t7Jz803~VKwGQ#%6cp`K>-RRNmJcn8+9D#;1
zAU9s9IGt?%(zM>KFpZlIiqhy`Fy9~iP!YOdT@(&|C>;&<8fV1ug3kv>nmvP7z%__3
zg4okdKqC(}AoQLPIGK;3qDwCU5=%N{gngm`?&t4H(~2c^F=jZwjY`eHNYH3%qgsu6
ze(7c7p_K)y^iY=cp&B&Ie6uPApwOKAdlMdWZBH4xRvFq>Jk+_-zbsgj8O&U(ha$sO
z;I$bnYo}SSjXzY5u2q^gf$)6~F3={w#DlL02kkGgmIIR(La}Sz;$%?s&3f{^);hM}
zMdz2EPddl&5ana!=y+LXfnGI;3?r9RSYpO5E=t}gmOJCQkY@}}gf2=&Al{3wO5InG
zOxshCuCo-ViHGhl*1F}&fR+H+6CILZaYiYY`ur_;C{-i1T$sL)CkgOD3q>d(p-6k0
z7^O(Z*$!m;_CimSCRhh+L$xd|F`hJKMlmm1klqUCJ$Xj5&pdZwv6c?=0=_h7h8=yV
z2u*^vrve>s{VdSmzgbVj0F`5u(q+)f1Z?F;2OGHr@JSG&>WnIKV7{iXmBc7!I%Xa;
zBfT^`@S72Z{O*|D?hcKB#%zsPHBK8RoxNPwsWQ*PCw$bN<9YAhLc87j+eAGC4+Dk(
z=*EYx{yuFNv50g0{jjmnm|$VI&(Sft-(ZznESTrG?l8H~mqzL1%`?FiEtgBkSTBjv
ztA~%j)B2x(w|F|tCuMtCH+D{vJrma$ri@qcG6DQjcU@xDP*j}O;nR)&_8{xK&xhoN
z{3M@#-Bq99<8kk6SS$mzN)LD5P17!cZxpu82)tLTMW*>eTrWM0S(1vrBdrg0Yq}4c
z-mTEGyuT6NHXum*tMO!1$Gzt;{T+4-z~4T@zq$Q*tH?*qG*K>>(qltN+$hIOF=L7(
z>X&ZsZ-H9*hnnxqNNoRV=sITgYp+^73g)$}yCK?ECgAw4X~{?Oav?5}PS3q2=(6xH
ziA&?k>un)|;k}DzXx@<Spt(X`sH_3E=!zMM74os0ab0OX9=lZqKkF%j$ab~kld2j1
z3Frmwq^%vwq~hX-W^kZXsqqE%AjY7@UADu1w~b@0@Z*D@+$s6v>I>=Hedb0KsZ;Fj
zYbO`~4@G3(#km431aE3cTKfks{*bDF$+;=^m2mOn7f3iJU>o~KGce6~#}x3Su2fMy
zfIsXHW%j5ns~6)1yFCK<9N?#ZKgKugu(s`VN)D3y^+Xr;zSDwDxqj`{>)!pg^Oi<I
z*Oe8m9p!g~XQeaw4Ztl%%h7ll?}qeT6#!RUF%4>hdk5?>P2EQGFPf<EKQY}XzBV*|
z7cck;7vrBo%Y2p76lHze$4kKKvqvEUw0vJ3`&QmOc;o0k&$X6N6kT@fcly;5y=tKL
z^b^mjj#0n|jd-E^y2;ygYmsPy9nB8ud!6#_Ii=03TkiNm4i^8|n6N&<CbL+i)M@vx
ziB_?~|0311vp<Q}wTae!;w3!~dd;%mJMMBs)T{Zc?t!;wxQKL<PG#>s%Cl2fLnad{
zwff}4P!KU=^c79pjAd!lJ7fNKx?vOOkylq9axiP@to(!`_5Cj+;=&?kP~gnD{WqEZ
zl9^=F8WgMOA&21*`K_t|e<iNSIPY_1-I!F%X7Q*~nMlwAUy41wjt*qu_Cr4|RQXHv
ziEXt;wGJfr_OINRC%~R8mk}ku-3oo+S6Fe@>XG%4b?_*k!&htZJ#cNl*+4Z&?)Q^A
zzcCH5+W!iSFZ!tcg6}%>d>$`6*~L9s>!=X+ws*d|3=YF|3LiJA5L(X8+1^U<Ab#6&
z97X)BOOs~m&+{Z$rBb^sn`X&6w>h76`D&Q_-X29h+va$*H!14SBJaQUXxNk5D`DdN
z-^qMyBmQTX<b#nhqQ8Zdi(>oAnbO;2Qp7$nG+@#WORiBL)4*U5I5iXUp#lBD=Z+<v
zNUsOyKh}NU?93nF7LEcFa?n}7gJ{(y!|aPc1tZORj@5<zA$X$M4$N=AxX6zq`BNO;
z*jta@Psp&70*7ut<jrmsF2%oiHT-Be){~ZTyTZsSz8XBNR-Nh=r=dSoAXl~!4~_UC
zKl5?M#gnw-nBngQ%_(<Ul6v0I#NA~MH?fTzPcP&R&4295ET$Lf0YNk2hFZT>mlgHP
z)ARar=3Nrku9xgGtLsP)$&BV)Y{!gAflakU@$D>5A1uBM6y08K%PM&~@LiB)`)cjo
z{jg@wxSNBs^b1?I<)-B})RgG>bK^&o<ll(*5OZrG-*2u;uu*=mlp{Mm8_J(Sa(LFx
z3QAldJOD>m@NG9WvhS5AfA_WL6ly4QKD)~_XZHsOi4i$t$}d1)Jvzbthbed~mYfRz
z<QbRBE!`O<d720jGh@I2QJS7SV|Mcrpzs8Y))s+N^o)NnxN<4OSeZ(S?AOWTpd*`x
zlV}O(yCH{w*2C)Oq%E4#EzASw{KMz}9uL1OFKswF@$NbdbjeHGM{Zu9Uvu1ZmI-2<
zdPu3*AQo?`*F1DneoiQ9_Vq=xFp=>Sve^T6W4t!6fGSnc>;R>z^6-hxtGSRzZM6$J
zKs9d|cXr^&en>#0AS=JD_^6tU8D?opj<KZF(w&(5`&9$pDLq-w6!~MRoEf}R5_K&>
zmk~eMwh!u&XkgTYUhIVFzYAiorrgEreU_{{?`&jD$X#vd9i5A20NcYpi%pQsa5$~Y
zrCf{ek8@J5*h`9?P1Qvfw~u*80<U6^rcs+F?5u7<)7fotE)az$Qcl0<gkOG_Z=ML<
zQ?D}pAgC)B1*D?>@aw;ql;(>Y-cL1bp5lUELsbgemIm;y1Tk(wdzvl}<6V9IPi1AY
zSns@?9)@MtpgS!)cjG?UX5!69+$|JF{KB)A^yG}(CGXfp$Q01&*5cabji9eMIgJh?
zozu3^poS4~za1uo(Wg(eH)%}8#;XyM1dC^kWdftdLxmVITkqQUj9W9AO|HU)EeN6d
zR#-LZ&;@<-l55@48qv_&T-K<8^zx$xiqyVDW@QfsWh<x=mE;?REarjg9wYk4znHd?
zLX)Mr+9+&!871CcdP_0gz-tmH7pYkn_hngZ4A`%4xLi6FTio94SHFt8F#AdWG3yq^
zij0C{?g&JKtaMv#vwu@MCnFF4GnisPWLFR|n~UaDScn-;?KClE-+Wn>_*9+7WX7-K
zO-H3Sb8wO+tR?w6i8E}hy+^HS#5pfOw{W9@Y@fRqM^Cocm=k~2qbPBSLAN;JW7RK7
z3Ep^$&=b<aYpYqE4-IlEMOJP6Iku!5!UMgT!dkfH$#`TN)6#otL<6Ll8wxg26T)wU
zD&|@AeEI{+4sp+^$mH_%|MA<zN?ouGd+uMwEwP=e`a7YG$)SUP^bS3;M^{^Lp;ZSF
zBC;&Q-74h<M^9UZtd~>zE0*`4o9dH{fd?k{AhlMymRrNGm|VKE_ZesgoQ7F!KJZAM
z$S|#VpCp9bC5NiBwm^T%-iQUpHz4y)=~v07rv082S5?dAe3O#>o42zQTeoyuuUS=1
zp6yBgA6s?xcn;rq0rr~5s?T*Jdm8@oHR^W4$fBYe{}-!G5!-323AP|0ze-6{(xp;L
zlm4F@%~tnB#$e^1+>@e9ca;nGQ5y3S6@jEEM&X7g*jY-h{9Fu=<ad=e&GuHG$3A;U
z-d*wL&|zu=ohWF4hV5dJ9aVL(9<GTMBh!Z$^$f{!xdmV3tc$dbw*@}tgS0>Dt~$!u
z@#n}JJ*|*?!fz&H6dd|XE=O*XNBmEHDVtw|_V@gPUw+%iF9Yr5cj`5aoS<)ZH!NNd
zN~df3T8b^U$}l<<TGnJUWAecL33Oy?ljNTSU$Zbc`HRv_kQ>c0_g{PUoXI)V8_oan
zR~zwchMWg~8|wDTC^wh9G+D&15{!iSg*wDb=Sats7dhV2+cMBlkKed&iKR;>t_a6u
zHe5HXV;ZHIVi0ooe%T^(X6WFu4&$vw){sEy7UKSMJO21Ryv1OaMe+4(?ak{!%i(wI
z+50Rm-DYTJm+GduR%qIOaL)dDNH3x*p1Oq@Ub<6odkd-AG_ig{({5$cY6~54N`Gh+
zEz}(tme{$TTt%@y9j}Zv$WUF*HL~hUH_noh@n@o;=KX~)H*7=Ta5IXFreWL$_lX$9
zs;~|LU`kGRuQuhzMXDAY1M(QQr)7sWeiHUOo3?dQ`IMsqIXMC{+h2Wd2kb<tI(y1S
zS`0_Heu<0KZT7hND(|jybK%71R~_J2A1C}c=j$|DcqLNyq2hCN_Mh;}{t+V}MH`C&
zs8GdRr@npYvnCOsouy$!E06xi9?PQ#;3GvPA}1XRXRn$Ep|n!znH?a&gKlP9V4!RF
zqx_1u<;!EAf}9y`H?6W>9>uW7QH4S5M1P_HJXIGKt;Z%=<83`Pg~30vu5=igsv~z$
z>Q1IxH_jqmTz_ZrZe2!<gc%nqziWJ5<oXC9jG6n{a9e8Y^yhu;Y0+)dt#whdv3=5!
z`|x#{!N)i4q2UJ}{}x`!y@cuLGUhG`1-kjHxUkov6rfx6vtJjX^B2!uyAfY?c;vp$
zJb7bbHF}S5Vc&R;To_-YHV0=O39oSfBJX)9uye;_z!)_dk|0M|vf{Es;Xj|`9NCNa
zOM&Zd*PnLz%a4BbAG*A|4ZqSj-y(>ENs2787-y`-_-L^y3osL1a;MNpSUk;M1)n8m
zrH%PmhdOJiJ&$d%Q;tq)!xLToM*;K=tv2b4dE|v?q|w0)%(YjsIiBG-4ODxX<Gpm#
zQqvhCi`6`#9loVGxE{(}ms+Q%u_)=wV1HYr;&&F$oMXG~8*&mYY8Rux`aCwEbrzcF
zAa23-DNSiPWh)Bcc~qm8w!t<)=y@G$dxki}X<^BvcHU;RXPt}?ru~n7fMtocVmB|>
z2puz?`q`5g#?3kU0<<8i_GJVwdnzV#w}by{6x3{2+x#Y_yS=<CR;N5b73OQcCqAl4
zN8|7JBKWtxjUTDPrOBq4OMGaoGSP^{`q8^?*8%(>;T(nyHUp9bcV6$8a^1O67Z@^9
z-l@c{rAnP4?yE0CY$17+z(zm06?M`Dc{!e`P-=9RDp+ZxlIo786Qge+*1r1AL|~<o
zZG2{0@yn_gm?2Sr!h!hUobM3NcyqM?bLjft^LHh2zf#32tUPb%?=4dWc|<WuKb4|3
zid$0Vt?qYl{n}IsovQYj6G)B1f9rzeMk>wuV^WUwKgq5~5Wr4x(MpU>aRFkWL^(o?
zQ!T%UoPciBqm*yzrFgpSzJHPUzc_;$cN|P-E`rC!;q2tOXC{kWLnIp|J?=DKZMu8k
ziR_K-twz@#B!C*i*&k-Vs&>9O{dj0R{7!MdAG^szn^>kn?db?qO&Uj3>^-VAY+5^8
zL<+5@pQcetByQ`CjuAV}6DbWH-f~T58Arn(#k*SMHX3M1CrS@xxy5~js*x+MQXl*&
zKZI(pzUo>DgKNwFTC0A}KOph><3Ftrv{ZfJ6?A6<bh19ouW2mIwA4vyH6N%Cw*V^)
z&9-#~jji22RNjvpc5i;FEAJ=7|8PXg1EpQGhZIgu$;Dke8+EjU2?<ym{py7hI2cX9
z-q6sZoMUQX!?`tkF=bht$SsV-XGSLOCc1@C^EJ@u_5IhLI2^f;{qXMFdD}1PzMh+}
zo6dt+LGmr2f!BlgOA`hwm$RmIalxQ-)Aa*qkFUW)34X}J^A+D87o0uxD~o2$k(PHC
z9&^}ZB=;wOMEGm5m3|0%^qiG{UMG^;QOR8Yjx}rOEY#_zBc+XFA%&$Q`0~XLb`BQ(
z%?j|184}jEIO8VwB2P9-AICzuP2KCEOI??4rEZJ2x<j;Dj4gPY8(k-=`8wnN(&V4!
zj{P|V@o=Am-pt)Y5r~S1@A@(cQV*b1vwZ3&f40-|#xl*ycI8+ZlSHS}d~qRZbRt2|
zr>xHWeEjMeH<)&?QOc=g=h!5_bN-j(K;O5uI-RB5qB|Ovv=!phoZ)+xux%yKR~NBB
z`awf0CS@23{QlN!S&`B%vi;8U8;u4q{Gx<rSeHR$aR9ni`60|6+FJQh1$ui6#%*Kc
zC_AwhMQUa=9IONkt=3f8e%YD&jNXhD{U9cG&3ZwBDvq$hNAdPtxq%TXc=|N|8Y4BA
zR)1_!6N4<ia?<m4$!9u?#;U#d6IOJ7^3U&8yeTCxy=`n35Chvp7zRLDvLUdAlkgsZ
z<KcJ--*H^Er8s$C4jp(HQOLA+_usRg9|m}+cs8@{_;#P_Mpvq)4_&j|EC<N>sQCJ1
zW3d@ky$gcihS>=$d`7H2_e(AN*B_-0TYOgTJWE{^5))G0NPucYi+`@Ra1q1>Z&t(A
zh=naEfid}?S|Zh++Qiws^ChmGj}KS*xMj4a5gj7x)kbYPYvYQ$ID!-|p-SYmU0plL
zf^PWk51gyuSW=S1<i~kF#!v{KQA&t*ytEnZbN?>%cKlTm0TI~hgZ~!=l_lzFq3qJ!
z<hn3Qm}D3AhbZr|4`x4Z)os6YpQ~uD)z3Ss(oB;gx6!^PiUh;sNrXOXf+riN-2g|!
zM=$9M|1JDgIC!}_Fg-UQ7u?0E31t9wsC4`=4thUpH~Q30r*4$<<6E(u2KByCGQ^h`
zJYEGs^Rafgc?HP#vtR30KBZ(LM~{X>)vD19L$22Qil@}8Yb+0@l@Bh35A7>&AN*J3
z?kANW$nozJAMgqj9tiIHGU7vvx%le%ax){uYisKm(hxsDB%wK9$;7R&QBQz}=(hw*
zSp11q>A~<S3sTn|FMy>z>E7O_+h+gZ7lUI|bPw&jNZOQVf8phu3{^mskj>}c+r=%-
z{btf&Lfazqp&He~%&b-27v44@yo`!Ap^+0GMk2j9<!rb5Iel<hqFR4y4kow7Lkz^u
zE;1LL!uW|#`7L2j>NZ!wa%=<=^Ct<{Xd8w;#)UV={SK(?Q*J`yL<LPa{5_zC#?_BE
zW#svq+v&}tXeJ%G7|p>az5JCrOZc@fLBD8^U1<iDLwMy=X-}&rAM%Ya{>}xYa1)}G
zqq?l;P-54ow>h>21W1FGZ1G=hBUiQT@&|02#yY`<KkT@NM{mMEJ#)n^0VIHa<C+W}
z&qob!%_Fd9-cOkl=0ENdUn2TIyCOOw;br<wbZSLGFX#2P7St)>1*xW{5g{x22EQfI
z@98H%8r@>&l%F2IXOzXDuS#Ecf2lKHwJ5f~-0+i_7Bge@3UhSxj#agLl+rme5FWy7
zu)rS~1BD739gc*>-8afKFpS8n2F#A@&%J+LdtkZy92jsDI;FEk`blxu{3%{&!M|>I
zy;nIBmrN{0E8B7EvynDluMTfwz_+g~hTkb$220<v;X^f!Mjif%H4olWo9(Pnp0xM)
zrb@L7D5cF<2^aq3exQ8+BcE!clx~l6gQiM^%${`Ph?IAOkN1`m1AQ){N2ARhJI>s_
zaS63_6H>Zk-CQ;2eX}EOojWc$z;F>XL08pWQ|lz8=KPMa1t(QyB;}_~3XO+Zym9Vl
zp_NL$s-H|*SzGmdf+Al#{a(1uo#k9z`pnzbljPGotkUf@i5S!JDb@mrS8W~IrC(0*
zr3AOr(5Vy)r1(0K<fjCHGp4(xA4J(yf;SEr7Z|KIel(v<xGEi0iO?-D47rr8MK~)l
zs@#Uh--P6|O{+Y$NIyMjjCJl3eUM^oTHIJP8PYvz6&a@gS2Fv~0~+x$hh&;zHe34%
zrU_>CUvRq94NhdX{#v~!q~st-MAe3+;LEDG*L2BA9SrboVbUR>8`1LOkcRD<j&AxF
z(A#ixUKS$n0g9J<haccwZt<<`5#|+)_CM6Ojr&-eny0D8^T7H+nX*hPKd#)LeTXK!
zf6=cF<EH!$mi)@>P^I@_{)l;jWO=YmXsju8jcOyD*BR53aq{jp=i8u&>mes-l#HUa
zpjsQNZkdC#?n6kSJ>9>O{Yi<4?P|-bJ?zKX=t4KPgem<G9v@GiarHp|cyPU#q>M6o
z!+!V6E2@WOnSsOTLrjI7b^FVT#z%kPcLDi?3kr*K+30@ayvHHx_Vu}!VQ&_?^++V$
zZ|Ab4%kppYMrn@!Nb^I%zfhM|%zW*k8%|{A#)1FQ#4~ulHH>aAdcQ5}xwJjtKFMDp
zSN?jMNV4(QY0uEpfqPrF?fQH(lent)4*rGIUptkQN_+@RD84aR{uNuBiaLHYu??`G
zoitK?DF$%#b4_Xl?l*qvRYh=9R3{4;)~Imh9IeXN{gNrpGYe;MkM&0s;aiS(*Z-$}
zU>7KPprHQS@6UqbpA)jEJBLm;wZF`Y)_-w@89Tw*)_A}4?6t0ARE&gqf~bJqcqqy9
z3*wb+<G>e2Z5Z95T!%tG&PU6d-Gl*t#J~kb!0nK$(0xLW<}zi^uE6i=Y}@V2a}!4@
z3rb`qfhs4M%sidWWPWNSerCa}&)M`Q-w-;p)NwE$qIvREba`d%ea26Sxme7u%v}7|
z=o6=;px4}Ek|w|NVzrQYpSY_zOW+Q%9bx}5RR>;`jrjVCN^6)PKtsNfajEF#t?_#v
zjg@Dko9!bB7QpG@^4NYO;>piP)daFA_Mo*rA%szgOrg-^NDjy_q(MCF?YhiyyW6Wd
z%__D&x@j^|cU<YI4Qk4l&QYR1T58!hAz>>L>!)8<skZ$l&eyML5W%&-D9z7r#Q^@4
z63_HB)^c<njdd=KJ^N@RM{Wj^^AmdPb=dGL<ahE!U4B{W#Z0`(z2~EmaP>x(tJ(^S
z&#hx#9+7*iQPt_j^e(nv3gJy$3m(Frnwu&IDPfYb&D2BfC&Mk*bdO9{BjP&9y^QH8
zf)O4dpn?I#cTS$S*cbWX+A#odB9mBwZTF!_rn<4<&9q`Nl@71Sv!d?x*IP9%tBmcM
z(plq4PhK>{!k#`jYw#6*al!pN#UPqy2P$R64LuiCm(SnfpW02i0ya%t0q@J%M-2(?
zv>E3o>IJ)4I^q2K<ioR;&CmUU**=<$K~<c;w>QcCB0Q+rlhjyRMSjX|<$%O(CwFaB
ziLd^(zQNPAO5Da~ch&Dr@s?i_<Zzh_JA*#cB|K+63^Dq9a$%l5G)4}3Cr>F_hW#Jm
z_<a2)cqZl;F%W9|1xnNz6V7qf`}I6RWiFC!?1X#x657pTa}s?*pVQE5<s*1<penah
z4RzekiuV2j6^j%$1bJ)9RwX1gWJ^Z1CL2867W}ig|Hi4FOf-r$Cl@l)F8C_D&0Uf0
zV-B(58~7Wp56|t_g4N^8HD(2aRB!Ne7-s*LgSzs`?&%6N3k@O)g}%Q)uN{6}w)?#J
z$NzOir`<Gx#^$%rhl-^863-mwK;F~btz=D2BGd-O_Mf>YO2HpojK__e_4+Pio*5(O
z#`u2Q-_Y(@$t&WEt9<m~u@fbK*0mL3J=zz~VSM=AT0*%ztIff~b%0<}2CPFrSUxLY
zngSHJX8dPX_v7&y=Q|fkHWhB_sSmZMPX-3Up85{&p5?%?F<5)e^em76nWr?c)wpJe
zt-=f_M+<3>N{B>!N-;-14*IYbIAAQgoQ_U|I8U=Hbk}t}1MWY-Zl>-*t7UF2nL@VX
zC(ySsk$;-<sH1@jBS1wsZ%H8A8|c2SRFd(9jUrfA$`Z+)*>u9p*V~or8FghPLoHdj
z@Eye^-a&U&DH>;#SvXYFHXUhgFK`-iveXJC?RK!9=*Bn@55EhIeIT_zC>wQbDyx_x
z6%r1G>h@SBA1>!>%JH0QMDSyD%GrNt<v&mZn-&2XcIO{|@^y(Yy(Qv|>o?eHMeL<r
zRJ(WH)^d1`q8Xw;s>w&~6&in-n7mTpJK81K?@S6JXB<y%_uFzfCKKIO!gyr-y-Fqw
zXmWdO<J|vBNl`J(5_m@Z?eRW|UF+q9iJ}whz{C!B`u5pH_K<*hHPp#GFmITCY{Yf$
zVlpjqpbw@)O7w2Go6lBl@)G*5h~1;#P$|X8ko+g#bcXov0ITYTpP$_l_`7z~yR!OT
zJ$C8IZpT}FDV5y4TRYRy!b!n=U<z1&|D*MEzPCfwuI6f<SPrT}U7}eu!R-@@7T0kt
z8F~84sIf8gb>~_&zL=)yat9zUN#M`2hw`)#*4-1BMV}vq%!@UQks{P&mtUMRsDFB^
ze!yxI_VxU2l-=6O6IEXdi5kxjE^j|o#}$!ocrfXlklog1J&qDPRP<dc&xPc#^OSiU
zg(v5b<Oic}#n7nJSQCV@C_*DObLCxz=`^wSwTI^nqwgTT&B-p+@3hs{69>wtr?G!2
zVm4UH|J0@Yv~`GYw%k8AY+wDjO2?;J<H5Z_XEJqP!me!8Xm2$DotKPn^=7+D1hAaH
zVi(UI%h-$#J!$ef{&8jdT}L7yD_=K3lroZ_-cRD{?m}tcL7qq$gYW;Tt90}-!6kd(
zwGOyRw)wKA95)pD%gq^?F@I98kS$UTo4?gRyviMtPng)Obc>dtY{DB!$U<7DSxq&l
zu;gc<*Ete)J+1FO|Nd$DMY8G?_PmeTTOgjhr`%_$`e$k=D?r6<>tLDKO!SX%68FwY
z>sImC?QXxt{t5Bm5q`nvo}6CG)?A;h>L?zTtKYG`@_ON_3V*y!V<-O$Owno*buG}^
zA1T`+5=(C?^5qratwaj>ETE#3K%@`ZDXzHptc!JJx;e+U;JfpW9m6^SL1?c^i>>jB
z+~TlsN2d<SwD!}0Lj20JAlq{{r*ZrLOi2_W$AuO_^+r)BT$j3!=h>|<t&Yrjvv<VS
zCUv?R^_}CHw~vMx^eS5YI!mq!L*rHPM4=Y@=yK0vXT-RTt^0Ab%jW6ZQtCb=G-uD1
z3Z-D5%g;l3?US2BQ2%s%UW74z;?1;1$Mur2_cumO);E1IAHU)s9${x$70bC6R`;<<
zT+Ao7jBNx9;}2W=+m!>gpAVZFtWOZL3Iwk`66Rk$47<maG|a=h&44b<inm7ujdBxL
z9l9i!_~AU;x{ui29)|T){ufMcB<mtq7QJI=$48AlG%3mMqYw|*MH}bLFf-yr!Jr{g
z$Y)o>1lR+k=CIEhT;90>b}z=`d5zJm<`#kuUM%I&*WEj7R=t>^E~jy2A-)VR<{t^4
zfv3+uw9!TTnGCDROZoSI-io3U4L%iSvbD%aR|M4{J2wwbS1D|2%_;FJY{%4I6^n0x
z`zX5o-{ow%-4k;84jhlBJF^k>kVi_HuTI|F6YVRm6L0y8r_@+X<#0?O1zQ6Kj^6zf
zH%Ov){a0o1!FI2ieo$Ag@V6eDvQ~Ds?oj3K`ijALY6zsw@kc?{yv@Y3L_^yO;sS(0
z&iBlxivEYk3`1ppH*)lT!xeP)_oPs{5p_)qki=Nwo5Rxku>i#e=yi(1@}Xbsk6SM|
zy39R1VK*#`Cf?0V$Kp?SQnN>zoS)y8uF5$}BO%34yEwPy&CdM9s1$>_FAIPh5)*_>
zLr<^@vcSs)`A!mT^=|Xzx@Z?~O=p>vGSz1>I4}kKLWbp3x~A*0!`*b$Cz}w~enQce
zs3gp@ts2fRKS;khvk;Pm>17;fdNGU&!?uv{a%0Hpnf7?<aZ6X<fWiwL!UP8{Ukdd`
zU+Tg)n%yDn*G$<q%-x(P;fC|RPdpYVer)T5hmP(9p~lPf7N2Kclz>?l>lzMXuasx?
zKTNRuAb_!bkOmz`S#6tkmw4%P0+=h!x9@B@E*=~@&C%u5I97R~@3NTbtJAlx(v?`P
z=`M(zQMFX&q)?3Nr*7GQ0R$SQH%kG>fTt-muX2AfPG;wLb1gzdd*=+Ie!eEwyhlyr
zM`uB9cjcyyq=<!6K8uOW8ZegzyhQ3Hd^RKD9<WjtOu3xzoSSo!GN{w;9B<FaoL3_x
za3VP0tgvNf^_p*-9ah-1P%Lefd3Y~w?s*^(EA?XT(kz-<@J5PZ@IOCXk)fmBM=8&n
zmsgGjxVdGeExco_doy|vo@GC$9nUfz3pVf{PXu|1%FfwV&ATICdGc&hl}zLM4aYi_
zCePvdm}r%$+Po;JGvDqOFL^~1kmT`!rf+nRS*ud&^;9tV?4EpXN|aO`p#dM2Xilp8
zy}JV9Ui-*7Gz(uCjabO}+1AIs<b%Ow-8&94Il~uzsrlIk=(1L#xu3FjX=j+b!-93T
z0qUN!7VO?m#R2vHdo}swYK%R^a@C<g$t&!0s>h(4K$m76N0XPS>on<@Ygfr4o1tS{
z(l{;k=%R9zsa^7?V$(SRK#`0wv*|RsJN-T5j-MA)(Sw4Tb&LOa-|B2A{P)!FpVAu{
zohY9b8?K(&>b5S5fazDa^@rCRkG6V`LWsNDM7)gcDwiK$^*+~G0+)W!GC1;0OLoj$
zly1OmmP9K!k=;)n{E}Lg7@{u!_X~$;ARtw6F-8b#>^E}oHTeA@Z(LMW$8(Od`j_9v
z(vC9kU#p~aGJ?<+bbag7g+)`B_PH~KxtR)`Zfw$X!e3dXbJDMn$!r-zj~@2RX?|}O
z{!1-DXHN<0<;o=~2Pb%a$=O1UxP&Y$6;rg+LOUNViNEzoc*XK^HXl}ippx6xwejCb
zj>fYn8ff_~yJ!#w`_b19MTLHRAt>N%%%!+!@MY*(Eg<W7>D=<_%-E@CvFPC0Zy4__
zzih@^68fs$N<E-&!QUR=(RnKXy2|;Nvl=qEy$j-S=&}60dEraGInp@ma-|;4$+5h4
zY7+T>0I)z$zl)XLbBp)*yt{-~N`y64maRT-iSWcBQ0*1Khgwc#dlxu_$aXYtDco*L
z$#ZVEVeZBu@KRq{H8UE#TAY*$YrvnHs2c(N{d+5I+9R=Ib+8)^m8F}`QZYXo%N~N|
zRRU3&ZsS30czF|U+$vFNPud8P&n9UuW`<9VQUVh3duxN2(FhC9_v=X{HX)J=BPCYI
zAOD7qd7Q~Hk9W_^m9pLQxj)w3v+3|1nCC{SAeQKF5yDS4;hBrA{h?IsVWqs@%9vcy
z#F+od3$xJcbe>`3CMT2LW+QT_DPyOFrJ!g_r{zjF&&-uZ%+D2<&KEjlyB%Ef48Ak1
z34HUdoUi&^U8a?g955Ayb^JSjvu!*R>~^j@9cSB!PyAI?9}yOA(#;M}k<wDPQ+{d0
zw8mB6FOASA2WER9r|uR)#2<N-D!<hn<&O)4(-uPXeqowzt~75ZcFHf!n~(MS#S!yO
zoqOGyXw@IJ@(8U3_jlpD;9APO<t`h^foU6oUc!&htb|C(-n(ohdN1>dry@1NW540r
zy#nV(#^R<9;mJx1ArLWrjcG=)j@Vz}i7kYXXs*TQ-7Gw@h7gi1Ztb^GEH6IR!&1Jj
z&a#D0FNaE`?4}N%w{pq1KJiGb>Mw{XARf;a_t9wbfDfz$->)$E11pgyv$&p&jqke<
zE9H^soOuTMD+B}!QoXU6Y5OGdifWiATNqRR8D~ry>F^vY@OdkRSBiu+MV4~!5#foS
zVKFp)hrf8g&2KrM<9*N}gj-q($w=-v3#<>u>eFk)ZM681jauRbr-i#))9J+_#X>{J
zozP*SP0OZUW!a%ni6uvT(2*-%CMNHkY2(KcO0$bvN?$8z%@(4so4dMcWKS?zO@DUj
z>CdlNc>1#g$nBAAbL-TgN_FCSR_p@kua%0wnhQm~zrdJs^a5kz4sY_9nGn5!nq^1t
z%JNS?16`4aCV>bmQG_!tFcz4;LrU%e0jFqBfz}uAw`Gfi+Q3gs35cpIV=Q_v-#LMa
zn?x8>)?9>(Y_}sIws*_bEY36K15$gpvKVQ*0;0_=??8&pt=tdtP?f^RoBdz(LMgw9
zj%e6aGz-?->M!4JxfVL;yug?ip7v#Ny>qKBaA)Y0U$t;&=!_Imsi_dD#w9t3tf>$l
zg>tpmWq^aS_rWToAjX1oYQE#IvXjM`vJ96Czsgp)7_UA*UlWfrMZCy0PJxR#7a5a(
zg<m&e^V3F81K9@LPAc8(l9R#mV}@0v$S)QN;g8U@S^}c|pW}JdPeuEa<84Iwxt6i7
z2$*fsL^bK3o`buSPn23=xbDdVPq)B9#pJ)`!IFzR8|8^}IIOB}D^oDdh<7)#t`-B2
z)*0a3@j(Oi`GbM+xcdA7KJ`1l7KZDZT=6nAJ&|k9F(x~pTSK4?_ylz`i~5W(c1XDj
zS6%i4*FZPy|GvgXVz0<{JF1(q;2hLPot~nY;LliG<PyUFhKhJpyX>f^3S#~zVpuG=
zmB%xWBdhW5RFGdv0A~x1XpdjjXa7+iP(TXshY(!+IpR=>CH6sp_int~DUYe+y>kVm
z@ouMb`#DuZq32hqG^cXwIaB`WL>jeU|96}E;Fi8<d+6xfYT8_?rl~{pTt7?}JB2H$
zZvxSQJ29Te_m70mTk_{n>8gO_b7JCNAR2VzlQvHtv1+@8r>I!X#zM>%?uOe;OI!i5
zMz+M`Oe~dOB*q5Kbyh;a4verukkR{2uWEK;w<qLhOZIMF{AOJXh%lpR>=i2+7l^jH
ze}|R$*7DT(R(HIuEz)-<F*d32!YD#+rO{TOzHKGz@@=@?_4(Vl43I0%;7i5c#;v5i
zrjVond-yo?5ITlkRQj0D8>EF!PZ5<`#il~!$Ch<eh9wb_kZ%+4)&_6zX9UV{zam&p
zc#0!9=pIRg<VHs_rA*zwUH5>Eki!0>u?x+h3(?FrYAaLDFs4jU_YI@IAvv&4#PrK7
zGFl3L<D%Y^>iSZ$-<J+E-&Zev%x>Z7V|B1(TbM!w@ueg}mM?{0n=oX((MdCIcJe%P
zDvfYaX`zdHD}BPVC2H!JFI)nin=v8sFYuefnp;w`g*7*)WQ)7A#a%^mQdUtlCXXF%
znw4Igzt~q(nj%F0gVisjzM7I0A;Qx?@2A<qnyo&}5L=x@h%a<LNeI801W`-JY^i&W
zcYA&&W)ou(!GcL-0Wsiq<alZ@nXC({IX>^x(j6)C3C~mr;dMmI%k+neExF!vLSzrD
zZr;-IfRxtkY8wf7Pv+agMftk}-Wtp=`;Lm=srhA4r`XahFFdbV-{4&|!~Ww{Hq0`{
zEVIm)ud)$jkEv!t<RIJ%lYEa_hl}!xu64_+;=HLY_4%Z0-9E9xcwRXN6e7SF%Zb!1
z?5j^jd0}0gn@Li~SYd1wAxfJ5Jnd*HxP>V1>DTKPfc{)Lnh<4u9iB(zIAQuZwe5|Y
zErfV#AnJJNJI2;Mh!dgJD{ojy;b_#l%-7zq68Y0p`kCf|i`*&ftBo^d=S8lk*}|F=
zN|tdhL!$wAs$bk45Kjff<AG?a`EOY9@JQOu-!^fKsM(^*;R^}*aGIDOt~Cv$Qmvh5
zh~KGF465Zu)x;TQc}qc92ckd)(F-fbjd7zr;#srwhq~pqc;8Sr3SYmk1>9EvAwcwR
zLujai`a=7&{6fxY<#zBd(S_6(I*>($oW*XZ;;UmUTUgUETUgUwnT8jicgz+(@2-ri
zV{F|*5dC!^`mBqL6`p{Rk}f3fS52Uis%7_5u@0Zfd{aG9K?6A!hUZH{NC;maloZU+
zNvW8NF|{<WVBHHzgcLR#jH9NkM*GnGbt{prCt*!K)%2dfenWZY($rEduSv51cBPiL
zl>8RYTgt>bl7CpO<t=^uBIYfvu8Xrto}yc|=O=ic)D5r{kEXr1n&&Qk`yF>!>5Mba
zD_HkDwC~L2gea34V+G@&zYk*C%O)Z60k&+olZwBp{r!dzB88y8p;}9@U#K<-->;Z|
zrS@#6(I1ZqBQ&}m-?8+~#W+i>@io21*hhN4*0C$Jes_D5_dDk`?04O3TEEx5fc<{&
zBJcO)gnp0Y{r>JX-tV2?@_rA&eor>#dlZhjoRD=-B;ok@kw@kuuUUyay_y$Q`%`!q
zlzS?Pkl4<I{mhA`9nA&cXrF9m0mmCh0cKjjU(9oPj`_vI_{3th>_3fu^rmxh)sN<n
zitGu_lWgutQBVkoEL3ihU%wD%v2XJV0wR-FT!=F|y-wbGHm>g}J;Tp)79_gAyn@0u
zZbH`mhHksn!dJ0B-@j@l^3%uhz#_I;Uq3nn;#tGafdAljrqkDqtvk$XxcXHqDeUJ)
zI}?R!0>^bbvqXKl(Zb*3Oqs8q#}wWT{Eu1GH)G;>=6H&5A#LyIvEf)QT!mwK!>c%!
zfoQAr*D)?Q{5%fn?(=bW>n%z*em{=q+BlA9w^#XiHrc|*^Hp#Xea!i~g<XOFA>e-@
z&RF93O!`yfGwT$N&&OvkH9o=f#`w%U&&Ov-O@r~7)L?vkoe5btj!XB4S8#l8TxBKl
z>7##kd=_qEY~2K2!}G6LN#QM>aeSIXHUB=^V0?Z!WgeebfdAyi$LE2;e0+ZR7mm+2
zuV~}50w+e=$mei;($D?T_`LWEAD_Ih|8RT)z<<0kK0N<TdK3&mq$t?Y_oYQWs?6po
zY+7FT=e4+vUPq(LT(bQ{ocY8uxm6AN+Wbj5k%ReV^_*w$PA)LIk+F4CtSGR&e_2W4
zYuBK_$n#brFN&!G%a`!^?~`#Bd&p!T9>0c=b+_`H`=MMiH$KPXyR4X+!dCb!6q;-$
zB=$r7{5~~kr=dz0nh3x6TR=Q6XIG<=<(^U7kK186&d8o%KHsEaV^cI;TB|-MTmTvw
zy4FpCZ4#zFKMy=CpEwa`iG;j@!Z%?)oaEXvYbCb7ZY6L3@*|AJKGXAVbg|va#nz^h
zv2~~Uor70eNns(k1BENCM9w~<>)Cu&&+ci!Ug$vzw*vp)HGM1m2rf^-CFXDy)R)gB
zRXzugqkIPa{>Soh)|b!T8nb*RHIUENYHZ-71o`X)ef&G`rT=A=&)Ju`e5NUvl+Vd>
z#@5}&?-X9PlEUMB9<F`aN@TavKt4A%U=Q*kT?kosyDp!7(41)|`Dn|&GwKt5PJF7g
z9CvkBFG#{<uj&Cd{_rP0GujLndP|%nzkfg)v}XXU$#RHA-JJWHXy?hY`8-)YNJ?uz
z7QY5=q<rynFMM1+7Xse*Eb4=%Ii6!+uUf0|x%YJNO27D1z&qC|Jh77yGD@0q%;gW2
zTWH8?$&DNg{>1l+cfe5O9FMbr_jLZ2fHcTkuZ3QGP^C$(_&W{B7Qfg;h<wUl-XOO=
z9%ssn#JpY;tL55bDA;;k((+%_Si_}hOAr1oBL4QP!Iog}fQWJg*+t6m?0?Yx{naKZ
z6>3~7KYc9DV&502ZH(|NyD?fhepG!6Q?o4~K;;>5GG@RDk)^n6byyA@i!<dObKJX&
zzjJnaERK5!{C%@2+@3!2BG}Via)%0TPn+RU%P}RxIIn{KAB{6*p1RHyt7RFk*YWd}
z!dC|ovhGnH-^_Xe^?S%aLBEg5%MUT8{D#RwL_TmDoL7a?G0s@wD7fii2zEBrvuEQ}
z6<jt?ixK(zf<q|J4Er7ZYy?)DYC3qSA%E=G`y^5LPAcM^u`RkhvfU23&(XM=<oc`m
zIZ(;IBUOtF?Jx7VaL@|$Rf}HG;=<RSL?`w1skoNM@0?s}THm9;8qMRwoENyiT2sd5
zI~3zX#b>OO)-B<pyL^R}6z&?RHV}-&3M-MX`%OzGYpwcMj5Hw1z<hjl+3+1|%Ny8h
zshcm=M*QBNf<x7_bgRXzD#2XseQc4U;9%|P;e`A$w0^oizlJCj&))_bcH~H$>9-XC
zvinFJwK4Wap6c%p=6H&zWPh};jocK7w))~ll;MOGstjB0eh&Tp#3xXc^kkfY)w*@E
z$scn$_Th5uvVzNTUMZKOpk~Kp8hN_WR<Y--WF7RZ@Q#6KD67E#UO2#*lB}1zw7r|p
z?H%j$$M!DP=P%hi_vrs8_HKe=*gJopKW*>2D~;JZhw>-voui(;n{T#v^Xu8WM|wA~
zcdO+_?A_mb|5bZ8Mg9YOci*8#?A_1La(maO_)_-HAt&0q+QTM$H>?*S>vpT_pJ&kC
zO^b4SSFq1y?@k{#*}K?fgsj_c`78ErKDT#4_aE3hhuPlEH`}}U4ei}khyTFd{nkrg
z|39y;|DVRWTJ?;+{(qdW|Bw9%d-w7)e4bW(^@sNETQ0imp0<+01(zB2Zp<@QB9Gbo
zSM1$<ZtrgF^<VAX{Qqw69Dii*&i_{5-pRlHfxUbFGH&lSJ&Q8@_tToalb=F+cc+M=
zoOJZR*}Hq6=5kzGcnN!V;VCOwx5+|Cq5U$ncm1BW61l~%iS}-yv9V9Zv-m3i&{3BZ
zAxWy;f%-dG2$72q8YhuyC|druaVhPsQMP&?3J}5vl8nSaA^cmCmMfHDzon;*2$A7n
z0;HhZg;p*NuNJ$V{!kN(Kh)Hsrnhea+v6AJRluJuR6OAOG6~JmoMNG$%?+#HTMxyV
zXH!7jPsLvXBH#IZL``TaHRbV@U}Di8A*|rDQiCl*_y)AC11v%~jc1S(ZS^NxsF*|e
zzPEbHY*#bwvlCX-G@4xfl$FTe%ertP2VhEXnM}yKd+dZL?JOqy3Hq_|K%A+E0>m$k
zcWVhhE3gr_I&wTUZ>QwjQ93l5`OYI&B8T_K)r_Cx0r70Ec$jUcVyXNyOx(yGp4=iY
zJFM>f!U88(JPh@R23vezR!=5G2+y|=k}V#h(N=q(w32oA+6nP}seZ)71D&Y;NnbQH
z)$?1cW!Hf?Kf@Iw7t~W_J9Oc=dK6f@KhBgwZvS9JWVn8vU(2JRO=78XuWBFHfL!jj
zqlVt{B-+Q%3an~F<he!*3e>a37ooOLT+gFFD?bK^N6WKp<<GJa?Uf?|agN)8iO{Pt
zwJ7t;9{3d(A^bF6|A(iS)dYh9X#^(R_3;$(JoxbyJm2mvd^`AgA$(h$AIxFCU9NaI
z$5TV2Q``=&Bg*nRSRcs)6x?)ClDS>?eYs~cA<DBxdzrj@pV|W|mKgbALYQDaQ&oP9
zO37v2Z5)i%sr^#(#A=1`?m8_U)4NLuZ?0pkVQWs|DXaZVH_W7ZF3dBjmV%^Co1YKx
zjSocMs<jY;Z)^c=T!*$lZ2&ZYI}a+JVq=G(A}v9yTAsLLx<b|C<%i=;o_)yJbo!8c
zo8_9fxeTUMKwJ%gUpxv^3iIuachV4f{oXi>?MjF*-rj3i)Ev*jbszE&ctF%j3PVFs
zT?fIO$oi2nqbha3<jEm~toskY<J><`zsMteJ?;Dv)7f!)D|a(>eFEh_2AB9P`jd%%
zk?C7@;%WNOQGC=$TAD5|->XiqU3T?dlw!F&d#};|!A<zvDCL_G<Ov$*n-KC<6HxA~
z1BL+|-xSkcT7BBpM*PyF{LRY5k|)gB<QH>XRI<Ma6mf0}l?L6Ni96XzRLXJWiZfDk
z#rz>^GQQ9+;CA|iHo56&XY2Sm<^2y^iG1TPadZv~o7PLqui#Gq)dO*c#@A)lja;4j
z=1lpSUyUBT-ITvLQ(pF~(SZZ%do$&`el-Lzri0ek@%!U?hU|(CMC)UoaQApOexQi*
zUVhpI;@=rV0#a}BTHZ_a69I8<YCz0S2}o~aH``1|$Ja;wqX~BK*@vt|p8qrNAk?qD
zb_#R)v4c*zXusOQ!yVLz#e{H68zG^L=E9?6I}##UX*BsqFhbL94^zulwzmL`Tk0=y
zrqrnRMLSmW?8))498VPh`0nGv1-%LJePKy5zdfch+nu8Q7_0rD2`|FYbA!=7m>kr;
zq{Or)3*Yn``nZ*3i<<-Dc=x0n&p{f^oD{MWdH61{PK(_R5|GBbCj~q6U{*?kzE9#F
zEJ=GF1QRVb1(T^{;qerbEkgKxOG2JlAzm`L1poMzg})0iokptQ<|Nb2NkaHP>I>m1
z7}R7cH8GK!2;o;%)?*uI{ZF;>l*TI$sg)0Dyz-!0c~;|<&*07;B4cpxd1}^BsyXGz
zp(hnh1oA^=Ya1NrgMEidFY*^s3gIzr$fZ=`HdKl8mj6{Hl#AN?Zm75mM_hhsPn_Wh
zD{1(=nD|`)*DoOzcPQ7!6V69>$usxF8J1T4@g%q&s_L`2OQvu=T)RFir^EG4+VyvG
zDqP=Yly|}Pe51T$kD3RhmaqLW&XgzOdY+IB*HPnoH(bB0wdX9ff2J68-;pf_+>_*W
zKk|;ulmL<f?nz3`MSVRG5UcBzfBeTd!(vb#Z&VMN`Fp`sLnm)n$BnOpXq;&wOt%XV
z0AJMQTrH<V`wm}7obNfFV>rJ0;O2O$3J2r(UihEKSAP?l(oQ`WH}lK!)Ohxo_<?Q}
zdV8Cg`M$Vl`CnO@KBO=VeZ@l;)Kps`a{mQfE!UHD$`1`jCij9Nw|b>d?XF)swj!_K
z(()XR@~r#+L7v@NJ$W{qoVowU$!ReAC~nd>^>v5Se=*sK$P?!nQ<geS#sY1FXOGbU
z(;)v}+f#AQ*x$IMyyu|^$p7rJlqu)*{7w70b`UXUp2B|wUx6TYq|zb>=GuPkBt$;`
z6BkMfPQvEB@V;Vx-#Yz1{R<!~+hgMHDxio>skF$6RXN%aBCl4f;&JKgysG<oRd?e*
zCyfqcRQ>A6NA2-T9@4n3+0t|uW&=IY0k;E&VeM1gsiE^p`6*ON_99@Vp(G2>vV;47
zcJlofD%rod5^C>OG6*8{NiHGMx*H(@Dfyj2Ht?N7_=6r0KP6dwp^FwFve}7EJJ8mq
ze)goCO7<CTZN%>#<`BZYQ^2bS-3!)1oa8x{M}>Liu)6)3O4;tzfVfNOknK)^$(1hj
z%XZH{Ei8pzi(&UFzVa;<`i0#v*hq0eaVJ2q^p-D{!CK)MOvH4*Sf=Mhw`-@zc(1or
zpW$qd?FPT!#A(t=&mPqdj!o3iM4eFnaTeA;RI<Nt1<L2)ftq}-?||}|HBgn$C!M%_
zsAQkoMw7!8o%qX_9RYC{mj}<Hf`CBGb}!)Hl+jb_Mc!q(YZ*f;lY*}S*n$0c+@*(i
zb6X|&XT47i)m`b#)b@MYXd_h?E2WZslgCD+$qp)IvH{Sg1uh}7fp_W90JTe27w-}*
zz0bA6^srM-8}Z{8aqJH`wO&r>TECapKhev8_^JCb=<VgD3BBcUVoxU@zleh|_Fw(S
z_Pz=JqhHdWoASyQHSbqi<dFORV4lX8<2<szHUx+L>;BrX-^pe4aeq}tIbHN&&l5C(
z6n5qUNogRER9zsB1_I$?62n|7t`aVlRFe+e-bL4e&xQY@14@rN!(K{ukAOy`ztE^1
zi?tv`?z7u0fZw`t``4P=zt#=x*eL<+*zVSecI?X5gvfh#neEsZ)DQayysEd<s>Ez}
zs-BtM2P?ZTg-VNDG@AU-GAohucJfNHu#!9ZfXr%bBiYjQ)NE<dK+xyVq9JzS(Ser{
zA`KrxqsiSuriG5_eaarrynpLP`@g+8^naJR|BvxTpKHbY->O0X*S6;UZ<W~py-?Mj
zo#y^O#zpx7uj;K<4ea=~)(z}<B^uan54Ngj$M0#?h#mi|xo*c#4nl=J(pOX1dC91-
z+xn^sTh+;I$2+&crgdp$w&N>XYKq*p^B>sp-~Ox}FT0c-ANp0}cHG-ax8rMDs&*j#
zJVb9h{>TE18(^C0zAx@dYIMH;d`5e2dDB3Y(`$V+Ie|I{q-3#=DyJ3g^@$yAp~>U<
z_WzST4-_`A=aC`j|Abxpa6p1xyZg`DwKKnK{oFSI`+1Gt&&f{gXHTu4&D-kze51M6
z&o}<Je%`U6VL$1)Khe+o`XuzT&7bXOE4`mLHs=~F4R?fUlZ5aC&GAdTLioDo*k4a`
z8^KTX?r+AwN8BIfaz$@_o}h!v?9>}G)`jq99RH>`{>?xxBOOB6+D?@V3MC-2fLPa<
zvkQpNpcQW@BHx#Wh|s1x+UqvGL$mtp?n}7#ONnLYas54H-ezcYu4o2kb9Rc^_KoAO
z3#qgdLZ@FN@A}r*;u_Qu4>=ul`U0C=_^q+a^>!yhz5-p4Cw&LS`QtaIJMjaIGO!QF
zsFYdiu)*Xn7usau{+FYH^~`II*7HS&YCVVJhdL-$x3UQ#a_v@bLeu$PKL%3v*;rBL
z9S+@vr06cBIS%x6XTUq%C4|4~0)w*Hoq`&dEzWVL2BbOebiZ`1J6Aj_d$$=|e-AfH
z*bsWSDZ$4j9di3^Mjxx1B|d)_ZHk`*!Ix}Q%bmC3F5P1(%|UC*)J8nk8Oqef9;cE$
zt0`_;@0)8?hgM3L%f61I`rp>u{FI3{=KsSoPI(pIQP8ay&U*W`z%yjEP$|>Xv=OiS
z9PWAAH}plR?(C@rf@9j@oY~M*wGqSGn|(%i+yJ&8ZlXt&z7Vqrkxqywe}{OI#V_vs
zO0ycNa=$Hn;hc)kLRAXkXnRd({KCBWS_k(p!kkJfWp-_1BkP*-cR-AE`SF20p#veh
z`(g0wwB~+jG-#WTY)n1~s!H%ZS@^i6=6euw<_U8u00CzuzqwZTMyY0R)XSkAr9Iw6
zT~z$7gSMz>*3>j~%6q3#{Ll2W5oIx+#dMnqzvuJc0r-6f|2++UPx`O>uMgv5HtBy~
z%q~A-vcC=M{|DC3{`bwi=Z>4|FI?4IU6h+Fd`*t$U_BN_EB-vAp2zigR$lbAdPvct
zDY@kC(!qLr57<DXG5>Ww{recMpTugpwj$1yM^52meit!#$bA2D8<DeKVazX<aO>z$
z(}&SA$!RM!TaT*J(rVr*`DQ>vNkLP6U)=Lo2U~eh*51Edl;jtgviiJc|1-T-8^RQ9
zp%T#IpUj>K_)yJ{W;RQ}$5-?HOet+s5?}Z!NhpHMeMvUeli&-`Gq)vST<+pwEQGL;
z%rnsa%qNq$i5D+`I|ZAJL2KlOGyGunmGU@KhMh6LpMpx657n#xo`&@&S7ZHy|DgW9
z)x7@eq5jU*=K2HTE;$w8W7S&xpjh+>Sn*UF`#;-E_`csYTptT@u{)hg_C=RrG*Q-7
zizZ&?7WBQYss)X;;}$e0a!iQy!vw3eH!b>FdVocXytcO^1dZW3dt$`>OMq{dr=S@_
zlV?~vr+LQ&N>@UubUo1i`V-x>rI<~dwIwtQ*4tyPs%eX~(@fiI)_UPc)unbCZa-vx
zADaCIqI(DBXZ|GXBSd!$%6|S(ru<rIoGFL-vF;N<heeZe>LgH^90uw=wRl91eV6Yo
z<!&TJ*<Qn60yGWER8{k1^l@;JSId}BdUQn+A(%FT1-Ayo?ExwI-Bg<z?UID=QAHH4
zjhstMol6z!aPs6-^ruIeRlU30K4v8iDtY}3W3ev+QgTMBjl{lHxAoKIFH3lR>5Atx
zZ|J)vai&~*0`m-bnH74OoMVj1A{3Zb3*6Ikk!=%;QdP&8d^b?G;;oGP)~V{PsmkBa
z@#;tGm3?-KBVHZZbCfZ;e@Prf-o@xeDh(A`lmRChlUs3OJYJ7DBF30}q8N$$>Jv{^
z^AX)z9B0arTE^rGUh;FbWOS@W*?xgB`2&u>V#2%N({yv(V*_Gcj^`MDW(=+=s$F5f
zz9vodebFPy6eTsHiZ35vOs3F|qh}bCujBj%$IT;FWKovj*e-_UYtT*oVo8qY7&gMQ
zr!cKAFiJ^kEG}z=WB&tO%G-;yk@)&7swdZ{FN-vNdf_5txezr5-4uC4Z^iNMv4y_A
zeCNDpQi4aj<ed9tKbQHGqBv7-yvU!`p2XcCf7oR6Ma;RHJ>3*_jwx0T+t3*{7I*&T
za6kzkLR-8V*ojSbL#(`}ATHI%Z>mNwvc3mCvHW^Ro4SIErmgB|Bl7xB^;J?Oti~eu
zpGsUsdiE50`Xsbj_{&~1e;>ACS$AwhK?jV_pXy*E^0l9$PY25#xmaDFvw2-s_|gFL
z!u-!Ouf-(4%*Q$NUYxlbn1A(&!TdwzlFa8K^SOVS`J%m-tac+-``5z|H}BI<OwURF
zDjEA!lx!n%>|>)(PhVP~fA3@70r>OG-})7q-`EwIU&fjD0_O8f%srPD=$C!X+sA*N
zdH-K8RV|pXqgeBR`ZfPig+Kg)y}7S5_9nYM_9myjjmWD$GJ5mqrF(M@c@F%uJZEs8
z9lP3y{O$+HMH$5t%r11c5&1b4`y~D+c61&}+_{?jXLocm_A{0%-OCduiw`m8m+r!R
zNy;;#Auze8g}PaeNs}}hbkC<^HO57_8KZ5sV0<Kh_by`)<KPQpK03sshW_j0OnLnf
zcCJYm8<D?wpLZ^Du@R9%hZdwlKZYh<y7@hS#ws)TxJ_w`<2JRejmYwc#<*!~vaI^!
zhSe4h9dL;)%&&ez4x2jJh-_0EJ??@@Xj5X13T<%nzaq33-!Ta-5aU8S^F^E~*T;a@
z1Dw~1qrmHKGcQ;t|GSwfq4h{2FPpYomKeR3YtgIRLuIW6t3u@aqb6TE{|n8RZa8Y{
z^_a$cea`V$dj0y_re0sC_L{AYGsP1_smEM6uFp7eT%UE?i0u5p7}ve~FFCFw`@^{2
z()hR@{_(%es=}N;|C^ta`Mm!B$otdyD2nY57_XVmgkcFClxVnsL>;a{jU;N27@~<J
z(1SA&S!8jGf(U|$I8hW3G&4%yz9XopsGulbMNv>u;06c*fq;rEf~?98-3$=6gg}z6
z|L2^lUM34yfB)xs_4oqQJ=Ld9ojP^u)Tuh(>XXPPS#{%=*6gayX706`xYUqq<eW{e
z=|>urtJ}?c7)6Sm%H?Y7S1a0&9oyq`n{;nJ!le805}j%tFvBM+1lBtBOQzFpQKw%_
z#9-`)hYT*7*tsZd!dE-+Pi1{Qi&n99CMU~315P?KPX2v}EjF$OP9`7v3$`sTIm))(
z{6B2M2xb!|;~bwbq9y9i$d)lg-8SFSojE7!)=W#JPEng0JsZ}XuXiH-GLYWcc}#k5
zS2H^V4#l7R-Qe2G?w}06F{-jg)bxYB*b|9T=%g5&8cT>@c`TlHNsNd0%LNx9e)%BN
zjVAEfkF19$0FS*nKQ3w`<!gl0x_YF(!HM2ga8`&KVurt5G87H<ZFScOjm4L6!TID4
zOEg=fJYqI-@9zXOrG`Z^bx++X!>44eIwO!M2VgCZ-o(E>dN=)!&3)!fBh7sajmpD~
zE{QJF?j&s-Bi_0(;&-AfQ~z(o6BzL&ryC*u84A_^e<QwhyG?lxYhWwtE6-d3l_#yV
z*bSmwp&>*6Y>c7hD9T6wmgb~xN19v98=<)g8=3#NXztx+8>n>&zR<~T3L4Xz^E)qR
z$9ziGwaD<+l1<S&Z*BgnpZ3xJs-W}~t6*1j1&M#Pf?Lt5xn4MB3f3B!C2sU=+g&~m
z&;WHg*V9#-^c&iuJ8%+Da5qJJ+_Y&7QFA}D>~Y@{^;Vn@-w?IpyuQJ)tX;#%?-XN*
zI&>})jC^gX>a&=KIE1MxrfH$3-hgl!yVFW>qg{(VQO{JH3NYygd*zLV2G0G?LIXM9
z=v2E@X+<4!mC>GL3^`!@L1S(XWuC#6-xy9nRweu10pG8wU=QaP>QsB>JbO3>4=+`*
zhu!cHxxgMaF4SqX&0e#Q{j#XuF9&zAU*2QC7(?}nqm<U~Kkbd<tn{dbI<<*w$8m-c
z&5kK(_wS2(oV<%tE2OG@c^vm&l1>OjqlfMH$6zX~TT*%^N#XGh^|^(7lfi|Zvqn<7
zC*uzfEwnNO&JaRYf+wl={Lb1Ytu~TGm8?0fVu&Q4Vpmu_o+Qb6i9Y$MWYxWxZMQ0U
z2-e)+NXH7?%Fq?AYykh;Cm&PCF3@T8Pi%i;&;pLjP`EC#!_03~9XZQeUjdq*M*^w2
z^3mdcY+pnQ$CVDj#E~u!3Pj!gIi>aQxdFOlfledqcplwy*A;|Bma?4NJALx8oaIff
zAVl5swN4`+o9DCf_drKH!jZGQ=@o<&27Pk5`u*2B)t;x6vd<8G0opVRKHp-)Pai0S
zU5~Uf@%T7`x^y`tzMc4bqlv_~-?#;19MAHk8s;ND@&HD}4&*a*yg{$p(D8Z<Hqh~k
z7wL3RN!9}l9q;Z31j3dJ;ViYUK-Br4HE`>xeg7g>QoQjjI2zg@PMgob(TBCbeWOXR
zj!!J2l=;o!xP3zeQZoDjq(2qt-}@P*kq>S8rI#EmkCdkfBuBnw_no~E?^8Oa$H$Pg
zQh$g}7PU(bLZ%z|dN=qohpk0?z1+1tR14a<5A-?QhiV1<Jh3;N>q*T^D>d#d?uAzn
zXPg&<TN!R%rX~<?My{t0a9#`t&Z{BTZL9GnbY2%shwSg+*m)~CcAi(6=;7dbt4#2`
zRR(z8d!U};;{KkbTyb&lq+EG(uDq!pdfsykFYgK`+o_jwDpw_mp;HbMK5u;v-oENW
z_`HiwhA^G0h`GvDc^N+$_phEO96B%8g3jCjHHSAfVDsi;77M!%r>NB7&#2<KdDHB;
zd0UPN#Gi4#4sM=LKE_YZ<a*p{-h2}??|v!M_1Q6jU`-4(?}=jqznXQdFXKXBlnH_9
zRwpjhsR?-LHu3So20q@f`uKQ*7jWaH*HBuL@&F;)Z8m(o+_glDn9sT5;?t4&HvJ9z
zJjqhHzb6&J>rVN?amj-OGzVLP?3&hFYAG$b70B+j=P^JtfBk|>P<w<L_wyX%tqFMC
z>W81}c*C$8n*_vusiiauHxCy3X8AGo%70eNFKY0G@8|e*2eQ3l-dW9|Q|b+aMid=1
z0P6NJfI2Z(Tzr+LGk`iVS6p(HcBYo+SA)GNZ}I=Ey_t3d?M?apXm6hJF?*xFY_m7N
z_c!cKuZ3W5#$+;kv*~`z-puJO5H<6Y|C7C$#q3R7d<;?Ny=2*&r|%a?$-9|IKO5-p
z`S|bHo3+jV-?leDAO8Q0y&3z(|H<Awdgy=Ko9&-P*_$qhqU_CugN@po7W4nMz0tm~
z+na|o|Npf&OZzc<^XL?ty&0O>kiB{MKbN;Rx6J)}_D28Y|8;xA(Flr8Bue3lo)~C)
z3-DOo>K3Sc=tNJ9+VgXiXy7q;bW8GDHT`qrgkE40ylkOf|GDLfzGix&D?aCa@jbDf
znfk>ik4Q#LfmYdxQqh`31Jz{s^qi8B@r2~cl~OqF%Y1<pw_vvCe(*(B&PLmlm{w|h
z!0<|PN=C&KQn*2q%h{jm_PIKZ{1^P`lBeR0n+v-$XRw_=bTTlTfuz3!zTiA4{O{qW
zUpo_?cXL0p<mq@qA|>{G>GAOUBJ&>RMD>ojsNL$*O!HtsuSsNnGA=EoaNM7L1X7Y1
zZ{cgqx=$eLsaYIfgMWbcN+(Ln<YcvIE~C{Fe=_Z1aSo&RI?y|Eg+=csuRzof8>5$`
z-qr}cY)0=cp!dCv-aml9-i^^qR1ba9Ful7Oy;HpfQc`52cPw8Zs{TP;dQAI5Tg7SL
zvFpmkkcQYl9S`Dh(UhUF?8XSUc|-5&mk$y`vZc(FV}A;S;ps@BtpOjdY9C-`d)A*g
z*R{`OiTOu9(W!ycQPW2tXqrk|v3Vz65{NqV14<uCD>ZQ1_?<Z`NYtG<3s_#C7~G4I
zg{RzJC1hO1lO4DL;faPg@bY_5tdBlt3Dd7R8n}Tgm}4LfnK^CKV6?Cs1=h0PF$Y`1
z=%n9W`7&o?AXb5&-2AbL6>%+PSP{GC=u~S>&2zVJ{DGo)vpW;T?vHh<RTy{)QfO=8
zP3%7QZDvCQ8`7xi{FE;uPl~~HI!Csi?vszIOQ8aOzajT9QvMJ)Zp}ma47VoaL!YB%
z9|O1MQg;MfiG0R!Yx(_|3}>YU!vosio8hcn^#a3LsQ_y?+@5dCC6x{=q_Qi#@Cwwl
zQuX7{kzuVDjVfQRuK!4<+INg!n012}@UELvAgmMc+p(zplt=fnTOY&eSKnheMd_dE
zRGXnw+PJ>nipN@0np2@seZ6CEqxyPc4|dX1IjobQeTKgJ{D!{nAHvpUc>+-v&HR5}
zU&}xJd-}TX)4#2+6F;n{ubn=O*4G2OQ4|NWnJ8}j=&$K(-;W#9SNDhY^mWp1Ltnr4
zGkx9eMSXqPXXtCM9Msp$PcNgdsXmT>`rQA}*U;?x`g-QmM)WmtcH{cmZFW6<{dSk3
zuTR`<=xb=Mp|1n&HxeSg##Dx{k)$Tg=94pxL2QX+ue?TWKHEBIegnhZNL4Fm!Ao{|
z*>M-goM5OHdp-h}2d@t)l|T)e#WJLgUb|o*gzQKg9D^bi8Gby;r*w2(66_chlahV%
zL#aMxsR^~gkT$3oY|D@~THGxV_1ODNPpQieM6ts}+PGs52cj6`G&35mM4g_{RlRW*
zwi;viVz7ooi>O!5V(myW+Hsa}aFL52SigAXbv*L`Q8)hl(EigJF}R`)F&b?_Z+Ow6
zQ(Rql3dAdq_9RP6N{fqv4PxX$Pm*5_c#M|kh^_j2ShH(bvlH$Th<f@x*6itRSl<0n
z1Q>y4t9c*s7Jt=-$GpT~8-b9b%mneZJ#9Gj#$2B*BhA8BoA<s>wf#)ri~x6D+J?Ne
z%91&43CUSHrtTSKJD$d#Kr=6bJ~VYkrzNB@P?*C#1d=PS_R0NWp+%)|*6C~kapjZM
zQ*T+I8a_|5PwDST4g7=M{?C_tCIZD{jwtkwJ$P&626*hm*E2R?4OcWCMQojW>F&Bb
zN=N6*LuITd2wyQ3-Ttbm3$lnhYPOZl@k|1#D^M8)`b2{Q<(N)<J%NV|k`aGjjeU<F
z=0gB}Er#04aeRtHGYx!-in{m|>t}NCD2@-Y6rN97coXyB`6dHj59>{3{qs5}nu^_{
zO|tV>u8xK8ez0&U3gCH-fjfZ*ShImnS5WO-=u9<>6U+vJT@`q*<a&~|HMP+=2X()5
z&D1HDR052du1H0jWqfDON%wwe$Dw%1y84|~Q>w+)TK7Y%-@L0+ZFfyWdOr}mX+(qF
zWCKB{jlu!IVreJy()IwUlO{Fu%aTWt>_~@=2wRg3!oj|<h8+eFL;tBUw?ZTkMYbI9
zbOlkQ`s4>a$!f(rOpX%BB3pqU75Gtk(37l<sEN97y-_0HT#m>nYUYEO?TQl7sJ1ql
z<Sc#C-YAZ?mRnE#3ooPo*4L^Yg)ahjPJMQkIj%x&p({7HCS>?@+ki4t7?Sw@R2}JC
z^zW}W>DS@!9i;YD!^5*Po@9779&>fW2~Ttvi0XUaTJ|1gdBOK>Mbqvmnvm!cUpsd*
zAxif|DV#8=XT$lx*YfgSxor4!8$S(jaPX3KZ=FlqB1GjGwol-BhKE~&vlq8vi@@>>
zr?zH(?OE^++TVCW;F$q)+hS%ws}lmt44B;B%)jioMc`Qg2kT_i58_FNKF<jFC!QUa
zwXzU$J%fC5z*C?eEaFFdK)d3-a+zP=W&lB=w%-EP$uS<3-Nq|zBDe3dvW9Cm9E|tQ
zU_1IojCS0L?TE{WKsz>w!Eu-f??C*6&Cre<w-|((jJIPGYlm@*OoQBekb56H_ACDq
z#rXAYVe;eqOS}Q0?i>L1fwy$3b<yqpbQ<`Ld-FK(D<z7dKQM8>;|s?Hmgle^aUo(n
z4r%BFx4QdnYxC{{5dP2!E!4GdTMpP;9-jEfQhSEHWA{N;iNU-6X$!R+!o+8m`<TDU
z2xSJ7ZeZEegZLr1V}ALFq_|F<WixXDlM5nS82|yMghqgb#;VR&ED5nWxZRcD{4l&X
z6x50vKtKpWCx))8W$yl+Z|anz_n~|yxYavm>Sp3nTU6Ew@vL#}`Fz2=vLD6ZtR$4_
z+vO<JTQozav#vuONYJ<rwC%`rz|8xL$0n&azs+v3Nx~bsP-JVx;G-U<`93*65wjHK
zK}nM0>hP<fJ&$+9YCk&z^4VmU98fXk6s=A^d9<g%Cb7*^sI6|USj-{$sTGLMreksc
zv<;5yu81BS+&HkI@oQytz7n2Okd*dL)fgY&V%~k6c8tqr{6Ea`k+soi;kQYDYkb5^
zX>@#qRDN)^!TGRcLi?zB<6jO!v<p?X@$%o3$p7l22LA^b|6d&C{BN`PpY)5t|Bvnd
z7XP`E8|OdyviwJ`iQ@l#;QtOA{}bHm6K`9SLLdPfb@&7-Z1{+wu#Y5SqXI{GqrONo
z8#V7|qfu?^b&620QJ`gmpk)QnvJvW&FEwttuo6S7Zf$9ITWpgK)2rvsGrX1wZuQ+6
z*7%&*%050P&9INpTu;0h?D!8te3=RTein#0qtus~(B@|z-4{bk;_$c5@Fw_W9J;6M
zxQFL0PAF6=PCd|pkWgu1J4tcH{LCjubnC}5WQ6jcK$x!S5mb~;hYdw}=310#{9!KB
z4%gQ)0?Et>-0+6Y2qYV(rR+MJ5kOP{giY)YmLTCLqf2tHZ@5bg;x=V_Fsfg+PPC2w
zWY#%sbuy%7oxxvxovoYtwX8ogZqRm~HRC1naTLS2L#7y7p%?}q;$pZa(Nrz}2BRGx
zCH}4P(t2X!<E5(Va^t0Ehp6%LA&i$M6}IudL1XjdL1Soi$6k(m;h-^}Uv2UqUT^T9
z_xJekKcR8{yIz+6xzYT80{r(pA2r^ef5RH@zatil>%5Ac^7R3uQ&!=mA2;IwZ`8W>
zW}}vt8I9`N{_l_X7hi0=W$_JIGP5nbeSdU-X8i}6HTGN-P7iCsjb;;mL%fc-Rz?%F
zE6pZUtTUQ$N1MOZFUwzOoclSIm+O}{(fu+D8nE!JO|PCghWr=rH~621xEgUE@8|qK
zXz5kD$$!z6e~bT`@s0Dpzv6QI-xfWOyb1i5pRw`(?NQ`^_dbLFjF!m%s(qaQHCLGY
z7p^t<@AUWh?{*pflP=5uv}pd{0scGN`9E_6`EO?Ozk$jB%%7b9DvSRg))@RZ|9kvT
ze7<r13(jAT{}s{v&jkLTK5gSajr0Gf!T<G4{%8K+{4WwM{r}P6|K)_gr~l7gM*q)U
zj{m}F{hx#SUvAg`!%TnvF!*oUoav9j|FBk;{+s+i(E9J`f8k~H|Lo=X-x2KxzK;5T
z%C7&1nEf&NztPR?kHP=a)|URSHu!J<_vGL0GW;i9mj5rJ`TsZSzn%Xx2O0l+4gQOp
zF#h*){%b7x|FFvRWB;D~Ck8H~|7R}8|D)0RKLhpuq+S0R|Nq)!@Shrs{6DkD;NKd*
z6{QCMAGi8@`v2@@^#Anb_;*F~KOOZSF=t$ll;RE&xq%<pmXxmQp&$a>z?X7cn@43u
zqnO)!Cp(${APgSN&sO55lnP`8JB&o2v13ck^zC>vW}L#HXlnMO&_cTmp{+#tg}BkX
zxX=zJFrkG`ioq3lHYz0<=;0x3#r4%nLy-Tx$_~Gfmv$IID-oy0$1Yt(s0Aq;h{+c_
z<$CgQ&Cii#ay<o@6J@1AseQ-c<t;`uCeWO36Eur4_ehcia6}!ZANnHjDm&P^T(C*W
zSS@JxsVJ>$4w=$w-*;uSwC-71S6YG?+RCpoNO?u4+FH!)bZs~&5N#^^`)j6qu|UgV
z&|($1&XhDj@MWFS$k&qMS_D+an)huq6i+Mp5~F-iNA>${$1vXMmoM0(Pu%Io*x>ik
z0ngE(aJ`S)a5(IGTC%<^PiH!54`i{=7(vZ(oKiJ2#5dt0j)tPh)KqvYioCw9S$_#?
zYx*g46|z281)|<Lm{PC23TggFh(dwsJkS_yMV%ahekHJ8%2~R)k=Usvn=VHw6&IIk
zBhIoI*Yi_!s;vU+qNHT5;L5Arg#n&T>fk9ljm*WsGc2}xP2r0zt=$PqbCi&QhA|S4
z`>*%O8+=OKtRn)qC3YYShZyP}0ZrM&Xz7y;S~tVTN}M0(XxE?1aS5?wc_T#h;|vWW
zE`^m}faTkN-e7q_4E=hXLvTQ)vRUbp;~f9P=ZROx@z?R%h8ouJg2_77cGj3k8cAyJ
z$wm@Ghf}OfHz>2?1j9#227O&75EOnmJ^wm^s|*;dTe;kl^P;uU*8NrwEk0%fN++p1
zUovVfJ86RwS!KSScE(ovOY`+R?6o@cC8K4Bt67r6tN142`DFspicV8%45^aYNl~Ws
zn<%E}Axu9RxfgfV@7#_?Idi)})Zx#fj)Fl9m0ZL-pBTKxnf6iirbp3Rc*rcdp+t->
z8Hy?yVm0qzHSgcX&e?Ahh<ak2Rr8t)wwm9LruXkCdg+W_8Kala=-mhOX4&Z7US*@_
zzb1;_j3|0X4x&=4w@lJ0qDh;dJ#}r=XRD(=TX4`OfYfNwe;HLWcn}%B3XlFIbp8z)
zPW??FYUCM<;rXX+HBajhMema+dbc06b^7w?lAlJEY{qK#;dz#Xw^_~aK+VsXH3tUy
z<zKXxXuGoR#N!?b%~{D7P_n0u$4AcEc<c}@)HkDQo_@eq@`rX&C8tD{9M0f2cJ9KO
zzuk&8f45a2>c+8F%}37L==~V29<N8yyNc19%35+@3p>BEMIh=V8@)-VZ1ir6mf?p{
z^wu%-ieyGFjq!IY@Rwqvmv!7m?}=#s{uM><IYy5#dM`8nUIG68c-o@(!x<aB3DJ^%
zCyL%b8NGQ-e%CU3*8#n-jb2B4&wUY1Z)Oy|-x**=KBKp4GtyhVSs-ebjb5C+y*r}m
zy&pyI)qOT?t&EoR=TRjeWHp!Uz?$!1HFt%Ye;i}g+_v0Svn!h3tSEXd7`+8MkzUy*
zq_=*PK-6b#^nSKW`q5~5bE4=iX9@HFWRiJev%o#+aQaYS@|rQG_smiSa}IOLC4<`m
zwTTVyWO96sm5fcon(Y9JzdU8Jx%{w=&DWv_)JsupCNO$W?-Yo7=}DvzS>Cwo{z1Da
zPYP&h=l4_URYtPZ#D0e<^(&7?WzlwWh`~@xzO@A_i+mm&JBB_lE+^0rR!2NRjbmwL
zOeB(AuC9Jwr`qj@k<per1ft%@7}ZAVw*1{zhZ@e`Js)S=RMW6}qh`Jl<YSI@K0}*8
z7>Qg@fx2fnXU16Nh@r}ZrW=u@-t@fTUF>6)^UfW-lhtoVTD_~a*Do8&JBgEr+2`7S
zm?Cc6#!g{w#2ywm3Pe3V%Ie{1$M`@g5t883c@3*e7Y6h(6DGX2Bbn3=)qrwv54E1}
zSh6y@i(dwwT5(()@Bp@rU}SD(=m3wyyHfscOtnoF#-3<c74C2GS5)Dl$L*@{@Cl|0
zOA2+W-FL!P%TJBelKGcvxiHLL%Tiv;eNfAMT#;ry1=HI8Cs_MFyvY0_5a%!a-A|YB
zogdyU<?mwca!?!L@U!NBg~I_+9RAKZTo}-)wt;c@GjMnpui3{q+yUI&XmEIe;Q(!A
zcg6pN8ny8!fv7V_S{jw285*_0j4L;wQHOWgJeh9Mp3HpEl^=K6+TQ<I!)>o>_E*|I
zc&NSY_Z(wwU-Ya_we(}QS{5`?%U6G?mUEBUYnjDs@k1>z$|NN#119jjk27gjR^q!t
zc(<OvTT)@;CiPIm+_d^j+&mt|%{3eoZsj<gYON00YUz8b;ab)<{VTQ5NA0y_pJKHP
zhFWerh3$I?<`i`pYv0Y4wwh-~8m{?}`>)g-imLh52&;MDGdk5?h}dcwcf8?RzWqzJ
zbcm{@fUW-27oe7Yn7W-6hN<1n+m~XG*RpN;lD5%N!dF4JkNwW{0q5JH?AuZ2Y+Nrt
z+A!B|HTf%Ck1Vir{pC@{^^aq9s?9!XtL67bWHaV3)gnaIvWCm%A*cnG$(9~B($Cvs
z|4J>hABoaq-p?1F20ga-^F8|-u4VaOs^yNTT2lA1THb(Ku4i-BL+HsRe6|*?-sfut
zqJA>WvU;6Q7*;PGLn<qyyrT=-SbzVDG{&tHOoYKP>ja_>9%f=7F>2BuXdFwD+XJoF
z8n&RHY_m0gXCuw`xELx?h3UHJKKa;iar8PS4+EJfpMfMXpla}1IzAjVqj8B$9s@HP
zlgP8b2t;l9DAV4BxRR!}U|Y!s^hI82nE56<C@qoD<@l<B=+g#m&2RsE<ML|LWzm-W
zZWG3`gAEH~Zp{Bt7>N(rh4BIN-qdkV=~R22`D_pWED+UEz=UzW3g6ub&eq9C*t_5H
z6476<B`By3B{yEKcaLtj%GYmse^be{72C0~iFlA~d<-Fe<%M|O=q9}3z2LQc(SWG<
zo~^sT{F&>aDm`K;p!Q;IR99MIr{CHcj-18j-3U38_3kgI*)vyLnmuE+K-9^P*3s-|
z|1_2-PhjUQu(w{@w8hqoukUWS7yAepXK#m9LbtiBQ?B+CYYf6Q`T$m+2TWhQKljBa
z?zTbtel*Gmg+0C-SQ+hMylmYGyo~l3%-}y5Jl}~CeAnWiqq#xfzM$^8Fks2X&8i{w
zRtDeiw5<$UjWSjSvv*R;Rp(?>Alo0ML#$8c{}!ccbtj~err@=g89dCcpA1E~`yrbm
z+^Ykf6Gpw(dirvam0NymWXonlNzkg;{hO_$7w&DOqaDn2A2NsQDK=c!Si{vs@3Y1%
zUv>=}T(7IA?X`9F_alw29>14GW<MFJQ*F~F_V6}5%sz+FPu3enBaPmuIK#?317*hW
zhhZZPkYst2IuIT@Tx1Wu;9==G_K*b+{`2f16&~U*u!rm6A;bw>1rPbv?4c<<+`*~U
zjL@le5C5hd9;!LDgYa;$f<0`9ho1alJv`ikC_0;1>lcqOTK~Rod;O91x`s!Hq3Kgc
z7)@`*L;TN;(5cO$Ja!}s)}|jKthv1Z5lGrehLLsfFyALJ??1<D&oPniB8+H$*?tPo
zL{ftztSdlL*)_k3>eC~v+@zaW$s~2i2<z}o?-(O9Cjgp2Wxscnb&8f?j!*YgNlAZd
zgFvj?aJ$E28WN@*J(bGeca@axUHRYHlG4LnIb}W}Bwh@zkKtF5@N3sIUA;dQh#1Ou
z5b|FKznpNN+U5x>1LP#j4ZQ19f%r3yiopvGLNNbJo%<x;_vsr;81}ln4z+V^q9n(7
z)PBQ3=y(RqE3fq`L=0xfG8`SROvK<^E468!6Gp;GNpZcjMj(=sUREj)DPwG+7<$MB
z^`|T-6<BKCY!_6PM;t6Y`<f?#)l%f+eI_OMO6DZRc-WbAJUKl47bZ5pT#)RQvy*U`
zs{2RUSX?6p$8v822kUw>zgx-USx@{VaIn;2K)r9_cf3d60?Y7z_OVp*7<R4wI)A8A
z41KFps(vwy!xg!%o+}Wr%LP6q)t_-H(9s_{8JOfX`z%HbT>t^Fi%}l!NolAw@Q_!T
z=qVU3mY4dKfM*1JKQ>2fmFp?+npfn6XrLJb8u-u^m38!rizN~zvh?v*KzHQhx|MIE
zjvC4OH8e}WuJ8Vdzz%o&lxI`@8Ak(ge)*`DZ{Am)F*IHb<-jOZp6%+-I9j+L=9AUX
zkJ*V*hAUD6DmEzwk<5NC5!jVLD`MD{K&%@Fj<C8>;Y!NSJVtfnM?V>v2H8o>+{z=8
z)ixudyK!8M4a#!!aB=i%mZpzcG`YHUPyN_oJn1Y$XK<QgsI$(nGzSdRsdgPcl&KOt
z<nw#hLB&t1>G0~_TCmZWk9l$q=40li9q#K3$F*sV{>0WRcrIpK*Ld{1mo&kY%z01h
zbkGp($688_e9ZOLn2$N<3YL%gdpDMk`E50&kyOO_K%6MIPd=vpcc@OKa9l+zf!V8)
z@RgWj_i{6Vs1H5_9?D^DILAj=G3`n-p>C?fxI<(a+mbK!7Ik(6e4r3bP$2?i{h`u8
zthXrH5f~ta<KAc`5P7$JN(yIP57hMsaSvV$uGRTnuz~xbw#8<?04Dv!c+}QIS*Juk
z@yaKbfo)y!)0Kow2YFUK#v!h9xvvr9Q4c@H%4-uS&%ZhXga;UUw&IN|3DIsd_r<|b
z!T2>&Y6ezQs`h!*7+EVmVp+@uJ|)?kQ5)!t7s`Erpd)$K=sJs*=ad?oi}DV>$Wck^
z3@>wFv2kV_Udhg=;nl*)Q;2`8G4Bsv$~IJ0=VP$=sIl_5Y+a!qc~qx)X{FjIGfy}i
z*E-(lV1;$?9JfH!2@g=JO|6DruEg1^WZ{(vW@6xf#O)OkjBK1+AYS=|+6z8_@v44<
z!)%@QOtt-fiLCo@QJBzc8S3c0%LJmndOx`RYoRHjH!p!|#=R;Eq&N=h6I-*}`NLTv
zFm!wfrP^sLA0o>EtIO~EA%)0t1Aj$6u?)Um(W*5e+B6ft#C+cl-al`?N9?+iwb1FE
zqVkK4`Qtye$X0nvftLmKVr-3XA`rD7ur;{WIuDdJat*e#Z!xyBU$H>c4+j933>P1y
zQY-?cEMSG_TYKdbd1)t?!TS|=!}|?2#{DjB)(AxXr7u#5EVmcz1qJ8SFjLa3fM-0b
z1pfN9mc2grh)%U<E>Ws#@YkSAlv>@1w{iQGm*Ro5*GF8UG_BO1IeJ~97}PI<(J6I!
zGs+52q;2&of!`Co85Lsi2zprMlHA&(cFAG(V++PXTYIFU)edjQj>0WkyG!7@4v3dR
zTVLvuRvKvvw4{vHfll7ciE9%JPhVE^wOF>g@?~6l>9%{7Ky9LwaX}1j!21&V!>Xm5
zNBwU$RNBph7t8|}U*cdWb41ol;kdiv1Y$Lmby%58AnGTBDAndwQ##zr1{pp*%HNXE
z-`YSdf2-C&2bA~G{Cqs;15<K%S(SqjReW5h(Z8nS?2<C(1AgeE2n#v`1!l2i!)xml
zYv8Wj8%^T?A%uS?hT5So(9J`bZEpWCLJCTC9Rg@*WGS0J)T)Pc8kuk6ufY8A_51eu
zV^<t%>ZdJ?`J<{S>g@9loIgekgZU%!F2ggy`J;;E^N(x6=8t!}u>L=wTjz)lYeOjx
znJb$Kq<EH-kdo&*a{$Avr(y)6CJm%iyNlW1w39h2KXDS0Q&QX+t;!!w1(GXYLS&n)
zyP)`)`}rKentt6wU|mkYnkYnZM-1<uSC*wZ2~h(NnOW;@F?b6uf|qrLUxqxyF^7!n
z%=TmU^0I9BF)QlFbz(3^Fg)bz3hY0v6@!^bv<P$8amgi)E=51MD33TLC1r3i7)0=!
z^W1(pFUc=YN|uzFV4nPPVQP-pDzB>)+9L)>W8!z#qtr>%ZV#}W_2mxc9+&&%Q}j1U
zUaP)Y04+Kx248lVS8VDG3}eZE(T$B?Y`C#s<26Mo7k=Pw>^3KNV-Yt%Qqn`Eu!cQm
zc;=vHmz*}wF}R2=)crFB;?2l&i@}RdmI0T@7n0>ZIU*^pZ7YCKfE`whHx4U;^YqDb
z(2dcaR6Mz(3iqPnV)Ir%%rB>6@J;l}F{uL@T<Mdk`rkC3)yt4S!f{)h2&DK6P@uF_
zlvHP@K-7c%jqBlqCu{lQHD@^{+K03n7IV^v=oC?>z{3zj5uAR@a#noiBxJ>o&V;CY
zhv>{d3&)LW0vdN5y^oC!fv8i=8bT?xl%}23f~I{}7d?y$R(O@9xH`Ox!=<#=i3l9?
z9^jZAfi^iMv@;<&D?fF@@?P_p-?LZj=d_bBU-t!Gg<5Mq-V-a3;t!$OQ*lUSbp@s(
z{V3Hwtg-x`ay1dYtl)OOIXukK88Es&Sf^SsKRb8^9^S);^0ckshV&^g7k!~GYbn)w
znEuX+jllPc|2PRjsDl*;@cDC8q+}d|W$H(Rb?m7?C)Amxrdzv!yR|Ptl^;jv*Hd-G
zV4X%bu81H-5JTiENy)l%DH@^fi%^!iiv*%R-P>{t?y03TXXO_tv=*s^Xgk?XsIXKZ
z>f(FZ?7ux{<(F9Es#J4~%t2EX7k1g~$tf6WANQqHE9QQyDiknhMF(w>|1he$DV31O
z4}K*t(T{@!epMcd_ZArtz|hSPNs8;|ViwYhM;8hYk>#>fM;Hum|5sp;XKbwCSvD9O
z>WQ9|Srr@`prpHN*ec+jK|0ko8mHrOJ#IC15Vt^)X;L_Dd5l1cKL+*qPiJFdy9(O1
z;XX>WTo9L~=UO`hzpVd&e(JmT1EE0${?MMnmJFEiM-xx&M@ey2&H#gw>dW}EaJZz5
z8Y`7`$5|OBYo9W7gxIQkfw$-;N1&@ebQpYj#0ir^Cj;N&I4t}UM&FcyI*rV+aKgq8
zv~a?F@;<cyo=do2rgV4v<bBLjo)UOCr?QAa)%2H?9(G`zDS?TVud<(>^(t=-;^06N
zC8bw<TB#J;@KPd<=gh$BL@{_bW!{UFv8wRIQc5Y+T2e~Yih*Ee11EjT0|iE-prOz(
zqp^Ol&F$cmRu+B)V*3PEs>ANU#qn3#AE@d(C1nZ$Rx;L!!Jk0mLZyWfDKq`wZ^0x`
zEe3zkDb-%2QSOG=0pmMfxzY|}EJ@1B)8I~=9>{JcU5ZY`GI*CGuf-Jg_GtJMu6hg9
zs!~1LkCnV779<JsN*}cZe!5_{@Ka;K!W)=B|6&KQCoICFptmnHvdP}ZQ}-R)F67zP
zKQ-amcHw-7S8nYw6YW~T8av~N7~C1d&c8ECyB8RgHZw}A7H~?$-3X<Hgi~5fj37;D
zgUA<;V6JlTP_x>304$)*+g?xe#n2EiI)(kg;KU8kX`~nW%LCn#a?e<#zXNCLYzA@h
zlYkKpOAxJGW@KmqOh=h1E8h@^7+j2V(;6vPR-=3?j^}Yqozq{ZS}yZnxYXl{>q&iY
zQ#P-n84K=d%9eyurpxh$KmvWFOxI@kqX$^>F++6oEb`Pi&a^UhKjDeuvd@!<hi*d~
z#9*H|j?n;W9qBOKJXf7aczM69S-2TSH0i7Wg2laxqKTeFB8K*&Qyb@f1Lk_K+pFZn
zON!6q7DLy#L8aG=ulGjm^PEJVa`SqrXq5vvadVFX8*}?~frz0lsDA_ErJ_qtF;vim
z5Wg}h(XSLHvE7we2RF)v&M5eqbwU&}&btEhvN>Raj=pd_9<hZMeAC4Exw6hL3*Z-Q
zm0v#RmoJGy4}xYr=t=g;n<ORIlZcU9BuqEscSbrc!gzpV7wUxH_@L~A46wniuDPGX
z#XzxmEDn7kmj${=ifi38w3kwbE`}0Yu+vTUuU{Qt{~AAKLHpbBN^9t;KmGC!14vv9
zy3u@t(re9Yqwl|@YI0xGQ(*X4eRV2jrZk-fUC^tRQl$u13*qq&8J7*xP^y04--_=p
z#gU)&#rNQ#ty41wTcP8xW6iN}TrjPUPd*4%W=bDsWsbxeA)e4)7WY=)zE7vxCjKxL
z9uDH7pOg%^kC0_xA&jf-5Ys45uXPf6w-nAgROKXjX(!by@5OsAO*EuT2fx*_d5!6X
z5njO!P{FxsmT!H}2+#wJlj1-gpGd^u4=zGfl0^|P?5Zey7u+pMhR(su@8i{7`K)u|
z5fy?V_Y@d@7$4W^i|dW+f>`^w?jFm=wNFWRye<%5#_2$ul<8_8hCZ2w0-HpL7`)kK
z+}aXJV)@9R$44c3AFNnuKB{pO2VQ>RRr2Ef8HH{!GzJ{kj4JW<6c<*L*jw>bVU!dG
z(J~lBg+KV@9co-YEcLivkbIqLOAUM>ehfd-$2hEhp_<a^B{QLa{=ojx9<Xp^N*;mt
zyJ85@@}m8>eT>drlTP27X#6DH1VQCjU+QBfjz8#$*V<V4uj*U(Gc>oc7nz=X4E6m9
z^=-$!-wI~WN~+=gffyqRBrlD}xq@FZKr1o0pq6ctZp8p&Cr4nYKU4~)B-tSbzaq>(
zh?R<NbOh3{uO`)+!Lo4-WCOutxAfMj67aaShiYx{DtQO~_&xtIvcm9RHgVk9{+@U&
z@n&xmdAGkO9tj2PxKm92So8@_jLGi~8YRCni{#zCb!t&dr?|e&YO??x<rhCkM|r~M
z0#SQ(2d8xnIAbl1lrXJd74+}dAisSe*GV<(`(0lPL=9%+7m;5~zpq@~?ANK*l*OA+
z+g3UW>7xv*O+;1Grq`m!-Rf(s|M+KEf8;ZPsO#=&p#Jt)e_~%kmK}upYpYrPTfP#A
z8dJCaOxK2g!L0kFv%x{yzn^`Oa{HT%@%L6Srmx=&6SDXQax!kn85DfVJeWpv==O%l
zl!?K8=ocJoq`*2c*e|B>0+L)NhO%Oq<+t;F^Sx1gE8`0|!L?F|ilMPFrYSvHWo{wb
z31s@}Tc_1kR^B<xw9{rVFIb$q)4?FXrLZfe#tEy)TRXDjv5AtHw_Z|QbEm>H%wgg5
zyU#gsOW4go5U2EI$T&D9x=SAGi_sdKt(G0aGZ8RJX%p?^9le9pi@4vvAyJaoW2_L9
z^I*-Q{c(Y<J4)UGJvbc0B13+2{aW%7ygw2{NaQH4!>Y5H(SEejuv==^dv&UnU1D~k
z5cGKu=+oC1DV^?>Pnw1y?PSUG=C8k3qZRSX+qiCQhu+62m6g`sy2wM5=&UTlQ_Xpa
zKBcQq8SB>Wy+CQniw3#0lYaStVPx3%(2j65rRs+Ja6?sVS4n9}M`#WROKXX-P}gm*
zaWqoa3E}kj&p3GpfY6zL5DOF9%Q~ec#ZcpZ`2N=_O4X-0?U^896hC$g)&LBg#{Kv5
zytGQAX;f|6OQ+i6Dz*zy<K<aVTz&d`;<ep;hXCdWW8?K!?jrk?rTYmF&ZG+Fz`ECo
z^+gh_`HIg~eUXD<Fyt=e&>g5cY-cQx0F%?NI619{$!V+?)_bhQ0YCSM7-k1%F(yoY
z72K#>VG$K-<z&Yd+<v)2?ZF3u+b?g^ZZ@{yP50_*uid@U=2x1+dfw~~o;76KnyTxh
z9XL&GRJey%nC&g9h2iu=6?EHiDIB-|S~Psl(@w(2RG*N6BbwExo}=fNt2i^SSv`k}
zbXfCWG~GN5mg1DvhXwU61?wozqviD#XJhXM>O10-&sw!kw(HAYJZt5;D#ZQO3u5Rn
zI2%gdSZ`ULvBuxvRR)a65nK5S*sfEEFS46S>}E!E%}T}KJ=I2Jtt+0rD64C{Ug}w2
z`{JsZ_C3~9r`o())9Bf|q6hyj(K1JxA0t;~tial2-dCYgF~l7P(+>FMZ6y(N9BsT%
z-<v<$qdt8ZhTkogu*@-zXZ83~$<3xh6<)yeJ|(Nnns%Yd(Mo>24{T)xzO?A%HNb~{
zLjx)&hE|+275IL$zBQNF_g#G^A|XG+1(I&fTh!HOLK3ot4a)p(ol^A;UKyK7_{1d!
ze*teunS@~w=y%YC9I;hifuRt%m04R$sdfr+b<x2~1upDe{Z<}hAQc#}_xDz7DYM{o
zo$yDtb-qO^IuWn*OvLEM=Y)`=swNzdSxKQ^3B;$Q<j)rnX4$9A!5})U4whqxIIE-T
zBr3^evGet|*m(}!Cdq5n0bU+F|2NO@Em!-tHJ~noD_NZR$umw;yj&opWP7%;Q8D_2
zlc>+%g*f{0K6$_G4iA2xL&q1s;wKg&dtf~>IZ1uDmvzKOVS)74pI~q#ZnhB|DPp<o
z=Vu8Far%0J7)kB8p#E(NctdYvskm79x-7<H;Murg+6@+<p-6w>WuSRl4CdqWQWg@U
zVz2^1tb4}$L!~d>kXFj~CHt2pN*P<k;B^?TIx7a-pwCe1@Me@2?$1lB^o1vS+&Rk~
z+$(%PPp4@ca0#eOayd5YGY4Dytg#>UFcxf`9OfGGVRNe@v|MMyepGjzY6~sAKO+|X
zqt}W>+twkhKel9J2W=<^mnLiHaab}QR`++KR2!z7>)?1GeLI?o)z*IVn=CH3C2+eG
z+FDpHDG61R1$=Qm#)){`?sTBF6e=w&mok1ALzOl>!U6HhJ@ND0V(<VSIvMBAOFKL-
zsW8T;Jf0|pv*sUh67|&_(7eK1(UhIap}%|OHR^#LIv!pKmBZ*O>cP)1LHF43=h(Kz
zl59c(*XPPdi<b$;C0~0^VQY_TPNG(1QU-Ai?M%K$r;*<*JmSQAbgI2=tn)6YZg_r%
zJ*%U7;ObuM%btsiL7wkq6Qa#$`(;@d=b%6T<ooQt`S%5)R(3%rENA)LYz~P2D5X?;
z)WUD|DTVBo*@wY`E04#s;7*Lk!S*mmnU@G}^vOrOco1<_&T=Q78IJL2pBQoXQF;9Q
z&lL>G;I~Q0M&K~pOL-95a>0(@o#mY)5OvLM%uO6jnM_*e=rp28it8=*{q6kwcJTeX
zmOj~bcgN!H?lS0oxfXYKse=$DRO0~aLj%J?rG?$R@?oEROzn8LPQmR7PfAqV+@n+Z
zNA<g0Gi(xiRUjm^M+|-@5K@K&94MoXg_F2#kc!rfwQbV=Xu}`8I2)7eUwPkvz&MS&
zcO6H*&*P@^1deyfcJDG>OD2MC_yS$Fl=nYH%W`P8Wg;ZgL_E$+#Ql@Fi5O7FL~L|e
zCc=|e3iive4>ub2;aa<Wkiw%q?wk_lYn}wryqLr6!&wF>j5>aelSi8EAkr5dT$hp^
z<`JRo4#OP(m|&XYZ<smW6LFH_cVh@C8R|zP-};o3sFALeMkd(KXW)MJ9~12R*-g<-
zBvhSr^8M`Oh!gV=4mwF%sX8-Hr-O$0<o(boW{(*A<G8<FiKji%7Xt-(le+k7w!gg(
zHyYQB%}YD{fHfK5emgGHnW5N;nmojvmv(YqQlZO_=c2<|FCTCc^}#H(6v+&pp6%=|
zy@yRsp<`euhTOvq#nnzirgJ%k*-@MI#|@D@<Tqw09cHNQcTlR$tmURJ*KYU3U;&Jg
z(AL6;q$Je5D6p6Ja=c>G{)xe^)Y!Mk_+1R%NYP=ob+{I1$Fn}B&dJiLHk_LFcRD<G
zH|)?cbqYLRW5%D<vG9C}#Vys}a#;Llcdc>0<-XZ0--B(YKKrgf)G@ajaRo6%Yj7WL
zt!9Y8%d|p|K>NEu`&o&(P~v?kG1(N-E-3U36nfS;Pm>of$>lWO2#T&D9Qs4exRTQ1
zS%@PaH&Anul6P4}Zv&0dT}*)NPJEO3y>2?y+SM5Nf?4t`fvBF&$hnro?`c3K!03|~
zw-6un#CxrKL~r&u0@wQFn>}86uOuJIDRDB>P%?+%#JIILdFb=zZaR%@mlW6h@hB$W
zK4#}`2ib07XOuosouv2!5Wv3}=X;JjiTYhSrCMQQ=Uu$=F9RgGmS3ONRVr%YkQCQq
zs6-BcF?nsOlMr@)mojZSxFtj1oq?;ulk)mbo28+rGj>X%?@uYTM-06~2yyK8%I!SN
zkC5Mnq8UF0BsM#w*^U4vNJVS9=GHyG0{W7jsnf^-Yo1Gm=d~u@QX61SSuvGgn821Q
z-I%*o`@BF57bXNHBCi_$8v8(*=yBtoL^yDDk|gg|pS?@xrw*QhSpXSU!q8CdR%$=L
zwz7cT(DvnrP<>CgJtiD0*ki(Oft?#v@3eMxJc7CZbLKgLh@mSTe3JysG2-qkh4FQE
zOPV-sCrmd;;eaP8XN42jYNJ<)opQkkzX1J|$YQg{GI?xPQUabtthY5Tr;mf7zQ8v=
zkWF(l?Kd>aog8BD1>;^4w*Cj-?m36abp*H$9&upEt_L<@3JL_}%5@qDj$_}%`{b|T
zm$a>AA&@EjCx<|;@+xgzt?eAAnxCOl?G^6NDRHgd<<}lq`92xz17jp5>$T^=h*bq1
zlaz1RR8}blug3Gk_s9D~TVJ{syj|`u^j`<_S)hxQaVe0-=CRd<s$V{Z8xa9dGGCnh
z7ks|y>d#$ub}GQwm*)OoV53iY(Vdr83BI3SDFlnYaF3HPiHGjs5{FqL7iIk`3y65-
zGId8c+_%I6Vz3eg<M7L;{BkWjU+54+Zy9!SlPUoVFIxUwS9qROCysx8S0ny@u+|oj
zQ=3EKVD$M|D1Xl2P`fHRp3iiG6}qb%FXWZi;$>*lVH^&+!%8C<Zyi1Yzn~1!i5$4!
z*wgKoYqg`?zAw6qMXt^=dz-WT&rCv!hYEz`f*%!Ed&tRc^T4A{qP9+>RNH6a%;zlM
zpUG<qG|x*riC;$6Ovhl?Nwwo0I%TiEHP>MWK7>_b`gOAf!jC!OSt~qZwT0b^rtfkR
zbyqrDCjQRh@+*DvG5VWVUZ-}><Oj5G<%f|j<SftVMu_^)ICiq7c!WTR7`hWT2ru9g
z{(~+$#rQ!-3i{)hD{_`sWD<gx)D1`ZjqjpUZL7|f?{4*lJDHH(FxR$~6xaT7Xv$yS
z#Z37~-cxQEj)mWXMs(?-)5zyJ%j3EcQvA3;h_(dDRRaIV)YrOM2b1&gj^1=A2+V4)
zH?|%UgGsfPUvPLF_Y0cWM*9U-Vz8>l^b2-~!Q(ZQ)*n3+swq`J%Fyj~BR?&fTVL}G
zwsH1OC*c8S^<_hH5&M3N&7x+yt{Eqg!WKMNL_2-EPHp~syc8-8bl}U-!-0-`g>G}P
za|uyzLfNc|?B(aSKDZ71jvpn()fAenOem0)WGSOo44&Yb3`^==<rH$D+dR-+`O18D
zZ`4<WkjmHibxj``M^nV$40s>n?_b0AyvvWMu!EeE(kmX;8n5@Jl%|zNTAOivJftE9
zyMPmxIeK+s;feYuZ${zC8?di|0^1b&0J_yR*4-Uv_)1Z~O{dync8!wiV0s_ihCMQ&
zz#wU_2FZtL;jG9Ub=7S;jl2g6yafLGz^6PF5A(w7V5*Fxyxxqpfi4m|%B$Uri?J$G
zch=f{%FL80V`1v}C*|kE^U^ANDS--hq<0j4I?>}+kGBT)CbH08e+mO{ox`6|QMgt6
zhu%Q^ND8~k-W6>3zg9~{Cr0>`;qg&-^XJ3UAQsQsDh6}GzmvD)`f3Vp!qhm#&^u0c
z@u(#4zzgTqlc~%ZpSH3o*qC9SuGU5Q;R%W6_2xd=y7QbR`v`Y1X*Wj@$Q0j9ft2C4
zJS&n%9BO=;arKHaV!XMo&LjR%X&}y*>FWA4%&x__%zMf$g-#Y8z;I$I-{Ok#;1SOB
zq<27(EiYt+3%n3aQIX3)sM)yITY}r;Ff~t$vEM*%+jKt_gOOch^K?^8RJOr4F@*Rs
zQ@$7jO_|B(a>Oi8d3=nCS^kp)OHF_`!4(d6M6s|7J38=zfLL~HiKi?pa2hu`AYVOk
z3vMpFRnK*{3CDK+!6u(Xs3O!i=6}g2dq%W;);F`{1BwCfZg(R??Dj3-<u+6hJl$*d
ztW6dV#zsjBQ_XCGWO;ch&pib-FJmsM=^3p@zi>Xjm3M>cgwq3vy<0S$OI4k5hfX!8
z!@N(HuX8I#;~GiWkL%eTzd1=xe_uGx-_&+Bapqnp-;G$<MW=&G?nq!)6Dxb2q*!3_
z(mwl~B&UQ@O4au};hJ_tu6#Pm1?OXIaVd<$eB2#_IV&?x8x1}CA*R12teGxYa&z(q
zeuOcVxA0|V+_g|X^k~zDdi-&R+2go^_JVH<zTl^~=u}ct(nlltvC#rN#<XX=`Bt7k
z*6g_5SowVTQ5|zTQ=)7(F4#G`DQ3}4ShQ#gE@LXq5yAbNj~&)A7k*jEf?HsfW%r+$
z-FO&7gToVj@-R<V+y^j!S4OzKMZ|%dBQYLiS6$MXB_Da^by{kTd9T!zo1x9=7vIGD
zbG`CfNx45!{nxF~hSg|~yx}~UvBl5`m~K;V<&gsL)JkqhAVf<r@_AGNSY2rDv#RG(
zbgI2!`i1JD6sRmAW*T@)K93vomvdG+t|DYvO9xvaW!o~3rVH$yWPA52f0u82H&H+(
zyk@tP$h&i8ooSgA&f2@zNz{}ZD8;qKT%A(wEqgp6#-sL0;YnGKRGWNe0^g#=_f7EJ
zPLDeO46k^6Q*Dmz%JpPpI^A^epQ~=xsn)%k`_E;n3eTQuE59zrqi(yIS6$2Ynf=OG
zd%wYAOeMGQ#6Nkh_FgrQUw#0@Zn2%mj`66k-OPB%M~aK9?fyBG&skZRK*+LK2IYXg
z0<(2KkXi>l``m3tO=Vi<C4L92Pf3VHOE$j1n{i1DzHRKy6yxZ*r;g7uu1OuA<z~U=
zvvd$lpQW`xNDeEN&6cosrzO*Ab6WCYAy*o?+8)2=eoHzmdNTW?-x7}Nu+vG3n>h$6
z`7(j0Rfe;6?{*UPrjC4im%=_zz7+27k-(44R#%s^Hp4XWKJuO*z9FDh;REswyIQsf
zbt}A@pR#W4QLng(oxh341SE5IGgP)-`GYssDK8o2^BXMxUET5wnwhOMvd2qGSD%dj
z<CXYj9DX$EMx7-@g-!;pW=EsrC7v|(DF4kXZ`a<bVu!x{H|kVdgqc+rP?fsf$n|pC
zMHrsFt|nwzN4$HWhEnw!C_WtiY7KwkyJqm$i#%L3yOUu6d6?@MF=Ma8&>SW-n`T*X
zQ);Fuza_>p<%-|!l~1s#AD#XVm(0`YOh&JFvdIXYJV{vzWl>=d<9dS@MtqqGf#EQT
z;NIX$P?2TL91RMSTa{LI=GXHq%~%W$s5WvA?ycteZ=H0i-Bk^QmxD3;2T1FlYD&{8
zLFKxF%H{jz{l0MA@|{i$EG-e(P33JXDJ{7f?C3`9kKeHiHgqx-Gjwe&rFa3UwO)xf
zlQRXo80*-}F#j=H)A)}*!2kkR60U(+)lxA&;Aa>Ee!ioj0l#0UGvL9QFb8~*(;V<H
zHChAyNoVwczu93M@Hq|~@K+75H{Ne>*vEV4ZBA0$3dVc#Rpxj<{=1W?nb+FJd$u{=
z^VO{pYrHcbH{o-+0cYa4!;lqMLrY|R?9N$TVgKr=BW!y&{pg75rpDB6frG1AQl+70
zS5-1KoBL0lYE3JnHT<k@Y51E%LBsdstO`O|*6Okvo*_i}m$wUivm{VuuIffs@%=xj
z`oStT-`#7>nW+_sFTE#>QIHx%;8zk`L6BRS?{{&%lc?J~EC}+ZwO3xrb|Y@Qk#Cg`
zbg-SIY_>sjU5!qe7-9K2+LT_-%2+T;NifXzT%c5yJECXt-M<8)t*T~rsIa3>wQ1GX
zpbGrc8dS?+Q0?IJ_r2`vS+7AeVmx?FzuKjvP9tIb@TQKuy-Dbk#dy><#+#d<XmhAZ
zGJdP|@ZUbE;cp_woBNG7yNoxF8gI&sHy_oS*;1A2wKqlE($Hb-Tc_FjKM=32Z#)d6
z*E?2Qi)1Ndb>L}l=ET*oNdB{mQnfJI${ssV!0=_uSor5j5P&6Ii~LJ=^7Cqud>kjw
zf(@*S6WXX6O4BxYmB3GYagEk2mz@>CQzMCz>;s$K&7;2PVi`zD(4-tZAB2(P{+?t>
z>E`h%P`YT9L(2H6@GGtNC1`UQSnTG&loy}x1^vDPp4-+&SG~XbGF8(UTh)uJ|3}q7
z@couf*XvZH7b#Ucz+Xq;uLSsO1<!zX!^27*cN{2%U7dph$+=$&PaQ9?T+PjrYitZ5
zIRoHfgY>eto`dJ?%;`T|9Q~7&0*f>Jb-$FdnGn(s{#GSdHUnRQr_)jjE-7C=;l^Fm
zG4bcbms~}U2t@4kZ_gaUC<1j@_74|F|BM-;M%O~2Z>&PA+^o<qk{tA$=D(MkzZb2_
zA1;pGD7MP=Nbt*M<Co#$=wIROAgL_qsUmz)-s#_-{TR;4^^Aaj#*3|jo~cIg<7qcI
z0kzG=*DkfdFo+aRxM7=<^couTCA;g`c0XQ^5x~)O_ICmN%`U|5F$n&i!v02_rty-}
zLxMlXN=lDxL~fFl9$oS7B}wU#%JH3gB(r6=(jy67p<Iu|VlKI!Y;|G>4A*&!YMY6#
zVe&#aVfk-1*37s*d{NFm>d8LxhYpLcZ)7{(-Cn^(6t1A8j(nZ8{R$QflDtJH99a4z
zR=T9fD*X?mbQ@ke-z@zME1mzURr-X7m;Rs?zo)}2-JO+w@@1=ZiBY;EFI`}kPGF@+
z+c=qSl-?1~Z;~`iA43tOUuA3MV@ByWc<Hfb>Ho6Q*|yTR8>QRw(&Nq23M<{rRyx)w
zy-|eHtlRkqFFh<N=^aB>;a%7B!uicv;i<O5X_AsYB4`!<$|&5N7oKhv7N-qw%BIYG
zuoBslGTI~g7=Fz}&j_C~%rlmUh;rE#U-9tQc=#(-Qn+%$x)~m(@`q%2m~LDL>I*-c
zhzI$>aFk!ekMILSpRj<%dW-@Xk%s{o^+^A0ia>mF5&TwGM0m_53j1gx=6PkieR7#S
z^pwzy9gHYLKd#(uL?V808<a4Jqbzer$4M&iX!%?>3mHk_^ut}5t!sB3u-x&;5P?XU
zDJ>shmk4GY;la4P7))q8H3WQ-t}$#MRlSY{<KkWHVu_n#tovCde#B%se(^P7r-E6t
z9AYp%-t=MeaUu#n0Bs20<B-0nrIZF9k%}(qVz9OaKbju=xdq>CRX@H~r_#{P@;WJF
zbHFR%P5s4q`;F_aAq;PMHJbvTxJIXH-)s57psz$iFo+OoGkiK$u8d8TPhZ#x^-HIV
zbQ;(SqIl*yw(5?TGF`QUf&B$_*>B0&kC&9}c<hj`V5J$(cSsjj8~j)4V(@X~zse~F
z70!RWdLXGj|8b1}mj)yMeO594KX0#7_01&CzZ}iK&l9galPI6Pup54r&YJumxL&8e
z%#>b(u@C)bAAXE0>y#U@Ni$e_gzCAL_2Gjopc;D3$>QO@%q#~M#6X{t^58^)_%dq6
z;2{j2rrbPOApVS}-KZr`xy8^;0wKXtcK$GD%H$*>%4!Qjrc8pr^cJAS&&Nxdh4Er2
z0r#$ZCQ8bHL@8sl`1UFk!rP_6Rp7;5q72|BPh8wHNnAW2DOWC)x0I^RQq5Vkze&-7
zCSBKyq0PAXC`}SWjyNDUS*l!}B!>34z}T)NF5X;p$sq>si6aE{=aV=>l&f<Tcg7Ym
z^cJoRbVndjT)bHl7yj;(*Qr{2=E^?jBxE`sR6)Fx>vWj^%ZfHTj6vn|q)M4_#|QE;
zascI97$;@M{R;0wa~wS08ED2nga68kw%G`Dl``YLXn;T%34CNHu+2ft5tS?{%UEiL
zVMq?gSikINVaT0)eUN08S`cHrl8c~}I=h3F#@D79S_;)+7?E#qe9wm$YQR>|-OSA7
zV+G%33A=;#!SZ+hX;ys|F7>3B*MKAPK;3h$EDjv}qnc7v#3V_l+RrSG#($qwYx}(v
zejmm56Pde#U|ZpYtADZk8a!^6>q%65x8Vj@d-oELuVuE;sphD*&WmnRldr)Jm;33I
z7Jn)bQZnRjgd}3P33J!txykonnX}>wN?F?X_0+s~Uu6m-_lNI4hwmrfO-N)7)K@$M
zo(u0HB=S8zzYotp!}F&suRP`B0npbEG-2bWABL(@YR22fS=0c#&cO=)!(k4vcFl|d
zmevf$z`%GZb3nWpdfH(OFn^+yu|8XTdmSHP*}-)%#4b`X)XQNGu|gbTXX*~IWQQ@t
zIy7TLEW2`Dk{G&#Gg_e}E?!@B(IEz>Hz%a%qEif(G$%w6bCuYfjP+tjV`)W>KwEKf
zsU$AktiJXSHo`U$b3dZQ$vau;pi}Lg8rykZb!h^J#Y(?rqBYa6ZflRlzZT1;d95eQ
z^N})By!{1I7!xcl93{!8c;*9Df4<sM<nwOa6;AGtn@zrq{o;&L_hvD4p$X1%Zg?L&
z-h^@CY^Sq@v%Fdi9%@2JXsbB&J2(D6ltoSas1)z>yzBPY?Yi<9)^*2X%&v1ZHM(x6
zo1G5!W(<rMLo*P2-t4+SJanAVWzSbrnj<dmgIy+Xl22!smOD#TXVI}HMf;m%cP$e`
z{b3j_uBu#>B!=2HBgC)t<h@qOd##8%#9&f0LW-zU3|`-ikQ~LW+?BCO3|$RNC+M+j
z#l@xIaX_bSO=O*R>5@HvxJ2On_FH?MYJZyd<FnvcwqI7Ezrr(c{o)J9y|>m$)OSy_
z0rN~Hr6u2H5u$l;XA1Yz6LhNOTrlJF3Oq|z{C)yFUtxPr)T!3iD*pid-oyI+UU;_R
z|7n$4Qk5-!o>r-Cwm)O};xG)-ws#St)l{4J{BF1pC*><j*ra^LRXQ!64h6eI!QZNJ
zCqfFlMy$a^xj}23#vYp3XZ_OVto`RsI*Cv0Q!0gBi`L+u>-kpPlSn>cJbX4l3a9s4
zYHYi8ZL8BkC3~~jwp;5}PEsu6u1J<^jgzRIS{gQK+9fL=wg`tunRcjx#X<Tda>w{F
zozjx8vIvQM2k$eD_lwR`TJj%w|304Aa5cTpxKxgLxjhCk-?z>x4VPi#eadjjClB+C
z^(il9`($*d$8==?z<j9|AGKa{^F`Yj#O0NIN)Pm#v$f*$b?#GtIp4h8u15ifI$`d&
z_5`)vmpIrc2kSk#%qy?uh1YVvIj_ivI}$d&ySB0K>VKs9ta0wr`uvsewC1!<d%pc&
z-)TST_IrR|jxJxf@C>~U{rha?>lS`kxA^bWC#rv~LaDkv9_@0}FQ-upFAvu9_#;~d
zY4=C-lbN!rw?GQr!BR1_vJy{@n6~)tD=b^A322LF^%h8uIAbj{#<^})3|(X(8ZY(+
zYkb1Vta0EfZjE!~wPNrHxQU^Y;?%hU`y<%DlCoiM<|A9xu5V>k`ydi`b?jYd3JBnV
z#1t1+iZ@is<tk0EO#uZCHU<2{$)<p<6_jfCR8gv`tr6gIV5wmMeBroi&B<15Eo&$(
z84fltmE}+SJZ>eYopN8Iv}*q~Qq#@Gl0XcOJ4dN@%Q=32s$RJZJFTKUp{Q_<N4y#@
zw-3sFaL(Sp^~#%tzk|YKSpCKG!P5P3HzAr<X|tEbU%~q|@P11rrPI~OmE4|mIZbKF
zhtSZTw*71MXXAIRoYIna;rAQtc#asFUc6Nd&11Wm4DUkZN4perKf1`E^DNMr4s`Zi
zqEsDayibAmGQ4N0zJ`4_e&2VB(vnx;_s=giRDZ`RtNvJ{es`6*A8ybY33Mg^okuP)
zl&tkF*!1Q;M``hFkk1*IA-=7E{+7$tdHnaYXDN;RY2bfdVcbJ`lG2g@&=W85P<@`b
z_@o%})bjf;TIy75iAS^jslITYRCF-gC+4lv;?Gg)4fjd)h9^roMf<ZQG4G;w>MUdG
zHeTtr3QCJV0;XC*r?so#`7ZqDl@*jm_Ng5WZaM=uPXRYCUj&ch>Kt*gTPr=wYL|-E
zN<~MrB{6rSB>$?Nt7w3M&Af*1nzI@bFHl<iF)(lwFz~^7#@}1~=kiKmKwNTlj=03F
z4LnO}@w-s?0}$aD+r97E1;`+axJ{X2L`0_X?HxA<<S7+{6IlZ6;9dfeGV<JoDLlU*
zztR}a>%@@jH0$nMk6XPujw3gmF2|QrIKA(GokSIXG7LxIN^O2QrNgHezX!}M1?IM#
z!|}}d`jbTS^()^sinsV$#_a1VZymmtR@nGTvGFyz1?MaAw82;LQYTTL-(chGw{pAv
z6&H)S;^J6s-1!E3>_P>l{&3G!f4GlSbRgR==C0DVgU7H$%oUf!YMJNJ({ziA??P;I
z=oE3uUE1#zl&U12M<fc$@l57C2_2-HnB$_JX`xdsubfhKhsX;)kGImeCbNQ0UJ%BM
z_TVW>)djp@u<I#GH7~sSz<6~8UR9pD9KPmw%)ok~iIsu1qKPd7OANm5gg+c&FpsIk
zuOl#3>W;^aRH?V|itdirJkC?4(p%I?mHKy2m=L;P5GUo4rx7P{>4<u%Qm4h>cj(V2
z+yrd}Yx;>hI#ue*W>%_HC)@dQUs<A*@v9gd=jO+1N4hVYFV(9>{d}pCW)0*^z0izr
z0giW@d-ffh8TnFg?bnTbsqALB?w!BbNs8Z$A*5uF&&YfE7KXu6fl|#Mi+E#_;*y_0
zAv%W{LY#>$>!=OoLfqM`ju3nH03qfyM<HG}28H<S6AcM*BSH%$9PPn{xFR-Mh-2LK
z^34qSy&22pC&yk^e$ATKm*1GC4am>il*@0XiB}YKH8tedZ=Wf@{TRZG8});e6i)~F
zEimQx3=G%tPD-^n7s}74q_i0$5TEiNw-Z*2N5tSojI5<^%@c?}Bj9mk@UGA;&R7j=
z$9rM<zf}x&$L0S-4=f#bG>5-&6?wQhKl$cUR$$B*0|Cb!496tVd$~x!8Xzeyp6E%+
z!G&d2{ZPQi4nndk%aX)UQVRw(ZNvhwUMm*RrUj1$v}<9H1w6{}L;|giSipp4Y+2b8
zF^Xy=rTrVZ0t*LtGxoB328vc-BpZDxG50jjq0EW1awxaEb($luRiA2ZB~jkjl>34h
zuPPE8UU@G|ro^i<{w;w0kd*e<<_cI<=o`XBJCEgBzA&1-XZe!yKGqq*dqBJ8qoz0c
zViTjvKo2R?wWm8euw_!FYfg6z?B%+v#89vqZ_k8gEZJ=la0*J4BbSN6Kr`T#in5R8
zDt2DvB*jxech=o&=uY}#CsDf*O0_LcGj8I|_(KeJ5I}avKs{PB)cX~qKzVA!;1@cj
z{*33D5}`7!7DIiSvN%M~re+-Cy%<ZKK8ayLB%ks%Q=$Hzcrmn^C1oUf5vZ&&9h!w$
z%Zn$23I#k3=uqJ#ra#G1p(H0h1w5wyJlu@y&r{7T{VB{r-HA7J=WaJ9Ki(uM?H{~H
zAb$A->J1{(o9Cag4ItalcxIR0ds1KnEhz>@Tw%0qB81825HZKpUcr*h2Lj9C@hLyp
zWV3|<<oyrX%xAKh)TnI45UgsMeD1&vpGjOkt(w-6Pp_t2K7*Uu<l~E$PlqNbpDvQp
zzFQ8+=RAgMw7E65^=12Oa|EVFQY_Q|Y_M<gpOTV3d?dn@sm~o`y92#3lNe2v7&?Fl
zecB()76?n{^wpU63Czy6=g)3fg!!{m7a94p>Owqk{KV&&KRc+IP6rK<iq?#8;2sK=
zKijnm^JjZ3V)?Vr?PW&eTD<Z3aO6jGJyI4jHoX{6n|b`kCm-V@_LRC_h#Ik-ve}YT
z%5<H&n~zvk44sYPBUWQLO{&9fj@Y$g@L&wHF7j#wGLD<H&=|3$=7=r&&PmjN)#y~~
zKu!ENE3bF##Rl_wzxa=ns6hvIU8+5=cYiF;>z#a&QuUQs?ijt)#D<^0VxEtXoE6he
z9H`(GjK4n?I2jr-V@>_mN!0RcBe&}o>wK}r-}DO&^4ApjJ51{Hmu>L((FID?gD%eB
zkFj?Cwj+PwR%j0}Jn!xcoTT^_kX*!+oEO;32lkHCvh~5Uv=-L~1FI?3c3)!0fF9;A
zd&A4M{H2$_9Kh0d4}WctKVp(U{*9BUXD;bfdzAsUsjc}(t!pTaY_P{u+B@zNSeR2A
z1sx`@V(~zk<)r*729xoW)`r4}q{N-b64=Wt_2|5(&0>(4IIbB#iNUkA_41*gy3io~
z5jOh&Ht6@OPd__~{;hgF`Wq{v@~u;ePPGGUKZTEKoG&F8kH>2-R$1qekEsO8|5{<@
zXP>6ERJ-zmnV-EMo=;Vpzi)=;MHObgb}2l+Xgz-e&tJ0g>Xk7pfBRqjS>VriRv7u*
zFF%3-(pT8tXwhJSs2`p;4{C&l;0h<MV!q+EuJW-Qy#-F9x-RNed!HdZXD~Xw7@d28
z&iytz11pfu*YgeUZ3d&W80f61(y7)r`u+*+VS%W@Gb}A^xrHmS1>TQl?-5rbI&XXV
zxd!vL#o#BnC0j3d`|M*z?sn{XtA2~#x91z7m)9`8FHL%tHhTCCi#KQtOG$02*HW#O
z5eE;)z4fJ&6e}Q^fu>*k-q%i|&bgpdEuEcr_h#%ZywWe93YLnYMHlUOnTF?7u4e1C
zCQxWU7_6DD*>|$N(9DiQ?=&-jMmV@7e#F5P@p-4+62oEugMVTTrFK1@?&SLu+IJOJ
z+@MaL{!xdKr~k%pIxP;fJpF}VI7!LVtm9XF<s|AFBUT`W`dwrJjWad1RO@lk*dJ)W
zD+A`yeT6Z>t%XVGP{K+Yd<htLez{hge8J|IbZqq)_b;W32ocVFkkD?OQf*R|b<c`A
z{t~lIZO&7wy>ZbTKLz}Ki}RG?tb_B96plMH4|gnMfbr&)I@NZX<Jjn5DuxbJvi|J^
z?U-D_+JV34ii=ft*%S6Z{Qd!dsHv`{+5)Z_<?wJ{Ev4SDKh?`43-YgCF}FfHhruYH
zC)HcDMk+d%Ey<g_Vs4GL@f@W_P(nLrMH>EyDsRv^uSJZQQc;;jhH7go8ZN%K(#DNZ
zy!QXc*`J3;QEZRna7|ApgeCT%1V%-TI${vfM2R;Ma?L;jJvvcPP*hM6L_iRi#EngF
zX4H0!;sy8XuGf86)P#hvZ?dbPpvc}$*q7{`dY^MnRd-L4`+2|5?;l7{SD&gnb?VeP
zbvAQeE$3BtMi?u97EYcmEzTg`Kk5AaW34lwXI<AIZ=+wX@2P(v%gA_>?k)U)m_C%2
zZ!*0~6|YVLX6~zpW#4B`K7pCN%#Rx3|GnmWwa$KU-Ctm!;UijnK_=dD7Y8$pmPTiX
zJdo_voY;%Mi@IUScDV`M&c@0{E3qI&po6SA@r7k2)||-hVAq_`;(hCG^0MRV%vALs
zvQAZDK#Tj>KfG+bI(cQ0epk9y$`nz6B17iQ(r09<y(2+?NbOpbgBt&nKHNFm|D!OY
zydJ4EHmL)JM<3Gk!y*1lSYJlN?bKpXkaWn&ySWU<Q=!3J8yhS;TD+F#Iuw52iNDh(
zK1A(D!tbjZEc<pJ^mv;2cg+qaS9Ej=ZKzX+2mLfx%B+9d6<#ctmZ`=2?z<83ASOIH
zm{Fup52i=rA3aVLWrhcHko8`ejMF{xy26arbu`^M9c@SGy&?W9$VcgxMV`=`JKECO
zv*<eUZGa}=M_Dbc?7s>#9)Q+pdBQu)j<y>Y#)Le6)wycyOAlj@&+;%e_JN17cxg~!
ztRVhvI+DV6EuQ`4C@&-DwLuAaB`)b~=iAy%WxTbxZ{Y~Mh?z80R{a=?mtlQ}4HZ>C
zW_K2mrlHanj~W|>we8aO_w%xFsp2WpH<wNiW_r}vkLc8vx}hIn&*Q;LXc|^ByrjuO
z3q`sthccqG%tWE7_wLZ*zKi=Itt|<uT?Yrkxdp%x18BdV9;BQWo$v|IxelJNbId6n
z3DiM5vqf!0-#%WQjJ1dJMVXON!A!MxK`<ZdRr<%Plb2Bm;_voSx{gSE6dCT))o69H
zO^~q^nYv;uCY|?UYVA_g39&$VSoebHb$LYJZfvQwcuj97o@_;}#m&AVkHP9@TGn)2
zi0^S(eQ#b)8?Lk>Lt)IPKD80F-qH*rhY24mOdFf@FSoxcCcduCI#`k1&s`3*VxQtF
z2dbXKvR1lsa=b;EIP4p(AMhG&CFrNUJ!H|+|I*4*zkU~Vg+H>kYGrvhyrnQ>*<m>S
zrUz44@fljYIGCcvlgS#08OD><=r64ze}AD|89==oi_^5YLN;G)uBg$a!t|65-KS}B
zkL$IE^7gxe7k;4Ze6ldat)MDu`j$keB3b{>wf(!x<k*BO8%-65F9%%x?Zy=*R2V-S
zj<vu^i`Tp^{ZHzQl#`a!;Hdu53HS46!+_^Y9DkrK@SMl(d>bp^d4T=CKpz#%Fupxu
z@q+lMU<M|Nbk{S1_nEL?GK}X$qf8C+^ya(c8xOnMjZbWs;k1(+*Z8*467kO{^|aV2
ztLHXyZjP{A@<ss0dpG%EVewer3VoG`z8!A#*>wTTXA<(uJH=>M7G@nJAfl8qK&@DQ
zx$E0d#ZE<V#^QfsM$q3nP<<F#i04w2JeIqre$R1YDH%9_w2KLSKcW`|b6hP$$La9P
zaWGZ$TI=z_m^R?_cC|mf+r&D$zpHi4t72;cZP7=)d8_<{dyVrQI*lD^;N1Kb?;|7e
zw27D64AuOkQLGEDLu)c_#;*1zka1^<Q*e<uW-@k_A>J)wlUq$}qsV`sYF<Ko+Z+T6
zbv%2=^<K;$dx@9oq{h<@LyI^gCkMHu-=)IP)2_o)q}$c<6nPDAB+qIJd#M7-D$D}p
z^=NV5RhM{Kq-<PJ3oW36jt9fJgHqJ!a<8k9>0g*49{6_m0xC8vm^W6DNA4}lWi6)K
z!#TLnqk@@PD<gWN7ORfvdn5XGHTtE80`*4)Gx6+mIAMv$=IVGP#=MfHi+q;oTG`)s
zvac6eAO(Hv%Od(t<EKM-;y>Ln$*$ZM(RUfw*IAtMoUd}(mm~4)Cx#(DKj|y+nf+GZ
z*7!_TV_%{DyUuv#h{etK?0Ti~?5ts4CJHU)!*kbRURLvktyg3p9qMH@Z`ynU%T;6=
zgN_KKn7v72Ex*|7Fh{K{`}#QwQ4Pqi*+(tz5OJ&G=pQBMbK4E$u*J<kS`zmK!L9K3
zbA1`AFcikj2@S34C&2jLJ1oanoX8L1WvyIMP^AkJ;^lP%Hw9JY7QO6I7^^tLeK49o
zNd2|dey_NspWsE+?rlLZu+rpsXa8|$^UwzD-w&GZho*Bx{9Mg3x7fBu5k1*mV21?0
z9n`WWn-AB~)Z>RFUY@L@{7LltgZA&^>JsopIqHoY#QSt}pW9yp&a0e5ptjj{ARCJC
zKIE3csKMMi*vpK;yX1XH$rUvCidZ%b+v|n(uS>Z9_^HUtjOgDj3HkSn^j+o|&72p-
z@1g67i}7KsKkO<q-p8XxXQSO`R|v&)U<Uc7$5mgWNZ;ndU&X7=D1L1qeg&v5D-LSq
z<cYY?NvNVv4r2Jw(1>0f9BFLW*20VQT~rV|SWEO^pKlcl69uW0u&7nFwjbf;Cs2Vf
zSDi>W7m>(Ya7pXni)RJgim!2`KCdJl^MP6#Z=N1Od^Z*#zMBfX%=m3bi!BrucM0oD
z%~wwloL0oMxSu_?U+V?D+=!PMN!ta4n)!lWt1DKvGo!aqC*9Tx>>dZ~OpNW@PU~T$
z9<Tssv@R1dbAa!O46lPWtt|WW=M{!j4UD7tfW-lLbt@7#d)4D%0H#1$zw%v%mzJ(D
zYqvS(<p0j!EEDgz^kKhosK%l@<v$%|IIJ%*eyf4SS%k0lyY=Cupiy1}8=)JOS6-+_
z%cV9<l?tHA%eYs%1f68_OV#Mc1l4$(Mym0N3lmi1Jr}m88jo;P<04dz(;d~gf>h%r
zWePLiGD%n5*IG4Rj>9@~2sC4^Mt^WLV+yiwr3c<^>w%*^RDC-Bsoz!tpSU(LUCqr2
z1*AHY2C`%b9@}LD<*_{o6BK0^5A;&Ra%o2@lU{0h)MyK(ie1plD|1Zy9_%G5JH|fl
z=*mDiA0LWPS%Ynw8JeGj*Nh&Sh2aduv+wm@UOe-EL-j49uN$vUUS#JWOc8;ylY<(Z
z@tMYOTvd2srz8w@uygRQ!vxcmmk<L1Q(Rh5L$cK6u5zjqbxWp7Pbo}|u1KNOg(Vk6
z^mRrj)8aK}I{EMpyXEMEH2A+RK<sV4fX?x<p&m`|9-q@qVGN^B-b8VtuC!4pIXe>1
z`vKbN$%qqxqIzw6ZWcEl-Ro#DFH%vpUcj5<Y1{K*b%qAi*o%|}YFWNe&C@!_T#0d?
z83d`SIG9sTLe*|6xcN;o2~|t9xbG4y;&E8hhX(^FMn&}L!I6krl%>?}B9{@0TgE;U
zHZ`bo0jiA@(GRQ9F-~dt-5^Mz7Tzo)+%I>O=X9@(lIrjKF4$UtI%YhwhXkk`jGe;3
z5smy@14fraR;v=Y1Cw!5RKYeyjXnTVAKPr4x8Jg}VkRdg6#QBxD|=;97E7_i??{p<
zDqHX*8<9@8!yB{>4OoZdDupa7Wmg~*7!g1eNA!yqVVJaD=od5mg0`JMRJz1tk2H2O
z=e*+Ue=t^_;g#_us9z78gZH!PvlW)L)tHE$Hv@vK_;fAaFDO)NzpYwRvN+7|x3ah!
z>dI6R2UX?cR9!<7_lZ_|_=!YK`XstIE}4+1J&Qb%>3c11o^<l-`hgH_UZcilH*s#h
zDe~OJ`yM?{?0&4o<FYGl*<;BZ+sxQ%y7$Yqcplc0ND;omrGJ!nhC}^983zE8?`(im
zBl8*68IQyBu@+m;z7L+6)U&y92Rw5pfBR6^Gw9*@@Z93eFB6^%#dAFG=(!2IGIoD6
z3E&-}**KAp*Vd=U!cim(4)*4@I(<8+(^al~LfCrGK8u&ub2YZw;=JNbpov~E-%=*#
z3*&ivx5dp(V!px^N+Qd~Q$>#}7%T4rAAe<W?zB5tn6*;WMB^3bLZei#3%{gQ=NH8`
z7AJ>GFY*-6D2lCwKYM$MZ$Tb1#wlZUqbOrFJm@z%?Y1};UI<bC&V5wyZn#ViyMGtH
z$Lb6L++Q`Xx$DcVLnuqAmA_`L#LH#}#E0~fzBb3X>sJ{~`z)-Z`f^h%yd1RYs1Ho`
z6!&DYC@1z)@v4pMC(z&ef8sU!3Q2?;-2U&BA2ncjchP|pAi>j_Umd;QwNt+T#QnbF
zb-Vv(TmH}f!*>7owj}6B&LL>b-042`%%xO)<;dAy2VPmW9#aS!$YYatS)8B-#Qhc(
z4KXga$9tqcVLt0baRz8KbFXMbhQc45I#D1s_J*mQ4X}GPx$4xf4555`(Us&4dZm{c
zwZCCPQD8);6zM0;8yjT%ifjOK4glHF$ocGwu>E{D&|6Xbt^mqSA*=~i;uoreoy$0`
zU~!akQXh(gnPv|+{y{ztd6}_$6P4qARM=rFV$e?z`kC11YHt(OrwPodJ2cF1<lKJ$
z7c5r*e(v3vkT2IjvxNCpt<<l6$|ro}5<YUh%-H*Di_H{4-d|>ZVCy3S{^wW7Zf|c+
zoX^C3FEhGr5)g#EUoi&eb1t-h)jj_reT@xrsSUD=9bZ?Zn;@3ugywtcQqH`u)_s4M
z_};vs){gri>&&RX9V^UWk7J!F_}h~8(*0C?QQBuN`rG2pF}y^L_Vq|3jk?SIYLO@v
zU|VXiHq38W9!87jU7aT-@qr+T-`dm5iu5}(i}Xq9Mf%klA+_r*IUtf7AO9dKp2-gX
zKz4YMr+Bic#&~JSOEoF$wD{w%*l8UZ$T#{TS%5CK@saC9iP_=-T6{We%Hzg8dn^v*
zXy(_8{Jcf_NhCyL{a+SGx-_F`YTay9{bli*XW)$d4*n{yI0CEITPlew3$r$wH#Bly
zQ31bS1WUELj`ND8@Yn|)uZOqm;PGO3%z?+>B@nX*QYb*e=Zb^>0AAS0xzTT@#q~vI
zCjVdl)0%z~RjwxvP&y9Ox{MirS+278>pD0l$gzLX{X&XdtLr-^*dhH!NVag0zfg_#
z=_FR0<h!0bS~a3#rus598tP;(ek6Xut^G*>d+-do?1N$1$DJV+u-i}pLl@&B{l*Mo
zr7O~}wKcG7$y&FPtaSq)SD10uHqyWfJ2|<VL;P0}W|d-0*&$T0Z9b_qJmYIe1Dj%N
zU}J>_RuF&BQNddB6IHNYUEH<t4RnO|g|5WH8y98El0JTnVei{DTL}3hyV&-(W{(;@
z7wvBsTzR@I2@>}m3V;$eI7N*`yMW#`n5v9Fj}J4k$~fA=Fk=?k&tOU~3)5LO{PSx>
z=b#v5YH?rk>4;sahlwz_J0kkH-~_Up{rsmTGqjN&23kU<8vUgs#bEp4G~u9$$?D~<
zET?aEv~`64I6mo5q{yPXYV<`kIbP~1IS&N9Sz9e$6A<w~J4mi1-ERh&FmDVX3a<;e
z^sufjJ?!2jvPAkp6AMP-*?pm<j^{~4FBX?}Ij;N_S==zUIHu#XNLzj>2m6_Nxm>Dj
z(w1+$TxiRcLR;42zFT^LIyN~tQmA7b7btoSL3+OjslCfF<Nk2E<qn9XH^4jbejC&_
z)YCB5l5V-L-zJr^Ob{|bDXUYX^PMWPwoc&piUj;>M@hsdG1{(guO2RKETZq%^h3t}
z&7_Sfomy*SImXPtTWeznQs{z{lRnl7u$!qyk1<k+w0PR0?p~6DLI0wp3BXX6in_s$
z`LV00(yZzG?e?;q;Gf9}T28IP7@C!hZQC5Jk98pb#dMLxbwWVXH_+1FmmWp}6pGzL
zNkXxkl0=^b!lfQhMDK!%T^Q(=6vHWs9Mkq9y-v&-^;F$Vm~jjwPI)K}`JHT1nSyoZ
ztI-!aI%i{sd=0!VUz)<7=xCpj05Tt|q8ZIw=txA&<qLS48okT*Z1`hqs}{gcH5W^6
zdwgbU@x0DgBpjbT)8P2LC9_DsI=x7Lz;%31`ihQE8-7?{tVTO_q%%~Fj!O}>9H>n1
zAM%D;i)U}nMYd<3s6Z^j{({C|I9t7Rw5m@JPjO5xSt%4Om7`H<xEdqrFM%^r3v`Y7
zf(PwodYv(0bE2L)2~@C08iihWLAaY>kmxq**hP%Y%@#Lzk-lYIzSYf7mM00j8QI+&
z>)xy!#>y}Ax(cJ4Un(yDR<!^AW^r?|$PXLOe)Y7rJSO&j6DXJKjL)F$%WnO7o$(6%
z_M~O&xlhCM&SqQBeFUB@dX|Tlv1yxI&(7yEzu>S2&duLk`e>bz1K+nu`))gvEP_d1
z?w+JA3FH063;)9Vi`ldA{^H|xZs!0@#;+ur20s+m{y_WIex#2$Vx|^eC%axJt5IE8
z|K$}EJv+8Lz15Y6E^b7Ufmalttv#`XQZ=>fFM##Wf3<kc7HOZ|Yy^I_xQO&d{HMV4
zt=ztcsQ<;{<|J<Wy&4J6hm9?+XHfoEB)nfM>QiPK>o<#?i#G#ttoB$}u{W2oa&b>m
za}DbAD_yHpaT6>~KW{7JbmA(7OZ#|=N4W~(&!FPgLf^j#&#0^xNh24w$odnR#+kpM
zE}m(gD)hy5_;Zr@xn_x^qwV_eV2-HG4J~$V!WKEAJ~x1v=B`)0Sr*FAG=A75uM8r=
z%vSn-=Pjf^4QLSbS?iws7?^za|2=te#Uu5(cIf+_Hk;V_c%f5o%D>6t<^y&1x-xja
zsZOlxnu=wxQW225_uBfD!ys(4yWhUA*xgQlqOM-WMgUfX`decCa}o<gaq!}x-*|K*
zu)E@*->wdxY5r5{Wk5lHNeVKrZN>|Nb*Ff3L}+E%6H2gD3Jz6^=NQ^1i`(cRJLFc!
zA7r_aveDw^aMEW{oI}CR81tJH{a|cpQ5!#7c2jXX45APQvC^Hdy5b1@ejWV&wW#0S
zH4F9QGcH2?_{@vE%viPzi@m@uKcz@NWPV@k*kO6r!HRnT$Y206xk>s}&m@DxN41<6
z#qSl~VQ6avf#-cRGaeGx1e1e9%~{TPD`wg7b~<&p9?kSJ<Fmz7cIJM0Z}1H?y;`oX
zd7x41?d{N6H)wkmfL-eNakSHJ2hdDj!l5!(<}0e$O!r?KWgdXM9hZ{*FoW!e8D3_*
zw6w)OyvTm|`|<x{T)Sj{=J6(5pU=}T^)h4rA_1x9JEG^8VGf!--)7<OT%@-M6Cm!(
zCie`8gkEW)`ZaZEm<5evWMNjdIhW><@Vhzdxa)i>(huPZ8MD_({dp4xiEl;`1CJJ?
zc%AShBpdiNEQY%s#RX%ec$aDZhyfLADlWZ}vGSo_Q9c*d?B5&dRU^!A7~taE2Kprl
z8eb2;tP*WbfnRQbUw#z71SCN71^R^mS6poW9tEwtYNLCU`XaMS-T#hXMtkQ-tXZq5
z(bY+eJ)Biq?@?nbD5h`B6;AEPk%^H~4#ZN!3*S67m%MQbI|~oi(pf{98f`({b=FAZ
zgSC#0X(Fnh)9x^4uXSYU6WDUv1X6<^T5H)QhVTldq_Y%1Z{6U2wOoyU+u5<3qI@|7
z<jeV;yezCwP1oXmU+Ck-RHN07!SwFT@#^I2BK<mPI1Q;?hX_|<R73LS-ls5Q>d&OD
zAL>lndW-E!Y%JLzyoi73LK>qQ9Yz|~z)q;E_3vc+*f^5M+0dkPS~^psgV548Eys9f
zjdP>57S+mW`9{ea#|ilm{iqpttZ`qC9G4dxhPK{82`W0nJG*Z(Ubu)PZ;edI?{)<J
zXiB<`61>6yd_?pa@){$e7iFql3+V!5b4NtU6H^stj9N`7+25JmjStZU1})o{IFRAN
zl%m*1HTtw;?Ho^L#S1$kYSKGOb(w2=SIokgmP~bm@y)cMn(o1H>zT>IY;GiNw76p~
zUrzR6E$;gz1ud0pQd(nMQKOIJ_0hC+g0N_V8^TgGx&eiL-<7?+taMtytHtvJYIHy{
z=4XkW>t$-}2kay7zH_}4{rx!x_F`qh6CFSmACjU*J9Z+jk|8{Phl46L98Rg}!4%sc
zA)-$YW`H=J8PO*PbByoGDH}E2Lt*9|ON$q>!mO25Z=cRsMHnNOg?rd>RMHAbt9e1%
zlVe+)d}e4DfN8E?C8lY9&lsDn#rr;SnHR|5o6NQuwJ#y(fDflA%=p(zTG>HKjw3n6
z*=<=X{K$JG$>{T6-?pRAFG82Ujl`R)7MxCZ^;c6|@#cpV1}Yk$y)2JEs4!#yVk}aI
zV^pKf;+{)5Tt@qG&Rufk8=eF`{7qTfZ(@^eJGxEOW8b*a;^r{teDRIB5UK5tbL6E-
zHC|w)E<DEzvZ)%a_mN|O7N3?u_Kud7t#;BuK+xD}ne_V7pWVD?u^PR?OB6;Ikaw&T
zudy1s?bm^v&9~S`zK0po_pmmc8%j~5i+#>s)z^V0n?ptNDG8QuT5qZ%m;%IuxvS7!
zJRiM{jLKE5x>TbBF?@8dFsw9^Qv$tDEO>p?YwyqQ3d!(l^ng<zZ=o!RJ<=!a*0Ez)
z*<qbAeuYJet7k{_&BjQ0y0OL97d3buLC+vcbZSblZy6czex-~9OzZ0NlJ_2*?^VwQ
z7^~=y($jBZbgu|y;v#6V6*Y>HZUt-wzTXP-f+@TzYpYL310xo|xt}74K%S*-^8Rv*
zlS~U+<$6~g$8~yfu&1lW{bSU!r>oTdEbhwlbeP&lWc#a^Te2p8B<P1P&8ysc$#!QD
z=Ohe5<CL$bRsW64+Vrn-cfPI-UfADhtGsR&SnV-CYn1+bK)c^A6O@A9+Aev2JH4M{
zzqhOe|GmRvEYRrQWpsP)r<N<7xOZdhDofVzi+1hcW(gH8mS7q}ey-{h5K78M6lHc-
zT<#%zP|w7CUa%*I2mQwJr6Ah)b}KMhw8*%oy0F3J?@VZ0yj1eR(gx0rB`ci+^>1`$
zNqbchbSHe%s#1XO{u4%7>eSEF*O@;yB+xJUQ*T=B_){B=oKxPl*;;?!&1b^d;m3WQ
zS8%2{JFfECXUC5od3F@~{=b|Zk9_yP&yELR4ntgLM{G$0=jJ!fiGH49J>OiCu%3t9
z_d+%Yakc+zg}Z%NUt)eH{ahv9uUR7TKC%Jnc{BZfx&8aZ`ULyuZnKL!AC|t(NLgZW
z^VeFNpVTk5xcRPa-+bqM(nn4wedKg6Gm?KId#`>JWU^QvG)qbPI|n$*WgZbv?ZnI8
ze7=_%1LonEHA`$eGw>LjDuFD{wZDJD!B17+0Apr<n@)=2_ftLj%tp`$$2j%m>0);q
znvHijZl~#HGVD+3*a-bq71%wU+Qhk(IE@J_?X4Ai;Uu~>{>c><)|XbzgD-O7i$fHD
zQ#Aw#pb&nUQIGHu2T^EuC8qgLdxtB)T+Pw-&<BZdM$$^#qcJw5mUDA!v&-+a>J|8Y
z0DV73e19AAmw4VV4(k2Es>`6~0_fRW?}|H3%fk1(>NkLK6};aC+EY9&AU=FoP6D8&
zV9?@$NIb2fg<k&+uk+!%OB*?_+7FK*Y~4f+*JDGNr`g!x=$B*8MLPMWhgY~>mSum@
z!^@1{=d}nykkXjP`qpw@^{f=S%t9Pp_G2vybMRZ3b+G0+yT{vTXfUf20m(GRqM!Ti
z0hFxvV>Oehey!B&aaDfX<sr-0I*`5>qxnnI506(TFT|?IXtF^zfK`#<{j%}u<V84s
zazvc=6-ZuvJU9c;jbckN;n{ZDW<OWUZT1C@An(?6F@0m$x6ZsxFX!C&a*3mQyoHOK
z9kmGQ4q?5Bwc*n4!54yCI;;{n_6T(0McE}q`0*B2Tf9i$L6%me_5db#$m^1hi_*8d
zvnaj0dzn%2eXB+J1=jjD$<55KXf|ukk+UiN#`&OTjg9v&8r#MD=Zx^a-NySK!u#U?
z3-3!@c=vwU8t;0e3-7}hNW4FQX(8aZeEYYKR7CcNCQL&z@=i&wBqqmmjO=O)m;j!Y
z=8_W<LQ9o|a21++d?f^-`<)7{4t(2y-DIz767-5D1}*LjQ``Mx#KIlK1%oe^;}>bK
zG%0vyz+#%SYn^%{51;GBf~}z&wK8oa6&&e1!6OTfY|(rf3S*(+SYKp>%Zwk1--{MR
z{3qS^?_8*rnwfB%iBhnW7ondgy?VlAXwaZ&8jP)32)IY9BPxef$J<I)pBkSe%YAIS
zFQKLelNCF1WW|n5nFcmPW`Iq1RqP1JiXDDqRfQ!gcKFn%&@r<t?X^VcA}{pY)KZIQ
zf06Fwh5lrrI{@Q8kr!HvXJ@$@#TL4)J#{|2Q9oCsI~KY_H6L>t%{tp@)L%5pz(!V*
z-Dv+=PNVLkQ6@He+-Wr0)!or*YLtVGyh*OQ70X0n#6SeiBv{k<qmLM4Pwb&W1mB}{
zGX&@SbPg&K^&a&(B(TzYMU9>CFczQMGd?7sE!=aq)^VwQ?oNk=7?Ki+zYPFGPwXa$
zbRQxhCfg8`Y>0n&7%Pb14Isk{cb^^ZxP<Oar^5;ZypIT;7~yI+yx$ZF?`J0AEkbxx
z3ErNw!!SgEH_cBr?)daz4w}@Ffpo#GGmYGpfj=CG=nwkGtCN>T^m{VYu7d(j#jh2N
zu68v2hD`MC#9!Y<7BejebJW9TY4<)Y>mXHnY2iFRHDIo3vF~wr<BKkw^Md%@0c7BG
zKI88N`1{m=*`LdN^~q}N3J+t))v4EJ99O3f&N;45eJBu#KNQg7Gt<#YMeSWodo|PS
zA?jDf%PnpWcf}6^A9|=9gm2(OK`!Mz`29Bf_rFDan6Y&M$;G7>r{dWno@G!Kg;K=E
z<E`ydOdx&8mY<CG7Km-w%+**g=ey4GyWOxKmM_8YlAZVW;CD;I*xx^$-#1l?@7~4l
zsK2vY9KS)k{*K>R{sYC@3~}YDqP$XtwU|ljhKa~ZFC49~(1=J`>V%033;mc(^=jjH
z$;8=wfyGBwo!ONVXK%erVdaHXxLuj3FyqKKEh2GtqvgsY?ZG~>KN(G_94>+dSmVl@
zyyGOke@49T1n>8_-Y=y0lf?V|KUv(g<a^4C?$^qOV{-IJS?W_0sA%B7=Cs%uh^msi
zGKLDM@%ns$w+=oV3s+$esqc=%j?NvWut~m1S?Zk=94w?|PLNn=sIvIYw^exn<Vib!
z?jQ;Grz9Khz7r0B>{YiaY*JFBEVc6l?5*E8k-aPJ*Sj%o*E>}fzrCu?&sb=r`5#Gd
zH5CHxJr3OGPbe%>mb&O}9Pj-A*lRD>wz0URkKZlF8?Lf==;o?}0QeSjkk|)vB;2zc
zxc@kT0Ml<p@MG^**d)b<8zs0IHr%6?77yK8wad@gt>yts)`O66*LiKY+m9pM6}KSV
z&H&eA!@Zc`t{*SqzFKMV(N(|0a7USQEzXU7<swXJu*G@RIzMCPbolEuSb_%<<D+H1
z*ivs|zSsx7B1Ho}-Gy&cUxI<f^U>ELMax}LGSn_b6HlTPkHlbS2?jg!CSa~5qeJn6
zV9yXH@WL$5OT|5m)j*kCE|_O=a|;#M)5@~P-Kj9++z0JkiqSQgIw?P;=6SgvW7WkK
z2(acm08m_kY({{6u8H%S4~c(^`8}p2&To<;9F?3j-0{?T$6C#=$ev$6OuSb}(|f=p
zrZ*I)HzE`->{%GU3nv%uxJ2AU-q%1kk=pkbH!r7aNv$mVsWA#O3La>&MePhZxqpwJ
z4fCo7P&MW7=^N#O3nIY7jhxqfo|u2Qsa5{r8V}8jt~UO}x2b;}Z8fjqa{cZ3ZKGNp
zG`~Zv_56nPER0VT^IM9SudyBVlo@T}cNRCFrQFk6S@uVFD9pI){ucXs<%vcyy*VJ4
z(fp?3{J2s1li=0>P{ZjFAFN6PT3rT0e>eDRKE?j+If6Umxsk-%PWj%F*S@<1vbTO~
zaq~9{G5&#C-yvH6{hcN6|7Hlf`y5(R9z35;tuGU;zrofpuIdJw=;P4%+Xl|7xL^2P
zSDo~Wy0KL?@K+lAwFCa@41aBgzdVhc8^eDP+q^$@)_fQ{n{_*NRtPvuZ{XbMBOCrf
z&h?w9;f<nUPiVNn(Wi~3d7}Lp1o%B_-%GSV0AuC|N)XK3tq5i|#*1@N#j9G4&a&%z
z<_<|I>4kSsM!~D%jtPjCR;z_`W6C!cH{q1k%Cf(_O<~65saW<wi&d8_Gb>wM{qj}`
zsSi_hfkUf*$#Pv`=ocL>*S<noQBc3CYo=vr_}b#;{$@#UIneFNdnLV<EI0RCcDKc2
zoi2-Sis<{~mM^|qbXAyAaz4<_SnO&F^Jw}~HTIn_B9uX2AKF{@=g|r?^n2yjEm>xM
z2K@Hn@5LIti9P$yIfQHQt~h}w0Fp|f;kB~i5NcR^5F0)!8eRnrFNTH}$cB$m!!^`!
zsA$+78s2VkZrg9e`Y$6i-MT?5Juni*T)jA$BK!rnq%anb)ngKBpBn9mlJHrd0LW6W
zr?fs<jlGEc57XSDwrycx>z`yF%D(hep(QvT#FIsa=f$XH-%IYVhYu)B%N>-W#=gf?
zrw`H<*htLda}8dBf%K6cTHqBadHiT^!E5@*M10^fygC?1o~S8!&xqQivEyrTBQ4V^
zkQ0i&PK{pCfgJnj64GVUut5Eadu+p59;V8ns7KRhyZpZ7b1>9FjlSuFKRT+>OYq{l
z7ElyDhG;{4%<{Lv$C6I&j7D#EqQfvn>+k!cMqz5~JLnA0zt}-F`d=SoMHpy69wHu@
zL?{(al-YZ`cv(0eO40Pm!E{iRGw{sIU8Y9g!xpK-5!EZy=$sCT8L4wSI2ozW%c|Dm
z!<PrN+~3sbBxsnsN{x=`;L1mh$c_Y4jMA?hTNdTL7FMQpcq5XvvfRU5NM0^%Ez>)o
zK~9YhN|C{gxyjN3eonFo#+)bIk;Cyq7SWHxa)k9lrbay|Ou_PxMe%3J$cTQ#r3lR~
zt?y9WAJ!r^1$Tl?qS4W?Ppog{jaA8Qg;~49`kz((FJr8HwZfSBcOp?o`@k2goi8pH
zUwGk*74XFuij0#q-uu?M3%jYK9OY6kr96&q$2*lu@>@P+q<u+F%VjB);61j8-eVBM
zkDogZ+-GCv_DT$4c>8n51~G(w&xhZi{@iWXAJawJ_3!)2ZLwacMz6<@V(4Fs_gL!W
zYOR!ciu5t*k@y84q0d7oK$KYORf_aSGlaRfNFSCNQoDw7aR2t{j9ST;*D18>M(k5T
z4Zwr`(S_U{)&l?Bgz@fQS-dE=8(XN+xn1PaXAmE#BfI{6Nz&4qijf4VHzf&6>s4K(
zr4=!##cxW{;sft<3TJ|>0uL>nY&tw-)7~O<C+O0JiiQhQ8<`cfc=lud#8`*nU5IR@
z1x`ji^z9-&h<B3fK$f8}vcVQ1UVZhcUMA>Y8e~Kyc!n1Dm8)LnGRYK^9X1D8SH7|5
zwH7W%8`0N@)Lqz5p)kd4RHN%VyUh5rF_pWVh*A24xX-Nm8OU>!B1d~oN5)+8ds%Af
zP3R4K>In3Pef|9wDH0|7ME<W&EN(U=QNDbAyYVAD&zAW&aDN!zedUn*<H+eMMTE4G
z`x(*p6UmIJ(K#5sQVG1$IQ*5x+gn2Jb1mU99K|6g+{El4P0F#(&75a##rlt*SagpN
z+p5O)H*szrZj$-1Qa-V`!<}Pyq9|DCr_feDG+)|6ZbLKA?yRkq8J9Cw{yXgG-Cj{g
zQeS6Oe{6BHQ={;o+-`gY&zH#f-t81}`1;2(E^#W_tK!)=cc9x(JcY0-z&_Fz*6$TO
zc(anogJ&uZ5AKy!O?rsr!=EUE55J=%@Zo(1`&6phN%HuJ_g$O}<m|X;EX5%8yrhW2
zjO`zii^j*vj`I!QWd2KW;zvY$Xo|7;BWce)kQi?XFS~zkaodDfS)UN^=O8*qBKl;#
zMD(eEXqdh^O%e4Noc5Y*ztnF3PiVgt+FwKM(f|1)i<`g5yrS!j06dq==Y2FpuRZ>4
z?(tRCWHMGhk8(^uIvjUG%JmAI+Q#g6TDV9S#9EzW1oNEF>}fBjM4I{{`(E<jl-KyT
z;(l6eW65DHo;G{8f<K(^&U?I~xEq`$hqc@dYU~Rq&uM&^Ok@3Oy-Z`h`=j)dq@wtk
zfL4|_=xWJpPyerr*Pi9WT2X@2E;lBBiUDAP)Bc(yT{L2|>!p7;LD?mtm{YKD&?0%C
z)OH>#cK!dG$GwidTjt|VQlld+nh2%i4vTc$kA)RxjQD^k@f_(9M5F)W6EypPfDqe`
zE|TMdDTelmThyrQ;O1wQ6M;guNgtx!=Idm~G%kljQD01HQO{w8S-UIu0b~4C&|O*T
zwCfe7AA<ECsxV{DTP?gOc94{26w2nv5U)@bC3BlCiur%^0m$bfzPqd-m=V^04`Fyu
zA<U&9=r_lnwC`Ov7G~8}Hp#BZ52kO5@YWd)N6~R);MadZr?np);PlPHE)4wPI*g70
zC90648iOC4`+-G8o-(=1{tbsu)=D^j_wn^b`VJt~c&&3UnJ``&>^xUK<*Hj@q-zwi
ztgmfw{92Azj*zH!<qI%Ye@b_s{bb&2U&9W(a5{A++KsZdYGv8?UaPRmhbdQAR<+UN
zQ;V1X34ltRd&q$kC@f5k`cSlcB*4^YBb+rkvndw(5T)S(5o~o9W93T$LLb_%RV}cu
ze}rGocl)DPb%K^ZiTSkDJNKp}Yen97WG%e06tY&o_nizqElIYlMShAs-ggUD%hc$J
zBq?(>|F@N&VQrEvb7}Fj?)n>caf=qu>+d12N)*J3^t;nR7z^t|0!8{w8AbZTndnjq
zQke0|H0NUL+axJ0FF}aD3Wl;%L6ah6r+2Z#zJ1^a&>il_dss@fGIP6vrJK~~h9tM=
zh^8M7gMQ-6^MR%^Dwv^RNR*xM%aK(2{~Hwc#g%shUKc3hl)23k6dHX>p&h;5IQj@#
zJgcV2rfO^kIyj>X6VmYLcZr5UGc)g~!}YDwq5VQw%4_R5@B_1ZGx?2O@~*|r)h9VO
z`u*482_<K0ao_8Ip~gF)kTl-ld-6T8zh5wZN$|dX??~QPiCbE@KCXX9T1%g#_-AVU
zlij)l{cMl^t#@3bf45fj0B>S8sGDoa6JxD?GX4HxqH}WW$O++YQd{{l?7p>%sLyE}
zdWk6iM6Ju!;?)n4Ny5hd<{0NycfmL7;G1(W?eoA1NGZ2FyJ)x<MJnok|Fe#$Y3@A1
zdF509upS*u_GWD@%-W6ipG!PyY-W=Tv`I0(d0ViXiA|hWJ__G#P#CLORiy8&ES2L1
znX>}(ccDXOv04<XE&0aGcJjn+Mrh*%w3_X3qTl$o#m!4C&K(5UE;Qy!l;85s;K)`6
z)#ExB)GN%m?nOY)LQoN6JC1W+^}ZB+&2A^@@~8PNi<^`2Aj;d)qA(-=Z~Ufa6`=bI
zX#WeeAJ@pavHd;QK@*#Z2@O%I^5tzq5dnv%m1X}nkPc%%klIggyB+pu_0k$Sul&k}
zo($065hUvuE&$8S_m6WP)=dDs%pUn4m^k85iVpcNCf%P%>8MEe2fgWQDhKuy@DSVo
z0Eut9UH;S;_Ilgs88e=f7i5dn*h|L|M?|rk-jozO3ozLY_Fx5!XVr1sgR~fxXT$IF
z;rGiLIIqlr$4bS%7`aTibex2>ybNBJ1C8v++FChSKABl~^OzU5a6$h?=Bv_Lg&8yF
zh{A9O)mTvz=T$dI)?p69Vv)Y@{=n8FLbT2E-jaLsIC|Zb&<)agK)3N3!ifq{hnEje
zk;CIi=0+Qak4ugxoMdf$6_vGM%$cSyR%0o&8;p<Mu(;WT7uaG?4W8rLQ_mg6=}l@@
zm~qx@stR!tCk8eJJ{?GvB8@xXVKTnihoV4X7M<)v-k{Ba;(+-vGQZ<R`eySGa>!aU
z*^WO+s3(^ZiD!HNP*^0lR*fD**>9$wg>@^epHQP+@p!u}fTb4VGcw7n{3$v|Ob_}!
zVSRL_`sC%};z<N0lfyTf?sw6}{~sx$Dgo$tFZ!fme3K##;}gA%#Ygvy7Y4M2yUx}+
zE*98drHG!Cus%9NeX^_QDdT_j^ms>CPjl>^UbTDr$N%VQw(Q9p)<*}_Csol?rrncm
z#%Ol;@v_~=U3MRx|3@FAWFJXkeRR6|<Z0N)s9=sjub<F6K%&<d)<^r*C&!6q`J!14
zHOux2Ygkwxor9H_qUT}wLw&OP+%34<vv)KD%?}o1_p8yjeH6(YNxWM8IGL_m(GMzm
zX0oh$pCy`W@$8qH71rvj8<O2w_Og@hwhHsMZu<|>!_u(0oe1Nl#6dNhrpWu=Br)$~
z^~sE6%7?Cn$$z!}Hz9?@o<ooNDU@;Z38c@_PCXET>0F=mc?+xeVsdo9hKbS_Vr35W
z7c$=0#We<o`*in7De31V;mmznvb>Y~-KjNnNs>r=P`V@|@gmXor`U?q$+bjj)A;Cs
z8oNSNHht?=i<`X@?4zRng9+{L6YZx$`?2k{|1hEb`=b3-(EjCw_C_E0?V5yo^B=v5
zs*YCL#MRjIB0l`IH^k*YCz$y1#ppNiK*D$TxxZT|zT5gA@m-_O`R@IM?{eJV9TeZa
zC%?<+;C#2<`7TynJgEE>6bu%OW~@NptCgj`GZ+={%>xx?oC<<v>5`1BYWIDv(f<`t
z?wcJw<gk(Pip6Wb75c}S@P1*l%O7IHFL*@UGEiZm`FD>dm$h!MTD-gqW6b<lLVfEj
zZruEu^u#Vc4>SDjGkU#h(Q*Laj|RLX<;IpZasm>XKXEi;=06-i`UM_XoKs$tH?+m)
z3Q${LA+sQcgRJ#XNygaw4y0m$bWrL+lqF)>t8L)Sal?5@!f}mg2Eh5i<=0_uLOlGt
zzo`EXh}t9LWYMBx+}5_AKJI?*mHn)6`gs!i$#eDd1od-~=;xD{EpC2q_XFyMQTs|8
z6fb_+jp8(qK=C4{qvxTcUo5+x{pr-tqARJNfzVIPiTgcl_+PTP`4s8p7$jrNY}@ZO
z3H=_F{oe2N`x^8+O8Q$=yl7FWE~l>4NBC2d?O*;1JYV3%uRIOUqh-A-UuYxw-~1Ek
z@moQU(U&Y<o(lAMtl3SE82<v_$DF)?Iq>|K13v?vsR%Vg7@_%}!I(e71c2L(6nK9|
zlav2{E^MJjJ1*RS=RX@o{%1gAy*)o*uK~RBLhq&;J3baf%Ycy=rSed3$@pM^{|dkp
z{@!AXSHgG#&72#bzE1J+ACR7Iy#6{a35HytzZgC*H?N~-(xR8WByX4Pb(`~|B^ms3
zH3~vD-V%M@z<Fr?veDw63%gfiZ#Fr#up8$Hy+v;l^{kCK7P){Se*O&2-#VJHngxk|
z5}R82e=Md#?vDBS8@kl}c6}>XiD3xG7BG^%E<cH&($-HR6u(_Kxh$qTo;9_kx`beu
z7utRjk6)!QBX6kVCvkckKM4RueiAPt;R}Gf8XP}~(ENvNTy;TQJ<v#p&BlLA4tYl-
z;B*!s<u@B22U@uSZ1c3j$7*sNd2ikSjgNa37d}F5{9<nJ8A6}WT@F4j6!^&cx5bf6
z2p{+TQ(;Em>l}Q98vZvvVlTV!(b<I$dw$ui=66Bs`E?_mYw=ozp~Jz2f*){W<RdMD
zWiD1@dxe)v=?fM&f3KILU6iLVW7f4UuY*<ffaRxQqfBWb?}6*!n+wQ--)AjyjbE~f
z+YSG>^e#D1bZ{OtP9vv}mNnS;L(%v`yK!I9_~dMho9XqO8%=YizepYVf6%AB@`V2f
zKwVJBxv^0;G^ycZ)X*A04HrYhwb1Zm*|44(4x@&@h=#90!$0d>o*k?es*kW%9wpmZ
zJ02y+9ugiUD0;x;&bBx=&V-qD!|L+cqX#I=IHSnrQL?h-f4X+q{R!6&cVADo>1z@6
z_2u&xH-DtQj`mlW@kPYd*E21g8~>RjkTIQH_6vSSWGoklV;PKg3^aUDHta<W&!mQL
ziiYE$Vds{1@{Ma{K7LGL(v72e#0{FhNh>{|Id*^a++JP~%puRWl_HO>z9v$3@o(r7
zpDOAamrT{-S483=^#8~xidC!6KZCA&gHyErzS~zTtT<KcpZ&#Zg{iSDQCRe8P;kXk
z1@V?C!=pw&A?3PswL;P2rAxGS<Z0ot*mpJR{$&Gj(&}XjyCG7R`sCdT3t`n{tt_?p
zO6jl&=heunpSqD-?34itEBBLI?AjcK8NWZ(!n3OXXMc^Jl4rE|6*xije3@s}*i|Ny
z=7@7W{-{5z8u-^y1x}V(s(Gry*lew|+7rpGFTPOgA6XhGITDT+FQsB<TC7%$)_E8!
zDjUK@8kT&fm4z}3vsO|b$#e4A)$!sr0WJ5a8r@I)<I`23{De}}xr?;i!71w8>gYx_
z>hn+)UyCvJ_@n7e)o)c8dweGRrQ<;}%&+yo(XYl9GvRz3e>9-wE)S_ME)tb{L(xUW
zowQQU)!3Viu>y78&FKZ|yc^RC^eqMY=4wO9uRe^md-rw7&#5n&9;#iOuEyR#@Q-St
z+C}MVjNBd{(hAgh>qD4>4wUIoX``Y>=U}<69tH8U3v)M><Y{`BpoUFU4`b@QYP<_6
z%&Ns&zBfE?r+)1cj8%u!xy#gOIg|bp;nIbkqTB{GwzY+G^F#ahNIW~VQelzYqa{hv
z>XI#y+*&M9xK7j8i9(EMQ|}TqzJAscWLP{&>+d^tCD2QkpgOl&>!0__3WbpojA}Bz
z51;1NsnOR3i~t=_`hcLZWwy*3OXD374C%{AXa1fsRtO6Xlu{V0ee^<mml<C_FT7?m
zEY7Pw?#7ro+O~sT6E9xF%uV)l)vj(-s4-Vz<z0z-{Z}Z=I5P&+Yvu`gvp}79q^8tu
zua5*Xw6fvB%&@*Cq92NsrH;%c2W-!HDstS>L+Pk8%)(|@{G~)w<1?;>FfX<J@7D<|
z6pMC?p0+qN!FpLDucfL#YH@C+xZ{=U+}P_EG@ill`UN#INs8~Tf$!EMYtsT++&5r3
z?)00l#C;#J_jZ>TEMBz}aJL-}!Lr*jwbEr;sB~w3SS>tmmLRizR11~v%GcDw=|R6a
z+~T}Io!6s4op-kRAU^!iqd@)PY;!!U!xsSS*CywFOe^y(IH;gSKCG_~-8f!T?_D8M
zh_2Dfw18Gx?Y}`QJurb{w?zEVLd+)*tDPwmAdO_=x*;F$I=Xroi<I^IO~cKxxC3MA
z^OeYOH>%NQg?Nt|8;JZgITD|OG5P5ceSai=!Nms^Z1~)?j*Mk(t?6Og=LUJS+(p7q
zOJ5x6Kkm;!i5ZS3{pCdM48=>U5&m%LK~E%p!I1+3*6+y(>ol}W3OJp8?ZKhIo^R0e
z>Y%44YrKnJdezu-$OQ)b<)Ab1K%jeN%yyPu6g#Lse|stg<YYwRlY{9sy`W$G{#x<<
zadm3<Nc<8lJ`=yrRC^Dn=p9=e{LBw~{%(I!Y<KZB;j)6DNBh_Ua*Hm)3%2GKHTnwu
zrKr*I3S-92&)Sh5B>|()v*H{b?ziJRgdae>IGAZvJmX}JxhM?-JBJ=p&{1W!ZgG7v
zY@sVU+NligQ5cJDRih8$6!PZo0ZPqIt%3iBBorllr;E4+LuxqEO}P8@_XU=~X*n<j
zW+t*hXXC>RnGM>$k+wR}-PWH}>7Z<KFh5kOFejcZAEdV)y2Z0rQoc(NC-H{KW8c>~
zsphIWi2N2Mc2=2b9T<!B&pxnNVa1n)>0EzmF%0k%zbI!^Ys@p96Mb^3JkkA_DRBgg
z=tfu{fg~1ND|37o1XGN+o`kKB&SFa@w93yPpW=_iFBrXFVOiBhv4gWtGk0~g&r?H<
zb_R^}AGb76av&T}TIR&9Ep-vMxlzWQ3%TLsBIF+zU4h(Wb8m%(hDOR#16P3HK>3+c
z`(GxR%a_lB;4otp2@d`GDU3ARvb@Sng&A+p5`shG*l`~wMv9rA%X<dn%x6fS75aH%
zyKvn$b6jG)#MmJLeNo*XMX}x5*o~SRULV$fG4n0=ecH&F#baC5SeeB+-6QoXb%^%O
zt|&Kb-K}6r2g<~wMB>>i4TTxcKI8ad9Y;^N?2mUUtT3xu(@jlZ6w&L9z%y>ud4DIj
zR~c8M^W9!$^RaOMkd#Qg@5J2-8b^rarEz{t0@WvXfu)(jm>RvalO#E<6UmABPdWaI
zgV04TuW}b{y`^#5!|@KdJw|t7;vTt!8bx1VeXph;4pnX$#hCHYEuws~8hsX%<)lu$
zOktR5s{kE14qu`$W8)0F;_-#Tz`{!{Zk~~l527%O1DDCXI$msH0B0badxEM`$os60
z3qivx2(}W@b}|yt{$PxS9>+?W`n?^bkQT(f5()aX{@41|SWHN1n5$LGU6ilBxLk;7
z`O)RY$y#Y6FBw~?&KnhU$!Hs^4W)WNifB7K<g70lND|sIT$AZRA)>w8kwi3g-g=b2
zQadq*N6?f`jDdL8J(RmqjVi!eW{1m$cp|w?YP1rIk1fY}!<1vEa?Y=bC$*Rd67$ce
zE?fZf{~6`4YAtsy%3nW3^nK;BFseU-+ds3^7QpV*`ukp303sLS4J5GZ7bvnIb_Xxz
z)AVb(>(pq2B2q1ru64^(c1C7UxF}z)k1?Q{e{zm7X2Ut>_EBu)JSkZI%gHul*j9x>
zUsqj%jG^iRg-uc-WvM*NVGL;}vLs`8>1hlxn>dOwb7xaxeAD0*dFsJohfKF1m~PIk
zm-$EAqo4CV4*jgGYL|Xa6(W8ok3&EA*!1&^$OSB<{O@i00a+_|VJrISq?I;sHTFCZ
zbSoO#05oJG4ejWVv!di)qM@sO2{iO=2T4OKN*g?C^pzCGN*ffaN*h;^hE|na1`<s1
z)hOBnmj}6iTB#_>9IIC6R;%->)#z8u@gD?w3+HZEqwlq*x1BA5-ul%g(%Z1g|3`YO
ze%z)vP3!MFw=#j=cFq^{R&t6>Yq9Jk)J%w~)(ff{DX8jRK~*Hq?<^Hmb&V6S_vCzs
ze6lB=udqp;NLlJ9mm;lg>LUXTU%wOs4D+9~`0Z7<kHP@Mc!QJwc9zA>M~HsZdDUjX
zO3Y_865iL=*?BxQc+M97dhyhbe=4FjoU9awPNbKipHJSj`JhkMtI_lD`73fNtyQBF
zP~;elPNluGs%<~T;mZPA?glk_3^rwMqZ&26F2B++a9uhiCkM5{tlgNZ&}D!6bf(44
zy>+&HJ^w41ZzXyW0rxGwKr2gKd9lI@^!;e$$s5*NVMf14TDbXqy*uxbamP%H*K82_
zAZ)6vt+=D8PUQ4I14X&bYV;4%n;)!jc2zich}>1pf-9eJapenr@b@hEv%gPlt8o9D
z{Az3-!_&>Zt(Mu_YMI<tvoWFHyy?O8kUH<-biH0b+G<nXpI^H?U5(9_n<~F{S-KjV
zgpUu~n`&*c*i;*mU7ISKbY`#AndQbh@9{Pp>vJbRn^wBm6UnVnW4l0Ke#O?8wRmdR
za%cZ+3FodOeL14H2z_}U^?{XZX3R*awO)L^*5CL0Pq1;SBmMK<`pIV5{X`Kbe;8PH
zFOR6q3ES}FCj<;S?O*fKuDS(x)uWfVeB7aR{Bfs8HJV+^dDRGDyZ2DO2vA5&e$u74
z76kqH;lSzQT!4?!_s>-)m*SO-Qy!z#vMJaQ_jEny<_1@u9$blT@WZ_I64@J!?`O6_
z_S^=}%{BG5J;^?xetO(}K$%}PaUL!MPAYZMfcc?qKY{(dyM^<ryJ3<~p5(l0H2gLF
zq}03XT;sp?(bnVtv5s@It84sakzhJTUt>+M!;!MozI_yCB;82S*E5cBUUe_@aK=f@
zAEh5QQl?ql{0HIJ=<_eKx7;N2v5t^_#$B5e{ER_Y(aQ3+o~1Bj-lG<eRhL|Z4let`
z<et0KP-j`>Bm2&A&W*2Uiu;deL5<W8i+i0*J!))4GVp{Bn2#VdzhxBNlivrcRhIf$
zhKo7$yFg(^kKz_g5EvU!%egu6L}GnuBj+)To1dPv?O7S{{K84WFD1R4`k0$ux;09A
zIc(HFYH_pUN#SQ>BY(rgt&x8}5YK+}>vpfwM{OEj4-FTJn9x@N{N2Le>{)pD=Sj}B
zvK#HI3{5ROW){`9rJFvm9eRvrth^)XF0(I0gZSA&g&Cd)TR1vclnv!s)#jte0O+-D
zphwLCXhf(+7VKk;Q5t!?9O-VJJSqIUB#I6{;zrSsW*Z|Z#*&Ae4WTb+<lOAnY=50%
zeBgflDZEYt%?vMIx}%S^7We)5J>6YD{TMlSKSUm?uYRv!t%kDfr!u4fmNrXTC?+Mz
zv4`d_20Gqoac-2%BC35EsCJ%;)0tGqd8l#&v}rgFxV$biT)JE<-J2g)3)X4+TC=o~
z^U{6!;j&0j)6_z|rdns--pIMFTwpYQS!zZvp+Hn^8ifksXXh!*c>ewtZvF^e{-EN-
z>R^2yfga}{m3C-h#JIebeeit6){ClzA51(yMT?*H@9*G%-cm9;(GK<xjQO|=FFr1E
zU3?VZ7%pvYDZV>g+N=~81G!I}hPsmA_oU(QL!{xH^{~awWAvbvWsf>vVaDnGT5RR<
z&qKl{_LMfZu&p9m^Ho9ouAcEim;PGwM&eJR!_N+JUQ;HQqF;l9qm1_BAU3Gc*-e~l
zv5h4)T0AZKtwKLe!{BuhL{P6r@4-gZB{f>^W;Hq*n5%xcFl#r;A0&#H^@r?x#1r43
zfZw$j-UB4{k_5G6y2Y!yk7msLx|wq$?NJN2qxFboUu@hDgw;IFNi%o{TH3P5{02Jd
za%0DIa%+KC?@|?!h<?aeHQfO*!y}6YodCe`>6B*^wU**BT4^6o@vv~|C7$Attj*bs
zOm=cG#r*XM@MmM%qe9Facn~+u`81*bo=baY@<SFkFFZ(&hF6tXyykmN-)>~XUmqBk
zz<;mUG?>+j2G4bD)HFk^=#x7#rR3(Y?KtL9qf<PL6~)IR?Pa)WZw%7j19aIoox*_(
z^AU01c8N!gO}A)h?-yI#oJyv!z3GI&x3gLVZcAnhvKf7V=(Gfy4?Vznc<kVI$nd?w
z`1qb7(03d<e7@Chn4RCrL;t*84d7Mbmf02hcoxaaSN0WR^^zVU{<*~B=FLE;WvPA7
zQy4maRxPHj|Ml4lGv-cd;pX9kz+sY+7Xe=|2h%5w=PIlmPP3{O`eY`2G6p`Ge-K-2
zIadO$pcbQ`#Z}PawS$fca*WFaIU=IhN$Ya4hO2}z>{s6EieZ1Mg^rc%2Q6+sMsf2G
zpF`-*%5<#B;nJVEc}olD#+eTzeU%*4;=biyA{MSbhp^x;ws_62M#Dpb0!NbN@f~Uv
z6s`6{S9#b~st2Y8qJ7mDG_4p&2NNc@aC7kiY_UCEqGms}7z-^1LyLC~*zx9J{iH}4
z9?=hLPaK$#V!IbE-UPGh7IfdNPEB@~o64o+&l}OPAoZTrGSJ~>OvCBBezn4|YE<ve
z02Hezg>`>eCs_Txj1}cBQ=>(cVLVP?y4helVYIogX_Ww@bZHOFHVLMQieD8Fn95ZW
z%yCS5?t5Q?DOKA8)7K}!P`+}XwHCpQx54aI5loQ;Gs@o{m}Cj2k^*Sw5g645bJuAI
zrgo(Ov-Gs~z?>r|b?6iXGZn#{_2WtaGcusYx_3t~Z%Hs~Q`-X*=p?`_R}oAGjb_YB
zIhr2=2u71&I-K4fm~&4NV6@XHZ_yeA)5!*N$LR>>=n4Vm?RLR*QU#c<-4V=d1m@cn
z63m+f<~0fCx-;4X^WdohOu-ol<^}>Y$_6v!3<NVsg4xtA7_4iSyG)I(KrjP>#x3_*
ze0fsPV;9*d%-V>lAhWg>X04>i-zyZ#Slo%+{ePe^8_-Ytc+_aVl91FotR&Wxxfx&E
zDX=FgiREaXQ4-71z;iq)s6DX+c4fj%IMvf23Gmx{g#?JR`L>yJv4Q`+zKt*OQ$1+^
zRwH7D^}uWCotqQ~+OLroDNpK4)u$io0h&XGM~x0hWh{13jlS=2h^+MrLz{?w6MdKx
zRR`R?qy;31qkhIB{e6v}C`^s^JdLr^3Z^jTLB|5Mz<^cI4;kM8pL?*ysT)EgTRlb0
z(@br~{Ks<s_V24&)wlc@JvY)mS%z%%(`BGP-3hE22Ns*ux$Qz%bsorA`Jb@;^o7Fj
zF16-#l>G+=6ea=#Bf%7-X}m~x9toz1TC5lrphmY^bOMTB)z~V_4rUS`w@el>g%l(4
zvE{md5s4?aPL^>WA5*<t5f8H1{{8JX`JCbXd-nU;R)W5^*?4-g#ZBFkakSL_LA(8B
ziS73pBcc67%l1#y5}pPAFP|*&Kff{Id-47>`~9xO`lzk9SasC}A;!wrc^NZjI&qBN
z2dQp}-XQY?|4u$C$Clu_9$%s`<F7m9x)yhby<Tc~%sCB-_Jvj}odun(ht9gTa6Vhm
z^vSlH=G!zkIX{V}N?+bb$dQvjQdl@wWO$fc9nRgN>7#;vy6#Mk^!KHHq%bu$wF6`7
zye+g18atpNGj?UNt4@pPe($<A-M^QxXJJD|`crT4zh7JnSzT~%z4;;Rts`A*{HGgp
zrV{?sW7Ya%_34xLj_!0C8B{+}?e6bx+x=zdxV!hA<AQ7o&XcZ{)^qgQU70R{M}fyb
z(F7!|KHud$s(*O5oem>ijb@#X+~>qv?9%u-NRc|}*kZ97Z8~3QYW;oMhve?$yZgU@
z&A&64ldwSmjzDq0i+jWR)~th?sQ9)jKsgo53W9eOX7Pw#9LxckKOH?UG9&s{kc9Pu
zV1ALlLyh(F$ohh*JO2wO$TcZytnf^b&JFdsD|_SHKqMYCw9=)N_u0k&*PUjg?&7s=
zQ1|*7?s$($XS7PLaB+86a)oo?fzpBR<?GRQAJ!LY@eX7ST&YHXhVS(b*!tk92?tFu
zO{5u!#PfE4ps)z&Z+j4Y+JFxftWX&1-;*wL)5CglI37yDMnHV{w(=}^8%htCF7p@Z
z>oAOQa6KVTjsAhsZX}qY;d1NSDTPOd43somI4{zF#xh(YQfpLDi^Pkmuvdn0_GI#P
z$-tU|xWvngFV^C|3t)KhOf9!XjrF*g$we9!%rN#(qMYOz5h~XQC+uy#p~<dDd|WVJ
z#<dq>=8z0Te)b-8HgeWrU{9IrCPSJ=yY*yD>pxkTCnnol=rTW+vb^<u*g_ZhnG=#f
zbg~`TAA(cytg~&egkh&KwCMun7RC-z@zVH!U<mdnRliO#s_%6Y14M5<hq1O|hWVd5
zyIxcSoK(|qMvi9oZnA&hfCpLH{sqYQY8EKW*n6wZ_fC;~Z|4cBN7aho)d0WSD(e$D
z=jVgtC4b&<(#4+zS--fV4O!1U)y)y^J{1{H-}l5_weR@5_FeTOUVPUP-bL^6x(<bw
zN%plBFr~*%m3$-Z6pT`i4+zG#=Bsm;8PSOrH}9%-=XYPZRAI)bk%S+Q^qT?^uE#iw
zn>kpION_s4d7JUiOc?*LQ;`k*y2>R4tsj&i1pTDQ(eYFpG5wYUq0I)Uv4d*tL@lKj
zi)~b+UqJ^OWd~nU2b0|$Oik?Iqtj#uwL;3et&`o+>SYS6#G2VJ*0x=r!c}eN_kO~8
z^>7+vSsSxzMc)C#8>YSkGWn3FyX?IoRb)Si1OvvjB4Wsa(s~a3`1$TKIglx^ppOcU
zq+Pe5)vo)ayL$+qcc-*N%d0%XkPt9tXst$ZhAk%keTr)oCnJfY*cOnZID85vO&F<<
z3XY=6aa2}5LH-CBb0!d}1(4MAN9s9WUJ&%3KM?lcR@@t*%I#RvYbC~4!x#=x<q<V{
z`-P0jeMBtiIAbhc9P}6H`y+anpjMW;T1ENryi-U%OexGdX#6<}#@!`IlGP!%9c8(}
z##-ELs7sWiYVMT#@UG)j&+eT?3NwmFI1=lMly>A8tAMd`HHk4Z?B2iXye$}@3Uj?a
z#8{|uqt}^nVb)6XRGt{$vRve6>KQa{ztgTh(=%uuZ$W-Raw*K&xC-Cfvuknllk@F)
ztT>uLuf(0=M{Iu9aiPMDxx;B6Pdq`t3%dSwQ5(AM;CDN?{I1$=T}R&p{xY)*7I=!l
zLu`+qlsc`fB;C0GF1+@RZtvQb^V-<xdCVTym}=y+ca|fc9b2w2W9E%*<;#>K|EGL;
z0jvvyb@}=@;m1fBV{!9`V~Oj2{0@n)?MD*zm*0WI7vF$A*F**V2>g7%unm45@9M_S
z_2`{+R@obH{Qs#&=cU^CTKERw>me2K)$<L7MapKRtFbwbFmvJ3Hqe&{u1Pt&?gECL
z`-d7mPo?BtT7Tap1UuLdg2dJ7(9eGq@)A&EgS*R<8c7Iv#<Zo0JmW|=JH408zPGrW
zlYOrXLLY)>wD0c!z#^a9L&WB~pq4CBs31Je!~y?Rzy+T8(oHtYd87+WXNwv=7qOIm
zDN!FONSB?_;>sLStwvuvgIFrwLl390^c3S$$<rfPIa;u_ooC8Ee)ij`Wzt2yAgx92
zvf;sW!QdY5DH&W8X*m16g|4yu_jG40YBZ}S45W&J!rWsyXOJ7RENT@wOM>2aswfaN
z9OR}^!4#uxNQ+ZGKLf^sLi)CzvVPPXbd32HyG9c@y(O{o+RLY7qv|TU2z`2hcps})
zpT6e|#?<J#&W!!2h@uQBVN4>a{~pm>hQ<qm8AA)==-q?PsMCXfW8Nr>-*R)TS`-!Q
zd8TUzi;X+>knrEwVg`@9{5RrxdIj#|XXfEPj?V-A|N6G_(o+Z8m6xW#{`JBBJ$l&9
z-v*7A`}LuNiTm~R3WXU<uA}|>ABW%5cb)C;>JK^k=E2G~JFP`^@8k8z=gwOCs@TVq
zy4d@;;Z@iYzo+7s82+l<$D|D)^xNBViCL$)_wf~{iG5s^YVYHB5o}Pk_i@83w2uR7
z>_l3dee7M3xQ|~<YqQZNkj~ukRYzIY;=Wa{C@iGTT_S$+t8=RhQvNRK8_wNQoDm^<
z&LB;5o#2sJ4mbm-$x34^q`tU>_ErpUTeDNDY~oBWROjtB9_~&Am@c=j7nGuQ)aPwJ
z!2mY-#F7n{&P_K+{*3oEB(ILOMW(kpGgjK<(a@bRJ|I}2@1Q`Lh~9!o3YBi*#)6TS
zy%D09_h@qr2~vKg#-ZQkrFb{S7$Z~L_5)5G)~#5qWw)&Zn{~(B^6|uS%HQ!V<?r}b
zVMY~ErTKlGlMf6jWXk+D6jIsMExgUfb0qtN1upURtDFS!wU;fv#ygNS96D*=LUx(2
zh#CA=<32Ct?i*?*ocn*4w;9jEgmY~UoonB}B=*A#o$dW#z66AuLHnWLCAlAZce7`E
zT~!<CX$kvbzdYA=IQ!w>2zI!0u9+{|`{5)ymuK?|7gtoewK^}(#74eOFC~!w>KFf?
z$$$Om*5p5`o16R>pyO$F$BI_u|Hx^r$bV{D`{chiNs#~2q}Jp=d~{p#*KG2y==A?W
z{(p~h$Uo-6%g}B?<D!ukuS&m~vGU2#YrI=9VLMctkM2*rPc&BCWO4Jaqw*f`>mP`}
zlSwiDmBNhQB5nD5_P%!c`}iS@mFEI~@48>eXA=Ovc|gJ+_JhKV6Jg@#pSk4sd}w!q
z#!;ZoGt9$>?fuuLpCO=kgY0d7Y`W`{_qol&EqT8o<w3)^(c-2>a6xVlhZr*losi?n
zok#N}vtay7(EqP#JKtybwmaVq8e`=*z<kd&Nxv|^SD4XF%x``~Uyg#4ap#RPapsYu
zlpJR$jH}Zz%${>G4dUb%IEdOW6lRQZ2GK<h;@Z8Ow;93!SnMe<gg1?LUcUjD`VBBO
z%i!GTG@1}JZ=bk)GFFTbw@4;G(9ZYg4rHtxG&%Ds_<q$W`o3^K=O7(iL+PsSfmxre
z5kJ(h`qF@)F$0#gWe?5wju93&g9otrci+)`Kd1SAt}x^NtL^z-E9d*c9<rw|9gdw+
zv}`x~nrIv9^Z6+e;qYZ6`{Zzm?2bp<nbIi0*i^vS<b5=@CBrRlCQ&A%z;_BWZWuyS
znSxWvdmlDM|GXDp0H$RLkzQn`!8_E&@FuqFG|G4U>#delFQeC^c`xs>`3hzmm;el5
zf`*Y9jIqZfdQuRMoI8+we?}2ADJTV9<g&;UvQjDk?K)HyqZg4POoC@hDq~eqnA8JF
z?b-m$=w4SoxXm}nEK;wux8VIjL{k7eKyJqGx6p!*J4g$DGx{GaH(t2G;^tIScufHz
z&ALGn($f8;BIjYr`^BM3CCO3v?Sol4(oXLW0J-e}a$CQLbK_Rg`-t{Pd#KF>-iNlA
zinfoTKgn{T69Bv2b3L)jbP^TsJ`TXRIqn!Gkc;Shk+epub`H7gRdI7{eEd%ej?M_{
z3(bWlO@8k67B?q|OON7&OOHKt>0x#}%(?NOn`ube!S<#K!~X?_zh^f>N~aV#=6+26
zmA&~J*ZKGFOqbMu=v2nkSf>-%>_=*5+~;obJ+z2!?7$fMbDO)4y9QvJhDu?nJHS$p
z-OagiXe7CzfoLxB_hlI2VPaMBetD4^%{tXiD0HYZMZ{%l@$1qlul`zXLyMMsM1Afx
zl{~l0UO-v<I;{8<)_>9TZVR>2YLBK5@oVvcDdy*fKqKC#{L<<^Wsz$!jkAV{bu`DF
zB<~n1W?y%N_{1AS9X>IotIa2V@9gl2+mDDcboPz-ilH>YOuQC1)Ak`&j{!%H=S}-j
zVMcQA78~sQT`A$?a!pSP8qK|EzgEo$Om<F^yS1q^#jm$Px!JgrXz#1zq6#43c+YhX
zjxlQK*{-BiYVouU&jQbx@PA->hQxHSz;w8@gQrMui0A`sOo!t`Qp^eaM4m?=sQa(8
z5(TQS{4$3&7x*gD7nx528UK2n#jAF}6i)$S>Ba3eNilQ@$GrN4o!c$NIJGtSoqn5a
z)`%SDMfwsmdbmBpJgtzi@~+U=svVpgBW@(ZeB@9&+vpPD7=ObydK23AzLB=v@ck~r
z*?p}foQo)LrSZVE4ymm2+oW>8i&UDA5{;oL(Y*B-=V5&-(3~;|Br7z->_W;3RUUx;
zd)IJod_00Oyo}yMWSyD79dMk7_KUR#M1`-F_`B<{eT1bLmtAYKEa23E!$dYZ?D<?n
zeePr`jA2|&z_y^7Kkdd5(#X)dqu0X-k_Mr9M-1}*{SFQ#8vtyd4%i;`H%SEnW6>}f
zB@P(6*`&!_J`foCYB7(CY(H@0TRfo`nf(sBNaNljIkihpwzF{mgoWFI{BJww#(i|i
zn`fIYDqS6EMMj5CvGdZqsPv;F?NQNm5JvmMyrR&7I-IDe@i6Xi|F^iqUxnj7c!9IS
zr=H^8;b)vLcKD5er0#Nu$Ife}li-<%#hrI%=Vl_W(;^OeHJ@UW*Ekn>eGaFOJ_@t)
z7b6efRiyu{#q&CRN5TA=g2v#y56X-0QBJjWD^(2CxniDto`?#J#CrxsR_r027|Ojv
z2Ep3x3soKkl+O@cHy>AYabebOQC%9z6j$X=1Ewe(C*HkAu4M$5cpZ^x{2H4~M+H+%
z>wtU9<Q#LYN|C;zYRe$T%9{Z8@jp2?W?nDZp1#zax2qiznFS=W7d}`79~50rB(m&p
z(N-+<e!zb^;Qw`K)=M1sn6EvhMw0a5YuzN>Wgq87`U=3oAljmG;#h2SrK#<6)@R#S
zuJyV5n>OpS`@DA6C%^6b{G8r)efD*v^?60EPaVwnPm<UO%NJa2d+DI>dG^nrxI}}8
zGh7G%nW-QebihP8*`HH0V}!fK&MqJt{F2Prk4dmf|3BvbJie)FYaEBqNvANBlL}}Y
zfOw5i#GzHtR!|z+!j7g|8KeR#PFz&3Af`|SrI-Xb#s~_cSDd}hT(2Wyv881yGi63l
zM#Xa|rDZB@NxI+9UTdF|lL6#D&-4Afzki@Pds=&~wb!tRwN}?c-8Nsta(L+*)})hN
zNrNeMvTF<PiuU?!AdPIIU1{xxYXcK8tYSpys;j^)ZK8H!D%I9K$aB*pMB-s?Fzxyy
zMlc;^3pkh2b@?79+iF?s-ML^(X4W~%&qC8J>SAX8WfY<adiJP6e)vh0{5acIlOGM{
zu>2^gkHdUZbo(rS52Z@Y-N<}>;d*wT1788YMtsfjb-)&hukCGP@U^k40bhuv7tMlD
zan(RUD6?y(J4e>$-SI@)pUmGJ2In8UDOLL2jUw$9gz0L8se(DN_t?TB?TxlZkv52f
zQSmBUU4JHMB5gUkP|A;kLNr{aE`-nR`94Bsol-pr&#5ZfV8r(_3OBn}t6g^k6hHnO
zpvYlRtm}3zD5|<}D3&rJ=jeiUO(Q~)$)M27)NdQZOTOYhhOnOO^OwIMOFhq=`ij%&
z%{2}TQML92*QSYf<&S{~v08S5QYGasT|896Dvx(->IXLeBW(WUmk7SB7{y3%Cma0w
zUno_6Dlqi+NUU-l?i7Tw`&o6mi&EvK0_4&|;0X7byAW{I=_}4f3%W*fQE8hPE}C_P
zan;?xpdmW;UJ7#k+sUrf=Z9#xTy2Q)L6}IcV)LwJ^BlbkQTYJTHNqZ8`JIWnKpcD!
z6A;RIcA~tNkGV_<dVGy1Ba!4~!`{V)ZL<p|`r(%_(O%5eU(_Yc6kE+krdW76XNqeW
z)<)>l`u-F$#T9HydYSspDT9y{@--o8ITZ;^HEZw~YcO>u&T&S>9PbLx@u>sILf_@F
z>2)4D-6W{qQwG)>!&vVc)>p<(Fv*b0v)Sis+2>1lBB)R2g=p9<P*0r1k=HnlBR>`%
z`P6>E(~DmKo)Q*vhIr|UNQRJ8Vi;obWk!a0i%s@n9dpmNgc)LQZit4<)qS;m&#;kw
z|AA3#F#BE&-*+NbzsS|FdIUm_vw2>hsGk&7sy%n;R=*XSOwKiIZd#q(&|h$f(TaK0
zDcJ^(di-t!32)N}D>;Se8at4q3seQ*ecirD>ejOfjfMTM?SR6i9~qS6h${`M@2zB}
z9Frh&UZ3}|nv!L#@epM3`87ch7Q+LxFMmfI!BEPE0U;np#T|p-f>K!)8@9*xNNZ#g
z!%;6*lDZvJlk=m=rv`>14-h5q-w#n*@ubF6%;j@;#AN5_{%+l7yjN<$BH3*>XYOH?
zYd=8CqQO91<9FN5>igReb;lz(ZETp+UfN43`jYYv1{fjoP<y(vKMz+l+zexWqvTcK
z5y1enQ{JW~{{n>4El6dKgN@D27|p;`uilGO<|m+2@<WCbP?)mm5W+WQVEDYzQ4aWO
z_>Izv5*>YYtp-NC(xLH2%BeWY`gv{pOMP>zfum}3v{t@Ty5nzCPH{@;r?}rHYA@Jk
z?Z^9%gjFOSMTCfQli`*82C5zbc0Z;J&O>X!dXyv6CATW?<c269ZX|}mG!uX4wC7Di
zf!wUt?hNCPS$IleP89x_0jU1*YqZ+0_$L!0ZP?Vxw@|oyX@hHlZhIEEdoFv1dJ`Ak
z)9#38&I4ZN{%XMH*8Un^nj3WiflRFY*gr%w_W++8ER#yL|CX>QncF`^!xo=9@6Q;h
zZ(@a=SYgT*^h?2hW<Xx9`_Bw^z{oMCfz&;eR;*z|W*8+*^=3*dzK9V#UvG|-10S&g
zuV4et-y8$YVqFkFyBSvh7w;K_M4v7O5wHnTcZAMT3TH0rXZxeT9~TS$DR77P81#g|
z;QbpL(7c(uQE;8|kWzFzL;a)n9Mqhz?uY?)u<lN-uZf&vdnTj@f<07&1ka7|>OPGz
z8Y|vrCe-b$$+W1>CNse~nw30O12;{z%>&kN511s*kH}jc<@K!pLAwo8?4~h?dUaIK
z%XG$QR}%wJ3LCbF6&~9ZXCVi4!*kOnoZ`F)$7sbb`aVoa>^{tCR^@|VD6Kfgpu5q?
zFw-_sTCpjHy~b{e0da|LcHX%ua%R1Bb1E~cWWKIfFNy82yKb_yY^1cJBkRAn5r{+V
z^Qjn+*KcH#-Nh!mb^!nGC<k-x^Idw;>Zqbuc0pztyaM~lE=nsdjTvy_Ms$n$Cg>ww
zS`F8N;ac2Q#Quo^eD?^t9=IzaMyDYk!}O!8&4S>c8H7Z1RPw$lVzNi?CU~bA%A`*D
zv~p{9I0I1!IAJZ{B|;!XO9`B@WS8Kb*X%QR-~Un4_qHx2Cc!;Y>6#OwzRG8Z@kun6
zZ@Ehl9OVlW^|%pv@(~h9o%5$C$j9<C>qy`>Ypp0KANSTmD*3KS##b0yZVgejOEQmR
zBQ2`bcatHy8YsT<{i47?`ebqhNRrQ&2;XP0@7|I`K~OyXF$>_HR16RC6zG$8paV~W
zNaTHrr9ZyK1>}4uY4Q0#Zzl-O>8*IDKPZKp`E$*rZ_?UHY>c0i;Q0M@81O$3<8GgF
zLr(Yw@3@Yd{wm$iW1^zAeY_)H>o-G$`j?V$Uz+%no_+&fcwIJ6d*PJ<yRz4b^LQpD
zOM5+&5?lnx07x!^T$NXMd=~=6jbfctd+n8YnkBg8f7w?<$d(4lI~!7GbY49P@5+0p
znIrQ6_A<xG1L&%@lI)F=cd(g1t9F_V@mlgT>s*2FVF<_1JZ!h}=dBno?jXjDfN6JZ
zqbHmVzx~>4=GhSn%=(Vp7iK(H`_oZAm2p$Wr;MC-NoSa6Im3LA6{706WF3E*^8tTr
zU(@ji*JZBz<~5GL(QPB~*WfnsxM42;)$85{{9Q5seE5Txpq*zGYxql!#9z<k^WiU9
z!(Z}W;qTMzSo|$diG#maQZ)P}>-ZayqT}y#z~AQ#f4`^d_{&Zb1a*lPFV_Fgt}t(}
z0*sKhz}p9&VLxtyhoXfO;L3L^#3_8vEHDGrEP0Q$ffp}tWTT;~Cmnk^6;g2$c^@5Y
z)<RQzukXOKb^Rk1*9+~|N*!`FtiP41+WJ#L2mx4m@>DzFuw4VNc@egJfNeHBoh_LF
zVdO4?eWYn-LGq@w)e<6vvUrS;w{S?jl_IZl(BWnbN-8hs*AO+}CUD>$HURgk4xGI$
zUdJX3G#BQtd-QDhK9jVll8LL=&VnnNpV^qXCUXmGP?+cU)$mBE7NQ+01a8ASyImlm
zZN3%4d=Tx_{DxaX6khwU%GL#o@0xak0D-#v`4&c#kK18zJh`40T3BDb;p$xKa}!O5
z?3P4cOAD=Ve-`A$IJ?>Z!!{8U7o=okFaayGqswj%QHQ)z8Jx|ZX?xoXLOxqRf3_C{
zWx=gs8J7dsNXr#bOYzc`Non~V_Cc9ws5lKX*fr=CPh$$(9Z#EBefB+bPc@`W#h^KY
z2wC>waB811KAa&}_C1LauY;JUY<Q%475h1T#cIfOs2HA=YH=(Q#BjiB?NvVs;L6X>
ztjy2cLp)RM={%aXTqXH1BYd9^7|_|znDIT8+isS8t5PuAb>L}Hdr8&1fp}Jl5WvOh
zNfrwjWO&8&aWSmQ{FBYZKM)^EiHU}XQl}E|34sknfXi;BHN@|-Tj73`Q?3S<-vs%p
zD_O_sqU6mInU6D&`8X>la1nJBo`rYmGQlLcvUf>7cZwi50|RYD7Qr22b(mcRh4oN4
z$VNO>mIAq{Kt4%iM-!q!@``ZCm}k!-aC?;*(4*|ONZ>|+1IK{Oa>}bDUlMO)V|6iT
zuhM)o<2G=*N5R%VKCY9i-8U0|(%JFhmr^ga*O8#NUed?dn!n3qXzdQ#awxNps|)14
z>dYYK<J|{60GP^CH)>D$;4aFfR^xjGta9g#*uPc%rj^n;j`DI4qF*GUp2?Gs<;f?&
zl1VMwD+(lV+n|G@pls{aO4XMQ?^``nEKGWWh8+nxuhceYDOGASLsZ=bhf-B=-$}+$
zBpcnmiEmADJ@KdRdddVJBJ!Qq==o09O1@Ri;e0cCJf&}%wRlQ(7*FXRRuZ_)zfBaB
zF&SDsrNb@^rnEv?)(3K8OTHD&lq!$*;ezsPTgXr9DE~-T9z2!?qd(J5J=qLSL5Rz$
zIq~4P{x$q(;=z9=9{lUJih}aV4YBZ>bokFus{E@rhu@~bKS?(p)V`F`^2B@KHUs<p
z_tVCA$VyR0h^jSOK9w^HVZT2N=U2&Mzds1)Gf8K^|EcG*Rjll{^Njv}*vx)E)};S#
zx*<f>&RDLD?2Y+Kd3-(PPX7CkMt=WoAf`{WChJ#UQo-P9H1P2!m$%XgaiAVOtHql-
zgH^7&fr(!X!?G7LSYIy^3^LyN({W6DPEW+>aW<a#tJ%4^*_FLodZjuUW8(xWlCg%B
zc#=gY6GXkM!E%AvRQ`cxj+H!~#g2{p<@Ib_Ok6rC1p{(%P`kYGWO!URAD75y$Y#oh
zdu35F+F5~rCu0qMLuDtCJFPN|JHV_KoYnKc>{H&nK1AWJ1KuB$UxBM^YiGe#wso^i
zg7V2#;k<rJPf_Y9e>lt?J)_>!JF)$9*nSFYKgQVpG;2RwUmdD?HnM%2S4@KPFB`O|
zU9ZU(Ez8)ea9$XjWz3a`aXnr$2`+gdXdxp1#%#k%unjR5r57wkb?52u`nm0&0h6Hg
z#_`lk`8z><yaOlWkB8bO>DN~;WV{}y!sF#2f8GZUSq>iEx<K#m%WR}IL|(35(iklV
zdnKS=Bz_cyt)~t2+jVV-s%??~3*_qZH}7UEb#WrvT<-Rnd(<C}hwEqVQ9fZUJ~&S4
z9NqK03>tmQ2r}!q@qGk`_j)6|S0cRdqy#}08@WBqwD_0Jl)C)xlU5=(0N;6%MX=ZS
zs?EcBiPDT+CT(6tW|-JAJ<i@fMPN{F(()2tS2fopxct{$_L>QAa{FhMYUwdLK~%8Y
z_H7ge)N(&ugCWeIK&}Ucm$}6yAETSma7@ey@eCo%5SY)?SWmT^%Xb4J%9+t$FKTH-
zAk^7ct&}QH_6kw;U#$lI={XlXpO;=W3Ch0{TJ>O4U3sT@c5`{JLe}YW*6CZ3o!-|<
zY3=8R`0ap~N-%Cl+5jhC8S*<Twbz6wU|Y*)bp{^FD_gI@Aa^!RNSVf(1a;I|JzvH(
zA)2|T+zo)NVPyWGp3*tx-C?@lX`AVd>guTccI7jm$y(OrsrvA^6vrKT4f-xNO-P*>
zV;q<G`#dxU4uD!1egdXeJ$%=&1b*<N%oH$7r{tYy(sy(k%WnqIzGnlU#t>=LqFKb(
zX^qR@1@P80)b<xzsk-(UrI}R8y;e_+=0I0Uu`tqo1*fP+W#H`AYA|Y;GT3(-HTATf
zA*z0QRzDSMEdLeuXa3DVdYFfB8^J1_I7?~y*8s@|R+xWG3kANUmk!5$;6SZXW?d5s
z=Nnpm0wY9qWZf(|L8)@-bzBu+cY@OLz50lpKIuV9%YTBQHnO31*BRhbq4rnoJKi&-
zN?Ce{sw<CETD}e%)v&^k>nK&ezLpR45F4mgZ^{Q+dX}G#y3uyDDYJVak6FQ~>m~9;
zGycx=A2SI|zxiEuo4NsRapqeh=oJt(dL05NwlI3lZVgfOvO0#x9Wc^RZKSJvAy?r@
zzYBP3<MMZz_b3}_Cyq4p6s6^-p}(zcR-2CES!Z>R5LL%RmYaH5^~%-P>p|dr9T@_5
z=&M}a*+OagSMa+GP7B#@3coAa?;l$*KH1Z(*9SxV&?VBU9@ayDdcnRiGa6(Lx25|Y
zr_?DomX|@VOIWWDu~B;HVnMy9g;m*E-VQ!hu}`<RP^z@+6*58#Gq@VAs3(nm1T<`$
zwIT%mI?mv0+rqh_{KoL=`LUML@>ikbb?o=2?Dr1%y_x-fqgL~_%O8YRKeDgWS*?fk
z-<&Hx2P--0=)*8}U=5C4%*I}gVI((W(L`P}f)&-BiuGfvQd$k32zO&7-<^=Jn4ztF
zRv4HYdHh(&2Qpm#Z}TVp5S2fvoTnCYkLQu1M*+~CH*IGwNuS%-h>+0ehgLD1(CDMh
zqL%;u+7K<Oxcn~6OK@_tD3ra28feOPQBcg?AQL8u$b_lCyNXKJw7`VBaUPY@m>fts
zJO{~exU`QskZL!heZun{-8oCkchvR*@*UM{`Ho8IU*$VGh;f^jJal3Cj(X|&j_&(^
zo9`$mBHvM$n0!Y!>G_UsK3Be@lsNg09_bz@-_f_{$anOfG2hWWqc1GqQPouu;r9PF
z+L-U?_Xmynj*3fM*=O9(MCCbZ=yA?GM*%I*(a_jDM{BxsF`pKqw4&Wzf}jqJ%5$_w
z{|)(zzC3UKqA$0I;I=tJctY^2pye;>9g35`=+?g(^A`<2XZ|9SEnfbj&qI`|8RyGi
zw6<Hk{6$k(yQX+4iMGV1B>KjflBmX*l4v<YnT4UOBj(3+40qh?ly{))IW>&Pp&>+G
zN2VWD01HcDi_RFn=gB0)uG9lbxCxEhPo+tM;Ocu@+5^n1OGxGi?0u66d@!*Ofyp+~
zH|f3mO|XWolJECqeap}#A65c?gUv=phKG~!bjs(1yhe}OCxEJEvgHjs?vlQd$_V<r
zm9^~nw-A+=D+}%VwO(ICDn@#m)xi)r3G>Eh?$Iy7>c>j@t{?6n-k2D%nU<S~0m#k7
zx5nL>_(eRy@hBpZMajD&A!4_2C3qL3>=yQ|Gh9}Hu&k_hg5+J45E%mxf9pG$!xM1p
z%1V4&SZkA^wMp_4p1#6n1jVd_(k20RIu$r=Q=;TA#uf1Q`L&e!d4I;s9|V12wAj1a
zhc|TnopVN+fJo*pxKQ5L-emjxY$!FMUlQ(aS$pGq+7(bYDKOF`IJ0xilJ8KGAQbq=
zqEos9eh_p@ogPs{obNMXHlmG?Y1<`lDoemrL{%i<wohOS$3o<{?WH^q)&%9c4m|C)
z3sNq~%O&rvNqi$;yhw`!@L;00eV>nBZ}L=dd2T3Sx?zG<^8IiT1XH}Yga=dX95-I&
zQrIZXvzsOF_ZUC3d<t~5XtLH(KMXbb&Sc)vdTYFn7KJ;y6A|UcjtcaSzQm4tYaPvv
z8*K7)xTEJTx-hOs0*-qjhJa6BY9!#D5aS?e{e2n%w?G(*u~s-rTX_i*kVF#jt~3b#
zz^FC4OypuToyg<tqZt5WL7qR`UcYkfvZupkpX5Xyho(i3d(+E;AsH|Pvtu!a7`!LQ
zuWsbo)0OwHK%+HXz15H(e3LTkiV#(g1oi#A688J;Am6Xssf=a6ztnzjQi|B`8?@j1
z6vBRAAO4-ie%}_<^JAn({H6#@M;(|S&qlrHZMr-}A#A@E55;A-D2FabwPI1*M#MKX
zyneH^(YFAT+6aR3bqWOBg}lRF9$(%-@jASs)(963Dl0k;F~r>~V~i3j`NqsK2JS2s
zA|rFYk9OnMYS`u;yh?=4`1JhDI^~Z}t+c?06PA2SS}0X3TOj_w{?_2)7TkZQ%A1#k
zpI*Ftu_kW^o3z{B)#|opLp~}vW02kU47dch<TAu-mfvm9@DH`8tM}0e{6^LH$JEa@
z*01mk5rnc(q7Z{Q9daFovG`Iqv>NuUY?m>AT%+qI#ln8iJFD&YY@W_cqN{H$)%JVd
z#QmN<lDAi9u(s=e76oOk6}Ni6;^CtXGrw~y?(%f)ss%k|xZ80tp6v4Q1ZfStu;M{B
zr?cUgF!&lwDZMmA!)0na8jkN_Q69OJ$KqG7IU9{n#-F*DYW(@1IPoqm%2j&%o1*xg
zt^N|8I|pSo<}#?xvroV(ZhMLHjJcI(wUCz=$W^MdMcYp|T!N{vM!W?4<*f0%2H{v>
z)!;bQg7HHUbsnpBpYDxNM0_UHhu1zIqYuYf`DP%HsJm5{l@q4M$jU@6E2|)8VFJp^
zuZuy3uX$RN;Q@^F`}NaYhCc>Tas&~B7_zm*A9dP@zt7<3BLj?dyIc$D2ajaa!Np;U
z+9F8a8Vm}2{ZJ;I9cIb*c4sD#A4l~%8-6^ksn=u?MQWc;nAX_B)N2jbv1i6e<CcMX
zg+SYUU&#w}BmSg$&zn%yvTw7P_%2J<RW6)8ESJ3B=#QeG?5Le^^E{1cr6fz<TRU<Q
zUwJtmMo8W#;Bodo&MJEu$t}vrOYnZGMSF4ml^&bt0gTK1>=2XS>YMuE5R)LyWAbN_
z+n(;suEKzu^D1-94aMoMzNxI9yBmMfX;CI>0+*RGFLx0H>GeE&I$~ygN1fQ7=VFMh
zbVXt>2lzkiig~!70b;KouMzvjZb0ns#&cpnU_)XPf1k-yOj_cYEH=vwWn~S{G6O^v
zj}~f?yn}4e`MrY~U31Nnj}f}S|0L3NIsACWNLPlJW1S6j-EW}lib%R<80flUN;F*$
zCK~9P0jTez2T}dDQzTt8bh=LO1filOZ>vqC>$Xl{1%&C!(C_KY(XU<b{pm_g)#rC+
zengke_dukOm9D;{fR1@)rMQQyZ<lZGF$wOjE<A6xC|_L48HCaCKUYG4kd=st4G{OE
zOX)q#|LEUEzt-|2d|1~Fu8v%Ek4bO^p0P>3Dh$o~%d<coC391V;v$0$zrX2mSxcb#
zB5c03&?HE{Emv`rv-Txil;mK7RYlntzERiN4r9FT#!ylBpFmUk@~Z_w^3J}5M~MQ|
z=1Ys}T!EqX35AYfd43mTl@l&`XC5O53EX7^AJySGAi`~K<;9D_F{7-K_q1K}jdmz!
zI^h+L*_Y_aCVcC!Hb#@xb)BzH@~Ni{8=jh?zWrML83@<;AE+UkSqHMH;=y|bq3l|?
zNW{-Ib32A;#T!i7P`LTu^jG%D-U$07G09+`sAKf=VWsv`q>32=O3YD4n!yNCpTqbe
z6`!*q1qMm4CQ9c-k5_Sol_w=>YTcma!}?uq)XyW7DVO3k@|$_SqPXx^oMgQwCmCiC
z?(Fl%h<Md`cvT0Giwe)j11WnOJ8~RD=Sq$eqWPJPptX!~k23dERI%|)amNcACmD^D
zYWmGJDMr7|?qt+&&Q7|>n^PPk@;Y2>)NiXXuvN`dAo6~CLKAr(VR-)cpWq_zXX|<N
z+r&wc`fZZ+Jo>E%Xy2r}3N-zem1fXyz0%_9x9J@Wa&VVH4lX~pej8N~EeChgP_%wq
zCuwr<hSYQEx7PMtzvWpqIk+S>j((eBiPCS7i~z*f7pa)9$OZasnG40CL9=m*nEIXz
zB_h{sZ+0?hw!W8X5|N=~M+cCIPq~-`8`W8th#$j;Yc2tiCb%?-`0f=Ttv-DkC1SU=
zY%Nq_D2~ga?zJu+0N2GJg1fg1+A;B++7`NerJWwt)S}RiI$-iLY1Rro=HG)BLGZMQ
zxHavN7Hx3JCoraPV5)tB!?Oz>CfSsy+T+I0Z&!q`$Jw|{%26y96my?lWDwlGl~?fV
zYA=8S=+p8HPG<0$@MM;D)rI@nJ9yCTwRbYXo^oYGv~saPUYDO)=afavdjU~q^D`S6
zpIQZ%3~zQu*|VH-O#xF-k1}`YWz6ztA^tAKcQOWk&@B08GS@g;kzQHU6>|XI<+m%&
zaIkHC<LSw^g5Z3lRe8}8zCV`;F%t7F@EVB7zi=-BFZ2b{wB3!wwu0dBtP&Br0(rmW
zb@K~Yge?rKOQvke<w0y}r@W$gCYyql_(w5q!`7>Rsy#y)o`yVXCH#$$7RLI4JHnT<
z?(WVgJ&M6I)NWO-vhWixFx8Qv=Xb;B05+(?T=7r`Jhskp$&E^32c(~(HPzy5cd~O5
zj=RdBw4CyeIMVjo`tW-!<}&!(^KjZ~MLpaPsN?T$G`*8D)F8SewV~c?c>lP-x5k|e
zufT4D$Z6{vD23O`zGV&kRkP9iOl=?SeJ*GS!<T2zk=^zzc_{O5SoOW_uzHT)ZO`(v
z&#X=D>oM_a)0OYqX|a439E-ef^7xZ*^fTfyIJO%3m`P9;39<3AZmHA!^Empf6GKW$
ze0}yyedKt}PnZN{MJN;z|54LB+s4P}ofT<Dy|X(_*E`nnv73k&8TC#T1mjF98Vh>o
z%11T5GY+%Mm>=bOXM3mf=$)4Fk$Pu#r}OBY{usk<$3RW*OzdFLJCAjUt9ORCHRv71
zpm$cDTkrfnFk0_C+#I8K+P2g5&KdK$^v)_X*E{}Bn%=psO&q<G&^Ai%w073?PAOi-
zy>cMvojV4eQ}6T`7@>D;9SnMB*TqJ?(-W>~cWKOLI$`uhy56~tP22l<C(tFc@-@9P
z6H~O@@Fa@rPnU;9b#K&B-{;5ZooA9k@4N<Mj7c`=otdc-dS~q=n%?;>^}_Vd#i^)w
zJl0sfLzFk$pxnx6Z`3<)S-H?U0=7$^7yp5i*}W`0na!8#ddHK;_0C`hzi-E7xa88q
zdMB)gxc2d<ffbusi8peM+NatjpJdu6r$GKy^5K1hK23Ryi`{lJUbOSW0nCRN;U&9Q
z)?9|G)=K>S^t;Md;z<z+9^)LyWq`d48{NY##M5Gue4`-9&19>~Ki-B50B)7tAWGhw
zk|VBT_cliykc>9t0Z9&CNrz_*{?r}0OakoYiflHD28&BRPUPL%opva?ggNMZ*0lxl
z8OeJE#oHZh3G?g|m6Fc^U*RS5UKhTo&C~VUqxKACDqjW}T&wjU{-jyCcy?*kRNFWk
zsy3@q(1vS5z5~$}@6Ov?a=nt4g1U^j<YS6A1$p9%wz}`<o6(hXgr^${h;(==%FGAd
zc!z-QV-;gu)1MwgdHx{E^9N0Wa=0ZFBhSD7^E~o=3iHpdi!aaH7~@Tjk?Je?p555Y
zEg(CYSQ@QtJ;nF4owz@DzoOl*yp(B}6=%>*dR)&-aNDzwVm#IdFdpjzCPBGghg<R;
z5rlJjQzME5q3n+M(2i6o)wV^IuI<97eJ74!WScnsjnwu$&*v?f)brr4AM2s{FM6m{
zAQa*BM@)k9eIw!{jcRdTkxD}jYw>LBGV3btA0Y^3W0<q*Rq(sg4yUBf#7L6dSgEXd
zTCe)-8J-Y!l-;H*OhAUTssB03AOEt?uj`**fQ*Ox6i-5ks`aNK@31=K6wl1WG{NJ%
zu0@@OT`0p@-B}Q;V;`oM%umpEfBi>!XskTDO}RdSUlUTlucb7MXZ1gd0Y<Y93=jE%
zpO2fg&t)g@p3^>4h^pSBXrWq^{mELQW6eYMU5+UNZ|`ryvj^Cy5A@mbv528rz@_(R
zDL-()(gCJe%TDJ8WU6F{yH?Ll1qR$u6Yl^ayuQ|euq=~?u<K7CKEG-<;ObJ7hO7Q3
z47f6xG+d2^FqRO&eG_huCvc0P#9$FzGnUU04Hs><T(=Jf9Op0O!>e+mI)g2OzDXVW
zGacCDA`FpOsC>djQ=t~5;@eBLmp9`&YXPtF?1gOQ^Y`_#%U(n`v%ay>D#?5O#kimE
zk1ARzdGEX=UXkQmcri|_kfEkX>F_yj@)tryW+wch1&a68G$Zrv7D7~A-fZBX)q=(-
zSDi8N&o}z#6OG6}@3E#`j`OB2dxjDa_<?~sww5<#pC{>`Z>f!@{0Jd}@|_wCl)qij
zD8I0ge`fYY4?&}N=URQ$YW~Gd%#?0>e*Z%C{Z6T3NdXT}efduVH?5;V-uL5;25$Nu
zJ~M85?X-RbnxVYIKWC_CRXqrpMVSGg8QlLmav{8TZ@=^N-l}79c<;zDN)=Z!SU2ja
z!!d~H&k)h>FAy>H5R!6RYmlmIc@pbt_G2l~exFjtesn()O}39(gGRD#$6yl5%dGZX
zXu3%rYPTp;T7%R-)NWB<h9Gmd^#%3R`HCWwfcFUkeXK<$LGhgAG}ZLg@CbnnTETH4
zGg^CG2Q>@1uPKC}Vt4}e3+0@O>w6|p#rTSF@Iguo<g;kYFw>?$KJ1jM!XN_DTZaom
zS>E|UWO@f&hHl51Guum)e4UT$Ohp*bQGV*pd<GC(DAHL~cQ?dP{#9mu-0&B8dhr0I
zN@^l5fyZmv<d#MClY4G_tB*8Ls%%Wq*RBhbLRi#aeg`@a8N~^#Tv{Kdta@cDrLYZi
zL#iO$?SHi1s_((5lQCx3@lj~Ff3q9+>gP*>Ao+%ZvhVXNFPz5<pJ0XF<~CYb*Bcd}
zl2iVrKt7BXC?i-Dm4u>mQb~Qd^+Hzczp~E1VmsBwS+QRqk0I4Nj8qwaL8_hmC{-Rd
z;YvTEvKbza-B`JAsG%2~Y*Ae;Jf_cX-??Yk{UMwko|eVV?&c%L<1?pRRUq$G2mcXX
z^}ZIq>N{XK@5e^Ks&5<;UiBx2m;@zIAGPWoYRsyC??O<t4Q{bFsuf3~+cVVMe<6b7
z@nDqiQXn4!=5fl+;C;;=(~kL6TclYX+T-<K5=eUIb5S6H)OA}#m{}H)@>dgoQoozQ
z3jghWQ9vBR#ow+%h#DP{y39I`Mi=8z*x6(r2?x98K0zpZklCOc&Qhw37I3llKE@T(
zD0{kcd2^8Ow;ehX!(9^?pS%8I-p~F<X~lyYh78Cv2ubZaMpV-Wj>Z!kADo+D>a|BH
zRo<Y%7_sppL>a!VpQaa-gGUTvV?SP-S2mmp>Q`Cn+G+c)>&==?wOn1OP^#QagRoX^
zu8Tp*RECm*zd*^DU(d0|e!SPX#xmlsF%oN(Ol9az{fki>_D~A?(kU-jEeDXH_Z$Sg
zynQb$pw|n-3+UBClc2bcMlGO{qcIEUg$tST+_(#8$%U-FjAjJ23^JYHb{~Rz4S+fd
zK<&;z{h*c`a~h}*?>7#)MuYZ3P*vWfFM$lj+K5XaLwx{N#>)JtS(Kg|0qO#kQYASQ
z%aD&l6wuqQ8m2MiJ&J)L=YW>D?H|MVB$b<#@a)tsGy;w_22dh|bgGeoROJk%73CVn
z)rmojZDlQx4}m<&taHiZ>^4oIMR%RZJl4^y<$Gt&!M^j0jH4ICXJ46V+Uy4Dl^(FH
zrk>KC;lbV%Y?zFw!{vDUsqk|ALSK$+lf%og-F}P)W>GFO)a}#$T-&J+B=hS^tOK?E
zejI1V$#C1N+iT<8X&C1^Fknu`new?29-i`3jWH{B5HsX%{R=j{eb;|SqEtqrhZu>1
zr{gWRw=QI*R>g06A<O2g!<1IMt<{WKdj^3YPudd<wR^k>-s4RiVG@+k+VIuFt|^8a
z3l`<XYQCF*JLp#?2|~qX45_z-hrWP8_v~OGYj{!bZ>F@usnJHg3nLe99E?`s3pHpJ
zu4=<f#v=&tPrUFUUicO(^xm7Gh5MzyQK}@K2-1oY*6;1C-%*s(ikH~W{_JM~jp2_j
z!vvx1;`lP9$Bvll-I*#M{ukt_$8e2vh694r?lTF>+iSuIUTBU$@T=7k2(C^Pgo<W{
zsG$txw_4*|D)~Ao`cjFjTEA4n<?n}V){giSyK6h873tbk)EbBw&}aX>0PjQ0jXS#9
z0B>Rhya!fAz&jb>WxUvl^>ri!eZ7r+b!L6NZ|LiFV_#O~b>5d1`>IF~go=9^MK05r
zE9xq?k-5~F+l=(7)T>rJ$GYeeA(TgMqf|LuAEXt-*}O+GSZ@!-(6^jnEjK>atlKE9
zc$~E!#aat6Q*B58C1BD)R+m4+<sWNSyTeW%-;B7uKFBXub~zK}eY)gj>ct1+(6}gu
z#$#7T(|9@q=7IRoKCzY3irEYi-69rhWt_UVZ>3aOb1X<J`Y^TCGf5C?HxPfHyY9v%
zcWgZ_xp^sUJqCh6;%r{HnHP>tf$-a+7GV?up!$<qt}zMv3#cp-==0F)5w`S}Q$ec!
z=Tr<O=4wWB9C%;Z!nF}@>g=o2Hg)7?1J+m9X;^>P`1u?Cb2lc02C*4m!w9;IdyEFF
z-YA-ZV-2>v*ub}&hT5&lsJbAYy{kj^<9^&7bwR3bY0;BmSe2raK|M@6oJ&4oj)`rC
z@9Iy0MiiZ%4HS02SL`)(lNR00oRo8fNXt**NTZZer(cA=8h@v>;(NvyOq8pKLX=j#
zK8(3up>z06>Y&3w@WKKl`2Mv>@E0KHtkkN-lYC(p&b;twkg9!n8iCxSL23|Z>zX47
z9bU3$7#aG+SL^T9P&gngR8H3-?F!XW%z~jDs%8D_;^)b8^?zEc5~u(EHRotFSQABI
z*6Vn#x)*CYG0p&cH=U!=>#R{u!~oxJ!pT~l@?Jncvq>P;JJMuje&+A|VZpitJYTaZ
zb+2KRLmRWl?+^vS=?OBgw)!o$)(+xw3#8U9hi9$QYofsY+fhACnr!$T*W-ZWL0ko3
zPE^8LfV+|TnT-{v@8fI=b~>(u=A)DnPr4WZCs<S348WEukXK6HOYphR;qJOj7-i3Z
z{QG_GcvX8=TiFl+0fB=;xDvx)si=#9AwRPb!I*fIv#(~u704?A3XBJ*!J<~So`V){
zwzBV!phfqMG}g}tRA`nKdij-r7=+_UttQNe+WFge2s6e{5dILO#rmsD@!F0BuTjKE
zyUe<Z+lvg`<dk=mIoU|FHk@N7I~cED6rUA`Y@pOB@6c!tHVs>ygW^kC`?<zAtu5(z
z_Ro4sD}G^X=PCwgDHF40y2N?<TubyOR>c}YfRERoYl>|6!SRQmupW23SN|EL>gxyC
zeD}KKrULm8X9*kdhf{9OtP7uOM_A#17?lt9deM<M+Ci(|a|GwfvPakykF5(Mxgs;d
zStIdb{&^kW?PjZ4`ZLH+Xu1aZ{3`}C`Phqf{^~kPD_R+@u4X^~)<kK=J{{Q|!K2o%
zlRdiHc%6(%hdI9(833IIn8UH*MmTfh!`WVqW2$U3@^l8{>GGeA8)Rs-u%%kz7-2jD
z28=z%!2Wq{JZEUtd91M)6-p}-@72(7`58mlSF19vnqN53!@fSV?*g>@idec|ro@Bn
z?ekbC%Aau^yYsZzyNk*EYP?#J_J_6&g4RP*fqcR#?*;M7cvr5|#9Nqoo$~7N&P!eF
zB!<NWX~lWad*`lr>|W8EdA^S(MH5jCt~N%C88gQfNW8_BUHwdFX;F%|vcyU})uJ=I
zY2rVe*-evc!CruOwem90!TqHzm6G=@K@j9Bd70y<1VIoy2O2yFrPAj8lJ6aOkh_tH
ztxoxbGrM78Pu5xO#c<EO>R_^Ge}DEtTt>26-Iqv<QsgSnfy&b6Quo2kN-f@k!_#ak
zzR1%uZBnXB-l<Na{Qa53)0|K&x#XSGTPU+%XEKk`;b~4RUOv5rQbCwpQ~Q(DO^}zl
z0>e$7gWU?UYbJi?_z9KQ4)tkDDVsx6X-h-#90on}MLh>oRA)rKe8*6yynYywLqt9^
zg!qd~i2wcxBzv#BJL!3nWN#(Xpxs2?t$cqtNQroV$zs%5SJ+41?-;dw%$$+%;eJvL
zp&i+$aNi7%!-%|n2$9cX7>hv}#6KjR__IjQ7LqW<MzW7g>_X%t$}rZwKR1Jj>BO_b
z44sa=fBBd>N?)ynHIyx^G_!K#{Tlv;5qSgjFQ35#;xNvgW0mg?uy#|%5;<Q`CLIVe
z%Wz&LYc4G^v>)P>o3yr0Kd}*ctJ0(dDaqb7QkqvOEvhumXv`cENRmGl8ISP%#wqY`
zGQ)ediTM{%^?hiB5-G1qoqae+qwqs~jaqpF@lm&=wy;X!_y+PBwdim#9Pi3U-R;y*
z_67NShUGE+vGN^<wDQa-_#MNX@@Yo&ZNtK3=}-JOlAf(ZY*c<e6r@C6nORAEb?$7Z
zzmuKx>X_L`0#iE+%D#g^>h$LeL{vzx1gD%YIQ@xs(kp=k^6~|zoM^|n$h{bz@uhks
zfC5A(aQZC(2k~b@B<t)Q?gyQ6kjU#?^2*vS80YSUOFqV|`pfn++PSYM{$T>~-{kZ^
zFF5_lq~{6Jvx#Kays%xd{?169FEE(Ie1S6$K9kqz%=wgmjO71QhzkFW3==(D$@JD%
zO8dXieq?4PV{&{CDmD^%yYkM#ASJ#^_wRriaT)2=(J6Pb18luIl0c_IA`cUYoS=^v
zJ%2zwkxz5%TiBR=Z+G7f9rjIgcR&<+R#;$#5r45j<OY&`!rhVh`;wj~l<Yqk6?)rY
z$~{++gqxf)`<1|0y|z+|`;|$uZ!G?n%?CnJh>gnr0|@-hh)Vd%X23v>o==)SoirjR
zs1Hy|Gb`1{D2-%bVF<)0b0jdqn}Q5`mIS7mnL9tTMvM0<|3W-}Hj$pq)2sH2f>5O<
zoFrc^6><bYsr`*Hoabvy{*UkROoBkBSF>UwdoXg{lEs1`EEOu@(`rEwly9-&EbZR!
zjUtr23H2agw+9|LC-FveSfl5$ky+%8LeRO#CJMsR9Q@lVLL=<KA_{^+uu+!QXf;+O
z5bd@yXK5*fTleI!x>sP`BCYP*Sa&RR$|`EZjApfu{R*`wU~TtAB6~{pUU5DptllcD
zH;31|gUt<lWPl5N=B(!1So1Sp(?(>^Vw@0G`dSqD0ztm6P5^fEFJS~w_U>aVX$j!8
z+OwF)$R^dE%J83G^FNhuurlDX8qmvYyczy;mR8w|m9wz2MbvB9!hc%Bf13H9iVNEn
zVY{4g4HEt{ORL-sD^I}6qr)}EhW{+mDxcU3mFHmPl5maE@ShX3$}6$*XIS~oaE<rF
zf6mb=zqvO^8UF*adEw&lpP%tR83j20)fZbSC4tlzJ`;tq@8DT}pY#vlS$>ZXL_z8P
zn<mdeVEd^12I84kBovP!zDD-|B2OMm0!bN7%vzgVLc|?J9#ll+X`_iec><Hg%Sj;h
zz^9^6W*4FJb?-yxYu^_IWesDQK<YA9+#QP-V)1HL`~?<&#EP%R;s6%UWyStqBXpVu
zpB(_QKuy2l8_D3ig#?m@0&EN*2H51W8c^4=Zg0VEZ^mx>ux@+fsHv<t8;dW&;%rvj
z8H<m7A_`?$Slsj;6t})73QFUiXnb9Y@Dwt5t|jv1A|ekTtpPEUb>qZtzQJz3X5IW}
z4~#OF72k=)uVL{gtauI<J6Z7^So{nYKg)`r-V>yAwDCLpXVyTfgW_xCA8Sy;!`QVS
zi$Yluw(f(id$ZOzVdv{v@qJi)F&5v(iaYHI!u?W|zYm$>%HQ|n$ltG{<nNQan83)*
z(u8k2qwvioM4pnf)Km&T3YFWjauHs3hn{oCa*38Zfh6&Yqm|CPP+)1o`C}n0kU_X5
z>%v-5cZM~9uhRWI7x0>(1o@xD8!(ZiEXD>kyn&0zp8Z<KT+Hoa_2ytbh1ata+0!H#
zWMPA#%R>FWv?dRyWGS0>2Pvt}&B1HiQ;JA+F2N<73xV5|ud%{ttgvJbmW}0gilENR
zyFqY#9U~dv5C5r&PUS(YToWUHSD#-J_rP`ve%=+Xu|NE0jaIqk7cQL|!i7!YKNTS?
zopk-6)}wst`jIG<J%-#k>uuo1s<%Z!nXxN+z1>7S(=0;q6KuT=B!Q$;Ct>|tAqllS
z*+%5y=|sLegF6n|YIy!bQ7BuF1N6WFMzaB~-UX}S0am;bi_KX45Gzi`;{L370~V_b
zp!gbA{O8VKI9_d7K3NR%DF!|c(E1NVp=>{PIUl>+v_KS;c{^dmf3xC)SUeev|H+Dr
zvG^5Md;p7!48`~Ej3=Kg2Ki(m@^GsL1k(X!C$O6|?B)*EjfA6^S@9_>KJgY5C$r*)
z9Z;;kFA8NRv3M&McVfkxcNpZ8<R4Vxt1Rxp)CV8+Rn|^4LAwRmZrfX;p!^fNoydw!
zSUeSre`Uqb?TGMSm_L$P>1&i;uapN(U0z56saDpq1GXH1EvK-SIjmzQD+2>tJxykK
zIWOfl$Uid5LCcEwM4{|5Y-z@p4%RYxhmKDlb*K3n7gOd)lLq-muh#Zq*0wvgUH?yL
zo5b3#-5w2Z2Myktv$V!ZtnrQ5cs4d({ZCO)0^1|BANYIj6#2)OwT27d6@{|fvEjYg
zkhNEaZV$_E_XGYEBA@jriJqpk$z4gHb9XkkM-pEoVh!ET?fGeDr9VuwzEVm{kkWE3
zQd+J}O3TfV(sFY~YIzS>y-Rk0?`u&y><H4@4Gew;#vKU8rZ)kMGo_-SY}ghB|F9vP
zBP4H=h}y)z6l}v~+y4vO@O7+gy%5`w^j*S?K(`&^Jq{}5Mz}KPmvARor+7a%IF;Vp
z|7Z4OaNB=jPj1@wU)Yl$Zu>9n$zrU$_(JSSk_~pJyEn&A1M!b<BK~O&+_qQJS!Z&+
zVl#A#ZHjA@cI;zdikVa=z@|Nu{JZo#9Ly*<8}NsnGIZS8^561~D3t9*TlDSuz%mQw
zi-Pjjmgx0zt8RL<Xr{-YBK)wK+Z~>&vDkmLNz}BiJkbnGBzu7<lzoW2c@qxQ=><_x
zGPf}K<fHCe{;U2?TK~}b+i!_N*|*sFj@O~{AD<TmW!vT;kJqZ_)AAh6%9Hc#i4iY>
z^lfGvpRMFQU=jqU9D;cHTb=TH2-xZpc_i0d_@mL?eW{rdy8WggMwYLXyoDw~aQKtu
ze8J%#nCO&`$@z({>_d`wfQfr?%5NKk{K+A26BKbL(?+JR1hXXoh2wbY&sw{t*8+tW
z;#m%-J2oPxyW|qHGy7M`yAERg^@6BwD&+l|Vut9BXGKg#)B+IJ6M2=g?+Arwk!N5N
zkt+K(1t|nvTBWSuMZfYCM&3;zV$4Kdsg!IAVhHIv$y=pae2WEq6K5lR^Xyj1H<D5w
zRy;7&ZY2S?-KH$v1lw}nm$kZTA8r4W;l(#!gfNPd@9S1dGq+?mIs?y}U9y^4>8#Gz
zIoMg9k0zLb4II_^0^|1rx!CN_vnM*`VvAEAW_8H<Otoi4>=9wo806>tOqyBelFukx
zYk~l;jbu-?TilsCo(DC!{D0@`FVAjMzNleH`cwHZqCxQv<<%NQY%CXP45mB<ZK*Pb
zRrRdMii*e!*`BHT4{D5e@3vbYJI5HUJU_Ehy#ufd7v6^2ZR$2O*B*R>StrQ+zq|&_
z@0u$L%Fd0T!E;#gAuKM#;#^j|7>loD#Wh_2WAW7InEuCN6D!`#^*<KxWSZ@{jsH9O
zkQgl=?wc<PWoZd8P)8i-)U%?Xq-_jRqrQ3<dOXb*-(=hoR=RG`c{@R23|uVf8_0S*
zI%V<tAWv!GJ^-Rp{)NGqpo>V&#y7&5kfgy$<RRv;*qrjZD3o1=&_4ER*am%M17K|w
zEB+f655(dgY%+Np;>aUwp6s%>hsk+FCUiD}h$-TVSw8KQx8*ZI(dZt|rhCJBeY&0g
zgz08LUQ#y6gpJ6iXEy|CCRI*t0FJXpaU9^|vvr!xa#t4kes|x*+HGAI#AxfQl*Nak
z@Amnbzt{dtkJt96GGSeizm0VV@_lvBwqxsP!MY%I$SVsT3BmKKR^_?FC`tZKDRl&%
z7s(@3IlLx_A%F+N#nu*hKwPc#-^g_r`mY04C1wduxiYho^lawz@l=h~$fFS^8EEn(
zTlei<@*@_PoNJYH)BW%sZi-FLz1E*+FOqXJ*!-gf0STo3bFL_qIgmsj%?1(;m?H|x
z2kU@>&#~ehEcRmYW0OTed2wBkj+vuVj}dLBU?7x3-pFZnC!>{Ttxl`4e*ix1NT?C(
zfj~pn2Ptkq^KESHJfL1Nuhr?Zp3$cVL;g)`b^2JLKliun^RH`kntXWSyqyx}?I+C)
zhk5cd);#&iEA(x35=eEtCJJTGAR?x`0*DwjNfeZ4*9HyoB>rptZI0C6uZlw1d>rIr
z9OO)~C@7uQ^7V3|`0lty$9K~qBfgKU1$-Y`dro}6xjGKMm#^0G{n?=~zQ?WppWwUA
zh2Z<1IigVZ1)`!|08nw%EecATHUBGow~fH}!r9D)#z8)L83vij2Km=&#J54-GHi3l
zCBf5_Jh?jwbp9a_;ke|WKQeO-_eWk>6K#w}pyX`e&an|@=$JXsevsDwcKpMt^jQ<6
zwLidn^=W3M2Yi0g!iq?C$o+;v|M;I5h-almNq{=fHz_TQn%PfUi+@+g8sc`de)g>n
zQn;E+0;$iuA_`@{AtK)K10r5{Mii6<)e#<(0UtkT{?fE8<@MEnv3KNN{nvX(g{#4y
zue^}GBhq)tYC#a(J;HX%SiX6t>{=J@2djY}1zz3J>i^l6)A!h}=|Z-gNH%Ouxo=|h
ziu7Mtdu41j`Y)pmePWa18s$#>_$GQv=ijqZx>m<JJD){6J733fcCKb?>m}SH`Hu|L
zR%B67{=G8FKaSAPg!u~=rldPX7<YQo!3^DLSZ{)-UEndaI^{Fcyk*3<#wl-*=2e=P
zx!aKJb&_ut_yNg+pln};egKALzeU8*8-GKeV(~JrExU=#p}0i0IQ+vCopQBYnCQx`
zmAs#7r$S1A_hZxiiBqDMe<JKp*qA>7adND2{fP|lCq|o{*}qBNLW4hnd4wM^LyFRc
z+@JVjxh`mD??qKVQ$zz{_Htcjx_Qw!-m3TVus@N$oXgNUH(`P_mq3Wbz7UJ}5$;D=
znIDnP{D=%?@^UyLz8vbQ4r4rEo|he652bYl+S`pQf;=IA->G(+ySFi)0JHDM>-K$y
zvKHFZE6emY*;DPd;vLF2D|Gulir^YAD6gzQqie>BV7!bQc|4;boW+ij>MIN67pzYC
z-gFX}&e*^ycW}xB%>)Am-DPpg18x31yTu`;4a{=L12g=2_D<{vamWLE^Po3r1B>G1
z>B!Ig9nuW|KGb9AAB>kpp)3nBgY@}n23k5ZMM3#-8CW`ntoRlzehZ6JS@D}#oXLu>
z!s01dY-7dGV(~?+*p9`cu=vM-C@3SA1tadCaNT`e(4?n@^zG~J7nWo1`^UfU^8fv7
zBIjC&f7)lBI#KDfJV-qulQeSyw>|C1KNgbRw|Jd$G5f`pF4GCsxn?d|(eG+p1`5MQ
z{8Q4I!st0BMqg}Q#`VS8WuPz8i+?BnDK=%vvI|sUczhp7Ju*`i$|fTohWY>xrWvB3
z46Xt+tz*T1$KpO%yxS)V%1u>4h{xii?)3c3N?+p(UC1Mi#D571Bu*k#`;$nZy@_Ps
zZJC(l3gnsIcgdBYz(=zFW@CSUc%i?SSbv8q_5RX`Kcx%>^B@b6@|HnE6KnV`He84e
z?_mwUsEnYOQT~-M`G@|=_u!vwgS`+L{tglOw7d?oy7Y%deny$SGzd8h<$A@vTk}sS
znqiMr;nEyg1xuwQVyPJK!_+J0rD6ZXx98cmjQ+is2C2N<^~gz={AYe9b;*rN8Vuq7
zFfavtj2Fv;TB57jaJ%F%b1{AeD!A>I%*vnI<9(alRf)F<PX92=N%AH0A(*$0w%Itl
z)g@20+g!5Sp3a1Wv+ppod+JGPe4gEMQX22F+el!*=#$d;q4tcE()dyK9H*SmN*=Wr
zo|MLqvyYb2OwL~Uf|PcLMM@iNBUMdFQrd`&$1A`5;)^e&w1;z~v?mJL{G--yMQ2zH
z*RAo0T5@NM%N7`Bb_R+qOhQel!0nWOw^GXBS06!B#_SV?vc*W*EiVFPpZ17?Qd5EF
z171-m`w@%3!{Q=V{7prW&e3T-7RWqMcRd~QcA)K9M4IwlxlY?RccFa^vW5|7=2BGf
z)0P5l$7-}?_MKd>WR-{QYdG~&b}Z4Y=%qwHsMBUA@eg5SaR&12In{}F6DNz=B|mDn
z;N@%iQM)Y<6k6XQX7}Wi()dI>(8i+E#s;*>U;+hblLNFVl+sM3SHfSCW-JFD<hMqb
zK`)AeO2c#^fgxrRc*X+x4}V6w9EW!tLo8r-GWqHeg|efF_*<s~;`dD#1;B^C-YyjX
zH~p;R-?}pj|0xxSe_9?F|BIIx@Xw%E?k)Q({Nq#p>O_0OUy{K6|BeJ>=4kl;t@PaZ
zFIp0X|0fauUr!f>vP+Y2|7#lH|G`pG0DQ#grxSu8_!^~G0<3c;h*KQ$HsZhALIRy8
z5jjMv4knR6ZwtvjK5-lgjCh{}`dK~wO_J}Q5Qq8q7mA&aY$JhAgQ2EaL$a$TK1}?B
zY^3iXtNRiXC`=^sa9f^i)AuA8eFDR+Brw@VJk=Iub{W_?zmtUf1>(=O5qV#2H3_8t
zSSsQ}LK5h6`~{fELZ)Ks%V2@O$%^x^cncPHW{SE7i=So11F-lzEMCM~e}ly%Sn=&x
zJP(Vrr-_2{S{dwjX#9yj&>bRTX_by8dAmbi4>)4DlFu6OB)#|^)82t6-oGQzFWu8W
zLGslyEZ0e|tbq30!{}N@vNuaF{u@y#z2ak{F9w|xb#$haK%tqTQ%=v5M<;4`>hwE_
z27Awd-y41c{O%zBzAmwzbyoW$38Y%5iTnXZpwDa1BmNkI=KKT*YJNfFSC0dIp26Y@
zR{S&;?`FjhWARWdeh~CO7B6ANqp`RT77MKSCM<rN6_3K=i?Mjg^P-@1`YFicvdx6;
zK>r(Kc^c+C%#-C8^6}Orv68;CnTIs76Y)>5km;)gCUW}z$UL=YQvDMWeT~J|YVIRd
zrjzWN;wtSTv_SlY7UIvbkwBkbGen^}g{}9K()gM9qHA&%kp~r$K+-kL!jlJ?iGOAT
zlnl=y@}P{&N+RD)q_jac{d{sJ1JqA;`PR5o{Dr^zwiI`)&H)D!2i58kh4>2_7*8^*
z$e+`sjfyZB#{S9|HTK>5*u(kQ@$474e`zKD*`Em*#<tMqA7?Luj9)JQqxR9T**XQV
zJM&G*{cj0OtjQ^DZ6nQ`!(6YWZQvP9?d`_<Pn9CS*aEhYm$$p4rnI?@H1mB(M^!IM
zUd%h^XJZH4{}zY`JZCX5Zek4y+(U^6d|i>qb3cPF%-%K6ekgDB9NwQ(+FI$J%>Hc1
zDQ(@4_Ypk@nn++mVrg>&k@8lBAt-(k@rjqC<$cPY?@$<afO&b|jDT;(Xo|P%&2oCY
z-O({~h^Nw|UT)Yo2_$XyiHsuvewX}A4%{XRBpn2*<eG^eX5x~cBrf@pLL%p8WL8!u
zFd9l}xi&V8asSm*nP9YU0B)r_0PVg%8sN$8ISSPY;L#-IBP@R4lLX`wfM#kmG|%K1
zA(GPWw8hyD5AVl2<=|50I}DRg!$~3Yi_I?oRQm+|G>5TJiGJGS@-M__H@Y(@ey5-9
z;Z>{868PC3bNxsF(+gOov=pc3XZvSx!Pe`Aoc~@sn|5i|mF~&Dx&nEsJ%`~PjP%ay
znaL*QEh~`Sb^?!2PdcRWFWVUk99%&=A+3KP>4z6Z_}k37Y=HBzarQ#?CBq@5x$HLO
z*B{_^kY`0!)VTnp&<#vXBH3=cRhlsacE%=%PWgL)jRYn_fKi*YNSI}Edb}{c$o^=+
zKNiB2M9EuW5(KiOxf`2cqM*kY#(tzl$?`JK!F`@1j?$J(r5Ov^`Y7C5+H#{bW0xoh
z{jQX}Z$eJRsdkI6PV)X@5`@zJR~EM|ohAyBcP$)9B^{nF>XT>am<Ql!X!vS+3>v1|
za{z%62pMX(sYhBd4}r)X%>`e>`tkj}l|S`WSGPvQPiA=XEK4HULm8e1KqAVL(HwsR
zMW^iL2pb?`{M|*#=SP@te=DW>_?PqX*R@irPNCX4VEDa?NyJ|br7im<?-imTc=k8-
zYbbs@Vsto}4HSxSUMwxTc$UTKpQi&BRc(Ss+Kc|LtEmZEd{OD6t&*oZAQdn*Ac<tN
z)iARfR`yh8JL(6=$%q8+u}IEQUkm5GKHp?vkM~0ArRwz<Gr>)`-9ZB}Uik`%ab1W~
z^;n3~Ia(hY{a=ASwtGdVtl=X9=Nj38lVWKPqL|2dT&<1?QmVm$tXB|>#m$kg(1_8b
zhP24y-6F~TO@bir;Oay2ZWr(;S0Nw6<DjO}mIle!A37}zgUpw{aee>)g;zc~`<H;#
zzWi4eUW>+8*}svOJ_N5>=Ou5YB#WYPVSOtY7Z%gsu&^ZG&A_4mA6#7Tg#H4s+V9TK
z|4(ppz@}z}_{vn1TO!_%4R^{r9rwBd6V3Y5qV>Zv>$Jy3C#CVT_k*f$qnl?Ai_u<M
z!ZjU3ufzX5Gm4-Zs`}c?w0n}Vc9oC1&DoozR~jH)uBEiaCi#Abrr&)AT~~>kSw&>*
zG;lA~Evk$hZ{xF{I^+h2Xa9ajX;Y>9Vf@kHC~eyBe#~>Y$rZ>+%qeYca7uZV2AgU|
z7=GQZ@_d1!ARAuFgnf<Z{VQfa-DI$zn7wmV_;>aO$))<J<eMuBLTO7I$-4mlNOj*^
z+S1m2Pif0C$xGqWL3gH)7GLU+{~`E2g`yy2E7HsROoHI46diKDV0cKU15#QdmKLum
zEirxOPA)AmeO_G72_Q-{VB5|=$U;1oNzUv+W@*NsfXunLB24{K-Hv{3-MRgiN#2*4
zDn2NAH!##Q`e+8ALrP1ub0f<Majq_FHS$a8b7EWf-7pL+)Zvy@LR;g(jt8(DCY%RO
zcSPd(62PpTkNl9mL0V*yT&j8imhE43XX4$NqPjDwd0IT@z+?;T3R30s&ykWQN-4ko
ze4VaW7{5K$N+~0a?=dtw-*^^`&bd)Wr$5i0Bc%<o5ji)9Ku!)h7t(Yvi<9{+8B-!`
zQf7y$RUw3@!o>Ni*JlXL!%W|Qq~}2{EfIZ^FUa)Htqh#!*w4xT4K89(t7c(GrIPP@
zX7nr?VDeNJ^%JF;-C&*rv;~Mm5YZ{$Z2>{UdE|dvB?8p=Aif@=)K@3XwuP7~%op^_
zgz8J-{KrfXZQ!}rGxtF1bw37{l->4DGDI}^Sx;POb@{)y&*2Y-AscWzB5zU-eHMiD
zESmWa)_?3-kJ9T?{e%sz`iE2a37c-!2gYH{w{$5jrPij|9op#?k?WP4KSdqXDFrpV
z4PH3I1IJyHwh_-+aZ+azc#=8;#Uhc9DBZsdQX-DCXBa$%Gs%KL%A3#7os`nta6Uv`
zqXi1z3y^)xs-C~BwE6bQ9f({{w$>B5*>gZ_v$o$0ZnJlb<n6;@fK#b-5*VJ;?`p~W
zFE}pPEX|mb1ew)meVG_*JY{IgBZDhFF8~*7+>$^cWl9>w^m37jbl*MHU|IG47}>rb
zKkl<}`Ka{$oI5BazI@HzJoyTy;%$cW!JXKd_lG2g5F9o?vrcUT(hK?xOk5*2K(@4J
zFm?Q_za?m=bAdZVBD?Gv%<lOf9SQ%-FcGaY4H2*@5^%uZsBZ>P_BUWbx5u(_yi}Ss
zz{Is$;02S0M5p{S@8ek$`y2asu9f}$nW60}k+=0!B@oZ51mZc85blG+D03J&o?#0?
znl*$s)v7}RgA%sDJuN0_#!(Sx1^(u(S4+OPq3IoBz)_PIa4hZDX3{uEX;adqF#*SW
z{gR}aQ=xpYDKN1n@Z8dz($+SUQgcda(xjBYfcN?(O@1)o_`GU=BKsuGnBPii;Ewk^
zM~0U+CrblPAj-XgR(z~pS=v%6`94Yz1c#?iR9^roG}z>jH)HP(&w+gokLqxgHYZIg
zhOx#oJ6Q9GyG;U*_-eN(#QMNK${f5xTwYS%GIV&+C1hr{6S61;l3I$RoI~&iRZj@z
zOKDS*H1jay7{{8b{fS(63;NEC<h_zvjp5yyhsEgK8MQRLzu}OZH1h-R-Qou@K_qW7
zYx^fRLnxRbsyRZRMzpVvZofl_ZU1t}*uElxFSz9&;DVz}rM#r)Th0qO-h(;M=-o;w
zoA8Yh<A=@Tmm<t#FE^dhr6@KDf}<P)D1XlLE;Bo*BxJOMOzL$}zYhc>?WELD<nOAe
z^7L>yrj=Iv2KjyBFq|zBaCQ=PGrr(#thF2?(c&B48BCFZj5x1-{y(dxe&1ra{~IOR
zg72ef+a2Wz-^cSuJIa|M0Xcl*`nwSmgoCLu7f|m~N~zx!UU;8OgoU?of@s)nft3bp
z&bLNegnZ!*jkoaDOpLqm+O|Y`y*9O}Is8SfZ8m6))_0MKPc>1hu56~%?+ybgB9JK@
z$hV_`Y>WbOR6HPqPsauFF*epvdnex(_a%YCkEb6DflmIuiPC=8O5TM{loH<_$@hki
zPERFlaHPj-tDf&6NmD4LkhV&jK+e-Jfq~=08-6Ix*mV9CXTy&H?vT<R#fdQRyN-_w
z{wGb`&m)i(PEJ6ZYJL-qj#m*rkIeIb%FM5P-|xjEobq<^$Qy<F;Utl3NcM^62N3@o
z@Jhb#8#zqX;_+o*Vj_{hW8Y;HnI58)PJ1DPzq|CT7@H^W*AG~81PqcD`yGrczt{dg
zTg_jxk)<?9f;88{|F)f!#(Q<cE(a1;5I?*Rl3jKStCGR~Ax=+-O5R#99%>}-6R<Hp
zHy!@_&I(tTR1QYZ&7^08tLG6CXfKnhrbH6x^ctx;kVwR3u0Uc3Qgtwq1g3T<bjhof
z*FFkTmwbfug0ArRGveqokocPM=#y0KPb3NOXh}*lOKF7`DXqvRrH#&z(#GZx4?te1
z9>@Ji5&)Evz>fqc)Sd*EW{HBJJb`P#`vvT!&1J>t9{OGO_NY_4<-keNpp(*gHvk0;
zSXjtsDbKZO5En{m8Bi-jN-M#dIa1mLo0L|PA*GQVjAkG3TL2blM*@H}62OOAmvaGy
znO<NLwKI+9Z|7;dkFSJ%A-%2oP-_HFGJD@Cw{o_eesr-Q2zmZb*?iGrm)&-A#LcWM
z?T;Mok3#K_BJGdS+8-0NKT7ZqJoeW9o@4m?O~c>X{Y<690(1^CH0R(4?i}Qdk?PlI
zTmD&6ngqZqd*8zPkZi?UX~KJWW2E{m?CWSgqoMX9Db1pM!z)jK%5%e&_waf=+`c^2
zULvJgmFZBQFA3IUbhydy`I&VN&kB*1GwAc>dcrr+q%@n;KSKfi@)a7t?>6Y+9N|18
z06s0eNgBmmokY9SQ^9P`1Zl=I5^FI7EK^SfIC#u+_bzWQ2&FAoN#3D}><^pd-JZaA
zJk}=&LY~~5FaPQCKWewQ0^{sO`u;&ns^tAtVt=%iyzjyv%Or0f6YPjc-aO`>@cp5D
z{|uB+l{wPu)pBcT%dL{{Zze%tHnev@2L?%@SlV)JU}9B{G_N|RwDopr=C|zy!CA)E
znji>;PU)i)(u<QMY~=fggyZ<kY`_vzspM-F*<T5txjU7XBz!LUj)}(nl5i`+A#cE)
zT)*3HMac!XDkoshXDLk}@`QArgszA%w^N>w0q=RL1-RfKkIf?Tgd8Flnx(WH3+yda
z=UP!H)et$?lJBc?w{uj_7%B>arYZ}S)VJ}{;)M9@4V<qij7$ALBV)wpb-ogm@&!R2
zRP#%W|HAZE2?>19-RXMe$v062&rQO3H`U1+G#SdY1wo#+DDFB$hkC?<3jn##g@fF7
z0XU4)S1gWs@}=#gc<)UW1c!f-0Jj%%q}NyFcpKg6r7hP=-aAtn#Yals0jYu@*Le2t
z>vzB8y&ATFrbyl^S}FCdk$i81y1>OlvT>2Q?<Ikk5ySxVrvpRnSxm*}xB@T3(sBi`
zfwGDVx{V+t`LwuonAu2rwh;MetU2nR7=toLGa$0Gjk_7)&Hh;*i+IxDl;>;v;5nKb
zo5OeTXRx(g;Qs`o1_Z{6PX7!v2);rOw1|BH$5qDl?omXiJOf?!CQ+JEWzvVuT!Z_s
z?l!P5HXLHCK5Dn*%fb9i%7uX-d3|lzq{rDO=;vk7u8lOW3PivsCPDD7k$mr(_)71V
zz*qXk34EpZP39~82)w4O0Gd(B_tIHP^ZS0nAeCNup8b$R>I~hFfql2qthSO5^?ROu
zLTQ#D`G)e`o;li?O_nrcf7|dmP0lL8hAitJYA@onm}(!bY<(k!5Hlz9qbdWbm65L_
zX-@_zjUbXdl6k$GJqPxeHdjjCCsPE0{c0#}-Y<DOw+)}i+|#NZdz_n?^TU3`49#TE
z(cFj}?rmH^CDoLIc3x?TSStCHAf>Qb+_tpD^tt5QWgx6W-o%O|Z<ki6^tt5i*h;DD
zjqndiU>rloC}xeew-?B&EAS{=0D1P&MBYv0dY61yseT)AwCOCGp@k&ivQK~<k%wIY
zm%YRl&~#ZnC_?3R-r}9Jl*T1b@A;Y(@ej3^=xYdWw^`>0srn=Op%oY~?~JniHI!S|
zgm@mrsrC%@j<ezOKagW;)>)qK&qpP%1PgCI<2gt6winEdbw6ptzAeIKvP^V(X5iMB
zJYPG2aLV%y`!Rl#wjVP?Kiqgj&{vka2jN6|v=2qnBgmKvSC=TwSPjaKN?zQz=P2Xs
zSt89SY%#JRtgjzLzP@^ke0_bHz}MH71en}s94OzD%r~6FU9B_9+*c7_Ln)=|#_+kT
z|9g~yfxD7OHi|iE#(WcK<ykwT<<dM}nQ`;W@V6$NaO038&ojfYZ3rN#Te%&4UTJy#
zJY1xsH7pcKGd?sKr6pkD1{23ZhKXY#DT!m@<s=;oj-|i>BO>`*Lo>*WdGPltp{>&c
z1BkH`f&FY}^$dNh+b|~@-oMcKvez8M^HpqZjWO>3w=I70T%+rw;)Z{qu$4n#iUWZ*
zI&;P581}KAHbv}X4M>dH$0A{P!-DJ%lTnaekr)<a-J=EBIjJ8jskmkZVWm|)hfq65
zRdu^42y^h<WJNQj>hd6^b4Y;mPe9v?LH<=fnvD{s?-}EwQE%qwGYtQd_j(gb(b1Z^
z7=3QqBm4XX2ZZ!}8h<}K(;`Joi;Pw}BQ(C;5T)v8jp6+uoX=2*e1ASpG^tNB-kF1P
z#Lk4uq6wzJy+x%hqBOHpForUv2FjG4pE9KebeEo=GI6V_JA#q>ehn>#`(^*9{Gxuy
z<@f)ALRA+xG9&Oh$-5oI#`Th~*GVRy#p@+sKlsaZz2v*`B&BM#iJy}Kw;(G-@XY^c
z#cpcW@dUQ&CV;~>`8l#!=+4~$>7yFy#YrbA^=^@TgHKbcK7LZ)F*~EI_amFPZ`Rpd
z9TCG{EiIIui_cAJ$B?0Z%QDHg`vgqhC;1MXqEu}<Vc5U)R3@mF=KqSm>cwIHK>mHA
zC6a$fw8WT5qcw_-J`Y7lYZM)Q9uq05l4=hc?t6hxx$z_er%+U<8SWo33ntp^H<&WY
zmbrZA_5?krrSeoDNY&?08}FB$mv7Ze8oB(aNaO^rl~Hn(G*GH`KNE&8(oFsSC4|Ox
z0x6xNwwwZ9zE1K@XaI6vC;7%S0NxXFN?UExjQ<~X?*bh~bw7^JY#wX^;U<C@wd$&C
z4ZfOKtx1i#3kl51MpJoKP^nr(rGl~nMAXHZAxy_DR6*3*YOAeSwdhv`t0EyhBDN~V
z7gdmeC^Ljd1POU;a{uRkKKIVdZo;Fs{hjmo9L(;{%$@uAyr0#wB!%ML^+X>8I&h{=
z^ug>kbH8)W%Ofq?-yKMm9vP$khr|`?Dtuj>=tCLI{PCc`)2#W|%1r#q5NhOsFqw*m
z2xA!7I19t1;Eq7V7zS?kqKGj};VE;&s+C06q-$k%tKU&@h85d)ehZ%a^LrV3dCJfc
zV@z?F6wEmM@IRe^!$YH5M3=b?<+BekdK-#&ZzuYIee6<Zoaj05DQhXwCIE%VdXDG^
z_fl$C9YA?zl?QVVkq3TqfYOlGO7xBFrlJGs^;eafYQgMUww@$TlqD%VI+|FPFQ*i?
zRd<h5jIWy~vi&?jruGYh88Tl<R9Ay3G5}`CV%P3BB^c_>1ZiT)(?oSrxha%X46rR4
zU|WoqHQhG{EgRs(Ck2)4U%m(n;YP5Epu+8V4Vl3li5qI!|4Nlhp^6jHuZ83cuQ@Pk
z*uo<C9+0cp>B1U#zNi<YsB6c0f?d`)_T+K=2MjJ>$Ty_gtOdofE>@sgvZ5}VEK5?6
z0Y64fh~$W398!ZiN+b|tM3RU_sA5zi5s`V}y(lk2h=E324}XM5gu~A8_#vD*DaZ^)
zjZwjXaZyl#?i5%fp6vvf`;BN&L6bJ$7|p=Q`|o>vA_t-x>W+qukHYF#P2qTFUF>%J
z(h`n$HpK?1+uNdvahdUsmI$d>1KG6bugl=odE!U4+nx=?BzC4arC~IczwdGVpFF_k
zW^s<Aoyy4L%oS*lsTrs=tf!Pxi*#Yq@C=MycM}QvLLvdtPX&4G6?E+2@nLF#Vm^#f
z{t!>%In%^2S(J}Vgk@e7Qb`PfBD#_%L>?XQd9v%Y7YAy*DO~o7@uu+DE5@5%hkcdf
zu-}ytO<a|sB<{}O&qoat0SBKI(P;obUmg*DAkxn`FBnBjEWl4RSQ<rl$DAJUBmY<6
zXWV#i{!G|t53Adn!XWyeAd4Sb!XW)$FZ|bv@ISA%SEu=}8^h}MrZBi>8=N0n!r+~~
zKnCq0nyBXRSTFn^Det{sN_(&4_x8MZE_?4nPhQFRkxpL8E8ftp>7_hAYs|>B_^c5j
z%wAB8kqRl89^ktHe2T&Ksokk?UYYiNeb=$!&(3*(KSLe-=}z@?FHiG>-;wtHy{>fp
zs^}Jd1;$1UDpFvK1IpaprLvoqGi{UJ8tZE+oAnJue=fs8A8;sy8)_Zna+)J#{$ZRV
zPkBBs^?ZKG^SRFR`5n(^Q9YueB3KTF+|_f@e-ZbT3coG`9UbhYu1f_c<akx)^9P?2
zj*lx`$HyMWSArGDd8|x9k#!A!s!lwW<30r!Hu4AFfd@(>W-U5NmNoIDgC%HTU53Du
z8B`LLa>RffrU-t-7@}GrO~#a9HK>9-*{EPtFcdMCcuYmJGK8t9)-e@5k-^hpKAF1>
ze9ro{K1nK}@s4vtWKlyzt;MvWIakn#3h$GRIl*AWT!nE<V`=I;{@lwu&d7szRF>@E
zSvPmaJBo=mIgd?#73wYcnu^4Y8^vps#MLxnEbvgXxG!z&4Ma<VH3q&npMZQO<=vZo
zBDR;?mTv;H)C%ug-8YU&S<T)5=dot=%}B9k^vg)MW;D;od^#vmC&Id31+cIlxgUk-
zANFBjhW5Zd=-1$q`ZEupL*l8UV1&RLYdU|R?kMQt_!5Ua!2K8uVSD&7T)K9OdX+=h
zR(SK}ZV>r$_g!_we7Tu{=Eod;gRhgPe1#;D$TkV=g~dd>u`fUYItJmi84xImnR3Kj
zg?<BDju<PjLUV)6K_X(T^2kZg^z8{5qrpFyUy&H{NqBA(!nWO)z4ctOs6O5ypV+9V
z>t!}3dxiS0c#APA805pJz@HKCqSTWD@u&W&DG>dE*8oIxpnYqk$G+u4(koI5B#q1M
zVHX>pOwC`58q~UJ4$$-<2X=dS(wkRAt)X)e#P%i81r&!iQ(crcR0M;PyStSoJM8)-
zrJf1Bo0~GBKjih8&;@Kz#(`El_9gc1;k5WE)uU&3<dMaz;~lvnvUvUJ--4%hYzBB|
zw9;&DCH)|WTS-630sF2#B}?E3qkm5#P}HJAFd;Y*yw#QZj@Y2E32I9?F)&lFt00l>
z6~@iMa>ZmsGRidWMSvJkd@_n@<%*K12$n;pG1jD64`H`7791!3S$BNE*10yo$n}bD
zN+aqj?s<CD&(N92i%bXxqUIFnRtZ7BVVq-GMX;Rcf6Z|y5?L;3bwqnKN0Q7@!GPXa
zQy_3Wenl?P`ed^~pWs%l7Xay@mP<783}AgU@gNcsW0zuVWvc&6u&QsYk5$ySU+ttW
z-QdxrY*ud}KN{R&-F9!1G7ZSs1>TScf#0y9Hu4B@gAa8pAF7TI^^VsZz7hH(+?%8k
zbBT!O4}{60_2oHa(dux{`;}yQYxDgJ%eQ0UU$*XipXA!t6IX*hf4*zauOsv4JJym~
zVRl>SF}p2vjDcyCI-)M)$$;gVY`2{$<q_?1S(3_giS`itTTk@cC=YMfpd*F|*5>{N
zoKLn-l8n`8fsWn6KDET#n_?GY=G)w3nj%i(e{-w-S+|RKDg5pBY}XA@oypx0p9wd_
z7?~s3*D{7R{29E6t9s{tsl5E|MII7yeyT11@*dpJz6JF>jQ@WGG68%`WBKvfzUPQO
z&#`N9jFQQ`2QqNoFF8&oWMX9A>ur>#p6Lu9p6PNtQ*CVqrjO)h3VH#kukQ9o8JJ@X
zj2E*RRzW~SsrBoBI5@5kO;T#V-{G~70h%zh*gg}{;+mA%*p*$vpQaQ2WtT?CWZt?=
z59a5`J91;^!6{ts=QgUdJB5wvl+IK~TwW&|$T<+p3*?c8T4A{5>~2?P3Lw}Ybfnog
zPwY+|K8JrN+Ag@q_Z-ns>C8H5xXhR|2K@~$W&0R0riQAFsnro<xS}Mo+9NW%<mZ%_
zQRW3r9@!;g3@;9of~y1ePY$K(D<1ymoHX|?yu`f=?%E=1?W278y>5fe7PSxn{TAVM
zyk2-6Ps!w4ytZ9z@f+=8&DRPCv;LQMO6?Ked|QWqX4D}6T-Hgc{brlvCz~zj68&<D
z{*hx^fse1im$m|*JvL3x`mxI|%L8OlJ)@;{IUC9Hx{90@qHk-*x7I=KwnX$zSzc0+
z$~Oedz&M0OoUnb7<xY4ZOgLb_*X~`vPpm(N>%Wzu#G8kD;_FU16}t0?ej>P&*#?EW
zP(V1`(!IOHf%c>}k#-bHevjSl2_Nm9BK>GzXG;1}Qzxb$d5G;x9%B2_k?Hb(d~3=Q
zdY}5`osLU|T6f=tgy$!%l)4)(DlDwt&wh18xkLLsPhNpf>LU+PY9BfXN0MRZ?FU<R
z$<SUAog?{<N?Bq!Zy%SW)B%dUcjADV-IUsYIp}%S$9P5i?LlXfcC1|(u%BT_^i_vI
z#l`IFoK8x^#zr^W;Pwnj!XJ3HK}`m?)`YmVrp`Y1J8z83hzzf5`05NUa4THkUTrsb
za5?qfZ(YIHrjB8qEx{h)rT6NbV33*<f&rpE%CQL|(bBLg$^@`|N&>w~LM#J;3Xk0y
zIvY3S%>AxF#s-&#ELJlV5~8A<!R$*H#VnbRu<ctH?HxOTBjRNS(M-O`!G27S#c*se
z$W7#i@(L&#HYylmSDW}~`67IYVVT8$ERtQqLJAfIp|a!Pjilg-AlQ|7Iui6hZ@{sR
zmn3QMCPNEC3C^#l|C`$AtJ9e%SsP$P<<eR<sn~=AA_`qeR98ogC1|G%93WF)2%-)!
zIsX8e`YKG16ij1R-U?#8_N-!f8XuX6#zvcb>#1|LfZZ5Lz^IYLibD9a3hZSorh{(P
zk59;+PAL@%y0Op53|f^llhn)%+ACW;II!^!Jg~%m2M5xWEvWeN$=q*H`y8>4(s;+Y
z5pxA9HmJcas<)?tH>r1eZvXH*0ln6KO6^Y%akPGXFQu-ua?w<r%QO2Bc;Hc=K!<nt
z@(*9M@TXrFzq~HSs}q<0a>#=pqm6?lt&T-~30Tw{YX+9I3dhl<K;1%Q(R$My<=WNt
z4Mc|k^D^jrK{RY2qZBEI36+L;!Jvi^udEp2EfYe#)_n-FCg*lgO7ADy@jfuVqu2q4
zZna)UGrZi>wGv58la<8PvhgtbV@!neS9&^F67rE9EEU{99t{>L#vG<K#)75nYi|yg
z_<zwr?#2h1?4b&C+$Lq!d;i4$lyl8OTo|lqb$cdvOekd82Yi2&46_L0xxR>vuQ01O
zSL%(iYdqHL-<Kc7di`iQTCYp$&~QCcQH*<vNx}4hJ=XQdG=!iTh%s%mVkk{fL$RVp
zs6{bmwb^nv#K$~55e?Ln(Lg<pAzU_KPHc#9!oWG%Te=vBaP0Z9dpx%M*nMes{43Fp
z@A~PWDF4DE+QmNrB#8|WcJZrw_>u1I_S!eTNt4$;?dqA&GPYy`W(;?QM}hNc?rugA
z%_jj>zNi^cvLO{!$fDJi=I=-0*${n1mL!E6bm35P(u5CJ4A>j+tn|o0aKfA?r)3}<
z-QI5f@wT)~<am~wiR>gB6gg(`JNf+~xcRFLuXVd3SnVVmD5Rj&s^B+IgqxSA-8{{?
zc{02CgxfrpdUpT33~wfb$jaeDZb5#;)GaWTzlMZ$@uMOgJ7Vf+qFe)+1`)_g(~%Br
zLKR9!Bf7rSiBZ;(bmwXt$ozgM@Hk8Z293PsxYyOT3^MQhe0UbK6IP1sgqq_Ztj9b7
z!+Nyq@=^QFI|*(>fx7ld25{$P@_5;fdZG`{6anSG%#<X34;$wUtZWhQm_W22^<@MB
za(_l-DP_@M5t(;sE`~;a<QKsmi$!pUn|aJbSaj6;buNVJsQ0^T#<=XqGMqJ$<@t&M
zq1CnHDWwte^vC3Z4H>wa)frH0Pa8)WTRWTRzo5XW&L-LgVA_8TV?SGoHW{|*_h`f2
zE5CtFpz(U*9ywzE9<8k_k^7I3BSxadDY8N4?>tG86nP`oV=*USvEzt=`;Ldt_~lbv
z5_*Y?HBC;oobd$6TI|_;NO*WFxQPdCgoN|vbw&UOTWkQZ@@YZnL1R3~#UwPYaUte-
zkO5xhLfR83!EL<_gN7&ej+}tE)*H7a9RqD|n97mZdgwMLA?YX~>BwO&9|-(I#5pl3
zX)!V@CKx?|N=L!Ce2|6e;LAjmpEjcWR1ESHN{rLEl(Y<dUrv0`sNiHJ5erUZ63&;C
zQ2u`)!}VKKI_V(+YwxYN;LwqZSZ}!X7<T2ETaRs5=G@A?7;UN97;e1++_7_YApCDQ
zEOT{RW|gTUeOSqPWqrh4JQ>v5*8u)9^djK3*KA_kazcf9<>pF#Lu{mC4rx=&*_M(x
zWzxl%{fV$_UfCi#1x1WX#x-xeSY{vnC3O+wy3&YoZzy6^DG{TlI7|wz3)n-rAEaRj
z^35wZE5?wfs4>J+jM*)UaaWtY*Q=k4{k9i&d*jXbStD=8qq!#O#G41~+Z{U_7(=d4
z3JvTfVQ(U62zg4_@i~^3d;xe`-%pa%F8Ra_>b6dG_1R_b60MRc=j__h;~0|72~LFP
zc)c9xPYg*{4~yig^MrBcOktd9<Hi}tPuIU7T6bR_5D5tt#}D9fa$w__J<v@UhJ=bD
zGH=;HH`=k7Csc$OF;JX{{c7uhNq{d9*my&S*aya9QM>8Q4t+-^63@4NX~c68zxhg!
zIra!76e4gJFHMcV2kIo^%<&j#nq6)m*bg~Fm^WX>?Gdf7rirNY$z<NmV7S%2QRjDy
zjh4hl?-U#T2t=Jb6Vj(TdD&cf*=G&7(G!3Fwi6f5;i2aW$A}g7r~`rP%%Dy@eVlLM
ze6Irm+Gl@xbCM@$@RccKUT&tB-N4G0h^(D#k+ri@#MA#E+gaJ0fET8S<7fNDVPqOa
zm+Cx<I{nCaG_0N)KMh0LmkIgL!L#OxxKB5AQ))kwOo^ZWb<ejtZ}Y_A>f9vO<IUo&
z4ZZpaf03DDbKjnMq&g6;k>sbDUL(m{p7{C8yF`@h(V%>>YuwV0;-C0m+-fg!_Ss$6
zLn+3eXFTgV^HAEldJ%nkzPp!l3jeK}?BBMg)>-P)NvS<R<O{@kzQBAQA^@l{{RULv
zf7j+kbo+V{Z;okA2x-+l;rmVb*nxap=i%!??7p5?5=x!M;|Dojpt<)BUe~SqO>ZE2
z_4h`A^&Q^0;t-pU!sb(LO~Co+pR*mj|B%<up%cB3Cw%pW`951tVpuiMlx>2hY!Wmj
zEHaf|%1AG&Fr!G_l@srnN@{-!n#U;@UnEOpd82Yu=EI7-i8f6--2T0A9q!-9V7yJ>
z{{2jDUY6pYnF#UcvwVrM7=K>f(F1~~2?(Bc1PGoc;BMLxfHUnTdsm9Ti|M(g>G={z
zrVn;WviJLY;GO+m(uEtH=tDZ31ic=R?6XU{xCLry`@c7z8J%hVug}>4%g6Z=BXNJ<
zZSS$a)ncaAN7&zLv31o)*x$69?Aww(;_VN+Kl9yuom7$MHD8Lzb9Tf`aNQQw)s>Gr
zrJ_)s#W{I(*~B!;bu6;{5>TU_lre@zQR{t*y4t6xmM>zg#Hvp?zJcQl9ry$$9c}iD
z&>Ohb{^VP4euq!TZ243SBJ;LGPEgim=gN{tM#iEdRYpxHVpM{SI-g6<=Ujl2GgsM}
zko}@lVI^WzG6DKm0ek)dE>HR5H4j4Gd@knA&!Lo73F_14BlEf-vIs?fwijHKar90&
z7*K_lmw`qKk+x+_HkCh&7#w#CfO_2Ams5|%Tuwb!<#Os#)Q>B<YF|f?iI<*1w7%a`
ziZaSNH=lv$RqV4K9*2bO?R}Kmmw)HviMr(^iFR&|_<?&!M&w8ml$9JV%1XA`Kk61a
zLx0>Sa)y@dWALwJ#M=X8-am6BDc)XB^rjq<WifRhoXyqe9pl*yJFmytyq118H356~
zx0t`|C5XSnb!uzAMbt00&jK;zLCywK?v5rN<i>B546HpUeQEl)Zd6n6qNRFmlG@1w
zl$Lzq$hbcm%j<vacbFNMZy8S;aDdOK<O>g`<p`=R>Po-n!8^rcKk5bHX3>bT5{EAX
zV49I3%7`+ATh9?Lfe80nZwObw5Uvk@jNhs-rC{P-N|mxr<bgq1Y=1IOENN^$d(y(h
zv?oLH?krL}DNB-8Z_gylThzT{*~9YwNZC6?I~M{x<;1j&iCI`)EjtvaSu@w;%}`gZ
z_CB8^se3PJZs@rm0lpvh{%%U&gkn%ucW)clSKPRv*UNe0@?U$soGUJyy<YAoE>G$8
z^2y?IRj-%*;_?N(UhX3<lU^^^r`E4pFFhsh$GS4<_fHU)>w3MsJ$<-%`VY^E0q*ZQ
zrupdN{;R*|3zv!k`u943BraoYVfy7CiOU;%y?lna{Bn}gH~s9>v+NTig!b=+e4tvt
zD9<AELS2-qdyDN$yF}eJH{NoGFD2em7w+FXx%>Bh`=80)>*D><msZy<l)>Zs!y>-_
z9eW&O+Y1v9NJW%hM*Bz-nOB&N9;keY)b`89*t}xKbk&agN$p6{3U7Wv#9Z0r5`rqh
zq!U=Aqu-^9(Gg8#_GvzTp$Dy_W$*I3m}<RzW#XdaI6G1XcSnrZu*<-DW$>pC6E6vA
zt#`j2HV!zMH-qsDWZs|y8@R*I1$X#I^TUq+VzsY%-lT<*L<0Swi_s7I8u~$3f`4S$
z7^Ih)&oQLgiDuNV2XC^s*ePM7d8sjBQ+!-My^HIopV|$U$A7Xq18f8iaenA$__85;
z9O7(0v4>LQGviZr=M}5>W~&YHxgBs4wSScvfr27j#i98nsQ?_BUuw^0sB3)51}@_R
z+q)eR-2O+0NJgAviDbmPEK2Q9+q?k=FUwvX^Bb8%*wq}u+U@pMV4RcBkR`?^o$6_S
zZt}8F!BfMe;Fp1PUV7tMDZG?%Py3Z!O!8grvp;I*ALI^7qsSa5V4`J_k^r~kmr;X8
z6Vad&#j;7Gf`!)lpW~9R-^H^pnXFle_d-A{dtfqqU>f*lti}9+^LJ6&t2OPSk-}(e
zjtWk8E=;pd9+{-}qTMjf4ExM>{^4ivq26bI^bLf0sNY-xhZSCJ^;6fgbEJ|qb5dBf
z0u}S+^z$q3d7#fF-3q-?W2aFO^joXOCMnxrJ88q)GVEV|!#*_l?1=~YhrmHfjg70V
z<5Vl3y$ED(Y?V-4VbrNjSEzOI`9Aw@3J+x1`@Z8JPGLh}^l+L`BKFR@o(nUr7VUj^
zx_*|V_I1rY#h^u3<CAY$LJT?=?#lYd8OJDt?K(r2?3u0Lh509W;IdXqwGBjn=4(pr
zV%Of#zMbd`zZU7D^S&18qIs<%UGy&YME5~T<99>!)j=M*m6+D;sOTu;fPWxGU4P9Z
zrL1FUEwAR(%x?RR9en#6Ohj-~t6t{6X5g<pzv_42QL652D`{lZmn^DRR&V#&^S*;A
z<r4i@6cxcpVp<o&hO}w*oROGA>^mWHw;iOE*CyR(on3{S|C!~g2%Io{aez^r*L{%i
z)f9@;I-;FT83?IOE#*x_Ta29zO6uYrEo4!hvbxD<XG4l<){Ung<IycSU6$;?0a#uf
z)4k(&`<4<->xNIy5&ew=l-f1jlp6c7&}eKh`_vNeXo?M1zk#jlcDAZz2c_VyvhV4p
z6t>*nyn|BMX1j5RtDgz~G<QxLoyy$Z^RdRAsJ_^nhq}W2o#UbYm+Z}WbR5+A!ZA~r
z>h8HVn%1V~R^MUT)I`naQHg-qg{b)o*6n}A_1-2bMRsKb6D@gVf8nd;NtR^!AO?^S
zZ?3MF6$6K0FaJTNBt_m5&0;D`1V19n2SG6|)e4uNNakhvBq=fEqw)*Mypu9`6`T`!
zVY%9NCXT08L{O6udAzUA%@(yVO|*rp!ft`cklHnXXt!lTbWrheTy640<vz^X!f*se
zLB>UmSa70Z#DbH-VgtqZoB)%rGI&`<Mk=d$JP9fAizu(^e26!xCI#a#=42u%m{<$}
zC)1n=6Z@GIe;<GMxoS^;nHz8;{AG&y@MNrOi6JJc*I#zC@RyATUzvGj3;4|v$6t67
z)VJs1H`9wnsL9Au#keP=7$X!Oa&p#5BIE?JBj>K2pYG&4lHY7x7o`g^j>8&Vm82zg
z&2KGqdHZK6b!8fToVQ=adHc8aI=BA{w_+5MdFMdj{H$u;+hUBY7!UXC!{Vto-{P$|
zkNtBvNQc!1+17ad7Y2My<#j|mS;n$(Kx}>@3#)d`3p};>FbzR^*2C|mfyaOECi^7O
z=YTxDmZ%M~J1O3&rgm#DeRlq!AmN?oA~sn*$bLSpKNs}B7>@Rk51hV8mtg$R;djBl
z!kbTig!}fV$NAt3KJDV-D0_bfzF&)jX&a_$uj!-|0yEg*#_yALqWP1!4{Fx{C6RSs
zAym{|SO@@)dEBJ3o&z|0Nz}MKB)U2HqsH`VXyTB_diCU#++b30PXPKi4Cy*bJ=DG<
zAcpB&5yP~*lkv*+K06yfWY}FD5c^s@fGy#-ouUZ^Q~;_#Rln>2F>2OTT#R}=Nhy%J
z3m}AJd(GhZeT+e!#=hRi7}SZK@aZ|C_obBDxlTQ^#FeY#?U&CCD2xq-e3BGWKC+ZU
z8`UORt0UUB4odA!P~`BZq!!K;h)*D2$}~Q7Zf*W3C7)QCyBnz}#)X#ELNQzYyDTRT
zT_W0)Y)Ps#pKar<9JRUGZn))XnEE#}10KL|9Q}RC30#kt?yEW7z6wf9y8ZUN`7{qo
zPQK__l~_TbQg5xvuQZn-L)=63m$=Vce-=i5viEG7k*V1<kGQ?}MmkzkY+R~G&odK!
zhPPfCwQj0F_$+mkOze?qbrFux7X}jWej;-peYS9hbcsx%2H^~$8Th`h5?CwYoeW6|
zo68`YZBNY!5pzWgpV8_!@s7V_ILDJg=Dp{4<`==#Weg(H8j1EwAGWqVL_Y}b+_Q)_
zx`2H+pJ*@nc?qP?v%rXd0nujWvp26m?{<LHjy_IGEpPG}QH!&oU#LD6QVOq#<v=~1
zUu28YtN}9buV?eBLU)`k%++BAGAQy?mNY75R+ucRw+9?2Nek2AVUfozy-_&aU++e`
zp#6bYpV6v#epP+<_sg%!O4X%lkDC8p$e2PsLC7P9AY268L}+^iP4ko8N}Z$uMQxYK
zyv-7?CzX<~M6?_cN??o3v2GdAjSGuJ{~hRMZYICJf#?f+$ya?PjPsf=yST`wP?PVX
zBhhC2c*1T$7p3;;Zhf>k=2v;+CI0B-F#*Mb->&XTU0dy7>d9a@k55CEJzyzfvzz-b
z^gKD^T}W#A4(;i=vCAOyI6Y;<o5<oO2haMsHy`Vt&<?})^_mgWV*v5gBf#$%9^WGz
zVRxlw9B)r;y7qIqN5=7N%7ewVylx8p&`<s~V5wf3gy#Lq+_h{PPBC=R)k!D%pl(WS
zKNTTEhdL>>7j%oSZCzsPzjo58cCZus6mNNx=xf2q;#)=Z^Kb*)-NQx8=_%FoFHJ2M
zU?1RlME1*k`V$N!GGTyV=v5nWd)1!4(DdsYVg(U%6$JT|&GHlNLoh{PBig2LLv1k!
zRjf{Kcck`{f|<|h5;JEz4mE3F|Ih9AVA{6J5tNp9Q|e(r`u)&O0H_JYSx&~R1`K>Z
z2R(U37_zto<INxo;TU7!oeXFZ_v)sGY=WL=wHx{6r?_vXwkfsTM!2E2jc-2>_?0oh
z@lj8}B>Vdgd)=i=P}|su!Rn#{@sR3>QHu&kt`mbu3a;@+9$p*pL>}H)?1?<QEo7h9
z#;E3aqRj>Be-F_r!K-#1(QI(0-AlCQzPuFO>}<{$t~(PbJJI@OVYM{v^*-#wIYfK?
z4EEuNL|Y9XPAA%vaPu5YX^(eYPV~FZbeM?VO0+R&GSOuV)X$5zUp8}qvMMVxUdkjB
z<)eMdq0iKva=c?sEC;G}xAw(J=#POvIV6_{V*c_RqHh6LAFtQ31Z{s)tChrMFAk91
z)O9!8ib;HL3`j|%j2QQqMvSo`o;`U(z`j07>B2~2$wW+0nT!c45HJ5J2fdq-im^-f
z(p1{eKh-)uFtZ13cr;1r5z}B^3gKJ2B?m<9PKJ>Bp4fn1=vUYYazBYzSYl}M*H<VF
z8*AA>3pyQis4&NE0&Bu{A1cngGE5q9^Vc2@m?am2eZ8Q<;XqkG#dnkppx3TQ@=5ED
z^mVINyx&17_t;Wv+fPwLIrR{w_RA2#p~&&}^NF^ik1MIP2S{y$FHKVU;4Y}``#=|^
zOj_yo0Z$zzc<M5r3r8HPjH%TEd>V$ABDWYTlJ%D5Ba|&e$a7#SObVt37(m&_i_D*=
z;lpnK-~F&pd!q&oQxM^lhI)2nVY-67FiasS$(ry4W=HcAe6PLd2|jizoBaZ|HhzdD
zbyX%WRs-{>)Hg&-7?v!mizH^tk%ZzTJBAH7O2Lc`Ed60D@MPuCAGldLoHGaj;isSP
zp?FcAE-I+1@hSvvM;+jJ3uC{HS9!^U2LV_dI`>r<rI1P1gU<aF$RE<VEAxTqA$VOA
z0HTL<?pjPeLppb3$gVg*DbKh;p~lU+x$Nv5%(`(%10w=gha$#Ug&pV$exTKiQzx>H
z&ymxPcP1Y1PueJTshWOmw*bZfna7kdaQDwWoy)sAQ`_uvhIk8st^KBr(zkOtSfBJR
za@eg<s1_68=I(dx$@N74?i4Xn9n<T|x;RYrIX0N`Kb`_pcOP<K%ACAO-xKR=j@!%t
z>*H=pQvt~(5}0AZ6XH2Uc{m&gw_c%X@8O|IfDnhO{tV||1bK1^g8XfpD)l|Fiz>_;
zH&^OAnAUw4TDB6GP3Xgpa!Be?&J0D2s};N0U5S#Yk(GoZHw?k0h&7n2AY}!j2w?9#
ztEs{wPkjCdPezIvF%~?UN+K6}pr0>+aEQm$g%@}g6pdrRTO0#kb;#vYUNYI5q}2YH
zQH&JgMby_%N+no-MZ%uO|5EwgkbZIs?Sf+H9-#f{No<82Xd493jz39&+GvPCd=kK9
z=q3g@cb&j(u8G?>MH4SLC+Iy%#T?ppfK0vJ@(_vxWa@Ow;T7i4Hd63{lOwVT;S0C)
zRn9hQkurRK0zej+U(9=&B7Yaw(TKSO<juh?iqQ^@d<K804DN`KWvj8Z&$dkH=aZPz
zzgm$uMve7KVqjcZy*<-<^U@?$%#lr4tO5xSTCJwHaU#7ja&9dQpU8|WtD7<-8E6P8
zC<S_i1;!MlN3X+|YNSV4No*X_BRt`Wp@<5LtEM#pT2n}C@~v5qxK(cK1C%xl<yf|?
zC6(1iOn|s5vlbzFv|E$HSkmG_yTmM+qaIl<YjtFPY!F7Uc;Gfn3M%1$`HHcKZ#zIT
zKdAx^sV_+`4HpocPQx9D9p3*ajD7PZJj|-U!__NGcGw5^J8_A=^NDu)2@V6dw;U8v
zRQG$MsQxjCL+FA*B8uvUeU!eP&B>_xBBju2Ee&@bDD47AomR{=i}*p8_N5fdTYkJl
z?cVOohg|qPrS>m6Qn2O<Zxa60mngMEOh)O)f2mqaseM5QQ&1M5%Dy2*ILrI1Bb@F3
z*2CIEn=19XSYLD2W}Om!v6u8d=@Cn+%oXV%!T|!CpC*R71?q-*3e<U8i%jQ5-0Vd@
zN0v3KH|dSBoC<T==1RS_=0vd(d3;s1f2GtO*Y0vsV2_u5E_=kF9$Xblm3<_q3EjwR
zxzIf|VDE0>Cf?^|k$ZRMcT7`mWa`3ad)VeL7{wEsH;|OI3mOzPXw=wiy}TG1=_4(`
zKrnHO%NUvYK!#rEDPx=i8CfV}+?5aH0A-BX0l;>YF|I5IY)2X6nvmVJi_%n=)LkcQ
zjj<EL>MHn!XqObCCZ%6c=t$Xsjph<8H~WkuDx=^HHC@D#1Z6~9x`A(Y1T43$Ur`zd
z9mvz+QjzyTj=X8?rndDc3dv~~38`GWt*@(-Tn%;8w-f!s{lYpCbqqtl+%K#XrQMX;
zWA<}@i{l6C%=7wzcI2fOk>DZ%_j4XYldfBT<o3mi7;C}p_?v8Zy{_962Y?pWu04Bs
zN?jE;v#qKfj<=sk=3OE)ZS|vg`-NoQO2~lc)hI6IxsDJ71;)`q89j}oz6?qFdlmrP
zWqta}Qq=h7z+cFc`uOKytE|nGq;R}EIEv`!z{fd3IZX6Z`Dfp7q94aUXGlcP&UCHt
zo^(HVgKAE*x4QM1(yH;T%S@}oI4i41^~b|ie!TntJbG?0BSp{cmyxdLiaLxaxGU;v
zPaly#p_z969{_wG6ls)<ouLoxXHa}bRF0PqTX#&q(rX!NI1ic3#od%TXJqWGEZJfG
zvpC6!No7f0)c7n4?w7w8CutPjK@HXm><ixd$KoWlC+tp#*I%aiEidr7c`w&f5!Jrr
zDE$q3D^_!uei;9YTkTi78DA7$c*Yl}k8$_^XHc*RPN?<{@FE_jr^eN=&oSbn3q*7Z
zZGEnH`#FllCV@HopTbbjeq+GD1EbUTCLJ>k<0M>r7%qBt-XJvYUrH%_q{^6C&3VZE
z0lNU(xc@12tQChF>su-vW~`Y3a6%(VyPgV?R+<zf?Mh0iJvb=}f?UeJo|H`KCnM@G
zg7!Z<d2A43XLcXsjoG-?<(+H|H-r$h*>ayvSuWoPzBab%Cp*(k6}O-+yCdn=S*$5+
zzOOg>5u2PsJ06pcopvnu(2g(U6xy+-hyA?yK?kP~6rnNfC6_$gGrf+NMt;M1&kZMa
zG6<X!^eYBL?Ztut5DsF&5X$>gf*~3UD(v4#>!s<g93GJ!aXVgi0nsWz{?B@?BYmG2
zIQyK)qFt$bDmHzp;sL6w1NPib7fEjBDN``TYKTzdQ=G`A$o=6J!HF~$oXq}>v`TBl
zJY#pdd}~*qRPRxMXz@Ng8TeOyVD<~TQZQo4;V`1M>u?w`7IJ-yEd5-!U!OJWTtQRq
zXFIs1exq<4G;~pM@z))0Q9TT0ODE$P$aW9gYxx~^Tt!?hV+X{+Pn?$}-{ow>A5sJ=
ztcGViktR?ru|%j(x>Uu4D$Y1FTthsx?B}YxTUtQKPAGyITJVYVuq$vHIJ&%ZK672s
zyE*@e==9R}M5nS;bUOV===984$RclJiilYe%#WI*f`#_ZHVn0cP?(P;PbkdFUgGY?
zb|106>^|)Nr#&j1+MfujA40wlp#V{1r}dM;$uto?HVfqN9^(0hAd#bZK06;Iay;cL
z10a#3cz#VW=-()wUmLQ+TSa`{GhLKIbfNt?^iM*!UN;BUTf2`U0iQCMOTe)yLi!!$
zxcDB#3XbQrI#?FPphJ#fj&1~d?ZLOR+YX0sQv>#>Lk_Ws8vCpf=OwAV{ww54H4DKT
zo6WdUjpp^t{w1XnrYiMb3A38FS=DDce#Kv<xp=SZKK4qOv+jp3?TTy(|KVw#Y0Ny{
z@dE$wOr+Hhba_kafxGtx+|JyZU;mr+3t#Q>MvgB?i5#El#Bsfmi4DPb*<&D{0|E)I
zg>ai(qWz5WK!W9>jm`BA{~y&wsr^{5bze86#wGN{;bKq2Q11$$e~gPdeY=hjlaPkq
zk9yGi@l<c~15yu<((M8i^=Ffm+Q}{tdwk_|+;Wn13k0UdCB%vTOGn0erc1~;Y)|aP
zT`75^m$Bb|--Z714Eun<pIzNz0zYIESldPEN<cfCee#JM9npW}^!@y~!u?<liI`6o
z$zb0Kz@KG>@aI{yKtIVKz%p+~t-h{_JyIu}&rU6_=wM4(-ImGY5*4znp~ARkbJV!e
ziW=9pDDo!7xUEewhBVpr`;LO_#b-I{?mbDzhG4JVmzuAe0te-?qgQ3cJ9297{62&{
zKh<~Gb|gan#c4>$<u*#~8`>x>*#OCt;s%G;sk{A5e5f)kAxT(I&T<8wV4JtR_N`te
z*bfFbRpJJ>(;dqUCd_A*9!wD{o;;jbG49~u$lMJ9`<X+j_0uzOUD|_(TzGxDo6^?@
zNO4J7-ISwzWG$6zz>hbJVvJ&us3z@^1EOXWn&wvu3BVP2EAtg&PB33FV!=Yr{xdz2
zL)3Wih`isi$r#*XY@k|X``ajmxc?@Hs($L&Lq<7)GWFe*+Lc}rmYmAV`>-nyw>tdk
zcS4wYs0%_JxZS_z;-lI8@B1#*Uulo|>fdueZn@uukgK*hmQQY)<^pm_o!;u${}<J9
zhoU{&rZjBSJLTi9!!KAqZn)ai7ESytv%DojD&DnkwvU2~&v5efj_rEIzTL@_U4Cfu
zES*#AberU`JqVP~9^NK-#UAMhHpyE8_PEV#A#Q)Ad%gXYZb|E}v}rp({0}#Yq>qM8
zBI)CLTO@tFvWZgrYTJzuOtVs7WMevs$?iMb=2G=N+c_ZIwcTS1FO)fEel7`9_$rIi
zx3f4{&3c4V`?;^Uk?vubjW14g13qOeC0gB=@aZ|C*Rc1!{G~guw9bQ%d<mTgwcmV6
zsjX~s>v?j|(8x`CBhhv-Ub*dSN*6kg*K4;?YCo_YSCzw_zVvIpQ=MDHjK19>X7te4
zVn$oGP-?5<-fwn_UERD>?CJn2cJ-Z|l-ilpOP|yBb!RtP|F<#}du*p0CwCm*tnu$t
zYR}nD>DvSNFA?_3ZQEVxBKAWeS;Pi-ZIzYp*gF`0C6o;N3;f`-8^1~go(sLe^Mf?t
zvGG`C`|_>)#6J@!{=R^#_cn{&TC-W~)+JlTZY|qPsa>=cy$f5HP-?%ljhBNf$?${&
ze*8Da)weNn0!`AGil*1q6!Zwg44bP)@s`|@&x1>jj_Ywfpq$4UcF&@T5oF<_k{~I#
zIXI2X>*EH{#%Iapm>tUW-~c03C9O>RdleGQQ~y{clU&+#GL+w(5)6dn_e!VNoE(nd
zD@(C~Okm!1Qj&(_bF%2^L|Z8%Ba9k$Nn=SXAF0P1qKS&2V$HqN9sf<I#G3hoBwgi$
z`oJfO`i$(3$Dly=>0qE=ACl1;A1{?^2v*6%LXM+?MZ7-{JoK$EU1y)Sd?$#YHItFW
zHtq!b4kOCF+OiT^zP)K&^_Eb?xIu|v!FV)d!PF~Dc3AJ7jA?{L)|!)()V}XCP83G%
z<O;>Z$fd^bL@rgM+SNO~_N=HutFR*yKh3H%nGLA6_4O|tzt%~g9Zpbd0Z*-QTN`I5
zOjzS`8_I0ASy3jhUE2ck+T1Qm$CPY1`oX<3)$J(o8;0jy9zB(z(69d`P$>Q{fkH1f
z2^5<0FG}q{H1W9Cjx&g!{Sl=Ah}Q3)r_{dwOG+VP&FUWH1%XGpDTVB8UQZZ;9;*0p
zCx*!pa}|cz)HXTALXhPoLNsF3@)93l8qpfb{216l8X}46ZY)-?+7~fk2(+FUD?Gs!
zPAD^!2+84quE=d{$N2UL>`&b^F23U4J$Q!;^y@)USpk@N`Q@>Dltk8#zDa?@Wga-Z
zedp2OaB9Gw?o~+w$D_E@!E}Y6cX^_Ov-y=Bos`;Fppxj7qTldZkFa1S-@X3YhFNzh
z@_ueOwHGHD-Nt-Et{U#>cG3xBQ`1cv4c$=l_I1pf6pid=cpe#+{>abS#dmp@U^)8)
zS%O9CwziVSc)OD%IEe})#EsqJ(<$8|Nl>98aq#jK{-y3NRCJ0Kb0}-Foy)hRAe$5n
z%O?fH0;FJAF)0`pG8ZHzNzyme+-#npH`ZKlLaeP`7rRq2A!OkInd-+>wIvwA(Ek9L
zTAfb{#^fI$Q^y5J!S#UyWa`9XQZT9b0GT>DL<;T*DJq0N$m-=jjNWDc#qvab<U+^;
zt4;DS*5;ky?=fOQzhaaJt;ZReG|PjE84LQ^p-!WeHa94VyyD%G^o9-8{^Ai|gIg@;
zb4jxN4671(1?=)JynG&B9#AhymVJEEQ;%_M#5fcl6EQvwj}DKD7|GEi0q)HwmqL`t
zvezLFxjA-6*m$owccG%L$!A}0P|P1QNGm^qL0XMfVOW*=o|+4J6W+WRni-&H1~UP`
zqfC#1TBoCe3j0(9C5s}^xJX^=PsxeneR8Q)JTOV4#-WI@&N^!#BNXcty)Je`mA)r-
zZN$`quY<Wu3%(>vQtWIcQJo(#7QwGkqew9(``OT*Ca5reB(Vq{h$LRc0TOQo*;1_`
z17RhD*{p@J=*#2TYxh~7vcKwDe@UHpBtC^^-BUw3JXT3$oxfX>oE#vd6I|Gex_cH@
z7slRAS$%e+VVa51-OZ9X@li~niUteWrE$HNKt4<<W$UE^FEwox<s6hOiGM6IRRn0F
zJpl|KGO?-{R<Q3SdmuyK{*&a%C(`#2{Z~GQ%=h_aqF=;5n#203maMkPq&Dc2q*Y8A
zvMwwTM}&QP!sal)Q3*F2m6?hO37I90im_EuA<t57Pz5rmr9Ot`YF)MQa1uluxZC=}
zAk<nGNvX5dAX+y&QQf6>$fWiV8=@_PXjehaq)GlN^NxH5#$h_6I80|0m26OqtzkMN
z5H-Gu8oR9QF30p;j;Z>WRs@S;H!>K4jQyw)h#HgqpkDGiZo^v?b84Gn-roYdYSj-w
z*mz?AiUh?<*_>dY=2Ppr0Z`IaT|29ndaj-{e1lr=7vTDC;Q5Eeknn)`ztwt*Q}I#V
zl$PviehBKULhf71o@NdGO6<f!U=P~ukC>N4%(2d*|ISkZ*}5(0XwUi5FiL4eZOD(P
zS4cJM(RrfR#WED5NKxkm^HEa6S{_k0t4LWJ(bkJZV8y^z&{0ETxBHQs5<QnvwjtmX
z{_}A>CGTK2&$BeI3Pj8?MM~o04;iB~hZQ$uptWGSUol1m6k}u&WDG8alq2VE^~iV6
z?xxhb<hUd~Ld9NtG!;pMP-dOazCq+Gz@qT8wY%WRL$O7A(0yTeEFik^NlJg|B6CTx
zjF0)HUh~VDN{6Y(&qFw#zK3YLB}~ZEE@hfvrIe`dRy#6CZJUpQw-5USF#yU}jIB|#
zCJ;4$1ywX4JJlaG?=80GbfS6hDM^xCY#)^Jrr3|wd!;O*y#v2i1r&2M+v#6?!@gD?
zW~agNW4)J;1y2hVqd_UF2<FEw7X7MbwOGrXtLCgW>yPfYIl+8IwJ=d$DQm0w(9-fb
zk`$%pL$lwII;i(bKE>GT5(y?RsOzc?6)6O)#+q{+xX@qqtZu1UDXDGQu~$JD;rzrJ
zc^o2>*-dG)?&*)U)hgweK4-G-K&<;3Nz4iQqsF$9x(0Q=EJ-H-uin`fX~@Ke7!G9~
z+^(*kyxPt<pghl52gLE4m5lpWGFhOiG=kkrDwQxa_GVuvhDkvb66Imie8nY=y-`F?
z3jxVEbxhwi*nbt;!Ck7(f&i^WAQs~qltgu=V%C(h`76f5aUlJbiZZyp0StB}b&5GU
zgzIFo6s||Cl&=dtv9X}23Na-Zsxsy<ZqCRD`e|Z}r88v0PVu9H<Eq$V*>8n50e^v#
zcz6~j0mm^3cp5v!_5F|zu9BRUpcuCh^%ZtXe`-U>UJnuIsjGb`eYNgNJ*&hOX7yO1
zbC#Z^@*^D0j_|sGI6@|ckK#vIVOU{C7GyMrP6$@p=XW`D<~@j1=xwc^_r>NcVx1K(
zaoUsYr5}SgpV&B{sJkbdD;Sg*qk=&r8VoRgcn8|~kw5Mr+A!e1nL)MfIHGNX$fQxh
zKm^J?8KZ)Q>}wJ4BsnVRSK9^<tv-WMnSn$r@L_F7Ka)5M6~0M|$?q;@f=V%axTs`L
zWyzi}K&HuNvLTkEw)H34E!k|S<B9g0O!gs{XzTj05B-R?)(^cSgN*)d1h(CWX#H~7
z2S3q%ox?ldB`)sXE=fv`MfA6Mo%=#I{Q!GqD@;EEoXMD33W9OOxFH19@WTy#Q0APe
zD2a<-+XnFl)e&Q+KVn=Rh!|swm^S6Esyt}5^#wW8YJtD|EUPba_NKm^MosQ1pIRCH
zk!a|Qp8U&Ge*$Jdp3hzzLb<M6!2~la&!40fCW>egV?EJ+kR?g$p=$tB`~Xgje*yR=
zs*}p#b~BVzS5J-@OXAQ=yp}=mYCEH(PHD*CAls0U4TS9We9qXW7giWUi<~U|hM~nM
z2@DN!{ykLTT?B?g9f(rJ7&=Ztcm2?bumWQ!3eI-7!@nznrB!UFs}j**HJCA`U?bAv
zh{?s;QuaxSaCIl_Dm!6RZzP~03kroeYQ4?z{*kOy_??%<1kUo{0HUqPbT~8~S=88r
zVlxJP@Xk;uFN1LS+dh&Mj$bYj?F1Nh*-~`IfV5w>j%e>>u~BYj1Z;Q2*rFI~nvZwt
z?W=3^BW0V3_B3Ekc`$0UT4QrTHTWuOG*=m4N6njqp@?~}-};~r01AlpRz3Ry+7HZ5
zu2&MXp=5(%osgZRAQ%4)2Ceb)`x=;Pb6alGEm>8q7<;4gK5I1m7!4{><4|~gMV=&C
z*W|#<qQ)L;cuta5mej@XMJx}KMRk=Wd+b@@WUFwGNHH>l5j^1k=$KCE%f(b*>M>pI
z6J%x}HmPF+2U4IUBA{ek1Obe_8G)}NSpDCa+-x|U*dWiu^zYpI@5Y{zJxt>j^+?q@
z!9tnAZfTV{AsDJ+8Y$6gGPw*^?vteWz0&DKe~76ot?_$hXa-f%D9|%;k00?<Nt&T#
z#8@DZc5pk#&yqTI^<<8pC>S7$MvdF6If{-S7d1vsbWjwKHx)k-2_txQXd(NMZ%k(x
z8VIv7jFIOt`S*U#C%m)!w+M*RFm$3rNV350RuL>d5GGSAuoPSr=mQ*@LJEemFB4%}
zq+mof&Jk=Q;>b!GJ%{FsF%hHI5o5x}5-!I~PM2eVrBs%*+BZTCXD4%UWCzkACJoqk
zdiww4f=lWmCX-E=gvM~Iis4SU0alxfQW{^cBdj%KV7k}zYEC~!j*A*24s#|I#?V4>
zE)7F}!0D-<fxG>Mx4#8g)=FCK_q+Z_xM=p_jnUF@agmSH$s^H6`-={)&oX`|Wihg}
z2fJx7Ja)LbeSVwJdpXrD*<){PgZec`-S7TK+;5!A^lG->o<cIP@#*jn2Y`%-9YDj-
zAAo`Hwl;6Q_pF>Rz^0n%@tPM#jNu{fJ|8Yhmw~hL+t1O;%6=OcF@^^e*neYq5tP1$
z2+nsr_2eVQ9u9&fd+hfQ{X1|s;Bfnp1C;@Ip9i-8W+$a3jbPWc7ejN;qYm!>FK@D0
z5e)J@hG}FUI;Ls#J>nW;l+uzt_L5dg**=<?K?lJ8c@Xg#t&ZP~R*bHZ#z%^}+s}=z
zjYL~0q4qi-QUzYbv^D)H5d8H=LGXW%yVNQJN}{?@F%~}sW?3m>jxJV=>U_o2x!Fn8
z(dMN0Vsl!I8YQ;aG4@$!X9B-J0fawpoLs~Euhhl1DCT0+H5+4FOrP4;muLaZ8^2R+
zBck64PSm_Bpd?OtWD`V@TTzq!3$-x)STTnbD@FqEy0S<yt}9g%r=0hhBsEk@n4?`4
ziW-%QV%%G;7}xm~qb8sjRYi(XS#1A;+lkb+e4-t~ok5jIN0sPy;0D#1*qpOugJLX>
z!%j3{PNlOj`>_Kl_VW5_CerlSt_EF@BgKH_TXF_cqEEr3BDRER>$@ps+mes{jM@HR
zXg|&n^fV6#Rn!;R9uz7@0yI-&n=-iF&>cqFLrZgYZ9oEZ2vgJ`eDNBgYY$OC!FF_Q
zCRiaPh=r9j_67+Y22j^toJ`p#<WE*#AIkl=LtO42`!*hrl~|0r-fPH)SAwp$x2u!M
zCdcumd-@siN}wfm_G4Ws@$QMmkK#B_;W!J~IDf%$-sMnb=eY8XYo~xM%Rg2-MUK07
zQ03yrl)an4_YSLE`G62s1PjBY;O1bp{gTUnQ8g79?Bebsj=KW^G=JY4?%wSKhsw}2
z)K$!p{{iYwkpOjnAokO>*sl@zyUByUO=hmz-k)fdp7|xFS!#Putj0ms#3^ro#74&>
z0o1)K05}UM40yZtqhrI{DI9ODHMA4pXlpm6C12QEyG37=-jRgA{J()C<DG*pY4o58
z-*1jBe9zTVpS$gcMG|+1rKovVY1F(eB<P5FZQHTXlGnOnH?*sPmf&f!@0T%JB7sri
z4X_sE5bb3to!Z5I(F>&mNvuK2@wk8NzwLGVvh;>$mv?mXKAwnY*L8XB?*+g6cckKX
z4Nb#u`#xU(39*w+20h=IZJksx>J^BD<~Y0_OmQCMO~=`6;kpJx9N6F@#)P24zE-oZ
z<Ji}U5o1)aFx*f9ZIC7Q0XE*=pQO~KJ3F90_<w-EbN?6k`$Dqw-^SnkqvG#HA07>V
zi$DA~@i!y+{|0|^|9^qM2Rn|0zlrJ=wL>QJRtXed-V=o<xhTvXS6(d6^J1~J%Par)
zhQ~8nQ}KB8QSf+JYbqX3>w(8JQt&v>!Q=Ap{@>&At`t1poRTk>iqFPJE=E7ZG5Xhs
zm!?n4_+LoV|7ru2KGB29?tJyS*cTpr{(=dPd5%1N_hIDeC*C_&d3w}8*(9#>k7w9h
zQr9brBYHb?!~P9Se4W{gTzxK<Kg;Cs*&q#KpecCIbtR1)NQYWHPXCzY>6Z^74t<;^
zPp@_5>2Cmm@`yg^e<Dx+zoj*3M}M;w>FBLoo}P^IG(#Xh>`#4)vClhl9otkxPkQ#Q
z21n5z?MkIT^SdZDAql-pZO<dxi);fs3V5H2w4*JO(~kCdhHZiFqs!;n`%~%7isX^$
z&8Od{(wpbI(&^0yye=<LnW#BApqS%|koZ8WUUOQpRkzQfJ@0%U+B1cn=7eB~ksXD7
zt!7`xv9E`vJ!O1ey|1gg1&`q;E_gzJ9B+J#<IGZbmqKJ#M?a=rv_f#!2mK@|nz+xe
z7+s3-ZAl&Ud$@j@(vU52#YSlu+LFGm3iHJz`p#>9WL8RgT}_b*Tcx(05IaR}8#MD&
zC6V{r4U(kXlsQ+C-=R&;d{*)(tkMd@>Lp&oTv?3KyV}`)fEW&1v45I=;{$bPr%L-0
zZHr%$)b;|ReeCZER#M+Iuqt4Ldjq4QYfGa>t77bPUu^f?;cT5V!g=W<<VvD00nb)x
zeud*xg$amK$xh+PKHeD<Z4jkYEiE8=RUZaH6HBA!tPo=9KE)h&6h;r@Sp5#*3CD9%
z$9^M)(ND?cjQ*zFp8IiXZrW=4dE$+L_rsFxE!`0R{`+EHxL-RnZ9T)-JM$A)cB}1~
zq;@}$%>;tu-AOZ&RE(AEn~`9kAnbPLw18q(7je9rSj@w&1_rG=cXv|79EgE-;GbJV
zv?sE7J(O=fn3e5;oWbn^B0Xr9oediEjM9iPCRAliQX<BT>WDFBT$M3tVwG`yVYp!!
zN33CpSF^c%QDH8|^)?diy6n{TjsfCU9Z*ZN*@W3Lz<sNj)!^36C)zXF+zQNRXH*1>
z97Avb4Sp5D!sa5Eo+&L+b7Grf&T3JN1fvX=wYQT-jh$B0UbZ3n>v(ueWl5^ph<hQd
z4L--(kS!f%Gb)Wc{5Y9#Lv|+jkVcGQBD-l=h?{4JDco{942#o8jA7`Mj2Ocv+ShWr
zgW%0}L&{3sol@x5G_8p32F`9E9&x}qViehoUA>(1s~O+>oU4pUr4eIBC}NCJs*Fk1
z5o5-<h%u)3bAE{TKYc@xogM_>uU~lSWrg|YVqT>TN@Yh;7pr3UFszf(uzIOXv<~nq
zjtE4|kwr@4l-f1y>(F8@?Vu7<6;O=PsKn&C{Uu8p?HM%Pf6?o_j@t|I7>&)_5Ka>~
zuMI>yBO`TQf9rsG^(Xpm;H0>zw933E6j9eOLK88^ACb^R4H(FJdM^^16Vi_PXB}t}
zC?K_;bWr++G$cb($kX*iUEe_|9(=ANp8wtwERtv+%HV4M`$-@-M~y=Vo_7FKoMV-7
zUnpW+59e5A+&3;_Tt6{ljOlrf@3tT99RJkf-LJ#n*I{|jyQH!CUjXN?74s6W8NSpF
zsBT9puHBa*adqT4Hls5-+57NV*r_a+Q%|L^9g<oAdvV?PFcFM(a65;1@LnRUJAj_c
zBi4ro7+|qaBN&D%VNx)xG)xMvs%F0fsxE6gCV0B$fOmh8>@li0M^0Vu#5TTO;uBM5
zh;3ik!JZfL(ofqQwiz|3;OZXzn+wC=rVGQ_e3@d!xLiM9?nr03<Hd5vu;pIwF1PNG
z06WIV?BBIR6r}Z4Gs?9a4pC}9aR`5Wpa1xNl2W^t|M++Q<ImbCweR9TKEr?fX*Z?z
zb^ON#{Kq|Al-dgaaW?<4rGrxY$Na}%@*m%0W1h-?tmZ$y-btyQ!+*S#|M+k_rS^BN
z_~Q@xk1_W4t*t;<LyB3gFsZ>2%-elr(Q1?*VnIJyzJbwL7pIMcM-jvwDgad)n&wuQ
z;*+C-g-}Zr!^5i`+5oveN03D98?h|*(X}fSTt@CfdQ#Ausv*d&l$w5_A3V|3Q~KJP
zt`-3JUE2C@z5ZhxU;og-)Ym_75MSS^w)Z94`N^KI|4sVq0o&g?i0aaigDzGxiE?L~
z7q>a*Is#r}u~7u^o50_HI{-TSEldg+XB###Y!3B@Nx>b}VPlv-&5?3c6M+5Xca-+7
zE_|>9H{}v{*>>Y$@BZVCP8v4Wu?Mm}54?OZ1^+TT4)^>o+~?PKy3ap-*cTS_={@SX
z8w$Gjdbf|?eVga*3aBoWH*=*Vz40PQTNih~1(_H_7D|$J!;VgNc^td^0$$#Vm%~dX
z$qKOvj|v+fj|O$<&`8BNV2%HZakS4PuRGPJ5*KAaH13x~d*9Iu$a0^t+9|y@qg1ud
zFTaq?yBCYRD~YV3Z?hL2AA4Jp#w(<vzM)dWc!)}WN!@kf3EU2%)!jXY4Fq|c*RW5J
zw>eI2YEu$dW|p@oq~b$znxvF{T4O2(2<w<~QDOW!1Qwu`r821fYk0q%I-+8;x_Y_!
z9YwA8HP?IVJ=JG4|DXFEC#%4&96xpC5hm-^FC)f5u3{D{2K1&nWSz0S6N9i;!;|aK
zCvLuuy}F)iV-i4FQp7V?nKS)S<B+v`8{6(RO4+&@$0<gA)Y!{@ov{`4_X{IxLw;3R
zvgSkXU|%{8R=jkgjF~;@$tRN*M$9Xs5U(h2Q3h{`7;h^KcIIvCq*cb>pc{ZOuUd98
z)cz($>KX3~^(phBZ!(gAo1ysGohdmg3&W$LiQu5oig9oxW*90)r(Rc6shGnRY<4s@
zMCRQgiw;mDmGx4f`7}>F<4{FW*U924Sw5Q1&sWtSFx-!n?Izkuvbd`*ODP)~nlXng
zuViqu)~Ls%F6@`YzO}?VnuxZP5sRj_@|KzveE3Yy@X7i4@T>bvSC3!1d;CJ@=R<;+
zVr;cu|B7=jO6mAC_~0+}9d)o1F%F#HpYc7W^BMHNXn?jxlCZjrM?{dU0XRu*JeW${
zhu2F1`}ZFI>ey(ae2{C^<p~Cb`i5A4JW!ptTZydfqO^ljn%jJhi$4+a^t!wJS|ibZ
z=u15(GB012q>#3U%)g&+OhjGl9CVm09~E?ux~gm^(e4ME-}3W<iOMI-PfS#9CXdvY
zUpnJ=p?KGQv8T1hnkU(C##>D3ws;YwSAF;eiXgqrzp%4^5i|IH3%a>`|L-Kv{p%T|
zeBBm`ceN1xF1}L{b!}$KEYlzce(UPxx9(nkbC2512bi^u8)7BCT<8fR@*H3SzGE7=
z&J(AG&t-h?Nyd1*kPA<}5g0F8&nWW16hB7j5!QoBSo4~Io_)jK+`OTrPOX!bN278R
zRKc|uc=N%WA<t6GkqRGHNetmI#n@PQ_1;V+aittqyK@y|gmPk?+SEQIQBi!!d>?y*
z^AMZo$k2>ms$UZ&p~#_l7vA5fZf{RaIsTH+{33pD^wOJyexl9jq7+U<Kx+kAeo%}<
zYH#2KV8vEEzyTa$>|y-EANYliZoJT}vtQ@)Uw6Q-BNh8nN-2gZ9q1P2u58@@@Yt~N
z8AHcPV;$qo{{+&?kkUA$sJs2vn_qO&Xd;${Jr{p1Ns<X|&-6y3&k+Pj%y{0SRKn}f
z)x9<2Of?9F1nMe`rxDLFc9JZvt2}*Oh4Fk)_J*f${&Ez0y*IWrl?Kd#tlxBc{hJhe
z{nG!KUi-gv>2;4ROAr1W6WuQOkLfmacQdwHcWyzjxK%*W$ZkqUE9MFX*l3rcx5h$>
zxrDK6YY}9p#6~IRYaj#Yt?ct+#=c87FqP`Z9h6?D*OA3_WO<#3AF0q0MT-5fvZRh1
zbCtx!zkNlLtc6_^eBmW^*E#lRfPw40{0!c~UyHALryb_<4vbjR$TXD1#jnhhB<u1n
z?<AN!25v%-lOQDBoDeJ~%YEemQd`ePe?tm7)j#T|UqF`Yai}<s11Dm^{)(}0eMOK+
zYF+XCieP{1izKCCqfW1j#Tr0Ez*&w8mMUeRW5*Xo-6cCYF3WQjW22I|20C%qh2q`u
zSaY1IVh=#If!x@=O5)=4Ux5lOv0LNq+lkiZnS!y;x)nM>)#-H%H5hHHFzUvOc)jv^
z^dFXQ$3A26*>ardH^L|1Qlg!MpPnQ7Rg_ZuWa_EYRrC0yg-Y3`*m!c9M3z@mMYUw(
zLv>qSygeS<8}G=Ah2tH$v2rL=wuIp(oDLL(h&g?yZsRq<Vgs>k(Y4fT@4-Ft;i>=O
zWl6HnNVy)LE$c-8Kc<J@&*TXlv)d_$G{Gr{w2R$S<>sqi+{Q-xm{$}F^CZp9-IO-}
z+8uv1+Z>5Y6@GIGJ8W}75D8WUN}Cw#P}pE3q|73}c}z+dBtC#-!w11RDRcR*%}2DY
zA}_areSkDJxumWEh!Oj*Y~B55HDAZ)>kvT`uB&yjq2ep={i&B|&it4m=g0p7jx`ym
zxJQ4edES+Z#!}Iy5pChv8P?4SUnA&*^X@#TYA5n<r~M1*(&-+$v?lF=)UUbrp!EFE
zQDNh|(Z(mR!@TdnrL~(F#!o=4{^2Iz5wO$w_*ZY7b(&%6duj?Y9*#>+?jO4(<i|>V
zN32hU`E(p&qo0=KH2G3VEP>iui4|BYW7S4UlC0}L5q?ML?+V$*-0uh(Xw6R@z8(Np
z|6In9Pbq7TU6oo7;0j(3;JnW|z4ZVFDv7*z|AwUi`iN2hJu?0)FyBA)ai_@lzxd<M
zp85W566X82NZx$^HtDGO{#YaARU9DkRuBr|UGs5gk9_~VpLBx#>l^mBw|sv#LR!8*
z>YH6$-&D+OwJjqyPHpqW&QuavFD#R!hCZmD4fjJpvEtRwRA}_(BU)b>r_lK+9MLD?
z2I%WuAdbIz9mkWb51wa(9WXv|)0441bw#jHNn|a1p0}q~5?OzF-thqq^RwGaF{i&S
zmamq|W_4!GRCSlEcE~etahpm<&FT5kOQ#nS?QPd@R%Kq!j%Z6`CygX7>Ju&NCR(9S
zlEU#TPAA$U7>R!ioHXj@5u=iwhmx{|lNKt8tdCwe%3TcqQn=yqFG`a2Kr7~dz77?#
z9oEA3>=I0R*56_z@X^$Mc=yrMW9KM|tR+W#tB9u^E-UI@St)BFDhNlSzqYrO{fr`Y
z*ZJ{|3$gK}lE_NDm^yk%oqZge$3m@<7>tv;l{LjTtgN|KO0U<?^^CIhGtG!O#;+Kk
zfs@a=@xxAvX_?S>AMAENDcQi*KRk(B^ZPDJBkKD6Xxa2aqDQ(ZjV5jm<~N_{(FfJF
z`4P1|C=u;p7~-N}gbn(4fdZYdmo=Z+)llCxLZ1GZs3&0qLD~K#b?bNf?6GP6S%-W3
z7iamO@3AM{p16ptGkRYCk}YIUtRQUG%rS2d0B_P;Nu{Nz_xL5ELC}c_XV1<XD{Tot
ziGrN7=dY4vjrk5Y<Uz0#4)wb?sk1U=1Z*X7@jw2``|0!BuS-%$0Nu$`jjPyq^QQdh
zr8gB4tppxA|M9;{Qu8#ipH=2X!KiV_TKfT`U9D^mM!hv}FAmTzNhzemv0MK5K_}(g
zEbcqC1@GI@i7&o`zxd-$c93iHqh;*HuS?!#Le;^2*7O4i^Y<{Z<(W?JM3Yb*V=?Sf
zW6cHdqdtVf)=uSgB}32^4=UL=bb=(6vY(GVCrMT|zDz6U^IU%jzn|BM`|BBmL8pF8
zH_oS7Wp_Wy@9ysCIsDJq@XzkY8@51in5sGY2CVbQ9v;shUfn?{G{_e4b8*gdczU<u
z)A|sG{f~E~PzRfKr}AS(T~&+?Md}$WjZzX9H!kIFs?j6O+K@1jDT%B%mqMxA7MQc;
zgV)sb=N2VLFL}Ng9BogR%90e3cSp;<t|_+Hihi_5x1aSCr=D_kvN~5M`%{Wew${<f
zUiok8WS)uXw=ksd-F$`eQT0ZYkE$66e%<ZWyN<4>wRiugdfEym55uh1c=>UUe0jyp
zHkSCAc(tIP%%mmghE-uK7%21n^JS7G&AeA_%fkAzYFjqZ2cSBou2LYqeM~XYBxrLu
zbq+Mm?({M2LaDm49{k_|Y=byU`0Mk1k_1LBc5y(4B$?CC!|$y``^qOtcDGO1>(#a#
zqCd&xl54vVoX?OYY0|<T5`&1F`!U=W+se4|E#JcDkHY4%Oz3M(^dQXThB?sT@C2VE
zsrUTAN3=Zb%vgs72%#G5;EjsfHu=6B^{0KXqd>R;YJv3?XU=QVIQe!Z&qBUkAKt6c
z{<$}P!1^8MMMEj2mF9|p*l;{{R)kxoB4BV{=M#-e#xjvVtkxpjnYFxy3Fg)=c?z;c
zu>zdBR_SR^XUm_=spv*%WV<Aj$Is{?X!U&c9CkSRk7cn3gXJUaK@PSH<$I9l?7<8X
z-_7-PqVESw+I>YBvPAUl;2FyL>d&bHpIx3Jk3hYmALT+1@=VN2pN2;U?T;(XC+CQ8
zr(fi9AK|!M1fg^C83+~WtwcW!dWqL+T+?~li5~=G6}$Oq2DKy3<KJU5?T6UgXHWJM
z{p4=<Jo!SioP{R3C{<@q&Lw&q!!Lflk8}N37@rAnT&Zt}<yV@uvv|ar-k$;GhS)jk
zJ?BX^L5veT<+MLaQUv=6qf_Ha#g!|=M(u;>v$uZHfybEBh1EBI%b93<(#ej5eyp5X
zY)?`eR#&m7vq<g7?3)Q=DT(9vKLeqD4=D0R+64PjX+i=t#8vroIGcKw0Sp6<RzF`J
z+qqjQr4{CgBDgYv>w{r)iN*sIev+ir{v(G6HY4R9Xeg?N{QKdGeMXnl>JNBF)SyC?
zz5P#6{dXF$nF+yw^?WlfX8;pb<So!>1JZ@31dGC>X)IVO{#n&~-5O3iI`LhMYedS1
zhseCYodqD_XyLy;i)-P(I*V)JqtB8gS04_mkdQ5h8)}6<&btICWz9r;B9C*$<~!Ls
z%X4GX%Ik?Xa}d~4w9g9Bq&ek8wjS?1%1>n6D?_Uz^PfFITwEgyY$wY{()sxU;UQT(
zC`1SL-e4X)UY=L;V8ooMD2XwgWSq#}oJ+J}gCvO!zU4@Rr>~5^#R)EKemHE_4(#Q8
zHarEDIobIb6~TeLp&RH{5o5j8W#ei6vV+p7d>~TxCD8^382^t23rkwVD~q8L<XOg_
zB*}hD;{EmOCEmc{s(eXG47sd)Fq!u^_-zl-?i$2C?2Vlh@7PE5clv?PVVGS0Ceaq2
zDoN$5YVz3+KDBO0xlHE0#cnWH&6hAL^{IaB>3u{W(w`|~_sMS(t#m;8nM@go6*12_
z8Lvdt_0FD!$?`GY6KRD-U2z)BV^Cs9Q~C9z_F@X?1#hjZ`3)QEhyD2KB7LxZg%*Mj
z6Nr`pm(CzsM_+8`rT>aj+BX&)Nc6uKAmw6*QU<Rizxi{4Bt^?&!9t=vUcioFD2<e@
zCt9KaQGV<m-1U8Jl(IDjh&Jj>oS#$dbIa*W{92Dm)Makp^7I4#{2`#d17+u&!O6i6
zH(=pw=C`?rJ0%wj<N7O0S}RL-*st??3vA_!>R{PM767D<ZNTe^Hmg7HSny;XFh8Qt
zX1}zbU6aNIzd6Cn1<!W5p!e)n<-<xV0qCFZFAi{>_W(zG4iG2mL8~Z3s|7hQ%4o^>
z5DuiA9ca#OqL0Yxc^;Q!v8Sd4{X{!2OPt3#qMgR>jo-`me;~%iT5oak1zk4S_|Ad+
z<}`L7>v)&?nRp`8WT(`17~26<n$JRxS>n75y|JcLVIp=|U6qMKdfyxl%I=;8dX*f2
zc5Lyp^M>*fwfvmQbIGFm@;svbI0IXzoST70;eCCOkd4a4qHFpWebcc<@8?jmzx$6y
z$?&}?)NBjUM);AM1<-w2nez?NPtWMN<9Qj96u*aUYz79RS~u;&jqN;0DOo<i+14Kv
zN|GY42?L-vKYkcCv+j;GHdFC64)?;rUf9g26gFe;blJ?k2h-Wi+EY{6%<fY;oB7~W
z&SqAe`fsqAi~C3tf(VFFw#m<pA=GaL*&N-MBh*TQjVrGabY)s!+_%`kv>jb=|0(H^
z^9<o;W_3+3=jS=Ok_|Am$Ftel4RA3XG@^=}Z8d&2yM-sD!%H;Jc|e<yhsX6+-uL5D
zxEnD?-&H$&HOE(?#0SCsPamMv?%zsjqB;perPj(w^s4!gt`N(s?7JWn;>V`6@?yD6
zwn?;7YS$ca<v+HYfkPlkv7u$G^t(~AZ)(Llc;;}WQr}bKXSnlPUoiCW<!;DC*v=)|
zflTDdcVvIR)nd$=y&>tThwnYQ#_S^=9TI&rN$El$w|)F<I&27{56<(>x!ljmARN*p
zKOWMCoFh@yBh4G%{CLM<=G~mbiIuvpH&V@M<M<9wy^+KnNdFT`R;29e5SjN-7Iq+v
z7*{Lnr3vC$wc`v@`x~Dm85<)vW&VHcy?cCA)wMXjW+p&L!Z`s^qhdYUAVHIuC@7DB
zOqe7S2pAzCR_riLPLe6ZOq@BxL!*w)3}hNoxD_qEmv76x_1=rOwB_DfFDh!l2cX;*
z(Y92vB1O#z@=%n=%$)W6?7h!9bLJJW+TUN!=L0$CthM)Ed+qhw?@*KB5FVm+=(%H>
zwYPJSb>b<0)t6W5)2>iXWo8*zddG$1h<NlSdX9u#u<bT_fw$FQ=9^xf6}iJ|IBD+I
z(9OZ)d3^T^my!Z4kyEpJ8mw>i2M_U)*BX1LQSL5(zA1u{meS&gRGQy^OCJl0C!azj
z$UQBk#XVAK{?W%%S#({AYR`{Xf60vcb!wT>`_3rlM?>$-L>D#m+6?r6&qViX=$B-m
zTQbol4gJWM>F6sn(U)oHzso@Xzsobw?Hc;340K~=?rj?ST^Z>Anwk4z4ZSP_{ZE<b
zZVmn17wPDYmt~+=Y3Q$ip~?Rv=h;QBr98m08IPPV6Uf_pJb{cQ&*A(_)3szmX5P(O
z-fo&V1W8=^D$OQLyW7QybP@|Pvze`BGv*7#zypRbALi*j?7E)C>e?9Va0XsrBHMkO
zxLjh`!ei39S<8!PJW3Iz@p?Zvr9kn6pAS|1;JZV!dOu>rq7WlJ&o8B7dcVkF=9`O;
zE90Zp`{};7@s-^G{Xcw<K|lKxv2oXGLA%RbIR#%GDmlb@)AY{or;n=(ST>$SOpYOL
z8LA&cBwYzQhRBC+RaGJQa-Pm`$GeLa9;;sx8DHd#FW6li{qReA&q<^_rn?ZY&!D>y
zZ(9L-A?1e_DsgR7<csS4N!#}XWVL<K{Fv$&lXXkv>+5z)vTl!@`-baQ#dcEAS(&Ei
znas2tV}<mzl;%fgou|SU;KTn$#m=~y4@DC6=_x+^qc0HYelODYMN0aS$EeJO`uNDr
zm+PywZHT^F;|sKE$!EXeYW?agBJI#vWaT=y$uhf3qm*>I!hHBYPthR1-Vi)|O=GXy
zxa08P;Gx?MJEJqsDfeI`PO%<ZfDc`lpB^85G)UL{ukgu>e*>pjRT_h@<>|YnX>}o=
z5}BXm%ul2`H=d&NS3M2ZX#5OgHvc{wTD|l%V)WlWq32%&9whCw4`|QExLGPBf1YB;
zj;4^mdcTs(-OsWnvwxy=c?hq<PoK$VDJq`Lv=m$O6-&{QuUHBim1K#NgRdH*KT=Bl
z+cq}XzJ$bmA4RqE3<D1te$KD@X&f>7;R(Y02Mu9%>?jF^LR(L<<Rky8#Q#xB^el+F
zPAL{K^r(>z5so2v#}sQ5iqdXJ;Jjew*S``tKa^kJXCC@W9skUc)JC11$6}}%CdRMm
zPfzPD&iNGaeXLLu-&tClzp8KZd6{iKFSE_(Wwtq;5;%KOXKj8xL?>>)C`gK%>I}cp
zqTga0G5RO}FO!bx{glzP+a8&JiC(3T4$|}FnxPs`j(qVCAZ+ay^eSY<Nq%n#?Rl?J
zhN44f2GhO;ADTiROnhkc;H<(JHJwg(xSk<ubo*Mikt7xy|N2wLm+wBq<hS|+V)Xit
znOT$ym`OZgNLRK#cB5hcvEMOvp8iOY#{xe5<Y(DbZRhVYRc)E7YFDeOHYh*0Q-1I>
zYP^gu@!=PaAx7^!r<0~Dhw7whSz%I|#(nk;+u^^R(iOWeUsvo@U9px^-*B;?pVZ6A
zPxDjd0Fyv$zr>%f$VvSWMNTS*WS5h*O3U5+G;6s@A5ulQEc(Dv#VdvkG9u}C_M{JD
zug*i3_>14N#EB!c*`xm)Q^U8_(e&``M3kl3p`_V!L<`^Ej%JgT4ZqEll;J}aNja@b
z%E197<yTQn7nFghVX3bLQRA0d`xr0C`<qW?<QLuX#aGB+*{5Ftx$`7*(m&@{+rLDl
zwMkm1r73aLTS@C=?f-@)?##zb-!}81kG^1!Px0a1XAq-*`a(}qIEAE#lO&D!rb*iI
zu^PEu^RXJa{YZ=43O`1SK1@0uy>3(RFmK+LTt>k^Gj8yX!-K8CK11-M+YO(YC-y!3
zNwoT;X3>ooVXOakf{F5%TbZ$Z`Xj{Xxes*nt8~8UPb`cH5$L-gTu>DMH5uHS{tliz
zemqk+XP;5;*UwfWjRUrw`$|=x68%c(t;fGso$5cypg%g~+}FzTO2yGl`VBKfwTG11
zz}~YAaIFFus{#!D=^iycIHL<|(>gt^AF+J?@@tmQ2k%qEI+z3)v@@mY%ZZc#<Cc6)
zU+ic90fBbW+4O4sG_x8_S~dRPhw13SO!Q<|&;6k$7pA{20Q%7}s<3(HZFzLD-H_;v
z_yu+5z?q~I4mW(RvCVi94EgUPnF`Z=VTJk4*{@sEJC0^t*7oMd+RbZxXw#6)JLtE5
z{B=tWe)tu9&*11+Kwi|JsihI6KlIiwnHIczP|+r0l872W^?v>us2L{J)D%b)td7@f
zc1m?M%KhOrL#6y0fe+^oNe?(*CB5<=exdfOLVbKUUB|xDV0G-|pUE>F-4f_3B;BQd
z$r$GCOAD$u4pD-oht*)IJx8$g(#Pt4gRVkDz`r@rRY>}v<j+%l_~>8&ZOiSg<mqhS
z+(|xs4I&12<|%|lixE-XqwD`eaHmlPoRJBhNqy~?5vh(vuQ+@`1u&e+6yi_6)B@y{
zA0S4nj%#{h`ul9hst>+`IP7}=YZ>UCkG@v&x4w#)uY5mkDDS=iK>tg7nByK#dKcHd
zqcBeyuz%z{0sy~?bQ~W!j|jl8K5PWAPW(L|9Ga&e2=h}*rkTi_`@fQTTKL)5;)D6G
zUn{xouS|b0+069!s=p}u`!gksKmVT$U{nD|7618x0*D?^0Iz<`0J{~yJ{9mAC9B^k
zfd5qi?<s&M6u{3^z-%_8*Z-gb2&;fr1<<MhTq<C>Qus^-Fjoa!*{}3}6u=}E@Czly
z6$;>56;Q9F00oe*0&0~MAO8mfocOZ>_)r1-UIF|`1-KQ!?-albDqwiOu2bnU>N=J4
zjG0csa_H+S_8BFT-S`F@Pa5~<)M@Oy>D{a^N5h8^sf7Q^pqKD@+w%1i-u$7C`fd7A
z<lh-GssG}=<oN8Ce`kz%`cJy?+2|2Q+*$?<mlI?5<3C-{CSIQzYez?1IR5T_Co`G!
zjxzqMkWl*$VwC@rdavn~hZy+NCmH!){85b=-%r+Up8`DaM_t|iq#tmfp=Z@CSy;7F
zMhx}wp_6A3qhrpcM`mHrFSbYqWse?AQZYlJVve4Qo3$HS&%LMapgo~IwH#ETGgR;W
z^rwi_`SGFFv+VIHKKwW#t3}oSUnu(jwvuKsDi1$Z+*$O%2N#U8mYvOvDHbawJgk(k
zS}kGBS(VV{gi3sU%6aYDS*zCIvHb9Uzb!a5pAWm)8AgXlK=7+PWwSFohv;$gF%qWx
z?CQEm(+@T1w=-IM$IrSSp#QO#nXh=BUC<VMCI4RY!k5?8Rre*2$g}p2znb8-Q(WnQ
zvP#k#Inf`Yu10#bCrpYr2Wv|6dz%fB$Jv^In@Q>Oy2AVYTu+!(WMY^!>_bH)X>=D&
z`a^3^m@dYh9H#ecvvV`FLwf7zLED?y)&xpY_5NKjSUEEPUh~4}eftsDshMci-$bjg
zEa+vswb+_+<-89)BWhOy^#5=tvmj?=b~e$BU5qh%WW?xUS&5%g(iM<&b6C3YNJNZ2
zCu{p6AKw7%{7zu!cLG3v{m-=XILYVer5We{J|H7TC@+<E&DNmN@p9S)Zt3#Dhe`C<
z)6f;}^K)#)3R|$kSnqy~vfi1p`{^@3Ytlz{P+(JPyGZwDYZJEJlW=4gyDCI!llS&1
zd{FAeHo58cGbnsKx?0=ElZ{`O{XfdD=Tv^J)cBQFUuksDPm1ZfS!q}gT{cm@KitQ!
z-&y@7snTCreJ`i-$%h_Rgtz@wy4B*6q}*%cAJuzU)s(F;q_vBe1N67{(VYG-jX5hW
zB(Oy~=Jfr6p4^kGbuV6&bIRFY|0Pw<zMmmyg&F%tQ~7Dr_Fj*F$H%zke2G?lc3RcN
z3&{nitNN?ISLCAqD77ViUN0GzWJ0!j_K`OIdAOPN{PLeu>v>;#J&$hE_Rr9T_&r9t
z5#vVyu)HaFc97%=o*hiLfAN&TJwI8&b~BY(d+17Xt7-KF_Gc0MLzlWuA$jsos9WsW
zz6$?U)}FPynHe4XrZsr3<DtXB`#TDx$uGC9tL{_J(_#7Pb71GWrzQQ*;Qbx>{(sF%
z#?ii)v-pDoKK#)I{6WvWE+%8dLR^vV56lukfA9rn&fZAT+6;ei3BkSVg$#cny`1h3
z3UvNpKk)~2-&Oc6LXOTS@N0J{S==czL%bJ~x}f@odCDPWX7%j$P1@xPgjgnqOor|y
z6*Di4&e==v1N}Pw;W{5c{|~k^vOZS)!wowaqn;)HVZUbgBPaTc86@<AjL3X%s1)^E
z(pau<dja}KD!Kj>JJ4RQSQb*zq)M^Vc&W?auSuovQIgZ^&og>95_)O}_CqiJgz8P1
zQsU9a*Ja0hg5vo{s8-`>@_c(m<2)DTuO3faz+d?vrlP|3n-U)GWyWR!d7h?h^(ixC
z3d9k}DiHht0%3j~ab1eZXL_mIGtY;LlBeNO#d%!WH_x=EZ-vc7PpF_&vr6(|3x0EU
zeHTqa$8HYO^PRHWzsFf1*_Bk4=y93dXRG&Lz2n<E0s8;*S;k1r6gFGBuoaWMo=u)d
zly#r~vd2^8qq;BpAIbYE=+6IbvUZMl7W!|c>7_oE_T@?cewTTEV??I=>*&ch!DADw
z$}XzOtLf_a(AHvlF-RR)dslQc_WZ1m?un>q^a3<SUL>geaDp(am>+H}rnl_!!<*?%
zyH)(~1y!H(9&s8!e9^SedC$^jet1W-wP)TUYovLRb>jPcXml~%G^d=;eM?Xt!iPqa
zzKuMT51pnDCO-6r0ibc$D)n%}#$Br>Bp<EG$L8eYg5=|(<YPzju~R+iP#(;O{)@;K
zJwGQX50M51<)QvsYmYDA8vat^s`ocV&h+2Dl`4zh+T$xGpRcRyncr0x-tQl3>6uwl
z7vAG9CTQ0GW)7V0GYY;)xBWNv{F<<hU%g~T9L+tes5JIo`a);Q#-?cyln43WAjK+s
zYR~k){u}DRpP`yGA>-V*$XV;y1J)@-O!&2{i~!r%UbT0s_ptlK3YK$?4oeuC4E=a$
zT`+10@8LuLBhv%>I;<1_EZy5<JbFOe&$h#G^soFi^kRQ{G~P^lM;_gkc0cW((Rx^W
z>pHBF6OEBo<gI`Hh8QY>(bz*J!a6a=hi{^#yfPtun;(CTN_X&V2fwyT-B(Gk=Wk1?
z*97Xaer*8QMz5gzu6mw_(lR4h%l!MVna2H@Y8-2wlDeLUy6VEnhwq~2ggj6Ne5i??
zZYNlKd?ii2BL_D|p6Otx^buibn)oL^^eNpYFu10I4=pGHsHx;b@0;ida^%{SbsxJp
z{j|*aBKAh7^FyIxJ?wvm>tW}H>tRuXxg)ZZ4F>!3_-E$l(N*$ykI<uiHar{JVLmi$
z1ofgxvVtjOC5m&TyL5!UF88G*+Da*m>|hj=M6>g%-wo~I*S{PcVgg9I7{dGojQQaw
ziAS8r_7nc2R5j|1|6}u?$?{Kb%|Fv`J&hQRvG1B*{NgNP^ds&313i8>0lkri|J%<H
zqt9f;-#|eBl7|1-Da7citoSPkXh|CW+%FKL^RwblAfU-<_?OUiJ6ZA19!HE8GW_6!
zkjIBUDxy1u|IJAc*Je9~>+`GoqRyBS|1|c{ZSIYeSFw2Eh9c(I>#FzA5UMfq#3ro-
z<r1JgVmhwci5UHvw*FJ2&-Waue=Hk)3kYaQOu0{Xm3lTn@If%}p;~$y!JrR1(n)>s
zJiD)c&?7%c2mRtaBLB>ML*&iC`AR-?sE}$@;Jm=E{_#)%>q~IGc52q2`QSel0X$Eu
zU@0x8L2P7~HS$^Yr@Jhr<t(V(Q&;^i+YPYGQaTdU^UHTxO3Q%#Em8iCQvMb(ZIVg_
zD=|VO(yJ-&weH~8TT1gS{4-K%e&F0xe)aQ404piI833BC{4d_{4y_A)$%nQW)m~k%
z^-$p4_m`E_6i6d$cCwT8d#zIf=f?7@YuM(tNL;yvU9j~0qMP{Lg{4Jx;Um1|{m8=7
zB9iK09@|hgXAnS*z=wWf1gIIxhvyF>6@0g@dJn6hvQL?^$FQ?;;(k8#8zViiHq^&=
zZ#0p|8HT_)fnVh@(PO{(@XrPV1nxJ6pJ%(m3W!mEW`;pAF@ynOWakO=TEl^J#$N0D
zX8ws+0_SdDep%y-%L{<W()z}?jyFY41wSyDhwiNl9kK9ryDWSi*4)mAULeFz;zPe9
ze=GQKl=OAp<-^+z$~g`-!=(J00zNzf5lQWyHc%dvSttI9oi*M&!(e9QQI?dE%B;<!
zNFy63zRp|TuM6+7@Rp|1;=0hg3^lT_bfhKHR9ejT(`hUs41ZTnPU`WY2lJ9Mfqdv;
z<&Dk;hOQU{K-oylQxfUlQjne=q=yX|tcQ&sqK6&G2Z+2J*%AEP*+A?hANrTUtPw&T
zB+<*kznwHk{u+oK;zK*rFz=_BhxyQiA^>whKE#JMr=cuTQ8wnQDA7SFDB&?OZQQ)*
zcSw9)Q|=$jq_pO{e0WX*(HuNt;6qmO#8%$C#5U2$h&7Y^e_<cP@A9EW8POa$V2->W
zovOvlw6S_DrK5<@SawCoQ*W)IapKM%OKA!FQbM=iAEt*yEG#Xri~OZ7a<H!Y-DpEX
z+vm{KBb5q0U8SRvJKY*1tGZZd5Hip*MiyF1OA0NeW#-7QR~P_>?vlRKxQikIQ=yXZ
zyHcTf*Q##ilck507k*c|%$&q)+_fs8Cb5(j7g|b-q{|vp;34HP{Hau^gVcrlX!gl>
z<U{}b1)@2bC7bh3p1=IO&UU@Q2b)Za?V=YGx2@AeGW_ENZ6{;koFKgyI5$)}5I9#L
zy%jh&O!|G`e&bF)<R3z{_OQPoaK9<Qj=W$g4)bBsc}&Xp7eoYKewHrKPz6l7OcT-d
zJNRezSbK|l>G^s!1pz+%QUWpZ^0R|3l)}hTJjHY~+?_y-zMkB##rmhpMy&Say%>S}
z4L|2sUvFTx)<BK)yYw(V%LzX8AL_|`q4$hzzhYhWkx-wRU;j#7^`2-=avxjGr+kR8
zv*tJ-+I}9f<^&(^9ID#5=lRgPMxqff@!_9Qr}8~x@66i3IRn4?N9Pfve^Aenq30Hc
zW*gKe8yzHiR~x4#5?gtm2>koz$bsnC^V+!hyVO6(%D&1Z%TI$|>yHuJ@v^mdMjq2c
zD_{3|bXt-hZ0=*`dF`AD8h=kdpB#5sSSs}NsIDQrNAV2NSD9U={9N_iIYgD8(J6?y
z?pYH(?53z7aBe6cA~HoRKiw@6ZHgfh&+=oU+K2h@23bA7@kcT{zfme+XE#11BWl(&
z`l@a}9i1tUKE}!|Q!KSH+NSb{odWrei9S8WTTZY7{#7ktC~bD*Q~q@dC&SOl$-JV^
ztK&I=bBF!k4cu=G_^&6H|D`;Vp=q<?u<ky~99G*pCi~}T?g2i0D}6Gl(mCcFVzgX;
ze+E^F=(}<<;HcokYtJAC9x_(&A>tuPF#jgqeGxfLzX$m6!}LkX_u0e5Uxt^Euyo}a
zwckI(6kT)<QP%(kd}w%_G{7)ElpjZoetb^HRwe<BXZ2?)Htt%rLfh0!O^VK#MXOHH
zYQDsWcb-9vnwViXMeEKYKF5k3d0F86P-!UL%bWO&j>Sda{E}IQteUTc0AU~Dl<|z>
zDi)qo9v)O5esWIT0rllcx`~Ak6IKQuQiF)_!p{+-KloA`k6TNx8SMSZZZ@34daW;Q
zB{66FDrGNY9t~UxM)ax^h^%p5B7UZ)enq&?U(!>TPkJ`OAbM2{<qdOEJueb9>b*-2
zo*%M|*yMn6ud=!43DVNx{e1V`#w23V?Gs<;fAlFm#b?zTX3PB~-5MpG^(AeG^{!Rq
zFOuH&u2m&kd%P&nvy2Q<ZDUWpGO0U%8o%nFOzNcWeCum)LIEnT&!@h=r1am-yXXi6
zWoXq&DvU<bXrY;Oi_lO$RI6?pnkXyVh^k~NjXU{}k#YVo9}b?Pav9*mD^JnZ4m^~%
znGX$OsE7IRKWhl<=u@7e8lk?^q}18Q=#!@q8+)JFKsU=iLpu?@FVaz~z@x00I*eNX
zBD(o=M7Fv3mGe~9cJkrd&ZtfI%Y-VDOp;7gJzLMvN%8J`iHx<deof#ZV<jK{r??t*
zMBa=Rokm<o`WM^&iw!3H@Hk@6gZaeCE~W<@JVTFQ`;xX>nX+Y=B)B}x2)+9_b;X<2
zE4F)9(Gw~suIgu1K2E2qPg;9A=>1%cktYbe-x_46R89-VP)#$Lrt$BK_8h0xRHeL&
z^ex}{oR&l63=toWK9!&qjJz5{jDCJX@Bg2pd~s0cY<@9MTS+L5jl67rQSr9K)m}kD
zK^n2Gf0=*gU2E^C|HrNg|7&fa=4RFKE&80;lRiF_cb2$o=BcBHzR>wuQ$SilqJn7U
zX^qNey5S^2MPVl&zWxLvB`i>LS(p!BPP(G|)6S|pW9=RP>GuHozxO0-jrcK|UGkjB
zGyVKiY~W#qj2Jz5j4(=-ukcDljQ;m$w8+DJc*F@ReE~k4PYNHz3RjVhgo4V?==n(W
z3YF-(V<|Rm7$2&RDGE_WxLiY<dayFf5V4fz_um<gVUMLWKiYB(k&p*LW#us4OIUBE
z-E&&+qfb%$Zk1L0K9xSH{v|w|#0oz<r4oPjah3Q>jw{3yRjavdGanv7I_r<qSYx&+
zde?Ep$j<6L%23n#9oER}fvz7J0@mJ<j~i*;`#wcH+NX_1t>4K%v!6g|wU@{jOuze6
zM0yf_;2~3(51%I7xRgdJ^(&%Bl%6#8VbSMK61iMK{U{&Wt~gDqlfyqljP5?G$qm(C
z(t#K-N(^-p@xSl$WYkeJj1O5zUX7=yUMnXb7h8L%skiq0mKy$D7J6|ySSOy5x_am#
zyy5+Rds9!44OX7<4Q-nE8viK0)TQS!>N>{C*2weBZ8VkUTYDZ@)HwEJ)7YI&5t^te
z@*2)vz$Wl5rTJC^%PQRGFW40fsD~5>UnypzpUV7)S|Tf>apFGdU=PI(_es4+_pP(`
zJjTZVhh26Lz%CPY4Uw7o*2vuAUDHdD9bH^}k2=5K6xnGV`&s{>M`NgE&8pn<JYhhz
zGIau)9c%mW0^mb$4*}@;Nq`m*vqruM@8`q+N6+#2C9z<9a1rVDJikvlndnhEa{7EX
zD}qik^aM9C?(vU4O%uMxhprj~V4cizSoK66ttz8OVf9WvbR>CRSWnMB<-oScYr%5{
zKJ-f?K(AR2o;C2RuOXf-C>!`tZypu-;5nn2U%!K%na@A7r<Q*v&sa->ogE+K8+Jtg
z5ZV36#}Eg21mPetR}TyZc$Tp65rhNeL!AMjxARO;HY^)TFWx0xZ>!;TtD)xrji0R%
zh1$p1{E62PJo_-e`j7PBmEV$Y-Nv*U1%uR;lA47p5V7aC0p(1<6FMf*vkqyduO-v8
ztxKN5sKnjDvqpaH;5>G7MI}2sFf`i;z@*mN)1xnY?C$V>=?yF4*4j5s0K0<wRJYzN
zv-wyymosrSoqh;klXhM>X|v#T8PPiSq&2d$G4e|Pvk%A6+7s+%XKa&(rZ-2>YDBNq
z&drle%jc+~%ZE>!Sbs!o`hPL9DlAbZ6?+VsqOgw-$7%m9d9Ow-|4dT>X;aB)B#nA1
z^7}_VqD?B(CJmp?1K4q>;E@l|1TY%nJPh5@`v|EsH6guQ7a`&!vhB|R{OYZy3$<=!
zSMY<|cbpg;+!2_9Lr9uWh)+B*O=<0E-IFp~usc6`R=MAkf5sTuMSSmnB=r5?(J4bW
z|7+9@&xDKes8pNy)w@hY0RqZdE<5PlMUbigl(+6ms{aG|*2whY>ORE)+@o9HQ@y9U
zuXihn10Eqv1b$T|z4A=4B2(gN*~~4DOfRALF-KP=h`)>U1wX!BsjPWNe^GE(U<x9@
zvUxlDN0@_$ZV&bsn}dA;BKGNguykh;?`ho=vU2RTINhHe>=!KE#-qEmbB2j}pCNAN
zteL7R{V#av8X6BD9i`yyI5ar;(e2jYE`#A@)5JgUq0fm8d1l-sbL6Bsc&N`DI2(}O
zvGxucIUm4kdY)8Yt@rf&>OO1af#Qg-B>GS4ea8x;N$-#R9wySb${i;W+7$DAnv8H<
zW1YhLXful+RUg8K3KF_z8^3p6vRq%5X0t|~r=~OVJXNRt=Mj554+Z7#^Q-(Z#3}SJ
z40`8Sw3@U}+anWE_K&p&cNncfT8NS9I4go0gQ%Ds|7Z(Nl$G<l>GsE?F~qh<CZ2en
z4<8}{%u3RI`%{c~ksT%_M^n;js5xG8UON|BHu9_PO0f1J0TKN#c!;MXbnB8e|3U7W
zN3YVx@iQx8(iOY$9AfWQ5QsD<t|4Y*D(Sagl^mxFo-_Jq2G2gctiE?Elu@Z40<f%b
z3Su$vtAz7<;UC=s5Sd=0Z$_d4(KY9F`I-DfsOB&Kb?{ssc}9Tc|CUt5AGG9D#OQQw
zyo7KkPmN=OhlWI_=*42nn{zWWiOejC8dK=4nVX&7gXi>ltxnA=*k_E)EMZwj|K}XN
zpzhWdfaiX!9FRAMrrI?Tp#MdG4E4)Hromi#W%pEim((4_BoH8`h$sH0VFj_<A5y!0
zm(|*{e1bJ{SF<&;+-jZp86SGpplr1@(+6WyPeZ4fU%%7LKfa@me`Y^%&_}DR!PgAc
z`>he5b$a*6Vr$Rb&f4z00&CCoPHT_P+SEJE*c6%GX`SqA=0nfYaC>m5Z{;3!Vp6&(
zIVou{=qFJ}Q;+PkR`*r!Kl+Qd<ozS_4Z%a#H1&SpNKD4z+YS4a`v~r_(x&BCMF60J
zh<jvbWXFzAM(l_d1V1TDl2=p^*=g;W*}3DB{NN|0wcRbljSOHZFzN`;(+CeY&;=>J
z1tb{jd7#8P_A{JY9PX2Dv-V7%V2w;~wnnB~tv%BhSV@w|^bRE?r1y}#O&6Y6$9`t*
zdAJ1M4EOo(vGxx7$sE$igEjl5#gDz;Hw6#zFPYReC)#=TMVIY3G}s#4X$XFByJ5F=
z;(71U=wL)_>ivFR@X(N#Xuo5xo+5<`<&U*@*iCZ)p1Yoj%`hf5pWFt}zuHIdH7q9J
z(F}b2P72;az#R;H>P~>?N*VYM3>+fhMqdnpUOEwcCI4mk_V?}Y+uygpZ-3wZzWsgs
z`}X(k@7v$Ezi)rv{=WUC|3+8dTvg>O8!JfmC8AGodjz|;-M>_HOFp4&^!=?uyK|Z7
z9-EFQuCO~K*Gj?T7PSNe;k!M;5^?2nkGD0MKP`W;-6skTm)++R#;`PF1Si3l1iR27
z+B*elWv2)ru8>5x&*^c~_attIon~&cwK^S=%_jI<9;sYd?3V<Za|ZGxL3BzTqF1oD
zwhCh$tzw%%Qfe8D5hRZwb%;V*fgUA=%|=S_*=)iT;hxIM%6qj0T6wfyHk;E;=<$k@
z-|H4z1-Hjt;Ur9=*)fX7RtiE(hbY(=J6%p`CCQ253wF2Qbo(T`+aU^`Ho-3VBrhS;
z=U>d2<!KX0Zcd-jDt3BBhg}j|%LTi;Rak0YDJ&KRuej8+Ol%dLZow|J`6a(s6qboz
zS|d-J(7aOW@VG0%W*c2O&X-Oo`IbtlDld(0N%VGlMM?Aujt;xKT@+eHNpwhJt56|G
z9ZsLH)YIyBiGsuK7CdejCC25kw^CXp4;2}wE|*U7&+BoBK3^q(-@Vx5C$$iz4o@p9
zeQw!U!7YldKEf7Nd=z?YHoM#Hk?fMw<0jQu>i0>cM4u=TcG_9%dKUjcbVv+;$?{gQ
z&F*(e7lRJ0jy?i(tZehU9i*Vjv|N@uT`nrJ4!_qcx`|@g+uB5jL<M7+-Q^d3g5Sql
zL(N2R*j+9kX!RI~D#_pJ67^)|r0biaN_`*WqbzZH+;;CuDqAGS#iZ3;q9nGe^!r3f
za=P1v?CEGFh+vU#N`3G1+g)z^QZZY7iL|@h^%b_+E)G}I8gYd~?4&hPiSDp36A8Z9
zY4_SCg##-6q}n8#(Q^b}hsW<~W$2n#q$y;r-6z(mC6v?bN6#Voc<oM~I7wGJQ&*L0
zdx{39<ih9>mUlR*@-TAjilS<)m_4tlN$`q3ze^I9JEabfUlK&G*W)FP*u3%%ie{T`
zce&E+yJCKmq%gjz0yvuBv=giA7W{5;MJH3~bfYbd89i@I7QZpNa)M7F=D*Y9bJA9K
zX=z4RR;T)sl=7DPU6PYXw<3^j9&hea0i5n-c9*kNSSHyQyF{Ul8Vi!fxwO;cB_uNw
ztYu5gvX3>UlE&e2x4E1SX;RWL5WA_qsPf<*BN5bPqE`~!V!K^(E>nmka_4j2FWMvk
z^@B%n*}d%)q$ZL)#Lj8*Ma-1Y=9F}Pj+jF#SgqoU3X&r=kz%{(1r3Qcyy_Eu{>46r
z*V##HLh@Z{U+Su~(f_A6+r2)~TWRYge{F7Yg=7<#DW)<Do})u_EKxCX!X?iV(Ve{<
zhi7T0$0yoaJr2zzXTzgK*d&ilr_Xx4x}{D@B8WDhDETD2B-$KQ>TR~H`DH=V<IS>r
zmsC1DF8@+u5Zgs54W7)$E4KO_`do6+m5G=wKgz1y^`vxVEi`+6gmRzL-R=@?ZcnRX
zsfeU4wYyiU>LPgrzq`}!SR#~ZN;~@gR?S}%zbP#Bctt_#u)C>>(v(ywwZu8<ZFf65
zJYHStIq*dGV55eJ;mvbXU86eSl$>^#^L|n2bUKz$vqlt_3Amc?EEY73p;@!A&hGMx
z_Er)<h;B{2D}^~?g_@<0y8WbXbSgMR-#kk@i6NDoOGVX&s^QP**2>YX#QrLg%9zoW
z)l}C;`vkAwO_QYH0>Io3yH{)#rn8)Mkx?>QWpSd?^ttg#)rbRL?)A9asU0a7B=1VW
zD>9m$?sfp^u>0(i<SiRJNg#ini~W))5Eqzczah8$X!_}M*j;v|83)7@@AHdphhE$U
z#9wOf>~y-@bIM1GJxY-d0GG#McL~evUMH24F{6EB1h3d8dI<ro!eX(F$gJJxbGEy6
z;ogAs=;;_U+v65nR(6UPu%Np9Y_`soD{Ou@l~U10)RmeV8?`l=<tzG}#Tdbb^39<~
zj8bAjvf6D8&nJ4BMkTAPmVS$^%2r)nsl2Jtn9bw0v4|RK?X5Jr5ZYY!cIIxUudG+_
zpe7ki3Zv%<c1alBITdU+8o+yPHee56v$Z*0qRj>#ue06h2AhqT5qmrN)M+QtCjBIJ
z*lghQFJ_8n^NDt^qr*npp2q9RC?Yew&l#^MT~DCq(e3Q)6eVbN`iKMo@we2WQYT89
z+$-MacY4KEpt?ii2vrbT#Wtr~Y^5B&iE-Egqe-OVn>4z0tp0oF$`x4~g4n%WmOGcW
zF|V2n>a{Ot>XHlSbJ*Rvl`JcSCeb_lEJ&TAH~^H?hXM65L9T3aLP<6Z$a=GS9FJe>
z^h>r5ySvpTdb6pSM8q$fy45I>;qiMN;#7T7QlMhUb9}ZbRy4glm(wk3!9zNb#%mfh
z)1#+5?rfstaCuUj%jwqFf3e@`lALZID48m532ZhMVzWW3M`WVB)Gj$X(o6slCn+Qg
z$Q}U^B%2NFlHd~UK8ZXm_4uS5VUU8I4e04iZF8m7loYi83Uyk5;wz`IzY+puGmuKW
z%-lY6e52=PEm<>$$(A6EqL>^T?a7i5m2|N^4)p`cQR`Hu^hT8gL_XC)A@-@=<ymZZ
z5ptC$6+qh3?<LtOPa1%<zK#CT@>TlhDINZ_QHk_H4X`<VHiyUS@k>s3R&mPGxao}n
zRBC|;Hn89r7W>=UL@#uD=x|K-@j>DKIKm@wED6N1<k2`*-5<wk55!UEisORiaa^=A
zj>3a+ta><(gMJ>zmEkxp4aYGYj-x#s$HT!m9@`ej(r4p1>bW@XeJ+m2o{wYA3vtZb
z9Y@QqIEMDb(eg?hU)deUyjSD+%ByjVzYxdJ%W*8<5y#MLaXhvoj$3xdar=vLT=P;K
zH*Slg>%%y1ej|<>--zQ~Z^Uuz>v25%MjS`on!r$b0_)2YIHf#+<H{3wV|fCvD^K7R
z<q0e<Pheho0?*!<z+*Qi@XYuGc9bXZiSh)#Ql7xi$`dG5Bye^`0=p^__+J$Xe77Qj
z`IQM=Iw67m6B8&*O5lP?30yZRfqjz_cydw#OC~39+T;XIn3%x6i3waZIf3`u6WF&f
zfm;_QaMQvBE?Stt;(HRfZfyb=J(j?hwF#WLHi5Nk6F6~g0;|?0@Zq%yd~$69_pD9e
z@wExOWL*L$tV>|F_VJ0Xwn}RITbYR#6wO&IsvS|%C-$U|Bv8k%#^VEw53>$-tH0Cb
zbl4?PU|oXALYvd;lLU{0jV(FET<Nt=iCthOQBZq}g40doV4vg_?Mri|Pmb?+6-<Fz
z$`s!|z^~CwqC>mnq&<J)y?p+qKB25?#po5nGWu}yZT8#j;~nKf)r#?ss<ze%w~@zN
z+U(=TFTQoGFhwY1ic&5xy(woM_Hu#fQaQCv<$|I_W5=eI->i0dJZ*%2ze5t1ic1%Z
zUZ3FeJ30irPoPbxbfL6pM_fTT?vz|BX*ES3;o)+p)FDi>`z4Q!*~+pOuU{OSDi4Y^
zq|uMsg(B9O@kz3`3!PrE&ACE9CY9_;5IA!}+2M=*k}~LGcYEkSy1w_XYcDo1;`9ls
z1Tgr3oqYlysFR;jKO*SKx~1ixwWF>2{Z^+}bV$x+qAg_@5SV;tue+YUtex`|`m^`*
zYh514lDSGpYp!JXN-b=FMfowd<t!cs>~sJ?z00$Ffb3cMvslM18=SSR->pQ)g5Bk`
z`*iX}@*f~Mm7m<yQ+Sg1zBJ}%!hNKS-11GMs1*Gdh*`OAwC_5mp2Fx>Rc!^@j~{Rl
zCXIh}?$-3`>Fb{j3|R-ya>BK4p7!&*m$*I4-2zRSoKDJsGh3etPvf8HPP2|#V&9aX
zgK*8}blW7a-61ZfV?!zS*tgQ{aC$1WaKx7iPm#U4jOu|!u@+f{Cmo(8eU_d^Zn&5`
zy{;RU3eOBHQ+^rtBf}p%Jnq)qjxp<C0O<8Qsasj951Ads?C@k?D>pm~d%*1xR9BQT
zUZeh6MV~`-x7xg-&*NH_88yzOJ~~(HrogjR4|KYh6+TDo^ol-__}aQ`^iloR4-G(e
z`O2!isqn1jPxrW)8~0={KclZc0RJ<kPbYuskVc05<TU*{`Jz#Wn2kWUM_|KoO7p7o
zDa@XX_NAAX?&s`j%|BPO$E>uZZDj0I>#J6W`ky+t<XzdK4HM`_S)j)6c9Q;*;yR}4
z;z$|~sUCsJQL+`accs;coz@it7FA!B_q2{UnAJg6g=yM2yJT<orSLbW>rmiycF)!>
zN=`{!s=@6pmuI<6sT`FfI%cT}QEEq8_fE%{K;@ezw0=5XD``WMX@ek&9H;>=q;(<5
zyE-h-T!6-3#bdBJo8&}>s+Y4BnVn0z89E(Q$kpE2TnOa_t-m*^x9NT;DQ7yBW#uQ+
zJCb^*%zvl)*K~hcvv{SX7oxdz3_Pjw>^-UCb3}Wq-lU{!5EJ9%`z&#($GcMZ&g5QY
z5145jnJiB?5X1Zg5o6m@&HN|h8oeH~8A~EW?43>g5_r1*OZRuwjW70!b|wEdB7Qz;
zrAq`IzmgVcJ_*Eh7LmT|3<%?wRy{D2xKM{r-*pz#FSS)v-&&y-r@k*1)8n{wy%JYY
zok{m^tp3T7c&AUKGfb^IJEiw`>Hf`OcYEAUhh1Sm+-;uKq_>YPD?3x{rOwXUK%qx(
z&lx?*_{+JJ=}!{go{~P@-mChiy}Mg=(m>uFo>pCSmfFi=^IODzsP8TI_7s0MQ(T$y
zu8kC>#xdYydJKv|*9L=>AV3>gZ*}_Ugo&fW<8+8V)vklTvz0UnWxWrQeR<tjoR_K=
zuwEyyzz3KUO0Mgm!&7wDfDQSPFRi1iZfOP98)XK;2dveBjn66LSd1ohIE(e*V7b>R
ziLl(+Ds`|<6&1k=pbkJ2O<>~GNk>mf<M?2y)9vxXQu`06Yit!)uyTPpONYnrmO$|s
zsrKFm4!fg+4bHLelIWvDpUi*QY`#v>VYATz8_E)(mY&K49gJkHZ?i46JBeGN19dfR
zPM0{9HU_kMh~d_TB#8jiXor+Q`6w>8+297Kgkc3x0K=fg+yLzkm<nBR9gG3E9h6PD
z(-hhf5vwY1t{e~cPG_Y<ZIf%+--@Y(N^L}%j=BJ$CyAg5sVXhkDi0M?Df_j=Y;<1-
z)>5YQS1P6|jh*&Y5gpcynkG~cv`K9Cz}sGab5+&NlYEjl+gI_vEMJ$}I{}K@WIQE)
z^?&`!Ka!sO-R70?2VNP$C*uaMj0==^@^_%|DMFIAfWl_)>|}<3O{{j>o!$$q-^`j`
zo5&?0$bk5*T46ciYGyg%)H7typIAMw$D=cSnefyoI2FzondPQGxwaq$&Vq-`#JTvV
z@|*CErOnLvV$w6G{*`i|>9zLy>I9^wzc2v|pDhT;hDYIa(C6X^No|k6lYTAzS7#ur
z4|O|#PxGauznIb~J_~NM$`_MAWj%~fl=LxJR(P^YkR8rESnl+S-^>Y53w$!*X@N!t
zTru4+Fq|$27znP8HKo9_a4-d)r4cAxSx}ON{0umATL1&XHR^N0lOtt%cs2ph!}a8s
zWgFNOuD@Q$9IzWJbae^Y@uy75hR@<@W&(t%LKVqYRjG=pG_a{;>2DM?yqYN)IFhFm
zvZlL7O;u5SZzWyJG-ZlF0ubBWx;y99&7NLon|+6+j>f@~xb#9aP@Ej)E2i{9S*U0^
za)BK6P?BX-W0twOxp8)bRttb7;>rurKu~g)&&KgDkOM=?kq27{OyhI564*!j7$PZ_
z1fs51fh{O?w`x-?!k9^8GSiXxu+^Cr{aO{BNUVk}BnLM$GF$BOIF<;C&(D%JM@b~t
zd2<>w^Xqikoo+Qhb@CxgeUgRT=l2j$3JJ*!-GUnbX9DO{Mg|4R%Bsb)5q9l6o#9KZ
z7uz7B5;=8@+KsAosCFQun9)Sggp6ThR;IW@@`_7E*Gj?Vakp!W58eKyi<K^0cD80B
zW@~+Ysmk1)AlVlSjt;xm?vO;Uu)IU`it18iH(Pih_&V*5j2XQ2))?JlZqVnSLg&0W
zje_WN*gM5m!Q+rbNh_a}<nVY&GQlO<i3JztwbWNk7ywW5+Ue@Z6vXWHkvi;>u*~Uk
z*(K4ZuarLDWKEs!R;R-*dAx#npWp5hB#%&~_Pew4-QihEr?5R<Hp`TB@)`V371vA=
z*G-2jM5N5aX?UW$RhdJkJ?vCjWlT;oAQ#;o;)+($;aqBWsUpMjQAdI2DTA*`PO3Sp
zAxidq?XJ!a`(jaYItWYL{-vVV>Clst(_*D*S!TW69(P4Dd%G(o*Ie|pI@_JJb;eYV
zNllQcm#G4rJ-_80PD!Nt00YWJ5-(je6uYT<U(qdjouW^$dquW-*yZvpXFGA|9x8{&
zEr}~6(EQ;Napgr|C-If#;TKGi#*a3Sml`*>xIz;2<7up2(lkt2YQo$Z9W2k7Qu+Ct
zGRnXI$Nc-ve)jj|+h0BHn{UhbKX3ozXv_BRKBYXf@)xp{&;K!Z`VZbpKL5A!{NuM|
z^y$90yd~rKw+5!;vNZS^g^#4IuK1&j2bA~U@0T$p9@dS2rmqW1_X8R5H20_49o_02
zhLJYTnO)CnG^<HvZ)z?)H#KHN*3}$y1VZIwsI|CvOsfA*`Z=b*4v)(vI+DA!a^_bt
zCe5A?T<(KoE>K@)_A8XyUVCkp;jA1a)8UnLP@BuMJUfJbOkV_&TojZ&CvAu*I|=Ft
zQ}()%cs6UUYO+pc#-6S3n2dOK5@KL7qA&rmcp~Do+YpN<AfCMyaouFZt&<VAO-Agi
zK|EB0*nAsee+^>s6vR!pB9=@+Y@UL6XbK`sMa-XySTzYTz5mAMA86Pp=+@;ZtLwz2
zozhCW-X$08+8VeKa;iv*?5C?o`ZBDHGW9?b8qlR-B%V)S;FXfHva%9rQBYl34b_!5
z10f13Dk|UxxE`*9F1QEE;a+$E9)#PIi}&WX%&9Zas+ikip3{>2YPn<jyjgX#TPo^i
zThi7~<zh)DH;HzVE&%oMO5~vT@;<tWI7_}4nNYVbNzXIpvox+{z%MrUOlD9f5v^93
z#+c()ww;r5+-$odo&Qm`VGuv<>l7W%HYba-ldPX^ZZgj)7u23M%fDPux~%G}$19kd
z8qISv)?K<iQU_J4HsZEZXnOlD#7&D3IU8cdy@<W{AfC1(-r9i}6|?`lza8;FJL0Hz
z#33DsGusiLYDfIEEq9uM{=GOry0vYHf%S+T>k*sRBj&G1JoFgi?#B?fK8CpAF~q=Q
zh#ik1Ha~_q;W0$vF~t1G5KsOX@c{X^7IEu(#3gGHyVoLi=>9HQoBcamV9KU^*yL5E
z15P~ulD1ePTaQJBW$mTpjIR|d;1VT~CaAtu2h&Bt)XMt3UQat+gzFXUpe=)?n@>H;
z5LjA%3IRzAovebpUFu+G3oyjgasEuYlEv$%C5WDQJt>Nj7IWqvA7gWeHf7$9&KMC+
z(+73+QObB=o6GO(05Du-n!I8Nz;OU@T^+;qLjaDAiDAc3fd4Iv;r2p+F=JzRq!8fW
z$Hq`70vL2-4BzGeepMdBgT(+{6)|iX4p1k>FfbfovlPS4!vT)^V>sbjfZAm-Ty!l!
z*~%DhxfUSs=NPt>1FZRT4EyQ;79NP<_8|bS12Nn;1fc6c437)}SaTqTXNLf6JP^a8
ze1I(nVkqPTY(EggarpoT55&-#53ukrF>K8T*!!0l2J!*Q--+SId;r%wF?^b&dnbl_
z3H+TH9wOfl#;|lKz?y?GoG=t%`@tBt3<WrNFox@g0=V9b;kKaw@%LhQWGKMi_hVRG
z0I=nQ7}gX3tT`ORMFju{565st0YJ@>7;Y^9==vyzPzZ4F;}}jT1nBCIVP_#g`Oz3|
zDg;<~G=>X{0Ja~E;rb$gg~wvJw+JA9EQWc*02UsP;k01@H78=&It*aVi5P~40Tg{6
zL*M|`d>+G596<T$7+N`iy{BU+aR3Xyh~awj{zVL*<^XEGjG@2-l%I{^8XjQp*%<EQ
z0k)ir;izJO^7ApY76WWKA47?}%P~AX9H2&yVg3k!H4w*zBLG~6IChQz7-fuOXaqo)
zF^(HY0K|=Pe0l`HUQ-<39s$sl7e}}RAU-ILEtdeS863yJB>>xp#PO9&0FLFyvHubP
zS3w+wkpO!O<LDX*u#k`Ap^*Tt5pis}6d*n_jvFoo=(;qHM=k|eb447dT?Vk_x;Q?0
z89;ei9N}_+QDfsc?Q(#o8{!za9N^fEaXfT6z?zCUPAdU$RmRa(0<h+$IPNO}*ise8
zaaRD;+!DuiR{$&=7suUK0Bjr|$5B@TluwA`iYoz{CdP5=l>lod#WC+HfUc==Y`zL$
z<Lz<Wa23Fo&N%j81yJLSqjeO(mSu5#aumR*2jU1<11#){WAoJjTe{-dc{M=1D~{`~
z255RPj$5w=*!W-^_mTHN9810f5Pvj|i@pP}=6~b3mAv=GvFI9rgS+C`aSecLPaM~i
zzwgBH2>JfkIF<<j$Nm<_%>qEzCviM20BkuH$M|S~z416MydGfT$OLY`9$?hy1dbX5
zP(Ch!t}y@`%?aE-24K{k2`nlDsIez-K^ee7cLMXr0&ICSfeXe0Y+RSXzOev%A5Y-8
z8vvSqmB4*B5IIj^)r|lL&m}N$BfvsAfv0Z-=$b5}i|BKWjDd21V>L2vD+g$rBI7ag
zeTs}DD*(1nk+G@*VDA(eEfoOArpUOU0-$KBjIIiRnyE4dDgYKvm2rIq;lGTVD*)nC
zWjs^?u;z9d%PRrmx69aC39xsXj2kKeYAiDLRRSEe$at_4z*Q&X*-C(8bux~;381N7
z#;ThD4q9bga1%gRqm0r`07WxoTz3<|ni(=~xe4Id3>kOd1Tbo*j0bN5SU6M0lQ#iu
zoGD{o6~MunGL}>U6gA0MUInnRNyersfW5P2Tu}v3eus?fssPs9A>)%(0LSLYSX2$r
zG*`ybYJgEKGA^tJI5<znzG{GD^JOf)8KCJd8B1>lShzq&>1KfK3uNrR8DQ_-GCob-
z?~(D)%>YF<8LhVflrNHT#Vr6`i)37L3&8e8GH$vBV9R0|^Tz>{x5~I+9KaS)#?9jZ
z_O{7*U>rbGhm0e~1H?OIEE^Bd<&?2zJiwMEGHx3Wu-7YN-mL%&m&@33E5P=EjN5Jn
zXbQ@he;Yv46EZHi4WR2MGH$*NVAM}#+)Lg!%9uX^z_nGz&;)=rzm>6X0zmnG8H*<Z
z>^&gkqKN<t3lN{41khE8`1T}#y+w%4lL59DBkrCIFzQmosv3a!HHaH(0JeV@F<t}E
zH3qSD3P971h<m319J>k8G8JId6vXn|0h*>FcHR!K@OH%h+W|(I5lg25Y_TAAlfU(d
z$EE>vH6WIlN&6#O%m4>xAa<Dn*33lQW(L^aggCAiz%>VPZ!JJm3u4i9!Ux1n(*X`X
zig;u?z}_I@C=0--FybN$Ks=1N!2+;%72*~Pz?ul+NejT19>j5V0A2rv_;ww@#$O=j
z)dOt#C1OiGz(~c98}6S2h84wztBQu?uQLFY0>CH$*mr3R0|fxU71whmGx);g`2o27
z%E>p}QhFUpR}26o_S~>9hC`LS$hQRmus-dZ3jo%oeG34<nzV200iZkW+hza=?TcZN
z?%Q^feqRhnDc?#6y-I#7=;B|l*f_6%%Wo*8uwwvla$gKPRoLtTF2A0^@(lo%H)FU!
zfh}Vo%AZmLK=+$5r0Z-Ja)N`)r{8M~09)UT;dr`WixU=c`IN2}1HgedV|cYf7fIJ)
z066ky4A;{eySU<2#s;n=Xlmf9+6%an2Cmr5<<BT=E#OKl^tqwXIH!OsnNDA73u(Sv
z3;@&KieZVazI_IOrnh2v6Zvo_R~$6n%jGNlIcNY_^i~WnRq)G5{S5$J--+QHbn^&T
zyvAteN>-W7oDj@2zRZ=Fx#C)qfk4{d$jYN9rBj-X(<nDP3b=f0A<b`^5n#((F?>Xy
zU(jUXgn6tkwTzDh*JT7KemjP{bv&ptU27<ym8>r`K0zNS?gk^k(|?TNffU>d1$Tyq
zOXz&X2+;B87`~mP^9Kc7{;WddJ(L%ut@@1sr3YeYrh_tE@oX+1#sRxdfW&^^)5@_Z
z^c$lZ|7R37YR}UPp$Pycm;ge5iQ#QVR_|V8BUiG9q+69|;mU%88n|ZT#|2#3bWSjH
zCAE|h4TZ+j1zcIZ?vuF?C>`A<0O{SYMh8jPX9C!GFor*YjC6}NTytu=asW7M0?2zW
zhW};ElmpY-28Lcs(W#u3<pG4=kKtIY90%nsu@ja&fX_!MdPVbUBzaBe1mpKriJCy#
zKM!E?)iHcX!TXW1jw|UkSvg@%o|!9KHOS0W1qT}!b7dAzs8u-xK+<l`19<T27}DFg
zY1&$nwoaecG{cadl=A3E9>CeZ#&DiSpM}t8A$9dJ?W-lsH7CWNrW-W~KzKifk7r3|
ze563duGJ?b=~@N>bbrNkq>gI_0i1k4qmH$tjuui!3*ir~rCDD~q651J0gU`0hVLo%
z>%Iame`cZ4Qo!X~3Kd&^Y!JY{4`NuS*$M{*H*xtu>}Anl05}}OfQgmAmX!Y^!sFh&
zTCQvjDSy>q3pXJ+#KLVdI10E44P2F(E34H}Q%?=o1WN|MTzF>zH=!}(`>aADU)_TN
z@;;2=gQ{(=V|JU^f+q(9bbJ`Yf6kQgd5oK8%^vL=3~=xwa0x%+g8`a9ieax(rl)|*
zuPY?~Hx?53s38D-AH}dE6;9=Yz-xv86n~r@ZY8c_2*B7;G2CoW`B|s&vySl7tnssf
zYc@S-$i_C}JBa)b0T}sl4EqhLy{Xmgjq!s5uB47)TMJtX)RfJI_1gEDg>41N7P?c1
zFKOScg^I5lnGdj`KZcKGk>3Y2@wL)y%v^CD;g?yn7<GlD?hEn(PWQ*~FOW&Enc2r_
z#_ttSNj4`bFwRRgkF5Rk0lK4#-LP=QcNY-5WZ_EY5T8p(sHb0O`;$KTMc}rQ_Rj~X
z`Xq+SO_}Xeo7z5BE?_YI#!$dbsLyDjhC-8rK&EFAd60;^849rHsu=zOQp#x{<uqw}
zWhUj+bIl951$S_ZW^o-2TxSEfqJaw-8n|vl1Gmo5z-=%zaGMM>xXp$-ZmXe@YqsT(
z8N!Q$Lji<QG2BzH>cSl?=Gc0N=~wltLtr*MzX0Hc#W8fGwz-)Tj0?0D2Y{*qfU}EZ
zINdOijW9DCvB*?v;3k-}(MRHwt^$CnW63zLnZ$<$0OiMG*hKu&%v9O4a8;%uh5{-c
zX4TlNFW`iF^?hdH3NHWU*Y;Yus$kwK(;6c!=STrS+3^@2(#4Kv3jj_ZkKq>O8;KE$
z3IW!gh~f9ihc2$zuEcqzg#ZUmC^BVSNC8y;3jwB`jN$*K=zkZrsf7Ov3jt1^ys#{i
zdUqEBSWd<8H-;2{tk&E3@A_(63Ktb{f<=98ENs_9>k8HOF9g{1*@a^>qVxGh0C}Is
zur#CmrA*74h@dxX>1qot1<CSRyx3F(aPspQR+2o75oUY^V|{@Vgb?4@Sp*P29m5B8
zagIQYJwd4>CPj$_=c}ohE!|uMVEHnJb5iY}S+ge=u4-NZb^khZ;!XQfS4d)%(?tLa
z&crZi%FN56+NKq0wyCzzR=|}tq-1ta8csuDrbQ!lCN_K+fOI~FMJCm^H)!z-_3aH@
z)uIBftVyRPb%e($UuG1Vstg6GL5{i5G|Rx1HKytpY14zl0E!ba3>$ODOu@kxZrc3?
zT$Lp?sIVw}7dU{07(+?3<JNRuRr%7mTwgdl^@GwMba4RdFowhOGUFRPJ<Z0mnFN^&
zO*MvWp8*z;_=f|qnBrJ6G{r8}YQ8oZyVP@?rVYekXBwuu!r3{#6Z*?}VkF`y4N}W!
z)XGTn7c;m+2IGHl{f7D6NrR2+H`H^742!eIMYV-BME`k!(&2GDp~Wp-)HW=lU9Bc+
zQ#8v#3^(nciWG;W-^~NOJv`3z*Gyu&hjl4kSyRqba$iXFzZl?^5pn#vA(MZ}x+!*j
ztHJ2aT9@gC#`WAb!)&h4(9Uf$n7OSaJCc7#F+kqPi_CxBfcbAQ%;q*3+PMt|Gq=v5
z*t*@t0G3PR_$H*=uNKW_H7K%jx)|W>rE&aD7F%Lvwq%pRI3rD}ErgdTU#1rteHlo=
z%2+TQ;OWZ-EF<uB${_N%eK<hp<#Bw(m_wgve}NdYhHMIMd?oWMG3B%mQ!)bJ$t&VG
zN|PrGjD2HpWl^*CIVYOf=ESynVq=1dZQDBGWMWQi+Y@6Znb>wFnAmo1-nYJ=U)8;T
zcJ1m~yLNXk^g^%aq2blYw6ohD*>lo}vfB1(R#tk^y8c*_Xbw0heja`JO`I{B_T>TU
z)Z51xQIk8f(#CRruA8Uq*3SjHH?s1L?KV^%@Kf(~{+MqI19H3hxOXILcbXv&04?@k
zn$Cjx*+ULx8V~8kV*`G`08sQmDo^^w2Fb#<iQV525)=BxPL~zF<t8#`$GU!^0B&!_
z?9?44FL7mVO#D?MQ23&T@<-zYye|VeWpdU_8I9xlSc`DsqfkZZj17HYA$+}yf#&6A
ziLL1jvTI7eZ3Bfrw>k9rIb{DDa3?%!gBTkx@CI0XPU*Xn2mbZl^xFuXTu%i>zXYh}
zGz>j(?m)qms|sePT{axjO-LMOlC)xxP2vnv<M<+6m(Lp(-0DvnAh0UI<*I>0x!_sa
zkn-FC522%gg?$L-qplNvFT+n>2QG`Bjcf(!X7c&vYk5aYZY9_{iZa5P%uuw3FSl2p
zIqxuiba$3Gn5F&lQg?(yhBNeIxmE=}R$MJS{nKnW<S*Kdbem~h9qnSXY)~ym+%09<
zx<-2$DbClUA9pLcV&UKnB{qN|m*qr7%)9N#jcxAX9yO~*dmvc;H(x%8tt%1fxJk>|
z-0dm+q*Myv#Fsv{G}86vR`uU{6L*K`%mB6?6(DGT`(TW)%s^s_hb=05Wi*@_u%rX3
z`}c=80~VP`+<_fWpfTM)=})gc_t@S~f|a)MkA^r5_6z63uFkKEDQ+&hNV*HG1(bR7
z#jdxl3=|N~9#V3erIP=St6>0ue7C)r5>EfL9kbgzSSZT$#N4bt*8m>O<&n-uPFi>l
zpHE*k0iClLeR0vacJk!49npLP*cn%V0eyI~b?iQv&B<w4WW8Q10<*vEF;Q*qQVcD>
ztp0K1TPD`lqHedxG`6}A@H>Rm=d7Al?Q;{_wp9=4IAl(b-Qp9rL8iU-|B#Juwa4H%
zWY>F;72QRNW{kQM9<!)qsr{<A_*JgSafAnuWjJ*RD+-dkMuMp28ngi0nr;Z`PYDYT
zOz^zFjJ<70vaSk&uS*xJ?%v~82v?b5t*0f)&@Uag7Vvdjkq5NbsCO708b36!sp^qw
zm|ZPABVQ>zGYJjM`>k+4rqFCkNsZ(WXLN1r+}Zv>zFnaRJG(07(746yQ2A@Xo_o$U
z)5Wcda6avN$P>W-hBf&2AKhb1{L6mgi)G?Vrp#MZt8n4r{i8M<kN`pPh0LL)K7G|P
ztM9Y~yYx}F2Do%#P1J&IsJ^+}WFw<Px|~SCt739NQw!wHj3^B1F?vI$d~XodzRt|w
z^L!$J*h|8@A$3H&aN{dn!~Kg5lL^29{_Vwvzqy2ZcIW!JlAD_;yj{6~2zWHb<oCvd
zbi0S&Rke*XhB5)1WB|OppMyjekNBf@-D!qxafT~}xy~wC&F!Dl!%Dbd9a=t&%KbHP
z`eBqm?9OpJszuGD(Y^=ap6fGGRO@;;Y|W%o97uDsr_{H0@s~Y9)`iP@Gr;#4<Kc-4
zH=2cUjX&fN#xz!x3SdQb+k=yLcm^H7dO~jInovHFES{pUaiT_4l&3V~un6p2|Ith6
z5)-4XY9hH4*VxeZ!2_~j{S<)Gi43TF<%hV-V?5NAERL^q$~8DB9{Ckp+uZ$Z#v;(2
zL6W;utqv<OOm|D8^x@POkDm5(s5C}zNmrU+&20SJ0hlR-f4NvdyyLNO&J54Y8B)^q
z&p#YDak#$VcR0TAUfbKUaF}(fa9!<2jK8-7@fi4^^JCx{vm+0$)FB@|xCPLGN6#@I
zj5Z{jH~-w)SBKpZ^_3?}>lXu}?r5BLlMyF)CjWBdD+(aB@qg)IQ1?@WYgxAX808N;
z$A76pW(=tpk;+{~O67r9-uQ5YOFT1FW2DIOnv6Ty<<4$Uhqz4h$XjV`i9R*02?M`1
ziVQgj@;bE!I@I<v33<2RV6f)LU<2lcxiK2$3xPOTqr7Zf<HT7;YN_v2T)2eNP;NM*
z5Be&DC1=xn6F*~MKVgri)mAQUOap>U@L8t)1vm+e6zik=Zf{AE>+-b**w<TLj)6H!
zeT42p;9O>r-=!7Dz&o7LgZVwEqnUm8%4ozHYEeMmjt?ZE&s?v#`nAqN_nD2wKD1BA
zss!`*3Y=Kq>>?B+9`nw2w6HR(V>dUdzM&VXJw&IvI#wUG&Y?A0pmEIhV+7xvRW3+R
zc}ro1&GQS57GW*7H}Y8k52`BY!<sw8STh{s0S;Bus~<mRncbita6!$nKwjVSXc2WI
zVty?nB*-y4KIvDZ`y(U5LBL6e!a!L2qj*Y<y(vJ-fO!WshCtsPmLJxXo|V>iQHJE(
zKzu++w1~!)R?Vo0Ff5>EOi5D~AL3^2(LRs@Bx+S1cto(P0a38e>cO%e(c@Ppb5ZZ=
z+T!<yR+?o=bg%bySJOgSb;(JYkZdvE*(>7rwpW^UhE<mqZgQsp?Rw+}TzqIrH3cJ^
zMCjh>@k25U@Ty@VnJCy_J@6s!$<d318n3GRLW&Kdy3i)fMYg1aAWna2DW9@TX9CTt
zp@3nnkEr>@>zzzf!O!|p3nIRm;M{#k?q^*}m*L;m8!fgYu3b%K&2H1O5C_BSWKXXs
zan=$IgI1H|%u=*CTF7*6L(4far;#urNraDBcgl}%*qPRrYO%9jHK&abL({l0s4y5=
z#RG_DOmU7d&U3~$^<VKaH_c~Li5D)EKI+(lg|x^gz0jE3wE@9+uj47`JwZ!@X7~~w
zk&e)`Jq81!;cg^^k}<Wj%Q}S_guuwbp@$YEz1eFYK8l7}XNm-Q{9{F2t`f@+lD&BJ
zo%J?7di}+gb1BFv&xn`%Pw(#{xCi5eDXxiD@@>(L2gVHw`%*ukZc=I7lco&6qOdlI
z4PfH(iFhf;{&Fzoq<Q45(bhz%t5+SsZrguc#E*z5Wvt3Fu=3-#-|NbWc_yKUTk@UV
zOxS!c`Bz$%Sycgu&>UXrG(ZSUJp{oR**@WD0EjAo)Z0Sb5eEX58EmO_&pYZtc}F<-
z@ACUeEnfjAU6KRlBQ4l~3ptqHP-pfZge>GZcHH{e>&%KQlp8$qt7(WasFt=0E1H>K
z;hpR{qf?QGzj#p4`L>&2#(Z;?_&cXmT@HOvnNZKeVqQ}&?2Z!1UpdHW$|$Woet_Sr
zludb~lyo@(T!g2!tp~x*k|OiTec5$iQ3PB{Y3rIM=y&6ojcJ%q7|>k>VuBTuqH|+D
z*hKD=U}rVF`3C5*o>11Iolc(FHzal)m5%t$sSFVDqDd{P<Z=?|6ZTRKSDynx3GW{}
zb3fnXx_IK^Dzu)y_4rSmBq>m5XC=wXn2{lwEn$E{>nJ5YeLgXkUZ@LckN`uY#{}cS
zaMEYy1rz=y;gP6C)NG4Dh!i-}!|lJ_?uyh)-F;PO5ibyZ5t{VR-F)^IQGS!jee!U3
z&#pN-s^G9pTxn;jpOk-w9T~>LI*NS#y)V5BC{D6H9!TeBzWc#f?{_Zt=MOL-DZAj{
zZ8){k74ks<cr2{Uzq23n3K~Sd7QJ?x{Fs)5Xkzk%<QjQZ%yHl<6o0*k;`3S~m48D)
zCE}Sgh&cujwblJ(W-IX|t-c>q%ecGGtk!<jy#B+V>H)YjP}glaWUTgdrnt?yS|{ks
zIuleht~~i!4i)cbYQN6Cc>eF!hE`dyrFE5eeF8Ls=Trs7YHw@5o?`h%)WR~aqn2Iz
z=(POOkH2J%ggA#60@V@Iz1_C)F*P^l45!Wr$`1d6UdHAF=Rw%T<tLnC`wHTcaz2^<
z%iX7i`SHmclNV#%Y#t0D+LAri@n!XTP_~qF-oSw_=_`$`LRfKZuaarr_WXeumquV1
zGWA3=XTX%>mn6E4&j`e_|BC(ITPW&IQ&!rss70W-ejc_|7qi5bzKJ)x`!88<uvEX-
zm?eDDjS+HVeafcJVG<daFO32aoqb~TY5sYpb{##b4hL(K<}HkPV(}+PsEW5P_ZE@J
zMEn3N*NuRNYXHup5g6%f^cU?Ix6F9kTTPqh?=g?faX9}3p5aHejdP!HI@ns&&kCX?
zOg4LXf`o<ibnm;*Cm%SH;%W)}i`0$;*CpJj!vvsqM9Qmu*Ir(I$F^Tv62Y;~>*pI#
zoG34_1SdR6%jarX&MXW9P#tj#3qtm9)4uNmKAVmrAWmY+8N3Bn#mx)CZs3#l-^J{p
zzp2gc&u<*pYd3`5qMWFY8xev=!#vIIghYY7%D3k?oEFa@Z8d_>%SYi$8&l`5)4KhZ
z_T;A^WgyWI)K7m+-PCK#9QUtywo2D!v$T#kQON!;dy5u@LgFt2Gg1OiPvhzy89Di-
zn70$wuvt&c%M|($)1HNeW|N-4uaf0bR%rw-2`p#?1<9q&@vU{!!_2*e&CTxcC()BM
z<<xos8OhGW)^`(21LT+=<Q$K^S?w$BgQo5Ge7EaqnDyUyUSDs!Y1OJWRy%k|d1Kq#
zo9olQx;$AXo0qKeDz0VuXSB+?LU(`;W83-hdg2)T1D+KchP0LrUhi?vv$&qX$wvc{
z`a$ax?LO`=E{44vV<KvP*F_S7f3(ZGpX;g_ST{5@J-1sn5l7h!D(=liFa7?4HOU6m
zG<nDebPIAM333NXq;Q`1=bjDHhJ1<EA#5A%?HS>de|!)#lNUJp_>dLICt3>}dV!Am
z`n!|a&f>~DEboJsYy1FZ4=8$ncXv<T_fS;L$a9A5^&vRCflb2f!j?d{LNC%DwytTE
zdP!fEmtzz=xw1;%sD+~F1y_|SsVoxLOVvv-)!jt*7pm?y6=WlQPco7E8V9LW5$B&8
z>^sY|R46n`jke=)(O~Stks{u@@7QoZ>jTt}kzBcgE7FqYp=6lLDt87PO=H>WH+WW}
ziM!P{$J2IaQH`Fzd%o}A0Ag_$=KUW#EKhDXWKPaWRUE(fuX)}8JnpJ08Q%0eIpmIF
zF!PmJ_9g4v<onkKeE@M-^MAVI)RhOyeAr><ef=1ZPMv_PZzt{T;<w$StL1=Cw-uGX
z2luvY!ra}dn@eYip|CK)RJ#PXi@|1$bbtly#rfh_gMp=`I*dTst`>=y(c^W@?0sb%
z05+AoJKU*A1$NZ!^-!i#>KA-Z?jstLxNn570bY3~VZJH0F|O4+1lKwgWjP&ZU1$6J
zE!#AU#D<^j2n{tY=PR-M25fS5FbZpx0|}KE1Z@$5j^N$h!%Gv+iwq`@n8NVcj=Cx>
zHbx1AmsBU8H(8)ZJ_zN<1#hGM()}z%R!e(~Px*AA^*-=U0^jcUKOXNdJE^2kXP3j=
zmerU~?`2by6!2Eya}Bo>j$QWUeg>C!^lw&bx9^qeR~fWAfx?+3@30|9%I}KrsLk%z
z<xD)3r*r!;Po}8MlKVr4f7Na*<wOFzdf@Zls)An1e<UVrohb0$`b$4eU-C;HYtEtF
zH#wA9F8!#!=eeF=kbOm!Hhqt>2zYfDtU35`B)%WW@bvfHXE*SMCa}8ki=gtO{dXJb
za*uEu+)9rW8=f+cj*sjSk6fEg)zdHYIV#n*Wp?)SKh^DXY~<Ai<eE9uJG7cB)jLF+
zS2a51o1fL6f7rxT+=bfc_szXj*q5&e&i^R$NVc&o^QgDcEcXbpX{q!`wYe|9W11(?
zIE9~YpEI;;(pXh(_O4+1a!NZtp>k?6U!!^oJMW-*$~=FjcB)$;RI!3t;U1%MUHP-v
z=2~61VC73icK*tr3jN|0<cjs075$3!(v=o<U-f1h^<#qaJxzQ0`MvU=63vC`0^-e4
z8Xa=Ygz6po%^m6;%FT}DcV#xpWeZ$#<FzY4D#q3RH;bDx44auWGD}x5=3`Y)k>;7d
zp3=`dsGNGtpQ)Y-&vzHE6jli3>n!4N_1NfEa4R=cRS*}i;8*BZt!PxN=dGMptQW8N
zSNO{}OKbRwHP^WQA3ZZr@%aC7On80F;3EI6Yx~2fQpowc2FaRlKnUruQN7Q<xBz;L
zrQFDO$?<n0Qdk1yp^Or_IBMiU%WMlTuR=k~5seN@)17^#2Ob~XS3_Y^R6Ny53ceH6
zQ}_1VmU*x2xUl!WC;zHlQb%eoh6aMgi%OB<dzL?%MJFoh^Sqn2fr*pm^uj69aLRqD
zMGwC(<qRqZ9@*b04dwr6?!B8vxxXa&31J&P;y=K?$#%0v)@~#Dsl8Eddi&@HC!WiU
z4m_rQ$TcEssSO`TtsfQ`x+$D1lp;ANJWF$0Ag|J|?~`)R$y_9k^rR|pZGRp&Gv2c<
ztyFlr0w)8N-@ncKzz~M(&p|K0XM?p)tiZ4uFSS44vV^xXv)`)^85#+hC7Ry@Er{>t
zN1kiOlCJgNGT(yvmkos*F5gtKX+r#Cq@Gi0d#aS|I^VUqy4$OltpZt27g2eH-=U6%
zdoKkD&fjaF_OC}oT3!c47#`nwUK+O<Q*w*m`26qeUe6yby=TJ_(W9SpZzn1230uy)
zK1wRubq2-;xNw$UzWu6rA8L!ax2$|?(5~8YrMz{m&LG7kASL~>6T(4w?rHm;z2Wu#
zk+)OAE&Tpi@jlf$Fc_!)Dm}oxAtH8Kn-N$qvKDC071;Sca{e@V*5m1JaH}h#@D@0D
zKH_NkZn+<_5;$)isFZspKycPmu=+lEw{uDO@jCLJ|GG%7_IQpzQOJ_grE)#!H|V}`
z+e>==ns+_Maq(JkUBhu;$xmrG5%{3zFZQSO>SthQU}X2p&a2v8)}`T!2*doNcH8Cy
zOLm+kzu}~taPFa>h+2SC$;-CF<8b=+Wcv1E`u1k}_I~>IdHVK!`u2PJL>x!9h$Vl|
zgxg#8;fvtxqi@Oe^M|%2udXGp_d$t)2g1we4~p;iKK`Uuojs1{8|%Nd{o&%G!v%Jm
zCha#rXJsa>el8Us%yL?&JDmMpoP=8*>p{#faVcLVamD#5b6Ab4T~SENS2neIN1ea)
z;2z6=*m0!B1-qFfmuxjVGDlGMXD#hpmdkRah%>_9%~kWtcgN!g;)c`e0mpSZ-P<NC
z8Z7@gE3LinBKDxXq^C62GtRBD>elz%)sDH>{jnqz&%9I8%i2!WYtyJ*NB3vaOP+UL
z>K>Ig!*2tRzMtL*)z%{4r~HORL|+N>$lXQGL^^XVX^t-W97it4y8`>)&tNioUc`q*
zX05W`2k)5wx#S@7bHi-^d<q)NgzQXm5uxKRp<Z-m%pijul8I(_44M&!sPZnt4<Y+@
zI0Pt0^?iK48|1q)?uL8#e9%KwEQhwOj%SEB?yZ`&1tg0HpP~6*_Y+z7IWhdG#@)_7
z^>$Ee=s9Ykcr9}0A0rAS2<$^`NW);?2~zBKP=9PVL6ckD@Y2AWkRorgkzR}|w#U_!
zJ_0ulq!bdgvjLl%ODR{v%({|L7<hG*E^e5ACuJ2a!PA48kUnP`!9X^^aY;RREzaSx
zKK9mFlk5!le5c9bM-MUDeI;4&0>>+)RYx?m>Sq+Bm0vXUbX{o3K0UADWUw)am%5y&
zLm7^2B3`}Q-`tRFB3V7bKdWDWO2Z~D0_4mro3dO@4dv`08&e<R8pO-es7wHE6Y?TP
z+qWEUhGiW!koUh-I50HsSwoJHPo5+9-GnA%{{8{UwO{^vs!GNjc6og;*Qgs7)QTpr
zC09Rg!1*ac-kjtcd{v$A4RD)XORNE2eVHXO`3IvhL-xR(8dAilg~3Ws=1G^tKN*|M
zSBx*jl+CjNF=cwP^GoMw^9hebe>_&9R3WVss*^%@6=q~Lh}T8wy#|ccloWRGSVEa_
zq1z6(Q}()u2NMpM@_=Iu)q9V65Q(h@KU#};1OoZV=XVs}p$YpT-vg2rkEHS})>g2t
zEhl`!6qrnyMq(pH-mB;cfvj7czgo?#f;8ehtpQSF=>gjA;LJBhpZo(hl05pxX@!AI
zp!W&7M!w{@8)YzFX%`Y3bP1lGivlQ%b?<-1tlQ`&kvZ5)+4$+j8$YFwh7u~Inb|AZ
zkBx8s<#W~t6D-#BZB_qUP7q4(kvak;ip)l)XrEyZz6?>CQ`*Y}{W*XV1w$hC)(uUD
zh=|Pmsydbd(*OAvAC8LI=`k$j5AAR45LMfI95QFCi!A88v7>cZ8KON>48VX^0y=p6
zqBR8`%tx-)0s8e|VM^r2<CeYDrzU%(J`RI{IJb_Z1i(Oiy^r9a$M`S;>d@8-N&lO7
z&b~Q;I566C>)W5SjzOTHh_eqrzRR^1#8VL~yeXg>*30u3j@a%65m{RN8?$WTaTR3`
z%@K4J=>U|h^LMe8`1D!a&ve2LR%*Q*W}nf6THzIg{>EEhmy*+o)`eB!E&ydk^R4g_
zxH5x`Si2fAX$y|4%+9pSC2446rx%#2A-iVIr6eCP_235VqJPLbJaI6I_S2Xc*Oa9Z
zY{n8_6<~t})fEeLv!S44taH{W`F#OKV`v~FdutdxjwFx%D0f6k(66GKF3!CwI`9&~
z-ebl9r#xKM)`aGcwZaTSFTs}MszjBNKHewl(p)#tXyhI+Gp%c)ak>z8`FK8$84=(c
zq7xc`W8{cMA6lKG7Qq`8!FVi6YUBvNkpa$8pMt4#M37U?$bebmp%Kmo=gbL!mRcxD
zl*yEzZ0U>~n_+c#WjPpt&kNv6GH+Eqmfr4J5@X=M1=CZ2udfwjThr|nZ|_Eessj-F
zYZ;5tCguSi^bf6d7MK%XOkHS*ob3)yZ@02cWy3%X@Z|Zi6dv4s>xy6`(whk#q_|Lo
z4S7|$LPA`!sLs!kPO>UJYYLyX7om3O7(md6UJBgWz3Qm`p$WR1z1+R>t;z_1yxMI?
zkkxI<k)kdIVz&4X$sM3BJ!7&UgT7V2&0T{GiJ@b)Fe`!2fYNIBvG%O5H)MuJz`^Q0
zSHQD*cRxr8hfx`HBL4fg5sdCv&|M|GW>S~-FB(m#J6k_fv`-Deeg1%F_W)nCPxZka
z3&1<V8L6tjgRDk9_+Dh6%<6+pp@7fTp@pJk->_epJ}o&8zEgeLZ492XfP9>Vb+kla
zR}mvGokw&qn!|8~0G{>PeDN8UT$zn}Xv)~CjCPtKuibeg+Q05%Ag@7r7WKiTn1E+-
zQH{Fb9wnHQxX?I8V;Gta;N4(Wuo)G@g9*1$ApKK?)-Q~sXGU*Ja+PtkHg~Ag^yrUc
z1a$p#+4Mu}Q?;B7_SwW7evc|LtA_aIa>M9Px`i$#5<lEuh(wWa+0L!h(NdBXbZp`J
zBLt6sN150?F39VeNT42%8b#AKy!e|+)N@&yMbkEOGsU7qRkuZ%NTlC};!{XzLHU2M
zv}*7$N=3JTGEH?-b&pxTqc>KCIkOe~w)u)p@k7fOcOXK}cCr=ki+OdMpp?3<vSI{!
zX4S-10Iltkg^;(TLP++4;lJ02#w8uAPr)e9>k(D<Fwm#Tf}|=<u2}J;au<R%iWms|
zba=mgXyHFmQBT4rym~}~#5$K#%FS|<)F3LV!A+A)x{&zjB<+Qu?zwYcsTbKrhefE*
zx@f0WhF_ubu|%6%y7gf~RWUP)fqW4}yI|Jj7amfl%OXicwy0v1YohN^RpL=Wa|y#R
z)<u)Q9l%GlqFz;`rJ(XcHQ&+%m(*v-96URj?mGgo{9mw4i@^m{xf(S3&wzG3nQZz9
zoP{zBGWQHsfp|dC1dfF6aRY6<PmSi2mODl~Kg$wJj9~dO4A=(d9G!e0f0<B5$Ple~
zLEj!S2jdc_y@Lpu3v-Fm{v#hW_s8X%w!d`_;y>8Nr)r>T>d>osHqR#+{Tz167^1Cd
zD)3P;{0zFFZP46kD8I(S(I{jN`$M3E1gokUnbtBqLbh!qYS*}tFT3bfOyM;MRc`wy
zjo>(mp3L1>uQ?)ob^=D#Gs4t4?w0I!jcVYerP~^&XoF&ar~yHd?AAb(=qE}su>2lz
zJA&)m*?v&36DBXW*&Sz*Fl9}gE|k?esca{m#4o46dSvdJS3{iW1D#C;aWIBTIL0T>
z2xRUpc~{!MA}7E{*LT0v(FeX_?nlA%6h)pdOTC>!1(y#S4gyDM#tkC28=A~m4%y5`
zU^wC}zCZWIKdMbgW-x`E#`DeYe`b=*UhOIYSbzQq-=7b`IvH2d`<77FipiD=ROIU{
ziN2M&xH6+MdZfw|PM1<-r;MVzx}Jn!9W_xbZ2=HiN6ShjvTlgl<<H$kgu3&jHdu$_
zx`S8jz>Wn4-?a<tvHu6h9?b3!-)FhrG?sZu$`j~lgzIiEGF4ARqm$+yH1>CNR5z;2
z=1XuqGg_M+zR}D09ZbY$JQXCjJOtQ3^B>uPCylPqnmKy}GZ6Xu5;NeyHT(|rv6%@r
zj5OK6#RFOIlB40r5d;nF%yYXM5(htE0C8bFc*{d**|dIGf*mWJ8<W)lL6D}^VCvd$
z4I&RO*bQJsf$hew+O%DG2$gCgWrblikd;v+TPT5#Y&I1WuOWN_4djRB1XsrG@zV@Y
z3DVE_@fmeyu<AQym$rQ!Xbn{#=D#QE^`g*X(&C{6a5xCfw+X|rZXj*Y@ROEIlwz7x
ztmy*q9JN^@C&b}x>V;zzuUgTZ*-2S9eh!T!G&@6_dAD%cet)8Grsd)15`*8YM`PWP
z%?pcSqz6TNGF=r773DxKbLKf{&vGTy(|RL}?EW6v0(Sf>^;pL~(N{Agb89(&L6Wf0
zgc^WTJ);#d@}sR4839JeF}k!3@tp#8BIb5BG$5Cr-d!%jMt*ieEG2wprTGdptvfv7
z{*!=c<*Go0g`^BF<}Zy1r5Wk6O4vr$O^X&Jd7mqhGVhkCl;Fy3*Nma%FoVVz5z<lv
zI*3|1T_+>~;#)vWR*w((I0>=_dw!#RDg~vYLksE($r^<@x$l)*4GU{xEzg+$J{ES1
zQNT=$AbbHrR*LQXld8(wh`(OsU)FzZ;ia}l4n*VLsn7ED{vKn#5YB|wVxUtz#;(Ht
zuJ)15dB*f9?sl5Cml;Q5DzY%EE{;rW;l!?&8C_y&gcf+xO};wOP@oC)u>K84{@Wc7
zxbzC0;K)Qd{R;ENET#jc4sIxG=4b`B4lXi>y^;><L{#hs?^sf95e~6nt$h)=Bo56s
zsv`hZHwyj5xT_nd?i+&1_mnxpx^M8-DPJe&Awqf*GxWAbG`%FBeJYqpvGEK0(-aqw
ziw>+lx;u9@=!7kJ$-265RahF0YeCZz>Q2kKw4++S+zg+_=T3`4_Qp%}q(v%;9~0Vn
zC?oaL5+;oEQlv@(n=G1i)yqGKkT%+2m2SCD8hOOd0=iCoc`&bb-A}x_QrYLaU=|&~
z9g;ID$=7)0iit!V6BszU;#?-hel%?!%(_V~5e4YT(G$Ln`e8_O6Nk}cOldEo?WtIA
zPH9zFC0gCSE4p*FzS#i6M{l0zHp*o=)<51jgLL)!C}?#sY0x1`D#y-;A+$@1BIG?T
z;C)<Fh+uB$z60HbiRsXhj}Doprm@gW|1vk+U6=9k=fbZ`rR$Pv2Rxe;FZTX{bP39a
zI!T1@f$pgGqRq%u#pcz_4}#2Gj-``=YMS5=FKTg>A|#f?7ylSPyRftXDq%E=8T#pe
z^NZaM$h8%HHGnlT{2Y<j996NY5ww~lnesx0e=c_&W0uEjW%%z@GI9GG;BJ1H!kR^A
zI2G#dXsSZu%lA!Hz>@7)BV$Hx)MnGx@0@zEt(a|3mLN_31J60x9zzd+t3VvAkAVr4
zVn#%nTGl@gpL?yNP|pr^$&GfpzaExfKSI#=C_u}gw6-^10;w<H4EkCJF+wkpB3?M;
zzIb=brafo4WA^r+n-D{NGyIL8H-5aZq0*jHjc05_5WEa1t7S<&jW4>9)!0y=_c63+
zoI35|Sg-dnx=5RVdTj;6Nx1YtU7^()=kHqW0h&tI4&&{HP35YSL9I>55V+SnWTZ0V
z1}5tmV^>Ij8Q+P->0PYSOn(K=i3DltfiYBw3hOQ03%EZ@ZLO<!<hTAz3_nS^<w$v2
zC+n3K+Cvw*ua)Egm*p5`$GFK4zCwx0A(yaF1ZACPpsx0skL|p4G}<CK@ns4+(q)m-
z#79l)G^05M{4O_LNVb4nt8FCJSkBy9b}C0YH7ke7qDF1PF|PPc#C2Y)H5o|H^kDkD
zwjwx@xWC&(DJE#a@QU!j6#+1FiD6rbo2({?_Er)=W>>6`F=<U8<Fyb9UV7{`5RQCx
z0E$lbcb24Kb7{eW@FZJC)C<MGfLp8T0>bz!FuS`~)d~Vxu@su<$g0&r6K#CTl@lus
zw3hM@D7v_^eBDwIUEGLe^aAQUc!c>D>-hK%JYqVGipZC6ECe2LxL(B~yZVa^wjs;s
zl#plTEsEv)^7LJZt|oj@AgL^vWkS~eXdQe_gAA?OC+miMj4QXA879MqdP;zbCToLQ
z#La`N^6!RKBe<L?gmg-VR0EB8TQ_RoL}N5)F1BFkMvI~bq$*HcrATESh2a1k5nC2L
zYE<%qsC-La-J8k#{TWQFx%a&Av;{6JBn$p}=R!6|Cn~I_#R~f5jzb?_U9O(K_kD(2
zUIA+aw{cJFu@9mmIy2F>>yUd7B^GAzSZB1=1}-Z-e`^ERYs`O~!+*E=8RtH0LN+I_
z-kAInNQUEV`6*(my2OL~u)XXZkKV8yI=58dK)GdIx(wEqFD1o)wmbyK&XykSaS2xS
zIo(YkiwGf94Guc92<V~>Tf&7-b=jc_Di7JF)xJQ|=Ir@+g+a&a&fuq%;SWQ*>r6su
z%3tO$`a=>c9Z&#j8Y}9qD|_!NI70DtKpPUh%!IwU;UF`0ih#cHd!i>Z4eiWXLLTCk
zHXt<snnfoqmVwx*hmMJvf})47+GqX9Od~tHPZ-HeD>@w(35U`sYH`!S1A^Y`BBVoU
zEVY>50~0zO_>qRRN^4f3@CpCjjtKW^3!`ID+#&SZP>5MMh+&ekcXAjtf84_c6M}p=
zzcWcrB31;I2->$`9^mI4Q+mIix{+m(o7ye8`Dk)~Ntl`g`meI~-cSvN#rkEyqy;o~
z!cVyxu;ghs@FVFdor?-BXarV`QlNCkH@~s>QjxNKL-)2L{@XB~DRUXA1a`H2z~INb
zLj`4Y%=FlT#=4v_Pk-$NoG%~Bxm@#N=Sru7#xd3X-aL4x1ZCCtJ|CABgIyWI!b7Xs
zzJsrCin<Tkg?na08Q<{7`S?JbldQ^9F>Z(eK{CzT40nKXBFvDuEx=)T?5$4>QmUny
zpf%ZiNMGK?(j}^@TbsP<&euCzH3;+0k@3ER_Z}<7zP0_L(9)tC-oB_1*S@HaPBzOx
zG7MXNzY0nhX1;&f^9GmXj_#`q=mOH6^@OGM7LbRcaVKeA(bCrlhmg`ZeVxBpMBeLV
z>=eNbAr-q}l6Jlf1&yg+3i6Pmr{WGNaLBVm3htAFs``KaTGy%V_b8b=uI&rzzk^q{
zj5jEzfb^e0{O+9Y5y;qR3=YDu6@+QYfar-omVW7Fi4K9`R6Y_n!&>$jsX8Pj)?I5I
zz)?Sx@b`5l;?O@cGzm(DR>LQmO8mga!=rGi5(;A@-(2|@i7vUY;m%et=VJ+&DoF9E
znXe(RN+`~;JtaYIim2Gvp@9Q3=~V9PC@VqhG<}(Dw#wIS!ba@se>xrqM=1eU5>p~N
zU0|jPIv&5mdOK5296MB;v18Ppx$N?jVW>>Mbo~T>;GJF*GeKljgo29r$iJJ!GD`eV
zfFfV>yJCz~?t?_E1sf|Dm0vZ~C=xE*&$a`Y)FkvbTs;HxG&*l?e~1TB#?3d;T_S-J
zJK-BM6N?@d=YiVuO`>}~aaB+uNC%JeR%Df$jg2tuP~gqHLKf_ZgamLCqom(MYayMA
z+XSc=lbA$M?EYP!hKye|dsn#ySWq}$8kPWq2syxW<%z*(Px2UOHFCkLyRv~CKr1cQ
z!FE6nC`G4?#W*A|bb-?@*B@vP2a^@<6&TqBcm%NQgQ^(GZLWCc^c{$_YU#O%X%SkB
zz-c~<QC3!;EAM(^>>zpq4^M97j(Z}4J*+-%W~@GxY&eP33{0yfY+}<sW|U6FzMr!?
zW;qwLbwRkZb#PKZi#;J?ptQxBQ*Zj?OB;lNqnhWh)NWKPxM@WX7dBF9?New05489=
z;P@B^?AFD5Ze-t05aEzWlYgs0hqg|xEG7{>4!)tj#+)fVDM=Gvh1$sgrh5y|Sbn8G
zyf!8|#N4OxcW_M<PR&N;Mdx$EL|ZriX$2eYfb;#kmtbAEM097gMA46g2+2Q?prN0i
z&|WKLt@jRSeEz_mAPY)D1)M2E8Q91|ee8ZCm7T&!pk`!R_3m_;LT#WV^T4sE8Y(~y
z+!X_bG7=IuktwNAnJB4PiUoPEEAE=C?q`rKy3?V(*lkyV8)MRf5SHs$7>LMqfdN==
z?<q6rVQf$i0^Yki4hkLHs)QKreaj5$AHx|1<nZwm%8X>SlE_T>rDJem1xyh}Jf%H~
zapV<J*l?Uz>_J{%DZrfl?BS8;w(d6)v+14;?jPG$1(x+qX6w^g-kyW}I{o~?(~Nts
z5&WSPEnkW6HaZ|yy0YF=Y*^#Q8@mcZ!kUd==rB(E6T=QqrHAIPwKy8=<Ec*vI@hh^
zm$Zb^9;)zvE@_7)y2K-NrFqJge9hMy#mOv}sAQ$XQZ$*sWe?hL+(ed8OAmB#&GX#W
zB3ns*wC3}9w&EinQ<kqwWXcf4oc0(~zF%MM#E$SV4rpK8=(8%w8B_M0>qzXsH4m7<
zdevnCj1*il;@JV0TBe9$v=R6~b|c3HuW6adw@b<fh!SuO5-X_2zK-l@#Ej*BSO$DC
zAY=~Nt?!0*g3YJeMxV38SehwHkGj5RRhWF{n=d2d)3Bl9(~#43spy!XD7Bdl%BpbV
z<D35l?NYJd0T9MwUW1lkF}ILH+`_0#zaPL^p;{QwBgb3s-M&{D)Nh$(Hm{BVZ`^p#
zqOCL1MQT_Z=b7^Q5MRG3jG2Tv7*$6=PK&5keq&gH;{4}v$b6!jNdL892?+2Pw6Hnq
zK*z6p(wZjWo|tXK&V8<O^&Go(DY)l2|EVP%b2Nl$;VZMO|FlYxh#(iZO7+TQR>*|5
z&SZ(OnmXI5EK?D7^M|IG#UcUf+;~ITBuQx1sG-Y;J^x9Vj+|EV#4;VrGEuf4xM#nt
z8s*g%6d{f*(YXNbC#-r@6YDR^vch()u`c(2AlR$51Kucg<3>1`zxhijbf89T48JfI
zbUl;om4>A-zhGU@n%p_OvZDD1Jz4{O7iZFV(sLcqUe^gB+S8-j7q>rF!fK7^5Ow?Y
z9_;r@o>iD%YFu;<f1k@&AcYMRLJq!-QTo#ue8qF!l8y%JF_1M*TDfd>f8YI`!|Sq@
z7c!Ce+Z8eBU^d*lh)TsPBsaJ|VWR<i>RnDmg~b2Q1*2^-m+yF;Y=+JN53;wHoDlNt
zs}~Ma;nb`(!njLOj)QDU!A0pZ)>@30&gEN|^o;jgC%RuNcD(1tO>soG(GaG7`;2@z
z{|utE3bRu$Yo$(5^mESEYktb!Q*RmRUt#tmxYiy*{@$>HT*Axh#+!|&-$RsQr`5HT
z|Aq@^Sf65wf<Hz1p5w&^Sa?a#PL&=+ye`P(4S%-eb@-HvIE_RT{lHa^uSAe;t2BO*
zR5XXwBNJ)ir8RNUwN?DDvC%5?#fEaq%_f{*yw&Ve((mcM@asy(Qv*`MH=%0ChJFih
z`Wz_`<yKG}TH*bcGS8GY!-&7{OSM{oHD<n>Tw?Ofa3a=W@`@aEq1!AUE%yy$qji@N
z){kVk*GWT36e3I5T<Qf;Glx~TK&m<1Ai8-wxga`9C^e4Rb#^&)BWC={Fgg*TpM!b;
z30=90B)9xB?alesw3T^7>NtDLj3S+_DBudL#miQi9H+8`h7UfLCVAr{6}^l6V=Sfq
zeV{PmP-K7!>~k~h$qhF6hC|JJql^xGlU77@_iHrhK(k~l_2ji^q(wD_3}JH^w&0yr
zv5<?k-jVj_aW@Z?NOMWZ4(y7%@{`r#yi&2g=4X`H40AW9xtsiuom_^4zYqIH{JgNK
zv%l(_5Q&M*#pwvW+Y=iSP>GUbs!kP_hj{d93EMnq%_&-%i|uwZ<!K4)F=+{xSHeEZ
zNULzq&|ufG<EjHZ_Tp_JSXcpjg<<Y#g*s5LUAorj4aC0+xcQYloQ8InaOg~>zxfeS
zJ9adRZ+awEC-d_vcoJ?Ia}aNgu3GV=pIUXdS&u1BBqa|9xO_&-W+*572RBPRL2M7%
z7_0>qTob*CO4#W`NlbcDsx*T$O}_U%nk!sMqUa7deSS2N^*&)4+GI&kpLz@0mM<<6
zquiGJ)~K(`v`sI4&`)=7$V5kFQeBiBVM|3Nv3BnCwO?Y6S2aR~oFp-MaDzQNxVk9V
zgDUL1eqw=m>I^3TJkf-&NpOxkbU)&u>Xd<Od3CF@D!C1@3vXOMY}cNQh>Oh~4`nfI
z7Zu$~&+a_2__Q+71oi37)FhE5dVY8SGac6rqU`ik?(WnM%6{3>R3QJ!m(uV6mJfMo
zkrl1C^q|TO&A03Jr71(A+d`@8qB#{_7^*Y&jl(ru!sNdSo1Qk^60+r@vWW$cL-wU(
z`UphE(>bw!&+K{w4%tUgiRl~>S-QQb|3OeL12PANQ?mjg;$H>s=01bn;%_eE^`$NE
z(Y}qKq80<E^Ii11*N+Lv`1S6vmnS!+%nK=EN(fCixe+6joFn4CkDQ(l2jcRsH4$6<
zQ_K~Cnnv73O1TRcfE<{k@Ob;DjFZ3=FcdQjoKj0@2(0a%aIw>M{xbfe>NON#4MJNd
z<3k<I_9~qF7qK3V@KfL)63wY}Il?+!xuKUEjX6ak=p*A;%4=+^Wc;tOpeM;cLsc7`
zo%1aD<w&y$<4!kPH2;k)gEgEX%a^3*po6G}mS|@V8SFGlY1VFk0dqPOp0+!@fxe=x
zRFwPapJ13BO%K?DO<vXE+6p{FsbA01-#WAf@-m#ADOpQ>{RE6?cJ5W*5>DKb-cO8Q
za?QH2N?+Z$ozgy^cz;(yK_%u48~p*AMk@8rBUU+}`wWwPNorB4_IL1PGaHn)L`{S9
zL3jg&y9Y=g4#UbboGb<S`@14crQYNLgjmFYPj}u}d1^JKfOT^Yn1hW}RY+_{FvxAN
z94l|Kya4c8kOaEPvcSqi{Hg-kP?rK`q^Lo1{=#5<;bnk}c>BvK+xDi$1LZuOoAs;I
z1@KH;?AXIQ4^JuPT&<Q3u1!kVO3cR#LyRzEb~TS(ve#yIB$h=xn_o#`-p+hIOHoH}
zSEp8&%Pi;`eWI!ec9c(Tl!PPpYt(<kb#=QKcmEUYm@~@P7_yQ0So8F&C9^W%;&iKm
z)DKa=G}w_P_4+I=!bJ1+ukQATOkV#s#4#`xr91z?E%mxEEh4?9M1mH*k*XNf=bc#4
z3obdui)D7=YjnAtlB~fZpPTxVsOs$dy-0nnTSgVDg^uPNFVbM!MJWcp!fifoHMQet
z@HC}H&ADUb-x?O7TXSUqp59IcDQvBCHbTgKdlsB)Gu&G3!kWRq;*de?<OMAA0r48I
zN7cYVC%4p5{F5?<t92hVQm}v?Dn{I=oVjqF^_0YbWn8hrs)I)6{i9g^+>J`f2tS`(
z9A`W751d_tX9kSRf}+GznjdOD%;oW~OXT!zlqn9R`BcJ`<#l6LhOXu+UpGK%^iKdT
z#v@l4(!;7g9?yBy&0%Kj?#<8A@EsXwrc*iU2ofCn<QL&5*X6<I2QIT;KaF-x&Hke%
zolO1Z4jEOP5R`&l{Kbr}m%1eM6*OJ%;;3&I*i8}<>sb!TmZBPzkgaaQRVmkEE~kHP
zEXTUj@1#ens+Szf+;K^&)m$at9``Ixz&&g7R6T4N`}bA_73P7iRqNEYy02=5JAJN`
znwfQ+7TvJe;ns_D>Dxs~9PL^9yk1lQ*qNM#Z`Mw9jxNRYPNEEnww#gmjG|1!$Blb&
zNHL3WzMMMukS*bOgRUORPDJ7e*n$GPeWTQ6HE{im)+L{)9o<qCvTdB2sVDI5(ohI|
zga7fTpUIb_;lSxdeFv98?da5mK|jjDuN=Z5Vt1QVZLycqv{Wy1=0el>OZ^Y#oYVUa
zo|%!ahV2q3o3i!q^LCN1SWJi_lf~_$=82;oV<xq{o!M8APJ}v5qQmXth|Vy#btzt@
z4Z-#^?;KeN@jc60Uf3wy*V9r8fWWTICXL>8BB!W3WktHbUqzl=giY-4_|HQPA=yE{
zyIKHttsHb~(6ldJ2)$Cg-eQ=&J@iO*(%IX6n6=ukp)UodWE6x(aeO-mdmwQ^z-o0w
zkKU)c!E78ltfgsqBW2#C?`R|EBWk&wY|uHYpt{oR;ni!%+hkY}xyRDs;T%j|W--(W
zap?>1pEqN{-VOIiWyN6fB+GL?|0_DAHjuBOs&S@ZkUv>DW4-;-Hy6Fwh|v=Y*?*=Z
z?vlOSA^wLqyjQo;hKKmLZGgMx#y<Z?&K-n|9YV|P4Lh=aibddwZmCzdbK>Q2Q|x=Z
z$td#M)i^+ac~~2^r<ks{JIO5UmnI8fNrbAcAC08%jcQmf1P&H>;w$?V{{<!E0Iu|*
zL9O{03pui~j7#>f4t1y#X;}yMDUn36Wx4QCasE|Ae$WY{=I?v`Lyy>Mke1p<%==tq
zvXp{$AjQLzPt}_-+#N5}D$twJfzi-D?GnJ2boFUD)!cHX6{jY&d)<nUCKbrIEtj?y
zV>0uj5xAhLD(OLrQuj5Hz8Q0fR-5^J+d=&-{Ev_F@(T1Pf-xuWn)8a(O}BZ&fNu=<
z*)`i}nE=+(sPjXGQI>_(e;83sxtG>Zz&(%e=Dht6@rZ!Egk8dDmSqIiS~KA>uX{<r
zwd~cWovuXSUg|DeTcCCpWgN$w8+Gq?aaoc}V<Utz(AbZe&oP+N_(CWZijj8E2kAy6
zLB77Uaa6p;Xww$RIGIwHB)D0Ve|xZfCA=9^wbce|^vHa^8OC*1D%;WC`2q0TTk;1z
zSI=KwUbF`dN0;*CQN|NqATr>~P?(U&VNR7+oDBBwoLz^CQpc+OIm92v%D(GDZK6EC
zb41tG$=h33>4Ypipk6YE`K$H4cRdUm<zPO2{>QytZ1~BSWCFJq*NScOn3=Cf^*mtx
z^&WQplP}5<iB6gi)UoY5U-|Wt9>m?#J>UI4BSkJd)^`aZu0<BLS6KGfkxiVt1MG4E
z@oB-a(DqJ0xj++<5sys8Tn;O~(J`flMGptS=$MLY;A|e*h>%jl0d5GMN6zL)mnU&A
zw`|4lH{H*@4p$Mb{@-6&V>*@#m3A3wK}$>|Uz*gHKQalHzAkIpZ^i@a>{UmopG8-E
zTjXpqv)QnWTD&oOB1$nIhra_l^zY`Er0F8oK9{f4`n9n1p53I4cR&$`oDj!(eySGR
z<HJ%Fy6PhK^&|;XkDC};ZKo^o8LJ`zzgrPy_mX-E9$T+<+0qvIs2fbKe37{=>lAi@
z?~V1!Kre(dMpfK(RD}C8m^1W1Vit#B9`~En%6{FzS#C^Ec~s>u_WmIDNjeEQfANrO
z)Kkvlos-b0tMdqnUX%SrGX+r95<Y0v>V(r9$)#7aHM$3^iVK&=UJF<11H#mc)3x{l
z|Mrv-8Tog~&TVn^$dwQJ8jGIHC#<FS`@&rQ@JV9E>NKP`2;}<p+7w|*up#CYh)g<v
z;SmgH^`M3<B69&o4%9P@<FEb}v=$goQn?4Pi{~j<x(HCuZBfkM=1N#CLc1_@67Gfd
zO)BfN?Jh0th$OO($T=fMuBB;J=ySAv_!|7}2!3<QiR4gF!L_Gk%K#d6@go1}sH<$=
zmEs;=wbmMkifp3@H_Yd``4gP?t4#H+>#bz}y*fG3&})i>py->>NTvj_!L>D00R&-Z
znjoOFJA$3*cgR{n4y1>}ex7Zki2avtp=4(pp3%M)x~J`fKflwU&BMe~;`u_N{?NKY
zBF_vp!M<X<?!`udq@Hx!Z!e~8DdbcX;1YDTbaS|670i;vxPNoFNb!zeVtDP;g}z(C
z58GDNzMX@-oT@Ezg0pENBQ?%Wtv(J#h~oUkBY|)n%Cfc2FKq$?518H(+p}SU4K4UO
z{0!gd@bi2jVKvv(dBYx-sJSP;gl7lzzkzQ$knt<(FW(kV409KSbuWDqj`;~M96PX#
z8vk1}Q6_}3Zo-;T2W49VL+tz3t=Zvf);(j>P7KIB3P7ux@Jwqj9LWrC0*8Vv7Fyh#
zT4VXXjuk+aSRXur!!)$fzU@-w76WauVV<#C9|IkoPT7{BJ&cIB<q$dYd)b!$G0-C@
zyl3{pWkdqU_JIM}P;vP@jNnb7@0nIjuV5>VlZXe!NS^B@He8-=zfGp&#g-tp3VMkh
zxu<9gDj7z<YO9OjEi{yI@j{KjK$PZ*%4cMdvonyQmwA4Ti@-thXVu(=J^?e?@kb+E
z<;+^fHcGYiiqfB)XFjgh8~?U;?VDtoq+EUR9~V?DkawD8rs(u*5ZvjZ)-l`&m(5+U
z>zrz2_<j#pUW2Y<;PUGZm$%Z@w0_V-zURX=(zN!f2)D(gyPZaeoxb2J`fD>T#7k{P
z(7RyOS{u%z=F#}IPm*Aw)X6O-cKMNDBJbr$2YKJBl>!@eo?v3eNiGngU%FKno~jb*
z-4!lQ5MYmKZcBh-<HbfCddzt;ePOp!b<Bl?d`}JKICUW_PlIkY8neRxVPSTt-OPnC
z^5Tr@dfC=1!A2%@-8jKU^%h##G!wx_`Bq=kj^oS)HL{4T<j6Qd&CG=jeVW7c1qQNm
z-mJAPBaZIvOSAa*t3}>jZU*2>VOiD2o?-z?EuU1>LlF07wT?u2_<4zMr=oyzclcJ(
zu9~Z*HE+t=77CL<(N+O|a?Fv{hjw+$fYq9<q+x_JiD~0+;c?avRQxoaHV<{-x!I_7
z9h{wpeYFaprFDXhY&}OwpL-34ZE1(WZb(lg(J6@|hP&5zwod=-C7?qyYDwL&pPq@F
zq%BIep9%%CzOSf5C82JOu76<EW*DVautnh}C7idVO%M=7|4x7$H+`Xj5AapV%v0}E
z;&&v8)RyX#mIj>|BU@UxK1%|8CHg)i*HV59RPQ4}CXEHyrG_h0ACi5*E0N4zuptMs
zVjFdE`Dyh{sx`c~hTq#Rp@2@{k<S-cNr81eR*TE&>W<AlEE<)>;Iq==CPg@?6WRaj
ztEeL(5NV}sJ*+_x5PB6}%GD{+XNn6v!AG8)VJ(a{i}MI)BM6AbsOqt4RquN*;JDRB
z-nZpFG=T_}ZZRVFNVarqerSeTy!x0KE<|7;_5EBJId>P~EnMNQ^TUB&=5UbHMG`Nq
zKGb5+3CwtxVIQ0Y)QRMWY8P=>2L_R+(8#rC$aPQz8%0~A;ZP@e;gy_3)DPy!EYnUi
z-T+_8zDCZ@1oi{*`rC!NsH*D<k8i5TJ@Q)zT*&)_p^U(#<BxV%C%eB(SnpJ{MMe3n
zi0o^Ept|?|!{AracLWjzfqi>q(%FlUWJb~j;SW6!_dzGb$mfer-*n3^7SzrbE?6T~
z&#jjQxcmepd+)hAW&1vG<Aft%@R1GWMeoJ`qX@HPa~!82L;Xhh5r>L>nZ&LK$)|@+
z2T86@p6~pf7U?+7Zd|=@HCsf;r1@35rc8WATY>SZeg%%}g<GC0z!Np(T%@C^B}AiK
z>xZ=P9bKpsD?4qjEam-;{d)8H3rhZ*4^Op(2NsM!g@t><9<TdMler&@?(QKK<T=Cl
zcHjKJ-Yi%MxJ$wLqHWlZz(fvgLzL~Ou?OBY^H_(WeL<fMMp<#>)T`Mtq)mPQ+V?S*
zZr~fePdO!oml^`<b_gb>FI<yb0{+uIGe1acMQ+EzeWM3WZ>f92IeDaYQ|$h=<G!@{
z8$uIAM9(|gZG~`9Z$b=!yO96d81p|QU1dNVOS8q@HMj(K2(H219fG^NyF+k?;O_3W
zSP1U!5FCQLzq#N0v!|=8>Qrs_=*~_T&NcJTG-~6jvRw?Yf0D?WmY&Eti`4&}3qw!9
zUfaT5*!go+9`e`;7p|mvQ395(t^<RaOR$b{kxAyRG-Rp+79C^5w@Is(|J*HI$zrvg
z8GGBb*W&f<%zN8B@gV5Q4f5bKQQ&g^N3hHT_RY__C4Ts9Eg8WiA{^Dq^H3Yi#kyT$
zaP<gmqGZ<^Iem8b<bn1~&GM<rHqeXRBQt!t6)Zz@kmvgTpJ0XDYR*>=DZC+>N=iQv
z#p%^AVaCF^?!~&@JtqV~ZgfK@e8J*f(G=++8-Q~B6`Ua-psXuJU=kk0#`n*gD$Nfc
zXW#gVaUk~J(JlMml!>>E=lB7b?9Y?)<>zlhWBVCf_#dSRh8l7X$Sz~2{{Rt0j%!HE
z`qh$KL^Yfp7#48wz!GcjVS{P7JQQ^aDTxaLQSi@6HQwUqB;W)Nb9M_8L90*D@df57
zJ{__;iW%6F4xJ1HwupamL3Y?hab;}?Y^E=WUJ>6|Ip`qNBMIomhQ~{SyQhU$0h_9q
zwJI<NPX|rlI7^P&egY5H0u1|tBHpgkkXqji=JX3B<8ZDWoF5K>qc3+HTh7D^k$21b
z%w+S-6`4a1JRhniW_SVto`N=dROHit2`yQox8fQywnU!3kf&Lq(~jhbljo8k)@y)@
zDMiG@{kHhn9q62w(JyTgw6#ISd{7RVxfckPNkuwhapCJKX`4EO!pMq6JF60d!vgnI
z%@XDC^9g5!!lR@^+pYhbg9!c?GDf>;_lEUaX5$!~S*VT@ioZH*n&*DfCZRysZh8&}
zUT0i%hb%X+@dwHptZr=YPA;iE!W!|+@Of{D>JVTfdwWp_8(+kP;do2O3Uphza%u~%
zu>o6>R`eRtQ|y^Yl<Bb=k;jLB(%k^7pZZ_egL|(C%dOkQ^<+;ARZ#YkEIzqseEaD&
z(|k8$f)DX^XBT93G_zIa&Zb75N5tWz$c4mTJ3chSXHYSb3hdBXz)!a7T6~mc-0KpY
zS=f%tq)0AI@TJN0yON#Fy_D`Mt+e>b8!sCR@COUEuhS1v(_f7OzAtnn-K<nql=4lN
z2`U(5pw{ywA*_-PXV6#FzvId@9!b-U$EjRZTv1-2k(A|4g0;%1JU=wKF6hx#ko#bk
zxT*s;I1#h$RmCZ6uZu=tT{<cz|2ot-Ytqy@dXl)8rL5EZOp*GQWPqz~Gwi<F#08A5
zQPMy?`U;s>9g@CEN_8_KVS3-3;>vSQL~!?>V$M~rKj8mhr0tr37qF_67ZiN>)a%YD
z)lKq>oBczI-Pe~@#XFQ$eEzK;Gi*>)yt_Y7f^{jYMA#}(b!w|boJT^}GbZsGZ@UZh
z*(WWq^2zwznoAS4saj3iCoV{T@WifH{u_S!Z3ebpiZt>x4+-X8)kwMr-5hVPN@e=S
zgfQJkPr&9+%X36D78wIOGJBC?in1p(4YlGfefVuFi)xK*l>E<hsf$Ayg)ClxKV091
zN}6eRB+h}onam#&6!3q<X0m_QmCd~B*r@hkX_ng+wUe)zM;IRIUD!S*O2B-+uO?rE
z7n{bi(d>QZLtP1*DgP;(`O9A{H}<43cWPv&`p09w;69R#ZjWT{`lY;)Zf~4M<Xpwv
z?2T%yl0?<rth)o!u*>h|AlRCmL^I9o%}S;=_v)k#ULt|{eW+}kN=usQxmdARekMj`
zsLc1pE|`~&BTwVd?CrN@pg_?-o2%qy2;2C^y8d}!pzFp!Fb1M#LrnmFCaQcKrT8I(
z>IM29=w9)=Tj~2gN&yEFnyQU500s7grs-etePQj^-vN8nnE_Bf(5+}yqp$YB;VDS_
zoTS)$q5>i`g!O%qPw$=WhV=t5R$A@#^)8Dk!ZOF;`h-glL|dw}UAFD&6|5Rt2l($6
z-`W6l4ic;<Ze|7{M|#37-9UN~N(~>S0HP|vU#9^G{IB%I4$xmx-_!%*Hq{LgATbvN
z-qr%5L6#&($A8vyJWn71dkeMhg8+<2yNv+I>!u2S>8>vCZ>wCQn;9f;i}VC&K5#rU
zFT6H1){S14Y$>Mr$zK!=-l_sxA>p1p+SgzFVm*?ne)58`oKr_*Aga0&-_s1hIDJ0t
zO$4BVca=1td;R5mW~O!mV0XsbsSV(at1l^D4VVd-sdfLS{&b|%0a!jH0_ZdV^v4X#
zzXW1|vZv|-0R5Zl*z!loKbsrLH?<f*=I>%&%mSi$B;Zp6W`fo@i|K&a+W@TP3*cw=
z!%pviG#p;9ihvvtZM~oOA3fFiw!we2=4^}6K>xP*Zj}a*Bmr&Z0_`iWXT|{T+Z+hR
zA3KbcYBWE@;)j%5K7}aC2b~?gYLXG`Wv;Ya9z_%3o5@de1?fX>PuBCV=@hp_{5b=q
zx=G?FQ<k#c6xyddL=q|j)T3;$Lg^Fd$@^bmN#u?|21y4fpwI~->QSJ`<VL8>H)##-
zrymGd;L=P^S6!Brm=xM4J9|ee@KmF8umM%DsrpIP?v4_-&eHbIR~s%B3rYK&up|-_
zqe&YlJM>~eQ80YiZB1dyR0<EiCw83`Ea?lUD+1b)P>PQ2et{I)Qkk2C5Y!@5LHVQz
zB445!Q%q@Mrz=jeQrVk~5atrYT(Z$U6p#h~B6|}5$<DY#fsRCy;|)38>fjhi!M`GF
z49m=bdRu%^#09|KbhaWn0PDzL?F;^$?F-;44gH5_R+PGQue{F`YqT{femVSE8ee5s
zmq&#PvA8P%wF@nmWetF`w8)l40Al{6xz~JfyMZp2-~-r>u+-M+UwOUg*Xmb+prB`d
znUz$(9AC~3ZCF74`A8)*1ITZe`&&f+AxR3myUK%`^CiVt$A5MN&_DSByF8ioj_Ag^
z<Te7CQD8Go?)^@@t`20OsZu*958#m!)v6wVHY3kIG(fUk-@r8Tfo%Ma9}oc=ev#L<
zvc|gT>B16vfc;vhaTdsi36wT<p%0*csBdE%pnmMaHyrw}pO)CrFU3#Kmw-_(>VIy@
zwRHfZt|HW{m>J+2h`ZSf0odCKX84}!r}u`glMN2|5lc?7D6K9Jp{kUV6#qN>`<R>*
z@}HWQmpy{!wbL_2C6Wzr6VgJcF96K-H(?D2fiT@Xi}!<o9e*y4MJN#FGvsC|5zq_9
z^IN0<vPW^YV>5sOZj^n00G=mb-s5Ry;A<eOA;qWzc!mhhsQ|<kDmWI<2QW)Tf>jtm
zgVL5?<v<>=qo&Czew*FzhJmT{ubp0)YrV;-ew%NCl}%*;-}8~$j3U5u3y)P>MhnQ(
zDR&CM9NtE`dQK_<sPFpv4Y21Ai!0L}1KCeeE2)?MJ3F+qw8^dlP_(jwNfj_-W-Dj;
z4-KYD$K+O*Cml-Wy>c7tvMgMoR(#D2xVB|jTY<yHWL6x+$}_;@kJ2#)0rY#QDCq%d
z9ws^mG6J)6+cqN3{9o8x+9gH}0Ds*4H;J2X1Y<O5|D~IQ3vOEh@U|5W?2`ljBnr3x
zi{D0**rf&V2f#zv0tdjXbd_8eVEVG+rD0b}#z4fmr{G#8jdc-^6gR*$pnh_RhmWWF
z3A{m%^=Q((dOuY)C(#44FClareF}h7iB<mrd)VZE-EZJ?l`^Z#gL=*QnzVqm@6AKi
zf7Y~=6aQhiD<gIn5Cjw_GNS{q_lAtv0N!ut<aO!~_g6h)8uWk@ftY^Tzq8#u46hy_
zkpRVgWWeQvHwW?TKU+-l<^PO&BR7C;cbCd*Qvx7TBzH~*Y&}SC{*#2VMkfDrK@bmT
z{14F+xqxImIf&Z1{&UT7P1`I4d}&ks?0~R03S#!E07zP)ZUH;%L4}(91~796LYQ7%
zjdkgdg_iCS03M|(y#o_@Kq+Rg30Oa4;kg6j@vL&XSpoD4aH{-I>wxJ6>?G-*a{B^f
zAbn!RTo+)UNav!w5i~PkzWlxqoCx(lP}DI|0pE@Ya+O#>TZaCe4*)8~4H;mRC$$e8
zdGz&#_rC%lI3#}mAH%1~x5ZvSo@)L7ETqLQG=MDN661ky<b_L~rvym;VjtqG%j3i7
z&&7aCfQ-)-EkMZJ9d&8|;C7nKe^l{`MO#2_f}o6%Ub@#8Pwd2L0G`ar^MFApaFk)f
z?(?7LK)50)fIO1#Rp*oCm#k9W*7S-|iFkZ-f3RJ<T{t0;*?Nf&-Is~jSzsoJxS_3r
zqx*tyFP&^Ft#*}2gh1>GNt7y$uvN61SAo#Ot=+%Q&Yzw1{Hlueqhj~Rn#*=EUHgwg
z1LX%7$#2lOR!_fJ4tOS8w(yCC;<7~sXRa11OvB}B9^IjVpBo!jHO^{wmyZM23U}@B
zb7$jjUfp#ZkPRfIoxOc(+QONMr4HwSd%?EZ0UT4C9*%$cN#~cF&A?qu;M6V3X3Lhx
zX`6#pKr8(maHoS;qOSP33^aJL?Ql_NfEzR;SZw7Gz&ck9Z!ZF$Y3}ME1%Eka5ztWa
z=CUdPq4}(Uou}?z<FmdAIT1An*9Uq16FSF0m6~eXJy%J%spkxAi--B4v%VL$W}pKz
ztDAJ?uJ`pWKoZYmQS8j7tbJ1#yIZZBk)@$Y)EC=i8uI?oUWoePFy<4Qci>fCM$jhC
zaJ|yNA^(ZrBMAc^B;L=lpB<2s;?eUYGSvDaqB#-O(|$f(RAO(C+pPq*_&Kr`F!W_i
zdpvb!jPYLL(@o)@y!YpVEDb1~T8KvCEP!jvJRg#qllq~s>ywkW!$(0@fMMk>;OnDD
zA!heya}2JWlW5lBaXQiW@s5Ug*7x^{;v6^OMgh%wJ2hKnY8FfTe*|D3YP`ScnWdP}
zY!3*|D!R*w*N0r&x7~$r*!yv|$_+FN+_c;ZK)d&+B+=g1Q-#}nDuJL0ElwoM-WT3{
zH^eij!1P0i{w*u8v872coyQRxDabWN2S^H-q3yOe^V*MG+0pRXz-#cmjIx4<ObbZ6
zo1{zd8PnX4!uF>)PvET)(gXKaGAP%w+QFIL-<sTw%nlIT)2#Dw_&CWKexibg`y)aW
z?5|iG)?W=JwNJ-KzaLaQ3-#hy9$-%p99Hz=0Sj}rg4y-piM@p>b(ZafD}^|mBeh#F
z%v^x`D^<llR563CZBkymBzv7+3X{L`;U<9k<;dFY^&#<Ab9%nN>LRmJ@b~ryprQp}
z3chx*^}&sI@%VgPeg*?ISE(RYD+&YN-oghka{|weMV^wL?>`v?)_OHjnr*3;-osZ|
zu7!$aK%K}V&ly7wd36p9uU~`p&A<zDe~~mP?WTSocP0CToMd2JXrcA`P2C1|ZjaHK
z+TsRrZjZA}`4|gZn3FxBDlBaucGcLk3S@%=j%Np@+FZD6?SKM~r`@d>_F}SL=3nrB
zwfkK{w_v#a=L+M4GZ>K$Votic<$1T9jls<|IqBN^D5n);@L%S_ktxMxuvvJ82TS0u
zRqnPtA9fJ4oC?>yZz#Vn$X?@&^WOzKwubR5^8}a?BQ@}hrS!r+wzM9e)4^uVFzo$6
z!6AQT-Y^Wv{VOxyh;>v+eco+Jd1X<Kef;I7xa5P5x#5|)bFw)osJr}hNp%>sFYQ9_
zu|6vd_I{7N{tbFiK8c2%{(OI2Y2?G5@06M~U`LBhT0{B1aBkj<rqGM_@b3f(>FI=*
z^lN5b%g!SNtS>gIDaExtqQAr4Ka|wKO%3aBuEG<idm~4=IL8xTe)+wskiKhEJs2)R
zoR=8qNtcmyqebRkny=%~+y|>04dhuth*@;5UVLF{)f+Xt-Y2nlKjwOhgd*kLn2dXe
z*-nEHd+or(;ru;5)ON7R@HIU8azR!|cZDEwsq?qD`y7&G-W-PImRkF2WEiqWO|Y@V
zE4W=?%H#=FU9R?%kIBcO<{*dAU|smvgdSU7!)6m&_G?{4lPexUQoryY7X~;V_8kYm
zEFKXdB$Ap9=L)sDt2e>EOzv}z=`WCSnlbm_92++F?d=mq<7dM{s_=oIyI;dc-@T-6
zaAUAI<JD<l-Ijkw)Zc>DRjzD(I2`RKKqbvU6epmGkYb$>(H6*Hk_D=jgeNI@Ll?u*
z&}b!4sY63^kkjE{?Hl(Z7}wF@FklhL%wJ}DKfrH&9^HO1H=pi4%i*wDN)hl;$U&L$
zHpmg@R9*k3Z}}zvw;fA@DxQY(*XC0li}=aa!xM#>%H+FD<|AEdZUMBvd#RWckFTj2
zoI(~NzQMk(l%Li|g0@y%mI74@lMu4zS3fMjRFAOJvn<-*KB-vZ)2hDWJOO_U>Q<j2
zlR9<O3DVW}2IJYrF!rIPWM*RNt)GL?o#kAN&Nrcl2W|Z%eBR}^bgKDEKIm?r!X-nD
zp?FY&|A1;IISgNxFHt}J-hpiW4N*tVG1~?D5OKS;rtN!l*qB>54*qs!E|D$@<5Gpi
z<oUOgoi({SWV^ku;yK>9Yh%3u)V~*%1qx<fE`$rGYvCQuadkf1_a!W^i@p}%X6@_T
zR1UY+QGAcSJza&-EuI9aS!R>oKd2S-E;^in-LLcApzJFme)go#Jd82GS=O%IOw+-2
zFakCA=5#z0Yo@OaBW*}+GLL2bIB<=#q^bOVzBvs<7l?m7aH7V}^rn4IG?vrCqR7L>
z#(N~E=W4V-j@&Hh)be0%hEx9%uN@;BrF546UPS7#5EOn{?(g>-!`4TW(K5Nt`X!UO
zW7OPIbvkkJc`}{9Q?PmVz016zmxCHLsJ-(>dEVG&P@pa%P)xnhAr(UtNBBp|Tg$xD
zA-eVf{EU@Y4(H=UsKT=BA~x3g#ho`gRGf+c=qcbWSU!skleFGrP_Lz64k8{&F}xi0
zfWl*CYYL4(=crw%$Vl_IZLwYsNfnv^ur6r%XhGZWPvy7_HV2IsrVj5fwyM<7f3rr8
z1Z0~vO6T1Bd@Ws?B$w=cu}2<;(8{QGwExbsX<yqE7MK*u>8ThKP<SJ-+g4GP>sIZc
zAtP&!NGhglK@(@Aw3zHqyfQ{7FB*gWUaFWcRkw+hPipoDYP0jJpb+`UtfH5E4qu6^
zGfRBWQU%Az*Q@C5r{07|X7;9-aQw8e%Z&{DW6jIkv%tH%V|a{K`DRd&hq?4ow`Chy
zr73A?=~n^Gw}5L*Pr0I6V&BV~+IoKx5`IZPL{cSUEX-j^@RcN|E&c-eHm{4J3ln0E
zu8dH_oZiEQ0M4@bU$^{fuiV4*V(5e4!SdnPu?gEHt`fV~ZPuN4iQQ72jl_9}u$46o
z_x&cf0y_ab;=6ezxJcL2YNl@?4q43vVMhsIsb-(XKf}Hj*r7hZS!QlK7Uf=MedYfd
z`Z;>Z^L4u#m1xm&<>8VHZAQ%?O!tG?8HO<^Ji2((jp31Cb}c3@@JraY!m%P08&W|9
z!C%_;o5Ow5XbJhDjEtYSbJ}4_T|o@34I2-8mp&r4S~)%bl$N)C5DWH9-+HNtqlA9L
zl3aaXxL*!&G50sQo^dH9Bp=WiOA&1JE6l|Mn^Ju7vV^8kz`f3G^pKeBM$MkQB|u!t
z&AOkTynP)P7J;zKWM<xrr~R|aYj8o%iCBk=JY{nGRV?UA@%P-v^>gA0af^F=R8aYl
zOW$ZV33JH>R{Ib+lamRXQ{$0jOa<)jP2(@G+k^OT!~3O&yZdxx&2Jp&*$uY`*icnA
zmD@1}g#o`dS6$B`BK6u;&GATAPbC{72*!V3-)PzeMf|S+OrdezdyDK5C<ud;CxY9U
z->^x9<UUT+PU4+_J^Jp#JWrTGo~x0Sxo?&{X(@6jWbyWvpet4|B&~1nW*7yjV3d?T
zOt`WaXyKNWzK24X?08A(#pAFmH}XadO6J^tZ4P|p9Ub3Bd85pI#0uMweZDF3$#ENd
ztDnCm6EnSEnp0G?5DEOonXeQ`JbOIAx2R7_9OJYG%UvYGzZam~8yvsPf>uk@hllxh
zSMwgggXc*+%$?%M0MgSmzJ5G5A)SmCizSG~YSF{T1Z1UKe8=#q^j>Mj1#KhnJPoPg
zT?TaRTk-B>I1G}F3PiD*47e#9-f30dX&Y>!--Exq-+rJ=r(Mv~6~S<)^4i3Pp*huq
z<W3kAeLp>tVm3&>b_B7piEq_oDWPUl(-ppuGkE0HKU&ZYKnH*H-)4k)XPv4`P_{x@
z=!yGv*kHTS;AV$mSGIC7h5laH_>ssa6-Tq2Ix=jM+L6WpMy-b~cTtYzJ@D&HHkwQW
zN2>0a5}_EXZw4%qD32Uda&(soj2JQSkBbu<T`_&s!*?Q7_9+Z$H*u9H*q{7LO^uLu
z21v2DP6%|T2%(e2EBirxLDKpfR`@7Kyn(7J=<dUeJ2A31&MS}+{7Uk7;K|b_qKCbK
zr@1r!ZO0#uW02cX3i=+Uh~2-Cp*s;qL1;K|91v~>$AoZ1kZuMUSa6u8{;O@AS`7r1
zXlTVkz2c8GB|-HoI|BG{UC3KqL5^xW>bO6*jLwL*(X;1%u1zUM?~0JV(f$l*`11ER
z#suP2!w^d!;(ND}#~%!XlkWt-EJr44%MTcSK)Cd<=wdNxL3nr?mEiKXF$YoiT!rE$
zEinf9b-r<Q`u;Y)sy2Yg^W240-VdTwYQtZsg>j?L^0rF^BVf~U<JAb|iTLGxqJiA0
z205)O-?O2HOr;(&GBoKI)}x92AQsO1$o|+^j?aK))&?}1@cFgm1uw6EV{n%sE`G!C
zQ40<4?t#i4l-;SZz6u|!DW}rK8&$6`R}Yn{>{SbC3b!64jf9(1lTXaALLjIt5mq8B
zt`PhJ^+*qkcYg}yXnw5kWz=wz`i-tOz31k_^4YU7W}}Y$))Y6klD=D0QBQ^4?QcvB
zf8v~~oESz~)DAKmw;oj4MM{XeJ*Pq)f|saLQ$`23A3gbgU<PF{vRJ*gr?IFbjM_*?
zNP=1>jDiiL^sz=@TkWxVpROj-bx@mAkjGV!htdw3TQw24e9PslSP@5!rTxq=4cGK<
z73I_8ea{XZ_-+wQVUg$@W@9bJ&8VLjOpaTOb#4)na&jq&rEE8gSdM};bv(+vqcd4U
zDFr{a2Jn(|Qh(m+c69f$zM1Uq`_sp3^x~qmX!-xqEv@A7>%d3RXF8*cfTTTNWQ(dO
z?$KE?ElhnV^`5iTrr@qi;hWT)Ml(E6D9Rlp#Sqj*U=5pRa}=aa{%dmc&BalWF*$dt
z%isv}o_$bnU|W{#hsH}+V?DZ_m|ZE=i*Z7N2YosGL`9<|YmoG@V->ASDMKr4YfPN*
zz?ZB&#a_aIUxbqjs$-jqZgOB7HsJUv5gm=kUnuxZT*T5Npt(6C0Lx)cNnbB51A|3Z
zB#Z~fZ|br%n(BzU=40&4@p^~JRVE2DONW-1lAs>4JeIM;<K2kaLF4^Z!uNNU7u^^i
zySQEdFN4V88arCOHzs}v-L~MRDbX^CS2<FNtFAJRot$tD2>q`^Ep)9~3f6zT{ayZu
zh-^5AeCy%=m!X&v7o|_bXy3~Al(Dhko6W;Z-X#J&ydsILO(^ROK4pEb9R9w*%^FKX
zuljzqc~DA{mO3iCsy3~4e1V6!DPSU<*+o*z>~cS7XIAUqUNdnwSaQ}kN*jxAebpV%
zbsE7_vg!9;pTDqphA5-g11ervM7<r)mS`k7OyPk~*39^5>t^@OJP)9kQU5$E#b!9Q
zc-?-(mgs#<>3q!t#>Rm@Cb5=LU7~Y2ZB^~m-k&HW^wBmB_T8CZ>va2*_}1q|tAZoX
zyA3b!Ystk&88B9hhn_VHo1ef~Qmqg=r2mgbq-<S&G48aorqN80#%;X^Al~B~PWRvM
zZB7+3cgemP<ThjVZ{qR49()=yUg+A~Z$FN3YFOy~^m^OKDx08VS%(Nst@z;Db)Wxq
zMHnPGzIM>Fj|JXQo7g;XopA5)HX9o;O|LRIJavv8|Djjwlvy=SnUcx$SY3axkfeov
zOV}go7POG04`NEtP$_FVhp?h#<XvY<Q2%=h;UepXE5+!BQCiKemtQD$;ZY7;;EK5g
z8R{9$9@yfxo0U{t{>1RWone*Y?wwm1J*ON~$Za%RN@>^qK1{kRnq?AV5Qj|pp=TJe
zJx@g03awks1~#24RiqfHZKk7C#$u%Cp<VzQA|GVY-Txldr3h?*rfY-|vKxLP!=y%6
zM5VQou6k{&Yz}GdcFF)_{p5A7f!$Wq+SAhE(+29EOEkJ`L=N1Ok*@`-&I+N$JIhqs
z(_>Wc+t}y9yyY)wI2vRZaDcSBnWwwNetwzN=4DYf)k%83PWhDW{iTFyzRmz>z?7`r
zrSr&Y1kYDfFnG0F_l%%5{bN{%X>foZ9bWc@`VA9;iPUgrpByEyFFTI*1p}hN4>u@T
zEr|x>Q9Yt&k*t+PjmjMtxC#UJSO}a+cfe|j#PIrRj>$R}CVWiewF46S_+cx|T^u2L
z{3~&%nIY;J8`)xT*C$bH4KZ7T(s_%ogbJw&z92wsT#P3Q1j6~Dizp&Ak{IPoBVUb-
z-eUCo&gz>JOgeYaQR`s#uKE2heu;@r*;8BWL8D0`$5KvTC0+JWl=dI6{<V-s<XL6A
zD4xYk{7Sg|jPBnJq28Ft_1yai(64?#dA?i*@}2e%c<<nKK=Lj}P~8{k49l`Ov};@b
zQu@{e^^@_z-T-+jTh<XI_@+;iEuBsZ0{;y!9@`EjO3-JBe&Pd<K=9ojlJugK$k7;S
z;RocR2gh}zN3-5+9JXLR_iwM3sPtj{K4Rs!4l4aPu0RuHQaRJ>?&aU(2QZExa3~?*
z_w2Ed9WxWP{ThsC#f@J?EY1ws`iQw*?tSG_?MxUD%X*<gDigs!{8<y!Hl8k8cKBV;
zw|<6dhK~F0lm8YI?xBIhT*ZGoBKM5b3vH&!z$<Ammdwy0ouFo9^bhR!W<tn~o73u*
z?B@xhZ1jR!;+UOb!^el4=!<4zKplmsVqxqKa=cMaH*{s+Aho5v!>Illjy+qr2(8g1
zdu7c|7#F^?se>*b)>QO@i(8Ov)~=L~Qx+B)6?k+My%QT0P)K$aEz4pXsvbSUP0wgL
zDS+mDfx-P(Q3fd{68vb4QVS1q+$7ZAJ``q=Ii#%L%##vEKW^5C#iVAx;cKOBP-tmb
zw{!Yd$TJ@d({P3#W-`YN_6>HWN81*c)g0P>>TH;_emF-c8S*`7v^zXuQ>m{-3$BR)
z7PFBcmSg^O0?RQ3ci>NWy?&ow7a9s@C@z7BV;WPVZz=96XAhEM9Izk|6;KprVD6L~
zl4-CFdAB(5)ElpISj3URQ$jDiwqZs`jLIN<v*F5-L9NR6w8apVP;<xZBI>;X>3q3s
z$<R$y^+@~?8MbYFzZF7@<BJ`*>Ju3kGQ!>SI75x%Jv3^ET2Rb9oN>rn0QL2wuER)0
z_}iYLcecjNxl=s@O81mjUNA&<Ly%1?lhQhE5Og}}^65t?OZlo58Ikz5r`Q);LP8wJ
z$F8qcn~6i|ee-Z1Q6VhgJ6<msch<%JgNrUt7%A+*{OCO1@LQHppH@&oS;^fSCgRKZ
z)EfR)TdT%;z0{+!YWxe)5vRZ<u(rc3Wqe3r6gZi4w6`n&1{!KV(Vv%xJdV3K^gmF}
zP_7Z|m*X(r>ipF#GhGaK8eDf(*N$4><F7($>GL0TEHNu>JjUj_RelRyJ5my#BA`!e
zp;MV|ebI7?iX|&xg(AV*#ewbLbQ3XakV(*6YL|!~m$rtvog<fBI%VQ3X8p0O^~E;D
zeNYj5tj4WOFEIIUGj1ma)T<UrfZB1TnbXLb&Ao2m#-9YT$XL8Ra-6q6aCy{^t&2md
zjgFb=%{B9_r`LPp2J{a&K=WS3#1queT7ww78~<mmwUg@mFqEAxG&~Ela17&Ki=99&
zSQloq-FphyHkIZ2=_*tw`z#EacZgL<;$Es95lE4s?_Azc8`BP~#i2gVqq|Bxjy*_J
zp43x*OuZG`q=0^ye*LFzS;40jL^_gdcbMRA_(d*U4(1Tc4y>Nu_qOJl7OM7tw9M#@
zm>jmch*|vo(65%{{0xRiWoiut^4>pLxDbOCQ6F10>aFsG#!V0Y*hkc##fl%m!Pv=K
zZ?)>Thn-)El4r|>)`wvBCHE5Xa)hDC_q&X{XUt&z;Rx&FYZI*wi^_wW3jK?}2Q_iK
zZltVA<3N`-y1tuJdQ}=}yN*IO*|#po{vdYM-AV+*86r5@cl+VKGJ~WMJ+iz`#s<Id
zAfobEeLTEOP?C|b>>8C7-7}R+!K|BX=z`ITx7{Qzf$&pQrdxCA%-oj)9);S<FUvPb
zO~LhK-3moBiS&5?UeGU3yKc$kfQ4+Sj#(3vTz(0RpweCoh4Ff7C4b1n0Yxv%=Fw?x
zsmvNr_Tcc4rK4k?hALucDRL_6XA3jDmvcxi8j}r58~ZZmfJ4?``s96ReE{O|qKG0~
zTT5W9aU2QF;WeK<3sMp_ybp7Q&l#2DgI$P$ZeM)i!jzq(iR_nI6$a$Cendv2y2$D^
zm`z>bGYw-Vc6k1X)_&cZogs}KFCT)5E*O=%pzu8VdAr--mTMU@w$|TWzC{{SLpD3W
zb-W#ZOyl0MX}Sn+YxqM=|GI0+XVxgf`U`3dn~XIVUiK5lrPo&@Uz_%Z7LDG~BgDn(
z%8#E*N>s%H&kl3Jxr=U5qru1W<~_taG4SPRQ{1Ge!62fF8-}q6tW@gXs<$M!Y-$$B
z*HA0PSVktoxUL;GO{8|osi!qOW7P8_$w|#7g2wlJ>I)zXX{inK^9+xc@S2(y6BGx?
z#dXVJ{%&L>`y!%SJG-4FPBbd8Vv`R=0`3(FzQf-2z9G&vRu3D*oHgsAPebu>#qqT=
zFY4_&?7VfH#<kN@0h3!ISFZEi*7_<&C<g++RFjW!i>KsN6aU%o0n0cb&KXSx*Ee~l
z<0to-dLqwDf_LU~ns=8gDZa{${hMjb_5Rp%cJCD_zQXp|ODota=oh=9I)7az>#K9l
z$mXY1h+a);sbh_xW}+<{SchiFqc%H7KcC}meYt-Q7_vL(j`afFGsOI}>p>`v`eMKA
zBT9%2^<mG`yW-gWJJPhqkFb}yyR=^qI*5!UB+t_yJwkhkS`1K5p%kd$FwKe$h_~S-
z+~@p(5`CVf$q(Zue1i#7b9?Z;-9{<O;qcn=9=Z)&PSINB6kgBm-+XCghLAT<M!5!y
z8F%oSi9Sw{G<ieX$}-QSvWQiCf_I*N?>w33V6;?wo5V0+0u_y;2Q>(^qx47%5EB-R
z_$Fqw2~Mg5;5zi$24|R9+M^#JTo{|-#qo{{jTb?ydZbN=P`F)XGM>{Xhg->Y4^&m-
z(!I^g?;1Ra;wG+)@Z)Qh=Wcem?N!mO<)WMh2a`<E-ff88o6z0Z>I`(#50R+V>3n1q
zuJrJH))b*0VW)a6p_m#XHMC6dqFn>|wL6o~T=33PubVO~1!)rBHf0AoZRh9GT*Jim
zS~ww9V%RaQwHC`RE)Y;XQs>jNB3?`Tgd^_0v~wbw+o_r!%A#sBWf#t))Zx|Pnm@m2
zF03l=ys7;Nu%qBEEE6A@tjLQl5`-Y%FI|`(lD>%;-#1@4G4=|j6R{V`VX~(Rpq8~4
z%%M%oQrxXW3~U;5rkA!u;-GUn&SHnkwi+^u%a9iz$+OMW*ibPZHE;pY04siUbZRhD
zpCKTH(!3Tfd|ZI@`Ih0^&x7eEipZ^ecYnm61S2FtRybRo^xS4cMlaZM#b87=HtuDq
zJe}=5p~-B+G-EP{T9nD<7NN|SdevJOxtNqC|F(wSL;t}&6R`C}J0vVnnqU5n!noZf
z+PRxu_;xgfl?aC?J(-lKMM>(1&+XO{Xvaq?axuEdc(FpiM$=>OL=u(BhL#OiGU?bM
ztEnitfAOQoxPuRu$>ZP@dt9&MsvCQUohI!F33KURApYxFm3-yw4Q3PJtvU^+TH}jy
zCJ%3>`K~I}NKMJw>Aly&43cB_(9M22<~taLxp`!$0^U8T$j4QDTYH(>$ek5iq5gX>
z)6&P{&-L+<)H5^FK;FuEQ3?B$#Lhu8(^~%Mw44yk;z}vCypJ7U<zn{5J@Akl@mY==
zuLo*lLIQOPuFrKhjR%44+-t8V;mA~>4E9PIasT^u>^S$Z72>w>-yI~2;r^TXl3bB?
zB^Zc9P?!Do_3{)S9QssD>D#xiA<Uh^#~r)_Nk5Il0v9eERXr^Ezq#Q|Wfby?P!D$w
zR*@^`T71z}^RW05a|$l%{oT^agY}*{X*deyG0;NHxK&b4DB5%=;s+vRU05H;$I#KD
zsZx*TPu8foQJWB)!XdGiH{;0bZ0SW%d|j9cIh!}?-6?#Ik4Og19_=RNy3asq?#||F
z$JlP;b3oQPPUUCHv6-R886lr^VIo;NX3r^&k)kD@wmdg$$z4&7+E!N0oa6<&%%wiN
zoN31j=G5K)+Ilp8^2}Om<1{@!%B@P?A`X#fb}3su$2iKq?hY9X>oo5=C3n3(gLOTz
zb3Sw>+pDk|cdRe+8ZYmisJ;us$8C9Ym+husa;ooN&8UmEJ(V{<#Epamitl|q*s5ig
zUfwzJKyphj=X1Dgci6IQMcc7{yIY_g`4^!(UHRk3WQ9MISqXZ{l(^!5E}<lkUn4+Q
zeg->#ns{}mb1-H-AXvhzf=U~*S+};cS>=PteA2FzSSy39IW(q)9&>zsR@jx~W?RT*
ze+a>yTj0}_(ulLqIK1zy`<Dh8|16D!>8ujknB4}968Zn!dIfkk^;+d?Eq+%-4TOcs
zfcdG4+-ys#hQyAXl8=9U^PO90hFz)9I=@>uK|qR2Dfv%nkn`U@D;=z~`+EC)3z+`F
z5LZZf5Q<9eJo17i%K|ZyQDKa2z9!6|O9)wgV@0}K?4<8yejmTVm&bdi9>q*HC<!F=
z@n`NHZLeW8EkUR?M*9o;lSIl%m;+qV9ZX$ISr_J6Q8MFldw1nnMvY>44o<rpRinG|
z2sg$<q%dt!xAzMYgtLfKIzKin!7m8NVs_or9JR*gd((K|ZvEGuK23t1Vq@WdC2;hI
z7LE|1+F(|5A)TUNDqfcVT-lJZdG_ke5XO;lsaiOEGO)2PJRRGp#iEL45RDLSGx`Ix
z<1i1GJh>N$?I+G<cIAxhFHs{*24g$)Xc<xrM)Xm4mkC^6%anethn?-dp2c<)Oq|D}
zJ35B4wtY9Ve|HGH;QHcHRXTBgMz9l2(A+`P`q8Rk;TZgLKybSzt7uiK0c#fd{!ogW
zU8QZ3sK{`arUC1?da}j^p;>D7aH%`m>a`*#wIg<|X7XGKflvw^@z2!SMs0Cl9_`wO
zoOC>c)x`PBEQ@I~EyaZ0kfj#?nwh;_jTEMH)_VVDCk{zm_@m_6OITdc4r`~3=%2nm
z);}BJ?$6tYX<G-MCicwkoQLKjOB)c;<Y)h84_i%<81TRHZ?*C2&I_Cdy7F~9sfQWD
zi?y7TTT{mOFm6Ml&vE<H5i-Yo6>0rc3_B@&|60uWuBOFAO>pymaUvpcZNs9#@Qkp?
zUba+3?ouz8I9&0yxJS@{TMhIq$BeNX<qV=!?CDi1FEvxS0XIuy4g2P(PZzVQt}9o0
zu?9Cq5O%|F<T=Z+(_O(U-`+gbrUq4rpB|{HU9LbsS<g?W{wbZE#-}SLp+lS+rs~V0
zXi1#3fEjkbXmo6|9{lZxwAPnWcCUDom*e}?(s&f+6pNHxJV?Ib@71A%`rKj^Y4Kq^
zCIwX#EZvU5cMDtt#{>mcz$#CUaZ<0=goJpou@<{A^f6e+*O&>qZ3XcP5Ei~h=L_Li
z=TO{K7zaqs!PenzR0H#vWNQ9@SSpkr))cAxUz79Aoxvu&Ce$3PjA9aSy>DUgq*KZ`
zsYU;qW<2<0;NcBd4&L0DEy5c8!IB>VRqH5yxqdh4)I`Zc5~V&v$>hRoq&`bm2N|n_
z%N=b14`y<!Uk|#Hch5%~so|~_+R+_EG~TKQBDLdft`{AGce0wFTDgSJvYI^&8Y;mg
z-ZHXC52zSH`&2ZY()^(7gwn3RPF0v3nO{mkbW&vH>g{#$=ic4cLWuaqBn}J_nv;75
zwHd=rcYB9njspnNWR|gK{m_pg>3TQh^i{lR`SE%OYnm@(UN%c_c}2>;j`3QScuI8U
zK4CX!6WPDi<CGn|n=v|nhDr1ev=-*s_rh~-LJg)b-JNq)_WbGHB+-uvE6+ptO<1hN
zDE;dK+lCDNl2Kr?l=RtAYxq}b9w#GVudbY3l@RzYYGkI1N`Yp|q*qyD>$FIZLPY2i
zrzU-B)qGp*zc&RlJgcVWC2c14Nwz_AtD?pPCClWsU&Yv*6*<ytrpaqr#lv<gu*r9g
z@~5UrTW!*Ma&xp<3yTzbjnbR0Dos}d3=NI+F=#gG4I90!N=!Rh6}~+P_s+R^eqr&E
z%t(CbRo3eRt%uY;1vaIgGz7bE@{Wg8a9Afozt<QG!*|$e?}%3srz(0_PRzgfe1m!~
zx!p)XeLQc;`YQap;%@tKU=MV+OUCP`1v*p9S(X|beYC5)+oTAUzz*l>wGoY?`}dW5
zj_p9f(VsDaWTQ1&S)2r(MO|jCuJX=Cm@o1DI?L#2Qpv>)lEw!^B%ls)>JnPtXxpvy
z`x91=2?zHdP_u1*<A`6;uBzb`7M#D(QV*hLvXtjI#77C3Lk>hV(hjifF_Vf}VjwKA
zq$0#sq|nZSROF@w7&Bd8wCYYbc(wz$req}pM*X~+B^P#Z-VH4O7kF))t0ahtUkFyJ
zlQxcsp8xajDjk4?xDpQNd!q3ih0xasG*Ap<M%ocX<Ytor=#k5W_u1h<%Os9QSPR}`
zVEW2|TnZs6R`^#$h+23hjZ%G!^M)m0KTc6S$q`Dm`+Bi=2<CUNA)kt%tFdbUb>B&!
zD;(1mtXy1p56%?{^okGfT}CZ<4>Gc$Lh~3ocyyU42u$uCb^{-IGLQ3>K%b*-g^!3h
zt9Bdiw^m;f1WP#!@ayCUKam1n!8Io;YpuYP`L|Hikevp9k&0C&7@1to#d2kuDpofb
zx!eNuSDoJ#taQ<08!V7Z2)~0q7PW{V9klwCpr5voxUIp;bo)X8H55`F{Gx@3qeVcU
z3oF`f3^<Z%V2H&)U?#p}19Xf-Igq#bHzN?3?I|jEBbljIpCk0sfZU1$7)gB~A^|Y0
zS8sAp>R?N^kUuW?D{kXwKUBSTbjBdLa-&sspEukq9OWywCO`5EwB<6C829|oaKab2
z>O7i`N(cU_^<=$QP@0QyR9={GCnC_Rl09{W`(MI*%+At3KeVuld5LYW>gAUn`8<dg
zei`t<r9i}`^`P*;jk!6Ox?sxKSx?;1OE?5RRcHF!zIK!u<~v9_EB145$L$lVQ<?u^
z$R0-6XHV;3By?QD9*G))eN9z0(45ha`*04bugz~;>&ng`{Uew<fAU&gy56#*ld1Xe
zvlbe1XrJ_rTDVv@DEpIBh6r(L1)@y5eLww2{t{d-dvanp+l>q^p0o;Lcv_n)#y1$s
zQ?c?ny+$GuA%Bf&cOC3Iw8lJ{FlrSt4QESrmhX<-=?Fq)BIVgy2CAgE=rtC?(b{O9
z8m^m4KDMIA`6fY+lNR??MXODQe;7#Hf90A^(PPqSk!cV$SSPsP3zey(RaurRvKS-6
z$i~VtH9(tqjElBA+XzWN(^@{eht=Dv_m0`i3^0O_YmVIB2M{|EcVI30-<#xs_KPgh
zba>xtsXvGM`$aZ#w8h!7X+&4%OJ;&zu>`hfo|nRMOFv;b7i_uD3z)A1Vx|)HIxB)T
z-zQ;Uu1o$f;njjCdg){kEjh+Bd36S)?2+ZQYui-4Pikuatgl1*QOlF4%T5W;A%`)t
z?no%Zk;iS%N$HG-%T5;0q3n^)=DE?Yiw~mtXZG#a<J*@Q)z}U+Hr!y7&MsbyGLp_!
zvsCX*>{K!;{D7k>4HR$TwwvweO~0Bqj}JGH#s^<OOjT;tx(0|s<J#iZjDC2za%~Ki
zc&5gev$qQDf(>_Vg5$q-UEc;9?nRD`&hrnD?ZFd!q|`kAnbx@FL}>LNrbD000AU+j
zO?>_oa~-d2MpKd2)PQNtnzwCs&u{W=H+5EyO!95cuDlD1%YR)MR20;&C2xC>Q7x}&
zPgvMCo1HrVm!Mh=VlxEn5>eq!tAnr>Ir^-GuGCAxd|fY9UR$Y%opqZIT`!TE%9<a1
zu-VLR^oS)R8Xqbg;noMtx3Did&*N`cn)IJ3b-Fy(1D=lh%iNRt3*2=_9+=$L+Mg2s
zBbGkzeOZ<0R?il#T7>ksBNe-!{tK(k=i*Z6QV}<N2ox5!zlxn`deifFW0a|!v<iq6
zBGTsyI+Yxxk&7xkcUR)}t6Y>d=XOOpn<tKv`n)uvaw}aTbY?m9=L+*CFaP4a+xj<R
zFe(~nItOu@uJ3&ZafwNVrWrRL{8LYoIQ1pdPzg(HUIyOJ5|TEt&gl1+i={ifNvYL6
zLORYMTQ`vnaBMw&;J!(+kFSx5uGDKge7tWtTY5vUb@!WSwi&PI-PtJesUwEw)jbSB
zJ>Bw&hseza-}@$a*(1p@=ZEL$5l(Ecvl9DD2ONTIdwnmT^X`#tr`(WaW8I;B)DnJ*
zTrYJI)=eF!L*6xUT@3d*^Vr&^(99T$NmboRpM~2DUlNB=^&`A|?Yu9u$_$2h&g-ai
zk!!gI)Zu?h-+1aHo<dS)N_D0e*{b0;j$(BmtJ-(}tw5txd7HZgq@Bqkpjzc1CC|s0
z!Ua0=kp&FSM?x8Ix=+<|D$IlO(YPV9cPr^e@9#V$(*}~#Il^|IiJ-!gGp{=G^Fid3
z=|0JNP5E|dyBz$V-u*VJX}sx5w}x;VZ*1&oZX`9QA0{~2V{=vE%J;TKnv&*;w_|Io
zXlXUn-CS$@U#q$flLi}iJ8j{n%8%Nt6ZCxZ8Jl>avavRiaV!QIR~w0XWx>lr>~F`?
z-T2&<+|=j)pgaqxXVo!b-2U`!5h8G0`8OSYR8_M(fJdI)S=E|}5q^~JueSbAG~$Ta
zCTOc2dD@`t@aJa-Zg$<x!oov}_#0haJn-RAh<aVsZA<c3)9U~SXsLUf@Sz@==B^>6
z>27TwOO2a4f+mwAAP2ILA&>a5qcWp!{c<<#)nUm&)5&eRzl(RX#}HGuMN7)kcHZ(6
zO$R>{G!-QT(VPB}+@6l*ZH;57`KxHff=03CgMA~)vor#m=;}Tcc)ot1irFe8(F%yk
zJc)XQxJ1BwHbZiI94@9E$^MzZBH~p9iEB#A5RbaxFWNy(P4P#RBj1XpPpJAhk3-ip
zD5ov!xbu6J$$RC#ZP6LmSRViE*0?e2qeIWEBacB?fl?^24=bO5bEG<1$^871E$x*<
zc|2faD%Od~q1r30?0}Qo2Axgo<)&^Mucak7-lU1{tHNMi=fp?C+U|GT`Q-R|I7%Qt
z5YUB_jjltfGJ;Guu;Bn3Jg?GkD`c$kjWKnIW+ct4$TxxUwp4mNBYIw@Megag@S#SH
zo(r+p9ElsKCwSFoiWjv++~CZ?&HC$>FU>_xpP6JbJbV?kkmz$FHM6V7_~s*XeO~f#
zdSjQ3e0uIJlTUT-Sv6zWprf+UV=+CkG|5HZIxf=nhKRN@>u9EN4a`x0Ds@uOtIS#L
z{aiNo)gVO6%8>b}6(_BUnt*srBYI=7!}+HZ55dP+_{<fl<3}<99m4%+kc|uJow$*q
zr1JrhxHyke0_1Ll*k5`&r!bfC$(`<Bx}x0S&;^P=sXXNu4Ruj$(P`Rj(J+ZAFIxzo
z6j3IUQ=iC|JKWO?*XyKixxW2strIEl9{M}E0TbLKx$?x{ku{G(j1_MY5pt_<Ke_qx
zcg6fR|8T_Jal2}U8~G^YhnJSk5`PBo^p0N!!Pl$YT-emxK7vYG!i;|<52|&-JHN)D
z7fGL16t*GnAO6DU{B0n64H~-M@Q$iGX~WI^;plw79(~v`!=TyQ!vYilgEri@Jshb2
z@%}*0h3o8m&=ttY+iTeeUN;(Lb^jd4d$Pisn9tLRb0%x_$L6J_Px5H8DwOd3>B5%A
zXYyhOX1j9!0GGg{oh_4b<7sE}CVRu&k$5r{7oKk$Wd38hsAGA=M%4Mn#feze94%RZ
z$ikua>}~zF1BEeKH>gP&&*p{Voi>O_kFVP(#?8cD7QBNJ_hK?^CB`vxMf|(uk+2vs
zI}SM~ExMH#3;lHDTISh^gC_9;2BAVEX8_A`*NvON-gYjm?rq;|@YJ55BfX*|sGI~!
zi5@3guVX8^E{hrLW=AS_YnS!ew_r`(!_$8%ge0uq<3s$5@U7cvkZq*j;Jf~q6}8Yv
zzfbQ}W2YPlShrMn>H=DUxn$zDa}m_kb@bQ+3Dnv%OT!V7yuT?h7i3Sn^zo?zX{Djg
z-;lZXUg`U#aB^Yw-9W(gw1Z`vrh2-N#W07?m^Q$iR$=5ZhDL}RbFf~YmtjQzG?YLO
z-NJ`c2uS5F{Q`q4dMu>ckC%@TKp#FWZp>_?4XOUO0^_M1N(8k9)*?a1w;t<)DQqSy
zjG#w>(mbVqg3VIUUy!@)fLFRp{XDBz9Wh(inMjiQuBu^uyNUm*RI3{<ppBbL#j}BH
zeCM9+3Lj~k?<3m$fYbwg@)md^;eg~RU(0pDX!o@@rGJ&p?(4Zbfhc=HeI=(#FCqC@
z|GEv==U%rxGrgB7Gwf0Ak4qv6ojT`Z{o0b)#yL3}P-SzHGY!Vv;j`?#zT%>5ZmNZd
zo1FaR)IH3n=J=KlN>=PY5&EvHfW<p09zvW(T+NCTh^oCIjYjy@y5oz{dnUG|0EP%v
zi5qA7)zI3Pq*`<6Q1w8M^NWC!2$dThdM`Wm(Z@q?W`fZix_r^FwC-7%t*2fJ#qvNW
zk()tvigEeP{7%%Wh0#^C>sFq2IVA$k7Y>J4{jpfr5>&^MvXi@LT%$(BBL&S5U(FB6
zAJ3YdH@yY(zyn~|A1BmqomY&^-FD~SX#Sz+`FLO29TehxcXY|w(qxc+Igzr)gW9}{
zR1|6Ps1Dt!mh=@>Rtlq6r8g+ek7aUt-&X!RM&?<kyMf-;?%`Hkh=lOtZ{_)e*$wf^
zc~wrs&oqZfGe?^P(>6<LzNt7ZW|A;1uU|!OwHpcsTHpuRX!K=1H7>8Cv1tgNtplE0
zoE^dt)sMc%oFpQ+2wYp7n(r(#zFL9?kB{l@tLRd9kHj6hH$`h7Q<D*SM>el~4dW;-
zT^|we90p*MIDwB7wE+Y{4;MGIFIz<*+|GXH4htBPGb!KJSH2SG=UGcw%T)vJ&4@#3
zb-Ts3`5r6v`{}M34g=GK+Zkm<!xe}E%<SRA(FV(Pi1q;Ra=iV$+v507XK>$kuot%(
zQA3|tEhi+A#|LPOZT{!l(o2!!7PR25(`+GA(HTdgj%?V~;p$PC>6w$f=u`(c;R_y@
z0^(F~<7d9QxcO6V1}!*o#QrEglx^nFY4PF*rwngIxo+qIF@MFjz4}X>6&FO$7m|n!
zaV4L`Ty}iNc;wad@`hUxs_rW4SP#bF#pt`@>ppT%Ye4%8C}#-4lKf|72(3v=5g(R0
ze1GV#(;52kZnmN4pp&O9D?bIBJTD4z`uE=$ky&npYhH$zT|3f3C~ZtZ;<9}{{>G`Z
zjs*gybDd(xeUQ0xdyby)gjx_a=|mBW<ZjPSmfcv!>A`J_#dO?V3~@SW54hv?SZ4fF
zFMDWY4s!CD%gRhzsAJofzqrJhv`YMnC$fywoQsYY*_P*HbIWj?S?AYx<#MQ(oml6c
zRE|dPMT2(;KeCRqo^SDgI^~(~G9&zhz9nBoP!jC+(=YU;$>^aujGK2^Xsny^F;C<X
z7;dS}&7B`^0}4P$>ev?@V>JAog15#Iq(aVK$o6(7`W*1vnHW=+o$&aL;nx~Rkrw=o
zdN@0fk5&V1vSsJyF{b*E$C(#5u}xcIU%4fcv&+=9{_TgzjZJ}8=r&pD2BTYXo|aPU
zn3MeY@DaC|A87zLha~N%5gBb~h1>~E|9I!f2x*5f+Px?eH;2mt&mihnh@)4CB_reC
zhr~jkeNP|pXu*yEJnnuT)?5SV)9ENSP9=zYJ1X-RaG>YvF*YGE8(d~2Sjln9jGpX$
zE8@2;db%Jdt1Q%OIU{klLF2s#2D4{BPiBpK@tj*`^6I7>@B#UMG+hNyTV2z}H8>P^
zEfjaR;ua{b1zMbv;;tdIP^?IySSZEaiff8naF-N!DXt%V|M_P!C&``cxx3G^yH~Pz
zk3nxa*;*j9D<^@nFecLGSD+&$zs}>m=dW9TMT?{qX$$qCv923Fv!hP<6|-Nyq4$^V
zj__c;rZ3M+!85B^@SX>9n2BVuAE7cMfZi%zmi+avU*DR*zmYj;+Odry4lv&Af4&H2
z8x5&pW}iW2^LA!5|AFEnYRr8MLy2`;zQyxQA*M5$9x=vQ|E6H{a`)8b=8xl9Ip2;U
zR*2ep*`Q04e<fvzbZgKAjrvjsce&e{07W~%Nn0z7F6X<CnvVStUgp{+A;;sfFVzQH
zmw2zA{jW|tLYSJj9Vwb={CUX*?<PU+;;kL#zC)yq-h+-<#!2Q6LxNQ^Ong+Cc=Ng1
z8zyNTDA7itZ`NPYSRlK7>R+{o_PN4$ML@ygs8`DvTpvjO4v()n`oEA^!k=BLaMKf6
z>)OCN={%@9Be)>L!gY(fX~5O-x2}#?!uz%Ng<BSqz^2jp*&IdEEsC}QS3+ZLaS`!%
zkx_HwqRs?mwjBJ(#kjk`dh)&3sjzKvE538m1AD24nA0$PyP5T5Nqw$EkASd1H56|i
z`G=K~@ve%0=(Rg*VEgmduu_J%DRc~){Kp1JcA*Z{IA0BSk!^l+QnahL=ct;X(C-T1
zX{L{BFu0KoC;9oyRHGRZc-_x5jKZVg4YDY!u4Vg%U8cIwD7eG>>3eCeANewh;O7?|
zHP-Zivn5w0hT9&hOchSHRem;$ml$q{W4o5uB^iB0;kwDS9a*L^x;#KvT!a*s8Gq<f
z_~x8&RYO`h!bH$``0YX|FB&!}+s!8M@8u4d4>DwO$}Ss5XdQSKUpLSw$#9ErO=r(|
zh@a*a^=lyNDD==rE{$VZZtmU1My<>gQsmx99H<~Ovhp}|?DcqZE&N8?A*7IJZ$J!p
z-bdj!Ywe{tF2O1`L3Dq)Jz^v4WHSqRxX)&(jW68R4?ZZZC#Y4}{w#A7K*Gyk%IH*|
zc5X2>UqA}m(>d22n+|a({ahiUnbUXoJ8-)!-Vh^dpM5==u@S+ydXc&k54job9n@_<
zBbeo&Uow&9fnTNc&pVen5>VH0RoK_So;#NM37=cyt#~UwZtgqyeV)whD(H%{<XtvC
z?@GEQE^I2b?sW?KJc(OseeCpH#1u%bP;ZG^KI2ff!FVaSL$s$*RF2_%Kt)lnY+G)E
z+E5wBm#AflbumwM{Vw)Sq3E4iOF8pYB=9t67dKbRr%TrPJQCP;6n^A`9VLK5CDg()
zqXDaE#&TLB47hy<ZpTtb+fV|&_mN+*xMeERG>a@2EsBA*-wy^6O&R%gMfvQ;K-pIC
zn2#ZRiL*XLQ>QJ6i<XOW0o<|;bj6Bxti7zUIt^M7!FfxcIokUgj0Ip(DR61~d9J3b
z&Vzt+C7|<BnB?&|xxBOoffVZ+irFi0eJU#R^rp_8&dyMd_7ZB&Qr@wMQvh#WBY8;+
zu3wR`-f{*H?r;Zr^zk(MV*qcfe`S0266r||kknY8XyO((NZN11w5Y?-`S%8H4dd0t
zhE-67@PsqBdCQEs&W9SqhTPH$_MG+?1r^f^jjr6UtV-*3n_keFIaji;I`$luEwIFJ
zDhzhO7arbm2fjN&IU?CNi~Z(FFGPl2vvODF&85^vZUoK}yrBC?59rV_vd&>`KepQA
zR@z#|{ChOXB)WpRAKR~Z)unMY&)NEp$g;#VvWLt%sC~-d`bg%wcP+9q0`5gsxh~<*
zp<U(Y$lrRnPxk{ygOlkOF6xaVzosST`s}XR%xpzO%gpopss*N7WyGFf>NO#Xxafpe
zt^baHg6y_g6&gl)RPa8d=DWn%QeJa{&HamuJuAR-PU1QSw_83mU7Vcz2esY0?IXTj
z+>V~{mL*-=^glIPO1q;@twQ@AEUDKP@cfsax)+?MyX}^8+K~%Bz}FvZ@Txo`j{Pr4
zV2_pi(^oE`Dk3|0N2FQ8)%`xh*?U^NuwLuSlYWj_X{SEXPD$!>X(wxH#&^u%&#%q|
z>aD4BpOk~r7qVlkob$2)lu|zZKIscJmFMqvGGb3Il*^N;G8i0^45R-m3)5A9(t`UW
z8LBU^rPU8u78rUo@+*^+m|Y0eA7;GWXFHU&Tt!n62@|#UO&OZH+#i~n>fxL_4cXxE
z%2>!^zv$syx$A1OvMRIrzfv&h@dJE67>fky%q9i>N^$(*)+XinI4bFCKgNK{4Kg?4
z&--#B+EQBGqU>yH)}PmL!j7WBB!`Rdrj>?vb3xX$gYsw@(B&Lu;Z?039?7O;Q8uym
z6Y>ZWq!ERyd52H%^q^Y=;DTL|j|Z)v+^eHo^~)nt-YR@F;5DGGL9bZ+QAlc0&O#Dh
z(#)7zk1hb7l2^<s6@AC(dq()wGToXVu{`@T7O($r$185%1K=!r>O|gmukTTVh&8E1
zT7g~aL*3&Q6z5+%tm=}I9<rk5e&fokJL9%bFMR!DD5bw1D!lYNc>=ZNxP|F7$bAB(
z;2946)z|AsD}|ZbcKXS*tPnH*ZXuI0Ll66tYasK|^s4Zo(`!x-^s9($r+ejA{e8Si
zSab^1H0;Abs#{T?YowtWqhZBO!@Hr?x!qRUJ=Z8W`Jb-&k{3sdKAq16211IO(GBm1
z+A`Y+I%hDUtC$0i<WW-B+~9&w=m(?EhfuaF`F=kj!5~|Mt)jQweEM?DiJ8Uv9UVA;
zp0wOsVBX7Qd3C^`M0Q)}4v{4Er4x>0ys{{?KO?i|GFGvC5diwbxt4;7Xu|AyRYBlu
zs^9r3>g|c*+O8h*l`PtoG+G!*MgX@a;hUr`Ki^<D{P=Z?@YSE6qF3&FjMqnupO)4K
zX>1gKZO%dlIU^6jRA(0;VFXgcg-A3XqvX$nZ2For$pp(Pn6^X1n}9AyN$Ue`kJD9^
zpaVz7u4C9u_H4%_uTIA*HoH%FgWqati;MXxj@WlVM<8Z)Fd5vJ{Pz*c7#<m40J-J@
z>s}BL_qvu)q5Y~&Q><hX76U!KYIiOTKHS&1YNIF>!;8NVk-a5eCC|jHaaPL4*zTG<
zx#GF@BNyY%f?Ux-zR|xJikLj<XRbOT0*Pco7QGc`K7fv-@cOPgkEEN^0p5Hm51r{r
zw5NwxM|OjLnn5x1AL6+@yp%7mghvA6yUgO%8pr}MIPYMqg`Fhs7|l}nhjf@aZGu(j
z9~(D6syYQ?$V?hnH!pjCVj3Ck%<V(4>i&G76uS@${M#sV=-(xB8_8+-XLt;MNH#x%
zx1IP8rxHnEUhVWNNJ?QD>cP9{7M~l&iZM!6IwV<K&H?+iX7wE_?D0I$MH<OXNrRIg
z+5wel;j0JxXK|DM7av1XBwnDXWQI)#0d^x%e>;guJ`NHnOxujN8NX_t9P12MFDgQ_
z-=p+}68|!KE}MYAy`aQe3c?UEg+`z_sC(~R$%g)2p!BUJwj}Ez$V46^>E>2U>)#R&
z#;EW^`7WIs5IP=CjuAe|wRpEhU>cdPBZnYa3*x-lL%{ADQ=iOq4aojj%=Q(!ORoHG
z^P*b71GCD0?pb%lqJd8hL1iw_YZwwzX*+gQK)oUtHCNb0q*Fa4V^al|GQlV-AqpXU
zZtDK;2b{E~GTCi-r{<k;KJ$beTJAI(>F6qpoRR?$MK4TVzP1xN)oUa_yHe;sXR}nj
zJrDxyuXmK;K4MGd<Uq6ntYMZx4}To?)inEWe|$OM^MZ!(wzBw5k&(GsXEk8Y6MNL&
zX`lx-khjm5?pv;_VfpEeJ!le*8AQg?El6X#W>0Za+_8KK)@vKTJ{97_lCsxP+)V=B
z|7>qz=o3*oV*t6=Qb#_N+2@*NgYR;{e5bFqm8|@TEraz$mEv4+Zp?LLvw}|IxmkRL
zRxv-{nQJB5X4vGun18ZgCKbHwsta2CRA5|9koq}Xja)}jp8o0Y1a%0;7%PJ1sw+FF
zSxwzFDcR8VYv3|V-&I$2(4|j`f=d!u-}S5C{6jv|;{xXPl_TwM8FYS~T{i4$Exr1x
zag~ljhMSk=(epa;dv6wgVzAwbq=m0)U2@BRx;4;Lo7u&C8lK$h+-W{QZs$Uoc^{ux
z$-41*{9;~MNyPLs3%`56m9fVs2?4UqbSky$AJ111Mn-tUWL-pOBa?BT1y+r3v<#f+
z#ER!(?|&+BgY1e`!>jVrURjqB?YZjnX#4+?xld!jKtA=%-gnIQThMGr<rs~tK1Ncn
zq1G<L#O}U}E_=^eDgiM~<(7RcG||Ku{c`}>Ye@g(6qIoWtx;(4iqxyYOvlN87oSM>
z)r+E>i)EirS*d%UEYu_Kd#qY?Qq4$AG4f>RZbd=(=r^j?fL~I?-_zK_ABKn0>9#h9
zPhQo>b7HgR2)lZTJ0~2QejYMeUx^F-^z}%9sZ#c{7%>BL<lYhQ>4thLn=mdrqon({
zC4o3j9n|f{7od1DkW^{M7)6|Y?Bz1isb%VZ+^4IW4O$|E6^`Sv{XhogPJj<UOx6w}
z&ODY5`yl)5fo<fs{BPRE26A}1_w*|Boi`##y$B!<kQ@Pv<3(jVaqQD=hI{$0qhrnD
zNw6sst1polvdP7{3PO+7+T{6((CAmVXud<QrU^&7H)9=xYMBC*aF>(ACV7X1^h|}s
zG6Yj(yfX!F=Q8IP3*$%9nGYT)GX&kvifv<l(5wW6r4`!GXamUKoZu_a1_^9BcY9nI
z=o~l^WD4J++OX!yq`RW$)$4S*>ZCIV1qs}J?sdHp`Yr9MJ$yAl!%b`zNOdWLXA#MC
z_pTtiE+Z#QeoQWQHY!|Dj_9mxz607jk0BucOR@9&29-{1;^`%)jF{($CkUe$W%tf{
zAs8#xk%45>Waan@_Kium#06+4c(aH<rtoAxQasfnkY$nR|8o>O>fDM^=)oTmC20HM
z6J$0gQgQ4%wIlVMma=Z?pW%e&jy+b;_BQmw!yh}aG0Y-z){|TLH~{}B7(d+pwWZhY
z-xj<B_TMPYEN_Ao0uRKmE5jb(Te+#YA_sn0estjtw_SRN^DMkdcwb~i8Sf%TmNbv~
z<)5ZmcxR;vP;+MUl$%m)6}+$9-^qQV5f;dfs@vXVW_(|q@|A|CfFymzu)}dfcnp?>
zaq}U@MPa&>N%leN;4kB<o58%cZ~3{V+h_U5d%x>zzlU*{;tM|~ZgSHpT;MT!OVnvf
z`IuAKFM-LsUAJarl@27)R;chpmXhSo%y|j<+aBCCSMnP-UJfvrIq~u?kkQ(;pke5E
zOKcYxG^gqd+lr|?YzN*VnfoD!x9J+WcDB+xCQH?bh+Vz+pQYGwCXky&rMe}-ZG+=k
zfRMImL)Qw76hoYIxzNv>HIK(IZckCG7N2`9=jt@(hKM1p;_Ubb!{t%ysh*#>Ih37}
zcsufle)itH#@MBjQuD+m>!p-R<Daq3-P>Uboq77Ll72|~z*&jvt|b*`eCfSAY<PEu
zS9EwdsY26xrEwVJ$6tts8(g&s>lVLV4Zu&ypH0Ahx%ov#=3t2OrMvmpxo?7YpFaI=
z&(vk;U`U(`vFA9*Wtx?x^j}(hxpa~aP<cF8S@VksVav<%T&UR)H~3mK%Jut}Nij%e
z`mR-+?9>Z#@1&T;crBqgsy?N0?<TOJ5%}ZlM3*0%BHn<;SVk?=*t>o!=`X(3?Oy;X
zIwe{OL?(Dau1R*(^im6`y0{skwXYQMXx%c6*6(V*9Bnc5)BuFz(_V(>jQ~5A^!@Tt
zwIjFA`utL=nerlzef#eLUQ#U4)oY&pKun#j$Kt3TaX2q+3PA^10vp@BM91-%g&vSw
z4!zN!<`S1Z$*d2Qdx{wjxm9I=!f{f5oZ%7B_sIB0oi9R^M7KU%vRq^jycPrI7v!%4
zePeb+cGZjSsT?f)gKiwhi_rL;H7i+bEt)Yh@gx>m#_2^0W|JWw*8%)U1sWL97Z1B%
z>zSHamoLiUsplN@`{gBHZo76}ck3fFPo&>;&Q~yV8->*}TNs*+Fqpm<i#3flRn9Q&
zwG%5@i51KQtA(Unb*!ZD#0w=RT#)}B?jP>DVO<{P`9T%FKJbZ5;d^n^%9o<?tw#pk
z^7eJ5$Zv&F;=G^sRG$B;Qkdqlc`^rm(3qulhypp9>{@Hr;<DNP8ojoY1i6zwebPv@
zX@Xvye+QaY#0_hsv+FqLsZQm~sRSn;SCCTaItz4CW>y4?29Be9q|C3Khqd=oXUZrE
zS=wY{ZKW&PC{7+SR_E^CCK&HYW$Ny3)hyLzblq@j(c-Fia1buUp!vzZv$4b^O7#g<
zlBzM^qG4qp91}&~*8g5+eO<6AK>U)I-=R%!IB7CV`RNngxa6`L#Ydv<41Dr90Sk+;
zOLb=uO%LOJct3dpPse*~D^nw7s{V{5|CsP>ERfSr(S9OyMST|S*A4}@ACt}(@-8;(
z1y+>T=?I5Xf9={iUAKZ>;7;gcTKJ5M#h^PL1_^dXIyQ@5(Uh!&X~c$n9B<66tFvy0
z={Y)9NUlv7sQFbmT7H*#C2acXd*X{N^Hzt<&S9ZLv=v7V**^xv5|#qQy#;tDY7`kF
z3*jpcavfwz7d(#q+2I<!mELL|vDg+9%6IqP-|Et5+<eryk~>zH8zLPlcIqg`$X_r@
zl;;pIO1OS;)BmiU;i!_bQ-@+=D?aN|>{O<llIl3_RIJCwJd*t4@9*>NGxPUmTD*(a
zc1ITqX}9HTLmq|Kb-wQ_1UUSD9UV6{^S{7d_42Mbv+&@_$hnh|G|Ik>PUu(&@;(CD
z{@va(&5#u}T9D$7uOlq|k^T|ok6_Rrzxxq8;*eK;jNWH*=}OsE8vaC7ZCJUi(_J^9
z0;!h3<Cv;HN{x>a<KnVe#lh6Fp2?qr3T%8j0M)$mJ1mLUP3lsY+(I`P3bu>ke<M-$
zgXv6jqTpFszunyn?x!CbMq%=az7fWCnLzQvd+fX?ure=hR9iqr;Z1;zAqZ4qzdUps
zwA?L&e^)8zV3hlfu2|2l;}LuH0lSMVzSKoFMIL@9;a&%rvHW;A73tgVdA_gUcA+l)
z@bc~oFqOG5X8mV%%YU~<Kfc}a_T$yX#QS2pptd^gR3j?DZTx(WFk?%hUh1COy;(?!
z`8D~*6FOS_>^#`x?8WY<G<H=z<)8QbSj<>X6-V2kc>(kH6xtWIje~qN$98kqpR64e
zQV}KkV_XnKZ^zrVcXOwoVyp)fIRS;ulyO)5QgdV0e`O(v7ckIIdKfnZ@m3Tzl#19a
z0W|#d-@4DEq`SwpOa{QLKJvRfsFOjMmjRe}6xsXR319LkWvnUK?)U?{`3|=1t`S_2
zTx=7F&QJf6bq>htBRV@PjD86aVO8GEH$PI95pNwB5>?3!gF&n%Wg$^`u&ob}04rgD
zR=<E$=H9$5g<%I$7daa2sddlBw}$h%8wq422%vK5WBi8#a!d_54F;@=0-pD8)MiKV
zJ>mUzaEU!QkMdU=QaLM(yRwO*{o0faa{2+1C<DR0lN7?`19XT2oNxH=SNH(lf|-At
z|AXSHINJk)NW)EFqD*Z+vT1z0-~>1~QDWRt7+(7LjtI2ArTEi#5^jAxYs&+9Smpbt
zUu(i%6PKLet0p9+uZTHObHLx#qHaP_#b?a3ca9Ub_yNwt6M!-4Ejwe|R6F0n5x&tt
zZX3l^>sXU)ZMqTAU-UT^%3lGKJtq*+Qa&LjR@fUENIixa7=sE@4MAYb{u@<3K*(Rg
za1AJXN6!M^QqZ*{MX|uB+?ptU1(xE#NIpR5Zz$LZK)%BQF3uEm7q)XVe1Rh)Cv6P?
zMUoo8;^-MErW2%)r_<*v!si2I<;l?6cWUHBm>!mijL+N#v9^MpK<Q!6eaeGHVSOX@
zb0Y63FS9m3Uphgo$#Z*^x=!FB762Xn_rCBEP)9ss1{uG@6q1JrQ<wcWT6};sw7LGn
zUCcjq8y!{!Q*vOZ{NTUXb8^#A%2(zoxU^~O>lq4@o(915VW3j_e`8jL^`7K^Zc$t-
zC2BMY=(7M<f3+T$<bgP^7I%Y6GY}H=iWm}}*aCnU0Bkz=-?;e!GN6L@&!`wXKdcGB
z5U)b<yEONy9?;4-C%~wMlIM!wMHG%;9s)&LH^So)IIya@5x%Xo|M-nI$v%W2e#KNN
z3Ah9e_kgaeIRWI&lrQcmv}t#MR4x=Bga97*|Hkb`%IpTfn9=*jkE!-@Rd&~dO4sr4
zDDEp_tS4Fwwxd2kJOTkm1fC8QHWV^W|AOke$XaY=<YcbpKa=90d9tT?^dt&S0O&MR
zV$f7d$a)IW9NYSWps<)!ga!nmDhuJIghVU@u4qL6IZ~iws=ePQJL7#~uoW@DO6thw
z+RxzsV~To*ufEyZcbHG}()M|Lj;Y22X&4;*3T9g?#a-$Q$>Nn)82~*5@IdZXOaJZb
zV9S<5wx1CSvG$$dbJ^}Y`Ds13Gy=N4`%gc1d%qO{0J~-Q=~wH=J06Hnhm}|Gj@{f+
zA83Oi3iB0A769{=g@jN*5<fuNWd8H?d)rj@QixsS8nM1AL^N>CChbCg`X)ES`e!_%
zTOL0`0S^Y9w+r6s<8%0xPTx$a9PIGVCn$s#-*D**2Cfmid;^#T@7RcKz)Joqio)K~
z!v^K?3tz!FV1%*|T?oP|zM10Dj`Gnk#d^wR%o28Tp>b03Zs(!Dhwn7+pNJx}>M#MO
z_|gkIieCcHF|}tmH^?WoX?K08@}E`Zb^*O$M~FR7*VtDCwkRy5L_mmX`X1g_HRFXp
z3#Nv&0bnG-fB;GeeG{e3ef2-5u&$iX{tK~Q9s=IgyuH5f<ALM^n*YP%Ix*h*%nRSm
z3?fPaQF)+Pc}vm$4EqMjf3Q>A1<XV`Lza0I$p=7(>^u;iAie*jzQ<dSdd0Q6Tk>bx
zQP7>+ijD9s9ova*zWGngu~u5z$q6EA0a5#kXw|U*7=@Vr6Kh=U1MPd^dpS`;{2<o(
z^e`zH=v#(${Mdg1{MRl(Mi4-50g3#II2khsOg_=uZX?qgoIac$FE?Z?gI{4|v*uFz
z_rc|n72o))5KR#3CD0SfC1@x7I7bR6eL0b@{Bss5w;?q2d?g?J7Wwscj-Q*|$_DGc
z)tK(~$mqjx+ux(%wxn4ev%iW4FtP%OBR!FbDqbHJ9=Y8F=nEW_T4GIin$K+Vl`8J@
zB;?Km?^_2(>K;{U^ACq>1etSik(1ca6k#kj{WdXGFuRcE;7^2)0?bVxZ!#b9+>4_l
zW>UfZBVK$PM%)h7LIo$)izcTL0t37beqn&CrZ1!Ly{<!Ani`Bg5`t=g7jH>M75#PU
zq)*KCdBu)-=e6Pr1epPB))0@x01xv!m9i+?Fg7982XZR5cN3r%IG^P-XkIusmqQJ&
zq0ey{r4i!ygzWwV6IycD8b6tRF7*aZ^Q}zr74zqML*XZla6XA7NM9s`)&Nh%lKj72
z`DSjB^$Q0+(L+-!5a;{Rkp0U4polAgyo|**%7@H?A?1ROzFH1*#?yTF5I8XTCuH_d
z9hm}bCnQwW0%j>nipRcOwG~wYiPgfJq$VNuz{ShK#)AnsUTZoSznQM;)%s7voE}Fl
z4-dS)d(<xz!Y=M_#`zu#gk|-G%N(63Ccr?UcsMYI{KlFMuiiJ2zJv;6iTIy_z?fM&
zY&@e!)H1m6t6+`ssxIz-pc^ktRe6ypluYr(!}(Z}Abwzod<i5z9}-_qwe@+HZ5u(A
zeUB+t@w`^cbk&LLKM{&|PHA&s!VDt^V|9m}95tApg5tLlMDC)3qV89!)aY4-zwUS;
zPni91;Z|R>@soT5#SjC<Z^hQ`B;i~+@TyceVY*Nmt59II={V?=_CK4Pdz=d+Azf~v
zfo^FK>SGS7>?YfP^eU;ml66rqektt2CZuUq?lh<A;A=Gvy0-XFDx=5QYGa*hCJ1$E
zMp(1C)S>aHLRi+kd@HH|@~DM95&?z~DZuvAg}x9{Wg7|KpJ)GvI?<`=3PXkUtf(Bh
z1&r>B6t8c!_8;uq`H&0AlOgM#*8)_p@7J+qeP&lh??$NK9#9AW)jn=JJA8Mc=JsQ?
zwRQ`yY7cLXs)~FsNd7k9vk`9MZwWO2iRUUpPuT|y)c|Hd1s8SnS2n<}9*5DlJm;5q
zC-FQ&Khsbz3}eXYKkI#H%KqIL&zGy#L&Nd-g5&lDe2dfrdT0i{FbnoD!<{eXXhLIH
zIx-(Z!qgBy*))SbnFZsTn!TKy`BB{JcyQOynb~mbCErCmog*vul-0^qltIYs$Ztq;
zz<<NOxy^RqhkNjXO)3ai>IK_*VyMh~8l3(4x?dCvnE?hy*0T#`Cvge`qW;$0u@$z?
z6|$BhQx(b%<JXSh80c$wu+6-TWey#w>3g?@`N%)&hQl|aj5N*wj*t^oM$(Wo?#Cbf
z5*nPcCxG>VEl-*fS)WNkoJs#K01Xr&*t4Iu5+aQPF9;S~GVzbqoy?adGz<N**xOF|
zA@5RTmeCf!^=nRNA*aZm>ha>vn+yM=I~v_FzV8aIQ!8)l#_881q@Rf2_EOy_bK4mL
zzjzEwqH%VhrOAOmzCLN{7;~{#aj-yHzO7+sTflT->}F$XG%4TGL_Z=yh!E8+70c;T
z=T^l+$<)woT)}Z73SH5~a_LmXokjIa@$G8D0Vk>XC}*w_4=9!|SkMG~NMyJA7Y>Gk
z+nY<pg~Jt@Vbdj!U`{H^ieIlyxzyXEOD%Z%Ey|OWcZxn5nK8eA{W7LB7LElITAmIz
zw*6S2H!=OT@*9qn1v5U$oLuni*h2|nSBnLw+=1+nP&ZSoT*RBOMJj}V<W4${XB~;@
zA~tCjj!P|x$ozosy&j*ds@*WrLtwDou#UR;+N9Raa@cwEI~n<OYxbXlYoU7h8$N{L
zG-#sEKV&~XhD8AT<a?d(X1?>*OIUrnHkx}B$)Tjd5GyIKZ`Tp<K();}=rH_J$RXY%
zZoDvd`oX$gyH^5h+4%VOuVvoP1daiMiL#w-ihl5%!ee;^--tX&(<0+yGvd}YdvZ29
z7w0BauJl&?NB}XNPcyg2;NqQd`nKG`KDDOR@u(yMl<sv2TR2z|`ZkF9u*{2eC;7A0
z<hKFQ=->O<PTtTT_p`aTl`y2)sLUc+;EYrG*^kaq=aFx%ULqT<^}i`?Caw^&KGe~g
zszCz@BXe&9WkNx^_{z>A6vw?{r4YiU1LztY8Esa0<?Sp|_~hs@)2<knn6;-?E@;cB
z<oIMy9R%T=#u_iBZAV04F0S1JZ;C^&9pB^`QPCg<b^I@8pMLHTT=LlLRgh>Wj82u4
zuV;2oy~jis<?}kO5PXAW6#H&-Eo86DVH2q;o>op(J@vCZMHtm@G3pfSQd5fDwO4lc
zHY?EI3~LUb>dwCF1x=O(=jnF{mEu0UGrS{DoUTvV)3ftR*0Y!`dsHtzdTYpQQ1WDN
zNUv9-l0Mz>a@u2fFLQrnFK2j9UHyWwwmC-cfx5Edl~r<4hqp)a1dF|H{s7YH&uWi|
ziJxe0dg!B8DSHb_?{gw!w`bu^wWvXU!Z9xTpP%~yHLbinLW<ntbiU`+e4@|1FBYX0
z89lJAKv^vBF1e?6sYH>qciLKc+Z`Bly7y#M%SNqf%+F&$HtI$;SIAkm*WpyqN!+Oa
zUMxuTd)51%;iS&Tb;`^1=lUVp#ahq2;%*Nf1H4fHx?w>hO6jFrRe~1VtFp$r!dW&F
z5xK~RQt3Og;_05JQt7&ReQT?ae!-@$BG$YyW@9>d1XYeW!yRCnOlO<}81a)AsKkvw
zACh`qna8J=XlnJRBd#04UGOJLqhGhbVH(`VeQKqWTgYTkz7b+zox?P}F00Wt=fwGF
zpeBAw?J8((ra#xAeQy#ymGo5B&8$@7Tl^$(N97`#FOhOv85BGB;rn7?vXo9A*_^vU
zWQc`Ut4~^$1>3<oE!)AB-jkQ(cW9@3aw_|uaFkM`+m7r{y^>nSDm(_%qvDcUa~l)U
z>Ge-|m&S?e+z(bN5-#6fUX+}NNSEe$r$=vdGQU9T`-omZF#IHXW5T(d1G4?*d)mms
z`pKS@x=#!<mDNEgbnS#Gfn0t_JQO$<1B{|2rI4f8Qli*U;xPWcDc0f9zasS3gEHHU
z=RS-*wxYEqw%bY($;c!ac!RZeuEUQ$8Tqz9kkL5qDR7%`?KYHtN(!m5`6oyJ<4c^g
zU*Rr5!;K~n^t1A4z)~JV>7j0d)@7RNoPCYf6kQ^+O6}|8B#I7QGVD5jvbiIrxqgU~
z66cyXai(^7hVbNN0m`^`cb|6n?2iYwUN((0GBD9Y_*pVD9P-flk{$6g33@nBaKFoP
zfAst)d6R0T{Mp44N1y<iDn2u5i5z@FFN}#tp(+M=t<IT1r~K)q4!oiOCC>tk;0b?t
zAnIgt1gc7-1kLcyy37Q`5OwnMbblo88VMekh(l6neJ(+!`F2g;{76&Q8m79+V6n<|
zh4zJfaqRHbn5b%2D>i+=U%ZKGX(rnj`LC#dI<A0OW)^#-`)}KsgRC0V9_6)@H`*(l
zJIu?6{st}ExpgZmt1oAGS#75^^#v9-6iw|m{ETaOB{A`I>sLv3KC}Xk`SR$ZW7v%E
z&!%%F$W>%7d)$HcDG<wza_2C+Oj2Q+P)Vx;hh>%SY|@gW@{RvjoYs_O)*26ZLyjAb
zhu&2%w2mORksz#!erL;eDSF**<ZN@5V1uik{sddhR)7X0&!B^$Bmg7rSTPN@!Ig!~
zb4xf{9r4FLv{f7nSzJuh*}L~T)BG>Zu-7QkqC4SCZA6-&9I};yjFm!HyM5y#=^{Hs
zBGT*1F+9&*=}3e&5c@E2;2O8g!5(ujX_qr12pcsBI}Ycr=Ef;>Xf&#5jIdKTLDY|<
zFupnkzUt(Z7x%6;W+tV2HgLTS_byppMB6E#xQ1gOY2l@^q+w#t6nZ<@PqTjP^1XC1
zghT_*#>F9`JoJ|bGyj(OQUF-O4g{7Ueg2Ae5j)O=z7xiaphHd3yg>S%!%5@NPA0^p
zY{nxezKmui+Eu+kvI9k<tqX6D9-lxjip~Ij4jV1-Pm>?ZcN{B+j`N$A1M&BE*aC;;
z>Q*C^BQ9}cU#o=|^g38!!}&z5u~35!vFlXBUzo_R_ByDbJ0xaQC4_yw3gA2Z9c;aT
z&E;VCCAEbZlh%{uQV{-LhpJwdL5P?Y+mt3x2@B3FieN+y^6o@+NJGP`4NvWH7((MP
z(hj%M4!7+_CMbCDl}o$KBdcRl4&aoV_8=}1fZOR%wFLkjSk#H@_?1gd(jz3cSpo;;
zyzu>zypo}DhVWDh*PlqNTPy&3=v)MyCUp=nO=JOQ;YA)T5j0;MJBHHXJ9}&(KK4H|
z@OvG?48(R+wYwQHa3nU6^_9X)jOA5q>Ojc;-;++#!uDv--kMG^TAL=5dA?FM<CJT9
zz(Nj2Q_<0(T27=|t`6t<?Vy8JluDnAfhv84Ht1&@`aCU9pM!9TJMbqxV`dl*-R0Yb
zfT&2vV-tBJ+q&1tRGTUk19Gth0dNi_r(_%ShiA=RK*@r^?*X3OBs*bf(pBNvza5aL
z#daF$5ge!wn*()HDqzPSEb_bjruN8#C(J(ufz`}(Lf->kI|$9<+_Ed1G0ENBWBc7>
z$I(lN>9KN5<0zC}8izXFk*wH4Csm}<QhBsA8p2(wO)vInrh0M+d*s}t9EH}3;Ht?i
z{k(?MjB>UQ*m;x==eh(?bmF>B9Gp+n_}FmHknVUu-BuCiWE>q?0d0M_d!JL26A1WS
z7J-Ipaq?3)!&ZS=_bZgC+LRsn7M6388TKR24+$?7+GPklHFm8=+8k5D8dL%WdJIQ6
z4#i<lrkcpJ+SaR}oXhhl&|)mCspXyZMJhkrW?)nABrINJ#?x&NIA8fl0L3Ss>cT0Z
zE5##+er&?B5(Lh!KeOp)o+dJZQ$krvOA4)T!YZY7h-Qz?WC#D7BGyLu$&}_?gQxo?
z#-K+xDu;f!LOHazdZ7^IoQWKvgHaOD9pQ*z2RkARfs@A19UjSW7)Y@g#AL31j%yW<
zYjN!)86S!wm(a^$*+M;apfv30s>#Drl7^+XbeKKpgf<i$*FP~Qoia%armMocZR@R3
zg!n`Gvcssd&Y|Pl#pBvsMFC~ra-qRE3}v>^ylgoi)}0En^A6*Y;~;zqayc=WTt|Qa
zH-lChn>z6nm*GB#TnHwir2tU%J7%n1K6b2~iM*msJv|x+O9D_VVa<38yG|wi(pVm5
zTOWlo#gPCH4bv|0<2$StI;<v3rYJQi9+A(%B>qFW<EBG(A<6nLw7!#;;*mjLhJn=p
zLTAaC@GIi;HnL>W(nE46UKscSQ1`rX5<iQ$fVL*QpvOsk9|Vt->#hWNjwUH{>--nq
zFMd1aV8Juwx}7m_WDk+g^U;DF(Yd3iU*G_%m%vO-*m3-Y(rLf0>-b!&$?8}P0~q9D
zJxFBUL35-W^|#1#6FJo2I@P9|%`{VjqPdu;)7L$yMdfJq_2DAFofOd=Og|_Pqbfc9
z>8e9?U`;~I<TGsQ^^q4cGpZ89*!(B@gO&daa9%@?5QfLr<P1<^7|N(Gl0gC##}FQ7
zd}xdOLkipgIDe!hC<yXbPP;57^W-ozV~}J0OBlV)DE3Fn(NoLGa|B0%x^$Tw`h0Is
zi(;pmJz>A>UsBA9pXQAG2vnd`;KdjWn2B&S7{i$?F_kB`t?xn+VkWSbK%JJ|m(O$6
z%X2k^w;8+UAh`}H&UMR0Nrin-gL8B3SeI>?#Ya?ZGMZaM?XxxiO0sK`uwwg@mU<B~
z1XzZ1^LFX(WIi*RNkTPJ6>iz<^cTHI(^BCjhUo!zokqB~iF~DPeE`ao0B^21Dy`&p
zS6$RZU6dg_!&s{WJ1OjTll9yhN}esGer@m%h-7AMY8JWLGh#ad_=%NtsGSDfg^R;J
z^OsSm_ZF**J#@3fpU?HFvb*lVFd-x}H4hncd03-yRIbB!qG;alA05D4vGO(~@xMeg
z2dg?`0Z2iN@>a(3j2{=IkU4YWfvI8b631P2k=v1uxaH6v9~Uf;os#0=(P1<G6Ga>7
z{}I~qaiIlI+(AyJn;f8j5snGu!ghL(ZV)$#fdgL(1kVFVKXyepD)KxNYAkQCUMG!`
z{58HRCal+Q;u8<fzjV9T<0um=wxcc6&5d!^vV*K|7(Qq!kGEdujj}=V8iY<nBh2g1
zceozYT^C;tC0MUJM&DUxP(a7n+fvIL(#sn%1h$AB#v#=cFx9<>MrF&zX`npAbN(^Y
z@Kh0>iuCpM*Dw@bKfdw_R%=sMuA=8l*L<WA0;a$*IePOm=(t_+xE&V<o3;iKG)NvS
z4X9fs*=a_zXbAtaE_56(wi8T<;6ar>efRzNz4iBJ7vBD8YKH8NN#c%1LUY3#0C!k;
zpF1wZwKF8<T7hJM&juENE9gKEiR+eesAvk8UqE%jv1uuGPTms~EGHE#*M>uS9m%LX
z;PAKIZ!vCRNy^fdSpRV7?Quj!+lhMHje<et-h=8;fHqPW&erSLg1#fi$Cwh9YJU25
zVTG%^uFVj>AvQ7%jtItOlX?pk(xDP==ln0msSE3g7@qFInK#&R@s<8a7l}|AL-@Uz
zYaEinkWNvz9CO99ORN}JFGz7YSZ8``gi36(d%lAjWD9Y6YyB5pY}#C_$q~vM>;PM+
z`m9vwcMYHi7l*j^KChg{8OaNNV4?GK!u8ck6M^HH(ia{QLt!`An3N7>?6E7Vu`9;%
zE$c$|g82Slb51^m1y%+ir8M)%J*VM-^|~1pQsdBsQlu{3!)DCM1q<?m`r2^4^}2Z!
z{aU142~@AspX2Do<LF#F`kCHuLYZ&~B?RHpIt+_=$j=E(f}}9Tc~sttjDbZU;R%nR
zz@U{;v(y1SD`v8t5W0zur9oMAiAO-?nn2}R75<^eQ4)Q}7`dAWV__fLQz^W{Sl(w{
zsPYBPc^MMoCF;Z0fY5P9x6t!p>h7Z{7xJK4LP86J#?uFXxWk}U?l>vePP~|FDpH$O
z0x%|Q%MZmh5z1`{j}beBASscvycU3mWzcE1aBH==qPIm)4*uGJ@}pztQE)u-nX^hv
z^_)<|*Xx5(>S`FQ(NXbQH<5)b!VApgWlk6HktIwLK$&5|jhkI{%MD=1mU4zw-;wd?
zh+tmT{<qNeY#}F4vwvie(p1)yLe~_)fst5o-VM^B{%Sy8uA;ZCmsv>D+^>s9<P_Zk
z_*_R_truvxia@R27NN~Am^`haWZ6PEP0Ts9jkd@sF|&hpTTnL~qFw=Dk0hO(7E94*
zGJSr_eJ(j?93n%0IJ=Kj+RRg2;L&d!oY>i4xbR&Cun-2-rdnP{zH*3}yw@M$0BZc(
zQbGg)###G5vi^O=zkC_l<IIg#^wwJ8u^UZgvxQF6Imjq&W&x*!zH)>V>K}<s&j<X;
z9y_WQJ8B|d{-@p<h14t!9vk){0HrMj+F%G=^ey)^!~YIU<BJPhx{^vWJj&+NN@ghv
zYMoID{fbL6BLFN9pcA^?&4%x=a}{Z{{?ZB^eZh9$E!QF)#-k2b;wmz0EvR3I8bxCB
zQtY&|PqrT6PQD&!b>*;h=8-#YRpdCw?@GLD$BeyI2U>9zxwVQYhElaF7LCb$&Xyx!
z-N_{rdS%(dDYv}J_?sV&s{<XQ!%E;t#|~&UERn|43XbAS3?ruVrE<Y;c0eEbGE0oM
zv+aW=%MTCIf&L=c6s#mDznb~&Y=*vbFA4SlkUqdscRr!fR)>FG7dFGhzul(oUIlor
zkQ6<-{mV#of|kx~a!QI=jErb1`>Rq9@^8X_naHdBsdq!)$s<%?#*o;+*1t*ohwcMa
zr3Df6DUwje9$KYBC&$I=kWc0*X~}iNkEw;nsA&!5&X!Z6$4z)nNVUG@4M?syj4p4X
z@IE>@4;F_wvgbm+MJBm#3RvV64w3A@P7=S|qt6$|3CqH_;0Pf21QMo@?TZxq4SH$_
z1p1U0Bc*UCa2SHu(l)W*J)c!S2P|u|^CWtaBawnF##zYT?(KK9i`sC77Uys1MLt9d
zIv7;D*q)Z*qh|8QKC|kcqy)|{7&UF7E!lE-lh5ZzEIWBero6}trr@gdu!VvEq{9R#
zts(I4Xu%G-*%S;)4~z3fF$iL-RFJAwPCTNL*<>i^2#Y4BxybQDDo=$@8v-kjOi7SA
zEs}v>!+!apkc|;C=nC*&d(ReN17m)G?Ew1Xu*n`&?C;j-v4<5F#L#vnY-~W?9LY`!
zTHEtEjQ4D`&mZV>^Ibc>g#9K=;I)Sz7tCXSRk_(&8r?xfw_60`c8SE{7ush%nde#x
zAJ-(LWe)YmUb)g5<Xs<eBY$R_5aTx}<wq4{$HT|&mz>H~<m;k+G2V7B`~5uvn{2=W
zJy>xBE1j??Pl;9{C-$n98PC~*&npWrnCnQ}K6`tc`1dU=f^EPb%Ni=&YMMG0(&IZm
zy*&c16^`DY9=TmpW2}|+htLU<icO?%^u5Z8G0KRimL+uG|4ni{D)i`~F{9BKXd@OU
zduRTh11Oa#yI9?n>D#3eFk=UBBM~BX$PA*Mo$%VqqtiZRN~jy?G-d=P{zU4~3Z!tE
zN;Ns8Dp;aBB6XX#N3D{{q;}V(n#f$O&Jscs`|;!=wIY!?%j>$<N&jOqfh;<;iRTsM
zac9gF9TCSzq(l081S?MN7uJ(L$+)S!=K4jYCGsiJSr^K-cfJh2f|M=(wi}LpYWHr_
zs!L88$d2<OigYyWfo;3F+cB`y<w*f?uDkcZtTjr2sj0oIn)K!XIxq8TVnfJiPm(h;
z7gI|+yxT9Y?nxPuEb(rJS6?iLMnK$*bQC>5=zDiHt;qf{SLR@p7XA;-QH=Z`VDdoI
zkEtl-beb!oq)B6hrnt?octbI><l8Wu?e=apJ+T~m;l)az*ksBrX=Lqj(SUd*h>BKl
zv5+g%QoW69VPja<&RyY$mUjQg+Mp4Kq{-LCZsi~hT2b*+oNc%KpdZ~YgS*Re@<9tZ
zeBuK*+nE!O3Eh6BQ&vV|$Js*SyriQ#>|{^JHtsx}7x^t|G&w>^Br{4TUK6BGM$h*K
zZ_y$>R1krApg-C#A1gs$lW)0k*f*00)ZU0)=x{x6@#na>9^M$1c6ASz5fqOM*1dlc
zO!}Lvw`z<4T=#6e=E@{jzYD`D?5C`iQA5;;+qxTaWLhO(zQozC*9);kB+ELxPmql+
z)J8w~2#a@cUNBl{#r@43D4w6*_##<&-O+7QIn~FNnSsNui}1WNI1PyuR4djo6q5`Q
z7Jp_2bDQj0(NpyY+(^Ow)`8PwJNGjy;C)BNfFpD&%1coEfhR394riMnKPbHWWuUIf
z6Pfl<44Zv!x7wQpH(fE_lv|<5H(Or^nkqqt7JB!xy&IXjdl5F8aSt^E*s=WLw!Ht$
zocXuF`u6v3$|6v+x$eCc;)~Iq5l5!0k*0QZcX7}^wMg=&o=KrJ(u(7n+1O|)xDF{B
zz<#sm-1|Kf?5zHn2NFoWJjE&O^m_kbBsNmPbrat$UQzdKNytAJ(;lGy_Z!0{;Pd2}
zdV3G+n)u85XE|a?f_nvjo<6eK*Xyn7BFqiNuyNSWQvW>RY&+)%=XTErY7B&sYL_oY
zKXGM_CEwoR*e|%UK7AGyZ#w39q<3@Q<G9E@Wh>mKWqr~W(@D7;$6?>8sCned?Da{x
zS3%I|E<AhJ*gx-jbCCV@i6b-r>L2y&$^J$@Nq?0QU{6u;i=zy)aJ%K3)U{i84-KHf
z2W*)RH>T$AShKG!Wxu$7_{G`U6#nfi_i;h@oe5%|o}*QrKy$?{yn)ZmvJjI^=Wb~O
z&%jTXv-L`reC*bKNV5E7;brTpfn{P8+jGk*CHo=gTlfaIq3=^b(TN>bt426^Dz{r@
zcR<C-htgK_j`UV{>E9LnW-9^DA2FmgEw9~h+%mhVnSA?G8!Qo8M!xp?bkYKTD(J_z
zH3z=$>C;=ya4K(@BSlpaWY;+-9WH(`q?Rd9>8<)HSDJ_m!q&+7vol!{zdTaQ!#<qK
zJKLlNixcA7O|3V+9UQHAoX3#vq477@R==cj*x4$Lb&`x8KX>1qe;(L><!e2E)~@IK
zK)OPl;-iizCvHt}@v9_Vk%=@qDeiVYo7#BbepYLCy?6lkApd7S&W{hg2zQNI#h))f
z#gn~$+x(g0CE?3?Ca1!TPxEZuWa$;g!t#hL;(scMaI|9L9A^$rW~a9@wMBk=Kg9Jk
zyfMA!dS)u~##fQllD;cuG_~P1BKD0hrv8dYWP{2{cg^#{V0?b$q?XHo$XRCC#-=)<
z<uiI;ySb8}EPrr*w8=4;y@rHe=Y$vCFTD<AC!GEE?rOXKa!l*D1PNmA!QAiWw|+j6
zTWF2*B63}^+3D$rwMo#UKjowN$6J{;`dnZKx_^>?*#N`_T;GEw+}!iKX7Dl!f^zu>
zjg<ZRaS{bOvV1<~C&H;+1mon@nc`ZtP8o_Jc~LtUf4iUZ-gq<i516axbBNfDuV_uf
zfsP)fWH%0SU46z?q70g-B)t7VhXWX%P>I$xoh2%@Kmxkh#H0>Di6cX7St-Z*q}qQX
z7pFe{yF|oOSq?U{Ja5g*cv_UX56V7NCtOHo=&Z1EOjW?vtWN$Aw-9t=g}_W@0C32I
z?&-2`bf#fFt3BJw{fm?7C!asWr3BqPe@$T+=I(mp;aQk}|FZMe=d_I#>t$K3FwuM)
z?5}3yP3mY;P>PSQzjIH_XIcE!t=Qm0?4|WsNG%_g_2cxttCb+_tFirbtEr>Hb_&nN
z)9g{W=-G7piYc}qJdv|&UY&?8ISZ7=Y0g{=vQqMW<K2CzkBAq*mMnPLZGzTP5}rlc
z1%w`~bRj*w4UD?dvwvK0M=-An$_f|s5iIWs8U+KxL4|0!2}kF$o|7HkR?RHA4r&Uy
zxPLDO8~-9<q_PBdac0C$b4Aq-j<90ORu6Kn?x&C#Hyr7qm6LWEJ++<^+j<ARi9R7K
zosv~-t;=|%{9~m-q@BXF-mPoBTkwO$N~i8u#?>Tm<IoFUEe_M~YaI01BLN}7$1W0y
zRv~^Dzm*T`x2G^hQOr5gH>DnG0Tt~S)3`>KSc^jDe&4h})7?lxu3va!cXj$t#c-e>
zm(L!sAJ)n4%PYkL;?NudMMDf@u{|$HLfiLJzs0^bpdY*!**LzsVizJ<pWcr;`$kzf
zOyri}D!A?(%IPE6KDNZ>h$8pCXB<3=M7F8Y)e$tD+FsGCyNL|WycJDs@SN`O%zX3o
z;%uhkwjse|Z&hyP`R}U0yGEcWp6mD8(HZyG88KGKb(%B=?_-VwKb~9agcf)UD>I9g
zkjmxVjL#wePA6$`!jf45mjf-ntiBjnh19NAkjTlNu6hrwiujBJz5fsvXw<D(In?n}
zMahz`|GL*uh-=D0spFCOL_1fQtwV<(kwj57XUiOrO=fJqhIbOl)lPup)k#qL;*snI
zMOIJrk^?(>_}q?<RjOo^k=|&K^d_^x&xqt)C>0t6&}MCT)}MQ%9j#$*-y*}>S=KL9
zLA2&}mc|}g7Iv1OJ(kxoTkdwBxQyy0s%|tCZmy78l}%RTkT!(@I)k>p%IuVzmUwJa
zJ0ny(^ocpT5WWgPZa=v+iQLVPi+CHOml_=UsX!KFQc{Z#;{kH2;tEIZ?^>Oo*tJ<%
zZjh2?C5mq4!bNfEdj~rrMXMMig*gbzwP^c|9;Y|4xCT!fG!K)Zp7ihQJIvxhwKQE`
z?7Swce?v^7!5eQskXtweZM9bpwC9;bbdP@zAUu}*DV6)yZ{^B$@)M2vYSti$437>d
zYh<Az)#%etK2KH8$LI)wi^CM7^N|7$vd=TUpW8dQbySIiwiBR0tNde<O>7n8)w|kD
z3&ZHwf}YhoKez<1EaWfS5`;PE%EdAMwp);4UE;JJ4-zLATv~LX<bFU8ceb5rH&Z2Q
zMCPQVHFpOUw3`jJ!;B;J#urq_ui!Y~uph_x#K~)hw=4Q#RoNG9Le8t$dhZw&zkTLu
zRlPhE%#ls%&pENi8&r1o@7N{7ihtdK%KBTjaKddq8vK<EyMi+PR_P?12dV9|z)T55
z5vwPlcD?zw?-H}hrj|2U?v$r&E|@G7g&*3Wd+Tq^5SGOfGy`=;d_b~@b7#M!mZtei
zQmyubpNN-w4jc{MiSEs8A<ow@3j7AVworJOG`|jN?>(ni?*CXuE_e0g9Lq6dfxqwQ
z=Jun^x>&Q@FnLb(dUx-~)>*^^{?Y~cI)nNjdVj)AID~k|#u2lkU8C`y2ibC(lri9!
zLTnl^W&+<K7tQ8rhWAh|5~$DwR0fgGoMaprCbw>qH0s9LejzkAR$K%s>;uDJ=o!Pl
z<$@n`!JU|qnxRI9NRf``MvQoW6|g-NO(X`*q;_Do0fZ#)W}bNPZkC<;-E{G(ddpX-
z)m5>{W?~9PT_ULf>ocpktV={Q+a<40N?(V*`C^P{ms{dvwoh9~+yuPIGa2O*rsMJ9
zIqD3$7!z>p472{T&Y|<;-0jy?+3O<H&ypUe=I-cq)LLJtgE@)(4VW5B(2GV7W*6``
zsChzl@YeR!!DJ|NswgCf$|SaA6|WlyLRke+lMdxt(F&+L69&QIDdK#FD3yz`Y`qhv
z=_eoGhjZ!JK|4_AIK##OYYi#bYADzBXb|x)Y`y*_=^!vNZF(5Ciz@|VC?y8`xm#&v
zcbEnXC>Q2n^D5i`%d3>oJY-`KP16G@i}j=lnZ`7d4~TT7%Fy~OKWG?Pm5qG-4#mHm
z=P=ZmSjgmSwiowcx=^^Bq=w|lPaK3U*&hW=4{S!=uL>cr#V>JlJ4?Xk29dxRq})sn
zwcLH(l}a#hqy)UD+5hrICYU!g^mP;K?X|#ht^N-`kHk_U`(L}bVlvy9#}~qa`!zw^
z$aTD&p|PfV_<3D&>D?j}YDK5$&hWQQ)H|jr@TUK<bkzZEG{L@Dn-mQW#a)ZL2P;l-
zDeg{-y9IZ5D_)>b+$9uucL~Lc1}QF&@4ffe?9J`j-t6q`?)+w$3S|hi@P^Ifv}up6
zG(~jgDYP_;h+*rt1K%=jS<+o9L6-GDHVU3TdsEdn6PsxB<Tb7hQ<etUrSay)Gd(hV
zmcsT6&q<S%86ZhBxu<1f@GQ2@31EC_9r@&zE?!uExT~<OKzyHOtFI8qL=;5By_6Ll
zOX>g#l>dCj;czk!Wcv~MrK-*Z`uz|RIgc(`DV6G{hMJ)k!v5oJ^ADw3GzWw?n$ho9
zggDjhPYGGfxa?F#<e9JV;>S^Ju`lL#$Vez9fC%z2$EwLwrF6YKbOC8g!WvO5<_B4y
zLl6B^E6zZ5XGc{M)eH_z2R`yjP~_<w>)8nLlCwS@;DhewQ~h<PP88&qz@7h`&?@IE
zj`KQqh<Gk;<|1a>&#n>RB)wTl!=QW8uFMLq)<f1-T<D7blz4<@z;~E?Sj73y@5?o5
z(uV@f?+q2-&)Doh_w(C+`Dq0Ut*KoBKcsc~?oSgM&j!_K5(|%{QEDdFJlc+hLV3!`
zOIl?wy8<euTj=kfC4*<?yA(QP87|0r=NarapYJSohWoIK%At6&RwMn0m!oUhJl41t
zJEot{K!V+a59mn=#lrI4^_$dV#!p(K`2qy`J98cpG9S};SBCn7iw+~cu<-w=_^-GU
z`GuuBGa8TG61^?X53`_~YCY07R*;Q;JNfH?)FZRnprKE^^M#1nL}$cY$$qCw#+7K{
zGu6jOkP-1k0P8o7Y+8bP-ESQFdtdC6zohW#5?J`8n2iwT#Ws{HS!?N=Q-7}z(Jxdt
z^W>dr=A|s;os{XSQOYR7nRvDzbYHG!*aacWrW8%;yt)@H$B8ro+wE`~uJTV>^s}AY
zc`2PM5#b~62~$*xLc~^K`r%vZ;aiHktj`DNuEYvd<SxbM_t!{Q429^Pg^@I@N_rWV
zjZ@4czwBAa)8yR%XA7V{sw}~Jyf(2k%+WzNz{wHZM6ODbZ~~yrk-{Q(`6T#2b0QI#
zRUGP#Aku|@7ucML$x<V!^CjFz0CCrSeAL=>t?f&=a|wn*&^If2_N0zLQtSh>H>h*8
zJC&nB(lqS-uT@wk-GB~<b+`;%?CYq`0n~v4Xj>_55FnzC5u#+yt5O-SR#=)03_!M2
zrp^^FM!qK&KS6@(BOEgYMJg9X{z~u{FaL+25cH~aa(e`Ut{-~X#3-&F0+DcN;cc_l
zrd4s|SPSf1%VXjJ1c6@>GiKjBUn9Ws-b^I-u%}P|*13QJq@hbqLhK4jbPMm5(u%D*
zqg=H<462t!u!Hy66P;KwaKYbcLLZAr@=*(GpnyoVa<Jq7s*7&wP69yTt_h^%Rb6ON
zr4>7nS<%_(d*%-gFv{sguE{4YaC`8|tu$}EF^HW@<_^dkpc$e$dG@51YbVytr?n~T
z1IR*SXijX+k&`P7;#C{-5{nIDNrrx;%~OxnSXC7*#<<OuiS}x4ewz6ydq|{Qau0d`
z&r1;JFLQ1Lt<5AgstRd7qnzC~^TNB&Nqtu|oYv{~Io-%FcaNTSNxW-G#V8913?sF|
z+~F1hcTfF5NK>b7h)flNo3&5^DWqm5U;aEZ&oLd$TU<MG@QGY6%Te~`9@27;%vb5q
zAi9oW-9CHr>4!>&PW~27;ZR$`ggG;ETZKm(Y4{Ni2B)r8CAv~Gb*CuovmZF~>tFY|
z9ku)PvmYb&jXxB>wq7?P@;v=e&U_0|Lzk+rOV>x5Tdw7&iS8eyBgXfLv$xh;6R6{A
z*731?eF3SX8n>9MLgC3{>*c_y4usxu+Yfkt11$bGnWRr2u<p4jZb?-5EDS!)5FCi}
z87MTHIUqr8=|*iEW&gV8IEeGl2deH_w2_u*Mn@||N9(g<Y~k<Qe}X$Ou;vY5pR1rn
z7cCOakC*f-(SJC9!Rgz!MF*x5W80#cYqqWXeZcnSp}D0It5*m_rxbc~NcdOMCx7|Z
zPf8O_$>8jHUcn0efV)i6cw+2Ru4Tcfs?h|I4_nuc|Hd#(Ul`{jRI5PmtYMSK2MZBc
z>k$QR0hWW9u>hCl-asq&Vm>Ni(|1LA%b#JA;7m-Q-VB$}z3-=kVWvHidNaDSpJR1a
z?lc!j50Qm?49HZ8jNj;cCIdKweqy35_<hp(N7*}{+*~oL1sJ6APvOlpvgE%4e-XE>
zxmyDo|C-TM>264QsW!;Ww7?uhnwube+F>aQu#V!mKcV_}B(EY$Bm6i;_~f3LUpLKm
z11g-8wI48FqU{MYFZF!*M1GiSBKs%{aU=(=RW(gdq4D1T;XKy42f^OaJ-{;=k2uZK
zky|>A>Zh$<TAx9%x;NGvMDDn@iU3E&sSC@c=~wS!5g~>&lfn2{pu)0*br`9~2OP(`
z5J4jM6bCTFGDNkM@j*Jqza33zW^P&~t>~;9rvM$nKe-G(9q$A_Sb%J;WZGPDRTZ6a
zlV?r)@)8!2r>!5PGo!0An_VT^lRjaV5f^PT)dl7Cb5pW7n#TB74k_DTIq^|`aRS57
zy&Tiue1K+bS5y0yZ@CCXans`3$~)Ju$XMt|R^Ph_QDtKb^3dM;rkjkkp)LC(IG&Mn
z9aCKAFDn7Lki}P1Oa@y^A+t)rl`b?P#B9*oI6zM?j5MEzTB<IDnaG{RS|(!@gUoX2
zYb6m(j|-gH&3Rlt(as#Q?+&41E@Hz4{sxy0mA?_&tnj^x=BCHBRd#Moo}aGCw<mhq
zK0Ju$lz9m`mg)8;56n7m$+D=f78uvD%O>h_s%jiZt0}t{4ar|ENjM*-uqFE|iL*S!
zOAq0ruT74Uss9Hux?YRp7za{k<M<LY)qR8<)*(3F-?oyrXW_WBzji%0KgYq`J;;Y~
zpapi`DyaBpW9zP7_G;ULI~x1K3X~OqqCeEwv?1QK8OQxm{Cs`QW5#s9Ijnm=uBw;C
zaXMJFCiJ#QmXw;dWg*zPDKwFPE|#TVO0bcp!G5?NqWKLo6MCI#lIX>!GTHz%WaIn(
zw@RY(6RWY{Ci13(T+4Ej6(oC{)WOh#i+CnVwHB{e^SgMO5}bo^MvzS$ohsyq;^f?o
z+_DF@-4wf8Hp~6#Ton8(^TrL)ETHksNgtG?v*}fL{Ujb$%yku>*n3oJwGt?n<QKk&
zbWrrk49WjH9xUSECKDpHuYT{=NVlY4pDR`B587VQCIvjh&C+rS=~G4T7M8-aBYait
z`<SKtX_{boRQk~lp8cO%(E}Fw;}2F!DaF00*QbS1MW_wTmK6ORW_p_JmC9FF;K9CO
z4Nf1RM+?Z^$OQ0P{lw#Nsl(ytpS%zUhn7rrbJ5Nz3vP~$vGp*x&xfY&;SLjd7X&ve
zfH4S3r<JwPR3GCDU6B2A9o>N0wFB_nVfmSki+%1x233$W`c_>NL>jS09kHl0mQE1v
ztq-+$+mR$R>Mj+NNvFX1fF9>sI<b`vDR75$ocx|J&BtA_!eb))>&XZ?Y@qI73thXo
zD1Ws_9}_q5tiBaau7JL0Cb)Pyx(Hps6kUYAg)MsIRoKgtc%__tS{7cmm;I=O5)os;
zl}LX~T2khFm-~yfa0qkB-CRuwn&Cd+4xtj_$n0JL<u!3NQR6P>Yr5H}+%|N=RCxRH
zubb(Q?VRjoxy??z=JK4oMU1R@hfe_dFN_qN{5$Q6tBH+uy?RIPzr{G6P?z~%(4Jk^
zJQhxd1V-I=+EoMfqzEexWz6QgVfbk^BH|1URzVv(E|%aL49Is<K<H`Q0`nkOs|zVG
zL<rlrthTYm0^+!Q<qS=64nC9R(%s=@I+DVQs~h31s#Aif5WNv|qkNnS-CE7mY>J(t
z|GH)c`I!&$HPf+ZkI4B<Tzkj`Mbui()@<U_<2{xyUrF5(iqLdt7qnfCP3Zp6>w#PO
zxK#dyT!HX|0zCIOlNbk6cO3myB>k=bAd`^H?F|Zhu~4CkM{te5`be3Ktbi!Jutn<q
zIAbo=Rkpg`KMIY%67YE^wZHZaYd2!hi<ig`QvUH%@_fIL8aTlE4gG}MGgcc``X>NZ
z>+H`kg51e4=6YaP-x84k2sD)9Go1|gQ3*Cu6aDaZ3_s{d1Jc}Od_|>k+`sSPpzI#l
zXrUB?Qba)6MbLXbuB^Y{v+P>)14=8G_WMcLl@sbSZ|`5Tkz@#w?u>YMnAK6ClxAL_
z9L+8o=-)yBqreF?k{A6TKS8_0ppI2wME&ibFPgP_vg`rJF=~alYXZ6}CG_qu30WVf
zH;4>~)14qvg1kJYgT0Wg+RoR@F>3n#{7LZXlHiLPQm{ioG-x8z<<>zj#0Tds``<YH
zzaX$@5;so@&?wURnF_*pMMuL03&Mx_zsY&|6YTX?2yTgSPJYF9N*`~GQ~T{_LD{`S
zX`GRJmQrke5#Q=}zDk;`-i-?&yJHdIPxiW?HrZQ0(RlHqyf=S4ftWrx);%}{{)mO{
zh(X@v@1|7(Gl7s{Aj=c&hlXPMo@ivS3}P>HD@4-WIBkb>w!#CU<_y?S20<dfrsO`B
zoQg|zHufL~--tpAK9?wQXyXUs?<j1hxo<r^L-d}2E5S1u_6I5v$CD%_a~<?OxQq^u
zICmlv*)PZdQmJzOh=8DgHWHN2Nf?A1tIj<bA%K&&96vEXG>5K2J_7C6R<1Fo!)*>I
zpgj`4Z<^7l><NDl9^Xhnt|WZNm@w&5$Q7NrV7~Ta$CY_+m}y-pLuCG4I}9oh6w>z$
z^+G5^bPv1{a|jjrp}%#xPSWWEC$WNapDMcrU9)THVoeUO+~+dr4J!m8Q;vY%uVUFm
z$4dh!`2iLFs|NXNal57tM1bcs6amV;k;`qT`XFx^YgFj~^>8dYbjlV%d!7d_VW)K&
zj#y~M90ACmmf#{tNEG7i47lm=2*VBzzxbTeUHkc%D`m=z;Zpd+O-D*0#6hxkKN2IS
zuGrgf+xOH<ApDnGlF!DF2}HiHWgp0q&+-Q5<%11u$7$WyB$aE)9TNUs>BgZhXw|fS
zX0d+5ve!dU1oV@|IjA?q7$Z{3;K^z^b4+=<MCC<oIV+8!J0>3Y^T@thclf}{{1d(|
zR0M36QP}KcTW47*z5RJc7;J|oh7vo7MH~k!67@!-{E9~YFNFg_YW51iu)jYg$Ide6
z@?CVIyjfo~0|dmux>n6u3a54ca})OS7}J49{95zyYeuzGvkyBHHKN$a=1X%nWw~4@
z)g{mlH}i4t5(1OQqeY)-ar)jIBOCLPbFqon2fdZL?f*zW)d?K<$FaC*pZ#OGz(Vnj
zqpuSG1CNA{5CY)^df^Qp^0)`p7GGRJEHy4#9srj`FtO}=`!3O%gMoG!#>GZkLfQBF
zK~UF+!HY%5S6l(T%7JL*A2iaPll!3DLN$zIV%a5*I3?^R9unD>ao0~wyW(-@$Y<wh
zgB`bPGN7*$x^9F*L+dH93}$UI6#(g^fq<!SArdt%nE>ch(<*!%6WQTd%6Q)sx^ND$
zoux+%`1)OcELs;QDE$vGfWrhgE(`Fbd6oU<9k|O8XZic%z7$0k+uQBvrhUT4vq*6m
z5E6_7i1Xa|z9GIVEp+UQzV<OpD&=Bi(GHX8YMRRblvt5sE?azPP+4Epz3t-HtVUQa
z8D)7s-JrQYO};4LULi&$^czl4=<!atGV(KD5SCC-!F(p*I9q&4ILP>n7wyvqtyUdY
zI6Akls&jY$aR(YwmJ$tj)+gtBqlU!3KwTW*rZSB+PB_9oJ+^Xv$Z}ucN-{u`9(0^5
zFXZf&?i@@rkR!Ub8o<%(BX0AqT-N5@o-)-~o)o~KntP#k$|S_0wB}TkF&WTK_v<p@
zh1*Hh_t#y5c>B7{`h|%&j-eQoFc|0Y+PlT__}8%Z5<l<pFSPl;d>3cZ_vYTe6k7C%
z)djyM7zJi1#?ylwm8e>l+3wAwauosjWAw8j!w|dVJM*Y)a74y;WjdjHwW-d8V~g2+
zXl1`IqCqCOg<D#YVtPtHZ4NkR4$K#CqCrf$MP|yDV#xhXuX;oS9;M+3B54oR{9deF
z093d|zUPdb5{pzR2$h2f$eAJ<+|<F~*rGvX^dK^tbD%~B&eI%F!;-0RPD3E*F_-s?
zVUi8vztvnX#9jRndezYi$eubdj<TIgr2u4#sJTf^qL4BNyc$>Y@48o_y~@mbLdFgr
zK(_7L-=tTyV-pS9Q=}cs8KIwQt$;LC_#*BuF{>k#aRfE7{=q4q;|3?%unY*@As-6G
zCa}k<6tvC)xJu7~SMJ2H8XI54`4#44MR#Hx2GdNzAgVGPXc<nh7IQ3*F7`{rFt@Fs
z$&RZZr{-%uDi)mNw-X3H<HIQpF;%nWQ=%5c^BXs8v!7nZf;FB5)%|uT&eBJJ3q_RS
zq$$z!n_gQ+1zlG#%XlKhrFCTG+SC&dq?HA`8U>{H@^n$K=Q_Ix_TKe6CNF<$<(>ew
z(%W_5wXN_0E$s##Il=lJUpfHK`rr~LVB81&y1gv#_k<mCV^uVC!Yt65G5NfJtGl$R
zKl*uyrw?hhm-=}zJDC#j?B3+W79z+;E*)OjHse+)5oCu*7zLNqb2uq0Bv!9iUHm~Y
z*nv(3;bD>{C2Lq+oN_N0g+i_8%nE03Y;Sf$B)rzANf9A5Mrif)re=%Lc-{*#a_RYg
z$%d@(k8mPlS3RT4dz}N>JVd$)YP9@8^`7l)NMD3n8m{wSVd%COCkk4s3HNeIap2${
z2qW?--%hkwG(X<E?+#LX=R2o+D(ouSI}RDgt&M{idJr)h_sG9~K!(Z^cYaym1}Y#9
z<rN84S{4|Kk0q+pquz7PiE?$rtJWhHfSbReC!R4@Y-FB}*mRqY3-3J1RPPzFoMWQS
zE#^6Ll7blB<li!R`Xj)wW>cQN%T{Ni0wYnq=JXzsOlB~JZCMSZGU^x<-s{NZ^>Sv{
zl?DoFT>yCfI7|*rLA^{vIC>`P3xG5;ym(`Md>mfZJ<##JDRjPHI9NcZL6?e3CnLwo
zB)d+g7QfOHnYkOH>JIeSRY}9rV+Da&)(69Yuk6(h2>cS8thdd6gbu~G3j()~j4`GZ
zu+QjbQb*3VkV9ar+6J*$Gg6+Z1)CL?;lkVgS}qp{DrsN3Xj?JDo=TQwYmYKtzxE{`
zmwi23wsxrma!?{1>|i8+Yr`0C%*ZJlF<~NAi(u!8jA|gm&>nM={tXV`wI?!};w0;J
z|440bI6$qFxC`0Z6%H0zW^FzfhymcY$ix~)jspAAFL7157o0`HGZ8-;C>tMfB)rf$
zsoKV7BDyPa6lq=Zkg4?;*uMANeNjL#U^Jz8^ozx1kIzuF83l%?;jA4KymkWv35M=q
zmC{gVK)n`xc;`Mbki5P)F!(g|s7vPk?If{ikmySy)=N=_`1itQmI|EmJ3Y~$(#KC3
zSJe69*#R{6kBKS;%wpIdpBU&=$!t;?DsZe{H-3YTnSo8IzKEJSatw`XiWC9O=z|Lv
zKyFW3lOB1|Af{6DWJE_jxuse)<pTC*^u-0sEb$^WPL+bkqg&**h9qYb+FlOIe#!Ss
zZt;XkKVKUaXW{%ZR1?C-T%Rv)z*Q0$^8DJS!|5soYL$R~t#ja<8y=-8UcPvd`P;ND
zUb?9XbI~B)Dyk|2=~tb7^{O23VELN9h^dB33~gB|1(B7&BJE3H!`xWW+5mEtvKIZ6
zQzZ~n>k`+wLc_Qs9Cs=JopPVpk8}KwQr9P5^`30`_xvIP3h!?p3@wOJo&y-S3@h3K
zl&Lj+a>vY!V|gG<c7Qnb<+8xlXI7Ld>UBPrvLwW7Bguo#ur2#kQ_j^#^U^?^XIhkF
zS~GbnGddaTQUC3>Qv=DRe%JBFdCB+u@?oX8bi%yQn#Z?!0Uf%Mp1;D%0;?CXvwrRl
z4}EWhoGo6M@7y#(=<R@xZ>Q9I-W~zm7S3^<Q({hw>V|s<e(p1F&ACAsk38Ss?h8W0
z+=Nj`Xw`c@ze+*L5iol3(&p@v3pVAQi5Qmz<7hwCl@vi)YfG&4qE<nuaiICK%%Ilu
zH4T@2$0`p|@D-S;B#e^7!WA~0r`A)K4JhFo#&u33l5t^TG|pCn;Ah`5W;8^yJK~W4
z>&pf_@ST75u&0}{OzYd#Q12<hK0LE34)o%M<JN9iLLaid-t&8LnF!-pjbGuyhb+N|
zmal3efzdc4|5XP)>iTN<qf$Df_I~EdR$z&XeMv(6SXUgVIabbNASg$5be0Y1M$Nus
zy8Vj}j%G#XdytOTQ)$Nf=m7hCG@%8ps1~-(U6EO8WmS03Z;;pf_f=fl`QU&iTOrus
z301J)s{!Nj$`jzb0HihLI-3f`8?!axJg-eqzvf<nAPPw#>r?G7C)um@EPU`nwrdGd
z4S46VyCDSl`g%&?s@dd1hOAfll!9cvmwM^>SgnUd2)H3+fvj-d3=5CVq|(WvMd|2B
zl&zi0g+vJf<1SyDY(VIDLPQdAuj`G){?9&TaC`2uEIXyORP7My3t2Dt(F^%QTQa-z
z>s%t+9ed$y2V`#&1)%u*EQ9=^K2x?fCKn<r1a!QPChHYllJ*QBh&QHo2faPn1|2Va
zgq9cx2j_lDB;ax(0#zMY@&wOsDgjo<sh5BiJ&`HL)H-X9;4w#$;FDdYA5Ofpy<dFB
z01ICA;jZw!EDZ0Hr-1DxbsKTDkJKB->nx(*yRzB+`FhV)<au%K{N+m-29V+=gjq@X
zLpcVet-YEfYFv-$s?5f`^R~xD1Te9Tk(46g5B?vFj`L3GgqL1>NGC4zfzfw2I}e<Z
z0@dykVuaW+BJ&{~oR=Pwf%`>-H`bCBhCA)?AH|yCo|p4v;B7K8r;jI;EbD!L#zlyn
zPQ4=d5Gs&gG(_cmim`u`jCi`JO!ObO)wHG#W=p>Vpkl&3T@K#BdJsTPWTVe_yE)au
z8^QwOukl3&v(Z|GE$lCx`?=v1l#3EXP86@Jo`Kj-8$zGT{S)$o5#9m)FfTqE1tip7
zQ;`3oe+R_G#9mWeis5qvI*=Ow&gNM4>|peXP<_OT=QARsx)S=$dx0Rl@#q^-yZ6eX
zbqCmCBgJ^m`eolv446QVB#~wR9RJL~UxD34RZPZ>otOUj3$58{l{0x#il0)Be%=sL
zEcegYvTYdm?&sdOY=yE{2!Q-aJ)(ky6hHBg`Q1#JKsWk)aWBa!cSNDG=K->SU$RSJ
z8efkG5Ojcg%|rT~vaVXL)sy>a`-UuVqG-*dFCKe@e7B4Fw{P7W$eI7QoGBRp&3ft}
zFeF}K6OU7%{^a@QWX&TzkA_8b*ze{*4hl<#dbl`E9Jh~qIB)v7C&901Zq~QPx9y|V
z@HfY^WrlL;{5%S-Fki&`J&uY&wk7B4><qC}VzKe}1Kdy*8{fJ75)fJ0FLQd;f9o7G
z9({=Do7K(9500Vg5Vf+FGYnB_Lg%P0%W>Dub=Rl_->8SzjA8oV0$4k(dsI9mhpt0J
z+IegxHTG=cmSFQ~WV?M{ag&v5Qi=1($sfY2d!@b4UASNq%uJVj#<}=|$?rxmS&tMZ
z+ukDdPfY2+Bda87Omt7Zq6}ECj04V80m`u%sNGJFaY39W0hD`+9urtid9a(iJz>;_
zq^SG-rXc?~c;)B<{F_x!?mpndB#2>$MfI;XIMHbN@32FN))R~Ki8eIUXn1HtPi|aa
zx0AD|`KH!D*oWCCPxZdzKW>S>t^vy{_tz`e&Mj|hTX=G#OIYO~AkWI_asp?MGpF-e
zmqO3m9-C{oW@F=0ryxoYl|)o!X%g#X5^;k7;53QjdquF|h~M1BVh+aic~FOM_DrEd
zf(QUR4}7(M5KW#?UT1jI^3UiRZJ!uC5?9Gs_gxz1uj9oqi5s$4MYpL;mZT9cFt^9)
zPVk*FgDa6ey0DRy=!vP(<;~hUPfwmk9Z#i3KVst>(6n5ispdxHem=%k8!|&GxtVxz
zd@mNM&4&HaXs2xPYovI(PQ-+nq^P?LDT;?4XR2<%sA7L(%1e3o>3erxPnY7(!m7$#
zQ0vdypG$B2T_dNqu*rMArUUwPw5u{j16$c}z8UTzF|hNZSYvE8;eKU1v;bdO@CF`v
z*5fely%FR@FZj8EAg5q_coH|n<BF;6v}OU#82!@uln!iX!&w8WbuvS8v|GI26??y{
z`+PPl@}={mHsG^%hIhJWeV&ivzYBA%_}q>Cr0lV|RUFt-o2+mA`FoQqykKe**@X|s
zS3<X6R)4?c%>}*?72++8o^7rAgw`It?+#IEaG_+W`Sxz}h#5jq6%w~v*B%njx?i)K
zqc~=VL>e*lPm;-~-_DR$qiY1|?`<VyTKg`^|BeZ^rrA}j-66x^7kl#l@<Lqjm>4!{
zC!Elgrhewen|OTI>ANfB9qW8cj9L8i2tvQ;Nr7i7Q1|9HqR!si!Z~!ZPi9V7S(^z#
z8bh}htA4qD!U_I<$?SV{n8kLE*jnqjL353?E)==H;@`~}IbtiX?*z@Uo;A8Uonw76
zTBCXNdUc66-&jb{1{R;KQQ@}qt4QqYLsT5kKfj#fo7}UC9(J!$<#b3pbD8Y6C3lSE
zCoKYs|EPOW{A*W&ca0<2+&X{<SN}7q-_7VY17{sC#aAQ_)AC+xb*lCAT|418uF>%`
zoeUqU$Kkivp%(YW94WVRzMDB5VE;94@RJoP2fkbum!<C5Ed7z)4)y?`oWjR*t&gb{
z7RC*pgdnv-G^JY}7co-rR>c>oNE&aVYnV4Ef3KN5*p1?nFr982&^UcHFc<kn1oCP>
zo4lHf$Oz}9`IYw^F%@^Zf9ZBd3Jn(W?V4C)-E-5c<uo$z02+D#;~Lu?$VAn5(?lr5
zPy;}E)kq!T#2&!i(~HHg{vXf8KqW~Fi(gN>6qbg)KV&P(BQMrg@0~6*eirepBH?HL
z7CJ+RG>Z|jIPgrJ&p2mLP~F_5@`yLV@im+FIVXTMjQdvb!=f(i-r>^qbqu(vlJHh~
zr<MHRDfv_o?w<gvAdh(_7I%E=y3>V?F0l#RXdzj<xA>ELD?jl*2t0~+C;NXCn>s7V
zAH=*8+TRcVP$M^YmSNNrFnyL{H1x{b2>>jfS@IcHw=jJ1YTVv--kpz9fTn6QFGNgj
zOgkyp;1uGm`z9o)cT<W`3lscFV=34Se3ord59q?Abvg8KeIY$vR1fHOD?>7TgU9uj
z?mU4bkoqEWA4ryn9(t9?g#Qe(yEyy^+cN+cmdL$H1z_^$qXODgdi=nJY_@+>ExvOX
z>>+_+?;zkZnZr~Q#mDw=2rnkE>pn1@$NuG%qj1wKxJDGd3pKFc3dyfSN!Y5)54?~W
zy;A|M>sWl^3Iz8>*KII{IG+(w%38UrGOmrMER@p4v6H<mw?|tT+J|gR_V>NfjDbDw
zcz}yG|0~C)RX<a7yo7rSe$SeA*%brgy_h2~A{P|G^!}JV_6A~XBBT)h^rL2)$$rBv
z{6#?+${g&2$h}boS75g7n~VntWZ|Ne8@9aI8T<*Qew<NQsy(IaZ8qf>M~5OUeNui*
zhTr8w?oGOh165Dw2{3VdnN{ADTX{Z{5j+23gEn>p;+!|?lzn!uUH>Q*SCM~cv_LX1
zQt51*<~4iX(Yqq(w#t=W4D2&?vo#obYfF?@*$*Q7>}P~^%(f)jjk~E3<0laj(0hXo
zo>550Ep&ZQfKIZ7VnvtD8-gx6w|yd$*n)z?`@d&Tv^{dKJz=iqHTnUsp0eS~o5;3T
z*bEO@2`@ZBwsj!^fV&ryc87sjPhjzjB>xkpM05ZUH$Va4r4Xj{9qB`o!m7BE&kpmq
zlvUijG_2>eEz9l$UZns9!n?Fp8XD5J;@S!xdu!ka0#n}DAoQo(q71zIPUN5UMqQpj
zZklZWo9;<%wxDdAZ#-;fNR59%;*~~-IKyGR=18o*K-aqEsTE5kzX$9V(|TC>_**`^
z8V5h%*rI(#$#MayC$M9|{#L!daEr~JkgXf}{iYX?CatlTIkrH=7bvyrVC~c_@o+>7
zUvlhYbvF(`L33G}+B6ACJHm4wH|awON53ASCA~dN>5x*Lc+0dzy;y06Y^yU9bYaMw
za=m>rk&AQknzF2SI_n|^@1)IZ8J?MrF4~vkPCTRA-n65lE-%PFF&b9WX%ATY*}$Q&
zO)l$qQTm6LROiT|&z9{;w&o0vhetPw%3;VyNZrCg?w$X69Sj!-)n0ujC~}7PGd6(>
z$;ohfTbk=uXgYd;_j19%kAKA}%g|ABs!A67lQ4EfXieP>74nP!Id}Wyh{wwds&3lM
zo;7npqDD%k>)+2G(?Pa#cz+*&gY1h-zVEU|B^Al`*wbkQFaK#U>A?NrD(|U7Yo}r;
za*>M#787vL8HC8=`J;3Mj9^cxU^ST56l_v?4A_L=-@iZDucMr>2>E(gHu4p~>V$-M
zm{>U`=YQz1!Q1g|ImU%%#cMdpJMOzO+y(cKgQT{TC5n)&OUYjs6$|CWC4u`O;IB*W
zjny!xjyo^CeTP0`8Mw(|V+X~Hv-$>H(V+2igE!~8iPAY^Mkbl|e1z(6;jW)O!{0s;
zjRsByU18Vqc=QmzmJtGZ{@PD^bqVO|FtXE^UnbvDT#YN@(NTTv3kYaQZbt{hUd&E9
z`zjf_Ud|Wumd86Ofxs|qL<mF`j7f`YQy8xNo)SF*_p|K*>1T;3H4Sfc>8zBgXa;G7
zzX;$OcihnOK-{2Bu68aLK0esV{*CaaSd!K0u??5Y$njXtve;dGy9HVUoJz_&k>Zzn
zVv9p!#1e~K)ddyHKWrK@FHl`4a%9>DL}mjSnaB4%vNqip!J;4@@AvlSboSSD{A>WI
znAZ6llF^U)-7E1yty%PYRRhgU-Y%mL6P}noAu4tCT=T`ET>Ap3CpV&@Gn^+lr_mb_
z7N<J8HSC;<qzA}DCLb)a*~TqrR$-UlVwh6kX}WA`o+KyO4<I2LoQ%AvIh?ERLJn3Z
ze;#w4c9<CEb*oaG>N>))ZaY8_g*5v@qBr&>myW2vT(OBl^hMXCwdrtSAKL&P;~&$%
zv_7c^ikXw<Ay!}DWbM({rj+$;KSGx8fZm-Rfyn)Ly!#~6H;wbcXiYxvD2$-9kI3ZD
z5ZVr;t1H^#d+eAZsIDln13B3d&u)mzVTUSSuvTTw{=fQd9*b%=lT@}|fvq|R%Ao@W
zcHe=Pji&GYUZQw4n`-BRNy#UP+x6#B5sNpzKt8|WsKv@BfXma+D@DcH!>71)CgC!?
z@rj*!=Be9uYZEj1C8m3R&x%*`c|K~<YBJK(Z$967Ie)7!KjVC*nF7}O|EI_IsSNX3
zKJgo>Qk{EN<58`#Sw}CzG^IO4RU>L^5+W9vl@%l$wHy2GtW2OqU@*}~e7YPKmK4fg
zfI<t9sOoD?3^WQ{G^}%P^EW2W;y*oeiIkVT<bEGjB0$F8fNIR5vGwrq&hN{<L+qrb
zJCuPmzfq$2*WfYUmo=9CNB?x8L}#cp$7#-YsoG;dExr2nuuml@U^U{PnoH(MLfv)z
znrM7#Tt>PM6aQWG%kGg6yeu;1Mq_w2B^ipT$G-}k(jrhqqCguAbbs7ZY_nN*qZZYp
zK%xwE+dTuOkjdx@Prvg9*Ee<M@r%uMQU@a1F$ubg14n0g2RE&WhqxUS3D1l&o;r$Q
z8=EQ$5*EW`HTnivh0UH{!Ny-BugYd>#Z>m=7XQ$y{n>`d^jmcJ(}^npr>Y60I+U4}
z4|Ko$w$loRt9&J@S<U@C`fa}2({J}X;k}AHR%t5MxgON3JjpM{mo19JTPGOq0VJvs
zs^mEIrSs^B>tfh;GsdE%_!OgFL;((=Agam#qE%rt?{I!!O#!~40M*c<sh4~?_cp>Z
zu}YXy1@1EK&ZwRxL40W)&f6+&<=owv4GFqwf*qvf!1GB|OUfVRJe!LFO#}+qoC+hJ
zB07nH8k7Db$0Vt7V{odm#CC`=6!J>c*kOvbF^e`lfMm8v&vkyt6a!@Ii|aI5O}mk6
z|E@*)m-Du{677K_w35RAnyoke<nz@y7I+d1Bu&e&PJ6>}Zvrr}jfh%&NYxun5;0U6
z?Pa8f)XIHZsTp&7VdgggQ08EMKEKa8Jh>un@_eF#!1<+G4w^~;)e1lYk?*)B#*C-m
z?H=Pj$H}wK@8ubxcWP9I+V5#oFkU4k&MwDJ?_BWtRo3$%*rlP^zPC7BhGGC(^Kk5#
zy3CrmMVM_`vfgaeBDn$RyiM5#JU)YL)fav3>Gv@9LTOl^%;b}j9IJeO_s|rvXr_Sk
zHU<A&uo$gSoCs7Col1KP7mG6+IFhsg5?M%hJeQN0_zKhoTbV-udAm?Rp$U~I?~q!}
zKTy-wojYNnLIz>xz6nIE@AuFcgNkR3aBp~Dc5l5iO0W?MNH|=J0<AoO+0$~4>d{Lb
zd9vy~BpFW%US*J|TKyf6=fZ?-sfF8n`49!k#*<d<NGY-OZLHq98|8r!MQc+bYhXKv
z{A4<+aA+;3#Qyjbo3b<skcS<I;AY?JqCpFdkcaZf5o$B0+v({=*0v-ud&+ZUGA)x{
zuGm320t_OZYm?COHY=Kj)qZYym0`p7<)MrZ8g!nTTD|o~X$=GZx~(Br=SNf+S~ZG*
z8kUg#Pbh+%d}_JYk#nt_h3XbW?>4oAyYf?oJpG*we)s-L1s37Wq_Ehqsn>mbH_1jb
zb1?$3NVR}J(lGCjo<1E>dFE9q-j>z@@<5sZyvm`iyZXcMAwexTi?2G`Qz;XqQBw+@
z;!O6#oV=)s?>FI-eki;l3N3H>$KU1GSJ{twMKFbF(56%|4OB>Lg6n^9deSkD=co?i
z3qNSnb{J?PPtug6)@l3}@%&jMuVbKTZJjhTRjh4uprQ#B(`ZDQ4A4;EJk;ssIxmgz
zz3T%`ID_ug`hapUstX4U`YP1)-r1wzL$qkA-==cVGUDFPN(l#Au?ad#2}9*FI{Hd)
zC*f@nC&#EQBAr|;)!ePBZ@px~d|$qz3?K0s^j`i>CFz|NT$n`CL!IZ=tqY&n(Z3E{
zC>Jc0a05;0G1NOGrh14U>E=##w!P2IO;LN5eOI!HUK?9CsQGY3@=Ts`%~nH&poyd#
zo?zLJF6C-F)ZFwRI1^d~7;RtB!Pe-o0-t#b*9r-^T+M?Rm_EQdY@&z<@Xjt`iby9J
zuBQYNoHZ!=viLri%PD$Fpoz}JQ;7`uFlx%HiVo(i6#VrsIBv>@RG%AZ{~v1IWUx^)
z;{Na|mGiw6mM}G7U{L#lA9(jSbnTpLLO9(f{yW(N8In_ZKZfoP=E2<)+#0s-*@8|_
zH12o`?%ng#$wBc=0Ce?nF#ei6oeYUw7R&O2e2^TeoeCi2Id<ud_=qcU8}tJ3M7*7&
z@?4-IL`9iIDeA}9&XxTp$+FUz;&dAA(CF7)9o9PYLPm6*cC3bqURSI)!`g3mar2!v
z*A65&kIhP?9nD^vW*vF|br@qnzpf77#EW%0slE|lWgD3$Tp{f_q@Uz>`XZ;01I%nf
z|E;udFBTL1lYDAY3E?rmQVIPhIkkGQ=z~GX^&i{<O$YFwmH&p+^?XE<N~I;8?4IXb
zMBGXRPu=hy;WET^Lwat%T-6S^MuF#W#WtX=_*9j)u~5jX!77>jw?ur!KS1(PBL8oV
zofZ;g-C*>;f5?ARmd1EPl>Q9~{&sC8gPDrdVQ`4l$a-2P`G}2)|NS$ADBnKnY}+t-
zNB$dhHS-Txau_Y0fbkDledyAh$&W7X2hJtusr@+{sQC}5aD+3Wl>hcvlrbJ73YA=7
zj(+w{H3E#59&6fz*jYaiWwa01W;XCGI^Z8M{N1jtKj1gXq?ehhnDUR)aPgbBkh!<W
zR#ph-&(?1w8p{w!k8n2bK1(Lve;FAuQ4c~B)k-ZxB<H12v=uk5Q9<c)5^q@wtit(|
zscjLiSgtZv8uzj7g8r-N<9HY(4;?7_80lr|Ybgm0M;{jC@Gqr=5x)E~CQ&T{6`E4l
zVc-d?f8}lOax)b^rEeE{E(V!sQN!Z$D*~An+OmZ<<|As0KmmJ%U&q}9edkoN?2ab<
z1v{qDSO3DZ_?`#<I{&=%UrbT47oQR(Ir+fq_B<#9sf-1@KD6R;I1#e+sqj*k8u&mR
zI-%{L$gsHd^U|`ep!hUsD9rqaeQ17YUcg!gd;PCD7vMpKyt@ebzxt`m+*si12UL;n
z<qYS}UsEofz@V&8B5Z|vv<mJbFWXjy`*_({BYYrlvRTMfSLEDfLl|Vs2$B~t2VpM(
z7LsUhxk^mG!eMW$#?`i+va#Zv5kYGtO$MVj7^RGl(-7z8$eBwS#L~b(xo7DEue(yn
zHzlCVsNF}AbXgijw@K?ygm486Hx)aIxlTWI@M<Y|U6zLy&6a6S<TOkWab-&FX5ItR
zW@IPdGL_N|=fyoVY$7Uj<tjWS%>wE1;2d^U6TvPm!Rwptg@!T2x`!KAaR%!~cFJ(O
zk8@8Vw1F(GlcKhK^itgWlZfG{2@@V)fY{4?U+CDc;~p_8vw>sn7F<EO&Ch+vrE999
z1&J1jc{9jr**HmAF62|6GJ5v*Aa3KKzynqQTNWx#gp<U<5>@(Y`kaWy@agr@Gt-!f
zCMq-ve}+U<&F_9Xc5RP+SK9<*P!B7v32P5-g$jMbhmyQ+ropvm95)HFg#~|T9f#f4
zKuL%jXy)t~#|o_!z_toDudx;&Ke~Y~Ix9)FwI%G~-}qRgP*9|6HX#CEUfmbh)UqT+
z_}FJj44Y_#ohrsmUSe~WKl%CN?5VOvsq#e`lXND|k_;%ge2S%sd0-6}Fz3bIn-Ynd
z;*rnj+h%}1GMHeHHP6ZT6kA{joxXQzA(7@MkcPul6kQl*qp)V=GbC%YAdb}#0TMfD
z{-xK$B~~}_re78q93CfoSPNOIO^xjDfMXiN>m)0UbPYBRS(3GHye@wpUG}XzwvNI2
z+G~agh%NcTb(^25jmm>;#rd6jWQ#;z+L$eeL-cWG^l)N$n=dkG7qL^<O26EJ_bO`t
z$e)<Yb!mOOr#tbg2D<Q{9Pu$M5)@jT+RN@Ps)yRsodzvHI;(+kWQ$)~W&^Ze<4w0^
z4$5)$EFZNvVCWnUoxQ>m7BHqZ6wZ$ZJm>K=dDJ!jX2)44$hrw9OzhsW_wOSBR)VOB
znVKj)n<%ZjNv53}SWOi4gWdl{g#9@I*sX$uRY<3|`asJe)WoJjSn{qE>?h@62Gfww
z)5vKr<zX58;8cD@W_JzAL{I21Wn}!<(vuWe_0?^XWPa*nCY&>}CyQjBy@R>XPy5-{
zO+&Im1Kg|eU#YKC1FHQvxGKxzc|-B#Oxd_E-ZtV$nqfU!_3^2QcqG78qwh^?m$w_0
zh8ZeVi-5#x%Jv6;m5}QPsR9Qlu!fVU^p+ufSjt$_3F^}c95cgKJ#zq0Hv`84u$^l$
zO?1hFIpn4k2zLc90P((sZ$-6c)pePe=4q(=*>YW~@oWox#lV^V$ko2(L1a$=CpdY(
zB>LE?Y{qoFhje++**(bdikk3m9l}C8BsFqi-lo$II;r188@k>?uhFR!08V^Hrasmn
zv$0pnN2H&F_#(<av-aOqKWsmGls!WZp3QS#@|IuGZUJPHS<#o9gZDTXH}uS+IjRn#
zUxni@H*chUjgbH=ZxC~mKko7$jr&cI+j8djO1I{3^M4ZypCl4z5E8%55lcCJ{wjP%
zWYvxU;msik-XocJZWl25-1N2yULID61h7FG5-d9O0k^%^RU7>pP{#k>B0AfW4~?Q~
z|4OkqnBF|ZLJp<q9b?=A_TS?-P@*^uukp|5{=&7@B0pf~Z=fLvG+l2?TQ2rj`f$Sq
z+~?n6|3KR@^AKgL$6R^+Vdkjd$Z+Dr6VV@;R!3L*H-Q5`B&_A8o|PEkr%32}J$}Xq
z;!yq9P#KGUJ=C#qwwLp5GIowwcEQ+ggiWOP7*taf!I<<tBWv$|qEY1#Nik?Ybwx`=
zSYK?3@zfIE1ReB3+(UqIT8O5wPX&MSnVz~W`Ia4K`m(uRtS_mzIrdsR=+BTGCP%qO
zGCL6N#q+nic|60EksAUdd%{D2$?q<;6p`c5=}1Tv;jr4O5vhW0EU>_{wi6Y*;Zzbc
zN&U-A&!GykH#%hp2c$<&895Dul7$SsQ0Nm0{!u*8G|Zph(Ea=RaZwWRE<7UlPDm0U
zhDmue)hWgG4V2J+B`OItl<cP|xmN|>s$vj=xIh_hqE^l(zi@&kB!Rh#8Ta~hh|7!L
z9N*hk4|)Y$roWw>?TGKn1H_QZ6OMxn_eJy$+CKO`eGRe<@V<Dy+IiA}c&s1gcz)bk
z_%qT1U?Z2;;nm=du3W8CU=m@9s$31+>c!;t{8qyGlG%2Bq6+1c9G(ID5hC<KeoA9d
z&ymZ(VN232KX;=$&c4gzYnmBLOgi2mu<nVndlQ<pNSQpHBCUplIKx0o<qzW5>`<r2
z!FM-7Z~K65;W)xwm^`%?NeyVaN%h<(GjE)nnZ2-VjhCFE2{2^->-V*e)Imv@zweH9
zG5ek0lHtT3iB5eZTk^=mQxS|u&T0O*T>5d=u}#T<lWava4c0-Sg&!8HQMS;|Y=kr1
zzU>ut-iP$n*6-XI`Urz2UTL}K<68(31bpR(tvLsO-uFFKzsKJr?5E6i5hv*Tef2>C
zPA0*gvwzvr*yp;!g*&Mjr`r;}m=W$?M#>XBWeRa#!Oo~iYM(t73!d^o9-eAa9}d+*
zuC^vH8<hmDSjJO~5lc85@;gnQZg<@Uek+HORH_lU|0{$K(#vASx!hY0`WL-X7clPo
z$a0u?pkqb@dj{0e`G2E=70N%K{(ZAd4ZM-Tj`2|GX1Wvqb}8j-7rao8s?XLM8bfs(
zkKN~~!IL!!zzb)S1$7Zhvv&z4Y6~XaC0?l85+u3Ya`yATeByq5_zYPs^6Vph4W}qr
z@{xEqx#Nj3Z}(-oK$FF+ha<~4hR&LHl(3vTOEu_)L1#dG%o;p6?VB|h)?=H_0iUpj
z)=uwPcc!7Zsviq|`|(cgy+%Nlgk1)Tc|6_PAIJ|21Ozhx${<$5jIQ_?A^3p<nLMs<
z#T=o20IM{HvKGR!1tWx#Kg!m;uGH&*$8^Bwy}I93ta8<awsR~@v(C54r^|2#L3A-V
zeoQb|^X6aw{%ZdL_zZ$#7}GBg)U8y4cp_F$aL@lVe^xy^qH@lZVCn4`UeQ?PDVtkA
z_FeI1=qJ3@DL?u174k0U&ya%G*bsisyX#6r#XmzvWw;rSiXlx8!m0tng(IH9*LPl9
z;pdS0KR{8E7*bJ8d%y77D^l>e%YOf{W4A(rJ94$GUg8|Rsr$_|GV~qJ@8i=2WN0W5
znH<A%;&gkHwjn@!?DV>F!v(mX^%~`x%F?5KgZ9`nJ+Mask>x(}#A4zq`rpr$eLsoC
z2_%~nKyJQ`@!}*B-zM!Bzw{n|5zG|dc+~?DL?2f&9XOc@-Aiv>Ak`U;@Fu+i(7)?v
z8j~0EV2RiBgA_yW&l{lr27x>U%vGwXc^_SgW=blUYv6i<?&|2~$X2sNMB+pK-txZ+
zighn4O84&+tT42(y5wh1DwBJu=O13wH%gEA;oZ35NI88%HhJl^;p#X*S=#?NTNu0;
z{q&&sDpdT$tNbM1KQ^jkgZM5zL2hxar}7$Z9c=!`Bq+iGKj`cxmcNVUB01oT(ZwOk
zi@0>QlmD8R6|MJE4#aH!Y9LI?E}!#enCuLJpFH}hqUv+t=i?u%bi=-lY}gJ&-v$0W
z!%~g|$=6ch&QZV4GM!yJ=|SE~R3?$w+~jIPSPeyt1IboUY%4`7#cU~d?2r2<ktBC{
z7fJQ}7tM?^)d46M&B=gG=biG=R_da60h_*62^MlnJQJn3I!`s8H^1LO2$Fx>S?yv1
z3dtiDCt@%Gm10;mxter1@+x$M{J9T}vvWnpjj7&&sQS&QE}{h94K|!6{pN+T%eIE|
zzlxON50xo3vcc?+ANTPN1uRkACKx-ZCE62AxdT47nf2mAN#dTiE|^8NK_zi!7T<Oh
z7zcc??;deq$EnBB-L*@c(f9KZl4;~>WrFJ>d;Opa<jIPe_wyY>JSz)Ll<GjFGHkSE
zSpl>9XMlCdm!T?a7vkB@SyXhr1M02I3W%G!*Df`M3lr>0BN+3Y87%&dBK6~F<W2i&
z>A=$$+vDL4jchOHDgp%G-@@pUhC`25%&%K~i=k}|r09zEdA9Rg40M9*zTCCYD&Cr+
zZ$ojUE6|?51WoI>#L<WkV{ERtw+r{G;gS=EoK|lJ6gaY#YArs*aq)%N?J5emdRnzk
z5$}ZZF5taC@!Vx=hlf4A^w_!fhc*lH88&DwqMM9r5<tg=34i(St6$hIg=K&2fEEbD
zyLiv3*5HoI@Rj|@8|d%Kld!V&Z!o_E`V9iFi+20I2PTycB|1Z;<}cG_yd7)&-Mh3!
zOT6ik0g9<}O?NH0*QqiKO<tWgkd@irO?S065Xx8DdjIt=N3AunNiX*=2Y+W`lb8Q!
z05L4y#&oq~DjfL*^N!?x=Ox*}h5BiSd6m3c)5Xs7HGX1GH*w+2QE6p`XB)+q(l(!@
znmD6)c7nbCGizOU>g)|_vRtvr1_ayfk5YnOK9co6%EI$-2zFlo_{fs%ZcsHj_QJ&o
zQ_=WH*Div_Lxk!nb+895o45~O>vq&)kP<ma>vH5rGQvrx`J~7j#8R9K6?)I~40P)=
z`fT0o(Ndh!OL?wT7t^}T&1ILjg-2-E<Zbso!NLL|3BAnYuIt12J4Rf<8_T5Isd-$~
zx=j}FlP-;@E6@B7#XHE<J<e<OtTg-5^DsYoz<tVZ*$UAH>z^+vwHex3UghMp*<R(q
zdSJCx@{nY%qeK^Pc)=uP;@;6G6O+Yzq?J~4UK!V4|2{M2<Kl}<{eX+GV-vn+f@YY<
z9Ja)OPY6J&T>xFn)Cg?3uQ&Er=5-0K-^cRLr-uHvkjU(A>_z72lL~Ex)VTl$P7(A@
zZ_HgVl9rA94;9nqMyBG2<38n934FR~h0L|mh{~tV8~G=&kCOf^GY^ks_xfmpEgR?r
zXLyeKwEY?hp8nxSyxMx(yAEd{`}?WqPamgd8SyonCTXkknbWSJ`yl9EWJ%}UC7^yU
zayJcn3CvJ|!;r^HI@2$KFJlA>K1o4eR_v@28XFeP5DHfjgZm_}CZLJp(jjv*hUW-b
zt1}x|vz_sp3O*eOnMgbI+jP#Tw;tkfV$5$wEP8c;wZ=i#i>W9OR8+`SC_eUk7MfdU
z`$f~l;{UTjs#pCA`oQ4qP;*vdC4)~HG@r+%i)sk4ui0>;W!MO?^H^SKH38^5ex!6!
z6++#l#qesAH7-nI;rn!tG~_uN;QaWpr!5wFTX@KC`XJL&xX0Vv;W3L%R?)hp)mlUR
zk)0q`9)0F{@OxsbwH~_?j`}*<#=BR8P+7T-HEY5^>ef6_hkIO4ioZ2ttIuRydR8wQ
zI8P8QJ=+$nrP;fc5mF^R+t3g3kM95ex2+$-^GYkEC^hTYvi$cb?53}-OrgX5rqfqv
z{SdL&%hV$+cc>@`l#tS}-m`(COVQJ?4p~1(mwra1AN+1}LkpRswVmdc>{%jE%I6<y
zvKI6Ln#^FgT6-^(J_oR78BQpzHCeZr08O5-zmgqranv=@b|uLNIbHU)r`waj+{dk2
z_S3N@SU^838)l@tIhy9_^GlE?OOXGZi?iOW=0)o2e~lnPvJRlrSMX&`$IkjTcITLJ
zR<2osF%l5!;?XLcnR<g8cbZ!Q`KlmS#jAM2<{*@cWT<exK7kM|iloIxTcyLK^}&&i
z_KT4`9A>;{E4jr9hFO?4n*7+_r#ko_lCC-~j^61PEpoV1v{>;w+={ywcemm$#qDr+
zm*VbHtZ=x~;_guNC|dNr=lA}T$tII*c0ZBXotf|GIXuLsJabHnu5*Y_a=5X}x%W7*
z|8YC`YVGpHkwMUCLZ;1f?8^iSO?s529O_w-Jb0~X|CeRh(8PR`#U5PpH`2?Az7*XE
zKZ~A8G9ziej#v{#m(v+)*NQbjV!=nHqtSor%Z+|!6|L?A&6Z{rbh+=JhgZQr%ms=(
z1p2Si<NDkDN<5<iJ<ZSbf>L3=6(jK3PH5G~bbRaz3@oxlxxSw?vn-FEWdwGX+(SUa
zaS*;CYE_}Dez@s=&Typ+vT=5XFg7BxkTlvXPfSP#9x^)vvEA>#s?sB(AOY@S_zyj@
zeiB^qDpqfc#XAqOqZ__J=U;vl=VRb%-IiPt=*qSN`%e0ZSWii#UuayeaXrs8miyCw
zE4t8#c3sTo6XGmxa&3;b@D)8i8JXo`?2#M)X+T=ozGj`i25v25ng^=9YtuPyYO2K=
z-6z9jhm67!I!=uW0)S2S5TkDzoso#)w74-ARVq-|ZVW_bvE@1dKA^4RFdaLD9iUp+
zzqArN#>41xw6j`t<SIIo2Q}$gR=USapiD4m^g$%L>3y@q@=9$Swk!GT5Zp_P>yYHk
z8I+`gq>jQth7|_d#2Nj?Xmt6%`WSM$N|Cy(4B%cZ_4+z`i@J0?2@%-;SW@vN?l4a)
zFM@_23hRn$B3azeip?8}xLK3KV`$e_$>6cGh8my~{nzs<D8}YHNql-2PPr%xkxe_l
z=!29-xLvK}<gvqA+Eu*)2zMC$S3A~yWV6ADBL){{xmJs7tz<bn)XRE0Voo}XczwBH
z-S%V)o%ZA!|A-buw}8~+F&>)wF1b5@`VC2_v?z0q!S>SgM{u37f=*ZZe|o>*n_qeZ
zm8~Dyb<DnHW^#B-*V44;FeG^+lDEardXaa!mWyjMzfI|;tK2c#ZPwl*KKPUGjCg$X
zVzT;7ZQC=N_vrR{C*yWK%k76@{<}~ShLQj_*YXp4s`+&)*K$X<#3C{a1k<0$NrK#y
zL!NjBo$7)-*gTHdGS>?BwD_x^;t%`!l7Ln;)}5$Y7xO9~P}_N;*DK3%P%wB7#`6ZO
z3T?%jT+7p)KC-ORx|Ux!eO%vw(T_ZMRgQ$6>X#1mv0E&z#YXxx=9ghpK(}&n^h8;q
zO~qx_ovNA?=XPGmr0U8U!#0II{d24CzOo!27z)t0lAi;JCjpYOKAIYou1AfKgguhf
ztur#xtJC=!O(z)Ob6)X<LZ!izc}#Vy^a`DL37jaD7NdiEfPo_tCNJ9sTM}&T+C|p`
zWjd%M$A7h1BphB$62Vsc(p8*>A74_$yfdkP7v9yShm0qG_Bz3qfpN8C!?(+pyi{9u
ztXxiyeRoO<q*dEv4U^WlxR?jQF}am9^-619XcVx9<?Bmc%=fc~k;AGqMoGCrqd{4M
z1bgh@-aRexd95Ttx*Z{nF=1(SBRumK2WHa=tt>&!FL7Unxb^DREBDBv5`G`lhQ;U)
z@qONs_iocXR3^|ANKJy%zR*~42-|k}=p{dp$aEktM9~umbkBil5lh!9y1pJ?IfOa2
zueg@mR-~^VZs5-^Sz}((f3FGdYsYzArpGPFc4FXKWy3A7a$=ZVW^*goW5(^*SH#81
zpo{8j!wcAAljT|yv+0mX%xn$?`bSLW$#1|135H3l1ZN1M%y?nvehq0z6ZBB#yS_6I
z3JNK4Ew{-_=e+VB7v#9|?*65!+hnc6`pKpMoW2P&^H*1t_@83YJhj#nR}VIH_22)~
zEc!+hG`W#Bq|B<gX4g%6JTmk7|44yeDW`q*ki5NP*<9oBwcS!4n9duJI$D!*zQAP@
zFe57Z%NC+?NZ2jl8!f`sTz+`=(XU&<LM3lYim&lM>J@jbmARsBjh2-5S<{QRXw{Ko
zu5DmEU#}%+@)Qlj5RfA;#1k=+-A$xZZPlM^R@<8|Z3^<~Yt3<X;O+19sI^iM5~jBB
z*4%AuzSCQ(7EooX0!HnnD<#*$5{l?dmiwSbrbJBmK?6^RijZEGg(R9)sw^pdoQXQA
zJ8ZOb7`?s6Hrk>|H(W?ixcg7%vT>jIuT#Tq#bc3TAojD_ipLSfz};s=^N#JT`=(Q?
zZnKrvZ2p)P%`XRr;XZi#788~7e}#E#m6{T~-ii5c<Usc*2JQ_8(>D<>d&2yDQCX&Q
zRL$9oNZ+o&ywpDIMVxP-pE*D$_8s+C^H|=URilB@p0K~_-KZHz%n>XA2h(je9M>%r
z(7tnp&&%jYTlf`k%C(MS1n6i%c1{oDeqsMNQt%?2*{zPmTvY43bNl35a09()FLkaG
z>BJUxO-6{DTw6v+4egpjfB1jN(0@t296+is7tTf>(Z%|UoS%Z4%ypfN+eIJiSnd-M
z*U|G@@+5ztm|NX{1*b>6<=4ivS-*W03jNbXD}bE%vjLHyrQVk+-Iz_J52NkzD&JrU
zrP(*=;n}jxryHaq$sBpB17f#-4*=6!M)9cDw5f3wpM(8N6e34F`Dc#)n)Oj;%600q
zZV9LWDTa;6@IxN^#1<XLh_8qpijBxn=6T<@4B%h3{wEhH(WjLvvTUVKX-ZIv9+cUD
zMy7<%Q~+O5=*2wY?8V>%0RXv5m>Td+5&9|^>GfTcU)<b;6c7EZPd5!}@-SrreNF8<
z*l4v`bOVM75O;qVbeVC~ymRGfap&;n{d=g)S0?L<(lC}{+RG4nKkgdj$zFCWL;chG
zA2H#+IW+zP$>!c1z83&T>I;(e26^{E5nIlPo3DL+ICBrua1MXOY4SgCgR|>F-Vsov
zw}~ni!^j;YG2~1B?$Eb3CI~$74?<JuG!vW+R?T>DKOo)&`Eu_n=x(;kPc_?A>MQc)
z+SI%ABu##S*dll0(0kig!rKH*{$5-OEh*&7%U|!#8#R5(ktJ?P740R28U+TsC_-gE
z)3;IQ>n4gUSw|kF9r6tJ5$?CP0U8~$mcibRn!V&B+aE>-c?QwZ{XIWQSXslkjr7uF
z9y#zYCbmCEYkyo^&+!Iknr^|ya_>`0XeVw&HmvFfySuxQoYp~ZBOq>=!+T~gjb(BF
zLL_)+#;YT@JL{W$fFsA#rlt3_A@U`@(bvJp*As-;%t35WRDTz5{Y?W?j*@AGaClT6
zPJ~qRlLoTWt95oO=OWiB{cn;B|G`1@hH@nSzvf^yO3tt>tJg2M=*Jc-hGXKla1N5V
z=)b!VR=bts)2|j&8YB#|;P=R@KSW0d!L3IN@=KRTN2^l{1$epcpE5GV?ilQP%lynK
z{ursApumA985zy*-?2&eZR(hnN%&^_G3l7Q5Tp5gc2e1FthE+x3-wP}7TrFDB1Fdx
zYnVSmtN>C&P`Cm=|1RQy$_mkuBcf=B40+GTFx?kvln5QQCuDzmrdcOY{lgJ3HW#w}
zp*ImK?&6PgI#!UM4RKa<HB^^yJ!l{s+&{^j_<6{|moabFh9`QMKBE>~T$%iB=Ye;z
zSvpY%)qyLcsNaCT%})zWRgJEd_*H1}$IOo-1MmeITyG^hDuVntE9K|9AdhytLvJ@F
zR(;g%_Q*n?LH=HJTszy}M;waz%&Y0Oe5I^S<N+N#89ToWkiQ4(C&a727c^q}%E|YB
zhEFCb*-To)hC(9P2Qb|t(3bD=Oa(-X<C(3Yjr#t1Pssb>na{181REVO(xj`T4xR7)
zwk2M}55%zgEi>_claQs0fgmm5bfjev!)Zr9c1pQqb#_8ELk#Z1A#kCZ(bG&*F5obh
z#(<R(T)80x=D8-`_Ff%;w|hW=qR`t7(C}yBQOHqFr=}CyZ<Qb3?YRyZ(OK^CMbKGV
zU^0Ff;b&nyT`qlo@L()uVeGLXI|8!H?y6ztk0e^j>+(<29UwDWmKcr;$ji%g8;-XS
zgy~ZM(pViN*xhBx9sycYggQN<iT}g?%5=Wht%xO@uruN#p4YL|){+Nt#a5@5pRz{D
zp4pE5lQ^M~-^a$SnVwqN5_f$<`cW@~tAN_Hmy4i^Ax$M+Bcmney2+E|kTW*NDO>&!
zEhMmlE3JbsQ2180?AP~vd@46Ov6zJG8#X#c%X2?4!L`)dw@=DD)%In7ZG<7l*Ces>
z<i?gvPUwo@7EQ!jw_NKKwE>L*BA|xe&+YED%|%Z7MeOjj=|<dLp{+EX7eZinXHfsB
z?Tl+c7|1s_LbRaz$ETF<3?n`PbaQ<MKN}*x6aD$=>hR3Bd)mozxun*%A^o+4J1r^y
z;@GMLZ+I=P1w0}9TZHBeHSI*is4CDK^Oll*L1eP-b?;Q+HiM3Pac__8G7JsLrz2?R
z63O7jU)|v3&8I^3&AIC_g7Nl^W~lBppc<7^LE*N*tTJ#`92^u5=uN6dH7zZD478~X
z+zJQu5TOxt>KfYu|62%wfo+MV|HP4xut1&jZ{q%y{zNBTm2dNW^=ze5r;aQZ9c`*r
zZwrsE_Vqu!#<+@JTO#3N6mM1ZmAq?fG~N<6=KG8g7)9?$L+-xjmTQv~y%G?CQgvxp
z>37`S4eZq4zQhoNS<QfDgFW&uA9xd^h3r@Ze<xhq8%W#iwn+hUh(LVTLmkzDAHqF?
z%%`HRbEz6H*v%f&uAc=TVK1RD_^jAIURY%MS|N&}GqdQ`44DQ*k9AxB>u2e2ukmM<
z+rHHmr5EcSwHGX$$JDecw-vR#xfl{KJK=_Jeazq7h*3n4<wkENb?C&mGKL9%!e!oT
z?41u%yu~T}K4V6c(43MF%bLIbTiGRR?x+%>bb#T%`92=he%7q?H;fDzo{HU(RsH;c
z|4}&4(7cM`6UqAu0s2i8b_R{d6goh2x^w8~%|*)w#)Gha<TVVQp9Gp~2a(zZc+UeR
zsS~^5`d1Uw2Tk5PTDhK#@43^}#*>?hEU)5Y)W!`Jh&?ma!1Ns@B|z%Z0z>)o<R;T(
z!|`p5umVVlzAll|kF+%f;yN}{=y^vlR5_Cjf^k*ms9`j&8c<0LDfln}+J}vt46>;}
z@{PsPIsP(pqITVerS?(UoVUG6c+<`|(`KWo6rhkU-~QL%{43{Hm)F?QRl5E^D@I6B
zX_<ajLon16>5o?1@R2*SQjRQ~fa6D-wY|?>8AOf;38jF((Kb0ga*`Z-$I?v>@ahC{
zY!j&7mAN)s_I=V6|5@aHuCbBMLxUwCG#$ie?dj~r+=#~P%_+7<a_J*y=Ab(a<v-$Y
zf-rB4L+P7h1YB=EU*#h)qqxgkd-u<M7dYI}vgLO97cEWjTCV?<{3$T5Dj)*oJ+thB
zk6ESii#u50PqA+o-Pqg_>@in4Rji3~r%ky2BxUH2EsGzkCT%;g@#LS7jc%E8{vzRV
z{xLO9oVlrpd3nw{C^r5zZ=CpnJ8vh$9huT-LT!S0v@f^cm%o{Zgf89D%qL7QCzd;%
zQ$wFEDLtG-R%aT!&tSRSX;^IF9o-bSLbl5U$*?o_)?{ti*27-<_jl)xM<2WK7Fn!y
zdUM6tMc|I-b1UnK@LEI!o(d{uXN&3IVWo3guv^cbD7~wyF{x+>>F=zs4+oZ(!||P>
zxnG}@yzWN)Yh>FRtqq%(cYR0U&hv7q&rJNS&SZ4t+$7GX36Cs2G?S;n3<>g!z$}rc
zVp?&{wmJBenV8MZW&9|U8?xkt+W)=j=9?Vq0546%l7c*T@4u@fo_a6&e~0Q9z5I;*
ze7bTE;UUZ<M*3qto4)4;Mwc#hJGUnH-;#xMUsl(8j7~fUkm(K{5O;E#MP@(;3a}pH
z4abf3<ryu<xDOPZ0d*`THC@R?ZH$&P78$7u%;=1C4C>>8^5dNR<$i)FmzrPHdl7&0
zdKr%;HYKb4^Tdw+|B|0P^%f6)rNmuzUu?(QLlv>z&H@a_pugpjkH*&3dzHVqb_hy!
zs{F(47SO_}Mb{ltbxpgOlKb-OYBbqyJj3MQAz?Lfc5PD`>?YD3*?;NwZ>Eet!Et!~
zWi$>sieVby#WEOz-Z9O!vE!FR4exRXGy%R^AYxuK<AWS5=}KM-H#dg<W-HAd`ZwJn
z=sgqiQI?I@mY=w3sap*{YQ6-mR@@9RQ{b@4S-@@TW&TOAB5Y&n=aeW`d5$%OmvKs7
zN_A3Co!Bv|eiZS)?z?)^-iob9H5^z-ol(oH7dBsh$~xZk=H}jmO-1>;r`Vm~m3g6Z
zzkXj-FGwk`L6*%o$VoLxRSjWpr|JiSZ}+(G8~xn2764B5R?wZ+GN=63Y|~-eot*zB
zpWIfrIX8qSe9-@TVF8e#t*}Mr6PZ|_ooW?BH#M;UnBk9P$HWz`p!dJ-m;B9}VGP0k
zA^mU&ZTmG(gN55tkN5JVh1cuzKnm`+3v-&*fi#$6gu3~PbUCptFCOOPw6#7RuKA*h
zaieT{{DwQ1EdIKZumpVW2KPUmScnQ{>10m$I<rFRS^)x=5r+;Xgr)vsWF><VY}l8v
z*{8$<OP~iRgOzox;mE8tc}jX-%{SrBxSS*-rJE{MLmki1TfpriXYjldD3$I2vySeY
zM~dvm5@$)atbx}zCR$y!fafR4`jv(7O%<aVU=+<CqULwj#gg(zN`fiGu2~4LnMn3J
zGYtWsL$9)fzO4DQ7mV`kKQW_6o>p#F^Tqv+8sai|H(h7V2f6CHbBD}$@2*}}IWj?o
z2TD;w?k`K>&SmUS{DiH&JMwkGX9TQ1iVw+!FUiN;9blWpEo9_N48SzjR*MhTHKI+C
z&7aQ}a(PP~DZ~wBU_Lm~*5INc<V`yB<{%?9uF&R3nmMm8N+E5Z(1}}ui!PCo9i$1J
zy%8W8A2P$|pII$UjB#2Dxi0_UR<28fXXD^2N2I}yAEdt1CdaRlG4f3{TPn>}(0w2w
zw6}1^Jae*3UD;rC8mmLuRGAh3B{X%>+mN*LER9TaUi)_Jc;s6ge%eIkZryfbq^rh@
zyP<OPgSzxvThb0{hOGyi3@gzsYIBE1Al)}4X_OkZ9O4ij5OL_^Atq)SVL)vnmh=Am
zC{sh4FhY6<GuiFY`)_?}=;SIxH;+&h6N@k%>1pE2U;)kW!pD)W5nsRTy)Sl8-<9|&
zZkt2|tOEB9R@N51dXwIxxU`nY1m@Z(-_bjn5x2`J-tBLK-}AA&2Zf&eRstmOpw^2>
z{)=ouXe-on<CJ)?LN-^ir|>0)Dv5|5dK3{}mlIyY<&Zqu6Hbnx4q!U#V4BsMI$G(p
z>H-5*Kr=0zZvmVTrRiredkX6Jy*lzb>iWvb-{`UgKZ%h5;79<yI|`^tt)(_jbXmo>
zGbY}G5)J;$;^&1dba;anUG$-*mdK&k8ZibbC5||1zZ`KKjjpC>XG~kewY$^$ooOUs
zok@SHC*C;>^kvW$goSWMUN!r#^);!LT{0I{Wl$QI+s|y;S~YkJx2)gEWJMl>w3UAe
z!LIs}Yg&xT<QXeJ+$RaaIQqn~5{`nOAPcl#bCNw5IYM}7$C7kpbmrn&0s3t~K1!bU
z%fiVR=P6;~3K}kt=*(a;pf%OPyhf>*V0&dW;`1URKwF*QWge-}iu(^rvo#*qo6eTk
zDQ?Ra`@5Mo;QGcu;l_`5HEZJyuFRn@9h?f=yM%U*=hn1f5~5(OHDXdHa}y*sc>Okz
zUvHf5g)Rq`rkc5%jfrT?kAcs>J&~b(Kl$Kbf~@2w16h_?HS3FvNkjD}EX0^5rTZ81
z!%JhOc;g4M5UtO5t@<A4);Z%2)}Na5bggq}fiTN(LFrXTYnz@txsyGDTMgyU0&OO(
zOXu_N9ju8v@~HhnF*2zgFd3uW+BqkA7>B`WoQeH^0MV>uLx1L3ts{N=t(c`@Xr^7~
zFFJi2hnCYt$i3^+4c3Cq7f4Umf)I(<@7@)`+vI>DFW{+BLkT(HN{~1<?JwW3O_l~T
z=HA4H4tUL=kYA3aAz$^WQ;^u|9NX6T$B$HI?>eRPz~z4D7|vs3W-MMS*9tX5)}l!|
z8@H5Y;8@Y1GPqa}DS|W_f+!d<El6VK#lcs;zwF5^$E#Yx$@j-c?kt-2<&QG>PqMp$
z)MH!T&5R(4<D~^~z_zo;VjV;zr9{CP9kC_!nw~UxvOpwcdudkDr~vhrxQfiR-UHbX
zNxT^Xr1SL72r>k3G|7JPMIg!9N9{xZv4OdhA;2N(jp>~XLx6}g=9l_?ppwhzJ{ci>
zV@9&Xu_HLS3n?Ni8sTt_&wXVou_LEn)_D)8<)Tx;7dCUG{+;$t8lm5G(-Evf7hxGK
zQI!W-*#MODy|=DizqBKa@Q8-6Oq;sk3bOD&oS8bG;gGd4V!l5kQ@aP!o|^*U*GC>3
z?P~fog_`&i=;UhrB>K(QD8O;aBm5a4mWC_n@<dP%V0aIOmjbUwC0ocJ&3h>^zI_iq
z#FMk_XFG<}tNKw7pwTxg4TeO-4!P-hR<aN7fJNjW0#F#E+@I98?HM9E{8PaQ_a%Qo
zl6Yh9@WsF}@g=Q7sG5ch#H|Y7=GRnA?e4yi>lb>_P;aiY6AS+nkMz1i2d5YVA10G`
zTh~Tr{R*(zb)zzJBfO_bQLlK;&6gVzVlwD|;*wU<(pgK=x~Z&?R!_5AxL#3=e4}u*
zxQ86wgK{?*y1NnYRO#;VY7*{2LaQSdVRto^hi6up7P(?cAH_4ClZ%!!0MfR3>snSy
z4|ej7<S^Olql>h8RPHmK1Vg+*@ddLsr`4w$*s(3VnMpOr>o?Yr{oTul`;m_5o({2A
zA*9i`SmZ5vhcf<Eee>9FIYy?!ly@!#&E0_o+;grC_+lJo`gY6=zVF?I^hyE**Jhw+
z%%HQO1^f}IS?;r2(iqdr&Vr(+0O7L*M4gD?I@7lr|2k8rLVCk2gYFBt{3p`22>+7+
z@YvH(gMtZ`=J@SO#0%iV9p}H0o6=%71@4l0NOCMuoRmoZ){L{KNa(d^*bCBFw{~fp
ztAL*^FLP8W4^I5vp8&ATQ~2Je@7qo1DI?kMi3hNN#1VGQ+9e0!OIqyUKZxghw4SoA
z#LhuQGjRRX;x5OTj(ZJv?;uRmJErH|i%<b81j_j@^~1Rmt~GC4Fx1aw`|TqH052BM
z2BA6l?mdYfnZ@i6YXp5PjvA5CZHUWqs(s-$HTXG#csbX8`&<IxM20&~O#=MDJU8{{
z1pzl3?SSuF<PMY?nNJJ-KSL-Sr499x(=)<^uPB6ErDR^&nRrHgSg4WHG;kyQAQ2vE
zxRJl$nd5CeLyn7RN*_!09D1+ncmcQ8+(M5y4-F@Jje~m$Kp(joP?fhnE8NocBvXY}
zrXJ@guq_MNDQ?V(|Dcy?P+m{6>Nm9w=~qk<{KpO9HC9ORHOyK+?NoA9=bWof>ocu*
zi2Ldaf2PW*O(mN!Mu1X`-->F`E$#C9bt>H3Wee#3EFH=F^a1>J3;3Xzxa&i1WfBqY
z{YAdJLTJ!#$sls+5-3psG3aK4KZ`qLOPJ;4$?(oGnAgH?DRX)4WexK#ps>pH(TViB
z140@h0AaF8{Q6-W@VHEvcTTEz&R^_HFUHL<8o*wH^A)CS17Y3fQ?EK(gojezdi4IT
z)R51ulc|?Z0lBG;k0c+<f11Jz%+m)Puv0<>pNAy5>43Gt^)4B+KFZY7H421MhB){3
zEJv2&b`y?c0ggu3wxZV+_vo!Ad^EGdJGE&2ixr*1jqv#F-lxzcV=|#HW4Lv*cs21Y
zVQyd5_Q)3W(7y7JTj~U+_IC=646{)FMDdtpNHdR%yXLKTIY96}`UFXk8F~lypTNFh
zg&jDY@10lL0oT0*2*gG4!yPC;ke$sHKtX)N&|Q7upjxEm{`9seY1cZq^)k%W^}}7I
z=<6z6OUj=dBgEnfQE;h0DXR8id<h^)a&?3b4e|k0qml9nm-zfI#S_Tn=Es4t{r|Xz
z{ogHB(Qq_rNVR#m<i7QO0tFRNn(MeJ0=88~hy(bBO$_Xz<8aSXa=()lnrWx6GE&Qa
zx*!+q0j6mh@8I@7--w$kZR;@Xp?TR`UKVMMkmykm!3v{Zi^VqC*Ae15Zv^X%I{ZJ#
zpOEA}Zgd0@@K*$W%iY=AgMC`VbCT&CecRde&owQVYZMOLVOyVdAQ`AuPlD9$PqcGS
zIS1D;*c=EF02~~wzwPlsxL0UV&rD?|=4b`_gYc^4&NWj8_-`we!y^s~jV=%+vha%k
zEBm<Al|BE8D4`$o(MheTm@in}57uXCEh?$gYy%!Zg0JMYqy~NVCmbeUg}P`k4<f5E
zKSGQOkVU8;rrv81_ha%2+1W;IRH6mt(U*O1YE?@0N#41Ui)vw+3|e9YM=(f<I6uAe
zs<8rH(kVxttXpvI&Rw#DmC>IZU9yW_zaqno!dCAy%1JzP3GZ0P65|Rdddu5!?#SK2
zMGqv7TS$Xn(hnRAFuz%r8(h&SlD|iL%RTk$4vc6M?>@99CN03(RT6*z4*~y8gQ2H;
z03?)Cyc_5dHY_zuXH*K~V#@-I!S*#|c$TKxiI<kkT!n6uXgy>iC!g-O&y1UcieS_%
z@otGMfG_92XN73(M;3`$UFuB$-Da%Npdj_o2lsT-ZCy5_AMd&r78iV_Qe1sT*ynwU
z?AbO?yzAS}&#Hv(Ss-W41FEzQ5lo%FBka>0XZ+ROd$u0wHUm~6ZS0#@MuIyDy&@CN
z*DRsUUNT;nnMKNvqsj6yPaK<XFw`INm;!SYK89}dXMS*p8(=t(zWyd&C6$ZBAiI8-
zJm5T>>oU)rI558dpJ7Xv*Nt6OdM@80<yH9mmiGJEO*cT-OcX`(PsOx#!?9X70Pi%T
zHg0jnlO;CS<uu%TSJkB%&RL%wd2#&PZ9oPyV_<&Ky3YYQWS!V9O@QcMQP1D_?$9;v
zwDHvOthSRg$~iH2+jSps+mTP=H1<}-noqvzsSonrMw!oT%|dIl2InvSp~XCMf5FH)
z|8My_b3VxBI7geU!Bg|Lgd?k4E2lc|efO%ZL1ETWbr>2li3X*)hHLyWMe2kpL@V<e
z^Nrz!<i}*s+V30x0eNCfxgxm2or;vN!rXp32?`DfpzUZ|fmkNYobTk_i2_OnvVS%z
zyWhPOem8uu(*<akK>uehdaw--LC=6H5P0;}BC=My?M;z~LoL~WVMZoFGWU!>l@~~w
zO4um;=Q>rhY(jY4(PkgvCFYTk?=J97mXW}(&m*ynKfQ>E>!6e|W$$X)IJkO8P5kI0
zqhe(8_I3bl=KwZl22%NMceecW?Um1Z?kmGFfK$GxqjTfNUXJ2UJ(*4ESu}dSLxp`~
zHjZcKq<-BW88F}|3-pC8GCOJ9Cqcb#-UtJ;PcCxZyu8}ZBy0AUQ)3y#0>);}b)%h@
zmYZ|G#nEUL{%&G9SmF9|O4msmn>{?>HnX87sM}jqmOat!bg_fZ_E{qKO}>J|i%tsX
z9X7LD5Cdtn!ou}4h+!cMO^fy|!QvStetelEgoj2}nJ&6vNOE9%L_^b^Ct@7J*Um{O
zlmiQ09clSHv9``}W+t<3DYI?=+P_@k{=hVR_G2`OZ31eeC1!w&HZiOh#?5eMKzSX?
z)vq+~KR%K7jy2fzi<;nU?M`n&#N}KaZB_ETR0W}gPjakzF}&3MeP462>nAk9gVo~Q
zQraZKJ>%OcY(u^QX*&hg;zC#+7o-0zLT4D$EjPHr&Y=4poEGQwg72xiE7Ah#$-{yJ
z+hz%3{eg?;5)eu%@n$!`Een%3T)i-w>p_05N=OTZS|@ofynzR@&IZwVhu1^gV8bQi
zTtU|!*Ra-P3fXiGRm0qE<JJ`D8&*B&*+&U+p=ybQ$=DjGrr*O+fvNTjcA})y@_qA2
zjwxLt5iquPb{xGO2T7Thy4IwihWA~h?v-u}Kt`6Nu#{k%eR9{)mVch<kq3bW(WjGU
zzS}NTxbR)K$=7;LgD$p^6L_i5{_V^azc7&3RmHe_(w>-Q%#sAI_(M*1wA8X3-O5a(
zUVraOm236(s~#fr?rwannC|X}?qDGA$yIB=*R-~~b?l7j8>AJ$9GoDS`~a|a1o9Pl
zcwVlm=rLc8Hy+Y{L-J_j-8`iaJyM!$#nov~bM<t1Py#dYY8tE-R;X;xAJHSXpRw$!
zmFEB&c`a36q)`j{;WFq2hCK)e5_-mff9XT7Yw^8y3O?1?$F~a2-RoiQv~O7~GlggT
zw?nWVjVpl_*mfo=CGhd?a9eJp;%*VCpJQ?WZ`lKGAls^I0}?W*x7q6jswYU?2^6-D
zYc{Vj!fV?$)`j)m5!BLA3gD}%J%NNG*2*TE2ZS7F2e%VHZkjn?T$uBkP?T5*11r^h
zD`S7BWNH_qsM$G!{5%y9D-)HQ`kUt0Kg;HI4>{+$*>5n)B<{XwG8rlPcNT7WIjV7f
zxmhY`C%(9*&kBm@s`w6yKv}&Qq&K8B*;xZ1IVse7&nfxD)OSKI&RY4taP`bNfPb`;
z#On1Jb@Ki?$2j2Od)z~;x5Ir&Sp!hI+#oyk;%>Be{Y9t$maA=&Ec*6`2f`ZPyT5Qe
zhW7GK=5l_F^Gos4zxbj@FM#wzj*o+U_8jcvhfGvgZSGL^Xn-?WvL)-898z+bDJrim
z`{zP71`j=uHHpV>q#>V%KR)Ujt{fRogkHD(Fe}1zk42Y^7g6*tN)TNP@B`KK<iJ03
z?xpcg8u_y}2V%r9x-Mn6(Prc<&Y%v9#{7ahNBuVA^rOs=CcJU)9_gylEy!Kx{B6(?
z(39m@t5OKd!@G<vdnIbz9%JEp<)@Q^?KcFgH6zTEbei@!!(zsm#0ATEovB5930xPz
zY!+|$M1N)V{iXC@%8LU$h!AQu{ev-7-YH*{c?)@C13BrIfQf_-6dLhY+aY1dDd{GD
zLZ;95c`cG7BkIF5i`7U2S0zPu6+Gq3;Biv<^2JeZt>A^hgh_mE4_9}a{gXW+M*ev6
zIlg;4wcHn^n@AkdZ9t=}dQ(h{fpkd>Y+>+&W5Gv10s@rrwA-;R{zf}Gt<Nv?{QlAL
z<36#%i63Qo?O@@>IyUs$l8UT7=f{te9~SA3ZS$)wUYlQS)z6-%4D4I$q8+wbzZm!0
z)j813xqzNOm&FIV`P@LS_!8(14fS3sy|IN+WKZNzx=8*^8UBsC$d(X(UGH2>uiAxv
zJviyaFf^WX^VRFjhQ?LH%zLF+{IZaRjvu!^XUwkB>Fzj&tmyg9l(w~v-HF)|t$o`t
z_}s2F*t_p|m*3o*&54NetS1!6J96!^%YV6aC7Ne!fq0PDGb^<@r!+Vz`1PmO7ZFV7
z8@towR|DlgQ-bLctMOTaq(fcycT(*JJUM2*1|PYX_LgZgXkxGvBHqPcc6FSrt(;tY
zc`V#3d&GStt94M>Y&3nQD&EWGK|U<UMT?zkQ<MWMIeJH^yM2;$H0I}9Scs)`<25fk
z2l+x?8r>wSCQ$jZdv<Uuo<HyeTTmUs5A|L3A)!5szPtB<9LQ^}piBnti3p|a1uMm~
zdh%OH9$7fPMv%piUa&E}EmzX6Ris`hGdUl@#P{y5DTO;6UGJ%`u56yth?v#Hi?;*!
zz(1y^PA7jzb1XO9Fbw6^_Uc_l;!h3)jQv*@0en`g`Oj&4QCm4|$w=QiQUEn?ZQh;d
zJGRE{?S|(u=U0^H=q$8N!r!_+5pzFwep>!j?`E!V{8eX8!auEOp#C>pt#XSGrzW&-
z5yLR>ag5~4rPuzHhDWiwb~k3rbN<exm*TpjCc`({a^4*xuv*{fTIz{(jy60--vqXg
zwo$~*4^5xHSYVY`6DZFBTy4JQ3U>}QmA(<F=2q3&70hL(@4!PAqqvs2ivoo2O<ONv
zYoYmi6=^y{<3p}i5-xnq2&rZGD^N15b?`L1gKB6HF;BbNooG{0^u4So<}@)|I>!sk
z0~WmVWPZp)c8W!s=<grCY!#v<YVLNMy8B;qBMPv5YXg(-(b5<GKDIgu+pn6NSHF{X
z%3-aGS)>VGJW`=cLv%8=EYeFa9%Q>|hp_zjDTVmlaQAiQiWr6XRh`5y;T{@HH8EY2
z@goh%hewp2gAK`>FuMT#SR9`3LWMn)d)yPhe~5FOSz;F|MO`u7{dx_LbOY5iS&2PZ
z5&fDyP|9lP0O^%zZcZotf5xbdfra9q_GaWKg_E|oxH;+LoLyEcRUC4JnB$=D3Cc{S
zjgXv=rdMsBO|P2dbqrWcYQu(5ExFeH)vXN36L>i54vFSKU6GClfvxoabc<s-NZ&X9
z?VBc?b193&q%^WS4E)SgyeEdUvAUe1^CODxx-S~(_!BABe+r~X!0a4QG~=JKCHMX*
zYiXyw+;3)487$1*99=EQ`yR{Jr92zXH#@7K_)54RX>Xdp)dSL*J93fF+il)@d!$~M
zZr_n-Ah<KXRXcwnuP0d8QM~)8|ElexvLwTiSNnM^|4maGV&^p05+?F}swM29SYVZK
zp*A*3W6px%zhAdo{xgINE+G(Td#h0u=gYWl-Tj7Iut4<t6K727rKKW(h|2iCRjUmu
z)UB2QQqMj*O=c?T3N0(l1+++<s@qz_*5`bMg=D%?Jvh+tLwlGl24H?pB(ZwYiDyCY
zEnT%%vCG!KTBEwdRJ-;@6oYj$J(L8;9P@Bpl)L~DZ9(8h++U7Xb&o3DHV<{)g-JC6
ztDal)RID(*4?f&hj%8yoxk|GoGydZcEv|Mgc*uR8onDi<wgzk@pIw&D^*Q>FcWCHC
zaVq$7Grfx7gL&2BjhO&F5nk2ph{B57PAQj7p4oFkH><{}Er^^5X5GvL3(sWiLO!jw
z>A4{A@0W*2IVa^=Rhph6q|4vZ)-;2dvlZCe5x+R(k)*fGJv?dm)YuU}G33GA3auwP
z@x>V8!c;3Zr-W6OhsE<M9K$?bC#RQH#bv&s8de2gm!A3Ps>MXUn03?N;@DzSlzf*@
zWJ~NemIrTM$iA3&-^rIKiwT(VCwB_(lqWt%+s%T9y<dLIuyrE+Atot-=zRaOIc8Y>
zd0yL^|L+G7_3dNye%-m4K%4760PC@U5p0>8Jj|j@!#yky>c%bE!yT#LE_ss$38@-D
zmbtRb_|{3$-jW6K-~UO^jSxypU?~!NqN1N%Q5lu%7r?H8Jgi+4xK>>z5U3MnR$<A;
zNwoeoB}IFR**tR?9Y%crbyj-FoBNXCTeDw7JV)-Fr1iySi?D4G%*BOuEjAvNcteF{
ztsAH2`-hCxN#$pyV9$NBt*EOP=fY9tT$~znvj#^?1_23o)ksW#Lqh1U#21$wnl$C>
zUQp0BB(Q<KDQKEnpjg7a!Kpc@m0IAJL|7W@SUH)u9EM&ISAqOXcpAULpIHS|W;-=`
z8Hk!dF6X&c8I~_{&2)J$+o&AA+_li>pu*Zf<XHAnb6SSR!B_M2myxHLph-1>_>5mW
z5Y&denV{q%foSlFiLnU6FL96Vp+E~^1UB#qA9<DjTJRIWscx=Et1vPKwnAZj#^RUe
z78C^BX;CXVed0_5y^*I<556a#BN!GGNQ$(dwB^J<mM!_F|Cc~-YKh8GiXkP1J<Ur^
zOMD>T9}(BYyQ30z=3h-E$`=dA=9w(EsdHayV;xzy1Il$q)xw_O9mPq=uPoj9#wMmQ
zolgb~I4AQe{S1bfszE9TO6c;}JPW6J90J3sI48GKB;;M=$LR#Jh+sfGcJASdePKgL
zgr)oQ7zuj|Cl9%p_QK>EnF4*E7F+dqGhK4&1i!Z(l$yQuB8ucrmP-E>FZ1rE5~@Z^
z4@tMCsn35Oic5Ti`qljng(O3HK*QCd*`gGNS|iT!&p)&sEoAgf4WEZ9{j&8uE3PYB
zE?puO)vNJ6+PbO)*Q(e%s@`{0<>iEHe3avsgcyHyUF2jP&b_r~ucrB4lX*Le+VDTM
z55b|4E_q)XfdENOv65b-5(8xX&nLrpX4Huy+TK6Zq?@F)odFgu=SIphORgby;TeCM
zTrelZYE+UkeuMgQxAin#rdr&3bd*Q<r*DxDwyTcNxmA^?x*70y#e`Qc*Qt{5j)=-2
zf{N{~yLu6SB6mfiBS?t}%gjwOF)8EC>4(YDeqU*3V$!J1rbM~yEjV8B4Kaqg=}{P(
z%$hXnKRac{kK}gTa~3N5kS|PJGjcK*-H`x0yW_nkPSaH~EJmegTlLoi8lZo44?J?2
z>k)zrP#P{m7X%8M5t{?CS2U*G-o{Na*lWZlB6)Z)(zDhNJf78!BCd$*XU}$L=v<Ly
z*a*$n(?)R!+%>8TAssIU6HgM=UexEzIWz?crafR38Q$WM_+ElRs8(QIYE`6z_ieO5
zzSitcWE<!hICz^c5^Qwq;vOZ|VJI1zP5_x^o+j`BRDOCkMpt?i(M5B=4<sS*u&=6s
z$j%=V@H@;^r98uP*$|oO4662@%S(|TF-Ln2S9^K_8d{qT=*WxG+=)>~_slyF4-Kkp
z6IjMnhV6*Vm#xNX_36kBnO*`@{oi{NNZsE%d0F3Wrslw-(zRftpi&WICzfr_%28n>
zN{NX<HStSnq^OGS>8UhP$PsbSqwz65-@FS!fiGIZuR=uen>m}Fyy%hJynnhD8t&;T
zpSn~OY;LypUU{WyjjDck*%ap!WrF{EU8FuJv^RDp@Vx@#SdG0QZfMH;zcYb>-=a)z
z6$YQ5+r_v;Ru^<87>hCs-li+0ft92nk+&Y5xNWC9ng{&ZCIPX%lkQb?r0njdz}Gc*
zs`@+hD!j?+>8clT<-2K7&3xCKN&ggAq+`1cuSL&_yP3c^7!am06SHc&<PU$U`nj$u
zyyq`@L3g5X)_l!n0mj1y{IUE^hI7-#(6W5(JgRm9r<3{~Md<hhBAc`o*KL6@z0Mm4
z`?dccWrf0p`BVS?2{KX%RW5Ma${0e}qOp$B%MXd$O=8@Sdy$#RXsH#R0s6fSecE-D
z5~{r5%*!+h3#g@`Pp|d`t_0KwfRi%4RO;?RS6jEq#-*?GnI3F{zsIpUoRdvV+QpHA
z+4dXveUy`yIf~W@w2k`slbXWn>hJ<_NDK(Eg_dz!)_?E7newX^Hu~r9YvEYrgL@eq
z+$i!3*jE#hB;S9Km?{d6)Q5H)<;+t#FHse`&BN~!A)k|utw(_Rez5`F8^~8pxlzE2
z+p}n9N=81HWIB4GCaBGmED%&ia+Y`Y%hNB9CPv^MZWPZCmL^sPer)lTQKn&eYe+1A
zfqR}9Avps8v9m<&O$y8^Ic(LG$hI%IzjRrEMr+e9en6Syg>1z7d0OWHGyQR3J4$@;
zvE)$N`bR!sqfIEaUyR9CHe$gN?IB@5r7doarAV35yYX&u>_;>ZjMqQh<bfG+nz3P;
z{>TTX#D_D}M*^2TG{X7Xu~*#rmVi(q`B`Zx^DHl2E1G#FJRs|MnHn*zUP`r&5UwXq
zJRa*l!(5uFc~@1i_D0p{``Xe+8?~6F<ISeS_F9wbIeCYWZau_l7FJ^mDoJ%(ZPh|D
z$8rqZV&iHhsI3Frw+ecthM0VV91}kWcxx6$jTS7|%wwAKmOb&C-c>}wu;VB-cSWh3
z<5>a3eh-w~2(<Rq@Hzs5Pcmy?FW5Vec|1^dPoZ#M^YK~hihJIdpn9MTFHje5*&%Uz
zEh15BNJfG}zpf?g+ze!NqrdiI_Wuy*MxU;eaBjs6j!7ahgv!+8cE2%QhJ+I@(9fQP
zwEHvmg8b4<W~yt@r?)Ns80#52n_Ks?J;bNxOi!+*AK$M6eGz)DnfhzBeGmu+2R#o~
zL_<$;5f{^9J_}bRvelI=tl>ePF!ubV^L`+<o<s-C$kbVVR10omm}_(*u0OwApz|(g
z3;rGs8F(5o<-jhod_ntz^`XklaVZ^DNdXW`=E#1O`vbB0<gY85+39$f$humFNwem(
zva3sLip9Z!Q2KFzSBLChwTx{8!^Vo%3>117x-2%@VPzu45{h8G1ZY050+AwP8vZAj
zb2DD_f$>|E;uBPS89@uTc(uY=&-j`hvLVk~6uku+XH3^Bqt5ch2|8vMI`TGVP|E;{
z(Nu4xOhZF{<Liv|>FE<ZhO`c6Zg%&3>!jTrnvzghEDD>Oe<)Y^8I%W<ca*Od-6JVD
zq8m<w*;|u7a*s_o&jf3+wB+#%-AgefX!biNeecNrJPUK4ws1`dC6ZuXmC^c>Zs!c%
zpYj#x#F)MGc%FwXY&+IwTJXk?$-C%LyFh5G3y&UN+PnE}4^U$N4Yo$V@rhQZm{8d2
zPWlmbeA4J1WbQNS9;{A*&NabY=pGSaI7ER_+6<<MdkXfF4Fc&<33DSQ?1<r;ziS-C
zswecR)1O8hOK$&)=)<X=(53q5;XIVki7lif25=j_PkltC%j9vevUPgfdVwny6Caz8
z7S&)53EV?{ZV$ltgfW%lM29^uPX+D!jHPO%0NhO8_$tv*ixK?xPaE#Q<Jzjn6Hx{a
z^;yCX4hE@rxY&-e=@$bHHC#WOV!p&Z3&?;jfg2B}mIUxLP8A>QAj5}KSC=^J7QAsw
zV5P~NIZ9l=jXW5SQm0%2c8UK-qYpd^z-j4!#SCIg`Ma&A*NA%_>)kUbKm6&9KC}Uy
z>duvB+uOYzmO1*pPl=Zkwk?dWR)K8&-Xxh^L4`-}U>BPfZ_ZR=Bf+~Erp(t?qeO_j
z$kDuEwRo|-VMU>+j+nSkD0qtF=@O{p00Jiz2wtn}@LI2Yl%B~rHbI<Bls0Gscd(i`
zVZZW!)OY;&2G{H|w<GzpN;~2SXSCO+9SF)erg`mpdvRKN%iX6drr~@cZl$u=UiG>B
zbT0qsXz1L>y~T1=>EYT#2ns0{4a%SfL0=s11Zx2U@dPVP1P*|5c;x<L(yyPDRbplr
zXB5)VQy{!vr7K(%(qtopn!U<R)D4rx3}OMxm(eE(%0-hnX;eG>$Dvno7t5YJSs<QM
z8nLpfJs-%m4pXzyv|F}&K}3vp^TdJd?t+E!UZ$yXA}Fj_YWP}xBL|bg2AG?9)N@I!
z4E^wQC4^of6jJz%VwQj3>yFqziG#>S|C6s)7!*}#i3^$$B0}?<i->zGX|F!edCEG<
zNk$2f{dkylbf1Fa$bi#9T<db^6JZfDXknJ`V-z}pYn|^z37HWp$X5jNXJuOFm($^$
zDbd3kgh-`n-*L_yCF~rvTG8XJTft*Wso|5zVRI$J*wA^hRf721ZWodeTV-&srPPj+
z5HI6tcPHJv<XGRbj%Z|XX-T+-vyKcWa=7~2IA=IVmS=>Fxsy$h%z@KFDtBdXPS*Jh
zM?{W-*U#IsAulvj@KOtt$d9hR6K;Q7%{6W6Ef8P;5f*W@&VU_!bYz6Rk#UdjdcToo
zjh;rqjbFxP{f4X7?hg)RsA_nGP6_Jbw09s(X;&i^cI<H<BPpaN^_I=?`y;-48|s6i
zsVwn>V_b-=J*JlO9ON{WDqFlFf6;w-u*UBv8D3@kFe{DMja{>9z4FuUJL*Xs{Vdo5
zK|&hu##&_962Vsn?~F{T(6~zUO5JBpd@wC`@b%<C#4Q)?KnyAR=sRkDoYl*0@L#Rn
z*torJJnOK$-2|*yyuF6eYR}&8G$6#Myqood^g;&O3>c12TiRx`d?AqT^mC3rGXfqN
z!tnJ2wJSjEAE^5@n|VzHywcl!!T~P)O$;wUT^tlkhkPVZNe!Ozd(V(LA~8iN0gQ0D
zi~Lmh8y!GeSNwtqqEaM65U&~u0vZBPa?TONRWmCDcjfQWe&g9JBW`L_e2{Q<2e?VX
zg1g%A1Y@C8-ocqRlVO8>04V-t6&0W_02H?=xScEFkoV>&@akn1d_XY(3i>2m(V<Sr
zi8+7O1k?C6U0DTkluz=cP6&lLYK7Wy5U{TpI`SNC6rP*0eJzgfI;0a~X+9Lx&{6Ch
z-jSTQ?k7xjMyb%?R0E=-#nQeS(Ew4Ecw?Zj4(vMy@+28$tF{bi2vZ4>DmYuSP+~vE
z(LA`5QDRTW((nn#^ZxSOLnV!4a0bB*2Nfz)d2{4rp@;{wb4X_*40NTy!WPTmq5M$V
zMi_`jMU0`xhD~Y^)iECGe3YN)@rOfxDzdD>_lWnBAz-|JK|qU-{e`d!Y?i9-CM=XK
z<z0k<-6&YIzi_5Yk|E?UmRW5rVJA2<(GF13_Nt^XRR=xJgHkerxT_8vg7}miA}D1)
zC=oY5P}Ey^Oqi<sb5tRO7WO#cH%b^t8}yBb3IIcRa8Gs+eW0Fn6J6%W!a|u~z+uUf
z+<su4B*i{dYC{hDZu%yIAnw^=KQDI}gw4Ud73A!Q+rO3a5TxqLA$DwGv?QQNFPp2l
zZMMD`L{(B%276(Od5S<E4od8Re8q+@4WtO-ixwgJDgT00Ez!h=82v<vxxx$I@P(<?
zv4~hD4OZTVS*kw-L0|AgF3X7V)YpO<%;kIGiiiXKJfrV}R2N}Gx1hw%ez}J;Repur
z>8QDPL>_BG99gdP6XoL$-+sW~^mw6L3oM{r3&Q3~L&8OLcP>I0aHymX|Ee?gKCGh>
zaf;Y_1pa;4z6+C{3f_kVVMq0la5nQYTw0ZbwL)Q5=017z(DM<8k8uvFYvs81dGgz4
zUa)*d8LovQj02Gf)G^5OX@m=2Knd7*_wN^12-ELDo{G#$CgGGt09UPCuJkN83DGmJ
zVt1IU5yRI0gE{lBjNd58%6lKUcrsEd*XgTNhucwwh2orMWpkt(d`Y(oi<B9>h2ws%
z9MJiKZ#xg{NfuSoo2_-QNb7fB{+P{YEe`XI7wx!*{P_J(e+$)8stsFuLKbiz0Lm-e
za=+ND#8tfa&hh0{X3!DI`>9L2eti=Yx2O5c*vbZM-ON^YR<h~Q(F*VyX<^&eW1gl$
zDd=xCO3~vy)7vT#gI)mOtsU5F9T+OTzk+9fG{%7j*s{fd`m#5bR4RW=4ey3|$_A}D
zQ7C4p3b&*P6300jPAv$`OAJbDsoP%_L$WzL*OS!PzFX3Q*O53;d-LT)X}+V6x2#g3
zR%jcPrIXc&^XFrGdn3Q4-^^qo{^3M5IE%Vs{rXcIvDX-fuZy6)m+pYo!_?&}%7OzA
zKdquiNWCUJP%05hz^gg?XO!3;!DB@mF{bZh;fH9VRQ7qkM*VD3F3E7*MS5qbqT`8(
zF;4Dl^lh|6N9B+e4t|!@_T)8iA+t6t6+3`H+Z7mRFVUAXX3b1)jnmDo!1Ab>qUc!m
zxeB9)JB9s`ZtCNMD@>IBQWPYFcqy$uIH4IV9Q$vBN0_y@i9P96Ajaf3ORpqTq^8e7
z5B~EEO9*H4{#wUQvZ*&}J^Q_|jk^1Twx8vfEG4K}y0^c3Q`kc~S7_FaOUR5aRtnP;
zeFa}m4sE3Wep<WSRWqvIH2p5Y1U0`Hk+y5gKaODJsol}rETvhywxH#{)aS$Gsi`H}
zSy&j}Y5Ne}X4K>GWWD}Nvq1z5PMBw)<oS_q_iO1C{jyL_-?s<DI-SVsUz_z5y}1%V
zXUyPh#gdVTDnQ#T5Kez>hbeUhRanYu&2&vL!sMO|Gl%LfNqe(lBVWSVE&giJ!J8gi
zQ@)O(vH!RrY@7aixiA$q^&y*T+YbI9L2>)E9<{82Qp5_L+6~q32=^2EnMfIDQzs(c
zA?|NiYW<;D3j+CsP3j0CmU>Xa_JPm3tC*s_c7A#vcS7NdkY{@hC%UYX*3};}f@~GS
zM6LvrQ6YF%E_B%f8D|p;F^zvLh5C#$QM$Wi1Q<+>B)@a?;#jC$g~k5;LyTA9Gu<{R
zd?jmS+fb0Hohz*&$u`)PuI)`SYFBbigdrAX*sOTOY817cl5bwyX?gM(f0$~ypM>Ac
zQJMWJ9Q=zLo%nNs$-dv>_gIZDe$s@Zi;ZUTVh&k_Y&|bq&wAm>=}3Np1ttXMTlq)^
z*(!<s%OqKzAJL)uqM}659>)|5rGoy!?!}zmNACJR<V4sl)-ArwN0-fC1(pH>6M5ei
zu6<`6r8N*;(a#cnlqI;F)GV^JhUX;2R@DDV6Vv~HY<*LBWla<AB$G^Rd*U5WY}>YN
zdtxU$ns{Q{b~3?^ZQHhS^8M%LT%3ztUAtEITKzoLtFfx;t!*ZKnHKfK>1uaQrWA3^
zZrYzuo?x-G6LdeHyuM0^^elP*a9SV(8MN*YY2+dn>YToX2&Oz!z;wnSxkr{6cn}t<
zckQ3QhC3ddju`57&4g2{rgw9jv}76<Ln4jBso%s(r(#UOxv@|S=*gy*qi8vmVie-^
z$ln{>Juqpg(sS1}BpjkOM=8t$BB9?fuj66ac(cDTDq6RO=RA|>&G1D+^J$wT-et=e
zFdf2Rkn^U%c(;cejDKCK-m5!Ne^!(5l#Hb(;phn0fD!FZV5KrkgxwbcC*X`-ED(=`
zzMvz?u_l4TPS$X*A3brvxg8JQD&4%gD7s*WVDRZ{PZ!=qF7W*-t0G}m7!KCQgFq1M
zn70>ZGpK=v(jM-lCf3lnwr=bQ2VP{tGQ=f+dfV{?ZFD`|*&V4M=#)&{cL^&=48Sh!
zUW$>uvwGXpGpQg}m7quJE+|YJfP-Rn$Fw<nN`ZOOFi|l@gGzyR(w@#03R;AoJvIc>
zt4VD7dz_k5HI`Ih@0GyC!v{2tQzwhUN-=lCu4#EHR)unvWADy5LH%+g@@gn4gr7jw
zm6$h44hGLPA-#yqQRq9<4pca5RlQ}JYk4>i@~W<=t->#nyN1}GmMC?j9<f^(<Rp(5
zrohrs5AqLFoSxXxD927)$jHHBfqSIXmq{9hJzCNsEwLPzasfpfPQf9k-gLo7DM*%}
z&{3EZhQsk3bMkEj$E0c;@0yI9QKwxu^wW(O5l<s_JCw_l0Xj<T`V4p1K&b@vhbnq6
z;>(i-2FfQl&dU=yT1t+#3}ecrJ8y6i^+PSet>!>ub!$k$G1!RAt!p|3pJ-A1c0HOe
z_4d@JcLr|JQ1l+rc1PXx#<(VHt0CLy_0&oOQI{ghy)*YiFdz=$%M}u%qY<b_zfU~R
zmj@Q=UOH4W##fLjsNXQwjYtI^CH3PIy0Y;!{i*9$#Ym-ZYX01^e^N+oiO;#0;!}~+
zk^JRL&L}<{O#`z~y*FMbZJL^D6U8aj^@w1f%&vy2qb(`G&tQ>wrqNoX7|&LD#wby@
zU``#G;Nzc8)t(@L1Z^5n4*jNvGPNfavWIi3C^m74<7}sm5XtF0stO^ij>2&m>_rsE
zqU==oi{3m>P23?`PxOz8gXnVW-$?ePIP1NravP)CW~}n7Vdk0dwW$tmWdAfUq+IeI
zR*m@3K8!JX?8`mK-0GreuQjyE4zy&q>eKueq5)?*A#h5<L`Atyd1_WLi&IXlg1hrN
zeHf*N`MP~;^APoaLorc82)@OWvzq)uP(^Lr7V3+bhX@M^eN_^E;z$p@v4$S0AkLXa
zfy}Tsga{xX86jgg?bMPgW>fXk=?(hlzJT1(DFz{HyAKptb)-)GY;c4uT!Lyuv4#$<
z+zv|nxv-b?sFt#C4V_#Sr~TR0uz>gXPR~}aI;D49LR+|I@z?H^q(N=sqIn0bsa|?s
zkMy(LTDvv0UG+A%<GMA>Nj13xBa<=ZMMfh8+Tu-S%k(B{u+OObPS$(!)={&!^qdjQ
z#7^Ba(hg@DiIaa7=}~9QH$y1S<$ZMP?2%OH)1O(z3qHSjSGd9lSNJBk#^Xi;DM}R7
z8eon)=SW45xB{0?IXVJ0nrl4^p>@TtR=G$D5}fL~n2*C&&{wyKd5sBro?ZLL=E=iZ
z8!`>{Px4M-8t%nn2?<0|NXUUSVgAQ*=_!PC`<|}l6_nw63?~Xy!->6P9!nGj?@aAD
zwhL$tdXsRPQfb6h9dMimyn@~Lb$_Onesd-071`FR63!e}Q~qtw!eY{rnykUNdAx^M
zm5HeM!&=b)H=+W|?saC`w8J1}5lu&jq4$wye=pZIs>W9Pq&vgiylWHXXcJ|sOcm}(
zP&3G$L_hS0tWvHBnU!$L?T^hpZtzEU9&ap{1yz{KE1xHK2z@3~`xJ&FlVAcA^nGgR
zUkRyAbhbkFRSLN#A_^5RF+caY!S_WVKz*0c7rx?KMkXug&_G-~=rX&XQ-q=lQOg3q
zT)uxgDG#~)Od96d0UWdk`n9Gu2W%bx0LSt&l0l&Mkw^aMw0W+@FkxaENWZx9G!1zo
zeDez2h>GVRq1vGyA|;?GSNL#wk}(NZC8g^6$TE0%gpg{L09J0Iy$$#Vizu0R%R78{
zfn)7X>qQsj;K4LRi}5~07fB>4fs!&(Gn}6AO>jx_sPtAOkUQf9s0d}Rr^N!1QlW9j
z%m?7QkfoUhyxp@<d~h8mlN=@u)Lt7A&Rc+eygsBo{n7Xrw|FoUHe_ET>ib0v5wwu+
zmV@8Ncfm&@jx}fUwc`ZYmavLF2mRN8tq~*$`iFjh?kjQdY$EctZpju#P_Wms6yjq$
zKdQ@{;=fL1a5QF6@awe{qWerNM4#WDL-kXf!E!AA#XCRh*=yWCkOzEAy)RkIZGNy<
zcVb)jx0ciD9fz<F5#%?tu=a6zh)O>r2ft_iZ8MOUu3S#LoN6w-_3glrYKO;nUy`H2
ze(XVaZ@R-PX6)@!wp?ws+g<Li=LiFO<qdAAp^u0yiq~m6D35pZz&3tnO4<EEcbWH8
zgSW|ko-Wc|^FU_)TSpPVlucR1E;q0m6H3;Gq@*q4TTEqAMT(rO+97w>t_OK)LvhN-
z#)<c{&loGxA%BvMxd(oQQRX&dzCv=Xs_kWISGCrY7qzjca@?$qBL-mP-W@OdY~G0d
zh$65lUF7pA*<{4PLf!Hdtu+)4aarV-1zG?z%ZOL}lVn2%guHU@oZapbMN6_RiAG0+
z{|_~~t^OS;@9p+^1%n}6W~S%>;fn5J`R@yr+tBt3pohSRA8dq{^S#gUm;6Egy4Dr=
zLO#+OrFs)97m*m7VB>(h#xhmO+rwcLny#pZ0Y6IJ5y{;FaJogU6+H&q_0NB9ew^L>
zzmb1gRZ7UsOVh)1xg|E;a8_!Js$(DC&zRO+@F=V#-_fRja<nYe!xGc_PYPE5=66&%
zkl(<D*sE+*lANb9E~US%46`ClnmaYMxt!&?BJx>|MQI{(^$Mrz8Ds6dd+cf)`Os|H
z-#y+uxMh?dHGOo{3r?c6x^Grvstv%Xc=hwPCMQCh&*G%lPBZ|AvKM1mU-haM(S(W1
zIJJR^+o*#nYrpV=bs~(ZBWL{0yb}M?rCVmfB6E`H+BDk+7mvdhq+DE4uY~k&kl^5u
zX`Ai%!6F+(z1opv_=<9HpetWR{?}IlL`teiETqUvi(gWkRZJ=+loU@6wl8FDOnD3c
z@!-mV!ksGpPVL5|Z?WFHl-3@xbw?4%L}UJK1hgP32ld_WL+H;7oM0;0eN=i<yT!jO
zeHh=Tq@1zZxB*#qWBtxlgAX%sKV#Cn#)Sd5P0Vf-mY3*%{5*sTc8xIxOx>T+1{3xW
zzL|kw`)=0i&%XrHTPcRulD&!>YnPjP)dH2YK}~C83j<AS$J#Ih_86;9^)gb~wh#<W
zK%bH2q65cO==f$75q)T=#2Scm67ipHeL4bE={X_lyX;O{;8I_q4g5P|!;@g-D{Ux8
zSw%bj6d1mAq~G=}Pjg<#RV<j<DOzWWORuUoa1?H|und<nR>d4_@B|G`Y%m1zRGt<y
z-~j<JhP<pfuWo_#t1uR=*jc0Py!V89e|1zX2fryM#e_C*UQfH-G+}p~>HBt_3`hVc
z=1s;Jbwh+u1I6vPtd%xxDF1e6{sU!U!zr6Lqh%~jG$TOEt#6@6enA6MdfdDB^dATc
z`%)gga_jR|CBjuyP?&#{DJ1P_^h$s&)TMXWb`MPGMgzz?2TXqcJo<nNP-4frk|kGA
zUWWG{_F=%n&XBrNqz+gh#q#ih5_~6sn14A0-)2^^_>Mh{7zoA<?Jd3!j#Rjkh(n#&
zpCy`j-}-NX0D}Mgr-G7G04z6*)H#`g*&(>HJ8IOL<d)IhihZj<sV+orJ9I;5>%Tv`
z5by3NiF|Qzi64|$054W7he;L3D@u%&N}a80U5G*KzV23mJ-fi0b{Li$h@;l@E&em{
zD>Q>!yTELBv_EM{fFhNY*C_Kc1*u2)jV{HInF3T$=lT}{|Ak7FPUw>qq-}X{6S|A)
z1G2~^@fCqx{_IrPbfa=$;&BpS<&4;(Gc4yw4KLc2{9{@S80*x63i9WLcz?jQo5NZj
zo7+n=kyP;(`=!jLlJ~be%z)mQCQTz^$6Axkk^F$8p>wC&rCQ|rl`zoO3%X$=2|#~I
z++qQkpH#^!`I$=XajepiRpljfm??!m(FyUQ*PB`<Ib-#ldLs7zFSYEPyu|7kMy1Gg
z8Oxn2gD}QQy@dGyx@JV)x?W&Ye5s%-<DlJErR1ficaZ^ZLyEyqV<7b_gvE#?Dd%w(
zk%|RI);B6I7|b*BDWj}!pBLmU;~wyf41d^c-++*7yg`?5L%RHSL_Og?{daLWv-?Tw
z;wb!1MC)tf4n9OQkhjyYns*qGPe;N7{cq@h#I~{r-tVMv1*2KOpO|jlhPV>@tcwh_
z4p{=5XP|+I&C?|}QnbHDaoZT9w^mv7gds6%B_GRjm*lT_qTN~i#FZ*i$YHVzg{W3%
z?{DO((X}G-ZhQk_Uttml<IwdlD6xlp*J27dYO)O;eS1aE;z`=lNUR>wNb-=7Mew&s
zLJ5C<g$PA*c=#JEf`KRcWIj7410gGfJ$7LfUVrw`K*40B>RctAaBUrdMiZ~duWseN
z#o{vxf~x9x<J@!cptM!dn!e1ut*CdF7U$XL(!VYV$&Nh!FkJDZ_<Y=2K{B9H5RhT}
zPFc9iBy?9S?MPK|n)>3l^$X7egCItODf~2p-pa8mEI$PUeL^Yn6YL)9bfk<t^xs&<
zjtVXb$XcBLxX)Y&LsS#(WZqGRLAMc+I6#i8DQ39NfHV(nTu0_nv%a0>E*!wr>?8Lu
zgh4k<$omh5K|3L$I2TW@DmgDM(;gga793J^%^tq@LD&;eIMh-O$Ysy<L98O8P2n(j
zk+-m~8H*`O>nEoZ{q5)C^+~qdQAFny@+XCuFk@_5ifr;+9*LqU7|vik2yOIX(01ni
zxwArn0XBfxaTWZNG}<bEveWzIHu7ibfaINREEr?@^j;DVW3Eb|+YT1S$nBs&A1TCr
zEHc2I=sOWU@lmg@PVMK@=*R9qV}m!8z*=!=mTnz`S(L!+rC8L~f6Js0eniAM<gIZ`
zqH^ov{VO(I%ApA7-VH?Ak(2~UxC1g`WX<6CuH~AFVIS5XCBnD5LOgwl)K||Ok_Tmi
z!@q6ZaBL@Bl7h#ng`y&CT~6&rPric<sCy)7<LPfhV(Yi4GEzo>4Mf#ae;RsEt3`kQ
z>M|*x@Wa-x=^Xo_RiFm8E*-dET^i+v6T;u480M{Rhz4{XFh2VJ_AM|S)_@JHH8wr>
zza`p;TYpe3cP(g%9FOmm2P9WMtAEGi?ZUNKPV-}}5j#7H_3)_&elte$GqV07g-Qbx
z-4B(~nSKI=-;B}T+AE`FuLLCdix!88U-g6zY}SL<VHl0R=`;U;W<2=lI#}cH|9ktI
z=KS%^SWCY@V<FuDlT}e@80u`1{kkY{k4~tE{aTkUn>L2sXQq-qhc<#C4VxZ65!K##
zYQ`fyD0wjb4=$osj~_Oo*6@D><OvT|dBFcgw)vyvp%(|zeOWs0Z9B%bPj_rLw216)
z7b?}XT9Y9ZW_C(bN$2K)$>q~=_r=$9E+%p`bUP>Zy>a#0j^afg98PXD7ek&iaWQng
zagkcf1g!-a?j|DG`M)w+>ynPg!h`9ArV(>3Lc{V1gr*@%OJY?THif5i)v{O*JZKb+
zF<rhVZm;EH6$*z9ve#M3D0Ng0kbzeJFB28pJpUKwx?|w&4J8MC7xusg0~VOdO0gH#
zHGo7aU8U&*99&Ivf$@r_vaDt-JYy|t=p0DgHVJ(kUFp=HxOjJHf8-B8w7uuQ#x3g@
z%=$zzUs`JndN#fLMs0M4U`g_oJaa;zbWIU_P!YxWGMstpH)m#!PFr}bdp}M|rvzn7
z2EEZ4f#Z+g)kKuxd~#d%2DR)HZ#j<;g7au31ANHl0<TXHJ*EHg*n`Gr4Jc+&K7a|C
z7_a!P$%HQ<zIkFRhzk6X3dNX+k;*-bWXW5qe@R?+yw(q8?p3;fNq(o{su^87>YYdK
zl*A63@u8mM9C~mlsy6fbMl7ctPQg4jymoTn8k^fEn5G!cBg%(<BD|LUP4v$VmY~6t
zxWMN*$-qPmv(ec>F$``tMGobrB9GCTVN=D$fD>k4AEr_F02Iz7GIwK;#2`~XO^!|k
zTvt<O*b=Ec8a)4a-b&RL(NqS-(>)7PEo8Bs0}#1=e-lFX6H|t^KkJQMaAva!+3QuC
z<WibT*^_qyqcJROiF^{dW#S6iYY`_<fAXt*(hU4ChtY`|gs#obCU0?04qLMPL@xN~
z6F%c3`UhW|KZ&BkGbntvxRHEprlE{Q>^A8Pu|9ddyc*#Q0rg*LeF$Tf@ns<SP1?`r
zk!3LHNob_rC7`e^)P>Alh^OF#g;YDJ{}bCYAZ&?}0U5vjpYWLy4n!^vPya=n;FaMI
zq|8rm?Y(xGOGMIsMEU*e**f?@P@vsPJJYL*J9fa>3qQwtDtzGVR|8BJ+?n=O@V{6%
z5S}<Z{wOR9s$JiTc0>ciBh|v`{#$W*z1yFlkT$jS$SiyngO?6Xm-|(_klPnU11ITk
zrfe5P15>d~!`GFW?(b%Xh0YL5d9*gX<F-;FN%{!^l28ZcW!#d#GTS8_9`eGI6AE%A
z^+M~AUt?7W>B>`}9VCB6`)ZqL<DUPwu)YNt0NX^6Jtc#elsQYGYxCW&klWA616!nd
z`t^Jw47SNpjP&E#Abp@o`|auz+Pfx915Z*s!|9G(JWU^`mk5k-_LzFsMoId+NF#lV
zzY(3U_6VPCGN9SC(<Teiqv>?e3Y`(xAvV4vtA(HYg$Q)_3fl<gkCb~8yDic{T<UGJ
zswkkOyHw-0UBmW-(ljBz2GB|}1(n*!FRF8UdcQql1fr>Xc<bC#3+|~B5+QX;{n{#n
zu6^f%MJX)`U!e>MpH+v6(cdR2(;+SKh>m=^!4>?pCg~sW^Y6&y>F@d-y>-L-Wm2GD
zg0H2yW~vovd!j!LN1b}KmEY54zOto=q^vq4e(2DB__z4T6>!Ui<effTw0d?PsO-?`
zotd-ZieuEAf}yRmENtW2tgHNb3UMA>^icPskwIkk&nZMu)hM!8T0i#ze~r+Y=^_lK
z?qR0Oglk~MX-5LRXHd=&0=RniXU-LJIxmaRnY=x+w@XmilC>Rj!P*w_1M29kjPrSx
zXw2CGvD-gc@OO%UNM1&vGd^}0zII6gW{wp2T7<{H#1HE+;EnhcwQ}-AbzkG3f0Jy<
zBjMlk8vzK@XmTH)KE1wE=xpZ_@bLBW5TfvtW`!+DbA%w7Kg-0oaKISOYBMrB=Fz49
zed%xa-6$67QNwVzLtSf=%vsya%NwH$+|vGXv|9MrIG@pIVW_S8<`ii#P6tkBRSt}4
zhFRI5n6k1}t$k(dF?%3&D+j8%L#M41PoXxIJ?$d)$e)Q9S5mK-pt6jc2tTP|h%>`H
z)DV4dE<5@oikvN~;5ny;(baLGlGULKLf7Llo=m&c1~+mfzwL03V0ie@i?#I!ZJ;JG
zCM7-Pdz??{b>$yuVD|LTcIAs%{ZSX~be~HcrvPNi3Z!)8?`<lgxg{HW*;e0!vrK#V
z{2kAB!G-wa(_~y2m7y8Sr7__ee5>?zSk+q{R7axj1{~#7*SNRfM7&mDxph8wew|K3
z&+9uQ#vkpXflf@SdR8meUDwwGS|Ek$M%XSDG<w~iReMU~vmCY}xcX(58M4Uf<0)3Z
zP0+j(zskMX?lXQwo*zY~XfneG(yXg>Fij@6g=x~u5IFFkF*@cw(yZ0X(=YbYtS(2|
zAtZlFo)Pcpe<!8Vo_HRyO$Z5wrWzkx5ujjK(&k<NJIZ|(##}EvK!(^uPGlrW54$j=
z?JBtr{`smO$RyVAIF*U2i}n{q=9(kCcT<DKV~-6Jp;uaghepouK>cNL{FcV{!uCM@
z_Ziy_4V58!y_8axKGouRlKyeTszjknBQ5BuF7Z(Px77w22H+zq=gMzHBfB*^r^JyA
zGP>Z(PX|NcX6!4A4lrL4{X-b54tuC$xe->hk{bPkKnrXH&Rs!*<LZhWsIHfH)vcfG
zDqlM=?%W9An$LUth6U<KRmjeh@`3%-)CU9NS`T?I`0u!Uhy7&#d#z=2Ew>*4s#c8h
zithFEM9=xN6t6t;{ZzkL<BcoCkL1+M(k9}3KLBYn=jiE2NH>yl!5}V*E<ZcyyW6Y;
z>HaVKkM+czprXX$IHxrB-5n~W9e_OPzVXIe4gsiE1orcg&ws~yV{JZ;<kc4TlXLzX
zXtJaA`a2L$m+I}4_B-I?U>umORPh<y`}t41f|<?!q?2mqw<4kEkH4lw8!1Kx`XluU
zkg18PugW@Ku}K2_O9e8xl8W@HH?%6EW9eV3(h*DKf4uAi`++jYfl^iob$`Lzix=>*
zyO;+~)uJNKfqF|EI7bAS6jG&Kkl@(g5ZRvmV6IcZU^m@(PujWFr~10mo2Y5VEqdhk
z^|T}w`>GAOYw~u>;2pzSF+kTF5>U`jfe@I&L=}6HqtO*~vmYMfsO9ph=s!c8yfC_#
ziqaVB&%~YF)YfZ%RsjPTuD#0~JV0<>w$jPKe8+)XUu4hc?a}xBRK`)zvy)38a@f%S
z0X|Y|=8}=1Yy)qAP>rKYIAlLo-cw;MHw(0C5_U))u#~O75q9WZEj@D6s8E^@pZ8!x
zk4=!W>bK&-1HKo;Z{U#JXSUp6teZz`(7pWHENXJX0^R7MJK%SlWva}4)C`3h@t2y^
z^OTx^Y`+?=lsXWisBK`X+1=ILG}SmouaD>#Bz1dedvdFBlT`53M3Rix-2Ag09ii+U
ziFTt|l%R3ntkuT(C;}qPNOg;?ji4jZyyH6394=RmC8!;EY9B93;5h_qKVQ-V!$Onf
zt2ES#@VC{9mMSwSD>LGao0)cfFc4ya5Z?!JaSkg~R%B6X)6<R-d+kS<9okBw`g!gP
zN9}-*Zptl7y1T{&jO|on=S2s3z%7y=DNo-l&+UNo@s^S-ptyDPFgNE_@II)rBeKd?
z11)Dic95<Z>d{5fPIW%Xx}Y2B?pz9!7XWyfYt|NI*$m<2(^jf*!A9M74v=@hIwl0h
zJ}5A+_W*g(sk{IgtC7pI1b6MG+zJ-+bg!ihK5Zoyne=?~errP-zP#OGJ7a`a6oe&y
z$^}~{4N?7n<CB)8QR-6C^jSNIdt{D{UdwXV^?<>h=o42wlXEZ3ZDkxk8@X`tw2IFP
z|JI~fulJCj7<@IHYIA1*$>q9M&!w%*7h${tvd#;0Mk2wT;z^O;RYdU7Mn+j4m>1X{
z73Y=*AvgWUVCLjmCE$A^9~Ehr#0Bf$;GXvQf3<c44VCN|l<fxifcznAYGr>$EpQ^9
z6+Ll5#g^!IHKVTyof~b_%pIj9J1rK@ak3ui>D$u>B<WXd>^&O?X*%ev;yS}@Sj!^q
zj#166=a%T&vl{8;o{Lt_#Dkvc>4x^sXeQ~}evA3$7S$xOTF<RDOv`;ElOah#=W24v
zYH|-vH@6fk4ZCY2+Lq|-@HE*xH5F?l6*5iQoEloo&$;VT?)n(pl))*OY>Z5{iEHvG
zZP{MOyF76LNz+WIw}9w(blV5zDY=P2)QW-z_1fEDfKL{{hbVUDFk<GhCgr1r_TBMv
z=8$!|C}XQIyCd6Z$9ExX(OjE6@A0EC=a<2eahM<g96acy9Qsu`vBOO{f7*6g{yGxy
z>>@fR|K-sT70<sUAJ-?9bw*vX$NZz@h-$xzWnYb7Kym+DN;>r^@Be%Z2%!LcJObN1
z7zXm%$bY#6K=f1!wq`9B%V0o|kO8MG^nc1mewqXW&O!l7<P8K7SUQ4$@^Y|PK64rE
zCFNm}d{z^>bJG`j@hQQP{Yfs<;^U1e@=jPG_yqu`KdMvA^0d`1T*EXL>h0!SBd{+s
z%3hG;I5|dxl8P^&aRd%Lq5_ZIpA7Gqn!mp~JvJ$Us07a`A&3Ws`4`M02S`#JyylM?
zx~7k$^hUPlD`NV{qVP2wTHTS9Ob81c++ZFYl%=3B(&b?|VjH&{n(qB?HQ*4<;kYw&
z$uo32w|N$X@EoN~82Lm{T!;Qv^E76Dx&ix^7rv^%6n`?urv4Ma5cG>MdTn3<u3saI
zz6y6Nk-I9|{MQ%dStLanZV|yl2rLNm2`p;9KTctPosbCfB+#7HpC#CRa&gH*b>4r4
z{Qleftc!xg(YL9z%|W+igFU$I;`ML&S4^MgBI2PH%%PP%2i|~X*yoNzm+#-aZNnet
z>E@UjtzX%g*4;Qxr8wq!VkJ+ssk;)?+%VM!JT#UyHE?X3nWVK+_iarNIVwLb?Mx^8
z(6h1Cy5h_=TlZL+nFj1k8yaqE)}=_7e-~uf7JWIwkQjg0ejiV$WZ;mwzBja@(B}8~
zOY+sdFW=zdg;S#364&4~{a|RuGTEFYo6eif9g7!IbmLfspA}$~Ug!3$ejCs0jo#v`
z@WaSx8CB;hfJURnVZYn?!Dw+n7jN&u_ms{Uy^d*V{FZF$WoB$IwF)<Z8X9q`ET#up
zby!n(oy3(*6WPwV17|Vs?@oz%^NO%5FIu^0F!8)Wwc_m4TF?*s;#6IRXW3X2e1kI^
zdLc8#5o~%j{2Wqopd}<MyEp!1w}F_V6}_Gfmdu@K7ub_FWq?<Rw2~JT#t7v&>+j@x
zzf3vCpxW*fWx#9kf4BWy7P2N;sxDU6F*#Gd#2onuDtxEI7{PN~vFOoz#1<VlM!#ze
z3#sF8YG8h#cU+O{;k(8LSq$(|whOqiRbmp?hF&$R0!DWlfS*^a3(SLn51xV7s=uQ~
zR+(>2wpIkL8F{^quv{l)T0_MP_Y9E_@gpp>v9s~Pp-3^x9qu~8@Jhllx_!O7=+3dq
z9J-4)1PfD2K*Y-uAx)HGUGzM8!eR~z5lV?^TkaJRsH~hTZb3oy-#DB4R!0C<GG+vt
z-G+g~e)k<pKw8!o?nVMG+X`zGpI}@+i%oYK=1u0)ppx*9*&1p&Z7LQUe!=VXsjJjE
z<hvNzzHUmu1vA276{ef-+|SaU_ZV1H*No6x9pPwxs<QWCR`>+mmnGJ_w}hQteyWVv
z>I3J098_E(5qfCFu4sAcACk2y;aRkz#jB$FPYF9`+2|}UT84v)K6I>Gx)>uX9Jb9<
z3O8h;N0L>BxpT<3RkD5QlvFDj1v#$O7;ZlX8%Lc^dRSOu5iWcKzQ7CQm1KB^!$SHf
zsoXLP{<EfPSU3UmwyF4NbrM3gz$*=Ve7>sD$SczFgF-`!Gb-L8tu?S;SvG4F_JL6a
zsh*CtF3XS`T}YXE65OJKP*`j2H8T<9>=?&U@99fhOYnMJo85rBZja-gk35G@(QPTL
z!q;5};O56pA(~NmM_o#l%@2mmQ<jiTOSLv64$X1+a+mU~eVX+{b&<y)IqJkjjkJs&
zY4t-E(J@O{t}DabPW30%W7mNX*$g+fpv9QuVk)t$gT~z?o7P`b!)n}mFX<#N_ORwQ
za$RL~BFcNerXzP7#IRbA<Ufm!9@ts+`8rX^;`xE)$r}vWi0`s-19R}uH$wvhZ^|ca
z{<G_vAxd3}SD?r>{udnBd-zBBdS-NlNre{d)a~qZa{ycB_6LfQO1i)(f4BbL2bEWH
z-ks(_Hn!XVxXgC8b=HUF9|)F2r-W2b3|z==r-*J7ThC;Y2ilOY6P8|`uY0o5y(Vm0
zYT@rL6Q4EdE)#;E<V8#o7<ki2^rcsZ9GnTZyNNK9;F@XpV(Zn4zv!Jk0zY!EKEwKE
zABccvp9(Eb5InCRxlg-9h?C%@E`nfJ8SVYs5q#o`$M`{qUUF`a@sRRiSkGI_)cXS+
z#X>k!fR=Sr#L4tSz|N#%%M#l6Ed5EvH;0%W=XJQOy$#eX^F>q2F)~COkpu=f4=JAe
z(BfW%WzJtG1!AJ3y4zR5nZ*FNtiIW69?{iX^sm5}fA!Bipvgl{9-%0T>a#1J_Ob2O
zuP;1@JVC`=lyGfEJ+te%p3N8T1)iK^9g5NTm-^e4?R${GDL8bN*H-mYwtv5v1S>j-
z!yX@10qwZYw(UlntyA0JpmeN~R%bzEwAG};iI7|@zz_YL9lTrqg1aV}mkY6N_3Eo|
z<6%gkJ$9iY&_xqyBIZ#NN4i7J0NQ{<=hmcRqY2p?ze|vg$HTdu77G|wKR5O84cJKq
z1pUv^;35(h2YsK}1jp(NZ-AaUaW;C*y84ExVJOF901yqF(HoIA54PH!!d&zaJ<b%I
zW)4zMykrKbnbjEPz*Pg1=#>&XhiHJv`701w800r;;Xd?AQJq87Ba|5x8?5Dd9O2@k
zoZhI|fc+n?s=0p#a#^cyU4C`z6g)kUu+H|dw2LS{qW(9j9~)HZ=e2l5q#YZa=$WCZ
zS``IJw#w9QF|m8+=oB?qRk-{*4B2*PP&Uyw3-#+8&eBodA1UXUKdi=D0E;$UyyY!U
z`hI?FxK~!Gn94RB-(*TYkN0}lGC`vpL4!`L4#-H)US8!a7d@Ui!XLm`YgyVjCG_&B
zQfO%JwN`A?p~6z1^Fo@$01B#?{P9&?$h$&P0o>!J037@1eXcQpqUt57j{9X5`HVyw
zIO=Y?xl4u;EHfiKiKs*)DUkRV?zrmqK0)UCt&Sl(xVubaLkTj&V^Ma|k(IZ<`dpKG
zFR2+!vRFtj&3eW=4^)AF%j^DhHJb>V%uuq@#~l*CpO>Q(RNV-{8X=T62_d#iG0r6p
z!D^~V!JiZfJvTYtOR;<QB<mGwIH|h)#IqmPWFlSLSekyOc=TLR1+J@8WlR&Nsc-tK
zb?r!+>lEWb@plfVSNx9Nc~;#pSziR4=o!m4;n~-XRw>f94Oo9@mad^%urANCdyY?b
ziN$$F&%epYxg8eGn^^yTIJY_SqW@BudTxd#KE7Whk`Jg#8NGEv%hH|iuCY^Y`h*KI
zy7ip#?ivshu-8Rr%tCQ#W6ZUU31#`<3dD)>I=>Z)VXFKsj!u`#$Zmm(@0xDxy2k|y
zIK?mb$3x%ykzVg|s1e;M$oTeSP%2!}7M!kP$Tnua5f5G6?pMWHMn%6ZTzPlaVLC-a
zypwXOXEiGfp;NjshIc~mAw>v{s=@pxh3I8EZ9&&At89zmc%In?ip91t#>lDc(aEY&
zTFrCBBg=N~98q7%>c9{7_P*`sdkT;|J0}m4y^;x&F?K4Le3&+RL^B7E5PY1vn+NsU
z_LWSxDC0e55R~`#f93A99%5Zz(HR{XRCs*Mm*W~-4~XvX49x)F4pG5%c{l{ejl?rN
z9Ix)BEnsSg3zD7U-r7!Kxodjfh%M}*m}1*}Ggb2D!PjKY;%Ul|89yxTzRd<|T@?%O
z8x~@&oC*24NoEnsg7j&~+@`U@n~);cEu6cNn{x}xur4`F*tb;9PF-epJ;T~6yxr9&
z&3=Lin&KXF|J*KYcM02hBhYJ0sB@u&1FS<Tw#}rX8>Uvc;AEV2Rl4jpdKbbC#e;z}
zSDTTFuhZ(a4Wy#mn<#ON{*E$_DtAkE!PzaFADWhSh#o7zo@n_Blu+O8r#1WnTl(Fp
zsHn~sW@JqPs!qiRuE_w~Q_-v7!9<H`fry&;KoQG2@~OZbHOw$0SxitF?GI6Rxd)!n
zz+Tx~K}PM7=x2$LnUc7CM>dAJX<A^ACi=v%=Z1n!l7fq=jw~)`C^Wq~TZlYch;up=
zR-~M?$>^*x&SD;it$PzJ5oRVXSha^-+)W(LRho~m=cGVNZX1tysD{kk5k=3sGe_BY
zJr%CGv&x{kGW?_&@q#%1{NXZsY#nErP?Qy#h4$yrc8S|?t_MR{Zd+<X<7BPE`th>&
zQcEYdxC<8}QMp19J5?R&AfH|Aa4vRIpE>0J9GE6x7Y-CECgSP?6F5<QD13wy{^Yrz
z&&2L2;E!zAg9}#VP7W?qZ22OB*6}%MTFA)lOi*K4s1~m1voR7|q!rJq{>ERn(O5H+
z(yp*Po$1EB;<;1duI;x_t`}l^q|6`0a$dw<D4DG9x4`|kQw@1NXvcqSzEpH+8Fb(u
zA4Xhnbhs?o?|bjj<)k{x6)Ih0DcInRWzM@)gzp@5#OhD$xEb&{<^_^Jl3m<o;h(48
zVai6zKK$u=Bm`Y};k$qJ&>9KuarF^khl`5GwDx}KIezNJLRT9wT!BT7%-|>gEwMK-
z#twJwg-^U=$Oq{Eihu3)NTs!AKJA1Q^YrnG&VAwB|GyYJp^g!s7>^_<^l2pQ9aoO!
z(?`1gTM54YU2+PXv5se1;f3`_iSj4^y!-Dl9v%H;A9_9ENFD;ymjNOj^@)Uc5wNDt
zvqqj@{#pDve_#DcH#DV?KKql^uE9WT!aM2k*HtnT$3?lsNIVLJG=ix;&~~f{AID(g
z&nMr3kw_dP7=%iRza_SfOb&F;h(%|FV{SAeZkE6mvabE}z2AsMUxY(%bmW?L0zz)c
z#Q72zC0b@uJ!8`_VSFtHw>QJkk%*iUA#3TYJA_MTVgbE`l8Ma{iPxpD<PDk<?nuYA
zv49Pae#H$EMZ}jmq33*YbRxd^_hG*B!e0@M=^=8SL$3+Lu>cAtsd(*Sk^%{{;A(c7
zhd`8<x^H_Zpips}mDf^OIu_v0rZ_q!;We*K;H;$sS6QmpQX5Z^$7QX77OHIR2_vXv
zkODlkoS7^cFLlH{4U)l^OzkjB;fa5{O3p)Q`V1!B(`V%CEC&N>mT&p0Hi84$@-iyE
zHqV}=pySo6^B$fc>u1vXyHdXkY}rwNE4^>*bS)~&t3PaEs~Fu^p6aL<E2K;F)Kj0H
z|6V26du2@VPJd$Ko=Wtv7<~d_C-dBH+UJ;I;9iqiT)L<6i3$WhaBsy|<yTl`GQir9
zN-F7)=__?jx%<1s%URX)=OFF?YelMY!WQ*S6v-A&$Zf|3frgwf0E#fE+|%K8aLu|h
zOR>RYpp$JM2UKEivvoY&S+uXn<1^4n(O<$Aki2NcbD;P7D>hG?@Ky_!()wlTW<@Ej
zI>62g0F^bV0?=ngdcLmhgpnP~$Ic$aEBSBR;m+Pd9Bbs0Ws?(D_}@MTX*@Dcr~MAi
z6MgW;<2x^Hq5J!oRZi?JfN*~};830c^aWEzp6A5d)}M}=gI;tece~Zuihu1iNhQU5
z81C*VH@(e?=fSrdp8Z?SagS5{tw`j}3@n^sazDKLB{1&+F7(M+?!me$#G_80uRoG6
z{yP%0ye*2-bp%1e1Os5hrw8SK@0ytR9vrX$3-ubP^n2=%I`M`M=(A1iGY<#EVBpxn
zD7?Fxr0YlO%31pC#r61`v4okcob8db_7aEhfh~B5*~7rQ57_h)jJpra$Nx?+J@qx1
ze~jo04x%4XjQnq&%00VP=?|E4MC3wV2uVotw90*}7Pl{8mjHi}Xx*V!8}jKEz4}}1
zE%>kWNC9JA2kt26$U}Kr(9c6<ispMh+7jiptU2gnCh+4)g%;99{VY0L^IAkJK#w}n
zkuGqUxyrL5&$uP8@5=+{q?(3{p80<MgU*|Z<Uzmn$2eJxy`VK8+RLYECwKPLAS$HT
zyQ$4pt@)aysw#nEnH|?Ln(81_86p-b^Pxdm3@^2NJhJd!(z+yGmLsKQ8ltGN9PFV9
zcebY7$ki~rNrNY?K04E_SpQ58&qlu5w2R7&%M>>QEW!eol(7@`>pf=A=Hd0s{gjJ$
z$@NU-v<vNmON*1p@dye52!>%@2xg`iT#B7MHibU*2wPC&n9Zp!k*D0{yZ0^Yop7BC
zW2Y*>lTJuy@?6%De7ZK{$V~WuI<h;03XfsQgF8MfxT})+eVhzx^N^UN;9`ofW4m)!
z`klR@CXDn2ZlR#-QmNj7PJ^JGjD5eBKYb|W&&E_}-waRx8A!U}f8vqk)Zbme^`b=Z
zwR`{R8++0s%DK~udc6jY?DvsD`cYIxs%Rb#wU=fhs;3dIelr>75u)?_BP#XLbM#LE
zmYd9vQ?9Nl&YeJwgfCbezx-2;66t<x$>VJw6@ao9CielcPjMBg>S6d|{EYF7M!5c>
zs}3s}uC6r^g}Kk@6dnV_h}h;lxB5TQDwEB|ZqpjPwB;ZOPM0SxkInlmVR6bZ#5Ts}
zsV?hkS^-#P?;P@T$mmCcNS4bk8g;F>iIU4EcsY!;VlI~`*P}1jjnEgHu$WbucWHUp
z%l0+-y`?$z5T|PL@%WcWg>+x%w{bL8VVz+hCl7r~U|wocL8$WJs2sr*e^lPk7#cOx
zZHLvuRm+xdl%)$gNL!BJJd-PtArBzN;R^43GG!*BNb7#0G14EW&J?gSY5F-#D+h$@
z>KADkg+SzVEnq~EWd>Uphq^X=H`m8NXuC=XwM3gB<VwWd1Ww4DR#Hd!_K+q#cNc7-
z^7xfUD0r1JgdF4Hh)b8GEfX(1Oe^+@hdJkFKlb0%A3Dhx>E!Potp-}>#Kvs!aUGHI
zSKH$;McKKCLx6n3MeG^hRRD_7k;Rs2skXf1;)8NT>tjuNGwR}s`v0lYMEi2Te3w-J
zOXxeGF5XscXQqwCL~t}a`6b9q?I+2U^X1yOHrBY`jhlerCm8l+BJhL}CG?p3szBI(
zHXNDPvRk~1na@&J8AfwslHhCBbRUatI4=P-@FNKLXiK&2jOmWiIun;56Q%ScxO}Q_
zTa7i>CfctiUDn51UdS&{aWtK5>I$_C4=>U<tTtvv)8a|nDeI0Im4T2&xEX4aGn+UX
zXBN@6Cnp*LZ+k6QXkv5ZfPPf>mkz6zhC+Y`%;{g2G6j(t6Rov8VI{tnCrOLLVLdKF
zq{JxFFTgw=esCSmIL?6H=a~cs@xa#fg^Ip&zRUWJldtJRfx8qy)=by)KQ4BIan*e<
z=oTwwQr-PFt6v)YTCSWE;|?CuO;HNI-1J?>4<mm~e>i|k48qB;5`M0h=g;e@Ku%19
z00I4g@zbeYPRyCWadoOvSxen(IqCifEZmGDZTM@s&z~4K!7+WUIPiB+Gko37J>?C2
zN&t1Db+l26f?fwhkPAEv>iSn|Dfw!{V1l%ljN-LQDnTwxsN<YiivT;*Gh>(3mUlP|
zsrmumLYIjyeu+WCfh@E{KZcGTooOoOpG*g>(O*_&GdhhyxB-0S0^|d)cu!K}joCT#
zGy`8c4e?F`f{8JbjZV4XYM0la7*Zn4gLXYh=oQAuyDQnT)|GoFBQ0huH`DkTr%p97
zkv&{TzMDdVznA3+gNK&<>@Q{|YF;s?w`uc&nyzUQJHxuiCP$abo3C(am#opJubI#o
zXE#?5DCj*`e(aX5%^a%t%-4p;H2<AJ(hZ>|K>ZnjTOpLXIYX&jLy0lXm_enBxyAct
zi-b9^r88{hlcQ)6oPgw44m{FO6oJAAJs}R_`S^#*jo0-m0_|V5?+HO(JHyd>zpq|&
z1WI8BjpVMbvHm&Wm8WhHA=cV*`ry_qcwgirOwa%p1M@jIyNyjgvFeua`x(ReEm_ey
zjQJFew*HRW*FW#`-m;}{&b!{KZ~SP^j-{xdf84&T5=R2pdhyV(KJ!T!tj5bIo0)d!
z$k@g(rsmcU?y1e{mhmx0o?1*;ZSIb~u$N<hfitL!C78I9ft$GJgZ#%iBj(WZGmuB_
zN)!o*75J~FqZ2isIzs9T0z`%s5=3<7$GR21cUieJ08Z{hhsYsju35L^!)rPZP*~tf
zulV#BI?1wq_6)G+<8LlzcK$v7AoZ{{bWm-8_z2nb^jkH{fun4*`ORzX%WgWo-DS#g
zU9UimAAJ2t*EhPtv9)A0t2j70<2YTEAC?jm*hBU5Z-#M1SUeIcIR=uAfR|8X<3n~M
zrRyV^|6&o#WA6|~KHf7&0`YZTjsUZYn&5bB@JIh8w(9!<skFI&cVRt)KBUD4mc_At
z&eWg|K&3E0R<pKTU17_CziI4!uG@d)*|)0DIZ^fyVf7ud>DA|{;zN{ZYwvRy^N?f0
z3V%W&QGUtz1$^@D9H9!$ug(w|d1uB17K@+nG8zZA!(@#;b{hG1`^%cW;pnN6_?hwN
z@mVHmn{g>=(r377(D|1C18%_+Yx8!n@7tgSsI7a_>;?zK6+qHgs7a|1&PiOqjB&+p
zW0#{flMlg|Zot*m%o~AFqpE+XIq!xn=5H3~gKm)8+2iIX;?J_`8LW{SNkC8{+Aveq
zR~xNW_{#fFjf;`hsIdLLTk3Fz?pZ4*MAv*hUXN>vLU%0V@7+Os?!S8WWG)*>&x0BW
zUpp*-nX=5*7qrF{W54Bmtp4}g`Ph)A!QvZ!zLN&pp(bsINi)IYoKLVNd?L6SE<v}j
zj;q?eW|+ERtORz_*XhrA{`JLpra^ksO4*T#Phybg?4lZ&@H=fB`xyxcA~pgZ;e#lY
z^}e}41*u6A<(7w{aP~7^31ljXV~|2};3G3K^GUv6`AvERvmKrB-B_vW6Nzeq4vg(j
z7h(go{4~ik^`zPAZrU>;Hv^PbUIvO_6SKKckZrVqPmL?J@+QdwEluPm{~Xj`4H360
z7i&f7@?tTSR9slV`kENunnTJmj33El#<7Z6fzQdoMQsJ2LtS{xyQs?((i65qTYGc?
zr*P!Sk(SCKjvpV3{RG@JBeBSTJd?dIYFWNz$prI<x6Ou1<SB=;%$NN4U-reMDaPX9
z|KvMtb$kp|rN(lSnUp)vb29VjI7Rsue<#qc?_BUAJQ|d^F6z?7NU|nnM%I+Ls#0bQ
zi@tXqER03*;Mmdq;?xpsM~?O@XkQzzXA1N3{=ZC0jbDK_oj`?F1kE*U24f=hcEDlR
z4A(=VS^Wo{;DUIYtPsmB>AJ(KcpG_z41CXne1y4*>XlQ;4?j|*JFez9D6Zm$80|t=
zh$1!BKbU#fm*wm&(U;}=H2L{@IO}V7E({XbLthp}lo@#H{Cqzgg1h=HaK1QZSWjk&
z3iSw@*1G16^8`xRXCEAb&7^6=ER_r#vg84#ppHM!6X(Xi-ZaGqubIR~VlpfsSEa13
zm}fLT&)8-(%9+>qgfOq%{B@uzD+HGJ=yCOwf{bWEN%PnCI0Qg_wqG3;F#)EofXRCQ
z@~_YN#{3s%V74R27MgNlkuXyv^#O@aTn9<Bf==SvU%(DcK=6<|w@zK1Ao&nRe<dS$
zfnL|28J0NTSzs3x`E|k~r>*7(ztQx%76hM$TmAYWaZqREVTpt}o5PC#Jp*ackwPbI
z!5dzoqa$YOrp?o?(LixOslR#JVe!N$E%jfEp(nxp=&9Mo4${c!k&@ma)Z%E{A)UY;
zBcZz9Aof5zS(=fqCxP`S^O|)t-uJOB9uVYYy0QP=4Oa{{3xc0PAuNk!V2Gh(-+MOZ
z?3Qz|VS_dNRZU0CYg8_uFbgQXYy0ZgcX^`FVx+!Wj-V<&w5)i2j{<TIS|RZW=yeZN
zRc5@W%vJ5IgikG<pa&^7WW3znMreYV&J3d-0|PlnPSVo**l$`{+a@v|<43bY#N%bF
z(*mu!Y4f4xoxMTQR#%2eBTvS2jSQqN@W82Yttac?m~0Xc-FBi}Qf{HJ{|^L2iJGAJ
zJ}g(F+w#9b3>TN`f0~VxbphlUF5b$5VQgf066HC@l&_5Rc+iz4q%C=f?@EwBw1B*j
za2o!Aef`e2l*FkVo)UrSw!D}pU<F<qXt)jjhc82}XJ#Mv1B0J;Tkt_#6y5~Z+wf`-
zSTW6zRHDe>)kl7gFb3G6h8(v;jq6xL#UmaLS$7LTzDBzqktkzMUJM_G=cKD>(`OVl
z@P2zM6v)+8SrUYZNWFDx6?Cg#N*sRg+1)zcPsvVw($dS}1%Yv=>9C5QQz>mH6|R(n
z?+j%YYI!i7ib3j{7(F+h&)gk8Hy!qVl>Ge+ICm{hc50S~etR^A702a7>iWe5OL1wb
z>|D+TgO3-DaB<b^V(T-c=}Qi-NsXEM=p>K6gnG7DTv&W)5QJ(Prady6+Eg(uo3>6U
zM!&`(g1KSH5aHO|+9iDM=o-)4)Jk(jfISpzmn#9Q(+bsQYAfRrS14=z8PGLkml%4W
zfoeHA?$)<b*J(Lo#~vz@?EI9frlhFq&rYdwQ8SEuQcws8v|H(B#ysuxU|*5m7P!Yn
zVba&vHo}Q9_li5t?P(p<oPS1Sbao#~wY2K(qa$V<X@TA4=>2>*Bd@yq#%dJ+-EUin
z=q7e*iVUrdrG=c|_VZm6fd{h0Ix%Io<tu4Imlg!P`L0tjkg678R|x4dcJ%N1yQJF@
zcb5M;XF8HWJhl7syvJ<u;dZk;i%A)+8O)~8TSvGS5v5ub+1RndMms?&lO~0jx_Jlf
z^U_FCh}n<;n1c${R0XkJN_n!DS6uTX?As|eJ6{>lU?x~07iAY!M0tC<)}cXvi|zkQ
z=3G}NdP)W{`d<>k(8E>>r|N`S`fM{yf|l%}ZkF-r_dikG)(sU2^j|ym+$ZvWE@4<3
zosmoEaxGv-qi`>I^#$fF2`Cyz)EZm@32F@^cz?(m$xucV4gS$E!a{>9nZ8W*GB;y@
z^X=yM_{;4z(!lI&wm~I3XFo}z%|-r!Who)DpBdr*K(f~2ry5yF9HAfl$VND;VaCiy
zfi1bA-1nqm;~mA~w`}ZfV`=K0!OYk2dti|0E&njBYXFL6ceEw)Uev?&w%pTrm!|*C
zs&o43#MJk_W9mtY>C0oArAy6nqL>@mkgw11=@~>qEAM`Ul3dIU6xYbQs1f}l2LJs9
z^xn7(MoV-Kv<HFFF)8uPI#DW##{zl3jjz*|B`$)}>_s`vOJ9pJ>RZC_RGXU#`yPJF
zbZl=E5*q91YGwCy@}W(-wuHs9(Q{h;o5}$TYFAt#+!g~G<1&h{7&)*@btd9)HZ%5>
z48UKA9ebt4iKqRlu<zZnn+r_A@w|5pWzaKsV7JO|z|pLt>O&*?;hwKH@;8po8|UPe
z$x+cxli4YQNH~h<>%QXqV?*N~@XqfzYtd!Y_F`sGzwluUz8Y5q;yjc5*|z%mRml-!
ze24-u)CrL<Vz;tW$wPHxWe|e70ou&Mo@I1o+pL}?oAes-ajUS5K@w#$P6dYDYM4DS
zSFR-Ew<-er$@Q&5=xnajiRySk6p}GE@_<M}shwEb<exX(Dtl-KGtbbyScmtJs9#yc
z&%8RD`|4vi@WTk^!RBw@5az8;cW}N^!s-c%NjVpJnjp>fGn3KvMVm{UgfV;Ebk7Om
z(s$<dz1zz3nZh$nN`v?Vdnf|~4p>=5Unw1kmRj>L7iT!Jdzr2OgsST&F%6_LiHZM;
z+G2{)FiG^9r`mnQRKsZvVu4p=qDW_&A;oTT#8IbZGNNU|#QdY^ToVdUP6|rAR)^>#
zr_Yb7Rv!2r8KnkkB7(Hwpg#Q9dZYw*Sb-`&Adi;GiI&L<>rWh$Mvy%nm2n(ZzBZXK
zCB1Qj=zw)&1``kL&=7tFvEs0X;fO@EiN-(Eism6~v$$(X=klnG9$Yy9&Z#U;wm4J9
zE)!q#(2{XnZKpqcH8E}$4UV=f4k#ZR86*%($K*uE)F!53DuOUQ^~Op?+Lwre0z&RJ
z?Kn70-2O~c7Hd%zyS@9$dU!#!Ik=A_e`pelCx1vL#uycARO3Sdfa8(3Hegyqk1BRn
z`ufF>7d!uM?~;@L$ZMRJhM3?~7U`qAPNBW_B%XK@PkvI$oybTkJ0H{hU2n8t{o(Va
z48%|VzH#n1ecRkT!U(`FFOfY_>oc!!_>c4Xs~K^t$m6RvKq#vsJmDLbvD}+5dfzd?
z%x*O$!|q3M29&<lz?C-ha6e^VQaZE6`1rA@BcI&=;pixU;^?_8P^27Q;Ba?$cXxNE
zxVuY%<A9>Y-QA13ySqEZ-5q|ue`aT1<n3;fO*VNxI#Iwn(=?K{jqkg1I7P3zcqI)F
z#-;<-InTS+S$0pQ`s0>W{*;9WE4`BBwL~S*0TXYc@8(^7rUJJ~KQvYK1`{v<{#Vgh
z^RDqW!&?inLO2F`A@(xR1n*3BEm2E}fb}Pd=wohWZD!eBg0r%drR7*7o{!Md%3W<4
zFoVwZ5%lDk!My95eZNBydXQgLOO$*C7IvN4RF>MJQW1j49Xp^!2LX>_g>h_~0Nv`a
zX*zMcwgKQ(fz9pJ(U1I$5p=F1GWc+Yg;;N1jIA#s@wUL`k`I+)s!}h4u)b#NxT0`o
zid`sVjhnN2e0-e(asJnDzX*408=Ex?mancd8FTKUOR*I)Xq{upE3j%#Y%3A<q_<gH
z)PudMO2pa&1-KTFV-Ew}n2Pxo>Ae=;1Ld&>vbP!0*vVCfDuIZt`Pn>T^}WT|NsTEr
z$ER*BoLp+S=iJ0gU*lBF8f$!tSNl{92Wy;>_!H_7j8`Xy(`>vFU&@*iMVfzlN@}dQ
zbFuJcfY=mc@xdG4TG%62+!;or_=}g4{<sfh_!(z59|cI@W^QU0_{RIFFt9&Hgog#~
z^20NsoJ@77h09rs56_Obs+uFJI+Kpw`T*UZ&3e}>E7I|$IkPx}4iAgn&7|4@p>_^&
zx1NPcmpV4*yRzvy(7yAzMT<+^^=;<U*L4&C-IHt?Be+$TL_;7U*oJ|?uGw<gM(-=N
zr#=a*g)hl%z#V*DrP;gHMjsrs=%Mv-_-(7JarNibNIlgeTm%^uzvMB&M$~hoK;Q7@
z(iJoa)FIVzF%JF5tp0-OO5J&8vsE4&H?UV8PTAi67qL;l_A3&89#RGZ?P(ul8Cnp(
zAN$sPN`R}`l=&DmhO3!J5sS#YSZ%;_nHgj~gsA%<jk>fuSk?R0vvhR`y2dziz+0Y7
z3~WfmzbweQv7-n4?TQlFsDufI))U=5TMEt*!L);KdwAV2m|!uL?C8v$m%MK3b-g*S
zBfbz)dOP3}^hpOdAh@cwvBDIeFkud1WccxQYZc`nwvXu=Dr160E2*~@a0w@aWhXNr
zZ4P^?qvEokx0?mc(!mw!Z;!fLyYv7pJz!~88vMULOU*9-Cu91{Hu&B+dcb|Bw$1=f
zS`p>EmQ(b}lS$@eLn6eYs$~7YT9x*7oUoPhA(|TEs;=K{JKr^u={UOzj3oFH>($;4
zal5SZ!Pt>5s=RD4g1fiNg13?g&l}5vk{aNyO2Bj2vY@dB*ijGbH<I*zWvVt2PKnTq
ztJPjqTL2mP&Bm|VNl9qtR_4>~Q~1~b7(J}>>u9!NL0Jy)q1~8nmqVTMYL0~ERHB@7
z>-td3FULBZ-k0@02r%h_+R$BP#%2rC>rCWgj5|rn$UsZ2k0m(t(`;kT)<(<4VYbtc
z9upx-hkE2*#X5=k_1v?Yt?-;0ewr6Psj!94ind(uWa2UxC&<>LtcQlM;ZS`-k9Y(m
zhm)D3E%-gjlQ#GEvTz3M8DZ4RzmBDULT~eUa}FqKg~vHZ>z$$+u<A{!V5cqM5mCpv
zw^Z%|o0sJe#ms|?I8fMq_`uuR5!FUjnqcL>Jzz*<tXJa#1O|kdNC|K`yHB>15zaY>
zwn)ih0fO^x`Ena!s$*@K9k#_MKEAHn7mmBbeR}q>aUXHo-dj!6Uduc-fUn+?gBNXY
zgQijMavqy#=Vxm^v1R@O?nA!WJmP5JOsKQ_XrZs}5!-OS+<ln##*QX_2-pCBvg-P^
z|3Z+6L}Ax$hY4~=GV0~?Vstqnvf-3lc31(<f=4+L*vEbXaP&8Vi0VVCx3jz$eHKNQ
z95fZ6KQep3wFzH6`qS9ckABu~yYgWz-2PxsulRfi8GHJC+_sBCFIWJB^uWi({7HFl
zK^~`L?*<h|zJBHM{j&`Zsu;ODayaL6s!NyinSdm3=B2s?v8BtqT-)U6gDRNPtMt)V
z;+`8p6}HU5@T;|U%%IP!Lc_58YOU?m$&CL}K3n_t!0B8f-tu_Lh<ACR2(wqGJ^9Hb
z&E6iY;my)SH+hgS#D+Tw^L{*jDPzC?Y?5}hzb2d@idEBL$I+)Tmy1&+mUmB@QYoCc
z!oq`~a@`{6iaQdl*vgXY(@<6K>vGgPRT6DM5ZmTKB<_l)P5=(`1;BTtBHiMY<*3Hk
zb$n~dL+X9zAM=5)^D+Q`_f2`iI2`E!gg;6gQ3&cAfc>ADZ_Y;ArFZog^N$_zQT({q
z>=yrqh0sS+#r_Nq!-Ml{d73f}_XCVSGhLbOX{n8wLx!V!9WqB+7u#BF^&O}VXE@Jy
z?NICg!{)rI_5+ACLGK2P+6ZaO@IRebr6K879u8jW3z+dcXcY<swF{sj=_Vp6AEXah
z4d4{RPHivLM2-6_DZf{i#oQT<+P!nH-D8!UYYu|3rIP_#1a-1|eUK+hV<EH$_vXpt
zaYno*TD1kKs*$r1A+(XCKqSqPO&9bUe#4`N<k^h6DK3$P5SsOlQWC^2XWx3&=jTsE
zcfJ$o<NemmmuD7}TXVB}GCUO`>w9mQ!_TtCXBOS<6sF%ff2hIYVn2GxC;Gy3{(XUN
z{5nR9nDrGP2R*dopwa(_{CBUU_TpDS1`K1Z=9=2yAw{l5cfKNkVRGM*g7#rXj_`$-
z9d=i>(HG~AlcOT1*zxcZuk=A!ec1+X_H=?S2e&UQ1besmLyC5Up9x(47^5vga?!RN
zQ4ca8F~q$zN*1CCCyQceF>h$jDIt+@A0hZ_kVk8j2Sgt%N+xl;|7RC)vM`~Ud^ke8
z`BfE@?R^Tv`&%1}Af5tR+8USLHc%N_EqCc;C0Miwr+Fi<>BfqJfcQwLc-CEp(4E~i
zKlfZ1d?DjLEZPE=tr<ne49z+MnvEEHOS{K#F<MwvD)AP9$QtB4lIfwXe97A@hR{gw
z;Y_?xNJg;09>cWhQ`4mCaqB{Q>fLLI-8EiZ<3nlu9>x@B0ZaY9sd;h6-yw{VdN6up
z=0Em+CW{9i@RT{WL03rRAE<`l4thj*Djg$(MRe6<t4F8X*G$OCd~-;}9HnMS_ym+<
zbMy0yM1c6tQe}E%dt_y^!u_~bHhZxPV#kZP-wL-(ac5p<IJ*ZV+pVf86NYjCIU-o6
z4Gt%$5STA5s5BxYTyoKKn*jRko*Y#ZXY^K*yCdcPe>niOrr#k(mF^M<j+F4}*+M+{
zC7le-hzO=jlg(Bktxk06y8NGE&+`3boYt{M9D<y`{n*-xd~vI8Ay0Eo_)Uw3NyZD)
zX#}VThe7-K1AF(3Y66_Kd!03T)3?{R#k>)bg63`iboYPnQ1|v0eX5HQ&I}@*RXZfh
z?5#Ci&dmCTd5<d%(&h`n>BV}-r{{%{(r-h~yTz4`G;|=y;f1LZMX)6fK0xLU%sGPH
z=EBA9uJ#69;$jal&HYBp?Cs$MH#_z?Q=${Ijl|45C;!myaxN~Hq{bw7J4Hax>{W0C
z2=qx!=BS5i!@*LWa=oJdhk!#YQ)wq@G}+A}>w);u&%_%UmnotmM4dHYheFO90!@Nt
z74;*tcj6BKM_hW+C{|icJNJkS1k&Myd1|c`UdUl#EB|%Cr~;RUrR*{E$~$(<rHa?T
z#V3uJkT$QF5_fpaWuq?gZ~tS_d8r&cF#a*?oSgTc;`=S`vjps9&O9Y}NU6s;#zi)`
zeAxh<o;Soa511Gcn<-LC4W1+Zy?x;D*;Sl=2b1_qTt9;T%QEVyr&7*b3T@tyojfc?
zZ4bno|CX1S#$?X21^9Bh$2qy`xB2@hZ%F<$Kt)`KH$;t^f(lJ;(ntpcyl;#)TVmA)
zyhKZ|tP#+G-xhuXa|a|RjT%w^nEr-+)cL){4mR2a675U_!D~#yeK=QuKUXu(kAk5w
z_UIa6pCb|A0e-sz+)oOZXNq{p6oqVI9^K-4)%%1UAS0K4H;L_cex%CW7H&J#9E~u&
z#HQg<mw!;64EV6{K<xgB1u^h_(r82zeDyQ<V2VlAb0ki7GDq~YYy3E)m(!a6Uqcb<
zz(GYb+#p-+!_QtU=N#)klg>JOkVpfl`39I=cGpz2e{6HreSh1`gk;FgC=IP?3IzW#
zwX4V2og8okl<bN!)k_(|O2zc|Sw>zRXhVp|3s3JV6jH-u)kF!frJ-Z{|F=UhVEIRt
zDsy3Ld%UJ>j&Z+>Mw*8L83qXcKkIP)p`*=#oEu!u8RgqPG)(Wb*prO*Z9soNoXN{k
z52p9{<Ss>@K%jq%g5e>rP=r7hRb*B$2EPAwDmu`go-!8xb2Erc3%@eIf&vGl{d;tl
zLcbx?AlK1N!5@c@5QqhpC_0Wl);2W*{Sg%mIXQ)*1RB3tvI#vaIWxV#G6if8!Wq9>
z#tk9=p&ZOw>{T5USjP32ud9v{xOUeIF2}3Z2#45>7J-W+vL0M*2zGsaBK)&$l6&gF
z)2ME}sG>Va@RU|5y!RW||6kR_)aYOqV?xIv)&Ap+xeU|0u8hfNScu)|{GZe&<9_{#
z#;;ddLt8vbQ34feOm+0RKx3WXR}^l<A`fB4uPN+*h%9qyqZrk2OH^ogC-1`mX%wH;
zvgqM}&!K!z9dfYD1^V}>UV-ZUh96aIQAHA@60eFXr2Q9uIKO&UBmjA}6^uhuNui_X
z<A90ss6m69alrR<(!s2bQbxvkTz{}MN<bWz4>>%_4LQqLI<4p{XUg{Ku+u9Rn!3Y&
zOJxGkUq7wq^7sezOC96Mqw@;$1g=#9JJph(JC=Xp=+%L2yjQSEsp+dFNAPweRqoFW
zzF?z;AIpE8T9Tp!UL}6MF0%v^`Thp_pUWCOdVfN{Xyv%dlKn@P&ic=$7cxW1n_g~p
z0(U1{Rj|wyOsktaUG}x*$8}kXQg<hdD*7L9=2gLyoE-JE#;;H8$No_QE`nVX^Qd3m
z5cKT2$-`=hzgpz(j0fK-rLJvj(SEI#fZ|Mwv5a^e!iRDBv@jEBL>(sE{JHx}3Zr1y
zc!$Rxx4NfP)%v@)Ia4DJ4|+9)7C)tgk1hd>&ry#!a$I_yV;90Af%!Kc_o_sD61Nt0
zS~HsC^0#?p^Btd6&2LYE>>w`xQ^hR_fhCv_9)%5veucfSPMhh7q?S{D@QVbE(>Z*T
zkTy~PFVrA60VIo<KE-H%-C@YwIN-)Ufx!OPFe$+9)8K(;*E1=&UJ8J(t8FptBNz@>
z(f8q6vj?YUT^K6nJD9gK0V(6egJREsPNI8%%`KCgr@y1O*xrV4;Qd9&{@CJ&@u{K3
zqbt`I!jm2<pL*4|I>?*>yUDumxxbRv&O8fRqpZ5u0kOZ<ecI%VIkWl{&+eMVO^PJ$
z0!oGfe}@6{sj^JOA&UnY{VrhtA|}-n*1pj6_j3Lzj$k6f;BG!sqHH{Xtpf+p!<Jkm
zI7PPY%Aay>NzBulycdRLucWazXCQH)_JT3pLn70Q$5{D3Yh3YX1Mi*NTs|#-^!Bu_
z=kZyxl-7kFxXtr=Zq<=x=7SH6dckxx@dn3oJq-b-flu~0csD6_<Ud~%2LFWLdumcC
z%#{iULes{ku?oPlv0F~)jxjp@UCZ}e$zMwx`P@;%#v74(TyFFpi;P+{#HKsVo-H}2
z<TC|Z@vYJYbvi*tcc{>lxB>{atHWp(jlz*=76P<Jk9J{8ZTL!3h)n5;aX`M9MP=xR
z0zkvY2E*!K0!^v=5a#^X44fRh+0`(-7u!VUI(=$|>|oW{4E<1=*>S}isFmUZfTPUk
z!}Q;=F+@kvEFMHYGtaSOM*}I@In-a5-?8ibg-6fN2&1wq3`SyFRB?r@Ya+JmO?O~d
zGED(GiD5s5h(@unY0WRUAR<UC8k1OF>(g^uF8B!91bfFC`-BRGXn@ZZhS|dj=`bnJ
zZ3SLj9|`{@BlvS4V{eZJ#IT2tDOKKSvrSE#IVfqmc$fBX8tx2N2hai58lge9ofU>n
z)q&kXv)C}J#OlnT@*gm(;_zAsqC|Gq42TVK+QW=~1)NK6hGf0(2|I>qCRByO3qiJ2
zXZ`XW1nSJXnpB7le0sw%oyxd2aW)OY5dXj(sb#>@DpZ(N?FwUyztVU%G9|iGOpJ&P
zk(&LCHVNEIiQ4sBslf~E%WuNoC*2MGWk8I|SeVtQ=9v%wPk@eL$F=0<f!^D#*7Ip}
za~eJ}a`l}RDU<F{@o;Oosto9-ONN-KraP|a_Gw(5p~2#!IqrQac+y?Vph^Z*-s`UI
zFT>i<qeINxD>r+TtHFkuY+Gbh)g(d8bk*raZWqVpU2Ov!&0;%Vo~Dh=(3=c-U6w1u
zeCF1$!O@Ej2Pf*L2ULaGh{1@NmbvhUYeJ3e=XFN_HxB#J>Du3FblJ{|^B)(7DQDS@
zH-{-dtp5JEftnDX*Ll1&e&&eh&FhCtf3XJIm7`=Vsn4V3Lut!zx#*8h8PNsV=C~`_
zYdKA{C(N}aTYDf&XXFN>HF(hVwpwGIBEmPe+p3K+*FG^fNt@7PUU91O{%cR%rl@R-
zbVs4s=5-EY)eTGJt2Ix)67&dm1(+^`$?9FIPd<IKgbpL(@WSiWIRV<-mx{F`4fAMm
zQF;@Vl|Y}>Dz4|{9Y!8h{7kNu=NG4x_+vb@2b%1;Wx^ACIyV@s)*%<0S^i=m^R%Hk
z=#W4`*0M9Ie_dY8`uJ!y^$tJVnSgCoVP5=K-=bJsY5h~&Jmt+Na_R-GquQTj$}Vmx
zxrf~WU;8%u_lqJ^Zf+{FV_>*ZgI9(qdX@HMwGCg;+uMlx<*#tP0@V1?<^}LFw;QVI
z<G2^NYJug-K{a)TLBuN3&|0&eE1jyT5&>y}<+WB{-@IN!s%ltb-PWif+9b8q#;~|4
zpnG4X*&&aO9=SdLR@8Z4CZ}NYygUsv)NQ?M$}y-((B%pm{J_rW;lO+&yn+D8vO)G%
zWhem|lxliJTbY>uCD7O$%C<H6^(J6{qOW%Eiuz^#-c-_+jVq@>!x4*1O0Yc=;L3i@
zPE$;bs)wIJQ`8plBeSS1#}0`{Cn<Hs-o&C&iIz>u*vyEgX^z#7MC4W6_2ls2cMdrR
z8DF{V0loTB89Q@%%naFIy<pvftd${$9;!Eu`4>^=BZS@&8wSF+$w+{|%@6m~_fqb3
zKcUpvA$F!8oB5aRC(_2$NlWx&_pX@JkJxs`#hp?Oc`($$TIrW(j5=49xp=NCeV6y-
z&@WK-G!sb%gWzkcUz7&R1^X`{^J)EL@x|7?uX2DJcBY%>H^?;Ly*(<upeNg9>-QLq
ztB<;{?GU-1ZytZcwmapHbxrNio7wedbA-Hq6mFhUKSO1)f){7{x@SVEnNyhOy6y~*
zu2{h$mVo<AweM}HXc_RN>VKrd53C@1M%0h!<>6O3SbnV1%EJ%Zm>t$=rDN!Kq!>+`
z@yEG`&h{j6u)KDBmff%SOj(385|#)y7CU8P$RCjdC_UkO=jeRW_0;;gChU&Y59==J
zublrvr5~B`?efWGzVj*eJ864(s2x~tzlhClHX;tOmA*yK_GFb^Pwaf#hs{eqciMcy
z0N2q08p_nZBbkwU*LuqV$z3tM=hf3X>>&gX+B4i03f$Z`yylC4I~#kIwo*o0YAemU
zq{*&5F0hZ%uH6;WQh%r*O>H2sO(u5Wkto=9;H35)MDA6#f69*>GZWJZthk_?3Fn*u
zPDaIhz<;@lqfA5NIo#N<y?f88sn2K3i}K>7;oA5J@gexWB0Ns9;W|M6Wnv`0=Md~c
zokbf{4|f_7w%x5P|6<3n`U`gO{pvp{$q&Wdv41D4Tr@$ge}cBAsCk*~c|_==S)*XV
zA=na7yKanq=Y~7^hN8uTG#frM@%-!QAn{bJl<GJlyQ0rziq@MuMQ>z=6Y9!XetN<L
zBU46ByOQqs_ztSXH;Lfm7tw|ByuhC#cRb8JoYb7;sz^gqv=ZNnxJh_b5Fs93M)Lyg
zL%gn}h_W_4J@5iKseyP_xahYV{fbtYA~)%L<jzeNEggLSP|CmN44{-pwgML}jH}yY
z;ulCX_m#XVdpUy=_}h~)RA{?-gX#(B&8s7J<s(I{T=Q`u>dtct8Xu73@}u3D(wF<U
zy8W5Vq?=oTm1n4f8Ke{}oO`Fm{?H<ufZ@KEK`|`Ag-NKCM23%HiXl`@(+GYJzW?1~
zj_U}FO)J*>sNt0M9;9O{*7Jqg6z-E?7$0D%x9GR7-G$FqJ0BqKf$^~SIv~m$Yvsb!
zB0UC46c76LD&2&kckPqMs?vU}>J6OY9!OwXQ0?3pb+D__R6$r9oH8K@YTzZ%?2I;g
z;;)Py<;g_i-5iW*j203|Lb_d<oU#?DEw4}QntbW1=zw_S`kS?V>G$<@i3RJo`S-1Z
zGg&Zu3dEyU(s1?fk7J!da7rs1+^;qy$S+TMNrDjcX3Rb`N9^YbE=m%Hw8Mi^+|iH#
zG9<=$$%d&TNj_t(-w%9UTh4;C{W93*#Z$^Y50C&oB;dTo7Zm1{mhV~tp>_HYp_1HP
zjKQ@DXP<nbZ`Ah8CbeHspke<$ed#TPgaC26|Jwd3Qu5U~0Zq1FZRmGc!U>&Wr49_x
z&VfFtq>#8mD|z^;(BztXNbxwkZveX(#O@$fY!*(#QqlOU6#|j@k*aX<n<W!^&G|GZ
zX^I!FNhlX3Q;ngJwuC<Nw2q-kEg~~1!4Kdv0}NIN|7Q(ZDQ-=4*OzeVJ9IUHS7eb7
z5eVAY{|H{!xti$WJO(5tA3w=Ju@lvWMJl!l?$lX{Ut$kPOlv%($0a>RV5bl=&D%;V
z5q*hmsBmH=7AOJ?!$0|-M~6MV?p)IlEDU@MI#p%#MoD+eoFpWcSI;E~3|lp>Fz)Y=
zw8u*tgnZ{0EY%O+W@Zn3!O5Sn_Q4mNaUoNE2txg1{2Nx2UM!xs$B>6u^p?M8>Ma!c
z?*(jc6bYah{|ah|`+NE^&6iwh2`p+{)9M4*ZgRmn-G4`CC0)TC#|>huoHA{m!MiTx
z*{7{o%%;r$EWZx7-q$`KZcAVZNB_p^(wpDi9H06Ps)4~ZJ#>$kntJU7XsI!aVobgE
zLZt5Fn<mq-NnP(y|0}heR00D;;-<x5&i{Ch>=n=%RfS7nb#PI)9BK~&^|{Df4jZGH
z>i7q?ww(bCA)SxW(699uK#>8aum0=&0}gx1zdE%k$EgMly9_SwFfTQVb^*50Hz<+e
zVJV2X{1Y*r>D}!54kdaK;&;jK`w@IKbIi?sU7U?9Z^4}@?&;gzj?gb<xn2mJ8yM7_
zq}K^1{cVr&wnc=<=BeRGF)+z!!sC!*<1pb)i8pgCze&Yns#QFH-CDVz$4Ye6Pv<<p
zeTA62;_9CI2m0dLl4*G8Bm9f|cvs@&KO$oe4G^cmct~~=php38yN;HA>f)dPc5rta
zwvxMGM4m}<^k2px@h5fmS;!$U>|2N|qtw!@yGojmRtjIQ#U%bXcJ#|eJX3PV`^Yf#
z7>O$$JS_H&%~_CwUZ)Ws)S<vyxsJAC;vUE{2|XY{Fm^G?G+F8u2sC!#<s6Rjj?M8K
z1>)J}V-0<AUrj=o+uo^KHF2f1p{AR3su(X-)bD&37Z-3s1T`eFxX!)m7SsGB%tl9J
z37iP}7m=-b_=BH>k>YEME2?3wJVdf9s^EguFZbf85fbySD+WY`m%Y-D21I!28q2zH
ze|1fr$@-iU#uJc7)z}+FXf>AC;F#7=p&vH4?A$`XHi+G^+`Ltkcinve{?tY&5kY#o
z^~f`^a`kWFGbV7Tsf^UC06NoSyOxrXZy;ijfZ~3H0e}CR{p&yi&IrVGEpf8cj97xN
zi^v!g4M%W&Q;nu9!)zissO&S%hPdb`(9wh=a&fMRL^_f7@`<PO$KGPLS3&@H5xK9l
zqMcONX2iM%!G~F)us??d{SHG3zFHWB99AKq$Uu|S0Kq0<WROyWszbA`!-m!vz5BG#
ztHFNSD2vQ;=zq_{1jC7pNrcHZu+eT@mdx**-557$`UkU#CRQ<KUbt{xcZfbN>gAck
z+OYiDMP>bK@pV={5|JTu&-NguSEe@mzohGa%U*+a9sQzB5;D!3H<-q92&J&>CEZD)
zqd+o9x#1-|!I(a3T)c2cN8-eOkmeedbHxSyU;zH2{Zm3uyR!Sj8T!o``k@Hr*Fv9>
zYU!>FbQS~F+D8SVMHNp3*lAA&48U)0ftYN-;yS|tvu{eiHk4pJT{Hp)J53$z7ef`&
z#)lj+fe;LgO&42n5&|sO{YZeU_pYsXbKWeXv_Dq@ERP?wI-b9<p2n*H1aH(jo-tU>
zXB=Sq&SCX)MiM?}Ape_4!?hvN4Rh~!C+RDWvAB9`clApP$X{f<ZL*`6@h%GF-#a!$
z?v8c5X6lgDPtq%Q&v4Fsy8j2>(*)G}<+s78>E(o}gTbfoS-JZ<UGO|_4auZg{HGHn
zz@$^bHX94c>ZUnt3j@MulySzkLw{h;`ycRPPyXp0gGib`Sw1da?xJKeoW&;Rt(O-t
zTMcocOqSM+sXrOnS1q<}<scN?88RxP#lX{7P_F-t-n9J`IjLr)BB_R0iS7?s%i4w8
z@@JR_U0Qo?d`2k#EySz`*@J>|0VK?%8ZRvd)A}+QEtv5-{gGo=)!x4-sHmO0jD%O8
zv(Jm)@G?T6H0J>puI(Q;K+<O%5{!-ng)uEe7BlOFnz#G-{<W6_31}0q43+)Ugqc^V
zGJ80tNBx3(Eino?h4v|?`-~_H-l5Pe%n5<-cUkKJqme^a2tW=Wo6%!m387V78u<Dr
z?{+4jKbt{{&FJz;+H(9ScHLl9P52HJVB?KQ#JsZnA0M2?Mkjo^$58bnQ4owdqo5Sz
zxja`P5s`e?x<8*u(``&ZA_e#M`Msl+dG*I%QHnLbbx|n))Pb?q$0vWtfm%9wD%cx2
z2H49CHP6W%%Sq>{NY3dh4c|V+qd&#53TpVy(OO$McF{m?KI3WyX{zeiQLPR+)sTZI
z>#1uzRrCBydKCgDT8}<MnG}7X8gsJ0%Gh-JQ&<qR^!_9PQ~K`M75$jhFD}@(GG;Q7
zW6dLfM6^Dd`{b|DST-wt#4%EnW4qXPQFBWD7I{M5U?Hq;(?4?|zIpZp2HNh=8XT!q
zeA`O#78mJNQWoS1|23;Juhm_fdKE{tB`ow+iGtOKM_SuUx7tpd`@81<p_e|mf5u%Q
zK9OEz1a>FzPAw0FGUq#{`105B!t(d*i~u$nEuOke(zOwRK(E!&RT0}ME*%{oQ4_1e
z#A-Cw3cuOq7;goURbAa}pCP1i#z*pY#$c}2(?m>gw<TAY5|4m@+2cD?5TAQty<)`L
zd=`;TE}&#B5~&a_PwZTO^rr`#!nv0vuSi4a0E;enCtSA)V_VALrFf?0IR$HcMACld
zkJI5nOVjgyiV_tQ3O0-3?t;MxlzsfHK}P1Pm}Y{BpOTY5FSh{l&I&vwIh#PEbD}3e
zz!N~#Dt30QcYxEqaW3UwO>4idWIcB4+i{)n;_yO}&Cqs928PXxTSS{YdlnJD!JH^s
z0!@|5!imWZ7V|Zh&9q8*HCj+@$_%orbPzkql9@h5+N49UbAuH1cfV+X0wcdR8=M0<
zNXuJL&NCVqm3MDBZjQ2RFB7Q&tK|J2t`}25w3MM#wMa|l?N|j|s(@wVsiL>BK9*rd
z+u>oBH6!@5;2FN~IZOddoDcmti~8<A#?G-lziHFGYVn{+y}|=z`14{W)11$MVJ!u^
zk_F|vYwRpmdBmXzcHKSV<mF$8^0T{$oIw_7?;Z~dO>3udVAZ+IzV13+CS0ub0t*-`
z-P(w#640M8-2BYL>n>FpVGcM-xAy-^Z^zP&Hn#ya!8VfP&#%7yoM*)Y2eiUp$c}VW
zEO7i>a&rwrX?m+*`%EUEy9l8)<yCOVB=FsLAf&Aq`xc?z*5Z;tq~IgDtVKL@e}<gr
zcFR$$^hS`H0(g?$zw2V5yT19sr27_~Vzr*d67NAj_snm8={d3Whk72-cVg;}D~`|<
zG$M+T#J#?ql0YapBF+HR_azb>iNFL{GC)ac!GlH!Jsj{M^L3GWlw;tO)#qUGu~P^O
zRJRI+)njVh0>4llSc15)zs`9EqUGD9D8lCB5|@!-iJ<<5!b2n1Y=FAUv|1+6r5g^@
zw4;k%#)!NA_!YlkMHzDVz-9r5Sjwoc+N&Q~twU0a-7yQh{2HVok}2-dClh=FoS$j}
z=14O+C1`)6(mjTPiHuja#~{&VAkX(YhC<SlM3{o}<0Tf8#>+u7cKH<B#y|i5UQ(mr
za%eq(x!iF~7)N0g8}yEEZ#&@{j%J04S-OfzQAZ<xITT-NjzQ6fNpaLgDi?z&i<rdT
zo72fI#K}l!19HIWR=2d;&YWH{bP_IT*hfKF$%>jGkVD3iRkj6vV`t___OT>MuSMbI
zO!?cLk4+M9o_my`h~Z-_yp2F^i6%OmHUKLX@#TWy+wwNtF&x56FV=z_MgIl)SN6Ru
z^Xq?luJKVabK77OrPEBSQX-Lat95s6yicF#r>4z}StZ97e__>P`x*<|a~*SZu#8wp
zoGFu3wT+%vXQfjD`#WN&!)6+sJ-F?;*Z5`XDxv%bV6&K+H3I+7U(g7=VD7Ok#7;^t
zKvyA3h|vhTlb}u#zqnrztrv=FjST2+_>G4CRpI14>>8*w0*9dO!zh<*A!n^c98dm7
zUFx(@xYE)UnJ7lmt&)wROwW+OV#+Dd7Kh@yL<t9qmy`6a*2LDZl{<i<4MVr^)Z~ix
zfR{KQIc3smgS3Z@_>;@>iQwfXEXVU%L|=`z@i)$MFE)NyRg%lVK;_$q)K1t0k6RBN
zy`c&p4s|n1+nOY4XDzlli)U%gaK!`ZpI1?i9*>|HtJNu)J(dtOeZoeOxW3)=lQmfD
zwV_Wn&e2GRRR8!g+g>$}9#f7$m;)yK16rj(Lk6L1#|b~_(ofO(fe)t?@5FK)RE{GY
zGr>UwjSz4`Y^f$L{IiOcNB1a<apQ(nG5GT@TkuA+WIJXujZ&CMNJ~w`-SZ%WjF^Dj
zK3zoyE09E3OJYn0Hz_leYn^N2?TGZ^RBd}_qU0hXjS8JW`X}^@7;q~!w5;0>$%J@=
zM#`fxUsBXes;48C7)2nSRF{$pHK!Tvy4fa=1-Ft^{7Uo{&&HZj%moa&4(GcLcYm_*
z6#ci+HmKAUOL=`L&T#UN3JAV-BBL5Cv&6PMf5lZmO`mi^hriP-=9J+|Vd7YM6WnxO
z5?lO~16`pSdY}+{0_NGapSUxuDQo?goXh^riT(mvFOB+pOFT^XdQcxHi_Pz~Ul~1c
z)**@^B@2!NlR;B+B0sFkVRBkw2zK~??2hr^gGiBLZHsn)q-bI(&#SY6+!WB~-PVH~
z#zj=qB&dXkm4$;0sDx*gb61|@iCt*OR94ia#&)PG@P)NwW852l5S7KpJh)T!s8LP!
z#wpIky@)gSBPs+&7afP2ypNJ3$yA`_cBZNt65<!mJ)2lg=_BMwDW7>M^k^&O+(%Gs
zi+lomg&wua#2cX1s0WI)M@b-dem<fTU2!Uri;$J%EpfyHD)xdW%7O<Rf_WP(fmc{y
z%b8eHPcVyhqI7Z0F`-rPp|(@NSv7oN@dn7eN-7jTp0*K?NZzKGYUrM2x{iqBj>4G@
zRpeB;C~}B#pzVqxNhg=Ak(xc;3Cl|<H?&7EjQMqw83b(#i=QsB>4u`I53VkbxI{uM
zj>mP7yN~`!ZAu3Ju{FsI5*Ts#*dh_S*Qr?(Ave#iCio%c$E#NHMK3jXBIJ_w1$0;?
zi^f%-MD~M0rg|}LujT3?#cEpLoYjI(__kpdL?o6#CK^x1RBviUMwW^;06u&v3@fqK
z)#~Z0F`1ZQCo36GH>a(wyBJ07pq8mdka0^P&CDt^BTG@4e+Dj2voGC`v#O=>q725V
z+GfsY-@#756^4t>QAreQ$&>Dom=jNEqcSz)66N4_vk$YO2*|0tu=y)<*EB_C5<OFw
z?2bBtoRtR+q$MiVBqFatBYSWSo|W7+8Ql0Zcx(bQ*>~TkZwjIwuR(wIf}_l(C2l1!
z@UZsac$%W-hl4TqWD(-a_bYWpE|A;Je@{6S@DfQ_IVh+HwX2ETeTTaE4yEJeq{K5F
z*?ul9g19(EA^IU`6<Q*As4QerT*~U<YcpM42VsP==s^2q+In<Cji5weJ@pJeWHTE|
zEf(ZtU}IIr-l@RW6chgY8%jskN$G&73Cuk^XXjR#^D~rR%qp~061I$zRgxQrxdOXT
zm6TMSbcsWrrkZe6j6*rsx#>`z=vj>FSyD{6@W;AKs`li2A90HZ83Z-TX%;#LUa6>r
zf3DC8Ztlz2k6aRJ6k%$(X(efw-)gt{(x59{7v-<h5#e?fqN6cupmJBZX_oxdF=>!*
z!jSHl^X$2yDVj>kfBn*+3mO!gpd$3YykeMrPD86wT`4L1ERzA%-m-PP2h5JSH&lmZ
zEb}T;B7Hs6nSX!r%eZGEus5tt{OEL(f+`)4y}(fTd8tq6XUQ!i*U={M!|_Zt-NR|*
zCG(MNVh^*D0wvoiE(0ssa>k<LQXXZRCPTWo=Lf~nh8A;GJY}v%UG26t3xT*s)dnaY
zk8N_q)mq&KwMzNYV%%J;CvQM%QDXyzLdVu3W(_cf4+C_toIq9?5=4SavPvV>edaX0
zT{kpzF%{M)Lv=XX{l%4T@9EmpbPV;-sq%%6p-XVxYM#_%fixgz9|j1tTGxR6xR!(z
z@ikU<D--i*#ef6cS^oNp#a|}IIZ1*5xJ$uWu1CyK$3q1k`<wl%^8z*8Ng5VUjt`YX
zgSZeR3G*1nBqs-;DwyC*RN+~Pwa|pQqgi97jm`e87lLf%qzFG_c`uXyx=a&*GpTFB
z(&7bGQzk<(TfwtB)lmmlGX_F2kBkisNeU~H!kNU&-Ww3Z6?x<bM65s}nAB;r2p^e|
z#wc;b`P#GexZzt8=8=s_M(;y4?vut$$C{Z`?Sm3|X9UI9Ke1he;e|IbKCzMhOeBJ^
z=ssUvfCqu4hejDQJsR*_v#oAYS0nPlB+of($-`>lOr~GMp-7n5jHTXYVxKK2UZryt
z`_E|R=?~E!);U6*FSi6IfwK;ZStIc;eu9%enfDBmOVpC#E}2T2wm#o<bcV2%lI_-J
zR0b|=3&OmV3RtWP*i1_vHraF<%mM`{?4iSObx=`-=*Lq(<MN5Kw!E>6S$758*9y1>
z<0}RpS|6L_Q`G2Yvun-l)y!t%xSu*`19jv95t-P9c8A-?Q81}Pha(H1y>!@2E*>_Y
z>q?Mx4Fo)KUO$+|oJcRojl9}sfcI;H&s3^I8(Xt5nSu@)egnCO12lzdY(k~c`Db0*
z9dyn(4wMtYIY=5j8K(gKIWg^-bpy!6Wdj}nw!1s<hPmQJYQK7L=Wu)Hc|2QLEzBW@
z-}IPP#yo=<ZxEEIwyBepT4{r{7jQr-_Q*D8y9RELSCQK@^N|PG{NM9AHqjBU<2YcW
zIUm4GVzj7E`%%BSB3b-#C7nrY{c!>na02N(WsMXDfJ7lBZNo8vk^%^<LQQ{cVM$hy
zPs4iQ3FC&Qy7px(RN$S2)0TVZujRpJuO`B2%_Q)!lIvC52xQr9VqGyx%3q4M1yUf$
zqo_k8%`BQ&3|71ZW4gqhzc2kC`q!*@C7{eKm`YZNeS<m**@tJ*oB>xiAvE5hUCHZw
z{OqW{!!4`$$hYCMDW6}cWnuHV&8)k-B>Z&mzW{b<Lg+?=VZHTISn*Pg35evk5NTQ!
zXDvhhsRn^$0Ug%t^-50kDi_Gdl7q}%8ks<+gmV(x8cL{rojJ6g%K-<!K^hQQ^S6d-
zDCQW8I7rs!b}9`7X^#z^m6DTlE^K*O5%k?SuU(vS(XkQwEHZoMf({w_V>As!ut95b
zIlqcJQb+dr-A2_z*Rf+UV1qUn5@Qw;1>+<*5%|plxCj4rnt;%7<lJ_!daC7YZnqDG
zmkzH{tn~X;R>_Cl%mWxNWo+R(>(JT$itkaoH}-eY)RV+p51NybgeTts)4dbGsoty>
zXMwUdbt*hPtLZG}s!Gl&RdMMX3S@ou^Vw>E+tYSMTH$efiR8s7Lk9La*Q3%`#o$}V
zN(~6UB&kZsGuRidBzL09!p|^Z&TN3&S6QdGsVIj4=WmFvdY9a#O;&cZ+26h$b6{d<
z4*r1xOs5la#^8pR!|N%mqFk?r%_nGV5YKspyT7jXJ<BCE!qROLYq&<n^c2*?&i%wh
zFPVVUN+)EEal=r2c%|#9Z3ML}uAu4LDqIf59=9}7v`uG{(tAjg@h8c6vrOF-^+RB~
zc&A<F@})Fwtu?|8+sB2$=R$5zuR<YB{M-tR<3S#9L2lX#LIkDZ_3ecJpPJES^!cml
zgM}*x1de;>+J|sEcI$`3ZwG3CON-=-=;*JHX4Y~rbT8ljVCXt*Q&P}-)JU48`M-X2
zeKWmE5*cwr(Doo?lR~$)y2*pP$?Z>FdAI1<uuww4%!AvMK;z|%RzkRs0<~HEN6@6`
zTA2{GlN8{eN)DY;=D#ofarm1T^K2l|GaCgJElV|DgqCAQ@oinQq^dZE`lVR#P0;Gk
zSt+8E2Wl$JOt`9b>vI9xc9Fa=8#h{}JF&+<$$7sFxO#3HT}J<6?e!ge>sCQNn=oMg
z$EoaNJxe!+KuxHgl0xPep%InH{jpX^nU5CHtw6aJWNa6drmawVkdR&z)7j^k4AX-|
z^h9UjmF+TAve7Vk8$?;#OZDJ3^x!W2RAPLa`@-Pu2y|dE({tKpaWmWA0t(FO>URQf
z64<e7KG_zD7+v2EBIEm*Rber077~z`)wTj-rD<d@e#2MdlH0C^x7LS1uD|PA^{;^4
z$N=Zm)$CF>8bli9wn7>`ua%{abSjkz04_At;v{YLFPOY#K7%&reMCd|&ovNDhT|yT
zG5_(aNg~tfn#r96RD#}^D`J=Af^}z~MKpT8u~b0re?{NP_rg+Mgeixku3%WqiOhoG
zJ(C`~kp5Kohs1UvQN0kK!W@U>KNsg55Lg(8G;TrLIF_$g!|X98$3a-igz_F=JY_q9
z#R-j4DHHQiT|+jp?$BN8sy_$e(&ugt<+_~%fu_-%mcmr&zCRUH-e{o2v5-Y9ut^w4
zn3zCKz>Vfp6yV-Du;(5apu`_e#2ZTVBTH?PDvl^_^fi^*r%`t+w*4m@-%n5b8i}?j
z4vNGW)H3lxs#0X<`{cuavwJ<W&+Lhpa^<2F<|RJfXKd5MQ8ZB8Pn3z5gzDLGYF^0H
z56Fimsz}13NdHklQ^VbSu#n!AE>4xP)FSFGPRri|<mnHEk{3m?;|{!#`S*!!C?wED
zDNGxy?B1hPrtlPQ3JF)w(69F|@Ig3yunmXAZNT2{XQg>nUh{jm!)cn}p!sTw9Cd|l
zLp^1(<mSa4L%I_w&80ZQUdp6_n4elr>dTYc+@+kiy~>02nIPN}5tX-~MgH)pEq$m?
zeW<jgvZxbzygi9h(@kIOx>CgU9_pN*ehfY7`obZNGbr}+SB?zA7>i2IbEApA1}fMy
zO<*fT-`Kg!Hq7m?IYk4@p$035Tk^*T@+BYfcAKLW1IsU2I%@8RostN<UTESE7}$Xc
z&{=O72;N?3GtJ;)C9(3PRLt%OWsM;RguOr;1r78r=|Bk@|1`9C$HR7w(b8kNM;S7s
zx)m>TIpJ}BP^m9$LqeVbm`RihVQ4Np!S!%3AFS^SyZ#J|P$6DM<z0y0e<-pv9b)+5
z>5@Zs?k4TRi>Wt}lcYzo9nKHJrQ+5Oldt_<xskNBo@6M%)-r|a&OxRPo<nu_4CzoT
zJz7YbDyY)jIWL<VQvAHX#1}5^1=S`jFI*daC-bAt(P|1;<5HXP%p~T3!@7@_u!6ye
zMB(+?F;VLm5s_`WRnxBSz^y_cuS^v>D*u_xBS>b6Wy1B|QCRA7`)18Pkasgi*Zl?6
z&biWgSJ#~2X?JcFBK>5Mkk7B;&}H<2B>s#-==2$m`DaP`r8aVgzP0P7@G}bT8|Y=B
ziXcZpAP}aAZLRU)8O7{Qh0-YnYB_H>CYAOBUv%RHWd9ilWm{fgJ1y}<fpXTs0`^G3
z;TDtfdg~pu@n$MbLm9TrTi_3+)E57s<=<2E7TnhQ2G>~7<^&0A3XRNLWBQu}200MA
zcv@<|lh;8p=-xf1!$j}vM?;4)PCpzy%=D)6*}_-QI3#H01`_rF8n)gY2HDQJK7CM8
z$CEJUR!~i`K4EU9^4py`a=j)4D=8AGEFLAR4VI)N4kc?kfg~q~;*YsbNVrC5=_b9x
zCeZg1lndz?{LYRqYa8T3%XE_)?S#G`UQEC4a77QfLk)S-6!U9Q+)+Z+uxB{E?U3&_
z2^}8Bgg|&fQ0MyAj5z~_0j)^5vY~jgms`Bh=br-S9`~T&54^J2A8Cp}cXu1)clSeN
z;Y;Lm|7diR4EDps)|J>V-b;_d#V@x|dr_A^Hj!pH?2xhW89`I#u-*5j!rS<B7IZYK
zFO{B>LF#Kc{w+eu^D9K4d0ws`JaceBy_M{)zstRJTT7e08C#lvBfsOmSc1@Sy<PLr
zRCk_Ipr?XR<YlRB^3d_U>HWes4nc#&{YwINdFW7S`)dhX8T6F<oXwJ6WXs{df^hmp
zxgRW*VA0>WCQ{}n*{N-4DZ9fW*Vi<GIJLu0r?H2+#?aVxq0n^*e$X8W>w0r>+=xxv
zO?{2*kCAOSfH{2WN5jzna_zlO<b5d515%XMd0AggD}Yi!me{S#sUK79DSz6<(Xb;D
zzo?~V1ze3qQMg1=G##)()s6c>-`3dS8ZC1MzQnu!YUqzB&lD_<A^cNaLH>dX2V&!O
zvNRQ3H4|S!gX@%w$zF70xn2wdDUeG~S%+Yy@P#?J#X_~uj1RHI!SzzeOj##kHIt`I
zacTwXW0{#Wr+_ZZB&Vz!u~HroiFWbeyv~@=6mDQwct2BYBxw66;^T4Ii~MnK!@NC6
zH>8L4n-Ob_S&U{KQ0>fb08*Q0h@RwcsGHn|BR2Ihm(Rjs_IS4}mlf>cu<zld9j-(9
zr!~o+vusDF6Y7vHb-*F=-HY#mQE(RW_QG5Hs$%r(bG*LOt#;n_<haxL3yFV#y(y;V
z&HIqSmd-(i^#&E62?dFWmD(eT|LVkePlvBEoSbsA?+5cz^ZwhL+28#PTfH0ps)e>P
zL@I}C`wH-^&cD=$=y&K2^fc+i&!~41+GRN}7@x@Dou7}+M{Owhe()KXB}GtvR4T&n
z#F2V?Q#G*SDw~*BfFzF0dqiIWJm+x}*SQ)<M;uqhK*Xv~oYcYRJrcDvn{Z_Ak9Klg
z1Nsyu{=LQP{8U(HZ@$ggz36LcLgNr7`*Ol+;s2yEq`uum#y}*iOI*V#Y<b)`u|weZ
z7j$`q8c65UH9D31nECy38=L-Rwyz@hXCob%g$x{fv=9TAB8M82x${2FyNf2X1U(tZ
zX+H$g0D`STeGhcE7IImX7VEjA+yg3r^7c{)H;`%X(|Dp{S6w52zKTC8PhJR4N_H$0
zJd)l)3>@l~H?9{^H>g=5yoodMsGntr!)`}4WOZrd))f0TR4he(EQhj}QY+T$h`!F#
z6~^hiXh5fBI~|cF+jpe&0THU=k_x7f?$QkZmGU-6UdKBAIQ(PEOi^fzMowhK&9b8w
z63Qe&t;@$826pH;dERI8E^ePjr1Z}O;#7zYCY|@2a?eV^nvVp)DfMFJtjDLeeBWC(
z<>FcB+n9S9xDRi}2NN0?GcO?nM?k-~->MdLfN0rK@)g?TZc|zKT^UXRN%^ysMKXdN
zwJu_-F~U#*s0>@f%_5mPo+3n_F`N6vs#)Zp-57IEvFVK6B!aTNY6~+RA|p}R-YBe0
z5|&%|I5z!xyjv@CHlc}HS!Zg!-9mQ7cS^i^6+v~1B$Oz68Yrzj29np-h^=m{^cb~$
zGXy#J??a_$PQoX9P^F8Ta9W<HF4z#SI=796bA^`44<($FhbvhCN+|96ld1(C4=)Xv
zrH0cVZ(}^8a8#pvysCSn*5L(NT<z%&#$4U^FTaS%gQ3mSXOR1CjrD%PY46cd@M_9e
zSK%ufI*lDT%p{e7PEE1vkY0IZ3d6b5C%+5Fp+mh0tm_>_O}5I2G3T3QWj%W~B%!uc
z5xVT5O7}HQ;2A_J(O8YLS!_OgPQ>cYsw2m8YODhnn|HnX(Z`$p9%dU0Fq2WGAizK5
zFGC34;_Nb5?DT||+Jt3Q`E`UIUB3ONb6T4~K?B>U5%Ve282UG3_jqLL{@?k(Iekk(
z;J9<N)NWY1XD2~;eL4a3pn=NkRM2ul1J_xuIy7&V@R&;T2pXJpwgd}S?pG3%R-q0h
z*s^UOQ3vRfRggy*$o=<!ce-1&>QN~B<}~k(kaL60<ooCQn(EMRUA_&nLI#5>BA;fk
zyQGA1`jA?1gz(V3In(!MCzBsxx^Kuog(|Hc8VEJEeba~LLBuJxj*#y#PGsSoxHTRD
zdiQxJSjJw@7uY>-Y{p*NmUKBi+DZs0)^JAFaQNwi#b73DxVOdFvN`IZJ>{xrr9L~N
zgbI=$1{C@1x)Q~m@{(swQBy{ERk~EJ``kT`uHSWIlns=K)b1BwZ=2S|8p^nfo0Wsy
z)}x~?8XC$*PT<fN;phLHz-^y+!fR5g4pvbBG^=9D1dQkY_|TtqWW8H7IzUL<5iUJ$
z{>=>LLGPWj9~kn}2FI5O+}yaFqKL2BLgtJ@2fisqSeq-+s$*9GsNlvnoqxy2v;{CG
z$WWr6P<QJ{UAiS~?Ok|EOD{D9R0qoxqn)fcx`e8wU3#LZ-Yr(0qd?AK;=pFv#>jBh
z8t<i@Xr)(I3Ot?FC;FU2_pBr2{-d!Wjb9x~i=};X!-4C@nb(%KDW~<sQts7r_1A9G
zV5NB>hgc;|Roj&Vfzv?Xi8NR|j<EW8&otPuG!yBUKI$yv1n7!F0lkE4?E)0-d^k^%
z8Q9(#P}>}9PcG|!M_`a&tT<<UVGD1{N9pCZ^2yVQjX^*m6`VA2CR*FRg5JFryv4qm
z@Q7Isy)TQ=pjn_qo9e@hSr2BKT2c}=O=}w~eMMO3!RcG>=xR-HwO9DzwUr&2>JoKJ
z8@di$cq8g3@ix7uw<_IKr{>~mZ%e|uN#4R+(j^yMuD3Dnn>+eqh_n5VePhoy+SSd|
z?gie}bI^F6XaoFG(XJkQdR=2o$AREKzqmYlN1N*RA~-77y9$1drngTlz4I$$v#5HW
zt$Gow_^6MJsg;}Kwxw8V2)D9m%b0TDdGJ;bw*ppYAh+we$}3x0qAM4ut{OC&V`wJ5
z$g&-)W<nA8x2qK%%Ihx+6*mMK;w%(}nwC;1{OZC#E;O0&8R)!Cko^jJSQ9$z5c#rQ
z=7yYjx>Z=O{bhU64cW;p)GERF(~uBi+niaf{`rFR@tm~lg-*zgX%-GdfkY1lnpD3z
zEoQ^6Q+SnO;3N!icz-c2kONC=RiAx@aRENMoyrS8WI$}{m)Gcq4u;v|#B=!;xL{FR
z1}uLo_%ngPXTlPCaP&IYS@$7i%{{BeZCad9mO+O2+eLm;N;2_CR^y1aZ#Q<r&&rrY
zL|-gFj$`pcjj!O!#qa2X{Uh6=a@8HR;rz$=-AxAQhDXeKd|j%kHE#6*ds^2zA8n*C
zZVlR@C<L_N+%yOOZnub}opV=l1R6hr&`#>JqyG23B1?fHT}ETzvOSe$G=>`H;Y<5#
z4#ZHh0>ihKE4X|6uU<1mPZQ$Y+v+WXzVBxwM<$eA=y!0NVzBFC)kzmRu)Wu6Ry)n9
zn~=9M%H!F3AivhWH6qFBf{Mm5Joa<q@=vt4*%wnzvs!)T#bw>zf-ii>)l-+V^gZ87
z{>Rc+2E?&6?E+a~f#43o-Q5Z94#7RRdvJFN65QS0-QC^Y-QBr+-tYd{n%bV~?rERt
zeyS>`Vb&KO1KyY!SilTqzv5%y*`HH1zh3F~x&!mdn7>wq%8?D8o|ZK~HeFz(2w-Fh
z(EloR$=UrEVa=`7a!dpM3P<(2_q~^j%DoUJ!y0|Vj3Z~##@|}$Dk<wgvnn<^a-Ht`
z^jjB0QkXL;`4t8?JC9bsSVUA_8%#)Zlv{@$)cvI*&Z|BA62!fHez1=V>ZJs{czm#O
zS@5C<P|*X}xX_`8(CU-pWMq%$1AY7u4aBp2L`u9s=BB5{Yf;4m0XQq|@lHA-+Or0x
z?SGvVw}g3Afxmhvi9hQKUF+uTWzHgZjN}^b>I(JhUdBDr!&V>S+$IF0RqlxSdW&0d
zRwq@fS-4iR8fmhvuS!3sSz;}|8N1#e@LAMOvc2PEyKqvo&Topl8fQ%to>&bxSRA)S
zPdgIyV5~Gz!ndcT6m!p{n&Z?zgRSM~^^)l{L{}RSj8JgCj%?DWp-v)Z6GUlxwEcPm
zQapxj%AvHC#8}!s9r5)Nyv6r5Rdub#)rkf?s`!2ikq2B*plvZs<@v1YjgIXHc0gD?
zM2#e|J))joB@q(9#{@FxZ}!@v>Yvf2<UXNps>-0F{}NRr{{mZ68e#p-PbA2+pd#}}
zC&dD4nJ+=c@(ESdk=z2`u%|1EN`aDg5&L5r+e=LZ5f3_^r!tMkE^IcasP1RFHhlD0
zfaasTyJk1*3X?Gd1QZ_T=Kf1Aa+%6U25^mM2$Hn`fwP<3Qi|}`xn6~31uveN{u&r)
z{lr>UJ~fFuzN<w^b5A6xDY5l}+JcATHbvoEmM>1+Tn?3CpVY-8y5|%sHc9VzT{K0H
zKKD#lc;)Qb5UA<AV**P|ECQaR^?Y2D3%qR(ft6Qgke_qX+2_NNALOtE?wFEBInDfC
ze`Wf;FoYuhIx_^Oj^iU#{1w*!&zqTK$Xf{O`9GF@<!%yLGb@gBmceAdxC$nzE0%M%
ziue{{C+&(X>OKwI?G00ClmV2&#*jdW=7(VMLrDKW`jl1qLnP+|iQ!{JmfB~%z^bqK
z7{#b)aBTP%Az(W(Q69hSXt`ye=n|<B>zaH!e{;9|R_9zf5vnlvrn0_-wdWtNw&#PV
zSYPL^65Txmae=a{G7l5}C55AS?V!u`_;Hovafq_%jI`Jm*bEz;pv*cwoUrdDTxLgw
zPH*{)u~Sv3lX^#DyB^CeusSF4>OqtBl|n^jDrO&EXVgvz;euZRl|oNenwb<wpMQEY
z&H(ZZ6<CW|v1QX<sfqht?CpZZ9>PwAjtFA_hyV8F3j=JCUbhIBEjso3r_GHVR)4R|
zjKyeLTrJe^Hx-GHbF34Vw-I6Hnc^pUz00T-ZpupId^fd4s<pw2m{DY4b<IqSm<dQt
zJP0lj$j^GD89EDsvX=PObV3k%vpWditCBJ>l~A~jx#%%vg97p-x9rWWJ)b<pWqYBP
zM;$JRyE%U`4{fmea40K8Gx;&u(|d`hvwj6I|NQJ`hE5QOM4fs$wiDzv<)*Ec_eGs@
zd#D#t?zEupP6I<XzC+)Zz5E70Le0It6xOkC`z!D88|ZbpTi0sk1adA*zx?5ucTwR?
zc;&h2C44YTHT%Z)4n5MRq2Z=!g9x|ldkOXCp)`kFgfr6~`R`ZR&F41)C-%=<0+6hU
z^?RAho}T^m>hmv!?=J+SgFfp^X748)Fl#m_yex{}rTOC{zv8QAp1)cpo1K2qzY!=M
z^}2mz-m>BPENBHvH31)MuQ2`fH#tdhGeBUZjBC1=lMrGT9UElsjo6CL4WgB(RXm3i
zM7h`03h!IG-hM5yvgpaV>D#|n52jvljqY6;7DG~*P#1=JO)wg{3q>2m<y~aAjjCi*
z6kD^WKAob^HyAyQPt#-BbKM!E6q84&4th-iAjv)U9qgmYanBV&o`Lkyl&QDYjks~5
zCK$gan8u=%pf@y&<~eg{m8s*zx?oYPiCSUENb(x9yc?O0f}D4a6@kka94wt(YoT{*
zf744kc#6qksN3k3RQ?uOPDd>?gCx39GaHZw&c8U!CK!1)xk?OUUNIh+HR3YKU}c_>
zhXM~%5gwRUVPG>!bc~p_A`4{YWoH%4)I+QAvHg%4E?*NHsW<7GSZ39c^@Kwps~nYV
zTZQ1*6Wzy=2KdxOt8lV+5fZP<A;Qi+9^X}$b<k1!rP=c(NQZfJoh-gpI{QQ`{dzsK
zF7ZR`^Q=jIo2zaXAY%%7?7gA_%w8*WSig#bx(KVP7!Y^xcTbu=tSk=Ip*AgXDMy`e
z3rul=X+(5Jp9x8G3F91#w|t&j0vy*~qR4HKE!WM$=}(!vusMCIHzsd-i$%COCtV-Y
z_prQG2Cor}V9ZTTnK4~lA#XNQpy1T0SPylSVUq^8Har1ou8^%puo>3kXMUHphWsv*
zrkELu)_qa0PrkZDuDu$`EErQw;lWm#D6h&|amU{x;cYkdZ+l{m|B`CVB=XKYgd50x
zAT0s79#~8Vzb4>67MT5%b%5DyG3q2Z^UCVJjC&DcdJDNm{MxQ4nePhp`6P0+10RGN
zm>@v%#77Fh3yW3O4_WfMquUuGh)@xJ6Nd1R*q!+;sg9!PZ}-M^me*IsPs-{kahTVa
zhmQiqPwHx?xi_<8i;vRj`d{E$P<ileP>>@iPLnubjf9y1&*n1}=^=DnJfx{iXrr^?
zI<F6rANk50-b(~)9MV%`Ef_Kyct`N>Wp~?I#jg@#zfKbxANi3V<*Di8I@E3lc|<&f
z1yWuVl(jqo@+~|LD7!Okhlk~t<Lk7e@@Rx5PnqJ+<o>+A#|`@XudTekpinqo?)6iq
zoB_kT5v;tr(5@<?{a-U0{ru$LJ!G=Cnz(r)vZgdRC@gwWdy42g+E=_d*xKMuo5rZJ
zXNykZ@xIJGGLF>Xth{e(I<+Eo9Gp`}(vSvSwfSwWg;t_r^!PAji<R;H4v=}7jZwp=
zNdAta$`*IVJhW0q>mG@sjt-NY52MN+JK*n3@y-O2N`uq~*g?+dW&+P&0ErB#3VWVH
zeV(8jX%#VGD}mexsJVBdsHw^F$uU)_F@|c$vSuG&iq81kDhrncU-*|l(*c^R%tlU4
zP6AZ%%xI#bNZ^oE^a_gM*|h(djfP8$&lMkoiQ^;DjHZZjVdEp2HBDCHJ9fVI(@8m=
z>OW4hj&|G}<l~+up4%nm<ZcgZ{HUVIgi2bpRt%r%(R1jc;jO%Bkw%}t2;*<~kz4PV
zyMu->gbq1M2r!3LTo*MHxZRRA`?@6E_?QH;u5FdzGqH-_0)66M55oLD<-fbuvVvqM
z<iD4D^@4<W*#t6gqcMg2gcT27$ro%nu7WqcEV3Veu~Xr7bU(;iyk2T=<(n|XH0jxF
zR=fsZ(04Ko(5v$GE$Nke2HUodKlq($WQIMc(tHkaP%Wx;wMyXIv>WQ&Z~U>XjOgUy
zWt%=M`Tb|-E)ysDBi>~mGYe<f)1o`Bz**;>E+3;hKRlwdjGqPRZM>TP_40PS`)SHm
z=`Q!GV(Pn<w~0EYSC^;BHq#r^HOBOHi{I-M{8{c52S(VAXyANAXG6z(?v-8^F4lEA
zo8X*iB{^_44RrtNB};GXOgD&d1A|Isi&y1kaf#x=N9Rr_W&s>yY~XRA@s3QhXxFw5
z`QO5b{}I&T&!ayM+bw=xQ}AWnmp?h|j#~UU)c=^#jfYcy^a_k%wiBl-1prIX6)7{+
z`n4Fo&wKVz_qx=S5swzE(d1gZ3{)cg)7ykNhQ>TRXzJS>yEVtkAi;Fe=xeIT&5}Nv
ztBzv$Uhmms%AwpT0=1!1_&Zt`tNE_i7xbNO=^U3yf0Z&ram2LOMEWW{apS^fhF7XS
zR|f)Gx8KcznYS@6(JW7D<bH}sEN+dDMy<Z>59NZshKB0)V;RzvOo!YvHir1UAAQWT
zpQJx;9PgyR(dgk^8_kSIXDtXSAorj02PQ*=3oH#y$-cRMF(Cu?1bvxBpX=|Y`8442
zuMC=^v-CtxDM|DYb~PR=hj47KT(r!fdbp7+b2LQgDTP}wQUzm1?zI>Up|z{<t(ae#
z7iUbnuBnQVIoTjOj@~`_aOYNLml&nr&CwaQzO^4(SORR#`%7EEaRlWfyW>PzEH7)s
z?6mgS#1D){$);5tqaW{5-*UkO>mbSxAzWFbzg4ETHIu4MBqXtv0TMeHO0hZ+irJRB
zzy!A-+7Ctc{h9OEENtY!{kPzTQzMc|@+p{Tc~tGoxw|cGY{C6AAc6NLaE@JqX}+C&
z;$W|@Ki0Ol>caO{!9mJ;oIqCS9dgP=N<0Ze9C2lP&orXT6lbJBo={^(TgiV+PiUy=
zXM_^YNLZGKEe;Eu!mS_EX;V{IB){K1&EKC`&GJe)ona@Q@BmGLhtUNkg(az$JTRLM
zD93Gw2M^33E6pL|;l)VED5$6xW6QZ!_)Y?4_@#N#aoI(20yLPVh6!={kZ(Jfr6hBb
zcC(V(#dxK8^>PYA6w_WU)w_!Wj+OAr==prev1v)2k#vh^gj?<NA{1ujs31M;^R=u^
zS!83cCHkCSRy7YoLh>2eJaI@#(n5|@f`R)QUAi>`nQ$;HfBa8mgx1jBph_jFYR_7$
z1mEZuf&Be5D><lEb1+}KS((I}WxMMA`OCc<2qkX;l_vl-Cj+mOCn||;m6-0h0k*FD
zB?bwF214XFXeFin5FK)B1*@H(A<v(F5&?wkgo*QFP(9F4NvjKl$5u$L<S-?0@cuBt
z@vX$7twY92A^jNif7B=T6oeR)?aWI8w-JT5Q^@m;QT_W!lj?hif6oRFV0`W{PVLD_
zRcGAt>J|aisFF16k^EeUAf|p0H3$;<TLgtB2jR>7OA`bkG|2}s(!2tvglN#oLn&p-
zHIC<d0eQ=a>~N8{gupw(Ya{b<jbnLyzy@z98{Ed3VD&=4Q;-mN0?{9gQ{LXUUWZHo
zawdSWvY=V)bDE^ZBnR?vRKu);1YzNK;{$xegfQHM%A;6<a$#o2t#pl53$x*<?kB%V
z?q4NvJ!H~4DO@~DE1um(59<i4m+u(AMXYw1#oe^LjwPq3<C;{|<ozcz+bhUDP-N~&
z|9h6k(QDG>Zt8(k!#T2olgH8@*p~A=r;T2v^V-PRh-_wYhLN4(ZnmB6z#alo;IMc}
zsqKcBxS#xikTZnzgSb_Vd^A_K4nOQVt&m*{&@a&q&2=tfTZI8a9%JI>nUZlmLO&bR
zPnaJn{gIe+)cg6zw^Mi2_KOL7Bv{ztm>(3Mr^=<vOi_IRTYvjaE3@;lJkcMHp$JpS
z-D#{Z5Z8@oE#3)TLVzCuy9K`R=Z?lLN*XOnh7mtG2caJ$HvyI%FWsN>Y1@??eiRWV
z2<LQOz|Q-fmMj{_E0klLWyJ9HuN~p)<&Xn!_~=A084Y+sU7uF?i}IF7=@Bm4fHA{J
z*daGZyayuAV_^a3RyNEur1WH(qrzxbvoZrX#GjRNK;8%xH2P5r0C6pm@MDRxm7;%g
zu7l9DB7K`F?_%~vB-^Y=CLe>;wYegMgX%;a*R@V2#i~l+ez#h&!%Q-&=QgfhyuOnn
z-!&ekRCN_4!E+`WS+iO^qUS?6@;sGTHh+4O$2QA9IyODD!8e#QW12TJA4j7QG?HVj
zza(eB(zEUC|Eo+9_D;?o%mJ?2v2avc%E^CpI{w+}Fq_8(``Utm%0@2f+mV}{0Kqks
z@|msenNO}Ap~g=FdZVl6%(&Gt?cv)NNyid~D0DL;bn&9Dmvtjg7=L71+j2MdF&Ap&
z(LcRk-Z1`cWWamWh`Tkv-3}3(48v6@Rr_@0RexO~$_Lmim@rpJ<a^~5n2%Rj!7MeP
z!~hvRynAHAO9|=>Ea43mu6Y@!#e3hvhG!6=bn%!5Ii^V#)u~uKDV9>K?=#(015a5Z
z8s5`iKZOA%`Or<RSba-LU0e7>;0!U^@2V!)0^n#8@w680$XUcpZJt2XeByZhLov#2
zsQH>Fnwe5~Hj}hYDo1NOS@RLgL8AT@tbve?iJr)#00t^&bNF6c9PgX36!JaYKwXzf
z3J4$L_jvA+L{6!cDzMc>TNQz{qHH}&kc%QBA@>-rM$i65npLVoBdbur3Z8No;#HgU
z8sbD|nuMg#vaCXs<7V#9kQ@l_vy6E3<3$)B%e7K4qFkHyIKH{Ol(lDyc45nBxhQmC
zANrIuvDCsiuZN0HG+i%M-^QFt^t&$g7QK4^X#(67?*R0UR{_jp;$gsb#w>uV;Du1T
z^m`AD@iOZ<7eU}zB9Uv}-}K;)PGuQh$K?4Y8q7|6sf_swYT@eK?@7)eQGOZCs2DLX
z7~R(V0s4eabX~J)-7@XwN%PF1EKeBs*IVAnd$Q!qu>zYXvgK3h?UC7JrK@KY?MJd*
zUf&o^^?y@ohYzDcrm*l8??6q^?o+@A5DIkhc}AvvBuTuE^9DeF0F!idq{?lQbm|;-
ziiDhnef*z3TFxgw0U7Tt=V70KJ<vbvPr%uGm}^)(-Q%m$+V!i6G0E-UG*epS0w9X|
z!a}JPE9V~jw^tGW*m2_dDy#3jeIZq9-+-k6q~n9T<q`d;^1j6Ip4qnos0xjPUd+j2
z63Zem|0r-zBlLeI-&e#J?ZE+t5c|WgN;Z3;!r*3GYV7_jZi|ahNaZFPaIzC078>LU
zRsG6iPIPF0Gxk<t#2U-^Z7BKw_M<KF)mElBJf&dmw{;YeaLrwuiCn_{8-Vi|lpy>W
zH#PC=?tVj7ZsJ$`+qjE0b(<j>Yn3HEOVn2n$=HV##whR6*u+lDC&~mSk;TfFK|a0H
z!PQ&&R|>!3h=JNVcFUe7&72L@<;PBGPl84*)EUE{7kAEBWB7{?qMtuQ8%@w@y%hFK
zHOCfOhBPiu*TZf-*1$BiEZcNsOwYK@`DLw|-cH(=ZI;*zHzshpAHe*7fd|?~TAE%6
zYoSRn{*1Y<u)nAXA%H}lM<DjJTz^^=&eHckI?rigtITU?qvc87_GH{ioAa*54-P_l
z4ngYVs)%dgvK9gM*n)((=z7B4_yf1afFK$6f$Ir#p8-yT*6XsqiN3vdJ6{()0qHP%
zk#y9#aRq;QVVL2^$<zys7|8c9)CToZW2UHP$6hX5%AR6{nqg963^C$}X12ka_a6jm
z9Dyk1zyp@30bX5jqX(5irLS5*!B{Po@=?1DiBB}YvHleoMb~n|i$6cV<K#gksULsa
zp1TPt^$A=?(#eSJyW7!bIpXPVt8Dv-Ta-n<JK`4u)8Ws3X}IM}qUaNYwvhFN(TN%F
zlZ!a;i!-T3wwE{hP|Mq{%K6RqfUPFn?1o~ajUL;};lEWzm&5h+eYPWC1}F=qv442F
zB$X^b`_{Ez=%P(*O5dZt7&(45?(mPx##_H2I^G$zNgW<ap6z};Cd5a4@hB_Ne|~kw
zI^6igVTot|VRQaVl0N}i!)B#R)){7X3RyEYMiTrsBB5P=d3zhW<IU`TI|N*D?eQZ%
zgbMS;nzIz;d}2j1bT0wxjY#JCPHf<rY0RabfKdr&W_v?j;i{;7qLqM?k}0JW3s#|8
zkW1m|ySrhL%s<*-2R4BCY4urbtSU4O?W@|Q1dK3IasF23uF%>8CcvXNqg1U+&8b(D
zuwr7e4~L$R*rKdxo^l>8HKu(yGp^aGq*!uLhMu6=sS0AIrP>oosJRqcQy5t2GqJm*
ziCMI0I*+I?9>b-~o79x0+B$NTR=v;@W-qITrQeLH*x|Qf3nd|KRo@p?R-5K$7nP*n
z5Waq6R5xmNb6bFKslYX76Eke@h9kuD4b>h_J@6;Je$Xtspff7a>1S(p3pDs5TY!^@
zf_Hr&O^<@S2iO?FK_29F8A8%_<`ur=Wl;r3eXB1vE33Ch_Eq)!Vl);Lr+HAI(kuzV
z`oyeTpt<Wxe#FAn2{c}+9ipCrMO4X4I4#AfP*!^|D`?dfyE}DIbqY+Mbk3HLB3Wb+
z$24{b>ahCT_!sFwn(-U0MFK}>!h-xw8)=SgnTPauJJCGcYD()-6i@BM?yd5Z+!?x+
zKJwpyt3c%Ev;=L|))4c?9RNcgkawJ##suA1gj4X#4g#^xI$Zp%MkXPGFf^3V%!pk&
z%&bo1+3Y1e;nMN(2xtJ$-QmX0X5<7`pKUhuIOaJ$5>Cj8+5?3*I4FTX1MZ1vMl_ST
zX3L%Z0&;ZE8QYC4neArGGffhkElUb|={TfJx)6wT04N>+e=OADHETv~BfTk7tofxK
zz)U7k*!6>CDZ;Zo(ERqwtf1>*0Yxj(k1GiG;pE3?vfIc1E`0SwA+Ev!QF?WF>Z<?r
zG2WQC*ZdF?fSSt0cH_g&+oELtJm*8XR?vn0NPqtlU2F9LtVW#G*LcWBYa?RP)4zUP
z=-g6oZ6a%?5H>T{G`jSwkh@m>$AlV9YD4rtM$sj}u-DbIko;LMm$A#K)qYPW`V|rL
z-UzZy?DJH*X5SLT3-Uf4<y)xcG~O{f^v+%b&>OgA>N2;CWUwIpqdfRNR|D`FLOIsa
zv~;tI^S%Xe5=X=gvW|y8mU=`oP$rfODU`$NDOhO+Wh<gT@~t2*`tN>H19(cW8_0+X
zeTk<VvauW@tLRiprI2(Iz>F)e%@(R!4q@Lq7vc{@>KZS{VC{nX6Ub%+`E^jWoXb!=
z`}f7pN1VIUk{XesPhB>^hy1LdU)9Kt6%(?t_5}K=35A)*#&W;OLQSfY4VRB%Ul)sQ
zmk(kiN#1LRL4La^L$0qF#KzK#)E8kR#@zg-1qXHWExRJDQt^qKVRXX+(4;XBTzn9@
z4jpK@cPytg#hO}x(Jhfv7;mqL7-Du9Fx`j`lK$gwTXt8F1gq2mbX!T%4OXMT(##O>
z=?j)4ShBg%tT>o&Xn;Quo(W!pZ)#c&t`L<+=?nKHT{UwJn2P!;m#dCHNxiqeEGbEG
z%`4w`O?>V%^YWGO%;WA!I0ftn$0~X=s~lcc|MbDjdnmYk8T-dc%7mVjhqn|I9;yZ-
zq(?Rlee{q2*W532ANh;aOA#KaEwoe_hGM=gSXp9aNp9ETV=SjQT-OLSm`?WuTvuP2
zxW|B5sjf~bM&E<-(<ZlirIa9EmS47`VXc{u71rclFTXQc%*#|UM){~i7Npec^SbGD
zX{2?@l1&$-&ej_YSa&Um+rD)+m17>vJirOrPJLD9=g{M)N{1)4m}F&#EJhfei1UN5
z2E#7$8obdlMK3D|rchd!XUib5t0|BJ&C%ok`A9<=?|+r~GlTFo*?-@sXs-Y1ML1{I
zS0UndwR~Rx$nnvHG|pws^Ji8}RRqPJD9)CNKU7s9m%5|A4pSPy_f<`#Stdk}ub5t?
z%|01tEca)|gH@BpElF%l*Id1|FwdKxRoyQ5Ir94IjQ&Hl2354ir(#>+giUy5KICZh
zt8qA?PUxpv4P5B}eKAH`w&pppMNNlm&Dap5idb?9VN}<Wn`$B)L_)e}r%_;o@q^t3
zoBvQ1%JY?#0pB|tGX|Dgi2iSDi0I1lZqjlmO^xm%WWU8wyO4jZ<DNBRRwC7jKUwj_
zFlzDT%w(o3nEZw~s=zgO7+FlK*oo{|iLOJ93vPidWu;p~0C;}#>t_!@wwopsg}2!B
zJ_|%NzxoDd4gTauI^m}yL^MlP?W`tZG%E$xbb5E5E0MrmBfd9*yaILRwWB}ZV&5o8
z0ilU_9mZJkY$u=*K(dB%xm=t4P%SR*e;gIa(@1M`;AjLPm<8y?(@Lzyw>g%nu4dWc
zqt&a4efvYkITLg}wk@T}6#XGleIed^<wavWKsyt#t?yEEs<i4}{2^l3nxy{crUCzR
zJtW)Fw&rx#^k+JAXm&SYFCyuy7NYH6!eb`?>u+J;i+vx4Ft3qB?*azd31nRwfU;N^
z{unGYlTN-kH^AEwiZ>zCvc=OgBwzv)3B>ouy4isD1VS22P|U}kv;=NH8`K>BVjpLX
z>@NVoCxx?RG18a}8~~ydkwsE5Ze8N@JQ-wf)ZN%eZ`#uyvLD6sSa)2P-_`aqT@|}9
zOgew18CHfKz$V1dllK<8Wx@f?Dd%GC`nWMLSa7i@2;MZJCj^Nk!;S2hv&s#BZ-|+@
z{eY8B1+;tX(PAkh9Kk_J+6?tlhulF1^qkgIXLg0{s0Hq8x*gczJq2C0q66^Mkh+`s
z#o|Ch>qkSqvGaz%0}g7cql?T&YpS2Q1V*5Dzl%rOIffbZ!um7O0NY~^!AhP6u%l9U
zOdd?i2_^J;phtt^L^7(IX~VhH(KRI%?8y8!Z(Qh}LKy2}>d3<+{{dV0*aPPxa$_3Q
zQ06rypRuFjB@MLYQjF5FI+1O-7Om=Hx3v<%bd$da@}Ze>T7)<brG_n@RPS|#eJ7PQ
zsk+`7T!!|fXLKOznNDaAoicu`C8u%p%b<a2tRr@pU%cf)O?gO5zm)^8ci#~k{Kl8M
zr7dZfP(aU29X<07Ca=CrfhSMEIo}r*u#us5+C*XQhIb|9#19Eol^xc783Hkc0Wl=P
z@k0yv!=sdQ@Qd0splemLRJ57zl*qQ^S_NRN#`L2p+Ht4(lW2%ZaiFHCzvc~qK2*=u
zJuVJ0#Euaasfx_1F1nq-0_}S7ue+urXfIm@&{e)`t@5Wf+ke1VaeQ^NHe7#?8sfIm
zpM*hY-pJ1nI5OJ+UxY_+Gy79l^x7_AyL#4WrZ$0mjnis~>$|$_cGK!Uqd9TRwYpt0
z(xqXB$lj02XBDGv50vabFdUu)jtFO!<gTV{3|eX_9nX@mAs?!!_ZqU<U+I`3gS&b<
zp7TEAU32-j9}^fdH7JEw6kmwR+6ccoY74=}@FVzc%V))HeiYwKrPCt3#T_)(Kbke{
zcI*~Gxa9i^A=86HLWjNn*Q;p3t6JbBQemCki4{V_85JcoWEmq=Fv}KIm5?IFa+6h3
zTT-|4i)R}HL>7u<RZ8pcar{v%f%m2)cgG!|8bNQSPw29svTY5{zQL*VtX7`ft)(oy
zU9bdxYWF2X$BYIPQjOYH5jFS3iyzIffa%)T`7+4|5&7Wtz;pFX#B@b%2d^(q?41FB
z4-=CresK%gKE~(i+RzF1YnlviO*vrSR>`*zQ4|NStK!@aYLpTg;!i)OFzyEe=VJC2
zQCPL5x6xS;r!&J~&n;B8ryBs@mTpJ6*rcNxXl<5&-g_gO{`C!j{Qh(8U{BY?;;Ftm
zEA|yGe^sAB=_f0?p16kI82NFOU|OMCsa6s7;2-T#gmxL`!(4T~1X*yxm*_i&Zk`9h
zKRA?(2tQo}&hUO~yAHy)d~*A{EZx+4k?xUwRkFVO{sDX}A|G29?ay2v`ra-`+$d%B
zu-=C;`e)sN8~1Vhv(Y{@&S-89MWTv@=laX)y^3SWita+60WZr*2#tp*7fP4#P8RW!
zKZ0jr{z7=_0g*U>NP8Os>x2SUh5pNJSzwBRMisW9(^Gs$vMTmJ1%n>G_pk2h5W076
z6AqRUvd0l3{J~X3`Q^LD00`xwMdH_ypEmmGr)B}mcpn62-vqf^`~c`%yc?wER;lg>
zwUJ5Wg|2+H*H7@2bPti7U!rf}F|-?#z}6Q?hKxqP?E`o4+#}@~?#y4-_m{hb!M22y
zZ9O=OvA#(RkfG4T>!$2#ZzGw;tl4;f8M!<63E5W#ruDxutR*pfz~rGLLE8{M|M}*(
zX;Ydw)$)Y<Az~Ak5-f~7*qdaKVeqX7B9Yrn*#;@n@k3hz&nM-`Za;O+llh@*!kSs^
z8<m{{3IQC--nxV*twecMEN5L8A*l3PKcl93y3HFF2H*i8|8}^WsM@4*fpf%6a%44~
zq)bEBrFiiW_lxQ2B6PE)GlnGKD-zr2Nf2mDpb*o1$z2az7z^9|3O3L1?f(tgSGjeG
z=@7}3w6uP`LLiceL}H}?sdYBU-Rz1)wM8DG{WRK4V?g1ugp-ISY38PcokO0aK?PHH
z41}DVL5_qA%0Eix7`EV!eQ_Mb6eY1-M^te3n_9g1l?d#z*Yq`!>p^mepN>-Aj#kkk
z|JI&sd=JshmFc$YC9FEa2r~=#5|@6wDf(b))4_4lp)BnS?`BecMfT^{bZ0`y@l};z
zpQJ9`%f!ziCr+jQ^VE%t-)FDt;mocU20p7ISF6D4|8MZ}*+2+E813Gv8U!jQM&pNz
zUyX_fjopaL9^?sp4%67<FiP@ODorM&Xa<OysQ-ARpkYB2Z%H7x#<@=Xg=O;Lu+C`N
zg8jd%-Y@vOrJi0!QHflwuJlVM2d5%y;^bZlW;xkE*d~ADa82kI81>?U-ON%gl1CiD
zeRQx6pAKaD)?35$@5mvl{<d^e7cq{@fr94QQF$@02Pe@IdO$sm-1~wZwSHYD+qA9g
zTUvaWf!HJ(6bjdzi51@1jAd@J2M6l;CM_+id!atxYUXi>Lt@aO6?t>ZO8s>CiNK40
zuaFPz(cLeyqA?+#AH>W^9N(th<5|eh)`g@Ck<q00g3gKd$R-qM>m_jn^H?FgMvmXf
z>AnSrN=oC*P1mK{%N${F(?;qeN#mu)d*m~rMiUT+r}m*d(VM!W?T0lLAzMk35SEle
z9$$nklhawwOG>}%XA2AZ-Frfw%x~Tf7&4CYgWQ1s;h6s0(``VtolU%5g4VrT&94E0
z0Gd1TA&ex!!4GsG_|8cnLB>cZI%N(L(!Yz~5X+Xwl3N6N&PW8mP*}>IW+1y&NV*|H
zKH~P`pCueUV(pnkKa4th{8hfNw<Gu+O-y=GqwD6C-XrLhDR#{oxng*0l=QO@dmZ0U
z+2e2gqx#wezU2huA=2;YtR#+$nsW^QY&w80jH4e%SoP51fvm^7J6sQ@7H8>GQ5g4c
zdkwU>BuOpcpfwTUn*(C}QXx!hm292HJm!HpX0LQoO_2T<#_wRRInuO85xvBw@#{|v
z|28cd78yL)`@-JuT~t>r%4~hzoerby-={T`IQ%I&guA+cQXd0j7_@r>h`+|K>$-q^
zuMq-ON%2|Os>d|rjA7=_jqNw+2Z{0bm_2rhueH|M=VPPF?Nt-m&MnyUociC;&7#z%
z&tK|TDcSWSkIZ7Htf1HsT<IaLlmJ!<5dU>i>2B^c!ANLo%-B7Rc<FAMZ~4AAj9;Yi
z7Ua{?g)qvq=XmrW9@HjKf1F)2q1eEIw6xz#EzmfM2{{5vaR%T^<1G~IzXb}0#jqBa
zD!vW~{b<qgK|X(uz@D!RqYt>H8i%KrU@KOd&8BX}R#t_z>#Alfe#(^zXnnx!Y3KsB
zw;w@}z`+GrAQ|H*w^RUrYYh-r^{0W>c^NBBYcjK%1mE|Rwd~jeL9#XLJYBR6&EzDI
zVM+fHt%K7_)?ze|+*id!!2)Zt<@yEIVpbEd%-(Dq@s{tS={XYXmhjN^@_Bz-@qav>
zSAZt6&a_Acmk?%_aeTtsjBX{iFy=!yJC^U8V%uGjOT*~c41bypg7s`j%vvJ_suHWP
zH*pDX69!m4(Tuf`UU0f1^;xAm=onad*|vRBKqi;;JBz?-^1x=+;QON>L~{K(yQ)A-
z2Wco?-aP@Y+pmi?v1%9GZ#R$Xn4!OTxk5LoLq+_TO>);{EZL{4Lcwmt;rcz+fDVl{
zDT`LwM#$g>@^Jm(YcQj>M+<TkQURIpEa4jV)=jAOn{oodM^MP92aC~RjkABEbKxVd
zXUS|Sl52E)kJBjyoaE~LmIDHsy?A;SFUUi~NPGu%A^N=)FUQ)ZjG`}oqD-UY{iP7)
zR9b36)y6O`W2nRAR}!SQf)+eRfcU5jbECW3{Kb6)WH|cL-Sjfu_0igt%>Y|}LSd9e
zXY7G5EP*H#hntsI>lz0AmP<V>;yX7Z)SljWfTvgbjDLRVk3Q})3I<6IL*JzBH}-Qv
zFN16srds#RyFm*M;Q@4+9DNrzAqrbCWFnlA#@C42zYQ};(9%a3s6G$i0Zd(xVm@1b
zmy&mBsMPt?rJ{;bc-+mtT#;UHQ0bQvb!jYA`_xJ8FfMFLDp(dZ)Uu#FuZefptNVo=
zq}<1~xr>3X)>4x6hdkk5IHP#B#R(Ab(njn2{M&!8x4-U3_DM4Oybuz{=|Rymp3!db
zI$B#0r6j@I5VuWGsK1=wF0uX?0at0v_a$WTB>5F4a@U-+T!$2x?d_{dH9l5WJjZ=m
za6#<a66Z^L%~>gI5T+wiF;t_>*4us>u8iCU>~%(t*_u~A+^L^oP5_QXivH<shk}8D
zcR_BSB9*b98`IRfq9!F}?uhLBaTme8z_Lj!B$!_dl<oZsP3zAKT>OJ6c%-vy^+fL<
z)&}I&(7xNBtJDGDIwQBW!VVkEc7At^r%f#4mIpjQ*GKpLwT&n_#knMR_2E!kGUgEM
zwE-ROEGctXa`ZfJ+%EeNrMz&GR~RQR1@6k7E&JT#`%nLTU;fJd38;I#HvBSvLWy7b
z-!A{qXVE1YR$CIm+tMry{^bEKZV&{u@M+Cg(Lnm*;2`}80Oq9p3%Ea{c@G#xb6Ji4
z7z#f;4oF?pyKoWcm@rJnkLkRqY)O}Yd79V82fLLi&)VIxyX`;{Rrawrs)l`I9dB09
zuJ{Z)0qo7WJ=n@nsAtJ-rx2BXxpNDua@R=TL85?Hm?z)3!xa6oqyJ6NgZTE`({l3$
z9K769TDl@pZ;J+DC723yH^l8svet=d@}b6J%I{2mN3oOL?o<6>qJ`57#HNuhhJ5|a
z-}Cg=a%%quGk8vM{TI2k>5@XdLl57qY)j?d^hQRrjBzLfrJet68%%KH8^FEJMsw4J
z-)mjPsfd^~@*#w=s<g_^FvHGQe;piRw!Lg)eND>H+A?XHWxT8{ruqh~$DKUKksijY
zAh6RJ=38(3A`k`>0V&-O1<JX>1xwmEgQAWa3;U4s4VFM0))Z;_yFEQygt#XpHtp^{
zW1f;^!=WKFklN%r^@}!OJMMch$nZ-BHb|vuUt_AF_E1y;!C3P5V0G+|GT9Iq_8*7p
z8T>MKkBmzK(MVY0&u-&cQAo<1#15^BQum+O(}RK7ra|qKLonQUN4MlZD6m}8$JXr9
z^*2E0e2If-I9~pQcg^RgA}=2b5t11whm;DV@UqA`j3^p`Fu%pLsT%x8Gf9D5BMTiq
zvDu%J5K|&KHXoAyQ542%E)xs#EaoG>b@`JHbv9C2041ibYMAko3e<5ff4;H6yc*Sh
zzM5_>bc~ZWXN|PAX4L{wYF*V_WS##k-5#IPC+zBMG|>9fXq1-;bEv5mB~30Ypzrz6
zPh%p3`i=Lae``xCw_(40<z|KX=8g1s$A{ooal_Aova#3-e15R$!657*={waYK52!0
zTH6N;Q<&29gNf?{4gaYr6cBvJge5<V?AS%sSx%@l`um7xD%PQ0qJ3#v_}HH~%OA9G
zT_IeXR3xf!3`kZj0@+JfDO2~96>00=yHT>j9meVVio_Whka#<~i^SKA+ta~E?~4aT
z{VgzI?(u%sdtO3v5o!VjyTDdYC_^sC*qk~frca2M>_jX=-$ZAs_lbKT3U>q%=?K1*
zr;H&<nc<Iee_R9x(_q3(!odf5$6r;I2B#(gOZAAS8JwHwG~^vNvXmah-M0Uoa1tCW
zQ#k!?6=B>*SyEIyz5Z00vA;y=p(@;K(Gjne7RM{eTdeYRCK^RP8Tz9<LS7tCr<<A|
z1yB(mvhsIc0pu$qPF!B@kWg`_gmq#aU{Q-qjgcqQiEt$3vMA4(*1^b`q8|VIuMpH0
zRBYQE0&Qpq%~Y(<dgPRDDVE2CZ2j+rW)jUZ)1S<KpPGnTkQWXr3c2&hQ%*+WTzt1j
z+>N^A%al$ak8!ceAe|MW>(1Wto=V{sC9}f$e}hiiQ4ZxO+^af7W`Bat)CvFW7jv^~
z6R8h4vDTd_(7&&c{sF)P>S+|Cn8CF}mQ*0z6V8^&{`A8uJ9#=LWWT6DbX4ewmr4(r
zmyrBBX~sD?rf@26m#S7i9(KkKDh<#kp|pz>xH4b*cQ|`9Zj2@~)Id4Jm9sZy3CPmj
z<A!xk5@V8>xfx>fe~}r|Z;Se#gs^ovO9=(O`an6<=9e4LDt4`W42<PQQO0AdL{)B+
z%a%X=H>6ZplG8pPGtRmm>M)Lu)2d5x?4)B=7l*^F3@=@UN^5{~cvO{>#JkOoHT@ap
z5JOnGv--#1Dkn#Y!5lYWVIc+=(8B?||JQM=uFn$fp?pO)N+{GY;A_u3$|PX+b_&&#
z#PJNC(Nw^WT>6_on`IkHka+ILmh{*VjoZ|wP#rJ<C3Pr%E(wZDg#!)Rc%M`i`E2Y2
z`x3eLZCKX`m_2j*YW)OkcpWw|L4F^@6%8;BO!M;Hx%E(5R}ipN*fhn9Ahg{{Bji5`
zjd9n~SE`<C4YJ*Y_eWFxC36BOVO7I<qw^%$x99^ISXhGq`PXGCicU5stM&9&%}j)~
zr{-gM+#p=`2zVPu`WN<n#mi*9MKH!O0C*Dd7T%|6PXbmUjdpQK-mx$1kHXR7gq$)O
zqvJl22B_MKpNrFU_=*LNC{@DHu<`U)2);hW(a1^qHd6H-?J4MvRM?=@H%pcWW0N+C
z!`H%fEHX5wOVr(y_r#{P|Ard*$=@=&j6-hU978X(`NBG$?4A32SHrtWY}z=-Vgav1
z(oS7DBUHv{Soe=S2wdDsg=^yMGsC!P2zDU~c%UwmLTne^_KA?j{O@SDpvxm7`;ktq
zZ`g|nG+i_CDphGLPQ;Us4VxQ+SJ>x&CU^wK@<#xf_Q0%t@;Bwhs^>?5#H0%k3{?!Z
zC2{}alIvd%9-N+l9L9jZ(Dl#<54e}ep=Ugh5ek%}lqiS6s}#3$YU=<Hc<G>yTBhNn
z>R^ciS;^YR6-&H)gU+A5iPJz&x&Txnq%$h(uA{Ey&!=zs7j>SCVYvf+DnPLfVk{!U
z|5Y)Ox_yNH3tgCcmL9->OUB&+?P8bw<4OxK6!d@9`x>DIn9`or`l8Msk_Xf;?y&aB
zx|<;g+94#-6aT`lm9EMXzSfNba7y6gBN1tYocw;hvs+m=5%fXT7)kC=<w^I(&M_%4
zL=c4jhyGuK{iHE;0LD7(r#-!WBU}FkX06e@Ng*`*HKCt<ATYB@OnTS)vwe90NKtPS
z;J3g9pm7BL;75d-JVHu0;uk}J!r3A(c1i1IN)T<6t-famHy;XOI~#E5Mf;$1jO})C
zAZ%Cvkf3kB$McVM0rIZs$-rN25EcIku}pRk(SOIQ+!@64Kj#4$`Ih#$M`o}nj4Q;Z
zg#X$JG8MU9TIRS!nQtD`Gu*pE@$^dS8boN9zCP3WZ<X?l)NxPJ@6pi+8ZsUXD1=z;
zu=8@vPZL#(d&}4@1lP3U+H)Y)gK~FB+D1k-)_l}&d4Qb*zsPgoiyO7KgzpsJ_K8L$
zHp~}5R-$`{{#SVS(_ikXIVd7o^OBVvP9BdcKSIIV1)O5+LW_yED=Yr4L@)C!(=%GX
zefUZ!Wh=;SpF<$O#UYwdYu_bj{HoVy<Vv;W$o=eVn8ET3HQ*qYbnNQr;P~%t`$xwm
zs_W*_h28_7;JMf4r`|e++2H5sZ1M&FE}!7mTWysqlRB0eb=+#@4=+_+wrMp2BxR3o
zcx917W+RU2LquSwE8$x>y08c<vV+dP?qu<g0m0W7aKSI=UQ5kXnRpZVd&1dgInvZO
zU;QYVczV==HPnm<*1~WR4+5m~#4x#G5n_>i%P9x3V2SuU-)(YfqsoJF0&<uBaX@{C
zVyhZtXX39{BEgyvz-!7sw~hymCqIOwEg$t;UrLff|Fj;_zcI+M;1v#Td6JM#L{8D`
znhC6M)2m|7yp`DqIUxt;;e8|yQ?m%l+ue;`64x8T2<N}K81eCMx=hWd#KMw^<F{xp
z#(_+Mg*Beef3s!tRO-d}NU=U+^2mr$v1{`lj)eV<5y><OqEKc;Bq~w$;6adUx3vsc
z3A?`q%x8}rDU`q2vtNR7X+-;v5MeU;(2UCCkwqn*d*=Sy?UhQP-G&k#BZL1{{_MHv
z<MUOWq4F$|Jv(*R9(_=!4Ke-;*sK^<li9m<G8XkdVlYaC=6w)v`y7pa3>%G37)9KJ
z`I;$&V;oX0+#Hfx{VFF{_Qr~XYGw9`H|4|FpAkr+VVHG_iEWL(?Moi>A$@@Ir{;R`
z*9X6dgZR+jpn@_y(oYIjqk(}JW9F#2Avg{#+jn}&L~R`MnhLvWesRsh)f_Q*%VH_t
z`qh8sPx<A{nH@=QiO+{<VJ-<Dvw7UuAKrJAH|FhC2X%cw;@=t#giQ;X8j645`+>kI
zX8LefyoftJn8-GT!{H@!-D3z5ZJYsao&In=YUn=~J#cbzv)G3(59H=UE-Iq<Pi)Ig
z$nGVK^XJbI_vK3}!Lg#<`+Fmrm%AbWM`pP2#IN#XnoML`PjUn{c{)pci^|vZ>~}}|
zVz*Ru#|=mS`J>){8ymIj|2Fz+qfFbWWk@8<sKkCC$4aj!jdI%z*pY;K2_oGIH5Z{O
z!Vxw6%>GGz_FP)4Zs#s|eFE26PsBE&!1Ojd_>Kv1)I&Pf-7<Sw|DdaPgTMp3u-6ze
z$+_r;^Y37Iu8j;mg1<rthkA__F#U?tJgjjwnBSNG+4{|t`VO(8U>pxz<3r%I-pMPN
za!xy*VzK1%$M7k%Fy&W150cr(%B!%Zv>L~?Ang^DYUg+vE@fTxkTuak->}sQb4X6<
zrZ!X#zooh3(~i<zSl)DDZDCtSTk1w+rVC{@$TUv6!1uD<eL2F(K+Q@j8O!1CY!x}f
zQM0~@=oT;O#XV*}$9$669q5&B^zHfnBTWAhDrNh<M7+}Gy5=AM5tRQ3PATWrvDzZC
zdM<gkmxgN7y2f|PGl7$)F|bu~-Pp5Q(ljA-7Yy^9aGr>Ig@FuF&Enlj1GWE%3+2<U
zeKNX_ZD_%^vPzD=ZRqZ$m2K$3Ww|ZgV<TE_GtU}k?)>B@Qh_tGQ2Z(v7AS=0zhIsp
z{}Ghj`L!9Og3YKP$_Hm&k&>o;h06~TvU%iK-Gz~j3@^0P!^`tCg`G><YM$&5^8}8{
zij578h16W=50-u>m&Y4v|0X?H7gL|$<jcuTfG8`ai_4>F=*i_dA7!PVgNrFmdG7rz
zCAV388;=&YK`Rf9qHnG`_~=GP1*{^7G|n#22`J`)H3WYlSRZ7z(fc-%_1EO$T=mbw
zDV$RYfKwRe>1nlOgo&=>?6&N}Q`GmWWVovP?y7>rUWlSoXmU~VIV-r<nnfw8WB?tN
z;+>Q@drP_P$0cjRK0+%_`}w&Cyfb=loK+}RG4h`a34`)}t5DdW<u6Zod+IKP*}@DY
z1@_+Ps89e4TnD|KKrx)8nEaJEQOdYy>X8PZgD8KHfYNI~8o+)ulv1I9!YF($VGP=8
zFO_>PQ2nEMISDla0x+D93k!9?b)MF*XSlg3xVkHhEvU#MhN~l5w6vm(q_+ToYHHHF
zlo&Pt0T|x*1pn;_4yZFL6=D#z5abvX>mH~SonBf=X)*OxETB&x26GQ~je0yp|D?ik
zRVq`fT9TV&Y@_aYwUH0M$V7YPxVUw6X_Unv3NbInJ5_mLD>}FwR}9=OplDdnSfCP8
z%mW62fTXQFT55p?Zpap1)R+daln^?Xlb*VJS)*PZlu{mw+2dQhn#-1QCzn=+Z`zlW
z^rIm7Li0MJaKLKEU{1w>=nY03ZcSq;s@c)yWw{+Z#gDX7?wOv5+yqQeE@A4BMiM43
zc?x42D|`&$9lGg$;<{*Dy6NEmM5Yqd8Lv|~1}HYu{jxf!+}(biT#lDzyt~ducJu}>
z7HbAzlFg;<vPR(av}VR$tZyXY8Huh8eeVs)^+o(&+G3T@<!QBcH#ug#yDZx8`R>T0
zpdMX>DC$B0`?FN1^K#N)btEXjnLWNO7>B{4+3TfhMXs}<j`$19qWy;3M=SkAm?_}|
zXPuA0#Z=mejH0H$N$7r(_-2a_P27ue_{7=S#Z=4qvvKuKjZ``7rd8{+mK4EUW*|mk
zNHQl^T@kh_7tMX@@uiukjr`&&RcCHl0otvvq?KoG6;76zbR%N|?vImC0PZuiC>0Lc
z0hF#t;mAp$cNo3Y&9^a)l}EQ0p0r*TmV5XjCzr(4P4+LM=+BV0I;z@e*jMCf=Ri)I
zt{zKc2gUFjlZyJWz3aoY3sCF8E;zNWXL!x<*}9k}G#j_AXG~l{o9W%S^@pb#;NPf#
z#`d}8AAh7OIV8<ek}r<a;Vmh=7p*dqufIrqw_o_X0w)h-U>CBLUHxf7Uui_)ZFNn;
z@nN%TM57`n7f8mr$_yeYlnaPEs0HRQzKuVZm8vDEm+{v@m1`wl&5XB-T^{f3QmwT5
zvq#GO35upb7Ex8IjX~YsMU^tJjRy{60KsseQ|q6smun^OCQ6GGjOzQxB%EsaPX=|W
z$9DaKW$AzfgCZzL(Bl_<TP^D>^q)__fbS~}e^DA%XVP<DSaNc~P*2}AP=xi-OGfmO
zEe5lKE0loCU9VfQ>?}mBTSTYStrBQ4t;1RDb4RBVqEWhBIsc=_g1SVlSY9sDVp+>k
z9<nu{gce<}&ZZ%IwliRXCS9s{X?HGr_WNjwQmRvI=cXTXdb1Wkcrm~E1}aEAr?dRU
zYa;dX6=NXD79?4oi0(MEhL*8e=;{3!^-!&A9lpI9-vwOS(I}O!DMC14=)KZJWZ}zm
zJ^MAP7kH+L7~(0u^M!X{)4y4V59OS_yq4*}Ven8++wkI-dw>|<hFo@K*@|4Y8fJj!
zVb+RlsZX{wAL;Luw;s9trh1#vLDl$F_#XN8?d*3QAKKHhFltM1C%FR!DwR8#(&ymD
zaJbtoM>u|$;!QZp_*OGC6c3+fAIG<T0tXl9#kxdJDAn<)13sC4hoJnoY6I_HuVl4J
zJVM#R=o?2o5+3TgI?i+XMW))2kXvpsjG^6jlKu9wVab0E<D6FxTt?kQO)Pdy(0*=L
zp{Tf7Z#Ss8TyXRMpG#Um#nr$a*rpJ2@Vj#4@7Uw<+`Tpc4%88$F%G_8aMv)s;CUMe
zn=xZ{(2t?w!cc5@+OI>tE@DuyYrdvXu=fTl0T2tWr8?l+m9)~A&8*qPB68655Dxn0
zGko$HqS_eq)P)BW!f%ABhVRB&<gBzm#m7bIzYNoMy!OQTizlRA>?jBPa^kBxHlM}6
zhj5&SX})Msu;YI(XdXi8rg<S`ERW)>nc0l?5Rj;i`f9I{oE$&^Uw!f(+*>tZS!N8M
z?Q>nR$U;lVa+UbG%=LFS?l;<N5yc&k;-YKZur>AE^vG1PZU|zoSBT=hK}i|G=ucl<
zbdDB;-}R+?@g8;Y9=$sFNTnH0{53sQsPeTQ0>fMYWpA|@PKlW01F>B~!Cjby{+G0U
z!FpMC6zG=|#Ix&0O;A2lzyJ2b!G`5rIiS=jqsU93^nKai4cKEcp2DJtYmjE*h}j!p
z1*xs;5WeUL?qWsss|Ei;!<*D9E873Rv&bl1xfwf7$eY&Kh<*anF#hEnsoOm9t%Cww
z-gJX)J3#|ANdq;H+?n)#vOX#dcn-<G{NH&iXe842ho%thQLZFW91*^)qVew~wWjxz
z^ieU3tSEi`)6$HhBz2F<rsVY(+Pas=CtWn6BCx6T+DN%H9j`bGT+qQ;Lf=GKngH2E
zfXR9JdPm%hud{#=_tm(9*;IwyWL|gGqH<j;xCLQ2wq*m24l3{G*4il+b;K3=|LV7Q
zc#RLNEkAMEVpH3;k=kCFwBnijK-`y6xV9PGJiY+K<;4|T$#}t~7E#-Enp|;t{0-)T
zo8+Wg_#iQs@D=hmF@<vz>)T@~@3dK6ZIlXnq1qU=53@e^_Lx@**dYnO3=%E<qv1xf
z*1;MY{#as%{IHBCMZ${C?#rkww|_zXmkF#bWw(^s8+R<3^Lxu|*pf45qzndkR_1p@
zXy?IE`B=QMLRaw_deD@t$Dv&RkEXW{h^uG*M}b1SSaE5A;%<df+}+*X9Ts<IaV_qy
z#f!t@#fle-v$(rEd-wT$-}_H;GBdkLPUb`=lTY4T-@nFYJb~Zob0(RNN~2tzncP;e
z%4zT@oE2D9etG;vBJq=vlKxlb<o#b4U=wF_N&85S`g-MGp3yF@IU=i0u~n_GwyZ7A
zJ;Dovcks?7LJ`~(=v&f(A1^=SZ4KHWm|`X6T9)(}7QzG9DT)_Ci6W~vVAL&3bnf3a
z48QHDe$%pakWdD~4y+jo>yNF2+Lq~}{}j`K!TE4fM1aWShipvG&k{2xxWG*awlIFW
z1e=|2A6;~c3hs{mnPOvONo!*+#Ph|b@ZS4yGQMbpnEK!}K&Hvw)3<2(4ZjO1nJ!0$
zri=R{+LQ3~O7D6uL{e{u=Wg3x^ayq+B7c@BS6qc9D%}A}t@6k-jOWuMS7e<lUYOsN
zLfYl5w=<cDWAAYcTn)^3<)(--1;~;3a&tvkZk=0fai_I4^k6;1D}ld7nKH`pL!G{u
z1=cXLu<Q9HS{a@6dySPsX9%hY^Wln!P-0gAv1)5y9Vx%&)tQ3rVtTbfR6`Cgx1FRH
z;Q^WAmpRSZmt)QZL&4}gLzN6e*VIGkO6~1ne?;!j$gzAngb@j4fKLjWsW*U(d1d3(
z!G7)l4vFg-a3w)b@-xDhzF5=w`;-}697(mrFYRo3-ipc`*Ew+`h=D%!<g9CjGq|6M
zk%n9+qgry!l;$$cUYs}vUuW=#0^eZ}A;<bYbtb$HLX)16pzoXVU*g{4xQF1)=>EiR
zTJZTQss}8uqYNnwEBo<=i}tv)^fdJB7_~I?)b(8YQu5sSzU+z~2p0!_dWH(#uMfRd
zSM}atAOW|LfTND!I0CSOs<)hMx?I2^CuHdPxJGb?`L7k)ppqFOa3#LYi|CeopIK+u
zA!+9{xzSM(;|qcT5h|oi4?OWjjLj7-OlwH2x42=0d1>qPhA_HEB0EQrG4~5U=+mHm
za*`Q+bX+N!(eB>qg--j#PBnV&r?;EjA+THAuqwxAMlU{R&5r&i+N@FUW6rdqG415m
zHap>L?!Fa$B4GL7U7eqHL7eOBZT~W^Io+8Ce>Z^bsi}Yv*ykS~TguImCW<kU-a76^
z1dMr!D{@Y1r95N-LE@hYApB5DV3Zcz6irBLO-L&h7o-IR^1cdeae@bqO5Aa%>IvYE
zZynigz{Su(BHB-F-y7qe)JyuaVmzu>GwTRk!U(!nKm__SLqdjB9^%aYBM8C>&&-f+
zLaECoZU~K$<!I~4hp)vM4(yJ^5`Vc-u+y_!X>^L(v(1;LW$w$zvLX`#x9RR;alrm*
z)LzfydDf)+r+3`ZdfW04ms+@CA#5;7!{r{WcT5k8_3%p^KB+TAHm;mbFfZM~KF!U+
zN#oX(Gq32<3&mekGXRXV?ESp5PI&QSr>3oc<!{1USgVN+G_G}rNO(N~3D}ARjB*68
z;e&70y{{pxtWvAM?bDVX!+kRd#oDl%8_|@PuhHQ;um8BWoVxchy*K0Td=HWUoZy@I
z#ogkT!;@F^==M_Q&AW}K;Sd;#4sdu_jTqm-g;T9t?i(b}8RAEy?4?*hX6JJ4!LP<~
ze<@GItMp=XK?`<6r%|5ECiCJ;rT5~qP`XLEz8gS{KBv`Y{mvEalaB&HL2SF8_v;xE
z-ck^DeNXs7a1$JtFU;nHz^Z36syCz%*7}M=_m@`r0PFE;-n1u<i?X-vItr$3uPh)0
zp;rQk-y0>c4Q};8{Q{qmOkb|^^8cb+V5d2>Wo$^#IOuJ^94v9BSkN}XuxMR=1I)~K
zfncjcmSrJ^V=lhv?Wp#z@)!76##fq_6oZU7OLijy1&>xCtyl0gz<l|V$n24oopiOU
z?>k?{=`6EjbEMhaD3IFIeDN9<=x0{D6qlx>&<cu$wo6yoeweO^_v!Vhg|r6TiSHsX
zL24CB+Sq4ym^TsXJ1RGrhlaA(9S@~$5ef$169Tz*!FaIl%N(0^<w@--`%ogR6@x~F
zBSXCKTrd>~ZCM%8Ylhp-E~|ZWXhkhlQGkZE3MsvEL2L~^blcK+*-^ouf46IXY}91_
z(OVU4Hweg&Yn6oev4(AZA}7-YWc>DG4450#+qTSU^-68EOlq}swBzzZRDaaJxT_po
z`7MKMMyujA$dB+h8yS+N118B4Z%}HIA>r}0f_YjrDxfHpeWg)LbZLKX{e0zL818=r
z)q(pbxL;cJEpsb(G^Dk4=eb|+PF#Tp=s>IH$F;P>e9Mb@8Mbk1M+BU`8=Y9-f@2o!
z)qZN{-WJF-T{ORxW!(oNbKycf6v`IaGDS&~&R-n%1c`t(2(e=Ma*&}@SMr;y>%h&L
z<G`GrK_kRFe{!#5X0I66?V8q&n(me7e#gh|df0n8hx0!n082Q^m$eNsEOJ+a^Bvzr
zAEGq9t605bJbi^~+%Ym<OE*plVp_M<=)mQ$L3{O`Z2-L&k@e->CT{e7`2}Y?g)h;6
z<I#%w1#YxaxpLxByZ2bit6o`G)zkMNkGG_B76+8UGWw8K)L(&}#!5Ft`=?vD(bsD7
z5Ox*>oNQD`_=*=F^>eFkIvngWRIJ6E>piyA5cypTR6%A2p~Iwpy|qeQ_cGOkRK@-0
zZsYTH$q$6h*_{xAl(!nS|7v-22p!T}rrwySLj<BC0-IrT6EZK~iJHI_%I8)AP6$5Y
zL42K8OjEw>j0eLu^9?AbRn`dkewYDR*A7uygAgR0!w+`jgP9w>hy+qif2-dG_+V(i
zq;5Eb4X!{carq>&(fF9xl|BI(xq(j{C=Q>IDwDHY^Oa)u-X5FKb9doys_E9UXXzjr
zG+snrx)+?&c?YnIk+^2*w#qZXgXZrfQTtYSeW5K<EXNk_mc!x9<`!~V$!F;TvWLc6
zG_KN;YcB2<IHH?uaG(18ytCVfhgSCB%pMnDDw}{>I9>-+*<0w3)|{STYGy>>FcOf>
z5ljMWxSwG3H@S}c*Ri3MOSmpOR0ze=EFH@)6wVF?@Ps}2>hn*qge+va<1)>I^nu#&
zBF*Mf)0|hL@DSIK=N`Vtt8axTruAu-9+Jy4MErmHdK~oT79B84KN8EI_G9;1)arRo
zh%tyWYQI#EE7x?wtv!}$ouC6|^W6noD3)^ztUcY`VN4gpl;l@jE2YaT^ERn)=VxPZ
z>^>MTM?}T=J?lz-X3<rsA_KTfAarZu6Yf*m_=^{xqfuZdmNBR)1zgH_42;uzLj}gL
zL${v~d3vElec4~=!0R2CWgk$^TOH5Kul)N~-nt7u9PR5};oHFeCi_!tD-jCNa2;^o
z$^a~-0(LxmJz=&z$8Ah}o8EC)M2i;rwg{sTzQHJbFv>GpG;@)H&&a>8|4&zUcG05C
zztKg)pb~ih+_uKwl{QfXyNz*y-RdSwDmc|H<|S%-+#6`GP@25#1e3R7GUuNUy~#RL
zH%?Q9SDp`99s_*7Ov@sD&ee5>1Z2w01k$js{B68?y#XI}SkMf1Wa2&zH9mIdpZ&Vr
zBeIUQ+4T`x+ZDBTtqR<9fGk1V-qMg`t(m>5D7>ycwrip{;wr#3ODtYE<fBB%v$}rL
zSu#IH85S#w#@C-(@f964Adx$#IeO6WXW=R!5)h~j{$Y+{#qMj=hQV*g?BzSQRpY@v
zs5c5$c%S>@9JM;oH|BbtHnYfz9qChUc5Anlxa+-unOM0cS<MSG>sqvV^e(L9fww{g
zzB`G6?0{c$<(>JLbOXl_vjS+nd>4kYT_f}Z#}JzC5#q*yJirWzOZgOs>rd@(X{8-y
znG%;rOep^AnJ-@7JQls|Fs*SP6tC{=J5dW|*I!YARZ}lqkPw!4Q$0A~W?XPzTx(iL
ztJL+sH-*}JpOpn)z4u3YJ=@Gzw@lG{jf6lTgRhRGKkduLPcZT$*@xA;U*-aEA6v1&
z&5d5q4)}vpjj(wzDZ)C8;t#xR@x~u~(g7>9jQrF3zqY(&ihgdS8>wse)?;4q)mlk+
zT>0=<$HD860jj8S=-IdOz8%upmsjy_|Fm(PUhr{khxw4bzOiPbCZ;QJg;6O(AHK;k
zSaQ21r?tCB?dB;r{j@<pFs8HUqUFdl8m~v~K=SQ%#gGUnfDp&xU;uk05dF3SQ`lDM
z_LH6_{&Yj`hC|8*vsL$>6}r9^i`3RUzLND_5>ALD(vimUB|gt1-{5+6NZjckAL$qm
zQ-XCrcY^$#(_lR)ejsVZtl<Uc%vMdWeKbLjniuuj2gPO_utI}Z6;Jk7^AcFWaRd_n
zpC>uzp<s5=m_5obIxgV81=Irq(NI7s5j^!ie9M4|x4^!@lXaFA9ECkFNuGkUQ_H^|
z61XfkOfWSgxPjjnm=<u$4#!MAo$)s>&?=B4d#leLMZn(m?EHkLdc}M{;}16Ui#5O9
zlnHu{*d||umV8Fe%Vq(BT_X=}{zTz))z0_FZ=5GieHyg`J&6ZUQY#N<tKbL{#HdcB
zC>=+tGkmH%Wf>TXe<Gb|((kq4C)oa3&C_Jzfk4C$?W5S3-;5-`Sp-vm<0SnSZbhdT
zNeK2|N5#g_rJBqX`@tX4&v?dmv34Kwn-V|DYESuvlEH5m>2Y_H4K`Z{OP4LA%M%q@
z-luV%L7GX6VOcET#g#4(n35w%7riuzCS$t|SuM0ta?415Fhh}8z)k+$)YzLAAM!g8
zVeLM7a*<wZZxVjFQn*+|>f>w^ZnO+N*uISpMx_5rqEN`4BU(t%o?$e_WmjIaKZeH9
zeNN}wjm&2NP&j*F?UW=ncmQ@vZYv@<1Ym-BLSWV4f)I<C66F6`(b7W#Qc!ujA|B2N
z0caWMaTBzWi1-vcyq;e^G{h+FI;8K^93ZuFElBld=OO~bLggVL`>GF97QotsATuEV
zBpNXj?9Y>4bf^!Zxt<z>3Bqh4_k!c4gaYXyIis(;CPUsctKTM9rY`|SVSG_zpY~Kw
zav8m{{b6dek~i{gWb1TNKRTx!A4nUFfsF_p3|;kpHmlOl<Qp{P2#IaZ<p!4StE6NM
zk9pjKVbs!#yBYrIHgDVx5Aq&#<v@p2sp5?Azam4SieTXB_k=B}w5+}6K<_h60{uc{
zsOVPnHO%`sW45;maV9z+F;njnnj_Vqp3=0>>CLgh0c##Z;COKxdqN05&q;vVsZD{0
zRXe?GLGE6-2T}0dXS`F36~twVon>6SlH^J7<-ndAXwu4Bt9wVZ)7Gk?RY}4(PW;)v
zWrbn`r$C(`*aHLgH2j+WXsZ0;j~4>dF%!csE$V6THU0bX{nWotzw{CPU?u_`dYfx{
z&hc_GUl-3(BYk{xf9EAhn<+9MnUu2`zvvIwNXyJDsM@-VIJaBY&#VO(2F4E2yziQh
z7^W4Q3Sav?4vB8j3eW-UL++c_J)J>C^9Y75&FQ;H8&<eY&nyK8T|uHsJvpSyq>kwX
zK~@OMtRh2wEX1cgsB}p>M-vgQ`2aSY*5oL=hTrc(V<`;0x4xm$y_rNM>^8TaGw&K4
z#MMGg31V2GT%FRL=<+8F@fGHX?eP^<mXX_q{~f$&GYBk<4J40TXKzyx^ueWKS?xgr
zCngAl7$h~nyHd!o7@*7`4R}1L=nPwX4>_hmM5ISxuo$VN8PmliC<x5?u|S^#((Ao-
z>{qQqiaCvOOw(o7wl`8|Za#xIsidG{Zq}{u1`}C5riS4T60plL7oGGA%qsjR;ojXe
z$KaTp_j|b4NC-u)hQMC;C>xdDmZ{`I)*sF9vABNjK2$;Ov>~zRSXA+vlwkMn3+JJ?
z&|;DIl4vwFD!p`JRXfx7-J-84DKU4xnISfR6Tog-_^RftxM>|1MZKPz5_+i|fEK3a
z5ek$9iFp^zk4^=h^>b~;0gddfb88=VV3Y!XTzl}pTs_-n3EWhI%U`Fdmw#Pw<xZO-
ziv}oAUR}QInSNSncxM`tKfvKfY=3h$8RyVP5e>^>WYcdFV_lG}^@4p|5S246>i0f@
ziaARWnaEK^0g%_YbDUnReS8$$BTj6<6qZ90G(Wc>cizW}b73H_;=_hCs%_JAOJ!F&
zKB_2ecX)goE`2*`8r`b%Gluarop3d+Qd~NZ^=#w#pO*B4Bb$UB&E}}=GxdAqsvSY|
zvet+?Gf51t^%t05B-JlKmtWkmfcpB&0D&5sfjl$Nc8ox+gr)4l+*tu=Yek?&Y#@Jn
z#6XrR^E|k)x%5rRJ#WMW%jfyC(VhA~|4vZRKkQn^MeJyDIXZq<P=~u5-J7=Ppa$HU
z`Ch08{4%Cd-DcN=2Hg3ph{`pFtpQT~DMqyW$uJjBZ?+u$Po~oUFioo9G?`1a!6~|0
z@ai(9bm@Oyi2z9I;d51Rj`urn=zArqFL{4D63DCcwcx$(|G4Aza?B9FV!;N!g*Q}9
z`qn&9jfSIujLv=sL4g_!AS&(|y2}8k@;dlqoT0j|?ox@h`N^|f^+bO6Um#=ZmLvmg
z%g9bMu$Mi$Xsp5@i<Ld2>8)FGTxpeZ{d|lrDP2YGXwm|ACEdA_D@{dTPjWMpyyS_w
z{KAk$zyeU&$4+(3KeKT8Ps#fV_v4AB8j_LOjFN3|Qo7o>_N2zSwqk<=&wn}m?C#0g
zimqHfVNI(`a#YG_GU<*V6N<v|4OG2(NEQ`p;Ki_l8`tKl#WuK*ltG`mM>MLt>S}K|
zdrCGP&c`($X7HtT7XNIApq77fjK`|F_L98CE9cIu^)s7YgI%t9dciJ4TEi4cq5%(g
zXOqEqSUI41m0(D<=E~jvY$75ii;>RINW>dGuuHew{S3Z|xjWp7v^iX_w!pd}WZ|L!
z54Wer_&Yda!RbLZI*hTRZLQ?UR%L*KN~-#Mw`8XvalV)xJ^Q?i-xnCTO;4KLg^|=|
zXS{AdS9Nhkv*J$Ekgd01{H|MWU4zbuU1#Q2=Y&2aasqdN)73lBu}r%qv%fKI<WkB8
zcbIdGMFF<&fSobd<42<7zl!;y|5L#Ni}T?#-t$kq8&jgeMhAU^rBht;6?%TPu#TD)
z`Xh&Q1Ko&!MRH@Ne?1<3nh%CMn@I1K-Bt%Wn`V9K;?Fh>baT6Kzu&3;=cbt6;>bF9
z)diMAl`Z$8&h@nU51^-6Ze>2*)24WqUb3{2h1nT)t1sU=msUEbNAt<wn}8z&d4KVA
zPWNV)PMLM|TEl8x$fb}##j4}gz~)P5Q;6*?K^nQt9F38gzmQ_@Pq%2i!<?YxL)^gf
zYnqum6|nriIQ4lkU1!2o?SY-l@xool^2u@A>eNK?2=ON#8`gr;OLx%ie(rEY1RX?3
zywIw8%!>Z6Z(I&p!*8JveAv&|QF9w&xIJI6pRZufkzGgK5n{O6A5{{0k6qTPu-YUQ
z1^(&~d^+K#6&K<Yzm$$-VU!pyWh|;9EsGS8FT6KQ&&T0)2CWB+mzgNnZ+D5;7LJ)j
zpJT*$s#KC|{HuTcI%rw8Il26D{_lWR?#G}T+DDIZ0$xKNQI(s>MR5jquX8oG-z0_B
zULaAZjYB|sZ*1ac+f%dTDC3B2t6Gx-tmt6T0m4dhk$?540EuNR6n1}yTAB<R3EFQn
zVxc5Ps57kb%KTVGRx&f6ejY5utEvmgip=lecS%PN1#p@p@%;rIut?Dda5H?wkegw9
z#+!*rP#qVNEj-uFUZ21`E(!N4Gx4gYG>2PoI;0!qDKu%EODwSk@Jeoa#)`t~x4z5m
zTN2JuW+Gm1RxmyNLO5tO+!jvB@}Pk(m!QIA{5fQPH&ALAFCC8<uIWc#e3htF@HXxg
zD87@0k-OmF;f7mcd)xlOC>xqfuP`siXUzNbf$#HMzx%j=;^nh*t=MnINGc5&l1a3h
zywuPW7!sZlZh35>z=j^x7w;}AmWhK~m$Q+Vr(2sI(Boavur@n8OiP!QQ!pJ-Gqv4K
zJU06%Ia3&&=oa0{FFo}(2*bw6aZ|;zO32xL4y^9-^wJo-7JB35x!-|&<4V6#L=MLF
zu@1qdX9$T@Wd{7^qchNz4x08o$4r4}2xFB<W6@)0{gpY$C6mC8?y;I$TJv?mfxP9N
zUvDPVcY1nQT6tPo?w_1EYAefr++c&9PZ{z;5Q?9(E!}Aodp%;^;**>*3%ZgB@OO^B
z{jvsM?tUXwlYM`HVr)>xe?DX2r91pG+u;{(8qu5Q6rync@-#-g7${I<mfp(}<equ;
zJ7Bvh-tN7}Ho{%n6<nvZ42Gjs05qQRk>pU&%5D178u&}s-X{`drf)WA8{AdfpT@>X
z-x0$e${Tr!Nj!CHrMLjM5c*Jce&pA@b!Y_{$3ad!{62SK^S&Ds?=W&Rf8BQRbxz`I
zNPP7*FL7uMD0X)erG2~QlB(b((<tH7pu@>8RNn5cUWb!DRNjyJ8=RciAuvPj;;(%w
zqdVM=3d)Nj;;<UNLAsJ})eG0hl#)79CW8_rV=PxHn7tkH-tqmLF}xoQQ&<Ldyh~oH
z_jOK^kec!(FT>6UVtBvQ>kjpAZL#znNKDC=q8^A8^URW`yCE8E$!m3$Y){DL9CD_+
zHFf+Zz@KF~ly0ZO$4{p|8_R1O!<{~g+e2qatEFTy;5g{0c3W#yT|#(bpDDnYb@xl0
zB$}f&kg9Wo6to}mT9#kGCy`%h$lc_8g0}Gg%)g^8P-iWuGOK=FrxBB?LW4jN7FpEt
zUWFLMq-4X1*9JOw83E<+rM~c83Lj7G*xjnJ7m?~=5{t9!ZZDfdf}2|OeOB<hej@%>
zA5WCn-T421J|)XBpp&Vgb&0ZGiRS}dJY83>Hsjsrba(Zh@dniY8oi;lr@FW%s>>D|
z^B5x321n;!{L=H;F7z)Ma)y`A@WI%4dIwxZJ`Man>oK>#PQ-l3f)6iU1Qxs4>fImA
z)~+u<n`Kh``xc3P9{w7V6Q=WXv3E$=3=ds-YhOgizi9pD2mjI<A7IQ&^$|ZT9lG>>
zxWgl9uD$SHe2k8d*LvX3ag!JZG5URZbCDSK)B+i=Cbmh)^3E7Z+BghfzW>+pvv^2j
zra)eYezs9Wp!kNQNF=xJ=)fzL%lb-#1gGxmy+ilU?T9L{NP687x4#Bp$gI6GW$1kc
zFeNV#?Ea9gKRa{qnKS_2KAnDQlhjE;3To%#;;>FDG-HI2@+a&@gr}YrTxQn&KLvj~
z{!Y@lx)^anuvp9vXCX=c>h|%3tM;&srvCrl*R%eD$O849WRFar@gkJ2q=&69y6eQ9
z#G=;q1VKBUUg?C?Xklh9PT(Mj1CS0MhI07L#hBF3U|2ZV0PdK5H%j2PBVNMsgqHd)
zOAEf#TIBVdc=6s~p+U-6h`u4;5B+Xs!F|=uEdR2zH_s=o<}b<-I<0QQGh}+Rqwjxh
zrqxzhyow&xbtn={!UbpHFXHe2@g#q3`ZDT&wGg}sk0*CL5sBDY;o*WWH6vfMO2T_?
z<#J=f`k&@ttWGzq$Gw*P?mosZAf_wuoCtn}pp$qa-X&u{k1iNvv{eqAmvydVj6DW?
zP~O9v#@OjKJS>Zk=91_kO?wS^_zv`5ots&W>pH{=7I<VS;9#j3R%|gP^-z;a`d=x!
zU&`W3VWkKhc?`f%&cmNpb1@cjQyV@<=!BcM_=DrSr$BNK{F9)Kv1W_`H>k7N?Z~cG
z+Slra2>JWC^7(dW5+eCtyRtrTjQ*u7*0$A6y}L9UXwQ-KY)i3g=51CCu1I!~8+MZH
z<&I_H3U>K->19T_?hH?_`c?<y?y5Yt$2Q;R_CK}I&pYb*%MJh01Fs;~i<R+ro*poh
zNI8x=GN#b<>IxyIh=!eNm0vje`pFHiOSTHs+czU*qFq?0tbI>?7rs7^<)gPx8s$Nn
ztRfot?OI*?*_Z(;t^V8+Z`<l_?L2(#!iIjmxYbrbsrvUX(#}Eza+VtKIKxkm!?B~9
zBW%WxugAX`Zq-F^m<G8`3gOH&$l_{63DE1>>Yif~bhp8LM$71^l*;OZ_+sr1HOpec
z&kz4g17BKpnGliMc-7%E|K%p;IX51o%)5KmB)@r9p>U1k@$;}%CliL#O@sM~uV*{s
zxRVxL%djf>SQhfCUFGYuq37xL+45$OPW}V;UO@Tw62}-HiD||zAIV{zcX{zcpGwd#
zzWz46W=p*(Pwt}$?AD^QcxxN|V%T_DwZfY-R8!F-`S6H`G*>w)v&Tp5OA$-N|9W;*
zzxHqQIuh^fJ8DmRmD#+3^Xq|N<JZl+_(k8Xr<rw%*fHLP)!BxfytaUwARR(~BdOp1
zFqw19TjqOrrXE&DBmryDJFkM`wRg^p2Zexb&1qi@H+^q17{gxlZgg&jT5T0Ymnvx;
z<ugI$9?;4=!c120(W1F#*lICR`u6yfUp!=V&Y4kdKVKG+uF#T8I4VKCZek-}Hss6E
z$i1?DG&9|(daWn-GXLDnQQ^lL`OXD@1iU%@jQ$F|81?mR`tEhXxgS@FflpXY0n*Lg
z1DD5QBz%NnaSqo$5yeQX6DJ?sax%9`;&-UHmz$fx18g8Gnu+ntk5Vq!Cm|1E0lm?g
zFD{mMVm^AUDR~*Ar8m})bEnnqdM?Y3_05OY8sCl&<4^hLPLYaf_sXQO44j4fy&{Sg
zU}du3hNI4>r;**Tcjj~Mj%*pq9S!Gr$ogyCJ+Mh&;vF#{)PMC+N*J_jyW0yG`}e00
zE3GP3jDqRh2_&g~rt>kTezlSKi%Gi`4@JLA)y)&&?c?ynf5AN#L;p4(+@Dvc<mB$8
z<mb)vj&q$!wAR(eoKKE0@o%dxQ&){nV*+D3n=g60WxMdZvK1m^4xmRe33#DG71<Xu
zjz6i&+oGpzfyZ8V$`MMbGC?li=h_6k@4k`b3(Rg_E4d1{TjHnr*1nr^f4G67Dc441
zVLXE8R4z+D=6C19?S|`UV;~YlR%K;dZYmjqN)3N&OgJ=t)uWbIj;hMyv)mN<u*v+v
zS;KXK=_EBlS%CC1JN`T~Ed2#A@DjQ1=C{t|M<|{_DE?Bm{lRi`>}!9+*DWp*tMJbY
zq)<GOMG_GhBcgCmWAFz^;Ky(G<#kJwMg&kaQsi-yRN+v;Iis|;W@4M7uf1pht^^&P
z#8-`_D5u+Pwmrg(#x3KvBfaa2kW<%P_b(<}KGnpR@?rhIZ?)&W%5K=UNLYTj80}+~
zq31K6_?YyU^&>87DP1L9${+7XA2(EA%DbBL&uV<M8~WzJUuwL}k2R&vHXdo!p`77V
z_O*}eH6;Z5TAW{P_bX){J%1J^p~B17>ZqX~{iyM$$ikxzNt|UV9Ab@f@7)f=U@aAM
zS(kgs42aK{{j*`~{ypohn873BIk~c(_r|4PzvUhJacnYG!L5Thkb0OgFXe$@?c13w
zYaj6A@X)0d)C%SRs3$_}@2OAV3-HNbh!m!CG2mYR`E#0_y=#uf{E1KArX4n&@j<xH
z1p|&)ZQ8gS-S+WAZxaPbMgnjL<azRb7i4<v4Y$!)2&t%#fKtfrgjZ-`tM%Gf79d@0
z9&&92_GiAQS0EFgFhfbnGP#?*ZWrOz2RRi0NK4g{w)2K@TScx|WG@(Gr&*M4{+RWQ
zbGJ>|{gk%AwGCSeCAcWHpC|&^R(td!)`2M-9moFIRJ)vh_4QZrR#p*(79kFIT^fGT
z3KdLicG3^N^2qRyt!S>KGohsPHV13fI?xPE^9@CP!K#E~Q#t}=7WR9_U^{;Mi?v<t
zI!n;Q=){B@9IH3L6dX(0^>7s2SD!yFJp!NXLT2qREg}%r`{_*b;*Bmi2*!{{#G&00
zPV|=U<Blo_LF(&QG5!0E@Gd#3Kx7hMoJ2FRUiu)1wg2=bx`~)~9~GyrHh$FE$-HQq
zhl0BFD#qz~HcX%4)eO+hCcp2Nzc<e_6Z0F-Ml<)D<WWx8Y&CEBem)AA05x}(jX&di
zxeHn$f>_>DdB|W4Xz~#I%)I9=p4{)#fYtSxP0=?(rgv<fJZ1n!GeG?2tm|P;ei<@6
zCcP(<XWR7-#pK#Q!v0;tLe~~099NrX4vgGco>d$5X*1+IZLxiO{>qIv(?Zv76pV4_
z<ilT4MexQxzqHx}{n*myK-!|C+LL+@ZZqKUa;BtZ>a=P4w1U)}vsB*?tx;Hj@ryh3
zg?*N^2#GzXqP|d$6C?Y^qvX|v*p4#aU4X<HG|Nsh8G|w72gBYXBHM71>v#jQX*_!U
zBpY<bG(IYYI1G97Zm-f0mu3)~re3ib`h8GfSh6(QZl>DRKImC{PyLwq`dJM&D>99r
z_`1Kirwv1+MqJMdWKd3z<l$V&F~cxL_WaE~m(3uV)5nf!MjSneWx553&uZV-o~Sg9
zl=$OcY0=hrg*|DI%`IBR%{C0lgq4L)O<-@4NpM(l5KDC{mM6_yyDtd%n^^CFZMY*A
zAKltZJop#4eor@Os=?hEq~V;?O8v{bQi{p-#D{p(mRMwk<9h;+WyPLzv4q_$VHmLg
zmSWxM-$^v>!6jnNR>|soFT}LT*X8@mo{;6%cqO#QvS{WI8jq<aTVf79G+FKddX@JO
zDS7ebwJkN30;c1hap`CWG}eI<+!FkSuKec}OGySjuW9ieSW0dE+H3sF$KOq8LPFxh
zpYiAd!>hUw!!k@k2!q^VY-T&EzhzC_*!m+)5o@lv>lW-+(&e!naOe+NJke(H{j<$J
zNCz!i$T||-qRoD64~7yV%qe0yVAI3!NT`{nn^Pi4&X^=0N(uW^^2ORIvxI&)JpaZS
zD5>vFKny<~1ZaH<pVvf_Y%>#zB9FUW&#CYIQIuB2-KUeYL6{QCV&<BAg8U;1yNzS~
z?ON5j)X!N|)OqV!cD*!mcgQm@H7$ZiEbY?2R4E!K3y;>-$VS?^pDgVYZt-UJ7HDqE
z{EU%=QE_qDiD=~@n_9AG9hZ)AAZHD!+maffAnW88DvS9(W#d6r4ii6>tWBHb-Qf&2
zNPt?}uU>v%J5(jvWR1`=zl}+%ev3thGZVi0qpKm7d3FjF2gB&-M>?4Uqoia5^`!a&
zs=idFkuUTziv~&J@<C+BF>z?e;a{zmcIPoiBufFLsauQPED{G=Fc($2dS+IM46SH!
zz|I<Odl_$m@Deuuq6ZR2Fq2jmrcu^7=15#A@|aGU1C4SuTA}i%J&!NSFyb6Lh{s|C
zE%-)}3`{3x3D_~95AhU0qH2~}1de$Fb{3F90m$QvbbhG|ws21V-nEz`WN(cNnB1D$
zVxN=6rOg69nt+7ku^j&h7q~z!KIu<=B2Q#&6Y+LX_v|2^Q=d1n8^{r=*$C|*3;xO)
zjB#{^*guIVh{lBtSisKMb_v1|lh#2<r9QNEsiso<l|CP~R97>C^+NbfwRT?zCjg~U
zs&3~fP(-Ic=NF>Gc**MLF=Z5HDU@akRaN?zPxy-g)CA|r7RbY6*u*4KK0i|-rikXU
zrqURw`Yd0~)2aE*2;cAbf7La`q;J3U<72ug>s4+eE>z|TF^k3vCHL)=j5d@tuI-)u
z+6iT-)jUe0oTI0m`$N8@MM3@VPvcjs1P#9fpA<?r#^DG@U7r3F7r%o52B}5W_^MR9
zUBLby<YpIjQ~Qa}KS=ggDKGr>^QN2lhq>DLO^m(cfim9xTUUq#Rc2(b#r!5f?@G-)
z*XqYuxjWoCr{{kfJad0^WH{sC!2nlHor%%;3gHUF;A97*;OQ0wTE1EY6M3W%Muo)J
z1_ToWq)JUhoexgR!9^gx;p&#3sSnYh#c1M{2s~s`b#s&rvSH3Pib5@kO3k;_T3xa5
z39K(|?&w;K35?i|T06F-_e7vcpi{HUKDy`-(SJp%NNq_4OfWh(UrAB-LuB=9UKnX7
zdnjG2QbX+8bSqUdmAly07)6R#ZA+iB^lho*p(m-4ns!(GOsXC!dNtf1m7I>zo(*E+
zbrP*CPR9c)Q|0eZ%=31uzLuZs3Ravl;w)?Kh4Qwro48pBq7gCR%xhQ<I7MO%JpKV~
zr<Uq^vsgi0rwpIC#tj`DJ~peGrNAi~D-<|A_crU-_}$PHzGWkxrh~iL2<z6O-v)3s
z+l|{efe!J#{Tnl;r;W$;2o|<&*Gsy`dz%Mb$dv0;uGh-{ttZ>P+wK(lkGOXIp2b2W
zUJHen@Xz$@1@eJ`T{7HHH2J{qKQS3JHm@C=@%mpF{(BSSt*9D+@}C!vnpF&&6F>dB
zkr94|rTBI$=nn6%Z2bg<X)O753M~t)&)1B7U+>k*G4ywGGsye#7|)jWsQHI?9Yx-4
ziYx!tTVuZCweE4~J)df=SF%pTDL{*_c0aVMhhcN!C*tX>vo{*2o~BlED%Y<+QUm{z
zj|U~B{sCBjCOzU=FL1-tsv_sD2mm!H)qhG(Px@lI4sYJ!8HBk>o~pO$TD~iv@AzCO
z@x42elumEgbM9AUzE<4Vs?U8``P+QSm+}W3QMx5pW2n&ne;Og<m$slL+nmbBq*&?Q
z<$<U2&zs0*wy%VB{QdQr$Y8D^xo}oSWt50VqvhTS!?z<)<PqZVx>>bl-6>(OR6z2|
zplvGPx~}WThwS;EiWMrk8>T&kSmj+mad_2fzirJu;%^$IWeUC5e!(|+(nE|88nzP8
z$#T)Ps#X`bK}m5j@i~&L%E7M^iLC0|RfqE(ODWF@&<?#2K~G})chza!?~L?k)9Ln6
z5;8hqi|O-k!;D8^GN)-ft$|4|S@|bT-=@Q>ekM*cmy>9)3zfdZBZ<^nIZdIOLcC9*
z_}VoH>2@p&RGo$BFy~dbaKeXz0#cXUOmMoT6)DtY7Jbys>F1T{J1+_A57PyGYX-z~
zwiD&kJ(upuApI$H`o85G&)dXFUe77TyurcIROG0hJzc;l;!8O-M1*CI6ZWQHiMt%e
z_rVWHve3|sTx@skjQ9UcWyep;pyuYKwq>g;yyFP5pwaa)YfviX+TfT)gBb!Bt|VqJ
zX<Dp7MM<|i$Lix-po9JLAg9tYRY5O?emkchIVTs9_wD7Pj5}4VyPD{OuZJ*?t>X%P
z{u|jHQbKsZZonNUbBYkTZ@W-|{YI}I^+ou!=W2H3dYCRJRu5{kJw*V4?UMNFXISu(
ziBsX8*GC=Jk)np}t!iyIk3DBQ@bebkoxW}d=r6YJVRm9=D*j+)^iFo$IG<+dL&yX|
zoAbrKB;A19#K;YsZTAd<au%Xqi)Hrv?3L;vkImt}w3;O)?u-V32l^?(m5}_)*anit
z9IIG|-YFggv*$V_=-}d=-6#8{l~;<zU#%+){{_7N1?=j~H|N~*CVjevD#$@DLfVWs
ziblfi*wuKp%81I2NOobiZU`y1<aeUMkJ`haMbu^m_>@{$(pL^nb_&zCu%ajko8Tw@
z&ygTf(8a`-N1?4-_5|k+(K@E`-UqvXltJ3p&(Klh>*)95_o<kh<R0(Ig*`w{iCZ5~
z5uz>QMUO@Ep8Mjy{SK(d*B@9M@XdCr<}3_ii)z|XisiyT#;o`VO9eJ<d>P`J<poi@
z!|cGqKG|#BP=WrPdsw2W@x#8=EK4Cvp|yeNJF@`pkcr35msL{b8)L0afN(A^?dYmA
zbz^a0rQAbd?V_`LmY7QMmqJs4hV3IW(JwVpi)u<IoSozS_~$rTJxY;1xJYzB#47h<
zh57C5iT5cCeMf{Ui8>g{3?Hh7z4l>9FmNfJt4Q5M>ss~OQbakoMex)di*>RY1ap-{
z$@&4ecn>L-u3Y@wK@Gf5{-S@MLCf1QyZVN1Pc!fHUAEy%#ht{t@Y?PKH~%~%I^acA
zL)2mD9;~HUl$)g-oIRldwoIjhv;WczUq(-W56Me+0!6#8!6l??&YzGa)^;12cip|b
z!vuTZd$t$5tK27jj1;^pMt@BEZmh<=n7|gXJRAd1ntr+04w>5~Yl&m~EQz1gt?7>x
z9atY&o^Sv4%R>1RqLlxh%0I1fg1hx<B|44##IF<(12rz&Xsz4(1=^F;RQzE(FV%df
zs_w_Ro;Z36Hf;~8Z%OCxI|UV5Md<5C!zD;DlZ41%{&4nymqe!$_`bp3xvgyb3mfsa
z^~3_rW%Gf~IOKmsICGwyOZ5$GCiG(*%jRPDG$39Dz!5>V{m6Q(QzyO1Y0GGMcs}Nq
z5V<-@{pfplTiYaFmt^z>L27e9*$UnXI)hAg_l6&f86~xA=3=i?fFJo-b2Zua2hTi(
zoBN3FP#U7}CMv(_B;}LeG(;^|<n$f^$>{E;-h0b5M1PCC_TFfSWG{KtPx2KwONKAe
zI9C!`0%o{YF2G->5bay~TB)YQ9a~Inkn`v}mcm;f=?EB`m)=K?6J<L9VlQ2Q%lr&f
zOg((mkPCE8|G+&XA;~5RG&>2fs&tBWRAkC?`#<Ab5)~VF#(r7NO5?Z*&XRxv<574b
zShZK2>hLzD8ABW{a0;|jw9!g9l?#~A=J6dGMM$3!l^639mNAc-$?1sl;bN9C_Zr4q
zm4e0`00cUg^EhNJ%;X)+eS`HCEBSB+E7-g()D=BK@M$g7B`wrmPz&-yYPE)tP_4D%
z+}M{I+MuTtEE_rQ^|Usr=%OpePj=Ow7+w9GlfXj{P|_(OncfL^Gz#{Ea<J*SO2IDY
z+2nT{DeE~!W85H!v~f`UmnXVlXJJ0k!1onlt_7aHd;E<Vx#(_buM1h^+9br<ww>s*
z53a_}eElyTh->>i8>T{44O79cr-1ThXVRv|6I3pWOESrYugi|1lb_=vMPBwpRtARw
z+&?c4iN6Uy1tn8=tIy{&_uYA{v}0(41;|?j`cycFJ`?n&{ahd6Ngc9vK%T#I*q8fv
zcZyuIa$S0af*g^+B==9^6#04?r>U8(PR}Zklv+sKuSEEfO*`f(OpSXj&q-DJK}FTt
zp%imEII-?s9~&*rFmLBH&W2{rK^r~VZI>~#e+0S@J!j}r{yiV&kp~%_LOxs<FJ`xC
z=6xPqBQK_9y?iQdZ_7te4GDlHT*BcMQTklCZ85mu&I`es1ld-Ky`3JL^<J59ltQ41
zHY9tC1o@JLhwGV|D*(Ml?l~Uxo&<S0BZJ?g9gX!)B&UL2)x^{g_pHzzLVk90E={=h
z!?z*9g5<}a-ND*(Y3-FC8_L@?uY@Dg%hYNV)Fk@{U$R8b#HIS#L?&qs6LBh)m0YHH
zvGdp^Q3v<g*tn}qr8P2>2sqwwtC7xe6QVsS#63)1d@p$}oT~|Mve5D9d_!N;&zeQ1
z{65m1Og-lUzVl(Fq)!D?<^p_qvGmb6Qw-s34^RsftwftAMKR5gxN^+|5NFD(1OsUo
zzO3-!1e}e#IX`oIQfJHaFsC{;%2IA|n7h&FAIU2}4ckn2VxAZPj#9YMEjln|-A&~2
z<lcw>;Vk)9=GXb2>a0PeG8@frIc&NORirWtt@=Pz`)`==yetE|PU+5XKym*y3y8L;
z|JeZf+>Lq>5;tp(gkD2LuN+Q$q|<4yEEqNWwT{t5Q42zeFv+6!*M#by)fx+glCKjx
z;80fB*ca6$i9WkDX@*Fv6Pv|zw`+4YPI%1=m~t#BePHQ#Xx>I6_bXW-!rZIK(39(Y
z4Sx+V(dq0*zXljU>eg5TFcJ!eo+JJ8EdSaqMb*)AzUNo&PWdtuCy$Rm63#jj3Jl#z
zb_7X<m<OMMM$U3}R@RW4JLK>+rO_DqbqIePxV-(*Iatk|Zr~f{D&;dt>TPZ3+x!qd
z)#8d+uk))urXewj@P;~@%u^DMpc7}39hX1~&O`tpA^`Z)fF(Tp1r#m-m}41?>kH=y
zFH|eaPs%}%KNrauXSk7rkG~;%frM_Dk{vzZ_U_AtY|DwR=HMEWN~wgqs+uLBAFbjR
zOs0dDjj-oR>4pEMgMPCj2ix;7{`4A6c}{u~Pj9F;c%t4U(#))}4umFMtfYg!wiK<=
z?pIk^G<0-9sW(}w#_(H$jj&#N*zsF5y5&rcSsF^m=rv_-W}wD~J9)STS6U!0d28-~
z?E;A&&N8QQRI<jD7p6ZYWB<Mjd+#GnA2Igt8)2o$vIeyqVOa)9II&?i&!BFsYJrN4
zu;%btgYE>7YkaZ6I!XXPPB~eAqeTg*F{{xI>w!$hLh}7kULGh{z#AB8d#4W&2lAiG
zj2w;nQg#p&8nX@=k*VR2mJTxE(zoCE%nw@7#qV_i^6$2y&9qrXO<6-)azYbq>U7eD
zO{w+dmW_WT+2;aU@|VWa)mMD5T7J#r+W*EMio;7;whCSLYD7=>#bUYJ^0;2(ZvW*_
zO?cK}qId-xYi?<*1Bdr7(dWO?Oqh#_Gw5>csMia)lXB50_~LxN-wUs9Z_1|7=$%bO
zKT&w-;KB)M(<jZ5l1-u%ka_!LkFh!>!*ZmcO(q?mOf}pUzmo?6t;OyXtx|ExC1t}z
z@a##cr6DH@Z7kAnOfqjTyh*i!h*qQ_+X-#@Rn=V4qiZ^xR9qp=e?L@LRipR=ko_MR
zsys>i(_yil18M&sLBCY@E{shV(vTPvHccHBf8@vKD-F%-ZcxI1akHrl^N2M5S>gBB
zI9JYMRufqxK|NcUHu^Z`s%oJp?2mWU+{-DWw+<}<Y=wy)Y;!XLP0R?*#iV`n3B`_d
zDptBG3ujVZRiq-%CGua6Kbw8OZ7(5HRWXf>zW6s+5CDRIeYj{!PZ4KWu(gGm^+hF{
z0~`3$;({onS-H4A!kzRvpPg5}e!MuZY{i@K*EV;rch&~+e~hs%^_~EJYwvVTmP#(A
z`LwRCnYFIYNptz_;gd@$(LZt6Lia(Czjtcm{9NjxnY3>(fNgT4SZEW;tbf$NCg6Sk
zdGS{ZY#r@*zJYzT8H9kThN@3m+6Ni*Xk<o_n)jY(JK))T<wl{tAKG*52S_XSEhbtx
zNYqLz1s<#R15Ixrk=J$%{qp*ZmCh^%WeTyAb>gO{-by2!J^u;+jSogRXMV8w>K(x1
zy%XufF+51{9jt#Jya;YZCwt)zdhS(vkNM@}hG0DzY#<$E60AQLslw0?AS;{`-fVcI
zN*~KqP#|r)5~(#zevgg)0fp2{E0zrF-}p`N3Nh|I^G7N_N;VW>Acwu>Q|~t7(E11L
z0J9)n-SK1p4Yps<q)#Cai5tHn+Awl>5}iB?E`pb)!ZGw+Fv&eIjjZE;_-{(?+y!5g
zBne*dzq#I!w_>aonzN8Te7JY|wU>f6!$-0;Yj#1_zYq$Duhtj5z~VV(*QxnKez%U{
zoLcXVx!EbAPfeWeq(Z8v-XAIg;tK^V^Ig`(=<^$C$LbFx;L!oY7h}Hc;YOp={6^cu
zWv2==XAJWQMXq^|L%h4~YP0W7jW|a1>8P9hZa}Jf*?ZHtf3;7aFP}*M!S3tAWS<z|
zO{~r1%^FbnhS`$zm|?fyAO@g}a5@EB0ZjHWYje*>R0e3vFmkBdym>&0-$Aa)^zAYa
zzxx$R#YG>*L((vxJAm(nQWAYOaB86mPAFa2$O70rVfj?6xQt=nqd<63h*CYO?S5-U
za*;zZ>M7-QzSKVwe~dI=lgo&fxY$??D~H@Ghj<i<=PfUNT{S&W&rBjc{|Q=572@_S
z4ab&6!((e+C^=jkd@A&b><WXk=S`V*qC1aRaWu0yjgS#T-VVnm{wBBkE7Wk%B6hGG
zC8bsLL<nW>Lpb&w%G})+``e=$s%;%rKV!I$gyUQo)scC4hh(I{2Az}vbCfbqR51&K
z3b3i@EMNQ}SKKLfBr1ysdM-0}h~~bQ*h@`YGYL(j>R+Zhd+EuPr%RT1V$*KDhWfLc
zSg<b$=Z|vwY4W#T3+>ZsWnT^e8U{eutilfL7Vd9A;@xh8P!rJ8KpSuYNLV=a^=xH=
zR5F84o*Qa3%1ISy$qNltblML*|JomK;wSTkJ7?qbWNx5}%wWnC(_~=zCWv#uJB)b%
znJB__-$;ErXs_%V$`Qxc2cZPCV1cC&a}3I=6)%oBAe7XSn9*^VlRa?MnSXX)xQIm_
zoDk3B;3)yGQWp?yj*xm|&`nPA+HAR(<34oF4D5*!OLju=z%GS(hU(Wx59-C;d{Ij2
z%AQ_zdu#o&?WZM2t}e4V2^C+uh#EB7erc5<Z<5`l8ZN_>EO$yGQUx5VQlYw1h4T!$
z@<HRbbHbA8LE8xHF}R{Fy;@#Wh11fTFRbZIO^%Md&^1^cp|3wcyp-+N`RqxF{7HP!
zPD$*Rgq=yK%c%a;9{xUb{Re0t#)j_Ei4LkD61-!}fx;I9{H2`t15u?^vRqY95k22}
zNF}s|qWPenl30#$Ta!H%ThwapIe|ShAiv`FPCaLi!WZkaGshp-{~CWed1fcj`0-|S
zcFGhZM-{J4LU*yDV~<9>Sr-%5XD|D#sbi1Oil#ZAe4QMqSTS->+}>mlXLvy@c^hHm
z=1UJ(xUxH%=iBTM=EsE1$(~-T#*)>^z^>%gN6%PluY}z$6-%bV-`WtOqAURdgc+jT
zA#C2*-7Yp8CX-d|!xy3SN$B+g5A=B$`!0SrdK;qMU(<kC<CF=b4Lvnf>-&}bvbmLs
z47i{&5*mu5{2fc#{k2L{G{Da^XhO^_2b&8VPYD)^->A_3<7zUmy=>@LD{O;R6c`|@
zkN!12kv*O$Nr_6oe;;4$>X^I#W4O1SBhhWDy|-O>hec$!L_q*s{DpkM*|DLCwn`6M
zp0Xo<-wYGi5i<5IOZZa^<{DHfzGL4@^!}3gRy~S$HrnUbtKTKOL#<LjrmH^buXU?(
zf!`<7^`~_A22Xc>a({lK6A2|U+?-wlUuGIi!CY9}NP}6XVBD>P+Px^3EzHdy%z9@{
z(dSEHbb`l3PhA++j@wDq=50k$xF<fTfQ6jC+TTAh9R(7>L5_E9H@H-#4)a-D>~|Zq
zdmU7Pa{Q>5DPW;hDc4hh3jA;iq!1xerb)0!Z&<9Np^sEoQPKiGP>H@!buapAsbW`3
zPYpt(k^$&6SWQZDd+iOI6^4sj(RS3UwcLvPyV1iDgtcuw<&1{)zwPud<9PHh=cur(
zSq#v6(oj-LFl+h_iECZEt;s{af9k!!bogz<67oum<)cKwUAub`mo;q1jmx}!tX*?1
zh7g~-7i{U%>NSD(6-W4|yv-Thx7pBdMBd+Zk5I!;H6sO{o4gJju}w~?3R%C543)9<
zc9P$LzJVLcX|UoOhFF-6mb4qz&yf5Ig}w2yzrMtNXPEq+xsf9;t!)S2(szz3A=#g5
zCZv?M`CLoka`!FPq;NUw8@MlDo`xfv=`%4)1NFDw5oKmE4zC0A{(@1&VR5_Au13@E
zxakKHvb8v-qASgUcA=uqpIhW<?6c&RL$^8fv*fwCGPA?BlB#JDeCcPIKuY8w#ZAk?
zJKTOfHMFy>?bT+I#gWe>IJ)jkl#iA<;pA$7(6Y#LMBrGwf>jW5;n7he56yzq*`$4`
zFg@wdvi#i>)@)I2_OJ~vuHhY1>rS~lyI;Eh#58vGKQ<xs#^<3GSXSsB5=;5opllM0
ztuPH;S3lb?;Z;`8M-<v(s4)65kb5y)qq+JcEmG-7n>8;-{FIt<c9^qg*etHpCvr$~
zxUzGYkzALjX3CPC<{kFx+WWPa`-{M?MYF&Spiz~-k2|SIos;*cIWfq!+~sudjW6{g
zNd-qmqWxWsCoW#sbh64bg?cV!#h?<UxYG8^2|a_7obKbJ&*#D^j*wypKbAp%{USxP
z3cawO35ZAMWmxmbbAd8*)@Cs0v(KCF#nuG4j*hY2MTwAPkCkr+P`6_D-9$GJiEl}w
zI-2p^s}4a^<v7Hzt_3WMo{i{g%XAqYec{sq*$y;GpZ?-l_0aQ)KIq9#s(QQqY*=ZK
zIP;51(H|xOG(bIqkHeQ{k-wFru3a=Dt__Y5qcrq@d-u2F4?+1lzEFCb+ywM*!Q_AE
zt$yhm76zBHUW#GDevnXpErv-tPBxd>haobaE0VzjTSU0WieZ*pV#ZHyM36;KQsL%|
zk_d<hHz&fTl^Fp)_<W2esBSW3g8W5f?#Uz1S@(Dm8@fyQ|38k7G9Zp-hjWJ%Io#b{
z4|li2p-`l_6nB>cin~+X-QC@x#VHh*;!?CgAK&|von&NZcQdn@NhU#XzA3yT8G<+i
zJ}W6q>Gu|uY#fo<r{6&1S-uENJ;?t42S#v~bWv}rfs;XPY3m#A@?KURY|ca&`@77W
z`brz$v%Uc$7|c#USgmqC<u0SImrTok=!1Ic4<?z`jUG5UshQ;AF51cCkPJQ5^&r7}
zV8M(o!=>c<vYO<YPLrOIOp7J^zw(-p4;=k?t_$Y+ePdRBFQ>qM+G0}&Y(eU76N5id
z^kvm>ob)vgSvp1|PSKqU60^kqFh|3Hkp~-ZiA~lxt!;P6Zg;rNP2q<}>4qoaZV7ui
zL)AUSWvVY8uMc%-0<3eWx?WI-CZy)AZ+K#S#Z)N*^#;-gJZUl7NjtsU?z6BqAAC0w
zxEykMu%J#|G{iSe%>pvehfa@Q?h#UzKAS`6|DqvEtZ2q4Cke$oYb6|nSM`OkG|ZNT
zz5}cOQda+^FhaGssh$)PqIS!~kW-|S1BOH_e@5F;WqHl|W2xj2ECvPJXUJp-DM^Fq
z5eX@OPg#L1XXtP^K0}j3V&?zkx&mg7zGChbQ&3Cyj2RBny8=a#j2SIYyJo3*^5m{K
z3nRx62)_?IPSfw_sR@^R*<)fb8BK&njb)P5=!-vk1Ou4J9B)Y46SfT*LZaw15<vLa
zvMe|fBOsN@IGO1@Oo<UO#EJml8i|pgp^NeNA48)8KWMa_H6Y<$dg4FQ$$1rAl45BI
z^N*8i<zW6E35_~JCX^UK$H%f|qk2?jJPW(5{VKleE+I>C9W4X3iUxeF+PVSI+$%zP
zle|i>6gI|UXnw)O%YUZ!^4uizE~Ni~I>|5bCR69K@)kP+b%_SD-AC_iVdyCz_hukp
zMrHkyRoPkS`=~sgmb!{kYspj~$%OGMb_R~`GPP5v4?o31qV|KQJ%q>#_C4;cu_kb`
zOTWLG7RspvP_&?n-ojk>lX7Yhw4GuRe@eUBCJtE_Kn4F{HJxjNYWOz>#iA8E;z2$$
zQaUgOhg-p}i%PVb!m=~Ob|Ny^H3j7=0ZG%bQx;jaFEj?V(=rng{kmhW-nc@d2dWI3
zf~uwf_~}@SulnNW2T<E7;FFp;?9-eTEMlDn=hS)FMVmdu(F(R=3V53aS`2Iq`a1<|
z(;rPk*V2<<=n2Vxwt^qh!Nk_Zv_JUF%d$%U`Ve9Sx$(UHx7&$6DbzsJT0`-|u>DJv
z;@fqI(L52;KwF)2yBsqBLl=|bJ6u_zB_+FcEUuV^OLcgCDl{P#+W!TQz*F&M!Irtx
zg+@o}E)`nI9BcZ=$i$|UNwZOrT84c%t6Nk@>Sro+x%#6?kskUKts@n!+qY${YxVUJ
zTY{dX_n15quS_~a>#5KsB=yUt2BOI+#RCy*CR_d$H`!Z<>Tok=pqxHyk%l|)qljn8
zB(ii#88a|GRx!AN=vOkj|6EZ))H3TfZ50lviqZv_(l51KD=<%wb>*RWf0MO&1Kp_N
zkZI7MTElR_KA#Xdb|;_IaWx-r0;#i_s@XsW0%{EYR0YV^BQ-nLo#La#zX{RE&;B=@
z?RPBpQN_!VH`9z}yW3(?P}bMsit{;u*L2Tz6p^?{CFxGZJ0@`y(BS-R$Gfv=E2_$_
z18O8h`aHwTYIRsEc{t6Jh1V1gu|}ul_zqVzneuqXXm#Ar3l+6{L}O*Ovi`j?GrzTh
z8DKDkJCjL({*#tIvpO5a!?mPg*{*@;%}A=fD?DE~`uo-F$3X)-;N&*~^o12{x?0+}
zU8r;-rbT`^fmd{qS9_Y16|3C!y`bcsJIP3lI}~^dV0hHwo9CWH)y|YGPekwjDCgA>
zx9v57Wz2exzPjRS@wQ`<zs4HCuIiG+-+Y>8Y|hx7J!Usf|C3JRX@6wmQ|P~Li`O`a
zxk$m4Pe3PI9?quU-y6|Sx}G8hvp!N61SKynpQBSgK{{7>+Yi4mmyn$THxb^6NC$!F
zB{ru(O*F;uq&KfVw{yKfE4NsVls~O^(3#VYq-B20Gvf9nwzgo13;aMT*+Cejv{)+B
z#e?}kgWMASOzy78-eed_@&{7LIu-G1PjJ0Ed}c7^H<|<Jpb>=01NEw72wrNJ4;$qR
zP5UaltjYLlEHsfAxIX!6BtUM(5k6+P>A1=6Q^Py-D9hh-Pukll)|hzpS2o0K(J^hQ
zXE|!cNgpX&0Pn!OO@Qru&e_)L52-Vam0W^14ZTk;i{NmyeJr;<rV<viN5k?9-o9dw
zRp<}qA*8>a2zNpuKSYPZpSRxK+l`@t%{;8b(f{^RzYL0xTCGCveI=(K5ZqP6(Yt!-
z?M*W+2>H72;0p#Z5bpk>5#PUwKRzK#Hhd%GYX>JkVVJK@&lweR29y(?BObUUh~Ct?
zV{8AEE^mxfqk<)&(Bz9(Sabjt%+O(z2D--|KjxzSZJ}`g`RUg+h!1Pjo(hb2(Gsxs
zIqt?k(y(|R?{{c^Lbm6D71>YCL!l{eTdw(M?&WNmTsU8Ttbk2vh-5CDCm)u>7piuG
zjI1l1uN%sMP38G0vMVR1PG5aCp3~!!iObJr-oCxLHTf$dZOFK{*%3mCR~ntPimXGK
ztJHmVSpg|}Lp~E)76bds6fLLz7jnFt%GTYPf7RjnLA}4GUl}r=rm{=}7I$Z$Vc8wz
z?&jP(^OhHKBJ0Xt<9fAS4}nkWpM#&b0<_9{{)Jv=k;O!)S*S|pi7!O^T#I|D`@;!w
zurnDKW90uq=kYITnT9<c;~x15r}$5N!I{f2v<{y2ZAm<rGp^zTN;8QjDT%c}sUXd~
zi!yJb8TUK!fN;o00i_viJrRtD{6#N+MB*=%JgZxrH$FSulH{FzP!jGqMxqBmqsU4O
zb48X6xHvu5iy?xU{^tqlddkYTw#Dej5%Dm4-uZMimffH({#A`@|2xd9P4(}7(G<5C
z{M&9(db~#$e79+pl8yLrmVqC&IY-?A&sv~pgKOSJ_9<FC0N|tIDPGYJR8B`=LTKei
z`VLcT4VT?>t&<;hWdVYvjaw0<vKv9{y)4CdEYVe-*UUIQ-{oD3C@f{JugNwNW$uB<
zvhyTVAQ)A3R)_WbIQT@R=BDRcVZf){!dlM6HXc5~p!T4`rmcB0_U~?%A?wkp$-Wyp
z8-A!)&h3KT=$b==VEs~rO)1LR|DteX9aPd_1DiHVhPoYFqYeXEzRF_#hsV2u(CoqQ
zQPa|JS`)iz^5sm{&aAJA&m-IVOm%s+-8QK4YjO^&0vn3g+~(@Y@@Q$)Xs+3f$k&x(
zxx&NzAij&y53PKB-`7_QmPhIIiL>p$oPocuDpWV<u9=??DD+Y*+ylx_9nR91M+0by
ze5;s~iHuwms@I0sn^fRg7HVmW(!T*1+`Vd48g)qRj=HT%bam&6u~8WU|7P=w`LWo(
zo&W2QU}yXQA$v0Ta3Xf!_GeKuFdFG)Y^xA9@5$hqV`}S1#M)b$sNaR-?;);23}&Qq
zhF`zhV>aydPaS7`_vI$qu!$@q9o1G|>^Kv+3;<!RUp0?bUS~9q4w1hRTbemIP!>B<
zVxCe4{~)f>g_$G`OmF;`h^`Vyv-p&_{kh~MQjYKCFZIqqJOb})BD&bCwB9R7qUT{e
zJk9`!-iEz+Cdb$OFZ1ec4q@qSH5}_Fpr;jUF@KEDul?KAtVhVl#|HGVR?vNe^6xP|
znper=J5<WRr7=Dn-=hZf2k)vF=8w{#*Y7^Gw?goK5n?;K&BJFDIBOD4XwS>HVaMuQ
zQM$dQ^&jtHw(_KFWQ73edNsede0ni^?hKxY096NQ5boTsc6y$ebZ3~Jaj*9^egV<2
zop5KVxi`Lr0jm;^4#<7<Cx1Q+<_SHDsMmR58lC-TG`5#p{#ghZ<~cdl7l+b|)e@y&
z4D(ky*!_>{;P^L^)AeuAB_V<3Jt3ft5Rgr0tpC}CekU?`>1WiE&A=ReLSWEqTK?4&
z+n`k!IBfqDwBY@6&;?NPjASPD#0uD=-6dgWPjx(R!b?Ymoc<f~^q;(>OIe@s^hd}E
z|5U}&Wjf>m!uA9;@0WP@aG6$rJ`jJdK}t!0ai13R!|nRQzayt3BpSay>J=5aFRr2^
zASnKNK`xrB<^dwR!1Du$8~-s6azrQ(o&%HP2GXWHrruI+!zJ{t4~}&j1E&ILtpk*d
zA7XyvtZAy-!O&8Qld>@&Tu>hSg2Naa%Sx*oAQ|-$9DW!B4bzemUC$p~rf53cWNYn%
zvKYr1eSvciSFBUyv^nyKz7G0)t4ig4>G`Ba?<?%qd+n`G^4JEeO#JDTh*utVRRRPY
zuBhxr=kJ1ScV1{_t%jF;H!eKakM|f*WG#f0b3^|4N$gJVu0V`7*2j^p&#0<TRRG5q
z;6i-&GP=H9aNog1q|Dp9fJqfNrD&hnXF=P#vGtit=g~F!`;9-J+RIF|(YhrnoZ}-u
zHy>@KCqLI{38e&oQtb5AXPA&5>x7vCvZb5y)J?PFDTH6l1GrCympQoz9kMkinz5}#
zeX;Ed^CSe5w>Vl?Y3&DR0kJ=!G673^=lea-T;Gv^VXD5;>iT6-$u<Aar>2R<x;n>Q
zc~|D-17p^&pT$C#Z2Pcw1F0Vg42z$!?Cc8Qp;zz-<e}NLmZq2R(2MH%?GxfAr!Ck)
zRUK=mhnmQy?MrCT*89RBU1??zy$_W3%2unce`sY`q;W@4a3x_npY~V3PF;WJh|8Eu
zp4j%ntNIVOPx(2e<hj)6F|*V>Q=2&wI(rco4`H3`1nM`6<|nB$uWC-zJTh8gQ6>*z
zs+T1z*J>d$#Mh-s*BT+Rr`ILjrg!}M0&c5W4A%{9=`n81QcR3b_+)XPW-HeUmqdf7
z_w>3bui;c(I2JQew!FvAVYW)EH;~dpoF~u>dEcC9$BRg!3;b}WTS1deOkpF{lcE-@
zlGt6V!703}>l#MSuHj;(e(m|edqQNlnrBeVW`ml|EoO%N0&5EG_Uo32tk++Hhp%0v
z)NTT!BD)=9fTnooc&`V}LH04g#}e;<YC_SD1Ze2#TL3gw(Oh~k7URT(Sir1c9hiQ0
z58)MjRD9+vnYot($~4XKbIF-M10T^`gH5lTXD71upxR>s^z?C{I5K+c<bN0f`s@Pw
zmlN*+2FkYja+2Zb0g3crddED9MZp1qM8Z*pbP!baosz7ENte5w^WqXxe~xgpzYdff
z1%`O+{YwB{K81i1lX48NU2}1BQUnwj+>=~?oY53aD9lDqbEqQa(Vz)W2<W>c)j!f4
z?H?-)CMM@32dZL|eWS7FJ^Z)jd=s|6kE*6R`zVku$t_Uf9tGLMIVxUYl#I}Pe}tzg
zlu>Y|R}{w^&XM^~#=&LHoMh%QK)Nbc^V&cDoYlHHC*!1M(yVTp3CGf|m*Ns(kJ7(4
z#a(GP&uK2%yKI*>jB}2Rc{Yr7CXD~qG~R+sUXn_>drDrGNj!xj+NVg>4m-tAg@~q`
z%+vI_*=sT_Z&@?7)6ne8M&VoaZ&rWnBP!+xUTu9qpNzd09}xr6zWpa4o^0&}=l!Fp
z{+FEpCPZfaj9+kJjId+{=XA?H_|yk@8ls1JDx&X4JHT4)u~4j?i9lQIyZSK=$^BIZ
z6j6)TWQo)N{2>a5C3U&sKNa+}h)RZk7P-c%e^&i1k65wOE6+}4u!D4Wxcr1^u@$i_
zx|@i}vE{Ix(>F@++?CfblNI1#78ByMijcqKjaZ_Eeo_wX=eGhx&tfvE=D}#~5rj%l
z|IGpR-*H2$s<}{FvtVfQbRn8cnCk&>LGQlGgP;Nej<~<462$Ugz;oDtnh@k<KD<wE
zry_iinxn~nr(6^)dp82T?W{>;)*Y6DKl+jk#B~rp)dG9Js0L>&+}P{y&vSQQ4N(5d
zxhYp*$DF#NEJA_(M^?a@S?t9VP*AKDaB2?Q{u~tC{KN%$?uN5C?!QXsLs$GKoqr`D
zS>TF*|5t`I4bUAJ2RR~<_?7^O5t5TP&FqNme|3eP9*uACc(L(977-CA{}ep?WLvKB
zSUcrH{t3sY;`TFPv$dO9_~z075q8`ldRl@5naEH%4VHGWt1K^x8AXbheu!q>F=UJu
z={$I3_5|Y-1NsnMh9Y=5yz?)qC^=E*K$f}m?;kRJm;oQ4f7CJjr(OKmDOhQ`0u@S)
zUyW@>l8C$7ljx+*N#_?eT2lN&Msg%tQV}7aO;d+apum~Y#yN5RrLa9}pUU)6hK;t0
z9b3l;M?*v0g;pa=MlqzPBZZ_(9_*8-q;M}Yxc6T5<Gc1^I9qALHyz+;ysM!RY4)d0
zapJ2I)HJ;~MY*FqzsU0gV`c-z5z-8{BO5I<J64)8l{G3}dx`X8M0kC*5lyFbarGd!
z$<dzsKK9OhNq3lx7EhSPO5s0Nmf!g8^}@Z<<K4qyC2oQRUV`{(sTEvEM}>?mmqP9J
zZYuQ6YF1hIRQPE#zoFzmI_eFT>2p+%1~r62A+({WQv+HZ-@GSq(uh5(>RBczSZ23{
z?2#?tr6*mpJpz$T9g&EWzZwgSyLMp`t)44w4B{Njw<n)bD(@(<3~G5#{KKR>%rj0#
zYqmr~BQB4({PtOT&l1zY0<&4Jq60p?1+_aNw$*KUMh(p!f4u3Dq%4^In2U1DBINZJ
z(ZSD(G)d%qxKOyzu4A4*IgKH92kiy}<zX+me9A&{YU-U&MsS{)p}y%I^Z#7KoDNX%
zpP6-ma&?DX$uq^KwrLTWBo(fRS5v%$t#&u{Wjx7w2c~ptCx)<wy|VIsqqs1i=)two
z*}1hK#ZUMs`4K$HA~zh#l*73FV=F+FI#)!FT|v`r_W~FnO9pF2Ls;Q1RWHA9%s~oG
zF1@ps3_&RTfCC44#DuJZe9!>|=9|d$zTYm&b`vpF%>k1{#3ggW+=edsmLpkIRn&Td
zA0Xwh&-yeWFuh;>k0ZHep=1BDUE=XKQu@nwHo_}i`b#Y8K4~yv=|2A5PLkLIo$0*_
zpEp<g{$;1aYCy7*r~_7`qsxS2VD$VhUiynG>ONN3ROx=6%SYP4Io81ogAL`}<o5#<
zYhUObe^D9sS!7IL;C0dp{d^*tsI}xx&ij|1Ih}$;`_yPd_waNxi_xp%^o#EQtghUt
zBHuAXJNoa#KtP1j^u7=@(eu6c$~JTc#+)<zMC5F=>z_h=bmbLFd6F}|GbZfcDI=HI
zyO%DEHh$^zS8VA?u%5uzOB6<L#txqjinbIjS7%0jzx4Y5vfw>|eZO!uxDKL1B-q$!
z2Oa=#5A7*X796z;z2f5UB7<@d#VKc<g(ii}5h-p484Jo}PR@+K1LNl($RtjiILb1W
zaR#}hvnD9tZ_R&ueVr8;&+%aNYmkd3A~WZn+!9;2z5c}~zJ8AkKMnr@Fn8f>%E(-!
zb%?8}=kw%ZTH%)mxe)zN`3|)h_8+YOYpA#Ui=L%#E^OoycHlY)Rf)MRwZj%gNz}Ni
z-tR7Geh-#ExyBs+W6!Aate1GkeLqLC3Ru3m?w!ex$~wb-ix}nZGb*>#ST@cCW=;er
z1vBcZB)9%b&z`8k0EmfFSQlx!_Kg(X-E$->IB*j-L2}>PZ8?+E$uVceC{~%--S#wJ
zXnfZjWxR8!cP0C#zeLtDLPB1pexV#Bmut`!NYnklvv2ZrrUrEQ&n+0hTQZjd@;Cm1
zqpgnVeJ-1fw0BNkd3HvGJYW^fQWwDJC~$W$VQ@cf#4`tx#RE3UoDn&0u}q(-YheNc
zq#u7LLSXvjxu2BCEE_w;bYTeN0qO5W5-vFh?)8|0PEnBl{>SZ{l)pK3VeoIcl7+}Y
z0p4diFe|vqH**Cr8t<%K_x3(;{FU2ZGPd>7rj$z+xihmOGFiy`k!PNuCV@$9`(=k5
z$p&vj%Bmfsw0*xogFn^U_sc{nr@aPg1E(b!pH@^R>d41w`;Ijw|7g-Zt#s_K1S)!6
zGN!*=s{yI=TqXjqQk?eQQF1)Ri9S=sw`iEE{lG_zozTGc%ohp1{3G<X%(GjJf)%mw
zOqPam*0nHrW9l{T8cUaj_wUdgcH^-@T$<TUIw&M|M?P2`2zcLVrR3b11N6?d53_j5
zX57apDNExGursG;;=Iq|ehWOwWAGg*$`e$|lh_(mFz%U+iV8avY_!=;05NlC#*PFT
zaQaAz^b8%tnxrC|d@UQxG%M|SNP7y-9Nn;$E2B-4igf~OvH6|~qS8CH*b;<i?#k$$
zm7Xb_rvlDqEuncW4N;L0C@y|0%(1+Yz)Z(J5ZKwW4_P)>SLM#6fgUvTB$vHU5jCMt
zUL&IPIR3e9^*OVqbeI1kGGjU?!b%2QC3}tx^+rYMW4va=EKWarS3jpQvMflp*XQ`F
zf}e8!Gix8jz72uwBjTrF7-OFFZV%qPq7I(m8|pc*q{$sPW)5m_4l}X5u>*VAJ2JZ|
zi77O4EpKAep(yO=+}?4ai>TlCO<N1`xYyPg<|t)1tC3tb0tw}_c@l^nGe^(#0Q?E8
z#@M313iEKTMDjlu;iY<D&qsDi=#ubVsVi8q7x-V(M&xG$6*8WZOfXsqhE^dHIpHJT
z!UsSw(R71fEUC@R%jXFSACvOYA>X2xCz01!tE00+MC{^}zJuJikKE94xlNsX`>Wdr
z^o8jn(G_Ft+TQ=fsZsU3D_w+FT(J{s+Y?z8=f$IA=D|eWLTr#$T_7;9Zx`#4ztP@{
zw(o||oF@9I>ptQ=oYz$A&QT!H;Ek3+yYY+HGdpFng`&mJE4G|+MEaC+dt%xC$N?5m
z#+M;nurpBg_}3aAgT6i=4kQPlo8!d!V!L2ZoW-chqn=}_T$iuLMcbnCCD7eB!&0R4
zoYx?L)Fjq_#rRbyW-di~Br-S(6n89;YdSPyg&L;g*NPlj`({gGmY%p;4ZaTD-7i*D
zn*S7|g%Q|d0j761a^B^kmg$gR%3&1|QqwU0TeW~tLBUQB*PY{++e<CMO;{oERw+?h
znGQ<r&T$gX{37CEe{uKK-&nhJ-$<>vPmng`^6t;IOJREY!p3Rl-oY?ST8Hh-%N^S4
z&cU!pn!qDk`^mwu1$$Y?3MgN2r%Z6BCwH<E<XEn1ZE^ILcXnrue&iz!<iBb}Fzi0X
za#G)or`WcJh9_yq0Eq*7sqz<Zx#1a0rELLO-17{avx0}W6|fAK*~CXrv)V8z&%&B~
zco5O6CMY`pyS{G5f8Pq2Wq14^cux^KoLNQY+wJ}bPW}Uj?|}H6z7X?O3+M6<D_@J7
zP~N}_DNidA%T2q82ZsY(d1%#*xS;P|*mEKs{OME7phvY+=E*Sj(nJwv<t+mg2}##6
zlNF)C2!zm`_y$U56H8CRD%fc}8J1ZB;xpIyh)IU7EP7Uo^1sy?EMZN&{S!xzTZF70
zN*B)nc?C6wV6s7*`lZUnNI!DC2Dp}}c>U@Gu450OAK5je_#Np#`Un*SkW>t8T|g~8
zCBNWTm}YK9cCajPYe-Q?fG!1d#`6d&3RcVI(T%H*YQ6{|dDW{TL`335uKgOBTTvJ1
zCI<^0Iqk*_McxmM!YEv-62Wh8KAqK3N3U?_a&nU?-WstNUA4j~@{4Ubz{MB7n<otc
z-{lrBhMJ5E>6i;1a>dhPq3>}P1SgK}^mwPL;G9!doM}sBMQo}A?3s(5BVUb#u6!Zq
zxE-?;9v4YU)!$!S3Xz-@750ZsTn5$q6(<0*Rjo$Qm-Elvf9{*`*~>EvTn#27$q8o@
zIf>YkKu7wPkQk)w1t5DF=zWU??a5UT>&OkII(B6$p*s(@q%TiI-{f`v_b{?*Tub~y
zq>*Zzd+kEx8X9wznaSpk+vl#xB>-RYx1|31xNFTO!sQlcA_wrdaVJ6V`ZXUc`_^kK
zrQsD~QB|5pu&Hs=FVbuGmi!H?B@*J46+@T~S&jRjNDOALi+Ew+gYWO9o}4E8<lC2j
zvZOdZgPoVgfaizLD>AJ>lwTQx3^BKw7$_*;+2~O^b1cn&UXrLLRv12r1zfo7a;JmV
zf8Tk(mlV)j#%MPl-w!wuGE&s6t9W-|lk*IFcCgY_wAIWIE7xZ;wCpS0K^pP56XrGx
zYTF^TdH(>HlHOZdyNO5ZcCNHVSNb6bmZ8p1rN!zvH_)GzNV}m@k-e%?tETdYrFN>b
zq;{G~Wut<K_yo`Izt@y+;_?e{y3LT(%wBhbai?^U)F(-8%V#1^bD>YF_O3wfr}-74
z;Fq?w4SY8G+>RWIQa?me$Ft8vPm3!hJYRo681p~}x10lONaZs{Jbz}7r04up%fA)!
zOwSw*E2sS?F4=h}6gN!QGoW+!s^Z*RG?JDS#MXgW^(_NZ!Yz7LS+3m+S0@?J-N9?0
zw`6SOw+ZFIYSZV)V3b?s6LE37?g2A##{n07tqgMF?}{C=&5xCdK|dx<|5&HgCEaQ#
zAa?1;i@Fj}SP+c!8q>2q394^1FEQ}2XwZt$Pd*E%S6uezR$o!;fS2bYu>#&>$Za#1
zcFIrSsvAUX{jlz(dY+n#)C^GF4&5bTY0VpmeU`Twee^2kK^$E1gh?5?2k<Fr8DODH
zz~d3prV{QH!t4F`x*h)lGl}I(0UvqxYe$J8aCOGrBV|vX2J;Ogdvwc58lAAvk(iiP
z*2&_#D5+0_vJ|yhsTlX6{SAuv({e5G_qd&|7ubW!nPIN>ui=HC^m?PPYMv^~uFXD$
z+CK(+iQ70tTM{g##%w3!$xi$o{S!Fh7d-dn%@XEl<SD2T!fFp=Y}ucUOh7x@6ks_M
zR!Qld*dz2OxKaL&*N)Fhsqn=%MSY>FJe<M|?Y8P}dW(8B$}COyteQi-M^j7cJ0FX2
zsxzdSUTK*xX;ZH;H}PyX2|d=FJndyz-ot!?U5|_53SK<(+(P+l;kn+A3?!L8^9elJ
zMlmH1&Lq;mQkiCO$o@k-{UmirhZx3<Zc6+St^z5Z`qXC4bmgPs)C(IB`cdoYTNLw+
z{o6M<$f0j0>GwYqazW=RVeY-Q@!ug2N~^zOcpOG9uAH#9KWV6MnI0J5K|Lqrb$%~&
z$>@7K>l`g$`0IBvF*^<%W_U81aTVCK5e9kg0N|Z5g7cja`AwREtCa1``LfI>wjYXR
zkJ7akkFk@Yh`vAvTOXS_^YMV6x4*g+OT($ew;(QJCNC2P(-jvI3ojyI#QR{((=il8
zgu?Q2=t#}KX~-%#7cIOIB3gq|T{__qIG@+055Bk>c~l@-lj0`JcIctY^qowg{Ng#9
ziV5L}i>Nc@?oNE{D9~7c>2S3YubK)}#SvT4t|S;TOQ<OWuVf(4pTK`){m>=ezpTNO
zSw4wjrlUBqmHpbS@<LLg#T#g}4xE>KoU<C4qb&Sp8uN+#%{A?DE#lusv$L=XyD1kT
zsg*}@4|FY2Id4q~=`}FL-^vho?BT(4?Gx;rQ7A5rqB;u$#aEOc=RMJ%)Qj}Qc~I^{
zqI$-N%q~Z<>t%{$7isSCRAPvfqDHN8uu)f&j<|iT4vpC9=Keh#{>t1GusU4K{N}N0
z_SkNoj<B9rfecP(_YR`8qlik!Xwb3n(a~*bxB27Gq+jLYqFtqD>}c}=+~cA#y<!i6
zeAcGDjl8rho#q{yR#v$OYMNW%_y3O7yau?Qoa_|@Y08yhpTGt;7bW-czF7s*_g92z
z0`H={mL$6y|G?!a3Z_C_hpUoQQ)}v$8G{z2N}wOxxdQJX4ZSD6zC_#2MbM8mTt&6~
zIUWd&=4Gdcw+t6d?D|2yB5wUQ7QmKhhEA^j#l4f6)m!-{>%U9Muw^4UxypEm_}QuM
zT)&M;8rD*VQ`dqP?5k*6qeGfhVm9MiVR8;}%+MwNPQeCg%IYJP<YFUoSLz>lS7UAS
zj7A;gdI^kHrcmBC1%ovn{k|U0pFEy^HBO%q9pCkA?7JT!96Lz{>riVn1`_2}X8SML
z@ee93^Hc60DCL*Qcr*VBYuvR8B#pX8Dc4Hb{*+Sfxx~((n4z9h&A)hrODoK%xZHvn
zJfKi|=2*UUIcMc96@^uaOPxOiF*=LtyI7_7ARF7t<X?`^!((*1Z4`}6NAK2?iP-It
zmx%uiy&nN6rpll=;8Pn~W@bg>pfRf+>*nN-vT9tZIS(?Y*|f?_*aIbJun}T+YWHY~
z{2EyD5$-u!IX2LS@M!_QicTA{3X%m$<~1z_3X)|>2&kcv=C}+sn}jFDswAY;BZ}(8
zFgw~$W@S5I4Vfe7DRt_P!mWo`T)a{Pm~T!E#X9Ko1uRpL`c4{CPP^e}G(^!70Iecc
z$~Quk`xGjBMi~f(IYarW>Q@)~a$^eyy))H}1J!wg3#p`!{Osb4-%N7KD-Af?y)jXI
zoi=(z0GoQ@OPy1p^$VdUrW}@t0%Xt#G6YW@iAMp65svC|rpViuOtIN!5v7m^p*8N6
z@SQZ$@Vl35<5nx)d!fd&18YQwUvVr|xZ^xtF(I}kKwL!-&I2b3mlBAtUb%x4<-`|z
zPy}eZO@O%NgFV}*{78U^`-{H&pQwacdzUwA+6ZUb>o=2b^Ia2y<!&{-H_@@zmA_E2
z_g;N$L!&H38yGa1MxjfgjA4{=vciR8+@v8G1M0DaBgNiE?pbVRy7ckPhaf!j;RR%Y
zh6DH2vh<F~Y3JhzTu(!}E*_S)^&bx8>744(OdSbBTm(V&DYW2pS_WP2U}z(B)&iIs
zFoU4#+b4opF9?Zv_NA*YVlg$)hhxH>g}VUb{0+zTWk-E%W!WjzXW>Bgx`3QvG3$t+
zjx#HHjYi>G&FJ_K9~%_&NQj5+gs+Wr86l{#|9TNLg6gH2LTP=lp1rV`T4v$U^4geR
zIOHRU@(`zQsHU%|&=^msV|D6le<16N3m}iPqBREMCH$6I{Vh|jK5_IVPM0Vb5h@h4
zX=!5C7<AbUNGH^5re2L<$uEJ|tFRSZ?9lI5VwV(!w>tu~QlTF2!7PUa*UZ3m_W&(=
zfV@cH5dSp97!Q~!6BFOYpyyxEPBi-v>eU7olY+UQJqr>@9#p6V+bYLn{b>Rr{^^MJ
z&M<$YgFnr|9r}PQx$8;eOdgtohCZ0Q4G1pE>GwN0O5(u_9m43`YU4Qti&c*dY#3X?
zR-UqLck=J}IxaJx!I24==qg>nMg7H$dd9SUIS9&J(;VfbSXp`Q4tA6HBI(AU6bI`p
z3jHXGV6n-$osVH!hoK*@+<T?H@BcCA2Uz<bZ$_Y468pefI!vr-ouMk2lH5_eBDZo8
zv`YMhP4wt;Hqi?W?nQ8=p$K}nO>c`{RBF-FrQFu2%sHPTrd())cYaamWRfSusg=_2
zC0#vL${1t%*-d(Ekc(-Mn}4?UA*EW}>rl>V?$?L%qgHrsX6$Dzn(~!4c+pfKEfa{R
zjkJH>CFE>5Cd+pyTDz`RDsmmxzD{{nD>Gl~=KzAzxK*Z$P!Pro5cu{!X4Q!=VRW8A
zI*%Z#Jx>_L_`_T9I)=xpzja%~^Gxf8qisz8Q{&rH^;_srw9N8+jd{);J<0760$+vX
z*J??fA9*^I!sU|n90aNA0{Kikp_K@pvNb|QTvud6v%mhelCJ8e)>kn}_;-?esi$6j
zwMZfDZ-yDnfNA{Y!~RiIzI1>4_lr~8Dx}v)HW*<=ypb(+1OYn)Zo;Rh0mhXzNSr16
z01-Qvb9E`zT?<I%g_NjQ{i4pb_rYwmZs^lk_>Fr(mjpB~1mJUUgIIQ^Y|@5ulV5|8
z|H851A`auLOWkc8n?I(@066PTTk+w>eH7I?;!hG{JWs_02hJLkDIw-|-*FMl>Yf!F
zwuWDLQCD_o*4K1|@uldp;JY9Gv&d#`lqG(5fGybgwt7WoytrL`sTYfB9NY9(WDEVi
z1U^N~(18gyd5tm|yfK-5t{Q++55(MsamT|xVVAbV>z8EToDn2|B-=?PAs6KEt-AEp
z6{-*i68J1AwxkqrGR#aof(V+%`+oAvtbdIN>dy<vT5!(S_Lk7$8!`}H`f7!=aSV2<
zrZWwEkA>|_^0h_=P$dI_i-*^50aWRaK7cvcV>p;&@>9Sc{P1PLxU%&e_O@Mn{XtHW
zl3<B*Z<2O=)%IDg&^Y*HTTu8SU3rnd5ETHO3UJcA*Z%|<<i~=J$Hy74&uZzCBiqVg
z!%+bf^Rm>q>7@f4=<d}ZeS#nS@Dx^w6d>#kW$IAfM1+3^W5GiK8@8(ta`0jU@&-{;
z*Gu({J1vh7a(xVvTMWBZusyH)XC3UstLU!Z45I6hrsJrlW8TU7>d?8uN8A1fbttpC
zJ<HjYF1(QpmXUNK7?J#v-iv&!zL)Iq*_-v^hkqf^==-p)j_>%1jAB4p58>f+1dJ`F
zN;y6&o->BhnG}IXy4I#x%ufRso`OIg2{otsHq#g-w8z-}SouierqscTS_Qc8rPhPt
z)*;c+q*P$fUBwm=+zdj?^>3#kFV|so`G)1>Idv&*Gc%5WJ!g)aG5nBQ9HX_8@BL34
zU7GAKOj|pp199+!eV8$N9R898x~7P1guJlpS?MoB9h{DvH(L2#?HgFfToGdY>~KbA
zx(pjS@?zt8Q>-N9KU<ytFligPU3X*H*cqXaxSYcz%)pLKIEZpeM%-M%Tz%r%(c+Pq
z5Q3o@#q=4)#5qUZo+22mC3vfO`GQC(nV8ghl6`n@2VPmSY=F`=40}pP7G`~#M8f%)
zefgCLTS-2W_B5{Cq5(?VV7`fUXTh?ADOE;VUcA?8KSWe2i@Weg0Bs~vQSf36`(oq<
zYxs+PrhKGCqNW|auBI5PGeVTv$))xm)a^p{E444Awhin-M9$D{u;h+*s@wjQp!x?0
zQ;9ycQt>br(&%+qC4Zx`lR#HV5vwy4-5CKtJ}T;UG<a8;N)#6{Mt;IOrqL#fF*9!u
z(6-xd-hGPst8R#Pq2@z@CTWOKRbi;4`OoL51Zw19u#rgzj^6?U>10W0|GFS_1Z{67
zR6Mm48s!e03=I|k*9pyae=>25vA0$mg<0Ww)q<{~?WTGrpeqH9%ahu^No@Ol8vNav
z<LOFsEQ9nh<94=$OrmPc`yr7f^v0vR${-$7Gk&{q@5`^u&J0FVX~mO5&8(jZ^0m=L
zr&zMfpiYJ;TMtI!`NVfh)hU+F@?NJ`A=%EUk0Cz!616bTcg|6=G+uI#l&!6bs6G>y
z-_OvbJAve%i}cNvbD6@8qLeM75`AY3Lxzk}pE&wdi2{#qhdula0GN%}98P6HF`=K`
z81l%GKCIB2HxR{>BN6dYEPfG(u#q8g5n+z<ZF2?mC24Kn1l>?*Z(-3|_}y~MHwkZ(
z)=2fZ6L`%BIn}|YJLe;O8WJZj{b+HvlCZsyFxB44;`-faRD=k-lZU3gxm*h}T0<Kn
zuR!=O>10_nYsyPOYOpX|a<s7AGQAPDCjO91bTz>#pECWL9UUmfyU*qEMcT<>c%F0A
zBb_%oCFS~DYlJGpunCK@7|ZG=Ulv*{n==tjgmuVIbv(o*Fz)pXVl*4@W88cFz(wYX
zAb%8gC{LIkvrsTC1h-)?4IZ<7*$33Oa+*q*g)|-j=G%ajy+F@xZW<{oFqfNB<>@HF
z?EFJEwjw_++BeEI@K9obfySr2QK#@xUfN-v1GMw4l!Vn3ZZ`+bLHqF8#U|QD^egxj
z(h8q7JyDa@t(5wB+&}BS2!MO|!;urn11YQnKkbI~<lUEV(wxwO)rq?rH*U!ZOT#U`
zpKd?qRJYc7she$OohCfy`A4@6CsGXM^y?I~jfPz;=WJv%zQ=I?b>kl7p8+?0%LXkT
zBJ@BkkoEZkm@NFK)G>tjyAnp%f`}u|*+=}E;y#op@y&M&P}T}aC`=;-*r>Koat$>G
ze`f_SvbJX^>EgMqYJ6UCsysadvsoUcA@r1BHZfFArdT4oQO89K<kJ=?DzP2jvjV>u
zxNychC=je^eC_ybVRNZ0d#mAI^8x=hJPqnzov-WDddGCM<L*`tY6|9N1=4?X;nYoM
z*kyv5^kcK^!IiKX86lyYLaQ*LKU~#;j_V+#FQ;x@co2pPDG((37>|-GYb(pf+seq>
zjS%+K;hO3)&mPm)00e3PK2b$q<wRTDyCNEc|G>Fy=&41xh!O)FRRGp1kXkEv{Ewix
zrfJ7D@z2DP>3oBRC4Vfzlg^MzyT6@=acb+BZ}!wP+LO-VMI^{2owapS2gl#jAeF4?
zW`+im$_8v>!>v%!FC`s{mNll51i6)YHB$%RK2}pU=Hoja;&wgQuN7rd{%PobztZZv
zYB+Qw2WzPEW42vhnpk(#4NPnK^mUt)&6Yf%isu;}g5!ytkHt`d-wb206;Tt%z2|_Q
zb!XW+J2}0jIPPZ;p}|-Wgx9nplD5?e=X0NJaZgcQrm}2J;uDBR9dh?NNO&ETLVX%c
zc@BivKRolH=n~n%oZ2wJc-hQNnB!7ghOgNJs_X$#_+U<Vfy}$WN(=Zap4=;N?)?6`
z4_%Am-{7sz=u$M(YF9G-Le?rFn|I5@V9bT!e7|OL`7`n3Aui2(`2QdGpB{e|w?rOP
zP5a$I-o6~{lxeYkhRoziqje?^Av#0;=tje1mbv~nc!v}yC5X*Zt>Jzbu&pIGm>36@
zv<F=L4E5#8Ok(zx`|*bh{n1Id5JcGxB9GJEr^U_uK@zbC{07(*N?h$VkdyqH!eslz
zq~f>`#B3@{KUl1~JJno<aPk`x>%yjz#}w4+PG!#<Od#U#rB0velGvnY^GqI+>nMc9
zhT?-X9)$#MR{fE@5_vVPh_P@*1cZ|;-hbW0STMBX+s~`F5CjPef&O%Mr@YSceF{>v
zc)g9)(!noaInsdX!DaX67(pUyWI!H2cn&bGyxp}FOmP<wKbnQE&LSK%k(gNGOMb==
zdH(d_%7}lksutm2o@<cOo6bBPz3b{F<-J{Q662mDaWed5lSJ(kdPjWc&)6$X{zI*d
zcx*)8{hJVXBImyS&2Lu$o)_uZouEz+dObbP1p(GeRlOgZIgQp31vx~0GbdVcZ|?Cg
z+)|4TNpZxRK;147%0mNl8D&q>r|y*`5rB*@rlGzC-u+}XO)qkR3Wn?Gn!Q7P-&JpB
zcbeh%4Q~-Zlh4(m(Xj;heKk0NlVJz~_=G$~K5-zoYXZUFwIZ^z;dvA&7L~SZdmE|?
z8~Q?5-mD-MtD`xw(I5aS2wLUHR)NoGC6wP0>rLDzPjRNU{pCd<*oi*4%jYN;p@;r<
z+tDRxIW>4M*1cS{LmZ+eiF+>?Ruo5s_|w@^^Bdfzi#|JYxr}RYN-k7XWMZ-*vQfm7
z2|mg|vBE{g%g*6}X5(zaU~eNj|AFfL6*MUX_W-ng6CV*W7&<t=Zxx`rDKRcJ0FRW$
zjG&K3gQ(MKeprm&$a3FP3Y)T>*g0D9P2Jcz#aa~LI-cO8<f0C=Kn}^LzF0a<X>3&*
zPGVJS(>-sWW$o*V9w&=&{u=Py%CZl(7)kmeo5v!P*f1w+RLf}2a{Qrt*^K6{c5##(
z`DN(G>I2HUqwDuh&3DD&D6V*wUUDL{dymnJ`;%pb#}4b>izv|06sJB|>;qOhhf(b=
z2m1MqazNVZmzExy3db3}6*?LAl^Dks(zR@kX8y~4b_JX2>$cPVz6%xbdiMNNZJ$5=
zB})`J5pbBdiQblEeyt>`W=oY#cSMKhJIlI}f8j8-z|6%6)Y4@PDeJPum-2xpym=P!
z;));jp#6)S>n4$ZtSCkIiOO=j{g$6N_z$dpQT@_ysjp{J%MA9>&zP3?lstsl%sA2%
z+7^?dc-fw=oHUn8^MAP_@hU6F_3Sxk+{g6nX)7mr|K!e`TM>^%t=d|6MaEIXre_H+
zc%mh2v{b6-<7M=tiT|swym7o<k<1lA{_*tJE{UD3#*JatTRgTG%H$7JycRa`G#*^;
zg^u?N_uEJqnnRzqR{PY+oT8|&9ls%`pl_2#s^vPh2vwrob_{7T(yg`Gp*pvSQx&*S
zwS~4uLYE__ogZDtIH?j7(ili1#EZvM%)OKwFJJI-cB-&}%mgXAN5cIzD3FGd4=qY$
zPQr;!Jc(Y#b_0%?NyjHN_}u9q1Jr0<(#F$2M*X2Cczx7}hWU;P6J3%v9{^1V@T(}%
z6qAeySiXoz{ERT(;EXH&MA2bgmDc^V_l!0A2eetqP;LrfZ?C4c`t=+DZFvRX&i<j!
zIT;)E)CS+?-c!F===^@M)6SkDcbJF=bqWVgU3~ilXAjzY_;}*iX!J~cs)(mqc?E-v
z;W9Q53RU(mD4=KOHL6^$<r7S?VCT^~SG&4UgYfmvJ5`IBl24ua6cn7oNJhijU%g67
z6$C@m;R$Yyt@Xqb>P;vldhR8MT4@FkX+oBt!@_YUCV69|e4{@Gm<n$E4GZs5fEp(O
z@a|<vUnE0mGsPzm{xz`k#Ox*<9;@X$r!sa3`&U{s_6o;J#x(zdp>$46iWt(tVLfCT
zug+8kC>)x9P@yZPah()ZqO(^z<PlS)+fbux=jPfZ^bW%~_z4l(p`y0)RNwUJ+NO})
zrwG`!f1?=Oka!u+oHm?6zDK7zBOF%Cc?ExU^2Zz)<j5SGMJdBH)Oc)Y+QyNDph#?;
zGOV`6ee<VO%Mu_FLiGT9jOubX(Wcuo&X$PC^pv&jRAq{205&z+BUKbAm6dns==vAo
z0MJN_GR)q0?A`!nCmn~5=hfFJK+g5MP&4muEE=4<ork<|xAmGGRali+hdL?3b_1z?
zlaM)+5U$T{;d`OLye8#Q2lUNw%#R-^8Bjg!oZb?yYylFVS`3E5F@WU$@{qRk<$8Yx
z(<z8#L1h=Oa9Y;$s``j(r$K4!Qi1g4vXdjj&PoA7%WnsCnQ*Ka(-%~kAY7)e+d`fN
zMPa4s+QH%z4dTeS=uynA<=;N699U?#J6MXzO;tkfQ?#)}V<7$n1FwGixEK7Bl{(ru
z3^_rSK|d&FE2Emiu}abQD!u#(b|Op-aV^3ts5F3q7<-j^oT=OCiuD}IrA)1Aw9P69
zm0-bC4zASv6|@(2?U%zqtr749x<Qod9<<Bz`rZ(?tr(lH#6`P1K@prhsjVJVfrtsv
zX33FtQrN2`NRkC8b89z9ZFgy3XTw#3DKL&Fl;RV7KXrO66~s)yhnHa?m13p*_7>mS
zf%fTJI+NAgfOm>^&Oq!K;{+1&<Pwk%2e50@fQWbhtz=i02s<MH$^8fKW!%eg<C{k+
zPX{vN{eWa-9s-4OfuwxAS!AOa8sX1`4}ROp>d=uQz+1pm|CU7e3dS_DL!@$z9|c>6
z)#qDSj9i;W)i~r<Box*UmM6`kjKy}smp_bRsk#YhMSrc@Jv`}@SbjUyVGOH@`)rtp
z!zE%A!Ryc=5Hyn#7E%9^kFMiz_!ic_<U7LF_m}F`NZUaMnaYek{f3<)U_}v-ZKaYi
zt|2}iY4XxcXQq^9rIgf*mst)ZN;We#u{G|}p?wb7B2a0cgs=yow&?Ep_0z+&FGxhJ
zQ;{=>ghO1=$U8QYki4f7vGV9rIovxo2_&;Q4b$b~DbdJ>-1UQw5re|mE{UYZNrv2?
z)(HkZ&8n&K4?``HCNM%_#5*$fPu3Fy{cy>Zyd0|uI#__%pN)o44r%n)J@!94aHq|G
zW+CrjAyCTTPILbO>$mUXz_PQb*AcNpt#8IA_2)~{DS^7#cV~nt@NOuRdJ#&VxLqu<
z;EjZKl{3`xT{u=0ofpJB{-F>d2qw?qkK-^Sp>(nrO&|r7@9E_U#9a-68^d`w$Y}^H
zl$-;E=zTjqe$<$vE5*>`y!)vomiNVn^bo*m`3h6Uz;<*WGSz$XZ2w@_YlwEyu`c+Q
zC@_%{FPxlPO>PSCJcJh+1Np?zGuYh*+w1`~M?r3;wLc2tngz7J3^W46+C{6DimTAz
zQi9Ako48kwrmvyrdmW-(@=b);=4Epjqo9je`gRf^n+eke_8n2UAcwvhsQi@<(~r(+
z(SqhA`o7#(nZhko+-dDEo^4%ib$kU<%5kC8c_s!+wzwWoa5S5?j;)e&sfYs8owgNQ
z*t_^~L=X5LS-AclsLTkEZv_IV5hP5R`+gUxw4@hIz5x!vO(oa{?dDcvTnsWkDA0SA
zx=wP3lyFyA%01<~4F<V|OjWcoun$A#lFMZ#Rd|-D_5bN>HF18c7yZ`NEz?MpNF|r<
zDfrDPNxS2@hUr@b!kQ@dM(4VJapT2Mw`af<f~)5A3ovY(gv?&Ev%VIwPpCSo%oF47
z0RyErn^HAE(C7MT4%H>!qdogW2{bQ`{x?+aH$q8iUK|n#*Z=}5a*L5F(PQJ)D<g}M
z_Pzh22D!)|f0v6yLR_&W6s{K%`691&-cR2%h>@zIV&<8?bq&w)|J&Tv&H6`nZ7>s<
z_vn8Zc<{J)7+CM~T}^J8W-v|x;qJZph-5&Y3KdV}?Lsh}_O!91nDdHkLGI^^#}5mU
z=&C+j4t@@mFXkba<{=kLAjHGc9DHXsXdI%Y$6gbFiiad`Y~kNd*gA%<Z}{AE<Y93$
zZyUV_*TT0M5q-*2H8^%Y{Q=Pgl3$CTB7Dwh=H0jocFaS3c4!hfGZREJA%~+1_Y>~e
zV4lpY5%Un{sf^@3bbeGg8Aa7Na)QdX^V!HA{>&?8>eko8kl{{(mz`v+peFpe7!tIY
z)3<vxpkd`r+hGZ~Q1R#Rn5)1w=WoP>Dec;hWC}MQ@=YSO1+mcWEQw|LY}ZoEAEgPr
zkJsH5P#et&qL)=~qMf`7b9}3&iF^E@WN(A{tsjFwLTd)(#g0t_4d%;jpjZpzJ_ZR4
z)srcEUnHtZv2>KFv0|Fdza9gmCq)T<ceL3GipDx=Ez(5UaUJL_yxKs0EmbTTj;2j0
zF5owbCOaP8;8f`C7>;%pfKqz0zCgoFRqz~_j4|AS73SnDh28NEjJ{crRBTk1c}04@
zffPpBGzHBZ1zBBt8q3Ej3do~8Y_k)R=>XbJ(`h&$Z3SH&WtjO_V!!|W8zIymyS!lE
zTxu)}g|_1#OOV4X#fFKvW%n*$x3!EjLSdOhtgfLK9W3_*QJvSJvZSD|$tbfCmBA4R
zj=R|1jeV1-PA^-gpQUk>8Sg+VvoT&*xca|3B)rj>1KZPHBX%@5ydR2B&vDJz;h*yh
z<BXaBz^3u{#!gryk%rzI%QgPwfP@;%YINPI53TtxOD{#;VsePn=z2sSdRzS>(RI_R
z73?)KXNi?N-RL1om(4eRKWAmnl&#gQ<~Uo*)dVDK63CYBkmRzMD?R7|XRpuEHGgAW
zZPsj5D0UO#dtHrgvRSkr{JNH-Qe_F!nZ~o1EEoP}HCMXV1eCLK<%{G}<vQ3KFa6sD
ze6V~+HL^%OkooivF|9wW4GLZ+r{oJx*Ux4XX1iGmxdH}U$BB}?pGgL3-o1TGj4cU3
zmC&LicblcLtYp-0gT>Wd*$UPT<36t&4i0yaj9|C|@sGHKzIp>+#?@1H&hI|QQQgx*
zJjo~>$OaBX*-gW}Jf5<uB$N*GFMnDLf3$Qy%=9m5{JLmjnnZ<n6XXr;y={;9B^+O$
zW|46@n<qE^P3{sc)UfGbDg-=}FfMWk>YS#xliyc61mVs7m$0_M{~e>mn;eyDu_+x5
z><@i{8XtjJ&SD9%1?*ud-C!m1W(&OJ%};R|E%R1;Iw2ntnb^NprS4~~Mm$6o;bF>h
zC`(o18|M6wdXyrgeyWjy<5qR~8YsA}8S0pj_UY;BO)zEL&14F0FbWZ&#90vY35)U%
zbz^N03I%=h2gDSGJwwpno0gR&ax9&I;dDM30hLm7ISoBt;lDR^wRNIYB!9mK?fRc3
z2>lHH88nSCv?WIMa*y?ogQYX!>X&3M8(wPy#I;}zk;{;>as7WJT?J6w-V-hy9CujZ
zDDEx=in~*w_!ZaUZihPsdN{@1X-lES-R-dAw79z$EAIdM&3`77&D(5}$z)&NChyyC
z@gjg#@+U{bl6?Lg3=HgBH`eS7Dg-xPoD7aOH!3ak_V0vwTbSc(FWzl=d~8gB`O+2}
zrf6CX<sF+x<s7GDfp4+Um%rH3X3{CNv=ieGac&$r)<sU3;=Ak?$ictKB^~e7EbPR2
zs8iX@C;r-hvc)&+=(_HsLj;AKT+ty^!_`H3NF&odY<OCD`%@<}lEiYbo7kCbW57e@
zgHp?VaFVoUKGKZ33@$(J!cz=V0c^4w((s_orIZV7Bq2Vc5}SqtP|^fntB0GK$xZ2#
zcKv09@BiJe!KM*>byJa#d%20dmdyyaPzD`@V@v5P`P9PI{TP&%RXm{7j2=0CITt1E
zDR>Pj>V6kSN_+oF5MKL>s*DT0hLkEx*8B^hniLr92kZC9GHlZzoQRjlk*?u~zB7nT
zQmGXU1h0c#X-bWiW-VnApOsOR*JE?a5IemO=cdNb&RD27Y5JcoEBMneXfGgx{*)Yr
zPjZ--^3M^m(1189o^{}P<`Rk<t$qa034WC?sTppm)h+$n!vI{InjpnEK6rN+e4R#+
zMd6FaqAI{6wsTq!%@9k}A%Nb!<a}=*{8-?2&kR?Wq&*z1`cf6m&+h~nRL;la3^2!K
zFs1?!JD>&uJWDF#QOan<9^nOP0od#&(ixqhYuooEw#HaO{8AAHXWXYxN;3PYX#88;
zP;W+BYexNLTa0;$#H0sG$+>@LFOKCEDj8yp6ocI<Km2V^?5aR9XKE0)2i-JEFs>2a
zlf0`$e`TQ>=Z{@xtf<$Vw3bQYjQ)$<6id7=R<e}`6Q)1RYoma&cd0pN7$NwgeA|LX
z$S5!JCpwE0#yuJ{_mc$Bh*=Vt@@=5&b1J;_HCSnUAb5aHCQ5q*ZjW+&P7PRS7?84T
zT3Q~$W5gCvV%~?UNdOlr=<1B*ptzDi>k2v*o3*kGzgzBv`sgZ)RDh(@54O<!-=8i8
z0m72hWpqm>aub>e%$12E!A&Q#e0!H#0zaRo&(ERP!Ly$fg4Ib*HIs1pckxeG>_e^i
z3!#VqMA9O_oy|+{hh#DQ$F1SGY?WX8?PV^f(Tco%DUEdqM9P^8c7_$Y?zkdqYb&Wx
z2y_Vg%XeP08Gd7mO7UR(@rh%myu1{AsFOWI>2rn8#efZcBaW(8&Xl94YOC8B8uyn=
zij=GAgI*2p><y*}``;-4aZC~G*E{w)B+!z!b^Crzo>guIi$4RAfvi!1`|tjCbxV9r
z60VNdC3wQ?P1BQQX$Z%^-=tro#<c;NyGWqgSJJ}E*Ly{j>j_vD9eJ1=2FPR@`E_&!
z{<i8%895z){AS_Hm$ACvYKmjFK_-*mX^lca_P~oJ1+Wk($f&JG)sS`0xcs?w@X6<S
z&X%LF+o0O!yS~$J_QaY_6W<M*V~*rm2(V&%#qGBNLcyWAQLHNMv^gq{yCu+RJz#NG
z2Xm=1AONq^<Q7Q>P+q^ZYB+;G<=K0pdj-bG!`Zlgt!|=_Q5T2T1Vd*2=dAt+aG+ej
z6G_7NL!hL;axJczJ)f8I5`qfIDSY#dcN08x8q7@6O8i&d%Hivbxmz~iClhsfF}9e5
zUU1p4<zAoq+{PiC&M)L6fY+HfVJ)ujqMX;5$K@b?CZ%1!y`bZi(a3m0HsYcz(U^C7
z=@%N-&h4UHQ6B;g1RzbRIzqVMRuWVgMyp5)5P-gD0)?oE*-F|&x9L6Zw<~#>IeCfK
ziS*<Nn)l1K5OD!WixXcX58Bzis9-$c`^$!GKusrg^Lw}xQ0IiQ@Zs?B*G^ffAzaLD
zgbZ2TIj=2|%avaGI@V|4a|GztON0yFiJ3HW=2n8cJ-gpE_8G294i0o18Rjv`PPb|q
z!*kF_)u>f=rI?g&^&&@b6wNV(E;5<1{-`OULl-S@l5Hx2JJC%oF<cos(|N4+axhvD
znEgQ-Y|_DtV%;5knt!J$AdMUs-_Er}84jhY!q2luM)`SB8bJj|5h7DmydlxqV2NyS
z>dpunr+k|@Ic2X>ARhrqdnT6~ue*UFZ-^+qi#lV8tTpPr0KruiU5S<jQI*Js(;JDu
zvXqJSHYiFCK4GJ11`01UC8yS@_>=bow@Ib^&<cQKFPvSNj22a(^wuw?8}J?)VeRAb
z35$(%FRc3a{wRdIwX3hnkTi#xnz^X7KRaQq9}`tvI~#(-8j*XJmENrkU3RE^6I*^|
zH+^3rdvy8qPX|#{Zge7Nrv07bQsU$5^;?~O&^V;+S3+R}j?35)y;Fac&t4}<PwzWX
z3qAbXXYO#AqO{0Y(<|FjZXaZVz_Vs(9?>nQ1<8yDW>t768S`h_z$V<H#a9I<#qb+-
zaNwP)S$~2^7->&0tGQrG@KnMeTf0Di{XLhfvmJTig@D-$L#x9Ek*Zh}Cu*iK4k!9v
zM}pn727E}PD<GrxGnYd)S8!mW8;0JuPbfa|^<q^0IHuzQhzh5r7eVv#O+#Ehff9sG
zJqy`CdmbmWc5W(F(F48&_i9ldl>g}3JA$Vi!IjeNf|aKh(-UW`ilS8k(I+&omb)D{
z*0pHjh|gaMB#IJ(R;5eod;Y?%Q~=>`QOHSdLhPgvxH7Yp@T^r8fS-K3lg~k>UDqE<
zcpsAoEfebrOSgRDzf@wJ*faLb{vt0QjP*6#P|@TpQGzVdWc|!$%@@x|?M2pmTzf*B
z!|(>K=}6QmO3mO^FT9|6X=rB#YRaPG>B8VBx42TpKY5g)&)h{0FL!t5+?fj})dc)L
zZ|wNkGp`@!E>Rdu(wF4Bx>H<`7M|EFQRpg*_{$rPo=Io53+Fw?!tQvT<Gxg}X~yl`
z?ApL{#z&m@8d<Wp+XWv?*iYnAa<_foKDTaXmb%?rS;#5H;W&S;HZc34A`_(&8bo`L
zYy9W>9)<dYx}jYdqrxHd_ymK@5@K%yNh!V$ama+bXQFv;zkp^)H^dNGj@v9@Dr=5}
z4(h`t^eyFF8Dn4)F~}%D3wY2P1N9>A?)-()6<Ph|)J^h*Q7n)w_D`W7#fv{)_;<&2
zC4{&y2)zh~j+siPU%qhnB49e+na!MuCQ?Dx%@}PpHi-I$k1V^U<5SB1mk7Xe`NxR(
zGafnM3U6gmHh9NKdZ5C#(9pHa^b_CgVVUVPrilF!?bMtswC(lYUQ5J;@5}CbH1e+6
znqxCU57*XTR{F*wJ%4ycrvn+Dd9vCfxXfNkyHIGJ4!`rig*0)7)RMvu`Br7In=W3j
z-B2M=X3#bX@#@o|fp6|7VnQzMTg%$vPX4!ODN;zTmd9x?ECsj9+wl*G>~=Jtr@ojY
zlH03CbQtL?3-9XORK#peVslxd(;p)f5a#P+`jkb53DLe+TH?F)6jisjT~4o7U2%7L
zAI?6#m&&-EBg@TstmC&~7iH~+v65L_50;5jVR<CuoJFChjM-UHfBsWwN-<$UUAQPw
z!MV&J`c`R$_H5uLdRPJM$vT!0ZI8tAgi*&`ds_V(9cMVxd98OGe<s(fHi0PHvz;HC
zDMLO~Y|Z=c$Mh--HjmMm&5tCo(&5h0t&R#q0#BBY62OWRdWr=F=u;3j{FwRGsydVf
zBf~G4YySmrCdJwU3L+5zXQJBqof8oxGBlOSHjM{e`Q|f1R^D@2pO5RKZPQ1FqAq_3
zm30sHH^Dm&kcP!=nhq<VMkoyH$Ko#Eo*RCpd?USeA0#?mi_+n#VQyet7){66`rfIk
z=pTve>V~vT{ihKo6BVHK;7p^lCCAO99%aQg?~6Wqz@A6K#1oB$9I$GO#_U)+G%Qv7
z6HoBNCwMUiIF*h!Se!!lRb|7z9;Lk&5c-HmyN4(3l!C%QNrx@eTPX~oQRA_SiQyj8
zaAjYG2tDJO9n(sDZMw!YyGBZut_xI9Z|ugUESwtm%&bQ;0_1|romw(401(o@J}L}e
z-~^nCs<3!xq(%)5y{HlHl(W?<+846m+f2;yadgX=h(vkI6}RHbPR&0yxmEmn6S;g9
zwa69z>RU|n4^yC*H3B>sG3ezesU9sfo@h+sSm<ihi}jL#h=PbNh*2(Q<(I)}mybXG
zN7sz16E0%cCo`F2vrtCk$fn_RIIf8s{{7h%Fw(5ghjT;D1hVsSP%hwD8Ik#>ITAfG
zS!F(E&Qpx|%)|uZ*11LJB`L$=3y;wY-benW#8;rCeM_-UckBsIfW3_tYFZI}D|QK@
z-Hd#7c5#O;w-ngc9@$7q>nKk5wyo&tnP!9I@>#i;I390|dOaq(+&yH=@84UBWS#nM
zXK&^`X#WnXuL4Lt?v$5@zZN`QGwA1M?JQtsFYq6<P?PtgH35~?xh8Lj0ys79Ux%_*
z!GgAx=$lFV(59757PGDQs5!;6wYlkvnb5Vi5oVbV3+|6HA&b6x12r9a%f6X6cMZQY
z&LffQxgX$`p7o3!E3&z`$+=@^-jik4-Ur{ayU-Vj(L~?c)XrRUOL|h9-49=$Z)3VI
zmc~PLs2EFEpYK@KZ{CNBo*(yZx;d8QVA4%vq(dQY!59kQYtrxr;V%CHP?`lAzc5CL
zYb-R^N`Cu=aXh|A&Bzpm={h$e)B^2j_n(N^;c#3%cY%>Ax7xQuXkOZE^)rdtDtG^N
z!JR<Is<QW1s}1|dM;_yT3@<ya)qcAIJo??AWlG;r(S?WBAQ5`c1MgaVV_};l%!=Y_
z&^Y%bHfm-qF||lb2G(U2a{~%yK2bH6-pFQJ2jpvx^2t8B+M15panBWzu!*+!aUTCl
z;JvLxxM*ozqL0mWM8dc9;Fr3wtZu8&MSYPJ*Eb=b2f#7<i#8o-A^~!?kA%{OSCEov
zsSjoS8F>;Do7b5lDdQ%nq8)T)kI@AIcaV}>{=$XXvUCURrjM5p=$m#lo(`ti=PdHX
zuA&9AZPi;?!N3>ArO1xQEZCXDPNY6Se&~z1J^+Y&A<Rg2Iz9`xF*yffKZYm#!|6su
z|0qMr50afjZs+p%QvAX+Qfumg;ZW;++qaZRXurc*UlI(US-e0iTnC4S5%OZxkTQez
znL&A)!qLA5TPQvUEl&jT8Qjb$n>qu2l&Ze4+LF@6QZD(}h8CAgLm?tP;oOcYp!9F2
zHZ%%gY;3&;8x2Hf`CELWh?>j5;_?B7UJU}ww>05WeQ}MbM45i%hix*f|5F^>8n+tF
z7v-5J*}F66v2i=ngjZ>rJIlP9wv7H8OlE_Ol&OkA%W7xMQ9p`7q{TN&y;quWbyAU0
zNlGD`uN|xfZGu&E<C7kTNsr#eAYzi}Umjg2eBFn9g;nAS(Wbx@iLpsE60a<-Jw6N}
zuPoRepUEll3y~SV`ifld90YL(hYiRh-2H8edm8I~m`fHySmP0!_9j;EhDZ);SStkm
zInD-jW+NoXltUXU+S6QphHdsp+I$+Qtm9uQ-HraNsww3CCWkhM;O5^LULH8WY78Pa
z9*zDSk<?0@Z7@3~UhLL#n9DdNtgHi}8VZ*Tz*x3UeH@2C#{aSH<};3n50@@^r&aBi
zF|0TDp0-JM*WaUP3WEj5AQj+%1L07&xXsdlIOti9UaKzokgC*ZnZvbB@mc-7z%Gbm
z3@P<@L6iSUf?d$S_*uPwi1a5z-qw2mZL#%H;SMiq-#k38Jmk<mQh#4}4u3gLz{WBB
zB3dxuUL!Yk@<!yzW*59TcJBFbzYD%b$^euN22J#tGY(>qN65>;pC&YDCTp@hC|`(Q
z5XsiW5rfW%ZxS5;q9gXO8ayAEK9@-`t~SSYUZI-R*YjPRkS!3c+|Jt-z`|yO)#-(^
zyXLG(^;CX5lL`5ToKB;MLaxYQE$?pbQIS4b;`9OFN(^2n2HQ8zb}hufQ;BbdwAX5j
z7-XL)*0T6><25Ud8I0P0WrixlXNiS1(K3`#&_Y?)(?Ru|uHPAq=sencf3c4R^he6e
zkRlO($2%{pGM+5<84(-GOCJM#qfYx6LnV@l^H&D$x|<4IX@evc7GBfnMf*nnFaj7~
z*GlY8>UPB_!)>samF`CZ?nkzCrAA%Aw5t$y?2widLax7tGJhJ;E^l71^*6#x+1<|w
zq5pUa_pEB18(nBi$1Jsx#1bx}Yxir0#!P&zBaMrV2}2&mnaeBJ!s%dMP6DH7J~mi*
z;n%lEGZfIDFQ+!G-KK0f3DiJS%imo4`5R@+O=wwkL3j6`SMubz$Ek>H_!)-C-VSMI
z4M-hwi2l|ECF<T-KQZVhzf1L48d<%^EMzYA^yu+cB}Z7%UMpnM-;VW+J#??ES5d#O
zO@xBnZ5&zZ$_gjQ6MwRkiI|yI-<j+29buXc5r&GA6YaN>i#T3BKe{Z=ue+9UXp$}D
z=7FMo$0QWW)HSx%8oX*fS<3SP_my}OR$@m_6njsUh0ES(R%`BS11F%>AO)y`7>3A4
zb=!0CeBL1^2IgimVHIvFWv}}nqI~Ix2Y<xMNoK8;6U>fX9mduCG0%wIx&c>Lr(A!z
z`~*DP$?Q-%^ntO-#437`0%n5)tLAHXKfM%hLqfdWkGHpazB5H)eJ(_caq_civhR*g
zfycB*jB=>Cm5s@S5xYqVTCu8KeTIP;ki<(_J^mTlED!3CM{;^-pWX8#Mjg<!n~Tj4
zJY^0%Lk+g_qMHRlye@ck1+8pP2XxF@_b5a0(rG6<d(e&JpG|I`PDgQOUS0sEh`hD2
zpA)$*6haraE270EAzn2qovmzB*>FMjWItWG1yw{rHk#*#G2yHWq@rqMsg(`Y8J}&1
zt|Wg+oBN5#Y>OlGIjxoLr^mL#lD@Zg=>(ZKp$@Hv8*JOKd}>SB{LA<`KeO3Bg>dcm
z{+M*beBS<VW6Ds!>BoU%l^@15l`<-*xh<GyF)3nd{$eF_rOifUyDs=@s~dj`7SVPW
zjb40qAvjpw`I70C&2=WwovYZBtJp1Oy{Py{2=4mqmvEVJbh!wB-FVAw_$&%n^1k6V
z%xunjS=S<K>l#5_tJ;c$y++uXN(PO1JyIeTL?1Gaeu%;eyg_$470;d{0#EtRM;S*v
zgN(@O(|!4b>pkB#`r%etAFl{+%MX(HVjnjsGhb+8(cn?)@8*Ljkxl(Ob$GR8=76KO
zXW%urp>!zn_-KDNPA|`;DM%eOqUJm=dRP)4_u(xRcSZB;uMOfvk{~5{L?ejy+p`R`
zqqX?URVBR31bi@ltrhV6di{0UU~}=tj4|S}6|H<koKVs`RrEaboddc)glG>Mdi<lr
zCmwo0)s0vwNxart>QHF%i!Tu9DE{)>1wOY5vVRaK%zu>E8|P_1`H=z3=h~2vrVLQ;
zYrlsZvh!Z$MdNl77(A(+=DVu*?K>}pOSB9)y*p$AV$d-<*%~ASnRist)>cKZ|6SMf
zkxRJKBD#9`l)P6XWkiayOGfeS5!N+(XGED+iQo<IEU|lCw)%I+G)nww6q31T;GI0#
zzf8ei?Fg-ArFP|}y2-7&_U7#0?Id`*%T?yQKq*`Ra84G!1P#6f9jnA13nL)t_Jk6T
zC`G`=-b!k`II*=fy$#yJIa%i@o*s7Y4O-d<+Q#0zmtb)!<Xb4&F3O!6VlBCq*0f7&
zHY*z{QMC9`e<R}gE92M+Q)gtWu%7uSjf)fVkbG*$vDjAH-W`VYv#im^8{xG`DLwN?
zNs#CBT3W^hM&T;;cgCQFqvf<4GZf_<!k;M1<wd&6%ItM25j8woJ$aHK@+TUW{BZks
zzHj#)BMSnkes<q-ucHqK5dJi~wm|F*pj~Q|gwF`WGblp+UTew58_7f%$+Ui*=C893
zZ8KQWaEQX4MV9l>n@j#BI?Z2##Tlndtvw49ONR-i7j%?W6yD^+ub&u7#tO+69u#d6
zJdApuKSCrdNLQgal}`*}mYD@moX#h?oAo!LWTZdM_6TG)2&|FTA0%kSY%*`4IA-eL
zLiJ4H2>XnO6s~pF!jUy7j+K14{b@eQ&viTR)|<A+))<tIcZwDif3H{e<-{hA($&Ec
zdH<vuz4IYKenWuew2$(qLH&SbCNX-CK>3LXk4E$sPmK-Z@SeVb@xEd@>citbP7j)N
zZkL*TvW|>+Pf1^Sy}Q_WDJxB@pG}*fiy>Y_W0}$})d@+6NQA49h0ugqwX?UmE9x3#
za@l#K!O%O~fwXpxh`Y0M`8>>P936k8l|p}HmuH}3vd4#N+v?35B5A6%fK*9kr;^Q+
zKCjvlCD?CSVU^^VJig}w$)n@7Uyjptx>)!3!mLhHh)!1YC9+yTK9yTTMDYe3-pOuK
zcCX<~P??ASFV8g_^ii$kEGJuf!5tAX-W>ARS8Wc-Rxsv>$ej<}pFy)H>;}BpZvCgz
zxRay+8`^X(*Q6?xrSf**=~-I15kt(09nT1C;m>U2BfV{Zrel=eXk^owLo)tUEWW_|
z;LOC?X{ED?|FC+>`=&lGNtKTAap8Kq{iD&)qd{LlsENe21IItG>c3_a0#gGNG(@H9
zIJ3&=ZqQL}0HPsavhwrsnRBN=Ww6QX4y~Rns<@z|8B9v0up+X5=iuveu+n7_nO8fF
zqn|X?Jl)>*Dhcl~sesSqC+!L2`nq!Hg71%Txk^y-2mGntBC?rwCiai2wzHN|;dv@a
zV|i(G`FpUVmbah6#H0Rp!f)%B&g>T;IAboLA@WcWyQuIu7toQO^$G+B$=|zEH4@E8
z_HP9*uWDq5k<9#=N$Wnl;Mnj>;Xg?@&vVtuF(cX4qwGzJ6({F!JOBWnt6;_Giy1a{
ztZ62OGG9(`$R-z*$t5bBNAG9%YU=wW)7@Dk2;2l&h;~-TzoYTk;&?Xa6#$A&#b(3}
z4Y3-5u1ANw)a%D4tRT@VCz)7=JWW>Czr(W*4hgPV)bunQdt7kp>%!?<8`zRVx>m5s
zIgAH7G#K0=ylxzH#5Nnc#7AS>{MDp&x@WAieJ3;9PO5cV;F*!6Cy#kvocJx5O|6IU
zwF7nMV&&zARU=2^Z9P6%p!4eS-}8k-420rgVc;sLyta6Mb_45<-x^~c>=rK*`pLxK
zs6|iJjG$T#NSBLUsv7Ib!<A%}K}rGRsY<uX2-y-Py%`=17Oe$)TVs7U8BRm}Y=Js0
zULI85Y+q1lulKlsIo;)!b~`Q6^RU1@EhR9_)#+uz4^!tiHOo-x)KTJv%J7y2aVYWP
z6_QSz6Fd!9Iz5{_W<~lJ&(W<7y8p^s@z;TM3P5=$^6SHH>(R49gtN>p9Z*$X2TR@5
z*Jg!GVyE5KGiQZRjG6|G*6y}GE?l7o9UW2-HV5A7hFv%~&F(=fc1j{AaM1Q*dxY77
z{@?@*@O<1UAu;|X<wgq_S`}tv6C!6ha+E4U=Bno4Sk}ZUR7BTu0y|u}3;2J%f6wyX
zEAkVHl?#$$lZ{eofP(Nt1yIZgM{kb2UOg_ly8?LEOa^=AQV0`~Q0Sx71rQtKl+?Ou
zv2!|_s+j=}YA6VwUkM}(@Q{<zknSk}AH26qe8!ORAy>pl?o_2$M)gHP%grc1YogT&
zjhO)Hzt*x#=pfriu(EAI)Qc+Z0D@@;o&<HEQ47PuD7&A|db4$@qlui_BSq}-kM`fj
zI9#8db2L%DTF4x{@nzO%xZg*Ob}}AC*BR!5F0Y}ITa%DD!bq*ifDPnEe!}4)t2lsT
z71LuC==a~?DK;L`%vL~|yzZ<y%@E?Vb4Xv87?z+&rkVV8b6?j7EWws+B7h(}@V~*u
zL#sE~0pHn!Rt{V1wYii@=8cK`F8kM-=hcoxo}wH_R#!>mVDD}Ir5#8#$=(O};?fiy
zkcn_zAl+_LYNOTZ*cKn45Dm+2HR<iDlvBwT&AoBXCSaIzJcd?a3RYm^|Jj*wnkdW}
z*M5I44(K=`g*tEjJcaR^HjzS)cYpqJ<E_fG%G>_Ar!ysW_ywp{EUDebV!tMs=6j+}
zXzvPei6)(3+xdBV!u(Q(D=`hH>Y++40+Lty#oZN99!*|VC20T2h;TNVTu5^%ctJq7
z4-NrJu$y&>)9Qw0<&=JLQv^^k;*@-K(|*wV(?yt;nN|A5j1|CLgk6H=uKoA5m8lIY
z;K{*FyKeLH-o*-ZcRo^KL}+|NKFRj=F3OiDF^Qnb6ZN9Vp;_Cnh5QsI*gL)X2uE4e
zpeXSTewsFDu1?8>0rVLHK?QY~6RDm{@WUqZNH4(xm;LLw+`KZTc^ylhH8T|ZRL?d=
zizS>`Q&pY;+Ajs@H+azRXeG6?XRg0cyaD>h;hr4QDeki4FOT}Eti-TW{&5w&@l{Y>
z6V8$}t{oHDpD*bAq{+(U^u67nDSrA#Ec==k-}kUg4dI>I8GDqz4`sUsLR~#lCNC?(
zvc<5=&ex)^V<JKpsf-whQw5;k>rk*{*T%Gd=l&?zS4Hz8oX5VuU&{WLD!|pmcg<vy
zDgY}(N}is!!B2mH$LTvOy`z&-`04<n@WBfv?mXZZv1Y;jO}m1|VwA_A&gXwjgin3h
zZKYU^cgYVy2=JW7#=-83lSJ|+$=hF(T><LH>bO2+bBBYEiXB@a^r-9Vd46O!!^!u_
z*Q<hSPaXT}(U%_^C4WG>^8ZHtf!P#TP=BzG!QIYg!D(L=oOlWZ3~jUER9IoRnPrN;
zC!0y-t}2N|*?ylAPGp5M#p)mxNLsWmtq+i_igm9GFa7|e@+Y0Je{1I>0UetzLQ#rv
zOOwy`V8Qvy$9Exsx9ik}3>=TX@UdSCaE&hp`;W8W92BtNa7qCGwIiM5D<8!bch&4b
zun32eETaivr2{x6hdnXdC1!&3jjw!5${TfoWJUToozSEzE5qo?_JW+dOL^z4$^e|U
zQ^G)>REBxMs<e2H;?9L%l))y#0EunvCO*}glOA#3<95{siHAxC4ELBi!N$aG6?ah+
z*xCquid7NFr|7oV^L3bzye<=~OhFi6JmeY@s4>>{$IVDyGKCjbM3J87?+cI{CWqOe
zy4!@-R0uH)(nDiMuC~i`1gqLYB(|HUDOp_B&i^eT3kvBkAN>P5r|s$#-;+Wg^)M3q
z%Q>gUr6Q>tTgHNbB6p+{y9|%%)AbM3_ow_CY7MV;H3EcBBn8~Fvv+Jvqp2I4bAx~q
zmzx5O@@`%DAyv(*kJt}815RV*p(tNN?c7Zm+81{Wh^m^Mev>8qor_?0o-L$^o0(`2
z4PhcAA^*zXtIY@fN@oG93wI#I$uY|``O0sp#luyTgmO7<i_?*c)22HgeCJ&k{__dQ
zc0)d)B=5kI%btE34j4-BNF&TYfU?OsWbC<^!aGs0{J+jb&J<{IpZ2Z>8!#L6?63hP
zD$Kjut?GdF4t3!(+Bm)1`~_F>GX>}*KBGK#zsWREu^E6QP-Z!YCPLG-`xk(x^Dq2U
z$d3IcW@e2$(q=~9!8XfrHUfhoM#AWuCG}Hn<%;L)#-WxF;0CH3HB}Nj_FNj|`orzP
zWMjv4#B7Qj4=KG{;ALf_8vzxbZGlSxN}&F~&WrV$@}{0(<rGco7^d=<e8|-4i*;m|
z?xufHWG-BPS={#WnRTM8UTP&G#?3iH5>fH8lG>7n=~u7>|E+Q0jnq@!cyWV7+YSvz
z@t^sXAA35*Za;%He`gR?Bn~Bx8npgyoLhG?!Xic^%^>KlKMhC-nUpp<E6GCHwKrnS
z*5QSAk{uc;yf{`NTz)26d26bhI9x^juih^?bsC$!yuW>rdKz1-q`w`>|LLN^J{N4r
zb<MQi4YWrm{|`VbsE92v!JOfrJl_qp29i&FeE0OmCFw!(di^>%jG(HhDV*}^GHzk)
zagewhc!lBq@t<Z@NOt#9{!+Ra>@CfMVkRCSk9H}43X2<$-29H9So-9Oc@X_Uu~mZ2
zz~&z%xf}Jtfw)LYN1&F<OKvWK-e8`(c+8UnV6?7afy&-j^N*f@{F;%!5^NG6{t51>
z;5%1p!V<GJ*OCxmHWEhm6cQbj=@zkMCgn?L=G&$mvGGSiZaoWFmjy&Zg$!!qqgVKG
zJWB1PIA#_4I<kPs&-Ho<wl;fG7VY6+vT23BB?I918J@M(Z}HKNA3_>fFy0NP7+Q9s
zy=r{tDOq|1#XW6H3qcyCBwuBYy9HmF0T04SXQTu_tOJ)2^N}0MdVr-IkYJVQQWdaC
zKc&xM@q_+=2Dy`ofyH#rB5f$flt5J*vT9BhAv%8(Wi=6deX`5sePKh$>w26+0r7Yc
zfRQf4K^$>X<wR^&pbe+J!l4{VA%0C+9X|PMZt$`9CkSv(-<xBRb{bBn-S0ZaP4`F2
z=Nn3(yH5AJnVIF!*G?Cd)xbvIs^k;rzl3%L{@=`S3f)bTc9WeNzn&$(11Qtu1Yz;|
zTP1nW|LK~3CmTNDYo4s%P@gt2F66ExPs&2pmq|cvRiOGRIkt=M%}`evi!6LXaU6(w
zvO(*?`Ic0O&`Pf{S0k-N=G$M{J(W8Z3P_v)RAgc8o_%!~G8K~&2+CFd^4aw_(EN)p
z`Mm=9yI6r6+I3q%Er|#(T+La)9ajuKmS+pd{0+QFD0{{(+;mStPTi3?tx4CJZR-Wj
z=UsfAu@wyD^>w)GC%K^sZ?sm64bkTYvX^Dde_Q4T)|g|vQWSS=$v>8b(t4!XxOFVW
za>MB5J@U&LObo0Du?yX4lf7YT)j+)0@(2I}bmzSTh>||W`|DFRkgb<&;`-z+9Z!V5
z7CsX{!bT!ftVZNwU8x5ESIY!gSbesr#SEXw%<m%=;GdC_XSbOf(*rD8G~aLzkTvyA
z2wxA?P;SoUUXJ03#Me5~dZ^h9;)#@c&&%vRq;2EL>`qran}8^7%ue!S(I33e&KZg2
zUWwS4Ek($qe)bZEce_3@4Fhvnf(>K7VvcdPI(BWASB}1*s{NZ+Id>^gKT-L&=4BlH
zs~Mx>2^VXTSk~j+MO6W!&wMUvy#Bv8HEar;u3({yoXweWKNNJ*&BwhDVd87+XtOSJ
z<CHI%S<=OGPQA-Q9`t64sL_|GeTBLoiz1Rew`i(LPKALi%&mF~xK10`d@-B!5&W(|
zoxZcgPa{={J%X;lj%cJ#asyi|k{20`k0gGwp#)HQ-u$AihzrRO0bT%GpB%QJy0?-a
zBlIwE%e@s%nuewAOyqrvkJbSZDI&n6!_$zS4G|#G6tX>&gdPX#?OHdd1neU9vL7e`
z>IWHsh>+G5aTp%o91vH<bnZw9_DlSmtQl&|PY0T&3Y0MLv70e~SucE$vpFw>>T<4;
zfxs{jptTx2WZ6{Q5#o7?!)ICppGj$7<(Re2<Wl#pevq750klPbxd%KQEw}ogsE)z4
zAWAZO@U&o$gcZ#Y=v%xp78;rYI)0B7A`w)!FO_fD*pyV!(D${`%HAbUD9d0e+OG1p
z^7;!3cAq?c93MDOu(3YL;jtOZao_nnrZRoP&k{&SaZ^ZX<}Ql5*;!I4Cj_k#r>zo~
z4t$LW2{{74IUU*pVZ=2s|J_Z!0AUz-)9~#}Mc&dNLd*^wLu9u-H4JQo>L=T$voq;n
zH(vnjlel!SDmF0~%$s4$3ooSScN{#I@^<Kw8DA)N|1HUcA{wsK>>_Fe?n=iI*CtBf
zS1xm7QGz6q;Vx+b5A!11jJEeA75cegUJ<Mw&njLs7aP>g(UJSb4X}M1p%Au#jZ@>i
z84%Y{FuJSIL9EcJ4Mf3^y`quWwJtBVZXhOo*!-jz(xc(>?3KmYzQKeq1ZTtxg}hy>
znmSln$ZhDN6%N76rvYF*CGQ^-fOrYoLVB22xCyj?E)c|gy3|}M4SZ9P!8R(ulHt2R
z6r3nZXAQ3j%Ql%6HDWLd?iz)>%N4q_$CfW4J=fX21&=xJgi=_<$K!QQtOlusZk&k3
zRumbQlwOIYsnVsWLGp^VA%${D*c5-fP&fo)y4I%|5Xy>ZM}J#B;!w;SLqd8E7!VPP
zbg(9iGlHhYi!*8^XC+1gL^8Tyc@mf-$(N$V@SUR+&-%9IYov|h=GcE%t{#=)JWm3<
zCtIzZ&LzdL&jT>L!$A}ROawE`!(D|_eur2$%hqcXoU&-R%*o)7Oayhhf?~9=l7<iV
z?MUm0-=v|VRj*{;MN@QS5y|P-VBp^Kz`L@(;gJ=ALfR8#_VVe%UHmZ3*c5g#4Nh<<
zDy&|S3k5W-kPDS$>Z~QSb(0IdwYfvXHF3T{-p5wJZpU-j2wljhoTa6hVyinKu1onf
z>c<p)2H2b<U?pWAha$`QRN|R`QV^C=vpyKo^Vd@%MAo!}112<ik8BD!RQ>VF4w1#!
zkC^$6H}ef7=^-8l6P9brJ1_=mw}6T-42Tgi#y$yct?#60t4sA-7m1*b`!aKLa%iuf
zjKO&obOlJSD=3*v#aq-ydnMiqY4K*{iW>y6eD`8hIc7tRe$xt(I8mB7u6TatFX#d)
zhY8-WoOi5jd$}ZLhqge1PS{W}J?O>u*g8RTrh(fvg*U-p>;z>to#_gE3dz@-op*>)
z$e(6|H>4W~I4U#BO)h=~n-AoZr36zjUwP8ApU6XpwuGviMa@*bLp3-CqBzAtPJVbP
zcfx97f2Et|KNU2Lxti;%BVzO5UW3AFUCkHa1aCf6OT;z3WcehU@k~vY^2S-Hx{=t-
z>dk+BG22<_%+3X|wu0uli^J@ENlS4o3wquTCph>)u7({LclzLtc6orqY=1%TbB90G
zMy}?#ub%NczrcQ8O)Ma!>I6NMEa&L$!!X+HFj~D)1Hn)!JOTh(=daC$lG}*>KGK%i
z)CJq$J2EqM$djCsNgt&h_2z}ZD}j)qt8uR{e;ppiPaT=f`z=L(ix^sxyo?W<?x87V
zc<HKT9iHNIh=DVdS=}`#4JY^nI`00Wecs3r{$95%HSJCKJT0SuGWG#7wJKvRPY<of
z5v#}11lwI!>D4=I?oVKC;qX2$Z23PP!-R((9ujI;GE>o#n6n9D83{re<Oj2_9p>ES
zetu`yp9y>)>41unrK{ibs~f(av;HHMzfCfu3a%@!J9D~eikRs}yZkgnh6yBiT5rmw
zxJG%?j}ctM(0f_hn|>~`-hYT{GKVMg3ooQ{A5UhJ*61@;*W0@pJcPR}cH>|*Rc#g3
z`S#5to^GyFC}OP;9wLh#<|_+!kHEyt4u=R}6H=^_Dcv}fr1YN<^{)oHzIo|7n%49N
zhu(;U305lzdU63Rskcj)oQHRbZ{f(q3x3;`FjKsPzd0tPJy2gnPF(WkoFZU@6Lwg8
zb#EpjXe&yNLJPek2)@50#tszEsj_Y|-MfJyey@iXLg+!);mYBh1|n|1iLVuC?Hi9m
zX`L9PDOpKd?72OriT5_~W(AW959q<u@|fXC3J{0_X7~z)A_=z!SDhDw8SB7NP9~P6
zNn$=tziZ$v)3;th41S-PZPcLyBh%4rxcVvs3-uOip$q<!3qFZU=~Dt$nO{uR4F|r5
zlF^gSV9mTc(0?Nc@?JT$5uCb`_CCgu%rrGepa3ixRl@k>BvafdH^sBzgdlf`DcOE(
z1S<=PSd>au7~GPr<TroPpKmuWea>qHFA7J$!3_TM6%_Kd$<W_a(!unY1=0HT?MDXA
zV(prI{$NU;VZLaXd5Y!Qw8Kn&{L7JAAk|-dY@t=!HOg+OLvN7k3N6>lh>(NnwkZ7N
zD(#{^0Fn;){c^MxC~%BtgY(xnqUzHoowI{H0hOCkTc+!b)Z}k?_*ZbzDum^!wa4$x
zVgD$d4US5SHAetdbS==Q8+on~TSVk<%RK(mj_LN)|IU?l+>p-?Gv`~s{!fi35RS(e
zUU^KlFi!T4N;Z<39{vy|cbn`WH%{i`Ta5Sbf*bzB;@h8J-_;BUvFd_~p;`PEAd^^p
zCHDaA^*xe8K6DF^FR&$p&$PYo6TANEdKw7{MU!%lDAbO<5TVD@h~iDAyvLPR@aR)M
zAz+G69fyIZaf@=g%^@6Ka}nFi;jQ+PRGDPtOd#OJf9YO=X(OtWi~SIRe@ginQthtr
zmd#(W@eDjJgB^Bv2u^%zao)HI_ngT1{&@OWO6CoE@D69FRKG%gEPa5OTCalt0KQi|
zeY4%&tf5<(CF_Xy<i({cymS*@7dk+IIzUkOx-p<=dzq)bhb)}_<tWFb?sX)`<mUl`
zgLr25;W}-_MqQ>=j1>xX9}BS%SG4}LeV2ZM4hr?1wEf{t@UCx|=w37dXqzb^(^|+S
zv7g?3*kgh!(Rxob<a7k>jOsjkn)5i3qrS=#)vOyW)PJy?&hYz*UUJhj(((cnb(ao?
z%R)Rm!bFzi79>BfDbd^3x`^8i*ZCQ1Bow_{<(PE(11kUXwxT!CSR<(jv}!b1Y6sU9
znm#@3+fsUQec>Qs_`UQ)y-TJ*rCNhirq}T}`qNm0BRz3nQuq7XrrKLkV$+8xKW<{Z
z6#0xy`R|=&PStG6I$8q0RRY$PmqXc$-xrDQ_6CBJ1m@grJC_A+RT+esF&8gJ-pVva
zEm=!6EPkIR0GBdhE`Hm3cTi*5s5&HJmhG(0u$05%l<as=m)a)9dJlJs&UnirtT^{Q
zEg3Y*3|_n#LXPms-<&WTd=eNNM+E{K)aSlmD8hx4dmR_KqN<!B(ywzZ@}2tW=EZut
zeGPxAELmhT-uXk;;}sE*)EpI1-bnkSg=@I%>>wOIh@c1*%B(W4;ZlI)H(ClRxEvGj
z*bZ1Cu8@0-GgX?n^fUhd<g>nFYJz@i!i5j`!X})ft>QGC4fl5!!_+BjM}GIR!oiyG
zU>$YZ0Fkf)oF?O66vDgZxu%l6h4yj$-pv_II5Yi}uZZ>$uMnB62s-^#5C1U3Z}OU8
z&teFPf~np&?_vm(8X?jCl@{Xi2ZF9XPu^BQRqtB^(SCirYRttTikZNU8vRHP(}+B?
zvZNc;BGYN19XxOnbX@m^=tp*#NLH!Wa!8gJwBRaV4W>$5;;&z#S>W@&F<Z@+KewR$
z@@>pTsGM}#&l`hpu9IMk?^rQ>zrHXiCw36oO?x1e)I0;!&WQFM8<y#sUz;>iO87G@
zlAlGgyhGa(uTWC+H@bYkBu;BEBaNSMlBqVwZ_HWaXOfEIOGdobfv27<O9$!{$c0(8
zfDoUo@svjJq<wlw;di{C*dCI^8)aTlyN%wDV{ySPS7`^~8Dg1fxrp8>qg-hrZdq*Q
zZAS;aSBq5vH=Jhst!US=e`V;$r2mwCsL*=Ff+1VC8S$3q-(4#_<^)nFFNis)trAwk
zI<H3Y{#A-(nRKAwV${wFK3O}nPiCNY5KHeOON0#HIVkZOG`ULOwCVDyrPM>QA(?&v
zBZ6P^LA0#PAgyf5J_>r&*CX@ru}$ITNF3E@TJG<H7;%Qb-nX0Z^51PgzU#`NA9oA3
z@2X?~A5$13G&{ahLVi+;vt!@&T!XHKg)NMq<LkfK?n7h4uNh4Uts!4*l<H4At&N*U
z$kV`=9(VemB1*#waVf1K3!|?NPVZC@1(|65i)05?K1{TM-|KhA8qkuCh8^@ub|odT
z!bByLVb0&7LY?|(*X+`?&P0V*?9~VU)<lJi?9JF5RlOh9Vp=Uru4c!-_?Oz?OJp;)
zUjO=YSKsE3UzpcK9~vcF3&OAlGdYjaZM|cnvnEg)+c{*PAJwS^tJ);z1h+8q>DTZT
zXqC)dM{chRWBu0I<jo0lE6npu3cHwx3)iA!ky{hYj1sZuWT@UG*TUp$)-q&$wyX*(
z!s;td?7zsAc<o0f$R`WK<=wZww1uEgb)}yu73MW`f*S5dX)ki==dySrxa{Ig4`YPk
z)9$^e4`LB8+qj3HoQL7PlqGD?4`6M{dpSMSYa>Ltu=y2#J5%nCz_c~EW*1U1#%LQN
z7(JhA15M}@!rRj-zy@hAE1-vw?Zb!mLuC|R`>47uu(Tzs`S9izOgFuc#flV3IC`6<
z*`4y$JZrp-^HMd99V|)t(^G<t;lW8{J=;TK^plHk@vWgkAK!^f{!V+DU7p{tch>U&
zX5{mxa)owDnyZ$|`RX6=z~naH^AaY1qibRv=JZoyz_L2?R`IYe?55>1m)d2Hb!u`i
zgXCz>7hd9PUbi?(Uzf=&?>`}ia5(?Zy=6OKRAysh4lOQiob|R}-;6uSh+{E^xu1h<
z7}2i-LM2R~CF1!|_l}9;ymPSe&hUQ6GUVCIWXVakK5*czpk%iCjYo&psj-fr_bqDu
z%S$Z@P7)EW{3@3YQx+SE^>E9QEmWC3)NW`DI=ml?LH3?~>AvD#B@egI;AAtjP#6nT
zOZ2YUq%L@a4_(Q;#HQTRd>Iwdh=oS*k)7tDL5l0l7G=E~m8#cX=9rKeGW4dd?bzCZ
z>0(#!KI|vqM?zj&JKDlW8EyhgQ5*%nMU@+8+Vz+)v{|Y}70~0fKhNI39J;evsu;_<
z3aNeSpK7TL%A9m)><|V(ja4h(vi!dzIXHd{XkqOyBH2X-A5&z;4Rbu=CoyAKtQ@?O
zAxuMu1%I#Ry={BOL;$z6VWP20*|vdu-~GW!;=Fbdicyqqdwfq&Ew1!OW3iPdCg`)^
zqM9Ku0!CRM!U(D=Uc+qL34Hi+eRe<F9<Sg}{p{>7rY=^2mCpA~Vduqt5J4;aesT5p
zDDL|3)Lq!>@8+#VFmCa~hgV|(IQC_(SlvfMX9)hMb|F9Bn4)xtPyWp;MuiRH&VGwQ
zQ1;J|!kqp|3D~R?tdj_<adoZyy_wKa&!WVM5LS19MHk;`;J}Y(K}1LjxlVy!kIngc
zWBVuNXZ?o=jZI<#c@Cyk-7MBLb;o^;wo1NuP9_Q?_78SCdNPq8=swsPq^_O^$0>u3
z(j#@VWYh3~Z)lO9Og=@;=3ujV$eGf4F(ceb8MF{f{%rEWPQo?Wy@e51zorKKNoJ`1
zxmb^Wmz{P=k8bAIx-ytnxsOagR5*qv!C|XH8O(}o-sTp;1=GnY`8u1<Iy?S|r4*T$
zlbm&W-d21YC&U@rXD1v;hjbVs@k>@e_L^cR97&}I$2DBNNY_a!_ja{MKB#3h<rIYH
z=)Mm`r!_|}G`{d9gvCh|Z_GKdMw<n2`S;i8r}MGYj{VqsK%qSbP!XSZ`#$GHU%UiA
zN-~t>=W14)GMY^&g|-~$M7NZJrgibBoOZPW+M>DQb#Zewe{U1W6sv;{Om?;4fl4>2
zx}15MXXiHXcw|0;_t+1i&aBfx`_P}3KW>l^<-Ipxd#SW&WfT0T+vtL{L5;*a{=$`6
zw0eWIXuv97$3u9*%(%wcMk8Ec6*AN?rh!k8Uqp9X;glWWr*Ng2R(3JnrdK}*CS8&*
zvi@Pa|DNj!9)4<5qctfu+d&_Q`>cBFQntgb_CCk8IHPHdCc{tRXC%A6$c%uRvA2xS
z496-yPiOM_cgKTxvz!rLSNrnLu*Rk*%JmCxgyAnQ6x)59bE4WA{O@J-O&{v237;Cb
zQR{b)iE5jB3fO5W-d$@JT*PUnD-Si!;B%G}+=k2^4|>(S+Rmo-u@YY|x<qsO)6R_E
z-sDiEBvgOwdLXNK^oXQ;o{b6GSx#QzU0$6Tzrlgyl7kG6+RWR&oI!l&j1NJrtrDAo
zECMBcib%yjAfgus?Ru{DDjmsn;7=6p^n{tRYVm0$1#03*Q?>(*iIIAo4INsC+E{$*
zNP%`b(mae5&MaRBngy;`q`qN9AG*{#x=}2o@g)Z}lUr_Si|AJHYWVcD>8XclUWGYr
z$;)JZrrWTuO`Nc&4>@a)@8x%-Ur+rk-`iKc+~JU0-dAlk;3uC8ab24K44)*IqbPQv
z6A}cM@eAVrbfK&Ah`P*Fg>R`ch|>FFcL~JtOX~PPYZcai&2m^C_(i@Hdugd$b1#U0
z<qWZ`6~wPlt})97(`Nh5aSk@DsMywJZk3~KyA@Tu<wYOboGaMl-Ixhh%?7VJGo8=8
zPzOqn(wxr(Q<1_eNYVPuVhsU1Hh9)&Ofhc3wWM$YQaTI{uuoai<4o|6;y#1#)=Y(d
zOeP}J!<SV5p7!_Y8i94hlA`ja*Zbx!IPZq)m&suN@{SUSgt^n=(W&yU+WDpKg(@e?
zQ6zl&Y7nbrKo`Y}U9U2mzogs@#ysG`Omk%N6GQCCE7=;l<SKSe_SaWdkf4ziKLZ3J
zqaS0_xoo$jcXrEP=IaT1N6;$4UC^6T)yF)pTYuC|F5sV&4(76_6{VN&Mm5Tl_)(jy
z7dCmr8kR5X$SSwlSzHZjYw0F+e6b22h(fRIxv%K|>kPaq-8;4BqYrs<Drsf>kUqQ3
z@#xG2Z>;rsj(|18ZU5O3lN`dY$<`*k@ij9efO97Y>rLZxw-_UjVALW@Bk1_Y-qsyf
zLy(;zQsx?hG7X!Kfh-%w=Q;>Y!>|@5K3sB{6Li(fC;WpJ^VeqcI;cvOgrg!)o5s9>
zsU~~&-&dyj9IL|{ByB2Ha%_4euS!Q6To@mkQb&**ddY6e&S$!r#&b%)7VHDwwel;=
z`2~k!?DFwF(kh3Eya^1=WN5a@?beV9fe`FQi!(pSMNxzDsNtO@`licP`iPx3caKs&
zR~Vr)ZC%W@B0WBXrh75p3e6ac-;0m&-{efBZ%g8(!EOZ4qnY%v*P_!5#SkG5ea#Z-
zU7g4RxM6_tOBAZ^SyYu5;h$$<4>?Ee^&&3&XcESU=yH*h@oa=X*+bWUKaAe?i^vP`
z-rCuMu|qIZnuN+-)7FZ6<I$d}oBhXLx7hN36MxLBZ`<uM-khqeh1az{ytBRjnsDVY
zELw?Er+9x64`2Pr&?HfR`y5}xSJ}I4a~{p!Ct1&s(G%qrqX`(t`r_1ppSQvksRYGw
zl@|DN-hglILT`(It8Nhe(Y|_7@?A(0S#ezYt2ih6zw=BoIXPmlh470^SMiF+y<|>~
z&_)wYjAopC)1v96F<Xo$3Mxi4xLrlf5MF0Ym)8M@B1r+OtyG(05o5y?6JCho#qyKl
ze?>lOH>h$0z7)i06Cp?NK#GzXU41sZGO0%qWw|jg#OEWK(Bg9rdZIEZR%)9o)(2*p
zU+QQaMFmZ>B1P)asfb{#l}&Azm8(3@46kmlwu8X49vPR-KZI{1n-{Li!h9O~!ujqh
zyfd@?rJF`cuZoThtNT|r2qktuH6=ME)W0DL^N1BpLMI4_V|1tNI2_flYqc$Uzr{c{
z|DmTU=3j5^h8mN*xc9j7ZA?txnGy5Y+O4}uUgJE?Gi%&#V{g=!1Z?@d4QBO*P{B2v
zwdiFaYf#Ebm`eMFq_U!aYZvn)G;-miiaj;4I4Js!<z)GGI=enNa;LickTXWkDLo$)
zB^f1ml#>rSd1RQW#t5SOd#hLmd-TG~5e2OWyeA(cu9Y{J`J#hAK-lVEmYLz>j8Qm?
zo0xIqhha8~lvQk<yC?(RcyY&gQBk3k@HR@ces0pJD0@+`wpVoT+dpbD2({3L>#<Ho
zCXMIHs3`ihjJO+4GXLJRQhzxHrv77w*cDa?LH=KcfI3YErZ~M)H4`)*ZdYX5-AOJT
zci|BoOKWUzZ>ne?Gm}OP1CxX#?l&ys49i@)Gru_C<^84<f>Y+)7|rv<b?ul_=8BW&
zP13x9sqs_K0J9^>{Z9Ce?Uzkwne*k1?BJtTaJE;nZ=%ZIz~SUDmX#PwgA-c5dHNR;
zi?TPcmzkmw48hSJxLkHQHuKum?vYoJhpXsZ_L^LB1({bCyA!3leZ;itM~qYRuRB1#
zUT@Yj+tK>7N%O;0mX$NwW^cAa281AqjaqxwL{wX4i^?}M!CVq5c9!)H9-VuHJn4+&
zACDLxXy;*n=}q%*xEQUe3)w!JUNqI~zAcP)4I6%N_%iV09%OtS6<Jl!m^stOweXY`
z30j?3@X4kZJkCv2^(@^w@jn@fxCgzy0!w(G(Em*d_^_zZR5O0y{ZmfhGU&Iz&DaNm
z$N#bP)lqTv&fmE1v$z&1#ogVt#ogWA-F+!mC|=y%in}{3?(XhV9NzuD=l9ReWHKi?
zH#f;mW-{{ut}4>}HQcuC$eDKP?s;4f5X*U|xXe1Sec=D~=sVUj-NZf6$v*dpMdgZJ
zLIu0_h}CpE#+(=&@rwNXI@;kWW#W`iIsEl1%i1Ss`Woub<79_-(De{B%$|IVujL}~
zS3lRF313SCEE>9~?63{=$4Nb5kru!I@ydxP)cAfJcCup*7$--q^J4|ZPoLzb?eqgN
zK}6W>Z=AAge!&L-L$~<aZ3z1hB60>=g8S7((d(zj)x=3?SfYik>%cE9j$co|mgk-G
zP#u0^xRQM10Y+j}c>h#-kH`O89f3p}f#k&8ebqTM^xj;0|D(R^`gw#9Z0yI-7vcSK
z@RQkZlUKs)F8--+xV&(UKJg0n3lO7AP{N2P_$GV`EFM-7F@ProMuS8dz%_h|;giGn
z*7DoA(+qwHN2Aua%;n<Ll>nWgVRZ>He4}1b5LYN={HGQ`B_JT@^nHsNb20m`()Wlz
zhEIA)r5PV`R!{XJ{#`v|(-A95-Oubhu{p>(+wUf9o<n#-OAIJ=YKxDkIW+-Pe$Vwt
zj*dD>X0+?v9fB|HJ4hu_uY-njw*kQys5yMn8N@%(*qU$3)7_9(&^Tz`x%tuE!kiv0
zLvCLz5c%H4yk79SwztlEguBsy-HqLYffKwkX>LimOzY<&v8G`v!$_yY8N^n8nMy}I
zz1kLuuv;i%C@wbF$DF^D+iOJ28b^a6U^23CSoohs)`{}K(!0qRO@2EUqy3sNp>E9i
zd3j*R-Itx%Eu_=C45F6jFFT3`1a+gq)51vH0o0|YT)fwVIbq>}nDYb~L{Cr5efix;
zr}^^0d0x?<yrN2)_AW-f$bEJO&yc2r1F=xN%*Uw^WpXHZ6fx)hGl;A_qLdD>^UfVJ
zh<@^Rjt1`;104fif|GL8>u!^UsZ!p~ij!Bj#V>&#Bj+-V@MD`2jeCrFYG6gIU4`hp
zCK|1xZ$}6@Jn~O>9HQ+sI@pA#rLrB0jX38WlrCh%@YY(C^mwzh%Dz`AS`piTof&Hw
zy(;+4!`7Z5T{czosqo4s7cw*nU3R?L_H>Yh=s<YVDoRqJgkt#GKQr+I_OK{Ri8@iP
ze_E7a>Xqqdh+Uk3d}Z3N9@e@Mr?Ryq&pH}hT+O4n1to<j`(N}g^<04rd`vGz_A9X8
z5n$(m-E1@JJP?A#{2Au}b(Kvix1F599i;M!uJ?%!QBLWl`<;^Z-2{$w#A;w(_Y)}e
z@Fuyp*mlP@4fBdExteWCwO<n%FY?0d*~hL~xlUm?WRc%-tt!GXc^4c!dJfn(IBSQc
zYeVE-b#RSEQl7-rLU<q>HLg`kPl<S5>Sz{v*_K>)?J&psFw~cUglcA(laP;*Z*M7-
zdei+3eeVnj%`??FEa46XRZiLH{@MHX4FzJv;hkzn&TbFCAoT!`kS}<GoWESiZ2kN6
z_;N9pKVsiJ0~Auk_u9<#Q$M@S!+J}>1AqEzuA6pl3m9K|hn$62{k6kpd8kensCX1X
zX}iwWH}yBy+qW*&HTapS9PAwBY+K<n6<}MDXB#nz^)HKB6;%)qX%#-t_JRprNB=7e
z&|Yunbct;(dcoKvd8z4Fy9j>2XuAb$j=|T;q}(CNk`gBLk2aA*$aQySOflvJZ_l%!
z=rBA8v2hZL&MR&fX}6R$3C3B<3UK><-7Dz;Cl)^P8Vl1k$><Vi+wkP=Sgqk@TGO8X
zG&mB(jgGS?KHE!4tbx$s^ly!Y@^@cS2k)56U>swo<EZ2;^$h1*c5Qk)GiE>=jo#n6
z(~Vl54EiC;zR>7(oL4Owa$yq@DJ?O>QQCW1w?9V|`rkNO1~$sj_O;IHr*&|_<V3gO
z5*N3EziYmDN3z6-ABEvIPH)6CTf1Y^@MA7$c<1vQ8h-P0mUb&KFExv5u5WWa!6b_=
z5X8~}s4AO7rn}~M(NV~O`xy+BFr<>u$EB@gqoi!FGxH9vj?BIn*nwZwr)p?rP}Q2D
zq$IC1Tgh^W%+|-W+BWa2AS%_k00Zx93PfTz&U-q>!&XuybLh0yp08wV@>fb=Q;~g{
zuo~tQ2JexpVfz{t0#JW~@jT(P3DB0Vb|Wme5E5<&+tZN9JAEt!)=NS<qK*>8IqNz>
z*3X|F2Avh{Rz7CHT1LatciE_mqz*i+*ve7N62)H@N~L&pxmqJ#iXnhIu|;|sVBH+n
z*E#!m@u=`jBZvh!nBo0zP^Owu7Vvl#`w(YN6aJH~c#o?OFPgGrfTE)>qL!<qu)s;C
z9DUxGYTm{2cM^7-)~l|nLQ47%cQ<N;=G2)AkMLYQj2YWA`mjSyi5|Wk6ypgTjIj@=
z@Y-h-vdr%_I|4SGDk_+bQEt_x5J<2jwQF@4eH_{{ylTuBLmXP#id$b2mOVP-RrTKq
zFE4b)V0D<iw3wv%EluP=h#c)OCrmX)Ls5v?4Q-k7=Tg$V&bXkrEE~je&tVA`gK<Eg
ze7=h+KRkO0X`_0yf0Pm9>0A6v-<xgNz3n%hkrt_CC$K=KUc;ljbSzy$f{qT<fFz2r
zeHQh7eQ^fA0I5FtdYjbY=9J_T@|6Mgn#P<AH_{BZM1n-Va#ezV#Yt|&H|g8;|HN{>
zxKvn2EpU|lHnHQ>2V1+kK%AhcHqmwEwYfyWhxAEOQLPJZ77z#ECjW}Efddg8)4^pM
z!n+?GAFuowP6E0eAGSH-R@vf49e-|KuA+(hPKm@$@Zh6n<2Z7@4D4jn1=QQ~$~V)H
z>|lTY@1Dhgr74qSii~IyLsvn#zKvi>g0(5rK+S!vsd|hX`8W4qQ?;ifCe<bd%jRNx
z)!B=D-*bl8@)`L7k=_-(9pUlw-fwh|H%74%T^HR{h^;~9-&s|K5H4?|aWe$SH8OKx
zRyS<0SwdkqLN|<&DC>9fy5mi4tY`T^&-MjyV?xHDLz2f=mV)5RI@Q1iuJ-7AN(zy+
z$+(O{r+k`|E)-F>JddBQ86{;9C`BGzX$E_2@vC~BSZtq|3}a=|Jo%irjXo}1Vs(?O
zp^Mzrt*$IbozA86!PXNA_7cf@qFp@A_xlgiIpRJLzs9f2Fv)*mSMhR$M}Nlt96n8M
zl4Yhm33wt`x5F4-w1=g8nmgPkP;MB@gV)Wv&OIO7!yG(E&-*B&Z)6AW*S_+;Fd5J5
zi@Gf6_sK}RT<P~+wrk)y=;AxPdKlmGEGlE@w*;g*sqdnWQ-<xM_{qB<$GVuOV<^|5
z(r2Vw4>7lf=w$&q(qxZQ>1Sg|_c1r8aIA-fU6H#Fqc{o%wg*;=n>b8I1jQnKzk$=d
z;-*hXf^Vp#(w$!f`}QF$d>W;BY(avvX)wp$Ki{ybM~U>m+azRH*+1B2&?D685-b=}
zzyF-T(rC9Q$#c)HUB#53hheDtXX_mX?cHZHHA+4)c2`VrCBgea32tGEyRKRxT-BRt
zIDS|}tORE6m?Y|we~yvArBF9Xfex`??w)VcqQT3Ae-w{1nVY1l$Ep1inQ^-iD}{)!
zaYn#P0w?7TZFLpTVdKwYG`;X)K`><4|KGHSQsfGqXBvz?_60s{3AM87H_o`Uc~a50
zCEY*+ktfICTGH<*NQkINI<PYxPiIvb-Vv>TOwJb!OrAPlgFgL3&bmf2bRc#e^IQMi
zet)ryS3lxqxqbPPP3o9-=G)?>D=elhJny-3G$b6-pB>ial6*yf{%~)c&VwmO?$D6@
zNk^t|7<)@N>lsCbd_=T9g0??c$96KfFYNOS)+Q!0Qs&@J6VZ?YW#->2N4<xB@x76e
z?URYF;i*rUfIBu<^S{a-_}>+eq9I43NwV3ON=m0hoiC6)$FpRrW?>)Da5=X9SSD}P
z<QL`h{j0flSa#vtbXI82hrZlv*T$<f#I4=vPIJdj%yS)I3#s>+W-fSrIE+3Hc`RKH
z@i4^r8-7xZ9AY{h;4eyO8~<FeFg9qT!-Zik7!?Ro1tJ`AXApaphn`!lYr&80dg1Cs
zE5?F>9o1|NssxZt+leu`t%q5Mk4Zf&B_~KJR<yHWCAf=F+|;18eI>Zt4OGAvdOG6t
zwRdoOU@$jj#3?r}Bd;n$lrdwchX$=59W9hFaYuwe7!=(x`?WuqU_dDYf1Zl~IFD-P
zguqrxO912mSkRD8<o*LYedP_yGeHXFW9bi8Fa{j-;m<d-6M0c(=4tSVuRtURCMKP}
zGR>TuPV52@tKD&v<JgGOk|^jZ*opAhHYz2OC*5)n;NTJU+gj6zXG9e&wCgl_*036$
znKtw$7HJ02RimJ*w;eVGj?tJl0N}X`?`Z-J5;uSDErH`wAREJvj9ihGtnIQ($eDgR
zNd+KXl=cTPIaW|(lpF2Ef)<34$tdyPxSP=h9Q>K|_c?AhFa{^4>gV5kBdv6p11+&1
za3>ZBr*kR*Sy@(g?uA?qaq#TKL})cL_!_=uy#u;|v0tef0K112BT!nx(7(q9DU^W;
z_?cmKD4O{0rc2^xq78C3|MLg&{Vzj*ah=`+Rg{3$^AFI-4~s)lG*mtJ11gO;heOev
zShHh-(FuX$z8|3H-xF?#|2z1cdr!v+^bwm$u-WY*wea)cj9z<Euy6Dl%eHkP74j<;
z;3v^ow1wIz1Jv`=CPK4Ml;lV_Sfj``txWetncZpA5j!ttATPe74Cv<x`i=PC`AgtP
zD6X|04O$yTl=1K0$dOP4HwHV(?wdI<qzjb+f0O~$3B;Y=(<=dO$%s`eH-V#}K-u5y
z<)0GlXs2Ww+-T`|gH92s$+pIwE&%6)u<HNlhgn*PVE3js1xg1_S^ka*9G|)Xa-65D
zS9+!n@PR*+$k9$CEvEA!ePE9Vo(|D0Hix|{AUKp@XGh~>lbl4?t~(M<eLAxsaSP<=
z-?VaovncYq%l-214*7;EH+L9!)R1m8k77i7afdw8H}4GZa+lh1M?;6kc0~B_MsMJj
ztT3w|EI9fftSs6VeTb{VXCyLgtCX|zY`hWdb(g3QMEP~FU3kK`upk{gen60Y6mPAc
zlZ1F-I}?*#DDq4%+CJ*do*#Y-80WoTt(MHHnE6XUe2~u&4!b3%^vXK(_xu*nonl!`
zovNYVEF)<U%}dY5L&s+2+K%_AbG`;Z)KSoI3PJX)Z7onU(5_qW?Ss28rCJx2lLVFH
zv{KzSwT6nzwS*>nc-GFlAks&*gjNwVda`H--v)$~I0tPIQ>dH$D5Y5swmbhT({*Vi
zAqnE9BfRVx+~_rf=MQn`pls)FG5JsalNKdu3RA2c0oAj%{9FHSR3Gtt#eh<0f)nDF
zx`~#)wA{>MGQlq0oi~?c3#=v%C?YwWKOXK4U2wq-aSDEQqc@BWU|NpkS=)%x526Fa
zG;^+tww43T%TYYhXUnc_{}xb&@p~21i9eS25l_^N#T%%%z#{L~%6NEQyCd%axzx><
zmDF28yDQk<)c;phj3fGWBUmMN$60*`SgvMTss?sJoXLuEM!Z?T=Tom=?~O584<?_!
z1cKB}@m1v8LL2oz&@PSaQv+QQqsv(tN-bOwrL$1lLrG!6`Il8<ja@krG~*NuJZryA
zp8*j(UkulKf1B|Zs1&DPe*M<+lYgXY$f+XT3DMmY-)0y|{|jb63kxXN*{X&=UW=GY
z;{+%aZT!R`)e<Vs3V5X`-2v(?5X_(U5jT`gUc0&P0B0-MC(4=DdvDAj8~@Qupb#qN
zrIDjMXk(!jqb23s9kD$G@_htu?oPfMdP24HBh|KtGJkFmXEK}uK{`G;Lz1^!a7*pI
zvo;!*Ejs!wp}(`tt`-#<TSL<b0m-&3R^PLafficWlTIjxNS@aw|A7LCTn?}{dJ%EK
zJ=Q2mHJBV>5WeVtphsReALmOW6(Ohc#QEG5A}?LP>mrp7(`N{x6JXeeg@*nvc!iT-
zXu(Vg_Yn5NmX)J?u!kom{WqFk`Jhudt|8|Etf?(KpaQJ)PfJMY-<6-p(Z8qs!4ih#
zc=AAdqvaYhk2O8A6f!=IWs4QPMwzZxa=rn!hUf#VsoW&nQI(X+#NHY-fGvhi2?tM#
zac*If?MmS~wNg6XILlHlw!0AN$e&^(+c4mRj8H9aim^XKs1Gw~3(mMxsAeX-NC6M1
z%^6^$1kJ+v%h-e{^g|QpzsmYT8d(iO1>ym&uv4XK^_g1EUpucn2w0^_3k_<@xl)=G
z)56XGOF(Ws9U+~2%5Ey<_^VB5$awgP5}oGEc6op9!fz4QtRf0iKiZSfK2=I3Fdtxn
zS81UXCO6WG4ox{7qgcF33+leIKVC0FG?pH!X~B4T#5mKv!Ya+qc`2|BrszC3*HPwF
zX;oupx`nA<)t%rTr^%ySJ>j!~De6eT^7xF7uz1NlO(*p+Ul!-TddB^F|F-HPI<;gh
zpTAKcPIrQ?((zniRsK$D8$j3<5Rlnf<D+!~K0#@~rkpThtYPZUY6Fn%+1aaAP`Hxn
zXi_Tu(UlZ`FTp<*7(~DAtm<qwb1!P#RR*fhu$<F^$Q1to2hr#JWc7bJu}T6_UKsU$
zo<O8=1t<q7)=o4=nW#|kOxm8X`=3h+(=@b9bY@y>9S==pAl!T(K)^#-+UdOM&noJ{
zhGk6EZ9qnv&w}ZXD(V49HjyFxHOg995abP!!qqj=d81$@E*o}g$wr^cN#^u3c_=&p
zz{|{k)u0oL$XB0<H;miy5JaG?sRKQ|04`41X*B6=wKQ^!js2;V?CO*X|InO1{-(J-
zWnV96R&sObnQjUe`P%{AAA;aV!odvn&z<Rfd$u*tN*T)PKZ1D>;L=bsx^k6odko9i
zZ5H3iJq!ocDp;^%s%Y+dZ>atE!AG+*$rO;m9{)1^KZ0^jY|v{m2*3<UeJ#X6o?qBl
zHia_3Tsk?_c7ob8RDvVr<e8wlY)7s+j~W%Bo!ZIzA3%V~VyqzS@#rI`u?IwW#UlrD
zXPD_W4Dos?K+I?UzjUYx`vI1Ej8HC7k%M3V9*pOz;>j=d;blTavmtg_H2%e(JC?wA
z4;y8)Qg`eiI{->nwIh)^GiHyTn)qH(=`2t1#!atmL3j@RLR#;f*3YxYA;2pks&nT`
zn6VWW!jLh*nc%}d5DSzgfBpfM6CTv1Iu{(gwkAz#@=Z^dCn)DO|EX(gTWNCO8+D-H
z#$o=$VQf2eCY+pT?;+TDC7k7#%^1rpUIAj-$>5W|DyT+2Mh`H@z&Zft;4HS&CIi{Z
z6EJb&n3T@O<f*Wefu1Y?S?R1Sz&nYm9brNp_6~yncndMxMNZSF@;}q*Xq}kp);8cp
zHZfZwMRtL0jwfc&B84y*{gWfqgXTk8=gzj{fp$ht)fQz8sY?5rqhAlWQU9G)r=F*)
zc2N#Jm0n9nb=>JP6X$X{&^z6DYp(C_lH;UOMXS@fA*bb&qU+AGY=hBt1NyH{*$|Gr
zIy296*D(~*jdpnP8r<2xkAKtu(W1;-MZl#`hZyUjo)j3$$E)~r_FBpp|A#V3Pw#hM
z!icY-EfR`Vc#J@e?S9_)4Su={7vQV&V^~NiuhukBNQLJgKO=s1BcusOS&#!`k?EGP
zb1K)k+c|rF*zijgW&iJ#KGRXiq^<L<B>fgXTs|L_Cq{qr7pOggMv48P^%Ik%LX{o_
ztO^?@oQ*Pef)riqkl3y<WDM)fM;RN?@BA-+c9|%!IHLiG&_#}OU%J)u%-R2|WsC5+
z$Tj>CJs3F2F!wi5RpDous4b{vQB1Bb%OM$MP*_<^PF06p&W3T&tq(H6aH0aokXijV
z(|5Y7!qb4w7Cg&3Q746z#VspbtQ+=Vr}{?pIcZrr>KyFPdHa5)_SpZ+QWP((u>fpL
zUC)myv+r~4`Tpr1glQVAgUC8#ug6kXS>EQPybeJ21dt1MzuvRMO^PD(1KzEIO_X&(
zt@iLy(e?zBO*k}!jix_ssfpWDw3h#N<1!MxmU{r`*H~LZF)x0-8%He#E5<Ayr06oX
z$Qlnj1O!`VqRr46oc0q;9u$Qo5X`i_b!6$@0wWjk{<>n*9PNb~R?sm#=Um`>G-9Rr
zefI@9uE~CG1sj_nLPmNAFqV&vhacD3N)W54kY&luN_=c>W2)g7K$Q>Wk^D=A74Onn
zK-c-mwfFb&yiqA8K!z<}gMBy)$;F7%GGvI;+vAsEg|;U)Lh-X{ir&$gKrgmpiJvL-
zDFkjr?$kq4&65fA1?}Y%f-C|mcU+H`2MOBaC9LSx69k;FQNhJOJE@bi3UPJmzvv)i
zEFNy`Y$AS5JAIutg{Oo9w{ec19x3q)!ITn}0Sx#@l829!i8B9t1)L4>)HIvH>WO(|
z_(elWe(hY%Fnb3P^ZC8w4FGYkC`-uFIW@&$^`u3n4~mkS#Z3ks;W(3X@(44UFjtcf
z1@>MPrvDbsI;dKAq=p*OOa(oJrwY^G1ZNz?M8%S+7>`h@qByQlvIbBR`4(!J&mvM6
zYm*$ceDWj#0!H>hjcRPFV8C)P{x+7$2P<qfJWWY+U${+;iOFqIu=!=v{NGAnypkN2
zMnc85u9#%f<`^lRa_;eRBqJt=lYpO}7?#FI!P+33VDe2?&iT&HgfL-%g+=;jBm?WH
z3I_kXIc9$#L}mmNOHf)4F9E+U!OlZRzV7^9U`~O#f+5B((hNbdj-_sjnq44+A?AG5
z48)vJlm%>7s^n0f7p7H)D`aU=g^T*21$06ZM^$_w#or!nE-J?S#A*=mRW^Nm8Fyo+
zCF#1glX5O!BGtimsI$2PWYk*wGL^5Ehby>7RqZSsSKk2F%S?cRb|lz0X*^I|8w<<k
zM`Rwy=L}MjqKENQeKb;0K^vQd8&2N+R@tJAZx?|~dqtGe%R@B)w#|iH*f4DNk3IpH
zhxxR?Mh><NqI<JT*Bw}?O<x^DM)-70sV8rXi781aL5C-a<mih`G{7bno0m+(1!f6z
z9#&lvp;4I|<g+1xpx$(6bm6Cq;O@l@BHO@kNZP&4RhIq(%=}YhWX?%!(=3O$=w_<5
z5&MTZ`<HuSUjillL!)r7YFoP3P0~W_PL6||U*zX^ZdwfOx`~HiIK?`++d{S$6#}J-
zz+%{7RP53zOFs0}F(r2O`xD1#x=(%HG^2mkMs)r3Wq{QVl0pASQg@;L;1pDB$P)do
z3xdrlW~-FL$tt(94r0*GdimO$$oTxqpS)9}wo+zOR;OCG-^oDJt4b>cMY};j@+GS+
zb*G1Av#bMvSnh6FI<N0mUM!jXS?x!`_aNp8I%;FLQibSAWxG0vAeP)Q{P!&(@6;N)
zxC!WwD2zX!KESo%GiuD3xTT}lfFfqq-OQgF?}m}*7yFd6`997PU0jicub8xCVhzxa
z(4BHW+&6#UI3-6uIwX1Ns&I455D}nx4tlLgAzOx|zM%~!Y!N%gE8bBG>!ejrz1Z;3
zmd1QXZx)u(Z{ecy#fVs<0p2uGf4xlD4VPm=xRs8u-(TL|WK7vrPu!(2j2hMNi06+A
z7x;u5Dc<OaM~e<$|A52!V;5?tRnIdLu89AbTxKxB9Tk3VEjD?-0W%8$xhvyzw?+NY
zeQBVsuX|^xuHN<YD69rs)~i(7tLX|i{zcHQDab3&kINsT8>yW=^G<}2G0|uabi$>&
zGg-#go)!U0kCvVw!}e&$W0`+O5a*1EnzOb?qaT;O=v@%S$hGMoleq|qDica>Qq(=L
zJZa9O(NkFH<^=4mFU$H~GK25Iqd=~nB4{LgV*P%mnp!*~8xUj425IJa^jb>M!r{fM
zo4P+C8?Z_${n>O<P_Xyeazai$x;hoVkCo0G#hj|G+kv_@muRf1c*FE2r3j)I9E8|l
zWZ}Ay_S>)13;^oBk)AuWo%onOH(zD%WSIiyBF;k_PfX1ekhjH<bA_auJYZroJARgR
zw(MN(Bdp8B#X+xrvQB@Pes%b1^Oc82D6flKI-EQYYx{|^gVl24BAx3$C%(odP)t~P
zOFK2J4&q02|AQ!^h<lrb0<4<k)t?Dcn-5stq<@%rhdpW{S?V^WH$wJAxsy!&<85o4
zh(T+eL<sw?L`N=r(z2n&i&GSW&V+$YYb}4XB9MNe%0gS}m6-~Vyjs#;N2HvQTtdBR
z-Xk>lGVQ$)eX7PnUj$oX3?E+^qE3?#CX0NM@<XqZ7hvufx>Do{a?#B+v=ThpMJZQE
z5&R7*PHW_`(L|gkvZ%t4zk;$V*S3}BCF-<T<WsQ$<epeChL;PWSuxcwM#C5)a>S|J
zenFhhNx+3k@5XHFh3=54e|D5(eIk{L$biy`*Zv~i{tBb>vu|^^Lb2@zm>W*ty8%_G
zykI2~tt2CWW`r3l2iKqy_3Der@+Z9!w&6$705l>?=s#Bm^(4$hsKPl7_-PXyG*VDe
zL*mlz#HtKmkFEQ}stw<mtvh&C=Ou9|Tjk9LdRgvfXMH}+&!NCNFKAK8`EwV_Bc$j?
zREuQ$Q5E*9*y}R5{X#hN(Jq+`<|*#zJiz2f&xLRmL+<;M2o6%SFGt|<;T};BPUvHv
zgz24qC+qgmT>Y&z()y*k-YA_X;(d}+b<V0J;`ZZ&Q%{vAYK#W-XT}3mXZx^P0;vs@
zk7B`YnCX*~$W_sybJ{+%NbZN75nY6JE$;Ly!X4XNqMOK-rP{hvJ1_iqC3TUjnnktX
zp1YIv{>MYQ50f4N9HdjQW}#?BJB-ZqVTt!$o_i~_Qy3WbzW0=#==@m}ceysGljuBJ
z3)pl>04ydjl9j?Y`i=no!hecLWOu5HySyCaM2&vGLQll7loLuBb6~V}4>h05oCA|7
zIv-oHkR2REqSp4`cF5kXYEX7Hi6(US`eQJXzo-#2^>$ztW-jx$Jz26(^DF2Vm4e-W
z-K!YWsb7*sc!<WK{KIu-kl~6eYoDGOjChYqf=Q2#7NRn9RR7}<-k*BbE^-c_>gp}Y
z+}lPG*(&WCP)@3`%Ns%B8Buo2fk0Hq?9fOx9RydJnwyJkRez+ynl&{+c_0YvLp}1l
z2EnTH^gNCOg1%QlzsJ8IB92&@LcfvJs=$T}-H33OdLja+D+MfXEnqBfN027>!vgfI
zt`-l)bo=@7?`@H`fj(-e*Kk#yumPeuK*YCDsb&Nks~JQn)YW+sBqTy^QX0sWN<wse
zHyZ+UY&B~DI?+5kE)uej0|q*w8xIVU`1L4P&}B&}$$v=Br<6ET4*%uypFu-(@tKxd
zC+N)v8aJ7T!W79+_cTRr<!^Z*yQB31rDpHwrJAY&2W~+C$!ey6+^if}ANl%2sUKk^
zC0;7-$cCC+6`4@S4@pX<$JT<H4+t{eLQTP$R#=1VAXoydia(fU6AWw?8m{$+`wR^l
z0u>Cnt1|0DW;V>)NU_u6*x(D8zJO1dX<6D2Lu(N&B}WnFk|$T^uxDpyHI27cB$;1+
z0Z{ikQNmXqX)mm~+-h&$n*D7qe2mzEn|ZYyzp6rarwAmy9(F{cCX;&1@I**&f$(%Y
zdT1h##n3*~gM;4gb1AJs*|~5xC+PD0;?RPlm7HSN_o*#e%4(C20|%6w+BI-~N4uxP
z@VN69v`b~i<ShyhNc(*1bg^e@Uh>tdId^45Y6ZZhvR`{G3dD51?ly|zJ!rk;DKIZ^
zk{5ey945uP&;68~CQU^c!7nD^f``I>AILd{GU^7RWvLMzaQ=U^_lnD#QNkq7?ywcH
zxJ5u=xHRhC@P*D8jG8h|Fb+PRyt#o^Kts572M0d!%on=BI{+eQz=v84r)J1PlqJt+
zFMcL712}rFTSK6vigYoGRED7cUlzWH>c(P5qloGTSNbWgXesh>hP=!SN8}us!!}t?
zechzogtNMP4O<aDj^dvxnF&87Yv{uURg?(Uph3|$ZuUH)LD9jxy6{~mGVJdtc|1Bu
zgU&^L;;@odnL^?-K(9iSDdo4o{THG(glS=wH%@N!f3uoFAEblbMY?p4sZqjsm1TXp
zIDt$PwWnuL{yDo-@c93J_P>=s-2uO?H{yG#=M=&ryh`I_mxsAFV$r>|@9w^%)4ioC
z>8OT(a@o=%0rdgLCD_S#Us(UP7WJJGL*E35D79znh4aHXLjrhf?ubx(iuS^0z`mdX
z8#77KJ9=`~OunzAz6V{Oe24_TTSoBD?VgtwPz+NIJXQ4HXHn$<7m|;r2Cc5k$`CA_
zsd6A|H%2dfjq}>2k>2i(eVeOi*D!|HI2sM-@quUVm1`PsL#+rFxHA)~>P_P`op*Ty
zOS+B)R1^$cIW6pW*izs>|94R-zS@lRo*&wI$b7VD{$0`l!}Y9O+clMt*A4&v%p&$X
zQ^ytA%!_w~B`e~_nBe(;-;ouFsKSXN@?0@8#i~PzYiag*=}4|sXjp7R`e5saXxG_j
z*PXpuo=ORGsL+ThaeZk8Jn-oVf~T$C(IPam3Vq)9t^>~z!#E9)kGY9I#NQz%C2#oh
zPi7*~A7KV!3opO-X@4+|(ub6w*Hd|+u-j&q7zBV==_+jM8K!9(Gr{<h8JygGTWLc$
zY4bf19oFASFB8h6*=Yf)w2egEau~(NbTw@TR1VMvN1^J{oCrL>d^(Yj)hBcWRl`lx
z+RK-eipoh333X-Fd2M@NVV^jZw0U4<T(@5UH2wW+Y*LXGVg!4zD9!DmH>twNTUe-S
zb5mu(?D!())UYq!>Q)AEcu?;N+OD&C(m?_0oc)xm<Jzspb(lZ5g-xLab=7rQzvhdF
zah_e4LdU|k>}mB_Zr}<Foso2oSZ=WNJ696-6A$Z<%pz{=4um>TIuHMz&*A^&N$4{C
zdo~=AT)6PYXumKKk-Yxw&S>99oFr!AqA&EfI;S^_i@yMxluXKY@5uN6AUV2ZMDhz6
z=K>Btd?hv-Zy@@w?YjWIS_O9u*gip0XR-l4SZcT*{My6TLqlc~F^atZk^OX7@*HzW
zeg63!sL<#ilxGZ^nSBARB5&ZTv5k{Q6*`fg(G&x9zXT>+s-*}*L}uo1w1pPYnrsge
z8aNS-))Y#IKX&Aiy*AwTxY|LLGJu?Hzw<UyQBsu6OePd7bN`6tv~_?05A}FKd@(#*
zd!^ZJF^C4;O1LJ)ZmQWsDk4Q#=PHr0>%r+FtV@*yG+iDxYYf=7Svwuyl>96g*Bjo<
z9sI#MUyGdE|ISo8Gf(W{Tpnhw`lHS$P6mDUi8ahsMz*%DRT5a7|5S}eO%nN@W$rBr
zMa*prbIe^oGzeZ0pb!&2nn%#iJ<3uJ?a0Lgr$cqxE%I2Iy2iU^u3F+AGg^*Lb>w<Z
zq(gx@Z9xRigt_nv7nSfYJ=WahaS(2}#e9qbn>;-MMX-$3|0;+7!wHRTvdAM?J#20m
zh{#iL%$ON`i5>)$+lMY-&#WmGF-5%2ohBGqN_QX}u@vu^(|eze9u3O2D))mEJe(9*
zp@kVDFM{rjMqc`<GX;I`aOlWrJw?|Q<Cb!`?=w@b3H=UVBFruNegf1y*il%@hT2|G
zVMg<Zf61T<=g@hh%~f=3yM({S>8yjEE=lXCEN1ISxpZ?jH?)<CM9nl7kP#3=e1Ul}
zsXrh+ocG(>KL8{jp|*UcVc%N88YWkB*`j?j)wsJJs1%K?oLT~8WHJd6tjm~fkO_Qc
z|Er<;?Q{QZtjc1KhqBHTPh@M)?ScuKL*?6)|9{7?U_;fUADr<uBNH~|n9nPg0(Q=A
zEjEuT-wJpmG&8Faf_qpfU3~mSx-S_9A8bIFydd2>UxlSF!6I##)=x;1u2slz8uY(y
zy+km}TU$QtRKGdi?4T~mAcR2$(m1uhKe@TPPGJcg5{tym&)12H)V2#+Dw#Hlhv^=p
zs|+xH&6mnF|BGe~?JE|PJAJrrLTWp}`0ov6-6YO&i1A<i*t$s|TbS<o_4B$3x84w=
zM+Wk`$()+Q-yEOcy62V_PSKq?HJc#_sYkf4C!^~o%<?<9x+hbN9)@V>VcVK}Q18{n
zE{A=FdI<3bx$t#LK}^?Pm%&te3C0<u)_s)3d!c}h1~3xIWJOdp2^y<~F6Tz#1S|fj
zx<0e*GWUxupCQ@lH;&U0YDs&+82%v<hlq;f)e$A@2vhgZ*}Pfc(t<oc5oQ(lbfbKp
ziwxK7#ZYsk19unLt^LNn+BeqGR-e9BsbK-a?u4+3-P><2DrNV+<aJlt{x!xNgz6-!
zLBg*2!)c6<@Q2d@|7jW|an|o{p9IgRf<}4(?>}CN+%7owzsG8&b33seC}+>zJ}aC?
zzIp9Jx^2Tjai-J57gViZ7qmHdVd0eGz#Z!9RzsjyVEdc02*HohOkqx7{pL9M(2DTv
z*Oi-v#hO_DLu}h(ccEUMV~R-cjUPz%E4g{CByfIW$PdTp12;I{=0&m1Bfk((>nVdR
z71XJl-*Qi6=z`qlmRzvxxF|;JN))#Q)`7Dp99=T9sA9<4`6gttm=8vOEF~H3zn7um
zuOzP3n0db!v81)`3UzOP1}=m@e<ae&G#G%m0fhm?(4F}X_?t*Rq0A>av-*B?5*e;}
z;g`F7n<E_6H*L}MuFP{SR3{*3Vo7i@l#ipULu^rWG*o9C6Tri|3&DG`Qa*3T?_znY
z5}bR->{4HYc%>e!ZI;&2+ZKK1!$*MYSZa`NyJMpRUJ5aF(|l)fSpBb`Pu(*XZLfHv
zHo(;#PqSLKI613EHq?IkO44GXOoHp+U7xNp2(vZ9x76GsIccP>qphzJf$ld>Ysu?$
zC5Y~~6w0+}Jz<^%p>&VpgpD>OTcYf~umz`1q~Gfok<S|KszQls|1Z<R+!YH+BXsM^
zm2>)fjeAKW5e_1s%AU?e7o`#k=P1X+Zg`r*n#m*B)vP7*%WjmnI1Y7F=?md9`#vP(
z7AM95ML|U}`w|Mr`OjxE#;-NUpbJB=ec&^?!)t3Jpi3*2dB82XqLT3VyeEjpoN_z8
zENQ!KwE<fRME_sDiw5*0EO77U?(N27#60BY2$$PK+3;EetiIdu{YC@yUrc%r=@nbB
z@P6D}G&GZ^BhI$NctDZ_Sa=<rCLnROQ@H@#PWNd`x|iLOW%%iE0jIYRyG4rk=nHXg
zu4ujSZJoV+Oj*2A_Sb;UW??kK2tp{LT)EZMgbw(msZ0zLRr?y~ro*b#X_v?LH}kOj
z-Q<I-sliWgCpkH2R$euR_onN)%evBC;$xytL{dmihP#S{wEUnGfAeBc>35B6vKlz;
z0XEzC_z@sZ*>$L?!r3qR`3&gqvc#uz$tWna!FldC?<Ckf1EcS%`B)JqV^E2nlqIvu
z!O-1J%bgUpI;0|$%N<Ji*it^{w~f~WZl>7O{7<lqytR7@ij&z4Yt_%{Cd}Se)V@;5
zt3Cakq=i-EZlaOOkguRGBT<iwPi87NG^}cyU5G|yC0*G@lYKHc$btJzV17g6dJ3w8
z5!#KsW`63+Y3QYveiF_e2@E8CB1E&hMmYDxPz<@)gN+VSX9>6MXr)Dqr56bws(>oW
zD<gkTO<yixAhyP%bT7=)$T|CQSP!VkF)v+CLo*~-{a*ZFjK39;w@a-b8vzPAdN6L8
zA6AN>O4p!LDHosXJDrwu<^5*-%kPm!=yq*?WJ}NH%k%A(udfif%6))iEA>NH_{yt&
z%D(RE_M^;G617ZM6|<l4mkxfJ9z-FGu0}M!*qf`*De|Rt#6==rCL+^)I+4A8l^uE^
zn1I8PENwdzQuEmLWh-8n03CTD7Xp6*p{sEv>-{^}+$URe@93E+R)F8Hyl<WtQQeE%
zd01Anad|qzru%8d?}U`!nR2g3lBe}_^MmO8v<u*DhU$i9a(0x3L3Fl4T${NBv{6Sd
z>=X}{NRdh*oK@<)7+SPsIs}f3^2nUF7Dh#3e;P&9${@gTGB!+fh-zNhy;t6#bi+oN
zBqzqwRMOnZaRSHEsW+=?Azm@NMnJZ$mCQ3`v7Jd8jT#-ipUNaY!mzH0T$oqaq4l=!
z+8zFlp9b1?nwJpn&oWcrfQ7}b0<X<F#9S%goJZU#(g&!qpGTJ*18Vgro~So|a7&28
zKYLDP@P?7NZSHkmge&A}Rqb6E8lBr6`NM9VX7I;UQC17Ba>dlE1*o$Q8w~d=1PE{n
zZ!_H%cgN~?;X&HWKMr^gIFd@Pq5+Z2G7#F%YZ_UiYhe2`Ay2?EQ^(1>Ou#ZLJn4wE
zgkD&OZi?4c-tU7FRL?AZFv@nPTV-HTdRLbxaFn(BbgSac#53-d*f%CwPnC3(pp7b#
zT%`y-W?oXE>Mi0MzVkA!;$6*yN<Y<wqUQ}GyOw<PTlHCMgv#RIx0>5b+AHGqqUesX
zL`&a~=WjI$a2nTiQ_W3B3v^y<SNi+v*(ps&fsD6wip)3b8<?yWc)rP&cHz6pM{$Fn
z^|yMigk$8d%<~}BL8Xk@=@tdGmeGYnSyg)wBg<b)T^shsI<*YuEY6lyIpQ7`w;;6)
z&f--$-(=&b3N|mTy~<(IUtY0!SGEA0=Qc_0J-c4o4%Ya*E0HoIL*Cf%?~kH@3j_j`
zf3d1xl$Gh0SNl-@Rn0B5=d0CT$-&<NET$1;;dL$Pmd8U0+U_EzZo8_uNmBx|$d291
z=)V+JXR^ARE1Or-JBPa+;FZ+LB2gT!!5ir3$!z{zuj{FxPqv#vW4u0<U|+j4w4YKP
zyh9d|+k~m91~fI6gd4P}(s{dAuZuBns4w1~4sGZ_)Pd6##%mLX8|2uYZj_#GI0Fqh
z-M}k&Gi?Di?k<692cpE_v>r(VeK$?6wHWr*7<M=3%-2ujtImQ7x~}e>sa8tvR&Mt7
zuy`?fNA5x>S~nzOiKx5)NfB%uR4_2?r;0?d5j2jZgk2CyX;4&903(g0L{TY?3JwE}
z7F4q51?|zqfBA0#S2|Zdn~mARMjN!gQ`w!5=PT?-5M#*PrRXqTy9G_4UVuTM9{s!W
z8Gc?Knn5jdO_?aY|DPBtKVA$2mw7ej@ZaAB7pJXqm8=^ix;6h<*%bdf_%8UoKTfJY
zRr}zRT);I-fp%Oag%sQI84|8b6Mja_M0A7Iw-A~tr64Fn!Y7N;d?hs6S;DwZ-Q-j+
zz)L~Y9o!oTE57P^l3$mUqFD0<zimC2LWqWfq=3@FZwGVgH)b4i>QinC4~YRL^(Rh(
zSJ?0>4QYHqFflHlnXUDAueu+r+zv)s-mu~p3o1Qrv#M8>XveJSd2?2j7nCa$_Kk#f
zxi7?co1-vngDyk|W#Z#ECo_OMDR#4*KW7Yyna8i0eK8Ea|Aj4XX`1%c<aqWqk05KV
zVNF)svVa|oaY1R}zb$sC3eZ=5x8N&Y%hL-`-4n$iQBAff{foPPY<{Wwc4If%S+861
zb|+AEYef**9Bb@l4-nVc!U-A_ux9)g%xOxHO*kI^&lgzac^mTi;S9hUVlC9?4NDNv
zZgmsr@3;Y2FR6L~eI!<e&!j;74rV{TcqNv~<&7m};GeEj^to0Jf5|B5cfGj2COW#w
z8bi1^br;x-BI>Ld_Kk_i)(9E)I<}_tnHQg$$i|*a6zG!T?Wy2q74XCox1b|7JM|fW
zorrU^c)9|Avo1Zl=`yRYaTJ=VB}`M~s05L?C#OEL*u%vNbd3>3Jx5bnM#a*tsCw3Z
zNee{nCvIkG{98B@YyMsZsM#p@)4T-I_jyDZkkGg5=#&^O^E1VuiFyZO@!Fl+13uR9
zU1kq?W?FQsuW_46aa|6<&LOYYdeq0lti#Bc%>)nhu^+CkSzx2AnNQw=fN>&ARqwf-
z#Ll(SsmOAVZ|^mAiI$h*iR3O-D39wniKD?sLi_~0p@)1Q2AC>B!dD$ahE)Cm;lvk?
zS-Pg3YFVjG4G4@VzVu`dIU!pjW4K%$19S0qJeOP`)@D|-xJs_Y<Nu_{H2r;(?w;+2
ziQ2_ii7-Z<H>{qNxwOnjtW8)VAuDb=D=!Q$V@yhtfG_)0w%z;@0~box9g!&$=PC2J
zYYf-c^ju#@U@W6G=R-$ZadwT+RU}_$arPbm5^SZQgYAT1Lgdn~r!6jo+1taY!zA4^
zD8-GT>uY<y-M~v+jP8>QK&+!?#i5$14(A%q<N47gtJn!${dJZ0(+Wc-E2{D%Vfc_m
z-T=crD@tC*WmR4*>HO=<k&S7Mu9c~;S5mR`Pa0xa=98}vAiEx)EyjE|rAW`R&RFJ=
zB^#eDeF>X%4}S533%(Y+6lP{WU;h5QwSJ~yB}Mzar483!OvhwQTa~Zwc9cepDSgJp
zX8ZN_JXK1l&C44}VP`DCd0sH$>7V93KC_Go&!p5WeuAQqO9O4PWiGuEAZ;vy*-L}3
zK22D04^*riIfaSOl$W4DpP<A<e4yeiR)CIzR{&-Idoth;BTbRl5F^`d4jlnd?R5QJ
zTbnnKt-o?qhVu?Zn)BlHkMrYy%?nashLRgO>aR>pPKz2V5TeUs-ZT58We8Z%RigY^
zRoRU4+x0<?T0tjV;Zb_1RyurgHp>{GYc?-zbbWF-AK{1Ra9T7we{mYlOMUX4$C9wa
zY<(WF2D<XK@EvbMe~x!Ns^R_0m7DB!Se;cu(^^;XtG&A{PX7~~#paf}_0ikjC2ERS
zc2dij^W@bR=*32rmQw=GEcU80+)Eu#cFfBHI?$(v^-+fc-%%kyzSLG;)*atTCa)^~
zsr<~Ocb40vVhKwJw<Q13!=;q2Ku;1sfkTI?qE|zv(~v%Z*3<fki2U8@Rv%z`H9N_x
zp<y9sUdpXrR&1^6+(>YkIk&#Z#aW-pZNXzO+Z5@{$kKn404?=CN$?Bn7uV?{;lo_|
z^5pX?V7LsIaARd-vbG|FM<LCtnf;urK<M2eV#>Hgh~u+QUeF-j$F#*YAt21PxL<Zi
z9y|qGX=43(F-P(E(Dc5RYW0fOemC+lUcx58roPrKu^M>F0lJxMc$Y1FXU>^)nsM`g
zSEBPZU=7W?0zk;q$$Vqob#S~tw>aUC6t?CcJ}YvddNp42;8JYqt7vwD6!84z+&Uu@
z-7l~i51VScqU?!~_9IK-M!`l&@_iEjr7?bBoJY=L9h)1oc&P6~r^FZS)&~R7<E6UL
zLW#t>C+K<J+=1S-?Y1oK<d^f6;~{?Mhud(=c+AVt9P!q3jk2NLeBkDUGe|?~eF|)6
z_=RWV1|#rq|Dlg~=DbM+xC+F>81rHis%Tj7K^r<nqi%@2U&-|}QG4cEh2m^^+v`Sc
z=&REtrBLU{+m(H}?$W`iLl0+9D$4Hz+S|xZ2<&XPViwf<f{?eu&gA9ZP$5dMiKwkp
z`RnC6;j9GL6Rr}$=1il)G@7_Ahi;*wAedjGg4`2Ve3zk<kFbUR_f)$j`x}Sst0nnK
zPKG6W2e<C4W!-&S5-$MRwXa$z<e?~tw``8c_RYYAXO3f-uvcX-!7tr(!LH!r+4|S7
zY9@7`)!#mwavG=7(ZSOx)_9eB^MnmQ4w`54v@XI_DGTzN_z;t<-Pu~Pn9};4K8ZTR
zSv+m?Uu}W?C%igYjfH%=8th3L5%zHx^R;>Ps?1uu_>Fn|nB0#ri$1CGEgRUQrQQB-
zSF19z9h;O*!^0H>#hPb(p9rZuA2sRY*T;JPZ(GNhh%-x9re1GC{%?V*8XwNW{k^Xb
zVOt4TVfBav3W8r1UL4yy0+UV>KlrO_6F=ISwu0IGF<!G}OAp!+3A((MNLRUA2lC$Y
zy#eNTkkmi*@$~Rz`XhK;puy4OPsBgQ>RRzvjno=z*SqO1FeUIp{)n9;jkF0zbAh}6
z&^mSDipgC_F<>}+mGR-(uZC#nHUj@ecp(1n2Aleq-`YA)j%U}LHj)PF@ZZ<<6NWH~
zf`FEp?$U7AR^P0d?hIw&8wJZ9fajCh6w9gWX2%?F&Xle5$DOxp|D#9K(-Ql?fK<7u
z^98Qj;;ZaWyTDw?-(h$iCqRgFRV8QY(=GDunH!CjDBvfV@2dXLiQPZ_ouj)*?0^*f
z!<N<}e*me;eb&b8CV3qxH>7$t6y`=ZhPz<p?$#pHVBHvLM4k7u{0#$D>$_ruYvb2~
zbQxKHZk$?!c+`L`V$Q?|@qZzKz3M+ug?5ZVI%sEB4Ps2~Yorz}&&G{_0BcG%72;SO
z`POZ#1{sv*zX8i6l5Ybf$pGfaL?1ljFp@+}%?)Mt(ga`GNK)6x+_np2kSD3d4}NLi
zc`?mdJ#M9YB=NoP_Z+yR*6Y_u{iWagLg)xft^M4G;T28)W`d~Tqv&YXV-hjXuIkA%
zsZZ^L8jj3T-Bv}Gg!`^n$@#2_j%;S}d;WaK5AY4ki~Om<-G*6aISK=^K*eY4E~0Ty
ztR(6RGM<J36~AtJkkx1EIJieLTM6s+)CRXX+9GQ;x9%cB^v}v5<T$oQ6^GR19O1Fr
z2W1e|QeXNuCiAPjSIkb+Fn-Y6+wY)-1#|n#B-hrt#Q+W6ulDbu`Ml<)j7BS_fH+}X
z4?NXnk?sg(YrQlId9EBo!f>UCQBF0(n7dX_&$1UW-G^tqxDvNzbM=b9w|2_h38m`d
z60Tf0GI(qp`XlikR$--f^`rl-x5OJy^wnAtcQz_kR#cK{9o=>NkinmA^mv0v<X~>O
z=L^I;$4{%YI2#AQtSUrn9*<GpXfT<1We<F57Ez1(&MM4c#?!`f9^w^)do_uQR}+ct
z7*o*9k8f1eUTI_wM%3zF3n`NA3@5Q1@yR5U_fl`GNP}y?bOzCrpv~zv;#S^;qo&Zp
zS9rixd}Wq*(_W))?GI)o$yzf&O*tMT>-7+rtc``^zYZy7AnUbZHbG)g2@#wz&?~d;
zeZynY(x+XHLNNXt^%SX<3<Vhm-89g(`TC0x9HTr&`!yFv`v&^B!cKdPe)(wpS)C0^
zx{Snz3Ov@z+1W8o<R)9|Mg%4i9j2m<%hDSenfOT^4gSHxZbmH=M8;)pdWn$trk^{*
zl6*ngjeIIl#2;||xztHUr|<-Wf=9UGwNvAt>O8V2C8HSWnyw~GIjM{4p}5ce)likB
zjJA6cqh@u2e<z6_1_Bzw0{x!g`U7)}eyoX&@i=haQb3dAu>%Yy;{UC2DE|@u(vuTS
z5THYJ$k7Y3X-XlxcqRUDZxYtMjh|NPhDx!U{_d`JPkU4(tQ{&e-&EYhB*c6XN!T!w
zBfU16nxbCXz&RHwoYm0O)o?4VizYD2vL_8{7{0<uuIk<su|gIvpfr9&2-ji7qUH;^
zxO%FITA>c7Z@{VV$yK~4JVu?&kzLG1>*Tr#!MSt)PiO!8Y}0d>xw>M!97z)nB%+?i
z#H$7w?O_!qpdyu}FqU%ZwFh&H7T^<=cccoi&XLDU)@}$V35?qLs_xM#u7=xe)^lG%
zKqXM6)>2--Y}|knC+}1oKl5y;-Xf_`&|D?fofksS`95+t>sTR5I@aoh<4`3^5Bm-L
z9c}=0ov<4vMA2E@y#MSHv!88o)})D78s5BVL$SFV2qODO0BZ1-l`v<Yy(qQBulABU
z^XOa%c5A;R04+?hn4!$sHJrv<Kh*<%PqBp|l;`P;MYbqv;k0Umt5a-R<zw5wVg)ry
zj5S&{oC}PkoP{wiVbX{1x9w_!dZ%n!Q?w{4mX@a2&b>9p8wXA$Tpl2blzvy8>XNEe
zilvkz{7s)<WR`bUM*+u5czK$%x}?qs{AL{FpEcil(v7v%Pn~C>`NIM3b3(lRW4X{i
z4CYqdYP{;>4&RuSQfT#9WfQ0?PUO$ZrwY+@cGK<`RY0+_1a;hCw%OW?`o1`6ZdH`#
z9>2rJNrrQF)Rm}zcLHDA3wmjM^R;=*a7`?~gvO=$_xf(go%}TIBmV7{8*koGST%n`
z3}qX}!Q-GhGxd?NTI0EdLQM7;r7BC%rBB!d(U@^4zBFqsZm%uCTbHb5_V3Ye+-r9c
zy9^Qhx8@dFfx?R#1M1(%Y`)oKKb?ZaJwn=lbKs!(f2_S_R2)svFd8(-1_<s>aCawY
zaCdiicL=cf;*j9(F2N<Z1ZN?*y9L*UyU+W6=iGDd{rl~isjBIzuBz^y>DlR1Q{~}}
zl<e$%g4!v#gtRQ-%<G|ViJSf-BH@qt0{qQYsVdTBw#)DPHno+amFOD!=EZ0I#X^01
zQeLtnnBsMQb*@7dQ!odxWWwWOcGFI|T?VobaGe;~jG6iDepv%Df%Bu=E}Uju6Qf^4
z5!`{e+Q&z83$mW)6E;W1#Z`UUBP)h9G+EMY>T$v?dnDx=Su>`T^1Aa&?7QWJdNdG9
zFCwbtT9@B+O^J2r#M5t82j-eS-Plb*zcY@`&%JSxI3UG?oMv~*wzsZ!N~V1co|byg
z481M?O6J#9I%Sua@yq{{UOS(yh?(nRXog3sXxf6RgD$vrK|wy~yh2mQA>vy^w~@)w
zzwb)&F*OIN>BK>y+f8`=a|gS6`o?QJ-~9EbgTY!AsgG?nHJpf$D&co-W?Q2$5siob
z7ELYaJn-TSUyVH>5Y%LGonQ0g)<}<?UdvqVPca_BaL+gSNbD3l?tm1yXhwWW?IUIe
z@OTlk-4Y6LlCeLzEx+UI__5ia`=7Dzn)=5K0}jP4+;jP&g~#qw!5h#!Cev>M!Je@Q
zkvV3AoVT*ZtZV#3<|?7!jJ)$nOAWAjxYlUQ<w>r)V(C}rT<P12956%ME*|`AT-N+e
z6Y#kTe-3vR$yEzL<F>BF?x8c3NMDWNJd}ikTW#j!f+L{>$Ng3#+gH{-H734BTP-p=
zrI`byg|SH&AA6$z$xtDgpTG=R*br+-eAD1SexGLmQdQx{MEom@k-aA}GQ)qulxRqV
zXvmnJW#Io(%fWy&Cw5Iw0M?DH=sqXEQ@{tGTLN)dIm2r?-7xfResZUY1k;-Yn%-&g
za{au2dvYSn*Kv8FjBn!(jwsl|**6n>iE{tmsJ?ww`7fYYi7a1ok7`6xpm7HWh-YLv
z3hEm88~WY*RZ+k#%s0BZkLgT3BHA(JO!QB>m8P_5o9+)sTq9mof>LVUr7l9D&1)B_
zAo>J?`2Iq&3JJ+x9Uoa|%d)kQ7PSp$P)3)`a)Jr2Q6YCHM=Y2B9uCm3F5Fm!{%umq
z?79bh^Cc~#i*rL3&F`N3I=MFvnB+Aey~ou(Yx~22*C)xnWtOeCE+tsVWT9>bUXx|7
z%aY510|`WUXS@oJ>$c<MMyT|_&GEB`mmvLz18#a&M3@!DfmPAWFq45jE-42}K@qQU
zy`gckHQ8#d<$kk=H7ZsuKJ9XsCF^<+j#xw6zZ}DiAXdG}e=~N#9RzJPLmn`~B3pJz
zM`fvowt{Cut!cT@z>K&7%rr|`M|KN<-kty@B@Owd(zHY415I@E@MWFU)pl+Rz`M?J
zltqI?^jMkkfR|<+NS)NDGTo@3hy7F?C0P07rvEtYxb6J8zs_*tU%ws@cc*=sS^RNM
zn}D#l5}~_<09+H4X8Kg6Fy@i<DBZcm4V<wDEbopGaHLJ<bMB~AbTu@ZW(vP?LPB<|
zZC*{0Z~brW0ovWeDgoi;z<u@gizWPDs)oYjT#=py9WZsAw*ff?Z3weyc+GiTQ}q!i
zOv$!w`Ht<Nf@1;Tj<Teod!>FeXgkRhz#o~$H~j!ddSM;(k4-kXIgx~aimypZTB|Lz
zv6foj+xNXrC$7nQp|*F?=0St-{LmAynFPP1)*G4Fyh{Xd+?XLer=ZSxK$N&6(kl`k
z!nzx9W;+WGqv$lNE}EUu(fmOz?h~Pjlv+bwxS0NUZ_K^)ON#Q{nf-0pwO)@_SpiXP
ziF3htdZw}VWTm`z1Mmz}5*e+ne%iLuZI*qB95s!<GtUJC1nv3(iK3=$!7YP(^9*7E
zZcHb(vyINo-`sb~3*-L|xFrwajaufZPD>Xa7P?EH^M0_Ku&3^0*)W=}Pm(sQ=rE#}
z*{7`zl7j9LPs_MF_HZTBOc?$F;2)VNx_lpOUer156n%hp&n<>zg=(2}n$0<y8FC1P
z3m?zD;t{IpPVMp7q}gMef40!JIB0;Ey}0=mo(kSVyx|7&P6@_?PtXlIL$@nG0Z5{3
z@+cdF|0=jwU%-WeBw3DgH~Q)=;3OuTr+#`!%_3Lz=Xy-!R7&uU;I?ZG@k0b`Z?``P
z3<<+L=H=)4Sg>vVmY?Opa2<EYjKW8yUah7DlXV!}zJJ1S-4lWf`w{f=h8Xr2uN~A}
zwjH_o5u;=~vd#-82rKAs-Bx5(^dJ;gVB9i3nley7<GixrB*PH~{g7LR`6Q}P(jNjO
zD^=4K8$egDF#I2A|3A?CKWJ+Lg`)egKm@MWe;jx&p5%ZaJ`6-rVx%xKwD8~PAN#i=
zp|X5RP}?~3p{hM#IAKly4TQ2iZj0f+y8M5+p+fv&gZT7*qs!Pnnr8ko{*6BG{0Ozk
zmVAy3QS>a9c$cy$C5PY%elm2TC`1|GVBun}rDZ!dpc?VjB~_Xf<O&yr<@@)&b#!2}
zBZMwqXf4_X`<e{`G^RlJ#?-0k8SO^Ac7fwnVFdX4ph($<3K3(E4t#|ofD9?An1v}u
zKiTJ>AsA>VNZa}UKLnIOn)ZTIC4|NUgnLv(GVMjCID6Me+U}-S#t(N9MaRI#=>G~s
zLHz%s-!4eoK+=3I{P2HVW)$S%VX)$S_-GVD*+~85;Y%2y|Et1;FZ^GiBnBdd&|g$|
zgm4!XF{F?G7mzs8hz-*AyI+V7428iy0xY4pPLIxKM)Gj7Qp8UbYqGq>da6}tK#$I^
zVn~-)c1&jmV2l}z{yAE6gmAWmnOjAVRyL&V5Fo|{tt$-F9@p^U18DH}P-vT=5(8|*
zaSMtLYAC`5ZLxP((jRJ&$dx3JjQ0_CxWd^gsGxKT%83n<X{J{;5TmqW*cM8vK*=v(
zKRZhx$vlNXC4UhW6NB<qC&7H8P?(_L&!-57DtC#4p79M#5?;F%9f}EeVOoq06jL#2
zKt#Z`{}0jN+Q$u>Dc-@b6UN@zkzqKSH}sgww-4YbuO*f@=tQi*LdzAXF#tA9TFH%U
z`3*Ye(3)}4LxfPyw;edlfqEUdZJp}>s>6|us)~3^rAeO{`5TrN*)T1J44Y|!DC>3V
zs3_xy<PfOsn6wzAzWfJO@ypsrP?#1YqczMM=C+Wa%(k%f+*&3LPE9h8>uJ9x3AUS=
zDn7p@(hzRr@%PJWV^^?3wUc>C^PS2W?y8ztbsBCAtFD0WJ7H_Tkt>-ufQr5kn?b_y
z2ccpoikcPJFMJs2e%ehWCs%-&k`&&rqBZq5&vVREcszJx9+r#88nL5&h+=Vq$f0s&
zzrl0i+6Oi|i<vhVkw{Gu1BVEa2FyM|o4tJm6F)@ASg&Kwh07R?ThyR)`W#A4$#Mhd
zX<Jvv7?i}g;JAyo>V$VC3Lae5seVYDG1aLKWn)?t!^gFU${R+>i<#A_CV_~F^WoZ8
zeQ^BnFkgwKQ~fn`h!Fe#3QGOo0iY25Z~T;yKR^v;$WZ%V?UlCnOp8u1+osySg&Sx#
zyzRp&atQlhmd4dAptkjpB$9eHz@zlc?Lyc;4B9d+@@vfKR4<6jW0-}mom{0$ovJ!L
z45IR5aRaIVl7zrCx!)l`({t*?59SDfQ~0c*^<2qojG-M;T{R}Fv1BuLnRNJAJfV#{
zo>-h*cm_J$Dhqm!d{dnYY=8~E76VN`9sv#2U+IL0)X5{}gti~*aU1D0ElitfG@pO}
z^6z?5z&ii8Q1+ejSu!1aR!NsqF(q;Y1%J`rVNN0!xWrd1V<DRq#3(PhBDeC;Hqtrx
z1+t9QJ4hi+FCTNOtxKtPovH&f@SLXj961t49z2#z8KIpz$n<lGXoOpp**TDbt`J{W
zO|r!@dYB5Y_OP#B8a@=-9>_PJW}xXh&700Qe1JVU0LTqBdB3#ER42NY=|Aghp!0S8
zoC_SBDO)wnr-A3MAKC=i|CcQod1ma(|B_?N+VETe#(ksJ|HCKOc!nDOyB@LMMCUYe
zpnh?Qtr}~Pq9ce8U=MM@UwkG6-ksaz|EVNH8_*La2DbD7O=*@$ZNN~zNqn~9$~se>
zu{tZAJ8r<K4Wfqre^?Ds$o{|cd!j@&(E8j0bS651Nq>}ohw|j$e;UxsfU8B%LojeZ
zncFt_ea-#t))0@I66tZQC}3#<V=0k%+&fIc^tJgcut<smY3Y~shfRF%6!IAx#Fo*C
zv52qv7ou+;jj0=KZZ{~&)e6tMNfwCa?8-kO$Bzq(6-%xPKJuQA;m$IW|K?l>?Lv?5
zNM_oNV7fD#BI%m7j<v=6+^QkPo~b)-S{dIeFjyX%m?;W<kXq<MD&)fJ_uSMb)vss4
zl9g{+?^{?8En}@}n?sG4DZ%qKvpMn~j2mr?S%LKtS5m{tYP-1~C}}dczA~qO*h}f2
z3(^NjdRlDgaC<(Ho!6*g9S`KfR8J|0*y=O01_gmydMgz^aO}A|rz?jAH-?%{AOZnb
zl`htcNnh6es3hj&0Y6inbPRv$e6#1}s4kTo7pQh>Z2YGPgb)!l+T=BMG_C9@UbGW2
zHc{pxRFig?8Cz;OW1dkOs&ez64yJ^F)wP*2vwffG`#OF^)7+d10*W?FN1=;D_sMDd
zS@?y#>=v;j^de5o!J5L#PnE=fA9D5I!Rrr(^`-ScNLxbJ2GRQR(eV)j`VxtbJ}A70
zm@?oTZ9T1g1lU*nQ|JFT`4JE)Y7%2Sp_sXeveOz5*3Exvm;{7QLW?E=le~;Uybe}v
zPE9)xM^-=?9!~OR9o_HQ?wXF|(<jy~5;l>lkRJ8G#qy0q4ZLdC%HXCdqB44#M04H?
zJKSNSh?%fTv8qz@?0hdp@m$UATzz5w>66`DL30jhRO4gs%m_{^iW}~*n~#-j0!Up<
z{3)n=W1@3(I?k1Unx2!BZmL5s+8Mtb>V^$kGZdu6cs-k##OBwyD8h=TEb`xdjDId$
z<ZnV+;Gfn(>V5}OsbvTp;*D{(c5sM~dUSD26H){D%x5;B`Nd1sY0A`@%Q($B#P5~_
z%~;EKqYSMUdMy?nH14pOeoZtOq%GKSf3=xIEW3KCAEpdf;}sz8zCs(3AR;MTcqAl_
z?Ao`f)9=b8Bq$LllnN5W7O?UlV(g@s()=cM=Q<53#Vi0_@|jP9>L|9Jy-B!(Fy2Mg
zci+5o#?E=aWL)KPZY|ftWKp~qJ`h*DZ!oLO1R<LQVq?tC3S@r3jxl*u&1Xj#5dRD>
zisF$^uH!>+xBeM}_L}lDvM6#?zBV=GR#_!E<>piflDQP+$+;TB=PR$O?@?a<8eb(l
zreP_|xj+A|j?-0)Eyeo!)q^tPxm0S0F%e<50(&jX5cPES=sDh!So!_Jwy(ojspy2B
z|6G@pWG^<^Be7RhMd4<p>!;~}6%g=Qfeb0C%l8NuDF2JiBF;}%!wO?Lni(MTiw!&W
zNd&)KLfvCh3i#tXEHpsQyv*71M}3+XZ030Ye|)$jpyd}kfxxAYR^-(AWrs-((%`v*
zM#0U2BY@XQy}*5p2RO8<arA0IGyrmB@aPb+_y9qj^jm3oik7s!xmp=R6gvGYL?O$g
zgnPlk|AUqc?tsj1(R2%gw}3e#PIU$tcNJs&JV++HLThw&C@2Cwa)^syor}|c`IM(~
z${Vnw*}IKZ_w*^xXWjX6P(brBM{naFDg=j{BCA##!L<BSWqq`PbrAy>d0oJ~bKBHH
zNW}M%a=*CD!I=&}O!L>dhD$vLlpT4XIK_ibZ@psyhG%teVzn`K4-o<DPhMtBGN$zd
zJnsv!=MicXF|^MHl^frq=ajVPR0IwC@+8c8-V!Oo-uAx<T(OULp%Yw`$Wf^DZH6+W
z{Nh|#nM$O{?T~pHYQLR52Rx{jB=W4}DbAG!3}W1TmKamqtt}XL8^3rJ#IFydP!A{`
zf>0Xf^@MFtkqEF??6)=nehS9j>W^eptc5BVH5&*rZMgqF*-i+o5lPfH!1HnbI6x$b
z@78n*+bv>sbjvQ`)ZNi{oIn6l4_!j|64=l7h6PkJQ_(WQa|s;(w@wR~^amqUmjCiL
z+&U`*$cSj377w91LB{sJ$mzbi27}d4_imMdo8Fb4$=$IO?iqTt5?<_pm6FA=E<*tN
z*&O|ZJR^56!%pi=9vyj9^yX<NzR`NgV_;|OcGSU=3$Mibddz0XIsoEj9|Wgu8}t&j
z3HLS_k-0gz4rsm9dQHEu^6_fjc>p^Br@4Cvg#lOo_=%f0L;o!KRG|TFyq>*=NvlXo
z^fR7|UOz49)I6{?uN4h<c%ct)`!DFAKClTj%EY(WqYspEY1u@%DGP`f^USoPiK}M_
z5NO;WdYRq*R-=spXs$a;Pa0k|pLlMXn5e<E(ChkMBV5hkO=KSn&-G=SeI|Tw{PQit
zEnTq4(cWc4@o&@I@%_Y8=TNQNaJ(bFh|^oGCikyF_oJjBQG^0TRZLp1f-_bps=>w{
zE?w4BMOEMCYQsGC?2RJrf2HLdg`EeS!0o)_q357fB<8$;;reK3!j!0SSiNfWz$vyX
z_ih$m8L&=9`sT@9Thjas*^<(17EiKrVId(jZ|c<;9zd{1MQM9wBBXnqKJ&to?r&B0
zPDeMO=-w_8q+h)BM7i^zk4;qbG`T*(W?i?_YRWo5l)35cPXMwD^6a(v_L`i1HWUHk
zRJ6A!+r>#B`qg8bWS)Z)-(Q3EJY=(`*K~D@1v*yZ5vY4AWAgGDq+Z(k{9Zgz#Pk#(
zbS=pGq|Hh{S_Ik0Jf>MJ8}kcpr)C&fre=+{lg+Y7s`u`tbG25vy>|}*8{>rg1EM&*
z{=leyDkt}D<Snc&opkC70#pyFe%hyM{Jv!S5Ty!doLcx16g}>R2#U6&@;Z#r4Z$JO
zbgsvv!|eQOppn|7xy1glmg-}=zGv611ie%%9V&wHj0i-vnAodD_)I2=vLIRi2=uKz
zBIfBL3Yw+N$2FYJqfmU-zPLr1a({1WM*KwsckkO99qO^XP4SRhalZ_>wc-9WD}L_w
zS)X|MJMiL)M&gw9PR(B}W(yLttzQ{%Nuc^u7I`B%5Rh;&pNA!iL;wCdxCF?pyR&-o
zDE`Zo_mpY+wq&PV>8HS&WT8jNNVR(*uPMKG0s&AxRMBuaiw?lOfH9vggMhry<Lmh#
zAlU<FKEhS3QTfxcvEyA82N7kMsLjUJNBkW$x(yO^wp22et`Slb{6Mj*pw|xr<{xdI
za6}J$g2<VLSpSGV|7c%U!9l@Q&E+-v>0yz{bNo1Z0Frgq_=3ZVzfO0jL$|@&!QL3%
z7R?ex8R<|aJYY4?(l}!}Z`AO#ucnHTOCek%QM_%dEv-lQ7&ExClk#e$y!86(Q5+QJ
zeAR--D9^Tez`5p=rQFege=L!A%S8e4%JT?>LSq%|@T#EV4rFb}XvPVjMNl!=O-?|i
zIp$0IG@jIkYU)j#x{aQNFr&Ql$B;rfF!j5ct-9<(Q-YvJW&Tmny=&x!HCcuS9sV~D
zO*!PeRk`wOoJ35Of27RC+m*r`60PVN=ThRbQ~?dD&CWQ0!bJ62fsEChi9n75yu%JR
zW7G<g!n1OEXKI3Z?0v~B4n;Jorgtu5`A7~4^&VxdTe|T>2e|~+`Oj?P-XaQ^#Gu3+
z^uIaiGEsxNz=na(B$D`8shg5?<M?x{a50Ts>gpmG6om!13BI3!!GB^C-zfh6$#97A
zOa4U`^9@^B7UhE0^OL3!qhqcF6$eS~fZ~5!hW#uH&8K1pp3A=uYE;)GJjY+MJW>>a
zR`W5%{EY7hp*T4u%h`84UVnAI5KUO@&N(>I+KQ+;0GAy^uG0A!-WC|WQGUB;EN!(<
z*#BEQ*A&W1ddgE5GXCW&a>(rN!@}*$!u#JQQs<jXqy3}YN7~9h7pr>+ZCdur^w|Gw
z43jtMhl6CMNkXxXxp3XSAXc=+9Phd9#^{rP_VxDYxz?jK1@8?B!YHjAvKB!Z|9uYZ
zprLN$hevKpX2qXM_k3S|$JONU?6WJ^{y1!?Eu5)TRZ$PROiDe@h@ooz{xwJzcvo@%
z=JQ47GNDS??306F-@io|AmF!KOBq4~v2S9*``2#K+N*`q@#jeBWy@}XL{oRg^@V0L
zFv_%_0%!&!(>Oe@Wf)?CTws(Y-hQa1=+yPkl71qY93v)J3b%CdL#(?6A$L$s>|FU(
zmO-j?{N|DP5k0sj7*KEMokh_pOx?-swyztwzFTED`o3}mNf1`Wkdf0XT+nCLuJVp9
zQyEr{H83l+yR>VaPCb`;NYT5vLmDX9Vrn0>0Y81|ys=U4G2d?>#Szw1t>`@In!8wA
zr^=~$-wy#V6**zU9|sHF4f1^p-m-<MXUfwo&(O$Nao+YqIlg36+Z)yDRrpP=2wHz+
zlbA9EYNc8lbc>N;^YrX~*F2EL)*VWVB#<W7(j9so0Jx)9Rqy;U1*%7CY9+acQ=CTq
zm}chc$3VumG9;M0A=tq^g{i44M#!REt%ALta`a0||0$Vt@nZ*<!`L-^yO0X-lcG^9
zGr-sEh!^nw1T2^=Vo&}mL-V3cAvV>pkfY!p@JIxF+GN{fRTY*UNIhPI&&RPn(xnND
z=vOwV_iOjP2*Gf<B?5YGvNe~)nUS>^oZgFOer#UNL<`SNxc~d4x+Ju_5eNEo=~8wz
zo*6G;#~-h5$8|u)MVJHpB8G~BOP~;284Lyw_l%vtGoz0N3KRJp(+$MR5V#qSA_fVK
zyPVNUyeKY<1?fvY1jtO1jTRtf7|HOov7M>oRST~FZY6|kH*5^eHpd3w%T<(gQR=@*
zB@$znrzy51l&|<fI0+dkfMn+QehSF!yZ8fKW?$EfsUfEesnpYzE>bx(O*7AgMk72E
zN_f>Equ`4zgRLQRz(f=lINdM}l~{1t<p@7T#%MeMGnsoIzYyT}ef2tY?Q%ZUX_LJf
z0xC$=8&@u?s+hq9YmhonS5^hQ*+<*?vHV-~2G~c(=#7((BE<As(>>=F3}ChQ9mC4{
zro5S1xw5c5`vdKJtw*QnQfmx9^}>mFFSu;zm{|1`z+xg5#0@vL!$k}Pyu8u$>bcH;
zc5IBZNwJj7Vxn5Hh_Sh5n&Vb7w2S5aUgM+eF#zjnqyrHinAogJ3w-nkLZCS39Zq5c
z-OkeZ8E#;U?C4S1Uq3@<m0|Fb!P|xZs*|1Q2lT`q*(gV+flaUskBW%?lblTjW>}%W
zW+-N0D>j6P{#gX?I?R(Lz$>+Lf3b;KajxqejfWN1t<w@#Fv#Su^qh*k?z=+B`zXc}
zmBh>EpJGox6fFH4<@LTFxMx4E5pL(HA|VA6y;BVwkrBvMNIkB~i*g7(P)W$lT{1^!
zUJKmGQ~lCy_1oE7Uv&khkEG?wkXg4Kw9VZt?gFwB7=`orr(90jT+CfhPW6=amEOna
zvg_ib1a-=*f4pKz4CG-yY>2WO+@|cjjVc4sA;oRZuhFIuWseioK|ui!^E00C;RyYt
zO8<8CTvn3xovT#NWYe>rr3FCFZ)DhBvw8LWd&>ri!xH>x%@jNcGU&2J3skeC_h-U7
zy5p3{$Rk)`r7^Eo9mc@QBdepW4K6u}K9m_eXI8@sezyib1ZiQ3-f<4FidIFpiu|6r
z4$pjy!U7B^C%z;XILppKgO6LBVQeeg6#|5J;Rl+r03{2Qp8~&|E+dCxdU?+ERurTz
zh|wlR{8Dx*rVw%YcxjKa_m&K^mt!$1B<mUubg_g@QRZ0lNG=FuR+9)U0XAkUkiX#p
zw^&c)3N+PgQu>8ibeyHBN$m=6UBIjW?YBbSBV+uFcd6s;Q)B#|XQ|`g4~$_C+AFut
zm6xt_wVS7cSXJPKpTx`D9`&KS3^iGAu~p$0&L{PR%eSu=$;Q3Q5p`|?;vi-)A&GR#
z<}O;0KJ4Dq)CajB%TY+$uTo)_RMt@y`{y}}Ezc}FK~?bm(+d_j++wT7m|zie|I?V*
z!zTU;WLQORecYNlcCWed_3M?nwB_=Sg~_Qipzdv0<=%|L<=GpU(#z?gmjSqSW|295
zRpR*P`jcrv?N>(^fy%uT2ip$zz(4hS96NV^k-T=3Zu}uFZuQ}8*BH|kddolHGJGSE
zk~rTZ?151A@gFV9oP*hmucVF@PnuZ0L`6TUbgmc$Cso|^u84dyw`1mGHp9vYE<|e{
zArD*wS%a(^`K2mz7^6%)?up{AX}X%xD#74G6AT;mGa;fMMJJJq2(_Y->2Ifu8yWcD
z{G@ivG`w9WUkVu(Vqp&C^s0~v6KpPSZ3DVhkvtu@0ly9}KNh|3=@e)(6W@>EyikT;
z*d4Rk>R_hFKt84HGUu#STgt`{PHvtEMH5MS6$Jhbi?^Waoqm^&9%l*Sn{;{Pl8Ttt
z@S1%ANIY-?Ch0r>Dz&7lGVu-k`$qtLot%7UDH;u?-0#l-3u2p`oao@ct|6Ridb=pn
zCw4Mo{S5$acXL9oEHy7StbcF6O(4H#-e^%Yf-A&mFu5mbVa=nICBqdK{N8@g?4qxP
zh-zQm9*E)(zZQUq_C3$pWHtPnUXRd$=<h0Mr*A3S)1s*ZXzwYeM|tC>hp%I7r^=-v
z1cgl@SD&~=1Gc~4bqPM25hN0g!)m>c)yL2gS;2_DkNq3SgIZ7%sEa$(g9TaQm3RD{
znS^&9HH&BT4rgf>JNgn!@xr<?+@qr2@yrUGcvoxh`)8#Wo_nI5klEh%+>5^mDJgxp
zF$T!ItIZR+r*8wB?EFxtIfVSQ6j+0klFO86=Nt6qx~Q5$*YCTkzO4~lZ0(<itaU8+
zMOqVV2u-NSG4Ja#;9-44R@`q0UbdaEGzvaEV2C6`1~K+oqKTpsKZI1>LL>)nN-mkd
z#Re~%9UI?&5$Qk8n>DcYz~R#hk+-}+7%AHln>yjjH>6t4_cyGU_Jz=JH7L)AOfZ2q
zaAht^xyUz$J|FMUl{i_x%!fP}5KkBoTZ)##zzGv~3lm!g7sI>=6AKCv@2eg&{23{$
zV#`ZMtG;#nbLW<dQwnD*f>xJMq<-pQqR}B^8d3}+TjAA3GbZxzRQ3zr?NT1DHg>N~
zD4ELJj_{v9^@uFPS|*}L{0=nCfvOzWenOe7xrbgZB4F;%SoGUyeHo+#b+IH#mF$<w
z?^iG#h+EY_U^<BoB%wim82#Wr_|)!^3km|ci7tH%Q4lnx4Z=xMjn`ucT6*NKy=Dx$
zfe@oV<Met%h@I_&Xd%R+SiLG48niL#&CO(QUh>}Jn>5S=yJowLb2<4ry=sb6K}uc*
zJti77c_|PhSwUNC0q3eD%+&d62ju3<B(&5|3LhI`iIHK@JaUuKvNZ#_Zwc)YntM~8
zwaVZ=!V-7F5|fa=WYt=t&WGw3^4G>6(CMe6>BQ}7aM9Wuq{8l%E$egJUTTxQS8*o_
zawGhh<SS)sbV8Z=?!M;^TC-OV8OYw{WH3mFtu7yGD8`kcXQ%6BmFm!c+NEECQ467U
z1AN5KE{a@}ksytaTiK8!sMbv^l2su%yCxs0&*%8NMm~}aML_ZqqOa#47-PA5x3pPw
zqGIHnY92`dZf8rcX6Ag~*<*}f@Ik-WV>XZQL8s=UFe?^<=}zk%!`;$epcDasv!Od@
zn*UoPvAL+RJ+}Ce6xwN|T_dUf-r4+R?m*_-{0mo3jxJUtIFzvZx~4R^RT<CroOfa_
z%S>=iOVVOt$T9U7Y1DQbtF-ND4L&GdPhWJ{C7`YaOrBn3#AMs6O321MAyR<Z8z!<*
z!JH___UVXpVwNSHs#S)to+{lO3umPmCd}UbwstZ}KNZnumv3s}fB`)53%zpC$<N}S
zKl8?<D>3gd{Z;y)D-%e4ClGt&$}}7E(t&s+&(-1&B9I;8Xm8Uc$6c!g<F*1cRMya>
z>?L2a<;k?tVBjX5oOk<j>HgaepWx0!pT^pc1hgO^Hx&b2T0EuWC#x8^QX!!^EEOQW
zT-+Ah)sI8M?3kddwy!d(ezj7AC!A*QG{kc|@M=3)Q;N*a4Q>G|zkU{2`Abo`#3B?w
zL8j&+(mNK+aoLZ>DyPXnw5;t|oSm`u`}etK<#iwl$h;U<PSbA0eQ;3y=<mZrMT`}8
z=t&@lrtPYcW3}ZKF^!}=vza#u=JZvb4~u$Q&Hcf%UC~W3gZGfTLbSG*9?^6IrO|SQ
zEv$^{_s02u@Sp-@gJOnh?&nU867JFEAMP&#wcR<bKs1D$=bzGnU#p8QtXG!UOulx_
zKYHnybB0qcs0Qlb{`1r^M-BI@wAkBc+N!G`#th%kh~Fm=>%Jy54_ccs)yG}@i&79e
zgti)F8b5@j$ea{EZTVrhpK#)HrZd+Rvi(_zN}ifbzV(@Oc&++f5<%Z8H~eI9W5m1-
zam)v7E??<a@F!o+yydT(f0mN*&Lgf_(>o`;+e7-VmqTzoCd&R{)nP`!UWH1Y4ky4Z
zeny5NbEx65BkFAmk_ikA9!wJtAp5q}#u!?KP7P|4Tatl;VDSskx_Pwk$dcDlVeBhS
zX`0Lk;!HD2^zD*pl(I3w7L4+oY!Sc(&=3(*7YS8Sj<3@w;yt%PHs|`?A1OsA@~1gx
zm!?aE^}=w^*uQ;6C>O^t%Cy$ji(p&`OUXJvWJ$&HF4DBQ!;)wHG5GoC;QsH!zpxOV
zkt^@GFl9|l8OvlnCstZlCS|pW8d*b7e}`TBr>Y58T|+%5L;8e~mlJfizb9oav~zba
zr*3Pq7OA7gY6(U1!k}x#<?C(zx9Ep=$n1~D8<61;)gHRVCBi+Q^Bf;`3EIN$V;5=0
zRh4%j==z!161zre>5xweAx7_p$mNf1pQ_UAgs}JQUN$E`nlave_vQDymL<`I$3}yE
zBMDG3ka#rM=O#jA=u{5XrSs&CjL7;7$Rc*psVnvXBz7cp+Y8D@2v|-umyrP7ztEKj
zDZl5Gj>`Fgg@llTw!V92EQwY(31AtnN10ntd49=UjWXAw0;!#RL6;V#R|{k#ycAl(
z`1-P7<@oM3`0P~oo;Af_<LoqeMe16FyUou&My%C%osG82WqJ1zco>lJ$CXRhSIG@U
z#w_MKJA$4#p_FcVIl2GpYYfst%{N6|{pJ&1%+_cld7FJ`YA&*9;4PRvtw@nUhTfB&
zN?161oSiYPDDD=_8egPMDDz}%I)5_u<p0aCydtD_XDAt+=6BM{iq69wyc;7&Nb4Nm
zVyWvM+Vls3Qg<%-Lz`d;;9OCu2UXiL0^`Ub>sjTk4@1swhDYPLRmsQ>0Q4PDGU7*O
zFO0V8aCDUm0CjSvlJZ)(RFA3nIpmDZa;P6)ttf!(IZ8-v5vfEM{Hnh=*^0;`y{dc}
zaVRXPSQy(e(QPJj_9}Qq3{=$3gkO6tz_p@E;=OwEPllDIhQVs&8@6)YyH|z{n%v=2
zig1$c8(JndY#L+X`pqueH|_v>S|;94Nru0X-RB%iI2pfw+8K!%zoyw4xgT##lNDPs
z00G;HEl*QI_Jq*1NoAg_W-TX*8`ov~a^m@)xew?BQ{m$nx60|Zj&9vC*#aZ4fXBvp
z#{}@LZ6;t;$@N*qeZNg?H)0kIhIrPUC`L7gbCto_o^KT%4$x3ul(nP*#7}BB^S#%e
z77+0Cz1_x53?C_-TGuAaj*tA!TSe5a%w(r376?(1ZWD4Pap*XovVJyifA3W$Ftc9U
z^QT<Nvr^{VW#jg2!*D+jT``&L-XV2!thz>W*WVj|)34hUH;4_T;82vk=l$4-YX7et
z7faPLey2JQsp1DOZ}f@&Rs~Emhm1``lDzPlj-06sNl(9Wk`}$(ZamonvSg@ldj%j>
zoq)O&Q=n`9DV477qlUoe>vK0BquGHtPb>=KW1b8D2U)L9#?K5Z`}J8{^)H?YoOy?S
z_%~O70@E!{sC4e`{upx6!xjMZ_^tjvw}w#-_P8u~H_LpwYv@)gx-9%>Aj<VFU&an8
zBuphEh(EXIDGl1^GSW(MWGr$OR~*lMA@;0oKYIOAm}W39?haT<!GomuE-~B)+}o_}
z+7Iy4LS523A)u~;T<*C)%r65*zO@yB<k&5n%cx&&Ut2%MQ-C`q;@<qk&OWC)(UPf@
z``iOXn(z_@Sy0>BkY#+aKx<>VeQ#fgp-DKJdo%8@BaeH_nie3P2isqrQPdc_-ws)|
z9xlx@-Qw)VRppp>-U21mLE2evzVAI|u^qt)PQ#y<<0e|M?nxF@$@C5DSsq*(ZU7F$
zs<UxLsdhtC>g#dlUYspAI+15N)>RER)%L?zdYm}pAl}`_(w``nyx8sr+STIAMMK01
z*zPz0_mh3t0kpqa=<EjPcmChF<K08OWB7Tn=X0CD5%<h)p|7jx{Fge>>$)PLWUP68
z37ayjZj5t}Fj?oWW-r-Gm?$9D?JXLE%C~z=kSh&w$wEn-Mo(|Jxizv3LB-p)8mPU5
zcwhN+ZL3V;J!~yRiS-;!{(B_hN^qUoheUl|xKX;@a_!-ytTY%Q)nWGDxT3%&fTg42
zvGk=Q)Db@L4WT=&<&^udd_B9mTT$0v%^jql$!MRjTw2{-!aveEnbu+-Tz1!BmSuXL
zj7zMj=aQ;cQ-A-7nXlHqpnCmH@Fk@j{gb`u-|xF`xZ^9AEn7ZK5shA2@}Ri%@fC=k
zo57r#ekTsS#fj-;eIkDP3lsbMcsg+_CV{P$y*%ha&n;Cg<Jw99{7wEtrQ@}!<i^M$
znfUWr+6U^^ohYb(sebMUp|u!uG@KZ$kkmzD<Qjgt=+d(}_^pUVVsH)rc&+S*mDYWm
z_4K0G1Nb!WwV(Odpc5z|lny0Iko(jf`AdK8A2ol0u?bX=TL?6Vt-q4MyT6AfwNm&%
zx#CXjIASU7vh1wq0-1PQm2fXi0o|$+e6`}2@#B{fRI668k>Z!xbSs&m-zV1GCqC+l
zPi<I_(6((x#|qJ&;Ll|^q<f)+@u`O!StnVD(05M=gn3OuT|}Lgg}hX5%L%w~o!X#z
zOUZyH1S_{MPDfSORX6*2A`Y6qKQcu-)vMg-&L{1rv57<qxDn3;*m>_n9ZMeO8(I(a
zzGH6YqW(L1jY;7a5#tw;T?dcF-pMkw3P3s+i{C8muOB`zc1ViyTnwttjbYnb(1I8R
z=#xl~23?J5g<Iq@0!<awCAc~jZ+u&@Ml#t%WCUD^=K@YV4$9Ymx;5#^WII$nV+yX?
z*=vaIY8YE<)OlBu@l=YoR1rP!+c~)KW<^9uQ>6O+Q8l%b(h;}Z^V}Z+JXihc@3z{u
zEW+^H6&!KeWdy9Ms@0$S(~@NBnwCifzirJ3VM(ip&$N+|WZt1E4!cGk++^<ld0zgR
zTa|a6e9j^Bm-bL*S$7S&Okb(@hF{$#dbY;9_r`)4N%46->F7DARB{rd<2rR<H}nSm
zZjYX}eL1MdiIRQANSAYI&2L<FAt~rrVUNgu)c&!tM0?sWgM7vEW2oLR^`FGIcWQ+e
zY^x+}V5;kIe&F7v&5+c+uUgl0`bh5B_}jfgO#F$Wk|$OMXR39dXteLew~RL8^gG1A
zOm*)32^ZtjBbZN{9m0phbXW0qbO+T<@0&$@3d#I^)IZ_=2aSK!*2}FAa4G!rF>m6-
zeZ`M1I`KmUYWs`RR1S{=y3;>No%C=zi$8a-rijl)!M>rT9!1bZ4~yQP-=HBYy7G%r
zWlZr_c)iQJOziMLV}=?=Yz~p*s3OPx4K=ajr~;3-if@G^(nd3-j54vc#3dSx*WXt=
z-PZnU?jsBYK3mrA3dVJr_-lh44K<Cnj)$*gwA1huj)zsjiU^Z9>wHE>R)+}1iA;5n
z=6&;wM;7Tn!OFa#gy=Y~l=U1c=vq4TufV&;Awu34I4PbdHp+LJ{>|K5+ma7h9qw`G
zQ%U|D1boXmyL31pYB(%^m$=ifzQ0FUQm?T4I-+)U&_RuU8b@QUdz7HYGwiKjvHZiv
ze^iaKDLF%x_UZeS@~#$|@-`Qd$5e1}T7nW+B!k+1>~_XZDi)ivf;zfWMG$Xyj+SD1
zlHQCCuWrl2&K}>}r+wHwd{cLaRl}x<5Ur*7owE7chRa<4Ts{%;g;QQ%X}?Yt<<Ew_
zpWlRULQF+ia*be*3MeWdM+KpkkiJJVfu2V*2al7t2^s;YSMZ`yu~Ffs@6mgq`n$2m
z$vYJLKXd@1P99Oi%HMv6mtQ!EX?XKeRCd09lJq>`#{kc>!WTZzxsz9Vzx9Te_iToj
zD?J*EX<UkaEcE;Lj$J5lP8@aO|3*;gw+H1u{f~Hq5)$tTVdWbZ5*o_f6qRK}7+_Sz
zsFMps$vZ-<!j4WDRY(c4>bfxCe`v#1sNOep3~<<|s1sZ~L{;H6XaOmr>iT*}dC+ut
zdCydMd9Izf1}hizRp$o=*f<jd+ya${yNv;cvXT-)s|W!K1t|X8i3>CL6d%2MngW<b
z7G*AI(`6zfN6UueX!A~3Ke(k-j+S9wkCx?jrX!-`Bq@95NQ$(y;65$*mo)DV#|0xr
z{cvbMeF~RZGnbltuub@3=`YD<mOHfg!c}=Bp|$AuG3NHOZsCvlRpvgcLp{~90K&e<
zAjVjf#1F%$)p}fF7F!nxVuRwgJ(7=<^oYZLl(_n;(Mcf=MuiTFO8=^HG_fl}y)ssE
zweg{!1+~mL=@bxB58g9adL28lPN=DLtlAwrMZ@gDe74{JHWo_Hbz$F_%3|o6<1yqA
zDrhei=!kx=_1DDt^mq8tr5x_pF|(93X;Ww}Qiq1ZxgxGuM^mO>kqv)85AR?xdghp@
zcCwiP_j3qJ41Ip#l;6U*x=w^fjnwq5YP9Y6lJC$nx-6FE`2WNqACkih8bC?p*mX08
zrQB$RE$(aUjXF?g6vLA2awc{09K>dPR895TuF&e&$vf}wWFniCX#ZzDZd-yHOd;R>
z8H*P^>T%93rHeZe40%KSs`bt>E~cgYkTrVJ`t-@dvv*Tc>yi{$-SfqSvWhmGqKftv
ztMOUxJ%X}I`NrPj4l4*wxBEquyb7Hs5!?ia*y!igC#hAI99ErMgOP80fvMYV+$W}0
z_M61w&L3cL_Y($AH_!^ol1IRn1h%gHto6*@C{QsityQ*7Y;os_*!bM~A4~V9nAS8p
z{^$u9hDf*Dv^lhTgKg!11uM}c)BmnZ0{cr6jh>tiB!ZWg#I%g@9LcMKiJ&r-BPgoM
zWQ^$={lxL1J71$fv=vp=Wt`UN32hO#O4TDxB3M}_4^Oun^~D(4o^YzFu$-`J=mTGr
zK)3t*&(RadHmEiTSt1y#KMCAzKvkvf3T<Qzv`aMH62VnIiWYa4YhqfLzoGqOhb*Bb
zI`+xp?!t8RWF2ZuXCy_HH*X?X-k#t;g;3s<*)NUHV>Vd25R2xp>L7n+INcl+v_^q6
zVhc|OeyGsGPd`>iPwEz)jmfLXYApW;P*$mrebp+%w9OPUpsccnhpJ-W`(FbpB#V1F
z<EurOY@of4nmKwh@ExjvO)Arbs)`kf@c;A))Qmc)8Lc0oww-^)(hc;Vk<{9(h59W*
z2Wm40I^5oGtVv+3HyB-E3V?17P>`(gnJXyB;x6s=b@XKK46X6`HW+#-JZ@4}&6~BE
zSlm_Wy~9~}x;et>LVRl2EIh9n;dF(u0TNnd1W-Wx&YlS79b&M!dng);SAmXL59c?{
z)Ni&5cW&rgDM$xNEz?qL&Nj@j0Vuz_RG}#-*G=}#$T`Le`&1QLZpi|YppN2*d8%2G
zte5JmKsix`ma9c1VI;zhXKIX!t&z*Z6X?7p=NrbD@gYg~8vRUtm2&wPGp-HB1N>IX
z<L>362wt#|?sfuMMIh<xRqAO5tQHaS=c2lMf#pj>mMXa7m?isFpIDo<pWS>;mqSSm
zV&f}*M05N_^3I_2Zho~@QC0@`sO5xie$ef~H>^=6$8JMRY7Y61N4S>r?mHXyhsyz1
zS2ED;cI=0$HT{gg-K&x2nq(kAs4MqhdrxP^{qZhoWPFv@*3R7!rchJx@`O#lF6@9D
zPNTENdL#}UKS~g#w+2$Voq6zZX%P1;`j<}M-Nus-1uqhPzj}!EpWVVsBSU(h-Cn;&
zAXAWEVuIG>`4U?V*~yn|^hZc(FWrlRLMrRvuUE?36Nxm&{T>Fb*ZH*~{CD)cLEsT#
z*9aotKuzB3Jl~iA%tYb8<<qLHwZ(BXEzW6eOq!JgUtjLhNTOGO`oahn127pbw;kbs
zq|*N$$d-{h8}>J3GU&5@tVS0e>%<C;K>=;x5Ld*PAA0HP8vb^5Mv&PR&4a5Z$?Y)y
zGVaYX_fe(JkkoY95r;U7fp3ofcaxXD<o6740#yN-j6-3|$Zj{Qk(A3RC+C@dUY6<R
zbAM5PkhvaY(I~<BTUS7KB8$=0+njpV{iGp;PvoR5=gX%3`iv0+W$=p#UL$6R$95x&
zGsBaPS1@Srjo7!nlBfnl`Mbu6&z??Tjkraf-6g&}A&*RuSbC8t`2=x!#~|ZJLOCjA
zXx7fy-R(Exn-_O%o6u2@xlb8s_PhqgK_xc4LdVg*6kpr7J0bi$_u5WBL_(-ML)->>
z;Q0K|w_?^wv(|rQo`HPL-WJZj0Jhp}L(E#OKa8+UPVpuV2qtzBo>PaVw}d`Q9+w2^
zj8<_G5>6mi0el5D?*6QZl}Xk}?X5ff@%>hK-iR<C|J-$cPO?Lf=n8Qg;Yy&*ETtFU
z5Z*_N<VHMHhc2;=paI7NllH#%e7pW4o&H3jYKYpY@;Ko3v1Ob=2{s1%TUwN#l&`x~
z!Ng&MSkm{*N(mTdc|LFz11(Ee^53<xzY5LEYlrk+f7dQ$F&q|I@gg)%7`H1)Q)}Z=
z3oS!DlVJ5a6sAmb<MDc$bB$*3d^0gOL2&$TAKi*k-h^r18^ZVy0XyFyR_*23yG#Us
zT$fDH+CBWnu69`VAMZqo6~9r808eGi&Cy~;BBC=E5yU-HLgaxiw}kzl&1CziB=|@R
zVUt5XN$_pp_s^!<WLna|L`J%tk@Y792DI(6@$U%w<jX=ZFt|0)o0AYb`cobmK5<dQ
z7aI+$zH@+7@-W!;IY0~y9w;!3EW19TD3cO>8xwpYW#YRS82IC#xl;qY-z-6bff`Hq
zaXY$peJ|>voQ)fS{U<Vv&*7R$=64M!`;F79Yzy1ah_$==b<o$*n<@MVjxzO)^MRZn
z>>7)m&b7EOZwFG8eVea|M85LzPV*kEyDYOca$Ya%5oh!nky81+$KU%Wu_IAa=Six|
za%%h3FZc`#JW!6U6;tzYrl^;Y7{-Bj+?F%*vjuVN^!E1Sdd>T<)gl+|<E5|5j&Z*I
zjw)|ExT!R{W_N9SCopPgYUKe^9D1|bO81)nm(M++UU%ASH2vU6w>@-lZI2#k#uZ=Y
zjqUuTYP}yUh<-RqR%;koLmafVPn^SgI0t9kE$P2?4`I>KUyo)cqC>A1{Z8c?e%)tE
z#m7QaAmnn71oD@mLk|dqAE}~B{TL+peRmY;y3Z+tuhvx-ZUj!Akr+LDVJlC_#Uo;1
z`)j1c?=%Piy{j&7m*|q0uMRbEu?~ouvl~a(l?gkQGoDTJsfGVCRW9S8Yl7>rnazF5
z&ECC75tl9_4&~!S=w{30GK+3j)7p9*Uzzdm&w&v<)*t!BZy5R2Y8MX9$R~A0l8Y>g
zd8}#qUqh3K^<~`lcJomaxM1fZ_%gn^-Wv^FZEG^r#uJ+DBB-_zT!8EszYVp}XuC6Y
z=nb`y)gJKqwZzyjFS!&O56m{_fb6O2w%g7KL1#pf*+fg%Ukpxu92QE0wtL$b*k32(
z-=_Xax#>?hvF{l#b^co~eE&Op6N0*k@BOb;dfc1WaNuf@d)%8-#<e&>t!FhDTV_*r
z+?$MOsKF%ldVR8pZ-Y##=jGnS8l@$fWV-WBR4MRR@Mv%6!kOg`qsXzEH|=V}(E4~3
zbE!NS&Ap=Im;6)otkM(A){i&0t-D|HNpdCf=N@U8hf((YLHH$xb{X<<DwhIi51uO}
zUhU!XCC1Z9KHXjw!Yu5sf=ljQKEg6VmvAfrd4+~2QSwnu+lZhvUb+lDp;2ioa-wXH
zAw^|X7H&tbk<{7ol3xi2e>wEpQ-c9AgZQ9QNh*WNQ+$w@IbUN2`ZH06UtoUG!-zU@
zh8)RW+rkU|p=X7-MFNqBDGRq(h*t%<;>bCgm$D{Hiw9sNnSH#3a>PwCPLoBGC%tG{
zXJ0L4#7%*)%HZUwfp}s#S>6|sPrXeD>{@Xc|9p1+_5DPRetK3Kk4o6oA8+{`wf8>!
zgy|fay_V@ZoOQ&_fvifHVi=qWO~%XzS{-&RMx#-VN=qOxBAaIS7Lu_W;!yqhEzRC(
zr|sp-IjQTMFwaJR!wxRU<9#ATQ$}RthcDwuxjz3~){HK#kydVd{BG4M-yCo90&-*H
z4Ls->i%-s(I0&a&QkOtDdbcy0_!yRrXN<<lURu-bwr=kmUSET3EuzLxt)Z)N3(&3A
zgp?(&rk2ufn+KuH^E#@{`sg7=td)z#^vp<sx1rWo-az8#m55c2TMElWc_H@dwyfR4
zPJRym`^5FaG{)v{OSEScwbX~<H7Ltrem`i>Pz1IqMcXzbq`AbA<6V9-{_N-p;2nwS
z<e%FucPp<J3gR7^?c_%pW)MkguG1upc$v%jbFxi3_3ZO?QRYvemz!i}L>IX7e8tQ}
zze9xeP$y8x9ZwM?wqaESNp*Nogl#D~K>EWr>xtkAX^eEYi5ja{zChR{yrV0^aqnvV
zv?+!>XroQiptmx$XCtg$lkUpNKm13d%5qi#6u}9$d-C}*A_K(@7u$S-DJjpxXWj*0
zza)Z$`Z@+QBhP*Yqss_Dvc#oxDH$`?2d)N%i6;f`Q@@wD<TLSr)0E_t@Nm^57X0}M
zH(q$Dk6|zUD;c|E;4;=H*dL8Rw{lW)MZ#{ZBXAGn&X;(B=i+q=fu%;<cHe@|ehytN
zbrUZudkNAeMkC#rYri;LwV*B%)&AK3$<S}W5nFV~RMM2z#AlRU;&BgV0(Cc~PVHE^
z!&@`v++|PBn)68gXmkSEZcJi_`5jzT#fcdS7VS?c91@mRslMBn2KFW|t(G6^4&N_L
ze(Tcm^hQx^$`;J~ipPH^9QSM-|NL1RQedP6fiDy3toMGTL9eOo?@4vNOwEYEZM+NW
zm}hXgpU=^vwH94>jE+j9DI6z#!snBhOc73x`l3r|5?~b_qMA&z^P4xlt@#6ragj=!
zR{T;wsdEi@fdC372`;(ibBqkJv!CV1*`MK^@{GvFz@{C&G-yj$*6wjXYX&@m<%t`2
z4_tf>T#8W$KI%{^TxLV38Df&8k7HMhn(o!*2R2MBnTYy3g=4}G%VP~+Pes!oRviMz
zJSr@WI6gHj%**=Lc>LV=mk+4!F>3_;RMub22QgTD2|n+y<5z)sR+2A<6+U!p&Z~mE
z&Cx>9d}Ghpy)|IDG#Bt#c>4W5u#qLEt;!X++uM_pyXK$rhq|3NG5iCv{{1Id>O>Q<
z9ZcT6w2}Na@=i)}_|%~g7%52_a`LPwBovfU2Bh+Y(Sz@WB0D{?QO|9cg>TB9(`(1F
zPTz7LAX87loBVZ$_)ZTV+M3$X--CiC&O?ni8E3}OTAJ<p$Q}z@VozU3!q3jWzHEfW
zz&}{1fHMQ~Un;15MaX>@3Wp4Pn1tnRaVtW?DR)Z;mzkjK9Tb^rqfgw@!xv3!`e*RA
zND7I-K6noJ>&RQpT4g6y)SHEV#FE4tbK{T3dDR#_uZt)o{FizAaVBc%9Iyg6;b<ZR
z=sD}u@dzJn`sJ9$UbWMif6|=D(Wz>SE6a2E3&{zKrjtNj9dZkIM|2nJ%8njf`8^p)
zp2=r8R?!B<dIzOcG5I`CuSjd+Gib8yC0vYfGlYbtOk#_Woqa-bDQkyjnK0vXDXWJV
z8{aM`j#|rQ5;~(RA($(b7|oD&*vunOv13oMdj|h~uMlC%O%$CBcm(!)O2InD8Tk<3
zVv^A4?vcJuRKP7}SU~X)#P<J(vA2whE7;aWaSiSgoW|Xq03o=$hv4q+!8Jf2xJz(%
zcL>4VJ-9UPyp`;I&pq$`dSmd-s#SB=)M~mL)~Yg%5B&WRZak;QU>)bevZjR{;v=6U
z7b_L^uft||8~f`i3bLm*MxzTS=%F73!@^mxYUS*cUP*z>v!%}I*g1wjDTS{B8ccea
zTSVQokuJud;e<WAMcqCiv3fQH5@`?}h>b<ks|Lhr5PA4E1g`%mg7^`eZ1kud^=F?r
z=O;ZZ{##Dq6dK_HW%R`qH~Z6%_u^l{;aZ=gNqr}~Wzlp7@3YYe?{_|o;@dY3iXIU{
zn<u;<XNGq=YaNf*rsOGj<7kYwoDP@Vuaxetw6^tnoZ1wq*+lUaz1^hR4B~>LpT{5W
zq(byCjtPuW;}t;Ub*>1^vPN;q75?}oAt1&YWwmQw6gQ@3h?U4J^u{_%Xiy$ws@UoD
zsU_@P#@#oraY{4-k1cZRj13W!&6TisE)N$R$CL5b)q%lbC?*+f<y*P=$ARSITNKn)
zuUk-jN%`-YarXFdb&ijduBueCr|fMwnl-bKqKOF-TChl1$AeTa15e6S0vSlS9j5x=
zYM+Xsib=RHUizq9Xas2qGm+%<%{N<J;T{zfU<WfVj4XteIH_@H4eZJ6I|gJnXo&)W
zKZVDcTJ=QxL?y9Q@?1Q7MJ07r@LY@ntt|=Lx65!Qc09`cVJY+9dk^C&E8IeVqUR#(
zm+YM<A2uo=-!;gOj`bsah1JA{Semj8Kqg_Ee8PZU@^6A$_vr5)jl=(2v4mv^b78BT
z(R{c^H!J7@zq1}&SW#s!qRpyLD9_IpLXro$hMLRKT9vR2$c&P!%{|@yD7cjKHmucN
zUkAeXx$$}Hd%kU7pTa>K+OmGbz@HP%a0*3LANPkv4HLHTk~ckhH<atd?jIY<%X#LE
zw%F8T81bi(Ky+OaI+L4lICcW!Y~5lrHU_R$sVpz!-R7nw^b-%^a5&+6RPOhbZ+wiq
zmg3d^2xoLKwWPA}ev1~HR6PcnsL`t?n`!d@CUqQkXUW4g+OR8u_4t)s7~ePFvq6W%
z5zszTy~nQ~5ba`u^YTwe#eVlgN`<MjiU}sNQx;yqhV5bm7y4oUox9sov|rzv<Q6Bt
zzbgt4Om3JkF-c^SqWG{$Pn&?Q7p-?$;B`eZNvmC1Ah|A+&~>i{bXa3T*8S?V_%b)N
zO}gvWlvi+viHf3Ew}wRj`s`9dVumdozir*_?yW7H-HO@B$e=A8$(mUX@(o7sWtA;l
ztR2U<c;UR<vypqgljy`b4;Klk2FypSo&;vmTP$r+hc?JJH|Qmz+5o;4l;5igzrLfB
z{Dz9P<+(U=8>NpzEWw``_No!{u3Nm-XDnm%3ky7WpRCSp7Z%7Sz*uIphYHQ$hA%2<
zrFG`NjKoW<!r>}m#g5#m5YT|V8S)-3i(E^j3F=YME@x;5$Y5RGBDPWA4xEOt9oar*
z2%2mwFTYzz-WMK$8v?GeshYTYC<j|9_VC7e#>G_b+kG9#7k9#+tCnQm_6$bH3ef3p
z39RV0LpqR#C!7}#3eW^Bq3QXR@D&faePVBUaBY$c3`~9#(y)VJo_=?<GzB|BtP`Y7
zS#eU3jodzd^B`-ZnFK;XXs1T4XFhxgxrYw{icgRBqYTmd+cPA;w=}kl<J`Z1j?eKW
zhIva}Ce$bcxlUSp*3_53nHV7wv7=^`*VQ@mK%DYSLO$CJoR;n^iNeTWiP>oq@yIrn
zEvjZsYTU?3NDS|lT7O~Id<$%va~N2O^mDE{>lg($Mz+g(7$tFEG}f+_11AMEtd*Av
z2242B<uPAq+iBF5B>nA+mH(r8|7hukTV0+?=sz0xkJkL7Er01WpWn(@q|D26V>(V!
zDM05a&>R{7j?NjR<fAPQL!N)eKk2_?tt8#@fOsip_q(oBGj-UUdHXhPp-o6LK(LI7
zWYY~8<suNx{40vnjR{<REL8ue|M;JN?k7M_4x;Vv#ngi$z;94(*8T|iZ2&kCdRn(y
ze!%0CoQ~tzeGK$v2FycR@2t?IA;z3J5uszqi^}Rr`-7vF#ocTnTHSNE&0IkN!;~-!
zZgtaK-R3RY(&RP3EPXqTb5&BnP52w&@}EL=v@OLv?>JgJ4KSgR6i-=HVftJQp%D@f
z17JV3ckGu-n|7w+8k`~C5%>6_#2U#+u^kay<U8%Wl@2V4ru+rSM-y9+YvQ^#p6q$K
zNJ;v|ID3eDGF^L}+*YP3(mA85hk0tRz^IG2`Dqd4(z<pB1w{5<W)hv2si(PV<c$eH
zTife=FapRs>X?()wVNa$ivGVkW==EJrO681=Le<*tQi8)*R}tOtgUOiE5jdVy4GBe
zKL+z7{KuBvd3iBKfYzambIqQNYEOwR^9_0>XOTl8TL?o8ot~xKmdqC<O+wY?>6G52
zLF`ISGa=11dkP!Pv}4}QCVfjgH9bq*N$8cNP$Y!KN=`M37J9UnY2w_$Mg|m|zXAw>
z3-)c(-vJ$KWnp@joq3gw4Du!0GJUSy!1%S2p5<T|iA^I3jEyECIoJ<SBvS)Wkm`N;
zawTV>SUNz}j{cca*0XdA{&wn2zG6>Vr*9c7d9hN-sf(kTW++Z(;1tMv1O+Zd?(foS
zQ-lf6aVTtI$CRqpw|sOa>v1d87K2?$`ol#J_}IS)16WB(HENqihsFXTdEYvkWM)hC
z*9LvR9AJ+VwQ9qyFn3S$1Q_ya(YFj=|8It_{HTonZ#v5NW$L(8919<~R9p*Nx~)}j
zON(JY)Ggk(exm2^I+fvA_+(QL%&vt3E@nngWmJ!x3R~uo|HT>!L|HU@D&w5G;8w`D
z+o0RAAD?&(7z`%41mbF<t>i3jzg^}(v{Zz(w)LfxT@N^w5vN`@vpAVf0?okR+iDVu
zp#qBQ)Ex_3rp>?H&&^~Z;f8LQj`TXnBqQ`y7yw}|?*FYpX2_O(9Qud^ObEkRqOfke
z@T~;X1r%Z<Lrho}kP&fTa?P}Jan1otrcQSYq~U~*szHnx@`jQ?E^J@i7PxhEKN1xF
zN;r~H{UmRznMMQq0F;-mNCL2aRTjqyIHpR^Nc*>TAAzVOF>Y+ea9x2*shJM*$oC?u
z&ug@=nC~6e>mXh{N$Muh>Zx+h?*k=jl`+rr4UIP<$CweAzEiF?3nH<8?Xbvg*N{Ut
z1&({C<ti*V9&(}5f7`^LzG1@qR(TE_cJh)sBfaoxL#DNJ6usLXwf%iKd-lF)Js&?x
zINPWhRA@^9sZrXA71?}y?<X_&)nO>nw+L$qy(se00E-uQk|$B@&9`XWYdX6MxZM8N
zghGTj>-u6bJZhHhLDl%f<zZU3ErQl_tRS+^g^6iZi}s5yA)-lV7i-%LXXKpyLqxPk
z%igaMUNo7BI#TGuOb=eOMYLoe?(1FV$8P)%$EM}+D%Dj;B5!b23Xwby$Yl+>96r(|
z6>0&^A+>BTPGQ{mIcnfRS=30iXa=<`Zn(3_2$V9NtZ_Wb%tIYHI^}hvTD53&0<~;T
zRU$Q}McVScns57f{+E-=IWJjyEq$7igasDj&vprabq1$W$kzK-CdIOH@rww+ScKX!
zene2JVASUPoj{%IZ@2JJuT(7H;>x#1C#zB1W-9HnoO8v*)(B%$>v7gK_9?xZguz_Z
zMo{+#-;!vk_$co9c?e$srklA<_1Uw2e>pSw>Bhi2?@#h1H(53{g|PTW@l{P|#pk;f
zvfxl5i?8?3GRw|P?XN6|{a3Zv*XNz7*o}<TkM0^XAV%QCGPH<+Po{M0N6nfy^998M
zWR`lc)v1SmLT=KGn|QCRV6RaTSidbatl1sZh+$;=_?&{Hil3j$-{@-vR*sd8<DcyD
zkq-2)rF4)=oR~6lKP5!tJ%u#=^7NuYbWW=8VV=brhHD!!<VT)lNwl_3d+VnVC8d((
zcpj-o)TfiJd)^uGXx2%#yCWrqI#@UWn`CYr;t5mb-$*6g@OL?o6O_>;Vpm>OQGPKh
zC3(=}e4i3r{Hwyt#OIxZTIuj#D+~K0y|$)-{Se8F#KyQI#xSyH(mVRbmXOIlv;>ns
zMvOUS6>_(cw4+T&PNlUgzYmbf;=(;a*QN|7gp9oAFcwwsuJy+^)TaDOu=ja4Nt!%>
z%IJ9&6VPdZ%c12&!_RCpLn&R4taX`fAnLCZN0loSM!hjjI%x<D6Mw4R^`l}V9qx2x
z^t?A&&NFo+mt7ZzoD`YE(inu2)w*N~J_z<{jig34Ph+{pje7`meb?$9wg@4mJD7PO
zCs0!vKdfWNS%FFU=}BP_N?6A}eqj_#2Z^a^m~Gkt9A6Yc%z#vL(SFT}&Zn?~gIxb=
z!-c*S^l?zTEz~6@LT@YupIg1{ZBhX>=M?uSr60k>&}&{(*n1SZ{!o#li$Ns-Uk(j^
zG|bvKu(8Spru{1KaLL9?l7jioB(&YH-8ogdFv$(NAZre3a^HIqw-ocST%I(~rJ~?E
zCiJ_E)6B2NNO#mcoU(BE<*{b5Sr<@g0T0SmgzJVv!J~O6YH(Y}uvpatRR7BDf*rJ0
zu;Op!r!VP{gQmISL&x1Z_n5mq6t?SMAiPHzYM4+ydylRR^xQUT{s)yno2AJdt}ukS
z_JV2FgY8Lh>pZM%p#&j?Cv|q`MnhHMMi9PaN~Ry6w`VI&X1HN$w89KcfQDW@XCUHw
z^}CDx3WehSL)9ebu{%+-e^X$&E)(NM6GSAmXk)YGZ?hjBe+*N{n9X39%0*sEjA4f#
zK3dxFxbVdPz|M!Br-l_@K4I$DjgqhVkS?Fr)c;vE_*W6aNRgXrW4PD{%W(77fx0_O
zqxb~#_se(Mu+=$DIH~fdhDV6iF!t;OqNlJYxV56r3)2i}=BK*9VHT<Et@#qAyyKLF
zC<{~Of-QVND!Gn^1!6m$QXzxB@klXGlsJTF5;Am{i9SlW-`t>+igXt{kv^xBXdf7*
z=NkX#r%b(OOs!_Dw%Ya47^|B(VKG+W+m*ZK!Kgxh2$KrlM_lyBAR##Z6E?=|D8Gd0
z{X6`{k4ZrpehC=^-YBab3!;y)rx0ztDkr`eiiG#BRe^FJ*8Qa~4Lqm2+i6gCll`}P
z_7QJ6V<NF<;^|oRiRg+BQ_bI<_za3BpG!(xnG#pie283uAuG#Nc}r8xRxO{^bsgq6
z&r^-S&4u?A0@2-ME@NJKNudtJHg(3jw_k}7A7P{_67ySU2a-J5px%5Z=5L(nmi<qc
z-g91b!Q9sDyR=!k-+cGIIf{uV4X?y%F?y47$){x&&eYW8>d98%)L??tQv}&$dPeQ|
z$mEfD-l-DgG39a?=Y|3LV9dd{wnCx7#bLo9f%BZeRCttv?2j+o6j)N`^+F~&d*t4|
zI}`%w)dHvlKXZTSVUByy!P=q{g^Spbbv&{ur^+O)pb=@gFN*##=PWQPXjVAB$q1a@
zx51^Ba@rR*H@a{x$Y7MQyt_A-)!iqvUXVwPTDLhw==qpPg!G{}E+SO5b+%;2<g2XM
zi~z+H$s?V9HRtO`=*K8H_7Szu{v#b;H&JlO9TsHAWtOO+uMwz!{CIf!Gq}U=uPge0
zo6#&g-&JIhyN%T2g=1J(?5~JVEFAF}+YOjgp=pDBmy`N8?wW0YCpGMzNhVxjwtOoQ
zdY|+#g3(&ku-{uMk&dcrKGBq1M5yCS_WM}jtS=)}?`V9+uq~r059&lU%GM33IvkNM
z+oXgr)C%$Ayk@EB&7M7BD4PV1<ZMviyxt`$V+|dCn5SQrRP3xnjmkttZ?15<Xzr02
zAx!I29l0g8+tcnxnZSVd2VyYvfozv|+RLDX^CD*Zc1Rhx*c0;n;?UncLfQB%#N5Jp
zN)1hE$o`G4bADw+cWP=c{RfKALv7&dB8#9_`a6?#F^8<Z?cHy_v!X-!aJ9@WJs3-f
zBP#e-0p->ej~I^K9l2i1=JrMMYUR&sGKScK8jwDIUtc0;UQOFXYiT@BB202F3XzPa
zm7(W8p<oNELYDJc8QmyD4_oGUk0x&z<f-!HJ=%@PJo)N+g(q3kaWkAJ2i*)RLr=Wt
z`o`QjkVT`-w~qsjWytnTVThAEu8GoU$B>KlS{*voCE?2zwSS@^2l`vu*amDu*Qfyp
z>mipoYK=+8OXtd~sQ^jcljp^Q#ytAD|5~?im9F^eTWg?i6%lTtF!G1{a^YZVL2mwm
zAcsp=Xc`-YK{n{Ap>XM;q1IF?jWavU>CuV-jdWv{#!=6BEgLarI577f;bfLV!HJBu
zul`Ty6Z$gIVpX>W6A5o}rmv=umZr0Z#K=8g$YJ&`i~~h|%siRxi)SP==VNds)8_8S
zly*4z#52Q$5qz@5%nL%kbp@Z!A;r%&sv=g5c2N`@HDT{Y<@QUSH#X8dS0U86(Z>?d
z3Yw8wr_CkH1=r5UUUp2B(v0o_J@UnD9J1pBlOeHoT~Ch)MIw`qGU~({B{qV(c2(kl
zxOwQ58RqB_&j>{UB>0rkS2^$K(5EC~W`Vh7vw2O77L~*Gc4?m}>g?>LLBCGAyt;fB
zo{t%_GEG96J4=7UsrZMQvK0s|WrGXj&kFZg)q|GWWv4wj`{xW-AoO8YOE7vZjG)<J
zchf1MU|M#F;Fdc-lc`!9r6G{xaICYko}oa0oE6xL_{K0dK~hbP0sgcMq5onVDE2t>
zBoA%gZV9o5xdQbfRxzY}+!}sgsXd$U`p$o*TgfV-p1~4fLHA3sAMlLLXbokB$jAY3
zy36+DRT)L=@csuc;chPj94}$AybhmN99tsO`72%ViBSrq_v^_YGbnlLCDMMzYV1_x
z4!)m@IH0A0vYg_y4xPLIs`N$tSGkRi#C3Aa{^ZevY+_8l>gk}rWvaqXSN(XNW3epa
zr9ds4nJhQzL=BCTQ*4Le`c!{q$CW&^^E&4@=A8EY%nwQ$?Y23$w$O(!h>LA$tU<zF
zL*23N?+SjDV<v5n-;UnB6MV@Eye>91{Z#sV3JpEsYee=E6eeM6UMlyv*sVxPKua;N
z$0~3=vaU%|ov3r+fva>cqq{k!_>S?hUv%rWv3p(-h4Eol6a%qyO}g*h5jN3Q_IEh!
zMl0xcht+PZArx#v+kht#4%U4R=(Q4UM@b^1F+^w%1$^4GWw_=)1%YLXgtX-Px*Wja
zqpvvT$S<+sTDj)-B9@ztiOE^M&jo>}G$A757$q%L=Lo)ykM?L<#=-t<D7&fHoB4@w
z>-?5E0z!0oJ5Tw}wgc;NgzkGiUrz&iiM9hdI$4!&Ljrqq!QB@u@ASk&WOo9`4Dq$V
zA%SPJ#myj+#hb#wG!_)>i5U1lzP3h>3vjh=ztvGYPYaw<nUkVY7s87kCy&I7U;J`~
zhabHgzP!Y!9dVGj9GTPJOjNlZ{h+<c*1a)_vv)gkZnSsQ{V@Y8a`@eMPoLbswo1qd
zRxo7)kyeigV$kPH&JYhA(hryb@CFh7T}NPV3*=_VISON*m^{S6RU+gL4fGnKD0m*i
zVTlFqmp_}*vkS!HU0EPk7vTZe7~+1Pha~z40h<&N!vEQ9vu)!YcGr7|Qhy$Y({s2;
zMVNqdKOTo5BoVj(X@C6YM>J@mS5$~kT{lMZ-Z}Umj27vjH8a`2IWKI7_KlVroT;7J
zo?lq(fQnxYWnMlMzA_ZPLKh0>eN}xcQ_0So9TNI8i$`~(E%Wjq^O7p_qEzVjO+`e$
zB>U$qi`vn-#t{$g4I0DEQ_`b9{mnW3jXm9s2>s0l!_CzD%*UT&3cm1#!as-gN>tt|
zRQw}UvpFoSQ>2NVe$)-09UthJu*ERdHl4ZQ_MpOo*M3n5<jrP#ES88=&Wcn|^<>VL
zD6du`SE4nB>RQx%$k}fP_7oY1P9FQ3T?`$v4;R>^NU-ShOZ2lPdh@0|^!|%&4yy=)
z+~Z0&FMT~S)Z6PyH;4ZWFy-sEKTIHgT*Omq#5Vbd%_Au+AqsiyxO^I6taISLucQfQ
zIB=&ox_>cOZ}$;@SfGfz6Mn6AiK=~pz|BxHKks7!Po%i1+I;vEv7~-cck8DT(yH0w
zau<h<+}RDUt{J}u75@$TV!tL8|1S2WD*hY3H$SS?{yCUHeOGe-=5ryVOb=EjEZS89
zn1p<}=QAGVdnt6$=!lJcdF*vO80J_u#}CmFy{%*y4$%=yY@k-GfbEwLn>I83h<y@Z
zh7X%z0TG%|pvVn0C@f65jC3Q4<6$53ZdHy9$nPw!2pxbwg|i~1v-X;^n{_h2%f6`3
z?%yBpz9Zg$DCv^_tfyAg*Syec%e1y04!w=H7_EEr6}~(e9=X9I$5a*zkx3r=l^Fio
z$}$fgM_~{WStsqMon@Xt150cSJVm0MV5UW0v#TI0$3XugHr9YPxO;aV1Xs^Jl`mks
zB;pm^r|#$|c=3q{i?o3)e#ToDKO~{HJAST;L%+6^1X1sJ>jZYZvcjB?@vv;zgsAY<
zF!IDz_2^CI2v|VCCMPovg??LR@P0AC$2<JkJ<<7@WLt?(wem<AKPn#miy`1~c(b){
z{IAvSMa8>PP{lr)WQ*)9#)x=!cTNQ@m_di|G{PFI%HONXV;ijC;%8VH8<o<<k$5_b
znc=zeGf>=S*xVd|<w_%HROQLeH*LbUGYswBhwH=CCAfFynpQT%CdfQCtb5d#=2M@W
z)UdkHF-#bWic=3#%%DEHxZDd$JenQdB;lT<Kx0>0BI~7?<*|=RY<1WM3QWuWmf=vA
z*iS8Av7HtvQ1Ha4(LvqJ2w9in02Ag8KQ+lb+Sd^!tj8!2aEKKQO}89zFlpUu>XKDv
zMx?lbkh&;W+A|~SR#J!CZrosZ<(>QFoQj!T0+wmeh(5Xh!nF@ki0N}W?Hd%9Z{P6z
znHe!~DtBBBE(cXYg*EaxN_%4+#@S*gZC_Hie2utA1=ad39WtWtwvPXvFx4fMy*sgd
zuXSjnMnz;PQVqFuDQ?$P%ktX{S{w3`-i>cM!#PYn{CoZkXs*TvLn^>DN)+nd0cW7X
zaMZ5W=-sc|kz5AzEc-au`1z#4*3z#LmhVq$n3KQApPTfam{8~kf7fCh()nhWC*B%C
zf%%;8Exy%Z5t?i%X-A@zVt^!=ZfC668qsUgAZlLs{0{4sLvHszyObw3--(#?mt*@#
zKzXirW}xOS-yPXb`6I^)geLEeQ1<#U>)m)eC?%>~Aj?H+F?j)Bpf1Z}I&~pVqE6OF
zr>vS=jogVo+sez2WEH6z(aFzDka^_}MIXitd-00n!>{c+0#KvL;*~1XzPV*l#8T?*
zv)bqbL5AseBqNr#E~z{AY`M=zTxkZ8yXL-moCj20MWM5I*A|_!0hB}pb`zJGsH2of
zgr=Uki|7S{`{nCPoKc}j_U0pbt?z4J@N)N-8z+G$v2=Khrzo{S$)-z;t$MW<CXErL
zHr_1;%-XY{A&DqrEbS*ZUOg@SO^2<o?@{qkaX4$ES47U<J;eo?G3{hnliGVN3N=BL
zCs7m3k4?`{{(3(>K;p(AuNPK1&c;SLMB)}n>}H%5(dA@2A{F1q{EH_(-k##PgC=9^
zl-31>r37O|aI|UV@Jc$j0ZL~cFG8%$^_ShJTMu*f+j124<I=V9M_b#56ol*5`jxGt
zhs<=nE)fQkv4ayrnVg#31MduN!|A2e8?{2eIu-v{68NEFJK_pL0ZAr}M=Cc<68)!J
z-d;z^AA>Md`%yyjqm#}B`kfaD1cc_=PGE8Z`a`SHNj#Dom-SyfV3$rNaYL`*ca|X_
z1>8mU>%vdNN-N_asLYYx^*`?}c<vyu2#GfBWwNg+WJ9+J6LSwvW8Y=!Vk?A>ub;^+
zZc><|r8KR@=YIS+rXr<1)F@Cdq&eG;_$1f!7XMXbRB85;*n(Nlufv-B5pDT0%J;X?
z8S30M)(7H<ih<5`t%?c;VYk~%BScwld)wAu>s3vjZ0a5>QE%4%&^bNY{qUWl3+bon
z!^}QRsODP5%|;Zm1&>^WuWb8f$_q{};bzMr?o}{@vd)a76pOI4Qz}87bnNj0XUJ%=
zHxTR+!E<_wL{Oz;Rq4zdkFK}jXt-5JX4`poAoh>p(ae_&=ly4(=QVlkxgv-M4l$lI
zL$B^u&+R)mXe3f8NH=$$nwGYR-VnO(fdLRRE%zSRQK=HmlV<n22J`kMp{qho#L_^r
zWqaLXf2?t$nuQLM!^69k-%Ml~9fDxwsKDM!?9D4<EPK@^X1eY^YEbfzlmmsaNERu`
z@srOKbzu?HqbdR07<Ap4Lh`?lEc5F52fVVmsU=pwKlaCL)qHK$ZG6HLlJ{Akp<u0<
zm55TA37Xu-B?@|BfcXp+r*A1v%fK~NHyh-jUlO5AjxY!O+>p!d^`O}zxE6xW8p#FK
zt&HsvdQTg;VV*P*dTB{kDi?z;q)Q^=Y!DnxLBH9FdRx(hU2n)|FBfyUgY8T~k-r!b
z#7E`y#L;U*e><!*C@{Dw*q(1}du`yez1<%2XTJK?9knGx=|-O7HO^Z%MC$Bs$ySDi
z3|~&T;I<X_|NTDj)LG+hM=g_WcP3m+c<g*8_i0HF|LAMEB}XO(3X7wG=LXx1XCSZa
z0D0DW)wNFU^)mmAC(*r2hrxWn9bIsHF8ZatsS<|JY-J*0?4MfgUoZY>c<`Ne(a;Oy
zPUv^XTVw`#vvF!i*-8%O4m+DMrz=$q)r|txPJXF-ei&9g4_v#D3?{dghmF6NyTs1T
zNx%{`xAi7&3aJrGjla(rIcmg*PXZ6ea~pDsIb!e3d7G<FB4(WF_L~UC5l$vh^DMDa
zmS()TPCqOwuvc`&8@kkv37xKO5*3|LZLlA&{1~!a(KhFLWt{bRuPXdqduY61aNG8N
zLg=(<OJs#M5kva@Osoymq7W{vjsoVaketumtlbiN0F#N>SX0z81rpO9(FQO7L~OFq
zsP!(oK<K#adGeC(v;}BA*-zPQ`;>j=QSQVGB#i6P{3BwoL#`l->};V<4$5tc05mS#
zS1-&%FxtNlip&0NjHMo#bGoC&?s~3fN71<|ks6-mBJf419PyZ|W$<NBJc>Q113^h+
z%((v!o<cNLeK^&W%ig!qS%7@ExDvFhYX5??eCbSytdXRBnYgebp<plT2Y18msBNE+
z?XTl|xgFqW`U@ph#os%%ZvLuB05tTa)*$`1g;k*Fh5mP}<p#USO-<ShHZn22bFxIC
zO1ABgWp-B#Xg+Q8w&Mix>{q|{{jKLQ#C+yRTr^2OB6A~>h7={(kHnm+5mqY!=BuHg
z5kt6;Q)ps}$41A`rijB1+kDE1o1CoCr<CS~IN-f0{4Tq;MO&0iMf>+mM?j?^7SZ8E
z9*6vIp~TyLLqXct{CDA}))aYF5yti`n_HcrvqCX379*pO2w8?;L{<TeaL?t=)Kbbx
z%ik#)s4l*=7_@q62!aNmjdemI@=hbVbIip8<@|2~-cRoM3qjL9vtsbx5o0a$fshPk
zVFokJ^WHo`NN6A^mTdd&&MSGBV&Q=|1sG!%cE@Wmtbr~XsJ$2YoUVxNVXAJP?tYFR
zDYU2{$QpIfdi$(|qYftPDLa-g3x{&X510!EIYFLb3C9U4qkVNyk%4L6eFl}$EEmYB
zicMLN4AFw`cfYr|JhovXj1A#u<7ot}fiH;x+t%_Kgr<2OI+zz*7Fa}*>9kpiFfc=D
z_ny%a+XK?wYddn+MCN(-JybdSFj)SvG=rvNO(|~l1X8r_!o8S{&&<bL$y8)bs~9RT
z*$Txnn#E!!rXo9n#L8&K<E_4^63B#+QVSi=^+KfS{=ls-=7ZEYqFbXvf%~8|Es-gS
zt<EgbKQSO5p0vNeyrg`KfG^cY2j?W!F^s%<JW9>2G^}6{R=yp(a&!2*r4f){%gFbr
zR_mXMFAVDjv$jH0Egcmfg}iGcbZK;>yoOA$RzT^ZO&AfPy;DlUTOxuKk7irD5}Ruy
zp!EzJiv8@W7JGq@(<>DGdt-~FDzvj#h`8-tXi8dhI8qtL6n>Ery;rSJltn4{f&&!y
zv44Lbhi{?@O`Wg6*k>9WUtvdWq7|oj_(vjsM>|F$_8oYCSEx#w<Kdx6=2VJkTN=?m
zVd(h%(|A)A=PZ>rPsjGjmySnXs2bo4YxSGb(al1J{$;H2FB-q%C59OT=kp{ni36hs
z=Ki4k{-z;q)?>LGhtHauK_#H^EUP>RH%+4fHLR%Ov|;|v4L+wM^HNfLZdSkYGP3q<
z;fuLpXu}x6i@C`_#ov-$-|nx=ScFMyHxD=}mU!9b`oSghHdJyP7%7t8y%qD9sTt6}
zk;OG3Ywi5!Eo-@m4~JVPtk@axJcI<l>&qk>_KEWub8S6{mUVv4^{M1Moa15qE>Zy^
zfbHJAP{O<ukT(knOR(m$)Rl@9X8i8_9W)UZ<`gn#B89iPv6Z`8z!_12AVN`wnE9(s
zE%<9fqDQyoG&<C`n{ciPhMj;ZoN@L3?jKCl`0$Kn)l{~1-|PKlqy>K0YWr81;farb
z0q%_x(|wewUCOIqdRasAmW^w)`H0cMlBSMup1baU4RcgpRl^f@X7!W->v^-`PIyW(
zFB{lYoazyebXeGZk}faTz9ga0MtIknLS~30_l*S>1bmKMKW~Inu}?aU4T%<IFGlLJ
zLwU|0?C0Y$fvtxdTqB&mb<ugF4|;J+o;&+Nh_x}7a&T*byg8`UhE}qsh%psnUk^cF
zl+No6d|2Jrg~%^XZ%#&1Y=pp-=V7yNjX0a_yr04CCY_P@;arm#Z(bqvi$mSj^DKKp
zXUh$g6eATdi$z0dgrS&Zqr;{xzCvXXc{tWkqsgYazuOLf8&iDkdKh`j9#bTdktbPb
zpWUUIo885cvARU!;`02MGP_$rQ~;{7Rj|601v>tF{t0Q%b^z<ypOWjr8$~4%?Oste
zvB~mV+H>PfF^F`PjO$?>=on4{9n-gkLXbcA_cWi-w6t~&Y57hyd3l4}0?<Zj5vWQ@
zC9$gzXdMdw^@*&kE+c0OK%_YZpz~$GldrRYCzb#4#us2>03ZNR2%rK$6Tttgw@iSm
zMNwYfFO`AoflSlt(&I1Ot(@|BroFQy{iQW$N5MXyO`M$sn^d7^qFrE%JlR!7fT4o4
zotECDod>k4v>m?nq#eFj7rre2NE^G@{e8;QZqBt1nb`fvnOzT(9GD`4Q*|dn)t(Ws
z95v0*l|_}>4yPMIidl&!FfyD;JkdlKXlZas&zEI*S^9rSE$cJ3C43S2ZHSW~%MCE>
z4)C3QWn#_afN6s3WxF1)KX|ZH{t#v-?4%+o#G2Fd@nuzkrPG+vV2e`sRRNbB_B`yA
zS%x^CfmsyOBjAkfUtq!Mg;nASa3z4VZcYgu+9BuKjbC8BlcvPak%kmQ&Mf}<d|CUC
zZ@PS0J8OJdPme^q9?UV1U3^1Vm|Z~B+%h9zJ;$`a^NA<+C71ZJ?mp4|B_(`WCA+&G
z>!j);LsvY?K>VHnG4}$D>JeA$dQ<}L{123z1Qla6oCNWn=7=ZMoPhL<0BTR%odiX2
z09ikJoiXsUT7BBiLx}~~(3R>G`%oRr_nn8PgEz_8{dRonAr733|IUoy6<V<0_aMQ^
z2hxp`|L4EN)Rifw)>*JBLfPpr`PTzTP3vHolb}C3AZ)kw3%m+cu_Yv7htGnRFY9Y)
z+D@vBLhOD{5=VxF)(E(K=x<dX?EiSgipa<AduYa*i!EpYHO?oT06(j$?eJwuF9H>8
zC>{Y5zio_x<)U)`W#kPW;M6A(PkdwpQca}^WTWP9FRs7YNigvlu$BL%f_Q?>PX)F9
zFxW|uM&Prhj=wcjd`JFAv2HDan!3cbmYZC4QIo9UY(YV8IpF<V1A4uat?moaNcO7R
zAHsk&rfJq|0ke*~i{&58=QI!{6exXb+ShGIxLCgSZ1MCy4Cl<`#7PYx{)IFttn8p!
zL|lzAPG!CsiMCucC=n2Zu&tiCr~HcFY`O-!$+1|GF7db9TbqE2IBJisaZd1#9M*fg
zdcx^uf!e5#-4_ab#e(7T5WtRc=)k^`b#l97?D5GRUyt}z)<Re07~97rbQDXyH5Mn{
z(rk_2Y_KdT%12%`>f<Zh*80m=<O?FI3E*Mcv)ogpir+rPbzq$29IW_NMs(|8S!N=v
z_u#7i@Gp*NbWfA&LOuCbJ>R-vO7X;uW$AARzxY|%{hAre`<y)<tbx3_-z0XYR4i!J
z<w6?=&;G&`sP3Mw<=GVRyGsXRV$F6N0;kg+(&9?4+7rYsVhxEs&Jiy%0aJ^hx3t2|
z`=rV6q+^F8tM|F@bx08F$L~5L#Y}VKOF`t@QcsY^a<yTa`S!=4O!;cr4Mfkq=R-&i
z?XW5v50T#-;7pV%*UShFSKM}CSJ1CxMvt8%x#*I*E!%fJZE2hO{runI7(Jqn<W^P9
zd%R1>`|XI<t6V{Tja#m1_IZ6iMC*O$%NIuo>o<%$3PkIkSMnJG8$p^v8~x1>xb5;+
z@-`{<J>Kq}5l!M3UhQ~Z@t-dEYiHeUJ(i)c{8uhy@KO$Hx`TK;0wc<BwJ!cJu{th5
z5v^aNx7#Bc5GAK!)o<Dw8W|r$A+LKQ%e9;KS$oDs1bZ`j;M}F~UXc*3zoNI#b_p73
z*34RRw_BgHv0aiNuRnXst-8j+o`-nL37Ypkoss~5BoZW#Gz{Lnq4d}&5GI0gLdbxa
zG0Tnk9)g>~ftPmBF$v||Cx-O}FHMv=@bJD9#SAX6CDj$3ipjvjcuOp*KnPi0@N?gz
zLvF;Kt=1p~)>M=ngr~O-L^@(Wv}7C%+5P~oD12NYw4W^5d$MyKSf0VIFI~J3$-urq
zHSSbes|U5i5?d6=H#r|crMTKZ@mSbv9O6T~-YBr15L{m&VMnasmBU`=Cqt28IlGHt
zE504RU!oRfYM5l!I{`Bv3_k)}Msj-jl;iMb&Sq!&?9agDbhnA`T4O#XxGtolxBdY!
zOT~Dbl31>i;->O`fYxasG}4S38{_adG2iZCsah#-@-GY)-i_2>?lm47i;|bqx2gFu
zW{g#ar+eaIR}&!~#pL!}yV$Q7C7&}&kGv?Era!;I;ZGG=8^_m*ufIWaI{y*$OfJ@n
z7}U0l)pOv78^f|BGeDn3wLhI`w{0rsWWVg*+Ce7lgp1UbuC!O7(q9?7zkQe^$VBbJ
z;uq!0;@7}ML|M+Fzi~Vh?G1k0lzG<K1Hcge>_ZK}QQlzP0{wwzj_mU5ce2YpEA)q!
z|BXtrOK1HLyZfy{!xOHs@!7{n6e0^a5`L9{0zFOiheAN$t}STz$A7W0iA3R_3oyw5
zW&^+!(EG4!?*`1=0cH*XGh+cJF~Iyg+X;Zs*4JSc^&kLWhc~L=;#r!4hS6|7>{@2!
zOXFL-W24qU_e^t8ehShj3OLhOIcFBc7Rh1&?~KmfgU{M7?q=`7)H2Wam|T875jY~R
zID5>3;}N7HqU#}wRtnGeR~h$UXp`srn6U^_!{h!qQnIQ^#TUixA(7m{I2P6Iq5V?u
zj`Lq#3@%kzB7OnwV%gyA!8nnHze)^p?fHD4?*%deCA&C}L&b5VZv}s)a6~%K-?r|-
zhGE-7hGm0s*#-S^*;PP$9!V;)5lQMVN$d9<W%YcIrw`t#avg|cY1$sTQhL5;0Zah}
zxJUTwFQ&*V+~1br|DqD;xBLgs@2LHr-ToIJ7=OkE##jKon415A6VS#b-GeoMf_GRn
zc7`?pXZ+P;NZ$$xMTEs-Nd3POiukn&_&oz#8~Ydn!iIW4?*3vGaLi$Q2(7yEaKl>T
z`JU;B>xHG#`tb_z@VsSv=tuMR(8g9Iso@_0Zmrgj+JM===DZfJp~b;FXh7m*0Y%P0
zgyysh*ZzP9Zw>=-Z+$=+&;VB-a__+ez?`p@_h8-c){hK8sWbtlhJaH45S%h!4IoGF
z0fBe_jlmnR{MWi%45>(e1nFBQp~$NMz&i)5bk$irQn<)(NCLbK91%ai4nP)A=nYsm
zbOEdm03})dFMb2<Z(l$-7)@B$=C)<~92e}K1!yA>nM?@iJcY*`5tP>Z(B%Xq4!Zmv
z{Nv>fSLD?eFs1(A82`rU<o<k*0mMLB2HyGW_kQd4P?g5^&?g{p9smn`;2j3QU1}h{
z|AEZ&eH-8w1K{%CIaNSH40HSAHi`%1HufV)yCwkNvw;NF0&9U5D9LxA*8c;5ClBQ0
zZ=#<71?SEKab1eQIt1$ZFX&Dnt3JR2F#GSK__tVqMFju9uKzBkN=y;IXhM<BejE|u
zh5wb8|C1k}^^<(L2j2lvC<3MK+5{>B9LNN`FoD$sWRwyB0|1)8>!9ub4SOKlU86t<
z?0|3|5W6D)^M8Unfbjo6D7p^CZJflCzI_z{*86|(?0W{hHUOlb+=EvJ;HqVSuqA<Y
zFlt3sYyUgFMwDVC>RJ4k!Lyjmn=OPa&H}|v75idj3s}?|yk}|!|G4&GfHiWLW<gn*
zvx1nn99g#S7P>hz2_Fc*4Vm5etJOtD_GRVkgQKW`V~1}nuR~T>zr;Q@XgT8e)L9o@
zs4qDUzkRlTds!p0_0x~EX8V$e+l9bPn)wxx<WyekR74jKT9W%i=;PM0R}3d#dgM+_
zco!djl5jn{AQqk}M_s{5*Omz8QTd#i3^dapne}$tfiB$L#W6LN)6>8k%W3Sm8*u-5
zlPdr5c{EbyJlz^gZJXh&#a-;#89~_hv%F*N7`M~SGo-aABSv)jFc0Gf-nk)4CqKb&
ze8GPx$XHrx`}<)pEw^j?sWo$|Qk+?1djpF1#)X+6C*C)_%j$pd#e}RFE{U@kLxO%;
zsucDS9WDJC_&iOE3vr*JGq|nw8Ddf#Wn0UqV1{biP7L-uLkDhY{gV`=KXkLG8U|<n
zCpAR_Ojo<^L<EU8da4g>$~L01-Abg8pgGJUEmZoUDF-BIV_q<u%#1NAOz*dMFfGW&
zL30c;*O5><&D|1^Oi}$(n8)H#6c*B+zwI)!T<plyFQ~LHgZ&!mgZ{Wy7v95`&$n*{
ztVq=K1`zA%`X8`;v!al>mRJ3tow@uGk@1uxhk#C56#h(Xp(cc#H%Ap4dKwW8C6M2Y
zH)R|DoAmBf9OGT}PfyS74&Q_nDYEWyoVv`!P-o}|WzkBi_rs%K%&C^}OTLsG#FLi(
zv2qR6<%SVKzG6HQJK%T6<XEHb&dZ~MDP>Avglk>ygKQn3{aT!QJWk|PuI1KVtVj_^
zCv7Bw_Hr_{3}u2WqgW$|8K`oHWu^Bgfe`iDYAd0XBl7#cIaLw}au2eIz!*W<386!s
zM7HM;Yv3f6k7E$Fx{AxE%pP`163Z_+y&<8-++9>nt%`OGV!TGnNV>aa^+=N-Z_xO_
z^Q<H>VEo5#omrZQf?Ft8Cd_ZhFXXRKcmuR4;ZHA@N{09WQCFJ=ETaAkjMPwXb2{OP
zeW$XF3Li_NY#^G7_DRVpN*<>XiU>OLEJk=wO1CRrS(QrZthIiGB;E{QF7M@r{3_YW
zp}@;vP@@ZvjEsnk%?mU<r0Cf`S7*|{^me5P=pp|VXx$&|P&|O1#JCWNPY)7-!!Nr0
z=w!-^$oYbwtC0M?JD!dC=u^v(d}ig|4d<0BInp^fj(|=)yp_K%MB0a(q2~Rx(!tO#
z46cNDI)U9Nu`pA{B!+5=*dX4c?zDKTUbQsN!EcKJ5su~g7~#{=8iN7Jj*N}etRo5j
zEDn^Gikn3W5FmkN^pt7+pGhU;jk<a4Ox>JSI*!f|X+Pl9uzHRZk6d!yzXT94cF!s_
zRVP>8=!_cc9Xo(zAsk^-28{LSpENXr>!8*0z#C?L4d~-$D22Vozfa}p(Tq@?nP%}f
zQRfLiH}<vwPa(REEM+p*qlehRIcv$IM9h)gq2}|Y(e$RmFsnB+?^CEaty`a43#SqJ
z`<~*f`y0kqcCifooUvR?Pq4I?soBE*kkO$$*mmRE-O&cK7RA+55vAK~UT*5Eo`!Gt
zLNm9Kk&szYoWyCSa#R*Df5Vi<y~Q)#XtySmu6-oH_3V~`Yd2xxuA^*0I%sr=ZsvY^
zz`ej9!gexUa<(d}j5*>S`i0f3G}I*7xX4UE(n7&^lx@MbYqte{i%_i7mLHcl-Db=3
zcgFbV-xbW$v`kLtpDOM2=PCw|=7IZr_1*7Qn~ks+vUwI}F#Qn-V_L#m`*gd#TW?RN
zA2)Y3l>cy}c(vRObLj0z!TdV5-zU!trc<4;I?m7F8?QfYryX)C;`X)uQjpiF@Fr4d
zX@j#vjk8l$W&C`jE~n;;gH=(Qg0DM(-x$f(SCXQoJJ8>vF4wL*0JBOD!k^hx%lnyv
z3rLPS(1U6^Bc+|x<Z9K}DvruhzCY3zHLOh9sBV;66B!g2gf7TgZk7LX+qzbKl627u
zn_--a{amk-Pyb1s=q66+Gg_B+B!YR_FS<|43N5ivqt4fAe$A?%1D`gv4>Xc8=Qs@U
z_<!QG#Kr0#ub8d%9&DVce86F#dBS{hn9q;L@=^2*WkhjSVG%ejnjBRwFrVdF8r=hT
zH3<sb)x@co^A|UCepcMaxkbEYyh-tDY&FlA5nTfQ-3Uvc$#L!ZR;K!TK1H|XDtT3&
zT3sY3B~*|pDO8V~PqMsV`0;)3K~${W&E!b@mCIe;m_xEpQ66?Jp|<5xq~wS)myDe+
zY?3(<!$Yhe9YV1h(wa;mu+q%ZnIbg~bk3<3VmKA<SV4-8_zg<N*_>X%0x5ScM3{xQ
z%j$E|ylq9A_@jsKT(^GkG_znX(3a*MU}=<OSe9jX#`^vImUhVa19;l_@O!9lt4-GQ
zw`H-WhK~hm6zh+Vy_$xG_s7RkwCaWuD~}X|^LUcHzMq#LDY#eD?8G8w4Z-rnp@cs%
zK7F8)fsI!){6Mv!iC(cP`ANn%Ki`!%X;ScJDm)NV!&~aXcHcndbWOGsn(2G&Sw+i?
z<##17eCqGY{w?OA%3|83LBksLva$ItPPSa}`#&R|S<OCtphPNBQkKfh1hxa{OkhMR
z(`fxA)TxV)f-#PY*v9G2%TQ}Bl%z(lX_2Z+P$v1w7ZQJxz5mupogtVn>$%GH;w{#7
za~-^r<%T7VQWsGW!spkd%9DH>E9dHftNF=v%(WIz$4j|y#!Yh3mrhk%H--@A^MZP;
zo@UGEdG#zWO7j(XawcVmH1CMsJg@zS@z3k#h+ld<J=J$Dk}9{{9_`LDJH21H-x5u4
zx}Ns^YyG)vHB@@5aE=F?T~ivSi-uk4X6IjeDb@A4EN{~+@XUN0(CQTUIi1jEm9^<I
z)jSn6HFB)1c)r&$Hc@Sd>7WokN<c)veC`im8#F;M=k~m~$&VLt({p`Q&mUAnBN8#Y
zICv)C0cpk&3xJwr4L*N1kbeEiCN2rwa?5Bqud?UA+G9s95KEdW;<8w9RP*JNBECkZ
zuGTjZzmvtI=LoF9{Wua=`PXoA@k@L9GdK07yj5^tXe_Z_rhwOMN(9dy9`0fQIk2&7
zC4st7k3Pre+O};GngzSacEP-e6l|!_vY#nD!HYb%Y1UyVCF4YhXi7qks|TNRkx=k`
z#)6N)Ur(p|+44i9-yd1Add&t~HTaC}9(~4|jYOOi4?`u&;=#laz1el_1MSAZxceRD
z4g9R}q{NV(tgP`@IZd&8@Lt_@{4%sc72E2Ua>8TB4oSdoa}V>d`&c7RLqDrJR(%xz
zC9IT7JWL*+-Jl{xNyu;e+tG2DzW-P?xYq1?k&RL^ri4VqX4Qia%9WGT=fQe)m;B2R
zTAS7VeNPYx%beU#6213cK4bk`eYPofl^%pn)8ay*z~@1?XP7Xgn?tTIL$P)~MS?e=
zAW43!aBJfuuo!fxA~8olSL4)In&u)qK;hRR`4nESln|%qP4d1<0>NGW^!2IyP&6WT
z&+r$$@L8#QHHC1u1++GUSM1*^Y|$NmmX#Och?uhJYc;a{*p$UT#kCG5$AI$(qrY|8
z6ASwN{>etk*cj8g9{-)Z4}{Vv`on<3arWS7Rr!n8h-l!~&8vP%>3!bQhmL4RrtY1F
z4aM2XDu{DJ?6-azWnXR_7u>Bay#=c(GmL2K<qg{sil1xF>eTx>*gIhUvI3gcTWNaa
zivyS};>{AssifkgWi60D`{{%?!H(upnleL8CEpU&e4nOFxnhBIxxM}r#If(GLflQm
zKs31QS{rjex5!c0XzO{hx21u6{6&6qwLOJRUpGs2)RT-X;MrR{h6rh)fp3UlM-J^k
z2d{W*=QH8!jGYGqSK=u*Q`zTSHzJd^KDV|}KC}xB{+)rOj6N)kT(p9&JerqD63mVP
z#UQdY)<*``$UHYSQLHZL_U064-#m$zZ;{Is;GZFBiZczW(52x`Oow+SgEvup3;WJp
z<Co1vhNG^T>fmM~N<k{9C+kv5{J5F*wZ5a~q76)h3;ay5M2Aj}PVI(RA;-wW-5u+o
zZdB^D#(7md#|@-9X!IBS$uG2$+RSo2Q%ygKBuJs|ogpyQ3lsRl?`do3x;ln>{RYFo
zc8HK{p#hPoS<!sxGW4pXmAlKVkoa^K^hsbphilm|3n7MEdHd-~RLG}GXzQKJ?T4t|
zjgs1m^7gUHXYrEuxk|y0Nz%1W$@&j8>VpSt?J;K^QaLXT!pmJ*N}(;&B!A>v8|y)e
zs8>aUVI_x&QexY#r*+~`rqPW)cxAiFKQ3{-3Ptb7bG;CLoEyur2U-uIX$My>QX|Cd
zNI%N8oE^Kj+5ZsVk0Ix0nQTz^WRSj>&qNH|GXU=(L7Fa1hXy^(n&ajm*Go677PAzX
zuNI^2PR)1O!UT87i%mA5S(jP_VsfqO5{NxHrQBRrHyG3t$+jqVh0z>FH<fP-`*wDZ
z-i)T7$dtP5yKXou2-;WJE{n=bN3rR9-*6355fJs`8^iuyf@zD4o8P+n9bV%WXs;vl
z4pLZWp;VhoaXQc1lQ`brfK?PimXC&_<Aryofszbzox7v<JI5)4j4JTFm9s69{MTd+
zYB=<KmhefBTDNndAbJWm?I(=wCZS|}{ig@nK^RBJ$Cn=5f?9gM8GhDv86qmbq@wAG
zSt}@^Z!Mzs!a@gk2rdaEn>8(J*P5Oie?G7k>PRNJlf_Vnsu!y~)Es(ZvI}CAM}C?S
zS@!_*sB2i+TAx~_1qs@h-Z2$N-QHhs-FP4BEYSOYJ!8U?Vwr02MVnXJ4`538p$&EW
zGv$B}YxU}PeN}#H<;y+X$|)`#Q>lzgv#qE2$o;LV>`yz|J?YG5#VSw>eNvEXu57i!
zf{^;c`rIWiS|rH{G09q4Wh5GTNeKs2NlBC`c~3g^AMzkDd8^wsnxys8B=<zAG<CDM
z1P)rVV`Vn!))cpjb<v9)?N_F+#zNi={x6KXuEKP0ikcc%2U{7If%N1WbB{8<rocWk
z_TTZpF6Y-FenB=if!X<RI$2eo#=*qT!qqE&)ne%;&m=V2@U^Q}$DqXes<PO%m*Ixj
zPC*T)Zw_kH{iwDwVYPWqXP%*@WQ{lD={hO-8f90Gh^&w)aF%pol+ozNl}RR8WB;n(
z86ga!!$(_u@|+kiZ$vC6IaK@4P#i}K*NFixA=BL<<uyH<86>4-)jR=OZ26xK*VB6l
zd%*>$55P80*@%|V>$=`Mbb}td6?#>>X|K%tbx`Z<H8!}5W8vDCPK2(fA;tJJ@R#_u
zA6i(^WeX~>6NkCRhOYV9-AYq)3<VtFu)ZDjit$sBTdo_F>o77u*7dN9r`%rnjlTQL
z)coTWLlQw(nx7;KL4Lttqwl8-@+2vkfjA>9E!eqS+hLv?aX-eaM;nV|+yQ<(eJtq8
zDA8fv3O8d;zSnalh_WEe&*Cbp=22=<EP<jw(LTHOo%pFxnVD0Po`?0_!n=hs?t}7p
z5sYXNdRA-r;S8@7>5$O@<_#U)e1r-`@32V^2G4>slndHSM}H=Bow8+mgGy`vRXx0f
z8-Xm>)+FnVb6bgd|0O&HF_9JPkw>15`CtsUG0oz0kZ0F;!kxe$Ho6Ou5ZJqi^%<n+
zO!#!nYWr-9@!)Y=%yIXzAm>ks4xRS68GL^kq-n7Gx1g=(MMmDb^x&%*tQ*+ZA>SCp
z=T#aata|~}`Er}AZvT4;{J`w1a{3FAb6dI1QI}KukDFbq=PnF0e`Zu7Z6-#?|2z^<
zU2$lehEq3?CqKLVq)Yz2uAbenwfVeAm9dik{{Uq`n!g3-hbH07*;RjvKHT5f6y3ka
zo}#Jt6j{c=&xdLb>s6)U=H&04VdmtE{py@7+7oV0Vrx@%ZFSCJ#hjC7)l%E6B3<y_
zr$SZ4YY#53skC-=s$)!^g=Vdw#zAXiAIO8+p6T{ZKU_B7{V8JsvO?ro4lJ(`#-Xll
zldyf-k>xd&rIuasgx#8(JF0mvT|0QGFbM(y-b*)m%t9VHfosC%h}X4upS8|tYxc6z
z(24t%XBAVVS{}C6?zK#jz55%dcqNb2u3)9I$3sF1>&(ISmcXVxyq8t-))uapR9sfi
zbvCXinu}|F16;@C$V}}K!j^1ddm#+AM{R76Hy7K62H0Mc*jj2E30pf0+u<<SHrd#=
zod(-*729JCupO1y3~e)EOR}&X2!m~ljcs#tv2AUD?TEw{(6$k_HWs#hVX$qtv2EOc
zda2fQZNXk?TGvXc{`y%`qVm!F29HX^t5&%T)*oXVI1dChzbH;%JV}eq<4hY@$z!z`
zZz<=RpMFkS$+<p|$LWkGozLUW5hX)syv+ri&*p}96KQ~ffk4Ya)`H$D&s?=)5HULA
z(FEc)F~(2V*VMYlxO{p81OCTj7Dql=UsJ_-kW|8oV~p`uS4DWZS9@=LO=bPw#QgZu
zY6;*c8^FiwRhG^VkM3sz9VJLV&pPUzM?=sr3<@j7r<d{8@?Yx;@dFF2PuI#>wXQt_
z=9;bD5#qG`-Z949J!Ji=V~pvgqW=B$r&&Fcyzj+ew3pTkHL%Sd+6$-YSuM`Nx4gj^
zkJfIi<V^GBrKaZ5iA%e<It*t9Hp!Wp{~>3z-gWx-63VL$`8zW_l!^7B1YE=7K79|#
zulB()#tw^%w)*6S18iB?>ubF6dTp(w={K5!1Rgb@eqU=h3u@1-Z*q_M%btsWN;y4U
z+rRC$PdCxlp0{&38%T2|sh_dFCbixoF4MJpce4$0mnv(xOFeVI+NGY}t?W{dA85Es
z{d2cP+XDxismq_)U0>flC9rAxb}PHowgU~d-Lp2XmCePqzX7g2a%4g60AXuuVcQ%A
z+d&)K^5$YY)BxKq8{1(O+r}{1p0lwnIoQm7<M{^Ib{w#FsTX!DyVN6Lu)SzwThv@^
zM;c(;dcfMHUfQkfQV)m0_Ogv_!NDeXsg1i`ThVI=oLy=|gGY_;QayBS^)6e$d*~*Q
zvIP7*N&MsT(mP6feithZ-IG6hsG)$ru*)KT@!@8&>cw3lR$17#*%$LicCkvHXklA-
zs3EIfva#LMTx>5lz_$62B?d=#2{Dk^)`r3MijA%AaFY}B*e)0MUpYid#j>y(JSuhB
z3vZne_5%HmtK_^)4|g(oU`eBgVlGc6@0^e)lNP5v;oR3GoDVEG!PCN7-XxrlPBiDl
zwX8`vA2$om(k9`2(kwVjnuPOdv*6s@B%I^Tg0r|uIG>$hjQi+!BDYSUvZ$ZOb6w?`
z7F10;YD3k60;+Zz8|egNVXuwuXp*w;Pc-YArb#$IGz-q{O~U!HS#V}AY4i@jg7cFN
zhx;ww2_9DR1nailH=M^-@&bJWFVq=N&`X8+6C)=jGzt5c)KoV$38BmNWbId)=K_7W
z3iEuuawbpESuN*!P`oCQI;M6>P3`HffSUdzRnzRxg=!+rluDXuAdk@|DXMTH=QC$=
zruX4oo03|^|4WC@6WhjmA2Y8XlRM0R>E=rAJ%j6&;)vtdSt)O&=ZUwNntr|j<~-xA
z^(vl9hZ|j+Tq$lmMGOB0T+bGb$iDQq=4@0d_h+x<EFm>DkN-p0K47~g!hh%{_ddY?
zaRb-Sa8S0^^90-w%IXlxc6t@>82(WQy^5zxY9<ji(X6o+VLG?bt9Y97$bX|f271ay
zrP2uUtPxzQYcJa)xKxhd(*F}9XscK8cBdUdx?aVz{^ujmwFNo5?XBz>=Vd~p>0*KD
zrQ&a%_*<*97GhP^g%%*y1sl{6%{MX5lLM@-ikdX_Z!q-l?kc^K>g)Y0$oAG>t1<dS
zcDRZs>*w+qeFQIvvsM`$hFKMlPRQddAV&Bulkd}+9?QFE{VRFARxq4%{lbU{&a`_M
zNK3&8y;nQ=Z^i;VSv!mB1H21iFXddnnz&g-i?tgQhkl=ap1tU~K3cx!oJfZipRVni
zzQH<4T}2J*sIJiNR>n;|zzu46USOKOa%HK0BQ22#jVJ5c`}1p7)_)@{?h#vQpMS*|
zHJMn=eOffrz44{`B(k4kbnV7aQG!{sKz>Ki7#OB&Pfq#1-fQ82d@cN7nD@G`*{_91
zmGbO#@me^WM3koDGM=I{o?OLa^b4)81g>rpP^zwttQ7A;wK!?Dty^C2Yor)mdr7uV
zOyyVV+IJE1J+>a?SLz0D<-Jy%qvZ@}zB)Nsg4wOBc&b)Oqi!iCmk$0k0op~C!^O{9
z`kgnN$Lk5)r<p7e2#OB^4lii<L4dr*)wKh}xS-A|ORK8HJj$2v3uw$Ml?pAoj)ovE
zXdYi&<BgACJYIYLq!6DnG1e`ML+@kr#7Xz)N%8Vp8|Y0Hbo{F^I%2i$L`IKFo~mmv
zPN`JwT&8Ppa%!?}N@Zy&XWE-QFE6iBROB6&Tg{vmHB6rUgW8^xjFndLw%VR4jHlG`
z0&P&05QOw99<N;}R)GB<&2e4mJ$0PEkaL|K<7v95Q#{Yn8Bfs<^Ek%Syj8rj&Uj80
zPtmKW#uQ)JtQ4Qqcn5Ox7NL#gtX(VCM9e_mB7ZnHX3!HFizg$VbA5h*N9po=7IAl>
zYjc(gsTM-sO1pnLF(gxa;{>bX$+Yz4oA7U(3v?RsZ2JoRx8*fem9Dy=_H}&`_37H}
z^ibnWTeCz?0&gYNgHKxRw1W$(NHs<2+LTH$@loD*?(JVyTgACvWsPs4bt&WRC9vJK
zLQXp=sao!>tcxI4YTtgss1f^=C+jQ4H+OMjdlj=PI?i2DQ|U4>YUTQP>ZCP}Cmn&R
zmXDq}$(VN=$*Z^@dSnWlNeec~dh0Y>$U&aY^urO1M{92o4Qcvrb@E!fC|NE(0U|r*
z3LdMMabHjCqadHI8CBka{7P-9M=IMZ^;jNzK9APl6t6=*S!}=NWP0eU4IZV(iVODp
zKV^hskvwoOQ|`OedpOR{uM*AIeI}UIl~r4p9m`IC*o)TYiLWs7<+#6FTC+hf75rnm
zHj^ItTI$D2^~>~Feub_LS}CvR0z5j%uh0!{4ifsmx4wI&ewn;5T&ldFS@@YHU0*G&
zskU?+)iEZ?JJKY1--~at@`p?M?p{WwAej!@7t>C|wHd@Urr$}_d*cQ5m+RV~!wU76
zho%0OWeW8_9k-~TyDUUK)!Ed4)g<+=xv1aROzJ=SqyhD`BTYXX+N-_iTi?F5*519h
zaq;nL4}GGD&r|B)cG-hFye#zYY}aw;-P!u(O$~1GaYb^zSXNUfB}dopIL??58nFPF
z=C9JVafi82^D$eNn66z$J2~0;Cih-IL(#Rr?zJ>n*s;u#W6^wdg1~px(JZq^^O-Z6
zWy)v{H94AJKUGF^`*M3UM9Js$$VL5Cx>j|#0r~eXIUV_5e(WOuCzbqLZ1Vqh$iGD)
z|HCH9|3D@G0T=l%Hzc1_;CJJtJVggNZz-)L@m<;SwKcVsJWBhMcEL%4^lx4lyW5XK
z;O4CjBXHJNX5YQe$TD9N;o$-8&PPN;?T;x9zDF~)-(D9ZX1ey*`kD>SlUVVD`}E@h
z+BYO)Z(UncM<+LFtAwyx+s7nb-cA1Ty7*vgqWziqt!u5DxKnS3zJZ+2+mn`#(`S<I
zkMQs)?eFz9wUySkF!vbQxAF2LfFIX1HqZp^&SQ+gZ4|Tf_QUnQK#SA06>kzT2|+p*
z3R|akT@CFeZM47MU}OwRQ|HfzYt(s+(X|<GTExca3*_g2pG!LGkKX3j68j}b4ATN^
zqZX8V-fim|dp9ysip3LeS}(W{JzSG2%&aHgWTkdZrC7=Dz9Co|;L#JfPs^|3Ov|e-
z<vy){o~~UK`ZBgjk>I*kRHccdlqSB09hJ(N*0MB@e&*4+sP~5dP-dzd$V`l`#cl}j
zxByQS>{~-@tm91UC3fNd8#w>DaT?-ut*VxKdaY}R+t$?#m$qP{u6;?2AVY_S(t+7v
zhNn{JO6okg)|NY(FDV2|-eFAlu9hZvfoonO7*Ev>9Ak$qJGQm<>00Nrh*WJU$!y#z
z&h?F!wR9yJM%CO)BwS#9e*K&@71@=Qsl1IgWhHM_%VRGgm0OxBKD-@wjOdId9*v{n
z#^%v4GE=muDju!fdb6h^qxB!H$B5N%bYso;g4sJ>73yjxkJW2A*B1*K53Xx`qIbV4
zzc7_Yh1VZ${HU-?ytopwxQWNecW`lZR=P-Xsw4BRmPf|?s#3Bchs!TRqrRs@lpy4R
z@Pu$fyJad9%Ip7Q?@hp?s*=U=KB?46HzY#R0TB^``W)Z*2#%v5q)`zU=%6!i-punx
zol%FGFxzito;D%~-O>oM(_s@(!oCEWHLPI=fw1ohtB3>yS%k2OApXBo=iJ-(cHeX-
zj`M!+_x+#WXNT@{?zwfU>QvRKQ&q=HjB#AdLM(f1;GCd#ozR`=jP<+}0*jgOqWIS%
zT9${R9k%!j>&qy$hHegjXUL(h7lFTwoLmQaDyOA+ri|89WG{F_hSpzf%&@+s^`zIW
zdp6*(uZfV>wOLeV%j*;w$G96aIQ-U!C|EQNmKTe~bC=tFmsrP`$(<!WkI#qCaagd;
zPm|dpx-eL_&F__)+as^~Y!TlGrrpc%c}G%mlF#_?;4|WnhQpYcBJ@hluP;+~;?Mn|
zOoV#+G)Mi?I?aY0K6{9nr}vh5ddGJ;j0qN%Icz8RG>1=$0yM!Dq6>p<2lNSU{&`gs
zT$Ww+1cxxO5rLi4Sw14T$br<AVLGHbvoRHXUSj`qbNpV+?3hhDb=YowA2i3W(KfYY
zH}hdCXd2!HE{zg2<d(ibE#l)vcGg&?+;<>{3A@E2k*C)SX6uq5gTu)^(tXi6NRC7o
zFOXZ|+40Z)8*v!Cmof5)>8TBAJWsB{b2F+~gJ~QlmZ_~;U7?I76Ug`c8tdjlEib(7
z!F1>@8h%X;X*`b%2shSY<Xo$uX=i(}4)<bx9+Dv(ZlPSUfrjaA@m_c(g!e&KNGxl&
z8xdZLo;ZQhki)h;5uD67H8tX}T{fv{!JQgycIrCw`=JX`Juh?kFHHc2t~_B$(Ftx?
zSH`tD3`!DIyVBFEHm^taDvFK?$L?&8?qv)bk;wrgi>eZIsc=@%@J<f(oLR|;4dL^d
z{z{2jY{=^xNd5zi-%mI`jE#imzLT7P^$N)6*&-kB<G(=^qB#xDlM%q36&ym0L0t*s
ztZ>y40O~wr#6C5jnF;zb7`4w7E#MXN9Tf;wg)}c=js4(QOXpD6>A_46|0S%bI$kfj
z>EG!ESf6JKbaJ>n)9<mt=NmAP@Hqj~`OB2^k<N4J?~frZ+b5Ow$grPrO)S=W9FB>V
z@sN-}g;@8m_~TdcA@FHfkH3g%_0__K$$|VRzBEMvS?s3qJebU2kQg)zb~`HY9<31X
zf(-GlJgHH5t{Ac|!v^qo@uJQq($gw|G+`AY3Iiey{+RTjz~>#zxdQL!@FxwMYKU-8
zh{N9tWyDB0am0vDoz-#r8b>b-MiL{ypM=h<pDma{#g3ev<<H`p#+mxamg9e`k8grS
zF5G^*nX^JjZ+b&Rcqe3}&$yvzmb6;$fxjANO+z>$8MXl|n&l6b$rqH%-`p@G`VnjZ
z>AK`RBfyq3x$JhklMx$1|42p_rouG=C<?LBKTK|7)9>iwD`>GE4=b<LeFg^?%I6xw
zXR1v-Cw|8?K0i~*z+CnB*LWvq_^&=}?n4(pLyS}}7wi5W>ov!^Iasfa_;m3$Bwtg7
zvGqbSVm(+W$HzwSGc`XaJS-+R5$l1EUM)TP$a4*2X_thq9u!yq={))L9k5kS{pn=H
zJK+KiP*0hY!}Y&z{0V2-f=AyL&GqWh4<156zrC~>d0EYTB0ed0PYs2w_9{Ls%;6TE
zAf|FsaahNPnQ&JK*~4_y(K(;2)P@`u2SVtA?GEO~CY*URkA^P(l;I(62qPX~nCzxO
zlKFVTTS_51hmxUsE>H5`vDv0Hoi5zRHE)U7q%8Pa?wEo>fhP{{_w_S$Wnw+}n?l$x
z6<M(^Jj9$T>P_%dCUo;6do4Q~(_nQVjHw!C_QuDZ&G4~cC1yfvhU_&t>Y%XS6K~WC
z0qS-K!^bEgjNc(p?Q)B+rRd`I^xvTyVOcdLGt@X7xGwhrZc^Jb`c$2Eha5h?!I)5a
z8c##~Gu95#32YKC#d`FYVIBG_6O)rnxt1OuGPpwv3rOD%s?fJrY3YRq>PzpN?p3;z
zQsMd)a!4=^!GU5+9ue<Xuh3#Cz=rTg8p%~pof8=W+<7W)u8S_A<aAHOnXZe&G%?+J
zGS{-MhK+cbJg@3Bi%gTcoDufl43bB{#k<Ju0w03-YogCihYTA?;?9R9x=0sSfv;4k
z6~c!631OTG<a|&a<T&BIt2%OS4Dgqlw??<GFx{kcL*IC#DVN3^h1Kt_=sVu82bg!f
zvPI$hwSO+YLw5M~VFT#SG-PnZL63bL@I)d1KM{Y8cL>tdg)|l<S>|AR(qmoTlQNRu
z>l>S`=!RZbr7K5B1PvK?xRQ1~st)28z9m8aDTf6CVczX<M2;+P6ht3cesDn^S<VQU
z&n)SzQh;tctW1;M`UwF|X7Rc>lsRnAB@youy*W$_1O;)nID|G|9Pk$U=#&u|eCl9)
zm=5RI0838BJ7D`Tf4)@0A6{S#GyWhXeSHG_vk2fGwN+4n4~+%<Y7F3IBq=|TC#%%w
zt13WGgP{`W&k5*4Gtk!^jKj!4$aE(BcVP-<L=e0v=1h32Iurg~m1n{YY|ey#BRBY+
z)tT^rYUU$hddh9UFO$t(JhulgEHxho-}>)44$k6m;qOTyCKJ^DM5}oAB#W(*OuddB
zRk^tnC&|OKbU1O8F|5UR5wlO5<Y(|VwF5hQl!U@)-G4B661k1;=5SfI<mxShWQz-~
z9#xK$x*=K}O@%VWG~Pxz3=1gyK27Z%Kb$JJ735)_a!6Tm2d0{|=xiS3npP@0lpkUY
z+i>y#X23Z4$~FRivGASE30cTt>O?<tCnpIWbdyO}=2TLw5e(k1gwmZ-QqT*pPl?(z
zq;dG}kUVA25>NfE1YP_Wa*wCUL-RagHwP)JJX`d02~{lv)IHhapV?$g|C%5sfTvFK
zdkEme65!dKC38B{Q1E_f18*M*Z=Qlz26TUC1Ml@iM0^GhvV32#QqX!O9lxa!Jv?Gx
z3NL%2g>P8HM_{9aVRH|r^K!BC6aQ#VhE6>`UcA?X_3!eA@Im-H^I}7&&3ssoYZT4V
zAc*yNN373Z!Hyh)wJQX}b*v)8dXG(p^^|xS){6t*FU8thofK=WS}E4wSW~Q@;;_@{
z%s{-eKHMR9l>LV2sqas5`0SEeUK57+eO?<E<k#oO*E||snY5Ps4)I&mTPl2gNgA}W
zmd6l3bEmsyBKtRTaOC3Wd^a5&e0zy8w^6p{J<(n9?<LyV|3U11?h&FAjxZnI15^AO
z_c8gMy!`O7-={zSzIa~xU*P5?<}o6J1YcLk2!}QP5(4eB!SY=$m{looMDHkO6j$u`
z36%`90^-}f0_P_f<4zxcSsp+`fuFfC3%+tOgv?BLeI0<I@B0~ioy_jcBuC}7Ys_$7
z4t(D)k34TOa#Pm!lEW`WQ_)kDnwO2hpP}DTnT^5sV>fwD7;=j-AJwWj--QX;O$Q)j
z3aDm49r)scDb`~|ftfLy^PnccxT#EfCpodd>>{OJLk*oA#?&eyRb89%iO>V(U6bx-
zW~TXeV4MRJC-nYG=Ms2AW*V;^7|kcEujt&cW}sh_Op?awXTCMU63Yh~Eb)o7@t}1H
zrnz|t8Ju-cLz&+=84&L=##(cQiCsfI4t1F1BgS~8_})c*uVkFerUe0_XGKa)>4_c=
zXD^G{!T_iC!_ZZ1X5j0tOzC7PGy4zqTXTwzRZ47(<M|OfUhS&WkxrRHL;WQ}|A;4?
z9BzM2!oVPGYbfgO44LUVtG_M`T60)=O$meb{r#F9nfG5JGVh9z`FuYsnbTm{b)it3
zNt|8iXQFh$b;kJ02&K>TGblakx{1=7ppl8zh57^HWyWaq9tJa6si5yke^?T@l<`7g
zfE17}>6OHsFY~%#(dC5S-~lnUNvu#s+``B}z8>+5T>KL?`oM<pt=RYSi-K2%;s5ou
zzoomCN0tn-7#=>Zg<_ZbrtXqOoE%nQVT2tD@I@&6KTf$z#us@VtUVE(K7rf2WL)0p
zX#L0F<SE9SUJkE%5F2Fbp>PdD*c67j8G`iseb>it&JFaHkl}aY6div_)m9K)lt_+E
zi}Uw|n91GvqnBvwlPQf?J=jfJKr@Vx7%r&2v<K}IGoTdoz^R?5m}q41#YnX|qeFr5
zU((MF;rK{@p+|NVzZn5^+s61y=wM>uDU(dyG{zD?=i;#VlyTyghgs0)Pb_{>qq@21
z`n|xfDs7bQ!6xu^J!V9aeKN+f;9VS+MP4xi@f8Ed*fgD<pp9Nl&`g5ne#V1A{mf$N
zDT)n;fq$x`ZH@=M9M;vUl-YQ0H#UV^_fV8JxTHt%T<=&O^}^Us8AA>O8jI1K(o{I!
z+bSEJFz%MzwCl@6^l&FL82PC@lgNUn1PbhS1EhH@=D$9O-40;a_u2ty`VJuY{Wkz%
z=@355SUxs_+<bdGoXqf$5JUG0qwP1sT)8(tTiD^h$<~OIgOmK^juxBhql#yjOf>l!
z&X{&p4f*%B!37X&9Zbujw|+L!9}dd5Rve|M#D*|sVijjz*0&C}zBTbqr4`e%gxNnO
zP-2+<Wb}tkMt=br{UISlM>iox_aN}z#@T5twQSe-B~z#tth_-*-Q==e)z=`5%03-%
z*zkFGt`WbDj>m7CY12eI->DNRu*TLG)J6`L3Rh<Oz2skef4|%!Dluk$_DuA%hmSJm
z%tjZqX6V$E-1#9EjI%^Gh#jibuTHM7Rj1psSgExxhr(NoIm^iAxX{<ngw3JqISx9k
zS8*ftlS?A;=)}mWLIapY%boYm<IWOHtxt@1d?E!&q(ZsVTOton7IjyF!|AX?u*@US
zuu^XO<bhv0&r`d;JY(0VVG4&yjhO-Ur&7dV3QQ6cN?n0>xbXqbu%icCdC==6gJ(}~
z+Ulmuy?H&@+Suoz>SAvsl1nrt1II0@#4$~>aFXBY)n`dY$)x?{Q(->2Gkss|OhcH;
zVOC=%ApH?%_<|Q(dob6F^*ki28_ErGP|ArFy-AK`aky}VIW;cbVyh?lvo(r(S$mXh
zwmfn*t(as)%5Z8iIx7#^Cr8OSQwN=WuofRd)`ECtKDzEC!R6xbM>f11(uMf?n-E{=
z;VhD0f6JzT9v7>RjMvB1=a9`4EvY}Ih#@jSWC+@Oll?vuqc-HQ<OYj)Tki@9ZK))H
z$>&-ieXjfB`&<{9eXi2Ab7#cYijBClvDpb*%3)<E7J=>k|2Ej9vnd{IgwI2rSTqTc
zbcoB1=^QTgU|y^XLxCv!RS%zS3{*ONbcjXZMLtTd)DlGAN5wyt=gABb1_OWvsfOXD
zyEPj}G-r4(G@%Loy28Fa6%KY{_(%md_X)7xDZw;w38s8eovn4?uxW;$d9XGtD`&Dy
zK^AO~K^E9SCa%Hia$TfIK<}XPj=VrY+8DO>WO#RwEDL8Dhi@7Ozc0M|4S3UdZ_I*U
zC_wcZ3KrlzR_N|niOz?xZf~+-H}oVOHv$;eg>yZ`3K;=Gu@J=9Yz<p-hbt-TS>=I0
z+KmQn$<wjHNr9_B2?{nK3Jy2hljki(GAUN3f<)CFQmrv?g-R*>DIXD11+rgLPbYDh
z8>UhLd*m6U8=X1&AlWoX6J{KBr@^0T?!9G<Ttg0{0#xz$u83-ue@7COUx)qik6xV6
zZwJ9X7aPK*2WY+x(|_m#q0Qz4A-kBzs1u;D%?Z$EyAvR{{Zg;#(T~^u=*Puj!OOyW
zFQ$EKUFLRUDtF^ud03~tEb@Yl#rGkI{12+6@jTmbR29cEW|uNfr_M`Q=VYwjcS@YT
zV!80LWQI*B4fcy&jN#psjEu+!=*HXIL3GvQGM@%sAx)*xf|&Jyeoz%eCmhLRcn3V|
zrDF+C)Wq-NnQGQb&gE4-c?lS_Et3%z<afWklZ>q2O2P;#O%2CA|D{N=I+PMahrirQ
z=jC-GNihPD67izq2R!yCqE1-;vf6PE3uKexY{;SCk2JwYPR=MK?z+Y>lW($&&NzI6
zPOlIkuOfRKk$0|#jNgHG^!56L>~F(;JlIC3iOeLJ8M8A#y`M3XFBu&2@-bDceW6Y2
zkost-QK(>Q2V`xsva&I?nT8#O1bVo=l0bV<$B-KiOtUV=WQH9%%=}cjhsq}UOYGc3
zvky{K{Ms(19M;q-6jtP#E*@+MYig1FU)qI)niNGNq$nbJrrYCnIV&M|>zZ16+1%ln
zB?(D}lwShSYckcOt^*@JWil-|3qIF{WHN_Uw6~MSOs)Dd7U>>gZ$!doObWdYhr_=U
z@K3!v^h0a*E;ZKdnSx9wXychlVmXb&Ftt2ConrRv&Xz&v(+;y>C|lrnW*04i%-6%P
zVg-JIt-$wvKY_pE|1p7o@}DU1Lp2lljbFgK-jmWVmqcMYBJcQv3H)$P1->&&?qS9r
zW{hjJ`gTwB>w<H!6bbjh=7}a7Wyz=HQE}df*b4uZPmmP?+?8U|Uo;H<Ft%hc+Lp96
z(ZaFz;|p{Kj(oNZ^lu!Z2>(H3%k6fs`qB?ZOLNxSi4<7S8&`oDMa`4~doPxlPR`0m
zgE3ypWuRqEG?-Rn4R*oBxU-PMhDO!VWS$ymvUVKiHCF!QcDxSW<LrYjxY$#}dmxk~
zq-q;Cg&xDHo-~2XOt%p_cQ=gr9g|U<l)TVUEd}@UgvU%-1TXVHr7`5@jKl7`jRX>1
zJr*#=3wa@V*`W@T8-!Z?9h$}c8a`EuZGu?0w<m~Ap{Y<I2bmA+bC}}Kmw-1`@YI$C
z5q|H}H+}i|U_LhUV1^fK^SM~p`62;&hdO(%&0C@?m&EwLcrh)6F5aBn6#wGE)F7t4
zgtd7yS=ld>*CW2HC57*!p=>Yy#6w|+>GXE#yc#?__VoA6ImT$}jEU*VfLrHZ^b_(n
z@6(e*hE<uU#FZax-UTHA23OTL51lzOSA4+*#>C2bGvVMK>OWufC*RP{0_BF_uxl3`
zn*F2NiEF$~l{=C=)6EI?3M!&l2JE1qhOLHf;$m5!%#%Sirsb@}MV_r$D&_MZ6xS5k
zn5KFEUB-E5PWffS&M}rp(9}a$XSYD+{x*nwHQo&;I_Yz|i`T<Denl&*j<x)vl2l@z
z6WssT=A-(Ky1?X#S5uho4~d0ZC$dUw563!C#%QU}^m{NBe$OI{^<GHJCyi4f_9@Wk
zw<h6o*9*2{g;rnV7ce~_g^b)<RNTX`J}eWU)pIw{kG$%JpgvQ$yCUN;h8cAx;qZCm
z<YqM94WGVYgZIX~KGyjq{qrti^SvaoFFERE#ZkFGC<SVw{ln6pnR0<5B&MjNoTl9D
zKGFl8AvL7S%iMf2>gear)cj!3A~owPso6OqH4CKF)a;}tZ4l4@uq1TdNmjXwJ2xvL
zk*ysxP8pGpR@9}lh1&)GLfUQwFOaf%!c1=)IoO#(F7RF`mccXmhQz;L3bcoU_+TL-
zpF$N&DRZ!t=F!B5n1h+Q_z>@f_mev3FW}ug6C1TwOhfvCYBnJ6On@98<~Nrucv-26
z8M=gD5?>o|7)vyk#h@n)Gg!iF<q2s(g`_z+ULSn?Ff$8{w{-WZiW6xv@>15GwDd2x
z^ly`c&R`kU6+9#{_n2OLR7H~J;)C3c59bIzc|y@{IHvLjSi2S8+ez6ncjEoe`l#a7
z{ema!A-1ZNM+&2c`xy^vnpap_WyXOyg^tEDSRFWVj~CrA_P3tz$7!67BNq6XST|(0
zuK!&Ezn)hf5pNc9Tl0Cu^Na3gl!PGIRG3?yLei}lhtnq51EF&iqa>N(>~MdCT7>;t
z96mZH<3OBYiH1`G4Z_+q|1T_0_(0efCD;^h$r2j$LT3Ti>t%{(>nwnQUT4VGs^qZA
z!DQxw9u+S(ulMszeBe#71$N`T+>Q5lkpI4)+NFha%bs%wiS;f?M~7sS1I%V_`rJc>
zs?f%8e<9Z@1TqhwqjWMEsVnpN<O>Uj`z_f=l-5+ALm$w%R)HQEa7Lz9FZ^9)#PXjP
z_#W;g+KyzCJWHkf7G_y&<=U@e9iFX>^MY6-JL%pG!^-X@o^<+DPSNCfG*2GX>qpKi
zV9qReeK&{h4C_MuYy|j|57V4KN8klQTRxJB&`_*8X)l)3{4<td3V+d!87EajeFn@u
zOUGc1VD|{M`ZL^^LXp9+;L9pbfm1k?k6=t}#%ggbBunFQa4}gMj|$^6o{8z=Z$0_d
zjrWriu{P7c(;Y;Rrhm77WZL{DKkz~Mhn^B3ysX|@S4II&kx+zG#e6z623Jss_7Z%N
zXX7sf-~PLYFr^Na;m1Ke4R_Fa6N8pWbbmQa==MAHSeHxZb+v!DEW}yB3iV0Ji<U00
zaj1fUcUhsoixMc9TQ<@pdD7z<*hXUTn^ge<y6O+i=t=?N4H!awti_!VBecdWo+nd-
z<(WGC#;K8^lEVKeZ^lX|rTS-QRs!<sEUhSvF0uQCiZvAF{_*NSHa6vOe2v2=(@TNF
z_9Am6GpyXt7^cfzX#?)err_2{fggFB)Wh6|PYNoe!PwPerD<4O5JS8?gqs<a_y!KG
z3b8gXN5~OE#vP4*#JU{5>>2c`0^mdT$(SCoszL$HNU1|U+&-6%665}R)8{69&-A&;
znds(jAy0FqCDYtzN}J2Wx-Y4OIq})Snl|^!e{b4cZdBUb&u!A?ChC7>mR#JlxncCW
zCntI^jcfQYua8eYt|!l>a(Ia0!|<z6z5w?jCS4v4cpVGhrE++g5@sp8E|m|X#nEI$
zP!qheAizv{bs<wy-OJXbx|A-M*#VOkZc}_%Ps0?ta&Ek!gI9BAP@rvWrd^?m?%Knc
zp)Kpm1u#M^fIHNEe(4%!hlKHTW{sm#n8=m*S2(s>rtsIU#8-t7_hJto!~i*$3k2rD
z#l|!G4>N=j8@VI&`gwIz;ecU`IhV&SA{z^FHu(!0a@a1Uo?d<cIZO#KA$NEPov`AR
zgV9!N>KO5BnlPnPonCC%->K`Y3;qz-q%RT9>=qMuYEBIwFTuy0n#=~=9`-v6<D>%y
zgPQ1;7B>+w+mtfswWbV)^prtwOv<1zlSVO^HJq^u9LNL{P-ySL=bah#-PpoXyCDmK
zzpqq9fvnvitJdMaxn(g@vHh+q2$N5QA&ui!fu7(BNyo?TX#tkZVBSFo!&f9F{X8Fg
z$)pHP%fitN9;EUajS8L3$(~@aJdmA5b>kg|j@mNSRJF{fE_)3ha**3&b%142{R^*N
z9%94|`|=R&I2`ONd29L&Di85l-+(F)v1n4Ds`?Pyk2q9;h;VFyh@mWq?9nWo$RLwu
zGRI$8-;Iw~3!j)B2c4=KX=hz!->*dwtVsm#olXdzbHE|-R52|ObNTGBgATfUMo^sa
z`kBLsEMG;>Bfxrngq_hN0Eg-N2;;;E$l(DmxJqIu`eVol=6eMtCej#0ijr^aN%1U)
z;y#iT+rJ@Fl=RU_ad>i-q?mr#N(xDZAQnWZ;0_BA4m%1F+y+mD1W!$7&^#z6bm&h`
zUwt>Ww9u#wfv+G0r$bH%k%wse^D|zG{~;vTFFev6rrZG!dgVV;INU?-nc58NK^G6+
z!Jm+oLR>H@pdm=bcL(fscq6|D_1^(bIgF6%v&$7ZMt$O7m<5C8Fv?JHqe~2*Mp8M9
zk8=2Qx1V848N(t3+uz_Zr$@~DJk47l@Q^;>^iLej+1w-!_mKz`CS7d~GsNpsID8Zc
zlXpBbB5@n@0!)dLxceQf%6BY}eMdZz`z1{@Qt@S<yz5OU))!#}3ss6a?erV$G-haY
zWt*VSQ|7~GIPAM9E8B#JG8UAKqzX&eF;eNqIBR+ogN+WE`EcORl`+z>3Ql>Eml~$_
zKbupQ|4ib1<HLeaj;yVUPll|r^2uNA`DCUVuKZyumrVItgh>uO{QY^vJpS^S@#8Vb
z*q_vhKh8|D=Z|(A-ajh&<JP3=@W<DWBxaBQ;xJK|E#TI*<6}~syG7GqST=IV)UY;q
z3Xwr(KBmL609{mDC>X|zuks+i&KbU@MHnVUNcUI_=fz<7M=BKoVdzk`0xK^@t-$_6
z191;YvN$Zd<S<a$14;rVbODRQb|a#OBTItAii-{n|H9$ce>mx;Z37EGR!Z$J9RAF(
z4%7?cU*OMP@h=Tu;HCKQoZ-*K^6Krz7b#7XLsu#!^`Msw{K1TuV2IJyra(pJgDXh0
zy;7oPJ9vZAS$#?Z)=Q`_Z4e4873vt-8pld>$N?tk&wW~AiyfJYRI$Oq)NK{xN&+FB
zA3xim3oN?MA}bsJ4-^GRRP1yVI?dQJ-U$ajaRkZS?aqVPlkC{M7(4bcgPte#8GgJW
zik`<xs+6cQP~yY}M=+R$(;56n5Jxb0qXPfTA@mn@-JDLLe^nIvbA&>FHYn7Qm*UTb
z=KH=B`s76k{>q<7Jnw(ON}h?2L{Vq%iw1Fasb}WAST$)zJfc(P{0jzQLXSkz<u6sy
zMSmOg`$<ixvPjKp+fS@CnfqdVk_>+&nj*a!hxzyGB%zXVne^j3Dp|VEv_PRLSsEZj
z7Fch(Ni7RGr1^v)sV?dY7=@V|aoAGkU@|c#0~Qqpe7gUvObn3GkY1@5pvLC9xKbA8
z8b^p6B_pQ>?BybGxI&=lcBoI<q1%hd4qaHLudEpXt4|3zj4qdp@~Xq2`<@y4s%!{z
z$|IHlhmZYopo>KTYu3roG6!AJ4>uf?F1A?M@pWKJ-+(5h*}@wRU)4EEb-5c|Inw*A
zAHixIHj6#MD;8G9EcyOb=7}g=E-k05JqEY^bb?#J!fwK%Q{J@?ojsT$OR1fl5~$Ll
zI9+UCYANr4*q*oIG9|5eMueiTa9CIFke<s`GXhkQ>=*Jkd`;+lrp_G376sx5xu`So
z$$|<xv{KpVO1d8r5mVrXPR23j*%K?Ja5ySPkaw8Pun;Ge!`bo};#wAlOICSsdC=*V
zq0AbggK-#A<_LzU((S!reQWU+58>Nt+kX#jmefV#n~KB^!CcO2vEY0C<PIQ%#cW2;
zOCBAePwuu2kA7Vyd2}R;od&cGaZSI2say>*+lqol9Ci{4Oa&fK&rs5QjQ-G#>CtEf
z4&SQfQ8z9Em1_k!oYzO&JtIQ-G<YgR(K?nZ1Jz{&E<T<+Jw|YAAAzw(;-97XoG@(4
zu$}l*AvRM|yxuGdlu;rb-L>~7d?4nQ!QoSj@pw?5;EeK!fqFpyu}C~)V@nuoAKu@^
zg6be*FoW}AS11f`zq2rAAFU<YM>mq!kLd!fX-J3X%b5zE5BDp)-7Jc_kq|iC-0xr%
zOabj>;Nm@55njx<=f#ql(Y&~Re}oq~3rSqAoEgx#RwgqvgQACCtn=F{cgPEZa)-R*
zTiPKn3+g-MBhvyERaNUeP~{Fe8v(XDN`&qP&8ZnW?g6u@eppA;wEYgYT*%@9{<4_O
zve(!G8H7-jXl6qRu?kBhwr0)>#030o+b3m`JZzm6MV7lcl<#ve6UH~rGVyg#A$`d{
z1L@%MsfA=(hF{E5^BTKPF~HX|qs+$J`=ZUpJ+o|=po~WDzt16=WSyfVN@67^VG0bJ
z6$p8xT)e!`@y~;XBBn`(_S@$OYRVn?^{fD$tiDR=Wf>fX?2GW+-rLbUSK;ybXd6AY
zm*lxqw~6N__6lSn!m-;9kNPG#@XGW+xC#y&QXXe(9b!QbF<_}9Y%pLWGXoybQB$-p
z%KBCFPiEMg!J##daFqsBMM;zaHUE<;4XBx`EC$rswGjhq#45vp+P1bP2Go^hRU1$v
zH`o|Z;Z>xZ_ODgkuySRra$2@7#(<i?GGajOTxVxM?OYXQK+RigHK0ZgVZwkqd&y4*
z)bJs!<_6T4m;6;3P~%p{8c+w<Roj62WLeb)ROyB)45(o%Ee6zyb;^Jmx6&}6#BWvu
z>c-0I8Bm|BtI~k_Vx=;m#;(&B^$HsU>h?O_fSRx}+JG9gK8Co}HK69MjWwX&<RR>0
zr?jT6idI_XYZDnz+a!-J(s}f#4Udjl7h^yf(=Z!QU+EYcv@+U&y0|V%R&H9U1VV}a
z(18^;22|ntXamX)fe{00$a*!}yp`Y2fSR^8p#gPhmDPZnvChtbTB=WQ^SX!uwM74M
z%Q|}l%2@km18NY1A!0H9@CMZ8)e4@aYZTrNt%^0EK3-d;0re)&x97z%tD||5j^CpV
zsE=2h45-O#BFb#+FjkcTwfDUA`OO|ig;Wlm*NcHKUtXmFwP}4q18Pt_1FA$v)TTB6
z3<IkFQ!)0_`6nah)9ux<=F`_tnysg)PsJKf2cC>;J8gVQ&S?3Q@+IY~qimJ&YocwH
z`A=1CIL&-A#%@xAitMIKs|~wp#2Uvx36hA>RP>}_GnGGOHJRo<X)xJ>;jAi)Y56(H
zWE+MPldU`F7Z%g1;mo7HNtWBYqDqTt?z%)4)1Y`3(-MW0El*nQB{}nChTUNL0(H}I
z#CCZ^@mV(xe<ajpRmjJ-Y>Qm=)s4e|V#Ykkp_$CZ-@Hv0qXZ7&Vy0A~&Z9w07b@J#
zJ@|qQLueF|Z>gh#1HWnHi(5m+Yc(!@$)R^AhA%~I3z=E9Xmd;<2mus_!;2}nZL<nn
z&Qn@iRyavfsf8bGi>la>!r`l8WeD`OX}nlWh?oApZT_fO<GsZyf;)XY))`8-Uu411
z2dd1~LueSA4mZn`4kyH|im5oWEq+*Z6At_7wg+jC$N&j>wzAC<jnSCHfnp}3!!qSH
z6V?u?9Ig~c)b{3WetYY~i>`chdJAK;q+w#-C}wo=4=fMR$(T>WJno@bj<=LB-@eW7
z^pR401in1T7&Z^qAmgc|>WruINXC;E64)8?vRpJw=I%By{JFcgsZf!5I^}n4)5F}F
za2Qq0n7V-LtoYqLP0<6&iYaT)2{X6(^VJR5m*h|gJN3aA6jPk!Nrc~X^V+mSucYxw
z9uyl17JDRCD(nblOCX04hnULb3ghqK{XBV5h@;RJfN}vqUbO&_XK%pas*aday)U#a
z)Zf0RSl*p8`T?<hIGyLCRTr1<U53Q!HQ6r<yH~5?MBewyOYNK>FEt%zt_<Xd=}7is
zBc?F<SGfIKo$#x-`3q&b_26r)icB&ir_Y&f-$5qzrNf!L3M!#}^<OmX3VnMAlI~{_
zt*=fFu`3r64Im>MyTV_6!s5vAc<4+}%p%W+b-g%%@sQX=3!%7N-*DN5kf<<F{5KxN
z=1PX%?ZyWTF1R?!VtWCH!AHrwOX09<5*adg!MvjmVXkzMHU>h`WM$zTIHF9!l1Wi&
zc*W6ZH9TUnw6aqujD#|vD;zP)iou+tj*vG?DdfGA0$zC;vpVIOdDMLT=FQ3$FYA_t
zwYgi^#}@Uc-YB*Fg(D8;#fc2s(*fsCY|l4!7+oBmVuH_~gMQ+L!x@KDf2foS)cRlK
zGEX-?s%Y30Rx6P#9vr>R&$2NUP8Tz$*Q;TB4r|1E$|c@dQ_MnQVr#egefraj)YGz9
z+4Ed#WUsCRWv5w@P9YC=;IL10>S*p%hqFR#!aWoo4pgx$1Ewzv_~@q3IX!~(!yfRe
z@4jS)55vkW4q0bzr06L)cV;=0UEZJSm*tjj9b!SsPMh<UU(>Po@v_La`yn{AQSM{`
z8SGvZh?qNn<S=`Sg9$!V%{$G_c^u|io3}?b&$l*jjcP9564^ozUuNdZyEvRMK~-vg
z@Ffn5O%H~mA3S9|h_G={fEo9fzQkdfd{D4J7OV_0W>=Vo!^ekIEUj%#8fSA=>ZKuv
z#b5aiNER%M-XL$0ptvO;yl3Hq=Qw;P_@IN8S*|TGcY2mX|LuN;?X8{8Svoz>VfglF
zwzF`QG{~eYV5txzg7hFZ9CLaw#aj7-UmoHxW>W<3!xY{H2ECFY&RIzsT4Z>AGC1r3
zW?|4<I)j!iwP8@YzA%r&1?!MQqPXOuwRuofbESzF_AQO#g-NE#^p9eqtELBcM?W}q
zQ-p~=5KJWRd%JarF`o`Uq2whFUz?fg_RxQvsjixs>hjWPrs}`RVJd;>g7ZrQ&M@iv
zG`PLN!G=KB?AFiVYjDyL5_|4Ic<9ifL-9w0gf!igRwj>B!hyKPDscE@uTmM`#OWKB
zu}ym&jGrKlBL=45`tBuX2nl<$tiNg*ZF7{#>dXkqw{Owke#O$?n$o3TA`Be1>isV#
zp4m3NZ)M`X+x5Pe;=rLY(SXAaz5B&#b>FFX|EgNucj?_PRIB@Lz5DrUb>E|RKUb~p
zd-d*T6Jv3o-uKH$U#+TyJ_ZN&I+)XgjbV9j=E1uQ1s|Wg;MZBZ2kao$o^P<WEH_*d
zaAs5OKk?zr=1e*C^nX<OQ5i8?1f<Grk;NQcFf$woa%Tp2mdQ`CnERC*MQwk}VYOJW
zzqblnlQtlSq}#MaN5MND=$idByc5FT!u=jhgHHNXhGH7jab}Imfo`6MpnIq_z5&^y
zN1ldnz>mbdwS2uRa`+@Igc*=(2#jyzP{Svwu}-JPElc0%`><xybW6mi9xNXXd?$EZ
zfcCQ};1!)(L2Ci-vyoO8hcN{L9|r1f>!?eEul;4%12z+B7X>uz0b3o}m<9_1`2r8^
zEbs8*1F)6476%M)UWXG70ne0(%tH>hoz85iC1-qaUcgeM7E^qf;ZZ3x<90eIYwJ<9
zlhuz6LPCUVsBw*)U^0kOcQTxxCsCFr_}7PNKI!sTUiL{lb=UPglebT0NpFn*zF%?i
z&gl1j68C*u<&aVx_n$|yxH*j5<?!I6bbkTQg}dcIpU*YvJPspv(UUyn6EM`0x0CId
zYrccr3HSLh1AgsMzLpug9EPvuI`ynC8~W^W$Xw-{a|2qbglsnb2Ez#^xUiERrPMMf
zUA8TYUr(7EsH6lmpqJ8*q8CsyqwKSLmxEyks*#P2+`<lO3X_V+A42(@P5HQ}g2Wk|
zg*~#W_+Ig_cnVxhd8k&?Du}LgErci5aegG`Qzx68Qtp$Oo`dc@On(VexU)H?^K^7O
z%W10D<_0vn+GfBmM-Wp~is$9I<`vdFMt3&luvI{mA{Xzxxt7)}4%=j_5Jn+v%;5qv
zI<J{+5wlqwR_t-eD@-!oRH3TmEjApwYlB-qH53u1r-eAo4)|y-!1>uS$Yu`_f|m(W
z6h;VfJDivh*Y_xAs7?rl(8)9H5PE*U3|&ukW=L%2VY;)4K;(GI?<uM_aQSR~H|XXt
zZ4VtVv@zqLxq*U;a5TO~@3o@f#G7o$LqkbYPGgnHNib;{&HI=z%^OJGEnXU%i?Mza
zoqVQ?fA0egYSH3=dl)_fov3&Wts^L0M8lofV&dnF2pZ=uOpL~jTcgm3O=0#NGe7sT
z;b+OtrCS|V-0zuhhx=7Ks=$5HeQqoA`z|se|N0gK`P8_6VKm1r+iI{UHkHY(36ez9
zWIE}F?&<+pjv;(V{HwLfP~Fg-ZqA_JpnFI*$-brNQJq$I*VJ!oF{FN5)jePQ9UA!{
z>Y+0OYB8Gk3%ra1W+T~Y$w_d0A(3#xR=E;<zNn>8S)7=Ly|+0SwvAm1AKH@RMwR4v
zFp3;o7n;biV5?;<D8(SjwlI1jT-$102z|PXg+N88xznrb!wto8^x^z%Qa}Bhy?**R
z*YH1L^wYuOc=~DaHl+_gE{@fQhvL8Q1+EeCtnZswY_cDH=<+Em5;+_bL=pHMz_>Fg
z-Ea}g8*1{*f&f`Y{{|m!cQB<QO>pQ6bKHVJ%q2Mow-d-P4wC+b=}0{{Ck|2v?3R=K
zsr@8h;u^jjGs*Yn#zX4R-3qDe=fonlIR5*7$u&B&vA(Z-PQ3Rm-EA^5KAuBHMm7xC
z<M7~5ql}EJvn@tOuRS(K#_`$ljEs?cB1Xo5IVK~ca<?)vhRiXHjIn#j$e2bj!QtKZ
zM#hrai5K)Lp?BI_h4P~5)ig5J?1?cl_SovgRr_mZWb~h-jEw8MO-4rFISGx7rF$Yq
z#`@XOvSQhuno4mJ&ir?}#D1%4iJhuT?3Hin5_^5BF0og<m2b%DU>eEk<Rn-vO_Oz1
zm?pcbVVX=8*4uNj^7v|z9T`3<tEOpEWHwFqSxu9g>Ay2?>iX})G#wikBpTs{ze;pY
zNz>7J;!Pc$<BS15f74C@ZcNe<dvggPwr{CDVh1frjMy`!4u;RhB6j{lJH#H_T1~{B
zTw+4(=+b`xu~U00?u0{0I$mb^6C(C>l8)H%J$1w$HwGx|X@}T_Od%FCVZ4nES-we%
z-e&U5{g5N+Uj!A3mJ$^XY%)tH@y8^hN|ppdiAb@$)ZY9)W=o3sF{B7f5tAn+jIab#
zsD5cC3}32KqbZ!-6p;-kgJZ{%XdyDE)M{{S?@9ier-#y39ARZrh(pVew4~*^)$zpv
zp&yeOJ__SEJA7u%QL@;gM0NGKVslk{<}6rTWRqMO^k6=Rg=Kz*f7GWS53a*8-Q65k
zmC*_Ex+3Nc(UYrUo^*3oi1%?1UECmkZQ>SK0c5aofyu}GYYt0=L7_JzY*?U<BS@HE
zg+g*A5A5L!%I+oG3D<5z4=-G7=wYi0KD=3}{OgNiRsMGhN9{~?a!o4#VXl!iU{(18
z7u(xWDI6|smVuNiG9#A~Uft@_ez^E<MKg497@J&5#V20m6_hrZ#S7473?E(`-%04=
zFl>u@O+A&O8#~H`#eqa6;tKUqgzb__#Y|m6Y$9*D`K1?A4A|-Zp}~V$HdVE_;4g!&
z+311^1<ZqK@aYAA5PLuwIh2+Jw1FnKV?MET3Wq69=}uoZU!AImA@5_te(@>$W#x{D
z{qp&IlY7l%sLt6zX3MYzBpANhZf~|so}XAe?-4tTrz0{!o)?XoRUO0SDGo<=I3niG
zhY6peBc0E7I6T;vf2^KMm!(b9gV>aN=-EcRGu}f%ZDNURo^4tpuW(o-w5V!^(%Jd~
zVOU2P02Q=CR?QA%lMvgm$03i8md_59XmWrhdt`t?#MTPWu@it5yOjVejIy)FiH(=X
zEo*?H6Hd%mM%K6;CL`;!`3a4zPj^I&ta0<Bx5~$M*b36IF&#hOVHKofx)R)d6|ZgA
zd5x<m<@a_dS#UMF<=l4F(tklz%Lx6M<Hj>V^6*aDXq+Iu0bdcnha%q8G`OS8aPHoq
z*1pzO>;e5)2-E%(zV>?_f&naqbzxwLc|6zyzW&ND-cjk#AK3b7^-yD&L>}S0HQmb(
zeOV|+=<0`{dr9kd*aL=$5#f?wyh(-|3@Qm!a%J>S+3R5X2LC1Ql=~;S&pRo@<iaM=
zrWMjWzuQ1zsSDFW_~1*J23y}$-gbnw!p4G)Z_+BK<IB^_0^|U%C)AJEBh+6?h+3}A
zp@Yp#v90sM^mj|?*PX@c*ZJEVUO1N|e?2iz{W@-^!<(D{O+d20#NoiaKxt$#X|$S(
zcdHQi?Q_(TY4L6c#fm?uMen(ODtOvwyWJ8as!Md#o(r>8S+#4k10_DO&7wGx6b^m%
zC|=k;I}j63S7h3LU7Ky%e)Zj>wqM`O4rnsKJ)huJF7FH|nWtv3ac9g7lxzA?xW3am
zgU{#2&Oo`QvALSTiMdfT7`;o6ZkZc9gB2z(^$D|=dW`O+{$j2%13D4HOb-8U6?6B)
zwHu5HI%aayg@V>rOp~E}8E_IPs_wKyOHP7Y(nZ*3i@nu7cu``petL`5<t@c}@403H
zJ+w+EAsvyMEyNiM>;&ZL?XjED@tEGr*o-FqYeYyMTcm{K#4RQvd1O&SA^G{1h>#q!
zC|dTN*kUUrN5ynJwZ$qVN50F3K$q-i$keP%4oOO#UT9un2Bkb&TtcdpfH`!Pm|T|1
zZ{^~!r8wZs;6aTCd4;M~8B{`b<0c1ltKyj8a(W5$UV6ZVDFE*3rU*;UTxvQ0M3<Wf
zISHv04!uehWA9p0rGYW6G&0zYB~b=OSoXQFNiRF3kHdwjb3Zd?A^#Rev%aS8Xe?A6
zf`#fsEaF!+iU5ZD<9-vkA|PJXFrzS}x)|SsQtwRI=+K}`HvRz$lZE*G>Rk>000qfH
z@PGMk{?MT+9JPN*K;x$O>km7<_y-uDoQ-L4;@$8-YyTjDPwZN_#Zii{2$L`k_P?v)
zD=>>5Dt|X0-U>Yv^&FMIA6_nRdcO3PpXHznLZr>oqD{sgaQQ2LDV<}Iu{fBNR;AxC
z7AMy#ixpB*j+q@^aphGZhjYwETE`9(S8x}SU`c{uZwpD2<Se7a2}e@0U>vcfbTag+
zuW9f_&ydi`LZjmw@KKV$*XKPod;<!_4jGR3lyj704o;)doF(e{=j3o5jN!h0(-=<d
z5Ak*AmnMd}{$|)T%&}DKFfmZgddoV@8*nI93^VmD8U|{WEv4W83l`DvTP(xxPO=XF
ztQ@|*G5oTg*5O}+Z8X{9p5|fZU;-$QbdQFz2*ogE-7QeUJ0a{0$5HUrwC>>{#tY6y
zy`Zgp!867S#&-{49Vn+kr+1exc?C|<_c4)?lGTipogVsjG>OS?%DVy^QdspIEFZq5
zd#=tHe!P!;2^}og3`byr;RyW77$EdkjDsbG!^zY#ea~ss9G0bxb4{^CR@vIi8aQOi
zzj1L0?u{&pan|Eg@wz?gyuhmVdP@gM9_hWYvz6XEwa4K#^qxAhth)NPB*ET24jt=)
zf0-bCYn;O1JQu%=?iM!aJ}rv<+e^CV8gxJQR%j)3&3+Pp3sZ>i55E=GNiCP4cufj#
z5Ep}+Y%n-i$KXaA49+uQ@T+h%28ZuWjKOnZg~1VfO&BanguxUJ<4PSY?ri2SiJi>`
zU4_nD5<8oXCf#{(N%U-rN^NK3oNZV^WlPjtW|lfa#$1&9EOsuPO{#rsqRI5OnapK<
zGC`ZkTro{%R?K9|OB0i3hCZDGr6$rS-)wy5PND!03(IzpEZfmw*==1E%XWe#wFJwS
zb_oyF<<AllPt}k=dkqI~*znIDw0H0-F|*Y0?QZWGjuJD<nM=!NvXYR(22U=PcEFh>
z0b%ec0kJg!&CV3Z(rmDP<axR{mS#h?MQB#AFq&qU^!EvBZ4#`v++e*S3l*&@x0-0B
z&WjTXqGMYPL6pKFH~yriER3Dho~>$9lNZKLYVX#_q_)LOYVlV4Rn^&;+Gc%fOUzSK
zkqK2#O)=7CIk#$X(m*2y;i?fs5PCPECJS<%o%$F-2se!ZdYgj~)Y2$%T7~)3a%DVg
ztc+b<g%Ur(#iAJ2&4aJPa?%l{T{V0amO91no4V%fj4G9buF8k|qf~hlR-@Cq1zoC~
z>fu`YRA+Y4r&?A^pK4K;d_z?)PN1r%%#P)gJ-XvzvQ6V&ll{6aqN+<P3?`nt!_34(
zlj3u6!Q9w)oYegWA)CfiCOdrDTq^+Suw<Kq`7jMOb`vHS)b_wz!h$<MihN$T@Zh0C
zF&)<NkfvcBcu4#j>gItokFfM|U?Y)qS=X?z01e~19()YKxIW&)C%V1IpajH|+j~fx
zGZQLnm5H~G>SB89e?h<6qSt#}!b69sULg&pzpII^Uzq{?6U-$54|dbLj^QB<&LvUT
z-d#;y--M4`qU-s$^{#zfA-X~0B`q$ZZ_kUx<=48q@mrh58zv9=w1_vfw1f~H+AR@%
z-e&^tuP~pcT<%kd{-}0HgW-Of#-X=OJ^u!u&@?`ITlJhHW}z0!%79j*l`^WU6b`lJ
zpSN@cbHS-ElMlO^6pSLR^krf_7!QKz2YdJgWj`UxuJ56VFDt2KU5|XZC4fGxB=(^;
zu!Eji)<eTKu!(+ON{?U$d;!E56MJ}|OE#o=&<hu-$3Vq98E^_hni5E799n!;UGi>d
zDRzQV+8Zx=SHn)QmG<Hb-!-Jr_GG0l1yj_GzxuwhQ4_be=vB6C6wJ3<B1|!9k(DVF
z^(wYFY9{DDlCu3_EAc9mb>fYB*F-$S4N%5|nloSb_XIVY4`){7vw}Pl*ETrxAqLVA
z6&0f4N3d$Uqr!(j<1qLaK?JuOAIqdarn&-de8@;oJ9AKG`uvQ;wW)rVjddU^jH&SD
zK^D}oEr(Il{0yHl@(Zyke4!qx!(sF^Kl5TLoIc3Bng`p-U+_62QoYJFq0e6P>Iq_X
zI22|{$Lr^>6$<j)&tX)SkykVFRU=0zn9T4E4rlH&C+rM=HFDmgaX4#fEO^zDV5D(4
zf1gaIp}d%1aOI2Z^E$Qv3T`$LaOUZ7e)pOw-8o+-$b8#G&yO+6cD$~tb~KR;wfQw`
z4&>}CN`Xu_g6Jo{Zf9yxZbEqzUr<kaocVfC&l?z*WvPBEIMyg|sdv_>b0ZG7{#g)K
z%HCsCNuQ~&+a-o4GyDtOY$8*l`@F7aM32p4Sey5z<V<sAVfiMRoB3fA-8nk*b(vrM
z3Y=|1&bS{3^#`WEUR5PqdCGmhiHGtkhQF?tC-_joJ57I829z}k#~;sUm(`9gzFE(S
z9&JH_eD$0rno1ZRuBc)6c7QqaS&7XZHec#j*tCsvg$=Kecdu|N{b0U&Wqwx8ZeHmq
zhgtDjjV@lva&|E;T=5CY<T^drNFAM=-{L0+VIvs6h_R?kbuMnM`cj=Si}Xu%*bjKA
zj_E2LY-zeXhY;j!o@m-MU@h~2&gIxpj+12?&aL27aKFrCTLWV(9>!D-zhmlV8hP`j
zi^HGG5}?O)&NOC`yp$%5PGewvR>F&DQst#g4R|=wRWwIlv))9Lj93>&Z}W$=@IP|F
zOvOL(f|-(PTri{6@Pe5<n+s+-|F9R#<o%DjVCLoOTri`VE|@9(hc1}W;$JZHQsjb}
zLb@)mE@zrnTJwu#%3ia%S7v$^T`Pl5xb`oV@^<EB>H-%`b(Y~+7Su|l@IJlWuL?{V
z_qSv@v*i6PS&{o&^8eBMTRh+E{uZfKre1cG{_rZ~z0VxqONX2vANb*v$ch00r9?it
z>WEe%tNT}72XM<($N%4zh#h)NN@NQm)KDT9jyZlnEi!mQz($RHF);AIYUF>_$p3?C
z<bw%z_mf>a=7?4#qrdUnE0QIH1OKxX$)7nC-BU^)f>vfnfl<yzFKjD%{#tBZ?hA8p
zIX(Ku@=_<cu?#h0m<7YiY$Bu!@lg&3isbb(m<cn=7!mbgkzefTFbhI<k7*w9+#&rr
zxhcmi7-IVl>U<>9S@%9*6JBUIA0mE%d9PWV20OBp(}1h8!E;}eaiUI5cG#6=_9}#}
zPw&ZMdO;we(Q+BS2=|r=C4Fzcj;9?8PsNRxb3B#BED12I4I3R^`ggWaf@>TheN(!#
zQxzV97hz8$jkeZvI*Aq4T>QpicO$v!o!d#@^nTSy)iR@zbhBZ;`gObfRihC{G@>nb
z!~FPfx7`w}oc~LfajUMKt5+>+1^XMRh^JYdD)p_h6=o`w`r+NukM&fv9}8P3&U}-@
zZyCCwv6o5)yA0l3_dAL6)ptvs`6$<jI~a7*5FooyAntFb>Ya7WwG`*8r+3}Wc!?|y
z)zEGB!Q|>L82k-~BOfzCJIsLVr>VM%)$^9AyWNc8ul`03Kd33grqKU@bgKP^!|7FY
z0q^Lw4zE|kHXN=^_cMHo;Jz}73CKsD@t5IC9J)qezsofAIW_dird2@xdpS>J@ZN`v
z;j0|FE8w?O5BO=X$u}I%62O-z;9uoXA%Xu`0-wWSg8=>sde_7c3HZ~e{bl&8DuExT
zhOWp;2>fgT{I4UxkE<T=<?0PH3HY-L_+NAQOaeba0`K84LID3Hy=#XAez^etKdS_O
zhZ?##G4O{3@WA22Wr0wAH$E9toOf7Eab7A7*O2>!7CLm2t~YUGY9`{H$w_zzhhbCw
zLZp0~tYPNc6mt31ek#AXg{lP&)vE;wA$3hyOPP0Os@Tj+`<1swsX*t;h@jsD*q7=p
zlCa=#qg<7agw<mL%vd@uF)?A-TBiG&u|!fie0$OnCi`vBOacUMb{B}SKvD;8>?bRa
zakyRN4@X++QVY8HNlLB|Gvd%^sz0QPetJ!_Qne!ArU%_{b3YkqU34n-nMySW)2Q4M
znP=&|Kp1+M&S#UTOv2jmU6DWN^~np}2bM9hH^?MBUYSxA9_zs%p`6nBY*`k0y5D*z
zk<Q^`!ER~wGSw~AP6*EMmnJi847X(%pgfHJcDiAp<Vz6VJD^}q<HKb2r_&OS=*jEo
z8ePU%shDmW12>xunHFN&R(o`2(6RLa#)$quwvu02N*|Tef~g)$rSjKnNOE5c$<sL0
z4ZAVjjSXn}Qv@19`C@9BVrspkrp8sx-UIWPQM7kjQ`^GO9XV|JjV!6(Q~>r}A>DD%
z>$oFZeUlY?M-8a*9?El9;#BMvmc%KCQ?nreR}8USptAvI&Mc`7`_Ax}aSB>(z~QWD
zyqn7!s`uN`k(bC}KA~l)?wOfF{GHBW^kK%hbCS#teAx0J$*E80G3|Q@pMekj-<CZ?
z@@gb{<~;DflIMRV&;Mk}v*R~H@GNMWE&naW&ZaH?s>IIng)FYv`RsxJsZwV+gHL~=
znJcK;S5EzKQ>1cg=~7uab?GLfa_Z@&M&;Den`B+XGfN|tQwMK~s+?N6G`4bT?@dva
zQ*SL*l~e0LEgG_Gp;7J<@71tQFj7VJ0QoAv>lnX=>d6+eLgo36HU%oJ6;#U(M=GdZ
z>1ZmT8vLno7+%!DQa*Km3-h*gdIwA8%5qENRBPiwOXFl~<KY&@Iq=zz*20woBd|>9
zV5xWcY2=~PQ4bCIsZs2*umdwr<6q)%yhWt6<;W@jcxlT|4@XK{4tOD|vSsBXrfR7N
zHb!WV&vBT(%qW&xuJgwZbD#DwUvx=@of}z@N~h9ySvs||{>UfhN4&6HKC*!xd7jJf
zUh^ZwS%qfKq9!?oMIGZ8Q(YUO#+U7lNC!<a$B33@5}$4#r;zHDma?S(92+k6YLY2N
zS%y2+-oi1XEsYgcSn@cGZE27t9K{@4B6B$2-ojDiA`cZsJ+wW-QODYwtEcKv`|{-&
z6Iw<XtZef4W3ciFe~mj5;jgV7qxft7Pc4O0H*|DXs-ldOA7MGoa_~nv_!@jc8Q&8E
z;UU71S)VGCcFNi&s&RSd33Z2R+XU58&pyGh_DO^szKlwymbI0e(pgV1bBXI+=5d@&
zt16WGm3r;YgaBStJ$EGRc}ex$p0H=7>bWgp&&#Uk)&%I`a7Fdp(zY5^NUy5Sn-g|s
zaN`LU*0QlNj2+GL@$O&<)1ct6UnhMJ*rk&F!$XKcj=bRX@>1?Bw5ca5qkgVF5nU{_
zf7>80<(gBA6drYITyvI)KS}py#1;?z;&5#7(1>WX)DDfX>2IO20QHaIA^0Qc9>O%|
zFGe+kuAb(tsX47Jz5(}z@JH}cm~OgBwH66I(6*{Odx66j3Z><3;}i!SFVK?o;|%df
zbIPE%X^*f`&^23u*a;pHApVDjouHWj<%N7qbN*DdwgSqb%T*Jgw7@T?uo8inN`aPX
zM-*CmK-)@8gN1=`&Lac$*{MnYOpW$B93|4t6ss0F?5|a(XM_)6+?j7*`zsTcJ#9*%
zQzgAtwxNn%li!xrTE6MXk{NvPQ=?koz>YD6Ue5kh)(Xtxupvb=r=^bQDk%2!5JWiZ
z3~^ZdPFSxPb3Hd^obP^WS1+a)LGa$AwnZU^<t9uXKJln+nV2Q*ZE}DQwv4IQvk6l;
zRqMg@m(cBOt{G)w&gMpH_6&Q}R4LHKA)G4)tOffX4Vn{qr{x-voHCEM?9u3=F@tlO
zJ&6d5l0qC@g|cwbUNIWXdDJ$6y26_f1qF}U7A@*;hk_3tucBm8b8E?>m8RLRiJJXw
zubh4Gv7j>p8*}K-jil#`&sd_>oY|80p~qzXIG9RvJ@RPP#eo)k?P~*RkqNK1PFNPa
zS+UaQWF|yc_sm)6mv{Hj8j;->RNZ~4-aTE|;f=@+N4-K!yy_p@p0gDHSkNj``(x{K
z>PRO`wk>QGRn}wf^ET8v{y3vra;af-b2p}6!W5pA9aTl~gx4r%^wDDmAtrdEa>|eB
zZ7vRz6$OtzX5rs)-k4CsEDoPOW-zg2S;E7wcnQ_-O@~y%QJ0XK54CE9rC)Im^$}Py
z3Q{f*?}nX^$#Rqwkzgt*y1qj~c3;rKpnf{f#76vtxiU+sg*NIAqSYO&A=vkFSki*&
zWV`aLB~15q4g*><{m~V%kCsFpy%h84VDV^#tOuU6A?wms%qI|6i0&?8?KLqnhA3C4
zi%wrDhz5BhOYzcUmXf8LJ4BVKDsB-W^0p3=$O~Ioh`g~wl#p87!Xl*3zsm-<dI}Ln
zCJPx=A=m9?F&GSKVJoBFPfWB+Ev!|I6?%&7(DOyB>dC019U_RC(84OC3f1I4ZxO6v
z>DG7YJM?ArKr{MsUFJ(sv`uUAk)xMqHNxxHzpJMZtxOI{t`>rCcajo(y`L8dy#2T>
z0!KWT5P`>A$;9g@1TJf5gTQi6^$>Xexd;M7t*i)~^PEKBo>nzP;Qn`Ng24GHIs*5;
zqa$#3iV1<el31j^ZAol>+wx}wUT5ami<8ss5+Zi6$5K;DN9^FXHi+&0WEF_*VnyuQ
zXCjDQkz++{@EM8N+c}nHd8=L2vV6~DS(cOEW`mmLh;@0)CDx@+$4V|Q!56C(#4nN{
z&gB~Qi3nnB2)$M?BXT8~kB`KxICF)a8r1M{4!73(8Rifmn<H1v%HkiR+eO)zDI7la
z7>O-w+nE9fQee5K&}R-ZgAA6OME|(ljwMT;8RD^HEna34HSL@UO9x)^FnqFR3gW$X
zF;f1T$B^=iRtKWR{ARlNQ(a16va>by^o_{V3u2$%CZATUHt{JNR{QEnBB?V&a2e?c
zvH<K9#Qt^>Zkyq;D2QS0qO5=~JrM;lvYq6_vmOg44vpr-^Hxq=+=UI!`8Pz^Rm;Pn
zuxCgLxamS*z@b*Q0&eNE3D@Du*0xsc(Wh;YQ{1L{0<OR$;Lb$}xINFx+0SWRLjiZA
zYfS{)U?Y3(dRJY*^>>;CTpOhzwhDM)ackR+(2-{n;%`ijZH?|;cK93mMD_5u=-CMV
zN?Tj;cTLH$0Xa3q-?$p#?~H-Jj|}{sG~=(1p&vT(68u@TekdTcUTke&{d`hlyzaHf
z>n1z>u=$DV>4%#p{Sb`O4=WU2KdC8RPrO|<UMVYZuo<tDUDV*D^Q3Wp#f1B55r^#;
z@u|d%cxY?e!o&mZtdu_0T*RwQi+EMkB7RR<Deu*E5l^p?m2%9mQl=VK%3-sWa<ivG
z;PUnYfg4-eB5>RD2@zQIxGaAYg}_VC*dTCxPW2EtwS5GE2U=PYc<OnHz_E|l5P^fc
z*93t#jH?X>8dU|ZqKy<hMrQIPdo%fBVl%l<D_KS+3V$Q*@OQJC_}lz^1b+)3x8iSr
z!r!%;;%|Ppn&5B0QI%nCHywYwd9)NvPJ;P_zg_nDTbCGr#jRwbbQJ!+uv@@I)!b%$
zWWwL)QTRKe7VwmsZZmq<2!Fke1>DQP-*;yGjbRFbH%MRfYi*0b0f{Bx+17^fX-42&
zJ2iZ~niBAYNez#UQo~b}8FQqj5^!sc)bMgc4R1Eo@Dj5cUf)9@@I&$xd};3~n9)8V
z0=Kth_+l&qw?Aux!1b-GhrnJYPr<DyPr<tO5`n8)))0YbY9s;284~adLjsO5OTglQ
zLf{5M;0k*LmL*2u_?EUF@tbxC99c~S&NU%$M-&1tDg=gViog$R<ZAiKaJ7syTrFpl
z?UwLh(!p2kb#P%~9bEo6!xv%^xZX~OY_Fycxo(nyeWPUHQl&#mYpO$z)kp?TH+0BR
zLk3PZ%fLQ52c97Wj<!eOH;EB=v!yKp$J=q>rD}5EUXu|sGs=h=p*ZkdO*wFRjh66M
zV+k)amhdLIgy}}@8RKQtR_L(5EC*e1X$s56G#GN&AI!lXuv0I#Zn_6BU(9`b?K19@
zHCsPxt4UXalf!*7iZ9g0Crc(jttlVNs3!~`OaG@$hvwO;;QB{T&`HbFbkfqsc0ake
zZ9*che!}V(!=|usd4hYpd|EQYmK@eT5q(3<?p1b0c~`GB73KAq>t^MuqP+J-it_e*
zTGq|_x=o}cZ=a_VRpedvgmEOYu5FaJyyS_9Gh{<s$wSMZ@R^+<tBq$$<TERuusB01
z-eN<V<sia@RFAw<T;uSdqUJUWHGPVlEQ*{nBjmi=)=W;S+FU9-ZEnM$Q;9s;b#mD9
zw9iL@m$TJy^9VU9aIlS6zWd{+wMfiL3Wq~&jJIqsn8s8@x9=0gyM;byR!*~=r|}K=
zl6Z7PAneS@$!XRWx`*V^_D$mB0RatL!8PhLC{QVuP&2V~um=oc*;p4oo6I!PapYk?
zYyBklplaz<GFA-J7%op?K~)!h#9>(%od(Em(>muV)m<=i?Mi)r|DW8c(e?7?^5;`c
zDAV!<`@(@Is2<;2@<<&xY)ti-&irLu>B*l61{}1Jl~KK97l&OR_!%#asuAqd^diB*
zY*l7Ag~NrP#+E`pm>W|GdEBE0&VwDRu7h0ksO&Q%*HQ)9=`$BX-VqsVcdltHMZQsL
zj1|#i&>(sOZb@X2ljcFtRY34W$^hyAFqa4(bHwk1YyNB{+6pmEh&qNYxHyGwl^A`*
zUkca!p0;|Oe7NQht6-Bd8dCpXueD4(TjF6Qm<Ff2ux2?pg~5qhVz9|wH1Xvq)l!_;
zC0`YHDvl}{`+_X)^z%p^#_pk<X4n}PQ@Pol-8JkC^QmC$_U`%nbN&tg2K%Yf)chVA
z{tb3g9jUoJ^zqA+6V$w&@va#E4LC%VoM*kO;Ty1@sz(*Qs}C}iCjjzdHwol0Dp+>8
zn*ee!70A2PP1SG_C@YNw#^B#!L8|Dy_bm<o4zsB$>h8B_M!$z^R0b^cwuZlli!RYL
z<ZT_8-OdC>cIR{zz`O$cs4Cz5t{T1qJE?@*+^+fin&n_V1Zn*DyK0yZx2P%DRUiL)
z{9?nh)0au5mQK&ePR|=a6cX8f0~JKJiQP5)4ICq~jTdBVhOfalNup_BPYqv#t5mMI
ze@`8VK2dD(q8$I<jq$&s@&5q*X#8)xYxoD~P2=C}t`BlGB|+Kb0q=welCQ;f5(d8`
zAi11Eg~;B~2PukTpqT1oWyC<8AWRH&kjjruCk84v7-(e_1Lev=UNi<-M-23PSVIi7
zp_?H5a$=zM-Sk1uMh((Y4)QZ&kP$RUK3t$dKI|r_dxi!XX$&$Z3MXDU$P30GrwAv%
zgO3R(XWr59ckm(M<coKRdpg4k;+`#U3oc(w+*xXH=cbed1+|yb_^-nj8h`ma8omx2
zX#8ac&L>B)_>*#wrz3@`iN*6^8nO7Xt{UdSMB?M41|NT<_&9#K@QR+H9DD=DQJwHF
zdWMInr#B}mxxKij<ehEA#mk6`HxU;vQCys?21#~i=vCk{**|hGSay7S_P9|wcCv9R
z*wG|q&!%vAGk(>(!`_&pcON|_mCK>nrjH*pR8Q~RsG_OgJ<6g2vP@-r-^-O|-+PZ~
zhS?{hlM>Z|-PGDtLGyOE__OJs8w2urrBnOGHeHA)()rP|+5M<(1=uczAv;ISXwRdC
z#*EJ9CMc>br?mP}W-8)aQ!cSDE}R{6P%zY7C3Qg(HB>4-AC<!5S9@LdcBmP?3Z=B>
zSH7(lNU~b!vO4&hZmb<#@_WcY`z!Pzef(Vy4gU(gAfz6c!NT-+M3O88E9p2h5TB0g
zpN}C{@#B(G>tdT0K5o$Q?DJ7{{P6KOTzUF=NyE{PN4Qe@+2a=Z{^IfY(0}n<42VNp
zN%&61HicRl&<~A<{&GC%2Px>Un4p(l?nG;<s3kEVoMNgzZ?>5@TKw59i=DzsHM^y;
zO{*faJN{hM>?XE~GrLcple3%DDl)r|sx`YYy2PMwM;wuFNzj_bx1uf!zJCRV5Z_;a
zJ3K^MW<fG$-zUrLmMbKH|F&m1E}G^(8-t5YttBGn#5R?-Hqcc5Y!sSiwT^?Pea}iX
zg<D6^BoEBvvhdB;@rk_mnHUf!=ScYW#5PUIF`&QsOceAV<ivsg>t`hN{c<AE%j4=q
zME>Y8Gm%GwNlAoQ{J9N`<<hf?fd|Akor^GVaWn((jK{$96a()vG4T1slsVcmKJ=Gj
z<zF8q8ZX8+^^J(eG3}$EKhrV}^rPBK=)Y_kfqrlM>QJW7<E;9Eeti2Fkjq<2cnf2j
z4zx68vnhHu%j3=F6E&L^rrF5jgt)ZWo?w;qie1Q8)f#^<w&_}AjTc3)@q_W!_%yY~
z51H2ZiE6Eq@|KayJa%?xgInR>;5g~&$+T}iYUt^29N`Gnt|cf`el&J+W7NEl#5RqM
z%)3wY3i>wQ3JR(fblbFoRwrITy%MaT?Xiqiq<C&yY}3pL&s~k?xxw*xu2S*b5EIYM
zP0Vx45*QaFV;A{xwf;xMHhmsh|0|=7iw*INixOpAY&01c*Pl-a{oWSwp}!f6;F~QZ
zeBZ=2-D+V#Ke<B`^v7Dnfqp^<3H@g+BG4c0P@OA6K6)a7W&DAUEaPvexO;zJSa*$p
z+&N~`r>Cm@<H#N%d=1Xh5**zlJcO=UamBxv;8?pD#C+(HSot)zX>=rZ^Mhzzd{fuO
z@?z0kd9kRojj^eDU+LppCVec!U=vB2GdU4Sv$-pyeL*v^Ef`93y)NeZ5)7zShG}rM
zOE~8d<L(m<M_s|{ZGDPr6dZNbrS?229F``~Lt|o%nxo3z86Dg7X~f=H8;#?&iEzA1
z;dq@1$2Y5m<GDFzo9A3o1mgu=Jk78U93-#A$2~ll0~ZPJqXga+nn$Hp^ZJ@fpGWO5
z2i4A2JIpWNsshVnQzKaZulPuw+&1<K4VB0@sclSo{e6)Wm91?p#q}jNhPI&jmk<)N
zFb$^kRBYE4b6_}mgwOWS*Jn{J8^2JDhpDVfC<pUkR;_GIgM(edWa;0A__s;S><}}p
zZAzvU#Wrn^$h18cnU)UoS};p4NeXvvHrQsT5^3{WMEnghsU-d-PTL>TiINuueV(*o
zV!b?9l>_L#*rsa{2T+mMd=MvW81*K17b%g=$9~hi%7l3=0{w|Z&?~+zZc$Co$c-Ml
zXQU74d|N3mRA?nWp4OvzlXbtzC3&4f8T4bcfWD#C)az}};8vIeb8C4duU)ip*9`5J
z2&y`=V<&wv-L1p4xd*|NW5_UlEv*3Em$#*d?#o*YI<TcZ^7WT*tX0jWyrPRCF%=Xm
zTsjyfT_P^UR_bkAYE^qRUw%4<J9@W~tWg=;^nT>z@}qWEw*SIol9nm_gwFdBkvY1Z
z<et->2=~Z%`Kq|bbooWp*MH<gov!I0>MD&N!K5}72pq=!-sy`eg;a*XS6E9Snd_BM
zO(a?O;Y69alt>#69~Y^reX15^Q#fwv;^9zOq{_<~U5;70<Zzf!q{`<dxKHE2tLFPO
zmfa_hq&K}vXO|CfD7?=ovM@N$k_+)$4woJ<7jGCS+hwly*AK{w3jOlDs$$1wOXvR9
z!CvBU)zbb!O#Af*j4bh;uUhrS{T!x8;Cw$XI%ngX$fMiTeDz0v#9?OS(O%X^J8}5-
z0lh@0%so9YpAg-EN<mP8#pqf>Sew_S2#G;^nHODrGiJfzcOwrC51Z;ooR@WU89Kw%
zwJv8BRFidFGLxl1e#v3{4nM<&ZdD?}O>Bi6T$QwDn({)G5>udOwM>b^Pg4$i?lY2F
z{y+BK1U{-N%O9_s!?}3{36QD)8W4lhf?H_)O}nLVY3*goX<OWQLG8tEqx0)lXL?E<
zZK#3*WG59MVXuIIYykya6UA0kg32ZkR$0T2EMec||GDShw^pSpXxqP;`OoLmjj8wU
zz3(pPo_o&so@KpmtWyq$*E-2{+MrWtkjFVp>%<J7o4aF}6T&-rKwfJue~hB{-VO7v
zba>z_dCZpUB-Vssdkzced&cIkdCb_VwbIVz_>~m?hr<_-k?X{jCZE{!XhvrzA3+Xd
zJ2L#GVay^2UE>_|WpG5dLQCax*p*=h!V$ylsK`;*jc7Y!xIg0%@2FNIgTrB+(F{#=
zdi_Khha;U#pP@C6I;{n+;xM_RIlF^(N7k7?a5!dF{pwNY(AsjCYE>PeJEFs$v=*YH
zE*2uW=W<_LtsWfCc2b_pGB$Tqw>dBO;BemR%o3wBnI@IYu{!f@cSk6e-*D*NS;m5<
zI4EA2_n0%DYfZ8suW^cRvF-}8zd1dJX*wcgiH-DIYuaD03=1OoO2&ltqgF`APD{=T
z0%G+qXJ)L2Z1@v(qOUZ8$>UHSiHZkiJn$m*-^Yn4PF1Gbp@Wyv4*df2h?SwASE2?x
zi|Dw+wjlE&wq!(A)b^!37hC+2{>)PGwDD4&gUFx8_Vl1sh7))roHFi+py?Hg;-{rA
zJI*LOHAPtpldJifFu|EtGlqE-(Ca^9GPKexo3U4wY<Bn>#yI1!TQC^e{d+}AqTZ6$
z#*9|9Hs7_U4VaZH4==@sZr0^8PNc0|XKm%Vj;*YsSS)VDR$i29E3Z~tc|&*iR{qkq
zl|OEHD_3+jx4`tot-RdY0-L(KPlH#js#9HCS@2k^>iX{1ru+?uX`R)Zwj4Her-8t0
zor5X&^_uREeLb_YV_&cC?%db2otyKO#}e`n?KEN~FYTy+<4043QQ;LbgM5@TUaadf
zJl*JdDZ<m$1w!udbWs_Nu54xl>3iD2*FSOuqmyyyqT*XeS*>wqpL(>RyiLZCK2t+F
z`KUc)^+5IXgyZQT_4K&o>EMn`tF{F>I`XKpH*3aWNJoYb!|ZUC=+|<lr|y^L(*wy^
zp~_}e<LFe<jjY1mEOB%+X-U=Q=N*~$R6^%P0k|_JT5AShbYwEl_uG$F@(`~i5*%_R
z!yfP>(~9n~VzJ;M$wZpL=N$t9ycOnz<78qypVbSl8%5+@DUQ95Los<QbDeiJ8S=T8
zlQZP9@5GR!sKJHD88(O6e~l79TPw~@81q-fn*B+6a(nK_ONR@#?EeSy<I*JYDf2nw
zF<nner!{{sIyK%7cWiC0YkIo2iW1u*!@+(lWLg8g9uelR3Nx*W6XU*D#!+46i8avT
z&cqhuQpD3j*fAFi1A09)3+Ot`j8rOb=Et>=D>7CvW|FpG`X7fi9|A070iI;^mGa!N
zckzjsmXC#Vb;RD94+|l?(jf9jb>eKg(C*|Pb(EcVxfn1!AvqOb9!#rjIIR|P*!h*v
z_8BFiXci+IW<h?rd^Wk`w=mP4yhI5e@;D6aq>E!s2G7cZle#F~N0k=aip50_TYry!
z=$OlcuJ6;f2+?_u-+k){vVd`7l3MUP&6X2KR&0*!g6K!EK&;}v)!~aH@tqBl`2O`C
zEx)xNyQbH-t?;1uf0Vvm#2K~>VozR-5lP72D0r)qK9}ZDQzK5X2{=sHNZEocMJ$Go
z3U(MQ#xM_HA1kDnAqgFv>SpefH+quy#;-;J7d$magw*n>5gCbZ|3($vc>0uxGY{kP
zO&&_b=rc9lZ>L1k9h-mKWMsdUWmP80z8mQ1x{0i#y&MKki$rCNS09I|;-!)S#-8#d
z6#{}BRu72K+*F?OG(rrh`P!3I4gd~)GHPwKpaw;g(Z|($Ii~X)JxuvGM5kJX#bXCm
zrD}=hrxOeiL!HcEgNKNC0;|&cCbp1#f&<BCSQJoMiH?cZJHX_)iQH7-BOEqw3o~UY
zzgC8>>HwqdWpvoHjbek2iL+<`ALjD68LUZ#v9(v}0rj%VaH`Us%ilfhRY=W@y8~pQ
zIn?CwL}P*pUC-gvMvp1`E|?T?MGR$lBMjQ)(MfKfHYq~j(w{hdvBkq|67M{tVnR?(
zlJFnpu+&-M^+`_Y{!tFgoh9ZZG#N75G-|BeVub@a?$}msIZ=ku)-2VQ5xR7>tzx~q
zVn10?3hOf_MVLLP=~`J+1{bY3>-kQ>MVF}HqU|`W?iVq8GHR;Bjix<^J#uaQ;3cOp
ztyX%OY?%^?xp9_q(d&Dx&}>4C6+1NtJ{%I!g%1DWF-jjnot<k(vP|vWTZmf7rocbM
zVd0R7Er^@pQ+8%jGQXm7F*nMq%nF=#m0w--noebN&CT5bR)`TQub=%>BCfb8rJLw2
z!Pz$Vpgjo%M{V*b2cZh-XEDVcEA)M1J14M~>hz4EvVp{~nx6zgABT5DPgNuRr#8f0
zDw;5Sj>88VJyN1yG&NGG<h=Kc{`H$0u^*aejdP=~dLFcxrS^RKu4^HR_db&1d+Xxl
z=NjeAnchF*Y*=(Kp~o2oeol%iaHwu*3c03oUwtwqQc03ojdC+dJ~LD?VPNF)a~Bgc
zYQ;0H$3JrTT5OW1IKzK~`?LW5JLJ}jmJfR>(@*(R#);{kV0YPK*C1858dkES$!7(<
za91sbuP=m^w11&P4av9nF#H8)_?sB1h@L9vTyj{j(W7fVe3mi?a=4?)*{nZVVA~Hi
zd04WetqBu)K#cSNaW25JAx7pFss3Hns6|oeh@drJBd(afoRXMzeU>plUnF@sdy|!t
z{n!+Tq?O5GxF8+J4dsuF8%i%6nG%tgOeLE<*2VnXhWDPj5K>ZHm1~`i{dR6+14J$u
z@B31h`NXBmSOUp&9KPM)(eVZj@AhU|KxW{(fww^X6)#d)Bms5U@-bvLREbG=IUs~_
z(!lrU1(Y;S3iIqDp~?BN{jc!S-csDZ*Kfd<|Kik-laO;`RpZdbLY4JqBw}m^dl)s4
z$Kl&!jOIZc5d(%82^-J6++fxQQ9<TnI6XKVbH5>mDcX7^Ra+|k#$1(|@q*dpsloR2
z4)P79`pc6DHhNoO9{gNoN%T@H&l_Ww`rD5F4eM`S4zHbN3|q-W8QuaTjUcw;v+**{
zuoVxAW_8Sk?N3sL`n<T9SFtH!2tE22YzuuuPOSP~OS!vODR=jpi>?6OzHV$p6MbsQ
zq4I>4o`JlCT?sJ!(C4^JP(lg!Fbhhaq=bPmA}>I5>E+MUSDW$Sh>ugYg?&#lY!2n2
zkodb<0AFDoru<Zks{1utG6%mOf2<TXQRoju7yAxSP78WcHj=Rd^uhiE;mQ!Huh&o*
zz3P!Hiaj{I5Jxc8vyVM7DLvJZvKAHHeESAb{PX*Q;@p4phKm$w?&YxLKBmI*m0Ge@
zg0J?%tznz9cBXXJmQLFg5Hf1{Y`;^%7~XC7yq7Y_*04RKTYC<pE2LyE1w+{Fi8UCH
zch#0~tdXC8brN&MQk3R-Til<IPBK3)kL!h7!!dWR!EBfkXO)Grz?N;{0IyXHbF$$`
zv?c6dn3D`=+b!XA0oy+?+UT<-C5L&+h=MCBs8Hx)#s>7#(FfZDW=fckCtF!*BokY>
znK4SmN}Gn7iy=ikmpMKIcprzccQfo}k$^N7-xhXB-%H}waxplOQ6neiqs?J0O3~9Z
zISiRZd<y3OSZu9jzb2}D<Hr|CmA~S!^w*5SY?@-O9}aGE<h+%aD##&+!E<8rf6U?4
zDfD^mM|dg2A9031<(2p|%7#>mUfG4(O;#pcKg^uM7=Z(@e@j?8$CpiFLA;YIlx_bO
z%IR{qeC!{NUVaYq<+3f>5;pI1{2bntOP>i}ZVAT}Ph2pGF*>9RF_Vv$8^KA5ei%84
zu>fZByTqX-Sxq&Kc>AVsf?m-a=1yT!Y2COfT-k)d>?tgW&EaJoTkxlwaLj`P8*O}g
zuMMAQ!9{7Ae>j_u6oes$Dt*Uaw~gir4xdd@pQ+jsjwy9dJi}s!S3rA)UKRW`$+FM^
zvsQem8DAp1F?Ungab7gzuu>FgPF<NsG@8xtrT;eLzos5t*c^6>NX<B$H1^lGNnU<y
zyqvtnLA@QNHPIoWPBWpk&E80H8U{<LA{9YRMG8%}d%YZvh@~}wu`kkW_us*JwKraf
zkp)I;&Tt6hF&xg64}T5*jx%f>#9`ubjL}&$GE#$?{5?e)#n=We*RdI|p^0k#Jhss;
z$7Z~%n8!-Y<`rZX)3OM!&@RVp-jz<^7M$XkkVrMV)?>(2F?^iE>Y0%`F3sjwD^c&j
zW-B#tf~F@iZS)qS7Sw8G<^-kPwC7M`;}MxOq@QwzSCSo~w;1!`mDQfai01)4fIsI@
zH#;Kp&&W+Lx?G2MbMelh?@n;CrhE=t#b-19bY3^r@=euxoK=$UFrs9O0`E#TD%GFV
z?Auhs1cQ4Cs>O%0;g4}qb|e%?ha6`U$BZThJD(pno)2<9KVdu{xFu}pK5uMfEKn@o
zF8-OI?4t;U+<wE+F9o?NU8vf1LN$D~Q`dyyB`|BFSUY~7vRn|N#vD2$>WM$DoEm0a
z%jdclmArmZg{0?+HwY%SLrNgyZ@73~zx}=hUcdh9)V#hahj(6O41XMwnOhV?p1U<{
z1FyUsYAOW#&AddWd)exsn^zcA#N`m)V^y>#)&47C#o|9h84q9y<18wMdv8GO!Dh05
zOTTvKU-yAmvgfK-SrA+BNyLfQZfckl|LxU=IPtixuH1D+95z-sSg*l$c5O{3Imk3A
zQBDcyi{M*H!IL9#d>XE*jnmpzZwuF|3@kP3t_?XXGH%W)@k#jPJ{HFk211>i$71M*
z7vq=>pN9j5LVqrSfI*r=w}ew@=nD+09AZ%=g$yE^kIF+=&{{Gy;?2p<t(8i+dTX+C
zyQR8zetWWW3pTJ-=I{{LbROb*71w-R*J8Yi>sqn+x6X9I7+JxbJ{WgPGwq+tpEThI
zwo>Y|$6-_jtBp%5-D0xR4aph!W^0(qn~D}37FLiFLut7`+!SX1CK+(tLph&Xz%myZ
z;aw!U<ib!l74_h-S5VPYs;3-o)l)c&P)Ga7jy?t#l5~{Ax0}LhNB)G%1HTQlt-)qo
zyWCHmxmm|HT0Z_04^ZCeEBI4#3+2KD=Mmi+wu$rciVEz=Ka*uHgTXdgtu-8%0>$&#
zn$am22;dc3KHka$7%<y5Ulu2O*@BYRPbw_N7O?dmEnl1l6@>vy3(<a!dCD?NJnDhX
zC!%&Q;v>APIy0MbIB*YB5cQU@ojSC9F7xy#NvS1aOERcA!i>V0R;*QG2M+7*Vb~U?
z7ZML)d@^Q3?LBc=*GoqRUv&-8Z}Io6LR||85_snxlLA(6bWy;2QyQRv$u^0u4TsgD
zPk#uIP*=G{W;N?!Jmw6a;yS*;IDF|LNbaV%eV;ZF@8L^9Kl2%!@zjzjMdfY9l0zuF
zN^wTileDuj&RDz{v*8!Tg}343aC<>q50IEKT<x`(jU5*osun906Z~pMv@ud6G>zk>
zoMD?Fi8_LZ>i9Us!lJPcBgqbF<8ajiI)~LErVzoWpyt;sjtH9z^(tM{u`P$M?_uyN
zEfJ67Q}E8+jD|er23=LkhW_^#i&azl<JN8As9gP5<H|;5^R{q6j%{+B$sHw>NV>9*
zY5@uYET*(!b>*Y4?dr<HR~elXA-r4Jme+0#$84urKptlW_Ty}*5GTbsM#or`jxo4g
zkc5uSpTahM3;`0a;5S{=*;1g(@h%f%xPsQCNJ*S)=~T?)P`=g^w+ozmXGC;fPudl{
zA-G(PWS;lI*OORr9CIGStN1+zmngMyi8^T@y<gC4Gr!!-&2{X|wE}EQA*^XPW!%t;
z%-R3;GnRDa3j%S>fn)bDLAo%xP^Z!4s%x{b!$1c1ZDcH?lTXZQd$DJKPm4i9;pHk3
z@2sEICH+p6@R=-@1kEIXsr*T1N4xwDLz_KPLYqIF)lUV<dv#=A66JBOMd^A6R*2<p
zb5L-paG)@Nx$p)H#C1I`_rdF8Rdqq#*aJpQB6(wYI9^y7=uudRk3qdC3}ul(T*n@_
zi+yxDtQQsr1grDG_zZ@*T6J9M-=Ay=YeF)q(MhR1yHRTRPhTWZ*rOq!uok^Syw{3_
zV2fH#6NWEvSaQyz#Sly^4{uZ`-U}T5%rGBvYY@n!cZEmG$L8W~Q_5r+5>oKe^`20&
zn^4Sw@f%3Wo@2ib4WXtdPqz5lYZ0NT$XmRRq7Gro$6@h#<1z{1R8*N(3_eeK9Ks3X
z$q-Sj8Q1(mi?Ad0hoc5k&p3<_rI15eL@RER0qgsU+A!ms(hB!QBO&)K>(KMkR%3^C
zr)4$?3(k3hDr#O3f6k+%+Bw4Fzau~K`8iMW#3?n=NPW6ATysRP?@o;K`OSr-u!IIv
zdNX+~TO&Bv3c6E)H>N~Fm`NTEi_QD)CL9*NN(SAZe9ag(ZH->PfhG5uLa<OCymMM+
z)TH&iG$xcA6x`c^pO;Gfe06I4{4Ir_i@Gg!!lc{ScxpSYwRZyPeyD#XLR7eClcy5B
zZOE9>%llz2_hZ&<g5YyW&C29ZIz`=ZPVO5?$sjs#n0P+vP4lK`+B@JmM&ib0q6sr|
zBZZh<@2M0c3Dn@j99|cst;^fD7WD~KJm|clyW>&YZPKZ89^$#acv1>q>sFH$HHtkR
zl{cxwPOwTBuK$R{^{)_TqL;(tb;;jn!TLWiys-|u&>sI!!MMni<~}7ZHd9<EA3mKS
ziSM7qJPDzFt>GL~g~)%U_*JzuC~Y6Zwz^gz+1=^aT$&G=1;o#LbUN*~M<c}r%AT;H
zZQfT*g4QMZEa)a$lh2{zyvK?ongv(0q|;U}_xh*}jI~zk;P0UB)rg_*WY;Itb{@Bf
zQY*$xuHB#VuJprb;&tdd1`RB<zf>N1@1D2rN_R)ycctUc8+WBk3_s>4>DwtcIFDg_
znAuC229)xQD}2gZ_r$b_a#xn?bTS%YJT3^TW<3*=U-^C{;|kW=kN?ME&R3PvoDZ*7
z$BNkJKv^)Zj|rZcrR?!!jGp^>Ej}bR{DWe%mzp;wouini3dRv2n_+7?AC-H;3ATQp
zj~3eerN$DM><wG2e`y&VN^qqXGN$y^z2PM8ORLHm!=Jm7knBp}w7N`0GS=j@H;{Ys
ztVNy>=0NTHCbONq=)VlJy*Dkh9WzN<0)D*6Q=5+2zVp6fwrBUI2I@L+SX9oEG26HI
zx?#@G%9+EgXMwYXkHd`7glrlUH+pYanOl}y*Pvy_!vo@BMrWU>xF~GeLM{&^HHEyB
zL;P+U|Mmbw2Gi~?kk*igcZP-dlGGe>#Ml%$`hml1ENbIZi8R>^Cb1wg*cuMtjj(x<
zrw+SBFM|74HOzhI*tl=J0p_bPtJ$L)n7yPzl^O+Cd}`To7EOMUY#umTK|?pq;>7X8
z+V>+>nu^H!;odMaY;9&W)Gt!5*6ayKP1A%VOdMhK`w?ks{&R`D1BbJoSke}?>ZI#L
zl%-$v+)%{bdF3pMzu^pXgBa#fX>Ba&U&x0Q(mV%!aLvV$bh54{F@P}zmDk0dAwh*S
zZ&)9;?pUE?OcT87l9VwB#_kO#hTkYxjC9Q2aKgd1xtv)MIIK;q&aRKjnPulwf|<NJ
zHK#PLDo4K-ww*~_Bm86g2N8BLD>{t9x_Y70I1j2D<Uu7%zdAHx;!499hw7sqc~$u7
z(1=#7Eb>+#^)SoJcNl}mLdc<`j+aB6)!<KyF&q9C4&jaPHx@wPLBXBHmKNe&%rqXq
zDu%zL$F1N+GG6uuu^AV#N=N8UHzeL-SvZTsjX`5T8wW>H<lnA4t^|t>gCi-;fEesP
z?qRV4C7q2M9ElpjlW4=1mYl<Q@lx%xca0B>9c+_a2vOK_+#_S@PaZ7Ihud=aTC~;0
zZ&<$mZLnKm|3DPDLhuIgh42b^mSlyy>y*a$ybQ@b*jyG4bB?PuSv5GKD`Nn9mWi#P
z_W;Yt>o)k7jNf&o8y^{Lmpy+1uO0Wq@u%RWFP4Y30zsN20iWEI%7WJP1-F^czB0vO
zK8qb-_$#J$cO~A;;mGMQ!`s{jwr>oIBv<CPo**0BB`HPA=+H#b^4L+eKz)+DJbu&?
zEoTjlxZ;GYJL<7wtIozuUW)lJcvr)MOgnP?MZU-q8hQ|;&lX~OE@yGNU|Kd-i41i^
z)9Pm%j#_rYlZU#^e>WaYs=dV%3T{4XDgZL7zaK^<pK9cALCm$1JUi7;;e7)W44*kn
zKWUY_yhi4M9%7@+b;lHC&KMF2DTmYAV~!25c!+xgye$e`#la_z&1dN@&>IpDyiD)~
z5`mj!Vjg@xAYzGqTWrF}Rj}%$M{U*jhD5Xi!)9fzn5}FMBX<!L@Xc6~PK(kkYAWe8
zhr@#NVam)BWih-|mx5~1-$zg_bqT5y+;Zyc=flO7>K<vv&<K-Pe>cKDp{Xe4HP}ey
z)hneZ<W(xW0V4mxp}*FOIUF(0NxM>S<uEP@ol-l20D1$`5UE=F=GLnVNYPy$<z%Rx
z1!E*!_K6f)=vy1dMwnQXDBi{c*wv(QW5>RduwzfCqX@5}HERwB21eqcsHCiQtIS)@
zXQ9uO2%|$~Y=%zC_4dI^xvn^_)a`A?lS#)(-L4=RhcoO3yLu_Z?=wRq#m=)NfL`90
z7wamM#(1&Le#J-kZcm36R;PEKXwPBr#E6(|-s6u-F8O*$#F71W(lJkvV1%thB074X
z;vug5p*I}2fW$gEzz#6ssHf6yBYlCn%K%I?4!UiFZ5GlKj(S+2Sdri~L4r|o9BmJa
z*BgfS6<pH^mU5Gh-Z1I7%;6Ll#18B`bn_t&Zyxm&6qDQL4o_U{rkVii97c+He3Uc%
zORS#ERQn`AMi(o=9~>L0tJJYQRPFFE{0j`47}1NdEu7r$(a~GVwR}##;)~;vMs@y4
zC|yAblhTJ`kw&=r9A2zS6S3k+4t`dE8axxHbH^37LPyp{{QA8XRQtutp)E@q$s*)%
zoGwip$--f^tiix#G=kSn?`h1-X`Cgs>44q)IN9|{Tk4u5w$w}Pw$yO;<pk4Um+^FE
z665J5jWM1sy(r^pV)HR<$1Ck@-7uyOk#S`YW)JD%|9@{2pTwp}W^Flmf=u8Ay+l!i
zO+^fw!_T5(Ob~F5BH85)x$yQ*9Eto2+!f-wI5FaX55MOI{Ef*cVZl`m7=vq2-GgcQ
zWH25HB=I6HFujNuJ6eB<!|>X$VKa^|@#fePd<FOtJS)|MLEXue0M2#}BJfgC=%!qR
zTpC&bN0K|B0*3)t(+stgS4qkeuiB43tqTdCIlsnsH`CyJe#~rTD7NBwY$^_tT=5rK
zKyqCfKmz?Y7jwjaTgjh(X#jLUi@#JU1ZVX-i+*Ptzs-Mgoj>J2D!`l3cBy>WQrc;@
zQ1Rd3--E_`<5hFx)n5XRs<Qrd@;|ZzrcEbB=rTI%liwBplB=0)_V`syeZhECgxvVe
zp>32@&@17^5NVv!GGe3d)cS$L_)g+cQ|9M7FT%F4WiAVf)nM>%VpaUuEJRdrbx_CL
zCHOD@jM?DRvE^+6yo|%dm0__FGNCC^_neuGVarnV!&kN8fMDUXXR=fpm!IbdNwZ~X
zK?rk1C5HELolLuJYQSFIr3H-a#K`LaIW(2A5GEI;#4Io8Fwu&>G^ydjarm1jxen8s
z!<tS^-kRoe_-X|c2h-fw!)k&t4{F4-CS)LrO?X$Dw@h&|Y4-~1j$$E)w_aDl;ehuw
zo!F(n`_}H3$}y(1)HwEZCxzn*4&|L0b~5#i0lG`wIMIm_w4TYKX~<uJZDHFS_e#cH
zE7<~abZl7|5YsdMD_Th}G-VuKpCQ+=6|7h**Ky8_My_KJ{h|`X`?-z}D$9@#<W%BS
ztJyu|G)o@Unc<a+Rr%Er<f>Na>D0=K&Zfu}*V7ph46apY!JD&EL)@2g*wk6>3u#~c
zhzk-KdbMPE#~ul(SYm^(W_Z21JR`fiKE1EAm<hSsA@DNVogLxX8u7$e30|F7VOtgG
zvX{xBB<Faik|}<0sgo&PDs994%Kn?GXWZ(eEDMao+pEIqLT372B+|HqA+*M(T>CM?
zA2FX7A^3$9kuA=PGb@=E3kWKIR}ilv+BeAb(GNQwOm>%o9Ohof46Ev!q*5JyBxHba
zLdUsUlK9|92voX`!?CLw7Wj?zocV|=(C_N2#gdBy=>>9;rq54&Fj1dBcAZ<DU-huH
zwWeL8oDm*2w$_wu>|5*1!>+aKdkr&htwN--zw$sbjXe`vaVRsjN$6c5o@GJr2WUp1
zcYz+oZ2kh_lJu!+vs>g`qdK-ocI;9P)z>h*&V)R-KkPCX9e)kukR>a<{jd;tE{BEJ
z&^3iOB+ZK-wpkZn%Av;5;2L*>Gp-S=QbxlFk-C<x<8@reE-G?mTR&c9R$u&Z$XWgE
zYZzI#0e>Ewak7?&=ZSEd#r(FLyrU1NFt`2k8Wqy?;gm3VK9!UZIC9wjS0<>K*J2ij
zKayPwX7b6zPjZ4%+*$oPQ*iLknFhk$oVHsKeQ+eh5Nt~&o45?lzh-H+UJiZNEB3Kt
zre&qrg2TvK<#+PU%y3A7>EfB_gdQTBs*x+g%qG2L_s5*^n8~}MH&;ktG4%DrtY2bt
zK8nmDb95|-)k$UaXc6HH#y?HOp}y*Bi3*H)Fcc@7rE}MiBDpEUbf`Z4u%5=;_%k)p
zr_z>OtV*6tTT;+hGhU7Gq~j7rEx1totAffsL9gTXfz_+QT?%hqqcE>89<DU+{+$PS
zMUe~@A}yh0&@2x7*EF=gw7kK;$MObU%NtbqN$ISx7)a1uqLH1MMgVk8m|+`TT@7V(
z_)R6Yfh*Ld{InvS0uW@8>AGHpPjgsW8&>E5=0ZzL@r@TT+Tq)UeksF-=t6XVcLu9W
zs=Su{Pg7pk{(#DBZF1!`6H4cW8P|f<%2g+dm-A{8c@+;IqdVgmW^&lv$+|1kUC3T_
zCq<*tB0Ytv>Q1i5q=Zx5iQ%=x&187XK8>vRzN=pEM%Mels)zZI!?3-WWAtNNczrI5
zk+>j%yspITQ916vJu9W{Z3Q>(bOsty*jp)UJkLX1Wo91alG}K|@NtSJNP!b|!wE{V
zhT0|!e-3X*{^+-{N6Ws5Y@5|Ta*<xWn#q$xi0nH3d3(SG+OB=XwX)N$W_}^oy@)vw
z3X%Vqlwzkm;=Hfv!UY4jNjjgqC7lII(#cc@d2<eLJSY*-_16WlBfLl^8(w7v@ctt@
zui|>GvKC`W6@L!n=7ptP^fWwKBV^WFD{YJW)^}apxNDK#N+Vo1EQluygxQ4Q!(u%u
zX~_@u6hbj)n5ETV35)7FX2Iqa#9{toc;<^QRKFp|szveta@gT9IBFZnHA!WhuBXv1
zrgnDjp|NReOmo#3leWfdoyir~tK+poStqi=Ja}`u(BA%+tA9VPUef?131#yYSC_;T
z#SX;Py#`kw)!kH8yd3J3Ha?+yNCht6-kI4{+Uo8uPuq_>Gw#PLyNg{YjjFn*+&@=x
zSk#%}^>VCI4e73@squ-c#_6;*KDBD#m4dhDi<!<8+keKKA7uL{-_j}Al-L0A`C)?g
z@c+VZYp^|sk3E&PuFjqF58zbsi{n&t=x$btapXKaZGG6fFq<%kU5t5s@(Z&ZsQoI;
z@L{fFdodN#q%QV|ZbQfOIUKlJf@7JyR9!MDL#$Dc#FcP5|7s;-FMFg)=DW#)!zWx^
zG?T-J^W;J(AII)mfExG_eAJoME9<WAjOztF$n}`~hmKP57s<jg>y14sR1N09Rxy~C
zFli3cDU=@l);YuHVsynd<TV!mLD2E`@NT9(mR1g|k@FhE=Q#U;zFle{^EW0!?ipA4
zT$nrR*s9j39mih~q*kfpKSMvJj>0+9S;56OB^PbV8)0TeVio^1VfZrCANSM?&I#=b
z@MZX8$oxyoxBm2*f5ydM`Qooi=U)N(i#TR<KqS;eG&%0Hr%GsuPimEZN3@x2X=&`d
zEjZRc(%^N$nA0BfzMw_MPyE=jJGRj1KPZ?uc$xagk1aVAGi=dUEK#18ukff+Ki2~2
z<60Lw9=yC-=;rNG{8{=v|IF!z?ck+=afxAjD-i*Tf5pkT0A8vxYb9QM=n^%^%T-LX
zlt$1@45c||cnJZ2F}y<E1pG|iick)7b%!9n(dvJz|F@_fZLoUL4^sU~RsH9x`mgNO
zGkI&{zO4g$1lts0+eh(|B5YlRxeuYg2;04ic@@}d3Hp}Et0}m(M%~N72a#B^OSSa>
zT;ye5EBj?$Zi6j5?%lxazDn!sxJr`{^1=ZTJ6KzFO4)>cHb5Fh=5u)Wl!xJuOw?=V
z05?1~Migj4Her{*vmu4EwpWO29P?n#4qHUh5tCB|Y(Ko7B1|mBeE2g%Y}F(KDkg^+
zoNB__<O(qqcCDv7s{J9B+UT+6y$L}ski(>AM(&SMQu&!0b`57XnPHMu7Pp+7a$%@*
zsty=aHEKY_fZX?qs@IxRwIE@tJ{JXynF)bc%f~!eeZfN)Y^}H-bN>UIC{OjwV%r_t
ztsG|djxh3}H}2TPD%M*uqp7XwXJlL#XfDyf*@LV|R7oP;tvNzs+6wdnWzfrmZw6YP
z-Z2uPN>4HtlO}ct2ZotH$1k0Y#dH3F-?YEmD_+W1<tJr4kK42WX8YqT&Ujp$=sO64
z?32N?9-KlI)b@=qyp=P&MHlt@pY>?@Mtk4bKQ`hdV_Lqba<*TD;Vmi=0Dv#*nt{Rp
z;2HShd(6N;aX8vn4d-T>fjwu^%)mc!7$d}pn{6|IdGPJG9@`~t5(4VV;esHbJ6!}+
zWldiVq4aqi4zKlu5KSF@B&owQXS+kKTmm^p_NBF}nY_4~F*}@ib9H7lGd7*p!SDAs
zL2L(utWAqqaAFl>;xQM`E1l2L%O^EK%!6%8TE#0(-8e4m<-u0<PSq37F`G}xrJiQ<
zd)0q`O-7qn7h@N}7dDc()v5?v{xi1fiY>3Fe+$v8uDP>>Y}3C9Vk>x4wvX-L*J}70
z{8)^AGPZ({((aoodl>_KUm<(f3Kld}dt^hko5L4!=s#_O*ai+#1Feh|G5+hv8#pV#
zHXL3MuUoaE2LYObfil!jKQ;1ymHFL50nFx)aiJK%=hGvOC{Zy%11+F1AgGGr)iw@(
z=)9f2b{h1hU7(Aw(rCoILG=a+Dk8p#oor2fp0bIzolRWrV7)8)x%>_RW}H>*cU?bu
zQgz_)+F1|7YfScgvY(s%z9I?;837<m$IBoTvfU~!vVX)#IwmS~GF#l2(Beo@AWx05
zid5U{c+`Hg*u|{9sb9o(wK(~#awh=(yf|=@RJSfBmnKwyLsY+<LsN#A!V4kQifHI^
z4lh!X+>jre@tgu=P~MYlzn1o9^)%y^y=^ld<u$0m7Z*HHdKc~Ed`E`yTY53B`P2p8
zu7MGq>$O~3HFKDMiUlZ272eKaxLC})IK#&&;(jTs*ScUcmC<YKIgctC;IKfH6omO`
z6m>Y!s~#VNT2DP@aoD`hQ=coQL?biv9fDXDgId*i1{M16$)G}#LGAs2&Y&j$;0$Vn
zok0aKFK98S-7W@I2i_V^_O4YuZ8y(R+odyRX(6GANEjn32<g*}9!7*DNayWH4SHdz
zhxzexPWgxKB<;b=M_?X|x+>)<N=DmD2aumZOIUD<=>?)Q`-&u*wq;J(ZqxZNhvP!4
z*JZ>D!+4{edCtE5U!05$DoLPWgT7Odu^`+oVy&jwX}Al~@Vzb?ZeAkRAvGC~{9(x0
z%VDLgotlONZW=B~amWVn4ksb^o8cs6EuWKO0%xtOpL)9bQCQaAff0G<{!<P!rKaJ9
zwF4rRhH-&d?=2e{E23~kuw;T^u<nIgM={KXSB^1OUoYtAtdKU%dwU-&1G`V>p?(n+
zqUz(5bgaRe9UiR!y{$-E{V9iK;xkWkR%cjsjfuFdx<*iJd6!iewx-f;5HoISBih+G
zHInfo<Mzs7t(C7mZ;PyZe4R)0DJ%Du9G1TpVYE5@I{r8o7mr?YJkTH>k*;H+p3hIZ
zR=XH_d0)q`BJ)?U(Z6CTekH4?aX1~WBV!j&m93rzLnB&&7R<QPXa7fwqmM(qCu0(m
z=1P~vG>VLLY=eV+X}-qtuQ@jUMP393`-+<EE0CIfjW}bnFL_ay$KkED9xeC}WTER^
zEVKrjb2!#h$^xxn<R*{)A3|L(#vIr=B@)7dSS7aNutbQPm-_KCzn0Iqri*9K8&86a
zYX#Vfx3v9^V=I2CqsGsn-+%~%7FwuYklKd7+GtJ7cT=C1Ph*P?qF_4njM+VqI5O$-
zqZP=|=qFBiQW1579~ynJAKK>nP&Nz{n>8yM#phs*IBIW!J?lL6_>(A&_sCSoZljM*
zvpyPZ@T2@GUL)8shquE_oXf4?ImMPAQU?pRglm}=5M{Dc76}pu`x`ljxjI^hKZ(+G
z?Q?Y$={8_sgyByl<8Cgvy4Np$#>6M@O!diVUE_Lni|o};qEUPt)(Qrn4Kvqz>M$#+
zx)2kSqPief5L=nOXu|M07<h)Pvf;xs9xdp{d>DZYAvf3G+Th3~{cO+|zzJIv{UQCr
zbm$*H%Sh6179@c^Glo1Qqmwk_Oy~snC_#P{2@cVI;Uqb7hM!|BMA6Vbf0@(}TI~0S
z602wdpB!a6dU+RG>UV~^=u2LLojoNl!K78<;+L7c8hREs^_ML9)ia*@|B-{#0&=<E
z91{NFD2}%H3Qt4ygkIi4{1J41JBnW3%6RUqA_lE-=zoR;ILh>gyi~A3jpw+YWW#5F
zWqK{y;7*N4w0LVj-gq(T>HXL_A;M0d3@sm;S`Oa(k_Ec?qAW4c&GOw11iJZXj4RO1
z{7)#*&9Z7U(9O(G{>ucqDNP&bCRQN>-F*H@`an0YR~vbg_NNVWQ(cxc(9Obq?m#yS
z%bbC3s`t4A-K;Eg1iCr6PeryERc3AC1IEL$vIfGD?AoWoUO@FI7By|rl2SxG2}PW1
zh$2S0DPoJHh{+a3)PC~cDD=^exTJ`aji89AK@o4Hr-<RnDPn&DMU=WIV$Tmw5xYmQ
zsG%@VzP+}Q`f^=5ec7&6@3r*iqm59Ts}j`axe4fxo(lbG4|B`NNAhsjkX?B$N`(PE
zg)O@q`t#ob11kD&fdT!I!`QnF%^7Cg9u43nu=lQz&;bf{x}`Itu(gf(@e=YtLJq#V
zgxGC$$z!+0WLC-Jk|di!eHja49*mU%9lde*%0qau8Pu)szOXY>>d`VsL^qRkF$-3#
zWFeAFTZA+pIr-kjS{u|n{`N+oKSJu*lOFZS0%;38@h&0C?6^HZHuRB7o1!Lkup5=4
z)}sMkF)qXSU$n0H2M%*aGKR$x37?)3`wm+jv*4?hj6igaCVzDD$!d~;m%yCaVP!{M
zyP7f-UG&@$2hg1ypi(F=-w8Q;|Kb2(7Ymr@#?Kya00w@tVHWVKe=H1K^mk?fJsMyE
zf8bDY7sK|siVFns67a^cJ%<-4@PhbjsYi5lL4<Nrw~HAxbFS<E(oAZa>Hj~IX8y=w
zp?Pcwg2{<v7Kiz_Yd(`36Ng!7aF{>vI$~b!c|S!{oy9ox5MBb8)ktX03eC9Tj-;U(
z@8B@<PNI!(?qCJTVBDQd#%4Ubr{UO)1Ikm!X55ewP0B5saVRg7;_bX}EnOpugD-BJ
zf_WUKb*;4>02B!Q&L8Lm_#=nu;skg~o&a;c+X-+ZhuP~{{09jxspShvcX73uaI{ja
z>c^g>((1@ErG!WkxFNUB)hUG9>U6`b`vHe}%o=9B=;$TiMfS#Q4zpG=9kZf%OAY=c
zT7$PpzzaC+yZd`KsR>!`*j*vYZS}@>Pw0Eb_Ib5BQblos`fU5&Z7r|1B7H92XGQv4
z)!=#~tm+jNd}9rrMYAJ<bL7Ni6Ez3I^;QT_`~Q=K1Le)F$e<<F36VjsOTMwRq|?oX
zLan=6Sns*$CTie%E!2nzoRjw@M&MjyY^6#25+iWdmRS)vmpFCFOb+jrC5gb90>a@n
zqSk1!O;h!9S(0APFnYN(NiS#GdU+zDmqU~FvNlyOiM5u$7H$-juKCi@UL&OHsO<tN
z)PPdZ(CrN!3H}CdZ_=CzUm9lu@>2BiHmE&E`$EjyeouX);?AD+TpXZ~jE++Uo?Tbw
z3_Lrnml=3Ai$lpBF(or#79T;%38j6lx{D=|Gygt{ocKrxv!Mqg)?1H1iDF*{AKVp{
zXKOs^xW(ddn7uEo)ijQ-D9uJA?s8P-^hVw3Gy=<x(WU58Pjawa0oKVd?p7Q=h@@#b
z-Nzf(zx1s%VK|0CML7w<UJi5jh3gs^&qa^ZRweP;$jf2*1_~?8#Xr#~juJe2P^4a^
zJ$9!)##<Eh-T~&7%P6m+#@xMORv?%|IjaldC`J$DZ(XM-vCG7R?#dKRwJ^Qhj1yZG
zzy~?36NMh3qjN^NOqQ~KZ@9`RKhY|$qYm5UH{#_iO5RcQTc=MvC94QFbwwOoMDcPS
zkhXD8<B!27Bhw6+5UFbd*cRsY4AO(IAgF#<n!g$5z^t`QzUVhCET5d)z=9#;5tBRr
z-QAv;!6=4Lu*|!!g*_^j3Lt|;V<MKk{;wRWcY7GN^&780vcE3k@PYI7hpyKjI$wX_
zdi~LED~C&eqf17hlOwiXRoN?c=kSTGV$@ynm{}3w-7yj7$F}n1>&{`ZtSBfYA6`Fd
zv(&e_^l_N5fw6|Y`Lr%pvYbzbM$Dc}o!}6e+i_SYyW*GhQD0`Krw2F;+ec1o4x-!R
zDAbL^Xi?}PXQ9nyF3KcX<Pm$J7M#URvZAN5lgr1elsbYuILz(I6fIE<?Q1zque0X8
zpPF}L2LF}A8RwEl$Cz$jJ`P_2QxqC%!tlp1cn{?e@j=aaaw2olYFv`RIcJl-T~zX|
z^Yyo*ov(ZEv1sA5@h)0;!#0?+qn$+5*H&?nyW)a6i-=B-j*zK)4i_7XSsSZZHuTCK
z8&Msu|87KOOTg53m_<`N$Gd52be%<0qUt2ZwOX9Q%w_gVyI4Q8HU5J)sgOSM&aw!y
zm=Wu|l>Tm~xTbh^6MPVf!=uI65(XZi3#7fHA_2S!-jtBjm!2Tz!>Iipb`f#7ALXJI
zMk0`mvYjm9`;2kvb1yC3>0uNd%gDWi9pJT5GDUeu&aeZYD1&9ZViRpE15Fs-$zi#u
zY}A_Ss5LuDEuz>}^g%vB)f2LBM;&vb*ntPAZae-IUPiH}1eMj6+o<eO4m0+8nDH9c
zlq+^b7j|##^~8ymR+L9VF<E?;O4w@L_I)%ulH_)O`5p>EJ}0H*KXP1Rl<^%qRan;%
zNnY0Nv_g<qk8=k!UcA!?LB7+-ZnFb3xz<%iw?Pfw9T(9lV_?lrj}UrgH;#{sG!zK5
z1BWF$t%$qxo!`vo@VV{nym9VG;$N6=y&T>gNA`S8;me(#5Vq&lM!mV??1FG#BlMJ@
zBS#o=FH9e21=Funqt&rH*RcnQ$7NR7uPtLEPC5Y&qj!189zB~wNw17+SRr=08UF;k
zJq4Hz6C*nQ33hm5m<{716z=)`CRH-9z!)RK?yVd?+98uoEmA2Y&y0zrOFH}MZndVT
zQ<PPG{LCnODt)_)cdO{rqFoZa2k!PLu;+Sba41J(eO-yWHD64{1v5TgpT46@jj~4^
zWh)$QM^Ou^wwD>@52q-PT9qok+$er1{XDEN${rk(E^))^-5wSz2x5Eq@Q|kp+eXE5
zpB@qk5G`cih&|y;PfW*bm={rq%b5w0dP6xAU$WAd$@g=|M50Epawh+9gf6cU!m;?r
z?wqgX;}aZ~3fbgI=kafoQOH->PXwP0r8_*V5MB<bem)C%)XhH>W2fPmt-S=zV%K6P
z2n8^^3p9<1lFz`E0qg|bb$kY{j)~)cWRqg!JLkrv%7wAWn9{S3DRswWI7*qJ3uFdx
zAN6z44iB^S<^SMwaD71Z^w*-NG0YwS&0_FE0ga;z-U@{=9Xr9@#bgWB@0iR6S1+b#
z=rB1wq9YtW7%$Eq+m7xCCr&d~gI7WSeU#kwO=}td4D01GPK^{}Pgw5Jd^)y-_l|ms
zu@jse5(!}TjUx(g!A`?v>q{rtTUVDVXLeb$pdwItIb6xm2aktTRD!d+ES@}dtZi;W
z7BL@?WfG3lU1J(JPJ=24EpR9iBzK2APV@YfeUi?dA?1nZ4u}5xJPfn7%aGq8I+qnE
z38WniJ?e>L3ph435=G=0orNH@v%X<l6NEhGPE3(ogjwA&w<~5niP`)qvh5J9!O@}0
zw&TOGk#r$qFYGeJ5-*3|V<Ymo?7iC)QeuaVsZzZv>H8Gj?UBC1xmNlZFL-Mad0cW1
zLL+=pDd#R26A1-~B?>;p!7Bsz4;!l(<uPMr<6|NT@p{+omI*9#nTvnQxGH^(x+P;9
zq>9}(s(9B;6_iCz%U2;hjn<|Zt#LB$TWCCg$N7Ag@%#(xIeMWZ6YPd~%*eGe3f`$9
zk$53`VbC#80DHp6Ln9&d!os5-UH*#FmMI=)vN=tc$;IU+9#M$TzyVJHvmq7{Eab3<
z0Av_EA)*x+$rv1Xv95_NS3fW!xKx4M-e>4U9Tch5^2Nsg)>D9;;AmL%sDu?@_QTi`
z&ezjt&JBqKZo!@~oW(Hv+d?=K4ipw*6@xJ>rek|JQtzq7wsFy3bZCT$whG~NSZwgY
zjCjoPupADJM)a|s`e`PSs8{<c1NQIoIP<aJAu|;IRQ)Wf)Tv|>tw1I=N8|&QCUCD2
z<HATVBl9Y_DJhe~Sc8pjO7e2tZi`0xTQpKb^Ln}TXz0D$lP0_@l?#Y}>%~8WIWG<?
zL9hsO77G#32>QFkF7V0wk5xN7F)@n)d>$rdh-KK`OULISo)Hs^J7K@!^AHg9vV3HO
z$%VmxhYcA49e)Q4Se>r2K8^^}bY*C@Y8vm7vwDyEnGO4UX+Ajb(ZL^pUEu&e3KgOi
z%BNVPW;z?rh8Y&Z5GJ~_p_h(@@LEO;JIFa{SD7Z@?zL3zR=h_1w+pr)SCBskWPNBI
zP|hJA_A(xQltB|nk<C@o^0&rC7_Y6d@23kxBOy6c=AP;^jP}%pdXJ#KK4MRK;lfc*
zfqWN`B#Ae`(Tv(EEN2|HF|F8w#&R8DT5dC;v9+ZVJ`gnq9+c47sZv%K!g59r<ZoTa
zhd9hQsF1NNSXU|))R_mvaiguJr55N#P{jO$CP=nSm0xf$TxpbFRO$f9-j`qdq?CmS
zB%|LtXV?Oo7K^$s*4nT#9a~f-#meT4{<~sjBMw+t*_)&7SlP#WEI?uJNGDcScEABt
z>>lX^Dn>hB?{vK$>wLY#^?LjP3$2(v+J#npVe8e_kxrN+ZmT%MU2)kS3+C87(utK#
zK4612)*SqfSXl=P*NB%|xW?zB-MGg5JtnSUz!tY(1Z?4jw|0BtcsmRn6A4P3q8M9p
zn6sNQEUg+7p(yCHcBjoB7INYitHz|oEf$ui5VRC-@y=dX&S>la@5f98LW+qO`iEnV
z9ICf*cyF)AX#l)!WHLzL^#cS6X#SLG$rh9+s{M=hs#9dX?PaBU`N>}E6xmqrShF0M
zPF;iThXoVQfp|$IfSEidR&)Ddn)Y}}M8`~Cf%#B<IK4cW!$l3%rk;?qtS&B&pNS<(
z9xNN3HfPz)y%vD*Rk<5Lm}PsrvfK?m%-(CyXlCLG%gU4H1)8(hjwe8~IIY8Pc^sc`
zg9jJNjCs!F41FQY452TeRHKu7C5mvX={wL=rYDE}Wwy0L4Xz9ckuab{!Xf*tg&Jjb
zv0k<s+vkxiv^|egTv7`vOqvD#?Xna|oKhV=+-D(icGY3yh-9k6Ti*!P;k?isS_s9V
z9c((}sUiV?YAhl{F;kF_e0b|ndP-@bs!=nvWqU}&@asvDC?rLq&{QPI0BTB15l%^Y
zT1DdZeIC<^)uuUoUgjv+p2Pfojno{#s|Ccu7IB6xgV>W7V}y%6@}evdFfHw6e3E?F
zK7dhl7e9I_5<6X0M+0~hhk>WUl0;Ne!$$=n1+koIKJ-O#B;x^bx=V0U_5IW+2mQC_
z&`*N6m<Mww*`l>A{CD{`F@TSn%L{@J|2?QE?W5+D)C@K9bnHNFj}NIclG9a_x>Trv
zpt3mFOs^QM`!{)?kY{qA87-6p1btLJYtDlFULoIcSiHq!1`R(k%02t9>^I^UJxX?9
zet0pcqH2gu66VG7s(lKJl6~1uPbFz;i$*C;ZQ*``w2mTN??~eQ!6-Y4Jnw>$>Xqgl
zJ)l_U`=c60okA8$)z>IrJt{5i)XykeH7YGy*54@mUYd3p3_9Rpv0{~5^wh{mP+>~)
z5T2L%5bnU?P)sojCstlXDT_Kv9jHBw5JIigrM`+qSmE{96PA(|Ha{Zt!(|?2EwplU
zq%Hy3VrJ0zJUKQuD0X_J%8A;ZLw|z=;6PYrVOg7!QC8R(Wp4*BFI7?KO%%<CPjHxC
znuwy=q!&$rIe%-$WJ1xqID9H-_8!jg>6l8Bdv25%W)p^;V2cn)vIi7iUx?2_J3^<P
zh+{T1ix$GmfiAb<Gw>tQHhbvk<51qjlte!rl?qckvtQA`Cn;#4Se89&lwFj*>^Y<C
z$D>kVb#r)#*Ky6qbuGq2T(9C)T-S;dZN56e;$h@J+AIn$2MVvp=b#IX_kJDkhd5{j
zVoJ95tW=Y9E8He$5q6G_X!(Z5O=|2M27UH>n5eMXtU%NyYpkRiHC(T=Yg#K~kx=3F
z=!JQQNX?p1N@`Z!L4qzOlt!XP<*H;jgq9z#!fg0*82RST7W$=B`m^dCD!)rPeN+rg
z>D{@NjnKNKz9>HZ7nTwlm{XRh{V&<4R;{wkCGll)_}sPy)>tQ6Ee(}m37D{tkO84D
zPiC+}%yBlH?x__NUXRbi>!dob2n$XA4JLN^s&KsUdVC4Cvj9c!zOc)q6&Q-W)ZSN&
zi7<!uez%;UpPSnI%CP1uydEEidCXASO?>2c@Frurp`_PIBp{WVE|Y!1dtp+(3&lUz
zD}{UsvlQ}rYyp3+)$#?Y56;j+*Z~#{ciq!}c_i_kex|JucH>Zc#Jr|oYm}+5mw5!X
z9wA+K(r|HzKgi|pM^YPv&?~w9W1|vo?uDAX<dCO0DzmqZlF^~A<*;kNr4W7^vo7(2
zQd52JkVDs86l>rTKPq+4YG?6}Tn!d+_`q4>!<fqs<dCI<4jARqK@Zvb`hLu*ynbw}
z*w3iwwp^gJ1ebEC-)||iRWW&I-yJ?ZWU8@ZdY{zA^gh7@il>{?``Rc6=WEBIR<<Yj
z_a4zmCX9(ig5pftb;!~p=S;R~k*hY-(cwq$lXgXtj$8QK)UcF=*Y5WSnNRNCsn&O6
z%4&qZE42k5hjSw%x&)hrNMM4^wT1{Y+hEWVaIkH4;81cvg3W&Bl5BWLC15Cy$Hif*
zQX1leG;FckU)H<gRd?c_;a{RU{t24Kb$o{Y1rDE(U59zrQ1q5tp|`4;6Yq*WZ;uN;
zaO99jmsn33<FG6i(E<&aZu#+66QG(rOl}-e=Yx6)P%Rq9v|xxJsm=AKv6i{lMh|oB
zwLSH;*TxJ}dyRfeRBFsHM#$3MddqZc*f0kwRWEA~AI543m7?DcR4VR7rL_E{u++&B
z-vO4=O<2l!5|WZo&0!0b`gVjJl{$66+CmFToT$_nhaFpUUWs#SE_J?s-Sv98^Yt9p
z>y?MC{ds(ZYh(BM#_H9q66eNVZL3)CuGsGzYa`DnaiUUd58F_wihbYTf@^h|g-VSY
z>5!J&aoBSpK_KpWQK-~~?VdPxg@qFgR4RlmIh@>1@W`Nv5|ui({bEt6K@-!WQUgb%
zx2E|<%=Ay4sMIS%6H%$S8<jfrjSH2UU6Kry+IhG!sMPt=L{#eZH;SvBv%QR~muJ4Q
z1ej?f9BY;XUsKnh@_;9fIk0+UB#N25UUgt6=1YwtJrcEgWJI-NB2ik1JePAh3lS8x
zYNSFGwv0#%MQ!=U0-Gj`aDz=-ZEwdXyxsOqQYdQ7h@?=|j&Gb$REWm@8y?5syP>Eh
zr757OIR_;ab&Cy(l2$2im8R0LK00Wv&SomvTF`R*phwyXZ7+@JhN1sw2QLno>Rp=t
zPW!lM^Ug$IYTEE*z|{UDZeZ%Q{R)`cFv<d^v?Z7i7xpy@nWB2sj@~F>YW*lhM(ayc
zlhNfIb{<R$OpPjagFAZ;CIVAPscEEDPQC?8xiP71=+i6Og%bOM6PD8Q4X9}pt4CiH
zOBoN~C<|#a*1aUnNRY$phg61q)#5nD>u@5o^EBy$p1!GSqp2JMDQc8mo;f>1V%BNt
z<*>e)6dk9BC|y)X4*MnKNJrJ*hC0RDCpauTYJpG#ZEam;Z;QzPDh>y2ZGGTs>yI2h
zI%<G!yT&JiZnoebCe9X!nF(SV!rAoTcgER@B+gb+XAN;~%uP(o4p}&xSgc|U^8i6>
zGKT8CR-6#v&{fOF4sdLcO(J`M!;llE7NvDD1h0MeLJvXN2@<^a4-$e`H!goa#MQIn
zDoU4EE*`4-TL;+$w+A^?oG^7N?RlqCWs}itV*kpLq*~R$W1eD~+s{iPbxNt4cG!|<
zUKyI8RGm8N5S983O|4X&aTbpbO;D=NIZN~&>avSIYKc%aB`y(auC1@<hd5=gKF6$z
zpO&Ois^%TGWU;eD45g~yu>_^6CYe&TyTmO}l^r&fs+mI1X<3SyLYJu&D?5FED!s~<
zqqxecP?aC{gb;XNX);~nu<ikvBtF^B6x!v2d{7c$Qma~Y*rrvDjw!8b-ytP`%qX#)
zbqbqZcG#^|eOn@#l#j#22#YH)RH3T7QwxzDIJ`IXB2m?WWf4|*ePJP4pOGor8xe&y
z?jIS^iVZu~Hx8;{Oip=ZudyB3pIb-veB;PoRvOVILK;xWY<mt%4W>YgF)L;mDn_G;
zwuoPsC8DS{Y1?6oIPQQ)j_p~vjE44vj-7^6cH1TtnjZQYt91TQa`@g@jx-jjA01Y+
zbH1ceR;C{t<<FHg#>#Y&QT%L4S_uCWqwJaVWj{5_o=#u(Go$ROlGIQygU=6pSXDtm
zP?FI*C6Ty+!HY)R82q~>)_S|4dqsR7Dok7#2h6ZK35wU^(*Yej!}y3ED8OuZuNN!4
zx$yczd<L!}9Joj?5zFo4FvY^YUx_tnMGhR^GX~i|miAty$|&0}mKOW2Hp=#mrNX`|
zc!<|a&|3lE4Pf8dLMdYedl%w!@MCGYO5=@T_HrV6X|kFP_Xwg_w<O<;j6}_eoz0-~
zkSCyHPk66ay(s!tL@&H{MB!~>+TLU^4K$y`ziVO<!+ch(WFdS)6}@Bt9mi}A1IiQ@
zes&*S&-5#cga|<opcm%uBSieGGBW0yXE2z3Bgy(LO8&NEWb(6da)_D_vmrWyZhUTm
zIT-;Rr!XjGT7dzQpAA<!Q1Uw^2z<8*0x#*M6%=9*csHX!$laS#Lf<E2iRktPgXNuw
zCF0_}4_S<^qSR&;=d-Nhb{$M-6=#6UZ}p<zg|a4mnNeWk%C!ne|FaE7Uo7FVXfM66
zpp+K-KcSA%YEKH+(Szq<o_w$@OgQ@7I**p`#L-`w=)%!|DyQ&gE*!nE5FdjDqBTO&
z>zqJ(HcS-VFaY%$7Hiy)-<5cJ7xB++a_|yV|6GCU%KYuEunDif!)lb-+kz1hEkuZ8
z4cF_GNhv-kgaWY@9xTMG?uz1{;a>uJ9RCDO#ebd=|FL6^YL6?-@k2q;am)r^pb&fB
zp<@=z-|va*_#YhluLx^33U0JPjd+7XX#Ru4lMFA1wweziAQjv|lMGn-kWlR2xK@(M
z_6I}mxO}6oqvO8@%=5o*HzR4h=<4|bS+$S#ltHwMII*Vm)aXuUji(CyifKJ)$!;8u
zT*nOU{OkixCllmwmfl*ywJU`T{iP`b$H<wrY=Oc@$-`U;%8o)pQeI#pqT9Y?F>#<z
zS`dyI<!irmAfhuDkYK*{OXbW;zjgY=Q?iPmGrTH}{wQ9_1EjdnE0t*efsi|a?(5eR
z;2{LmbN4w!-)A^PZ(w-2-*|uKzT}d$DEv5wevZPY?lY_x{)xkg8)V^w_k|3(Hqi{Q
zN;dO~qnQ);Su*qE90uNC!ZQmWu!-82ad_7n$kF>8zF$MEO4Y7P)kY<RBljiuF4Scs
z!>JL8ckY?VzL#@hdk#Zt!)B+xe!yiARYAQn_~WJrERiN;c^n{z1=qVsaEzM-cPAmi
z;cgN<VvwM%P(NECL1<?!LR;GiLOb5g%=#*pzd))p2fKw7)%7Vb7i(4m)vb0=z>L&X
zSL-PJn$=i?gr-Mj&2^5NQ%!nJpaAuy4Hg+4=;kD&!PamlJ8AE0tI}RqrC|jo?N!{z
z%n5ju!&V!um48QCJ4&=xD`@R&8?6m_z=dfZanRae`8r$DT6PG%0n}(`B8UEpoi6QW
z@xvwzuY&mna$7I!77WOuGYg#jv6jdss0(uW1rK1*Bp2h$+qyZa+z|J3U~YkEGDZT&
zFUjTeXFPzvG_fv;t7UR%%0j5Y3k)-%X;AzX6i;t1CS7G&H<|W(L4oO{Q)A(oTkdZd
z&diiW%DYG-0$?&}tU@#U-IoAnHie-#60nn{`6$Dhe<EootvEw}cWk9Sud9sDx$tf`
zWu)JV!>0udujE}R7cz&__cKZ{JD>|`0&x2N8j|z|bO~ZUFEuhIAHClcp2$wj!(39a
z<`)ONI=93inu}w%DFHH+Qg_Gni%O{*LQPMSQ#X%8Y+YC!#4<|j+WYN<)(O76mSJ|+
zt_ZLW0@w+r_0$nyBLq0Klmf*-+u04L3K(BQ3pc2n`NZz*C{KE&39NODnPO_bN7JUk
z;`@u07V&-;Nomn;>2#A1y4dB0R3#UxlD)g7&S|U^xP@J8`Wr=b=^2NntVsq`ldSXE
zwMjk5zI-sPUGvQA%nPI}4l9;2M)tq+=F6Zj9boBFn;_8*=FcZVV%bt5NZiNe?`~WW
z&*9HlF;y;oFKlEbgcYA9F@n_bJ{Tto<-)GdL__y-`TIW3Fz0D($4d-fZLx7{+#6T!
zpdI%oxv`qlg@v%iOw{h6Sjy6jw;j~YVIj<c315W+arv`K{?w%pbUu7Ahh3Dvn_<*k
zLq0X*zY5C*9sN+ci=^q-nM`%{gD$2z!+N*sLD%6v(|Y%nyWXtpl7&QG{-7i6x4K@c
zyw12?5;E|hM#{j&%G^NW1crSdaG0+sd5EL-F;#o8<LPnrbdY>X#0_Jv6FSfNa0p%s
z6yh^5g9R`TiYSiZj*NiOyP@4u#I{@D=!AG7j_<B8{(6OW?0P^?1`xd2#oo<SILupJ
z>|IZ_wcl1H2X;$oZdb*%r~x-vr~{ecX|?Es$7Brev)9QZvj2l2E#L6uGkw;i<FE-W
zMq{D_lh%d5>ypUS`a>1VeHK;|%bnR%$7f+J1n@~X+_RRl!GUi3gqUkCCYwM|FTC~u
z8T#oojEpONb`L~*XY=6GHDPgHjA9{jEh{d>-V9#N2*fFK*0`Ch9$Ru2s1Y*h*mX)K
z&E)WEq@I}kIdwYsPkK5J>z4L(-cukoZ`bKOKiTQL`G&@x&bw@<^JvHEJiVJdo!3j8
z4yJdLr}O%PAf+ww!i;XrSXUFCIcR!NQjtB=!Ze*Slk31Pj3y=5uN-HO-Ct=KJ~o4Q
zyQnQtbAP=B?hz8v|2n6WqXUQ#3;**N(ZOSIOCT;$h$_<w@0Sd_!EK_{J%K{ZhNc1d
z&j3CRg@HK!7P6`^lb=dyHSpGh2}T1SU8hq0KbR2n?&IrB+~?~Dov@FBKxSXp7+**u
z!7vO2rU->eDyDqJO-!I<__Ycf>SWp<8c@kr4?!hyiI;deY@Q{t@_H=hFiJ?x|H{SY
zofnA-dS32{i#aJ}(Ku#9MXzG9wI&jqdnOJqkR@03EEYAJ*kv@44O@C?zCwHs<}0o!
zinoGy$!N2tR|tO(Ut|R0m<Jz*tH_@)gwMiZMvulvbj*em;ShF(YO4RUcodoj)Wc`s
zv?%u+G$njyJBxpJuJJU7nrm4-?WzpepHX8XTp3YCUH3@p`i1)Wo0#b0#$LLdp%Au&
z`k5@QV;(G76E2p0EX1xbT#V1lA<lGze#{Kst?0j!o@(!R(o-`IlN2jnbH9_GnsJ!i
z#iXZi@3(VsFNc0zq?X!hC;AJq)xC13lbdV~wkjg=@a+Afp;pkpOANidt4$_P4Bz*Z
z!TK@@QmikKn4*uoTCqJ$nnC;!^PqZ7I2Mu<LMvDu(G_=W2~%d0)$WI@!vRrZGI`@}
z?j@PVn-4{Klvk45xLkuz3RvPA{7kOFFV)ZA#^SP1y44{u*O#Q6=ziT2Cc0kHL*H%*
z6MeM6oaoAKu8FQKNI%gtyUB@OTVPG}u9Oqab(gFAd#l5>#%bn-`sqw3mz|2g$2s{d
z)IvZd!rOAc<IBAnhe5UBTJ*xnnM@FN)tYeBAa^epPlbF6>qH@O{Fw{ug=w<JC!&TI
z-k-&YEH>7L1NZ`m^5<%7W|-p1iws*rn*z*+zl87wcrhq{z5xGPXZ}@b{w1S&9sX?<
zUD%Dy4<hiLqNSU15ppRZ$nM{;q(Pv8!?b*w{+7x^6kGBf)H1FUx^$_ZYXS7}Y9%X|
zqR-#BKXbZaJ9sHzB&V~zm5DQjpx%|!MdR2;q|-z%zc1<2`+tz9nY^1!&EE=IF!Xgt
z<hl?azFNT?8NLS&PnqHS)B!r~wVTkJOEdq<@USBlOBS3uBC}8!VKw^?Hxh5>ayWB@
z5f?X})AF7_!kCr#yZ3N2@%IJMR4YD7CX%aRl&1>%z8;nt$}Z!uas|`BL-+6bf6)C}
z#>qmnpXh#T+5Hv&{kq>@bRRf$5z2A5Ah}ew64Vbo7js&XVW(iQAe6Uk`tNnQmO<dm
z-#dA8dk#z6GrZD-KUVzSrLN3r&p32q*an^mVrw$8;NT6){8xglTmrrzwt;7ZWN;QV
zzSPI{rF;&@+cW%;`K1}|FRc+@$`TERg7PC&?%3~~4RzoUy`0&SNso6ow7osUOSzF`
z&4`AJ9HvDW<>qY4+aT*ACV9;Yrd1k~-%m_Ft#vk>J;Dk!owEks1+-wQcbLWD!rZVl
zPRityRR9gGi~8eU!Ao;^Hu`nU(QD-KQ1S%hdL^e+)Z!mHC=OYHfwvBmwBd!>_2S_2
zbDal-#CkJ__2Of<afXHRR_-=a_8hm8Y4Nm8+{9tST;+3mn{47%vx%{dYT_0S8$}a^
zoS}>;B0ED(%!z1mlav1%+udyNaXa&_GBUBQ^tdvyu6mOtW@4qE=#}N9cuv(bZuOCK
z7UMAPi*UND-i9)^UdCbJ3RaKVaD|}19gI=p*qb>_pA%-1b;oUQg<{@A&g2YPU}f?G
zw{Vy#3V7k);zqvQ8Y~gQe{+hFE6$4?9h>nHm<`|1$Zh!<#OUte(EE$9k#n{=gfySC
z*2xBHo%lRetv+uhuXP}0tsxE6+HTh3Q8BVm%vrCjfqLt#dij(b=>^@WSP+Zjf5Im+
z)8xJtObhri9}ao{&Pf;x(j{S(=>~_NBe}IX)b|b3t&vR2NXp1J&kG88GTGVAS;I%m
ziex8?-nf&c_+n3%r&WSjA0x2^{!K*}C=ELx=9<K0k^7z}!yg*_E5pMvx=_jH(6633
znWB7r_6TD<&Uk^cc58@}RH}~rBB3Ls$9p-{9c1kP4@(~WVVAt_`>%K~{ffuF*NW%=
zmtJu>EB{lLyrNM{uKy#J{AD<I8PoBF?n=FgyANP5hq7>Tx{WrW<M+&E>h#qwvhK|s
zPG6>u_Quzh7bmxHIC~kx0uKLIhZo}J|Kfs(KH8WrF>S^bz9hM71^qw&!;rsz5s8NN
zVuRRaqG2zLEe*%Xj(+z+lJB}EofloVQ&m;KMpa^LE&t06OcMi(8UqV9FtDe1RBv#*
z{9Om8%YhXo4D7M*H8B0V3{24R*rxHc`IVhd@HGbS)`hi7cM@gGO7Atsp_pM2<Y@s>
zyf}z0Ay3DiJV4$`LKBSQHT2h0$`cc2u^0{D%SnlWnrChCFw-SUdTp8!((TThKKKpY
zhb_(^$~;W2Y7i@p1ckDC@L(#RP4WRRbh>Rm!KGW2Wd^S<i)M~b=9spdJaV|^PiX;r
zc4DFh?AdLGExGMwy?S|Wn`HqzCGPg5+Okdg<F$iXr#w2gfZ73+9kdAZq3@|ixxdv8
zh#2)%17>rH!Cw0~gT1a9pj_d;j;D2n+qTUX>@^-&!Ctp-a|U}I6L$xDt=ndJ#!-Rt
zxH}Zxu5HQzAAdxyk1-BQJ%k)WR1(3riU@jNG!gusOLx~lx`{wWTu;dB%wf$=qJt%h
z42oQ2Afv1go0w?pymz}IgP}=iWZ!m+4BndPm;vOlbi0QR?f6NLJmC9GAuse6ux+O&
zh{)GsK9rqIl}(!Fr1uodswa>Cpb4eBq)8}^95(#HW`*&&vcgzP1|^!0$Zyd=MSh1S
zMjA2~xSYfC?Ma<5XH9hb&3(1qL25H5y4|5xZ?|GSAncf^{95ATv0_is+G;{#Y=^!(
zJdCIxwu*M0J}5zHK^ISEn<XPbo!Kr!%`fYz6&Sn_Zq^-a(Qs3`%*Ga_6Dff*zvlrW
z<W4ZAmySMI$^!UT7|+NjaCt@?*7wv!Gq)$<uC`_j$FWYZ!fd7|?C_9D_Aj-dEY*Vt
zC~sXm4o5sOn}g`O3dhK@IJ~}9&8pq)H4hfgl3UD2&vuG4BZ|M_@Xi`*IWwtj2N*Qg
z9t1|`aAH?jdOzBXRWFRO7wXQT_wF#GYyq}H$8CkMh{Iq}<}vZ<#@SBqiZ_t4C8lgz
zW7|BY73lc!mK$LchW`Xd>pao`b=Y_r9p)JhJH*LiS)h&`A92_^?{vN%ZMdnL7OM39
z+8JTph;5+^RsTQs{sca%>TDdx=kVk?xkEBQG6^CG1gzS(Le#caYOZUwZyVnBZN=&h
zVyj((-E75SDZ&JXeF+&>Sto`~kqL{kXxK$y*d%O&Y>{QyWDl#z^8cLYoI7)8$wuwl
z|NH&D{d^jkd(S<~bDs5_XE_%A;n?^O&4d=}gA<`h)VpN(7B|%imSv5a6kS#0l;y)c
zu^&zje~93nWJw?K5{I+$L+Ro==yHweBkbc4d6^_B!9zAic^{IO>!~3H;kjJ*#pamo
zBPXK*+T%Rz*7*u*bTOGDy7+O#$Hc^#bPl7hMdZ&XC6UVs$;FpfFh*Pvd3%Z7b}w-T
zzDqDk!-LOpI6k02hUH4fFTpR~JxhU^9(2Oz-U3-C?rgOgDk71Y0sL<+zj`j(ne1>J
zXw(KP`S(QvC8$2k581*#Gj!A26`fj3wDWr3a>{!Ry9)apU0e|HnfX#M0Mls(GoU<r
z@YWpsVsPnFvt6nVsZe^*=CQiCZjO8vkYCM}szWl*I3i;uePNa>oqP{ckcuWg^=Z1~
z)8`M_nAYCnLb@Tba3MR>lKJlPAzO^s=Bb_@!3zZ&(FF@p!iPfNo5J|g#O&?pwg`Je
z4i|0tU@uFm2U|-DD9)uq6?RGI@X__#!za>i3>|;LVRgR(h8@f(!L20)-dG=52Q1ld
zQxQRHrxs+Jo`4rkePz9b4_9(-k@-9@C9D%xn(l;Bj2?;6*u-qJyk=&B(TtbLbeQ+S
z?6<t=cnnJ!>`2O10d1923WDJ%#)!}ICZz;Tyh1wP(ZK~$U8zR%v4;;@227L5r2nNl
zPv<)7JpEPmOGput7tZ%$1~!5sAaXq0s|IiEu2new%i^(c?mah4oVVW-q>~<D2dEtx
zDRyLx+>upsM`klvo<t#k&?aEE8ztI}mF>pLc76t5hIek?l!AbnK9W2dlNgpT*t%b;
zHpS@E^5O~4^g~z}i*OXUyn8nzgI3cGgEWvuF-jp<E@huxV!oKtx-Z1k-VG&wFH7%!
zH-rzk>QEF}_n=)CMUD|k*22g^l_7JcJJuh67x!?=gIIW(d2e^#JJq~B=-~Y@3!bZP
z!v6Rw&I80`UDyyd_7)#JCg!Yrv4w%n49#UmU@jY0P|FC+3q5_(!4A69UJboq^M?~n
zULIb+uosL;k^zL%m?t3{R+-llAVgJu^_m%~zU81TXihp^%c|X+557gep@**GM&C_}
z<Rhe{pF>&Lsd{TwvZ9!WxT+{}+MIT|*;w#KIxYncXU(^tO{pn}SyM;2!vw)+a2Cu@
zWE62>NB0KL0h<=W``~IXpYF%Ez=OI$<U9CGcn?~0m^i9{VKdk*&kpcD4jxZI5D{+P
zu<7^{m^rAxiwJwJ+6*85gp1$iWg<YMsCAKPG}m0tmS|$07qiSHCVC@7stIhqY6~Iq
zpOZ<h<#>gtRVvVZFw|4Pl-1#a`*nO1K6GnY*c(zc7v2Xy_36SYSY`8LE7&tB#w?f-
ziZ=_&C&icrb3@83NQJGFn72%*jq}7a^}*UnmKcdn@NtM@B-Tx09$i=r^t)5_!IsId
zxv&L))6}*WmqfDEI60J8*re7zucW}I%!U;e5&inql!)0tcWHm+FzQg0Hvi?6Xe(h%
z^y}kOqVt!$%wb$~i=*)^#vh8P@pDRI)cAm9eut+->;IE1AI>hRE`>>R4jU^X_Q1g@
zGKI-Y5;LSFAfTDgJ>)TK(O5T^#A>W_D-tO4;y)IRe!S3ls!F@2H2VD&(Hgy}126L>
z(t)=hv_<=kpO5IjVfFWXiHY@hLtzE!ws^O|IG<Ic^_Rrz!2&a+Mk~XoW|de~wPe^)
zVUzJp{*nS8+B<W9Ra~b|)X4)BoONxVjp3hQ5z|8+DY!<K6finw#ul(nNaAJ&-4$q*
zPIBOo>d$A;UaI`sTXOhJp3-pX;W~ec=$Ol>^KWbwXeTXH3RX+XlRv^GVHP%mVV7+l
z9rL;TEif$Y_vnBXy~tN{HOO?i3$EFGMExECgI#aQZnDLzwZo#9oW!sThv5fo1~!2&
zt|`7I*4{{a4DFn}z>NUD0W${_(4_!OsAoj2#*cRHOu+twNethFFAmt4;ljtDzOJ;a
zUBv~_(JyB9wzDyC67ND1Bra~`bG4Iw7~Bw@V%iI8>G$R6%FO^;K&8KUD;QBR1V5G@
z#y?d*Ur`w_F8c~Xgfr3wdgwuwo;V#HFs~QGzrY>=$`)|*lFcV^Mk5EVcLx@@6r|A(
z<1X9CU;N7<1zG_A2zUAnVfUT2`3x-!@0RlUgtxZZ$B16K{0J(6L^xIZeuGu({yg7T
z5a<8A#yqi~=PQWwfL?1kvELnS$l5u~65PQwjn|2F9}&Y5%?5o1()s!QgSN<Rm9mtp
z@iXrN*Y?|32p#aG*eiSkHrjLp-=y@f=^XYa88zr9q=`QU6DkOo`Y_1IHq?$geAREb
zSk#`Ywh$-n7M8^0za9Ei*nHIjxu_%_$j2%akVhnVdAuS5<i#aX2flVCLZX1&FAU@b
zB?`!!Dl9-&{5XM)FK^K>73S|HRo+8{A5fS*xL<+9Y+WM$I>`^IEPd4qpT^<IpqOhh
z<FH^63nE0<MSohIyo&d)G33xBh)v+q-IbIixRW2V;KbcxlFm%BM3<Jh6S{A6*rhRS
z!r{^mQtLZMh2#{?aL2{u9NWW$fO(C>@J^JEv6&OwMw~p?yK`f_JQpz<;MCp1AR5yt
zAAz@bHpVQdsLceiDTkn@JS>{TPBSllnnvt2-|nQ+Mq+a~`^f(y?`s0zQRO$`Tknp!
z)v8z|^SU<SaEM^*ldu(_-T6NQ+IK9VJ^H^6v}YA)$Hsy7SOm1Y?`GH%-i?5E)Bg-;
zXIVhI|8_uI{%?frRR!7MagaS1fo%ERLMNOTf$Zvk31s8g)(2s>b$^&`dE(gC*NSbe
zrCF9)*w#n?Gt*oao@RD<npXm`(;T>%sRW2;*U$lFD;QZuT4MXAjcJBoep<y0bq>BV
z#_$Q+vtsj}u(&Z@i8SS~>|2oo#8D*)yxcH_H<B)L=XMj$ZN@D43q#CIst3g-7WWrB
z92G6H;H0aDGV_hv$6c`_hj&uc^$ofBWWa>!?ifdh>5HiYn0P0{G&q`1*ZJe`tmAF|
zD;$pGGyGko5|dr@BDy>-yBt^7E`Q45SiU+v-xF{%q||Ny1v3}3T<c}?j)2=*H=qTF
z_ZHJBg21`qw~up6YKwD!;&7r<bQ16lYZ5setrb{PV-oPmfq3?|XR*@ACI#ZBv3D^G
zYiyqe+%e_qmkVG}mC|BN>r3V8U!+p`X0`fN0k^DHzhbcrFOadE)KOK{>Q{<R&5TX~
zcg*R)D)}}xi^4~74L@DXR0;)Zuqb-+z+t!Osj<rOxXvAS^M6CUm%%V8@MbPDaOi@&
z4t+$+t}0lC7VRDBCRc1YcZL~sOMfO_UmzWo(ib{7oIS%>9lN{|FDL)mF8ll>PC%$G
zIivfU8X{rHsq`TZOaGJM_c_CdWii|DhvQEcx2q<C#r%3rRbS7k&DWnL{5qY(DVydq
zIrbrme{>2l#l-%DiIGwn0~Kbo1L1Ff$KmKA=_>d`S@2ABA(P=QW=!6RG<B-WMaG?&
z@+`9NNv1O?;4b5aU#0R4UxqDWjPLq`&hymaY&sN1PN}Wa_QlPI!w4~(EDk5{)^tR0
z&;?62t-hl*!+0LuqzW9^Kf_J77fjnj7g>@#KcC^YlH_X~%0<tA<_tZ|>lZ_uxVtPo
z0`(uLvH#p^`rjMdf5qLtZ?gYTRR7I69DgLvrTHNaLw_u!;l6Kn?9;Jhf01zP(KPn<
zx{qDmzFm$TJNSq<!Pt|3EFFqRt#|wA&LxY(M|2(e%}u56V#`!i>G<_-FB#j<ahM=p
z-<2Uz-43CE+i$H{r{t)x<?Wd~n9uuj`fT}2f<{)^YDpuci|l1g*!>*do$ijxtDD5|
zk1%R6GwVm63Al|&p**^_{9-R-d2;BFUs4msWN76_CwF4nc}(WJRCHm#Xi*1G`Q$o!
z!Za}iDNuJB;jE)nG=dp^%fGTXT(W<2oA4(Nr2@)-mFB=h-Wb?8Iow(#V;k&TDBrPn
zn-{41oZ607QWUEgG3xQISZKH6;91P18^P2^{!K3Q)kctn{x5*!UlKs_I_wv$C!NDh
zTYd~}COECTV0x$Qk0Duk$?BsXj|k)x4{kn^{eP(R{~1*JSB9U}B}~QT{}+U*ybeQt
zVshM3>)nPtwQkN~;~4>)It4#H#9^Nxy5?~95u@(k3i1+*`ow0`F}&pef~5ZEV~M_j
zh1DjO2m!vF?XLG7=4|Zb(34>!Xq=4ze{!KiyBC3vbUK~*R0cxRNV1t-G<y1COy)m#
zV)_wmq4M>fe^F0jco!6XJ2#SffKE>?zL5CvB$>n5Z&Q6N%G-kSM$jIeB`gEe#D6o*
zYz5z<%fgg!_JVZ!?J$3ba}-1p7&!3}`5$U=r`QYn=EE0N!UHEZrw6Zxe>ad*5Pt=u
zZbz^8e_QOfmM1pJgD$RP_vmUI^E$?aCTzNg$$YKqAmVynTqM=Cdq{HpR#@pOHA8+V
zIy1w<(z;}3XqS%vrSi;gyY0*j3>?{pj;S1e9a0H4{zyVDO%F+acC4d$YS8~4R{dUE
zLT1K(o1r~J^gFYZSm2&*?rfn+PAg?D=_LRhHqR15q#j(d30VTmb~1)(jCAKF+)sH&
z(kN9+Bo*j`+=WkY3Mu`3o10;(5l#%0n}pa1Cg*u67qXqhh#gF3fN09WTVSA&m{R8+
zEn~@M$IvM@fixDBM*OZFq#ropy@ail=jMqWrt>?$;B-2Z5buH^k+Vxoh0EI+6OXxg
z?u&kocK%KhVpBNiR|>=3;Uhbr{H`e+Q18@t;yF6_v<zXZ{1hF${T<}l`hd%Yc7B40
zH!}|#y@;8QVWS-S`%}SK=*~A)u#T6K5Hn$c>=*BX|5oeL;6bsd63hgb@>Q&_JeavE
z2Uad;l?fl#`RfL-Q7-uxNr-pA8R{TYZAgjvUnf4qnT~gG=q6rgX37V&^uh8RcoYry
zM2U_LZs3EwF+R}_o93c}cM=G9Kf?#%S6<?@_cIwv(u6mR!lqOX9W|XYFEw;wDj!9-
z-*SwHie`OKAoQBeHs-{Zf?wJBlgb&mBQ}LG_cBbP)Vi456*GQ{NeZ^fF3dDASwL7T
z7W<HEXz9eM^Hk--Qg@6)!pGaB|13I`TR1vkn?UOZd`u)!hfu?2m$FK{i?d1`!Jufn
zOkC8+(7Fl{<VOvH+mwlR*zabP3nhT5S{B|pL?#O5aHOM`8>Eam;KWujux4lmwkyMj
zHAC|W?(_vH7oK_?O5P=3?E{}P#{KvoT<a$HxtMXdwk4d!Bpn(uN(v-J=CO`UU9Atf
zhxr7ma5!TSGsuL$DU^9$Av89E`<cgMh(?a;+GwPGZniOen6q5GgEtVUV|R+5Vt+Et
z=kO208uL{W!-)(g-79^2z8=B+PAAF09-`kS+30}3yAYs9uJ~ynz-xy1mnT>JGZ!7N
zU?XTGcIEHED#YYSnUXCJ(+j1fwAZ`4u}aTF;&M&EE#>8s#Vl4}2G+T&l$fi+*H0?~
zZlVA?hxLmYlPS?!aX8ytuu|%1)2ym|5Ufl!)ti8?F17O2Ty((j--g+$9REW)5QWWh
z{=W#1f8@5tchxlhxZg&zbxele_%WRqhe5hN;LatGF1CO)F5O+fIsh7)E8V08WzBlg
z5G>*!MmXnG8qfF%I&&!lUK(fZU%+JEkwj`UxSA7XDBc)W?G<vrv!<;Gk29Liiea(V
z;);um8Iqn>4l@l!2dC#;%Z!+XONNE*v`;U}OS(rj-I7S^aSkV+X84rKILq>7HYcjm
z`GBxJzg%f!cqfcoQJ^QvdzLQqo<*X~@e$=6lLf`%)3|iwx)^igiUK*PRGP3URPJ<}
z0XHE;{(y|Q`6Y+p??;ZtLmOi6w8t-$ciJlCvYm&b&l^%Gz{#dH6$18K?h5lcjQWF0
z7Hf?qp1IB)8%vx^vBY0~#H_Kzi9^b-u6M`965m{?PCu@!cgI&;S{S*BdnbCi$l;J!
zt{5+^7#q%35j1_iRm)`Q{blvk*(6QE6;nTdNshK>gS*<q+bubS7P3UKx??xEV`6oW
zEo6xcrV>bRtxX704Mu*fKq^2ulkp(VV$nlgU+<1dKsRbp#2%ZoLEX%3H$l824C3VQ
zjo;!$j7knQ4CB=VxpdPt^{Dyvcm<MVszgXuRVc1D!+J8U8Hei&n9oOoXhA`K4ZOv&
z<8;+&4>Qdx&1=+u1wX{>1gv^gEUWAv%c_@1R=s91%gyzfcE*3iWPm&0ybfl@x6@@^
zVbj>S{^~ztYY0idPS*^1c*O(?JkDXlj~FMP<wf^|>%V1kn0g0`q}2)uCf6g33M;I9
zapgtEG-a=B8sQFyy1i}T9!RM#1mb1!0J(cx&~DBKw<}?>SPIwu4-NrI8B{R#^jdeg
zVyrF;)k?&6nxTQm?<MaJr(m8k!myv|Vu225OgS^@>}l;ZH^qQ8hO&Lcl%JN@4b!T;
zSw{}5_DPE1aEk)xU;sU!JaLBdhS)7B<!N|#A@f*Qx;;Y60ZGfV6w%u`jA_O&4Nm<&
zS1h9VKCuYQg332pjcyr@x}ug7?N>59)vSC2_jozOXE~G^$_Ij`GIN95TFk3_A!G8z
zXVHAI1&28b{1j>s$BpLFTPc*TKM^mJ{P-k?GeRW&DB^sQCIrzdT)B>}-5^!0-$9w^
z%mT2LYB-rGK)H`BmGj}R{a*QgEZ-38mr!EiTg4{d68v2&w!~E_&Xh2`RUM|!SQO2z
zI17=X`(<xk2%K~>bLmOtY`0-pOy8zJ<=?_q@9t`>-q7t>y&j=u)xzv8tA*KX)Y0tC
zvzop0rP<p#+U(7VHhX_oSF<<o8#Q~MPGI(qHvdajZg$mXuOFLmc!<TR&he)kWG$Yg
zD!ydr{z}VAVCVYc?OdaJJNLzio$Cu*xISO4?c08$y$2oO{cV(aD-&1_Xc3>kGMB^g
zS4}h14liql)vQ`)+5jI%+W=vkD{OSJIvQQvL)3I}z5D+NEaqJ4|6KyZM!cguSNfwo
zS9(HFR?MN2Vd#-lrC{8t(!Y@)HLWF0?NpseabO}+EJ{p@6(%Y2N+~jzY;;R+3k~L7
zWlUF@m&*saqY4`zTqp|z4EYwrhH&L2mr9UTja3uL4A3_&GeAQQ%Y-D?VD(Cy_nS@<
zFtUau0cr5@iUM6LQ+c#DxRuk_-(lQB#`1;QG>C<7%8L^VcUMgcLce$gp-R)m4o{Vt
znnJOuDfl)-+-D9htYR3&<^~7c%<%s+2j-!F;emNPW1I6YWNZ&$qqhI=GPaUhGPXeN
zkIOxAT+6`JPT10IVO<YKv#umn#wpo{jkLUQ5T;Q#MM4<AH(wRpYft!`JV@RV%>#5y
zuGIQccifqGmX?K$I5aO)P(cUx)C?3lTEBLWL0V5po@@6X=&ttA+DpuF&^5+%1G8bu
z(gFtEeAo_VHV@*%T9!uDAiw-AGgFuQaU%05=HfTmD{@#}&P;Ez@4~xwR<~Rj2~tb^
zOy$9l#cr{M7n>PgY{_9trzl^roLGL+lEaLJjHv+ReH-Gu%edCnWJmARg~5@dh*|hf
zdh5~7nQ^gE+t<z@@F|arx92E}Kb^yrMUm6Q;s}d0ctCF1BKJRi6(LA#C4(J{rBA@!
zM&dPgtqT+9@FY`6wYa7kCNa!|8;cmr_a`B-nDuVD7tv$xMaaKkC}X^g3Lu0*7{GQ~
z7Cs!%vgG&P(#ZGm_b1I^s}RdgLt=@|J){(9Ga~jpz-3z$mc)v?B!<6%_ZKpsKs=b(
zOgT#$a_|r5R55vm9bwfX#{3d2w*u9}B~<gqDIf65i&@q4jad2BO6VmCHdigEtU6#0
zWN>65laBCS-Rs0G2qphdC*zKs$5Qrfx}v<=onf;Wk2iIZk<jDqpT5P|Sp6kNne-?l
zhHy)HJPj$TF}3=o?h)U%uZOw4x!JPc^%q$+Cx`i%$(uw@8nZEz-)T9Zq>>wPQwYfI
zzLFSy%{$4&Xkh0s=1N>bq!BTRg(?%jmkE*5;Oa}EO0hFXTh@GMTf#WZc_ngX+bWhx
zCdoF-7E1VUx!31(I-PmgOu|};a#D}UODX)IF=a8ZJjfIRC-Oigt|VSmJdJ#v(%|4e
z>g6SQFH!Yjr=7!*eP%R&wat#2%|5U8==AtLseNiL4sYKTlSf=ilfJ@!@p1WoBU|9u
znRC){@f#=Ay7<K9*FdKKvirswD7Dh!`<a+hW4us9x`k2&8e}A-ZXwVg=TNbL+=qg?
zQ9Jt0iltwThI{AF!RpW>>_Lefj_qTN6Nf(7i*b!=G=1KwPJ)18Pq?-~Zu~KumR`4S
zfmdy`CH$xgwSv5J=bmH6H-)>m?e-YPUDM}wM3M5jtvqM(xs67FSfAS{yuqdhIdN;=
z2o2|P&6U8XRS5EB1>Xob$(lC4iJs;%n0$kL>Z|%+R7#5Pt4sH}jKeR4I&*lNtx^}g
zOerPn>(Dlv3md{`r83v{ylvH`AQip%!r$da$JG9k!)EdB`N&0i75P}p`dag`%5+UC
zi<2(?&^d=}y5y!UT>6(H?<JfL_KnIneiw&HH*MDY{zc52XyiV9YCZC$TQ-J2iW~Xe
zKCvV3ycIR_T?q$1aLZlWfyee?vH)xJz=Prjz7#$1xTJ(5ul>5#BhT&65&`@4*Y22+
zi~2`7SA1$qIP%SFwI2D3=<tcSk!Qq>yeoR-;k3;>NR@sgBcJ)I)*}xZ$QV8uH}cqP
zu_GTF5H<3V#Lymasn#Q(8=7#R{g+}#E*}~-^09geN1j+&>yh^svT$ZJ%gC!LV@F<6
zSeudOo~`xBYrP3EEO<6{<e6SpGf@@Qe&C~`zh~kGUKBU*T5t5tzgId{h=0K=q&Y14
zt1Blbr)^GKsrGI66zGX6%nu!@c=v*{?wYF64>Q|-SaaLqX4?;HZd+)!oqyI{Q|<f_
zX4`o+_giGPom+FiUbF3-8rm`#J(4khR(5uFwhF*J<Id*+LvGAO3xk*2VJFqmyUivn
zgL6uNjo4P#Vi7NJI4k5<UgU~Doiltv(=pwJ9e6grKtpz>Rc!1VTYg~v%}D0wCXk_J
zV*?Hk8>U~uM_X+*W!H#tfp~$#nmJJulE`|gPwdcxZbc=XZWf>%E_V8n9tvYF#k0c4
zeF}U$;OC47C~+82qOkL~Y_bHkSNzpgg0TOT`NDG5PX~D1UP5|&75df7Ciki|S&6*t
zY?R8f#;dmb<Fls9(wxJzBFZ#6jd{4{vL*{&7(ogugul*9M}(UA+yzhi>EWP}ELUPg
z*;%(ME}vR}8=ApAypj?l%RiB1#b*4j3~LtHsN9NVk7v)gJpv$MusGnt4I7gbj(>(0
z<dX8yHXGFwWrknDZAWQAbY1@Fs@(+f<9!PZU3GfV>=b_k|3NtikFiRH!i&lYg*VKV
zD7>J&t|<H~4(sO@Ff<}4+!SVBwS~{lGrMBOo0!B)<q5hUwOh2VJ!U1C^S5GsV}|vK
zxb(GzH>q+*z$U0p&HBg|n)Rf4a@L2p)OFU+ahNzy<;4%rdgm3J<;1_AoUaG%Tx%~r
z3*Zmny}^|9@$)M-S2li+%ilk+(C9mHi`i#cj2#Ycv3bx5?}?c=g56Z;I|q}wc;dn=
z2yUs4WX;UJauLsScvmdq#Yl30CujKG06M++0N3%m<n$>gHu_d<mXZ^FD4mJCz)9xN
zGN1q~I%&;alxn>N-=z|w(&HCH==9+8TvvmtA{I{A_I3Pmo!GWC27eRe^&p4k{fX&l
zd6*?P{@t7Is2sL^iF}h`-c7exxsGq?%NVUn!02I_y7^|5+;qa+zKmh&Rdhnnd=Dn`
z`NB|^r%#<}Zfn1ez1vF%yS%Jg)t}{JL#|~cacm0Z*DN=$CoE1D4LPjqFRvMe?Uspm
zh~+)WWr5<+mUaA=!=b*af`;#=o8naS<TK1?*cw_ev}c&kv|rq;Uf$U`d?6qJcE(}n
zXEuhJFnhj4`t6_HhO~KqzGCh&XDp_}vfUAct8+yFp9g=!VfoAg#nHyzB<r$0ob1b7
z*1WVu(VNzq!|A@1PTzz?dCibGqaZ<h+CLuO)Rk)C0D13374+|u&b|At#asDy4hvON
z@$Z(ENy(TA8@`hBNHyCm8%R>Y2_Ifdcpz=(P+{pt4LB_EfCC3w2K3T^UtP5h_$?SQ
zh~;7`OmgQYCBv?3Zgo~jj~y`4%`llM1TVuB4lNDZp9aNvM_)|gkI^Mr>&^jm@DR2Z
zB0djWuR{laj4q8Eaw<XX!loRGF4=U&nY{S2unG!%JS14bCi7tOy4!Li@+}zJmjwh`
z`0M!<C%(0bN{L_^^!czr7kGJNQ!OircmzWB`7m1jX$ogACgj46wD#e9SNs8t7)Fe^
z@}kY93r0-8t&F(rdX#fxI#l#y#E*Zkg%F+4%=B^vyMa>CDD0`}IXO8bWs~4OKc(q(
zk;pA$2{e@-NwNE5i`bphr@+wtF;e$sILwq<Ik!(ir4shYVSImPO0>zFNTP*4l*B!8
z(`^v<;W$_hkAh{f#S<<p(auXi7F|>l?R+dCcYPfz(Ps1~i6%g(argtnRA`os8vH>Z
zZnJy^Q-UIg!EXsIB}x7fuT(}6Y2es71cl0x249tuL>#<LN<`#vskFe=7_(r&w%Uut
z7dTu^piuuxD%8*MY?Aoq(msh(sFx~*+RmY`RPHCuDab`T9NB7fp$4}~sYVFg<-sgC
zT&;R7Gto!SZQ`6-EBo)n&23*q+4l%--*2EDHgB~B(Fwce67=3L59<@V=8`_~Zh7s2
z_acX&P~|#C>l44x(uL6P#C7~lbmgkUaXQ5WsZ-E*4+q3&-{sl(utg6!828O2^^Kjw
zR59DOP$5>6%)y?EjW|pc51nvyuH-LoSF57ZU8pO1QAZOlO0Qy3+v6rUtHwobjr(S{
z`lc1xL~WtFp%&Cia{rrGY~<2GG`MRJ(crABiU#Sopuy+z(E;ard!U=1gU`XFdfDiJ
zP;c_t8siN6Y%MvP@Pa^D%>7L(xGZAu$V+lz8cDuXan9|D{}u+0WQ@;_v8jL#Dxy5X
zl_|w#4MpV)5%4QZF9{A0ApR-2fXP0el<f0IVMEW`Lm7G<;Zm|-D4Q#7noBqE4H!JI
zfSmuH$`_!Z;}00^DbTWb88<@m4_Q%ZdLTS%rL-?Cyyt9^$!~XTB<l7rko<Pr#=7#`
z=Q+$?pp@@Ol_nDY1Ft636p+KP!7LnK&>}#Mk6nq=6ga$ZY1cA9dcw}jVOy8O2ScPX
znv{&G@Y!WIMSP^o$7Tgd2Q2In%E@^&r>!y@eY`AQh9xi^FMjP#XgW^eN{C(h+FdF0
zRz<A&BpBA8#X$Q=Sh{_>fuOx~p@jA)8*T&IOBTjKJ5tfFl3;o2azel-bC@9@qwE|7
z_|2E&RkUOdpQ@Gw+I^R(DrS9{K2(}B59OQqvtHuQB85Ne>$;*}a+tkHU0Ebrk<=rv
zU#e<FV~57AX#b^zD_Ss=(P}uHy6Bb_C&mn8xwODj7u5pC43p)g9+JsE0;X0sYO&<H
zCj+(C>N;@o6(eaDLm9=F5^C+pp>k*(W%Rj}fHFo7i=&J)7c7)9VK^<eDV)AwvE{yq
zc+n;aPP<_{^I;nF{ir}EOKssrw@Xdr<6(rgDllhVwFhXlYJXUl?fX%Jle3Sn#HvrL
z2S*MBoI(jo<{^?TFBw9%7+j}%GtSqr1^+lKuYBkXBobG%qx*Nlw!xH&v2R#n(U-9j
zYgX)M`{ifQEriKobKl^GoXh9ff*-DNE|X$AJygY9a--%lA^Nj4xJ(e@Aqq`<!N4?u
zRJuZ_&I+N#97%uTAp$z`^)dz&(((;qv43Tg2cZ)8PoF2;PlwSXWU4!`Yq^S12Hw<+
zoVKXJ>T5QCrDB)Uh8HBz`Ja&d@@Wgd^b39&tMli<5tCh(3U+Dbl-r{?Ww?=&n8;!G
z&@kuRyN3A8j55h*cCWb&&N;oTM$Xx<vMN3^VniID37t>KXG%v{IOm0Pim?<H#c<A(
zpVErPE|Dub@#$@F&M`}B<ea0=SGA&>@hiG`F5!x%6q%f}-#NuOZxkuc+0R_yjUtnC
zss(<%+GL*nmrCaO)#|#K#Qm4XnsFyjhRrw^X7-cksqM}4)JDaoVeAvi<ESx8dDOJl
zi2SGWvgv}=kWYh?!<kR;qL+j%jEy<GNr?CDT(O2U$&1n=yhu_VHigwEt1!-;kvaST
z%EpjByY{55jP%*EF)=pfh^XnL!_Y!Go!@I^F}Asv+}6+m2mkKM`C(35u`SbBC7o;_
zhjgF1b}-NZtKHt5w%8hW*V8cz?7AZ4F{tH62swy$*dx`E>2t_v+P^hya=tT1nw)#K
z*2(0YHmBAm=i6~+-7(7@PGeYBpvl^Yu(xkPh?H66u%<A~5YBx<bN4P&Rq8*v4Tey(
ztVV_~{%lp`^OZM_e7-u9kbK6Ev@nFhXB53$9T~$A`p6aaSuR&}bJcAygj>sMWC-t_
zscJ<hM#imZNa7U@9%V9w@uw9-I6g`-gz=}<0*{ZPpqoeOAf$W9q^LZis28}dFhx;R
zpA&VU?Hl6~(Duf2(X<^bx;@(d{CI6>d&b*D+k1~I+NR%D+MaeUnzk<$RZH8nLs~lC
zX(%6lA3EUlUvr7r?}Q2ID%knjS$B{^3nWo*8p>+CJ0vpt@KOTl{3=wWD(Sr7lDjh8
zZ<5(>lx$vb$*nTa%BZp2GQn&H6sXSr4o}df+PG~t%_T4D<af*Fn%{MSxpak0Qy<*0
zGJfXKRg!4tfyx9ke+AYz%$9Sl49`<CjP;dNpVjc0;RkZKsoq48N?`ZxKkGJhZ=Bh;
zAUzu$u=TGYbG2g`EqCQsTS%5PGc3!c@=}(2O#B;6s7LLWmYeNSgVXmhk7=d9T@Zn|
zCvrll>I;i)x2)!qgsXW*uI4{2t665QCYeK@0gUun4?fLxd^UU%WL`d8i+J4lu>qXw
z#ass3VJtASV3u`7zlI&@3VD{Fb%!FeOEPC?SxYOXJc*lg7<9_5>508wIgENs-IS$q
zxH_7;;hG`-dhj>4dP%8V$KTR_!(t{2CTy^&x{^+8_%WvDVZ$jDOVg02Vd_W&JHQcP
zHmAa*4K^2*Z>HZJ!gMb)H=d2PQI31bM%hKLN1e516QKGUaMDXIu0#Ini#VjfXitGh
z*2;?l*x%tpPAD*SQw$1NqAxv$3G3%zT7T+%%RjVq>U^;5=P&T3M5U8k!u>d4UTK67
z12%eJxXpYoQGw`?`^3C5;G95)CQ!E1=1EjB)Tcs1w^D{~N)Zlw`p|sF_V(xCb8w1I
z;YRl+{vO<B^CX<gm$qzd4i)wg-UZz~m=1@9SmOs86Z?CS8+0Psl5em$QQVbZjYZ>t
z4_t;k&v_lLb9slpF${=1VEOz4hAG@b_d!n^c!vj{;5t4{x4E4$C5-M@Z$w><q;Tl(
zkymTj6lM%5h}g}`->}-vc39QGAbWYm8@cL4YgGeA<w+?FN^2#}Ko_ezFNvK)1-)YM
z`QOcv8gSTUV>(^J&MGkP)!u6;=ez3-l>u2iYrt}Od(N;uhjJOj(||+8H8-QH)-G_i
zFJt%y*u{Q~D~LWWG?6n64h)o@;2#$Rg`D%?GhE024Bv~IkUH>Hm5d?4jgaInKE++M
z?66Fg?1g((qK!S*+)-8Jrww4T=H~uuZeP&CaUUg_w<lQ_RELJxny<R64GmPiq3=dE
zlqxr-aM&5y(H(>TZ9A$qRIlZRmRvD6w9wp8I|tuT${o${nE+;b@F}k2Gqh8kEjxAY
zYJ`Q!ohp;Nvu`kCVdX-S_Q%%**CtGG!qGugyv9T46VK2Ij5&fl*)T^K9T|ZJ@aO6>
z#&2+6#!R{#t`S{s*pQGxy#X^N1Dji(h(S?}QO_{B+Nx0U%Efq;B$TcYX6@ghxLZ)8
zJKDXU*$g#@Zm@lBftc!U!NI!0d-bwqN%t>rxh2~be<XYSw2-oSL0^}Lvm_u7q-)lU
zPuLK4#`;3wQ(RUc9bj>V_#KCHrYnS3xk7Z5&#*IjO0+Nnnl7YBFN4&*Kf`rR58)3e
z;nTc-7_yX#fqw~V>0%=9m#f0lv0#f5H*dfq3FYF5#$o3$cS%9bXf)_zA~cHL<4dWu
z#|PI~d%v_$_O4}PN3K)Mlias36Il6`g$cm2fr<sJ{>tq`J1-V{zjPq;aG0MQsty5$
zS0+S&J7D<$#<VO<;aV>3$!`q2qbz((m+~66<~uRPDQC0ghE+>XfjJ(g=~_B=gRgoE
zS+l9P|Ir5?70B|Di7b0!ktGclj3B|d;%~tmA@eq4KBmHe&9;ych(i3=;fmanidf0r
zE~hR26%N~VOoa;p`cQ8F(YXbY{nyg*JAKgsYkTYX7g$09cx~_eNAV6QM30tLhAG@z
z^P+EFk6!dGv1kMi0~%1i(TGQ(Vb=XMumPOxMQTwxY#2`GlD99zGvSloRJt~cF!5yr
zGhJbPvA>2{e2PGsT!k{_SFMT{@$1q-6!fIQ_N#86FCsbw`E-J7^#oi83o7pfUlEuF
z_Rb%yi0g<$58-ogrn{iI4|;kY#pj?LMWgvWNtxLeQD*EMCN8f9!Aw419l=Od=z`SB
z4uuT{biyZ#3#evTR`}%G6_%dKuVD*51(Tg4X^0C~VxW)=LkCmw+Aq8M+L3lB3G+Zh
zBFxL5SP669Jhh6KxMtw5<LPq1Eh}AK?W5>&@T~}4Ug^U;<QH?bUM^J~=*e;(#bmgJ
z*?1>cvPHb`^z`DLa1$x&=Y!-x^&DZ>MeE2jhpCbGT#Sr7V;Eg~e%2+_PC#;N{cL;#
zrgu|m<EHd22nfa5#SJgT#H}u8ESmJ%q7HLFZ20HBLODMao$P3kjj7Q0Q!AB91SxMs
z02~+rU?zMf*k-LU_Sl6uj2$;zVeFR|#JY;PODt^ca5}Q9c!SJJd>uZ5e0&b3q=<c;
z^M=12J_o@D0yk&Bk^iVwfio=p{)ai(1+F)s{DxCmsCsapI&TH{$Po(MXU|8#?HwU(
z5;%9B6a)+HD}*Natw_tp=U_!|G1Gx^rZ;J({nSjknrc~iqV2>yE9#3z)4GO;<qb|z
z2OGn#xRoL~bpZ3=b5K}c^t}3Y>UmX~_-N(p`Hx~I6s37;zZKWd#cf63BDEE_&RMpi
zPZ2W+yC=DGV>G2Bm9c>63dO^T=O1zTtcrEOY^0^Di?p>B($`HIRIp{bJBFWjgTuoZ
zp?67FT}YY(^|SNQ0W-Q9a$}FBWn(%F=o$KFcrN)}+(Tr$;!T!=$?!>P4Am}sQ&8>d
zR6!-H-xMrG*b()^nn+h)L=chx`3G99{Lf?kF}!-Vj`n^YUC-w_Hz+B?bFiz3;5kX|
z_X*nX@nXMIVOwE=$1p2M`-F!4*<~BUpK}(VXz_|`?tB+TeU1et_5M<itmy&UZ;<O?
zig*$<h3WzxwG;=8=<3O7i+_QO_4R!0_AB~w>Xj<6pV;|7;F3K3fGKBV+uZ}JrH`)%
z?_}gY{H%fZL{43#=%AC`vaciQbDXfIKa+0uu;nJ5qB>!IU#8=eT%9d#k&dN55|4Ay
zIfBYA*kNHqulO&WwCua)HicJv4#ig_pmYLM;Wc-@OvfDt)J+pm9urVEJuHY0xYRQs
z1PXS7k;&O1qZ0oFM^gl^D*UTdiT(sv(g_V(<X5jVC`-{Lqkf4G(1;^F1v)|X%nh57
zjma>nel9v7)YTWEC!$RMAYzj1x{)6T{u*X$*&)n><8OI2A9jT~$>Q}&L5bK6rlkm4
z`a=8?5+7fJNp`WvU#ic$z`SHZPzRH$C#a@y%Pr_854Qe8jN^ckw~Th8zpHk+^AoSq
z&U?rwbVy&q-!FT~QCzTrFl$Nokeo#S2HDsR7IzC#E&mN~8EP$K9HQCzE~?qtM%f`9
z-+*~<dNi?)qcmn0c$>K9nXc5#1!c6PjbVt~YDh}X-__}4R~P_dxIy*AaBslx4K09O
z;W8J1nxp^~AV8H#K*>3ONR!#tMU66z`1zqX)Xxz_lviFiSLkb$ja}jNTY^ttep7aO
znmQdTI`v>jSWPl_MK4bdc7#tLJKw-gkD>!si6@<4rFas+Zm?COI+&spPYBcDOJJCx
zwbIgYIOFhX<I1RL+o<^3wkp0>H2k$N09tG52>I9$j@YzZQn|Y7*uW`^d^F_Dz!qF5
z2ee3xtmr_M_q|eKb77JbGr3dVLMVUHe6;iR((m>u4g*UH80moyIPK1TtPQ>bV;H63
zhOJ2fsztfzkcu(hIE4vXTY`|ot)a&A4pp5%l=2>_>};abA!5AdlqiZreXn@*uqS%r
zbJfJ7yj=6cUakf{&f&8XmE0S6KTB#|nI^j{&1&tDn9SG6VctYpW!8gjxsDG~>tbqs
z=1A<B>4=Fc-CNi_B^<Cq-Y*=M9CEv=3zEp;uycy6r8^eyV3hFpXWWm!uoj$c4$}@r
zcxM{yo5ENwKF-T%d1)g=hyC1IR-&lIA;+vyi|I0IQT!#DE!&(LABoVk*8ZInsv;rF
zp-D7lNDbgagcl=Mkw@>@<pnOWl*cd&2CuT+R^~hb%5OMbUgsLp<vC&g)B@6jXRWdY
zt4&m%%%Oa_iefr+tojhcRvh+?Pgp;A%CV^9*eniTj5q5C^Nt@Wb#9`i723JeOdd7R
z7fBwq=#cW!1pj#Eh5892;P)M^83!gzNQ?u0tHObz$uT$(T1hxCc|`;V_OAS2gaZ`{
z2d=NI83%5dIIys092hboAr7278jAzNC&c5x=}0S59+AW9391Zs78gY3LTpSsRXR1{
zPNl(Nf;cZX;XQMzTX7!;hm-qBeG9)Vq+P;h94^Q=?aepC<r_O(+OI-d8hO#dFOYa?
z)D>Ix4TqcvaHq-CUK&iEp}woGbnTziy8arK`5GVOe*B)SUn0@{Xe<j}JHbq8F8J>K
z(A}ki5whTG!oGhia7qa{4qmLlGBTWGXz~oVJWvbm5gMO@%G)!d*7qk4<+XsytT?D_
zS5RqbLd8%}X-NqkcU0K4ERwZbg^=V#zti2G9BcvGnT}b|oz&eu^|EQ=z`?Es%<%YT
zBt&!Z=fW-(;`F&({H2HL&QO#8274}Y=$<PYf1BJ0a3JGe9HP?o+2ym2E^L&GlNc{U
zU*t`FnX?7#LF)VGyb_<|41Z}v1`yqP>1`YC!3UIf)69tvg!PTdBzLVo@dt&NZB1Wy
zH8qKt&+iR?UKscJxhZCuo6`qrtM7!-KISreb8sl_$*?7CM}l06&#bYw`Cxpp_gR92
zr`{Q(97!u>%@orVUwX(L9qUgV05}x+%z*eqH3rXn&9-xDZadO!TUtX~24j7a`<M38
ze0ab7%6lZfj>yr8j1kfnjmG+WG3`}EKG5Wbb``BD*B|YAlL`kE#9`JUsyEyS_D`We
zxt@YvUZabqvV&EGZ#uYWO$m80g^v~rqR^OR^yZCF<jUd|4p%3tfd(IOd&Rt8l+W<@
z46~pG!{l)E=K3Sm116cnrHSeq&MAv5%vu?7ZmNB>Wusj>+Bv21%no1&4%=2J|LSNz
zhGjKRsP8085as!URk=jH<BPaN-6uW5)*nph5*4ttR56r`4_HGQg_2avT-3)qRStOG
zI-qpex_ThtfD?)>1Iif6qhDADYz-yvuw1MUKDYGDT6K^t{A4a)q`(x>+!VuQm<cT{
zhw`ZpV5Zj6%m(K-Foow~7H8NX53{tE;TTH?e?XuzMN)pX*Ahwj5{H4)3qo981+G_n
zv*xh%?x8izoydGz7IFV=N8Bu&Nr2KCw}WXD7|W+TOi8|kMpb8FRA~>yTUFF(%amxQ
zU>;GGPl;v#=JTynqKTcWYJ}tWFeX*3=_OSa%i5(;l8nNgbedMGR4Z9(=*sjMF5uvB
zYY$^obxAU|88h5W)e0@V%<^OM2fh%KUoe#Tz05E8-Ox9dWVY0jWVQ@j$ucsZtSG3V
zjtsRc6A-<Xq;$e+Y~6rbbngE@FM4e47Okb@k6{EdLnXK!cgQVsd^eS%1hbq`$uCYH
zbbG=T?xX%MdEuBnEL>Ixc?0vGO<)w=!Tp?O+DLm$a7G`Q`I>>5aAZY+Jb=s;n!{sU
z$0y@%P>+NnYP9k(czaUVU1HQZcbvO~Y_zHYQ@#?0QFmVn<D2q+$>R)v%HgmK-fO^N
z<3Tqgx2#OK=3_N3e@y)Hk4Kij>g@lH<uCA>%fEI&EMFb&N`FfvU%|k5=_^Pf+(Gfj
zlhE4|U-7Ch+Df;=+J2Bk&68Z@gDJz_l6e!e)|%34Mw0BeD~7oJXiV)jJ11UGFSi|y
z;g)s|(<ek~uYDbDB_?wiWSW0Ytre#2#AM#DdP|%8<;>xW<<jl4E|c$bEPnEr$E(TR
zN-+5=<0F%Q?^x{Q_l!?8`D%`exF7F=%Qn&Vb272I7gKYEB?a|Kq`34lVwlWH*tEDL
zu|gP@Sp%YFmOKZ%l|W`)Q8G*ATP>ZT@|^z_Zcb#nAym7;kRNjn6PM35J6soANQl9v
zg1s;-xE&mhzRmI<YlAPtKBgP_co%%J(iW(4!9JZTb(~m1xgyD1XX?QyZyg7mj8T2@
z3FWMF)}r}lau_&?F?>}9#9a%?m{P-h%o+ZHZa7Xq;j13Fg6xBuO0;rUEQtHn2x4zE
zh&e2sBt4=?$OUp-YS88onqfT$owSDpL#dRm;}Ch7lyJh@9iUEnwZ}-r1t~=P8H&B>
z_P#n@SsJojm>NDhWTOcbPG(j3_H;AMT3RO$TR+wm{(oMh`V<4LIxA5Ds}kj>v{OFG
zocD-X-(iH)C;Jne6N;XWy)D|of~0ICA3MSay~)>ff;&G)YmKkNTJfCJ)G>$MkpYr9
zjGrj|9x;z=26hTtBl3LwK=k>z17?nA?6EeO3|9%Uk;C441~C%s#dR!*3f|y(#vgcI
zc<!D=bI*dWb~6Lf%qWr0p`*`o0G}r|!*5_J6fq`raUbarQt9UMLOMWGn=ziT7qLGB
zpO~6*?LO)@==E#{<EBs*{45SrABzm=qY?Gk5v61246;(IKIRJNipB5K&FrUwk$+EK
z&Hl+NcHp2pKL=Mb_&UjB<f8)yzGcuHXGi8ZU(As@c^&4<Im+JN>19NBwnKE53X?9l
zJ%~IYvl#!B!@(lP@V`{@@r?)F!Caq0pRMmOMw^<Ri@ms~`u%w<!S<wb=tBu@E5oCG
z;I)i)?SMJjkKx=qEUY-rIHVTEVel@=xdJ+N<gnlwMzrVh;)`HZ8u_r*W|&`13W=|(
zJQAn01ctm^YRzHJL>4klFQ3?`zrj0`2rXT3T6AjQ-{AM+cMB-VG0+9?KVul!41zgA
z)u9x<4jA<m!#CjqGmLy3$KZ>4hLI0z#OLUM6FrR_><lIKL@!21a(3yRpF^HO(^uIH
zuK76QnorZQ5zKgsVY;@&Ad7E*FE5pQ?#ZwbG|onVKe^DM-D}ozek8h<^DaWC^u<)j
znTO2!nRmt1&)oiK-OBVoExVcc?Cn&}WE8|vAKuKR0-9O6*p~J|Y@te>6&+FKrO!`{
zD=$4NRCT4ZD-&fL992C=IYYa&Kh$!02Dt{XOmp?$qSdEFLxU?=@PYDS6S)-G6a5ex
z5z_?{|Joles4SRW8tvep{WZ+ka_S`}jrI)D*QbvPcC+-^Y;470)uS~QRYlGcR8;L~
zt*9yxtL)k6;?q<ksqCoRn_KqJ)JO{c3u`3#YEk?xw~jTE+9#-ylowt6?WfT-l3uE7
zjimP9XpN*_B&d;8V*Xc_M5?w%(x|8!Ne}YI_(Z$7ia_4{NI{^o+E+<3;%mEktFP_$
z(@1SM7iJomEFi2sK$VXSS+S#5wUS24OM3?_cs8oiTQ;e>>mRM8%Qy`#-&08ij@A?x
z$YMkROx3b5eF*vT+Bx()9$!ew&<t!>h7W6oEYY&r@78?(zC!<A1~<ktX5doBVY}T^
zRc`f+=%4sK<@>Qz=2mYA4{BwC$Ikho>$a2mW$XA~95(-$;eW@vh(uD~%JA63d#cKC
zGiOFz9*<A=B*^2jd4?HDyM4D?CfzTcsUm5&?<OBGdP28959MQ1C_WxljQufLjQw{U
zzIZz}ZL$n7)mnv<(^3uPGW-S4#^(iYb<kxw3z`05v)eNw=h5#Lj*w_`yu$5GbRlwM
zp0d|gZK?6{<fhqnWmMbZn4&#ps%XzGv-ygeyY4ezwOt-*YeYA;3&?~k0`)aNShl6c
zjL9Ce?b4bj($8$Wq*iO}Z#FNhxjBPD^BD_DC#L0H$i?xiHWXGpr~}<~UujdPAaMiR
za~RlxTmtbfzC@|9a!Ack-avK^p*F&noZNvz(GRt$V<h_TIZW!nuyaILmVOgcb|<Pb
zabc$P^>J2v=yG;%{GrRB=?a!-_QoH&44xi2ba{K9JLUrD<TUfpr5MxtqO(1wO`(&Q
zG@gbOC!xWZeQtxCFi%ZmK1^2D%hr8WR;g*l;q<hGjt#^2#b!o3H_dcxpaw(t#a>re
zPE(b!6M3)f+FNtpb>+n3o6Z<MWp!eaK_GjhQjxacaB~{7rm{Yq<WDs6xnQkF9x#iA
z>o-_NetTE!$Vc9b8hI}y9C_sST8|tOR{qm*BY(6#cH~d}k&zuRv8$grAU5D|pn+HB
z54Ur;)>2Tzz*mSGuC}ZrHT;glfL9pi$5O+Gn-WpO{ts(I4Fk5sQ^R?ad-mTFPYspx
zBGgd2C6*d?&Z9F7C#GpFF`4f|r!wH*-=at$IL|@?$F@{Q0=woVB!Q`0Vo6}nyeJZQ
zXN%=nK+EGEZdlTW3%(h3bMp0P>gI$}u+g8${fU`(+)P29B$V{`_o_RSm{@0nB>n~^
z@g4Ao0Mz&9K$q-?a@t`&wARr9zc(-+?((7oUNuGtKJIJir&+J7S(;omH)d^3ZQ&~c
z5-l53xDz3VTl2Jk68Tt@dG6MhNPmOomDNS{@7f<5n&k2;m+VTeh3HQbLl1)!Q^|$-
zlG~@&|J|aTc2A7JJ7I=-9NBNb+oyo8if&Jpr(bj`x%&IHI+a8|E^_H+9!VZiCz35V
z%xf?3=LpSy@&4$T;k8p$>_*vsGhRhZW6e}Eihjv{nPw`C0y5=PGKVjxnMl5lI6axM
zFQRjoA%0qUyG+FGpT?NX+dp<+_-2~%fIs5fZgxHS-Eg)vJBR6Q1jX#@V9-%nU4>_R
z4tte^mK&)gG>oTik4u?6uCCp_%;8uEhOb!hBaX$szqbmfNV4H&n~l>WT)l-;Wh@=j
zhGC;(bi&CF9x=U9ZEBb4DTF`caIynazP(GtawT`%{CPZgtPiW-mC4hcCO1@9!Bo2r
zQxtbBj@1=XIP5ZY1z)VLkiy|}i>|P4Z>&+aWV$-x%{+q69L#Kw&M9IN7sQ~1jGyi$
zHkk=ar!!x;CRX37HHEu5ESpZCkUDJin5{W1x4d1p*K(+?rF&(I6|w~Zz>;FTEUv3h
zrW2b@<{7kzzi7GW^k8SM;~yFR#gc$-@!nVty=J;(<xSzs?J_G)*ehOhn#p<We3#7N
z`Y?yl{sM;WIK%oIFqyw7?{(t3T_?MRW-_<i{Q|FNJTEi5-CuXSp8kAIczt?L&3HX{
zMg*^&JOf*BEyqmQ_X`7^0sI*^6rOgD;Hftup7wc<QRemHYVq{Yo_IVRGehCw!9DSK
zI(9|`Plv|g>D3zXbdZUsUs>_=)4kQ<=`{-`_KicXuPtx;B*fF}iShKtp4hH#)fP{$
z?TJMw&kPe!OSfCIH<d<;S442MJPJo;@~EqEUG|@0;wTyZ^;JboY0IzQRaFxFz<ZI@
z_R8>oe^<gJ_{UVsq-6LwC@g(gH;Yle=ZEqM06*iJZi#sayQ`fFR+-*)R(yKbVB++y
zmX<1i=#rfgSEytTo8DI$M9X$onL*SEr)DvkIAcuE?Ne!nPR){NXyDIy>;i-+%b<*!
zAsOS$`$;_!((*A)CaX*iC#&@Apfiz{FyK9AU<P~z@?^xb!>zd}O~cLE5@dEQ+gwgF
z$|72Z&&gDo2L4LNWIob~4i0nw!HTdxY~x;4-c+!S#<|#saS!%mVGJda+m^$^UOpY|
zun}1JmZyz)%ChBCG2TZ#wfu0rs2Jp+Tg$d6kbi*FOsA_v1OEWWn9w1|xyjZ(k*(=r
z-yS$q-z*gVcc}PJ%KYQ5R2|`O;R?$}2Ml-navq1C-X~(dcfh1yvhb+rhMP2Kf48qt
z%NNsJ$z<4fMlSXh!1SP-8`zgc_?dFq{lsnLU^1*=+2J)iI4pDv?Q0`-y1;EbF$|O8
zGn&yNx36#nCc_ry<**J7rLC;JPvA$HK}yi4_tjkq`q)UM1eH;@YYh?>AKh1XVX?-j
zNmy(O)+{V$&5Be}3oAj3?o&$8dV`dp1^3lK30iL?P=d~GPb6GQ{IyYnRt4jQ%feaa
zd0a4FxGb6#5iTc!vBG7-teS+&(V!A86K7e3%d}n9371K;BI4sfFjgW=w!Hl!m`J!x
znUzqu?2GH_omsUMF1v%Vl3>~_Q@9M@5~Bo_Cene<&x@BYyW)DCF{>K+^4|8U<jV<v
zoO~IwJ)wLVTpE@y<F}D~IbLeY7t<B{Ij&_<UQSgKpegkEEJ3LZYw@RcaAQ8DKJ53I
z&6O?IOTXJ$K)7*d>|*D?A6ED>=)P<!oh?_eTwQW+SD1TK2BKUsvs}f#4avS$gKvAy
z$^T4DJ}M^A3Bj#3)?X@{6H|X__Kt}EPX>ogvsL}21v|p^mp0C3j9`+3$^1t$gkeY2
zSyBefo-N@0Ys`S2`IVT=UyiN6v|($N^_P~-vDRPOQC@ZZrPXud>MuQ|Jow+XtmF3_
zDrPGW{;4~{Nr%KUd@Zj2(%~I7Rvp?qTe(JN!Hu;xDq`(KyI>#=0*oJ@;Bfk*0!Dec
zR9Ph@UEd?O*x9nsv^2EG?1&}M<6>%dF~VJ37O*bJrG$RTyhuSZzv@Ci4;Xa!*IFP<
zqvEP6{fyoiUFql40<+T3eG(9Tqo>sX`uiCp3D#ZeB{W(xosvuXsigRWUm5s<M=Bbf
zC8j!{ysP))LOMQ}S>e{wO`mq<PJDVAtI4B4UeUwXz3F!j-cMKf1L|cfSB7)Fb$TKG
zw3Ge9xO%#Jd%m|%{I^K_DMa8fv7weN<29-|h02#FR+r5at3XuSkukp8#k`UmS}xae
zxuFHZCvDP+^x8BQU7qhL={)+3B|GH+dBX01FG^T2qP@HX#bO<BxVNuR`DwmWPs^8u
zhy?hzYvx(YvAcynFrgD|(viFCu4atylt|6kOWn@sByG~WZ^I_-RHIG0trj+EX{2Uq
zSk2gVw^B3S>qKhC&b#ZNX1v!aftukhPiVu=tBsm*Xj=jsw$!v?w<WM)OD#6+_Bb2X
zU!x7X-Lzr-RvUJEwKlBZV#98avtcc7`)p5W!}=53u-oEnSbuG8*llq(Y-!kr-B=qn
zqkKUEGd8Z*{-xEKv0JJ%W9P-2v0D<GvGXEk>}S%9onNz>QL>>%HDljGQZuG+P-+JK
zwyGJYw#F{jJLelzGpf`v`g~TSj^X_vM#tD$9;IVUovU<=it@0IQ8L$}W4tXrUdv;2
zjJ|Uj(=qk?q+|rdq6Wok85cLlZ&L%9{DD#iPH%RXB{7)r0W+`x^fa)ciW<DRscNNT
z!UxK4%E3nq>1%{_j#cGRI>&;!YM4#sGHS4+d}h%(Xp$Q@Cq%qdSn~lzb*-1vSh?99
z<wcglVTEWQ<IZN7-of<W6#m~dqmkwDEa%8v#c#aj@f2NSbfiraePi3UZQHi7v2AB#
z+uk_Y*tTtBV>=V;oA1Y*Gd<_&uDVsX>&G+Qx27*r-yVh@sQup4(fd9|0N2Ll!ZE)!
zt8)ji03;kD3U4bK8l$RqF0VEgf!=XGYXcp!w>Hx_y(ZA^7yg|jwC2&N0%h4PiTB6>
z!_=fUZb48fZ(}G&zti7f<u6M|*%#*#suoitYCcA36)FZE+&Qs$_fryJ$I)yyI;{|7
z`A-E!nEC8n6u1s+-yC3}C25pEsvgjJ{*c@<zala58eQP^N}=ovgTaaidHPzNt8|J7
zXNU9}z_>?c7#lUtQ`ElPVMGtqam+s)j|BS4^Tkf^E9GlsX$fCAs2PI9<&0(G(6Dwx
zHK~h!f)=IalplxYBWT?}xIal!F2KYuW2Iy+u4qwn+RqM&9M9W2y|xP!H!(xW)71Md
zLBwwkbEUxfg^|_je&|ZgWkjCZIE-CF9dARU(zSN!n4=Eu-ktO7q!ufsr`IHl(tNp2
z({WT5lsG)#zYT!NR$V=Y*RszDBFKECeh)RZX7a4nM6H>><7SnpQ?{Lu5Gp#`pLE=a
zdPce&e3;YLoH^+BR~St9TR^tnMfN?<cFSW!^SR)-O-S;k3gpHiu4i3>X5@!>yq*~o
zboJ*xgMe15gc=Z=p=omz_A_HV{E5KZW`6ufnQ846j6XSedf|PhACaXi<km~gQ7nJ%
z*1YTUk8DV~R>@SJ%ZxNsqaf!EjqrprCZr66O67=5uzM)v-zl#k>Z}#Lsha64O2iyE
zMX9ug<HO1LmyIbmJ+J)^As$>#1s!L)%2y|xp6^|RzLdbW`)eN4Kv(!8hD!k6uVDhQ
z55h7RG3l5mg5lv7O&1@wsT#x25unhJoxzbM`074?%a|PYR8Z}PoA5h~^@pv`M>Onl
zg9Wo-PtAVJ8<~g2XZ7ZFEN^HsU(=~T16!)}iy-FgAn#$uiC^cCC3``_h~H6ZqcC;@
z=_pt;dkgWs8bzLbx}QyFqjyo!Nl_LCuaSnMqavr<3WVpTxG4jsskg$B`WM<CTG`BF
zeNX-n3^&NG&1<^h)_PVR?I?Rg+ZaUc4Kc?EZ)NG&6J0HkDL2GJJV<${U<8hJm+TC@
zY@q<pU6OC_YN@Lm<aswI9G>fXHoIbX`m1ZY2NPQS8BTZwstR(Eijbq+;4mtPP*D~Z
z9{lo_W`4@5ht+j7L_b{!8-xaYr_Z1vn#bR!vAla;GJ<G-Jy@sxr>x|4jR=uc{*$8H
z{RfbhDbtVA*b&2C$DCyzx*Xz6hydxz5<wApw$W-3<%@`-k+fG<!l6Wc5`0Fx;MvQi
z3$_mkzTNeD-DS{udP3xAxM*Fzi&&TZd~v=nuQ^y7QLzMHCc#H4KtX@uTy6?^>b}UT
zYa>a3zrrsQuGf^?wlz3#OG!f9y|h?3VlmPreTb|bAesIqr1buT+@;#P!tB2<LW`%2
z+3DC_Dt<0&Z_8go{9xghIOCE@RGFVgK=j2Yv>SGp*II=T)xoPvuRAuSL$u{%wu2;U
zBSHL2cByFXR)9bp;+(Jundg<>62gSf%c{LODz$A=6+>YncMt9wgKW;6wD;)LXo$Qu
z2s#sCPw4v}fzy1ckm35x`5-YnG};`$?r|+4OynsVS+tibx1R&qi#gJF<mIcW$u1d#
z&K(uh;itcP?!)Ppj!6I)eHc4=MrOTe=gP#umSm@fz(JCOeIsFjE$L3Q8QQt#v$FIW
zCgKX5NzPc9@XM2hi$|*1olhP2yVGFrslu{u%2m`@^_dU#+3#<I9xow4ofP@H-rT^i
zA!OYT4lI&Pql$3R8Vvz-8~Z;qI+B3%P!1Xq*YTTtTyK9p=I(V$q&_f@g^Bjv;m3&i
z=-Q{~gEy7&k`THA=HkdQ&y}?Q*kpNiSV9P&&QZeX?FZ)X`ILozAt(?mu50<?tm8n2
z04D)hyI=XM6*xs9d5w8q%<3edw!Orrjo?BS5Zut{B%cshAm|92{>DQY+-tLtjSNSN
zF{07=(d^z~!P4QnXrDl5qaL1>VMpCN#CqdmViW0BFY$5vkuH}DjgRjhAG0>TP&~3&
zzDhY5!M=9ltR$^93cyUrQ9m`A`BgK0n#*Iv?Ks5fb*|C%Q9fr58ej5jGUzaEr90`j
zu#o*Ty?XX6(+bWDx|;>S-ol3h2bqRilsSOT#)v;_eZq;+IMcU^)!2E=6+sw<&&-+I
z!egz>^`6v&C={hLq-J%*g3FlEBvzbf=A6VwHD?q&m%hZ@ww@E(eUHt^MLmFAsy(9J
zaySU-avKp46$ZXs=wHF=KA498a4=5gI~+fHnf`-7gY!%0s6;G?cu@^j-psjyQ+$El
zY4tEZRfZnSS82O6;4X=%XMjJa`A-x_%a^4{BM{XZ(h=ss5iUgy{;@|+)Q9BQX7{=5
zKPlLV-pZ94&q>ZpAL|Y%*>i9V$`{0yBN&!Vg?!|4om8q}Y%XunT++S;f*p8c|1{Kc
zIFCn+LIR5|2wNOz^&xZD7iIUyEi|D%9G8GDdyOOZmn;bikFlFlg7le^9{rPNnu;)=
z1{9v_d`jhD6p$w}p~2ZbkpWmo03gZ1lX#_3$e!m4OV3o~VYWU>v!f(uJ)2Qk#yG-h
z9P{tY0LJo*%H0M*hufYDlx4>v<5vkkEl)d+V4#PfX<M66@$q+VdO(kXRbV*Z@N}J9
z;TO)uorx#*!Vt2JMxZCUdP#OyuAXobJR97k1KvFfqu(4g+hjdXL>vJ&z4Cj89Q@4}
zMa<yMEOQ#APf1LjH0*@6sPwzZlC1CF0O1I@f@uqS^5w3MpLy3%+0%O&BS-3lTC}l!
ze`9|3Qhi3k&xW8EANpMW+(zHG)yVxkkg5~r&R~Wi%VnNr4|jWd$I$bIS%Mq=I_$#R
z?af#xzb5z4Hlh01-#F-b5N(q?hP0Qf1e85f*w4SU#015-_|dmasx|=~F^#%%RUXq0
zuq;}F&op-uG%C}{ZPnx7;Jxr|p+%7XKCiGL#=h&yi7CHkmHn0`2lD$JoI=>)m6(2o
z7D^d*87U=u2^=yM5Ko$y_(+UiLkcQ%3$E{AF<IsJN5Pk^k9>&j_!-KF$VM1@@k8!T
z{o+zmE|Z9-ragw4bnp%)RpP~kPQ~A%{9}IDR*L1q=3*vEW#P)bAo55Y5@iptvqmBw
z%#?CBqsT<?<%7m>vBEMYlJ`-kx*Uk0af+c2Z`;BaP2pY`P!>8n`0LaORG3&Zjr32>
z0)f0TeZba|6xPqiO#4CGpX!O7NL;`)aj9F}#>c0%<|HFrIi5-{+3lNT#uMF-Y6-VR
z{DKhAq_$Wh?7brH#i0rSUP5X*Sip#gw@yJw7?T717&_9ypoZ3!!$QCKE}e2P<Mn#H
z!k^LhGF=p%o=Jkq2Yn*|kb6Ppe51_0&NDlS*y<ak>S=e(H1Zg#FQVQ4;+Z)A1^%si
zc|kYGIY^0&Z_5lF-%?RU0^QQvAD<@xsxtn_s*dcC26(`Lgb{EHBc$`G_gII(OvY$c
zaHBJ`WVW&1*^`7dE}PPd+}VeQj0&x1xVj;T#<7GUIWI?*DGp;+2;rr5ek+=bcI#PW
zJ_-W#qEZ4f3Wg*OtRxKl2KqyIOyY?+<~a)C5I!PuKgA(`t)UfEU)n?x5v^hQ*InC$
z62JssfY&hiapX;0XOA24Kr8MsK`+pXlE_D($jDEPwAL%yT^!oqBWep%KHNF@@J;{5
zBkv3MU}FYjM8iQiw@6&*YZR&HH6Ds_owh$TKl>f#7%8y1F6{O~^5yFa22uehAgU6s
zPPHy07C?+1La00*LQ)WPUQe23op!LrSfl}I=c%kv!YDYvtQxFBYeJQ&fV{mn@)t#7
zw-3JQ%wM8;8d-k#lFMx~-fo>g;~X}uK|sHh339<Jc|`o=lhv-AhY8tamzm!lX0>@a
z&GGeu$3AvHgwwajlXvqhkol0=G*Th&l{n&NkiFqlHT?vN#>XJ!o!0=s2BucJE7;Oc
z;TTU1BO!@uq-IU7#8Q`P77bgdF%LIch3w7PMb-y`<3r!I<EE_renCqchevBVShu3^
zJ(W0_OFQkCnsVByzYgsd<T-bA@k+3ZKoHk4kM9+3v%*qbDNo-2k7euM5Hp(L<jl%_
zS2q<<5`l<)|Bf83GfuH#&)1F~EGL>|Uk}nkFj!$<Lum62%n55sxH|;UG97OfSRmvO
zznl+Owvox2GAN%;$Gv;VkHGeDci+lu(G1k<i0&IVPZ#`{ip(u)o57c2O=+IP<w}JO
zgQ|oKhs5%`@tfo=M(vK}wknIHkAETlqv)Ph65dIJ`rG`P$M1<RArt4&I!M3!kcEZ7
z+ep!x?cpen<Yl5je}}j=Nr)&zh6DezE7$;XVYVPqOUZn}+u2W5I@W+}sn6|4$?mN1
zb21o;&8oz=i6x;exe`NHxpN4f>crV<=nm?xn<xh_71-ZIJ50_^=BN3w_SHa9M_@Ar
zzuC1OZ+j%cm<&+|l=kara)e8DAYTvDwQ3W3wbqz*Luu%Y`H{cycoJ68+yQAva86$=
zDx#!(bhbi6Q24h5;%zOA)U>CnLH2@4aVnQ&Vk5Wak7J+gNfL-yx_X*(W9Fz?y%mC~
zq5Nt6ouNUq{At{LEyECiYyLagOYoWjjD<~Xg|`{1VV_+5#?=HYKj`HfJn6;L#56w&
zVLS5E(qsc)Qt6Mry=6QrW$Ak)Oha3D3hV(by&d=Hbo4wyl&p$`U-nz|KLW=MkhCYi
zsRk#?5dNoo>`8HIqg8Fe3>KxsLt9?Ifaz&%uHMeK%0iEr!fcm{xq2ADw1g!eE`Sl&
z45rMLiqjwO_BSEuaXNRN7f=!@C1F@TSJ7^AX}H(P_>*zO4%Z5Xw2$bzd+_s%;F0Jb
z+t2-<_pxy(j*j@3u`#pw<P^TZWNL84UI{NqwUm-aSOnrox8GEBTzq)9$IMpMd~gj7
zXt&3Rc7h1EUr2V}th*mvcK80>SUwkoc7mLPdc#72u^zjb`lsye7qx4KW$Z-qf<(y<
zWDqSb6m8ftXkgg0nPcO#qeM>F-Kpjz-1kuY2szDzL|4O<U(67)L<~ce^<O%Zw@xuD
zzK-oi+sd2q>^<lM$T($@f_yHoO-7Od@)-SY*?{783rp44r8qyk;Vm_v082#k=khVe
z&mWbS(|Z-owL@;f7apDrz6tr{4N=x$c)kkwNW8&4T`bCq6-|H8mRfM-R0<_xacQ$)
z+cZU|p)e5J8qJWd7Q~wxT;zpLa6P@Xik23Q!_BW3-c!Ljvt)jpgTdR6@1ukX*Mies
z*ExZg?WXNx{k~kwQ{lQ?r33PT=epbphag$jL+?^%3U%oCXjYj;V($ZL7rp(yp{B?}
zSo*X8fQUD~oUsb%&<F8k1WsDAj-QxX)Dgz%IWKOCj61SY;Z9KCG~ikoM2M=gGod?@
z0%z=LuU={Q(3wa(zrXRiTD-^j#2xjQIVhbu^pu4%+Q!uAB=6rg(3dpO2+H|3OtLB`
zD}sI0#fC(2#jfv@_aJL6hOQX!2Q>Z_nyWcVqU*&$b%nK{o`XhwDpa`F<6V+%g^0Hl
zP@ehJ*i%wQh$}@LV3V4xkp|VhR|IY!0ZB82_@dM(kdE|_qX>oS)Fx={U?DPeI1fY6
zNDl070%wl+6dTHTM3QjbOstBU@X!%T&AXKT`}Y}Dx$^T2EOuFmI7ZSx+=h4whYP5j
zTv_;j5DDq#+O5;1qq(yz5|9%_Ys6MbtpTQnPS0Gs$hy1#nj2`0&)J0g0z+zi7Q%>;
z3J*3pzu!j7%p9$&v;HIB22h@B;;=ds@$48w!~>5n8YRu%-$PU={YmyK7NJR!+PhaB
zxr<2VC#MTB+=%az!DTI1JzT_JCXEN7;cd{R^lqYp(K7hZZPetw=g!)Td^aSpEJw2(
z2cK=mlJ$S4z!7`v!<|i^=f0Sw=!O85vJEqY6p~fU`3(Yd_+&l;SHkK{^5PvM@aUc{
z@1!4FZ+A?OpU)VVVpkh{$lW>D3*(?&+ek9a_k3lG0LjgW4teI9S<{GX!5wp<H_G()
zJS_TfgLQz5LVdC$*Sx#dD)#%-(g04%f-#rV*v9W+x$=HuiE=tyl02stNu7qU&v+sl
z!|$2r86kdD`gx;GoC&|<b0tS{`BopKP-*9-xjy+!p~z;6=^d&3%#jPwCq>)WFO&z`
zN25<%&i;Lj?&b0u;`_^jkrVBcJHAVf^-gJg?*>_E&%rDy&h9q#Ze0f^R2jn60X!^}
zHz=h4U(j?Dho5h9G#Z>NMk)t9%2DY%VVGQ#!n@)sQ^A36fgAPe55HNJBbDNtxe^?~
zC5)UrJ{7}uN|2S@en^Cm4lMD0ba_}mO8wyiWzSgZ*rP>F&+NabXCm@_|8#wdyBMm_
zezKA<smpgKa5q1?#55<mAokL*5Ho1YHI`)&)j#Ua)#=K)q%}Gq8CNsJP;yBWIqjlK
zb;<4OS?Dcy*QPBr=nYQQ%}z)JvSx?7H~>jeuh7^7LKuLk7;1v{zz+pF-baIR%>lLX
zM*}DmvJ5`B)cF<yQX_jeBEPb3w@kS5q4ySIE+YdX4T1~9``-CNuzfUayMI=^8|EPK
zv@wAo=xzs%RG}SXs3a0<3nnRwtk<6V#Z4kXXPV<FF$^aw(_JCwvK;v*#}NKeMAbi3
z8PXLU`&oac43^@Ey<c(U4}HY7h)9TA&Qey~_2(uOC9rHqG94_Ex1>jVg`u*7+%|=>
zNgD=B1QP=+1EyvgRy@w8gjAa#4>tj0h}|JBmAx~kqrHYmvR3|Mg!%TDA5Di(<M92P
zo}rOr&PuO$@VGV!997(s`wuLkH+k4;R4N9#&%Z-!n!s-m>#FyxNT;nSfuf5+o!^|a
zKHZ^wTDky^KSKj?$(U8vi5%}5Wn*;7%NRJ@Qo8LwYhDn2zulmBbxHOt1f^-4e{+ZF
z*b!wF+2KF#P}%~^Qg!esJ!N1lHPO;R2b#z?wr4~FUc121`1{0xytOlZiU=wro|*H1
zpC;x9_u&1L2lsnyJiI>{2tI7u^f6S@F>O`}VH_dy)xlvp_;4VtazggwjW=5iF;a4H
zRo9qF|KTT(lr-OA?~u}V@O>7G>;dW#r!kMt0M4Ji&38~{6mcPeDGK1H7S8yg^7yp-
zgU34CJBUZ4lz*cS3l|U0Z;Ttm$xcoKKk}Pj1@Ar`Q4k9V<|fKAs|WUbdI`uFb|(o^
zYW#Z%7;Cnp?Qb0;q~VZmPq!Kt2M_xOxFW0^{>3L_QhvN~is{;=1Kur+rAu90{yGk5
z2RRyeg*SVBZPg5dm4vB1_J(Et;=~;V5s4*t?jd2=wpz!+D0L;aEg7Lh5{NOd#8zux
z=TN`u+#MNLX}s$f9I54swbsAVrS<4x^r&Gpi-kKdu`WE;+-Md|t7)o|HEn5LN59fJ
zlN`#N467{`<?=9<CaU9z9eO>~0NigHp5dW|wCn4(7a`5NhqL5O87LgDJ~?=FDkYra
zIwjJz*k$AIMo{jw1J^~hHufj_)93ViSN=GFWsg(;w0Qs_>k{AW`zN>(0l=*FhqDKX
zPWYBFm!f8y*2OanFPCyxdW4hP&VuXC2+OcYi3@v_<kOnKzq1f&4Bzm#=_rJAQgeMR
z60H`W{V%!WS`V5wVcjbo01a2qkIUZ}gqjWiXoEv_PYR5#GRuZBcvBB#F&V#1K|u=u
zjem$5ZviM+;no0Ssf%5^;=JubdF#_GbWi?dO`G!$tTjKpp&kh{rX+NOtN`lnY^mcB
z0ICD9LOc%@NJU1B54%r75-R)LF4B8~4MEIQS+AhNim!QjN-q>oLST?!I&N4q7b7*f
z^j-W%-hEH7e!Xan@yqQ$bUaJwZK(7I*NgyAn32`J0Y;5cU#$%!O0%#ltprm7c_$&A
z@Zy!rb|Q9dZlAnwB-OkZ1Y6_FcLy<Kf31@<TV{XPb3C3e5yqZ{`HTq&ifTfW`y*O@
z*;YMj8zt>sny^qBQcDo2iOW{UoP)DA7N325=_pw*p=1xm*h+ZGvSQu2Bo8Q=q(PVV
zXFK2c{i-Jg8Z9}M!RI#D^3B@C4DedVi=4~Sw!A9d)vj62-gizYUm-;&Xun24V4uF;
z*PiEzlU{R&4p>&x#AfA$2|}#7sZB)V6><&U6?7mU@(RnKNkaE{y%O?(uV)j%+>(OR
z*JE&-)kN!dVR757$4Ncy10sP!szrAsyj%O5cVSn*W8>DjTGP5N>?4I?08Afrr8vT`
z5RgE=l<Bjnh%*D%m)cv~M5JKfUX!2Sj>3vr;Ct^)99e=o1&;+=*BCKv*HxU8@)vsR
zz5F2o4;!>sX+h<V4yrAFP9z^v`O*UN1q7WPLTbO5(D3Q^QC!TBrXWsQ-qNV65^n7R
zDjW+ClJ2-Mz)quwsuM>;i3LgDBV051a_t57nytA#F@C!?@#Sg}aCf8(M0F$Q^f^pE
z`?6wRt!K|c2SHt=3;_O0k9xD&%$ce}UF=lA@L3;9R}j%?z*`>eved4%AHLr#@jj4Z
z$f-7%`e1e~_N*6NoAl5uUgUo<g;77e|3~d|-BvQLvfOMoS61UO_B6#GJzZil_C()0
z*|RS6Q8@k+aGm}2FO0g;{y+4$W8kw3%gq=03YRWpPm7kFG|7ByIa*g_FD4m6hl)vk
z9hScy<w2s&poEiVx_(RTx{W=BTf#n$7i`CvzZZ_%-fVDT7LD73{TX-tmrTl5Va?{t
zY2U?HoAW?DxOPPNuW7yMX5{83f>dw2>7QOC=^FfRQb#|z=yvz#p__KWbg86mQc1&x
zi0v4G4I~Ldx4G{vQFI-F|DydG;f}_yZ`!{ds9cUTUrd-@#FBt(c%m0cuZ8fHOUr$<
z6-#q)T(9RV=$*!2@_D1b31WPR%$aC)Vfoe(MeCpEf6W0SasrHq`-i8H4I>cXV_s}F
z=8MU%C$S`rn~fixNYX7JFukolUxUYuklJ>`ZNp5`f_AK~>YY4Nq7KWx?w<c72nm6o
zO$c=FErPYn2Wl6548B6k2CnUxopmIM@1uMHwMf!7q~D}-H=xnod-0b9e1+q#K+sna
zq;s8?K&eEDRfON9f&X7&nP5%of%*ZA)<bp9Bxff^U>AtlW$xRIBwC*xh`AY#dhsOw
z@{uoztj~?<*+dAvV@2R&3J7DP&O<RtL$B92TK_iwQqLQmrE>i$f27u(X%!f^T93JJ
zLz3ujVBGXO;HX`q_-YGIRF2GOIjbxi;C5pC7my@$x0?brB1xHm323_ljrO~z)6!?!
zR$Z@qTkct>(A%bYi1K}&YDNDuUJT4;NY`)Dyqk8zu2SZN?qkEN_W<gLaNlP<IF%A0
zZ#Ej?s2_^>YWt>($7R&3fyMB2C#D4$)l*=Wfl*xphNJEpG@Ab={_=!BI#+sRI)8-F
znd#X|2z}!!|La~9y~7Mhzb(c;<3KBd8B$3^stqZ=m|a6X>u_JnM;SL8zv#u2m<ZQ-
zB);2#h>H1Y9gkFo?TgNNUrZc<T(I3~^298XKK+k+vGb{`eBAt|Js?>MrA;O@28eeR
zNrDl`B?(|mxc`gZ?gqNM0#@7JYRAAY^w8nk5YyVJcBJ-lm0`yqoHPdH0F(!a#IEbu
z(?v~~K#%8kOwDBksUwg8y~q+b`2R`dZveBmL9nLRhDpfL=gQ>aD}?U7E8wd~61@#H
z@EL%md?e$kPqeA)<$l2OVuA$pP-?qLNH>x+<NwLufk5v7(#Nt5bCn}!JI4Mtg4DC!
zGO!R?qPH{f6#Z?E@sIQ<!J5!@sFZ^f)3XII@v{OSTfoHc{zv_=WZ4JIJ1~|~dT?_I
z`WJ@PRX~CR<JcsM?(O{_dWSX8e8EfCLFdKBVCRY4i%C_1d-?e3%?6WCE6{l$fSWA{
z^tUFyS}j36FU@;{7n3!BSd!;<QyranQWp?^IS@bZwsX(%#$fRY#fwQBFq!{=_<N8g
zSb=niHxN$x*LnE9*A#Z0L<QXYz(Qhrvq8ito-_rVjRc&1<38p-)fDDFV{kLl3Y@KQ
zv(biCG%j?z1x#TJ9ChOY!P=S!snjZPfA$bXZ|~)Q&4{AEJp%XVNb7ArsqMD&*OubZ
zxYBlv|28mv?sL09x)K15hXaiV{yUAn{CS{G?lL8*TNm1nDQ)dgJCb|3s%pddGwulV
z!58Sm_d&evW$R!Q$ZZ!^*I%OO?#ukIY#`S>fn1wuy$yIdsk&+3?XIb>^&aV2X95;5
zxtk3~U<l%XX6S&FSL!-^?{6LSjSV<7yjlYi5$5G;16YvQ{)_JJ1JbaMuXfIkuG;_B
znW?n}2;w;3f2;MgXK4<`S|0WQPT)mRPk>9Q3(QAj?E`#hqj3MT5INWV#%XuKDc_8{
z&YHUpE7-MzFE@c5|IPwuu?ctaSv2w6v+g7PUw$H_XfdOwbcWy>*y1DZVoVru&n4n{
zc7CGaa-ty(__>CsG}lWgpfS9;7`eo9hh%35Z4nN4Q7(*F-~#bHsSfF!&{JBkPcSdw
z2GM$Kt$eBFCXu&KP%)!J?7f7l<QjMJ7FOhaPM|jNdkbxmh@*rHI9w-KRBAn)2wLOF
zZG+7n@meF8=76W1RNh@x-evgj80kjYVe{L)bj!n2IH&dH&m0@>;;Lw3zEec%*L&iP
zX9PfANm`Gi<P=t<bA@1WYO9Y^%J3HPyykN^5O|)kT)6LRnP57?yXRkJVfU~9CT%>a
zf3c?i4a#SHKi#=$vYzuiY|M~%{u2>E?C0h=x23fi15OB^Aiw}l2qtL0pY-XA`xBtV
zad7@#V>8V5dR{?zJ9|`KtU<Q=pyr<7=lV*sad>&&lW)<^PjHxg8@j!8-%(y{u<I}M
z;--IdzP`P*-%(EHq9lU_AAhzmxoe(4zmCXtwX@f8oU;K|wd7*1G_?R|#!nsjREMIN
z9P|k=1P?IZH~BUg>~sILb?-ZWY-OyI2m2wMK~DLsy5wfkav^!uNS-3+`IY=g;Y^8M
zMNT+9CsO%5b1l$b{zHsUt4V%G@0E~1C$nDC=o1kbM4FdH8Whq0q2w%oo}!Mg6x2hH
z4=$wctPg{Bb`M1xFD0BysHE(i3$k>6?}Rb7;e;$eSa#sWi!YxL@t6AsM#+nw>QjoN
z`>>%NHr=8DH+qJ?m)@wmpO!nE=!NCp8l;zAbD&Vihkt#T=nMchqw@*Ef5}23J(0un
zMn$zTIgyZi^pj29A-g`&=lmc`^@dC3=$x#_{q`rtFEK?g_lP0aZ$`#&Vxo^{LL>LH
zAm!7Ff<h00?~O`v_lmsW_y|n#fkaX8klgY3=r-?YCHJ!`#cuy7F!zXxj`~flKE=`L
zfs*PCpX$~%8E7&!<&%QSlY7FJ=Pf9uJ2B<QCAlD9X@V~L>PRnldyl-}^hiMQ0Y&k9
zRAzTzLM!*kJ=gD_jN$Y|Aos)^9?ctCbIPrgOHaxt0oAQba)R>%3{^)|3KP!+9`{>q
zN_T3?FWw2J47CSUYpQ?8M+k}!6p9YXl)X%V9IAB7^EVdj11eD2vz0pFz`Kh5-ZjU-
z@mGH7DWdg37w9Lz=Ieo8ps(2YzN$I=se%0->_cM;_{)z}_G{tSMNBxoz%S16;l8ap
zL96k_$CeQJ&zP@^1Oy$Q?>Az#@`AN<Ur2W_A5}0PcBFYQ-1#Q&4u_=<Ljtpdf@>`<
zcC+)h9TCa^<38P`#M0AR;8*jM!cr2sxgQ*}gT8C6Ukp==j}*~c)2VMxIBjpV<_CJ5
z)m-W3=Wmqe#otAW|0?CLnw$7r=;h{eG`RBn3`f0M>Ck?xwc4z8((`|*Qhu)mJT;l?
z_yibakt;`^uXLKz>wj0v^Q&5Rn&@CAges*)LG?3Coz3vacRdoBpG=LD20=-`MwS>e
z*gcs!GlFX%+rD`c{^Sq!y?<@&IKEm3+?;QBcgwwcIupWwbw>tbJ=}VK`cnSPPJ{>u
z-744{=5O-9K7K4`76|=(1@n))K5Q1c!g~Ev7J<pR<eQkMNgurP4qf-J7y}~|^Wqo%
ztXjU^_eM{MSVY5OY@}q&;<~Tqk*f)V!&;tcpu7^WK1dFOtBHDYm!o9N3>+Qqu*~Oa
zFrNG_zv;UTrEs0i_Uz;^9{7B`z@xkYKK%JOtFIimijQ>Kf`&Gi>A3Rbbr?0~nvlPQ
zHIq<qe(%NazN%w6QyDi$#$J6KbFw^g>J1+t5NPa|55=Dk@i^y1m{AaL6a31rgyR2;
z^{2bz{rcS9-8EhNT?eQ{2i9oxjq@&c5c~cHR}J$x#}|1hTYTpgCvzHv$hxC395h19
z6DjPDEeGyn%Pn7oc)~~Ua_}>zd1eLEOa4o-Au{3Q*5Lxq$S7dc6kP<0Q22-PQEpwV
zy!OCqgcxbTk%Ao>K7=dIFl!#!Rsm7MYP^ewy^!R|JxMZH4j0O$U;Yp~_I^x&MfArV
z*=z{04Ex}Rw{s}*Qbm|2BGxc{kVLh4KVNV0EHH9+*%h5MXy5<tH`zQL(n3<zOR#y_
z81*3Hdtnilb8XLaKiF)UKK0%sMxIBkg}65btWJ7=A(^v}Y6PDE1Q=^5b>Qk?kc6^k
zaiTH3&_n?Ih)Jxf0caSw(88bDgS%qUU?u5xMe6wTXyf2GQ=)+d8T_2#1sHhz*b8cL
z7>W}c#N;li<l-V&9MOO9=o}51kp8d{rrfMi_vD^=i5l97Qz_KXF(c&NyQvorgJJp#
zcSh(`CU=?S@3!@RkYtzTiYzM2%y;MN519L@u_Tir9Th)DXd^0TLfGY5)Mbaw#?&XW
zUKSD&v$)AWB~S#so(>5=CbfP$-|3~#z8L?&_+%{dB2Pqn<5J8sqmJ!8Nte?fwyFGg
zN`fvEXPbDiOV`N<wvO5Fyf{!2<jCjc_rQA#?upe|XPvEI%0w|Whfx%GVv6g;84zK+
zy3n<aow@l7;0uOJL*cU;y!1s`p8AN-j<K`COlW=Hv}VNX)FbZP>3b3JdBCVB8pJ8x
z09oXtXxOqwGQpYRV?1<i-0F;KMU<E^V}~^K5%1Wr)GRaY-9#+I`bNeh1KL^r(cpi<
zVed*8Y)@mT?x3|bW2kMf|MP0Hvzb2N9_zZqJSNn;LgbcqonijV!zd&k>tyMp5&C!D
zSoxYcyLU->IWyZH&m^0Hp3ou19P|qYetK|!*h(fIor@*N9Hw_8Z)lUkjaZGFt14ub
z(rKL@FsZ>U6YkVzeU{dAeMZy7J$-YO)qX3(%{pKjY#7^|yLZ4{lul&rHl{fmMHOD*
z6`vMSmxhy-Ix77k>5|rOLIAA+Rj<Y7t_#&F6cvzufqbFEN7i?cpqLbrOZt!WFz*c~
z<GH}`a`rI`EYuPaJwN`m4pFiUCe>vCJCNPTxQ0RhloeS_Q&w(uS?0<5rLIA%;)U)M
z%ijg_z);nH)MXCR$EOiWnIv!=yQGp!=(+jWr%88pd2TQ>)(Ak2zwo=bipA%@sZ!(V
zel{@@d<C-dO+?G4ROh+HgtU*W<A<9g!`q4zVXeC8V%5ERpV-;?i+a{RO8>e)(J$2$
zO#Uv0*?%(HI)pv5lfkxL?Q!?&X6j7Hplq->qXO6Ada@1A(n>yv#0K(B&w2#Ktja7Z
z+z83$rY*a*`d0dxp?DV|`B{COyX&CFm}UX{uO-{8Vga;m%Q9TGo~QR6EnknXzW!dh
z>~D8I_$E!8(m7n=TR&r4KNGDePn>njIUT#~2H2z5LlX`}(8Wfr%%Tgo=`RsSEsk1u
z->N_bhBBnY7nz(n6B$)&>wIq64E$Zb@(G?XnV<+t=FKuTrW-0(Jj;A?2u*X?(`9J*
zHA<<0T-s5cstWJ0hhqfG4wNrs6`ib9j>t6Xl59Cz{EO;U%~O*Mh<k_UZWoHRqL{ff
zBssZ9o=V>%st5R1qX{Zr)#ec`X1g0H6adYrhcs%>3U+}=XLoq<M~3@Qr%$>%0X65A
zUqk<e<TVVjYS=M7stR>%63Q@I3rVpKTNzy3l?0LnQdcIsWOx_c@(I=+FQ|BzbmS&d
zToD+Q2n$Y}jhMDZl}g9n5?KlJjJ^?1o!zlhnJL<5G*Jo+XX3T68;QS6LA3P}N6m~L
z_0$DBJ?E1>s7tH=3*u|&b4l;m<(sBz-DwEZgdpm8#5q^!$K%!rudopG))?%cU$r~k
z6j;=2OiWkz{NmB+I9JpNN%-{!zVbuT7NtCjgvW@P`jrc1o4nUI+;Zbp6$<!m{@VI~
z|FA#T5SygI0tS-FlM#|)J?}LBdn%&v+yYmzh1y#0{1{VySp%E}&^GC>%BR?f&0OTF
zu{ChUt8nv%L7R3m!!~s~4Zom99=Tokip?Efnyw&zU)Qq;XaUHe5R(6c6w2zL$`dCM
zFf=_3Yn9_S@N@Mr?dn0lx9jlcuwD#}`ilVJmEwg>PX=t9%<@oZ)L}lh=fPN(#jte7
zCK-XEl+4z$wGaKZu4ra&t~&;U#CH`Vl%BIPjlY%7O4`c_Klnfnbwq^YXsxrUVCx||
zJ}cC-+KXwLa?Lb73l%JgF-E*h5w%~)KJ(qBXK2xho&b(WzcWB6J>UCJqODEin~=^?
zieE<&X{wqX^(abw0SZ9|y_`kTIp@Ff;ofu?SAFS(HR)d_o;LbW8sxBVC`{=#m3Z#B
z6Aj@5&JmnLk(@GR)4>2mn#1EMRiBf48M0Y;0FU=!_H3uhqY2-D|6wWT4GW8th-UhC
zU~S&9&>Q46pqzjT$GO)J<BM6nC8@QEBfrFWO%~Ttq_d?3W0s8vn)(;;E%w9_4tC=0
zAv6yd*h(WLnXR-JBsqGOwxS3ldl#J@Utd*3fc(kykm2NwnijzZ-O>q&m3WP;@5PAg
zBj8|UoR*I@vt?CvRksvpRkyI-?mD&Q*Zdh-nE57yZVuK?N(;^}fhDO7h0j3!j4b)<
z{7zt*{T9OHhR4;ByDnItS5v5*=UP;&<R;D4qf?+yclrxUI_Lx!v#+kIIh3-9tyd^D
zfutflK0OSRaGOP=7o%a(F7@lYa0C-xIL6$Uu6|7K+8NL;<%Se*S}!hGjhA>7(>RWp
zK>j2@gN!5W=>Ej66B6XkknFhE5SoHV0X`jZyil;gh4^aD@r&!Xc+Njl^;u!2ID((-
z|BB%E)*&KUdE}6KxFN~u702~+Fr$DCNpnnMR;kD;uH=SOW=FVu&jU%WyS<O~3299@
z!F2N7+Wh4>`lHAT5hWWWEaQ(YPok&zTJp*@j#*XH_Bf6$N*(8@d!tWb(R6J~nW5!c
zdhszGb#~MYSiMi$SeD%B?scB6DsMD{eA()WbG2edkmc944Av)|B3$Qo5OGE)+i*l1
z;7Mi^M<bEvhLdbzTKGQ@Mu+PaiE5Urd`kfQSh=NKA(Jat48N<3ewmQ%={si-p?xur
zHQRA<W@<c3Bs(d-=h*Bn)wXsx=gyN8;kVw_iQHM1;O@)biI|Z?AQ5lgti~M4-$_IX
zf-|L)hU|ti>|1Q84POE3R+$o3D=T?9<jTKo%ej9fKcYtrm*cmV^WP1WyD-1%iKPxv
z340A_a%SZg8NcnTzkV=}HGcxdJBGQ6^}||&;!|q)sZtI&DBjPF;)pG$QuU__<SPNx
zPn3BUuV?>usBI3M4Q@ebtsNU3tjYtUFT&Kco4cp`m^z7B*Ga|Of70QG_1^ae<78|?
zYo|$4lWhovN=i5R&^?B(k)DtE$zF2sUEDVujuel_GJK2Iedlq{P!0;o_zCYm=N<!%
z!<uiVm*)5!XOkUUWM!4g8Fg6$&(BwLU-=Qn{dbn_y_a1>7`h!)gL!BMFO=%ajR-a-
zMsQXyiuITihrQ?|H|Lq^4p>ey;_URUt7iVV+T0uY#-7=J*bz{IorO>{HA9foE6661
z3vM*9Mqv*`!W&n_XG|Bd1}9mp;?9Dz{#r8W(`H3enLYZb<HQ9mz8g!s&(ekwV#D4=
zHxbD#Vv=cGQ46te3t4LvVQk4L9yh6NgHD463jb}C?QB3xnnQ$VW9LQ2iHYbB-ccU9
zknN*}w{bAq|BZ7*`a4}TZ?PVpxI3;vy2c7gaebC1RNS2|%oK_qm+XQ|d>l&lW64&^
zSo65{z~L)6xb9o4KZv%so2Bgm;&Uu7;5r>rIAe-#O!XzrkpfcKRJ309QA*&iEcKj!
zEG!8#05IZ=h!pj{thvhdF?J3<TUieSHEauAvR^RAGBO*Lk9E*(#2s=HlR*``1FDT)
zG@PTP9aHb!B$s4?m6Rt!EW2-HyqpJ8JoAzyLCDI#k;8hC^p)-A4LWi$?E9)+6OtPI
z=b0Y4t?EQdm{Gr3UqN>x>TCilhBq#zCE_b<!tjA`rtqXI&Bu8v_{VQfh5txKoPxhM
zbo0KwU|Gn{P_!1tSpgg6`-Y1JR*Qj!#Z5p7T>MJUf{fM7xcLOsf4^bWBfVGbl||^^
z(%m}hz|LLaud}J^;bC0?7UBVUR9M2|@hN%LO7{FT)vwrl@{|=WB)JL$c`=N&nE$NB
z-%12f`!fz2F4&xz{pIeD^R7hfgh4LTBMCzqB#=h&@Bu8HS@nTjM818YZS2pN8PI?s
zzHi+w*O}CtH4pLi9BL@b3hoXK!s3cZynTf&hWm?jJEK@S0>v74?ljdAo8U3(hZIh_
z@&e+h$3OQy#6Ng=%W)i(8O2%-&9*4Cg;wOR=rq4sP4(wj|31b!zwafGTpMN}H*VA$
z1lJ8g&MRC(e?<sqJ6DE=U8zH;PZKg$Wu25(r_RpoQET4Q=pBoN%{%VdZSDP*phO!u
z2v6F4Su$cMFEC2ib8|>k*`*tQ_1ti<?6^1xw%>v1qFEe;nA=B{%$=%2G!;jVF;)r3
z=78&d68?}aW!@A8X-YZU2{i#tH;@iFm^)iR)W6e+rDD-f`1b5FR~1O#Vy%=nEMy8u
zlYwtD`YkR-R~`p*^_sl#`&t)t#i=0|+-K-qEA{T!n+9G^8w;757?*2f?QZCb(?#XS
zFS<9q1)}F+6F&^%Em6X{M}qt`2>j|t%sU0)-5l<t&1Y`Hh~Al8C)rq9Ti7Dw?-RBJ
zz4~11DTK$mz^&Rcmih8k{mEhG_Mn4qEF{)X#F9qz1|uaM_Ft?b^}nhA4SJ6ngATdy
zSIz0-y`bJTF__@bimSG?Lp4b=+|(#Fo;$<1+b`Sn*-3yn=4uIpN|t82v$MvLwGQB=
ziBi}Fym<>BA(1Mp8|;B4sGyV5YGOm75niQ9@!_Z)Hg0R=>AI!qOIJT`VO*<LJTv+m
zyzS18{N2tBP2U}-x-Mf&inc@Ru&PnaHw)At1K9fZG*;{+b;RDd@;-q9CYi3^+OX5d
zHM;RJ*cw7}W$yU$1hJ&X$$e59M|Kz7VFT~PDpK4milfiNKT-VWGlhRZ<4*Gdw;H{j
z0#j{{ABG}*-LZb^7W5b6=tv)k09jM{&>8%L8hofSSA6*W)M?&9-n7^he*TuY4wf^0
z^r{<Ckm3$Bxi?%VCVGYa0Of_smqhv2^PY6A#cou{a%|z{;hiPFkQf`bvQUe0OyCPt
z0dl>0rCMMMUt<g0o_*LHZ>|SU&R?)}8=_UycA`JPrW(wUT6+O7{D1NSrWU<5M7^_h
z*Mgu+Nu$!7lA{9LoBcw|`HSm4oKc7FUQ{)$WB8;?!}bps(F3E&2IWdA!;QICL$v5A
z^%zUiMzi9x;WDu+_p_X8*jr@>CihZQgFaBQSVPmWOzcNfe>+S6C$~?2h#d6oQLXNK
z7_g^sK<@r8o*>!<LDBzVqP)OwRU^mv9dn2&J1hr%`W%AL{sT%QM|K%C=aHSDD)@Kk
zslX`oz%*JI6Q;@s6CE2v?4VW*z4)tvHDqzUbwj0)5wxHl`j~8cH@(F5m)XL9Teh3o
z`%$XKN|3GGe+L}<f_Rr!6_7Y{dNkBZi?b`nz7MR&gvTY{gGWLE5V+^d2fNb0`lWv|
zk`%2=emI;;zMO0;^UKkzoQv`+L}5ZSNIjp>m6A7$*GQB6v2;ND4DE`rHs!MDZuD{;
z33`UB-PR6vS5e4VE~^E#k<0njXpt>#p$LyfeClPqHdHHf5A{6QXk)nE)9w+ftb2#E
z7n<0gwyrBzEnB3lk&cV#GQTBU7(b3BQ2)LP!TcswMUjx9k5GG!Hep!BkolPW)i4V^
zxp8JdzoME>wmWj>i}CevvV9lPTr01!*#x|Ks9yzgiYv4~G_xsiE2}b>Ug_p3(-Q{v
zr+tdCGu184_=<pi^wM=YCGK9NXz1T02GeMmc8%8GTjP6G^!nxDdAocf&)U8j0lNmG
zSQV0Mhc4~D6#=evx07qD{kPGS>sSVXNArh=mZQ^;X3O5(y_btT6mdrugFgP*0b|S?
zi;RstSAkm<f_IGVB|Dq@3qRwKtDut-(>|}`Ds9QZ9>gi#d9Jwk+LCmkw23Nr7MKqj
z!@A0q`biv3_pZ@c$B^=H;;+=w1tunQ4dgfUs^v%<cj$itjD?vAsYoUxNycAFLOvn;
zQu(Rul#p>MA|3kgDh!rLCg>?Yj2-)Cm7L?*8mjhLBNgXefYURc3`PD(o)wqSksHzM
zM#+qG16BDev)GuuYf8~4%sAT6%_sb(C>0LWa&D6&+@3yVJ`j+_DU?W9LQjoRLy<V?
z=o!O>BDJ|Q^vVLFt;t2(SmO_omdCiaG`TD-x{P_HWT9a%FAdq2?C-Fw;k0e2yQ-7e
zUH+_Vqp-V1szU4kOnJ{f5_ka;R@VNHov<!q@HZ?a_Xxh$b(xmkeC|`As16P{{n8M(
zN44w?vaJublO&XgX*E}0@JffugqJx^!S=CNH42lo-q`OX)v6vJ_)tZebTewKo03BO
z<K#r(8x~}YKJJ0B2nbC4w<Oj#Q$}f_x@m(uGCPPGI5WYOH`lzEPpc|ArflU#^kLS0
zCkrLIxyNOHSSHhF%);zmnl~;?<<v521nB`o8TssxwAxup3;Hwt7c9iUZ2*DyINB?c
zENC1vo@YTSS3%-KtC?vg?>PLQH;ZvE?+?=R%-dz8!TQE}NFD<2fBWo^b>e+yM!0L7
zcnUC&>iSiL*PtGHx}z1ulH{qlzR;%P)KDIFNcERa==5ziSvYb(@|aZ@My+T@I8d-N
zdDovCaDpE3vNlh8+E%&!OSSwIixb|_D;N&`KDicbza>U@XT9ieStX%x>~KOD%zbrA
z*Q;WBr#gyU*B7y+-atp&2X=thRvgf};K=Id+oi4gdlTA6RYb~CkQCXTDab?q5{x<Z
zv~l72LT`V_<}P;z$))x~m~E-GP;k7@;8zD<=ERwT!;yiESX<Z_yL9rO!pPft+G)~a
z{@$NnFN9YNF5tp5Z9b1d@fs**kD7w+f~97ojN<?NN^WFY@kG}gIABLiWA0Q-pfi<6
zma-ZcsMaf1yL6Ye*=0ykE<E7WY~x6wav&ScGVU}yQ-#6b2~OFIoQ4Gan+7Y$_*qZm
z0;ICuz|{FnqZ8Gxr+7mym59Do6#u51J?F_&VcLI$p2*;^%)#y;Jr&AZ9t&K|utP0D
z8X^~O^BMoo>)<MAKyL{wpOEhEGO}NQf`0kKJ9@9x0#Pbhd`$$0frPTk__IY_foi1J
zr_g2y^#jq1p2V?7Fs>9?`RFgs5+vK-wCK5t<+Y+0snIj$E&g4KGc99!dnph@)5dzL
z2UKVJFmo0_N())B1!?WesGOJK@SCh6`dv<%DACk!K7=6iyMsyezq-C48b%v#_>Iwd
zOg4W)XCUuIAw~_wQ-xAU=(SukIWHQ>%={rRr(lOA7O@RT<Q6{2=pCdASQvtfM#V!r
z$uUFLxW%;zFiSHkb$u2_Fj8&#ZWmABv$!y*_xuGPNAwzMkwG#1HkUQGAhckM03+0U
z0&#wUkA3#qj3hH^Ekt!!f9N}-15y8@#%e^J$}qA+;h>;T8SO2^X*9$|6Gd9+Q%Rf8
zOqKhvPl*a{V;LyoJWOQvW>eE{?CnzZ`=B{-5$r|}o0?6S69>sKO|H_l3wUS245^!<
zH0t^Lb;L$b2|Q39iX|$kH+kn)ywvql*iUn(U(8CNngrAvBdodVa6verBu7oVgQ(O(
zLZuwtt3v>MIiSz8MoLOjFWUn<)rA32nI_Y7S2n^&tnITe;?`N{729&<9Vsuku06sF
z&Y!wVmxZWTL|CJaFF=QNv;+7K=*=e~eM@g?Yt7J!Nbe`5-rT}G8E$+*d@LX8a%mVU
zd+Te4Tlhmx!_?5uBKBbb6!T1hW_5PeDaQDpobSi-F20*7k&Q`J_cao?7Cj_Z2t<MR
zH^l$G69`RPf2$^2e<W>C7RryKXIYO{Bz`$!dY&+4L~%z~m_T}$H25M6$_BV1>QqIF
zeK*nzHlf8Bt7Y|vHrHcQmbOr(?mb_4{308|_Q|R+#z(&qiE#$nch={Nfx(se*5N*0
zI}?H~r#DuuFoH#iXDx%K=PXnI)ApqeEJ=AsjbwhuGKE-#b~a-sUhxIDj;%&qw2h(a
zf3flbZfBLFCNPG$BU8Lthl@UyTqAzJQ9t<+<aFvLuO~^j?v>%D*!XvbQXWQ8M8w~)
zEnx;72+qQga@3JSoYJHdt#WM-dQ~BuO(1(7Sg#3V<%}Wt48EIpc}?Zviu!a=dkxK(
z<lK#|VS5;~-{F1CrxNOAqZ#pY51dscOHsA+53(BnppPakXUP_9!{mmUCtvBQX4!BD
z3Nct+;fM=uZ`oZ@9Z}{vBBW1%>+G@6pPnCKs`AZw$EpGQ6V&loh97sbCu8_nOh>B0
zF}UFD6Rs8+!UV;##mTr2d6!hgtnh-e6F~U2)@OiTj%XiwLNTk_yZ418Om#8Co`=y0
zjvR-<O?fx|5W!VaF)?y2Ajvgp!xH2(UNl8y#}!}aRBFJ7+_jH!OB?+mkXs2jqly_N
zC(N5q8<^yd=TDW~+PH#DO(9yGq|-%di~@Cm(!(%?en-ZozFr=V$kE_;ti{ZK!2X9d
zdN1-?J+V$7I@_XK@Q)O8o2`ZiIfla$HO6pfnvKS{Or_sF26lnG5vLf?s++A1YdeV(
zfQ;E@`sWLjJ^;1Hsmvy#VKe}g(2A21mYWXY)@M^?;Fh1CBxzPblT{7}3L>g}*@j*q
zY7OB^F8jKU?2S&gWxHKd-AxW2=7kYWmsFP=#b5Hti2fUkWjHnQq(s$<D0R}Y7mM)3
zVu=_q#2N$T0Xk;B5Xc<w8^!HkGC2q~lcx<*;I*h-YBP_7#L-ram0rFO$lybg9-hq}
zyP|h@;SEQ4nRF?=AbEa$i(q_!-0p4;`{mkDg!#36<=bJb_NNgOW4g)f;8_WB1B<C{
znK#$-qdCPQlYbp^Cn3qFcLbRm+fZ*Kh^2i(ns_%hWFLu6gP|z5+<gH9(%C{;eLaWY
z!@_PodV|h*W)i-#u#z=2nm@m?o;XT_HdO7h{_o~Dflh>>4w0k?Bue;@2hrDf$FDEE
z$qN@4E>f1Ct+@LY{_LX0+_ML)VmU|VFgEb`B+=3d=uJ5{qb%NX1e6=*P!^iVk-I@z
z0`SnYS7sbTCl6Ez^<h&M`rQzP|LW9pICP9?nBJRzvnZ}_3ay+0HmRuRk<KN}jU_Za
zH|8qy3;_3FQfp%+#rsTmo4CE&nkLe97G2Zy_Ghcl-e_{w163R!9wyE{Qxp78W9Ra9
zZcJf6wCPMNFkLIG)>lf4Z2dkhj7tIwO%12wbD7*7@`jk#yhG+bI5K$(jb4q<@)W7$
z9d#ak>EJg4qzXl2nX;_g*aNQLIQgYkjR1NHDoEC|3@qpSNpwlw%J^&2;$s%mmX(zB
z(fzdfb&`zD&MJ|=)i$q%>RV=&4VDrw-7}Dct2kA@+HIG{1YujUUZ>vj?gs(M5sIZ-
z({qsavijx?G)ao6f>pR%1dw&AIZhXJ+z`RQgT-N*fqwoPM7^VDjUJY0O2an`n6Z<{
zm*Fn$zf?wRrVfVJNd5<rKyJVC*UNh`bVo0S?jZ47O7=*KNdFI!BAtNH>1o3NyttCA
zRd`7dr!qCuJiE+7ybZnbVtZm}XqviYPDW1*C2+io;a-YI_DE;7M_$C!Yvm@ZlRc!s
zu!#}bs^_-S7?GR!Ak=vB6b~a6vSX!UQ{Z1h#hlra2shZ)=`h$BA?(=^IHQxeXe|c#
zTziiRk;}M_pmA8Fdj_PF8XA$XK*gcNIK-LXpj=U&(7@<6mBI?Ji~|Hl+A#_~73X;Z
z(v-%OGGiIr4HYoQ*k2gu1dY)_+zZ0SB!SU?K$$T`s1%N>$LPse0Vf&z5TW*<ucO|@
z=*h;+pfPSRR>Dn9MBPXdE2)(d{3;gK+Lj2>fECghSBhiR-8j)AEVc>3Sfqu(=to@r
zBn_ItfJOhJAMyM^2UnaD>@h#i_2d9=;zM7f>2bO=jv-G9D<$~JdL%3|IV7qiyzXfu
zS#xghZ3sPOs`jn(jg*_iWTgD*9Fw`Q3f6_#NO^C8z$&;tWTvnZx|*m$HH)hY)1cm9
z91=n={8|`eMQ&TTeek;!)-<U!snY<ARdJjIryBc<4d~w})q5!5+Vj30j(+${fN{L)
zJQBno228Aga+3$GU&0zAW1FRW1u>XHe+vemVdKz8CQt@T<LGa1!P4dEUr3aDuPMcZ
zu7tBq91j(7oIn(vPBh-`5wb%XM-uIgJstjD8>(PyIwIHNaDgKvEKlO@=i$%<R>_-j
z9QlKj5*UHT1P=Q?PL|LZr;OCjD%r|s`-e~+kMZ*Cq=bqQA`dhR8<7(Tk$65L`%`x$
zEgTJ_P0E|h*jdk@th?uDecD5Lv(1(~)y^}E@{GyPa}Z@Y%#u)N+IeazPc%QzR)+Jd
zJUBn5JR|b+Jjr<;&C7EV<=G=Y&s55Cq$Q~eoo6BC3FPN_iQ#N&w&V}&Jav@EpPy$3
z=lNx`C1F1Y(j(23?KhrWK6*Xg%qtb6LZ?|0>YXx2Qjw|okoTZGCt19aMd!Jf;co8_
zZl7Ah1Yv<C;ams8VFciy{_z@3C1zXlG&}#VxyJSZ*BGVpwU&fOo1H3`5d?33!(L;O
z-9jYW%gL3bT>Izeic_W&x=DX5<(QnGV>0D9mbh=c2@M&X1fx5Zg#kEM7*hfyqpL_L
zk;bU3#fVf3aJUQ+!j&_a<Ht*Z6HKgvNZi;Xh?C_VdE-GQjd^6E{iI$PQ-X-l>P=x4
zbP8jNNMkAN#;!wD!U-yY(`9(V#A&$ibR0SrtK?>$q!^#Tea$>NC8@F~%u8Wa8}5E#
z7AL`TO=1HEU{og#mGDzxOe90_uM4{Ohtwm&E#agsXd+i&v>HPv@stZjb&!uOE)$(Y
zC9DYvX_C(<TGJ9%3tNPfn^}>nQ9s3itkJJXv9_od312m-_SQ5aywJp=>=lv5=`w`h
zn~vkB;dB%Ct=8>p;r3O@`pW(oB8A1!T2B(V#j#$0>Lu59Qu?PPDcTsc&;+V+${mr$
zeQU|leW^*bQV0H5r0pfFkwJ{6Fj9lj^%&tjd)MJmEn7ccnLz<R9gqOe;$(O;Aka@_
zpJW^?j1vOJp&|5<);L^X1w7r9A*~%~Q4<N#ON6l>b;?@{1_nL=twCyS$}mO>48VU^
z8sl}EjrYguRGV$Pzn-(*uV&l*L$=*JdfV<-^t9c7h5~LZ%GvH=%?)Z}FXQ}JBD$r`
zZQj_IH1-MFQ)<4o=!d(OW-?eJ;dfrGDofhXN0#ZmJcA<zR-`dNu6C(PU@6S!UHBD>
zY|;>_cgW0?dRFKD^Vu@oRwS?(?myo|FKjEa;QsSfN}Irm3O;oQZ#0T;W6JUt+-tkH
z7e|+2=vOWt+UA_14zoG^${@0Ge%TNw&+7d_BE?v@oS${^(eC$>Nn48ulSK`ezT<o%
z|7}I&h#8Zr$eJa$#Vb|4ZDPztpDe@jWl1buW1Pv>oX?mP;InCz`^b=<M;n#GQkdOl
zj0+m$f;dX@&d|{UN5O0pi%%p^$+sFSpe#$!&!GYMdYuZQ7k=jBogO>tlHKO}TnP{Q
zs9{^{OpMHM+Hcwq0gP1V$%OZGQ*ZY15eayN8}*AKp1xyKTef2{JjgvccZcnT!`(&c
zJZ_joq9d#_Si!!;M|G-G3Y-jny)bTB73i&WW*#Bdjsi+^kuFib#!wYmVn0*Fqt|yk
ze0mOZd<TxP&<{ZsvnSKa<mHZMu!o6bHsg_9=$C7aABMCo-iCqp6#CT!qS#-Ys=eAx
z^lSEfYMF{Tn|<|~!WV{~uuxK{qzS865_*^A(Dd>$`>()4FKk_5Ax~6X%%4XP-dCfa
zV`Wi2ei>@TGWflbp%<-97M4&=X*>psRRTw}VDMF}fZuvlC;F`}48ZTCkejr{wgy8S
zXGz5{%qDz`@gp6ktRjt(_6zu^AQWrEvD`wxd{<^1M>-%s<rQ(1aD1CX$<i)ozKB!c
zPoWR$EF2#v%65Cu5%8%P`qetA4sxIeGvwI#Tcn!SUEy45%nV`xmXa^yhhh~o_Ab*@
z&2$qLZfoXEpHl>i!&CzO@T!Wv^*)Y=ACVCBOEq1>NaH|}mT>7ZQQ@2}^UDi)duK$}
z^T|Aa9R}n)ra;wPUi237zj&m*cpkBLr|MG(0ehpl1RwFTS1=@$cWPFG2b4;pA4aKE
z8jIn+Wjqr>{b+Ncm$zcx0>la-Z9=2GJI{4T@F%et>XJ}y!6K3;#@N9!iZN&)Vo+us
z^W<(dQkJ3jb1ZH*s)M|3<sU1A%}&?s<p0&Z{_pI2&;Ri>j<Rqfi59PV6ORRN2To|k
z@hq&1vwCvvA1gbY?OKr;EHy9ZX;H`hk5*%3akt~oOAV`v1dVn-d{!iky~zx^@qA(I
zM{*DTxPtWIU630@JdeMd4B^mKe5e`+qky*N?m?C%kHsE*cQo}`&_fCSb_vgtUkVR2
zCG{GWgr|g%6&4n+MqGlie>15!%5wC6M#Ac0Ly#}!mGva`is94c+{NWUT%5!*c*jWN
zSlG7G!cl1)+eM}b3g|4ddt4)akq+W#X&u9dp59t+IrIu0oi~BZ7FPfxEfz*Y82M?Q
z%K1$1uKQF8-p2CYN_*DBm=wg)B>G4|UWx*~Jm0<XI8wrYfSTX3!g8AbFA&UO<&$yb
zi&%aLj$DLzD8~MVC>ui37&Z6^SzjSlMpH-{<H97nh&ERU!K~<&@Kz)1_jVFheHSgY
zF6l8vo(iww$FPKHBq@$a<mnM^=wP@*@HV`$DfC18AY-g<_B9PWr_zo-xU-ow!)YlT
z3u}a)&-t>5WPfj}KuL;hp|%w}U*_G$1iF7kheM#JLCC?DCdl2rW{xE<sl)q?#H&v`
zeJ<bww~G2sm=z)rZ*%{USIOb0Gz#i53LmdXIcQx<Xkqy(`VhO7a0|)I#rAY|n0xB*
zFtPFKb`wWI8!KI2&ba|?JiQe?*pj&N=gT{Kait!=OLCl<#=-DFu4BAXy^8|2YLLze
zDs2FI?;*d8rx(3R<CyL(2CK2O-7qVm(Ygj2sZR~F(uoY{l~3>#0rg9{gkfa3oNggP
ztWDNw>epkrnxH%3YHF_<!SWQBpx4+ZjK%FLX_;6GN0aDZ%EzqkSWbH7;C3v7w~b5|
z{czh#f#n-C{seUt#8nK(^5QR?MOMYF+We*NymDvT19D5=?Iy<IwI)FVlO%!O0uD1&
z%y~Rr#ZbTtwp<f%MV<s}hri_{*yT<AvQV!&C3FgAlaGo-2gacFe9NAFe_L~8C{!WC
zSbl+Rp-<5Abs6#OO#^OZI<JvrFf29MSPsLhD{1^5o^YG}tuMR;otyp5U<rIEm_DVv
z2j_Rvq0c+Z*?-Z-5HAn$s_&JudzpbP1Qq9PygALvl1V|9{Dm&whN5GJsdM!Vdjpmp
z$-jTsv+bmX|J0a5gqzWl#vx%M>}!p}UT`w@3T6pO!UkR$WK0sq9^~l=c-O-X&N)fO
zsNTC29<>key=tGZilI-Rt}1g(o7Z(4(%Qzouvws22q{#M%)(*`!4#GX`fC$ek=3yW
zyz)^L@S5P-l^l%0l^m2)pPAQndY`qUkCezY`hS8~d5zgY37<3x?K$N68Kt#k+KrN{
z2#+eEr`<njN+80uA|c6H83BK35*VacuX_?QRkMYJ_=ctQ;w`VvQwqDK?fGY)F{vEA
z@-wa~8AOziJMAw11yxK2(tY*4S5tYP`4!y@s$1*>d)3Y%vYC1~JzdOm2*0iu=!N!T
zlNb{PZ2raoAJqUKXMm3vn^=5`ks$YIl^_*UN@O#}2aWMOiXLjFQFQ6j{Hc@?@Q61_
z1d75_OB4CCDfOY;IOyX$eWt7b*el>i)PkQ<#}2la#7E}3@ua+N#8PRT%x<6Wf-IK8
zJ09UAP{J>og}u=st~WXq=bNOL)E7i~CPp`5Xi+}SEjdEz5nBv*74uFJ$;Rk<;Z(Oz
zFz3mjd{w{9P)`phQ`q{Z9rJPtcg*b;d!O)miP*4(+3~k4nH{}wyGW@Rj(`rEKP6;E
z3X7$&X9eQlWrIegop%lYzDaM7^EP1cNdEmhi94xMI0EJv(**|8=!M<*yx8!Rp3!&}
zy{(0Ng5<|PJ)OpWK?#>~2Nd3_l3Gn-<~NPbY94tJ9~#=MLbw}*GSN!{fxJt2qfr>+
zf|MZ(PZ}h4zo^d;9V44DT0M)}bxCmt3izbnp1NU*k||m3M$$_(uYbY3ep#_e2JTBu
zeEO|Lo4dD>P*&sQr`;Pwq_HrdWkp82fi3L4p)@9!=XP-TVX-l$&t{d5++G#0gfe56
zz#uH?#DI1}jVU4YLO{hjsp-wCR$Fwdm-Bp1sjR@zfw-@QNgeaHO7hVWy<qAy*&m%M
z{kZ#~ICWtrfn$!tsSD|M<O4Y7P#k##(e^4Sj6-QO|IZLT_F-+HuBtaqwjDS!?=?41
z?A|5haI;q$V?s1UzcDZWMf37ie0=-E60%knr}WsxVkpg`%3?8jD3_3^uR$+-wKC-}
z>h<XT1Nz}&!{h_D{`?ccT`L9If3V6hzAucu%F){n^_@&~*nYk~vs7+jfTgsMu)SgD
z_MTtDeS`F9DJP>k{sfjUCo{||q0z#zWIc5vK8~euoUs?_$GwgHgs$`F=Zo*uOhEWh
z3bJ6zVO^s@KM9+1(wgvRY$qcN*09R9t-2um*F!>^vIVtmx4D_4M7vq6ibeWs=d&wA
z)*x(a65FvHj-qDy$uTY0Kn_+3+n!US?Rn>ii&V@wFbLCa^qy#>w~t|(0e#F^!59Lh
zU5IVD!%((ixR?#YJ9384<Bd7Pr=l}&x|Su$uaGUitwjQ3@T>E?Y=iG{HuzA<D3&*2
za8aH?&>FTYCcC;6)iy*qPe-xlIhzsoh6H0AQQ<M}8J~%}TR7dqeR!d}Bx^IlgdqCm
zV;l66XollR>5Y%A92U(lr*rYaCi>;^{EC;=bztv+y&cc~Z(?y3qO|N0#;59eFGUyy
zyt$;n2y;2bKU1GhyiT7ie|L#i6}Rz<JFKlEnfiBMLe^{`DGcYDq#8@%fqH@Eun7_v
zfjgR*8aFjrA>Nl7>Xta#f$^nWBux^_;d8IRsc_L!i)GFmj?D2(xTDw^J>!GQ!m;p>
z#WwYLW0L621z!|*>bx1A?{JovL;U{`X?&ko!b_zwx&pmNV(B61RixS&wG8)MX?F~A
z0XNirBMQFmV+wApBfsfQAE|=<Ox|S!_cphqw_U=Jb_t7(>B5*4fO2CW0gH`sVm*}e
z0>np4RDR&x)~nRn+|tqduoub&c7NYOl0Cpn=SlRn;cmv*Fsju!^gu+pK~K>8CL_r}
z*@UB|;4L5ZroG=o1)acI@dB}IIe5#LyL&v~`S1UU;4O<zUsCriW4Gi-YUvxtWoNNl
zCLL6yW4An3EbNn%9F)_<%55COWnUe`Wh&2tZo;GciOu4bv(V2czuP$SS)~kN`84#)
zSt#IN+AQWN!IOKgXVp0CS*v+d+Lc~mCXyVmVo{2iy=59--VoAD4bxfDpuAbDUw!5f
zbm(9JuN|@ipfRam{WupN$u*dledK8wnHTEsb|l9Zp5AR~=@suYj>VKwNceY?N;)hZ
zort0ii=nIyIi_E<8ijfYqwi9a&IyHZkgU*=acx)7?0HP`bDNN&gNGzB`7p537=*p!
zT5+B(Y>|4kJ~DF`MwXyou46COFSpoVufj1>Bw6C>umw<N@dhUEG--?vVL)GU>l|XO
z&mCedk#Mp;HaaDtjo2%-QOAK&{h<&avZgN8|7Y591v_&w2JNVUK%))1bcc8)j1#@1
zHrCW|=auFM5=6P&IsI<Nbo4<uK?PO1Ltk?Ovxp+~UAn6-%S8<5$b}M?**BYjH;yqK
zC1ka&zDDVTSVBI8hq^PZJlDCy&z?azNT2_oi|S-vXtVG3Ali?$BN~k6jF)P0G!NBD
z=$$Jq48RN()6;n`FY7&>*L%hAVSO~{4ke)8)P?>u&_X{`WGPP7BrlS1hA~<n<13PL
z`PbyLcmfY4glq87X*iZtz-AQiP=m2I2X^IKIsEE890rZGY#I!b5n|I3)Z|o-6;a1A
z#wbV2mI>Tn5+6fZ)}DA+OF}z@;Z;d2t;X<ro?gkB;TPILHB_~&zH01=&kefKk2DRW
z(S8X}3YJZ}%cFekc>~ALFa%DvFSaSsfoQz)Q@zo`YsywWa1=cehs?$jc?IGrIacFH
zL=QD*Fd}!Lf0_#FZ4LU!wcj2h<@OLMlP5A>WeNN49ax^#web;O7^n30&}=YNlGqqb
zl-OV#A2RmRONZW*QGmbJWTWx4taGrO2jez<zPw3~qGR;SYW?y^{c>54ms9LPJdc0F
zI?Du(`~frUZyPvTC`Xq&F{00mOIU6hBZ3`-LapeYXI<R`n`d<$%{q0AP93FF%XI3%
z9`%QG#S@&0ZL%5P3+p#iIk}d9%k{^3`sh4_Oy}^t&AR$*`&^;g=|whov_5PfvlS9<
z5FCR>|JiXV(a)FS2v}B2kEwhPUdyfHjReHS!=&gmdC#vc<U(5b4TE#iCI;ag6Nf=0
zMUUroViex+=-3HT&SjA)o%6ye7Q*&c;82<wBq*=#@qdVp%BfG>UaOONp94@z!(fTU
z=Ov5a7c0{ApF{hY_F?P~flpRuoah2;R@i}3DtLjihzvLSU#$yqu#`1+u#|fGwZGd7
znnl$*S!ZXdwxNhzI@%-su$|Hp2L22J@sie-meuw^a-{V0O({Jhf)XwlDqhvAfn!=R
zATz9*!ZkQ%6$a#Vd-LnrJk|qpx(wm)85pR?;dL0O#^KX2Fr9vfks_;?S!wJMk!4tE
zOp0{S@V&TMV1<le<%wkCk}+F@l~d?BL}r3%nj`=#jL`x8E+RSH45a!DaKCMKkGvIw
zaDs`IFd>B_r?VDSDQC6DUI+hqi1!Cq$$C75Ueu{zB7s$MBkPDNIRgVSfDw5mRtfU6
zvpAu;7OSL*6YQOj6Qr0{gTrcY!pXcFX_ypQei*_Tu9BUyhL_^1OdOfQs)Vf38=z`%
z-)UGS=hnztSrcMxBK95xeIl3y;duIAuah%~P7gL`nbiK-M4>QIsM?{>*CG+wUgb#)
z$hB<B4LOOY4<dxukSXlOMQxxxo@+2l6$Ge)D!YQD4qq(m?Q8kj4O+jl6C-dP2x+#F
zt}7Fv5Qd4v=h!gqrTS4i+9NA~zCT4A--(~}Sj{p24FuI2XVZ!JY!wD};IKKGy^MM6
z^<UjA`0faAJyzX8rc2c{^iHSW!R-7IA08IQ0DR~X#snQlB|y@Bx@D5x_H0w_glQO&
zaHDABPK?NUnTF%U1ZLU>A;Va)2K}?J;%FUtc{e8SCYh1OjIb=n@Jt-d8zv&qU=r`c
z3_V{Hm_?+nJP-r+=9_-Wo9aW}kx-w;%9Dw!0}=wpND*p5FAUcq8^*W7kCPaM;Ry^v
zrn!qWH~ia^l3|Rlp?af7>kb&kOt(p9{)&~xK4A=;B=5AHcsQ;dBO&tDSMWBReou+1
z4f#6=jd4L7D&Z$UdUMZdI8@f-Fj<B}_s$Z~DWZQIFv%X@TvdyaH8^T=h6)T3J4gEH
z9MV5506hqQYf=du4{v%b48q1{i}eBDsP(wfnG1v#P@_=IVb3AJv58ns)ay85w$&+n
z1(8vA>X;nH<cNKpACG`_jajUe@EMXXG$dZDBlo4r+Dhi>v{_oG#dBMk{Cqr!5Wj}^
zyG7ul#x@J5!aq?c_QO{-Chbm{iJ`^$)A^h8yGQHEf1?w^3ySUIjh41D+BHKRqf^Z~
zwM?h>w1vieJ3=jZMXwmOIy)@mXxH;Puu4{AU>e_})IaCy9ae;dFHQ>Eo3^iTTc;6U
zN}XR)kC9dM96F2RMjA6iQUy68Amuq3#XK_>x9znPw603o?#75Vjt#DAZL8!|JLpJ}
zjYN?h>c{w>;swu26_X*{Z9N&X#w=1vLPARupKY@_;tyY+AvU@)#Fyvu1S8yDBv4G&
zksN1d`sIgWHbu&01pU8cgU2LE^t<y@SPpj;Syoc-YTS1IK$$@k>_V2N21iPO-P^Q$
zT#8j|SW4E>^Wd|{W8&EQCB|gIH}ADhkeg)PT<+hT5nNoW@5nnXMOCqL7^ud`RB|0C
zV<5)}y**X0J%#Cuqn})re7;N<;L8(x^W|XSHZ5Q?=X_4JIboKBYPZ>>oMX5cDxKuu
zBQe`1T8fo6kB}3tW%&ja@FbZ^kuY^thG#BxSN%wavGfA+HDw%q>V3o$rLkXxHz(Y+
zg1LPQnD$fz9|dN4bJ0p`7jV~4Z0@=iySZytLGB9o<*v>~;;tJp$6aqUem(B`B%iy6
zeK*{7>Nn=Dy(gk?8Zp?&0u1)cZ_QxsHiIqbX0X85W3X3@ugzdL^6^jjqtTba(#<)A
z)`5Y^--$x=N_fwc)iETX+KxkeT<6!)W(Tr1`>3JK!ULgokgd)B($LLf0`42shEdqw
z5W`BiVo(x8@KHm&2jAtQ2;Vy>r5WV(Hb=vSdTTh{nJUt)#vHvBb0!*7ectrw;$>tc
z6AykP1s5EMf<qyR)HpPM802(aPSwrG+C$4Pp{flda!cN9$4*TB$RrF%HCI1d94QIf
zZR}NUPT|zf90Tv68Q9`zFYvfW#fZ(ih!)vqruA<<q8*39!_CyW8?-}zP|{&zb3kld
z3HOoXr{`hPdc^R4^=yMOb4v|7<Ysx5v}8&eBP;Yi6H6~TXeZgI=bKcFIf(L96fj00
zhNa44Is8DNSdgwIeE-1b317q9NbBgsxBiLfB`P_g0^2F61E9n0LZ9#ya8*MR!|>st
zBtO^2YdIC?$+~~65ISt1N|4-{PenLT(g){L(a(!=wRiQH*HHFe_I?E&dgZ&hg`<9C
z8(B2!!d#WV=M9YQLLZ9gQ{}!gg6c%{%BxvQ4`y?5u8vgl0rC_p_){H8eV2en8dVMY
zAIj_6v#D#(a=P{|#51LF6j96v^98SyJ=H*1yd(6=tP36_1=UR4ZE7-UCUX~w>~<D<
ze}E-?x!7*xYMB|{DC*7Z{QjV8$Xi*3C^yJ9sdRjIJPUnBBFrc~)I=zKAYD0OEqX&Z
zSds$UAVreHRz{QE1lTY@0+hqangH7y9LD*9iD8(OOrU`8Czx#}@izU&P89H>r=NbZ
zr?vGo>&49l_m|q!tmW{9M`Q_fTeGg*FCo}vqw#1n;qjD*5!u|VF?q@p=X1(B^Mxqj
zCxv-+<JaNUNyM2e@)X_`+M?2!y}6Rmx}jSK^2s!3(pn##KS)~Wo6Y3iM=QXNm72bP
zYjo)Q05@#AZrHtc!?yQm*d=z>HqN?3XZ@v}bq8nd%w-kuMYpu5P4yuHO7NxaZrC7&
zMc90`oWQT`hqq)HeJvO|6H#t7X0njynS}S2J8f9ch`px~yWU3Zy*{1uVLugA<~D{i
zVtVsKxyUyWcx(43D{?a<<<rqS2dieFcLxq8OJS~YR4AA6V~<mKgWjnAibtf{A=5;^
zpYn5?px@JlN<xYsZ)v38Rn7Fff!}OKk>ZFge{Ir-B)yw4qK2Wj1|!pmb<|v^78G!g
z(9FRI+}ddG>8i%y3^Qr+!z%R38bugMcmxGcqIk7#?!$lq8T$V*_b1?W9M^#;+<lAH
zx*!RPSV)l)NkNoEQwt#i;3|Q(AP}SgVlx&Jlx1}q_x1%^xVQVNyDxw%S)>EW+e{oo
zj_t@xAlb@foCzgoY)=--OFYiP*zun@j_H4#7iSVPPTq^1<S}txl8HU<t5Zu?^#Z_p
zNxn$mM|9t=uC6+D>eSf}-h2*HDmRfuYQB<(j{o+;kNO@#;%&wh-i7}90$5hie|t(d
zTAsZZZyv@i7QuqtXlw2u1TszGE$EY22lvlr^!!CVPp~y#CY#_IZbt7UzvN5kSp;p+
zKU|<~spb1Ub$yk}hhX}?^N^+??Qj2Gn7-|b6Ndk)bxYFh-M{BCd-r=b=}`sBZSTYS
zu{ONzL5z*_hHgNCt8Uz2{3SJ$u$mWBER;$|oAb@M6@_3A{@(lm#;q)*r^YPQw5rEX
zHbCQcRu(>__D3+0Lhe4WT5W}z7#KB7G0)^0l={-o<F?&+KWNaPxL;d4D}okG;f9w6
z+6OKV7^rrcW*X5^ONh6k3XJIQvPQHOy#q$n(%#k%=c1^7m~Y0-Z|)}3ZxzXOcF<CB
zHL(0b9hX;dx1r;<0a47b^*nC6I)ER5iQS0%GYqY$X$o9^hzNLRygo?#zyP6Vem8t)
zUpGGdCVb%ac;8X@HrY~#&*K9=ZZzgwaI4XZ51fN1x^eRqobNLwtfSwZ*ZG{cpU17V
z7ECmA9sNcFng0yoz;?Em4D_8`N!UX1L99QFu`vwTkiP@#(>VWNWX)Wnsv%gk{G;Sw
z$nX67c$2Y!8=e!5N<=auj~cFOxec4iKU>J6Zy~>Jxk~f8l7Dl1n_1PPf5iJytqtpF
z6TuSlnLMhK59P@_n`lDNO>j-9cJA(NM3!j6*!To1Letj9vtiaiAvy)za8rIIF}?TE
z>AjC8aUH;$jBny5V+T-)H{(X*8$433S<H5sPqy_s-h{$X<hW>h2{#_aO+7T>a-;Dv
zayIbP&8&I@zWKdWHZTZ6G>{)RlYh2c5iq$<QyoL@)5Fc=4k}cz$sdd+581(*a|iWk
z`cZ|MZjd<M)TXQ!!HPTcCA=TKi7fh^?W7q6)SDo2@zemm8MT($L73Q(e=qs>W%5ry
z6TNHni9rRx4FgmLS^)zFWLRFH#!)I0EzrlTHDawxv?f;zl_j6dUuA7}zKolUDZJfi
z!FToJn+D)q0Y5tWqP_yPZQcj}7Ovx)-%VEa;}`Q%;oKehw`2Vn-Z9L`7G;BXvc%Z5
z7R3PGJixFQsLck#{o_Y*yU~Joz6a<7VU9N+#O-H8zA>lT+6O37VN~xHC~y^eXf*<I
z2y;-ctP|&TNH-4XK0wi(y45h0UrI-L`r;M{O~3Y(sM&qXZCDR*{sdH0ZD0<0mvMtJ
z1ayXZy*0zeZ^}30t;i#LtZ4~DRa8`3!PxjHZa|I95S}M26qFopX>TKRVwunhn)GXt
zc|?MNe+aJ0e%X8r*56^Ecib>#K#`pDEv>l0n8LfeS@vt{;?`iy!kD(q;~n3|d(IJ_
zs)a+3ker=Bq+Vnt-_KKCnI<qFrIfUV)^{{os0sN2Ryy<quO<h(nNwt1%<(G4^rxs<
z7#nE&vVhYytiOM$4ev%HAzxZpz&uMMON$M(=DUrzgJ4Rj`Mc;>skxtw1s1iR#mS!G
zj!ec2RChxszZo>@Tb7wM+b?mN0x4@ZfsnnJ?{1+<H)x_?gi84-R%NC2Iv>}j72JyI
z`EI7z*mfEE&Y>+_jp&yMj{MSFqRQ+Iw_*JpZg>XgXK_Ojf^`XOUq^}GZdxKpI1F)A
zzQzj+ZC%EjjC=>(JjTm>_q>O2lM<cLOP6uu_h?m+c8ra0aRQa!CfC4XyNQzMd`Nb{
zb$nN}7g%{0s9wG48WfqY<*%`+EaQzQAexD)B56AJe1}lk<Y}q9jm8k(Y;4Dkcf-*|
z5Nor8cTQsc@ixkW)CcfUiZ3)R_=b=!(Ua7_;Jm0>(8he@YNe?B_jRV1Y+zm)TO+TG
zbM2|lgN$)_fH@ELzZU1g_d{G95Xx5SIk;Uoy6fnFX_3QV>EGI6aL4)_2LH1jISg*e
zw=h-uUuaWIZbdguVIBSHThw_9?gei)&<Bx@^@HG7=a!hb@q3XQ@(>%!E3o(WptoNn
zwD2;}o!8~=xf$<4i-c)=e@iP<dlE8(-f!q7TK9Gvr8)=kzWb>NR|hHk^M;Ohp)b@|
zsMG^xhC#Wd8|Y_@ZU`-DX%zv>hHji`RU*czaJI6LzJ!!9`!Le+4)jwO$xis5*51}O
zK&z|2go!-+*;U?cGSGj{!C?MQBYpe?^znD34>J1d6><Wsgm^1~^s~%k^5v-5EczPG
zmqdO|9ewaeA15}@mvP8g?LoXr2QLsP9{jgLc9;V9yXRKveFr4VZXgg}#+!1-8u2y*
zL8>pbJKs!(2r~cY>&$`t3T`qkGFx>&EKC!mZrEis;r;aNprxX9PK%8Jc3O}%e1$o2
z65;&Q#wFbFv4Is3C+03=9lf-kfqv1rf_3yC*3)!TNLACo)|{d4P!H3)*W(7`qwui*
z6^Jaj*20Fi1WR^;ymkg}{TbY3yhPcf$nkXR5=7J=Ay6K`+l-Il?M5qZBGTJ&qXlp8
z$F2D(++@6s-kyVOBIFkOSt1}_SYkdJ{kRc;_)+>WKd?lp7J6)o9vA&DlBwK$iD&(2
zS)qIPe;^$<pkH_k&j5!u4M>}@1@Arw!V>k;MJK0}>9JY7?j5+nco;HDG_Z^kjRx9(
zElOPRtnwN)j=aj}(PW^hd^?8@q4HNmUpjg(&Nmb4L(p9RI^Nic^<N_YVq=*F%$Be|
zins2<dZ&SEmuPkiRwL)r8$z<l4c&N=;Pw{d&z7#@O@slAgr1e$J<Us3^KH4k&3KdX
z9*o}?lTgqXo|*z71^w!VseHJU+uyu&HFr1R%0B;;j`bfi(087`#JC@Vpw0gmzU3|;
zfwwZZ&^=6)y^RTvjrm_=HL+R=eF04|K47%8<DEYaWd8s(bhj~Tly_*<0Yvfbx{h0n
z8*%<k1hy^5@zyux+c8G(yZ~U|OgKMCAVDk1=BFUp%I|}^4gCq$vEBunv9^SDbX;l&
z6hLGt8G<kFzJ?orn?SOYtU@bHgh*zFgBy(&5MPI=chBZeP>1i&LL}*jo>Vs$Nb$76
zH^4h&hx%cj2>8`#Ss)9#p&RHXog+2l@6jVV-i-DULiPxq-IuiPXyk9BBfri@zCUy1
z=lIC4;sfZKMg!v-jTU@h5;wky5!G)jW}IuFk9aHHMgLW&R8H6c_b%YgPvE^|hku{#
zEb5ouN`Cqzk4E2=AAr}kUdcD(M)V&pvg{87Y-FFrJJ6F;gv|ZAre7jYCX^>&bN+j}
z*f$zmasCl}C!~u-yJ(2!)&ZbUdkr1mRl|FK0W_j`fjNvr(ETeH^ays(CN8hhqN3<s
zkOs&gcz-wg*hL*;p&@z9b7I!5SIFo7e-L&S;w|V?7j&9h^piQN?A?ei-4Nnd^aqRi
zZb;K`1MJV%M+7Fk)p(F?Yx3dG@ZoG+!8>z%Tk*z^(15;;##X%Z6~Kp0K(@kVycun|
zgc}Epe`3^1P}$~{OG{V5{k@g&{RiL_-GrWi#Q5MO-yKB;EaB#S+Y+?T-v@ANq-rzJ
zb$?+|$GeSIyb=8ma%`gi^klvp@1Do44__wp`5FeMqBX+ox8hAk4-mDhcn|s;tv%m{
zH=_?;)bW;O+(>B7mSuc<{yJ{@GfYi2|698h4SZ?o8XGu-I{e^5I~g;JjJkaZAHRfe
ze+IuUe;eLnpuf~0FA}Y#w-u}>v-oiS8+hA*$Sn@^_8I28`UxZ7j9Ytf(>Pf2ezwk6
z=>;6(-RRq7a;-kh>;rUW8B=?Je10blt7|IZW}4T36U!FSX#5oX-F_Z783RH~utGq5
zFq-QXG1t}ya2w&DUv9yh(3_%V3i-^sqnSMiNmiAq<wtOn1vC0xW+=&{?{2t?ccTwH
z1vzWJL63zN$c?a>ZoxeR_^v5c>#)KED0E{!6rmzuXWVpMOe_V*l;QuFie=BT;m_nx
z;3ngR*ucARlLhv%4?o41;`d;~{36>hzjXr}`M<=DvGHbf<5k?aL`%7DW$A;7+;w0X
zZ<`^!NDm+3_LZd-7{9b72ul7~yO`fHEYH1UevJldxJqF&fSXtF)^6OqoVKe#FZRj;
zj~|3$UW9;s6Vi3%MahN`?>_@6wx}5pj=x3&x%mOy(84I}I~n0&hs<^ZJ*nfJqqx!d
za%?C|X+t55NG;!{Ot|$~uqmFPrlalX$xF0DNA7S6=5}oz9bUq%&(b_)kaTrB-bKV+
zW1uxcBiIziGU4vta0%aRpp)d==)`4Eu<TjJx4w+`oP(^A+t5bJuis-V;XTGI?lSU!
zgYVI)nR2Hw12Eik9^c!KcejI!He{_Gz<Wy9^WgpT2z8*{v4n44!Q0N@R&-Z4z8Rfu
z$J>lQ8;?IbK%R}IKkFdRhT$3Vrs7Y(ppnO)y9m$C_|xO$;i;^5e;eNYCHgLENjyJH
z9uH)_{TuN1<%}<%AP*nPdiN{v?kDNHxY76}0<s5k`w~FgM%q2jo1v4yoZpuph_}0q
zw0jKN8B^eGtwX`YX!W<|+i~+!emQrzc>v_6-_dlDHB4yT*x8()0x_^BQYsUI_D74<
zez`3_Kq!ZPc?CD4{}b!E*HJ$AE+Ec-qUl8VZNUc(eF^M*@59Ydp7jAVKY$yJA8VCx
z9FX!7ZbomtDD{JWsOkCZ=m!^cyghgOmfS<)1Gj?}bsy#U8n5H~j2-v^^yC!YbrSD1
zPT{7O7T78Gb>o}5@m<Efc&Bbm;eE){=^2>sj)0P1%9rx(xdY%?gg$zK@q<g(a5Fjp
z3G+U$KyUyzFEa?DQ9Zwcx1c}L^y|184MXpnE-?`#Iuf5<!Hq;1hZ-XE;Tf4W?=|!l
z+_nsCLeq|DM?;;JFFXw}xt4E7VeTG1w-2uIcC<k5PQqR89;moF3}lI%vv0)PS915m
zkAJG`F&aTu?AsS~$jSG!WK^53$8m(u5VxYgeHteB?i_sjDxo-NYwj+7N7kdsK%aU#
z@$F{x30+?T*7F%%o;%vOB+W6zjfAZ?Ud+N%^x3ENYh=Fp?j_ue8gh5)s3G6Igcfpl
z>PxvhoADO(9l8SF(Pcc`hdz9PEKoE0Kg932F?ZM2-0jVH7kZV7G>ZfH0SGO55I<mS
zDd8sL%`NyoS`)ePeth3xghSMwa69^yi~3UTb!3Jg$wA)p-(>T-f}7D_KdoQOcjN8o
za~Jict7II_gdW3Befl-r{K_)=4NYG{VeWO%4I0&#uHx;emb*(QPsvU0uC4hc(ku^~
zouGScv+pLGeVT9f?dV=T*V{}mnY2HbyC?C&PVz#D5~CnNjP4{)ABnnq_M*OYjiA*o
zpb;{h-Ur0xpLH@#bp3*U1t#&6I-TMd$znC<Ur*m|La$!bbB72FzN*n4(I;~H65tSB
zJ%T#<ZZc2w-@y0sJl<iDeevhaJ>zp6F}4}#Nk;W<TEaUXAjjA*N)y?Ud&3rdbN(58
zQ$EBy9tiQx=kZM|c*g_yrdRQf2QK4QbnQZSh?~)MjSL==>ArM9Cxl18o-dKXeMh5%
z+E3SnAUa>f&tIh2201o$P9w>vCa$ofbO-9bjBhqR2O5T*#;b`_)zArWZ{g_kT}@xQ
ziWbC2ZbrX$K}QGkODN1Qp;r1g{~zFPF~5Y0<Su`KJjq{x|CewR`p`v45V;+FO4nf)
zWRJZVZTlwU8RL34B!&O23wr99noz5b_n<<qUC&>~8_`R;o*w`Zp(zTg`~Yr3zxuR}
zx1ibz+0}c{AL^uW6Z$Oq6!LQIIuv90%L_8@?Ln1%2+jWNf}Zb2zepPA->{69b+R{a
zCe5Kl!`Cn9%jmSejBiH&l%wAypJ_r{LD}+!Ab*AHiSxe=d4dLnPz(t#A!{+d1-O$H
zkgwa|@h2rCR&@#M=#KU&(4oGmojkb`(tzASZvP>dkeJlLyC*R=eu}#QZKvwcUA!Li
zH=-kRNTgJwj-Z>VKQ!FEo8B$ZyALx11^0(;k?Ij2Afxh1tn%OhSjTj5H`<D-16W5}
zr`mwOn^{(sw?g3uQqdMe54&Mjppnn-rxByVI8hVEi3X_OwVUa9Zy`uay%w>K{#47i
zO91C}LfYu;nLWIljDXqw(BcXK9|kR-3=USOd63@yB)yxbcOPNkm`w!-l(YYc7`AS-
zhOlz}5=@d=95yZIAz9Am$hrjs9>lwi7Q6*&hYo1D4F&;&(N6y9rtzwT2O43^`)MxQ
zv{JiME5Q<MpgK#go4+JfSh0x>)4QLbcZ>AyLu_J?XRWh8r2ss(=9|fyhh!X^$(qAN
zt=Kxw%SNW-RFNqre}+PcE=a?`zudSNR(KG*jy4X^^;j&yZxr1YRvYFo=wPO1u9lPu
z#1OOcyJXXqC=X<`e4_?7GK{tZgSw3M2QfzHLHyc5K0T>(z1t47GsJt)Ogo0efS`fH
zIyzJ$FLZ;d<{mgmNO!kJ-8CA>Aw7*qJ-v?fbYAYMWDqWpjEMALKs>-ZpKe<>DQbHG
zf+PhsdZ(a9G>i(hF7fc?EzFey`PAUH0c~j)Hb;Q-(2q#5wn-H05^l@iiFYr_LG3I`
zVJpQ3xSM7%3%|oX{0SzKtB2_ipP_eq=-nW_yBBh|hjAp{Ly&lyAn_hXxXx!1t{d}h
z5jlN311H*eiGeFQ>}6%xJna8>(Cm^#0BIaaYrYL|GKc0@07W5)WSMG1OP4bU;CEF5
zh>g)Wr66>_fnNS=02R3<PKO!{WQJHr|M(P3qbV|DgQc5{fm*m5AeaK@(T{H^;hpGz
zKQ#rZ?SFg&m-A*<qdGgtg3Xcz+c8CL;(z>9iFCNaOY1*J<B{?MS8#*ztsix9@J0ju
z(NmYgFkFTm(rTb*p;W>Ddg{`3_JtQV=#-rQ*^?1H-<Urkovxc`5{0ujF;n$68j+7$
zMP3K^r<I!isg2`yY9484t6tEtj-K5F(7cTW-0o+8_prZrX56>2zqhd@=Z$E8ehEsO
zKmhppDC5^K|Mk8pd}<kj!zoV&DF4M!$6E|=NPC+eLWsq6^p1^$RK1Crw3>;K{a2xm
z^}}TQ+??-j!T4rsZYbrO@vZ0;ohE#~dO^ocM3TFSCJf+d=uaESTf#$zj`te_7;{DG
z=XpDt6XhK=7~?wLjDC}_h|l5%BgC8XcVQiEyUHRBDB(mdt9T6Bf!j-LFyMEeUv9zp
zCO$k+IRDi~mN`2Hnz!>`_fO$BT)~aTC#gr0fu6sxgz>gk&>yt0e_IXR7-WEt3|)-M
zZDO{%Zru1bjE#4-kOAa6n{)R!=U&%*8E-_j{1v<hZEC*^6_9J!+07JTls_#PWk{O!
z$Kk&mW<byb`kQ~*9vcnx^Yc6iA^*g`;)RahnbW!Z12)jEl_)#7YI_qty)7UrzE{7D
zb@T&0Myoat;f)vZ<^{a*=izkS%;IYP>1jRn>;IkR4Bp8=z(#Q|8O8UWUV9Xu0c^c=
zVfB{i+YKRZB1G~7fH&Rw%TstC`V%d8FOi5|xHyHkp^Y?y`IA%J{Jd)!@?6}Le-_`C
zheVxQDGRi@8*f?0P5BeJF}HU+wZSvn_ueJ2l<m5R_r9SUH@rG!oDkVF_8EHaU^B#*
zzjQHVKYs>qGg@cwADqIs<sS`!oKP+LKhk8}G$!;4YyB#2*v5yqbqU{Ue0Bw59NG;1
z8NB<WcrV!}ZOEr;Cc+uhDAm0N5Re&T$;jPJmEHTE%e_l)&fVUO??FAeJ9K>883=bT
zkx4J%eSZZ<a|t)1V2bOrpjgILyzfLe-ifwe!i~n8@vTM+ZZ!V?V5n|81DB-r?&t8<
zb9gVhxf^dqrS9&_coQvBg&{d_-q?u`^x=c~R($^gz5~@Slg-}3C=fZ7?rXsvpppDV
zcBnnW%5Qvv`_;6N7F%)W%e>JNyaqqth!4FYy?Z9!*?HWdboLzXH1tb&ADX<D@4lRS
zu=z^v!RFll=KKoYTfke;WWEjWLi_V=cqe+S8#kk-5bs5;rK|8P#EnqsxG{I|Cftmg
zS0E8X|7BWS<hCEj`(96Ad-Mw4YoKOw{<__`?aNp3t=Dne0KT;wH=wQgcKkXtnZK3~
z@s=OYx8Z%Ly_9dmd%t#lCEt!4^7r9ek-PFNZbZ&iyz>PZ16TrP<z8=nZVB&0tt*$7
zu9cQo@|STddjG{0+*EpQ1-Cwc_n?jK`F4CO`dux58Sg{Q%lWpe-MFD>pm$$fA(R+*
z8e8%HkKoQ%@V)c60jgVVL0{0whH1YByJdL_H=qd^;=4gzGPS(Cj5niSt&!dIoraZs
z8%tM)-aW4iW-J$8!TZo3Y`hF!TyI~XK`omHz~k*WEW;ZZaz6v;)L?uW66S2Ci8XJB
zpFY7e^}pd6+_WNUlajr08*8xJ*p7F8h>V@g=O*Juy!#d0U@QpFFCBfeA@Uwr0_Rgg
zl=m(PkGVYqX?L#&cd(a3*z4cdL+<Ee=u>zPx_$#WkpMQ`cn`X_dnJFlw2U{RkJmwY
zvlBgcgHGVMe`;lA`3i1AAG~-SW8)<tO1Krxmted9_qr}8*ra)yKE>>^FSBXB95s2H
z@VB{<22$P_LSnp5GNl3BIEXtR#*N1Od1DFRXl!9kuHt>@gE#0jjq6V@=(rJ_P|3OZ
zj=Y{PtpJ5=&z)|DSu`5xeG58o@gMX0wQJ<JSGhwL^UP6Q%*cYjbOWWa`R@GE@?{DQ
zUPWXN`i7zBuTdQUK^CqCApgE9WXg@`>zkHw!xG;9>@wbiK6F73^Or6GpqBv9*Oqg4
zHs@Dz`<t)fThU)E5NZd(rmbjiH{OT-QVXx<mvZ+&WY@VV+-BT}H^1$Q1{{&rkb7{W
zPJ?289_j56DD=k-nufG*{ksSh@@=d5FPI}!&WOo!V1Av&1bvH~#>~O|9r$R7H&;at
zJZwD1{(g)QoCP9)G=#YEJieV~$3yiH-(j@iwi9^cBHoRjT*mu*@orQna`yaoy4gyg
zjoHmYVK^}ckIIiRPhq?lS&(ZNGX1`pi-}EFXdu0TUbq-4nOvi!dAr!(Tex!y=(uQ5
zUU>=MMGiz8?|u`$rG}4zA^#Q#C!l#H@DRT77cn+2vw8B&?O!2(OOW-DFx2fKK3c>1
z0B<yYn#Ru>KTTZ=e+P0;>4YPv8njlfNJ9<RX~H&qi?JOapT>>G<HlvY%|L&uEw>OM
znpP4;n^*9FfhKi)W(E)R<1=UQQFQkJK5`zPn8G`|aa$+8<u1I<=mM@0$}D~X-)f+}
ztTJb#fsR}T9%L)n&^KKLHgwkseD{-hKdO@hqjnS2W!x9yt^HubB1HCX80NNivbH~b
zTE`EDco$mAh4@Btzl0mmJ94bfm+=i)z`Y^fcL@@1?qVUTG&F3}R9hQvMBjePGB3$S
z$W+T)@g}2$yNwpSKg64UMp3DtmKDf|(M+A`(HAux>XKc9qxl}v<^;ay0o-7mIFAn!
zPJ?DXKV<0m^&i4J4fJ_^c{_|_H`T(FfZ_P<3p#H63fDl~XuK03^I%9Q<W2+qvYsD+
zbV1!V?wz59TRVX*-?fBy8ef25uc2<-UBbOn_*O8x5SHjB)Swff59;{!Fy13mG}R_Z
zNDY@)19`JCL_T@n1GwV^-gZCuo^;T#uZ|FeIzmGCh4}7E<a3|CaEV}ZH{NF4hmTRu
z^(7+lUe$6N@Kw@e%T++0oyH3c0N((<RX5N}7uMP+cNpj!x{hx_KYyWJ?3hm>9aixF
zd3pu6qp#@$xM`Y3!;wz^=`HKqeY1Fnfqs~S^nlxz0L(on@V*D|{UPo+L#O@}zTeRC
zLnm-Y{|SPM_wmVhT#A7reuoy80c=f14R1rAyRZzy>m~c=Rus15W5_SzUUc&mO;%|1
z;$!d^nUeE=&Oq(U;4YjqbbOTj?Z%MG5(V8f!zyYVfThhDC}@Yiax|A(4nY21U{rP*
z!wmGlO%~)m7xWO{f&OnD;PoHrBE<81-eI7>(Fr%P43LK({z?bw=Y1Etp$^aYbO@_K
zzozRvfkT6lzYpu^OK%amtasJ$R`g%d0B%8Fc}u(ei57_rZbh#k@B;bag{3%_eEI2h
zV96(P1WUg9bR0_>4D`*XyP4jz26W*b^j-Zj-gzRwj2qF<K20BxgJH)ReDhm@CfvcA
zZ~P1>ayJ?;(U7_qXtLDQ#>NVP?SIlKsqEEq8*V_GSID1sSlb&=sl<LJt8Sq0YRj+@
zbpyS;<`nlE=qoVAPl+k+M_<lSm&reTTF)5M6h46dAgAM<gb<^DzK{>$liR=-ofX2}
z$(?$11ARXl$Sw2TxDCB6r{fm%4^OwJjf&9IHuOvmJSr~Zoxf^)j(7CWYtE?6KtF`7
zy(G4F8~SIRf^H)!Tq1uc=r(fDZ6u(BGU7}8L$9vqL!SrGeF0|idic<1a{z_+T%5u?
zTX<i;5YeMM(3kWOxAo!{^vZ=*CjS+k7T49M0Os4!N1qO%&c_VC1O0Ih@-6)g)F_3s
zwFU2bfWLeP`oo+ave@wVU(n;R;Ljn#;{E==3l?v|cmBVIf+yL!ANv+#>)P~)$GQDE
zBYf@^I8)ot;G1b7Q_7DG$7&&>t;^sJfQ=Ka7z*N|`{1-L<)`qrn{dNTOcwbVZfphV
zoJexi4)ZK96}O<N0V3}Vki&Rt2{*jh($Yc>&l};r*OQmH<&H*#U&Rf^A1a*><J*ia
zpr@X{g6}bQ;-jcOfNw(^$(h&(3Azc!+|!L)2pzf?Z_{zZo5jmaTe9gAP+%hc5#oC2
zKHPl(A3A}%9sr}!JxuI;0|84re!~Dh+zme*V9v0RT>KVt;_pL;U^;_K7^C}F@EeR)
zeD?ruxF6p=Nd5(ZY6!eb_6&$}TjcLiDvy!NJK0ab(Z0D2-;2zFCFZw%x6z6l@5h@7
zGcksBbT-?4ycOL^Nb&D#?QQrrbRP0A&qIV;Hw#OAvlMZLj8{Q#4xxI8*^JNt-V0fZ
z>92z{P`4Xwz=%MT{MDIqU&pt-Bz*%|#y9J@iwT-+VvSJEP>1|1Q*C%F`q;%btfOy{
z8@d}mbP-I<`L9d=F2klAtxwdew%I#t7v{8rSE<%QyJ(gj*Vat4T3<Bh&Cr{(U3TZ1
zf!R9>H3ZB8dB=3UB5yh;9?jSxeNgt?nKt;xaYLyO$8|!-Dmza)?o9M{AI;EUnx=0T
zYX#dZ)Wcbie><#I%eHBD9n*X}sFg#LY*y2?D&+g4^+mI{eyZjcLdSFI0O%9)YPDn@
zg47L%P55(&{#<jbPGPQWn?sgAr;XP877ONh=vDhe+qXzRnmcWlgIT8(CO<)k$UgvM
zQN96vvZo8N&y#27k%CvQRa~>fgyEX(6Q}L4Ck*|rlXl6fl|yZ`ZuSrNj`f|Az&C5T
z#WH-`Dt6F6o%Bx^{d0)^In4U(cb%};D$Lr&hiXnablgBITA|gU`F2?IUDJ)0&~b~l
z%cnaIV(f%9-RFjWU9<^o9~RH{r7@j!e7g`j^Y(;<FLP!P`nFXevzTJjD0pVUE83=2
zw5p`N)YJ-X8PPaCcvaigg4(oKDg|~JsQ7T`ur{|~`7?oLj@Hd#&$Y)xzg7q}t6cU9
zrJ7q{lj-yQQ+8OG0Ej?$zwLL&V;>5w8MDZTADFgV6k{rSg<8cHxErlM**2OL)ZKzP
zW4mU_aT5^fDLYosHy^!CAXhFiL?a#a`M#&T5r)1qT?>^5bLOeCw=ix$QM28G-RBl5
zfD4}KR?C*-7VL6)-tq%&v_5XT#WC0%>|FwAZ~Af5>^d%e#_T-8GMUirDt4o-o$nbM
zG>3XdNBf6Qo5Ld~`=r-~tZLP9XNKvHpQe~(R_scl%5h`xkU8ynWpmnby{cLCTw5Eh
zPryQ*w!{9=uE4S^n6ABGM-yb*-Cj(7Z9KI6kOI-2HZ8F<m7*Qn)W-zAbaWKTUce?Z
z+A}uZXFfDI(tAcs>`dQzb9|y_qAwbOwO|GX%Oywz6mih==4w@Kw0_p|N2VXQ3uGsr
z?ln(3fi+#WDf~Eg5Y+WU(<Z}|p*dPN$NMJCvA$Ei!xMs_iY-Pz?RtD2Y-!c!`Obk!
z4E9g-jr9zg<GnqDJ!9th#QDKKm0r+xeM9{dY_8*dZ=CEK?(H-CC;EoiY)9*pt^=Fz
zl<!qed49!;#z9B#(YYqb-C4U3dVawwm(5c>;}g9-gM$Q&=SId(j*Bj;zFl$_wMx|t
zYSTf%cd7|QJamjtFtnz%(fUcJ5SqjGVkj`^IHAi{Va{=9C<e{@whXPJt&v@A&Mg!v
zi3~Ex?BR4O&p|NYIW91KWX|-on6?5N23EEM2^HB&Fqn8nn<4~IRGBiykC~(VJUmo%
zf-1pCg>oG^Bz=P%0rR#W5Li>~p*HUX4xe~fHACMb4PwU(`-E1ln*=J-p|{!&Im`!C
zDbtyc*86<lJZJf?f)!+B3r;bdO&-!fl%-aLqvnfE_y^a^Se9rMN9~Fet!$BCLZ>!b
zClKx_7JWMi#w>Tn)*LqoEtl{EWh)3Mrk@%dITzvh_(adxggG&Crf*mqtq*$cjM)>6
z2hNkWnZUrq$F&l`N&~uYg%<hdkR8r?#SxDEbV&17xn`S{S`eDkwrTN&A%vDvW3v0k
z%TB@8f?2Cdz}Pe1+uzT+iMC|l@JW^6RL#Jwg(b7&h&gR*mRp$he6wu3GXm6Ml@Q7F
z#a7TpJ~k^biy-~2;0e<qM@GRmeY<LlMV>d=_dR*`^L#f4PKBWBoLx5yo*R;_3KQ!Y
zKCjXvaw18G5#MJgZSqH}`rdTeu9)-?XBzU*nwIEgQJUC8Wv?*D!3>80J@&$?S+wD3
zm&tqo(CA=)Z~ugOa-?^1sBd_JVFZP_eAWT9OhU~2-O%={z8%^=WeA|ZlOvN44fdID
zoE(|xI~k|96fP{07~3<$-jH4K{JIwU1hS4>@-!k`y7poSSXOh~u&dMLG?lW=(~fKT
zb-v^22nlI31L-=1>-%68+Y6dS_z8tDNi4W;7iyGx_;$r|+=#IrJeD|<=_%hgG%|MH
z>>C>!8Kb|5?Ia!i^MWl)A%0Ptf>pK%aO-7TIm7+A1UFys%#u^KCC2?>D}W;`utO^h
zea5pT*g(?^7`Cf|!F-&7gVQ*R^@lMXCTH-X8FAjEspE#`@gs-3x{e(`oZ$BepEGUy
zL9~Hu(gp?*r|8wD%Y06wbqXhbK97gK*;}?PKgQ$1pcqDx`6=X<OrQLv0*@y89A~_g
z%)J19CnT||ZO<_Yj-o5Dz+#Moj`ezOXgO{$!NrWhj$>x%*Cl2c1|xUZD_{f6u*|J8
z=1nlG(!naeO-9qVSg@<4iy<p4%-TVcH!pZKH`E-mS6!<tn1qf5P6Hr)+bS~Y$QP6!
zh;6@1q+2U=rpq?nH$klum<JclMRPtd4{Ei*CP!?6Y#fQQsOL=I@Wj}8!A3?@y-@S*
z#R5Gql1s`MK1MysrcWNHLZ;F<S3}u^w2ct8jYKE1@f7Br62QK*eZYCj+<K)-sOW-i
z&6S-Xl<7P0=5{3gNXtF#)!bqLfYZ!^2Py)~_pQ2EPhgwJY^zx3lvE+bbR-gF#q-{g
z;R)6bc+_a)5J8;vKV~_B-Q&*yQ2O0@tLzlDib;-mjUJVx;rS`^p`Mds{G-75(T!H{
z%((^6E!Qo7h9Xr2Sx$y2>!2_JaqdO%bREY5I>0qE@<|U1Af6SAB16Dg+;K8ccUqjl
zi;Cb^uw2h|3If5?sn(GgDHS>cColmZfN6`0v`Ohgk#YA0%XK|qW(uA=ACte*)hL85
zV-2&|Ta#=pFR;xD-S(<dD8?uPZxhjr)wop3A4Z%+PcS)g>KIi@NIgziGZTy?P0SJs
zKxs(yUgtySC;H4Y{lh1<LLE+*N`>)~l(5)E(1!$}RUr6YU0rW8T`QFc0;s1483_=g
zta%A=3FbSjnuIXIw>vf8^Fp&w@*@tObU6;Pha?4;%xSAI7fDVF0?=#~m?)@9yfTAq
zR_kV1sj@At&04{12mIS9eV4L?8XULc&@(~d;do}j^SxT=xOSikVpN1>CkX#gJ+uQ5
zG3i?MxW#cwtw0%7sd|2R(hEboIOG*;gvQm}T3{DD6USHb$RDi_I)OTG+bx=vNZSTS
zv)OrA8?DpsPueB(AuBo@CEmMiYePK)BV*=J|M19|40d)f4o8?Q>pqj?qHF0C0xI{5
zFH0{=2cyc+s;oukb`WQZtS88(PaP8VPR>A;NaxHRSZ`T(m)Ub?2jx2{>9Z@<ux`Rh
zlH`0OE`^^!lv}1WnWGBu4+~ac22Yp)h*O-iE0w(kg{_=}!LS<;86)CNF^hbcfgea0
z<uu00-d30<0aq0i1W1I4Xkn$w4)jQ25rAqjLny0&m{T|D78Wv6-*E59$^PNfN%Bf~
z14)Y!R?Sk`nhCU`O}~@I9>!0KIbeRNsFsveWsN&I8OmP4DzjOIRg*E?-s-0g(^DtO
zUBrhZB`kX_ok(Y=EWMD^-E{34)0?+_vgks(@+<HO!70irXQqDZbBle6W0=u8N{s24
zX3E~QRfYjN1<kEh%!=bCm!;oz!Zmdl9bM7v<Ln|Qx@UU^C;MWG#x?oSNbHJ`Ug$24
zbVbx&+JpQZ>HNurdk2F%=i+6JAUj%%&WsZV8b8gs)Suj7Yto>@vSgwVhhD2()*R5S
zMeHUK0yM%%69%C}Ty-ik!)ZI5@TwIr2qT;bxE#aBDlv_dE*x}&1obJ|smj}W&WwZ=
zSy@jI%vRL!^mwB^lTk#Ur@It5tfF1E!!-fZd03dp;_Qt)bk+@7dX?lbEKHJz8tqFu
z8w*~MQUW-8L)$;)xK1z|;aROzau&rcWo~Mk<<EeG?oCr3g(0F<E>l|z>z}eG0(69M
z5*|CrTSxLaBR^EBY8I@*tZi1ks7rgXT6PK!Uqg9ka?OubF#{@?MhpeP-)z}?HT{@u
zsmnZkJ5By|(<I-w+(>7gPB#w`5h+GBWzHte#yOWX8m(&RIGSKY#HZ$&_EJ&mfwjvH
zA`PcRLOBoJw^%UGl2_x_seniiLLj45ByilBvTZt%E=?P)57!7kWA?kFMAYdi78A3N
z$O8S|Sj`Qcip{wKp*rlD=uyr&Ny$U8Xtd5Sc1==bf}&9ZPiP4ZSx0Bw=AdjW5JS9a
zGayW|c6xZSt+(T7TgSon&i0PB&V!vD2RphBw(TFYi){~EA$xG3qvNi&1C_Am+9zgg
z*Y=%4+kuMZ7iLc^9y@a2$f33aGi?V(y4ntu7JREZ-*%uh+TSZ?3nutN&G!jWk(s!8
zi3MN+gly`b1ALQ@g=x+#(MbtXnQ61)&_CDvaL*VOo0#r~D{t3499O~1!LFkT-3`O^
zwM8d|sr75F?fY3YQrgvnhfRxV4j4%ft1xAaYAu++?@lw_Y0-ujCErdcGYN15*Qr)*
z&TUML_4N#aDu{9%RI?cQCe#W+C;8`4!a~Q{gj4-v;}eoiQqmGc<B<*}D#?TRN@gv)
zLBMP~J2L<bng;S7nT8|t!jhCJivY1@@M>YT7IOWXq&=|s4zJePxe=r*6PzFt9m(Du
zw5@r2jH<5ZZQuzaD5dK11+TzKP*AHd#HI%dkp@$cIuZpX_D<2NNyeyb=IKye)e2(2
zB0vltHf_!sFjy5Ci#XWRKfH<!w`)xaQ1G10y~YYc6U+jpQ<OMEPZpsP2XN%;Q4uF?
z(z!ua(hPQVYM_Ai>ymOl-PpuglY-|4q4}gOq>I%Kvg4AHXf9>MP6hOpzFlI1W~3f=
zg{+hm3{>X<t{kH*f;gnY5r5EgXU_SaJ42l(Kpge$aNa5>Xl9+z5G{BDI8DoO14)h&
zBdA4u7uC}w41xl;<CZ~2Eq!_*rhY!uDrTju1s!BNsSF>PyrO(dIBBgyT#u6-%8nYQ
zUScA=dB*h?+=nfRZKS;V8hSz1CPDs{HL|NRPbS&Vgw+ZPj>EWwVXG4JjFDYZQng-@
z-ENN3$dd0>Bpiy^O=dNMF(|BtsYnwOo;PH<bzqPJIv97_3~JM%Z%MXOu?L0wl?O)b
zFaS4}>A)-3!f1~!%-TMoQm1^Y!jB_wTHb>5F)T=@uZ6M~)O>0A6>2ZLEBOKWE%G*@
zZaEyA9QTQuBYAweLftlFhgILJrmY#>UtFhix^Kc9?|-C^?2j3?KcF!eD^m%zq@ptq
zD|bhfyQ9k8F|n(egxXVNs>Lz8#66HywSE@Pb{))SU4+r^Sca<094~tdn%O@BI@%gj
z?*cDpa_2RP@(^$_laskHE9~)u9UT%oTC$w7Vi}j6EM>;9TCaFT(_XX-rmQ0y>^h<q
zJafVFE46ACGc8+8sRa-GS~xE-N*A6}C82VYT$tjzNwyqr2#N*Mal>@|*Aq3X?5Zkn
za33)p7tC=sXuFe&*_gDR;((cSmf-8Ejn+rT&A_etjvJQNCXAiOlZF>KPv&i(5aUAG
zwtVKeVh-C2=bUhM)C)%3a=nKL%bfcl&qiebs&P9!OO2x50+Fn!E>*I)2#!rFm{s2^
zIc3|Meq6x4;<$ns4t5+$;X5Q=vQ+jw-z+-wPB9`X;6WHM0#0CtevK<H2m5=*ncc2x
zIX-huV7C5@tvk;T8$mHof?52GU0?A0A}5*lf(d$rs^zCxI>#UalQvzaEjD7GN9*Rq
z`O!YYGl07#2NrmgNN7E`Pz*Y?inYjW%w*ew{n&Pkk`&ZGZjSZ!oIJ0kTdX6m5cM1>
z+Cjk&>`>;HR>822G<6=?q;a1diwJ~-rdokG5wtnSWi00Kh%ouawA|Dsl1wtN=50!u
zq$4vDU`Fc`WZ(6>B~O*k&so0YR#E|!E-DrdD<}}E?%RP^o(EL`qmN@wVYb(+kkQL~
z88Asw-6~v>tiT1m1z9z=8<=G41f+9VCJLuOJ{ADP^xtZIQ8T@&^+at=)!gwoT~(af
z;9CXe`w}B(M0}xcWL){*`|t=?M7z^u>s7pBy3<NJaRh5Ec%lc9J>j9TzMeC%kl=F%
z=t?(cWXKN^zsNqw1<x&-UV&;CBuQb;uBVR!2(+qeRFwQN2S#$<2vQVA?y~C3A-Hi$
zD*eIZF^`kjZb@<HgtMA?DA|jaAgulFL*Oa}yKqL?g=&-n-Ebu-;DHf}q@hlAky6|%
z$bnxg$%;~76=n)r#VmRSEeM<^ZOfmLhB2QoTbk4L&{hpMgNM2@MEN=HTb1q-wVDd$
zXf$tSRhZ^F;%R!#Ntcj<xy()}-`6E8MMmoka&#vIiUo$kaB|{Q$B~EnWW$)cFbXY{
zcq~w&F<F_Mu_vR0axke>q7)$ocf+*|dR&B!(Vk#cuV@IN>4|jXs|!V(Q3@@G$(V3Y
zl{wKO%QP=K2*;Sy9%1Suy*a^kh58B!r{aW(Z-g1%9^4oyqrpkLtQbdCXZ<-Ij^a)e
z9>WS11s08-sX1<V<Pf-Bl0`dX*MpG^NAsB&-7DB-{&nFtI9eaFE9MY22FQ9(rjC~6
z-Fbycnlmfb<BF<a%&z)&V7npbH&&BMJ7r84x-$_CLpun-d?qF~;>(_LAQklup3;IR
zxVx{tSTLpCkruBY8xom0+YU!m&cIx!eBCJ%>hzuGQW2246wOh_O|$$NvuXu_T{Odm
zNWV0f;npBaOzxcPEx3$h1ew;YRS3gm7eXQ0WSd?(4kg)dIEN|K?jHd%s_a*q!h@0Q
z{^8TBdi25|xyhVaO`ISapH(rf1<MJ6Ypqy|TFJITB4vkFb3P&fif(+)B;V%tj9#l6
z5dQyUWY|xvb&Rj2i=Aazj;o9n&p*OE$xPrp-=LYSH0@6Qa2CbyO2Zz~FJl#x#@6V#
z6P8Hw0~K{B<1c8<Dc_dvhP`kdob%E6zK@h_bXuuuWTuhuWX3?oRZ4h6*{{_png_dz
z34TAWwUkYt%tRIGp2y2#PA;{h_K%o^-7rIq8e-KT02ot=K-4VO$oI%e&%E_PheO!7
zgtwS5<_VFe8u}Wz(olI%_4ABa@nKnYsKjWFo<H3;Y>xF!OpXmJ5gRlXhk8~7k^)r1
z396H!*iiONFq|q|CyIFBCe~CzzUBs2N%D`a);ZH(F@v&4n1Aq}>6C$&5yAoAr&{L7
z4mcN40ng|51jnt`z;NN)Pt?{r+Zl=TRIv@D5r=>oG#f>edDNt7btI=!**%m99KjQ&
z6$B=z@)&cY1fk9;zT<-jxdB~>tYbDIP!24IU1SoRU^RvLf?pgFeEF*Wkkrnd;teSz
zVpX6fN8n)J@ac(%)AZr0GqALfq34+u%dM033MBET8u~G<YY;b<1<|27&Len0Nhz!4
z2Zy<2wU(Z<>VdgCYDjqS6ysxoDzK=+hO9(jhqWqSvno9Zt%_|bwu3-1jz0v(?NQ$=
z1e|68$%+{1!2}}>s;;WN4z)v9N1C!TS`}v8OxoY(Gp+HnRxnG5Srltj@Z5qG%3&>(
z|0IWY5dT?`pQ1Qpvj1E!1YcsiNP1@xOhA1E)2aq#g76?%uTxeK5}|=BqM~q2)e1JR
zu!wW!bS-2Q*mAvamIz8}OmJK$E1yLK8nJK|D!t0n<eU~I9<lJ|j)SrLj@bR-*!_{%
z{n6O{vDp1_EvQX%QlNNHo0Bf^gLd(>4a|?^`LhaA9gSjXBkx1m?(5rCUy+29nw_M_
zlcLOJ-UzEnZESj-G4OT9z}MLsyYGtKA7aABm@P{i{AmohoyRl5(~%P3xlXToVfX=*
znkkqIR$$sL0YQ;R^{An|WOF8tJV`36dJ9SMmMIlouuf#=dkB^2{?wrVY*jpS-Uj<>
z6vdh9qn@eNS6tt?Es5J@)l3nwweIRtYyss`S|3b$m29;WLf&Q>BI-eCS7hc^l3u~9
zgb{wgaft%4(?-!nBu!t6e@Ch|4%jYgrxaYOX$!+!&p4sm<T!}8i4Y`_Xn=fX$o6OK
zvr6<c&#`cv;Tc4*(SE7hL539|i<N_OF*Sadh+`6lhJMZFwhCb}8<V_YsD0@n&ntt0
zY0wk<iHpLD@l^75A>8Ri&uMjrhr8Bv*-Qu;z_`b{IR<fL1xcS+t%Khgqp+$TR9gr_
zp9d^UL3C7v1vO4&A_m?rAvO+=oaCAT(is;YU;%;xIE7}$U6|*r^4zH9^OKV@R8jbx
zJFQTP`55QJ!`Nda_DH7`j5=#uMc?xxPov0*P=4iDEJz?D5ylz2F6m;q;etr5GSyJ|
z=Q&e}B3AQp$nGNr&x8OV9#RI*ei7R`)+YkXqR`uTbVVX0OlF{zF~Y$ga4OC<$b?gd
zu>Y#>6|`X1^TW298#ptrU6fMj(6^~PI$G!XB}$a+fRGU+NRy&2T3tB_B3jHA1uPmR
zN)@W;rtwO`-<k<fG;FA1nYF+!YAQxStbOFpP%g<kUgX(X-2;jVKB33PM-MIVY*03j
z(CSHRO@ywsws|^B%mai2+gI#OeD8wuypnDp{(<cCe=f~kso<H^jn17`Xkl12eWx&6
z;I=d_;4{;Mn(Qa?IRV6u0^0_Un8BP=RRW430z0gljtsM8XbcE@)4pxZWjk9Bduyvw
zWA3=CdO06X>i?LL@*%4*M+qm5Y>^c<WRJ)u6&9g7<Q1KgV;3WXn(8e?ku|1<Szy7O
z-n8l4rGgu-t+YJI46bXSo9tGu#MPR%8~Sw`;A%!>sCQ&&w5NAMc8!h;AW@2xqF`9F
zkF_pI=L;`^15nLz!((Qs)xy%T7%YThl(3fcI20n6<C@`YEUknV%aRk5w^q~b$x#xp
zcn@2_DW-f)dT`3rq+*3W1VoiXr&_K9nTV1`ob4MM?;ja9Pxg=X^-lDk?PIiAj!B5;
zqDZQ^<CvfDdKsq#A+TX|_F{o%hcJPzPuEJC8Nk2sd<p3`z0jtC+tXm#EZZ*dm-Ciy
zdOVR1^-5FRBZ20@x+*dl{2~-UX-uY9&|Hi9zkx^?d6?3aI8m7XoFtQppJW$~wIaa|
zCY>KvQNJj3Jgidhn=E-Fk>DVq1eX}7=@R*_h$o<n$(?#)rf#}lVv5f>lQ5{7II#<}
zmM;>Y$U#T(?U<rg=O2pe0#lQLNt+?!XyWl3LT@ozm+Y3qJ!7ZGrB-bE5{DJz(xtOO
zTJg1|Sn4*!b~BBMr(SbPKzAsa!cu(Y$NPsy2m4|Mv80m;kqg$wBqefWjw*s_40vI-
z=FUZ$<{4YkEWp7MPufLOJSf=JKYX%pcw(?`d_3K@BiPfp7fiOZll&sr6iS+wc?DSp
zI}WBe55QLUZ7Z~+TrQ_Pe?qw0@qBHg^oB^hCkZ!I0DCO=0jm1;JmH4~)dLk4p;<tl
zgkgtz0mNk+>g^4S#Lxm*LvgS~k<{Ka72UYL^H`+pbisE_;?U1HO0E)!q>?=t<ECz}
z0Blytw{1vS1m7U%>qul`myOHO{v4(LPr$*jpi;OlP~;X0cZgLKke##ZJoNTSvlxWn
z;H_A%nPs`e<sg}qM=rS3(X#-Hs8y)SLFRd~6_yoCv3kfO9k;_?s}}RtW_f2SG!%xw
zo63ZNBgGL=;X0OjBAIy2G`&*EB$JEztH;G^=@b`k)!b8vdUG&dZ#s5z%50L9ha|;(
zD(C+L%pm6vQw&pT6ll|Sz?1O+$sn}cQ~*tdH%WtCwH#kb-~>N}nls~izD*M!`9UZg
z%2JS0xWh()vgCL>XIpb)c1gwuN`9!TRp?tOCI(QNTNNpvOTx<MGB-ITxL)>|lP#kZ
zvWo07FUxe9IqF#AJ(=b+ttuFN<>;M^ptO=4R6pL^GdwJIXtgdQ6pNeY;+Z=gv4HBf
z1%+6&X(MB#lrc2s+t(8??>^AL&Dr(9lk7*sBXZiTbW>T(Q;Hws+*OK5Ux7JOfJ~+*
z6@|0#wq%x0;NQ|iVxlF4Bxgj(VmId51cyOSX_-^V;HXsX`rwh|(PH~PJw2JOZ8WJF
zHDehYX)@AmwXyoqbeJAZ3WswGDHd+#{#)eEzdTA!<dFcbzo@WjCC4o);(jddL=xB)
zo{CR8QU;O^G(trc!-uLp;n{H%PMX=HLu;CyPh*Oia*h*MNCV`$w$G#Foq5}hJ1chr
z4T2mK{B?R#)ZC(7a$F+QkyCT+08dGLkF7J0(S|g?ZjhOslO<x~aXyjmg0X{@G8?HA
z(Ci|zM;diYtk(GnrMPaUWDS%Bmnf~myvccU#Sc?XWeKKxaH;~YfRf1^23g7$GpH42
z6KWKNp<T@tvrE+?Cg~H6W&sLSDMP>=Q+P3>g~l`n6l46j43Q4=<7pbM(6@qF<^yV$
zt&oPm@+4u*w`q=f?Tdq-dRoE9nd-=uwSlqhl-c-nI5k0P*I}T9y(1_4CWreclq@4k
zo&~{12-iHG?0^hs5@Kok+#=0#KCOmJXC%Y{mxDAjn$UDA0aI~Ti*ZYevs@*=w5?FM
zIkx2^kP%u?4Ku`BlcmzuOs`y2{m)jzy5k8S6Y7jLT@MxIfn>xWw~3qpbJ+&^D52t^
zj>E?~Iu1n<Q=CKVBdkuKF^4PBrP<LbU3W>>hd2vy(k=rF0cW7>Dw>-7kj@jh041%x
zsfG|sjJ8#=ArGxkxlsp(7-FoRa%V1f-i+2kGA)FxQ`z$*=Ab5<3Fc*eD|Psydr;9e
z^#rD(d!Cal3lJho)e%|+Vtt}i4W?7f6tt7MYY1#=)uOETF*^@S*GE=yYRvL5oQux?
zInz88T}mAvi7t;um&Y_nI7;KzSP(Tq3sAmUa9(h?%hPr^s#vb((le71uB%T<wa=}e
z2cxi=Xz%ieUCGZgPj!l*Qh*zrl!K0I#{}+?c!~~@$!)FV&wX+75n(*xPfg3`411te
zs*xg>jD*PK!&2ISj%1!#v+TJuu?VCZcqA~oPKkbniRzDg(~pDU%D11WIX=NY)rpwv
z=Tih9u1E_jRauLlePqy(aS>W~+75@Q+{Dt&^YBxat%UAAvsSH>IdNOrnySfTN$yhe
zFU?B!<kl)gN;cQ$Fe7J4qKU9X5-iJ)C16b?EdxVunI^Nc78SCg<Pu>tgyuV>f2yh3
zIFrs^nSPmZ>|;?9jFE;_Oe83xIV6N;NcM?fo(g0e_L1?ac_HKzQbG`Vbn#=Dib-bC
z3uT#?u*Gp@sKNt?43gpmN!OxgT2YQBG;xYo2`mqA+L{%HzNt$1Qe6FD$3bm@X&Pp2
ztEdTmH0&!*^udd!r&^70V^H{ck;z5A=hNU^%%vf|IVM)izqtyNC@qu1f6XPTS<K5>
zK~^>HNqN-VX-JEzI-#AmBLQ31$z_|~j!2n2=9xx8V(_W*B$WAfHMA(oAP-(8qxFZZ
zfF0N}<OYQ=*<eQ(Qv;`D4+v=VmpA>m<<GEHRD_RM>V_ynoT~+tSX9U_pO)5cy?Xdn
zycZK`q&cs{Y@!*w4tLr}t7sxTa-&HMj||6*nCS^QAemTQQ&Kv!Z2fX>3PspjMcL0N
zqAF!7>Acrz*NkNzoQUPogS7IllufS`FQ^cUgn+<VMVL^Nex&9}m|I}kg&=XN<`$hw
zEawLmDy@oXIZT-2HEJMjjHIOm^=-(!O&ri=P%<&zHv!c{czps%*C+dTD~W(?pA%u=
zql3`bJWefW2Tnju+i4jA3CfQMkMv_{X%JumgYnul90Fn0toR-!5a-7FBVRpArL1|&
zDNEXvjASD))Oe;g)rW*9{iE#0Y1neZYTklWmuUD5oV})^Q&?wiX3{U%6y?;GJh+Fk
zovfzQun2UdpIg0%%kW6d?w6IAj;8M*k|j&fY6U?oNo#ryE;&VSJT66mSoU$71Jx&=
z)tLnlI7PLYRafvR^Gp+qI9fk#hvRk_W#G-wKhbnuQS<^0B@3c@MwUNAX+SJPTtrGv
zGuAaqAx+JP@swRL9U|k)y_#RJwEzNxAi&X+{iZ<yq#9aily<gqAf~D9(h6nUa-o)y
zsKi8TmN2GR%{?fu&|qiMgh-h@hPoQCVoJ@RD45F%Lb9i&C|#Z-rdp3Fg8305=@=^9
zJt4+#$3#l0x{)3C{xOwEph&ueyTi)e5#{cva(9dha>6D@jiMurM~|O)+3B{jGGV&*
zLTY@v#8U=}eDAoSdF05^uC7DJ4=Dyj)j4~WkjC`nL6IUW?hKMt+q0SmN*q!Y6C6r$
z3sT5}+0mJ4lj|EAoj9MOcF2^?jwNOc!E#R7)~fN$F>LElct`uR?5GLm4@HUMg@R5|
zc(HJzHJJ@Xx=5rc7EE)`Y32+)GI%l>n@SeqtnE9cI(6rpkR6&+NJ<=1nI4C+WaM$O
zOha$tNg^cPA1qa|q&>o`i%5%Jfi_QKe311Z6v-}aW=}Dvm@+2CUtG=)B4q|nvw0}q
z&rC_7a^fHmF#QmhOV!Nnl0XrwNTZ&W32B!K-3z`|wR{l&;yEMfQC_w}$L(NQ<qB5F
zO+6weEs(=iDK{2yfN2FUQZm7d6FsLBu5B5~@znE}%}W*JB7s4~+<~_#6ikUsNrOjN
z&X3rZk<5_=&ve0dpG@`}uQNkSPsJP*BAprI&!4Dyz^^BaeUi|pq$Y=AEY(_=+z)bE
zda_<syJ$KoxuZlCBc6|m)|2px0Dd7b5T-rm=s1^1k5l#SdB>}<kWN!JaH$Sw=^3gA
zyN<7t=rbjyXN<CQouWAG4`p<hom5vbU{$J=H;k43n=>UZ&PZFQumy?Ssu8MG%e7!l
zkzbf22}q^looi1)Se}x(<CF}aP@8V8?4U>D4ttqR#eiuFPbyzIMM2JFW3tRgc~#pb
z$R)7706b$Q(q%+%o>cRQ$$2m`%GIjzlNp&*g~PiPbCd2guu2KsXz5fBXzF&92;CT#
zJv`(DY4e#}6%*Ogs*S9HOvga8T=9z2Rx#ZZgo(I;R(8FB7k^Tc1*n!Wa0M@_q)537
zW4OkR|Fm4JT1k&3iBIzfmCK6A_FUHvLLhgAn$P`bD;AL?g0#ZMRZtfQ@=&Uk%kptQ
z&z#cPR8#DNimP$xRO~0A5-j8p819>zAlq9i!<1bQY(h#5Czo6+gJ)nc4{9%}->=po
z=-CWC)vp;g+z51Pm1Dub**p1IJd%ed!&7Z@c8v8;VcgUF^I70ZrD}%L8Z87UI~{>v
zpQyat;}&IgRhq^=N+BDe%0y&nk+LwB<tRDI%ZWIan2a%}xCYHzzQWR`CNqGsjrH}M
zjCoI{=tijBj;nRm;H?aV7WA3^p?i7Ip0~@fqMeC~N%5d9o0TfyF=|u_P%<J?i4UgC
zw*fGWC6n<lG}lp-Pf<+{7SF(<q~?$Z#T^|4^UKRWd8HEMONz<Vk%I}-?8ozYq=<D=
zg&Dd76)pNgwn9uOMQk_p9jOXb%oR|K4%BiYaP|C@d3t2zq?#-`9&(%N?N{*3=<J_!
z+;!~NgNb5CbIDYp>r5q?Zu(B7*CJ=0ny@_6$CUS>R5MybZc#{|5*!~T;gWt(Sa)!l
z3PXj3iD!pmlDlxxk=$;rVlgEjBSmOMU3-dGJtx#fby$SLY{DQAR_U>lncTrDgSKDw
zADL5YRU{MNW+u#v=SPxDZ!ad&-mF&jDp^%rF~=}Vh6c2g2uC3w7L><TBPaMKS0ZUd
z8bF$z*<LKr%Jo*18jB{VqC8@T4Q8-I6}uMJ-ZM%?69@Qqie=L!)3?jE71*%=iL^`r
z)w*nJ&i>dTAq0pl`Eg;R;H7x9&ZVg_M7?GZLWMnro@gS0f$UB<Z}|@7jIb9YmpWnR
zn`9m`z|nfsCe7eh^@6~eE-PDuDkd2%%krIx@Qym`t*=5!T9)C_Izci>XIlXtM;op8
z5Ij+{E6$~q$?IDznDmew_QF$M%`GPK=}HmgBV(!YDypka3>~66BxzNoqN0BkKM$v=
z2T~JxFz>doDzn0Ksf8M7`tOcT^|njBJrwi#qV!HdaX8#F2zg4#QOqe$mamnR;1ac&
z=X^J>I4^q#1`u!AaYT^=;`M=O?<}AO^aDJg0JNQ8<r+;7_nwnV6{lF;MqIncpIJMk
zwNo+GCqgV~$T9^Z*#bPBFgfBzs3Nf#6EOo?IT`*@;@ss>PW}P1kzt`CbnA#KY%}F;
z%8#=+g199!o*Fue`s=GyLx>)wIlk2@S(1wx)z`=rM}(}%6i4Rz(n?J8O`Y12><ujC
z*B-WsWb4~<Ndh7qQE45FxXckMQMb?M8QKV<#)>a71Y&{c?1O#2KV}D^=iA9j&ArTN
zO(HWAZOk^?q$CWZ;z7_U7r3ygzo?KaP0x2`Sdw^Zm9winR)<N|)R)0aIIE;2q)epS
zi+jYo)23_BSW>QLR$PwTR3c`FtMynrsJPwhRVuWuil$chpfpZI8cLEiGow4y0L)V$
zgCaF}f~pMZ>SZL$Sj};xYWalOmZkd4qx*;?&c+-asXY<AEmcM{=2knGozs7g2QmpO
z8E9_`ss~$Emez%JBsmtTP-g59^6VEOaM6k~Uk@J26y+tc0unZsw7G?1<l6@&qXOHX
zSG3QG`U%M_quKcdQ@Ivp>yOrZPx-PmzRm=ZbFm|(WR^hr7;vH1nU~6nrewnO?Xc#%
zru{@x%_WpzVtJ#oAKt2t2qWxiPq8?WzzwkGMF~7=U>Fh!m6UXDWGQG05km9`!K--1
zC{<G20zkkBHDP<fRzKsE8UI8+V*3fk3d#kLWeOF!OwCKi#QEcjFeQ2WS7;y{IS|iT
zzT3Ab=k=F2fl5nP4S(XE4?<dZr%lOvqXvXzE6^FvD8+-;A)<*GCOS8Xxr`S!QVeHu
zZj3orQU&swRH~9GJblLTN`9+IY^jMuz<E-*HmOFw$k(So=yB`J%Sa9eI2HHiil={0
z;JVB?P<Nikp|G~^7iRr9JJuge__Q`}JPAcSGGs34**M2ul9SR<ot~U7<zZXNo}pxn
z9<7_?`{UsI8Y?Kqf(~Iz2@MeQUa{R`EX^TswNTrd@-(yt5zG5GS~pKw<skl@tSpN3
zIdi7Y(CV9mo;O#ks`?2f;~J9^O<S{kdb&_fG~ulnYaeQ|o0jmRQ7v>Sh0)z<kZ@yJ
z1JpV>C1=qtngs~F20bkg%@Dq?{U_B*sb$;Mq)K;H-y`^4j5GRWDHEG(FQmrf5;DZN
zIi*IH*_r8cBe88f+mu%=u)4U_gzgav9#M`vl6Ztelw{aXCh?kAv(6+F5ytakD1P4I
zlV-(nYoQ%1*g>d4VQF`5%TLFVRf<2Y83wqzLv>1=>RQ7&#BGz-w8M=Wqjf2{;56(;
z7WgI6-qgIUSsN#ord!EAC>4@T%Hb)AY6`QK<7!UDOi}|*c~2+h5s}tSI@=?JrXfd6
z8^GpD`(oRhW-U@HpOM|BCMc1MM<t8{8I{kem>2U5O>cWFGn4K_&*_8@hFWc3iR6l9
zc}q1UDghU3*^JG(1)9u&xoioWyX5g86|fHE8`*I$ElKS>ubssGyTp}<>NZ72RpEda
z3g^2}INpWA=`J)yidyqH6UAe-4kWje`RwRQT0D#FAKxz7;KdYZ70)N4qgl3tKugJ8
zM%9Z^=pW0oCbuL&9TgdyMQ!%ZW7^z;B)<)IC5oXH?M1UE;ECdhC{Uyag(cNUPVvtP
zt3o?VreFtwHDk+u)>6H13FXDmx(+IfDkoZw+H@v<Ih6S2NaB~HDTxkc)0g9hqNqK&
z?nsOzjPC$yr6jw3Ue0HgB&>(c)I1|htmF}Y{Uhe7{=q(}e6q?|Neq;j)}fBXFP*U*
zhgq8V=#2#U4kf^M=qMrRlfB~|>~AOg8~JrAHlxUWTy`E_OZR>x&QLKUoIhs<(sigB
z-e`gZB`=5IHZoMDakGo%&oInmK5P7Y{5I5}el=CyKuVBl+mC$jVl$$mGA}=zmO%LY
zV4o%^CL1PI+{zSKfdBBp#4m}3Kb+VXhZ75X_;BKv#8MwVsugRMYOG-EJojM}&SI87
zQ-BR0`dWz>AB+2QYL&S6R*5WL)eAhgTu-=G#NuUmp;1X|2}-K*S<APJy>NQ<Jk-zJ
zW$vr`9wB}ARqLR9qOmG&#7~JS9_dgj1gc4yqgDxE9Z3M|$kD_v$1_rrMIqD4Z%Y}m
z)#?G9M##C?*NmK!WRc9aOk3h5%kIZC1u1N~@Z3*gcI59WG=*~uQTYvy6>PJn$79Is
z0gI_1TlL(?*vWBosBhxok&~LK2q9F<6geNrUO!40aH0kxt@seRGxi7ER9u7#yk;zC
zP281xwWN@8!b)5A0HP7TJiwQHg~eH(?lt@PxyUq_tn6k@INwM)t&3J@2|^Y95>q5a
z{ylSP6~nR*CMeB7z!xv0qu7!}g>FwO%qpu*=H-Kno3@m6C=jrpT&6k2>K%kW5h*j`
zbotSyT5YUiF{(Z36+$}{Ih;ViUJN0RF+?4J(K7Zr1g;7vkgDbQ%KMLdj;qDEy0mVJ
zq7SWNS1R5-JJ?E2*;aE|YnEUKQf30s&`c48Qn4#U#;~HwijwkB7@HXv00X<v@$M@-
z)1>WvfnU&04^OuBb{uW%IN09V-qF^1u(RV}N7uo&{bP2q?O`iq4-Ry6+|_oV64qS%
z#0(8VZ97o0{KD*s#bZYf968i>V5aTBNN3xD(rAA#fFuPD%(!7yo%VtPM->F>OTrpI
ztwP3UP8@_dQ7cT+zcPDCMa&{g0TqOPu~tnYmjGf3qJ-03v_ba^tTHqzNfEYkzp&bJ
zkf=5tEnJ1phBowVTPyM8K7^I_LkKHO0S)A~j#woI(AZa`g5gip?3&FHpQVc<M5-2+
zAoIys-^9du^VH;U??nH|Fps3BK`8QDDLW9rV96hoqEdy+RN1ybSv6g@T-E2jL{4@y
zQW<FrvrcFSRf|YNazo!HTS%%Is)fGgl+$}9<PW6!#E+C;rF)9<oGHTrDU78Hke^av
zpPN?`eb;=)w1a|GwF91~S&Fh$zCa!0*f^4pS!&|s0|~fAr(lJ#Mm5*>%4IG}Ck9BJ
z@-n|lAJgd9<WqoL!7G<-W;l+MAM%APcjshxsjCx3r70K_tkRMN8v72UK-3(!;M<kN
z>@5{_lDI+(f3Z_OIogbeL1>lbjtTD;beQFMGxCX)HRWhZFlY7EqM<rL%E-9(E9gvq
zmdI69@5t+UiY=4u4!)`2rO6L$TF#KwgM^G0tHCmf1I*`1CRSlOAd+tKK}UoO5U!-A
z*(&%p5zzoS%l5ooUI*q%#EKJ_j9nw|i<E66hRrG%mYvY{t+K|FFVQJftVP~+HS~)P
zq#4a5fplzzS+7zRoDFLSs2!UuTi$kZBtp%!biyUUVb$%ONgAS!nS2&U0#>Af98Ux`
zv~XZb3;M+<k3i_x1=mH03zH>c8Z@a8p_bIGnZ8}(;3qATxJVkL_N<JMaSYiF$lg*?
zEXT+~Xqy$QFzdK>%FLCuUKe0eS~09#s~L30!Ah2j;$qnjqzdg>z4P~yM4Yxt=__*}
z;^+dCtQ)QhPLX?Zm40}3EzTGRp<k#}0VzQCNOS6^_yOIu7pRl^S}@C+`)cS*-vLs&
zCTz)?fG>pF()S7ktc=_y_vPAyARSX}i157#R)c5!K<7h{_MXB8lE3QP^i)Wzrq1_5
z5c)1zBqC)x7EN1h6++uj>s#@|PkGLuLcu8*qF7IS7OXL0om093Y9#_5f&GlLyyWyy
z^fxJjgK9k`pwAkXAm;L^!yi)7hzeA6uaIkY04pt-u@R6&M8Ya9EY~X6pR^VBBkgTL
z3mhIjPlW%7lqNn+2g!~+1w$3crV$c2-ppAiecovhQE^S7AW5LH(>N6j$@~Y&?__O%
zr4jYJqhqC0VUM|(tD>q*@i{*uOF8N+6xNS)9!O-HEK0#H+C_7^Zbsq~Svcu#jcJKP
zI}RYWkd$!9Y@#~CqF0-aLY(<ag+i@TD_da(@KcUcwO2K8n)O=pX#7xYx~t$v3c;ZL
zm%MT@>Ns;RaJ`M|ftVub0%bsz<;%o)RoRfS8fqiKoztG-U-nIvaZf`q-c!olISCXZ
z7k^MH*MeCs%D<Po(n(R3KaW^WmUtrdt7(LXBLwx55HxZXI+NN<CX<#RC`?wSsfSV)
zj%_=yvL*#fY#fR>l0XDt$wE|VE5sz3(Do~2C4~0Lw-$&%A6G#!B?NiO6cMw|%q-Ps
zc4{=qReOO5!X6n?nB-e&8<}sF4>14*e@buK3!3`h@{KzD{T%zNYm@x)tKz4#{POq3
zPow<uucH_FrM6YPC@$IG4cg!8lP~bQR;gj;e|&_W79X1UbZj`J*NGSS-FKsg{PO$a
zr#JG;)~)ipX&?RwYx(Qq<*DCK^fwiMD<=m0{s=OOMh5TvBVq~<p1k9QwcF|1XuJ_l
zG(uYS<9c#n<iEfFS6HJ5yJ(YYmzXfWoEJY$@yn&C6~AmdlnKu4Z%ib=aX$HtiR3rV
zr$a{5PO_%w*x#IX@P%`U?~W!vGRiM^AIe<vsQYLnk0cwtJJHh{<4yF9ywSV6G8-Yh
zjz&1q(+2IqGf6Z|w##Wx<m0Ux60HpFiM(-p5*4)#A7U*&6n%Ff`Q2o@w3#LvA?=Ce
zH+B6b_V@?ceI*+a99U0R3B=v7p6_i~PfwcuiA1BZG#vgF_V^3Z*!lH0yE5rV^kUR#
zBH90^*~4GS9>fOG=$qM%@OpZ>VLd%*`d=gfGnyO|CmkoVXJ`ByP?;OnGmwUVgMkpB
zY|u1>(#Y%}eeKPIf{^jcmxuUIZ|0Y~hvgH4-+g98G~|~rjLHr9-CvA~hWv7VOm4{U
z>~YbMU;f;<+>qaWCu+zq+b86P{H`z|8uH7hm4^IoYEm@Rex(1BkeuL`{~&&PlwbZ}
zQ07MX-NyyUALYR99u`0G%i|;RyZkO%g-1EOZ+fHn>1WyHr=p)Yus=N}clYVU5<Hp&
z_M=I#KFR_3spzLq#bBDvdaVu2H}cEx2^fv@%YPn<`hVjK{BEOw+&I6K@%N1p{tB3k
z^UFPBa>G3dn2htwrE$3-zl)G)JYzHd2s0l`ZpgD~8*)rc=zj`SIQu_SHsqMtkavrj
zpXHYvQE0=Tjlo0L&hkrn=Z=Y;yCgt#b}41&j-~9}vuQhbEM@1OP20I+DLXg8xaM*>
z#we@~bPiT>kn-yY-yTh3me{8LNc3i$2<qCSap;oG5!;dE%{XjRb}4E0=P`UFzr~@Q
zvTsSVIIL6lGHDivw6woDn9~>~lz`~3OAzJPUlR}={aOOZXX8L7Z*nNF_HF*(Ec<dz
zY@kto`H$i&kMXZ;7fbnA{3E*d*m_9Svuw5BDK_2cJ7WldwC9#D{sO!CguseXe);Eb
zl-k8{0Dk-;yZJ4F7^D31&*gTt7#6^f@im7Z<0}k5u07lLvZ;L_n(YUYvwi;Jud<uZ
zMzj6wXkuc|U;HY&`Fb?5uO}z={6#xCvFFn!_I%pJo==}xLxZ?{iOu0sG_6a?X}x&y
zOYG)L(X_sloYspM|1>rST^miA!Ha1#crk4TFJ8>pYPz0*{%i6at1uW}8kQUKyYERG
z@_R8>B!y7v+M|E|Z_Z1g^%H|13?_DdG@Hkgvw18zo5zx~c`P}b$C3wB3Sl9SzQ~63
zT`{z&FU6LG0RL*@t5a)j+jp@Z-yOl>-7z=-0pO6hWkmY%88-2skSR?Z8t`Kr9`Iuv
zBJg7zChH<UKh1{v;b;~gPR`=_v{^haX7Ns$tfb81`LtO)pEir<(`J#RHG1kCBJ?wp
z=w~L;&rG79nM6M`iGF4h{mixL{0nS&pNv4wFTWUZrhMeD6EtLu5Az=*%EvF8#W2VC
z$S+4fT~0#%MFHRs$fWS+*v)^L$kY_*8=hdJ<nT7M>-R3FOf<FSt?O>toZ3>;MB5a~
z^V5TwbU@cWnSjj1dKyipFXL~r2EQX3j&hK`T|jU2?MWzqe3i|(i*<Hq)G5Dgj|Rjq
zZFxO8dXC8J$v^vZtDSe6BJV^9H}QRjT{|LxB@tv|z1>azRieAeWOpgh#wp$9v|2ts
zJn~z-L-N}?XS>d+rA%yHv$%(~KQ^4%2)*Wkq1QaH8!~{qUO+}%POtdxD8KxT;Y=n&
z*B(uy=4aR&Zt~6Bv)|ODH!I@JDgNeHC$d$`sc%ju-%J2bN0Y4m<Zx#9C?9XML3{92
zQahh)m(vy#@V+6@%Fq^5tpd7MN`hlOjgsayZ5>cdYc!c<8q&01W{qBz#Nt;I9gOlz
zZ8B2&v&-8euHaWL@|)WyGmQh$H@`ZuiZ-3k;+M0hdc%6)kzY?w8`sm5ru}gO3aMl%
z*=$l=POd`y$s<3uUCDZIV6LVYNPAb;9*w`6v0)e38!tu3$KULjT;uS4YvSEUlJ7pk
zFMB4}JpJC5=x{38;Z#b8A5Vqo`(D%B$b%2QrZ;oa8=s6|!pAu@nQ0~^4?g~y-pq;i
zzrGrc`Q^16A<U2R?~knl95Tr_u(N(p;)WRJk4K~@&h})$`g`k=4pw_}Z82z_Z)b>t
z>l<~NNS%h{e;@m<u1)f<E|0CT<Nhh}?jy-}AK{lTjIAkq{xH$uRI<aVln#?HC5W+k
z<h9I=JZO4NZ|0;o?v7x>$N68zR^4%Juj$R4^hUJ$Q+)NG9$RG_YTA9T=}mfUHx9+^
zBxXPBW>$1J&M*CuY;idE@kCcCr^CD0!{>)qF}0INyIF&GMFV^EwGB+uQ#yO((ZrjN
ztnbZ<<eL*|phe={(~>@)UtbXYjm7&*JCJii99XT>^AS+_<*d|fHu3GzAMM-Gs@y)r
zckPoGU*I>3qTk8I<fkqqAUVmuK0PA!Hk|-(%I01NuIZYt{Q-OY?N#kjNzq}$YkV^&
z+DpcnBsaQ_Mma?O=P=-^c0;@V@_QuxI@hD~-}y1YRq6cqb@%>!M(@vO^#1&h)cZ3T
zy+4!D`!nnBUDqCaAz^2DEZ%3z@re<JHF+uF5^(lQNsDjNCE#q*Y;kt|-xyDRV?6nd
z@#Htm6kST}E0JC1(f^mdFM*SyINPtD+1VX-xkS_zZy_GZhhY&>V^B;y5#sFb%!J4+
zqY{;P1x4`q5b%iNEfSAt%o0yLP&7tSQ50`f1Vuy+!3&6r;*BT&U(eQ4Z%w^#_w){H
z;+H=|;yzvdyhq*DRn^sZI)?pfK0DHe2iLOHK(s_p1w^rFcJNM?Z;Q6P;HslBpMppC
zQV>szCSmF$US;r&LgZ&KH&bqU_%z@iWFGLR!O7-JMoG71JZT;)Zw$#Hq?R8Byp|Tz
z*0Lhh#51xfibG!9Q!@ldHe+#a;%#OGQcMYs@q!$Ign5ytw3oH^f+Lpo|7y>o;$kvQ
zz)qG{7bQ!Am21YGEv>Fbl)hY&zC4n&r-t%v3*tk;94)z)I#Qkp;zPk}%w`j}DQ@*z
z&Lp#3GAqUNUuAjg-}taB$(SXPq<CKDl%0UG_gz_%F-t;7q07Qks6$zjG&u*k@GUmN
zb{b*-i?G+FHHP!taGo2^bHjOVSX`LfOY8k@ec(nYd9S|bshEnX5nApHBi{gcp4oVE
zve%4@3yC+3#iM?kv>T85D7$2~Vd<7Zx(ze-GDx?*=#h3G=0XZd`99SMz>oCbb}D|_
zLoGe|8XdF^&DrueWRRjqQxM>(X{J;D?H*h<_Tpt@+lCU$v0Pm}S69!~)kjsA;p#G6
zUEmZs6b`ex^kK|M1C0D!*ypxwL+MAgQl`$JCIs+8i*_ONC|j;a_OGAgk*Cst*P5Wi
zt}SicQ|X_xY&eW(gRlyGt<&(t)ER=Oy;ubjdVx*S#g!zcMhL3h8X<OKe~3b&0nvhb
zVfz~GB5jmpA1_ljX32b3FYGQG6>fKVnX)k>v2{b}@GRC4fo3vxH$CI9n@MQEV|KHj
zMQ}Blh=6w$5ldOx-zZ1}9&Lht2Q#-&&@F-)c>_31>}7=O_Y#EbLn<Xy9As299K^gF
ze6)~64b9y5!IJL{fvwcPFEc0`j-u>1%86*gSJAyQj9pL6>mB<sHLCMuC-z!8=s{(F
zC$2FyYL6pD2lhCITiZjnwudx)!S+VvW131wnq_SRjEyH2;Mv3iyoy*?vD|Nv(w&<;
z>@=qTFmX$whZv-Gqy7c{j<Uj_=+@mz@3MAvdaB-4>8bki;*0I2+(w4m$ebNqsBaA|
z)QL7v9Q!v{zZ3O7y`>5GQ6JkaT&*P{U`3JtxZ0K?3b;$e+DmSIXso3_6x>Q1x8hWN
z0pUocPwbvFj%`KMtpvy9#upAPqjyjNcZt~eO0jB?V$~qTs=<v_3lUd45OD_~P7R?$
z#~)o8Sj5t4Fi(-eJnr%y-$DbqjH#@L%5NzMQ0->kn)RB^1+@+^z3FbDPZaMnqb9vb
zSw?OR;qb~nRFUEF=T;b8*|B76=xVf*;PXDMi5eO{t}w$DW<tusju9HZwoC`ll&oca
zTJdP!dAk;JpY2Qx01w>GjsdQYAR^$EMMPZvgNT4Liio(HPej0_MMPY!-mb*@zZ<E2
zjf{PDR8&#-C_{&IN!I|<N;lFBNJuv*-5}jVgGdeCf`l{@5)wlT(kUSfUDDm}`hCB*
z)_d=-x7J;2Zk^qGpL6!v_sna`!+aHKR}V@wRbpyYD#dL=w>*Tcp({VlmZ`UF#nGWs
znzKu+4vo3C05!d(S=e9)U$jqTVjwQd9W8h*Os1SaL)$>ER~|UQESn^legBl6_N&T3
z4L5Q>U4uaVp-Vg$!@Z}Q0r}CV9r%VN_x}BiZ|-B<zP08NzH~STjn*gnzDE4mioxWw
zCY&QGLs~x0Isdn1A@#CsFNzu@Ng5ltot^CB>dy~!*aM@|lvkocG5M%@DBjsQxPR3a
zweb<PkzpT`eakVnHmjQ#ezCFJYVez*(5)Z)mvF~`b}nSyI(D0-f^MsI<5yjsNf~>M
z#{#*!0H-HqG*pnggi)yG?a(``wl`*mx^s(@<YNxpI<SZvR3`1ZM`eqZt*;R<qvb5`
zu41u8JHKmzd<B2#5n0@&>xBp*D0p&?Wo>UR5SP%^oRCnjla&#H1;{pcUZ`39^rIQo
z=7jPYW)Z0KRRVq~IPU2ouF)g7>#5=736qhQ;X0q}UOmdHkC-2ZAztsYAE}{nfhS?z
z!L(r?HaKIyZiw<Zw*r?%2ajc~>pwykNsAu9E}Nt;QVwUB4pwm!=v4fVl#M8Ey2LLq
z&OB&`aaCkr1UmN;t0~u&jHpU0z~gFmR{f37^wd&MwI9@}n;3DMw(31z-831jME7vX
zxpB`R%k2?kW3$bp6sG-MH#DlVYu*&4$iUA>B@9~g`Gtu>!$YweKD(t+<}rHgF&eJj
z0D8-@;8s;-d+GYibBd0(YivgMxBY;3@K4n3;N^55=epZ>)hg0GRr$hkm8Fzwu9V5}
zRo#seVP%oZPwBfVzg#Q00#DlV)7b|nUH7-&?$_`y-TF?;401^g{n*$1b9#;EXZgEJ
zA0?m{RRCFXxyuVl&mkJ~+5ix6m?$M9qJYMUvAWd@TWp@~CDAsO;v_U7>oX_9f@EeO
z+^1NzO_Id`t`51>VkoyGo>|HGY8}iZC%`2qP+@o@+hFs&bkC+%xTIKkHd~mRejZIG
zd`~r8oVdUbp7#&#CF|Ow%<#VIZ~`MEf`Vp3L6!PhfXD<=euFI>CkDNFp|HveCbn0b
zS}Mrw6qeF}D>Esm1X-j9|34Sm4P0`0&A85M-wAwA1vyDzyaAp&oh1b=S*ami;!PN5
z0W`zzt}n+bx?}{DPI4$YwZllpO8;G;ISD3y@pZzeS1;o`zF^5K+t1}x{rWbS<A=9b
zy+DD&ZC8S@UAp7^qsDxDeRjAZTvdVQFH13=SF#qykHONgKO2)>AcvTRBpvMnV#C8y
zZLY*&8nK9HY0GZfeba1>;_8V6v7+I5r?t?V)JWnLk7p^B(S;p#ju*6>dIJPU(&gCh
z{Gla7FR~1Sm^}JFm7?^5#)`v+K~K|cLkeM=M!WnALp!LIzZX3ILLtN{Ajc-p>%`Hg
zhYDPQEGJ{5om_LH=V-u_bOm_4(Y&Zzqiw}_Kk+T)&t6BaSHTtICb1Z)%)3u@hHI#>
z03{W13TJnH1K8scnCn#t*kz9BDq@k^D6Qz}hrY^^5^T;sCcE3|v6yqPJBXg^<ORg^
zEAu0@^I1n7_+f>U>qHciSHL`q+jOI80E@s1<T{~%&{i<3VKv>D0yhp`8Wv8aMS5kV
zT?aOg^rmep-FC(`_NqfZK+}|>7MBVg2c3Sw&VxM-*9c(u5oy19mbN;qAY==4TyEl!
zM{SjJtR`PefI63=wB~TI&=iqGw^N>0nq>izeas?+$SGjXHCrf^*+5@)k|@E&F1Nhq
zB;6=doS0`^Xyp%YZ+%}eB;xQ#JFPkJ5ATTY*5QI~KKv669F%ROuFS-0I-=d(uQ2jX
zr!fpar~+Rjzfp0VVAz17w(EY2%A;TC=_Nl-mH5j|tH%+8so!K1uE^s2f{Q|#O12^z
z^S6b1b~Fbs-OJ%AlQ`Yex`}N6c{jKg8@wjE@gc8ocHMr%5}#a3sNY@6`=0H%nJ4<9
z-anjL3|jPuQP^%h64fm9`)1H*-+V28(2oNO-OQvV|40%zWnleT9)ruts&%x;{r8#t
zuKAe&JXVzJ{lcRy#9ose>b?IqCK`-NStW9^f83lA`LQMX+QwQE*rdA9u9NqCsfHRu
zJQZ0S=$VE8(I7y}ofR|p_gV|#W=60tAsR)Z1U`_@mBrq0p&1Cpwp3erLXjsv?jB`8
z`w-qC!ah9p>UQgTG^AM2+Bq`gEVy)The^r)Q}vlZTQiGX;ILBOATv)nmR;)9?G_?y
zyo4%HMryAFiI2IJjXTRre$#pA$kA)|Qyz^*k%B}C`d(~GW>uzeTb+M!%ipUx^$FRX
zOsZqKEI*Wci$NRbonKP}KTktzsdK{wED~?>=Dym@(4F^TvAAy3gPfF}RL?6Evd4`m
zDdU%VFRArxoHXk|;iC^i1?e69;_;!MU8&LH+#SOMFTO}k=?CW^eA*GsweJ1|Q!II}
zbZT6-qtg;tGP$&fu!L-r5o9g3%&guHzxsX~F=T<-tg%BsKu5H+mC8QdjAa=5ls#r^
z6CY7uZGSv8<&#PK^Km-chc$TSC7IThZMQ^!F$qGapLtd1q5XWsqQqR%arj!_>dMd*
zQ*CCiT3|1$s8?hLLe;6$sl5(iA^Rd;@Kt)lg#^QmE~4W>bRtpw2|LZv;J4W>LEsVe
zE-P9fe&U!D8|Hw1KJ)xN3Sw02O`0mz0O_gczLz+D#24j5wp`rQxBSdsYztT1WDOtV
zDc^q-N0_j@z_{Ka`0;ankCYLao3>C{O|bjiPC*>khsD>u<nvqSv3~o0vp84m<6?#o
zojxrgu_WUCsV~I>%!P@DL1sIZyC1S+SP}c)^tLY$FfnBT{#9MkCACy!pMgbH#)mgO
zk|e0tR4PQ*qOuOiZBgK-veh0ERN;J7P-o-$(N~N4eZ1)!ul+2yiLoN(DG=rCigcZ~
zt@vF$oRJRyO&*6clRUgB^AiLVWEom#X7AG+^Oo$Dp;aH|HL)@doCiW=hoD%g*Ce@N
zkEV%osuccP>^6jrLi@qUTs8|+DNj@d_t><^nn$r-9pw>a0;x3XvjTV?JDDs_>6-w_
zMoGlDrCwypLs^;;96#9zddAhn9}ue#)een2%h$hoh|wySNJTC>U3^}3U#Fytl_WOt
zk@~oJ<FYt@F@n}1b^R?vBI}1C&ocOWuB!fzv%<~gSk3}1sF@)@;xZ-tz~C$eV<}z#
zu1<l4M}Svc>U82XESG4Cn|?CNXcnqYFQslClvUDGPkpTaBOUk59es20*_P;jSUHNj
zW80?qapT5)W2M^|ND@-XYCz&XQJ4`6Bh@t0UzfA6sE`A>^ki4cvh8ThN@6P}PTP`u
zy{!IJwb_0W&uJQ3Zdwd^wSNinVwT&>A<^ZNAdMm8YZ}Ai-pivj$s*wss%d4itQ9EW
zXR~%*R*(;KXszZS3{w6v@F|iHYWC(Wp>8jvPx}ia?lpk~8M35MAMMvQdo03q%&n<Y
zqF~38FVn!rd1lVqB}h^^L|J5yNBP5NDf=y@bx@obv}?QH7NweeExd=h8ZQ|ELrK1%
zpu?xJ<|R3P&UfgHDqg)2_VZnq8(2aR36DyXSLA5CL`rCxzjCJ58dE~d{(6exYb?`t
zzu#VLhb(eF&BIE_?Ipv;3d3+GTmo3Y><n)2dEoedMz}eo7{A+0DI$WtF0q4EgCQho
z@G>uktSf`k0EcOOC#nVeq4u+4nPTHTv4V{W-!UU`mtV&G=(YaXAG~=xT)v7=L+9*d
z*~wx(!&~P$Z7s=`sX;+HUPr?tI7XF;?-OXrGHPOiRd&lhttp?b7$%xcv#;>$YSvCh
z?9tKlb|~Z)c^$0UbY1>&Xlc~e5V^b3Kl6v7#TRE#zP)2ndHWdh*iEIsV%O~*^_KNK
zciqM~E`!=#;=t11a6a(En-5j?O5a#k8oAX3BLyX9w;IC?S$x!`eh$~5ID6I_=pg+K
zu9Xl<s93>$DF??wab&DsW??k1kp)hyY2HUeRbr!?_k?P7vg6r0dQ=0ZdJF>GH3Ozt
zI#>w^$KzcVdYf`%6!89Y=8eyYe96JMW{*UOAq*inFxs@)`<drW5co#D$B?*+6S2ke
z0;QSt8;h{-P8p|pzU&UcGgg_rp;lkYaSA5#%fj>JUxOLY*4Pzaafd}omm(s{m%>)@
z@+xOlj}msvle5N~MVTueUF_#K@2a~$s~fn*&Fr~Aa;eu%MlL1hLIZiSikq{12;4ge
zcJ{bYBe&;ur255GNLpr}%>7;^Z5!k!+T5e{TM9IocqWqb(ygst8p=9AM+PuZotNhL
z*c5I_?W0ZINcyLD!2D_glv-LeOp>Y#9K6Xl>8p=1QD~ir>n-vFy$r#3@`q>&M3Q?~
zl^r+T(jjWv&nFkcWR`>CK9{k7WGPPLC87)WPv6(RyMq!;YNz#{l8NfNYqqIHJKgb?
z3RbDduI_zYsAiM?F5vXH?rW|_LkF|&cd>|F6qfm3=DrJ!>!pwn&s?)*WjZyl1?%U3
zI$<Y66YpGKD`C6zMX{fn+X_?NmrR7>31<l2*hXDS6!jkR8x&Kh=i7x+zS~5iB)D3a
zT~P{K8iuY(`@D%GNq;`e`rc{h(50dLzN<i|NZiF~aD{p}fW}p6Fbb{NlV3nZvHqtG
zM(s}<U!W8Ff|Wo^Pog*fn!N_+`>6<;4lbvie#G-pw;mB^;Q`$3=GB}w1UuCz+*JZM
zq<Qt3P)^9|UI>F3A#EvcyqNI#kLIXsavJJe(s%u_Wv|-eeaS^CKid!=l`FN-gMGC<
zH5ah4*s8CZa=lN!UvN(lmRE}k`!r8+BbU)kX&2nmb@Sz&6^(g%n^!6eDBlM(lsD_}
zIWzx2X*L;6=8a8Svrjo5+}jAey$tLUC<sm3KwT9tW6{Q9xp`juzNAB>Ue2&tysYSz
zrg2=7<VsbWNSlXZh3%U<*T+02%HwC8`f-|T97C5)g^t-lI~8y0@>FJ3a*vD*PXiqe
z5rHMDKJ-4ZN#R1k9;QW2cz7O#-HF=AvdWAfOUhqlr8MO*e-ifO@+c#`RX5;O#)!6C
zA2hTt*Lhva8^>1tN@rw=xYJ!Qlg(j`koeM>(J(m-$4zH`H|<klN2}w7vgf2w6V-Fk
z4_gh-5SJ)b>IY{_v6-6Q(3z!YGtQ>oO274@n=4D}s=o@SYESUy78ToL!22eCjr3i5
z(Wk^q_G0IJ<*9B!DK^vFvYMJ0Ryjd&HRko^OeRtM@}8g3H%FgmH-mX5d(FQ(E%Q0B
zHt-AfiJ~J_&G_N47;=J|rg|HtswhuiCKnt9PT+q}+UcI>pb}hMIPG%3?DyT#Wu4ai
zLb5~`$!lTYdu+v@7|d%GV6^^M4;)*80t_GJ_K*@dVSO{0Ff{RWOAyZs;5<+cH6UXe
zlsCOn3+((WO#x@R65xb8ywN~+mHdXJM~rjq@E+73OnTCG|Dq)uJ;x!G5_CYVoJ~EH
zX=yi%HJ>Cn?}kS>=BC*a5zV38tpLw_0OnL3tc>O}9fH98n7?cm)5j8+$axc=IJ24=
zMxPlJ3Ptij$6Z2`e+MaUkhx0@b9Dqghn1KFV=o%7=T_BrP#(ENfS&q`bceVqC2?a!
z6Ks__^6m_mMc6i@T4IRW5|$qSG}7*#L?+Yb4Ydre;;S^68D$xdn84Z19|Sm$+}rH2
z79Ez&ixa&`PS9?*LLa+a>U58JKalGvSw2u{2l^OIH5VuA<k`!qnY@-hGvFY4S=N+D
zq1x3QuOQgS#79{he1KK8#jJTnR6pLk4)07h2_wm>^+vp?Ga-SMK32Odw|Vcd>0LkM
zHl?;D+iwIWq!_hP*?#(6%gM<x|6Vr?Bil`&E^TH>hJHm#Udr^Ve(J}vq}&2;h6$vV
zdRurthMq(|i^N9n@Va4yjv0HUU}5sq;PpEW{zC_W0F+yD@2#MW#iQ$Y&JJr)7ao4Z
zQh$+4*N=NT;>TqaVsvr|DnuD{J!LBQ!u4mczLgWd*J14~SBuuk)%OvfV(ov5eJ`In
z$zji36m(!C%I%+JpS_rj8!`3Pzmqh{PfDl?o2M1a<h{C0qBi2e+06Uzf|rSn6~a)(
zN5*iBmXu%oiN|-yRpm!%oin;0`+l0Ix|MIdwSV34FH?fuE~aiKdCfi@W99`0_rv00
zX_Do|DEW~7ynf<6Y2JV|wgRH^J&eW)&HiKCGg66z&*GlNwA8K@ff}+3m4p}4e-{0z
z*4WQ993eGp5mJw&?(z#LL}q0!HOvc!ENsu@I@wj(IeB(T917pkvR^&iMG8j}1^$s_
z*o%12bAv?VJz;yo&60_ehVzz=M;XOlUh}K|)x^|TV5M26Pa=O;U*o2az~<ESAd3Ea
zaw=^Wqma^Y(+jfl*#VilEu>kCI5NC%P96<0v2FAZUipddBM+-=o)U8j=r0cFH1Qa1
zmE|VnXy9mfs61z2#oA?=;lDp6FvtF4{uhEZD%Hp1;VsUS`I~2H)-o|jc8>Zn@aJD;
z^?}o~S|UPeEyj;5cTLt>f#d7eB}~Zo!$3+Ss68_m)O_1IO8}bLk{2ni@mdm}><Bv4
zqCDmxo<2`SXf0efj9yPSs2#I$T~AMo=I?<z`K4QU(DL`<)K@6-KdfL$&frLH7OJIu
zc%nq2<CmVtKzpM66l_HKR0nN$09+1_;eRqwK(;R%==E<SqgOB?Q}p1tT4Ih8#T`D6
zaMOiPv=Gw|g@;j2>%Eis4z7$FQK}yT@b3^pu<NrCWMVBPL57fCFUD#*_!IG~^Ql=C
zpS_@}r<jr9lwrfh7P6)4S!{77GydNp+k3GPFM5~1?ASd%LV0;ZNFAJV?qUpCinEcG
zrFvQV`eckserYH!&I&y|a^)?8K1y3FzEy7wiq&R_)`f5~MX0s1il+0=NA`tqVz!DV
z!JV_Kmj@*Ik1wJQUPwL^^LoZI?E|}teAn0B(dVd~uHRemYO99qcFL$!IyY`;-Ci13
zxPC5P5N~K3=2n?}YA<I_OWv?HEL3bBk+*`}c6vAVQo<@HiA;K&I`q=OLBi{0zjDVj
zKucR{R=Di0Gs)4=!1A8{m{<E1$+cehe}?#};bJ42)_w<SaeOOUzu72{n&K@(@M{Xo
zTGj;~A)dz`CJ~Z8>cP8Xk4KRexOz^W7wh*&!GEI`R(#23%%{)&D_<h+YzoQ-kuL*6
zZQ+WN?`)yz2K<P!$TZ{t7#Jk=9ULMiVFw0zzmztBgVbT*<JX0tymu4OBQPc63mLAD
z<jp&TmIBc+t9lanI9?8ASf3wp7K46G9*Z8(R8WkRo(TTzmj%WRS{O(22Ou-Wp!<B3
zN9h<J*M#CHf)Vdkh<w;4kR0+DC|x^kp5Y#A01Z=shBfpM_#GDnu`7pS4B&If7vP8I
zORDfA9s%0KL%<+bLl`_c8vVLi9_2B`78<i1jo#Mh-j5Ftd!s>i>;p{B<O)HLGlifr
z21>+-SoC|e8_@5-?@6fQu7VI`x;OlAEiTGqCpnaW-@rS34J3#wFjn)!85nD6-B%XH
zvDOy8O@w>Q4$xBy&|}65fgf=~5T0@<e{Vu(h#Yc)yT*~!>wveY46%<TVW`Ho5M&-k
zO7m0sLeSHiyetZ}?F2M|9{_9x#=6D_2+9YLEf#`Ycn8LjymMsv5kdcWNdtp;8o?nv
ztpAlL?gWwr4<T;zCG$E4;*sSA&NT+mR2bl;uMi}q&JQmp!@brzMR8qhQ6O^dY?*b3
z_G1v>9+Los;sA3&BYuPk0QNo-3~I_$guxd_`1s+n0ILRaC^?oBP?vwKBEwMc7htH5
zX|_<Q!1+C4{?T?vTPQ0q!E?vuLi53gAa~e9kUJIl;k_KX0|h6CHP0y#U1YezF1Bp&
zSO}487Bf}=&jeCBfQ|bM7q@mG0ARWsQ0f4nRQWXUG4p=~Tf;($5RFA|8>|2{W0nbI
zKqqPdD{?IanOaRi^O-3TjKI^#d!!}%kR;S4Zx96eDGQ(kFcm7mjMM?WwE@zfgMkrg
zHGqlD)=*F)UdN(~1C;+mZuE=`?HU_`9ApPU4wmPK(~uj|MD=$X+1f$}02uYaV;^#W
z8%GH87%QduU(bs5@#eApNOT{lJjy5qpgBMkIRLLKs{fH}^Aw{j%91nT1k_sykkb*s
zYAC=e&<Fk#>=j^dRq`l@b-%Ac%?VgT$aqF?U~ol3TvwPpO3+7JXbpgKW&^{#i5bw%
z5i?**`TrH`pd3ou9H2i3Kz?HY(6eGNR$HH@EQ&Z_eNTWSdA`}gg(wZNUAX~ftN~`E
z`QfxK`T#TYLeFqr0V}8d*H%o4=$IMs8QKY?IRICyRV4cLzLgxxV=f@2F(wFn5%3u?
zAO-xh5Y%MmYzs94?8=o+Rs}>W4TA>PfkOZ>Afy0uP%Z=o0V)t{hnz`MK2D-qf$)Qq
z!66BNV{ZbEO*VnF{g30H`0$ZsUKrHBT^<I1h(`Cx0lYWQ7U~T=Ed3{ZEC{mmE#Oge
zz$f=ql(gm(P<19sL<9h$?w{L$A@Br%Bz1tKKVpC>xvh%<!cPI5)(jv@jR68D2fRu|
z4&{Ef5Oj1}T>!caPPc^{01xwIVbCVP%bN&sj|F1Umz*OCK+fNQIOPf0H?=YhYGVZZ
zkB^!HR)RNy)CsukfgYt4(iJ}ttx8hCSUCW%%m5`U05gEJQUT4(>HPB=o!PUhemek1
zJmA(8fVtuTz7II!-F+-L<mxUx36=U?XdToWz|N;c<Vp%bzVsQ}qZc?lqisB=q;&?K
z1p_{N1aKDt#`=8`2tz$Q=}1C-^UuQj0C;8)qGJOXYUMQ)9P%T`9Dp4BT9zGmKpzGt
zPX;4A0RJ0?p;qfVfkFQN+MHBW%^Sr1a~={HYQO;Cnx6pweMq$S;2#cDg24y=1sO`f
zR9yhK1muz{1?U7ts*d)EUvd_3JDVghLIS|60`L(E1__y1T!d2|)%GhP3uXY|i-AWg
z03(2&bb|ns%?@$|gMu$!jZoPN&%#hUQotZOMhKh-P{ok?C$PB-aSEFF3GqII%sSxh
z#|i*VeE>}vU{G>CB?SIQk{N<f_-9lqFeodag>-<Yu9d06?yJ5#D)H3r%Sfim16(+3
z4G??2?b~9@^!$oO`>ic4)+``CfeKhEJsCnCSQ*XIhiXNm`Otks%4Z})h`$GQ$aBK+
zW6+x8^`Qb-J;+PE(k^B8&BWi3uE1o7$6n-NBAjET_n>&-O87m<RE-nfNrdCd{tbx^
zxa0U9#0>yeeh&&#=7fJ#?m_<R2xw}N5T}+EfWShAKza|tV<1Dk>O~fh(}!*Yz<`$@
zbM>KD!0B56y&NaJuNV0qst<LDLHk`jREs3^3NR)bfck8GXeR)opclEwNu&L@;8z4s
z&BL{K<vsaf1Y7Xcuv+(FCP&pDM!5I5Ga+10RRhm8ys;DIT6|#zBs_w;iG=^{QU{4n
zT8tNohgVtzPE*N+2k$JBAb~1of6fV+EkQ+$*v_FKI)LnDb1xw6aKHlijnF?p@%6=U
zpk_t6XizgC4wBBAA|cos$dQh%h*MC+y9~oHB%^eXKtL9d8X-MfE^@44=z@`B4&-hB
zRG~Q{B<v!nT{EzTKtX`*coz#e!P^1ajy)Z|QC>5_P?wfCF}IP9>SyCZY^GXYA#A`{
zKADY^I01ZB=g1wF0F(hkj!O8tofFxy7l3eS#gG_{R;Hp18vKt7r>ac|qNCvv%cuDt
z3JVCbiyTK96fkOP1hPXM;WY|?Vw&@66Y1!iE?P)_fsQmh0Whie4m9}J=!OF*0bPJ-
z628rjLC1<xh2Td2Xw#ehNPcW?$bllh2s~`6Bg=<+7te6PSpfXT4geQL7cbxvZ-6&R
z9ni3@%>bkSW-vSmTDGdXL6U+vNJ8lVL7~mE<GS)yO(IF!09<r7=_*3UK6{eFvw?=L
zbPff`!m=C;&~@OdHoLI_X(@J=8wsBe;Asp9Sd@lNNK5~;wr#kN0_RX7s;$o~9|JAF
z8`(jTQscXY9swrrJ4-EoY-Wc?du;bl72R2P=#r_{BcLbee+U~&3PPxC^Qc@u0g`dH
zR;5O{D$2Bjul&;!YZ}-Uwgm(EX9E|pvwwMx7lAm^^`>_VsZ{^05uPv^z=dE31{Dq?
z$VlFg!%E19=M)prJ7QedTA(WcItMHuuJQi2TWSHuNI)o`*^WflzZ02&`U3%z9vBV?
zPavrSGq-f05isTo`eX~m0Rlf|A&8~3)(h9Z?SMQIy*WxAMGfe{{&g_G;KG5E@|eF6
zB<U~#{nzYYXLrw>DunBOJIU@sc?HB%bD;ALwS^J`FIpCY)S7JJ?m%oGDg;$DY6H1W
z6Nglxxc?6V>V~rW7lY(CReK~jDP4iCvj-r}2N)JuOh8Kk`VD|#L5?ldfs4|0yQZwo
zu6b%s*LSK}Y61xZ=y?c%u?*1DumU8u%A@3|@WXY;aP<Ra0dNa0m8T_cJcS@yV6cM^
z5NrpGmp%ZL0v&7u02pyp<;3MkCK6?^ahyqindNWQ>l-QhOZ26xgHQ_|>E)8b@r#}F
z`U`KixioI(#opoqr(M_sRgGCu+m5rAecr6ABpPU0VuX{v?enViRTh1lerACH8l1^?
zGvv+{dd8cgv@q(c1px={w<&;OrtZrpgpeyy9z=AJN=}o7+@$OF3~AE2!*)ASQp3er
zA5UO(QB95zuiRw7wkKASN7EU1m{RMw@5E~`&1M@KJ?vJ@=v;o1?Cj&!SZonb&d33y
zU0(f}G5F7}BMv!aTg?Bv{AAK-q<zx#*!%$}%-)P+`6DMx((@84wn$`@#WcwyyS_&k
zoV)KBObYR}aVb~2ji`6i20PU?_~?}?8Lm6FkU+-7?il1Jxkjz!lRVPulQqDbIZi>0
zcHTDlc}jbyUMJ`xNev70?JTf7&+ln5MO3+gW{h@~^=vBOhtc_0%%#bPB#N2oz7bl_
z9-oJhtQgP<K|2q$?@yzM-s|m@wF}s-i0O=<>TyP9Q#>>o_SIY(@}K4j3jTZ-YojgC
zC?H4Q7e6Va&brNlA?6M1Av;iDjN?}Q$W}}{-jx4?SoY_o!@^8&_R92}zbY4ALSYZx
zYV&E=7h1gqEjG-WLVCEmDuGxKr)d!$Q>*ffX_@E#@K-!p{&1d&x#xKdIi)+PqU_0~
zX`IbivK=?v$p`B-&whGI;g;Gx5^JfZ<hyF4<~Upwm9#6tcz6d(;L@(|K%~pu-#_47
zGfm<&|Cq=|TUrFVtpNg@V`>Hg0<U$GkP&s&XLyX6<vRB_2t$wL9x@Ik@Z>ZmSlw4C
zBaRI(+qQYpgrUmb4SV2OBW>+3lafl+SuFHEiD=y4QS~bG#)^a};UgK8?OdOn6z6~B
zS`3$BaWy5fsEVsz&m}GdZls9ae0h<>8o<IasO08Zch1%DRxJs)qAHKAFFBOMdU)yH
z-}RBTFj17PcsZZ}ZB9yUMr(m{ZOF?Me?D$jc9!Gbr8bS-Q!U!#MYQm9b4m$;X`P+2
zf@;ZC2NP}7NV`-UakW^(VP!I1U7+A=px#!mF!E16=I}^Hl<+fu@o}+DT#F)Y4SCuM
zHa#Lz*IcY22Gukw7x!Pe!f03H!4rOmEX3Y?#Hv^I{Mf>jr;+BK>af<*%z?sIiZ{Gy
zgYxw<L_8&?<3zDPw@xSD9)m^HWZsKQaMZ>ePcItw3?xJ~Fwxbgkf}?VvTA?tB`)UB
zeUo@Gt)Zv=qBvFA_nj^=gD&y@s#~FBLWM_P!k)n1$<ug}>{CyrWtf6)t)`U$5XH1!
zHltC@hf=)TEX=hsXJw!alqDMH!_|%s`S=2?UVO8vDr1G%=6BQNl7hvg&vc$7rwQ*;
zbg0H>-=*ZY^$O&U;%l!JQC%;KIy>V@na4ONpSdRs@4o3^NXY&Xm;a?#;30=Dp%)T%
z!!7B2XdGlrG^brvYUz-V%WyE%^yud98^lgDcg`*KH#%8#kHXxclV0cwC+M1R?)<sb
zRCMxVpAf|d_v{_4?ZbLmev^R&?zJM;n^8GuXI!bFXa~v>^%rYJ)*ZP?+5UO?`n>`(
zXJOI8yU#i>VA($+=-vS6@ugg%lX(Ny!9w0-Qo+#<<&(r`*~3^27i&MbT3V>3tfL+L
zV)JQxAp(9h@P)#`k%Lin;<YSVU>h*EN$ifA<m~;zbeiwERE4{gL1YB15~D(4AKWW$
z=3g66DFtodvp%FA(Qj_$Z7L$Usdlci-nmYe1uU`&c{54vMma2G(jj^vxB)fnLPBYD
zJ3RtAJDZu@XR=BXH|ToKhu-%~wAFSLQt?sAFh7Bx3#7kBE>;K5TvhQ;w7i9PojOv}
zviFO~^S>Js6z(bqHRG{L3|*~!a6dZf@oFw1ynjZcc8jyp@M}b(Z)|!s3vX3%({++9
zpp-{QD3dO?N8kXi-n&{Pdvj^-d>DL#C1RXhO1>+~h0XAga>TZ^Rd-KMU2TUYwGx?3
z<fl5m5IsCHb8_a~T!L}^N-(D(=g4$xYhj=Hr?ZL-ze$&R#cEO1O`46fGqY5Cq=RS(
zopKLE?<8;%7ytz+;m&ywNcl%5tF2{Mw6yHs81NfwdAGw2n>fSy6OVpwZK<s*j=HL@
zoF!Wd+bMR$WoJ8Vu>NvYtvN%n5N0dUi>zv2Sz6-0N1~|Sl?>v3#>%xx)!)+M<;UPx
z-vprVPY7Nu+6_n-5xT;Y!UNE!<)1PRe>|(&U0Qk*w1+d-ASE>%k*v0HH{a6YaI?y7
zJoVi#Gces-Rte)w^|;#*MXD#l;Wm<Pq#Gh}J?iVs-Irj$nniX@tS@Xwv*J89^6)AD
zXScwg9(=>qBKd#>Ng=&5b@6X_rmIECHxwM*U!&+syCI6F$y&m8gi>Jn-(v7F+0~-?
z`yFDnTT-db@MPLGj4W48mmn`J)<2^OY^y~FH!)zD_VuU)O#G1BVf_6ZLbcXJI<{`e
zt3bynPd`l7xDAX5*GZWm7EIQIfrKYS5ygEG{;FLV-Ch^O`}9mqxC}$8JS@3-qx6I8
z<lH?H-aEh0{KhUw@PtrlAmt?4@j+AfdwWz^sd&BFmHvXsr^ey+if%~{9?T&e<Ibto
z9(Q_cq$8KY3tn70$50UPzXf$2{GYjU$jH4N(X>7^u)kDYzXDQN>Tv}mi0Klz9M|u;
zreJGZw%0Ifc1TAFZkwtgh@+cXeYOEd>68ff35H{Qdp7+n@a&uMZ`oSBJ5KVt=l~O~
z!QQfHnbY9dsGSD7_t?1fbv(`CiP!8*dFaDgFZe+Vlv5)UOJ(UxWjw2RF+xaqB_uSQ
z%~J$*B6$up&-5)C1d$Kl+tDn2s*skW24~Pwn?Le7l~ScvI>*zfTY<cBID)^oR#h!D
z2~4HC=cc8fHPgFXuerJ0bNM~@z%d+-!6}V%=-=Ekdee>C$n<!`uKGjz>EJ61GhZ@n
z7c!XCm<&sXHSHeTfvyN2YabWOHXnbE(hpAx<>4{5eRUbet%V-nNMrjPGHP<TU{!s&
zHtB$<a4)yU+`J@5_-1FV8zYUaOg~nWRaXP0e=9(FrJu``Qa-qt&e%7yExU9ziljle
zNA=U~ups53v~=gBD<&FE@oGLBX7#e1bd$Xg9h$`F)npQWqn;a*2BjWvLEQTtgL}mc
z(jd~zQDR9M$9t-T6z1JU<9>HtCGEj2F(8{M$RT7UulUnw&|1|1)-jUT=7=r-rf&WR
zCuGI?BY99kk%}PSzt<G^7A<1DBx_t@BU3{#kKifMefL38t+H{~35Ak#6mCIaeTSK9
zUI0U{bLYJ!=xSePMQ!$2`#mUcmihck_)}^7)fz{GJBMgg0Gv{2<>(X5-WMG!@0u2V
zElSK@*R%RjhLs+4tcg@~+En(?@{dDf%E{~_BQ<}8XPxGavna;7yk-oVa5hiWJ&kWY
zu&NX#hG3kZZX0?F!1Jmq=a@|`!9aypS9{uXX_$^-p+ob?mtQbW5)UpnEJ#p{AF=b<
zeH|D_HKXK@8jM5W-tmjZe=Dsx=9=;uC=J8CyPYIW(=5e9E*%WF2`2g8w7guRD@u0P
zNQZqH_~qa+rfu;FxkJyQ$*ftqK}Zg6>0h(K#BN|Om^L{QTHNsMT!Ikfq_VrU<5r%&
zrtQMXMqKL0+#4gc?KimHu=7J8M3L{dGn?i|p0bW8nap=@a_hGjSHbv2M@T4#<0F<l
zi1<H$E8#j)jL3&3a=kMVe++M$L3;5FM{1MDn%J!hJ;9peZ*a*qf%2gsS!t{Tb-Hyu
z^y))JX$<>}lFvQ-_Y!C{6{~C{9+8pTUa{xRCl-U)!3e$#)`0Ne*FsrCuyd#QbrBA5
zx#ihX9XK$%>9~+-qssCu{@(@9X&oEMtHG^b|1>>!+|85XF}St;??Py{sflGFzO5S~
z=<o|r`?}|q2iL_T^vcCiSqgzdHD&Q7a!TmC173Bjr$8MPnCqb*H}xV@FEt7zP(3xZ
zU9Da9v~V*dP&MDUrfVipacc!E!ADw5WN3w6%Xn-K#9@}Rvu~%d=wxNrc(GkHukxa_
z_6gj232eGG#;eR#7hEVg8OIkrEh?$pe*$+Z_+mG;0A=_Qsj{k6O8-&hx<+;<yGmVc
zkL(IiV`DmXoa>t11K5T*$?oDd;Q<BicGM!ZS(@c)fznDxlC3Ra-m@m(Km*tb>O#$l
ziHwpE?`HS9g1U*LpBI;i-``4%c8MJ}WLNzOE!65!FeBnxDS@iCA?|JBvO;Z&V44E4
zTZ1{<A8HA;3(cIpxZ<g3pDc5T&yo^#<q<w^u<dn>#hg~zw|KPO7twpBw<nefS@62V
zujQKDRj$3c{r>1un9LQ7J2mlrLo+qnbR}ld8{coY)K-%`>>^~3`IkjFVT9**Nt{}p
zni3g7-=0widH*_C^`;U+I%@l&JrZ(!q97dDM$dUDs1&K+ApmSGl=QOOoJ`VcD;(>U
zbE$Tr<ByrV^cPdkstnZKtoq&XVAj=6J}Tm<AJ~fn>ns;Fb<-xB;9z6sD=WfXb9p(U
z$W?pNqwm#)R+RlS6R(n@H(p1S2Q}d&FYCYX1?uKYSJgt4uPG)1S=}zAwMw)Ek%Nrt
z5HddKq)QZ`wZ^WpoWTZl2sQVN2p1%=cObMT#~(pmTvN^}T@lAjX)lil!1u4}8OV*l
z8oetsTK$LkE*4Gb%{7o`68eZjT7E0pf@r-V(E9Q{_mJdkTIi3eHs=zX^O8(QRBGX>
z4SjjO1*%mKe`$U0W`;EU9NlsRd(>{}e2AL<>n^UvYBSeg4U3wt3`<=^=*#KhS5|@>
zp*Ws_T%Lis8wnK~lJC24i6d7v{|6WK|KPGuRtvFbYi<k>pEgKfvhNv?1+-IG-Jcy5
z7sa@9H6UxXr&rD~MJJjR)RLFc8pHAxX>P)p<MTq{*XR2cct+0|%?B76tG$*OyX8cO
zrDSL&%2pY%{fMV}6s*v7TQ$e6DKCFBE{tZ<LEiVKXkMLKMiWpy^`rdrD6_R)PQVM@
zgZ_nE{D$82*=M_CoG#4Sbm`24{g<~V0sJGUNRsO6htL`V9M_<UXH3-{U;{Yzf(~kP
z1(3_WoG%iXs`}?!!8Q(odN3X!oN)$xJgoay!)kVZAQtoeO%D*xmNkLGQvAuLe0oYv
zZ%Ffq;t=c;s|Fb!K9fXO3XYZ@jR&{a?;=b8III+@sZS(`9(g{^X1~;EC=QdVN!O$m
zKa*#sIhzx(Bg`6gmu9PoU(Q~!@C=oTdyKGNEm+m$!DOXVDqwF<d7!#f6NefHW+@+G
zU$L_K<Y?z!JsT{M3KG8np$dTVtV4OBS}{O={~OW~Ga2H1_mw}hl35=uuN*v(wl1cb
z^0gei2k7lY)1sl<*`J>wbmZ%rTSKCuJ=V`Xp<k?j*EMIU{`WfrT)$odP&Vy1ppmp3
zd>>egY|V{^#sa^Fs&cO{zN+%;C1iyoy~+B_0<ZdL={6H)3G#<=BCP&F%mY3)At7{Y
zJX?>%{C(w?9bFNa|FV~^&NQ{!#tyDk!t?^eb}p`=jH<DOf6G3iHA&Dj>|+3)YbBO)
z0_n$q1(F-1Xw2sDX;6m&Q1w7VD<}ugmvAI@^JF9hDUtzzq5maiVPN_@H6n-)D3qcF
zzL)sKxb{pp*j@8MHT!mPM!S$2ftT=G&iJkT7=%>9iT&114pqE9I=Vt7+9zh5u}C$x
z78;EcPR8J58152%9rvGGu7AI1_lL9Rkd?ctm3P}|Mbu>3MMI}-$YxLiFJ2IW=z!v?
z@+do!4^S~FXJT*bIAo~=UWL>vbPvt)^s*F!RI=msZyDQtAA=qnw;^0|s^Pjt?DXOk
z)5F)MpcSXAJfOIO47Yje;WID}>d3c+mjW3ZV6DVdnIA|tQ@SehN!p?=?STqGSHLPA
zn{FOb{yW2I5(Mt_PsVLLpYdjNpA0N})FKds3<$)QFnmSIKdaH|>tRU>@K`QN%2k`H
zmk3|*$II`(dgM@+yBjhL8ooyXss49zvPNPtp-46cF!&fTZrqU&P_bE00W8Q2G<=P-
zjkDuVMQfV?GT+JIKU?#qEeG|bAD~8(GW<<6mpx07zqLfXn{}?c8>XK5vu}UzlEl5X
zmsK%2X!sSxx5GaaF*YMwRadGB?F>$_b^fv!Wim!($Y182nZ_I2pNy_-;Qd)UBhrei
z(Bt)|kEEuYE_MU)Qvy~bI(bwAIm*(p0s-lv+@9E`#*IdE_Yqnp*demHYm-D@O=vEg
zNqv$!nwRi4UPV`w>Wh>+bj(vosW|zG`J<UONyn8KC<}<HE58ybIrAQU-Gz^`Ec2v#
z{qXi`G~jFghp35;hUO||Cc2{o;WTX~?Uj7yIZp?#2Zz#rk7~yj=Hlr6R(WrW@eXG6
z+rzX`rLT$jnzyYJ^_-aP#wx6aOIErO9vP4yT5WTCZ=s#V7+UbSN?NpQ<Eg-nG0!~h
zz^p|+pYp+j=K=pY*{w}9HP4voZ5hkTv!~SYB2IVtkj0np#p3YwbPngnQw;b$oGMax
zr(=B>;KCKtcOrMy^Hcb{C;rB-9LqJD8SCC(_LoZBmqjA7NM}A3{67mf>R~|;9BvE8
z@ry{E4rs6)wi?;7J@GW=i?|ntW{h>4>CyeQY6;4677av6Xn*ZC<<!&O&D*vcSm@Ip
zI$oGK2XB>CF6KfEO#bkmm|F0*e4Y5+WsmD+zW%F(&oDDgb2fagyJVj!9%YDYPy74C
z0*!6o&1=@tpc(?f^Oi@#wH9XCy5(hY&OQfiaZ{a)NC=r;Wo?OI$tCc=K(n{vW#8H}
zA|5n{InA;6ZFp-NnfO=8ugaP<l&o7tu74?s{O&q`q@8?8<{(e0TLBdF2H!I)8!p_x
zu(Ln=QdBj<BNXRE^LBD!OA&Gw-%x>SXKFD2k-tV`hA*43*b9eGSyb=qo<$a8v1>&6
zqoUTlol!wKxsbfF&Xb#%%zLslDueZfpHw{xc7adnZ+L$(M|i(fI(^OU3#l!#3HW2-
zhp_xGyi~;S`U}7F6-oYg+tzSz6dXqW64KdlrDj1knlVI}$-BQVstnA!qXh3`G6y<b
zw~+;{bXbSOrUlO4TAR3Q$DIy;<abUL_>h~Y95tLFrNXxrP{uq^inX|~FNfP;^7^qZ
z=n2E%u=%qSxo9|Z94-ebl`gwrrS`Ekn4)-6&*kem75hV^@{^g?u8t#7g@5-;KBAcK
zs11H8;2{O7`m&2!BhL0^ly7M(2ZmeHOxb>kWxqan&cC$U6y}W`%n~R_ZIG;ml@Zr_
z>CV4xR!h&!wu^l}t1@N%ij@i9{zk^#gwL$Kk`E}vr07CpR<fwEwv$M4_)GfsOX-Jd
z83$>%i%)Q4l?LCG3elwzvLp9*9GXriKYlby2yqo{*V@xAXS(bpK8<<*tPt|}`N63&
zUejvP<!c>P`QJ$PJEpQa8qps*x(gNz-@+#x|1t>XBzC9~MaYePtD^b+vu>iFx;)P6
zOI)sDQ2u($pPwa25R<%$Ur}rv14);|_SkhCHsj;jWyJ2^0uA1N{nQx1mLQ{{&u**E
zyl|#x3qm=#al@~p2}+-ol$idBV^i07TF?*>Z=#K_sWDPX<}=DktbHdpC}DAlbsmj=
z`?-6TzKNV2we>-Rfq-UM)1T-0q}#XlKbW|*_e58r5x%;=U+xN9^BmJTM6@`Q3U&=6
zR0ONFiZ3(V^7l~x?<3rV=y)RrA*jNf=c+_n{uCsUrE(TNm&5*?ty<yD$@T3Na-jd)
zS_@LH)Ip61_H(}?c1tH1sbjCM*zLN#hf{q;HNj6Yyq}3KaXB8;?s35`J;ZxI8e*oj
zBs>pR#u||0ENohFW!GPqz9ZOAdbm4(tLG$HvHFrYg|eS>)0a49`#?3XNyyhuBpIC{
ze=?1!IVG23_9rB%Rh`3k@`Va$)So0<Sdo?E2i>UQX?J9>@L6GF?PKA(dE>{i8&kR*
zgrEHi&O$c|RgIw_^hrMGDYjT8uT&+^+segNM|_nj@%<|g$K%henG(u9-`ez_8Lzy5
zOQ<i0V|DwYRE`Y!PI>W@$yvnfIncK})E@|&wEd8FX8(-FnUO{_VX3v4NeLCkUcX%P
zcC}hlR{a{{$}`C#-WxU^-%8m-1Ps`J>Fm8d_1&bZe?Rt)9FgegfpuhRUdHL`rS?X7
z-8~+A8?yALW=g$9@yWM(m>VY2W0}r>2ybJ*4GWl3wPTKwEuiQA=@jzhM)UbwX-;SO
zF_YyPZ|^X@qF^<P8iluL#T;9UlOn}Z0wvN5(RLlDP|aNa;B513E>&U2L(7@gTxzMm
z)(f65l!@`E+BvD<{>fqf^*c7^PScfeh%e8#(vB7zrCS9C-}k;h?@foaOcU6(ji38(
z-27&eN=(3PZq1<JGvKLNO|tDfM@Va|j&A+s5~38LyL?F}5=?%IL|ybvul}5uZ0<Kl
zUH@|Ee-1(cKlW|*bM4U?R`Hj54J~1*2L(=NcVXUQ4ZEo9&r)+<n{=^i)I{@#Q2LsB
zOg@G9PRvkk$uC-(o=0UL7J1Wu=*iJr6Ho2=q84Y@;=beR5Vj3jlrKvcpxWDv^lK?F
zeH7cbx>Iv*PnqQb>$<FdE5x9BuCy`}FH>0DH4A)TH*YKZk{O5^zDjiy3esGiL59}!
zTvX32_fCyXB;Oc_#1~~cV%M2X-u9)x$<2t}tt&)Sn|=P8qa=?W=asW%Fk!oLO)qAJ
zz{whsYy5HfN>uW-UT&-{8Ghp~7xr2s8<mqe*3ra1$(GlWS}B2#{6^|0$fR<=_d5;>
zZ*hCH!lXS1^*6Z5%fa5+sWP9lNtpE%Ly5n*9v^#jczuxXZA^xAFARD!IIwz)53RU1
z;J<Pu?!tGUg5$d<f1WmcqmMm}#iqep1Z~sggXovta9b8fYJOHz3K3;M+Y2Z8O04<X
z@J8Cvf0?fCbZUwLt?K^Vawt5NE}i71-JIFV^3fxVL+T+cJKrlQE8nGCFDPh#hllgD
zc@J2`SF`NE;`0^aode!4s7lcby4_9Vdw5PWaFVh3RWR?6znob&Xzh*Nqb;st*5_#@
zYt}KUBXO6qKA|z&*JPy~NS6sgoRvI@?~jXg1@lW(Kr1;Etv{1r3=?!`7SG;4XbwpG
zlZ{{SJ4V)OK1IZNb5X&~l2**Vc?_O;5R&;yZj@g?b3`Q~^EL0JqX4o+#cilL%jHBG
zgc`@#n;t1zqoH>LN+$0TxukAPw4`%2Qt(&_ZA;Z^nS?IhW?c+{IeY1F3_iI*q+?%k
ztDAmuGXNdjvfN&7C8X+q0-eBT$+*j~RtDM1B0SUGsXalluO9T-$g_@BG96@yX}b)b
zgj8%!jI+LA7;D(Svd&@=S0cW`7p;qkx%0m0Q!FO4&{!^+7{VcGSCOVmtsYm-t$`#f
zbM?cw1ZJU!lmqxbL_BFe);&j|N(LBfN)BuK=S&A9wS5`c7bDp{WEPBx;@`wAx0HR^
zdHRo6U+3XtoR*$B8ybERNunc+W^GfY<NWsA9ZyUp5q+S(G85^I`GtSc^!s6v$=&eo
z8!uyvnxB;3r2L2Mwo3wq3hJB25kTGVEi$>q!erOb<+#@<e#>)rwdoks6nck3Z?B@5
z<)3FwEBD)5E}e@ngBMxOnr!QbGSdQM$GT1<5-~jstz~n6Yp^~(l@T9^wRp;yh9fFX
zB393fD`iQ5qRk}RU(OC<{sw{z<FYYz6Mn`JLBpe!(;o)EmK5Eeu3mZiR&&#pR8lKi
zznmwr^e(+h_qN&VHO_gfOY&D9lO#F4toifmQfg$etuVP3!9qhp!<*2d1_4#p6Hy{N
zyLYgLT7=+E1bjY;oU8-ONdJXsQsWBKTRkd*^}?CRrlN?55AP4=q=Y6Tl5?4==>v%C
zLTkfx2JR$?oOHV4s^~7$YC{RE8qHy~y6|;F)?OV`j%yanDszkq)it-&IeZ`E{qSbx
zedOr*nRolhdSXSNJwqxodEc49nbC&n{uH^Wv$b=(YPnX_+7#)&`~7L$GbD=UA%Yo6
z&jj8I|1~W1PSfs{yK06uQP#_{zDFhU2p79h?3b55J4KW46@GaKE;%uwSSM&8kxzL@
zOnW%#-0eL%PbwdNd4VMPs2@JZj~Hf})jnj354)UB+P6!wWB%<kR0q0ezj<I+Nf%cq
zmki6#_;TY;i<7DQ@%8B&-{=VS>$YL3%UTY9FjmH~!C(irG}qFY_3^Bu#voRHYPUB_
z(HPM=v6@1B`L~46{|<GzxJP&BmvOC@p!*nwykk2R430(F#i8$c#|9J^A!Jd-ky7mn
zK`&@7^Zj2OG_4l!|1Hq=ncYa{A{??9i9BsC5P$R^vH;?xZwjlZa7Dt)-n(#5)b3rA
zB&7z~;>O$@PO7S3I)#o6c?z(&+5N_QQQ%Mf8om%FPFuCKI%d>;puWLMR+YYdowXyJ
z2#irqSgjOS9mL;FTnSAmA6#j~ge_d_HSG<jbGkGPp-Rz;?|c^A6*K)3?jjDsh*z9x
z&i?EsB)#tZzxxF>TZ!LO4%uS*GoXc?Mce(rbE5%_p`&B;W4t4&-w94T4TdvzI*M$n
z2SO<&xW#PBc6;OVT&kxb204w{FHskA1iEE9fz{%A$;jyiJcYEl**|P=1r0fP1{L<*
z41<Cvd4o%m2J$moIrY+UwRGc|=J){Httkn6UA;x;4U2p|mrfIL;Bj(Ifg5tXnz9o0
zEM(#09o_R0w1Z!tPWPwKxz^vcSrw@VZVEPpSOJHSPwHE2r4O>8o2Tzkg!k7oUsd(u
zqz;<6^xgQ;QohA9pPD<v1@gy<dk=GlNjme05v^UVv{GInUT8WYj{FAOZOMlBC^>4?
z*w~+Y%sX0(>+}b!(t(#!yvOU1bwzXq7e8?Ggc|)?lq5lhZj62UzfVhg)9FNbO4Qzw
zw$fPWlxx9K|J)E2(YXrq;1GUD*QQx651=`N`&p~kIi@E+v86A@Dp>3dZ<PJzYx@Gb
zmu>x`kEhoZ^}UA<lYif4BA=1eLU8yz9GfLh-e}HNsnem+!rLGfrOGh;d*9^CRL%G7
zTEIt}SD?!Ry}D%38%=AL+_A1(Cnpv}71bQ6RIG^^_WZ7XTAi>i$Z1ZJU_n=+%7v$p
zWFx-<S4sM3hcruJ;GS;0)bvO(zUr7~+gWn20D~gkP+kyy17^@rXCh}nxIQH_j+rc3
zM*wFd<0j;LWytB6&|Id=C?2pg)V1E&4U<V?ziDW{>Byw_^cVZT9Jc=ss{anp)i(>D
zxh*brSq``u5Uvqxg^Y|fb;)i}eT@8hTB}Q26|dh}uzT<}szf6An9xQwW%{6&!Sk2O
zpLnX4GL8{fNM%R&Grg!?XJ*pnA91fg8uS#*3cjv$Y}nEOf}SA=2zs&8r~9Q==#!k2
zuS=?9Djcx?84d+YcBmuI!s={n*)Nrzfj0(kmA<b;lfpRZx)tbk^ywVh-}xb)g(N=z
z_R&iqru=!}qVT!V!lZY7aSbYt**1Ww?2^4qT&L>2^-m3sYxh({LOaLxmD>6$Fx&j#
zQ+~p|9ZULwODt`lC{_!1rH=P;o-9c<kB><XZj@h-G1zRVBnO`X_FQPpc8Z4POSurc
zHBR9~V*30t2C_xu+rWMSmuEmh{OvHX0^s?pTj8F?Q@loQuc&w$f>V~9rpfB0X=9Nr
zx*Heqzi)6AsTnHgHYAGLv3X7=X(=k_`>_S?MVyzVPnMc0{T~<0MPtM)fqVJp5J7$A
zIzNWNy<%`hI*gM{YyVF6borWdSO|$$FuQ}AzDPX`l8?m_SO>joGbeVt5GMqs1L>!k
z19@3gahG`2-WhKmDn|1tJs<&PZ&q;R*VcVj(6!MMQ$xXMJ|zQi@(Kr+@E8VUFw+PL
zk1K%R@4<fvK>v%ZcYu!U2^vRZ+uYc;ZQI&d8{62}wryi$n;Sb5+Z*f6?|a|>oQIsQ
zuA0uR+db7?w|e?^RR=tD0(qH9!SYmrZy@@BQ4%gBfPOaNjKGDu|5=~Qj|hCmMs?zd
zjtFD|E~GueqJo~#w?+QZZOn+{)}6MM{@p;ugVpg-40-D#1i1X=(%=8$WN-W&Y2U$!
zvdyXw<2qH%bcLk=bju0#&(H&WFt`7DHMVEDAKF4Y2=53TLUx%F*+XYhOnW!BzkV|w
zA4kU4L3L+iu)0*7ncgewm=KuRh}NIMXJ~l9PZShYwrAtsp@r(t=SOA=D?*V+qJaRq
zwsd;gROr$B;yLcHdx(_=@3;NR!=p_l1RzIHVwSUUC}vq$pT4Cqx0l{8%@bA4ubabq
z{zEfuJ5c@fUsNqB<q-UbIE5L@<TDg8yU^gA2@B@yi7NwEPllK607o#+e}Q0@bWYxC
z8?UzXG;{4)wsCXgadlUjzLOVgBRxsDwWfNF5?->E7{_oF=K(Bu0u}&(1uV*{xn(zh
z#7Ok=`G`sVuK$dunJ5)wV#@A)OPmFyX($C%3a)0p`CjQ?^h|V&+&z2s+ty^k$+x!8
zF6~&>pnb+HlD+W*fTM0_GqN@2O@0oGLUWn+D`e*cmByV@NS5BtKV=QLhS3<Og=Lfa
zy*oJxbC>sXG-cWHILm2SUWrEqtx#0sn*^KY4YP_jKN{l>PQy=^Q8k6GhI)tCmD9NC
z>fhHoz@Wt-2Wm`B!AfDLyuiWD<<>UYQQ<V#o<)g6VXg@}*IO7bhwIMR6P?JB>#ooZ
zok*PPZqFH=2#4#A#1Wn7lJm~k4xOl<^A5G5p{1ofZVUxIf52Bvv)e#_WRv8xD`R+;
z(M$=r0efsW>rM(Q^7C>l0k=$Cfz(k8oBjvt1nW_E<1Yb65^xX0pTS>+d%AE@XNOiw
za~gx_DYrG`{FgDSjx><4$jpPqQMbyZ{2I4cDydhr8b`=k1~RENGEmoz8wm!r<BZSk
zrHX}O^0G(stO}eHNn&{2mJ7sVWH|?@vv)8jo|n%2v>hvNcE~PUz}4Wb3?NXiKX3g3
zg7n7o)*2A3!V#BcPxR9MC%r;yP^XHb#`KQbj+vaC)Ic)CzGq}`fIV@ERDRKa#YTLK
zE+&+K>}Ewn?<X3vF$!i|rdfmVWtGT*s@fcT{r^&_ADaE_*wX22#M`?IO^jQwjI{l$
z{^>?Sj)c^0@RNa+i0zbQQ+HE(1lmE>cNq@$WGCZPwfvo;!R%y{BVPDBb({^DAIowV
z&z-ZAz}*n%;)^rgv;u)p%v}CItYal__-3b`P??0CL3+KLzzH@!&dqFfnXbe;bv!4Y
zlwiRAuDp9G=#7!p@x5j&A}3)=LEfYjwzIwSSA_Sjn<AcORkFIX0hb!slV1n-mI80c
z)CS#2$A%P!wa~w#eaAXK@rb81qudpNRWlI*z=v1Mswt@4t#@9^BR|cBm+A^M-$P%V
zxp;qToZ~8FNS8nHmK!B?kg_Tj@0Ta-kZJB-<Ls@r<sr^)KYd9@C%e`dm+V*yuO3~d
z^m61$wsI0#!oG@hB)K%aC_4q<c>MuP#_-bQ2X=29Phz4rtCqTbm4iKAnf1F@4a*_E
z#+TG?4g3m*+!BlGY1{rM`<0oP19#?X-v(sOJC52^S13zsx8DB}1Mim;rBLULpxLo<
z<uHu7Ci;`TipKq7H1r%P9sc*X1wpIgV{PRNb+}5U26UL`DQ5>+27FF#&a&KZ`RQaN
z&-DlXx6VrhLFz5ne>qhmzCn1=Cw3b+vI3vk=A*WS;_DX(h-=3A|4@ItAlCi0u|NjQ
zT>c)Isi~R0qDF!_rT(FhQA!oM0$qDbL`<(LKwT3oxp-Rn542m)v%$4}KIsfoo`iIG
zyN1oaGcka9@K&`_t2Na8K~zz7NNv5dgXDAgeU>a|X$ucAbpW%j$eEBWJ+13QOjPn3
zUN&aSOO;@7Y*u6&q}&1t@y8P*4B^ux)~xBdYJ$MPc$uQ(QY5(72VQHHsWb(^3j>+^
zv&D(`p#>fJFI;EIfKUad-h<by=f*NFr~ctY_TEG`4M#YKzR*vlq7JE=T!aGMek}>-
zjNDJ?R0MvP8|%Ct7hhQN@W;42jFuFJphMk@b^(VI$^PDx(c#_`$q68y0pbN9UIF4R
z4wrcT-6mifEMv`c&;cgna_qTw`nh(^Spib4;+hUA01JCH40q7+52}V2F4C{nX%_l^
z{9|pG_&?mw6l`PAFI?y;U?oe_5C7kUaq?q3C%*D;F6txSamb8-sI#Z-@sIFkiZyy8
z{aEe!248fat6kM6G!+y5$6XB5@8{?a`vC<7<2Z>7A8`)cceGgUI@j|^BKPXiz6?2I
z-&HM##ZE<FfNXo+7h~TWO^21JH)FYV$=Zevso`UWMedS%vsA&@KlH@~K^xm-@*Aa~
zN=EZl9a3B(0;va#hg*jTH-6<Gd_KFGig+fBsEl(yl|WtUyzLk(&wN6a*hueDCzx$b
z&+_@mFc$`Iy46jNL*)O9=UK#YD{c$J+5Ijz61G=mOSo4D599GE{O3ZxQb)2Bs^^eW
zB8*A`%HOr5QYsGvHxDDIc(!o*S5~%y3%<3zSWf(w-UXrfBW$k&k!I)r(Ii5#|1@cb
zDRf%u$MC_RWdIaQ5;IYUaQZu>izs`~2)^`}@4ukl*SnmA*YS8<8dt$4(XQU;NYPJ5
zrVayOP?7eW7vt{g|FkFys7}=|`SBrg23FiK+=modmLXnqSw0Z<mNNovE|cQ&x$IjE
z^1Z+2fBs4^-Bhz)Z2{`jQCcL|s=IzJ`Ha-PGx_0{LkCee0b-;u?Z*Zu+#QjyCFyJG
z1D-s<mmIGx*=V0{LaEg~shFHGpl8Xqr24OokJ6Fd&Hbv}v{dK$7UR)UAfx%~g^IV9
z6`{Grx4I^(4+j%A=c?3yx>VV%r)}7&*AL`FLEX1s!R6W>XNqS&R6pn47TxY9HWNfs
zvSB+3`G@Yo9q+d9OU}+OKxHQAOv#1~6v>~|;@2Sf!6XwFA|+@y@SH52m8!zqen^V2
z`kv!Xpe9{O=`7EwVDl2awmsd-ol}DZh%%jmJ!RQe9<oe8xXD!eE7P@EoC*hdj0{1g
z@q4lHdjVTLYUF5SHe<|nN>!g#P>b~kU)<%U5wVD;w~}ql!}0jVeI`jQzApLSj?@{K
zC<?q!)m&_x-&|}u5DI`$2?XbV)>3%_I{zmv<mnmzwhP&AnGojU)43sYHK{8Hcq=`K
zx>O-YE0D$izmn;TD~3rESI;`gi|qsLNv0v&F6;Ji?yr4C*?LTI&+z{5tI}jEqh$3;
z%=*sCbU1wT=S4-a<lRt$vO74s>DWl3W64tDsh#nQ?djcXjLu4&=QB1n%6rE%2TILX
zi?jqU9HAu6IIui3!zx@ZKm7+8`jH1?jadcqK1`Q|)7^y+^A@7=8K%6cAU4Y$U4l6B
z&Vxs47a^W9Kk>vTIztAelZ~Mhf64;?4DxE|%U9Yfo&#9*IdtluT<cq}BX9B;1i3IC
znBjBlHI6Mlv@RKH-TbM0vy(jnYH7zw`yZ3G57FCq>T&6og%A?NBgF}56Uo{&p-yaD
zzIOiOACuYqjNRti1JZ*ZlXq{&cg9(YE>V9xng8;<9f!P<JkX)z&@@1HD5~YLEQMJf
zH#-|m>CFPi`4Ps6yvazIeR1zU&T^XAN~czPy0h?(88i7<x!hp_yfI5D6Zg?IME9k#
z45i<<m&chHdP55LmtQf7!&LcAezEoOj-*~0F7A^3EILb?OWm@jG#Ig7E4J6s?1r6x
zmWIQCL%aQ0rR(S%-k0Bbx#Q}BzueCaGu(r4e&cVHAUk7IQ78K#4O){V&>n^6$uco)
z|1dQf(uja@;<|{*wm(dl#HFk>XbBY<9QA-c{TQD{wk{CiB`(Qj!*d>ZtSMq0nm#)E
z@h@02jy_xL#8Y|~GbLW@Hqk_RXu6b5tHnlpRo|x39#$<q`0}WJQI96BbABCZ_`+S)
zi?2E9MDe6!5wv#Z@F%>SD1-F1sB@4Si~e0hBDT_qRU(f`-TS`(%`tV20a@cYX#;SZ
z^;U*pS77URB0W`A6~Yb7f-Y=r@QBav-tLP^XhU~o>Wb*$4Gu6m{yG)cHz&xOpmZ;N
z$mk%a*o(fwGkNsUJ^he!qXw|h<P6FfbVa%>=D0D&my^5#RqjZbr@3s?fUF&!_HvZd
zJV8wuS0y|;h|cmTOt5YAVYr}cT>enuXR`*;0v|YSl6ir<YT#wp8ZbFW1oIj&uE+;y
z@fJ1;Q5(<(Ib2jP1my4Y#aAb48QEF>8QB>?NLz4{1fnD$Bmf}}2r)p2dh(JqhW1gn
zmmYdl9HLED&7MKB22nR*3&;BB7m!ZnzZ<}2q4v=mfb8c}&b+FdHTJ`}7Vto!C*qaU
z&|cg!S+40`Z*G~BiLd+>>hrsO#~$6FTGH<IB<ks6rB-kCic3Ip8O(ty242X0IzkPU
zTl%^IkYn|VIDcfuJu@rN`{xh07j3&H5uql!`@a5PG8naN0kNS61?6*J3z}?qdN0~&
z(`%$s;%8yjI{-ksC;L0Q9`+`KYI%t-?w4q+tfsqAPU_3xgavcUMpbe@hXo|LAaoB8
z+7ZH@p)%h|9?ID!h@q5!y~{MvBVQMNVNz|^QKNfFl6XWL7Dw2EY5vwJZ=3q3xuu7M
z@Bm%P5<C{XL8}jeA<29zhIdPm?bICls`~tZ&qAWN$Uz9vhN3wdmW}92Kkpy%4s1Yo
z2Hp(T{05t*FjqrrZ_oDre9bQHpOzU|x@Xy|bLr9L(~aYan*NwN%#ALee^&tzOm^xS
z+0>7%HZ995@kn+T&<$3w9QJLqPh9C~`bK&E6=Fi>9LyuO1w5elQGmrCdU-O+P*lpH
zVU0>Or%?--x|IW2LcZ2N59#2qn11D%5xRRN9fWU>b|Qtg_G#0H#x648mpA_@D|jP=
zdyA0Br^rp`*4yRh<F31-E=g-f*_;2xs$-a^8Btm`Pu&R@oi#@%%avcJDkNf%>kjTN
zF%j0pz@dp}hYf9+EvtW-5DYbn&1OE>zeWMs5)tsXy&l=UhO`WUp&LP(&e4M}$%&(_
z%}Xk6+q4wRNy*Qro=a4BxQD=?)uv{dG!D@g)wEfsWjM%AD7PJ4eq9l?EG?8Xxr<r%
zOByj=N7H2McTy|-GIa${Qm|x7okysq%<fJ~4VZm1Lh(Z5K(Q)!bEw92yCXr1p5W>t
zb+PK&sr~xtEE);qvKWmOwH&tKNamW%?v}NVbTv-UVdi}T9H$nEYl)bb;QRNBm|B_;
zyZP$9ROW3h_ku(B3j^|5G-#&9*#ihL)B7(2e9JexP6m|e@Gb}~(&z5xTc;si%(2T+
zJy>Ryn!d2jEM&d|FAMyP$vis!vxGEKxO!GJFP7_4t0%f`T62V)rXF@2>qgz_xYps=
z(BT--;rO$|k-NjO|BvH~M~hfb@ecrDrDvX;Q9fu)ruqa4Y+ISaXtXQ8);yygMz7rI
zRns;$R=SkZ(bnK;C4uZJk<|d4M0MPg<39s+{SE$9z7z(PlY|&TYvwB~DkEj86Pl$N
zlE$0D0uSw?6VIZl-3<FxMI|vWSqcFk6I%Nlr-$jjyTP1tJ)A4kr`@)=9ccR;vHbT8
zwXGDGU5rLcIic3UjSDPu;As+WscuhSv-A$lDwG<v$ibIZGx^txlU^$fHC`C)X3{S8
zd6PQ_>>?}eT)etsitT?eT6j1Xkh>OXm_x^HKH@Ns8R!@#{MSTd({+uFn4%pC+5|y&
znu&tMCe!stzsyou032m)T%nj<lD2Q#45p=Jhxu)Tf!Kd>H=;Kh=+oGS`pE3Ow!=9V
z73_4d;4g3oc|l|k2IQy_GCIR4+auo_u{X}C^XvXfJjhgAfeE44T77ZVA+)ynRUy3g
zho^9GSj>_b&j}5i<Y7Ph=>M1-hFuA_49vDB0l&@vr@+`xR(lEkWi;u}uKAyjy=hn)
z932JU-_<`L?>YuFx5Pll(H*Iz=TO%{BD5<p%eBMB!1iKvX^_hI*}|HqmPsZ@Asg2B
z(3YA9M24fbn!HK-L-v{#?7`U*F{)XNEM0^%C>;%B<+H-T$AN}a_IvP;e$^*XeC9(>
z^jv4#tVfLo=d6QAT$l>YPy1DgPt?zL$yntHJD-0WJRNm<Y+x$KwoB5TXIK|S+0?sy
zz0?)ke`)F^lI)-LUC~4LM^{6#?SEizyRucBQZ~slpxJkNX}T_6kwx1VS$1o6p2ZzU
z+cUc1O%-L^W4ZUId(KNzqPcI<2%>P~2ZYq!5LPck)Ro>afp7{am1o&<FF}}te2doz
z@oZOonz7{fQt;*rydJBR)iq`D0JId?(xLT#0(Y_j{Y`P&@x%c3OE_TH_QCgEb9<&r
zUl4iq=2xaWc0>ZHe!4j3_86>_B`eGUWe>i3FHISXqTaMq`CbpkVo|qcOiTiF9f-N*
z_Z4h?1zZCD19|BWABEIMD^yD6+a%=<NkW<@ucmH!{~>*-Z1IZ<bq#vaP~01N`4@lC
z8@XgmD)=J<Z(mq^vZoTASpQmjW>uqgtau8$PvNbV9>Z=cPS@7i>T69(SC4zzvh%Fc
zpg8s_5doj?*4wdCHB!%w^=+bj3@y=_lMdzUyhv^i^wtEwpP_#JVO9#h5i8`WjT-d7
zo;B0EQZ;dik{->k7W%q;e>fc7-qpBmG<*5wMQkrLCUz0ir6WDi^nQz<H3;#ZV4=So
zrreu6Y&LDJc?V1%jXgCpOsQa7()Ow{N=+OFw4_elX;NaBE~!_X-?-T68q%si4sOMF
zmH<C1WN);@xFQ+_Wis<QCK@klGVx=zIsbvILOE3g9^G>N>;cUeD$I4F>&mMX6)Nn(
ztFVQ)`1XrNV}@(mrp;f|r5Ul~mTVmIdsaMmwtcSbxeBW>&RR>vy@<_WOL0U?A>F9^
zZ~g>Ko>gxyWfpd$x%XY*7Ji0Vlw4T}VM_bMgq`uZPSb05nzlXpVg@i`eCxcHZ@yU)
zE@Nh5+g%5zsg3#q=Hrldl9urO>pBV4Eyl~;CEzAWlH^q>Eq5*1KToI@zFtSP?&5*u
z2K9h)rkzFMj<&O>o`Ye`cU-m$pJcs9BZ<XUO7PbYouUamocn*>Rfu_cJ+yOo5qT#*
z@GBP(7jD6iyaV0_bTwKPk;!8$@0d3GDNfVB)09`kfe@WG571y*&9{1JmO`W3(7zNG
zOr@C?fNS<br39d9M6x#j`{W#72u6^r#83hr&#6gwG|**DX@Cb9S4xM->jDnzpCwEM
zlAmBw#`3X>q6d_crf|3Aa=}JPx0%Hm0oK>~p7Z<baSoyFlE5ft&zI{l>=_qC)ed=|
zvbTu|VeAYUDG^2g6T_^|jNCsVsa>+%&_o7iVkS4xbTlh8jYgFYxNpc-D3ut$HfwY;
z?O%WgkH(4`4<qjF{sg?PMO~u8jCmZpliPl!BNyw0B;)#cGJ&&44_20_m5x%`S6+S2
zNeO{K88G5{tG;b*CoH`B)^TZ8z{mrM!;v`gE7$eOJ8?)YNcUUt_u)fOM_NTxwWsK}
z5#|@=ek4`?iJp4{#U=fQdjy02)ycz^Zr9>5$ghr#lShDnYTjg<`*#x6rI9Z6rO_Mj
zKLa!p-Cve@Q5xzrA3jMpReV!_jU5~|t^98#rIk2Zk1T33GJonn_)2q(l%-EclPK~1
z;rYWs?sXMWJvqq)yROLK&GPFZssUVLjXfB4u;+K*%B9!Zn*b>}Qg48l<$(SZY1W}K
z<HSYJ4`10YgIV^nf;->0mW|hGX+!U-Rs;S~Rxn>dT%P=OyL}exeFr5-h2{RsNS9#j
zlU0w}*4lDST|Oz_sAcCu<eW#z7aHsI^z>PCxi>ERBfY(lD5_tmEu65ku1}<1RgpKA
zR{QU`3%){P=)0-&!yXjucLuNupnSNHT*X%|h2w`)J2@&(Sny7AWe@v%q{mh(+rN)a
zwu<(NyXfl+q-6V%tz3KDBl$W6otD=`-iq>e9;+=MuF$n&C33Q?Al{`4Eyf@G*>o&X
z8gIwXb@QLixJ@LXdrHBZ=TuDJat>sGzk)jJhL<WzY_+qRt1Ci+GMU2i8p8;L=CW|X
z@><9T|Dq~8ww8jtFseFY(@Ba!H-ZVJV8;b=t=dgJ>!t<elTInIOvP?FleKSAbCgHv
z1k5%eb!XHtx!b7gE9kSOtyUt`3*r{O)u2`>^=EEe7>mVu;?u_H*a#N>dTmX^ZDD6d
zMl+Wig&RoFksCp|x~{LpA$9u3(MLcJb+zVm({Ol@)XN%2bI*gvZz`32AlWTDv%kTD
z4!Jf|Jj1bIE6}?@00gH87uO%{93Uhenr?s@z~Dhk67FuJ8^>tA61D!Qu3$_V&1h{M
z+Nu2$H3MZ1%BMDKim;f@%f$W963+P(bxy06Rz03*B}`T5s4F~FpjGw46D0sv%+pAu
z30LcC89H&NAz{az+i>j{U7KSf{cWqt^e9mu`AY+sWR>P!@o(g*5}L0TCvS0vTc?5M
zYp08B46^B#ub=&Qt_z!6jrv$gmOUul_VoY##u`+F2JUU{$Sq;J{ZRUN%b#ChBk~5@
z!I}lh^CktxQ8;+qP4n1tYCVuKT<dmdEQB(pM)V|IhiXAAjV+9hk;;rF*kl-9IG)h#
zF{|EL<K11W63Wk1k~_Ze!mltI3A`hF+#Q@U7m}tWddrtSf_vHuhxx9@GzQ4U5YhCb
z$Bs~PJ6%Kqx9DEPhiTUDsl$Q!p2m~EMvdO+8TY5;DcmQ&kZfEsAIKW8T^`Hg82dGz
zj70Bt%Rp%kh$>yC-~fHCl-jJQ_|7gXF#w#JU|=`)3mvFuzL^qT(=t9vr6658PT<$(
zp$0dHQhPnpRAT(8qG*1W!FYWxO=7Y=z&VPtd$b{wOSJu81ueY=Kd-7`<X4y9ski;`
z3WFygU71T$;PxUMaE?YMS5uQZ^~Vi1w=j`l_T~$0?aM^llSxGNdlZ_-AVxqxdSHx!
zV@l1LdsU8u^(<(9zmPiw;C}B(a6{I?d-;QE>3d$p@+9(~sg)x<{ZEwC$kJ{CV_ga-
z+eFE`%{3oTUpt4-^9GZ%ZH4hU<F@mjRAMD~>T4g^g}w9H%pO(&yKVdTZRps223^ZE
z(ru-Un#aWJLp7_~H<ZdYvJ)69RY2>Pj83Uhvf!S3l&&YLTT<+~*;_$Ky}J3ISB4^T
z>*VA53hKxM(h9!lMd~aOqE5c+mz6ZR!zUU~`f^eCe1*(!clJ6XWuGYumxbg((Q+v9
z<bN^s50#@2mi4bS_%JUGQqxhb+iXIlhY3sR?u06a2LGybq0Dxhd3W_145-#B(Jz-I
z+SCdu74gUDH7X(($5`|j3hP>d7H8Xm^Q%|G;FhzS=t}a_s$~bo3FhW_qo!F_y%poU
z;c}}Av8kEa%$z2D-<ovxVHOiE4Zov6LBS;yZovEqh`kskr57`(fw3#Ii)17lb=K~t
zNA1Nr4wb#6-vqKyCSin~OA@PX537!CHFon)A#Z%ati2qgb!t<>_c^yPKA}?DmN76|
zFwqv?acyjb{<B>&q6gLDKFcioizP?Pg42EM&q`Zx>vMNAOu_Fgc7vMZ{xRggLbud*
zFR?GhLrD;kDJhDqs-lWyDn(+*FP(GB90V~Xy;CU~|2T&qdt&2JJ)A@ps%HN!23np+
z;a>u=u*j17s-FDmRcDZIPrFu}Pz-k+#@6*q>+-Ba6eHNQ`q?ZTv}aM1OzOh-!RVq0
zfFP3%*dPWGa}3qc)bnudMYP%Cs(HNDOAuEoOa9c6t!YQH?2)DEC?Tk0HS;~A>`Gf;
z*zrcnwgL-&Hx@cld4dsATl62uHP^(xVZxsMX;pGwNesxL98h%~G66(K7HYE~4jt=x
zufxj-q+tHQ!x5Ih+JPP@*I2+ex#$rv8C^4!ZGuSFG)UGY|KB_)d9Sds0{WvG*5;!c
zrO}(j<k5bZe|g+g<7RYHEtX&Q(LQCkG5Y=B&N{)lbb$LC1Qj%&Rb;(9B*q4XwJJ!8
zW~z9pzj(MkeoU8=3?-4yp)73=YfMB4;f3Rq>%T3L(9p(IhX-1kI%}uL`z>-+$xC$t
ziYl92T@ppPc$NRsU$%>k14?%ph)d=fsM18aoMgroOy$NEY|)&Px6n+$Bcr0Uon&L$
z(C{)?&9u-5`V>ii-0qg6Aam0TnP}5SnQaTQkVav13Po`_*&5PJ=d&q{R9thF;A#bw
zl`%%SU{-ZLCrI13Hs2y>8sN7rWq#_Z9o_etV>W}{p3;OtdRD^PIBuiz4HxHTMEp+G
zwR4!#10xEwI$;?%Z)d=$rjHM1eu@Mb+zTBM`fq2h6a2dTg>eie?__uQCsyBacTcxa
z^6<Oync}A==Gd3tH9Z1xup}8NV+4E@+;2eGA1Fw(4z}kl<FF2RR1|$-)U6`6n9<?L
zL>NKxgL?uF+F^=wG8J_6SV~G3$t4_)(F!F~QYM=me)QkK+vc*JtZKA(US|#o-{0>%
z=ldoatyUV&c5E9g1OEh+n5>|(4b5EE$kuBzWN5C*md1Ro-WU<DJ!I~$Y$rK?E)lW|
zOYy|Y7OOl&gh*~%%EW5bo`ne+naTuauWGBT^!`e-@|FJZPw|}XRUrcepc;*_j)2(h
z2FHFuhzV?&#BR7*|8r=yMr1nNW|-`q+gRhUx%Dtq=ZTWdWXWBX@@#JvPj(=j-+FbD
zU*B=gdl>k<$VI;H%Kxh+SnR)>`^1?yF_C^JZ@;36Fm<#qP&KoEn_QeVwvw`NgdbFw
z-aAS2nUk~-&|8*ro%X|n>b+Q{(sH9-4cfEq^OXs=<$~*|y<$=Jf~u*=K2zX2&B`<^
zQk6eh0yKQ>t(l5jVbVr{cZp`&!-cmEk;!~IP9@HG$w~PW*2#brR80b{tSU<^r(Lry
zK#I*nU(G+Anq$cidzFBB+SnP9Zn<58@VJf7M7DE|aQ)isq33k3_()DxL*ShG%;P!R
zND?88W9Mr8x49C6l~Xn+^^=f{B1l}*2xIFA(mN$EBnh$Z8^~RB*)%rRcpb_i!%1gI
zz6Hjkg-)xbuZ~Np&f9#GqK-%CtEg@V$=@r;Ne8Y4yYNkTNs6Cv-)&cPC10TCnolBL
zU8C}N6zH=l93_E(a)HQNJPUDd^yZ{_IkV(l8TQwS`;@=c*x?h}X|SF2+=c}OOV*c<
zD*FgeRhbS?-3beF|6-Wn|Hb5=d8yufQPAar-HF<>+1jxkO?Azz{>yP$k=_<tkN6dP
zoP6XlJbnMuCN`7a4z_wyDJ^w*D)-#i58~4dUZeM>KK30$$cdxN883S(>+==M`q!=z
zes$wjgC>@yqYKt#tG(Y+3fCDIWKBayb0A+$tPW)gVbLi6H*#%gx<1K2@k{|lEtfts
zETj9c`&KROgYDP$F>UfVCwktj-<^l&mbBL#=7dYhDeGEv%{9NhcV#o&zr1~N%zNuq
zVhgS*n_G^n>TEGF({5H{ZdMg{8tce1Pc%l4KC4Z-U7mhbRiP~#S-<73bce1Aeth?R
zpY@5fZZiT*ivt9bA-60Mq!9!2#lPJ>d`hqgZE!*7+DhmF6;5gJjx7}Cpcj$wj<3eu
zswH2p8RiiBuH2U5=d(i$WIyxCxXDz-;u>NCGtneV(oo3&{bW33s?P-0xS;uT#^P14
z)Kf4S&A@w=6f<B0%;YA)RtRl7Ku!p!=p@c<hhbiNfP8`!lKtTE2QkvI0&%=55aoKR
z-~dPpuf)!19MCRVoJ72UZgU9!jijc)zI>|=5H6*|5fTlzBy$MgGxFJpr5{v!lKsg_
z$1&2iWRm?3da78rN@|tgl8zhfh6Jiyip?>BKJq6q(uAzrtYEW@#^N?SEMPm@gAq%1
zX)N%b$VZSL)-r}A&TRB#fJ`>v7xF+M10=9pira|vm_u|I=CP4#OlwQ_^Q5If>dWf~
zwwrr8N#~vdD}C?-R(~}N^QSiiwNePkrMPZo!%F91Uz^9?f*!Ki)D2NGJH3Gh;y??m
zm5>FjR~J~T24WiOZ4lI7N)$o9#d|Qtya{*-n=JEbFf3{&Kvhz=G~v1xum@}oW26nl
zV*;Pkm`OQmCRoAp7R-#C>|UaX=_w5RITX5;OMVbb_H)VMB)*ZcfL*gkvyr;(&`-g5
zCIY*xo|v)!CKV%m=>XWgMqu+4hGDonGucQv+A_;tVf+V@@IY>8CZd-DfXxmAcEZz)
zj%5Ea0kCKJO(42^{+EN-=-yw&#yihU6M|_n+8=DNbQu2Sr%a(V1A}sS6d)H8D1aVd
zH(J1wsRmF=_7_V0l}8D~th|tNv`EB`Qjfy{t*0>-KgTkG@NEO$v#^<g3^2T&gIZ}B
zfqGl~zn#A^=OS5h{lXua2J?0QV4?`VSEOc*6$x-FzZXsHjKl%Wrv~1G!vvxxlgtKs
zZ;~es`!<MYza3%^b|2E$MNtMiQWgF<sXqq5;UZB;{1NL3>XAw1DN?}~%RUWb=#A$9
zqWX+Z2EeC?k^T(A0fn9h4u>o5U7$>rfgLgd6p>Z$%L{S0NOzzQBgzeu=qA_{yl40!
z<et|)<cIcs@cgqYuweWw7&`=OAM%phpc^0NTd_M(DSuW7N0kXEL#ifalx{Y9rk_{1
z6yVIVufs5&PC%j90kIJf_W^}-&Nku!W_-fNzy!dVfFD#DhUb2kzk4HYL1h9gTi%b7
zK9aJ4*?Xi>V}zK_HFXEN%%R0X?z!$m>N8A1?m+@uqMimXIwCp+&+T0ZfHWq!1IwfJ
z643^>Lnx`6_#?&>^t)3T*s|1UdM1Eiw0Ot&?(jpvgnVkF1uaoSJcruR8?^=PZdT<}
z3uh$(z|gD=Y>R!x8Ppj(#Q{;-wg!|I`lW#4HBgA0vEMQR{#I=NO_{~wHHw9<9Jkqb
zBqMb(MyHp<!Y>o2uLkG;Q4rgdR!sn~VzmGj6x9!mN5ck;jA=6p+fU!uve>q^svK$3
zjnePpHT(a<Z4R7MHtaXjNkZlx$E$D-+=4sSqtgaw;iRTy+Rf_zK{*<ZnVjyRU<h98
zM+eOvA#WJSg^K-?$_do)g=Y$qo0c_HBO~>ywiv@U)1lUUQ_oh%-e*MjSkHFde`P;)
zQ>iiSbw$@5k_D_SxfS8IIhh_Czz9^_kDpOTU?0co@Ah2nq<4Gjc=l0OGwp5dn>AMq
z9@!>754BfU%(hrlgk@_xzP3JHIXFyOmzKS)`JbscplWPuHzC8!wt`cjKL%eDh<)@G
zo5x<G1Q^TL4}5Lo-wifc!FDvpdO6XeYqlBNr5iV2SL|1HlzKRVv9-wzuE9p6PxQ#P
zKY@xO9mW9_=@E&1OEw!mtZrL0rJxbx-^=l~Ef(`kEh)5%_xW=kJ^*v3^F;4r$HcZ}
zib1o+r?>Tb+Xg7Q-O}z|4FurjFFhh&pdL+}{RDths1+OXG|pSFbT}8|@u*>C+v_Pr
z4f)Vs4$N7q(bp)0`F8gK^qLMPk6;t*f3*g;tR~&^jqq<Pj4;_oYoG}k#xrg@{Y=`b
z*YHsa^X;4i`KSkT7}*65cEJY2Yo%)tezxcY@=(J4M`<Z~bvPh?wjjPyIQgmwfxR3c
zn%bNCND27=6@HMi_^UKNy{>FLGqVWRXutc~URAfYb?DccTs_pb-l&>%tN-8sR+!3w
z+?w4u2X;QlsUA3>aoDql86?aPB9bohMt0=oMDJkN!PA~xx8{>^wMZM-0Mrj87JsQm
zn70*D7+WK4L^Nn!F@tO2k$)$8i@W?LIprB&zP4{&;W#%c@&UaZpI3H>ZXG?Ci}?-;
z0WJ}!jtW2pWI{QBkBS9;!9iKuw<%C({6Yu2kZ1IR&q2wxnF#eRj+3Je%&vTgD}M*n
z1HHlP)tQJT#+8J0a00II&tPeJ3c>!lIb#<Fv{f`Bz@CfOi1bY6l#PhVUwyR2L0z2B
z50!Is6NoM4!9OB6C_^?0+-5&4C2T(V^(X<Gz{iePc_V8gjuRfRtc-*9*n-wVb~lTr
z{>Ys4j`+x5xzXTl#r>6$rMG&G(a*Mv;MYt{$3WE8LObxR=3#DyHOAuQpDDV1fgA*p
z>DcpgWHoWy9f`p_EYp4w%;fIPq>qTU1k-+EIMBr$obsWT^CtYkY_otE=^4^dohbA9
z_Ot;e^n-NFsR9Rv-wlVM^=y)Bx1BnPof*xB^z<&<HJh;b`oO`{u~L=>-rYm~d^Na$
zbu4Mp6-pi!lFEQ4rgDyB!Y`Sz)`_cxIoi^IN1j)_H3uuE>tSE=lNH|OdzS^1&{#pj
zEiiROUA;nGUczlf{a+&o7^a|RjIi4Z%)cOxEet_r1TMFzy|Mya`}3N;V`kfU8iF#M
z|LCww7RZ?&YL-_l*)=+)Amet_ZYyE;4lAcBFI*#Gs+M-t;5B<i%)%_8OFC-OVK{72
zG$pfHqAREeydxN@mI@^Gy3vxL33{~WHKj#;t?C$WbZJq%wv{;cwTPj6QKdz*y0lFz
z0A-L6k-}`$O5`%ta^-1wx0P<kXbvU}kpD3+bHgu|BS<QiS194S)gpV!K)QU51TGyu
zKG$B-n*3H?L>H#00AA%>C=#_nU<NnQdu9U>F3{y1IN`BeQCp7ME11PYT0tZGX&weN
zvr~0n@PQ*h1DA$I26z$#&L)}+zOX_141oqGcNk_I``gX^u5Y|<3O+hzBp}z|Lr6FV
znVRmCw`-x?+|QV*QS-(^+=j0UiV5VJIhl>Lm5$}Qs^<LSvZ@zo!RYYi{4=TDY7A<y
z<1nZ0?Ila_u97-HJl%mK9UJ8Ua+0)rmT_>GZ1g!r!ZX((B;N#kAyh4-UXhDTRSVdl
zVT;)a^=tzoY>>GbC&?1sE1S0YDte!b%cke{VHlX#x-szGm3P+1z<NDZs08>;Z@OPy
zmz47VLz<6KG>@*!RYG5q)-g(uuhNn76h|I<n=?^>dl~}kr;9{&{7M9x_|4kOS&&|%
z!3cFCx-K?9jCBJC^Jh39N%ub_mz}%W)=Zptzg8st?Pt<{0;{H@WlRy=lAZ>!LQJ53
z$g&<P=Z0(<0`bkj<MlvC6kIY|;&l5JQA&IiI^E?RG+<ZaTQfWD_H;T}TJMi1>m3-E
z63tO4V&86zDlf#98(T%pU1CLz5;~%%W+%JQ!c`3R%8Sqvs$IFXwqh+69>i&Mj3$kl
zxo~pW^X;*lu^F-z5$s(gr|8ypDuv-VNkmlOQ!fhsxDm~-zP(lwR6|<N(n}c6IV`NL
zK&Z&Tb%BD3%pc}?RPvReH{!+z2sbH_j#@6(UoImdgtxNqrovs)I9NkuWr;mEHKNv;
z%s4w_r(&VoOw{0<ody=^_k-jobCiZg8E5_Q)muZsNMu`7!ARM9Qzvp~%#A%HrwtW7
zzBV)lc%#C7bgcXWg6%0tbc-)uMLFY!YzHl>y!4#EkJA^7kJfy>X$ae*R@h|EW?4Gz
z1m#4i2|U?9b^EEL)Lf04n|j<*vDu~V8KEvehb2vfle5D>uXqbT!-KktVJ-Nxtu{uU
zehLqj{DuwZfOVN8c>YUJxC2emL;cTZ)DQzd1eCAsGtYUw9edN;7=@;AknO1}gq1K(
ztC47Q4S)EDW<OF4O>83*Cce6H!j~0iXa0;bekkumR6hjpG^D4~_QCB;fk6w1GK{BF
z`bL_8A2S#h0bj+i?*cymT#Oqn<C*VS_ScJ{Luj%Ef+gM<pZ^{Vvd;XF0cZ1p_{~ZQ
z^>nIhylEcK8)8b~qfYlL`x5ms?m6d-UzZ^!>N3%V`iZFE<)`ZF1H`#!e?Ea4@5pEM
zG&QK5P4Fve0YxS?*v69yC(LpM#3D$q!f%`#(3>=*f3WhYAbHg4usrwRhCGMhSp*m3
zOwiu_bW)z4BrP}_<MB?PEd{2^M#RHh{AUgrt}*|J;2OWmGC+mXhlu`-jYwjiIs<+)
zN(r3e+&{zdy8G{-xlV&~!90Q_3->4^*I}`NoI1axt5MN@Yi*ucN=XK3w91Q0dXBNU
z%bA$MUqWyk;HYdsh!*LuLrY9b_>O0wPQ4^}<~ar+ILn=kCEW2enjuFzkNj96+!Kg5
zkI`<d-xKfPMUK?=y749;GZFCPr5cR+Vx=-!=G}9Nfq8ftpkg7F-;>Ilj$ror_JkuF
z9NzZ8BOA>5B&Hg4708B#vi3#7Ero!MT<BsTm&HXxE6wGtkix4HlRTRqEkz`k8;?l6
zzxS35sq}ISLp{RdCYM!ePKeOB1<OY*wEIdxZ)7w~G#AhC4VZ~s=*CAYrH6~u){4)c
zh+zKfpNU>rgoTHTI(4qctx{JhMvAq(>O?xcS<j6scNNr(gBrHd#e-@uA8;rhG1im)
z+9egKs2D=G;J}R<eQ(VpIUMz2p%`M|W|pT#zH&x_3jgTfOe%gI3n>|r^NC4i5-Zp-
z9+5DZ?n1id_~S%;{A|dQjdbNcU{Bm?cSvY1LOWAvCQ>_%D`zqSWk={xyy6Pe1xKZ`
zBSgHz6*&^P9U>pS5V3nQQWX;>^7g0BY~*SLr0_EWn#>pa3Cq5@%D${(N~frF$`|Ff
z0|rH!BdL1$2@k5b*o?2_u(t_4)gbzzt76FSF(YhdQr9>sr4uwZSp=cq-@_{VzKX-0
zhnk8h-ZIiDvNF<3>`9XWO%}na6NY2+-AMW}d>aj`amJkbfXo%DUJ$jb+-YC<k8U?6
zCh4hKOSlD`i_G8_KkqW)6U#Y_lF&sqNb7L~T@sJ36a#9z#DaBVa6BydlZ7x;%4*p*
zBoM)YH)5=kN0tw9)GuU{WGG2{>5rpdZ<2v4$o0fCAtH(Z2h{8qJnu3P&)dor^cT4m
zhWbFBODs}jD4*Zbb=ig@vxXwC8QpaxoE-^w@*;}*c{D#ac$1}_B@QwN4NO?j8OuTi
z*tUpJ(9?kLT@28>106%)oek->Ho@?215{Q(2Q3-c#icx>9<}Lyrg{JEEW|AFBOi~X
zfooP32G8??LX_IO$25ecE2Emj0A#qexlPlKzfQ72a{qiZkRD<QK8S?)u6z`Cj$u3(
zU!q5%eq^ER(ya==Ia-6h1n($lL#{(dDtiiI4_k*`KwlJ02%Z*97@QWYz>M>G3Tn|_
zhrZX_gqAtErTAO^PR|gqp^K@}R;%IPln^oJHdh%Fq4ZeI6H{@DY*)+FRVAudT?Eq7
zN((2fSN&l~qLNr>R~v<3=fZ#8y~fnagQj!h9|r|-n{GE<9L&#pm>JAZh!L|a&De9y
zheTQ|Be?h8&Ytqv4WoP4bnAx1;5=xs&IWk~eVGYXRyVcg8g}!P!#9413EoBoJ2&dg
z#nBazE@g0yRL!~M4%TO*L|A4{g|KEugka@72{bJcvsm+H?Qm92T9EAPm0($yYM=_h
zkX%S&7Gz<QE}xOZ$i9~U9E6&=yDQ%k_VSt~2yf+DDGRn~kSHP8JM7lfHVZ7TxI<rp
zp7ZwG6m0ZC`_#(@pQ4CKKow|_bvN7E({H^~Q@>4iYMV2c5ngUqdRk$!*O54L4DaF(
zO0X4B9g!`VY~yZeF9_8jx+jtr{0OL)idv$)%3xk1DN2P<Et=q(oyFkM4zpE#CAo_r
z6u=FwmLEw0H)k*xQJQOikeV3_B((o<YGd}oa68gY!M(3AuIx3zTwr<0V{Nl#NgTx-
z!yUy~sPGhb4CehUK~I%95<i0TDM~`(!%7{Bqe~fzlQ?QPfb&^%>dF0%p0pmpd}<-(
zLBmRY2%^*79#K%?A^0=+1F3tp&NC{ILm>v4lae=HLw(k?)+$vHEsutls$O#~S<7KV
zLso@{w{`GGF6m5P1;M;dA;CNiEwroV8aQvs2R7(uM~p+9vUso|Z@ap_`!lxGDiiIA
zsiwBuk!tk_b}Aba-DPIFgk~%g*q4>yff!1T8WuBY(RR(r@Z<hrq-9hfVL6*%2m7u3
zowZXx`62KG_AYknFX4~?*w@iNRQ#GPhL`j>QO^-#L?pZVmJ`auNqg#DIMiTyjS0`f
z&*Y;~nw2@!?SBwbqKw+dWm31k=Bz2^pd+Pg2gqT4BQT+2QJ@k)K=lN(-sYMX3Q%u@
zht}4cj#x;+HW^4vw|1r=I3vN8+Fks-J7LuD(!z%s##9UeKDA87c(=I+8T<pY&=A6>
zdhV)c!&q;95}r+uCH6V=NETWdskVBFf5LFd1N)3?k<T0=9)9on5IYH~MF-V4JV?I5
zp*~i>qqwDHjAG69L-Ls{gf8YLF5643Fqbia$2Su43ycb!h=YUrr)OyjRFvd<>s9nx
z3AC9byu<#r93z;Vb_-8?I!JJOuK2CU9fSICeGLdp<Cy5Y4_mVnza$7-#rxA0fp6l0
zx*oO{wuUIiiN?8xIP|<u4b~gz@eV&ckr{~k5@{X7V($=VS7#^P+0jPg?s9b@X!_9^
zk%+<!*8JNFpJ4GG>5Y`<G|0D&K9|Smdkpgn#9;_hcngPnY<2^;auE7ge?W_kpX5`(
zoZ0+)Iy%h+`*o(g{#;+Uo0S(}nhm!fwuVm$WqTb+ZO2o!ZRgIjXTlrw^cHJCIX}ru
zR=xR_1x!?Z<M!JsSy;@$^qHnZWO{5Bun^8B5s$<3&oH91I%lFZ7+lw&vrh6Bis?|9
zrMQWPqfJpHn}v8&CYwEMvf-L9|25Vkbh)IdjycYRm5)x2Y2rRp#-hSCcUmyUrZQ@e
zPL|&~9KfO{RP@B0Gh+{U=*n?ZkknaqrM}3DX{tL@Ug5y)7vf?SoFUrY-kGpsJnxtA
z8KwsJ?4&4dBoT)%k7;r|SH@DrHQ!q@##Rg<73_~qOBpp(`E6im4q~aN`c@OHA7Y*&
zp&i}?GesTUfYb%UmzPp`u&r=hhh=WQQdl$18kl^{+RHOLDi3ulA}1?E{V_M>ov5wk
zdohxyIR4z!`~qa`Lo&ZhSHTJ(oZM$BrvKti88MQKWSTFeKVzLtsuR;$Fi)W{2yZHx
z0%=;-3vcqC0%0v}71QZ4PceNVti4WREY2yuQPy<8JsS26H|^V1(NayK#orW<eKAA0
z&~}O%z8}Id9c(q!l5<!NVQ$vISo0USy)*L^`ofXIyl$#uW)C8+UxE`ICHEE?j}Xss
zMaDfid{-)GlO%5mrPR}K*HNnf%ThN?QjFMMdO3wm!z@YuRJM-gSVO^K^6fu+d0*FK
z>?Cc~b*7XviIeCVSnEXO=&{kMi-a9yJ{am6;?VYBcratqhWI?u66<JwQdbQb`S^=Z
zW_{+uCUMcCpZa-PY}AQ`?-2a>zd8-BqUV0bU`J;%@>87J<GQyJ4{-IQ*bUdEZKBt#
z3pF39Eo#b(29);K$dnP!9VXSPI`<fr9)d7gCL`Z+u)pfN#OVJyOp+G>9)7Er03`T;
zM5Zf$vK;G?CuO?X;GH}Yv%UZAfBC!*rH5y*@kOS7k_a%{N+1*o$^dC~;{FW=HzUmq
zCjexE`Y!|XSZIHxd;1uY+>^q1pj@Y>C&v#B-H9IrD>xn&mJH<W=SW+Ed7+VLgxvaz
z1U$?Qo|2WUj!zqY0?L+T{U-xCehuW+aLPqpq8v?lg+6v1K|ve2f4XRL@5R)5fn%0)
z(!}GJl`A2!<Yq+v>U@b)tTwVw83;GW3P}m7W4c$}?@f~FTf!3w&M-tkM_f9DS8~Hu
zUTf_p1x`KR^I@8r#v{`)&is(`Pt%2?{?U@Dpjf?T0$|`w0bn4c<f?zJSx3KVhG9Mu
zIi5;EE%Qu#=mAA)Rz&Q<0aT2_Y^iOJWxQcSPvT)iNe^rS^bDsJ2tqKhzUsMl!~lad
z^^`nt5k>3V2l+iziooCOvn+kbKhn5eGeYy-A^a1zazXo)zCd<8Ods0#zCc8r`duCl
zsgJWdPd%aHi;3+FrlH>y+E&1>O%L+0K*F(7$q2d{V3A*l?*sXywHx`>2u?hsVpoFQ
z+W3Be6?(Me+c$5AZTe=<RQ2B^Ul0O}#*+a|bu5+JER>KVGPX&;iCY>*1894)i%8cW
zbE+D!$iIiI%(`0*==UUzaW5+!j4)SmJ+xNQXm3s1VZDcfqy0kMzgbA{#O{@#eDglg
z^0573^JKL0&q6AGd5Eezue-5Wrhw9dOH%NgcbS61<6xp|cbS60;{-A3j^hBI==?Z!
zsBNrsB^*@pBkC*H8IyweOa|4}-xSDolqoHCwXhU+da6{>Z7a12|NF^SRAzIfGc>7f
zWO5z>P@R?neQ7yj1Lep8sjhz|yU|vX)K<$;SYl@zo7_UK$u==;Lz$^PLxoXoSL<Z*
zIM(tEp)E%hW|K|OxPe8dnO$o&&DCYnTFU{vXgG3Nsn(kHyRr*)X$6l;QzpzJX<XU;
zTr#;JJHjrRPJPoP^qi`N@F6mx;F4Og`(t`|VlLV`0IDHtb`69zal=C59Acvhv^%kB
z=Tvr`lg>Q9q(%vjW(w)uiq*Y*@l1K(EN;zCj@(^94a7IOEfRzaWff`_x1km@a=<n0
zX9Hd2CYp@N9LE0P?S$*(shJjg`$*KW7WEBXU5mXOc`cCbvgDJtzje5EW&7O5HWnS=
zhn2X{HJ*58XVY&r_s1~ewcC*i!2*Nipat{gr)g(AjO#a7i`K)p!<~_~;$%jYYzi=d
zOMs)Ri<e=g{a^*nL%_8XG6i|XyuU>gI1JlJA;cVpC7mqVzrxQ9B_d|uchOxY@=hGG
z+i*@@E4*7aPF)Wu$9-+ARHi|<v|7|#+Ze<bZxe9e$VSlbxHS+5Q|}+QxhraPhzvKc
zLlKBC?e5AY0dy%Ma~Ldwy_2I8T2n-mIA{mOr<n+VW*{%e)XGbiqZvW~E_s-)sXZCs
z%QqQ2viR%}8ZdFl29;5~0CMuMV79j8_!M(%sy<{|x3X#9y3<|}*RJm|U6;lnP|ce5
z+5xImU{xFFGTN+=0+TPeqj~oWqP+3NuRom-vF&)3)bj&^57!81012xE-m}(R?!fg!
zxNVQ)DPw`qbFKumoQ+fej|Wd9Xq<UnML+s@A^t7esC#6DEWW=yx&6-{)&1=W$y@-%
zX=@bE=Yt7M)?lhU;a|Xaa}A~2*aMBfo<U#8yXxm5v>jw-jB-!w3buwMacfdJ8z0ec
zCpb5J$p9MDG^j5d$ud+ifT3idSXl6r1O-TW`8~MwqCvmc>PE6a@>@%e->e@0{ZpTO
zZE-=WLUkn7GgEMN7g-22GWlhMHgF}d2=fAF3ho~(yD0|I_$-g-NTWBz;8wK31-3J^
zwlx$}%tu9wl(IVFDHqqWlXR9ys%cPx+!2l@<-r(tOBeGLb>Nrj&qFDG)4TG@ipX7;
zmmiG<dM}XNA>y>)s~&j`|M5fOFZ4%*&8IZP0z8!hxkXdxl{_l_8rzwPd<|e1ZPQ_U
zT*ht%k)2V#9Qd%{SYoq&c9nXtCN1c-WaXlOIUO@ae>NZZc#9%_&6BxdUPLsGDUfB-
zYdcPtu<E~EgGA#$m&&O=)$giv$fN6)68lT_DJ75$`msaLwFI!jkLmSl`LkTBkAe!g
zvO`I<=no^fpn~CK&3`$Lej(e#o)0Dk@00Ta6*_ja8b~&Fe-SAD?Cm}{N1Ens9Kw24
zwQf}2Q6Ho+R3raeKP)BEUzX376_bS*GqQevdw)6$oKpJW_md-fGCwc#vdB&YXC4~5
zIptIl$O-r+`=mvVa??3>fY(RvsZG6l-QKPoV+#U6H^)KA11WuwWfo|?B~Oq;aZWo=
zdlpB%mb}z;$M@f-`z9yd2pR^PsqHP5EBn2a<II17uXQpqY@7WAF07k|(0P)UGi8y@
z78|obNAf_n3@6Jl$B+kkUHBVPF1f*Eqd`%0Gfb`<A4<R0rUzv3nV%M(pg$zX0AaAj
z3RYlfca;2#-MTCX{rqg+BntWPrO}PsWUm?0M9~arbL{6A_x9l88ZUj$N(NQs`#Yb0
zbh<O&^lu)4JY!3jt#eLl&pZVd4+)A1`7QB!FQy3r_@A47e9x!1##-W+d{D^g^J3Zv
zRY)2akX}cHHa*UJySw^0^t@F=;m#dK_sWd-az7?H94Ev&@P43#4K~IfMYWUH>%T{J
zJ5%T-Y1LUv>|7N?9{yiUodr}JzZ<S`3Y1dZp}4zyTilBmDemrWrBK`*7I$~I#VKyZ
zVR3hN?)3M+=iGbFkdw(InQSsUOTOfJKV4V(R9`kN!1Y3S|9tMw>VQ!KspaQ-^>jx@
zlEz6<cgakb@;FS{uCgdKKWh9ZRlxzJLB;FAkYN5B-W#@YvDa<h0xz2o^#IbT&GTVe
zgyAquCX1kVshg>-gA~oLVmmG(f;G-enwL493`sFmXl9aD&HeE<J0<2B>Y~dQ{sLOc
zt4ipC7Gcww;)ary`NP~bS?ZS`TipuON{^tL?ot<iUUm#<2(#BOMOWNv-_^XEo<6Z*
zX12JL(;6sdumE{!+C37W*DnDN^zTJZB8{`O3U9`~)T8Hi<pM&7@k24i%u=l1F;ZPZ
zYIN_lrg8UZ(a?(y(VP+tb7V8PHU5O^%ixZwkmyol#m5D|+vRrXy!=St>x7aJJV|Vt
zQ7IUBEW9bVLzeGecKfmRDW)zVIA;8+AvosG+SiILu|82CIwLYgvh)%wKHTe<nL#pd
z@iLyaJky1#Jj;PEcF1F#%wdRpC#So1x}6#UVi$_<rjoRqDZjrBoi<GJ6AJKqB?=M?
zDQw}ww73t&pXBgZ30KXRuH0`%-=3HF00R*Ys;3`}{N&@x8Ou~740}Lj7<DB_@}Vg!
z=7+R`;V_w^iOi*(Zf5zloEC}swcMjYP5qUe?l@QGpAr0CK#1(UiLL@MaKcAMJ91Gw
zG4iLI<6#8UAfu}Q2c&MCrM44YXZ{gA^2?N(+!ZnUd)*HDC>WnS<8OB9c<x2b65I|%
zvj0VzfXFvQ;?M6*CboB2mr*6J=;>SUh$&XK#z{{Y1Co{ALj;Vy(spE6wL9ih9wBwh
z&0{Pa_*lSZ{lF7um@2-6C<3u_d09(Om1Ei8p5bk5i*O5Wj9a3HjLTGTy83QNgwPt=
z%9!gmTPY3`tNPZD-Ml>GXxzkh^@I`fJgwbIt+VU24r``Y3%eVFJRf9|BY)M3EY~@?
z!KZIm>ZjZp*L+02gn>vsx%0Fpb2vAwY#pO;(>(<+9Cxl;H%23RSF8?NmAc*@BlAd}
z2U}aA-D@r_^>XQKEg}%Jo@^D=Xz={B`6>U=jmoPK{hYTE9{AsA6~^kZ_rkHQY!atC
zeX$bn+^7Ehi}$esqwwwCN7D2@Vf}O}u7*%5m3t2TntIq}W7xG{*S~~Te0Yf9T0?i>
zeEp+dpo9k&{O48RkBBoUVVe<``(cFxt`jKw$jB$QnWd`Va65%uq5KSZ;M09K_`fx3
zBMt{I;Cwpwaz&{wS+~B!=9aK$4OjUf7?2eG&ditC=*c%Qi;NqXe9gjr=LqV+O#<l|
zq(^|uq&>7xP6c|HoZnOyoY#q(hG1S}YoPspbMk{Jir5(r^6^+E^DOo*%;(wah343<
zC6-j%l@?W<Cu~ht_Rr<nB%7jY^Euc1@Q?EpopU>}>Wf(%$aDvajCy8ypfe@3WBtQt
z%E`j}8*(%0poHZMgih8<rsu-?B$HTBnmPK@TB@)^wG)^o9qL8!as76e>&=kv&4s*B
zTHp^;16H7S+%gp!pW@}?`^Qc1O{GBnx7-sLxDg(O2fjPLHANsPUibs-(JC^5A!fNW
zC|oCo_pahq*-VoR-ZXIYVRMv9&a)>o)Kt7{V-;HZ8E6zbtDghvyIU#>f!R~XqQueK
zIDVhb3Vt60Ej8LYq(mJ|Y+9RTjp$(Fac;`C+-S$Kv}_2O<FLT1xowP^m-oMF@sVwt
z`Lc$vm&&Q{XN52VbE+>bFVO6};`yD7>Gx!Jv-UW`d&{&>mAq)$5n`~*jJC9-*8A)O
z2+u;LUv+={VHwRZYRXK9n&);ZP|ztqO1(zdnQoILZ(m~`PoE1X-l^t2aTII`+lx9@
zWL?6Ha`M8lCs;nu*hLU-ok8;6UO)-}UDoRMSK{mX<88?IHA)}T2A|RYvJdX#GgRbj
zFV+<Mb1V0_{SGHY^`o0pU_aRfb|WdOH|kD@MBm{1g?wo)MzqjmMJ7_+H4Y04{3$d9
z<0j6}vtQMT&L0x)o>QC<I4Vl0P*R%m3){VNqse7|h!QSd;>573F5*a}hY5VzPc4t=
zsamDS0Bkycxa~0450<E8^eBYEgAHDZ12q-a>m}X{UZt3w^r-hcGbsa~&P-5|6TH?k
zrAK1am$;jO-^Hvx9ktEW`iKLJR@qFlEzN=*hu{A4NZQ_6LM7Q5ntmBDO4dck%2iQ(
zn)WPRWk`j!u_zDnrb^@!q3lFBUFJFA9K)i%X>YHS?A){@gA1E}`%JIec5GUI7$q2p
z>l9ymMMswPXb*jTW#yUD;DbQLSN`+tq6p`Cb1_rz-ib;yA8TSzof@1Df+2YohF}j&
zcg9Mjg1O*NEcQhWQk<^H;bPzIb^|YI-rt$|R)V{-`sgJLskJF!X3%?K)~$xMY;rfD
zhG8I$P2>)mU#liNW*D#BYuq=PvyXW51lveiVH6vS-p|BmTs^~slaHFK;x|R;&!kV)
z+w%G*J?By!3~TyU#UWcQ5S2<*z?p>sm8ESK+ZV*mBng9lsR$#KWQR>0w+YV7GiFco
zaDL(EJ4TbBnKc4j{%f`IkUl~zMWS<2VDklRm>->XiF3no%sS4)=?sdJA*HqsRMuZ9
zvNb~4yM<n(6!bL<94j)6Ulp%w@7!7UL^pK`gJ2=!YNyLVBc|@k--<UfrC~|>oLPBv
z13H4`1!x|)FdqGX-A9J<VtK$38^P)HKiI=u4))y{@r*<L7%9&9Ni=L{()U{v4e^zy
z@zYfA#d9Q+l#ayS6SGs)-o&F44BZbhTdp$NoW$heWHItHUuyg_+&DH9O92`&@(Uem
zf(dK^U^f(2a@r`${VwU^RnDFNS)$Y-s$t{fm!5pm^NMiF6$I*cJRzby(2(9(&LhLG
zRkBje=lrw=C#d%yBDd#YsMm4cjo8L$Wa`WZCitrPR$y~Hue8=@!Fxv!d~Xk9yRwhD
z^WM{X)-t=DrlzleoNQPI=VR9TOug}~vMP|4n{~9TEk;{4bC`-Smt5kKN>@Oi;}<?d
zvye_0wMDTAsp1e=khd>cdPbIsXPq@Nh=+P<79r}o!;~3sAW3hQa6xqrx(fNbrHUa&
z^)0-EA6HSzO{Mb#YbdcIfwS0m6kE*O%cycB7O=grdt5*lt#GdQrv)w%Y4-x-A!11f
zE?_5VdC*aDs0VmZQ^7nm-B9j$RY}nZs|UAb_dd6b%C&yLB2>KcFVzgjm4nvimCjKF
zQh81WndOaU-d4RBa>jhjH?reeje4uFHA2+#DTlDNJPu71w$$6~ZkNTj*$Knlxw^g@
zk_k?j)1GVgbyF(|n*>`$lk4_db;?d@4`|X2?`X<N#5SWd$<Qe|3ZfJ9Ko77`Dh`5R
zEGP-8YS!?_H~nx<eKh*->5(zcOf5J+j*9hBrB$nif*b;g{FSvgjxlLE8zq=s*nZBq
zBwWW1!M;X>rf2a5r(F3@u>ZL%-|C6UBBIcsX0x%3t5eKGj7WzF#ZOQz362fQFV-`p
zA(k7eFrJTd8bGM#b{|d6g#YxcaCm_4i3gtBLdR8h<HrI$J~LI0B^tMMOn11icd9cj
zjLBcE8bs6-YbyDP4XA@fG?llqK;NwANF6FMF7H(P*YJ4^y<VSq9R4u2eY?fGq!Z!}
z7!w;7Ker|~m@sAYsLdkmu0lUJe77b;dB=UpX<K+>&O?UXEfi931~*vE;i@3D%c)R<
znxEzM4K6rq_xmW_qvKM?pumZQnnH3NVem{|8+AyeSth+eA_>iNOh6Xlz51nnr<xdL
zB`ebif9yR1AEyW<k$%9YzhqXA`ngeF-}kcCM}M`IrhXUpKW!vb9y^bjkxau>f`r-$
zgl^o8V5D`XG=%CeU0El=9^hEiW5Nh$?vty9?5;Seg=OLL(7%Ve-tl&>69{(J-3TXp
z?y8E%lbzsD7GCXo*Swn(m@Spc_{D`y3EFXnSYDnbZ3N5v(<HAJ7hPT39|n)MuHy!Q
zVmmm=z&#V02(?*_m{Y438U`#R%7gjP<M+zUSji<es>Yq4D>SnDwdnGcg2c?f%sU+=
zM9^b9-Wt0vU3N9+w6UOlBI2Rt$?S1f*@>zI>I%{U+7CUyR{EaTO>LSu7i+J;eN<-$
zp)~RqIp&EEz4u@_vV2s62Ln8SWAeG7iJs>x5X_4J!5s$><P~+OwHR9%p>T&yP~<pd
za?q>WTDP#s2!8Qa<b^dc@nS$2ZUYs+Pq<ZopTIJ%0W%ggn>)PL@EPe|%cl^-BryuU
zXq5tNvGaA|mc3@W*~Ch0Hugh}mZ6Y7%1uqMmIj@#qx)hyU<;McS(@Q85}BnJ-Abxa
z5ScAy{6*rpW}T&+<@?-qO)U<p0LLrqhCQ09ycPFH;ILXDg#X|a)%m7v@kp#{GSSX#
z3<BgL^JHf1oC<`XyhyJuIu&*1G%X$rN{?MK(v1Wo805PS>Dyj6DvR$zz7-}GLM+rW
z9GZSj&S_-S-Zb>s`Z#noBN&twbG|%kXj;KXGs3)|uLA0GPK@N~5vnl8n*vU>5^uUT
zr?~t#<kc)5QHyKYc<S{D+&BnW6^zu<d<Rus$Xy7X<XYu<8UCGWXu1_-aZFI^yVC-v
zV`_7HB^irMOZ`+`iG_MOr7DMeInp#eb{qufhzU>rr3(3B)+;#TF~5NuIVPgc*wbEN
z@u|8esHXW|mGZ~0ytT2U_Xs|UbVYOBC(p?8_0onFl=vlHtWK!DUtAHAry|$^iTwG#
z_be?TxTnZ|%I6o?_LJ8y4t?SwKEi7}%lO*qmC^}n@9ablJR-$TYX3@E2Loi}NqFAv
z0FeROc)LhIuEzCe>D`Ezcj{_WZ)Ig3<#$jQGzIOecNGcwuR-+zhN8+9>qn{iTHQuK
z@P$;QM7`Qw{c8nSqdp)CNQlo;WpJ-115#VrfM5wiP_f>VD%}vEZASeU*_4~=FEX>u
z5<!K&&cBLM27rn#>M$bD*Z-87Gp;H?Tkrh1%cL6ysdbDmzPQDoi(Sa6OxIN{$(B2W
zSviMW&Fbd5@d-V_KzQqqL$4Ejr1lch6W|LjBE0DNs_vuKDx0T<F6kG4?%hvws+^cQ
zU@dXT^D=wiqMJavQ!dD3>IjIe3Y>JC<lrjg$3Lij;ZrLDCC#)VM8Toe265$7x8j@V
zm6Xo&2`xX*-ly0_2LIg}Y3yvXYBmVD8djfY2&0Le<BCfx^pV{D&Yo$gAo=wmdS>J`
zyTC)nTj$esW>bp~c)oBj;x0R@G77mhwNqDQPyIDuxlSuXf6SzH9mV#Y8P$0y#-i#I
zR27mN*92!?HII$Km=^Bw4}}TtHy+7B=P!cZC;KF=*<K%ntB${PW`KW|$7NJUv&cV1
z4LO93Exv0?>AVqg{<2Ny5Ek5a<EQ<U@doLE6k6lzU|~Cx-NckAQS8nRx+1Rhccn7x
zc<8|OUdu@wedrj`^t`!_eMYwADJ-h$yLJ}&{I`*1I%PyW#m~i_*)^9o0l&MdwFWx@
zb86Va<mBq*3vZlfAyQC7zEP0WnWJapgB=MeN5I87+Ta~)z-sfMN56|f;ihtF<hpTz
z1q7Xso!g9J+}hhl0*wL>=n%Y(8MmKfCwiYg{7NA1-jjrHP(u6pzC3!KE^O*>52QKn
zBcZa_7qz~&bBsAOZXSQ^8J6VGu>es>HTeaCbfK{`zv*aZwC5VOIC)g{s;1`WA5v1?
z)C>+wawph%+(EX@H*^$pgrQK968c^DdtC)M%dnGN93O2JL^Q`KUDWH&K6ig3$jObM
zh3r^)W^mx0yWP<ju_=ZVs;U;gIg)24r2ee4CBmXg`-P$Yh0qaxBkC-b8tYco=lK0f
z8z|G}wOpEwgOvn_`i2#@&F%9xwi^q6Zs*E-P&wy`0QsQGb_=T8){TqMC|J>A@2NWV
z_0z#OG-Q$8T8{Iq+yL(B`Cm|}1S~Ox<cUVUKW*<Y5z9wL!5t%ugDGJd6ji@AusZFV
z?cd3y$|m6B;kz~BJDt97uiMg2a57tmqf(=xD_N47fUekyEwb8P<P3m$jQ9xcBN!iq
zw$NH<XtqA3pa2;=pczTcS5SPm8WrP-m{Nzk_y&V#E$$4xv+w7jnD%Epe0D>;_^(SF
zA8NTMtYUpdiD<vTQrHovouGHypX-xzXxDU=#y^RhkhhzzpJo$vSc-H4vIWPzEk%9r
zVp>j%>{Bg4EIH4Do$l!g_*+9CCazSIM=GTt#7cvpt{C1Zj|yN>qjuJ{wNucCM_^B&
zS74d^IZ5a$71nzq?l8Yg_8a`l57(L;8K=r7MabB&Pz)cB;8&X>>hMPa5{TwJ*V2Ox
zeW|PKCD&op>lOL$k;DDF?zYT2fAeW0$tU8AV0IQNo*P+luAE-9L%yJKx$HD?lo5fm
z!hKE&J1yQCjRy5wezW22gt=CoX=2%jKg#7tYhpiLR$mL=ACR{Aw5}vbZM{+nyoR4T
zl;(QLl)m!=m(1a)25v!~f-a9Z)J<fq6VoVvOqYSw7zbrqRhN8dTvnGiiE!oOILuE>
zI))ctG_Yv0g=P{sW%3IvneG3*hg9y0Jd<bYSXh%kG}HGCBAIKO`VFJ%EoT$iWfT(y
z&3XFPPS=yQFb`kATC(PPy_y(~zN#KT7KY%-j3{cK@EsIO%^Vk;z0X;-7R1hjlM-OP
ze>Z2M^8|ZR2amA(nrt;b`B#x>tIM*?FC7yUO_ytn;{UyPSJcek^zUeO)Vta*&i;c1
z@vSY+>tQ@)uT6@fJwgg?#qg`w-bbjIMAgb6#0rf-^AfX(C~RW&Y;JCBzhOj**Z4~y
zWF1LIhoo}Or7j-br6%h*?h>eUEs}nv{)9aN`4*dxJh5$zYSMa4tT0}m&QY;b{>?U*
zxs^u=cSnBKq*J-Jr``jBk2)eJW?U(X;X^oA2k}xFs3cCXh3$Cy?`odT)AGuVKO*VC
z{q+~8%SJ}_eq{dm%F54~NWuMKTN8KmW??(cj_>Pe$R_IVwI+^C*04sLI&2(1@LdKc
z62p9{(D*OQec_nq0v1vmba4L?o`6>(hg#g8nb86?+V)aVAI$n`Fq?44Ud3{fc%e*~
zr`LOdY1FLlF3rSj68o*@l=QPU?S~N?P2=;XAKPE*l5aXL9E|3oqa(TO6L%pqyAvk|
zSgG(U(akGbwIVngE*8|{N+)IqowpNVN%^BxT(xv`PP&ohyxDwRdQ|iar<30or-+1v
z(}hVZ-xGT21WW`!hg-k?7FUSX1XK0x%*DZj?148`y|Su6v@k?)DlUPqOM;u~UbWWn
z<tis&S9GMQ0AVA8nXkS)yF{T!^^YKU!R7_uAvKWQN<G>AXAQ%1{F+!5Zn4g7)-}6l
z$7c_tY%_xRHNmQz)|{zw)+GfzVZ#Xsx6qd=@mHn#PXs$a^ND12Y?&69#U`Ipbi*z0
z>fj6SFqx1%E39QEMNRrWtHj|&2m7zJ;0V)MnG5Hs^-Jr^dgcfFn<Zi;ANG6cZdKs)
z_}i^Te}SHE|BcDe_eMd-YrfoaCc0uLoj%tUoW1w2okTT)BkfxaBP;Q`O5Z9GM?3}N
z<Nvx-(^vs(%Zbmn5@;j(MoD}woX!6o*-?9@2``bYZ@wQBpYfPfNH7zBhp{0)cSqpa
zEVg#=kBv9~cVs8+nI*WLl=cL_U81uI-QDbOfGNDp&nAalT<Tq>ZX8&A%zWZP8Hag>
zcLA-uuu+&OD(0pn>!M~ZatW_54Nt`4n5pK{*&RcLaPdjy&7)#CJ9wU|)+`xVLgQ0=
zzgYf)<o*rP7`LBjor*DzJ-0(kgYjNSI<w(6RB1)gga(Ti#t`&k!n(?zu$zfsWNKn;
z0jRE>zAv|{coilhS?K~O_wQe<ZGURwUpH7wilRbt&aR1-EY4qRkzdlYtL=!@e7EWm
zpxN~JO3NMU_>ojTeem7X@%($dW-(K)Sru#K?}B9u(<k3=qLznBZr7k`+4B@C4(&5G
zd^@L>>B?0!X!}(-Ce44yhi4*$>p3diQLd5iWl9OFp=JzefbvqY_JNR^Puvu`2t8R_
z7RUapQ?wDrUlLh|j%aKqq=9^3kmrs2J>Nv(x1yq^#y*<6tWKE-NV#AXuG6&BIVR{@
z5f`Sf%e*Ohh?FBIZNaD4;h*;-)x6kc=$COb73$#jjxG5WYE=V!<fwPYgvG&&Muvjb
zn5-UZuzA6-Mlv!zsut8@Xwf2t<sA+Dz<YyB$TP(6hT{95h4wJOIp!5x&G?RcJ7rWw
zv@H~G;dP2xirSi#s$<zOf$!g8m#I(@9jsL!5m2*ezJPaIb1Mbqu)j7LI(mS_ISPky
zU`333O-KzkhDid`jnORSlj+Or8xO<F6J>4d`&yFgSNYh5POkLN{GZ-Fr;8v;0sY`c
z4m<$I732yQ5k29SWi~%8z&{7$dl=F&q+m2_n2Eo2(+u|0w^QT>L>Ep3x3v_G$(=vM
z__dEgSl8&-QQV3CJpo0bvfYM(45h@PS#}ZT(w}rpR00&K80JJs>G2%A%X^-<_Fz6h
zP<QlhuUY_n@=jUO31xJ+4SLv>bJm{8r^rgYp!;cr{@N~}r_<FNXh_Hj8YyYsIki4A
z+#~ULL&@0bYG`RsIFa2lNZy}NAtXbI1lJmHNiInn#%v~DzxP%i?osyz{Y`;pfR+d;
zrM=W(6Gu~RLkbL+++(5b411FJjG(oHp-?d~vROLDw{e%a_+`FRz_zm^GY!r!Tc*qU
zgpQ-H<KsLrH&TkSsrB`F^F+U^eqVnX4R>F7`m(C9+20`aw;(ne-#Au}TXjAD(Y#Tt
zOItmYWb}=%U@g8_KATqPXJE=%+5A5A^0yzCgh5Md{jy%e2<L-Kq9BGl-^&&055;C~
zhcj_?=Gwo%shGcX&bCT&_11aZw=difd`$#>eYMpKTW6x_zg-UP7*4Hy-qR}7w7u}1
zkjq&j$WX9sDoXI?jhrx-$xi+BhRyAFid;0rxUTl^J()pf`xv2g{LQ9}iFK7;3xn3R
zmhNX?BKDCo9yX&8pL$IjpXam9qjxj!b*?6oFzIDg-2>s=zwZI*f8#H{IWUda|KabN
zbk>=|RNUv9czGn@#PaWN-o@*?@kZEfhtik6?;)rS|91qRw3Wx1SQ(7&l26Qw4g8sy
zg+8kiw0D(%eWRu=_f(EB3_f!Hkb#xA0MNcX=b-eN^wpz$wf+x$Va`tc>&Jg;!d8_6
zm=tQXi7s^H8rE$O+Su9b=14B|xcDS$WWn2NKWLcaG_c#?<h~teF67GYt2|?P?jSh*
z8^3JupJRtGV&*PLEOV_SYgn||z)*(OionIHLA*bm$!QdcFeg<bEJf5sUElANt}7?D
zuvJO)H%XOYQcAg=?Zxny!6Xq^RTEMYrOXmVjKXZ(jn+3$FYhY+y9!}<iAA<_cH0;Z
zaZUWBKnpvEU7Z)^W|qfAZ!}3{k-xTf5}z&{)axvXihj(L;cCt@TMgK>NiK6pMM_%X
zo*#;Th>&wcbebU=w^)@Dhgn;7iXBr@DpN3d^<<ri%q52&%)r^3*I2~zNiOu*30B(~
zo9a#9>u*6*Dc<zkgy?2D`z2jWb!Gm6nX`eR19*&UyMhPsh%5OGEgOum2Ed+3PX!*Q
zzSkFiYyv<S-%JxYMt1<!xKaj~R9QNJ<^<RjcRzsQhz58`MSv|OP%*%VMymo?B6%_i
zFn%JCnSlX-IR64r(@k0K1ZMY7H6Tq-72si$O92)};I<~hU-Z#lBL4%W1o#)g@1}`I
z{71qt1LsKq5#uWp;co{}tvBdwFuwnY*jO&$?kNNSlET3TGY;^gr5#lOXS|jSU@uN0
zBk!8sM1YoQgrc8Afa+T7yG-Do9sPhLQGlq62Wr#>=*oHEl4tP$h++0+0A@XD0+3>P
z;K~8e)DzZEY6=fedvc(`rO+8f!SV6npsj?^84c?30B(mz*Uj?RS$3G)8UR(++JxDj
zDYGk@|LN+<^j@`41ENs12N0g@vX{`y0IIS9pemk`c+h%HKxRk?O3cJTXU2@5Wziwb
z`Uh;FFLGQF#y?=IG?*a=GsM^0(d?WpNVh=UTLZn?dz`NWwat-dXEspd>UjxG^IaL*
zUJIa)6=)>DqzOQuP_hY^$R%}VFuv*I*ZF;nFEB&)&$D!2Q!=c*mV-Wr0}$#=0J4M}
zPK1jd8VE#Uk*HHsLloo`0r2PsYCHsM?89kytZFH{7EMCmycGALUDzwC9lFzX0RkTw
zmRkeK6723hsN2EQTF20n9)fBw5WVmLXKRiF6`qZ#*Srh;6!4*vqY{yMUaQRJEjUyC
z3y&6>(EjH_d-2_wU9dE)#5j{!tN8oEY*u|`A%frUB6~Pc5kt{2wi87AI8bK-cRyA)
zgg|emBJlC|unvONC%Hf0X3A1ZX&x#?ZIt)i78Uc{9H>+hBB}YYO#KQlr8@Wu%~Xlj
z@0LQe{%sD^Ke~~a8j*K7&U6f?wb9Jc|Kf#e?>2cQB4zxd+$8;`e4k~bAar<Q4gZQz
zR361VS?pd@0`|2nqt?+sJ=c$6bokap>V5s8F5pyCb{P6}I@u&+v8lcd{_pTB&gA4q
z;T;VDC$DplBjPNDEVAZTj0wA1$;^~$$+dgBDO=}RU^4{|qs5$UdfUcM`WJebHFN1Y
zC^xQK%(ZrF_k`?JXZ175FG}g$q&OoZ=QkO`de6$aCH3!83`8lm-bdyNaE5UN+M;jQ
zqwoq;jKSoW)bA@4h=UclSvRTs6!C2mVs@ZWe;r^*9EDV$?3g<5ndRvUfNr)A41+Kx
zvk~-BKTbB{4*T6d$sSaq{wluGP<_Kh>~^vKsIzx{zYCi|qG#{rT{pcoPcPKjawpU|
z`9z`@a&%#bsa^ZuB{I!uJ6A97?vsn4HwqzNn_Lpo@n^ODEhBE}#N0-e+g$(KsF_Gh
zn`HdnN5pfu<;Y9hyP>v|^1o3!YHBXg6MY);^O6)7*ZUCYT_TmbdEr6%)jj{TF;V_6
zuLV9UJ*2-@XdZEV#;A6^F@*_QOPoXMB=HVx(r5X<=+;SBU^>B2k}`a^yg!a5O3j@N
z4(b_j+?3pRCY27-!=lIbx%h5*waHdrdq<z)S#ZegD8rPwldu&l6xSOk)FY*HCL9L~
zMDV;veFArOIZi3Qcdpr!cF+BF6WEI-A~}vd`bhl4aCe|B-kC+c(qoOA+a1*;4(%SQ
z?RpG4N-1zxJ_6yHwBGVH8gKE@s}#Cg1hWZTR?$2rLfXArZaoIuXj=$+L*FQ3)PAHR
z3lNGA1{^t-IfBblp%6NIYYU)Bb3oCQSgQ^wkHHos2*)GF?5roz+klR1s&~->5|ZQE
z8QwgBFF{?sKv@2RQk4Hh8;mf^UVL`7Hj%dWuQsUBkrL`5B*94nh@-#GFR0frlMz^M
zHB9aJ1&Rx~SH-B)*yL73y^w))y33h9g%DspFMLR*MylLWC?3(8Vh6z<+rfn&C)yj-
zdL^9K!SdcG^N$t5$MeNL1b1Q0*KAUkkGShR-wnWbnvK^!U(+w;Hon$GZ>Bz9GU<r=
zHTrq1j&i_*55ig-Qx<SgP{)Ba0XsUGRja<+v<0jSIfCjQTW2i#z}>x6L4B8qwfUx}
zRxM_lYd(?0!;@J(Y8uL(hEY7v3f36U!VT)240vmBl{VmNHzlyF!om6xQMg;-%>vB9
zSaR_G3$i1OUl81&29f4;;K7>$w-Mw(?%0B_#*2C{&B-YpL*XW6-fz&n3zHz*?9yLs
zSeimNrfxCz-JEgLa9o-?5}A^Ldgb>*&4?VX(-GsI&ha&w-i=V40QnfqUnkZO&hH^n
z)l?q=KU43%(>4wZ#kcWG46Il!PT%nx(%fN69&cx=spli!*tVjb^*d4D)eE%jt=NEc
zR>%{%4KD|2>s*6bT@ZR^$#$UpCLCXV!ry1K0UWuILkou;N!>AgQo>Wx!o!8!j3Nl1
z3-#WO{^-n*t>Uo~K3aL>WbJQvy*fHiN6Rd1KODy6SyKo;<-Ikyt0976Ik{saCGZg1
zuQl~T8k>dkR=%atbDmWX#3Y4nnz~nx+6z;V!A@yNDJV`oRMZ#pPPXrRb6%Rs@45O^
zOdf$p6|F->vaI^GKrz1jW{)>S5W10}o^8H}xVvSbSV<a?EZhUZ_8dfA@kC?VI`@sB
z{TmTO>*e*G8e@x>CLzR%Pbuwp&#^M`JHFK@Z6(J}BiYwO;v7xV`3}F&tBs;Zjl?6{
z{FFl#&VwH+1Y8-NaPh@knAewH68|z*U0WlE%CH=L^GX$<!cB~tHxO6@6G*7?>juwV
z@FxlF7q^KQEW4PmR*D|E5|6A%H@@SIyE54QA>+LttheKR>a2tIw_!=4zW?yV*iL9q
zM5v(2l`;IxuSkrTUNZc`BkHf<kE3Iy!h*~kIgU)}HtNmmvakDem8r0;O|$g$jnnpV
z&TdU{nl%1s`9Ih{+hDqnR3M6voxf2TOrhDmGIdp{=?`b<Tm)-qNV+r4Wc$xAVtaUI
ze2?`iTu}YtTk>Kf@zhv%&NRT}oy?&vbdEgzL;X6D1X_HaBAYfi%PcHyRgaljNM*JW
zW?N>OLmYfy?e;mUME{s-fpDR-wuu4EbkfdMeg%{DnNXL;dS+ZZ<f#23y*3C)R;(RI
zd1g3l?{eg~Bdfd;?lVW@%V>(}Qw$;$`p~$_?o&OZf?})4<jt*w%Sd??5JdUIUf<+w
z^!;)VkHnFtR<iUGuJFVo%z4W!?zqe2SLR9<bCFA`u)JYhX)&KEw(1=y7GtM$D}Gtn
zHR+>T0nG0+g7HpXO3aJi$+Fy#oj8|9o!pMe^Wb2xF8T|J=uo*p`%=SeYuu-3#k!_T
z3yB5Ac(*~FH6Ib0ft?SD%a+rtX~Lv-sehVro<}2wnT|%JE9xCY_M_e|A*ER*c(pBU
ziQ_BXSucv-9TTdy0?=>KM^>Fy@YmQ3`cJiQp^E0Cih=mrfYVFHmLjn;{&*Z3jvys!
z6RiYooLC2$(&GpvCANOH2VS{EX_-<5Wo1%|lP_8$@}Ye3IHLzSQ`>w$^U)}~%U?@U
ze%YIr$IrMqJ^pc|E~#5elRxJgr_$4~2z=L;U7whAft*1VSy0+vNPYcVsr1z5r|$kC
z_XHE`-zGPB0uFPPgVV0HCkB#eM$w5$iBXQ8<5YHBx(-r&(js}>raO_-@88l_*0Qqy
zvoW(xpUGJP7G}b!+TCd5e5mKixZ3Kd_jSK9Z=&+<K%ma_8O0<H=?s#mGru+k%&@_q
zwThM2LVky~bh0BU><8yvXc=>}Ib3cF|H8YaxmllH3wdI#nF;kDdyNtuTv(88(Io&~
z^vzRzut<5i^Ls7xbT#NC){I+8?(h9lZ#a)-B^c#L%Ckp&%Cf`W{aa+1`Dff3tfyoC
zo+t#(W>?BPykfC)=iV1Ez20gzB38GvPz<|#{YHMSuLXU4!b>_!A5PI9l-)S9dRwIi
zBO!R2QgXQz%>}vfQF`V8ffDr`E=@-4;$GMc33TN}2-L-$9?{22wO&GZeSfkI<I=i?
z(ppv)yUKkEj#q<o(b3RFI`5eZ<Jz>>*1@syoyAG+V7FYG-!yaV+|P%Zp*;uO#olbT
z(RPxW><;@yJFXd^T&>PM07K<br7G3g`#@|_;Y+0rOoqTe#aUu~elq+a+l|T;kx~02
zD<sVlyg8nq+{O_waq}$TJ3&`H&QyIWH?=)!wIKr1I&{V_|2w@uH(fmI2&qK`X%XD8
zyqM=IUgc$q$YT>?T?AR6eu>hXK@|USHsDu$158TEUtdkSV$9a0zzO8x3|TAnp>jtu
z9qC#0z%qadvW(U0Wr0%pD7GDg4rZ?5^~`n7DrmJ_^L8?X3wCr`-K=8-Ut;Y{ZJa)7
zONt-#%O?=BM5R_|3cLSf+}};L%JDZ&+z_LZUB~f&b8DulR<PJOtZ=vOtH%$MTmCy1
z((CNCIOJL_@$mPrQBID9tDsV!Y^vd!xU>zD8y3vWN^xGM+KNw9a^OyE6TO_;{APxI
zs>+WQvZ-?fnn5I?fWEo6vieJ<DGu$fU`aE+B_Fn*Pk*=WlQp&)_F)V81ZQ*b48fX`
z;0l_n!bh%Vnh=7O_$Smf+~g+sNc_4AdIhyYYqb>}{%#?ylg5Yq%+%7}16ZnwMi#Y%
z?l?h}zT^}39qh7CexkY4D;6ZrvfPO$VVSAPfuXP4Y#&{*9KvBEDNzb@nh;K!eKD!q
zseWL?E7?dTGz5zI=(dPq9j3MhTv5B&){U&mM#7qo*!(=$QRu~W!*ALMZ;Mzyuf0=l
zY6-HPL|)CtZvEmQ+`HEi=%*{6uDL}5tvtSH4%z)B&;BmzY=9#a>Flu^r~mJPq7Ivq
z%G%k?ui|V=o+-sv>3YhKIDl=SItKd)1`gZ1nr^_iPDS-tzt*e;RRNq(DoE|={$A6I
zD~K(AUq7ZW;D*_3_>rYC!LDP_n_#hoZ6_fizRt1&a|6t!PGfL6dKE>i_3**{{^?TA
zCyupXA+>SC)t{^T!Tt*bZ_vVsIoeUjz{wQ4%W|TWW$}BCSDx}KbFa0<<+g@YLbuM>
zT<1_FqoU+8Spj35$@*%xv@`h@=$Gh98u!|9q0hyjWGBBGy|!Q_qQbC*RVHL-`r=ip
zr<SQnfoKJ*XZC<IbZG?CYdOrdBQ^e>^U@Hpoz%jFcfNb6g-+rr0$jTlY-Ti;DI94%
zr46{^e96nBkts$|Wf5$6cvnHXJIBjiI<nu!|2DR_29w{bikF*gGjt5|f%C0j1nOL~
z6N2dtZ?XA3O_9soHai|{hpO>HUuJQFVxBUZf`0xPMzvRcf?<-<`^bbu*=Q~EDZ`|{
zwNC<GF;S19XtZsrmzl-1jSgC+6yx>YXC%Cd;5LPrLnVrbug)$jk9fjb14LzTDOb0Z
znO$DuyGf*>lwu!nw{^H+gJIOUPg0x_zu#Q;lzJ9Lvi1YhYA~d+p{b|oIqPozW^vyz
z<%hMg1(+&n7OI)~u}R=NjdBxeV}w5-1A}v3@xwzm-<8A=A3FGS06+He;It6~Onmpx
z0<b#54#T|mPiRVr4d!+=9hjfLtR<n_&vyXICMJWqhti?~Uz&^Z;quoAZDpaJ(*Y%_
zJ4o=J_~E$^psw`{Ox2kI%__*hi7q!AjKU%?!@rsAY+UrON(Pch0Qn<EK<Vl51;`xp
z0vHpDj_vTF_x@dD02HMDsZv1zyF~Cm+XFsemvAE@^R@lB6oPwRM&X_#wfZH(A8qLC
zm-`TR=rXkRAo813SfHjM;I<M#v3pptlTY5E?$8>^SYflMfT1Ip5i8IIP_&W)6s?40
zBmArW6~?@Pv1O*iD)|iym^myE!@hoL{^bsRmfZeH@N2uj9qACE|7;szcxVEu6$We~
z!v7@CZYTgbw0|;SDuDWh0Wj0w1H{mp0Q-q&Ah2Nz_)wNWk97(vd&_*(rO*Yx{nKj-
za);(g<^&ghsEzP1BI?7BZB4*~uA(=1hA`}st=~0FuOPM$#a-gk!K`V(d9PugcT%tW
zh=ZR1KUfw1kTK-@XWOuUQIS8xC(qLVMfHFl&=GtJb03FQ*Tg@7b-Xy%z7UMXqoLni
zY}$M<G;IHlKGBIiarSXbAk6)?!riw|X7!okzv!z!p2)YpI=lWWONPv=GVFgvb<Bb+
zIu-sa0_dE%`v4!Ti);Ww>$uY7_)Ki*Eg8GjnYaa8jyHz((NXa5o6_M(-@S==$dh^q
zL_Wd|g=}qXU*^1>y4#1L+pU3|v8#;yUlfgEpf?Z>5I8w3>$_JI_kL3MhJ1}^dUvr3
zsP4FhUbKZB-&P#^0y;w&wQYc%s_WyH9#;2>cDGM6cJM=Q(E2G*6vwb#T<XMDLc@5E
zEA~V?_65>+4+$H(tr$|!v`9eQCSPtMZ;Qnv#Qt}&!ygZq_Fu}=e|@mniM=R7JwVFv
zUy?@OJp<YAHsD!L!4pw8uC_C=7h%x4dcnd!*2edSXVc9Y((eK_G$zNM54<BwVb7~*
ze}d0@`8os!fa!knq4J(@hH$#9SdqF9b>bOPLTm{p!IT27ED{OI474i9#WCnJZ$eM(
z5@Z-(2j=^ANHJo0%|(V$L5tA<6Gk=gE@Dy0I6=h+?B0=*+NP&1S4oDhvWr4Ndxv63
zfQrv%a_RuZ7KO{9v!70Dn&*ETmSO^v1~TfA+4jc3*jYi}Mi>Ai;j{6&3WuO8qG#|?
z(q~R+&w5QUi14JO!9`?hS*X9BTQ5U*^|jKUSBSE09~vhgk4L=T4cjY-BX=kt`LBX%
z5iK(+(p7HDZRuO5qGgJ!!pE@_!aBKp;r57FJVA3Ut$ZeS`-Q`&lkz@&nyK)r`K|=g
zE+^Zg!_a$8{a8fy!<92*9$_5l2&#ju(h67DYa#`0vw3a#ck8LKmXKcd%w{v^m!r%i
zXDzrrOeFh<OxFl!#_3kgxDPw2o)y97K3|^3;@<e9LWL6P9U?C<n8yZK9bg6fE61i)
zKs#Ee2xbOJuz}{tTg?*g@jtY7wgK(55BBt!f@YyXYM-4>3i-ejs1%JW)ymqIcukx=
zGXNaQBabJ?<*=7Zw2pQA3-)b**~)PrH{X3Pf0KASfxVBTMJRBIxElJ*S}ks6{Hq&M
zo@v-r$+61yPDXZaG;uN252N&zk0IlIH>reurE47UpKZKVc<8dz<raVWxU%gE&Fp`;
zHw9y!>@!1Uno5uPpKz|*>0TdX*4p80K2mEWsPp>NO+IyMh8(5)*gzPePA#Ml_<CjG
z3jv#6TC0Rm^SLKX$0)~`bUph77H5WBW!En|tnM}@I-jPGEgLLX6gA{%OJ#C3;H?u{
zM)SH;jsB%Yjvz{{Y@qy-KCvH^T4`}mSwF!%2fVyW0?Pb4qH4lmZ$J4AM-VSlP4o{Y
zY|hwtT+0A6<TNZ#Wx!*e3e@&Y90>n$%34LK1f|Gt^S!DZH!Sv+>8CVX0?2~sA#OkZ
zxHEuH;mGr#F%dK-gKWb(vi|qC<a}it$kKo*jedT_xoYk-LNUIgEXUo%Nu918=HP@P
z|FORr$#4+;T0qjCR8|J?mGxkcEW;g()euU#Sgs_;ZG{y-M$q3(wP)cvN4vHuN7-+T
zDXo+)Rrt;+)-25Cf3;yXw1{ht3U4!-J}v+0&!a+q;n@(2g?@fL?L&~m6qh)Cx?(Fs
z9r&?GyZjeF0v`-HKC0xmHO@f37d~vd<6C8e<xPA^0@s}=W@h?iALHSJ%M49#PfBH~
zM0$cd$ZmUgp}X?DzdP1Rz0E$%d3Yb)+od2zSUo`<ryuYbIIFZ(kaznvy>_D5Bv&4f
z6L)SyAIri-=M-py&>d(R=MaQfD(Bh#W$_8m3zC?84)j~5N1$};7<S+~tu(YS#LtsO
z0cwr7jV`&DzyV&H2S%hhy#ni8pSt0vj}`6^6nAYUyf?E86FA%)4_0^B5eD*^54ua5
zuZynL*8Ia#o-<<Xj1<dIb79D_w;6g|tkzGn>2RZj0JXlx;VDdZ|E+|QgQ{K~Ap;G8
z@@W)`W{~>S2xdhthd)oXH0nK#y5f)^b~kPa+<h&TNxTInKDZ#lrX)|^c(XoKt)5Yn
zDv2ud&yct@uL?>*F9&{!llk1&31cWiJi>FBv@Pi5$y_+Cp{^Pbm`8b>5R=J)J#7(&
zJIo3HL?@@hoth#s@tecPG^D2AGpAYz=VH`F{zY-1H2Q5-@UCsQiB17^hFr-Xs1Ny6
z<6t;fwF%=+Cf6K6V6|L1&4K;TDDQa2)^hS8+dWUsl_b1CpMJ8ocEkR(Gp$r6Zi*DN
zt}VPM?D{+-9m+kFgV3jEo`4?ztj5heXnUat2N+)|9seaPAGY+|pIx@N?(kqe4(@g4
z5p_80#rOq(jpaq54lPDF0Q`JT*nuOF*v$_t6Sts5<>?LNK1@YuVZWC91v>AAr5=xf
zKs65oQlf7PfRZQryv<it_d@7NR+Kh}NG*R{_C}P|e%f_^pAZ}W^Nb5Q*mceUZh7}{
zAkVq-0D?C|%__Z)g&;uUp^PB4Q}C6-D3BT8Hr2I8CCxYnjU~SuWVLXMpuj@$_cOKz
z4-A(xu770jX<+%f$x40ZUq?w-_axv|f8rW_>uD0rU2>s_nJukxLP|GsVHu~hv{uPE
z>O~FPoQZ_Ko-8%jelnEkOuAv;U13}QU4aD)g93CNICKs)iYjRvbc%;3j(>DQ)R{te
z*CcW8%Z=TI&yi<&rKHGUFv^L7Eq+PQ9aHHzpiOd)IdJ<&*wKEcs1MjheHyDcCv@rW
zFfwkbQt^xt6Zc#ux^PjIsp>H(=7RP_c^ATx%--OtwUpr#zj~J_pxcn)AVbz<X>lm;
z5os(-gr?xaO*VsuVuwGG&m(THs0Air#;Nv^FDtPi#9x~xsGyTvGBNcGUGN213PSXD
zp2sG?yP%4^-X|`-h!C2ys9**SMlH3)mydmC%fU<uDyRB&uF^-g(!wDJ8Mo>r!zUIK
z`8$=eNFs%EddF4m={m91IEH^5Zr*Kc%RN-$m=?#`k)LEzq3yurZs*iHBnkFClDTDH
zCVl^~QX%B6?EX6$3uRNAA`w)r*eNpoAUyeuNW3k$r0xqS7H8a&9Jc#+HRY4*hplw^
zHtyfkvIX%!U~LHQrfwRg?JYd9cEyMrKfR0kG#!f$`kaqs$jF*y&aSX+vUe-@ijafp
zQ5do&<SlZm?0EHgk@j3}YW3G>Thcw}`rZe9Z2fL8;R|Tr$kEfvZsEwNCvs`z>y3F}
z&B#tQ>3DXu<=U3~k8o*L0&1ZqUU$=aJJ^2E-kfH3hN;B<QU4%s!L2T1{r9vM^7%&-
z#gj{+lveka1@kgi*<^rBZ?h9#=klr@btDu4w3z_Go4)1x5O=R;PF-v)$iS^QE3bUh
zD&Rk<c-g{v0P$AkdOyB7z`LXDp^?S0Li&LC2UC+zET}|C<(m%PGA<o+@JZT;!Behe
zpgN%Dq)UiVvokXgT1k<Mp+=?*L*E?Ny28d&w8bx<#y_?sK8;UVPZrv-5Hr=#TDaFn
zSZ{?ZooCn_w7cLuJ)AkKHQya~5<eRDI7if&`BGrN@{Xl9qVvvPOG}5Sdq*sdJPF4d
ze@cRKF>@kG>(>y@tPo$q_oU4^q$-X`?353i*H5MeLLu?a1z;C#{c@64*;&rDt`G4v
z=1&zR#}RcFf*5UP8Nu{7oZ2<QCq(ZL?u-i>9+;I}f1jDvKV?u5zW6FxL|c1jR?vx@
zfw=bXMr5q^iH7E4rg?$A#y)M+X*63n<Zb3pfEl3Oa~b*`9(%c#@Z2%p8DSi<%-lU9
zHO(V)@3kljY_@$w+Ebj?2KMI)bEH%lm9@P=UNqE#-dyu4K%9kkN77q_Gw})pdy0@S
z={&NH{2I;<uJ{4@gZ%h`vuSCX$X-**L#P44BT$zrMahjzWO|s8{0yQ#4zal2-?4*P
z&3?zzPH|ut>)gp5Q`zUDV^M%F(4l^AGSzSk);aQft31wBSebX>{awq(zgu*X`<7?R
zPW6}GWuE>fLg}zXUPrM&^P#RTBdxWhw$k>_MN^xnN}Y7Dm}l|#G*=tHHi;i`V^A9w
z=4vNnx^AJQ`U|FSwC{j>u~DOsHmO>9z1<N5UoXv&PyJYiuohMd``&zZAC9(RtGFsg
zwT0CLy24Yf?bEFJ+LqXI&r?apbOJ5!77;a-wTI2M{Ys??p^`<aX|h?VjIweTB^5r$
zltHPR$o}zu850Rk@9d_xA(z&q`1rnb+t$~%Iq*uE^H#pfP{*)yig6l;jP3*{C0-0&
z`q_?w$%Jga=MV2<VqU&0+i`Y{nQW!1>8hJj6`gS=1=O<k@joSUn)r8aUpgg!_j^mE
zso6FBpoVN7W0mEwb*+_w=yo*+bl@%xC!}7~5Kv<sKFwyG^1G30EYi$k;T%JWv??wZ
z^O^MZRv0EzYbs0t>JmPNoeT2gx-Jnt>=q$MWkn}kOt=CsIl;koRh+F(&H+B3XffhJ
zK9yPpr&<M>Y%)R(p+^VmJjU{?v$!BA{GUDSOMD`kVg{-8;tC91M4NE%ggn+L87#W?
zPnYIym@S~5%jj1jm>_tU6}fKBZ~abQH^tST?x?uk9x;^kvqQ7{NMl5{(Zr~Bu#({a
z>t)rT9l@!_^THoRoZ=s|_E_nVM>h92JVXt#lKO48Rw4Xfq<!KNj7O7+sKs$x_#Q3q
z&aiv0VfQf0kVo7yrs7=(gG#I0tN!car(tJa{tef=r&B2f)=w(jkje{W*|RV-pK%b#
zgU1X%2tINt0}JOfJ@Xz;5j`U*FRD@@qqxDBPQ|-0wePHDofd6!Br>A1?LC*uRgQ%z
z(E?7Qf!K6<x&{YEa{c(RIY%&UQ;D76#pUn0E3TmtX2(jpMl}UZz@s3itn3mO_lW0)
zX(FAv%zPGgtJ^8M%<dl@>nGSMx{;m2_a`Oz|5;}L9t*_WnRDEdyH&r;w3rkX&h!0x
zZE4rw`-N!7t56<!&PLp(p^2~h_XzaG>TR+Nv=H3mv1ien0o%8oqz9(n>vrbE(Keou
zNV-WbGu%1D*Y<6h+i>5;?9HeP+TPU*6uLcfUi;AIvNt)!Q{i%YAzR^HAxVm#x+<c`
z=4ue?=bpTv#3{aA&b^oNZ&}mCb#m2C#e%+cg+jmOjDN7hk(a}5PS;`0DN{+t2`#$h
z>+S>XAkFpkxtk_C=dD0Hz2l~j$*m)#yRN7P0WB)lbb#oXWY)9)LTacPRgh{ki;dT`
zAvv(5mdbO1y}6wJ@1WM39&;DUBo9)&nJ+rip59W!vEp9pi7P`SQ!cBTSlMFd#v6Ua
ziuxuYx3>4@zQs;{^h(N9qkjDuPKCBc;xUtr!_^7|aUkkPaNn~qQi?fKTbHApqCg<R
z6_?0CK}M*r7+-%oRl_{}|91@V?!G9tx2***9DJrEu!ko;Y5Q7V(gS)sLguujbIA!O
zcSnt_M3+aa8*VI%AAXI(tSD2UHaL7uCt_o)j&SkUTZ!}{7C#Xj?EIR+oNV$Fdl!W2
z8r=^`M)y%NPSjLZ5%T^yH(a1(kQ{rqW0IR#N;}6dI-z4CJcpJyI5CMHVg>^BUp{!!
zX7Vp1d&*v~&<xpKAko|x(l4y^gxM}A?DX*3fcUzcA^qe!3DY6;x6MUtTgAlE^u>!|
z$h3oD9frabDV?nvqyFtusX;3&2$kWtkuQeQMaXyIRK?k*4D{JVJjaAr{or~}$ikXO
zwAcE|jR3Qe$l2>ttfTM`6qk|=nYpM>(Hc=JmS*3Z%H<nm(k&CY|I*u(sx7IO)t7M3
zk-t`5X0-cVoQYKsC`_SF7Qd{joSI=A$W4vfKWAr*?CU?WPhH2L*{}@Qc;;A$tTLHi
zN`Yrz?z}D@QiI>VJS76oA*8~mXV9FtH$bRZw%#HVVlaE}3@L?Q-p|T-6+V+W4)_dN
zn4~6GhJ@jN?MFrD3Ji<#K8Y!IBWengw?#=Okx|c{o6l$|q~7}d!#+{Ob47*5g<mNS
z`O#V&p6i7JX*8Z7xluPpt+WS0&g=}ALZe=@KXK#g&MjBdoL%r>(#^y@0NJuJH=uL*
z4|07~m4k(zU#ioR<in%><K`>dmP&fph*SS)LN_FT|3XeV)hz5%jmt;5cJtz%k^Ysj
z$bCl?%ggrHU{pxWM*-Q4U+R{<IJ`=3wYL5Qe-|33LtEorU~6g9tNwBsLwjd@4YhRb
z|CNWDg5;IVb%bE|7ND&a0HT|*6BxdtL8dEiFb*J$QndP`ZEJz#Sl9z5^K&#xve<Ch
zI2ANJ`>yr?+f)z7r!pY)VHZa)(e-P4>yjh}^@PMtc1KA7bBG<rg^-|%|Jh!fSF(`8
zUn2*RrhXHpm67fGpPR3&<gS$KXLH5Xq%(h-NW(pqciRb6uM;YU{A6Z{t8*^(mWN;T
z!f(x!Ws+W3(f_tZ-O|p7s;j3I{E%p@8wP2p2t5-m&c<kPb8jY|pn8~uQ>^hOK7MHO
zAsnu^`#If-YO>Vy*#h#L{X{$a-a;H3(kdAti+DTos@%z=0obZb>GQ_AhlNJ$%mKqI
zy=xfBDORtsYdFbii&?~6rvINZ0(2oFbQNU`>Z)9B&+lz!qkYnn&>{u)Hq{%7_`r{4
z!Etvy(Sy;m#7cDj84N9cM(6qk@vx?=;?Q8@-lwv|Cw~E=q1+`a_}2cNZz~@VlU5x|
zm=_r{wss5db@}dM3@e{k96zh7CPnR-ileCP#(e?9d*$DOOfvotOJ4yMN7HnTORx|u
zIKkar0}1Z3xVyVM1Pc;ef+lEicXxO9#dUGlf1dyS&SB}Ep6Z%vtL@#r)fav`)7oYD
z&+*FNtg{2<hWZO;MATU1e;x7$D;$FqT`w0k`p9(8RraH4Gtz0!XRaLmenNI3b3Zo$
zkFeurp4E|GmpcJ*^p+enzh_}GA?9A}Fcfhm2KNiOxi&VfS&=&||9W$ysq>yd6H0Z7
z-57Aa(aFutE_Ar9voxBT4l>v!eiff4a&^7GrX?mmca~Ko_RDCmv*;kixqP^&(E*MH
zxEN+Kk)bhC;eXmWJFy~umA(`RC4RLkVxcSdoPju=rHW=&3_tf*NE~_#lC-0^6Okm!
z4Cpd<cGJq5E+&*0eZ-=5=pQ2Sg{gFpv~i5G`Rb(cE80zgbHCtUng(rd4?}L)lrPn$
zM!l8zH|CLhp_VfEi-OlAC?pY)s<K{dahwhkJ)M82e|)CX-KO5E5gHMgY||Ie6g(&b
z>6IBq$9P|#Yx^RHvLI;AHn4(QhN}k9G^ArJl;ZRrti(r=V6P;+iv)n3K?pc{Jpedc
zWs{1z3%VYeda>#L2KrI<@veZqK}IC6Ey!Wh5FnVSpf}RpYb#+fsLz=8(=q5M_easI
zA#FgvSo%R%R&~|8Kqq2L3~o-k*WIg~1M*qVz2<8g<t_nBaxXe94w{v(`L`n{bFdS&
z`C(o_W_7VS>uTeSbMBT0{Ttn%AX>h(;GjwVG?-Av*6&IGTHCEUoq2bDo-3K)W_-KX
zvc5Y@67e*s?IUWLM9l8=D0<m?h8NMlkwb^3XQk*c-Mo-alXm~8o_b2##>^M_kC`t`
zQ_uOkGWGJjCWC2eo?OjAwcNxmA-r@q&t~##T`Rvyv4KUwYZ}*SBYdGUvEy+Tt(Kl(
z<hKL@zD|l+Te<M2^!wb#H9Kz_mGIfQ<coepc@~#qYI=hqdIMVT1dAEz0R@Aw_4rLs
z6F7sK{B7BZq<N%=En47Af5W=Hk{CmAyD}qaJ{!9UIdQw#YXkAk53By%zm0g;JRP-!
z3Q7V%(#%wi?7h>a+)d~6;4>W1eT^H}tIgY1d0yu#F*4{pGS9o~{8x`_wR3;Xar*Q(
zfdGz@I)88S3{k~|#xMYsK*LxUBd=NGbQ*7~H^!;)rpooAJ_q@Ypk+}*nqO#ZcVB}U
zP&pgSseOSPe<6x4+;`^WfX8LtVyA`$#>tav*T0jTeuz7i95=8Gx4;5xNF@3h{cga3
zxKA1fOMiKIrnL66#!k5||4Z|zr~I^<=dDRdaJ~4?Stkj9mXC5I%orx!_au;72Y+hB
zExMDRbd7Y|*KzYTy5kCeHMO7a%wGN$_zN^BFsPP)wpvZfY0$S))%neB=OJZf^B?sO
zjacF@Qjkn)JwW~QhF^5!A|sO{Tmn%4_$$aA?c}NOEU{=IK2$)M5752Gj>_D$tx}`P
z{^^*rEEd|Y?|UmpTGY^j#h+o#-bbwxT0riNs%hu@uF-}1BWb0%M2o64-)`TzT3)O`
ziGjuB$f}_6s0kg01_aLQl5ZpIUd8igt-KHgy>r%P0fqVAyzt%~8UBZl7SxV3MZne0
zXlhak!8z-rw`4Xhn{N=oJA5MrhX2^_$q8bjMxF@c47+NpuKI?hf`%m;Ni4JnzTAQw
ztWL`j-L|jpp=6a6uQQ6ZDZ=4pD;ynV%`=RCmRdz+tv$M#?ixv4_AE;Nt*dM9FCupx
za1$llBdy2nXN9fM&^$`RQo0FpYhU}}m9cSB|9P#yZq!<B8tcO3A(xACQX`G;lU2yE
zevIL!Cg7rHmY!4GY3fh=oE0ah_6cvTAO1T$9Ndflz5DA)rccQkM7H$tO1>~aWY6Fr
zOWU5QNFj?Kw09Srp~4y(kOQGH6%OaL@&3{t9!{->g2x+sHk@t69iM_>rif0^=5OgS
z@sC}c`Xwb%FzLukqEdtp$>cZnA^X-YGJNq{il4BGZm+OgJIBZHLOJEqHaVrzm#4E(
zZw=W6UgYf`YsToc{Yj*q!pZt|zLWp<_uBmp6P3-MPJff_b=T4PcPCZT+2V+Rt&h9r
zEG9#kdch83<|Pr2f2Bce1M_gN;}CY-83t$l(T)f7a{8K~OLwPvTjMNylLIK0qE9gT
zscJn-n8kBHb8MIe_eMioX!B@_&F$rJl@cWfWV6b+#Oxa-gU=sEf9VbHtQ<RXm7G%i
z*6tiH(J0|0^tIZkryD>o^uC{XAW`INo|;d>_#IGB59MEpq=I?jeC@E<fGAd}GXP__
z^OKtyTtRcygaom{M+q#b1}<++ymUj(8~`F7#X2X6kT<dDb-VIE!e`aD@rb*mIgO<6
z6wjAlT^Z!jJbd-QFE^lsdo^j23l=+mtHJ!y$m|-w45-b<eB3V4vR(NsBxOm<OScee
zMM+C%0kNn`3Qn(%7G%c|2oe*8Ao1VfSxjx;|0M}LncJn6_!pgw#Wx1oBr~=)d(b)z
z<AH>X#dY1Yc<FZKN;pZrpsCa1;DpK#=|Ui-tCd5JtJzDZtyLw2_wknukV^oMxO-yY
zrSs)qXnB9tuZjH_mNofogi^>^!gWzUgX9nfeZFVZw14K~Oam#SV|JWV*aV6v!iGsE
zl7~dnQXw<sV$)ztqw}eM;Jfjp+l9)9+v7Dw9+?=zO0pZt9j+M88#Y(mXd1cTwl`}p
z1J#MgSZAu4ls?6lDZW<Ae^?Bh<)BqL=;z6u*-f+Gp{F~b_uCsBbSHNemgk}q@!hLF
zn_-*1jp*sb+Ya}jAsordm9+%H$Po;q#m6z|>I7I_Jq`J*-BL(KH?+XiMy{Pxegc0>
znR_av_}cEH8}UdzE=@<BZ2N7&|5Jt-Ygm9Z$G0^Syx1e@FJAVSW90S)NoxeOkM6zR
zcf?C*&w~%>Z})+Db)2m&QXGc8no@(!9&*SY-5vbg+O$vNDKY->;`s*LMfsF}TT|E3
zDo#`2EkuSBYI8QCQ;#!L2OF3O|81EDd9StIR>ON{B3BM(iR~%<Tes^yPzp+9w6g7(
z_hf3&{sgWqSO3yt70Ku;b!rmXUdr^Q+10zkxY@4i+v@ltYpJO=JKTm1!~7u7<J(=m
zZ*aQkXWPTY-M{qO@<ZM$PE7)`?iJZh%8|}!`qgJv8E)tP1l>KIIv{eE)2p%PI{QPX
zmCVeLi;K0pi#3ApFaB;Z0~*c4Be?NwcBW`LRsAG{X9wCD@p9#sF($9hGfJA<TJqxe
zDlQohRYms73D#ot`uPR8rb-CG=23uu#%bBcYYUBHw1oHuyZ4p<Is-XQ`3EU5dq%((
zf02~Fz&t%obsOPqtHC`U)-}$t>CjsXH*u#yYA{_!SaHJ}`$4HtiZ1pw3(fJvYYX1G
zgVVi+zEhguvztXa>7<;DRRROD?iT0#3onImfgA)ioNi#ur@+WF<iq>WPX$R5N*`m7
zXE&+4B2HN73PI)7S1w9{@)*l5JWM8!c+2VNr#H`KoP@g*eM~Q#<Ww!-#phusH{51&
zce17rwrcfQcW!DoH2Y9k;WlmYg#3H*%XqrJ)cFhCUrbEib{*+@(b<hIT-_+t4hAF4
zeZ_d>PC}`N;TvNQL{sOF1MKosW<A4LA5_+Z|8sGD!nYONi#<uq;^kNDqUBc}ZY*=v
z1~gcGh|T>(=23Ja8%!OFECd?_^KEU<ZYFX*yNYsgSB3<MWQ=wnX!<dl(p%aR^~U_y
z%`%F~@1)BjM|I_=HrJR<zO<7c$X@te5^IA@<FW2eD%h*-^Qhr;WvJkMMT$d^pWU+l
zzi%tZogF=tF8QsK2tT(w@UV80yeLTADpmG{W0q{?cqPsq5v7!Q(j8=B+B(w7vnQ2P
zp*~{T29J`T!l?C?kUSE1N~vo0w-dT&Fq5r)Fm0Iy-Z%}z^P%NDm$%Fz0~!xb;c$2<
z<>c=+b<JL7^!<nV@7fSf^QhIdX3Pl-0UrrAyinR?ItiD<a_X6rBLlp<$)Q;GDBxA=
zFY(!eCy!!i<8#Lp4S%qD^Q>xJn8nrM=FU}JZS+dk*7QSrx>}aeS54+u{DaByb1Ru@
zvnK75*HfD<8w1(ofS8ezvXzFzeFzq8YSYf@y0|RxuE1B1Ycd!<y4!9rzGbbp{A0)c
z>#<6K*10Ul2HN&}XJ=|lU4Hpkr#24MxgS2@M4t`DFMbb(H2AHv!;rinSbRT><N;6;
zisaEq#XJCtp_7M?LTnHq32F1-r4VD-1j0FBH}|5E^j<0eIy8=+h$*2_02xtx4!ClC
zzexZQ62(eh2e5PvmhVO*-FgAETK2C1;mM(?F`R8IaAH0*5Y+KsO2Y=jtksW?Nl*ju
zC6UypbC7ca<VtwHefXG9dy)W*#4iN%ugjvgM3)h%i$ut;mnC)>Zt>5U1d7pt2SC~a
z1YHz4fTNLK2N3|8Gd)0B{69)1AQb`N9ix~MA?hC~3`Zp<BBqjJfRGZr44?tA_5i#h
z;1^&bfUX$Lag+$@c>QSxmq}#w{g500l`sJfdhSD7QoK~XLxNP4@sNPI08RD)vI7z5
z5+MLlfoKV6L<Wo&CNcW{PZ4037EauXMrsFGN@(T)OBE^`qXRqb0n3Dz4FTr6|N0~P
zGc?WZel(K&xg9>Vk6ky=##E+5CtKJ-+hKgn5eI-F@4y!54DG69fXL2o)wYNIIN<&5
z{=8PX$-VxA28kowkzwFBefVP3A-Afw`R)Y(P~t6152bEUs~bq8qXJ#keeAM_5G$P8
z__T&vI+<+YdDGlBe_&r94c~=9$4sVid8OXJI$Ppt*455f4CP7a1kFs&+_j#n#oQ$X
z6!4w_v|_vfATIE{&8``0vpydNj8y880^J;(-uMAPW*|LC16}*AELa<X$V?i(OTG{O
z0oe&!JykV;^<sB#juh25z6mN7p!?!c*JSQe1#~tQ%sY(+T67MIVEugt;&qmhD8y_4
zrZ?bQX9_Wo$~u6~PE(~@tQ4G5FWESuv)&T=Sx2zNZR2=h5{R&=O;LkdyN3m=S_7=o
z02E^Y%!4>i&=u6oT`8a&XawQ<$N(rY9WAtW)TTviU{vaXk+TA9L+gWY0*o28VZ<}+
z2P)S>(*K|i;bC~SdOqN_Qq#hoSprhxeej+FPSAH+7R^x4+Cb>doA)TZ=Z?2NXNWKm
zoa9d`N%<F<*a8o4Z%1%6xlOMk^LsRnR|<nytL|?rU^i2#qT8iN?u7YNs3(yG{is6Y
zkjh^h;gn)goY*LvMaXCZeZdy_oMxe%*cg?*NXHC@Y4xRpeRHOWjhgCQ1xe$_Rk~cc
zXSwjOZ9udRb|L%+_@kOoM7E2hW?e=(7r>qg03kI4edYxe3;y2DKGovhgVYrN*oL{Q
zDNSN0Ga%c8z*sQ=ch};#VMwrlMos-kpJm~c+!$3F+SfEy+cdJ;Ki{iH(8cDC4?<wH
zCc*n#etP^5^`QV2Sdv|3K){zd1zoyQh8ZK2f8sWbLTsP-p;#nJ6QIxB+EX{=*xFXN
zOOL4-^<iF0H^g5oI*>==Gv*WUk@k%mSSrrOa4%#)ia^f|{#8Ghj4Jq#dnQ@VG6~S9
zP|y@8@~cnW@=HH_Tl2&Kysp~d4*3lwP?Zj-!rczI8IpEjP4;?EH;ckbs_J&hP%?`Z
zDd~10W8*oh19?1U-L64eX7D!f>|fP)!R%x_jJrZ%q3qyxU{N;I0VQAsv`oyuu)wUE
z0(vSOSo!x9z&iVH+9T4P{UG6x+(_q30Y+*%X3i7Azde3X{NL}-(5wFm)d50O*m$h7
z0^|g8hlC4lDhQd_fFtk*I1h(`Y4aWqOz7_k-wyfyubBiRa8(+l=~1XJ#-u=3>M;RB
zT!f8x@fWZ!8*mY+fY#y;*O<~E*k@;n5N3eN@&qVamy8aK1zeVQ_Gjp3J4OdPlV|N!
zO?*c+U_qt+$9xD_UUUa+h<Ba=FFFCtJvX3v+`t-82Viev1}6aQ4FxFakd6+l1@!3w
z^MXeb&<6y#oge@{3>_bEG#G$ay<swj%Op1XZpmX)&j{;$ZN8Dt6AKuo`d=-;L7@Pt
zkQ@N*18P43ShU8~NDgw>s`|1N=*dV{a?beA&<EcE-wHU#R3KgX8jWi|j&EmaGm6AZ
z3k({PG29qXl^>9!0q&;*v3neV%2xq47=66|>p2lXPUZhxX$IgnoPbsWe3MP%+`vGI
zt^(Yd?LZYYAjGZkzjgzyYy#3+pdU7X^gm|CS)i>cK)DZ)3IhniFgu_Z{2J<`10Mki
z3&5-U06Mh*o&VV+3q0egfv!UNEu5<|k*OW|0%ZUx8{}e;egPlL)jq5}8{Rgd8SZHd
zmR~?X$MP6DUTMvMvgqi2F!z@0mS4bboArryqlrzf8`hRatTZh{a=f-k<O;Cg26D6J
ziClKVb&=J=yVYpiTC3o)*v}`7vB(v}>EOb0i?Ufk>S}5m;D}!=6LIih1}}ry`4M9^
zd6&keygSZ&k@i63S36=0@xwm;0q<N3p(WGBAEdX&Wk?tGN{M<XLduhxnBb^P>eeBx
z%`PBY8bRF}+0+qVt<REzs8@z0G^v$y&q$blTC-K!j?Vy-jASEj3l1xr?YHjHEie)b
zzcVUBVm$5D!X%hattMx!X0gbkRojjOo#A>^lh5^OVK#B}L{3%mGQf1kR*~N<`bXbZ
zl2A1b(|1E&@oicqt?X)KPE;mZ=JH~=wd`C6neb13kwB`4tz+>V7f=MPjS@j9=UZh+
zwh>k2aQ)P#Szu+W^fH-i0t>(KJXTJvQ0Q4-4I3}&2Wo+Ck#Vh@yRlk%_w1}%CKGW(
z{}8v1G`MdI`LOCv0h7P+_jqd?)0KPqg95A@^`lrm6x9Tx*&Der{G@)Zhgsnvk}Lse
zejx5X`LtPi!D%xX^nbXJ6$=9qWZw!FhV)(66C=&G60rJ`Hh7@RbE-Zf*1?8kasPSM
z=1qX(JmUED%viS&K;s9yI+xn{ySk$~6-A@3EWOnoCjG7x*a=)D;H0hWZ>(<ooZ>#m
zq@jM%iVoxR9Hvh})7^Qy!K5%oJVGJm$aVEX`3WoMgTDFoQL3{x?h<oL9+wrJoshoO
z-Za{gxYe10&G=x?NaDGA$s3uX(+Z|t#OV8JQWD=K^VTcQr-C8?i7c%7<<g>Olb-U-
z3OhW<^z)^fNkpfhEDt9$SCavn$tg|Q*_J4>ks$_t0EO)?^p0U(Hj$oe-Cr>bWD1r~
z+=qcqvU#DI%Ta6-cz0`oPSr{pVgp$r%3PEwq0n5E3b+K{rP_2f;lFK*8T~~0SygGb
z`(3l+Z6y`cgER5K|Ml~wIU7Y-p8}TW53EJh2!#ke$l*k|4NaFXn>T}mE_oT!7tDsB
zS3YG0-!GT`9veCW&<yK*tE|QwS$`H3G<OxmZPtqqU6MWGEG(Gvwm!TJt*W~U%>f-p
zbTY1zph8ddE+z%fNtXwcj;*YntV^>*W<clF@=qn-5)}MZtNy367FCFxhAEv{&usRu
zD61~I0y)pow4FnI$G5S|W7K~tW3I{ta!0w@XQxx}bAKm3Q2h}@MXkx;r?TaXA)lfB
z!szS#mqCc`GmOGeC<laF%Bn^)7!C+OThfb~S)Vu)jT;mjG$mCk$Un@LQJxl0uE~w^
zuFVrhRHI`8%+Lk2w*hy8rp5KPmxy~6=)X(g&4W^4k6(XTG5<MZy4n6?oe@HLw4Icj
zAJsBc4S`cTAd;ufyRo1o@$T%G9I22HM6Lbhj3b3w$lz8Nkit$OH<hRBTK8-k<S_R<
z&=^4JKo_Qw7UK{|g+|5Q?_NiPM$HXzuXC7iyz=ldIJoklu(%sGRinn%;NPo>c>jx-
z`G{VQ8Th{bvZ|x^6_LP6?cmshu4jI`Oko#pw|09;{-aUIC7F*M8W-n9zx%QpflXVp
zzMiCQmxktG`6pBjjItskQ%O|Isg%VfGu5NPZQJi%2rty~x@nmRwaM7(vYQKY#tS=}
zEx(ff6u(7VmDNjB64?rUk*T>x;2RRgpPG72Ne`f~Gify-9Xa_@-AXW3HetcTE9=si
zV&xfB)a`+}+8F@>P>TviS<@vU>%++Iv(<2|BN)$vo%#emTNXU(7CWksr5ME-Q0F$U
zj5_E%7uBGN;^Z8TAd2<^m~_|FnG$%ED0UqlO^qb|39ny1M-h_Zyf7gkyNmVcu-|S}
zHlM)r4bs|G@h>FAQ@r}N_=s#pgfF>v3Amd5b-;gHnAl@QHZ~iKMxSD)C4D>UPy1kM
z{&}{AuFLN&%C;od^TEZ}lI}%?d;GBHWHYJJs6_VnGTP|e7rf-%&NsDoSj@K@FTdP)
zGmtUxa37W4?(0ZH<7aR39UtjiR6ak}9?FdcuTC?+eiAcQ3D;f(@V2b0vjJ0DFe{eT
zOvDl?Srn8Ln1o?pE@h3wnJFjmGHkz0$Fr%U&IY^(ypD6=4r{2Z7{L0k+H+(H<YNWl
zEKCY_ik%9E`tr)OKoFD2F7njX)s41%ow%x@4a^TtkEsUwnvI!&3zLJ>5&=Aoz2U*B
zhMlo~5Z^*w3CzYGzCUG6>0$&$5Hz9r<+)DdJUw`FsgHT`4W9GV7BXxpf{6%IUotWq
zsAp#a^Q<NQ_k$<BDt7+W9}v!kVl<j3UA6SzTp;gCZBdob{$t4yiDEDRgTRt0IW&5?
zOXxz1`%|eHL^wmrF)&k+@~C2{V4bYBp<K*BBuq*v#$TRNvn;l*be*32gqlN0n8JM?
z;PtXvpsS!aD^>?tYO!D;Z@BuEYv|lY83)Lh(yLW>enL*y%*vW9y|BpWrR2K6h(H@z
zhW#EKZ6HG#@qqD@vhgtZCg{GA|2q!BhBLX5%u+R}n>K8$1s3dubYGa)4sd+rlV`S6
znxOEPPdD*-<&i3(&&$Q%du&~Z<5`bRO}LWilTrdGKDBl7FVAsGc)9^SG5k8<Z3r^J
z6>!!D@gNm33Qzm3(+h(BiEmPVD(t@g2{&0vsAXJnrxqHYm+A&va>mk@-&2s^ZDyQ7
zCz#$Nu#fu2SKW<p#T{QpkpP-3Sw)J?t(qke%vt)g#6&*RZj8bff&4;V-JN5>6knBx
zWJZ=WjBsv((?vhmXYvzHe(TB3B&T^!NLMkyJs>T(v$xR9u+X<6Gf>(SPDc)w1x%=%
z7B*P3ccWRId1j2A=pvP*>Litv=%o4Qhc1)H9$d37dR~CeSVsrlTw?_~1x1xXiW!B)
zSe)uatZ0IBFsjKWt%5pSbQ*?@%?{p$5wmm3&C#V1Gm`Ca(lbYY*=Kfd&bMT&Gn@(r
zQQNU-Gl@i1ldn3|zFIwSd!NWDN4!`lWuC<zmbr{`ukne+B*xreANOa7wt|R1y&p5n
zsVl@4hR3-iIg(#4Q-}?0qF|f`UQ)5;gf1K2(L0jwS04GIpavyAb4)Dvbo1@@nR2>9
z?IhV8#w{`K(+WSX^-|~igycDX)>4pWLn%+jn)uYw(a}t0I@iO&L%AR7!j!{%W>L2o
zvT6PK(PYcHhvq{=pU#nIyyMYCiXQ`w=YRihOy}R5D0FEsj$Gl_cE4m*1ZD{KQ7BPk
zTt>eSe-lJ`9R9|?uFUHtRV47?KOxCMK<KQ-?<!8A*%ssHZ2u=A$_2hGr>l>Oo4*D7
zW)*>&b>Q7E*$e4{`LlNAKy{Ir>GNXH@a(kqrfZ#hu;fc+7C3&v#!t+%T+zJZc37^G
zQAeQL#8gY5+m4Ca)cko@nq$-AKKiB}OEAwH0ypUi+~#Olcp6A)ebvL76*Ji?Xo-y8
z@6yn26+^!;w;rOx%Kyt4!9Ym<XE+j-xKJ)xXg$`l#u+BPEF+M*l={zbI<jSraa)BF
zrVDoi&p^QUdT7D^msQI<`MWhOfeajgqU{F&)d#_@+#0K(SvsrldQl}4Ju~er?SEiR
zlE_X`!-DlMW)9tCE}RRbrcpE~x5rPBcSs=xTbytC&&lSC!EV}A`W8!RxR=vQ5_o3c
zDpW$f9iufkTuQi}sF!{qYdEg4J_~j~s;B_%slndY+;x0dn>?zh|G?ch<WaTl#HKU#
ztBcGhu5<g6^}lRvd1%EIN_BlH$SnCprr}R}BkQUa=#n>q$x<?~;;O`RZ3wrHqN<3i
z10<+min4-9=AzZV^9>NpVNC-Bo8kaL!+%1Vx|g0&OqK?_OM~=zAqHvcI9@|M(H~H>
zmRFkTr+^)?H9U8DYI#ucw$rsX@LZDxdbLYW|NowXDvT4$u@vkMC!zH$D~@hfPEV3r
z4G%#otCsj3IcQ`n+FCaP_qu-jMQ6%C$mOY`Mk&p#uEbMt9Jemky^H}T_If$ky%-yj
zqW4x(XR4!fDzU!AQ+E!xZW6o2g-k@ZvK~;zsf8s~FzjZkW9T8buX!RNuAtHV$3tip
zm$#Kl#|e}0_r%Sn_!zohG9|?Y5`+1m3>%^MpU=7ls^3Sc$ymoncB%ti_(&&k#*HU9
zyF{uyKtLRMV>AR>czf*|*PY&CyLm(M+FJMLwEV{<)&A+cDdacXK?Xldnv0JNcY`oz
z^$C6%nJC6<Zsv`n_~eF3wW1IEMR6}|{(ZHp0b5SDN08+j0HpGVIIaqRXVr6yI@=$a
zkOYW=88JKSZ$)H+H*ak9kccMU=O-SwC*8ZeOa3G{aAfJ;nsmaZAX&SL2@b=HEp?Fe
zNkADg@mm+#CjQN45P284Ut(1^Jj!&`#e;4b>h%rjg*UMkdw1>AHb)hU5hvYW*p)Yu
z(*7~HQt`yWukjWQNFMND{o{77pCh)F<9In-Tmc^K3p9@Bbuf)o(qIy~ds*0p4sqKq
ziZWvXTt^KCHrc>DsR$VVm?o&sSMEginN;P{6xZAa@ks4*?F2ZcqeUhw(-L(i;h*%$
z_T@6dUl`oZ{`^uI(ks{YkMCJdZ*ExMyR7pMS%S)`&VS($(^xFoO$2w1mfh*Y0KvS@
zh@Pe`Y8&<Rk9}=(>p(&&a=|&u?Vdih4_xdcf~VCxSz>UX+SQq)YmvNs8>3}-k*_}R
zg>`Q0-p(eNBTSc2jlcW_Md>mCyT?(;)0f6IJ(0D!vkbvq7_rg>2Vv;9NIjL^PVy9N
z?c|vW{wv)=btbp$N3$5-f5jkalG(YEejXI)fW?}a*9uK{OOT9!2K2e9#^-{pKA8}&
znM-`M2eZh>8qEyL`2_ck#L<uC+A|8FS498RnRfcfzn3QH2Ipt7Hf|-F*g?$YQ@H{T
ztS*HGnAB(GqvrFi;!lN4ph+9@>A}X^)||8Jcvgikxg4<Sv*Upv4}`M94CvA$^DgTa
z{Hk>O|6NLR{HaM?(EMtik-nbI$utw9A+KF?QGCk#W7M5~G&yUzJl)>ClzQBrGa1C=
zQT#1Yjms)QTQn*MXMz$W!y^rvl~)06QYLdg3R=<RtR+tPs>!Fv-nsat&oFx>SfrN-
z%qAt66Qrw`<lKIe(k@P`R8mwIKT}h3E(*3@DgL^WCn(IfDk111=7astVn2;t(8pBr
zmK{}|#4)Dl9!6J~VH6oCz~*#5a<{!~TtsI0gX|qG?^U7+#RdfD3-L2=^b%>oDFtC(
zsP8lSmU<e7=_Oy->@%YJ=DFcA!(8p0Rlqtq#ds=F8N!lSSj3WpJs9Z_Q+En75_Dsu
z0`aP)x5zE9@{l|~W?<`j?2;QQx1J59>Hs+~C?zTJVAEHEtvu5CwGU#t>#4go=~77Y
zAPf*KjU_l&Y&v1a<+Q$+)W)hL&EoKkzlJUOhF|Nw@8+Jjb)3}d!nOUbhIX*Pa~AK?
zW2EDmbD7w@b!WCe;<NQE+&R<DWGR%lC$X(nwW^T!6c1Nln+?5BRTtlMk~sQU2$~j>
z-+zj*0=crhIj#@X(fjMkEvyxICuDU+U3sf+USgL=UcH$9L%&HupA)xQziCdl0wwwA
z>)NDQ&Igf$)l>)yKWv^<jTA(stBW@;-D)Y;)647y6RJt-G^|-}eJ9@cZmTU)cfFsB
zbXJTxq1rvrec^GsH~Tm9S#YvuZy%Y$UNcUin)rZY$r>cc6<YHNmAQK3_J~CrXKx@w
zv0%D{mWyCBSfeyo_x!0Y(=Y+2)n4~<dDWUz+{-6qQmhQ5oV{^NC#;QAu(6|qixJHj
z%w;!l`Cg=InJ}L@se>$2U%r^)tm9B%p;I|tTi)m_Mo>?CdLkV;ZMh#VwBq%ahj!6{
zq3NykgW$J~d*1aQ2}1B37bCN49^`i;_l4&3wm2a;$&Il>(J0ux&y6TY?Aj&vZd(=9
z0m;m?hP|O9iYn8eL3mIK`-u;i{RgK;kPqhrbe;jHsg`aILgHDbT85$losVEgqFQtt
zh;0R`Q)@Ibyh|&E1rZd&fIY*cTiQSwYOKzZ66#axyDDBG`B;N2U4kg$2T$7iUUMu(
z2zK_5C5L&94pSmUZESh^@&iJJQu~_(T5z(2&@NEK#<1W!7=1MLx|nK8^Z}DOrzbvN
z&vz<g??gXxqhY|!%fMW3<KFZG!Ud)}h83(}@@A`NiDPOd1~LB+f@>=tVG#9E;L@$G
z)1?(%$E<;4F3VD$zFpwKh0W(l%!xZSS6&=pJJlf}CZe<6Pmn`C=6zKo@RIhI^?dTW
zbXFlaUzx#jb)Mn%WBuZ$vCEXA3X~6v%K4+dspf}#d3&?E2vnIv#vVM(wHlgwsbFnV
z_9r!*BW==#Wo{BPs-qzgY^Te#N6$#nLjJT7Li0dIXY5A&AD5SzW1<3AgcKEiSXnyh
z*ruOHm^^-DOf+``%sDYZzXVhLvquJ$YFJMc{tC=cQ3d+UtoTosabnk<rB*c*xeQQ!
z-8BAfKR`R5pBcGE$SD&zY%`bO;Qx=;W=^GrtE8QMv~mALTqEa3hS%~2vl@C~mi?pS
zp#Qp*oR?CdUK9JeizsY48H9?lV~>1&PuW`GW2tmeTpfLTn;8IiU|eYvWSBo%P-!tU
zv{LHnftVP>W+pn`(H`op_T?}X-0IP-KUE}2aN7@>?d%%_Cz5TQ6{bqhN;f$tgk1lu
ztv<EK20OX7n5@y$ZH)vD<DDi!^B4#xK_?Cx;yZfxlv8UbFH)T%K1xVAFR~P!JehUv
zPG~DEYK<Q8+wjR-h)X7;+$))U4d?&iR>QGI^(c$An}0NFg;)@bPxJZXa#_uLY?@FD
zAtU}<r8KeyOl>d?LHyv$`*}(l?-wT|fhOk&-mzQ|{DtoTg5YRPJ&bVQ63M4Jgyi<4
zlog~SX&LCM#nB`f);Bw)Wq4}%xCZZKfJ8C)r_fLnjX^;)>dSTMm~e0xH7=f~j}MzC
zy5r`erY_ts@0jgu^9wKRdqJm3PvB#|?C8RW2eL_+pcqDGR${slQ8iMF0uKi8Plu}A
zkG!#29Q=xHfBphySOM%P!Dge-9iq)0UpC?v=n<PRT7MHhI2ywW4kl<9efGqQLVls`
zhx1J}hOzfdY~EYMCw(;<D<JhmZN7oc9?^Tk<c;lz&lY!r7678!#`_SOHWIYKuN=`{
zaL}YCett56o5r?Xc$&aDK(R;dr=%zbxl@hs&`r|_!_YZ)>pz`6K0nL}oG!Th$Z24f
z;OoL;D!vuJ3~Ny5>pFFoLG_e;&UQn;=-MlL&o+l4?nCs%Irs*qVZ_jVd85yRcKCAx
zg;;Kg7>?N#tw(_2TkfYPaG%yBDO?Bh`Q_}xan`o+BWsk_#9rFBtRh76BAx*@98}L-
zx4{u;g@%0fF82l#76W#q+NQ6zJJ0sbizPT0gtj)M4@A!&#LkE=S;f-eVFYSl{lUt2
z<p)IIrFur@4TZx&!EwjiQ&x$@bNZ0@^^>pRD}%Tb&uJkIL8<Hwvi%vTM&3xMh6wIp
z$U`}u0cIsfIDesMgjOk$@0NdckWXEdWNQ6Ldz%;Y_6t21m~Z!vRk98JW6FcfrLN0I
zJVp4i8{W0{qh&?SeupP<!zG$C`A$BY>7hNr)c2Hrff4OJY8u}Cco*+2{Cl#aQ};(Q
ziKV1$ix2!Oh*1{obtA--zcQUQI&;ls?{W`@5^k2JO5o!*@7+s0^E6A>Zfx5W4F?GH
zoC9C2*RFxj441mTtnq9LuDUz2vui&pY9XSF;v}&>BJquIVA=*7HW|VEQcwjsH*Hhm
zUx(>ImbOd5#Hnfje+L5@22uAW^&`-4h}S}J9mCqO&OARyb9&8CU=js&&}Sdjdt4`p
zGo4ArO4kywEt={^ps9Uk@H)0hCbHJEcP9=7%5M=KXFB5z5x05#hDS^5N4UIx$wB8x
zG}dNQ>rc&=;5gDd$*-$tTiVI*$m_4x51gEJstNBecRmNpzxT4xRkOB@RXlW*7XG`S
zKF;~s4~Ei4UBJg}rZufjjq2Zm(ncb0(EV7m^h_{=jP2795tFmBwzSEU&p>zQA#VHP
znnn1G`OQ1qI2Nz^a+aOPy_Z2k$h&{Q9tXJ8ujH+E33Em07uN0@P&{a<J|LXQ!hVLr
zBoq+>5BN{VEvTGUMl3xP?}KO>bQ@}OzV@i<x5I8lQi|Zp-XXZ*Zrib_AH{oepj{%~
z4gMtNy0#7r6&VrdXNcA<ll%mKDa}J7HTkq%j)&rNhv^(NnUI9?DwROyKN@q-WP}1x
z&Cuf>meD%@ok$Rr6znMgjS^IU!cf;lXqY;_SF5(SSHc4M4cd#QQ;a!ZDrt+tWSdFv
z)%M9|x6f<2;=f@T7mo-_Fl%{9;>v2^qT~yo^H+Z*c&I2+$KdMQZdFJilXppkJ2Ey%
zAe-=8RG-wnMEIf36d2o5{5}wu?K&E=croX!I3UBgtR>j&8rui!^h?hfubO>xlsR5!
zx8yg@=X@>(+hZHMW1GGi?b1x&8u?P(F0XUG;vaL5*+r*h8`}e|^KsdJlf~$dr|?l!
zcn|SwRZ}eGuG`5WXk?!h31BsqzqTyNUw!(PelXyz$onpdu(%QCdGTB^#h%Z0F3=n_
zcQ%lK`*Wx<$n$3grPQ_G<=3|U7?08~>qoeI2galHS6e4&)$a9J82L=<fOuUhAxeI{
zJ!9N2ZO9|{M@8qIWOYd<PR2%onDDKgg-2G8xJwSfF_O_C=<HWa;s`vAWO4evgRqCu
zSix($2n;1-($5hVY+BGpSA475KO$LQ#xzeHf4B~77kxToeT(a?uSjUd9ALPby5%hX
z?3qGU4>h5E{;2Xe7p=||z;SVVt8n>MyLy9;M5@ZXTJuVes$3h&<9SKi(!&VG1X)^E
zGyh%c1TTt5R<nCaaS_QxlX92__0kHM2P`e5P%|`u>D~^G7HeqAutZVtGaB4eLTCsL
z&1+;?$NNqtRqNH7Gn|9|-rw5Bhy80TlDYZ4%utJ+@~~`@z7U_h!Kp-L{NdcG)~wnW
zIvVgEiOY63x#c!*>*Z-4`TGULy{vzk0KqxyUSkL6tmkLrV6b1pL`bI9jYvO}?I2jK
z&}3)x%eSSBZcDrT0lY8E>~gsds_)lsFUNmBF^cv&&1xzh95=(Q`FgsH)eGTFz~7Ct
znTfLMt%KqnByC!4oN`jFf17|~ZOoWi$NaJ?{{2I$G%43!qiAccVGFJ28KK;(wUVnu
zw9?8ea%bils3N_aXjw-ZsNKAC|Kt`6wO8RWak{IHVo)AUut0a71iTp?EWFo-7KNO9
zRS@=b<yGEXfA5-=(YcN71c=x(1#^0zc0M?bq`gvZV#LlZdQQd^Rn5k13>5cvrjA?U
zRTor%&@XuJ#m@o?_If%a_d?bACUcE{E#b}4BYNUFNyF=w65UK*ZxoG_{Y|h25joU#
zqB}bVqr0HeF%CvR7|NYV>Je(MX;=ISZmZiWY9shOg`J@Fzv((_o98+SX31tT=4Y#m
zpGLHOW4|S?md*uDQ$TH1fvDNE*c|EO`B8Pj`ZuciJ7pK(C*~|a!OgDH2-o_c&VL^0
z@PZ11csW=Ha7*}oN2cx`S>4W#FD(f~>;aZwq3<n=UHzvw**n|GKLi&2zPD_4y;CQg
zj3>JYH9A+Msw?~|4*2;bN%d~<`M2MBed3^M?xrgD3E<ql!^)NtIE=j(XEw54Y%t#6
z5Ir6J?1hbJSV_yULN42aq7P;)D?m0GtSN|ex^$Lkre9OTT*|d8u@J7wLJ#1}gQ5>-
zJS#v9WQ;q16@yswdE&n45lq!vugiX(_*Nt?YC~qy!kKF`?_I%~9X_dqqz#KdSMWuz
zbOA90T1d*M{0~>0vL3-~y>+=4*9PgC=)M#+WKO$Y=GnFB$K$C@Mdw9#&oR+dezjJq
zx|J#V>^HFJJ{5dhT69m~q|S_VX+L4THqIor`3f1ERn9yRXJghIOy>B|dJ2*>$^&3<
zcD35|3RvcgtbBt0I+JSwfr#;`Q?#(1!%KlhSgWpE2H0oI2Cd}dObRs885W*C<*eS;
z^Yk%UdPQyWV0YYmccb+=dYba|?gv>n8i;hZfR#ZySxgpSA%%q|Kirvx*BT2m<8%oU
zZ)P(;8eWP_x$}%zF{rdojy>iACMAvYJD?6NPH&J=9?XY(&*$VK^T!WgbMzM+@q_41
zQ?<HXAl1Oaqv#E1ym~=KAM);0@jMusbmbgIFs?lXC6k7`OPbUfj}6N+ryqVHAFHt}
zG8+vE+YpwA{h%hMC#3|Wu%c9No!p=bJlMPhcyMx9zc{#P421TePS}X_fNe5slS|WB
zZw<Q^O1w{Eap7gE2;bJ5pnd*PeX$~3UEUB!cEY%(ALh(ny1W%7%I=}uQ+8W-Uz>)h
zNP928pYyOA;Vrly?v1Nl1IobA7Ir~=@}JE-LKBNX!<z#_j%<Tw*DA0Db2q9+v#}~h
z_8m%qT`(PlUmH)*_P|=$U=}6UuRu!p!E_G~oY?-^t$sw>q(Z%XCIZ+ZYz|tT^)kQ+
z_b+9C+W)Tswm<_oQ>~MqDZBA6QFa9$;EnLmic+?yr^dFqQEZCU`K+jbLDrW1F>Leg
zWqfPcgQvbiy2;R&GcN{rKnc)*R03i!4DB!LGkA72N_fu${1Q`I=?-oW5ztfVqP=wJ
zLA$LVqGl*dKxdN~GrBVKPv$+4;~&j=J5`F?iYfZyC-0?eJV`0?4_-ZPkVQ}CNY6k<
zcnnYd^<)Vs|D3+iXm_KRb&Y$?8R>hZgOMo+S`eP5a~G+KGihYFUoW?;_wv24M61K~
zS=rLBW=H!*EgJhM*KT#Tt%@iCe8|LE<;m4!gmp5kV6;~R45@0bFHs^1cA;$BieZ>=
zL`5e6!&xtMa(-dL7bz5I^FM9wJrVtpQ<xT5?^dRTc{sVI@!Xo~Cmp+>M9;_(1nO%X
z@nf?6eQziEm=dVouS~~$H&wzZvh^jXjwf_|RM+a=`r;YDx;!JOtF9KcsFa~yteV;a
zry43dezJen9Qve_b`}<kP%D2S?mP-F7}>f<esL>t?;hvgQdhR_Vzo^6<DT*aoV{&z
z$jo;}L^KJlKar5=^Vw*P6EDs(xwoF&AfMrThdr2gWd*7&WRpH&-@HyKCt)(wDtWcH
ztM?}yZ#B!PiOaccYlp+ByWG$LN%rLMs&tR95JrG|U5+ixX2DS4;>FO_a_t}EnGN-A
zVP>8>4oLHBh|R`;i?Ektj#h5sSq|C`NyqQT{QUMK2+2MU`U`8n-;xuy2;F!d32-(`
zXoH>}&z>I>(hE)O3!)ROsHerR?or+ygai7P%x7vcy=&(@n=!=}J&n>#ABgTmyD{^D
zK22)k#C6AyjhBTK7CXXLy{@d&;k>te_d!45)B(Saq5#K3LIriEE`#_=Qt)e^TPLqn
z5oi=6#%XKNG!1I4p8!uAs#E3;q03LBx}Q>AxObStG?Evl0EANa8vc_KL|(4_2P`Na
zIjg$epaSHdPZe}75r1a%EzM$f7A#W!@ntME5p($M5+#Ge84~JRfp8(ZUDJra#B_jr
zDisj#{ueryhFP%Tz5Hzg7DXrVJCtCi$c;;rOQn?T>44lz7T$)zONJ=ZHd3WJ-;q%n
zXp}T$m`~8n^up1{v4K}tP$Lm^pa3EIqHjD`a;R@?;5xap9Q8wE>exQ?TFN-;nO}Cg
z-MND{M;N%B&CJl^P=vjnu?yj9JHSMCteL-=%v#}FZr1CFU~rnuk8=52a90uAp24kj
zOt{w?$~4pXtrXYm^7p|EXcE5kRAR2cRr)x_xM!p!Oi_@h9&eptDeFW=NF&j^;>+zC
z)yNqdan_A%n2VjIrslo#&9;TpS2`<3wGH#&*=sRN$<_ltCH~W464gV?`?lld=`*jM
z+PqhbGnJ0K_3H==;C}zaFZapoOkzlOBd@^9w1(n8i|>;rzk%yiHh~qPNkjKKACjh1
zOM_EO+3{>dW<cg~z$Nz}YXqp5m-L?;)qiqQfZRs(sijAKnEA4n`zK;~A91IJbNmbZ
zbIs>FUccugo+=b9d&g`Le$;{5gPx?cMq}1QgOCE=Gllk^zZuvM;76x2_K~(t3t6%2
zEqOpxIjeRVUGiBAk~-*9G{o(~3SnYb%KU^HTFJVz#&C9`8)%XSvXOg9r2bw4<3DdA
z$DgfMw6lJ&G~B@%(+}Sft$*2LD3bWwEzlya**xspRKqD=sitQY4^?05p!)d6ya5}W
zHJkz?b^aIoi$S4}Eu6;m%sagkqF$4E^P7uzF2gzl-7wF@-au4T4GcH9T&gIOsnF!T
zRIi`^uV|Rh)fvP6C^cu4m4F~Jq^(MYh@#MWGb$mdB=bUQ(bA)!iE=AjvD}$|URB3k
zEA1sk#$LClmrnZL#fl>Fe&);%UgW9`=`zkLrs&^vO`-O2L-Z}*YX2=<-g{Kyd<H{(
z;yTgDk$xflH%o(|hFfOr)c~%NOC7E|B}r0sh9wx!U(?xG4X*_AP2w@PM|XN!7r3>O
z9aPb=fK+0cAIFxkxk-!SQkk`yiAzkqcKZmzTB-5Jg?|IE*8Dv8JuTx9qt*ehj|lIB
z0Xg4Rc}h<2a$MK3SAQ2`IlghW2VLLSDPC}TuW)!0SUn*gD9+0Az8|b>bo9aMu{=$`
zUv3^uY4rHK&$=eWu@#hkc0MhN$6+D8v@#X%#k4Z(ul%LJ!0=1x*u^2BV5L7fSi8PO
z&STJk<nYbTm+mh6>*FHBA-}}v<_~*--d)p!-P$<7f&>y8@y)gmcX7un;<}=`S1pmc
zpoNoeez|>NSe?dQcH@?3oe|7ZNVpDl03c^mLJd|!4Z2g8%oN7j2sv_?&C>->G=-+b
zJxz?9mz*ftH)!9EeTX>H>LhMy&Czt!g%vA-(>&Ws&IQ&7g=YIuWu8|_`a_HXK#0eJ
zt52<o8$<WMOP&^S0`t)K{L*AIl6pozZONw@#Tt|5O7mY#tqp&cA!j}2r->Ew=I*U^
zkD+}|6+))&t>->%d(s*80<6Cx?(00>nSXhd+=Ixnn*?&?rml`nW09*H2HBFIT-qi(
zDg!;|&iH|NY_1{)V`v{-j?wIlFAiDU9yCqksTPyQ=F7y-y)_f#=d1U!L_$JQ#dGeL
zlBB-yeWm`2HTO{c$=7UX)3s?@cf9CcPj$^0{+@)n7HrA<d~clLfNp3<9(J5@T*7^}
z<eC4ZpwPYg>Y4?1He`;p<O=MgMgDBRl}Cs~Z9lK#l(d1KuA1~8)O{2vbA;WELYg|Y
zOKUO=p)WLCbJ`s$3W>s2cAdY87vggj>ziXvWfG4NP&P2&Eb>eyei*Z#QSdRT7ZIK8
zU$Ht*yQ4X5wh(|Y&A!12g%8Y-e7>SN<olL#_dOAih_9)m`T2tEt&mnAbg->B<pO4e
zh++o>XJ1=b#i~7E-4IF2`dkdr1l5lC;Z!;2drEvQjeNdR=(j+-rF0L=NSkDXX8Tpm
zHfYbu_S6>N7I&yTh8i_(ZPM^3sj-u!l^yj;@UJ8r2jc)QVQu8+*v{-GIJ$dU^RRy2
zSp8;+Xdb(<T$V`(U=oD&H^q@;e2<PjM3XkiPV~X%=rw);N(d~yyGU-Tl2|6A{#O>A
z9UvMFyInLuHdzXktbw`N7FN@|)|fc2ckGLNBRhXN>mN{RX|m|sPnDeRtEAD{vqsLt
z(yk_RcdyAPCq%dW(Z{8lf-@cPhd|-CU0NIW2h86ugxqJl8~oTgi%x`Krwu~3d2A!f
zeXq*JUP@vND)^;wp%f{Yc~X1Owz1<5ew?)ZM!02kK|5C4-zq&wZ`sMT`99*m+S9l`
z$Un1TaL%dAJ<By{%2liEqQiAMjX2Aur<sjW&|6)Fm}8i_MAJ<+idL%;g<{a7XRK*@
zkl0&P830KvAv=2#v#?pFfs6@5EE8v@$53Nu_RH!m8Fi6pJ`G#co@kAM9S~h=5B2YA
zrUfhZy#2m?=>GBGv+}Sfltqc+^Al0Nj=r@STOY4z{S(0Jx1M|^wGK+6{QR+oR`ehh
z{}~>GeQ9faspczGwA?MbY)>Ap&4ZI$02ki(V7FsN9DQUe6?i@Bb)L3Mm$MpVw|4>$
zqiNtfc=0)`i;}NziP%EWmkxOZt>e-)RZ@aVd7$O-f;hZMe99X*Qy-!Ex7%DwQN=iM
zWNkh3({tn@aLJiZ&uhl*%ml&P%&&v;j{#hxaCT8qYR_Tk_e;2`M-=IbD-heZ&-Yco
zI=$Ac-DN75UO(9Cv{s||L|B9XO+m(0aI#lmcxL2gfBiFWYTc1Cwm`l=F={N2)-4%*
z+it$=m)Q$J<Y{8TYbNG_R~^{6xePb^IhxXc)+&{Kz@C{_-#%U;c^(33=9F6z?))y`
zKxNQ5o{=-C(;%3={;zb{okjm+KxT{q2{2_ovyk}A{5NI(mBvr3Rd2&Dt6RR;lFNLG
zz|%_l13MD^x($!NyLqhM7DAHfAfClhPu~svtl<s5!#t2rec|}U;XCXHNAZp`NYj?2
zMnJFFl3HgEX0a;p^Q4C85Wo4mbf~6N^XyRb#1=OFikQs!W*{iJ8xOLmRAWz#qrFD{
z=`ZaalyS&zkUQ%8lUdb1TtYSLT|Ib7`B<YvW3o+=v02NI<@U%^ODQ!>da=Xa-&ZIb
z2yl|N(8wUwpkXbJdANjVUaN4UC05vRif~isCjs{w*+uMc-E)UgSjMND(-R%@w?}mb
zE3Cy*39)wcu4KFDPK?@HaE9$qVZg_Y!*5%Z0A7B+l<+8uNdF5>w8r<sAh~3%hdstm
zK4*}nVUY);#78eUz0|$tpgs*!H|hcX^Y2`Y_(Iax08Pbd4fCWMUdNgTN8zpV!g2N>
z&gV&6nZNB6Z(q3mA3xFz_s}{$r>dI)3yEX<EGFa#XBoYyv^Oj&0dBUGQD&---6Wuv
z;>Y?1#NAuSzP5s`HSOHY)Bf%XR3nG3Cn^zpLf&0jD!-=q@2?Y=)ga9}LFw8Od{<ff
zcKs=}=AmPS$n8pj>62*Q(A*0yZJ+L|eXesy>UoUpd1+|J5)<{p@SV<eQ??t!JY*zn
zTcfz5L?HpbYc^tZya0+<lZx46jr?G(&-o1dhbPl07E_VN!v;*dnr;H2PL5)RrfjjW
z)9793vi-?yjGiXFKGA#$@YJTM=HXQxH(-M949~qVi1+z=du^Lm_kWn|E!s$B^aBOD
ztml=9TQW{)p4Wd#G_A8?XH%$VyXO5YRMN2eb2UbfSA4DVA81*=igkp~mzZKP{u=|a
zq5}@#Vwh_$WF09N>d32^_8-suZ#I<oY)~?@1EN=8XqL}60S*EYuDea2GGg9X*$fhO
zx`q0P03PCwrd8=0$JnM`W#BzScFV{~N3EwX%GM!Ir_BM23Yl6Tn9V;;2j0xTA&BVx
z{sRY|7~U+82H79aupX@xjmIhua+u8m$T5cfK@D|kdfnJ`y#kAJEK!n1*?Ke8I)QBw
zlbzHYrvyephO?fz{}v3CAlIs0E5&NjVZ}tzcj;jFRB_}LP4iO+57UdoXXNV%`s<yQ
z`yCwyU}pA1a_UJb>wG>Gg3qJ&54KX6VpnOo^VyWYymfH<dl}FS!+?YO_5h`2<&XyH
zc!)jVx9tJXk~oqJH%`NG$3w^du#Jc;|HO5@vnVpu_v~6|I8#sMWKzmfz$y2)Htq2-
zd@jG~%W3XeY7;Q64Qb{>GYq%LFZms8Prii9{(~@M{zkAPuf1r*`jl}idMc-7a^BVs
z`2mL||AAW1C#Q*h(I!{AJHIwIgOoJZqNHA=1AB5#*6lsqG`oh7sUWJaAVxd+LjRU)
z*Z&>lG@@NPlat9{CUdpTTP}09XHjs{4?C!xyoS;)bM_5|>YmXFnMZ%TkORSO0>Vah
z|2H(DEkn9A;kiU?*bnq~x1&VKnWsRNQ)B0ydr?HnWxgs*TR!*Grl0D$rt(kep%^`=
zwePtz@>PzBs*Pqj;XmX=;sV*Za@5L71BQ<x;5%((D>1T8I%YR6j&<TPk6K~Zd~p6b
zhz3Ws_?x3};0k$nrvE>t&N(`gC+znzc4OPNjg6g&ZQC|>V{GhXV_OqvH}=NH#x^Ft
z^LyWW&b|Lsb)l>K%v5*vQ&r#3<B%*2qCAqnX}o;TF=|)vy~qHwp+~z_GHm2}S3u7m
zdbq!YE(r{Ea>U)m-|QXVZd;X;e<-_BcKpw?D(*UF8+Q2Jp`L1{lu=3!YDx}=`q-Mo
z{4*{NiNz@I7ytX(8|d#Tj3pmzN?oA*#?Yl^ggP5+uya-cuUg8k-drUzeKyt&@85D~
zmt-a#n=5}-@F)dg&FisVGWsZCH-{=E7e<pNg_sQh_Zc;dYb~`DCrc6Qo$UW@a#Ly}
z=jwl(9LXtQw6_T~mpsbe+T^Ju?1JD+(3??efY6yQ&smZ{@%2L`W92}`Wv2KVEJ)tC
zw@j5CpDJMAY(x%pR|@-#RC9;X&&wvVA4A>b;W?WM3kT)E=KJpiPSK<cY=y<;w;VOZ
z`?i|My#5j+0sLT&&wvF<^LjzLSS$QD8l?-&B>6rOf!{E}KP#V~h|t_~TBH3@jBx>T
zKNdf;eNLDUg(B3nb9CC(5B@P6M90&^(C@Mqb?WU?=>iSAB?|u=F(LRm8ui6u9Grh0
zu{xnqBf?ZN$*atQe@zG}IPH2Rv=TrzDQ>+|CZRg`al{?`O0?C%4y%6MKK-__+}oEl
z(mLPuC^uUYwLLP-3atiye?k7w)3VVFXjh7HXueNIFe&g{C;<=ocVltyN-;=F)Z8c2
zG^?!j3jf<?;E+B2e{H7t_SiIU>2{bK?h3ginVdP1=(OwBH^uGLH~AQ~UO(_>5$*TH
zk?^9@J*2N9==QRI&?#KF{njW(5%$ZNzI+ZyNJdfD%JWQl)cn^EdXiM$xrzq5!V92s
zTDw0zCmzBf`ED~(Z`q%{=j3m5+*sX$fLoUo)tvD?vKt9kN=-D1n7oqbmYc#kE*FF0
zOT&L*Kq{XwiTuG~y4+7+{DqGwax6@fa`v$=dJ(f}{l1M$X52~&Yr7iF=9_SF_?}C%
zra|oHoQ7eYdR-=7i?r!jD_v~J7<??*WS&JJUwTyY9O;qYG|JPaw*R}*;?zUtutlA1
zyo|?x-OJ!jq+b?JY1iORzX+jfLsGEjwWHpo&soq<X0-<xKO#?Q_Le(zvoe6-kT1EO
z(Kk1v&(xY8aYCztfnz{Zbo5tqdkm%kCJaR)r~Div49v|W+S85&YFl8Q=`Aq%lA}j0
z05gK{&$7jeOP6$N8Y=HA&7X9{0c28tX__II*Ef6V>Jyp^{;ZX@nHAC_Cld8K|FX<~
zJR?sBz5jT$xor40>O4Au<y7v0fvdFz(Yqup^$M4qz1mR$65eJ0ytPNk8pe}`8;sV%
z%Y`pyK_+JRd#Im2+tX3*L2L9E>Oz$TmoDy|x*Is8>c4sd0FOY2y+G$9po0u3zt44b
z`bn5?kA<FujTzJ*vf?!I8F9~z(h_*V@#We%urMj8;%gp4Ed|)a*MH(EuS;uuNLGS=
z{LQ8_z3%>Blt$m__NM|*&X2B;KZJ`5<68C6kbyHeTJx|QTj>o*J`SQWzD>VV@Q{5H
zKX^`;k-Af5L-O8NF{|KENlaED67j!*m%EXpM7164<rWtj)@~LDyW-%w|FoGPvJHr!
zXWEs+@Z|@hUbkOZXF#x;ZSNWCErXmK>pipmNf_URW?@?xw$4wmL6^vJZDRLdYTZH<
zbY&nvY`z|KMK+y6iu~0ATz&%_@f&)O)W$Sj!8q`TuVdKp1l0ZA`C8G&iuTT8l0poq
zHn5J7uB=UxNXpZ#s+1#&thnjX)r9(-(y~Oq<_GIQttw*L0IDe;raF>J3AAdRF-%a?
z=Kx*-KJ!il5QG8}2-*yKV?1FSgDn1yV#l^dHH21W5;1|zrRUvlAF}z9;8avsqITsE
z@u!^Q&ROU7<9*)|{)Mm1wdP!4kW^4_{n?W4cjb{j)OQPgt$b1Z?u6N;Xb!6dHvL~E
z8)su$nJRZ`DvK4v#@3Ghpwo|U(kXMLjE^VztkBYo;Oy7tgs79Ewo<gO$igoILEG+t
zzNGS`Lk0f6H=_^z?0Tnj+Z>U=<8s@1QR3`2r7Ql0<+3ND?9;Q<HS^et{si__#s@71
z)kAcB5oh$#q0W-bEd>-&v^{P^MaS5_?%+SA`V+*6B<=ycpwDQM+TXOM0i1XJkZOOB
zE)*%Ze<2hc%eI^5cSri(uCAxdG%P$@EN&F%#fcY9(pMjnoLXSJy=Z%I(3X)qDk$Zd
zeW~I84BXOOs7RG2@m>+<rHmD<C737LYqvHxR?I#gqWB#r&`v^cB*AdVO_35ZWj!K1
zLvQ?>xxm{vxQtH!FFvc6+FcE`wSZ!+(+lz8NR~d8&zcwThxfXGlzh)zNy$PQN{at?
zL+?zzoORaF6N2)X9{bB}0RflkMPc{e*;^R^ud-m(=W&vXEmh*}pb{?`=T_zc;wGyj
zr|`6TC9YEU!#hU(B3Xpef?iIpkZ@-^Z^x&Xnbt;TzCQ)})lg9MVpOHoj|&cLZ&>vk
z?pJ%^m@Lz;CT%SC?zq}Ph52_(n}O9f1t$aBdK^+#HTY|+OQ{&{_B-q}NngPekJE+k
zovM*&*2>16!++@YXPIRc-Dvq;6`WM%o!s&%p(~0Ewg;CwmbeRjYOtJcTMyG0{0^Es
z<f<`v$sHw-Va(S~YB2lV(kb!(>7@yA{7LE7?{oh0HS_5n+GFQ^*YjTlmm)VhazTA=
z>Blq^w&OcyWYCP+ZoN6HJB)2+9wg+IaKDi<3}_T`gDqC&v0_C(u5-eRG{=#o!4~fz
z=}OW@h#hK)WE3BL?d0180_YI|to@at1nWt;;lTpzk5?10ApC_KEH^A5w!?>1<u;5v
zRevv>b|SRXMCvaKbdZ3)U9)X!ZO*IBE4vVCowu;JUJiGN2@%BytFir@N-SZBf)K1F
z5n8dLFrkC}@W5Kx#7M9c!Rc9Wo7BZ%S^T5Rbd<{3Kd?+)8Z1Tp0hS;hfu)IzV3Bi<
z3^=Qd2<(r*x4_0tlfBk_EjYyXJm<;u5H|d3C9=D$Y_t%KZQKjlrU?<6K;Ru0m3+-*
zwhubnp~mG*yhY(#iW1si3rBb^-9|{Ir9$W1nL&}cyrxd8PjyXgo=5bJ)J4xBQBBXq
zg@u65Q@v||reSMqYe8Kn&Ih=Hq2XqEbzRO!WmUCyy%9L~5>#GQ_ww=r&^CPfuY!cc
z0JuWre-#?R`yw=#ul_sqzS{b)h5s&5Fr|az?99+$v)pgFjHBYU+-m6!tDpW*qKUuQ
z5+xhrys{=#E_zK;d>o++-NzHN5&{6PgW-dxT?x#fyK@>LMU@;voY{FyngFSrtzN5!
zni-o9?yH9M8Jpa$tA_9C<{R7t4+z=U3D6Y^{lI&qv*DR2oNCp0TuVW8J%2XWI&9?C
zp=dO%oh?}E^nV3K1{-N)N+*25*&J4dPBL)cQ0=a!!!akGqFW=mMS@*u#n(y1Bk$C(
zmbA*vS5~(1ZWEf@dNy4DAXI3c=)(oY0wHA9$&FuD;;s^FHCdk;IrkOnn5*^^z9$P}
z$Y09Rbx;=mZ=!o$qIn9}P>M7<)0!v=sO!@neIpnXZ6*}#V>Y?07{`r;x$Pn6Hp%?N
zGqU^C<^Z3GCqp$Nv@mE>mMNhaXP9iR%*HN2M?+8waGNB}!HcCk>?yMh<`iH*#H1Nk
zi;3=a4Ro7KRE!g8i#$x=4P*(HHJdb4jDx19@w*t6z_`SHnzWksYetnEdXz9{ZK=Jo
z%6>m;Tj4FK{Im6`{{vBz@0;)9x`soa!pNhFK%4)3<7QIAMVW`g*ZD?f*%2=(fwt9?
z6#*d!*I*uj3k>m-iq@V+sYmHry?w7_E#{xP%PY#uP*Y|g^82^(!dXK~aKXn<EoL`b
z*=n4Qqhih2jm_CAsmnc^MG9|+?wJ;w)?)~5$Q)CVw>fClF64s2^Uo7JTtR_#xAMxf
zPoB?5E$hk`@-8G~QZl^;XWW~zz>9O0wV4XVSKT?_`;_V1yRh8bAGFW5z5`=R6V~<a
z4pBT{s_YdW2r=pJ?f}ZY#e!Xw^$JO{zR6CC<V(*9Q!v3lxm~mQz`8a)!+EUvKo+8t
zf5Dq*+az+Afc4CvHsN_+02inwTsYdm%cUheqPC;wBw)Y>*>lyjDOSM9L}2}4J9J=5
zNHmw)HwH0|(CNpi0Q9nJZ=T{nkZ&J&^M-y`jB2A`jH`L)r~t>c?!sWmk**rL3j=s#
z9Aylm59LtzO$caFftl0uoT^jVC+?eUMhMN2!ng2%e;3Hzv1$DL{q=g_6O4DEh{Oyi
zC7%%HGN71#$sywWCHq6ee)okfx-}Qe9x^A@9#ZK`TL=xc{<oB(sdhKQ(I;ee@OCKc
z`Ml{W91xLSzESpt&=IH2cjYC7Pgc7C6_24eRQ<gTlN-^(t@b_t%+D3!z(|P?nFXJ}
zzCo-D1hrq({G&Sf6f3<Ib8DYkmnS^lnt0T7Gf2+gzU!^MqaD$HZj+_FIla!gO3o|S
z>%O=CwQ*Z}+3~4=5J<)Qq}exI*5`P2esz6*Q7Q5i6jXSYj_eEm-sfcfg!3z;fxNeg
zw^;g2v^n*~M{T^~YH5NhAj1}R`))|1_H<bBShx2hFjMZsK6OfVzCMwU?O%VWT8d)a
z^Q-h#LfB*|1BrJz*3?pBCe~WV3qs%lUEQ=e2NM2N6lr#0z-m$)Xo7uslAp%Z5!3kl
zH=<Dtmszgw(KK1X-%?gbNJu|})4QtPYsauZmntL@SEykNp4wQ(_Iqj-DzztZYeblS
z_pf+++;f`O{Crn*yl}v!=)j$X?-QcAK^XU<uu>6aEve)zU5GBrA0f4EhIpG!vViIA
z$9<ChU7_iEm^6DB`@AG_c=Q{*qj5b6@7O)qTa1nj;FZm$v2cpKS65RGQEU;<@M@eB
zH}_p_`u^=u)^`*z(1kkz?SqvTm^!LeT{Jo6pSTBkI0C(E&j_B#TDJmU1kqbzZkuaf
z{c$ZZ8WU*>vm;8pJa146OYcd+fWXiJs&8MCu|7ebx_u)VmYd}(&R>fTsB9)JA7$lK
z2900CCF<!Pv*RUp)>+9r+kE)6&)po#97ChPe~0!7${5DwQGi7Jr(iDK9{Gbmk@fQF
zuEE&s>dRSbr^54aF_xw#dznra8((Fl@mm>CNH87eGM#(22H&XT_4{SyhMAR9UB4pl
zK`VYh^z9^>(^1D{N)MAKj_8u~&#0{yV6WO~rgr#RZkP@9@yQLBn#{G~6OK@kH1hwA
zn@f3&WpJn`guTpj!s1{4!Zu$56Yd1&C?T$&oWWxtYmH5yP-b`iU0-K8y)<co&-<~p
zl@}Pt!u5twWLn4@IlILLl8`=|-e>NUt1fz@s*M2^)e|2Q%>ly`%!Q719%Gx1&zXja
zD8|BQiLyJ_QlE@wtD64)D&ChN#wjfZ@sey!Y5wyZy*Yi~ok=e>E$Z7QC{uUHJA&-9
z?OIy+aN0cB?40QG#PyeRFCK;2X5xf0JcR3<<T%NGP$9*Bw$uEUF5yu5^|Bp%!<iA(
z=Risusm0r&#moPs^>4DLDEv9$W3dP}IH#=R(=5}doSFRF(nk1(s)*-L!SQkwH<{-J
zv70Pbc7Df(EM7+!4$<Y5=Z^fznFouYx*T6P<legvL~X>sGq2}Yqp{>S$-nBhl(zDm
zIl6L4BZoOFCsiWH+-E#uIKWd=i%a2^Gw7SSv(oWIt$p@uIm45IHVN&Cvc36(N=e8-
z+shFD*C;245DtENj<TVsxc0>3OKGS4)5i0=a{eAyo1=AQXQFHlsan1A4yfG=EGTi$
z&32mqM^O5>(75BavdS*(iE-5{9e5|0*}r^9!Nj*o)3=&4W+x!^@)ED6c%P>WozLZp
zt-}<X#2Xu-<y}{DT0I_2tj@$Ej+E+?lums86F2U|PywuYO+;+BRhs`0_b4-u=WyQ*
z-Ap9lL#x5CH9@rq;<bf=@>M9tKyC9M{PA$DBh06oN@`*jSC+Z*V9d?odizn<JZ9+f
z6xqYh>dn*f^)lbJP_XsGP@T1pRLmU4UlNy8lFM7$>PmSsU8V^#S5*9R{CpG9)P=X$
zbdk>uX?7T2$W`%=&lE^r)cL!+)tilgG|NP#rYeqlHHG{$sU%eQG)aTV(^h5Pa`a5}
zVi3>H@oSXLwgh@2ADz4mKUg2EvqXM?3{OLMK%aShHBlDV*T}sJ1L{IANu6=+?U4g-
z6jo{?57frU>T`}&yq@Bq{A=m-Yl5jueVi2w+;cK1_4KR5UL9ed*3D9HpOsO3c{{pu
za=U`YenC6(Qi##Zd=2uIj5#E6%1odre<<EKB-u~cs0`mo5(M`iw;uV9$~R~wl=9Wd
z9LS@1vLQW`(GVIL3+cR^u4(!b0KH7OF&~9dvNa!c3Vo$icy&$Js$c2@;|9|vYUUA}
zuXd*}i~ZxgWL<5+-WvB?%-7)|=1E4#Ks!>aFVY19=8E3qJ&H-l8-W|4{==D0ss35H
zSi-M^QTd$1C90Q6rxcIRuY3}AHb?l=KMDTpHn*?9u){d4uwl9<4zYlr`je(@nYVj0
zvYZ+AHpG3TNfjHYfXbgf`?=M~AQ8Xx(QnloJ}H;q2j=OXWIqX0`+5KCHG(dac(ySB
zr}Uf+kj29b73N-8c#$zhF)jU*6D;;fIVdx#$+tLK(2}YZkLX96^#l*!<GtxAg~h8g
z{)KJ$Hds_T<yx~|_|+&^uU1knv6L`E<!|4L1iX|k4cP9L)x%aTq8v3qUEzp`UBFSj
zUwM8dQSa<SctDpj2(U>_5EtIA)r(HO;-?d<RUE+j_>{WuN-7cUyx?r@TNhD(?J^b~
zENNPn4Hzncfpy*=wb{~ZO~7ic)2yCc^=GH^gqCNz8osY^3`R#jXg*xk^E>$EwAhvw
zVX3d5u+c`DCqS}axhIw{psey&D=V(80iPS1L@+s(X|)wP`+Pk#Y-ty3wES1$m~=v%
zV;l>t<G!r5M;VDlUD%=3nd;wRpl&CrOU=N3o~ggV(s_BbfxhV6ETY*k^SH4kOVP3D
z5xb*B)o;$uhlphQrb2HLWZ|s*dgwtaZI={A;Mfq;!p}+Gl_!e4%JX$AK65%{$`pFL
zv<yVMw1On@i2tfh@J_0W6pa5^^&TIUOgsCRirK8c7P*-<_oS*%iZccN&jeCFXtl^Y
z$ixoBUl<)kI<O<hxni3p8yS|r-i$e3(6qDY9_Z1S?J8K@16h$YSlYv4&N@FcYusj3
z)4Qz4E5ZflU62)qxVd1pi^tPBTZ0OaKH6RM&BL~qyn^~S;n(aSh(vxGW5)cw0;5`V
z!E+8l2Vd!tXis9Z;Lk;WPHQPk{qiLftz2XJLeNBUUBqlh;!;hFM+!CIwIfI2fnY7Q
zlZwD7&g!ZKqa~?>{_?Y#qJbXFCP@zmb4^B&4{H#R-=NH;Af}q0akGk)jM^OM?wf2d
zYxT18l;@y8h1A@Tbz56*kWMT4kLm4+ZHZdUy-T)DwVZi)<^BxaV_H784PcNLcP1yr
zJqtV3ErG)emiF%=kx#3$X8eZfB@ILul(T<RdG5J-EFG;INI)AwFzspEONjq_1;4zL
zI~TN*seMPwk8=L(yx&EdW4s#K7b>>2!(M<c?sYGHnYc5dfs$2}6svWoQY!#7uRj5B
z-+t%NiG@Lma;uM7?(Fpw-NIpMt)OVB!sC_)gtSu#eS$(=?qS(a3#Y2M^KV^s@}kI)
z-6SPYwVGoGc#(B5w{x|cuLBqGvk~(1#|lJ-o*K$eKR?gbpB!RlP4Mt7>XI`HRo&wE
zzeA9L85cVI{k`cL7mQTiXm@<Gs;vwYMg&IvB04-ltJ@W8;|IcWis$s5d0HL+%rF+K
zTDtI-w-m%*AByKoKE6sk+p7DYm>18V;WQc1!l!D%_CLfSL%Do>E1L55v&O#GTM`VN
zRcK{^z8v(UW%Jyvs>duIL9sAI_dz|i2pLho5;D3!Bcr(vFoS-BHh+}}7@<+~JhAdR
zf5k%vd9JTA*2jL3_R`{t(ukbjWa5npyfz~4eW$r0+Gz*76QVN9p^iuh#{9m$flLnS
zefIt-@D#J=%Y8Imou|zS3>sy@)O`PG_=tc*ymM^cY0#5h5pjv{Cy5egC#PT49Ij(3
z{vhFn$V$_{B1ju5qx_N@eqMe5weys<Jr<z7^sT-Q3<ngy1dbJp62^k^6T$a{M&J|4
zXWmFbn|K`~5$;@;wR?C`;-sE*he(<)Ve<_#p}Axn_`MKB2G%S!)gdbi*sW>?kC#)$
z<)PX}$t@aJbC?(}H6QF3YU)lCLlR!+3_g|>KWJ<zvD2IeS_M|(c&_96agrkmjq(Jb
zT;nMa_yfd^e?^eyEL=Nd5|UZCYE2pPJ(!SZh6DSl*YC|0isrw&25uhy#uC@A-k?WR
zn_FHOL9u!!$@#mo&}2T};^3q0RIfNb`&M5A8#=OjShdAN*UMttqUo>a7*HqwQdWa*
zI?O@SsR=r6qVtzVK2yxzc#;K?ZHL@*M?LYZR#aKkp#$tfTORHNihC}ZDhWoc^D5VA
zlkGJ2Ds|Uc6O}SEy7<u7l3J$|68@2oZo0-MIJsy47(X(^e0z!Idiec3zwqS<pw63X
zyrg1W=DW;b$pZT+c%KF>Q+B~vjViyctwoyJR*yt_lC9%M-&#N!$WT{O3Bnmt;b#aZ
zQpz<GV64)^xyzi2sdUtp`B~z@yZ}l{EsmLqix&;xHC`b~a`WZbZuX0SSr6u<&b%y@
zik2<Ayr7?D14Kvox{)4^1+G}_8x<dJu`iDGNl*27SE+}wR53~5YNi*(p6YT+{%P`T
zsUk{}|B)tTekNKLIbOseA=XrPbbo5pD(uiBEL7{gVbx}I?cF<eB|is!^V{2rw5xOp
zJdbyRv$AF{T?RnDe6-XW6xkl0&SS-xtoVAGv|De3{LGjn*MG>_n|qncdX>(4<&F<Z
zpwnl&oc30`BSQU17+5$g6aD=L%DXW8s%oBvGswAECReGQotm0`z~)P0*z;#$4LKY$
zGw490(OdKpmHvlHCot&d<m@uoWu)Dj?e$&u1Ff$Je^i^A<M+>Fg(mACh#y;Q?0q}q
zC40N2@h1i}%EHLb-xy>UnPnH1P7~42)<-yOC+>&6<X9D#V89@<-guhR(DknP3xboX
zSARwA-rhTPUU-0A-P)XjrDLwYO<<hb1>mb@>JFYB{L9)0`SP_}gL%>YDS)l2enVtQ
z8ogMw;}FEf{>qprxAG*X5(+=JG-fl>bP=f7ZT;V-m+4EAu|jCf0!6%y;>_P`J4mJs
z3sq#b0Y=sinIpI;aoQ60I9@YYsUJMc3zv-<uMwZI(>#`2n|AkpmqKTQOhERYqcMy8
z|91IEKNzy7SNhJn5?p)sh^fA&A9?*Fu#X@M&+xDH7ob5}{fx1$0t}Sc7jTM-;LfBf
z4U{Z$-0f9~MH}LZIul49At=5VU~Yf!T;?eQ{M)V(@b;=@%)P!-mUG}fQL9$SAgIB8
z*QhnrCskTnuP4-@!Z699#uiH7F*n4lHy|1**g19;dmGC;TP3}91a_b4&c51xJ=v5m
zU`&Z!Bw3TvZDHtey-@y;3GebHAdv!wGc|kj@oVfy4y8MFVzv)48^-1s#0s9P$Q@mx
zy&~!f|GS*?ofsmi6?i_ZlQy*YK(<1KZh!Bv%11!B_;3fq(OAGBvU>2iI0l{tWCf$k
zQrcaIr#>UPuLy7Rokw4L$*-ROzr<2A!wq9L#Oum}KE!h*x35TzTu`PK^QAWTSp8hp
z(0d8Zvs@(!jCWu8>N3Mr+qH2UJ`XfXd&#Z~K!V$!plbEKr07*{>XH^)SYPKK3yw(1
zk|bh*CoU|KcM+1v_<y8g=WGGx{k=feg_E!IlADXw&5I&kxy4?msfI;jN*b@{w}sPJ
z3-n#m=6|^-otwf{!kP*iU@Q;RsB}k|l56Z^sH$_N+$43ClxXxYoi`L8o+9SSURO}h
z2Tt*Q`W*-1a~DYP&*sx;o}|+PHSo39xk`85Y~@od>&Ix)te>aw@ZvF1PFu(^6m7p~
z7ZU)4=`<Tb)!AKw1Fg>((4_4pr+d@=4sZd7S`)CqvE*z^*KRoXK|(av;wHPcu`3LQ
zFlWe>2j18Dah#W`qF2QH0eO0P?a$9D57299iX)=$+bE4r=ap8L%-B>hmZ<j|nbxfb
ztC0#4jgf`x3ZO{`QJlUKBO8+;`?U0UNg=zlK9TtwZBCHD{}6`DqrZzIcfgh`A;Tp!
z{IG*{=v!2_Y%Uie|3Zr4%{wGAiPMMea_*S@HWjEWCF&v*98*a0)?*&?*8AM9tb_>g
zGjLGLwpOnJEwjn@IC03R;kSBQ7e_}}KxMz3h8&KM^qBikoGJe}N<!B3*{U7xE+?=C
zT(D$#JFrkcv+JehgRlnNia{v3*3vu!PVsXGxYPyLbsbV=L0VJ~=<U)cPN#D1Q0JCv
zfzwOMm^*6gZz-?F`wKsw%+ju+D@OID0lid~b+S^`P#D0aLu23seezT0CLnL{)=6<B
zri@cwiI@FQZA9$Ro7yuPOL3J;vGrkD!1$s}Bi2m0k2+n>n#Hwm=s_XpjLmn;V`c3P
z=&2?z;p8ga#^}&%7qr3nA6VE3MSW6tXg1;>6T_RXlMIPR5@i7mYD`MF&}yy{5B!R4
zitq@H;1f>~<Y$yk2Wd3URK-<%h9P;>87Jax*-6Ri&;MZyFITu<=B?4+O;=qV2puJF
z{)ZT@{tq$yixXBI^t2ize&{aST!uT>MJHw>2{Rqo{u3&!tS6_IfP@P)`#tTuC>WxC
zN%N0(K9*Z;e4i}NGW*xW_Y_*Jk{5{AfD#bd>w=6rQ_0)^{a_Am@h{w3Oy*V&1Ch07
z4mhwMjEH8-&-k9;RQmfou4v;unC{JBmI!5P4RTsKeBr)<t}AmYPBGjP4SQTyOmlu3
ztXi2_Jm2Nw$!KLWYvyX(OyO>`RW`%swW6-`h|JWP;_*Upp}@v-(VOES_ljch1RZ66
z1^5>ICAGY#GMuU%gR;Agy)mP+kN0-o$TdmQ+1K$1i0r2Ze^qbQnI(8X$){O`vrcvG
z*4;Q)gxVh67trb+5~eOAocbBc+1D)-3gol~$Z+-+=K)_kKL+%csfL6%&AZ)&9PI7Y
z4~&Zmjz|}#es4<vc(eg|4uVKK^t5*bQpW~hL}d~+He^9GnBeJX219fmUt%?}a!0V1
zem|IU602Ha4~A7p=jftbv!?bjsjW<JN2SvrE~NP>QjP2_(F|S?kK+c6*xWfgbK5$4
z87VDy)i+DMKWL?#sIKU#_Kqfg9OjwLWhtjYf*PsQEdG#;5oh}im?z6!TvJNFCfN|y
zx-I)LY)%Otv5#d!XUq9+58CkZZ#FchUIfrcJ+ha_Ov-iTAI`iV`0K^M`TIPmFZ=;W
z-}8Oej0*@GSDR%g7$3!hP_HutM>Zb46FiwA-j4mf<_TS5!Hxm#my|2*4XWY2!?^BV
z(+OQZo}PVuzkfJ3foZurP~g=cLR>IcG7XpSIb4Hx$PHRV@CR+IidU5-%-gsIxR@R6
zuGkN}P{Rm*MORfSi-~oH0wD_$sAB(q1uxx{<uJ(_pEPWQ_<QqhkR3!3UQePJA$)hD
zl<xQc5Be(&Mh1J_!B@IwAHZ$+5dd%sdCXvh{zC;bfpMF>Q)8qhg3*N6AF@pd?_h@U
zc03qwJn3=D4A-W31jdYl*QT?;B+EJ)>3%72EIru}7cw&AB0^jO<qEB3==5_Kop)!I
zg;(|nlXnLxgRmqP+?YH#F2La3aRlclPLGy6MS_@MPrPf$rl7ZO4bQT^0EeEQH$@Qg
zEG=zrm=cku^zmP`&0x+2vp6X<8ve8)0B`^MT}HH4a3DKCllnIuOXI5)WVi*sj3SYM
zQvYM&T~6nrBPO$4>OpH<O7V8gy$f+NFLsKS@HD9*;_po7W|GHfW?)Ja+?^KE*0(rb
zgp;MAD3#hY+#$V0lL`IbT4cjvG7Sf{CSAFBthiydvFL^NQ8xsMiWB--k9h1Nhe@`+
zjPntIa+>?mmhLoL^=Q{BnX-dg#jaF5)`$PeI*Ud}lUTcIO+&=mAI*6dSoG;}!RYt~
zWiDj3xUsDyX7cwb8Xee=|J7_X0v<GYjD(Ml$DY-bXn%c^iyn$H%(uNG>N3p3X)$8>
z4S<dZy7-E>4K1GdB^n{X_DfgB#?EFr+wck4B?YZG3)7J#4BOy9<l@i@3VuBXfl5C@
zoEQPeC3A#zKZ1}YoOv!eO~}t<2gip~?2kyeC(p1?Ht_leW_?ALHYbyTIg0!-l7GN9
z=5OxL7Z$I%9QNPGcXakU=f02T8H!>i@WTj`evcUI&8X(2?wRY&86_913UiO=)X~B@
zp3~H}f=3v}M+UoRxe5+PxkE1-OzrM0a_70uZqoc$-?_K`-S1Mj;Tliig^~|TNW)C$
zPIq?wtRbg_3O0}HcQ9bOiI1he1daw|=Xao<x$JGCwDUPe>Yrb@1bYf@?6wd)xvu@+
ztTUI`!2g%bZ5v=#UjK(ve&G^3?*$y{MQL9-aq-Nrj=i@!S?AO#ht7A;7p7#BxtFMw
zxAiO3Dh>PF8W^Zjt(Hwvp-Er)No;3*F{f%4wp5i`CSj+Uys289d>#j;<#<SePY@{5
zD&^W#sh->V<AT<(NhttsfXnc|vr#HEZ6lh|JeWFrIuFgNxlT!#o_Ze*8DOsmmRz*p
z0tUf+UC*}aG|0-7Hix9Dr?giZkLuYr)U-_}P37g<ai?|$(VQyOwE2fZw@wia<x`1Z
zDxUta`6$O*uGPiylTJO~GMzXWhqJsot$gxHbiFjltCo^KdCHMY{ylQFVZdkmEYikl
zgtvkv&|f4Vs7s5YJ~ym??rIM92b@truVFakmIc^L^HtuAn!CT7yBfeq*$b&Zk%|5(
zX?{Ca?)@E&!xZ@5lUdh?yZK=hz_WSZ<0jupVyw8l7klCtfd2DocJD_i3sc@xYKS#=
z6F)&g{XkM{HU71^LKPIxT0$yx_i!>p$U=P8NvA5T3*`{ZId@iFOD>bY7Imd{eB)+C
zO#TBz5`?ynn&prA&#IFb<Hd{MMUUII?7An-`G;Ql&Mobm2N7*?t<ABO8)9dRY_d*m
zV*9i2{7os`_}8C>hGjgah_h9&N)fk%TOgccI78U8mtctjt5d|w%q$-if5X8Yg_>DD
zc%M-!tG;h0k?y+1_-}_DC5iYTtodkT9uRUhW-#<M1VMU8^>le=|GLg5HN4N`6UY8l
zc>j-Wb7`#bU|Cn~K-Ty*Ls+4F?kbIZus~2jtDh!PN5}ILPY}`koPeUE$_?Aa+NnOw
z_0>Yz19`Pn*KFrUqL<*($s7uzR;_(BvJ2b1T?n8-PYK%voiHx;ds~g>iE~19>z9@F
zgc+h8lmL_@OogA&Y{*X=NR2s|UMY;k%ww+Z$Kmv2<6)EK1a@CnRG^I{B^;9k7jV`K
zwI(76uJ61m(jdLf^GHAtr}rT#OqGtwcm$?H6b<l%ME+5pRa%zcMC3~G5%mr>T>l;>
zgtyrn6c5XfRG{xe2!-TOvk4^ZNX8||InXJ(Nh|ViM$wlOvRn2Oud1x5I+%XPX-Ge@
z9aemHMq~^%3iy6bCM{u;jy51xolAsdYS7_*l9TqQi`w44D?%=VSCLHyz3FqN-+lDh
zCu_#E`A&?dKjbq9ZY8)2+98_QBqeJqu&H4n(hNIPW<?feX=5k8Kiy$%T@CMd>v-T*
zcf}ALng-kl<GgujpOy6p#|~!PMKs70Gbtv7v>}spu)1He3IfG~ljE8k3-fxL$@W|l
z+S!Udl(alE#CiUuc3}EIpN*f2xBt&De(HFX7MxH@BQvI+Kb`Wfc5ulUE-xTuI~s8;
z?|YhZb*_C0<7=D;T77WK+TMz2XO|6QdCC0MNGFGPjm%+hDxG_uS*aDuwPY_b`9spr
z<2pRI6D_0;55@?CIh0M<0L=X`n4EjzRFWM;#S?z9^Hh6H5hWdOs5W1-SN&?D9Yvac
z>o2RM=_sLl*1)q92E^;CuEEO&2IXXkZK&92md448Z9`zMi2TI|>tk(ZMMF?5qWumx
zRn2k~vTH2^*imv30q9H%w+bR?JGm-Ew4vk=>i6TNsxLl*m>d19`fXoKj2X4RhIHwu
z!MbSgt}UV;VE0oi@<9d5{z1QXsBYJsi;}KoaO2Iice{&Law>?>Ru{miOr}aordAqi
zrP3hNFlsLOV?X_;oMK4v=ZE%p_(Uy!??v@A4w@+XA8}e~<?5Awn)K#SJoFYVRlqf4
zY#07m#BT0rl>VObq}2gk%{0R-b$+GMjB9%Oe{#i|;78khosMbdH@spZu9Eg&f{QOQ
zjI}_<4i1yFXfpchmhq0*wwUTtt+~-=fizA0G)+&2S=U`ViEdMjOF%)%(Fw~)pe_G7
zX6M~hH9mT8tXm@+DtO#kwz}D~dN$gTYEY08J6oh$)WlG!Yb#)ro0@+xK7YjY!aDdx
zWr+^w(cJW-h2$l8^%aAUKIZK6G)q_vEgW6QT&PGgo_CmXFcUgFdy=D>QgCvTAq*<!
z7vm1(*9tn43ZGb24U{Aax$oapuu$W~FvWyqyV;DY2S>Llhkf2f=hwHZmLH6s7V4@+
z-5o?CoF4+JJ3Bj17yaw2j4*3)fno~tkOuuI5N{87W`VWDn9ScEsh|eaaZ2scaOe1H
z=ZYO6cG^6WGtRjb-*D%#?cx?SOP=b@3<E=Y{>WTZ0WWo<(UjM`y{0pd$E1@bOYQZQ
zcRNS(!sPI{VT}py&%5Fp*^+82N`S%KL(6p_$mx>VkH{olN8~%P=9+D!Gqm60bbco5
zN4WxZn@fmm7ox3Rgyrj+70RLtr-naW{q%pF-iMb2kvd+G>#II6@*T`=(flemI7gQX
zcJ~b$_qK%{cXrml|Ety`U(jkB>@Dk#O?3e}q$N6kITZZ}>MGEp=cYM7k3}eYho%W8
zgbn;bip!zbG^V@H@7wU{b#(7x7|ca;IR62frMnSdVJT%H84zYmexP9`HzIO`7P7e%
z%&&HyV+0C}HfkIxk{?-OQo<U9ZP?e^qAALo(@M9go}dS9*X7D3hx5h3W|XJi`Sw<s
z3#tqiKV7+=#qjP1Ol-yQS#HHL{thdnU)(yL6U`lLSy+zW{Q{cqNP=`^6l~)Ih%OqX
zn7zCiO;VvrylLl-y+<UE&^S2~TehrMU3gj%A`6}vdRrcp`<U(m|6GhQ6gA}1w)Q`*
zr8VCVBm%`|Hht8X0-7=+oPADE`Qn@`|FMjHklr#^<lN`KfISJTth9Di>aG-ywOeXP
zYjTu{6y#&7o1j_O?S0{LjGiLeYeiWfZMQgn#~qfcZddFU%GZ4rl$n7}+fN@>XGvpi
z`>lI1*3r5Y{8A9ggWppT<~=R9q!y&c&5UVtx57b%sj1lt507*ByV(5PX&A##1Qp=Z
za4>hL!9JEQA7jYuzN9|ncR6tSC-+q9_c|re0T`_HD*wSxe{0(5u?G-p5R&`SNRB;p
z+5Q}?wwE=-B!A{S#}VHWM^TF>8x(v=71Jqbo0~EdZScp{DYtEdZ^k+Ih<C}q@G7UD
zhl`ZEQStA~+;-(}WWX}7a^Cdm-00a{R2PvI)voChW^81Rz=)80=yrL3f$r62k2TbK
z$ZK(QQnsq2^+v<Y@o2<q6FjM3$1N3oMT&+7`&{=Y0B>mhvcCXWC`4cQSny8`t84r5
zQ!f4~&#2qb$A@AXBWCSgw9+uS)|5`B`9Rdv(;n4`Tken<^^30}Zn~J%Rsq)Q30aDF
z>$HAfHn-E7kv@9gJ|@dGBqew-xJ*(hw%5}4RIVr^=$b3FS1hmYM@~;nU>Cg^M-`;i
zW3D`fp?zpGFY*+?Rr5UR8ee~DWhwc-#;%gt=dZO7-<BL26WA~hmzK$lZ9hDMPm<pe
zPS4W!XPogz(-57d{?y%u$yohPWCPINDE}tqa1}m>2XAuYZm)Bd<+X%>TWrN4d6xj$
zc|Ra^>(f%CzI;xs^10be#3Yh5(Vme0K-|o;O7_tA^CuDFh%PIArL-?6TywWLa{^;<
zcnJx^b}S(W57_(FP^>&+kDwg9O_$7e*~)Brwabn!yE|f#5RjRQzlDO8;dU1FO^viC
z3~SyZW<bSnFL$)=;-rvQ`>CZ&2DY!iX9=#S#7<BBcg{X>o2FD$ZM4#er?pJm`r$Sn
z!5iQGxs72|GmIhe*EI>^c7fP+tD*OXx0@Tuhgra|+%0fd>Y&IfzLWKRjKPB&u7G$o
zgHMitM@_YZt{M0-5!__A^#d-QRt_gtLt{S$`Tfh*s)<&fnQyYisJxVv$m$OGM0rue
zag^(Q5P6b8>dfBq`HDO74yN^2!L2Fw)lTEP2FUJ+TValFV4Oel*#$w{E1t8|G0H?-
zjh@wJi-p%p`_De7m_I>*Ugx-E#z;Xy6LH)`vMU$eqyI8A3K}?1Y*~;}$mQvz=RB7x
zyLe!!lX01>JS>v_6)nxna*gt8;jWUpyn!-R=*4s%6PP#*79zO<5N{1DVkaS#iAgby
zi(Au!FGeXaOMcmzvy;sz?U^&dm5SJEPs5DO4h*t=OZc&8F1pjL+vP?ho3J^_fBWMc
z!bPj|$m?P}i;VwqFERl>F46GcTC*WPrUfbBja*Jn)XsSNdoaE)3ir`WgZi<md*$jE
zD*V>E-g<RgHKm_>)`yD2m5@T^{L-!3r`KKwiZ&mWQ|yAiLAv?(!FTQd2K&o>it^(i
zGIDEZ(fSW)o5}Kk8o^(Xtz#Cl)jjY->c2<H2AV{Lh!TrM%f6d_r-7;?{B8F`L9;wt
z_7CK_7Xvd+r7#lubvzn+Wj-Z0x=UhGYScn#1OjLvsip|1!R63jSZJ1{XBHLmbZ6#z
zA~gW#fQTKtkYCJ&-Y`QaFM0Y!0w$M)g5sft9I6)!9A|@LObQCmN!x4$pL5&uSy$Wd
zrqIel@i?&y8WJ$wERvF^juJ3$Y?6|8uk+w5w$Ia}R}LVfHyB4nEnq8^EkgUaWBPj-
z=vl9X)VuSrID+p1m5(sv!*V4A+nTMdx1?RV1hNZU@&GQ$1D8B<I`oHw<Dh_HTm%Xv
z`jfnp2gd%jlxWBB!Jq2lzg?N}kJOVYNX05;rwGL=?wI(O<)uz{)Da&{#Jnt9&ckeO
zEB$rEE7M{YE>iuvsBQErW%IlR3MoSCR^+AZd@;dCyp$thX;2>BqCy*w)Z9f&*+oKW
zBUD_HGt9n|6c2tlW9zkNmED_M`Qz(KJC$z$Cj5P8O%#&gT9TFL<yut={;ZU-r6Z)F
zZqKu1Y>BDO(2N2_KmlBIw)&`4m+f1uY@EOl7Gn2L3|u{R-)PX6t9?Qb+E0VNP$ZKB
zgg*oJ_%f^s&BNj+EdBMWyY@@6bm*a|qG@QfFwy+?6mTQu_q*jwQ8yCeIz4}AKmKOd
zy!&Kn8Q(-d>Ce{(`w8^x$59M2*POIV!d&{nk$bgM<pd|4JcxN1cpz7Hc@Q!X0SU0@
z@o5TnUBs(7_{L9LC8iVbt(?9D9J0M<GEd1GNJaIRJhdNh0R;SFFOPYDT6cwd->0u6
zD8Jan+8aB%UQ{!y89OHZZ_2jK(m&cq@T!`*vtF6P5Djl`nwDbr-9zHs$yP`NJ^D`h
zs43aw6sJ<X9U)12odAePY%g-c8cbp}gBO3yoTWZ##ljQK)#*VB;FixD$$t=DJf8Cu
z0tc=_i#Fbb0PeNCVfA<x!~X)}|ANgSaFF+3U<eL2vy4W%$rq!)+d0elCVF7)1S8LH
zZ3j2@rbun`zhK?5Lo9(^F9*_g{moW7=uN5hJ{8n$?@c)fq@8$GUaGya*nCmOaS=EX
zoY&nR>wL(o(cd1s?Hv$>Ggke#<t}bV==ZnjUl~e&Sr^u<;Y)#8TVms-8qw|oYK-f9
z|8eV(r}F!+(O0n><njz75C0RX{sOeA)ul3FO>klem?5I3UoF+I`l2ShgB;-*ZfWSx
z;7G_?dK;=#&fwMVpaQ^#MCFEuL9sMUbUv8t9fCPgX2sBl2TAM|Rwtg&r43ucNxj0|
zGO;JV?Qs^px8x~qm#bnMe%cKr;!{Ur(q<7rIM>!*gZT+BY9!Z2dG2os{mU2^xP0}c
zemD)N_?_?20p~8n?&vP*y{QG3$S%Q@y(twl3Pm5~=}4@G(3fR0mQ{p=UA`h-caJOB
zNE>R;ZPa^}Zz}eD{tW(I;rM%%4!P)@V}BvGX}NYbTgXPCA1Nuj3%E~((^})NFpz!1
z%Ss`h>^UMKpnPEPar*oIwqX5AV(?|rJcTI7Tf(xBdNxgFYTT_9+JQbyN7eZd{9U+{
z<7T~bOSiar`^%T14-*qibtyUpMvYI5U@)u+9R9dTaP1YwKkA3ic16kLk6!7-TTB_P
zfUBD??$qIB@^et833qDZHd1I7n_M}UrcvDqpIX_!vqLezBXB<<a5{KT(e(|g$%0r`
zDG1|=W4B_ZT4u4>10M4v#5(N(5kN3me+wE6_IttNym?s`sE_!+A)*|V_zmqOL>*g8
z6%WGkeNkDzNy`Q!Yi&1|`BwPkSNBF|>;<z+`R7q%2(WL^DT@^m8bEynJWVLHlwW;9
z@O7bUPB^%lL@0bi|8d_&%LWu=D)gII48TRlBHoxyMDJBD=nwok%qUk2(N2-W_sPl+
zjSbnRDJBB>>jC5;A7?WNAlw&H3IzG}Y>*0r0@iI$c_-+~EBg>YKgo<v#}-g=e{;Dx
zW|!XjGg#WcQLhPDA>(Y;{DxzxC4jMQrPtEKpC^O$p~5zic(#*JXx>R)D=}0{CKK?&
z@|25@@sd^~wcMrFQ%I&>Q&>7JE{_Spj5f)!VaD)dfCUmJX?N*<^$WWAsq-zWzdFtY
zx~A-pt*E{0wD!&FuK2hX>|1vm+8yiVK3QXDg-VpfkT_A*&&#VKRN33wPQ8VXNQ`G_
zp|#Pv*>u@k4ajSoB1{NTE1Qs+V+G`^-(Tyb0Kz*@)N*Z<NizNKtwIbC`IW4T&_+%=
zA=-FL*otk~5U=Q_3p2@j`SOs;qN_w7ap>mp<(UYX>1cNvrW$b(_c4V%7{%nJEtB*m
zHLxTMi*Ys#!00k4Ubinl#jnm39<DgIHGiioG;OBrvc#tL1ngCYMd%rDK{$y~C)Y~&
zRzZ++C)|>iYM~{y{J~JqXMpmW+bxH%Q7qea`m?*=xWt11z=puZSQDSP*sTn^@Jw24
zgWB=@4kxrN+x|QW!FYaTL57{7zoZiV*h!5eoc0ppYyHI_mJt}$w-gnnDLEV!YpD;9
z>rFB~fM{mw_nIQXj@tJr+&NBDS5e4cFJL%Izp6>CXI-67<40cSAgqB9h4%zwUMnvR
zFL{n52!AYvN0D>HDYk(iw&9(*`hsWvM=trug+kQ9^xp`q(BjaGtw(bZ0VIHG^FxwH
zfWT3Pi<@Ql#e_OK0HS=+U!s_n^u$ztd8?6#agHo~*wBD&a3&&Bu)SQ(eN{RR>*=EG
zyq6dq>E`y=&xx_vzDWKy-6dwntAL$C8B~u8nVUNmV(p|e7;N8N7>{;7%Vu%U7p=MO
zVmzrPanCh|%54LEf6Qpi6JG&YGZ`KvWFs3?k(V5WYL#Avb(J80{V2&SI{d>>*R4iF
z+9}P<7IW6;XR*2-3(YI9_E5FG$cQ}qB*F9ySIsp|&fQ4uxMZgoMwc;zpKbN+tmWmT
zJ6nb9ucud*Jd)up??UWxuM$+T8e0bu8wZMLs)4CnQ&!-{;sjxR0fg9u=qOK=DGiQJ
zGPwpIG4SV?9LjDNworze@;;e8e;cWWP$4_lP9h1;vsT)gm(R*hECSQ1E49I2lhQRp
z!`|}Q$t3Rt)nv#kI|fYK#(|i-dv(n`9QR-Fq68@=bPttpE|+5|-7>EF-|mbTYI^;A
z2py$Q3=4+F0XKgJT|K#t1+kW3N^yXNhWrYmO#39TmpB$PtLgyXU}1J1y)E9=CI?~K
zi-{$V?>fE;;iMV)Sh$QcR#JfhX>Xx^Em;K97Sl(6&?csDG)&2#eB#U#mcw?4(Bgtt
z*4zQHHQpIc-H0Vo-Y7~9&waL-crw3Q5XgNesjq-7>sn2Rz#dXh?>P+AoAk`3rF5H#
z_~y4^-5~Rxw9`b&RgSmEVhUQZyLNWqKf&SOFDTUtl=ZPZDc)T3uL)pF%s)jCY>DM>
z)6Nv|&kzdE5au8btxZ4aRU3&9IIM;zHW~OP6KzbJ_B%Z|3z)QThKd?UfOAHs3-j7O
zc^%8I?st{Qe$=?zgl&E*<^19n*pvxav_dcr&YV6YN30DG6Hi$9VcCGkd)C5{MESG5
zep-LqyJ9o><ctZ|SJ6WNYsI=E+Q4FyvQT>YzV$R$MTy(1^x)V7_*+cET*Iq-yBZK3
zs|*j=ZIvi)rTfqNBA!^6X=R}TIC{GIAREVxNKqY*J%%Q(&HRvhS({lc>I|MWVtHb{
z4aaOP_!>!NCt5I@o-Nk}Uxf2osu^HgoM=cdmsbe_!xMD~EhaLM0}PuARo7g96Krt~
z891ejs2=$j!A9kBPPkiH3JQ)GZ0ZK}vrX`tO~~u0Rf>s;W#DZ;Q%^#Rl;vDtKkXs!
z@=VAK4iZYn!{-t8-1V4~PN`eNOXYgIDF&dt`IxTD(&J)Ot4rMqeJqs*`4v8hy!{Q!
zXaE~;EKI@SUv4>dn{c&eELGJj^IIQ7+fOD-doJ`fW_$i_-Fa=wkbKge=G+5`ZyoDM
zdqj75Wd?x)`t~PzbD>f+vSM9$>hQi^#OP<xn`K~&f@%bEctIioT4qqX@?^0t7cqHn
z#LAk$jYx!orXpGmzMauJj45%@*)U_!>D8?*A4Vd-coJm;9vZl1aB3&T5Opi}u~5lX
zNi&+n?SH27<gXkbua;t`J^lR<z{f59Y3D({%Gi!B#^&7k7#JnShH2N)`pjIJz4Y~U
zpke-rP>J1?%^z0u(Jtm|xNWo9ACoYObJkwn7>jE^^~uZ5D7H+WqS|b5{u&iO5)CT@
z2ht&L?>%kx-^G<ydYaCBrQ`vV+ad}H2B(JuQC;pU@#kA`#WD%!nwN1u^B+zo>Uk0W
z<s8;s0@}_pJ}g3iPbJ*%gOYMKpy$RyY}#!la!_Eo@wHwPw*Km8-*R?0DC$=cc?-;G
zbmYMkFxIT++emIkYbjw=bqv?Zi^tbBIy1>E4I&d{o3*ARzJ=gyJrrb{385}G>=j)g
zP%p3t+b19!xQ(3RLV~8c>xfMfq2lR(X!M2AKs_?3QK;c!gRK{3u+gF(fskoeB3Tl_
zV@I*G54NQEBM^W>VEZO^j|<&pd5;dgvIhyh0S{~yjof4-0Iz+}WB~ZQ(3O@W^XIa8
zY_ityxg1d#NqP=ZA&C)SgY61N2}bA~MqaXN3k?#0ik{RthX(2V1wF}c5Dn585j}}O
zR0k8X90^6(^QSz@tYm+k1o#?7<WTuwOUyHz9BLX|SI-7)v;ByYr3P?$BAF~>N_Zlv
zz2Z^q0K_Fr+#(S8sKADpHuy#<z%eQ~=8<&B5qb{R%eR1dnn)>*enrHfE~b`m{8k|)
zR%X$n=vysYA$vY2TPaIC2R<qh*C_dLp(vEU_`MfP9adYIum0N2-A}jEe+QS$*DqUx
zC(CmK?^7>Co=;45S&VxT!E``EveT$%U=2}@BWu)h-VX+n2o=dn5Wq)kBivwr=q>SH
znYFeCvs*@+ell5_>+HS^8Zw{gQ9wNrOGX7U-{??4rQnX6Gtqi(AlJvwAF3lCYW4fL
zgHh`}k^n%x?ziq`4CMOO>L7jHlTxU9wiY9l`XP1Q*HRybuOJFv>i#Qy0+WreHyS*b
zo*Nc6yt?k1(QpQ}<*^Q}+>mKD<@)YQm0b2(H>4u{n5|J0$}JX!U>O6|e*V(mB$#?+
z;seY%)sVit`BO$RbVx!oss4e^lv0v5fz$%tI)w*1v?7J_+vuJR=~p=07H1o;6FrgH
zQuk-cjLQQ|LxD^{jn}atIOi#f<t(PEO2zr7-;gSQpzIM&VAx2|MImV+FpiMoZ8Tjs
z+=o6vGZS0;hpsC)GK39uX|CP%V!=o3w-|MpldvKtuiM)*PdNjv><ftSbR;Ay&4E@*
zM*a^^UjY?I({!E1CAb9-1P|^`aEIUy3GVK?NpN?U;4JPgOMu{R!QEYh^G%-jKmR$y
z*`~L8+GnTg-m31Wn>zXCgO=Cibab1c-}X$ia)Lo*8w&lL?PshdPt1&Ep%Y%EEMbg9
zNDei9Z|6)ZvuvZ<1M^p-B%D2KPjZTO)9^Lfn}Mlyv{|x=uxY?zIq!OLT!`5g-MjS8
z^o<C2iZ|bArDW4W!~PVapoZ%KD4U_RJwO?+uxXszH+5cLC3lvyUG?C`ZTgJ*?DpZZ
zkzOTl!yrm%RUfufuPf+jrGM#+0qxzIlowPaQ=6Mz(-9jR!;jg^a@~l~NHOzJWYyF9
z{K+E$G14o&fo=BqEt78ChnK;EaQ;q0pZXk<!+zKRN5(KU%=JZ(?klKW&S(gBl^+^-
z3iCpdb`B0$_$d$T`!Dl_-NG5hW8Pbv%<*R@C#K`wC+AR%FqL2)t<**;Eb0zD0+&&>
zd#vQ1Q8fskg2ax;*F}F}B?{s~zc2T*pk>9sS>M3Yq{`X;<+J@y(nxSqUv=%#;HVhZ
zdXeLYXpx(FV4gsu`gSd?f=T=%we*5XO^PV5_{oOa@r>VWm(|)J2ry!{4_9+Y!yY@3
zrwWk1DKkjeTn^Tjt-LaMzEoXLzB17o^$CZ`@=Bah^doN}PreDpw;)|<&hIFauSpi6
zIL-u{u%MS{!uhotgc^s|50ep*#_QsvbO?fqMnf=$xh~O5h<6wT^&+gGSa{!<iPgGm
z3+2K$AqgrYh(0Ke%o_S}+KQKzjRoI}RgVzd3qB7lisedVn9y@%%Q+dCzk!n^XQD&6
z-taz2M3zw~s3hmzNtuW^e=euM-y|BgzE(#$r=t`B_os&uR?q+BWlO;B9Vs&B>6cth
z76e|%JHKi>Xb)*ZSl6?EJ4`0X7K1|gyaZLj9;li&7z`2K+LV1FtK{o{n^O<uO;OG#
zb*~HF(Bdqb$_rhqTPIUTJt0*j_qTFA&4%sV<T9)C290esX<Q#mOJJPGMDE|mQF{x{
zBHdvRB0u3LeU|Z+2!$F%R__~!eNg6tS(UhcyWZ4LRdQiBthIes)}SxxuV|~BU!dVx
zigjsXB<fEh3fF^`tZ<=j{WD=>dH^lwcVdI?9%ROJnBo}ndncKH6V-57`WT{~8S<xu
zE(*-kSAvmk?aOK2o4&Dt)XZ^EEs$e5-Vr6@v_Efv7v`=yIcAw!9z!n9|K4%z`XY1I
zOGx9*^7j!JXj^(Es%K57dUL9BWgDzA%?jZiiBKWl7@>BjfKTcAT$<Xg={`h^WzGTB
z{<#tQXxDw(^deppouPZWEz9!9uSH@h$!+=j2~u9d0`7_v>MaTN-?Q&}ugq`!l`M1g
z>|vDgY*|FZ=8_Z%;Gro<Xw4t95Mx8hHQ`gfYUrpXD6mUg3<!ir=*f^N>o0TnixWEK
zbH~Y)m_o}37eLXDeaoS}3f99>jT7PCdF620qEck%u-=phuVAjGyOWsSVk(wu6=P!Q
z1{JI*a;xVS{sp7Yw6Bnrf+-nRdF3duP-yA2N%e{cF{rT9o%JM<x#NVG0k^g^5~=^=
z!v`z#b*<4>%yrY1%f3N7Td%>g8=5#CC~OSR=7nd9CiAV^B@_N;vc||T9Sk$gnJru0
zcT^^&%Oa$AEK;hC3=BRDs5qpn0UG<~4TKs3v0iqF!$b-teil$Cv9++3Kh)VP0rKsV
z-{l;5g0E#%pPTAC96PO<ymXgD#t<)^gg?LA!)aKcTVOEvQ7$%B6|v9!rjpC=7n{0a
z{M9!B<@$YzhBP+_?W36u!8K3HUa@bA=1<?0#`k*zWu-8*%Kh#koLbdW(GD-cum)>S
zHi*1J6{<KcU;Vf?e^#qzAqGn~79+Gi!0y0mucRf=jrZAQD}ULnNj@!iXXX=nR?onQ
z<kJcyk6QBiS<g17wtO~AH#+^jJf8cxHHn6c*%|Z4mdh|7wi7ct-@wdccp-L#bbKYo
zU6V9VoN5f*FaH}SHmX9hb;B>h0%6h_8zP1d{8Y}_{>I1sZA&TB({6sIjw9W}(y7II
zf?pc0E|v#r`KAgwEu2&I!ZA~j3+AhRVvj<%6cdZyk4yhB&gb0lmuT4(7Q1-7hPdxA
zK0C5s1)~R=d9M5%Ao!y;d`lY>6*YC8)&P^Dt~d<0s5Fwx(rfjgalTcB(A#HKt7Eps
z`8;%K;#vCM6L(o3o^?`$TeI!N{!%@crRjItRV{IVE<II3&$Ru^O@J<rpR99cYbyzL
zfA)4(3_nKinUb!t(JHnyZr8ermgK7D+3IrE*$ijX=w{=Z$QZ@M)Z)+U;wY^%EB7tR
z07JVLQk%#YlZp@=o+0;Wt9ijL<!q5JWEgiib*_<%rU-p-x~)kq+d-e?eUIPLDaXSy
z@xAS-=zQsMTq3=5;Y_9-WJ@ARH+`%MNboHt02<~S-!pv*G;DEBMwZ3NsOxh>zNb+0
z_fSgVcbGob0+X1A7va1O9Z?Ofm`>Kj8O}sRlnoUXjlwK<7wy6O^Fun{s}BZG1F{=n
z2h{HIY@LKzj$3uc@T;%R%aqyMWCPJ?{w%Of+TKDB4>?_|jPIjJWmhcwf>VENaLWq6
z8;ihJoH#e?>2lc8*r(-MDXbBc74|V?T)QgO-oktJBd&7M5~jSb|D_|QV(^k6RiF}8
zcp^Q;{mzOuwEm>WOx#XmdqsAud?U(*-yyS2*>c!KE6CnEX2GD(A-zvgjW%)iyUN6~
zRO`w(8RKwS=8ndgR9Rbl1xov(_uw^w`NfYlZ5A4RUt@*TwvT^qG5y~`(ql5kyyD-P
z=03FFA{7T5SxvSp)Xr*^lx=4oWTBELUa0>T27TyNw7gNGa1hCABAci;d2qGyNy4Q3
zsmjRwPZ_H#P5GycJr^{`4$39Y2@v2ATwbpCAGGWrjH$W&FglC=N?kSw-&Hv*+2%wj
ztF9E7r|L8`*t$Qf>GHjfj?o9jCgm3ll_uq(a^y9hmWO}F$tgCY5n}wFz)Lk<9l1_s
zxAAbYc}|gErVeYo&<)u*t((R2p|rWcLLIAZcum|WI-q;N4XPBo;K$}`vCS1f)B*TM
zEJ^=C=Cc!c)5&h&Cgn8EPD=@HS73>MZNtaR7~MIh7_sGKizH9JA2o~KYTmB^L0lAd
zgnsX0?(0?Pxl2>yM+@F@lWRIgXM<vwdC;ml9dYe>6RD1Ab4k<wH;L`G6;~8!P*5sf
z@0_miO58s+i+pEP+Wfwo2f}_<52#SvC7kFIp0dIC#(P`ii%A@!_$5IctmZ1ZoX$%r
zYLJ?5ue-}z#x%jRJM)M(1~Rg4v;y@sy+jXw=UWN={l57S{!|zqVqEb<EPx(NV$~$N
z@hlma6Zp{jY~W;bUYMcR;0@QjV5iFsa-U2&1T|$qbihl1H4CstGD73(EE(|&yw@tj
zzya-9*l|N6vl39XJwO?`dW+@g1n43Hz?=PFbU<@>6jX#;_9vsJyfFb#mw#wW7zIqU
z;ioW}D7~K<_~$5o^r&}YbS$b_1c25ei3)%)TmbBo0;n%qTs36pb_oQIdjeL51;5wK
zXnNk9)&U9%zi}L(`=DaQ@y}s`QbIyyD!3$|Lq=+ps*kU_IG_MbO3K-BOb{ZVb&LYv
zScpp$Wb;TswE&HSn}~8<sVi5a0R1isxCa`b!&roZ2>{6z^H4A<ATdWsx!zAfsd{Li
zj}Biwy#nA+O#mw75gMv)Bo3!f1Yk>v0Ja2ZQ8(cfF#aTzl!f>iA;@2DjDg;kQNY~3
z1==+M=toFcaSy<!i~J(lL#ZE*41(jeooNmSw)(L}{U36!jL&gDzl-$1bty|4&+5w=
zn8~{4gu^9432DChl~VoS&_yt+1Anf<lCYPGSdO8`LuPR0(A^hqj{QuID`6oOF;;v^
zrA}3HKEk?jpceO&ow3I>RXM3ZTS~rWnhq~4je<cH6)43I!{H5Q48B*VvTPb1xnsD_
z;fLzzE)0%i^E+gnw)2cnNkAom?%Dw8TNUsbGB(#M9@PDr)>72Vif*PRcO9^fpPl`b
zD0uM>p@EsgQls5x^s;K7Ik<2R)BJpyf|Oqv9fhyFQ&^)~+&>f^^jqL#WFo(i>XZjC
zpRvF+LV}Sz&449w671Q=dU<#~uw?X+@cuc-NsD$L-Rslh!I7tSr^M8n*kMq#sb_R<
z$izlYdy;Rnz`i^DiU=w>JS)V<808$MB9FjakD;{~1<cfxurdaE2?4D8%Cpb4;L3-<
z&O{jB#p;RYqVW$Q2<6NN0qEn0*4YfMs1HMbUH{ULG!#@7qwEW;%{#Qd`J-ht^rq-7
zs-M+y78O(u>@nAo3%yx{ng4>y0ee^5a_vz@447r_KKRjJeVD62`N61j41t*$QQXD8
z?lq}D{rnCK`XeP3jY$5N0p}qO$sm=m(ANjEsHFw->xpZ|>1fP`t3fWA*{t1E8)#9?
z?xeI<s{DTbeG3gOf8I<L>)`M+14ihJM&3ndGC2{n7#S^jX0BlTCoKLMrA5G5?V}3W
zGm=oD#8wB*tH<!K3-!*a^xyJ)Cpyb&UOp%+lgIvBO)X}McX~ujK2WuL_~c!qJP^w)
zzZ)4Qze5;;ZL2w%BU~=%thM)eR1f>K+kZuyU`$@%`Z=eZ_dVHtfK!gWsm04Nw;E{u
zni0oDuqeRj6BRxGmF-6Q!Mc^6&`;7QQs>cI7tc~8&$on#{n}%w%6JBS)fGgZrItsN
zmnCv-QKg%ohm$rSc@?TD&cc>x!pe9jHG7cFvE*jvo%)>ya$cyj1Ry=^_<FTFhk2tu
zNtR1Z6l^KNUSbQstkx%LM-tN?oBI`mKpD?&Ln%ZmK!`K^dBJjHxKRR4G~kRQqKrT+
zz)19gjo;2_O7z>6E{HCVd@s3|)KAq~<#WPgy?IWpKt*+SsbGwP&cNgR`Wmx!V(EfY
zO3srp!7CL9vqO6lN%V{1LCRqFl>y)Ii<y<<&evPi#MiDGBX@MpsvqVdrA~K~6|<ju
zggn}`<u^=0N_tDhm4guqbhEqKRLP&pE8WM`H>f0<-izV#=2z5neyQu6dBYpgN|}v>
zy_Rhi4omivbk+;HcT<P}RpgL$Y8$oA=yV>mbwRuH&NqkcEM(z&Bi44|5YfvL`T#3v
zA3cW3`(xLSL&jH2nGg+p-r9t~(3Pbux^Kr4XTzc+*Hx^_#Ku2o>};1*xS3K3>ME7?
z>nU3<<S>KD>AYk$$?5zd_?uWX?-NZC7Kn^zoHL1Q^xms53_W3SEAh@ac3^BC9!4ok
z*|P~TOjzn0+;JJu0CP0dt6fue2c^bcRdxp=8~!LO7Z#y=u5&963|=iGxpB92*()dA
zV@&7K##q55BAbQTmtuBU-<Vv`i*^;!c7U&z&)%Wn`s|EAqh@MaE<JEY;6`vodC(h?
zD!buf4p0Bjk(+)|Eqz?c%%^LVO2h#{`aVHA?(}qUJ~*R34)Rui&%X735hEGVgeQ7a
zj6-zZQx6>X+31}E?<-*>2NM1o38rOC`B_Z#rYs8WbH^Xa$-$Uv{T*te^NjSl^P(Mr
zzd3Kh#v~TroVN7#^6OzY3O*$m%G+-7jn96(MTRWCUoFWFRdlRwgjcc73bwJ1$7ANO
z9VrlqP-uk)uvMx+b=jvu^VUHu4GzS#gSn>haM@pIWT6eND{sQGO{L&gWyeFkpwEMF
zjjt!Smo5xrvW`U;MKFfamh(DSnZ>FROlRfAmu2M(!x$ic=|4R3=A4o=@6DJ5d;oL`
zBNsR~&GLhBQJqMF4U{Fl9K1J1o9FHCna*I4a4g`XdKnck482lcZ9IEwB4586Y`9uD
zPHHWQT1|Q!<XXQm|E1%g$m@?NZY*>$QXZ2Q{19ie+@FG&DPeg_#FZ7~o+o7p_TVul
zOZfb40>u_v4$V1LMlh*%FHSS-if3bIUe&O?UWs-dOz@7r3!0Alba}k+Gx0AL&7&Ha
ziPIsX;qDN!+&@RMaTUuO75X||PT#F23C)%WTryq(5&%5aa;EpaldHOl`f%sVpRi9w
zv{V9RroJt*z9!BM{wUoNt<Nyu{=R>GRl-MUL=JpjHC1}ksW*-+2_?sZMfH>yqBR9Q
zBDwr(*j{Xy6WoB{7KKS8pQzZ#j;hf^6$2aTz0I~hvmd;9otk(<kT%;QIVYI-+2RDL
zJzPN?8gg`B=;;}0HyZ*FOZ{3<O_RPz_f=&JjwZuKob@V*JG|?9zmC)$%<kW9o7v*p
z))-j}&JW@f!+s$EhDnKj%r5_2InIWD`11u|D9{jt^&g*DHIb6VI;Ue7e?!2<q+yzJ
z*_Ya4)-l+U%>-9)|6TPW^qs{vn)%;pG&Xr8^8|G#yU1~8%rr^ctKVw$K04i9uzJx$
zS34zwMd^l%r!qIS$M2MP{x+5;sNUZeQ7ad+gzNb17wp9t)7pH*%36&?Q>*7;yvt>+
zpdV6$;G5UrmQ|bx0hWnMnrWQ#y5L*JjG8GH-US*-o~43)_OAy33s^LM-DZr-drFpO
zN%$sKnY!K$k5$o>=Ui6GJ;xN;8Za#=(Kr)%LbwT>!AB5Sw6IkP&%e=F`#YLMDI*bc
zX@&5ZTZ4lqW(Omk50i5ZzsG@vG#WXx5II;T1(gqNZw(wQV_Zk1*+XO_x^fo9^RLcK
zL8zrO8~|RSt(L=N6Qy{<raV<5F?t!jcky|V$X;7w_e*!A{j_YV^2fzDF)4k}zfzVu
zK?+G8|C(LW_3fzScg$BOUVUnONsrPC=zvZze=#m&Q?ezLY-6+EnY&YV_Pr8~=M(tV
zFPPhdABO(8@`+FA8(lfAHj0hdi2!WR%P8Nnj^Yii9$S3<PgSq@d&aaOai*jY^hTo<
zypy9ud<yx$4Sor(dBZEC9ahu$(p?|<D!+Hd@1`AW$a+zq4Ag$KioL&^9||4L?-3y<
zeTp1T06s5<=W_B>4p=J~lZNfa8M0So3{Jep%NsS+XJlNAeRlg;*oi0Yk!^49+`NS+
z?TwTH&Zw(c>gZwM!g0=MWgX%9ocEDoF#$HmCjL#KRj-?07Qg5n&9%}Iwzo_JCXI*Q
z3`mYB{eoi#**`dd+a*rh;&0vP$<4~#*EE?KnWIjl95Si=w#J5>+{X#_#ia;K!dC*n
zu+_CfX%&C{c`=bZ-!_5CwPXL;sF7-oa9>VHY3c8Wog><|;FDKL)A{~KWWBgrqfZJ^
zE3dC|3PQCx`Kd##*VM{pEfUz2S^8geFt9d0r?)%|_|+OG>Q{Q2dySR5qTIsB?>P-0
z9JFS)@$Sl;w<t*N=EB8i>$33v&~(Y+T9e%R#PD1lr)Ty(s%K4F#AZCK8Z3)p5a(v}
zbyD5ij$R)5Mjh7K|AY5reeDXLkimTZX*BXAm|V@H-}R010&wmXz3IUU+eRaa46-Wo
z1?71C+r3Z%LxOF(^sNS86GsV&ydK6MgKB7%#I6NenP2+~TeNiFqD^;ZX8VJC93rgp
zdlvj_5g-)Gol#ZcudA2I()~`t3r->F%@MNRJUHL=c@AOJ1|IhWjJJ5lH;1`>FLd69
zI7+uUC;NNS4O|3z`IbkliSTIV(cQ=oOZ-*;afHu2$v-RbJn~&VyUJoeU(s*3KUnD<
z)S4FWw;qmiQW_x+B2~{V4T?d+qi+A`wgATr>9Wo@Y2RQ=l}elEsZHNZobSwTe{tr@
zHXM1sIxT;`B*}I&>bF?Y@|^P%xYPOjteVpxrr2f-<Fkmub@G6G?4{Roi_>J-kkirt
z_XyFex=gq$EW1r;O12U4`8e<YFjp4e9>zb<J?0cpxx#L$-e$ip*d)&FxTtslX|Lv+
zwC|npTK-kFfSihh-!D@%6w19c<&?R6%1gtn`-e?QX0T!;IhB8d{<kD*uacbComW(m
z*?DwRHaX!m^PNP?SchfNg4-9o)Xx^PKYQg2j8Pnq?t^Krjn1^n{cqa+Z>A)?Lo|5S
zEX@lqdeHduDbUt;#?k%TP0UTH891#JIU!Sp1=cC?iMqdJ+}cI;zRx{c8onL$7cd6G
z^>kn^E2NQ9_rw3#R?j#1T3*hkx5LW#n<cVc+U~&m^S~PeZG<1kJNxLmsFUxu`Jw7N
zZ_1#7L|Q+vUoEr$#>^?oaYBBa4jgKYAJMu`bd<Ly@$ZAmIdeDu8dK%|xJB__K8j97
zUyRVo_V^qUUuqzydWaZFb=@H;S|-FQ5_}DyUG!GEBut@pvZJy5x0c-0=J#(C+=kN#
zc4@qLPw*5-9+_E}zArE?4D2;XIo(>|$zFxCny~7GA-?mIwtZ^&vFlR!S@n4NatNh*
zS#H2U2@UH8&Wdqymf|9ghKT{kzgqm`mJfWz2R4ZfwqmLe590&xl@kcxDIPBn-PeUZ
z?|n|@7<EAzgWEn55%~=%_<s7d0$)Q0il7$0+l{1(97d7Cwnm@Yootd<PkcK#_qvyH
zSLdtddFv|*%Ix*g5}mkFa-6tf&=Au&WQgs^_p~!r-k|F2Ry>?pLJT@CLbZXmR445A
z@ly!5&PIPv*>GB5pKQwzwpRPn!Swbc&BN06zP-xV6>ckE32=rL%Umi^8v`;|>+epd
z1EMpI=5FaGsrf>LCFaH!rrHS2mRN?+*H991EG2W9s-MY0bR*|q+}Wxy?^p83{Fkbi
z#dak-#FiV|CQsV*xad2?+87Gw&DOO2gPKK8Mp9e9q>QX`m{67q#4-%*FL@-V-R%V_
zTZMm3#;CcCM9uy^$Mk7%s9+Ou992+T>{|{S%lr6lN{XK&4g?Y*MOqp|Hm?SS=qVF@
zsq2DPxK|}%cd<D({nN7Yzs4(AWg!cUf0$aXY;jz3$T3!wQ+H!si2XEeMtbE^^ad`x
z3N#m!cN8u%zvFilyHyKAe#?*}J%zd9zyB{aqPL`!U_BzY@rM-Mb3B_=r!IXg22n&<
zSm0qA2=ON%_GfKtQhH>(piTdTL;gi_o}=c^gHV)Vy@%EV!AVErOCS8yH&sTP&PLw3
zj+kTvL4n=JPu#Mr{l6oywa8Dp7G5Wr^i?`ixw6mw-v7oXs*<y8?|Yq$n%5CogRT2O
z%dZq~TBeR`v%&o8#uQooVan^v0prf9*qe`5TkiU62E;3QLVL|zt4gW@H%v=Z&J~|?
zhWHqd=ast5`z@mH6bYw^`(_R|Rl!1g62W)z!nt@C_JT>fH}Xpr>k!T^L^UmIfhx0N
zAvo%55VzOvP(lHQzpNx5ax3CX&)(N7@6n4#1VM$BJob+-H!i>STm&`NRSr=Ex1A_D
zd2xt~v-?*|_P$XZ?raiiJGr$t^Bd|LBwFbpp%B>z|8YDblXY99F<a~FvRv!$qB|3%
zKNr(0`0s*)g-2UrrEMJCt<KjV^xvnRy3WS&W3`#hbkEF>W3pQ|%k@G;tsthIS>U==
zG|eCi8coBYH<A;18ss<Hg^+N&2-VWDTbP}AC&xtPTN9{4v?8mcD}$nS?X+<}kSmT9
zk2~;SJD1~$YbB?<Yim!k+WN7vVVR2Xa5wlZA?ch`45w}KsWI$U?Jb}4ov>hY&oKqt
z_zIy<-juARt<-0)QHT}U^@o>j_03*vQkpGBi;DWBi68jr{5_{m@*{Z7^UHac*7$*?
zUXlU0)Z?uz|D5dpW^~bf+~N^QaZpI1{Q8oN7=2<Sj14J1-Mhb2AYRQ?+Vs8fTfV=A
zrzu4_US_!>L)KX0Q;93F?E9k=Fz{=?;_8KPPSSVlY53P~FTc}ilJR2_sNE>_OfyT=
zF2xOh)8^d=ceRF6O_7<;E0Iy2MOi@>OVXZ=T`b{x`VV|vpsL{|)CH9kd!NQm3(akF
zgO6n&%Y;PM2)xjEo2q+LDdfwQb3IE#HBX*0Qb`NNgjX>!4>-;uZ!VZ>zmJ6pcNV<d
zen-ZmLJB_ZZhUZ9!`lk@74z5-L?r<6REe5YVu&SJ#`AdFnofFe*UN8E*J2tXjbpDr
zeIL6n6|#)CH&hQ;Zht3v4QM^S#hZPs!5>SZ9aO4$9_nH=`FQ$wR@l<QuV>XmGMrT@
z-cPN)<hSM8jMmdnyjIPkF1+CcQ=vwW`%0Tt%d@ImQF#$l&ufH@<Ppz(U)g(c-G5XT
zzp?ze683<{%(>FV=Y38%gDS+Qtj<IPeXOUY2e%LZ+0f7^@|3awvmaM6U~Q8ornEVb
z5IaK1u6zmW?xOBS6V%uG2;Z!4G?aJAk}5w`ss=!FcCJyikJWOQ9GYBQ#vj*2OOe~5
z>Tk{s{pbU#W-ozv<(F(+gs1qy`}i9M!6X>LbitorkZ681!<0YpIrnG&C!$2bxt@V`
zVqV4ufSgNti8wL$)r0rdH`@Tu`3!KaK|F>J)7&ljnTWiL@MKq<Cov+-rcvbZyYTyz
zPsvO8soE9ZO21LOSypa#msw|j{UQ3CNiWMOt%j=FfQ<CXe1DAV+aq!bj3YR!9Cn`d
z07ivJC))a{aXwKI{&hh=dbH+4I0m{nxwmr?&?7{k>t_Iiq5B`(p)SOda$ONHoUveB
z=+hFu6c9omuM3a;ekGV+Cn!y0#AeY5T1kl<bhjGnK=W@3M<&Z}7aC{U&||p`SKj*P
zx8_&eDwJ4BXWOj^9`>jq=c1=%eQ9Ml$DZ~iom40)eH`I!^A*r2+2~eOo^un(C$0<S
zcQYPmj}aUeyk&$J9RAZCjNlvP-}#Gc?#hb+{_YZ!<+r&=zqP6r3<iTAA#toun|t;U
zirwLa|KQ=_L}lD?9^$Lue78uW-;b`94;{7X2wW`+o?Ru!h}(;Z<;W548qedq)#gl#
zc!1favamUDnZc**c(%J4g;qup+?Ey$w+w*4uw*vc;GWS0baGn}-_?_iD^K8X<tg<!
zGOLu^lH0%JO|2YTi|dxE6zZ4M&L^{Pv{2(s7+QAKX<uKf>a5kue!G@gqa6pzH6V$=
z?+6PAKKCln2h1B|Z)6Ly5F)J<IJx$74XzC|bm{mlsr6wPw?5YB8#7WxAwR{&S%AwF
zjdVz_h+fQ{U!u^S1=stFh{*ffMWzdD!B-<Cu==vjn@oa=l|rMYp{^404gS_D{`Vbu
zMxC!X2o@>bcMu&e`qyIdAMznrIor%1{0C`s6^@Gn`eZ_~MwjdBs7d3kp8^SGuDJw-
zHr=jp@8~SbR5RSBx<!_#e+Pzb=>;PAmgJHGT#CWla#{%5)TcAm6B@9=8CMKIF<7HB
zE+Z+Ox%pUveJE-o)G}jtRaM`@&a81+%BETsp_1#`QRSkVw;HCI7r8vR$SyS{Z(yx;
z6QI#HbXXAZMG&%!%yOk&M1o7PZ$y1YaOsWuAy!LwMPXG|D?d;GsZe%qLM<7ICTquO
zIv}rtemg*XZ@jBJyxgH?S4Vm0-r$hj0*&<ENp|^G(%{RXWEl-ISLOdF8aaIGM$6`>
zsAW#lCBK_TW^=btl;QW7WbswtvCIgGwYl{*Yz-Fn+Q4*)nr$v3R<kJVvCkdCv~KFQ
zBP8YNdkfzbt{!lJcX54fQSa3aQK8oqFMAH^X0!In7MZoTO~-4bKGw-jqzdO(VJl7!
zuwSbgsUP#MR0<Cnhxdy=V*ZYSX1u$;|68_%bSQxvRaSWuRWyL^2vz0vCIA9m@Tzt9
zo`cQyMquWG!SDb4_l;`8Z%fKACux8c{=xz<D0lqZX~5nawNRl{?Gl#90r3cAV8<<P
z*aB3gj{t>8R2;5ci1wOQ^l)hpD5(aR?fo-pV7Oz7B?_$5xv;90IjAYQrZGXNIKb{D
zOW?#he@p;U24et(VKSC4Q6S8#j03_D%)yTH-tfIbfo*;^m6NdEHU%nJhXFiIexm|q
zzWoC#ikW95pajf$fNk6#KqScg*#MX$B7zI+JQ=Wi7Xw_Y+xX9C$f|zK05=K(wA=we
zADB}Bn8e4ZGz^RgIK>D7PBB#gg5l>=dawcV-DL+Vcpe7mT3y3H1%)X#l<PSFD3Q$}
z0UfPGiaL7VFpHOtq)k9c$u$pPAHW?t0NkRZ5}<uO7(l|nE`TsTP>UZ>TNz-|PXijF
zjE2SPfd};Zgh3I`ms>)j^k_C6DYYdXJB|o&sJQ~*kr(SwaGQ~Mm<*R;ei*n8$nm!c
z1-}9i#^RB#A`mZ~iJH<a<$o?UTo?R`aL4XKKu+HcKqDJP111Na2Y3t~{BxmEE&|#N
z;Q>0CvRo1d)?1bclR5EBpn+M%r=)C{!352Y0`j{&Hk4l|fce4&FqMCPJBZ?Ng4PJs
zlt~%6VPFoR7pI&O(AB2Tl&bx!dB9k$NCA#R+uT4~h=IP30z5QythjWCP;gLMF2ZY-
zmb$dHBp0k_t)}`kEo!*6)W_0MT@^*1|0N|W0*WHO=cP}EAL@$hf21oVtSDK9;LToV
z{V%go_f^5+f7#6Jy^{aSL<h>Bz5h@4b}rnywdrSxd3~Puf~O)}!G9I-Rg@ID{7-fp
z8SpYXmjEV@qhhiM1o>B$^@ZRS3cMs&KHhAOl_b|Qhp5V^r6gA&-mI(KXLSx;6$78#
z16<J4DlSkAN)L?WIVG^rYJeVqy8v)Y*D4fT1`Grl09`cz(|Lr3bshvvXH;;r%I6{u
z-85mjqk)5bI5YnIq=PoJ3wzPDF-tRVhl&ryfAJF!A~lPQSbGWn_w|LYv=Xc#7BJ2}
z;!hnv6)fu6J2Etjrokx+g}{P&w+SP9G-g?`G|lf!<T(Ft>2(Gp{Q<Bow=4>nRYJ<u
z!RxzgRZ*dFq(d)V)p3sR-r31BSCN|IB5V@S=VD+l7AsCmKt%u?t-~x7tiCaB8Ps)_
zR746NB$AK!V(}I$mSLK(LIGn6s35kqld$4p)h~(=1w`US3M|YQ{%NPGEx9jJAHOZx
ztT1<U{Dd>F$8H|LBtZTzGs7y0sRKA33drOg!3_CdX3V?I58ts<C*{^_I7Wg|MUh7=
zsU15h#t0Ijk(w}%tH!HtZ>oTCO#io%-(tBPYS#U|pR0yh0EU~l0<H-33XI3BSrHA)
z+~`}h%J*DQ;Gw{=_4L!7Zoh;1?W3MxQb3MuuHg2l|L&B{KM+Hh0J^Y?Ew$<Hy}a#Z
zvVCvjqU^~|KWC&#J*{Y7`1UTv;!B7B;?1ZG?ij1YIxXGB^!rI4&K9H!mz8%3#CIAM
zVRN8Pj^J$r-bSvAy_#*x`f2fTPIwq{7a9u6i<P>!Snp6E$`UaAW<ZFO;e|lYh{CVQ
zq0oI?;R}%b20hld$vt06J-bVztiAI^^!E<1sqKw=*EVe-m?8~tVRPR74aSeA?p;hp
zIPt@$;J(o8lx%Xwv1+GT^=#_pCYxc*36;2_4n~Sx7^1zc-GyLdrM5@wrQfTjoHJlo
z<hYi6G4g-g^&YY!kQO&N71_(2&xYb`|AU(LZ8Cmw(-wqebyVHOiXp(@b*9QDX0V8t
z?rEzYE%rwv253KEU^O0GX!8ua?AiheD-5EZt(P3t(k4nNcAlunrf|Tx^JDtx0uIra
z4F7?MX-M~4clj+JvV-7q5(+JzF=|V52KOt{?ofcf9iI(0_~K3_{|MZ>e{JZVYKoM8
zt(FBhAw~9#mCDW@H_IQnGqs2L6QsU{N*jc}-BJwBFFz=+OK&W{KMbEE_o&I-%gt<L
z!z@MQyvry?;XAo!cOB18ej#I+%hnX<W9xQLqj?I|;o(s%!DLoSb~cuJk$J$1UV7pZ
zv&(>uIY^pE5qX(*{u1mT_{(cgQOqtkh14nH{DW&v+EmO$7j_eh$fC8>KA)YDK}lmH
zH#S3Z)lCS(r@RN$7AV!dE~`y7b6t8d(Mo}NzEHkbDHf~v@1^iJBEH}F%FWP30iQA0
z@f1dxFYEVL4~1WG7G5!{xY`A0dFOS(43o#-cGr5iW1k%kb+(3RDKC&I?9D6QCRKt0
z9Eb*OV|f1Y&cwVv`=uyxz#I48G{<AI`H9~phiVf*9WR1TN5AS7xuQLHb~OqR+4Z}H
zna6-Nzd9@cTTH8q*aLYTOX6jIlu?9sM!P3BuO|dn<%-Nr<9~liGwsq1tLN;5_!^>X
zr+NLKN>RySV-DFqJqkSV@wX_u9$&<?-rh;~k-diP%v^*y^{gXKBV8cQv7Xa94j*2H
zP4Q~;M?q?0!nfYsT^|I7_KFOCg1+J1=N5A%L5cZ|9%NvSoyYkux_ZPpXP;fny5+$@
zWs>5E)=X;Hdw#NZ)vdlf1xO0%vQj5H!|q*M(!&5i4Hk5IG?hQ=o;DoJ(;riEQ}f}_
zq@#x7hV9A&*C05xI6NBG*6;YuBlKAA4gk4p9|a<LmGQQIFXa@)r8|ZwV8uob-&Afn
zcaWvLi@*Xtr<<?UFL-U(879GlCHiOl4D$j}LrS+LPv1>y(YBm_95pYm^8-<tww%R}
zn=|u5wD8ZpIgqL>epF97VcI*U&j}_)5j*)<>sl*wBN3A#ZUp}ky=x>3TxhBg-QRN~
z4%X@a+ANCEvll6hd>7W4_!u~zN~|xvi!dM8Lg8+T&iROsP}`mELQ+nwk9dSo+`Xuy
z%C3ju1mB$3!$X@$*c+jbctJTY+Ac%X8*%-<^SdVr0lX(<6+ITFoLu?RI4<BAZgU^m
zvCgnanM-f@+TV~0L4nh2{Ox&Q7(dH<_nZf>xOc2!+i2&3vNTl<hi7||d68SLaqgL9
zpKKMEiq%@(gUkXR(pYM!w8D^{M$CYj`WSc@PQBqvi7g+du4^sJkYgFaFvxflCNn})
z+n3BEjD<YN@$|MqG!DAUZv^V3X)go(D8CgBU^^8w=m1G4kdwIKmlhg7<A?^f==84F
zf-%{pDs@Vj9;Mr`CY_I|)W#S#6cd0TN1Qv4UJ+Qi-tHUrWU`6yB)(~U%`whB8=`Ei
zTRoBszVSzcpg(e26pgCb#vdCneWH<SV!qvI7UI6g`uBf^EZn3x$j}aM(waF`(^`}>
z0Vyv8rhO49Z&n|(!WB>AW5fGAu|0en*f3>vwKOW-1BNio@OV0<{ig%x_=VL-14`lk
z!s#LH19cC0ip4geCvO+F#wm?RpsdNqhIb!7WNEg_6({NP3&{kI0SAHU<?wFP(1dAP
z%fcOqQ)4x9-Sz%$_SA*+P5V-2@48&nPiY7OWtBgsc^(=QONRBPd<4%mqx|Hmgt3gG
z0?%23;08CVYB$T#vCyFz#2eN3R5aRimffmSyycU>a!1Y$^F#i&nFe+aOYaj2i8WEe
zVt7`4L~^Q1#cB=2PHB#s;PMWX>oF}h!lJ~Ec^bm}_9_-8^Ol0l@oQv-6RC+!dYoqr
zW{^{pR7_jSK(kL+OdFT?auT7E&7Ck(qh|Q&Y?f=wspjip-fu`csR!TFzQNNC?RBYM
zQK$$@J-4&2NPgLhN7`N8N_TnAiHFUzZI{ZCMO##PPT}m%Ik|2TqE!W1c>|41#mzSE
zg~h5aPQje_F8lvWJ)BGZm)g{`5!1JEGs)9k9hfwv=xACnBB#xBn2LzCYLXn_GzwJc
zN8Ym=Y)c6|-Iz1CQ7$x)s4SjhhM8BhB5*o_)JIg`s4q&+cr%<(S_&n(W7TELwIS*J
z6D$8GHV24Z975`;^z(1CJi7zr><HeWtPxr`14jud;qp`=WbK_5h=T&?A`Iy+uELBl
zp7!L;a)X~Kd*xAl&(+x?DmIg`64sC~o=Vrd-oMcfv9=i2Z>Te?TwGw670@ec;CSG_
zTE^EevJ-v4J`o=ST!RG$%YHD;CADYdI3?JoaSsk@YYZD#lzPx(g>{6w{)y1j7_Qgg
zlKw;EPRr(Ty1hHbuH|Bp#_i!w>D-e{4XkS#YD(6ch-9u06ohOnD^j5>Ere{t^;kH2
z1gB)W?T~Zv7>$yNfYvILd}9bnrxhFd{PfzS%U80jPV%%;aK?>Fso)on+Ovu_JVb!w
zAv{MN;A0H-!Sp~p?_OMqLtK_|=eDnpX7^&i;N7AWhvil?Cp))gH-j0U1yZc1S+-#(
zOIWui-=DgSQ*B@EN9B`us0=qF?gtePa)nKv$;>ZYk0~i1*66Ua-`)A*q!XPh;?%sW
zPFP(M_Lp8KH0=^NH&ATlgu-4s4IP7iDOp3N+m03fs^7jlVk`taMVt1gBXywiVP6nW
zD?{Yb&wpN+I=~0d!m!VP*EqaDBE_iW?`&`epfLVAF<m6<OQTdQV{Bto5j0TpL&*e^
zFV2)$y6;NTToeu0_gwX(N!IuF;`jOzxlRQW2<|BSVAv7w;0!psK?B`;8ST)ko7@4C
z^{Fe_)su?ni5EZEr*h<dP_qg^LRX?`D*#t<WFUgH^uNH|B08c>Zhs@6q@{NOa}mUG
zOBtu)8}UKq=^cXIoF|*`%f-V1lM}a*aUPQawlE)E1)~=O;vGkxGA^UvFEu{sY#;(a
zh}Uxg(@siK>mdvmDU1nAY3G6da>}2!8Io1ZFDw6z6AkeSGW4DQy0D_g_t^ZtA;tY?
zY4p!mK?d(6(iOGgdY?o8R$lY70Q#NA7*$UOfqs<!jj~=%L3H5vJGvvhyhL}BS1<|I
zH)jIO@$mBt`uSuT+KI|XXmGJJScH1mU8LccjVA-*pJ&}XS8X;9!6ah)lfzqBT*PKg
za=sA|`b<hKI0j4dnoS<-MjhRez*!&E9Fu$V^(!}E|4`VD^3vQ!Q#J!(G<TD%e~II*
z1#^V43r?#B3njq{ishsYkg=^;b@fqptZk~gtiqgYs4bVxF%);@@<7)noP?dh#fS1b
z+D|N4EKvCo)L7VK>BQ?{Si$j$T^*Fp;!CH)=YQyO^6xW<;LmN<ck*aIc#D7eb09g1
z>{<=TX9us&A&*Tx8E4I2tK&OTEg-`_*>r^QBi_Bw1&KIVg2_`&as=&V=2jPXJ&5t&
zQVHbTfBIu3W2F{VJk_Q>%%45fVw-($uFX|Z9=UXsEc5QK7`u)RvW75k<b5B0kZGSM
zib~`+2i9=5pVsWsk{PMS?E>eL5^M;alXSnq%BfRtcn&j7Zb7G#iDv7t`}e)kGo{Zk
zb{(w}?eor+o(wkzNA<<Umtd`U*q>V2c4gc2pPZ;8ONOgutElF|A~OuGSgf)m8tZ)$
z#0IvI>})xv1~FGphOUl6k7Q@zVb@9AdC4nqF{T0T9b<k(cAx8{;5w580sM=?QQrM{
z`D_RF3A}vYwR*Tssuz@W09m;tl?A&H^Ny<G4<3jd*mL3vufuHz0bY-m>BZr?)R7Ba
z`w+_YVpBQ9)hC2Hb?+ZSI(wju0nWFAliQgCH0Mw7zmTPc_4W*aM<*VrA9L{?w+_J;
zjSU9}0ccC;(90(xzF2kYB74;qW*AnEBOxs~96UXc$q_Zm*LSakqcCYUUQ`^;oG_-j
z0SQ(jS4mK^(xtCq>!>$L?@n~aNmB)%v8xRkB%AaBoRANL*PuvGm=_%nDk5Yo&%`tf
zDV>Dy;&9@MYPiBocXgOoe0UqB3w10txdhh2V+r%{ta7X0Y7p_P<ehL|ol4I-yk&q3
zF*?>*oVBULwgHzu@}ll1lkNE({C8$GlW~2?6wrb~c{RXm^GZpK>pvu-MFzG#FF1ya
z*Uui1&RZ4>V}<_aSvonG`e2=#Q1*XA)%|1v+Io7;9-8B;KsN_%NgB>Y^Y0TMD<pHl
z7)nNh%Tg-<?~}L*L(^bU?lD%@_!^{UCY6&WGyG5Z=U9{o<X??hiD?lWxE~izCVZ!q
zJ}R4S%{YBPsAD#+M#M8crB%?qvA+UsYF_B*$gXU~rFEDFjpn~Pr1YLXxV`)UcV!@X
zuJ;3BLPx?;wjeO;gcA0!%G}Px=V%F6X!hjCr<B7&8td_bX2giu3^VMx297w3@XYn7
zjT5(j9oQjRwI6!!<f^C#<uy>(Pb8Yx$o%fUobdGueD7_eI%}Ks@vkX3b5M}j)a#W2
zao0(rROje;!9E3UKlSQTo~s|a;1>(TaQ$c+n7K-B__Pk0S<*ZgSKa|BQ-4H&nvAlc
zev(w6UN2Y}c>AY^@fH+K#V0M5)7ShhdrO<FL*wBltYA<i=iMsW0R(qlrgl-7{o!3d
z+BFgq_OR^g&ZIz<QDIwSoaYaPJBMmyk(<tjb6{VuZ<(U)IN5afszGSW>Eg48$SoI&
zJ1JcK>$$u?)NnXNqNkphBfFyC(GMasX40QYjwk-DRhoV%p3EB`OP7~~B2(=J?!yM`
zs^<G4Ow9i&FOkY-coR(%K4n=1I0#v!O70OVF=%!h{><IIQgBA|Y%v^=1!?NbdG9j+
zszr1BT1q$rQox!f{$uG*53P&h@^3Wz`RK!2KKhvZLEK(C!3U)~%zX!IX?aXZPX5zb
z`mfa}KKN?9mF01dUppX-i4;|^2qz;nhj4B@RV=e9<;Rox*3#jn{3beCYR@b^^v^p)
zs+oS61UJxC_;z6-^`mV=@nuJObKFZ_HJ-zY8suJcM#kvA$v7Y2dC8<WRMx{}`!Ha5
zQt6a|D(B_-A>NHc35bbGTFX|>FwwNk6zdT;4~mDz|8m>Yx7*X1u5dvf?_Y9AQ!`4C
z=m^DWtxV|Lu<K$j!8Wo=>ja8p1ZgRB7`(BJBX2NflQmGzMg8b8Wah2GEIg<jDSE+x
zPvEkeo(es5tKb8}wLXbsgOdaZy*cgF4+;AR8iphC4n^r6ED$&~iZIZ^f&51KCt`CK
z_mwJm`rs>J?|r6;CpaKR05~0>y+cO5mFaxXd;{q`RWFQl-ytpKMOvgnd?tJ73jU|@
zGR%awxJy_){$q+lX#oe{SeU!p&!{z`C%t^BvN?>3PF($a;>W@f=A}RD_V=IqNVq4N
zZ`{k@RT~|1yqS9*B0(HLObJmm_IO*#Xx^2$fE#J)3d@Z7J!oTd0`>Eul_<mkUQ2kU
zD-y-O8xPL>q@bw60bSTL!bbXFE!|r)O6|p=tLB>HVTnKh;cLh!hw`_NBJDHwT>5;w
zs=nVFAT*vx`uxdezmg~fahRh_)1-8rI%JFf#QHaTl77U}vS*{-jOa0I^f8gY2q{<4
z?+$iUHBWn9cee!&?iwOdu8Aqk80!5^6)5K!|KjxPCMh&SYj+@`LV2=N&)n!S1=s65
zg7jB+?QmSv<z7vn0I7o=3X2R!<Hd|}Vd>PX2Bg$9$@yksl&Jst43)79$zZb({VomX
zj_8bj&$;-CcX+C(4HIG@q@=x*w0x<JSvcml->?$qzPO@ljAL!ov9T|cXG-SPK`QOG
zMhJ~ScBm<gO!kEOg>o<MA^3DXck&l?H%LI*=ceAv3%YKegrc;pM7i((@Vk-9mNs@@
zmq&CffbW^&qQ8#7C8!u4x!iN!FE^tUZ-x82n#}m%W#p)g?E9-uW*k9S#^(tI5jl(W
zF44uS|3zOQ9R*x(1S=w|nE_s#SdGJ7FWkLy1v?eX3u-v>>1{%OwJG&a6WtrDb=%cI
zu+D{y9bkydfM=%wp>!L^QWcVCOSRT0BR8J@Se9q$dgGr&XMsO+NW7Xz5w^mQ>Y46(
z_xa4(4Ci(BQOt;ULcl%mYqQKS17FHYSYK5cvme8kDsa1=CZPF_JV+|dde;}sl22RE
zU1G5;Z|ZBFK<fb+Snf51Lr%fmF0}e=*7>>^ST~}y335bTS@WMs$48&C8fEsYVEbA$
z8PtohkcCkDP81=Zv$&P_Q<qhFGZ1f@*7#4-Qa3h<N<L>1VS7V+v!LalvmR)!$KrWS
z8iDW-e7So;%}Px|I;PjZUX!+YUJ9GV+en@lJ3Fp{IDrQaiDy$sbZdoYDxLBe1->c%
zGWX0KahC=UR6A|g3PT<TIe>sX{aRtw>6a>7AdGA2NEfb0HF(4kl!gVj{a6X(ykcJo
z!`=~625z^(&;l)7lWKwZtbo-0^jR~?0CQU#$^cH+5ySiO!yShA{b#!~2Z{U%e)@ST
zQ#uYi#YD};v3~YKve8nhnNflkADW02$NJ`*sEdn__?Il5mIrw=vX<A$ca^;lb-FJf
z6Wd-E*c5j@F^qB(-%)UFkl+T8_v`HK2__{NE|EQ@hB;z>^0q_N-pwy|9$46G9PrU>
z6aenk>Y*QTG8#Q~K3^o*pv}6Oai{t=zz)5DDhx?zL+tj#st%LE-J0yvBDKXqNbboH
za=(D_?rH#qfPsakUY+2rb28$mF}d+RlS{cB`EjlW1HL5hUjCwYY;bcIb*#Ts@E{A0
z;k$}1)d+k|nS=sxi~l^w3<7MnU1+akcH5P8tu;HZbMPAV<@g=}|Nr>y_lPio9ry7h
zBz^AG+Y^W$o$R~M*(O;T(fe=>Pvt~w_VmKoN-cI4=$#aMHy6&;e*b7{%sf))hk-AX
znf*9B>w4c^T;JP7NHHUl{$r`}8GXoHSU)ofb~6>)Y{=@zpuMcph^RVI9WFb7kT{P;
z2iTqbqs$rd3KiuW4WNGsuNqx7l_q#F$|B?N<BOH6vg2qpVX^T!lZf+qNj#^&3!QHi
z08Wg}lD{uWL)l{pC~?{IAK2PWgECfSG+pw?1UHrIcn=!&`3bI|`;3NS?fK|f$Ok1~
z4A^tkZW;ZtWZ5BE`Y-z9-FJB9ika@puNiyJf8gBa@!0$<hMFDkqC(Ld<8san`bg4^
z5qk#L1IN<D$NIN+#2%f!TPrjC@urcv0n4^A?YcmCoyc|wdqL)!z1A4jpr|GdTvccF
zkdr-ctxRuOdl30$u%!{+D}$4uFNE)JRAyILK+=D`9gFr!s#_3suelAW%Ub6<J`i-b
zRv;arF>#K!WN9=|IfiopJduFuuu=Ghf*H`}QW49GmG$Xj0&TC(?QM-Q(!<0`@3&85
z@|yyp|FsHlzE7bBh}&O`xp%J|NZt8CM-S<$9aa{?QE?}T6&3Iv!v^$s=>8&VtzWnH
zRvn!$V~e=!zsdWtr7wV3H$iHA;uN3PHfK;bI*0i5!EkBoSL3$}--FmLZp5kR#lj^c
zazg&C$0rKf+ED$QOwQ48rC4>vnA*Qa8hV5z=%u#dx46#9tm`)WHjQH}UZw9zc%20d
z0)GfErTq~8_1nLV+o1IVamho<EBW)xu2C5xhtYYW5~z)=BT2Z7$qz35CUBrFq2GQp
zrUNJ7c#&JkeffWZO12ogoRZggi5r}@V%OdMMlRZf%V{JH6DYe7iT`GqkTH)(j9i5b
z|GS7e%nBM^ifJBQ`E0&1`JCt0uSH%mZZO&3G!V%F;UUZP8I|Qqo-LYjH9~dbUWf#r
zJ-jav1-|^(rc<Cz@((e_{o=7lHHcmGS~{P5KauL@T18d6`IX>lQ~Zl$QGYSVw_0Gm
z_<n#GuJ0);j>neMu7l#vNqmHOoAGPpUv<*^rfz=6V@Nq>;uRzQDXmSv0UgBbnAf%u
zLtrnRNugS~$Q;Y%meS;$qz7Hg9K$ruzgC;4bC7YEg7w4{2N#?4T#>`=5Am$Li;`>m
z?;J(01`DTmb+;bKK<F&x9xsOB4^WGf9}ZNXd-Pofg}?7Y7}5O=ATefUHO!Ts>K(9N
zB<*@t7NTdj>sY4>oC5f*(GuTyW26hpc5-(g2=z!J_O&GY!S64~g3~cEZ`}p3`!_lW
z<2G<4>R`m(B(Gz4sAPxZ!-u3=*addaJYI=w|6O+CjbbrXXo_sfk0{*3&hn}Z48(T5
zuDxsFuV@SZu11QbmXGsZEquTK^I<H$dU4<cF8{bmB#Q#vZ<^uf4DbXEJsJHiq$iKD
zSZ+HD<*=uY$Uc))!QR)~BWLk@9+Tfx$vJD(Y*=a>%6qIxT+Iq_qCMlj6Z;QKtiy1+
z(O<UVI;Fr~8-ycjD<AhCMY#)JS}>nm%uU+)+rg}!FXDdA@T-b+EuC>+9WYj^4ThBL
zs<wa5rt+dK%<DA0IS#=2^-2@?Dn=WMMS<As?rRkTgI+86HIP*J>&;$G9D?pah{k_$
z7+>t+$em}T1cKy61o5^#A&Pu@9<3XXZg)i~<Z=XK=UNSF?WY<?`G&&ErIGih+99}U
zNO(6}lcwmRoyx9p&!DpY-y>Y#);d2#D8zn$II7Cui7oE`^QVJT8raj{w|NcsY?p-x
zYUcm^@q6kAvM3WRHZ8H=Ahn=RwH&<(U`;;XZgO&##s_Z8)q~s8NqGNoNXY^2kE9lC
zNha_xjSKs%@;8l=hx5Z)P3yo5IH)F&cK$LNh)9XWa2Pbnd8iS4Ms?-=M*6=3G4B5r
z$cdzJs*H6g_Ywkc_5b#r5ek)^0NfYFB<<w8_M&|W(&u4$-E2piYV`t2iKhRHAG5}l
z!y!d>d0-4-7x=H`cYM$B43{HOT}PmkkqoL3l~K?PBL*g;HL?%z;~{pHF&4gH@hDC(
z)$q;S|ESqA#8HDb@Fo?nBd6tekot<3=zUfq5Exa?SsNkOMXWo(SX}kOy*bv;P0~8#
zBUADpbo7G5F^=IJ5{MgxSLwSy;yq(gWqf)6$JJXv#nnR%yEAC<;>C*>FYeIdPJ!ZD
z+}*uU+@aV|+}+(NTHM_!E`vM#r|<Xu_uh5aVllIFc9NZ)<jhI(?0rgqIoisNk^p{N
z1BvU=nnxlfrvgn+o8wyl!u>e>ReYUmi4|~Z!<AyrR#2%~E9Jlk2Pc%=ToSl`QF+aI
z7Q_PnU1PrH9JOOvlDU>n)i3{e|MMn_s_|=|x^w0aLXw{Xba#!)oU>m~bja1s>zuIp
z>kD+uXV_Z=6iq^sQ_3K?KiQ4~_RDW0ceK9B_y%YyWY-0Sw)aRJcLh4${T$S+jVJDC
zF$sTHfR3K<$n5mM*IHPC`ls1KW@W0Nc|FiEv_E9a==uC{4CRj|meacN?8C<VwTj_d
zv3&eG9Sgmxt!UrFK1dVA2t)ilc05X?h@QLv+nXsfO;*H!hIvTXh%6d&7Y;FAIU*48
zaaBBS^-FPLcTDM)6u@LwL{XNTjrG)(S*}y|Nl4mxb^jvr{T!|{7NNsE`;wK)@!V-%
z-FvY9J#U5uX5RR9*hnfNkgPJ4lIh#a_^&j6&w=egQG<aac36L-814{Z7@m7~F>H_V
z(#-EOXn=>H6W}2zAPVRG&qFkd9L81{@bg^qiUoW$kua%Ax=>)QPs|02UJuMlOMHn_
zLBjHYf0TP$ST#vkMuEbzwhLB0JQmkmPC}VeIDx4Z3o0*BkC{garvr&2U3Yr;cj}pc
z4lPT$a;0n}d{P^^{Cr?;FbhCkNDs<{ZXIhnJvN^E$*~RkB6%E2haZj(M1rGz8tn(w
zjykf*P6&IK6ghV(C0{z-QKEL3IJBODRdIH7`XZ@ezLixO`f2gZ^jsCgq`PR%P)(BR
za=p+$f39lQ^#eh>;9-NqynrTK63^E!I_x1@cSnUU$whokxTni~2QNc^l;$RIzvd~V
zQL8FPVfEk1$Z|bql5O=wRVMJow#0fNvF(KKKe$@Cjm5Klwb7MAL(^Fmy>3I~(bboM
zWhRi>!^v9%JY4C10|ZNQumy!d<t6}EKsO<8csKz=o<QGS7q29kg3f>)LpNka$fP2l
zwD2dqSRnvOv#8uO9p&&3Igm~Lt#MLoQ|w0a-lnaE;7P(IMDrx|%XBoc?P?n*du_4k
zXK$sD-RvFy-{1@z!b(cW&{vmCg5Sf9DnWnXxk-wSTqU@<lHCq_GfenAk`9hFk=>IL
zf(Zzr#?RhCL;qoEO|I^B#uryd)}(~(TEt&lQqcy>bomucg1B7FJB?jjXd$-Iq)*ej
zh_BKoL{BHA2Z^&BJI=LGU!}$Q!TNa(Y`l|_hguA)xg1?3z}HYKytPit#4fQthNhzD
zEZ(Z?4+oV&%(vZ3NANMgrSV?o`R{IC+G1o5{Ep#H?ytR(YORxW5vhNvlp`XRp#LEw
z^tnP1cLO8DVTd(jWxZITJVHgy#&Y(Z_Zc`*i{%ODr`MVN4YmqKLWgH)OsJ<G+uIiD
z++YAnyWCm2R9nCKdS0J$x|S>(nI`ocyl%5Yu;DnZo;1)FyeB`lw>U8lYs)da@b2<O
zE*aRN=FUa8$Mnc`M=2ewSCtD6MfRGy{X4|cseUzV_uL?1f1vWLQfsOFqUZ%TUO)cv
zCSk=y%;`h6obhv`VV<ZPJGV<?o~UwE=117DKvayg9bKoe7{>+`vs#7EK`;#E<$%XM
z4;QT<$Q^@n;O1R_p|RIo!VH2%mRqqac2~tMM4<w_Zh})yjjnq5fcq8cIxFdy>?+r*
zOd7+sGIb>(<#o?HT$%Yt5nAfQd~@nQgXv{VMpW%H`L3$3>h+~%3MDeC#qpLcP_{?5
zzgcfSzv6gw#?EJ84n~yO(%7k0D)o^3n4+@U|0WBUFy>f!AUrvTb0J)MxtD1oK3CcJ
zzf{_p30iuL7EGVbYaWW+^H7PjNK|QcX*>|}`j{xWqIxJBhTGlU+*p^sUI;oj@vgO&
zhALfnmXlx_4cI0QN&R0kjn|cD$ZEa`A)mlStw>J1i0vm|8B?y2<;WNNQmN}?JxoPK
zKf&NW9!~l`OY{2IlyCo$X{s1pqsT;_4GfAhSmNnLDci%sjhzOA|B-2Pvh;CTijJ$|
z3ny@_(+n*RSS3~-Q>Nqx(%$6z7$!dChkkw}SB>V<R;@w}Vr~Ro>PeP@c=nI$L3mRE
zGvH1Ddnru<h|qB+ZdNkbranPn0+QaQ*wcf(`2oI(T@-F*TMyuRUcG=YT^hh$ZWM5D
z4*@tHm*6)=YCn=N0>8!pNSC`YK&nl?1&{x8N%zd8fyr<p18B09=Ynon_Zb<0St(8g
zq)uRg;<GU<DGW|O18IOy{mL#mQ2KZX0HvJ)l+a!U;Lt6r4iGtB0*0Q7phrRAywC<<
zsT4W^0<Ph)od%}kAJ?;%3zW8;3zQb~nib|B_yTz3Q>z2$mO?2&|AhRnH~5~Q>EXMs
zWm1$`R;lMZ2bBR3x~IU`f%l0|xy42xw+Ex5=+B4bKp15!pkW?<Y%Zu9Hh#!}@Tv^}
zmdye5mRlujFQ^0X$iHqOhjG=H1z<2BEagv70YEkZluXw@!s!K|(8vIE$U_kz{2DU=
zmaWYt_+3|KB|zgT0IIJ8n41kC>jrRXB^f~bd@^#x@(6)Y1BU;q1wsw505>~;RC)mj
zK+C;C0Ki))1X}Tn97X|%K*qQJ7Q6>Ac7gzz)G7o(Zt3@tG%#ZT+|~kcWUv2ps{np+
zo*4n6t+#eJ%^OS%plUApKzaY7L{|pC(P+&8evRw^+i?M^qys?F5ummZz&@qF%7sah
zJe$eGSpzjei~wW{P;w2x^=w|SASi)fGdlqa@gL|Gya)79?w&|Ig_O;88$b)b2mt-N
zh$4}IyrIMr{59zPbp$@3`A=YI2<mfTdx2uSdGl`Jif>;5R&d=f2#9-dj|&7-*q!~t
zk5Eja5Ace<K!?KuU3FUt^f!?{dx;3B^PCSTc6uHdY({`_%mCx;p#cM=j|c$FXaGIV
zfEa5|vPB_?#cNEEH+PpnbpW0PO$0ta+X40;<OVDUu#3=%#x1VZ=d<y57K-MSOt5zl
zuBoX?Bnd4EB8&F=xTI62cNPRTdF@$Ibyp|>aY>UBOQ%aWGH1;HB^P@|+3o7t=9$#R
zxn_}*e)unO)iAX2&3^?b5^YWYmj_baJ{5nGIN31ICJL9=pf0hjmux}Fgm$<32&iFd
z<CUKVzs!(pQ^`*@A@<4A%cSnarKF*Ksu1}<Sq#f%hUYAU|B_dKL*7W)R7N(m+v=G#
zs8nqIC&2{h)cEGVua8#C4DFr&314IU-`YB7CA0`*m-Gm1yrL%mpRd<?HVDc8e@UN_
znR8a#e|2&00#jk2`JdkEXTlJ^|54`k<Ns<{FSe{_(KQbYkp{mW>moFRTTWn}xz(K{
zA`k<k%>|eVYrq_=?|qy6##CP-&4(#?fg;6+z~<(pV=h#%`*_&A_Ux;ufa=FbwxwgQ
zwYQo0BOQ?jH~G}HEV-i{dcfn7JJ7dU05WL}usyR`qaDtH1~(>ki|T--oTCgzP3kzg
z7vF*(1xey@KGRn+<vZ(DwX-eVv~;~?d29X8Mj621jRA(L5NEF<JS9_ZRGq$M0{ydW
zx74sXrA-o`VKp%3A(f+v92)_9z~e<>9bGKK@dYqwXI0W*EV>%?fS3@Gbg@Zt-y^x;
zm6vd&V1)>P#$Cw*4<FaKz>uRYk12G+!nuu9TX6zZb_7)B1@3)IR^;Tkd24fozJ#&#
zrv&9q0BUf2rJ1x#A_w{W?~dkO5QJruzNBK&m1+lIq!D#DzYtb{cpHiC0PgGN7XeI!
ztMdKary=8ge^HNT=RUhpEH3C_K2--I77HV%*v8oKn`*z<6d4wgM8Ov~8gA(RIwrsw
zZ@pTibLVb4_5}WUoN!cm51sxQDz+*Z{6=7dROFWxUC)a+RaSeFBdoqF@RASHgBsun
zpGG&+J&kkqA#E0>&4G#BaJS0}FSm^98UKX0eXDga4OXw*CU(p6$Rx?!J$ZS*Q7O_Z
zq1Ey+*F90R)~m#vyQMIE=}O}>mulIY#=OFChZ7z}1~~CgatnZeyM&+z{^Wx2ypstg
zwBLn>wu-=0#NS}khDr+~Tm9};wYQD3_#83q`^;3N*d^Oc)@M&j?{}PUei!90o^Wz*
za0-577VHig?nMH^qOXz2m8;iZ&w}`^C_U)hVZV6F%txa@smc#IKza{UVae?LK$tyu
zMMNms?vya&Kuabr5)Z=jxG17K<mQ<ZwDxEgk1y0?_9_x>4u5$kC0Nf5iuQ}%2|}(a
z?%OGEXrsUQ=27fLEtB7Hnk3gSFRD~<WP{bBH&%Z1_eVwJQ1#JY_xWKYUAyp8&%z3-
z^(_qO!IGRJm|06&525U;0s}b2U!T}@LWVAcNUuc%^kR(;cV{KFG)g`)VYOmmI;FgK
zJ)VV3aWam4%4X1o6?zeO#J+QO^Im-W-K$+L6nfBOqD=uqc8yFfvK=U*P9b8(f5qu|
zQeUOr;Ed+JYL(YD&)8@k_NFc7rhXTM*r9N-RFdvj#o9$whnKu;Q0(Qaw>+!$2c^%p
zFKu^8BILU!E@?{krPv9H?`qWcxXqG$D_RLhrt7r-Ucx!7cNl?ivW6|QVm>(kRKbf2
z`mLW-kkK^yIVu}0Bj|L<u#3~r(1rn%X)X7o$@U(S4JMW3`|B`Q<6k(X{0f_4RQ9H;
zP^!`MPYtY0KJQhXWpUx;>ub-LWiiVQ2Y=AYgJE|$3!b|^Bj{9W<_!?LoG@-_bSeJd
z;o^6U)L&g87BLowABT+&frN@qT0yQZFUwnFOU2=sgJKwiHX1EZWE$|uW_=r5h<uX-
z%4}d3=n+s|nAO@#E<gvuMQ`TOO+IMK?gM9TA}Vx~cp4~4z}KGDFFA`9h`{w~8I7Dp
zhTshPh1@0KLF00K&yuRBzud8=?-g;6yIJIA0BIpgIoSRVmIV}3YDl}`ZgG#)a5T##
z)`&5_P|9M)J*920?JGZ)!Gy`kLvQKI@n6pP_BM&-;dOEd4pc}YVQD}s6ne>5B5zf<
zbVW2Zej>;$q%@Uw418cBl}ujMKBOp$iA;Ts_DX*nQ#%(V+smtis7ZPFo?qLlNk~aq
zPEA9$R_L5AgjZ}iOK;)V!X#Gl*QD;(vw<IPprCev*glaiB`Z`kq1W!6C4=FE%rB3Y
z$*%%EM}%#E?JRjy>hpgxiq*8Xo5}{1ov<eaO1aOu9>tgI&Bkrp2OjYNlpi`k`Pm1O
zhIqx^hPuh@(T!_OpR=FYl&|06(;|eSTt_CgOn4>;vDiY69;p1<*K-i!hQ;=<bqn|a
zfN}9&jB1PKLuP2Nt+8^o*DpoqR3GmgHL)N9quWNqEf_a0+fVuQ^gFN4>%>p5i(VM+
zbP=U~-loeoSs${BJ|xq>KM6q7o+x5Xsv2HxU5U^RB^NV7lDQWbuj-A4k?Doek^A%(
zJ}NvMjloc|I<}48JTylsFjy?=<aM##$<%b5cl>w-KI-hz?Rn!_=+b+9B-OQG+$d3=
zFKN8F|3dlp(D93u4a)cA)%-!QoUpOEMct-mIB^$cxf0@r(Nz&8B6LKuOyP#oohlyo
zE@1Z2>$~%{BZyY;n|Z=SgE5^WsI%sHO}(f?Dh_s^jmbuii&egLW`G}O*zgCO8!FZQ
z>fDpa`Wj72Qs8>r8<#%2@YR4=hwLdHDnhO)*pdOr-#NH|9-`}tbe^t<*6Yo8{@7Pb
zLwQ<Vt=b7E{*Q-4H#}X-bt(^BrZ4HG2|^5H%6a;qiTv|I&psjOTbK(}%%s^&fokR8
z*Ug*3r<GQhAN)fEj0u>Et{b(IK+yGiYwRvX8_fl?1WgNL@LArdDB(uj?uXtu^9&Xi
zB=`IRPVg}_6qjD$NlH5j!QUYb5pQ2}m>yg)`REP-ojw&&qdfW)2wED0g^i5C9j3!Q
zcv+d+z`M~zY<3}_mjhN=ypc`E(m?b(ht<z^FbnrcvUsHEb6hpxjd5$zg(*bFN8~#c
zre(M)!$fKnuSl9owi^Gl`NwDoNXTNiry=(T=MTguFF`#!829ajBu3ON{xX2hIl3;$
zrSWf`O=7fG@LY_CU(q`gwS-ytODBtW!!YXkXAnlu${1YHXz~q3<-&pz<<7EQyBNvf
zayp6e*zyn>iK`!Ul*xLo`tdfBME@FELygk(Tuak|?CLQWUFn%}T?Pou6KeV&0j5Du
z^d1YZ>`@ms+bT7<baM5c6-6w)L}_~Qz}AO%8ecwF#SpINgYhSufz6`vw`(^*>(BZP
z4d$%zfVEMMr&uFBVT-4TQl|^tjcA~}6qk2rQOe*NnXIp<K^#Ra?~~0YXv3iwha6Z}
zPNtu1>v4S}4spejo`i!+N8C{H9g~Y=ccqtC@NeW^3#eju&EnZ`E)o80<U%IBDaj_0
zXaI471^RN*1EP(kfIK7-H|Tt^|MK|g*D_a046x>z!??$Zx4t3ikIg~aD8)Nbb;c15
zr}1x}({%c{|2`N;9z?6j(Zx+f*fol0!_N2PU*>Ofe1{*M;r_|ZYu6o3f>G%tz~1vY
z?Ge%XKsEL(R$#nn&8N8ukWfMT6zC*hyDQUt>4QJ7;Ckv<_N<PV))n3G2_2j2(iQL0
zc4A?@I4ysk6s*8x4!GmfG|;zpRNxLX4bbfz(eEkHfF^r`Kg)a_jejMfw12CnRkZ)8
zj@>ltzO{5VI-PfQwr=E2x^x`EUG_KdivF3XEG%*RnpUdP-SM?)^7nw!NUE+zR1||w
zGzh%?0zxSxgLfM+Zrg^WV7z;)Kn;_UmQ$eVxp2mf*Fp<<5E&=%n!S&V{_WS&zc{+c
ztO{xT)d}&s($G+{cxMw3ngTh=F&5;SIl&`<St8KT4CEC57J^SL<=aogZ!l!ygdnNs
zoqC&pA#-q5?HLcUjj!6!5`+GX;M9E5B#XrY6XWXlA?nB|?0M$TTHzdB*>hs&UpSN)
z0khVgP}{htn6<&)Rk>P%G>Y*Fra_}z1E?ds>t>Z++bWVCe?fk>#=?>+)5>|9&XXzf
zNp4X4`b}_~I6o(dqcq*3<u5C&J^snhWqA1@>B$}T^yN9y6UkiXmu`r_G_n2Aw*5O(
z>l`JDY#mvLhTRaKCt)W%%LLA8m^&x-X&9)n;B-8H>R8>?+ycY`+!mN>0d}uhJa}XO
zox0gyZqT^#<cA!d;vf#=!E;~2lXC9?vWG3}(hquZ^o`~@*J&rRE+<|Ge}3&tE`O_0
z5zmvrZWSR!t!XaAoO=?wEzq>70{#Y`tRo6!HICwij!%<Xyn+R?G$aedH7)4Cx0(P8
zMC=7;no@xks?GiV%*;VCwKT5LqU@iPd%+nNrdeRussb0jta~!LE&kj`?z};;_hP&^
z!RU(=rXLy!asow&-S(g?%-X=Q2dHTzhe=dL49MAG00X+qr$%z;uPs8UnuBP;tPD?p
zNR39(NdgPv@<L&M8Pn{5CCZw~yKp^iKj?jDMvtRFggVGxIB*0}i9bm@L*&DWJ0z%B
zkeUh?@nGyT#M44{Q}aUCrCeinKn3MPxf~Fac!~^B^?2YuzOV@4JB-{-0fP8{cKZn=
z+_g~O^FhAFQ*@A${7Rrew2$We%Yit`B8_P$L3;o+LQXqD!h)mqXAEu292J=&JioSz
zMEc~4vQWl;MuN8huJ>xZH_0gD-|aB;^}pN28^l&67U&T5KLgn5{lfz)-F2LkKP75q
z?%joA-0Jo~LMHO;U|&^5_CBz0e!3&*<nJZ*{@^bh2me>r<?UC|f*eOs?MU=}8WVRH
zMw%w0zn|CSAxX;(k4@oTnWH-)gW~T?4ft1RF%O+%MKcq7RHD<#KDS%$4ydDb&if$j
zIOor%57kY^%4e3ebY}C1(ups*L|*_q*12&-iXm<Sh6&iMzo=uGIB00&6d9OCUJSBb
zh^0WE$PijYS=A*6hRX>a8Z;1s=NCItvjZYE9gP4f9D2m@d}1Gt-!|0*ty`Ld&Ke73
zK$UX|@6TtAOQ;a5N;#2W-2F4oLt#0lX?gu)G~@l}-wkmZKTzEs5_M}gC{D7II`}g%
z5pI~FooKT8#KSI3L*9V}G!#90!4SGc;x2wB=`IYSp^%}UGUyx3bH+#;dPH)ionXb<
z9gv=lG)#sa)n0-{5^>i!Ajm4niG^rhpyvo`9)(I00KPH6e8+gV1Zx~jgIJYY9|dR6
zEm#hSnA$jk#({CGZ%D;L&d$s0ZwF{5%oa};x0p`c<p&IZ|2_#PuR93=n}i5nR|7pe
zb5IbcHcV4_#@8^QEnLkv(W~sWsAwCPa{?$EXr47x9YA2|v46wjy}zQ@JSxGU-sy^b
z^g%+VE!${R07F^2kALQ5-5vW*PZIH``Kx}{zG=ezLL!PddodfXxbhV`blBU<vhVyG
z=$=1G&-^70g0Lf?_8~4^IM6^YOj0#Xv98LrPoNC%m|0pL0ur;4;VsxwrUBXS_AIru
zmC*z<EY%3tvJ;>5!|#mryjEfgLsFv6&{=KRmTyMhl5V_vtUHj7o-XK#JOXBFgCgjq
zoz!&zT%ln>{ReqK;|XQB9F`D&Zxtk2POfLh(L3A<7Fs?$&ye?QJ5VQCT^=}T51Hs*
zHRNw_E6Z(h`%?&R*(=xvRo2VR)*J8goIrSARx(0^o3~k$<cUO4HIO$<BN|ePofW|X
zV{D=Wm}v=)HY{A1wZ(5!Bjq3E`fcs(yip*bOzyPpw2IyIvswtSP@#T<<G{!$96J9r
zM(M6su6R()tW!X-(WJGZl-%iwk$0Zd=I;yT-gE05oZ`~3DCzsf6dXaxgr42JiEclT
zB2EAK_ZtDUOtWMPc<5Uzy|cF*mFi6&^fwb2OJVOAja<e=)Fi`kx`Z{1%)H06!*PUk
zjFw^9W96IaU&hO;N5+S`sNtc0j7zVv^&4NutUhz2PuNH(OWIv&YRZ7?6wzT%v*y*5
zNdy$Yb=D7ZrAW<4rqSpKGuZk8Eb19fHqL5!e^r=(*zosla%E6`xaa&=n@3#qg+%u^
zwaXLCd0%ESs*w*K&DpcsGwsYwGuNzQrk>sWYIda>1r*ZS5GM+_z5JFFO7}bJi8AvZ
zCmlzGYMDn~s;?C%eZGw<PCx7Mnv$vGoBGW?m>qPK?(XgTmi$unVP~13A*I0?YqXrd
zFTx5IOJ9pU&+mK0n(Yz5;F8q&ruv&<B35`D_DM0~R<TZ)Vmxs4ZD*szU8m&ldjSjt
zz%ldtgB%C__$A2C@?1!Kneakj;kSJ@=bO&AQB9WuU4D)3ev-@YfYe&3tX0aBEC*!l
z5+rPNp7D7Z4@k|m&)}pN!a(~D$ewAnxlM8f31C1S=9;c~INC-pLF*Rhr`|+l^F`B$
z@Ml#LwQgA?h#sV<GU{44?$k>>v3sM2=*Te=R+m9_>P_vOq)&8O*esEBT$@h8E)T!H
z*@dL8Rh#P)pg+j$Gg`>KE-%4$FF$;&wz{vIJY4&vzbi4!2kX1wOb%+`Bx+gC`P(BB
z(t@X(sQ=L!+0Q!Z8AMt+f5|q$zUyb!{{-7GD!d`Aee}&=_@fO|mxR-^A?38x*N;(f
z2CZ=*Yi=ywg1G%24lMr@37D!?sht#w9F%D(Py-QCmn$Wh=Mu(-XN`>(6<ot_m|Fa*
z;7OHySU0yP1k*m5$glbEvpHsit}<|r&c9IOWR%XBo(~>M9dU!T*pLjv(`}hZ6Dz%o
z)8(LM#2zh&TL|i~oYbS%K2Zh@XvmMgV?+7{b5|$s1+gxZ1q-ZLnxoTBx6=8`GA?1&
zL@~qL*UgSZ(y-Ui`Ij;-(brfo!&ha_4qj0@mDBmFYu1$x_F5uu$d%GTq`5ltL1VRA
zIUdF++JEYUMs=()2c~m_I*3w3r0!1)BDRf2pPumvR_>%He^ho>jSE$>vX@#-{48Fz
zhJ=NA`lpTRz>}Wh@MWIij_dD)-0y51dV2nqK-ef;Dn3x*I8!ng+aC#;FE*r85ZNvz
zWL5Y&ceByywFo{VXV}Z+B}ZhwaVpg|z3mmHOkc4!rs3v38X8?wYh6t94lQ_KD`pX0
zGiK$ETaGQQOn%_nQBW&g2=nGC@XVM=#;>eRIT}3aoArx*xB=D$YS-wFJ`UF+#g#0i
zX7%;kgN;Tdds04r=kH7FNyLOmReTa>@ZZ@rq@)d@_0P^r`2?Pys9E{&H}^C>Xcbp}
z1Tt-I58eWqWPL(_Ot@rXLhn_4@@JC&Clgcu>~vm7-<@kIzCC|)f0Jj@%>28U+6RQ~
zL2ly`GburaUKe<s;YCa(LGeRyk(CQCMG38Jd+mDt2rlMqL_X=)rnypz9MAk2nnf3*
zFJfQy8Pjx8<aaMYvwJc=MsRKsKkkJ-U9%N4l?|J^)Qu!Fp6L%yP`+a59Pim!1{}w<
zZb^T6Opkf4z86v(+<jc2NINr%v+jt|tpPk+hJb_*KteH)&<-T1l}h<xEUV^qhQKpS
zt^bb3JvjR|8h*txU9jkTr@;kCt^<;Zwf8~|W4n(U0zkqokZ`?>WY@#8m-)6@V_4X}
zI<wIMpHaHiK)L|sCe;rA_;}T))xdB4cO%M80&|CMm9XpiNkIE#Un5F`EdDz4Lad;7
ztHJaw^dvyADZ~!n+VEeZRqLZ`x9!?0km>T@^+~~o0u)zKGvHEjI#3?}{DW(Eye{x<
z;N)}}{?YB<l{3rs$k?|;gY84PO%`+VSE2N%F$`-?zMXg2b!`-VA7Y;zRSZ%lYpC<*
zu77v(2&q1i^9HBwx*~1Vez;jvwhBu+4!|PKi+yXz!@Ce)z#lWsA&i%Mq>yL6Rdd4O
zNkdRm8pyxw8=*E1tdNFI)=*H{wHoqfTB6-dmfamsA)^gUBU;BN&fpBwG(_o831@xO
zG|}Bhn>k+T-47JWcUM2CokCehsfDB(>=J=|!RszmLTwyopTln07~zFvP3$}bE_Efh
zykc{bI_pgZ5oqT9+PJFxgTzSMJ3~yD%J(HQ{li`OQgh^{rG*;|yQ`N`M$dI(S2ij%
z{z}V~ALY3bd+;NXV4@dk46r^zGYZrC&DT6*MUpz_w%*nH_ef`mL=WX3kc`U->PA(l
zBM(ANJ<Ulf4APIsplOpWH8}F`d56+B|0^q?k;J0ipLoQKotTWF&dtZpV>xb<l#1Lm
z%gYl6%a5tuCu>viNmrWdeEm}z+&_cV@t+ST{M4FvvE#+^BWeEjUH)l4b#^S;SW!6P
z4#+u|g^~n=CH$Esi${j~Qy~9&j3mG4zl@uwy)25#mbxlL#9^5f$<|e2F&M9lh?2HT
z8&cjF@o!HuSUTwF-=FK}-UhEIBxNo1`k~mY$K@bVojK6@dc-RqJv?|yZgnc0N_@i>
z9<{z$3L-xJhP56@)l2A{sP$<pQ~Ipqo<Wnw82c5bPF*gXCf3_8f&G89rK{w}@<VQ3
z4`I1ioQxvAohE_jI2V)>>79JG1cwR#T%(>=P3!=l#=jcXZOQ^!k58EI|FaNz1;XuH
zM}73PJEs(;7_(^-nEx`4e8LAKP`!A1W@1x4d_V2=!#MH%3FvzJzq+<es$Ou%^OxQs
zBrjIXBodDq|I<{Acs1``?A_iZL-qT~7)RQdzvi;VK!13o{I69b*6gWX#CMihI(FF8
zLdbHpW6Xhp@}mh(H;9m<DtF#P_fqd1A3qSm)m*>)Uq?3fc2zJ+7rUhISlZLZF$@D%
zOI@^er(F#Y$NpDg>uld`2B2v16*F5(!Qr98(`yJ9n(QQ8d}}jyrvQ*s@b~PvaNtT~
z|E+5Z({1CVpy_`NT!~=*gC_Olv@h<FTmskBpMHm*OLC~p@qGu?Z7Z3UuD)Wg^FZq9
za>&HrdTYB?_c##B(thy2JxSLA=6-*EmVJBMUDuNjSO?CgG#RiCi~axhq`y_{HK;i^
zmgRnAGj{xdMh^0C?D$4hc%Vx?bxsYF9o#xE_P)MNZw59esFIuhN7dCG`uns&_~gi&
z6Sb|h>IGuYUyGP)2|6cTJF&o2+@3I50`oefwA;t|Vuy`p|J}y{b}`<2#Pf&z`8Q;j
zx%nLTT^)<5((W!(E;R#I47-3c4e3zSmQBI;=X;Y!90zWt3%&Z0(SLxwjCi}IknaD6
z0NLxI)RS;LgXm(fem`-;BkiiLJYZa$Kio?@=ye?J)uH;oRJ^=dIQ3zJR6v=PE)~T|
zv~<0hgSV24Ic(w9WeU?Llh!{sT*s&7P6KvSPCd0UfE&Xu7q25-h%E)$2l|1J^XO$+
zh3ghd=kJ3U{mQ5LN4{e!Tu?c7>psvq65!S{I`*RUHBKTL--&p-FgZ2SCvVyxoILN6
z>cp0LuBZObWRCBI@8{3cha7o0&Coh|L0tUcoN8fd@8vY(zsdISmG=JnyoKC7u*23!
z6T6SqX1FAMM%F62KFF4x^w9a;yT9OjypRNURdDa!=M>yh!opLLcW#Z_*iAqBdRwM?
zwkHHpmGe>}u%B$Do8oo+;tea%yO!!~Bq`PAbs&B2_0PBThPZ?d_|UsGcPDD6an##Q
zA7v~U(Z(EI$=voI63Z?AJ(Noo{?i;A9B4f9unN=ui#F6uo$&NseY+HKePYRs`%~IS
z@h4F;3@cZGfy_Kx@2!Zd$0jxQ%*&iO=6DIM4DCxTX|nh;Q}Pa~*vpLq(`0K?j#m%7
zR0mv_153QUEtI8DEpE=ke>6Vc(%-Z{OoX1S{?iTEe#Nb}C#QFtunK%9c$)WpDjL)M
z{D(r}`Qx<for&|jrbeWn#+N0@{fwNdcb$-G5$N~k_A{imy!;xPQa#f%q_Izb3`^YW
z@6MiU_8+L}rbhOl3KYq?h43xcI^kFM7+WY~(`E^2!_yyG*jGlzyAbI|Pc{y$NW15K
z3nk+o+ooINiJGRN9x_e@uAWQScS%QAlRFQG&YaEme9v<UcQglAWNO<CIn%VUt(nuS
zgZX0zjhX$8oQ1DY)Q(_YADCu+-qk3bU%z}GdA%te2`zUP3m#W}(O$wmTLfF=HNvl4
z_md3hrtU<5e<R#wS?Yc%9lYFVnSPdB3ee)h_K|+Ig*IQp=d6i>PB>pWsc_(oujj*&
zm9W{=_+6P_x_9lKzyoWB)Bc{*i{-CqRVVMl>6neSh79j>n$N-}PU8p{s}Pj~M2oo&
z@eU#OpT3p_slMu_Yx=OAaKF8;#ltzQFFH*q?|X*HP4C_iJyoK0_>MnF4Ih|VQ6JxS
zE?Q6b>C09N1+rPHY%sYWf59v}pD-wulh#2@y9{4-eOiAwc@9*4>85`*Nc5}vv+h+&
zJV{e`kkO??Ozm(f_DlU>gD(8+h5HJz^y&Y~b-t=K=Y+k};j@s^TxSnlz6$Jq?%sGY
zu=o4ewC)v%f)czkz}j3X@0f|SEmVbT9Ob~1L?CbrR?e+qX*ras>MP97Gym{VaCf?U
zamRzi0}qbTIa+9*y=awycWY1GYtAr_&;Mp@u~X9>;lts`OUU~y*!X!D+m6HF*``jv
z%!TnLU9KY^lC#7a_cy@W0;`dx-$T5n<pd+@@&EJJ>h!m}4y%#39Ji4botf?^r&Gtt
zTansf!RNb*={-Kla6GCe7Hqxop*yvM3slSNMLed4N?VABLu5#<dH%&TWyuIyy=E0V
z0~H#mAg&j7(e@;$5oi$^U_ohp&#a5Nu(PYL^Cii6Fh0epk{2zHYPZbZ`WR=cq=rf~
zsh3I1afX80VH|mYT18|<<DXcQqU@Y-5mkmZW>Z?DeYS;WJh|+a1ykyGwu$qOjU(?L
zZy5lcaEIE=!v8|(-p`85#()+sg(3!$uaX<{ld~x*>D4vx9Yj4l3Z^;1_UWVB^-p^Z
zS8Ue0qvjPxa?^?q)uKNys6<69!}@O1#x+Y$hxS-nPAOh_aj9UtAyN5u8KoEGsxvEE
z4{UYxWXfOH_pfE2#beJCyS?<ZecwApzTipCa*rZrpNZfTpG&qPN8e%V!b^H9`F5Y5
z?F&^0P<BvP1xec`RX!9n*PjoXF-0TX9<ZMB8?BhU-f&xwIj=ZrY-GQ&?<>3TYknbj
zKzPv6m5Q_z#eY0rCs;E%=~OFQK}IzB<3|ab^J>L`Hh@QWf>(}us*M$2sqVmKGBd!6
zpZNNjYB!gpBeOe8!WaHN)(ArAfuSt*Bz|zW`}@0%j7Fz-D<_pN2JSWeDRa0Tf*;4B
z$X>hqRZlDGB@^z4xV=;>;#7>J33vaOGXdg-Y1E_Sv&P`w6UU7<`Z(J&Z?b77t!tq$
z!~>77?s1kGOg`%05;2N%OtlV{zm#}O;c^PI_=Gn737MI)y;9zjjp5!?0rwz^q1<db
zvB~%AX$!pZz{lPe`^(+RW#nLA*l*Y#|8%sC&JSW)w?PZz#+zX<%YL<jCa?KQj)z0A
zGp{G$&{#7+8FqyCdM}5TpqAMBuCPuaAI)oPNp9P~nzDwc8ZSMq7D&}uqD)2?p9|$d
z5M|a^mH&#C6s77sFh>GCB`%+Hm5!z=lot*`&##0p`PYkWIu8<^|E`UeO>yU`-pA5g
z#^+Z){&&s!gHM>;zgF%3opSS4`*+PWv7@E_PsmrL1V$fngMZfwL=R*+OTDE;yir;7
z?IGWINY;y9)WW25Y8oU>Y${DP>JRR)Jj7|`uvj(}Rg`n_OUK^h<$B~}NQW|8c3W&f
zy7t2+nh*arcT>3x#8}F|-sH@RxG9~V=4<a4=$Vs8oE)IUsZ~mL?u2&F9{v@<KVZGS
zNKF2f{BB~s3VVk8UU5Ql2|PBZK<AI5=zqriq{7AVdm4D-{oNN#%!~{!F@HOJ%uS10
zau|U-d@jt4;8ziBuxUi-3Tp0G{d1CF3dmU@qgV-^ka!8Slaaei-%5TPbj!_066w6<
zDS~;F){`|!ttRDPm=;@*Kr9ouc1u+FsH7)_iMT&StEKe4F7=xQ`}Q*G(o;>iPry0I
zpw_h{B=(F`;q8boANHXG4O|%yjvB4fv1PCOrG+%H*5q)bQj<8aRVU7py4X<#iTm&r
zq?2O#x996ug}hMxEzJ}MTn6tQ1YCQ%tyhs*X2o12=@DaGrDgR@JH|#ksr1U1X6u_`
zxuC$>AeJqgVdx2q-o3ffg7Vip=2<R<pcvO{WMSg;?<LG`{Y~;3Kl)G$qU}C4@Se@x
z<M%dAQoqAc)@ESr4_+ZHvumxP7MG8@6MCN0nJ_%3>_qvThGI{9-I#wKP^gCwTTQz0
zC&Gq8;2FSWIttSXL2DjiOel)F%+oa>jE)hSo@u4vHy>5ReiQ=XnKoRKm&M!<`Q)*|
zG=+;|?tB10ra({8Gu;VX^9v7!e)R~Vfw8Uxia~GcNeU{&j%4gI1JY-<W#r-Rav6Y%
zqBz9-Y4I>O4>W=PGX(l?Np4=upI@#q49YR|7M!6ARMi*!#@+(BbjmK~&kzv`t?Pda
zu3(|)QE4TByr~*SO?#v0MMTk+EiUFRLrBq8KtUmpZW#*tSF8nu9OjoMPzDj8QaT{;
z0KBWyR|`n^lUl&Yu;5xC|DzBH?qzQPlpp+#qALVYkE(J?%)h$SnnGX}C~ghN)v^Gz
zi~(pF6Ck=YD=v0D<6Tb!)7BXJMv(=O!H5Vo25C|nDwPrqz0mul1$sN7Bz0!~<%0GY
zPP2&P8C1%mGPy`sCni%w$a`l5+qB_mR_#XNoe&4Hu-57RoP9a?yM%;#FS8A2zt6Ev
zka8aRmn-bumNj)vi^mek*dTw<@CZ@}7Lr^ZIL1ZZEg)J_Hjc>~42Zh_!{hQ9?{oOE
zn6gK$TMi$cINssnQOkp|QBjp_9K8FAsswA7<Pk**y!*v$@Xc~*1WF6eqL-4iiEBoX
zmDmTFeu0XfLwd-grmdv@OaM#g8yGTpsKRw4w0&l=q-`xf0$SAiC8VIsDe;J%r8-n+
z=!T&`H|yP5?(lJu&zB+F$^1lk56G!!ButYr<mPOpxNeU%oB^tH(C-67C*hFaieh<z
zJh>r5q+U08B^LEYTuaGV%WQqDZLn!n)%`oOn1ertRpE*X{x^n{%h~{5VTKg`6gr`a
zT)_d&JjWTf-3lv{gZr4jyJm<^%>3puGN)n%dB39g?AvTcz&`>K3(>@rs-Oh$hR9B!
zY)K{a!BCG8u=8@yuS}*9dC`X0^xYE7>@Nq(qe)ikVS09n=3QqgSkLHm9R!_QY3B?b
zsTUD;!FcO(RuPr0MW#C9*ODzorcnFPMjrz8FjxHHNd4-OJKX>Iz!}!~0GEIpCp9eG
z&;;gkdSmh7`^4a`g}>cQ9}`-iO@Qi3mi37x?%OU?z4vG)R%8tNH{^@S2>an?@VzxA
z71Iz{^-M2}r=S3$G%2c$A=Phwrp@57gRfDr-pc&>Am1$N!a10ZOA!WDT;Ds96QZu%
zdT}Z6vAGG+#`fqAT9=B<b;5g=c^%6Y(3#~0mYLnRfcbCyk?B%O{Bb?7{yl}_gU1Sl
zS(Ut+hRsZ$neu>Lb)?}#P=<}E1Bkh!M~3gCIGL5+gHb=<$?p`3u~X34ff~CHm!%Yn
zMZhk1UTCFcR4ERf0CZ56D_awhP8pj-9_l%4BUtT+23pp-sbqp61II&9U{7$f(46!W
zu&thALVe&)3vVAFp5`BXqs#%)F`fho8=A+wW&d@-{=3-19GY1;If>nF-r8S7-!IXv
zh32%B(_1+>Cf;C)u-IVMS+xSnv^ZW&9dyT~hZPv9D#PCp@Am{h?TP@1fv>TPH;9Ox
z+Y%rPU&irqZ*wlLMY|IiAKkIof`KE$u>z)5^duL!6<N13WrL60TEI!Lr51J<SF%>z
zYrf~*?|cZNeblIv=5j8vkvg4n(<P1gubWlKzIj6!!Dt45BKyoQRRpU?e}YjMZ$}6&
ztGmWPq_!nftxiNg8&E!TojFQeaS}yGiZf+>wyjrwK9a_XkDMgjtvs@Lf?WMk+@x|u
z1I}m(FxT!f#9>iu_u=KyQEX9GV9R;B{50zPV#A8>)Qg5b{0NtPR_+b)tfPcq3^Om_
zQ_Q=ZIp-JDiVE<9+UJVHc^6vfol@CI6B^hJKWrDH&`p8ds;zl8+Uw9_U{}=n^KV@^
zuqx245;a9pg9HX5nAv@DO~!Oqn<{~yu#>v_Fj#MWU<frdn5j#N8na*68n6k~uLx25
zwEk3FR|v;(KFM$xagmNY+}w9-rq9ATCy~0A-CWZwj>~Di`j-z?bzb8yEmpNDsR)=z
zd4=8TB|YFiiD)CgKm}x<WqafVD%8-0>6(^LHsCwN0**`F!&Q3}o10wnJ8C)I!2%OM
zJ^jt}EIDnoJMtZ0wZaPG@h*69F8b8S2ToE1Z@UvOoB&PLQzVX%zd}*ciN21Y3~kXr
z%8n9~eX1x=v4DV<=y#x3GTlNSbgT;QEQg?5?rkF}$;2W{KORCRdgU^1_z0b(;(m*w
zS6tvJ@9@+)rqHg51Y=+O{tojL_!UdxRvE%H;iY{1&7VN-hYUJ7ed8E~4#3M~m@vY0
zxs5(ewK^{uz1_%2N(2drr2Sy*N?;`1sEuR=-yH;*=AbVo$EJKmS(r~jt&K$5*#4Iu
z<@(2aT1I6nLqmQVDWPuthjc+bHqEIT=XMRZ`UJJgSc5Y=nhp2VgsD#duH*2DqoMzn
ztdel!#3s2DrNhc-{XE5ph|MpB<UDYOUBUNpS_Ec!G@bt0lhsu@yfXz<9nUOvJ1!Ml
zzZ`jaB&+JE$DGbOdaRA>WC-<@T`_o#D@gc={^_|)WIhJx=(yoT*mQXGEaeS*W2I|b
z%1vW*+s|E%E#xJ-gMKkoWSe%?l_RB6Vl0=@m2ft>89}3F@Y<~<K+Tv-F8?7TLJg}5
z{ZYR9B%X#Dt>#zScgIP=W&Y{k^Qh?drR;U1Ok|~M<(Swb9(|wK<b|mqB(V~2n}0MM
z)naihipKW1t4g;K<~PbK&Bqj^@5D8*ffUz=s1N9l+xMwg>C8szlWrgT_(D8FRJ<P{
z{`pCNY|PXf<k__q(-t4*AhB}_my%-F1_vDQ<>lKacUR~^9cBkMXJG?KcAbw6PF?6$
z+PlBeKYR5XRiEh&DNZe}Q?Wnt+Z?)mAwfT@ldt_8ie~O9v|+ydh40|c2$ADJ_YZ%h
z<xQ;y3my`gG{LWkI=DqL&e~odTt?6{NSkU|^7Ki$1V2{X<6ko8NBmx?q4oP@nXzYy
z$S*u@vP70RlWWR>P{Y3;t^F%vkZ|cakD=wb+^6y<H9-SaS+klc>CXhXFea@F_Y~EK
zPwI=?yhBXR_AOYWvej-=s`T4c!zR&MPQ-_9AJ^HLN33;%%qCSvYUm4}DU0|&h{H-{
zxVik_U2SkJ!!MdKSYzJQ=6mJvAh{3^{F<CkPcd(RT~vM@ot59HQcvHU+ezFqV6k2c
zi^y1j>@S1qcmHi>ZL*Vu`SC2ObkV#>j}+}n@Nr84ds#pI90)X76ee-Sc114i1~-`=
z(woA)5x%Ms#jlE|_^>YaV*qcOPGNeiGO#`y%+cOR3I2pk<Il<gYU#kmvVp6-fR{O@
zuT4$To;X$Ho_0jI!#Ye$-uY%8iI2BE&&tmtkt3+{jnx-cG)<~O;^QpFocPOCYghk=
zGJR${v@o(2<w{3yL{Xe#6H_fGXD*fjxtr}1;W>02E0Ofn#e!M1uReEf-xGu5?_zwE
zDjl5>dY_W~FbpwDZ0~dp*kz@Ulil7`{;Kx7>m+?Vaa;LBA<^k3rx~fvzwrG0>e)Nu
zlf80*z@0v7Q|Ohxh&x~-h%#nO+=6>D+!<uv3ZpRTufnl`gT^Bci~jUyV2r+LbtL@l
zr(9{go&`g6_0R8y1IC4Bc_@+#;$)`>^DTC!I2=b*qsX#c*nz{~37L3i`K^wNZjZkl
zRIkqucnyxfm%eu~dQK~RMvy<fSPu|}E$2k=MtL!;>m=XMhE|0=rlOFb3AK4=b5eDv
ze`=S3zeV=<z7RJaj;eQpWVp()^1BMU_DR&K`89vE=aG^2M)dbgL}qSg@t((oFXz(V
z-+ya>wLYg(NsReC>_#;C2g35zUtj0lN|_4YwrahEzIUU;M<$*|{?z5#mW)M@A)61)
z^H!<MADrowdF&aMUKf`BHGBHMy*Rj)F%HMKP?hc|;-`n=4TRK_Wssk9oYA~}H>PB4
zI%k=K7^`S*O19F-Cmc666zJQlT6M&wsuGCZpc?n?@<5t&xjDVO;j%+NgJiJXi!Fo3
zf{gnS<1|*C_^(n3CyA`0H?Sx)h}pRu;Q}I7qc$?F?!nc)c@x4rP9;tlLLp9wi1p=r
z#*YNuU2~Xg#;QwHWn3*j^ob9@a*zv)T)%&NO3nKucwLo2U*0(NOyMrVK^%1D^I|yA
zoAtJJ5}SCW7>R-aJuL8N?`O5o&5~hlewqerQs?#-%7YNy)=ySk$OQv89JlE94t%wY
zL$Mhm+OE=BtMOaGQ+ZWF`xocb->;d<Vmj)kOC`4vn|BMBvd}&UjepqCwS^y`Y8frw
z2)%{k5W9U!#>OQ+;8NW6LSr6nI&r(%+Rw8%O(UpMTj?irQ{Q~dRmsD0#USypFrdV{
zBoCs<?s?5G8dL9*qO9#fD_xj}1ko3nDmf)td@vek|3H#w{wMo`?4&cSlhlPVMydYY
zLQ=9VhlNPct0aSAqE2LYV_(14^X|pg(PW;K1M3>3Y2+F?@n%Cb=v5u}Wj(aQi^1AT
z{f_kH?7Zr)L7nCjad?GGt&vm2qKq#}%NyD7ZF0R%Cd|%!Jx_bnN8(ECv0t2YiZwYj
zN}j90`a93nx4+>g;yAap4z4;U0v&lne$_bw4Z3D4o@`oN*xF)6(KX)!EXTAaMX|xI
zCl=V77GD+R;oL2Og^i_GDt{l&@oMS50_*k6f;KidW3_cZn*VyHGlm96pj8n#>eMw3
z1+f5&s_C0&4orgr{mJ~W!vjN6xTa#VI!hHr>);T@@Vw1~&=)Pjjp}D63wQS!D5%5e
za^stmA3u)!l7)W~f_pDWmXI_Uqbh&XqCF0wsTx=w0d64v+Q6cU!#fM8$}H=shpPfA
zT!P|<m8I*S&;s%+koCke7$*f5>IjGN8F1#MiPpCAs~m^appK$+WfnF<+ILadzxt6R
zw&A+Ym+0Upm^YDhd(P%n$>ArWZ35OHwE04JT!i9uc7MTsi{j&mI{eoYwtcR2ioKJJ
z#3G*$@zF`%%P%rr&uO-yNb?msK$Y{zuVS1j3WX_<<;~|4^2{Iw#3Wu~6xoI*W3?2%
zq*F8$CBK!mcUsHM*P;R}zioLN3a{ZI*Neb<aTmmpa;;0IRn5*dUp4pU4f>L#ZCYfH
z)#sT}Tp#ThCb=WkdyHV=Jdvt+3YSKxJ{hQfh@J?d^o65iA^5-&@yOHA?}1aIK_u0J
z5;aPR-G<izeKevd^>(hj_dV2Gz@yq=vwJccP5(mJW*j+uPhVCVNp7)T+eAh!{s4k6
zBrM$ix<`}i_4z;(naiq>r>n6}<&b0MZ!87c$FfIEI{(=vI`pdaZ<~5yI0uqS`l8`i
z3PrHpI9uV~o!o7SB>L(5ArRY&T+v5mr4YPibh^XrnwQto7_V0hpOv$3WQ`^Ht6Zvi
z`>q@x?pkLdYG_c(`j#P0m53urgu@V4X#y>5wlCO`&qF%d20_e!Qjx#@L{a&QOjcc3
z0FJaO?A7a)GXeRQrDK7_$!t`(<uHrh%Eoou2yn*`M&QbEF9fufjnQl*7Mu^zG=HQF
zD{ab6_@a@o<S`>|A`<n^Oo&K%y1uWvqLiyKrudg;E;|GI;>Sg2#w1K4+z{*ii3p_7
zBk~X_4`jA7G_`ve?+|AFV*W32!_zb+?|ib2k^*4VEUtIKX(Gu1y+WS~?U0dIS2E_r
zYmr&F>ymN3b@}_&Y5O?;(pL<m-e4hbEjo)iLmIs4%yFW4WtD~#b9O(#bM@n>-7pZ%
z!6|*7eG9p{7_Ve^@#TbRtC%bK68mlb0M!ca&OkllmVjLWc13#6(1`YDHN58FlCL1s
zfK}>9ketuwJ>zYZ4^AjGvF+N{lFWg(O72C>h*6-%s~Y2wBAxZlMoxt<i)*6|!e8)6
z>q+K|Lzo&U>ynL}i!I>XwS*(M<#FQ)o|z<d9Fe2VN<wOFBz5o_u=^zcP@2q~bJp*U
zIjbV*omt)hQCV&)>ZoS4T-uUm&UwnW7mM?R%*bf2d1a5B<`P%E4jz83Mht0o6)c%q
z)Q?YD0-i-evZX#rYLATNH`d$ddB~3G1XQkS8P{iIJhpYGM93j=7BM*26k5Ko$08?O
zr|>(gS#cg?&Y=znyB6wM#3QYrcb)6l3MmgB)CTg#YABg@<312k=Co*Wap#Z&B*g8{
zQRo%Jw2Lo_OT2ckgRo}!!=sX8<J<XcQU|fGXYbP-3N^wX8l@E*ThzF=*`_F>Bcvl3
znCY01KYinM@*fpUa2CH@i7E<N?CDD%@i*f5;+to}Dx&5<-<Y+4ExKIOyYTYxlPGOH
z^iS9`y1K8ep%uv``bw7E!kPVM)%qrdVdro7KHrdth-Y-|caJ2E;5TYLIp#?85*_Lt
zoCuVSQE2_W(H#gz(vo8a#O>@x9~~pRHKyWN-|_YvFdhsNM6U6(B2W&zi(DA{)xF=2
zZT8Xgtd}5?nuIrS(u;QN|CI^kZH4RGsLhdPo_crkRa=11q~9ptSI{bgpB7j)lA7}6
zrxkSB-wdoWNiH!&vA0jjt3bUKyD^jJ11L{(afluCb2r{xvM1kG6FU^s@rYFB==u%E
zDTIxzaKOuSLBUCsV=DoaJ6j9ilPK4<_eE6}xL2D{f3NlR(%P*PvF5@<K`VmK?$li|
z>ROuvhah3KOJ6Y#Zo~e95&Oi1YZ8pfk2b3@9F*4nl2*U@i!aRMokkE81$L8i;!e-L
zC!;INbsld-KZF@KrREt`Qjs~tK1b0-bbek7>g|;|)?bS{nw69MtwTqcrG{~MuoC-#
z$T!d}$88@U@h2Wt8_RU90&{6#Q4sc$nrv6lM5d#W)~Lxm+K`an7_406X5jxzkq%-v
zL;Fx}cMc}!{F2#n%UtX(bgwqq&Af2W;K@hzs-%TT*KqeiD_hU??Bs*CjZ8uh%y>Rj
zNsZ(YCmpnyx2MYQh&G?lK*`Se4U(IT*hCZ#!p(aZgd1y!1K0V7XEOWxg8)O%aeWjI
zjBOWq;G$%pC8i*odt!pfe7}z4hvL`l^aX}5eN{h_w_WVq7UBdUvX>%TjGk#l#4#FA
zb>DFeWtufNk94iDQdnb`mHVKLS%%L1P&=8*Ps-wnh{fS|IGDeqv&H={nv$xRzV-F?
z{?WMYyNb|^I|yf8{o%!dmVD7fOqo}eBK7-cqSMR~Z?_ADh?IB07gBXv`jqz;*w~tR
zdd&23cqs$8+#<*kwJCLPMVN2tw}j$vMqCDj#%vnpioSDxXD|LsN3z)Be|d};>K=gb
zYvUnUkuFTVe8w~JuK!9PgCY-e=9PA4xX=@x9&<8}sXMPIMiEy?2uT_{_~apJzUm@g
zC@QBtv>v{o0Wn1mZ0#MTqQ4Eow=Bd2WpW9|jjCiw{2!|R0lJbd+5&~+bZpzUosMmF
zY}@SEwrzHtbZpzsiPf?F&Uf$q|2N(kg<Yp=)Yz)C_g-txxwg?LpKZnE3Se-llS>mI
zcuCnyjm^rPLgSy+&3u@K{*t34>+UOQgZE|Y!l{VhcTnx11LG`-+;m`VV-UYVC{Tzq
zNH-1lNvcFZ4GXy`N^WDTXORzuo*(I^E2gJX!Zhf1`_3FK`U#SgJc+Yqd?kwk39Y2j
zX5eWJ!gtsV>lqrT#n8M^QMws4xaLu8l<ZU72y8Q<JSkF~O46KuNVGb4bN}Q2x@8Yt
z0MB(nzXe`pIi!N0e_|6QAv^TjXVjU>E|_fREDqzPn!0J862+jU?*7||8Sc-`w%$m#
z?X)WJvBmYJsx+eXE?OS~M|Ri6ILF*xLiPt`u)y-HpK6G|Y{$~BV&ty75Pd?i%?e6K
zfsOOTC>#bWI0_0P)5oIbjuW2*i-S2Lv$EzU{qmkg9f9_NMr)l+gziWCTSN2*;^kI`
z?!%L>FTO9*4p7I!7HD&tMv-n>`N{mzMSCi^@^2XI<)Y49<aL$&Bm;+X?r<*;__}b}
zWaGCZwkto^^aMX?>5gJbLlGR)^6W-#0<Ux;R+H~`BiAnvstqIxaiF;D>y$v@2mZFe
z;6H&qasygfR$J+hZQD~YGS>Ds7m?T6MvC;S<-51b?iy<Wh4q}KxAck&E$t}uGz2X-
zka5WtQ!*)q)9ZhhbIeWbQ}nAKi_8b?a;==Z3gmbd<eR78xmQ&~wc^6Xy?<@T`6d@Q
znY<h_Z+%maVIIFSfm7_h%~!Cf+1<Gw0UBIGt{r+0^j#*|M&#+9bKJO|EKWt~twY47
zBKq+GLQ@KsJ}D6rp<M#=cxQ@b`c=i0t&yHIgn*iNSEjP}g}<hXW^k*jF#0xqv{Edv
zbi~8dKYnwujf@1!vcLv?wasdSBea7;!zb&qKS1GngCpervawVt<al(e;pm%W@!PgR
z$Qb>@5%aUAuO)0ZB^#q>r-d@`bvV$j%=kq|iKT<!<vF`2t_2E71>=^+vKI9Ir3GpV
zR^NtOlV#@eBF|uy-@O(z8Egf&PU+8|(+e$|zLEmq69=ofmI+hZgDvMrEffo2_iHUs
za<IBK?c>!E?^0ny1?Kd)%`1+{{_+4hYcCneRz?874-JaqT)=uu*n7%QvWB$)FdndX
z)H4cd(~4u8x0ivz=+MKqnisGC`JQTMyrRfLh!G#g5l2l|iDI$kAC4uu4NIF^BlcSk
z1;1GEnq?O=G7v(RIc=K&XqV%7J(~)uKuXI3xik^fB_zi>j+FEf48a}E)XQ#Ug9I_t
zRb1*?P{Y;0nU*kK^#{a_$;7bZ$HcOd0nq5~ZGn9hnf()qJ9i4FKRV8)zmh^V)TQNE
zl9(IPUBh__>Bm1DvXa{SrOZ=@v^+A{Ce!|fw938D{)Cm#j#^p^q)^;kPx_ozW=QyG
z@#zi%QeTW37k~WsZ6@bRti}HCxA{!1)9CX*K4;=&kpr1>CBdnFGwCq)U0Ud+cQTpe
zJ9lF~j>KJQCI$Asp^K5cxVI+d+wb{lt1!Uh$%s!oj<Lc`kQg--mu$pUf7|+7LWyOy
z{?-1?xc9c+A})Y7+NwWlBC029x2^LvPc|gG1!5o&2!8+lPiclJVod`=S@{w}Y{#gb
zls(flC>SCf8Y>-^WQaz_I4O}|TbkU57va&C!l^hhgzOwGh=MFst=wXl?SVH5Uf?xv
zuc*)Sm;`6xBR!~z_*~SwfeR^-O$y-!UrB2!M+k%P_s*u(3t{n&mlP(uI;sPXG`F*B
zBj42OMAFpvjxy>uYf?E~WaJg|w|?2-_W6-tcWxM>zL5P#kf_r4mF9lZ>3CFqWBys=
zp!c!OXYH&<mBK*}xQrfjtX~Rgv;c7bgwv|Xs^EW3wvw)}0BvIpo^oD<(Nb`gRTc;9
z>dY8hQB^;$^qBISNf1kZ=NZ(k*8g5NC9M(qUgB7Wf;&8MbMf6qOK!hbP||4mVIjgm
zg`Fvz<NHyw|Iu}D5ipoi6!yMm`@!-!o;vDEYx&Y1$JRG7dO2wbICBL$)HZ>xFumGH
z1dwk-Agj+<3q%M=m@)veq?$C+Kiom$p1=q$$%S<uOEf-J2z2jMO1$9`t@DRA+K{av
zlDNS@vADd=4Z#4b8<m6wxq&dbf#p`}=ZYq*%>AZ@LFR@6@<9;Oecrg=z~h@UnGhIY
zdxOS}E4hg*gFCi8YkVDr*CHM0nVU=IMGpAPYc|`HKF=rxLDaHC+Z!hb-QGioZAc71
z#jwXxdubVU#WKEC8#_)WY!i%*G0yjR2ai(UL69t{KT+Sis;(7wgaBhC{j=BWDFC`W
zD&y3Fy<ie_y3z$==A^ziEo9cH!^U``Zp_~`aMaCf5VOpud(Ob3`)0>t3lkHSUew&I
zHUwlnz^!5)5Y@4#A=mLs{8%NCjd0amn#M~wmHcG}pjOccJIhdPZgeLdzcQNs3AsX*
zV~z4#F8AaacJ?^ARl@)s0PEFWceqT)3-mZ^nWXwHMMRvN5v&RLBC~6r>AID`I)IQo
z)!b?vO?PUqZgmdLaQ+syRYRn`?-_vsIBitkx*9h*EBzg<MdWuUYW!FhjCgaZmd$!{
zR2LgvU_De4viIY6{LQP4Ms_yz0^r<YS5{$%1a7Au&Q-J%F_LET%g@w=mNrCIOOkV#
zz7Ty_nt^&*JSNsP&Ppf8iW(R;);orw(|9#)Uct*;4%%37CS0;QY7xn1%1$LUn%o*I
zbodMx7;))?-koezkDv>{fn&v82QzI#I9EeE%z<K_4bj`4MIiwIEmSDvGykhHZ@Iw=
zY^_V?S&%U^>Oj>o2gr^)m*NEVJ(nI`CdQzqw1?Bq`#bf$QGxxh9X8FQ9KAI}s4OpE
z?<mJZgHwqD(-RXlIQyOUBjYHHW41F_f!8BgTKceuA!3jdC+(jsE4_3R$++ntg{mH8
zZWwz|7&{n%NPeC>oeuYeRon!kc=0bNubafi(9l_E40tMPb=0<#C1B=#C-+6LZtVGA
zm9fY9J9qf?D7Ar*&w%dgA3(aIa9aL+9OfRx$tFEHtdYqrajy0b<If(cc@V-6t?=Ch
zQrZTWXe8v>B(<cP<B0@hmpp19M+61g*Sf_daVr@8iA0>vU(Q(GFDfX@CGQ9M_?$dD
zqbsgA49WcK^BVG_bHrqMa3w_n<ptIG5lg>dXwfLLN)po;j(GbNwLcESSZ;*?U$JUE
z2ggocO?NDKm!=QjPoK_f>jS74<O570h$Bm>96wS<Sg&99Ka4D<yD51b=Tyj@#!y)H
zb}Fa2|J8HzDU2SbHls6pd0;IErv>>4NQt`;ZBoMSIrPt39)Ykc4pK(jIj#sA@$x6M
z6xSr~Frj}fTR%&dRm7*=;+e$|Jux{Nf%!m>V86p$t(kZPgZ1=Sixc^NgkmfkBt~(M
zElScPt%=ek_0rlc>97ij@Q3_R=D29i;=b#>JIC@1^)~s3d2oqdd5?xjhg5QjKcezJ
zC(u41Zk#LaDBXjj(9*cceIc!>Qevr?Fl#SkdviVJL|7+$n?M?^?yej4J18m3vJn|T
zS_~xXF(MG`CVwus;YMBFlP>8E?bp@e$d5xwjl%_t{%J0&j-o7Dk30aN9Buc&DNh-r
z=EcoUq6RCZMOF<CllYs;*B%Jp*>j`&xcdeS&Ma$n3Xs%%Hw?THq4%KQ#?QsH)-K?)
zg+aw`oO_P?p<5U8g0s{jVj*HZw#qH}XpuY;7ZS;cI8-w{wh?sLY<Tjif6?~3F_0F$
z+40(JDTMp%n#8>|6caIgTaz(J$R!q*4OZtxA;(#_{D?=;o{!VsX`Pp5t5d~8N8g<K
zDTx2revoA;x34ipQ>`8107r|=!X!k;BNVK;H}CL3q@x`YdHx3-0i<_9;SppIuEgvK
zP`L;u5790Ow8SX@Aq;3hYuG~^Nm5><Hb2<#CXIDZ4)~6Ibh(EptTf6lIOP6|sgvm@
zg$f^9sa+<1s*#_x8)#q^(dWDvVm<RX7_)5>#a7kOg&hSUfS2soN#cmQ-A1!m%Z<kc
z1{Y1vPMEev8@XM`A5M#38(=+hSdrX)EgLl5X*6v<#LIW~Cv^OSV(0*0H1GhpX4OGb
z$ZM7wEDYai?(RB(1f5l;LeQI(2svtlP&!CM??{vYV3_hLS{kTr{XLol(X}I0CmH%P
z>OnHj^}>#Helsxzj)5yn21lxNl>t}241UuMCY1De5hQ`XO*;{yYe38yGSYN{DXG$#
z?AHr`ItoSecrz)-J$0&U6CT}LOKl|?02jyo5kz(dD{iT7V;8!&)X4Ncy0Ly;pHvqQ
zVN0|JKiE3QNm@ncPVOxs=C&L+-Cp17=;UO#XB_J>r=3^uH8M1`q2)0i*UzYuL&xFa
zd(DrP_lGr>lnq^jDW82fZzivQ5=&cjzgJ17+ql=tzWSl1P(-#dy3#tqLlTF|GIiDf
z8C#-cAF@cQgFW(M$4S2wtb;D=&Tgnu;@y7zeu3QHIqaVH=3al-JV%5f@`~cUCWwg_
z-eRfhsCLzq%nlj*K+!v3Idz$6{;8464lnXZ<r^uwkxyH$+?xJ;!uhPZ`0cwDK7Cea
zbL6+=XITX&>#kED154P7Nn+|3;IXL;uPHHxA%l!6Mz<35=(u{>^qXEl2%4Ek2Pq#k
zF4u0hxPS3$)rz!Fc@>DVc^gN_`f;;{2ZX1{_p*3eI0!?0m60VtV1IRY3*qLqegk!x
zbOkqoP@QnzFX;d#JsY4Yc(Enx2Qn$(TmEx@ZEC(j8YD)y*kc)_`B8z{n~J*|P5U~&
zWrrr<*}wvA?@T+_0SK+KuaCTW2p|EA;RIThH~#!W1Kp6uyfOL;7z#QZ(<JB<>Xw)l
zugwI5d<<GoBU7jwcrr_c_c5?RA^BTii=|P6p68h>9&#8|aS~aL{&fl!9ibZdIpSw@
z<?oO2WJFm_S*bMBGxHX8vEg;D!+%dNxijfBQQg#>erA)R$+f1>sHV?Ab9rQZv`nxu
zIkmltfmMNdcD&Ep?~P;P{Nh3v4%)^t>`R}VN|3^+*P;Lu@F{mym$!hlti{Mg8zEw#
z0}IOe#5zg?(Z1Va?vo+8X7`VR%gBHHYVOytxLy=I<Ee^ih5DFq{d@Mm0W;mGDQdNu
zk}&`nqd3%r$0z<JyLP|%0fgD<p4UdCcF>e1Bol{1^hsME)iJa`#9y<O;CIawIcYj3
z;@tBZTD|bBy7~%!k=6UpI$(f8p`IPmfkD^kAD(gYA>kejqyT?l%e^F;$^Q<~o(4l9
zG}jqgACtq1xN$uHPv&uiKl%q!oimR0Ydh()Lv_+NVdr~E&-C*+MD}$u7UwRNY?Pq)
zX(Agi6>Qt1C>XjY8u9vl;BR)c^wkls)V+x~eZ&62+w?v_wn<u~eFaE0LQ(#-;`>t*
z6>*NV>1C!OruN;EtNA1*_LvX6loM0)*y?AKm6$4%o_T_<)t~jD&F)#z8+=)<D5ewd
z=nlGUQN=Gf6D|`X7U<(%dos7%Tx`}%FVo2W>kHbo;hQ^X=`RmEE;ub%<JYa_Mo7OJ
zxly4xHXj8${l2mG2m56r1iO8KN<2y}th-z5-MitOU+W6}7KSIEv`<z~Q8ff+K9O`%
zs+4Gdcw;qM{iNTyJVJ5o6&-Ykl~OzdnSchh6BMtlU;qE!?h*A8lB0+M7`88<83;L*
zN~CAmcLUxO(7I}Wd&!KayJ?iu%|r%2u=e}NLv&ts3f^*4%>cdZpqT==ZKInPblA(x
zahm8v9@^S4L(9;&5!}*?^*f<+2@fShK}z!f?2E(I%UUPMI+}`re`th$de$Kzs!=Z#
zTGZ{xjpuc%GI9O?ZW5~n(nlO|F_`l*V$l&s;cV%isDw?p=p-fe*pf`Q@R8d~7mTZ(
zDgE0$p)!4;9N3|%iBuyU9;C_QZ;+QGpAWeFYUQKUqVLH@JWV)jvX@FmNdRh&FT&c<
zJsRw!UF#e}sh$;%X_HG{vb?fcCC4iFC`F3BlJo+{5~)GJ7XVMR-{nx>o#xx;7YgV3
zj<qjYQY>cOHN|tG1YEc6k5f?_b`Wf1J%)kVV6QNA?qDx0_HsxgU*k|vZu2B0L%w8R
zZuZuLPsqopI01gC!ZfgwL7@o<Z^Fzi>BVt^{G3<_^a_zzKBUzApaWF<IJEFXTYN{Y
z*Td1DN8654UR?MIlYm9X^Nj!7u*vk-<I<2D=hiTjJ<$}rNLVs+7VSi}KskLq9y>Pi
zHCMtzAdLNN;IM8P$wk~MO2UQ@6{edKJRl{lJ>p4Ab694k#W<{UO2ZpNOKDSw^G~Ix
zx%+01`DWL9MJzL|)fITRPAl$1bM<A8F&MI;9IE6wARX{IG$V9Ux4Q4a2V*d7X+vHC
zzN%J)V%}@+Xmp2-mCQ8p<q`KrAiw*mU%(=Nhe_nmsEXxll#~Y_;69N^=U(PR&YDTW
zVqq_Y@yX*|Jq$MgbgQN3tf(8s--fgbP*~9IW}kBmI`_#bdM8F;{uWZ5J!S{__;gz-
z9WL0ocj>aP8S%zIAY*hyAbVRM{GrrtY3szv)e7<%wbImg*9aar-%3U=BkV-SEyCc0
zDDP{W%hZg;9Y+0GLjoJ;ymM)5z7|B5<1u*K63$x8z=glrg%@YrXWJyHdy&z;!s1kG
zvadZl)DjnILx8r*OIhb8_umaxoo?5utU4G$Z45h+l7c`rwA&aQDI*nOGT$n1zc-G!
zY?VEa^ENx2_5%NKFofvH+$<+-NJ;I2W8~1vBe;InXYN(Yi5mM>PDBQQ!#o#t8y-y?
zR_T7Ym__v}V#WtNW0(dn#3xQR-TnvNdjcg?6?0Zt=_tAFkNpJ(aVXg5HGn%4J^z%~
zmq)tyXZsnJKpZ)^gdT$c#E)a1>URWBHnzqf^1z3iGZJBJreDDNA3gm<gyqavp=Nid
zIPkB~Wakl(Vm@cZePHi5$H)<5d#|dU{wHPFPnWVpPip}=I=*#<jPI+A$Ft(_hFG02
zOJDPI2Z2sWt1yRX%R2TktD?AYmF554T#ElrHy_R`<5EJ#9y2qM&lpL#WMIrC_(I}N
zyQStOBnaa#ZIDjJ9&b!DFn$|3DU=^4C;r#-o_%J9-NLQ#DN&X)=5xXuUw1QUJDFJh
z`~wz``8tn#DVw+WRRX~!T$I*++gbB^vi(s{HHh#-|Bg^8=J|1Nq4D^JvoP2?szpMi
zgJ4ur!weG70vks%KRbVVa%#y~u79js%!8D)v@XcN-JUj&e@SL)Nkrm;VfR;0ASATv
z;y&=KX<A&*ng+K{(=Q*gY!*uA<ID7o4<y~d!Y>j+t<%b$PQnH5Z^M@Eb;H)<mev)N
zJw5bBuCg;dbnZKEr!=n4PQ4uon`QO|k7Z{bPV;sj{D$LH5R@Iaekey>Ba|gv=H9yQ
z?B4q0)XhIAb59AAVWe5hn)3`TCsCG&;pw`<wdn|ScJ$6n&k^`xW|{&>Kc(*9Ll)Fe
zfHu9_zXb*oftV6{+%W-#YtUjw)~zD-0-g;%)Ef5q+8xu%>N&i4;8`j+5C;#5K}G8>
z)UDo(Pn=xB{opOCAHt|A_5{FgvjwZxQ98CaFx^aQv}Y6z$B^hPFzRZ3Oe}q(1RwOv
z^05*0k9n9*0y+5cE7vvh2r3<X9}-SCkx0Kx;$WfEbZ2|Aw|MemuxXfa!OtZKpZXx0
ztaYO4&55Zv2+Xdu26S4B{>z=H#?5X+4A?=MlAlWN%|%mBH0M9M<6v?fBsEgj<A!K8
z7n3BzwK9N39qdZTm;jcQu7Jc#wEMSBUG+mq2*mzVEkom$k}VtUw-HN=>OIR?XAoJ-
zJ29HugOw;v5iT40y;5sI{lpc4{3wB8`76cSa()HreQ4_{0tnx9+f4L79-`HY02JJm
zenmNO5W>rK+HB&X;ECvyEZLYj;wjDAtQXpaLC!^BS3yHG>aq$2eE}~9K$E{AAZtIr
z_CM!}@2Y=zWD}6FBPE$mih?sDh4LRk+c!%l77IjeNjB$Fc`ZV<t`YIl-8l2vVh6nS
zp6QyTDvH^BA&IeLa!U3|WSAICp)mcXnp=H<&%XBJ5K?DVONFPhqBAL3B>p5ifT)-8
z;ch+G#+TSo>_lH?JfixgNO55`{mi4E*ydcg&W(p_$;o_A=!fCoXM3``2YCD%@yUvs
zN{t^xKf76<`AypOm3d33VlinuDmej|liYTTJ0g<X=j3v!;YCV&S2Y(T(RBLF%cQK+
zq^9?`UXADwTFWonFETyfF$qnf(awCGWVPAOCNf^j{0bT*N3V=Y59EhF6d^@z9b?qO
zi7Wz<W6Lcj;KyakKp+;TB|4!Ec{y2VP#yfdfhSmOYtskh*80n4rez9Ypa@eAsp<>n
zq+R6z67KvnMokyPO;*@|K)l^X!hn*^E4*j@ybJR@+oHC>HD}MZyxOeNvNXqze#B)f
zSrk%35UxmbOnP>f7uVbw+rhSllzg3GtI2s5-%GF*DTbhhgc@%|MaqeCE~2r$o^`Im
z(_cBFZ6K*Su8yzP-L|w2McL1pkBOml?2USKD;^)^TPe%8Onz!=&`JkaN5j@t#Q0cQ
z*9J?}yqwu1Fjfu_A`!!)y(l1O?n-AWS|q?~K*DmbrO^4LyOs7fQY%ort1{c3N{1Im
zP@)CR0M~q-a(JPhbMB37cQ0kE7E>V6#vaKhI_f1px@9b8RVor1O0ElDDm7n~R<s=T
z7m=ZZp&L$I+qEl{<p!{LQ1<sDI_MgY$}ZpDMc?)C1V`Sectb^&<K~E||CN4NwNyHE
zM3QDlTCxDtu)}mV0hWr#XoC%2vRK=*M15X@)T&HO{RfI0wLoLYLhkbW1^~ILB&H(;
z4~Jg+R8I!^${Ge-0ecSu#^gA%1PdSWB7}G0?n){}iKKz(@<#g>U@Ga|Tx(Yw;~Ywa
zvYfjCNl&qCzdLZ&)IGxx;MdmX0+;u+tKXsF%}tb?6E8h7TJk3zW@Z%Pz$9ozfcWw<
zYHW|={JcA>Zy%y}-cE<Qylwdll)tz(H|T~PNJ_|CY*n*67L{=(p~y@~(v^~KogOI+
z`Ojx*v=h5wlYqb7DuzOnQ7)h+uqB!dN?4wI4$66DM1{=%xrGe+<&2b{(u{H16i!nP
zOWC3d3y``*CmKIZS>nw#G*vWomGM4X()39J$yiW0L!YM^KTDb8jb&*x!OlgkQShM|
z5k|WY#^85FI@33NVY0X>)JZhACz_<eVf>aU6Lb89Q|@_^`2hJ+I*(d#s&ZKE4eK^9
z7BJ7)gYg4B!#oKcfCbbl>}45$KqyvKxgc**cubn7IV)YnC<6oi*gy~a6R9ArP#&^E
zQ{*NiiJcoHGo3oISS`2pT>&6HaQzd6^s-d-ZCoc*&jEAx&``6#fAhyxhPn3y{azgH
zZWFerNpf620Qpkwhh8VPPdNZT831yEbq22J4+P=BbzhKC&nfyOL3jpNs)A$#11e<B
z(^R^3%#ZDiou)i2RQ5iRgF5C_s@_NZZ!W9?6ZL@Mw$*l^sAmk(o{8vQ&<>U=3_GF~
z>7I8dA0ITxOEyQHqoOB!lW6*3@~g0cjG0-@n<7Sv^MlK%n~-sgfK)xVEs)j=ZQh3d
z(G$4|u$l$IvMOw%WC~y39W{gij*U@Qgafj4KPKw=RbA<OuE#r3tTVVrR^1EY{>iAi
zKs0iEnj=x;EA^e9iSABk&E?)abK<;O-TVXMRhmrk9*GJnOo|?fWmV}|ol>h+=`Ok@
zrRPWax+Rj!lj<!quy;Y;pWd~PeyE|vdf+G1p)X>IJvEP($Xs;!8?K9~$c9LlYDo1K
zT%D)`i#tGWN4|Zj4IRX`ax@hm>mIoq_q!`xPH=)q)NHE1fm<ldb>xK@7R6#W9(SC9
zBzq#s4`ZpeKCqd@q@tQ#=A-^p%6U))CK+zeEV~Gh-6bGFDLdM9ud=8!4N|K(R|SL*
zXnD`=*xcz~6qLXO%meoi!Ys)84ywbxDVy?v!7l+0B!Ckq5}^bxVIK?dj0rr4+wH6z
zt&%6-f-uc1tjkK(QMT*KpX=tDbb)*3-(Cq)Y9{k)3b8eUc+9OQY=a(IYsqmp;1IsK
zGi3o(6-8qnkW-c!fGc?82oRD-9Uu@(^h6vJa1G?qxCWE#1hCe&Jnv$itp25>nxV*K
z3!2OcnaTMj;f`79Y*jZw;d(6Qib?^}x~y>4D)%YF{78r3SaOR9;OqEZy8H97dYDhU
zf1y371vy@nX2unDKnT0#yG7#CGl?!X;p;vYjl5dAUPAi?7qq9ec4A6ib)=wbny^9n
zepg4C!HXz1e{+o8r9Wp+r~XV#023iHGB@acV)o&m7`%H{<-g{b((UCox7dYj@yga@
zhshueI}&3(SsXthaFIotVKt>P#=F2C1(68RA3o>E`#wb}hP<bC8AFJXFqg*()|rk+
zt6<`to2M>Z$}CN2^Hicu6bg$JqKm^`dDs)f+QkTctDTAec7OTc?q)*dh884;rIK$X
zn8vnb#?h9JQodf7%-wHS)>gu*3p&-l_M&KxuL#r`x@<~VM&8q`HyX2@`!S#40o{90
z0uQ;qd^^kH(xYxSNz?5%w|Z_1WP*{{?<6QX91E|ubQ0J)Y&n2YL^9cU0`8+t8%XC%
zWyG+dklmm>P3ux;ko>DczRVNW?F0Np0l`(5sc)P!Fe)eMsH3I|A1X?cWHRMj*k~Hy
zOdb^6D<=aG2Zz&sV61V2kHt=WP^3Y8FaTxxJ+#((0P0b(Y3bO8LB`|0)+#@0sq&4}
zgHUy(Tw9yQ?2G%wu*&fZKL=2xqkqJ6?xX2dg3-wuKGw(`>l=NhysOQEU{fnx4(+4G
z=bNaaV%i`B+(lGOM+@qMdkx5=lJ3FT%wG%mq!Z*-Ga%O4L;p(<Gi6N^7iUsR6&y9f
zKHSPAvc=egILy7K{{=>GhiCjYcYNg%J=vuwTZDDYitJ}kn#7?@w~#}KOH#8&T+SK|
zSDEH=f$7eaJ)Ks?hU8R)kx{_+?a>A4k*H4blkb0K*my6YcLw*OfgAlCsepg;^El}L
zgcUNnyM;MK$2=(Eq&BH-<V!PE%!%JOMDLHlc2`3p7?yNHzraGp)1O7WS%V@MOwx#(
zZRdZtosh~B$e$M>;uW!S7egBT8H%<vY0wgv@<<X}kZdEIg)Em;^s{@a!!;<K>cP=g
znzQV>g%I&#fHBs;l$_Sv+qR>HwK%;DyynWx!wFE?O#-&n0t7h%#p`bX`ladCKMS8*
zzNBxQ0-jiS0&eF8N(xcr9Z}>@Bd%;C_}Km@VG{AqY|Vl;v6r60%Jc|Nc&}-!A_o6X
z)7=qzCt?h?9;5eDi-o0-btQLahjiF`_(iAQ8HGsY>zPIRQ6j4+Ru|!=#&-M<5QYOo
zLLly8U@_kknyJ$9rzvG)K<?K@o90=pw)HPL7Al-a(3xwq4iDHJEp#%^|HRz|9e|RB
z>H0G?wo0bW(ovfcrhb){ImQe7=p}lx+I@?%VK1n#VT#SZn)jr`?JGlw3xE~<z%sV)
z{isHYKeVzcAr54js*2NncI2_1E`h*RejW=}1_s&z_*7^D5)@WSOFyKz_1~8M`NnRG
zMz30r?X`jozROBC2yQtbH-)gHT#pN2)ea<PPJ2S%)ClCdfuo~jrQs`(U&x9V$CgoU
z5MOF9faT3F53wmR_q!FR8~<}KhPHD2mp6mD(`!2p^gBo0I41GPZDT7eSgs}NZujx`
z*c+x*+nWZ#O}q#YxRHrUJu+Tr+7kAbJ8V<ar_epA6jSweMggfs+YS*RL<~TLYd!)B
z;6IY!_zsXhXy>pyedUXvq>G=#i%5syM1dAw5;s^K_CotViPf+lb8(`LG2G<s+~gVm
zb9BYuVIJZFrd{!ic!^MzDT&&@{*}r+EC>*M{*r^WE?|zoo;B8R^nbz~&S)!l3A7`W
zewD}?u?@dRGLvPb)l}i7m7n@$WouN{JmQ_MMUon4jCyft<Gew0+%Mr55RO%eq&N!X
zBBB79hrB=%<k!k(lu}Dlj<$5|ilZq0OhxLFbu7nFLyY#gMpY_cNru^)g1ZG(yH*w9
zR!xF|5>2$T;<@tyu|}Z~R?a%pmv;K#+&iW|=)#+67<+E>*D7=Zgk6dB=*n8Zne3Hj
zn(1%HQ|gWKM@9~MH}t+m?{wTW-l%b_9k);2VO{GbXiv?=w;R`95-{IpU|;tK5^S@(
zE_l`H#w&ptsbwEZjrlKU|5aJBMq}##<RwNMMxi!D;{rj{H&{8k`XasRIlbeYmlAT>
zZR+5H*PLg=Z8+nk?&4l5h;yOjVDqt&0xOjw^N&+p(Wm)%#}##eLt4#6obg?mq@F=x
zD`$7&{QVwC6OZEr*oT)wN=+HyfNx`zyl;MEbjxx?vL{UW8x`ayH@*1|-?C;l3J6{c
zXQhNhHp<Se4MfI@p!q^feC&=OCn$cUUk%at%Njc1z$nT^OyLxxBA@z$?eYi)B;1C|
z9Ivl4(^%*=RSOtrPL!JFKooY(0d6R{QG+HRoJ5-!^oH5Ps&MbvSL#=r^FgC<Ogvdt
zZh$&m`-U}LH$BryaZ&YMw*x0LRmtg*D6d*KKmWxTkOW!1YQk=}1+~#}wpwl~enUPf
zEm+bmTi#n`vxO*Trr*oXNd)lnd+5nhhwZV<`6>gfj=&h28FV%Tl*jpTG-L-sV*{aI
zifjrXRF>sX0cg=88P$21Kv~;1n{xQR&bJOss=<Y+U>MDy*h`bQX4sh}g~}sX`#A-i
z0K67e@RB{D7z2<t>|SC}x|V(EoH8#LC{M0rSddPjO6zu%3bKXNj*!&BWV0hIpt;9A
z7;)Ucnq)_2ffvTnE0LbR_Tpk|7e57t>yhORtVg|E_hUulXuwJ1@IqPc-af#>M(+UR
z1o!cz$n%&&z?f#RP|BiI%0ji&a%a)RCN+_k9tVh`yPA&))zS4kEVb+#*jl}!qos?q
z)RNPsZ*Y{8JLX$RZEP$@{kI;z7H;3)5T_;)VJZgCS0?Ggr800|r}hX-dB}~xGqW~7
zMohs{LEQ~aTNpU=aC}%QWn#owPG&@kgPDvaORwWtLP0M?`kI)8XSR&rHv+JzkT&Dx
zk)-)*@C#bqqv)!+K9EBnI1ovB3>nIM6_W23oSZvGjYdb}WH%i9wvD;j^NWrRL3gr6
zD2-4gdm<LU5bPf8J?2jV|G-5#3LPR>p{a(UqoizTVM67LKjdG$&XmaJvfq-vbcm8h
z%sQP@t8+B<b%i8_Od%aOa92Z7(aP!flcxUO7ypB4YG?IM*y62dKPywaU>hL(#M*QX
z`?LU@B>FuyZhCq0P9cL5ssowH%9O|fqyI73KlCXOF*m9tIe1_kEiO}bGUutsEmQDA
z2i)Zy1Is(DZn^vFC@rP(KcDZo&u*D8vh%WZk?z8Aspj~Ma!{#hjaaU9rO}e=C?rWh
zxwzlzJ9fS6?#^hE!$H37!9ZV}lv@W>{e<Kp)|O^@CeMBd!rYK0cM-AlQ@Pz#{ytt1
zqx3xP0Zf$2xSr`>9l1{(*dtStKV_S+%6*cqtI%9aoS~qiZK4#b!qjvIcSj-r!B$xs
zEr%t_H*JrVael!=WecB&7^eSCn|4=Zd|a>PQRWaCsm>r)N73Y8jPcq0+k7=RNHr>o
zk)MH8EC2}uNCFoJVphzBc4_>pG?G;5Dwnm*BPOw1lC*125N^FBYE>@2)EXelwM6Jz
z`;b9*%w$GRJF(5swAVFbZs=kfBQ?tQekd%XXfOW_<4#w$fhb=2p-_twhr|p;qe-KH
zCF(7Qyq(n$xBMD`cy_Cp`A-6MS&BjUs6b{4pTNee1)jpkZL&Hjocr~%&oPoEP#}Jx
zu<E9aIAn3~DPid<Lpq%8JriXF{Scb#lh&l1M7l>Mlul8UX8Mg%Y)rX7{h6*ok>s!<
zZ1O#ItsL1orT1vYco{WcW2O0M1{R%`)@O5Uk|tu*e=WEX=nh#X^);B|sxsCm(RBU|
z<qs6VL9Sw(svt4#wr^?p@g4%qDsq(fdemzo%@as3Bkj{ovxPs9&>`gy<h#R&LS$TC
zZ-S`&->?wyWzNP|tf5l<$R_%MQ>;-5l|Y*YK$o=~_CCEq1$n-5IG@{zX@se@4Mwpy
zOp$M9MUZr?ikqvtsuRU)-~(2aL@i2=wjctr#!NG#mSiVPf24IuA0+FpH3)QpX&at!
z&WF2U`%p&T@34h_YY-=IZoIw->F`+wILL;nClB^tiSY@h!r<7SKT2Hze;1VKqW=kg
z%C?bjuF2lm=YQ3uh5T=syJ*`fZeji=-7n53;RnGQ2+OLt*TVf@X*-&uyz&~}K`x-q
zUkL-C;hSX{_!)3ZB0(I8Oo4vMmY;-dQWE7yBd6e7iWe!{@&7GfwX1?B7|mQ|Sb5Dt
zN8``aKs-l5{E9(@b=pE!E>#I4@%w_I|I;S;d65S0sR4As+XG$j@mMHCR1MRw!}buu
z3GmUG>2i<Bc0-N**|HUmXlTp=%S0+{i_8tX5)>bdyiDhyghjdgShO#agF#(9x+n4<
zT98dZNE876GUaccsdbpSLATBDy*bAGPs*I16}Bgv#Us8xDW_$!^YSCl*-9)G)`f}~
z+gT2xp}S9!8i4`9KilXK!r?<W-5Rmk3+}S@T3ES|1{~^7juBeS62RJ?JrqtOEybl=
z3OqxGr-oINY035+w5GcJ&P8R~+`tLa8HCP6QTI_WHnP4nK$Kw35t{LN&eY9hHIKs~
zWvs(Ny~QgC)IN3*SnXZQP{?=x5m|bW$$_Yp)PHY1Kl^t5q27E?_z^joGNcY((-lVQ
zu_Qd1NUcdw+an>}zniu$Q?WdX=sIoWd`H4kh$`!nEmvJt9YJr)HhlMUQ}Mo`7xq<|
znphI3udRX>7goHgbT+ISU%J44sU3s1Hu47=f>T4T34N~4w~{=xZ1|`1zXE{U4s&yH
znN_L5ZCxKZrwYk!nfGTZ(d7jw#Z@UnHTPu&gXEweEh7?wbDnq&y=-IsP${`Lj&yyK
z$KSz!x@o3g9)U^iYt1qK>NmlGab4L3`U=>mV|;S^aHe})>XlxZ%2?hU)v=4X3uO)C
zw|q>q6{w5LlU|J17O9jN4v7M)4i`2c?W>mEkLZAc`JzL9_!rNrCl;9c-Y1sL{9Be^
z1EbZ`66yin&GC=j*hFYMf^i_+O79tXV=rS!W)=Riz}bc40Y|Exv8jWFnMssVZE76&
zmPxZq{xLnqkRI<6w=miGzrKiAMrqm_cP14bJuIthP)aNw44Y#8YkP7Jsw5z$ZFebX
zA=>cpGykYMbG`{(GVQ5u$)TxA<9+4q9P$S3G6hVFXYHSdYQ1;;U&&wnPr;YBwEU0E
zjUdmQjUY^PNulL@z`5%-a9-%W1p#)$Lk4%#Li+1}MJ?=r_JBF$^^N8-tDF+69N-b6
zz1UsmdaT4rrQAt~49@XyqTUR-UXpaj;Q_h$0=sw;yEqt^ziSPhLSP2B-k~HD_Y45>
z_AGd-p$<TZZf}8l)gItDiV@29<L{#5Xv3b&ZOg<(oLfJF8@iMMbek2)rRYfqpxVz^
z_*_f#Zj()tcEW&z1N3H_m+j^+JO(NaDtj?_9dUl#N3bcF(051@k`I1L4FmWG<d_Ey
zE+(>BrZ?`KL3_4mddUuj2VqdRiF0B8U6FxfS@c|w+ZrtMi9Mn!Q+y2^;iPyxIr(T^
zHIz87a`FMyg6(w(gWV27_J-w-uKRU}Dz_p6qJIkPAt}LEM6}dPvfIlfG+x`0+>12h
z$2hq!4(dMc(I;4P8uCO?f8aP?T+kLrzZbFSedP)JBo;ENDyE<79T4-yBx+~b2M=lK
z(ncegP{IeDeWyhci@?xVXm);-8`p@_k(_`H4C$&m7LH!|lGUsSinS{e#Se@M&E0o$
zB^sk66dDfiWM5(En^FYo17ra|F&XBFcY_B<enNQsb4m!r07`LL06|#)EX3W$kaa<!
zz22zBQGri7OIhJ<CMBcnlZZuB{VHD`N-RG|GGE#)5qYVf@$#_HR4=21=ggBAc}zeO
z)>;Ub3ugP_MJ?`)TDcndl;^$1Ox@ljP*_34A9)$%QfP{Pz_l^?;vmI41+Rn(_8p1x
z1rzCFtzxB9c03!@J=r|Lx0wuoUJ>vz94zam#>!4xSNQXC=R9n!+wC`~ZfjdE!v7#Y
zeCvVJ{aN5b#NzpB-A6@M<o|DVoq~D7{ZZ_G4bbakK~jl%8Oql$0{T_Pav=I^GBU=l
z^JAB2B(`_1nq)IZW1)XkI#R}<dw2zS`wi{%r&Egsx(YMX$oTH7#@@B#c$35vd$WZ1
z#i=vJGb9>jjEW~E3>bp}LtR-ah0w(~XwrI~?97PM(q}px)>}GuIvi$Z`H3qFbS?ba
zy>?wnXgt7ropGg?gG*9ERU3uiI(~2Q7TA%wz8&IvlG^+OV+Wz0zHY;+(f#38Z~nT3
zCwtIb<C;?hL|CT)5!T%K?UA8t!9!Uta6>7h>R;4GKn0SV=h9Q(yWdrGt@$fh0EhqV
z#FJr=Hwc4Z?fvy2JuUfqwtJQ4z`?jZ*j)znUwto7B1aUcZPT6z$vsjJveW8c`TJ)C
zPhTxNVOen+eppgvY3V0}bTE0WU1M0Jwu+>kkmweYcx~tp#a^KP&B60(cdtZWG6DkN
zI_e|194GAtK1DZ=$d}?Q1+YL<xOfHz<Y9IJ8-odFUskSA=2Ya-LlnYtH1OTnOzyUI
zm#IA(AlfJ-up&9HlBJKN?A6B&3gj&M>Dn~?4xq(kcnBQXW39~@Ef_#%$jK$Zs?jD&
zku+klPgZ!KvX#_NMDr3?IK<#dq*RF_N3f_L2(Mm62wM>*KjQ~G5a2_^tzP=@?{FU~
zB-HKcT}(o}t1V|VYWv(LM^gI}&$&S$PrlgijCeh$;hbxoga>%}jL|D#u!e2WqNvkk
z!h$~WszH@ny~gqdBs8w+YRAOD@Ogoh=;#T4N_N+*?H2MRd>t&|H?`l0AS+CNAx;ZO
zy>Qu9Y!q;)Vetn{i(X=4=Gn7|1+@Jq=hFgQgcbrT;u_d1S)kj6mf*CB*x1+3CE|aU
z04+b<9xGqi`#91qKS&y=EJaBx^|=t;5RsPdnC0K?@+Z26zeD$P{uHw{ppEYbks%7M
zG_Lh&H;hNQ<Z00Q5yD3F{t@9Vy5E{pX(GE+vsym_A%N;*gyydOOc!NgP%j7cKts^N
z$Ced?`2Q+l_cYK{t3l%HE3e1W);`*VN{+x&T4Siav^3U(9bNl5-;2O;(9%mHUoHOP
z#f=p3*s|+1NXo~u(>4I|;ZXeCt6Z;A;%K>*V*Ef9^&Jmz2EtCI^|U+im7FOZbBaEc
zRq;R=sVCSyt^EsL>*Is&5nZ!cf0zt_BC2wNCI-o^L+s<2Ofb{*rQ{at=X(glsJbiI
zsGc2w%g~qW#`@A@lm4T^E>a&`1<SOCZRT3uRWLR_`IX4I>w7=V)%jI3I;0TL$;#o#
zrp#ZUw{2kd6z|Ft@vYJi14Jqxg1bSVi|zCZ4)rccK`ydKj6?HwI=jPX1Z|X86c85X
zNnrj}c%oerk$UX84D9bN4l)DtbLXGaiX})CX?^Use$}G<VPXMv<!;9YZU1jUYs}7T
z^xXyLj57J9k{E<&;-`jtU!&f_#!Ul=(9Q7q-FT$XKnYzFfPzf(KyzBnf6#T42oMjU
zHM<`_FS3zbu?MnIXvUCt<oHeCNhl$)2RfH8-Vq;87h&WrRK9cV^4<;*X`Q|dzVk$_
zF{a2h;BBp63XGRwO>6KI8oVJ{HJIBs*KUb(;HMz0bI3tEm(S$UfdMLrZ!d!JIj+A=
zuH^wGRdE6U7oW^C95G=|an4_0q!JRb(qag-6Gg(id3@8v+ide<OVF?pbVif=xRFUH
zCR-z7Ky8eQ3bABM_L0j%?B{lVx&1qI4D^I{{vLzp99}nj_3cfIFqYRIgP!AZ)pGmX
zs_#lwi|&&h+4(3W2k(Fz8))^c`r3I^#X@Cb16E3nsl>(|kwgAef6e4<q^g&hwu~na
z*&iGg{#--b|CTf+bwai8P={P$8VFb@<kR_ngLEw1y~qSDU2W0qw8!;EaUZ}=Le2Gx
zZ1s|w3#68>48`@T8`ug^mmPQ@-^sOixh8B*Tj}vZ<HuM8bMVlpIVI2*5GS1AY6v7?
z0ZowSOQN*Dm1IZIr82;RtzcjoQ9vM|`dX+x8T!#*_ml4a<mp7s|22?0;X-t3KsPJ@
zA}v}{eN;0Ux=&L3CBe`>)XDxB`+JJWvvk21@GJMg3!EA5P-1Wb{4Y$f85*4gVHC?A
zGXF~9xQR0C7*E(Tb9kx{>&Tx~a|iJ*VSAPuFyc&Gbj-egU84AihO}-NE+UD1Bmf2K
z-@&QvW3u=+sP}D0RR%Vf9)$S!`-bf=!agBI_CfcS3A#7}sV_F2U11n2Mp)u_anZln
zxB4yRq9xGIW8hn|l*%nC5YF&rSrInAydD3YRn9&hkr!o8;o;1}<i2mMA>S;Cte9Xt
z@q|ct{cO2d{bc@}7$1yD4zy*i;ZJ}}0c-Tk5cm+bCOn38COL+@^C|2~=)i#t^d(vb
z{rkQr0Xw!FmI{6MHE0KyaP9=LlfH6zC0W2L|0Gl-U;wE8w+1qX6Q-WikB=u6hY(|;
zIM`LrG76Ps0)DV|uXMwIyhfUkUx1$A5@QnW0x=3T((pNg_mdbawhfZx5f&EAs#Axs
zslU_@X>eARXoT(kvZ7i*i{VvRfvaY~RYO*AX|$5sjkX$zi2s|pk<dJk3FL3QQxno5
z*dT2{{C9wg@Ds}peL%23H=)C@&E4ZI##@9_O~yJYoocHxp1{{lh8{=6A0i@5kF@c3
z78ePS;VoCsQb|WS`v?0p@3y7u;E`428=Iks2hxiq@@s!w?j9&Bk@he{y2rDwbI93R
zBawm8B#nz`8^q}KO|9wv`~HQWsx8r!r7Nr?JuA<|#`!$_5~m!;#{G(OTz;5DMvgqu
zdl2%6Z3lD`YZf(T=7Ce%h2Xdj%(zWl$YjbWt?zs22H>Mq5^H0FgKIJ<tw@WMp7!Ku
zsHC<TJ=}LU89(qw`tN_Z%&A=#Nmu@1AtCWBXnTKs!7jwhh#vOS!~SRApqoS56nt9F
zVQH_3LE_@Twn_a&iI#wy`Y}@F`mbOZ<K(B4#k6hRe3gG>;Df9=hcR{_%LOhvgr@*P
znusFUpASrD!N;)1eRQ!5;pe60m+4z4H<8jItWL*5N-Pp1W&RMD$S+<w13^?#lrdY~
zncs5V^-$o2BnKv4&qX~iuP^OK(5a}CADC#U3B3a$5QoGME1oCsRKafK1OcE(hm~tP
z0sI0>P{fa9=n!}KgRlX*E+vUzcZ!nx2Rm6^Mj}(AvJ?08wO5`dB%Mkp-G@>({*Pnz
z%cq2rp%Vsujm>{N;rPlu1By{D4qVNf19dDD(jV0HtSS{AQ$5uRyGn!tpk<pSzY(r3
zGRjjrgeMK$#imU12<TQJCEHVME)yH_7tXc*R)yr$xz&n%wc~DXEZ6kF+Wa~i<Fn3F
z;X2(i@w_@o<j|tC774wlRBJ9IwLAP9%iorG!Z{?FZia_oc)(-o^xtU-hGo~jUDKxb
zIpUNJkx<w7G-6Hj9}AC@!li&%3F)!>gwDm`HrZbfy=CdR!*kprQKH;%#`V9a3w*&<
zE%SO7Zn42i2#e%GT%$)N<~ym<;zD*W9ciAQ5ij8<6*(`>Bp6BgoKs!pOubm!s48+&
z?myC#wMAMCRXh_Mt9#m8f|x3D(5>XCD`$|2$RCm<8&BPBEa@$*IK`SIwnR~CI>dad
z20c{?T7T`YH0B7-(g>ceYMx-*zFIObQraRsn28Lq`3XD@_ehTLFRmsBpDgl1%P%u#
zrEo>^NbuW$4z49$;?f@FFoF}ywS-wE^3n-kWQ@?SW(cJAqg|gMnM`DP_Gft_2sebu
zNBGHGkA9>%DI07WJ<8-(GU+puxKqVPbAWgiRwiJec^y&6%`r4<FI>!ZP!4so=AAsM
z1)5_B;pEaXc@jUTkWEW+tY#0nX2Zw`HDz*ah^)e3s=g5nC~<aAD{)Gz66Ue>1|FfG
z<QlW&AeVbkdkjo)z)fzt1gUz#5lmz<-=*cZzpbZ+rWEmkCdxXz)GoB=^^ZZ{dD*fF
ze-W+VCX7cuF~XF%=UYMq;#+GW2qR{nx__e!*ZmX|ri@u3P2eo*BgPE@lI`vTgI}o}
z<sk3i{<-!d<L~3$f5yDN{SJCP<x66+X}M?^g;tRt5)4Y&R{cc`Ef@2v(tfF`b%@Er
zqaNKrL2YjL&E!EAJ)VU&5TAJw8_F3Vw+UM^Qb?Q-9tJ^z0UUM^NPbE&a0DR;w}wEF
zxY5Caz51|&9TJInkvu-gl?y0c6@p0N`5N}++dM#>zyiR*zqqJh@PfwA;3VNQm_Y9l
z>cvO$kPgM!ZZ{dRU=01hpAe^f!$DdHu;Q?nav(S?3i9l0jufyAk07*oVA2+`;(l;{
z_#zKm`jbWQVz@AnIvM)yo$Btpzr#r`eYUdTvRMA(8bVsZimMPZ?sYVM-Sc2`0+ZO3
z+3GY^8;kx9+Zil0q7o4EwB(yye|pzFxiX3|{W;HW>O_5KpDAM%DEQ`p<u=lKSX${f
znLk}XfuvU=xc2u$4pcv#)8`WQ+y(>VRJltD;qpPnZETEMwy_wOEw`=#sLbmvLtzZ{
z=ZKBYFN4+mMoX}1A)Lm<dm8wIe@0{O!QfqHsu0!6I4xd8P8a8)iW{Oz3+;Nnz}-3w
z)+CO!#nj1=wv-~#El)!R$rTdYfe_WPAxSqGW|9AeYfrBc8Azi~|5R|`Kjr#O$dWK%
z6AX$5C1gbf3Flb>d%zcW3YLn8i9Yc)42+1i0I(e-q>xpz;S^@W9FZV}6&ThS2vlTY
zUu+|kO8U^x(y3o$gT~DS#{*wcnRkH@xV8Jh4`ooi=Xi+v9?*B2sSg`a+YjF)(P?QV
z7pU{`5$!8ePz{BE)MUfIQ&cqEIW@{LPcbpT7RZ&@@5@qTB(ZNhN&f#eKsvAie3Raa
z7kp7a>N^7TP6Wgxk6y{&Ze=fpc$-?N(CmtdL9Wd)FqsisJkjH-ivevvH(${$9Kug+
zCGk>z&Arezdj4wMM{xNB|J;1st+URXfG6a<IyLf1qs-Zq7I0IBbL5n<iJ8%`+74x1
z)Go;k>^1lafyseZHa-9Jj)r*+bIkLN5Pn{HRglRg_b&4k92ptiJ%xxx=g5+*M2o_<
zk*6AweZG+y>U5d2wl^_D?|OQIPOIp)$>W-f#z#saYJWwZsv4Q22AQOm8?06<GqX$h
z`uhjgBuCOrM&(ufI59fQax9MDHO-Ks8v%WZ#}L>%h8wj0kbssvBWn#MvA+s@cY#JZ
z6bH^vVkE8_DB|qwe_aW@1dxHYcFym445Eba6agC>1SP)3TsM$%f&H$uuz51fJl&|t
zp!XDpJ)oR*FuOUG<7e{6HqJ<lnT!RG2pdf-&+A|tu(LcYH9RmjGlrjK4QcOXAaqoH
z6Vmm%=6UG&3K!H8K35XmQGZ7gg)10%G!+H>_Fov^w0}|5f^6a=;Iezr-iB~Imk?Gm
zKg*TUI|%F0_u}a+F3XRBdsC@`hUP~6JzZaQt*swtT^NF2Z3!CrDL+rpT8s3a#6L~D
z^XF#b^Av-3wH6b%;JVq<hT}7+A;~Y$Q=%*PoJM-nyuXtE&q?a2tmorGBJb>BQRa1O
znXSnL8mHk5JC<gRj<Z$OrE#EF*No=}M6wZ~HJ@?>ctEdevSHrpa>mNNlvoI>m@CE+
z@kd#!D|5%2p~mQ=5DCUf<s09x(4~8+3ZeK|(7R*N#_3zQjI$baHvfeOZFC(vHP+GO
zBhL^DaaKqPhknLyabx0A>)of4Hmg!<W1k|qmbKOPx@Hh^<bZ!Xav64_x(w7Kc>{%e
z>1rICnI{u+>03#grB5qn(07#T3zfNWkaa4EBBfrwzyYhFasigqJZND}%?c8QjhTy6
zUH@mZ2O{v=3ub<u7aE1<Z_?lY?IZg5-C>Rmx@2cD`l4!F$>Sl+gNoYep<YW~4UbvQ
z4N5I!n5Wm;44=$ULJ6P1h&_a3e>gWUK~<1|f298Z^^vyl|A(x1j;>_;qDEue9j9a4
zww-i%V%s)4>DXq+>e%VncE`4DywmsI-+SLT-an~I)gI%VI<+v@nse`cBU1j@98Daz
z`O-9p8$^m6;FGs(=NY#$AH^t)$^;2D#{eZ%1K+b(_kF9|2R6+<po+8Ghgi^(!`Aja
zK@p;%Q@A}-`1Fz@FIr#J;a?;1T{f8bP1ijNTjPXAm&y(S88+t}F_ROlT5a^}o(#oG
zc5=ZwT)zJraMxHTqYc``jmu_%#HHk8jVR2&Q}?|kg>6j5ABz4;A`<$JzPK1pD5&*_
zy`OSr_){zU;FGz}wW>L;n5gmlQ^-B}vyNspDv-TVij=F3fOeVO$*w$RjT$}s($9)&
z4I{l;6r@U9MY1uw@1v2C2!6||n`_5r9X^#lbQ(2Okr~P^R-8U095e4Z%vW8(TtzAc
z!c$G6w>YiWCw*^S8FShtLo=y*&;5<$o)7IrvWA)14RNMEJ!4Xa`4%9b8)ZZZpFDnT
z!cFLi2r3afnDZw0*9`FX*dfGis?keRWUOJ3fF>}0L|I8f{L71D=og8_Q*tW&ymP!Y
z47EqmQ_>;|!Gw;sXiI~$BjPr(TE@uGxOWq~hPG(GoYKEXgz?o3+G>&&Ug+gTT~9=y
z1rQNCIgvY;@j#bpCwGv0A#NMBO3Z$#|GuO^fsSe&p5{3pZa-8_f={P*9v*sSzkB^+
zIIcx;7l?17c`t;NW7-TQMGzSzq!)D((7_Ch;=I{gE{mak2<74TO%hOLV@g*nph5;9
zd?7)|sB#QrkVxaH0nboN;#4qu>h<I6zt7acG&ci$@mU2K0;2Wl9ZI=jttN%|p&_SG
z|I3<VR)Il%Kez@grkcuBng58BAz95wRO->`O04Ovx|LPNwQX`pkU~ZCi@h0CVFDB9
zA2{h%^mj8Y<S?rj?#M@$89D`*#3sd8;IarA7h}mfCM@wNm??6Pq#cFYHT2>WEjtR7
zeb5qQ!Fk?E1K?h3bUx9)C@8gzgr<aQzaSh(po5l~^Cdu{_1xOasgbXqupl+;#Z_V1
z(^^Y3Mxy(K%cfwnW?NC)#bi(~%a-uAn=r;;b?Qt@Mo^aN@Ww58f>-Mwk8FyK8@S$A
z%FK191s<GeB^UcL^Per$(<r{KaHr_<SKL%qC#n<5?(InvrItI#m8*|f@dv>q3j7<h
z`zSdRlu353q{kheZYrPpD3P#cd5wf$T>sEJD9-(62YChnYh2G>ShvW4`DEa4%ML^~
z>)(Tf1R~u6->87^1)#_lB%~lPa~#jB*KeQ*R$3J=a)OBABifCDBi9Heq$JDKDu>6-
zqz`t0XK<>7GTiKlFxp8UaF4h|2vxZ$3W6tSyQk!gHlG#vqJi;N@xQQL9F2iLIRXsZ
zJL1_9t&8zoHO0~PD9x*L5+{DEIMFz4Q210G?6!p;r7mK){4+N46?w@>T&SL+;RjE_
zbKYoGIir_Sb3`hw&lI9WAyBVj+C@A`hBP3>@N~?1)e^N8unLN%+`~bUVJeM{GRYtC
z`Fw*c{^O}XW*fg&@G+*}weTX>-QkPro|X0Hi+F;(8AUdyVU&W+UKcOc?`jca^s7#d
zkiiS%MVXjN$<>sooom59chn!cmKU{Hx;&TlxU|*FKCI95>Z+CkjwicOU!3?OVCjQH
zHHvAR5q@AQVlo&Q_Bgqz1IGAMr)Ac(`%#f*HUX~90gbC6Y>u(%?H$e{MdYI6WV_ku
zH1uDLB>uQ7ly;a{9P;e|FED=L(b~5aQ_y2^_}9nq34fdX8)dave8kKkP-VZTl}*Q?
z@1`RB^G-?LbUyXHs6X{7t^&_ER&8)VmwlVov55Bzh~s3<cS$ER-n6I~3k7n|8x+S4
zp@d%Q&nckFoXvNQXTbuxL0ZruFUiufHfnnU{=r5%Y<NT-i+kerwdw$}zb|vs=wK7h
zfVRUpSomLbbX<RJ>G&Ty;{I(M9MHGSHejKcUZz^*ZWG5<L-BTq*1U@D_uuPuqr47g
z-!Azm?NCI>Db0@ljn&W~sMRs_<KW15r%J4#<RrBC)ngwE_O)LJGF+%{6X;{ie|@YN
zc){3bc4`Nde=v#U)m7ea4h`H3EkfQ%N+SzKiZg$S0!qLum+P-{HPdbARDM|y*cZP*
zcP}PS_1#fmSk@8^@!g@J&MCCB#i+Q2((Bq0a2z*i^l>Ya)*lzD|K})&-0tJHFRjlz
zl(1h<tN6mBRiyZTxK!E9{~Stsb85I0h50!03ldQ-f#9)oP22`5{EmH$fF;vVh+td~
zzE5HTMafjH4n(0}RFKdI85vBOHP9`>W*Fl9;rB!5v4LI|NZIb26NJgU6b)i!T^Q#D
z1)2L#nk%7tqVCzd6C(vbknQ#XKNAKP*aO^44Eh+|FHn`{9sA&x!Btm6q`?`9c?Ssd
zluB2y|9b=c(^B2rSy4s}lzQ`JX{W+y(2EV%Uv}KQSESbM@d{9b2L;IefIc=)l>GRk
z2Yv3qpbNUH;dEqpHPj+zlX4^4;$F>9GDCn}&oLM0?2lGaxp5j?z_E=i!qGleQ`Xj<
zT1qfoiw70(^-)pk98mhFQvqlbF3`cJXHs%z`Ui4o=3)0iuPAjo5~Txah}Spgz1;k<
zVB%l<+Xo<;OiWYL3>3>&hJFwG?o2l9)hVuxkjo;Y9%P7|%e?mM&!r+uGUuC0z4j+c
zS9+8?aKJ|n`x@mZw={-VbBp<}3OI(zOQAoewT{U;|8*9MFN_mq4JP4V0QwoKo+Hzf
zp8dcZ|2Pf%|KT)Q=>MP7yhV@0d`&@MR?P<}#OSkdX-Zv&L%ya0ijX5KSqza){_vjH
zgw6lC{2T7zVMR_nFd$Uc_g{*wkZ9u!AfXmX2DKf+L1>w3Vnlm(AvBYVAMyV!<=&(D
ziH5J;jqq?8|2j${)2%d^W>>br_&-I&#-O&H{r`#xxl3RX!K)he0Fe$XBF+_oMZ^Y?
z$eNwvW!bB(F`Lo!k|VH)xXXDVwe!lAS|;?cO<w2Pz`)y1S3soJqCcj;_f@n0A?X^C
zxKmypH~C7R{m9Du>b9i7lPuG^Ql>r<mVbCz`nz0iuvM2@ebv||jNWs<aq2iIJH~3h
zx}gb6U9G+3CXcVBuV!*~kN&&5k4mEAPmDPG%|Mu@O;m}KGBA+${p_a$U-{0c%2a8`
zpPhAvZh?x1<kUjagPVb2U~Hb$b#^2*^x>(*Rsm03b%f@n1F`h8`nsVxCap+Etxy_n
z4Ao&e7vV^uc=UwRkGM5j#Qw2Qmf}fM?i#;f8PnxH<*>KSkNgQqZBBB>3#~0Dn__ck
z#&0NR3g2?9^3u_*;;$^5a8nxJmbo%oW$4ia4O44A$mLyE7QCpds|8t2jI~+aZ+PCA
zVSCUnx%1rwDs*`*$+ryD)2>-iLhX$(1*)C-hybBwauNGBuO@^ObpBG+JgW4XlTKs3
z?zd_u#@V~ON>?4_tiQb^-yZKg{1h=Q%&2WtrBhhTu-5lxI!ueFb!8e$#Gy3fLD(KN
z#W${D2n@05H_u~^vK^2a9)7sPB_`5&`KBp-JIOh{+YeSofV(@(uGRmcnlB7P%Go8I
zxT?I*C>?fKb{1XfjQ$<tgUK=Vx)5q_D$j}gcsI6Du3RRY#ErbH{JQcWG?hfIJs5Ff
z){dTt`zDCDWzH~7A4B!}SX_+iYeZUB%~yHm{6Ze}CpC*N0A6fK$u%v{sh^4JZsblk
zIgtP5{JxH1e)xY=K7XX8NjiG1Icj|;@9pFhKRh)2F+nZL%Q461pN4lRV*jocJsjba
z^92c%;d5ZNzwgA`j42#Zcjxs7ME1auX$A(~2L@vL5O>2NR01vrvB_X-Xf_f|{srFe
zeIU1iYaO_&(`KNR_T3k5oEuNT;B<axs1TIFs-(}V<XjDe++dYi5M#$FWT0VqU>F6z
zPf8R9bU%q54bHWEgx2gXwUi#iHe$rS4tnv<t{Vz2*-L%}CI)lReE{J~m?kwxFRB7!
zne9~2$v+1F?8+l%zLo=dlx2IIHF0*fYRFq-zHKzLQGZm*zf|u~o2t@y8hcz*)WjdT
z{nym@ys`eZbJGkrzd{Q5@9J+k6kTB|LLcKIuCFIdDvFpO7L#`{&x!1wpmhwy17$7d
z%yG$uAmqzYmG)NnyQqqR-A%+Xtb_0%*ES~E6H2`2TK(!rb}6R;geDHA(AQp6l`%-6
z$KR+xe1kwUA#Y6j6={FIb*t}ZTqTU$K>$Kvk8B7@cXA*nmO0>y(+eKyTK1tbxUHsw
z%;+z*rpN8PvFbyu2&PU?5x(2Vo#N&r4JDw^UHg&EPfjFTQ&vIX&*ngiZOc^lI=jR;
ze;c~cn$EIqM`v@s%Ykgp+D{qak34mWITh(~j-PayIg#<kV(Th_V{`5YexlY!PM)Xn
z1Kq{^^P)Creaij67QFqg{Snx1^gy?@lY1GlS)b>$lQWQ;9@k=i{k`)|AVN6M&!f37
zM?6B@?gKlcg8-aVl7~;xw4{Dg9!DjFKXRfF>gNMpX;z21aM904I*$4b>?YEt+kCB+
z`YlpPJqKua9)#NhjiEEGC<+l}Z>)lJ7Q?9^xF6nFutjLhvLo~rv;@dMw61Km0LLCu
z<1*%BC!<56E3L(=b!|7_WGO4&_~R3swOjrcm2cl7BlmHE-Jx$|Zgo77OIAO$Qes+o
z{VE1}M7$*F8ZJ36);R#1o`2X7h@J7SYzs5qE}+`0(&nLoM$JsL6cji5lQ<3@p#pR`
zQq+@VVP7;6dstPl0g|K<1v0RM7MPRAIB<oDt5+@HMXZ)7NMZIuGi`*W05QOf%>ukz
zO9X6S#6AsUh0MDvqYSHx1jV&o7?%vOd%8jknF-dkvq<@F&MRK|=KF!E3U-MJ6N4s>
zQD8&=leTSgY7fCZH=qw})BiB=D+-<BHFOQGbzw~pUOGAcTb%+dD)+JA{__*l)X1Pd
zda{U_4a%Q-1G=|T#Pcax70s=kiujx2`m_~=m<E{z!p6P>2_C&45#-lWYXYf<OYgA0
z>oIp$73|N*CbmzXuhj%+T?y*y#|_UE#;cLTeeAZMVLqj+$eRPlpwnZUthbuP)ohhJ
zONeYVHz=6v@)HO7AIK7mJ#=IdC}^>M0aV0%ZXYO~VU}$@YW~|$@*CePSEa-}Xpr|r
zQ&{r+EkwwW_mc6H&rszB4X*?IQ0wg$_RPPlgRmHXrO5rWC)Y<K)Up<-a%p`-ngr&Q
z^&|O>3r#JD2E-FhCR^<5s466Js!x<+qpuukl)Z4FO3{<d(#(GRaFE5yCI8)mADv4E
zu?t1Uv}MpV_m%JX$ZJgT1Jo!p1w@9Of$|JQq1rm5HlJRze1n~=QHN8e$3DmPsO?Wo
z6%`3<u{8?ClCfB$kW3bj=8nDrTuV^Ccg3+eA!GNPqDjUdGdZgde)tL=IK?+8tbb0v
z2k4oZp)8vgHs7dii?VPfZ%!ymP*SIz-SAmO00QDm;o8wx+&#*L+G7$}@-z&fLH01e
zFI<J7=%L6$Yt}+AyEG0I^r-C!W6(dh^rkwm+HI++t5-%iguV@zqvUBAg;tti&LWry
zR)_=$bcYyX4cFqNvuU1}cPvGG%OkPkUyuV|Y8;g9KrH;cQe&;YIcTBjnw__I_C9?S
ziF79^b5=CnE$?`g96p^G3^F4&*EC{XGMJ{j=lAg!O81k1R#Z<m26<nDBhIrQ1Zhi$
zR6-qQtrCVf3N=F+Vc1hm7}_XcR*#A-<E%{c3La2fBrpDYz<{EnQzN+E`?GSmpz;XI
zbfAT*Ub65vXDI2E>cBJIaD<~U77@Qz>Jhb|xi$b16@pVjl{!m{%U!ZrX9nW#k}1P)
z=qL53;dqjXU{(SM_W%%sBS8_wF%c=0V^*ZhjyO_Z-e!E@9YEG){+JxJD@3OQZrZb4
zQ5gsM@&~6*sMA0*nlY}MAu}BQJXo*>0{Oy#NPFk{YEpnqu0_|_Q{b4HKe>p&><de-
zlPO8sV^ff){i3lMz-zn?HnmidYQM+i!J%R?X4Ylyb;h%uhjGB&q$yEJ-<UvM+77;A
ztUA3d>NHix=`-edV)7HsetAe+x5I3#-D4`{)7_(XwW~jpTD`raB=NIS-22TS4S2C4
z?0VFO^(#FNb(Ru^by|pa4Q;Bn0>vV1qXAPjG|n2KFXv5;-K?%p9lyxUI@K?lO9wwD
z2-HI}&rV~Dhwm|BSaFHhG0-;8^aI@}Zgx3a-t=8>Xiahs{$x{A+yMnSzMKcPkZMwG
zLzHD`oum|>Id8Fd{9GsEy5ZljWJ-N?0BYQ?AIqOoo52Noo}4#Q;Mg*y@7n)d9rzU5
zq>L{3p#0Sp7U^#vt0Z#1dGd4AQ|T%9vl~w3#1?S!xa0FlsME{?lYFqsP@YA5^c#35
z=+<QGS9Mw)w9>;I=T`HR3u+EW5u8DB>v|FmicMOdn+tDmTdG%{R>L1>jfGnsh5NS;
z75=V9bnjV1j8&KsfeQKRA$8t3<Ew`u^_9tq!DV@BTc;%Eb(g0h48+$Luhd^ebpfVG
zXKnD9GG&hF&w*SFsY)fa=)wGHYRNqEe9Wa^E?Yysi{fj(G?pv#!M$`6X>=W0`0Ix@
zN9Dt*%&6;;r;z4jnOF$R@M$NY#pV`4*q;1ek^)kF78i_t)H2ysjh{ZECLR<#x)8jF
z%Xm9mvW*KfUV)pTJezPG+jT+Db=?FSTQRg!h6oJa2BO|hG|cAcQ_KD4-&H2RPEqr5
zIA*7GF|=hQexV^Fl0I;PZ4~o33Y1YVBS$3|x4J;WCfO#zfo7BuVUC?!`xSaw{~#Ku
z7q(g~^igg2EaYc(nc+8T^UB9(XD%|~^8!}X@?J3f^IQ89>F&?6Me#(HDON^^8Iemr
z41#KzvM^~?dhVR2g;LI3fwTGXqLk;f$<}2ttv*H9m@$C}A572VM}+$2ep?P{ZhZsp
zNWPMz0#4qLCYSAXq<uL}?u3pk!FQ_ScbfYt;Qu(DV}iQA#dRnjANiEdm)ma_{2Z%n
ztcT7_CQnJ#aYnc8L41eLnmR|#@%!uGw}g6H*%3+_dnXaP0A<{7O6ztWa={hWAg+>r
z_yhoHWHp<phV*fz{L<R*qvZ2OhL!m$>Q;{Zn)PE62Tc|vV_#HMkJ7q;<lrw`ykr*b
zys$?0&EVrP!jU+(TjEis0s$gR5F3g%xrJ}(58E3p3_Rw8;=Z<F3$)1#*yg_YymJRe
zh(bA6wd?`1t_ez{95?N34X;$!d45Q-U6wQ!Nw1{kibwRbFQ0i1ZxXlNTVCwalqa?a
zj}0G1L|Sq+F2h4usvpsY)0td%#mWd?iIo@Da)9^>+KayVAMah>fkg@(yRGQoe(kpC
zcVY`Vakx>L_YQwD{i@FdXi??gc!he8d(WIgJ72e-qb6LoJE|`q5p)>;oGR6|%vH|k
zG#`^|lLl@cDmz&cA>ZXzBKFLV_#-Km?%h|73!O#NdVOr14Yy~@bGR)gYm{-{N4cfI
zyPLvK5<Bk~d*tyTIgv)E=c?N`&lYsPo)A7Zdhb}m410)N|8<*44nF{o3F(x~Q@ppc
zlYrl;`o{Y)o2v|er8?h(o?L}zHbDTIo59vj*i3#-<;l;(NdSk~X5+4kh<K4GSTA$s
zj|b*T_>n#WBlRN0yVzZAT1>Rf+OMTn7>X)*Jqpx8D!Ep!pV+GK2Sy9u-C#zLYn;?k
z)$jeYwI)p#46@A~?l|DE(OxZtlb0lsV+0<frUb6AiAsI71hyB61clFu$v6mwlbKST
zg!HP))l~$Av*jq&R|P*>Bngp-wH4udf+6q(jzSK7x2R(zjdFLWU}AS+rZ%|v@Dr8O
zTa2`ur;?Zi%Q-x+xTA|N_B?qM*`;H@I@;zG+H(GiCVjqs-R^tnZKKY&GZ<0`jUiyz
zxb>48`bg@0ntz=E9S_;t$gPMtQpt%BAjzy7GPz!()PUV@zkE;g3xFH>EvSJx^SU{g
zF0OPE%X3M}tZvF6ut7-D`gmCWwfrQ0lFoc~DKfgL`F^0eKnDanAq?i13`}(MbFfCo
zK%+cUXjpR7Rao*`j>wMCtbQAC;0bwBgIa)S?(ZwlOyl9(t{kh*1faV40#-3@kk+_<
zPfjFQu8=G|&z4D`(lMXHUMQs@qcvk(flu89P;_=+qPE5()$m9Fa_F!0Tt$^##R_bu
zLNfm?tRnpBBmTjmch<_~j1<VX@Qn1*Kx*R=r}BgNf**<+8(y8)DF3F9tHPyUAksTj
z$j`h!9R<Ym#q5>YO$rbmB(!1rm!@<FcHWSdjBdcV-6QE?$^>+PT*slW5xmF=V=j&`
z@#Cr)@HEX92wr)C^d|1LA`p<?DT;0qEtEwHxbhVB`4WP7ZkxTHlf=CgT$^1<_GAWL
zA8Z2KO2FIxM6mzi&SW6&d_FRpv$xT`DGgZUwD`n!{;Uq*`0ypew^r!QVAZ^2U37Z<
zUwyXkONN2pc@k{Yuz4s9<j%hR%bj(_?#2G!yvT)pKl<XURH>xVrX<?(Jq#dfI=z(s
zQ_EMZj!j3pY}y;g!5_W1a{S!NyLQzK|F*OIxY~9w7TvCRl7Vh<&y&iP@Ya8uR9=KX
zi8GL$e{BcR{9Y}sc*Hm!GTCMIo9>bIja#1;$c>V!XefnzP6%D;&}saA9z`<=yww@>
zDpLW)rqDM*0D$%52NwG?ze%Ijjh6|iXQUxen!qXZo-P(#0vD-Cg;A)yY7HN3f)?C!
zV%hPFoX}RP=p>K6><vLpPMy%;I&b5qc;iONe#ln5c2|>r-;;jdl0MmK){5pjFGpd+
z%y&F_0YG?ip<)7%DX)LC3-bT2WAeP;Ss8QN5p!Er`Eb+maATgZg0AtIE;srsr@K5N
zfODt?H<DG<zuM9n?|SjsJmV~u{#_@74@nEefVqxX1u9)?_y)LX;novjUEV1|(|`?q
z2=6cc@##hbotxSDPW=g+%RfAU-3Wlf08wn}(rNL|IrA=*c0@gv^a$M5b}LwpB*f+u
zJCA*ZCA-o{`W&4pK3$78r4w;1<fCLwej%h4s{_kJ#!xZ$3Ux5w(t%(s-*rllu2{C4
zy3Vfth8rSH+j~Bi;uH@d!SC1Ld-bbycyXHcd$^W!jAJuR`gOv1{y*ILE#Jur**+=h
z2&YBmQ>S6}juh$J<G6741Nhcbg8SK$z@6IYha?f3roJV@Are0{kInH#0ES{(3|>PA
zz+V&)ns}vaJj=ffw^wdM9QjdHX1olD<?`pe6=m;^h@jKU!yAL$Fh@S(WU{i&3EiqW
z>!wXKdN?n)%wb@Aa$T{}JK=a(F@wz>H&NB-BasPGCyls7=VZ8((R>(O2k1pA*QSVz
zqsPrvm4du*k){YT6z87U1yRbjGbpmVv$^plAF9S55cP*3DJW(Hc5I-v=eT$leM3Wc
znfkd@PluH0fzNR+<?haz3BtZffSy@UCA9Y&kn-S`V<nK~VzbXYN>bTwpqa|kXu{HF
z9gOs=<8t9k&s!bv(dZElnwzGn=)pW|F~_m(i<Gq?oa}X@F4lYWrc}iVTf{dG7Z_dO
z)?Q?_;;=4V(yY8`;P*Ue^#<#g-Dj%I>GY<+>V}OQ2zRdil}`LMAGI#g%xwYtmo9*+
z^-<#wdiWZQ2|5&2R2}g$wGzZ$$C(6`#x9wLw#gxjt`y*@LK=wYV!~dwa;-k)1E1~p
zV`3^-Y+J}eyG`!V^B?_P{pUbAg?)Qx?X>dYDvxe?cgp2>Tg`pjd^o-0X_1cFZ#DJz
zij2O<*E1>SQoP+I{G04G{0H3K6@0xl$){g9XFL#@q>ou`r6#z@&oHYPHRRVbW}QFS
zG?&EcI6g!8JD`{KDjP-yahu9%KGC;am*~3c0d;XT4gN!pv=bYc{3$l--ZaQeldoh4
z!C#R?^jP9$%EV}tH%KZ+K``)U^Ly2d@Rm;>)KG`tD-9GZ9yN4OVU^cRu8AY21{~en
z`r<T;RAhv{TI^2d>+ni98mLD^0;C@J6Rdi0h0i4FjO5E9k>MWc3?d${Q-%qu<Wl`=
zzOUoHw;?iMUI&E3!TJ(~l2~=s(cA4%%55HX$nnrx!lkX@*1JlE?s;Nps7H0$LiK+B
z3@Sz_XV4*iRB4HOGo$=fPDQlT^!u8T#=_Mi-L|@_2vteDYE(QQx5`M97OkAImo?93
z_FGd`Ecflrch0@^AW+^=!!c(YPl1P#{qjT4Q*ItN%IaeH(q4X~ZE;x?*7c^rj=c!D
z5ysY?a--gwu|<DJ@6*Ay-^HUMH+V&D>KDSbdFvkw{8WQ6jYPyphxtAv%WUCX&~D`I
zrnpzHal&`>UxzQ<upfR^op-E`oYLAnK-rXXqL9HhQi<l1%^!cUYU$r)<zRByUre)S
z=<WS*XRh7-x<}4$O*^y^<+6U4`Zhn)VF@4H7|d|yAzMNlb_1X?6a~(vcyjF=Ym2i_
zma!#ES14rwI7a9kyCpQN)2w~OKhO|dWT;sZwf#h;<JF{|SX7Sxoeph1*gRv&bbIkQ
zmDX&wWmWIXT`>xu6|$m5u7Z|h+q(wB=bxhvZonRxIkojHsKdThM|L$Y@hi$*kMRb;
z{|h!m@7a7D-LJZaUepg)@>*WZ5$RRX#Clp)yp5GgkS8~soBny}K!(U7iW~pwzY~nd
zrGrr-3!BU5t|1N$fylLG9!4^!8=g?v1#YQ@auXC^tmOfx=t9;5x*Pw*U>{WTc;iVX
zzXt9Py1L-da$tw^15l+i$T%^~VgLK3QDM!TmE=0kkU_KhyH7Fi+7#V^DUW05gpV$z
zUTwPlNk2obj@<L3GuXVU7Tg?A1}1E{25WHnSSXeQXW_|*IX&w^lV^IZ215S4Q$Lz0
zXx73Ccpfmv1eA67cD@<0;OR?vCh!I(`|k9Yr)&2A=}6aAmj)~-am<|el36zv-bJLj
zG@{ETzW{q{(NjBu@ACU5hfK9698tZzHXVHp!%0UG^2NeOH5U17b7buqW75@0Y8x2e
zWuFqf@))5o*Ch4}MOc7+UwNP4B8|Q1;e1aiZdq{j3Eb-=w6W6-O%;N{tQC@W^6X7h
zH($Fysf*&2r(-2re%#TP=$)H>Ea+$g#Xbq09!_lGNvLf{^=X{A+!p0-Gld=QX~uOv
zu!z0~ySW3uPb0>pt12_3r74n2KFWtGNWK9YSip_70XJUdoyl5NsgLx;mtL$&Q)}Xf
zUrcT$J7UT*sRwr85u~=wQdE65ai`L|viHYj#jo%q9sKvd7G}SbG*S%Lg2r}G8X#fm
zKXLLVu^R57=MMNh_^X=cx7Zf|W(&@7W(i)ZOK=0m&%l5(<@S><TUj2d2@zr9l1E^Z
z?!GT)5GJk*sOdUE1u|faK!viChdnQ2;jc?uh`==zv=Ft<SX79*BE_#}Be<8%AX4pT
zfz+>X!GfA3N&HNv{xFb%4TkDoAThw5UVx&art!Z*uk?>hHQGh`=k&kGhzPg@7QDr~
z8xJ$3;l!6pY+UPBct}ldAW;*ve*=OK88(#y)OvxN%vYpYe}N5INpQXgcc2a5Z9lR$
zO>O|Qab~laUK0hvB5;R!Qb*)&@`{xh5<L-~&{<8$^Uw2*Ved>fZbi%h2<M%<N*X>p
zSl>8j`&%>b_ONE&5^pK>GB&>Z19CJO*XvQm={3~dHv2m<LKkbvdyx$r`RZm5dn>Q<
z{fFg@9P?|2nY$`rviFX{t`pjbjPZ=&8dUYX8uh6_^Peqo8Yo7$MOF?%7r5-nW&$__
z5vVeN7D98if1ykSs8!xJ>+t2d4;Vt74E`$M4CTq7oLANsy@)1+nEln1Ohz>pRwmWx
zN#jjh_H~u|);LQAU>bvP^HBxQr$u!5lN$K3it^xeAkXPQsKq_cRmU{n6Q4t)B<NKR
zlHWPtL_dAB0v7j<2<)?NQ$g;breMbsC-0Q?j^db?(3yktkKds~64#!VLOTh_)RMBR
z%V^!txe*CAeba09Sa&0q>G^G0QQBwRtL7xFF-8v1dX8*(o1tV;quM(AD&p8lj&Yc-
z*CFvxX9Mcnu)WYocpgv|B~Ua!)`qLcs+x3WT}XSY_RhCxxHv_bUEoqs!e{Ic+*jl$
zR_XYbq4C4G&80aX@&*#1kU|8ztTwxRWtD#gRs6L#sr+3_rV=NQ<Y9%Z=)~*0SmEOG
z82!fuc}G(DZ<_siTDPK{s}6#z5MQ;W0ivdkNDYw}-XlDnu*fjCVnUe`ce-z#tOM-d
zB2;yai?~cBjrPq|v-sl6gZlc5{FR(m!I=y_>nU>^Cr<Y{M0G5$Lt0bE_$p*zzj)?y
z#7CX(z@u*)F=&?#ic=ZB1E|JZbzko{Oz0S|DQf(D<toNBchf%^O-SXl14<Qy)F?GK
zHEQ(!Ae~Y-?qrjX`{AVmlcfp*b)(Tc+V`LG-v$j!u$ru$nhA=iOsu~?%2m5fPFuvU
z9VlAfe)>x$FVgG>uDcG>b2B+MUkfwrBsGlqW{zb4j;4|;75_5r(KwU#I|GOMhctRR
zElwv?jN)5oPc(#1ne_T#18g&jory><YRc)|0G|5~h<Fx})1RTU3>oDBHsFp4=x7(L
zSw+8_Iy9oD7sdy)EYZ*C7su;58cm9@I^<z&|L9p{PCp*39}Lh{m%t%Suo>PUo?~*0
zkn>b_@-aOA1hzxW`@<|i=3y$UP~`wQ73i_9{*w{JE+)M_jKitNn7pMTkE;`vwUIu3
z!f#^A<>r!36qV7a)_|^1IwDd#|1<f6;GEGpSKko4<F{$mQ1d5>z>p?m?&Ov1>MhTB
zAq$6GoLEG&Rq*>+OUjlGMu~?RgkY{cMA8aCbJky0qS+X@>Po4D8RLQ9;66V(=H%JH
z*{=QutMc`@p0~Z0?!RZ|r&$Vnd#v8N<&(nY-^iyT1nLj}Q9JpXRiAL~Z3KIufiS{1
z13u7ns-?02vTX*Rg9sLhSsdLE0&&ZrZd;-!T);Ty4P@KifuZRRx^+W#uLcbE8<1lI
z@@*i03FaMJCOFD`g{gr3tbyIIEaJm7P-b+xrvVJJCTl}KrfDob`#f3HT@*Gc7$fUt
ziD}}m;pMMd{YfRjPCyaRC8L?g&Tzseom`JX!D(E!lkqvn796pW!kv|qoqn`5ZSHIT
zT)-J=Vv$^QmW)sgN&0xC&3+}$c{MWOFB`#CYkAF!;7}|4S0#V5_T9rqqG<+%!!L-=
zt^m{q0Uu*I=J%demG6Ck6tOfigMfjR&f72IMA=f-5cFtdl(KNw_?sMun+u8yfQD-V
zX=@vl<LHd%Q9^bk!*AA7udi+3)xR83$_+F23MzFKtPTL_z;+>kkG@i++Tw@C^e>N`
z<WcG5fslj~mu)`l0|MXY?4y)8Bau4MmaKWSa>&Hq<&D_;fmqt7pi$}gLEt!qXPau=
z;h(Ej`L$U^uyhl+u1%>ru0NjC!mf*XZ0h@~%(#7XRQcvsWh2iGpDmD!<(Di@20}v8
zecXL(|8$GprEgr|^W{qL{F@ag#+kK7n3<w%ahG!PRVI&FKzenLEVED5D@626aqD%B
z-H3xJ{hV$siz|oWDfkwk2fVxtOpYsf&zhqmUsjMRG^|QHpV&#s1n7YbL;zp+9S$wU
z&8Tcz-fN(`qlVSXNZ`!x=%hcY_iPnRkFphNo`I09!GY7s44U?6LrZc>Ua1ouij*G)
ztONImqFNm>`54Wxo|A9UbR}Gu7?Il{T)##CHp8?uTLjyZn_ES>(Iq~h!HuDsT9ZS0
zZcYXA<=6et<&MBxduwil7;-Hbn~Cpx#ej{373n78!e7}|5P?2RHMjw5OzbXkDkZaX
zQN(fWINu0|JLiBB-8Le~K;6_vVD9zZgaKQQtA`|UwVH$hYb6J=VFh@=v8fzDS`9aW
zGf0Rq4LG}p-K`B3!s*6E2So)Q$dIW6ZJVECox0GY6hcUkcR}w;^yG_ba}TS?I#jV8
zda)lEF;V7)pJw*I8Tla(^Z@*MN3CA=bt?fI5-8x*F`j;52U~gSJNd6wk;|m%tO)ZT
zMYdnV0~vPMO)c?S!+B40;1vfUVms3MQuD(4e|IYWDmYJTc<!an3|)PHVs>2rDO>au
zm)Bnl=!leVe^3LJV#4<QF7_0UUHvZGw)^S+kc9o|UtY4t)Ox-%DJibNF=xqmPW_tu
z(e{J;DE8iWM=UD)mfd%bY>&VA*dO0C8^F(_TTf1i5S=P7y1}0zKpe>@i1+If&Ay=c
z@j9MUer_56Ca(^9k<`Aj*j%fF$jVDOpu?Jd-GH4sFH=s=B+zD%NlUD^U)2+rl-v{r
z$uYW?X89oil*>P1f4)pooOj^@dJXq?$>S>D`gHSAsWbuP`_`8+mDFM&U26Y0GhTME
zW5k!aY8=tIF969f*%xWd=Ddb+CC}P$tvq*SM>74Yh+at~^@dlcprdxQgFE3f-2mKd
z_4PKy?#lB#_74Sok=K5y!?<^O>u<f%xyGl)vY@x#vIg^U2Fi&cRq^l#booEu&ME*d
zd9VXt@4i?^Ax8x15SsAIGJ9#_lt%LRV+itwh=rF#Ot;v<Ae;&<szfw={M74Ck4dAY
z@`B;x(>^!8*Ar6g4}|66Y)=fnw*Iv+0_yugmWcTx)Xu0&dl$+sqQ9hZ1aFviYJKnR
zZR+`%_UG<5mVM;3AQbcaZW-34oxETy_};AuCy&CB#1wX$a_M<N6(Q^q)R_dH6sMKD
zu1X2_;>ozjunDDN_1fX_Qg=yM;bHiWf6=q%>LYKvlxjgeMV@P(WV!(@NNXw(y=cX%
z+%uCrdjsXX{^@aaAl$1!U$7A_OJSsTAd%u%A5LUmQw?oFdG8!}6@b-I#4Id@e8I;6
zcPb)>x<jOb+FP%+%>&u1_`U$LmkGo=P)RF7W~oJW)^*JbZUNsp4$8pTYJZY{Bb%61
zg|u+(s_zf*!yE`0PrGO)9G(I4q;;r80ZH18*3JNv>wwPj@zm2mT?=*%p51#j!(`El
zjk31}t$~zrsPEZT#dlR{6r2lI<g#6RDaP)Xr*3)P&7$72ystNsbQ`2}ArV3kO+f{m
zk@-8RM4|&@y2W!cUaI|CA~0`yrFNELDH8febx0G}P|r>Klg&SPWzqHXy6m`5PWyAo
zxlcgK2EvgA8z<6d7eNLEg{uzbXCq=2;#A5XN~q_!&b|vBic+h4OP9}?iwRvOH&#u1
zCX_^|h_7cB>A)8C_BS%L%LER_mn}`hqLa6Cvn6UN%PcS`HoCbmFVpKj7B&8UPp5!H
zhHqQwcwfqveP6xN|ArytyV|5nvypOXalgvbdB#;^>&k}P7FLjdjtPDz&$BN{n(ZB=
z5#x3aYsdSdKZCyJ(lCv_N8lZF7`qXeL;T5j1baZZzTKu_1*-KkJXWT6U;y2SFxdsA
zjwrc9STkIf{pS1DA?Ju%TfZ!n3(7#C!@f(ZB)Ppopa1_KMHT&DC~EyLisJCA-yGa+
zQdl?ts<XQuY0Ve$$1_kYa<9xwJ7-Cf{F6XkyCMnNE!j~PgyQ?*SNF|rW$EGfI!o#0
z)E~Ve+DV|%fapQGxIX9WSQ&xdD|QE;9mBjX6r256dKTN>k;*P6l5ORYl7?x0ihg`E
z?}*?-)UCX-6(F5t&ytVte#E=tt^dR<(%|-$F!`)6Lo1~j>ssoHkE8+Mo$o2Kc{=M)
zL-Ici1xSzPZ(C%(FWO{DsULQhu(1FyU8EyyF+aJ{&GwMkW=l~$8V)IViL=+@a8nAs
zc+{aViKtohC&Tupu=xB-JGJjGVinaqQ!LXZd?_foak-V}gUX?sa1Zr&cyxRg^Luox
zV*kt%yAWS;Co>$h+~hl@U5oGV$L%6b$G(uV8@b_42%NeUh(W&)$k7L$Y#7K}hrCAk
z1osI`m9d+AYG%Fn41`e(j(^~XoGov*_x{GPWI@)Uve*3OonzCS;&E?dZ6bFn6K0E&
z<^Ow(!|Mb>%oXe>PtQwd(0!YmrhR6S@~f?GL|(KkbHl{Px4K<0yZSEoRabOF1{vjH
zAlm7e%sjgHLG~iwM2N|Gf9EZ4V0#5`-;L4%W4aF4cYJ_ug;wZgoloqAlbz$4_Na(u
zoF<j{Y3ARUNc9)vX1(8MV+?+?QUOorF#I-`3JY7`mGfe>Da{N#;`7CV{5y#bcQPd8
z$NKY%wZ_oIhn*<{mbt&@KL9tpzROj_qWwYSG^F!S(Wjb-o+2iGhGp;GtBv;AS+((r
zY}Y-VdHi8i+B<0JIh3v&uWIVyN&oVuGhNAaJZ!z-aI>HGSsvW_r3yOBfaFrNtmA{b
zb{G)df+H`!8*k^7o7`H}!5@|J{T8JqU_y>ou0HK>z$uyM?W?@#FNlM#Z!?r6MUFwE
z&;8Elr(?Cb__&m_(plw@y3Zb2^7DWj;<Pa_T9jH%5tAAyb^<+;<6FKZ<TbLea|Z;|
z5!<tuAYoT)t-zH@-pu6Z#sz%NgD^U5K_Yd4bjSAA?03Tl91@zWixL;l|74dnj-j<*
zfN{@6K$e?SO+SB^qssDDOH-@`BLY!O!#V&zQN-<iYrz}UXOg=mWtxcXW)lptTx($R
z$M4auz%nmSDdjiqxE1fn@zN<+<DssrqL?GTdnio1fM)Yyre>*BQP)Z5u3cSMeYMH{
z!Ij&@b-c}8G_S=o<V=QU@lcA3Ao=1v=+|djNbgy`jS400^V#Prr`7Fz!&s)~x^M%a
zlti|J4ga-HF?4s?cQ?Raz)n8v%|cRUHTtKsNZf}s1M;S%m{hNU)^-U<2`mE}YIvp+
zWqplJt%FKP!`9LH1MRcFs{0Fk^+o6>H%6lvH<CRoe2&8swNn3V+tH*$*$PHIbfs!e
z$~!f`CBgn6`Qup0o4}pjn#_*&A^#^NdJ`8udx)`VAbwkKJDS)LlXK+Vn;so4x9^N;
zaWBS1!JJ{YM0byz?~eOXp$X}<+gIpxV~aJzk3rwkI>f5srE93>v*4vr!!rCNPq3IL
zP!V$|wma`$pyDa-`b$OWRITM2j%0KWT&aj6<dpiwpY0?>br{GUrc(qt?WaRsvwXtw
z=-gcVb}N@`q}y4T+c}H;g5m*&g-KE>zGQxByj(n?W9%U{{v$y`O#CSqEQ_A6DO571
z1q<0j3)vX`SauX6u;ls61u|($usy<|iMnv;dYlsriBlSt?6Z1aJFv(!Ngg%c{KJxj
zS<Fwy;5S=Q!aWgU;iK8bKpQkXq~CDN5HR)9ja!yQ6Z&-4^#yslm#haL2=;ksStYuL
z<q~?vLedhlgN=66k#hWcqDdW~!nM-Dv-gG(@XTk;Or6ET`nB@Mtajt@_(Pf9D=s@~
zE1Fa+aFta;f@dnZS@F^~S=ZEhmw~KM%zo#aOlW`=Pug7lqN<yetl@~SHv@8sMZP`}
zrq+!UrL2+%4KMJK&Acv)nBTDjTHrC)2L5^E*J|sZ3;a_H@}on857p8NRIn3->b)wT
z0|aVmYOPFHnFYoMl($()pSaek0_UcD`*R8uM$ei89M!fixoCv8Wh7gw*4-r(yQx_+
z{Gw-G<=gDD=$_?)sa1ig^gH|^{^nR<zZkYoLI%pJ)t_ew0%b6yO2{RSf4uBuS;+sm
z!>3RS$NlP;C;kn0hAwU@ZN00gJxI1|nDi2!!-zgwD=Vj@aorSQ|Ke+blI4IbbQ)T0
z3{#Q%6_%Nga{tbqp$fht``oNYc{&zFQA$Ll>hyy{!{_gQZM%f_{Vx<`gN8%37g7f<
zX7JW>6E{0|Uj$Mea>%a+s2?M0p8P{I_dWnqA^i*DVYL+QWX?RdxH@lQQPR_hzD5L%
z0e%({uCcH@KX++2noDr2{G8w}DPwc>3>{?_W^(*w#1#GCTv7+9E#Bv8J}@{K3Fo}{
zGO=SF=a0$^;4c5fR<Bj}?Ih8JfH|hQLQ&AaT{FyiA!Fh37mG0}@cZ!@24PiaMvPKg
zdNmCMw|)vNzCbE$j@NlOlowYw7JF*XU21iJdEZ%Vemim>)P{tFCNRHNNLR?UtnitF
zku5LY@%e!<uL`NH02Jyn^Q#A_2t)!`j+auz%;Wp*m=C^JbL@uAWW(d@D^Bv_29vZ~
zNxi5IE#tJK775#J{(^;`R}D)?0ZCNvr*Z-T)~!dbj9(-3Q|XKkL-}shs;!C3S7z@+
z3TR~wbvs6(sV>L*R^b3GS31hK$v>?UyLdm`j215EY95pP;k;d?_xfMSZH>q09TY_n
zL36di1=zJLcYgm^x>xH{Alu?!=pI|_9>Ze3R!}JV&mMj}j^Lh+s2VlZPJOLqKpGI7
z#h!{?Op?l-3i(R8@y8;bw}uwlX%3@f8;pT~pTM&~3%iZWY{xfy@u7h^$vfjNp=gBl
zd`O0GB|e#Aqc82c^vC0-v?HH-VbQf(JQl@{f)H-QyRXbRAo8(Q`XWVMPAaM|#&|t`
z{CJ#cF)iYz-y5CiGz*$k;QBxhm0}~;F;QemzDQ(eysS?%@oyvxtYqd*)GNh1vF4YD
zexF9LPJtzud5b`|FP}M~G{5q5@+<nmsV?dL@&%Ru-KXRSr^UHBrax3>X|!dwV0M>J
zw|qfK(3cMVT>V!4FyP4lH#j{r+{z)FO}eTYU&2+PQVh<LrKOr7=Gw@FLe&yJ4H8ZJ
zs|Y;A0qMp_#^^wN=j;nKu)1c1-ZLH01+BcIXd6JaM8#<jFi3SR!*a9k^`lM@@;6Jv
zAkkz2Jyv~@w0;p!=ZUnccl$HufbI{JKfws(+W_&}ecWZyOPX^8W9^^Z@Z6H1F`_LU
z6)vdjyyuENS0p=b*{=LI2j2NfNXPx}KBU2EPO&D8E~sOOsmMJ|qs-y^gz|cd+bOL1
zYF`fq+8E`l?zDcTaW;3dHO`v18f|F4%+8PI?ps}sY3XNZKiBJKSKVrVrSwmU{FkcO
z>lfQIZ`GyyBgJDZFxD8@VamQ!uglDswr;BZX5Nbb&$QW3(?_dU?*YB(JiGw4f@I6e
zjLKR6Rc(mE6CkNy@K?BM1Jn%I4Ri<zM0f_iT`FzJn6`E&k%IuGvcl7FWzf+@Tf#jm
z)4)v!LI;1^OBL{5!fxC`UhbblXgmj1+z5Rv*1T=PL0)CU*Ysl$Lz~PVF_49V?S+70
z6#nx!K-X5YbwLEw10r?vtz7R9&bGbwzK#k#wUl2I_BhE6eVK@C#8*ha{R3t*wbe~k
ziS#sx8?(QY#a5|!<w)+aF(914%fX#gfnW21`91;K39U(uxa4AgmM@QP2zR%qwqH(X
zUi5^?MluXGg@zNkCXExzm)M>lw3gUo3cEw&DRPTO-$5O8xORzd2oADzjqh9ZyiO2l
z^i<&ZnI#VcvHQl{FDNPgzmw50fgS&7YD@k&QD%hzeD2YrUzVVH?2s@4YX+L00d4Jp
z8PG~oc;A5K8L%?L^IkCoJ$g0HyT_h}M(RT!x&&Wd=%#YRr0M3wtigi(1Bbbl3FpxV
z^I~7aLk+f!7u?#cMB`}%xnH{I<*s6^t;2FfL=4HlU18%(xJ_C*eFL4v2B<eTAy4fO
z*q9494fM$x>c#t}aFOSOc>SGiUq++Uyqn+w#Nm@0tpP)ug?^o+wfRVG>!RY*O<Ai0
zX1qGHayezZ!&J{&mSQyl^g_+KaXLXuty9}#1muy;LHO9J$p=<bG2%-ZQJ+WPE3C#V
ztfQMI{k^x(U5$X3*y`pWYH<bVjZa@W^bIBH*#@+VWZI$@@}4rOEl{%@0Gve`2B3}O
zjJ8q4hK8iVX#kCLMxaGjsusfvu<Gta9R_=d79!-Gy=Vn_S5JGS0sSqDJ#_sl#K2j(
z<CG8PqY9dc7`0>a&)JZXpch?5;@3D@Wve13n%2l*r!3$u@S;LqbHgz%j>b}<Db14X
zzQQi#se%ke$NG4+ba9d~CbbTg3t>*s`;5dJ7QioIn#TA7-C`aK<LVgKp*{|=#w!T}
zz-PK7Fm!iBE^lH$YEg`-X-~RY5Rrvy$&{$+gwaHol==7Zy$_^{ALMq<YP3%tA6y-6
zyBzygKNxWBc<_lYnJT}=Jt8!}5=*UrU;<lPC)L27l-C*z2S_XIE!Z;Tt1fYS7>}k@
zG>}Pp{4$fHFzeRMqPhYyEDQWS#C_4Ulu9=<(IA9AMrv;Szlz(Re&&@@pJl6xD1)oc
z=TmX1QCUr|bgm5cz6fpDX@;(bt~|)wZoXjZ7Qi%~!#AGat}uW+L&|_IuVXZUnE2yE
zy}<83@@g({6WcRadQlzPBh+~P{gxDZ!}yFQ{Bf&FR;wBw{D*S<kL>&7_n4zvo|h4+
zwWv}7S!%R;fZl6Pl{ZsvDHqmm-1c}W`Z3|13aUqSm4Lb|HVLqU%rMz^ocSREQXUqG
z7*gBTw^4-fy`u*J8u$w)X$s`cL3NECNQcJg2q_8jo&f3EkW_c4O1ED#=mNqLKRoC(
zKVlGFocot=^>`0v*k}8>P%2@@uyN1`)$@$ixW$>HOo?BH8Nau>oaAkp0+%MZX*6`x
zfGv}!YLTwN*euawX*j>U7e&-1j%D{c4a~x$0WI_k0xFt9ilA>6Wr`m88tYTOSk@f|
z@)_W;HLxBuiWnh{4m?ogs63vitP5gf=zFSO-({vWnP}GmG4JQOC4j!c<luZI!SV|<
zHqoMgduXUOMQ^C!X%}xZ?D*KxX}5nbRa%J%n8UU@_zgmJBl$v|>hnp(o)vNnT(;C0
zmo~W}q(bo6R#R6Ou8kGS@NHO{A^0#6axE>UN+vLFP5_&b@@&d~Aod(_!i92}<|pCH
zE`jqO4}bDJ27L@-uz}pL_gO*Rob#VyL6+Hi1Ep7#NWh*a`y4U68C(&ZTp8BSEs<~K
zX8TXUb?-|U{m@Rx;H`vG?KYiCO<u(3f32aKtr5_rQfj+7--H{{ob}zw{&`R*5cLkc
zN2l|8u{A|vA)aOmba@El=aOXjc^36~7}Zn0(n=P}syK1Umv43%O24wG|4>tTz|mUO
z`ik2?ped0pM98Ly7^Nt$azzT!0F3}Yi8qXxW~>o;4gqwo2(0)ESg|am94mxeDns&R
zkh5+Dlq@UD)`we7%^TD~L9i%q6mKJa7ZG{31Y_gQTM>Oa<{@Jhu67DF<+ha(%-SMD
zy-pjY6v%hS_q6`hN}sQeQoQDwZ6L9TgXw6~r}Fe>e-fRv*SA88)7ikcV&m_bExC_X
zrUYCxHe50+xxXsFdJ(=ChiD7&bVOZ)I3TTn+vB7RZU)12wPp3SIS{BqX5q<W5s-Da
zEb9(813(6So33qS4+LhvfK#my6xeRj;h{}}en6!fA|3OAw^(Y~)U<{wKa(=Zl=<N<
z<KT-7qHIzu1bJ3Lp9}AXAtD$}>6IuG81<Hrt43{7<8lhwpCU8WLlIX4eT>*152bCP
zLRJ6E-&J7Df#Nzs=9(M6NA@bmOy+FpI;%YPsZg=lK+MC|)7R5)i<`t?b)O(>F4KE|
zW`JYah>_fTMbUksq<W@vk1VGcHrm!31>J_k6DgoGZsx(c>$;*bR4RbB^miikJ0w5E
zUgZ0F^D4;cA(S=9o`Qt4A0?=@K~0Q!Pc7JDw}J0043r|AX0V&_ec;-%1;ZJg!9C(4
zy3!Q{XoY>v#|X@eKU&Sp`CtaPQ^?F3n@IOx4W4+9H|#h5exVys(sXYjkW6dNB?;m%
zyorHruq6rb2Rn=o9f(z;1V)^ZL2QVc=p9i>5Jw09GT?@FUOPJ0Ds+7P9+q<7aaO=d
zGoien#rHA@&HI7Wa3J?3%6hz(D3h#nAcm-C5IN!<J{$5L0O!E{$3c60TG%F^?OWJV
zKBy;rlQ=PvI5qL7_oK{j=Cr4U3l+o-k-LTx&JQ=i-y4_a2B4mqh6~`W#rma*3uTVQ
zQujg%2$--cLx#(Ne1`6i8#pz3CIOH_dZwDs6%dtyJuhUywZ4oI5f;;z_NOpvpw0(R
zz&)c4F@K@fyg;2&Qa$|$Sm4wIN2nL-K553YMjG~hHKe3905b3B2qDF=WKb^l2qTtD
zhl=Rk2P=q8sKf1l?+4hj8N@Q7L`a4kyox$uJv`S#)HvBAplIADu8;<B89qKd4sKFx
z>z$+!f4}G+F7DCmWX(Hvm7s&)%P)?578Q3lp-8A3`a9@aCjsik8TfN-5Bh97%=oxt
z-@dt5`5oOX0OYH|O{Ui6Vj=ee*3V*KRD5fYA)FjakwfMKm;Aw=tKx_Y&45c)$iJ_+
zgX6$8ZD7!WI29P~2R6WCr3C>C#W-l-=)RD7zoq31N(?$C$gz9_1*){ub3HvSqTyJ?
zimO^Bu1yTP3~F6aDM28ea+$Z~4#D^|2wzZ(M?~+@!>Pvw2N{djvE^Rs<t+5T>XG>Z
z>zK((h!gPs|4{W7Kyf@z*f6fag1ft0@Nl@p;ZBg?L4&)yySp9k?ixJ6;TD1)ZXpol
zyWjt<@2z^PW~=sgcK7ajre}J3`g!^f47KC;3RBv~c}fYiBM<{sqBMv$T;ot!t6G-I
zlfRq=?rpmXx_U@5<Hw?ru{&cxlDfqvBf-RBsaep{!9k3bY$7q-G%O<q)Njt7tGqd$
z3RAaQwYs+QGHtjzVtODU8fL^wp`d)U3zt{`V|gcd^Gceyl%n2VHs|t<OVA5E*uSHA
zv7eqyQRc0<ah@;P2<SqQA8|O-aO;E<bN%MuQ0Ws%VI9h#aA*I<U1C6YNea<VMj8z&
z&k><LN1DY;4*4bOFkQWhV3Y6)V?4B)qkf0L-7EWX5h~t_J}|s~PmLIYWHr==`4kSN
zQX;^-0dQbK<36na<9X<5ce)P`ae%~j{N~pWEp>_qHV)#|Muo@}n+7wl`H}rTP7U#f
z0+i^P+@pcj03%IFp^7V(wqb^niMIF<o%t9ariV*t41*ZP{dvJCZow^c%$j9q`-{{E
zK`JK!Hp(B2K(rr~|8&q0xNf*~UPmOY)_0Sh+WS-FoEUwCT{$#Bmwor^@g@~+0F%|t
zxGKQg(0?0f<%!8~%}$h?>`Bk~XmH-&p_D_k@eMHmiimz>SIHlbNx}q(!FkK8rz=dJ
zlW_YfFh33>mRs|@Ky@TtrEpY*Cl=6XU&Q_N3PSm(hl)nk_%Rd`)=nxe4nZWuL^BQ>
zjf=l7a(@AzE%YAdQ4+4>X#=dupevlG3JQ4<Y(HES`#2{^upbSyCwZ!08xKYIyZnAz
zt9>NQJ0WFUDK!=QZtg!po@F>lq8mJ+jQQiT!ZiF+a(^m&{6PiprQ&C&tK>cllxNTE
z@DEO23a@H*Oo(Q-CK~y7d0Kb*ryWsG1==LFP1mHx{6(8QI7GHs$=~v!oj39t8_i^N
z336Tg3TCv4Sb&@Q3tIO{AY#k2$3aEUML)0a-Y=wktazmsfQh-@lak&VzdB{+fNlfz
zPFUaKY}uiAHR=!D53K*t&>Jd}N9`{kkFcooKkSqs%|)23s9YRD_dbT5dIX$|tFBbE
zVXb|fT%9P0czsiS?*;|iJpb;9mNlG_BO#vd`Bypo0^|WONvIbdkM>M_x~$xYS1k&A
z3;ve+iTlIH2K!W9?JbDa{j7`;D{2VOdH!YmD0wgXRa;Gr8)A#}jY@zh1M4gQoNCY(
zNVnXO%Jg?#frc;qa?ymtbJ}uOe`sTHFOeDi6KNXU?Vp15ia68X!l^=?sz2D&h^g<?
zMtQy{-*>7J+bf4Uz%);NH%2r&0!*=8+?7Y=UB|1cHBf7inR_Be7E-;aJsMCqkxm(d
zCeJ>cWhv6GsVXb!P*!MHQlbCQoW-0tjrdIJtwd=1Y&7E&%+Sy}3bRX2;KY6h{A4~u
zAB9_8kI&=8)$4EA@i82=EigRsPGk0(ri#|xr+xCUa2yRHC9z6#22IZ#REu@37k8<1
z1af+?52wp8@hWGWc^t4v7p-^XTtIv__Qa(I^nZggue`POkiREwK$!_Hw??Yqo2?TS
z9iV}ucivHmKVrLktW2zUkf+0DZjt_(vUB6J!|Q)p;Q3k*l);FSZ8?3`b9$$2L;U0O
zwy`iN@Y+nkg8WC__P4X7YMHFI5PIUHHsQOwaYgu~z>6a|T)eGtuHary1Y8ZZ;$NEo
zRg1E_&<`WrZp3g=-<8`uX;6Q^XV1AbfN-^99)u;i|Bn!6&h?f-k0cg2ftCShaY}?I
zD%+^F7oC;=Fd3Z>wM7fp*CWtDkI)G^9y&oUm%s;|ugtnfA?hU(*$>ge)ea6mBcr`Z
z1>qCvDctL51RWmLi4)nsQ6lK|2S1RY^)n3KV${y7W6P83g!fnpPaxEiQYB(8W0YAz
zxy4$b!S}+*P=Khj_3^ejyAbA?Ro;Jy{~Yy3{r}#m1ayvuVeS7ou-$fXC1$L$9@INf
zWBf^8ED;JD<%jCyEOgWo@9FkIH{EtjL+C(ngo8h0#`9DB@8PS`U;p6P1e~_Nru`K_
zZS;dbQ^)hu3OXd!b1MF22*<XIy5cUYa48I{GdJjif=Kz%^zcKi0Pq?ERtKEFbLq3Z
zD_~|0^8+Vh8RZ}#ddduz1eyX|BCw)KVv$JeXVkhsl^m(gtBr((mgPO<UL#Y^UJU*7
z{K#Yp!+&cNDkpUIEvg45C`DT55*k+A7c)ErT@<K@ZTZpa3D^)Z5npjs{{{ChH{N!j
z9r;_lapU<Zb6v^xm%i_wTbDOK=e@J})ea^dHRbwH`C_!UNkVG={$fb_hmjz#%OkJ$
zg0wfM+J8%4;ob%v-$DEY!RIZw1<8wFck?A5<J|1hP7NW!TdaHlfE^ne+<H(bdeVd-
z2FD%WR4%q)Qpd^$+W+}+yKNUu_vocmf5T0gxiToEhmaAKZfKWe`=oeC_TcmhL(oB`
z(8m7;9dqBqLjZGi?&K4&E6!}2&agVBrtxw^H~;Gcm}miV|FwOvY_vG=KN%yJ{u+YH
zc#x&YR3b>*jBK^hv6h<y`8I=O^Dya|7b=#o&{sM^QNvd&f@<Tf2W_$n&UODaJ_TS1
z8R0)ryf9in$6!puD6%_e8+r!DkN)CjiE2#5U{NY)%m4SMfJ+4y)G!wpam<uSn><#V
zx8$iOAps{ec+^}nMByQ&VKfL8D5*f_6d;1Yd_~+xar*x{<A2M}|9)X)@h>yD+Nz@_
zRjiVRUuz$r1JrU*txJ}E@c4t^7g$$#64+*_E7X;I`dlfS75|z%RSfy-I38Ca4jK_Z
zVjyVASf_x`9{*LHHA!v{jQ#^u+=W$E0bTt}2&<$F{-w~f1|-OcS|IKRa|f`Y>2Msr
z>16{{$B8MDG-nE)X{18CzJek;9R^Y?+0-1_xc5QBc*Rjd#ZY22n#(^|wesaiXJWTb
zzyAm&_07~Z`B2G)UDilIfW5HD2g&%3gJM0gjt@Pp_U*aL4gA8~4s3Axh7LdB*2_1L
zU_r4nKp@t^Z5$N)!U_!*>G>~U@E;FHf=R_yp>YlmT2L>2xIKwVz2dqswY%QNsm+J1
z=dJ}(7;k$tU8fMxVAeA!w1p_DeG_4)I<S(k4lW|JJB?uu(1Xwbj&kms#6=+@SzGhb
z@$IrRvj<h#VFn9KSwD5LRCPNo^)9Vir-q0K0hjSEum=Ifok3s)sG5S9C)A~<F$Sj)
zUBBG_?GJex%qoP^RU`h#9l4;FUW#bg-{ek&1}8))<z8=ULUD|>`mwU?+KOk=h=hwq
zuEO$J>&JtFrUSr{s}?RPH^svNP|b441rt)N6t@EN1M5T0-(XWFu85RzC_I;C0uAo&
znAGrd5-CQFZK>&wz|qpUpQZs9Wgqsw>KyFTK!o=DK*&wruY<gvY+0&Z{@RzGkZjo@
z<<gpD;#G7KYZMY|>0c`${#*#bd7(S7x8O3V$RbOR5j}X<&*K|@5*9#-ec%U5s$+BB
zY*w4JQuDBkwWY6faNe%X!+NbIYPIi#k72=n0({32;E8Coi#rMSYeA??rR8bM3Zhp9
z)xMa7nF9iLZMB`FGrD2%VV-J|;N-WVDpn7&L9I0k7l5h%$fLx4!zw5A8k))YYv~ja
z;GcA=86@hQgh8f3dEtOyVZ~%{#(BNqN)@<53Fkd_s6^#rbW-P%B<xT{kA~VvslAx-
zW+p<M?ljr@6|zmqeyt@JAbv{OUdXX|L4koRcy%&htf;GF)Klh%lO=GvItM=Kpjz(u
z8uaiRhMJN~d?~OeC-#m)lbzTUi&&nMlgSwAkNIoIijm_a%oQZKl?t0!4%136nBSXg
z79nrgw8iMuWH&{~m@#n39rkQzNU|$f=qr{TiXeI<SNvf2x2PhVENHA%Khmv+93PTI
z_j|!Tnsdg*BpCMWNDPr^@LpCue(>p;sRBnYz7!#TP_)n%VNS(}wsCGN)(TE_et`|Q
z@eeusAdD66JaTQJ(o>N4e<#`+pH1uco`N2#)3CBE9<82&+;4Wk%!9#mEM-mKpGp53
zt2{4<ku0IzpB-Ir&NifCj%f-}5$0~X%53})TmDe@&xIFo@X7wx=S<9}71jretAR36
zv#)&RLii5npX;4$a`~%xuU+?JX{cm0^1Ywm_APOak>!rt_RD#cbLqVnuR}b&C15wv
zyfxaJMb0p>GRL-sxhsQ@P>mn{$@j%>eY5N|4fylZKIq7Q{qfYbHQcNE>6lJcEWPyR
z6l6u!AOW)fQvvV${XYL7LHdY~_c!OQ0riciANRtpzRjmQK{hh^kU7oS)s`%1bPdt&
zRA<)xZ2`;A{%y@!zqzI#_T}4MP&Nuz(dFJaw}k?h>p|N$Ve~vWtUN0ULBx$ApXzL6
zg<y}$0=pv#4VYW2wC-%Tod2i-#1*&Ix}h68CYG?Pq8Z^I-*+02pD@=*8HgtjrD*!2
zC(C<4_yX*<leK!9&%4$1l1?ndS!a%btW_UWrnT^@+aWV`mTWi6nUr9g8RhQbyX5J6
z;|<?y4}m0IcW!h;s=#IX*2V?Up4UC>4}VEHN~-0y+|2@(5j>bD^ia@WbXZMOu6UlT
zm{J7g;2_Z2XXVdH0z}HQ0w`I2p{F%Sns>U0%Kbs0F8?f7Ks$+YxDKr5oGFPd7rrc7
zmMdI^Bp4fTlQzy))bJ_j*7TWm+^v9g@-F-5<AXxxad(bKql=A}i0PsT2)~-Xg=Q&5
zf5AA%8g&C1!)1j6cfmQM2WMUqzH6IonG;4I-zNr6W8%`lrG^{>|Jsc=smDX0=1?h9
z(%kT5&p{renGz*@w5dnfk((E#A7<|(P6($&r*zn_4s^)`$!jfjxFic0QSG!D-GGI8
z>J9UD(puA8CG<D8AstO~YeOCtcH)?(b~g}S9rSF!o1!s;$(Gd^R<&F12WHr8`)59Q
z_F{(!0{ri76Pxjp;a@m(yh^q9GGp;M20~9ZHx?QH`h83jUE^;yhD_9o9xmJN;m%$x
z;jeNyi0M~G{Aurc<p=jYuWf}3KgdR*(+hSq%(_o3lp8T0bF%*{7)CWNtCA#S?))he
z!|k>}Zr2s95oO5`u4APkUrZ2CzkR+<4P{_}g&woM)qr^Dp@RNupTarDjve`Duo&}%
z;rsUiLH%9lKuf|ApYW|%wdyewR=P%I8KxznAHo3f%dRO=A*1tRB~k2MdpP=cwEo<%
z%wBmViU-x~uts!P#C&sniW78|y%ykKWKW4EWQ9{G0f8lyEn+y+3;4`iONa>LFVN2f
zBO20_bl8-Hm}nGLD{;Pz^P<}9X*$ofW{^H3tMaGIO`z>WqC9sUn)~=%Po-i~Y#~()
z6ieV=+RSg;3{83?S*%0PnaBZ??!f}{)rZLcAJ+mc;V+IIKo^h}b;}?<kI)!~<w6VQ
zhZ~LTaCB{#JfcnQRzA}eum4Syu?p-9buwbnqH!JE589T=X5@Y?v>&t{@u6xCV>6!y
z>Uze!y~Oc;Fo+hz9NZMce@qfCU0I)T@Jhw|0aqZ+gkl9Zq<r3$O_}8T?!$sO`Gu}d
zL0!|<1R>9<vUbu)^Qq;-pfHCFFYIv-l;AmLd2zYGnE#T4@`o+6eGI>fbCwgCM>acJ
z^!^gHdcHwkyEL_nQ5!oNXsL!>U7n7oovG|Ctx1}?iJJ}$<ZsWWE<b~sFB*yWx1DV&
zbU=sDO=F60y5lkGTZUG*l3`0+El(;e*7Mg#df@|E1@`EFR(-8!i3++%^W_#LDq0s9
zE;`0H<cb#eTjn?vKM-zvyiA~^Es~GZ)DPCs%_d{0eI_JY4f~b))Wak8{TH9zT<=&h
zc(_NZ8Rj@kI~Urg2ZdlUDbHBLGd?t`Dh8!)a@3vdq`>Z+BZL{?URumBB%ofo=1I;e
z>k$M$l$qjq+0)0`M@Nnj1aBsNC4d4`C)wegWHlNEL$$PDR53AXHE+OtNt}$zYK>OR
zbUUN)1b~pCW}~fqp{n)oVtF}m{-OmI;sr7{G5kt3|Cz5LgkNL{lH}-1kIzu&M>1pd
z8VU3p3An4=ks!tlDOg6;&mEGtCL<Jv=2Eu@(()uRH*Q%fu_fyqV>gS_t>7z_B!*0x
z%fH;Vtbg*f1iEW7+VR1vlg`<8+P4)auL>;WkvbaNC-vRK9{)tewtH}Q(a;ajJL7NR
zyc7KlBT+#eT%1X{&^64);yh|<94pMNjNiYrSh#w?AijJj+-SIy3Q{xLmqSdtl6hUp
zc&E~bU_VRUEkx|WzagnH7w+npsza1QLzG<|@{^kg)XSv1?wAK}e+w?=GtbpTKlX7N
zVDu$N&$FdLr14w85wS(BI`mi3c}eNt{W7a&nFi=nSuy$syW}M-?0ZriCXJ+L+!iub
zGj$>hbPuZPqY7-*PuG?v4vyw}+Xr;#c=dzH0;;>99@b!JOyyU|2U^6h&mVdeBq0RQ
zSb10|9@zCN9h#p&>OW(Vu%253&~FcQ_v*a!+`j27vfQfNIXibMj;#5}ZUrnGODm$V
z%`=G2HZu2`OE`aj`d3NH?0l(xVg&Q>#hQ4<NCopRMM2!c0s0RgnbfYa2!7*KPujE3
zDmv`kwE;OVe~}{|vKho*abzcip4+#Dyp+DA5`KX~LhYK(!p+D_C-=npYt_Xa)LLH-
zj%6XPDg|+{ZV>)_Jk0{_V4${w`?D<8$H=Ve55I3q^x%_rh57%O&NPOTTuJJD-!&#n
zy`y3mx1cVnTi-FzS7zy{1UEh3HhUER^ass-FOcAAXnGLUsEsptRxM%SZ4P8zHY6bI
zwtIan-0<HfAR_Yj<_qw#^$mfHr*q3FYJW0XRUc{58Gm+-S`k@35l6b8=NB6D<iD)o
z#4<spwNrYOw5=1$(yMpq;cDSKaN);&FeKspy!pYHR&M-56;<HW`igT7`|0O!+gn2(
zrQI94o&w>dO>J6Q#s)3n5;0c(J>`{r$pUfH9V~vKZ)VDeUJ%OeSn_U^o@UE#*9>hK
z*Y>%)Ynm)0vZWMM1D<$x;*({HC!wC!P5kGIQT+21a0Kic4$8G{{+*MqU>*T+`JIa1
zSN<7P1fg~dG_nTZmRI=iXq$i5kovvhv4lHe_mYgf7NV7;as^{g`H*4d=!;DAq@1b+
z-R4E);DPBI>A926)|2~aIya~)Y~Z-Ct4#B=w^UTF-|}{=NNW==fp5(XX@B3MS7W(h
zIFuiqMcf$XCHP6rvplo$*B(FQ8sq8`>kz77c2<|f%e4(xW&mC(G^=+jqsVK*fxavB
zb^;Z~%n!U8-3IBR-1Q|KPbPw2y0u8zw?QN|Z(iA)RKu?L#)GeO9lmp5if%K7F$&XY
zf-cMGWkDxuit%=3@;Ke9z?&GbgEu6{@*Ae`!R@D8uDrLp1^@9S4*zu%gJm4?AOjn=
zWjMMo&#+YXY^#1sNP>ayuv*_Ol&r?8%ggQ6?70e!RlmnSc@r_1B%5s)DRtWscX~-!
zu%@{`91`5YYHaYNvWm(dKg}I72(OOGF#b5^ur|x0t!8nf{X+lSHBN)s`x`$xho07!
zYdub3;4<divvn&8DA$0M10fCB24*_s`>f9SIDOqCuAqYvz)e3&q>4Wd8e}Qa>ay*U
zwqmmIx$A>IxVHxW<2QU|YBzNUwZ>Y#_xHxf!##EU_02~H?A%5fXpR}2B$aS!pcxtd
z769Qw)o}wR-%(4;4XFQBJy==>0YUj201Cy&kx+MWqvNR(q`8FS*yrJmNkG5+6(juP
z(e2T@=2A?1*`M^uf1h$`9{w0?=%k%5>|X7--Q6Lwv>zOp!u@U%1IpO&qIn9{`?_Qq
zasyLz!lU92v(O=_babQYgLZrA!?SQBHqD<6L%LO*g@%H8m$pR7%}>whUI030gLxnb
zP_|xP(H?_`**h4YoB^YyP3ai=oOx_0Z*wHz@T+Y?Aq#tRFa5@|^G8G?7M^YC13p<-
zQ*9k3O15k}CLGo0j-ul_Yx?KQS_MNUb1Q4HzA|hY(}${7>Z-Be$LVGxu-&>_bKRcJ
z9*}z=@=ktbi+y9oYQ^d{qmk#Zz4MO~-tWa-Nk_!Y#WqS`n2|XLYS!!xoAgQ!rd}jn
zf(FoF1foSvvloaQ=c9I~T|$jKT^7Ep$Z$NDlNQ_A*J?|z^j+VSol((xG;|ABYhc*H
zq`BPTPaHm{64*lo_tjmKYOy0ttMEEXF5hAIR<$n7kw8B<U(&o$dTwz`2iEaeJA*o>
z>6Dv1#R_p<_3TmidKFg1Lf;y6Y4e*pedNv0nf!(RjqLy2eq;78e@7RFW>s;L2v+Xb
z?gA=XT?iD{mW}yu+Esx3o9&vO2$uisnQXSed&O>v7#E-h3NCrU7*$cg?6MZiDL51t
zpzgO$x0?%=o^=Y2K+szPIypwDs}z?^yaUQ-FnODIzJM7O=ZWk8O2ToZ+#ssu2f)ui
z*#vj&5?`hnsgbeOh}*OFMIO+m$Z|7@uXd`(O}Di<reUd&9G0faKEa$mHf3MTk;yi$
z;mfYRQHCwRzH|=ZKXQ4Ud{BlQST>_f{`{c4&Euy;JKDX*m7U%lA2SXw`cX6+#=4u=
z-cwo05-uzkj#(;2=z68{&I>c?>e!YA0flked~1~_vd8FX@Q#xGmyqbFnDJ35ZR{zd
zNx%EJimk(eN`W@PB&(CgiU#0nr)=F#t&1Mxv!~LE1>i07)QgSLDTup&(<zDQ-dG^&
zaoeO&=6JD%9%H2QNjBOa;8WQ3aX&O?v@_BD@i*d5kMN-`JdgW?!?D*QWAu{&EIt&6
zynLAz@%F7xAtOA%IG*Y<FJe@RKLzF0S^&qzTfdIZWZaxz=D;im&O59EkiU<eitCuX
zhCsm3u8rBY|GW0{?iB^+<LTCRKz`3=!*|cKydJ~jt!?6bk+H)q=9ur~;&bVwX;O~Y
zbKP)fxyfqydIS~gRqG~sYW%<ax?ztsF*`3aj<MUL1R8B7wKFYrGv52xb>cjy-N&R8
zzp;*sSQv6U26>R)7Yg0e{gZ7<u01vHl{@-2Pd~1E*dzR0Z)AT(HI+wOL*~$)+0wFB
z0}>7G%gf&zgrWSvI?gu_NgbpLa4sF?iYc5+C5mWj)G_z#$she2r(*6m%)lMMz4A)m
z>zCQD+tk-F{%2?SPxg0u9m)1g=*`b}_kPi!PY<eJZ<#wL+iAAwHe;M)zp)NuG}obY
zOtjNL9C=E1epY-QP8rsZY6Y#pi8OY&58CF!tVvpJoX)^H;KGPZ&Gfn*4Ys2OG0qMr
z*xCiKEZxhYYxZ0fwDdYMH}+@e8Vz+i1$}pdiBy6d`MUJi!XKXrUXwZ0@vIqGHnvTf
z+NTe#u!PoWcWprQRXc|YlpWhVoG_QfvbO@%7_Ov`9@wSSzOh!Q=4A;hnQ!T=iml?g
zNF=)Sv?@J0SDT;uHEj@N&sPhHOl#DG{HzIg)9o+(ZE(aoj1G>!<^NxS)%g>|SzhII
zl}yRz$5~6~<(u`C)NObbYpoL}7B<S${(<PXwNx--2VZ#u*_J1^4`iPh1mkbXok(UU
z6YT29mkmU!+dQ=FFRJFoFxALhzKdpWv8XW!%%x5`%(T}+X}ar(1b()gZ?SF0xL6o5
z0y3Aae0)ajI9qQ8au_kJD^*=sFz(bf-DMbewe9O(<GL45tkf+dN8;uFX8d}GMylK@
z4SajVtzlZq53gVT;A=3q(jOZmvW7gGe~ub`&ZeS`_(@)gH-FefExX3*t55t)Kz8#D
zO-rHXi#YD%0&&3|J>8drA+?*}7vBiikb9?<&#DF0_q(KC0DggyM<hX!X)FnPahZGU
ze`GiJ17r|}8=m0~4{tb-038mb($iefUQTj;K<Q@@(xvNaq?VjQ*v7KdOdoPWJ#s?D
zf2FkeU2d_c+xJ%#MJtY&^M;L&>DykZJ6(r<eUi*?ZFF`1<b?NNzsm~Rg|Q<y{)8b1
zi+_o)fxj!jx1(<!R<UvZ!E1`=@RI+$LiiW15vJR}XtU2@zvW#V+w+Po{r*u<f&#Yc
zgGrZgSVtcbb~tWD(5Un28o>vtHVc9s3x3PHKjO(%>v9JA1J6B+DA??x$ZDIwI2j(v
zqZ}l;WbrBqlX>PPGZ{xx7n*Eja1UALo~y||>K}O%$w~ehY#=Thx6s-ZFxq((ac~e+
zrcT!+>0L0#gDslxEoPty=gi8UKy$}pU2W?Y%wOS=W;Za(CcxUS?4}h0%2q0CW|cf$
zP4%t}cN7}6Rr2`E@yO%q?Al|BI{3Ve)Rro1wlxf&RIMtMl`UES1&MyJ%pPdmReZR_
zlhVL^h$)r12jsi8ip(T+w|7uU<}YljNJFAN_y5NE)W<o30FgG+^eP!=kXv)hZ)En%
zhn`tz>WMvv(D%gfeukYt88<#su-VLb#kKTg$7wD2x)HYXxzg#Dfr?#~*~NGv>BOCn
zgB|xI28pwnJ{$fZZRaw^#~0aP@ySa-Il+^03gK^t#<`{>=IO|H@Yxab3~4}pn}5`1
zN5`?jW~RHUiG6U~d7Y8HT=O57x_nbV!?H>{mxvA-zc>#&|0W#j%xR&)iG}uIXCK1v
zM!D6jnl=9wUe37;_mAjZU?m-VkY$4I<&-3?TD5+V2|+*9Ecla%Y+`k@{6n$tr$U$L
zxKTR9w^6CdU#}YAEqaZ;{NUq6f97r_Ej6{sF<;Nhq5r_Rx9VE_2mg@_c=z0$saZC6
z%6i2o?;!N!@fD2?1r437YCjP-6l2*Tn3m0knT^SQGENaU+0HqKO7cSNr;4<q2Ozq|
zZ?oC#K77%k@o=VJpTkQEG^6Wpq(rLNae4-~+1UTJ8{cLm=dneUpT<%B%lxg@=(pr)
z+@ya0^g|G*z4*U6KmqiR8^Tgv;tQaf>+!+1-U$}ExJcK#n6-@aYuZ&dGDc)9#5s(C
zKPe+uv|Fn1c;2uM80Y!;)El>Mt4w>?d8!g#{7_6~Y5-rqWwo1RW&%OtoY~^`2@2C~
z6OAMMFj5KM$?KQPFjvQuFr4l+n?F;XwC<<Z{!=Yl4=71-pHaAPwh5#^lL!gWY8l5U
z+P{ZY)HzE%B~MLFuNA5UhF7xaJ0F|}E3PPp6aZUxtS>z+ExW0#-~0fyfm=<tD%dBC
z6s#3EV3mm&!(O?HXeCu~eFC4304CB9A4hRreL4!y^s%hBgW;mbzo9i;AN$^^qMaWr
zG>t|*nQtbU>pL86L@$N4%^OnQ5;cv(lh^iWZj+VF1I?r|SmK7BXE11P>T3Az-#eop
zY@>2N@C+2D9@`r^dBmU1e#3TP4WaHWZzz)x*Zp8dw`5~U5=IxnE%;aKj%ZCM3`-(q
zTyC(P#t#NM$GjG@J$=5bc97{*b07Gf>EGYURQPbiVKnJcJZ&#^Pu3pQ<qxI7i<Y3g
zmQ#0Q0_iP$W1S-G0AszUBrMOim-rPcEf!gnx70CxxliFc(R=u>dXNr7SO>5fb34YR
z5Ss9#5n4&48DB8f@JW4JE3{wZgS}h1)qU{*r>)-&-#n8h_DRI%)mj3>D@n?1U6YQf
z(-|Q0l6k%1pILBU9d36MbkEWe%!9Eo3(wOQv$ZMT-dIhriHLp<y~{S-t9xM?qug;z
z$11BNTXwWPp#07A;_8@~!rHo5+OB%;`j|n`ut(-4tj;}L=S_8=vP6B2xNcc1f5>2N
zu37sGV8NwP8-EBSETH~V26Pe{@#l;IPlqDnKr)6LX*B4qpM}98Dv{{9WL2?YDtj`}
zG0tp>b-3c1^?##X4)5SWO3@8A33CSdl^o=HNWa^QLHj%CoUD42R`|H6dm4$9l3=af
z(!n|c&)}xy9!FYqklpnd#Hg;b<MF-nIa@?qZ4H|=?^Sf3V&-BtVB`g3`F(`AfYgfa
zV(2A;SpMJ86vlVom4Nm;(akr-8|MnrqXsQXJ0l1EPa&tfxBXaeHOZEgjP7^8Y6S+X
zs$^BMweCCf&`_Qkcuuf{dCx?-I@BxL|4%8tFYQ;76Dh=yG=VTOBz-8@^NHhObH|>T
zb+#PJ;{>w-M8?)CTI~K!z;Auk<z5<ZTqoZ8%&1+aMRIdwN{{|iF4QF=YYs~39WcuF
z?VHM)<Mg+?j~j(E{U%<$WRN8ZKsvAxy<6A5EP!CtwaUquZR%*T9sWT<-SV%3%4UL1
zkGgzXILoFE9A9CC#M0S^{4VKMb#FwFKxFg16V3A0SCpu78?zuL!x)HTa?%^{l!}H7
zKgHhd*+z&028oxn{H~%r@HE!&oC9RIjfF-m;ve3%^bi()q6qQbh0urvX&1geN-l_{
z)jH8Ta7r$snpLFj=WZk{B8i#gml$?p>9S8XI#bqn%LSrG{q)h2<uSVZ84hO<Xtt8Y
zudNHx`Ck#ARjQlQI&5x{*+d3jBv#1=y7vcRRu($<iB$$<k*ZRP+_o<<Iem_IMPFnR
zpjmRM*nv&2hG)@6)~d$5-hY~@L}^%%yxGAH^M*u1l3%<~JUG>b@eps9u}2-WlzmKh
zKMb|Oc@KHPm<|++wy;sapcEz%Un?aRA@>(PMVS7r^h!gPz1>pJiGaoI`l*RDd5g|(
z3A1y_9@^w(pnGKd38*D2pg3PB(=Q&IF9(lOz<xCa1#RnbZ(0j#yHD!h5@d>qbfK4=
zNw#PxoGCriCKQQDK^)9rF~k|`KD#FbB~;1RRO+DEV1hR3-EO$hQupA53&EcBZo=VD
zW9eMAblll*8K*Vs5~0sNS{noRA+2x7+_6(RCep|#gp(=vH9z0U*hztvsZV+wfNg+h
z3OiPXMc)%n^acI2@F*Qp->JMUHE1=T(e~#dn)<kPkV884;Do}7m4<jG(8(1o&%)61
zdLH|fk>YQ=_8%mWFC92h@})VJcMD%Sn-i_>MfmPCI>O&tZui^vp?qp@;nrK2JyVfW
zd~_tzJDq!CSk6zBJPuhJ1WIvcKQf=_E-`mHnYRMk7mAQnM%2WJUk6z9Wx_&bo5RJ0
ziFVH(Li)ZBPkPo22IS-V<hU?a$!v||`nYxNsAU7c5xv%mVG_mE0sQHYl|QFC;;ydF
z)`)*gJfvIsh9q~s!Koh_jt7C8W|5e_IRM_2^%AS9Tx-2$ZPp~-ztzF&y;AhcYjv#|
zl}C`@&(Afgt*e%TA3nOsAw1M`o67|Iyc0dvQEMz)_>&)iRD^(mFR5$llCPyU+rizE
zfIWPYP_lT5?%WYkhlYhq$#r|J$KfotS9^u!v{;Cux^ek`y3igs=|-7ltzU_4wnp^e
zh)Fb4_HPjNG#<4>aNpmwAl-9{$fEL!GIcMF^8rGJBb(^5jZV|_^@I4^e&6b@@KOFW
z+pP;j7INX>s@q-ELDz7G>oY7DRhvcH=9Ixo0PYk|0qRkD4MDCGJAV7;if_a@^&r^Q
zi+&@(pS4;Xr|Np;y8p_|^;@i^KE0M@y4{}mfwF%h7;*8$TK<*me_F8%_y1_c2q!x+
z8L&dQNZB2b4S^9am|xw|8jdo~{LwegG1f@*;om<Zg-}Zs&UB*t@XY8ERE@gnLtZ)!
ztRAC`Fphu3QsTRA3p-lR6q^4EM*c~!s(*1BKu8_n5qe7Q-T$b3qxj;ASA@kmly5=L
zUbNu#OX_G&%j)9$l4kZ+L$H?NB-y2+T0YDkzy1gL(rNxN5^hFc<-MH@ch^c^$iYtL
z*k7v7IPm$ALk(j65?yWuR_P((M^m%HX$*u`J;4<KaJ9*``mADl%)oGK%+DSBMM<U+
zk<(K9Kp*$n%IU{^?Bo3@{gxIcRGDai_Uw<UXrOth3D1Fr1N!`1Wf}#%?;wB!TKcwc
z$kB~O(Tk_23Q;Fo42MfBcP=~bxv>!qO7I(VUfW*%^LtDA*IT|38b4Ff6xH`;2gKrn
zqgxHojbYe@!VVP+lN4g1JW4(b&SwtIZIh#8fA&sq`Z?a(-_oK<FUSWb=mPFTZb(7M
z(z2Gq@Po442&d^-r{s>JWLQ+M;XNfTn!kfN^$?J1T`ZP_0154V+SLBF7bda%p+=zh
zrthTia^jeUhgV9~FOsYSPFVZ#)YjHnxDq@M=1*;MRq9WbFGUG|UJf<Np23f89z`Jb
z+Xf3sa)x)vq2W@bEy;Iji#;C>yR28+eLj59=Lci0K!Wh1?kUGd{dO%)j|sOv&VuPj
z5=X-(m9hYq;wy*?@`Q5ght2Y~vev0o5u6k1r%JJ6Swy@r1GWe;KN=7>su>Z1JPL$l
zb$8jQAuM7qk?=^fCSTfLy)C-Rz!;2Y8CZ$7ixc?5o069!-#$M9jw=hu2^K&iD-EKC
zsW*}Mr#^{0MtQR`_r&M@L0h1`;J6NxuAzQn7XqVUsODWGmH${u)b(?!(A<PxaFfsf
zVl%37#-1;w2EQ~|^mO7xCeFy_P&X_7=$z~iYew4x(5LbU*t90m*BgqWRh25-Nhnfg
zg<>uQj);tI2Ii6<al~o?KNia(XkoT3Y7&5M$Yu1abUoZ~lXDi-N#r5n`7JY&fpe}!
z3Amr5;+6!b7X+t+H}u>D7xnhp<OHXarR7{QO222&=DCMoOB|rZw~#^0vVO7=Wgv(H
zUE($MT6(>Zj|1J-h#;ifBqJQ+p)cS0t>{{99S|QVIV?^t-7zg}^Mbqhml45TmGLPr
z9$cQkWtrUl<zw-m({lzIdNF9XS#N$hr#>DJ3uSSldm!42!4?)%lms4=MX)}Ujd{z@
z5OR=qw6nONm%l+OXk5bF<|Q>KQ?bE>!riQXks43KViHv{`9=<I#iPzcHDNx<L6XjY
zQky?@@`Km4b1$8($<v?g8CUb2A&)7+_mFd8EhgTVqy=Hw75{mF)MCM|m`ba_SI-@w
zV#K`&6jpb#dl@vX1(~O%dU8izRkAtd1p>Sy_ZIhmauV9q@0J8i&Qbb@ofa6G_4JFM
z)j+c4p6fRrn@zSw*>(8|Gf}D{DcQb6QMXMDT~4EG_#-rtK^mIbz##-7hz~&omyjgL
zqDES{kF*k02|u%2_LTjxf5`oJ1-M{&#y+h+9Vk5=fM2$wh95w@8Yn#*pncv|absOn
zSqhYcmWzQa)^tcPHrS)Y!t#QT0>xGoJH#iN4c$Gol1;;x4ySsPlX@?6#1I;y!xw;R
z`|?ra_4mHdEtUH_z)b(}rtD401J8<|aGxaPIg+5>k{}w_uru?eh3TP%&7Wl5r=2g5
z0d!_K_1Kt3VY}LYHu-ZM*;l83{Tma{%M+nK@(-w`I!7^%J8_m?JzJAo5BW{&ubV$z
z(dJ;_=E%B&R>it8C0AXxv%1nZNA(cJhTf(oqD}yzM1*$1qCQgzhpnA$IE_ao8n8PY
zOQgXub1e8s>M>N4tcn#8PaotGQwlA@^d-V$!6ew^u?T#sE@7G!X`{&am4d>Rf+UsF
zuHU7rS}InlRT`vvS6hR%g(*VNau=cLi8g4flDkT_n+I5SFfphf6i|nv9l|Fhfoe`y
z2Kh-uTRVNi7?ohe5;trJnWt^%Ki(nM(2ZX}!Yg^jJXf2D*UHDGJc#Ww1-c%DUzSd!
zZ32luM>s4RIjA-mHcgWN3&uyD8R5XpiS<PKOe($mXZoyNM)z1-tvL3DS-Q#NrXAEN
z)*#U{yORE)h8|;nj@_P0Jp$FvIZML~1^+X>z8bT`iRbBx8s38MhEKh={Dz+3C?z+1
z2y@a6%O9~^PN-zFXnA|Jn`-Jhj0T52$GlXC8=QN<R`WapJxYD`e~qXAEy<dutzoB0
zy#g;IiUW40{4pdTBKian{K%+gU?o}=8RWDM5gqb#<&q%jS^8t~<wu|p*h$nf`MGU2
zz&Qr~!J<p%O>ZAh4qDt5rQKuT-IGrAz9x+`Cpb@4ru+r{#*;gS)~3ljCZNPG-V2wV
zx<@?<t7wV*CuP^J;n!#qZ-vXBf$F{FIZ6-{sEl#;ny|syb;g;*bVscoU-leJ!Q21I
zxaD%u*;8)slBWuOqtmOD$;F*?S648yy58oZ>kpN8fPFv{+^viKVF>KW_j2qc&c3=L
z+;WFBs9e8n{_W<7XWTeu@jrH|f%+YLkw)-U*@<<ONE)2Ar9lp~l+f6_2;iPt%0ud6
z#2(se;_#m^DN$WPI%Klp24?^lB9F;lg4qFd+IYtyu6L%7^qQVz-Qrek`R{{WOWn+@
ztH;WipEtZPivtx0E-;ofCbAHyMAF?rCjZ)0+{;MouA0n*{xDACsb5y{Y5pmmEvwfg
z>m1P60Ia11ZZn7sAB2pDptN-au@v_&NjDY+tc)6yYph0HW*C>A*3)(yt}0^}w+sJ(
zx*eX&XEu%#g*&OM$Vp@54tcAE?IHxqh<C8T@t2G8ZjJ{W@!%g794sGmbGkwD>oOeG
zbvG9Be_b+jV@3zzx3$XV9F9t8V2>+7^2UBiu`#2qp<7yIpL#&@tqzwJH2key&}&^3
zEE<~IT4w_O;3m%S?hat9hH;xNubLvi#TT@P=7{>mOxy8(ErCDF8%><c@&0Wd=SpL1
zyU^#G#-)r)BNW;`DJ#00Y1Cn)Y8Yo}*^iWI5i%@qa4|23|Nm7En7A7#j-~39bSvX1
z;}dpl4Uc673wm08y>>Otn6g|Zl~MSd!xLleG&rtyoK0IYofkP`vH=-&Y?9Aml285U
z!yQsmtM*b+JHZ(AIQ{|U$)iP14(BX!qyOURah@lJ%_OQi5z3}qujr=jpu6jCf+vgc
z(2BqCGPJ-=zVGQWaC0gdGBz1x2Q+rWGXCY&1-_AT4Lch%d!amnTkR#;TmG%n+dnCB
zP2wc$Y-nup&o%4~)x`r;%$;kNmHX?#GiSqe@xDLXOSXdB@wI7nydOdR97YbABI#?h
z=TlS4^`eu9Q>l7<n>zGhxiHTW;2Cu0jQsM;Rq#GBY-EIz*#ek-M&!pj+<9wgsW<!<
zQT}nnwTvi(OG`*2od~pGUdB?KfD81><0+W(Trmoyt1kj%V+P1^=h@<Mda$$pY{;BO
z(-M+nDRxYU?@4F>JUR8p-A_XtV{(Of6U`dx?p9Fg+pqc{m!w9veN`7N^!wKFRr2cD
z#75;J$;ZEr54zBt7ihEdR7*s*^Q3#<6cVHO)iP@Qm#%$|HT)^(isR+;U7JRhh(7go
zO|j&!*hI-+6xt{&fe&}^DzRTkO!Ys|JN3#mW4ExLE_<mb>>Fv~V}UtT-vnwD6YfAc
zE=V4-v|D<}$%rRxDHux+6}+$+-n^k8<)9@Jvw1ppmUv{CFQt>1<M69h#m5&|JfBy?
zC>rzQ)8Am8`<p7nVFDd%Pq7B)R9atQx9XzX#e=N*x$lvQ@1&oKL`bh^D{g;uj%@}c
zHN%QqvLwb?-~SO`lFpvpxg7vTEaNrhJ-27de{%0@=BJ^ELWZ>b%Rx%xHR|E<A|3Ic
zvXD_+*G2Jxa_wY=ABe{qMe2h*1K%edok)Oljb1Ro13)=3AQg)*D=H3zY&U^>%@6&y
zEbk%@QP>9lbh&X_=*2r6cZY`z@njyPPj`QDCaGsTDI*(w#WN}S&ssa0mYDa?Lq+4M
zPsv6}zprhV)^G#Ru{4k_I6_vuawTr5%d;cb@+)hyDG(kUFG1*&{j=W2{_Az18je}Z
zsk6d76P^d7xuzcNdcPl4N$B5<o4d3p-!%eDLV0A9za7ww!k4ZcL4w>Idrv+ZAagju
zL6;0%DY|@SelWV9hJ*{I<X?YcHJ+-tF~Ibx*6Yy-5Mdcr*6ZzH-eTncrs?m|wEN{N
zwvSZ4ED=HSmjl=t?lhZTEmy<6UnguBW?I>(o9Coux+`Y#ZIX4ohB0$l+ZiMn*39zP
zTO%e?T6$|y>)vi0%Z>Ht<M**wnefRYa=g|j*G#Oo2GP`DpZKps^ZA%OJ0o;X=15GQ
zI5_Tw^}Z$gRE&!@-kLl)+L=zv^>x4TD*z^63ex%AnhBX(Z?Qg!fmc5zc{|lQ4BqYn
zA~-`Q^*2gEy^p60X_46@oG%I_1B#5?0XRRm6%UWsyletL6`XtDRrIc>gl))1uQ;2m
zv=8@IU1p|edd4$t_A|G4rJi8jQLcPiD9|QrWGH{<8ZghP%nImNt<>JPYAQl-vSQqA
z$3L`>WbfymsrRwB1sQyavR8um8q0syM@hZu<De2J_?=__Vv=du@D)1zzYFc7m!oaY
z*OfEf=jnaVKh_iT*3sTQue0<%UoFI3s~%g$nl3icrJ_iZ$k+W9FdPN8Kt`bfS7JHi
zCRaQB`j?z*mkIA)(a6f9X^}~L?gO=31E{HxAxLKaUqi=z<ShCcJQo*26&FIW!IcPF
zsLR`-Nhd>z!&{0~$dtbrX!up!N<KoGgL0#^<e_JFWx=^oY3Fs9o|U69UhwM!iUFh^
zgrM#48?*c4`HvypGH!m08`Yx(mM6p2{~oZmCd($W6Hmo(=sLj1oEhKDj(#5|=!p*c
zUrzbtc(13Ay+WomJdbBld)R($pXp}xTNx&PL&NjZ`9z1s@{5%edwt-;u3p=JYl<(9
zZ{sZ1?-g>Vx4aqsnC_K-4YY*76_K%2K^qX~M~zT0n?hJO004D2`b^RA_w+EKyB7yd
z6>~r?Iby+PV$%9ma;Q~gcJmaM&GO+1*p|gQP;<lX9tAo>)~8t(n{ZA`=AS~%xlY<c
z)X$(L=*a2*oD97;pYiRdEfEC#@yUlCw3^mAP16Q7OgJ8~>vm6(VGXEgrh<JMgG!L?
z;lMbs8=4v6!e27-8%AqOWA)`m&+nj?^9A&fCL9Xs)&XFGyNsdsjVr7WaMcZ$tx65$
zN3c(LmY{kSFTw$!PoddS!z!;d*Cip##hxAqqSh>2<uFF)R^)*XY^~wZCg0X_AJrnK
ziw3?kRT$zyu%YjnPp<u*CUkjn)Jc2v7e581O;Ja;T-jGn;DVg{B2$3|tozj+xSP&a
zbxg+m4*(&8KEkN9^3_t?#jPfWRwrEs`p65DIypEhh^#78o&fBUg4m|mTr`))R)tQ7
z4*574@*MV6!e6$zsGmU}xSPyYB?7&?nu6$__*J5g@qI=NYy}r1DJI=qG<7I~=3Ww%
z7ya$2y^aZtn9>Gl@vwd_y?TEaf3JA(=~x2_z8glocYJtvB7WQDdFe5Xcy!;^TJ5}k
zzYKq~f0WEo$Aiz_TjV{wCbQPnMJt-*nc-lmFk|^Nk#^B0{fU%AcLSxyA#C{*PXOv~
zqUyj-8%C6ek`WglURxIm17Vd`yfESJ%2<IMeXV(to^}@4(&|`atv-o9(63(wg3{5W
z@HaGcQerMqAES};yr?Kpng~dNs`8!{yl)*zZAw9kXt^uV`gn0_WXzPzria0Snt_$U
z_qaX^wLx&5YSB+FVZLHHmi?-tE@g%84K?R{&~4<Bt-KF4`)uXw&b;OEjT^Fh4z$y&
z-j2EkXeAp1la1lsBjoM!etW2!@4)IdE*6wFdrn<jJs%r|mFxC%xD9dwkB8pxL0?nr
zcb3NGMPW{=>VFe^L&`&Ps<l4-B9#umDT%toO7-6uQv!d;Nho{OF!Y_eq_-I|G4`Is
z$qA{?taqU{<jh>@Kib~kbme{ih;e<|b!oX%^iVlS)}CRx$_r&&t6BS~<AD05gpW*z
zbPjL&VQaR*gLA}Mb0iZLUKU`yH8Lh;4(bf~($~(?6rph@efmpyrButdO^x<va6@y$
zFNM3VD~+>nY!7WS=%8{XA1?wgI>tZF?AJ{PaN^0?C)Ke%%jx9_kj*2X=2Um|ya>Ec
z;$)egMLC;u`nT=4s+{xg=n1UQ++N!<6fMw()XBxrW&W=rn*+YQ;o8;o+pwav=@RO4
zQ7`nw`l5ag*RY;k1Tyw0)f^$4oxxuwZO;fN-6(;5xq!x^#W7z?IYhOB2OH|K_Y0=6
z{SiOGK{{#w1lJOKk}LGo1}e7}9-!T%YVdqTtNFmlQ0Osv^G9`6RuaValB1!q)Znhz
zRpedpEb{Zl^GmeK9<Er6@?@7Hx>+k#4SLP8WtRUV5DGA0<pXaU8xJKa)*KL^LM$%X
z7cFXU?q6medaoM5_o?PBDL#f2lPbnztZw`u-4htmRqbAV`39c}_(79PmK`=cC!=wA
zz;1dELo#U$GR%8Vjn{)zZ+g0q0y^=RsSQMG3Yh0mKEVe`3!E))cQuC=U0x>v7t2KU
z1mvK309V&-s>rPB*bOweJ(*4M`R52=PE>!I#RUD<PKKRXRh}oQC2qNSMSGfu06*TC
zY*s}(`0TSM2WgRL4IS*OnmL7*<QVuzO9k@ZE&10mX@XXTxQW`+X+dQ5ZT22Bz6nE6
zAAb<$_UMjq(WYU~`M>7eZ||rco#nnbA6V5QXn%9|9D0QuP4pkAWNK)%6o{6lEe)($
z`pbu@^?2836gJ=9&XNBZ+TMHcQfJv%&W*UJW_(F%UG0Rkt1lO1LznF9?YUWz*)jSj
zqVwn}+7<0c%gHk5O4$eXU-wFZIBIn&`vA3?ETqL5WW@vi{^3)-8{2m&=qc}zxi7A;
zx5l27oL#+x&=q^YEY5hQk)X)PdaNb;ANQ&O1F_ce<WVH=mta~{%E*z}^iRWfq-JgZ
zDPKn2pI1dC2`v!-g((1<C^#s1w9u!k;X+pvqN7g&QS`Lc6XsjGL52xbQ{fR+)ywzJ
z_LTv#^#YhdHwSWxT{zj>#(vt*dB4z7{tJ*9S`HcpqAOG+mM06#U{4o2W>^;YGwK6-
zl<STk-;`eOX?fM?^r7G{t{a*%)}Qfw1wO~|Mf7y&%r)&y6fo_I>_{i-DHzQ5dHGSu
zF!j3Aup2|o&`30@mt{1fM7}o<8UGr#hg<SH@e@A;IA)(_2P)b=p&>6*I#QbK5jn*b
zB)UKrPWZAXEfXYp!tyu|jdBX&ydR<&Tc?0`3F)d($A&(G#g%49e1oT^Qk&WBncuU2
z9ju<e<tH7zib{mBfv*_hSVFr!OMEq`+(+po!hB}vppKiV$%mJL%_@T<0DC7K5TSaL
zM^0}=PwxnD!B!-19p99|)n3Sk{-CA*2b%itHJ0S4Kdh)50}FKo3!6P0^JgpGl#8;G
zdtJKSmez*eeyT>in&Lm(8J5{=heZF^BHqA4;Jp8H!htU?*CCnkqIcp$KkT944NM|s
z-lFtxSir0NC&hS1*I-Plb?GBjmHN0rsf|Uz?$Qz5>nKp*nv(x%>EjK|bp-D6%W1S1
zjMr|o-l9x^D2(%gbiOS>&c1q1X%v2t&|V4N__O*h_b+>l2>AERIp?6BHWm0+ZQXm_
z_ALI=87GHhLlH1{^1*fX9vV%5QfCMXa9%;UH0V!u8Fw{SuBUM6Up6=5F<qui^&r(%
z62w+XYrH|VR+->{y4ly9I;<U|J3qPHmQfAda03BU!w`l4wopeq(j3`2Sk<e>Qv0;Z
z=99q6v8oGy`5b<ExoC&^6zOSA7eRAf_pedAN7705ZAwW)o>280VyeY3wLJ3^s=mkf
z+SIG(pjz9N=<(r%Jimk~>lPSgdhvnHp=nX&njgGYLkgaAzt!m<lL8ZPv0$o+u8bvV
zZU)N^KEl5Y-|SGumA(BT`KdJFYazbOGKkzJ6I{>B_u++DCBSt7>8*l6yz39_yMi^z
z;1RA{1*`+Ngk~!uy8bp#Xs;u#)@Dl0=j)<&?;?EM4^onU!*TD$kONZZ{DM5~a*?_v
zb=?qiL%R#^*7sxhKF5;inepW^ugNX?@M_nJ90CVYbIqy-R6QE7<i$i}u!|jYe?yJL
z+o@V~)bng=63?Q3sv<6Mux|G%LD^ScGjZcgmGGiV9N@RaiZkkkhq{uprn;Q^NIv7l
zLn}>YFeM`1Q}Vi2(!Fctp||`1Rc%afQB$>+g*Kf)4NK7_Ht-NLzLF)Z(&XbO?f$YR
zkfcTGQBTyWrh{j!Rp`HG%<|fAb6?r+_YNe*BgYKw7-TegQGY&un@^fUe4hS#b)Udc
zdC55=0y`B)i260gb0~T-1fh2f&$tv|v0+q1NDM*xte#rf`vGP^BDK)yLvTZW$tlm^
zacc#vzl`oZJ^{_5A)wu!O_Aem5MCETf@t7YzC$^<`2}>v>CDDYQTp_}kCqoV5#aXG
zwOlZmHPUC4&)Zo7qQ11n%BsPw5av@K83m5B)zAFpYA4EYjw&gpk%n1%nEX*=^Jl}r
z{^ELM9PVrQM%pLLCmjdlcFOZ|nhR-mOt2xM7OFe(Bp3^X=jOwTHRzv${;<2hMTlR9
zHrC$qk)?Lluhm@t0u*CXQbz?2heP88=XM)sJ^z1feRW(^!Pht4A)tbQfUtygcSv_5
zpfnQF2qMi2NJ}l!B_JgY(j9_Jigb5KEiAdP>^|4$_q^}>{PBK1_p@_m?##V&ch1B)
z=X+*8Zugb(4ek6O@lwn(O+D)ocBxEVwlEsRUgjLm|AdSf?H!v!*g0a>wM?}4?3E9#
zs~7iJDA>WDZB(rdAw6rCnTjR;ZezRB2t*`L1P|q&veKQtxb-MB8N?1+_8)7jlS^}M
zxA<&Ca*wn&Pvhy8P--zv5S)f$aVq+FBnpkYE~%7)pR()N-7(q+5e+WLmTb+AOihC=
zdD%p!L*FPbD?F8+?G%0HQvp)2IC#c<nF~_5pH#f?aaY|9=HUMDm4W4ePfF!Y9Se6J
zON_TEJG@HW<=ju~4_#xUznVwdPC*yn*9X(&phIkJ-(02Yr=;>SiqrHGic<hYXrEHu
zyzqERWwMkJbcr9|xSO((_^V7>U!Gt0%ur(57j*b^_On|mY^3DDG1{|r&wqk^v=UE!
zUcFNSzl?l@=qL8a2XdIhvG{&UHpI!pIO6(M@0jBxUa^pO_Sx<0GbHv5J`DXrdV|?0
z^TH(}_iyF9m%z}p&f+ZbA`$Kdy{GEYc5c;ntyFH^mi;o3fM-mwbHn{Eo;;sNySRds
zt7#>%tTaKy@|DlG+TEY3!^^4VY^mFaf4M$nn8XDZdzFoBkMT_hR==-_S941SW|`+B
z3c(|Q)guuQ1lSpv4RQy<`}n6>YKFTEYAT9SE+y;i<avTf4i5+7MJZ<zXM{S{o$0=>
z8nWlhDeyg*!6^{+BQeX3F*_$>I~nEL7q8<*SUF#ZUFimB8RG>fRk{+CPniqvzl0e7
z3@Ac})`mZC-g`4R!#kl6S2XsGUQX<{>@J@EvuQbE4!p}J(6BZOKmq`VOHn4>Dx^ic
z7SQ|>A*l$+Tit-5U^V8|{L#p+iAljtPSpti5)1R^S4*x}dgN{TwO<n`041);Rv2z0
z3adA4QTv5JnIbE(^M)Ic(h7)ZmN%YF=WI(?0>8+nO>m5^VjXVi1%h;=^*I6+goqMo
zBFsJsjkw#4YXNp29^@<0Y=jV?mXxgcEXAd5bpLYje#cR9$D@RVnt_<qF=VWnZG3oZ
zihb>SR%)rv*WW_4zEQ#rtOJgkS!FsIzez;N_nUj>jntk%*%h;f_Y`Ae2dKQw@BI~o
z>I-o4pO?em2*07zIQ<JLgcGJX$LeN2G^ECV#!6;jWC8kgr3uR687#YS6`|ZcV794d
z0}fwF*83jw$-n~i#hJOlh?=mtO)aA${$IlAjB=m38|cfwjH3TC@|#c-djAXP{!gwy
zYp6RTVGa@798Txyw`G&cit%i;obM;~3SuIOEQF2T78WQ_lRjdm4S8%b7MnkVQ9g;M
z7D152_0!qvT`{eYNLxnv<e-+aLg%>gK68nJ(rDD?ff?pyc1y*v$CpFZ2;SG6!gGm4
z7L`VJ36GXwWG)$!2mN_Ab6a+S{lZ1ET4D$P0+ItNhE0<!QyMngf;yTp8$FA<+81=h
z{gely&NPE?ErGQDaijE4xVGvU!A0!~B%aAMEj9;(P8pKU0H_A4cm6@`#D8R($L@*b
zL13KFZg=-jf&3(r%f`#Oqi@&#OVW4OEpFrKmi5=HvhI|Jjthl33Jxnd+|P;#$+T(g
zV7e#aJa<N29HnPgV(e2luybn{m08a<miC<VJ!pf4*>$p)w+zIhle}*5)fnyZO1rPe
zA>{Gc)G)=0YsF7_!jP8}4FT*%Q4#C4K3GHwD+=|$XdP2OH())Lq`uagi_e*GoTIWr
zZ<=gLAHJ=dR&d}?Pc-;rzVH2$A6GzY#a(zIl73IciB1J>Wy^;DuF>sTB+q;psrw(C
z{b1@}mS-C?!HBVXUKTKSmYc)E)q7E9z}T^GImpgDHS=+f_iK}Va53+@tV<I4yT4Uf
zaG%2v#+Qv}gP-vuMQGw$ZBe>G996QHdStMck*u}}D&zaD@gD(D3#^0oFtRukf_-HJ
zz7De&V3x~3!b?*{-HJJaeH(*jO^yKY>&~+fOrPM7t2q9^t_S3AW<%~OS>>k3e@=z^
z>A#ZxxLxIaHZ5u?+^aKyjd5}YPeu+Cvmmf*@LqKKGsr?#I{8(0!`h|!A?bcLB(Gf~
z0PIWQqtVA0R4Y%)o0SM!dUFM2D9D-cy3U$DZclXJVuZH8BF1>VHuhS4$KB(LKC$#4
zg560Ke&&-J7xTtF*3HoFdOeVA-&x<?6STtP(gD@VtALM})IEgcweA*bJ@y?qAIm#%
z$U~f8`_435m~`LGD<qq97g#-eocJ5hz$#r&^>G*!65Y)QdnhdXqUljU%Cs(MplYt>
zs1;mjx9op@s^_#B)`5E&+m3(Lq=UiTp&pd(D*s6E@Nr3RQ?s++-XDYe1-GoxNzHvr
z`xv(KZ^aiUJ;zz269hlfoCJ$T{_cF<$r?rZ{^qLjeJkkr=Pl@D+U`Tq^QfOaDKR@p
zWeYYH;gII)Z5gN2_?KCuX%)}k8@mWbJrLJSUkGJmW~*nXYPhwrU@HOb7P3=OCpWo>
zWQG&wREz|D>Nz2I5|kS-M>e?sBIwXh&t&op=RMcP@;wk7^Ios_m$10;&Npv*^hxsN
zi^+1=v>mg?xQd%2jnE+D;uo^n22A<N&yyzd9{zIFCfaUb#f86uU?GmwfZN|*$kP4M
z5+ycZN<=;URV0fGf2$iRJ#5I7cmhNvfv8TXbSw~E{c&hIUGjpV>Uol?6VWoGjhF&q
zyH^)v$@sHshTBiSAOL!=nhp@I{|I9*)#1(ICR^$601*ETr~lkA^S@Xg5G#5PwXL%=
z6JStpdbIWKAE68o0{;kkfH(tC`wTJwQTLCKP~WR<sjH$%q+N<V%a}Y`KSWq2K%~A}
zOZTLI1JTFhCsk&$iy4$#HT)INUly@)(9(79#JI?YmA@rtt;+UfdBT^aQ$s~`#HO2E
z_fXg{t$_{0ym`5wQ6=2}#F<*Ibxk@wUi8d&%Jelkzbpoc;MryNfNMx~CcBm4$JKx?
zaU!}G2hY!0NdpxA@au~4JWP_*eX2FQqlx=XM?*C?l+0mWS^)d051!-!$$Nh6(&#7q
zWm99lO0?{3kRnMEIsI=RL_Sr!Q(BPbYFc!dz8AqU<4vV=nE&J7cs53T>wTD3C7iQt
zac!yutLCAk_V^JrW8l9H=ZT<H-~=2H{K6fOQZAvFA}GA%qsuk>8ut1~SFTUhFGqOC
zjc0rG9PM%5chg6S(V2UQ?@N0MUj}8IzIf=o!))GAqN~mHE`8h0mLjY2#Nc3bpqMhd
z>}<c7yA~q7FQjA=-cg}WYYf+MsSi?rkCiF;ii~%<HEvt_&C`))XUF?Uu8XrDzj&&8
zo8B87`0+RLtZ438&=BbE2EUIFxi;2jtL~3lu7)0|uhX?@Rg%c0I|({c&fB)KQJGu@
z`ed^IF%Uf0(Pj&~^zd~Nd`CO!T+DV(kA?m=lB2s$-8O3W*74)hFm|e?h_nikOih8r
zlNmb(#dSN2T~RFXjJ<6?zh4y_mDI<9e348*MfYt)IBGdl%)Ye|^9&?Uq7YBOLF6;7
zeP^#=YHU@!08g3c2ACwD4qzLhz9!oshIxPo!CvhHwz92+_Q~!5Cjt8JEqynD7y$?h
zSAb{+h)HLFC<2INCxA%&m**`&1pdpDzWlphyaC`n-m$Ctu1oZJe?O$DQd-z4d$3=q
z(LVR(BXW$J<~XY-<V=XxI60oyF`Uze^hCQQTJq0!Rn#h8<<u(t*Jk^n$@H~J3s_A1
zJ1qVU)GBaMOVW?+ok5_(4*rt4K{FZtd|RA1S#FnoW(!9w851wU1c+hReQGHCCx;I{
zYM*>|0v3Bc*(aX?d6bDyUU!l*?{N~hPVHlioG;cq7#!NQk4q>{zck~5^7nW!{NkE1
z*1cD;tTM`QyTmCz<2uJ2miPSF4j!j$@}kJEvBWul^x3-7HqN+y5mWkPhXp~hC)b~*
zxOvW+Y|R~qe*Lq9a6RtjsFSHkzWH%E0o2i?Ar=D}EK)(>a!hz#Pl*w^Jfd-0Orwcs
zmO!|xDcBqIYEbFVO6u+o!rY*ajm<-<0DnM4%<DmUk~-~$B_wj@NaLMT!f9ha;Pp~0
zQD~XP0t8{om{cSGFTqE=&@zhU;C}*Tu|muDEC)a!l?9#ZHtix0e`)nu;o>W8mt(B0
zH7^x5RYXAXAp>kUBFN>@%OSq+306i=yUQd)^nLzseC4(B%(M9KinK4IgujzH8U2gv
zCwwoWf2k_*-My;tV3zY=(CQv}@b<m$tSwCL<;ne77tY{HN{rCzo%@X4W@Bt?vy<RE
zY`K6KHmayT@gTSzvvI&`HB@OjsANQ`Rw>;@@GQD(iAbAGVJjy!OA7}YWWm<AlNKnP
zNf7e}VCl`6qbOkH7FhHrcM%jyglF6G;unM%v8>*&WL`5jULPp(@*76PJO7kfj~m?$
z_S^g!K6yDjZiyhGC6}HvllI<G#AC1nn6bbf;7UEH6zH)E5bOOnGztPls4YM+0ED~^
zKoB)O3e<S#@R|HBBzSUg%@I3(BKq~jA(>j9)yQf#2LJeos#g@im!;GyIOgp=*enu`
zm@W@{Z21_Wz8(A!##3jEpp6}H?`E>~!1l12%&ErX?>H>xiQQw^EdIl8z~o)9G*2gq
zG2R{DnGv?{(K;}N1&QLd;lU7hCUn8<QP(sj&d{>*H+uocU&Z<up!sh?=eFlLZB^$v
zMX2-V7va3g8$a)gh}iCHpC3`eu>7}dklMq(`8lF02*%yQ-ro(DAa+rWN*#5>2&lGO
z-Owc7Oo6PO#bRu)^m9sveM~tyGy1gM6KJZ8G3>8A1v{&DHKMRuA=u@j?+r>FxlnmI
zxI`Hep>g6>U=nkv`JSxY8;~@7)o33Vls^8&ljZd!_Ir9kS-_K6+uh3KBq02sDEzdk
zYCm9S_~A=FMg2>`hdb1sD`ExrYi@RMw9&@=utXygVnt{r#~EaS;P3{+dAFY1JL;8_
zsTWIvQV)`hzDtE`_^5HtJS#Vf`ev~5<bNml;-zMY@x|uK7rU=duY~PJtz@le>6Unm
z-&md}3X5jrRFS}*YAw%=F&w<_%#Ane$b>(9dhLC`v-H$&G^kKoa43!eo%DcVoiur9
z+0VS&NTCIPiA~J11^<xA>Q7G~faqfoULEjL$_uJsh}qEojDl~|)mU^qfA;xz1p4}}
zElv1i)Syfp7sO)AwH#k>bBCq1hnS`HiwX9+CD8aLo&4n3wa*_WboaMAw)N9J!(q{2
z^S1$&uJvl+@L!WPNnzF=k$q?kO#8^!$-{(@@xXk6%B{r3z+Z#DUboTaIsMI+5hd13
zaP~cLK?SFW2xk8TDw5M3IreDt9HGF!JDMOeN{SI;+8+?eVHweukN*sFXn8`zno_o9
zcIqPB)xFQnHH30>kE1sz4+xwGuRA+y&aJC{GG}#sa<e_3Y|_wWy}W2KA1O$L{Megc
zR-cWG@s2f>(-d&Bq)ab0P@0*tt>cbh*|HVk+FAY6No&b>*Gv<9CFvEAV@1lmuWib(
zoTqz$pfuonK%sT-$offE4m9C4L#(9K`9g`ULEYAj;u4EOzLt@b_rX7Evel?lL1~%`
zxUZmutU-j{{fQVpq4I#eh+mE}%zO8e5X74<U1ma51{`hBoy1+XHoREE_Q9~Q>(qeY
zAawK5;=3s-HDMsjQ;^5&!sgAgq=Pa&IWIl%Mw!9An0vkf*jo8MH>-Z?3uEzfq2SQ#
z=jR@$zeH`b*8239qW>=LtFz*LXPppDAEmNV%9qv*+HkM?OYF<JbQ;lqooYqE*+0jm
zJF?3OmJ|PGTzaWN&iO9(b$xcLT^CQ_{_RGNzyaUdzNL4Hy-0T?s3NX>#(rhi%|exW
z%%{+{EO@}fE201;56IAoHQs1Ar9r6%^YqtBGUrSH3s-R%gjULO?!>+{)z{oM{TZO@
z*jZG!8v2^Ef@{VU_O>$drdbka#!Xl4jqbkD>}VI-Pa948zNcB9<k9qVEF#5RK>lU~
ztaZA8O^;oyWr(KS(f(B#pI@|EFo(;h*Jmw&g>+yGuy9)N#^}{h12VcjVENOj{~7|A
z`3~itb^p*gIA!-jEjb_Xi|fr1bJSbDt1a@bWuZrQaNl(d_9hJWl1*<E)+BGx;!E}Q
z{&`MO)=l&)lrxtSIz~~DGzbT-2h$S_zEsJ#`tuKOlNY|_%eM3t7CR)4#0%Vp#1Jbg
zYUd@Hn*B)(>I<shSsid7xN#7?@;l7zuZtm3bx)`vs0#UFX&+!@M0)9i8Bx%MC<~-y
zp3&v@vMFPSx{ywz4goagcR(j^x%Z5@(P>5Y;=pne7yn=lP%O5Wm?Z4aoE7%|I@743
zx2U0?tZ=bka1rVB67Gz(I~d~W+kY^vedyIHIgO04^uCRwp)PaV;a5E72*-40pZLY%
zQwhNT@&OIrlX{gh6Pbg+7dH2XeF6B+ff6~#j}D*aUMAFb)o?GFy!qEK`c?mFkQFU8
zVIjQ)_zR#(PB2f;izbHG$Rchd06Ri=$f(Q*HQd>_dObc$J(`0V2<{~>G%TPSFt1v7
zw(EaeO#<{jJAhs+vy$TAM|W(!-W~yfiF*u~V3Y0SWdizTk<VYw9Fk4f;5<ZVZ274A
zb>{5@2L8s6%oUHol9FJ_zI>12dJkvhUjpz6MC8N(`6To;7gMS6nbAO^$Lz0sghkOi
zB{gx|M36$nBPV79F@kIbG5&0?T-i5&b-=kTTYOQsy8r&^>sl%P<V7C9D1I3YFiIDo
zr&+y-ZkPOqVjfYbI)9KHAU{iRY4+-|b6&@T7oAspcMlG}m(rKPhP{h@Me@8pm3F1r
z7mQOpR^8>u^Lqa;VHR3{DEyCTg3>lW&x?KG#>6K{`cPLHdE-#NZ}ql(kmA`!G#{Yu
zYEEp4Q9FL*5c##QWLY8D_0h_+moc6n18M-cnyl##nfNz`bo&C7Vp;_4_q6M;-&SAq
zpqq%xN4~G{FkSKictU|W08fbajBn>Q7^|5${r0EZEXSUfQ5?9I@qy1?Q8uA3BgQdm
zda;G4+G5iQQV2FP#&2Aw1<(Mo5#7VFA}B9m)bQD4#X&>TxZ|_<2?fdgh))v%F*=c7
zc`MVvE~;A%Nv8`|KxNqgT)K%pOO3Pi6Usbpiae6^xBsXh#B2FaM0>Z{->{(xtbIQ?
zK8x$nP$+wAD|_pg@l-2&H;TL@{5DQGKrr16t=IEaH$IYVJL?{AIa<g|7t<Tcp4%Ms
zQ-~5v4d~a?2g6Ya$3NuR&)#CIRVDw%|2Erh2|)R=#a%m|Gz(lm(8ZlK<+9|nB>yWr
z<HwmXpm-L5ar<(M?*m9^a5ipE@!Lw#Himx-Ex5~7;VYA+hr-vdhMj&gxy0=a#*h(#
z3MF4ZcW;A&RB$Rn7Yk7a>2lSvl4O)0IR9i~d)9ODLK?%`QiQ?01oefl@W-7915I*3
zICY*bl&^!|)*IT$aHFGvnjx;}{IVOBk=pbU%JZX2!#&sSrPqjS1;otWEOnWAC3R3#
zdh7?Efiw+Y>|g1OFq^G%OB(2Jk-QoPX8%TNl^WD;#AL&MBLfZeye4%5I%LeciHY&1
zBM3CqikPB0!}wTkDGQlv`DYsH5gEQIy>))gJ;9D|X~=^<!S|`nrRiew{pyB0Ij%jI
zg+^rsKcXv9-~y}aZsD|Rkcy{HhmpQ3NJU5ck2mRI8?##UDzy9_CeHxlpA(6!zocZ0
z0Pr@C8&c=W8WdU25C(5|JcLaCzWJ~)E8TR>@dJKGCskb=jFeABP5t%nf3J^oK#QsT
zRaSbXlS=u!o-lQ2z*k4b_%AFmdaA$>YoWITo6jW?ca!A(@VC3^(}i{Dkb(FgmlZ!@
zh8L<?M*i>SEqXoO**wuYyb-Tiz7Esw+AR?&bbcM4NJOf}biOvyizFf|gMdArUh_~I
ztW*bnsR&x%9h<6?=g<j$BgTLM$I5CB`%8jR6a9G@a8fw7eapEOYAyZo{nz1$s4dKI
zbT3;uX~kF>-VQMHTgTI7k7F7Pe^-z+kGK@SY<@T+Up<XVHCh_%smkDG``fzfKe5oY
zrt?HSQO*Gx#i}Pqq4&_ai033G!YGahe*D%TFfdw8BFvQR(g5gQf99mYh$I7_8bapj
zqSaGrmgia?w0MvU^z{QDOHU)dPr$FRCBb3GIsqTaBPGYO&4}7@;)FqBn_O!8Dr)*;
zkB7zQYsIo6AqFkYV=4iv&P5mE<uw}nqz2h?tW4U{`<BD~9edjB9-6<e7{xS>5@ThG
zYxka0$J2cYn9F@-=a;?O^jB=-nA@Roq0Dy3?Mt`k7ihJI=&;Fnmwv5nsQO*tUA>j0
zrX<HVE2r}guId^Ou6|NFyN^Ng&IO<GXztUy2?-8*b%_ZMln5=5B)Q8nEKFsre9>!#
zugrY7Sy%lRaG56&kMwB{%1q3qLGE8VXbntS{nezo{PhGVpEKmIRsVFU&-R@(zAXwh
zD=uo9r1ouU^;0wN(mp-t*0354nfZCB6VqEm#4ydi(!ulP#sD7h$N3%Hg_nUceWcOn
zz-4s@fQ~Gwbzb{m%4i)JQijFuaLjy!ZShM1+aM6&F1@t<OQ`VlT+BZbD|m8kKsW1n
zRIy_P^%=A}Zp*K{t?&1uUJf_+!|s{d!zUQDUCb4ctB6M?Gtw%`q!_$ZXVjkpiYxwb
zy%I0w+`;7G+>y_%3{`DpVySO;OWt<pUNjs#^P?7F+Fe^dkQ}o;XL^a9Pgsa2O9v4-
z{mb+#NCN~7(jgGcr&brtrwJpmo_2vq$7*L7sos21rxbAP^0ry4^Z&v*>SzG@RSMyM
z-drB;RIgSE9skK)<~AZPKGHZ@ZZm0Pme95-A&uoaqCY29+FJiZB8b~<<nOr3XcN5;
zsdoV9NNN$UNkW^s1i4U@Gq^%<Zbr=qhURrZw`c4;c){`tW2SjiSx34jJlYx*=$_`u
z!C<PXe)tLy?H3yIG(x`FP3_4Xc|Z3Dg#3&T;7M#)p<REvw2zz`w2IGvp33rSP_kEg
zu^d9F5ovi=>pw~*)w`KDFAa|wE6SgjM#YTnVbmeGnLY%HQbmvLVbvjmm_+j_26h|5
z=7TIBWKWRVo-fF|$|@4<Hhi*{H6&1}pP^f&nO?m+zWdx8wsh|ScOXdFIdBBw1=pEI
zaPj-IxjkOPzHx8xjhr`j9r3>49rnfwYul6XKgYXY-@_%PQnfUBgZ(y*1gwv`AS|y@
zC-8obX2pzWzmzAmsYjmH9}X4He^I-CEb^DIZhL5Y#p<1c#TnOw*~4ZH+OX>mH_C9?
zfb5H*xAwg?;>HW9kJzWjOx`K1NIqhJ5a`ib+xhL<&%(A-J%7C~t>Ywq2^9I&0@gRn
zr5S=7W^zJ-L}IiDedY=YK%h05t{;Y)PdW-E9up0G;G<Z2)S17tVHxU)R{0dDT;kcR
z++y<Lr#<MB<@fNzGQH9l5t6u^{J0;=A5`;0Z)cqJ>tIubo8T$i{8D9H^1a(2&KvVN
z1m2<yX_t>S_Wrr@$0&;RA|>Idf>~LvC=80#*Pq;J4mO@Bihch5lr>E7^Y8l?3eq}m
zT$PbdHv~izn0&<1un?rG`@HTpn?RSoy6t=oBeQ~F<*F++d)pm}VOQy|$8Bw=fx{8y
zbtN4s2DOQS(dKWC$H#29x_=N&itfImj-KyZmB59oX@t(pTEPp6m4t&g@F;ZMth_>_
z%V@<~k|?j+dS@TLd}{R}G`fq>-P3A|@1-AD$@<Q%ng~20P<A(dkJ-I(1rx*Bq@{?S
zkUqqsi0;hy4OOFOH|}DZ_Fj?3IT93${@A&xOdb7^v~wE^;hc{34!dQAw8^;NGhURW
zAiZOgIdVEYN#vz0_J=VP*}O>i;YaN!zlwNI*J9=+De4;XeL@?6J#CwYzshdyI;G7^
zu27nl#?4Dw49xyzZqlKy^I^8-3tYgx{rul)i1_)o`=@n2-Ph4ohRjX9V0K%Rzq9i%
znJIMxS8?+O9~&(ZIfr?t5{zToZqd+x9X#Z;=&1hl^FKjVZ3Xf_DR8=)iYwoa>f6qt
zLrzvpVl>@kn*!hqGSSu(HE-)|W}j93KEnOEMS+=y$-aVj1h23OM}ZTN++)5W#&5EZ
z<sGrsV_w&d?fnxb!*9Y7x^RjHo4WtzDWn@<etp$JJUy_EXF=lr`{#cGo<zF$BU^ag
z`YrO*5p+nEjmZ0_5p*FiARg1Fg3cX5cu~Y8${u1R`xyYop5_^eeI4<k`@O?#EB7Hh
zE83zuZhof?2wsUqIc@s1uK58eb2}khJ_uC8+)g*Z=hXu)Z<c2B-!7(|{h)d$IdqA&
zNxxIptu%1*(Bw!*-%^uPoqOddeh)O*FC1ed6CWMCA01sU^7I4uQbb9@)$?U6K20s(
zvXk1k8u0hM-v+f~*xWTJ59$Kc2j5(dSPUH;JOPwWt{TG63<@O_`6hD;(%+8%))aQ!
zXU#e_AdkzkGv7c~yOCKi6!Dd@q#i$jHIMGDO%3dHx!h*2_Rn9JlK1a&Q8kE%9*z?E
ztNR;eR{Y$IQ8LxhGM7wv)Ew21S4;I~iS`3wdk=_f%kfu}h%0sb_WUgWWy}D7NUOT>
zV2xOl$mqn(U{hp7kW33rlN=vslgQEa{kkm;d2=D!pf=&x!^*i>>!)XByM1BSV?j3Z
zNaI)z`rh!FCY7=}Nrm75QHA&!3g^l+(5Y5G1&~5r5kzHY#)6cwqpJhI@fm<g8LQG1
zCWDDhzBT>6Lt91H;Cwop2|pCmh_-}VwW*`3Dax^b5|eH;sLALm_-!4~pB38Bpxk&F
z&HK{LSU=5`x5bI!_WL<H$9-B~&VyG7pB~#?E{QCGa3*BA^Ae&G4f0JliN)DdgzsfP
zSNVyDgNwfZuj>@%4_DTi>DE6R&I&p<xb!gk|6S8ag9LjYKNUg=?I1)PJy@WiZcx;$
zh>jE-a<wNvll3Np6ab1zou@Y>>hsLD-dWenwuqzz--do){l@(;3tE-g6jCwuvz|?3
z=3uw>JKzVs>R>XaPdBTL1g8k(N5f=3HyEs8;?^2=aeu#eetRINbvYqwZw{J?81wL1
z6p_yz`c8KfYxs7j+aC40(;;~HhwArC6)To}wk~y|%V5k@`TMt7cf^Hi3-Ihwy~Dt+
zummIYUs>?7YU6O|ZNW!oM(0YePcPThnT?uXCe(ia`5sY4@>7p-?e=9nsr-tdHtH8+
zIgEgV;1U~p`(mm%Y2P4^pDU;I-Fvn7<>gF~S)3Nb@N?&<`}nS$Kgk!qD9Tu&#Hps^
zYJACs4OkqBn5XrHR+PSVr74xkjgG<_2)c_Y8k?X-OYw7C7tRV6mLIYv<5R9Hd`c!n
zMsseBJ2(J0*4CQ<gbQ2BkrJ@LFHTR~ZU$E5R(>KFw4?9swE&0}#$t<53HxR!6@j>K
zNh$98u0>)Ni4hBJOJ)X)+Sw7+dUrOVhdmDNiHv(6z8))^c7&RfT~12Bu-BX0dsVHk
zd{7h+MsPV50BrZ5NsL2r0LKEbXGlE2^C%Y(C_lKa^B#)j{N5_tufz7q-GAqoTQZce
z|1Kp+{?no|0G3XSu<B!UL2eRsFY_WPyDYY-RkzalrypZ^y?%=<MBjED#LqObo+M3<
z=p!hzHEyLt9}!nD@FsQee9QO$IN;85@4?HRzwlk^Uh8<eymKldFkDZSkOOii3|h*U
zr4Ggy^08D4V5gvz|KS@UjLX?EHAw4d;pAg(4cHz}mi%KM%`XMevr4fsu>2u=#c;qE
zGK}u~)%1v75%a=A#tGpZP<$J4OBs$zye-_1`Zh~lN8R!9r)528@C=R(EC~iNWh+Cn
z)p)Q9pO&p)`{5&F4;m4Kpoz56vv1?Xzh(>gl7!31iOU`yELB5(H;+K{x=C*KW7mYl
z1`HWZq~mRqAp;K{ESb|>)C@4CEBrK3TP$%q`l4!_&`=U>G^A9Lw0}fvx?=r?*<%u?
z$E_NpC*vT8E4|F%csQl>wmd~w?tZf`L{m)2=XrOieUQWYo>2190{1M6X*wP7XuK4$
zxfds%^+@u5c<>lARdL1GD(w@h`m2PVTn~5iKQI0SwUAe9l+B3%#p>oOFt?C~&8JNE
z;7V!U*4k|6)Xe7NO!NZ%?vsou6X+|yN7=hgFB1^$uj)m)3<DIn#+oZ3VsQVqzh%S?
z`iM-0nnbpX+vwlzLyrRTo%{5u1Jbz)=2W@gW;z%`(%ldXDm{rHI<u{+7g6K)Q6Em8
z%r8lvv3M&gy7U<b%6AqSW_G~xMu+CHwxQddc2#h)z~S*XhfVA$?L8@({)Q<~>J=eG
zVIZ5;`-$zilg!{rnH0V@N4WB}R@Z*@dBh#fIj(&xhq~(<mvFaK#h)ciYXC^<MWKGE
z;1c;4s?-T@#_rSf*E?@<@~GNR*S$s8yd;7+Tt|8_IzZ2~ei3?&<@W3rxk*%Hasi2c
zV|pf?e{EyD2OALOcbEipamc94^<KO{9~PEqG-ME^`CMv)M=FpCKnl!K_Ag`%&#roj
zv02gc)<}e?6&!v0=iE2Rwk7=X``|)!yQ2DIQxnrgKa-3$8Y4BJ%oB&}@|VusIVzc&
zMD-++(Zt&hfuRP*Qu`e-K*>c{5l5G*JgtJx(~sQ7;o?>&7`t5djmGC}z`$la_*QTJ
zcB(+yRY2I6GFQlz(5`nJ(;I^ecqdw+s7U0cGkrW=rY80)deY5^dPizb`^JP_?T4=s
zQezvv3$H8Q30=PEX-W2-I!O^-8`7Y4-6aKXYL1Ck?3Rh{Rh5p;3B~iX1Bg@AOjXk=
zgQ=72FNl1Su0Kg(3+h1C1smQuryejK{?IK^wzeyofi`i=OPf{eIC9yGD3*)rzul?f
z6OgUmaLq66(T*tJ(erqu_hfpB``U)dK<eLKT>#h#f9XldK!e|{gMHR7B5mpjqVnIv
z9_|Stjl=ckFf~<;Yx!JGDPo_j<Evre51en!?Db%m50Zyd9DnMa%Q*g26G>7kivT=y
zCDrP`<^gzJzTpu+lxE`1`IjZumJP~es?RC6KR&JBim~EcGHzCH5dnMV;NJ&}zV)Ad
zBud|?bK+YdYd^C1wc8=CNWdj$h636h_orA-uJ#=`*Ea13?rFIz;en2crljw?ArS0w
z-b+dE9}dp#;O<Xz2G;S~$4d;Q7Y%706UtSc#dXo0uPFP*`tS&Q_02#RkI$p8=63#$
zxk?4ceLJjmc2M7BjHS}}^w)jJQ!zza_FL1VFrqj^aF>~g+_$XmBter!+skN1H*-%3
zvxb0&B0n1IUn<`Jb*M&?eezy#lRJwe+^dI$Y+9+`2t&k@IwpH+Sdh;li~>-(V7lTn
zOi+;)eB$Y+HEp;)8)A>R&llplAkMQSJbT_w74i`J3>1!siuwd&Lf}Gc)K8dOm-JAd
zOPqo@pmFM!i$)Vxayh(5pl&9Ag3jpqgzd>&YO1QepftH*Jrpbw-X3*`2=uB%f20UN
zQQ(D;A_(i#wiUwBw2T>pfe>!@w6y!|zldD#?QmaFDA`!Y&duHrdc=A>>#ONevji~j
zXfpY#G{jiQLju+MOjXwJ8nO%>KAVUI^2lg<N%0NI>hAnPe_7;_j=o*UK`tzx3Lkx4
zzFB`N|Ht`+XGkt;=NG;Q0W`NV2ac2g%2TH-kB`(%ASB?u+3H?gTtjj*0NEb5tzw)2
zcArR=%SARNZR^~eS<9eHfR|J~Yt2o6lb;G?3e4IztE5Lu=dqxL52&}FfT9?3GAH~g
zAS{{m%3hxfx_*0bGos>mV9$`25c1?oq0>+~O|QVXAIQoG8)>iY@M|on8)%IQp$maM
zIl@Lgf>!Z#9CO~41Ftz|Zq42XtL+-LVk!Es<EJdo_bu_Fg@LcP<bp&&j+E;0p+zJ+
zq1UXfX^kUts(ZiiVSW(y6zSY;J%~I|ghh?l@ffb_pAd9f2;yV%7l77**lC8b^L6SY
zw-vC#8VSflvqc7p{Ox0&OQgi-YYr%>mh9N}W41MRe>JXHE=agqnxI75HVLHS_21*A
z+Qh3D48upyMSh(({P1w*GeekUf*(8ng=I^?1*)%YgJR}-daR%~mkp;jL+PM)ikg~G
z^t%M4Bf(lMQt@rKUvwT?Apt2C-JENOzv&}#x&}=~Q=ENhf-g??_Mo{{Q7`)NQ%I64
z`A<Wwl<M1jUXMFf?V0QX-$e=8QquuRq}rwS%C4WQC%7HErGp)|f8p1pZQDXL)mN3h
zih(=eXA<>|%@(LuKA>5BK=~kqFqB%Y%e9vL#tal*)p^W$s0;iXD0w(GgfRsP+13dU
z?g2kr=>As-Aqy1hhE(cy;DO@Q80<L6J7l1?kRh6zDzEJtCL{yoIvLpzN{)O7dAj&J
zU`l1eDxHO~BOWA{9F(xF32LSR8juXRGzhd(M;>qooE((DtqPK3MMMB~lVi?bEcbZp
zVUmEf?R%EU@=C+YMe4vqDi|UEkK4X%4}Mtn0xY9I{T!0bm&VO>Bp81IoNfV1Z$3}k
z$~Oc0!!-^x3&@2$R|9gbvb|aXa%D0C#qScf=l>NC`PUz`m;OkujRQU9pm{8w+>#v9
z`>)Itn`%fDz*f2H^<XKW>pV#Uswe=8Tk;<{oA3vok*!*<`0qw5FYt_O2)FYdPpNsg
z*EU$gFC_4msu)D~W9}SQvd31TCi?<T*nj?oU1fjgF*ewAfJ-&m-2O)JIO-Ev0WJht
zdvc@6c?m~p$bc~rHU!WD(1=>3dV=tc3-*Rw3i45h;w6$`qdD1J#j7=R4OuI^nq|ih
z`3VXK6@jQzkZ}Is;J7CqQYpxDs*ON3hQ;Kg{jxn@mYk7QJd|G_dvZstod{F{<N`2%
zw`RQ}ds{y1tM}q#9uP(KJnt48u+n9RHatJ_HcskE-nC&TPjFLn_Q8tcpOOH&B<ZrL
zu1lAqg3hUO<boFb77tMg`!W6=tqGTgQ2U7H>`{<O<k(I3fOAg8qymqh*w^mK^tCSA
ztb<kjLa5=`P%;aWtyC7UZUVA`FsdVMdz3q9+)T^s5wtN9e(trsmc!DmZL-871v&a7
zB9woA3!zsMe9HkgN<bEQZ}TzJ!$lz@^`{cB5D37aLSMRtR8cY#@b>o&GC+UMTM;~$
zfZ+fg&zNSIF_#71LXU_ei0X*nt_NPzo^SUQx<|4D8%_TAe%-fgUZ&Grx(WU}P6GER
z2eFwuMu=N`puIkM%{Jo~m+9cOVMZP4lq2B0>QQ4W(GY<%rohWn4U|NTUw`JZ7M$G3
zodfzD1Y>*Um{jv*Q7Zo+SIJAFA`#4n_~D3<T@1gi5l}<DQn|4JnLx}H>mwKX<(8ta
zA48kfQ7PLWAX06C$006qGo?rDiE3NKYO50<w6w;}IWP*U@2RUEAmR!3>VL5_cI@Jz
z>_2(?7l&GD-&kb?jrKGr6rR6iyL)OspZ_3)6q*UzOE%Z`swzOfPJ>-s46_GJieC$M
z)F|&X(GJh)wJwqDh&8|$ZeWx!M@XQW=z)`8m!|l35JW8HXl;Z`msO(7WcOBYf|<=<
zMlr+aDzFmyl{;wFvgy`@0%iee2=u>4GC@_<P|*Rgf6X)OxFCDU^k%Mp=!ixC&~2By
z^7|6mrHNAbm|8XaDjT+35=%GhSzD61*%2^ZxOs0Uf*7_rAVum4hdY-nyU@<jL?4i^
zXE%H=*=~q_7Dlb^&Wb4MU48Ou_<X{0QFUj^<SCI_6Jxm**$6=m)2mKFo^JE<J&%s4
z@l5qDRrt+ICyC^3k&25QFl+lWa*l%QIE{;Y3CQUR$R%NR1n^{lENdGCO?`sOU5So@
zogE`4uD%?4Bn169_f&TXl%hErOGR@uo-4$p&&AjYKvyH-9M@jzyIySQycZ#5pjTta
zZ_==WfL#H9>J;T*l0EE5cq883iQshiP!F)_ir2z|^#miq9$Xl^JI9lEFS+vBD@P9S
zGeBCe9_w4vxLNyGODc$zdWf!|=Vud9=7md|{(F**p?}P*=EV(-0XYgtq;Jba-s;27
zK)P>^IVNBPR=RK}h?)8c6M_`#KJ@20JV7Lfk@0XR-W~!bN@x%ojs#^hIJV@2az;+H
zBGqS;gL1dcKxlcm3`9x|@9vLmVNKV4NF~a7bBzCVf;9*W3Jt#8IpP08eVoL7a@Z(D
zhrZzsI<02$$A&It0Q{(ERr7TCT-cZ#c`KAcS{_u<wHnYcb1ea_Aw8Sy&Oc7ZR?l0Q
z@RZXPPk*BhOdm6Ps7-oA1HqnGXejXEzXH{&MNXS3^Rz>Nvzz3O)^54K!}K7mAYGK=
z?p2p4u)|V8H|F<J0Vwk<FM5D*Pf*^A3%U{scOl&KstE1Qo*CL<fVd@I52vW*sdz1%
z-8G|ZjnNXIQU|BRxqepkh5h}Lu|@sOT+d(a>eZsBb5vcSz?8H6h663Q0ciaNPgP^t
zA@}NJ=%S6_hn&{}(BuI+mv!u#ab_y5CaK=qJlLCH7xgaXe`Bh>6Q4~PpUpn3&S>Hc
z7*KWCUnzPaV^G84V5YOX{ESwl^QPjeE_{OBZr7V(8xNvOJKU{yV+^TD4%))0>68!e
zggt--LW&wLU~&T^j+e$XHx!#z<H-4i9()fhXvO?Zfw>r@bH0URPO(oLSR!D94s{B>
zZ6JoXQwZFY3bhY3FAkqV&q?6U5Fzz(HiRTJAO9%(e)#gsQAjwj4w758L@k)y$q7wg
zW1RDCr)YHzY#Xy3Cf_TA5}6j_wgo_m?EYlXNl<A@r36%JoRMz3S?j9wjKMXDB_pSA
z(~bpNh?%)Hxb4X6VFww~M?qWThw^ntj}j+zhL_O|w}Hns!?x%n?z6t*jpIAFM6f0N
ziHBTnhFQmDl-(ABiH;HVMB#=Xk{Su;qa8*M?BXYSFn||^`4I6t4QF=^h=qb~-;gsz
zGEbiV+F!hw+pN3F#B`7GqYcKcF4OzY``6=xlSUzx@`XquMgMWRq(!&YHM8;Q5Fxmt
zCd4h%RTs`5-hE3MLJJjAlLV<I(W?vkX}r!0jP2^8i)l{Twu)&U=|M-#m<4mn)JV^G
zS}Jr9t0g>ZjkG&8@{qaIIUmM=GDCROn`FjL?;m|H#f8p-q-c+%(hg#ha%_|M9Fy~f
zGQn*o#wp8c@RQI;SOe{1esESZa-@{5YppT=I9MXC(-&5H75ggCBkAbHv5I=a(+t4&
zi%vY2$X(cKzITiCyI;1R*u#@;PFczxlf5~ApO4~pI6D=E`eq(kbI5&xPdq~qL&JmM
zbR?sr_`o?4HPAe@1Y{3W07|nS7pkbnpizI$6pkhkgUUgUU=2Z{D7`*aq1I^VrcfC}
zxcL`l*}iQqtu*qIJ2nVA3DgxP0g6hIp8HMy%PAb?aZKKKA~Xf}0HJ*xc2OBe5{D!n
z!Qm6a1Lq-4V9$grtG4{bX4AW3P&&;KB5xa0QE;hwA3ZPYp15}9A=Q5xG;Te?f`{UI
zbu{L{c<mtyF0>pN@#Lho_lha#G&ZVcfvOK=%h!tz0n@?yQyJ4WGW7egWI3Uc012*<
zw)N(&58ZWLuN6DZ*+Sj~p4a~<9VJ)1YsdFr0z21k+_8M3zWYHwmuZ6smDA6{r%s}e
z_ZRqre4l1{C6&F|{$-aBs;id3TXgNA9->uWsyOjX-BPo@aQRf0Vd4DZL2xif_b-7U
zt2{qG#CG=WUEix!6sf?4qkbAH;{Y7FeQg9byMc+#HrMPVTJJE5-c*pgz&5y#bJaUW
zXwV$kVCf1*X~TQsXkY3ra{g0~F<^a{KLLk-KFel7o6=r~fOI*hhL+Ai6AouXa#jwR
zHOQ%GKR2~;R?EH~IeuVWCNq8o*SdNSEDRZ7Fmvo~lZ2qkIQ%46EqDlo-B6}qO+`&d
z;;wnd7cV8`&_nfdl;I!|EqT_06jMLs?&Jn7#8$DC-1-NHjP#$hKOmQXogcp1GXDau
z4q>Djq`Gt!Uoz7jNiw-&YVBiUB=cWF4E$cjo3%9LoRj|Mk={HZR|01X5xqm~J*jVa
zgxGog!D268H>Nv#`wus=29Rf{nF8H8|1DS1L#x?Qe@#(nbhLqb(U|G*ydXh}Me_5X
zOiwiRe|<V~s`v0GFCLWDClG*eO#TwRlD~4Z8-vs(eoB^Ef+hOrtZj)~U0=4<+-3c_
zyO&5<LriRW26Ux)%heoqIqs&Zc1}XC5)3ZL{io@2Gn>6EWoCY_MlGLc*Bcoi<!U~|
zga%?hl3E+i(>EFKdNYSy_b|jCg(TUh0tGFct=G5$Ic^^&-WuohKV2{N<jf&!?iEM1
z!M%F5v~MgiNWdu*Mb`Pvt_cs#iNty>Jf6eSm1PN^jP5<?K#}h?M|Y(4f#g$QNU<;1
z*wcJQi}rq-r0v1iQwg<Vxl7p@y;sAwn=;rVz}e8F%_V3$gi+*-H7+~=vx^(vIeF2Y
zV#S`03|nn$KlAM^($2Z3)fxMWZr{;u5Ia_L*<ALhN86o!?^epe&tCM`j`CjDjqR)(
zS(xt5745>!zRj1bCn53d!tdN!3;AZPa<AQc5@yRcf=e+m1}>b3tz3C{S4%$|Pk!(&
zp@UD{+;cd4d@qulEx{%_T5S1eH#eAaufRd{y#ImeQ<WYSenNMT5@eUrfhs{r$v&WX
zZ)_clvZ?Ls<A12q2lAsS>C+rbUGvbsx9)uw+vQ0-j@ygkC)0V5!_#7N3Rw^K5c04g
z_#AGy`e9smuyuQLZ7&$>QX9AE;XUm^L-UVJ#>n11oI}DZN~F0bp4Lb8LGZ(K5e-C#
z-T>lXW!T0=dbKn<8mBc+1aEzDcCI7J#Iz_o%1<|pLlHtpxNmH7AiDG+q=q=>%^w^x
zXMsd|e8)bVVww9>7jc{f*JCR_pA_6~lNQX#=DGzXe!Ri{+^{Gc&W>k(Ywe=_HYCW^
z2z5_vX?QjK+FR)^tL4XD?bp#M{`6lg>M?xxnt`vh&>j)(>x@;$S0~0t#1DpQ`MGCR
z5M8DFQR2u!E>wDv8OxxU_E|pL;L2x@oJ~2tOI^aq_Rp}e*$;9<oQUP6w7UpvOB$@D
z{)c|b{Hjtrdte0G^QP^TJ+2(B;rYFgPiMK=e4bLJ{~0em@s<r1i5qOxWbxkykL@ab
zYg)zKcB}a<+Y*M`d%L<<QD%2m@0{{?Jt`rI&~srVcAn2<DG{FYT1*G&T@U8*{b8~D
zw{@I|82-xevDaaf{AAS>%VgKRLSZJj{gRv1I-WLITA!pOC9k7gt$5O}T&X+0^Edor
zk^k?H&EJ!No0EYf@t2m4Eh^^aK7;#JZBBp_TfP@E+Md#t-sH!-=h3V^{0WYw@fGS4
zh(+U<O+2UB73`W?TDo60gYFT9oE+PoW76Pc_u2UwoI0@YoU0%7uXFX~Pn@$|vf#)W
zUieF%%kWaqM(Nik63d0Y<7dF@-Ww%?N$i<mw$t{l-HeY1Wcuo+OAo~%myuAErwbT2
z{mKa?s}C3OM-h?tDe~S1hlMWAv3vACu1)=u_iP$W`lj$n^V=O*_SY0GJ)}noDr3@T
zBV<Jx5y--Dsp4yPs%(>f9i08FmVg^`%Nk27JW=_s^l$S*?L7WCV$~SV^L3k!4-Wl=
zzAMBY8L5r?1!EgM3q=Q|D9gGBP}Ous`x<BJmaG)F&)?^&Pg0+i)lC1)BY#(DWiQay
z#;-C;oDY*C?6h&2Uk`R{ijsPi_dbUGzM1^@>b%ci+ohib?VlI#q|vx7Cw-$W(f%wW
ze!DAn88|7ah_~;p`e6@IU*}!gaG6hJ->l6z(2&5sBRdVK!Gm4(wv6hXHc~WI`*(Vb
zEHoASVusyR4u=kgkBgS*zOL?vgqLnCU>wJ<Ok!LP!f^d8=4CKgtc`R-tT0Fp#;%(;
zzU%s1er#Xw)lHr7jrNu33F71OcLpr=^%nIRA4J2FSDeJS)us9arIygqxf@t5E!p7C
z$zp=MFvo{?JJWOw53jONjxA45j5bGXk3@0G#6qrHe^iLy(@mwXbrYG8?F6p#zomhV
zS=--8bIU9`_}>s!VrPFgJ~7jfb3PXGPlvfr#HrbbfC`q#r~)>+)8UA4V2FKs;(i$R
zCFq0y^qPXnH~g((*`!%R|B&MiZIAaN0rPE4#ht}62l3T5<Yv@``z+E2@h7<qO}tu@
zVrOMyZ5aS*KIsbw$mcSy7T*dP5A;3Wa{=Wzl+n5W9)DnSSor83FEOB~eW8E$C&#TJ
zzy;|wrB!i;7uQ!8C1P!qGHw<fh2;Mpw<zPbqNQxLTGXY)7=mUyBHg;<So6Iu)7>As
zGn{8lxYNmj-<?c8{Rkshm0ND2E16&G;RS<bsTHr|3dP#6PMvxy20Af?;@1&0vIO1<
zwOcuQn-N>hk1MgQ4r@BrUcT37xQvW9KhnPUyn&_%Suq&rd_t>_Uk#qnQALIPl~F**
zw*J-}u8+MvCC_9px(TkVmAqeN8Xs?<aK)DDsjhAQlQ$Hd!ua^(M9@CHZdw@dF(&Fx
z`4d43CirAe2KIm*ROvC}dihN$R1#{3oG9Kk^%}hUu<CwREcc2Gvi8o8$ddM<X~)#R
zuHcyDeHS$DvUrBQEEVZjyC8m5{BHQXsW$z>KjbT_#QF+zd1+`dhk(65f1No4XRcQj
zDx^@G3F#i)Qhr~<5weVQy2@Jpai=dH=HI65$taDL*za=sxa0cGDpwy(o{LIP^cfO`
z-P>{&y2E}CWj;TNS?kg;Z@$UuEJ*}Su$}VUFw)!tE&=$_2)4L7I=97%RvIyLL?E34
z-}4dS12FaI1!EUAIb-CrS`Kc~k$&r0fBg(F^SN&Ah|&)1Z;Ui;k<0g+cju)GF1HN>
zosvDRGW8dQD^u%_1~2so&u?&Mp*Y3ph|X`^=i0%a$Cd@IWL?JV>IPPxy@ekz-xg6H
z5v%qIcv2!?|CP&}W7~8!geM_>6#`GA=e>WX>G9rbaQ=E(d?!e#&8e2~uy(<7$-Tt3
z8?QZuAHR+LVKA^Ij9doYE?wD=s9Qe##p^t=A6H+q@hYYgX#3sTd0z+CN|8~2H7neY
zKY1w4E}qarWh0$~>DVjLe=Kg+h}vR+^9SL`3aBBvA_|Ew%fv?aY&{O>`XzFvvTX{~
zue?7_pdu~y<gYsAbXv(jJPuILKmY9gLoO&T@D(4;fP|@%1o<6tp!zFLZ;!Xwj=|%1
zujk)Y2D=acQJL2q{u6$S2vhfDS;jJ4C-ft;4C6app4I*>J%>2jV|I6ZKN-s?2L9I)
z^rL<~G94yexK_6L@dj5*s6I=BG>U21BWY}*#QKR9#At<Cn7@<m_jO!9LI)NY6Dv4#
z2p5Si9!Nb4mL)eh5($pgybGQkVn?E+Oz}lgN||fZbXTF_kM6~$HOE7V*S&sPP8~<g
z$iA@*F8Pe##=`$47?ruvv|<)}-x;K1LZ5awns9iI5NoSG{i7C0Z|4NlXN+@4mR`x!
zR~9mE=vzG#ZTR_}UwXFN@*rzy5hml#dG?w2arG{PA5HaE&SFiD$sjKS+i$Ro3g=qB
zLOPAh;T6Yi@IEN9Z|ao0gUo~L-p34ycB2lydKQ$&KhQOoN_nl|t(!I8VUEM6Q-IzG
zKf8(XO_)m-x3D1>e;eHZ&flX3h77vuAG&FLO5k5tBlTbQZngW5-pQ7HzNWm2c<Cv#
zOk(1hP!&P9{&?rya7=g66CHBpcj1^p{}s%$*0Fp})Mr}@LOyO^;Kv*{K{|zu2C9rr
z5GA5W`mru*cBG!PYu9cVty1^3dR`jsASm0{ROat2$?QW=Y!?vO{6xJq-*27OO})s?
z^APWe10ueZYqyLomptrl<B+a!@k?uvtH7Uy?uor_pfAtqIOTIsvK*t5j?;^uZV6zJ
zMfTg!=M?3bgj*a1tq#Rrw*cpu<v+g<MvHsgIu0$t<O74<mZ0!3)q9hz<3R7}xu#t1
zwZLiWyFVf0<)2RM|BZquIjW;;<CMuUgNuHdg9hy%YnoZ_vMTo(&&u+Jp<Vcy(zDL@
zFnutQMRkqqij6XOp{R@CI-$+bb>)$=)ofA7ol&4w;9FW4dCBv9EB|R#eUBRk>Ak)Y
z{yQ;gzP<-E2Ytg~ZZ;k??BY+^ILtvUxF;Wnx(O@qWvs1=yJZVjJwfyp`_zUWEqK)?
z7l%L59+68H7Y3z&$@Rc~S?A(3#u0qI1Ol>kh55}vTRfIuQNgQGvHl!;+1y^Mkpa`~
zW4_IZ6=S`)z1?nL{w)13s@^;v>aPC-t|ZCUV$CvFNr)_|5N6s?5lKRpAt4tTTb5=k
zYay<(XPKf>7a3c2##pmXmh6lr#xe|s*_Y?r@4jF6^F03z!@SP-%vs)__i|2ghOo}e
z0?Tl@+;!hB=nHP8#kGXEphZL9MJq17>qp9^ztC>pUnA|sO2=r(^ip&C1|$1$woT~Y
zN3|KCBz*~7!tA*#$F%v?-IQxK+Yy3h_<6lrQ0rp@_!6;)$Uw_f#g*x0LiKn?TLtbC
zRM__NUiK@__8aqITn<rRi>Wfb$Vfh1I4kOni`Dl0$)DaX9M29-&6@i!kk>ZPxui#K
z_`8Kw`sN{wyxO-3D|`*3%JE3a1mx*vrvFl|7tTtjfEW4@V^NmTzPv5CjFaMy>=lnb
zHYaHy6pJ9RJ!Qo@4~l0!2`-;aAMd7rb(wGHwQe2qfQo{ZAJ2>NU77H{TVN5lbDV9V
zj=i6oRlWI*oY(y608qol1o(&qKbN7t8O_vZ<~;Ylj%sz=2Ab|s!6C_nW-LgY?Dwt!
ziV$Av6@FL`#tSx~>zN*m>*A%f7om;^ruUXp9~`uAxd0R)PT-zDMTnF0QnF^dKn}&d
zf;(w1+4}`|eEGl`TDhp?))Yt878brIPp0@%r`I)E!O277(NS}SI#zR6@j|G3V4^Yx
zP8#bqG-q<p1m{q(!fP*SKk`@3H;y!E&t8|6z{OOgqI8`7=LfXM(K{fbZ^LCS;V7_`
zdS~t%S{g%DZiQ5g&a0}0mhV3@x~ZE9-Sm+?;Ctwz&31CWtB3rUR7Z1Jq~5+A7^kst
z`Pi3H15in9*XGCBUwgRn=pHHL=V;)PC@Jv1Yi_3a2f{Cy`aGq(JL_K{`)#GbhNDaV
z`1crD>&%mxK6%?*C5|dLV}TyCus?+~k=i~c*7u%!cYsG2P-%YJ0%lu>!sGA;H5QfZ
zSPQnT3kyki=7&&8pK&kyH)ox*%O7Q}8G~Y*Z9A-Xddxgs89OOz)(hA}mPdJyz8-Z0
z-<0d^WS|{CXj1MFr9+=nvLjA!Zy9QT!3rz8J(1yR00@}mm6!B<LCRlB!I<cERMhD*
zPUN&^KoV3EJ-}aNsJNZQXEHB(>V^_Le>SB&=Jzb;yIH$q)Bq^Dekcx<5K0L0;fH6S
zGPs&6ON84HvD~>$;P06?vn1?(CPxWV*HJ44y&~h*<zzhHN6)GSqgg1>t9mJlDa+50
zWHnHfH;(B@Xu2(B{V<o-Ba}4zZn6-3Ru9lJ)tAgVrPCTr?k!}z+rRnP(tm*D>*Fhq
zi5u;EcFkn=%HvP(osh4$7Z{eu^|{M`popU*Pb3U6H5G8t#6mILj2XXGFo1b+k!y%5
z*w?FntIKxCT%&Fyex@?m(9*T7;W_m&DORPM5{KV7Y`oVtEt~`-g(%IM38~b`XRSI8
zGp4W*m`Ia|kvh%pi@u*Ia6Lg>tG)ZjqfluNdi=|R_5{fYpLNy&GwlWA=ue?PAv#B!
z#Oj+RW_^vACNrD2$BtLUOoyI<P%bM$w8}{XU{A21N;$FRPKZrBFA&%zG*TX~b!f0o
zD(#95h&@*)%a2PT<^Sv+dnXH$oyf)f9|beZr&T8E_M1W`fR|pt%TuP1U%<=sQxkQM
zOfj<nXw5#l9(d?}hwmo<wdPt?KK(GkTLXSQZfZnVUvFHtA-ef^nO}?%)_L-Eo1Gi8
z(JP(}CM|6DN=Mx<$Kj8xg;UgOBwU}{&nn7R<^`|nqpX%o`?}-OxE5{DWZe2%DltQK
z``J-kjJQ$f(*!I4a;~%14ahVN;%MYqiA}hixEc|AjP|x12x2g$E@rpR;{x(pvf0eM
z*1g&1v|Fv+G;{W&?`&s8+`DYgeID#AM<g{BkNL7>UOF8c30skHeE5^QM_<>!(9M;F
z{f%0r*B^x6#L)S}(4*(6O&?#{E8UOQZk;GS;kQ=^zaM|$7Vlhg*0Ptze{p0nRl0Op
zsRNnZxZ!FyLKG#RlEL0<l2GQM%Mws}yVj@1i-n6eDk%}kc@KHQv=<}*jvR4)k!8!w
zkpPQ=tnGL+xj%})sF{2J1#!=g>0bw0m8c~N)?nGDCx5kmo|aq&YTi{1_rLUk(<Dtk
z-yH<plTzeIdtn+jv7U1f9T{c4O*M`5wwmBR9+MD%t~?w53Fqlrv{~=?N@Jnt4>G(l
zf6<n8O}fBW%qW4E%2l;6t~*=W>e{a^i~5ID8`Vue5e?wYxG!kG?|pX|CyRyGTGb3F
zY7mfC_{x`U_V4RC&;jn}|A5wKDf9rw5_m?Sbtx`f9Q=`kNGZ)oUDQ|&6aL)N>pRAu
zZPnQ?zNC<;S_5djk8&KBk4i%PdFSD`p)VSUjvmB<i!JcvV1hvjqDh&o;<<8*tAJnE
z(WAf5*;J(sBt)LZT18%)+phwZql@weQw`4LX#$83V=>hp@Ew3`U<poEganpSy8dY8
zwf{j*3X(kI!rP6C=4pHK^-wa+=3^N}&5r`Ho3%vuLYs6yUuJ|MJ`cDe@RFdk)py6^
zV3DHciBb_~%^LGs;tylg<?1_I3rp4&qdV9m)n6a;%{&_twGM?I=2qM6U<mZApJ$^Y
z3`l2MOvtS`4ffVKcL3+#U#%#qkQ2qkNVz|i6^1M@QJ-eDafY2KfzltG{?}1qXaiq;
zie1<w_nFfQ5rC+JB&zF7)OiOOyU!ez90WW2c?v2I3^>OJHW0^6)f$1%EoojL6L+eO
z3TTCXoL2qco`Y?p`~=YUFW|S1H}u!C{s{t|4?T|TNM<cX4g?%j5bnfh1<W3qA&QiM
z^ASxd^SzhpQS+UB7%%L~?U{NvWL~RLtM}cSutGKZ*+0z}UZuh+<qr6^j=CKiQ%Z8n
z$vEV1+X3y!iqo?BZ(p3I5au3MU@6}*9upcg%pb)5*%p0AM{EZ7iha0O?An~^wp#cP
zuLw_cYT)*J`076u|AFTE5&E(83T<OCW$|&sh4S;#!0c?W;GV+ouQ}o$1$RHgi8LNL
zxM8!M5}2NEahC(6m&g|yyVzxYQ|xf-<Gdnn9t^wPL>Tkg8ApGGX~~MkHNOc^$Pw1B
zuy&E@{jiQZ*)O<b|G%D@5!5fI<V|@H*atlkp~ArI<z}!rPJXfYiOmaR`>Wz8gL%4<
z#51I*L_JZLod0zTrj-(5<s_jjo3Yf*KxmOwkTmG3#G%i4c6B+wWlBdf?__dk@`R|}
z4C#k~#0U8AFaMthL=RwV!zL+P1*vqE*FddC01iI<f1j|}+=wNdbZ<g+A>`Vq)BifO
zlYzP?%XNZfG-9LGsH6Y?2b{XdhP!ynl8n_aVr)hV6H`Q{kE!?nXPM#c3lxLldndVT
zSmEiEQgLcim;WNwE986iB*iCKu>vE4vCoT3bV*pJ!N2Y6X8$V<)S?!URp5V&*6F+@
zlh}ylU$2bon;(yfp+q6}6BUsLYqMrG-u1!87{b~gdgA3{XemGj+zY?5V_muoay)d(
zyUO8c`b`=Z{b2ds8J5*>Sd4B!c|OGy3Hgw0vr`lfs`HF9A;fD?zX|QO&dC}`S;h58
zvURmW%ZmXFEHt&ApHbJ_&3Gz_sUU{E<5DZPn??(G3=|tK@ADPF?dWI2bc4qbeUQcX
z^+(Jf1-#}f?Ao&P5ysfx!4n0%)@!ujlmSyUmb=m}5>-L;6~Cf?e*nE|gJ$Tn;Wk4*
zRn%A&O1l)rDu}9Hgr)5c*LXEdsfzG4r8CGB-B!@#8qalh?^t<iO6)B_{rO>xUuohG
zX6KqC<CJM|NJYQM8J4Tk?qu>9LGW|#H%ab^WY!_`b$D4<L1jL6&IYpeg=+}hc)pHG
zTQo{$33rkS7y3w-I#aoSe>UePF3{k?L&+2krsn1s%(E7rt3^7owwhOhm|3;q&j4|&
zGxa|f600EL!%&D1TB3WoT#fk%vUr;x%TO2~E7zwYCc=lSPj9s8T_lLaa@;FU_+d+T
z9kWFQt%c3<78=W2dLoCk&R~QFm0B+ZG!Ejjzv@qkhn-<jhck>8a9qMbi5Q8A@;Oed
zj#l41AX?X4!|kFMq|!W3`U__;PI%{XB|7-03`D%_=6!f<&Kwz<e&r+xyM=2*ErMRG
zjMlVKBS0^CM-|rd`P0C*zHx+^cz<WqWYq%moiuqxm)MI4S_^y9<kAM6Iqw8LJQ7f*
z9qpof<t${yK0Tw%cRyR0E#pk~1x`$O81n6U6IT*xo6M?q=!~@~?UP&NT}MJ|csYHC
zJBm&vz6cEPde<k3kC*W~jsGS?4jk!lTCyJoRyk<8EGO}~d!-&HXPbIsUO}(!1^|8J
z`^VT0>av1x4W?py|7N0rzNeu|NVU842sbLSeCj@V!)|AL>Y`@RGNur`&(#|$oX<}Z
zX=*dLc%CZKAL%>f=X!)RBcG2UwD<;WoAODGPEAi;wo_EDPQemEdX$m);Hf@vaw)wQ
z{f6?TBD5aljeGeVc81*<HYUeAwc!Y+dw-bxyeZSpOASKTmn?s0Pd!_7_0F`-@o1fO
zFwpHoH|+BNfz;xTLz3}oW4jG#oSqclpEtFw8+sxLV^4!ubB&S{AdbCF$2DXNd+E7t
zPY_)Yr`8!AaaY^SmGZvBcvfTtcFg&-Y{;*rgh-eO>P+UT@Y|)^7qX-FhaK{&wE}P6
zW?Uqz8VL4Bi|ofRd%TX}T}vSfyo@0JN4`e0tgb5<6IPd4tzcgrcpgD2r`E`Z-sxx$
zAllUvMd7b_KPNo4N4Hnrw^0ox_K}nC98qPJE0S#6an7niuD;ZY^2|8LHe-ZsR$MH`
zIV{h+{0C#uHT^@Shh~mwq3it_ZySh&R*Z%u_vWe?p*2B^MePQAILyXxH>hxkFX%PP
zSoN((x+qafltdlC7P&K`ADgFW&>Ai-Fbo$MeHRufyJt|}Ik$7}>m0&S)OoM{B{e&Y
zpE;5-6b)+67*brdCBi<3ZjYhcbTi8>eTerLIqFY;`FledD;Mf9GHPt@rSQAsd|$OS
zn<bn5E?c-9?w{RadY)uAp>5$l04+y9`g)3nYnoS}F*z276o@`ah_m#!8>w#Yh$p9#
z@xXY+Ivo~0vux#3L6M0_W4P{~?zdc2I)9^g!FE394R<aSMV6#C#3t}c%^Pb+{SI5+
z-!SUgsyH4yGYc1s)E2HftRUXm@=C{X?n?N+nYs@M^g90r_;}+)&-UBFnP>4$F&5~W
z@7DcM>iL-RncoeKD}Fc-TT&L$N~^xdp#H6$Fu>hgK`dQI%oGAdML}-tqI>ipuVk1W
z4QkPL+ca?;oD}fPO5Bi<&AQ-1S4xc1tGF~NU*D>8_E=r-3OU{-@gXMOh3Axbtgb>w
zO`ho;T%{k{J_pV`#6KS>#V%j|7k|8TucjsZ<eVJ-Ze_)Ba;{2l+2%~#VAk3P^l8*M
zP7eEG6UMpjNy8>bo=#R9kl@3n7D?Z=XkcQ-RsHd?H}(pm_1d{}bi+wP^M<O2bq?*8
zv7R;Wxy)Qtbwu**9O|ux&Yw3A5buLwADWc>4icZgb|`!cYbE!RbUaN2S0Q)M17mWu
z7oaoi@>jVIkC!|V(%yW%0iPWvPkgs$_V1c;Q{0VZdkt1DK*>j&OLC8F@ncmbxtL*6
zeaiT|(VJe1Gui!V0T(P^*k;D{%sp{94ZpP3;x%5uc#Rf3jvh*7Du#5To619!2{6Ho
zm$c$Ir|WD4n0Nx4KmH`$W+KD-cXpI9C~iHIPH8<fPDT-L7*}ktk9ixDk?2bm#%>j<
zvy+kE-0c}{Q7f9F&?soLVX2Ea9GcPo4Owndl*SQx#py7fRlq88e_hB9=Km;{pH^oW
zX(F(}xY}K!>;T%8y_WP+n_D}Mj^Q~ONOHd@^s``6{EiK$jBt%IBI9`l_jrx6c?TI#
zRFD#5z__o97=|mt44dBJZtY#ws0CKrCeKC$8b^Khi-tL>^Ez1Dp%xt%J}mDdm6-^>
zZ3yiNAI6$z#IXlc49S4T;<z&&-SkhsKB}*=s*6i&S`9`OIKAmYiQnv9MMKV?rz_NI
z)1I^2OqSoU{rn|U*<SWn9H-`M7hz;@Q)g45=@}Z*WYyEyL;uj}R}IJwxYF*qyvmgJ
zDLqtd_M9#wvWEU+Tj)~P`9)q3WNp4olNM}t%JO9Y61ksLqiMHQU^5igda3k{Ia1LS
zl-7>&Z!k3q(paOod>{nj(8zoTOl(mqGvnk2I<_#4J!`lsrrnB@<i;gVn$yQ4vXPzS
zg<Q9=K<q!Cj6=1B*<SH8ZCr(_&$!7J@lE8|g?c1*n~B;>S|#cHb{{bm?P^E#eQKcK
zH;l%V>Xjrk=zBwA(FeWo8-cPa4*Ea5;8z^W7k`@wC7M?o|M0h$|Ah36X>@PT>1Q1u
z)(>=-9<V;~+g36?+9n?fh=#6lwZY@(7e)ldyA~nDOM91|7)X>nj|;w3t!nmLgSzt$
z`wH{de4pLYWayjZZ1hl4u;Dr{$!2LZFqu{KkW=8i1T&}$$cVVx-RrFjL(G5@B8JR%
z>Iu|FbFTAh1>|Z|X`UNY=00i|QZTC>37^I4NX0_DDoWf`WdSi43ZL>)mHnn8o)nkh
zTw}2*X&LoBuax;>_J?XtXKP~A2Qt<wpPPG~J-<J!_P5cX3dj(2wG3`rsbBvPYMo^*
z1_~Uh21IbF`%4K~671RUo#X}!@SHIi+oIoQ&^4IOpa^Cbx}P)NLouF*@a=RMfkylX
zXgzdR@~i4uU2pD%HyGflO5)0Tcs0}Fj^*Ih+aS&t6P_2MLW6bpA?TJAwZ)q+&F%%4
zVSjA59iuh8U6`dJC6b?2z>;KgHosJWl_0SRvv=FkcQ!PWdc~C8hNk*yX7;l8W9Q<*
zIP=C=lSiv!6r~!!QpAsKZ%(CmIzq&A=T6CD8JOGLld|!|?sz`&r%TM}_Bkk39iuAf
z9r!4qG>G`A>0)9VI>gnREAoFFaDZ*;^hSn@S|`5k^^2Q2XEAzui=;-;VgaF6$hHOr
zn478zoFbty@vdh9<&UBM6UVeCytlEZwjs-J(P8+mZp6=Rc}!<gwcV>~$KTr2-H5zX
z$>aDc7k}NR&!9xizwtPq7EC4GF?m_~6=N=9-Qa0z_|1o4`T83wGp9f3Pkm18+`D=q
zuiuv<0>)Su=ow3Bt8ZCy*WKVQooc)=8?*tIdWkv?aY$ZId-}k9C+vmllkUM|^(v)?
zp}FmKO?zNVbPDVkstTXG8C^~^n>Y6e9uw|pzO7{`)w`40cR-Nm3Vvb=4!nhKn_fiV
zxN#i&7)*;zfL;TJ!92tucn`VslOlhp{$xz1Zr!xozG=5}&N>V0gvyTT{|51dBt{(*
zd<}IxZp)X>5waKj0-Xntdezm!#i79h)S_i}(VSW4K0;rJQpw*HgO0~8J_q#%jmR)g
z<i@xKUU8JR!5vY0K_G;Vps#Qv@Vdc%R&f@yJVSmW1mHQAlQmGH8r<7#YK5Mcc7k8V
z+&vY@5Ug|d>=@JB8wp#D!#@pxH0-CI)`7a+WNa(;A7NZVkdoeFHhnq6&uw(H@Z&SX
z{Dala${IPlx9zv4YA@wNnrj12Xf||seZA1nyR<;*Kf~wsmxNaFCF{9G`-af3H@s`a
zUE=eJCpm>R4B$RI)yd;9?i&p2aJyCkpx7#I`w0-^8q;Vd+~7-V&Gzm@Ozv*h=;sPG
z%>z*AS~2AD>gXqB5mBc?GG-X`JZ?5>EqAxzEA-&8xtpf^nb;82fzD<-`JCM&@>!#$
zA~}@<j?i%1OTPGt($Ul2+$XCdPnM99el_Ece2v}eSw)Ax6Dm;PUG^+06IoP&lH8@v
z?hCgZ2%Adpe*^dr#+HiFp72XX%~qQ|>;0^M9?@(Zj)hu>ju78BH7A8gNAHFitkLiA
zWg3JnIP=9A3$A~SjMwB!F~|zJk0bn9jTKsN0GmBn6OvKE`!wAk6t_M%Hr>xsrGKQF
zItZXjI~~!lSsZxnOp87J(puPEw3KUHJI!#7bcZi8C0M~(Ee2iX`Z1J^KQ2#_t-UoB
z4jrQ#trdZ8c>6N66oQ)_G4#I(b2<v4hRek`OJv@)m0lrVP|%2~En3+1g()g{gpiLi
zn%YZIV_AzAQsE4NDYSzj^zNXcEb5TVM}xH@rMa1XPWT$-e%6$Et#<3*r9(E}!1fFY
zOe83~^?CHOz70d4%edng`dL}SuosiFw@vv2uR{8t6Y-6zIlC~7CFw7QE@$OqMN{|J
zkgDfr=U&?Ov%FzO6|^Vb+_mc5aYeJ~jPZQUZ{hyydxTmQbw243o|=Y3CE%^@?M%eS
z8Y-12$?;SFN0&V_wkyLFyPsEmd*(<?I80Pu#OsV-Fu<>9t(Pz>`}S((oT|Beht|qg
z;RHv|R!4%;ZJMC+Eu@SS{p;}0YLq~CQOjtlye6Y{ZMk>-%B7g)WXa6?@f5LiD{oM^
z!bsutlQf!4;WSoboz86@81al5|37_Zkq;3C+3uXCgt@^DblM^ih>e8hCec787>0Bq
z1cDFO1wG1|1K7<XH-);bc+?wn?ipQTAL3$YVZu0-P=uVj!>6q|lRYCAKo6`ldKne|
zN-}FcjXlpM>?RCxd-*}A7agFFz4V*6z$ud4eaTFgv9>PeWWqSx@w6$ltfrAzyAHJ*
z0OGYSJKE0xT%h;HI@lDnVgnn&yN2%vJNyJ=M<ws}Ylp<fxRpirKeOfgU14*Q>}aFi
z%l?v;^ly^k!UuFgS20y|mkNntk?(|WICx%IL~Kp*sJ+`MXR$S*aIL@TQSU12;|5WV
zN85Q#qNi(@KUod+@Szg=8UVF-Syn`~^@}%|m+Glhw<x&2)l||p8NcyYv1SJ}9r}kU
zu)G3CrP=P78?O>xGPOul@>>o^IngUmOf5|pUH&m*n4p~eYwuFZvJE<N_nC0V2lj&j
z{)P=EW;drO`dc=3nL_=d{k$YZxIQ;9zUieo^4n2<FDkSl+5}sYUP-U!bfZFVlD*3t
z_}V0y#~go^oL%Kqgqa!(X0o(KMZI{|+Fkl@zCMuDlwB`*Ux_<W7j|oc8uC3KHgCfR
z*X>nV2hPgLr)=0j6sFtWR%tyLKrh*VIEhH{+T2d-4;m^v1My7&+8?k(c8vHiQvnH^
z{Y-iznBJPx&Fvo+k_l=G>neAQz@-#3AXbfYa^bE6*{rnyV|oX+lEiOu<ZR26mzw)>
zdM4AT%oAi$P*lVr4G72*IoCon32S%@6Ap>>bc<+5i>->SHM8PphH;K#D8k{diQbZR
zVeZ~nFa+#ZisKkf{u2Wf=YJ;AZ1mayL53m-I{P<HUpFvcpfYR-8v+NZcOU9_s^Qmd
z{C8n*;f1Tj7E``RowBLlv`{<>YtFqHl94c0hnhhCD&PgL7B<6gjRUyN;wM*>{|Hn6
zud(({A!<>NR{LFXBNE;YPmk|rr{yx3yK*FwvEzX<iujAxS^I!Pmd_!0&j7=zJ^C#!
z0oulgv|F9sS9(PjdbWbgBFBpYl<<|L8WMy+QU1~mme9amZkpq`=E@A<J$2+daM32c
zu2D}9c(@x+2@SbTX4HZj$Wu7zU{gkSL=TP&oT$L0ho@u0A};E1&xgq8JxwA}BSh*n
z2$x72J&GZw-9bt(X{;&hpBJJ}T<|k;eD@(i-IwnDG9MJ_FK&5sVUEg^o1QDDF;vu9
z3(G+|=#%Z7e^g}Z&McCdl3$mt6P{+-7h5=1K7D4pc|9UqX1}t=7{@H2#O;o0ws2aO
zcbZ<6b%RsilD*E3AfNpM@_i$y!B6k{osx<Vk+y;rxOq&P;DSr0ro;EoeP)sL;kz3$
zy+W<u13U~D>56x76*(q(b9Sjz=Pa~J&*TDf-vQnJ<kp#hkLP&hQ}^ZtGbDPO+#>kQ
zuDg44-R&3;BNmY+yH9&2xg$4La2J<5GO9<1mb&{{zZM0Yh<0ZTu)(eOb#hS2#a>wK
zKN<V7M<+N*QPeDq&xPE{;41(>AV@+y(yeRR{KulfSZUXlO(0R{&|moCzc}7p^X8Jx
zg*^*)_c?N`9ndbe_4LUSO#uPp<Pr_iTlWv~w3_R76(k!<#=gn8?_7gKp4|PRh&*5R
zmh&eQUkwA2YQlhG(P4)MsL5(0t&qU|4cZ`}yU~XbdvHvF#EfEw#r-ANnO*O>h$Hst
z=XQL9GrOD6X5)N_*=Whph=7uu=V{~G=1t28$T|9l{h6mW%(q=XPA8vHqZin2=5Hg;
zIsN7n`$>V@YR+Bb*d6Tz`^Hzt?yHy5y5{YmNe17~jC1ww><}n`&{|~MRV9ChT*-Ty
zom_t2O#d)ypU0dq**1-9Q<1Xu33L|op%U(@!d4o+S4((e7ABl@Mc;M6+dY>k6x?E-
zx(i#SX7jOL#3CdMG;N{t?cXP=7EU1pI{RHR^Fc8iJ>7pCR{SdvKS@GdYhD-%rMI>$
zHRfQ95fj^F`pxyw3_bD+Ch-2<yd0{b5s@DXZtPk}A?0vy@yo-1WgB21G7fCSNU}NC
zV7~WR{{|)~AARWz*Mq!d>^*5G75adGKOhTe`DOh*sQp5%VP(G9G2hU0O*;jPdab{0
zf1%KC>82z)$ZKj8KRxgK4@I$(E)g^%Zp#WQ_(35iL1Sy|iY~F=@BkyMe&Fgov0@W2
zO=<VERnNbn=$%OZ3y?aX3FrRHTd(A~ES@7iGK>Zbv79$`!{yj(-H1{0BgBe%PiI41
z!~H&HBaXn0Cw-ZT9C8^0w?I7H6`Zvg^&;LQG=i9p+(=0eRnb^0bJuP|PKS44Lwz^b
z@P5Dv%SaVvZbiPEfUIDO;Lxn6!{--$tWw=XzsJ<CW*0GWbEV&A&2_|QhQ_><@v``E
zgJV^QX$V^+DRRO6gT7yqRL<G(8=K{BNvAI+9Q1#jkKj8LNBQnh7Iua#Gly@~64lmL
zt}P<lf9@G|DmX}D21hdwU&(89*R+h5cl-NVy-Q*0mP90SrBFMS$4caM006($vXXSg
z!K_mIW+lZD@at5May-GOT?b;ji9<)2wM_l>f0gEpmC94;Uy@&zlHwH5jt^cUpMB0$
zEpLnGBBI97eN9eI<cioJsEgXzWpc7l<Ze5U-Y`Z4A5D~D+oChL=F$<aS=@@4F>UWN
zYv|gbnQuvVP|%>~q`AzAeiEVi0Iflh_*2Qgc0)s*4Zr6BS5j4@Mo2If4(Y&J1Gcdu
zM45HrBkSXP>908Q+`d2Uo0&M!&9?ndxy2u@VxuwTO?B|$&XFoolmZOHeqW=Xg>-Mo
z=Zm>)T{6bCOg|;F?bvlR<i7`tEzz&Pz>*Vc^*@$vM5YDLtT$vVez?S=atjxb(ZqqL
zIqRaMXJ`OvWrfIX-p=?xzk>9yGU~*hux6J(eucZ8xZDw(KedxYH4FhpO{?`>{n*nx
z<O@b}P}ab<;q`iJJl#>X(H#=LC;icMNbIy*$uk=D@{0pBWQ2fdA*dh~UN*_C5l0AA
zMY^PNzg0iBj@U-Je#l0e?auN4;aj(b{{XPSxw>zgGBxr|kuFc#UH>~n4=9lc(|I7@
zm$(HxZ`>eG^G`dwi(Y&ucsD*91}XRdvR~(YRb`P}RG=R8(W0tp`4+1+Vs~%KzfW^1
zL@)-eEAennjiE__{M)jsb2Ri>U!J~a8#~Tbj7;KBk<BNe)dUwk7+Zs|I6-AnwWuZ7
zLCBj*?5h?eb~06^fVC9X#fK|(5}q_{gz`bkIFa4|P2en7kzyp60xWfu6IL6eWL|{r
z4ngRT&z$}4$>^;yA8z)kk!)vZxx#fcgq5QsgOI5gk8ku+U9f;W0Q*xcl-uC99jh*s
z6P?74&>vuE@L|ZWF_hKCb=mx73}CyY<kE#V(6=LakCbGUUVH@{TgAN@s_(X4?Mh`e
z1$r(%t)g7!!UNvEC!kEZLVE!-C?xR(Na(Tl`qWMbOcP)go4;=Ai2C47WMUip=ttaY
z)t0o2f5p=sON9~gRk67b)Cu&H+SRl~n~-;|L$~dAK7&wk!hPW|fwe&i8<++JP4|*c
zz_#iWcd+_($@_tGpxb#*R>g!4!f*4nID2S!{&-$59RNJ9?3zknWy`<2SaG+VsB9}Y
z;~b%k7Ac+2X9?c{h9W9uR)5op;o?N%u+_N#ejly$7|o^`zq-F<vFwy1QhKsj0*>op
zA?=xPz2yU~r$XY~53e7xoA4$#MXK+xzo&PzFN9FtB-xikQn#s3mrqIH7dFXG-NZF1
zK6=Cyt-ZFRE;|@Y>b=;{GXLX>Ets{G9qFEtv2~h6MagD7*!1jJv~vJmjK;QxrEU3I
zO@*a3h!&)A{(gnnw~J*`nVf?zkj$^Ir$Obi)3aWoe9yZ(X8H<AG7Bdx9H^SoXm6L;
zb42|?f>A0@D`7f8Cnoq@eR-1xkezUeTKZ$V9o+$ZvTB*bE&Ueh`o^p5{OtV&1MSTb
zlv$GEBFWc<jO-5!ft;^?8W@lI7l4LO{QcMFrMOoCKLoq6_M63>oqC|*8_$BBGCnR7
z;K1iz<UtNq+3!@FtS0Lwt1Q;NzSm#mnqv_wF#BGO|LkkFf+q&JF$eW1Bs<@48m=SW
ze~+vWXp@dswory*cB7jDJIL5F_6oVkXWsek;z=G%El_l=<@_ALr9MsLHV^B=JNqHG
z4Pht$beI(R_aM3)k+5N8KvINbQanv|V<&-n=ou*YEn)j2t>zv4T4GS%6WSN+4>Ozl
z8V<nln(I01ppU#jys8v;Xc(g5aO8f}Ts*gPxU<DH5=<x<mXNpu3t5=GZlH1*?nC;l
zk1E8=1&BKzz_v#Bb5Q28RM$(8sM>sHgKTW`!%aB{@B=32-tW0|zJh7t%7y83rm%_J
z?<S-}>q)W49*4ESy9sPJd(rer_tK*XsSfmWoJ1-Sl<4mUcdDLVt{>#Pq+ycr{+fxO
z6t{BI2)G!)uE`vxyzrq+Qm>|aE{l$~_WkkxYyAv2%lH)4m#1@_y<av7;~;B>OOGP7
z-uQ&GK0*lt%oBj!wL#*3tj$RbPTrbDXEr3V9w?G|FYnIVQ-N>!fR5D;jzB$7xAd@K
zUXuHFi2R&%W^twc(5L2mBV89f8=bGq48D14TAz{4Y`ygQ&IoW#uv(AEu)d5X`7zeF
z0!Hz`+=}sW*|gw)`p5g-IoGF~lXqTej4PsM1`PA;`GXkE&pi20+;YT<4a8{&OSZ<a
zJydylAis%musML;Y;wuLo-1(PZY-?zer_ts2bhx0$<8}>>0k5pBdnhv`K|c%H%?~y
zmldt9JBiohpJ<`K$PWEO$Ad1@Ykmr9uzGVFS6-Lg@OF~<cbWR95M=gOm6YdeZve&T
zg-erl0jALQf+qFdv+f#W_Xm9IWY2<VGF<_(0>|pq(EL1BUBERNII(*?m#94E!sKoN
zpACHDxD(qG@0XQLR$;G#JBtfcx}QCp6@al+rr;y^CjoImpgOBYcPkEfun)%**PQ9g
z`Xt3x{i3gVFrjW46Y|RTei{01+Z$T>^*j7`%Os3c<G_VzSc`w@QEGYYImqi05Jw_W
zDzI98%lr;V2)FD-83I$&j72B${<ly9UqO3ufYpopXcZ^JIieM%A;tDHVW5PHPcBoD
z;;W!Tz-YwlKtzRqx=z%tye8(C8i+<|H}gt;ATzf3_dEn)Z~E&KN{Az7%{Ru*cNl`Q
z;+%Ny@m52=buyBTK6F)`m!U$fZ!3)&aNAU?F{IG3S>u}h{&7A6TY5jniQtg&XA^b%
zO4SqZlV7`lWzCFEveeP&Ys)G~Rt8JoeFB|{>kbE;ZKYbp#38`3yYIDk$TdMd`h4DN
zq-J7=wQ=GnXdJ#w$907=!k~O?OH&ZEZ<RelEJCjkND&z<MU!<}huYQ%ur^Fz83V?J
zrdim(g(gakQrx0MCuPO~L{Y{zl@YIXyrV+=C@Z2u-*07rXugb!?%G*!9LwYW<@LUT
zoBYSc{B78K{YiyC3=Yy^H;j*-oXe7M^w#m*!;gI<@T3X+(?3oV_m*%(MZ1gbzBSXo
z)yT@=A@btBV2gK>HG$XxRFbRBc1nK)tkdtdik8FR!^F$<%OEG2kIQ<yTc0Jacsod@
zFE2o0A)n?dN)M6uq-17vfzGVS<ht9AH6)`OhfUR4gSYaeBpbWx<t^P2chi_h6Z|t*
zWXfjl8pQFAOJ*V+lW9GrlY7Eik+;~W0$#(ciYc@fCY`YB7S+Vt)o!L8BHEIng)=&b
zssab}!(LHeJR~{;g9nVE*g&eVCR$AJT`>9z-6Th(x^;Z)n+^H3zXV5&H#3^#biWK2
zy>X^Nn6mDzcO#2<S3e2)NH_7Ji@C-cJl?#~Fhd5f5)kti^VtH}hMgB4!Y0bFxalNW
zpvd{dPyCH`k||tH2Byt4@~RAW8TMxa`F{Y`a6{njlFXk#CCT}dK#(?T`5e!aOJ)_;
z%G?ACc(~^Wq0iNkV*01*50pwEK9Yq9b$_Jo3+|OahDh8ZbL2>Jg@XcJeL;Zu(i0Nv
z;ue+}_T@H)VtWw%#F<mONIz0Ha1wP;H0sSQa9PXDZDLl9$$oarm4MC8Zldj{nE*M<
zpaJ=5=}b}E{hl|E@&MIzG{Jx^Y1C@FDbbGU3eHGy8NfG~E4Fh*y!eUqsLj8OMYQon
z0SsBNc9iXGqHaHP{pfngnsth|oUGnkWcbHzb|_Fe4=6t|!fajju2J$=DxNa`qCX`-
zuLl%a9peMAgWcs&24CQF?eguMd+uS^<`mnBx^tavjc3UJqObDByb*IY;ro=l@^a&@
z6flhsojwP!O^TcLnfsE}sT#MtY}cSEVTzeLQ~q%T5_|a)UN%HovT@*PjEOr)7LvHT
zkJS9py^6TMoo~;$89CQWRr72DnS~wYi4*XpM~sQh&k`-d3>5lhzfDzdQ4L79A1W+}
z+rLD%lc*%?3dSb_GLj`8xils633R5}tS$FU&DAb*7I)wDqxR%%NT2Ia*lGXsoWtVL
z*IXtvdM<|48lbOb+1t4tUQpV%R@(orWu!EvoVPtkUvXeN!~V^o*bT^OUCsEs+-K50
zb?tX!E9vP!=E#$E3uQDzJ^76&pIiLn^%arm7ToOF#ipl(!zghV9hqJMs)P-S7xV1(
zAFtA*E5TSj_CHywUCQJL=?mRnBpX^|i#K?Ik2H`Kx7*gSj2*qsNn}~yXSEK4lpa=(
zw(Uk>0G=)cm(6Hh=cTnTYvEJft8xjvgpK~ga1IZX%K;}iV9EmaD~NR_Je51wJEJe^
zbg-MLtK09Tn!#;5+vEgKoVJuT=>>;*@?5Fx?si-{G__QZ?fP41l0fW(RVAPu!Piyg
zG*~8g%V2+PNW3kt%tzI|cQntg_5LmAL5=v-I7qm*oF}_L{*U#``zT$gMi#gq8hWKT
z`R4$w(IP#=c(n-SMTA?<JWb{J!iNc<C&@!`9%Ry0$NLe({F~gT;X+HC9QL7JAxw14
zY=TZmF>uQlS%Xm~qA$D=<bJ$iKdf~*us=~MQN}XLeIa+;RmXMncp~fVuKoZ7b}&8X
z5!F$q;}A+KbGAhwQUc+r_anw8GIzg+i-GlK82-FWtaX*6eZZC^-&lp=*MP2)%vou<
z9a-@C429|dMI-TChu*?dOGD?DZeHB}cHT6CXmHVE?ZUa{-GXn)-4A(m(Evrx<k}p3
zsnbf<6w+~9*w6X<*0;}zSSNJP{0JXRUl*mp4s(wP)>{Q_NMI<()Oey5v!t1u-NcOS
z)UvJD&$;^)DC!RzQce?dw=S#;-`xfPX4@wum>p#SM{Zcl`4RoY#lV;0pzKu~H(L@N
zTdt7LQ!_p>-+lDN(u!nRUP{|D8WRDDqQ7C3_0tbTpdVwWB=X%w*|THX0!A79b!shy
zdl6ZVEV(Wiu2q+t>@`zqx0LL}XBP`)Y;7{Zmk+Rw#O@bhR?&-7kaC4P966;J)wJF0
zbo`dqq3i<&Jd<`tavq1081`-%nuR6sRtH@j^PMLs6(H}@M#Z@R1H)#(UcmW&kB0l>
zBtTww#t_&|<)kOpWi#dpyBkyvUmw#spGGQb3+yM{j@9eKjjPI_<i>*AaJ$9>N*j9I
z(;GMCkTW{e>u_+u8q9HuMf8UBx$#f8a(2vDy85{%dW_pKb4P2gI%2!z6o`IHh-`(i
zaNLOww)1mB8ak{Y#gyNTK+<e8Xe<P-;}aK5wC{0)^P};V^$yS1A)gpVpLz?khrK({
zBjH9RnxCQD34#9F9fm1KvF8bEp6zViYnUyY8QTl@W{kSt#_$PyF$xqY^tg*>=97je
zsy#i+uE&^<Y<Ebq)sVTTnQOkNk_92!YfvgC%nYz~b`Rsk=zXUMS=}5nZ&_h^^q-*Y
ziw?aytH??BlcDl%En$qPEU(E1nFD?IQQ(8PCuucr2TFy=BDfb_=RnDTlfUQTDhc_7
zZeD(rZv-HHr+uR}iE#w_>!0iT>ws@>fM}NCc^rb?C(<I>p?h17aCG@pkELxB<Qmdf
zmTN-Vpm&oz|45k7O&-ionr&8`K;aA}It|l9m0oSyGvpP{_jsApQXaFmJQ#QPVX)1o
z1K!V`FUam86_w5)Sl&&1-g5p<0vR*}vKJuBj6?jnx&mgNrI3ayT!97KQ+Ky(h|Hn(
z-rX?D=f4}2P;3hJ$50NqPiFB9^V{@L_03B8d<%{n9RQ(NuKmqk4@0H$A5Xm)WBRlP
zhFz8nD1mqUOL3g`F><JERj5yLuX#rX&okmK859Khr+qmu<_&Q&w7lVY$&nmz6g|3B
zdae9~pJ;YAl?l(T$PyAk*BJdV_&h*(u*dflcukPr+QS`73V^#<kXjqIoMdxv!1agO
z0FZ=}<i;Ixp$K0%pecc8^kHaco1f8Yr^RZ&T79Kbnc=iCP+T-sx<_+An(>N2owEv`
zQ(cU({H@L&AhGw|%6m8S+hy5_6ntH}04_Fil5#QNV9xtW(o^z*R*B^dpUuPUpLU**
z<FBSA8E2hEK$)FLzr1avRS0|b=tS)`9}4&b;6OgVyXZBBfX5=Wbpr`1W7Lk{F8igU
zq~@FgB4<y2YCM;$yWFAvA46r+$-ve$8rvB2A>p~$b$%D`?V?GDi#u9Yzg3B(e2e2o
z!^^lWEA*dmcv6DY{->QxwV6lg(v5>lJ~qdS$c_qjvjesej~yQ9D17b@UJ`RiHL!F0
zCK#&p08t$-x2w%v%JQfPi0o62tdNVlo_Rp8g1;Ys6*3-SXS2PvO7Q0OS5e9yz+0{x
z^{Z0{jLm0av$m*v5DttCl>)9h+Z{V7QSSFwzZM=kcO=}oi#`CVa6lZD<^Ve89S+*Z
zVZ@YwUh@Pw&(^_ZOO>1Y^c9x*?ZdLXEuWT5YtSgz!3~H-;d2V4+G<(v&++5_6rQJT
zaMqjW$l4o%m?P+v*%ONm8K}|sPT2n@5%sjz-z<vP!5yq6UhST?5DP5H4ivuMp*mR5
zL_yROUzdEz=eHH0_UvABHW2U7o^w3}Tv<oZ3ZwA>L&VV#jk&**X~(*PFC{wnMl?A@
z@Gk3%@PJUwy?JnXDx>Em&XNf)QQ95<IV};ax$6bnHa;Cb65}Yd-H^51+ovP9VF@HM
z%a4(7&nUaM#5XgtXO%Uc9H=jCbkoNhH~>B;-NdMbxu_xm4=H@I+vagF^g#i~L?dJC
zpY}Bd1A#dm#YKxXS>hVY25WJTn76mQ!}sO6&iSFwMlC=ORfz_GMGsTwexZFh*jKzX
zKzJk6RNAN0wAO(RUq{M?MkDw6p{3d}A2hKx#Dh)1TK|x>=n3r2T-=!voTir|xZx-N
zl7;O^b{Sk@=|#J{EPLL`qP?jk$NQJ@>e>h2J@W8M{fLoce)BC_BI~F(4eqRj;CUqj
z*SYhVS7+?q2D_WXtxE5_?YkpGljhveQL6G%5<AA8AF!h}&33Fr;=5UaYe0a{I(cC(
znD?j@S1|;6?LK*m#M@#vMa~m8&oz{gy~k6|U7Yzf%if#BzoE-RZVZNJ(;nGxr~Gj-
z?S%SZHRYZ__e}{{H&eCNF(r)b5;EW73sl%Xp$5z@$}CiFXKg5tRBL)o?>a7{U1HSM
zdd9dysQsPITV!|<@JyjK<!EdA7wB_;UFW5Nncs%?0bfPXj*saHk8a8y=)pgV5pvs4
znw;z*2Zk(M#22=Kci*2wPfe&MjMBQ_4$wX}YgUrV_Doja-m1Pm4!Zl5FOVk_=&8#M
zdHjKodU=o4I;I#^I4d>8?~QufLyl1R+DnQvUd3FuKPbKXm@gCI<r1Ao7kXon%2uxv
za<gKbBHy0!(McjDhA&3=mYQ>AmQOchjVEMI5#H*=hni`uU#Qb@aJ`ex>cGybWnRzo
zZ8tH%y&tE~&xOcdt#3)CnW}HGwGZ{8N}Za@Ykq4dY#AM}dJf6rox=X5g8Q_5zvby>
zwP}^h%ZIQK)j8AfV^vTuf`?<`G)0Gf)Ej(i#Af&?jJNN*egx@OW#@M}&8BV?VK$h*
z`2`zSasn}3(AZ^Lpy~MqE9jAFAK1<L_fL|0TCh`Pg6$=l=(<53EgsrmBUJSPdMO@x
z^W2pzY;M<rfQof%)2n_a`H1K+ZV6C$_J)8oxGFsd2XN&Oz&?iUga6}6gZp4eQf1<C
zBHhTp$+x`wk67NzqbnU<`*k)iOCrd%O`Upm>4e3#Jg1rH>A4#Q$F-t$A;H)<y}5mO
z^4hqy+maZf|7&Ti8&RyAB6F0v|2R%jfgwSnzU~s}mp;$rZdPp5$G>6<Dq92eEu)M^
zwv<A1gW;`wFL*&3?Hway)=t(^$$gEdPwlBpr>r+SZMtsvoY;m|Y@n5iL0Zfteg-vb
zKMuM^9^HH`%ECDT5s#syw(l=?fzSl-rDh!QCOt61R=fF*S(WLB!be!uLml+W9>m*E
zq0iUwz1RA9V)#UsZ`}05cGvXwlX=<vfI!#l^<=(Cd&Hw~<ZG(o*W84+ru!}6iMZ<#
zpokn+@GVq%&7x}0U#oG=13)BTpEqDMQJLB!(dtn;d^%hEAT5^bCfZPyMbC8dGi$yM
z6k2Ydzg@iMHg$0|Y`fv$HMeE05t35&0Gw%<g8VIH-rTxb*OG&q(A*ET9XlQxSLptl
z%Rvb<(px0<Lt;eS%SB)Z!N_JWL;Q(IRrjAKz|ff20>A&lV+GNYqO3kIWH@E6S@ulL
zPU$wgHj7|>@xVn0pU>=IBWiB<N;qy5LP3$qY6yjr=S6eiD|%r4InE=R7?4VD7K<$Z
z-3fDXcoT@~Ctn+D=eH1C$bm}4N|P6_v6JClTW`4E7BSE+Ag**3J{Y>m$8liQgx~cN
zN|EM*VMBS`O|@RL`XC^VN=H{VT9Y@4GbUQ=Oc)9B(ikG51I6+v>5#seN{{ZOX4Vji
zeM4y%ddz!H9FF)qe#@~qF}cjCp|z?=n_RiY9rxq`aJI*@v1|9!_^1>Rcl<nt%pdF7
ze)W>H#J^3OlP)z;s2FI14BrfGg4`STAW5|~o<P7lHh@|o`9)kC@~@v9F(epUXrepm
zL!|N7X<3NQR_yF(<YyCTbC=FuFln&qm5x$B2lRxZG%)jn@4>`fp4qK3>P!RZi~kNC
zuStP5sAIz_@wC<GI*qY&bRi{wOuk-e@=3j{d*N%!oebvbo{l}E(2oh+y}-z^Xa`&V
ziIZ9y>+`n_hjl^{xD8B_|NKT7_Z__FyGj3A{~8rDNzLmjl++YZ{-OOho&Or40hn9P
zGXY95ftEAH#bu$rGdP8u4C<ta^+r&V@<PNex*9kl;Im>zsNe_&5Cfqq{ZaMnTVs3a
zt=GC4vh_Lj+)1AW_HTba)gm3dw<JRy$EpUM%(OvojVazEdm5_E*D}!|wr-Rj;>05y
z-&JOoP5F&p;Zmy5OfDq~XNVJOnxsTQ?{pNpzh6-9xzArvwJ__{d%5K!!9KH~(j(SR
zRP@9NUphR-c@+&(r~3SQQE!AUQDjkiK|_!$x7eQQg*(uvvf3<*^b@!EK#DJs7N%*u
zPrGG6i>rHMOaDeza@pP_%IA9HCSWdezWlB@Dt&AVxfJ&nrfZ5B;8?WY7&~NEU#Wd>
z3t$*E?(!9iPXpDBI_<07JfikA4eeM-NFy9-su^Fpfj@=E2#$*6O_4dZJAAgngMebU
zf+rV+>JUkce?|C*8`Ls^P>+si;D=iJJA%5c;L!dk+IR>%=eH#1T0@2o<x0HpeVGup
zvmOzZJweLBoZ&eCY%tfS&rAqC36(ZhXT;57A}36`$?|9Sn+umn15%|Ux#ul=_CyR?
zkygcfsIN{W<)iSY;f>K}=$O9cBzb;sbxmV81#)MEFQ|eMa_o%JpIkd@838>;wt<FM
zP<eU|<B;Dh36TJ<Dy5Qb>VysAh00KGq|2mnoYa|dDdykyP}32L{ZSgu6W$ZHD$TUV
zTSr4Dc()WnsxT+#>)Z9X!%r&!>AxG{L$V=S_o^DAAIW{qK^N$2U?k#$2NJKv&lA@<
zJ50`<<+_*DpE*vk?S`r?bVH0ta65`Cuy9UB={~K!_aSIXm1gpUKQ!U9Atc~3VG9@l
z+4amW#78uSAU_r-Cf__-%^J0Eu{9;0Yi7Us&;Vf=gWk)3V7z9>aRmQ{g`~`h8la1i
zn0T9h?E;Hvjk&UK{q*ekdDIXUT89qd_c`&{)qt78!i<Uw{prL50x6(2fE|>`vNk!Q
zeFyzwf<HINJ09l;Dd)(!q2(ZFjcNApfwfu>OTgdQ;{25`;4=9)M&M06Pn|X$IhlhA
zu7tmhNP0s!5^E}eKn3)eC)l6Aj8@sS^~t7EQ#Fsw*V=-UnZ1w<k_FQ^;ua%?VEPW-
zhtb@wEvic3zn4To)qwM4B25JoT4iQ?Q^?+`X&7zOQPuX5_1FbM0M57ofqF6RmKl;r
zr0k(DsNQ}B865jG7FgBN2C1p$ewZ39oqRX}S3qyda6YOrDIFV4%FCtof*ym*ap%3^
z9&|O)!dx4jOMNtD3l!Nk3NOPze%4Vs?RuvP7B}r=POj12G$fytVvmd=0b=(Rt@TGw
z1F^1{(<DIttW?IH-tmwoM@q6OWkv@V2vnt`8};$i7ZwpMT2fvQ^P-z&$@7wIkufRo
zEgpJn2DnysmO3ckP1OzcbbIv9WW#(bg_f~Re_y(G@Yu_WUv2eW1Pt*WFHbns#62-n
zA2+LN+Qo;A^~FfN96Id!LSiZiFzolZk9opp&f}ZDzvW*dm*Df;B7{pK>(dw=S{m%z
z<OsOZua=TG4?(fh!JBEvrp(<ufbA%H;kHTOGmJzp+Cm0hE?YmLb8PL>^>OQ>KLXT{
zN2rqUEim?v$W`xArR6wKy$Q%4uAP1^@A4^R0ES=`j$Qf$VgF&I$2@2TG3tM!RA%&b
zT_=0T0qdPFkmmqFC=6?rrR5rU^40N%HcDpDQo1gN4qcvT{z}%MrgDL@s4;1h<d7Jo
z6r<xB8{;sl;%?|57W-+OjanzuKVpwLnEY63Gar<bhy%ar5By1@-pdI0XPW0!t5bCo
z#e$MRA@RgGK`K6I^B@;xwZi{*xvn)exM4IlV>T@qI77z2SsjjfZAY85S?*{S-c*&1
zh$Gb*byFx;!lYdz?cKIj*m<XVZimo62T^L>iOP?<UTqx76q1%kNH-y&EQ6<YgouWj
z>!Zi>>TVnPYv3d#a({<??WPQUo(T|`Dqc?c3OR`D%gLj&di$A>@Jk8Mzgcna2Q@cr
zK!A|@X{K}^!V2(rP3SPvk=QLm>>s^N$xqa%Rnu{Zy*pRj&z%&Q4q+Tyn>Enf45)Ky
zkIMzlE0PG<>-=<LCeB`i{bE1`Q$<>g>VD=-vcYKX#MY;6UAofPad^qc-QmFfSfg=$
z2@N*sEa!$7Z`u$e1Z4KlTRh7-vT4D%(2K9VJ9~tLP-?gKcQ`C<x9xKoxzF-<&ZQ4I
z_R0gdrC5vcGYl8;D3HZy40x%S_}pK{c#n4LU2?*&H15{LI-MDzdyxeELE6gaZj@qD
ziB?V<BBzjyT{5gZs448*3@tS(9>c}^A6D2GhnMWf-&-{1h)!S6+|1zSXjmMoTi6tB
z&<rOyqF|u4fS2V;J@1QxMo>vfcUYr9t|Y_VW$a+p3kmOAAQC4lr_)G$I=X^pa^Ce7
zCK_<?%56v+9}t>OQ3@M2>E8+t!U}`EA)Rq&*dBr*zX;=X{|`%79?$e2|H*x1&X8Ck
zLI{<6tK^C(63G!Iq#RL(9qwC_O63?Km2yP6W^>=!L{W~-xs_vM*x2>k_xJn#^LcE0
zyg%=~KJVB4{=8n#w`k@Z>0XCtoy2{f=`LbJB~dZ&yD1(!b~%;LBn^FKw7in^t7~te
zWtPYg8gaFc#7bOhAh#$ztR%K5YIJ+I6j6=Ie>FOT!?nCdEq+&w6d=d!L$7R1w|$tL
z+Icyf`yHYOF>Z@wmanu+S%@Iq7Yb>K!-T^S9&{(_{^t>_14+GB3+wxvJ+e?BV<P|E
zQh()GNu<idCmjCAF@EPg1bh}%@-M%xeKcnOi{rY-cr+0*(_`A&e=5+-_2Jy&q_6CK
zA#<J0HWx4#n8bAiW7?#lMVxeude-m);_!abBQfTx)Eu_GHvS>!W^VEPt&*fvZLF0|
z6Q4@F)+Mw}lLINVJ50q98#13Xx;Go02ituM(}UF(ITz!0;`I&jo+oHTdlEY3IIjIY
zsrK!#Bd21nux9vUHn)Iqd0t|>&*>0VW%0I&xKmQThcRAjHBixPP<@#-aQ)wzngEsc
z_%p9;cb@NUD?PTI4}P^LiXU!6(qw2lv>Q>+T53&*zR9sUW81EXsb`Vzk{-?}v|aHK
zeCfUbwuN2x0DMbA7}hqdT=@lTRi+%={Y`sL{ENZ8ScrVCP1&p7jVsg{Vl7xlJ(?%4
zWxaku?SVSw%YlS}@+ZXsr)oY7(SO;}R?aX?cM`vpd?#8UyEDR7pd8*l8ZQxY6KAiX
zg9Ivb@hYT#Jy2jK#+<f(?M$p=$Z(r7Y9c{~`j>R5<)_RB{U?j5`p)fr{Cxq6Mc*Tr
zRhRdEOu420oFBf#d^DkH6`9Mv{@QnP%(9#65I~>t-Hn{kT8_~^;;kICA-DH}RX?lC
zPzjt{J?pv=){?<6{3Pb<x)tomnhuv;<tQyfSF>yMk0ggaf9t$l5+|kNH#g(5k~<bm
zwnQ&l+PXYNFhVHrS^{+#uBUcV_l%}D&$LerLbJ4X%ikN*CPD$fY1fbpgVvB!VhmqN
zRBqgS_YjNX7Ntw@Tws3eF)~}X#LDgF#HnnC;YGQf5Dg})LR_erjP%;Sl};;+*Z#<h
z?Ja>}Bf<EF0Id$tt&I=vk$?W1QqL?BU_dqqIk6wz(q#Ym>PF=3d*d|$hR*)CHJufo
zu~P-G+NS}4Ru;ts^>)oU#>9QZRHkqk6nJM(VHTnQsG1GI^jq*^J64Bc^}9eGimBa)
zf3MS?TKn01Sii;~{G<8qF3!X#sB~_8^5^K9MTWk{{=TcTe_@7C+u{~7M2CP4FZbst
zKW@meoOwT^KUC*jko5BwEPxY=1+jS7gut%5<bvPss<*7BY<`FB*Odr%&Qn4HEUyoK
zXCIK6|1mSVpE2QZxUJXukC$M+A5pUK4Pw#x&+r$SSzU!<<W3R(hOf3sJ6hUNt7x>b
zYltBn^=v2U1u^Ddw9qshsC~f#@;SYM73vp8ua+jO@BF6Hi5I3&M;Q;wqHH>Y6!;cz
zSvbZ!AG%D`Nz9{c1~vo1i$&xcTkW#9=2Ab;3xziZVZSDh?xDAgsb@CJFQTxbW~&I<
zy=HEO7~L#4k~3^LS`L4yfH0l=vSuBvurkmOJBe&y*WqeU{2O6~hZqz_T0KC!cCB<D
zf3QE3mcfAd?7x2G2C(V&2xwO{AGC-m-f?yX&UfjAA7IQ3kEGe<u7;kCAs;%;NPq1f
zrbVrmjd>2>R)htI>oKhxs~(;wLZdm~p_iEusj#$%K1K5XON+^y$rcXmSCTDD(SZFB
z6`<AE`s~w5dgiSMohDP}J+C8<?V{z?6aeyHB%-_JdiPN8nwyvo+KgTu-fzTm=;+?i
zR$dThl359J5nKnSSfzlC<C-?NV!&&L@Gm18xz>C4y%XR1COJJUAV_t}Bvy{FR)c>X
zzb_is9W<I?LbqT|$c-)^@wnP`6TSLkFM26#h5Qox$dCLEo2JKqXq5aNt;L!+@=cZt
z2%*e8I~ta2wKhIP6{T&|IRBwOOf&?8t&BJA<GdELv}iCc(4WA<-uXk+BjFw~CBnCn
z2i<q4XSuIA!=i}KA$@u-^<cfV*=?I>haMxw1>whKnJjDWU*$sosbHR0D(*bEWjpoV
z8t+0f*WQOuD8a>Vb9;w?fovpP)NO?*oV!0r+O-S-yI074!Dg(M4Z)MR;qv36@Z)p#
zx%;Qfj8PTa?!OMu=mE+l?yH?mx8gkFVeg-PL(bcNIma6aJF#=vT_#$WSy{)L0VP|!
z)84blLW<UzeJWcrdb7VMuokxzz6^Suu6KiUQ#*E%b_C_oQIeLsS>(!lJ?+tRB9Q8J
zEV#s#mPORRv0=REIW<>he1h?HESS0^L3FB-X0IR2>R1?J6v%%t{-m`K68j;4@9dQ|
zAs4WOU_(v!i=78ie=Ht2fVXw#@pIwQMIV=%Ud49HsiNN%n7t<3^s=*5cO&2bCT_TG
z$os}k1nS(wxW|fmbNf}eCGfABF^bo(ZkX#|3F86~ekS$1a2Vs<yg@13Z&o5TA{_mt
zB*`QC7$wJl*Yd_oiS00B2y&S5Y;4WJw`(t4i7B9xkXK1RBGA|IH?g|w{)QBkbYnSY
z=J*`sxQ_u7t*}d5Fz)h|nexK*Ag^88V@vMjzpyws*(KZDEY3-NZSjq$Qfb-8;R5a5
z)pW9Z&2eI$hA5WkevgxeG&C0DPrlmKC%QK`a+q)Cmg(IYMrDl+zTM+~iq!wlm5m(C
zX@zTGZt{*eI{N0vW1qlzIeGyX4C>d5T`m|DxmNGL3dJTKV%+#C&h8ljqkpv``yVpf
zPr6!jllMMngR$H{Y_F1ijZ<Z+;3~fS>V{mm=x+#s`5@pqgpV6BwMfTw+;pR}2O`<5
zgNarIyW{Y@FHoSk&Df~IRCe>&3qx-6(wLi0$m)VD%#`~wCq%*u$BlSB|9e04;nQa^
z_iZw_({dK~<(r<%8127EStQ_r_w%>FWp1R5?{p+3%Ccm+_f22<^(*DXehl}%Xwi3W
z1nN)GA=r;{kgF-W;6P+Ym7mL_IOJvwBDKcgzF=EtUHHoR<^~udii^gPzu&UF_NbtA
z8!yhC$Uz2$u^=aCQ$f<H^&IQ2AQSIXymvna8!3%QM0P^!!WyFBT%0KU?WO4JgVU5t
zrbK8!Ny7dlbMRq*C5MZCRvIUJ_VfMeLI0@Q4%z+nL)o8FV7kjxleNPgrJP)pac=I%
zRt`tMP*v~Zor2>V=Z}vh^CxC%BtNaYdvxusasKPVJGWLwPelqzPret3$Tb)K8FW?3
z%YXLm*F%#o4?^y(R(TZkwO+mXz%wN4*D|e{h8i8Q<bs$Ag1GQ(v^Xdbzo%9^LPcZI
z$VhT=uz%}*mv>1QOS`#E<&Ob?$iQ_#lfk~5P_3ESt0!x1!#a=~F`2}I`3+jHzll=m
zBeAD=F<D|;IJb{ezia)qM(cD%IO6pF3qPCz&OgX}#<C(Dto&H}`)_9<=L^wT>0wJE
zbLHrI%k1N~U|p$c18f!Sg@4?rE!tgrc_*IOErW9+VdeHB&AZxfO6k{_%Wal#nq1+y
zv6r(0)e%8(oHJ<U0mv|S?fMAO$;>V;)ZJ!nOO|Cjc>WLG(5*;_`grTJD&lMxQjauz
zBF(t0?cOW21WR`tfCH3Tp2?(|(iz9LBUQqzp>zwFLX>!;LhB=`U)5Q%>vE5marc6h
zuhsUpcz^cCNIY)3kn5Svf|D>W2}f>y@CP5-*hmA3!<6?oq{o2!F-qL0GQ|pF&1Kew
zm+LNFRY@y~3E!R3yV%HbtoNl$n+daz2q`Of!1!>NaZMR;9`9ChTETgDt3}*hQty=z
z)0Nvemd;gt*<N*B7{8^6ClBk;$6`%qj!Q*@Qy#!eEpTYuVLYakUCkW+P+RA49<R21
z9z3&Q<^m^ct%a#AUmh-i`y_bFH`dvF3N&S{-+;{Vv{u@zMU&E|<t{jsQp-RiR#iGH
z<qm$)rj0_6)vf^M65#EZ3`#nRFa0GN6BwnO6!@x<HD_n;{GZ4+qpGYw;-9-(gCrUS
zTP625FKh==5Gtqnz0=_2$0XgLXrv@d>2xfpWIX=c1><wIX>;P<@5+5sLz6<&(4J{*
znR`Et9wdY&%!$k@cbN#n>UdXmNDN$VS)rOELiqEIoE_Eet}}N1hkM!LTP;zos3XlU
zoePMX-~0J?e3yMkV|3P5E?|x?Uk1;NzS8>z*mweWbioI)23vgj9-F_*+G)l3Td?^b
zBho-ZZIiOQ_|7Ny@D0nmNu6%3z{LxQiOI?CW<2=QD@2F#&xh7@u?{!S?C`*IWSizT
z*?FW`v==#PBawY%|IhEajn&fXGOZLCVD~aQ8P2Ed`Q&j%%&1;3H1OowlcYoEhD#d?
zGN=dkUmt8c-3VUctvaviuW~B7(jP3jQIqTgfbp9}RgwTKCjWm@fZ!n~)EuY2En?(I
z{3w}r8<G4f*ZR)pNZ=mI|LVCl`Ac?fUN+CM<%k?O5qm|9x}a2wJ&N~9Wgp(ZNixUL
z$^d>A@B^(fJ8UVEa5mrV(&<D9TB%hz7PzgOEk-_1EW`T>TYky=D@hU$l8aL8OL>74
zE0ecsD-FBgaLTEOmvwMkH^?M2LVDj{eBD4pAFFku>5Jml!)3F$R1`C)Mfp8PoAdAw
zaP3}MLH_=W$Pz%C!iU@fowdoleTP*Y){Ib_1ZgOKD)iwm=ekw*gomCdp2V519-F$V
z?0KvSEa6otHNiL?CAgy7`E&-e7apw`C9{1m2!A-D#0mVMu8nWs?Q`>JC34J&VgG2x
zu{Y+Z$>d+0VG8Rc#TvJ)Q#Y5Sac~LHC=lCH*6a&pzrPlMklHpQJrD{;6nC+m!fR;f
z$nH~->?OyDVz>7vutI<zY?&z*>|L|dTD2$A4|CsgTkA(HOJrZ9QE0!?AC2N?pO)g3
zxJ^;R^^=~QYmwI;!iY0sBg+c!W-vaQGFF9xv9!OpuZYF!Ms0}Js}R=!ouOil%71Pg
z-{mXNSy94vZx{s~?;AX^ZTjU&C2(USj&$s&2{~=9?b5a;(M000b|o@}a2bcxm7e^%
z9m)PrL6DNOfZ4BC)+QYW%nEAN*rG6L>dWqz8L_9guRdQL#~u0vfb+CV#L7hJG%A}3
zuKtlJ^Yv4qDmTip*m7JWP+fLxgi%<E3GIT4?jKw^2BYuG{SjqJP@h<x!c)#W$We3C
z@^Xtap)32)uNL57kjnqDjjt&QeQu}_-aKnt0Y{bAaf&81JrSh9nfsq^-_2r7fL*6*
zQ)W|e>vqKQ%<a%b<)0ye!|P4))r}j_2>d&loqqzo`&$9cjLbA+p~e0q5kB8s4Dg4A
z+m1!{z|_#8<;cQYwmaWUGdCrRR=EZ^h2=o-#zl^ikC*A+D%$(%kJ=O6xONH5x8jfB
zH4`@rt!ZK%^#?opAw*5wfsG!1zK%7Kx^7eMiG{d=E1@Y|y})VV8m^}=E(mYmK92j~
zSMNJ5#5(*3E7=cogWko;vB1|25Ny5$^YE1SAL&@t%_^V@r}v^&=I-rh%vF(e7S86A
zLs-fik2ExZCAqIpa>v0*96-W#Y46G_%5RST5pS1l6=?lze<T{6s*)2C$R8yhWzi_P
z@0x7|JP%IWNK2heXVmN{6l|nyB!bEmY9(wz60S>{EQPwZBW7&G3C<7PK`uj#pE8&J
zhFq;6a-P#iEYHy*IR%TzNRH^A{^FdieQU6CU0fblL&4gA7UeT{Atq4@QBnCG*lVor
z-pJmVj>yctbN~MHW?#AAe!7b?hPi?(Hs!VmFSR{|pAmxr|H!ymgb7E>lz~XUdocZS
z8!^pUrOMU4@H9Bx6!fz`lge7`Y$*}9yzEz7D@%)^Hyc|SfGkrU9r!t$N&Q>U*}|6o
zQ(4DhT5NhHVW~du+3w|7dF-)J(JZ2*DY2TEMZE-f8v9VkkytHNTkUzodY!rH(~qtZ
z(LIj=d5>WLeQ0uXY{U_ISr^-D>T~L$)9Ld|YeFh>X`hLXpQzUj(JNk8@fxlEFWx&N
zHSb-K|LLyz&z+Xh`VW4U{O8y|Ogg&3VPfGtj9)kD2i6aF71h4=NCfY@M0-6@9C9<&
zaMnPa;m{ocl-qU<>J)BafQgGmize|hxDDs0)6wx5z8qwF#Qen;n9Q~wX%;86wBl*J
z?NJeZa$DVc|K_IW56x2N^T+~B%{9h>pP}HWD~O2@(iPJEw`W+(?1Rc3QOCzxc^@)v
z0_1nTsJ-5>bO|Mc566m+%9jdMpkO$$(wk-LTqm=56);r#0vBQfNdq7BJg5syT-M&E
z;WmzOIDOGPT}u4QB9?No`v(5Z(Rhs~d5mb0g$RLd8*3;zWsYmk_Z92`tfEsF?jv1g
z{}%HV3weus&pE)M!t6j2qIuSCNxt!6#aqjgClM0+0#QR3TUf6N4P|1b?mBC*{ENCN
zznq>;NAF#PDeXriXV^NFV_e7xlGYXcoe@T9FsV0xnf*egqFs9iBDG(uYM@eBS|z8m
zRqZix11Cu8aQP(0_12FnA9A+1{v&PN$gNT7>iPqWV5`KwX#`^I<XW1041+dn`aUqg
zQK!`HBJsuGEYUs7Ov+Q}0Wv4%?~!+!7qZF%aIL0q{1GbaTZlmnV;-*;MC0A}eMjN=
zwl`M+OPt$Eovn~5Xfal)r=z=4l<~G)3P<Q)*!2AtjQ16eR|_W~(%M^MmS<fwUcUz-
zkz-X@wk{^OBeNky*f$UZj9~7jAY|eqoWT~#&VoIVjhun?>05}vgZq5VaYfB!kutnU
z$SblD>|N(HCqd^F`U3G591hrq2Wf6IsJ)aol5?J<%Q(zAO(jQc>h*I?=dtIQE9VPN
zr*9%;_I0BU|M1iP5ed`ZL<p~Db$Ynp|7Z)kK)t{*`rG!0j=zl6d#hY6F#>jj8Y?_x
zxL%zLwEEwrIIkbvgZg;Yz&9hk6&O2oFWVf)x}ux8XR`g6bUjF@QAZn4D~aOwjEHAH
zI>8j%T>ufGZwsO}Ax#>x)VLIe!({qCAL$HkJ>((>pZeG;EaNs<VE<U7bC)@&!LLcO
zl|NRmQ6kpLYXdICWSz``LzMTE9x(-lmsWcn$?+-=MOFlG`g&<BIg&FXK0+jR*)1py
zXL|D#BC#Y+a}-~eHmAk~5KAZ5sqd%B_O<yeAS||94!uJpp<&0il>Q`b!yeUJFx`ZW
z`P;>~9=}JdE|;hHAc7AUKrt3qPG%mKn9bM*$5vTD56|5Y4op$C_=j*}Bya;0fj_Yc
z7HHE|0T&51Zs)B?6#X)(sni#rxC>qF+#}+Tw&v>0P-92F9$udLrP@?`p*`I=>v3ZV
z<zXezXS6>*HtNJ+Q*~L@H&qML-3d-XS@}jstl%F3*0^%!4#nC;D7oa|XOx`^JdFL>
znu$z(`4$Gi$Sy8le+O%tM~Rs|E}X&agyRL<Wn#(4AI7QZg%w19%VZ6gDjC!!Z6t$4
zEa67uiUU}uXSwYu(T8Tz&JM4~v}`@@T#X^xEaA__Aa>P$)U4KZHZAIr*-sb<GbU2}
z^7&~gAE9l{Ov-eb?*&Z46U-`M!AN%FkhJ$lQth{|MzAbW+<NAI(`85ZHdW5GzokGQ
z@?ZMSNUwjp%9Ge{52`(|G0o;=CW6Sh6vY3gc^gB-U*jGU6?0^NFRoT{npZh222=hJ
zK}C$Se45+%7uo2XtxZhR<C*E^2-I8HirS2H&~JdmNsw<-#%2o>aRO9c(_;Z>l^2q$
zmaLIDXk~2GR&ySFP#1lO@och;?W+kO7gifcc&Xj%J@b%pk5Zj6S6Zh(qy8?bZ#);G
ztGc;{@)@bU(RACJ|3T_T%d9!ry$ku^A{p%y${{^a0H<$YE{9^Ndq;wfZ+{6{-c_o7
zQN@6htR^#-cU2emG#Zu6b_5-fR{`esFvpqqB;PoZT=?T|?x8g*5&7?J@fA~eP68B;
zM<g||&XT%?{<2RLIV@Y@<F_V1Ym^q2A^KXz!E)THqlKd2u4B-1{kxzjKqKsEpYais
z8Z*ZYJS^!-Z5cR;9rttwlpXmgQBBfGWrjGoj!&B%HzEH6iLT0$LW_Vev`24isA#of
z!F|&u4E$v#)_sZ!SyRl03;u0RuLv<d9Z#)u!(FGxRd;dfyDuK(W;?Zs8!GSYuy$9S
zJ32Q%;2s81PqZ*Pg5Gi6bkauJp(9zak=x4~`2<A5?zTT3WHSLMMP6WJTkqw#6**^j
zgJic2NTET1?H8L5X@T)z!Sy3#u3;q38w4qhwoGS$__<>LY=Oxzpi{-SbxCOGCX;1E
z!j~pJ$!E}b0YvqQ+azn;b&^ex()NM~iB{%*AuL(KTyD`k$|CAO<JRd<{bgrxayW%3
z-6+d#!}kf1-NL6O9whu?$Wehk7{yk8VmenvWK}JK)J7Sh+!XUH@D_Ylblp^uDa(bc
zN4J$(iS|M)go>X~hpnF0_*?Jqc5}{GrN=I7aaE#LFGy>Ms7un9s=c9()JsACm0A2*
z$l2-P%*{kbuWM#)3^~axeogLKJw$34Xe!XiSf;=G2W={#Nc;kC0Q6~iRUd{daT4Vd
zMd&LI)6CrQxBMW#-93B8S#niQzn`d)xjFC~n8;}Ef;sJLP;#OTye;M|kcZ{=8Wi{b
z2*7T=RdDtp$DpaPwfFEd$ky@RSW3KV`_GWy7YCBRSs|LPgU+{3_@iXZB9+IfzlPV_
z^aGf!*WVdm2uuBD1xx}7zz)BORvZ_>W#H^_hNLNAx>;0`1xSWKK5b3k?q1g}C4S5N
zTei8l*&_W%kfn1v+;sdiP8o;v(gT1KqDV@w&z_GvJG4FttY9&9u9o14XAM|<+m<9D
zTx<2KCvAt>Rx*>P+C~3RrV>*6S#7+3YA75n(m+TLWp^$c+Me>a)cguNdZ3$AM2~#Y
zg#?F5v94BD9o%TLiaxLD)xW(S_o{|1HU4AW(Y&<wywXO%{()@=(g%Ry!3)5o$5vQG
z`rk7+SCzZ5`lneZ#)-fe{rEJ<XmSZaIf`$5w#iUAiP?N;Z;bE3pG;_SNkh)x_rNZR
zkFz42>DP0jx@}5(60_;dRx!^yR>#)*-JpJ!BYvhcs)z3cfMh|^2x2GA?R^@WG*EUV
zo~um(NfgI3*^*|2emni`!z6E9U>PQDm+9f-Q&0;1Q^O#?aF$$->^w_mGSs425@cq@
z9_`dt2*+xRxv)nSB6ZldQ$x-S*3NB}Z=ZdqQ+kY)8=Bt+KD@(JC%wi!cu<FN8zFiR
z5NV~L39_-hrG9c~vV`UiTyuLZt|u1J@D`{L0~`;)oxyQ&;Zo+{m}v7U!S#mxU=gl#
z8{^22hgMBLH=#=4l_!wJ1O2vT#kdlsUiNjhomVSH>$!k$z_-gijN?9fDBlIvX>zp0
zS$r@W<oxdpwhEoOxr84m=nnHYThfStzTLT3^%iJZxLpoC;<A&3@_GO7JlcQe>P}p+
zHO7`<S_1gE`4z9%=bUt%EWK#7$HVfipm1VFtXfMg@07UOuN*UF%+^(_?((L<<V9*F
z=D&tMn<lG0hWcFlK;c}Qa+8chc9o<J6Jb#*w&3m(8}pPWNlsADP#}-5pf~RWm#JvW
zVR{)jAeKK$xKZLw{O-9l%d}YD9ZO9bMgqD}_}&=uq~g-1#b8_=c#FH0VLbi;XBcGE
zD6?-7r609K-J*vhqOIaelhWHp<u5Aly?y^3H!wWVG&zPj?@(qyiVeCgKb~7=g-Bwi
zNI>{lC!!8)2jV8nkmtn^Vl-S<>2xV3VS}l>vV+MlNc*=};x>@GE6*m|kyk6Yi!u9d
z*57h!SNc~0PJ79f$CLBrl|JuM|Cbt081+L#0rcNz*bn9a;)Y{b*xyxMc6+aW6=F@g
zyL=;ZA79Y3^>)vJnhS^Q?V>79=s&}ovK}xA``r?RQ=`A1af4oF{rq)OC@D=CE#w(b
z{i;E_PP&cL3yMcJo%fC3buDUYKfsM<(9^!+NI1GX2G5fm%^zhFrT$-@balT)fvG{#
zRfm}}&e&nUaz&*{MY{=@9NAxno5#rr4XuZCbmIhrxEY=poe$@YOOxBh#)APcfqnB7
zm@ysypJTo{MYd@lT8+N7lL)`t0S7e-dRCnPuoVO_#ku&@Z+T?eIn8oq$CMJj2PvWd
z)V>v{^ip58L-&JWjX%(abMDpoTktovm~7hQkj)UCXMO2_BKYF8`T0J;Pr(xHMZT|z
zhKgXv@dJh+yWxVZZll~2Sxn&v&d~@Fu;Fx-F!RLv=38EAkO#H+*kX()`;j5M@%qta
ztJBEm!15QD_O3i295e(uj{ms>ZN45|ot=vtdOSe4vt}t)63XS69s<B}!fiQdQ6jNK
zW?Hu#vr8juHO0}<f97A?PQ~PcMJ$k%00OA%X6LXlM#kbC-MM46BO)#3o4f_@Xyg)*
z@PP0gs*US+nil@Nqj=p1l~yQNg71Xzh6>!65&CPHxYtc4`3f;E_aJra!ctfdDNdBo
z@VS%t16c60O=*fgce<DimEZF0Bz&UY{R0s8EkVe4b1{^75jdh%mis5<p7ccOF8eUp
z|3Fxh<p$4>4dVQY0bG$jOi(7oNn$Zubb#M2efm?l9r=nNTnKTgV>s2oM*_`*ItV?^
zv`?Uk2j0@&U)1S@m0x6d&mhOd3Ea;1f*BPoiJS}u#z!x{hRrD>_(pwaJ5~p!Sc=5j
zaDvt3Ac5&7@hBbJ$bQ^Dv}=U&`MDjq^EqdtDS)CGc7%FMgq}hW35OF|mNRhFfUf|V
zhq$@-bQ;*-(N;$`=h+kY5rLnC{N98mYY|UVW+DB&2t&W)P2krN@P3*AVKzBTFw8QA
z`(-A#lPan}ti3~8*iA-=j`|kY^Zm7CN-kN6@L?8iULt_PeV!bn)cE&p@)tZ-g8;f_
zg*ZSSGU!D@p&v(#@@rfHA;t_NJgUl?e_|oamh=(yG0xlE8Q^Gyv+q5f^uzELVN{po
zAs6=&tk(A*S6t7D1`{Mq)^AW;x_pIv;Uhd{2sRItFqXae#ArQ)qD-*eyjdn_STb<C
z2=C|4GZ(3_$Q0pdhXO_!?KTuxx1jK%oe^a6T;JY6YYKyJlrbIHNh4-#a&#fnxB4Oi
zi+0^9-_^ZgfZI@+d9_aJlRHKDtHz3`sOG6Toen-beWXEh$Fw8@BoWHvd}P#QuHx<N
z!MVs}g^h+8gg-_e_2jt&fF`sF>?*jJB&j!ul<9y~ptL*M(!s<Cr-k3*bLZ*bi)0Wg
z2LMm$r~`A3L(9r4&i<U^bdU@1iOG>=yEW$nWYbGafk{ny^jaQg$<PFMfL{^Dep#E+
zt`1r!fLxwnAA-^&*nLmH6nb|FR)~FY&ic<RMNNSWN{+DLeOJtfE@*7yfy7TBH7NIf
zgn9AL*$i!-r4VgSjRwww50Dkr`y!1YLJQcyIRrmhb@>Yr^}L6euBNDe)B*@qpYJ6+
zN;4cqiu(wFo=$0YnA<^X4&cET8#%{v0e{oXJ7`jjf({3JR*V=bCz%1*0M~=JPdr!q
zfb35y$lJ2yg91Jv#X8MJ!VWk;rF->tA7@HXnyv!rAE_V}y$@;52>^a#G?a4ysy>K~
zZnm69@FCtzbcc1&0Nj10d#4t|I!nT2vIRMo^O{K<i6V^MCt;?358RBdl#CT5t3pNS
zRRpMJg#;8>@5{$Fm|yJxt1}HLU@5pR#C-qY%<uP>yedZ*w|poXKfs95@vO}}@@be@
z3Ae4LK88fIW1XBYnjrGfLwXR!)A<mt!bPVmV5d8XM}c&S$;T8}MTvz7I;|1!-bn+h
z{pybHG|yn+JAG9*o0Oi&a0@a9`1F;I^#vY*5Q6G~dV*NBz3Y6S*A+Ai3i28KVyC&i
zdAkBs$bK@1Ad|s~-i*p)m&u@RCzCkC1m}bDtUYB2?;sM;NfqH}=4xhe;*VvM)mhz=
zlsFL}0Q8Iw7C|K~P5&ko+Bcse6bje!fm4<WMc_x~<s&%u?50h~vxs>gijbWJP^i`_
zj<~uU-C1aF0Tu$<G0D;5Td%X_%R9+Oj-|$l(m_9bMtQKBn<5FsyqK{70z#cd`AUeh
zXSB<pGAdT3RP_EL;1cMJCF(RGE}er+FqUC}tPD7&UiWivcN73*sFA94%L>%!0q%j!
zUX**!YTO79x_hBMd~+$xCG*_Ej#^bVUIKpdLmDlStjXdS5j;z#=I}gt+chvRS$%I$
zj(+He3P3S+>-bKfEJW$Avy&juX2Dk+er6MM1bV8zmKT3+%{`$>LcZIZ4;`3174}I8
ztH$zEf?#jet85V1`Qb<&aCQ&Xnj)3~lZO~-;lYVCH8!+w(Ru54XuMO56kMF{xxm>Z
z#8hxj9`L=qHr&}Jn6>yvl+u0&)5VXE$ewzlw+MYdr4lBnudLCBFo!JIMR@NXp|9NT
z2}g9BerN*5%Rk+vJ5wH2c<pE3vbeZ)3;;C^#w>Qi?#$@(;!j_@@9RdmT;Xdb4?U_?
zaE5SrUOrK1pp|@`@>SiN7Ee~`5dK!%IN4EXk8U4cbpGcCfJ~Mxu(5S{3J9T$)dkg2
zq0H4GPfA_|=3peF)4#=+f9~Rbel_<7i>3sG!-}qXr~K0`*kP{fU@?Lm<4vM6MSd{$
z9uOkWMTp6{fUw)r1X`S@M^P-kILq+^BpD7JaT0RtWM06teTp#s;WH#QkyBhja|?C;
zw;o4uQwM|jfcAX_@bWys9gD*U=gx0^PM(%g;n6Q&m7t84_r?Y!80W>JrJ$zsg`J!W
zTk{}Ft}vpgKYxwGJOt&Os%OD@Hq_Q>Hz_3vcf22;Tya;Q8SlWWLJvdYpEFK!Rm<mk
zeABa-+Y27w$ltjI_r^bi-4m(q{_eN@phA!)XNv-+0R+H3uP+MEuitGc!hC_n#}gM(
zg!5=;6F~;YwTHzNATUc(Z6%TX5Ze!sjbDO3XAjmYq_JRx3?qdT{0Ko5%du!Uo+E03
zFyqVW;PfrVoaJ-BbpcB9D8h_%?46{mQ<#_fjE^GjCPrT~2;Gd8*r>kCw2L|?pIGpH
zHUGD9bm(`*;n7}c^PX6`8bzZEF|>}9B7!lgoJS6lz-ylniP4K4lrX5bg#-~q%-pjO
z@-oj&XzLg!tP``CP87o<&8*aZAq((;$&<}S{bpGEfNi!d)9O9I0@)cSUX)AS=PQ{U
z;Q5&HP0j+RzTY5(iu+2!f;+#yCt;hRJw|;Un(qNd9k38<#4|#I`jB$2%Um&bXt>Gs
zWPeqMm@tBi3r2wv_(aIjM;0F?=N|BNf*3&JDW-&<$x4L1WM5&>Gs<+wnJyqdo)bTS
zkeIu)h8GCafPx`P^R~*l3`JoikB<%Alu(&m%U`QOoY121*JDIc8I<+@au6r|XIjpC
zO$-nD_vkrURyU2Jd9F)2;s7(|Tq9CwZs(~-*dif@6hz#lp5Fk>W0RsK*&-&G$!u!5
z(?v@m@;QdK(4>k?%wg1`NMCJdb!8KB;K#JpziuM}Ll_~0Dx_fI$;X*b^A)&uS)8uY
zRh3BAfPx^J^Op(A$-W2BNfcdf3<l)YKgx7dLHyuEQ|U5npbDZZ7o@nU$>hqj^oBSk
zA(=~z6*uA`t1)9Kp<PW$+(`oodyO-lw$gKaC8f)7(LZYQ{Ru)rElKV&Xkk?LOLK_U
zynB2IcL*(i8zeDjGpx+@*}#M*?);SR$pHP1=5zGFgkh1|17VfR5_66aBZ!c0G(|a?
ze4+!gAB-G{!Lar$*JJ>hyT~MCDNxXXAJ+5;?hQx~FAFPwawhtel(8TF(wcF+u?*ap
z8O(UI7iqdb4NM{;#x)~D=RaWx&NRI-q<$w&8ovD@h@31RPd)}+`M^Y*{~EJ7rKj%a
zYulF>(n-w#)8cd0nN<|bde902JfaCsgb58I!#biRL0hLsl+uh4XOD5P{Ir|^rb)JZ
zb;q7F{p8}#!6MFcY=0d_u!vKEeK^w*g$-T<HC~@d`=+?OvljebQynpv2xH8?Wnpe%
z7<s&1tfy+u{q#8QSqghau6k8Qh%K@#OC*vJFoFggdf1fIH2a-i?O}%zR;g2P?quT$
zvj?-&>YjpNs{2AcMo4nMQ&02E_cidFM8>gBDw8f!_qX{tLUrpwwE}0dlNz1Q<_LMI
zSzsjB_oaT|6OE;O#C&Y&_bAKBVO*QUwxZnYLJI1up~O(nDVRitFxgmS@yz@p*V7>n
zaOK#V5R+`%Ata6F^-_Z>(b;L%b0TwA^i{4bal|0T^Dr2xRv0KWXAKeIijq86lu#n5
zd<r+vl|;)yh31|AV{QnSxd_oY8we2G=iAkv*d*;E&Sfr-#d(MtM20I8lTvUY`ok{d
ze-!C(DdLFx*fd{H-gl-egahaEJH>=+d9j)(UT&mQkVKS13qX&~JI9A4bEKght2^!D
zT#9I1iolNz|AFVN32`F6Jag8~yy!H_a7VNZT9Hdpf2X-H;vknIWIUH5W%}JNTlsP}
zcb^@9kq)I?@9HLePi{)o6vilX^{~HVRTv@1wX?t^Az{uT)Emmx<L^1ij1C78q|k<%
z1;5WZdL>uY@q*kX;tH1(Ta2p^2>u!=_CY$_jQl2%OS(D*mW&nPE{F<Lf4;!cZxK#o
zEi`j@=%HO4o;fFao~r@=C{!DwJikK-NcIJkIMW-rZVJImMmsO5IY=S8bULR+xC<x^
z2XF^@a|a>#xPvN!)4}t8l#MuR?g|^v*Z%iBrVyR^Ztm8;h(4db+6+Hd6KdXULpLYP
zPFusLUQbmW)*r3T>bR+C02h#Wcs+sWW-uqh7{*@Y*!){RM7f*{=H(Kk-)Ss^2B5Om
z7%(Ap+D3m#3L8nWClp74524a1W)#?e9||c-owOe;53X0+h~wq*ft(nUjNnBhH~O9W
zA?J5_op`vW&J1EcpVeV3qaqNd#*OnXCx;b3flU_Puxt@qeMgLGR%c^~^IV(`ibR)C
zNlwITip;1DtS=0S&J8a}5c0Xhy!NTqIH767kLfZ&?I&<TpK)pvxzHB|5TSYe7DO8K
z@5mA#*Z+M_#`1-6`GL-$ICS0=!5l=rrr37MBy)~%xd={}ltKf!T<m}D$392rr`&7B
zAK)6^OWagsoNMB0|1)uDL-q{tW^P#bLH@7~bk;T)A&9r4$3L8q>FSS<miF;{!b%(8
z%>OrKE7}b@x2DfE*v!WiXctfrXiu-^@{62AuG%?-%ANugConZ<xZ;5lMa5GjAu99o
z@c?z^S&E7@HjNvBv$GTx3djmaE&6GPAnbL%Wa2#zuaD3uFa(S`z>X*PgQha%f_(3A
zs)Tm~rm*v2*`EcmoOzz_Fh1CG210&umS7w|>4yqkCd$unfb(c!wC}ZJ2=@MG(Y2&`
zxnmG<7lyP~w~qhjtD46Xj@e{;RF@prT-V6@6lYR@w-6pNf7UbQREwHUu^m7@@eI9N
zOkWBIKC1r@8S~_iqJGCT?ur?mb(RoNK=_GZCL~{)X^MCMrOIer?4WMm`^iaUMTH-%
z<(8i7M9W7aC`0wf?A*m5(=yqJA@ZU?7)-i$A(^9}5N-L>7ve;9r95#$UCPc4X&?Z6
zKJVO4jynud^!a?|Fe)_?^)Cg_89(LV1N_wmI_GmRe_>vl8`v1nPv0#=OdSIOzI4yG
zkZ(ei*+FSpY}EP`5#2N&V$J-jJt4!C1#v{^7L+e0i_C&^n(<9ZwFE36k&1u$s;^&u
z17O1GrQMO+P&=$YHyI@dnS*SCIv!I>A{HWn&I!>uGGryr8A!j$Cc7iIW4bScb{^Kf
z$Tx}~2zNZQQFU0ek9dt@vEXb9!Fp`&;g$*Bw|nVa<I$JNzRw?~q_ctrbjsZBjk1(b
zIl5cBNzaud3o&Gfi@gjy`oQEZ?66MQ*$wKEZWGROylcnJ{&cKN@j;)nHrs(BkU51-
zc-ILCw%#A)+u3b-eVZepvQht*le-n(xu>tV#yi=OOQcyRMduu%5*;W#CY$gvwUtto
zP1YX50x})6$sTl}^aRy=9f}v?{w66%lj7*}V3l-#A<t4uuKL5;08rWq14M~HnDX(J
zZl%a2R=0U1uBPeBZd*Q0le>k%EKsu@wMKl&*&H9M9p$NQ%io+Qd0>UY+6y93_1D`D
zScGZr1B;qM3y1sj;9acyxk(|;hHQZBl2Q>Tanqg&(o?~@E8;~<z<|Z!kZfdDM2qwc
z&5RFO+L_!*1>a%@P5FxX>>BVDZu0awQ8w6+0Q@okmL;V29A<yPBBq7;te<!vwJ*KN
z5l8JDLHWyVn)-vbJ|}Lb3=lI2-fk=-thf21E~H;|<R$@oZv*RsQkCK2&f+ii`SKzT
zc$p))d9+{294f=VZQ9(oWRBLtfgGQ%1HA=jsMfO)wUo5!Cix6j$vr5rx#Jt~Q}NGd
z4EV9vtnhvi&C*WO#DaUR(!UjLFitZpZs4K1Z26S8NMK=Lm+*w*w6u^1g&uvtOy=+A
zqj9;Fj0U$(;1ZkAE9XvqRNcisD8M<_iAm<He;?tvK{1trD3x06WpMj7HCk1L#?8Rw
zzu8^rL+mDhm9AmSPjwiN&f2TV(-NFEeVOqc=;g<{i)>Uih2tuK2XJ7<Mw}|j&h7Zk
z4#fOVv`3ws;1c_qHbj!Wbh*E}eh*eA%Fwxm|C-lJG@WYFSwmi<$jdU_d1FAB-0<nE
zPf$pv<GeF6<sl+f?+$zW(``0|Mxo0Ou|A}>hv_yD$u~{h{lc{Af&v(a&S)KaEjMW2
zIu<$lwvLn9&rz-S&h=Dp0^jJ&l0`j~qWXp;a1;u#u2Z&hOjQBQ^-i)IrAiWs`syEt
zkU~jdVEtq~+hZP!xP^x)HH4+I>O5Omn_s_iPruj`y*I}38fNbCu#4PuYLUDtoE*`)
z0~~6N6a)ELl#%A=`|{524hpTchQCU&hb=Q}MHyjoP`bY<*t*j}zWm6h_CH_0dE>x(
z3-F^9@OM$P{X8~Tb{DG(Y74uwmob?ijNx_m!qQKUWP#l1)Z#?o*NZC1#ex%Cww-}m
z^cV+Rt<Uja$m<mTzGBQV@0+shnOZ_IrE1N81<OUlx-!La?PQ#MLG5%{-iv(Jg^to1
z5@Ts1W&>TWB6a-mR(-{XQ#h@vAgvS@K$e*%%C1Y~9zGE#yBQ<&_un}%<p9{-jXoau
zx(L|r2*M7!Pa$gvMsm;(iM7`$F9Wu=ecHr#pnMLsqqGD$HmZ~m)&V?71)_nBmM(VO
z6uFN+jL3-XdANPMDRa?b>|qOdxenkpwC3Dr(#Eai!Lks5TKWq1%!#$IE0j37|ANjl
zy$cP8S<__MU7!|yQWSJ6r3lz?!3SOS>0FDKZcWlkVl=*o4lMzTawc`?HuUjW6Zj8t
zto;M`DR2!zUz^T-2!H??<5B`Bzdp1scHMvO37jqt_vMGI9_rJ-fc~k&%+R7A7ljul
zg5ML0McE%!+Y#5MXea2#7VQNYtPXnQ@@`e}@LHBo1{uSxG{U-5<U~WY>6N1JwEu1a
zU!~{?aISRHbm)22xZ1Zqn~|-FZVwq+qCPD{DmQI|9+~$L@k#{50qQjGd*pXf#93|n
zx+vPa6X|ojHVor3g{da^9%HxZ`)y(pk!dBGO~A+!s73MHx>^@XrRW?)rBA9S&=C1w
z<z+H#I%Nbd1`&e58%%22-%^M)QFd7(LWD!rlcHHZF#)$l>u!e;r*~V(?)nx$Dt6d_
z(_`Wmhqjn86TqD7tWD)SNY~^9Oti`EI-j7|5}bv8eP+rrxRal0Kdz8<DD||rbK~jN
zoYWU~eKN82mv^LzZ+$Glue{0&J70~pxxre?I_-8t3({>JhYiHJBjt1(e%u|%?72Lh
zgFdUAt!gs(vo8n*Qn);*pZa$5n%ReN#muxA=}*a_hgW-Fxn1j1efc7TWv1hStb0~+
zw*I+XqxePpCd|bPKF9bI2e0Y#3TqfTuQBth^n>0+n2ScZ=9$mi4RpOY=Wv;IPwmcM
zw^X;#8-tz>E(&s;K~ZSGGrir4?rYWP4iA061)orRwY(8Xee-cYQdah@=Hp3+DsJ!C
zxF8>Ro*9gZXo$FB7<yLE(B<#@fSWolw@>qrU)6c>y}C{++h*|?R@L>*SayNupb<Er
zUt>di@5+Sm$B-xMe@1CTD^K(4EGdue)HLezY=;d-dhHbSCJz5{(eVH-zdn+w>A8Ka
zOZe|~uiW15zbC?sGG2OEd`f#}gEMUOIOYG(Ny$n5;IQ4lyzsKzrp)_ZpYMbh=Q%3=
zAjSS!Qore^akpCM^$dtM<f3+`H^1!G>5r2qK3>;|vkN)lEV7<3!HX3PQu=g*{IT)N
zr6t&zY3QKbqukdn-v$Nx_PegkIGVy5T_69u?|H=){r=;x@jKUJ))z9jVyN3KFLYl1
zJo)BEHMZ8v%iD-bIMNw=_0%&%_4?s$&&M|g{PA~^e~p~+{MDa7@2R6`pyb*!^kHB%
z!0N}HHiGM2^}JIjQ|7N-yVS0J#Qylg>(*u5;VLbma$(T%9JsZ`{r3;&f;~?D%1Ywm
z;y}JB);|@!7?k6qlEd%%VpV)xdTfDyxO+s^XhPOm`tFTEJJ=sX?fgNAVN&45#j-Om
z?s}XS{Q68+8U%i2cX6c8Q|DEqdO=9e*Whk(#b>J(`lAQDC-ZGglnuA9Wc`#i4iMDp
z_V4~Y)T6@8@hZ~QdDxk5{mJXFvz_Xvs_Z-J3OQbcEgMp)A^xY<pqIM_|Dj`ThgMUs
z3@n^6GS4q7IBC!wp{oh#SU1xL3@DBSbeeou_djcMaOY8sx^!yUrI(TR8`_FqwVH|c
z_DkzJAFkk*)m0i?U(1F-Qf4Qf1-Fe$>5pWq=RB3W5t#lW>aNA}CyMXff>V1_S6Yuo
z&rd*Fl<aSx`zgJ6TIaB@esJ_zn}%VL*+-Y9Ghr{9>^`{Wu9!`W_ukGZmHUu;_)~1<
zkNW2uA-@WD9%;=M7!-v(rQcoDzAHpO5ZxQmU+fvUBC?kCC1U>V#{koUNCxf9K2+_H
z^S5;Cj(hTcdAK+4kNHV8T+KBmeM<am&|T91Zu^?q#Pj-ws@4gNwT)_Ug}6}_GsLPh
z=#<u7zS|c{4AfU*9-IhzW6BQ5DuHB*y=~fPJ-0r_`-A6Gg;e%(EY={SJSku<P(NMo
zP=R{@2XOXTmad4)35TSyM)8b|>(8-BO{kPNiLE-x$@k{S2Xdlc%f4u4BcHMG0qbA5
zxP#x>H{a|T2Tf{J`5a&8WZ!bkeU;HzY3maE!=rHYj8|Y44t@W$X7<y7<OYqgAZUBZ
zS+!%)213PudG|i{|Il)%H8z~PTU&J@Rq<E8jkbz6@$hEiheJlP+(sRUVaYeucX`F{
zgc&@$?haw;Rp0AWPA^{1w>(<rJMyN{L-3%9toRwlny|Yw*~y7xC-cOgKjU>ddn)zK
zLf+H!=(~%+OhMPB!db+{lWHq(rN(h;qnFg~ObA(pcoobfJvgCqx!>#j?dJ~@MtGL}
zgWcbDrM?xeQy+jwxDAJ^r#$jrX*(q}pp_UtGvXtsVJrCho8mh{gJ0@`Uv%g1h@2Ml
zFsmS6{|r;S-4mlj(HacZsNbbursZCKw}oUDT?l@tWW#;bhdgVLm9FQrA_3u6Juh&A
zZD%S!9Ws9S@sY^`^KZ5)r{AU883z2_yppc)?t9&sq`|t!^!V<`&%RH78$~Ar_1?Wn
z8cc1T*?V<)tujJgFQ8HGtpAno@$X6%A1|L%|HRM;q#8)8wJ2vCU#Jn!c@=vp`i+x<
zu2r<@+3t<xY2QL`yy{CM!Is<d29pBid8h6<p0!f@a38aj_-W-XUv{g$dHqM{!=3kg
za|G1htq$LF*FB^SIqBc3*K*e3x4e79>Eh2uOd#=cR->fR=nAT3#_i8;!TrRPM-CUf
z3e^)|hFnm6o#wED7YQ87XTAAd-%G0)lN@}R!*V}s|An*lx|}C}bfYA`$8+UAqwYKA
zq+Q`j&xMJn<ae!a3)}7u+|X6ex#dA$xTIVd@T@lKy2!teWrJ&tqrF8SbE;+UyWrns
zn-ig_>ouyyj(_s?Ctn05QBo??CwHDU%-+eJDr;^T4X|_nsQB#p(Y7-F^2b{@i?o;S
zDZR}zdiO!^kJMnq<<^5gmn>eK`cjM>-^;w5MPC?6pYc_@dt1B2sny7dRQCB+IRjxi
zQUKE`<7gK2T#fgN((vlC{-ybmc;#CT(fU`3#e**oW({3xnnk|<+Ox57O>4pQ?Rens
zOR;*?^HK}XPQKdQ(fC({JGyuLPz6Lw>ao11S-{e-w8o#Mj4INOsk-*FwGoez$7fgF
z?kXtH(@8J2Y<A?Nar<^tX9_)#+0D{p(%IH2`mLhBd2Vt`m9g!oo?Q|&GLNU`+$rzW
ztGE+*g7j?4X+c`nefdw+DQ*1yPmUTp9|z33M~<8xY3k=y`)X30ez?6*P9xFYp(Vug
z&2J^OwlcTWGt-9t4VN8|a*j9V3P*CjcyFG|T5q<ftWuR%XtfSLy&>Dsq5AGPt!RXg
z^n3FD$SM9%+cs5&oYCy$J7cwmpA`SvO=P|j`(nO&wwQdR;F@VwLXE=($V;j5kn#vP
z^ty_KzQ(Xn;Ne`e8y-ukqp>GO?gf?s-HSX4K3X5d?tKh#shyeD(>^wS`RnphQSZwi
zzkDy)-l_b1&Ctd8#M-N{*5K1w)POL?T(%c)waf<AJLaP+NH-8&`K|bpCg<MxV9T)Q
z*LrYZVpU_Yjl8&e^+K>t-nUbP<8i}ICm;XycMZ<<)6lD7C2L%D`FLOExND_E=1&QY
z;UkV$&0ncTmxjJ`W&SvE`Ks-Qi~r6kU&uI}to6_9jq3Nx51_9}!9OG?BrY{4#r|?$
z2_4P=eTck$DT7$%oe>IPw9bW05|M8j%!?v=)$F5XUR=KO#dlrt(P`7@ua_?~hkBd(
zl}~rQdzMxllCbKx>=RVo)*gI^!8*6qesS66x4<p4zrO|ESNqgA)*Pz7X;t5NMz*^8
zPJLs-p=w69e=zdur_iz9ABVgvp19<lz69suW&Sv^XL(m?>%<3TS$k#r&t*cv%Ov08
zAk678>wg#J?PV-)tl#=FlhC>)XRqU%XEtX2<D&crD~f~Ft4|VsUr@2tR<BM1&U^pJ
zuRLyf!#g~G`Kz09WpK&uj%#iJwOI1i`|y~SJxkG1q?YNUXj3=zWrw%RV=F~PU)@C-
zbk$6C{B2w=Z;cvF<F{CW0g#dhUUPRXFZGcNe}!b<F)xA+e78i%CF;4!pZhy8*RO(M
z97(;?W;=HGjkvvxdCIU8RE~C4FP*wQ#dXz}G$8^x6-Bdzx}`Va`Nd=Rlaq6j*WUhW
ziTm+&vMbUhHZJ!;6>8_n`m5O4N5uAL(hjGM-}7x})k?aI=6!2h*!{P3>;COEy`-dv
z`CSps(|M;Sd#2w^Tu%5NwAPZ-pZGHX`TNeJ{&Ua9mui;k#==XDM!aqgCcntuQ=v-k
zU91=gx$-i1$lAv>OSSh-&+S_;a|^9isClY;$rS^)ZCol|J%c#*WG)%it70ZcE|oxY
zLt6(lozdJEqM+W19`2QUNP)^AZ7`oqwL?3XK#`Lb_8_z~Re}HAU{(3J#Y*}367@~6
z$~Yx>D~5hL_k8Rd=+lywJf=&`mZgn5;)BIrrOKfG3r);~+Fs?>QbDXb=30FX#g2U~
zW~(apv-Q#-@?ReF!`71X&j0_Wj`(P?r&4GP-`mK+-%c6;Th||=+OcK16Mp-_+-g6K
z>A(BN7hSkQo66iO7|18rXORlR)b<@vzus;w#of2uUyjR#=N5x7&}uBXUU{K_oJO}i
zdy%=NEQRTRnU3+O=bg`Ej?~y~$X<-GLJwVQ;lF13>fKz&@FUf>b&R}2Z0fw<n+E)b
zpU&@o+LxC{q#&<}N5&wE#G-55i%J5-W7x?ZH4^DuhWhmP@5_SE{=DSnJAV=;d-(o1
zjXu(_j9&jf0ox)57=M2xpI1=a+_>9V<QQhR*{EkqVVc){XL&^*Z~dPDHVn!0@>U}C
z0h;dIeRd!l-Un>y&TFzc;k9uqA2mF-+x+tVHjn9#eD>op`H|0kJf?B-S)9itPCke8
zn2yS4qaKq{`CQavb6D!XIswvyFZBtU=awg}WMVm~vt2%W^q8V%W~ihMNt%$;1cjTm
z<Z+*N;AdwZEtPB?d(39!>sY_XI@a$~Y*2eNOZht1@3D^c%h$1fk9Dkk8SAl%l`mpF
z*0Ay=tj7vgzJT>uzsi@d9;?^P;x(b}|BL7tL#Ck~r650R^LreS_$N>6eH57N9V3rD
zG{537&+AY~zPsi3Iz00$Lh-2MMT$d1kK9$90(u<-D$W7D4l^@*XzY3Qu+fmSZLY_h
z=eAR_3(hlJxfdD@%kHSS*Mj>@Kzb?~r#9Z3vr-#jt6Xa0>iZBe$#opH6oxd1@spRJ
z8H~1Ez@JT!U$cUZ;sxhEN7ucrs;i;6Y1tEX$>oR{j)a014Kk68hm2H86=Z!h9$LeX
z1DYbHl~VYf6Kcc^C5>Q8eleIx7-m?!lUKB`HTw(+y8&1laale(j-5q9E@qF7@WTY>
zAtHqlKc!$dpynDOZ+h{HS$X)yR!pf#ED<&IHAYKs(UF^o!ANZiL-A->3ni_Tm2PM#
z3~6B_X*5Ps_H`?!hoW)z)L1yqU!oGW;>naAOgC$xxE(#qU@w-CSm+HAGolBR$zY3a
zm{zhyYe)uTh8|AGVlA4kyS}mMlG`+xi122@awBaul(O%5sxD~+!<o}Q_XSn~g)0q_
zs3CFSV9{LH1B)sbFJ7U~TC$*G@$8xfy3Wq%CAdV6i{*H-92d#4Uy7ZBa0xDzV|l!t
z!A*kY$tjX2r%0ZhB6)I(6v^?)6EBaTU!HisJn?>c;{6K0<%##p6YrNN-Y-wQU!His
zJn`~GPL><XlP*uWJmK<mE2^-(5ap?pQlEy$Yk1qnNp;E!Mh#bomlCcfjaYo0k<%Y?
zx1pdZc}Bo=-dU7uNk>fgHDPFT9yCkIJxC`bVhrQas4%Lz9VDW`hzVbXt7+5aj^EAi
zHfS)cP!sFwL-A<TU=tt146BV@&sYkByI|x_=K%!h8ftUxl)hjTW{i}#da#E9AIh^2
z^@x|9Tgzp00l^?U-V0b9@7Z{hYemL#Z?l|HHa9@G345H4WD0vI$9WJA&u2SBQ_^|;
z+pI<9^DFhr1v8!1csLc$Jmxub#e(wrvnw=RuUfD~udIe?^~^<@t}mWn!5vl2tC>+g
zPp_FZtG05nzPNnGyh<J8CQl=Kx{KZ8oq3wm(6Udn%u2>%v*O8E(9$w@*3`16Cd7Jg
zShyX>c|JGLGB1*{*jvf6p0Rg~1zIYbLwapX$}(c?-Wcjp=JDm6jMV}yGb7n3u$S>@
z4N1c&E329}dq#y`R9IA4k}<Or<9On}hr)>fd$7j#DEqia=51=uJI+#8(hS8CqQ`vN
zVFY8&L)AH1r_WwIU(Zge7SFG+r&NobXCVVE&VxS8d-j~qA|qwRlZa%ddfTy0#^Y9Q
zeMXf*b;-VdDQX0h%Z%WfMMgu)&ho`gc8#lbHg%Sm&V<ScR~fmTm7Qp3?KIP9&}W+w
zSfERk)C|4Sw2b5;Ba}|2BI}HbU^J=)T4p&@JG;E?OpNKXl7^u*IQJt-GBCzoc;<S~
zTp$_@8Rg-yU6#SH#7Ry)!(B6y`@J$X2h&5N*)q(q7HFC6Jov1ahr=w%u6kacTC#Xn
zX)X72MvG;noXXEoxfyoqlKb{D(?~`_2z6P+YO-rw#;H@pwC3f+xi&Y>M&|uS7Jsq>
zEy}Jg%YsR>ve}M?KGWct$P!~`KJ%8Y!CZxB`>`O-Zt}y|TEl{~Y}zXHnMO2Yo{Txp
zvv0=>w9Jc}jVycE17SS7!|4R6%INsT6;dXoMUhZbMLd=W<}`s|ILtdxEzn}eh`&9-
zUSx<#3>)^c#BQ)r!=xPn3O(~Q7>X&IRJ;AJ;q{XB*wU8G`mIH2(~86lSI3pIf}u6p
zN~U~zFPq;eZ`~aW)^xHRQ<c~;i4UwHF0O|-au#}aZX`oZNtzwDyO~BJX@s2j;@K67
zWwCw1{lG;ql`@i+-VlsLbFwu1nnBjX*wLCv3J`@NLLoc(%Wd?ExM>9=W-8M`@?^%0
zSjw<y@b353VQ&b%&Z114uyZ=60K~CRTFAMT5YwGNOHHkwG84&&X*JjpwF_s4UGmjN
z(#UPQnK4XwMc%B4$)3@++fKFx!(u_)RWqF)R7aztS&(giDOUqb!b7&ywcWcc?SJeH
z%^A{QQ=Z~}$y(=(cs!czYN`y&d7P5vvorYcA-~*d?{@8zkDY7NM%u{fk~6K->Dp!m
zqbZ}-c>{~4>y0r!Bh~dx4Pnhi+81l$=w}altajI|Gm`eijMZ>V5oQ`uUe!X0mTZLm
z#iTAM`UH$%i;P&%p4K~|w<HXGemop$h!|n!i}P*~nR9U<Pz?dHYKdx$GN@s1D+mjN
zC7NKSfSoEJ1kn&pr<&|Mck+Ti4m;P3uQ#iMsU~~4pJxQu8FaWuw6iVI=~dlf3#rVs
z>e^@|l$pd;36r=$i@r27LF3tCJ7<#x=`4cv){04N?v%=zO=ZXYnT9R)xbM`u1#y#C
zy4<x*ES@y@WBZxt%}y;&rkyJ56#2Y(d`&u$t<+3dy`E>RGoo~yMHch;@PQD`SWK}U
zLpwBg4BZvQy%wc|FVCn%Fp{bFnej$<p19_1B0C_>PVvqvoUK7i%v7Y&G{R0z%J|gm
z%zJ_<1FoIPPt1tfi+I}Ch!ZaEb9TCfxwUd(QdOZ>nwU+`c8*-xUHR@I(vDWZ=?Ltm
zG0QGMvZSfaojlIAoW{$ooH5Q6Y@N(<%2en<YK1YG-1hIPE4Ar*_7(^%fUJ1J4l`(F
z)+Bs#!3X7>Le9Q%OBhvL(O#T=5P=<u=#iB3&K!PB?Bo{nc%5sQ4zyGR6RC8jXBFEB
z&q=-z<hE6Y6~Jp~8l0u8Y_?&K6g)F>%Ye_UohY#<4Kq>7jy6vB;w-Hc3#)7!GDA)j
zGb@X*(VVkL$jw>)Mz%mpMdrLITPY=z@|0`NPS+;xgz_x2rzi8>vlF|JaWy9l{(_58
zbI_jdI(46P2a(KDP23cbwHem^2G~rJzwy>yvIOF(8Z+8bo@`9Hu2jYnR!eTA*n61V
zUBnWT&7D~}FEQ)mX)`=89tuW<>9Mm2TOE&>e2(B`tX7z6iCMvVtuSRJnKtqN%(!I~
zHk#?e`g9~3o)`&h&bKDJzbp*5n5mW+Q!B}?@TI-`i=Na9lSVXX8{)r2)Y1x_oGY~K
zUaQbqOB5#K;h+`N3XLWlQ8a~<*>B7RJF8$W`2V&m+vCDy+=)&w771yEjd9EQ!$M;|
z*QZiiVJIGRp13az8};c%J(vudjYf)pjhGGb%%%GJq_K{FbDkK+|4xd5<01YpeEJ{w
z9E;yb@5_G=rLU+b=KN+V`CSH0)Bg4S_i^sNuCJ)S#P59c<G;sBf5%JHw8LHD`}&KT
zH#8e=AD4UnJKJUOo4YR?De6aq$?sp$--XmP?R!`JPc9JkK@$JIM3-oq_MOZ9-U*`m
zG<p2_CyZ;{{lHU2%^xn$Kc0RQ?q~4d&nOdh$Kb5{VG{Svh}R*RA1)MibT8$fBJT48
zqP7ka?emCULfp5n6!nyi{iW_Rzq>}<^WSacdRQ;<zZ&lQW`1y}zo3uJAisx3+}}jp
z^WOpHdeNcY;kOg_zB2|0ns*NQJ!9g2r}OK>+4_->-zUz$c!1P?Akil^O&jcTUjX+7
z2k8C<#Gkw8znkpq#XbMLj<VzK`R^;2!hKgCG2aG~da##-Kkx>GdnwcXy~O`r;y&}c
z%&klV1H9dTOx)Mq${f^fVA?&zyZ-zYesTBw_oB--GhN<``@bW6AK~2nBu(D`as67-
zC)%Gl-23`^_n(LLk-NX^4(9&;O^15AAEt0W>jd@#(qD}84*vv&`)M<n`{b<tp6)00
zk>}s8P3#vUuYSTi|ISc^Uvf4pxaC_1dxl@BaDUxf$Fb`8eP2)aLf_@CCvUNly8u6o
zX8U%0zuf-+Fn8T|kBg-zvEMm8-#h=0R=6*^ow={=<L&<c0RRC1{{a91|Nq!R2|-Aq
FB>;0X$(;ZI

literal 718197
zcmZU3cRZWl8@4^F#3)*`v`VXJYwxW!N|(KBi&=Yys;WI})hLRp1V!wTQmblLY(i{8
zjM$R*@%_E;U$2i(<lN^z*L~gd!~=IM717lf31Pc6$mos!c~2{az4r^xVKuByOpL>e
z$8t$uzp|_H=@~nHdPMc-e&$QD*No4)qj^D^zE8FSo&-JkQMzCD@1@SjW^^s76Cc-T
ze9?P;wKqpWuyc!`qip7bpnS#otw2I_Ma3c>x@!>>GSM_K4R-gak&p<D$<TfJPsDxy
zcEQNe=bKL-&x?77X)~$wegZ}FUOuxN-i%(W%<bFB{|!=H_oO&`PKWMT6FoR|%fIkc
z`f-a@p_o5<h96?auJUZ%TS}1Hd>wE6I42<1TX8U!lm93BTjWmuICSfu-W^%9A$%gX
z!|3Ary`6k#?t2$bngt64$KPjNLnjiyF|Xx!78Ql=yY>?BUE9gV+rfEf#o2Jf%YU92
z49TfV@4s7Keer(wZkHSK{oU;HHX8Vg!AIbkTlm*y6^cBzq+6`qQcpgu$Nl=IT8g@V
zreu@$vQlJS>AmkJ?qe=b>U))FLy`@ZxPp|ChRj;<0=?;U)`#^FZ*$sIZ@!__HR|$2
zLUqm18WoQSy~-ado-e>RHIJ#0u{6&zvr6xlSpBV_*pRm82dVVcvGn^2Jj<%xf>b=*
z3@QqIAA)tMPC-1&G%CGZD!mFSpCagAX;Phz^KZDW?VTmCrx-wF+vVKsiwW8_x*<Oy
zt`m2f{&f8^Jj%UreIMf5XxQ9%(E2{lvE~Op*y!(<8byWENU`0EZksQl6BaJH7tP0*
zr_R~#uI+XZY{X%)YxC4S0>^HeL+)X=&(T6FS4bd!k=5clWciP2>pS0v5Jbx2#KxgW
zZu+4`jcw&=0lHn-^4Q?4IJw^N!UK6e|Ia*1<S=pe(8Fi`l!s3;Vl{q~Q8q+xe35J>
z>!NMt^B4<V>x^Ab%naD_nfb-;U%Gr3*I@j{x5<C8r3o;uQ?KTWNIh4nqw!JdgL;>Z
zRBnZa*ZYn=-T&r_4P_M$1}5r$kNy(5usro1`?_+2fGgD73XbsGx(Er`n%z)V94+_R
znFvoBgkeSEU|TamDDF*@wW#U3K?gsV%NBW_1Hzg3plZ9%vB&)Gbp7CQz<NF#2$v6D
z2$YQqx>>0xw;trbPUv?vSsMyiUmKEN-wpf@fkg#=it?OVDZn#*^Vz|A%(LhPEENzY
zf^PN@fpFh~dI@fAuwzICWjiRqamWpH*2*<#x>&%?b&zB@F%2J-1fb-(PDHs@-G4?M
z>Fg)fCv$Dy+T`J8@&8WH2c3Cwo$>tXY=EGZA?;DVy11{9p-!nI?4yKO9BiWfkLo2P
z(2-EdbwUTa<leQGe~25_&5iPT7aJ9<ux8z|FXyrJYxe~Rx5jSjPB`a6F79z{ZY=UZ
z>VnpXZi6tv<D`VX&Hz`g{cjze{&V|PgM{^hyt|--V{s6Are9TdOdi|EHMoT?2z3V?
zIL1?6GI0%pkB5hNxVpCrqt12%zAN^qw!;pG@xEO9rLj@Ip{wDNK~nD3QClMxpa4dc
zwVB27qg@$))N6Sx5ojV=QvPtw1$4QvWZjZ2UkmvZ6{rz73|T8s%;j1gp$6dyDC^+F
zp!Iwz(AM%35V~zpRd!46gl(CJ`-j}&niL2_$cQ=^<o$5yDg=?MT?+u=^p1w}*W`2j
z@}h#db_y0;FzZrv{M1wP4T@GRf(0$4eTvKY!=mgBPU)SqBhDoE{HPWt^yj#zd^`~2
zTvpel^VWDAWa6`Vk56y(Egb1&$m!})T<LA@;vLdkes}M1cQ&}FS+vrhnsigv9Q~{I
zU44QV0PDT~fT70OP29I!R%ZF9w`YGj#SpNrPqx)*6j~j~5%M#S=tyai2bp)<*8(T~
zM+=E3L*iff%-P^lE33Ffd=b}?dDX%H^bGS8Yl}m;lzP1=>euc$ylICL#vN$pw_BL?
z9u1zIzJ}w+dk>7y^Ix7@^X&(An;OYW|26#7q-PL9eVWv<&;NiXz|=sGU1F!8v3Kan
zyebUx^IXc!2D2CRr#1Jr@g@1K-s2~3b~sA;=vhQV$60CkxT2mpzp*@Xe-fnp?Clz@
zd2FzFxq~?SF-LlSqz-rIrsW~kzQZkog)4z=xz$*H;k@eTp*6<(RKn1ezue(*xx>S9
zeh2b>3uqqSX29AVMZ}>o6#v2i!i%;y&~t4&m)m#1Ng1i`yq=JUL#pR`Mt*gd_e^Xz
zeXq!WNKlOo3^oq>lipCtpICEoEc+>|<-^LFfB}T~iwHUsPwtazyq>qVP<7yD8D<t@
zag;ut_cU3=?y@CzJQe#PDCojU{%|A@{o|MuD*w`DHtI=e#Hp6i>ip2%$DW$@z6Nje
z`0h`nWIkgYs~Hu#`&e9FF!yfvKvrJn+d**=&7qo1uQi?goa9`)ywqB$&Nw?*#@%~s
z{3F*=o{So1X}<0F^ZVA6@#<8%8Mr#~E;J`C%^|PRzf5{6Masc0A?q&GcH~VB-}Ku)
zK59XmgH$G)ztWAX%XhT{eUW!G8;v)NwH=k++<4<lY}f4X8E2*-8NYn_lG{%PP0Ew%
z&Phv7&i$Kf^KNMtD&45r*Z=0{R7#G9!96?syV;^+LM&cxZ)2o8T^`r$8?VY~`&LZB
zJ~p)6|7#x8&ChRV`(4UU%gwhW(Cxb{|9wflayGsC*&I7h#i{Gl?@W|kLaU{tOdQBX
zQ&VA$jUF<FFPB_uB4r+nAZPzdn7%zoMOVM7xs{n?t@~%3O<GW1+V!2Uz3!`ufLFf0
z6q-iT()am?vaNM<tSyuo4Z6San>zA&vUsgpQrOq=u|5qqY`o1${X@&r1>Qg#RsL%%
z^<kgWs$5FdJ6)3s>HBtde0^_AKBs>8>}d>mp<6NacF<?B;iiGBnZ2%WMP#K{-PDrI
z-r@EQd!jGp1!eX$t`FSr_UC-bgWfYKjC%icRLIH0>TQQswpsMv)KouI`p3adFN!U0
zft<YDl)UVUgy%~S!RdVRW8<VAWWK`FR&G_%d#fv}*9~jXV+U_A9N+}-iw3f>?PfZy
zxMFk3{v4Nq0c}e+`yapky++^FJaam?ul!q+DH^%DGM2q+U(D}Nn#pARewf0}K}hpk
zqfYzcjgbJLHljZbYGpll@bCE3cVqBT<)?waKcUOskJ?2Cvih>5VXL?Qjz~8e_;`L@
zO#2om=lavC=l9A>W+B7!JUd-2<Gv;v=d*WS27*o+n89bG-6Y#;YXbv+v@KKYbgfIi
zJFmX;a&y)=x+ckInmhSYht}q|mPeBREll}Tz()DsXgA~1!O~mEzg?@dzZ;-8yxI(E
ze2MPL3jOxITfJw^d{-gub1Sd5)*o%JezV>^G8)N#2ivhfCCm5he%vS9`u*+OvR!n_
zEe!*V#<bPM+f9WQlaLy7ngegIdzgT_l2J#Q`ra}cflF`GBUESnG9SMkPnE5RsDo4g
zZE>-ooG($}g}+nL0mjme8^-Bx+;EA-xsp!BT{%&lbb{gO@hy@+;|6}Mr`^a2gFN0a
zG5BX<W%p-vb1CNS-$T`MlBj!+9qdBi-m6gB2#C(o+%S$ti7_bDYUqg9=!Xftx-e=U
zjFe6f)0TruI<M;Gxz&BME3IO%C)U<DW~m;@k?YF-eBF>v9OC5T8Bha@6{7O6?#Ub7
zHy+S6Y=7GpR?26uz4T7PjQ81JCfT?x^`-~QQ1AGnVYk0Z_f`%*?&yws+WcB=^X>BL
z7pdWUEHBvO{E~gdxnQeWb}lC?x0z8rAl=OCm3^VKV5E8B+~7ub2lXw@zSZ>`P1{2f
zicaDVd}E(Q`%}{LiYw&3YFHdhYhEqYq^3Uc&^X{na2g7h4l||*u~)6Ctu1HPG+cJO
zNIov1l~vaAtrkx;*jl`?!wb?_G_md*EEw+)z7Ep<^Gxs0!3#T!cds;FRg|j0Q}LA=
zjcPE7Yj?9WrKN#Mfgf^yGeEF*wRrV${4Z@xlW(+sS<b3X-MC8Xs)(GtU{}ugHOu6@
zx0>gI7CB&DlOw~NoV3rmpYw9k_9l1*b!mhy?XxzjQ{E0n!d^FZ!E39?yK=IhJ=QEf
zf0*J-kzXeGZcM0xYcw5W7Fv{@4VGvg73<1YWgK^ZL&f>Uy`V4CY4ES8>8w_|eW^oP
zn1y>LV{fWK&G=u=FIlZQ^TKymR<gW=qRTWlZgH)8I0t?_6;WS>E^ptM_=n$;Y8<#Q
zh=FUJsu;oo(r2%Gr9U#1)8!4d*?sRV^tTWVko}T7=WP5+>)IC$7<1Lsh!#V?|4%aH
zbytJpG2A!(Xc?P#DWhI<fz#QkD)s1CSXr6<amt&(wY1EvTyQtop9}M(X{^6y*?vT?
zzU}!y)oO8a++mkA%j5-UsGo~V3vGKgck_w3g4^iw@8r%-jpjB^X*siCnf38Me$LA{
z!alo{1y`0~xr|8S(?9|U9&`zEAS_Iu7*?DURuo05ONx&E`X0oJzzgJGc4WeXnn12=
zB?-SV$65c@V&L1S+8+@0qFj6);`i+R+Sd74Xj*bS6~i+gaS32^U^gkLgJsb?Bp_Ry
z8nv7?O?RvuR_v!d6wk5O0>uZ9OxVZKknLFE(x_U(#$VsV3Y3VjN?8XtBjV$BZ_M;f
zzvejt9c<D2lcM$CUP5!nN!;I_nS}R?*gT|>TZkS)$CatHJ#NiMjAbgkL5b^d^I+##
zUn*Ln#&z1Cp%{F=i_rTsk7ZD`<ZSp|oBegjOj4Qj(o(1{bpxz+Dg93}I%lJgk;gqt
z;TcLcOF<2_k}<g(el1vbjGw9{d&BE@V5Wj4iVq6;LvGQ1I72?~L5!pO$yHLx=ucH{
z$>L8uCiw~DfIBay4(L4$C#keLqY7Vp6q43ER1}(g#pyYUTE~(XtFB{t4|{L5UIlfK
z6<UuV&1%z-6B(Ph*0Qa4l$z)5C;YheC5rapf(jW|*I@z4kTs5<O78u}8cj>wc)kes
zMG4@>uUr4zS^cTTc5nDo_pdz&r+gd&N7UDx&fLZ-mAEsW=+@!MgniaRb-3?hozp=t
zNhF`N-o+{k7Xc(bY<Q7b3{C^_EqUh~!r)Imw#(vAIwnh&H*^Rm$;h%`nF&aT5&A#i
z@;5HY^13%c%>J}vPpMks1{O|9D(%nIN%Ds_{};<ofxhz7_dO`b45`fC;tXkmCC4VH
z%<K>9HBrnudQU!_c3n_V2lJ0bQMG&=7Xh*l#8NJ8#UTOFp9KWd&ZR9aHfN)rX0~@4
zO%E_Jq;82G7olkh+h8Zl`&vQBQkj1e@)e;vj<ZBb>u~d7O<fd(8U5MDN~728w)CPA
ztdB#o5O(SA%mAmuW^&=jA@K;N%r*lQgN|PHhrrBv0jy=#0)6<?$06SlV53WFl0>Vs
zQ<C<+%^_BQfiYI93z@P17fDjUyxgaaa`KAy4kRR;@<~W4qBTq5k*N{kswQMg5*Ztk
zH~2tjV&P0BLktZa7wOb3nyu~FuM0w0iV{Dn3oamyX7+(o5%ZaMpah*=eypqx_X8|j
zNh0<ukUHlQ%ez>CI*0(h|L4H=dsqtJ%jvAKvrF?x#KF{=fe?01$MO!g40`z-sGh+6
zZ;wR&UA80qejIm^h$M|eD3NC&-tQ4bMnUg@1Rh@H;_|gH_6e>{AH}eJw(ehzJKuQ_
zZuk?Y#uD;4B*NbU8QN}UZI-F<0u{O)$eKKJb`T{Ho~S<o2`_ydlHGe1)!5879TX1~
z@_<Ysf5R^p<1kUl7S8`D1coR#KG)2v!ixgcs1Lp534ke9QZb(dm*~;^lZ_1>fBjzo
zKVfXoFeIRt`B7BC5lwiS{{pCx0_2aY_wYFhzl%I|Efu;@p`Fp63=Byt#;r-GAj&5L
zQ|z5C8($<K>?9WY$>x9Ot)<aiBmw7J!Z$ccK-LF84S=TTC-KX%-)h%4B8;yA9c8~|
z3M4U8K?N1QdB6>{9uQ6nUx>+V?1K^!27fB{%3Kn^M<J1js46^^<;1O|l3`|O)1A?u
zd@OZEWxo0>f~+ldLzOHKaiP_33dzg5jdj~RYj44=)t{1xyghptp7Hq7H(ccH>4wq#
znHTCo_^t!4AJ9yg2Kp*JKUDAo&N5{1A$AUm2YUPaP%3$whB<*eulvwxDIlxOR()%z
zub&JL)G<}C0?<|s+(0|Xg>Qh#h0C`fZB-RNhA`ywh>AoWlEk-XFT(k&_MZP2O;-Pk
zCc^&;a`x#Qfky5FFrwsC0c@^s3JWX^8BO@Ldi+7;y>Qvd3tF@LaWrF;)N*M!y?=j@
z`Ssc)3$O|T3BOMM9c1TzyNlh{5T?KDEGzW*4-z7bqTg}|1sI67KEz&2SM1jBI2$?)
zC2@b1PXM}d;|>`<{K_``%!@mG!5Z_w#-?gf28{1mom~qTd38)6Sr|AJCt2t_YyYpY
z^BB+aae7Gzzb7G|5Ps!D1oF1r4JI;+0tEm_dhBXc#k)85W`#B*SbtuIsiOEchYHAq
zMcb<pG?{J6DCzCc-|p}#I?=1%p29s=`LDS>6zdd??_$MpYtg`DN1Og{R3e9vQP;wU
z9M0xQDy=VH*EHes-I3QW<k&6uYyVfBvc?KgRB|yJs^ocpR&CxR?qr6xA%=czwIfus
z+LTbtF2VKx3+QZOy!&TFL}r@_$_|SESZYc*bxK7n*kM3scXBc|fa=KIC?a#S4b()H
zPWl&9=R68YK=4Ue*a37DS%q2s#rx~$NZhRgqrN*_8Vh=4ZP<kyK5F%ZUGc~VDs$mQ
zvS`Q$ME}%9_J7^JtZeyzYcu-n!V*P?TifP39RFW1Ex#!c7_KUl#1EedB;Z811jOJ^
zXIlB~JrbgKTN(P)oIqnjkdF!uA9@L7K*R><v;1F&bii#I@)=QIb`A+=eH0RL)lBQh
zaR3D%n4Av@+GKg2DKJqI(DZNQt?-FzBbL(#5(F}ZnoqFUt=ZG$g{iaq*zXS{KxA#}
zH)RtMoZH-AZ_$tszSTs9wlD2I8esMR$8(H+gO>$60A>ii(|53N{z<8rwbsJ<XH5sf
z(9j};Y7v$@ft<SKRMIz>5hwown9TQ~p_(XV>Pb*68J>Tvl)6PH5eJM{ma7Z5gB>SM
z;!dD!-l3Y^73g1hYs~?%I#5EzwmBRaEe};+-0)AJo*BD~g!EoYdCrcJ>1G0nGn{P5
zppx5s(9ar9S>-u<AFICo+>|bS!Tz9D3q=>XQh?BV)cSC9x7r=qe86pV9!~;tw#o;_
z1TN}RpaCQep=b|elH4!TJskL;Aog<Mw*omndYVw!mWOLc)IYh@1?IRPRf}Z*%!BZ#
z>VP-RZMcBDG;#&B=adC}u%SCe2(L-S-dqvvB2-?Q#Qo%>IX4;Ca@RgEH7754C3y6H
zOohHiVc%bG%A;vX?{Xp$q3Xu>vHGuD1M%bX`hxp{xSVVeb@NyQRfl4kPI$Qw*&kqU
zmL$>xg8>+y9AhGk4V}G6)vJLUjfgNh_q%q%P*O?nzs_@vHwfSzV+W>1C`7z>K9K9<
zr?a;0Kx=n-5MTH?GfIku>O#}!lC>cMxIX1H%#X>q{@@F0RZ)qeKy`Q-5h(BRx)-$>
zzQVXC)UWwd^@K=s{n<<4NJROA5}tYn-|pc{0Im3w^h9|EEA&Kp1vB*Ud&$M4A9D;X
zp4>=S^D<lVC+=DEZ25quk+$gGQ%lJ3lFLHRNay|8%jFnC`IGn5NVR=IPjUEpTxcd3
zdR~Yp7<$R&qs2KOF=#l4Wv6ErI+DX3<xk!7Mam8BkK$c+oeB~#59s&g%&+HIgU~3Z
zp)cAgKcS=uB`E?4?u!TM=!<hTCaL-KA=3o*)0UM65THo7dU5Yr6Y7!02K4WVoB;A@
zK%u<@5cLCEQUr_4T#kjlD~&w>9Ur1Zm#}bkU||V>G`~8a2w*Jq1ES`A0AnC{{+(PH
z`mQEAoI~PW3wzI{)O_v`B%%H9nqp7T{^`)3MKIp0MKT|FZrcfn7ElNI0JYDIQlW}~
zY;D1z_7nQ@<YMi_0nn4n1db9SfS2PnK#%lF?sX;q0Ei&Jf%BAm0OT(~6ijt>-14Dm
z*B--_MjD_Ib+ws%wRr>B<Q@R@=jLTwjL;W~G@|c<uLD9z7@+qQ3+Vm4(&GR`3%>xp
zo&!MiN`WA)5Pqd_MV#^!u&xG(xViv^qN~+iV1=i?GJLFV$C0=KaC{BO{jXs1y8$i1
zD=pP4K6wC4dk-Kgy+Vdu0p0@SEpdQ+Xc;(Yxqq4u-6Oj~e00U)O4s4afvGEEbbyGE
zbESJ_#PkaG&XrsNkVCF~RlG9CeHA5|t0)-)n-|moSlcIHlm7~*3lPag0;?}qr`xYy
z7y*U6tAk@#t1EZguJ|}yu>&4-d*whP^_hAWRt^-^(T!Kf6M<b*0Kefg@J8gyn&6c+
ztt-}7R4lJTV|e9Z=@nuua3+}PO5P91|05=PCE^4`3%!8o^c?;!!SE{lya0s7RgvUh
zIY@bh8hC|De0sjMTiM=@$DjTGZwNcu4_a)~wm(MV0(qHbA5xqq<aI=79MNl2E55Ge
z*CKe~0^e>jsi)z^KFS_7nW(=^!}B{ri#)}D_c(5=+fe>~>a_hFeeDxy*hmkJp@%5j
z1dhEnq}b~bb5li=eDWK~oTnRKQEG|k)?gEP@6R3|;+R9Ur@>ZV<ay&ayW?zLcL9B6
zktZb^rE*J5cbnKzgj7a1r<2ZY3oRR_cy<%Vmdx%@6!%h(<1F=ss$6V$?k~mPV~)Yx
zCsF>4@y%h7Pdy`(+`vvsw>hvA;lx3N=h@LlD`7#Ner$fE1bV*`Pd{KG%XUmepbr{p
z;6I6KIE~5sh9e=+TNZh`V?lfBY{$feW5?i+-O7L|Cb2dEFgUI|1OR;MGz$V2Vcoxg
z9TCS_VCUj-JSAY)Z^ZvLK!P$}6`}Zh#!-&yLbWBiI|4Yv?kGnFEE2j^fknBa-1Q69
z9BuR>08lK(MU3C=I2n_=0pQ$>?*xw4ILa{s{NuZefJLgK92>Am=)TfU7ULqt^Kj{)
zDS@33Ck|r3GhOsgU}sQ_ixSV{_7uH`;(jZ_rU!T?X^Bj&eFiuq&ZbC(=V^O}jz$sa
z;uPbrVEG+6Xz@G>8fZ=6aFJNvbzq@{z6ofviY1T}=pj1j`@oL5Sl%@}&%Ck?5bBor
zZcjiIFP29Eh?LM#0L+#n2MEt&p^n}FcFfp@0J9>+dpg*K>u5bR8GvRZ7JBo)EY$$o
zV~%p{z#_Wa3s|5X<ye75O7{V<h;X`~0<s_yzZL=c)I4_b63CAOn<8KcaH$6fnuVAJ
zkVdz*Z~RU)z;eRzg6t&fgg2h)7s2%=giQoUUH(^3MnHBmo)y4I9F@BDUzV=C5OH*&
z_|K&`03%^G5n=-U?pIGXAXn`1V^`^MY5}6(65ieapG!GFSOJ%G01m?OSG={Ia%k~i
ztS+2#far(Db?d!{d~z6(x}qQ79RL{66s!AR-2uVk(nPNSqF-VbSJ}}<2me=hm1I|S
zxA)+`x>F>_^BfiKIRlHD*LtIQ06EK|JvM-xI$I?<p&qbg26(HWjCKI5_c*rD0j{KV
zM*^^<V#0u{5M}gRK)XjQlm*}&+r0%iA?s*H0^~)*h8^(hPP`;QNOE|R4shiudJTXn
zcQgao4HoYm05HX3p~M%GK-o0_r3jRrB|vYea8CmO6=QP;Ea(;P*#iqHHg_OciQo3L
zQSC2Z7OwrCa{C)%R2{Xu>2!O4cZ@pO#ZtSAu3WQZOW$Quy6mLd?yKnSd0#wD6DGwa
zYUN-chS62lXuDUD=l)pqxWLrr3jdcIeBB1;lO5~ipKGU^t$Xgyz#6UNLH+T^HzM5#
zC0a+=BKhlT)tsN|&68X#`zz;Pr@f7`P2@YByIcH#EtG<9>TNU}1gkMjEtI<CE51gb
zQ(~T4sKy#vp6hIpgJ~b}Lc2)v%?yortqvyq)c@n<zDV6!y!UZt?eJgf_)T`-3KVp3
zRI}PVu3o%*W^+YQ@)xE5O*KIXA-z!Q{F!fOyjP&g5bxBTWyDNvJWCOD_9I<@T(?2<
zqd?`uj&=SAMQbCk7h>~7kFB#RqEh4+^g>IcL(!I|rTnj~Yu;i6rmpumeU*CHnsfQ>
z=Xm;j%G?VTb^|v2h?#srDK+^0^wti8$`a<1^7wJmM%UUy1<x3T2HldmS8Sm;C;0-}
zdWi>GIT(8Qi4Z4!r;vK|Ynk^0{xd?SLmHce>J?Sz9~%`9B$!8j$Iindrh~m$M)Ra^
zxR+;WUDmK{MqgOdz_Z)`@@bkq)0_O1(o?o9o%T#vQ%)q{lh)|VQALTrJfF{Wm-~Ch
z_N5+5{+<$+mK__EWDXLHQJImcefg3rcH+#iT2EZdmw<P`sj-=Alt#ikA?wkd3FFf1
z>jTM@@@mg=Ft-P$l=|Fm`mr>7?Fro!kKma2Ca_m$lKmiY*w!gJPkT)5LCXz+sm^mB
zN&3b;3C=2O)<J}M47}79)Xwy5tkyz7GuGwvjpNE7<ENi&L6y4{b}6tY65G`m+&^xb
zIz0#-jip~x?&E3`8CF^sXn7RBTCH$1FqB6={STcrU-Klj!7u7IiUIG3f#IBrObL}A
z3aLF#CXj9^^1;-CisLGjM~`X;8lP214TZ^o`bl?2TkuVj)|WgI+h&t1laGqspb1G*
z=N5PJ-U<kSdgZ@3iDYRB)3?<={~F#qH2d~5bo;fTdQ{-{Zb@Ot2l`WzLE+bXPd_A0
zR`mlGe264A#-)6SA2aKXGVnrFMMt<4qCSHn?~VPcjvE;~wj!!q4ajsljfJP=5mWFk
zIKMF+?URly@u|&u|GY{;Ns#tyjc>TO5vYCYn+%=o#x@JPFI~H6**~YS-Q`f|`@EF7
zD!75(()IyK@hG;?I7!}`E?~~JX)w6-Sr@-hTgqr&g+l4_T7_WD8!4VlqmW$He=-F$
zhrd!<RjX|IQ-tnKQfa3ra2>SD5t<5hL<}CbdB#NR>Z#|w<1BS}>WbqaFZ4=h@YIU3
z+WP80LoU58BdoDVY;J92(>d6;CuPyKTPJXBR!J+8lGMg!AMMhi#;=mDSE~J1%sive
zRT5~cdVQ_Pj8*MA>0ipP%J`(T9^^7T)GRKKxO3Mu*yGd1n2>rh(_|G(>zevAvwis{
z1xQeYy@QU&?HeuI>Q9fu-mu{>iUND*A>vj+$Up|hlHSV4joiI6LFM~)I(V^EOZ5Pj
zRCeY0<sTvUQirVe6~8L`tx&oTZ~toCZ`PKNDT~N#Vier<R(&r1dL&WUlmA|uMdI7Q
z=QC^1Yt9aRd?d1B>KYFXSBu(GHYA4`We;smG!2gE1pD9G@w{?6u{N-Gu&epn%>=w(
zgDz_tFfOV;Yr$j#wDb)2sRTD@ajta2om~(n!33+W7`oX0pABKmel}fjsJ|qOL-o?C
zpiv8VO#8KYUDh!T>B^VQ&s=QPWq&$`79k%GtyBGUr>h7nKje`)H7GMqEs8ks{&>Jq
z(#dugVpu7#H*DIKAT?v%pZQ4rsBy4HHN7nb!~3temwWbK%w5ysV)LBQL7DL>J_+dK
z!5wDbR}Y@QSaQiNUa~<}`Ok>F({3%4qWqW}M+^40@1XqK?KQfXX?4dsb`1D&LTl<;
z!C6syVDIB``!O^3$EY{u5tpCJPI%AfpXqe9$*7dDT1qe{zIPwYiYZ!T?|LK0)aLZ<
zpz)4{TgKQmjJE`{U`e47XG!?oDWP94tB07?%V@?JmI}gs`eF(_>~8Qi-0}aXW>f4I
zXYxuiZR{VeKs!8l@U?6~E7@EkVwInnTa=j+!F*H|oF-AqnR@QIuSBL3T1385`QkK^
zC5>IWk(=ZmA-qrY`^9bZ<;7}?DV54r+`d_iBIzv8<eQ88D4P9<8@psKPndVfe)RIB
zwT+U1XM+0-IxAfdP)kBnJDNjg@8y%{ET0<oEZL+hThlqY)RZ}D-?*qrA?3I7^I6cD
zrQ>KX6o}N<nu`%oSsro|&<b|a@aS2e!%*`O3J&sxnTzp}2UZcxtCQfbU=`ce!Vl7g
zlE2xX9exx(E4*W{&=FfeKA_M~y1C9JxAYxe^iAqp$GukEgiPSXJE?m&Ll<QJGWagP
z(D5MRV6|l94z^T2@YwpcbSJ&xWHb$hXw|<RQ$Ma*j1O`cuCe$eA|97r%D=xT7{gc+
ztXwa>S9ego_r#*;bvMJ(_Umj@PW|DfniklB*CdsChWAL>^U394L7im3QJ30V3El;l
zOOKel;)=$M9>nKVo9Hd;XM8;rf*&fw#Xh9tx7fZ6F!hYwVv0S_v99!aOy9V~#^Llj
zk%N|z_p`=eUO9g?ouCDj1?0v2baY8nSAeUM1!UFbOL!5Z)k!%V;;~U>Ub-HpPFLXI
z;#qhwh+a>hynenY&i*!Hx@%r!Dqq5+n^|ry!)Utyb;T&N7WXy>|CG(;-Sb(cGO?!x
znv3kdYV&33M``V^+c9Jvqa5lMn`&yi%6DZ4QJx@1-YvEp>aRFT3JXA^c8gm{O`pBH
z@9*#Qqn6bzSHE>eeAq5h<!Mjgn{w`hKT|mpGJ^ln7Vb#daMq+1I(=9-Woi+_r}{6Y
zwbu4hK1x{^!N?6?#yoqr%@02O_UOIQZmOcUvuRJA4Yg-N@;2V$9_gG^?)Ec9-XR|e
zdTFBci_Z&BcP}qIRhG2RxigFTM}km1O(6o%Y0JTn`lc2k<nB35+DE<Lbt!lu(oq$M
zAE|Q-7}EXMp7rezf*o%Dba1HI%D;|-u($ewknKk05GvRLS3nZ-bG%Pq?pI;3)!{tp
zckZ%{-Rs05Rr%q)OfN0N1GV9{iT_?J&<ET?H}eJg$Ml8S(61(yvppirH0yfN>m3Yq
zR*boP9Q)9|TF!aI%T-4Vs^Li9UL=)q>}oX1`5WV>dE~)lD90YlU-h=x79@g>d1~_$
z5+srCR7Di!@GeDHpm8!m^X<#(ilTds??r?1A8f>?yfzbB_-b48;HA|DU48AuU6+t&
zhJ5V>%eQo2#idZ{_d#AfiAa5@(HHV#nJ+E454WzC)~leC62+)kk)9_oRiwrEB4tW9
zb+(NpCH{x)&1WA2F29x5_g#jLriNI2{cwJEu+Q*Mv1D_1t|;TPXbR@qSl{kf-Z%O=
zEtLH6sK6#FJ_`M6c0PR0U1~o5IGt+pyKNp8&5-Iu;^WWObbVY3b3IDSFXT|qabY*0
zW2;5u8$pr68t0xDKNWI@@Ds9Z*u;&G_iL71^tEwX{<=Y=FFRz<Z}xVA`d!@+xF<L0
zT%)4e#^~r^u04_~YO<us1W#kxp<O@a7Fw3;5Lx-edS5PX@@{SF1-lOiEup!xLkZ2^
z?W^p=gGx)7k6(Q$7*{79!uqS-MUNsRYk4j>FkuX{#u+H%h>eYPhGC_?orSida746^
z)`_gb;cpqS$$Z7V+kxIr%iMm4YDd4u`5y)DGUTkTl{A-}o|9T<S8fo+E{b^b3E>tr
z6Zb13Ob3cyIoV3bgRLiW2$64`1sYXF)Y=RaH`gDC($YO~akjZ#mU185{${f|lsD~f
zPs$;mH+j6AuQurYgR*~*?tM;r^SV2f%}~4eW4D}&PQ-Q5Mwv5d>R`)M=RZ=nKeJVU
z#$Wc4=~iFrr~NC*e)6FBmFn=&i~ifX`$2qK%fMOXvVR`Z<af>WHGkYkgZu1n4tFd4
zEQ=5C<sU?g<79K3zEpt&B{rhvRv1}A;?&`og7pEqVekYSP7S|9^5Bn272*Cl|NM(I
zD208d{nvMvyR6pnT-PYs&%U&pxgMR~Xm?N2qFrDRnf8mHz}2?Xy_~gWvvsr?o`z(0
z?O#F{&8vKRs(e069;yl3oqw2-D$=k@p5<c0@B7FnH&=ZmyaTaW=uFwwRsQ%;#0wF>
zxjr{odvk&*uCT~DN#XqZ3rpjmU@e}0|JhIYi|6V)#{TOLrErdL+Rx~Uyk6Bor-}9F
zMsquLFU-ZtckB%2MBT=5otyU@$K`d(&oNMgITGlOCUnO{7V5@U?v`!pqnKAPeyc5F
zYQ1@OM(NwnS6|`zw%qAz5lj8)65h>g!AjLnLn|fePnF~jBWf~i6KBh#@`4fU!siV0
z6ug%CJxv?cWxcnq(MCJQ>ec??e!<<F6%$IcYWkSegh650@#~Da^f@uCTri4}BvB!*
z_M750(_s@Lqh<kz8s*?l*yv2@uW4~3_h5`g4t&L;5YAqUVdWZy=925-_bjYjn=-<C
z!*k&Dwf2v`!sTtmz}9ZC-Ux#amd>$AiNq1;99M_wmyaD<wGzK5VXpRlAw}GlPVTiV
zVaU2IDX?#@Ba9u646m_Q18d4u)fqY5ez$BkkR3o~1U}LLJ9LPHhnnDpEi5Kx6BMvZ
zezO{hjsX*iYn-kKlN1Kn<(ghC%bLN4?J(QDo4=+@Kh)IaenN76>tvL8UL$e+V?RWi
z7%ccHyf=2u5$SuK63qPs>?#fBKi`K<dR;pf|2xfHBo1Ev)dC+7*iJ;|xyB;#Qc*|?
zzj86!+K+c{S}zpESkxTdr=5lJjag^0mKuK{?_6;=L>=Lz)%BKfHR9mXkKu5-z*-6K
zT6>{?FlGmQ7|TKrG{6gKaqG9~Ip~_m67R7Ed+q7~)Vw{vvi3&pM~4FTU_H18GNJAh
zQfs|Rj?W2cfbckVcP9qB*A1T!7-z%t99`+z;ZaYWkTG*6BP^yI&PrgOA~CSy2P_hQ
z!ui2<!~{+Zi_B36r<fLVM<B6Wjv?-|XlQN|ze!L&UH?%T@K3?k4Ht^7lt_hU;MN9#
zz(}sh=C9bt7LKl`&jzNWZ?`e4{_MKMIl7)b8!$1I1kVe!Y|$d!Hb<rpMIABX^;(cq
zTB!ckuWXPzrrUgE`mxMIOT7^&CTekCF_0A+qFSjEPn`|V!0K)?lkbvSQjbC7J-}U^
z?TeRjtS0@mV^DRvWmx1_>`Rd<WUg_)d_1xOw<y>e#0Z`H;D*J7WYnx4u!8H?tIXoY
zp}AME<m_!&lP1viFJoDSo6tTX#{q^P#)9v_UGE&#Pslk<X4rlh_p>8Rza(_D%2Y{=
zu)|zo>fqON4_dilK2O0#J08fu1qK-I8&W3+e&mSJ5H)I^g7Uxnr!$bvZ6dm$3Wg*M
zLocVlxOWNif9)dhI%3Khvf+N`2gr9Xjh-P)VpvViH*c5(jl)Loe-+pHz;N_ATN+%H
ztqvX$Lu>RnB2{>pE<=V*WSs}(RBI$c=#6GPSYdE9l-3U%i8gfHb0X(z>nn`{BX!9S
zkadL~^(1;FE;6;gXP{bNIIHExlVP@3Rv$uG=U1Vc_3Gd<F*H{$)c6Zc*80M^gwd9l
zsopZ}m^heS1>59H35&m3VJzqk?#dS*UXpP6H|>GEn1hByb}WocQ<A~p*2t0ueG>|k
z2wIIv$@=J;x+=|D`_j&8`xJXu=Ia@R@As-Cvgh4{Z&n)1#`!rbN)*ARJH^1_@}~y1
zoh<bZMH04|_Lzdu7Wi0u7*>bINS1DEOg*4?*Ac^9ucb&1TO?hlSisdwfg9`9z|7u8
z^D#(hD{<$F$Q%jSv;I&GzsEC>%>|oli$@yJjYDa@z+F@>o^NPOv~T_}4k{6GhtXam
z9X5Fl2u^5W;)f_f`8`p<iphc@yEJ%<T^+1AVqF$93g!H;xNkX0h0ObU98_QGge;^C
zgU|n+-cl6<Z_S!KrZi!|Ps`WZa~2w(Uxdz2)88=J35Q$!&Bom|iS;Reb4m>r4@Vvs
zeaV3vy2l{1H>%9?z8jZEEbb4rQX}`>Hlt_1)YO$I8hx4l9g3GUsyWj3YhxBHU|u{t
zdq(TR4mED(_-(4KwD`sE*Yvj_N7otZ+PVSQs8ubJ2FBU+%lLf#qazFiM`qO^8DOw>
zVxVt@_LrpwrZaw731L`FQYoE~ADiGyIPQY3Kb*C7?n(Br{4e5y*C1`A$n;rt@Oh{@
z7&mvKg;oM*lFgxl_GKI}!#*P>*9RIXx&A@p-|HMga56?g@$)^Un%VG@P%Bt11MKu2
zGS3sNzT)Y)w`yPOE38&?<j6fgEpbB_OaUI6QwFa&51Yi978`#Re;DqDb#3T2mJN7b
zo31PBru@y`Rl&B9@N@z(-7^8)Ww}3$X`X_)7u3LafT$``?!%H2m17fUHNXlvaMr*B
z<WYggxog$YOHq>pYovv5xi^y|?U1tM37bEd)=(WhG!_?R|K1+s)T>5NHT*TbSRTj=
zkyEcppJ9bwzKgiL2>NR8`pHx<_-EJJm*Ht_cs9H;Xb(AfNz@_#+zPWc<LG)K;)u~A
zvfOYRW>a_%On}hOHTEa5a6QNFORpAtS4x0xA4S!XX+&Oc`)_BYLJK!^t~CK^02+oe
zH^ATCt!tpHkq8R2$LQ+KXM?U)0#)djJv_agKQe6#jH^ltu%fEuNrEE^>f=ri8y}84
zx6iT1JhCl>sLC5Pn^f}e&)poDF1}smt5|bn4;h%&Ge0$uBY{zYS|XAA=U`;VER^=C
zb;unfnzzV(hzfYc?Q>uOTy~hY?J+I~&VVa~2Z^ECx}A~2%J<ILhfUa>F`<Lgw`(O<
z*i2+^K#keAkul>7s<8u-Bh%nt*>FC2e{ju9sl|Inv8|Cvi*p8;`O%snCzXjRy-CpF
zH3y;97)O{0e09ip>jSdMk{B#su^ugFS8Xo@2N{|AGQ*_LosdYNt_BDyv0t*_q?cmg
zN}n~@N)eW_whkx|PN@Xsy+(aDkcsNUxGHy~-QaXl1~3sfY}r@~jM+(3|3ZG-Rj~vb
z>n+=*ih<p66kt1A$AQF}BOBH>=BTy^7Dy;5%zVAvSav?X{)p|`M&P}vJC+U6NMR0D
zu<6``5XRb%#en~j8B$>53^njAF*GChFjSr{Yn|JR8ro$s%GCJKq{d)|1{z|Li0n9b
zMp87wJ5Ggar6P^D5XJ|dz(0jXqDQ9N-M_-={!SO4pJ-W<z!u4e&(dY3!I8Qn)3IXc
zm~KbpwcAXW+&=H&Jvl&Ku@xI{MIv?0l);H}mByxM<TXW?J<*8~lgZ0$cyxFRoMs`+
z1MgFHwB=LFazttp>sx-PJ<NuuHCZ?od58QX5`$DIx^?W<V2|NWipCqW{xUgImrvHy
z`3IFpGC}WWj7(489+=)63>NJ8*=18v2oF%s76%i#!$_}%RKAC&gB@Kh#7%<wV58GT
zR+tH}6-J5E0dpxcGOd~IN#KMT%U;V`w=|+e#%vy{82}yZiXle6&w|&V19!x%$==Oc
z-iuU<+M_qz1Jgm~0bpx^*<m8&*<-L?NFp*P_e6`<5k}th>zFmG##f02#^8)O6Bsa&
z2THZ^I?^H?r$)C5y`1EP^8NfEH)>jQRBI}T<O*lWm?(l{T7eH8mjU2|7n$ZD<hOE1
z*K^2-Nt$VKgfe(N3Mp)k0{T(87MZVGqBLm2T6=^iuR8igE}x9%6$j@IPuIBot2hKk
z?g83#&zHIOq*>50-mT&dnAi=Or?NO>h%m7yH90?%t*z^Vjb?onfA*-OO=f<&_@EH(
z<o!fF0hm^inyV0$oKd-4CI34l*}!z1n-!*2+YzHMIIUD~z#$!{sA!86KKciJzT06s
zlhENeGTj|m>$_)K>pSw>(3u#<!=y1;zZEc;y(5CG-mo>{C@~HqxtB!{fxL%jE8^7V
z#Vl&<L1f@@-J|n-d2w+0oQdZOy~3{j)y3X%?hm#s!Y1}xVGaZx2Yy4JdzT;D4YNt8
zNS@H0rq&>FdLz^JGFiwdXXG{OlvB$N$d<=xPF`<wj}!6-31WI6*3s1(G%yX~JT;h&
z5}FUb1&iM)Fg}Nhx?`3m{M$bwL!0A}8juL2M6-SqYwgD&<t=ufgc^zE97l|z_mfNT
z2YXk3ohJ}ZlY>HJD0jKB=vVm8-|42EY&fwS>=S~eeM1eL=sN)&_gR8vy~x}p1IyTB
zMv5F^gBg{F+sai(GkjGN#}6HZHldCfkW5x6aM7RB-OGYZ)L03jpn1K(XKhXMU(>&3
zj?OLT#K3xu@V7ibNfiUkpGyvy=t+W$US<X`KxrF3Adwu(U{I63vl>{Yw(jt{gX_+%
zk!(pgQc9=Bmlg<WlBkvI`YrinN)1P(703mompn3E4~*wcx?n-1zDjI+nJU<w+!<+q
zwuj_WUrdmxI!a=KwdzMAB^vc*uGfAf1}Xro=Y>qqV}V5u`xH_-2ob^5b1A?hr8u<&
zh*HgwK5LbIa~QIM!V!7a3}4D69bO`{r(G4OsT=%lY8ufI?kKdzYf>%~hg?1iF0N4m
z`%`I5`gsXCxVpj|U1f50UaE?NnXFPyhhXI3181CC=({+3%u$FHCgQ*mCg|Y$*;KG?
z4kRR;J~F*hkqy_A-AB%=ERx)Ux&q`gKn3t;^;(8u$RyG^)cMZ+!Rgi4g>W;OtiQlj
zr}?PwA|sCk+^@S4eetTn-u1ePSDq>u-Rz8PbML8N`ax<Uw?$&I_18ExBmk^0z~M~{
z4dE$*5B{CjsMoS2hgs8jN9@ikN`ZIrJSH<*{9_-1(e3~gR^=rrl=-57e?J5GB_bgA
zS2lM|U9V*g3vdfmOfEegEP_*Bh=b*4q2}|H9gAzfrpss?G2xX{itm7@XmcQwPF7&D
z_CVI4m`n58Bj#KkZn{xuD<v?r4|c6w`*#C*ClW@X`rahqMTZd+Pu78Ht$KsF9u~_p
zCYaEAq4AfI@OtE}$j^}X;_@|hsM{uAPzD>Pt=N85EttjSN&$QOdh|uN0wyDh;w`Do
zpps91$8YJ|=hd6n-Ns$#$_4g&wJ=s9a{j-aq@?mW&CH`IC)oC^UhheqIPl{3TUujY
z8ER2Q&j*n}o{Bh!oyi7HJE=I8)7()V+M@oclXC4&P^TY$uWsydT`cg-pfo&?(FUAG
znecvrL87Bu>!;l9`}a1g7Vn*pIU>XNPvv8luBY(t^gz(#z$2Ex7D`gw0`bWZG2M=S
z+M}p9Hv_`B?54LH^k3H_5+$&564-crZ8(-Ix#xyDz=8HO5QSAp(nOdhIgmyj`(LN1
zuq3)*i1(w|i3;ZR@E>~WMYCd_4ElF+3l)<5C9E?@DS-r}94a{3rAVQ`c6uL$%}a7c
z^zbM`_k0kgw+Zx8El+LlWBr#+#T95yf|tSJok1Gi#1N8G#`t6Mwi~B9C@fcsFTyKH
z@#`M=SimyA1?1tc*GG-oN~#|}Aw~_|soZ@k-O^*riXG^MjGSnoW|DVF>2}49$uIJI
z7e-FrqPXush^1PNZP~DMy@rm#cd-$@On{k}O{9u3!9TiN!w7M~WFG$Rf4Z8}2p{E?
z&^=-Oy`S6CI)n7vh(gIv$>Vp4=Ho7cP}up;w1_?xR6baa)t_?Noha(KT8^ScbRWl-
zPu3#2?*eF~|3XA0D;DkzB2<(0$mn)`oZ3`RZ!VLHhf<u}UA_lsWE3Izmg{%?_7cN~
zltZscwXoW=V|$XgktZ^!vR*~tOuX?mInq;u_#u+K#9$#0|H{8oC~%U<h`%L@J!uF~
z$aSJ@xqeE@){fLUE$=-Cc#P%{wUGvx#&Z+liTBTL|5<DmZw@1{pNg<8P|b!1a|0j)
z4^UA_?L~WCh(w<M0%FgGWm^^$Q(!!iUXDgAwo1)~TdFDOqb(5Z$%#aCy915>U-p}O
zNyS31H|$aWB`5$9@opoUXZT-4I8Toei}JGUVU#=sGjt;&iWfpE)e^P#7<DJPa^mDJ
z3dB1^LASec>$)7p=^eJ+>vF`WYCtygSMU8<<Kh0kCyHRbBS{=}e8EAU_wmBOot1F2
zf&8jOxW2j~4F6Xm`RaHcAm78UP(wTmKlY3f{mGT&bh`{}lovkB+G6vpC&J63Kr%m~
zXz79k|0|Mu0m8KaZXnPFObF0z_wqeb1R=JijdcZUQD}~UsNrL~B}ppP+dxt+^^VNg
zgZ~u?Z7*v_z@ohESlEJcTVci)H+vjeg{jg%8hpQnx2h*MQA1${(K?7ocuJ5+j)<tD
zuZ(Dk2%+vL9M(gO&=;prx<}ODl0Z_$LS)8zPU6o%WOgD$>`y~vHboVtM~o;gw|M%?
zn#jZTj1*Bxgjzb_B;qG(XbL7raS=5Hw@@N#lfF+xxf1PA60s7ohrJ}SiX5V(ry)wm
z@)2<n6M+xqh&G6<7!t^_H;9bvo{|cX6ZJbP61fwF`BaOBB@!W2zLUP7CNgNEn9RnL
z5v5nZCK4tJgKxGIxsir-IfBBD^yq!yr>tQXL{`!P<OnLFDhn4PdfG5ys=@J*AO}^o
z(q>V?z{*>^GFiE?g~t_PpLF%tpzEy?pVrm9yVZ6>$a!T3a%>8Z+dvGtYJ*AZt>?E3
zU;mzx58MUOk5Hqw>06H<s)@D2Wn<^K1%bbj5RRL-H0L(i#iD3D^v<>X4BbkJL{u!k
z@A;#;dNZ7Y#jp;^Lr8x;RC7||L<84Jd(!dPN%59Pyz0CKT9KquDYW%VEQI_*dzoJx
zF9B5QXEq2OP^r5<UYJuM1bdSE=IZo;2vI2O>FYVOp!1t3PS48Evjgxb?rU;Xr>cMq
zCyaQ?%RN2-=Wh?9t>Ekp^7g{C4iV=^%{G4lCteC+#g+$^CM?btuBwe|eOk2r+J*G8
zB}LOww>rY|Dc;~K7?eZYLeeNd44=p)y&&3eQJTo}CBbqhU#T}!kSZnyzxxVKoF?{X
z+UE(cXkCvlPpj{gM}&k|$gjC0f_U4RP}8PdWC|RoQ$!P7`<95JBnTi9bfZw9Iprs=
zkY990-S4%e_P|`e3KMy1aT7I-?jjXYZhMG;XRy--v+qv<N~U@!f{KCy0xmg5x)9r9
z83qRVmWA&-FJnl}f?(X?`O2ZK<zPJ=GnTzq&({Z&J5MoBQEB|y+&t*pS{NlSq_P|=
zVoR)W^R%R*LVkz@#gwEtJ`S&sCRQK~cxO1lWiNnL@8#ayoG$k!&WjCxV>pqw>?RKt
z1w!V7ksl<6P&fJkYG_lGY_ja7c~CTjlt6Oo37N=S)JHAw5=Ix`k^&@n%KiEa^PsTn
zD8nSh>2Ww^Ch3L5z8qvC@CorrPlJM7#U3h9JvmQWfJw!yQsO~;Fji2$Z0krwo!aZ4
zyye#OSN-2cd;LHg(Qlk5l@+@sj4$|_7ZWq~aAgWwurkoaX^hs<{m&W|WFh{-mpA|M
zPO*KvG`y#E{-uR)j%Oo^MVqzHEwhbQ@X-T!S&72q={@pf8_)*z&xA}tW{rfY5`MMn
zOQ((70K&`<{{0TU8|u2RZ>%I0jPb~i2tjWQS{|nr3Y2v|55XoHrD^&`#7opAtv`4k
zQuxVM66&2;diIlO#yy|y!EXjP&qY2P^qKhwdd02nDh)gE_k^(2y_C83p?>Uo#io>e
zxZ#&KeQ7>Q)taGYCD)^D1<MOxnP!c|(!VZ!&&C<tD|3W5-lptxYcSCTQ!n_M>2)OB
zw_}h|$*C;+cygflJ0DVOdki5>IDGDixhT;kkH!9$K6#1i(uL;v@#WQvK;|LXHTJIj
z%2L~7?w54@`}X`=R{Sy7e9DhQp~vfwE9T{e6|o91691y>`5>PO!5dxwqW+SHV=P+a
zA5{HB$*X)Ce4<s&9#gle+2TsD2wuy8K#I<?zj1Nj*Qy=hnOdHF8|8ygfmw3T{oqf*
zWZO1B`24YbQ^v|8vhZ1CmYRbT_o~MVlN@12o&Wt<)}IxomdzsUD|%N0n_s%qT(9@8
zadHi>-BC~0S|g*>Do(djEc5oMdg(^sfhnY~e;X|&UHNOiZJQDT2&-Si<`}p6O?@B4
z*e;OXe+4zVDDLdim%)ARy5n8K>+T=jpU0;A0)0=4qP4L!o#|f_^}Jg6U$We9on24(
ztBmfR=TTHtg^T1om^vQ*txpqgVP@^u#|2Jv!KJj`zBVT9$YXx%Emd-^EOS@D1AUCr
z>D_om<dVCi8MMoC=S^Buqc<aZZ+Aq>DAuxI562>&e$6jq*f%>S&-vwzfXVaifu}+z
zXLZ)iw}k^q7Umgit5Vo?WC*65LpT>XhtQLWJr06`VxC_6Q|6#-?+?8qZM)Vk{RC>8
z=3Z^~EOm>E-rBC8&(UN~ZtwFw*WXDgCwxJ13-qpO2;_4Y1oyR-h6z4I(Qv112Wd5Q
zFt%0smD`lZ8=m{!=n8lhyL<8aWe&IF&(!WA4>Unfy)4LxeaPLB<6D>IXhYlQJ#&p7
zzq25zHodC7+%~2jzmIEsUARv1I$w##gLTKL{G*~0S*<9WOS6Rk1BO6(zZXdMr$bd7
z>cZiY{pko5N4RiT);|kb2dQ~~{U3_rJX<C^>E}VtKaF2Y)z)*>-x5VpV11ze9%HW`
z%zOv^O;Z$wu1%1yv+*V7y(%`+HEbWO8Fp{U_8NRw=+H?vZ`x2_%#CiWoGl(u{u+Gi
zCObn^S*<3k{fq29mrT}VvL^FU^UYgbPEgVyN@7t0iwa8MTa>f`NoRT;33EISi#Y4Q
zSKfw^X1GkYzpW_Fe{1DWy{#y9YqWe?M&pOH_;DI{(c*__{JSgPq94ImI>p)U&XsI8
zXG^x@QsJeL_|nzEf$?+|h%e0uHpbhU*&92DzN;u&G~;bWkso~rf69}AOF;24OCP!-
z_(`^(<%K)otqu>niu6*U7h5oj6&khG!J;7*H`1t$F3vU~Sh87(WV=u916PlOA=JC;
z6;$f=ZFR6Qj=gbEI*fnvQ92BN8d>YmvDgq-98KduExw=DzFScgg*yTEQ@^(q#px)M
zd(h7sZvNAFw=3rJ)2|Hj6V^S*&qZGUcYda6xsc}NIX`nWS&o<I{LI&6`ChH(XMrXu
z@M=9jOEgKz|B|0~-gM7T=bP^NdGby7{QTxk_x$|wP51nK?@hP-besRr)BauS2c5gn
zkLy`<kPHr<4#k3np>Bm^urPuZMz|UCaXFBO2!47{Kb+t8G=9ky)0y)ln>lx&ad1Z4
z&&p554r`cXe+rgXpLpAOAblkJQxRbf%DOxrZ#ys9<b}}-=pu^s(LChWbhZ9_v(?P9
zU3Z=0c(KEp#a&3@EEGP<T|8YdhPz<8;0W$Q>4M!^9$-5=Kr`Vja7yj}**@Ix|FwPU
zCeE#WwYpZ?C+k{iUxTid_8I@j_B|43Q`lSUFpr8GEvqDZ<U@z`B+hn2e*7QWD=if|
zz(?QGe$IZy^|s!4+i7@d@|Ad-B0ut$_O8a0a8aY%=`J*F;%yE5T2)3bYBjGbit`NS
zbC@C@c~yO*t*NLKW^d%)LwX|r@V43#OOhPpYK3JEd(*G&SFHs<?a*5ADj|fsz7Elu
zikHFV^pyO>>uif=Do#`sr7la+_8CKT*3MKj?sfhKGB&KSZnQ#gMb!HhLy{eTWdGtD
zcx~<o?>&@rw<}6)m;*ZIB5T%zYO_w7igW1+&%nE4482(uGguY#6sr5p`31dS{dEI(
zf9iU@pna`TvajFC{w!ydbvgYgu&iw?rYl~QWqFt)Pu%Y6v6*4VB-<g{+ZSmYsOLD_
zK}*i`;&YZ!arXFNW8*V;U?!wXy}a%<MM*7-D;yfEvvyh-Z@WN8t#0UR)O!>@B!Ka|
z0^ionh636jx(#}=P$~_NyX#G8kz|jky9uQ+1YQm;zp5zCXI=MUKiJ?`MWoX3@9%iC
zo3MZEP!wmOsSm;Tf8+e2cZTH!Z~;4MnJ1M-4!rA4<ZZ9eKC_MrJBAHcj>p*!%A>dA
z>uOE$Hq3c;A18nFhU*2ty<@}9J-!fMz3f_F!j3JBUQqY-n=meoCGhCt6t+tq@fz%9
zwQNW&)Ak3fm8CuZD-~XnB-@-|Bi$v0(p^GGye)?A7czn)q{A`6A$T#42@X}iiBR{a
z@wVIXwrlaWD|856*pBHi1g?nf=|&(#Dn4Q=dJ-0rqmr%0d7s*k2}Y^VVWfMA9@5y6
z)+=;N5enOY_(8RjtxH?yTQELTjCkMdXDS*G)tqqNuQ`(JQ~ac{Q~fN%CHpj^RCvHB
z6(6xYD%r<MV{chcOZFIAX*{j;jAYYyf=d;x*ET2EPhRr|?Y23=e#H(`i4C@~LC|(q
z6*FM1aLvcKvA<b+*OlQEjp5F}B#y2YW6xSv#KEhJBiQ-rJ_+vFS2fc?F>G3|-nc)x
zT~T1KA{8E#{<2>={u=JWe#b`8M%HzsTkNB+!xk(VxaD<rTC0to1<qC)p55$CoSXQr
zD~^FT+Zp`f?5MiGS<T)HZ(t+Dos&G{HTGiaIdHfoIHb-WzVo7e8cO>Vwtlt_0U*0_
zPnG@Hg7Z!qd&^X$=m<YC3NQIdcEh!2^+Xyw)o9v$KpH#6Xxi*3I%X>Rkq}bkFcp1E
zSBJGh#AMq*4=z|8Ouv5}24}8c-1s@cex~BjApv3o>3R?-jjf6@Z8;<rHYuhpj;NwT
zmUdF%ZN*glA|2PytU<A+&tiguYz;BC{SMj7QRh`y+qUp@+lVS_ZdBu;AX9MzRQI$L
z-RKB170-hAds~7f(`QwMw{@nXBpo4zx4le7X*xperWkvh=&@DSF;Zc(4%=(`%psXR
ztd^U$!8F+HFn#852C8||Ykx5{{JXVFk;CE_=8y^x`mvcFgL$PdI%d5f+3MlX0>s<S
z%k|~jr3;=gjW-k(>xpTzLmEG97JPTWc))6)wGN<Xr^}@EpOUTK78Be-4lP#{drWW#
z=Vorc*y?48u4l(tyGo~rN~KRrh3BIrQ|xVc1vZRZ;XyyROyLE1xOP9h1<cvfTUhqi
zjlzo%mc#EuGRdqKc559&2-H=XS{7Ft9~>H2Y6+I23v1~quhzZV!X0n=%oJn#tWDjU
zEPqU&n_^6#x2bzk%_n%yL6f?`RCJgS(zqTj1E!)ca5XSW_5$@PQ(!9k7nMBAByYf5
z*Kb({OZKhvVH0u;)(t<Y_{f^&VGd`zGT2Uz-ET>g##;^qS{qoqx%Flrfj7suSk6hs
zinTt>A&n1jDTGmh>q`?G?*h~vuzW?QalJI&zot-6EFWNh#1-z>O&@#IIyKAz*U7rP
zt*|c9X6r3i<L&eOrWYSub2`l7^u_UT=;Fp6u$ZLrs}BWQ8{j3!ramM#><H91%|7S9
zfs%ca+Bufj8`t6Waf>we7gNz_n6@vV>m#NjI-%q3(SFm59j52A6?jnSN7qF-kHb{-
zI6Yweoc)2;ORNv@{u2K>16}Z86CYW*M=w4E?V(i1*$&dHS#R7z)xyOW*R_+c!1Zi;
z@j2@m$!@s2PEX?DVmk7kx*W}a1-I<#f$q;QVf9dxKxbKlPr#dWmI+c}lb5A8Z9%8}
zi8O&1)?I#?UB_|0Ev&Rp?P-4`5Wbi8*Y=its<B=6sR*^_<_4d2a50^A6ECJ`wkV2p
z82(0@^Al}<W{+A#&uEeC1qIB1no`ZSdQV7p!^LOlw2w7fhr>A9>g5Q<wToMV&q?5&
z?Q+3p_Eu<kT{Xp};o)@4@OhoO4p{fGCe#h1*MbkW;zi=3WH*d^2AXTUi_IOiMNyo`
z%J{BY23=K};3X9{>sQQ`N_~eDJ&}^TyeR38Drek&j$xk~2zkl+i*;3MnOiK~s^Rpv
zYNYbYy761tb8i?Y?40FX=PY$~&LYWf_^yC;PEYQ+wWRisWe|=DcE#X3-bDVF?COdi
z)zLTs*K^j1<2SKRbXLkQyoBBJvt&2)D1h#%!;7BWWwW9<_okM?lM;Aa=-k<o?YjKc
z7JOgtTB*=mM^9v%9~g&k>UM4A@}$zp1=qZZ{QZltm6PaJ?t)~yf?K)tmvAc=j2?Wo
z9bF9iE8hrzKm#DGr)+;WEH><%^C-?Ux2+!RLod)B@fG>xR?s_lNOnWpwcx4YDte0A
zq$th}ZVwQNIA2Uf7xAYS^mf}zDs0l5*1v^6g9vZ&CQ`C~ousSQ?qAh;qsHPqu|Lw2
zqWx!jOFjpr<fFD~Y3vV{ZzQ|n=o)C;_-oj>w>Glth4TZ*E4Slrolp<8e%<={Zq-!E
zwRC<YS4m^5Ohu`XBTb5Ri~R0p95Opzj^f>ZfTpJ4GA;!ZT`4$MvKywYVJSFNou5@L
zuKB6pb6U8Zo-V`7Y2C#Zb#`uT@+NY(^RATKUzbm(Wx!^(ZCZ-Et~Z{BuE=b{t|)&|
zQR-&m`VD_*2b0i?CE;<pvdW`2u@{Ha>slN<u(y33Z%Yfr#GD@lSs7QT57ud^X)1af
ze}=iI-kZpwFF<-e35gSLyFk<PYx(FVnx2;}(=k1J!yS`l04})f?_OxnN8tSzFVH(M
zdS7*dUfzFwL0z6zwW$x0`)zXFyG6u?U3R{y-j^OU#)e&fJRY8lM7#1vZIj#{^8ahN
zm6hy<(W{}WdeviBWtJ&Q-E8jumEHFH;Uy;_O)5TSDtZ9-?16A)8w@uI_axhO$sU<W
zs~fw<Xe#ajPx0pYNu{|usj$Usg&7Wg+lvr;UZ7OitXT4-@rKQ-^~6;4gbp@a`<|k~
zAUJY<8uag7$f<|$RQ1s7jiwSi{$#;Vvem<5i__fwdvlAaxRLG{^LpAR2TJ?T_m+GP
zY2~;6kP2HAQ_&sV%NnKe2EWyMVi_ZiH%xp=Ppn1s47RtyVyvH3+NF(T`#~C8wcH}v
zV}1&xciOJ4WNI0RVV`54>nD}!M@nN4ET0B%aJTCZxQW&Kut3RfxVH-5vv)<k2LHGT
z2H6iE)mBP}57Eg*_cyoXsu#3B1oAEPHr%NH@H|Tsd|m-dB3+T+EmbdTb6_CZ^>wbF
zWNWBf$o8A^*)ld~!ga2WXbb(n5(i`CDjJ+4++e^WKnDX`2V(;J7P~hzE*&PSh2Egl
zE7kPI1pY8eNsNvSqV7;#Yzw;|yd{Tj(tKsGzwR(W&3(ys$W;7r3+L;H=kR972*0rJ
z@)hex@5F4^>gKm7N|{vH>}BaL*-pvVo~Jb)s`G8(*C(14vsqUBT=&#H*Yg~-RA*H8
zz2gnHSL%snZCIl;-Y{ULo|uX^z};4?U)YhlOYp7#yp{O3LhK{uex>l|nnuXm=y~mv
zjZ$g2a>-jA@R*hAZRo`p`Syf4>OQ!~?Z?%2ynj#Kf6w&`YYcPLy$xqHoXe+Yq#bLI
zkSCV19w~NMJ_9QEe4Y&vbX3h<MRC7AsekQDvfY$yE$Zqg(LIJeGW!!fk=wCsvl|wD
zLfae_DA{63ysaO-#s=a7h?_;%YDD*$o1VvO|5?c%+2<3w$-E+LQwOTsRO>#;Zph15
zH=^%eQzyaqWs2h5A&0z(m)sv|d(}UA6=(a7{V^bDvLtUTg@0|c>tpzxkFQNdz2NV+
z#00|+Um~PZOK_-UI~;FohCg8iz4O5f@TTMyAM1&{k$w*^^R}c)_6W&t2zndtkONJ{
zdIKTxc0=2@^@MKNi>7$P4t3@VJ&7CZu=I)_Z&<d1PLC~c3wBsGJcmzWiV6PdlnC1Y
z@N^|aK2oA6bt9pM$a^2b?>6-QP~60uiq;zl`G0u(()cKf=KtQzZn6o)2}*EPkf@6U
z6im=y0!9-^U{*F7C1?~BGzh35pc_Okk?acN7~~PW9v@FUA0K^GJTS-_AP`V4IRrTs
zIeG};CJ7-)|36jTb8HgS=lA0O1~NM{Jyq4!)m7iFu7-)S5>Iegk5KhAZvy?d#?NL+
z2$d^Zj2t2^uyWL)s4;S|p9=~5W)e{D+BV5a0yBl3i6kOt4wfq)@`aP+s)w>`_u}9^
z?I0vabKUrbljNwCCC41{oG;<SMU~33-<&xa(;RO3`Ll$O5R>P=8bwHIP1Ob1{`4D5
zCpa>irgu^6yPZ@wE~A|t8-K2I99N1qD$DjcwSso;oQ(Pz+ttd9rfEBKGV0}jEtkL9
z<k*;<Q7+H@0GNIizM(i)=VVNF%c1#rYFsj(d9}p-pX0`})HQzfC_OaW1aogx3zNZ4
z1fCNpWwG0@9;08+F<jW5Ezljb6a3jf;8}GJV^zP}{NKrQT3|xfcq}b2bg2~NIJT6r
z+|YhGv<`dzn7YHS*3jNB@W~iNofoQ>gO^6xyMV5G7WHo1f1M;3diOH4o=gr_!E~7T
z?SGx5^l_H09*4=T59o2xD(r#2(_-B63+^aFLN)T-BnKg>YpO1mI}>?sPX{5{rGBp?
zJ7cvxw>|WvTHbASwpx+B>`3QqM@9C}4cU&hzM=|fNy~|GXJ=GSugq0{t6JBbtCyc=
zEJyuaDNW2jCK10{lUlBnX5Il#P2Z4Zq;GNX;}dUu9!)F$=5Yu)&{ShS@~JE3&~b4@
z&SkS1)Bk8<j6S1+eby3V12_gQ{SR)wtNP4IXz%AZE@;=-7elDA3qN!62>L^=tJ-Hy
zlCAE|P2DdvR=ur}G3^d_YPtRr{58;>o4VgxU&^SI-zt~CDbIFP<YerV=l(zl$t$Yx
zE&I*sbJXSbo$Qu_`@mgrrG4fk8Oz0rU{Q_wv$E`<Q*kt*zMqoEM=M3kN_2-(ax?)X
zDz|gS<YfH*^nsG)j$C!JJ5Nnk6RSUUa_3P`Z#0~^wjhS~&l>i8nm1Vqu|OPOe#GIg
zP4lK$i)l|;Co!df(TC?kS2r@I-`U7mwz@@gJ@+Y+8ahA-$tj(X<twTIV(H~LQ20q#
z-!?FoS5%=T-t#F8CD*+`8t9aoHVFQ7l%qUuW{j0S&QDaLkA)bknn_287}NP=pZ3JR
z;cdS+LDBB=&}uXzaHYERH=V?%mMfZrPZF-*-gFXuZM~S26zwLjU#-tp_tG1mV@%)B
zz}OGONeF#a6Rvi9JVPPzZGr@T_aCrAliiA%_`!c*a^S{5KY9)s5k01tVzj{RUuYhF
z&GpShP70#vYK}L7z87T7uZdHhJo<oo#(Y|Oo|??X`OkBV(V0QU@K9yH=K9w}&_>s|
ziB3|rn11ja%2A(K-(vnOFfi2#5Y+k9{eE>H%ZC~GCck<RlYEpAW9ka}%xq)i6#GIu
z14H~;m!3eUm_a8*#HnRZItd9cL4+{=k17d*imECJ;!;{y$5_=m?x&PZhUY4B2&wvo
z>l64t$5?`}kC`w&YY#A1HpPi;y;3ES@GfjO^Pg1`q5rNkqpe9IYvjoi#`K37V`Wc4
z>l<<i(TkaxPnV#mjVwPuR35me1XGuy0$Ij)^OG^J(~L99UW+0mjCEd1<1gcU+ytM!
zzK$__zMST|Vgg^c!g!|a6?kt_G9gu~?D*4Q{{3^}`&tQnzogC)xVoe+D$q{RT>HlJ
zW`-L1njhPKAWG>HOt$i(;`UEa)V;i^-n=PHMaUr}T-BA3vbj-6chO;_`|ZOLp;K#t
z?x6<V;h1DX%Ki~$$lvr&{H5bP*#$#Vt3fv=`_w~zwFzdMzB5r70;U-)_J?)`CTLD?
zs65clud<Sr4*KkD#;Vry^&Lhh!zeClqzOUG^gfTVO~qu>?Go#w;X@q>DLa6!Py8o3
z(j9%6>rHtLV+OwA(*`8?)ml?e27#Vz_=B;sL;T(Gx<taPBkIXYT_SW=jnI?g*`OnX
zpJ7a&Vy=INb2|}IRt*w-HhdCjIOrfmf09KE7{311Qa**2e13Ww<x>#+Gx;2R)-Ipz
z&vN-3pVdM>g)QVWwjCj5gE@~HMfpfNm(Sa0{z5+g-N#tj5dQA%R3hPEJCx6IDiQkN
znF#q@KQmH3Kf-s1a``+7e;2eapMoLafNQfs8AIiPi?hFXa8}&>lwKoWr}W!85onh_
z?V$&z<H5hQQwjIF^K(P{iz}KNgW<r$;oli68zvzW&mEFTxMvzN@#1e1;pbf<6Qx-H
z^J%`Unnl7L(g-QLm%ldn5Xx=DZ(MF;PBVs^%EMQ{LqjD(On=H;e=e!?h>>srT(}#i
zV>geR#px}?2qQNkv@=l57c*IYlF^roxobryfKHU$<RyW25vmX48s^mU8R)m!Zj722
zo(6h(g7?|$2a)dU4sp6aKgC$p*P{$v&=k|XAf^?+F;;epzgKinBH;y{P)sKeN`y{2
zW!lWgh0W~W;^VyEKY;IpUyYgN;n{F`5-!JLJl|YCg+e|R(@;Kn&zxUA3C-oRvBWN)
z!WQy*dpbXYFhV|#3kfM3&iR~r0Oix|AeYa)lYb(gg?kw*dw{>!|A0iomt2VQIdVWE
z^sbXF<a1Svk8}B41K)qpluui@9AT5s-L@kV)mlaU1+z}H5W&2vT;d3o%b^-V2%R|1
z$~-AXf19U6YiZlwY#Ck^ML~GQ15i2mP!tULX<oO|H#6g52<}he0m8$)9z;68vC6~T
zw-U+WD~WM%)NUd~tm+;xLW`<^ziS*mb(I`k#ZT0fgPG7SI(7>k@K;ZV98@{LLX43O
zu1hYFgLgPYSRx1SahO9sB6P{Ze%wA)q&%Y?NZh$!B6Q2sCi8gqboiwLLdqt(uzwc*
zf&Kd3eu?k{$?4a}jdA`ebk4KT;#@vorkx$*#8tX@+W8qC#m3-LY=JjH>zDA6TMpLZ
zgnh63qa-;r2w2quUXN0mS-C?Zw9gboJqP&JTEBWUkHem;=;j%Wfk;Bt;QJTP;Ch{;
zXs%_W5&Qc04h}iiPqpJADCg|(7X^gK!43R??k)QyQueqD0-PFgz<O!su0JF~_Z&0z
z?n?t#Iz~U5B4R^1^r1Mv^Q9?_VI2v-T1)4^#UuQAoNwVe-*|s79Rt@rjQdCZ>Y+UK
z5bbveb940e5qMH~2FQK9ix9n}iLrU~(U~|YVJrgvVt8QzA$aPkv93VfQ$&h7t|!*$
zoOIq^p4y<-*{;pez!T(3j_~73S3=aKEu0($|Ml25%E`w@Ud9nQ7>mj@J%JQ=_iH^?
zj1mzEms9X3KD#9NtuvRwUWhf9wCCT%IxhB+bA=c=t5CzM9AX^irdH>s?ytIl>!m;A
zRN#7_y33z2E<v9A3nAoIZCJI(SF+LpLntq_Kd_63Lt8-vuBRCDXPhct=hu2%(Tu{U
zQ2V0u)YC9ld}_2D`U)*xEnPnux-lYOOFc#xPv+QZBumD6gz))1hV?|-r!C>xp4T}7
zUHmG_5o8yt02R@CjC#lj<5megkPe>ASk;z!g2t7IR`j^pc#e<sdl;@n$-#L|5N<fV
zoB^j-4$TnZa9iMDq7A=PxB1j9bjTzg63y)j(TzyU^{EFjd)Pc|SME$w*YNZoXlvdy
zK3rczKAm1g%Q6yBinl46>(!B1;%Dt|U=7mV-6rv~&eK!N=|j^Q)6X<=Q$6`f#`K=d
z96w{=dJ5P7@CfjWXLG-J&|b7FNxx!Cbi@(H^!K@*(<i3$;jyiev9KFnngves8az}S
z;`clbU`m{*8#z&FcA_>;V@w~>7~vr)+HCBpzOIu+P7-j7L^ooN25n#h%lE)Eb(6hU
zFILnNejyNe!;eBJ`PoUvqUClYZkf(m9J5Cv;Ww@p4?@he7v}#e<M~C+_6r#Cpw{Wm
zA}8@{AHqj{8M^{KMVu!&?1~V$#mFuWl?Sf0B0wVe5G#}26b+C5+=J^s#n$rWJk0kf
z=Gs-YXw*EVH2&+|5-Ec=!#P)@X><X}D-JVO_2#@kw;vO@{dncU^V^S-2mdGg;s59V
z7yGd?VA+q~ANbq$V{V`|`!PB2H|&SInf;hxw;vOl*^jFqXkkAt3bbNBnnwJu_G9f6
zt=f;o$NvxZBY*Or+mFH#I8-<9!lC-$X4_Eh@|4Yfq(2d9Ka!uY*^fRD8*b-*W1F35
zKgd>YKa!};eq8^Q&3^2=jF7U;j@InQis4Aq&77z+n`}hQo7}4Xn85AFm&4C*Kir1>
zm|(Xb6V7Wt20Y%veyry#Chw3)_{qyG`|-|BiO}AM{@Q+AI2`TAguk{Q6V7Wt+^yM<
z*CsZzA9E%~*pK30B~rG=K}h)W%g}zb1(Hh+a{E!>FZ~cA&mkZ&czXxh&a|TYoyOo$
z)RQcqpKCgu@bYgqq(u(CD)Q9cp2Qgaq}U4D|BD^8WTqkXE5S|ns|(==pLzt`WXx}}
z@kxK0z*yC`$oYSQ#b9pg{<8maQ~t(wiG*XiBTJudk_i3$fc2c|zg^Uwkh0JD8;@>B
z{hYap$3rs@;Cdgr?D}}F-{CIs{FgAbtvB<ng)+GnZD5j8I@v*=ogffSmxI^M)A}dl
zjd2sKnB|0VYApTsaVzieoMCjd%;W`5qNqnf1^wznNs5~5@vGyKY5F9wLYIpNiWe9m
zMW7dt1}|!5eGdJF@n)XaP%A(C7@a&`#F53Ts<xT?mZ>BA`wwD4!nq`nlA|6h8;tqw
z`<2r8e%ts!{#7FM-u=y6HS#)=#xqv6O60M9|4J+&Rg1X|@8eewWq<!#EFtvVV~k<)
zg3bRAbV2t$`}@~p2`LVO1Ha`l#t=Q>uVJ)^=Rd*gKil_H__Z!E^PFUeqV>4(WhWVo
zYui>b(PK(!ro3Jvbk;bGTPCG$Qq*I(GeS{U(vE0Is{^AI^;q`zJqrk-A8$0)mafcE
z4=Sbc7jBbCnUjYh(>6+k-u(w-LsQFf;U4TC(6q&jqcQQE&VRzpT6quRg73Q*5K{FS
z9XgRmMn@IR_2Io38O>YABctD-onM;c&wj1TbuV!K?tZCt{;pdm5&G`f*7&<=qMg5*
z!GzE?8=CRg>lcY&POMUzS+PMP^vQh@{3+vF;cwC7&G<Vx82Otz!Q!v-9^~)ywVXe4
zKK?$O%lUh9LF@e8zE&c1`J=7zH*A8Pzolt}P<?$f{_fmr^<P`y@0H&p_!~2}75+9)
zY{uVrX~^H}<1PLU6(WBdf8zWljXMv28%jBUugq_qzwtjwgzkH!HU6fJxAPYQ{$iW+
z_xKj8{|Z3Wzx^$Ozd4V#!r!S0&G>tU^S9(Ni@zAo-|-(s{@d7A_!ItS$q|oII?d};
zN(;PgmC}IMO`my~F{Nml*GX?2$1}(tgiAND)n%NSl{X!JY)da1XIaYGrll+$Ck!ii
zbfXmcv6Z8I@?&fL>X_tF^4Mi^yDX1VQsFVYxKZ=6!voz294Mvn&u@}QSz9ib`?g4g
zzO@%kmj^|IFL3`XJM424QoIIajDON0k1$sC9mey6+{T8b{@hq~%nMZq-rx(&FN3X0
zhKHXYW!ha2T<;KeFr4Qmq$+Hmzv><qDXy5mb;LuzeV8Z1$XvGqaX_S4CyL>iNcqna
z3D?C~e#XMh5~1t&2tPx-kcI6j+SAGO)Wf{33-Fd{Z_BcIdlR6&@o`pr{b7vFIA427
zbm4j0%i`@NL3>%Y_O1Z>dY-R64;_4-_HN<rZQLl4a64OjM`1?i=cC%&<LeDIe9O&R
z?ptBPh=*^Lb$v3#NtBG)bD{{5gH41G?S*-m^6<)nD45=uy1Ls&rRaFZc18B@!JSy(
zzc_aI)Q(;b;i)gdqZvO2ZsmG#eO`zKqJ7}Op!P+gc!nM@nlOg3sy*hoqhyTO8p-!L
zwFAnG4W!_8Ugwa5IS6dJ&J;Ke{7}XH_EkaAuJ$Qh`qf$<N0bH<lN5CaUGRv3fd#W2
zglI^zRtl`@DG~eA#D3ef!_Tz@O<xwFTX|ln+z)X`Z~^9}?4|FGhCs*ZRYK)Hb)_8q
z3IWy0Zl!OgKG;d*&`v~93q5(EopNwJUgRhE5KWD8_)3x;a&Qi&4(#!(+x+TbzdFq8
z_N(o^^qya!X}Hqbdwpu9ujCqs9Gq{Vr5;3EnH;=Lg5SD3<X{hs`3Aa`zOJ|eCy|5i
z@g%llq~#Wl4$nbwHbzLc7k?$eukyW`n<_&KL?Ht;1aeZB>8H*7Fc{bQqZrc-oKZ_#
zHkjk4i69yJ$D>>z#y&`&mT$nPe4op$ZbkKb5knmh;i5L#qm*U_S4srmKQ+>PKXfDZ
zD8m%09IqRCppwpd7=lB5Mh+fE;&Vx!x}1jwxkL_~;9w^T@x6zjx%OUtGpCo%e+Y=T
z@w1K2gr8O!IA^8R1Ea;u*bDkS_WdGs5WG~;WVN#wU%A2fUZJhMqsUq8CeE2pt;|!G
z>o-Q=r!X#F9ch{RnGOR$ztcfTW$4u?LL4a0Tz8&&OiwoAY3WgTsT_;kB96+kmqzyn
zN3%!*gTF6FJ<6Tcm)4@Qx)Wx?Pk&`hAJAaKSC_hb!xxhs{Kf1aumtlDezlU07-_AC
z__Z#&1_4@+sArv|S%$hC+`(s+Z&pZzb}QmF8TMk@t=~)qUPXTx%`x%dR*pwxFTEEj
z9wQM#`>lcz+tVS3Zebj!{;h~Hy%%GQ_O?b_aVJG{&B(`zc=QTB5q~RmNAAprNZ{)1
zr5E=m#8w9-H<jt7jnFQmbD-UK3}tb8>61nL{i@Y@>c*-S*-LvOSr18~D6_!@T|dU$
zHXFJLobjc1nGEQ2ni!+ckBa<NF{`U+uGP0A)n6><R69m8rVnn42-ofFKL%o@__fCp
z%uSF8U)}72K5KNyp<U51wjT4qeJsi0FMSj*JY2hu!QV;7Hp=sCtVBGDrjFup$Q79U
z*X5C*6VnNk{G|b}rxLRT_y@2y!*ah`qo__VhUp;HStBr7bSqlgTOmwdvs=<5P9wWd
z<q1G?P<I;DSVl{B@{E!TB17ok;%0(z(__2&hPdf5ZYJ4oju1DIeShCBi*Iw1%92-w
zk&_pc`}=m8cAK%QE#BX^%Urk$rAOi3I_SB01iSLwO5gY|;a<>*@=h#%7AA`&yZ}R#
zu&DFkd+L1rv2T2R9<;S921EQ2#_An^@-BSx6F&0{Nl;3Qlfb~<J_7VG&3&8GK-hdG
z(c+b&C=<4aAN}eg1FMmP++Hq%duX4)M@Z&};5#D_203^W&R-=najvg6h0gP+gBL^z
z-%bvO`I4NHV}XL%!&l5}$;-V_HePP>Vr7qd8o1xohD(Aiv|*CS^~~|6o7bi|q0uf;
zMt7<u_^YM<X7~Q=uyt>9#dy!rOfl>#^`yh5QhqJ%6+a4mPK3Z;#MyZfFJiI7kNYp)
ztYJ*4ESV=%h`tGv!5vM__9GT@1E?;+`ryuZu(B68NQ>OJS0!8SoA_;k_$|Ge9_Ofs
zxf5TxN+Q`yG5x$WGii-P=&zeOY8txH+DFn))cbkke#Z1P+j<(+;FlK~%z7D9;rfS0
ztNsgI&$rE!hiD=EbU@&ggYM@pXR`ivBV+SuU%2_Q)!sF5?YFKkgX?>&>o#!xv^js$
zbN4ZZmFdNG6<l|*u6M%qzbyKGg6omi{U!HtdeZf^NY5v5|847gujBp1idjw^$of#6
z{D@E8f{Cib9EK%*5qoHWM^U$-V$x+pd93xq9jKjSz3KYP^=7+I+=s=)+d}6?I}jMs
zFSBrIT2#bS=-QqW{!-=_K_{Wl-_MQgXcr-6aSlSlpSH!Rb4Vr3(($xHA~a?bucKv8
zQJue-AI>nCXFPA2!IQkiUV$91TMpJqEp@EH(af~km2HE=J{vUCx_2Esg*QpT)oybD
z!dRj!9|TJ^((BgWs~79Mc^6<wUk4$2*G4-&Pbc4th^gagTpEG-Q@hJU-yIGDT8^^z
zl@4Gyu|1FL2jdb(+3WWynroecsP`+Y5cRGMOC)=UzcfCrN)q)ol+yU?RvCHpvmaor
zFs!sC<X-T9R!F1_%fXdq9$RUQ9{TP^#`H_iiFIlE#L!4RE`sa(t?R*X{h)b`=kwhw
zOs!E#<6_AOjSCem@w@5P9AWl=m@EQa#YExLZgcz9GkjXY%9P8_+WkYi6NQ&JcDj>P
z{lxLg)%P-1^`@c!_cEpzSmWUnxbA9QzYf>+w(&E9F@2V)$IbQSk3Z9wjen*uOC5GI
ztz|BM#!2WKL%F(t5=BT^J5cv);;|z}RiL_`T_zFg*}&C3*;My*`rg;#h)$dc635MG
zWxn+|3@XH=YZ22Yl9)&~x;AISE`atz?GsG3H${;|*AHh*|LLsV-fKO6o(X<&+ND#S
z=%w4;;-9%&{MKTL&<hK>TRhmo-Qr_@wTADI`)C;MkTY`0$9j{&8R)fy?|VoV^#lz{
zvcs`B(vo1LEj???tN6T-G5s93H*{ek>dg()okZVevrAebV^v?$AUt~!c&t<4udCs&
z3Gi12{51;x`X2ro27hgUzwRs)^;rBIGOMBG_nG?76LE6!fE1TS-sNY_I$_}-a2~uA
zevUaS?3-WJ{pulqsVlr32lo0~orJDg!lzHQp0RLdTSD|38yKU#hFXWg%*f&X|F^>b
z2VO1t*a&z7OVxjhRyr=yprIXW#MuNN`Vk*$;~=E!*KAbN?4|7@l>v3&M|dR_U%3q*
zy3o-){|^)YwAl@qs>=dJq4MHeeCmEhZG>+6cnHXlr%HD!#I(1&?ll*MLST16cOHp?
z_z&7}@O<GD{e{U_E1D<XVczc-I7Z_C8Q=#Y$)TCJ$lc|cfRo^=Dt9QIUWbwSbxVJ6
zX+P#kV<(|`t;f`-cvOEEZ8r=7*gU>*(y#tOZ{bG>`P5xXsJeIxd{;P*Uvm@OJuH#3
zSDb`|-x(m*N;2Ormk6GZst;g{S!q>)4~>+nj}RRhiz!usuO&hc72uZ_;+Kzc;J4%+
z1b*dUy~9`~84Sj-&0+)nEl^71KVE7O@PSD{XCUCKA6w)~n&W2j5XSVInTXpD(J@09
zt6FH;`9ipU*N7vlvD&6m8lMT@`X_vAx%sU{KS+csKZ46+;3S!MOvSmY{&CdVbB{X-
zowUa4@9|C8+Oh8q%I6P2qcH}WYFxvZet|td3gm>w!iQ_*!@LP%?O$?;zKFv9O#Jdm
zz6nj;OJgbo7^bKz<xr-`345l1F+Ihsa}kj`D+f0dzSrfGZx}247tf_1^u0vFJ2-i3
z!V;nPuQ5H&hs9#}HPGrXYhR(3*=`!*2DeV(_!^=*=BBuZ%$&r~D89gbZ?>^9Zr&1O
zLjUF-#?Xq*qu1Om_HEAMk3W%xVjZ@Kn}Ywq=SMg4#j&>rGp3&a<F)l3zNPMEr8GXY
zL?UIcgQVASR+^Sdgw9{hnEqbN{eq(Omp0H-Qs>~svP$Y=<lrJ4ls(o?LFNwNo}OH{
zUwa$O01mfh+~s)pONr3LJGt>+=ipnBkNMT3*=!3a_P_5EiXAI)b<6nL5Gv+XDy8w8
z%Oq0vy+la(t3HONN#96>?x|#Ks2}sB1>W!1y4*2EY_hQBg4^;ro=&3Q-faO+ucNlO
z0@yq8jgJ||V?O@gWB+4#lA0V`V&ttT+H|lT(k);+TpT<7<`!-=9-zDK#-UrtlXexg
zipKrGbzR+!z5FznD_>{${*^w2@O{lW>cO%llCi-0`*(<0T@KdZ>?+2p?y~LU<>uoJ
z!+iXV)9^!JJ$ip35&CgHlJEu^Em0#OcZkR=+2SxGT-DeXCx;e`A@SH9&E+Z9hmO+C
zcbRL{p}Va4H2irV!uv)kjlYIdJ?1OEex9|8G5tO(FEil|E3XpqZ@6|^c_YX38Pgvz
z@*?-^*D%Jy)1dt_iIA!{`8ds7^Ca4nTgRc|4;tqr+25;u2%$+Ut!4C2n?z)4$}Ll!
z4654YxhIWrc+eh_pCCLW$K&rp7jwjFeI|^>eM)JXbFm~o!$+j|F2;1lYTvIFdl1^=
zC7JF^;DNMcBqfC~Ha?7?(Ox>~2afgm)CxJYuaU!jCvIm<-zxU~(*A?RIR7UnMY{>v
z4g8mn^NM^CMjC$2MaJ{*a=S2;Kc6F>UjWa~7B*`3?V^?)T{;9srpFlhsV4p=z&E~l
z^v&&7(ncSIRHl09JGbK(MeubM247Q?=ySL8omXyL8mN?m*%Bc?L<5Z*?yzp*mfb!0
zQvVc1OZ(#qKD#Swu1C@OC-~KelKg6JvR|E^B7RR-wEpSh@2rSIWiR6}?C)08z4ktx
z6_I(C!QFv>_jQuIjDtM?8Y_{|8}G2}!6%XcL2#43U!CBgujaw+O2pekOb&i7@%#ux
z-Elq^oxB(Q*G5Hib(w_b<mhO_oO~t0$1}H%cJem9ck;CezO4C8zD2-uPR<M7;r<Rt
z#Py@t)|96{l<ZS;lhDM`Y57*qlsgF-<&z()gn!nV>!DgMQA+b2iaLb&z_}J_HFEGO
zp0yr`<Jo7~9P#q_n<b$e`?cQb!;28ExsAs(FF6UJ|H0nwGNg}TbG0W@@-hwv<UI8t
zmfbeSM@CVC976Y5dm=qA<6!X~MRPR;#18We*P>BQB8PTkLZa)<QDWnDC+rQv#pK7_
zt4RG?DF=TSosR`QYyx}jF~eWXO+w4<Q^zIKK@qQ4$ia6dF12#_XX_|=>~g+}jD~Ta
zz>$Xd8PhlN3%}Y(bK$zZu$t*`akf$TPqj4JZ(Ao)_tL^Ud1~7vb4w^5TjTJf<5TgK
zM9N%XO6%f`$?dlPN`yL=F{VE%{F9~iaVARn8?Q5&o4S9A3;(S4l_Wa?1=cd;Q+c84
zKn!0CxKAmKAMuq$)E(+kr8M)@XA+?wl#A)05pB-_&=L4@33ceZ8za|eDrw;$@c(@3
zktJ?I$kN_zZ26POKiq%KTIWn2B(_4yoypRMI70OPR^80f_|1z9hHK)`Ll^-hT~yAP
zKHZMHVRv&r>DF5rLuRq-zzL1z?Uw;b;nX(R@>7d&{z-uLR{RiA2i_X5H*oJY52(PG
zd*jQQJ3f^NErqv^HrdxlGk?d4Ch<~CTu!@eq?6EZ!e|lD-u7w0_8PyGNLf6z_jDVc
zy;hnz8=C9`O}^SB?5m<>{)4wyR)p;>DRL4zD$H1!3@?9*FPG!^?9Ld&LlzOQJCd8q
zmcTPh|J#NTJ=XNEznF;gTAy*P&TIRKwS+5&zG~ogD|;LB+O=O8KIWab+iB20Z8E;Q
z1h`uI4E*?(-LK8S@Ag<ewl%+YBraNlsS90l4!=38x8c_={@nQHp4%AHf3V}n=J%e5
z?_Fnp&(41t^54i9ZMqHnq3RWS`Zm5C*n#)%_%9?<26ImMQr^1_pGbuMcPV3fLWF*s
z`xE(;cS<QalFYZ97I@tvf3eU_NVfJY-+AhigCF4nQTzjGVDlV~lDcR)G#0U}FySza
z9CAv8<f-d?SRgO$f^oomt-W6^i?jI~!85UFVn4fq*G7^<ZQbyVA)dU@COODr;9`0L
zUpkL5e2T0Xkrv~};+hk01<MA(y0C0XZlIyS>%n9o4iiF{qz<d_h^z@PiaA?6zKGhX
za<F$S3hmGb5~24F;I4aFEXQpQ`c=k5(&M)Z&;3}eX`B8PZLHtUiZ<uP>!NJ}jFE#k
zM#CSma&Ub#A*t0Mz~KC7+=L0zN*UWiS`WqAcW;f3wRUe!y&mR`_nl%_63+CmIK}QQ
zn8?lDTXOI%m`$)SZkqE3W7AW2KcCKC#G7{;i}odwwdd)TSZHrFc-ULsmk1r0%SCc`
z8<2esuJ0=93cA+^0@*1CN3}6Fe?dQTd5m+4>cYWd_zUEA$Sq<DpL#^(Hr!-MEfw92
zisV-3<C40Vz#x!e=w+ByEX@l(izeOgO`sc5A^buiR?4C0cmij5_cer+{S<{7T9qmG
zzgjKim@UkWY@yf>Z@&+3ujX&hQ%d90K1Hir|B*yetLdOJ#`L&oqh2d-XFxMbf<sU&
z-5hf891N6<b#ich1M)Ew*Yb|?_j+>On{#yxZu-V1<j{xw$&@JGyqjK}YdJx;wn1jn
zqX?lahXZs8M!9GoznKL$_vKj8!bfck7xmhKrezPljZZ&227MAgA1>e|Ec2=3QxvVo
z@kgCxlsvZFrw#-!%k5K#C;LhqQDP+JsiTv!<#q$pQ6=8wLu$c7iO`t-Tz`IQ!-rIp
zS(f;Xfns8A-`3EZLEJQKeiS{*wZjdM@;`0Rqg*sxc$7c4;U1+WL!Ql(H36B)j>F<?
zSdb}rLmVGYD=<5UBA@-;A^~KtqNUw83chBWMcTp(m=A)o+$jeukV4SsZ`>T8yUs~`
z83WyNa8+AEesF>~cjsDB<3=}V-=^Huo!N^gT}w!IcykmXdMWr{J?-m<v>#)7L4)w8
zYQUvf`ClF|De4M2xY)_fRA^xXV|qKc{e9g32k$Qz>s(x~X~jUx!#?gpE#MXWSJ5@R
zH|CshK`btT9V!iD(STzE?J5}|&Vb7%&e1Nrb-E|UjH@#n(7j6CsgI80`TmNQre4QQ
zPb~fKK&%-x)dU5df$@gTkzCe3%i-@xgl@{>N^?>oB(=t`)^eNkXs)n1vry#@q0)rr
zpW~?>Z)Edbs&Ys>$4i=P*^KEk&YANn%maQcZP>%m;noZ=!;R{C;BAS}Lh<Fv5?5Et
z;2q7uj~CCj@`JP-k)iou8>EN#cy8+c?8P_rfKJ~9o&Kr=#DVr<1Fg#v)<HjYE@FKt
zi!s}@5n6K=x??~Bnul7JpJixP#aYJi3l99kukeM3@e4e^D2p+D;#m{loCDW)pEYm?
zK6^fqC1y|k<2t)PV*6gY@x21$dsV2$+u(a=Ij&=WUNN5c8qZ&h^zDS_*YM}V<GT}5
z_6^^EQ1u~N($5!i{DgeXm|oB6#NdX`?PnRfC*r{?I#%Z3Rm85W6Z};9)nmAMVmE#3
z77PCfRm-7;XBpE!J{wuDerM{=)avZTtC5wh=KkdsA|E-9&sqBs)!Pa2#Wjw=!+D`i
z5H@yqaJ^GX<FETrB01{G9CejantAkHiO}q?c;Uk~Vru)@00t*85eEg@<)-e}A81z3
z7+61WGh@1fc~E<Ez=A_3x#{|w8Ozb&QY-Mf^+{HJJHNUu2gAcp#3OEfG-GU@UuE!n
zN9<%Ya8wmfbj0rFIc^sk_=m#3XMg^lR-Ql6WUE)74#Zx`;}OF{q6_<5mhZP3#`Nu2
z?*ZaNH$30>oPl#?FaFq+y$Bn#2)&9=Px|gN_*|ZPhz}q>o>F)6fdumN+x_Qo6U@%*
z#I5`5ta$2=?8Td}H7ziH4R_$_Z6osgKIzZ*FVC;x>)MNZTBA16hBqzD665?*C$?@I
z=bJ5dK5sPR9@jhFG49!c>3C`L-$o_R4)2aKFtv^S7|UMl>p_VAiSb@;YK>lBZ_D3!
z^ixjXKk7}K@Sz&(J~$}jKm;qfgQ5?u<@<JK!8ltCG|g|Y%WE$D{+*Cl&sxhaqJKfZ
zzsVYLKSo=w#d|kde!|{p%d2?)ChKsD5iy2W@ypHdH2?LZ7}Kjzv>yM#U8C`d-3+Xv
zKe`ga%@~@3M*(uX46a3<T9lNhPEAJlC|hpVpF0;{<G%mQ8()_Q*V*^`h#Xo_znmCu
zxA&NCM(<nD%@A3(;8X=q#u(H2<-FM4gGK0YJbJg`aJ0iHq|=>ugTt|thabKY$pP_X
zSD5<yyXD}37%}y83d29(+zBLY$~4n@;m+dP?&w?KlFYLbSH?~H8|S$G^GwKC0ge9B
zhcUgOfw6hvYoK$NK|elohOv3{vYV|A>JZJ{?!Zs2&pKC%S#dTr_fZX67dizlGHZF3
zV-wb2y~SFcnp^{>dy{D<`=V~Iht{^#GnS_|VFVVA!er0y#8TyF_Zwhl&Q_12xo*49
zNfdS1I*<7Aj0Zv;dofwRI<k?Mo_K^Wn>_lOMChJ$KJyNDniX8dv>(VcrhTW8b8!o@
z-XA9Un%DWXAD(+HA!XoZ$)P(>qXPhT4QnCJ%3w?jc-=VXrJWY%hh;EU^(~0J2>x0W
zj)ev`0J|5SW{g&UjEbyRoPnWw5ej1?cJUw3w+YyZFp^fC73*r4uCKY)c7d4g52ZBi
z%U8v~-^vF*J)0pEBR6#uHy-*^XL)zjh}sKx-HfA3kFJ5wcEZp897Rag?Cix|%^ne$
z-9^#pKHzlVSN}+@rmv(!Pc<Ngxv87@^w1gR!Fh&M>8VU};D-Lw1Y91@Q)_d1ug|vJ
z)jf5nHazgSIh}hhZvCeQpv=+^c+XTqbSV@qb0FWlN(vD9aTGWS9s3`&BM6lAJIz>F
zF?vjY=On&#;czFRXWrpJ$2NLRUu#||;!yttFSd8jD-r?AzFx@nopeKWIbr%$bwJ~t
zNaGf?c$<Jsy-l5EKVhsUgh8dhLzONs<EQudSArg|9}2zb-|E3IhwJh>#1ayOGH1E{
z>c}%5yDQl>iWeVySt2yPH&<vkS7?6B8Lm-P(s%k`g1dpQgG%4dYt3mq!;9~8bOidt
z7{2H=a3ZdAgk>-YKcI?_KY`=hRPncZ+f@9{6I{ig>&;lzhl;v^&V;`fWiKuO;pk0_
z(a&xYstC%~;S^(e+Hk&up$A?(DRwYKJGhfnC=v35ix?*ESi14LSl@U<f?M}_&>~t=
zMVabb&T%E*gFYy{KfbTsL<$%uG^!rD?WgY0ZDpVsn{4x;F}}uL=>#7^DNVccB{9Bs
z2|akNw|#tpIn*zyVJ!R_%zR6r!5fbo`p#7y9fZw7i}fRCFo?-sys$gRr;W_f?C|&S
zcBp|dx*%OFKUFmFm>Y=Nb_FVC`2vYR+t?&f6w@2OheR2}OAnn9bxwKR^`br&#Cog|
z#_yr*#qMhe=MDN>Z;NB@Qxwe7C=-G@;V``<^lz@khF!OEVy<7n7sN`^M7n+O^|RJE
zu}v0dPDAV8nqsed+ujM#@U3TYfKD8Wqq<MNlfw~8X<F}mC!zoNNEinZXNNY|F&5t5
zU8t+R>?pq8Yp8gSCcJ6AP_-^ko9e;g@M#@{J^d3n@<$vnOCzem7mkJgK?CD^iv|q+
zy8#!ZrhCGmf8T-rSx}(f75Z&gZ#-ujA&y~QH)j!rJ{E13>!KtSTf>Xs-eWz*bUN?`
zp;73I>;38&qw{+U1sKfND|dFr_bOhL(09ci1Le`usrv?yEcB)BtGD&6`H<eL9tScX
z6~FcpU(^55V6(l;dl|O3p4Ub|gO6QKKj<Zb0N$^9w^Q&0pQ7^A1~7cp`sFaB!NhNh
zz#|$@^3NrpdE|bIP`G_3K_`#d{Q)a%(ko6fHqW+xYR`e<i*1-e@h;!dCEd&MoZAie
zsu#LfT^8LgvX%ZB*DPD<AD26c9NdXGPFhZ9%vRc6z_EmMT680>`d?>dEB)h5d$!Ur
z?$<8O96(6+(ifeC=&wiF%RB{E8qmYMXe%FS|2&D%yHl|37503jQ#T0kcUD_-<aOpV
zFMV>pnZeP(D^j(4O(JFR(QrRASLmJBB|<xXz?l9Mf+J!by@ziw7DC{sdp71}9FT)&
zd7k=pmpe&bM!@Tq7nJ8^6uadG%Y)!iM-dX-BnRJ)vQ94gS6lddI{f)@TfwHEpL*x(
zJ0w944U{<e;qhsC=ReEn3W<<x`I~9pq-^<{;v}_BJrQ}9ksNA@A|$J(GD!|y9M55C
zg&%Kp0>4{qo@X>GUYutXinq=)l0#wiT<RTx_QrWe$-Vd_`5uNa4T{#OrlXU)n7)i%
za&Wtokdmb&iVz2mWI5+J)*(GaKfA$7ty`YLShl*7*7vf!*~elD$%Rhq5ofFg?BY3g
zcouqphuIH`=6c|6)X+Y8hK7#e8hS;Z(9n<E%{27bWuT!dZuv-iw<Buk^>=a&9YvSj
zfLe5)rJ=`Ow`r&xdX^Bf^kUS{c}`QQ;-XQ5HoOc5=&;z-l{pgJ<Gl+R)8`U9{%6zY
zR}6h#Em`{9ey&95>>fzTe7inh)l2B}VQVpCxX4KQaGt5p9eJip_RA6}10us6O@03P
zRf$ml!e)7Pd=IFt9!aNempQQ?L!T3_w;yr6zb7Al-z^90u>8ed)bQZ^SYfoq5rKnx
znmeTjD1BY~FLjb^dBIAhuj`9T@ld23H<d%xu|ik&$8t=yB2{26*)T8c7J8s=<B4sL
zza){enZQn;T!Wn`U}yTfjOo|f_KO06p;}zrIs{|y2<A2Pcmu3f#xXhQhp9T_N!tjO
zLmoFjV=Tc9V-gP;bH<s&^MW|O?&8<pw?^k1*p&m%GdQDRa28L?mcM!WeB-kCem*8|
z!q%S_L-OLd$RW8UP7KLE;%rBZUB!<W3pOxj49S;z@<pNv4F>L`_4wj8;Q4?Y1pb<t
zB{?)-;!JCjWt47@HM#B)+nQ0D;rKg7snGG4Mk&o<7^R0}BaBl2*hmTNi4_t6jj@c<
z8PeP+&F{gD(oU|#BR$}6HlR<dk2+`D?{JJJU&ENbt-;Le^1yYig}=JtdW&^k*PSta
z0e`*{3q68C!lU~2s{|g9n_8`pLr1MzPiu$(d_aT0Sf4+En;{dY;1-Frsfv@(4sTgD
zZ)qK_2*2>6F#}!4vmUQ}Nh0)(x5RFpJoS*#ufO|+E+?{<x_mgAck8}rQ<ooeo4wi-
zS8cf-YXcMV)Pughxe0P;0IoRPExPqb-mUdaerb7D@E3EgabdR_DqXLhC_jw7x(|Ex
zM>)itMz22TwySlf+vwCEu~Ub-MW^2Hws&edLIvQ1jB*hof3qn!wHo{O+iSpO>ol)}
zlZ48_nq-$WI`Y)hm(-LTY${nL>7lc>ybQw{(eiGlDe9;6b=}j!G(}f;uuRd8C}E0z
zj^d^$qleuT{TPL&=&9aHX?)c@!wlVEnxU!lB|>Z7U`&6%9`W2mbagUgx-RsGOB*M(
zX)ywb(YHd7Zo6|^17lVD`T9$zj}wLcog@5)nY;>`eygy*lN*6AVSgWOWXx`Ve@eFS
zrrV=&llh25lkpyj7UPp#g7I-K&Un_fcE+I(fVera(eU}Nfmo~|Y2;U2avSRPm$|6d
zi*lWW-uy31uV-_;{`Li9CW_^Hed~)7p)3Ezm>xI_F{_a;{czoR@}(OQ?@N5{Rx@9E
z+spQR>HF$<n$sO!8PoIYjC|?LjN38)<MF&!@;~HYtbI)^l+I(Y8SRZ6kgw(%IUqZ(
zWlZc!%dzKoUwq~~^xn(q-RCpu?HWOEn=_o=cdlkkZ#r$#tKP=*Rs5~eJIZONw|gzm
z|Gdbc*J;w*9q2Xt32Dlezp0i(6Ghf_H~4Nh<NTJ=_{6yqDbt{b)|y)VKDgCMuQR4^
z;P|vJV|VdId`=BbK4-^ctnrqAb;Q)KUude`Hy2uJccC%fV#Rn{)6K4SQDRJ}{J50(
zCrc$#HVde`$D}R>sGIdq#`M%$Qy-h<$3G|W{CI6PV`Zh>jku;%BH{hHsD>+EkO;l`
zpJsmip&AaqwCTc_zN5y<BkFX?g)r{+7Q2I+<j{MDkKwLm3=A!)MeI)3#QK)jNpI&A
zlf%)|w*1#*#%#e24v{jhb@}aZ1Z4zy<gWq+Z=DhAEIYe0W^+1uYW*3;s#e(z$nLX@
z@wslwX<>JId@(@S3*{`H#*FqNG^mL&{j+m6{xX1GeD~(lw)Lt*G~r6V(Wl@PV|rt~
zm=BN9x-0na15YuAmJn^CQX2o0#`CM^^7X;rUS&*wfv*qQ^iVp-_3)jm7}Gn{7<jsQ
z-z!RIJp=bo2&E0cMU8lKG+exfsbZa`CfIuCey}0XJBRCe@9e|)y@7Yf@KcQWO7l{D
zB`cMZgIPW~XPu(1*Bc;e#$!lJDwL8#@cUXt-Jt(+lB4mlg54u$7}Lj#!FxK1|F{o+
zyjT3VSNyo5hA};>k+D&HJ`g{@QzHhRjoF3uoTUX<GNzY;jKzVcGfy&R9CjKw*(%|`
zfCVbOJ;hg2Dd^q+bboQC)u;bm(>j~M8ph}lK5OX5>KUVoxOnj#XUi?<UtWtA{eWtW
z$l>OQEPh@h^!Ur5xTm<(Hh1PP&8lUrYE5_>sLAsX)o*FEnCyAR`rBJ$G2G#d^>^Ev
zR@wQywpHe}TC2qmYpqsZ$6<O%KYr>w^&E_14vO|e3P$z;ZxX%#3TqW@6W;@mt7`+U
zu-41^V0OuptSF=SVz(<Sl+~v$mxJ5gVx0|9G5YXTCW>k#!<EayKd_k+vFw(nILRq_
zhU<-ZW8E#wqiC+V@jRm^Po12kl#nO|tBw>V8{1mc{1mxc4z9dqrDF_y#L3V9ds-6d
z$=7ri`Nd#JR=N4g+bTspmd&>K)KzrJRagTAACZHZPF{S3=Rqmj61UjLdC|;Uu8>2M
z9E8k#+Ck*dSO-sX);>w#6?haa&D}pTNoPbGTdHR;strc*uMfm1et%yhihmCChC2P!
zS1jX2wdKorC5;X__!3|H8`ahjOQoW@JZ-@QWVz+g9&|MGJ$RJg&k*)#V-gh1O2i_j
zzzFmg;@yf`;7#Tb-Y;gCX$4rB0ny0>tS&gj(+rsOtHW@y!2v|5;>bOpmh1Mb)7E+H
zJB;@7oT{uD5}}JaiTI?Axm3nQUdgql|CM5O;cy!>!|rJ#Q>XYUJa6D~#;Pt6`-JCT
zW#HH#%mX|L>#;U?bkS)1FF`5o=TOvWt)zXF!1geYLp@Vc7gc<@qV*UE&#4_0^*G--
z1XBAfiq~Of)X~xMBp*V|#C0?m+wa;3I%|SQ4t<J{i|c|uA|HObo9DwTnrl{^=#}8{
z7!w7~@g~!Uleh*Z8)<(Z@xoTQshh$xQwdqp8S{8-DIB#Z&~mth9!wEOHODD<*T>5(
z!QJZ|a<HBdqV7;i<1<4z8+Ct1BB?v+;1^M^1JSq&S*UOrdQG66SiMOyR&Vl@P<0@N
zukYNE7up|);kh6~Y&q-qC?yq&qHb@Q_vlw^>FSQw{%=LyKo`UH$5!6ZM{xbVwZHMz
zj-te*$k&(y*Ke40kWgxBz>7J*N%WD9LVOzhq!oCR^xtgz7*vLqE2kqaEhULe5aL%W
zttPtio8s*+?D-Xnx((lV8t=brzE6)|1~aZ<0_4!ybByURB97KvXWizY)JK^(1c;V)
z5Jo4-+K;ovX>>X-v}_guPOT2#lS0UnHWDFN!dLhyJtn$aXlrOlBd<g^<TA!|rI9aK
z@r^MssKQD1%@nHwb5VgpHvr+?@jQpz)N+#q_@^e^6+Yfpl%_$7^zl}`1YRVnwe_;p
za=tcF;&9}t{z|YAdt=0|lRS0gHjl3)+L5OQHh4r@bFIgx^>ZUHe(fX7pisv$9$egq
zFkWW#6bX~3lWE`*p8k~#Hl%AbH{09%YEw4b>Qh%z=jE8pgpbI<m(48aX%3?V*@I}I
zp%41H2E;f?;8LUTjJnFN9;Q(qo@RI{4E53yewqs!r)2tU=g8BE<Y0vhyRQUKFLLwP
z)>p)6!)0JJmZQ-~=Nn%zH!8`mZsO4p%TMv+E^jgMb&ui{21feeXCEGlrT(n^d{)U=
zJ>y9wW8?J4;f}|Lb!MH*@knwNmvoaIfdTM^?2<}{NgE!b9c}_kk}L@&gHF~zLVpIU
zha}OfE)gnOHHV*LQAranVXW$NW8AG0TRf8J<jcgPC3UR$xo{P<e6`W?CjE|c5&2=;
z=xPsR;(&TyCJj1pkw<i(J}zRsnQFf&H?>@>$%8V2DyD)e#!I{}0|hu8-XF{JV0a-g
zIkdH2tU2X)Q`7)VXa&YF&+_n7>ypsX(BP()<4w`ut+&T-3|>uF1Kt!QR523Ek|^<T
zzSA|hi8G^-VU}dn8*WLzL402z{sI`pH{0v^*`KdAAI>#Ld^=-*CG=YOpdo9$>a6j5
zn3_NSV&XoQ&9EC49MRS|{_w0hj*a2NJLlz&qH~NX>4yf!^f3Znuj{~=9;h?ypv`aC
z)4}dH=<oBWe5T~&RG?ieO&c*uBB|9#9K?4YUo6xKCOjZpmo2(XZOu)s4i5oFF9$}e
z>x3ONH<}3wI$mNrlR1{>k{tui;7Yr3(sOI^yk0GHBJR9QytfxdokM#$34QiC>$H|Z
zE*ll$2aE|>f20oH&r_)>-SEB?TZb;`08ia1a0Sx~lj<1D)AEHEW|UT3=@c$8$Ug-o
zO79TrnhZUWV(iWw45m!I+k*~7tLwy}di!|NGP5%gM|rMqt2j!)Y2R;DPz$5yu%fw2
zqKr;cO4GiX#@*#4WS!$Gn=Z9=8;C_O#H1|l%F)4>+WfIl-x>pdQIFY0mRcP?o?^(#
zQ_I--robiUQzvU8^I=)!logJH9`eAGt09upF6A4IUOg@HGB<`7SWcCZ@>8vU%=0_L
zo8YE5!cNYtiNLS3`|$jM6em|ar8KQ~ij&Yg=2(6lpVUK-w-|rnr6wcYY7id<%M^Vv
zA8$##q&Ti4ZZxQ~=+&JzoFen#zPOL<%M4D3yOqsk^-+8qK#rBvu<{g+$@d8EDC0eh
zU5n%)Wr~)rl%_48B9YW`TII32+3XPHLLYO6vG8X=+!Yb>%0FXUf5QH@I@u-)%MNuu
zW8p&Q5-rGd1J9SrVwi#2?Qsd3!)EXZ0XqI72x5gc;WzXxCVsd?fynef7h?DGc#D^$
z%NLPp5`E!9%MHWGbTEISFpArh6#m$l3q|kXbYTp{j3^^p^rQAI?yr!8$x*fdwo@Pj
zBGvJJZ-SLJ>e|pGkvw&33J+cTyYtlkNq%iH4_yZ*XUpvdrDF{AD9<sBnaJ}+lW1`Q
zH*-lCLOINQ(Y@Jhn@_Ezu0&CMbeK0u4sLQ7xuWw$X--8;i^BbV^?s~$_o|^WB@WOS
zb-7QAfdC-1NuIL>yD<iDFEJ_*`PC{qvjb!N)QrWato4RUn+aQ=U^ih{y$Z(S(UXkP
zlO6a)@Ep(Ud^dqHeFWoHBT3O*zD9|wy;7RiV*+>lFr8&`JCXX2?4@qP0g|U~1l`+L
z%M%{=9A}Ka&_TGn@Jmwz2V(lbchbQn%IrnRl5WBdl#A4pcWTWnuf1H>YNC*}==l%?
z2>gXSb#J(j(TZMp(y(7)H~iQge(cYG3||PpTm!$Po@6ZC5iYNV%PUX92g6sJ&2+A1
zjBdG*F?G3K+yokK`-m7~)h8IE8!xm7lS7X%WAl{ex}ZVgk1M5VCm-W5YCl6|P;}r-
zK%;r;Uj6M8@R5x;E;sqqZC2E&hfW~%`qL+XNWI<J7WGC1UgT3x8<0_<fQ)F0Z0+G0
z8*QOQ9@#>R*2XnMi_Trp3@w_{CIT($+paaVXm=YsS`^cpqebJ-Np`eo#5qZzMPr(w
zMIYJGq9lP9Rm;H{JWu<DaRyq{*w%&?z1@bJi3AHW+G^q#CGErr#Kf<!P2A`S=l_fw
zZA^*8jkaH4$BlMefKWtH8a$M^wwseE8TlSL)K5m-Xi+zT8~rHTaHDvn!qv0h5YS3R
zbNzN!61Y*%wl>`8infI0X%mFU5-mKIi`v*=BM+vb(zj%hiUnidV>n+E+x{tR^y68{
z4jT<{`_-}QJVu{DFO1<O*kZ>@gidQCa&2TQ!`c$Nhqg@+u+b9PgpCU0c$#@}7r$Cd
z`?O`O>N0bG!q9en*mzL1dGRQh-awNUe;xiOa3hBeH|mX^@HzuGl97dWin`juje1H3
zZnP%W7?@bE0u|o%)%Dn2@ySMaNeJ_~PInc^(YZDza-`IWehJQKV?&No=yexxZRB&#
zDmgR&Ed&pm7<i<ouP0>5fadtoXh#Ho^mZhE^c~){_5nTY5CBrc;|L&KG9Ce>3uiK>
zluYxwF>=NOq@xv_G!Zz8mV=+;WZ?(Vt_dVI%L<l*@9=F-fi|L>-Vu){wEp;uB%=Do
zd=4raXjE6Ln8LM6Nkw5K7!|o+F+Gm4stvaK2XWT9vWi+uJ#ma-2?WfC*g)NIeWz9T
zrY_cgy@67=et?<vB(}$jnGCPD8S!KijFc2w7HdV3Nea%36YO}^F$g{Bf>^|xQuJAN
zyh=3jB)=)%&TffUrO*Q7{azMcl@%L_S3Pr%G5rOj-lxk~V;TcI!&}r>ZEGCN&AnQW
z94wBB)Uw>vn$+s>I+&t*MHD|a>e=cuY;_2Fe0QeBXbEj?;JDQrZpQT0wtNvgew9F*
z;v<Q1%fTmbb6T=P4t-G1nBJZl`6uPg=zAULyS`QWEKhW6gBho+%u_4Rk861ZuC<b9
z(+db|Ys5bNbzt7APJ`E)b4HlAfd;_!xd6Bt`4;#Ee5UC#S|aq-Xl~=uW6gr(ESvq}
zQ&-U*ZA3-#ideI}{!@|xZVi{PZuI2Sl7(jB@nHw)4K9vm4U21zW~I}`ZJVQ62XX7~
z8WYfp^Q(Su3O{I+A9j>@(P@|yYYYI(FN{zHug9GiS_1>Mn?nx%(?q@Yna>*@c?VYn
zRQ)u#)KR8+%a662x8-v1c3g4_h|LRrb%aOJ?n>e~SXPpv4X}VRdG0Le>WqzY=~Ece
z+~t92+po4qyi8FCB!Df%56QuU4%^9b`S{IHc^-KAM}R{0_XshB&SJ_m4=@Hr^R#A@
z$T#C6qKqus&3FPlmMp_#c_GdWHQ+IYMm2v7$WU<i{p2_!)W~$V{?H0J_)whb0{OKr
z&K@G(NV3Hn!%srIF&Ld6+(?|K_D?o<zdxFS0SE2@`3GOAd3mG=IFND5B=hSc^hk{3
zx$H^kG9yAb%$vf?gg)aI5bQ87DoBzXbi^5f$N@JmAAt>Hp{-g)OM9#vdOBt_@_sCj
zU;W+`2ub+SUKo?W>qcFq&)uS~s%Y#KJs2wp<rwo?eW+D;bQ?`~GN#8Hc5wquhU<Hb
zdO$c=r_hU>LizMZ8YA#bM(ZRi|IM!+qZF>EG?@5bLUa657$MW%gx?2Sbb}pJ_ZjOe
zJLTXA1JYc|A<ceuCZw6A2E6GC$B$tq7$@;iC<Sp%E#OTDnzMAd&f4z^?<s1)n+5Ns
z3-EcEH-)B1oJAN?S<pbbh+>C%Q}oB#dH4~`g#X*iW<i&vMJy2XWcGT!34Zk#B%afp
z;Sw|>sU>wx4o$?2zRK{#8wgo)o8iQi>jTXFoe^{}6DR%7KIt^G<sUaOHqV-tTFh8~
zHV>>b@G8Up(vleKD1{Q3X$Ct9;q{HFgE9T}Gj=>wIK=B6c86GBd)kI;RvRJY+VCB~
zwjbiHAvNYcTA((3AKb}<JAG>q3%TK_#P0zcXuXgZE(64Eq8^Y49TFw9SD-e?C(1%U
zdB%>P<*AjNl<>ob?DdUj?E7=8n@y$RHQ-a`!h;`LxQ&U!3eFcuf^(q43<c&!!xvXY
z;IOAp+38WV%saXwzIM1H;;~g7orKl|EaCf{EvO1_HQZdiy~q>FQ;#<vdRzu~!K0aW
zjnQY?{EhHb5X0?~?HhXeX&atpL`B7?8Ozfqi>N3@L`5%2X0QsXJ~xWvA1Ov1m60y6
zTSNW?y?v|Js1v1j#X8OXt~PMn8ha3Ut7OM*f8nU!`XgYkPjUqj+5zmNY`A(<jY3$j
zy~|P%6raB1RK)(u`A%D06#DX{=@(Tu6K!gBc;xlA0gA%apFd^h0k?F;W<)%H3p_vU
zl#$=%<gifE39-J>+|Rtu-hs{h%nl|Fm8aH)-8Y!QkAd@wW_V^1u9IZKL$^vTbV~p6
zq*xzVhTAn0AGws{tO-hK+NevNgg)?ibI&+*#?hK*oZ5n7eVidr+QwmJ6_hxT@JMnk
zHuP<0?e#Gq?t-}fm0p9cmf-$4hk^el82E4FF^>Np22D9^BK%uMVvZU&j9PkXIcg75
zO=)Y!#G1^2J^f!Nc>jg31Zowa_7kwbTwhQ_u(4JLCAY=A3kUOlr>9tx6*Y%K90~5N
zgEK9xpHiCEVHmC?Wr~%g;f+nq(9RnCrtTDU3A>y^`!+Q3A&C`hK-2ztoH05wieG%j
z3$CrB2swW<R3gUMp$=@_-aFVedUhR$92XvCjCK^V0(t9Nlezybg)TqW#C;OoSu2k6
zfuBDyf6l;^thM1XkYIi@SaO#EOQMhEH>U7v!p$squ#DBZ*J><)ayK;jt<j`@`WWL2
zapmxP2!6i<e&5A^haX>nAMb=8E01xCUV~o-!!KVS12W*Zg=Ul4wTw}3lVC$#t`Dw(
z*CIbGOlk2k#%vDd1;$$zjF}@~%ydO_4Ll_Ax0TYgYwqPR=2Vmy!kB*0$Z~Kc((yz5
zn|eE>y3Vd?K6R@Fh3LnR@_h-1k0PkK#a<sj`);4gtQ5FYO39JQiZ&yi7S%WL`Wf93
z$()*{s4MAh^-bpBox*=tXa@esm;9&4nDc?tOP_9N!b7)=7@#tSkW=!E_{xJ4@oBTi
zh?C?-$z#_D$nsOTqmD^Zv>v^#z;qIUT8>E0Qz7oc<SMxvuP&kR9JeeUOa59Yjw(~?
zn#`lhcEyOgoRMj6NZ!VVCR?i8g^~eT@^cHO=F{P4n`{+iPhbwz)IzG9Z9<36ZSYl#
z25RaEzI@WnxNR-9RLH^k?Twh`;d9OIqpPsFJuzf5N*-UpLu_7b*7eE(;OwCkzt*K=
z5|;|Ei=+<WHE20_D7PEJVcbgGl9svpZi&#owM`gYL;GT~J0x;OHlAzZ=Nep`Xkv%g
zIteN18z;{mmq>^vDW!@1MoL5}a?Vm58`*F3{AwkowM|Ul*<||5Dco^d12&?@tn-h`
zxHH$b?iIf6a&UtpjtjD%ewDy6cC`04^iGe8K<_S<BEs$0d1<2j;fU3}F_Z^zS-GkE
z>4>q6DJ3^~aqDna;1Wf<$*X8F7^QNUEr!?EwxfRw9lVfG9FN=n6PaB0sd?Z)Xj7oQ
zqD6rs@wTGm;9CwJuO}&?8n_#6-Hn!m|8Q`;FI@?(fx8atu7l5o3RkLDS}u+(g*!=n
zD7n=SjS(M8Y4t<*IwA@uY5ctW<{JVnyco6FR?hZ}O#ZiCzY%)9-tnisE{^8O!g{oG
z&NMN7jDaT(^JdXWXSfl}5+$><c%0YKONZf|j$Tpgn)ubdRDt&gn)x?09j*r$^=`M(
zWVkLcu4}0Wt{-f&@K3m&U_D=Vx{2vCnoPWt!u53P{q1nAS?{lg>(|V98(7F!174Vq
zv*;(MIV<^EzzhAIrQaMGZ*PO=N2mdBp<3Y0hj~N6V3JN0Z;sFc-a-xTX>bqY-(6O|
z9iEd|s0O_GY5~0J_h!-F;?+Ve;LX?IXU*@;(!Xwq$cM4==AN~6x`O9w#x)tR<30!m
z&zv*sQ5~b(Pc<>U@>~mh00Hz)n`YE-<uElPH?=zK0_8aO=gOf}I=!eQHMV_xfAXD8
z{8P5?fI^1l%WYpNYjFJ8r!0KgN(LQ<lTFb%k-sm83i);fkoOoh;2ohBcnd+^`G`RH
zvAe%N$t6EV3wTFp@PGynXz&2`{zd1kI&Xi{PT;TF8P5Js^1lS+-}pD>f2^rh`TwN_
zxax0M0P`cyMV!BBOj-0)O_Q0Tlz)~neZmEZM;LUVnL%Qjacq9rrVD?E4i)R~{IBxN
z0anSMPjPxrdtBrCZZ~*(X<y=hQ{9Rt%At3_VyBBPAcTH!rpcD<{XtKB?-~By6#Ng~
zVffA_Ik?~w+<`WNx0s-)QP|XKXlm%0CIeasmR*MprSpbTcN?pJOi`opfmP6u+CdxK
zF-I%%;I8B7&Y0if+%1uk`l#a0ik3*=MODIspVZBq#Ll9ABJg)HF8%duV=Vn$eig2Z
zbZaAyu2|Dml$p&gX>iD)FK~f3@!z{7JWI-_{;X)O8{jG<*DVLHOg2-;{N4n5*~unb
z>DCo;s63IFt0DVs-N(W;R}oTnPgJv`HqX~dQ4KsEcAf12^mlqN4(KoR$RRh1pocF`
z&_DS~^XLuN^E(YXmtQ5oeLDF>ld=9EnkO5o)QmtJM8awzZQ;T$gp`eovMKMMkvrI2
z*LrxTWS&D5(Ru{ikqug!+^pHvHAa4stDR_9>+de9i;{!iUqDDnog@cKF2I%d6FVfn
zTHKYd&@W3wx&1rVklQ_-P;UQ-6>@vbCbxnehTKkGVWMlpyl&d}c#|zZqEZfR`BMpo
zukLK?-!l2{im!dW$!9F5d!O5&JMVI&dyQMreQT0M_rHEM=-%Dg=<hkltp0BL`~Ce`
zXF|%_{au2K&Kmvw)UP;vAOBS%IocCRHv6FscB4IbC5{lKs1F@})C%9qx{D(ziY7bh
zfTK-jt>L5B8hn)F<9zp1S`U5-LB%LVe(ZpvrAfbHa!Cb0!ohWVdkZV{y9dYd4!EO6
z@#Ur*k@9yYju4u4+y;3B@9lwF^9eST_?~FbS`v?vgTGx2idK~1&nWW9!AU8gBh$P|
zspYBFeswGaRAapfIcfk;{PSrydGpj-`p9w1;N5s}gf~C3ji}R2bB|lB`aF^A^n)<%
zr5>xj9ixMeV>~tIs!JeTtPr&H?1?99R6VC?t~D2;{#+St=+E_+qW;823;jv5>Cdoj
zhW;!{GUTpQ+w`Z+-`1Zuz+R01yZUpLfxEgcxzI_pp>9P>+~6`ybS=&xJ-%@Xl7GKk
zkQ~}6hsNOgQ)28kyMdnni@`{Ck~x6=UN@a`q{%G$ga-QL1+5wAmi)wAK}cD*zit0&
z1V2;V^vR?4>2fscp{rLr?3SHQqg%%FVZGcbc<g8EmX%u#ZZ>un+|VzotZtbc|F^qk
zD6nzuUw8yBow4eWe!LaO^SfJH^#^uF6GC6EwlnDKitkP2?>(}$#Yn7ZhaHx`HPRor
z&rJv&RBa89cX48NCF666S8O$hV1hXWOCb6~D>K!jlqMd_mk6a*O|~PA|BY7O^~V-4
zM^lq?w4!Ta)+m{p;*w|gzK#&Be~MC?cyWOZR<N&!xIW&(`QOqi|4UrJ{}DU?nO!*l
z{JlrEwBY}}1kV4KNd5_ka?lZr|9h_H{PTvc*wVrudOe|qKlDc;`a`ETTmI1T%`N;P
z>0-+t`uGC$hpvn=2Af~lhbW<l>n@M*hrYw(91{PzSt34YQge0PY-nd`XImb90=+<Q
zvK_IoLJs|I)6+<2C<d&>BY)Q!I)k+yT_0?cEDbMBo1M$^1hW(^oo+hFW5z7}-p)wJ
z+;qav<A1dB$yh8u=Q<UKyDYsaiq`3cP22-fG*@s_bLEue;B3C7REfut{yQ;7`aJG<
ztR_Oh+bsbzha5`6G>gQHO{P8Lg1?Ll{)$ap@FG*g&)1?8=sSm+jI><8h4W=x!6(XP
z@XroKb4~dfC(0Gsa=RR_hj-hHUP69|0i!bPkY!ZL?Y;sB-1l8cNZG)@Fdl^`P*T6f
zI*I->uWq*+{$9!d{vH1Qj{kiC{{FNnazD=Bj^hfUC!_v?ntn$j);Ir`_8)}y*<T<<
zla9CAes~g(|IGKrN4P9)G1`91K&MAWgv~zWIL_ESI`p8x!JldOm#D*j`)(u7AChIE
z4y;wwL4Wxeo>J904p%@6olai&-d?4&fS(g{I$I)i^zR(gP4h$+yvKav1Hxa%)QVY`
zfXeRWuJp_tkxCq1)y2q5F?0*LDw`P9GKMa1iKhHn_uP3{;28mM+{&Z$Cr(84m-+jn
z^%!53lt=m0T7B~w1OGGb590B+miW|qb6o24Yt41pUvO5?(x$A3iKfWI?K0Tp&@dbj
zowDFXH5yO31945j3ahm=`S&KK7o8C22N~`3YT1sr9^0u~7uimFJ#Xi?-<p_yO}+3t
z5`SK2(Ru3$vkq6{ck8(Q(EHUhOYIb%-S2wcjmBzZgCvYq@|9?;2Eh+ttg4MDDK}Ij
zhx+i1-lglT7*BIuyv~>pvaS*dvsC)SGAzR`Y-U($!t;^{DZ9$v`7N!p&W_k{io_FZ
zE&g`agDNHNSu0rkjqgIF>-IJ=)Gqx)EK>9f){pV4j4s;S#Pk<L8Rrk+;-k}yWoxrv
zjUohy{1J=eZuhG@{aUBp4yUNyZ4Ut?IrJX(p-|}Idxfs+rSP)WDeM4Yx<(^e@OGzR
zYn#Urk{lX-g0ZUa{930O4kxKv?^BP8<P1gY=oLp0tq>)!(H|5UV`De-64*cT!zaev
zY?L$qWp|TR&fIs2*q(yLuzhL;9lfu~EN3nUOE2YvFK`(zB7XOAUPSyKdzzSj>v03$
z-b-ihX<}77|7Yqx;ne+@X;7DLr*4&}IdyA(w^0{*kTFI_{T>-~2S2z9?8uosbr;to
zn<3oPnpqEj)WxPqW>j)Mqw(@#P?n?iJQ-jX$rl_~w#M-`4|H>$I&1@HeGl$k&fIX5
zL}<TVHm>VCh?8tgt~dW??~|V{HgZa5JB*`|lI_QkxA5!#mJjpX0p#m{>%V!NiMX4L
z{+qnh#>w*?n)hF<ofAA>6USFX|J`>bd||s^J%jzX>HK^_=RNg5ArZe))L&ew!RBb?
z&L)<d%2#au#J>Dlqxt)76?UIA1c0kFEfmF4k`*3Bb9zNO^5)iL{1cb)LN4PE`fwR1
z(Dpm{ClWx$16#=W{XM3P6Xf9Gi;d}XfT=B>7TRJmtiN;wsm9uG-~ByZ_{o!}`cH9U
z$8uuNW*7=F`d6DmY)EWQY~60VLj2<#WAvrn%@m?M2|lyKP>AwBSBS*_DHLCQkRRn!
z{%aG{$DT&*;EM6tuT89_Lg>X+eD-(&UicJGvDEPd#_YvTl$LddK{l`Vu1)j0eI+rD
zJaroHb6-ic<90Q$S%{5mz&VeiWpl}j%z@k0u`4`6?wdWhpz{G=EPp*+r2Z-hD?7J0
zG2EPCrvAQ^Xzn`PfJp=u^o3n0XzMvS*!>b=+^<$jx;X;rt#CX0aKw7wUjD)P#s{lb
zaX)ASow>bLX$?FK0@_9&*xtnS3CB@d*^5D3KX7Sb0)MtOMp~Cv9!TqUwcsa1TBlk_
zD^DGJ4y82+v=pUvisxF4yD>sqzx>i%TCcQkA*}~?HkVdtQxjwK><;_OhJvo@2;bjj
zx-FI<)O8kG%^{Y{?Xm3nw6fQJjDW7GFg+)IS&em!1ATFq<uI)|&DdY9{DhZBOmP$c
z;`4p>a;NbV6qT!Dg*|>Pcj*3u{JzHTzt{Z!O~?5CNBR9=^ZOl-^817M{gEpS6vTns
zjp0@bzvZ*t`u?<;W>w2=i?-8lDJta99hj!|cP+*LW9`f1qbQocXLqv@jxa$8F3J&L
z#RLTsGzbqwi6%0OiHM?r3V4B{T>1nLF2U@A!x{{VsE8MWfXI!21VXrpa$f>LLCzUM
zxXGRE_tRB9Gd;5#$>Z<+C!g$0Pjz*5b#--h_qSgDpEfPNIc2TBuC@C8MTDpm^>fkM
zB(9u3W+|9hLisGK2A?_iH~(L@21@_7GWn{t?zWW4StW#INpeBbuQiOZhy&AdrN%lS
zlie};h)k1TF^x!lIxB~QaWFoa853-e$;rRFAdHVkfMCVostaQ@?>=pEd*A>!xs7XN
z+@2<f=)m0Z2S2$@Ys4(r8xsBdOnkn2=qy#Bq3%wpa%HN2s5?9*K99B`nu=K->W*e2
z&d-UX%Zlc=SXQ(@4)a5NzVgk108!sLi`IYIfdDD+Q_D7)K5n3x#U80#Il`KuiTz#Z
z@}tn@xwrIchEyjITlb{3vqvAXbauBJgs8b1&Zu0h9N7=!>goo5sgY|_$vL_xfqjXw
z?r4v^nTkzL2eF}tKxLZKmC7vo7BVY8reD+E!x`Q`{|K_3TSVWOQW&yq9LT%)z#o-F
zgqz<Z>vs#0l>Qa6>X$-REtC?XCYR~!#x%Ly5P{bI94Q(i3-S4sUMJL@wJmNTf|8?n
zQnFi0{23IV-x-wy=T-x84%#-!-${9FKRYTEyikEyj5$73Edx;UCxij6uGhl=YQhD0
z^cVN&w!d#ZXYjF;oc2^7@3Dtg!=sRU<H2Iuyr?||(8|394nfIJhSRqY-N^w5;!kzu
zStvcS2ujCaWPYNQnb7v4Lr~^xaUYh*$9pg4fmgk!;JZ%i9fHzeZ-A(epM(c@W3_9r
z+Fxn4uW;4QWYu25YGbk5|6u7Zv~)+VG^Dkc|5Q&P?cdiq1m(v)0is@2sxirq|DV>8
zhyJJr$urSB$=F+v{NPq3b87xivq^_PKnw?OfY3%=0HM8o!67KNM>L_OKSu@jO*IrM
zr?W{u!*0=-Uk+D;WY6Y2$@;e-`O;xn+ZZ=T<8zIP&a}#5X_!(38?1F<qGOXF=dojs
zWh3rMFb8|Zz1rgE^_|?}=Z{G1;-`Eszpj6yKAX(i0qkD~>kN?}!p<Bzg!7SYSAZ1k
zpuR@&&HyRcqNlrVbdrvzQ7qkc4K3aEzDO?Jb-41u9{!Z@X3@K+0l=Ja*{;<Ka5*7y
z`!$E4EboZN>MP*rf8yqApdev*FyE;-1jska6y#B=AiIu3$p!T5boR9j=lK(F;@7Lr
z!`G|NI|OC6@pT&g`rETXx?pmWes5Kcx#5+A|4ih#yBeN(^Mh2LDK5YPu>GY8SKx))
zRn+tLJ@1ahQ;N~M*(pWCDcCN0&)i1E+}#Slpe`%~$vk#dQ>3H>!z`+2Ak>@KmdY|F
z0c9zc(*lEV;S+yc<15U~Gd821wm&>=m%f1THUK7G=KK1)0;u6W?3vVa&@*Z09D)-5
zklr&*XwQuO8%ic!bqLC=`;nKrWz`tDU0d*b4flqgT9)l6xOP#)LK$G@A{?TV)BU&T
zxWW6WOxURCb|U1cm=j?d6+?GgM#ZD`gGNQe0#5GBPlT3xAc9Ne7_KzjX+CA(eJT=r
zz;L~hc*Z4;=T@Odax;T=Z+E1!=6Cb1s<%-j@@!SHH&Ml&xZ)6$(;cwmTGJ(Nqn(yR
zOyA;`-7~*{7CaQgPOUSyrjz2!3+=@~$LVX$>bo%O_Hy?-HK?CR<(pj=kJ@nqJZee)
zliP))`cTo5SFP@$Rcp^dXn*)6+WvTK|KsKG>=pWK4}115K8w7B{>o_(LWk21L8<Jb
z4~1|#6rMXp2&b8b^E9{RKd`Zf)1Q4X-=?wre;GEdkA=Ey3s%A%UFy>A$<xjf>N~od
zMepExY%JG+h?E{^!7vNg{euf>y=ksAU!Le4d{V2|##cL_4p(gqx10P_o@F<g@(=?I
z{1HJJc+8cwriPYJ4X#oqS@o|0W^7wSoxYdjP}a)=+OpWZ?5)a>oUv^8{gYOm*iUI6
zp|tgoF~*mJj>P<%vxgJ*Ymo;dte_ueDEKx_K2BfF*N#2up`rq>GIvLS%XFCRjud?-
z@gm^qWuR?4-E_#^#1%+4HtNJ}0gx3Nc$}E%tOoL{_R&Ih(>}z1znLZ<HP)W`i6QQU
zgeg{hHlR0JkGkrOR_6u&c^V+8{)8dR9Hvd$oLoxhzR+Xkhn<8d?`*f2r@DCdV)asx
z)pxC!teBXTEdecIquDr_f<H01{5!^<kp3rS`eZL$;?pdS!Tt(5)TPku_umWBlH^^m
zsMY-ylRt8Xi@ido#^bcSDQIXazuzd|r;-q*?>62_ZWnzYqAGo{1jIA3rCB_An*&;c
zK2uP_9DrcrIeLrj^s#%a@rVoCE%AsZH_cHHJs2}5n%~=R6>`#0@7#m;?3Xx9`V<$m
zXhnyv3zhPKfA$L?0-}0;!#s<Nt4FvEbvM(hL-<PGEnJ~gf8wCU`WV2YB|E8oa@}eh
zG7ngesV2*x)BcRB4$Fyow;s037g>hwD^%1khSvLwJ8n(zMJvIlsED5kP4KH7oLlr_
zK9xg%aEsv71I}HS!USPMxb7BxzscejJysLlqNHDI!c1wNt*nz(@dZMZ%1t3+|GsYE
zM>#wF4CAXsbG!-rW-hx4%ghe_Ob=znnL=3>+rtiA><ZEDCOd-!nd(n$O>5?k_UKcX
zb^<2nFx98Vx6r5Ge-A}GZ{e+opRA6uzVtgx_HUd8C#uOYkX6%T4nbMdL3g4CP$z0L
z#IKya7FMO!`8i@VKeaWvMKFU-sOpeyylYlun7KjGRa=|;w-F-Af6^(jLi6CbDN#KS
z2+D~w&Nu|+`@7MDxt|cC9L%-Y;Ab#*PQ#y|-IYxof+YVLpHCG<$_X;SH~=bwoJPX{
zqfjG$<A%YC;~`fEQFiXkWw<hPgJnfiD-4H0)vAB?61CV|U=*UF5DQKAr@Ld+Gx?fH
z2O|#Btip2$9m7b;!-F=7>jFgWkC~;pm2>NL{K{GV;R-82+f#cTYmb_8jeC4OTYK!f
ztUr!aj<d&+>hIU^s(XwQvjOGL0Ruk|sfe9}=R<Gxywf~me!h-<V4X4N1gR2sm^x?&
z<AJXI`ew7WpIU$|wffc%WSe|z>R7Aq+|Y|M@4tRF@BOPMu5-=2xmIgtx#<v>?(KCr
z#>r~?T1{355yxTpJZN{HJJ6EN%MP|=rgl@`BuzdJ?uoU7|G}8`+zzz~Sex3|Eamv@
z&~95w{C>lU<^+Abx}MvSZBVWJBUJmArP{S?`D(dFnogOpI*(Mh&R4L`D6BK!GS~U&
z+A2I$(?N#+)kD3qRfCyGm2avK@6qfZAQRnGTkNzvIIowWzr06`*FeDb8zXl{l6R>C
z_iM!IujD+fuq6MfUO51b&6?}LqtNQ@2iWWVtg7PQEOj5;h5J+goZo2t8skFHF%GeI
z@ERkORaV1<SR1K$)|gGP_X`d5L7BRif3;Qg{!)|2sU3L2f%p$|v^{u$H&`<VPDtma
z$%8nY+WtmXqj7O!Y+ZMfSU(K`A1>n|1f`KfP@Y?bXJHF!GVm%6<AHKpur`1Qf**wG
z2!b^+ml5FEjahBn{CTIQ4rQmjyjs6+>TU1PvFnt_RvTBP9@25@KKs=WWIqF#Zm>9_
zp|*ePrcK@TgG2DhL)~$bziqF-92~&KP<Kq4Os4|e$W0RK_jV(i!vZ{@QWoV9lwrTH
zlfSj`YV74y`CJk?B*|M9``Q2|2+pgmCkQSA*xMB@g!u-9-OQ*i%^iYrKP@eXxq;*6
zwL@U^Uehsp6`LUVGu(DTNcOLY)?s>Mk2(an^#R+@1_;mhb-7H1-Z$zZ{wv-w{d1p#
zWe$2S0+L#8+2=se+l3L7YdDi1u!+8dc=mqoY&>9^CjXH!)*WLLeO*8uqduCAhf(2B
zJ|K`O_17TM4We&t6uo;R@F@QF!4e+Dzx+KO#TV-*xjda=VoI)qd2SKps$(5NNJD%}
zI^_#mO2?d99Qbb>qTtJ^ZkO`)YV==SIuO3Uw>!=wZxg*ODP{Q?3_u!_f0{gW8^5i8
z*yZte3-`#WMJ^2r-AC9}hRj4~L%d<(QvSOFr)(GP{)Q1O2?W*n?WuAR!k{B0aOvuR
zhQu5rdK*S)C)8qVA;8I~cB%4qrPay+DR5_{%9j<_$^cO>BA%bp<<|g*4}2EUdmDX^
z12!W&#x4j>aq_eXsuD4%P_IODS9$dN;dqUj2cJXuq@!&GA^W_Y-G_<Ki{H=P$lGN>
z;}~X!>YWNd^XSi5o9Nx6A@x3aC!l|9za5ZzUyDJc-bjYj8_AG*qjiLga~3FG`0cOj
z=8<?Kb;OJ#0zz|89Z9bb&>Y5<sPth*R;jl*fZn%5rHJY#D0NmD_QM~>3ySC|h&E9X
zowV~vUk7!3j6amumIp|Itl{|<D}Cv2uaQqmS{@+kIHKcIbfUi_3_RZ$)9*csi~hb-
z!`rwFIxeT9ibpGD%NT$Z;EjN5^g4$F0QkGC=$>T(Vw8F+0Qnw>h2BrW^lJ0;_Q1^K
zMN-jf6U5QbOuJIBioZ0P6JVKDMc+MTgs5#RbsUWIO1EVJJ#VEU=0b+2Sd^1R#r(J3
z0*J``3oSpY_KGSh+!Nutiw9NAnMtXg()1dYzymwrBN+;4(mKSqtP43UPgvyg$x<{W
z(I}VR?l|>y1)q<T!C5}ff7E{|3bPY{V(Ahsn9Sdg;rT~|wmFp7({@AqjD|mA;7D-a
z6=?<I3v(9p+KC_4Gw?6v%e1S`DUbZ3>$z_@90~#a$W(vSf?2vvSMSzv=}i5@hQS_M
z(K*vF*i{}>9*2!FW_aLHgTv|N+WqdR*jYGrsJW$deU~r|?)f=809!R|l0V_@S^7zy
z7~N(phe^~~a2TM{!+v+Le1#Vv!~9(Zzd11J-xTmO!rV5=?;QV?L%@l~>j=|sW(-+o
z95md;_YBGTw7no?I~;<bu4DR_>QAsCf1iA%@fR`qD=U9C(TAxd_9#6T2Z;I<(eIxm
z>^tBP*zoSA{VrIn=@ollj`zd1&U6R{UR`Fw+z1EjYkw!@%Hjag<PP#S`Xxc@$29q5
z=%WBUh_vOHHjgO%J4}ZXcL>!Z552DCPAkVfozF2nh*B4~&2U0idi{(uWDJZ2D&6f4
z{dB-~b_n(OQg%E*D<^t~gt0RM&p|@56fH?wi<u5flC)FGpFiR4@3W9r6F`zv<<rXG
z<pBbHu6|Ui<L@cCKL<#`GR-cZKrR<*Toz12yhy+pJx#S&F`FWWLvpNyzdz-X3-qCg
zBQw4*r;vVq)-+H)DmTujb^19#)TGK#<JxS`^5YA0Z0#7Wl=vdGqn>{!g@eL1=JI;9
z@CCadsQ0t;aGJQee(Ai7?-wm<Jw?MuI;v@ZN_>8ryd`IzJ_gp55u)TT<{Z_vVWBJ<
z-Xkmm*0uIP6V$iMxV-RI->t<$lkWx=_x2)v{wPN7%YS0rtGPvlWJ&(SUi%>8R<;e6
zp5@ydg7Ro{BZ-f*f*}r)oOHb@QN?=x@Ud<eczBn~2}#2vF*SK#bAv+<FVXtDEDCVh
zGB=Cf9uQs{^AF*rX%(jYP4W93)YG21*AXfo)?5dlS6qUfS?AlIJ6K-vpX+P*yU-9!
zg|&T202`+!7V&w>P_FXNOs*_TgZEtr*o7P(1^4C+4KG#e_pR-CeC3<8`&O55^WRaE
za&TR*W|dg*d+F4iGd-Bz$6Vf}mzThbP3?2tz+Kf4e+#Kv7t=5L-^A^g?Qlq(_QxBG
z1E#E3F46ZjY?>GA`be8Y$sA~>ReY(~(8K55F_>1+#w<a!7Au3eW&r|ncKr;r>#lGR
zzb1QS*a8+QgAe2PgFsL=R1%YlxqMj*c7vY2v;`==yu~3X-!$PtZdcnv45Ar2)18Y6
z$;#PCCGOPlVu||L4GpjN=pL$9i4X7A^eVvX)k`+itF3f(=ery4k2m{_>Q$MPnb2Eg
z6HO6RhI%z(QGg&r`G$?545^C@oM_;3md2%F@umO@XED{113_<%zM*DqU=bnM2jkf2
zMl8+;0w|uCG`SdkCCTqx{wc`ss~QeLV^ujfk9|hzLVrM=Y4R4;QN%#OsIuhzs2Pto
z*sX&;HQ=o2{F*|ko@G?C=7nfJHEQbOn}jIKenyRb3UFMvst2wRqRfJaTh$o>@MVU5
z>JZdtAg|mRbq-`&Vh1=v46nXaxlu4wYKHUikTFg$e&mrW4SdkPl7D=(^2m?uUUUbz
zJwGPKBX3vQ{b+<ip2g>JN@H4*;e#gB;PF8R&Zm~bzz6M9gD%E>ELs%53!_C}eqzdM
zH02X5TJ%DU5k7f0T6Y(oh_m2>N|*!t*D!_;8Z*bh2OV3ZYJAY8^Lc#G(RK|VG#c?i
zJ1Gy%HCpyx9VRu|9j@Fp7yWV_BD4Y_LM4O<t)aa(L4dvxrG=9ooo9Iuaki0Bx_AtT
zP><Z5N+o@oL-5EW;v|3D(%+4^l1J_nohEmWVfi<b#QJ?YK{V`M457_+I0VJ@0|u3(
zC_ShYNFs+Nd8@K$9t$cBjnXbic5nznMwcjY@;4en=-9~M^*{JOKLm(+AYjQ8nh!n;
z4#u3{Zxe(y!)?L%pDFSCxpn_v<^(>X-2@QY2_Zn!>No^>6P!@Tr1U3iIt1l87Y70w
zo!%Ih`R0_*!SR41!2|+I1ank^@R@sp05-3h6Zc#b5UVphBv$7c!Gy+n7STBSn$bAL
z=7MryE)U7LRrD^bZ_1|1cKr*{i(7dcC(<>q+5|!UDFFBB*%^MN)oiv0p*n~upAO<`
zhRtTUnl}wx%`4vrh<YQS=YcrM{iZ9Az4W);$P1K9f7^^W#8UcO)PA2(zN5eEX}<yY
z67oIB$t)Kw+UWPbXJ_I3>F!ScWR{8+MuvL6(u{ivd2BH|YHxS6@*w*ZGT5RE+S?ti
z=2mik#UJ{T8fvS<K7qwF)bTx!&uPZV9PpzRC-Ze3C-Yc2A?i&7my;+<zY7p`V}*G<
zq{QbUK!xUq7qPs!`8glZ!SNbDIMlNh`ubP@e!uzqTz-6gL`e(@F}@&k)JtF<r&s8R
zmU4xTXbBlK<YY{sp}EaerWd|N0YMfGe=;V~h|_)OXf?UQoIm6rsm;0-wSL4Zul-cR
zHC&29e)~3O25s)^Hg5H#<wpwso_(D2UC>a`KmLP{OF>*Cpu921h-(zEy+FPra0|vD
zf1R>4)YOR+0wMDuvu$)P4wBEum*|kjk$kc&#P_fd&$nx%sa?b9hx5ufJcs{A0=iOW
z)IHQpx@Q|ONY@ZwvW1@oeaE<*;^cFW34;F-my{WGwl-((CBL(DihiSVa298VOnYkB
z^7qRO|J1p0iWyHZE0W;}_K5^M!SAOqJi&4i@tw9(N3-eLH5yXJl^9ws@%uFnjF}%#
zpn6@?Ci$JtDGtHYxqG<ieJQ~NCwTE&{`AyV(bp<6crfXGnDaveUWj9<5I0qr^LIFp
zZUMe-)A>5p2KXvn&G>qzz0TJ#S>tQReHz?bzi*9rP@6{oz)cFT4h0PaVa<5TP<(|c
z|FP4v1@Qn^Yg;WvvA|D1jh{&xKQE67S04K&peKw~X~(}jrY`z0@!#;qZIkE~AK=ne
zMPi{@-*BEvq?Qw^`+sofB^P#HaLWapw_zV@?f<zecg8wg>HUrQ6ov0-6Cub*>SD+l
z(2(z!2~-Si$`LPSOt|vScgEgbHh`mziBw+tjt?CFggV|7?!q?hxJv80`~;9y(^X7X
zbvvP~u&Wk-Z3wIGf7pgqs{9%s!s-?+`JKMWT07Gd^>$Ku4gH#j)7~ulTunpuI4IwN
zhJvtWGHu)A{J0si33z_%7mep|)VF@WFrGhYtLt0kB#jSyyrysJEJNSQZmX`oHH#92
zHB%@v8%xdlc61}~vuUNqPXP68!AizYyL%1&*ZE27pzA-!&l^$I<!3(SXDaBwg&z;{
z(^BVW%3Z)uEsdWZ20wrLG=7HY{N#OQ@bgu*`6;CQWKn*;FER7;YcBBf!3vF^oo?V~
z$O^{K?t658(sX_b+G_lC=J=^4R+pa+jRaxMCzPN17Jg!ppHs^<ep;e@@|H7x8X5eo
z_iFrHkJI>BFw@|tYqjO`4&`S$<%eD7*7^Ao?#(uRSm)=N*1%7!#?OOobbi|E{EX6J
zN*i<h#70z?pLLX<8I+%^MP`0#AwRR1Y5a^ve&l70pJxqzzRuA2Ij{30e`)Y@v|e@j
zvE42RYrdfTylCO)y&T}juJaSu68KS<GJYn;==?<J{48jr@l*PR!Ow+S)#c|=%Fj&7
z&%T>xe$@5A&r3@+eqL(@{CG5eo;3Iw_kqUG=2(rNAsj!&)#k@f`I$xeNiy>@CR~|3
zlY@9g49jF>a@Z1$$-mH9=)Ht7`Ij*%ADO5zIlR4gnQP1E29qx|sG7;b9OB}qqWP4=
zZ*OpZ)|hbR{FlajB)i#swEs&U!*U<hu`X?YndlJ2>A9(0+GfCio5DAVzQZ-(-8A~d
zn+E}l%gU!;;7)`$P7r*#qnb*7=g5i75yMq#{pN7O;@OF?eRSVC5J>7`O(0|M1A*MP
zSn~=J_?d3Y3}dFdqoZY}3+HCKuO?{1Yx4k?7A;cwU`Bu#PQhl;SLb$4Q0AF#a$`YQ
zvzUtRmFqeV^Tcf6c(lPW>e-7L$D8ibyD&=UqL!{_wi!kjK3VN?_%gNQA5m70UW0hQ
zvve)$`yze(wLpDe#P~SaTIVD4eT|P1x;=RBGlP%X)wWN2slI<h`RH}cJpP6tKbwBm
z_^F7-`SxeVPnp}8|Ho_mTyCw;|I-bAI@PQ$KT$40So0ms|5q*Z|F1aT>ipz1#ram_
zr=?*JhUxswy+@z_Ieyge>hkj}<!3g`|5vT{;GG$UJ-8iEex3ItlfxEjOn!ei+Jl9R
z$r!_F+A&UJa?QP(Jy`jv!DRi&f3gP)P4-|e<?!Px5d3{@oQ|GaC}k#iuGnFyL`(io
z%JgYkM0vmI-h#gBGZs;QUj*!d+N)q(j~Pb?y@Mssl>7;=kFz4))eyZ0v8&pxfu+F%
zKWR&Yn<#~5KQSph$6TWnU!mw73~|_q7EpuD=8=Ds{LY1AHQ`Karzhv89{eYtSUmVT
zk<4*N!5D3N>kdI!v%%D+VQ{0S>7&0uo92ym2ubVl0(rvBvDiRsn|${Ygth7Sae%1J
z2@p860MbA$ztSP7=U^|p=~4RsG5miK{eO3WkWlN>oI_N|BTNj9EkHZukuRoLgKH;v
zr`fW$UvVi!ykS2d2e1SPIGt8sy=3f9ou0<x>mzSrx~d2=+zIzw+wT0uA*A{fB9=M?
zk3Yq9vz{)qrOd?Hg?2%S%ES=xhj;0SqL(#9(FN0ZMA5FX9HMAD4V)kL&r@^e+!4HJ
zTeHcgg|$pa?eDlih`1_OeF%<*M|?V3*E01pJRqaIpBW$pKPCBn8b)N%Wey|q*Cme7
z7?FD~a~P3bGBxbDUjbyb>C7ddV~>p1F(NyS4uKKrzsxWqpIzb*3U;T-fqz0L+={pb
z9EO`m9(qVaC)|ZNZX+9jz~e941!az(LovvX)f2BW6oZ5;9>pNFoqlw6eQoVH-v_k?
zOH`e=k7`4ekTf|^74)EmRR%ryczxjT;{rPimsC#S*sO@Pf-Ow_m}j$ZTXvA*4g|Km
zQi#BoYy1JCo-Wkm$n*UHQgHl#X6{X7?%D;7xfgimz6@gS>Qo*E?`1-WGIgps`r|F3
z%YFG6?Dy^0uCiFo!wk*!G^D%!!oQGi%x&2JdIP?dxdz0>SQ`*$YQXFOA<C{yO9LiX
zrvcI0+-)?V;@_ypd2GN)RcpXsA94-&;cjaKMr860_`8x2rLMIBjS}G8KQ_Q*X$}6j
zYil)w|E~Xr|C*>lOBId(W<3Ar@3Qj0<RhN{7L@<gk1YJ3jK4MiiP~D6n_rZF!G9J4
zdtEuN@jqZP$A6*Q%Kv3Q&;N@RgeV{RE&Shq|E>8Sr1@GLpuqWm!GF&P;6G01|C>o1
z|Bj#m(B8!V_vM5rJEvIqUlLc10Z><4TpJB2Kld*hup3Whk2t3_;7=ddfN?<sVE7ci
z0Vm4{QR-M5V88Fy9T2Mp-wgh{{2TtKq5>^BtMT8I=l`viR{j^uJpa*@|Hott|5@#B
z&3};=tTy-`bM{~Ge+kp{Up}Mp-`~see<WxCT>6mb|AkUQ6#s`7{?EkSn*V%lF=p_e
zedb^AzYX=Lz0UvF865vl2Jzp{#Q%3CgebpHw($Q#d^HBZaBWp<G@$JCzi5CD6=?Wr
ztpUeB;2Kafr~$(!^9?vrOo&q3+5q9+TX(<;E!xWgYW^SiUwlgAzX{KO-Bwoq7fs^%
zZ%+B|G0DPz`|4Pr5-mJzG~m5c|DpkN5Du&GZ><5(P2?KzQ*&zrF8cTe3@9Q*k$sj1
z{BUnI8t{P@zcm`L=5HPN84)0r-4g>OCB6_Za|dt#P56r?f~Jhm))-gsy-6RJ^ZqqE
z?;CVb_z~;T;NS5?a0Cvl!zVSdBv0VP@@p#t_=cSWKIr8=*Mn~6x!whsm$4?l+PrL8
z_b0ARPEQDsf_;*FLODwR+x35J0PEK%y#X2Ta}CIC8PtFVd;@$BQSWwXhNWZAwuO%M
z$R~`Bh4tdEE`9|&*VL=0PT(Q9Xbxs^@lZGe_xTCCkOKMAl`|9cE3Et34NJC-9cnQ;
z^#oP*QiOBffJeiP<De#4rOCYy82G0if08D!`AlFYMB+lx`y0*)`G46pY_L??|Kr)6
zU>*1LX=8TVlZ3#hdp=+?)XIt8hOL+;wDM%c+S23s<c=miSedWqIuBP4Yqb^RrOJC!
z;tQ26;{zo09{3oz+Z{++L&X3Qu=xEs80&DptzV1;WdUhevGF*w@EE|r0>~l?;qafj
z{*U9-XI;?5erO`EJ>9PnqP#WHqCIQc+}bXWXvnr-jrPs{QwLSPtR!X_VY6+QO{XPt
z4U#$E-604NC*b_EqhJ&a<nQ?XzcMMk`$LeFl1-So`XF1X>kJ%v8-bY-mLAvr|FN8u
zUTwh-vcus2OyI4=T`iezGyy9SZC!omtKS|)<FIXPfD{~)=(sD2&sSEDH7kSq&QZ_-
z-e9E3$sy3|Et3F4ufK?a1SOxTyz<N#4&XPug|)ZOzt02wHfo_Y11_ya>oV7yapVX#
zgN&ig(9zqkjM1BceYEt56`Uq*q6M7hA|$8(pO+W?^Le~7o&2Q<7V??ZARoec3moI|
zqz(F0t@PVggMJ9-{F^H1x3kjUb?Mghducmy2K@)CpuhWl3;ki2Xixs{tD`@UhLrzs
zEB%P-&<_zm85f#<JuCf1g}0VZh{Z*-qr7}BrOL(1it!fG3olaEF9flkvy9*FgEKz{
z;jKqP^8JjJ_|1#ekV^=sd{AimMdK{=KdTP?5Mdu@X!<j(^b;=LTJ9mD8bAIKS}!|V
z=^rYn2LB;k&Xhkw@_%@&h5o35Tk{`cO>ypUX#U@}(vPYJ{SZ;BNmbBqWTpShg=)wr
z#G2x+!y#}U!<AKIEc8Xd3_F6JA@UE7VMJqI_vf2v=N%#>%S?BGmF{ZD_VGV@oFfkz
z=NUB*jdSHnNAs?nR#P9iXK@UxNdu>g)-#FUTe5gw;Q;J=S&11%3ARmo$swqxg7Ds_
zjJC8XR=ss!hwy`D9wcP2MPBW!v=<cz%L@RR&NSrZ1&6>q2l4*d#F=of=ckVinC~Ay
zb_mKwMca(QOE=!g8q|TitX@0}ph_*ig72131z&!}REMBURRTIrcP@YvoKRN*T2$io
zFQIfYmQJCiU*Jktgkk9zgb+_e+B2~9=d^SOuJi>)`wjpWOC;EWcd_()v~(C(I$*=n
z&mXJ8Va(5wsl0tAdH=SjO84^a;2CsQ$kL!f?^Clm$5eXw9>i%znS7TCe1D(m5R}yO
z8sF(1DbG8ORmnwzV0+o9YM%QB8$V??aFK^x9Qz2k$p6S8DBI2%())%<Z#<$yzl^1y
zN1pprp1<Hq=QyzRl|xm^;{cV%JQF7akdvBU0PRSmU7ynK%F!NcN7`YB5T_bT--diQ
zpnTWkO4neVtoo};nd}ZWcn5a@?WRckM?cV>=XVIo^0Ru+bf9!E{RJiKV9A|Wau+T6
z;aPJZPCr^D2Sv9BO{q`rs<QOg!83rn>e54l-K3(O!1KV*f#-1KxfbR5;F;haABsr>
zdSU4vSo$$q`bVzxU94CBI#lK8y1TI;tog~r$x!6PiM0Qk0<=#|aR^F}GiEstN4;x+
zCFfwtxwK^T8MB-(9;#9n$-%DCh2N_zEeFr!>#8ojGuU68`g@hyzl6$Ssj2h}RnzVg
zyp-usb?H-$f*kL#s!J~mUdJ5%t;*8%gJ-1qp-bm@8wB~e<Ekc18U`(QdIHpEV(xT@
zpcMQ8ovh9;MGBF@>UAF#=|VcCHNp><&<~fh4_6@m{Q>&y8}=*@pY5T~rm$xsf=Fk4
z>JXH-*)tzL6KT1Z*t2qc)_^{HoIR^w5$fW`nGiQh?xd}qNO}DYN5E!UUkygbiKy}I
zDeY^A@mXg$&yaWzefAf7R$KzlR?}~PW6wrZ81z=LXG4(Q2>NU`d)Bz3%5nM`Wo{B>
zZr2X@a2woJjT$it2HnU>4nbLXQXl%hM{9;UQ(u^K(iP<FjYWbtKXC|(i*fRF86j!@
z?ugSLcbNWoN5|>M%YjGgb7ug<mGQ&Pr`^4KA*<ITJlcEU1R)-O9|U0PaR{kO3~~{v
zF0HR$Fz@XSS7L_qmn%1m-UW9Gf=7PJ1q6Y#TIU4EYuM3HyuNAXb^kC6uOHqS#A}0-
z9IxXKgyPj>=5_2a3$LFw3F37;Pc?jhD5^cpR9joAe&0BVs&bN(z=e>#HA6H>VDC_i
z1TNhXEP=Be)w%~lQC)AQI@(J0ZdVZ1b(rzsed@;kbO5#OGXVHZEYAX!{y76wdQpZ$
zP>%d*sPsxlXqEoR6|~G)u$2?@)!m`QOhl8IH@smH^9Wavm^b~+QN3qpD60MInWzr2
zQtfej5Y>B65du+Bb<r_v8Z32~1+>3CEY@+cXfh9t`ICrnyw<rxyFchpoCxlBRLc)Q
zvaLRF2+H{5X34VSdxbgO`GZ}SvwOX^a4IqFw@@naRzz_2j+b5!%HFY6^!~RIRgRRP
z)C&G%pbfrEEqh1CK4Z0`MqKAQ;m2K}I$=kIsT0l&v2;Rtqu>#Aiffp#Csf0}i!kZ>
z)FBpKKNJ-_g3fSMr|b$vHL9+OY9}kzmbV8{tvJO=z#GysJyq8vfm5$pB=B0W8V=$u
z)8hw2QJrk2`jM6Dk*FZ5_5P&#dP1FckfZL~OMeUm>aY(A)X&u6fcL_cc2??9jAyI5
ztUC?rvWhM;`t3o3Qi_xCld%4X>M{Y;zUu^spiDk$sD1yiPzI$aXSRMB>&1=8{w9F;
z+^=nuF@NzcTJD3;0f@<42vKUkX1Rf=oP*QBJ$eB{_ie$TezXo|`raUYt1TDtQ!(Zc
zV$)<>F0z(*kkhd)2T-z9#|+5|wN3ZZ4i2{H*b}#*j#(w!3MKmrT~-jxc%!~m7VPWg
zJVd>`pS81}`D&Y7Tz}D(z&7^br{!8`#T>=GrC+9Y-K>9U+CI4Tmv-YzQv~zYU+&lh
zEvQdh5XM@tqf(0^L);kLXbk1(NX_BKy>8CG+N1^ej4)@_-<jA*GCtKKyw&`)#wNY(
zrs(9Y+rD$7{-tR@;?`e&vQcMO-w3ECyL~nSkO@D$+H3xJh~X8pk<<E@_R$|bnPs&x
zt^XpN!|slTiz*moJovI6WW*~gfD`~D!N*1dj214RCpRem^LN$jiTs>7y6Kq2#^>U#
zph@$<PmfwU8b<!I(GEeWIB2ZYUuEn1*LUi&H|=HJTK0`{b=m8i4b_x={s#S1J<eRs
zPruus^J|K+-<sdSMy2|uR5dHT$Eeh_A$RLaujYhYspbsOFC~r0<|eA{n?p^5$DQ0|
zh)A5RCcLQMjpni>yigCPEbcIbaTG!=J^`AM>2(OocRSF=T&^TUIq;%od%i~at+(ex
zY#lms2vH`zXibmfeKMT#{y%Pqty*sqokj0o&;>Yky%y$%jR0`WL-(t>Yo1xJZBxL`
zguX^KBVXwCpTY0d=JYdvA4Ktgf0H)-@s7ptFs{F%+4^Uo?veI3(m%DV!{GeGf)n|w
z!%r}U-DB)L=ndm9y_lNy{yI*d@^*yMr$r8KdXAO=gg$N{>QkhF3ba}DK3_Yu3$*YA
zA<EYSEn3qY_5}X7ji0^QgeXr94BCaE?z#g`82vB1Fdt;=x^PA_j8%^DeD$epeO#M1
zS#CY98)s|FB3KE5CI*jlrmSkgT1;OMtqd8!{4HZ}9EX@`wN_X^tR+NgJ%AVcHqm>;
z9()q3s(qdpffIr{Irdqmlj>7fxW|L^#|N*&W3)JrKg%qR`q5QZT3>H<c-EBjVc0c}
zTqB*FdXsxh`e~2v<ttb8$Mr99mGA4PRX&5~X|4Xa^CgbR4?2-|c_JU_rJXmp$D{Pe
z-|?jf=#N`m;~sa{AHQ^+t1?cn(!-Z-te2k2)3)o6FI;9sbjyCOFK^jZN10v=8>(CT
z@<UbaP@z*`wq{OW-qxsZmYWMOuVj2*-YdbPiI5`2d1neZ4Pk5SfF0MnpPut%KctyS
zb%+1cFoZ#ypC<27udN1pzb6B|m8<PS8awbq=~ndR7aztz!n6tMFZl6P{P>;KcEKZ`
zz$`4A`sz6tOeX}5QI9;RZz7EzNaH>W17kQc{OTuo_a3uHs4bCP`6EE?%qlavd#fN9
ze29dRJFp7K{fy*3vyl6<PiS(%XCoLnFOutz<Q}z<o7$%enFSxwVZyr~=|v#DqF>DP
z9;|}BV84K|clH+`m-8_0qy575=e1`-(=tuWJgqO0)>}yHIgK?2&<6Z{LutwvxPzpc
z$DunKcwjCKX|+aLqNSOAo~c4?!6!(V*eX{7y~9aBZ^KG6y_!|g3qHxj=q*BelaSsB
z3%%7(S3xiMgbt(EAL(^Odd)5LUVS=rR|KCpVO>!V$(`?pdBj(k$+@Z^7kqGzk=w8W
z^WP!4i57Bsy+e}=KIX^BjYM)DB-g=0Zgdsof{)!XaxIWt*+W3?^l~$~d#WH8e1e0K
z+rJ#hEkttDE#!_rRYlhZAMRpZ`vKB>4(TOZ=zUZbz2L(>j9v$%R|o0cSjG+6hpHm>
zYfyBY5j(pKu1mLm2w+OpJXrM?b5Sk>s)0KOx{MH7r%^~pE;2^29}9uhSvkBbuk&H?
z6Q5nC)oqHg0Z@wJF`0KyTQ4*C&E-ETFfC%to4;3=23G{YUuGL*e2}{|G-vPd;9Zup
z8y_vLg0l{$kIctI`c(B%Gah!wvKiY_`^fagfFR$Q%WJfxifZPYsxfb{XIJ&nv!;_?
z=DqMqRekiRsZ-4>)?Q0Oi#y6xk@-+Y(<;6xG_}Zlltf(|`kR+c-<S_2{8Gg?ep7qQ
zhdL%Mu0jZVO&^(e`coGpmhTx{Wc?$ULiA#7s2LR?PK|j1ZG3TQQ57t$Gij&!D9f*l
z2+2z7Gg!Qw%W_Of@=YzxRI2~&NHLZ!o??^T(ezIoUG4hD0*Y>+hUj}MOc1V%BOZ^r
zE{=G#({*vg09UI2ZI|R9A1%hF(r=!}uj3?t_i)KSf4(3H6VD2QU=zK^AhA*RNC^M}
z_fWn7LvRr!h{;Wl6F(g75Co;N7os(0RFYB6l#ic4Oa<T9PTG*Igb-3t6VFQ)O8&9#
zXaKVIe@ClIns^558tvrkdPA@4O;*>v;)m^MUDJ92_^~IWf{eOTX{FT_S3?jy+qXbn
zVOc5hXJ|z+SkZi}h&Aet8hk}<^ortGMfZsxp0x{t5(5=&_0UGORMz%n7437<im*|2
zI6QR8KPFN_RL!yOPMFBBy)FG|$v-A;up|!OI@lu)KbR{2H*&BzbW^JQMvPeh5f|>m
zw6~?FN&YdNB>Aa0Ku4iZ?n#x$bc)ZFGPXz@NUfItqoG^b{utsq7tG31vL6eOg54ax
zY(uv)PkTQn%Ri!tzq?D?c($2TYpeQhKsz7nAK`*DGs*r}UFvTJ4rj9eRr-Nv<C$ij
zT3ghm0k)r+Oh34daOFl|xwFkYwYI7yS~<|Y$wf9n@W_Xx%&53EcA>}1VapkIu^{;$
z1qkO(l0T&rBwLgGDRG!-!=Dm^u)+S6XvmWTIlWR`m}snnhjo9zDNa5mKxU*%t4-8l
z-}O-!`!-S`62fKs6Lt-EK<XX;GcG0eaXtf+gQ`!)MVsVL_<}1G#tH#&x%UgFUg)_I
zMxhgFSSSVx-D?yY%oSS83dKR82W@(xUxyimK4XPCL7}h1uuz)sjQH^jVS<o~S(e7S
zU20E;Z|ip+?Fb%8%b#$Cy1Yk#sPF0cwSMQX_}<Rme?s4H<=%gZ?@ukj_ixen^$fh<
z%Svu{O?=NFtH}5>F6CS*hxO>26~H{6fXk9`F<kOHn*!~q^DFGMiras-3rWwUW=1q!
zX=izBrOb%;SJ)XY{U479NZ*{J;ezn2lo@e$sa;r`0%a0stgs78$@&0ULx-KJRuIB!
z$WCzRq!Lywv<t6?rDjH~g9;<uNLtE_8nnVL#OErb9uJU#IcviOA*pY{SCYTm3n1uJ
zFmn?oXrTIC!&tHg_|*>HMtqsz5F~%Ma7nJ~mOAek)tk1nXu?7?DotsxBRVCuDzgN%
zD(P=ii_%N{Fg*;DB^>~fZDl~fze7ahyi(acK-3)kA!R14USb!N&R-iK?+f6-Qn&De
zk9AyO_<jldem(tuHiuW6<R9v8lH{k_jbomDFushCg3Q5L^u4R#Le9Q$K~O&i@E#_M
z*$%TTK4FO~5LV3#ZzD4AH_M`@E{D%R4k=6wpJ`$kLB-HR{O~IW>eSB1*eHgaQgLN?
zV!Y_l08v}v4=FQY>0-N}beLs;y4BOfki|Z9u@BeN59@I4Pw@|GlH^a(3>Yh}mJ(7h
z1M*?`2e}H=oc*-<S(Sw39H9SAs^kPQ#BLTuKRXHna~M8`piSQU%z}8D^^Y!(jSec0
z?p4X-S36=>uj|3)n)Wu)H>DJ!RLc3308z)`4=FR@`$cv^Y4w$nNAa~%CXQ)Y_~Co(
z!^QN&p*&t^iho3tB*Rc+@g7VZ$?)D)ph}s&-I1yC)l~U%YNj)ODU4cMCx@VPT>!vE
z^5}9xa<))eJ!_1?2RhJE9<gc(l#icp7hZR!W=1@))EMPaXO?KA{A!N?={F!JmlBCG
zh+K<z2&tJ7cC7T`JiG9^L$?vn0qLl3bs|6a2#}<HIV<T%epcOGu9I0957zAGd3H)|
z<r2H_x?LyJ5Xtn_$qb@op37MrE(p)59~x8!A(g>MWjLi`)2ZxU3{-B@sWk5qApLXZ
zQ(m4|A1)_E$?VRYg)2pvKNabnUWhif9_^n)JpQEeoc6`17<W7!hntn`i{r@wqP|;f
z;8xwEl`q2@R$%#wto+Zk{0V%u24C6c;HzoL0S$-zNlc=ljDI9R)D$c|1xp|J0ZYFO
zrD61B72#lef|ky}($8b*xvX>ol%~41vj|nO6)n7>h#Oa%E#qnh41x28jhPJv!rY$D
zDdD4fdHgBi`e=#?GptMc%P^8s;|u9nsxN-{sU2<0$nMO<0@t4~6EXAQ08xFqZR!1!
zT~H2xuGyARU#LoekR<;wFdNKh7Gx*+hq(%V(Rp8OGxI(V!mEVxz7ZaP>khmpg^%jz
z@h2I)(`I@6Nyz&fz<ci$WWKTZ;Uu86CsnTNR+c;(AgTVkZZHV3Hqmz$!q$6~!$|?6
z9>E_{W<u5iyP(_#ZJ@P}$^yvq6#tMWN&X~ls28kD@egqotkT=CP%yXQD+o(mHcZ<T
zL2E<z@KI?Ve|Mt|J#B_HOCJbrkf^Ke%T14XcRcOy>nY5zQzdAM0ehtx<vX%WGh|2R
z+Xdy>8JZy*HA|gYN%?-2nJ6&Xl<!wv1*?>#WTxq(Fv)XXTfF=-A60G>rTr|v+KsPn
z|K2WmGIkRB`Um=YI3YwSeT30@4hv7j!aW(C(X?PUd^HJQ?fK3w&<^or>;hVSlCWRY
z!2v>)1sc62m~$o`KO*yxUK>hpI=<?NuipR8E=Y`49s0VTG2f)WV)RLRU(hKDq?7&_
z+*YQ2;g;mCZspCNs8`?BO??B9au($#`=J0)C((&KGvVENc0nndPDcUAcLx=QI)oOx
z@h~tws!;MfC)^8MJ<b?@uUmi=9MaX~Lz9}Mj|JsSb%&F^u;~GtcH7ej>CAP6x4_|^
z1;`;3q~i<NjE5sUb=^wjLrjd#D}mj-A5qLo_v!coX^&b=<*t@hu+KU_tiK&~R`NSH
z-UIA^{3Gpb6zVFC^41DNu!Fc(^y3sgJyloomQ+a_FF@NR$y-I=2HYr8UU@J;)aB)x
z<~IA$E-2r9s%!3c+MVhr)a1`hG9=p?S-UY8CENTVD%rsXn*HD`E?@M-i#x&v!9Tge
zCI}fNMD%_E|JX$D=a3MuGM;$ko64~+hCBFRIPIJDM{JN-P-){3Qacxm({rURi7VPL
zJlj#PNL>=Qws8pQ&ndf;=<NO8)A9M35o!I3?t+lC{^u|~PernPLCTDHYpz|8F9B?3
zVplpyearQ^;tnS|uumoih#KK!`8UN?xq74mGUkGRxc(&NOk*j!jSjIpj=t`a*p5E&
zj-;#k`;rh}_l*c3;2jJEzCH=7a)(WlPbj(F5M~sF<By~-?y<4_%M$~XeevV4`o?Ge
zN5Z8p&e5^7jycqK@8V2=3O^5noXW}`+Epy=_PW~zbm06GP6~oxEaQIFqC~Lbcnd@Y
zc)7h^fy|W8KC5M>%!1^-ZIkE&U!mxA)uAi`puo6rsY~L?7+U#HP%7cmScj16zpKeW
z`gL)7du2HYU{vc=`J5zQ_Q-|G$@$RJfL9_nrcy5~=&9ozKOO0RIC6e?`X0&uZ20_W
z(bu8|)q-IzDKqiGuk3=d>_3PxIjt`J^c)~edgLvN=OI8R5WU?ZD1QKRI0`#8X~Qd2
zA#&!034*fmYrW6w*|5(CbO{jEW)lPx{`<=yhll%Va*%3)9Af)1IlNojEQcd^Q#oux
zIrw8x4g)kf{M5}Vha>Y0IgE7OQVzA8x*R&rv<u3D&M1dvb<A=|dXULsWL;ej<HDF6
zrhpt4P&xcMOOu1QM30w9nGtET?LxAAEm;oWKxr`7E-2402@q-GmK|`qM=|9TV*Gx6
z#L&$jK@yR*K{xlcrav-Zk=gAv(7nZw%)6UQ&+{$GC*q6fjIbGiDGt>`Qu@5y57hsW
zNGT)NE@hO2iIXn?0#nq*AMJe3C^}xLOlCsz#G;gVNK7VWCcB?V_WSnQFoja2ggLIm
zl?3P%4bLgXg$b6l4A`&!CqN*;@=aHLK>6$uf&k~R{3(&X{i63A<j}q($(P9!k#M60
zn2%`FnyODqB)*g6-^dd#`np9u+Kofq;r?F^+R&jp(S^<@W8JP)`I2(2bATktTa`9l
z+4SqGCkTL}+ozr&C{HCCV|y{wv|a&Q(%vR|J5u8!e@!1KZMcH%A@sQZie9j39Z>N}
zcR6Tz`aC{=yRXD1pz;HB2wPHn&zBLB#pTv64KwAXDhp#cuz%9oj#@6?fl2^QRcdw$
z5OrH6<kO(GZhNvj#*}PE%JjN(wQNKAQpQ+!jDRsDd86pV^jHb~D3hK48xH+X`$zP_
z{Lp!unE58^oGaDe^@^0S%_hm|?r={=O&gbWYnn|r*%$%tHWGx=D~wr2`Xf1v9g#|v
z1CV}_?A3F6MtkIKi2G90ls@bQbQZ%Uf7CcP<#Dg*bwd=Z>Dg9v$~q$YXgfWb-J>Ph
z1~@FV%)7J<eR&yPJ{m1$Y>Z5kucXQ4lAKh6Vi3JHg4qQ-Nsz?|?|w&{nZwgXl*vwz
z_0h?`iKb;;5*+^cyEEp|gabP+Ry>+IHytIvGrJX4(>SSfK=iGvuM0u{dPOJxYy1?%
zdaN#HGmlG?x24G^)X&ZNY~;&Ic*g)y$Cv5(!b=hYM18wl!*6BBTvFXG<*x)SeIjj^
z`gnlLtF;}AWGAp}psE}oBr7GpP`zGe%GaspmvZr;4c~yJ`zcHi)Vs?K9Q}+jk%H)L
z3l7F}00D*W&2yBw+zKO4EsGyQTL(LJ3zsa9bxX|5ZD>g?+fgT&xeG1mkDqIDX72rP
z&dj|P4rUG@nhZ<Vs<y?_^{r>MbUy&vP*kJYoTbZ3_K$HT6`#=OtE3D<MBn3d9dPvl
zW;lu?s2pH=Ptfu>`yXlIf666oJlRaDwO1-WBE7sLN!~7X-jTju@;isO!27t<(XZ>C
z5FiChSX_LJt6-+lzh*ib5z(7Y2r2kwaF$tqhaq!fvRk6kONEH4x~hoR7fPS{AG95#
zepA|NZTO>})`o(W^u49ty-@Go^c|Alxhxvv#EkhV_XkM9DxQ8)@ri<OnH~hofsqou
z@6pPZtUuzRF62R~KO1gx`bd<x`vOEQE7SASMbqD<+V23T*FXNi>$OMTrmig4@;VbN
zlF@;hX~dYn6pjhiFzc;9>h5T&QX3)SIMy8v;a87b>e*MC+IfdKRRk+oB4*YI#}Y0n
zqlV2R7fbT}+og<Ln+HPI{zt>rA>~FsVyw4L2P5a?l5hlrW=5sy-OXveLm-Q0I;&Tb
zi=};pRyVbR>UifXV&?UlSOPYAJn~^lZn%xB_u+6gO3$+{pHNET14M0eQ_K6>qA%hP
z^hErDo(>^t!#jq1@}D2|1Zm#E#e}Fc%=t_b|L%kM75M!^_`a9n=9SGgzHd#xf1J<v
zk?J3XSYDo+grxe1MdFcJ>dc|XlmeS*QN4RR1cpJj;5+IswX?xpxrc5dCbgTksl!b!
zPe)>{e&G2%+(*l2dyda%JGLec|E<)8^sT)C>*vRt(OOPPnF-!6?51X50PY)VNiF$Y
z62I>Y^&ER9WIZiR^*jrgAf4x$YV|aMdJJ)6JsoL1r8f!5(&ZChg?wCK5~I34rOQYD
zmXpujOg>?80ixb<(`tVg*>T>M{Ahy3B2G{Cwhs_B6US4UylwqZiH^iIVQ5X#>&EA+
zZLb;S<MWko=ogLo{1*C3upCx`%jqyKxyt3cqu#@Pkhp*Bb(bVx0lm$r2?;&J)%9AQ
zZOX4rob-#%Z(o3FSEVv7FZu~3n%3SF=e48_1NFZ1$b~FM_u~x~|8Ex{>X$bN$x7Pb
z(`8?9cyN~FZ~NvmkYD?)C%|tEm;4{%sy<KjVw(8Gho;&EoRt@~Mc*G@$d_S)28b%M
z4;|aC9nhr=mwZI@X4B4+$GXGUF9unz2me1yD+1w*?*fD<Pg4eG(Ek?32MFI7Oe;t5
z{MQ|L{wotLEwrEI<5d0&-x-aA@2&+1DcFYV%eL~<(9REf2Dh^#wzE&B*3PZ>Vmmul
z)z04Wd^>CE?Ih67&9t5SJ~p*;O(h{}17hyqLolSCi-x`(T0)5OSla+mkKWL6mWUGD
z-q@MAA0ihgBzc?Cp`8|1*(~}V#B;(*1pPYxx}k4i?~~op%Jq9GH|cCjko-{(-{BC{
zCS{Bt#nCoE;`7%_F#F_DwN1h_1WM<)0O4lZ+9lN8E+L}t5z23QdzR-Rp@a~%SkvDP
z)ZI{qw=-B@X46@Jr!B|&uwrEW$$JAteL?$veN7PLiZFJNo~Z9u03K2P`e%W~-zbaU
zTtXISP$rC-w7t$^f68KCjm4gnMOO(w|HHgQ<#XU3Jn<Z@O-3_a4na*X)%SDTCOrlE
z^JJQ)KSnAFh^%KO-tM;x%9J*!I`iy$HsVX<fFy4PeT4=5Ow=l6NoIgBvsP^5Y{%`;
z_La1S>k4TLFOx`ZNwpd@VEg*FKngplqP><GAnK=BP^oiIfT;Op_#@CJK-9&hm^K7R
zuLrZVh?0J>kdXCWAhV19?nQrR!tdSC|ApLlzrlBl>GN1x?pr9gm;P>Ch})}jI{NO>
zO3k*YYc7Z^4TJ^Iqjb5l`*w#w{RDriJ6cV<P6u^Lq^WtMoY=h8Kz~1Np8QdOs4Fkh
z79ECqdTaH3doT7G)>9kmc{n`P-}J9Ww4TFQPp#{Otj_~_2PnToE)uf-0}%0A`nx#_
z3x>Cn+Fpz9ioS=-30eP>Zn)H<QbN`rfZw_F_qkH;!v@@kSLui4x+PH8mlC2ZhXPyG
zu~a4JvLAnxU`IV28z5>$CCmF^UI}%M<?`&iVCe()NL&A0Cd4Bbub&F_Wz+i7O6jA+
z>rcR=jr7rfcwS#^XXJoQujG2UfuVSh6cC~`yEni~0C(O>@cd^Kp8xz1ZSi#4fJ3xt
z7w!r0jfZd6l@L<!+xkJ!3BObFXD)C%SCy8n@j?hEoG^BOjza<Gh$z~v+dZ9=!bRUT
z0k(aN70gM8whyGOU@qep>1&^HE0`4jdoJAkNxF`kKS%El5cU4+gwV%H8z9NBZ|pUE
zxsJXZag7lA9d+b4C;5|_B>8)VT+93@`JJ;HB0kiIb^#;z{!Yr<G3*`$*1V4qA4rLB
zxkiYUreSS+(M7=m-d^pIG7~OOwF}CdW3>$`(RV#Sh&md{;?;|cHmpjHSQwo~GjeUB
zuQy$=b<>Mb87I;8+Vk{zOdCD@6ePU>_26_v@;m!C!1Mo;u=i)shSXOHS-(NIFU)Lj
z<hLk?SUS3&wWB5M=t&K@j#jN5ooTmr^f~P4Pd^RW(a}uYSMCZBwZS!WM<2L~FAva{
z+pgZCqqTJ(?dV@`0~xfL#C3FLYg0%6%!t2DiGO=FL`Um$7It(N_OF;}7nEtEjsC5m
z{X5_)*S|l+=>4nHh|v4DKkdgCV)*{;LHl<QA!Pkd-IlXHYI>6zIvAY$=-}*ro)Bgc
z9)ez9O`pb}CuDt+{+oUK_l@Al&)u1P?1lw?L|<b7i={?u{qqLd?`{yH{Bk#2cdvp(
zTF%7!Alo`0p?-Cw^84yCr%4km8^$BGZC>k6n&^ER_DtRlAN3#lHWK_aW#u&HoYA6@
zRDj^5oq`=H+J?=onDForL}tPmI=NTAYlu{mw~tz+wyEH_T5j0_o-I_#)np+ASIt6m
zl~Ad1)mG=K1@7^konjZ1SA)13S4sQ7H52MxC{#rRp{|;OLjAi{fT*=EYot50=CsAv
z6*p{u!A~;SCyVv!o9HZ+-Nk=*C!ke1$KiL6vG3m2zbh{zCO2Ju@;Wj3`zkfdhP_ko
zIYS7y!^iFK!9iV@<nJCyo_GQvPN+^~W|!CmL77e!%Ku0twJ!L!3|8L>bwmdMwr4;&
zd-?#qR1EF{ruWA9@@#<x#B>U4?1I2P6MdWEuvk~OFe*G%KCet~L0!2mu2lIXf2K4m
zO}<g^tJqwKFHDnf<kXH8gtgz>`Td^Eh^J*cbsq1SWEYfSGjI>Z7f0PZ>MM?^!8TKp
z*3t5#W>R;db&CKg$ijF|vEphGAZjmM2c^WH$;poqg!sa>v+RPP$DQc&LVW%WeLh)_
z8)Va}l>1v4QHyuM2xoVq&zrO`PKk}c=iTV@uogysP3qYLD1ju0xs@K!*I{nBI=Wr-
zegt1-yk^Ig+S>+;Lvu0EKO$Q4x2+>lQ{UZ1U20E84SSkAB8IuvX>#|tB(Z+?PT*rN
zMjv~{`*uNT-5h=F@ebX`4xo>{t`+mKX(Mpo0MHiv&THLaTkVam+P0d*0SfVCSBC%*
zhXoFV^7jCYh(F=ihaCd-H@V=(d)k>jz$fjClU2XE4#Cs;(QwgwM!WQ!CKqQfuv3+u
z6)OnJ11)u7`KXeL&9!uBiv&|-e=7VW=}lAO3z7Mi@T4%k4*Os_>P(Btc0oRtEEh?c
ziGOF<1?B$f`sU)+N<4gIYaSr#no5ip<TQ_k&ZjFCb#f&k+4F$EM`QK9x*AlNh18}G
zBzzoPS<@_lGY7;OFQ?L8p3@9_S$$A{u4K`21GV2onLvL(Wc(gUf4>zV!~hKdNc{Ny
zlHXb95ginNuS@bf$2{T?(&V8#G+g{EF4*!g<H?sGo_skTX8mFuor%NTO3kLooF;GT
z^=?a*2|3`Aw<=$@pku6%77)EZ!+HJ~Tl#}k-sun1cDN?6qggpC>3F3bDf*s*;}VzU
zba!33p<9{LG(h|f-TriUU9}Uu+OA|Z4UmF0w55~ie=C{49Z-r}8vgccm2_^+&7K3|
ze<hYG%T`s?&Ufc@pjFPLz4SL6n}aycE3oLhoRrfQdNKP)Is{uZ4G{H8CBkcMgWI=Z
zZpGh{8-80wUvokT)5S%xf>1Dx)%--PAgJ~L;tj&p)hMYm7;R5yhoIa)EkJVK)S9m)
zBYnJ_5cN2puRp$!Ye`CcuG)@z9_N~~nddghaT(^8{LVJD&@Ucq7r0O8?9i8WmwL_E
zf1xAjCnz<BGJ3Is5M?9`qpj-uh&<Rh8Q0^FXmQ9({7`k<aHzr#nlA>=3k|46hx7$0
zGhup$cF1sT3%;f58)bCuq^87^_(IUzJs{SVcQPIysURfH|F|p7mnV8f_%S{b0a|L>
zaOR+6lwmW}bu0gArXR2I$hqmw(qt(#7DI6bAz2>3jk6q5hGO%`Hqp0>3VtLNt-o0S
z`;&5meTt3~PS{&&BF@}soOmlWwm+|Axo+yZ73B_gnx_vXcn4VWZR)`QA@PN%VxVB^
z^m2f&QQiFhmSz6!<nQi+OCEKcg78j!Mu|=I9Rb67SM0-drVVr3q>L?{Ec2p1pJylz
z`px7yXiJCH1S?>dGTwhe5WO`Z82)}=<+D4CLpuFn18~d>$^>|bTM4}*;Nfc+of~|I
zIhU(<Py~mY6N!bsZ^CXD8t^6?Meoph`gA4v+YU?8tWpv+O1o=Nqx53*U`ZUF3w-)h
z!s&#TCijYAIdRhDestDK>I7#YBuwm6`7T=|C~vr!D?~f(n|f%RcGJO44tnJ6N_i7%
zov?`LohnlE6l)W`|Aj*!&eR%I+oMuySW|x5MQ^uS5Lb*AMDNoexG|lS=Nsz@OuQpe
zM%}Ra4>#s99yW^JPw};ccRN}&)}@mQ(vjq?qBm2Mqw?~dmiHcci|Ad?Ne}I|o62p5
zlTPwO-Eoq??H%15LJ0Xi?~YEBQ{6EvQBIOrKiS<0rdbDyaP2#GL1}wCPW*o|!JPxa
z9rDQAludV1!4-+#8&2&Qzc&Xq3!Jw*A#HG^6NQ%f1d-%M0A2#&CVxUv7=1J52}!O2
z@!V!L1VOpl#Bhny@Z7>~D3`E3EJTXphhYbHOtkWA6T@Zt414YEha5u27?(rxcXNr}
z`LuI7JCouag6Qj07Y56{@ze`BBYJO(5ZI{kJBfpO7Rgi*zNpJw3*|y%UF&_#9D=Yt
z*&Xfy43hkm_`K|ck$UT6oYZ&NFM9K|qYh`{^E?@CY@)9p9O?Zd6(p|j8zMeqULy^k
zQ9p=4`#45*<Cy6DAngBq&?z_$dI{s`;@fsX`5+3r>bWr8M>~f;n(GecqqS#o(0T9b
zanL4qLCAL2$7c1=n??PSLhWEpnlFz!OmtL4I3R+bUR#2nhwZe*`U#8^b~rK<E@ehs
z8D|&dzog8>{LywnsR4-@iRkq?(Mv?<TJ)~Bna-HJjb3<q9md^McwH!ZW6Ozldb?RU
z?y-Cl6(DN;a^wEb#6%dXquW!5^9h&e%Y}nfQ7^W4V7CZxHOg+2{9|G;2le78-fnGS
z<M`z<ark=R?fmOp(L2?SI>%YHE_ZOi9J*CY0DItEY@-VGaJcBbzXpdN<bowA0(<yx
z*S}BIfy7*J$RmzvTL<ix_`H<(qU<gr9D<<!Y8#vAomWZd0*3mlpo7yvV!5KXdw@zT
z#wPj_1K=*vI(fBwvLPDAX#I#uq<WivKFlL;SEI`@SQ^tXK-51f_46Gr`g>47_cO!k
z?~dB<)5bg-p9?cBIFTNC=q5<DMCWbYbdTNdg3ZP>dFXF0me=bVW;p9o19bbo|Jqr?
z@b7P9y+O77zqQdI9X2wY#ox}d7WJkBcqAk~rXq@UXvY)U>uZ!0LI@@u{-jdh-|yBS
zKwu>g?ZlK4$~_I(=u{h25|WiFpHN)1Ttn@<J)BGfx3R-3_{IJT&aXcoa`5lG4SONR
zI6i>iJ`m9E#pMw@T{mqacFqXq+SHY0gk)tm6j4d;3q5w#vE{5i#mWo7o%1~_p*PC-
z{j2jzr`rNVO~8Fw#UEvCDScd95VCFc1p#6-%E&0gVArdIY&^)Zk?K!~Aa(?6D$H&e
zDG2KRGW~qQc?Mpii(+Ga>|d~cObUz2^!?wPYCU7);GELncEiVyq2Aidgpk2msq&$u
z>@Yo3T3*sxSo>fmFn*rgL+8nQ4^aQ&m10+#oJ?Tl^O&6c2ds^I%Bd$@ysfoEv?K9{
zk#<386p6NWxC6B?AZdp(e{RSQWu9ibmfn=DDFzqeXgU@dAZouNT@FOq5g8x_N7=c|
z&dvpG=seXf9OkL%ZP+~Zbht53^{KRL^HiU3ZJv6#fiX{Y48z{&Zp>3M75`JE#<{06
zYDO6*#Fr>X%SxC&|DklEzkg%*GUXFW4E?<Ye`~E(K8?~nL|;R~ts}}clSS=SUP^qf
zN4|jCnB7wp1ofeE^ZBtqlpSJ#s4I%J@uaMwzb6!F=SO1k?&Zu_@U*{*bqGogFDRwf
z+<VFh;S41=2C~Cxm7PoZa~r)LfcbQPLdf$JlWXESW)qz<eEZ;LnsY`4HA1Jr?n;>n
z+uydca4gWrb<L@U0SgoA#uB|=iyhBH=o)RDX4j@{wkabdyAl2G9{qfp$KS&RTjm=|
z3Gw(}kCZZOHZ-VU+yF-q9c>s$aDs>Wz4z7EW5OChWh%}q-UzBna!*%MHl2`?)|znz
zAw;0=slavaZg3<h!PyOrxFbwY2X7FP>Q8J_ZWlcAX6k{-TWK>p+XNwdlSp+Tpym`~
zJcPbTF|_e1s*SUYDS-sF%+4OC#23<X|FOY3Hw#D<t7D3}^)IJi9{ECi9_W-N&oeAW
ze!K*kKMcEjbnZBNn|Y%5{as2(n!L{=ABU><YhGRUS<2ZxMM!|UyUK#wjP03*HwjT2
zmK*j`c_Y$zOK{b@v=pxXeL2)F0DF-CG9p0I<Z|eHLl<yt5cQrCt-n+K2}esU^5}x{
zn91ZZ)qK7wVF8rS19hUsyV7RNVTE73$<D9%+fKC7O{N7Or0sPT>Gl7Ao4?0l{P4eT
zX!G~qwYmA*9u_ozzbSI_x360XAxb^b=r%kZlO`X4KFec$MlD?SOxlKbZczJApFLy~
zbb+M$6XX)RkbQ~{D?H<r@NS7+&=eI4WiMvZy6*-Wl5Th*rDutq6}U)0zsBAs;oEq8
zn_WcT9fkv5iJ!s!$f(_JhmieCB;4ix&Fv7Br{728z!nbL_S<(i2sNVWgzJ3&7qfn1
z{mG4|Vs-cpLel)tyIp|z`Yhm>Kktt8WH=aDC3t~*?7Fx4ygOXEJAz+&ZW6uMA$QKR
zt{gh_tw4}zu!ES`rUSK)O*hA(nUv(ecr&?&T_T2C4ZhrKp!g$-?Sdp9lQI+LzG-Iy
z0Nc1tG&P^v#<_54M)w)CnS!>z$S!0Hv`gt|Q))->n=M;K?~4$ONmyR=4`S+m-D&|&
z*RxoF6Lcsq((nO7_%6LDAJl6>2S#mljWZcwCyXZTheKz|fV!N%`ev0AhAQB9&bkRU
z!S@<9mdD|1Y8H0YVjqCJqtQ!~_fe8_VgK<Dt7ZQ(oVV;?*40u>B67GLsNcYrFjc<L
z(jh4MxNDu}%Ny02a|yCvrvi?KeoOqeokLJwdJ75`97>aSs-G8AHA{74*zK!gUCnH~
znyoMbZ<Mjz+WZW$N%W>eTY7|6vmXJ=n~i1|!UlW$)dg1wQ7%V-OQXJ70ugpp=9x9M
zJkWPw2rlUch_=nEc7aX$w)!aD5#gwI#=2H*ca@Q%4EL<5ZIg8*geViBx-Duf(p9fx
z3@MTha;jKTX2RCN80U)$r(Y(tyFp!ZD3Y(~AXUE|SAfF2>%dvoU^EmBS*IVV33*Ws
zBlaK~l#|!(g1Ypwp){}J_fHH)rJ2dT|DvX@G^waG-J#wCRB$8Vc*=3UtHJf_YdlAl
z#n6S??J^-?kuGSfOKo~mKf6i@7k|vS=t}h`bfHq|TqJsD!#U0Ik%C9A^vE|v??yPP
zFaQpEdi>+!@CM3b;0KR&N7_7c|2T2dX}I}3)E&*X79gMjP(7y^d=7+gG~k6~hlXm?
z(t%eW6T}bugkv0|XKlRtl2J}ZMJs=YvmkgRrLcW7944>D{IB?Y7E<`#&iJu=<o+?@
zq%Kb6C#EWX%1r!tb$(uQFjH7+7X<OcE>7eryOz$A=<Vu+t;b}2&u6_>yTc>*cZrh{
zS?zIE)jq2>Uwdo4_AssXub}osR(m2}`-4us-a%TuVIH}Ev^XgR>V4kbiFH;acGdu`
znA0Qoj}#|OV#T_#Vx6#9A3MVc@yPu<;dRC{P*+I}aq1(m{g-e$#sR0$@Dxd;=xqtd
z%u~VvBF30V#?-*`%iAFkm{vo(xm18R<ijO@!WS_NSjPCuS%cpgtXV@ZTX9!V*;=fI
ztsZ|0i}0u5UhieC$kZ^_?i%8xHZ`!#5?p1%8-M36+Xc}#5+<H;E{J5k3_pfN;x>eF
zUb+tS#4)%Za9Qd97M{F>;F93f0ujq0ZgxiW&VzU}e7Gr04<y2&V!&P6;!2gTaDn_R
z<tuxDs0;P=0qyh;>7y8oNBH|UfouP#n@P1ctKpS8K2m=d+(5=P4t4w2^?ybX*4BeN
zv*)DDh`MjUw)nzV?Sk^mJGi?ZpKH1S$m(;^`Z{8L@%eBvVlaOnsKgc^>Qw#xd;EJP
zpT7K}((pGgD?8|;q3m37HvRD}$2Z@eRTX@D=2sA6eqYbjUIFd+i<iKPjvj0mlGcSi
zgEq9cJwVphg?v&0emxpblvsxrSx9dw$=g!p^GZiM3z$msW_D=GmoNGnl@pS*t_GDO
zkXm8vr{Q_rzwBD@B)tVARbVr2XM2aUQwP2qWt38Vozjqi9@k8WrTlj;PIoIkYrxgg
zJE<>*S4+nY!zpWSrCwgUPkJoX{}S9M?QGZYlb#!B7nFXa5`q`|;4s)<scb7`i*m)m
zVi(h4bI9S53o+X65Pf~vRlg=efT&58Mmy<*t`ymV+Ueli31||uowJ~wcj)b$Xz=Yk
zdJ+1m<qHh|NeB=n!l7X%ICYz@F6H7?ux?e}4z52#;OcL!)jt#JZ>867<Ld8+_0JxN
z^>?84XWCi)0$2ZhzJ7?k6bV5p;}Ce2*=l1dlLZXit1~d60@r8C=0GJ;>y-23Vkvzz
z2;+C)W+_vH>-maQa`o)e>gfsfJfPR(s?hHvDSatjU!@+umFVyOMm)C@{k<!|&bJh*
zn=85f$aNk{GlJ6GQjP~7!fE-`a{XLFNo6Hb<IDAUu|j_<Wjg&M^!Ih+zTgh}d!dd4
zw(J7*!?l;_czuG6*ExYog0((wiXSPzJ8+ZwdMVz^SofS})>L;nAxb`}B<hkfO|HsU
zIJ(u#r7XS)zqbQC5!T-e>z~=5;a||!eXHLSq4tmR+YaS}n{!2hO11@M^gn&1_se0;
zWGpPD{qo8)Y-R>VMc-(QY|0JYN_Ish@i%m<uNv~1Ur|Za)&WA40PSpF?x@C+-`PV2
zHt%~L+03Y{gz_-Iq&sL&{r4F`DEI=~owTljUT0mXvj#h}-lL+DS;8Bo+|jxREk{S&
zfwkb!RhlA#)?<_n9!(7E(+`i9m~f-M)^MZVp|W~X{4mymF;FjP_GW}zxrbryEGe%f
zYO^8@v|`B1c0nn4!iY!LD$;PH^!Wt|L^1-yDFFw6pDM{e5Wrd3jDf}fzDY>IRFso{
zpsPUT;***@`dH9@y4x-C=!igCU6g;8$M7&-9$#4HF@oV}rPH3)<go-n_LXnTDv3J#
zrY4VmFWChpzo#LOU1e3sV>}};fD(A~=B?z>6XXG+xRkW6$uokWZmOhudl&t8wQ0WB
z<dbPRAUe)wk<U;l5OL@Ef0mEm{*Uq*i$Fz6?*J#C2-dv!ODl;g=<@0OqFqq3A2;OF
zwkr7?#@qqQgOottja$iQ-VH-O)Zo>mpEa$(8M3UTlE9G}<%x<)oIGBHn-|U_XJN$t
z$R@ab^s7g&6QbO$6|9Tl<|SBg94k1V7QBkr09N9w%D(t2v$T@oR8?Y%0%Z)X{>n8%
zlzrulYDc8n4?n$|QGJq9y%S#zz*qAa)dzH{V@i<fU6kr@WFa04k7k8y>xFl-!X?F(
z1Y+O1atyKzo~P{=xT$122RGH%bozX)gM*uT9hBjz_<V*om0&l}rjjZu@!$_ti&#2r
z7~0fpl%Lr;+Eh#G1kFj+(Wa)UYXLE<AD~UKjxJc2<nPC$O<l9-_bDr4);?R6O~~V$
z&<~o>PjA8|4lrwcxupqs?01hcx2Te+Vx`uEfdlM<^7mt06GmebTm{>$4KbRq%5qxz
zN5RsB&x9(Q@Vf0EdZ9JfgzPd)6FReAICZm<sQ2o<Fsr{^P@3^gm{M6~FDTAZrptrS
zr_VeEI`|x$qbE`E^r$36`G2gvcYG987ce}#$%dtb2_>-fAd3b8P1I;Y2xc+BtZpDc
z=%9dz_=wmN6$J&etBmU+D)?Z*M+Iz%1r;&65L!Z!7Fr<mmKg#GJq0HB``vTyv}6Om
z@Av)#nVmbgoPN%|_nbqOtl=4q#ZSV9_ppZJXv3}e>M4A+Vi;y^5^}ae?xkMWZ~-9a
zq<7W++Tg$~@uL$=>qgT4YOudH_-bOU{?1-y{oM(N|7@3zL$l;s&DN{U@{LI>|9>Q}
zYW|oZc@@M2D34C5VOgk#USZ=6$6Q-Y#<Jv9@3_s$tLOyfc=fXx6^bc&RXDDuaEz5x
zS5l?+d_(zvvl8LaP%Ck$`Lx8#Y`lmYu#&!G*h=z*5Gy%;oqe|Ant3I?j=@UohLzl{
zuH*;!=)C;xwf{FOdTCs!6*W{>^v5MOZUtV2cy2UXQQ3eHD=Ji1bnL2mMN^K#itZn+
zuV|bKt3@n7!BD~90op+ToIqp0(vl-t4TWTz{iv18epIr+6+m#Rx(PY4maG<nSR~|x
zS;iR76H1LQDWvp_rY~1>kYOis^=K=X+YHYM&lzFmq_8JzNPONHJ&%y!5d5}{M_`J7
zkA+N>KaEuni7u#6$ZFD<<4S)uTt=YweVzQ_Ip-2R{%KJ{L7FoL8g+yH&O+W-35Si8
zFy6NvuSCXP=ARwt@c5@e)^NCo%6IcPqXc7Wz-A4pyZmI7JCNpN*PTAI!F8uqkD782
zsrjWH=vS3^{8`QzsrzL`I}~vYPEMwzHV@+jF<*+iq!4kvFOQ#de}op9TWsMtUor1p
z22)I#>VOk(OIxyC7egFtLWJR_zjrV64bds#u$AL|&BG1RDH}XI!J<=eCKN_fKwqAP
z=v0Zc<}o!owUPH;va+*Q3nH{Y)JL?N<b(l-tz6bUkk=;JcJ>e*&D)T}v+38Q1F}jd
zytgMTEY^bAFx~!PoJW-0;xG<Q|8;_p@rFc0P)QK?OR;4N5&Q{*Tj2SBalPOl?htZH
zEz&>$rka;|VmOA}40)M-hk$VYI~vI7jUiUfHOv!;^o_Q1u2o@pcE4nlN>vYDRmjNI
zZHHlA=5`~kcoJ9$q(lz0a?<!oltgPyP^DL~T#6}I2=(EH)ewU5ou=n?WKY2(i~eYe
zxnT}LEE965_h%LSDPK1a<D}Vx^mB^O=%LwHS)kM7PZ$(!3|@M~YtYtW!uzN2<xGy_
zz0ZYf!NXxJEA#RTiZ;e^IBS{GD;lY<@QR{tRD1W?v@esx&B@KKAGC73cMYD?{IM89
zPrUakUG2`x7&wyH<S+zPJ(?xTyo>sGVHnu-b+K^V>g-`!UOqP3rG|i#FNRyWT+Bk7
z^1)CmC!L;HL*%<Gb@H_@y`kl6H~#LfIONW`L3p2!+S$?trlX(IQ|HT1V?2TKr>o*n
z`s1fcw_zTKa%tpwg~-=#=<yHwjFBKtN~RAFX>mj?p2m9{LQ(|G(KZwL%R%Swv2v2_
z9D-(B7(3c@4UYpYx}ac4EdVB91PiIT#R%T}yj26sK1?0!3cfmw<0ShaEnyqv&j>_5
zH;ln6O)L`vDUS`Ya?*+k>LE_w00mw7H_j;}K2Ppth}Q`I1o?m(Kjbed5I@9JWp44D
zlrjpVCt)}0#t+rCx~<w;zkbBZNo`7Ttq=|u%RFL<TRewXJ$@{w%RSHg{=QEApK^t`
z{{Cbb$GL(Hm=yC3z}rFZ76Hd*KZ17D#&gs-#58GmuJYGXDiq*|S}1;`#6GW7A@Vpn
zQbf4|VbBsqKfk!gougQJZ?T2r`1b-F6K?OqK~lxS`*PvtTz`ik?#C0@U&`Q83jTzn
zP1#MP;SOnQnPSMU4|ODRN-csv;d?`)uUR9^uHRm5<SXXiI~s;*;8?o*_p4CvqF%Zm
z=Mc;05F_~e$FMR1{aKlS#yG3e6>1zO72pXqt||7j?G*FAvkDOck-|_bmnNQtfPP9+
zhLw}veT>R9mKh840!bs!DnuTBLyIp7^m#hQ>!jB%fJl@7TcySGV(I(O^?06xKIiE1
zK0AG0r9PKPl`?f~745x5pF1e(eL4A81AVUkbr{FxHbhA+4uLI*S%a*cwENK-0vk4g
z47z|-kP-Z}k(}fkU@23G?XLy2eI)=id6;&d)%Eva_|Qf_Twg<owBj7b(mDu!Tg_ge
z#u9<~zh@Pq$*sFAZt*;dGQgKdtPr!DcB#3n5Pz1_E_c3eiig<T`>>bi&my0^rSf^!
zokAdT>0m3D3pIf=hoSr%Naf!+K+~)$Q~Xy_Na;T;Zh5i{@lsKx!SRjjgt&qehjAR_
zQpWpClj!5zYC<$y;J#`#vyXYFDiiqk65FZzb%efC<-42ZJHAU&h<sbM!RYN#%ad<!
z)s#~n?`>*TlaO|}mx45@i1&TLahz_#X=YXvE3;5^GwTz)RsO^<gPE1)f1<r1{e8tD
zCh`=_uOPi!q7eB)m7$Ku6RN!5OZm+FJ^OgjH9|_)GQIMIqf`<gm3Bi)cmCe`q1LZh
zUV6Dd!O=cHi*n{=Ldfc93hCb}sD%#M=4C4Q1GdIM#0f(WS~+R^!<cRU`gKB9H>T~q
z6<Tig&AXwtgD@D{uXkIy|5!bN$jyUw+a-GSVAXcXIj4|OkFIV&J9)6eaGnwD=$X)0
zLKgHD{iOC)`Z<NHUO~TEh)(K~-PD!1Bm@#()*8i9;R~6kabj`1^%*2|r}MIS0+I31
zcjU(zYAK4_216-|v!x1oY_)}Q*GPFOJLG!xw1T^M(jzic&ciTzw7U>y`eiyY$v<Zl
zBKI=JipJLpv}EXkL^NI=q(3B$wDUf=m8k78TQI_r?w@QVst*y6&Y`AM1(O+(;2H35
z@v@fmAf5H6kivU%dzZhzf$U26*7~h<1MQ`BwGc?y<*{;tSRiHe(vJc@LA1++V=E9Q
z$4@Cl9#o<3!&FEal1@$9^4~Fgm9Klm3N6v|^K{vm<atttfnDz>EdEJH=tjV2?9C?i
zSCXFO8PaD{Ge-KogkfbQW_n851z2h9VfX(jAW~?<cd=pi2ElK0V52ikXE!^okkTK7
zKxCoE%E2Mh)qPN;t#Mm9sre`nY0Iyu_c-m+(UT}Lg+S!z9^C?*N1LA<SwrL=z)g{}
z=}Ri&SHFuLPNOZ>j)V@!UV%2_JgOY^V4H_&n?=|rQOoD#8sQr57PnJ((JfvXCWy*V
zVfMKq0P-5hlL}WkjQK)$*$nwYH`rLQ3=pN;ZPXu1d0;2Ck!MG+w4lkh$?(H0`a|Hc
z7$MoVZ3l(^Sf_*c4QZeyZ}o_0r0%B_;u1GfFHnlW{McX<c><H1;~|L;RiUR(gYNL!
z;4aoo2mNyGN$NgI)u$Eha`X0P=sdpE9FwiaXoZkjWn_n`ZkLvi6)!==g_|xzH-qy#
z5V_c#6)pHJm_r(NfGxcDHq8H;)d;tkx<G3v?OaS-hZ$~Xh4J2&(6@dsrKLHUY;-s#
z6?F){Li)AUe6ubh925A)2)=9db%goqS49}d39~m8fk7;p?*FTo$>&GZxlBHxA*w3q
zX@=9z@!m(l*YEl4cB=tJ9`UTy^(er9&P+IR1t&||MucH%GQG!dqKqj%zk{~6+-+3x
zJ!I#78IaI=D3%p}2p%4Rvf_A*jzTddjBR1F%ORQ07-{-RMZX6Tt6n|o4u!Zg9Qp}5
zgnmw##VwA_bGZF3JDeF&@A7Bu#LL=e@g7a-gH|=?tH&87Wgb=F=o=OsrnI!8m3DD^
z2iYx%>!o8SDeo8S&3JEz)_8rJ_ugw$Z%Ve&j<pa>R#Vx4y1*&FC=?K{ICx)4G+n!G
zp<>0mN&js{Ift5d7PlDX77>~j%3OG>VIL$^wfzJgMJGZ>84lieq&;-hN$sdlhfp0A
z=^Y)0<JY#yIHMgm)ERB-03EHo!8%Il7^<VY?OI2_wfc7)hP2Wrybi5|cSJ$57EV;|
zgNaY44);4-tsL+B8%|n1<p3Z5CmU5`PerkF{_qcl^dAr^m`O)y`498VuSam4bpI(d
zHOnZjMc9*i{1N6J0`&}Nz^;Y0>!LZG@hw$cHfTvrV+-C|l#d$iS&vvC#U4?Jd_uMF
zA^S|M)Z&N&_ts+NKTY<pxI?NutPpwEb?yF$M4xx+&qeh4sO~RpGCfyFtLXC)wf%nS
zTl#!nzsIzYKHt##GqBF<hmEWwf2H5QlEQEwkcx3%QnhYBsky4-3*mm90mo3)Fi*pA
zu<#KIrK{ng1ggG%{c_}S4&`aAQJ%(W^7Kt;T}WHsX~F6xSiIo(G%H7ONQG}8rL->`
z9+lP)X7`lSoUyzwxtb6;l^W*i^yGzAc>jq=jzgM;@Xl|mO8dS*JgN3{u|OVPrJo<$
zfw`x}OlO?b=MW+_5wf1i<Mewyg18^?-tLf!_ko0vdFJnHicR0w=;xt=4|yo`l<@x(
zkk^H?{8^25pP^eA+~a9Wr9-WIu@AHXnOD)v%1Qq@h`h13t$u}>%C|J9U8-S3YzN+G
z(GKVx?qvo$!F;cWbDZ=_3cI3-_bGdWwN+qj5mBrV*@^HtDpej-h<v45yU!%i=Y#5V
z0Se&V2blntS5}+(4UT$CzaGS?MZw7#?LD5i8h%*EaAz0Cxy1tz$&Al~BzcrCY5^Hw
z8{F+NNHJG1!iJA#U;|yG`!;7qP^ptO4AhrXAq1~7w^i7w^fYHG#d@M3dYo}m7@Kb@
zMSUWr`#8DWc>i&SbnJja<lZWu1KkLeZ;jpjeE_==C>tC5dWq=pqwx9gfC`^xM);^2
z%%JMzBSuvRTPN#rQyltR8(#<q{I6*sgNsCY!6W|$Sn_W5o@T=Ad?u3TsQO&`oDCi8
z%gfHD8rtLUxsIc{=v$=K^Sn3lE}+#%60Pi`Klf`N@jj_F_7w-21gUD?%lMWuqsp(b
zw0#^9adjK2{I|)ik>1??!4S_2&zdFp{{!*7y{$pJID|mTz6aDn(~N_@s116}BbJlB
zhVv3Ezo}hnQN&nB{>CW(rQ{<R3bV`qy+-*V6dh9N{?82E@X*lJ?te<V_bVhg5?GF!
z8S={OY<*gMHVnM=7wm$V<&32Z-3$xuM;Chjezbn#q%r$Y9L#P-EdVG%PzH(jJz@b`
zhp|!#qvcqD=$3YBtlqZ{(?_BtY_?yOgkMz}^Y<WqUf!qDXRh)7nrff^P-U%cpOQ94
zYx3tdnl*8u%39l+XxG+gO^j>{R?e&%E1Va-Lh0~12k*1Aha)#p^at8*L<hPO3uat`
z`{1zO0y|&{A5_w>^&whxfaxIPc$_ipN~HI1=+w4*ot49UftSIWb2;>qGsjy|z&{@a
zS8XAmG}VV6MziCRpsQh6DNv*kHbf@yCRi&nHMS^Z*JyV}++wN&tX{Y1$#V#PTjL5V
zmo8@RRPz;8I$(dwkYxB;YhbKP_aW+|Fo)@wJq$0D2x2;8A%s{E8<4(~`rErOig*l2
zd@Kr%Sh#SN)<w0Mer$=sLEal^Njo_T(}eT1W1Ue_)?W6lnh~IDXWE`x$pfMRfQ4(V
zTzZns&!-A~<qT)6J83O$NzTtpwO3}xdXgizueEYno!G{5l(eIWNiuLvZsRz9L7Fob
zp=*!U=q0bB4!wkRL3&vatFU%~8Dvm%*dHxlRL$#7PRRAWll}lc%k7k2tSY^Xb;hxL
zu#{dVUNh5+uPf3^CWY5nXPibaU16}rd6ZtLTQnSO-$(FTtGfdwl^5Y!E0PKY(Nc$j
zRM56SdKtHm(F>+!#cT<QKr}aKx1!)!qg`KQ^pXkmvil0q%clD2B{~M^W!*gndWn;|
z7aHj0wpgT>M2%kJ4D|9dom|cgXA}sQMBY0;R;8AL)+)7JZOzKx>hw|}_1~>%S!3S5
z9d?Q|V-fa>@*NzPo>c1M=jVHp#{!L{*)L?@;YsfB{TeHm)zO1xL!zW*`xxO-8Yzh7
zI2XSlAECN|ij?FI)7Mxz-W%=Is`z{hKiuCH%3HKpW92-7r(<~E>)mv5m3^g-xLS6n
z>Q2M%toQLdS=c1mHUc`F?1T>2t)~9XjBd!%lyX+7ouxt!jTknF-u1TbhRcQCVclUH
zYe)rrC7pc$3vIpFo#S}#;C39hibB#880#D__-8nyGF<%1{ERfe$C>C6&kFu5XKWe>
z`oN$Vk9gFTbKF8f6)UCgRLJO2l!nGS9lZB=4>i_uL>g8IQ5q?*N82>@{nEpru{2%P
z&v%~p*)ADUE31ZCt9v1}G9WVe{2;2ide}Hl>UJ-hlW|lfYWh)LcbVGn!T*4Y<80Kl
zxPtb*QGW)P!F!vHnac*_IfUITKXX~tpNse5mdN1pkoKX`2&d}#H;-YBy77a(w!Uoe
z3(~Me5-eT4YmPw{aU<_dZwWw9HNVv3o*Lo`TB)}yO7VsIG&Tp{^n`+M2p?eKC4K)$
zCD5^#>JVr|E2BRBLzj<VT&g1<KWk;wr|F=7Y;hGJAHO@N%EwsH$+mg)2Tj@C)sE$q
zP?c&F%p;-iMYDYT3RE_TZ&fsoK)pTZFIANeZcbM;*a6Zvt+}d2tp+VRhBs@`OlOod
zV3$Ie;5BH`&uC|2hNITSODHFgK?QL}9!NpZqnP~9AP+~j0C~8gr%8Xd+h&l5!Hzf6
zpI_{%qd%8-R3+k!rm937(=>$syl;Cg{aMjL)t?rO>3on2`jd)8gXUyXF>-z`N=2qQ
z7wj@<&dnWFsYn6ZD+;9I<GEC3{o&B0;s@|UH;UcBi!nm7t?EyT_AF-<@9WW7r@T)t
z)}g#VVvN-EStkw^eV!-TLnjFp1iM6XoF_T*+@ExmR*_oX+89aRiF1wd<+;R-{2beD
zYNYK<bB=T6C>9q(Bq-u6r$Y$LaE^E76cHD{a=ReTaK=b!TQGopqqAP{EQU#=ROzK{
zDBgbDVLV^++ik1>**T}ayw}R=EHBS#Twb&j(?tu(wjHaiTvnuzY@170<-6|=10TEn
zmUMBe#_w*?0)1KA;2r!tsyH2-N1Q=b{a9zBhmvW!D5X=1nB<Igi|53RyzgDy@`)1s
z(cS)}Y%|=>`#MouEUADGd<}Ey?-=OsQR&Vpz}T4~#J#35#|e)s(p%dUt!7$S3$@_6
zKhqg2hzIaY1FPb8tc4ofe7_OL<!rRzJkv!9YaoFWOBI^~Hfq3i#Z-{lZ+pZnr-QB|
zE?wN{5l;*LvCc%P7o%(kJ0N(Q;J0;LWz~vvEx8M??K`BHZLB5IJs2MpjZlx~9|bZO
zr+UO|(l=WvI`gHY+Y~J)izSvK^BV8{_)ddZO&7~TXo>!%M*jsPfzmx&6w)s~Pu^K#
zuHV4CpB7tG?`Ku1xn9kL3$O|KeF^LqEi18d((pcdLe^~|qHY+SI0ve&f$gShK>p;M
zc|L2wQAZVJP$=lrn-t`!&^oeNxq1Ha7a`x$C*@X_ALg2o_~*1l;?D!$FuEnijdLW6
ze4h;Yp*&89H2fcAVTT@aNTYINZaGqn1J{fp2EXl%-vLxpV$mCqWBS&gC@tTNP<B9&
zLR%cT``XGp;#%X%<kYgd`muLu9X9r~FzQF8xuzdymDbUZ=UN(Beo;%9b`(XlKjo>@
zYE-=x^k!tnY36S}+WIE`=51%q`qAGyw7+>D6gIUz{+p^K8}YUM&B~^s{LOuh>iU}<
zwuJIGzvFM=Z)!@C=|?r^NhLZl5m9)~^>&k{ytvVzDXnd9rYT?AV)PthdGCOBs-6sM
zr0U6Y4MTViO$rn>X}!0ijpjMTXr9ANxIk{3^y|&E<>X&Y+VaUQ25p(u&ZsR<GzM*%
z@GDhYQ=&C(ISGE~*ILt-TUTh>a(a864yT^2Lx<_@jkNXO_Mx=pTM?iwSFfO>Oph>V
z%fB|8wdKP0s<u4d^j~Ys{+m%-zSE(uwiF~GAGPJIO-5}wq$AUoqdMx#OE0OjyvR<*
z<-OTS)0R)IVA^uwFH~DrbT-IEU0XVg+VcKrj^(((;*q+#OcyIWVrjZ~m@3Ouw|I{C
zo#a@Jd4EF9FO+$*?Y!?=H14cApfJ{f7--@U3}rPPLQVsVfcx4tKhv4XAdE&t2|3kP
z-uGlPN`@~x1pl)!cu5_O6y0s%y{|@KI&D@!^v*`69pkGFanCXpv@H}9D-ryWXMcvI
zF-+f<MKf*e5ibhjLBXht_fYY|YKNAlixs@L1Hm%*lxfsD<Gk-d_;o5ZA8Op<VbH+r
zfEYC_#M9EseAKM5Ob6c~_-&v3jJZ4<sv@quLsi88-Dpz8qLV^k5=b*?>v~kgf=4_f
zb=;s3s3<!uU)RJ>Iw32jg9@`|5J1QR1wf}5qpP8{C!v0-Kg9wUJEPfsgydsZPHOc4
z=uc|NG*#72Q*0knlLo-s?0E}KnsFMkzq~J5IcZW47@_ntE$!8c0{xu9nKN}gQS-J<
zu$|dqydH9!Og?-{J!g9J-flc%>a8ktZ||Kl=5<Sw0B$GnO2Nq^Ru1ZoGPt!;;nwMd
zDgRtZ_{|(lM}7Df@QXSH@LNkQ9A|fg-~3t~<^|s$O8c5j9r~ju36a{O#FnodS5F85
zqoj*+txpSs|I<FDhS*bQ2mvr7bmiYp;e|snPa*QetAzB6KQG@QvAomNiF!7VIZ^W1
zQkDah{yb9qIk}WoIMEbj?>wV|ls#wBV2P4))-!FUy7#>AEMAFP`-4^65r-JN5J*_m
z$;uh#N==y)c}j?|$IamT^9e%I_?41ea|v>|%lAr{`2D|Y6e8aT2aArP0`;v?chkN)
zi`UIwq-{#i8lW*@jk@f)7Y)#OSo`^zi$-Wr$NH`{M#ozAUSJdYw2CFw*Y}<ge8IJ~
z><ida0VCsbXNu(QYqSL9@p<yyG9mGW>Egv&M+<@vrkm)$u_^pA{*+<m{?+Qrr3;9w
zINZ@GT&w7rMdL7kr=t$R8;MMAKq)HOwsRTPvJ;}Q#$JXrg^9Qf)n0n4gPNsfYg^n@
zrsIzEhy{Xw9#)^vbY_r3I`T;PD4+NCZI4xc{iatCBx>F%^s6*y2Jbu92`#6Q61Ns9
zXe7v__G&2JCsrX@%nB+*o>8SG=&wM^mDlN%>lWAZzGNVyb?M?ofPleexTZS^fQ?{!
zx)J=f=(FeqlA4{4`)B#hMI;pkP0UzrWWwsYql8GxI*ig)oyHT1%l}r0+~69n?+f~H
z;c9J`75_G|Y{RRBNWZT`A#?b&flx7RvD9V_9+E&aTg54zXu7!lPa}EmI)CdmIc`R&
zWk(25P88Z|NB?5Bn*5)ugv4(SLHPRznYxQJb@$})y7NJSoeiSKatnd|*bzdc+||r+
z1(q1uTDyp|1kwx2j4!ltj0|$-7-FK;UkZ_X02v*vy+u)-YuuuM{Rug)1krgUS0Qpu
zNo@)pkXMUB51gaz*HQ{Cyak1x9%O`5tp(qI3^ddZFeRexMJ%D25J(6wvU1XzyD<M*
z6w{H>9&s%wDN5D%(786N8-gyZjk2~kqk!LzqLMoGCtdkfjU2{0<D{K`qU4Q}JD1=A
z*44DtW~6ZG7y1zSFGz5SnP%=bP2lN6gh*enLAJUin|jm08EkLj^ZMwggwoGwrfMKr
zbCg?LC!an6P=4wt1FzJ&iw;+Lam}q)@bk^6{<~sAq*JSrp~uQVbkh7)3X$(VQ;!<D
z|F3%0(20(9)sW+&VT$SEWjaf=n*HEfl)1&V5Kn>0b{=fnxlgO-5DClI>MQ2GKOH6n
zOlRNH!;ELroEdb|b<cnNfvk{0XI$qH$mGNI=*xn^CIF_J02oJyPb%O8Z%1+5Apg`F
zhZY-@kCqaWE?#zv2hzndTyt%5r!Zhk?{br+%gu<HuVbWV|5iw?2+$oDOu9#>z`cVF
zx>;X=nH1$G4&hny1uG4VGKW4izo^kdCUtVgQh7wh{hfbmHq6*sTc+!&uPq)~qgMvX
zlm7u?PB>JIyKOVt<8Is1<{ZcSJ^+h1;ScumG4}Em`qJB~3CF>$0r@#Jj1%#4=7in4
z*crFm%1OeVCb7f&j$7*5CABfU;$|!|u-HJr{itHOT>JZlW+@eE`hK`_YaX3%CNYnx
z16vUxQtDqQWqvq^dB?tjs}`7+SO_G%-=3X8VWCdAe1Y*!X=(2Nsd4<_enO<}x!|M8
z&z0i*@zul<e2S^H8i#RzZ;+ug1gC62NQm@WuA(Amojm-sO0BglA+~2{q~M!P_QwNg
zn#RiekTg0RRApsp2ZO9EtBVH%iwsFOabG=F**n*7jms}?CN7fp5h7*%iSo8dshO$c
zq)%2cROw9ZIL4O8WGBpevp(^!(~Troi=_`%GlPz*#NY~5C6=6_f~h85ECs3L77x3{
zDgjeAR$KY^A|v7WC_m@%rqqI|wg>^++zxO>r`(0WO%(Wkn*_ft<A2~0Pj^^3lnZd{
z=N`HaaVnO%1-fJV6&@<?LLG<;2SeyFN-ABe2?=IuBoSXIpJ55&KK(^Mns}zEx_NS~
zk?JR`mzSSnL2&8r-&u592jwIzl>f}<Fy-ORsB3x3NPPZ8Y2ga?8A#Du5r0Eee4QyO
zekWy^MSs9S3;F7yTNBCiH<K7G_W&Jl+z%q|(e1j38@=7iNl$b&iMZ@Rw-Rq(-Hali
z-DhO)U%;tdD}OD)6#DL0S?P<m`k<v^NIPfA;QEz|J_6ZGi1fnB+IG$}IN<DkxWBUv
z$%(G{>upv}dfv$@WvF63H-uQ%_#*hCnVTa+bMxO7H<Jiw2bub)#|nO>!oXo;eo{H?
z*R!gT4Mw!V%x3ZsE6q?seQQM>LLG;My5UnG)a6Z)Pz~0&KT#_G$v~)u^%JUj`)2kY
z<fOqr>YVg+6P1&$8aU~FiICtqZOHgSd3-e?(yHIs5<%@#%)NLJ4R41)&7hNwsE1zZ
z_RmlpLQb9q0={&evh6HJk!*)R?#p2ZjnK!s1$Fo&`(}J{15Eyu^gWDNr0cD9Dv|fX
zS>h}TAQW@)g#tuHshq1LM|GDh5hT%gilk3fpF--qT!&ZNNId8eCHNa?`yqnZfcN&b
zV>ls-0#P1Yd}}%Ia)xPry-e$CvJ;WD<OhB5f=Crvi|snHzBs7q(!ClN%0E^9-$B3y
z5ST!__!#OijCDrU_FO}Fiw8~oUppRrh3fwmsQ6q*2?~>c(d)AGn{e=oU0^dly$v=C
zv#0^sn%9e&7B$gMNkvIbo8r-^DBSyctpUdcAI_kiKVai-b!I8V*wePF9K7L2orB@d
z<jcsv;R}I(&o{Di2DCu_&maD8w9JN`x+ws9KfVwlW5DID=be9vkl-P0I`M__+t&yQ
zPR~#YFuqXEhNw`PN8CZ}6OS`i;(lfkKPrI5ZF1v(2$4ShULnD6;ln<ZTK=d}LGsJ;
zS|CZP0FYe#2tabMp_MaQF8)NR(=rVtW;+K~9MT4quU`c8&)9)3Ll3N+GiP-}>Q8Kg
z#CQoK*h`+he4oDb{u0h{tHNm?F+~P04KCN_6kjMWtsx|s3(I?uF0V)-MEc_=q~T>J
zq5BJ4fb^<%S~=;nCOYX&vKvV6!^S4ki-_R3V6P#x-%Q%?tbgGlJUPT9C`OnB#mTLN
z1fLqBzKAcBe*+3sx7DH`wbTHI#~&y7r`Y8$(bc*S=bl36eyp)R_pS{MbKl>{H201+
zjte#(NQY`k=e_~1ekUB?3|(E?VdbO+hOV+Aw5}Y|yR0h*cGdc3Y!{p|unrBof^F%L
zSGU|6T<6Vl^&xZIXbU0I(QgzITnI25LwmjcFHHNp2by|qMZbHJcJ|eBwtFk5Q}gD-
z<wzrm#UYMv#x>B7Zlb)CUTj!Hf`u74uHhg?nlsK7bcHtU%Qu5^KqQ^`TD=f(83eW-
zUfGx~UiOHm<>*6%1iy#nj-}IXay`V<4mPPXwIX{B39cIwdTNh`o?7PSP@&Yk;JZLJ
z9YTN9X)__gFQG-Jo6BQ^L_E8R5UJ}Ac-6i89zrC?4+#2F<~Ailh*j|0Uj6_i&v=`5
z4rVfwJWIbu(H2){iPTq-2W|z)_2dUuJiUS5Pat7<W0TAC;4+2C_RF^>qCI9#e#}Ig
zZ8m99%rs|=)MzOS^2kd;ekRP`g3`>@7^PXRor=190GSD6*-IyT8K5t{TdW+n3R06K
z>}IyA$LWyDzhlRU)Uv9b8>;y=W*uXPZ!s^;HakNHA%wX77TD=rSVTy06qtv1QhM^#
z5F+`PC?q%le(Xkne4xfaqkWdBG}^xcBi%igC`5jx5;xRin9yfC*jR4KV3Zgf#Bhv(
zES(1!og2nN9~74dmMH4RXZ(5U<jPv)L*0)uSmF?OpJrsFj~A<xymEz*U_Q`eXWHy(
zg^=Jk1369}qty1E)$@09BF69y0#X{VSRwM~6<By9LrP==WXPRQV_RJjNbP9b7Z`M!
z(uYIUA$KK$cYsz(xP`B^b)x~{HQ&@i_?;1T5FV>#@Pgiq2;Ym*Rq5rg6e921PeD+I
z69TGsgF!LC$hjeyyw}Fi%V`ZT7;=l{+}HqQ{!9Uqd5Rs$ykP^%18o#Su=vZsouLPr
zG*DF`A!hc)2E-7xm5oO`@Kndze(|U9;%#~u9^8nLwl6_X2=X%dnnEd(8y1gv0)#@a
z8zr@XZA23Yo2-hnax7xfaW0VUfCk{zq42PN!{Q|@Dx8Tm3gfW&7_bD=zA<tl-;hEt
z^nQ(^ZW=dRuadF4SdZo$2;y3|SOw$OcZ0FbP*ac(81w0RCe#lg?+6X~+t(8kEQJ<b
zXeZWcLW2M3jCZLjbf+7E1yVzIx@%ns_4a{PS8wTJS#ZK&j*}`ZHN+Kk+d^r$n}P4y
zb)l!#Kx6%zeH~xV*Am#D&2RDb<+Y)|?r(Bu>ihclwYpmvg4A7q0~bXq$nS4|t`PY@
z#U>$riV5kwe(~3W<IFPkaf-7cYe7OU_G31e_5Wk6;>*jrU0V7Dd%|S77(9uQI)1MH
z{MijQ8Zd%UD;VOQ-OR%R{gs|3gw8NH33O0*qcoCN=Mf_0#9FA_rsRDX`ebHOjeyb0
z8O}J~`#a{^%6>=F_+vriPYSbgu#-e#-Fc{5fUMtQ+yrqjZiQ_zyuLNn8G}<};ZNA@
zF>r9N)0!L&W|}u?gj-;-e2s|)<W@%@QzpAfm*$L>wtc3BYCO(Z`A%}PXxE`3rfAn=
zrroCxPu=X(gE#q9pKpV8gao4iFI_3F+EJ(TqR#e>uOaT_{-8t0Ivvsv;TX<wPyyR-
zmqFziBL<smM+}+`Hk$mkrm^Yd&6aXC!?YArA9CQPpI*Mnr~2>~;62z-r7PSL##X3Z
zk1pB&@64gfA$5(%b0-K1w$eeo>Pj6UnDxANYb<*x$4ON;6n!{Gq-gxRf=|>|<~Yhr
zLE!Czw~@C?K4k}Ie0f;|VDDAh@R@4ktU6>^O>oLk#t5$9q*}VnaQ`bv@m%T=FS*6T
z>0%9TBT$Ati+i^k*Rt>c<ynm(>-5JY!>-V$JA%Ih7{`THBJciPJ3=X2&72_btlMv)
zTRb42Sxv}1*9bwpsFgSquM4x!eG953Wyo7r&f}j9iG@=k$A_DrRxp{Ln#VUwa|-mI
zk@TM_^q*JwW?ttU%;>@UD&WlajmG@jM<9PwbZ&%|d-(D2uUO__$nOWiN!NIm_t7;{
zfHWF@R|ekv^gksCepjj>hC2nnD-kU}zY7ks+CBc~V?F)}F&@9m;R!qq)d3wIv0PfT
zkVR;~i-nA|e{HhR*{El99|0F4p+}G!XgTy<K@Ml-*yRU9y{_*YtFg-h<8kKV#>RSG
z%NwgF!P+%cd&1M!f7z{SVp*)`1;LhO@GF#vJkhoW>bST4l#1q_rCuxNPC5tYzPqmU
zS~+&|`yo5Wr6=9sy}j(1^>fRon3}0?V~(TT*wb#zFPNTG!+XE6)XEF@QZsgIC?}7l
zh1-mX8EiA9bWTOQcti!Pt{e0zhW?WXC#^kVZzugDmi}XxUx!ed*8b*=)7APq*#72?
z+t=uMAaCAYmXurdEB~z+>wAZ6C(l#Vymav1{PJ1Fa6icOUVfy`ck<ol`XK$MVAO@D
zKhKN5rsuaD{|Uu>mecN`NIPL7Knw4E9;!I@k3uh3!`#D-0CUU244BjL@AAI{`M7gx
zNcN}F_Ju6X-B_OERzpF+w^&{{fB*I_|8R$}_E<-u;ZC8VNO*jwm@g#l%-SIMZRu}<
z1F-t41qA5rA1S2t7us*_@6?apE8WcceaTUAq;!^+kHoOvd7t8`oLB+wHwej*+h=QZ
z{u(5$s^Yyb*f5LIiG@h#uiBB$si>bkPw<C3JxP_kw>#vO?K&x!vdsqGI}P%SMIM@M
z<vdA(T@csu^YhY^JWf0B+hOB4ZyxV0uyNe1=`kEH+9Em5HEV{G{@pDSt3C++j3{?<
zrZbB7VWo&vhZ}s+q)n;(f_$j+w;(Uoo1fK4$f+W{ZyqZb;o?_jIb+iJm8mh}#XQ-X
zCg$ZFZ;&ThbB;Ag+>||4@b`AQuI0t>zQ!=r8$#-}{21PMx(VgVET_P)+>}#g;k~Jm
z9G6pN<-K1<a-5$}^GCRnHf8q^a;h!7H(=v9er2A(|Fl!uw*c>JOt-<JOJ-TsJkuV3
zSNES31WqUKEris2EuEgEhwVBvk{Td1;u~<>tXC-nerlpaV`h^&&{*}apz*=KgT^!+
z8re;Z&=^!38qJ~@GzLT&pm7&Mqas3w#-{lQjgv?M2i~x9hWgN5<5#KhDB(iE!_DB~
z(%^Biu?~-L1`jvfpGnGy;(b4>WkT?_L@I?zRuqMZ3X8cWSnw-fi4ia4Nmj8c=U9V0
z*_v~_LE_r%sr<@Ksn-f(c;CHn|EjlB2S#t60Rtd0glCW##@D8ctX3)%)_n-cty>|#
zt;VBJ<<e^lp)OWI&Q6P}nmo=pjRQTeYaH0d$~Z8}iX1o|sccSE1m(c2M%V{bbI;kM
z^_JyK6q3rIw}hIRT5r28w6_}Gy9JU=R!GfRZ;cwNz3s86Y8Om^zltn)lN=T1S&RPW
z81#`-WKokSXsv$JeiCzNE2-TAJth55kVfw>$)YOhuc4o1^attEe7)gE*zkhZ5UV-a
zjx?s;)H2MInNw-uxcEF__6BMpnNo76!W``W=NvgTg!l2+36X|;$Yk%wjhXC~D-3zp
zSo?}2rT^gfGn{t+fcE|op+xd`g5Q=q14MH73n-F5oTre|Pv$|wO24bUe{gM)%zK}s
z@_r-I1HUqlF7$8(A*(HnH1g&vMBWMsS=IN8stxaFEl`N;uU6m7l~mWQ%#-`n81-qI
z(;-E?$ILGI%WJHj-{rXqksDWNb>~jf=VGnSy0n`<_to^gw4OdU(Vu^%&l&pjV*31)
z_MDz{BiruH<9&@Gu1u|gGvEkI)pND0N8UbE047Nuf8>VOtelIVpD!faM!iOfG%wA5
zf%h$sVAj==2(+%IexP9Pd5=GG9{onl=e-|A;9cT5W$X{{0wbIp6i%OFK5;aALC}bM
zg+R39hDEo0(HQVLQE^b)ml@4q{(7CW@NckyUlIH+f&TFvn!#z#DXJYjUbTZq3Vv5C
z#B2q>D@G8@p{N+%$j1AjsnS+IR77y++-StV{V*2t`1Lxap(ajkVupGqPX`o|8wlgL
z)ol_vZk`Z`>`IM*K+3dA3n!&mYse~~<*PRc@%Sf1rTb0^0h_y$wuwxtv~cXYAwOu-
zs>YC)B=WKLR?fo@$`b;%a}^f)=O&hEIe)s9b7cyF=(!aZus6yrEMPJJ1BHxSUGe~y
zs`%=Ph07Jg;Fjr`3JWLwZc*p)j8->s`gCBB+>6K{FVKa|qYH5*a-4iGtFOA1($P3A
zKW^@P+9E5FonM_Nz4n0u^$<H;f%dtd(D(n)_ZMpjnWxd+;;LG7_vX7g-3_v-bmy6_
z(cSS^bh;ZC&gd?a6|T7Qo=$g;>5T6Bhcmh(><@3xDneFU8Qp#HfkNai)p)c%>^+6(
ztgl=p1XQ%|?rVfd`EyYgc{^VtL_U4hP#;08kT%UVe%kB0`sv$LjQQ11r(Y*TzFp0;
zp1Xv?Wo#11$p?(~t_B}}ZTL*|>+ty^9N@#xUneBnHopvTvG3%4e}plx{D^fVq{DL=
zSO6a1gfV!GSK-mMiV!&pbD<03eNO4n9BN}Wak|Bgf<NKW<#>}@Y~pn1oVP%&g6aUa
zU`Lr!d2fP3plZW=Z*y9`4l18VLOwr_f09%1__LfDnAOD(3^>*K9CJx2V}g@Pc@|w)
z#>wc=G8RWSm+?M01P@(Q3ow);tH#U$R+XQFoYV;ieq`6shdZQx0l-35bKq{e7CPa%
z!?9(-a=m3cW6KP!We;q*V42?X;=6{HBej-RZ26&K^a5kc@mk9ws6UX<%`o~RW6LR8
z%OA1j8biw$jV+(kT6(eNFhfhXvE?gT%hA~KUPH@HtYx$+Otr>6vGM2M>y0n@4UOj*
z8*|uLHZ<PI8aq_+tu@|_{-+Sgbf$X5<APZ33E0+L0&!OUs+E(rV7U<SdxenIe?P!+
za`)>x|K(DeUOk)g(fiee%*$OypZ}oGv*Gy%`kYUnpQq2j4E^|(*LdHHRakyje48rY
z$P-ys4icMU{SUp}dRC@(0=CPg?Y_RQ)pOk;jr75bFSD%F(GpKxGVpWmB0BzMkbhN>
z-=Rc`#rDs$_IZ~GDcuhPrtvE;@xF;SaKH<1DMa?%AjBQ;IOE(o8-$!Qse-uO&8J<#
zZRo(DI3cG%aOE6J75IKt@~KPsWxf|i;MoXMFB6jcKRS^p3WzDd@B5`Mu$BBGw(516
zkkTT4C7;HxjF8t|3O(-Up~ijnGWIyoi?||mz%S{5J?VfIl{l@t+3Rz3q@(;Fd>a2p
zggo*RA-VshjX$Me+EQt{U#sS|-%+cc>>7}86?$6#AE80?^%vCopqbR!+R6K>jQMr7
z=)kvOwL>~rG1I^GibW3$U^pO+rBLvlDOc-vIHVyyNJj6Fca;-DU$2IHE53<_Hg~CQ
z(#r{9uKn*f2_1Ya_-)N!05zO*8r5*APa!z?H0)S9;8ln`0XhsBOW?hOsNwpXTCYV2
zBs_c0!buko=mnf^D`%A{&edS2;d6{StSM9<$g}XirwJia!P`uSjiVOBG-9Ohk168*
z1pQw@$UF^S*J_nvID>ACj<3DYAo`K#{~f-B`tUXRQvLY)@v>fT<*OW4Z{_35CVYKW
zrnh-rZ4)T_*Z7+F9N=sBNyJyOSH)K^99-&_qY%00<^L0WtvPGqBv+A+ud++E@Rj-2
zP4LzFt$OjLviC(wO#YV6oRZY^K;O9Zz{7$^EO7H_RdVhHLec|i8s~e&eBk_FE)b&f
z?22;g%3xPN8-8DMfe>k-k9ls1Fl$@PvjCwo86nh$!lT0_LZoNah9BZ-kBVu~a3gDY
z;Z23eubeX!w>VadsCHU3A%KR_8s^SA+>mzNm#3z%(da1OqNZ!o2<a~*r1%R4LW;kJ
zg$I0LD2#!fADhkCx$HW{W|ouE$9|VT&Dq`s#R%$B$e)7WmWs>z<v3gan+nO<PD($o
z`=R<(PU$A-9!h(7#1bKp@PlOGq`UU%X(75&+@4^%sh`(K4lYIx*>6fsyo?mG2%)3O
zUG-uiSx*}Zg*;|}W7ZHIhS_)0{u9cW9VzDXzAqR^(wuh5GmCMI|AsnKE1ju#uR7E0
zHS)O|gh+4ZFk~OWN-~X}0jLy}AXLI;D@0yT8;(*N+Q2on9iIvfe_{;}&QgecR<9|P
z^&i739`%SNY9f!U!LSObo!L_mXE+_wwDWiq-67^<$;{R@1QTv}-(aY<VL8*35(_7-
z*`u(^gxPE4H8q4t!8h65e!*g_{cvtA*xdTixqVb)tp7a1HQY7KEnanHy2TqFv3%H2
zVfMLK>{zo;@F#R%V&zcw88%7oZ-hBt^3$o2{xfX3*p7cqC1qrz&#at~Bsh3qOe5H6
zy7;M;gX$tt5cFz*MF?8E#RkyVf5O<V#tWbzZJ$6l3BP`-X8CQyLpPtO-Bg9_#vjhQ
zX^UklhC(+fV?R}sH@yQT?NT06yE)r3R5u%Jted}ZQB81BwolbXt%q6<Dd#?6-Lz{J
zs+)kFb+e%<bhB|OEb7Nk)I}|63*9VGyBXU)R5$r5Y=W4P>UHQQdc-Gc#>T@Pp_@Kx
zH!00Rb#r%9*3FNYn)d<dCX)L^UDUwapqrA9SvM<h3)RiHEm$|LF-7u)C73_*V|6wq
z*v&k(n>V_I>gGU8)=g9==;k}<CUVHf>TG;npqnJMn}9P^H*MRoZuUc_SKCCK&Gm)q
zY*uxJZcZ#@-IU)Es+;RPcH=9%9j{b4q@o#$ejTY_d~tkn{CO=Yi))QVJ%Ch*d8^{X
zAk%qPV|M7T%4$jr)C)>R7G^bq^zz;@R&(K)r>!BX(m1p#3RA5&EkpAR^j1tehihn7
zC>%rCH%+WG7LGCGH<uD$QwS`1F16i}&BMR28cK5_o??upfr?}3M0$>0WaT_b3h!+J
zG?3z%V&&XPZ`k?yc|y`mI~8NG{QPy^Jl^|d6OQv1^4^bO_u-8gju&s|Id0ZW`WFXG
zJR(X+9u~#>9>t>g4#A)85RxvW@(T*I4Tu5?$Qr`?lB^upk6$?`hF>`|CQaNV*5pan
z)Vwll&annLXBwm?Uf_MvR*rLBTN}gs+T6u)>Ha|iM&K)Y(%EJU{L0E4V&T1&_i<bf
zvGU%-4{)5zpOofr<w~mNePHy#2E@JXAgJmQcf=P%{JrlCa1Q2UjePGjcVlUy<rb*h
z8?<s9C*KtgrePYwdFOP6$WyesB2pfG?y1JJQr3O}_smw{b%b9(vT{;Ws>WEBr@}}e
zKBP3v^T$pToKNPs+{0nUOhF^VSzQCDTrk$@kcLiYIi2LWimCoW3BJEqd;hv(u5W_x
zTWIfRn%_enX1jFx6?|`(XPDoY!%->^RT<KD)+ok9tqA#yv0g%jq21T!c0b-Q<ljAN
zX!p9g-BM$JN2T$vC`4BDx~CcR`EFJx0Fc(FwWilvEUH8BPj)pDd=JR$-Sfpy7{TA!
z1e2`Ax|2pAxev25O8==1Qu;S-G)jLZPNnqa@j%;ALUO+--uEtOoe_-EFCnE@6Mn(E
zRPTP3(w}T;qVz3dP2O3g^b<(wmw4YpEmcadzTZgcMfa<eUJaDqJeg5?_dX^{52G3-
zr_#cE2REjaUZ_+0$ms@3&$d%g+Fr)ez|o2(F$zDe1HgVJ05(DZ_WGCsFry=GC&jvx
zUPb_Bs{m}(4guJ-od&?4;#B~yyvGQ@^)3Dd06%YWYXH95LIvOj69Bi@0^oDK7y!HW
zHUY3#3l)Gbcc=xx*00n7;D&4fptpGojthqAaYzPC-zRl|S<>DJ%rouPIydjMgc@xh
zPPB5ocTp>jbLIT)gmWnnnCH_Zv>?l*j8_#R-&>{eLu$4{<jEDRzNRKw`o$AhFr3Pi
z9buu;ka<MK5bp>?UOi;t(!?@g%YN}h2&4=uws6RximZ@y-!+eVdN_vn9<L;%Up$d_
zR1z|Io^<_H@EYZHS5-N<`4f<XTiypbxb=N2Cq>A*9E`NpCkLbGoOhb!U<Og+V+hy4
zM|I%Z%>>u7c3?cDPXPO@;{>YB@YWGOKhK?10mU|8%QHLDlbq6Ff|cWaZ#SR_FG75L
z-vAVWZ$*UR02dqnt-8a1WYVf*Vkk0az-aXUShl-5EDDhP<9Lc>Aqw@$&o8U>)#c7A
zHQaEZ8v3oJHfXcDgC=)34$5`M{-R#SEWuRMddK!qyBtW(vf0-udGhaN-pz6GM6x}v
zZ>ByLrw#S>f;vN0#~HJ(u8spM;nDF{Or#0<9Fr;`E#&OSC@h5s5NwGUO$&326xD(l
z2EEO^jUu1)i!T%cY0l?7;z=QAhBJ{%7b_vEozBWBr;B^i@ieU<h*O=Zysx`O%?_FA
zjB`_2?fZ;ccuDK|fGtT)3)!Pc$XSmm9t~-fe`(7qANmtE%(p^K7{dyi-)?k%Hh0Cd
zSdhuFLMyTu+sRO5u^mg1xz6p6pr#w-eT~1J<J@8dG#K2*Y!nuCz+|-^f7jASsrWp`
zdnZy-@h1$0=L@`V+Z|}H+J!*B7(r~{_V=|z!#HY%(-u#6LxF2|2l~dOi+kLnB#8a(
zLQZ}ZLXi@;o%il#S0*#4Kbq(f%Q4S$21{S&J3-(3DQNvuov9visxvNKR6OD&XJWco
zAi1;H8DB`e!ZJ?w5d5~-NA;}FTT|H?W)Bq7>iQz)=!%2$$Y{JS?nRqi_xNWxM;hwM
z^s~b!KxPR&7nqakR^5R~=P8a^Ifd1CP}Z5mSZb2SQq|OPOYS;m9A&BV(aaRebVf-d
zvsl6~mSS~hHx^&#y;3{8?L`gre!laVH<gN47wuiF#t!~?N$Y_3Ht%jc`pLWnplMA?
zZMbaA>-gn=>6$vMTY&kP1@VX}GjVGp>weT4eV81{BL8&(;+ZKQF97-Z>boF6UwhZe
zN%<#r`KfUA$<KeN{46%f&!}pxjy92^o>hpv;UcR;1Ps6Y!#WJ#u$`%bXj>3m${5)5
z^CYKi9itr?Ic9}-2k0-}-Bui=_ytv{iS1Mg^ivCti@yeN_7$h{^YbO&^VF1va9zst
zRKEGUel=gsUwy_nof~b9)A_os4zI#;fEV@f_DxlY+~yKIN4m%0k@^^S(vEDqw~+Vk
zxJrnSJk=S4Tb+6IQ7mKU@QL)wG+h|BPk|yJk+@zVxo7ccZN1~EiAB5Ny~ChPM7ebS
zd3HBUT+e$4wglNNF1t(!RUF-tDOL)@7`_Ur--!T;Fy;p}l9IvqTNlQ0lsvJ>UdCS7
z)c<|As+k`@fi&vq7hfz-t<>tsBVM0)uMS>+HYuuXaQ`9~jJBd=6ycE3Cd8GHZ2N5#
zMd}w&ULbV}bTF+w9xKD*r0pq6JtASnw9oV2>Mkn2-)@28P78wm0XA4aLkzSXWG;?&
z6<cbbXC>0Y=NJiz|EWYsM)cNU=n5VU<GA?q@-H>8zeS`(ihXybW*5cM=gM-`9%(io
z=<Cf7Lef|A?MASi?yA$*+%iJu@hgku2cVYR-4@<=<|5{O%YRxS@_~zl%u^e`dma;A
z{rwbfIbFCwh+JVjhf1U`*t;$CU9mz)eDORMW0=<*Q74XdPC?1IIAE5H@h0@8#Hh7=
z)0}a<_g6$389|ZeZeu{2*uj9b867x|oq{poZS(Ca-n=bq;caPRZM<znye&Flz?*-Z
zLzC}0*9q^tgAgKFr?Jpw@B29JFF5<b6GHss92Lc-MgD&6{lkoL==DO<&aAb9-}dGR
zkb9T6V2E?f(+VkFVQ!A`?)7+%^`H1+if4r54X6Q<=A0sqbxwsneA#u44GR2`bDd=G
zmL@;L=63u2Y;L8i{o@>^$Lk%ZK=9k7;V`pNY-Vf!qma_yLN8=t=?*n+a1{CV!>1U(
z%6Hr_`R{NsC5kq(OVggxDv)G4?ec-^Ci=;EN+I$i=Ty2*dLQWe;dvqH`fsD2@eRY&
zx33SUV&Q}kNce511ydJe_yG^`?3ktyWHT)sQ7eOS-et2r9zC~?oSE6$SPZFeYc<(;
zvhBh!N}ln}fL6!Q2cOr$f^_acmNQ2B{AoNHTF}NMA45m%3T4kZquw3-9_Y>6e1N4c
zJ}W29J*4W*?CGI(=Jgbg%jLq2Ydmzxj324!NrlL5OSL%9djR(nb3?*?M;jxbPH&^j
zlb>af7XY`z@794^+qOoy#bK$PnVDF+CkD<;2V3gET%1XP`DH7Pa|be=F+#GfVJ1fQ
z6M3K9Uc=C3vCc^Q+v$a+>GR@t7_y831u(spRu}6*7-On~nVmwiZRt=7+}C5M;h)O;
zzUrin6IOSeJ{`>!w^ATrkRlINcVK5YV}+zj-utZsNJ1D&NupP0z4F$|cUY%bc}u{t
z^bwxwV)ChPGb$kJe#P+KWx69Z<()cHY+#c9eh3*y&Kg=<Dc*oeWVZheq43z+!609y
zE(ZBp+@+3EEa|4s>3AD78Ak7>+6{cPiaWGqt}EMU(_C8@l56ikNMfH0?_i}bQ1}mO
z50kUP<f=OxCihZT!{nao%7ni_9Rjtq-mkIR6uPu$;%cljPWr8oIRQD9MBK=G+sCTq
zjQ(k-&Gdh7*O}=~r?GI~>lm^h@Q#&BPddtbuX0+*=tVm?<S(lsqd`qEWHg{D$GK*`
z7Q^x4Z{4-%(K_nQ`X7pNCl83?eSbBjPeUDU{~(8uw54v$sEY8ukD5Zv=%E-09Hoit
z(!|YqXRUcM1dWb2NZi8vUZ8`)+4gC70G~i$ztb*X6EK40zMJFH{R0Gk<rX;5-6@V8
z=uWzq<NUnKAD6V9_ubbNBSu-BAzG9V5flg*oq0mLoXYzmo2n(>;Jx4DjB<$wGKQr=
zYUrG`a3wWEK!<FGGgcZoQLpnB!+YQCYLIzU63Uq+n%txI$+~hw{S>fMx}8HirQ_oY
zk=vg$*Nb`o9gve}-vBvT`i7O0Chyn%i@lcm{EM_c9G7b|$;zM4Yv-5L$k_K26*Z*z
zMqT=d=wM{Htzc62EcddIVwY%Eg4&%l2t$hLDt&ZqjP%i=u|^aR#Ht}h{~gAV;zIks
z2r0g32l5yZlg6)1k4X~?)5Ps{gNo^PN+9cEcposb{|!bU_B%1Cn8vT%;sO#G*n{I-
zKqJX_b6lFAPxH6xm$ZfVHL|O5#eOXzuE>Il>mIKYRD5;<MrD_k5&}hy<mIIX|1Dzz
zwK`8}`d<V+v~EsFJv6VC5zxI_>3ZndleP3)<#>h2ze}3^EYatuN{xPE&$sGeGRmaq
z_hJdUZRtjR^=va;UtLb8;wgxR>Z9pa&K;nhl<&MQPK2B~gZ$dYtg0g0pa6*xk}mMx
zvn@1LH6ObFJz7^))gDUUkH+x6869=M$XjQKp(cuSf^fG*rt5)2!Ef8=0Vk0C5(}qa
zv)h7($!bACb{dg6XL3i5;}@($iC@-~;(MLoPq-b271Nw?wN=>Yj>h3fbqpOp9Na)t
zX#E=?)?RoVs=Uxqk9E|-hf$^)GEk5N?vFr>Bd3T+#beRLii@dhV(FIEr4t6e=6z+S
z2$91s6Ee?L;B~5(CXqxRm220huyeYs>K9LByP>|5;7_UYg8Ui%8pxk9uUR?iOrb7+
zW<v3VQ1WLll|Q^m{=~`Zxk!KH;74lv{pHmrzyDaZ+3%nAsP6Z_*8>PM`Vm01kZe2o
zuy)FMd8Fp|e-(*J{OSaQ-~VYO`u&T}ptpKYGRMhb7mWOK{>?gc*WG0AWnrntz{5uV
z*>B*VU+H|jP6$ERIzFuN&uHD$v(KtC2x)8PpRH|i(<=s#akbR=Clk8QZmn)!C);w}
z6hEV4c%Mh-pRTj(4Dp94{{9*sCD`UR@y|!@Tky})@yI`)w>R+5U%bjcXJ*yQKO;>1
z6I&1exa=DL+;2zh-!oq0pEjLT{wca8|7?8>>v8AZAVew~qYzinn#MRtqt)E0;VknW
zkppMU=Svg56R^@$j610U>2yt{iB5m6G}CF(7@bb7cLD)CBdBzmENFE4QWK3%A^)aW
zE~P(apwmfBkWTMEjdYp`@u@wg_>?^6yru_^jaG=9rum!AW&_`T@G|i2hc8<>>8>5X
zx9L8T)k;+_pC2}^H#8^rb#Yv7l8KWipVr2mLdUH*qmKLWEGs8vZGe$V=QFzp%9`A9
zR<nbo7so>bxzo|w`(cK0??~pj+(J`?v`o{dU(SN{ef1KoZ}Cf3P8ztq?)q&1VtqgN
z<+$9TruDsbO5eBkb*e=B?DbI!k(*Z<?K7~&R~GTUCyru7X*6xKv{aLGDOJ>Bo3tL6
zJAn}5&Uqt><GtJM>Y<BR*Z`5AWmcer_AnLBHKvROt1o(aHZ1bTY%3={wM|=O8+DOS
zvb^nwM=C^q{Cs^9xnml~<vwFt=jSI0k<L7dvuk#;zAtA|OzbmZV$w-9%(e^)l@Qoh
zl}6JkEIq*r<77HBBw-|mQZnR)XX@)eyf???9yRqJPG{y}Guv^JmB!gn32;e!-O5S)
zI(&H%58Gw*v$DJYZ>`ayB~e<m<jZkdv}9-KXvqgB2$2qs!%mw>ET=8v<LP2VoP~eu
zbVC(!Q|ySjXU<{1u17~GMDBYU&s<&{t|>|Hs&?9z#x5R1f$8E6c}W>8W<Z)1O5wz~
zlL$%}pJI|QFDYgT^U?@i!hjQ;Y-^lG<;r>?*>>O|lrTlSZ;~DXAH^czrK1fJW(bRb
zce{!bW*pUoAH%WAlp!;L^18eTl;?cW%1Py0>Qdf)2a#wWAFdGj+0y#(`yi#fXHAsn
zJdQNmjec2CN(fXQ$MuUGlmFS_-n{JBJz|Yo!52$wXAjp4thvPk-a81PV0%cFv%C9h
za`yAqnlkyYwHCsQk&ca0fPleob5XDP&DL0RZ_anDRITqarWft`npO3+W28-g>E7a;
zm)mh1@B0Uv)x2tG_NB4evmH2&_bzU#mN57NK1dli-O35cDgFCGETApwZI&VfHfg8Q
zH@;&~-LXuXHU`p*gRlNSFb#U<%z&NqNqy;mGwniB1@9edML5}|nWNb$Aqeck&qvr1
zA-nX&TJ}<{lk~1t4H~@G45{VtN-dXOb~B2{DHM+{gx6M}i1B{$L`QGGqp-rp)Lxvt
z8hL7+qDjA<a9;me2Qp9=6lh`lfsRbJohMsP)kjawscmUB(bJwIgh=g2<4EPFn7r6i
zf%Lh4C>2Y`v|%!&Uxun;sTtIyutmAlXlwt!H2Lw5CO;;O(&R^RX!$XO&ft?#ID;GY
z&V3k_b*D|T&OyH%&%T^^6uGfwAC5~Gue*ZQTH8;i@G3R`Up-ylSaEeV=nsbpk*<uy
zvEDyOh%^9{(>nR^F@)8Bho}ljJs2QAT1r7QEXv<E>RUVS{T<@dqwU|u@V*zom3+n_
z1X9lYVqt`rIoLpWU$#{VkL(u2jZ(=lg$Ta$@SgX*qYxr_hZ$*cJ@4Jond2xB9#2!L
z%e1Z+OsIeLl(wISBD!xlP*)66*Y<kV&JYToJtpu34iO^l9f9Ea^&p~RglR+TG;U}e
zJ4s0V`S@aa(K$k-uh=KOB{moy?J*2ChSF>U)5K%wU{gk5^3vBN5Qs>fzh*G%RO_3~
zacGgh@F<MJrwaZNF@k?UlpyXBc2x;UoA|laRL&>u<O3JMSs3AP=R{aM;#H4$-#SRf
zE)Ixt`}^DFxTApVIhoEl>FW%I@GCQ&aq^7|sJ!mW(3RH<4o!JI6QwJ!`&h9fNM0l_
zl?jO_l4pos`T9wy@Rm<0YS>^ZN4i_!Jj3fJF{gQ4hC<}$PpV}KS03bjjSiqrh^DVb
zUV?T=P+=MBdB>@TDed)q=VdGB@%MZU?gvpHV<8^$FXp|jXt>Ed@+S)?Z5@dA|3nAJ
z#TR<SGN3}YSRhRpst|3Hnojb<FQ^ZA?_BCu1m{zHH4Y)`%z|$0L7emPA$Z4PJ@{&i
zPpMaKicS$CEg8b@S!|)M`Fk3@#-EpegbPOd5$%5uG@_mQl&vZ7@3in<2ampBs^EV(
zM)3EI62$Got{Nff0zbDkV0{xGKo{|0hdU?SX-OAPctqz~M0?*Ta82b2hm8O~ScH>b
zGEgD%dzT53whW{`(w}|m_()B|>#lt~#TT%xcvRvB>NK+&Jkv0ADAm)_OL$E1W2Yn}
zk7Px;y3wI4z!I_rl2sAB{&!6TUr$j*@R6aK2<AeU?A%dAh}1e0S+Uz0oLv;1-NbZ#
zb}oH(aoX%EnzHmmFuV38gg|&jnm$M;=^tBYB>m<<14%!A0!eyYx<cgP)QtRaC^Get
z)2fy1+mGu_qHSK;U!RmXN2#uvNlH}jM<l(GVWhC*CsYcHqLy;s3`SwrlZ42dPpEm5
zN~9?sedSkMYrOnwQ=OL`=X7E4u}2jKcVDPaZZ@MT?3hVz4ukq9LlE-9Q9|O2<@>1)
z31r6!IU9wXl2n0DyDC@hBE*$*Jk=d|IW9dgLU8kGm)zn-dG{{5$kKH21mvW=f`^?T
z%5DITaY!ndi+XdM{2JAsw++FAjb{#MHpcaawLGlb&LALHKB5pg<qYEEJNnR^zDZio
z2cCkR{i%l?+QBq=;sGk><^E-a!0fKTG)w952YXXOn(9nV7fWz<Fk^Y+;rh@!?m>>r
zZ4*xI-+hEgQwL+#aJ$@@iivT95q<?IoTW%Qw|3?Ap`kNH!*LTDw(kW-N=sB3>D3h)
zBc=6G8EHX=#z?l%jP%xCLZt1e1>`9*^M4;!i2T-01J5^kSf{NvEkp49n5IUa=g)$j
zoc}aj4k~!w%1QrOuJ@1+PD+6^`3F@JABzMlh61hCEhTZ`p8B9Z%EfWH$tI>+x`z<y
z{2=5~Nx~$Bc0gacxL*)U1%JX_IL}U?W2QP&rQi>`nF8Xue+!)PZ_Bj&64a>iZf}D0
z*&&76aMiBh#W3yUP%TIYi&5pS6?8ysh}PKjih)gkDaC}W*93*gcbozqYfgDAXC}3J
z?uR>5{Tv?uNV_{H%pw<_WERC(XB_m8m1*)%qE*wvWYti1mYWn4)7=}lSndk`m|~c3
z?seMk$=!rVKQUz$M?pw{{|Bl`@N<uwaN!DWq&SSBgx`I4ee^t$((@S;J=YWxBK1ej
zA_w<qyxl3n=s&nmgv8(ErvQJCJ*(nR`MwtZ9*IW$UHQ(8ziAAA(^ULb)Qdmm0K5M`
zKq2yN7m!mX^~1A6uk0X1{;#aXy+V`c7D}EEQP}W>z#xmJz{J0vX5}RJ_c~n+Wen2q
zJC#9>1A}}?f!nbj29a}jA-*S>@O=iY*tQ1<kxqM5G1L!qW<rmt22XbX4+c-R3sma6
zA01xhX=o<>ZfqepqrPtEhH80@-%e1$dD0cUjxeNC`8g$|)cJ*(BVE%Fd=G6WL>>u|
z7~Avrsv_;1<(f#_tBJIAk7y!|4=vJu-ARaa{Sih=2kIljF?D@{>GaFB?8{3hjPkFa
zj-20{g^+*GG%?D*K@uS@eq~Y`zp|Cw2&xJsd^Z_zojcXaN#nlNyL-DC;(F9KDz4+2
z(D~I+Tsu`<GZgRNfpmASF9Oa*0aqX!&Ld?y9l*>-QveCli8OY=DVJbGIRwOJ?|>P$
z#u+;34FCE@pW&x$hJSpm&hT0zI>SYjoKtTpuDk3&vh30u{9M4Ov9T*?R&De5)hFHy
z`f^<EFq3%C-;R`2>_UL_+D3@HQc~@1!Jjbd30PIHr>&fH`fGhv3wT`B@uljjq=s~m
zEGnEz!v00*<KgXuNFTUSwQM`B&)OBdFO}nRyHQT>x?PjouY=t%E(T<F$0I1?n?FR&
z#4=a~#$5nFQgvTS=R^&{7y+iwVAD22q$oEM?0bidGf3`hV2<2J=u|$Ttxur(fzWO3
z+bIj_($9ttdW_qq`4h#w@8~fEduCsS$X}LHYX2iCjsK&S+<sGi*h_qf<8sH*i8P}V
z86~K)sLB{Zaf{`KZ<f#*m72(7&p(7n?FFonS+gD7(cnY6?ViYMwtIeGgY6!E2yOQ-
zUDOYOaxDoR9tYaE{V6LaZC;|&M&qVP8ygp^w9yS{qbVgop+5QB>mMZal)jA6%>sww
zApX4kJ5{M;2Ot(cKW@a?<0hO9q@X&p6#-qEsz$NSLe7qa|4f9bKRw0DNlgt?4`XEA
zNSpd^F!jb1`lD~jtS@b?Ysxz|hc@LeZNl|F5qiA?alIQ0jZ6IQA>$ICpi2zfii*{q
zO0CXvLZm+Z5jrmF@Wiu+i=cn^OUEBnh+KSu`hWeg3S(?B&STj_A?NV~&LgEz_4M9z
z>EL=e45)>Icws6+3`%Fegz;{09i?dxswUNA2aSvAOS$|`x`qe0)CJpZ^?>aLaEQut
zPt!hn&_1qjh9NN^0dJ+NeH5aGCK%(_V$1x^gh(}gs4qXiZyjHLh`!&sXtP@2?u$MO
zk*hD@qg{HRKBmKCLL^)uN@+FO%1M8IY1r3@M56lr3zevP0#VJNL^ZKKez<cp%lAV^
zn0^r*<TQTeS>E?H7~(8I&-YQw0X!)g!Mn>uD^n<p_HQCY>Xe2Q@#S%rKHe3)-KB!;
zQVP3Jo12J>mltoUWugwDAn#7Qn?t+X3BqHe{6G;Q(#cfjUSHo&h$}ci#W0AzEJyr#
z)=jZIYLodsF4es8=i`f|)D(r_4S+)0E*|RqB&?Wdu(Y08Y_Ov~Y)mb!RZzGqAqSgD
zj~H8wY7CZEgj(I_;R8tUyF(NF6eM`h4g^n})HGEs4?tJ;&wdu{Ox2EqxPkzVwmVqd
z9AL^^8R@y+3Q>I=fNZ*09fA@MZ>Ipu)L^@%#$W?o*uZF;x_F4FHoX<1I(wmM`)ocq
z<bGKt)icQokw3bKkEtH<8V1t_^<lCxC(pur-)w+4#XRCw`Q9zK)U;F`P_7_w>|NUp
z)B9kfk?x-FW2C!=CVOLeKC4fg3bF?az%^2<>#RD)G23v4GZAb<AK|^-AdmY$L=J2+
z!k4)kQdBa+ciPS2J9AqdZ|*$v=K5^YKypTMr6>dd@qPn#OeI}BArIM%dgRwcw3D7F
zB1FD$5~~uI(KiiK4TlZS8sRa|1dqlhc=QLzoeH7uC#YLUdgC@wq^L}~D+L92JGO<|
zw3k9;!d$9mY=(dCCqy22k`mQhl&J0sXXFaETsIg@jy>z^7?|g8W?<g?4<p8`-m10r
zZW3BsC1E$QwnnQ&yhxKanMn#!P2kW(+;syMIY5V1VNs+L>0*IAb(3Kc+t;$rztlLS
zB2gi#w`c5J-nCxkh&_o4k-eAMr#0HAf74H$+NbjW*0X~7RQmjMzb;$Ed-hNW&#D9A
zXV$YgU1^92om<@C3YOIl(p~J$aq_+`Y%<hV!pYoCCnJPdN5l0-GK+lBNM<cflyh_)
zA+A{`Qr&?!1m4T<Bg7qeBTkOkM<>6OPCm{!`JbWr@l+v@E%4s5y{Me!(|eIn9#2#E
zmgIL&85Ge+2?oG8cZUW{ChZ$|;$LhU+_6rDqJFc}=u)_XS87ACZwklB^Hf`anr#S0
z`F@3{23%-T%Y{-r35jD3nkH<KL61~LfTpQZ%V$}48{z-D3I6RVbf&B|HYlbZ>237)
zjI{{JR=p`Llrk}tdeYds)Mf0hKmDxDT0_)H3zwNz--fRKgH4QD;X>+lsSNNk!#NV7
zQ1YOShFoBa!_B$CJ`C56(qk^LH=%*;>}^&KGg;k6Mb6WU)l63FdEb#OD2LukP>8&1
zi<-eIb&-XW*1e-;uqu#OZ-MP*9+bxKCg}ArL9dmGdOPPaY|hZI*)BmLs^w(jiK}Y}
zk;WzJ{><|>V>IVxvN(5*aYC<};NQp8a^4!`kMzI*f%h)oNl1ENK%Bf}C;j<YsypzS
zz<cNHq+Iq|ocsp;Ik<&#!aYV#c$oGQTvmts?pZ@c-W3)*SJc?KM?48k;0l)48)RFU
zUthT9In^!K8*f=nh+8bDgWTSmaU#lkP>%8)`H-E?#jlK$Pwp_nW|YaY98YO;=4xYu
zYBl&GKVka4k;y}&GEGi1HIPgVMw+1BcC}&a13*EiJ}`yB#}&L<FI;AA3@wZbg2ur=
zHlaM#H25M@%S9$?{r{MI7w{;mvvGW8cS8~&oQ;6S`>Lx1QNP4$O$yarNaQRmH3~@T
zrA@_Bs#GFuAOgbT?j(%M)F`Obd#hE{w$iFVK_LMo;uTR4t1SUhXNZtUAmp-}^MB6!
zo|&E91f>1?J^x>yr!v`df6sf~^WG1?V~hoF_TrTe3SP<a7Ds!??RToNVSD-^K9+un
z@8E~{{Vldr`dnJZzU6Y-DUD#J_>yx|PU%}u+fM23Mm(iWg$ZW7+i0HB$9^YE`dPKM
zQ~Fw?eW{r#dwo+1P?o&G!P>&XdW9XVmGJxaUKn5gM$(lyIl>N3{MKzwdT%C+KH)|D
z^40IZLc})C+X`yVQ_ca0tELqgwK(AN1T%iVl_T^X-p!vziDCV3HuFAi-fR`Ulvd>1
zoQ!Kuo79CV7i@J3BslRgYS%;3Mn73oVAQ|I<)0sjY0kuH-g!1mvsg^?b`JYVTa#{N
zX-j<#9^=b6dKR?$*8}J$k_R^(@Pe@--BXybZeiee`@YSzO(?#IR0j92u%|NMGaRxp
z#fGszsCFYnQgHEY&XoA!&OX{}pO>r?qPXpB8MD{H8VYd@XFMQFg6#737g*Zo0ex$q
zuUyC2v^xJ3|BV5)J^3C~<l7<|+t?~gl3rPWPStB&)@uoV^(_cRIUAFqo^uwz!Q1t(
zFTtAU^b^T1VplpRIUqTxJ*1?cJqqm(c<M7_{f&_A%@s7Wz1^P)uXr?%cSzvbz7C`V
zmlyN24e<t4mlwLrbxBgN_$v~{`DNUVJ-syE?8%)4Jw0gl<jXovPp?R#r`47Rt@0od
zPrswS6ZA3UGVss{^+(l0D<oTM58V`qTqajd3aZESgO?^)^EmJa9-9?Z+pYW`puacs
ze>6JnfRHmRN1DGlB#Dl^wDAmwM53$VL8&c8C90nC_=M1(f1`&lO)#T`i8uj(`kUAF
zg8I!OH{)9q_+VFq2$=KFGaTrWuMYIm;<rO(bYzBnhC>RC4XQ2ruP%oNi}Ahs98+do
z(uDapAV>l;(ka_W^ywUdRS*X4G2>~?7t45q394b?T|h0xc_s52(8vOBo<x+-pt|2p
zV?(?UMGz>yK8q+1W=Rq)ZXnt?Na5no3&t*an?@RBK98(Gq*Rh&DI+tkIo%-<<?n!m
zlf^sZpJz(agxI}#6Jk}KKqONRMEc1Agm#%DB@^FYohkVf?t>j0;|{7puREyrP<0P0
za|dHVOzUw$mRa1MR&pK$Z1E*cP}?S`T_ie;A%(~fsvkm*PfjU3&@tN%?eKv{4B5*M
zsBaNvxM+is-9dGrS8u(HQ<i~V2<{e@-BfK1T|r|R@8%_wt2{ao{Vi>6w_Iv#3k?JC
zcI-Md(Ml84e@#$7MJrLMM537qPKbc{?w?4D_sSZPV1`rVL04P!j*AnFj=VHCk3)Z4
zg0UDpouXCC>U#b`r!w7jY0^X31J4xw_`K^J5>>bA!wZuS1)QB}orUw0R0kfgZP&y3
zNM)|dG>y^97b5j|)x`;Bd?@~y&i~kldG<D3JWi6<?FL1Y`D7uZT8{4_$cOQMoh+3W
z9@Hm44IY42&c+L6328=7oG~$$Lv)|byFc13-aUEzF;vPGntA40#7>(#tbaBfA34TN
zh8;GPgcS!5=QbnQ>)bZ=v!B~NKrM$}c$#@`hj?l6c5ulJoXX)o41jX4B$4Q<3_-ef
zG@pei`ZZPe1R`5yRt6Y)8eg5d57QwH^ahG2WD#YP1JeZk_U{>(4e2K_Z!5ZODLX=I
z_!+7CYf$}E&mNv&%`aH__*(Ri`~)*T=t-`hulmb;v1;Qqd%l7VGx>h}6BU1V_E`47
z4OjBtKjYWh<en6K+k^crv-<m0YW{;yMLs}Y>8^Y$A0V%JSu!8shHBpbzj*&g?f9(E
zzYO<pdMB3!j&9h>>+N-kS3Ehk2x{>Xq*vKSq8k$YE<VUfS3N&Op*wA<qW*+Ff1!Rf
zGC~d&!rp1%Wem5<eei;9iyHD~sYAT_hGCeEI5xy<{0iQSqv{^B@b}5W<~7Onei&3s
zyl%77f??uuaI>3Ama-3Ky-B>YAzpZW4q#Jg)@wAY6xt?J%#!gUznFmWb|n~ZSK^TL
zIgcmUhA4;B9v3KC0Artk^r0><_~B3PFymrA`UyBjo-x6UGd*NSb1rY2VQf_mG?sD3
z5PlR6Q0>aH-<q$(%(=uqp78^FKFAim`XVk3i@cf~gO52R>AKkMN73uh7?ntgACz%D
z^TuF)q%jUjfBvxq+wdjtf1hnV?{(YO^WiabJu<FmU9ivf+>*YYaf8kEgf(+L&yTQ=
zXG~4z>7XNBUJ{)Lp7FgX$%hx)DM|9W*n-TEKvdZ&)TyHRH_0A?v6cK1_p_aSb<;?q
zd+;5W<5bv6qElVRuRzsCqD*j!m<ZdvugdRh-b8uGWfAgFhoy10w|vsun|20L<DI%3
z<bkM+FOe>36!}`ImT@=m^aH(A%lY6{*?j5zid+X?ja0j`{C-S^l!cp;d$B!v%7*jC
zBeNbG=w0`vOA<FEq*CX2z!{RicQ7^~He*{JRo|wOdKq{TG!@@*4DW{xlgCTay8S>;
z_8V_?oA&+<KjXiD<&vc4uhB2EMPGG6f*E5lKk0@b$BxfAc9eG7)*Da{T7;?a;D(=A
zwQlSN`ZYoQM4-VZppC$QTwdEauamJ2*P9Ir4^B|`nq&-X@EMK(oHv=Lr+Og0XI?N?
z6pU478SC2_+wdLlf<wf3xq~tNN5k<In<tNgH1aXAy->}eylIIY%D{}gz%Pskdl=Ib
z`Pev*&+Q@JaTD+O1`b$&H*5op#%FgoJbu&yPXXh~m_G0P1T#wcOjhNihr{0>$$X1m
zalQ!35y->I-j{JKiw;XZRxs0nEN&3ZBA8U%VV$QvkkDX%^Xd3*n|Ys#yYy{%mBs4~
zs>l57(;#PE!IdjClwX_M;o5wMUz<D5OR(npAg8p$E=({{lSIctu-MQ6gp-rYY4KK~
zAkQ<zJ3&3F5Ab5$3F;@t`5a{L48v7E0jq@Uyjjre-REIV^hzJrZh`QJCJ2qfPPn>+
zC*M!xUTmV~?SsW6N;W_v!H?A$OZj#l5WAZ*dlkHVlT&MMG9I({a~yd1;AE}2D4qG7
zpmvDKU7Orrz{UN>$_|V5oXGHfbP^qmYL}{<H0-*)rWbYv`WWr2AZNwRF|W4cRB;Dl
z#O0m@GlpQ~-ohMwNcySs?Bqw#t<WlcP9K={gKmq0*#P>*xptz$r)8);d}qGhu);$3
zS#j}B`Vg-^ehKcPQcskQ1e|H>z)w&=*|6Gbb^Ebi62e`*M{De1Y(wWbYr*D0zvvi8
z1@YI0W7e4-bc~N_Y<O%OCwWI<sAQ{FF#cxzY#_pCp~nVl6I-I^ax|TIUazUFOZ1xX
zt+jo0p!nJ>+#PD+?i*beT72D_^dr+;R|Sh3XAdQ-Go$s@c{I`}2Z}pp{U%V{F}E44
z2k>5_x+$`+Dcn_0qK`?Eq&BFV{C{^!k`&q78res}olQh}Qj(++^#dyR1k}TU;?`Ni
zd1uY10=;h7*Dum^4gW#jM2mYur;*i}YC~jieYi6m+E-X_%H{q@r=#kWNY|n{IYISP
zV~)v3`6HdqDiTybUEIYoC5hDD!Wi>MI$c$p7k4oxNprV1|DBvGshfh@6h~y=xf6=F
z&sypKJL38-<8H<nUqeT@tF@|*&)&snzc14WFnc_)e^NkwZ!%RAR6RD4#;U4m?AA(J
z{IAeOba)#r{+N=n|DftW^ea3GM&(<p0YU-wEbq;?`fu4ht?p*{;a1uRZ*}sYl6`YH
zPNwQkp(o0sv9Sd-HZh;Zis<kz>YVSP#Rq1cP1OVX&T|ut#>Ny-IiE(hWI?Al-@18P
zoxa{I;SE(cFD<OU`BoEtld1YX^sgSnWJ55{`04tWXYzLQr*rXCfBsC&eNxYxlhwBN
z69a08*)|ZP9;$w<)AJLI7Vo~9EUzc4>+LI=R!6mr?;e#oj^Hnineg9!9PW*d430jj
z^%W-GJ1priTFy<dH26@Z-7IgV3JVeACQrg1zpoxM)}EV4@}mk14KUhIPYAwXbFcn*
z`JA)O^1`(FTW@uIGC8>|*YJyEcn_7^^;^yc@uskzOSi=Ve(8)DT-Z*v1w$qM>9Zi!
zjzndhj&KIlQdEzPa8j+LR0^mruSjDsg2Ne=P^lA?{5J;FU4fVz=0RhHphhg-75aHV
zjZ^jAp!!zx*~s4<4yuQ^_&n|mzIUO^Xl$}XV?PMQ?v(<uesuU@I=q7xZ(q1mU%}_h
zr!~SEkV_?jJg5OP_gUbn_%Rj#k02;wmvcxA@1cu(dKkNA;lP^<>p7C6TqCzrb*KL0
zv+$j_{Qwzx6CE))z(s35w-JM>Hl&QIlO?J;t?|;=51^;&Q2~87A9Li@q3fW-k-4Ek
z2*St~H=HmUtCFbNN{bJN2GiI`I{dKyyL0$1T;YW!58q0iKM1J&FDFO!=6cgVw2&5G
zUiCM=9yRFA;(HrD6DR*e1SR~+SHP#7zMfobIk{AI8b4!<71kTS<g_DYJrltZ#1G2p
zOhnjjsx8VYtf!5&=5xSQ{ftJw>7c_q7dJG?lGI>0+vv+1C7&eeXXbH)i@=-7!YNCK
zS11~JF;ye=P_lllBuN{kdid#WE{N|t4H_;n1*yyN5#AM058eomJj2T}L?bS7>3_yX
zS+Z!9fX*WxS&}yT@H<b2M%aT}mL$Cz8x@(2-o}a)WQTg+#xT5x9P#nGL9APD)_nr&
zPKQo;MRS-6Ui%!ZU5T|rv#1&gTfO3Xs(HQkQ=wj+s5g$U4SVDhm&D3>&G)e8N>S58
z)yP_05LQ|xOX7eaUN<`NmFD$)1N4Qb^OLk5VA>d2D~auEgiR2itHh^%Jyr%-HUfA>
zjTOnyC1zzWRxZNIZrQ5gNq*)fKeNQA{%sz#E5~-eWDT19EHW!^#LAUexguF(dh)Z}
zto#sGuEWaJ$r|D0XQf&BmsoivR$h^;@l5iw&a7ONmtY+K0obB&ZSr%a_~bhv;BVXq
zuQKHvS|Lm8UWGLISJpiU8pj77lyU#Xx#k30VWIz_kwxWF)ikQKhelI%?sTeU6hI!A
zxz$wOMb)w8R9#d-)wz|N7H_6n&h@-=uMD0406V{&cm6w$GFr~%y!aw49)iUMym%fK
z59Y-eV)4;BDDJM4CH>}8Q|>f#eqNm4&3t}WQ7vN<%#BZoPi*dVb5c({Dog9G!fv0!
zZlC1cx^UEcd2uloFT&#A^Wv|DLh;XdaS;|*VDU6wyme?gyiUjYl=1moLe;tDRGm^`
zPU6@jva~LM-JFiy<neA6;V8R#@pvrmdH{+C@!|?B{yQ%ohsB>`@!khyN%s#;usU=6
zp|RTSk|ZhhRTrykwj+gyv2W(B%dz#7*!l_H+KHWy;>AD3;)PiJM_#;tNCNZ)NPmCf
z=#&0F(+B-sl}3LbKZO&FF-0cv9bhNEV<=VU`!+hl@JE?`7gjEZnjb;WW2Os=Hl~th
zh>8_@=_yFCOyc}UDM^rlxb?G$wSM|3$s0ha58W#Wyh$j5{%42=oFwUbE;QIK8U(2t
zX)-$&WNtUFSC92{QO`@&NQY#jg{_iB3oU(#Ne|~2>30uFFxoiAhibt2<+O1O#Unfh
zati2WSfK(dtgpke>7q_K)VX8`5RO&7DC0B9Pm^@&Y%o;b-i!RcePT-7i0yRzd3Ul#
zQ}T1WS^2TSf;zP(3p<jZx|F0&*8O0#AbtAnGFe*pOT@<3rGSmYHCfVcJSF|S{eVUm
zxuvQ*_<6gQY8gl11=U4)R2}Q4>Rb<1r{q)hx&k3Mn5W_3L$b8)JsjWx9N_JxvZNo)
zh12i>Fa7|FE3tSRFW!a4ukhmcvG{r{eux*Z$xT@LQX748+vroT`H2aQ;$1djmpw7)
z@+#it?KtAuym%iL@4;f37nfpj&x5kGZZ8(s+lnvB?TbFSZS=`a)hT)ABp&769L8?$
z!EXK*lO=tR8%C+-#YeFCCM>>-7uRF)PkC`07LUZ@1-$t8ZX10fv9Z-kebq32eTY$I
z-cEKvJ14dq#oPTFyWLkOOY0n1y#IbEF5$)F+$r)4mq!Zgm3H!Qy*hTm<}#|~Ea5E&
zVau1W<(K!%lJ4dmb6Tlg+Y{-?f*ht~Osl$v?;NzejJG@kTUKJr7kSHF#Db^7Lb*yi
zy!}pStGXs?w%zdnzu&O!71;JSyzOHoeZGUt`PMEm8&~nhmt*5&DqfDf@vS7~_5*n@
zl&P*+YBoHJH@q4fZor1Tz3wGR`W^aNER(9;5#1H($enu*)rLNDe@dEq;O7@*>3d+A
zE%hYVNpi=yN$waA$sJQba>w|9gqii$5RiS{`d>(bHNVg2|66`X;WVzoX&jy-OZt<8
z(&j&TqQD3e1yd}Si#7spcpLdQc*85Pa^A`ChIHh5&IE?MAirv3%LEgyH=UB~1nX2a
z35HYuWYB-cPd+i|-{2=_4*ECv$<c%U4SsScR$hBD{3I;~zB6=%fKMxp&FrADMXiFj
z*Wb=bfD3$mPO?*MQ?*@xng6KG&!UY^-WgE--Dc0g6m)B`q)>)}J3s!TIm-MCc~Ms_
zpp3Itmh?LYrk|G|S*%Bw$$E?}#~(ftd`F~VI`-e_kj-0Hos|Vg<i(gQt@{Jw=HoRm
z5DCeWE)V4NNnxR@{;mEUX8+LnK;HS^u=A_2^S{lOCH=Vpc>eJHQqV#~zAY+IOT4ZW
z-={qD!y{HpqI(^Z6i^cZwVkRT2h{hdvV%l}AaHFX(J}DR9=d2_7T@Sm*-1Z!GKVDj
zWBt@p$sfDc6;KbUrLJJ{mn1scA*47xCtJjyn{DE72ur*ky7(<%TQn$~;mrfPQM1>)
z*R(P>jcj&Pb&}UZ)%>7ZofRnlf<)g1MfeEt95Q4{3dZJVfyJU5Jr(u-{Q-NZx>etE
zfI+U-W5RKxB|Cw!Vq5hsqUZ}@LwznANK6)0-_loPivWv*B-&tdd}}34tL~vAOT2kR
zxtR&qeyUCK=21w$|6w-fhFxmbHLf)EpBygABj8ohPLx$Wj1}%EY!7JnW(8HFus+aO
zYGH7ou@qS_8yff<OC=|`aaLu;O1!RsTICL?lk@y)DZko_QglT2_btIp7F3Vvv-{&y
zx*l4*!0QebT5ulQ8jSr)oWByUM<3Te0d5|nQyNt5(hCJ(dt;G_VEQ0v%k+M{YGg}M
zVSS3{7R1al<2TH1j}Cd=#*rS=E(m(|c4HhsH{^xqsyxOg$gX`@%efOoet!gz|FwuL
z=`Uo#4ZeyOe~HECWAV$pcnKCi$cwj&`yY$vR`UBFi)ZoTkHr0d9~6(}SK_#={~djB
zrPGIPHL|oW*9im7$AMaA%96e}Gr{cl)l<;pQGWR5qDEN1EYremr_K?$idYI{abKz}
z`tE+b)+R0^>;+P(e#YnMv`D1M<J;%y%rNIk)rnb2ve~T2(z*+9w(l>7**?Zuz8_=)
z)ZXL8=VS3-u=sqwm?4>c(4)K(HRv4(i;Kvd=zIVqrd(Xi>d}DuNhv23?V%}rx!3fw
zmOJDdSZ)Ev45=;pvzdsdk7p)WA=8&<0><T~VI08Y?F^G<h3Y3L`$IqA?Y_)__Pp=4
zUqjymOAGfmKWFnVtjjPRvqD;_a`2u3{2aZU0cme1Oie&O%^rQ;*GNfz#TfHz_sVoC
z(@%AY;KUoii>(Ws<Qnyjnd0t3`E~SGSCJG@>kI4Y@J_Kmk%sB!_Lv*f5BB6ve(nbb
z)v4~FIwnsYlOHSbmIc-M9(Bwmu@Y~&I;McHKb;UzEhjrFOY8i&MFYaHMK6VANxwS-
zcJM$%me%>O_}fKLT=5%O(r?H}uxWMH?(t3gRI+W9U;RMr)p)*F%Usr8P5%nu>BWue
z%76`O%SbR(Knpdt6_2UsyR7|rkMGYg4*W4LYk%^fztG?K&vB=<Cx1A3+|Eqm_MKTA
zh9&Ckyb|@!vn;hb)pGuNpDeALjez)aApl~^3|Z0xu7u6s;@`f%vr_MGKFA|D$U+?C
z@SU=x?{|vxa<cHgz-hs|<4Zfd?{@*bBd+7Zd#$4ncz^7$;Jxz8B)pe8{u6j-pA5Vk
z!m_mPB?QIndjS;R+#yT)XO90By!)rX`z$`l`#8uT9OOPeNXUWkw$WP-Z6UZgBOU$b
zUPQH_7cNYDUkl`sVNM~Boa0PqMpHo2t&N|a!iG+(gZAGzMEif?N1ndZkzmcQgMZbc
zEWHtazSGT%XmKL+s6GGny%LSQ<<_5tI`?+ykMWP<JM*gc8`GKXJ)cEc`XWby8MiRF
zJ2^(<t3=wB84Caq_xxIx^gHDgiOB|!*G+k8QIUS7<9l>RLmc0)J8G4IpRYd|-4PwR
z{%uK;Lc@}L%5<ST)AKTt{a`haqd=-#D*tCHr%BkZ<78A$v=~%Vp&#)5N|j%Ddp%1=
z`9-qziA}1u>&+7UxB?}m6YH$>4N`AmXJxvuv#Jka=V6Za_oI&Fw0W@GW%Fc7zn8^R
z<>Qq5nR0o-%`fR8Da>8I`B7jA4e!CD?mIwY=n1ID$ns58*%naWC(G-zHifcj@w-IX
z3UWX{NzyYCahA-Ye--e-EOb7~6nZ?4x8=Dq7bs3s-Tv4VS3qr4%Ur?YW)gkDv<m5O
z#<3rdDNh^`@<f46p73yaA|Kw3?^B*A0C}P!D^UDT5-qdI6T3m4n3@Hi&wmo~#5$Nd
z5ZVX+g;#y8j10oliMUBKL!xMgXf=tq67mF1#F2&`3{g%<$8g!8fXfm2M42k&h&(Pw
z<a0TqK(9^2IRQQs>KT4!^M3>Wr?gN+6+hJz2Y&mJo;dtcK;cP%E9~zRbN+s&#org`
zcR-sK{Whyj@dB@>YL|X}Pu%41(>C111^qH;`;C4PuNv7xd-M13ye!yar;(QW3F^YU
zfO=y-)fRI!2&jVs>a|%Q8U@s!xC837o>+<3?I*d{7Wvg{3t}bSA^Z>OSFgPSh&cbN
zoDY>UkPkeUI(i_az3`xM2<3x4_s9}tlc3s_=gmb<XRa*iwH#}-oO)h-6&5?NxQZ7~
z$Kv1f;tR0&%Q;ZIgck>}_&#3j#o{ekJZzyX=@-Z2DgGzo?*2|Psi&Kc92pvwq+`#-
zW<C>){c06e$GB;1(aOj{S>G9tvq-{0Y9AN8=ax9&kDC^cta?{p&HoaYF255R$7Bi0
zigMQ@Q2R~~jm^*J7sl{uz3z+IQ03kZ{SN+7d}n^uej1za(Qk&;ox~M}=6fyYrfOMQ
zHy7dXMis!}jybZVpWh8&8p(@)g~d-|@n~M`?2d!qsKP?|rG@oM`@*y7)OH#>jcTqr
zw4o`3Y6Bg#_&WEjjG$KHcqXXU!v+5CTv=N80QNTl`#W4EOZux_R)4uPmbnfI^H?_}
zC7Yn(EZ*=bY&ZlP{+&0R*OjtgcKTP%=^x4`uYr8>3Ftyp_)bvusQNBd+DY^pIONCl
zr#tzHft)m<f0*(KLpF@BmmkgUE;uUHDM!Wb57VOOLpLa&D4*ZcpYMN3XPl{<gHzjr
z>Nll@EU32YxiCcN588Z?G5&TeF491R9suu>uepeE3+zJ3>n^PS`#|)!8MD=O6$Ave
z(U-Xl!KHQN&1QJ>g6aaVC#Z(J`S3W%$jMou1#M(ziPzmmW(K_;s*SE_BQqy?3);xc
zTfDx2TFOgq_m;JhnKQf<B-arbQ7Vz#ac+`(gNHVBWRTpO3VvPx@=GthL~?KQk=#4V
z`1;e%?}njp7%nXg$&#@?83z&2CT9h-DmSN4;f^@a)Iay2Pp&Z)S()l8Sz5OiclJlK
zVP`*^Elc_{9e{y9<;82T_)ILW=f#UV;;hcv>*=t~*IJ^dU)>3N+l@feHy^Y1cExVw
zuYuO^%^3z8)}o)=341%;+*{7ysV#c>F>62H1FN6juRU&Z(Hp6{&)S<$X>20jmVj2`
z^)<S@4zVp+LG^YoJlU7WzdR*yp^coF6`I>dX1ctvH*RZhJg_$foS?wo_+W3!NUnp9
zaDMOBOc#?!zihEDugsDqgC+NcY7?`lHXAbc>g~8M_{_sZH}IXDzRs4Vb>AZ3|8O^I
zP-e-Jo^>p4>3dEZ{$tuL_~(6^2LBh1A^e{{)+hXTAGN`s&t9)N@_q1+dU?f0m)H5d
zTM+uc+k$CzCj3k9K0f@XA5DY*od|!=ELmE2dIsvhDgpkDm9nHSIckHyc|RSNBuQx}
zztwo>oDgUF)lX>bIycpZ%%N(6Htfrw+7)hE{N1b>RJ-XJs*TEvT;m|h?>HNx>|a<F
znEDCThTH%(<?Xb%Vb*OlHr7K&j?D|5Mzt~*Ri}7LRF9>T;QOOZ$)nm_4~;as^{0;j
zpR=DjZ<T0ljEAawnj5K>Gwg0zT6YaD<fk)XA!qTMc;gW`;90!51dD%!#R@Ne28)eK
zSz0$5i_gU3i+J&3EPjU<Uya4_yU+z=rYz~V9f`APN&0{?&^Q^PwAF%=y3?<|2QcEW
zQoC(%BKJKF9=UfsGfo?oAGyX!lx7a)gXFhcp#9DyxHi$^kH~$0Mo^O9DxCE70_Q9X
zocUBM%i`cv^GnnUm+4by`6Sx-JsW(lX#@D~qOp-dxrKMuyoPEyOJ>T_x?2$fUB5y2
z@hiHb4FL3OUVJ+ie~!hMarpVMcpNXj4U6Bv;t%2e$KnyZxB`ox#NtZ0|FL)=FTMqf
z7h>@Rcgd2z|8Sh4d|eCbz}TbUVphC8R04FVBqo)j*CfrOBOl-r(ySpgR_UgTw?gXi
zk!!f5HajO)=~CLO@*0JVRG&|aw^ucoj?fZ~mAPrm=b_q_kI#{%#!P<R+sMpX@VHRt
z7EyI<8Pzf#;~btkHjBn;TcKo%kE&w}3hSwQ9VNMAJ(hj4mQOTBcPraMnX$4jlpR%r
z8+{-^;-F?ds?%6mE7h*NfOj49b(o{#9BgBslRox!*4R_T*nROY;D4D%V-Kv9Fzt0&
zFgC+mPF09`yWLv>%GUV+-P#rK_N7~!wcQu)$tJaRT=d$Q%{jn>%~#v~pXz1d*aEyz
zRJ0qnJ=~d1YM+58Gh1X5-3-iTjE}8_{w&c5NY1i0W7c-6UC(F)WL=r6%T_`cS<!9x
z{6YO7@^zCh+*2Q#%RgIv;hrY+M~v+4pjxFX+}TP=$=2iys_ql<L&(AG(MKLaVmJua
z6<LuoznTh=u1dUFYJOkZ(P?!wQtvR%wCPQ>4F4RNV+71UsLu9*H<6Zc1MJF}EE<EA
z1l2ofP@P&v)iDKy^^H!xha`85hYw@dzeehvcK!zDt=AlcgL!NEgy#+vAT%mLqRDu@
z3g!|6JaHnPz-+#)N}J7WpM6Focf6+$b$C)AA5h~Px$H1mJqngW3Ly!x1>Q=_n!{13
z+OqZpV}F7xGARre9*mo|J#@8N=@hm-F8Wao-yF^(xtW2;8{U=RU>l7>413hemmMxT
zFEm#<I6+<D^>MfZlRk75XW2-}rU|Ne(AC}MCo`9NA#hJz&;hl?%b{@LY#F|@c$ckU
zADiJV<G&R6Np8^V(HFGD8JB6c6s6e(AQDfTl|hR`-aJxM1Ddf)IiS7<bEDcU86KG<
ztEDB5KqLy|%lxAiKmG(ul1X%fLz3wF&U5(!U6RSi#;_l<x}Ul!vTsl1fIr-II;r^+
zKObcuhr2E(HM?a=8g(9tu5jS<A#UX$iGJpgr0_N8RrL=qk|h#-2MkgfH_no+#dB~h
zhv}GLIA>NbFf8!;0Dvg~ndJ2t2QW@qJY)Zj-hBYhkMgS?k#^E}yC>znTMnnlrVLs<
ziNk5MEJ@M&>IwnBYvq6%6#yFzp?@B-y5ETbrZn|1W{p2zjQ?&AW5#@D+5waCDh?U{
zY7KWak?2{nBt@D!MzvNwkuo}1X0<XI?8RjDsY~2}*m7%PY1Jyttv%(xUCnSZjC-Wy
z*^f!&A^<8tYIFuI=BJ^y5l;33&O2I$;~ydrqK8s3$9TxHi=J??pyNH6dO21-j!fVQ
z_m8-3GY;vv8J8v)GY%yft26sB_y4z`W4lofs3ts8U~X<ZU{deB2U1K`G*=tb;*6Q|
zK-8NM?+u$X3}j+VszFw}qdSOtjYE>uUE=y6(VY_hDXx$|LU2$=xT}>Y*FdLb$tjDY
zZ$IDvzu?OA-QPR0=B3|P;h}VR9ry-u=?@?^TeuXhC#o#l57yr#`@!P(HykXY{17no
z|G~rcWa4`!*8J*;@&69N4tR{BggBW-zpj+{u_*!dQ~!-YZB~{QTJ+xJ!h>dTQ5%{0
zKoeZ`*%o`|ciZ`;_2Q=E;PuDu<xCM&!>hje4AW1tH(#Z&P*(AW<hQLdV0pO9LzFk5
z>8mTD>jv3mtEh^dYBw^Aqbl%4+wXb7ueSOlO-=rAM}6ov{G-($?q~}AGV*mtQ1iKb
z;hxq2DXF*dR5i)@TYS}*`;inBL!?Yn)=1Z1asKHCHvWn8I~OGXE`FZ`4TTY9nJh`+
zu51#096oYFH-@|VhprEIZ6Z+yKkW+@Dy-^szxo>~7Acb@saPjV_c$aeQZM_}Qppxb
zXH6trEr+YNg{vJaL;b?lju)%m6dNFu8c^HC#=2>wJ|j>(HjC7J1HfE{C&Do*C*&X1
zKQw04CK6rBui||q`aTCe-yf3!^pjkdS1?%tcu3=n9y`8-=gIv;*TFDwP^Y-JO8xDI
zod`fVxp5J&?#MLqGEB4i5yXe$_sMEE2^z*;IJV!@okMizNbAla(jobzfHv0+T0y3N
z_9gD5gE1!DpD(rU6^?Ir^)SY_M)@T&otbw4)442->5P?leI$3HhpJ<I{0|EL^sy2z
z=Qz3C^30tnJSpcxjfRBC1K<#N72AiixsBiV&nC=ygsWwRC~<!8{D@Cy9{+RhzXOY2
zpf!rHqcBk}<4n)$(T+%c`6!vxo(t<7Z5}`zg31B)IyVp+fg}IhDk)R#dx{Sy7*h_C
z2RsRW6_!etGof)m=F>rbJ)pi1Ec@h%g`d;Nx0J@B-X)xThrC17NnUp__69KLK~Pu4
zUh{(e742=?LIbG!q29JH4w))V_8qwY-nJh7=Dn7M4Y~T;GKGcB;_9^-ytKrdPjWMx
zJtp5_TCb?uqEFk4chHbbyxBb*P4XeYarc~0Xrx=7Gn8s~vVc}4Q}uxU{Qfwj@(gc*
zO;R}4Pm<`HoyXXxjIl9R{)gm^rj<Rd(LJ22eq>X)^Xj>SsM<n5ZlP*tWUrk4&Zvc<
ztmqCBy;95ptWx<@o02i=LK1xr%mp8jn)w-=p(RURcJ*eS3e3x+KwNrJm|Sn>mTF~;
zU(!gXH_M!)E7vm{XSI9}qWvgg?lbd*>7VZt0t)S$z7~Hp_bh(Jdu;Z>%q9fy>yW7k
zhb=8UXk-KRf_}AG+vHYwF?F_#3j`-Eu+C}YAaz&)=X+j5K_a#k7Gid00s@pGnjgOL
zz8TH<H$cJS$BKMWMwX0rh+9ot=rDm8P~Q-J+~eTi*vGsc{=L%HcB?GfMjD(nveii=
z2b{@1#2i&IM*(M0A&?~#MN_jnUvspYAMi+*gVcO0<ElX3{LzI(c><b_lQsYL63xGH
zRQ8-1{%}XeoN1c>=}{S^b^(;%;Lv7m*XC{Xg?qB+<oLoYV@{?v`sq;_bAPV+Uu<Y{
z@t;V|BR!01<DQNjm=f;nM@An;kVmy13|6lXcZG@atW%Qwk%O|a5U9`%4!`;l_U@1D
z-Q$lKet)<#V@?%}HIwtfrbPU}G?0iNzFn4j%fJfb0$v#&FH*7z1zr>hIh)PDDAh9V
zn3g6Sf;4DEFn<|eJE{GeV~l@WLz7F~-IAr5A<^?V*O=7K+$N`MXN+)Czu{LqO!fo)
zZt(|TK}fV8Z~Kj4Lm03jMpnvwn$o^8z5On!cl)IYd;1Meao{fa0uLPHSIYfy^PVZu
z{7=K0Yp&>Fj4$}|l<|}7@%<_6aa6F*C{k28B*_oYYa1^jod!OrI$`I79LA+-fA5W_
z@<};~)V~|j%JY-uBJ;z@xbP=V&a*3Jo<n4dji1onn_KQh(fVe*3;0C_G~$H(`F~c;
zc&*Fk|C>hIF8Lfu+dtAI;h%OPAK`z~0h!^u&HP*^S|AvvrkzB+(-~v2VDjLdIu#Dy
zS-+5N+7>uzaORY4<{=aZZ&F_euXt*o2d{rus?_T-Iy#fT7|orwTjOV+Arc?yV9a={
zld)JRImx?kgGtV<z)3!lKFRj9N#4@eBxl^#=Olm0$C~6FqU;Errj`A1@xBDy$**-V
zHtG@*{Zj{HRQa4Jk6Pf2)PsT}zxQqRQ(QzelQ9-q;B`yp0#^M37O?u~NrfMhGrpYX
z`cU}siTg?J?YIy={onq)&*?wkA>=$7yTzMFRVVUPk94r~d=*K1WJ&A=&VH3D`>SpW
zs5|M@N6ReZBvrT5;=}ijrm;sMN`B;{K7Q4r`BIzZqUx*s0F*#$zjxI^7bh5Fixw7$
zxXZ|v=_P8DWnlG5{x|ym9hj?F)cXuS%`fwjNp6Xkvzc!3?P()3qZVW5<NqnAF^CUR
zgI+hUQo#R11CazH(PjzX9gf}sit%On@XxDx;JRdpX$=2}4sQ((KR~sCDsAX+QEkXW
zv|+D{%A10kYY=VN=c3wzL1jU8tA6;4I18!==m_Wv&7UczPtEm^-SkNtnq1TgK}#ez
zi{zHMNp87^<W>}r-040Vfti;X-=RK|Y5-EIt)aM}fmGXABukP$Z#SaPOQ1_z#*0xr
zj0L>|@lHM02bQ9-ZDeK$CItvsRwh=dF7uc(E+e@GP^*CCR%1;c$*uH|-0A|7OMS*|
zAR5HnFc)Y?H2@mbFi`7dfz4;abYKz9wRZd43EIvSZTBRsw#F}dQg9OU5%&nRT>R}?
zNs>xpFYxsu$F7FFSt*`bMdpXk{3tU&%FT}o^P|%IsKyU8dz;^Nw(k|TZ___hzj`MM
z2L+~Z@VXEVeA7tFHdEzaL~;pCRv#qlmqF!v2m0YnBP~1luN7iNlf305*RAjU1S@00
z;AP3mpNo1pSzf=I<mTyrh5F)1@Fo?>Ci_bZ5BeipWM0l^U#hlHp+qCOo<OWdhx_F(
z$oxLlDo#~C+A}neX(1-*7B1?zyn)CD&T~3R&1}M3)BtB1*#H6_m)xV92TD@7>jDy;
z<l-M565Z((8jts!l2oF0ma5+bW4C+VL2ZV&+|nO(<&fwLgn#rW(Wl^J6Nz5w0F4NV
zmT>Vz=!Z&UHAtcAedOUrwI|&5Bchz|kR;ASM@J9hGbxk9U6*LH8hm7Vqc7ZZHL3mE
zKuHR$<7Z8hq_O~c_At3`4#7ssZwQW~Wbpy39buyM$o$K>GBhMy?R=3ahh#}g;wN}T
z_|^AOlN$?p^N@0ZS7oJ#|B_E~C8}2D^KTDT%PAK-)ye{h=V_F{!9kr~MAb?kRm-wS
zuFnm+g~l;?NR+lyb&R`IIT#w?Z>*UlOOkn2mg#@qiB5}^eWN#EzP<!1y@80)H?E75
zpx?SPE}qzU8S}sJd#jpiuL*IwMSpw;Uct*UFyBpMKXWz(`nh5@WqqGR6sWsCIf*In
z{N$vk{L&{NFfQJ*wpYlPsYi+4m?KI4*lG#97kuR5t-fe`C_mhF35kx+;X8gaiH^>Z
zBz1eFY0s!zN%TTc0nI1Tvw9d)wh`qCxGwPU&|*Afp&O~T6sM?hd0Ly~E#g<aFQ_er
zqZQP!fqtqWbRPhb6w4CaVPQKR-bK|nu;y7G$Kj^-nG8gcskp02D*KoGQASHcKz+p2
zgZoS|)+aRhHITb7_B><_(5B0QSPe1+e?bYfoc{uXtBU76qRRob21WJ`nbb5mtYHhc
zq5d_L4SKODkTmgjue(%@LqgmQLPw!w^F`0_R$BHlXqQcvHvkEE-XTfRZA5v>Ax`?a
zPI1ytb&8WdvY$BV2Oyeq1MC?i%KhDpm5zL#&y@W3UjB!gFlyq-_cBYoW#OX!M8W&L
z#9J9Il87>?KmO%2Z8k-urm26@PUG7uc@Sk|lf30(FBW(!^kpCQ+KAe@!c=A3YCZNL
zZfzSRyR~hSdNY@LKZ@*a3U}6%=$)C8#Q$mycQ%pe(Edq#%=JB{+2i<|`AAZZs4-b~
zpD9N8gtT!Il?+EF@_FHEIZPBi&KM|*`-iI?FA`<9ZDalFhrEbH&+dUrFOuls9>$Dl
zihM}585|t9aBg&<cY<mJwcGgtDDhTM^&jxI^Vj-myAVbnb|V{FMzx@~lB)j*s$U1S
zptm}xnRi(WT!i{pJF&%+-Hi3QJx4w?sYq;+x7s>G;N7<S!#Fe6pd7jZ6XqS$FL)p6
z*2N-EIVV`gxbCF=59pXtB=UHdDvU%49K1(3&iRW!S(wF9_j!1;eKj7FO>!VogQ_p}
z5z_z>P#>}BV`2_dA5&u)Hy)L&lVyC4^Thoam`L4^IAj~&AQbp-!)3=v6!rE3WCA^_
zNljUo9R=Zhy)KLMb%iX>*UL_EzIH%bV3;bX=kDaPVVw}Qj_GahBD^LshRM9mbM_k2
zK<y_Pv>3@8sd>Z!xAKx*>2ztisLZi>DSVsM2^EI|c##^L+7PB>d@T6j6H?1V@8cn@
zFriRRYX0D`Q%iut|2PB`3LF9o85sf!OEWAe_~DUF<EB*nHo*+^VmW+omHG!FFo4{9
zA)wC=G}c(EZrhqzQh#CLW$Yb<^9B5DO|$F&`&Zp}ywR;uQQ@zZ^@tfb`j~+^Iv2(2
zY<jG_9VvRO(XL*4ESj8el8}va*a_KLt|TG5D4mcUclUc!Dsi&{u`;V3ho~K=s<Bg+
zq&l>lZ0Tgo*c@l9j%osbG*cIY_^W@s4JpjXWA;O1{7~3uIQ&WUG6z!83iG<CIR4%v
z`g{)tBrH8mY?PPZBIW!RsnAPtHp-X;W5&w%q&^7OGbzr=;E6ENVcZS*;*pMcIZ;_%
z>CkR04|mC=c1XO}&V+3{6F%|Igl*sspLl2btZM9vr|SJ$yKMet|5bc3{vhc0f8jzk
z*0ysd@KO@p31s6kqKs(c^jW@)D5K!ZaT!rAZ)418bO<{sU<;x`3eNmTC-%cm3r@hR
zehBmM%$-NqN*4(+fIPdM+&8C<vFHw>+;EgJ<JWDL#_X7W$yP-3ft?nb8#ndBudXh}
zj)&(CW3Vk>KBu0_KMup<6{74t!kE!<*rvaX)H@A#=fAbT#;HmCK>WR<D;0ll>gvTJ
zRhT<kae^JKFn6@#1T0coCBtifPXc7h58C*2%4B1a&HspVFzIZ+jg`^Qe_v>B53}QP
zDwj3JnQ`w?yMNgU@zyx4UC@sWF0sMmw;<)HZe<LTIGgiJWmETKwP^4#?zGS7Is&+S
zDN!n0VLLA+%CuI1yVDo$@sOG_S(1F=o=rqK6=YzSLX_crn8inI@Ag~VqH&}xm3!nD
z?Yoi?s3+iXVWN!TIP?3X<~hyi7$<Y~%V~;{ZGJKn6%p#SpySN*lia&J0rgriv*!oY
zYpDpCyS9vK8N0^GylR#u;9Of^-2EL`?w{<V>(wb;2h<x2{3LhI@w<O1h}|1!e+Mg2
zh_aX;`F?Gj-ul8l`-n2Qg%`QPM9GG)jFlvM3s8uR7m0H85M#!KHsohE+D`5<a^DZz
z81qHjiL#wn%5O{0ze=apg4(rsE74AuCCNWIsJ-HrQxe-ozAdNfSIre1o^532Krg5v
z-Bc?p168C4)Q|;9z26M4uP+s33{#$JWpO&y7pE%d7FEzK28){(E<nu&81YGNDgVFQ
zbPEwmuo5p7db~!LH(L^lTK=CRIuf!t5#=Tb&akTkgQ{U_1aEx{oZHSbwSkvf?~X*a
zl-rzLHe34Sa`6K?m)8k^l*MX6aI6pIMs%4*UYRaSQoag524mpK5kx<v#>gZyfEYcJ
zOkacvoJwc`StQ;IiX?>SXe8wDM}$W>Kt}iv;mk>{%M0&Ts8@Ko#F8IWgWiH5sO>@B
zuLivoRoVhDQ58M!|I_U=V<5^P@2Fq>*dO__$sg{n58a7>wEDx{O`%gG`#OSJxhve&
z8XzT`A(|HLbxx6;C;Yv7+cleEmo6}O=~|Y0zaLE6KZS$M?dCpCwlX7^$JU@erfLXn
z+{zeZI!R#A@Er7APX-bUfItGGoCEyWt7zE4?ZeOl8e4{5{@_ny+f(gY*-Rg)`DKw5
zl4_$NiLPXGkw?ROj+`{wn;WXGH%<0bU2j_Ksk+{7u%BQV><>7D+E1KRyT>Wo2h|uN
z4z@MD(*S?|bwd0BPe1h%ZxA)HfImTRQ4q}?3wq&?{9nPJ@|*4PGk&$xAKBaF2iE^I
z+5Dl^58VIHO#3x8?avKHLz?}1hd;8f$q%O4M(c-GKUilklR<h2YGnc+H<|X2lyMhH
zY2#XUZ`-(wd*HpKWL(L+W30H6SM9D_vx|g(*48m;{#oOF7`;H%iIn8d_6TUeJ;m|*
zoSsxXFHQS<YvSb2&)j-AKVz)()01lFUY%wKzbozU_Y>*otE9(#S71s&Wo8JB+C~?D
zTO=o=aw>N#?V$lN`h~KMC@(s#;{yf-e`BqsTuw8DEIE!*<Qd!dO567;+jqU~`)%8|
znLVPh#5)QUx!<iv`$gE6D*RR_8anu(Ns|gr$g--e6%C&;4IkGe4Ic+BTM1?$7rrvN
z`TBjLRlV6NJJ|{fwu=UDLxZ9~tQL(VuQZ9EgGW)r`U)bC%S*LVIiNxeQvg5Fho}}v
zlRCp&2BM${Hp-pk^##;NZK|Sbr>QEcwNyn<I7K+j&c%Dd=B(W0kfcHu?i%4E%Nqlc
zS_~^%a19GYU_4n};PnP#8_{oR3QHa1k9~}Beh!RLTDV_C-P|4SDj?D6IehXPQEtIu
zO0?Uyo5N7;Iu=kLuu-$HBdzakBpL^84E)`E8s0N0V}Ic=eS3v&c`B%-*4Rf)j(B6r
zYVP@)O`9>mnWD`Y=uFpUG%vw;I!IAxx^=w<XrXWYJ2KH1WpXq_ePAZqH3X+#@&+0t
zp81{=VV)X&uxL>KJ;%ecCGJ}<>=^vO_OfFn>Dt+CS6g&#jXhrO=VrXzp{q|AFE`iI
z{5wnD5bG2nUp~nUWSa*1!U7V#Z2({a8U|svITBE9t{jMMM7x0@2h=r~p}A2OC=pOM
z+W4gB2K2^^$zY#zmuRDR`WH7LZW{yms3XYoP2n#2^c^&^Rpx#2AtLXXqo|X-UeSFD
z{;A;vW3~{8KMYC@ffxjL4PZnU>bEA^^jk?xdR0onr1Ji~^kO&1Q{&fyD$_Tw2Ab{_
z$Zm{{+vAFu{_JW*v6eWRfOu=;j|q5?*efNWTUxl^*c4~XHlcU=r%dRnoL&>UjCaa!
zpax67#Q$2B=06p&$=O{w<l%;JSAQRQc<XuJfu(ke6Rb1QqJBb4`eC-vlJ3j~{jM@2
z!#p3H{ymLIQHuh>E#3;SR+lRKL#O&<Ah!6mAugr9gar1LsJDAZQFv@O$R+OOa4;bG
zWDvv3Db-56qae~4bJA=Dw_6tSmYe_A@A{ChbBl+Q>oq-$1tJ@T<!MD0KhDBm1Ri{x
z;mt2CYzL=bKhCkZ#5;;8FJ)U4iL92Q^(49?Taw^CryW(f<{1xP)1O2$`|(bn5L&H2
z!J&s-E<x=%IQ2noDH0O(09E&J(SH@J>TBKmCd%8db+aVh5Z<JGR&U^aG`vf{cukyf
z2}nHv){v!e-|()s3lH(n-oUPYExM`~UA=8rhx5w%p4D*{h&^ih^LzYc`PNa{WO;)>
z`-4)ly1jW(-Kc$-_?NHS?U0iCb?rLP=Pya>^XtiyC6>0N)>OOI+0<@zmNGDnQU@Zh
zh+x1`E)H#LN;xF@m@G-7`jhBG{NGJPxq}J!_9(oFVLEFI`vT6VpF@(=2Gl@@e#O69
z!<|i`%Q5n8@kvb)C-Hw%)%dh0dG1o~w>$eK%@AcSVTSnBG(+4div#wRjBX8o1S{gk
zzHh(OyZoNzHWG1ZsxJTPUbmm|E0pul|Njw)1aPbjxx@1uFA}B3(rbwmC6gL_?^y6n
zU|zvXjMS{{U@Ub{=QwarSL2>Ww>U9;B*$ga3po0bZ?oX3IP`(BpKN}rz#*bYzyDq9
zj4NZ}j2Rzv+4W;^O!%=l<!^W_Zb+GpQJOIAX$n#Pnxqjjsd>v~JNfQ#SO3r@unSjb
z2_4n2Zc|5fc6X{FE~lG!WNnCUNAf^pt*N*b*WCeE3L+REcBSbzPwz?XK3n`vq6eUk
z<3$ohp)=$Dt7LvjqtoBmA`ZuZI@32nomm!8$5N_g{Q5^SFUk^>m{aBlnrysFKpk7)
zC%M;oj2|9Ll~-){pS9D%y0A)E7m{lWL~2)v<@X5&gD<KM5dBxC)$wPh)$weX0P&Vi
z6U6H}%{AX-8km*mI~g;^+v9Dm`*Z3mcz?dq&6u&i!?Kgjllv3pYKHcalUjj8tiX}B
z0*5grP0q5tD?7?VmT%&;v_5+~SzTX}-Aa_boj7Ve#BNJO*_~l06{+`zd1as<!g4{_
zKF>%_xDF=lG2XYo?<wqrOrQD}T>r26kywAM_j&zBPQ~sVqMQ!qWDX!-0vUwkE!_?!
zfwX6Im|;i0_<sQ1-uThkZH6DUbf<(LHFab7k&W1{vJu-=C#K8)>#8YB=zHo{cUvYE
zrhoP)Bs@QCXDkVDGs8l|Vg9Sd${jmwYxy*`R3;u{%s6%ww!~@V90pzW?|;zeK^KR7
z(hp^cpLyeyIAa!4{6uu<>S4@y{-|xJE5sxpJZeqS2z8nY?C1C)`m)PBiVyQY7j!e`
zSGOml4eoSG68<2f4XT_%TjLYjntEfz5xbAec&FVoe4SG;+*B~!4Mua9;8XAYF3I>B
z%u=lLB^cxF^ggn{>t(T9ydDx=Ax;x`qNSaxAZNf@sD@T0lPv>=3b$Qf_9_D8g2PFM
zjCU@Zyjay32#5-b3#KKV71OU5J?#B1dF(AcfyLsvyr?E$Zk>J%k41NEP{>sXMR^G%
z4V&ck@zN&Io7;3>;-^d(KjzCx!a{PFdm*#q@a-h`2`}iCL^#sg3@#30UqdBH8opbN
zdLad;^5=h38lCiK&PvvLI8hl{%O@4OrOot0r&?KAKz$VTl%6&+^G{xs0j9g#$jsMZ
zdL*}!m%QOcf9>i5XpK!OP}yjZ?`(O_9^e%N8uS{_*5tuI8$n+-_Rk<&4HOeHW;4c2
z0bOlTU0(g+RdE(`d5t$)ZD*k1Mcgp$uyqE~ge}PUvUBm*D1DA^VJzG=A`n}Hf(=Tr
z%QqP_!J5=JJvS~oVq&j;m@#A5F>$OPJH%L$Te)4#<+&C_9%$+?kHb5M#K-5YqV-zy
zm$hbp^=8rY$86_gvU;?z-O{K(3L5ntRYMBfO~cVhpl&|0d}}N=DXCXiwh;v!%!}dO
z3lhZ#WN1EBV~}Y`Bn)cwiOh;V@nnKe<hu7k)a2qW#@Hef9qIt(JF*?1=#FfXQ4KHm
zHmwA-N||cc$?7t+$HWlNU+ryR(c}{wSW1L~Jm}4*>H;n`hP*}m&%O*S;s2t7Jn0`4
z<BdvU<-6&|_us?+(GjscTo|mVq0=P{6O_F2p@0u{#`3|R>+{gfC9$$EN|ha<8*JL^
zoJ+q)d!2PDYOf3HQE@$yQgwa-$(`*nrX=k#jXrn`M6LXSs<bJnQaz~pTB%yyVaPq;
zAG53i71YyFL0!%d+^H+!z>PMIFtAU?KNI|hu=M$%`8HjCXknTje;n%ZlXf~t%3pUv
zz4*`Jkc0-CdhzRe*^%z;vFkU!PUF{hC3?rROex%k5yJ`pBrrZL{+3h3*wb)SKCc>F
zxGnXlkmU`fu_q_t-VkMch9vnL71N+(g$W-o8L-{qnf8i6u-u%dr$r!qzrJ1n=()5=
z<ZwnZ64?qi$hXwuzZdm=Q29%zUAtZ4Ewh3RD9J6-L!xp8R9>A{xzegUomU?FoJ~{D
z>(@B#kql;3j$m?g-GP{*gR1;>B&-jwFvGC}F$GnWn<3I508wcQ(t+J5LMf<3S5{g+
z$_kS1{?Tn@$-vWuAEpYO2HvpD>yZv8skzh*Z819GO*1;7>J)J6iJgXSJ<(g;D1GOg
z0o9P9u6>##+$ApIFWa?=C}UlwL-{XVlB68u{hW`PEy7*5km&ym-~<6;f5vCf;-EL5
z)Qs$pu8|*Sna&*#o6a4{$YbHcqM+Qb2qsiPxj(sP^vnL8(^?Z*?WQWYR@dIl7z>bR
zKOy&RbK+_moRDiTTF&^jHjF60U~p3nBhkx1wf{Q$ezue7bO6(nsKY%Zufs>6v0R%k
z2Vzg6w)IWC{m07zRcp19Y>*}2oFPe6-j4ZLVz*$j<A92A$Ia*W<uig4S|!+;CM#M_
zeFAtb-qsBP4{vyP3#SdAX}np>3E*&@cK}+xs2AR#QI`rf36*Pti5Ut!z-xj@djdJQ
zMbDwra7EvT6V9!E({pi4LEG0!6^B^A{5j4cDaauyc*9&h1nv*h&xvzM594LU8KWmq
z=*TU1120q$e^em<v>o}U0^pyJW2_Wh(ko#5viyT4d8bn?<gMf!&Y<5T|9_t|X}2h~
z!b3dzZ=b~l`%aX^`q$5%1XN0%JvpeH^{lXBbfiXOB=Z#@#6~DU_}5uiW<!T-LQFyW
z@TRycHw9u3PY1E~b-+KTk`H(74ZHbmc}q!b+!v+Fw$MZx8{I);^K`16z3W1Z{zP1k
zjcYYu3JR#D{MOuYq0B$C3hM*vtwjO#USB|+Km%%3fuH2w>M=$OJ4oYbyf?>vLDkVs
zL3OlF)p@N{oz-C+vdiZtyp6gZyT5sh{_0b>H8;d9e{+v<r=@2DWysIsrUbUi)He}S
zggj&F@x>`E{2b2drh$?aNyw*fi|p-=Gz=?#heS)caL&udoWc*;0&fMh6ZvxBePRf@
zT4n}UU1BO{E-;ld9YQ$+@#)IvB-%4TI7C7~#n8dRPY!e(^M)h?h9RILpVYiEB<bx~
zAOb3UoET8cW4}xv{S2HJaBTc}mk9@c#iDf6mmc~q7ZT46jx^%ATvQ%sQ^%fwgn|d|
z!z)w$?}0j*e&)ChEKM)h0{TO7A=E695j^J8SCyvM`E*iqJ1A}yyVv<WCZHt~(BGJV
zegwSEtqCbJt+;F<ytL@EpRoDgZ?OEr1wQm%;f>}Bd*y+^bvl{lPahT_Tw*sM!1LKp
zJrx%L8e(OX)bw}RuNzp|qh{1jKQn6QP1B$LtbW$Y*2B4onST5nUIIrd!MjuuUexJZ
zCcI&lRR3w{()h8-|5@j3{No6xsXdGtkHk~_=kM=5sx_L;4_6T?v0fvaqc-+wC;Wvg
zMd!ZHb)q~FNhQgTTy`bN8#e#>s}rV|>-S;#!%5|q@;&y6|BI@|atqGMbv=}#{CUo{
zt_zN(t*Z~#r}x->q*M5BRWcrIPtCKG+0B?S*o+qli+F)0!bJd%#<Rae0siq0`$0E;
zX8N0BSQBDeS#SJaFP}V;mv<jOAH-Q=8bea2@z_yuE>PWjm&of@w%+cDUiKd!fURA2
zzhWPs59RYI)0eKm<M$5^!9~aHb`FIoc_QGeuaoaE<T$!j15Md$(v;mMP4SzNN~@gd
zNfqYgM-F6%yJnKwAA#g?_8+~nL{{&hQ(eobyqh&mJ0ASLcogCH2`Fzhgx~dY^D8O#
znF{bfuXbot(Eq%ws}}}WniyPp0t~J+@via&$eC8jIFMrR;&N_Ldc4Gm>4Q-i@4J4l
zb7#CCPvVV2l+j&QfL<?5b{K^Tp@CZ2`R~nVPIsF9>mR&>)#VOtBEt8b&R*~>GiO?M
z0{E7hpes88eA6l!cf@=7+aDJ`OOo+AsVvXyjue(>SRkee*%rmsH&<AxqEMX0IoV}d
zt&#~Di>$s1#Hgob^r4}VO%57qaL|bE2&ivj)+g*=#r{nh_%zNPeUW9l-au7j=Xdt_
z4u^u#@~J0?)a-+ppo~ACDN8mU8Iy`kP^)|awG?#JZoxS}b`EmRLS*Mm_Mfc`D*?5X
zGtj^B7)#m&KjjElErq!G{unpEfH5|~q&^)EQj-ABB4qhFECefK$(^t<APTK628k3r
zZHqZ?Dt{DE#o5gT>T&x3K|OZ#7t~{8e?dL+2MQrKGQeVF!bRtk=z#ASLmuU=WITh2
zt7y^N9zw#lp@lKy>LXU1XfmB7iH^uNe-IXu@!66DX(h*+X(c<1|LHMfhJN2-#tc2$
z!ttLv!<`;d^Io<jg*!J9r77EtvY6Qdd$aMZliZutXZ6~f*VFf=%42-{9mX%)3F5oB
z&gkav@aPv97XllyR9u58wS(GHq5MY9K>zV$*jo86>DAOXYdL0loEh;p#tJ{Tc-#jb
z6!||6TbG&OZ~2`zxJ}Hc@N?Tq%QmUDnOFLC+qt7Q{ZStWu9^kZH?jL-K&ClPGmR)e
za9hQJ)9}E(-q(T4<p(ZPG!s=R7YZs4F-D7bllxB1;P7#sUbv%q*t9yW@@ZeVCxg^Z
z%aEjoeJ--PHF9VQZ!8}U6u(WPBf!B^)+)Da)tFwbpD)ZZ=5EExkXNmCp+k})hpuXF
z><tf(fQNCohq3jL3`+0m3vdI>ire}u&M}K$>a)1NSsd%Lc%WH4qtD_q&Eg4t7H65o
zm-ShkX%>?{i#Mg_ui7d-W7fyKGU@eiF^lW_EZ&#iT{!)R7tIb9B~EHSidp}<|8T&S
zW(R}%>_9S$(YG+Y_<zje?R^%XZx;VG&e-}a{`CU?;)Kw6(&P^!`Y%RhkQ!ftvB;qU
zV`Re2yO#8~-0w*7w^U5?@7==u`+@OZyzjhtzjvhNwevZJf4|@K?|<7U=ht?fcAu2b
z*pFGJB$1lDerSPmOQd#SKlIHj;FoTsYZ0lPXg-CvBsUOyvnfdkCYYDBhDkaGj-+Z=
zP;+HA53REu>tOLaA}?lSlRQql;uLWm(cwJ-^>ut@U@INI%eur1ebM%NHu%*xEAnPI
z{sECUXuyWs;iu;9@NV-m%YM<|Xs(%77tl1cgFcLQ(AUup`X<;%uBk(M8Fg5SG(&4f
z`Fi+n<DW)~+h|UzPuL8HkWXg``E-}jsN3u(4NlMzSj72o3<n#1&?3&p69*YnKUH@{
zzPYC1P`^lHcySl(MD0s5Cs2@ttH8IUFcpD)ONxwn{OGFx;vN4^bZmTUvEatLU1l)i
z0^JNooTW2n?CP*P82nYX%a~uw0>iEo7}jZYw!_7_`xIH?_oS6Q?T=0NE7ZJG{UrC7
zp7gtP$Iz6!l;57ls|Pse+u$%h?i3$#7h^%Z9B;uu%Y3SV+3{aNl?An+mj*Fy(j;%5
ze(Ew@^3M*4=u6IP=3!lMh~*8Y^9Ge*o6)}#xALV280%A;c4Vokw2e*jPPYmw_0N~a
znX&v^n5NUXpi_KY4<DNx#>ZcSn@8m9Yhbhd4f?>yR=$r+lIBkHM|4lg5;=YU3VLto
zi}7TJ-k|!8TH?*p$%Apm;cLVV7|m(?@@xLl=rAgdiVx3G#?<W%`Y93J%?ARW8=p!j
zC{gPpP1i)~!%G~-Jq#K+jg}+g<80mqdJm^DB_{0jzX*n+U1xnm=gnB08Mij~W`nk<
z*zyhCWP?UPt&EX_Pm%|_X|OCAbKAiR^B%eH$L)+ow-M#JuNX55lKO_ueMG7I$_y8+
z`N|9z&1pBoMQ8CAJx3V}-vi!PM}_N_R@q~T=*Z)MeIP|#f8EBVyv2{T+#sl#(Q$-t
zeCImOA|ykr{wjWT;;$mU>hU9tMZW1M+`*|YS-y!j>~k13M_@|*iSiqUf?z<aOz_i?
zHm%+>GUpIFVzS&FM;Q~jNn7;VS_J;5dQwCXgyHixPI1;cAmFRX7iRS&I*f4?iZr#3
zY9i5x@nwU;`fyh(Szb>YnjA(y2r<prG3X?>F7p&wGCXatyfB7)hwpK$B++OOe7#7N
zb#06pRXvQUhcVG;XgL3B4R<w#hDW{zQ1w`#YTeHmn5&HWJ&Xa!jW6~y24FUJ>`%&P
zrhQr%r`2w{_}e9z<Ic>!*q4R6B=)#vq5e#^M?6{vYPV^a$xAi&++UOSOwF$y$9bkE
z7<(Co2=HA9#$Ls|{jVmiw_2$gT^YbYOOe^%wAG3rOS1Y@j*#GQ9@#2W6}#YrpXHLI
zz#HacF{Op(eMDBD3dy)4x_{K^q$a~5N!sX-M_o>8&Txt>IH!xma<!eD9Z$`O5Q&55
zaZ7zNT2#j{(N-Y}Clf^aB8kBydWQ?Vg9=U&VpA4m?!%}pbVuM6q&%pGycJXpd8dQM
z29obt4klkZMOsBpD$9gF3CYbey}ZiY;BQh!a?8=@q=MvD6oA7?rR8B_JeOkc6Jw8v
z^tP8J9d1l}8I3KQj(IK7#Ux_4m)&mK%Wei+S!`S@*v+(|f9MbS?S=cz>;lu(WMUCj
z=liHSo(h+fhx?l@ClDREc*~M>Bj1VaX5|US>d=ovKUx!Kh4syE)FtosPgC;B>~M&?
z{U_pX|IT<T`TmN~V&svUi@|Zex=g%naidJtWxd~FvE`d@wdb41_j3eF`y-9A5f%Ag
zIPx`(swdGiWlReP#O8;xsnxFflL#$7&VwMm^WpdLfX9EYl5vLl&H;IL3yCz!$w`Tq
zYHIiN@y^Z%_aWh}Ngiyn`c&iPwD-B-{fot@5Bbn~7wIbWA38o1jBD)i<R_?iINi?&
z2iTPm>?j|9DvlowgK8V5YHaRi3>-7~=7tx_3W;XL5e|{WV5(&t%7To#QZ^ts#&MI<
zO#;FBAVKv`pZS_YR#2T?29G#s8Qy^@vB4yFz6aiK7@hc@e5j8{!G~#t>BIDGH@_>l
zI*fk!;WQFm;QLxIm@nbMZu1ce$k+jF)Z4X!je0E37?8Tlz=dO9)$s5_enFkf|6Ir~
zsMEXQ>qVjrV2m04t$b$MxQ1}&)pI?RUqe2JB>CvaIz6^M(j-UgNpx=)W5#Ysa`+=s
z3wsL0$K#e<>PJ@9=8se2iRt2Rk&2>UXmKqhvsI2{SbpddiO%RJNu{wDI>b|s(Z&6e
z?w03b=-*r?G(dM8<parbTn`tuRGnx11X4>T-`lgt(=3&&c+m?>F@r#<(q82*jlF^w
z;z6RU5;kw;1?c(dzN2X-rbg2|l6-q_q9rwj%2O?RwwWk%?D^7|zIh?yXHhc9#F&_t
z7vTi&!axAt4`pGa?`IlA5@w`OqiGCbP8{z`4Ra;D?UW>c>=p24J6LsEAhxDe%&1{K
z)_C4&ZI6@Gyq{&wFMy%T=tLCVL87l_^0gf#%26=qUPz*obNR=mB)Td~q(J&d1}O0_
zBhk5TKJps0ZhJ`W<Wr>7^d_H@NI^e%FI1TcA%)k3vLT<&FZ!9OSv{oYrC}ng&|Sk!
zb+w<P46;0>g*#}m?kCGP8G}!eq`Gu`SZ*^*Z#NC@YkQC`M4uAbXQC5CeAT9&|17>L
zBUP4Wy>kBBF=Ga^IU&Ei0P(_;41_kuvot%|ubCAzKqH+psrf<@`J__fl}I$(bR{s%
z$gv(7j+<Z>iSjteWywf>WgAiI`iNH@EatUDPM$?Eg(`RQIFjf*hX~lsO)zGhm&}hA
z#`r3`zr^pYI3}Q2@Y{8X)V0+PXSN82rSowbvTQ?3(>J?$P@S#ioOd9o<p}E2`-grE
zk;myF8}>k!WN>ixPwnwo@4<5zhNI7jm|h*2tsa5<j-TWCrXg%rYQ*ur)JNBTD))*w
zp2vi<cr>Sn!F%Xu-Vdi#DT>46{dDmbJ`F1wy7{V;LX=Z`7&Ee%=`wVzn=#{o9`nzR
zgbDhutZ=IRe8+ZSmGwl~0!kLgMxtDT07ya)7cHlUR4*Bsnl8X-6LCbwU&ZuqQIW{_
z0fXVK+CcKH+VkpSS<1FhZXmW1oP3I_vq<zKP(|QFv`zlT+5&;9n4R3{N_|fXX1*X{
z&YVLWa@GL+NA%cEn*Sa|rPV!**)AYu5j-aV)P&(Ir(;wDI=)|wmb`p)S$q`z%^(Wl
zBz@qm2x!yqH5nSR8{Ryt-7bos5w@AyrqpyB{>Iu40e<1|E2D$s3Y)_u|MzV^+{i~!
z+SrcH>ShMw(PaU(76p#}mJcGyy}|Bzc$3HGd3ala&GYaMpK(bCr<ymD=whJ$^GUQ6
ztZKKCr~$^bdr7o;fJj9*ub;RWZoL2~JBbd=z-(#JwVC|mViH|@KL5CgL>u7aJQ95x
zDlfp0_HftLM45Ggb%`kLBzofooOSsp<j)It{&?<Sx-r8QF5;XC{kVl5`!w>69PU~W
z%7$#+?E`QU%J0CQ?2|`%LRq7-iSkb{^@)5PkD~5xW*OCfe6~wYhOQ^0tvJVbu`4Bv
zGN3Lh3aC?jB6{-Y9^+?m#_9svqZJsSG93d{z+e9BYDB%;k&5vmV`VCB7?i3VAL8mo
z8&<>_J7E}%Zyt`)BUvbFbn^qL91IQagMRrfC-*Z%h9!PXUV4==zq*BY^gy?D97<y4
zyFr_<&w+xo$PAN)++x_{A+wakU`HQE;drR5obC9Y2%yq?;$qUuBLk9ID?aFAOjvB0
z?yo`#<(y-T8Gi*24l0K`FD216nMqEi(?e<-9ci4(hqEBJ?|lizIJeT{fID@Pd8fYO
zNaB&eDs^U=i9U^Ei}1FXVg~D-D<hV@f|zIFl%M3z^l*eShMJK-&%(#IS%1$0I2{VA
z%+G*@qm7&RmigKLN8Ou%M^U7Y!#$I05{{Z6VmyiNs9{&#j4Nv*K{I3~^uR>3a;hMB
zAu0mO3?On0c6XAt9Y6)~T6GtHE3WIYs~b^NCgBLtJuqG<AOS(92_fN1CfC&W)LYfZ
z%mnb-|MPr452mNPy1MGE_pW;1_g(Tq7lxpu$fW0KbTnJRe|IFW;4>GH(Jv=+V~gkv
zmnke+4UEGh)q54_7Of0>Lkle45U&S2x@1^NO&H5G^@qIN6qSR|Goo^sWY7?Vt-jsF
z@q8>?RO71hJ8*E@rz6J)^z66%4oi9P7$A$z=f3N~7$V7%_}n$X{wSXtWe285(d))s
zV0x6#-AqHzD4)B%Sal!6m_^)BrN)T58NRxMgQy#wH4r9nL$Oz$z>@`imn~>Hk<_6y
zsUvZD=h5Z;eH3GZt4TM<G-S+06~q{W?f#_~GJRJfW}8|>2yX?5wPjI^Kgwcgea^>J
z!tRDdwKM>3=~2U<T#KaR=W9KMiCtIN!*D9&hvAg%**Khfs9nb?W%_oh+22Q*xRW5(
z=P``q5y@Z@G{S-f#50UCNjQdXy<*ehlVg*HLJX_=6PkY=^vTr}<?r3@k(&Kixs}^@
zdZc~C>VA-VwnD@I)lQajMEp|DEB4Aa@M^v>6FwBM@FCt(H-b(@n}f0eLRR1u0l>~Q
zn=+c@iH-lnxs+pi<>gPuv&a=D>}OLz4C86&!rxdH6p>ND2aE#V(b?roW;WT@jj{SU
z;TUnu3kmDaiDy`UrHnm6{>96?e{{$5E=Y!MLfUK2Av0u1Tc;uIE$3*cHV#f8z6fYi
zvYjB#gJ&_HYv{i1zR=(F6*R9TuarcOp;`AuOpM|fnl&e)%L=6=in9Nv$B1mF_(ehb
z4ig)dlrwyD7GM^*UzCR%z3*w>QLnNZ^vxlyyxakWe1?3=59#!xH*08VpFOEi&nL97
ze>rd2=99PZp@BiZW^Zcb+(0+xl`)MpSp{W0)N3^-%9!*v?{6xh`%r3-uW3y6rcg&n
zb^-7snqZ8l{AeBgD5w00W)ho7`4L^=sl{FaCRdIFxj2x61NO-Lr;IE&>M@M#N*I;B
z*%~iuy$WDlnNmqHd7P1xLSEf!BD>Ih3nM*LZ4tw$%0GynU@_sX3uSxYe|BD8$-oYn
z%vLI!Vd`6)!NWBSPUPV_#*XZN8o@r}0d~x)zb@51&VA~Mqx!i->*Ywi@GM<`tGiBU
zr>K^gPf>j`h+*jRLE0&*DJ>X(l+M_w@H)m&X)S?v9x3R7jXE)(SQfz(2JeeYmREhI
z&h0+x!@6AY8pi5vopDriojC}9)>{~>#Y9Kx%kGqI!dShclNcz=smWd+r=0cstFD|K
zJz^5=#oIkn*xyH)zf;0UT4iRvFPhYnGUeSw6k!NKi=T!{j0AP1rUZ4S(js$M5;t|F
zRo7*e^6gTCKhv$u-szFr0%vQ0=*MPN`B#k9i5-R{1@Sn1)KSh*gOa2wq$(>p%Ec?)
zRMs-3dseP`sFk^RU$bbjcfUGLEae7bE_~HYfWLe!3uvxKadX#rkWa=w`Eca#tEeD-
zsuctX4cuZnMyegy(BG1Ej9)`U7S%Bxv;#Y!I>v%rpmwTbjLHXUr#i-s#cJb0jN`YY
z9z0iU@So)pHozSuUY$cNDd~zFUCRb)R94e;voGtaGF7}Gr;9cvjWbeTx=g>UD_BNZ
zzq|wqI*^6K#S`yijCd2oO=a6@43anR*R*o+-adv+as%W|-;1Oxk80itpY9mC>!{|P
zD2QRKjz7xwTl9UPu72iypnd%klSnWXf$ektfFfPb++)<m^2(cF+i_XCF<)cblXd_l
zt_^>7bzEK*GP2!*>I!z8jVi9T5Nq|bV8@lH;zNjlXW1x*u~<hq1O?8~K`F`3QELjv
zy_W_EH~gV4NLO*}FKBgb@Eh<|R;F^CD_G<hi=<z}<wA$Wg`^AEwRI$t2C(ZC4oT^$
zh8Nxx?q>ifFj(Df<YP+6#<w{&ArIsHw505hC(Hc!&_7Iet|KMR&h49$Xy<Bq7^&jU
z3pJ)XB7dfC+Nu`-eIL`pD2X_udtiTn<TG04c*{xij!C1;o}o+crb1?D3}bzb<O3e(
zzQ~Mwy9qP#IKw{qD<5pX+;nd@_R;O2x`>bbpiN!(c4KwYp+tPWD{kNN3ab(Kax2zO
zwXZ%+eS_YT)tsar#{Z(J`c90<MQs<J$i+G14fy{75*EP<RnCN6#FNz2STYUvzK}sK
zaH3PQ)|Z;W&q%~S4cyuP(j4{V9zp(n^mO{I&AOY0ND^i}jMQp&PSGsxFIwZ|NSQpZ
zoXL<SxoS2o<31q1uXj(@*KH^5YhEsFLQ|G@E7n+ALAS=zMq!NAA>CR+kYVKKIo)yf
zWVAetVEr%X{$UuRrpA6?!*n{=OAe7aOev<QO{V)w+;kZn*xbmh(V;|J_HJs+?&~)4
zECzC#7Wc+K{L|xj$1~gy=N;81-m$|H$2&GA`Oljk(`kCl9n=~2mcgFYdFG9mD_MhE
zObyQIA{aQsVdG^uwdZ%_f^y(@6jObFhNBq!9X$CrCi2!CLl5^_bagvecm)#Op#P^`
z+>{9C<vN^0X|oQ;!&C$MEZ&4vH{_~Iy9^?^lZ8yd5X<3&8XMwNGDNl??siPYe#dn3
zZ%m{hppDc2fFZXIX2kCv<svbd!GeMB&w$b6c#2qkGKy$#J{d(!fLPzW$i;UV_4*<?
zcWFFTeWjCm>bGed2X#GId-!OlkyMW!WlLn^^dQ^A1lE?VWV!N~Sw<F!p`W&15zB)*
z7+#1|sAx7k`S}EeYIQ_A>XWEd5v7U=&J@ED4<-AV>29PJ&~zuNg2|%e`NU&auxX&%
z^7{HLHB|2=`zgukt)ECvh4JKc;i<?ebt)B+_Yy-yaXaijWvnAdJrJcw?cgZP=bY&%
z%!j?4yPFU@Wq#QfTK!LaTHDnALgV_yRPMu30H1sy^5yN_2`ajOKIq{|>iLzRkyG`2
zfgLn*y2_(+K_jQ?`HlHte^d4R=3>>gTRWfkau3FEx=?)<>L<}{y%<B*dt#^2fM36z
zX~6y&n)W+Z-{O0WW^jD=d!5RB^w1%rFx@r+SexjLU}o?1HY-;h+paSUsK<F%H&(ZN
zN2O9=1?<MA6KNC>%{#MyiOYm3aJ^^3EN5j_rFr_k;{6F*ypv-;JQL>pB~YcEw?wr4
z!@;Iu%sW%x1+JJ(dG#Yb=9GG{-8+SXGb`}ukIY~APLKKI`0}`u<MZ@$T<@pSg5U?$
z@o=644iel9$8EBZ_y^1m5>#ttY;M)%|JWXk)n|Im`&u7=E};+Y&c6n_`dCByXPBzf
zr{@%B5)#P!X%l%r8^7E92$!^@bf1Qb(ktB<tKB^&@p#503UbtKBnXT@mk>nKUAm6*
za*w9t5SXZ|dg9_nhm(7M?4kSPDe5teeh$X80bD``u&D>*4}t7da%I(GbhP>-7anEr
z<s1cfh*x<r&jS9fT=?^54*YqAdZ1q<7!XnJqgH*mk-QStHlOueT)rU@z9yQ=&L#5b
z%{sSy<4&J^d&DQ-+{#<F^YXn>ULMh?*0!96*u%H#=I+DYx(`9!)Dj=B8;1u)7TvB&
z3wCA(9{4GY+#bJo7(EpuA9gck<d!JL>XazP&Uy%*)EelrPB>&E>O+|v(KLz3i}MYI
z#}PHB*S^PW1lz#jCUDH*cA@T>p#k%0Yxl>g6)&Dlt=PK%WNdCquKIF&eE#%1Zld`5
zSi6C*YhoC$JA(^yd`)8}|5;?MB>?+)^D#Z6n5SivHt7LA#Ro<6J(>n!D7+p!FE4c1
zdD-vCVd6j4q&fKH$4)8xb)SsPJjOCLi&R?_V>tKUsB_gXb$`fM{h&;33}e+}R$*sN
zWa)j#lPBAB`ShHoOg+&9M;(~oKQQ!kKL5k}5`6ySzx#39kGqx_7;^nC-Sf#@(@a5j
zhNU*$|GzTKHWbxyD#k9kR!<){nf{>Z<3<XNQD5i}sYR_`<o;N_Q#}nWUUdsahpnoy
zD|X}n3wF6gWl=iktBF3z>Rl8mUpcu?^37eR@=4yEt4`cWCSufAT4b)Tbaz61rR{s!
z;(xkb3;L+rt_6MEs%k+WZ*Rv~y+Jk32PSx_uTp6^i9*_4sxqzm;k^tI9^7kkh38lp
zWq!kHuJ8>Jj6X_aXf^*SjMZ1aV@|p!VKmktl4Q6_S&PK*w{Z0;k^<y=fB)7PS3>2%
zr@n>CgW|GpF;@BQMm|rrGc;zq)PTf;L{{$EkMRn9<Mrk}7^{!$rL)Q;Zx7qgAl0=?
z8_|(n+K8UmuZ?KeE{s({Yy15H4XQg2Xiz-^Yf#;K0An>3oB4ABTo1&k_kTAbv1bk#
z=i~-3VBPW`jMasEG5+WbcE?NZ+`HG%F8r5hnuY%iv#-*#RozGEE5xU$JLrW~ZTK!8
zd9E}g&v^;Rqta!ysMqdhEB=+X;{Va`>fbvxXl>l7LF?+>8noWriLsiuo9-^`UX8K(
z)*hA)&Y5C54*2;SM5^y0>;#IW5fe=c2eOlnVY-wJV_8XV&T671-NrR-Jy1Q53GC#g
ziC!wgwM>F2`%cGfRFPpEpbgHq6w&BVVh86EM&)cH*55l2U>^S`;+$sirgI_v<_t%!
zE4YZeFmSFbxX8l!2NH$3b8I(u1sA5_3z7Jtg$hEStU4Q<ZLFuHFZe=k2OnAbfYJYY
zJ;mB@#&_clR`~uHEk7e^@eCx$z7QPrTZ%2z8y_s-0*GeGqlp~HI`UY3Ab9DBHPL3T
zs6GHHXka=Ou?+{nzjNu=C-G&4(jNRaL8{(e?3JhRUYanTy0KvB9_PNu{o`mDVP52p
zaot#5{1sygV-GNc;z=r{ZaF}uR6tP6519Q~J{gzMib!lV%Mx@p;M$S>x9R&@=X`ZC
zMXeQfYUO*QOq>v9jp=PvXS+AzBl_CSt)Q<h?ZJ4wv;Oo8w{@0LQD7ON^B$9(N=WF@
zuQd`1eyx$v>x~)-&G;H)^@T=u?zQtGB&C0bF(6{(kFQ~@-uf-ZaAGZT#UIQl@Kg+A
zh|XsDgyGOb8C&j9sl}^ophs*f8}(!%ROEz;u~)8SDL%k8A~v8ZKlnlFyrJ?KO;%82
z^~%r%^`6M@nhsa!N0}i-NG3yc-V!AcW8l%KKOSgIeWkE_Y^H(qTfk6x7bx@EYyA)N
zp|lsjjKjk>O?bHDtJC4(tXy@D*(3?xK-Ha2Vk_L#V>%@~jXl}dg|T`aH4@EQ^!sM-
z5lxuMpx0llpZ_3lIm#TT>Z)$Sw`n{fGY$8}^l(D|tVEYaT?}&GuA@<tS|Pi+rdLW6
zU%81q{Fp@v7LhB663i3!M4b)64n0V48rGZ;x5u=r^J7|&Adj`c!E58>mvAVDmoW91
zLt2x)Out3h=_tF@j<QR0QFduQ$}TNdmUnX;C)Ee;RL+tb0=Ft~)>aDpAK(=@vTzK|
zve8hr)${~I|6^!YxgBMXw;w~ZCg!5-TXT=0SyS^-_O$$CXx8*%ls&VU7vT7VMYz^V
zPw$fd{Qb22$T<)PR@u#tu{Irm{T|uxu<>${Bhq;zVL3$(Uhz9@WKm~hjGOBCP`{UU
za@_kWaQmU_zkqGA2R`Pw$o3n$F(2x;lsrC2A3skY_g}|xk@s%sHsxcS;Fa55<Gu2i
zu5qrhUb%bR7{Ghw#kFus<jr+(4!Oxc(<T4ADQg8UY_yY~Q+VZf1k?UiPB1MHamx{p
z)Eu~y72)l7-cEw(sg6`Ya38T_AlK<w2T!i@AZ3vk3Kt2RY;iGhtWGYDlwaSCeR8{3
z-W>5<PZ-5!UJCoClu6D0o4tzYSO@Md(eajr<NTNMp>n%dUI}-7avm>Fw~?+*MNpxC
zZ)hdF;0?V)I|zN?AXAOpcs<Ny2pP5JELuz;DYr!ClE1<xn=@?gi4CDiGUZTqP2fXm
ze<YLFVu0i>*uv(8L-T2NVOqN>ZQf4mm?kRpOt^*>A4?1>pCgAnn%H{^<ddXQjx>%o
zbJGSbodci7vCBL~pa_k`=Rx2@Bvu)r3i8|83=#V3pE*-Jk<^T&`>lkS7uzgIx{6#X
zrG15nMTlBZrNhc`8;CI!xqY;@M6^ziODVO<9%w9kQh5aeGMx>)yqgyw&eBpRXv82C
zSP7L2;d1%OZcuTcbtFdl7<h-wqZQ$_ZhEM^N9eSm%68I4GzE#*L(ZgWwlZa=ouIJ`
z&&_w?xp~fdUf%7(b8~(2_dfYxB)vy>eHYPC{b6oLp8s}&LlCj=lXHFYbQ_qLERWmB
zR$iGE<&`C^0M*FtWfV7VE~6?zK3}-dksJ6j;w^)euEM7Iz2tK>h2hIM^6h9kzbP#K
zFdqUQDE;q_aEyzOjbZF;Zh8XptU~OYv$;v6`$}ZRioqXr$mUh9_9_$fNx#QJ0m-~0
zP|=>rrBaNsSE#dlh3mM$7P@&Nh5aeKoW~0b9d@dz(Oe!rGAeIj6p353Kww^`rJ#K>
zN1EHHG(}Pt#sna+C+zXDkh~Ky7H6qkpX*h|=kcMTuI)s)m*&@{P;bE;8!wN}<>fJX
z5HYwGLXPy-$G$pc>jg24BVQ5JJ9)-lbsW}$1|iKl8-1M?uK<&x*OA9g(-oPdiQHGX
zCIF$!U&Pgy&Qn(BTj*;xuGjc-V$#vj<JaIgp45!QLmUmr6NeE?(8GnwV?t*Ns*G9*
zdRu9oAc8=4Uf%6f0=Yire#oK$(Wy3{vM4{Yu#39)Ug9{;p!Pv=U-JJ>Sj43vaVy*{
z%jK1E1k#^=Nq%}x0%_RziQGSmCOpmI<vPC5?XdfYYW1q-w?=NzpDOdC5ts36p~KD#
z5gI7Z7e)i0MjWFUk>th4Lz8=yI|z$7D=+Uhm;})mgw5r$Ksf}=CbAPK$p4OMc54+6
zCq&cz?|?GG<VoahN@|i4!?;N@)yLW$d73@?hUmHjY2H_FXraUAllM5obwZVe<IVzE
zeIV+sOQi)dbk01aL#UZvqoy3=Un8Oe&haZABK<u?7bq+6(&{B1-UWrd$<L`Sl<k8+
zc^EXCv9qB!j>vc+5E<i+iBJRh3s4Sjm@pp>Xsrabn9hL@m8bGbpn!~@m!Av*>-X^d
zkd8WV*g3<zGOn1;lju@(KH5y#yy#A>-=SrNnBgcclNS<cPS^+Cr|}b!PKb$CiXZEk
zSVksG?&YWm_6zvXlk;g1aF7N8&nBz*Whv!@8#sL?RE=9f?G>_0e~wbj-U27k<7fLs
z;%tqXnr2C7n3gm{eJxE>WlK1YEaBu_Z3&4MK9((^TaLI0Td+`P=p;wEdU=n|XZ{T*
z6?&WNK@Tm?qRrE7FsJ73Ug|NJ<B8>Cyl`l`@-D#=d91@B`y9DM9?qnGekvdLA+Z$X
zZ>mFx4nX1_IGHrok?VzYPx4qt4*8kKDoKuY*o5dANUTjETxK8=v#m6@qm5{sIXnXr
zudvnyL{Z5nFXuU%J<etqV5UMwQt!_cqWzJ0cRK0nOe8K#B^Oyp+?+u!`XX_Y4QfX^
z2>;s#VmkwgeKX004T+CtvdVX%p))_@I6gCiq>osh`y4X-TmYXyV88OoHW<DaB$GU^
z02E`dJf#@2;k)WGsLnZ$=R-p;Zh-R!<z9K7%`4xK>y;<u5o^krRgoj|v<LLe$O`z|
z5~=b~$sY7D9yL8#KaJcmk}?g6@RP4i`6poXpES_Xiz6_zb=^cUiwqypjok`W(Y*2&
zB%YVXaa*8j05SXkPvoxweM9Bl{E!Z%xLc^1?v+;up_X_h!QdJ-#Tn-7QW(nCrKAHR
zyU)%9+ngM?T#~0p>DQIyQ%#_xn91)Fo>dVjfjkfeyj(Jor`z=<Q(*>j300icm@dEF
zj)F1*>9UZ|Q4Vg58MF{-zE@#tZ2`IBz0BNk8ODx_nl~KqkmWg=IvTlv(fw0t@%USj
zMikB>#~Da`H&vI=bjf^jGgX`Ep$}FWit5Xt96p}GajxLC91_ohZr@x>H)BBCFWij8
zt!bo}I|&0j<dt{v^2Vk!^?dunCcC$AClc2H)f72=a$Dp;377`o`Q)ZDdB0D&(^2eI
z7TF@ZU4ST{)<+u153qh<be38^v;a~z@R5<l-5B)ZH=xsijkT*Irp>{UZX;z?IWHgf
zSz01rz)hcn_sQ+9E$)6C7dbitKIW5~BL_xwV~;Z&Ttundg;s_=&SrH!Y_hqHCF12&
zhnFt!&swH=Zl<PM<Cp0MtHx#q(js-F<J>qb@oHEy(Mu7Ge3>Gj+fn{Y4DK6P9RDEG
zz@+0w{&%_A*{q(a=ihb-3mrKYg1ZG}$|Of|8L>!_7)WJ0Sdo?Ef{VBdk@N&HSK5M$
zEKm%}*`SeU=wTbBPrh3z?)J*dHKHBT!RXT&7HXz5`lN~hB~hPzUpXVuTPFJCF;jIC
z1>%jTPfCPd`m`j6T-fC~ghF#&qz`$_Wkmm7!sLW`bU%uL@O33qbw-i~emA!x|CkHS
za?@0BKHv|qXgta;AwQ<Vuu%5saymxvjc7~eY%ndFp~iUSN?na{$*Y+jGd)p{0g>Wy
zwyC#64re`baZD%WLqr=;A28MbrxSLDy$aDyh=xXJtBlZ&s}5$HMYS|GUtL+NOQGRj
zbIKY27&Fl)k3PwoxaE=@ZC&b0&SU)4M$lc|VXkiho;7Ei`k$Wv5iK?qv%+Wzw7AmB
z_~fbhqq?J$*|S96y>u;MOU<;J2BBkJnyZ&bHM^H_U1zhpEeiQ-P7Ck;r-U~h%baoo
zZ&M-}0DL0;!vau2L>8c~<UDZj-5WLMdry1l6Y!~~ns&`|yz<CmwtYTQOI-$=mA8FD
zy{zQkM6WzDmk0REBl95jHJsqwYRV_?m75s~I-Ax1wEq~qJL6<<$b`%Qtj+_0ztV-V
zvjP0N>MAJidD_lxzc7#$x5L3;48uro|3Sm(bILjTF~-hjb#)uY1dd9oLr1WGouKqg
zy^hDn@p8`?`7>TPWMfX(1|+WFsP$R}p#rbdur=u=Q2eE*LGk}L+fwu7@}cq^US9PQ
zxMex7GA^H&%k8`(F}IT-QJ<64i_d8lwJ2$c9l0e^IUMBuS)lwe=j29Ke<keS#Vf0*
zt=Zt;rC5b%A0+0|xbX*sDAMYk(19us=JKKQ)9c|BdBmrXf5olDKIWAX`MeyWtw!bX
z^5g<ObpG>o99QSzXpDAQu}}8!yu7HKmnYkJIgrcCWqG{p$yaY<ej*`iM`AmL3^j=)
zY7*TC(x5z*7Uy)<^YW@7K%$PuRO%B`pE(xiFRv{pDoql&>LiUF@iI(5a$6DQL|=kS
zMFR;Ex5O|eV6oGB#sog}Xg?hx*l8vS$_uX(807GB2rN^14?m<smUKayWThFlHV}a_
zf*5LWeDOxj)*iuwfvwxxM6sfnpiRu#&>JQ&9H6%Ls_r;AQTY_PZy444?}Kx>&Fa1E
zJXUBGwe|i<#qft<>&31H-DCipx~ZNK%LM8StIzbrop%qddYbn0676RN>8G0Z^D)CJ
zHPg^<3_k^c%>G0D6qyF>Aj`$=aj=`jU`MlDS%DF{9XT$PeW#;bean!))HKy7*r45&
zjCKbCYW}e|+I`3h8!9CUq{}N~eg^6Os}M-{JPn?P$9|(mzuQgp+o)s-9sQB$F^w-Y
zJ0f&s`U5(#hR(lY6X~5U36SoCxj?f(!a%oIZTew!JA=_}<X43hk9Nl}cJ5Gj$F#aA
zy%P!h_%A^tx9AJ)Y%q}tgEylV26LgnYJmNuL}Eag^C=G&_>_B#H9n%;9Q`4@<jexf
zOKt#OLRXXg9!_`(2Tq0e!CR1t#J_Wi+|GYnFPsiEu{ti(wEd&LaoDKK(i@#!f0b6p
zlhWDb9#i{X==*}J;^{kp6X;uA%<?}`>Li1qJKtAbNvyeA9!^3t8r}k~I1}+E(rmi6
zbq$U<@WFZINe-U;EGIuFlAlw(@>oZXtIiE&kU4SzfLD)pV{Gu9eUKmgXVCA`{{{W_
z{r!)pU;An4_vM<?(eFz&Kazg$82bN)ezX36LBHd!Iu-qf%3Fm_3#!<lk#Kb~2~RUf
zm~C8{skon+iX#Wj`hRb9T#+A7$Ky^z$K&(k>3DV$9nX!U<9<3F&$#0MJsls6qvM@%
z@pAF>EPrND^b?GtA3eD?Jvilmp-mTF2_${CiIk1;N@4#F6Fu)Bieo=rpMK~h`gGrq
zeyBdZ=>sx|$+lYv^*Y17k~k%AeQdOT15sb+^`ck*hNeGDW%yag4I-$i$)3s128N_1
z5q3`h2kX<>PF89wL7(1a=+oZ=0rf-DwEu}d{r{HNP(S*)`IL{|!}RItRG%gU#Jau4
z%F8Y0p2GyFvea#Y-50;5uzR{Ep8r(!V5~q8dXLc24~ef60Cr}xIu!{^n`cQ_+A|5Y
z<;G60pAWh$p5MINeQJL5{cqy=&1*f0{N}$bFE4NzpE5m{S0?6B<^!dAmD%}`)*(9Y
z+4@s>&kVAflN`l_?eOGhIr%w}{5&b|DP-g7eO~>4Lzm(A26{q$9P{}YeKSiqQ~)Ql
zI{Omqq74pb{kJd2`9h0ryxhafN1S1(_i*cMzAl|(h7Dg=(waCgxAJ;7-8&EbR`GCB
zIFP3RsD$WQ{_}<Cpm`VYp?;S4IgY<0bt!MziW~Lue8^5=6}aU{FXuIs5A*5iUGY*I
zU<^Yo|GyNQ{9oZfmw@{qahHwbgpO<^er`)fE3QuhT4fW)T~D~^rUIYb#>*|nht)p&
zbkONNT$b2F7N_MUV9_c~Z!>ywD?lh7vI;L|m`9AnK^SA9AR9?#83co-7WkC;#gs~0
zcxB>g1U>W<nQ<9QE1enN_xo{zenu7(^mk+>!{dUigxT~poi_s64^vWi#o+w=AM;t_
ze(_fc^C>0Yw1-B;gpO2Hc@)@Yh@#^|-HNxHmp>%G<Pbpx&2Oj7&gGTzJVsYj^VzYh
zfsV+ZF6qX+GLRm$gZ;UUNPIqx<wH4QqO5ci<_zi3Fw#V3>FHoG&n@uE<BQAWX}njS
zTke&|Pb`zCO)Zme&2iP0GQujQbhUu#7j9)0oo@pYC#T2HcRVn+@?4=HoeY>v1GaB@
zr5v_(?MQq%oq2)T=w!DePj>|8Qiq@0k<*lC@H4*Er%a9V%KTPd4iU}}smg;K4v}CU
z0f@AYF5X%T#|5@gSZLk`tL|+`=S~6)k37>x2ji+sPh~r#Ub$3@ZYnKi?%7hFd2UN-
za(b^^N;f6Fa_Lm{X2y3YdJ|}HY4Ol0fND*%^9VHP=mydy&efNgs%-B$dRgapQhxF}
zm&wx#yz<;)uRNYFlc$w?<+&5R^7!7@`3YA4^nH!(Br$-$?lAL9xAK4aEK3=r%JxxP
ztc=h@X&1&WVVDJpov^PsI@ha=$>T%kx4%t(mgF;ShZ-?uxx74%8ZrHh`jXBDbuLca
zzvy*b0}jJ^jE1H?6i-8RT=hu2C?$SeZ*;=A`XlLH*rd3lpiFtV*eh%#jK-_na!N+y
zlcA$XN*-l2XC*B2A3CW=ARASF(TVZ<+=vv8M{8=4u%#1Yy6{=Ldj9W=G!co!Pc5+3
z{@yvDH~ZxFW3TCmsjXv~ytvpa-wNwkCNG}om2aKumB%Nq<HsGRTgN}Qn&EZwcAXLP
zdOI7Mz6L!1XFf~unqrLyKzRq{;^N{Ij+r9^$cQfLBHyFSLRO{P62B@r9T3z4)Jx}0
zUq+f>9n!%t9(FG&uIq@N#ZIi3<PyXpSEC7q@-CEJTHr$2*O!y~K&o#>e-J+1c+3nR
z%JvA?TWE=&@6;%pFS2SwCWNhC*-75l^rdT}y4du|Sd;1|`<p4lM-r9cbT&<G#&o(i
zHr+A$bZ^n7JDyDUR%5#1b`9-_98;g`fK!l>l8dQcTi=ec`g}XRc?G-qpKgrRN_O*X
zcJmKWjMWF(%~W>tni$6FWOlQ~L2owqV65`&<~QtSYbVC)@7T@F?B>5opBJ#3Z?T)}
zx-eEV+0EzJ%_loBR*$#Qn-%P)pL~6H8!*;lUMc5^)}Slq9aglmhUyP~hYeNN6CP{O
zv>Y-Sf)qm8U`j*L-0}kY=2%A#<PxRF!^?Hv0I@!&&_vYRX<F>lTUS(ZdHYwCpJcbi
zTL_jmj1`+^A3WcatbOfHGz$RzhPC~u&tJtp|HO&-&p&d4e!ffS=!3+|yOTe^Eb;R|
z?H`<==F*5022~S{@<7x~+e~tug05+@QHtVsz<&RIfav6&3uP0@Ryx(Cl-OJ-duF*y
zF100Wq@30TpuTt<<KE4M-4{@xTy0ESZ8&M`zhBUeUGiq~Lb~aNzn_Ssztql?z5jsm
z{+2G|{WT~3U@;rs)27yt(7o5z16b>OO|9LKU8vuI*E#O}*FoDFI`egi#28+|agpC%
z0D&4?$>YD#$2ZW&uRhIj5jz?1SeN|yI53CW$MEv8$bIJ%iS~_mot}LvbX5wR#{CwF
z|IzINRBe@O^weu}3xvq!MOUJVMKsAfA4+@s4f3Hg_r1Y!xA4eaTj$~Ec?gfq8J_H#
z#QY#)_@VKnBZ%9)kz7IC=0u?}%7;d!7Pa!o{V5vE@r7Ro6kY~porYYv<^L-N5737N
z7BKravU)pVB+z1YwU(x>yijXxsx{|(s!eJ7hw+;ZcHQ4#u)AMB#bC|$rB^<|Ow1f!
zhT2r^kt@$*hp=kk&CPUATv<nJb-ffN8bD#UcAmLRnP>CK?UC+t3Ai`%g`4LN;N@DM
ze3;z*@@%l*uk;Fa_Oin6z^813eeFb;@!F{t8rhQ=d@^l?SGmpy=M^ox_#wNz@<%+u
zou|(2#%1ywPz^w?D7WYlYHw&gC7<_&{FMDZc#W_G3Jl&xTE@kwtZ<F>g&c#%@$!i=
zG{TUVyQFZy!z&|sTI^^-F{+qp(JDZV;kR(PO@mG68B2Ix*lf|BqUv$D$}R}!5!&|_
z9zx<d7Ohn{jV~-Ip1TlLdkEfal51&D7p<2>ezgWW8<Dt{FpI`$QET8`)_tm}`|c_`
z+%@j>B;AQ6-N99M2oU4t-I0Rxne@UK-;#hI?1R?Rc6K&B2hQ53{Dk3r1@$lLpsW$6
zd0lRyguq3fJddT@0#}Lg@)j;v{iA7rb%HNcG|2GkvH*h|sovk8E~v!Ht$07|!MGD+
zoYi!rK|fx!X7htKu>pyfSmW0TRoE>YS1dN8swE6CUSX5I&@NOx)?qAlS>XXBE&-ok
z^<|Eb=f$G4L!O=JsoJ7pbDt{?_AK_V5gP(8lJ4XWh|wKkNs!*L(jSln>F?|ZS^L*%
z1mELen;Y$)<4o<h5KP%0Ee`gyBI!W}DX*|8HExs%7z6iudbt<t<({$BMm#|D9Oj7S
z*mR*Lh!*Dn1F-&}j>D#NYV^I7pFBuEJ1=D5Q*R8$OxAPrOgP1s5o&}bafwJe%-H`u
z`EpaeGc1HH{L?;5BV@r<mz(3k^e!*vl`%Z)mJf|!I7P&mtLAVj9~xzG39&3*9?hQ}
z78*N7gxvX8S6Rsy^q0su#}v=KOW2S25N|0C_R#hX!rqS1j5Dt;uF7L=eZ%f_*pN84
z2V+<f4O`u)`h?aGs+__Yz}08d1w4acj9SVbT)-Z5#^{44iQKiZyZhko7+xKQF{a0q
zj>WWeS1N_SYl2Juijbp6-b`fkzksz8qLkZt;gBuz$(h~Q7xJgknv0Ke9H&6pGpPYd
z3pEC$jkscEJmb~*>fyjdMQ}hOfv{U%L+PBJokXj`o(ng-<<}e*^YIiWUrxiX5Bt}~
z^MHjA^_$4Am&NhxxBkccy6P;0UnfObn&{^T@$KxN&9|Yto4h-6WDrG*do(N>6T^5M
zue{5H813PuHh(d%tR~_*vJ#?G{9}3LpP&OsZRC0t5#P>wVp9FC6XVHJ7_ADU>aa;3
z2~ZJ*^Izg|hM6;$4-K`v%yE$wJs9@Fo#Dy4KN@ggvRR(NH`r(Cr?z&$Shhls&IV$k
zgogfO4aY^U?J*C6=wq-=2znA6NmnL0@=>+5C>K@MlHT9v9D4ST+BsLCYAFaA$7#nQ
zzoS1dw`_4c5GRE5tK5$MksaL_yX3GG_WSF=LZG7@>nPw0zo8Xhc;TQ$k8!Ea;^l38
z=tii-9WD;Wg8rr;F~uH%Yy(;TMSN)Ji)$c5i~pWr$6h2xO+%1dBKJTgsIU|!q(OL_
zTMpl%o!2X>rTd3Pdug4q-~vk!Nw>q5buAKqO|M=>()Ac)^;~Sq(-nAj+6umKyZ;t6
zm_ya&m=_`z`BPy}IM@;N9}af*^SgqbS^gqOQ?{DWCaex5gz)Qir|xAr!TbYh+M=7W
z+22E9WTmTa|1-y_7sWjfF0e>Q`UkPYmk@n|_8HUDAx+ZLAsr-b%8Yo`q4$#BK4%%l
zTr5a)XAI+}M~(i+5#Vr4tFS4n$zm(Z9h6~tA+?FTnJOEEg%n26vS+wNMdH5@Z1@;#
zPFk3L7qudBw-%RMM=l_Y&EgE#0W%{16>eT~anocrUY!Xl@LUL6WPyHi(KTkKIq!2q
zoMX=bi8UR#xXFG9yk=-c6R=jMk@~`EWmqF7e51xE^l$frtae)bZR-Hamo7B%rHu(M
z#Q)4v2PMXbj&;e$$H`v+gjwBzVU^nn#ZRJE{gaI#BLLEN`d4b0KUj`P&4KKcCxe_G
z`$ryW`lCnM=g)8}Yl3h#dJShu&@cJWYRIh>dY9(P*szV`xX4VT?K?t!SBN%d`;HKS
z*7VZJ^8wK8pKlW4;|rVo*T?4rxQ^um_`n{Q4`3i4>R0q4O$Cslr2<Hb_;=HI|Ec};
zc>i(zdx`gtax~t*l{3ftN4e9+`_mjD@6ZlHA2=Wp-tGO9<NcQ*8u?X$P7?1=dPs=(
zr}kzKvp0DqU5KXmCkj!k|5tn{?Yx&bt}cVxXCrNJpqMw?X95&@vm&vNg%06i0HFU1
zR~^*#&eoQ{X)~jfwCkQHogI_EFv62*d1|*KhYzI<ex8-5=0j<Np4az)N^PWh0gdSo
z`|U!3MJZ1W%n}Y-gig!6yN#mKK4p&GH*8K05<fEb&B~N($r3g9?Z)2FRT;j*7!q@=
z9OnvNcOep=q9^gcdVzxi;&i1wWIgye5KddchtfQMJWVS?e{s^V@{b%Bd8CcTf3AZJ
z*}7;UFuR%tJxd=D7Wj00J-o&ELjSM%P+I2czN($49ckf(!xp}<6$zjmY4x?usqE+G
z2?s9^c3w#fPx7I(o`l|=VRZl*#|p6l$wZPGnKiXvG_&R=E-_y}voi{}%u~F|cpEQ&
z1)F@42m8?YG8;HCJ^;Vn@16Bz{v*37X#UuPu~*n)_Z7~`L6SFyu`hI|!`^hZ$sQCo
z*}X!MgG1tz(8W~_FX{9>jRd*?mVvL-a>(!MMQc7s!a1~nphdk48~Hn}>V$;)tRv0!
zi_;c7mjsiT>0CtG%H-$Yl8H3?vt3GHp>kg?$R?=`c_O^<u#H0^96C{8?a6x6Oj{bF
z_(0E@@*KxS#vi8uc?|r7B{rjxFhA8o5t|PU9sV4h^QEl$<ZcWBpa)o}aT)oo++p_(
zyCVmQPI&3^zRz)7(`*f%Wy)0!pWGh#Jd^OQHZlgeHd1kzcF?yQV+e;MP5z$QjTxA=
zb{DkLcKf>Mhi9@6f8IqFa+BRxNItxdGfxw;4z@(*9HTh@Fi~4x?lKRw8?s}p0w^^E
zu7I1;2n?W|#rR5!##c<Fq)zDqO)3taeV*mGNILzPSj5J;rJer1tc$|e)Cs{(>FyXE
zPm@4eKh0XlI+MHK_zcHIUO7q|?1I`bWecTxn&*+cd<%QIrW0c*kgeg*(1)L)t9K85
zTN**A|Jlws?x5mWygcTG4f(X7NG-vov3zK#`x&-PHExVjS**Fp_)yyA&p@i%Rv2@{
z3ZDt|XC5WpE_p2<Hrmz{SUApWIpizcAIMiXY4vDN?>|dcr(QB_van&3{W;Di+oaoM
zZ~u}unQ36s-Gu0ScVAKcXj>-LkID%O?vI)6uG8CT9kHKlr@c$`VHnj$vpi0Um*<sq
zd9{tGSIhfah_(dPu-x+Uffg2j{wBw9^A-uwG@5@_h^8ay3~EjZ8+ZtBAD@pz4$2(P
zS_nn6yR3w|s8;Q%g?;c`S_W~xwqI|zavV6h$ip*II8K>!8U5Xc#P6&er^c+Bzg~!D
zBI!k<m)zV#(fJ|^$4y(2q%mmc=6(mw{JV)%zWWGVf96u&Ooh7ENOHhfrYwXChi6$i
zPI&k{D-!$B%8X%}fDp2=4%x;F(dmmbg=;csMFCeG<O1uXtvSm{qsQC*X*I;#Ww2U}
z>P_bJ1Ci&LEGoemdz5zv(t_jui@nS<<pqcHW~)}HWCBt7T|y<rJEfA9Frl%vt6zd>
zQJMix*u*FM)5-LwGcLLf3fZnsW#?z4Vkq@|!$Pt+((f!942D=v0fS6hE|kHbpALh$
z+WBr~uOsOwc+wW<(IZPp+6y~FX=9#>SNPPTIDG{275z2~YLKVWxb)d{$)NnPM|p9f
zcHHT<EVf5DF^i(muk8ed@}xE-4Tf6cl_Ilr*68O4!C6HbuOV1F`ZD(0KTmyve0{-m
z8<NhA8SBX=nx;=Q)Pu3GV0spkqJ+NK^9=p@{q%e$;IT)l_uD;6<$QMHOzKaNvflq|
z;o-};fP<bBJb(G)9OtF=gz2Wni@c#%y5!2o=$?J#wobZ?nLRZ7=HpC=c695}kx-A7
z35&hm7`ucG<n1(6`8oNeKwo_5%-dJNQNKrc%QoByaPcS*01fA=Y?(|<y+RO%AV-^x
zO^-nC9*nVD8J!1DCNX=^rK}d&0fpapW32v(;R6}b)>P^!Du?*{k-U0Qk6!8zWQR}2
znku{N3CR9C8^p{cM{eY`COVxnh^k`Q1%);sTzG~f&ovJF9R=FINcmwShts|;`Yj?g
zyoDo+QN<e<14`&t_@fsyEByY8nH4_nVvaNHVV3{_*%nt_rDl(_Dgk_96B3{A$E0G@
z17w~>S^n8YwMd*d2z)8xS2@(BIpb_HAM-eh&L+|;MGT{=SI*KNZnS9Bj;hDtD!WGT
z5G?M{R0r~1M?ZMIs9)eQuQHG4L*p6CIGcPq3yGzJIF59_>r|a5&WwFUKU~=Kq)VwB
z*vtA1dmJ)zlJ$|@j)AP88`xG}c}t{6rK@#UC&oU@F>m3wNF10;<iFpM<7{(%m=BpC
zFYb7P<J1p0R$srCV+9<pw{u)*#PFgasNxN{*Nnsm2a$`z{$B?>TadK1FYGy#T8h>q
zam583SF|BuCpWA@ctnu}ReV4iC>yFcdMfp$zU1u|B#r1#jIqU*^++r@BXLb;45S$`
ze|;`};uW^&Fms{m@#Yn2gGpUC7{)OuG@`NSR#Z6@19`z$!+~X_uS@!}*?BW)`3kWZ
zE+!!{1s+|5#LhmnoR@Sz#<-8)F%U`bWmC>Y7NrnAiI)9eHplr2{f-<YKATOJp#*yi
zw;(Z;O-X)2GlhCf6k{^STqKVD6&;_R>~q(JME%-AgQyFQy5)%rJW2rGJJ6!9Gi-8@
z#m$Y-&s0T?#hsBw6XV)E&Nh#8pSq6aTOc!E8HQ=gX@HOtEdySQ#QFVM#ex_6f$&4p
z0&=J0(m;X~{QfMn6ui`sg66f`V27D{0O{BC*A{TIc>%|n7LX3qL{>gRR?9P?mvNl@
zDJ)14S<uWwNE)4%ydGDlk+)_zY)HH;O<Rx6NE}Ss1{V?d52WW}BOfsK1ywdk|N4R~
z8%!2tGpkZRkFLmUi=OJ*Mauzrlvg0eEOc3l)DS4(iHhwKHl$J|y-y}XWdmlpy=o4?
zJ9gQ~dPDk%O14f#S!iW#Q9mU9E`^p%`ArIS3b$lXMm9E!CS8+u^hu-|sjtq--m{&K
zlhN<SakE`W9BrfAESGLydNRL9(uFC>5bu}5alwZPU{g|9{{Dj$uw5rGM%8ENU_CE~
z<9N$P7a)4mvnLTVo0J4G<K9oZ``d|L#LU<@F{2(Z#LS`-iDG8c1@U6$&;?A){PzMT
zX5PKvM~IoB85~DZ1k@;1Ve3W+>T!*2j_bn+>O({eSKg@cmDznL-24L*Ai8|X`H7hG
zGGcCKVPh}rXIeRDJq+#Hbh3757?chckvnrwz(z*5;;ck`@%7VR5a;%z%k@FOpC+X!
zH2k`~D|A`|XL_i{2Z#ID9K%@c--dChyc?8Cv5m0k4OI}X;P2<@vpf~fkIiUf$#RKq
z6Kca)4IDG{KLX9%cF?3q*A|-TcN?eP(MI#&DI<B0)Eux8+WBW6aP+Y0)~8b3&O+j`
zR4S8arvJ3r(lcvneYYtezIo{y(oeZ`l<6zo7_R_!n_(lvAzdJ8NI&zKi)@Sy!Xizx
z(M77yJQY_x)wt=GpY1%!xSKK=vl2G<#;O@_yrt8WZzMF6^8XN@<}JLT7*#xxMk^3{
z<s0}d+$8N?q4OeCxy;IO@;2`ssiM!)h#O%J$_>SQXm%Q3cm!3nonwA?KFi8XJ8*}t
zlDaX*O}~Xa60xjxS3?1B-r_>O&1LcpyrtDur8jp8hf`72hi8%xy5%Ef%1HjRh|q}S
zE#6QuKzH7HpN!?P4!i7k*dlLtbOFN|b_8S6SQ+cED}INqX;nOkF3QpP`C(@pW$G7c
z-&7xHXY5CBK0CSjU3&8oNzMN+x%q>7^D~l~yOW#y_2&E95}QAi+<dOy{GUn9|9w_c
z^V{_16-mvl$-Ph0n@>n;{-@;LZ`YgWB{lytx%o`JdB=&w=H5X`&GYr<AD__ie`zNz
z<mx~iH+R(1&b(amYZoF<hLCH?c4i`#6eRauuJ=6?`sM_pS8j%GBrvz_J&8liO77-*
zy_-u<U>tndA|VMu9d?stQ8}WE8k}4^McJyuMC202CS96fX3gtM8h+JA8v2Kt<>2rv
zCI^pYGC8;-vsdXyc$ms{5zDj9Z-@FKd#P-;A7=hhX9L8&4Siug$3-69MV}sR#@Jg|
znXA__XIbzyS4ktarlIEdJBPIcEYG)MZ1@oWmTC4O5>o<vh)DXqMhe2lR1@RwuCg;2
zYj=8*?!=Pr;3~VizYXe~$d`4Q3gU$=rh<6uvgi-;eQ^@gYkl$wXM@4}p5l7teX6ZX
zlZ(dOdTi#o{mz)%(vDwvZuvBl0(NEob)4eN*hBOq%2<a@E$aki3nJ;yfOgikNR)fv
z>Qy8yJApC8dy%z&jJ-eb5a65`M)H+snWwcb!#u5_S^BhM(O-C4uSYQkgT@_W<=lqF
zXe|u~F}frqy>bMU{8Edscd$1!(^|7PU1+?{Qmc;YV0AEhj!+9Nh{TI*iTcs^X{P1h
zgp9(!!6S4kUSUhB*(^<%3%S*kd@GiGi%jP?M_~U-8Of{N?G)H(H+8L^c^qT)&j%s@
zMQ{;Wr)?ZqHrBQNKIG4<H0@~I@GBcwFJB*}OLp5qX7UhNN$<4x#wlJun#?KQvN29E
z*2XvmXeGVq$--ufx{Q7G4*FH;KBD)1uj=^>gNrRMqKap_F;@4t5a2JeNHpyzQH8{}
zj?mW!e#`WK6$V|#sWXl+jwn821sCC^q}?ILZA2B!j$mi53$5G~?94<f!>-It9#p+A
zeo?Par8?B86bdi(nd4@T(;0`pPxjH#w@hF2&E_>9m%QfVlGl7(@|wezK(y7wZQjT*
zq1&1)1Kl)X_=|q}Ga85yS>H;rqa*@=2D4ore}<W)o6^iM8JwxZWZ#MZ!N8WEfKtdz
zNZy<QmiJ@K6)m=>gKdGt;c$_H#Ea8=MMgE{c%s0am7!_3TYB>(QQi2BW(t=zEfjy9
zEf}kp9H4B`pG8?>izSiR!nC4cWCndrJpMhy$1Ehhe6%-G8_|+XYI8MGJ6|KUG~3CA
z@}i@_ysR6L^x+|l)jxEYu<4vk6E@B5V_?%&M}J{H{M`}LXSdl*pS{-fS@)4&__N1a
z&3N*REgnw-Hijpq84ORZ$mktUma~=nM>AcyYxV;n3{oF%Vp37G#4sj?r;_Nzu1v-B
z<p6uRXCExP`fQh`zE!G;>RXFS-*K^b>i6mD+vjR;n3B_+j49cf3{#G4n6mQ}nDV-+
z(*kou^^5<RrCQtc^|787_E#QB>QAjX@gq8z+x#OM&u*nc`bAWETN}nO8-qLDAE!rs
zW^gAy@(W{J`vFRCYmxZ<33~Y|lD4*EtbTdIJR~V@NK1?%4fv&pRC7Sn+y)=eG`D5C
z=GNx`#_AGcc!XxA2z!xhopFo;RbQ1}vp1a=!WQBC>nulIh2bR!RcEWt(XBs#SAW++
zQF-n`$}Hdc9%Hp*k7<9EJmtTnYK%yp?$~o$RQ!{n+^75mn5;USjGWiEYxVVe`y%K8
z>pFha)Q77-s`;IVf7YBz4<?OY&FJ`9U7o`P-TM*BhDJ29-M~<kKKK)RFhqM`i6lzY
z?(`%Rc8YHF-1$B2=O)(Ap54G$(}{us#*|JkEpZCQ?`%4~+!p;GDB69aiPLx{c^W=_
z8h_lM*jz|%ZkT#A_v?6(^3xQcWru)ZQ(fy);jmqXI;#7$G_$?k5W>>PV>;NZKL8+q
z-<M1<Ri`JIH={pyrZ+St6>IzSfL?hGi7#a&*Pwsvz|Z}vu>VKMo^<s`G@cqsrc#;N
zLu2++D%i1;Q4?WFgbX-m0~*W~_45}MW%&#EJ3cO|^?Qm~{qUkpzpW@2Nw$ncg>y5p
z${#(U*;Qf~Rlzy-S_^+iEvimUY5H4mVIN{HJ(uL>4JRno&u1`YX^EyR-F*^eX~O|6
z-e6%LOE9oDxUdhgLCK$2k<^sVaeBz@@5xm(*wKol!5CwqHkA!bwPTF67~Q~sg<7lj
zpgl&~rD#7RF^qx6)U)@VmH;g6$w=JXrYpz~?ZH^hKdjS5%1`4R6?=XJI@Im{SqxhF
z{%5`Z*^fc<hju5p^1hqRagh!6RB#U^*2P8NFyJwV{nAd%aU7~3hU3ysj5!Wf?zM6p
zU-%y+WTu)OVFBP|I*YtA@}t<(q@zCz4z6#1*6UNgrS$vc9!kIGe$D9j1*XO?U=OU?
zgC-_FZ(|SC?d-wk1M~sU9&FPdyve%yEqm~;_Fxx#Fo->PL3?mLb?HTV8tDT`dvGUv
zu#Y{Mp*@(#KK==NFh+ZDPK4P%?7=nKgEj1pXV`-awFjl_jUanq(;kdqZ`{ouw0y-L
z>}L<IXAi#A9?WD9hO!4AY7ep_CZlqO)nrtTvnC4#cjM0`>~^NfKK}{zCtdYb{5JMY
zP@8q5D(%G>F#L6k8N<h|vzalxe7|Y*>&#x{e_E19e`1&6pS^511;jgFn*6isKFuFU
z)$Gd%GkfC8)AGbil67r$!0Gkxs&A5C^MAwqzu(d!jQ9p)6@97IH9e=1KE9tm7EgSk
z>5RLLxs|hr+rKc)?Mt)6eUuqgzv~5555+JR!$@q6Vys@;k*JwTocXYYp_Dzc(-_6a
zyXYuxG>_s+y+UipE-iw#MZX%mQ+ql}liu$%V+_I%iFZcn<*P_qMTRw2qkr}x^>g;l
z?U-FW!^D}oea~sNthv!-o#J-(1-z4fp;G(8rBQ95<vrTqOXKpj>$z5W;gC&g2uu;K
zwIOLH&0*9?6oS`NS+FzBL$r$AlqHC>^DHDwpJ_3NGxDLK8}8+}$denXtXNMAv<aJR
zlU<WGuJAa+Mv6Q>G;}#>dpET8Z)c|@dATJbf~fItRwVLymr&%eg~~1RDtad1O7it_
z3#EoYe?=k_DU`^<F78WSRqNo@M|nkp!??pFsIN`)X6Q+JJ&<VoB^sIlLvl9Map^2&
z{$$rA^??SAS7@E+(|-x3&kpp`Xf1lCoaOs41LB=~I4<&NE#)BXF`AobR2>COeGFrD
zZ;a_raqlf8@7+k>lLlgp)%Rn1T;!^!Ihwzdqxm~Ij*E=n-lgT^B)8Qwlk)#Q9K%=!
zSh98PZ9&zcv4jF{iTHseqCF}j7fRtke|lnt9$2BEpScA<e@|TW)9usfk}j=*hralA
z@lWn;O=!3$fk+)K6~fkJ*ER+RHZL0FW{PKEaBQm7<9K?5*Ck&8yx!N~^^gv)g!%d}
zR#w~L+^oN!0>>tt4N@4btaY}LDSb=ldluj)5|=RKy?Zl+TAX3vz3%^T*3+r6P#Ch>
zkKE01kvqfC)4vmdGyil5+t&n~@P8q5&&gKzhokaI@$B#y@pyJ?5}x%*iXV-K=M+8m
zdg!P-DYWj{08_s{Vd{6C4lnwfroQ<<3@;*0z)J$ij2Uj@MS6O6=`?db+~j$tC(QGK
z#CbNoq{q*|L43suff&m;j+^HbqG|qFLNp!1zYqXeSv{XdGv)CLoFwN{DhueJsq_yV
zbsJ9lL{DiU_B5^{a4xSb-%8o&kWYD`WBTH~!h-2p{$U%Zt#F35d^)s0a}PA1d%~-)
z2n(j$0)Ogt7){}gy~u+sBz=Dxd7zA2NO6pCh_e&r!P|FoTtxVgva?U(s5VI+NTltA
z50m79e`BIN$TG=;1|kn2?n?TM496rB(DEAA#UEmn5&w%bXhD+=<5-e1mzKNzCB66p
z87xIZibIph#9Wiq8~+9MK!1*WSa}D>MehB84(kAu55KOVfO?O}hX$SR%PkQ*eIkAs
z!<fom(Sgk&X|&f;((6Fh>*F+`y_vAwWTFO1(QLdRGSJ}o@g2XN<02ogr{j5^jAz8D
z<<NgV1-i*&Uu;^nqW5-xfp&ob8rNtt^4l|toAra_)vBJ;$g98-KouHq3iVYevzbV)
zi&>~oo+TL}_Hn%;1UdymxIV^sMI6hgbZLs2M`B+i8y*nODi$|SsV6*tN(yACfKk&)
zBFT+^Ilf*8uYm7nFXVUXo&Rm4isV9rRMf*UTF=%jzd}R5p2~5NSKgz5#L37uB@x-|
zq_6jkd_=v*`B(fm4nLe>^)E(!3W)q)7t`~2_cH!cc;6q^#y-!G?-N|(y>blV>mc)u
zaHxQ1QB=b!;dH$CmK_R%csM>Zf4WzBAq+7Qm%n#A$9d(CNK=$e8kE^lHgAV2yC}OH
zD(&W@?1}lu(5$<PQTEj0V`$d><tTf4Ij@YH%FE?b`NG{uyx0ywb1Xmi?}S(e5-%pU
zO)L|M$KfIciJw?F&RbWZB`5UORTLPPym47>TuwADry7^jjmz0uro&h|68}nY3-ad(
zu?&Bj5X%gV;FUQxUTX9AcQ*Ls_Q-W_0kH&lWsaTPzR07DU+9q<0-0`QbdE==57<dF
z{_j+PL!6QD5rqAFl{X03Q01QocVm}Q0oWKi^YYu`0-K6CA(j^SgnX98)V4=HeiH<E
zHBeGPQr<W@$`9Gj4<~4XmRDFgZXJzP`^H&M>xpH}>+ik8Epa|e1UIe_REt!P#DByf
zVc&GV@GJjh#oDx8k7ui~G<}N(Lt%eNjW-%<<Uv&00<h0u9(>3%otIm@as~MndFs<H
z%n-w?07meIT}b*Zd}UKXVwfKqtc_cUPDji0wYW+s&p$10UIies-mq}oIw(Q+D=nV~
zTbTiLW&ZCCN^xHS#nIKt@hFQIdL)db36Lk`;XDqBKAPPwmsjTG_(B8Iy>j(*nx&5*
zgRk&QBsN2sKzh;TNSxT0<BG08;_ejiAj=oVo%^WkZ{C*a>`Q;acD^Xu&CmXkZGP5~
zZGNVbmNjxMbp{7gQT6y#I3<760CTgW*}XN}i^P5dK#Cf}65@u{V?W7zXAUsW<$<`D
z-hvUzHFU(}rR!6jJH&dla-*7&!f}R(A;6zVfiJyGB;q(4Px!wgRrQ|k|84)HY5zuO
zetU#Jj<MQB@9T82CW^88y`KNT+`fuD`Xr(K+ea~0t9xz#G<oz~Li;C=V60a3+I~KH
zbYDXIF()uq$M@R4fIJ$O(EbcKx6^C;=wXc2KD52Ch)YG{_kAH!c;L;DT$@G;m)e|R
z^`0)K|9BM$bN3Fbp!&kE`%<~?an^$h<&~d$N&f;X0+b5%LTWKqU(nBg>f@X9KAC@4
zZ{wRt9^Kc)>d97UxdDVloCS#^pc+Bin41!Z`cWsXSD$tyX%=fbF-FznE%K+q&MT1E
z*as*o*qMtepUC7megk)jo;B+$Bs|`i<JQ9z+zvY^v2q<RA9Xg@xgD2LrMBMV+(DxO
z>fDZjoR+`5&h5zK=-(Xn_dNEuFQq2GBbO&kh-i96mxcHmw9@Ucxly&>VGDL#iz?S!
zIgTe^FXuR}oJVUuc`(x>wjuFvR?Vsl@r}WbTj%B!W%&md)zZxRA%1wUV+g7&qQPx)
zH><*)>sHoO5xG0b(bpsGL+;)3Bu8KJ*3MKKP<3M(#}(xwakZ7>iZYQjK8;LphsRk@
zC&=QI0X&vkZ(#!x-?T!)S}}~Oo=+i{qb$LWTvRbD1=4;Y>4kKT3ofuq>uFS27Gdhu
zqb!WY5CBM+<`W3<Qn14s;&;2yQ=5Vv*UcN`{b*hmM{sGS_p`%3`G~N`;>!G&N8IN|
zo;o-3;G*l0_#qkmHAws?`FlB%RATGwK+*>mmdBx}pWjxLg`@!(V=}vUEC7Q%zVJ($
zYdkc{;-bR?kmQlcEKh|-1HFYGBlm8PRPRP^pTq7EchIKtB*#Fv>~q*@Je>|A0`MI%
zV^a@_i&Bl9KqM|<zhE~|JUfl!0E~n^8IArN*XW%z^RtX}^RuBD=4ab&94Bv-YlQEj
z!LC*$K9^1xL7Yxr+9-V2>XN?=b~PfgHlgJLXt@`O1${Zr6^u0^acx4AsaligZCVpG
zEv|`lX$%%ORlR`d*F~2FhEOam`W2FH?7`S2?6V+|Cs*|3%?27o6T`UZn!wlernCcz
z-WbL%dAm#AtzN6^%dl9A+i@O28h4#cu0kU$-ojeN?Z}~bav=PEFC>YW<haZuf9;WX
zdYn7dkv)2xgHQ20a+QUS^NdJ0uUxT^ss^G3zA><m+mX}9?Z|V<Z_KxFTxOmB0&g8O
z;wTB_NIU#}Ty+&y?3P<0-;;Lu2f2)P-nxpQ_KMqK@8fp#^$+sKJr~)f)a>tLdg777
z(7o{+Bk|c27`u!v>7KWde|f!$cYT5cUkc-0P?&hy3LPb-CwgF=tig_4|E^$1rhj{|
zBg_9;u%n;<KfwjoS|kQCfNJ*!vVsdzf;8m?ePb_@i1BFP_X&c68{dNi8XAK62k9uf
zvIbSx^P#>W$gfwF6-3g89*pIU@1>pY4J&=)RZ5#uRS(AM$40yswNF_f*4;*3jNk&x
zi>UGv3+1&IVA4Av8K1iaiGR^D^NG8xG+xo;+$V-zXyqo4vtBJS;@FCskx0N<bQp;r
zbYfi8f~47*8jo9##2r>b5gU;70tl6xt)bB)f*lrAxvUdo^}kvk8OU2GUT@K^rht=Z
zhwi5(7<)x0LHOM+dAmBKQ}>JS0QnGOag_$hk8@_KKSX%PMm{tumC_-PJRhsY20ZBA
z$LLNy&jje-!#WMW!z4$pqG+N)s%Mfx-Aws1z_a504vaN;s>3nHE8a_iWH)`Yf*qMi
zBsfJlKSWEYzAlW3WO;&+_Fg1C9n<nRE{oCpjs7f}yK!+0W1V}dn@#a_uv4x+Nxz%N
zIJH%sroo41f&3-~u3km%7W#odX&=ahWw*W>SivAEy&p6BQrBz#oM6Y^z^{S}tiiw~
zg!6AmB^{=$WdiG_C>2=KR#4pUfZl^h`aN8wXxMpa2gd4U=K2{x66%hap>SM|q~+}x
z2Nzo}M<S7sM4A5-qA%p*a6gEoC2+<1eQz(3m(qPiEq$n6v-?M-s8c&IHZ4FF60^I>
z0`x<ots7(YK!*ve6a&0bb52EXUB!Gos25m@iJ7VSM_`&8kW|}_v6?~|dy49bV*Eb+
z?7%_6&P;zM#PaqW1z(){X&dDXy;43?0i-zuQr31RDkgQXi$&VS>JBXes;w1*Sdc_O
z8C<L>5z?e%7_0ZT>HfIoP-ZZ+dMkCOP^)#rTSVt<-@sxSQ$cYhE!1;cFs6&Mfyf!9
zbiNc0<R~5+v21eFpi~UNh6*X=BSJ=@2{EBFV=m#zK~`7Ur94GeT53R5H(8B_eXlG0
z7%gjtEIt*FQC=P(?>)xe<2UFL)^!!+FDBM@T}6(*9v|gGE+dP7gjXqLo4VtRQN`ma
z+NSP!ehb&a9<rb7<9}{o_PeVNJP-iT{8m6lD_JygG=vCcB5{NkG*lR4VMO^cz{Xl6
zS}ElBB1t#`co{^}Lq}k>gNswwA~B6N-HW7W^#&{8DwUCj7(PzEdc9SB`3T0|&{I!C
zuxvFL5uuO3YqjD7x=hopx_zOpJ%%w2F5c7$q*jZhtJ}4ud#y)9Ns37+K%RHD!=`xE
zWP)R3sa+FXY`p?Wk9TWYhy1D9_c+EYh<&l{uhg0F=wXbNMK&U2Z-)d2)sTX%4c0A>
zg$$DyR)0hXdedPL#cQ<^+e!sws4T3A&?z5=t?E`@nGW^2yz*1zc_i{d7kIiGKj^~R
zJHz0ez&2Gm4Aa!Gd?B$dzc~iqA$W!{UZTF*0~3@tcVVm^Ycb3J_W>?<fN*wwl&YU3
z^be6Yx;|pkmWbN3i7E&h+sciodIujm?~k-h__rg1MOSK!Z|X6^Pr^t{jS_K9CAHdk
z!X#%?g8unLD^RaEu8*=D0#14W6>5=mNejj>uwc<32}x%WQ?wx=S6w?F8aib($3<>_
znXX3nA?VJ?6WJa?uTsau{20dS&O-!H8h%L+VT{$kAB9iuMbdy4z`h`oY~<r<^y6A%
zD;dERM<G8Flu%Ju9E#&<{gCMFVg!*#pj-q?oz8X{WVgc>dHka;thgOEb?hOG$?$><
ze@8$pVJQ#hIn2B1Rp9S@Oylp@!j&dpq->%qyl_Mt{P~Bq!Jl!M4W5u%(V(?R8bFNo
zRiJBJpQ27UjImtntY@yKl{LKlad6=>OOOu@TxEs6w>4wj6xO{_D{E1819=M5zAtv#
z_qR4<44LqQi&G>d9VgH@6Ev05`RYDqNrMbi-)|*&IUnRG5<g%<6KFE~D8}m6sE#*4
zzr=tzrIskpCg}gbF+=Mp>W4%(>C1Zr=$d6dw(|<GdR}=O7=N7`3a4{?VY`2!0!etK
zhQMt;MWD{g_Bolp!Y$|#DC(j-38G_2jF;C_vEg&rc;(@#-XX2NA+<gkUh>IX@R*5o
z1K;hi@fO;Z6b@w72|+DMv9QTby`OCVL;E8AhPQB=f2RVirLaHLv~2~iJW2ik{VGOt
zTwMx?26?oNm&e%aN^&qwU2MNa+u!%ewfvByk-OG+VZCcQWo119fO<vz1~g4;yJRAV
z#LqK0PFWp<4|MVJ38?`||AsssuMrN0gsH^rS-*{CCVB)sr|YZeCt#C75niIuLyx=z
zFK$8NxoI5752HO)Je3MlrQ>0su0`TLBVU-JY-0)A<Sjyn1&Oa&IWFXi2~i8G984se
z5VIgLlnN*>bXZ+zWew!aN7eNsP<5(x1W|Ts_Sh^n@_*&6OAm0}9Jds6I|;jbIGy9(
zBOqLgx$WeJ$HH-;+3iBiGB*<n?-J9Sw|vZ7l<lBD^D-OllXU;&L5mPwf-1j&#4B%;
zdsWti83_W2QZh5?a*VO^c97)+Y%u`|avegaTa0(6tuV4MGQC@fTG8_KR9d;>3Yt4m
zyxz)j6l-}!F@Jl=R;j`N2~VK4{L>VUs}r_qV!b>@_hac^PGKc%KS+ZU@`aN%6G~zj
z^FvyBxz;Ohik$sk7v>eAisslR3k{VcU>fR$dfvQP%Dfvj)J4+q6l#y?OaGjePT@Yb
zsi;_zQDGaBy1{-k>S~NY)xIpUrhcoHEb0;YKTE%dC5^$7O2<<<uBI_-=^mWIaTjyl
zh|8=AEhTdX77}`ED#mzeY|2+0hbrGnIo;~Yb;6$OYFg5Tn&5DpLEbq?WMWG(TkYbi
zYm!&6%BDtHeNR+vmFtM?{Y#J8{=GQPb@Q&(<eriGrUF){pvt-wLI6RQ%cTbPE(A*c
z!%KLB{2#XQa*5p;W(?pK)A=4}y)ztoi|7GM2@p9{aRrn-V_anTjD&8+*yWNOsK=~U
z^bmO`hlK;zvB|n>B7KFr;BbsNZtl36$N-nnc%2ZjyM%C%pnW17+*Q4xcX3rguMpeP
z4e{ARB-dSKZK~7r3={HhCt@e+0#b$l35|n6A8tC2wX11N7rwua7wRmQR$t+Nk$8;o
zkm{?hamlSNp)u?VMuYxu_)wZy%5i+kdNO@&-X%6?n3o^6%X4zn$F+LL4A8{-BmXTS
z*jO>Mn`mgm|6U5O5s2%cW3X4tss5<R5F}>xn3ip5QK|9WIlU|!FRusIDX#}|YUso`
zG`mrV-HIv#T^J9CWEfC$Om&j=nYOeL#{xrmp~lJ!@DVGeary~h2I^gg|6`g^7-RXn
zA^fqa3*%`^3tQGBsgWo!4-xb2%Pt~CYEoE_DF)ZjdOV|3&kG&1qKXMUbbW|I1pgBn
z5qRiU7&HIIbJCfs=jwj^<cXx1KKpzJ#-X>kT!PI#g9#hCme{T58h$#V!x|VZM3>Ah
z4ZX$X0oG@5+}u9HF}8E4BDd3w{Hxp?Czs@ymyu9_`dFu_zmz}*Q2x9(gpO2ljX7@K
zpAAC%#(h#kR7-S!34u<krpE}48R~E|S`2sf(uq7eN43U{_irV=k9TK>xv%z;xW0t2
zRUVx~yHx+t0R`&*;^w&bpI`~{O5m;E{+i<=%iiq5=Hns7+!!d?eJ#|Iy1`Bq0m6z9
zkvAjf6TZD4`1S;zSLPM)@`Q3;p2zcrN0GSM!a{9baAEZ+BWJtN%32p%RpUX`4MadU
z<@3T8i?e~3=kO&}1MR#rX7-4x)GS^pnawM6cwea4>XS=m^TXzpBk?^@x6{S&L-pFm
zr2n_ZrliGU-bB3^B=Q{I8Fn@_t(j)j9~o~E8VCDAw^|9y*n6F28>>ff3lB?+DrAo1
zE+^<N*UB|D2M5%s{~vq*10Gdz^$*~my_-LqY`EE*WRnE~TreR)LkNF_2oVz!k^l)t
z2p9!Pmd#DFve{jBHz6o$Dwfg~+qAWo_bqQrm0E1E@@=W56_r{`X-nVIw`j4YEv=}i
z*izeCba(Iko|!v$v%A^NV&6Z%-}8Ii=aF+~<}+u`oH=vmoVgdw-uY(vsCYTqAAi32
zldHTxc+<4=&5~ui+a*D3Xvh|#1W$_y{?R7(L5jbF24kPR+txhm9kSN)(c^(d&7Z8V
zZvJ?ETl2^3o0~sb-_cCFe7wGohlK3^Lvn_Fc+x!Uo#s#8XCuG-=<$IK%@3w$vPI5_
z_^(L(_~0hv&hxp?8TD^YBLAL!PT>#EXEg78-mvqJHyKVg-|)Wgtv50VAuSJXO51rp
z^EsAxoQjr+OTkI=gA=~I4EX*`&1~*j#>{3-IdJjTCxX<fhG}!D*1Sn;E}+fTT8w>F
zR2)t8Cxg2L3+}F8aCdiicXtRrgoNNS1ed`fxVt7n27<d2TnBfVWncDT&z?R1hia|U
zeXFk2ue)yD+my$j;W#efG@daEjKc?`eyE2X{h1(EmH6|$4=0@JP5dSF;rZhJ-}&#&
z?|rZ_3y1Pqio??%p~{y12l}0MZNp-#N7y5K5ohLdoHe-ydV63!ma((YSl7){Um=9m
zJ>d5pyDk&|&R0O!YT-ye<ud0pf_OO{^)m{;h^c=cSYO*+y>G4Nb7<^uO3h9-+paDX
zXq!id09&KR(LE;XdgCm|>Rx_CKTsnDg%G@X<TX3twu%r+8NeVcqQXY}u!B_U*8n=c
zHvWgrEMBL9#w@-(?GSL!>fQE1lN?ZLlFxzilpEHuIV-lMZTo$lBY2IIF@DVE+`bV}
zv~jp*>N_ei*X!hg7jsxRL;Zx?=BaiCW3IbHzf*wFxwdWHY{TH5@BOG4CD`=1+*|OJ
zQ(vc3{_Z{y*>v3-9I8o@CzlJKvHUuEMe}_dOHd4ozI=u@QtHA?1ztZgAR3F^V01Y?
zqq;z;*t+|eFzh*fL*sGc(+F|iUh1&6o7@*6RDd(=sV$YeV|fD@NN((7-UK4UH*Q}C
zhWJ{ov~K>j%)9l^P}wm!<^nU^2f=&8fNWbgodkhXP*Tko*W>r`bXBz1eHnT}acHmx
z=&1HJBRL;V{~3~=NRkKNLLN{@<@Ivr9@t-l8Q4;)GP-OPkbz|TeORpG0lv}Xs0AfA
z(v-PVIqbkp*#T~fO|<bnzN4L55L0V9Ks+pq(UHUem(Q~E<6Fdd*!RgJtf~2fotY;}
zCc<w4R{Ot+T1`l@)fDU*OK(`kUEA)v-V@=1Z{7UC7MFVdK`dv!Y%&q*cAC?&j`Q(N
z@ls>E;$0T4T_LeOIV(T6)AL@<leh|e4MtslEO(+ko&DvdZ445M8a+C?7dBJwUzX_X
zQO;_(aMRQ`7RpfCJkx4^d%Xh|YusVA?+E|*N}u_?Si{S8+9A1FY-_ow9ltd|n?x+E
zv}tw6GLB4Q;wsF6S~4OpjA09B2|>9$(#Xrf;X|&*5v8YW;fJIgpqcfWq5pKdewT+z
z>F*uV!vF(+|2tMdZ1hraf3Mu-SZUgPSjSDR`|`=9$dUE38J@|zc%Nj9IoZ_tXnIXb
z&pfiN$S|!INYV;@K*#9c^I9^yDp)_TeXFXTvtWGwK{;67PNCe^ZFF?`K(GwG7YSZ}
zBBeJv9|`IZTOXa@dKp~+2&?*jzr1+$uUkBVszJb6rVjnHKSi2!|F@iVY1rhT4y*F=
zNp$`SEALt)6e}!w7O`&uHqKMF&GfEUm0WO#`uB<9UZhPLv+EqMiQ;P7w)I%VT<4(O
z%q}0Ti_Zyd*_VT6l*Yeg1u-@G(KqEF=Fl)$0E6bjx`MmHFcC$sfU7P6t|?=56J0m8
z(2>Ve{U7cf;1%P7NvOTams{H$>KUP!*Jnbo|8^p)IF0%&yBQ?fLM^(fiz1ZL9XBtJ
z9reP`UpiRQ!69k3)Yt#lj?bO&`r&Cw(Q>d;+9I?#-bt^Zt_lBLe6l6ZZrJ?6#dWDr
zfzHWS&(FeVz2@H?`Y8$~&6B|L6w`Vpt%Hm0%l>wu@0P*_Lrlf7aM<qLt_7R*Q?YwE
za9(rO5+~B%Vz*<soH^1TyddY*apRCNTjLnDuhY%hB?I8$2&y=~TdKJcTvrx2oF19r
z^-rAE2RFV?W9oEfsUJ8B`xX3n;)ZR{K#itvH_l|x^fbhb8hg@Q!<`Ql8}-4VIj#Rd
zd`}eq0atF>_22ydUB)={A82Z>m>I1kj3cNU^eZjuud=>W%Q}>A%q*h?362$;7Rrsh
z#}!3}--wWO0I#o~X@^9ME8r{c=>70A{<+;ebhyJ$l2cOiV?0xST?#Rz0fiIk`hr@?
zk10U=@^8hf+{EaEJdrqqvtMWNeA-1xnezGR*H5+qh^DLf+4;ZsVocn726xm1Jtlax
zlA>j#E&ETj>qWP(SPwXF4C*EI;}DZag0HBx<BoXG%{z(ifT!B0Z*ZZ9_YVk4*15aZ
zg{w#9D3n9U2tTEn)l#A*wzq%4x5^e&p>kXd>__BN4x-e3FI6W+Xq!FJgNJ;Y!fl|D
zok*qbQ2es{2@QlK9qmdWy_-uT%Sj?lZ;P7JTNgEQ`CbNwrAu~PXd3S?agUyZqJM<b
z$+{**jZ7oZXooS&a#CXAop{KU>_Bjx0zb(*gE3Q(G@=ym1Y~5xL}XViuu`H7WNZhj
zXs+%tXx{&^%KE?1$tJ!R|86o`AsA*#E*p*ak#ck{4Nc=t4=yB7LiVnQik5HySBMBR
zC0#Q*7vozr8#yf*9%BYBqX?!Ii0-QrGdb<^9Inwt67HjeTju9@t1CGg)kKotyY>I6
zs+0cSjUcqro+W2=#7+(8{{{i){Mwx_;}%*ZV0<IAYAg^^b$7u|4bJ(!JH5{>v`o&}
zlJo0NGmGjI6g9O_&8jh2CzJgUGZi$!9q6c&*<H_~%ISulDzQ$&$hAqrI1I&1ty?2u
z#Ay2p2{5y|QZvX586sqitmXdi{yXFn!ODA2GSfGdK~=c-10xE~S4c$NcSzQI3FxI{
zblOBs#jwChjc0l%Nyh3bL&nN`9pCEHQ4Dt$s1~Gh{$0t7Th;iBRU_R;MwBmB-mD)P
zGrm}X@X=F2nwiag#Eg7}+(NkMshZ5Hu`=(q2pA8ft!Ob=8&Fw0KA@+*CpYp%Wp#q+
z#!Q!h^qg3Y(#t?(GrHPoWuQjhG*va77(O)yBPUigGQBH<V&#3?N?V&UWyVb1#*vZ_
zT}ljK-k-Z7jA<_eC7^2dH1@yRF?1>nWZt@s{0a;{-nyWyVi1B5>*E1p+Kb&6<uHCJ
zh9q@OrJ9Nl#c~Yi2bH_7waV^I6(vJOAOri#-Iy%aNAsV`Q4W>6BdTfatU57<WuP|u
zN?Y?R<y<>fCEN9|!Fe5sdb;~K*H}oChyKkUoue{<hN=9-mE)_pRqk^R<s|SOBT!y+
z=3)m+rnG3<$E@w#JR&p>|ND5+FePpTQ}ndYXi4BaSteF{K?r5<)jfTMJgo-4ump#Y
zv+&%L<5S09oBS)&>JZy1Sw<CUd_i~(>*#i_@KvO=#kmeX#i-rvu9vPQ&2Ag%9SQ4+
z6gNMwI6kU1=T+&|;#|yC|5p82fX;DQoBY$F(h}M%y^rm*P~CpHdc#Jhfs+>AkC*(M
z_BI|n$@Ppv9@@Ch)x@yNVnBbaA5}4w2UzsyR~yvuYab^$Om#U!0BDr&Z;Y*mB8*lW
z25&JTVHDo{$j=wd&WFD<Up~<Z%9WW85Gke+cUx5N{d1OsQgNi2Q{N>PAwI~Y;4rIo
zQfl^9@U_t$5VKnxCCo~8GI`2&xpW%Lkult0$DwhvfPC63*_D2A4d!>9fjasIwkFJ)
z?QB*uM8&MMbl|iHF0rnfsdrH|ybK>r+~k;cetxb0NITSP*Xd^e<H^BspDDxt#GWO?
ze|X%Zqe~?0!SV3}pG|+y;Mwwix{)U%N^9_rf9po=V|K$C+Ly*maHR73k#7KUi2wJ-
ztUb%=zRVUQ@sEBo{jeyqw$`ts2_70#n{|SsQ0Q(Vo7EM`ZJhZk;_1J;kth8`$ndR2
z+jamm6siv1zHdiP`|r#pD@ldFEAvkFH=XkterugpxA<V4rbUZrN=WD12T}#sVClD8
zUab=MiPX&S#uo{F*k2dcn2+sZjsEKc^C!MID`pe!?n$L@{~ajgb}q`_WekP-ayiag
zJ%@LQY^`okDrppXtIlDz=kc=an*=z`2@SvSjTeUkLi6NXKC<}KOox8t!z9fWAH?&-
zX6-gDw;1wdkcCRTGbcR0_rvDzWi!snR&`Ex6Jmb>LL&n4$r0LNTX2fs6wcp@M;0j5
zQN(1NOL1YQo^G`4b1W{)v-}z7hK6I9)ttLwhyC@PWHV^7QKUsHb#Annv0c6)Kq1Gs
z8_5Z6*s(+J=>DNqA&pODsytHIA3GtDIL*=}>?@~_L--%D_@^^R5lY((DqpSU#yj}0
z>#5oT?aSp$fiTKW)3<(q;sC{yBO#&|1S2758OQ6S=s4jZY`K5$XWy|AgX|~G1Wg?3
z-a+=Ie+lM)WHY-IJrJLzb;`C`tAp8LH@_N=>F1`<E&=;K`LpW@t<d;<;)$^FeEG9>
z0pz+>6Wj2PuHt63F>H;1xuaj_=5)}a^$oI}K7E!|o6!_<{Uow>jwe15<baPUvZ*3|
zhgm1Uww%f+iqx?9p?W+q|6jwZA6As$$6X3j%?cV^a@^1CHO5Ar)B>F5U);Gh_LIf}
zTIx|(LneS<+$NxsV4|aXzv?J^LG$4LX_Rcm=jn6b;E=<%O-Km+coARt@-k#&`_eae
zluYx**LUBbV&pUyJ1_6mpUIDj{jv7QtMf<c%1dV+c5FE^oWCgYX;1S;jqAzjpRcaA
zHt;Ja+4Te>+z594YA-gM#<eces6Q)n4FbhZ%^gZ*490yECd`#fqfPtj9jSa@v?OgW
zZ}qY!sO-7yNMn5$+<S|%>BJE3HYVKH4<^hj{i5sU;q7XV6mw1Ftm0a7_$)jIyDKXL
z<6Z$4MaFh6Usl4p0_MWcsWc%9Z{J{158=;3ZoL)^=i#ypboW&yFJWn>FVXsCzTGd;
zu|$D13r_bzEeT~kA1_z(dI`?&@$ZtlqrH%Sym?)&rwo8vPyT{hc{DOJCB*DPC^e|>
zC?#6Op3XEvg4?#W;g!7~6*k9*n_al#hy2ycB+NE-1B^Et;_J%#{Fy_kv8%&vd&Jw}
z8eVlU3jVba+s1fS=P~FRFe#n}y~JH9JcWBAIbT~rVHQTcnQsO>!oOX(aPe0%?89GP
zYb?-Yhd-jND#-l#bGBlY+ASe53~C)l!nRr2!M^(MZ0(!Pi~k+ETerU$ae|XZ!9eC6
zVqE{qBgP`)c9PR#BA4abUGxoPMS<t&@J<#Pcb$?WEb#C2{-Uc|zK~90mBHG2(=LU`
z?w<!T57n=W+ZN+UBPx5WqxzfLO&N`!OSDhI^T-G0*94LAFFvQ#ZzA_Bo^}N2Hr6$`
zcWada6c1MR+Nw=@JHrAGj&sP;o7z7W+?0bNtU&RTW=^a`!t7|o^jRq9{Pv_Zer|4T
z`T}zH09UQn_bSq$#Jcs!(yf9B(8bhyqMFP4JGl(-&?!0v5%yha)}0loOT>GSDT9NP
zY&B`<`})M!izDG&V^>5Dg;N*yrg2`6w8t!Pfd?psdC|{BKYs7PZ#mCB4;<E!VJTi5
z=}K`iRrV22o}|-GOqXi4zZQL1kz3d(^z&I1hxVj<rp*E2p-xeAd$X#B2`fb>)khvx
z7QW_+0c$8vS|L#5$iQ^fE@OC|?2%|pY^pD-Trp-|m?+cnwpd{=VA#9A*U0~7In-Z4
z@)EN8L;x-dpV`ND1ZO?=_z!22?LN#iyVbeG?o-hnbn>y;4xZNsr@1fhpfX2{JowUo
zA6Dpsa1N@AwRhL{c=_K7wgV@jzJmz(lT1?%I3tnjNn@0nFVm^9`y#?R<z1^s^(dm^
zM$5vM0T4ivY3U|0<6PJ8*-7)l&mk)u7l$+w^00<|;e|iN=EI&e*3b?*!NK+MO{;oU
zfdzd&h9p+%thLZl&9-gNyH&GJh-1i&Nw?pNx0`ONu!ESa(%(hs)!niH8=yS0@{ib5
z-9v7oqZcTsy4{T5f5SZ~_>MWai!I9KQ($Lak9w=HU7B43#SnDN5JCN~hY6Ucp#Bx;
zb!JUK>_NKbaa>-vjs1`tYti~lFcf7*>};Xb<dH!^86Zi5PVG(UuGMOR6hts7F{`{x
zr%okCN#*12ZpTcGQpD-n>=(0Y^`ckqpW84t{hz^t&szmZ<Ml24pfBgGWcnWlRd?O%
z7v*%bhs{)u>2PH64K9o6!x1){|12mK%4)P8gx^GW2-7|mA9KAZF-SbkK6r}~Ex!F{
zUgmQ9fRuJ~c~vIylb(^%e`y`Ep)w3cc-NmqiS={Y9*PCr|2%k7&ziEM7j0YHcu6M4
zb4gnK@@zno6-DuZaU!GEljqYu>Z^U&Nn>(MTV6?A7R#rNg5lzC?e{-QGwb&69Iltu
z!TDRpY%wFJK@7b=hxeA#+rQ}z_1RK{vgBpz?8Y)Tpgv*gY<En5=BF{}$;k*O8oBZL
z%s|s+@WI+hZsZ@M^ql~{cV|lStJ>F7cY0ZKImI(p>1+eMnFZ<Swr|PT312Z=a2xx+
zC0EKzW6ub$EGUmCve5*apb7PUNq%@yd$vsemf$@X?DppOedZj?)!{rfwMDINK-=_t
zNe=zc(~f}R%Xc^%`2_cp0l>3hg#67V_~W0O>gsAlGISrd18es^QO!c`;5%2-xU9?w
ziX|ZWT11x@jyvgVh^^am_MTr&(_-sljT2RkTYE>C*~!)XSyM)xd-P)%b(Zpwb1GCl
z8@`?=Ujci%yc_(wmxmZq*Jv{r40B9ya?qD`uvw`~e>T+PCY&}K*DL!uR3o^&Na{=8
zHq3N#Zee@(lS`!h)qL>Zsh6|YUB&jviShA*?nqEs&1GG3;AkbWn0QC6o!t7$f19uE
z@1U&pXV75-1)WX+7mc2|bnh<XE(tM>PAl$JzrM7(E1m7L<Tk9a4R59`Az3E!YlsyY
zO&<mQZj{^CHJ;4w$<MGF%JR)-DQR{T)Q&4=ngc2Z+w<bDpQ#v1cC@6O-*+!s((Fke
zy!Y^=CnTgtAPT5LFQ_!ZR5Z2^c+yXY;TDV~cW^WVTzJ;cpJ)t<94}O2PFiqsoA3En
zR7#Xl-mY$ZQZm+KJ`weBSfzt_d-uirOA!ectf0RtS}T|{1D65d$=NY+_-ht_S@GZ2
z;meTUb^Y59UI2Nqn?r)No(S=?^BbrBrQo*)?*weBSK}{Gd@z%}&7Z+s$oX({z~{Ud
zLb6~VS-x?~n>qn&C_=C)!kc(M_i}rQ5P~I))x;y&*8#4)TMCqpWZJ~1$l3_haKi%K
zu~QEd)6*FN$EfHdT(^SXs7WBmy`mrK`Goq{15hB8XpX`}^n5xIEyG`Sw`dC<vZ$9+
z0lK32^v^uNY=<wqipWz}s>!*3;rPYz=?^}^E%Hct3n8@Ms3z~)!jplqKv$|;OHEQU
z$!NL3{EEV#0E<3Sjdb`Gk5b9xe-UHDKhisVicpcj1hHjFjwO958AUu5!lTE@0;))0
zgLIlhJ}Ii(0W#E)m5ll8516F1Q?Ybkcoiq?5X!@d==bcm)+WD{3}NO96VlV!_upPq
z3(1^><I#8d0Ape3ARnRrLJK5_o$)(u4EVqVE@Y*9M9X0nsm7f2a0>czCb+^TDQmol
z*iFP314QXQ3=j{k=i$ASH3Z4o91B!vTCm+hE%XC}JcvVaVi%sH4h4-Jcw(L0YzP$d
zK!liM)L)KM2M)lWer8h~Ww6{VrB1m9%7mkRATB*egg`_K_B^D#S#a8K+NfC|D4acH
z^uHhb^TUxL5g`TJ%E`H7D8?HYAQ1f4+OyP^B*2sXBfSDTFtm`mLlf>46-6n6aH#@W
zDUxtW;ma-!n`aCn1dmNK5?9Cu>5f|V%^hiiMiw1CB9w$?Mi15XFGkAFH%U3GXv0|G
zwi3+;W_a(i?<1GAmODkbkOn~QKJKz3!reM0?RUpzd|Dc^sVkUti5+eI!FQTQ4_Z%0
z?@ZHd)YEoO)w}mlZ`r?gujnmpbTUiSkSA)eQ(GbZ@(P)!Ihb><7^%(HTQjZPEL_O3
z0pB1;)&={%nYwC)PnfAGERti^X{Pz`yVcrC&$<Qeatxt55fmJ(%Myfwi$x%w=3YI9
z!k>~VRm!gKF<@(0e`X?|I_fE%@mg9`DX)|R%8m7A1hCrYDnS&pz}$IOlK0S$@2SUA
zXMx)}dfL<o!S4D>ahR^II*@wIT;nQG<fkoX0|>?^-1luD$x?$l0}Y8_n>s`55wJ>z
zp=CBAcU8C1OSt}=KMhk2CDy|LA~PF7(N?v4;kz|;#u{iP?0Mv$mYavI>#7N1SP73*
z=0;d*lVU*P0mde<8oi&iD>0by0Bv$~Kk*_kLv<nfB>jowtdGx_TWj`dyQT=_-W4VP
zNc&4GcDMNY6DiY7JCFqzi$S>`wzTV%`P1PzLRl}<;mGn>mleiLbiEr9mk#um^jJLq
z7K3WFsfVjTk}Ol(dJw2~!B9D9ta-f-w2~z`4pf%6hbKeP^A2J3bk9+i=7|uKVQu&U
z5L(sK)<&LNs{y^*^$$JkdH=+0Z&qP&+mjrNR=&$XI1sM_jr|DIV`ymt=GOhRwI%XA
zEKp9Ix}tgK3ewknotSqkYN6|WVZ60OrRTk8Y`G(s#%qCMnyom}i%#wEiDsA;m@xQN
zcM{pyRvLQ}89NQvx(e~`FO6;c2gfXpk#EY>4tO*iK0u#1G@(x@OJ4XignIpjMAGQ{
z@CU|dN0}I=#%d!+9sPy;(%$<3zO%2NS<Ey>vH~S1YQ9>En}tiW?jzK$q8;Vq5O`4A
z!a@q{=x7EpfXR8ubQnM%Z0WaN;BiFq`XWN@<OlELAj_QtR3#Hs@}TJC{crvGllY&y
zahD#rX>d3YV_^x&O&Af`TpzT%QAZw$XoiUZgqw`JGqeT!PSVbm5%6K0Bv507-^qjA
zLQJ!~)^N&j1PFqgg!I3S;AB;b9Zj-aHtb1<)Kb$;Mfz-!&l~`fHb2)jkd&|w<W7X)
zL~#uc;JIIPlWpbZu@IK<4DNA(g%!eNz)0SxP*%mLB?VxSoM8q>cJ|-uGbA_%F#3nO
zjaFe3UOs2H1AuObfTHl{)q;gTLui1DFagD~!_C&2ORWCHb7ZvV#g=2)F;1xpJGxuD
zxH5a5Q2;wP9C05Ry#)7RCS$`WGg+gY3dJ{cussgusvX>22$y0QNo38|k{%vAMQ{?J
zB2-v0OkB8?$Aq_rALFbjCQ;>D0>Sg>h`K}USDjSz883fy<Ar>yW0k|2ezt*Z{>k_u
zyyr9=!Mov(bL_J#+ME6LY5I<3=aW_#w_BEBFH?_H^-9__wf^~E*AHD^HSFT%Z>{z6
z40~07WW==E71@#GtW>%-bb6`E6laYt(86VaA1xcF!*Ec6XC2g!@IyDN<O2(Xcg1&s
zs&I+-$dH<;{pRm?t9I4+c7<}y^Z!AZp<m!$N(B^KWj)!LYt4UrTlF>N1CrBm*KsMn
zF9gv*8<Sg&9J1HiNY!UbKUc29ukyD?%^AFks^~yy_GrRGy+KmSkUH;*zcYJxo^7AO
z-PFtJ!xMaRO|Fj1Q;1|fSG{(KYh^?>cdDKJw)dJy5^+6=3^~BR!50VB6lcf<l)S#V
zBW8o2Eng4KD-{tq?~#<)o^io<U8#^6RhSAwnMmX=AI(s2y25Ey;)(%9OC55<_=Am9
zwfjdK`P@Yrr|b}m#HHgaLz9GkJvLu^rfoeB`{0)l()#m<3M%K~YYl`uN*qwz;|o<u
zBec-JiA}8l-C{zpntRbM$=fAbR3Im(Np2PWZq0drGmWnt0V52T9;{L@+eOFf#=lu4
z#<jS-*z~k#pUrrxgd+cblapqT(v9dl){vD<tD#wjB@a3RT7XlY(d_x=Yy?&SGNhxq
z!KFp?lX~7hhCJpFol^{P+;L<2KB5HXhtB&3R{sqw>$Lx7lQ~B5M4WjsaO~o|i_OjL
zC_ku4h<a5TRj*{Vj<qXHy@VrAy%bY-#KC3{^yXj=a0=>(O4N<^V@KJ1F^wOL>gAhM
z!ez1GvcX%!QlFScsUV@tYgl~tK7Eba!H#?aPB`QCVMGKD@EPIc^g2%ARw546vcfYy
zb^JPGYHw@{ZF3Dh%{0Nj+Z-te!q-F5cvHpEkWLZ&&s$7VS5(uD=zc4jZ1QsW3&VQz
zISqLI5Y??;8j&SyxW!<?xw4Z#S9wQj)`WZ*$Kl5}45m&SxCXP5cEx;H#S0S?N#6LL
zyAD!U-CAG=Gu!<4_Fj1MpA>VkiM7jT^lYr*yC9h@7nw>_;y8-?CZQ$2V*`ypwg0VV
zsD)s^2}b;cKiUv-f~S0vOI`z~%#@KGZDi5XuZfKBL%-g#jjv%>H3Dt85}&YZQQXhz
zkV!e>S&ODsC&5s5%R>hDE?2i;Bkt+JH&;lRb9uwBeD<xIcWjZg<BuL-ud`V|^L5|V
zJ;xV^Y8;+4jDr3#s^Qu#{$V6&T!E4wwT;0G^n-Z3%FUq;w5aH9?u+fV++W%xb(Q+x
zlhY)T8<uE1T+>gA<^GYeknq9BfA*alSleNd_1^I@t$*g{a=z7|{r!^QB~Iq}INol9
z2@4qdSZGyB@_C(vzTDYn;>|9lDZEsW_9HBX21=M7_xw%%vS5mtlIZwPv2@;NQ$w0W
zROzwL2?6o5jxSOzhUUcYA=I<;`4A%Bu@EG4m)**xQ(HpDLZiK8Y@9uj3j(MNC#Hwt
zg8tS;49Tfk*G&E3(C7OTJ8MZ~{?VjM`o7_}P=AL6BE(@y;dO35hgLj$1uek<dl!!4
zAaZvM?QYEsuWiNBU-lcPF7zFjU0%aPybUzqIxR>npb7ZE>$(u`j-#xrDa3+D>0|=3
zo3Qa>htVD_3IX{%mh}_|MmjP42{pJ~gGgHg_|>FbwBR8_Kls_CO{%eR!ke`Z5v_|w
zlj4jHJgH4wAJ({G>X)2&{U-)Vn@sTECE(tEp!%A13x{Bg!({uf<dfO?>06SF|3Oa;
zF)9SumaPLrb;m#POs1K51G-7*IgD#r>Kr=uiHH_w{0%rY3Fmtmb12!1&w{-pYQ0u)
z_TcH1R*v!|(lE%wc@z^%m|_NseY*LB+Ub|B)r>{0n&2=vQ6Tq!cOG#jT$U`m6%<F@
zvX(z8;s=nq6DnZlZM!3g1!qCOv-iskOn<hHcl)%t$u|Uz--~MRWaPQMX5x?ppn=-r
zl@_$e)_XH4aw6t)RvUK$+Am3ee<Yao_=b2&EWO(jf9d;cXP<vZB<d@xlf45p8Ijla
z+sODgmg`c+hOq}H8Z@rTF=G0HK;!5VC6>LS2H<6=jkJB$O{i8fN@k_Bt^9`GU!QmS
z_&H)cb1ecWJsUV>!%Vr&&3UptM3eb@Llmxny|*;pwVZZgOR@*gNq?@*eqO7Lq11-Z
z$hx<WKHilxiE!|RojvxyC*rU*9ySac+j&g*7@zp(YPuf&`_W?t4msaf2#$|mSi%l;
za1sCDo0|O&fX1EcF1icrWDrj#qkXmiiJznx*KfPtijV6gnow(RsKT4c<3RY38E(Sx
z*Y2O)s%fYE%krUJep#Pikw}uka+xL9qWRE58ze~+xlBwu^YJhO@x0S~;MFIi2$cQr
z5YGX<i>o_EKF#d7W|N3wHLJUP#=S6Co~HyQ)AB9#&lrmp!_>polJimAf%G6Q#KxZl
z=K0Lz1($V%f~_>FwS+n=>XC<hl<Ka+e)|;LQ#IT5g*xQU1U)&RUG<^h1c-5Bx!lLO
z7;~#8!De%Ee%}}wwW5rCfi8>)WQR;ulR!d;#b`@WE5*j_AzqB6^yfc4(s_ck_1CA?
zG|6{o+$`BYW*n*sCduM?8b3_fb}S2SGMn>O<8qO?<8zUc4qhV<^>v_r{->My^0-eQ
z+{?1Uq%?E@dZgdEkNZ=s{jR+$e-5o;mJbGK3wjJ0Hk(Wb1OM@b2`?|pj6a{t0WVdG
z1FWBVf)lX>O$$MoVdv5|hRew0*)<>&>+_auN7Z?-SoYRpOso8K<Cj5NUJYnHz`?$1
zw{=Nmol&coCr4^|Ual*wcns=uzXYdSxf``4E)eI<q(Z@xD4n<jXHu$M8?*F^%+Hzk
z+lfq5>*oiZxo*xS;FWUPuEM-o0|0|nk5+CnoL1B1C+Mm|IFPpfKkPP3+9~3}q~o7~
zw73<zF<f`hA{xd8sAZu%y?5b>uqd9O{!fruipasfY{10HcF_-epFG2jk9tyef_!-W
z<Y}&yK2*ItZlUxqZoD3L81?Lp`cA39V<FZ+@qu-_R71bun{_O#{3ByM4fu(_T97>X
zP^|b(p8C&=?Z1<2D9n9pIvD|j*Lr8Q9a7B?O?;HiZo~AJu#mKnFKxGSEoXU%1nioS
z(C)LuidMQ*U?CFg^2n<D7-ibY4gJ;<d|HTf^hnEE|F*47Yee63p=hn@d%E?XyPJYZ
zZdxxGj0h;i4Cz(QpEOPL3~SRN{hlq#3)ihJ-3cqIo3>luoYU&hk3H}>n%#$Ow?bN!
ziDo;ojMqnOsSl9T*h~D{oc&N35#|LdY{j4B_Ker3A(Ho4tX44CtNyg~b)=5(3z=>s
zPb1e-9-f-Qa#w{)YQ)%k<+6hFI^nnc!3xsmp1)AOpGozE2;mk*AMP^#eKVf^<<?jE
zvEt{y&OU|asq5Opk4t97pxdD;!Sn7R0ZcTHa)WFq_ng!2;!hN;$Wb1#X)!CW7=!(g
z99?hp%j+vya}uYzT3Q|30GUGTf+~H6Nz&T=Tq1s^AGHJQrt03S>N^FsEd33_X||+8
z<0_;(-lK%}R)X$hi&;k@I2r(dcCvYiI9NFxQ^xCLf)+R7l9_}sa!cOT&;G2Sv=Xvy
zKXzuko&}e4h1GI+1v1^M(T~-aM~))JtvsTHOVbsgp{j;FtH=grMQgfK{YFkJP4)Yc
z!Jm@%=xM6|#rO0Ph2>HB5UcrF<{&rM>9z!zxw}p3sUpbhCqmU&!_RoPmXy<820isU
zGU{mxAFBTTB2yZ4xV#x~l9Y*4j>1&B-or!S^XmLFZ6Kh~XoHg{&$AO?M~dtCO8gKi
zkZ949b<}2rj9slycVGSA6Gc2a!Gjqr8B^4^N!g#Cs!#dBdCjn@IUq>EcFQ$KxtG$9
z5&R>fpM#ZT*G~p+0@D9zqN`0~s@E&d&|pz1Fgq(?rOCdQ;rO3X_riY^pB-zI(Np&r
z*@~cZJ-@&o5~m6te<I9A^see%SsJUJu6%rUFE-CnsKHeoaY-|}h~Ft!<pF-@|GAr9
zO@HaK_MA$Lr6fOn-AB?NVV)ME`*E^YcxdfBzQ<|zP6DBQOBW&%Xn+SZ=l{r5&H#z%
z2r)Pe38+}<8sO9ICA_>`sh9f9mm_E7SKMh#;*#R`4hN49c!^zlkx|!*L0qIaO>Ii2
zMJiHeW|3LT-6y15S3RuDmUFMxJw*7y3Bd}l+pJB~+{Q)M<*gwXqy<}HY2EqYPvJ&1
z=0x$Z$;?yiEfBRio;%+61gvd$n@B-x+lO<qLAGDxS}iVvWAK|*3=I9y$tu~{ksi~G
zt^nPcH2a;FsFA>~_&O5<w5^pYP>+sZ2ib?UZ=S1S>>tx^zIxY9EuMLzd7iSQg{G2D
zdKj_yrEPmfUY<xd<{>ptx3D64=W9WR_ss{*X2J#z6+`ZI9Qb=doRkC$(ciz#Z)+9C
z^yDpbeN_1>+XB)OWkxl>tk>kCBs{)7uCc!?sFxOH=an_TI3@lnwk>7l7qTaJSs+Q+
zsw~RNd-z&6PJn}swQW_%(s@TALyOm19)t3YC~@B9HKZb~+nrBNT=BVWXpt0)Jea4>
zj0sBI9DID2C3(Hd%JRwae(qOTKCWjUdBIt@KICfYTqK>T9mf^dC2LjLx173KaeES~
z^m%9@3jvOE^8KT>2!xUH*+#DM)*TOrEZzibTT3SL^V$@3{`&x-LFQgo{@LLJ9U*_L
z0#=n^r<|ypAq^#ey+~p2r>(*OU2hd*W!MV6KS>=A{eLF@u)K?6oHOW=FG>A@Sz0Jr
z-by}}JeX!VLCq(qG2$>w*9^Oa1ohGU^i}K{j5Qa|AFKDvVSD17vB{IQ*12Wb(DEZ$
zQGLfL8%pO4Y9RkWUYN}8Yu?3UJ9X={t7<X(H@*g|r{7+J{`%8iGxh)l9yFm#37&~w
zLGow$=#_jIBI+EpKtZ=PFZrPn7Qv>$tMUKb*HSss>!Kf3Wdtd?RGLWI;kJIU7YJn}
zSE3oDg3*FM1ho^|7qXdDyDR%L_(L-5_w1YM#jIpfmj$PjOZL)jtIgGCq~h+Ko!){u
z#=&STJn=nMMTJprSm)jbt&Uw;7#e<s^G$q>rYNV(jP#4iSJ3?ZulMw5B;P@&d8_z=
zj6p-tUTo$}>5+TdMlPyX#`E=&y>VrqIg}u*7m--vT7)}whFvKekjO?<rl5e1;<iAZ
z(hKABTRHq^D`6Vkp{KOHhWjSALE{0i=iBXRUeK5SvRlqASb?=Jin^5H8m*4THqi01
z{lyV?ua}pum106kV>Fucp>P*th8K2|J`UHJUalTZKrRPEiP#sn-GG!|Cn;ki$W3g=
zCOSm-1e3^`@+1G2f*XQb8OOE8JWc+B>UnBy_;H!(N^XuP+D$;Akb9}g_U~}HSy(?Z
z@V%*DSzSLbZ7B-geQLTG{%SLq<Dq8Qx5mz_)JwX*+1|k#v9kQNTh?zz{&txZf|nK@
zBhZ9FSUb6AZzb?7?TOf5sJs=zKqE$I;MIyn_VpkY3HzLJxn)QK^&O~=tCIfdi9+`3
zvqBp8Td<|C*b^`J$M!t+m%jS?8BFII`&2FSU_4h2%v*j!Iz_)*zd`T;_K=|k`uwE`
zo?E138?P$T{WB!akK))BnH=@so4RBC@vtelcA|^c#%0sB7=5WdCOKm`u}3^s!Da6D
zzp=KeDqyp^w7Sh4tW_5<EQ0p9U})wVe`8@!L^(#}R#Q}(k}coN$()qJT42vZlR9+O
zE;ds$Eh^miF1F!wxrc#aW$5*O_*d6nn>7j>foCdDBxeTrD@u`XZ*HfXIk-I{JOOs6
zO5xmRIzt*5L}BMohX_(2$mN_bf=|SL7ixq2UTot9#I^PV&69|3_BDAXhVG_Xv?Xb9
zoApaIjWXeoHqEh#%?^#s=^#<xIqcbVYxMQ&P2xt%X3hGt$g*EUeUzE0fPIqx|8d^^
zzr1;2RBscoXjs=p?!rc4sF%|e48}xjJ$irTy=(I6&13A{QR8>MqKz*tmw{JUYM>EJ
z-Q`31e0Psv?JE`QrREBQqur~>REl(h{ozZ?zvS^Ti~Xyt;x|sAR}#O#E?)Iqj!_|V
zSny@ghW?+Ui_WE|IG*?DQzk#B-(6*Niy+~?_Pa2tt(b)!JM&uB`O)*sE0W*e`5!kQ
z`8HGX>%(Z;X64lveO7)SQI~fKhGxzV3x>wd;^+4MIdaME9djDePayIZPM!Uh%kSNp
zKTD~OBD6ku^gCC4=tw6wf9r-p-D2m)Or7VUPgi&3NL8KKdu8M(NIh7PV%L|r9LMMB
zW4VS`(3jZ^!O(=+0HN_MSW|(tx`TIT^8f$6$glt$452*8k+eFQklCaYPI+W5bo<6i
zooeTXMP0-5=|g#)*Ar(s2|`H7|LAelWy!NyxtzPrDYLh^cb>u{N1W<Z`#1l+JHgx_
zmUDSMk(Qr(XE!7yP5uvB@o{^{=YP~G{RaP!PVvw<-9&{kT!)+CxV(9Am3Il<hDjAa
z3$=*lE@`}H$O<)uRkockJRa?cl}zt+hh;7<UVReeJ9-t|AQITHGv~j2GuU3?ddtzL
z3}WNh&rN#4Tmb~-?>uR5O?a<O3(Q*YWDBl2C02#W{N7_6$lGo2A!lM7pg3s%P0W|e
zfCjBd>`ErW&-k;0?PE$dybRjHKE5(jj*Btb_IehA@(yQ#w(h*wpaj<x|JujuTm)Ir
z+y#cy%BQaDIW5q`WIErpx4Ov>Le+lnF%8_lb35W>yPYkB5+AfBEI5&F-Rnj!aOG^Q
z+D)3|vT*zNtbiM>Rv*lD;Gp)UYGGK-DqN3T;DrfGU>~;gXJ^HG-CTPK{MYMQ=M;x*
zm_oH7oTIbn!f#CF3y;^@`KEdtL}c4*>Rv0>tL}8~S}mgMua^vqC$SKAoueQ_O#Y;g
z={rphLhkf~Z-V1q6f6&Ub6zYjP_IN6^?`HdVKdc+By68tfk9Dh@3m!umpdO*z1YxR
zgGCE;5sH6;I`79hJGG{&|6qc(9BJ>r#ZpFLUTYE^>*Wdmu|Z+JB5DocT{nI^{>gcN
zVMqSSzsy$zYlV?&vv$nY8^dn{=Z^i8rF)$dpHU8&=$Ae8$nV<-+PxFssT`sg%-WfG
z%gqFbsafs_(hZY<w%ExX9<Cp*vb48oUxX4%GSAbv;*;XmzI&PqBK5_wcnbGjlM|~B
zoV%juPMq@&&tF~F@S;KKht2li0=+-vQZnI`M&~4Yo8o71@npev+AHZV!QxOUF>#H5
zbvL4g{DbYmLQvn>$3#!l+nkt#s-2teZQIyTp}$^q9!W`L+kz_S614{k0wtLqRKvHW
zSK;Ia`P(5UQ+q1^z^lGuePVCz<L~VKa~5R2kYY_a&*IrBQM28?Pw+A-1jP@bB!O&8
zB<5sTi@64cLGJgeZQnH7`UtL$9*-adml64s=Bi%m7XJcIW9YA=A0!glG`xDvcH4Kt
z$-{dO-U$PVN)G4k37S;CWbAPE3BQR8|D4>Jd3X|;@LDXL8q+fCB{=cV+}Uj#Ufh&Q
zblJJi%-%JfI_G07d#ChX5<QsmUwds_%zfaWcOKzr?@~Rz#&Ue?!Sq_2CJ6gI=5=3|
zsX#T1RoZ`auequIUlMj=Q%Q1N!VYJzSg(c4!r4vB<*jMesuajab6C$OmuoPjN|2N7
zTh9-lT(&gWjv&pu0K7_}hkN{MuZ&~4vUnHGU6w7uS(BY}pVv3&p~?HT*Nt;+bl9-h
zcMCEY<*w+kS)k8LVD4VKM_K*sEIDyE?^{srZu=O^zE|!}=f=lyu|)5+fwrL}e4LXf
zm4CxH$0sSj%<oQu)cxKcLZ<}PqkU(gMVLDu<7HQu5Oh0d=fop(r&|=73$k6KNvu-#
zo-EzzCU@w-eSQ<BTr6MJL+?7Dc{C&6R2LD1y2d^p-$Uz4>-+52%|Sz4YcMZU4Ri_J
zaj!c14&rwnteZas5im_#bkt@LoY0*3r+opxy=`3*JTLxwSGims#>8hCbg{^t?9Go7
z;ErFLKDp{%P>TgGrENBffRr8V^8UPo_NMpNr0?7@j<<b&%Yi3`gbTR`pob0XY|&m)
z4f`=P=uiY??zn4MO`-@*<m`%@9F+Hgg)`q3$uzj~A!$dyy#H*!JzRtEoof(+FdM~i
zt_)s{N6SqEQ;xOU)#k6aR|mX-6XEm}uu(4S%>bJH-u-=)x8N(-Zh$Cud>34$SPbm^
zh1B|X@zx?_Gq<x7Ivh|2Yl~{@Ca;QK!G{UVzEN0we|1Q{=<YZd2+4bk|N7hrysxX|
zqd$ec32lfAc?Hv*bG4zNJ@$>RD$IPihcS6bxbo89k->^Wv%@EEKRAHX!EdmrP)Zm>
z+pLAD*?p}UOzin)f5`dx0oD+@Eo=S!!qYan(#Pn|wSBkv?a$pc<$cbu()L^5^s0>F
z!`oIyNXVo2_FH*ixX_RGSCj5g!OZqopP=WoKRe+$NfIv^e_s3gS5rztS=+8zdto!6
z)4taD%X_fEYq&p5&%48U=a>t28a_N>J8&^Dfzk_01ow^t#7Vkf6X7qBXT$$Mh6=j3
zJ21Mo_cy~>?w+-K&CQH<P8uS1*jYT;1flItA@AlK!m`_?*LDrF>YIl=n!n)<txIG$
z#P@}>|Nhn29Nv2MHXI2144Wzd_hrQlZ}zYDl>IqVyS<IuyDFPMv4{9nu^#A6q#fvu
z=a}#Xyt~Qu${(fYoB=ktgQ06if<$O|YX3P0?nu@6OThj@^+TV!yT4@!TytM<wAVMO
zXcPxHHm9{ojEvP?uK(-PC=St2;l3rfr%UY+6;hfr8rTgN<cS;$534Dg(jnaWSMGQ8
z@cTDu@9FgA#bk)YFBmDM{a>~CI;#hy48NBPVXSZz7<Os=B$LnD<5~l=4%PXyF^t4$
z=O2px$>%W)(q03_c$lj_vH;2K0#ht7H(0H|!FubZ%_jKAX%~R|wbAiEU|<s*JC9u$
z1d07ki_Ef;XGtI7qO??G9q_k!atxDkQQLCk?8azBwF)`C)K2`kh=T-L+WhJD(tnhx
z2Xxg9#=bfq16GUSFZ&dbjRbjq3cbrwHa~`I?ES5*qqgbr!h_5VJ8vT8FJcKLVtWDl
zORNHH?+>U-CT|(3pOFxd(nJlAZDAvxef;0TeWtOOk*PIlPvQRR;m2W0CIkt1@*kMZ
z>cCTrEh6r|@c8g`B^}nmc}p89RE(BPkVvX$60&PUt*I64kaBL0<*C2df60Z(Gqe~Y
zu%#WGvjV&^jeoMj?n@;T3(_jDVeiwU|2dbggrqfUEGmybioH**W7f>2gBQ_vZJkRK
zUknxzgp8to^`S``y!osG$(std!~ln57Jh8WJOll^_xp8OSi6eGEXjTD49Te;nHMbC
zPy6A&uy+Yau7WB`_cuKdyj`Q#;DFE9rDPGgG06CMz`RG|S`_cHkKR5B{m_?H=8UYU
zwea$Yus4aLw_KZ%p!l-qM^+9!r_$F)-qDe)sx<8VgQ*$O8ec&PaQZ%3;}I?8cz}}R
z#BFx&@O9l7k~a~Fsy^KXJhJx@ZHQKNpevE(*kf#rx=E)j8<iC+kT)y#nRynd^pr?A
z@<?i9H=sM)1aIcsIYBrVbVzQ`wNS*;x>en(TQ{x%Nn_~$%1Xw!7uejpyJ`YN^NIVJ
zubiF*M7xfAI=XJM>;Ed3>eL2e%K>;D{K;@CUv*;AA*2o~1B!F0s03HXlUlCaHv+T4
zD*zq$mLoJe>O2xeZ(;|hg*#J<<gTxTGu-nxT6ElsS`3rB@aehR#PO0?q0m(Q?Ccr1
zqX=h7V?FLqDgGWENpC67Y|a5QCZ)i+QFOhTPI5_O4sEN-(n&$Uk-bU-VMUt$1ab-g
zNpFl~lP{D~vU3oWhtaI`-A>ZjCJNP8v5gC%q(x})U}mXXwg<ajHM5sL0ZQ@2KA#CK
z+veRsR}{EfX6Hee(Z04h{mjzQ4ycbFq$&<QY|3q$y1`#5=b#ud`Ek#-aDYE9Y2I>U
zLuNMOkPYl6qi;<HIlzsW{IcZ#A=*G$zf07o*fD)@71H#Ro+9}RHnoI;^_p>T8r&7r
z?u#Y5rSt9Vm(1&H7GP=1>W*X>XXJ8;pNwShH#F8_+kG+Mptflmw&0-;q)fjb<WQx8
z;w(OmYWUSXH8oMM8xc2%UAHQErVL)%BWxIvf3<EOF8yU2uyU}cFUe_W^MtcfK8a3H
zt=1O~f7UdQM$nvd&SC8{nuBVH9!sTx(%KWmR=;Q&Ix^?FomUM$$nzF}Tln5_n6wAK
zz{QPcd-SSroT-elH>1dC`C4SB#%TtNS%hB*C31VE%0oAV$z1Ku+;VXuS6hI3K`M(D
zoq+nV<w~NdTP88!E!+08Y3EzjKEgsBQJGN$=g}Hw|5GN%sxsDP(>U<fMUIGVD=psy
z(Xfxkd;}?~#DWEQn|!m4XlWSqMA`p@xYKG9<j-dLYQJ&d6M@G<4_IKjR^NjUE_KKS
z-kKnN)3@xqp>}&z7hktPDRnt&?i(u$HGBe5)QjgSVBJ<UH&fM%i$stfd!fYvPOh~(
zkpx*@(?;*;_|Il%IGXoLbnO5W%Cq`#3*g;(L*O-t7tT;)ZyL)>D=5<W<{*%#y5G(T
z8r1&;4&2k<QueDuHPmP#j4FJ>34mX)*yk)fajR$z2AqWN@tMHI6$Twh_div2`(s%0
z=xUI{S35NGebRN%K&<A9H6tom)9k53uJ8TvjD(?SSFw?aU>GhoU<atgnkOU()GrCH
zUC<PB5wZ-;8gE?I6nmBLe<I@#$|($b6YhU9(Ld(ay+?vO5z;^Yq-)WOQU8{h_JldV
z$&IkE*#uhD%nReOd_`zVp^>>wTn6511kSZ!kyT18U>kDPx2{JW2e87OR3Wt~^+y93
z0s{a<CqMl0HD$m_#CO?YIfEQ6^^288$K~0E5!m*roEx|-Bii~-C7PV;6$AP_8h+lS
zY-?DS5x$EcMXN&J0m=wHmGBNG?TQp}5I)PC@}@BX3$LQd3EemQql_HdZ$wV}6e-d<
zbF8xHXWC}=B~vuZC$!%ZW-|O`OQ0ZowiIbFFCUxsh4Q~QMJvTl2b&UZ_A`$}0)Lh8
z^Ed+elJvB9G<Q^PuV3Ks8g}$IJsJ_EbkgzKimBqJJ%aEMFO-1cT)R)-@J3k7ieCV3
zUaq4|r0EevU^G)#PEvhSk4m6~w3)4HR@nn!9?hZTEIYaGcP?O-FfaihoC9LfGpV>T
z_6-o^7EaHbU<Z>uk&;?8Y=6^3Od^VC^(%gSdWtBD>EI#+=rI@iJ2wzw+9Sy10VJL<
zTlvZ+r)&;i82ejmx29Qi^V`_qR)h4pl~ml3UE9<{awlY;RB0@`B4aF5H~J{*{Tiej
zZiMhHSO20n`Yr&L$g4GJNr(Wg?wqZb$gb-870KcPSoP~!rOSqrh_3EqsX7%5ub0^U
z`{N?QS)`L37;vll`i|+Uvw$3pRhyYeAGjQgRqL5Y&VK%iGj1m|3WuE5ffA-x_*NRX
zaHTRbz^a(sW|lP8KhBkdUej@0=TP7oooep7c0F<Z+2480f9fj-fc@(`Wo+XIM7Glm
z<Wr!VM!G#}p9iulPNVqu(z*`7s*RA}U$Wj=?4{lz?53R=IJdyuTOpS5eDtN>fv4Q`
zFb_D_?}q>07wZBnpBdS5GolVd@(B#cBI0T$+?RR>^SM+OwR@;iu3~@k<c6_X23Kw!
zvHVTY(@Y3k^!5Pw*!1;a)l=A&I?LR??g7t+zuoF&l3i==YWOsj)rWhw?z%EsW*J^k
z3H9Hpms6>%G7{Np2^kCE+*lT+jU&|Lj|W&=7w)^7n8lLe$7M>iDE`y8EJ`4Bof)p~
z|D&|_skIFOpUG#eenz?>>)Y<k45sBa!A~!Ez9{?v0DgI+bjwXB0=E|_+q=|4kQql+
zzu2qtO=IyUDRa;Nf$wgS>;H2!q~Ps{CAONe^7W1V_;D#6f32u>uXh~>l~T?02QMjL
zz-5gWz#RA_F8R6eVv}U@6(1<~<24oE5m%AI5pp1a@GI%v@d!wD2qgA{Q{Vt&qB5bw
zMl|bAm^%RqTI4}&SlVH^Ids~N`Katg$61{6aElwLs7x3RJpCc)mVi^{t-4a+1^$UM
zvLo@MWoXKPA-AsgE2-o|)<?^Vt{X3L;>c}G4R^S&;5ZBWsk-AS2Ye-P11WA;%Cio#
zSd9!<bVJ2GG2qwH+8E|-ZDLX3mndr@y)W*P4|eWWoN|N*-gCEj1Ur>deVeGL4(xuI
zD?c!NXJt|Z#MuGA;?mWs8*=!Ayy=QwY_X}kZF_R~!ss*DPOej=61j=MUD&u`ZlzVG
z+IdK*4nAN@vEG_EKh`o7hm96IT=R+2ST-S1V%#vB(sbRc99GGPn%hq{mz;JDgQ!!$
z=zy1ID%=Sp28^*dcGF5$mG~heR10lUIMlw`2XhbjubVED;8Ohy6gIvN5R*OJuRyg#
zVpHIS!r7xN3iS&__)k=a0acW|a0i7KM(_|EYMmjK-PEw(ArBri59{7}8{8MiOxgSF
zE4mfC3{A!RC9@+ZUDJO+>RtyxnV2?U3o5hTA3AH^ih#@xC4l=^VENL5#Qa#t-`~kC
zpi%UDnZ9<n1H?%XY+Pd(&EXqcY65pct0Hz%FAd-65eF#VeMIgLiqx};=J)^}7^Y*s
z<7I37tfS_K52R=u2(n4%qDp>Cm3JCr*Jx~y*=Jk$-=+a3FC<X^MJ`)j=GR`eWvV*|
zpgN(NT18_vxhV!|b#G?Xy?-V5nPq?LbPVnUUB4oILTiD|s8IjuQ$nzT6HVz&CZ?f@
zp-RpTJ)8@h%{q<UGu(-@{vn9*Bj9AbdWy-d6REzn;fq11s#RP4uVmd$xcXYFwW!j%
z>8;NkJ|$hH3S)3CA}%B;l!Zb=K?@FbH-dyW`ua;;6#jq(Y<)rIv!dDF1VU_;I44$b
zk(?u~BjS0WAA*YzCq>c!V(F{n+GxJ76M}2dA_aoGTk#ZkcPP^0Ufc<7(c<pz4#i!I
zyA`Kck>W0eU!L##{*$vab93h0xp(I?o9xb33e@+>AJS-L3hVuDNE8FsI(`iPF{_gP
z$*sQ6yR4S1c18bp{<Us8{9++^Y*u*=Sn-vxT1(diN3Xr{hD%FaoTT=)RxlNF!9i<Y
z%pn+afie%bQ`3+dq>#u5yHVLGp)<9~SV&6x0Faa1gEa;s+_cA%3LxkRm^e5Qn%?ZH
zhuXy*iNF@d(D@H5k!l?m;<ZNf(DeLujy%SS=y>HXek3!GNL;nTf*+@BnPObX%q#7R
z#4Q1f4v~gD3K7;qT;?4DIoXDb?e*!UMw@wPyX!{P7B(<<l$7HUW!O!&-%&3cW8D;D
z<sB&o1}y&0x{1sFm^D|YiU9EafTGYUFi{{+8a_Y#DXPDDsr++jO`o24YHsk&jYC<0
zVp@y2iW#wz(gNxGHBb8UDc%xMEv;Zm@drvCF*N{dqn>#74fbAxHIwN-srSh15wjqF
z*iAx{G@jx>PBuvIj`%ep{7&R4!Lg;R*#35H;KeWWpSLIJzaO+&FAoX4Jr`rhrXy3V
zJ%uCVhpcQ<N>i5x55SzXUi?dtG}LmR&rlCFzKdj-*J3W$NJjqQEre&uD<O$uP8c>K
z>OE%t*O|uubiz<Br>11eU!x3H@A9vuX}v5N>%{%Tb)-b@4k<2YKw0d*g-xH9TL&MA
zGr)v}jG<sB&JeicYOu_SMsA@A*unAkrWPVyMEIG|VGl~yA<6jR$h14h8IW9pe8>m8
za22Wa3BWb=W7N%<t9I$}V!nz^N;jU7=(%@|yX7bei1g_W!R)!ukzqcWwcM$x?~+K{
zluyeU>28emUy@Gi9!}MjclwJM*=^aY*VqtsDLiIitA2T-4Z9GKk)?8u8Mz<2Ucw0S
zJvlw$d<iFS5fyMijI7z6dCa~Ihh0c)tX@CxKR(-TY@(;-iJBJ$o>~T;*3MR0JxeYo
zQhzAF8Z<G}*t-S&T;k4QG&kIKFz{KwH>Pr4jdF)tl4_^bjmFkhqoyu8fjCe8u=j8(
z69COt44Z*AdKw*I#!1WXI(W_qNK19n*;X6~3Qfr%B*NJWUW`1#9Oeikadsw3K=H1!
zOEE|>fCPSIH+9L@GfzE%zT0rknyyjTs4%DO_>nv|dBTN_jQOC+$05-v+=evPl0TpV
zRS*9AUQYvpW7pxKzN>wvt`BdG8~*o22Mr&}SjUA^W;G2l#KJeE+Cp)ZDL|JtBYEYA
z5Hg@(fmaolv)>;_TlIRuWA&^bnf+`>b_=k~F}9<03s~lq23p2-EqQE}bi;Sne{?9Z
z->)c}ZHO8Ne)1P%G3py(4r@k|^P7&G+Cx<58<d)W-VX)?*ONMssZoizq6LyP{qOWH
zT--`Vk*aS%B>I1ShN!hC0NnLg4Z>)KD6wXfb1oY(O32(Umkq+<fm#3({9pdEgbJs6
z0Q0b);=f>|R_qQnwSHQZvgr=<KfRl=W0_sWx#FUE8Zcw`!wif+w&BN?)7O4>&PkS>
zexXZD<6Y7dk5d-J(rfeekzb6K&%C+T5DWf9*mIqBsF*4#GL6ghtI(4??hC7Svkdy)
zY)*<4{6g=8cAP|G10S14Y0^pvHGI`c)}TtF>OF-5JKPi5b1=bH${Ez$FmysJHW}00
zu+s(3)$A~FEUaFm7dKPcT=@4~BT=to_A`3>V{rP1U&Mva8(Z$0|5M1>i$wEFW@rNP
z3>Y~iyIKNxTwELVu~m^R_3rl&$v=e*{A83J@pMGC+$Hf;MM&<@#TcKC^e;cGN$?^_
z78B&ZuIVIdDGm$%OE-$1%b6p%o!(pnv=3HIT~tD*ZR11l9&xJQtOTIvu;yaXA1<uI
z`uZzP;g{M*EAGyuYR2~tW8HJrRtB&>nvRM#QpV?Kk0Op6Y(TJT-52@CD?aFNPmE$t
zF}kTjP_S$ic|s7KED?wf|DHD>11a&o3CPcN7d+CiUy|TG;KRjT=cK%kTR~*ZURAF=
zHp+xt*v$sCcM<asxu(XVEnY2+rB|}h9iy8&EVLqKsz}#21ZFrCTd<v!S%R8c@fDW$
zJX8ftGo~CPlxBS$dzx~G-vy%^|F{*)t+I{|Zjx^$fzGVugFIGj)-`givy&SX#j8LO
z`&W%w(^v#-TXs*w+_?un^!cp*wqQns;nR}QWvKLm{XFyGR3mgI>cOO06T`THn9(4;
zX#JjK5hyKSLD>Ytnmy)L(;BNTOjhJ@M2JY{5|HQd5~?XHE*pfRWgOkeJQ`ia?7;?`
zhFx|DZo3d_*_P%RlN=H3l?NMwn8$^Ji>2^P4b2Lt_?*@dhnuvMr>3)&*w_-p`cE6P
zk5KHZ1bMdw8j(eef9d@A5}YO2l);vMoNe2dcA5DHWbYvJD3bJHMcG2vLQ`44vN-$S
z15$*aJASNFeHR}ZBi9=0uGL=GxWOxDFxg-d6Ia|Do(DP;M76dR8N1}lb3oC_%GEM@
z?lu3(gORwJPw1_PFS?rTQg-(OFwt=_`wtPY2>axr7ztXY=sQUO(`ddGxf05qFA#lg
z0yAP+PjM_F6yYrMo>}ovi<hOb{wO5RqwgxDNL|($*l6?r%&f-a2{KJ@U39Tz=Bsou
z-52UADOP%Y1>de;XcMeIO|5mZEnkyCs7@q?mE|Pl3Xl-;?u?7*3PahIg~IZC(LcV|
zl6nu7MzsG0_O9z>Mjp64((R3Aj37ULddf@_b-k0>oSG7M{*%UIm7OK{XMDLcg9O4k
z^O#n-9?JwZjju~txgP>>1u=0oAp8_-#6?y5USK!y(+37^Wu4a2z&UZ010oRqOw%&G
z9vJM{LMhLGECJfEFlH#(&1Eb;H6Oeeb9fKnoOT@f2;p3{&O(k1u<vl>7q_M3Yp*2d
zdvXWx9kXUcr88$VW&jYANeasJ<%=DgxR11#?Roixw~H)A%S-ho#e3w)lF{DH?az{C
z>2Omxm+TRNC>jit&=C1aqimot6*>rLK@(iK0g&5ZT8Q)a2L1v1aTEl@MDm{=XUK@B
zY93)80#%3zo}_2s9R3QvoDb?W|DXoZq4$3sl>MTcQkLO|9Two6#}OFD$<G>Ogcvfk
z0MlzHd4s_ObvyY%4EMtAKiP%URrp)bc8d|{miH%gKCf;$fp<jiFw$p<2gQ{G0$a|2
zBzv$XCZe%Gbpf*On`7iNsVF;8VN_{8vXf^XvM7G|u79Fcu|ui?Z4RZv*CxR%<SP7i
z)0Hm9o(!Tm>~BR`9>Cu=EF}QT6>@2)l)(`xgxf*s4TRZY3=bmYuxJmVcQ|B*@H-gO
zfm0T{$+r}Jt(f3<<h#9{MxevN8+0}kIYx=d3`(Z9_a^IUz9xdiLNtbxVbo3#{cjG%
z5n}XUIl`(=qZyrVCkuopZqiB+#c!SRgtM_fs?ayX>|oGpW^eUG@bDY6ji$A(*g?iD
z9D?s&f;U~`T99e|hP>9OJQYPL;;LG)Lp{-N&vArehx(%0Bk}}~VYO%uX%ga#Y*{t{
z&D2crIoi?>hoD)KC4?X;vq@`Eq6#G{;_Ns1es!Pz2`EG|l^4-&FrUO7)eTI)?s<5V
z0t#a9EA(aa&k#DIQ)(-ib=DA2OC2EiN3ID|50b;(Q9|*fXe%I|iNFMkMU)5i_DPy|
zb{)R~2ANSOKlh%I5o00BlxpZEz9o|nk|CD5kN-yazWI&1`yq4%>4?=~0G+%1R&%6u
zGQ(U8#df4Lxq+(SQPXF;4wJha%15%GOi!{9Z4Y@%SD_0C;_C}jPNDx?h1xEbrM&Iq
zfX5YND7{;trS3-OT{c{Z5Mj5kLsP4r#Hb@(1eAX1p~t;tLmR_gVdX9ZY(|-5d4^dZ
z^&AVgprhJrUddKq3{Fy8Z5iVdNr$jhcp4-q>(t7Av(O06%tC26+(Wqyug!2D45-N0
zQ(1j)w~^E-TCTt~x<R3Po4m!sASqPnbNNJ37?7h;<S|N=qu!J%jqE4&t+PN_m~?iT
z>r_c2P`xZno!OY^kicqNe$bA((jB?t9YuaVlhoh{n6N}@6{In^`wT5`u9`3<>w2I1
zeKu&;VF?)29{fN+IBAT7c#6NTdT76ngPwq_lXm{2udtVOy_p2HgIbBSXVzT+5Y+rl
zULfp6F$H)N<W9X`gvtN=CSUtQ8~<<5Z=t9C+`sQw3$*E<1Iu~Q>5fx?K{&zh{WuP@
zYn1QRWeE_VE3*HFzllde@Wl@4@Voln+o{R7`$3$4nPrXw6o|Z-h=t<~QD85P#<|qz
zA^pM}J>x1u2J!rM#G5XqgPIp^#Mz<THpFzQDO72DEZG#=q~GG%b{JcPsci<HV*V-~
zKPX10t^;$ubSAhFjX#$Xen^|Gz_yd;D9bh4;tQ?g2Bfduk(-$y>m7kYMSHS5eu36x
zv9X=ef;isBm8JbPG!dFDGksXpE#GA;9$<AgPGU?c@#VNg5p(^9Ra87@6aMcfu5y;-
zjdL%R1ACCq{W5N=&Ykm2To?bZey4KtoAXd+b)0r>9C4vO>w7=lgpB9Iu;SB7ikIV9
z`ZU<cOHVuY(xDQ6O$_;d0WkO4#4f1E6Z;4G0%kEO@xFFpE+ZA#p=J9=s%GU(JUS6W
z4zqryK`Gwn2+U#AMEe$><Ki-zbT;A#?UC;<WR?j)Sz;~}`T4>_M;k8{#Yb*VI#L^g
zR6H$H+fQBwR_chvDhUgdYT`YQoaCs8T4j1^YQFuBM}o*1J~aCFDE$yyy3qa+tjOV|
z`bzUVqvWJ*nK71!FaIQx{g8O|Ulip6T?Q(97-W=ee0!QZfT(_!ddadg5NDmF%&xcP
zPoruN@lK5D4>IcE??<XVpj(Fh_ktKLh3`~+*JEVn1x|t*_)_AQ)_+sg9P`9?Oya-C
z7`jz3cvtLJ99(dvWbiKDceYPmIFcy(V!6SYAW5BnwjjDb&g*M^+;Kf4nKxZVeH@ZS
zV$}0mNPXN5Ut-j^jKrwQ;bQyUAu)KZ!m`{7-L-Q%zc1A^I^B?Un&TO7NCV1acWnrA
zUI9<>yNn(4AWga<u{3TX!G*77Z6_)!T_>K4YDZhV0Ztrjm6Ie*v>6kHz00>DS`PF-
zv__5%MF>&H)r*KnacncIh3kW639n#1MkUJ`=s6$I5!u~k1mZ)e15L~3Zt@m8)|NE}
zoy)w7nBgnQkqzAnjYub+!IZ}GL@0B$N88G7Z3NcjH`n)9-8xCEgi96iMcXpk@yxe^
z9~KM-1FTq>^_a2C<CpFp8PS`{33iU9%(g#k=S!!|;u|bvR<}3i7fdofFtuyA!M7XI
z^;1tWpSN{sQ#q7j$Qmj6(wU<{S243%F7;wqPQQ;|!XlKC5wNdR^kv~1L%TjbpiE)@
znrz|v%N(DSz`u=U7rENQm~wNzfBH$KO!~6w5?cZ#cAbuop>q^`FK{L%qk7si?%6#b
z1%U_;I&s3k96CvrGGf~KFT?gFp%Z|~Fer!B_=ZT&QfKz1q*aA(5g`txq+qUQ0QLS&
zQo;p}dwB`@=4Ce2w59$Wag)SAPDZHenUjG6HB#rK?Q!%CLQq|K^|-(zx{tkEQ}HSN
zLr5eNLXygZreZLMClIW+bsZ}_|7K~tLfW+M$gFCrn*!D7^g4Dy;BirN+p}o9e#lcG
ziC;+6{O^;tM$7W@m-s&V&0Q+!mJZ!R_2s}SVG2(d=(@)v=jeC-nXV7|dVxaVuIQ}X
zav1abUD0MBs>tu_SROCw4PktyR}F(7QX91wiB*ih{o+zIkr9nud@T0?AEb@fqo7-x
z<sON{zF&SGxof{=xV)?>W*t1Fn#-oW42VKN_>-A^=K_16K4bPte|M%t+ipwXoyF+&
zx_#X+jKm)y(n^b(Vx`4iE4%wa@j<p@O!C%MYPVBqZfSJk(v;%78d`qW${MlNFrC<t
z4n)*2`Wa`GYp!cWeGnm%W>tk?viHw{u!oMaX%6`4t~*~D4TV2T#{`|4$OHV#@-y;#
z7lUx!V~#%UK(7wVuK$K`t;oUz?KY7FwvDl(PftbV0<ySM5Uz8$p{lBd0DoB!(t)C{
zI*grI2Ivz>7A7sPfegMMu>iNeY-mHJwghy?gQ8(h=Ps9oDUAptYR@TS20{C3@#xLy
zgN!!P(!cqWJrXyP_pqOWc;&7}Js8IB_kA<D>y4U|(8$X{2;QeeZ|W<z$ei2pE(PyB
z+%iIiUC!Cuj<;5qPtxP3*q0X^aJuLmea}yRH=%51pPHVZ?07iLF+aAR^m@WpDg03W
zI|$48>Lii-^TbE9qSUoSy;ox<S3$=#wMc=0*xL5{a}biFt_x7$!>*$=QpF*jcK!CP
z#(y6!+W9TYg5K&9rj4t7>MRDwO+zQ{j=pPMv*eMhQI1RQZ8Ln1zQi4q4me*0TE3b&
z*R0<70S$Y^?8g0B)*8-RKF!;Y4n=-FmAm2djT1j_S>0pZWw?}FV=Nc;ekTxLgPQ$2
z+%`*5zPnrzs;;wDy4qMAdv*A!QeuCOqdwwP@(^w8XsJ0<>)9}A+uyL9NmRE8(d2>G
zXIG=h++@ufGF_+;kTjF+R-&e}fj!rm74(l9d>Xy1IsRK1u4(hak;P9pF7JL_o|bsW
zw}k~P=Q-Asv9&6zdM@pV)B45aL4u<>)V`wvy;^def_q<{xh2|pY^!a)*@GUOTIpw3
z<b)?GrR;796waX#EUuVM>LMFHVb&^}S;~H_a2u*p0##p)#0spQP#JC>B;Yz_xAW=$
zrZ8cj*hO#tBmO|JVqyB>?6!d|cbdImGs+Q%WJ#aU!pX(8C;8%uNZT!<!|pJkSx+6h
z+gL<sTfr<7)`8*&-BQtx#PvpNn03$`^onCJc~~!qK%-Xex?atT7@@9Vh#K}UKX~Ka
zjUTmM{!3-ofe{7auHs|zu&~U_L)fZhaTdp=LA-_7pWE0OY&`F{&Y+$QN1U`zox{RV
z#U+~skAh)Wwc!^zLMI|`S4O($`Sp(`T(#1>Y$efMYK^N^zXB)OKD|;z{NvbF|65|M
z@4^e6`r!CgsfkhXc^h@?2$5ha^nNgoRh*U4SZ+yh);Z$Otb2{Y*YS{Iljm(>s_vw_
z^<>Pj@6o$|ifmqv5{jsq8!rfB5{rOZw%_A%C5U82O)yhA=m6WfRDmRzJV(vt;z)dB
zr~%)8qldKPJu~(v5LXvZQhxFx=%=ya^2z-D9&?HqA&h~T{l`}6_kqjUF9qDIz-@V&
zFCm<^UopU{`oS4vz>9{NFOI@TUzMODp9VCkQeMIj?f+@8f^P<yp(0iT1w7NQCy2R9
zyd)cBLZGfkBG@~#(oKH<Ze8GZAyr^sWZV?Swla-T=P}h+{1UB^Ga6rfr!tLXH<gPf
z+Z2w1ZZFxSwvUg;NIf2*_rK0n&iX_H`b1Sc5Vkc7dghXR2<C^ZWd7!fK&Z~j2VwVX
zu}<pj5gn`6O<iiXEN{I*OMvZ4=0)L4JZp(At-*)rj&dg0yOIb+@>%vl-SU>jIL`(Y
zNSDr_jO>Q~(Lo2*YqE6#%~`<5`zYp(zr(`KsNl`=Z6cIMoUo$I(%?D8O#d|AbGED*
znzj*fmUK{<PWkRlXFDkvZSvsJ(akj{)`7OX4RLb>8)khHX}lB_a@EQOlhbh5@9Laq
zUncQa6(F7LFowx}mJwf%qTZ|thRJCcac@e-CGM5ZLQK4Mq4!y4%IgPtLfX-H*Hb$|
z#G&^S=K<?Up|5wbzhC<qS>rJaMkro+w<*|)f2ZvHOCc>xkv0}5{qb6EW{v0Ftwb~D
zGP=zam(ofE?qdqxB=i=a^%B;)h#Z#Wg<xunROEkiF5gCq`vVbnWzv45Er;u<{Vcib
z0NJ@IrGD#Oh6Ot>Z!$)C%t2NAcD!{x%XaU_MPQjVgMA}wY+gv7W#*t@&CgAQK)p$_
z*!k`B=4lbe=p2%iQrZARmVJp9DJ26dze2Rz<jR{31zui~D)RSsK9+mFU8<bp<EE0o
zncPeFbyGf99M*E8(G@4xh|)Scb<}BFHQ%}L6X>y5{V}(=oHoureqbw&QMQK@|4(v6
z#-k{3>IZ3?r+(36^MSWw<<TkCg4~Uzi?X-1r0~-Q9jw)h8WNHD!FsJf((k*9dZgDn
zVN(I(`3F7#c<95CuFYoF3GgE1JI{vI$a%Wa&r!VGR~%!5-zqH~CK~Nu#~4vRZ-{iU
zAyG|c<Wv<yc5NlU7#I4K(fml2*j=rT{6{x1Fg0@{j~-C9#>OymK-xdkxT303wpGgT
zeV9Qz@27Z-(HL97@m{{7CuHIToyR$==o~<zYuHR!-MOaP&JL5aBE~eKO>rDLm$s|$
zyXxk(C&4tS-7+$Wds+Ap`nONE4YaS^55RSPDy1IZ`cPZ+w|V_06dGJ2f6E>};r7&(
zRNsN$)Ec_Qs?$qmkP!o3%Qo9cSrJik=I`(5Y<NKL6~w$^pNSu`5M`x6MnCoe?9Y$D
zhTZ>1mo=|^rv`O1CG3c6A(3^a=okORmt#7CO(3S4t|{MCu<9vc+hv;aFTp~TQAD+V
zuWa|&aWh9F`EHC?JXg)2XIHGQf{~?B>z#V433_UF5RB37f4l|YaVdk*@5C=L9|j34
z`@Z)D7jFMHf)cd*>&h+DxBu;DJ(l^sPW#kb1UuNh6=k*XE-{)bw5a0o93sn4-xCGS
z1oK^W74MG|K;0~CHazA<vQfhv;eN#ISL?$V%~Azoc!U>$`NGHho!jG6!;ikT*E&xV
zm49v4m59-;?h5~w5`l{xDYd_mke$@~>MaKMvC(31r)E2DQZS7fQfF+&<y?PE^-Sgy
zh0}dX6|m(qYye6*g?O9jxGIZ49yvRpPTv)sO+viiXk01agZ~llD+4FSY}OB^IL~@5
zeVBAfdN`e0EsJ-7A0hoa4c8DT=Eqb4C{OcrglMW&)}4R=nI*zU)c%ftE%JFfm=>v?
zhx`TBh@o6YrCDjL?(g~qZ{-ivER`kRp=*u;TmfvGG;3nzs65v%y`79m#3RgJWTvja
z@Su?&F@Arrn=oMth_*cB6h%v%h%`&RbKw&wK?$qFyh_gBHyE}4$%Wtf^&o1%Ttx8-
zId&f_ky+I=^^S#iq6n5c%<1%MrNa&wpp8cND~~zM3%<b%@t$+O${>WLj&q)|*-hpE
z!k93xi1IB(st`0u_Q@qDaBT33xyH#3)4J6!g|cL0r>MAn6XIP$9=wQo0tq0@#QT~I
z<L&tXuCHbrk?TqYm^JZc8$Z_mN(<@{_IF6PJ`l+3@{9|ARb(Mq9jcE<CAd8Sr3!up
zs_)#YOQ-g>8)hsgb}!VUZxpUPf7vgNw$eDW5l*Mi%T79n%cz-wS#QPmGFZa*ID(~)
za8hcSvD2ZX4RW3(aOj8LH0otAJ}2ol=O1RB{73hBn0+<ef<`@c<_)K+Fo0|5<e1jN
zyIcQ?T6(l~joj(gS|*-y{8OsuXI|ZA!~wsq&;D{tAc7fo3%#6?8yOQQtEnC($rYkS
zF9yjX!&id10``x3l!)AZbPyt*$~#pjNzK}CW}V8nJz}ty$dVpA%DA9^mAK&&W+?$M
z?=xp8>;FHQzD+P+4p~&{J889NXD21Yzw3H4)8B_4a^n$2V=b>=W)<>V!(dQ{Ydn-R
zZ6WbZwPotmTW%~L%MbmWlw9VM;eY{ykOwI$S9K-`yHzR<GIvP|@FRJ@UssGbNz^SN
z<`tKyr5gaOTc31pgT2pxxpBif5lWGI>;u|n4)KohzAC?fwWOPE)c^8}&W<8&^wkrt
zNXI2W;O87i0j6oP06t^&`(?-ILwEey`a7b!NhGI4mM)AaW@pV)mwxa%rQ2;NJuG7R
zrT8Uhw5B}Y$%H%%^IQo>V3CpR<BJw5uXFX(m+2803&Zp@tAC7~6hv@-^$g@Ev(9S?
z*FG<<-~TZP`!!zq@K?|kujo{OXI!=@jbRS(8Kd7XKUFZNZ><XR3MjQtM=<U*x9Fez
zCyUh?-qaD)k@gt0I5CjxJPYmd3!;#B^!(o}!sa+}HeA(QA3@_mh*KY7O|bEvxow(f
zlH76gs|Hd|h?Pnq@19D?1DNv)Pa){^W9pO<H%$rXBU!&+L%27-_r$tVjOT{H9SQ8$
z<ZK79!<(H1e0M&+yQ)7$TzIF#^j0+N@^eJ*U7NoauH`w!l%-SsJoy?GrMuN_5v@fD
z1${`2MrB8gnON?mQr@oZn|?p`6v1|6a68HVr|NNGCd9vHsj6SODGM6z0zw|n8GZ=i
zgK;>=t)f!{<9>^jdIwJK$g0-)dQ08!^18AGPlw*`d((Jafkh)uKiO>H7)5W2eyzIr
zF8RB-7xo}z;fmA#KOt$p`-Wq{x*RjHk5l%!TP`p&vAD74SeNRr@X_Nao&ki(67OFz
zkAqx+7mWQK@O!7^UhaweJ1XkEecwSS{`l@n-tA6|lYd-S5<xG)$s-6Rnq>Ij<g&kN
z(Ohqjj$T8x%$r^<>A0!GG#09sYNE;N8?SwCyl092@Suq~^o#FxINdP!T(hiI6q4=n
z6p&c&_nadLqu9%aI}D0rZo_QUYLGJ9SL^BE0D-6e-}r?m>}zfNrJ9MMPAj>Bwgp4}
ztnxX1oTyUs60`|O(R=&(iC<n{tYFsuz2e;!=ATvV%#Va<j3P43js;r#rK_F_qd$LH
zaE-@1MD=0NKK0W=pU3`}U@;%LbB0j{xI!KVsLS#>D&!>0;17}#j<gs%KRqhwZ!E0&
z(G!6=xI1R5x0!X~BKznH^J6Kpja{Cq<Lj?Z>QVHYNQ3X<?K8#z7xk;2YNLJZPgG;Z
z5q&$f8QY)%7RSv{jbt37#QNX;Y|9>u&r#+zCxEcP|HUG4*+Te-JrO#n-v+)+2-98f
znuOcVbA2C{H2#!2l@-UFTo>`eXb&O8KSbMiZ+1#c-0OUqIAi)GG|3TgkE-iRY=Pp$
zInL0Oo->E9gx~K6tyqp&`-|A`M^Pb|_+?%`<l$bMCjc9=VV<gL$hVp6D>BGQS#3Lc
z1K4H@xwA_x+_X%MQQ_+@9DF1Xc_`GHlg8cu5b|KEb+su9yr2wuc&p`#7B%9Fc~w`k
zfBO#FF~ynVV%x<>1b!Xjq_nl&kd2|Fgy&>x`ke;#4OPFNd6{4x5x4|?LMu$jTK5XV
zrye<5G1-bmS<I`4f_;{2)*G&VzqQf_$od`w=G9^T{yT*|af?(Od_GkTuYZwdV#4#!
z=^b0HArGZ$Kf;plIEeQX-cJ|~LngV$QG(Jpai8h>{Z31~BXp`<AF=5B+nGK*D|Gjo
z-)FzT?hU$o8?f7Xa*E%+b_9GKaUOdQyO&uN=(kz{Y#TakVm9Z}?tf`=3ehbBZ41N8
zCOH^kXN~?mMw%#Llnwqo&#a=!|4L6Xe)k4Ip9|qgX2Tx1csp^<>(XNaZ_kt#2vmpj
zi87%*Yr}CT?9OSWi^TXn&S|&Zlcm=?<qJx9d1Dq09BBJwc`p*2*8LwX;qqM|yqk__
z9c-^(T_oA>ahkrEiJ8p$1$zk-@9)q~bTc;c5bw{?Ongs76(ZU1r&h)}^x(>@Ir(NP
z(C<f3C>W8<g46GJSs<8Y%F*vPU9g;p9>y8+U?l6xFCWS?KJ+e~GQMGiGiSw`o#7BQ
z<RMn($}T?IJax*PmrPzL!c6Q7{FQoz1@O4MnJ|<W3NaHio$-t5Q(}eB*!d4!du*RE
zuP(wZhd#s3xyDQA(yd1Pw&6N(Ck}j|4W_A661=jpijC%}F=D*p1$ql`!o%t3gyaH5
zc(O?TC_@B?V_pe{Sc)v0+J!v)lDMMwHo)umQ^-qGbms2&W6Xn}-XogC`#h)<ZNFi1
z7O63Bd7TQabAEE>a9UI3Gl06`QQ={{ZkoBBsQup2QUxz2*mTUn2Q5<`NBX3}|JWw?
zAR!MP67TDIqG`Al{Iwz6@Mb^pDjWTkt{X4>gj@K~cTwYjm*Geu_uVlXPD0s+2yR{J
zs_HKv7q>1IvVO9B_uWrS6&|~qxYKC3;Y$#O+a;U_^9=<3zfeJnMuOqhjthif>6I=%
z5hU>7e{{mQ;H>|e(JVZ(;MQyLj$Pm3^iyi5EB_^exQ5P}G8{3OY?I-A+~Zw_oc>2{
zDFX3<ms@a149no=XKW}^s{iF-9`ULo+*~shAzulOPI2wG|E1aKAnc$3?qe!9^m+ka
zzUP7+l)%f4{=gX%xLv3$=p(GjNfe9s3ka^_nSWvr0;l6B(zdOI)0^a@L{q`Lz11w{
z)q<O+%=Tc<-8zuVn7@4gGV2Vt%(!I0hC{b}*_9j|Jt4v*MR0x)L8<J2`3qQ|B!*Xu
zODeAG!ErMcE$lO#PvsCf>;jIHN0?z~|GCvh2ciEjzd;Im3^s6NOxve}*9U}Cfa&2p
zza--vBH(%o;OmQWIEK!QtIomQ@rk&FNA#GTX^C|SUi|ol1wN!5OK4#v@Gn>ATJ0;q
zJ2fd}_{$7O%96-71Gp0m!+-4>{O!CrA+~UrMMB@!s=#ZpFB^RRQ!4ReF89O`9~1Dg
z7~W9^W98H=JU5ytA(nPeP1s!AiX+H>-~sUR#fI#|6?;8%LdW4!oY|yzAK;yK31fm&
z{;L<<8^(Z(@q7OwlXqh1nT8w&k3Pvu2rB!3aWRkBRQyk>AObiA?r%#FQECyq*;wYB
z8!jSHiORke-n-pFuVpYCHw%?)ir`VwVgb|{!nI<cZu}Qi$p-Va8aVPK;)vzK@z}b9
zavm;)?_tjv&Z1ga5*Z42lpX_6_g{X_Ai=!!;An$*1|KYE*)KT%CDNN-l>bH{eoGdv
z$4KS804^h2_WTn(ReL3%BGo6pJovQtXmCDH+WT0z7+>7yLO96cJtx9p3@zZlF}*?!
z_-|UYLk-Y@g8-hN-fA<F?7H%~D|&RB8e$lY4sa0WwZYsn;uviZY|s2W#(bUI$ED3l
zN$<cQa>0^We`Y7BK2kitV%NJ$5|Eu9z&ZJ4$-tSN5TE7xjnKXc+d+7Mgr8n;CMuEd
z7+RwC0glGFU}D7!Cl!-P#6=n7{`*nAm(1yH_7vW3nSiz8q3!^DVdXPwwtyd1XNJtz
zHR1ba5$}ZQf7YZZJRH!tQee%0!e=Xzt=`>>QreFR&+1O5Y)@KF%C4BEd`c}iv@snm
zyuT~d5IY-lo6R>C9?>{5v9inJlMH-k@uKq5;H2T#hspFa3)2mO#_FIZW;~mKogydk
zmtw?4o`a<-`kN^g1tH5}vihyHN|m0QwMVm5tMIX>1Pz_CMLu>r&Bvsw!_8l`xiQXO
zJ|H9~R%Gtg#(V6ZV;<PSlO}-R?G>nw%SAFu)$&}x%OB$j6pbUbHbu(pMMXY*^tKxV
zYESoC7WvGQ_N9g=sPdzJlKzPG3(E!UbNI}oGC-6?Up0V?A$AvBKZJ&;`Hx_CY8d$T
z;RvVV58_~rK6ZmO2cGT_NY}PyD@YpJ&dJo#IJ?r0j1;{9eX1p37Lh%OCV&W03+_Jk
zaq$%djZ-jb>DK0>51&%CK5IQRJK;KH=<N$2!-$Y1z=>Kn-G!%rk={KY(ferq`;dF~
zh7Lyaejuu{zNtv6w`~!sl5fw=Q;2riP7K9pCatI_|Lbd<Z`$`3BC4-*Qoj9=TNmju
zqqkeqfZ(z!T-Y<C*6IHS6B%KU{etNCHI7DSD13`1av4yN;<x+ah;E6AR~Ia>-f=vG
z**9IoOPzH#*PtFE?Kjizmo(E|OGBU_W$c-%^t>;?IauUd?~<KzNn)%nA?)Gdhzt{l
zldCt+C`g7xz>&|k;PS>9(S3lBx$KO?S^55xCwldn?*uPodWr6($a_7uoF(B6AjpRO
zvyATPp7?9u7WN@jMq`a~A@KE``#B$g+hB-p{yEF)#U2GbtX?ov7b43aXwCq+ljaMT
zw3A@)GGPW=yA9JP@rkHCnDIePgTK^Ry)!T#3EZVuMtMH^zM%yP+<FI5t05Hu&+{+>
zQI*us4PO<f3}zDo4ap$Ws^KzAFCTarDW9zh?U$J{F_oA70!}uESYMU6qP}a0vP$ti
z7NfvmLo}mkC4sR={td*$Yjl8JQBqHRHdVzJmPY7zqlGD~#uc1ueb6p>@_|a!{@q^`
z#7VT}Ke+29YdkdK1$^Lp{e@1=imIzCb*O=1*}>Dwv~UYI)^L<s7lBSm`^y*-ZL>nE
zJ;3Ju^(hln271I)hOuxZBM6q$q~Xeo)-Rj>tjPkYouoM?n%6Hdo7k}jp-Po{cpiFe
z7K3JDjsg?Yo0-HqsSMOZV{A1ZPH13j(xa#*Sbgqxur(ryjlQAxUbECaGwN73HSb%*
z$ejzB=&FuiDb~^Hfd|uu0l$qjrcQ~kN1jz50Y6I=&JKL4Qgpfs3nH$*_+Wo>@wM_s
zlr@>sf;gAS8fi}L)W=)a*R&&nORvIw`Kt5n_1?8M%Ze;uQkuj6-J<whPZFTY3MT%G
z`zQUk=SVm16{;#|$2Ve`Vu;o|D3aWT^YTwz`0HLWe&R&mu(%khvw0biY#MBf(Oix2
zR*a8mj?{~9IH&HdbA!5a@*%woG5X~`fXx%tVA|1X%ghJg=afYWa@Y{da{8(51W<OD
zrw%LlYRxwWFt(d!mGOcV8t`3j3OqX;Xb(MfM<K;`L}>j|ny}hI$SsiFc>k2<QEpqa
z_skXmDbQNqo=)qyaPvKo4jeC74|<-Ackaa!gV=mE=a#+Wvb-~gOn*=_JFlqNjeg&(
zcJjUU_3QHq7qpts5ydhD)4lhnBeY&sr;}InNBcC$xj~an49$V-N{cHN_l+)R5l~Jg
zG4v`--)Fk11c+VIR+FgT!8-Pk@en|*#z|ehH6WL3+Cp$B_WjJ#d5R7y<F_`T|61D+
ziHgGQ_Zh?LpT7->9|U7KEUev9$2y@;3<{rhMf05BZw^9F|6Tsfw$Zss!WmwtuXs75
zlq2XcLM|*Gd!)3~m*hiwc-6()RT0=dk($DGxbzo{t>hlYEH_|q_@rzIq0wA_wHI~S
z$cCQkhkj!SIT~?lM3sA-h>akE?|S%-R8DhbGGtlgD^h|HbO^QVZ_qMTdmqac^SvK$
z>>716G5HKFx@{&@CEosa*}gsHS3-0uHRMzGU-j|2)mwsHjt|(hokcP<7AlN$z6rp<
zbbDP=4Z7xD>E0S#XtW9PTAiz#N}C^lEG~;-6p8$`!SL~yB9@>Qs!Jald4^_G_)cKM
z(f?qXh$EJ-nSrTuU7fH@JpD}q7Z#m=^L0=af#nfhsvF{+2&DSea$;SXGP{sQw)wR{
zy+6J<2yY#dpv|qX)9QYLu~{^YQJED5!*PdDdzSFUaV+*@o}fZ^ZqmvuGCUphj|D-C
z5%c5|<@_AT8k*YR)UkuDZ_!X0^R+Qo$^JvwBGf*a;3c;FfKuTbR?lXz$V+^hL+PyZ
zBnYpjMT@#~S7E>AFJc&)j{mARREI9fS8nI-%n%!OYMg(*vu?QjX8bQpPJa>gnNn+o
z-Ka)bZQ5nc1cJJ-A1o|~L>4QbA_o*k#ACQfdgSe>!qSt&Lj-mbxVNa8ir*;GO7_v*
zhjy%j&+LIxBjOEyHSag9M!%#7gU<wpRi<CGeF{ZaAe#t(o3RP@TssG|MA?zz`^bvq
z#BW@Bg`_UnLJ=883KAIqAa98{_Z20*bCv;Y>q+X(_~D8EmM8{rBLZ}75-?&q2Zp-E
z7XLytZ5yIVl^tBnQUM{u;+WPhW^n)_)E;YVm){=1HTnh7`CW;z6n%1&i=eRW3FIaG
z!qY?gH_>QYoP4B;QT4{yqO%6i?NpZ;4^ZOpwyP=wAFxN*MKoREHP3g}!K@a=vX7aJ
z&S5iV$mx~%4C~{tzHrG%44zv(ZEUWU`}dKqVO-bZJ>r(QqJIS%=qb65*tL1?y(Gim
z9=AFGE~LJSq=8>nt?OlZhwT+A8D^xl*ozeleSQc5U-FEh=K9>-#^_R_cvxY#SikFQ
z&1fO@3m1G$SZ+*NJj~SE+ZXk<-<1SQ-oK3aL2Ru_A#Hq8Be#KZ<SD#T!ECW-6xj&S
zltoJJ5f|zdlP|BgOt7#zN5>unNQGrDf&}vP30;5&RmG5^<n_=Z!uFky^uI+UqgP-5
zGJ@=Q8jOM>8v*FEI!7~1B~39!tPQh}^@}s#eWB3(4hq6{sL#R!O4}9XQK+K7`bE7@
zIV){xUy(-ZbqwY40wv<(+z@EnT~T>b;z35X!+0}Eg3bHl_~t8vyptg(&bC))Bm<Dz
zt6nS{ExXc*4utcpYYEs!I;J1eUokG7`slzh@0q~0_Uc0iX<A^J5^Dm>{r#j+C@h^=
zs+tV=DC<9t%*?71AB?FVMvfe|elxRUbE~mGQ5ED>Z0wi`c4vw@=Q+~J-^T<F{J60d
z$GU&jQ^3tvSug&aR^NYjw438wzM--tpH<#G=YF{3?vzuSzAOD1)>37>>nDr=&Nv=C
z<yk~43S>vndiPXU%@_P*9PQh%;bT$t4W`e0xIr8ND=<y5ap26IiEbKC2W@z*oG$am
z1FZtlT&#eOT9TH!aUj%yx>IbC-Ylt<)edx17l>?Eg~z1V`OS%~#CYAH_oGgl?xxTC
z^TkTMSV0{{x60<t4s8VPH+JFqkBRQR(N%b{-WkaUxGr|0*HxlrbdRA22Q}^;HFPrH
z4v6#IpUddzLk?0)-3!^w!Xv=sga)#$$=0PYMLKB(XmJ`u+YUEzq$&zQTfy4-w9yQv
z9{zvr-k<1%CuSKT6tbpqk$wE!Iogv9Wi4|mdaEwflkVd^t3Pk#0^_@J_=;WIw4sU}
zTc2x*JFuq^nJ(|Y#MCXX&ub+%aC5_5+j7k2xSP;H-?KT26DE6{*v{S&36DXWBTYlQ
zn2l#H!wL4aeb)L1)y3tt8}qD*51W;rJUgwBAnfy_KkTF0lUY1F)mGUKs>K&pzVxd$
zHf^2TRZV=LEXN<2{cu);pC+7A&lYOv`1r?SB}ih8SEJo#MI$*3>+_u6NpWYR)G;`G
z(I8(zu`pDw&@TMOAm1=+UAZd0DW1aJL!eQi5Mm~{Y2b9cxUs<ew6MHB&kRiKwh4cs
z64*4^^t<FvCN{G2#DRzEb{_AOgrh@bS0g$b7oF4)LDi?M<WlSz^(yzj^LVZjZsRjT
z#`AcJ5^k(BLIDeSc1MXB0gaLC^Ac(So1uYs<L>SrQw<990k<x<<95fpJa4@B|EuaK
zn%qxoo?jNZS`^B#+R%A(ly<i$T{V~8TA<>+um7E_)nu9{kP<y?ZG}K#E=oX$Np+-(
z4a-O2y@L_M2@_J|iLj08q4`}RhaH>hL#2*+K;4%K8)y}G$vEK(f$ho9k4docUW1Qb
zRsQJzWsjnw5^7v(E?xB!-X0a+p24;STV0FJqs)FUp-2?bmojO}(!598;<wB@C|t&>
ze`XEZG4$zXdCUnnub7Xs6Lefm?Ceh1&EcdPY@fY{OO2{!i;NU2YZ^1E;Tg%XgeUNA
z?F#EL+tWIHRl;qp*u5i{t||23SGBue9^EO<%;)Y!+@=UR?2v<ZrS7}d;U#vT9E2+4
zDYp9?J!0w<3Qbp;Z&Ooj_kP;#a&auJi0(^OO?*<BUlG|ihaYTIV%?<T*zFM+jeb&D
zVvg}%<^~x+8-^<JUyD&@oouO>0`kh2S|2`7Z=%v-xsBMip2Tbd2j0O7ldtIXB(eg2
z1606XilUINDjNoqO0u2`<k)$7r7!EH52Orgr-;-#w*@zqGL9P;Q5f&`5U7a;5VqS%
zy&b;}fu2v1sfDnR2k!VTou@KHdfX{`{M25)7||p+eVWVW+h<IhUTV<jdEwjtks=3W
zo6f+lB2gDCAf+zWdFQkYSaVu03#!L%Fj^cS|Db4djl89ZbKVuYc!|}6Wo+8`29<$p
z=K%|<Pdv?sdEn>w^{DOYiA*acYsyjW1Bti;fC3YAiVj*4ss={80g$VJ9bH%Dn*<8J
zD;{0QEz>~aHX_b8BM>GA%HucC<R{;t5vzxb7S<S|ymbCQOKO*$Z@j49dWpRSJDnlD
zkYPVlsJy)b?DQGuW}vxo1K)^d{~!%j&g1KB-9w|SuA^9ZlipKAPxq-?|E)>7{HxGm
z*~8+G=Tgy}Qp|ERMH4$w<4qfc=5*Ly+EuTWl~;AWfl?`=!jgiWtK&+`Ppq@y8dgD#
zGeH~WfdTy<1UlKTN8lZ6xx+*6xjeq}0PFCHGQ<u+{`HL@oxCU3o~QIq&bgz56hWBh
zjczX~e8WeYb4t;-vIoThW#JpXf)HwcfJs`96+KvmPi7lA*A)@|Qe5I7te!;Ft$5TP
zeWhExx7ysJbbR~V8k%*$7H$MRa$r~;84Mr3aj_P0Es&E2s7eb~aflQog9XJwo$43%
z$Y8=WK^djaH^{l}1YkOo{(;W5-M(jz8zVhk_UtJ_KK2Wb1dKZw;OfG6vOgBQvTgEW
z>XB9MNQ>$N4lciw7`K8MA(vDcnfP|X2+<?aoPvWgyyu&YJy%;Py-d;iB@)BTJ^v<C
z@@kZI4zpW>K~H6WS`3!<)?90>a}667uD(9%O#bri5+nTu#`2n4@d0EKByUe$C=c#}
zwwp;eTUdaf<!R30oHf=^OgqHUPq1+Kk7^63&n(DZ>FB{xP!-l`dLmQ?BpC;qS_YzD
zq>3c|G@K&X2jnQUl@1N3#a~Zd*xVoVqwM+!7uP$;Q8FWcoEDGiibN|vG_{A{0^`Jb
z)?X{8FAU0tDz5D)I0yjS_EE>gcWQq@=>E_(N&eQYq$zHM^;J4CQ|cT3zsG?G6A2FM
zWA(^ee+fmLu(>AdNZ|{YI`DZ5Yqls0@HI(;ew_FpMfY;ORDWauDXHX&Xt+-MxI*r6
zQk$;lP|X*Am%w_49&cqDPN^6tvGvXh{>mwBSW69V%P2}^p_aKK&AAEXc>>OV=YlCs
zErcSK42O7%4*_K-NL1_IlV-XIDR!gpav{X^Z#h}n*C;;ApFU%{2?hvk1_oV1Kj_rf
zXD=5R3=v`)5c|rat{2XAU<FBg72gekSXHbhH?)B6F_9tZE`w{nO|VJukDAl!&&tW|
zD}1fa4hXeWK|0@DqoA6=S{qSQzXjB{asUbyz#0l0lK7bZ+c#aL#(}~$;%aM?@TaW2
zPrui=nJg_xbq)J>W&twuy9~PLP&;hHo0_Cts}Uk!?GRt&00D}%l_%eHCUh?<ANNTu
z931e18l-xBe|BN^h>kG-)G7Z(fz7b`=q37&D;Rd~q`dn<SHDS&5%(a)+I!BNO;^YI
z$C-P0kL}ULQjO$CP?_U>`X6txG8u<mX`O#c)XrhrQw!zItJ<%bsD7&D-8kwe)C*$`
zwp|Kab>POhxtgZ75j(8irly}xS*Ia2`5C^)zZQF}1u-@p77gx<=(d(kk-Dmqda!g|
z7iGF+CwXLc`}@_OMiop`h=M{vv}{#1CjZ1!bUcI%NJRhGJ4o%k+U`*Ji80da-Zt8;
z!Q<ar_Bo2|d{bBEP*Yh^;S^EOBVUP%vO>P_EvI^Mbj*UeMsg~n=FcI!-S3%FY0P5A
z__2m6qXZXdNz^hoG)SRZeI**L9JYv~?8nGq3w&{3h_0ntQPz&q?aLG$ahltTIrvo5
z#GR-H(n<eO_$ezVju-3&IN90l1~{ed`Z1eyl@%wgX|sa~GnBbX=r#5hUkD4`y4<Y@
z)U|T1?9dB^mj4t*)E~LNkGe5<=ymfMs8Q$m!i1!p=&xFKDCy5Is(e^HADK8`G|9x5
zP&7$xuuyC;|A$vg^L<ydYFQc!22=T0V84z24<TY_tXM{#KYi&NiGmgHIVwrm-LsDo
z!>IYv)wxsHo6xyq*mb<!636qtYh#lWa^Zlp>~_&&(h^(KH^;Oa>FvKgL%Bkl>nccd
zO^<0lV8}ph&j4vZf0p0foNQizsFiVFEYk4Oivq*i{uw}Qyn_kQhADxDAVmX^{8NZx
zt@9h$rXfhY5qV|2;+u8BDg3r2PR{TN+7g*z0)9`yr>y`3nU$rMNs~`SwYs#x%U?gc
z#$I2pVj>y-r5xw9lzw)MvKwtoE;y4%@SxL=o^<K0__ZJX;)8e2?9Tt2Qs^tgnnX=G
zf{w`;&hgIMkD0@sVKdZ}ryj|}KLtDLXPFfyR-N+7{K^cl4{unKe*M9wnDyjGkoTO3
zr#`VM3{XK}rv*Cf;_r?v%>FE<2l>Ybg;|eAn3N@dYNJN7mIG2d=9f$dvefD_PqPt*
z4buvHYX=!>2HBz7M<Nc`p=Tx{Un_#B59HN5s(Vxdayu!*N{ff4cF;xkP_Xgu$tNz!
z(EW<A&dtdn)SUQWW%Q16w%SrQu)36GfJ9LLT+quQbP~y>`hfJaS7T$Xw)&C7Vi+3{
z<g4Hky8l8vR;@);#nR2<+cRYp3c2R}d%E?I8tROxi*UECD7PMeTla&v9P=y$OYb0_
z(KgyUKB>O#so2lMommT=7fIdTPKiK*CeYdjA62KIz)6X9<!R#a+ehZ;Gv2(P3opnO
zXG|wB#T9*j+3Me24@XX(ZB690>5q=&E6tyxD0UXxth%<fv}qSxJe;TQ8bR<+8+cWO
z?Z#F2Dv(2SihS|;E9FSG@IkgP?^&yR6w97W#UH0t;Gfn%66>zNUylUEKw)EmH4D2J
zrn-Qh%l0&FXbGA2gl*5&7c9zvPtIvCeIZM~oa;s(*UdO;M~fM1nHdAWD|a<3zffg7
zV`6x&A$FMdrx?DI4#shuzdc-TWhOQbh`+Z^S3Ywk601i)f3ea&|3fwv)0E94a758j
zz0k|xuljrhi86anrTY8G)N_GM+mi)&wzbf7T3p@azGO=1qXleUX=@*2A9#6Qw%<CC
zIhK8>X1Kq5{A~9{U`l2#z|KVBo!0f5Bbyxl%@?VGglbA!Y4knyL=tEUCPY5K{zA%~
z5<%Ar@SXczAw_xeD*9_W@HrMJ^)~nZ*}U-??~^s)fULH!H_k!`{t%OE<%*YOf<-nC
zGHe|<CL(U|bALoPkY`F2p+^?j^Y5fS(7=>JpD44knICBr**6VgBKb+QB38>nRd7#%
z1|9gihUfFGOvh;nc^%Pwq9Rj%Snc8JF<QOer(Wsp?h>u9mY<3~FXeWSZO-$=6Z(bN
zp6{KOEc$B(0g{#0SdGTOjQ}uQQ;}}=J#(U@NI_eQ7Nbd-4s-CixF`}hpu*y>CDCmK
z9s9)wUp*v{QBh=`5#y^lo*PXOheKjI<FcV)MXZXAY@7BwRT~B2irS0@3$4}J>F@=F
zmzxH}My+HTAG}b?cv=nGb~Yyt4A8CsaOd(+C$LnbyCY>?1O;rOOGk1uujCm1;;tRY
zq%RYmao@o_(&EBn_s~(EQ+d_R95~U?Fy2ZsY@i2)dV1Sm^+~i*u=?f*>ncR+WVC5+
z`?x0=9TqU}k4k)5n-4^(>O0d3-`$pi`l-=z%dTTewfX?IPnjQVB<FP<fOVY;|BUo$
ztuM=WhicW=wepgl@ngAd?*r9gUbzYZPNX+=%!Q+>TL`1H(K`AJs0MpWY@I_W8bWG=
zIqv2OQP=g3*A#6t-df4*seCEyzGXG<Afx4p$_;^;BCQTdyi@eYcdM*<-Je$wX!oq-
za3A)x#*})p&}aqs<(;X6oGcJHa1Yc?$%AywffzqvVXid8Qd)ujE1;}Z5bh=aY=yz7
z<0@!q1tchJ)23KH@Dfv%B5_^&vLyR=NH$E?EUDs@=osiP!OzK_u~-Wn`ue4pg+aD3
zpLwafbY^^qy>b{id8T0WdWYS93b{$$?C<9{#^cD*7NDQ;JM7P~Sbk{}P7H4;U8jGu
zRJFH^y2qhu{{bWkDh*eWwPpw$Y3-4ER!Cb*VmrG>OIw>@*9r_#yD_7@OZ$Y2*V@A&
zD8l^P;0}p2X;QmdyV-!2XcytiRo;1>9b$~}2!b7G5H_CiL;tQKt;J!i#Vh`7!FZR0
z;rBi`!xJbf1jrHw{GR{mW&6h20malGrN_(W&ABnkmKMr!k)S8IW0qq=yiD$V-LjK+
zY8W(o#aOv-_>trXtZ()IIJ)Y%sGcBxN5|3Kpwi7r*P$W`C`fmgba&iIDTp8`QU^##
zcgNA)-6bJ;(#`Mq{c-bd-@Vy)GxMF<{p`LsQ>1Na?bF=1(-%Tzw&>7S6_5%lil6es
z)*<DrwBfv&t%+~8q)1Q3w7>4@K4jwgj_y{RFzgp=E#Hh_D!{gvA<&uOn$fP+RgvvD
zhRXRs{r>hmAWvUL_3U&n{C273(w?R){3q;#kg)YX>j@eOUEJo4YkoOS%dh=yD*i`p
z*`m)9rIEOv#u=!Dp0{9<U0-OlHost!TVa5!+BKeH%-q&pGq&6TKW4T-G4Z;uRN`)}
z68JA5M=!-F=US)s)t`&6x?sx552mRR<Y|d$>-ISY(y!CB+*NjkgOCi6So?q)wLqFP
zeMY1Q<LEnEaeeU^gfs)t_gL-z!7>Mgr+I~l_y0z|O@3)BgEVNdJUCHt15qcu|Ij)v
zyyrPEuRsatz@OdJ5%A72JoL}m%UR$}($@g+aFiJwo};bSpbc!Ma|6<OQO!NH)eW@s
zU-EfAjx(fRoVc?29IK^1zGe}~89n~hg9i)8<5f}QLNkkmI@>;#{(Jt!#O?d$TkA+@
zbR>_8-mkusgr&G#hia+c`P3X7Y%25a5<73XYww5R4rPj^KQ2rMo&H+Nb4Wj({+PmE
zKa3&$_b$kO|2*UB!F$|D+C;$y(NgU0(a_-<*4KpyF+<!P|84b)ZM=5R2a^NtKa4@e
zJ|^3CFxVHcbKev!viVCf6Y8Ih>|S>i7$qOC^_L3?bN;Hn61TLrl?y0QD|z+dXnfxP
zm(Y0*#&~_gc)CJ-7oF@<8{y@foI%YBt0|uB7fknAmt*}}g1o)ziGxqnRS%F~8j`ZH
z{1lJh!&5ZeRV>SI<2ubu%mrhfssHpN-#|};4y8dqi;@CdN}ufgMY|oP`RrXJ%IvAp
zKO)t-i{?LyX#>VKv$lNUjc?+oZDOdsmu+sf`iiXUS6V`!-(i*V-yTQA#ZrFBffO^U
z9<Y!F+WLL}?C^pOECu^l5};TS>Rce`JA}^21w7;iel<OT?i@nr7@QL`oIeWl**_C@
z0ZVrrp|xwJI?D~puC*f$ArFU;LUa++=$7>d`r6lTzEw7&gB!`lJ=djH->@Nf4WWV`
z8J!ipR=W?OAHYOA%jh;M=+46F&Y7oVHO=EHKQTX1g4G#Y@ri3QoYyWG5v9@q^KD$J
z3MJU2nh>HRgLAH|VRZoK<2bkMglwY)Fl$7)qj5;+Z$J)WSq%}eVI35Gl#Yjg+d_$S
zn$TN{{CV~(aODYEa_$lQQ-g1rkkuU_<a7boUkxu6&f|amezh+hahMLJZYHZMrz$I;
zDwdLj=~^OYg&=<pF!+uLo}bp_+USiw<4`x!qj~r%azk!7hOIM(-78~4=9&FOQjFL5
z6!`w)`$UBwdzmcV4}VdU{W)CF0siR$>X85ocGX05(665gUT8$;n4TAy>y7#sX@0fm
zen-+7`Y=0@)qqpC1*aA5h$Si7Tlx131d_07afH_ba081rp#`B30GtU!1;fnZztLMK
zK|Yo%Oov#V(;Ix=H^9R{sLP5AmBcB!>ou^r7h0G6PZV=F1m~lq`86>6TDQhcSJuQu
zR=4>?lS(Q>ZzAGp{9tjRvRx|!@kr}#d)ghe_zv*zvXGDd0GmG3>iv_UVtPo4t;e=!
z<POyxbmaOw`j(#k(`)p#JD9!M0Iy*ME0|}8$bEk#>ho5}J)-V@S_N5qgz@D0hds~Q
zLkz7`?8LL$z*o_C@$b@0Pv02n(s0hK9^Ank6zvvtpKsP9#{FQ4CtheJ@f&<q5Ak`~
z0dA}VTsI|+;a^Yd@cB=%@28jq8W_CR41!kegX|>!7pTPDqjC%#+6zRbxFZ7KVZRaF
zZGo(Gyr!MqOt{ae8&JXmkYNMXG@jlVN&<Am5wx>tOLS9i#wtXB^vS6Fj%aKE6JeP}
zA6i`|m30x{#8EX5vn6xPb7GvQ_>dk7N!W0rJBCU}e;Q;3204OFKR=zU9j&~=DXGfM
z3}jZ7RBbMoQe4hVK~6C{s_FhElB^}exv^wtet(2f!h~a>6djl6iH41hc7u(^n|1*#
zsk(vMonahna_;@qrYR43q8@z%eE?xBKjFo^0G0<scjTagNE!GZGu%7o?1IC~&dPr(
zy_%rZ{oR~t=%f-h@B|BZ$S!ji9-o}DECfF7!e4c$Dj@7Va<y=sx^g>=Ep>N2bKZ>4
z^VH#9FAj#LeEcC*DNE2oc{4)D-SyUcg4W{*I|Hkd)d^e4QjcNvz&_I85H~~g#x6-{
z8t|a1_l-)I6aO8xbP0a}Ph6ioy5TqYne@Ldn3`kLZ5y`-7c-?cVO;3&dkD{mP-VQ&
zoNj%Y>r)y2JW!nvbBfJ$y^9W0MvjHepX|`%Tb^sNsUH%*NhWY{u&lT)1YI(v=IzT@
zJX2>*Oh`cgVQIN3)~7~VSfQh6HdR1;w*MS5SzsZ5E?F46qVtOYyVE3r^GkW+aa%&#
zuj6F*x$qSo(C?~cv+8~P&msxC1mkfRz%Nn9QSk*T{xw9*<J_AWJI@jc0IwPq&m!T2
zGiZv+cYl8Te#1KPG;v3bGxi}Xr$!+MGUs<X8!!A+O?5Y8=WRmH>1w6cG$;XsuizJI
zo)&-EZ>B5w`VKbk52?y9^?UGG0)3wgq9UI9lVxPpE7!aKs(0KM5<jH6!itskCwO#}
zM#?Mh%^zb|Kkg|USbpHM3L}ba-_HIQ1w4zYocMFo#6er=oeC7T_sjELU;ZgjNC!XC
zry8&QXbe^Gx4M|L^Pl+`vtJRD-X!{yHrW&Bs8G0K-S#91dyO4^jbH-A{(&wTeQ%av
z^fo0%{$XZ*OSpJIv4q=XAt2x{FdBu0JdaolNn--}Kc^Nj=3tShXmg_E?^I;g4XV7f
zWx};M5slmnrC+b*>TINBnR)k)&%i6SIknU~lPp@ZPG+9q^8xCV2!@VSXGB%XH@9D_
z+~+zy911_aR(TPA@cXUbY(Ld(@31_uK~VzpD>6!FLX+xgUM%*jzX>`!z9L?oFyZ%e
z=lA=0ar`QDkL9q79xsHT+SljJ#qsFFE^81+jHt%L{CT$H7&-9sgGOD`g?{M_J0WH_
zVRZ}kmF57;__<=hgzD;bCbaf6sx`oN-9OlgIb-pz8Bd#{FwlboNm@wg7p$p0tJxR^
zG^1W+c<`F~r+4;R?Jh8MPoVG+wH7NgsFs$m$y8owBm&Y=F1QKLKmRJpc<a4UdGjzM
z%9yUGWN#o${15SP>;LPp&Y`caoy)xtt7$|(6g+iYuI^~0oB3%y0{c=pAR6z=i1lBV
z)Lo(3=c13)%=nsrWcn@rw2^brryxX7kuY;C&xPzUG@|S+#nNS(vs!4xpDB0o#9)Vt
zoX!VA0<F}p%?|8%69f6og1c!z$bj0Rk1D5^rn}{4NyNRPK%Ck5qANw^gD>$L`Zpv_
zM)eVME5jI_x5w1F;MnwG{%YG6_NNA_d=H~i|I8zN@CPghwOj%})PFtUs^b6PP$av_
zp#ti@8qlCSt8GylF#nyA?-ZtX{u_@A()xifHhTxQQ}3EN9g@8{{S#?c-z#;;9HS<T
z+UH5zr2oyW2Uv$4ldF-cCio4IO%3?|^8MmDcj5r}@PUz2Vjq(<D6w^fWBCiXXKcN|
zJG<yr;E5h1r{lyYbl$cp8Yr~}A5}%?Mx4!5RX2;-Gv+Xz&;^CDcGIN;@`i*pEz?C;
z$XC_*)#!A<=aNlZz32l=vOPT`;;(m0JbL#ke;M8Sr+6OflZ=D^#9!dIgb#8u6&g!#
zB^GK&9}xZepeVqa@Fu$I-ub#($cX*e5bdq3XY7+>uP@f&Kq4aaCxpD{ua?NK7K|s}
zn2b9!uXDi8@C;S}w|Ru0V-$`>l)uX|v^0anT0oy;u#v;5Pad)w-Ni>giW9Sp?4{*A
z^WwukG$4FN6-yG~`jnlWh?r!vJ1v^aQ}CT3Y(D_fnL-i&_5JskB=u+lT7YHLTTVew
zg|LxQwiG{mi!bI}#{{wu1MVr#l$2~xd;OG<!S9X;yPHe>OxaxO>Dm`52P=4Yf?Z`T
z6cr{{d!5U4;@AHY0!1#(BV6`m_B8+QQXu*%;+q(2I(vr~nRG(ev5UwP8snLYTooXL
zp^k{f@MP0TjYyUk)UV%FQyVq)bt8A924hN}cjW(mJrm9wCaDFucoSCZR3#`?RZjDA
zmIlT6wH4#@+z9Ay5ZV6DGc3@`dwRIcl??ocduUX4$~&5-r3uaZgOEX0U$^r~t`(?W
zsSjx%vzAY~3b)ef1&xFV@K}T$&C?_<cY>}I!91z9MT<^?Qmts0ibC{0aZziFDL)0J
z%&jjSW7g(LO%{Pxv(Ypnp#u9oAmbXa^6cOv*S_e~8)*~4ull&1z1vm$Ln2|pqN3)r
z7S@-pF>CjvtJXu#XkaPQ_D7038Ekd=(k+ZEmsa72X;K1&y>HZ`GRm|uB}Gum%-Wly
z7paU}w#f`GvJSg>Nj(kjkoFAgak2{Y&!L%C5#}P&1Lc)quqlOE?}Hu|Qr7|{JEY~p
z1eaj33P09dt?Hyh9%<Jw@?QT3i}A;>fjrt_1)i{^QjF<0VJa(T=9kO7L)4D7;6+jk
zooR+k*&(EaRh?kSn#W+-*f6qRKlzbs=AE#oV22?$EG>4exOSde#?uZQMt1<B3kGd_
zVQb0ugK7mks#zXsj%V0rt>DX+aZv3$VJvA|L4OZcWQ2wHUk8yeIw!ks=i;=rapsPL
zCE$bkptCGEm8l&?i)z6<bM24XTa=v=>jCi>VYGY)g*%iBrdH?BbX<9coymp0TY_c(
zT>D_9L(-1q0H<15&#rq~^=kiI8~feu5v>c-FGBM#{A{{)AQFb|=+s@-KJ2U(!{Q5=
ziUxP64?1h$Jkpr7HOwL83%9VmTw0%KeUOqC(2(_Ij}~2rh<=J7y`{AnN3TFD_G;iK
zn!sVuzzb>=ZJeiRX-J?sPO!SX(#ZZolURzD`!<Yemgase)igQHbcVSjf)T+ugnR-X
zBr^5>PGdDkbJ!64$l&c#P`-*Axt34}^@v@|l(Yw})MwLl_)B&aF?U2sLs`Oqm|i}Q
z%#;mzJeYn;Tif&!demM=9?idSp0JBjG*6|llp_?#y{*AvDD#FecRZDbmI`-RSW%O;
z3nbI{9)R+eyB>9?oNgsG42mvAGl~OkFI$>>-x&^_yp(+D6tfn}h#*iA>X5SfOdRGj
zh+Jo*>)>1X9}zwiU*D?efr4}}{n=><m#xfoT8n)GZLE74J_PFE{gLeg4g6ROMR}9u
zAhIaUbaCl_AFTM;?KCK0Dm>~cENJgl8)drEn6e$7vVUcYawoObUshsaH0ijeDB5CY
z?QH~>T1j2|@v%EiMHi%`jlRU%@i0%5>*$ougi<Y?MO_WK&gpY-kyY3`7EodG+JI*m
zzmxSN#<f(yzA_GiMFs>KZ^DioY6Wkr#XHy}JCcGy7fEQm8Kz-MKi0kzKT;OS4u%VX
zN8KeUgNFq=3boPqSUY+S%LS!8R8DS3hmoo=Yp5C<F;=s^po?$;dy6o?eUSFbz@zHy
zQ>}{py3Ojmgpp8-x_?G=9pOg~kN@rvSLo|sT;;$-8b`~pg_qPQs=p87pKJRctP(>u
z7e!sjPTN(2KIdsdx(++f=OaW1pjr%?#50WhQP71@M-<B=eJ$Csp7y`$nkT+eC9jPX
z!kAb)fRYX%J5P~EmPcQ@z^Gxc3JXtOn<svxYLXp0H~$+cJdfrK74qKNK|6&z%Z36(
z!YnU@AGwmSXdI7l<E48*DL>Y3iNoFvmMsq>Q?0y9#5;07zP@y$?5GfisPrL;Bs+fn
zkA{wG=8oKSM9<H)p24ywAt>q`o3@7E`2T&FRKVv#9Y2L32^N>bd~_WdDd3_qa4NaQ
zXCp)cDxyUH??z0?Ys``z2aW&7hF{yCyO1c3YzuGa+NiZJOOKH2kdq6$YK9_C21ljS
zPCAIg4*#a2lvy&{@u)U;6;VEcj_?@((c7?@qjJH;#=J+w%?kIHWl<q3tbQOsCoiel
z1Uh&mJ8&<+k0vF{r4yA#h2m-~F;1H46(@7=v%CLq^yo&-&}4;VQxWiKxWJ%Q7_Mg+
zCei;msLZ45Qs51Hh^{^%EL^|5f4C`I#5Vwzllhs=yeen^@H8>MT$GPPzSBr`ABXbm
zY|bpPB;`Kl{+IGs=8**1AJm`MyfP=1zxy$p)oSf&ZMAJww{m;3;bUfHZEfUc<+&`m
zz39NthW@ZaSu<OtLtQ;LC#%7GD#|N0PL7me<FV)AIdv;5D=!;WuO9V_EK~jUD>Uk9
z6?c1k1uo<-hL!0YZ$#+38nK)3g3$Eb(E4|<gYoun?JvZ1W<Tg$N@<oO)2oo_m7xqz
zt7gp?+bMA&;H7q|g3x>Yw7Zv6FUE*Zh|pofD>(R1LqqF-7leLqZ@(!BRj9?omsixI
zra`TKhUtq50C!6Dy?qMJ*3_-><>SJFZ1iTuiM^lj(sS}O{WV#8W4b0h)lRVx68eOd
zm!2jwfR#sC5wNvGc{rP^;~kh%8I-T*Jya#YLac)-8vKKUXV9fg;De60Vzq#0BTA$}
z{ir8ZpEnlU({Le)j%)h|5uqtHl8++gDdSh7!LZmvLO-^*KP9Bh#l^oUr1V^1;UVYz
zXsQ<yMz+{qh>N&r2)*;<pkzCAJ}1(|zeu5624R%E#TUiHucYT$<ltG%*V6$j>2Rox
zw?~o8)0(dBVXWpjnwlh<nU?ZcKd4qaXMfBz1~VW2DnlxnnuZ038sp(lXyP|lgg%ON
zEA+z7CszORkQ}~9Ze{x0zN<aD@=<^7?i1|@E688<_V&v5b`5O&5j=eB0?OqC%4Lrl
zq<zSFN?F+yIXuU4ZKWWz%TwY}B=9?Y^Pj-*U!kHQp}2&U%fyu31(b}-oR1Q%Md3JX
zaXPNWa3YwO+9M??@ZHjQl~sAaCQ#PwxABK-5<7{=5O`;tVD?rf$p?*{lQa9^wbsel
z);4*-lRvy_t!uHyE3?B}rKw$5Yq(1#L1evh=`lxy16V_RpI=gzl}BN5zXr@ViIP<h
zJ%y&IL+#W74l6h&$Zg2T2=HJB2fnX?2;zbpQUgILc%W3gri&9C=Hr*EM-!0XJ&BLI
zzp#i-I|tt~GQHcVO(Vc6N!`-kw|?)Medw5;_tou?^+cYRZ0$A6?o^XVQ$v!=9u4MB
z(zWg#p9US$pucg-QNTnx(WWM+_QWcS&Li*I7fcWoJEUqTikJC%9XA6!@dsaYcC?6a
z$~OSDAxEVS3sCPesN=+sh-cesPgHft%y&2ELRJ=`viJJ#8GO{w_teuEC!MR;*5Hyf
z)F9>5{iu+C{#v8pCys_yLIXn?$^3DamP_#HuxfO>HSobr<V7v;DYMcbaT$%Y^!PB~
zc_79p3yDn<jyK^}PC5up%IY|(G8k%VjaWHatA|=&&|!I(Y}4V|ZwRc+f^ncd!Y!K4
z9AyU}*)XJcmPL@;Ybn3gHR+DQ`>x&^@9?g!`nK$fioKlK>Whga+9Fs#pR`|hs{#-7
zMxAaglE#dAAP8f0Of`C^5*p=jsgFl26+I%bxvOiFTQR1LO5|V<IMj9s2?TErfkAig
z@)hpzAFq3GeCpkKj3!G26iG`+Tg<dz6098Ip3@%MZ;js%x2n0|0WY||x0+F_P)eCI
zOxSO*I;UoBEKW`<vA7VaB;uGWw>l?amFybKowGXk1vh5J28<3m7F!sLRQ7PrJs|fb
zjx&w#a8FnjzsGJTJTdQ5Utl!ml()@DLK?^Ki&)jH(1RPPMoRFb8x+rVD&3!t1Ue6V
zBG?{sBcI|s-=@Lmfd5#~y$h1r5As+mS6-tR`nSTJs=$?3g8x3Vo~_5XEnk&s`kULk
zZ{Ma>pjTkP#W#@`I|lz4Lp4OARl<EOHUT0vney{EPsw0EUO^&jNXE%v&ud7mpVBL0
zv?yZST9^Hmfx77tpb7CIt$%f5pRAUfm0WE#c2Hg7*&Hr+d+{fuFZSw7^7e&1aC=4)
zZMT8-_tOcy4HSj+3lcl@V=bi*S(ACI`&?f8xGRe2(=vNTmi}#XbFLU4U$m&q!OUXS
zo&NdVzUI&8H81NG<wShNijBCFQ}z7wC*dn;0iq;zX*fDeY})~0O4w71B+TDq;eMHV
zCz14jgb9#8x}WrsQ^DVoKJTMBeXf!66e64lJOYmzXft1EtT}y-$6!%z<bf>Z0u8D2
zoeS_su}M#1;5Yaa{r)|2<rC0y&?JZO5yQSjzCwXbYdE-<H1~`OPB8(s1U*M2$hW?U
z40OSwAe`{T86EqGAi=sGpy+i=_kZY<VplB}IH(6KrC{CmL%O!>cl4Tlvh2=M<yhOR
ztdhif{Ul6M2z63M+)T%k#<Td-<S06-=Fl|!Bvd0|@9WW)zQZMl;asNktiTEt>;~|t
zxwav<n6dl2U(fROexTBCV|S@wcY{@vulRWMo*U~__0mi-EAO#GXeM9@psHz#ofr%T
zSF8Z?Tn8%n#sth9<nGxLSt1={=(h^8CC|Nk3L(lxzo6Nv=Z-X^?8W{~B?g-h`3PHa
zQ*EPxj(`vnA7S{Tq_}$PAX}>3AyT+67%Bm(GKEE!Fc>p8crMaRvMArYhx!fzKGE#N
za!1bdl2d+($2bE`C>pN8--4mIph@#g{81ZR+5-?C(Zn_0=sXR=7VFwSGqS{zCw}Y`
zIA8lm%{%D(A;5cqQBQ43O`~T#q@1|4w7GY@kf0&Jy$Rem(f}&)R+Zg)6e&>rSCf!S
ziVT^8tJ6V+Qs?cHv1)JY(a!=7xd7o*+(~P=ZV6A;bJOo{-j4nfILHEo4q^BTskS|*
zg71=QEYUn?Rp$1I3eFwGU;~eaf8=YhQXw;}lnl-d`xt;>bEj;=fPUs-IW{t$m60a*
z+jL$FC;=uD8-frSz<44t-~4)JBlqK68R}|{Mnsd}Yer>Q*sSATTm!cG@Z-FXh+e~<
zQq_Xe#Gzp}RQ~3d{7tHyU3(P`+UY-@)t6Wjhj{MlpByEEg*vL}fxE)^IM(p+l7_7`
zz6Lfm(kd2ZzikCV#Z*lHVF>Glq0Vzz)MtgJN>VwJ6#lLfN&t#q!*hpxA`}Zg5B;c*
zv2)9_%7dQv-fOJdufpykRn9o%;{zEyuM*k=Ivq@qA5#jEf5Ixq-d@Ef>k{)|55KfW
z(6)ABa=iOAo+_8uQS}#X(n4hPGi;jIWvn_|>DA0PiQwUok5m{Owj#uR5b+Wo+e!_c
zXKJMGyvipJ$-!2GSh<2R0l)D_ad2tZK-Zkgd%O^RYxEQvn`1R9L;Z3McZX2$j_;2e
zT`1o$7N5W<CCZ*UY>)QzCC-(mfVWzsKbXVk2MnO|N~(U=qsFFs8+-H`wuH!Gdc?e2
za%4#tADLmK2bMJ6L@uuCD*Y-M*3ZNKEYa~S(P8+E>AVkcR}_1v1F}3|2rb~DdUW$z
zQ@t;!GSmES&}5KCP<>>Hhdy7!^bpOfHN9VegCFSj=J4ebo@+V1(_nC~sKLTBNYXZ7
zMQ~JFo4J<am{);26%yKB&5m|zMu;RrzbbYftNzLTYQ|O~I3mO@DsT;6;RYLb1KMp+
z@bS#^^3ETCxR^><@l+%0Az&<tT|9TgPbHGUTp@Pb7&fa0a9Q-bwE{aMZuyy4il4Yb
z?Yf*?RmTlX2+<RC{<deuC$wjgTdSry7bgJ@Qt>SWNAa}bccfJ-G#au73mg#bZL}5e
z=$8b(22X9zgA#DQY2CRF)My0LNNAKyo07nY^--C&G$jH4k-^LF(E3?{)3cg<5d3F0
zFmS#{oroq>j}^#EV{^tuWhmLC=zdTJ-l=pxC;||?MZ*#t71yQ=_{s9vM@6_@m!q4i
zEosakWJ$;X8uoTnz*;rhnfC?s{28#3+U7-AWC`yOv7!Dh2#;V!1ZOn*EkYP;ey2a{
zxNtM2T}u*%6=qkDb}E8<nFO;f@dREgf0A*-BEX%IY3Punh=X0k0_~8tREBhwdhQNi
z!5k6>HwI7{B`iJgsD?IWb1Y@ED^^#ioi&Dyj*vh+tZBLqplR?Ff`TkrM|GB$xQ(2U
zKs0Q(2nEhzyFYZrsd8~0)y}~A4A8zM97mhd@H?fU3)T?9%ryS!nZ+tQR>L0Nsn(}u
ziD0$%Y6Y}EiD=B2W!FU>W7V{F|65}#)Q;)CUrtjEst7tA)1#uaETy2dlnmAivs1^&
z55OBugb_BP-EqjtN(5_#+pXY@ekL~&LtpZm65f*-6GmaJdQI>9iWmnkrcN(Jex|<6
z=1{_P%)nYztB#Tlf~^MSr?&acJ<5nXzX6)3D6zyF9U@=FLTAw5&a$hum~j*jJ`b@Y
z!t9O3v-u4@`_3JSWq}uog2}fqJAxw@)iVt^7kX5mJ5VtJu3<g;&zV;aDv^W6Ky720
z8(9*NfGSL#0N$~v^VEaB&O>`jv!ky~DQwLDXw3%t5{i})IVCk%7iiL_8Gn=*mv$Z0
zKwA=uH=3!j%8f<ax-36KS&H(~eb6<Ffj&FLOAV$EivQc6B}DgsoM;WT3&M@rmO}L3
z7nZkS<|klOyJFojmIz;_1<U-vo-~0U(iylr{J|Ql{yq$sZLjV_n?!APC&Ne$bWaWR
zP8VrTr3@rlAsbsjbL!rPG0dH%C^S^?IOQ_nK85&iePk?)huJ!~k5v=W$<IiL1>Y0Q
z_~MPuoIpE3<h%V@O5<5d!_4|2HCoWX6zoMyxPA$wly#>X+{^yrMjeVbh~2b>uC>61
z3b_q${~rNOLbM);2=RUpO<KUQQVeve0^-VS8o~MQAtG;~pSIAKsCT%v;f18`Q#2ZU
zFC;l3E+;S@tm`SwnW~{II~2~2UfTo)xsDcGA@H!cs^&uFD@E`lt;B<EU)xAy?4(>F
zK49tX<5j7D@{|a+Rj{$c*txhuNMlJ<%*oF<_LeL;V@*Yk-V-ygU_vj@5Z8I!k=KqS
zkK-TaYn!wCb$A0lbRP8FH4<Mn7K2qhSnrh$877AX(8L;Usc+zZ5XqZmXDk*h6E*rC
zXS5R&B88sjZuw!NxcvzVY9%CkZQ=A)R=}7x2t!Q+fFK?Y8-~Micwa%^^FafX+a){;
zQ4YGu)lf4^Lr$MrObM5z0uWK#L~%zdI>xOq%x+=q(q&2$!(ZUTKH&rHrX2VnywCDO
z!8VW(tqT%tVI7=Fb2#4u%BGhhW7TWJa5<8B3?QB%&Z!CfO9_uJ8?Wych?XvsfeIcH
zig<=KUegFjSmJwh(2b|hR}2XI4RDGq;TN@yJ9-NTS#}O-a{oy5$^Ze4#A00#mJ*)+
z@06Qj!B($rPy?V13z7<b$r;m^MUFpJ&h1In3TFP!6FBk-Vz<0QeunFS*pQ49S21FA
zS859$O$j8R$v-5dqI8&J;hA3t>Ct9(;j4B&Vg3qhamH-mkxNRG<9<@*gkiJ$!~_q0
z$#Y8BqHl)5QXHlwZzH23X0!3cL>m3d3gw}`iDfnoU>my-D=N5KBoqv)8l|ua$2f4t
zI`}-Qg*zH258*>+7<3)0&ajvXbj7k%u(`m@e?_axLr`{)8hV!J{x`=<61{^w`bjZ@
z%O9{X>qfv(B7ANbUi!3347i(yb!rAbwWl&%Na1a$nW1s#c_GOLnV9%0imB7;V)<bs
z?f))PafWV!=&M)>W;-DcUJZb=IC$VNT!}<42C(@HxJ_d-`JT!!rB=NqXOQMJAf!eO
znw|qxp|MFo8FZiY5mrmzMh|gS`?{bHW(d8HN%*R83`~jOz^GBQbQjf$E(jUcZry<V
zOxPi*A>A&hfhseK3f>Y4<G_k=vm68BO00r>=`$H9;JT488j$-u#ZEoO7Y$sWf6Onq
zk+t5KNHY^|^f}MQONnW}#?70x6yTp}CAtUEAeFhCE<{(??FMUBYI6U{zu4_aSgWo%
z@anl$Rn2Lc)JI|LH+wltWW@<e*orwP)33z6lDYma>b;RLQNb>vBig=T&G_}|#Bg;w
z=+bcW@499ZWBJ4&m2c9O!m?9}$WYVE+Bw-<$Ew0-hw?|m{rl-w%i{|p^2zi@xf22=
z>#|#3fsFrdqr-p$@=I*%e2zpbf42_N&Ahnl8^u=+WI>l7PC4J~pQj3UGz|=!^S5Fi
zE^6WzjntcVwfrEe^Jxz4skS&7khaWtxy)v}cJZ6w3znWNmFV5j2Z<h810B{bj8iqh
z5(PpT*xQROparzxfNpbci8`LkiiRI9X@F(7>!l_c4b|Qa2ZXx4<&36c+pdm1dT9UC
zBs=m4qe(z~VLN$qfg`n0G4NOWzaLJnW)#CkS5{XVp_S@=EBVfj+^J9T@{Z6dZ-qnS
ze*M|zN)5(W{<f_YH{qVC+j6TE2UhKSK<4zlHMVh;;7*N=96Uy+c#qF2E4TJl&%$+_
zVi=s`pV-csVzrf_CdM$KJp3*+E;~M`#My}BDzH@feRUUG-Y$1srDeIU3^JjwzUWUl
z2mOV699gz=ZeGf!HCHNwVqjSNmHgViwpeo#$BFUUpw{sbcPf9<5Beq%@u(!OlZWcQ
zzj=SKQLV_tpQ$2vd7VO*_o&GctE|>qCl6TsH{SLawZQCl&g#WM*(~RIUQzKG@?r5D
z|C07A{l1IanLipvrmp=DcCI2Ns#_1OY};9}E4pi=iYV#Ulns9m28C8?_Ni!#$#SRi
zgp!pjCO_a=hs6e|ukGtwx~6ldMhnGXJ#_zh#d)Q<@+0+%hK(H=)yLVOhq^BBODt2i
zbCz~WYBJvTcQu)pYnP=ThEeB-Xyf9tom({fSG2`c68xKl#VMwL(m&L)vAY!uJ*@mp
zJy8s#3q5(g_KGVt#H0UKTP!91RwMMJLn5y7!&-<H7fKV)xUNuw94g1f6*|)vX>ZBC
zarNcA+Vqjx_*En-&a``ll{bp@sEX)>TNs`-5-Tna?tHJ&pU0hQMwf8X+J5Dp-6x*o
z{GMymi7VBB^`X9<v$gNf<@Y|_%D2f67OtrD$S@06BhFOfP_Rp-&;!M=FKbY4dwqrO
zzaaAWy_AoAb1DXYYwugmx|GGsJJhngZ%j@VU|m@m`ZKsxa4GA^*5j3eVtoISRaR{c
zG@FaMY}+fxzo4D7$x!@(J9TS;;z41}KRdoP*ZE%U*p1?SGDE~ec5<qwWc*cWa;m!G
zefZBlpAu&jyy|!!Z&<Au_^G`<J_pqkJBR+GEn;JX6xZxWv~HO~$;#9pwH_XOwC(6>
zb)a#}<Q1oGk|gx7^zOYhtL&?_)1^m7>t#MLvyNH(#W?9PE{-QB)ShhBCw=?E%=BG}
z+D^oHgg4)1`zy*$q*m6S?4qS5w!iXcM<sh19BCB`{%6&iO%~dLVqA(Xn6>i^l$5pj
z#k0NGb$zYN^qj`LD}8aQwn4_tZ@^j>iW0;bg#MGY#zBcR9_G}}f(&9wgx-6`1@=x&
zjkQQpL=6U#PeN^kr$<PEA84ktmF+C8{y?~O&WhM#T~8Zb%ly+a6!}Y#_BH}-l4Y{+
zXM%}2-8=<<`yDG{i4|(i$L}qMhxBg~JwL-Ls$NgK4&YS?6i^CksgZB`JR`3tGqof>
z$=|NneNw%dgl3r(p+XuJlYo|Ny7ZEFKu3<UDyV_nrkuR2yGIi1Anwl*3E8VnYAx|6
zlk1yu-TWBANoeRv5i3vGaQt2sl%4Qna4Nx`P3tt{UfnXTk@UaAVZxX^6<|AlWlpWv
zLd<eOY_wzG1gGGCj*I+3<Aild!k8=J`NdzQU5LU~8Ny$DN_70smcKY=5hrsVS(l~J
zl4!hnG1X5&&)urZMRhWm=c-=qY8c)>?Zx&Z;Y4HqmzI5w1_)4a^$IvS>z(aMo}nMt
zNv}J+^_wNSJM-ELe9njI$%m=<H?GAc|K2jfS_!7W1NN&(7hffXsw4r25`j6WGLB&O
z^1)6^#Ir<Q|JZc#aN(N`A!ciu)#6sG<}aBg@J&eG=6YjbM#%0Fr*SR4PJQY_NFt{!
z7r$EI@h78vZ3TWAOD2A7Mqccq#$(jdkb-}z_?IxB@0YakbRIM5YE<4uU%)FB(kt8}
ztGn!V>P=to6Mjd!Y}M+i-oJB!a?xZfc{Sr;_E%x&E82YN8C|IupAn0`Hev#(PN~W!
zM*Stf;Dl_xJX7gSkT|?#WzsVmdyP}rUa3N`Av^x+JqeMaCld()aVRZ+&ygboa5OUA
zpZga9B>GD0YA_LS@JIi|9>e$!bEna7w^aCI%GkdpFYkWc&G;^K+b>GGJ97A8|99q1
zx(vX9@{$M}SoPXIr#$XRZA_=l1e$yC{Pjjblo)G$Uf8jv43>=xk@<>xy%XMob}T?~
z{RWSc_=fUyRMmlr?l&ciFTTPs?cEWl%8_9JE)#(@=Bdg_qA`%%5ZELsA%Qh1^eX7=
zCX)hyPrDKY44_rpI8#6*CLjtDZmV%?hx--wngO;9>lp^n)vn=`ZqB27-G5~E)>`m)
zpU?e(f&F%Mc=?SHtwZblxQa-%_im`fGh>B-5wmTEWvk3qg}<r!v0bAMFZ*Yk80PuB
z-&ds#;8o#|UHhEW)E1$Me6ER9RP{+2KQAqW>K8dEE!XVzbEP@h2jFpvFO?r)RUBw&
z!OcH=DpeWsp>rg(EjT`tQ<$vrvjE7^K({O1eC7{13;zhYZ^v9L`qR%7COKf2#l21<
z=3NZ0ZDvM)L*k(DR@DNSbKpjU_&9xD>a&o}QTR*9y*9>+O}r+Jd106n&aHSOS9MTM
zJF0b3llPW*qQt&&&K8QfkiN3*Ao)@Y7m3x&sCJ%XzYt#CtX0F%frk-p<J<VJ5ayD#
z6h#`FS<`4O95Xa8eK^Y3-{S$u4`X4`J5;(B6}1haHa?*lh&?#GM$`1GwD6)dO8krM
zEBi{8B>oF9z$70FJxc<pA=b%`j2~;CQTrSjLH&Zq-o&^V>t4sfrsVU7n@C|qt}xUX
zPFFS-tqOO*f#ke6-9$JTy@3_SogI*Nd;W<D%+8+m)HU~mZ{Et|cc;dRUZ%TVb7&_M
zE9HH{xZcdd44y_qpBCc(Yn~J9*OIVRu4u@w7t=)fqcJfJjZd#Eh_@_>WN~|Hl$br`
zoilpA{pU^I!s>#susu6i#xz=J569-BrDC8<xXiSTEdhb!-s}r(oxEexgPW7H{*1W+
z32{xeT!{sJzD~7~Xs?QX3HZ3g*xL`2PgfMp@4VR;O3~*_Hqz)D38{y07|l#Rg#(oC
zzIr$t;pk&;%U5_fFGIZfwk>H1##X*;Vl^S3-g{<Tyf{rFEY`v1(e2s(%O`Fly7cu)
zw>jn>RB3NkO1gMhT~?OBM*j_fn;P*V8LGmDZIp<B3~^+kFIb`#gMlN`-w@OUI&3fs
zg4HTzlL&xJ90K(CGm$kKHnqS6$&YMckfI4I`sEWcZ#HO`%7FT(#t)r!ejlY(?W9-h
zdr7EQ37>QFKobZ|PJK;AeF=-WVc!p5lQ7hoN|z-9^Tg5AmtYpSMP>k}V(b!p6Kh<l
zbw_f+^ul>S{4Buxn+sq!BbdT=X0_*=c{y=(Kxp6PrC}`rB#FQtPo%FL-b_DyKCE7*
z^Etd42iES&^LYvIbqS!FM~|=N2uO4SRLO}`(k}q~o8|nWBY}EV+-juS!ky#!IJIkS
zSgSIHf5uX3=SyWri$A+xKMhCjqDQ{LCT8^VwsH+(ZsV~J=s)Q>6J6@HE&U;R!>03a
z{caWazFYinX%0E7|MQ;|HYDrl<O?{L_82m|LlsYS()#FNE<AQP1GFO*fh#zR^ERnZ
zR<QQ+dI?jYo+(hT@L&@${%ld8V9Mog`A&!!zq=J<oYR{*qR5D;mqgfP?|UaEaq~z{
z@ctdK<5Ll=H?mV{8k*rjDx3YI|MgjEG!8sj7jL^>C-G^Ud$=wMahcB`yDevwwnr0j
zBE6qkG-<|P5=GCj7m@f$ZqPiW0IB4K-0?PPtN)>@aSZ?{;+|jdZj~{PG%+)QO)DjY
zb?7v{miBDd0P<>)ztf({r3EB-jG1%89W3+0Q>FI)Y3Z`UGPkjlk`HFj3Fpp9v`pm6
z&I@fC=d|E`TFd8-m1MRH|MX!lMF)dT4#u&X{Ztq>ADqSQT*7NgduyKR!m3P)y<C>h
z(~BWBHaG0JioE$%cQ)KeY&*XX%QeP7jfKs3PFGzsBx~+U?Nj6ptDfmJ^39jj5ad@y
z)gB~1WuTSKIgnX^8ZFFTaXKwnS|q#)Gorj5rt7I0*zVP5)PZfb=|z(^9Z)PlS+fol
zN#nC?0zBxPzf?=JIW52{@bG|DLUr~AxY!Scq4tt76gm|4m&Tzr=rRjFjSkPA<;ILV
zHXcCs4xrYp^a>A!pvc14G^APM_hAphTy<ZNt*<d_Deh<TR~=Dx?iqOQN(IAg1prKd
zN$_mXk$!e)q}pfU0qPg~A5FF$uygH2pHtaR9#)~-G@v87oq#_R$nUi?Oi=x*lx06m
zvCp<WT%YQXd3}$y{t?)gh=0E*?9+&T=@st$?$w72e{Krj@J2R@O6WyJo!z(~zD-6K
z*AiYOyx3kOmcZ)4L`kCXjAQWA2VKNx9yrn^C$&+TA}-qD%GRB8@Y5*|GcP`Jr(22s
z0A1N9JcP*VpzDPDLU_4F^t_&pzS4+vWuX2k`X}D)<+WznADHyLq|H?F(#ORbWzUZ8
z4tQ2`cbdIKOa`nHIzJ2c6gl?YGE~kwY4-3;p$+nL`a|2=8i-Uy>GBhX*qtNjhn`Yq
zf0lt|SHk4x_ANZR+kW>}1H7I&e+Dkb5EM}$cyM`~gd=tk`f~^mEQ3Ed`}UZ-38aWj
ztg^}X@Xq&yO&l;>t?bV(NB8gH1MfZcTrjM3VIN7U9RTW{Xl@wDFBr>JwDRt&f71{y
zSo9k>rze1tH>(2Z`3GprcqVP&ajG+c2x=#aSxo<`$TSRkm>?r0VH{0t5%6sR^Xq&U
z>`2KZEd0YOY^x)*8bOoMWT|h-Vgxq5mMsR}WeVHli=5X1RL)LG&Vz~r%SoQ;pVrzK
z3l-gZ2E9aAn^PpM&OFgQJl%SVdK{U(Yn=yoQ%MdY;yb%A^!f1VNImI{B|j+~IKAuH
z9~sXzpVm9A|GNHzLDF2p>L^~2p;F2E*k#bFJbSL+dGMR_4C`wNE6oAgZ@Pu6TZ4iN
z6?8g{3(kXjn0rjcyfxU!Idd_q;!oxt#tuXRj?pfM_716%NBcm>13~&qkuYuZ1$>>0
zW6Q3KU#TU7f|b}w%{tv}f_^O0wN%63bdyXTL@S)fj;<UZDp1X#xNqNd2lN0-wR_S;
zVr%5~eEfRfOqho8c2*{SG5hf>;OLh=*l(jA=X%0j&!QbP-S3zkVuAnj2ovoBO(e09
zl~rHBhJVzFfAu6&Z6M;fsIbvqW>RGCldvBQq!qbo+tx>!x{Oc1g0HcYV&4|tlz9JT
z&es)ZH_f@h#$`75FBQ+?IdGOeLUUn)9NzfacwqZ4cV)=gSxIxw+)U%S>hervAEj;|
z!SCy(98bEXw>9v78ThyiqT984(E?xM5Pkj--9M4Dx=5_umUY43M!y0Rd=8w@;Y}<I
zNVab~4?t`MKtkjCC^a;1^gf(dXSo?C9k(nmVBgxFpK)(FuROo@?VQkAT^MNTZm}ym
z5shlOKE$@afkm6?CN6Jy-oU1BfEgs5l(^0vLvNsta}LjiyFMk~z+P!3Y})?jq@-UV
z@*lEoek)?98>QE5FJlzQiJAgp8v{x$r-V2upI@O}?%+cT)6L`-sSq|bV**{DCX4|+
zbFT-;@r#Vn9F5WRlF0Gr197XaN%M)no3*Vp)#IV7@znK+E*=qrZ;WwZ&2!>oTF5vr
z+|vsIldUAkdJ=S7+=wlgzjAgc@{h;sjj70$0lTk19qOWZlhcPzxmitR8@MHkM6&20
zvUD4V+nZ8{^+z-t_mzgN%C5&stFuYnbr1GOZQV<E04O?CB~v33qmCtvCUD6y8}B#e
zb4kE+alouj31y6J+b?toePOjwSCOT#E#|C$Q^jmuWl)P4VE?-&QH7}_KuR27vy!W$
zdcnOKTnad_jlj$Z!c;b+^HS##yQOf3I!L`Qhe+Zy-QndU*}6Vyp`>H{O^M;nxxokG
z457Dr120}(zPPLtmBe{2j^my9Ppzl9@T89DMwjLSV!nueLU+Mp32d<X>SvMe!lW}s
zePMS_Sp;d9GijGIUo4&Tt8kI^Cca!}UX4q${SFXi#)C8Mi%2BewhaU$R<MC|15+!<
z%Sd9?3*yz2FKPp}lTT8jwYN3!Ki`3mi3Rp!@@dm;+rGU-B))`-h)sP$?d-RfN4cQ1
zAOU(V1+w|_o3fJ;>vd(6&u>b959-+<>ijaHsZY-Z59!o+->CLTt9|o(2L2UOY%&z#
zzi7;ebuR<*el7X+hIZQ}Bm0{li}_;8mgu3SFPeMu$c5DQ<YB^Bw_Qu~7P{@pfo|oz
zLmByPT?<xGjGYnUSqBZDbWDP1z*#f^<y=!~)^eRB@NE*r_Ui)OfrvL+d)E9+{qL$x
z{*joF6n42*2dVRlxno=&<EXZYjGzUbrRr&<t4B&?s2};!Y)=M#1B`s@ZD}Z<n00A%
zA^D<U9cgLIts%IDYTnoH_Zy?Lwo=NPrIzgt+})SL4vgvEx4reF(8@Xd0Pp{B2)un}
z-VUM^O|PM9)#zi%Z{|fGpx0W}Z`7(3BC;i7!X%{MbX=7Nzu+yxNaFv7Hu6nK6ls<Y
zKd+_<ro!4OT546d46j+~uQAtwxp_KN+B6;t!lwn7Yi{J{aH|h?%n@*N=ysmZLZE_H
zpXm<%x!16UCr-YSF}cGH1(2i15o40>8_-U^@ksHF2}#b9eh+l7Xz7~pAgjna84Gf?
z-~gPrqt~F-?7}I$n3ttAJu~vNBhfml_CkG?X#^Es(Djg@8_l5GWG}HN`Tf}bGdZg}
z^n;d;z&^nVO1eT_X%hG0X2uD6)C#;^#r4*tU<^z&yg*VhVN=p?FY$1f5@C7M%70C=
zXTTn2u$CLr4Ub_NC)?qK&0&=xa1k3A*waY}4HeX=MAm}~pTnh`6hn*lM$>=hoCi$x
zNBc~LI4AwF_mO-IW}FH*7ce=UlM;MW@)grnXSSm2(50U1;(;jxz?eoX*bAmvk#ZxX
zt(leP(%2Au^DhoE7AJ-E(Vz74@>#T;Zw7{M8oA(`naV7~@3D1;o=R_o9Xkf&5bj!i
z9ot1T!JQgl^B5VaAU$DLEM33puX0*HLW>)Rx5$Fy>F`x0E;{Rz7@y>gPVc@3#X36m
zo5dKi!+6=FsGlt@t3O~|bHZmipJKhOjW*Q<zX!&t(2zNN5gfZ0!@Ldb|16hC%bwGo
z2V9vj_;P0nitVC5@i_PTR3O>OOi}@T(?_Cj&VOIeV{oe8;^*VBO>NPj4jQi^g%ExE
znoi^aHu_`u>eT<l<i+oNjOJdG>CmbPNXi7{cMAI1;N11h>Il$p7;U*F4siYS&5`a@
zB%~{Hz2h*5COMA}?K@Rh_!1M=Tmi7|M%ww@4{^gYfJ*0FcoWTyXy%4qP$VYP{aH{)
zw>8A%GQezdsu=8f-KVY%yW=?l4)~i{l+<GtHDP%_L|e)T>+xTqBcBfVcL+ULTLhkv
zmEE!<7QlpX>(^T$dyr0#f5lg=1Y2IB&}Pxj+N}rNai@BYKr-*E$jj+lx9mULwb1+8
zPF`xaeZ9Y>i-29LZKkvgr<sWEx_=`?OYE~U%-+~#PX%X<LaJN0MPdTzkbC|aW#<9w
z+`3gukp}_pbe9_<RQ@Atj<>%BwGt`DFpUogRsRy2L@^vBUJUaDh<L0Czs>#gM5^=9
z;~*e#TlYv3QYvY-Nw_Y*WYPb`n8NO2oLjjS{n_%EkHQR4IxNEKTk5lzDWfuTUbMSP
z!dVyWS@-aFzdU#(FpSEhj3=W8_Mq@aNO&WUp5)unMKCPD3%1_~wVd{ev_~kv)dYRx
zI$K3Y<CS)TZE8czA1u>rO}0uQQ^qh-F#pdfsS^O|4V905^7vu*grIwd(P_h~)v+T;
z|Isy>Tc{AssG{cIOcR?NcPg&IHGbVC6;rK@EBPx$!t+rM^TqTB%-g%9`+GkT$4vzs
zeb>1<dHIBy@ZXCs;gc_^(W$SAaRPgL?Ek$qX?rPSwIYkbCxu~O<mw_~b+{=6+a=Yz
zCx?Y8_=s9yXS=Ye{v%O6CxKLhVI<Me9R+9<#e|+U+5#hxj`80O5vr<6^WQ-MhAf^O
z+kYwbMlxvkffzayC&}K^(LP=B!Cek#-PokFEnNP_HJ6A8LFMa4w?8g#Ef41Q^|EYA
zjrfRT@VyzC9BZrxoBEm(!=4stvG~d9Gsv8nxx(7&{kIr~FkAXJvpFuxKJZ*qBLfDl
zmN{ikuBEWrnNE_~X^}CU9$RMwt6=^c!Lkj(44)%eAfN0OSVg096Zkp#;tafs1k0Sz
zJ`gMh<c^$qSP#y(T#2-%3qPFE;PbTr_?k@8r)lu-eSlJaEL(@q=UV<<ut7(bg!o}<
z{8x)<yxWKSnZrM~-D<Ctn31SCJo@JIMjyrG#$Y3~JEP<Jlq*u5yV&UK;v~dblK<pD
z6WX#5=B$pT+u^tGs;v{<ivfBmBTI~>P{-2CMZ*U?osNP^v+Kp?JG{#)iVP*U%|!w!
zhry-7>MMhSGur%rv}L{$LrZ=3f$s;r4&P62AHK<}*Iy9(%)JgJm$A}%R(2jSi=Sxo
z0?yz9xwV6@*de;lZH&8VqD4dR@NL*P0JWls75fcW`j~U9A9q;DRtoG(+0PsAH6o-w
zaSm@MP~J6bO|HF1rPhVa)wX}vXC~S~+x{|<)jE^mQTO!XuRgp>|FBoS6*H`9^V{NW
zZ8w>S_t8gsV&^dD7Ct#YMr`^({Cz)so!MI>eu}!~xrXVx$m-upqwGGc#9Yv?Z<lF8
zM0mWplF5lux6bg8zUsP?CmXN>W_!#w-|tD6=4C$VoVu)xb$u#0_f5N2T4#6OtE4zo
zy7<*R{}3l@-?p8GD4nFHk43r7=sS+hJE5$pETcDf1D7)!J!L#3ie#B$lKx$Drrg7X
z+M)W2!gtPV%?V_%lssI1I<hKFGT6xH(XTl3(_gydIOx8tGK$i3$ZCNMDD99*_eWK~
zRp9j<uzSZ}vIJ)4epOu^Fhj=>21g8sA?MZKbZh)I<>q3<MI;g*F)oa#cz49K+_P?V
z(V7|moY_f#(nhT^acpH_`U$r?MyX2ca~83z^0e^|>1Vu_{TRaZT!cqH<phm?H@Vh|
zY1;=o9Nlt{Ea_WdtC#S<iBRi7Z_$%-D0vHuQ}hGk_RCAAE0}p`D@otimZ?@$bxxV%
z<--tB+P3cVo!z;u_c{mf!+iDhaiVxE^0(RX*FJ@kpY3Eu!}Y)Wemm_8%9PPomgUZj
zPN*|`CC8tvMxkB<)E>0wHqA`{b?sM?qN;atZ2e4d4qbEaq8C?yyey#}3PzTqe*F4<
zgHNr%Y@OD*%l(4c{cJTNc}I?Vn}xj6xhUK0{P}8x_@<oLnp_zl(_a3Mz88Yj*83d2
zh4+h4?k#?zb|%Ibf}1{qvYLXS(zt=?YJ%83k$qcU%c{x?VYhVwJ8x}PlUvPR3CjzL
zTjOSjn6*peW~Lhmo=D^3q7Gv&W?2~NqU3Q%7H#ExDwf_z6LUZJuA+-4MJMYK^{et?
z2VE5EGq3YaHzIT?*(JVvpgImE((D?nB~fz-A)Qk+eV5yrp*kW%XBz!ZTLq7Q9QiVn
z)Z4o!Ww(6qim;(xQf@3t<e#j29B25(md{Jkvk*tdSsdAU9FZD@nW3L(Avu_Jj{eQK
zT23V?<;x+a%YT}7aT+vpCpGhW6%1a^G~sGDg@%drjV+QVX}|oy<U(+__s)BBNLZsU
zT(vFSF29&4Gb(yiwH@<CVRU_1_YHB_jWfYPf`XZofe``2^=G@CYNE9qq8U|T;}_z_
znVJ8w^c7HTJx|-k3B?_XyA^kBafjmW?k>e4Kyh~~?pE9(!7UWGQrwHXzWM#X@0^^w
zxs#ban?1X8pP8LIqtH!;0lYk>t}9II1@862pRl>26T1~;@T`n$-k^)chx_c^i|#WC
z?kha3YFAWz?<SOxlDZE7^gYVsrR6dp9*-hONUe}x7a!^;ZW<;+=j$pZxuTk!$KLV)
z;C?J5V0z4zg<!CWZLgE4+D4JFToDR93^g$0NEvM3H)5x`v!`ZlbVk8O=dfQUGc+4|
zK@NXu9}Im#&Vx3+7t|Kdu2GhX$;|fgl#NGm8c~k~RJd$|wCR*+n2gp@JdBby8nPM7
zutpZX)SU4%Z(~|MyULtWUO&H)B|R!@Nox6By;E}T%Lh`&LCl8#o}Ft}ad^`fqhL{e
z#1gJoRs&(51ojT0*9ka2z-jl5tuU!w#c{Pge=>cI6$jd)J_{=kfWF&ypMb016&vL1
z==eG+hjWHMV(}7C`B)_I_*#F;p)aMEe>3Fz`*iZqO~zS+Hr&oDLEe}lF=WfQNfi>k
z+H$7!@B@!k@#3>$gVCpaK9~8Oj?mw;1SV+;s~_K%Q%BrMKjN(7(oyG6FevJb^Xgb!
zmauQBv<^_kq)Q<e;F_|6rN|(k8N_9o#HEGli5tdKiB%V#fg|p1(U^gZP#S?&>ZVa@
ztdFwB^*9{n<vKYna$m+Kecsy}ym1irWp2eziu1L(*w*EGlNzwRbo9r8d>UQ1dbW?S
zHp?nUzR)`$;UGJWj{CEcw6Hd(o}zxzI1c2NP3dr=L0Wjpw?yMeiZ)+?Nhwn^n>=)`
z6fmN2{jDvP@--bZU_K{}lABSYp>f<wm_Ss`gY%>a3qoo?zS9w9iM*rZi4O_Tk8laq
zv>v+gnbu3s+;LQ_{5{*6LlEcVB%v-^+L=b{!KBdebU*-+O7I|s+>#s-LKZl*7v0>F
zQ{Usil>S3FZ`nK8#j^x7jbl4FB=r88W{@FNi?6Q{OQk1afoLyso?{*M2s7IY_`*xc
z8|oIrJ&vz-!fwr>m|50RVAzBob~B%7hxl8P>V>ek!y4-nXi-eo_iHb*F=5_mCT<+j
zg2t`<EnjP4x1<qzfARjnr{6^U?W?Wz4y8I8C(X1{73}UXVMl1=GTZw!7kjVP5*h3E
z)yuYPB$@mp_(zpL5$zg#u$_JBd21;Jx{fw86v0bT5!SB5E>xuLs4JVOJn&x8(LU$f
z8M&B~2jZt)8LLV03<)Vc#9uh-_j(L#P@&cgW=x-?ArmlNmU5Zo61MkG49_0@4Q0z~
zOao9ebDiIC8Ve?9)A<`_vE`*R0o&3ZX9X%y3cc}qJ)~n(sv(x<N9%J2hJq@Zl(`k4
zoepH%{-g;j;d^a75V_{f-Y;f0m(C6%NPyV10Sh^=Hx}gcx1EmHcRa{YJkG(z`b2~=
zG2^^?C(}SZ(={cl`>jKbypC>Kb-6STsB5A9JFg~nO;tL5K8^?TOC90mdKJC_$6giA
zxCTKq7DA7OyyherO8H!kldXLaO{AB{-Y%#;`Em@LKNjZ*(MA^d++l{UMSog7jmM=F
z-z8faZM&AtJluvj(1ob22qp%u@&L^i<J>hSo6`+A3YI8n<|%aA;@z<zk3)jP?)v&}
zLk<;RM{6i?)v0;ORc;*6Ky5rFX3??-BDc|nnaKrLJ9j0Blx@;)(O3((Lz00iHc-~>
z0P)8A4ztxhm4}Cby3F!RH;@qr?pz0+wqhd&GJ=>%-8o)e<|qa-7P-sN<Wn&FEnHn@
zpD4x46ZBElg(FE1TSpx2`&3z#dB+2Aw0E;s$6d4-Us)mfmcrg$R+n$q{X>R%&NEwV
zKtp9u%hzBE&QAD#2lzgt6bG2S@31=@HaxU4R04srCo4O~J?EP63;jOV<&d@@=h(Ua
zQT?!`Su0!}|5M*m-q7=`d7Jnc_sbzB1-FJmyj3m0mq(+VXKCi}18DR^UEv-KuoT8X
z!Wan?9SIq2&xjV+8O)RV>C40CVEc+jVeB~i-33)Q`?|t!EdXjecQng+x{?Ka;$w~h
z=<c4&wy)436;Bd$SjgJs%-83E68&bgs}FYsffy&qc$P||GEzOqn4l9`ys4B+gMJ<f
zDfQKhV*XlmQ#;boxPN0R^4BEW9eB{?B4xCLy=D~I(1D(@93}|t@@yYmR7n-%G~%LZ
zJ>X((l=cMNo^TeN5N9l}cLK9KI|ip0X>%(kXz^7OR9nb0meZoHmTt*WqgKS!Y17pb
z5;YPOPNTUu#|K|%Tf4|itwjvY%6*dx3o0)SENSy|u64<hT5?N%IP{mi|2Qy`-!Ttl
z4=oWB-KpEfxJA}J!4eLDjw}-AJ;BGRBDa<*jXvK`J>eqTlwQf@$3fN5tBi1)L>(QG
z7{jGO%M;N11V^}+%=#+5jYmb^snP1qiR<qw18bj;)AJ~_f3wnqtcghm^ChO%9ctcc
zQB%Eu&=#fG7#~)-VfVct8dU_pfhkfScGqsvEtdc?NSe(ThWTI_{4iq7C+^Lpp%BE9
z_g-7`5711dJT&cmyO##Z9t$Z~fQt3CYaiAU%7Kl<5%&XP?Cnoi|LanYb-RNz4!M;0
zGG+Qj8rUz*nXiz1X%INoW(V2nSS!GE3Iy#4K+53l)uB5US{YWW_2ANAstkCa1MR?&
z4CtYKY0y>%WL2^h&Y*t%+fSb6!&=8^T7z79&r5siz*KZt28>jCtXM*&(ZH}EJ4vt;
z_BIqZ59HqNKp^!I=HpMC;e!t885Yo`<Ef>XaFCCP{f4r8x&Ce;oN-x<1&KT9FV`^P
z65p|cw_kYK?&y0<@Hvwy_o=Jv_*IvfvP)-QpWL(Aiy5e#zZT2hO7tH*WIoB=2OjQ2
zRjTnvP#V6!<-Z3;%FQ`p<`WcOc<o&r2+z@|_F_jZa+7{knrDmf&+6-_gMF`EW_vGY
zP`nmYt`Kj_j=A?&udS5NANiV^N->-W&uwP=xJ4jJ?c;c-{;+!&ROHNim-(c75tzE@
zpB%K1-O$ydqZ{NFeZb@a<sIXNf9HiiA%#v*yt?pGD~_>tPAet1E%oBU^W%_vz#3-J
z>Zs>JP-^$aOH*Ur+4*3?)+sMA%klp!XSA2725ul*p5H2FYs;2`^$-MEN^D2L`as9^
z_^Qi^CGTG7y7amWf^02Dy}V2oaKy5du3GikSkSM9_Qqx+W7^yifV6s5>aJGvlC;;^
z=%IX4!<u*ALY?Y7vLo<KN8;F%E8qT4{DrMhKnKa#N0uXpVRwkx)X<fxHNoXNHBbI^
z+%rZWw;}pq(g{>MQ_SP6#k04Qy3f_S-*(UCZ_edcTWkA)BJK=CYK1U~Jx6gMr4yqx
z_YqhSv~v)idn4SII8q_uw;6>pjUkd_5Z<*n66jsfWhnKZEW@89<}yne@#}afSPr7J
z@Ystc+DKxrpw?C_Bk@jxqV-?Q+LKA~Knc<gv%quN_PK8i`#Cx?L-3w^(UnV4s^vHX
z-+33MgbCO;IP!C5(wNI+=*3;=3p2fTt}i9&J*gBAY4C6u*aik)%%J6Hw6Rn?sA`T<
z`^;dkhuvZLkfnfT%HCADr-OLcWjI?9<!u5?B8VlFx6I$WE;A($VC+o?omE4Q@Gi`k
zPM0C>WATc=;mlT=1fXr!ZGuD}-=xd3!c6l&8bjSj;y!=Eg>tZFKP0(%@iKeRcCRfw
z@Bj%qR;N7jSQ(ZM-p<lT7Hasu{Z?vw?-b=@H!`a0wmsZ;V<!*t(-yC;bAaX}^W0gB
zGx;~{iL(^P{_E4y)ITR6dDot<C*ruh0##|9U{|L*TFa@j&4!_kO$EtR;iWInF8&}7
zcZHDY7w@`4-#-AxKOGTwUi7DDtlS>gbX#o{b%n-VIDyC0JlsZPQI}8wTr8*n`;Qs1
zANDriFin*cXH@mN&4t@oe%Oy%(fh0d7I`iohusy)#DolegvOb;qUL|$h&FKHaWww%
z>WnS__<2<M&?<w8m<61E)rN}a*?3({XiY!3nq~i;IfxO>>&L<Ho3?Pq_Y?((+PsGG
zY1+G(yo<0rg_=hTj&i}joHV?jGZk1UGF3$~|1)c%lmK*!sQcK@f|)K9nF=*($c2i?
z8Ox(%Pz|jgG022ejje!6=}!itr9-jj++%4}q6DH*b`CyWQpJTW_?#VDs9O{c_)2=I
z_lTC$zQ_n?(8b+%Il{};qzqgCmO!?aK+eyhtG--69eanWVYz9o|6rvE8l|w+GTbHl
zW$tU=cE?9I9zb{Ppu43XX7oLU&$`-nYa!*n+>ywhpg~cVGij!?u(tbr(4c$A?6sn$
zl}4-m`^PP6-by6OI-~)?8BJkpBDw$=t;Ybrfp%3gMgNtshAyOpgKj_U8WCR$tlue^
zvnew8x*~uaKhBIT-h_jVJDTppu^oZm!BC?r_}C4D4C0AQ+x&6wa(z)%T#+H+K$53k
z_yZP1Gnzu<2NXmPB8%rB6G5T`MIU*MyXg}S-r{JwqoKMzd;{q17vobG?C|&D(_+eq
zd%-PT^V!snK%c4GD!RLC{YAqDu&`(9#J%j@Pe1Aa|CVm@WC~+oXanfp^H}jLiPc^7
zP!WVL^}rn+F3?6=2a&7zOG=%8f&)d*w%>qb--Pp@S)*O@{~vg6!x(77NH`ddP3}Yf
z!?E45Sm-Ywen$y^PpPvOJ9c2Sb@&YmXwC%2p}`K;%BDfS4%j+=FkYV(n%gQcOv#!Y
z^<uAkK<5}Kec_FIX#WsCN&W~qk>H<;g#1AX09Za<eIuF6VDDxlA4&-T7~j(_6MiY^
z8hXZhdAjUi{+}D`swCpFW37#xvWmQ*EAko3>So7X`+sh%4t*Dj0c(nat}rC*W7Jf4
z?fJ{8w#ReO!}_ZmyXm`$sJAmZ-8v!5z7r|bTO^VTF+9NxeZ~~^{xsgPHnXr^%K=n%
z{E^%By!SHNQ9SvlP6C-U@<Jj}7|8C2On&PeiK&dbRqRA6@A63=YHIASi?ANBo)NpZ
z8Ne5GO+{i8W9+%}Su&WSS5HSDx!+H!f-VdF&x|r!5!QM3>+lB-l7qMlZMX+I#ris)
zU*9>r6QDk<r~P$DrUWHa`}!oqPfV*P#7c*RN*9wJnOzQco@wrUVGB=_Mi&{#qIp&_
zI9AeJOHZr?>TN}UwIaa6O71a}N`*sTrc6EuynSrNAf0+Wp?DnOTc-VuIE5Z@HaPp#
zflVhnPtS@Cem|auCZ1+yH~fP%mYd8kFjzGPA9hU!i#MJMtP+==E+YgPw+iSM_j47y
z9by296$1;1KgY#;<(o}C`8b{pz0UtC29(OUi?uA+h)?`pS0NS5X7}NSIpgDnOWBS6
z_re^acY7IaO@FSP6LRw#7>=6MMbyrl?Gng6aFA1LMXMtDOMW9M(8HQ}#tF6XmJrr(
z1!a;*B9k-1#9XR*z4pT}wo&|6KmpCI@L0$B`TZ3}{BFQGfBH-y3yc)OwV4Ffkb={e
zZmddgO4yWKvz8Y_+R9>Gg0>e;fu#8`wsb75PaR>YGL@Gkm-NJlhfZx-fc(?VK9cL2
z4k*3x<-&+eVU%bh{m>XNw1U+V$g?_DJ=)IHg95SME*JbG?){qg{Hw2{rc%|f5Uz%i
zH+X0S3ngI(ju2|l2a*h=Gb3J1^Mh_({Xg6*c$)`_!ewscV3_>V5wF$Z4L<N`tnHbC
zc?oP54DR&xrv1Fh2OGZj@iumQKYS3obHwc$e;7O29KfqJ$<CJUB9fltt)1=7M}AE#
z?RpJ6jAIvXz2CDrv?`UguS*hNAL#ROjK0Av)3@g|edycE1!4ld$0wBrt2j4ddL`WR
zH|f|JW&G+~izOq;%Yz>War88C^k7oFz3yN?3sH!lmGBmgJq0vY1a4SdPfb(--zVWq
zz`t<1`yFf71b*0|%kX9yl0tnFu~O$KYK!4Z^`|~pV9>VCi(dj;$-f;y?e-&7Zlj(}
z?O6U!f;@0vpIAjU;efv9<PsQm=}(EbfU*no1IHvK3Mh^9*uiE>Md?;#AS;y@3RO;3
zY{s(A%2ex_g9K_P7NO4;jfq-hXYGmc#}fpz_w+bbD*GR8(H=dF;<i}vXIWDKd2~6-
zKmBD3uSF~=<MI><MY704|D*tPQywc0l<8gsvJ#%20l+E%i+K0JCVYI-#=M9*CFwGB
zsBk#Q-vIuUe^S1TS}o{u1W*R#etDq&${#Y@3eBt`zS>J(&|IKM=`S2^@{dFGJolG$
z!k9B<o(+G9ISIim;xKz-L(8JemgC;9JH+L`T^lNB`XkDevH2kIqTW^Tyc@9{Rx4|c
zxDIDHFnW8pQLbI(CzhAO+?#=vOgSdH(iT&6N_*~ebhMEQrLeU~eip<M)w~-!A}0Lz
zxi@TFvp)Xa!OrdF0Z_02M_4bO+g|0&IhRWsX7NpVhhP2+L8di2BB^<s0q#s`0nV(b
z^}wG)|7nt%D|y>*h}FW2PM4(p%*JoIiD0Hke$9LeGM+y)%+7B4lTD{XpU_-<mO}XN
zZAMK$Pqo-X*XHlf!f7Ts<1+VCgszPf=OLV(#bwyiinKa037+nkagz0fk2`B{u(WF}
zuyDQ~?aQ!d%aXA!AY|0zQ5u#9Y!n(QG#W}YI$R^WORM7^6bhnkUceT7bBtS4vbzC~
zpZZjV5>z3-W<z+QfO}E!_d){y1w8D%Q_Ng5)IWs4vzg&M=*A-i(PF>J()a{^CbRwo
ziZHto_~<l_v@SU=fqECiP{7hte!#*Y9Jk3A=leA*9VTd0KB=ZB<C|0gD%H%S<(Fbx
z;L{v3ZXar<NL(U+oB&S{d!!T51(+LDY72EfbN)Q`0Qt=UR^u)EGmn5+bAa^X1D0Pf
zT(sr=OW#Cmb<8uSbsHQ7O(#687GB)(g_DaD2WkX~_g)2<+wXD_GRkq>%DCv$h<=56
z+8_?_hDFVT!xV~VF->kM-fEMd34CLuULVik!sa0ev9Q7u&;=RsAzx;ML5$bXySHU!
z?&WCkd(@gQ9cla*pEu5Vpik^}Q_!vWX3BuwPRgw_9#p96dd%093X>~yE#H0NWqKTb
zhYM?APlmZiCbO&*b-yob2!(voeMxo>7SdTfiI#dk6ww!bc_a493A|A5+4!!U_+}8~
z5D;MgqxTXD%Be5iKb#*XylVsW>iY(cPpUp>^5o~<FZ{(<jdMO^gRhw8yCHz-hCr_$
z{7r;e&#T2Aj8mKsF<zFohi;Hw;T|I1f`c4;3&paG>17|0#s5(3Q6t}mrY2Arpv=mj
zU~Ie-mS_ra0ynG09K^U~gO+>Uh+emzw!S`rZ@*ZYpTGPRAK#GrN;Yf+RB=T*l=j}a
zHF}{RJ?`C311xHYGX~%~dpJXb3Pi)$9S{rWBh7CVUrRl&t+2mO(WKh(szOMHIQue{
zbcAy@YZIQ?{@lhd<|r@-WkB!Vr_S;nUaD!am}s%OZ+BcK7zCK3W^yc#CEUBZL_f5s
zAzP~b=xg3o_73>LQVA?)Q75nJk{%0E2lSO=2gQKv5w8b?L6B=?p8N;68|6f=WA|b(
zkJb>329xY{?l>3ODhv}riInn|O61;~90Q38gNrl!mp*T{frw!Rp;<_~P+>ogb1<0)
zn~reW&#8&b)1^mBO5upj+5p6vf<GVc=YyLcfk)SXjXqEK!}_zgSDv3!u;QDroS?sA
zWics|(-LM<OzS`Pl{fbhfN>vn9v)SJeIJnz@Gma3=bI0C!tXPB5*y45D+UevpFaXJ
z2#B}p_rhwwY?HXQ;#MXMj!jZm^bea(s+)yOQ-L<5CJEM1)^#KwvK-+nKRLF-p4q~;
zapRvmBUF`RRh3~i16Vd>sh3xVYihrU6Pt<?4}4E-dpuDMWQtC8mOa@njcc#-SJ)qh
z?6+AQcYecQbA0f0U7ht)v#KK$PD&Oj{0U1Pd7bZ{Bh8;S?3bJ)?UOm|N5!{VF{Gms
z%|?f7IO#X*#!>iawvkd81ArsIsk!TTH~zkzG;M8}Vq<dWavh^9<Qte}V-lBa>=dE<
zra;^GhT8PvEgz^t`yP_qC$rT)l=+BZmHkLN<$od@xEuecA#<aK5x{p00&Yqh-fB_~
zl7yOhwl&~TZi?EGs5(SnBwqaZG88)AIntyVK;mM<VR~-{_4WK#8-e*e3qXVJ^=Q}r
zTMv*_Yojj-yBVPHFLvmAuWRsolIzQM;ZMKORD((pM4!Fki~idMY)}mCwoI0H8M4$5
z+*ElbnG15u4SjirzSMVyIWNY-DYdua$%|6pVJUof8*6%=FfyDBcC%7r|5Yh4T;XvD
zJpSvPO4E>g-v3LZCH2D)7&L(#IME)M!%EF<FuYxF-}vQ#F`h4#g!Jo7-3V;f1hW0D
zS?LHIQB-_e`O9>4j}RGuQ>=>~+Z`wVa>1cb)=Yx#D=+?qj&cKw_0ZigY)4c)WRlln
z2z?NiCj$q1!r7u6i`08yU9!Dhw3Bt&pSTD7IswQRyXwh_JkCIf9EJ%wWtSO&`Iv!|
zoPpEa&cAuT2Q*H<hUU_+j=_qVw49y`_TG=*&Oq?1qX5>JY#6ZivG98$m|md->Rv3P
zfClhhewn1D0o|A%Ee9%Au4L8>c78zvO6>f30%$2+X%p&;N?@q=NQ@nI<(8Y(y#Fvw
zaj<=mj>EpM<2OVk;nKdG#Gif@V};}Fpqa!!;1{M--471cbv0lWtE0&^9^1XjoS?PC
zqjbQ_nCR66o@yGf8WF*NmPm^UOo)b_!hsLT;JTw@_pt%f6!4bFQ9nYBI7{Ve?6@;V
zfvDmJh#8}usGw|A)+A>x<Z@1+<OPsD2sLB02^CZfCDI6NP-%Wm8ZG>7Kvk=SqgS_&
zP1KvsZqt%EuiHdQe_LPtSn}q^WBP8#QRzJGl{>#-{!r4}lI;@EqN;Z0z!wQwSt13e
zX?UR(-Vhfm^a;c-?fJ!Tb)I%aVE&Sp-Q5vTRw>|$qN$-&)RSo7Eijjtj4+K*BXcjc
zsH3bg1g9l8MY!0ZX^$s&m~9G*aim`T)2T}pv<IBm)BfidV8mI%-d=Jmtua;@)tN{$
z)0c74A4zj_t9voLjVerqG1n|b)srD?h-cm_;r>#R%l4DLo_f---1v)Ff6QP4&-q2P
zBIiO1hnBx0L{0=D8Shp@<qhN3AeBt~3`ar)F8q71j?Ac$Ohcnc=XZHa>}X53+d&I#
zL~FNOk|`Shv@GjJERSl%${3{w{yLhzTll}X;&Oi{I9>ytjA$K6N76KcL<-No*Ogq{
z0%vXw<O=HPX=(`MqkZKc1k#yp*S>=ypwza#OH4*hx%@^0Ip;+jqxu8+s$U@&XNZ(o
z3duX9-7RJvlG4r;gASOX)sr!Jdqby<1}-a~kcD`WX#;Y1D<-0#g4(>8tj?J7b{V@B
zC7#gxa6ar8UKH9X#c>%qawi(@W!Z)@IsqozWDT`N^|}(HPk_Qt9m(kqG%Ty5X{q@%
zL48jJg(XF<26BI$X$+v;(0`n~u_npT6~)YGhePRrqdgm?1eC~WPe!L5Gyd~t&A{l_
zT~#8V1Hj{TrzK5B{E^y}yy`^Pyi&t#%f{yB-~ISFW*wbO7VGU=Zy};7mzVs$<CUuL
z3r@EN?gYulGipby5bdwxj}66!4f*kd>HQ|*l(BDb$~G^On(T5F>Lt4(j3-EhV&6Wm
zD`rBL&jlOl8Se}HKWp#jtn>Dq4NL(8asXr*);XT<v0TRG`~r*x1w9`i_EF>KsAoAy
zI8>!vx^F}w<4BJz3Uo8tVSv3h%o=@U4{LVQO)c?}TKG=R%m$NBrVqTKOGg9npQ<bN
z(COwkzWOxg{d^V5Y~ak95zG0x5`p=)A=Ta*^D~W5JhMAe)eqzAb5Ko>w-3J5z1T~Z
zh+oFd7nH(CbT#<W$_iZCMA*t3>?+YB*dko=5C*AiOk{Zgtw(7D9Vs<a54_|NVSnhX
zIL2#_mA93bJH78q@6zq_Nxt7*bC$rtWR_6}IXH9*wV0PnwI>kO+1c{2CoRP2WaPqw
z87%llUquf7C`9D+&*UfiE1|L_hr^`VPtjLG(bb_DF9NuLnS{dQ1k{J55a~Pf885Ef
zw<t;nHL(bJ<2!SHVQE}mS4@quFwD2$ke+m0_6HoqMQ_ZDTe65DKcC-Z>@z>V_TP#?
zv(d4uj#F%|^`I);bIuTi1rIzEKAoAn++p3oZnTu?ZXJ5{hlCW!J0?~pt9{C*LwFnO
zQ0Cw4cYh|TI<qzbWAM-TiAkuuS@**r^{zwMEydshJo`gpo{6T<tzF8H&FVA3-0mX@
z9AB$KFLjK5S;=YGw$B`LA`ybn+4*zgnJl_y5|~5q?0zPKlIUp>YRFg@S5`?)euz;l
zuBc(KD+=~+P7TC*w!R_}dXZzEI52BuY5VKB<T<{%{0=)rB5Dppb<rlua8`nr<CCZ&
z$udY~l-ug1KCLSq{u*J26mFl?uQkq<>*$_HnSCujR1=6QfI-L_Yx48F1E17_&?hnL
zdYf;);wa)kmHG47f-kT=)OF!&1YT}_h=)Gj!(BPqh)5ZIhZ^l{W7uT75E2^ty*aY~
z=ogtM4q^ULm;0ZY;t+NC2k$$}<O%=NQ%vx6Bw_9uN4RbqM<m%@*6Jeon>FpXm?Sgw
z*B%MfcL5q5S$@(=49BLM33LvYZ5GflZVRH?KQ5knu)w5TQEHNS2P=sg|43ug2)=<U
zyWR~REg2a{gQuM6fy}CY^R8(GcBE8{yonkk1V7*(yF?0DF?vxUN-IPCZ{{wtGFH*8
zz~syhdsx>v;WM_7bNjt$N=x2k;~m}aYR00*eKITAgPXWc(uxo20-IShdP!8rcMql!
zHDI#<@$W?C@(8|lD$t<miz%#)##lx>9!WQM>N^fNp&ZG;0u-l%1a=ZpD!nTSO&j6H
zmfci`h^Q6RX-)Hw`Z)Ut=UnoneBVL+t26?{flMg9^f_DQ4n`Nb66mOew4cmAAjK-V
zDQ*WpnIhF$alNEW^<SY2sGc%NK$9$Z{Y!+4i|6F#AK#pEWw>a76G`Co5UkR(-)3lu
z?ysby5x5Ir(z9Rs7Lg~@K^)IKs6eX-htIImB;aPI)+i=wZbGgI*KCgJYY;6u7o0Rg
zh)8CBv2VidMyz^l9kE%Eb##i)Ky)l>X#(B9%MV#DUhj`tg-a07isL)<B~A$H2Faw0
z7aN&%g|7j>keqben596MTmitE@0B0iyn~9oLDiognEq~Q(e54F*7emp=(26RE0}B2
z-N-36J3597j0nbg<(5A_QpulfR&Yxtrd{=!aE(whATH*iso+Dr$UaQmwGoqVmY#Nv
zXc{5Ptwpg%i_fjar3s_<R&-O$7%dGnMScw*Sn)CVD&lbw_z)|e&ghF6cB{x#mVh7N
z_QHnR*!SbiXOaz-{FSP6C)1e7=vC8WB#@pk|7Co$o4d-y+X4ARL{EU7)!{FVOw(`i
z<#QGGQ~rU?Q`O9dZYK$81yf6T-^aFOk}#Q=&H$Ittv3K&w^8Nq@c<EXlXtl)AOGe*
zCuu@ss{17u-?5i%WhM@8^>Qt2ypqSlC$ozeh6$Bl!%C+6;_*IaoflXf`l+#4kO_@7
zyqD;V)>JZ4?qqc&J`NK;i(CCsNA*<ZXwQkiGZ?KAl3tn24E>k|9{v$NS)z^#DBl&|
zKQW&_KHzevbYIhHOcdD01<$CPQC`n5Mu?OXb_--SCK7pNQ{FV|j5>H_Z>7zdQF7gK
zgMrXiowGshE_^b$5z0Pk8=+plCvNpoGu6drSlntJ+E-<ssn7T9$l#gD@X4iVc5YGg
z$p}v}^UoH&T&?}$R$`aFH#$~pqyx2nGlXm6W$!*~?4`pG?~REoP9CNov#3j?y*1>C
zCSop4lZ*Ec#EZ*wO&?xR!zLW(4rd?>!Q(4d{sX@wf4`$@5+{#Ek*O5X7R0<AoDoGZ
zTT8xkX{>xTEYp33bXgNU<y*SsJ+7Ov@44ImxH{SeJ<;yqwQy8*nG!E2(u_#y=6<#&
z;)ODylWGq}{HRYWvUJ%sm5aaHfxr6Kgv!T%wYGx-P-$n}i~rVxB9osrKW7aaM!-i4
z2HF*vSGX!?s@7Q|Wm{#=9PFIZ%^#3R)VrfP@h;8*K_gW{Vk7w6h5vSd044qr_Oo2>
z!fX`V4+r-R)-Gp0h-^;c5l1y5BMrwS=Po=`+<D9ggl~fMisj?J5hw@YM;>C3na6JS
zyllH3rLxm9908-u>DX&j<NS=W>u$Y`iFw62A|WVk`WjUq!sT<#7ICzjXWj0;!JhY{
zG5v^z$hhA_Fbbj{t1_HU<qc`%Ehb`LwBkN8e~<hPA2;R9y+}qY(N}6@H@b!JKpVA@
zLvho!<&5eXi1Q?3(Or{QW-)i3)yJXu9ygFB(2FTj$6rql{xCb^PX+h+c*NzDF9O^b
z1v6ZH`HRs~e&NAS&S;JPhtZ%=<Uk%Z5+P(*A*3Mg{_y*T%2g+0Qa;4AVk(K);?8`O
z0<F1~T%wC4;(_EFT|g*Je_zv^oK=>ZJ0aa3JO8s1lUwk&6+N@fim+so82V_twH$DR
z{;!G}D^^%f{T9Os({_+<H+x|sOhomv^`dfY4~}jx+>Y=l5qkUT$ILVc$BV#k>Oi-l
z7^k3_u6~?r=4zxR*`$C&Ae<#V2Zs^*3TQ{F-r7Y3@9$dQNAAoL4@jEm>gwHZ?_|}b
zV|vZyA>!|+Pl<2k8@5QZbYs{+5@XngPD+Bw0{dYM12_Nv%5yeZk>3p3U&*{h+h&^C
zP`*A(YNR7=RJr1B#2DkMWo8It&W`9KzoM8*ZbZqE)Q2D$tpK#Rlpl*WBZxOt+Z-qM
z)_O75%vbZ8K68(Zr&%mLr+gN0B48S^k07}f+0C>ESBrE|<eMK)Ce7V~svd+sSrv?h
zyXIQBIHZz8e8(cRG3h%SR<TDA?y7z}sT;yEr%Ar44+chU6A;3(u|t=_aA1@)0U@yg
z<})o#*<63>Gi|4V$ze$%KDp=S+(%Suw&gnoSxM(KwJub7+TUZ0W*GysA5ml2ei$Mm
zv9X`_QFswmh}CMrwz0DB8ew*!f>=3$Mz~$5dPWvLJ4Nf3E=gN?F{sMC$M0jTaMlkM
zRMo=q3)dAVdeosIGa3=AY@a+0Czcgy-t7<dT6p{Q=!p}^(b}2Il;oVK<@3i>JGVa}
z%7RNjaI$hvc8{tG@(zwFK9mb?dPZ##K@2v)qo>+%{p|{<)T|s2Pwg=HSvJCoXAgN>
z07$G4hRL@mqfZ}h-t!6}=cv8*ksnxA*RN9Ug}~>169Hd1_V<6DiV@zu4-DF~Ix3B3
zyjw6_)8o{43}z>Wy_p@p6a4o*D^cuys3FXnIHzlSYEmMDsMR3-ISpI!X0ne6|LyZV
zGi~;BTIVYm^EqL?KGi}z!qD`h7c_`p-xH<buH_dzrCfqn#5*;jg-$;UdNy+u?Gj+O
z$o6;G%aJsXT$*M^&8cUHFG9fNR}yXg#rb>ra?d+$z*F;v=gcqh)$}7Fg|zY95tBq$
zHR`nMy(+~9*R#gDdP3-*YoAL8-=dQ#+ai@buQbYACL9d5!~5L{{Z9JXXvvI_h9f5M
zaJAxeb8L4tS)UVn!#j;y1Wmvl6WA8rc2dTngE;{70ll4p<EK@2X2MT<R7hR);}7k6
zj&6^*k?&Kc(=w<X!|aF9-<FFWbm40se{kBGiJJZ6iQrix+;mDrf{ZP3dG86S5*ehH
zMs4lPorWzM*K?5c(IM7iFXxYo*#vmRZ4L0WXm|apdg$yP<HR|V&qk(ZGO}jyHjKck
zicr^E-iLG=SRcCN4P<$fBY0`%z=aTKGF!T$pWswJd2nDp91DWE;{#UU{7NJPZ}Y!@
z$fS0bEfK{QcoqbIjrX60(~Zle!gb@n$Cbf8YC9@&=;b5K<&#{Y$;GL3ULIe3M3k6C
zLtL`WSv|{fip%BoV{hF@RjKB*cAs8}nm<(-@O?y!7)o~cMj&`7i*w&Vix4sZ!I6<f
zR2$9-+?UYt1mKw1V|TS?Qqp}oKH!`m!%IOcb|Z>7h)z<Ahwg-=tMA`yUuQ+t1al``
z*fRzK)a}BF8AVhpIQLrPQr}+GVpE+CIM*lBsA=n;kCp7E&rPAJ61WB}Br0=I3;BjD
zB({|zmUI3?GlU#Uon!1<WrQ5HePa##(AKbP?BZUD!z>wEcq?G=W=z{`P-72YqEz2)
zaM#;d^Sc5eb=j106qfqU=LoGf!tO@`^Fi)Ae6V#}ES9=v$cT(0eJ>NcnH`1b-<R>$
z`hG&b9;RNxoic{Y5kkIOydV@(zQ>Qo6eCL13+;^ACpzk^FK?3a1(e*(C-~qyeeov5
zimC$_`6jXrXaeq-ffdSnOzqQbwp{7)=l)irE7xX8GOj;Xt}bbKj*y+PzgEjy0WDwc
zbl7G32Yb+jc}%vu58?1;NHGh1Q!myPzr}#3mqSr+W6RaO6q$+|HnHQL;;7FtNXVRn
zB8-Vp8#wn7ExgR=B*qNm;&QRN%lYoDGUN;#{`Irw*sO&ZivDg55fp}AI>n0|;XH>V
z*AS0~qkzQf;161p7CCZO9^RAR7y0uFn<-@)2Yt|IA9yAHtSJiPX|r6C=6781f=|~_
zlOha;l)i0_6qCxS$tcSNhtoVYVpwrL{5739XKzU2B2qhNkL>~ftDv57n^i=dsmVee
z@FrUKCbBtFj6m=vvbq#IvF7yoV{UR!$Y4(gZtz2eJLdqBW{>?0YQ=ppVn;9&f;sIN
z3{GhxT0SoA5BEd0=D!Oq?T@)9vioaoGM53%cuyqS0fC}sn-evY=YR-jXjaqw(qI*`
zFlrT##AKKiohYWRRFb=6hu>dYC(LCh&4W+6KkP^^Teg;CX>~A(+J~{5wK{s|3SgUi
zLhUAsc8*Rnk88+XVE-{_>lqmnY@|L|06JYbtT%uSrVP{8`6r1YNAS9EAsk`qi#k0F
zJG|l8PD4dr$E%W&j4Nv3xi}-TF*wD4#<71x65`tB(}h^S06)jdTBgv|o_Yaj`#6Ui
zsM3%HDgf}RKQIqip=97VlwEj-PT}U$V%qtOA)C-EDOYxuGot3xD{WbbvmmXck2HuT
z6y6|3N$;EF>+ZowtRT(eD$^pXZ+g+l9gps(`ST7WD9Ku9J_T=GBcW~xx9!Dx)V;>c
z5s8y=`iNNkY&k;xNX|LAALLcW<s)V`L&h-^;t`QR&f$OYgYwj(bLI`9Q)8?w55|j`
za&xIe{FzPEjQ?5ICg^np)syVwzxNvs@WqIK`;xBBdptA?JCt-E0NV7Y%Bc3Je8p#0
zcs9;rzLyg<mHiHC2`YE84Jz+IXny}$*ZiK+5pH+w`lsx*g*5%Ho`vL1DN^Y<h4j7X
zHHh(_${wB<Ur6Zw*vYqicK^u<vV8{0=l5T>L36%P1|xKge}DDAJR39oeB}vbMQ8~B
zHtfTxt%#nQkSa)Yt$Mr*sxVq7vHJ>+phqp`(_rU(pIA7rpC#5xomYKQm7?Z~vo;F+
z3eF|qPJLrs88sN<lHr+Gtt><=AX0j~pk#7U!3!?4O1Q|=B`}F8MosB>{uLq0W`E%b
z$ztK);^Up0>C8g>D+Ts#ceX;0p4o(c)_wx|)1?qPC*b&scv9mRH-%c^`+Ir0CYt9O
zgynF;7M&+2CzXk<yk<AMvhU+2l(MH;iR-);H=oJKwQJb9ay%DQYpW5B+1NxwW0-#P
zk{qrnN#r;Y`%6r~IB05&rMj57c%ub$*<X<2eQa3xW@--(;Y;S>R$SclTN^8$WdPf$
z``L`{Wig68VuB|<`f9h9^@;tFuJnxUt?qneBznBLADs5^x~C`o-$c+1|1N9_v85)E
zPfiAj&d&U!M(Zv14elA3^aw06y$a%aP<Hsx5NBmIro!W&QZ&%UNB$mYZ^cVqz4gjL
z?0<hX?U9nT;uIY*KbB3n>debrGK-34X>DU>)3*Th=Try#3C}_4T$I{@#ir{^|MBo~
z6*w%Y+E&v=+zCxie)r>^{8Jkhspp-|Ekm~Ga`cmq%<gr1^7Jhy0s^t$E?i{ca$mJX
z^Lw8il&JliljZHkQ?hFZr5jpV-H4#2oZDSEPR2Y+q+Tl4{8dL=%eT339N-FyMale!
zRAU9)h}~R^uzs_!BKr*x^1xQd>{8ka^2F?QOUw*i#<9GC*Ix&kIzj1vN~0e|fe50&
zY-vaXZ3v<R&%Zjw3Bh$_?23JF4g<Nh_G|}&k&-hP%c_M%PbLYA)6H71_Bi`lqogDw
zY?HRN_6QPeB4=+n9Uc9ppe8A4edPdy&|<&r(F%~n9uq+HfL1bc$(K82bI!cQDhFjH
z?Tb(^uAiuSD37o%1HDkbG*Jra&I_RUbu6~w+@JB_On?Q6qfPMv$Lk3vm!s)pmJWvE
z<*dv1q+GKVd`FT-zhjlrYkGLA@3w@^vTlEf97#ItKYg(wrD%^YVCrzwK{s>B!}*d)
z^u@&}*XY8dNnq&eNTb7qLfx*WS!DI(M9Pe8*XP5Q&W9+*bPn}By%9o{64KxM9M4EF
zz-JPekPcDeULDY;J2R$<b}^|V@<q{whHFW!wgOj9#&`@!vX%1BgRR?;O4)9@N&Jjk
zV`7~FMWG@E%u{UImptcrd;#OB52roAkbov^S!9}KbQ&o5z4<3^5=3FDO_6migsl$u
z!rhS38JT8GweNk5ORd2sz5g;D6oVCkOYP&%ZXRfD&H-9Av+&wXj&;Hr%Kq!yt>dxD
z7mZbiM@_*m9*n?hYWMkR8U0xqN6e_<x6r&6EUVGZ*-(#9VYm7VH}DF?Kj-bExQeLP
zWeamKVw_WO!bVVF`H8TYL-*Q%9L#Nw)4pO+YGz=Sg0OG@OO1oIX>9$D&fJ|FZ_f8n
zx{`1yjJ9YjGzKS{fWBYTp@~)_t<<cPa)vdt1mixa73wqK#nfplL2OmjQ!35GWSy=a
z0>nk*z@{kJW%g+3DJ>9^gSBFChVcosu78uXw8W}c5%25_)eal_=DiXN7HgbOC0SkN
zTURoTJdo%z-IL(c*D$b7S!|NDG|uBx%Eu;j{B7W;>}ofqBP!)#(Wg7{Ppom@t-k*H
zYx=ru`M7&SSoeUlln^c2wWm!{*1L~?tM1#uA8%bxQTwb4_vI6V*+{?1gge26&&6BC
z^_F=-W{bW)n1vdc&`OxGi0@EJ0{2O`G3J)o*P>~zea3ekX|6Amg6Cb8U-BTi<xYop
zEDINe1^C7>YNd!+bVy@@1zakNk0dH3SVhx(h**nAM4n_DI$%oLbFs2+>o8>c(r)K>
zn!UXSlEI6b!U5p+0KD}OINWEke_fimDuDV(8d|``%b%T6P-mv+s<>prRN%)~Z#i~T
z(ekx3Rng9;`BW@r39}%y$lfHqD=GagMfdXMmfe_EP?k}v{TRodVuG*W9NVhkY%kWW
zFMXy9bEf^+B2Rj{|9#vH_So1=@`Sv?xW#G<O+#qJ*NM{9lT{SM=`s4f&Q|dZmDN&*
zHd%Q_^(vU97SEn$16f^4psFZPLBOet*0Nwve4L~!l|C)i_^eqWOY^Hl6JFJlqy3?q
z1@cxLrnrd{0$O=SwNYDb;V0t=%vo{CPfq$Js|}%6!I_;epeNYQ?!ct^z1#fK)s01Z
zlW>NGMNH5>X5~Z<zMSF4Zd7w|ZRJE?IOcRXVQ22TEVu?wZG*TmqI+636rX9AG_&-D
zbg6^5v5b`ujg}ig%P&L1pqRl`ZHufsw&@p@VDYjePw4y_iH#VEeUnW7!9An0y0XgF
zB*gVAhHnUQ(1+8Hv@f{wCOl#vD&V(t83ytms-tH9rNg--7+Q7NQMzaS+pq4wup_3c
zOSNRevR?jOO^eKyM)80)=CygJ)`5`$cEdDZbe9EyeqtA``zkDuiY++gkS?ZE)G&Q@
zIiEN<$I9HQFWg|N>;dlp<17#6Hnv<r!*{DKZ64V*C|PQ}yu#D2L8UeaeF~UwOam?V
zT4kj@X<C4PQ?2&rMx{N5i>obsU7Zm)^5fx9!CzN$9qh`>%T`^fa2X0vHwEJ&h<|Ba
zQ+#}eUEGB*<JaH&^wj5)R9!DdK4wPu-Zq6SH3@Jsv_!eqAQA7~cfzewcCwYlnTu7s
zmEP(d)Vw@QX+i?J)w6^>reC#%L=<IldCNNe!_%KLru?UyG?;h%5o_^F^>Czh@aP;*
zL2kC@1j0#LLs`6D!m%zalMRjY(!}`;z6!&iu0&C&*E6o1p1=MRKj78k+-Pn@qy^l{
zW9Ryz{9{uiwj*qnUS0m<10F_9r@3Kfbf`Hd_9R!9KsyceS8d|~4SS{2IDBSwV5z6s
zQkDzt+5&XN`PMhCEGyWb@<tr+tWR28yi+2WK(^!XuU_v&jFJF_{x-|)xP{7$p`vFM
zaB<obC<*~aI~0~pOYA;Vg2%yp5P+foJf(igl-&vyXDQQ?*uY2<quy?g8ql&-mSTt*
zk+YOn4T0vNn<WW7gNlSZ(Wj+NTb8r*locB3R;!38;rLUg9Oip^r&|U=2sTsAriM@{
zOq&9hQ#uv@Ym+e5Q6YWlX`pjC%soa`8|ty0iJrJEFFzVGvl8-WC6`|kWDm6tYh*^7
zw;RoM5oMnU{ezgMWU8z*y&05j)Uqd|nifCJQ_g-T);WSN&|ZoTZLcP8JnG{(mR+Xs
zt{6=v_Dq#Sem1Ek^z_$?NK}hRNQ*9o$wJ|NK|re!7w?bvM6GcmZYV=Fl_P?!PDSk2
zNms38`5N>YZMpR;DUR<qIOe&vrH=Tlf;R!mBid_~HovrS{fW&$7tkvG`JITZx|sJO
z;&T??j>aEX&+UXc<dc85`+^+CKE*6s3BTa2SJ}w6zTsmey!a%&iPn9mjwf4PTVhcD
z>jvD|lXRs^qgG^)u~L_Z=fsk~yW`Au3lIRUy1^e5@4U~ZmZ6Yo-Lk14tD2U=7g+y7
zE+5BIPNi;l=Uq<dbU|^W5|?lb5G9klux&6hDHPt~7_kdnj~}Xj(Q6fC9&D_lhgURa
z(*yslihi=Pk2QpBvihwr67wXi>F;Q@_VBbfK9FfH1@f?uYKwIk5i0Cl0VDPR(@XLA
zwk&nSMVX&AV4Z5Mwd^&0Rs1>Lo*Xd??ygjJP7A8m#Cp0$-{dT**{ee$NI#X>*QJ>N
zQ3A$s1TzQ<Lvt5hL!mpGT7zFV-=(|T<!?aR$hf1)N4)4roEI=)Iy~oNR_|969|<%z
z=hVrQ%*kRfpcaI14O6|RY=%DZ6?NYn3@8YnxU4WETbmgcX3lNM<9fGnrwl-XRfpq-
z4`l9ICISraCUwDX8SzuHGk*c|$v3Z**+ep723AlkJISXwr9%h6#Zn_{qn5O(oTdA-
z+Axid)-Y{<tJs>(C+{zV|IJJ^Z~)IzyNgxHZdOpGL>I7M^LsrS=n?-RKt>Q6iqW~E
zz0@Bsg;4XD9+Ibobf-mQp-Iy~ee~s49yp$cyg?HCri}Dmo64h_X5XBKXi8d@ePgES
zro=hidR-%`p%EKq01ZKBxJ{9Ty#G~FvG9+Qwx7$Y^0)Zt7;omP_P=z`WVuag$mPsQ
z9Y`{;De}H#B&KNq2vbr?eoe)J%kfZ=MCU=VQ443Gn<b}ltDM%nyQk8(*eXRE!z}e!
zs}=NlPaBilA_*jS!J!Uqj_E#htyqhy)bAiF!3&7e_R9%U8sJ=;?)v3qd>pv<0ttpg
ze^JYFY39s2Fovtb^smCqH80y0dw+^rN2In^2aFl~B*(5;uxiw$tU}qEViIS|t30j=
z2KTmfp_mF<V{-L0NF?S;m{bW$3<|ttezDCV>gGoZbNf+*S}wP8s_{vs&A#(%RX3I9
zQf0_%>X-Y{hLLJabOlp;hU78joQ8!eY$gp_{=fNWzfJehyyeO28ObVhN6z4n+odiD
z_0ld(H3y2rx05Un8ta%$c@8+58+47rBx1J{Cj?IAemW+D7pj00$r64;l<Sr|sy)Po
zZaksx21z6vnj~h1#LFA-OkJ8ThlX*921@Z?@gi}BB7GN-n*<`W=01|Wu?zSY@msi|
zKV#dJ?7I9S-fG{ysN7C8KTz!!9Ox4qc)Yz4N5A<*LdS$2;)Lc91Z$W~vZ_JfT*b=o
zU&+tyxyH{@p)7kq!t2+1+m2OLo54&5$DaTPz-?5zXjjj3F}zwfVeHG3kwg=3B8ERO
zQX#9POCZ;V)mC2+AeuH0^k@`oi?Th<;z6FX|6zNY!h;-Xj|n|X;fVWlCm=rP4stZo
zEYgFowLK+o1+-;7l9=AQuRC%!61te>baqetvGxk7E;7!k%9p*E?dO#w_|#<h!+To*
z1c3l9<>zT07HFWTRib;02VicGa%rR<gNgrDp*w$VkHt?3)RJw`4G+WX)3sW25cun7
zf8*Vmog8&~Oq)RGcIiK_zE1`*s@>@q$Joo2YWaLt-5N1773o_G`ea@vkwy97%6DSJ
zqf%1T(>yS`N43<UT1<Z@sh5eyXHfZz3dj_xw^B++E9O5h$Au{p`V#aBP(l2938P8C
zNqa75MPF=qevbKi`A-j+LozWSB_OK#w6&uy^0YJeyUtLpMy&;4+5#{#V3EkRY5~+Q
z(Wzq#s~j5U3~H^a%O`$uMmtq(K8dzC3(VW}&w~qW#ceP9kmJ^W{rl^{-zY;|wqE6m
zN5QNv2K*jnS--qZo&d(pDbu(=IELBSt30&s_k+=8Kw716Jp*;ij{QpfjASt4nZ?ES
z6l}&h_eq8N@ic4~T~!QZmBPO(rBXmAj+VHU&P#kg&x$nA?GHi7EY#N`CbiRj9rrJG
z{>eF7l-iPE5@A8!Gl09n{dZmd->CGCrBs*l${tI3KI&8l>5Kga>FZo4WuIE2F-qwe
z+p6=udAA}%u09-z*uOgfflK&%0xn@BIt~=(G;_mPuhTbWbje73Xr_msP5d{dHb|BL
zGCUmQJ!~Iu{^E+0^m4}Mi@AO$Nug|oT_*q#oy2z`7PLQ%cGEOhB0~3UZ&K+<S|ESJ
z0{}YnKNV(46=}<<L-gEkQu$@lC1t3#C}o1!dQ?5mRyMvh1#Jl@=Vz<dJl}(wT9jxc
zX;C1&v`OrANzhY#RLH&}m9P>n(@Q)`>gUjOYx}F73kPRftS1^*2(Mc3P@uDKYoq-~
zpVlbbs>=?aIUJ_5hmErpI$A6`8UTd%+t4BB9#MUr5><^HRmc5<pOi?3dO?nA?^S}?
z`Q;-G=#qx>o~+GT=7+7!{>IKZUPkJd>(u>0!@Hglzcnl`cN5k=crQw3)v$fDUa<Gd
zUf*K8OKD!BF|1!@YWd618V>B5`{SSTIble!6+{c^$cjK1F1tnH)WK;!e<pa2-HZ3V
zEYS^aitDG5SajZ$$Qq7d3%$Gb_1PUT?;il_bzNRDsD>*vL*n%2tv~#tGx%O3ha@hD
z{UVs$(WDDKxio6coB9`sDU=iGLE}H4G&sFK(UeyG*(x6)?=Eb4MYx{Y)JrCm@7?Uw
zp?5jSCAS!~C)-A{yGoA2KYDfKMj`4Byk5ot{jnrGo1W<>K57jsoL1s3zkl3%cV)lP
z(=#ovM4I?;T*ny?)6IR2O>!NG3o~D#45ZAH{NSl=tL5gZ|3R~cYv6a*rky?4j;om7
z+C7E?^XWLoj?TVEix7n@9Q18|{_A2FbS^=hS;1?Lu_Y-IfAq|{b$%J6%uR;7lrN&I
zSuPb^1BM6oUCevoN^fd$O#F-S@Zaz0zv=X`!q>AFH3Z-q*d>bSor>H14&OX`)C>tx
zdS_dpVW98f3i(BQ^vw_%OnYP+?NOI^Q*Vg8Vu(B)ZS30)&eCcS(!E5+SnTgr_?g{>
zkYHyBNb5u)vyGN<Xo!<Zr~}p+0?zoZV<0<`#(l~894RTRq@?qf2|vj9y=f;8nYNL%
z`9NH6ks}zdomk&Jp=LG-bv*xUTtj)z4{D=h<%%Uke$%mFhngDx?dLxr0OU~l;g=9h
zou9GpesWV+a7Vj!g^&1}`eEJp{{i$s3%}wsY_UY0Oe>anp>X(D*V#;J#5(PN@4{?6
zL%oj{qJfo*cBSnReYmsJjKT(|MiW+_sm3}SZCe7J-(w$2*H+&LgxH7Di}Oz!aZ)eN
zl-eLuZ>lxW1d7`$G-G>r!q)C&Ue?n@k(a3^o|pAp=uY^pJHg#GA4|P;I?!R3Y`TmP
zqfd&{4luCJ>3}<#peKuNNWy7|4dr2LPp=Jo?cLBD$%LlK1osECY#oKc;=i+$>2cI!
zJ;U$qWANfE{J5fyRU!nI;IUIrUqeY#k_n$A3nks2OxT<(gIo@0C}&<W;a0Lx&elB$
zZ}t$%DT$JeyrrD&_NgFu*(^&bKiXG7DSwdV9*kN0n6h8%Y;#?>kIk~V@$2ht7xU-r
zv2^rg5$Mis2a8rrv#ZTjl`m7Ot3BV-uhM?5ZigIzAMauxsp`())%jb`V555-)q^my
z2f>SXuipHV(XH<2LD<%V(2#eltb@^^{@#O-(?fKqlAM*Y9~GL<dGij{>`0#}L9<Jk
z9q9oMz&lcJo)gMDP{37YwpHo>?DwqnW({P2EIT(=SB;G)rK{!))4+UVf)*SQ5oEcZ
zgi<|41lg@8A+aaHn}Zn<<S#u5hk6SAkYqGFK@~xcI3S!?!(N2?y?6w<K!8m<U=7_D
zZ7eW!->j%L<>H0K1T{S<#OvCN(6N^gZ*DI_S}z_~Nb!Pu6MTCM@ir^*HWwmZ*@Hs7
zk9rdZ_2%Lo5@7WXS^@5rg5s4^d(X1Ccx7UOev{(O=}nl~TZnhMH{n=sf_Ih_uSp+5
z!#+a1a%$g}MbHv&yA*GHAHwH-xOjC1SoT4y_F8T!5P!F{c7c`Dz`|oH*FGfTS1%sF
z8gZ)xa;lVVM!~ddb71(5qL#|3HIJz>>W~;1uI@uv*+<MI{L+W;b00C2@T3pnK_7xQ
z$1w(ojrtN^>}$*<aH`+Wk)GxIIUbV&Z^n3?kR1B=CA`<yKJ=X4moTlbm=q}e7GV=7
zYDl_U(ahqKM#OkkIV|Y7`Vk!c>~w1NBRtoSw~dr=eLq6merm4cm};G4p1bN=#dvi(
zET$Xg_b1HlFXuXbRU-WAS**wyuhmkVANvz_^|y=jcYnfP{Y9|`3?TRpkW(0E6#HCW
zteBXPKaPkHr00i(P9F;Ie)vPet`9{B(&HmS`;U0&Us8DaUq2#be<Zwo?ZJdfgM}VS
z1}>Gdd-*qx2t8apn6Pj#4?!GrEyvUANC9tOb*_xqQ%5+*AF&-s6w?&ul*U~9l*R_j
z#cwMLV``Qy5ZRmcFM&vlx#~8uQW{v>7_XpgIho*IS77QvL1%O5xENP#wuqY#3?}Ru
zOmN;@TgW9z9C`R$HP2sK151c;jZm!4*jYK63<N$`tYqqCS>1^-L5DeJn}Gmz9LNJ2
z0vkebelI{TzExl{;b+CYF6W*U<9e*PU&~ie?z=9}RV(KldSFaY`cdJ#qK6P#4H3R;
z(h$ODLkQj+%<x?_l<;VX&>2Zavk|m>*U+OvXL=7M^c>24*AoFY>8Rye>H7k%wT;?h
zn#0BWC?@FTV?w-%LkXV`72@q1O89;#!8=EaS92Jl$}k~b8?`;tB4~+M;+PO`=rF?I
zVO+dq0ao*v<ytTQP{6egR+~M;%V=Q3Vk(b2R=~ANAg4+d;abltYMGo`dQ6q`$ApKN
zJB*M%Ot{uv!w6Z!gloM#jPU0$KDa0&9GBn61fP$UYrQ#7>etPA9zJMZjMoc43l1-Q
zOsM;@-3PV*n2_|b@IhNYCVc#{bglOk%^WUiMvPaAq|<6Rq2+Kpo%e<l`VHr8BPGlp
zPDmZDT&p%;wvJ3G*Sa9aYva$twRTG(bV-q})j3~^AXBPXi(<UIjtg-{r4T+%v5WI{
z3SnuAD3;HsgaawkwfZRbfn_zYr7<B*f03iRQG^+zglqK~O?Wm+xYl{23DZXtyg82H
zS_8%q{Kg2^`q~&m{V_rhB?FgA*<I`W<3bNNjv=fc!(D5G`Ic+ldAxvYZ6^hunlZxp
z`|%<iW%7KRYi;?R<yu33$%m1lFaq}4Tx+wv|KeH)s;0={)%JCa*ZaRnj}y7c)3yFr
zK?j!8z?R3jR{SDd>)A1clVb?Z&o&j|T9?jO<3f(SGRF0fL=GKGC_a|pOx;}AOsU~(
zw<+E-r5+?%6%+LGuXbPCW-K9^)B9t7k-qkx5@!GxXLXG0?O$cd4{ouSoO=tu3^j=0
z(C1@9cmHaiNE|wrFnFw(NR+^&Ql1lubH@_W$Et<<a*BF3r~V|SWY`Hi^<85LS!2b*
zeK|!vr<}EL|JPW;9|pw)mhC_l55}x)n-Z^_kc;?+e|{xHO+A;_z@Bdtbozww&;Fki
zygwKIxy|Q<H+TjIGyL;UpA&X`F6=^*(QE`Q|Gephu#2kW2$jci{~Rm84xF(3^V9tW
z{Bt)|f@Ch<D{X=spS0IW)Hp)xaiYd0u+xT?zs3iQBfLLO)p&nZ<Efl_r#2-f<fH!O
zI6~SuQRDqpjc1g%YJB@R!d8<aGu{(Xi^!bf$8AciKgqy&eP0?!xWFOxV@E7N2g1WO
zuu*Nos-EKYe#8Oq@dWpHUe)0m==u={BE}P*A5Z4JP!iK^V7h9X_d+F2AS6tXNQ;j;
zFl_?i;|b;+M@CamS8Wu_Sx#yb^wTNP)C(sP=1mk$eQ_e;<V1ou2Q!+w!z4oDB+=B<
zRozZ6q^TF45=}jA5+QXGZ|W5S?AudTQ~&p1fk@%(LP;%^i?_IKQ18=1ye*Rm8z%|z
z9!w(Kn8b%7QoI3Q5Z?Ymh$qQtHiDLT%}xvPj($Nn@&y;~rT|MiZHf1Aa{=+(>U=>q
z7caAI5S<a?<$Xc8^Mw$v@nk}s$pr6gDc+jNgk_V3cy6^f-y&#<mm|dsoI>!Q!o@2q
z!0w#3;;ijk3W)c<q83|01KZFxXrUCZ(G<dqQ-pXQO(DEDg*R>mA>N58grif0c<(Fm
z-Y-PFk!OT>l~V~7Q@MC40xa!}ReM!-7O>-~>L5ZY7jJXh%DHC>#90!^sZvG6SvM55
z@QNDP>9$o`o)zIj>r_HSs))1RPbIvYD&nl^sf1~%+(IgfC}vA4VN<GFV%HX{`&K#C
zb8Wq*ORDEn31?I7L5O22fu{0$l+=1oB~+hE@^YwBi)BrwaB4Yiy*8dzFRyZT#T2_t
z4)9xBFFGgKZA>GqPqVW-oklpB#)Cx3uF-VDlQfd^+T|Ck^-oUikG3H%pBItO<gW<h
zz7mnopI;G9e<dQHAu|a5XYjzTqKJG>%^>_dLqtAxW)iB-6q+F!xKzp>`OG>eG$VB;
zVe(8K`MkN<ihMSoD-ikgU2Gdvo<CPa<TGHgE%KSQ$%=de&liF5@(;GiXW$P-M?OXn
zT1u5lrc@Amv8~tG^9)|RL9B+@IFqn`rU*WZ&mx@Ug*9S{QK~^xD`{YVwe{L?Ud9rk
z>pi2WFBEhZhyJ^*>*je82)&g~=#@@zK3i8r6t!cqT3q4CSK7MD|0Y@evfgumx<|2+
zsru?PY}=szzuAMP`RRnYocE)}MFvg2OVn<!${N_UwywE~dxwplK~p6K9m}E1#)dxn
z&ECoGODF6}7hSjnCYAE+!mp<juBNLlyuPBI!l^fjEg6$zryewiP;8Fq!s{#Qsg<oR
zyzv}D!#QfVV>YMLCALKGoP2>&yCq8Nt7u?DVuR>{aIoFy5IWBh4tD+=!k2Rh-W<$u
zu%UAa{&R&HNiv$9pymH_gc%K)OZaFmcd-2g*qt1kgWa9a!SXg9qUbi|;th)pO5)=2
zc3n7^Fncb+n}0DH**TAZc?9ROB_53|c7qw)d##$~6hDr2jk+LPdCg|eX@~|()w&vo
zz7`u)@uH}nx8@Og%@ftLY#w3mJnqP3^^}`W2%RsgN0QNO1g+|Mc0p9n$oYif^Lh0|
z3b3GyR`vKDDA513Q*?8=csF8wQZCxnWbu5$!udi8C9rNw<yXRe^9g(AD_=iAQ4g=G
zf#t@Ae{)fcd9TkWT%9jn#5n6j83(){>pF2!*6E_}JT2!(1)a*FAI1h$xm2Ljlt83X
zg>;%_4?A#5QOn}g9>ta)%Bj^k?0`4V34Q6X!;CObsZ#TNM<rkLl#T&pp3)KJ{zs9_
z<s_fPHd}B>lshPcP%MLw^=Sy8Et3>wN<9WpAugoE?+h$t2+%l#&@h8Q6^8)5G6<dd
zpXY}FM=}U|_@5?2fJO@l&o3Z2y_e;C48T1Y?(oX)@T#J=>n~FpTulS39OsqzyKu4T
z3kWkfi4$v!*if`_nQGJO8d#$^*Jr=WruzGcr}{ru2lit*^z^u(3V#Uo|78K;=mMes
zAqxpU3whX3U8w)0g@n-yh5A2M7YRHr<OYDJzYF!hwvcdTAy@xm;_zAVKP>f6-ccYr
ztga63rE>8y;)1fIc)^PZfs2HAiHiu4i+F4;#XGQw@WUb@UUhZo%_3-tH}?-AUaiH1
z=N5DEUKL<#|FDABTHh5AZ?d8mSc8ZDaY5bx6yhZ;CbV5F#GAU9Fn%$?n}ZqR-Cj(%
zwpfTaS&28f5b>J)Da32Kgz(xDE?$NJi~ZB8y*j%JIFE1D3BOn_-q&%JSN&PQ4keIN
zrHTk%ORi9n8mG2Dt_uAn;=Vph2)&kw;C0dx!h|Ivc-^pskhz3MYBfascYO)rpCxLN
zu-*#k24qSFGKb>4+Di^qml7&3wMUjwO9`!)ihySKQo{R7<s@N4MKka@4eUsq*Ahvm
z&2mEYayy+t%LxOQ^R{_TO1PZx)p8Y~#;S5R<<x$O3psmPM5v#vCVaSBM5vcn6V9#{
z5$b=}5C*Q{eb;j$LcO|%@Xs0%p_a}h6w4INFB!O0D&PHAm*v1TlaQLpBh>yYtO&K!
z<pL3E>Iz$gnsT{_cysm&TZB4rn-!t1%a390<9xi^7NOSJ^FQY1xQ~5(h1wZgQv=J6
z^Llbwjw6hgk5a7^<=OJb;=Ee_T_A+rlu6i_DO&u6wS?1|vVU5kXf@@`PQ-Z)`CB@@
ztc{)_>_!DWfJ2{(b8Yxr_}A?l2%9$$oa;9h5yIxIP;+S<`AnSawnV<SfpCi>fBJ2a
z6M=UXZ<$gt?b*1X7XR2|+BzEvwKfu*HC7fG)4se?O}=q)&c(R~{v%6XXR~L|9H*dB
zO9S(Z4?XgaJ)G#Uk<f0V2qz>ksg!3pF?=K8zZ+Fd+fz}m%c<9jFInM=o%+I!gp7?M
zrtPVyH?3vGw0kxZe%h#F+7wPFI=)2XEBRvD(JNKZ#sS`n4?1y0_}%Lp3IA*qez(rI
zgv#IYpskkhyGy<$%>7mvo+P8$2wHx3!xdq8&P@b;6ZgBb1lZmymf!t*Z-JP0iK3g!
z#rscuP>ri1rmeS$P-7Fpn}0DH`O8g&DVqq+Use_!)Ba)AY;6tfop@LKtFo0(Zu9Ka
zd#zGSYaIG`e9*nCqI&LaBHY>}s;A**LaogNZw_Wu&#KLYC7VU{NHUs@pjACTUlrBk
zzlGqtg;&o|0ruBbt9r&AEYK~DR&+DCc)!N`Bwn+t$%|VE^|lBll)$<zm0t-vY$3GU
zqGH;4ih4Guej+}6_%#vR4c|ie?-uDZzFnnkp^gT2KHjzBnygdD51y8DLqRv?&==wZ
z9$YKXmr5W~sUl)pU7dU!z^Pq~FCTqf#<V=gifMIqkeuhMnAQNw7t@wfBr`b4-{YHo
zbX}Bt;TA%MQEpz6YU-4EHV1qf@BhQ~0wt-Yj&D|5U7*@!Nq8;3wnl9dZKQ!kCAe;0
zm$i86XZwiWI2F28ZDtjzc&Sob6DaY9*lA~Mg&Ve27D%RA+qS}qU3XjaZGq$U;M}H6
zg$v|}Yd-vjd`4~y;ioO~=tkg=YFxnquf{iDDgm!=A^f8hW#Mi$_-U+xwT|`q<A(6~
zO|}vmZzVYEA1-o_ec63#G{n(giub9UE6_jQN*K)1-#k(z`YDB;&C$Kv`1F$Ko3|1+
zaP*QzqgURqwn4tcU1b}ug%Uk)E8!MLk3Uk_`7Of->^dYHOs13%xEmXKB3Jl;R@(?I
zw~;_ve?%h5ltMZiAL@HkAicMZ(2pazR*0jMb^8LfZ<-e_Pt6`-#2;K1*LMP--CIEP
zO%aoaX)KY0!M%HmZI@n6aeySCFEHdL%l85aT+77Q^!I_uCMEVFT=I<Ok>NnrO%YOM
z*xoQ1>~Slz>$1R@`xbEWro03iF1hct-f0J1x0u>rTEv?x`)644lrzEE3vlm{oACbw
zxYFiWFwF%_eYoBgI~g9l1-x}D-|-vsB5L*mTtCdSa7S3Uv*%m53vSu3>Q<P$#q!4|
zSIkSb#nUmX(*XWCP@E+Dr4Qh^U7*d>i!V+tQl)T>b#P2g9Wh<kSVz~?nIop_^-952
zbAi>aRc_nb)oge7iwmrV4ellWw7hLSW&ZgBtF}M7ZSBb~ytae8i8Yh)HWH&3S|q-`
z{l9Nrb)8ydRp+7GsybILwyN{i?IN1us+gEs-Uq06r?46mIPs1Va6c=hu?}9t;SR4{
zw@xJnm-kYut`hDD9+}o@E4Yg<wbfQFF%K~A4$Jr6l)=W>v>LAs0;+VEQyg4|1$V5s
ztq+P1X?=h#w)|7eEICf)m&3To?}F`mBNwf(>g&lJRbR(fSoIZtw@~#fC3?`FeSq$F
z|9{t3<5iZFpWYQxZnoD}(^a<Gnj?C-)pzs1k;m0|5D>gsd_SJ=`(W{%*X0PH%GuSn
zBO=%C%9n=VN)o+f6gQT8DmrrYTw~M!d-<d^qNjegYiwM-)?0Pi`kr!Ku5YdEWGnlh
zEmrmrEBoFyoBy-2>u<M=ebv1J#vW(;e6Zl>K3SG8{9Sw=1i04xVC6ry<^T4hl^=TF
zG8eeI{A7KpbKk-kFZ$pW=NyQ*&k(|g-`pT&=gh5lu#HsV_Upd8$L3c@@3l&`@P2_(
zEwFw5zTjtlpC!_1yGXLb=OTIK{hLUxEE}DQc{VzyY;@xOosQ3bi_SZCIx+;{bY@99
z<BF`Jwfn6q3N9z6q_^f-4)fIm7QMgo{?+Gh5#Ud3Bu?5$)Ozr5BwYOuSuGLupg>DZ
zvVDH1;ODi6tQ%QIKd{OVx8tx)8x|h1z*gA7T!XSL`uhve51x6<{Cxg_RlqIBtOEKy
z{MR~~EA9)b@X$J#wdsUK;(w!~hI0_Wd?Sr(y~A6WdndL8%4<nq3Dv~4-oBB^k6!||
zZzH5`BXO;_Z{$$p>f{}SNjpefMeP@9T%8=Xi%@bGiMyoz&CHK~BsBez;Crkxzyi!n
z_a4IT-6U?@4m30W+(%frkHlTl#UhOhkrx~!q#Y!2mvoSsIq(qSl|v-%k`6XAH)In&
z%O-J`bcji_!g0dHpGn*$9cpHFIZenpMdB{$5|PFg&)t3_g#Sk3F6ppH<2L7t7YWxd
zkhn{_q{*nw?}VnmlekN|lwkA+;S$d@?vgHTX72loF!e7IcS)BqGwc0Bc=k7myQIsS
zj9$A+sC89d8(q$16n2g9_^P}%x_qQ@ZFI-$gx9ajYoo(W$XPcC!*7syP+)u%l`&qf
z`Y?*hyjllfA4EB7W_baud6Z8`oY~|xQ$qk25#<x!l596RPmQ9Qt;~$T*hLy%dn#|y
z8yzX``pe9Bi{9u+ao6A1_FMFJ3&ny;`O2_<bfn|bV=;Kzl}pIVm6sDwj*>{3i!=i;
z<f*uv_)0F}k6eN`|6*KD-0&u${!MW?vBcDnyU4tpc>5E%aCwu^@urx?Sb3B1^-Y2|
z2Qy|d{=7-JcvDWU3o^P*6l)e^))O%p3BN@scZ-1FWddx~6YI^-+_q$!#VF1TwnkBt
zsnU{e<L<?c0={{R(Bc+}yNdS<umX1#i=hbsXD0!pE-cQp-#I8-0|*RUuVL#`d4b;g
zNaF&%_iqv2z9lZu%Z!!sC9l`OHbw@`e=07}+jfhv>6W-a@9r(a&07Tb#(1(_pf^jP
z8yD#PB>tEe=%uXF(DIqQVQG7$al=xB+k~38#pO?Lv?j6Di^Fmd<D^^WZNl=~;tXVK
z0mG2F&UOZp-61@>O>nmt-}#`_IXRX*ZvPnRH0mLFu?9b;33a|C)j1=dI$x6NJkzeu
zfp5qPk}0Lmmm(eOo(XksbB7RpN2+tTXo-}ySTg{Bhi0ntkUNBdcL?76i=ocD?hvx>
z2z8d28nDDv=ZPGXtMipRgg@@ceOPx1_3skAIhdi&AKWFpe^;opB%|9zvDEo(<K5_^
z4y?ROSbmqQ^AG{{2{fh7zs43&=aGt<OchY)qjw2M?n-r@9sTd>{9Lq$I%n9`d8Vb#
zS*taSXPQvw;!%b=KfFu0b62QyZc8a&?rIGzI4bCUrkUy-agWgAo>1pc?-7RIBe)kO
z*ws0^rA?iEBkby&`HhAeq`}v?53)>@aUbLl_XwNrk+>JKY?N_XVcdPfoA<@NkoVt|
z?OAuZ#zD&Fae-zXb>PH(!q4{!-u#QPr?F%n!7oqkJNIiTbzi2`PS=`IKD9N?RK2-*
zg!DXlPh_!{l3_7Vq*_rvJtfkvJVI8UoVyB9NXcBv7o&XUb3krsf9DbY$RjvEZ$$;q
za7U*BS{o^5Dn|~Fs&I)TcS-{)JRp>RKyW_ahW_Whk<;5s8abRs`6%<=$d(TXZ*crs
zZRua`jSO6&VZBom_eM4_o8q$vgm)g0Dd)&I$s>1#2KHuD^-L0Sj(te@>><H9KCTEk
z)kH;UI>AhZRL^-1N4*-=8A5|ZZC+J2JYXePz9^q-Bx*D3Az?dbgxG?$X;`j*j6{|x
zWw|d!g;msr<>oyk+<PeRtL(2pGdRcBq5|G_Xy$#Dl^zjFKN1%_j(<cL^+?=TIXXtx
zN8l>+zRF#?1_%H2V!Zq$Q?E!NZucs+LD%4JE<PByC3cFpnTmUS40+sLxl2_&A5OEd
z-d=gSsF7bE5sp0~xNpT<HDX>_c`HtqYQQSnm6iUF3BHdBUc5wx_DDc70p(Sd^&b;n
zcua8KkE8#~Rh0{3BpI1{U6#6Ol+Rj+khs%hLI+OvhZrjOBD-Nuak33FxI8VQe6CC6
zPahM8bL7$Sg&^~~uM;QDHhYz!rU4zDqFE9WWQE97l&x8!oEqFc6Ku^gJi*>9FUHxL
z#dTCDDIdoSbZSxwtAt7Y8;)@z`xBtbOIG%LEBoC}R<<leAXaOr;nGCM-#W_Z__sYK
zY<es@ei?T<!C^Uw`9l9=!p+B`<FBHeU)|NVj{o^5gqlydy4X5?ql;gyVZP!TWpe$`
z6GERSg6s2wq6-|BgBV;FJt540BDmI9TvP2_&pjcW;#?2q=c;!*;6ODM@a8Pkz@Cc?
z^m1$F<$xug5`vzJ%K_t_652i$mjizClrZ=y!JFe4Hw5l`O8Dt1!P!*MlQ#s8P#Z~x
zD^7tt)*TvI>}$6O4(J)-*;5f5y#9>v(ldg0pp11VKO>BLCV~S=MzayLf`c(`;bP7_
zBb<81gM(=TY?fP-^Ly?pk@n!gQ2S#oq~?b6sOR%Y#~*H?_8N3NeMWHRMHFE(W!{j;
zb$Q_PXQZQ|mq2a;9gU&Gne#>=$h>K<L?{Qqk*7t`9FEMJcLa2N0Nrff7v4}^z!F>Y
z`Y;`g>2Sr_7>xDO)FAuq)>Opfr4mC!@=^^fEsDIoC1<ANW2T$SRByDBoMozv=Zy`U
zn2wE1hqHYvD&n#~$<2vW&TV=Wy(_upFde6vC}%rW&g`YOa@NswJg4b!cJOG0k?J;z
zWUD+P6(n`z%P9I&a_g(<=&gye^-<hp%HOkW6Ez*<Ip;whO=v3jj&xwCqJm`_ScAx7
zV|+C8R@2Rzj@6oO-fCKtbW|f9-W<%h)wCb!=tH`x+>#8bl>JuIo<2gkcao0nqyxd}
z0&K94re2xpBU(V*YRU__Owp~&#cLet*ySVi^DokIiF7#Mjwq-mhT+~;q9k+Vn~_01
ze1+jw&~=p6b<=Qr=sMc#I=nfUVYnxC9of1l+ilf2x8EpexUcz&vc2Tc(a6Ee<`&Us
zysu@ree(@cjkVrj6{Kcx@oq=@toPMyOYPkpI=VP?b4P{*){(i)+L1BJq2p7|)0Fg0
zMNy`dqz@uPE=x(jcIa5ju?+2Q5h;;!xEK?nDAG^p+YyJ30}i3x63&69U)!|X%c;ZR
z)Zz4vqCy@5=E3n$C06R!8rYr4@IiheAa3T=@w!tNtv&Tksf<}1@KK~I(@(Va+fE(5
zIh*0F3kisMb!IB$T#o!SGQi*8UY!|E9rK*Jxr8o(Nu@lmO8m*G;|DI8xhY_eq8|Q@
z2KFqn+^7B;Se?TT{NvPd*{Q>uf1#HSI}qT~;pfuLO#*vV%kl4yO6Jk3`Ys(WxFixE
zhIDl4Xz$XkO#>$t%UI5mMKxXSFRE>XOUEZ1)+qU(Z_1WQ;ee&1{M`Zek}q=USl|*R
zm%uKS^4znr*QH~(A&Ai^r6OeOg|E@T-i~s;79bkshD*m4mk#$0TU>2!&K(^gg_kL{
zIX5~oXc?yvG6bmM)=|Z+o11h0<JQrG|9O50@QYi=A^xYy5a3lW9Syv6xF-o>0q;uj
z)+_O1xp=XWuHU723%qp9_0r+I997Um7_sL`C8bO$zZ)OvsvRf@o$}Igf)lzDQAAhh
zt2&w#F2%$s8W$*x$k$uPV=rMu-IcKgX4;Hsi?@!A-a6dBN0R5=Sdz2@O*1vHNl|o3
zlD_M$<A%2&{Z6D3!A`n`kB--Ubhw|7Dw4DpGCAolqUg<Hg7ioq9m9MC>0yd=uATHD
zA07LAbU43@q#|zOl^pyKzE%U997XFT2bZr7@)e!gIK@Gxs(W^3O?`E|=BvZGFtRX5
z!yW#LR??PZIk#z%LGi_f!+*<HM=xLD@R#}OnCq*<n}eC>1^je``U!_G$!Io$mcxI(
zxNxH*{d5fX;|@PdfVC)YIs8Qh9sWT@H<gPwJ<?}!al4%^_S3P@PdI!DtRrKs<?#3U
z>Dc3^%ejhcisCg-NxzH?KUG|~i|c+muKGzYD?#1J=3>l=bkzwGiXP&xqnN)AS7sZl
zj!Ooqaf-7}d=cKaOl#>-!`EqG^CJT$1=-6M<F6yiU-%#iY^6NC?+5-m2KX!QTSv`D
z#&YTzk>#ER3GX|@U&ojJye-!W@4MY!$5wygeI=%DU`p?M!C%L33W<APXMhepK(}Tf
zUso(&SJKL7X(F4}4;EEhGeAcTj%Oe}jgm+*rI40KHv5l6iVe`wh9en%zOS0e$>D|b
zifT4Z0)7;rV^Dx>xZ7=%{;b!)vLju4gGIy53(zq$K!^L!w&d{?NA*~VRXx^2M`lNc
zJP8)s{C9wkzc?$`J7Pc)&=&{^QQ?{Er8ljyYwZxF6Tz`!^cErV1{oM5f#7$<mmc}P
zi~y=El(S@0zaHuQ#QdyJ%^2x~Ynkw|?cW8a3-*HnS9XLY);cAY#^Q{{dbx&jWH@l%
zq~}GsCkuPCJ-C=?(7b$NaVlkEts(}7T1D(C@}CR!z-ZQA)~<-EYgB$0U{xcGhoxid
zo2!JoOUu>1`|)zMuWCf!$1ed}19kWY>SDF8YQzZRVZbmQ=S%3~Y2IoP@@d}peMTk&
zta?P5<K=k9-uHb2O9QM%MA;jafaT?N^enH#r`E>+doCi3bEBzQ{e9o?0$9z6k{c=k
z$13WWS5b%WqygNanVGe#=<uqd!`Jl*z-mVrD`%&w>R47)hws+s09MD$e65C#?CLsv
zy<7l$-pssKTgRuhb@6;|T{E-A3p&cbpo{gzdS>SC7j<lSQ5WlrFPfQeG|(}&zAn}m
z>zkRbS9MHmqKoy#24*H}uH!^AU92xQj4)Q?uC~yzu7xhv7aN(Gl_GRJXsL_!#l{iF
zqN8tX9fw=#Vtw(Y2xBcUBTC1lC|#^CzHFk8iq<hKS{Dn1ub7!-VszZ$nZ^QPlL%vh
z@LC%kKef@t0^zGB<R7s*cEsvpf$&aiDq}46J#0;ZnG+bwmXfO?aS>uwWI(>B72_hr
zs>s{+=Pc_sRBvuJ^w^aj7vb0&CcH*!ypGB7x>yxy*Gyf;Fp(L6cS?#?kuC8$*2nW8
zbRsiXMf3z6T7oW4CpJ?XLOJG3-NP1?6y0g<1Rd29M0fgef{wunI=nfU(VcEc(2<!S
zx>HF;w~1oA|E;8OK-Uv=TutEJX@3DWt)!-2ytv+~zzd}RRn#)Lcyc8qC{ahTL>=Bd
z*IW)+*i0*WIph;@)$6ZKJ>DZ7V1I)0ZR<VKz$FY1OKIYXllBqD6DKbx>S&m#Be3Zb
zhO|<0MyykWF(dY2qK*NHBAW7UCfkm~auCCXuTIplJW+?UXG9^FzM9XOHk12BSu>AI
zI66dl?JXtR|Ib7nzbESAr4xs0MMpCarRf-9zI5V~q{AyoHy(nT%&@JD)XpJNJCpNi
z=Mbr#9qiiKxRGoRnNo~~L^%4E7Sh#C(orW#YUfVXh?$d_0XVIU(9VuYIuep}c=IoY
zb}mlRu`o$!=T22FOfj|d^)f;`4<+f?lO(jWR68A^?R0o^Fhe^N+v$jHC$w{?s>z*&
zXlI!+LOUn7(=n+X*Ul3HtZo@gJ0BI)&P$3~-6=NhT;EQ|S}qOGHMP^b`Ts#Xzw*@1
zWV?2Du(UI03B$~?Qagv6+IhO2j$hm92n<}xP_L}i&J<HSgWKx}Y%jF)x#qI%I4lP-
zw6jfn9g*#IIFpLh&I-+?cFL6X+G&JW-?F0p$F|ooy1mrSD$QjpR%z~`G$Vy}u4u30
zoA!ow2F_s!E+>~FJGL^G1CO`Yak#y1E=8h=x)gE_1MA$X*n_fSDY8Nb9c4S{=2B$m
z4m#R*(BVE6V}F|Nw^wXW)0J&vf0{0P7Q=*cvg&%aGTt)$vV)GP9dvW5JNspMi3*41
zAm%Je2OS4Gi0b|2Wp%J&HnYv5bkyPKsKfnPll;#=CeLO-dCB#ClWU8PI$rN6xYl?@
z-7P(v86XDN;T?4h>nOO^c|~n=w{zXpQOA1Db%_Vp+=UDs6xY$M3^lpiQO7k&as2D*
zxzUBp05K>gb<z>nNr&^jHw$}O9E%w;72RJ<x@nzsOzb4+vZhK47Bd6HpnJQMjvJir
z7cC2WFr~>rU{-x~ux301TOSedpuA=t?5W*ZM~%)py!jX7V9#5fb@b}2!@aA%b+AW_
zSs&F`2l_doN3E%IxEQmp>a1f~XCbPDb0T-Vtx_L#)^WeH4yS*E!d{QzqQ2Nbb;%Pr
zhlqg1;X>2~U3Apz!n@=NLe&0UboA?@!`-!kT~x#5K5QV{Ri>25Ia@hSg$t8g+eOEk
zE^-+0g+hwu+}*7lp%uh1;$#;c$GhlozTLEt6U=;^w?c`Y!jWHT<@I3&`#3MKs}BFJ
zVw@*|HI?$5YiiI{$BSLn1m-z~aIS%eGj7%@=$i_{8F%WcqeE9Y{nenMq@B&<fW(N3
zu8MY%Mt0RPT#6)toi?=mA}#K!W1%6E@sdEIin%a}fpv}e=z1m1d`aL)R~>u0>gG!V
z4Z7*5*-baEaF$3KQaMsyPp=_dBz1-J(r!8ychlkS*3k2=|8X)$rR;b8udJw<cl{se
zrej|>UEKAbrjT+tzlS}8f967tO9$?B({a6<Zr=6(W_KO0cGuy}!Hi3Zmvz^%pu29~
z^?$Fsj$Hm{O*#;ftmE}$-MpGOO~spO4GUgP+?+G}`H%xkl65Rf*2NXYGgK|q{el@+
z6p!G5iw-$(Fj>dmWZn&a!OXk<y?f};dT^?)H4UvJv~w$I9!F?{zZ0J~RnlyC^7C$Z
zPea@7&>?TwUJrzGK*Pdr@>dIC*$vfm6kOIG5ssRbg;BiILr32pI-DJvXoXKB-cZ#q
zQ);raSA-*35?a_pM@A26hW8sOpUgRqk8sSDfO~rA_=$7W8fk^kH_8u$ERKA)HR)A^
zk9ycc$3H#9yxLOLsmfG=1+Y~;bu8=2U19Tl=e4+Lz1m3Kl*WUYk0UDftYSB<yq-Gl
z^%SNhft@zA{H9g5myXiClxcNQ0b?qsJ}P41+tq|=wd$p#X)j?~t9$8K+)J32MAA?<
z)ikYRRqUo!zPFCDy>+<zHu5yBRIA1t6*MhZRbg6h^w!b5w=}JEg_M$NnpR9TVOsC?
z*6~(vVOl$T>-e^}4sQ--m{xcn9i{pR)9T+x$A9_=)5_|jV{;#2TIniSPH$AuwB}Y7
zruF|Zb{*hZ6i@$mcYB)xNJ8&~AiaeiAcT-k4@H`kkkD%&B%y`?Ql<A!fB;qm6p*4I
z7C@vaHbjU86a@Z3qzit}-p%fNdEZ1oc=9}ZcQdoQvpf5nop(!x!3^aFOViq{w2-~T
zHm&cgl4(T^W@tTF*!U7Mt(k)vCJ(ku>p)YNX+5gyVOl5XbCGK9rgg5VV@G;eq-%e9
zs731BWA5D{x8+S}`mdJvo$AVdOEqY7V$AK;$PRuP%y4zEfTKJt&$5FTgJqu!6U=|N
zF}$ji9aJ2`P<jYqbrt1yWh`}I^{62X!-g>MpjP=^-zRhM#cq+qvo^*snZxTt7`DkA
z8mSy|oH;xk!f;RI5Y{Tco8Dv&FCbu<2JLwp<6D_S{h<tXhLSDEs2pUfh`TKhAIdOv
zC<E`+Jg>X)%4GpD!Rk;Ek=q9`{%_RQp+#l^D~B>H9Lk{e%L1MaWw<XMI%ffchB5RV
z#-KHGKGe+uE(~M%bQrUT3n^Pij*vYeq1e(I&f%ihaE2bkX}FNY%#q4HT%-?Ym@-_v
z4cwUp1T5F^NevywYgxed;S5`bGqj!^>^i_cnNCF*&4IvqSwP%!4SQ?qFcxJ2KMiNN
zI-J3rch<!3A?j%25I0X_Mnc8DHFap~tRul0%n=O6_OmAHj$o)cf}!Nx3oZeshX7W}
z4l)lN!7y0xW?e9`cm%_%BSc;5t<3`N5l<oFG1g@Pr$#WG7{Tm`(Zdkg+A^hvg;x>^
z*<t+=47V(q2po|GWGuJOJus58fTANA{6{jF<<FWJ8ZK>2rc`YwB?PpqMX~f|BN>{G
zWOf)mek4PmkyKmB#yteckovlj3~NSGZ9f{x@WDu{wv)4fWa23<Yda+icsi2d@kpxe
zBsF)O<UV(tLbVMT#ZY0C^}5J$(H)}Hfnk&ilPn1d0X{dg0H23hfOa(th#JKZF^WOE
zm<5a&#V~9XLkYGWFe`2cYDURQ$y5_5YfM7HWx_y0wgbyXF)R{N>Td@=AH{HT6oV17
z9k@G+;r1wIk7!Y<WV@GZ&^jcTX|-uYt1+6P+GqyeHIMlb52cqYha-0+9lRQS+A~}(
zvL0<;v6u`jQ)ZVf@;e&iU$?RF{F8x%(G2ZJ3oux&!T2c|=rx8RVhn?ECm9%=#1NOn
zU_4C*hK^<EGM1r~_jsVP|9HR%r9Lj~b(tD!m$})ic6W$RR2}loyN_e&HjV*i%kw5y
z1xr<|3U=#wcZc|_5KMi}o0vR~Vd6Ljt<!lE+r}|$8OLA@J8$CTIEK%JxWH%Qg=RGT
zSyzXlrvMMfG29-<>=nP;g4MAhD>Z1fhZetChgSTKOJ+z)X7CkXtnRrvnPFwJD1Mp3
zDZuWQHZSeTfxpP1SPI}bp5cY@3@Fnz1^AuF<l5_CLDn+`Xgr>wp+#0d1qcYuEv>&G
zYmx%=9?#IzB1=gDf`}}D$Yu+&Nhv_ac!qRAR<B|zu$kJunKYdjQ-ST{8McjQC{sTb
z*iRIJL~+^5FBSNFJj2QH4BnqcIq;b8q^CDVI-tQ6{YW;qrcx!;9gIWDB-W!ol{22<
z&Ul6rqC1rk-Kd1<KAzo%mkxD1hbBjzL(}-nR3L1H2IH$#pmYjD(G&(FI~ACi!Z0X>
zflV3%{M|;KM<LpE;n316gLG&M#sFPY89Jmg_=+#a>M=lOD#M0U;c<-tvQrr@iHCQ_
z0Fh}7A!!6tHQTCf_p5}{Fw7@7DA#(4G=?o{1XGgOP$~D{Do>^{e3m9ER;&V%v=7qN
z?#Nc{>~|lG0Y(Iovs6R=80B4{qvPP7njPH~R_BuI;2zOLp>5TPe4^-!hZerth??bT
z8p9uH48G!vW$Jq-FuXp2OuhU>hT;>+)Mrg(m^#sE>OZ%2n7Yh`tCZ8!gX)v1|2C1~
z+C*vU;YzFFZ9PqWT75G0f|D40Cy}W)n#9mx5}A6hNen$ENmI{RrQuowGWGeB7}6&(
zn8MUMsTPr`KozkaTKtFlWcC#%GnAW5fYf0!L+i=XM8~?-N^d|W`qgBH3l^Ce7hZ3h
z`&zpi4QO0=JelF)WH~PEC9?9;uWCT!LWL;|<)%o3=k0QzEuPkZ3_fBCL+dHh;Nyra
z!fEhBr!WkjLIyv!UG7?+X+Q?Qa0<h#Qy9E6+BprrZ@XLu&z8=$pu;lxpH)+xYnyvK
z5+>iLA@!|&QyBJ4VepMxt>tg`QW(G4Heb894S&fhGW@$!7;aA?!>==yq1se3{CXW_
zD`%{>4Sz`^GW_(Z3=^h`sn%*T{Bu(oPERGnFPzTclTL;|Hl1NaIvM_ujw<-N#y0%=
zjhu%6K{~_XbTa%QssJ+OZumc^Gi0Y*hTok?VjAf#9ecgo(PjFB8+n-iXPq3Tf3wrS
zn7$QpRfP`{g<mq%=d(uSRd`KfFsCtiZ|vxp!t*KgBpTY$@N~bw8cE_woFyt~8beJX
zYEE01DDN!igVruru-Go$v1aOb93k#Z8)IN&D&5p+3=@S&v!(lCUpEw2w&1$l##kr0
z4oqWsS8x@Na&lQabegNv%hqbp{%lj?aARGbUM2|Q6@g5t@hc>@R!(CIi~esK!|iD@
zjJQTkufl}XsMtasn>ag1u?&VH8Pqu>v7u5PS1o5SG|f;eSoSLENkV#bY`Kq`kk{QW
zgP~7`@K4riw(C7JgJF6Gtzg-!svy2gcl)&rh8>DY3~^^N7*1z6)(?KHvdk1&#>R%;
zY(h2vGlL;V&{}JNud6Bqt<#{5j4isPDXjr6J)NQWbXo)4bvi?*=?uPt%vuAycsj$p
z>GVt5b*1&|ZaUH4ODH?IDWS&C(;2d-GoV;e`c-05Q(Zc`yf;mg@2`h)e(m-NZlMkk
z6{VaITkK9#XZv`~U@&J;`$%H$V9VV;wP!HYoWZ2@_Uads93ee3wq#haQ+nqa44r1s
z+AK+I0P8g+F?9yRcuS(Goj1`(Nt7uSZ8{cPJ0)1RPw-zqgJJCq*$ERBQ`~wD+Ns!L
zU*#&su^9{>%1S1xVkG8M$!jwhesNVYNlDKT((lHWtkTRW-FGH~_e`o}l9Il}QOSBU
z8S2br@@j&KN@BK<=-;Mx$7WQqZZjFW%#_j2+G@U?v_XURVjJ_-W@PD;XELPCWZ>1>
z<a2Clsg~+`P{DjG#ylyR_swM3Bbb+j=fPYq3#i*twX9(NJjTC%C<Q$3&1CpvCIviR
zeubgyD-`hf_!Wl3uTa3F)+~m~vnb%PdKSa0vj|Y6Yy(Lf?SRLO=1zrHoXt>vHZ_+d
zcBR~#D{?kN_-qyM$lRz|)^7zoM$BdyGMk}wQcJghhgKgbBj*35B636cofZ@e*g2bF
z`)rB@NGe^WoUwo&Eof9aGn?V`Y>EZ^HJc%4HpK!Yo9Q7y4o-FFFw~wyuGdR*7&_0f
z%p&Wwi^nI=?AMCyKRRt<@f?PQa~QP!r%mje!|<*UVMP-vN8}Mr_+bvi_j4$kP%A<<
zxlDOP6EK(Ixm7BZnU@7TqL^hV83$-dQKKqz87j}EsF9>HRLU7OS{_1Cqjqx{+RUY>
z(YUz`qvw+DBpde-AfrZa&1HCFF6r*8xeVv#D&0vQ-#oMbI)rprXdXj>d8E6B^BC&S
zV-$BXqVkA4^_s`fV;<?wO9d}v$|LTSK96C_JXa*<JH_(de@9}r&12Xyk0LRr<}sX@
z=ZwT$Q;`^%YUqf>lnbRuOwK%pTk|LqQ++-|)%g^O=`^3A-F%9~AX=Tzw$YBnXrVN4
z%$d(HYd!;iAv%vp%;WqcF+b;y#0cxN=VnvXD1}WLv@c@(_eGQc{Na3tH|8_=iZ9mO
zY|X0-3tpwUS%U=(RTt3Q?6U<7hZZ>JX2+ai7?}%KDd*hmi%>$@xP=TI7s|O=h8hE9
z$~iYH+luC9DGM2r7t-8p<3fh@3u$h4d?CZJg>r7@w^_r)Fq)g)UC8j;LJGqyR0Cqh
zW;+ZswiV6CMlNC)zDRiOo5^EYyNF@&A}b6dW@Q<na`}Y)Z%r$jmH94a@LnwEQLlyO
zw$!7oXdV@`n4#`sIeE)=3&UJ*MU%Ie7Bh5REGKU{L{>@eiw>j7+oZ(|6Bf%^SvYl)
zQ0J^{^J0dLi)mKYizuoQMPeAu%05}la9q@2XtZ-y);2o7Fw8L(hB=l;80Kae^{JbS
z8Gc{<FJTzT&A<7NFiiX=nvE4*!cb@l&Bl_KF!WzSv$1RKWZ&Ms*`AG+3#ZvwhouZL
zOBsB{7i%`QZYjg6r8FD6w3OlEQksp0E@No2jKH&KdlkUVv}a>STRXvX<1&Wz%LqIr
zv7u7#4)^h849AvPvoS9s`Kq-m3{$a#YcBR@Ymd2DymKx#t<!&mVXC!Pw;pBMVVJ?v
z)bB52xVB78l{3lI-(1eHZ8@2G$rTKRSCFYsTfvaF!fEQK+dE8M=E7CVY3c{U$<%*Z
z!EkkjH1%3atF_vDnmUglQ|Bug*h(_>x+@uKuOw6Nx{{&uN)>V4qG4ntnffa$878cx
zFify&5t(v^VG<(9>`Sd;D6xw0EM^r$i&ZiV)7!09^CHOL&#YoNy-Hg0vi7;dFuNnj
zlJBizxVuVP^7{6<!!X}QkR_K|%}`>s96tWnKDWU?kD%eB<!Xi&tEIsQb;u(Oldzg0
zel;0<=MK4R-7S&~e$Hx!S*sbm<2yJFzGa8}!!V~+Q@!8bGYs=fB=xO#Rx`Z0n!z`I
z%fEzSq%i(f`~L{TWM-1#|FN3kx7B3$)z&anT0@5asfvOu*<u@h$!IeC32PX}tzqyL
zUo68vwT9u-HDvfcYZ;8SWcVZ2G7MTvhW|`OGW@pMhW~z))9??hW!Sft4F8!bz_Wb9
zFqhXdTv}@x{w*Ro8|4hcwCUtB{o7F<roYH(`g{K?3{$a_3KML#<0c)V$)(WNG5oWZ
z!MkB6XBehPr+*2<^iv~A(pE<prsg_^7uPX(C$)D(UKTnZZnn=O4AV1I&6I?=Gco3$
zvUF+d7?Rg9@UVzHW=h3Ro7mh+-GH@CgSIHP_<&d)TBFk@-d)G=_BsZw+G!K|dWPrg
z7<>hp(dx8`(De+#>luu;r%fzf&oE~_IRsLs7vhD?B(ubf7#bOTH!yf_5WRUDIRp(i
zFx1(=WB}u%R%*S5;2mfBycr`mKyF}|A}Cq*855tkQneO@$)=Ac3eL`&*tUUT%LWGR
z(HRpbH!yrA9&Vp8aeD*9A0m6fWB8plQDh^7-$u*ZE_}hn1tnFc)JQts^obBTRJ&lJ
z*+z!O8yU267fd8?WEd+%@b77z?6-sAI+T(vU1R@jC)8asOsYF5OM`Ybw)purr0xwH
z8CGp1b^o!E;kS(pzJknBcePCnl{S&OCv9R#+C=J>GQE(LWvlycEUEk6CWgD47<|PS
zOWox*GnCk@)ZHvh#f!3Rb(d*F>K?M0VbEr&?(i^mig%W+?xZ%P?gg6}=5Ho-@7c`o
z&Sp~gH=7wQZf5WmJeInjZf1DAS*g2?k}6Y9b?<FM>JH3gsE|qO?vu&TJ5#8;b?m>X
zJ57L`T0Eb$U4zyy#%$1*mRU^CWSEvI*UG8|;k&mx7IN&!WXQ^7;32K^TgcH-{fHg5
zLxc88jJZPQa5|IWl+2-{`iVPZha-oaOolrmhd$x?<#1fBmfkILc+kes+ffc>w=fjl
zLQ6$@s0px4m3Ch$GI<Nb#4QYbxZ7~x+PD2&)dxE@XmPQvYPF*dk-3Fo(-uaza4b?Y
z`5-~~Mr`qj_PTuw$Eht0A8%pyEgWUHG8Es+>{~d7Z)F&`Rdnl}ntcn$!L1DMZe{i@
z90j*A@NE=Ylo=R~tX#KneAJFSp<de<dTe8W*Sis}bxzss+}Al(`8-0Mt2>&r_VUOH
zbqKE(1n-LxjulTUVqJG|G|HQPYa8dPCu?2cL)8p2Rajjt8|yQnJ&nxi+Zd*7laaEk
zk!r3cl=(c?XO|@0zKvnqHU{qkk<OU7Xo6G~5ZEoap2ilx)`6Pf{5FQqw^0)WW-*k@
zq9z!d#V{gExbCtEj%6_%%AzJHx}BlWc4~rD75Yex%;Wy|4%7tk+Zp<87frA}(sBQL
z2ahJ$8|i3*IUVv;>5)iB6P$50!GS#Ky}oGU0`G4+c&tnNCRYntYTF;J>hhWft!Qk~
z5}inG^R_e0+)iryVLQXu+evNJcQCxTL(Jx1Bef0O!O(99sqNhz3~%oswaE+&XI4sW
zlRJ{yp6_7zdxuclH_<M&t?THaw%_Tqo{S?M^Hf?+v_okV+qjf=D{uNWjvov8=k5OE
zR%b0n1*nC>O2m3~?L@t^%1(w#I~jO^HlC~Xyk^sC`Q(wn@J?1qM3c!y^yj7m8#+;S
z8~pe$XS-+6%J9=efcHANCU_SbyN-zc!tq`%$*q6M#N$r#5T$$$vz3c-1##85{~(qN
z_e9zI#pO}<Y1S5=boUxOCBAV(fN3_LvGn|CwRX*`bTik<(_7-mm0dI1J|A0nkKTdJ
z9Oq-l(8I~N+zpIkgXzo9?q9s7)0gH$fG2Tkr>oZ@N7iLJ=gQhTop6;SWAC@=p}%<e
z#_>>PxBNk3>1(5T@6M_<ywA0C@GlQ_oS;3mmFslr1;jB8@Vf7KpVe7yu=lD)IJ{*A
zaJ;i~y{h;c6Ylz&?eSF($D)}FcX7=X@@Z%}Bn$G;|0MTb809#*SQ?DrozO-9*AwiE
z)ga;piV$A04gm+dNKNJ=z?%liGcEzVT5PVfit}Yg?H4KnUR`z6X%1i-YMdzoXl3oa
z%mHz3+p{)I>nis$myL-PB>i_Xyu4HHWiA^NFJ5lg$*^W8LtASXa5;M$FZxs=aV_i}
z)y6&TC0*-g+|#-N0aaT7T5`0NuePk4j?z{($<YaaHv?X<c14emwsu9oVC^_giMGVP
zVC9iY57rLj3G`s?ES^XY){f#y^kD5Io*Zp$+kL^>K|F;XtgXLO>A~9an;va#`F+9K
z>O0N;VsG(fF|@_kH^!)z+)ZwvTpmpuDC2T%pj;kJ8z^Jt#=WX9So`(XMqB&!s+PAl
zNNtF=Hb?=eF?k4}4YgGgR93TI9yerDEbS+oVrX=vwIO>a!`GrI#&xq^4!7jI&XDt(
z+>kxYuK$tO8Qy!Hp^#`!DVZT-0-%kIE~G8(s-xi>3}xS7@D*>HZ0f4RSel(~yxCPp
z$2S?8yvbm^-&IHFw;0;J#bA8eRmah{7&eNBFT3gp-Ng{Fi@~_sRmb9Y7?R&%Fm4I5
z-3<G7GZ>G%>S(lwq3#|AgLl)hZx6$I@ldpzj@x?~zS_%R1a#98@g75s_ZUjm>87J{
zlWsZ!D`>8bsB@_nhDxdJ7<x>J-(Hey1uU0(xvFy5BtR<=W4zRzT<S6V7zXSkms;k)
zRjR1FOI>h3gYSL@-k2zI?U4*@)lJ9wNx+{ybi17ADQl>dGOp#(=IZX`YuDe;P;bB7
zFx#<$WD1yU6Q1fp8)kd&XXqx%Aih`|X1DKW*tVZG%t}rj@q)8i|58akXv6H;{R}7f
z(}vly2N+5o5c6^&Cg&~Sr2`C|50FPA#V|)vTpMOP^dOIB@d1W~2N+N+k;n%0a2;}c
zn%+4MxgDdV$&|+-x9=Tb*n5D{zS;Ri_OE9)m)CM{n~igBn^o3l$EChjU15n((5mRb
zxSr0q)b|G%zCA#3DM>WFWk4KF(>9tA90I{@ad(%+gS)$H2=4Ad7g^lhEx0APySuv+
z-2LqRyyyF~JzZ1VQ$5pNGhJ78)tLH-OQfuTP}k+d=f>6j4y!X$k>`V>M5cDjX4%FE
zJi2zpR(-0r$=F-LGq*T7-k##Fl{2T`CC<&G+!yS6J~`bl#AGgKZXo&+X~k%j4e&bC
zgZGSGO34K~zn|f`+i^i^a`<aD1*Y{%hFdE%ky)ujtXu0X-_X<zNl-OOy<2OWXRPtz
z_m#8j)$gG>D3HHWh2j1}nYP183#8v)JG-`GUO8iX`_|ha>eMXj11t-<$yXc1K+HZ8
zZ`C*8>x*>_@7DCGb!&a~3f~?fwQe32+rj9#y)z(c)&DVVaqIRBR~GOf@@!&Dp)371
z<`lbG5Y`4TJ6E)EDv_<j{E5nWIREWeS-^m4)PvWo((EORXjU&KF}%|J*NhWfgJR+z
zsa~mp9|j7erlw_Edg=;bA8E2M+v$V#jlC>l!7&G62ceOmRg;aX6+u-N`xvg%4!N-h
zRQ5Hjv5kEJ$tK~??uR8%62yc9k9NE#gvO<=!OI0}P1h>F<;s-p^cyDUQq04T;d^t*
zuSv2NM`W>v5>Kd33w-ZoieVt@0i@!A+16uWUZb(2;@x#}<O=|)ZO8tIde=tiPu+~>
z7?w4jo-U#C*f6d$*w)+#B1mq*g7NRZrQPK|T}n@1Ms|MDnX0rDbg%ezeS7)*rSqhi
z)7s(s<U5tO4NL4sSn=oO<4c)B)E>CaB}sRK(xfbui*0lLx9JK(&h*rv*OjoA$GcH0
z6q83g&_d%x=!Mk*7gF3f<C@4v$H#f9m+$savHoUT-Ey2FSNFbtX8rXZznycH^I_)k
z7JoYR;kC~-zj$WP(?@Of%@7eQZHuho#l0(V`3Fo28{O>-s<{-LFy?QI&Nf81VWuV6
z=3iH<C<=;I>|Bdp+)SVEGAaue3v6Qk7_{AnM~d~g^6%s;H%S6?kftKUv7*aq)^~T5
zQ6Bz?CH4w1VVQe3CwuFq6EQseK^D+DchuggUE6iKH6r}2noac2n<F34;nYtPRt@;J
zf0@K5Nw5z-3cyA;U%|1Ei(wnp2SYV{RxUo1cnIezCp=+Z|4Do-5w`DC;9E#Q$Pn1J
zvj5I&quJuXq}dYgQdIHOFI#q3IG3xZaw=Umzn*zB@RtI%HS-3A@bmbnT~;m&KGJKE
zv*3?Fmx=cL9+=^2R9p#Pk}T)y(!3q>-Wc3A!T5>4++}yBu<xv*q}yBc!$TXS{PU$E
zD@}g9V81bz6H{2jtES;|zaF4aj-AhxV%Q`CY&8b*z~P&Vi%_?cF2B#JqU5$JvOx)M
zl;O*<6kk7!1pnGuNs#Y^gE&9`Mak~qEV5zN4;IAR#o8^T(0fA`+@j~xBR_Cn9}u=c
z#-EU~)9i5@Drh>l6HJJMSFC5oqI0*%`alrsx5<Kg_HwFqOW50Wfh%)&QeEIA;!ha1
zvZP+lpWg}Y-@aw(=mf*n-m)}yf-h0-MRR|y=W+)Ofc8X6!lX-NiZTDpMRGBJCCLnL
z@B8K}-7=-VDqS4KZPW7$!V=RCL3ZO)kK4X8-NwlxhcU$=F#=ry-o0*loAM+$&nuLn
z6)8g@c9&m7*NOjIX6%c^yapN{q3(&uvW_WZrXaOb1nM0T3bB~Ik?0+1h$Sa&IpwYP
zd;Xa^OXNtqcF0rw=yEuLI~GB;d)Q>U&BNu!;T<{_(VRRJnN;)TkfbU7?y_|)R)Umu
z^QAY7cqk;fPp@cA|7a%#FTy~B>6UAL<+DAMPUI1Y9xe`v&?}Afk?rqPBs2TiUpb}*
zvzgi#`PC3ESYG|3)fBw<KVw^OZmF$ES&W;diL)UnL{dyHam0A9eu+%CjQzpQHaK20
zBu;r5Z$nd$l1_Q5erC8g<p1eDy`x<rHlIiGzf+U`W*)bYlCX-UPmdJmIay_)l0^~c
z`Jb>;-lCqdmaBNn6i^1q(SDh!;R4cDjDazaPso3IPw%Ki6ZhP(R_|xd0uxTl00}Bi
z3y&`tckf&z#s178Z}WW1A+Pi7l9}mty2eNU=eDJ~EhFI?vU0S>^g&9{kYsfG$T!b<
z-XDC#aLwA*%WSPM&Zj@?FO5vH9g|4)Sq2AwdR}l4mpV;gj|mh+mjw;uyk67wzG%`a
zkPOmQsSr8-+N{H?GH1U`;oU={HmYWTE3U}T_9vLa7stZmkO^zD1}Ys;!*1r_HdKxV
z$_laiFcE1m!X<x<v7B14;&>6TpfJPXfAlDw;=u0iIc?2BlHI)aD4m?{3zyN4epXHW
z=aZBqS4LcBAkVO29zN?c_&UOJqRF=TBty=&-@#_uUyVHK*XXy61+27Xe94t7!@5F3
zk0c&Wn(a2kLmA4X0IJeHWLCY7I4qCQUN-M{#p?^-#PLSyj()DTMqc5B-Mw<kec=q{
zx$4sVbfIs$L`f7;^{L?$lFWcL^&*?SR(Jo;Dx;*WwMibVsO!(1Z1(AYyrQ$GCNpHI
zV44~7Y`Jbx3f0b2WM772T?_e4rIQre5F>4nI2U~Jp@sZd+XRa~t8X61Q;4_1Du%2<
ztX#Fe#S&@i2sFH6s#L|u{7SD2uDZr2LwyS#U;VBJM3O!3P}ok8aX}XlL%rAh_;urR
zLoevPG3<0|B!|8Bf;-gR&y+<K;1Vh`>@Q(4PHmiuVmkrE7`Q-QxyZ-noJ@mP=`okl
zSU)Pp8bg;OJ(N>}WUn~6K$iFi#31yu_(@HHiQXT1TxbHg_#~03u|~J@xQQ3<XF)Tw
z{@t`RQ4eV4GX2_+cPRJoDQnyIduPx03z@R=U~9n@urrn2+l0f7`-&C$$TSZm5`IWJ
znBv);@VgbAUr^rVSCxdqUAld>*|zP%;ywc8FLqL#jVe}FSlQlfI99v@nR6Tuu)Y5X
z3X7ZVS=u~B%W0+5_fl2maqL+#JHK1SbF|1Lxo9SQ$cKt>OUuVc01I2o%HHHdn;<ps
z$@Fjy&S5mGXOh|}y1Zg~3;Dt|GhF9{@2w;@J5;@rJKG8MR5GvKTMuyLXzlvGKbk4?
zuO3wT9))lvKE9I)z65PA5mV&vF^2Xu2NMQYev*iX_bkvNWmRf0_$=4i&vJ$x^Z=co
zdeHy5`VoAudXp!d6nBD+E!cf!FmZwe>RzpmR+EaSF_kdEv)=MM!xmj&#Q)>p(I4v@
z32RrqihN)TYxvzz1bL0JFW?Nnlwh#3CIl}_^OLJR`&`?&(XH<1sK4VZ|G4T=u`4zt
zLL9^<a4;fklwE3;!kY0ma6H4A7rISg&RIOxjkg5CPY+4YuL|F7%}R!_uR9cOEd?UJ
z)z1=!y8UXk^j7?{|GDqc1AdK}r>Xj#G?M^>RvoJWZYo_8i&ik(!ET>0RNGxjU;kt9
z+ntcg;`#^c>y;3!VYg}7XixJIAhZTR-J#8N94y5deAdWXIrfu!rY*U*hCGZ*K-%Ps
zqqqK%6IIx@3wT9>64Vx3yEsr4_m|>5sW*0)X&SDT5dCz+ywo#AnsZFWYG}jyA+^y|
z>Z|Al8*-bh)sj~V=?zoa_MCpG;za~#bHo3bbEjb5I!Xxd{jY30)wN>ilu+5Cjf>@x
ze(NF!v1t2`ryOLY53~PpRfB{#>fU`Jyhoh4r@QpXxRFJl#dA(e)6&H@j~LP|qAx-#
ztT6`lY;5k;X$KqD_(%?unBr(%*$y#z4+2p4ljp2H9x(v|x6Gkb{%AE8@BKCB%ux4#
zXn;1ui5N>r6lfA3S2(@VofI{lzoiWC%@9!%<oq7+4E`{)dO0M{oovx?a|_VdO39!b
zyX?Lof5n=;q$z9JR?hBv4>ddS&B;6TMfjHhQe(30h!^V;JQeJndx8Gve$M{tWeD{`
zs@{_OU}MBRh-UKDvx{ZxGih=myV?jyi*W$m<jlM4^85=(D~Dz~N6eFKVXih<D}{)~
z=ON(RX$~CnB#~5~NM>T}ZT6SiazQhAAE|IkOXQ?$;op5>$Zy2xCen18BVTH{1k9E$
zr#}CqR)1pOtPgB=V=FuE6Ag_aichB?)GX6`pX5<dy^=&0Czj^)Et|VFC$bvBm$b5a
z4<~&@D=YgT5ABF4Ot+)?pk6I2UXH>2!B57yuJk?`{TlGLD~T*g9QWVJLkYjG_gA#u
z%@{z}dwV%(Q;=Y3kOG5F(|b(mm^JUZZxDGn1|dmN@CVPk7SxL^CD{b_v`00j@*RR`
z7X~`(HbU<oYKomXjL?{DDWeZ+I_?@nMJglv$HcsMRfr8{TEU2TW*BB`GGRUfL$D};
zx@I<hNO$CmE}6_SZHrjK)%D?C*YcYyU=_|MNo2Y#03NG4+~MZTH-8*qmzH<_hF0{U
zgpKzu8gb|GtQlcbD(`6SwgfpLCt}(|NW7%OW90HlHA2C+AYaw-<?Kl95Hmty-GAh=
zvjj5>@gsxu)}D2HQ*pYC)}LMOF(Y4fv-D_=+f%IMq*%$t>SGi6;%z*@<b%BK5>wNq
zyu`xgq%8iPqw{DE)t}wxqd7_;>F3AhbeXyBdcLah#F3iA`H@-@{C+VK3|17%@0=58
zJAPA-cW!xJN>)wU2go@K<fNRkBeg`Uvvm=#tE1W?DkYclUG~r=3(TyQ*C^vV_6P-O
zDnetpe@Ao4YLM$Kvxk;U;<oXL|B)<llPq<R2!;?d)FKpM1TEk_m<m)SF=ykyxVfBY
z<BON9@LPm?DNL7XPvR8|SX^S6X}Fw>9wJ-hsJfhl_~W*H<Q=JP`r~@NicXi2%V<lI
z@fWC)&(iSTtq39Wy~j<LnaUt7|95F?OUx|Z2h`qU|KJqofP7ULBb|@W)feP?(`6Wz
zMAK!~w@)P;4@Yxn@RBYk>EygHm!Hv|LULD1vbeV&1an=Zx#Fpm9!sd@T!Jh=FnP4+
z#iq()C)rZ9pfP;pGhY2#eZP?o9<#)W9{;>KL)hc={ft2k^Dy-)qANHOB8xs|UND{!
zpJq+vG7gP8LEk{xHW@KpxBCO}z(84iL7x1gzTgL$7`yESyArpu7`N@kjqZ9M-g<EL
zmLqUm;46k>=<#_loOs1GVMEsCI7U|TLy_@LoAC-$Jq1_IOYZ0j5kA#90o59X7wJpx
zS@7mKWi1rDa_C>_+rUlIl)mgSG43BDxynnVMsmC`(Hg86k*St1$%?5Uq5hyt#=$hI
z(2U|UT>}pJOiuY#`KX9wLP5Hf*=7J6Xss_|P0Z6S-hNp-&JChfHb~OQ{(>ALrT>6@
z6M4-?@HkpnAWX(<ec$>yNOauBKTl_OQ0B<VMg9T7{2IPy927r9!RO48>)8KpXM)OY
zyU8{+Dn`qkkXhVY?sAB_+_4`(yT?)az*ajm+K>eyW}!-Y^U7CHC(OF^j`rD${MqO5
zEf4m`Kf~jA_G1IeGkavv9NDfYsEXQS+_lR)rJvAk&Ro>=TArNQ=C?Lm^2xg<+0&{L
zeJ_~bph`x1#zOJZ9O<=uo>}elw4dGA^{Z-;T{2#6&g4s)yPaF@^R@qful6uiDS2BT
zxxPm!PJK127TmLAT@$)8%Z3<GoM2(`z93cdvlM5Nn$?Iy`EhIv=nX=QmyxHuaqcF5
zPW^KzYDHHzr^Y74$$80%wrAbqGfJ!`??&9@J36a6%<8ke*eBaje1_X`W^Gd9@eRDa
z*+E4FPn#V6L5l`#3LjuDObFkAk#nIJCflGhGLig@e)T&5^a3My&DfZ_)?x0!`;;t-
zn2xJ973`jeTVnrrZd>$T!CgQ1E<M8@C=MIVwo)NAgeE!lQ~5i_4bsdfpSoPoBqF42
z%>@Y|re9*+J}G?kOIkl0{*FcH6e$*X^Dm19DTK&*KX(?l&ndj3c|UL3;LCs1Bc?5>
z4Fy*}n#g}#V6!>4#v=IT`})m(IG^qFBzX2^zn3VGGg!U;0zEUQZfV}6zcX8Yd?4Wq
zM8%blpyA!d(4q5YTv}ZtQAxB3pI9j`iB<L#R`G?%>oME(a34xBwOzAM_fLMQZZj!T
z0Q(y4s+S;Bw*ao$uR4hHA}P26P$4hr`N_T*Kg4Q^IGkUC4OdpOOrW*R;PVTrX}BvC
zknuZ}$Sals<I^`9-pEU<h)$52e@}(#JC)!absL>tU$7!tPlcek+%1EMhdPr67@2Lq
zuOfaH!Ak>^wf1*-UxigfLprspgZHpYO*rVwFA&0!W$qlFL*fqcEP`DXCadG$@V?UI
z+PaH|sB!Xl(zK|2s)l^@f)#X2EWD3Y1zh#!Qc$@#LV*SjXKhVsUujXfn4=`^J8J^0
zVW$a|PvrDgt6JmP%o6_&G5gQUGtDuv922KY{p#TA7)X1pL9m-?{c>{55<wT%{c`_k
zsNgm&tS<GP=2#!I>3{6FK(e*ulyyI7`vuu|?@+Zx&ThTPeeIaMCh#$h$Oxx9?<yTH
ze;ov?yzXMDsH!+(^hPH9-%Ii;Catg-H8O)oMX&tWwWxUUMoD!+PGy$4U;b4sb8b(+
z2b!65-bKF*VGv+duGu42iC$QIDkHymqdGf;P8FI=!l|!m)smf)?v~6_+aCO-z^x)3
zny}z;kRF=lP&V}u5*Jy{NE%~b2E8ka(b7ar8l;><gC;#l^G+(BNpHEMCXKFKmI$gV
zlIr`TLKT`4kLwB&8zO(N?i9gw{hJ7qEt2!t40kn|o8pm#NRK078#NlOJWC;wW;>7k
zkou({YKH2aRy@dVbcRYNvG}{YktN1ek^Cd#vk$9`PXmjUswKv$42Fb0qwUViOt5m&
zO1bbND?x!@ra0uGM1fAs<seu)wuC&BDOqI{0?{IuP}Iq?2AKUb@iMOZ4=&@mX*Mbp
zq;qE8{XpgZ)pyBoe0csjL&+IQ;b|amRKc4oKa=T>AKokqqHj?-nd%56WW>ETk8ag7
zvvodX%WD3%dwCmM(U1A}X~98C)rUH&7KGvf!`sEUCp4qX<7!hYZ48Xj8RWaV5p|!%
zh$*k7FXr-Xx(m>q^Q@b9H9CCzOGpdo(?3Q4>Chk5zd@^PNb=&buV6l^?*5T98kGrX
z<~636yP811E8ZUP7u&-Vme*a^1{#ZeOQ6cCTvD?fZ6hb>{>co*lH_kDsCK__<)A!#
zY0b^f${PRdMvJYI*1{yo$V!jYKyt>hs}#3-_a_h|Y*aZ5yHu~=oiTOp{!b?8C0`-t
zMst-&{Z_6UAKkWtQ<Lb@a6_#9I<cQfeZZz<r6q-Xy0Q(ykAu0<b6B16jydho@7$k3
zKdC}%LLMe!q96dl&xJwcYcozBle3{}YYJJ8c2MBT&0cZ8i-#}nxlZMpok7+7$l>hv
zoAw{m#_MEw&3oDFp^cT?rDe7fy|mHG(9&JFoA&~6G?{)H|5!bE{~s@tV|4-A{?2b9
zA?Aq#Wo(O3zC&hKrU^7pr-f0;>YLR+Jk5v0%QQLssLig92IC2{)Hz;)cBeYTZ#EsP
z&p)ddSO0b-`_8{v`*>?sF}J5{Rv9ks`_2n29->V2dph0M0WDY_kaTH<o6po2BhKgu
z_4IdMD?X+v_f#0-8ZUme)xFP8c;$KLvGcX?WOz6o=&ZL>OxU`*R{@?6^?{#0*Ykc^
znUL~!b>9zha($SPvUYVpK5nlJLs*C~vMzhDjsuU!R7>(|xObu*YpuU&6q>p|tj2-o
z*IUU5N1HZ5E)1(1gvVM<?bI{1HZPM>D?5)QGs4mHJ1?-UV}9=cBGxp#MLP``7WwVN
z8y5H{Y3)r+JTc5GM{L6XF&ZqC8s*EtBrNdTH;i(${Q?CeQXxib=h6=&9};}h`C&$C
zI}JsMLzl{<-W|;48wehXph{Qc*ru0C|81BHK_n9F+M0w1vm&Vcs($t?H46_Ge!|%O
zB8NMObM(m8)n~D@y#_@nK%aJ`F&ymZ83@)-lC!}=<;FgO|H?5<GZlPg6bMHBBHu<$
z6cxftMxXK1U|Gz(GlX|QnUy}ppmdkOtL9rNp}-LxB{{r~f*EK}{O>*4y;5VeHT+Lh
z^5`6FG$lZV&5n}!tbr+w^A_EH?Lf^`Bo$)Y&tID)5qj3hk?JMQ115t54!hY4^0(7P
zz~f6u7g>M9F->s(J}m5Q#qw<mz59Dh!uviNIV>fiH*#~mzX)<0Gf812E_Cln=4N<z
z*FD(eVRIfW&Diz^&eYXOXKQHeQcn{yb1~C+xl9Rozg%T0)D3EsnkmJ!FZtv)mgPr)
za&gT6t3<e}I{IRiTIc^Z55>u_NUlH)c46IK?HBuQeb~P^UYUh6*qRo8@uR1s?kVHI
z#r)>Q^dEgjr>&j-GGJx2Zy}pXfB9A4xfw#Uw_BfhE$jqwzR9=LJ;lGV{m2F7f04)3
z!+`!N#L>*)x@m-A3YS5%RDhnV-(>jCHP$y{OoeEdf%sEsg}DUGHtmrJ`V}qu=}g91
z=psV+QVYX2K@KxhAAPE7h1rxUV~KxQtXse`AlbGPIn8)y*aZW|y$EVWv1tsWUT!Si
zJU=&v=5=yh)(!EK+c;;fQ5EPHCEceL=5bjI=ucRO8J9Ws`CDT=!Y_@UWdfhOns4MY
zv6;CeqN+HXLxVortxSe0sMh6t*Zn*#%0QPzkmI+EH#Xl&5b9#83;W&0{itSh>Z9PS
zShqJ|%5I6dxy_DjpR=0?{wMcY3f4mgO~<5Iw>;&iGt`&;p%^&;?~nW~`nUkMQNJ|b
znZAewr==F##kX@y3~q%Cm)g4zn-L2OIhW_2!pKTzn~?)edE|DJnf?X$vlLYO)SvFX
z5c)?U{+l`3rD6h8Q-_5r5lvTZ&8HFw*~(7eroG~u<b_Bk<jm$;%Ti0e&>*Lf0*<aw
zjX5^+z?GFU_}51Mpg@B;n0B1CkfUU^idZ>L#yJy>nNiPUZLKGSc+{y)H+j}}QPF0^
zdmpHfbQp{=OBSs|Etc<ybhBU5lr?Wf5n$?r<ovLCyK`3_fW6t%c4~29(##F@HHO2g
zeFk&tAT;e^blK2q-vy=ts&bs!AQ#77Ow)sJtj!?Oz=ieG*(eKp6>EDc1|=QN4<f7Y
z%nV!USe9cx5`({pPOD63W&UCfRfibc!|2p4{lCNX)+NVj#{&V^t6Kq2lIqOvMi$=6
zT<!jj2*8EL-gUmIzCj1^oM<z=s>aOZ^D-8&qhe^AzC%msGz`We7}}xbNK13^9ckjn
zo2<H_w9u&{;+E9ct^3L63mAugC|i&v)xzYnI~0!{EQB?+?>|IN=rn`=*y8OZiKkp+
zN4VA=^!rxk#p2DZ>!qG8^hJCS<2WhQG~eU8<W(VwXGMJn0(qWo-f&|S4PHEPrTV^)
zokf@~V=pK^)xmt~%+2QYs!W!D2!R9v*ZW_AFj4#>&$(`YF8?5o)a#DLxt=KlsHYn)
zZZ(ziHNT%@?8%*<bGcC8@erL;@u^L((jk%D7q;RZF8k8{ulU6ri&Ni(L~>Kus%1S8
zU=QQ;h{#rPYzOP4hgw*iV3JxuQ&r5@6p?=3KLQ9$5});C&G@%Nw@5hOmM=L=_?sky
zsWheFct!mnyo}-5lzG`jlm69u_DQ8yZPuJ8!|qqbF`M@>O_K)Ky6v)y^xyRJCYzSL
ziQ<Zv6dT?&6?ym8kgH=WtCqARV6kShyym>*aYeHo+Iwwix}Byum@q$iCvx5e#&GY_
zH!fYl=_LHrmV3RJbIv8&aIf?MVv&f#0nWe_kkqH24@CklI;G^P`&lfM)n?@lMCBj0
z#KD~gnDUDeL)g`hoa;BAVv4Ox3e9ibIP{<B07VrJj}gsov(a}?i^Y8JLvJhI7PDVn
zIrZJr!Iakf>#I4TiI}!?6^N3HbZZ^n-hYcj{~+)-V33NdF3ha2@|8Q-RQ8;;HrH1;
z=vDP>XW`rNoNp+QyPf{b<v#B2@a7{Chcl$Uh!!L;IcsB3O)3ymx7+-+4uEA0L~Hof
z=akW^z8{Xk(PL`|v%J2m;*wI)R!TScS`OIo(k5SIT>4(d`=eaXzrk5RJ82gq?UXcr
zi1a56D5=6AdiU?xUFis?;C!656eoDg3h<hRC_xlR-uds2*H0;J6N#3DEk`ZdRF4yV
ztvdcY8tr#_DTeNpaz`I>=#n{ZegXeZQvz2G1Ll2+riQ)biivH_ti293?GY@9VDT>+
zu3*A>;9~>q-@Uq`G}Aw>mLB$mK!QSBAzSGt!kp2joF<CZ^W%myO!HOR^QO0kqFQr-
z<@?<e0BVKo>c$>@tM2P)i@1l$mu0tke89dH<VG_m+g4Y0*Ve%<H|@<i{xe@~qP8Vj
zeQ$vs{EKh48psKxo5RGtXIpm5Ne2j6$J_oNfMffxB;3?qPBj>j-qVEoZ8`ia(`xoZ
zewb}o8;!Tz#3;(@doI=BcV+ymg{HG$oR9gYUf=c5eUB2`2bX0xA7Vm#yLfpVJQ;bM
zl!{|A(XwNcEO~b^&ULhh;z(r9XPd&}R>Oo{19?t{7g^t|ivrzXb}r>vn1vl0^~hcb
zYLaee&Im4Q+^hM=3>oRw>n_pU%Cq{V{f;fzocbXv0COuO<WpJs#d<Eu<`pNcd(Gau
zPK#NrWik2Y-&}+7D+@JpX6oFKVLxg`B+p%uev;rzDDPgwH7NL>$aXE<6>rwFUzz_c
zxHwJ}N4j#ZpEvSGjn8B!h_;IntXGU*b*`9AnvcqOV?!QH-65|lkJa4v*2mnK>8ESH
zP0hiuv^rTI##S+{DyFN(f9Ty4OvY;|`Xa?@DUZB!xb<l*eYv~<kgHkB(NNJr&+{?%
z_K4gG`sj(nSY_{jdQHFQ_h{aH5fdrU)$G2$Rm_IU6|~?A)R`+{sx4(2d~NB`JeAbn
zG1CVto~We6{!bq;DN`o21RKPB*{NRoMrNISe1g7e?d<}}ZY<)=xi~yR=R9##E2Dn)
z6k4X7vHq}5`J+8oDH{xI6|1R`4gdb94||ysvANEHzLrSx!)uPRLv`xEaXnATwXmzD
z8x!<k6Kj#OR7fs8JYKW!ryH|NPusi|sZy1TMUkxcK>`-}4tUiQ<vx0x;LTY?&2aUp
zqWD-EIq5t5#bfeI>Y6~N?mx~w?eBoukUi7$_<Gx6<2P3d+oW}#Hcr>wT)qD*PbTcv
zG+cL^&LP#tX)}7)UDRJZC~%Hl*4EORUnp&gb|r%{qbc@#Ta9QlG;Y5=!q_f2I#vAs
zNL)z%;s14KDEV%(oa~etBD(qq;vH~g?r`glV1M33mg^LLjcR|RY5)HB<aDLru(&I&
z<`g2jce|A@SX|`1kjk@psrH>$!7jmTolwE+>rm0+`gY->ib6Y+x|jY*6{I$hZ(F!H
zdFq_`oB5WvAW^nDtSQdmOQsiN(XCEZgKG6v8ZT6x*_(Z+?p>#D&Ti9h|5p6E_g@;Z
zT6fj+0R=i=P&O!enA>4(r&*<kAsM~m`AR<z2EeLRyQ+EHPBWs*o*%#hPD9pU#;+Hw
zwc5Y|XDZcLWYX1se{Xe2<8M#S=1$#ZsyF|hHi{HF3Pj#M+kOF86KK5<%e3C=nDHIY
zPnK!g7cJJBXL<=>SMRc`k7(2-4*l;p1{)}&eHF-1Bv+==6v2UQQ=;;|9<U2iAITYM
zk$LK1pv){vyx!I?{#B5O&C^y$^?J4L`t!H=_IEyb03G*U=~8T$v9KuE;46%XJGH~(
zAJRd%uLyub+;!3^7?f=Y(<{DX+muv5uN2v7hiGNR<%Ys%6av6+S9tri1j)d|+o?P(
zTVtE`@2B6=xpsaog$HT+A9;R{>-W)Q9gIAF`HMZEKFr^QHb~Rmwx=vO*6m+rI?)f!
zRuZCYN6p%~9Bx`-bnhLHdc)BVAbD**WQ;b5f6^fb=Ri9{Ty0Z@RL5k4V=ytSe#eht
z5jZE>j&-x&(7WZmoJ_>N^EO<FL|0QdR}TP~5e|5Ihcf=I`g-Qcgc^aZY#-Yt#zqO8
z8L-Fv1fN){HOImi^V$jQTw=#8@SQW!$DDm{jNg}&>W!)}Eyq&E4CHyDsK_ind{V9X
zm4K*Ic_EVc)D+IAQ~*X8XO_tzZ8>H0u36z!qijOUIgczq)%1m6@=AoSS_MR<qu8)K
z#bufq4zDC^JhwcZqQ|pDrK>n%D9&Wjn&v1)8BUn?GC(<H;2w|j(Mn>0swzsyzuN3U
zOI)%rAYE7hG~vpc)Na$5v9T)HlPwH}F6<AqBnox9lMjQ_<5TV7IF1`ig&GPTS(s;>
z#6N<>AndU#xq}*m{hHM@(MTh3aW`NigouxMzedbnGrvCM=qYZ1K*dFdWpK&pc$;S0
z4}>y(0qxv|H`aan2g@&F#5iY!ltDS{-m37bCnK?!xEru&h9aqsB0T{R$#8_`-rXW}
zIwWBo9@)(wAy?h2C7F?m_hhhxe2cP=>_&|2wz0>|j`Jvl^GocnLO-aX;FgN&;#y`V
z13fqoS<+QeV$@K+e<1`m*iB5=0mHbn_pG2kLy@9l!NX6_>pY_RM+zG`IfEMxprOJt
zoc~!e2^*0F3I|~WICa0lOR=_y<|09xY><7^+W2K^iS!vN3-oWlS&u}iB+)t4sM3O{
zw9q_aXa1*h;Ztiv_ESAJ;6>NL+j2eX8+h)U9djl9a(r(^QR;Yj9gzWw&r1C6Pg%Qa
z>niLKWx>SOYHOl9C4FU9spbVvZlBe^h))hQgWXDY7Xb-<p)!AoTjL2w94Qk=IVTd5
ze#Hmh!hrfy4&v>ac35=cT%^a;M)bYLH30Lvj(<0R&avPgZ_9S)7!3en@SnlaK<7%x
zO@Zrx3P;%ei8XL`H&GqtXoIwSKeIniH#mQO*34NOyU3)|@~VkDm}8u|z-O;ss4I~6
z3xZT1F90ZYoplCYlT~hXQC(x&H%;BA*$$=_0HhI?%`+Qz51CEW$!nx(=(^6x-{cln
z4n@TviAfAs#I18u8V*v|(^su?kRV%GwllHs@MGrstrwmoLGLSeI&&{FJdzST%{X^5
zyrM;!kzN@cqLE%P!Oj5mo=WldkVJ<xC#I9EM-;}BH`>hIavF6AAkF_PNZdhZPPeff
zF%@M&Khn!u++i+!>ptH=8iGX+zGwb{2ZMk4g#>LRU2Dx{pm)asy7jGd-qfE`;5iAU
zZ>u}P<{D^!naV?#NzXVYIhB`f+NsP|!h<u=ROHQ*(nk*RipSOqsXnB@J#mG_RB?c4
zvZC~e(uhp=@-ll0$!aNxVS8G=Jhe4_LEPzg1O=xw-9hYmad9;{up?rxs&O)~oC-Hz
z*E&b?UtY-QBsq{s+{t^}Ne@$UmBx-)Zv)U@%N3CjUMwS)%9ww}M7yJnIoL~sK24im
zAkP6BiaOB37`Hrg4wL)~3Gd{ITIqWqy?u%8{}$e3@bXIZBs(4krFj1bWmE{_vTA+i
ztXS;lfM%X(okK9-FbB%}?B#_#*no?lyBWSc6tVrEdAiCMo4B%Z64jLFyx+n5%=tzO
z3|qTq@WP)h?Y+e4)RC&S_tM^Q?<vYKSgwU)c-61-;zORitHS`dDWT_d=3H()(G3BW
z(f$LKX|I_6Cb+IR%>C@`_OzVbM0r#)8Ed}>axT6D;=bqObN7UvOj$LtxQ`%9G;T}T
z^lmp!Y*#CIExNAuDurRRjooE`=rN*xXc&2CLE?}Q#Az!beH=Z&uhy?R=-G)b5ltl*
zi0S5)=LMfttU58+$u2SVAE5*?*;Kz08NU=X0Z>;EZBVJ}iZA}wyj4aJExpIbCzD4k
z=8DI)gdwb+Htf=@f?Fnp&Unt73aW0ryutHlKp&Wxkh5Ms2jqXkOYfd=;9bH$FW>Fn
zvZd(b%YK1_)<({q$s9c-!8PFEzW6mIT6YSfnK)A=NhVY$f~rJH)rp|BANwPg-zC9M
zY}C>dY9j(A0))Vg<D;HeW8Nsy;HMNmC%u1Csl*E)@;?~H?=M+AZti4b%ou~p3}6=j
zmJ!Ei48<}3mY6MXC4i(!X5TAJgi9dAP(I~nl1@Cx%B|4zKv(pxuE@{oKjru9!hMHl
zLqqN~k!n%ks_)e`{@4UCnBs_jQ=h#z@LK<ZaML&eK;4DEndNhix?o`aXrj}fav-?5
zASPjH-AvoHvw*5!EoWZy+d=rzi1ICU{<ufEA`-ejOy;qdI@^fr<Wrz_3KPIlAAW46
z#i7t8&d9B~1F#z(%GYHhiUW3q&?%xJn;cU=lySfX|J9P{_dowwY;|~D=?{ETgdoXb
ztEq<PBxPj|nkYF{g;dgm>LX>vOcx31&u;r3e=F1yp47^vi!-fst^~_0B{acNRfWY_
z`oJdlB&%m-bqWZST(1ulypZ{y2ZyJTU!WbpU|s6}ci^CHA&@lVhC9Gf<Gdm;Hud`m
zf?hIhaYR0q2zXQG2KTPR*Ss0*T>46z_)-2JkX(Vu`b-JVV~z_qWp)I3fy5r&4=<0I
zSUZnr*HS;mzxTWjuLG&v4llvJCw;HK8uga^4s(%oSLP?8pUTj0b|a)i81S~cUVonh
zGFoQ4-Ynd~ndcl1DQDfvZE#`Lxsy0I{gOyGVfS0OOF=9j<3xZ}uWtu248_>$(KW0e
zW28N=A_BlRFQ@;E<OdJu!_)25aE68qLSvgca*Sg5mZlvS#=rLD1%L|(=Wc<J4*S%8
zK=P4!&<#fO#C`9@K9Ec6F3JYri0AE_2*-6F^)kJM;Y`4-N(v=4HHyKX&GZOe!W(-x
z8UT{K(V9??`=^^zAR9P)?&;fkI*!Hv-z51sWHI)x*Z?qkBiZCgn~BH#sd;k=fNQE&
znVE>(akW<Ndob;}ziJ1fd#U1p{L;uD%}>aH%+7kAX}y}4T1y=zsDl~4@T+exPLH>D
zUH9W7I%XrFGt?L!G<O3-Fwhslk-Nfe`IW=IZ+$*xx3U9qbyIC5o|d`^^|32$R?`>A
zG?claX1bE`w0B#|JQxIFV3#<Cq=_>2-uDBTzo0cu9uKls5*xn=z3~v;liLta<?Qai
z2cHe9g9mfGOkSFazsYsZ=j=wmqpwcV%&<e8rC@|8ijm%c6L%>rZ<Q(^&58oG?RR0&
zv#8I`uSKbTO6jlLWz<a&AHupTK+!H`lc9Gy!RqE?Y>fa{HaSOj&D*R8xc3Tu_4K_`
zVt1OW$&g1T7mF=`+~ZT=|GX^_bPOaB8U|3eaJhwlY1E)IsVYoaIVTERpM3()e}Qih
z1avu?1wgV%e4VeWm`0g;HvcrJ2%-OPjx3#Lb#-GvD*sIp9anT7D@vXk0kI?@(}w7?
z7;s#A3$;TZW$b@25^YKP2@yG`Ii-V*e5_T3hE>FbsJ!%`lza&~j{-$(`Z<NenoO(}
zT``^0SXuE72=ESq%&dZnM7Sn*>Aj;=DXVz3G17H;c_a*=fxL^6H=KGxCZs>jkKqBH
z{$zvaVo*OW0s+s$PzOX`fV`-QOWC<%(9yNE0{Rh4+_Ae^ffPN~-@>@U#clz8XxvgJ
zFTtJ8rY{>Y@T)PXJ3L(Bz1|y}3O4>lV5DB5kD(Ao`qP7;vltnv5Q=C=qZi^Jo~p0;
zfvwAsueu=1Ed@w4bqkjN=Eg_t0&DQu1@ZwTw3G2mP7u%zh02CmLuEzu0GD9ZP)K2E
z!xmn0kQ4yfhaYmL8|q*K=;<bxIS4zml^s!t6Brn{KONkUaTMk8Ltm4mI}AMAp#1P(
z>X3>i_%6-ckfM`nNvsN+6zY^nII`WiZI9E`{I<lIvw6{V554F;F}fG@6qYn@9zIsw
zbjf^$VElfR2j~q$Ke)gjiQ`P{)r{3nH8jVSd@>GxQi(eM22tAH#25#YL<3hNEP+pl
zps`a7oC9Jy+dm&h-rC1IsWb)>NcE@Gg^|r+j%|WbL5i1?hs}SgCKD|Y4vymnsucI$
zkBtGH$OSn(?<#0Hg|*-uo|#Z*3e>|(!CgozBNXBpLx2j=3^Ys3k3=zI+=;7u2RnPh
z)>WyhgrqX1he}gdNe4CJ?rp-UC5I2nq9bRliEqm_-##7$lR68dwxkG1{iX4`Yb~I|
zAWol<!(nA-ibgPI0UvaWj>U1wbxL9!Kvpthp-jPSRminbp;^xxjbYZRa1S<mHt*`2
z|2<yXLS7u;Me;v=lx!)0I~>OzA0)))oUy<$ze1kW=0Q41-)HlN*XS0b4A7T!ygcF0
z$!?QVw*?vb(e??wu+PlTC<Blr<EogVc6eB2JgRr4G;0fhJrW63$z^N|qoSI`J`ycn
zz8r%S(;}LDpnp9UO!^_}w^Q@2GUuMkZA7H+->IcE4<(&_SalvtRWxA+9UQJw<n^*!
zTAuX!0~1_-3W$y=Q=84%BM-84zm=K^wp@Qml7<>7z|-nnQXE?y;(~2Wr8E}@9A0@O
z8cf)Z>F7WOuIR@y5v*z>WfcUF)@S2+im4FvlgR5VsP$S-^k;idbjx?l!*{+SURgQE
zpEQw!Os&!3Hnm7|TB23Oml;#*MIzprPLs3x9D&jjG=olwxTD*xx(l{<THt=uGQ0l`
zkMh+LYV%+xhQXlPd^_jxe=iADE$!%u6?Q$_hE;n9;X7yWv{SE%v%}0n;DUcVcEoZN
zAUqZWO|b7H54grrk0`!HQ5qS)T67f;J=Q~J<C+U>8k^fN=Ot3cxxstK*GGSYS>`&;
z1Af}&@i1)Gwya}tCvB|q0~u{#s62XBIr(#ecM}{rfN}qQ^(!j8;|@CZR*62<Q$Z!(
zLiSp0#3GssE#}P&Sobie?S`1KekQK&{pq$Kwrd6s9R_e78aOzzMb7@#Q_}VB7P~M5
zXGhS=y7ZWV%ZArnn{0fO%)vv~?XfkkISDIu@xUfToeEJ`RrMjM={#Q?m9}Ne6Qz;_
zpaO+z7#&NtC;>AGTL|x5)D<9MKs7Ah#3f8vGmOqLop+9T7wCu2%sa<IR^h3${m0#F
zUXSo3=uS8y-dhgyLPhF|USwhaF2E2GPH}r`q7v>$k%OEp8Xa1HYc0{A)E-B!kcgE0
z+teL{wg>c)^MwA2<Pl{`bxeDKxGX+KW>9j8FHzz2#k-gJbgLSvvluCJ*kj_`uNH$r
zHE>fIpe->YCZ4Hv<FNdvtcvT;&XB~^$B_EdafN*k%A}T!L#vqZNJjTXZ}z0!JGDFd
zXDrP{j2Wb624CKk+nX|gh3YU#bt%|aaNa!jK^1tejV^!I2I7;+mn%E^-k$90C=sTy
z*9Ky<1QgBiVC{lT5T$1GV44}GFQV#kD`$9gij^sIN=^8OOX9!G@}SSCQMPk%(qhi+
z>Lzbw$v(GnfPt23($Y30g5&DL`j!CuWpr`Mx5U165fh2gmd()!-=qOYQh6}%3&-;9
z6^6^tQC%-AL0S0^is;?%_+bx!zJ;Bd;;l1VInSbZH&zsVRMnfgL{m9H%aarka0i+`
zLI)mT3>`5kZ1L~~dfhS8Ij0DxOt*U_d$|^Y09e!!2EI8%Tsf}MJMPvVxj@YfvB}7t
zGrQxDSB5;#e`4Sv5Y#yJxAe)>p*X>~Ah=TrK{$&36O{}<jQ*pQ85>7%;_b2+c=s0{
zS4@^{auxbKQ$I_$9>v_p3~&aE%JEeo&IOALR4`0|V)*^X@ktj2*qtg4!gfB~$KNDC
z#3R{4$C*~pXO>riAm;X*`Q?hv<LCs7l3NtBTC3E5{HCx%BLS!*hb?*_HZ$Kh44_Q_
zJ_?cxF<+JDd1c3H^3MUBvR&@F&A>sw_zKJfoqye&EH2q}XQEkV@+yK~dWQiIRI{1F
zGigI<N2wTdIX%i2h;SdXtL$G|IrHVT+iIkFIX+_ZMVXbXqf&cV%@7+0PE~oD<j^Wv
zK{~w_bYZ|G9nt?Z$uhn&PAMl@u~S1f9mKXX<fZS>7#c^w1PMCjE7#brjamIuYWmvn
zbc(D#ps)-ORO0mWtuBC173hbBnpGbVcML!{2I#OKimo$k{os{!<87A2qs<_-sY9_9
z5vfHt<dsZIDRI0_mnev$I0(=9hi}eS>{zH+|0|iVJ|JqCH@|bvxGfpxU*<rqExzQb
zZ5@geb|uW`K=QhP^#oUrXPL0LM3`5$=-m=aK=CDu0R!V5t*T5;0y<QcpY%qkB5ar@
zY%^hW3m%}6oks>yQnbzy_4CZ}QF`~Z_9ddfsR*p3RcNVH`>?jKz|K|5=R8{Nt^s85
z9UeeDSZJoO;U70!k-}PfywcFMEZD*UP;W-&V1OMfpe?y2PB@Uyu+@wVw#EY-v_aGl
z{m{xtV)<EAaD+w2OkO3Qb^eqK7-|+6b!H*Ykvf6Kk!3}{{O7+=S5>w##{g#ek`;xt
z30BJ%_0>jgVZt5H?+b4F*fr+7g9pcItIt-<4RU2G9U_fyHoSw>$#R&y*)aSS6i7SV
z;&M9ZP(F4)J`1AOe>$_mcJSsMj6Mde^fTl_WT#^f_LQGi{$&fN)qfVCnHwRBKx&GP
z=mk0_t|P?d2rBqMMyY&vGrB+q>;KY^#baF!)Me-K%jrI2rD0KmNeWIyK{z1B+0UY9
z2SQmmUFP!ZSsEl8RJ{s~bbM)v*m?Q5*|<KSic#~TzQrbiR)J@9`F1QGaf^bO2i-|W
z88G85l7L+vK>}aOf%WZsdhiD6Ez0LY+LMp5^DNJd;!dH%Jr+Lii>zh7=JEBc7ucl)
z;RA~_GNjFyffnkJbomX~$_8ntKbiAoyR<}A!ybX5PJbjk*;l@O{nBJ9YqCH(p)T-J
z=gc-m2s=i^%;MG-pu53Zh4Q7vpG@fv<MZw`OYQ)4U?v81lu+2`Dru+`D#X1jd=yM1
z017{q0kCYs3Uh`rtKNTR@#TrONi#<gTT4LuQx*P<fwk_Fs1Er<VYPevtOC!5ywmoj
zSzu5C3}8G#@6oreYjzk);)4R`S^;fHK>U;V2R_O_{QbTNb_LuCt=wtMz;spUIw?oN
zQqON}D+rPfotZh(J1SuRY_b~fh_zktL8ZtDW}t37&9!<2jE3?FiQR)Gb=0L+?u%Mr
zl`2f^q!2cbghcrRw>yOvSj%WfEl^RuW=U&{A*if8_1&q1xF71Y81Xk}x6U9`-@7<g
z3UZ3k**=RZ3|OWnB1G~Nv$k0|ojAQ9ln1N&)<YT86J7KtA0U>toUaKfLP*S~YekG9
zKKZT+Vb;m-4&nZ(J1Y-1AjOnK^2Rlkb(Lk4!KaR=x*YSgasm0=1&%;Hl}smT))C5n
z>h>jg9HD}D^AXIq(M01x$xrKrO4+!dZ!@T-tkVPH_@T5|<&BOx0vU+E!VYLGb{FX_
z9=~04#nlPevN(9AcP(2&*?A783gOal>*vn7d^YVjGTL$p+_*OBHQG9I34EJfj<hYU
zQv4>9ZvX7P3ABDN!TJFYJ-H>N_nDw2$*pA7D^z$CPbJ;yw^=N=g+PBQk>e(6P$1c1
zX12`Oh6J7~(KLNqlLbg@b;WW?W5d~Qx&b@v?u$_r23Y&8jXKNJ`l=HTiu?zB_|5z*
zT*3~{d18eveL0OK)v0O@Y5b4#6Bp%aJuXqBxI&;{Q1#MS>=CnXPkn|MlZwF0;31HL
zms@me4jBdHG>LhcLz`lQ941CQfr-nNAe!HK3wR&d8v6NiV`FkZj=99A8Y=eAV0n@C
z5G>{@TZ9C<PRMUnR;bpx`)9%IEOl#B+_jztK>wOXIpvNWCKh9Xu$I|RI{i`)<27**
zd-QG-SW&N?ih0Hm4z3r;uR(G%_HqXc4+0tF5Ve-3RFGzufKa9fN0&5I6QB(o9{y(&
za924Hs*z85<+2n#RxwmE#UoNbc9;ngK5Zr%2(@_NP+FLq*<y~Gw1xvza~eeQ=yxtv
zV>QV2;fF&-98UrVASSK!AvHuCZf*B^1fuSYpWT#;5&<rd!~AtoI$vUuWOre(2a$L>
z`1X1>JOTycgYj(EjoWPQjZO{Py0Sb_gj8IxvJ!pLpmpC7pgItKJjN-)>N>uPix|MR
zxq!Y@(;-0RApksRX-e#tzf{Af@LZmxl1vE(eyL_ffGR*wb^kvp+B7KPe@hu{5K4Vp
z%E|RCacE-)_{~rrtQSBB!Xb>c0-Ry$#<2h`@?S?tTq4uyzX4M`x!I+z?0zUw<>@Z|
zg~~eg5@{xH=@T*03(Z>%{tLBx;B?evQPmaWypO^=LDZ7PT$S_lH&)Bp-?6;aO=lQ`
z@%^dFVgA6-8#5*LWYK2DLxiZT!Ms&xft1)<jiaW6x)s3*j3rh@VO&Z!_;n(zNq!eT
zReska4QYajj+H+y3B5_B3c%`12krv|iqY-&ksRqGuHZ!XG|D(xjmeEG-qz*18<^{H
z9EVZ9A4kdjhFgz5DC<9%zu|TUh&Edx!Hh6BgxMvu+vKf&Bm9e;cbm65KyRZt$%x5Q
zuM}ce%ZsnX=zVlQiG{NMZa{PSgEY*JQV4_Q9WTsIUJ&EwYZ~IZPLy;0jXKJ@;Ikab
z0Xxe2fF;pCe2Wk}+XSGC_j_7b{Ur3-HMk5#90y@f+bq<Mjmo+!rfi}OEO(H~;1}0r
zgJ2=y@uf{=^lHQmeA&c={%98$F$~MDB?!xxI>x%ZFAjx+QwDDj48r<RLp==G#*2gj
zM5-Sx1e!DS5Va&3Feo{(hS>$-iM&l2^;Q5{IQ1E(%xVJ`kI?U@D!oBtBHaJ!m%1>!
zPJQz<{3b1<p&fsOb<8HMd*VFZ5iN-1x(qD#kS3^ckSG`rrYhAM6cA$SMYtWaM4JOB
zq3oWhFH-Y#4=JGtlO2wl%s^eQlz<jsGGd!S&qkANgWxFJ2I9JgLB02?oh(cXgSmZ0
zz}Iydf)?KvHKSJ*b{Fe0l1;;#U^|5A?5VSzMmdpY+54%pasLoI(Yr5W`1T=ouGRI8
zTCHkZkws8sOuRu;wni?+dAgR&Z@+|R7}T>4=+g(25dm==<cMbIEtPX2)hZNDCFz0N
z+&nI$Eph?Ljz<e-X~JjbPQwGvkO7z0b#D%U@a?y2{7_1vfBDMA+K&zsK`}CAOCOZf
zvW>7#7Fp<>(WJTfg80;jAi0^ojBdAt)25s+93*Do0K?!yf2KIro<qaJqHHm)=xyy7
zKSw<`=1Grr2LwUYqXTn_0>1Y7><mMaSJ7PB=1-&>E@EO(_H%MNKW*;)e(DzsyaAmQ
z&BEyK&`3iGmf}6$$se@V>TTtS9eA(rL#e088a^T1_`Wy=%8#a9;J6$YA>qx*rF$hj
zW&4K+Z(zk=&>}beD-OHppq#l9V5ykU^gjviEluh@OwMATriZqwGU}i=5^bKjZht@w
z%%<nqjI=zNj`y0@`P*8UFK8apRfskAV3O_?sVLyHStDZ9E`4P?{J<k!qEN|S8?V4s
z4^@*^F<zcprwrv%g_XL?<@|Ju7`RKHI{H@w@$omNgDgwJ=&UB9Pm9XFRXrV(H@w%M
z*F9|Kr)il$IC{zyK03j*dxyU=WiEO|c~7xqCERTq;JoHDpP>#J5(g}2&)|a~tD<#&
zu_|<U!=k_Z%Bra8TfyWV8t3h0rS1llQ<e~({9+=u?%sVx4TLD&qQ7hMGs}APhaszF
zf7%S#&6A-Yi!`<*-BU+TH4%LNM*MwsNb0&%XDdwW(mQX|*;=0;+rLX6J!Rjz=7TVG
z{>FavY}~shf+g@6Oh#kQ0FO$i>q|R%4O*G=`3z2kc~`)k|NbFJV-#pcK>WH0|5!Dh
z*?u|=1}X5USnV^oEGpEF;0I1|%3W0**i4C`_A6LJ^ZuT8+YKpR5>Y`8pIE+RT8(zJ
zhTfqtOWu_f2w)nE5AZB-woM6GjA^;t#}Axbl)6`N>G5!x3kjHn@zd>Pp1~?k0ZH#y
zjt`_U!zlQc#hQhyJ6CpPFh7a6=ottRzrh-yXjAgm^a>al=r9}oKHRVDG{_zB!mE_u
z+t+V5FnaPbFc6nGO7`{ay|}tI&}Me9Y}eb^LB3xQn7p1SPdzt{|3;kkp1BuHPPW2%
zk^NjbPz{r5h!p-Mg#9VCupnlGL28e8db#)fre55iQR&UvuW8y4De6(Di?RE+;!Y<v
z&j+WFuB1R17>{4K>E&d81vXHRV6Xn}M@{^Lz$6zBhyH;{c+7_F$nkvSgx>|41=ETB
zx6-CSb{rx5|Bs}r3~1wd+QqHKwRmx-1&X`7CODMhPH~6OPzn@xFHoex-JKS9g1dWg
zZQ#xC|9;xL+1b0<&0cnP=9yW1L`EY%vIaqHIj5b`@Xpd|?0fsd?j}m%)VBp`0#>yt
zEzQB}-2L?Hn0oi$!hOG+wI2-8(7QavNFBS1Ek+G#ScP;iMkTCc{)171mW+cw1Y{(!
z4g?KSL{+R~2Hw4~MVu6WHAtjVtVvKF&`l9FvW{u;?;9WSUuL8M<~3^${)E`jVXfpf
zMlE+DSZ$UIp<S(V*Jy_6hp%bEvVvIsPFv!a$U&w4(nD&OI9GyLqpLf98A<$$kpp<b
zCDk5D-M8x5x(C`o@d}4U!J9nso$THQb>yKep%SSqG?T0cdy-5gMX6olFhQK;)lto5
z_d2Pou}ACiCu_bz%pVJ!yn%d@r}4E%_5co3g-=s9pzthl3Xna$h@vo4-;eIxF=R=X
zy&v7{S!mA-oKVLoaRy!<xqXrn0}4=5oDc(kgZ$57(s4|+m3O?s(V@m+85E#ZW7Ob<
zUJ8)wwTX>-%?D&-+M00R4*88;QltxAC3Ff<1AT@q>Xs~GsOt1NPPv6mzS^<hq(|U9
z0)KWlA#Xh;W)PROK;Gy?$+-}#cM!V|xS}m7?=&#+VeOeaY!mTAu@uV=P86_>>%gvP
zHbEnECp%5Z7+oZY4}K<7;6dZ(nUB+$*%5|s21r0Pcy!Kb)d$(JD`{?YU>^AiUNex%
z1W>jeySzWri_A95IyiyB$LCH)eUKHqEFFQz0if@&#mu1Rj_z7S`QS?Ov%+aiVu794
zm&2G(UKA&>#Axm$g1AjUv;nZu55z4ZuCC56!Yz7UU_W;#Yji@I$@Wd}O|2OG2nt(9
zb!fV~F=!<CeOb*g{42OkcaP1uWqcV`#MzRg<UfU~$=xHjI)$=J{nN?EMt5^3B7?e^
zn_zHdV`^$>t-E3)7S+;U{}<0Jso{?~s(M0e6u2RmSo?$?u4IEPIUbP$jW~MCm6z3)
zBUYbS0$j)rI&-)Nc0P!_*Jf5fQeGTVUPfbfy4$hf&_gKjMR$CS8OKdHfeks%#bNG8
zsjD{6x5>_Xk*CN5jdf#z4W=7^y!UcsJc<~8I@$D4BR}}?!j4Yxzpv&0zak~EL2*?H
z!v(F0ru)qJV5+U=UseMsCgxqd1Y!91HW*ix3i5wMp~H!DN4cx?ZcEuDwaR5rL8X~L
z9H9EFhg|38qNvX+J*3SG8lZQg;nsns)Awi4dOZ%EskbYA`#I~2_+1UUKYKJj_HTP*
z_n#7{zIk>p=|0MF`dS4(;#%h)LDzrDIbFKRLDu)d{$7%Q7*ilbnYo0X6=k!!M4c(Y
z=7>9|N|{M6Y|v)+sPks;Sz2na%i8(_Z-EVz!@MIrZSb`4FiNKK?yJ-_9<mwA@Gp3-
zb4%6Qglaix3RIX^cSsHY+N~&AeF(q60C7nU!vFDq?68o;PJT&Hhq;S;;7P|Fo?e?k
zrJl9vHWlstyDY1FCd7+<-0fQHQZV=%LJu{BwhHRr`1aXy;K5m|PZcE!>ULN_8Il(S
zIR~c5`E95xgacy6enDy7MW%s`wP!9MhqjrV3bD$E5~JI?lnV1-khpr|Ps=Wi!`Lg6
z6`nT<-Z&;}6%#<SxltXir^R7fotT{^hEFG(3EYllA;L)s!)FAn9g2AsD*~&LZ$mB@
zhZ_S>GtV~bQkHKq1M4CtfWSw?pQ96jjUS$EL5Gr8i^Kc={rmRwUh<mj!#oe^JG*&k
z+|T9Xz+TO-k43UkCnfPeI*?;Kj?%4wl7E7swRsgLmx*!8scRfsIt&j_Y#NUx)b?Hz
zD+44tGabn4w~)FNKMK8^3gW7Jr(MMWw9mH)A<_cSXwCq(903Q54e1s+6`U`bcyDkY
z<v(@v1lno!P_$Z0@-JMG(7rXfitdJ(&*t~s@n76ci?vSu-K={=(8aE!yFupnlb?op
zkmG{2BhV-2Clj__KjrrXAurxt<V&Mj9spZurDB#?@LS^W-mtT3a;)a}R6e1K!0K`;
zeoS4h3-pN?FYe*l%z%TCw{PEP5ob?wiDnhI1G|XYG(YW2{3(v(&ypApRgW+)TaR32
zar2_B8*=OlU8q{PuG^QkSz6Ew?viSOk20fe&sKOkIW(C6{1a@G6gK?1BsWu?_Jr*F
zs;j86Fi=u?Q0>@h_n+kbC#$Vs(8TRk&tS<D8qLZ6*Mx=;lG58U5o2Nfr0+FK;2eF%
zR5*L}xjys7jy~wA>qDdn25JFrX<drrKb<`4o2R4+V5KNs^=)YAy!W^2ao}0yk+7`c
zqh<+!lGi#uRERc3x#5>LnkS7%@u}zTZxm!jyy`=4Z>^t$(jQmHaIyJ?ST|D7GhTE~
z)Fez>c7JyN{TkSMxhoACz<BW79Yl_j9OA2(NxA+ed3Nfi^z()usj1yEc%^MGzB@`5
z`LiWxRN`#aP%2V>lJnTpx<l~96h=+h%v56x9HPS|H=u(a4s+I-zaa!Nev&k2Gre#L
zfn)uoD$s3^f^{vBkV$gld#0Oysp><f#=~i5N<WO^p&}Lfl5Se_Zo8h~x_Qgkb%8`*
z@*TdHT<g}%>)Qd!IF3%j>~WHH=<LVgL$Auz(?|=0O5X(nP^F@;xG0=?az_x5dtMs)
zMXz$7)BDd|9QKOXaAmV{qSWdy&&vDXT}EQi+P1BckVWd9Ge%He;(|208$z!X88lW#
z7EG+?csAx!Z8)iHo?5?6sHGt~m-x%TcFu{g3H*w;L?(%~*QerJjttW1bN`bQhgC1}
zxAOk_J*aPBf#gn@dvaH(ZOc3k=R|nCQph&+tv2F8_XAyvWj2!Z_`WhNTXb*UCeyH8
zX2?W|(c=fp_(5xtqTtpj(`{SRFV*^|figdn6d?FN1wSGkntrhj=RX5Wtzhj&F`($Q
zZ7sf3b3E^XyN`%YqK<Qjzl;4gx$qTl3l&b~Si|nSe6Og9O(ilUq43|=a`!&&*@9NK
z1l6P@IWD6zQWH-JW+}5HH9dfuN5~ow6{I$zi#(>uM$0Fr@@DRH?AX8$Atv5`#82e^
zo4XP=Q*5B{l7#`*QqGS@_JO07y2z5bwJlqV{?A`LIQ0Yn^f<K!scby5A*MG`tF^7J
zMkK?c-hI7P&rFnhG=CPUb$783)o8JQ3EEM%&Bq%_uF1Rl&oe4;y0#Oi%r8ctmh5e2
zRK|)^GHUFv>_M&?d|5z;kBBo;)onF#vL&27{&3tR{Ti(?`J!E7@t{3G0g}|Lqje5a
z_<2ZiTgWkv$th82a^bE1j&aTXPX`HBHp%_=>m)lb;Kpg4+UH$Eki2aQhsI~ZqdQSD
z6<K=I8kjJsd>^%)8)L!r0*`<u;wffk(i*2t!Dj2b=-zxM)7swmz6mUFwq+lDNEq~G
zf5ELvlI8qC_|R(WrD9ZCOms_f9IIVuAh!9hAE^53<h$a|{PMK#2*E_6i>%0&^*$PD
z?tfeEVuoNhvyE{-q#BVB8*ALT-FXb_EiT1Cx#^@>p`9?Pb2Ow)qD1M8uSgFsuGYAf
zj%@^q8{k4!0sS;ivF-pe)JGG1x*NxE_fQqX*QR?LMl_lsmYQ9xfOkoELb^8-<Nbp@
zBD1*vRB@Suo*QwH*UdiVy*!3>Z{xTN6E5rzm=GWMBm_O{!99d@`R=K+t`dKFDi3gD
zQ+2Qg1;6_$zNM^^*VW?LsvqBma+AO;+>yQ{EYk8iOEvI|_QqZG2_Z=}VjF5+vfsrR
zf0r0c?I)wFnL2AbH{KyZa&w@HEWmS-l}(iCuM)Pet^rd;7FUm|pjPJ2*5s?Ulsy$w
zPAuLpa*eXlnlxdd!f?dEMW7Gu(@>dBKgZH`GFI;={-^X&RRtI#P9)#+joR~7L8l5a
z<{i*CB{leB=)RINhJ4H{MzyZZO+658HIwH(cxYOYv;DpLYNy*81W(J@#$K4LsDIc{
zOhcnFnWMsk&e|#;l_s_EF8;RddWY{DE=&XY%`$%DCUz7hwL=1T5LceYf+X=}>wIbP
z`Z$*Cry&G^Vu{I*?&j*FwwhURSGB*ZK9BlOER*px&UmhjmhwTNQ&fR8K?0A5Z7UF7
z5>wjK`vr+hw}$~en3<^!7eHOVVRqgn_N^E4h+hpzMUB)Tlaq6~Uea)5-wNph(0HAN
zI^!N#(n85a+iF9tFUiwLg`|%bSc(1pRQ^K^>cDmKXGZr45zx*URlqSs>TB6(jj}%4
zR;7ySPa*GpNOuf^U}=OOYu#N#X*OC@FpnBmsT{j%Q>|}C6ALX%KC9m06Yq#|_wP7H
z?c5$SaR^lZ`7A)OJz>fBd?)~VKaVPxf0A)pGHf;9%5!-0dt2q)#%#5f*-ibkBJl)R
zKf+VGGxR}2=yo2f{KUo#&6JGQEyoXf+A7s{jO>DCb9prC1uC4+Krjl3;Ys6FA+L;<
z4N@X+3NltDQj|9@_i=PZ9eOS#=(0rbTyxJ4y<c{ouN@ae6<Pg64eb8rQq+*S?Sk3A
zIw_KEsvDOy`vOUN@@GHFTgNvD`syXrRxIJzsThH`jxXdZYdjWckM2!eo~3A|UNnI~
zyEijq#FSGui*R`STYLi=5KP}ram7w<VcS?M66(Ay?vBbD{UZO@p5b8gzPWt#qPz*U
z-Bmeu-nQD$P@Kv&z0+6TXN-u`t#_*31-EZtJSpB7nZ)J&K$~N3DbT2F@itZJ*f?`r
zR^SF-IY?`D#aUPT<sh~D1;G;Ga5RM@Mr9tX`e~8NS-_Gphr-LFb3Z9+<RX(Ta&IDO
z?#<}Yh>3)+>Zf(Cz1pY7S1u#n_DCLnC(a-|SH84ufwXPJ=A4>#@3LVTc_>jQmWTW#
zCN5$`TxP~_j4QL!!M^MPu-bjr>4bL>8+wduJcjLqI=n`Jf9GNIS-{-xjCmx&On<&%
zHjS$X!w2=7@(w)Xk0z*PHW`^zWK#$zSpALG<0MNI`54AKK(kKJ9HeLz7Cu_D=Yy8H
z0zk8LXOqSpP06)<_?K>(1jANq=MV-)^|0Uj34Lr-5h*h?)T|26UW;r6&A`)DDPh><
zZ5$h^KII#CmE9F>$OWpEqvbX)CPsHm9Z6oM81Qs`br=?ZCkvgCt=7Bcz`=vCN1@;z
z{^iHB8{`*lyoW<^(8b;C{`Czugy5J&tuF&X&w8Mo+rM^%VFiAPlPr-8)}%Y63DJ1D
z%<cA2<{p_wlPYIU<fQ#++tDomLZ_1Cd=++vL)^@>vC#bLz}@^OJP5=&pJeiOC^CH_
z+pYa*lN$e1_cHwr%r6nge2wh>pG22d9CV`bf{!J8=ll!$Lds3k6LJKsu9p21$TZI{
z`DQT)#Bx_u>;I>0fR?pI=-+o7G8~R?rK#iO9cP=ylHH-(GYs52esuB2pum&o=+LLP
zZ1NI4wBqh+sd3`=1X?d3sRj(>*f=sINeTRgXDNi);73bzs6HNQa0uO}asyO7KUS^H
z{LmT;0^aBR?$QY4N^wOK|5uu-Ri|e(on$-Z8dP64n<9`SXon5QgtvOPd!wqRqO;vj
z4mXpG#~pSF$Z{o#eJ{1TxnSg!vCUc+2~sVJiEKN41CA=MQF~F;(at}fQEd}=5N|G5
zAitT&(md9;Y9BuD2tz@tI+AYGoGd*4^?<sn8q$JSlaRJKiTsPnp6#zo-1kAnL(>Vb
z_wgi!FASiyIMnt`Kz-N0WCNCZHx`xh&KncIy7zO#ipV20Sl=Z`_<Ywhui|mw(X0v>
zoT<Uh{%6XIZ-gLJ?wivLAdfgysv_K$_`4dZ+kxq8PVe4QufcHXIJ8GGQr<O@o!*B5
zWaYRAwa5ZxJ9_)S&F(>LEcNH<I5|3~BEOUZYSJZrvy<Q9rxlEFjj<Luf9<C}x|HDl
zqRG;7PA9*S3m#1j><{;o_he;3ifCz99f`Dk7z^)aL4MXmrK*Z;#($Rk8P)FV+aIo>
zi7FzNAe~Dku^~wISDfH`z-JpBcw9@hoUW-30`EnBc1c60$m%s3UX_a($Q?;4wAVYv
zf;`WJ^*$@a{9KK8JaOW!lg&^?UfSCx^zTrNov*1vo9O_)r$#DtD)TBNcQFz-NfI|s
zbCgj(c3x#O#&V=u2_iSKq^xEp4f5srSKGN*f!Au?3ti~VH)<P~d;q)BQumeI{ClKI
zpAlVFjI06wE}Yp1(^vdWrHXGHc9hD{nI!g?$1M&r`--u~wQYv!QOzi${F6cBZYs9>
zQlD)8o{Kv!#5w(o?o99PP)$Srp7c7pN;%G>+O6xQO=^7|tsNcMSO!i$s{E6zSE5vI
zBjB#;YNc{>yN=fRlvDKh2ZqenrK;KhE@~a}0JTmSLb^h@tDl8c8w!*$4IPwk(z7|C
z2|TF1=9ta9)Vh#>F8qUkGO9N$f3Aale=|Wp7`!if?8X7Xd6M-sd5VuCI2(RF!VqoZ
z%rM1#dvtQ(MN%88sYiop$eTQ9h#e?G5*{>>u34R&pT8lgrjSC98a+*aw(}tblQ<8W
zw=&^pL%F{?;yPqcB8Yf`ENcxRZ(x=9doszj)imTLb9R(FpuOoE6=Y!fE?kz|Y|N<&
zHP8&pSKzg#<HnjDC!@$Fs}{pCUpN$=BE=G!LYPYGSn}-Tp4#u<r7-uQg~D;01JpoR
zCNF1H4%)4cOEQRTXm4XL4>7}PPc?v-760)sX}9Tix0iREG6{#CG)NWBBb${?TXf7B
zL=rlFafZoaI}SO59tcNRsOP4zMW&Mt`XB)TyB6gERcJ09r1&fhd=K3hozLWacHu<0
z>mq9cB<@3!sA13e=Mdr)??Hh_j5n>yoIa+oO>B-^JWvne@mB}?n&;V~L?WiS0k4jE
z_VSJp%zvykNAuMdhSE;pL;!TUwzblKoWpM+^x=hV<Ee!IQ_MZfZ00q(+5US@f(|~V
zP~_$x2M`IVwf0<56XlrMDl8gmH2$HHV%U70;eDOVh)u)g$2GvfAS>AMAN3K=_2}_X
zy7$(z1q_MS5FU%4Y&W=DSv#7`Z_vLFmHrqsi1z#2Em~|*ZpOohr9(S=8*k%`DbUQ+
znmD$Z^dH$_Uw9IpCrFiF{szsg<gYhgT~Ep`yK39xtHrBDVcmEf??D#VR33Ozn@!1U
zmBDwm38`pil8FO>0bbXaCX>1nK_t@{>B&3-ZHnk1jVE8+DW<)d!{E1v$A{~c=UeDF
zlN`YwArQfH{Z4+TOvVZ=)kcMi{*xW)0)u#j5CQ=`pM>vl$1Pqp?7kjbT9bnQv$vL#
z*yMcxS1x{G)(LQpo+617mh$k+n=TZ@e|m{HZV3DGTT;sQfjBVG_0yN&Cz*Q>kq~9`
zPtjhAOMuos*s|i9&t`J35(T4sFg2c#jPx^__$!_d$Ok>IVC@+9B)kT>((Fd%o@?O_
zXtV4)Vl8joz&q^@a74l)yxIEiw*D13zNshG6(OIHChAj~Qv1n>wH_0&F8u$9$$cc*
zP*kGg+-RsukMUzYLlW)d-yP;|xRGqU;bGl8ED6hPftwA_m^c5#kjU;B(N8n^&S^(i
z^7`-2zvQ|^yqUI*5V27&%9JT@c2_68&gq#Uuu8>;T;XS@tf%2xnj^B)*_5QD*$x~y
z#*NRgUnwz{RbfGP?yu?g$q=!_7I&JVXtrd~4%{9kJ%^wh){|TEuQuM6=_vJX)HN<B
zc(`NuLHs%H!7s>kjaf|4nbCu^F(J^I!LZ~!MC>van}$8-L@${qRgW1?mcmC*!#;AV
zm#mwr7yN{PCb9dKt~BauYZ&Pa5nR)%W$G^e{k5DT&R7`c#F&DS#`yG1HdF)<V?>0#
z)d+uUwV(kR5F~@7t{aj5Wg~^o7xPjIlMSF5KO*~tiEZgde9evOKq8(Z)hw^t%g;^y
zF#PWfPw1_pb=e-y&+0yK`vfS$vc_B(<>5{)lMcS7hvx9ihW}U+stE^%Zdb6HNBY1u
zK`6B|uKXKzpS?t$34JdWx^0gmLJNOG{f>A*Hz8Q}CkZ)Y<>U4*n6DodyZ5V4oLsze
zQ7i;8C5oa@Vo9}U)ig$>g|_MLP1w<dj1(U7Ub+2I7TRIFSMx@S1-`b&A14PR@3Oy&
zH81#qoDWCfg|!u=M#(p{-hT~&1-d7XJa$|qQ{1kL=27j|2E+cv!tcg|zEV;B_?<f5
zs2S@X!#OPdlE4X;HN+hJ5JK(N`dvna#uBNL)u#JmS7ZY~Dx*RghCqdM8e`OZ5G*wh
z4o9=AvB+$_QiN9eEs<`wACQx6%933eYmjZ~ll5@*jJB8Jqn6Nd{L-_kT`1lfivC8r
z9sj`y-vJxhUCgE${SPPGTP$Bwo}=nr`Jmme@ZZ0^l4hb$GRFc-JHsY*@mFdE(*jww
zLlay(2bNb}X<8#oIa$d7<{<ufd`?}MRlrx6-zhNywO2wlm9V<s^Rc&?6z+yq%i$w`
zj74!E6TFZ3w=b6=xf3FdKaN>@<TA$%0jl?^;PX*UD1)WmefJ2IgjNBwILuRELY}H6
zdp7cZajfGU>&ckv-@9#DqaZhB38ePk$xV^G$(Zj6dxqnZIm!((SpoKz$uBL0*|dgo
z;1)Sx@D4qJ%Sbd>Kq{GxekFP%RmdjT3QR`-H@f`aAdeY1uib!j_SH9MR?XmFHdv|Q
zuUy0O1d(RJJqTS$Buy!e_OQ1phv9v(+_#5ViPsi;ih+JbKDekKtzJt;8Cvftl3vLd
zKP2E`mw73tzFwxX-eDigD#vt{v33o!(`JN2GIx#i?QBq$##YFz1K%Y`rg(N>!2*(Q
zL~-=PW<?;t+xo6LxAiPU)Wj`6>&>Uadd#3Iib|s;-|HB6XO5wF#2d`_Es^U+);Kz0
ze5ywa^`!+Zs*6OM7A`W@f`+jE|C#fHS>~qH?O-4OI3FVaOmDPpW4vk6UcE})lzT35
z>17o(jQrQ;(hK;n{G3TiZ)w4N$&y;ja!F~!G&`Yk4(Scet$*T#78>8yKaJ~Tdx!9F
zSV#f4>Yv`l5Hk!s6)MJdsd_90xd3}d%dLu5U9Ff*##Iph3%*mcsR*sLi1PY?09qLi
zKZH(t-hyY*f@f%dC%=@+qtf?r0HKpssCX>Ff8){ri4Z#NRP(SX%!cODNbn)3;#EBK
zB|JS`uyp&o#!m2F=cVD{6J4A{1y2t5=`-K@n)%YXUf||B=hZ>NynkCF)iW6r!5eaQ
zrqu|xuvBbR`}KHET1%hgi!T&F5TFxW)afL=d@PUo)|Tk0q!X;zi8{rFLS4syZ56Lm
zOFF&B{lndvtMBdG6GhfjMf~>}_I5tb-bqZC?X3EpwPGD+!C;zTv5vE)PV|^2b=O*2
zivp@oZg2ZsY<?+I;8Cn2V!>$xq^&t)W0C)+?uM(16?ve43s6m-nVNQk@lXGHJ^p@A
z6y;SW`3`-ZsCY)|w*bYrfl=IB(thbQe{eZOF28bXR`cB18MM5nE4{!7Wf+aRqk;}o
z3_5=EvCx*a^4+&paN7i8ev6Dfia}B|#1R3aq{TpZL@#ljEzMphlabm8|NX(8jN_)2
zTxHq#x1f~99aB#K1YPL4^61#03I;cA$c-e^)BYCf`YzDw^?ox&`B_)w0q2*iGrrMi
z1CRSeztQN7y+0q0$3?CR?3?{+CfZ9)2iu$9@vOB>_P2-jwL=WY+u5y5$2c6!<PG&}
zEJw?HD$2-Y$I24s0Gn~6We>O$NiQT8e{+Iu>Ywn;)3v$ZRp9WodY%8V_uKrz-?D4_
ztr>m&z3eh)f{op=?YDaF<5-fOwJHbVg(+mW*~+8Zu;l^38_zQ+zFTtBJ*nIH@Za6>
zlHPl<4n1;niFZc0Eq~&w$K&E9Kg^vt@raH*5!F5sUCy7`dgCVM<e*@_LBW(@KIV{1
z=R3n!vU{s^{yyzz0rY`2-c8**Q<dPeSL}qsJsoAwfJveX&^Gr3mG;4wTfG$8A|Yzg
za>AchS_?H~!JrqzKydtK2kvK3fn{rFOsaXyt~#>8F2Yz6d#&NdIk6_-eFV7^v&_Sc
zyEoYcmDYoVp<>*<1uNX6>{J2Z2>0G)b{eW^q|_$Z%dDS}^%ad<a?z`!dl{Ei8j|J2
zfg+eSnS5O2$+=vOaCBTUs4g_XHHKbd4j4i-a^z&bL&!#YUR!lqD2A?huc)R7T6U-X
zC|CWj_I7^9nLJ{?On1B{uS-&FOM-}OS}F;gQYBOrA~_AJ8YHG|c$86W91tdy#38+&
zP$W-|(}G2dj_U!|*DCG0OEiGp??1jPvFgta1e-o!e#Vd`4P3WOI;PhADgh|ete<q<
zXIM!-5ag2yNkWJJRLFD5f7)Sbz9Is@tiGO9T~m)aqb``-=DJpSz#?JthyIu}{w3}D
zYl_V1;PjGcN$EP5B0nS<J*Ysz+$KLHJMTPSE-#nh5yF4)#Q*4kBmQ2};<wz31jF@u
zb6vBDrMYr`h;{x;V%~Y3TvsN+W1juwvHi6x=XJmXmJeg=dI#d2>#8vlW`!ZH`A=kY
z_oQ^+9VmX<X8g;-S#>GR^T3XBSLxxrEl9M;NvhHb#WxB?SPe$|E`xCJ*Vv?hr*z?L
zYHD6mom$c|pfK#Aa!#Fit+t;e+S48ikPC?ovLofywdT`99{XdmkA4;Q$C~ZiAlLmv
zGKPEMkj|6Klh0yN?BWk6J5w5p9DHC$m~(QA)x$w{O4kPzYzmqbzMuT-v|NnFGz#|`
zXBOR4A`7AV^kJ-WZnJnFwQBJ5+uOfmew?ht&yQ(mC35<tN8dYe`7Wdy1PI6E*a>&7
z2FZqFV(g%Wy%FP*Q%WG4_%+X^HfWl@(F_=u^0bgq_xn<r4eAWX>e&6W>5gtg%&e9~
zCYi!_u4~b|*NfVeT{<PcAO)wBIi(AG&$`e(P1kGZck!hfge{L19!2;=xd;7>m?=Aj
z%;W2u6Ly9B^7J1=U*FVoN|zeT{N3q6e`c5V<>c{3r(DoVtZrwdp8$PA`4fvl>6_y8
zo_!+xQ=k87rn?4wOV87bg=+U*3|Yz>-@K1q{e0`)Il7W=Bn(LGa&LP8Lf1})QIqw=
zJ!RWoC8r&$PgqhtS5Zy{{SfLybK#XxOBH0^I%12@Y+-llsNGzylpaK(^F^2wDi^rM
z`L<JB9etInGom$7kI4D_`5N|Hc=g1ri<9C?ab@QiMsQW4$5iHHl#0b7EI!qw8_?Wc
z5!SkjyCHWK8vB7FX6YulP+AiP=0%B>oJXElC8|tj_AMz#3%skmdKEygg#6@*!^@|J
zHiCbdO7EMs&OU5xV{@4E0X%1YZ%6_$ZaT>*((HZhJ7OEIA8D*%d^>2AGv}YkwbQKb
z?@#-B8yd+Yn{N1RLtwa5gu6w=))fNMQzfIUfbyANxb+!Pd9=hP(^Ij^4l<D`i+%R(
zP*)KvOh4J(dN8H^X?}DEorzAGIVQBP$I@gn?YmZSPJXq@5W}`97V=UHF1N-qgOwy!
z9?6FKWjfXNzoj`0F-dg(i0U>%bH&ihY>jm@LfGGVHU2ty#umoAQE40LD6(llOtDZ@
znZ3r_%@r_O&|y4GIG4;+X6FiX2m1^s0P5!@(>E}gjc=e^Y1z329Z{_%);vqg!ZKXt
zZ0&eAdNjo;VJtx%^YYc_m3Yj7B%{3n?CEar(!=lKKJ}J;+WOqF>L7f<KP|;=%UQ0e
z`7BgrqNu}FrUVlgMma=Vsbxv4e>QOzd?-k?IX3_F%L1^>rIV}GEcT_rlqc8-z`&vt
z))0sGHkD;oum|CUvqQ)ETwO_cQfRQzaS29ZP7mRnjOjrpcM3xtA;1~s)=X#X87*ip
zF&K7OioOii&#f*JGnDs(@yXeLYqlE?Ms>><+cfbDo2PwkL9*M?uMc5`*_kHmbCt+8
zoyhx%0;~;(>dC8m3ANL*UyObT7BiD=7h!`#hLZq4eB{t%y0EQCwqyK$2Fv140pG8^
z*G6wId6SyTkQsgcsLyCsp#&sY+atk>+5Pjar+Y67T*aQ4f^YmNC9bbl4*)kwC5zLi
za)I&jW#-cIu@|IF>i0(`zvIgoeE&h@K57vf&nkNn7wms98}74w^voabV_fW;D&7A}
zh>xe8gUm9`rdvVyFa!QCZ|;3LWH3kulUf!N0sqxoO2+Ta!3Qq+a1bo%eJ)xxj;yXr
zG_`NLG^rab0Tg16LQeU;CaT^BWF_W<xAKRVS*2W8YdM_u9m=cKWw2so4J{(V3BQ4B
zd%0gTjp6~Y+sYb=+R7+_UZ+9%U|Lx$?%&Od{4apA(px;ZyGz;M^*A(r=Hv=BAn~1s
zwanFU|It4K%@p%|Jxj0W#t#-A)<vOEn&LTs$T+rd{)bHy>!KSk+TyuKY^dR}cKEpu
z;(msvIM#a^Xj{Rf9j;X#rL&*(8n{|H?h2sihx8r=#?h;M=+}oD=3wa4x0{D=+&t!+
z=I}_2s^vgsL_J3;$MXdYGWUS={rdT%P$P@zg@~8RxzaI*jyh}$M-t$%AON#V-=ZN_
zeTpE6TD1aWmcRV%vS}~oX`hvwSp@WHgtvF!qI_+j4>O|Aprfx3i=@}EL%+CmKN~Qh
z;|j6YhqY{i@7>0Is%D9_D(VOBnj(lAzhyxr@}w{4uS*}BS!e)pmG)L9mTfTIEQqG>
zBQ2y;SpN58rAR8I3IGY_%XVYSMywxd09SJ9QtBQ^r%)I#PZ$8Mjk>7;HidGC*F4w?
zL``y~sed(XFgPt!BrJHBvg8VFU(HN3J6)dr+yJ9dK6pFiASs;4`#ur+e5};ls#J74
z<(0GWcFZA!JJIbOf=brG4FU8P-%>i(ETvVbu$rboJG}rhGZ2-$RZX2Tc!p8=glZWf
zsXpK_JEsTx{la>KL0(9u%7Q82@M`&Wad7%CIsW6T90=GLkWz8@(w_mzeOaDzattiQ
zG%QSB8sIZ9Y+KTgeWw@ox#1;|UQa!hWUBo3v=H;O0MpDkcL5qal{D)hsZ-Wr<Qd_z
z+w?mqV~NwSun?1>@LB$pq|xqvXB`?0GzC6EwZXgE<+t;Nm}vzDrzH}AvMil>ohJ=1
zMDO(&^hy=}^D8dJRVa`HVxYl30==;g<+n@_B5a^-gZYczi?5rw>gh|Rv;LDNgy=5-
zL9Al=X=D$59ytO}lw~<|WlGmVF9J2LcYZ6La%8}N6R-K&=-wAhWWSi{y@cjImiq&>
z;fr3rl;_4?y_-j<RneNx%dcu8s+u!{Qx}aDjpeUL&DZ8`WgEh-qxXX6jALw}ScrFl
zw<GyXD}uZI87@^KsM>sum|Z|`!6pKjJ9m>`jq@u97{4t&Qu;pr>5mw{cGX(g<LW@9
z2D`~|bBcbwvL*+UKdP&s1b&@tLtk#)62NM4sI7RaV7Aa#Z>xBE&K#R#JIYNB;&E?s
zfpiRFi<3ZWmzxLuownD?<jJ+7olRu8db5q3wi}`E0?kzyo8!?n`k_rQ`Hv=gy=e>G
zOVK|{OK#uQ4s?>)hj4l6)&8QPOx`g9k2ECLWO;JkoLRVvfAl`H3)8Rv;EhAB2EQDD
z`#T|4aH3&F4$CwI2kATGppV|p1y~gYDI_D~e$~8fBu~7V=hFPfHHl5S5l--<Iuhfz
z>IR%8q~6Oee=b)vtpC)GKKBwk&cyyk^EyZs4{R}h>GEd4R;6mWrEN=ibn3!YAi9;S
zgGZIBv+8G^>Q6GjjUV1{KJBh+ohn$x**683sxJVuPUp-Uuy`EnR*%dgCi8KZD{SIC
zu_5`^O>-Zsmn%%YFeT?USHB~FoGi$<6?Ct|-SnrP0YWW8P2ar6!>~WMjB99Jq)UP;
z**^vU+6*~W{LGKD_0~vQrH=VTr54KM3uXGxGW>;Qj_F6mNK`-#_ok;Qa0UAYv*>t{
zWd5bbS+YQZ0Mo(hR5A7APPdhnc(3A(-lu|B9bO}q^>~!E)7({x2Ee$KTPgA0XaDm0
zxMKpEIbD_If&?NiN{>%EKPBiDgK*Up4oS4Q5F&hGz*YMTW$B0RcUuJo^&UO4D;V6e
zdVM0C`3?|qL<#djDVn~cEt>oH5MxlpAwZ|+^i%I~v2gY&ftIpHrO8psZbs_2=gq+H
zI|e}nA!H@=+yc=gPi*{?Wa2_-bv;tqwQZa(Oc5erlk!}Iw7HLtTE#=V4Dest9=&C7
z$fs_#);|!BG0Z#@q+4-5=K)3bk}}b}w0&j~u=+DT7r!wdPts;6+iU#BuqMQ>0O(`M
zpjz|d8;z30_694DKe_Ehp?ss{EujX#71~Q1{U$&bcuo_8NljT3wmyespk=Arv)^T{
zf4&-nDJihkz0;T*>QKaCGWXrBFyZ%!KKV{rli0Z60%<y9N6Jv}ui_xd=?6rLb`}ll
z+<H5wKS%`XLSjQp=^Lx*bnas6w2I#)^Mv^B$7uN)?|UsJ-Y$QRW{<%lc}sLKph)Ad
zo9Rmf%d7|qFEN)B8y9LUl|cPI<5$ioJh!Rz!s%KT`1|DjRnayjk-`wm!=nx)&^~ps
zD^p^SGsx#M(JZMc+f6KblyoLab-jq6nNg6rENpt-m4I;lo$o|+S^%i2d1rN59rI15
z))KZ#aq`N1(h94x=4plpe3_GJO-DuTP)q8Y%i^y-Y>RSt?>KI@TL~4EgY-E*+p}Wt
z2jdxVH3VxU4|yUHS9@qZpBapzu9Q-z8axuo%+->;TE+}kR3Buw75wMi8{nD*7(eS-
z22)<X3qYPMXUo^tt!1AP<}M=ujF^p|=?X*5V_Tblm;&D<3W&Sy+!lWW{B^O=?fqBW
zPjcvP4lD<7@fcIIExUueLOkBPZH`2FgwMoQx7wZ|kG(DnT#Zx565YkLd1$Ro)1~}F
z`ac@H7+j`4#BP4qWdoKT`+i*eX1*@U{&PxI+1yH~PfsCt8BJEJ>p^M<&2pj*dOM3s
zXL^6}`uy}vKcpa4p5V&aw#}7Je$90k^Zd+b)*7Iydnd*f(7+E9P#kNQYOGZ>B`?_*
zJFDe0Z4rbWDVhQ!n<B<A@3Iour3Ix?Fgl!5ejZPSsZQ=XXkglD%rS5X<s08BnoVY_
zPTn|Z986_5qpos_vq0S!_dGj=(|%^HWb@Vt8(uxN3R~p-`jq-J8ajG>+gO3R`g;#-
zIX1*DO;$!xYUDSa`g3G1Y-2u*v-qz=@n4&6y*gCW8B#Da*Pw2g3us??tx;vN!lmbC
zTcMt=zn-ovc%_O9GhpYB8QTgM7KkfSxqOB(k(1EEhd6Q}72Ly>(f^zZUggS=%LRf%
zf&EMe!B&KjX&X?gNtlZXhl~kF*u3<&YL&^|&Hd;j3~-a4ZM*``cZEjL;eT232O6gO
zoLF`a95Q#-9KA<CCz-0IcP7q7YNg<j`ups5d(u3QCg$&RRwQ|j)0tXb0*2fhhhEfH
zf(=m<4~<)olz9!zjP=Zjf2kRg6&LkpZe^0LgsC#V!%p_~$+NQGfWWf~;0fVK1AVfC
zEWYiT^#-Bqg`6kJLjP1C;euJP#)rd3Ac#>|P73Pevs70_G5u|_;|(9=v$0G<W0W@G
z+_iw>65(x=`o5zY>|9PY(!shR1;8~WlC$nt;5?Ny@^a*}W_SFs=kDLdSJ$u#OLkCX
zor;BzQ#!v}GZ|liwXepW14U1Lwlak;u0&6KB%Bn<R}l4A-r$H+MD+`9{vCoG+bJt_
zj{8LY!r>qXt$oVrGAg+g^%GE9yY5cNcV2+)IBE{gm_6hW>Jw)HM$UX%8<lr`hRwCJ
zIYO8^)|Ku0f=hq_GBLNqFgY{jQ=eexzTo|iTQJS(BCOp-({}~Y^ou_bX^g9@uBBoX
zR{DfMUqDcnKBlaHIn=l3$}}$aurh8#+%yT+WtQBC9_5y#{9ex}+7~+>?s~|PrpAPM
zO$M__qre<o9&)Y_l8?fq(pN$7*#B@{Av>YoCq6FTbSAK$|HgF?vl7t-AcCn`l(1c-
zcK!E4f>vkYr6^v*x-?GKy8V2@B!uB9Ct?XEHaZIH_hB4884TXfzZJ#fyAtj4Vx&5=
zyApN0P6F3g|I_I4S+H+EQSzNm$WhqV0Jr8W*mEAprOzlo<eX;8{g8iGp7rjcfQY_`
zD9P@cJAb@Q?ek_EcoD|l<#Dg#(3SMxuom+5Ol53%-A1j#${YOBykG~T<w`22UYzDu
z4>`q6#Ht?~s~>V|bFi31>x56C8Iy%|A4&+hua3647GP?pYUv9Z@bS%Ya8S-7>~(XI
zB-GC0AxCq$ZhdGyJiZR+Kg(!vi8+}}6*p?lJ<uk2zsz`81+}66-+1oriO-xDeIR|!
z%g`Xqv*jk_MwF)kyMK^=SbuD;qHJl~liuXG_lMDB3U5W(=VY(|T%*PX9Jc!5Ry5Y?
z4<d8PQw|gL^aC}T%>j@(c!0(5;tz{($9jIOcNZUoa&z0|#D~~7)${u>to%Sh>7*F0
zA;rN0@v`XhD5cy?L)5BxvJfAS2bXyH$jqFb_z<=ck^0zn=^Dft2qB&md73^9OP->$
zo<>ouJVpEpPCmVdXTvbC{l|zRc_S#_az^Yh%&G<jXVd|4@WdODnyQB~(anjo;dy=)
zjhr*cbYzhFAr1H^&50xF4PF18R;NvI?ocH#wTkVoa&>-m_E?lpxMP!gS^44Z%m(*t
zzuw4*jhm0sr&G+eYr20^vJ^{wA~WE*)O>-GPj3ypCMGNXeMC9F03KDAq$D)e(gd`a
zZN<-}uG>R1;2M#+;9l`X80UPud2Y|PrhgiIygC<5FP?%pB&<%l;Usu}qwU0p^qLXj
z0uA1e$OTi2lZd)FdiU2iKIBk}V+|o1ugp1VS9k`ODDlYjm?5UE<LydtcI3JrB6qtb
zPuBWk>0<K2(xs?}Xx+?xJ(-0XkM~<!e}dSX&n4Qmg7l?Lm!bgze2H9y7Pcgj3v1w>
z4rp+RpoNbsb3z#&{m-~d(Sao0C+a-z6Q9Q$`s+j4^VV#qJ5hOB-+!t@+_!LzQ;dug
zpS7+E1H#$Adp<U|^lGPld)HF5z0VTE*(%Ly@Yr_y$DCvdFh<Y<Oz%jQbso{n<Yf_V
zN6UwtuGZ@H$Ya&}(*K#`gZJ&sdqJJ3H4ol4!L|d=*5<YiHUBj9^lwE;9tnnT8NR1K
zQQYTDHNEfzD{3tI0eFh2wpJm}j%`O(Z=re^*9_N*U&Bq*lZsSpYdsTnaMam;RuIM3
z0N^3>$yRa7hf0#Y!OHfYMk=<7#|64rnL72q>VH8J>Wm?HLi(oAJPg&)euzSnOB4?r
z%le6^J@wb)D?s9E#SkRbpKQax7<zAhM2~w!Pq>SJT=v$yjQ;V4<vLMTP4gzE^x^Cl
zvL>!lP7R2m#CDVq>D7sBke~)8I2!pZ3vUV;KnLe@YPfG%vQrEs7itbfLTGb3B=MJ4
zb#oPi3jM2SCk^ki4tLY{wbq-m<S}e6jwesyp$2$ZRV8HN$__fhD<tsH38!r_+f}M1
zy!$nY*uoF(E+2?mJMnxUOzTWvx7rj^cWZjK)1KS1zfF;%5A;xxq|=P!7hGOH|3Q<w
zSFDfqY_PzIuYFfsqBZ@KCh(Q(YSC-F4W`vgtsAY^fD*b{Z8{Ws_XHP3a##Ozw(nFZ
zn2YH6h?qt{?1INvGPAEF(DHf1BY$g1U%!<)$WH)Ldsr;J>P<#UE%Ht=$A~$YtI$yS
z<f=&S<Nwy}wHbyJh13Fn=*B?}ZZm(Vo3vTIDF!(T7Vg8m9krGXU4C+VX(O(kMEs;D
z9ev=ANcWUPVC}!E6oY~7gYD;4v3*K$4EpR?;6sdjphfxCUnMYVnm3)kcS&K;oC?$_
zjrx+(mMXQ4AH5_Ty`O%Wy~r>h;rVdS)J?&p$w6UV9g%uq<x722xrZYMaTFAZh()Hd
z?HgtAqU@-!Offb&QZn7ZM|p^z<CE^4dzCH}e|{k)^ZX5#l~Zw+f*#eWc<vV$AL8s&
zR~JI@s%VYnzDsj(y|!pkn7N35@)LgkJzdyDVt(khiNT@*0Ob4?%lr-Vec%<+h7hd{
z4S<qD){aEh#CcmL-EWT5mo@)hYs-N$jdO5S7Aq-&Fi*DKN!keTvC@ES+@KfMhcN#8
z^;_X^tz-5^8-!`rp0qo7o!y7xzaaJO=bp6Nc;P<APj1P2Ih?i1dn_x0t0Z(v_FTXj
zC3}y-Y6s^vA_6`$VVoZl<AWG4hW=&~C<tFkS%NSN<CnL5y8oI<1=0d8dU#gK@2f)?
zE$)<Lq}+Mvn&Tk%_~b6Yz(IkicxPhT*Dh&*oYT~5!hZhmTnYqhH1g;Er`y8hqv)N6
zK(9T6hU+`#=gqa%r*mPrav>&>!fzeCidx9_M#c0yG_Y|I&0O5OKqdlw{7Jm#s(org
z4fiz`MS{fH_J}8lpQ-`Y=kaA%{vPp6y75QhX+U$`N-iPv)#wqDkWTLpsvy7NHwr{Y
zG0YOi6}~6^+*k&@z2sAA6TmLX%*habP5GXd_}M=1#>cBEaEd$o>IwxlJe47NlHn)I
z1}m{eHh{r|TD|#~0_!o53h&UKlKzEU=IlM{RBz5=-|Y;8XA*-Lj!(x~)-Y1Y&fE<V
zV|TQh{-59z;^kQSdMep-k<V#JNhgS)<~GK;SU3Hr;L*NAOHAE?LEp86onCbDPKU$Q
zrM2_0877@ZMzW7F^iIi2Kx+kcae18=rWG%(vBMSeUbcrpB#FZjrE~!cn!_()zoeqi
zyBpyx%xbqnVIfrWVEea<c2tT8|K-)rc)w8Zy^uu9m6GPa1koV%baeQGXw2#taNZW?
zxzUzm)l1^;Upl&o)CW>`cC$^82jg0_ba#bNZ;VhFYd7!v4zVsL=gtpr#v#MV{mMJ#
zoASDk%Yu)F1BC4ZmkN>wj$hp7e&85`e=zBhtEyc7b)?2U;8Is@E*pE5+Ky|9RWVSz
z6EnZldef-9wp0TKSYo|f5QKiP%INU=p>;9m2}g}||6#IO$%AqJ;aMQ{JdhLQy_EXi
zA~ZIz-?Zy>sy?A<rC;W|$h|i{rrL6%aSWd1isvdCOjU^)=JwC1H%L@}`s(J%(~rsy
zzku(*jH;ojwWg$IEDsPg#xlqUmDt$eD8o<BPxy4TyFSFa*;9q=)a!Z_8PnqZ;oQa=
zzxZ{199k@-suRew(%?mRte<fK*4a*hWY6-gFd<<?w9&k=@~$V>^bHW};V5yA*$@ey
z4d2gfckm0Q6>h(Nf++_HANBsa0Ap=q{Vgoyb|Tj_kjyR5vkk6{P*)8dHvTeycmYn@
zejv*4`b+doRaFMrxtMz7V##4>pZP9r0${o)l9|$Mh71pDVn$1BLfEl~q?$T`fD~2O
zVj09YM8z#g<(wUs)Cf@l&@%Bstg9f2r$LnvojYBbQ%wLMMZrHYGN=N=PL2Krka8!%
zbp4QA2Kjf+wz;f{g@76Z0c>I*EjMI+fIUA*%N9`@@`HE-5T!PXuhCi~gx$P-0syF0
zXGB%g0|1PU6qU~$0f3eZ34OqCkp%pY3IDmGAnddnjIVR;fB?Vs0bRf!^5jaDDb!Bq
zBiAYEZ>J@NJ2uwe;wtKgi6xEgQ+VLdMfEDO>v~0i+R-&3g<tHI(@^soIwO&b6@tG-
z(oW&I8jNC@gE!$W50D0}iURv%oRlm%R=&s$G|7PO&!jQKyCqiq3b-@eVr}NH$zmM%
zA}5^)$zqK7BIAW3qZP#S<b1^<|3f-VmHH=P39xufmEI4550e%ROOakLYvmSb_o3I-
zHH&2+(n28-Z|)n$3V)s9Qnc(mrTWJ8Rd>E+^PLtK+)2K$_8}ljVRewaGpfsZig=mN
zh(B%Tj!yEAD|EOxw?tN`gQ$=6Z@P?|8vS>nu4|~JlHUazBR=K!1Lw>VSx7uoH^N%^
zheaBmE@lf2&doNO`83)6$G^JTci^g$y^&M$y^S<7zN#^f*+M-L*j9^`$soFP3pOI3
zbZ<E!Z_>BYw;bl-G06e3?L+X<Xp-C|=Hqg^b%^t&S9*or&^KP=sl*tI#sa2w@M2Wz
z2_BzTu?C<!!R`&^b}e&&$wknYj7^A~@@E58EFBB%{2gMMU=N8%3%K=u7#rA77t=N4
z%E(0>t<#;aSjncRQX|w7kX}`|fRAEWO!yp+L-C=%8~hubpo^F%(?9>>qwuc1{oE}c
zbAG26b}^2Ra#ccLqrpJl@s0f6_U&d-J2`@X;}G0AgXO27+N*Q(w-upjwc`jihCgW1
z{Dt_~h-@x+0y{qNVg9kHK8i_~CKr)CTU@t>F7tn_c0n)8wPfC$peXluc-8kYS@DME
zjWskNfO)ebL+2*7RSdE(%9(Ri;b9Lg6B;!OasH)K#Kj%Z@o`hTqmrU84gVuFn)F4x
z%DGGRw^_E;!Z@$xIxn!vf)DGfEnz>0{^J`oHaWJniEr?L3g$2KyGl9OO2UUzRE~Q9
zwHvm89^D9DJ0rgC_sKW!f}5wK^DSrvri&83EduE0DzO<(Am<=cl4o1}a0(p~+*=H)
zpo#>e@AVL^Ba|ZSpuSAicvl<3&TQpDS5lKBN}E*4Vae$Dpj4gkU=@;IG;E26)!HBY
zJ|PBo$qj|bmOx?bU9+|8SB1W!>n3U!x?`ta$vRAhxJ`7@QRdN1bzbz5ClAc3oj-${
z=%4rSAIIo-GQ_fry4ofK62?O<ozh?W2{_@l`}naF7Kc2PnyfSv(=XCu76$Dr>7F)+
z>r|Qsv=h@XHM;gl+e3X6^2U6z=@+`xqAq*neC4p@=c!%>xS`^&q-T2>)sP1Q3KfsA
zYULN%tZScf@-_L7hj;}q@y`?C+}11<x60`?KB%fM=cqDjVJnN#uYZ}-s~m=W*pmG9
z5~{=i_tPj!d7ku~HZN`@Zk`8>dg?co0QZr&l7b}lK0LIlX#U1ECc<<i!j$+TZgp?)
zhq#Nz1M74TGCP|GP-_X{O>?uYR8fapd!^<mvP#4?<DaYp_y75U7i(wKwBeRh?SgUf
zVw$_@pAL2M9>6~PWmHLh(~ZVgSY-cQ&V&WJBIOSt%LwZ}Eq$XHx1HlNY$?XI`0EvH
zz-OgPhMw4qq&UE9`TQbe)z%Q|=8P2KgspLq8nP5$aV{g%6OMY3Os~VFWJhq<8i2G8
zk4xi^o0<AcelZ+6uhPkd#xdX%_+>97x0nB^Su;v574N0cHz)HKabzZKtyzC|HAz(&
zzD=?6x_S~biC->#1Fv7TPLb}&Xfp7sP-~>)ZpTU*mq~IWjs4+)^*V@6(w2<yh?8*#
zugt|enEk?rnGl<WFtF1BOGpBj3s9bn;sqqSEN8yw#6+TEkR7wWdCuOr&)(pp7u+Bx
zaflkm%OjFV&FLD!{8SHZvF5TkFiMf7w)E04(X?yM-KZ<V-1uH665zy`yrOh|coSQ1
z1Kf{R2UlcaN_2V0FDsULJU4+m*V%<>C-}Qq0{?X+UTId0ZyH-iBwk?w_rK+U7jjg_
zS&VWRg5Pbhq(tRdd1)-F4%X-weP%J9pz#mI50onUTw;(@hKo-+IKFPZuZI(KE#2FO
zfh7?#GHy@$YnylTh(0WCUNO|N6|Ln2GyjkvO!HUZC<W<G3uEtZ#v*^digDxtOe6%L
zc???s06Vq>ll*txNViPI!Y@=g-9`o>N4p(S=owaMVb{6)tN-!n_RB)@g#wACmif4u
zLLSCroDLw91F*+Fru-YiuMZgoWQH{8+jGwvKVU<rTNYGOOyw2bi#Lb9^looMRIZ{o
zvDpsW(a6Q4%J|8IqzAu*{kLGTkJ0AP{ez+E+XK@z<jkuf{4c_ZeC`~Y_^H_&KTL+P
zdQp@W5Yh21wJcannzdEB|Bn$I%%L9YtejVtiAzG=86<E7iIe|!3<?PP@Xj=4&!)!T
z$F~PEeZoaM+;JQR8DEjOH811Cqsc86@ks0txvFYB8YKf66#^<HAhj7~dBKUi7mW0u
zw&gcYSW~VlwHHUBd6LRPL5WFU!~>2IycS{U-uwe>GTm%p^V#X1Esq)<DYB=@-oMKL
zx3|<|s_<L3UgQ4*(LgT0r&O-KYj3q+UDF~}uWaS&hnyk|K4s?W6E6e9MjI$-&U?8f
zaprtK>7(W=VdO1uIbR?k`3A5><9utw+0<XZkGKKzmWku_bAS7@1teVt2FEGsKULYV
zq<>c`=|5H3u%v&hUHXsoQR}T*`sq$pHiE`5OXi&-B%IPU%7-eX=qnargE*G{-KPlK
zPD!!7!qQ*lG@;;WRik{UVrJqMOZs1rVd?LBn$Y1iOaHplgfC7L+!D-`{#&OB*G{V%
z<wJFi@}cRa|MVD^{-862LTAhx<qURjjKL*N;Z;4o^al*nYJJ64qrCnZLftb`rLQP0
z2p;yYT5x_y8ZFpm*MhAcEl7F*)E}#~;9})K(;=QA^gBZcz(e42oYI0TmCZLlNoNR$
z&#)GJI8+yheh3r9)B^We85<J3N{mRS1w)1^Ef_L1&5~cLOxefslGiy)h(4>dAXYD2
zY+9ttmB~ctdzR4qtf>V_w}8E4)x29*F(o?TEMdx7g0GC6CJxlEiEhCJF{38`a|G{m
z{A|+(s)^#ZEmG=sj?nQOK|~HplWtEm)9nZdxee4Fr-tup4gc*q!dK^b_)U6v2`fR&
z;Y*(<6hF_yf3Jt{W*@%Cc|w=-1krR*2Je}ycO5FC$%~*ffMZdp{|DpvUB_qV2@B2>
zyk_<Eyz78VVlD2ec&u9f`n&K@|80uG?(>A7B!w^R6wGmVX$mdmxEn(KA1kao=LxqY
z)-S2B<l5HjrLbm6tR107z<B*ytif*{0D)Z+;D=D7iv$?(n+uLEzq#OhfspkA!O{9R
z7b;&MRJuTLOITyXZ!UDZKxlV?(hgS&DU#a$P-9HS!}%cOEa3Pl)HsrAxHA_Br_^wN
zT_F4^hm)}8aAhwNf-dSJ`Hg$2rT%|}U3GjE#~1%@_U?8jSb$KZNQ%Tg!QF~OfP~;K
zK^sb298z3LaVhRDp_D?=;0^&Qlokj@ijx8@R^a!Uy*G24OZfE<K1_C>&CHuO@6CR1
zx1*4DCNh`DSSmZ${cd2%?^JgBT`^GP3YDF!uNYW(#ek>aG0V<kR}JL5N@eH#s|KcB
zrC=l#Fx9e_on6Mr4;)`Jz^{q2vrAW3**R)Vrm{0hPRDSp9+Tm7nlDB;sF0k})p7<M
z*V9#18h`Y3RiU>svL}rsc1O1U|EKh{PC*{{{0e9XBK4MH(8LskUo#MT&2Uad+%*Hu
zuhCQty=GwWHBqboN>j1+nt{dF40ovo5F?}>iqtntsm0O^6iFkgwbBgKNF%Ae(hMY|
z8SspeQs<@_n3875cqXM5Q7zX~)kyufv03_7aU=;7jz;PM<E*}w^SXiT*GYBsbpw&t
z4R|I=)t#;zh`(;g3VlIWdE$^Pq@9b@6UI@6e)YP6pRXHm`1Ev(Qb{68nY-a7WpBD*
z4~xoejHlhO+8+ig{Xx6ous;lZ@rMCVL1ylTXZ|p7<PUPdOKSaI>Y8~syg7~>F!Y9j
z;2UB$yhmg&#;NbYup<L9Jh8QX0u=8id*>rEtf;8mTgL0)AACXsAEYv8*-{wq_+GxT
z<K@8T5yHy#l*F<nQKnjpULR>fX!9Een%*#+8;+#XGSkQR%IOqLPaMm4li?{w*jYBJ
zc#a9yCys+}7#Mhio@Yv8rdsYO@WnR_EWDwdcCO0$(uDL@Q6;)eAg4Wa!@z+X<g|Bg
z7`T0dJSXQ(1KDpH@Dx0z=S1B!5OLFVS|N448r${V+&=HnHp<u`HMG2Gpv6rCTxc*Q
z55H+(=uN{ZH2J21r9!9~ShuK5)$0nNwTm(?O~~N<`<2paf}lf`QFJ0Xze_>uTLxO*
z5*geTGJVP|1H*5r0g+NT5`~mbQAVGMWNz8p21?(yn%nlaf!4PTcqU3|Q*Rp>d0U0&
z<7#-93Ta)V@-CW0;kojk2Fm_P;d%C-1}6SV;km>e1NrZW^zaIW=S_DEthz(tIqzKq
z+3wQnkO~advW91mNwhlp-!<^bT@jvdc5{X2k0xab&(FK5@LY3}<^3AYkKBpiZ0l}0
z6>K!X6^{pGO@HQd%c-FD#ebX%=IE{_QPdILqm0XwDCW$&Yhc!01CBw7nNJ1HXITXl
zvuvqVl@MhwF_{FV-ZgMm2=eWo`B|2^_GKyVp;}7NS5bP*WaW2)_|xv{AXAvUG|JxJ
zMIcu2c~u*Er2*QnQ9kD;TUYSkcMUwfODk9s8>;2Lf(zX<P~e_|cNFL$)mIbJuSDx*
zzM@mQn)eJ;zDK8Y$NNb-*{bV)N;mbMfhqS4u&4bpJXjTK3Mn;7Le14^eY#Zh{XGNU
z-lM#-n4(KgvxrW=XW)Sly*eS2=zt#TLAMZnEn0sdMF-wD;Cr7$hbqxt*Da#E-Z#+k
zz5#YOv*>b4bhYb%mKLqonL?r$-#0K{imt3gCt5{cx^Lh|Av$}{Orq;3(MyHs>(Tl;
zDLT&s134d%=!Qyks#SEu2L|dsFyJ_yki|!GObzn<M+g1@v|G`7j;~3>qz48@Ney4P
zJm3%O_edTXcpx;?O>o<zUpRr`LdP`Ki$tO0cC_AK>ZtwDK-Gt&W4_X{)T(3NLjyA&
z8gR69*D+zF(y>M9NEJH%jMgto9d{oZxFvObr*z<kMMsH828um0;7CY#AGmJ6(hz<F
z(C$R*Wv7yc4v!49dPEvdC=DI08oqsGV5875C?TtC#;N0~(lJfwxErm1BX#JH4ZM>&
zZYUioRvnce8z}$SfMY^J7N1`+H9S-r(uIb5(fVttVc=r}10IuxCrX3QO^b%Dj}2@R
z8vNZf3{x6jDh)9=0quUY-fkLcxc}I|pHjnH*J8J7D3xyDqjXW5CcF=XxJe~8$wI?-
zQT7qjWH2;CYu8?qK(-VV=4F(9+cc`r+oc<5lWtHx(YKde39_Z~iPuqfV>)fnW6}+b
zO1Ey%8`2G|OQ(F|Ub=y^rc5(z_mX4rsk<TnM%gP(Cqo=h4A`DXLxw6thPoT_Hp)It
z8WQrvK+qGbA+b*kG<!mZ%zR>C;1g*`k}@R8-H>-t_9N1eEl&+>dMXW>s0^9tZip6b
zFF1n?`T41VAD>zcdGpl3>!)N$rDq0wp2-aBYh{SnEkN^#wpW;uA;Vg%lvWc2wrG3O
zj7%9;%fAh@_*-OHw`4{0w}GL5s|s04VMr8G?9ujhGpLW-{xPuiAA^#oZOWddf{;b$
zzC4qXr?h_z{QM6kPwk%@h<#4U({IlWoOv#ir(2Xf4SHc9@dYJMmtPq8@dYJM+tkp>
zmNj{*I+K#8QZEgZcqx*n<GozTQ~Q~jlBeIK!6T3~Gb6BylA#;DEXh;5L|5{ZoHhOS
z&#YLUFaD#hUE`Xc+kj?7+x=&eBh-IspzcenBYg7GK;M^Qo^I1TZGLHB#!FTHJy6mT
zg*4A-d$(DXL7jeO;P@*MF#Ej+yZKx(FBQz$qxI#I+40(d$7>PKvp8ZhJ>+_C6>9$k
zwBFJ7Q?tlJs=PK(>9s-M_J6GiQv_lE=scC?(6{}2zBbV5wc-4>|C!eYj=eVEDag!k
z`<MLJK!JY^=ePa8|JT6ge+}nL4PUFnGp{=^zwO^<HoXfi{~H7O-Wc!{cTBY7$8QW&
zc%xi9e;>6I3*Jxde9UYz{K6Xpse;n{wtulcYTFfr1MK|rZ2GqU^EU?meq%Vl?O*t<
zfkJN$=ePZ<zco<xt*ADHdatu~bbo80>sv#9+rNa8DqGfX`xl-=-}ayK*1$v|wD5U5
zj=eQ-M2K*#`9#b3ZT}>KXgLoa&9HO7x13hlQU|4dqwVwNkheW}YvA5nDjjpbGmz^Y
zm5ycK87TdZ!cXUS23o(9;pefM%%x&X`bFCh%%Q<M_|8DeI~n_)D<ht}8<7}oFEW>m
z`175CTkpt->|pQ&a~cr|hHx;a5$(Vb2S$Dy)JIB8HD@r|-h3|k?S3%q1_SfAX2<5q
zWKT8kxC>}wqjOE1ODB`h!SJ`>`n-?(dFBi?UEzXjYILsslB=l3P*`JNb2D-M;Bp<o
z^-XlHza>{qjiI{W+SkYZ6x7~VIz+PIS{1DqokxS4pfPmU7{!pveP#WTCJ2+G^*-~g
zM@UmNhRGTY<Tj0AtH$6dXwA_~(-?jh!kkm}L0^TI?CUmFYohhz^JuE#Js9FVm{Y?r
z4~8Kgq+z)S!%`2Ls&gI;M?9pZg_LZcdw{ksS}*zy$@^GmsHKy<-a121o#ai|8K&wC
zo`S~|x=&~LPG@qUWdE}xMo8Tntyldf!zNftshuVWHbm>QrP|UqhA11UZEa&{X(P2s
zHii*42G40y?Is(;3LBFL1vUE0sFNb3?ugEHaz5>K{&t4qcIMpcM%WoX6Mu-k?zNra
zshz=7@R)mDI|oC&gE{xQ%?^gu4(8nJqynZ|*1axhKJ9hc4F*qx0Y<03uD!1Q{7ie@
z_`V80)Nj58hiZlk+P$Xswd{6Jzi{n#OW()w?Lf<ZcWdB(?01oBDiZGl+NNmTX8}z`
zguxJI&{VWA7-9{YieU!B5YbD)V@}07gJFrmWbrROz(cjvNNtYR8!gE2o0{dygr&lS
zAENcq3n*R`XADId16yo;N@c4w4>+g<rwXoJ(MIWoI<$m&Ku5;Vk}+s)<^d^;VUPHu
z@jT!yWB7+LcnTi<b3w})T63D<gUalK?q+|`r9k$DG{KuV!v@X(?;nZGccB%qI~-uc
zXyBjsRp&DI`>NXe0if-U)<0cH{rr(Lq;dww_AjzX2E>SZ_EVp|6wGI%^#uzl_+<BF
z@bqL<pX}_XHhw|)d$j&$A=M{Qo(y50%vqmEIy;s=u+%4gJsEm>GC0CN$*QInF0(>C
z-wS^TXwRcQYQBhEW|b$y3QuyGlb#I6J;`O#JsBPeLj{lNGWoMH<jp2r#<)dKoEG#0
zdMz@CQY!=F%WkgAU()4hu+rTv-@lwoe+=jYtRk9l7=LwlvF@SErD4e9fOErvJBw&R
zCjFch0?8;$8)L5SfMc=lLc5voo-9XqeY*lai{<-uM>^nLgYHBxR%hqlU(mJ2>KZ*`
z_FheQ`nlZ^dWHc;YHwFZ#yV-VNO;$x-RT>b65~c67ischHHy-6grz5~mKtC6cQITi
zhA22@eCoRFl!1WXB1JMBZlbZOHKivcc_bRk=b%Jm8R7lvmItn9V`!9(5gN+~A1C;l
z<YCC4havlsj-nI^H$gqey&1muW(3jV;U+|DQ$B{V`4~a8Je`#F@-tM=&j_NGE!@Nz
zz0A+BTU<0DTG^c!4;5k<TZj=vD~I!9&ms(AMHoS}ayl>GD8{g<7$e|SF6YH;#Tnjx
z#0Yqm+j;R>afWHd83C{II4?T<7|!}K0$$~HUR)QzP&0rL@XFhHv2-ZIh7d-;t9;HL
zt&3t<5yc32^?~!^htUkVq8S0N@{{&xh701N3A`%cq#Rg=A-)VF;8j5<Wx;X`hsrVn
zUKMgu4y(v8s3Ifa)rZcD`ztbR6BkY3RpD?Gc-6ELL+wh8fLBGFl+P<M+^xh2c-20V
zfLH6n33!z&LeCa!1zz=t)I;JV@aiaVZ@Gk?><uU2RdNRC$=+}RUahr4Pi{ApL0Gm_
z=Ce24zF--}zgd+TW>jVpc-3BggZikG@W66{p6sv8u%oir>yHxjq(~Kp534W&UbUBz
z)908Idh*$Fdf4`H6^3e6nDb%V%qk31tBCyPn0(k)h2caM+C-!no5d8@!?vc&X%jK3
zGT5t%O~ku{ldRiv*XQwbcg_Sosn9`6i#cY2o&;BA2&~HBDXu!9CvhGAFZ5(&dpGDw
zvK4x=)&)IDKL(_%kkFH(;U)kpt|~*5stjH}$AMNWB!=QdxCy{oUX@{SRoY^Lo2#D@
z9*0Tde0xMyhD%i$*r+y{peH4o%RN%I)RZ3!=U=a&Dfh0%kf$0W=!su*IdOi?-41e&
zhdTjS<*PB26%6pgN#NNE38o5(aDk~B#wzZUFmFi!R_ZyR^h(K7-NN&#g@UP^gL%sd
zz{(b%0e}^L61cNUu7XYx1i)IFVHI?WAOO}p>nfNTE9YId)R1(F(3h>GA!%QYp=~v}
z3W~N<AO1h-B;3D>R>8z-3}04b@Dz8<RdBZ&!>wwx3M8ioaLTy~hODAh;8&gDqw2H@
zKC8}<SY1?vr)U*yuFkN&I;{dJ#%3|awF=@_(JHu8o#A$Mu?or(S?^UY_~GVGnN~rE
zcIvm?r>yY9#8cAy`?dSO-e141oA)oZdjC9^_gA|J>{~6pKOw>dUgfUAkgW!TSK>t=
zezo-e-VrA7s$&g?wl&E6x3-m@A!r4O>HYI-FwCjJz-DyH<o)Z~%FfA_n(Cer##gK5
zIY<qL)Ed(JH?@@$w#l8TSA-LI^}Ghd-!+&lf8_>V0A7ax%`ZIHv(;4o7Ou%qs3rsJ
z+|(U>)UT=3BU=i56cL`Q%o<rh*JP+JBn)YqsaRJMVuap`;ko)qu3j}65(L-WrtW3;
z2hCKmD7fl`>r>Wbs3s+WffPYdFI@j^jkVmKT9aW)P0B;J*JRjMQ|tkUC=X4q$#AJA
zb64k&bRn&Ixc+a}>T)3bFrYOE*PE@S^!HUQh8MLc{Vi6Tp-62~Te~(x&DtXUJxpqo
zYBMC%R>kXw%@hbpNNp9KYy3JYUT1vFFyUh=Uh~vpaMYpVb#)zvg>@J_1&>+07OBgS
zuPzm@qw6vZu1gD2DqyN*Ene@er3Lw{F2j?$qIfOc%vHP^>oOIujp(+=Fa)j3fFhcp
zO3}Dx77)_<78Vdv@pxAy+v`2-jva0Oqj;55krzHk0IgBDeq|j^MZtOu`RmbCRH?^M
zsUA&5*Ln<{>xu3A2u;P3dJN<1F?Xp25hJ8F3D=|6lhk$f8P?P%sb}jmoUTt&pVeo0
zQeSMtQfgQOhWrgwNi3xnRV_9CG2wd0^;!B@2_y*<nuY6|*IQk>d_#t^4M}x}h79c*
zGI%CQ)$<!NjB3ba;n_v4pkyJfO}PGWJr$no8!;?z#NbG5k=4UTb4OUJ>`fQ!yTfyT
zwSjho?2Q>%W7-kwHfE^Nn88z!nLENajTxplCI^&aJS+lTJ3`M5<bbalGrVXlc7$(<
zZ1@Hj2q|CtOdzCtuJ|DGqW$5yqc>VXNKchE*|LI=e%+7(gfyXrB$llr?jWRMO&E$a
zVb0(yskF@W?jR(sxxz>aI}e2ypRv&jVW{1Np=J|CFS~3mSF3EfLl}BBVMu7AoVKG%
zmtsV&bt}BYosHzQQ=2eMX+lo>T@!|Hn~>*RZo+V>iE!HE<T>w}FuZA^&K?Iemt#A?
zJ+rzKZdBSt8cN166pvw+CnNP@80y5(nd7h+hCVTj0_-4_ttAOd?}i)gHf3=B2})_Q
zAh;iHtk{(45t(mOhLTMgJd>sAt(r2_YpMoBO5sQoQXYmIe@S!oW(-<0tGWKo7<`*C
zc&15dZJIGOXr{vRbTzzQCjc!yJa6$W6rOo=2E93j=T6NT;+j)<e%zelMso&F!DEK!
z!LbbeV<|jei)HvFmR5&UV5pWgJdfW@tD|xpL&Z1|o;Njjh3D0qGll1r<|;fN-)wmq
znFUnT+;XxwrJXAtzsQ>YNC(Tg;$I#91BCRmn#84Iz@CH~9kx)+=^Dq-F^<8J(B?fL
zr0a@Vw(`rtcouG7D+Mi#W0)@lr8m!fR%NbzS(bXJmI5Iah|qu9k^zKNAy%PGgvr4X
z_J6iy03pp)^+AfrJ-bEt#3pC>cuO3^{y18}lGsqKOdoHFW4IZ|B(UI;QlBoQcZ}3`
zC)2@Qt`-cu1#^Os{%)n-MnbIy?jWQ#Ef`w0U|>G2GhuEnD>dP#MP(4Ff3TI*jB3F!
zq6MX|*A!jH(-zTtS}^PsqW_7@B>Juz?P)@E=SaQ36#Y*Nh9^?=BPBY;Dmpx#Avm6a
zm2Z(r^a~|AU5M@ysh^gjd&M(!k0;S@lxUwb7SSu?8I}ssZ8M8D;#5|82GF`j>Y?9~
z=&SJzm!;_JaSG636<weugLg{?N8uJ(0Xl>Rc^0B0S!hUz)Tc=eu`L-Iw<HabN<+F;
z!?KnPi-d-Gaqok@lv921IV*~VNd1}AaHS=~FH%Ddr6K05b>v$y1h!&utc`m=1gW{w
zktB5Viqu<dBOPD1Vi?|vbhK1DlC3&+w_?~KbnJ|K9|Wm`(vT)J^p4bbN)3OvV)#pH
z=&Ce$owH~NYt0bUn!#~A?tS2$-bzC?QLXoh)C+w_8hW;7=+>GvBq|MwRt+m!Gb|Ar
zF2!YaI4*+7-zp(kDl}A!uvh#p19<1Fcu62z3aT<T!k+jY)p)<PX85%=qkVXGy!0U1
zQv2}u2>aphXk+te!+<u{jV+)JgI^okhg-K{XxK*X!}H@+p`Qw96C&&nrSiYpFg#X-
z-zmayLHKoqJ?D1SC1KraW!-9b>n26mJ8viJK4{C}-PUSd#kLIP+mdyC+A_3n%V?N3
zD5bKcs@lmB_PN{1QoS96)=m!77G=m5cSEK`*zZe2{M#}3wzC@2s2xLtc4Wwib_|J1
z=1wJZr@PE)5%#j*XUa_SwP(oNo@9O8o}pZOIg)!-r#gy}oE~BC_&s&xN_&RiOhS=v
zTu_A51mUcR+_QI3y5ZS@0Uapan9zY?L<dSY>>U}NcVO@oJZ8GFu_MFEj+AcX?8Lx2
zQMz$K^+mR<>Bc|bQ@YWr6GMC_k#0PQccmNoc4SI7Y%LY$x%>{-GX{}BjFbsP_Li1}
zqkbD#!qNME9J|_EQjR;F{-YW^s%9$YJfO{tu;180Gd`jd!>~@)8DG(fVOb}U`ktqZ
z@5fFIM?0yasZdMxLOCIAPK4cOC*>V|J2Uj`%;4D6Dhu?DU@obclLhm<2)%`5UelRj
zMP~*!ua)&ZWBNegtClJ>v~;UfZb#%kEhOX{2wdyTaHTVYUVI?n=)&O9g+UJ+2-NDr
zP)+<%X&{i)g<)712FENCmdp9oJvI`|rzG?7C0mcSR8d#hdN0E6@dMeqrwhZ*E)1-)
z)m9TWbXxV$>w-wqBl7g$MX;e4T^OEpVNTdkovsWuyNVq60>Os9?8-2_D|5nz_IG92
z(Um!2LsF&#)h;+;Lo<FL*pN>*hN9gVJjERoHdLn@L(OjL*ygqxyTl7l*wF4DXlae?
z#xPt^ny{hAs=G@sIAKG%cM)u8WjBW9-Ix<LbfO!>G4aR4Gj=@c#_&L>7d$3xC~tR$
z+})Xk4Lwy-Wy=a1YQBqLLlwF+l<Cf#u%XYoGkhvUI1*ZAfDKum=}U+Dx23|=2&*4N
z*w^f$Nm|gIVQzN@7L#F;#CCVPl?w3}0j)!%&Ue#x_fvO<^WAB?lXP}?U9@a>xq2{U
z>%rjY*gC7!My$D8>d0}a&@ejUqYk@i&DH6_P`d|}oqc*R^y)!n=Zqc<(|U-}yhv;B
zhaL>udoX#_$U4f&lr44C$Rcws+f9dtfAwH^+=GF6cXU5$4DP7#(!#Dhk-2`6Tm=#s
zK1g6-5t+D}cT`UOBcK(I%#~vgaaB%Ws3^Evc62|WoZV49m=Rq5k$Rau<a(VG7&<0M
zw9V;`^5if{5JpAnWA<22b;c(!j7^|H+LXYsA%VeD(3*pEHGv^DLDlA~m9es=cF4d;
zJ#7z7!^oZt!+X*+tnA6KyeDZm*^}XTPui$n_hfk3Q(C%S$xacL21n{;_L97Xy%^^A
zB6$aTG3@U}^8W0_aH|)CXNt7AKyL=m-fE4?{^voukQyDS$M4Nh`JYy5!+!#_@JM~t
zUh4q;(3@dLZ&G)yH^UX7K+u}%y!tSB^iehY`Ht#HRY<E4nd|aC+C;baVc61#HqmT-
z8MMB%iB9OtkkpsKQ}CFZ=)JxSH~Z2iTD~7cR6p88r2?i})=jkHKH5ab^kW#+Pi&(1
zJGwT}*84JTqB`wx9wRYgp9KzJMfYUuWZ6XHJ6q7N@8d}CY}rJMcKMG@^nhy#{0wNJ
zk$U)kdHC6nVNE}I_}P!)bU%6c*^l8#KM~}Arl~0P2}Ax*)Zyo8HBzVDM=ByxZ?``K
z9;jd^1;G_2REpGR?x$FH{1b-5pD?g}o!s$2p`FxwDFj#LNTYTN;el8p!`n{?4>UB9
zVPGQRfp#Y{Y)xeF6g(y#D6&68V1JrmDbvFu-Gv7#oI(>kvp>W1{tWQ`n8?bcxQ<Yo
zig3wJcg}<ditnTfC1G)uNPSca^>bH$hVT0`ID9+52j82h1}R-IH;vRcq)^a#(w`w+
zm}Bf{>OyiHOi_rC`psRJe@#)inm5fYxS9^JE?mu<6osqV5$j_0KA><lvcf$#9H@4H
z96Kg!TutMaE?iAVlUBK_`3l2cEnRq(AqT9;n$PIY*9Tn4n(cHg`G6HaV~)FX1NHWz
z&F!#@%doX|b>p`K68U1Bvs`|1K#kX+j;_o6puFsmQ{dYbE+Y}(RaN9JAtqGDXP1+t
zyn@P1y(ytGi6MRJmIqdS%8>6<36)6<86)@>4PqEPNTOo;hnT3CxFHN7Lm0BZEhRD>
z=f$XD4DW_YtjmB969n@42!_fd7_!HIBodGi6UA{NiQzyJL-rNJ0qt|=#fD!p)cR6_
zYQAu?^HB`P#Kn*E0@^_5#kXS^_KlJFnL*BrbH+1_7%%ZNgPj+bOkkKkLE>kIIxjAr
z$WU&g#Lo<KUSwZ0teqn9GsB%1!)Gv@oG$S*Bb*mMox|WWN8)EjI*nib4a3rJBz`8z
zc`?s?hV1hte&$Oj`-=GtpU;>0nNiM*Cl)e{TqyA~qn+%jOBi-8kx-d2&Wl%<GNdk*
zP?@nICRAqJGKN9RBvfXcld{HghREd-DswMPFZ_FLp)phssvHVvPeS!B`>arzr(t@5
z{SqouTtmL25+pDul%O)xGJpi;gc4L{LWZ}r>``xN+2dBF&Iz?2JxrnD>2ij@mP?Sp
zxRVMbP+T(!9~>c&K+zQpAFL25T5-(@5*W6EVaN&s2}n*4qzlgS9SSTtLXU)2tzcNP
zf*uJyS;6o~h!JGwBcb4x4E`%AzDhARiz%*0Lc@+weC@uHq3cQ!UzZTsv?ETCfQYQN
z)0sd58<aGk5}FGtGi4>i#FY%5;;IuYaQ@`~1q(!;bOQ@avw{UCxWEEFB{e)bD!~Hl
zLQSa5iIoh8Rx)_Sl+-Z!s00ga3^k!Lg;p_muc8dR!(KUSf>w~2`#_IX3|&?+II14Y
z;z-M!`S`tZ7m+QM2Cfg~DMxAMm#kt~v`S(I+U%9{*T$V`L#Pumb9fcQLBRk&`!R`p
z@d`7Y4}JyIrIPYekh)ZkE_qc8*3d^?ZW!i*%{)1zUS%AtnYWy<nGX(UfXz$`)UZhj
z=x7npObHM);+9i@|Iv&uJ_^*3a6&Gr&%y|IlaygeeHKQzn?cqkHRq6YqB)1$meglq
zdcor~uy<E6{JBalsnFx<1+GDwNm%s+Eh+ES4B1zUd^L!c)TgT%5?9lblAIn$3UV%~
zC&y_?Em+Mkdo?YoJF6LP3NeDrTvEl?Fce)QQ<md$K3%4`mejf9w4~auVQ9TZEU7v~
zcH_7Uck}pErX|%}NlOm0EUD3J7)GvP@Dx{_OKR}(|GT6n9dlb!N!BGb$g-qDHPk*S
zm(<WO6MwUR4Z{y>#F7ftaP@>-QX|4l{EgRI2G6y$q)r`EODa?|Nt~~}U(3*HErVnE
zsrN0ZL&xNjk}b75hJ_h<PtwfKUdu3Ztz1&aj>-8u=FT)c%n8HUwU%M$S_Q+A$w2|2
zhz4z1NUotLsoK1@mf^};23BL2I}E4sE~!VhRBb#zB-dUk!Lg3PwvK_d-sN89eySu?
z6M9#M<a#Q(Le?<^39f;=+^gLCiYrNQC5PzVr!o|8lE8svLGW#e-uaZZcx$$fA!Z#_
z41?A&e6ddWO%aWLL9mWt!8+!y&JSrq+MW=7bk^#!!>6bQ?Yj{Dd<J#Z)-zODPwKj_
zXXv_KME;_rZti-9iR)FZn7&Ini;#9OB$vk-sujy@U<lqowc>Xh7}jr~S}|xNLy3(H
zo`T1$6{l}x7{8Hf#q66HJT}p~lnR(?S!=}}r)gad-^4I<lgQoeyIr;7xYL<x#R9w4
z^WC+lt*??*zk4jT+XBAXzTX1A`8&n(2B0jN9f^nkqfV5=p9d(WLHj;LZ+V95#O0e9
zmTsat@z^GYBb#U%9&Tc|zlp(9@R-w3bTfn3X67!n0K$dTogw;WDRuj1hHaZk>gCN0
zmo}4BY+-o2Sp-%oHDU`xi7l%7lv0bRmKysXLiFFxWa(GM(NUPNJ46pSYxS$+TNsXR
zA=QtzFg)18;Mq~CE|$!YJ6W9~hwfJ36d~<!h~E9Itnrc=zDs6s)ZLfG(`&I%%kP#>
zDO+l(p9{&g_AD)0`&I^hD+8;&+dWt`m0qG+O2V%px$a2`!CM&ug@ksQB=l4gdb&%v
z5t1wT97$-tm7%GS@cC}{z_EC@`k{^(g2y3x+&PM%L$)#u+A0s7&hM6JF8FBBUWMo@
z&RIu($ySC%TWREvY-KpKRk)H5jr^;v40pDw<FPer<k#$W+rIw_(chgTx7zV7!}f2<
zt$zQO;qten!DAZ(w$bre*=-D^wn<AjD%sV9rB6fjxKxt&Y#YOqZ6vSYcMSQzBY9Q7
zW2pQcgJ(5q@n_#LbpB3-JlX#ONEA|Ehv;9VW^heOz>zEno`>j%Q>_COv7I4oJE@D`
z&Jed<L|CcrtL+R!wyThLRSip;kfw#^`ujYEyr$nX)cKx5-ns7?j(krcuhtHRDmxfF
z1&<l>X76B_vV%h2>m3Y#?Vyk+6)@GZhP>A2DdhFp$<S-32zgH}A#d>cOd-#)M?GU&
za6ZeoXXo5wIUHMb&=uuQWlewUsO4xZ_0)fayz^?-mwu!{`#VH$aDirh`c8(aJ89Ox
z-^uXZPMU__cQRbwDGI5NXc}_=!0>LT3QkgLPSsMQ^ddwbbRomhSpGfIgj8XI9;$D@
zAm7OI1H<Vb7#uzaGUqjBhB<nV`h~41+Gd63j=e}3rspmO$1ch+Ki<VqZI@VDvS^#V
zi(%?6n%2?EhS7U6XP6NeX<BdWVz|CbWSHL&S?!B19AD)VnQ(j;l-w9mw9O06{qIGI
z;}iFPSK4GNrv;jKLFg5<Y&U~rH^K9MS6$A;<AUdzl*tEGetR%8N{}d>c*8w1y-N~y
z&JWGK@<*$ke=9p>E1Sj6AwQCxp}QG^rJa8(J2UaP*%_{?64~;~!cO6?K6}+ONMYxa
zQ2VPN$z5Z2Gc?;x?mBok!@%9-u1j_^EZQxiMhSA))ZGjRcQf@WwY@USOBYgChZb-7
zlNAHicMn7FJ%oXh#7wo^F;Fx1FihK{_W#AI8ch;q@bS<Rn}3pldJn_)Ju*=5VYs|U
z2I{>G*efccl4P^rUWQV8)mE@ojl|ZyZd<{rP{ZSA($H`(L;bzhhs6E&GJLX^wt$s;
z8D{O3_=N9O1^vD1B*{D-YLxw%cDTm-7#i-ASb}}ZkbUlkoDDT5OG7^2$1q@@)sThz
z80PPjKjGfTuz#Q2iw?P_SqxcfsPU_mGk8D4!2MP^i}y1u+%KkA4%PYn3<vhBP2sef
zfHWcPVrbr+muOQMnZhtQg*Js>QW#F9(5BGk07I(-VpAwdn?l+FhD!%%Q>b;2p~^vu
z9#Vm!TGmbBlV2!$Og+dj<)GLU9`1E*3Sa+{X;bjrr=FR7`%6X`!3Y`V^Y6243!k5`
zeEsKr95qi_HijXm{sZe+YM-2fv{D+hpF)iWmnbTKe~{tZgA9&t$Fg`&nqUr7%(9hR
z4#+Q|_9;@(qk{|&4l=OH`!u&N2+IRS57kn^<8`RM>yp|*2BzAPvQJ^Bd^Knf!t{@R
zrANZ~4>9CEL@2|x2PB<rRdYufb~(h*=@0`udmt02?yyo5Bh)+$(??4+lMXSAJ48kL
z2}PIWtGPrUKE#l6h{5rF%KJcd7gev5g@#9A`Yoy9?IDI&Qo|*sA<e3x++l|3!win@
zDerrC*bSw@%TFY(VS2U8q~X)U4E+w1hC50_H9w1njfWZ59%f+EQ!)+D6D2xPh)xgF
z7f8{!4>SBBML$=fms&;p9APMYgn|8@S+qP&){!biKMT{}Nzv_(Ftj*AqJ8!&NAS0Z
zK6->9<p_hrKgA6SIL!qGtgv65Aoz<+C`|A4n{=Y140(@|j;cyWqE$!JqYRCXGC0bm
zyblUkUujq>H2f2$ACVfS9Ay|UH8fWmQmq=&jxt;p8tSIJ|7~OmN(TZ&Ivu75{4Ref
ze~cmI80q*_=?D+7=ooj5A?X-{<HdeA9rIi|Mk^g1g^m|t`edo&mtzbUrH%<o$26;s
z+{YPm9A|K_l=neDzg8Mjgoc-4`a`Lq!EuH<$4SFXr6Jv_VeD~+FNKBzDenVK&O4yM
zrGXl>`(b*ME2LrnafaPegQT+~JkX-y<#C3;g$Dg#RvJVEtD};djzU9+F#Dh@w1GyP
zU<f<GDEnBTPGZx7G-!jue15)S%|2S3V2C|I*@q-HRLed47<z(X@Cj9b{i(>jf;DIj
z!tC#)8B0$vEIuJOf4{?$P_`6?vuv0>`YJIUIl*v9F_l$JW!;%dgxPyarh6wC?kJ`@
zib=Lq#*iz_zF0ElI?0gZq-0umSpAI9UDLcU`$fqVeUc&aq|8meJuKtKx9*zehuQtE
zQBKk3Btxr{)|_J0Nrt48l$&fj$*@Wpvg5Gy9NAJy(t<F1+iPS<>?ww3r=%hKl_C4x
z4OtXsPnL!ZJ;gBil+}>srx=!=B10~oVmNY28gf_}a@c)D7KhnyNkcw6&G6}IX~-F6
z$QgG-mWJ8Or;#BGPBVOS+G@zb(+nx6$&ja~8E&1H2+#}4kVN5P%fjrP)8x<C&oIn5
zBN3qKig2kQToaai!F5W+_Mc(cafTAHptB6c&Qc<F;4H)Tv!d7xrbMjiIfe%3C=pwF
zj$!^ec_69!lzupKBK9JU60!T|819}EiCC^9u0$;V^-PIa@DX(&S^0W~w2D4d==`wa
z5lbqz=BO(b>;Hb9{U<ER*wYjLQKkQ;X02n025m){{qA*|DX&z9oT=8CDxJy@mCE2L
zXwB*Bp32ZNRaNJIs%eldb*jHI%wF^lnmgk>gZ;d8ocqdz`|ggjI?Vp*A7oDOd4|CA
zR&$!3XJ~Ss9B0&dhR@E+mul5Hq7D*8x7LN(*Zx7NVW|rYA6;Nz+mBd5F@md+;z|)*
z8^ZLflB>f7hBkt0=@IwORZmh}>4NJ@m~Pylj?TTnF#Ce6J^oQoI+8*)Xmi3oYIlP=
zx90-Gt_xJIUBAF^?E;l+#zhAEMNzJW(wK){WC*-yz6oZ=E*I3|vl|M5F?qM^@?_WL
zN>nU2O#s%Lmz#3^Q~4D#BiCLR*MS@I-6_Us%jHWq6#OM_p9TIRv#4{!f!sIA*)L@c
zXxVYdCC~q+!o&<X;=;Mqy_pf`G7K=}DEoE=x;oh$PqnxbFLW5Uj=4k*y{Ql<bB||y
zGfNZ@@bw5liwiX2CTRiA`%ONOaFaE;Z3H)o3+z_6JmC2wL)VK8AD$_0UK}p?USDR|
zewpDz^UW-Afpg6d0$yeK<qAV~6PVH>(8NqMxXz$oXUHCx1ZeSrCI;n;n+(}+N@z$+
zC*>b^7{0zEp&_lD7b`ws2zVf&A#DOp%tWz=46h$ZXh>V<#Z8YGW<Qe9kakY?W9bY<
z(j_#cy_2%dbB3nRB{ZailXBh*h9}P@G^C^R;>LFj|GbsZkWS8vfd<EN2PbGqXXnKm
z**PX>=Y#_3;#4%zizD8P6AGkjpos$6n}=g^9!@BbZq%cE9Cy7rp+Mq8bSKuMLx^5A
z$~i+$SV)^7f`!}*(z}Jwoiz;5W(Mhn|EUUSr-F2^v?V}+KjlO0OM!;-A$DShhuD__
z4d+Ab1nWcWVr6A)mn{{)E(ID_Z_~1Fl%JzPehwH_tGFJ|dj6?9V{D@J5v`ODmPoX7
zH<}+QS_S<4r+i*}Eij)jXGngI#QYpyiK~I}f6C{ze*|U|cc13xc$}X*)5nEX<O4lH
zD@e>Z6;gmBpa2J3Ts1?jbKJtB!Ar2D1!hbBlX}#x07sVs9LQlMw4<6JydId%B$`x!
zV}c-p-`zhY%HWeA0yO-qF0G+UUL9uvmG8*Q*MeMlgf<}xY&r|(Ehio!AtD1Fq1s&F
z#vM78b%SXtJ7$>5y1_J+Ev-|zIaE%iY^kZN8*Hq*Bj0gbfMb*BlhL(;Ybt-bLsQw&
zI+ZQeR8Fp7oywS1K+0V?m2HE~sk~f(<3a%rucTE#tGnvsIl<;sRw~F*rXWpafl6{P
z1g#)3r*dLJj<E$f9OJ8IQPrEB^s1z0w31sV+XZL)`Yv_yKtYcE1v#CGdRLO0w6{A`
z`(Wox-!8~;Q!v0QaSE{Lp6pz5u!$?kRfvNZ;_zBJ1t@b*c5a(<CfXO`XjzClH#<<h
zIBg0{60>s~3URC{#Nl`tkwsB!c5X_b?3`>VJGTZKz3)-yZWQ9UUPyLsdZ6swba$q2
zgPphn_92JkL$h;9Q-LA(W#^(p%+8hnkR#|r4zJ{?K;HYZb7e!!&i(iy$Jr05b4P>J
zH`AuVBr!YpQDKfEg*hC9!rlj(*cT)_CtJ$S(ji9O`_#Esg*oC2%g!APQZL+dXDSoo
z?A(aL9K!^IQ%wOihO(s&yQ&B2YwoMVuEQIF`hhC56;rh?IM>GyBuuR^$FjoQ`NZQ^
zVUFJlb9f3e^NB~>A{?<rxHDC*ucp8vP(AS|@qkk0y+t^77vX?+2O=x`K)x0bY<P5r
zCmy1j?X4!XnlNuuu+Pc|)@t^TA{=Q&xU-s-#17SRuV#&+9QLAICc-I7da96qD)^&U
z4`k+9lq0YxcP3{|i*hs(e~9F4U{Q|Gi*k4h9y2*xSd?RaQ8oVO)L5KzcgHiq_OOR?
zffnW1FSyKv_+p?;C@%)OCB)}~?V}%(S+|RF+$_p1330Y!9K0BJT2i+dM`$rlhFnsH
z$d)SUQiJU~r6EmyIGXrKL#``BuDcs@A=sY%5g9VbhvN$$t07B#I2QSkA;0@@927Fm
zO6|5X1YZN%#o*kPA5*3F@FR{JA8}`;_DOM$PQ|&iQp;I_!&X9g+}HFogRvzzhL_;Z
zO6`6Lj_W1J{cbB$ZwF?s)RsSzkgk#(txJl)?+9{LY6l)=hK>ZO*N)zJWPN3}dM@e{
zWU10BN4u)DypOY_FH+i4q4g;LAIIeZLF$)vV!(b1whwtsMak%r93x9|I4(tG@eorm
zM=R!J!Td|GzC$waEy?kNU_Ku4o}cAaQOs$A`BJd{Ofo+&$?;S$CuI@7&0sPpNSzLe
z&=?w$Yi2qHlZa9rA*Cpo^e@HHqZEgyATxu>ol+cWrD!$>sgUOq=n5u@=`@@5d^zg)
zieNH@$i}3*g2~^RgUL6lZ!yBWh!CH@(yhUypD#xrUkWDQs4(wpWeg@WeL1H4n!#l8
zJm9=*<b?DJAw`-#)uHX32c-CNeDBMlCC>xO`*DQ%aoBF8+7*)>iPHe>MQ6VMFCAPH
zCjFgi$9g}GwSw6E!b^}mtxKK;co<stt$$hVKj+7B#*gfm#9Xy(ZuUR(<9OmH>}R*-
z&eU7j^4S?X9;rEaq_oNpD0I&8>@OYK*fVw%^ykR$FV=a_1;87%!KI1byz1;-MhwA(
z1wbu-j!OO<+Rz2ST7QnE{v4iyOrN~~@C@Lv1#sxg7XWPnIGT$;wk!bl25{^M;IJP&
zV^<1XEfrc1bj~s9i4N`J89P`Yha*r}HRFsOTCn<Y_H;ly*g5-ALAc_K9bthSL4h2e
z;*P%Mj2)i@a&!}{FbW2{V#KW{?lHnUfNsBgVtLE3>3R{t7FgM;vX+H^rSkh1zGE^a
z4yWe95<y0&Ckm<?9Yr@PhUllB(i!u;K#r?{l%GgCJHlsJ9z_ib;^-5^VYG~Pt={cV
z)q-(MDx1~$xsX^ZSOt_BfL0|$XU`}myba=b6~y5<6#kxo(pWL43FfLHdTq&EE|?=a
zn8Wdt8}k6Um39i24%I2xZ8NGLq7QjSJ6K{cN55cB164Xi{XT1^sBA;@XU}M$mIZUn
z45oqV9xPpG+DywpRS)4P8^U26h;&(X^_l#&5*+@~?|U3}JW^r)h33v7dW*m1*NZ|p
zl0!)IXD*MNWznpMa=Z)SaO@1r>Y-2jQ+5mwQ4c{x4fQrCPm0hm>69InLpjQaa%jU(
z*)cGb<8$#x;wd{8hjPph<?s|d`kYgCTngp*F_gnGisV&vB9W;tH~RrAL)1ePp@|3Q
z{pW8&vU!DZ<P76r>q6Xtv)dI{y5PzioHzI%;wl}+5hb_|gt#N<E+{V9QV6;t!Fl^h
z32nnTS_=tRL);N`hN}F0W&>J4urc=^a*okq9AAcUBCHy!KA$KEO9vY}|H*(L^9og`
zh=L#}*vR>ua-Owe9IL}9Cp;6zaVm^*!lz*ze}#z=o=rKSPdLX1;VRRVYV#sRNR19Q
z+CI19(x!)VObsV#JHk1(hjVzQNNG32IWA|G#^E(bY-GX4`V7+IA~>2ykhGx@9D^go
zW;;iIQ8I#KafFiQuX<cfNDB!z@It;KE|MdEB=xvTBuAx4lG-(rqjMyOXEiBxdL+mA
zNG@R#wL;a-CZtvj&KvQPay}NtfhfxP5~Da0qA2J4F^c1K6o;qaF>}5$(H!B?l=F>`
z<`@}GS%Or+RLh$4&3Qpt!mVhI8_^=?YZdB>=i6Uo%K3VSs+{ka7gj8sde_2$P)pAD
zqO2?DGhSv%Kf8h@^zX0mAE)wF)ik7u0SgN@M!vL8s%L2qR+@%CyfjB>X|aRK;cr)(
zqj_mngh**QRZERdWU#UEWd_XLFs0gSE}&HoHtxQZn7Ps%r%Q7<el43tfZw|S_(91}
z63oql^G<lBL;HOJ;8ljhQHDc1w*VMjhGS$I4o^X*-(3LgFT?Re8JbQh#=|0z4F0b3
zhuvP$bml3`;Z;^7eZLdg;8(6+W#pyA`tJphIq7R9Em@cs8=N=bHRYt`%W{-1OF8Ml
zvK*h3<?s|_W=?vgEXOZp$-LLfyw{<bb5h%DGB2<khkrR?UJi=kg<e~JpUIw7%#f9e
z!7m!7LZ&dVMX=G~H4T2#avY7yaj@HEtq&kXF6bYoUK~6R&{_qT-22*^3r;M@F}@t-
zf|A%!E%(BBb2*NU<xKAp+svgfxi!j`db`-yfq6pyr7h>DavbN&(Uy~|JV%c5wB=MN
z&k<doJ9nG$<vB)|=WzTPmU*`^eTapt_XCLD1O??j{V(~@q4FGi%aadzRp7{8fx}af
znLgC80>{S{Xp*ED4~syT53T!`CTU3pjzty3Bn1)K-hW*_G`n;LAF8(ih*8p#=9#H|
zlhk)Qv^EQX3l%sHR-kM?M(L0F2GD-%%){PTv-x2aIfhi^V4cF<^X+bmRkqY~;H#Z;
zbbUkl_Ogl`ODf8IyMMUK286zAoxO*@rF{E%MUKN2Dc`nL;y@*_J$*y@cBM)j6)I7_
z-K7#ohf0)hFRH}xO(n{=r2<#Wns2{)L;3bkl{hX|lKJ-Msw?T=IP>i?Zz<pYw-Uz-
zVTib6=G$c|b3|4)^X;$0UGX{YZKiyC5#8?h*75;R5oT9~yTUS%Lrhqj8kq3;fOes?
zk2zV1l{xxU=Exy7s0V6NrwN)rI%hXGr}dRNR#&FY>2_s~KPuDa<Wq&Ca1}9%^J#Nx
zU4^4X722F;RpFRcg*;IT*DY#Xn^V*~^2F0sI8Ig(n-hz0b-vlVOq)}o2(>wV_AX<+
zL7PqS2usmXI>Pc>mPzGZJJr^AdWPD9e#>&K()%|j%54v*+!hM}ty73z7B**Y`@9Or
z<0{;Vifb7qhhDb)-BEF^t8&Cv<zPdjGGVh4OUu+IT&QUkqJJaR?5@hOqAI1(Pa_pl
zd!a@257jufSL1N}67@b*+#A)A@P&ZZIz)dhHN30F@wggk@K7B|wrbc?onu3F4u=t)
zxoB}}$R4F$7bG;a3DH|<q~WjX9Ji{IhTKX+%p!}1AvHL@sKLQzWFDUUN_5g9Kx-SK
zZ<V5V)!<03L81#Q(P>uE;WaseYjUvd8AXqp2h=UCo+~T{w0a@MJv?mCrp*HqYI1b1
z$>ET*qkg!U{*%r1tR&n+R%d2b|3V3rEtS=O6PUM_5H7O%IW;+E37c$X-0K3bG74T;
z#!bSCz`Wz6guOL6b_)rGGfD7Q68zmIYzoYKTuQiElj9E|Av%Kukx2Dc5@bt-z#jsQ
zH$s9)q_WlG;I-r->L+F7^8du0X?LK}O1IHx;A?S&)}r(}t`<l0S~6*`#WA=R9j0!q
z#j#k(HuJ;*N_I6dPkRH6EmB^i+8hmPle|xBb0pR#dGl&>%&9HX^~IDgo~X^SyS7T#
zmz7cJx{!J*Fz-#9&6%zze$0{ZF-64RKjujNm?C1oIvm~Wh;)51Ma0xP94G5gMEs~O
zN5Q%j5v2mATGohITPPC|ab#VN;dMns++D^M5xd%K?h)}q85I#HIPc20W3N@Pn9F4>
z348xat}wXkeH=HdSW@<aRsSPppIb)0tq4m1?QozGX}4KY_LX%xme-{zI9ZqDcwG)p
zLF;^>P+g9Pb-BAV9Wg@Mfj}cEgS3V9IOf+QX$R|Zq|_6ckd*ec9>=YETvo(VS{@_`
zX-5K$WkQ<km4q{ux|!}ix<Al(V<(@QRi9%<ee$Uv>T~R<PbOTe&vB(b`KVU|4vz-%
z$-`VV*>l||`(U6E=&)I<kB7>TWMS!<K%=9>=1hRMHQ?CNfP)pU;GO`NC@XVXpQV8I
zdtk|ZLaa)F?>FGM+kg^aNz7HtJpuM=$dR)lmvMGud6mft=`BNaUxVUo)rK5V4Jpn_
zIy<n;5@*je<T%ifgPkbvvYYLyn(1=}70O9-WJ^uL&|u!ipy<-H5l53oGP+bLCkITn
z)T!9;V7|qmnfsy<$7hYKk7yP&;`pW!&DiNi9Qzu{s8UnOoVE<mMh5dYQcjn~9Gx0l
z<xFVIF|M)5gqF#-lQrhp&{$QUP0GpPYvSImq+lM&s9P~jI2t#R-D<8(Xzt#vQNes1
zBXd4)!ZDzU)tvcFIOa8>Zk=kvvA2ml?rEtENfF%|9n7~#<(*?VI>yLHRDG55bU`>i
zIA0p4_%|hnV{8n?zn3u_4`V3)jc>{^w5dpEmr?x7)r^BTqxjdp8Ar=z6#t|GhiYYr
zf1Kjqx@H_}nu+)~s+=YM@l5e=Ryh^_#yRi0e-eLTIZO0=Xh{OU&ze5CvL*Jls{9|Z
zuanDRmIK<@U>@p8Gjz5Y$LVI)8G71`<F97IVV0A_lx)uNL31vP;8jXmijX!jnD_Ri
z7_hfF#}Cap98b$-@z}{+gs!<0%#(wSwUYUHbB?Ei`AxaZr`sm;u5#*i$SVMCO0aQD
zGKa--gv4?<u9kbx`Lv^=WR@*8ss9G@JlQe?TuI_kE!S6_19|&wHuu-0#>R3qizUAv
z9?LN>R{C|eiYh({tKS9kkxH34Js(z7PY?xx7Q~NaR&YF)<7h00r=T&l{1wY_KUS?{
zDTS$)TE`wi{8ctuN|oX`D#XckTuiAh=H5?R5O18FyrfecM~678myC<!7!ybR-4e&K
zE>8Bhr0Q?7=#D*z56n)=U&V2}h?DEMtRhSkge)lE#vHVcOSIr9(t_6U=PfusX+i7w
za0`xoEjT;{kGYNu#&hJ2r*)hV&(S%a)^S<Yr?M3@uj3p!XdQ2h=hzxA)^YQSu5}!o
zBhxzWQBkeq80TFA_F7ivClxI#c_dwRTpYdAFGa7E;>DfA-K}VGcXxMpEgVqX-HN-r
zySuv_TCBL+d(ZFvBRjL%O*WfNGTHgee8<CdS&HzEKRUK7xpCvV`#M#D-FRN@b2{pP
z{=py3HvDNv>Mb7Wi(T%mfr!SA_{^bhp!ij?6+N=joDzs_npls6va)1a+v(PR6#Uq_
z>%DX>F__7aS`Uw-FL78&&&`2w*br{lO(Dr4FhH_`RSJ7t|7FGr4riU5SIe;j^9-KG
z%rTxiBsU~b42XEx+gs?tfE%Jz$tBg0M_1xU8{Jk(g(zh+I9rYR-;OWT*o`(itx`qH
z9pbjvhC8DNn|wlC_|IyvR#~cZDSR(H(aL@@xB0u0dcwla68?K-u!=p(kf9(0&aj~k
zzy+*F$z5%&Xh7Y|Fu-twP}}2vpj-!00xsz6C%<d<xoi5;?$x8D6qy&4evM2wtQueK
zut8(-;hE?w3vR#cK$XMw9Y7@5iul`+_bbKK9QT{Y(I2Z$?IPZ!<0**;UNNPDa%;Sf
zcl+f?oVetNkGR!1CUOMT-yX@DKb4iW;e_tSHJ)>{k)-$Ps>TPM#|@eHtI!=+qba7w
z387;z#KG?1rz+kLZ;N+$5uQe3La_m|ZE<|X(Lx6bYC5FhB^n&Z*}`7|rjwt}g#yAN
zLc~_IWOws!Jf(GRg95T$$DwnY4*zbXqlY{h1^}R=E&3JnkSM?2kR1(5+j2!mL{Nlq
zZ+be~X-Ci6avP?8d|@)|@m+VkwV_lTkk7>8Y}nJ7mCO5`1D8s*+i}ia*O)@JYc4mI
zd(I8l0AX=|fk@xE6hcD}1Lw&tzNDZbT0s4J?&ZV4tZF=Zto#9=QQ2zz3UB?zo1#Su
z{^a3iCOe@UTD<Gq^{;yJi4bxj4N3+3#FX%0Tmmi{mp?{^sYUli8mF{3ybg57Jz$M;
z$YfrA6m+IfxAU|`JKZCYScX4pELH!ZmT#@BvmA+y_(6ju5RrdM@cdb<?C|;l-g9&t
z{*CJGhuQ<%=N}D4ZAaf@BK<C6q3O9cTPj>Gad4n4LSJR==XbAH6=qzjMBY0=&Ihlx
zl_h`PWYtG4g^yw$GiIJLi_8fMd5gpe9yrYfijO5J|01Kq`p1vR+`dph_y6q7DH4!r
zc)@|NtvQ7PGFW`#b27`)cbvM6#m7!ZS?-xt_r?KwD=v-O&@KWoJ{*C(=E%ebE@?g-
zpP3$z|F~lmnST0zMlb%8@pdK!v8zhJlM$bOaZfGOVZ`Mp7#mt73*M|fEW$lQJ$#dq
z#q?$Qs->*=D45ZkZ}{DAJCB$18aKP29BZ8@qp!2LPBM(2gX;H2NRrzyEJfzDkk$x4
z@Y8dek?MIIeP$&Kep|Euo!#R2gE%~$#eI9S#gTbDR$D<Ey0x+%V!6pp;d(T)?y-KU
z?jF58Km^$0&^hhBl1Bda=4_A0LGIupxicdkCgA1#^?Wi{{;mlup&xzh%Y7TX#bF}7
z|9Fi4%{QwV$uY<2(RVD@|H4+Jej4J#wl{<9xqkU_gx}78G^5;Uo5~hTW=Jgli*}16
zvE|%WWUGjf!N)`3B)>@O3(iYSx8DwQnh=&homahF(2s5;BEFj@?&S+Qqq>ZT0h5eR
zZsNLgaZudGG#lk`s!b|&9(01$u{nLC^+NdaaH9@&>Z{453p#+A?s0i=!H7ZhYY=s&
zL|bN$*LaMiH`3u>{?vXhf;|>%N595P0)lk!jwADm_<m^cDZ7O_^zAOJ#LY=BzBK$i
zj(=&96Ta!G$OG#;Wf1oqyfYU~3sUqc{DguMT5yv-^ewZ}dZ-B3HBzo099xRZ=#t+(
ze&4JuLMYi{r9l58z$Jc;So`FblZE(U_Or`#yA8r{JPH08ZJtvW(X=&<xJh<9ND8V|
zQz+iS2Vq!|#L$!iFe)Wn*A9w-c3MtBBSZ#!P?4Y2N-;g;hRPP67KAxkeK#Odh{Zn&
z%EjLjIlzgQXGP{gyIK1qWQ}DYpfKYVpy5a*{*;?&=!QEsYe)qVKkTd%I3nCbUsXL%
zX_d+$zMv6EHAjp;J*|6~zI7WWHggaT%{pL9zS&?87x#1V85b<5_H!M6Q&#e1g}?wv
z*rFO-sEt?|7lQFILlPRM`nh?&VfBhjWpHO2pIyq#am5EWBtzYA&JFdT;=hxP3{jAA
z;YJac=EUq^GYRi6DV?04;@^ms)L$x1?(@i_E49Pz`(2VO#x9CGso+bp?@z?xD~l;1
zJq=4lZ;OZHIzhkHu#tw5QH5EJC`#gs#FvEpze&zW5s?y7TJnG+yW~PF=5LvW*f1iq
zG7`Kw+Zd?St6X|oDk(a}RLuQN4P;dz!in^Er_9iDKNEVsEq#G6$Vt&D1k8Bs7U$4s
z++WPOqDGF=U4>?NdbSFgCKKMIzr9JP7xyr7zjhaRhCjvUU!@q`bI$SkJ^_aV7#EL0
zDyO+xR@mz>E5(>o4r3c~X|Z%Ne+dl)lvAC0g!8%hu?N8t?h)j9EOZQR4-HYcUYL#C
zi*l-CCej4qx5za|G{V;Pt5ngcikVwp&yI+rDz*t`XljgB&Rusdf2pFU#T`Auc@MSa
zW1@Gt_`-Ri=;G(0B{MSZe{_<mY^)&g5e_=KV?b%pL>*FbYJFX%@S<GA%ID@MkmaWw
zT%jv!`9vok9y<+;Ib7jedkuz*d(#>yszKe`{Xut`#FuB>nZ&jl@BPaQ`b0jTn<4t}
z_Ilp&XY%nu@vWP4oC*W^gR;G#Z2dchbfL@?lvds$ndaA-nShNBY^0g)d~UtSWN5Y!
zGN(w52d99hDDVnX2%JUObrEoq1$pK?k4<pPnEN^s6Z)1Qu9N0Os;pnzqa}YzIWeIC
z@kR^|<3e%b`A^=fMs%I=u~0C%TS@XuQ24zu_gb_nGR^%!8GDUp(7khjUmmt?-u$qW
z4|g)hELNHOXa;?TMU*4H>X0MXy-8zOI_~XZJgcn5BT$g>SOj+{au1s=nvJPZcG#xY
zVuU-p-<c0y+j>?o?}lntQk%^p<@2qhlFNigwAP-a3keW+^!sdg^wFawUnm)UgzM?T
z4kn|zuSXr+dGV*WxCI51&*D{p0>j8U^2IU|)6c`r=n!yTt`xYY+ThR^=S=)srzR8W
zL69kwSXc}d#en?&?+hwrDd%CSJ;*mstU_Rd^ZSYFwDL2W1iez+VVuH=E=>ZyuoRv9
zn|va754@Dwa3yYoD%21vb@4fQ^io2FQ&;8yvlH5XGc*_|zpKG5DY~*d)*jyOZtWUy
zCFNE=XA=D-!L->Y3DEU#Qwz_4je%j>pVHYSH52^m&N7@jx=?wZz`Z1!eAF#87HgTO
zefl}_*Px{5T{TykA8^{goce$|&_P*nD+*|F@$U{(e7V}<LhdPi?*&4uxPtR<F}^|E
zjs9&W6gfnu341?OD|0c(<uZ|Aa;ebvKiLDmpaZ)Psoom_yiu;_o4r7m^Ua)rvQFM2
z&?M|sZP%8eL51l<bcFNyR{qwoBF|QxzkArj<Hu3=tksNB*Ww>r1SY+tKbmC^?BZF~
zmGui3*3ta>5f~TRPU)ih&N3fbSs&35%?zl49!ktZa?LWR$mvn`z@W62(C)%8wV)*)
zc6sTOxBlp&Esc0_DSq^LEurSeh=E?kR}{-YPwfETP7^)0B;#KOTj&|weVACTZOa@;
zWYVjDQYOv&!KL`r%B}NnF-@^XF-;E6AG1)erjpk^{>4rm=`=aMIVvxAlI}&!P<#y-
z%)V?<`73PS604G?L#)=>{x;sMD!Ai{S6X5uO*O@yif=3r!Exo!m004F6*+Rj4Vo)@
z@D$&M&1F$(q`)LTmL~GKW)Iamr~gMBP5&cPx$;L4jqc$BoZQi6j$Jm-a^dc!9rg06
zl6IS!-**49=O5mk;BOcIT=t;#m%$6_F7z{yc#yi~yKQD8@oyUre^RRXyx)N1d+Rx2
zZbAY(()z9^Ud<2-dOirVR?{l&WMwuA^P5#5HeM*grTX`{TL+1BX!p^lCC7Hih?S(>
zsi%UPX`4G<Rub@hUR>;s@O(DS9(JkEcD$>}b_8lnw|HqymwRbKlJ<1@v&M9}+Vi~U
zqLx1alynDFWzsx0pPSn?>u~`hBHT!Rf!aF}V!YctH?C}oxMbz)%kKzJGl%_5l9+g{
z@%(}gKMvqrNTFiD(v(1`+Sqi68Y>s>#16!0^-e+nPj7O^gCj_!`ovtMKMkK~dVdD*
zd9}uXV%X+NoK^s@ZgRI~dUvM%Wp&2uyEx+2@FxMh!-?Hgl6Q&gdT<|IbbURSl+0Cq
z?&nnnqv!)<XWym*0X`LJg3t61A3G)86}TPsv*+XQbw2~$9oz0lTqkFLSCyjAFsIb>
zLBaZ*96~jW`^hmrQV4qWns(bUFg{LB@4~9T(&;%Qy)#k1r{|dN&cD*3`)^LOToH|j
zRZ~*D8;A<>9xdejG-Fgj-zJujd*$wKJAB|YbM}}@M)#kp&S~+m;}|Yob=p;av)Bz@
zCNB*`j)7~4@Z)ay^9c{K!{|M9@CYyWYW;-gm)c(oQB~>j_JqV7I$>mv=W-&}81Cvs
zgLh-TL2(RB?^*D~h+Lo>^sjm1j}H<BLEBtDhU{&7;sb|ZS1x}}-KmTd9qKSD!qGeC
zoW{T3+e6zfO;1tK?wYvoUcW!Hi=O>RvlBpafvuc(k^R|sCX_7k$hvt6P#XB=-Ig&-
z=UY82Q~A}x|C#5<kbs8QL{8Uc@GyoCq18Kc-)*WWG}L)?^}O#C22?})Z78?ugAaZ5
zUC;8a2C^?b_#m$O0O76Herl<WPgwq;5hlCahyMLxV0qVH-k1Kpc|PXVzB)(Fd@bjN
z8+jCUW)*S9&(V$H7`792MWk&n$l^G<`*8`KJgW<Aaf>t@dce=g=*FVo%$k$G>l2M!
zPML}YA0BZJi_duEY{EHw6hHq@6p^clE;gpj&s8r{e`MBx#N8|naRd%2j3{F8s9YaV
zbpCuI9KDSdPN!TEKl!u7xRki#FvD2AU`02`W+#G+?W$Tg7Ac2u_ivK~s3Qi-*B}<j
z6w4Wg?r>%pX4S!*S-kAg*eezZIoY9r9z25uzsh7pJ!~$`eTyW-fuTJVXO9!w#X1r)
zKF-yJ<&O`jBXNTj-^9d!4kpI?SGDt~`szqO5`sy~eOR?WLj<#`V1_BaL-Xy;G!_X<
z%@JRBP_YNqM&y@HFUJaHcB66VNxMyHM^k!^x<(1o+H1XAgXZL{6?<scNd*DAnscPa
zWSoDWXUZpS3aF;ftCNh0T{@FjI+s;^_MsQJ(S6n`g|+gI<7#fDUAZ}(wk4C#AxjBA
zjl`V@1lNy>FJ6cYmkIP$uY9Ht8arB%5g^XA<Rm1-&zPToV~C<))+!b}1hBzEDS9Dx
ziu@Jr320Cdxj^xfMWA;<C_x~_RXhf5n_q0Mx^D-)zS3s+*0a`oPfh)^<t;o=-9(n&
zOzl$nm*XX{8>&*<NcT{L$ly%2&BB?fynoS^)A3Iq@S5L-qK-JTD|KkADYm6tQa=$T
zpFHaQB_X+$*(j|gungFZ>qOBS*D0e%SCg*uJ$TFei|W`&L~yjEU4y(6H0;J){+emW
z1BRae=kXt~#t>ilU8u|Cf-MFhS#e@q0YT3GkVfvZAlE%AZ$I!rW;s6idQb|qOwn3P
zAxY}PJsQO-i3Zj%9oL5<(=lzuOG=gotuwmkA2{6!TQ!Qy)cj;F*pybQLZf}#Xx@nW
zA<RPl=<nu31&b(gaAb5|gZY$0(9P(+cj&|!2m`M%b{E(Ik>pr3RSx-mU!Ep*l})py
zJ>POP8#KUT^_X^C8825x0q&w<-UECG@w>+@@eJOYIo{E_gpR2aSi0E?b9Z){o|-H+
z!FWNzm7y_L*PMn`9>b4hf;WjSw}(T#>Mgad!FW)u^ii@O?`rRF=NH=_Qas<Ep0OS^
zn1xd{6z1HrWcf6}L)(4b+KgAzKAdOF@(c{r(zH@**NMv3<$~oEbpwSgC#HMxO;88>
zXY}=RQOoLMt1r=3=nrwQg>bZ+k3NNXQ*bf*fl9yf>(&7W9jCVY=-qcsbK^ORFJf58
zXagl1RECJOjBlsib5UDoMB@jdd5hgqw3`~VuiEzrjGou3{>+z~#vG{(bUF-*ryF=~
z7C~6h{#7n}Q&OA_gb}}%)mjyulJK-%1_duv?R?tDkkD+m@Vl``*jt}7>Z7_F15@bW
z@|Nk~tj4?6L|--UQzeO>nExc%X4t!W;y5o=I2kX})c#SGefYAbsQ!f?C6IoOfUA8h
zYQ8Uw=lC0+_Q4Q37=%*qoAysIY|#!w|NOAZR#i6wD?GgM?kkoqIzdVIT9jA$rkTJ?
zg<Jlz)#~(9`DSYS8l)Xx!m2RQ-oo{a6tU@ejylLclsRMCbLxBoSnlG5=aQ&^%59&@
zw`#Qc({TU#{u&<HyBUx_sK8g@;gwEO?Y>82xbAEU_|C{_;Y)i7N8bf9l@=IiyTLWv
z^h9d@*CD3ypiWl#Qm(l4wrFwsZlw=s?dDPG3sE}dBYho3N;+FMY3ydyh~rfGA&vd=
zqFlbo1%X?8_}|GF>kX>*kY>qFnVjbe$NW=VPNxW29P1`BO@oc*pLX;wNWA|l9rv2q
z?P5zBk1@|I;?Bg*O*p^6s@LQz$iVX29MG(w)+|MZj_%e~2NJ9=x79jUww#q4h<CZ#
zwJe8?cYSgDs&^!|?P~Yay~IGgsR3uRGLYaUM}v?bNM&y%0M#H1v{BwlJRKW#wJWG{
z9=B+I57U|t-U&pD?zbPaNOAAPd-me|%)nm@v+!B^z&~aCb_mVu1WVel#l%zEOb@U}
zpZ2R&Z(}sY2Faq8T(L>TByXQ)c8VC{gS%k1S-oCa;i#p#S64^TGltuo#BO35#h}UB
zUfY6AXUKYtK74CQ`S-@mUC<lF_|P=z?Nw;D*a@>}Iw%!6Sfc;V&Zj2(_=fn<dM~vF
z$!>*%$(L{ldy0NzXDAcNZvQ)m$)p=O0)F<u{*shh1KG3~XU!}UT4NI@&04KpKAtp3
zo1u4e9>Im3Q~oXm=a<DQ3-R1T%<~%8GK=9ZS-Xnu{g6s?QC=@QxBPW8P8$*0HAkCz
zyq5ui1e!HP&j`GO<`&c+kP7Y!pl2g!*WyM#Dj-!P6emXv)5v?if#cUqFloUa3X<_Q
z6W=+-Y{BjRiz-JQKs|qHu5k5xP5*6W(%PKQT4`v}97#a3gyxo7rwF_$O?iEtg9&-O
z?CWPdO59~eLp*KGw%hgZoOX8L2T2Vk&iG)17qq5r+VQ)J0X0t2=CQlTgU_gsX{JA3
z?8@;ro7=$ncekdew#~(_P!SK&BXS?yb@M#pTbxG{Iao&$rAXBg<5hWZP~{KI`gHBD
z4Cpm8UnzEy^0EdBxZ5V94zxEBvNShK@Cntvmw1gtEx~VIHlU*KTFsK;<^3u<wo8<B
zAGhgU4#%}m{vqSOmsrA92Wy_5geBL?3{J$$cGrV$I2A>DKb&;f8_?wBE6uwWQ#7W@
z;=dT`xUuv2_wcD9M`m;`WpkusKZG)m=+B#t+Emx!5d8ASrHwb{j2|;C@B4np9wjHA
z9oC;sHd@ZNlcA&Twu7*`?(`%AKX>DPg60W9pYaO1+Za6b54Z7(q2|dkV9bWa<p_N}
z?uXg4=HE0t`J6UWwLM-lQ>iAr^7>7dUso4qH|jzyuNz1ZNH)QCYbifdGPYV&z7IC|
z1_7DTEH`0q-cil>V$CPBPvFH*@zuWXrfN&%ecu!<e^z;$nSxP-gGtF_s@~QsCR8(H
z2}Q5}uK7=lDVYNNQ%F2r&by1G$;#36N~IwAFJ=eU7pQVe#E^Vw^ao#dK)ZE3U)z1I
z%ezP)nW80VLfq^I$`wKPG}h<%)=`nnMQj;}Q6+s{I8Rx$AJ+ytcLh}Apx(Mf(%aRr
z>s}RNYn%Aj@4i_pPY4T1UWTYX$@cyL4@LM66#}F^rC}G<@4<F^1gw8dC>QUoTE_XT
z**6PGG*!1*%cEL#TxiNMSavCIRM~A$r1`bJVQBvmyST)Qs6u!eGSbcA{H}|79W|)6
zM5eABa#P-@qa-wk2}bZ17c2O7hj4y^y5nV<`!KSob+Ix@udaK#_oj6+vS=k;DPCoU
zxunpQu1mO)M%m{f@1*pjFVzdwGh%==yj?pU#Cs!(-S6E<2=@8GGQ9tc=4v8VWA;0B
zx`3ZD@ilX&qK>*)S(1?sT>Yh`Akb?Ip;=AV?K)x_V9QVG>2Q<;d~LeG{1E$vYW5jC
zn}aSE4u>$|^I4~42xY+#q3lIaA(W)VB>2xXLP&u0mp~rWXrh&N)f{v+1mh}n0WT6R
zHCbVW%`ZYgSfMo|S{TP*cAK&(6gC!;k;lx~cWx4<+?o)cMV!DQ3K-@)0O}nOrXQ<3
zaUhsoWFX*=xUcZ?GtAL4w=k0dvq%q+Jw1wSqrZGyj-gs!LoJ8ow|+%e@`L@tPhp2V
zev-y6D4`|g9U<3j*=Ev?ddmTc_a&8)-#HTr5#k>^&Q6XG=7NRpnnGO?)qxFhC#NUo
zOnxkwI;j`=#8)^qSGt5fPH{t@wyNb@DB%<;4i3ah6I_GyATe}|31VyoAN8TRM=-@p
zL5$OMr;qAL2n4t&ndL<t`xY=Tq<B>7K~detxcW;0u`7bO_7#zcnj}Wp$QBYcoQXr)
zRC~3n-}l&Y(Y7ol9PBc#(Lku!r*jTnaP!^11qJ>U$ZzZ7QqSE+g&&inGX4zI&&@F|
z6V)VXv(+TI@*+YXJ4kxZM3p4RMAn5LwBhf|92&>lKV<rc9#Y>sNs*pER$`f|Nl2KO
zWkk*&JU+doLwi({fZYi*8SpT@4AV)BzRER<ftqnqGwV5zetx*&d1|y4q;Bxe{W$xv
zI=U5w@B@$ejn~%X+5OsnfpV_kV?zwY9rg9O*c^It+Z@5q41v^__%V$Hp-FhglMV76
zV0)+IqKz)3FYeh$&%O`o=+Z^>m|sXEkXE9=&?2Ni(tQpSWm9<$AZf7{zSJh`n~p;G
zbu7x3>61e;!a`EAk*d&D3)<OYX=M67`xO-uImEbcW(dYyFdAh;ZwQhOmq!IiH>Z$I
zDBam9&MYQSUTb9t@>?g60|kIE0_+qz_BMhjANVcLP$HLZ%mAT3$T0R;2`DfcBqgjN
zBs=lf|IUq~MbC5v(F5zl0(LHy7-5cyBoIDBnn#6j2-GC`jWk=+Ng;Bn#|#}<CyP+c
zP69I&Y+<30KvJSP5kTAp$kj&&2%VF=e)IVanJe29oFw?D|B$8~QA^SWP#h$q4qpa0
zjIGAxc+$~qWN`vx5*B6`-lO=b%!Dtkl>2C9kq}68!IrYo;Q9zpV~-w<M&AIlSCgSj
z|L%t<@QlKph+55Z-k)qGVv_;+qQIm2$}dt&s!`?QX)hh|`Xyy>I*Zb(uDfN-WmW+d
zUnUwXxk}5>^E#$pdG!jz>MV!k58;>{m&Q4M$GIVOS~D|aiAx&wg{DU2lQR>^)u7a0
z!%$G9U_i3D%a-C(7cHe8WdwJ4Iya;z7_A|9O35t61mw~B&e4LbEG|*eZyXYZCirCm
zKhn`YL-(_7R1OaCeK$q9QBdy7E{ab*U#<-jR{M=TKsOVKvJ$y-mT7Eb(Hb2#3LLB@
zQ~XyFV?rrlEB4regI+($Lt%#ZAts(LW8^m<Ia8U2gGcyzUciXz1M58a8jO-8wL=n_
zBco?~3#1@~!jTdZi3oHLr7<AveH>Lm;awINdM5jGIb30oE80t5NPNi*xfwQx{&w<g
zXJO_i^@@q2f>Py%u-K~!O$pnoxX^|%@r!X0xYk0lzXG6!OBj*N)?r!*2ItE3_lvxt
zXNvLO`_rMO&qgxIer=((u1yKiB$CFh0|tdOV;~*TH_tHvfA$y3r-r2DBjNtD6I-GA
zorswSZinP7=ON+3aZoBaOZGd_s;p6?5><<4u-U9;&NOiMYEp{hCTsPw(KYr}C#dIb
zO6H8n$=S=Lu4P(kc)`xcN{5H2=gZ>SS<9`=ZTvB;C?Yvi9;&f&l=i_do+4Oc+oMG9
zukT`$Sz>EY`NE@tv7r0~6bb19g_)F)t5&uN^)E}>7_WaY3ijvz>w$G2%hclq2U%(^
z6U7<XSp~?dCIfrb#rCzq68j2g{?f_uy=OW!Bqibo-cJoTn`oGgPhbi;cYKf_$A<#7
zZ7I`1^lMA`EgB<|w?Bnts%0VAQ?$R4pREF~EZ5eyQJKbWhUpJ1i8`XNflo;YWlm|9
zl4DSatTxI?b1a*T5(ZkG@W3B%{C7|=J;Ia{_ngD8Jn(0Ku{XsH0__a_QVXG$jX=v5
zjai3U|9pXn47P?watnGS++6_5f8qh3j6~w$*B_@y&`u3z;A}tkX9j8nnqjWFm3DP4
zG%1Lr;7*=A*;_*kbfJX_#e~TQsv+zKvA-%o$`Tq2DpUi(3CW<IeFLPR6DF98L2MNA
zCh`eOYLdUrDwDqrCQ+D)Th`+p+JU_|S$lHF8HHbaIi=rtp6nvMeF;`aQ`JC!)xHW<
z7k-6G!GK{ml0o3N6D?UB3m|5|!&Xlr!5%;<coby%O|oJXY%oq00!acFaD!YYi%DCq
z)}oJE*v@b5J&3(MZD@fQv@qHjFaj?+j4<D4XG#f0nEF5lYP5ZcYM`EzUEDvAj5W~C
zvKr{Lk{rf)L2o;jfS$x7pPi(My?2#L9HFS>G?@Bb`y-C|ALr?)oSUWWV;Q>$lZY<k
z#HBr(lrY5T&M@A>AiHI<d6W#*9cu<3?0K}Du#I77CA%_{jxtjh^TEBT|6s@q$Wz_A
z>@aUxJXiun<f+E+zZV}PDOI)<5I$i6rnUb%mkLFY@nPYL-CYS3ztqmflAaBL)@l6y
z-4tRYa>W5*q(aukeC*!%FO#^0!?;+s)vE}^AK9V>g_k_^TmA9D8C=(#>S%HPpR`sT
z*5gw$ZiwX&62COR?HT{m!zYQDgl#6luo59Au}*#Yg9NVR7$Ew_f01uz53t4Tze%<t
z7T{mm4yma`N+Tj#u#hfUNH!50YXVK$0?5~}iHKC50#ROIA=hkP18a5>S+*&SprOi4
z-X0BXe4lK(fAR`nxeawjcWw2X$DedxUiISns)~&*JoAh179#J;1Iiv6@#)t50uBsj
z&4M~8XFYHq*#xF1v(Se>hQX{~g-}Q#V7$wHww-tyB##9I;Cwf<K>Ib+wnnnpSa#yn
z?P#V-f+uT4G2PtrI|pqm2)eF!?>*@Cd~`vp@JFtacPV?-k6cyn&x@v&=xgX9jg;Br
z6^$h{rH+gQcHSF1g_+?jTcL|a{kDy`TD&F~f+LGU>3)sS;G}Ob;pX#EyeRyqf;9fZ
z`mQ|LGiux$9A&vaVje}%U=R4fdU=6vXvZmJr!ngF0!HO{X&U&M7qDjxTcYxPR5Zwm
z003qC{2Ur?=ey|G)%R-+?3v?Sen<e26)opyY)H@35;cR;O1SL6#2r-=;YHgOEl=}(
z>+etNq8YEXSY+5(DvOIukmg1E?oQ4<6z%78Z4`)d_T5f<b%bYVm=`VDEz#JgnvA48
zKh;pvDN@^=6ywaKhqggi)p!Dk>B<XQ|BQR%n3V-6<dy!+ekN10t*P~QJ8h<!HEqn^
zm15#zB6~}rZ9cd-tIxJlV|%FzG^tzIRjvz2X_xZ7w*%>HA|y@``p-ux)Mb3J+4vyd
zVH7+iw8Pt22?fy^h`5r>05_7?R(J&2y->;?Vh?%lh+X~){Wp$y*Mpd<LciGjdRut2
z&aG7U*gB(Nsi{1Z)L2l4Yx>-Ykgdm3b9XBGcPm0LFA8<#{Y127QyQ-6xf76cm;5UV
z38o~Ty~cO;CtTB0C&1Y|qUZbkG~P-GhbKvmYP`S^?r%}q3dWBT^t!T#`s`?|izpLw
zJ%(++_=BI7frw7utl;w5*k5&&BA;nCmMTh3db+kiKRSWXc6SsTXY?ea^PxM(WH^i6
z$hkH|@x3FtLt|h8HT}?aG4?yp!5y*#iTxjfr|5R;+bSV3Yi|Ie2TCq+WUo;}ozB5U
zDFIi(T8m6n;|L3iZG7y_9Hx%$4RT#Yr>h4#&bNnq%Ci%Bgh%HcM0lK!HF<)+6e>9p
zwRgsg@-OIwbtl_NCo<(HobV`PNW?H5Jbz&qACgXbx}nZ}BG2i{|M3URm<Fi4{Vc6|
zZx+3~h5`YF?}o5C58>N6T(HU*hgXa;q!%HjSv2oHp6gG3mY<A40}kNPKKtQa2A&{4
z*DoIn-z8zMW2pUbBR1R@EPXaE#Qo4vxge5|z>#oRgFj5nD$1=xd5LLhiK*Q*MO=jj
z#H<RlnvzUe<<1fJ;RPW;^)g0F^A_?5m2`bKE}s`J`^Wry#x+*utxze;NVU@m#c-84
z@FwXOch=flWnC<g&SYq1sXkac2!V5@PtcU)T0bJV84jK1D+L!V(ycZP>!6b5T55&O
z!W-61)$q!f=0pyPZxoS)bhbX#HUrwWIz%!p<TeY}&2a~fwPLFh-#P3CR-WslIClYs
zdxcSzV`4>%LnR)4u^x~uV0YAPP*RkNDcNNg!XM@)YnweIKJeFdu3{UNZu{D+XB6R4
z5*YL1UySQ&sT}{P@HT^^a*S;*n&LU&kVtOvNNr6#%>x&Ql1V^FePTJk7{_^lbbR-6
z2!`Mk>~*82%W0H8BAZ@*LD}E%-w}zv0XukAesX^3@!j5&dIY4SA%8kIi=5olT1#b3
zWU?)3KrOTx(6rqkka|>INj<QKxaAFHjEM!-Tv<m}vaWlWW9N=BS?<xBk_}qrPc!wo
z_ajW*Ks)i+XKxGCl1OWCp&Lt^BA$kzs?`VI2Q6-RSkzv=F!j+Jf**Pr+mkWBw|zb2
zcPNEr<Tf|9AsUjj9t=g#3rToVla@D)lD>P>Z~3s`0{4Sqj`DgLN7JlqT$DmexSvpF
zzKHVj43@&mAz<K?Q6!?2d_TwDqn!~24Df%380khIbbW@v%7=gX1v^`1tOw=INvyib
zEa&spqICAD%houwU4gTQ#8063AH6d*a*SMlb-3@s&^Or;Hv+l8q+;UOKZ+x}W{R%V
zJ!STa_WzF3jRH4mHHD>cDP><-605W3gLAO*^5vRpv)Pz!xeUh~SRkJ2;7_X80+vRn
z4t<B<fi=pndnv?a5QSJ7v!dymR--<FT+76o=1Qg1`<g8o!Wx2WFeX=Kv!sqvXC^k`
zMqcG~idR-hIsE#2A7Vd&abgYl;TM?3I`2|D=J)gB@P)b<id1B*Uww^s((Bv14GcH|
z)k*~}T46X=0Jh;7RguWYaB<5RCYRUR+_0JE$vTHSkjWRcb_gG(a)!0m{F95vCs(X*
z36F|hY4eKcm=kT7>^kSM?^~sTy}>X-UlS^fwu=4E5`u8iW3i0=pI(W+VlqHebMT5p
zUq~D%piW71i=hwQu%zsoT+bsOHLhESx0KHZ0}_(51?2l>zK=2=fhaQmJDND^A%y&k
zB7Nl#N4czB4D=kGGc9PF!=&&FcZjm1d>CC6N8iGse;7R%NAJRh&^<Bqp-75Y3uBvP
z&Pa+1!pe|K_ydnKRzYtxu!Pl7e@s?BcJF|VARaFIft9`J<&#BU{VbZ$cenC*fxy9G
zl)NGALs6T*ReHaF`!J}bj`(D(k9%B>V)um_k3^FAF3@7=)D6V~Hp~vO`)-+8LTU=`
zjqtj$<I{FzC!RirW8?C<Ll!XK-@oIi)&#k-xkZ!M5Rr)o1w*Th`m@<Zl9)s*)))3-
z6P{w^c6!y8*!woL524{37rOn|g6{i|C}0PVnot(M*g0zOz2PAKJkR6LXC>oBmq0jM
zQ|4hY{a=Gp#JUI_-w#GEF(uSL&#+klBX|iP)3A%{T)zBj8zkr@@P&b+`Xxic)ZLO_
zSKYJkc#=n(0%xo1s9qn<KR%0jw_j2v8|2pL(WR4BF+N*;f`gvof|xYro~TmBnXF)5
zQ7~6M_7~CiwIs15nT!GUP_WQ@FIDQQZ+bgie9*NnaMPPEmojLw52|b*`F^7o#I0B3
zk5_%&1~^a1(=q0`@)k1&v<DY3>s*v9f7?C7ZD3b?qVcB=-C5G;n>If9T2ZK{vJ>wL
zcX+^&G=#c^PZ=5oY{XiBMA9y%uE>&R%=pz8BZjV`r3AiMEAeSwb=%+)j&PjY<~m?Z
zsbIP|<QUyUC|`w~UO*c8dM*$QY`tYk6<x{Z7b19|f8E45D7jDix{kAlU_LZj^JW5Z
ztKq_Fiio288A%Bl8K85xJ-|hbdK{_e=LGm~NNc}JN<8&7M-zTzU%GUVBO}6>#0z-l
zQKE#)Dm>Ir$s5&b<oepnbTv#}`>CA+K<ViFZxyoW2<4O`FPbEf-(~dwc6JZ-a5Ch#
z=~NfyS(y@CEQ(vxM$izHD(Uy?|B9taf|e;Enk=@__>b}%#E1G@7<<T-`;>zZnpA_<
z9Mu=^i?<3<#uWW*lhzzpNE|J+_~9~G^3?#cp}6*lj;I9_H1Lfi%+UfhW4jI;=P`|i
zN!TG?zHVXrBTOfU6mf5<5U<9DYH@`8OnW}zq`SN2Oq=MT_sk&f?YpA=FQ-u+Z{_xp
z)fyKx!z*%bymv)0eTzL#JSqR_wbsP>=QQgtHynzOPqrp1{neEnvROa5I3%x={~NYB
z%?}i)brhw#*FfM9&{dlmxbfrOnm?Q8mjcr-4|HzTEI)!jLNBx%joGl<a>Oc<J9rW7
ziNq;RrOV=dy3H+$88E`uizW9egg+Td2ZHI1bwu08#K_PQ`lG~1&Dhe%=JRJ&y5V~&
zjdiwNlCF$ZKO2gE*8G;klOV{IL~I|iMuARPV#lG*ua31D8R0l-xR*eIP9a0V{nSp|
z`%m~XBK4KBZFIETmc?+>g!@Tah6E%Nm*BsSA$*PTIgDdypOH05!Ky6t^-3AwTQoMh
zt$SDcvVcYDZ^Oy`R4oV8$)=(BSSj5a)h}L0Oz`hjVSnmAH{(9rx=y7hwk$J!=FB|J
zdXI3nx|+3;{`9y0Ss;6^QTg|xtM$y<P)oR53e{>+7;|0T?HHSIm?aEa-JwXOB}l%g
zG*l}ismUYP)-$r)&mBk3FHNk4KMEz*@<|2u+g^|HVz~54$!HRDbZbTKUl-xOE`c`#
z3s@KQIGJy{j`!~VQw))gS!WEE%Emmo&n|~&0%Okt@0q$7d*M%F(L*Wo0D@v|aWX?5
z!(Err)y;XpX)&ug5j71(grf%jUfEj|+xzI(K5^F6de5R#-Fy_C?+N}I$fK)ztO&a1
z5>s2LLL;dp-0Rj9x#KdBZh|wvm>_>;QFgjN*938zNlw*4*^iE`=5)tpX0b*vStnl+
zOtUeX+y2nov1zmnuLpYX_w*naYi84NW|(=_`3wo~eB)+wPhPzy%A91E{ozH1v^Iym
zJW7aGxLJ?DYp$vI?D-u$ME4n>30?MD52#wDxz|fA;{TjpG}o2JUM<>^xh=Kfmnxge
znIY+{-0I+*PGqSU<G}u+*5>TMVfbNF&g*WD{%<0=AS_)3A+x`rHNWMPZjc&JAA4k!
zeuhX3OQ_^tb`^tf@D3j86Q>WQq{ue9lP{y>{Hb@J`nL4k$`Kl&AEO(08~Nm8D=5wx
zXjwG@%*>*d?1$?B(prW?O57~*2_JX{vVrG23rcS{5erJ0bmNLv-Ipo|Pjq(6=IIUp
zr3C|x^%;oT#?bapDxZ=2Uh`+dZ!Knw$aGr0q(Hles9KZtq-;inhAVvky=sx|4Z`>#
zb)O)TK+1xVE=QkgEv0`wbIy!2Kl%`VmTryw1DVVd!ZMee`9Gh&%qKPX`w7akY({{y
zKR?(!cm8)%4po+`X!BO21HnIP<AWh01Z#g{F8k>jJ--Gckwq>&wkizp$l;Lxn_$Zg
zG>O6e*U1a)_@sHyItPe>mOYuyf%nxrS)2ke?xjm8ZEa`!Ase+yv6G8Pmo!&4ukped
z9gvT1y4_5HrUtw=SuGQkK>ha+?f|U6LjI1jrQMSNlm(apdb?1c{EsIAOjsy9^sxyC
z*Pn%-KXYrgF_ODzND$8srP6iNk?UwvQI2N_ph<mDQA($uD6dIVNKbA#)ycfXF&&6A
zYuag2NWW|`$|N6cjj|NEe?whj??*EfG1DNm+4kIOb><2^oC1De8a~hrC^=crJpXJN
zdjO~4`H|ba&xX$}5&=^DF_wK=4?v@xzyHuHp;Ii&P#~o&w9_~a>SR4jY?v{UPUs92
z%$nCB>L?XhYELu<ZAxnXTxlFRnW~OJ=%$M=0O-m58SE%V$}A=PGkI%#fi<Y(UrVNq
zh0eifCLWkX*83jaz<Bulr`m<wnHhXyR8Cd}gc(LVmM8>*)Ki$eBWT3y1|Hq04o}w9
zal30k4t9Y0=1jE6iF~1#I*oUt7s>mz6trxHxU=)F#2LF%lWJ!i@Rbs3@3q9eoQ@cF
zr%c_$8cScRX?*8_N=}Q3X?16giTxsZpSEORXU^1Z9cSA%;@O)~k<mryo6p~r(v@}3
zBH)Vo<O5ohy&OGHWi99>&H6p46Nq7yW;DZt>HM}RpSQpfhLU0;YN>)|_%nV*<{<8D
zGybPWcENpvZ&FiF2X4dEpbqe5TyWKgJNL>-xMx%|eY>`~U#0vcZ*h4LpT2c*0@A5@
zi*1_kVAqIrYVB9R3H4$6oW9fkkdyGC6NN=MOVY0V4Bwy*=gW9iyE=*vZG~=(t`JqH
zFj~Xi7vVQdnHlJC_p83QjzJwyc!@oCH59vQgFrpyp@d+AUZbaNA}WBE1(0M~N^&Nb
z7SO3C75H6C^s<5!B92j9HfZ{OtH%FHQAeGsh=(zSmQ$@mbGiB?IYUzpNK(Ud*P(;i
z6xe|cgqu==>0~Dky~O1kN7K{KFa=Z-_+8dD?)TvLS&uAz5L=|<HarR<X>}P@Q9}cz
zD%H`os+#iHeAo^DTK#X~xhn@qtCu%#Fwodyy<JV~Pq-$qt80stv<;QDZsH2Bv!i{K
zS|j8yITUmVM1+k1G3#=EwhO~cGW;Y*52s*7&6ze5Zz;g{{C<AIA;F`>ns(_|w-{HQ
z0LV%xBy&yx07hkgzSy_|fe_5KHTH<8?z&_JBYMQ|N`Yy@Gin=+p|Aql(vK$e-p6T^
zdQOs_VY^j<L4_$lmeAU&8@;%l=?$N?jt_bpLAFxn{DrJJ-BUV)y83lf)61wQRrM!l
zozXMSSqrTu1cp;QOE`HhA&;jn81CmLSqDq#M$6i+9D0y|u6if<t=Tj7KaiC`xCK2v
zxNPQ*%agrMv4I>YpE)lZs>&kOu>xBoj$*J$i(MCyKwlt%@Z{D6Q=5h4POb0&2b^dU
z4a`M%VNoD5yn}{s+dmPu$cx$W9LnNdwUB?O%s-FIf}%498tj<Yc`LhP{0+4pvMRSc
zw$Sa>t3TnevP#RIk<`=E#?a65rhH7cPIkE_Hy%y9elR!cD?(%86bK<w{d@NM{nKif
zqVG{wtzgNXv|^L|`w203qrDBOiH#C(F(-zej#3Klzul@}5pp+OPV_b#vt1P>29;~d
zXuS>BoXxbhG$zmb#Vq;^Kn92O?rU3`gC(oJm5egaX}F!}P|G`KqO-ppiBEknN-WR1
zKWb*a)?kF1B6D=phSlWvzAv*h&P^Yr8b05K2^mUP_QD(|@o9M9PQUjtYPZZ+Pa7)h
zTr&hRSMiFN7T?$aJ({$5bq#5AU)5HR-LwI+P1iQmoZ^FoV81PF^<Rc_9!qL{L{gW&
zz*K4&#DSKwI)h$Y(ChljIL+8N&AZ-Vgrh7WMQ24_l!9f(;`q`!0)4Y2Bc&bLS5=;J
z>a4|A*TWdcw>}<`CiK8&ZCAB*xso>Ble4z088_b3ib9vA>t#)<Ayv<og(nYQaBj@h
zZvs#rZ^6_WF9N&UC9!W295qunT%|)~`MCqP1eQC>)Wy!qye3XH15Cg1wZDMy5aF;~
zUp)cKy-$6@j9+o&k1AadC9mk&D5LT8gf3{b-Q=vbH6pfEdWeu?M+Ino=E<cqlwH>j
zFm=Owa6IxbmItFU4rCWPtDKeckPdUznMIo_J6b>v%p+*O;SNfAT3v7a2eQSib`%7I
z)X0Ziy+J?AX6=N7Hq{EAFDPy|Wg%*=o<<)|!*@GO?=_l^mI5PriAY+Xf`NaN7=3uu
zGMV4Tg1@~F03saku&FmKvxP0vja(`DgPEvA(adGPfQK=*B5X2;uL7iL2w!mzw8o-4
z8bcL4k$LN^33>Z~2P5ZH%jj+e=Y+x=gym$$_b6iLanUyGA{wosI34!cZ5I?n56x8S
zSBi5UH=Up&Z%rl<z!0EUAYUh^*5FmI?@#C1f#bn}qd%j6j1xUJuv4ca<#JE2JVpEg
z?b}6?9{;LzOSwz73XlBr=_}dT9ph<cdkm9#&U99hFKF|nV9NUiLEyqT3oB_V;+^Ls
z+{u?MJtgrCH2UJ33?Z^Fg;VP<fRuaIisc1jM@ik&jR+?sTzYt$GpN45&}SpnV{!U#
z1W%M>uHgil-T^g-0gG`r@CZ2Y1!Vt%K$P&<mD@>VfX|iw`8x6|kJmvUQ+UnGFf<v|
zK;(R#!C{GBba+51{Ob72*!au49{+ErI~=mk*CS%^mQZ<$=r`0aMDcolKEE&TNg7+#
zcyeA&eee%>rg$#!NjLaS7I8dMV~=VUp8gpMKlS5Vp5H7Y7UhY^=U-dznG|%orp9_|
zh^@hiBQ!>jNW840_AQdZpxH)BtnX3fjw|9=J`ezH1Zc?U|63#2=b8v;$!u$lLBEYj
z=aSPeq8dbox=<|3$8((T`gUu5+={n51GR4Gy*qHnJ9F=J<mmmj4OYRh_OCJGhfxcE
zfEXC+<cd|{d;3L2OU!*Qkf6_$hcEWQS|w`Kd6;<w`p)IxVT7Qc<()Tg&B8ZWj(_*!
z)5+$^bP<P{U!qZ!Vwjba>5P<hlw{Iyj@ty}SPmd|qXNSfGSps~C|;RZ7ki+S;k0Mk
z@1@>b!E6@wq`Ihkg;xSG=>KSX`=yxF5GcgjtZEH@sR%33c(*Egw$5&kbH`P+?iHpa
zDFZN-EA^VBfDIB!dU8_0uZld))LHAVu2WGirnOTmY{JKE<x?S+pl3^;(L}Mo2}6cf
z%_k@+3oKlWbC|3`ZdLmL;R%47Nsg0APB)pr&$ef|*k~WGz{@K@IoWn5u?sH=fu=_w
zlk72Hl?&m+ax2qZ(iqRSG-XGI-Qp^B)(na6NoJNDcFGjgPQe@w<%||an!qwS&Zn{*
zauptG=$^3z&_Dvqrv)xij~k3%Kk>*u;r|d_@t1-Nn3)H?7Mp%DfQZ-Yr+4eTub+J7
z(Y<oML+!kijz8$5>mz(>#VT*-l%_azcqrO2lK#}vJ%smZ>S)1ei9-4lSKYC|XTe*e
z#z~qAA#JqdGB!!MgMoQaYcT+-66*y%K&ec%!lIFGZZ<(%mrr(tOV+`!^>Gk>eQ3%q
zisz6)l<l2@^m&Cm%zXw&cn9Z+L2Zx~^u>I?U4woaB|V1(vJ(gpc>PN99{F6<6w8D3
z$F2shQst*hEljEFFis!GlGoc;Fs`+07LaS|KLOQ{%rEV6S26e8IhRh|z!4MnZ&Hgl
z6WG8@+ZfF&jqR*vrR$wsBW5vaQh79uHs#SssE{-1&Pci|CF4S4jWj{LKN_n=Yl1Rn
zE>StjiXh910Qrg63N=H4Go`8&?W7bBwwNi=aJe;^DoPSs>C>t<MX9P$8|Dr?&s^aS
zm8ksS756yEoLf`3ltt0f#*FwkuC<;;*6@R}F`8Q(+f~j=*EzaI%0kwl66Xk^xI>G#
zY>$;xgxw-0FJHc9iSG!IeWPUkbOWk8DqJc$0z^%t|MyZuIh0?ysvEYHv=V~V!o#A|
zNE_|A<yQu@sxv8dj4GQDVa`AQiq||X$3g%yP*nm>cJfaQaU1mW@?Pqfny?TYu?m(H
zu@J}@Br3}pP}C4A^P+O^CSZlz)K6tx*L2%vc-UE<$*u2n$Y(@L8_z_A(;}3t_aMPR
zc9&h2c>a>+Zj0tFHVXR9z4@x|EMX*>**NRl-#Oc}`vX0Uh%eVva5Caq^^%>4cQ~JX
zrT3}>0=|fJezf5CcZ_MvsE(y*mUSmB9_&1uwlsTHR4^bfSD<d4!0H{h#BH6>m+=sb
zsx`mkB2Y1p?XFTL`|JET5CG^yH(6$Wo6HcfW!m8p7_%lZNoVOWX=rXcV{>EuGlCuQ
zY-ilTg4D?pL(c+56xqmzP5)843`n(LD>-Vq+X;GsCX8w1z&E$VX4|s1d|+cA2%_{T
zXYJ^^Xja)yTEqnJs*{cDxe(j5>2^LpUf()Y<tcY)jb-d=!L}SS-mCfZ>4HNGw@x_b
zRY}_=lTY~dj*-SY785!av&rr6(5mC*l25X>PP}M47R`&w?TWO@E<DQNt8dhf(hb$r
z1D*H9CMf}18G@zIh5<{nd>g#?_UM@oQ4hL{W;ft1f`}%TZx3A(D-Lmg@It-aX>dKL
z;A&*2@b|;)5iRu7&AEv>ey+HM?cmIPo#|qs&CsFn@k)~~{%51M)gja317Y9S_{Li&
zF@^VNeRy2e>#tuig`Y9`v)VFNJH}OoBg%a&T-=peo^f+W*!kI>@or}R5>=y`>F<f;
zd#A=1vH(!i$m==qsjXO%Bjo6<^8M+|r-nZ!ag19E?uB^6*LbEA+ecv2KtwE(ejmem
zpq}u6WVHo1!=hKx3kwQEe+Z4C=T@ce{=o7Ku15c&N68iO9)v%4U*EX#8+}O*qp_1c
zqT9SfuEa^#&vwM=*I&Ka=O25neeQk2yW5Q1a$9%Q4}}CXHpzU-<XkCBg2XWa&)4R)
z&=3v#JF83b!5ON^)ZmbG19TUsKZn1>$GSJ$TdpPxhk%FWbK__Af-_(tQB`}L+{Asr
zs!omwjRc{Y>$k3D1!z23TC2>UkLE-7Z+<3wD1z%KW@h0I(_k4?yuJw;)FGc0Y_o|_
zKBQ|%WJV^|(|)Jk<;iOz<768^J$d2^u9+lN?T?9g1talPVD7*aleBP{u3<6=t-YTP
z095Luvy{NaXbfJ&05NDU7*Zr!C@q92t%KYp&E!c<=h|Pb#zLp|sB<vPAa%K9)jacz
zg3u%l#e~C1IT2v(FHQ99c$UxLz&CiH4N{vLGv2xFPYtSut&Lvw=PS-ZHFqHzv)iAx
zY}nVot?%CoHBHr@Q{AEG{*{N(&RKP{c@L{mdu26hB6yyLIX4fq9kbyLd6U7WdVex(
zB3SmP$VB<5$g~|E)JG`xBUx#hYRZS8cVut^nu6-jxqK5GBwn4pnh3J|fDMmH2IHBw
zp-11Lnh|>4&DT+V{F?}7r_I;n=sP*Pj!wxw01CjnyeD|ko2pkmKPS$c?+|p_rytu@
z+92EJ{be_KdsM=$c>Q(NHd&87j$Rzbqyu)R4Ysd;g9Ao(q2hr1iE^X6B?$^pGwI(O
zgC~-dpWD|#|C&ud8LDTM-3ouJRBZ;(f<`y|JIMoD_(!hgE~K0*wL^Oadx|x;R?nYl
z#(9Iarw;gr9qwuu9vT*kHR5R)QfbZat5T-V5|rHbbh_q(PQ8-d&9+lth*){o1%mb%
zPAB{b%_h$D8?owp8c<n{<V(1liKg~iJ1H09ryb=>(xx4)H3ir4tVWMo7#CQw9zwN>
zZh95QUHCDq(xyU1=%4UoKw8(_gh-7tx5l~2VSaoIEVIfY^yt1)sWRBCtdTd|OMpF}
zXc29wHLZGQYWcSt?tdD6^S-tvann~v>!90p@*D0dB=&3WqBpUXJG@b!Xls!upXmGx
z6u1o%$n&#~-S;m*J=@$&6`Zt;?{X3^SrZvDDcRT1FDE%+BiL5j>^TBPEz%ag>J@)T
zzr0-~QVP10w6L>1tcbc<s2;8|zcUy<>IU9F^YIdH0XN!c888H(ZHT7ojn|1lN&YA{
zNQbMlPx8WV0)Qrto3p>kqL2T_(p3huwKVP90&Rkn;2PYW;toNA7k5f2?oixm8lWu@
z+`YKF+a<KPON+a^7m9u9{oX&>bLM3Ctj^4yoo9wF;@yGh*sCLMB-+`VCtoj)`v{%`
zZkW@hxR}v0Jt~TJwOY1KUrQIT?~!Sic(g8WND5B;1afrPp3_`6gY<WyFCcuq93PUa
zmG9jxv%okf1d^?90HY~3(9;Ir*V!8=FV$QnnR1E-s~6Okja_BGfypQFsYh>urN^ma
zQjbnPDyyTULfr$7kM!>EkYUGQC0u}%xW=2%T3rXOlDu_gxX5GjZv0qmmRnHf&3uR;
z`>-IdW^Z<JID9qygG$XUSs(Ru&G!sLT;LQHenwH&R>Ig>l+9s)BUri&Kk4@s2C5Pz
z;qdx!%WZdTKRJMp91X4YraR@uXP(X2cC{b&9}EfoE<`4u`=;+VLE*;H0G88OLM*e@
zk)4~X3zBmYK^?SJPNfck9=ZjtnEa8ul$bkS)YvU0@-01NmJsRf{(1i8lp-3qMWq5a
zmSW-$;=ntubi8GM2ltj_azq(bbzY^!+!_Rih}@(qC$WWHZd4D}Yy2_10IoeSqr(@|
zZ2F3AI&aC6x$1kojE7^G;oR9VsbjGPCfxlI|5&)1FAyM;m_KlmR}H)Gg*NQY6Ce|r
z(RY52eHh+Jxl!FJ4chLTx;C%m!wP(*ZFH+z5J+TtOu9YzJFi`6CqTLXDq*$!Qan5W
zAz!CEDK&9pUA!UdZ1TXmc2oop8LLH2)1)!$r{?^7_b`#pyNSN8*12K8G)DcSd1Hg)
zw-s#&_u2~kn0x=utav)JzI(6=J<?G>_;O(9CaU&3W8#>bSIW_pe87FbHsoAe#Q$Z9
zV2vjyOQyfFFuQnq(nIaN7K6hEv9Eje4~gH#f$8_bx0FiHD3}$jpv6bt*W7okYrJ>R
zuh6B6M_oS!pAE8Z-vdMSTS_4oTY}I~wcLgzuGm{je{p(`Kn3fpo|!Sg&=092613=S
zykjZ)7~6Pv$-XaRsO9Nm#kW_tpJqq?k~4|7$V8A<Fx^tJ&-klg?3HS_Y=o6$AJZIM
zVGcD7BFC7p2bp3(eCHxeRs=~X=cz}r`$kKC){=cMR8V;$9g$?YikBBkf@_+Mhc-1k
z@XtG_{mcEiNG*gf+hX_Pi935kUPZER*wF<Q#8c%lI{+~-_S6-CAWj@5n&TeWG3b!U
z5s0U#k4`#&QDIojm~G*HFj`jNxid4^dSUOhWcI`Gx4u*PU0EXvXVI?F(q#m)mn~tT
zCyQCskoY~eb2IdMSz`u>;uV4c>NkfXW>Wv%IQy#4o}!LzJ=L<a#F_7}GGdG!2My}L
zXU{kO<hC@_GkRUZ5mmXL<SLFP@x>}-`jmEAJRH7&Lmy4whjaeY66>`S{o^3&=$kx$
zrp^UU{IFLY%GqFH#0B2?AytqxA3IdIVaElYaKYqFN&Yx7lQeIh{FDOaU~xGW$zg=g
z&vV5eD5Iq#S_MrN+PbpK1WW<fxSqpCOnFO$>4-0a;Agbe;%2O;WsWr;QiYNNut$WF
z7VEc555V?^n^SLV<EeiVj&p^l$dP4!musOs4;9MZNCXW9J=lK^6-cEe{%L|+Q@yQ#
zx{(SsFt~6>U39?>&P5c$2LlkgDUv6EKjIND>f;L|+-kFz0}#iFs@d_h0-^oB>4+Xd
z)5#r6MG{SsAC(sQrpcEgR-z;u<C@dC^i4T5C=`nNs;eMF)AhSla6DKvOvD2PLYa#{
zEMA?~94zTc;vPUesDl?WL@`5|=QMX47{nYC;|`1WCeI30!jC>Nh*7nAED}5gWLZLw
z{s9Z1dCVFy&(+XN_Z9vFo-mC&Oc^%WPql<HJ@K&&APiAj!^eY{L69NFh5<kPb>VuG
zxZ#bTGR~%g<mI9}oM(S1_HS%j#{P&6vujb0FXkd@*%|1E+B_574qUUsug?Pzhh+pc
z-_8zl8?D*%Rm|Ev16WO7|KuYcj`E>3;GAx>2sIgtTNDlQIN0{<{qV8B+{JK=s@e0N
zQ(WW{|Bc4GsB$&4H53OM4o1v!8*eK%i$D?W!cb)=f($zfOZ?O35{7R;0#_ruaE5ma
zH1ydUO;q5jc*MBI#zkh%+R<CIQQ}{2bVkV~6kUMVwfqRSygW5B(?VxQ8@*0#J*a`<
z-)m}14OEObaNW?}>)-ER)}5PRfWhp$sB36ltqKviN^inS;fK2QR(q)^UFrU5yD@0I
zlb;>;=lDcX*sHM$?thNTXe^js%uJt+y=)yWo}Eje{GE%ymE4@0`cZy=ZvhsN`ni?4
zTWP)3Gv<*&lBgiJYptgcSV7-b$8{p-EyS+>d+N-M+H_m#zPDU8y)bWx5OsZM-pX%V
zfRJSOOl3YZuKTdc24<Eoh-E$#tGhkM5tW?H84~{@p*HZv*fVmabjWzQV|b9>*wYbJ
zzT!UE5}tp&;8DL&h<XsHIsjSlM0fnPg=`d*TRvYVe;*-2dqF=RbT;BW>n>1a<-^=1
zBt?gUG_Xmni{0u5eV-_Gy10M+pmumiKB?>3bf1*KtXvR-CzZPA@;=Dd@K1WPGPz&H
zTHbN^PBIkbnTyg>O1w*aKPdI8`0n4j{nOC8pfd}fpuPo%O>DC+)4us5(bd89BZ>Xa
zDRSTGz*^MbtoDoVY!Zh2rURikSMj&ScW$>)dB;`GzhY}lq3^B`<UwXV(4{y0;Z1*D
zfpxw5ePUS}L})BSKjU#T9gg!_hrhDfTQ%XP8nyHIkc4v69JjxDbASAPpf>)c*Y0eS
zY_g60aN@TX9VLOZm=*E;$0o3-^OqL@)vEk8&DXN78MKO*A6JECd4@2%Ut@H?4hA50
zybrBU&X1>K{fk20rHTKBNV_r{LSk$~-zC99C{ZS=Vz&JTL!b;n+TvPmXiKK(^LR1a
z-Nq!^ejeJCHtoL1Onlg_bC`5LCLS7WLCo{MRy&*zWdmy6O!l0sL_KTZ<ZZp4SM4kp
z7_W^KCgL3S4iTJJhYw3@^JwoH3d!-a!a+lY-?_z91mFkI^y^DQc;+!>3b0W?i$RUf
z=LqtHeD6%}y&El3cimd)anDRRO*dw@Ek?H{HGr<o*0wc^)~74vS$CwVDAVyIo<UPY
znEwGO3>S+OB)(X%vCIYR9>2%_7(+z&0-gHs=h?9{cr-}<11!fZ2=$6(ISY(M#$Q9~
zuNEuvo=}z32nu@_6P%ZZp$Z^A{uzsMqefHvHEidA3>Jzl(~gUdMFx}91I%Yy0Gji$
zIXPB^|6K;pS8RmvZ2w_tB7t@NQ~|74fG#yb*!>QnG%XQfLlmU23MTa5UI#Z$O^APo
zxyb#T-vPW*K>Ugmnqu-0jY=BXzXSZN8%7Ae(DD%W-UM`)Vf@#5&g`piJ3n@1s!h0Y
zh0?N^#?Z1Ht=P7~X~g9FrU=nsa5nNVXG=g9ANo=tjn62^qZR@R$U;E_USGC{<o#6G
zGrgn&|F{MK-i~aAuC_(t!;bX;qO1VH+hJJwHMx<?dq4&T4#56oLeo7O@o)btR0JSP
zz#@ti_j}i%6AIB#!JwmMm%|2R9Zj6sM!&Ktqoggae6H#Fl(NpY8x$CSXc^ieI(T9Q
zSl0iz8~CK~3_}f&b~H0#S@ldtPXGrog57<G!HDiA32HaffQ)~~d{$Y~gjIEG1LD{f
z?p?-NF0;tt*(SI9xZ2GGl*u51F=4{^+lXM7UgXY>)&NOfT7ypgK4gdJ^NF{zPb1he
zP6W@#B*CMB_^_|f{x_;>zxQleHiNh_2+*ybqpYq=)PqoQ726HHKAcN}<F9$qx6nvo
z=P2AlJjijr$f8FQ?Rk5F`6Y4KJ8W5vUoT<2*fN~iTLvRAtH(O&-8s6Bw)!`H80N!?
zjvsSYh(}4CLUWQ}t6{k4U%&$OD}x}06p--mgZ||rdY+EFutQGlZXE)c`kiO}5;yJV
zpJdNb9X2e>cYR>cW){w;kEo;3u|Z81QIVFMHq@EIK--<?;@lWWZWmhy9-POD56eLl
zeU3{C@(5P>)EPyqXz>?s6w?dRIX6Ub7jNCbsL|~(z|3=PUtfCYfO<{(IMXL>j72Q!
ziD1f@urHDySqkFAj2B2@bxi0^xVyGYesMEOJuyz$-M$2{hnF6QqBOL^xilb@aeD~O
ziVU~~ci&ZVz>Szv3q*NNJrW5!R$D+p8$^pYdOl%y^I~-KJ}K-lpqt|E?|v9Z`P}8i
zA!y=5zr}L<`JNhZPO@J9L-H0tgdYAt+y55<-*)M|F9VJb<^2_ag?_dm;!r~b(<em7
z3ZyAsR+rrYW6LPgqQOjGdOC_0(^vb8;asCg6Ob3^vEd$Y$~cgTH!u2M*aavcP_ZvL
z+(TGu*p1l4l^5MaD-)Y@v$9>*>%$o>Sc>XBpt6}1#{L+E#7qTIO5|^xqRMS`ap-S~
zr?o|b<o-yH!~X;CY|^2?J1$<Q5QO{TQg*n<B2lkNPqsg8_0eYe4?O^k2>l^|=JQeh
zT68A1i~|8IrbiU^>HrXVkZ(S%9+p!9><;M>^#dn?E_LhvpRLh{dr}IQ_mHL2qpuVj
zo<>RKZeX@}A0}i@BX)g)QfPNetYzLjDL65pGa`0bf>8au<%Bck#fyGH3X`S=Z1bW&
z(*roO0-SGUd8%Ua=C~xWjy@xz;k^2sBW=Wyi$4q_{sZj{-b%;ZhlaU$@u5ek0{p-e
z6IY*S6M}L-q6jK#fKloRxBbuXcNu9I|Ml2+${EeW;#WJFl-wg>C5Al1+2avdEoDbZ
znU20X(2G3mZWaM7g<BybI$Bac9q7F#8f><d9J7cAU5NDgjkN10S|8!%=Q7zU`>T5@
zL7+vJ&1U2>r$nhm4bQfp{l|YZk+;4Tpz0uWldF$3l^tQhTBNWACiEi2zA&n|cMyLZ
z0u*IM4X`X+n0Ltw>_%^(|BImrdDqViMvLBaZ5+UZ;n_p^k-_d4#<ahe2_?sOQV=73
zq%d9-wYO^m4D6n<5apugqfsm`H6Nu4%ds>cRTEprlo>!~r2oW}`Pb?{IWT}kG)qj1
zEx3W_-JZ$d3>onR;qDZIT}IT(Xi|>r=#_2Da(}-K%keNrgH85%CJ0y3^AuEs{o8>p
zGlzVE4(#)cl;EOm-nIn5%m3miKA7}{Zir^6e1NZJ#H0A-zGW)%829?z`?N&#yy!K0
zat3xc<C8*7s2ZR&f4?}vUK(_R2>W(N3gg0-Da1uLC52t+0jya8*0-|b1=SnO*Oi{7
zh$Li61cwmI`SC`3xgKDY9dLXn9nwfnbz%YN6rd$dFSW2OMf^M4NM3ks0q{!&-Dj0<
zSeL@zMZ*40GrlH`Gz6xdXhz@%_`A=rcb}hZgY;(ueX<WXh3rII3wY7#3DN2ADXtPg
z!-`Y9oFgGLm91glAF#WP!f2LW!Wyu<&DqiOW(wwPpH%7^Lc!o`m6OJzy;-)%mTM!L
zl-lfzS|eKFa+=-EdWgnv6&y5N9&}?>fOFwqb6O!i&!Y-X=qn!d1vP+u=D6kt98S~Q
z0|KA`e$qS-aKr$!hcNRNKt>Z6wYX*mDnggCDPuBKC2}`rfnhl*;j}E<E4Jw<xEl~`
z$UH1oFe4yGZ3#H$LuZu)E!qGY4QK(QIzlY3A84A*X5G>|*fT2g-nE9%EY=beiud~(
zR)8EeLGZif!aE4sD_-<5Re*i|L2+Cqef2R3xizXNkfU@pi)r7z2T%s1f$}f#kV+|~
za>Kdx)y^m-t&b^ZU)5bz`CRCd-AgNGmCR|)a|T%rJ<dL>2MUQ~(6nU9##H=v=A^d(
zhsbwOJJIkMRsf9;drCHm0j)tHjlni<w{bUuD?HzOC2RUDif4P@*$~SbyuO2>2S{QC
zynbE|vJ5IQpEVE5QK){_eIGAsoiU9^dXpGd-Gklzk_lb7VB<^)C=)Dz_1_e`IZQxA
ztM9oI54dUnsYt_E`9tuh<DGX$Pi;KC`W~s*SK8eQYZ;d(g_D=*AP%Vli#b*_*rvBY
zf+!LcX#>Cyq#+#x4c9_W=RE(aDMe)62&uU?f+CN6OpD6!XUm2lKltCerxehT#`W27
z?v{7^CeWtXLr!lJ5dKBqjm8aoaG|6yGA49R^#fZEBZ!7%v=Nr5L)hnMGLv@Th&KnW
zK^YqyKAitQpmyEId{9f~s_dU`NBpuHOt`WdsP*Xq{CE-h>W&NzcH_-oE<Omde2os2
z{QH|%0n+I}qCkRVgV<h|!fYM>N0A6EWD0xlUg*0=&7imMLf_THax9(M(U-a=dA3Pq
zPs@NZd3>Vw*%NpvsBSB^!0vWoLN^}WHSkt|xXO(Dm7CZAN*hmG8&BaeloF&QfTfP=
zHNEP#Gv2v@QX9{9&m>ymGV5-`Cxs?Pbf>ZX&teXe+{J}!tskD^>3Y$|d2Ku+h1r+5
zU3D1=N(#y7!tU-y_h&g5t1b^2_t4Qc%IruzGjg4D;n}h`(hH>ksqkuu@g1A&5aY~8
zJ$cG(aB@e`2faS}3E;2PfVZ}HR69E$J=;4LTfU3C#hV)=**2Z9>jSzM^^C7Q;5NH}
z!^eg&n?7I1RubMEaAvNBZ5U;`_Pz)lrEK=jW{ixxy_OBXxT8c{)V!ixFMgsAt(0Hf
z(z0T9&z{Q7wy>R=cK^)(q_FfgWjsl&i2gdm_wGajr%vm3?mCKY*=C_@NuzJ9tB6eM
zjQ*TR`LUBVI<8HJD73#czLd>G594P=E-gz`*-)rYR7)Z+Eq&1INQ~y7TBa}9s^z)n
zD&z#)J)j`_b=eeL*_)Cti9A;>Jm$^$VOu?*z8rp$q^L2J+7#A%CE^RL6OYPHGXPF0
z;aR7@5mw(VH~#}<QjG_F;yK&#xD;cqM2I@D1j2w*;@@e82i!#wnelMe#5bnkFRqK?
z-x*YIe8IFkp29AhiYf1JQ+QC4+mU?zaUFhWnRg*do?(OhzG;E{ej{X0{2ssX$rl_b
zkH*K&*Y$}Ya&wZrK3B#!Iy1&Fm0;{3CHO7$-+wnATQZm__4|^(=xuyDx8JLs>An!X
zj?mLa+%ZRFR~fk}b-WR$XF2gNUmNuWH-&~3^gYzcgy)yW|2t?qPW)nSzTl2Q#QGU?
zDb`1MnMTjOpA3DsT)X}LGD1?Pl|C}iP%Kf!{<NZI)A5Nz*s)6`Lo1e3*(b*$GiNTq
z0OXxvOvS8HS&IsZhsitld3o?yXp5zw{-1A%brR1}8G_hBK4xv(1yDlM1gmdhZ)t>R
zP<wH@jeWb960}C86-BC55yj`;Lz&76YtxTefv<=D5>tjmUzq(Ii6)wr4q-DKo1P8O
z>J+}esYQe*M};4kEb|GxR_}BzRQROh88EjIFFCi|5uW^`z~~isn?Le{&)j(YGMXS;
z_PO1o2H4c={!cKaX)nkp22_SRptUsiRSue`c9Vxru(tw#-06EvH`C?b?0-e5>wBOM
zTcvp~z9NA79>Epeig-rJFXujFZqpM~?w^_@8V#AvXkM32&tH}zdi6auFde|Yx_u#K
zqGNVHjdT*HZ>j*bi6ReL&hoS>&DCuEf~WO~#$%QHKFGqnsy!AjwU<^kd#%4brrQfI
znqHV{&+Nrn3D~B?9L3a!Nbt0)_Jm#4!ufcQtb8@2N*17+b#F>nrk4m3gzoAyP?1sh
zeK@tD|HkM%#qi3iEeWsvTa(l7k`Y_6Z?j*_Y!vteDT^xA{buVa$a12;So)?A@%GzH
zqs|l0nRJwMp{=Jxzu;A5Wb(yp&w%WbAzrT3UT*alNmDrwRF-W)y`sJTe4hE1gS?%I
zB^%a-ukdSoNpV{$WxFcN2v_Xbet4&?v|eh*RO}l{wjYpye+R{)vwhHpuBA^x8q!5e
zm#4RQnS?y+I|i~u6OLPvQ)VznZNn92Z;t>E=>9<v6#7d{Yb8=lv~X!c#&d4tb=SeH
z9~49QI2g1Z`m;@@5yvJ_(LgIz4exo=C&!l8<!JRhD$w^y{NBPUecc@0!GgcGxxwDG
zIw9=Yy&Qx1^N+6vjUO|xT}hs1-1g1LR_zymX>N65yG9(NR)(2I8|u;1@-MgFDAEY^
zZt-vF7s7&|9Oa+?2(in)Xx_l}pbUH`E}?kwqIraj8@+k^e8=RID{T*cZu=fXr(zu?
z+4M!d(6^Sc4xPurH%VxpUM${4=c6p0Z}J|<t{h^VCPfB9x~O(<E<RdH=Z1@7iYLUh
zKWIP`!{an<sP}CjVpc4;N_tE4p9~&|Ef?HIcO<sC24laUlh+4-a*Q4wI6XV#0}EvD
zxiV!3C?Ns#b^+ws@=09eRk$^t;@oC$s2)|J_k2qMWfwi#9DN0akJPS50fiQAJU<Vn
zhtAQk9Fh|R+G+JBKnrghuP^w(sbiZzIkX3UbmsbU!fg%!13&Rj9sXb`jRdP`^Qsmv
zlfGy7lPPtMtH_gS)Oje<%6z9Q!D!qkmn*uziB(F?I>QRNDg+r*>jjD%_nGTuR_NFm
z>WXC_^k11krF%$pFWMRe<@CmLoUm$4t!D(X4t(xfbWE?|%6x|1-~9f#gX6OfT=mq(
zM84eiF;ADAAbYPt3t}W9IFIgNp;-m675$t&Jw6q@8_g!dgEL%~DUB5?6^TTE791PL
zv8niBef8r;hJb*n_vUG{H2;1IIp#+GDbO-~P{WxY1uYQhWxl{g)b3X*dwQ4c|1*Nt
zw*8S$Qld!iE-*1v&fHx8bHx>--CE$tCvSc`^OV{c=LR0_i+8ovF)>;0dS|JFFWBtI
zy~1a&tD}t5UP{$PwG1ja%11;Mn^3`b&i_qK$<ltjVjP5IRL9`Ik7(iGtRLKxi8q;q
z)YitlYp51Xe#s6G-Mq}Ws5;RX)PhGz&^Bs1(kG96a%^;yo9nNg_gUDMVN8EHnsAx%
zAx~elpiq_(XTBA*;M6!iv@L_1UjOe0_3wJM28xZo)mjE9!;_)4$%+B8x7*G62*+8o
z@0z<`-)!&S@KMfgJcM4|cc0v1x`_1T)%`FNrt8YPBg*FQ#TYH+@BNmScL6Ohtzn{S
zx4Kv@9I;@cviu80Vx}5)`Yqk$FI=&vTp&?h`+`#<c>1Z*s3Ez|ALNicug`YG?moUe
zdn_X>+vc|aV}VQ@ZlZNJGXDIw&@8d&Eq1m4_}DS;n~qt_-!z){+J!>ZV{6@P;eFy)
z>mgI01k`b#OZK0Ry<g&x#o(HVN_l=uReOHLg^ThhM{^cozJ?h3<j!Tc<`?p^<k=*o
zbm3ElGwyREoA#I=e(GWKvOt0@OksPoc&y)A=kIuZhePj#eO-0#>4}g1H)V)@QRvMY
zKj;A!;dIAFcK78lzR?ONsNp=#^IqEn*K1Gwk*xh^)v(X)&C@sk)A-yan)w`eaSjtL
zGX+l8)#f0z<HCUrnUFquZ}y&1H)!~6mqvSeNS=M+p$A#?%PN1%A_^bzn?-uDrLhee
z>gc}16U^wB7uZX^3%G-{sMEKMcuZkGOXYC;t?L|XXD=2Rk%ZNg@vqMj{9eVz&bXbU
zoZz(Bg->=Z1+rov{Hr;eJa*NcaVvpKy*F>P$u~+rW3)-5I@`Ff%Z3WKbA-MxJ2bO&
zQ|i(E+=quf8X|NkK33_GyQIfsUmktE<SRZq@IQ=N@aRT2PStgyvj0^Rzbyf#!qWM~
z@#w)vc5Zj5omuLq>&YkRtY@FTX243F@7&?gQ068hcjiB|xxbfHcEOM;ppvZ;4aiSg
zIbZoiP16G9DURYAHoFz^`70)!ydMr&?(}zRAYWZN$vKMSEpIOKd0UTmi1CSu5kQKm
zzKy3p<yQXM*?mceFPc%E_Zvui8Mmt?tWgj!aRC8nb6$2}N_4io;ADHf_JeNsO*kkk
zZr7ja&ocga7l1avITu%gVM5>SGB*|&6udAo1_!Atd9YFzYjy5!GBqz^K74~fv2f<y
zV}W+^;|I;ahQ;S7QkTJVzhI%<s!+*`YPqqk-6DDdNlw^fN;;3}H<dN%#B+IWSAwjX
z@x3=+f+F+uBa}aj*+HKM)n@4@3S4uPZ@*=G6O0<|8WZ|`P{A>B)<H(n?b7C=6SIvs
zv0QR8=KR8CoW{}Jt%xpG*%tXTunS*_$ic;A#E$u2%WT5&t^Fp_-~4l3N}?4?*`cdy
zyQTd&?x*_CTTDiA5@px3F5wqy{~*HfUxnj8KgOyc$aDH6&o_<n$QUm8x`683^nGMd
z(bq`8>!&z3-V5%Pq0#r3j76LJlIHMQ^VeM4_lz6w5hoPMc)Wl1w9i{Jc_3{(cqDyr
zyjrB3i3wQ2fQ)H<ox~jOjkL_k%E69fB`SvY?iQ#I1@cirzCy|QWy$z^e&tN?{;8ir
z=7drq1EP6$1#s7NQHc%i8gn#HKX-=f5Ix$JW9W@9JC2c;Dzd8RD6@+rqng3Qqm%HJ
z2J6abFki;0Li4wzCrzb_c_s3Cbv)qJ=<Eb;7(r0%|9avil;GHCcZksM88ldk&D<03
z@&*7&1$^vO&E;l)))9!F>jb}w5h)CFtq`z%l4CSsg=K+d`V;<_9fg%lGTs#<^pk|T
z5M_=(l!G5K0Z3!~z;MWl=JP+)c<>dD%eQ@uezZ_CqRdl!yvvt(@L<MP!dE&a@0+@z
z_=EDLYh!4P*Z)Fg+Q=*@#n_<~vG7+WLo1b=(g74WMwtfmry2JqVsSjZgqPH~*cvYV
z2)FLhnq2A(f~MH22!`^n3~t$7eq)T<*A&D0%9&F1z;HUH#hqZt(oXRDQ&;!>LA;h$
zp>k_?z#?#u@VJq@KBxw$xpU-nL?SPpVC%qosDq08Q%NXa43htVa~^`PvcB7A5t)DS
zZLU=wuT^fKfBn`Nb1(tZv%n&XRm%=SXx^^HR+cdMhYh2be4$`6j0GuLX<4bQC&rrS
z^&uYfy)3R7=pdmD1=Ey^_0FtS=Fc_Z_x;713?(3zBQP=PGbw7vR}&^tTlO6E;)QSX
zZkiS)U<f<P8y+Mmk$e~3y5NPwNS{YmGFNyGnv;C3&@Rl-2~U>_%AGxHGjbA!X4h9}
zce?f%6$M<Zowt2Y0=Q?MN8V_zcW=8BC6B9rx`vcf`D=3EK7wR#*up@r_nWdST&L=P
z-Uz@{OHNmi1hW_4cJpTqARgr&O<_g(T3p=j8GZfnu!{FU&i9NM3am1zTFJAx*Q8ZS
z1$Z@Z>;nFygz{L`lD15<Gg9XK$#nzdH-lT!^k8MLgL`dB%Y|cJ^0)ZWHJLT=Uls#i
z<Bu*ia5IY^8$+gFPoqn>-&?sqtJ*H3vY2Jmyt&eXmlZJBHL-O+n4GFb+ss(W%-;w@
zEHh}1BHZAfZm@b;6@u18rsigZk`bHiDL1{MSPeF9T_nwso^DY^(bxFvZAO{-t|1U2
zc`g6pCP9Awbm)iT-36=sd|2|4x4>8&gLuH8!aTXRlTe71NvB<NRK3~v+lMEYSHFsv
z=jYyjx=!o6IjG&GwK0T98~WqUu&5O4CHZ^%^HNjmCdHWONxaU|9O2gf+Ee9^Jw|lv
zrYW9l(atb@F$muY1lCPiM0U~*laah3rEn3laS}K8Y^NDs_CazX?Eb8ag!)G6A2>yy
ztrM+9xFpfH>mfj=cIIb^%G$SKT3+6(s8}^Yifm?VP+@Jvs)_cl|D0mM)TE)MvZ>&t
zz#xE?(9<PD+BSve;O#*@hjO9LQX7=42WzV#2?$R>_g^Am0&O#YZtY5zo=u|3EO@k=
z0}d?SQ)%|THoW;)4)P?o$B~)%PLkx1XlpJ|S9k~}hqU;DG>kllx1kcRMCNvrtkreV
z!n#Nln5lv$!^#B%NkRm#^U(8*V{NNrFiC9M&|}~)>(8{hu^TcpGUMFl;8SO}A@gnM
zw<6p(ZE-)gOK)rUT=<Y2#b{@8K1<28ruk|La%JEQ#WDJjfcHTyYs4%zMsH$SC4vo~
zScjpxx%{`+;#c?)k&>2EB7}X_HZL#g`q$=Bb0PqZ4KL#)yHPvJ!AZmDH4*!Q0K1VH
zE#6N(y7Eet@yeFR*^Fa+of+F`(B9CTu4ZqR15EHlpYE`fL8MJTvGZ4Qox``t;)8Dj
z2t7K=5=)n;kU{jPL0BCQ8$qc~QpSUlrkj*Yc!Q?Gq^IW1@gRJRO=UDo54M{xvjEyk
z{UGal{oV>WfXaYY25QyC%it`B2y2F-`ezx-y$n@(qKt<+wzcF^SY45Brn(fo?q$^w
z>IojX{zk?RvWPmNDv}MyX|f-4DHM!6)rVvY*D<X&D7$*5<r;u^HTqSEOaXQGoNQ^|
z^@V~lwbfw@Exn2WL|MR}d!$Ms#W+d|M{MA4d5wD7GC|#BO5~|p`Cp<0j~8P$qW9s%
zGmLgg*|ALh37&PP^%F;h?d$oX=5n5GB12^aNqQvtx6PvFHl9jp0ycysq7LKAPzr75
zK_w*|NI1E@P7b<*d-sj)*tIc?Ki(eHI}OSgG5U1sjw6$1Cjc}Q0CH7Y#4(i<f3ycq
zVpqwNYN;SFbuujn)zflNIocfXB+Gs%)h#Hbl{S5i-S&>)mvBy$PP6cuG--<8Zg+~Q
zZb!AxDVlCXyR>gy{*#{Ie6zdC<>a0bJig(ugHR_OWRUJ}Kq8Y?*Z>r8V4w65W>=!u
z{>tA*A4T3I-xX+@ern~UltyJ!0DN7bSjRl+bKl6bqveDQo%eD_9)OVhfXVs_Sz8@w
zT;Z7E4~(}J-1JdLwWrhvphtaZ9FsP%(5>5rP6B!Yn7r2xcdbCsj1;%RyFD@NsHPbS
ze=`1MAZa640EYwMWJVQKSo2K`llF{K;n(5dW5A?G>6=}R?0D;A!-e}Db>2xw$udR0
z6Lny|?{Rq)|4BweEYn?<d>Xg125$2m%Otk0MAEeGr)$rA&5g?4f{Z_K-m9aI`a(%_
z-9T8xP?~8&o8;QkpRfGSb{Om|m17Gv^JCrg-)by{j5mB_P&*Z|gQ>Dk@_*s?QgUY!
zqEU5xC$v-Y0zQI+ZrAA|eN+FDA!;XM6T(%cH>J2y%+Ve!3t0(^<4;U{_l(35Zx7hT
zta#xgi@Xej@h6kxBZLU^4aYz8RN!_0@Kl}rF2wX*kT^eeJSAqvAf~XkG+uR1iEoQq
zCXJec;PF>VeBp>l1pmP!t3sO04x!!hQxW=Pes*1~^|=UzUF*F??6wzh|JjAI1dQLU
zwC}vlZafW2PWF3Ku%;L85Ovf+I0XmIz@w$wfRi5f5Zh(B*lh>-w5mWQK92cWpEs8a
z+-iWAX^NAF+DwNRjB0-MZZc`^Rlqf8f;JJL8t_aF!_H5DvEGGE>7s5Oss6Si(w6?-
zO!FqT5Z<H4XgA8%ZDHbSSzmM!C_`?;_dE?asp_oI@5rPmI|9T_!$V0-hLNA!@SQZQ
z$wfPL7Dp~ccfFatLs`YT2Q!(pM@~SXvFqebW|QK@Qr8bf0{6GE+ml_4F@=l16n6XB
zO|jNToDuvpC&|)jQC3tkX;Qk;fy<_!1nE$fH@lp)-~>z=&-$0-V63GQqmv{HwC(p1
z!zDNg?TE9I^J7`%(?VD*P6B=3IH@3WlH&N;M^y+=Biu`7^<4_IJ?x~^?_wupW2}Pw
znFQnSYGOEaVpXcs6XeA7ZFrs+If}bEugVTlU{^}hPk0xAi$gB&YyHHmSXWDAuE{Qw
z=3fEOHv&$UtI=^N()~AO(<*?8##ocXc4{d<jbgTmbeU6Y<F|LwWYXv>fZ@jOlL6-R
zBcERWP`n72PlG=x(~P)@**VWD5m-|Iijs4vTvs(?tt0kpAj`Hgn!U?Ua@@BKv^h~7
z$!ra@I<~T|ZiaPbf0}4L?D7<+&S3MU-reE+U+}_SEG@V&&w~&RvH5$xGHEoZrAkB>
z8D#P$onSWUU428kb{l7|wXsZ^xf3vOUU~AeBd2*>`;#6oGKCYXYdp!dvVuV^314*^
zrb{R8;?SDRAA1DoK0>$KZlqUrVpb$r$dW$#kLheLUBiXuu_n<yXvA%~72^x`8MM77
z;TK3@I|UCKOOMt3RPSy&H3_xfj3e<Rgmy1{o{Td1$IPl@x0kR4Codb-o`e!m?fjz|
z%OrngaAb*Nv;~m8An2%XMl;uZ>CfG<{INO@En9#AYm#zL`ljR)U6h+<oI)X?9j1hW
ztki^yAsCn^raTEZNkB1Ix)Fis8o9K(QhIZFXq(81Cqw&!X3Vw+6q$>N<6k40xk=JL
zXzlYcCYG!rplyn0P$Ob&{))AH?lUTiZkKf|XRx9a!&J?;7Q`%*wj)aL)9XLoC2iXj
zfYSz;<T!yCjLXLqe*JG%PR-FOy60l8nUJWbHIi^nT8e&+wLX=XPqRYcE5^G`D5SBH
zIOU7Hi{O_+HBsY9Gq$jPzh?0*d3`!nUT)Veqqjc9Ro|amU{|^LSK{h=?Xrt&EB*^F
z-TYgH*lh~4$$N6E$TN}$z1c+9mNJHs=s`GjpwfkL!dWUmb14PwxAdiqq$R)zYAJ7e
z(C2%{=ikb^<%Z}V{ASrG=eTzkLLNEC@$V$8266ca4{D1_#}o#5LrlD7(sY-A7j0OR
zI>$1fk7Qik!14V4ejv#`T1A58cxed?yU`NSOn-o#^#P2Zz#spE|A$FoF2j6ZBW{JX
zSrru9ze2UobwDBQMY3ali#5d*O%D2`ho4Tq$TvSn8yB4UTowz}kllhP3E+YMy#L-t
z797_f-^Ao+n@}0^n(Z6;H2LKJI4ct$k_7;I5adkdVKj`h-eUZZvsyw)h4Mwl7zi2}
z7DjH_QmdH_W40AuuQ}E-jI^rQ2Mm=7Fd<o-J|i#u@vMKx<<AwOOhEW;H|WGWGGY8x
z*L3aUDltr@LbSzAG$Rxpz_F|UA4IM|z|kMTr1(sDbz?Nmh~WP(Mkm>rZD(rakz@wH
zzawh22<b;?Blw#l@fF>X>S^g-lN>b_Q~a(;(rLF=C@x&28x7uwN+K{P6qe^s+*A2{
z;BZpV7znJmJ2#X?J^vC2%=^PO>CwvZpM*pS<1SJ8E{R>0o2DuTwR5X0(@`tx$#y(*
z9U$Sh&Ms8(&_<}pSPGIH1mlmsqK`abR+>7gU5A*VzLEj*ymMF<ci)WPsZ3h3cQbI^
zc)@LARbmRAgCR4IF#fSi=JGvm#VOZ+a?k&PMI5B$-`f4N7XA#z4@3jjpkdh6>i(w$
z)P02U-=YEQUVfMy?sAOnbtR%7(M~3^D{VnB9IRxg{5j7#1@dI4Or|!J9-v(lO`}%2
zUvm>gUf)C)X=eH@`7ODkk9kf<awoOojTcR}z$HO`i&%`ST@GE;#aD(Xlr%Jn;4zW;
zwnB_eH%!5xw9)x(xz_ZIb|eZwFQAxGX8|(5qiGY7!lk?CS9EqKS8WzhjAL5=O1^S#
zzZA(sJb={4X5ygWP}0@~Zo7Aj;blcD#cY4-h6}w!%~DdxXEHj)ivbXlLKg5>)3ILF
zfSlyQ_!q+PvnbdUwRKUNz+pbC8jN27Qw9}U%Fg=-otitFLK>|;q1|LL`XqMOd-{=S
zcEQO27y6Mp#^RUv=f#TJ3Reanf^p`L06jnCxOLyq>ZsNH)~X_ej1fvY>~dF)s?(~f
zYv$jo$8L+6O%6x$8}UxKBq+NUC{Nz!tKJMG^ViWwHB4ssmB2+yyxd<D;lC)voa9hv
z99B-u7qNBwsPCYje^$dG{+_g(Pc?2EhQBy~v7_Ku`2uT_0f(NSib=7~f;9JC3XNJD
zKct8MG3A(B(Vai)6q-h(cH{xs@{mcxDpe<;f}|~X!}!@JfkTrbc9)O{egarTEK{XM
ztaYF(FrU@TmR>CnLSfgqK>Rz1RYrp5RFfSE)s5c59nX=Vva83$>$vn1T^sT6=YGgi
z7fu<Ka15b|ij`?ju2j4*&P5Gh3C@d0-rh~ngo^_opp1{f?iGphU$MwU(|e<rb`kW#
zTt93ngPsiDLk8pT?g5f=HT6=m>sX{gsISR+djswIDSCiaILTodx?vet0t`I8yIaIz
zl$7c>R?SN>cRj%0VOX;E2%7KFF^3)b*mDC5zlbb`T_cdelrlFffPuGNWrOdz`rnJY
zz%j2M#bB;Z@OLMNvGB!MSciZDo^tg1M(8tG2UGzs2+TOUV9%dBVB7uHFeI_I?iZMC
zw#|}%?aM?)hnqg<^-oOB-sL~~GvQZ(?ZH>+n?uXn`c5u)WseScUNTDLUt$|k?hUD~
z8lRH(YaY-9YzZwEafv!Edu@>pc}E?WL$=6|69Io-YgFrxF)UJ5EMI%Kl)f#&nam0O
zPI`s(IBEN%{~E|`jh|6hIlp}EUsa`Tgo2scMrN@$s9WMc4l<x~v>M&3aGwB!^b30W
z6F#J5PV}mn!`NyJ;kz6IQ=FyWIZ@G#{^-@a38~ggmvKNMIQ+39`{^t#fmxL!bR2_m
zuP!paWvjA=`-;sM@8N|dj4&mPCWSd_hdEvdY%bYaR6<E7Y17BK7MvB;1<h3(c`Q`~
z&2<|+Qhp`U+O>;#%TrVhBH5#9btvh<*3tMTKQN>|UsGa{yqdDX&OIPq<H?SqZI@6G
z9uBF2k6Qed;-bS1HSh?F(4P8HTK*xtS9Q=CyD?eHLeFN`6e|%pqsXE;0<}5hY)|P~
ztf#aN@&R6Uxww-S-K9M+V5a{*L`}LJlY4r~ZHXBRyH5hPCr}CjdO7ZnR9PSTzGan{
z?trdM5Q_aD@N59Q-F2Fu&eP_zKa7NTOudg<!~3?P7foMIiE>JEB=8^qSB(}}j^92c
zhx*uLEM@d;0D>dq*Mh{?p7rsUT}g$ueAPdwF_4WW6gERJ2k<T<+?~bOhJ8k#8CEo#
zJl`r^>U>#Mav~-&KWva^onJio(FFNuVwfmfIxE|$n+kRqPGnjfWn3I?NCydh1c}M$
z6zrfw%7AfCP~ElA_EV9X-m+TPK)P;T&GV;DHu0d(FPzNFcPtY!4AdBOvRH1OM&*!0
z1Q<_K%y@rP*WE*DVNat2=&Ho`)MBYT?`v1PIB28`zMe`cpFZ6Uz+ITraU%}|AE87W
z!31YEU4{m`4`n&dW)~FZYtJgG7O2Q<9P^*5Ei)<aWIs^}w1}3GzmmO;Vg6Z6!Rfa@
zXo)NskZ)u|x%yF~MeV-lOu<DUay3m!SJ|syIA+u-6b_LH;y~|U%(Z1gr3|q_xLD`+
zRBDF+h7qL{<<HsnLPZ-okh>C?Fkc~lZPB1aVqjI-4yfuUK~3+B?HOgMSd@l4d3VcZ
z>&cWu^`!EKk;?lkWnPHGAwPua*ZhYiZ@#UM2XUa+1#A-Hi=^cAY!B=F$crh<0^HJX
zmdd(*md!PM3Oaw<?BFhibL@e><ZJ8vntPMJ@Nx0In{XoQXF|aq&1cf<jzjd0BXt{x
zL-dCu^v#%-X3JyrCL`L2;PX}^qAlChHH88L&BPy5z=*=K*l%pt<u1ClJyCt{LxELq
zm=9ClT7D4EJe~3o5y_Hi7BGz>)Lm1Y$cX|9y-f(MN|7-Tl#L>EDMoC=HhLt26XN1G
z$lyXY{R3wf@RYvI%^O}MMfBgThnPr~(yoNII>H7&E1ebkRVaUBC}HU=JqeY=5Irzy
z??#BDk6NcRW#d;{?zTvsaw5-|ombEG>VezepWv0R&!|ya`S_}4{DyI9-(m@QeTHkE
zRz?Qp7@bb0E~=6d<L<=WKdd@X<-rH)5~fx(kLa|&K6Qmt$Zl+I`UrLl7{_g!&A6bp
z$?hzRv#cW}eCZkvjY}Dib-+NIp@B0;<mFu4)4W<kZn*xznCr&J?{)&=<L}jD*H$PY
zy_7I^B|V1?O5`_@uTPcf_S85~F??qoHqO#XiR^I!GpBXUAA<>{gA=YBHIqpAms|K^
zKpT+a0(fw-#gr9*48OG}h-PaKAqnDG^wA{FdJ;Cj-uO!jkRlN$JHE|}TzztgCV1;(
za@zIN1k%z1dkP+5JWL;Y`BVaXV&BFi9woT%5{z~Y%3A#Hu6=G+`1Q0aay9ro01|z>
z&6Jfc_?XQ4h&(71&9%`>#eWe*CUkW7%_$)`k0FXV&k?u7hU#iOLOV*2NA;5z-D0th
z-sNP%EgZG<J1#c^kcGG68m|cCZdU@3%oj7NtiSf3BfLZx6<OJ{$gzk)RA$nylD<>F
z4f%BKXi<*c1WnA?8@#w_0=_pi&NZl31{V38Wpe*Y>LazW<g}&jZWw<XA&LcTAjYh;
z;$XNmWw8;vBP>)cnH&8|O3(H7bhPHLdz~?Et4A3#S-l^mEoaD>(g;8z2@#Mv0w6&G
zl-=f{Q+>;z6l_2i_dVUxGqT2zIO_&Icab3OGPLy6gsWMyx2`IKCNP>A0L}vCKb-=R
z2X6qAzfDzbn^I8Uo|yI?l0lEA9E#Z;@R&xqm`;t@&Qsd_DqZ!M$5VVHwTkebX%olf
zZx;Q?%Pr@U9H|<U*kY%sh0?{^*vH0Z*@*bZA94IIW|gGYHS?uP$T>MpKQ#*WepUf>
zzzg6nRSr9J%vovOShJ7vhaMPIfSE~blR~WpOk|W!7LgNTGULCGwU8qP=r(^i%_f^P
zjI!M;MtJ`aXq9!phE!Og+c@KKI^QnrPyeaM#+m<G{JkrG>vjlGm;41c(#%M~$2|4s
z-<xnN_({?kx#eea6Jv$u_DBZ%98rw+m^?3pa(On3VOxfVZ;SL%OU8I$i*#mf29KRc
zw=Roj69==SQKd#W>-7B^dHwG0cSiiH<SjTF{?+jZq|+B8FO1wv%)dHoF<1{YU#?Mn
z!lv^ZfHQ9s`=yUz|Bwit%8tH|#SR#&02QxP&;;~oqTG=iHN#vdAUImy?+IO}U&MaF
z8N!+#WCs%IV@@Bl15Hth5<8GU@7$F|GuuRIwpuH<kbQcdUcfew4nJ9G8jT%z$GCr#
z2v5gvxMYKr=my9MYUMN<%PSfcXsl=#XS?e>6@Mqd_uOVfM(RGlYSD$;=mV!+^zb^@
zi?daxhsppuoYP<SOItTJ$?HGheTiZROn)r{Zs}u9SC#=YQ3<dNxS{{|TtIHAKCRlh
z0rH@iOSMs)Eb)b%VgGRk9*BRnZIAT)Vq}j)YmL+Gsrs$aP}a6ZA@}iHrNIceLdJhC
z-bd@(sDW(1F}+5%sjQD*l=Oo=jyW!LOO$E<hXA~e*xviVD@PS)z6|e+8aw9nxdRaB
zfMLJW07p1r?B6uNGa3S@Qdl*F${EWI%QVb1ipzxeBm2MW;(M+bA>V%SLq!iOm5VZj
zel~)-R>T!69RNmtu}-&P3P`Ga(j$%aLB*M@pjS0z*2sPf^|8;CUaCV>r{{eD6I|Vk
zBJHpmibUc5%+LoBwi;hXku8%qpUt>6#44HVQHlFcg5GlGW-sMw&jVoDPxk3#LVK;o
z7o3cuZc%beZCR%saviN%uJYd$oM_}6S1l$TKhA$Z%iVhsy8jN}Qwn+&p(M_(S>#Nk
zx=f>yJuf}mE|YV-EPWH1cbr^oBLq@6DrVhhxT)tQum6=tV2lc!az+8P62zRorT{t#
zVNUZ>01YX81HkkezZ@CLXNxtUWoS`YBKrxm-#ziK?xNr>jQfdEa20%k_XOQ_U;6aF
z%m)zUo-u{Cs+iWKN$Gt`qRR4l`%QgWE~Qy1$9Y+97L^1wemMpH*Zl)(a023e7Ehxl
zG3X~R9&z51uZxS#sqY+#iv@%TN?nMH1BD3uT(-{ypgHO*sws_zxi92OZw57!zcZj>
z2aP#0ImQ<I3ley#OuMH8ZG`PV%6UpD<uHqs))-S(-%ks#Hn441OFIBI#-GX$xhouf
z5v$R4AxO6O8nBhkj+5*3<tXQMpW3&n(u%rE{{7eAd(OwMf*X{J4Q7lX5~M4$wZ@+h
zTY0vr>uc|f=KP)JEabcbg)P1VRnTgm*{ChxTCBSyA&Ieez{b}Ln0>aFZHW&Zj1N(q
zcg=|stGMiUh{V9&B(Rp6)f+L(vaUoY%Ep<M!DZW_V+Sk!KT~?a>~|8z*CvTa*y8UU
zzT`qVQj^ODuDzY>285+Jznvx*oTlsk<ZC<}!t7)5pC0^K#=ck4cqq)?Ho?o@mX(Nl
zQCq~IS1)B#s=#$KBVT1JTksDcyZ^_2=YM3gv@~{N5Z<N6>{)nS?dY}*^a%ea?}2;j
z$eka;v3d9JKCaYQWmnhwlj>cYvfs%YH@1ZhKK3P<4h*V$8O?E4940%>J(M3_O0)Zy
zCq86x`lDW0GBg-e8}`ljf`<K0O~nt@P-FJHa?ZQr#HG0MLu0*bQDecflG>`d+M!=M
zNgh~@wdr%UvK5ER0=oQcrv`I|0=m@9P=mQ!HnE)Xq@y45i3AqUj^5iE@V#JIIaMfp
z{ob$8={6sM&@$r}l-Cj!cort9w0p`xTTJ+LSD?`pOt)%~DHVRs_s`J>mJMmNY&sAB
zuhPL6!|cn$7jN($*HgReo>h#er#6N1IAeWW&VFV43lc^3Po)cO#zv~y>F~kw@L>^<
z><xh}_gMRyZtyAp+Uv1$9jb9>KgN~7u+x1$bWttfxN~UOJ$6oa9o&8l-?rwJZBs`a
zwS<b#g(1XbNmcp)Z@XBpf+^?fmAg&{@SrsG`2^RiL@mBwKg|*D4c`M=-#*J#fA)ny
zu%H+VBkG@uHz^j<PD}pC?eXW3r|0Kczu8qVHCUrhe7hDf0mfK>XPj`kvrpz$cG#iq
z^_}JjTuZw<EPy}Oci$|nQ5^op#8p28=-;QnAhaKE2nBn;E)Mm4TygNX8P(2vsPAmw
zS<7H}9NrmT8?q#rnW)IiRuhpW4)PHOZ9LTd#tmJ^z0aNRMEDekQ3cJ)3fy<bfb&ny
zc_z5T3psUeaieXY)u#HIOJZDkHor&S*S~$G->O${@O=!7Ypd3d_{LdUM&ElG!IVq3
z$PH5qw%xx9U+tulcG%uBIQ1I+wY?s`$H>{fi6aQkEx0ikm5u}PeOWQO=K-!Ld`^{f
zVSjv&-=3L_!sOH}_&=>PUQ*{GnqOs%w?VFi<L96daPezlvT=Jqhd2*iSM`?r?H7|<
z4q=T#RX+ZRm`lps>F=E=m$_ND`|j|HF(sSIErH{8cX<359w{yb{v7ok#Xm+%8ifxA
zP-ylJ&@_7oZRdq_kJQ1gYdKfOk+43r4?0G$?31<HtP6$ikN}*_XoM*}J;fiMn{z&`
zRhH4O%R~Aj(4l*+qD&o%iaS!JKWBKa8Ihlp0SE<8&--)yHRH!TQ&TX#856c&>gukp
zexDRK0oMg}396L3#A<7HT0d1&@I?H<zG8;1J~Y(<`2?N{QTxWGo~RWr7f4O6)zEn?
z!PYRy4p*-F>~0WmM(g1(pApx(PK1op|IS*n(gnHsLj;lj_zxDD1O9{v(df<j=*?GT
zL9}V2rj4$w^d0+jO-ZNgUWgNVmlIuxqBfci+jpUm`gsN0nkbOQ#=PwF&%EcQTgz?x
z2aWMD+y9K#=$kLp2F!d|>w$Q@dgoZXW!AJcr0i<Lz98*$y(Wu$byx;ze2dm1_)@mb
z+SkkI6V#`%yzAVtET{9;uX~NDy1QFHK@G;3y9wOxLg*poYM|nFxJtAlm`!3md^L7)
z4y}>kbt9hbzYHi(2_~#HabXu?K<;CP@e`SlYblrQxh5cYr&^B0cEv__VLIiqyg^HZ
z^pQW>eDw10Yij&g0W@IyE}^<fX87kfn^R{YLVQo!$hp6lHZI#Axq%&B32*w$+Eax(
z=?@<e(l33ttCoj<1=DcceU$F=*_LtH-hM(wz@i`b&ALq&nz~6n{r&9u(rRkg%k<c-
zIWvHJ5bZcx)@``{hfx`1q8V^A<C$%Ed)&wqL&B}LWIC=t-={}96Dhjvk>D5Uxn)Sr
z=VENxBhdD^rD!~IN_rpaftp+dnQRB@)1=d}M!49cJ5H{ehns&KpWI?rg5KsegU#n=
z3A>z!Yli&(jVep!4m0<#U235??g9isE7eZ)Wt3RR>YA3_%uX7sPh-t1r-fJV_T3=I
zZm@`_A2kjytM7!@>Ne1yxSi61ST@tt!sM%V(t=O^8Kq{<5LX|6b^H%`Ce5^1chNp&
zq3cVYHFVk?xB(=Y=TT4_J~I<8|HhFcY1~XgX4VT9a;gk*G`Co~+(`|&7;$u27Mj}*
z`KVu>1&LUxkZ};_7%rcFB!CAll4ns2uoK0wF}#T)VqbUOdf(Ch34><!4*Q^xRhwlb
zXei<ErR4wdbX8$-G)*_SEf#DS4IZ4uB}gE+2MF%&?iOrucL?qTg1fUgizj$+5AM#-
z`(6AOGu2()v(GcrH8tB^r%t2Z%R)2g+FCR#T*JL;-@vsY|L9RqmJF<h9SWkNiZ{h!
zQN;pJ3YM46z;Ry@-M^Q&Ddv&s8?3JmeXwq{35U8T+o6>#vTmQ24i)QL$J|&py!UtZ
zc+=;nuL=v-yb-GK-CzISrZB4H@R4tJsvHilg+O)TP8x2x)a)ywbb7ncYweMKf`^qt
ztXZM2+noe&3pIZgZ)>r+Oc}m^Y(|O)Yr;E%Ug+80%|yQ2_AfJPhnKE{>k!cV`}Zc_
z{AC0KNAGt~5H>drZ&FUmF;7QMif(^>U1v*RtfKqm1C5@uOi5)nhCOv%hNWS565?6F
z;5c&>i(Te{{vgdVXm+HHnY(@X`h3l@Y+855B1kYOOLdDTzfUGe@R$VCfH&zX;|Oar
zK+h|&=B_ADDa_W*?};~)!FXnGGAU$D={>yI&>aB<AS=Z-gGGx*HBtia@8?@nTBs6k
zpP~$5<47vA_0~_W5i(OoE`AA1*HKek;TgxK(4!y^Ga?#-gZ~6qlgH<NoJAxKv*S!x
zlB_I@e_xewAvuY?Ri8`H?J2BE)-71RIO@1Yp4~B!uL!^IJ?>%Xdr_rokx>xA_us~}
z$I}U4cfZBo*k!<7In1W}EifLuEJf9_^MlSbo3K}*?`~PXHb`fZkgCN_NWt@f3)@~O
zWZ{f(b)5&zaWIa7a0QvE;V#au*KW<K@Al1V{$bj4a>$|D>*xB|HYjPz)g?9563n4@
z&7G;sjf};0b`)_UzH%bozEpD;H6?dE!N$g%EKoBn5ZU5lQ#%LETEpLZP2j8wilg2M
zwA1Ln@M!;~6J824&TR>vYr+=_c;n|f1dWVA3;)<{cFE?V>r3X+e#ud9SB=GrS720~
z+Z*nE5UEQiv_Ko57)3jmq18TXdZYL%GqGd>=aBiN#=C#he+8?}^*+ZQk4ETNpoLnX
z!6B$pIO`ZDyoXP?iAAn*E!$Gn5*u;}`L_23O-CI~@R-*2jfd-ilrk?#2~Ab~aYl4e
zjiZ=P0Q{wUO13#ymPG=P@^u!HLFw(9_+FSFOB(pmE|I})9$JAjxlZ%fXKnu6C8Tf<
zb;4R~v`w=np{^={tuKi(hvj{*R}PM2&boXZb^2}ewJPe6=VK>ulmA1bbvFI)b?x9N
z%X4dc6&BprU&wYA;ZAHaIC-aDVyBnRKG1KJ`^pRh_03|@a8&~wFISf#R(o%fa}P~t
zBFgNEZ4$4GkFAM+MOcZ?Mc-c4TiuA>g?beYte@mrt@okB`|~<ki|9hY=k>p>qAhNL
z|4o=J8>2$L5>@%NRZw2?9}ZCtcFnato7d=7EKIic{K6^pB~dv#j|wRylBk7CLw!m6
zQu~Juw?dz)ML2B$tNqKqmrUmtUs<^7u!;yen67Es?lwk3m(G(Fqrp54O@Z~YjB$EU
zkFH3c&TDO9BXH(4(cNmQ3-#RAj)})zty@gGg^I_$!#`BnQNs3UUqgCdU-~UR=3+90
z5*osbF)$cgr-6p6A+er{#HT*mRSRAGhIpc`fyVSJQ^}X|n-M^{+^#l;Og=jC$-KZu
z=dVBYCS9Wfwb*bviJ*3D4UapFQN~20#Lh%&9vru@a2|Z9d6uyBNICf2RA92!DeL)I
zvA-a$f!1w6pciNpf}-)?@~pc=r%gz|4Wm7|8kYN1bFnZgxT0zHxH*OvE0ON^E}bvP
zxTq2DQGivK`bVpzW0x^SQ-+G+@CT5TsjNgG9%atnGFpIQhvG+%>~&J`FfY1%+IXCL
z$4V4s&RX%ey?-IGx;F0MDg{{^k@+@)O*DJ9hCx00=pAjP<wh7XKbJI5uzY#^`X0|x
zQ(CTz9(`pO>(;PAg^{VOkl)ka!TRH!J>7Y<_Fqx{0?yfvcWwLhLzqGC;{6G2yr={Y
z!+aObeeT`WpD`RscxhLEk%V~Iqjo@fQ3F<RJeL&u0(k$6=>*Mn$$Sh@9Y|0HA7Y8W
zm%?->Ng#{t$7NU-6((|Qjlm^5B7dDw=+ohqa0;`3@82!sxHGm1?|^%<rgkn~06yBb
zgxPhdBih}w^v&qNA0O+4@H*h?3eqk`=!66}t37=zECH;$#5y+boyJo6N4F~gopk!+
zqMFg@?W69%Pgq97WGCnp;dkfbWPKJMU!KaG(&9Ze`mwdXs}>)f7ph9(isZD)EjXtQ
z#d!x;-GSRoYVW2$KP@^C5_&X9AarM3gm04vSM6`eE7rpYPg@od$aeXcIrrebDjl)k
z%T#b$)nJQc+ZU?S_m&EIptYZ(3ukxA@%d@E%AAQHK1iL_4~T>aybk+?=2ujS`7JXJ
z+eII%(F6gMAxGOnL<c-gZtrnTCq+UgUnmjP6q$rmx%dT@ny6NMOEmvf1vunmKgvi|
zX6h83J6)rkT%-v8YeG0beHL$djN`*GKqq0`@%iBYBqWyMLo?+33@Q8AKP@g!CMPgf
zyCNjE>|@M4ucW1NR%^$6dneRa=@atZg5s-)1DaJu$a6<Xjq(tKR-eT!>gmXPIzR$0
z_W|Cco!{&G%@<leUaVTBY=yLYwLjonJj_f&;`fW{E%JxmAuq4!Y4;BXeWh=*+%q@c
zG50^P+E{dp642YA1=f6vmb*s8N{!*T5Lu_YTg%#K#wh$DIiN>xx0*6_?9*a#`WXIb
zQ+h~T`={S#CxF^kd4%?{C$@3tjCO2wtd`8@@WM-kKjFS24(zYWQn|l^%KuW}2#9<@
z<nkXbTR9qT6HiI=tN45wBCvYQDBygK(AR-dK>aGMLUvzXMIGQHdY3^|W3MTr_O??N
zRazPj`C<4!I$6}`xSkh0x$`tNG>$)W9t>S$0U?U7xIcQ!{kt^S=O`FKT0Kz_sBZE}
z1M+uq@t3(}(s(}`j|jZ3Mf$#BWrHh$t~y9Dlb#<@-ALo7N?)i+)26cVU5_Vir_6el
z(E$_41NlBo`&?LL1cznQdZO6y;v(#9SMQKIN3l8y0Zja^rJGYW1Xp{c0<6DlzlyzL
z1J-2r70}zJu<R@WSTU3zR!c3$mr339`*bQ0Ga^;T0`p^g$O{_25sPEQc=_B@t7pm+
z_?QTanGCPfo{}8i#xJwqe~&1ZCQ@7;r?{uguksFudkef6B@C_u<Z7|&NoT(w%KrRr
z6B-sGye8h^@2zLDkPmLTGk|$0({n=*Ixu1F@1B9HS0<|-%2{N9C{n<L0KC%5@1d;+
zVB-h>Xd+ya#P2ybEyA!|%7I+3tv5jM8(_IbcrDlHmq-$I*GPHY`J1mGeRV|P*=LaS
zU48;JIkQ|w2neaqdAC*17<sI3<~WlSi9q!O%$J@0{^o8}h+GQG;JHGivm^GFkJPSx
zAH{-iN(IkYwC?^1K(SQgQ7+Sx4c`-e+KJ^$Vh*}@5P&KP;28uXveO{5zu5!h_l@9p
z$VBttU@wp0{KDRjUf-zRnqI?I!<WQ2>;?hol_tv2f6$Q6jJ@ZM`47*F3@aflKu-O#
z^ex=dbzEaEE~RRBS?betKTA(*Woo*(t7KD84i3;R^RA5NT{1Z7LGIl4z*j_0n_ZQ2
z`vGY5WPQULF^-Q+&6i8pOS<(Euf2#IV!=*mAC3!>Hab)j%?mk<3ae+FJl0EReoTo%
z;zir}F%dwADCjfM08=3Ta0sPNG9^dxE))Gq;CwNq1_J08qO3T2G9^+M<cBMY`y1Cn
zgey3t{RqP40_Ji;6R*<)l(W*2r>EhYKapcDfjrhLS2qK_h6Ws=1M8Kxxulue%_-kF
z<^}e6gp;-1f`Qh^U_`EoGoL#dcz<gngEu^Cl2|lTr^Mg-U?4}Z>0g8yvk15@2ZW^%
zpxtA5TQ$H~lialWQSdXs0V$#_7v1<S#>BgMfeGfTALULtXdS_s1T>E)+v7L(Oa;D$
z_Yeg|0S51r3a>wg67JX-h2d-^f0-}_6lRclA(?0nhJ@yVA-owyGP-R=GCv$t-2h<Y
z$H<aH3fL5{CXadt2hHky`~>A-OIKg~P!OmDWf}7=$J~=n6L_J@4$U!KR3pIORa{lm
z6OWFgRWwJ1mf;9aT;M>8DFMH->&k^OjTS(C+cixkb^m};|3I6qzm>l9QQAX<?Qzk%
zoj85B2@`5GK8o)t|7RD}8_W5C>d;8(eTu;|hqCaHx_70r1pKchx#1xoBY>6Br}yqM
z%~Ts9{sUASQ?A^Vddo@y3kp}%Gj>ijJ`e(w+fTY(YtlOSKlm?jp-ZHHo{$Wzr@TXf
z>W>%!I;4X&AEGG@RlU!5Y%dezWMs8Uw%Nu1;T0$)inc?6!ds#kvlJY{yVzH3Gdn9b
zBF)A>+Mkr3kFl?2jR5q}egr*ql#1k21fgLl&b|@HjG$Cm%!z^3ls1Is8}Wya-<F}u
zv(OIC6@PMw@Dobuk_kEFfc(GPD*v`_<T+SK<^QbWoc=*|6!fhHAq)$L{3<2PC{D^-
zIZ35%AoGr~${FP(**yD}{m1n}2F3e{p1x3&Mu0^b32PV{i&VMS$LdvUk9CT=vr{Oj
z3o{KGk|2BL!g^OENaY#t7@M^LNb3uADUxEpio%(25)9f9Lkxaf$)5nzCmMMdImY@W
z0M;bY_kiX9fx-5GBFcPH^7!Iv_#UzRh0J@J;F@$7Thd|(ngb^DM*i#3$K}e?DwQU!
zwP*P;jbEvG<Y&i)sak?%<YUj;!A)~ye6I2P#i=TQ@xr4{u1}GaLXrPP*bJn;fSIGe
z79CWz<uyCJR=c45BByz%lIIfFZJ-%{XV&-5pcwO{M|I{$(=?!}@Oal$k~2DzuxJrD
zUc;q5_?kb8lkxRDpiq$Az2@m1CnR4tnu|sOl(=g%Z0@n%(%ToW2nLWDA3?VJ*`wbu
zb+!>kngrBa-Ey6(1H8lyYbyj@$$Tj$AjU!Ty(99mDeiB4dqtWMv|0e`udQcdmQ*A0
zO6PmD!|Q9t*fy9RrF;0(f6DGJon&K<ss*X61IiWn!8R#h>@*@N%kibScL5FVbn~Es
zCf)#!;n9<#y6nlwVg{G67l$SaNhoD%-xa0xZG*0UnTzz$nE1=9o+)I-;%bX|{SIe?
zXXFqgu8VHm=in#rxYnM5D^o_jLF9PqHA5=PgK{J9W3?-jpnVy~`HUk|`x`+UyoZ#|
zq8`4qsJ8ob_6p|ryR~PyW1&+z9=ikO*3Z|S>*u@3>MjP0kE_qx;oa%zmVzN?8nT{J
zj)FOOCid4WxIgUdRQ(hz>D<N;8=eeH$TYO?d#yT9X|64iEoXx=+zp=Xv>kOEB09t1
zv_%TYceByUFHWB=QRidsmyBN0O;drtK~oP&c4<fNE>1kTdHXQmND3Ew#b7IUJYSyJ
zc{?x(L|`%Y44YxCy)5eQ(n*#f5#8w|OEbew<2>26%eI_v1$Vy1ro|E@!A<iW_$B(H
zA@1^bmKri~?IQS7FH}PIZp?XlG(r=9Nv5>H)b<q^Qy1yDx6V9yF{YBb#{8mL{n0Jv
z#qX-DYp7YjV;Gniubq?`N)_vuJBv>`n4Ua{N}Nvqg+1b_e=T^&(z`s^O1a9?Nr5=x
z7riE*@Cd{!BbfK>!iNG*Qe#TfGY~w@Wvw6+#UR<n2`)|-PxE;WK+Gt6{Gvj{s$_+F
zYQC5j9nW3LEzihA9f0jZzJ8j~lcY-ZllZ0Qn_m4&RzKE)Z;*2w>(}<Uu2!s(7eB;$
zzTn<4gY-UO)mqKR9hm|(Y0D+UsZ}J;jedx!px|VZGf-*P6)}5bTsx+~GZcYLhI$}2
z!v@jv55u-0{<`M#3#rC2^LNr8Hrx!hH3)Y#q)?q5;Jz!i=ue61LQ+v%cyUws;MYw*
z0j#i}^;Grp3H@zW0uA)H2m4t)Q-Xn$Ty^h;<Q`pNa)#-tJ<8V+xy%ZGe_zGX*<C6L
z=tcl0zLZ~WDhXuLaQv3OTCKNwqEFV|ey2C%+RAL@8rg8cX?tHz)$NMK4jsi#C;T_Q
zc9{mdv^NBm^VFOnpU-+{J^G^{3sjJv4>p8*S7)l=p6v;<ENc%b>OYhBBP-424;1h7
zB@drjQ3Vqw78J@OL3DQR)q*sB%0|Yj5`elYhSx3A3kpA*L5Ne{0-ma__-f{w8X5UU
z&XHI{hw3iGCFv0gF2v?p5kdTzr5O<#yL`K)`<7av`IN8COR&HEr5l{)o6r2Q8mg|o
zdZ8O5jDXnNx1vhS#(*^-w)(3ptgLsc5LtXP5TERCf9h>NltDm1BAkN$t<xT%2y5~F
zol1l5W)(hJet{R>tK75`v+R>&$sr#uoqtHl;TaRHe}BoL<6t;N#2dAW*g)K2xd8D9
z1?E>bTY}y6tuWP!jH={M!{MZzoWFg5tfafC7DYSGtJSnaCLrVQ;1)t?kG3!S*$!4-
zgbsPTau1RLb(~GhLg}?93q-3C2#<a8PWNeY_oY(F8r-2F7cElUmWw&Ol<Ni|85qh%
zJ*9l{WfS+y->{`5UT9|<`$3AS>N(WH?+~BBr3<qv;|WfBef(o0(rmcoPd2Nzcmn=@
z19zZ=NfgyUX3g19&XO8pQSnWN*hD9Nyn38HiJBL6-d7`Qo?%}X>zVSPndU025#%nj
zKaSqkgXLGqBTgA+Z$SE>fYg~Q9`MDx8W+CJoD5RohIqw_6jRHy4-)`TAF}f?;fLA_
z!|@fVS;rx91rT14hMj=nJiD-<oNhqfC$`;z$ACGbyG|@|Q4^)<s9TGQ9RsPd0=yxg
zG_POLIQ0Xf!a7_Q5nqS%zrM^dPs<^&@ymrWPGnGIf~mcWNFnoP;Xj#(8W<UWyyYaJ
zb9zVP+gci=<-6%2?`hmDWev&_T_8BWJ0`!xk8V)1drMjJtYj7c!)w>~;<%?dySVp{
z1OK<#%({EU!w6}uTFpx~*IiZ{z<?n*i9lPJh#9Z)l^(N8H*Mn+@10(I??WJkTM^UU
zl`;i=1?eZ>n~x`PB8O#~arwSN$U{36Zda8<Q;p=}_yN&HKaKt1qKQ|fMmN0yQ7x<i
znH}nJ8`s|E#|_V^O?ZMXFsdxO9SO+syi+YX^xoTfDXWzD21ry%badygmf$gVSvg3G
zVu=|{hAkO!DD~R{wQ6#`L#yA1|ERv=K}MH}VL`>+6<3qN@Ix9#1E%{G35%i6oW=gA
zk&>5hoap_kF=+mf;7F6Pk#OEZv!{`&&rf^=6y>aI<65&dW4V!R@W<k=vdeLlbCmAZ
zGfNf1ZHQ{$gR>5pm-Te;RA@Aw@f00<qdS4&)4JO9OqB<I{5*P~X~t$`gaB#n2oWMb
zrd)eIM|KMvL4N*`h6B4=fl*-+6VWkg4I_zVyf~LwW=@i@`>uTNZOxOOJ(H3cVqeTV
z_chdsk>DDB9~T)w%)Vm%fr8-8pbHC(#34(V1BGH0kBi?cr6e>{z108&0l(7Cgc$u}
z7;nnb^OR>=_!~9X)0w@9)x;q~BpiGOjC0*T)s`zawa3%X-BNvf*Wxz{AqCg-I(F$c
zHqY&tAbaO+hJmeno6$TmtiL}%J9S8|osxh?Vzm8ceAg#L5?4iPNTnoTB4HrETVrYj
z?_CuVr@8EYRSZx+eoBOK-&gSJToNF~=h|H`^@G_tezQjrODOF?$%2S-3{xW2MAr~*
zHeiDAShoT!u4aO~_h5XyGFC`Ff_Go}HaITPHJ+j-5dE0YfoCDc2E_)gCubAL9{<Jj
zuyG9d>*qa}{b<7>V>G`?Ff{kQfX?UB2Js;tqj1~4byJmryi%rp6H;%_nysRcljRV~
z)`;&pRe67tY^Rtq*_k({(x{>uFK<xMvboTvuo8O*BQ1vK6@Xo~ecwY;%LSb2;SNmP
z_?AizTV_HwelV+x0ZRb6=NZL34x>{o4B|Z#>50Y@?G<O)x|bdt!sJYc+>H#-{*r<a
zY--ca*u{U1^$gJ1k|!gbjuEVnmba#&kHOJpq;P&+3{Wey=d2*bOxs}AwP?yNPyjPw
zSXV)w3;z`*2c7KxZ*xF!7TP|^e?FqK90V1>dj5*Lk0@-hDgs(aDWtCRs5n6?$D@U^
zyprUKWKr}Y+D6XEF5Ld*lqF<Rwf=mHVy-)k+u7a?f_9lZhfEE<-?{wf2m8pY=sA0A
z4w!H4#3=CXJWxxvjabrUiU4sAMWmL^{>YbfnSQ^QB4ed$%K|RphwkqJCPYjkx$6uX
zLi7jnbvU<p(VoA$K=x=FaI4@8$Q~?RAW+f=SEv0t^tO2MW+TbJ=kNk0Na9~G;PmuA
z4=FW%zP0L|sz(a0XD><TWl^6RQH8T(#~|g<Z@8Ty1Vrf!->l+PNt)`iha&wVXIpx#
zA_P>sJSiFbF8hSlS<=rF55lv_j<Gcv@-eXlsE&};>*&|gii^o1?}-eM><F5*`Vi+8
z*Y?D=!V6T<LZ?#Uy>s85s(G+~9W4|Y>zG0Z@X!!6u`_kReCCDrEGGwfe*X{@#9AYc
z(roP5XzYkg6w0%9F;Lcu9yS*&B%*}F#?jVbY&kF6F}yGnX(Y~cPPL`W1W_eT{+G_i
z!AJv6R(Q|GK}QdcmP>TFH{LcGW*qfSnDz|vOgPti52cp@uzUAwqQGILD<4TnYDWv8
zIzAvi&X3ja=(NLt%i!<lwR4MU%jB%xRC5C4Jce0sNvk?tUKNDrUf*{CJn;1BtJ#Xi
zd<p&Zb?)v!js8kuZyII$0xmd71#sG<2jY}f0pACsKctuMLKR$K>X||O>~!H9n`6}9
zRq&3v(}}V7+Bd7A&hHAn(nDLk3iyr(J{>Eo%|FQse*Uy|6aB8M0RdUS9ohQuaYE)h
z<vfG`52TgMj}MzsB2|CR7lm`(1m(u0v<TOanEcg%7{FO-=1SJ2NE3eD>V*68rm?*&
zJCoL_r)x9AKALIeYEKgDJ<{4ANEQs|w!%C?x9zCuN^!_M@^yn*c7=9yW|BH|WL{-5
zf6}eKmQ~Ae7P2Hg(PJd7vKh}XxvT@CYBRV52L+-^cT5*gumjjOo&@J+TqRTM{CnED
z7&K(bq<6WFzQn#N5XvQ)X>;~Bn!hEbr^_YT>2NmKv!v1$n}087NTcJ_;f($&>&wyF
z!3~|6TP>F99K`x4ktWNXkh2m&N>aK%HF)}N)q1?9o;x_T7UAxV+WYfMVeYdO{bQWD
z;CGZN(2L#pdU`8D*(xO8ngn@hlT7rK2QXp>gcrs!tC+l=@xN~F8cJeHH|KpW_IAws
zHl##?zkjEYBxem5AYm;LhgtK`o(A1H6JpDIIC5NXW)QIEx)vVR-yQek9)4ss>ruNm
z-?E<C@0TSujy1~^+0|s@{Drg_`_zJK>a*p@Ieas?@h$#1273HqnIz26*>epeBmqHP
z{~w}dY3EM+WhWaXC+)eW*dRyuT7>L(b`-NMl)W8OoME<R_A|AYxe*DZ-VWH7j+}G8
zggE$<f%3WbH3<3G7iZR9VH(`RB7WKgSZZYu=&~I<bJ8JyVY77PD>*D%jm<X}L=N+*
zh`m1sUfjjasJewTSfJWYu9pd@OL_Z1D4(PX%LRn3C(rDCApP#DZqfJybnea1>_mP=
zpF_5zh#Ovm;OCX<*&Yzx3{j6h5c(B4vd^$uTThp|qd+pr(gi%Z4LY~?!u_}Jj55R5
z5d_$;4tn-f@BM|NKrCud--*U>DmKNWSq2N1^C2>IZeaaIl}4oc<#xVPH&d!rl|rm~
ziWC&7BlGl<*7}v2$C{p^R#+~k8m8sZzhkyGKTG=<+al?FgOuwGzhuD5Hbhqhx1@5u
zrRE_jxO?$_;^=0Jm4xk;Pz07{ORv|IW?QQJ-|4@S1!CrX;&J8JP2%y7JEOX%j<LZD
z3|5jcwl-VlHKOhC<xlUX1`+u;g>MiVU?0wfkLEu}6<-}(_-Q76xC}>8(-zV5XA`2A
zCPh|hAHJP&3F<e(N!fXe1aw|h%iP~l{dcy!c5_JC6GT{oa|kA)^AsOCcz0kQqap1f
zxPCY)A-vyH(}93Dv`6Zwu%0m{2xdN^S@U~7vV;0%1G`T8ds@b1O#^5qw_K!&W+nFy
zfWI^HB`wI4_uyhjyaXVwW@R%ez2}}ev6UwPy>?E%Z`%i+O(@V=At0&J&cR(d3Y7e1
zE9DazlQ)Oyt*K*2R%xLM8{{<+L~5{ourM8FWKDrQ6z3%X|G??H9M^kpkrO+D0HVV(
zb^I|ldkzzYC?J5S9Ci-gY~`OLmNDPt>ru`xY7=(x_TH7X(tmemsL)@OfNAy8f8oD|
zUT1yVV*77q-AF4wT6;PF_>+zso;wN6Wh$CCF_v=GL=P4W?LCnF?JMjPBcE)ez(MfQ
zWQ|N?SUX~h?`>uw_0dL(eXJ@UC(*0*wMDEeNxPf@Al~{7N~OK>C`DUQjP~ogXQ$;R
zJv|ksWR#vob?YWCojhrl@zq5Nk>4AZ+$>YXZmWPRNPknze)ONTFJjk~!+jJyEav!9
zJo-$gihrYMA7T){B@r?20u;YBf_J!JheSXTSCgPX9!!(Bcop7NoDm=wpsGV<!SGwF
zi|`SJpIt85kuzq)JM$wYPd251UUGc$#1w~~<|q1WBhNP5m?46jt*!;Q&$0RMAIkxd
zaS;6DB><wtiFk7WfFyz7+xr|LJsZx;<M4kHFnnucJ`5dd75He!8Cr6S5jSXp8WuDd
z*oU2Dh`Fp0q2aiFdBxN~!Z;k{PX3^cn73*lE}%O)9=Ylpsn&7SF}gDiEVY?0+SoBB
z5xGhOx$0KE;KR_-;ss%t3ZPLEE%+hMcwbN!$mN0$jaKQ)i<1O@8moP#Si`baOdgXR
z;xjM~7US9dhq}^4HkGr8^#sn`n4bnLEgg$~p%a&;3yvBSSY5<2HRUKW=eT<{gQ9<V
zf)|aFyHp#V&;PrOWjkWJkUWw{V2^@j&Othi?;=u;U-Z@bWKSNWQbY>&98?ed7}YEt
z^_=>(M)rO=dDp2p|IzLDm~mOsK;HFAwTUz#G>;isYR;c5&H@YrZ*;A|*(xQw7-xK4
z^Ht6iWHexQ?amyiiGh->z#UB*FAQy<d%WYV2mZ2%Ahy%^+bC3fr|luyRi;vI3rV*{
zZdj$(V&u^f6jX0u@eK3pB6Iu}FU_H@Wt^(Wgy(74zOHePUPs4KEPNBAIBT)}b6Q#r
z$tHFyxh}v$$Ki(q<9zGEa{qPERp)(Bxy&MfrQYnS^=Cy63^esYTFFzl#>JEedS=@@
zLAwZ0GR1H|fth;>Wr_3>hVQ%3WNqx((xvf0)YX#EW4%8NgI}Gz95;awdz1c|!6AY_
zUuVRYXC#L;Aw9JKxD+NU?E5Q-jbxfeb38L*!{FzKleZOThkZ>*V2S&{<`SAv$-j@9
zsECt)HugF7hDvGyHiPKFjHzj}A6cPNv~=4UwSb`^4n8?`<~p8{A+|>%`09z-fnU8B
zb@OJj*S$YJ2zmY54{qZJG`ghoH5D5ZG~U$=Gx2%k@HLr9V~KZ@A``tvdD)JQ@dMa)
z*-r(@%MZf1el416x~6yqJ&5eG`=(KsQSio6dXol6MP)plip1vM^7RIwZ8>lb48D3@
z{Cjl*Fb#q~bY$Q}W$y_!nGvr0c11pCD*>xDr9$aci)ns+>f8D21aOEm*}O`PX4D>$
zQXRjzk+(Ig+Q(&WJeF!H`<&lwu1cU#@^CZM@!>hWaxvct&>fe=rf89@!In+vg@mvd
z75nHw3Vn9sfK4*75#{gQ7qFquNKK@n48~bV1KCK+FFhf#TcOl36qE6s`XTq2TcEk<
zw8?CONEs&IS|a2FCE4Jc7>fl#eecW6i$iiW`+L04-uYac51x>pGvWKXkYQb;FJrop
z-PZrDI2zKWQ3`1s6Zn10Cv^T@{Mma9>BeC?cf!n5w%~ZgY+-yFop$M77c$#w9d?>j
zA(z8^S`RjNiWfHjoDg^DQBkm!`>rA7Z8(uGa30VA=XhU21r!Y}MLws;a|Rm05Kp+2
zQ1Rvz3^lnwXPkv{d@fOg>ERWvX@6L9KShL`(hpCpmdY>g+1$2$=)4s(n)`zW&?wSM
zzytNsqt|CDnOX{{xVk@lff(Usgr~VMR(yp0^kN@ApAf@k<5e(C7f}f*%^mwWzYt}2
z?tDZ8fyn^iJ`*&)$4V0_srb<ZobtzT{=)j6wu2*L<6fp9L^bje>E^w?f^o~BoaK>f
z&^^c;KDXi60MPLq5*~c{dse9g-^T!B28H!Ki>?cY`1J?}R+qk3Cy&-9f$qgy7X&)a
zt4!GXW&n6={W1xJP8Y@Zk^4Emy`Kc--zUn=b?hWiS0?kO;T1mQi~+#PYChPzstWX$
z$8}QvA0lPb@C@&QW0C<NS8~R87lR|`*(Z?YAa%}nS1*=SZtQe6&H!+bPjEVOHak|4
zx<WF29PIV<A&q7wMrr;QkJ<32S!5M3GdY?`_M`7?3?GDIpe~*iM62IBHBhj1qF~e_
zDA6`3NKho+u@&{=9-mXMsh`Q7k`GhcAU-bTXvk*NHG!!?D$D!0=j6>a!Rmv(llV!(
zmjnLv(gFI!SI=q?htf9-Qj33S7}BuPh<_0!b~R&!(po9saY1UV`tnL<fy7ElT>>$b
zW|>_3B!80E)XpLhPLU3-Q&EF?luQ=*6o?x%Kn?TrdDuZ$DRLp7a}`bQJTuw%Pptq$
z#h(Mc0FpWEW$xtS*PlRFN=!%39a+L?GfFZYuul*bFL(zpa_G#bz*~26XqMNTiJAnx
z<P15oD`9RVs!R8M6@3H`gB{CJfw2dG+lwzf@y>9=de#`g!ctB^)`TIT9w~Z4?vMMo
zy&2g7{csr-5#NcZ6^iY*)a`qyD@15kB7u#m_0Ft`%4Wi_Odz=TfEgt4Ze;A;ap?!C
zehxSxFJx#q=mImJIR2zrT*EUuf5qg}(>*|XJa{ZxKVlC2{3oqE=5^0@(N4mh45)}}
zY(S1x#8w|rz=OeFH>M-&HCDNGYq!W$b%aS^drP6Y*u7LIqE%u~6(5&DVFAaR7Qqd3
z2x#mCwQgO^dRt+>#5JCN|5b4J@_Mw~{CGp_K-UQuI3=zihSnMBO2Z`~0hd6h?tQ9$
z(D{+76EC6UJAV00mMbb@Bt9+<F5K(h$;8nzzJJc8h{0q6>~E{fY4$~{i^VF;{w=04
zDIwKrjK`VAIqqPpUm>mWOYU<(YZG4m%q@+apCIW@i8*Up>}^8ut#YbBB7%(6B4EdQ
z@NtYGsg9BNH?sx<wCQ9-4CHSmtwEQiMaS<4LO%-YMEkfF$+G$@X`Ar08O{#IqVIz3
zl+_q!X%}~bsf^oPijr4JRJ^-fJcsi8`t^MR@rRROz&^@HPNYkjEHCpO6n}#HAB<fe
z2zL1Me5qtR8|3`nD-Ts~s+RYmA|<;A-EWN~wq~nJ`0Qc14!s*<qo&}$jTZdx5WJ0k
zL<~2OM2`2fNQB$b%Xbc}y3i~2V=3}epoS}sHpI%H%6N+_Tr6wMSs8eh`VsuNQFmR^
z7_l;7u`&><tL86`L{CYvOOZgZzCUK7JGMDS!WU-`FykbFt9rii%DzDoIKJdRHc@<R
zneDQ)GQg@kB_Z}?>qs5_*)&SDy5#?;?;YyLk_k6D8N}~fVfwQ8&$8Q~BbL&2@+Z}a
zte+@9o2+`hT=uO%=6aCYMkG?QO3;1c_@~jwU*(&GW^p$Hzc6FY1(r;H%%4XMdRA`{
z#VB>erat`sXIYM>FD0jNC7^BHtkLirt~yf8#TrgFV62WWE%X9>BX}J*nJ9vOb^DDv
zRS^NSO7`*g6-D##64Q7X93H5`DNSkLuhNcn!%;k<hN+4Sjs|`iOEUkyWL*J44+cd7
z%$3{a|D1WULoun4<^R-JqC!I`0f!6a#DrL8K+fdP*<f|(gb~0d3|wZQ_~&fI5n==d
z{dQC3uE7P2q9VI3t6?rnvR9Jz;`ljMKsxA4tu^<YkLKm@f^np_Oq+P6GgxoNb>d7d
z`4f9To{qLG>(82<HmR1kuI6#n{q9cyY?Z6wX$=0od13Ww&X)B%QP)vOn_iZN1XG)d
za?Y8ZhU0A!>APLJf@)(-TX?@p+7<%Eq(;K+@WmHZ0B~x9+5@r1o({>Kk=eF#3e@EW
z-s)?Bd*W&pK)V!Ld9x&VCI0KZCGwgj<U1Eb<BBDuX!=IDJ^8Rv)!ndp;ir2%v3Z<%
zI={B%f^g=>^0XLKsSq?H8PyXTV>C55tiGYzo)NrO0P6ku!Y+=;@^_Hkm6SS&aHP~|
zK_@oPYzPQ(7-Zj9|5N!bRLwb}Y6H<qb3<K-bLYGX42UbcV$s;0F%K9GG<`SDKzv&f
z!6^|y7i0F3=i8h~w$SkVi1R#+Y#!AvJS%4L$Jzq&L^gbkEWtx3A7<!vE#Lud{wJ1v
zN!g8x$4t%8PsaKX2xJSWPeC87uHK|Jx{QU1G6eSJjqSDkXUX6f@xbV2XXl2ohMaub
zY0X>yYsM48u{EFrd06u0AV@f85#Ji(j3%4RQ&O&9IJ|Ooy+>#T*B{;4$9g_}voP#s
zR_HgJ!YBg;C9S-e;IIanLaOQdX$KKxBhLnxY!6~oJM^Bgx)WwMJZO}>x{>ob>{GmJ
zun#<xg&&QYAgm?n^PRi%Qpx6eFbYM3+srjGl}v5c`Vv}?zn&28EfCO4lVO}iKXb!u
z^jeE}BHDtFJBP9d@$6ZP_=SA(Y~B;n@d}$ci~DHSg}&$zFTYrQ<TpuTb<CpjhdvD@
znFQjNaed8ScgP!UzMByD;E);O<;G!dz?1}3K^2wv6i-Swd7mVZ(XX9U_Gf?wE8Xmd
zF00?|Ro;D;eUH3@x0^l>P^X4HW<iE`CoJ8xc5u2Q&pBLX*@g9t2U$?sCY$^$sp@_A
zga`SVJ1m$J47kiWCBXxZDjJ?;%whAuknKMu<X?P2&ee*dlzg|SZT?=okLInGl|Kg!
zO#<#tiPwLFR)(#P07gyU)a@IoF#RNua6y<ki<BmIKrYPDrLIF>V5Y(@jRAmJGCWpP
z2ykJ2dHZ~>mS1ojSVp<bxI!jocR~aPy~|*xcOH-qdGA$aJd9S-G#NHxYmfV$H^m?2
zBy>&eASG9o_%=Cxy667zg4F8@X^)I6RqFk{(<-^BUMC8s^ovkB)?`I47)G&~ImdP`
z16#5p$6IC6oa0jt18XuJVS|DBWvv*qm(&DaX_NJ&aT$LU<#%V8s!p&4*fo<@(QYKM
zP3vpUQUzC5exI$D<%kTXkU3{V<}qI*cU8P^Gemx|w5f|5o&-iz+9V4zlKw%hXvduk
zJ=-O9vL2(eu7-oajDTEHKbEvP!i=Whl>dH{LhxMr%d0G0fH^RuDQqI==hq)gvOG$5
zZuLrC>D&>_bT(9~?h5XpK$YBx%-`u_%6`AfMx<Oo0x$yZTC|Fh<W@k^Ze*ry&RC7p
zTML^D$Ul?GdNXUt5N0w(Lio7$XIrnG?$o?;M3VZft#Tym5|}xG#|`3&GwS)If|r$-
z$(%V<<Cs%6((46y+>6NklrePXnNub+aSvGB<=p3d3FFo>oi|k(%&g>u*9c&>o-q;@
zZ@({~OWNg>PiM0>##2j*xdidRh`3w%ayOoQRq(brk)JtLlKLlsku$+^uh7huIvZyu
z6NPWUz)qs@Ou$`q{+dMr9fpXB=2=Ergu-w4Iu(VRfWeyEx2uM7!Jm@3N6z`hul4}m
zC!4QHnVxiLyej1w>`sBNmFM<Dm&LJrd;OOStUXvmmwT~$7G#qyLyx&@E}yCoJb(FZ
z1gwsnf0{cd4Sl*vcK<Z_ZFq96=T+AuN;pAdX~4_uZ8uycaCHN=*FcK<?H<B+gNu>E
zfb#7CC1PC8Z&u24*zel>C(btZ8W=xlJRHAUkDCP9`%mPN1K(X~_nb|`BVWVbt#80X
zbTEJg)!6R}0!ThIO%%KSRb0e<u{rMWdLtja#4=!ScoZY|Xi1qQ_qgZi*xze(UnR#F
za0(kSV3&UqBlTFgK!TRA^*e=)8L;cpIC+s{zSF)|n_8E{Je-C5?m-z`7yr2sw4Lkg
zd~#1;=+?L-K}s#bRSeJ@X7|i*QEoG*geHaphIyPm#B+B08l|Bs$V@f_iteWYdJQ;$
zUPwdPaqmo-_;40zOBO7>@?uBv$xxH;6Z5aq0Mb*)@Ov0VL{-QDL~Y-Zvx&6bx@Z9h
z#g4JAe?_7UORVlUX$6;(z9Z~MauDgmX6eIf>BG{Fd9neRzgP}ZaNs&Q`opi8Jby4y
z^OY8Q!3O%x9US;03V26_eEZ$LXHl$fU`BeQ(H(5SHj^j6k4&oDUlV{^b>q#bY~g|M
zqS^20fE(OaMiSqUo<D4i?B>U7xN8iFh{|yLK@e)@QF`??@6+l2vtz;~-@mN^05(z7
zR%N1=#83T~txB*Qupl+vVdj7d=<bRz$R>N+6ef0)@RT?}<^Z<Q{REZEjJyx_txqY$
zSS~dg>G^jYlpZ4emli;f#*U~Qi<a=VmGdtaTpUnma{lXAxP){wfNcgIm3>7*@-Gt&
zhXK-!9U=@(X8pml9S$^%k^M$hMa^gfW<w`O5cI_io)9|~ykbCSh}-&u(zi8aAb1sB
zfCaavtm#L7pEF$4lRL>+^6vM6>L?`U5*CZ}I^7=QWoL-O7%j6t+m9C?3MV;4<|_ig
z2?4-6xX)j6_&Pr#RxJUS3R{F3cmHEuQ2rEpL@ZwDj^JO?eQB-Uvq5wcvNinXHIJ1c
zv7r*$g0+WA!~I4o8`oiDEZ4l|AQUDff!%7u^mehlt#x$B={HnYHKlljVjl_&vH)g+
z{j!F{e3&fc-6(h(Y)=bKPk|>hs4~^;{F+B?On{(6J2frTYi7`1HwCsT$0O_f2ENjy
z)z_!bP!~)&-*I!%0K@bp6!2g24YeA6zrG|#q4{5tYG&FSpBK_sgdhlw(7qrDAsk7f
zo!I1C{E?l;@X-L<8Vulw^3!>5YH;>f5$<QyW*YTb2j=Yk1d&%yaP>+bv}HRhvKOYJ
z(R6l0@&||`iYVQ)uw;g#i)P0V6D5Bc0lOqWSX~oCQfv?t6)TPSnk1<h8mog8#*h+U
zw4i5u#DPUh$1itWl$VG}HM$?lU$h}@Hb{xy)n@xm->9r4#Jp+z8gxHc&1*wW=Q#Gu
z(GC*0G^q~E-}DN4tnpX>v?00kvNS@CI#Yo~-`xO%0wgj7vJ0naCpMG^YdZzlc=KR<
zgEa0$Q!q-R_O&{@3e`cC8$e+W?d|#@cBgF7nR(h{kHDMycr~M9(V1yC0LmQr&A1|p
zZ2y6%<}qkG>vQrCyaS6)=QwTk+2UQBik@GN{RtB%svW5qcv2{RDnw_rmfvNJh8G={
z1JqR&XvhedJv8p1P3vF%X+kTLDG<lM7r_^kN>_Y4d=;Hp!XrLeCRmUlxGT?YUX!ie
zSP)Lhw_^-`=`h`GwmRe;5I>ZCG^&s85!&ybv#{^+v%}WPh-_NBUY=O`o)tfOhF1PJ
zH-5mT>w0UzpsH`_D>JkDCme2$0ecxU&D_y-E7b+IrU}OGEbSxD)umV6*K$unhno5M
zf$k-MizhFPt-ZxM0BMwg+INl)+~MLkfOA72{%$9o)p}L~5Y?T?YK;I5$Ly2vyW$qV
ztmbU}$nf`A`o2@4_fMY$t-a~TE|s=2x_dJN-jUoziEAwuUA6icfC3LX5w|Bbv?r!d
zf@NvA#<9><#R>tROPgBv_ecx?<*oUTa5w4x@uh{kO6fNYqLjLbjTnVK3Cz|0DVHQy
zm0Z*Cz-#V438964#{j%wFuxu^UXfnGo-=}DpbWsD6Fv?w${OKK!0?HuRO9)p5jqao
z;aTpo`bmaBkJaEi`@~&vDZBtXd)ck@o1KG!&-z}_9~|CySxuWmys|<a(3kr1Y;n5|
z+Q_h)h%N6+SZqQaw3|YWMhO3VpZsR0SpZ>8sB8UA9G*?+YggyrAh9~34i^Nq-InZA
z7Ybx^0)Dd*Re+(UNT4RiPid0<xWLzy(KE}RAOviN&08V7`7UF^+=J*q-WLr3sYZX!
z0E$+<XMBismjke%J73E;{=4)cFJP<-7l+}VMLgdD=}Xr`s?mLOhOr@op46rx6Y{SP
z#h!w79>~)&4Kq#Qydu95*eUzF#Iqg1tr<=8YH4uFB<uS?haJGBX;BW^i{4g6RI|_=
zW3<Nu7iIjPufij2o=4OCVsC-E#%icyCMe!|{GRYSswlVh@~!KgsUWoF7~nliRh{0d
zDgk+lb?dw~-qr8UHad0}L}pDKfccpVLd%bN1ndc$HNt~gTz%{Hua@hN0ZPplF|k=0
zChJDQ_@7ojP9@l&h#z4E#y$uFD^79t7m_ToCwd75UgQb(7dnHDma()cu?Y9i{DyGO
zvPGp1PJ!>c@b=Rm$)LYa5e3L;mYDh}2?a`u1*Xrh1R?Zm5gCtxcHiaAezcl+aG0)H
zO{{dIrka(%WIT@3h<Ia_b{X%IXKss51{J-EPS$^k$T1RUzN%dO=$(I~2&oVR!G9e3
zGMSkTkaI`B`f_TFx=K66X-g#Dt(QRuWYB9?oj@~R(SVl`IX0GFrcJn-v7b$g$VhNK
zVG5*~v`4mU7X8|14>4{>O3XYlx9rfNVz4g@a^OLw!TdWu74X(-n0SPp;Y?M&jT~5n
z*A9w3CX{~g;e{6deJ^vLG(%nf?@dqa^Y$o=rlM$zrDl{Pig;uWOx80<5EBJXj4ZpQ
zsLD0I5=v(_gc<dblgLCRnFco!TT{wBYhP^)3IRxNOk-%YU~fMzjxV1o-PRDcu|ghL
zRCWpy>mri&E)B7LLmRNrq%41o|GnV@!S1p^%_GH=$?CGWJM;-G66v<Mdw!G6w;Wtc
zOz~X9SleKj*vw9Kw)9e4n$e|xVA1C$IF1xt8I2nb-6b2U@-#!Qv&Pr0+bp@e1pEe-
zvG9EA3AgR>_pi9m6Lktoq;v&qF;ow3rzSnZ$bME4uIIV;B`Bh~x>R~kOcbZm4{@k`
z)8sWA1Sw$nUmbDzROP>Nk_R-ju8Cd=;JVEwS*sxYRO_*iK<!hLGhelSwx(6O?xg?R
z(cr5t_5=rx$c+K+**C#qd0I|Il7ubyh+aQu3TT%f04~`?pe*(glzB{qRj~sH@kR*=
zuJDM@hxN*1S^p%{vLB~{XKm2pD|-q9UXUkZS+|qHIZRT)pESSe+QNX=Z)v9$LzIw{
zu#n(Pzi^}7H}6c5pEp9dk#|F3yx=d*SBB?~=t~uadIvM#$kTrf+-Rf-2|heW5D%j$
z3ieK>gy(5OMY;Zm4G?+lG5j=+4@ZJDE7gOh^97OAF};_MnR<OcNb5^aL>MTNqDg4h
z>y`Bkb&S)mOTu+kCk&KHI<dr=J!wqj*%GAK9%7N{mu_@nw2^T|4N$_un7n$+1SpBA
z`83O`6KWwV)K_zYI(|+aVj<uWvT=pGkx>xK5kg9kW3{dV$&m`Ri2P_hc}~qTc{Tm5
z)S}HZdE-e17f#Ncpi1(AdOaYHql3>{vIj5fL1=QjsyZFIEI_@k@-_nWgpD47Qra#p
zRFsLH(Ug;5=OJpOFN$yM(;o7oMYB$j)FGrVFG3S%`<^AJnzHk?Hpv8V8qbnF#!qOF
zTKfNYKKCSWQEv3WxgR(+cjt)E3_N(kNhS7Af<~wCabM5Qo8bwOlsLA984OiM>`gM9
z`!*+d;R&A=Ij;B_49|CDAoujN%-Z-0A`V1%-+DGrWFTvb9Qzc6eghqyKP?|nTY8&~
zSF!j9a9m|4maQb})0>l&z{vt;h17kkn?D7X#D<z2B)S{<2F@nRE2k-=_}^}d;m)j7
zbm&YKAg+YwYAZZYvz;tDB=<^pWLb;Rp^#^?Zv}ZN{hvP=!Y&12<q+<Bx@K;yS_Q^7
zPq1@+qJG;TICgGEQfEKCc03|>+ycmxgL~<&A_&j=5Q%y>1A<^!z`O(%YbqCZbDN21
z1l$9g%`%&@`ApVGUI`xQmTMi(fEc`T9+5YD79jnc{FE(VVAit*s7sK^QFT)a(kFtx
z0((p_T8hgkNi`L`QJA2*A#2n#+`o?lO!_AS86BF<@0pF)W|xs5&bcPTZi<Fw6Z{bE
zJw!-bj>*37#Of<qq2U--VE*JJSYCvlU2W_nLOVk1==B5#7%4azf7#Ka9DE6=&Q1eb
zXQjW)@@9LW0*?77YyN!-esMAu07R@0ewjY(znVV1B7>LUo#cG-)-SO1F(&+Yp=XHN
zVpzB@k!V|nV#18SbFX-19DxCd=vUy^`g{<|i8$B!I@D!i<r0;SjPUvBF9yIt4+kg9
zFVN@^39fe8-ISPjE@&Z35UJl@&+zUb$m>8uv~ooPGDC#a|6pLc@1-JoG%5k9f2$fF
z{r&U1mazZjVFIl-G7UIt@E#|swmHm1zgB4F;l22n99_R}Q0OuKDFq3yT3D%xjL2~0
z2@J8WmX_>;j{1d2(3Wh|xs^#3yK|o+E@@nAKl|bP;DpTuVn~h}$Io<4#IEO~X-3ry
z__aT2z;B5QO7F9CtA0n(JW2I0ujVKO4e?X0Qm}zZ+xyoK41Tj!&#-o@F0Fg6!d`W&
zljGIb{a#<gJ!6WVUYfXtJ>Gl6iNM`r*K-deIN3K)xm1HHpUE+0H~5JY**KG1V0rx$
z(^Fd<;ucgvdzK4+8Ad3$hoqRV`sR00;q>*~4IO=FCj`i+$BV?tWA)sy&OY`_bn$m1
z8e_0&#|w1mITNf6oMuXaaHd1mwwa&b)hzh;(ME2W8DnHY1k>%o9t?Qt>O0#bKsK?5
z+oPYA8CXUt3iB5%jI`CiUbpvRy=N5fQ@^hpxwW0cD`K4c*_B+8X<%mQozi<pmsFvM
zw9R*%tfKz8TH85JnR|y3O7qn$Hr?KT?i@Y2Pyf$D$~q%-zR0{>HO3R9Ti~ZmnJ}u$
z{yWO2zqW6!nq#GX^z9%1Zf)P04IqDhyS7j4Mt|G$wYJZB9yqF-6gsTb9T1a0z&%te
zrp4Z)xHweI3Or0a9dIg7m<K`(@P>-N>6>W!E0CtuMJ(BT-<k);>c1&pItI`7Gx=Ck
zcw;C%-lRHxO#V0G;MMa0mr7*{jp39Rd{-F35X1g_y*JUy<XV(R@4-jyK)5)XD$0|u
zpWLd9vJ+NYG{oi0=XUWf)op#vsPg)CO4aYzkl>2rKg7DCB=<qKj&&sfLwc#kkS$g@
zC#X{zZLecTHq*4DuB{9QDUpsWFgA*X7ISDIwF%O)FtezvVySB;I%1^$VcH}cht0vj
z*2+~{+`V3sA8?t(@jMIkE*)vs+hJdtf{t4ONM^Rjc8oF4o%yZl8D?TaPvK;L^y1r9
zL!_(#-KAi}soCwRPGVhE8=5_i*EvO2>zAtP)a9S~{cezgdC>1nAMWVx3HJ1GIv;M+
z*NDL9{=BB8pBs<4z%IIiF@4NnfAjqZ&R_w<YRIQ<_Af7ed9i<g8eOsheuk&lYCuuC
zIXdo{#IMqPxVQBhHJ~1S+6u=QTn!3o<?jSrz(LL@M7cYik4#X9ZjOeDSt6h|XFl8a
zOo9W0EjyKor@LSGUTf~;kIt~i?_Y;diCK3-Rt-_RdjA{iJ-@LvL+LI`;nU?)WbtZ}
z&C4zl2lk>>Lv{gvZcX#s2K8b5B=dRBApfMplQqK@xeIC4Z3W0wmYC{n7Jz{_w1j~d
zM7Ltfj$HavZrp@e_;Of~6I#Z~0MWkw-ZFgwRe%KZ4#cFcIlNgHgMGu76=T%)w|S%)
z%!Xyh0i4`vw${IBDEC+5YZmb#GehGJ3*^=wt-R149Nj`&^s8;4CaCBn@oU_gF`xHX
zSItw8eKHD7V|G3=1%4Vw&Z@Der`!r$f-iAfv#V}@nOj!=k{z;A-bQ!$`O)|1Se4G;
z^9m29;rFaREYUt5V>X8U{<OyfO<oprsT?PoAH7d}SOx^Fn*SdFlt630&}$p7x^N;j
z=tyY=C>;znO=>9l8$-fx;=)NGLtbB&si=$>PCEa_@X>D!dRZf@3nvl>{XYWShpgI9
zt>IFdx~A49_c^sbJkve?ODWk8$xA8vbx(%NC*?A{Qnry&G4l<SS?>VK6_2>JdPsWL
zE1o8%*ZZn3pj`D>j?VNw*E|j%dfnr2jz4)E&hclD!#V!qaX3ehbdG`K92b`Zlv9@e
z?xIQR+jm(a4ol~F%2ShArvJt;`8WGjfFASO#fje-j{Ii73ed8N-C^+FVPNE7rDQjT
zQ3w9$VM?1r8fxERsBwp&(h5+!AJQ=L4#V&}4C>%R8dlw5SVqJrhcw*0!*HF5*@rYF
z-(@IqmzG<HH1xR3(3Oa<4r$nYmtn(QhP>Y$(y&aZ&3oXGhADzD`in%Dj{sx1Al~{2
z&^H(vx-iB0+T5oe>ccXb`!Fp9P`YZ_sEyU;hc(13A8I}+OAQg<kCNtf)7bh@x@lp=
z65F|LS18@J;CEC2IgNy9Anu(2Kq)H(Eg?ZUs+mu!nu2<^{g{Xpld#fnn>`*d4p7Qz
zUh{fQ-0fU|;!`at#}8|W??`lc(iHRS+h%5MQ*B%gni_{H@xB~@+Uux>_|`;MqN4Gg
zC|ScycBW)KGue}pjm=~`N}3kLJgNXF!xVD@jc-HAhGw!WC0m%uK9uZeCfoIaGTdU0
zIZvZ?xYEGN=t}AL%#4590Llo#^+kS@sADR-)XF5@F^7IF8q*_{Fq631+9YzB#KXZR
zkzf*|d?sNIVqS<Q>QSQ1rZOgx$0T;uGKrFw=+{i5s)e^WlQ65rPq#LS4@~0Eynr%V
zi7@dtF*l%$v543<-JpzBqNsJbCnunc6FRF0nnX5}*!ZzYm<GJjw(Eyb)+pW_Qw9Rc
z3WcHelw?3JA7*yvw4)m8h3NFav=Oxv-T?H37$Vf|lv}DAJurt}Gm|qhnw}%4Q6>hc
zJ+3jJ$7eqf4XA0hwD`)Vv=9F531~$XHTIZ>THU%sE1KQ>c;3G3^t>>QntEisR<wet
zfCjo&%pB3EeYr27<<3S-YE3C1cPT$(9*gmVubTqyJc>F}FuC*Ou(i1J6tT6q^OzUF
zn!Q^DaOVvtcH}f}L;<yXz5%!+EnOR=n8?z8_9%-z?m!tpouEVwiU8ER$27#;$zwh#
zY>uU%E`T~wDdARt7}Bp!R9>^dF|RnFwo@z}fyXt(ck50M%2_wLYeWHRiW0Gm`lYbU
zPEm?m*}+W!wYJE9Q)bsz%A0*|s;#30E;A83y#k<C6TH18Z#AWiC2DbdK#fy!(27=_
zA+zI@3RZUS#()|rvcHzuk<!l2R9&CQJ|(k#BD?mqoPei@Rmp#jTMg+cVl`xmJb<TY
zI6X#Aqk9BUdu}PflQ&``3Cnpxu;)#(RGF^Qt6D>~(g{nI%c~X^*Xt_+u76yLnN9P0
z41vP+k1Ka`!g$R9lPFE=4ikv37p}1K=C<$0?*gv3T;b|8DfBH@A?stF3lzZBz!k2p
zm01mBmeBxkMYzJ%gEA|^6>nwTBTMfn;p)#a>yBb&#g$J6T)JXaBIqP#e?SisO-E!}
ztSi-<n{e6I1#qnmS4*9wmiPd!wZ$k|Z?pNlqVVk_81TVV6>xnXuC|n{pPMVKdbujl
z^9m+w?H3&Z*Gx<GILSEEG_0Pfd1iT2aqZte23!-YUi(TiPAF>iS|z|WF_a8J?Sgp#
z*Qi)3r5=-vqY|vXFH{zA4YZ`(k(mRn0bJ$N78<ZW<L%b*r!+MDyoCm(S;JNIr>VN7
zg@%WB86Mna2z}pC%5A6YE2ycQDcxIWh`z@Vd5`A#78)wuW2kVCS@&0E5pU+gJGgy+
zwaVT#z?1`4MyzdJ;nSM+rmK$k7+T+B);q9H-(xs@PrUiE+<k`9_r)8pqy(3pa=!5j
zr^ViL&-)A?-)BIpMS?BIY3ud)kCbK<8$42)qUBnVXTJHWN}+-ZTAj3>G_wtiKBGaY
zP*B0b`wX-0Gbl9+D#-miL&Wb4N~3}bHvP`9@^=QcML`AC9xzmTz@WA-s9^X5hQ1FN
z+$4MINonfBa6sAortblnOA?+xV0iLC$bRDwhT4BHOY4F^80P&!i_&l)nG`4~ktDjq
z3L%cFV%4Y-fcyi+V^<$|&e$*csy0zRwrEs26{TR8csSFpZN0M^lwYD0T>pdN92xO@
zl!6Z)GQ9baL3tLX;K@UV-ySlkTC{>uj~IqLVo-yl6`Xs-aP$#_n`HY=$=aq-ZF|1u
z3nJMhq48se`j3U|C65^v5J6fWKW2FFm?415m<p2qWGMD0LnJB4A1j2qdg2#<<-$vd
z$4~vwI;5P+vU#qav?UZc>zD9IJTC8lR?Rq-p~)I^1+7kHY_cIgYEVAp3O@dmq5Yo>
zN;j_H;hzjQh#0^XjCsN^;0c2|nkxwZi-G^epibcm+W*Dy-d_xElD)=mvfv0nDbn0m
zon(`QpZ;RF{Fjhj>M29<r_9ni>M6sprwjp9##FHTDZ`GZ43VTD{|<kXMg8cn@G0@Q
zi2qrK2U$1S5Wj@C9TKLC$6fr-s;$V_WUgsI)j{I-M7zn3p3|U&PXqpa%J3J}B=<C+
z<KGOe|7M6RJ`GSSOaqSp&2ac{fqW@OwNp0oSA7`$>_>ro;~9hgi~(-a-O6UIN=>@_
z!?<Ono75#dV<_^BS%!3e#?avzLjbX<WWdU23`?IeM3Ny|?P)-_LGlgSGG(95{^~>T
zxN{neAtJ+k<?UEOn6JFm+Y5@^U<N+~w2*fG`9a29^Xo7!rLmF(RGBypz-f#13wuK>
z>7oYZi)p}}XAIY<N^7P8L;hjt{ttt?e;QEuIYW-;4C?7=!1?D4dx%Jz1{{6Cu;T@T
zdT$yq_9a8#mkjDN>bHLxO8m<Z?U@cJ-%JCp{mXFnUnV~6bVhpOh19eyKGe3H7fbw>
z;CKt%+C*r3S~eRZ9n1PX;MfiheVoY8yiE~pYp5CtDDQr#C0!62LKKcbMQC_nYnbBH
z@V>(Fj>6%QmXe0-7c}`2WWB(d^qPBGFFzL28g>PYWI>qUwRu|*hd%%YTyPw4Fc11R
zGG8jz*u41GTuFjwwqWns8JKFZD~T}HJLPY8%D?20fAN*_dkXnR!!wS-_Wl|FVDt1i
z;}?|o;{R=EB8+JcL8$W0QXo}4xo1Om^%V`ufu+C#g=2=op*~v*<aBWayEvjf%Yc-7
zO97-@r+<|*OM!hZj!iCZ9k!4nb)2BiEZN$-_M(7nFO{Q*%H<iPGqN{j%45G3y0!Q5
zMe#%NT$N+C%HeHzLbHA#-mP-%Br$FZbAPbKAPP__v<_}{NrRGjLc<M};}?}9w336*
zZKv#C6$4bCsVdOT;dMJzm2`6?xjBT%C+(6aGsqyl>n{nDo4YyQbaU&s?O|??A#QHT
zTk7UmO!D#sF9Q;zfESlFsI<H|;^z3l%~86v$WfD*0Z-i=58T}PS?Hx*)$UZ)H(RqD
zm*vkw8b?!&L+^JMnKsW%x2m0$Ad@Nk;^8~3LmOR|uTs`HCTX&d0?tZ}G6hGWg_lKz
zH)$MSYofweG>%J}sIW`t0R8W|E{vbw71(lFqQvt=Jl@_3xOh4JI|r=~X6f^VYX7e<
zC;h*g_`OJ+ZEGsE&cxPQ^DDxO6wx^f>cWdiJ~wtnIlM?)oujqR(Xy1I1p!Y^LH6tf
z^ts|Ra1hY7fg^XanM=;R8CrA_8TN0aE957|P-Vn2V4=vLZX@setD5z>v(-Ase4Se#
zLTl&YXyM`3XV0#CI4%)!U>Q)#;3#Zxq^w&e`&bH9?UeK5XQi)-K3;BcEH$W8_6xTB
zoq(oSGkyH*%vn1k=yNrF)y2omE(?y>PJr>JAewXmx@P~;-?7Wh!e(bC{fJk6@T`hw
zHBeRLcXr8k`R%#}C1y47qrvfm!J!mb4RrN#yzk{us;&m|25{sG;7}T@23iJiyi3G8
ztAWn~IOYU!B)4A;^CR!cz05@F(B$E(tuOVflU4%{0yxeDaH#WF1I2tCxqTebD@gWN
ztAX|BENk+9yBer?UJ&1}2C@kvrQ~Xe<7N+jl)XTKgEFrrTYpWo{81mrAs@LeLYHLJ
zkti6SUK5B4WE>tQ5LJ(H)M6X~#Ad>3EaMo-$S>tNvKnX=4a`o{pq^X}9A+E`7>9QE
zn1<kUcBpwS!-!bWGO|{h2Ib{34JzkQIHBHI$emT8ii2dKc+OFP3K@+Bo6-d^?w#|G
z0_3?yjT;R#xUNA>TMabf91S=}>3d{&44~d$4J_mwpK)RI6kF?*jQZEL%=TRBKhHUS
zw2hu(8=Xa=*OIP_LN7SSKc><8d56(G&O3~T=3e9PbC;b8vfuyGQkzTybFBgL1##pF
z;!r}@0QG`6>I4z8z7&1Ct26M;^-O-v`jVY%C}12v=XY=V+vhX*y6&fJU+11WXQ&QT
zIeu6}&!HBd*ae63*`PZbl<S8zj0ocBP6qvTSVPNTjyk~{O7sy8?}czQ4B=4nAJL$N
zlFb}S;t>t)LpdrDQQ?S&%HbUO!Z{k&Jfguh6%8Ake~pGM&A-77JDGo@8}>8*#x)#m
z{*70s9nsJxg5#|S4)u#88XiV)+#q7j5e=V2atw;(P`^2%p==aKd=!Ve|A>ZXQ5?S!
zar%gc&CwjoqB+#GBO1EKaC{KMq24>9LCMDPh=^xLG%U-;F)tg3>N%>RQg)7F**Vnk
zqZ<Cq&T*TF+($Kx%E2)p2Zvhxs0Mc|$CDf!$>on~mNTejCQ^qcH#HMmheo$Psv+-3
zM>W(LA%M+}Xi!sJM>HVi?qN;LHdRK**(NOpP?jj(eLsuY=F3=)FJig%!<Xc9+bK`R
zAHMd-a_o)eavrN=OAgKkC@U2f_luBxCzj)OteD5@*plP2Iiv;W<ls3uj1NX2<I9FW
zwMD0p=(UP>k`!G!Cr8Pg!st(J(K5v|8vRaAj^;Tz^tmHm71qlf7lx6xb&B_;)HXaP
z$6%?g^GIoxOeJL0wj(FUHqth0B+_3(7-ycWGW9LB^`(-&^@_LauR`CAoE$$%ee*|3
zzWJ}xmnRoTTrLiMUq*ey{QADK^`()%RK<H$>Z_NFqgF1V?+07o53kZUHW$Ze()T!{
zzNbTMeLHM@!P#jos(9<)5c*PcajcR0{<ihWRHolrZ{^~+LHYtmA&c*rkhcA{wyLCU
zgW~;GY72_v2#gcjf=Ag_je3Q)T5%k&$8qR+GHCPvj(ptK)}6F{t$5>a3T<8EI6jiv
z3fkIaDl((CWpNx!NL$$q+Dw<Jk+$>p_?D?q>Do6b-bGUL;W&;%Qu7rXJ2J&GYJL#M
zai28*mH`vyw+K9|h0lJg6L9F}E59q6I@GaL+$)Hn&cI`<j4>ESTs|YN06f2l+|({W
z?puyY#;bmG!7*=`XCfatM3uc|2jF4D{4(06m(j;5g9g4Q&oIA?L4Fz49Wqv?moeTc
zg9fvwu|viIi`f`tSE;*0)Wh_m=3hwn$raB~ham55+nCQC5=z}pCt=xzbRR45tanJL
zciVo6<xz)(KItWV?T|1O@Z5H=E>6$7-C6S~)Oy-*Kl6$7%zH0nnC3mX9L)cuXFldI
zq9@=f=U^@HTRPTr4%Q)nr@4c*aeCID{jBO#=<xJ)@D54O`@56Z(BYZo;9ZrT_a7&3
zybjM=!8^AjaPT*QgJ9jIG^Or4=*YbxbE9SM4UyZwBjCHE33O3dHPmXmxEXGERDr+u
zIszr{h=ajX%nuWLRm1+OZqx|>lC<s}djORf;a|CQz2n?f86uaQhDUhT3Y}=-GHN=I
zDk8V~_QK`;hZ>Yw(}9w?Il^*tD2t{8v-5Ba&BLK?n-0v)%P}=Chk9^25R#9>n~x*<
z>~tXd>U1Dw-E_cZo}m6tMypsz4)W7B5#{bWPf(A{$1yw~w@y$?X4Ot*JVCu8AIGwM
z=EjEk`i}F`t;&?W7c-$v#Nu?Cj^^VyEHz1Xx1GwU>0v&O2d1VxH>U$9vICKSXi)D?
z2V(PcMC9jC|DFyE%g-@@2z>@{H9yCBBEn_>#R_l~EWn|CeO$v`TjSjf8kI$DSj;^Q
z%D&?o`W4{lQ-Br+ROpG#`XqCqvTw*jpBLbmUqG%XTo+`M%anbdc1fGik@v)kVow2%
zU3MY;f^12dvNbJj6SY+qx><nZS1Ob(ZUzt{SPKZ&yZ1Dx`DXy(1vvr=a;PO{05b}5
zd{U4WkAcTEylGokH3y(<YZDUoy9OopxCS225fIOz^>*;7c1r%IHd4HG?rTuS9@kJa
zo})%Q)uQlm4Xte9tuj<yZL0V_r9u^tYv>fu(J`Jwt$kd>lz5IwB!Q86DHo-LVL7Z{
z<4w~x#dCZe&k_2jgGaSf_D#ITO0d%5xQ2`I9OsFDhJ)Xqva3>E@hZ!XYxp;w<3+p`
zt(wjBp>2OEHPiMsA>|*4W-3sKBTpgGOp;HxQ_g1U{<~<V_X}~fC?uPytKCd8r8$~u
z!|$S*Mi$~2UPv_4ib5RA3dv^LWmn{Zvzd+-;y7GLG?V0U*{QgU&GfJk$AdzmnIxCn
zAw5GgMHS|VC@h+3!!Zqg?3%>I0?LjyY%n#`)ngi}7Un2lm_s>vOvALo921DxdrZUi
z!W@@KiYej~|Cq5vl-?ypR4Kwyu80sZwFt+jMTCf-if~*kLO7^81Ncmcke^I^{6K?R
zZ3a-kC`a9*9L5U4G1Q|2#%NK$@*Mzug@cg6Whi;(>vo6AR5uC9VQsQ0<YRjl<>*#a
zc<8T+a;zqTe7CC@$Frgwk>su;$xZv+b3)3D%rezRGk^}oI6f@Kp}s!@SXzwZi((w^
ziXQ_n>{ePxt#qbM=%YV0C~tfWJTAs@zZgdV<*09e3{)%5QK>kGUR%`dr}mCTmS!H^
zv<HVw<&~8?+s0e*q1YcDS)5}yNlLt!dAX+lA&mOl7VqEWD`9TU#q<Dh$>JJd{~-0#
z-x`!6J%H5W9LtJxC}n#9MG`pjCva<fUKVoU1l2dRqqpKCu|3~EfunB%x3(@NpW9A3
zx91-`6dPy@5;#6f;IQ`eC9B6-JpG>j_X!-k6U0W^odk~C31VwHB#|R1(caq+vDJoT
zFo2By^pV(@tB}Z1E>Xy9lgQCJQOFyY$T22S{w$I6lKrzpPCyCk$VxpH^<JOIu{KfE
zTk@%P%31GQk3_xCByyZel=YUZx}6HlSnt0RIsTG%=1$_sl_cz}mBjISl3njow%Sq|
z>mAmSjeIQX-8qTlqa-13MiR#~Des#kjx8k5J*x*$&8~MM)jPanIDbNQ=mGqc#Br5G
zZ0Z5zD8Uh3f<sx+1881?qiG3_04fuCya&LpIApmkSx-6yDbIQUGfQwxrJ}$00FIa7
zI4p~*T2H`NlEWy;kteh#Ff1pq=}!%6SWlp4Nsj6zIn<mzfuSWi2AAXr9e+$iV|$b~
z&M=Ua(;b+3vt>z1jzv^>=`jt5N^%@1$q_Z~q`$D1sj$4@a=#?UT`Ifeq=v9k93iDl
z-`kODIqXt;r>-3Bkj+c=^iusIsY)G-^vr_qVh5kMc27X5)DtLMiX*v{+@^8Y>;c@g
zyCRjEFS29!Xu@mT9ze@d9PgImP@4Au=9c1^S&Aco*wh|9fODldj+f$42loKVmgXo`
znj_D+9>9Z~fbq8mb$kz?M`@0(rMcDdB`@0@p9@d|I);Qj6&=5(G{=h4qT_Fr=J=_!
z==eOz966Jz_i{NqUdnP?vSi1%NakpsEINKxGRHJo)a>{Z$s9+LIhv4&6{7MXj#mBf
zFAZ6>Y$o1xEo+qF(92NECeVngFKm+^%{50>LK%)CWyHwpP==#j88NaXyUR{x8d(#|
zaC}-ujI0f1I8w`qktK_0nF`C1b*>D@*)n2eJuk!YtPHm=FOnaMwY#MiHKn&B+x}Ge
zq1<ITa+MW+Nb;$6%ISx?KNWtcW?7CJWu+gIth$}b<bOMr<>**e_>JjhIi{ACexoeM
z77}I2Dr~DQoWTGx+LZNkS&r*cR$w^}Z#f|=u^dP7a;7Y5^qV#!Z)Sw^%MM<%(cdb^
z(X5<k^daRq29y(xE{hnM3d=^{T#jR7Inn4>%5hvMXEnO%P}6K*l9th-Msy56^S5xQ
z5#>3;%8SZWD$h}&yr@i@@*J(pbD-rFAs|<KnuBMr0fvdT>1F?H$o~;vqMT8lV+_gI
zyauRHfg_;;w?0BS({9iyxvY;+Zhj^{Lb<O3$BqizI+~ZiB1i6u909~;9?5H2k>lNp
zVu;MNhw{wJnUCa6e<p^=+=?8tD{>%wxnNuV%>OaoeV38(Ba}yNX)=}RBb47&<k()3
zi;qy=x{Uw$7;m@F2LQMtc3bUurN&Eft@@9O9M>yywElJgFtp|Y;;wmS0HBz^;K`D1
zoXBO}TmSeU`P*qFj-{34@8jMp5?wOoyzIW~AJNxGDslW!N%ZyON*oU>iN21h%n?<Y
zi_7lh+q*v(m)&bu=BQkmTbJEKuSj@?UO}eI?m3=|%kGCNa~!BFM&^^s9CuCG69)p_
z<A9{+8j`0C1e6ryDL4>V7zfmUE-tQjslw5z3KtjGo7);47uTm%;h0i|%ZuwB>`I@A
zgL!fN+vlQ%zpcWtxeCwn&bln-eEmaiApWIz{li~XI388u*4^|HRXK`R<<{NwDYj85
zxnbT-|LKLeo8G-DM~A8$0hD9jO}|i;<7`!K-A#|F#t~MHTX)k3SL5hijazrq*V}!#
zi)23U=$-z;x!-ZQ8pp+IV!va(ZNT~~S?_l!)j9sHMor}TTd?ft25fziZd1&E7d`Z<
z|CdL-*j2ppF1oo3eb6>mrt)OGJYJwWN51MDdfJsNewopST*0d@Z&&Hr7f2K)<g`&U
zLD8X%?h7=k&QYg2N9!r(ZNtya+lH(9%F_q3q}!1aGCb|QU%wOx+Ekt6>*^9grLM{f
z$rK!gT>lCLU98S=zPdn=>opF%CJ<EcHIDrBAkUJ1z=PaCG<2vd`vEDhanyfJAgIz+
z*>f^wFO;gck9hxIfuPB+aZG$oAZYVz92-b>w)6df4p))xO+=&r)u3MK2mJ9G$L}Uv
zj{ZP*!6simw1(Jn_XnbCa75G~wrBl-VOP^{d7LJ;fBOMVYH&0%**5nB=44R%jM%pI
z0|wOK=tFD?`}+e6Gq5Ee?r)+Tr8^G*;_?7$mjS@G8XTKyaHs<Y0D-S_Xs-)ot+1PC
zSRO!G+&-oebvq%e#p@hRU*`y*91~gJzs|Ayb%CtAuXEgZT_7u^CP(d>0$E4wzI~9#
zLe@R#4rHyb$+5PkK-Ll4fFoD4M%I~{9H(j$vcmUXmFG`&d5jVs_ccG<3R)SN;g)pG
z0k`_sUJW<%H`ZHr4dU_w%Chzr#Qv$t@mEa_J^!^VAck&xdjg4RR@Ub>jv8n>lplKn
z)oO7h)#7M<oz@{W@Ao7e{nJyPACV>9ctA@3Xz%@<x`LYEuUZ^`){@vMmnN-~DH}U~
zwD(qa=@xc!)aJ-mTVSU~ZI0@-1$H{t=4fA=u=Ao95SI`5Sk<ArdINK6b4;o&uv0Tl
z_Ki#xwP*eg5%Wk9VJD^zM^qhwotkwxD%PQ4oYWf_mX>}t+3nJyCiez*)Zy4>vi0r_
zOi4@s6XGpm8_*m0xemv5ldVZ_;Gkg3CfI_=>gK%xqb`SDmnsz08(5eRC`?)5y@6tN
zIf_tLLasi*KSDxoIlJZS12nG7ky4i<A*m1GyPh7#YH}Z-Z(WYwb<JQ;qfTCK_rUTD
z0+oyHv;Cxs4*$F^$Nah+k<{Ul)ZdZR-O)xbAa6)7zZ`u>T80t%!1m6iPxS##<O9^x
zeSiaXIliyUp{Df#T=h6!))h!jye`AExcq=Ju|tfm2_#po$5FN(M*!uRNM2cwV`)8s
z<lFT)ey%5w+@L<k>-7ba8(z0h-sZQEyv6NA@|yY_tLh6ROJ>zhWkmAH`W(mWn{(vs
z>weH)cE19&E3Z31d+_>y%#j^zV`a)-GEeCsz8YVj<8gfsedzV909>WiD&WKoD{HMC
zY7h13P-?CMiZtMeX~3a0Sq1#jfa5k1tyTfe-{44jgG24I3fTDu$Cfv^^>&WnoA$Ae
zn;Fhu)@l`e()10qq-w~Ky&)l-Y>2-pYbI0ng_Vk}LO&vV$b=dVIjS}kCJbrFF@OlN
z^t*-}8yj*&l06zl+a+u}WU8Khq_dT;1&O4HyG#m4u@teISdqf9EJds)%Govr7qeCq
zZYo5piL)sjhf~CAqIM&W8jUyth|OG0jA+C$q>)%nNHH#lK>upux-LB4_C_4vHlo$U
z8-ndmUAI>g{cdJjO}uGKld0H@tBLE4IIcC4tBH?q{?}^4D0b6vI!u2e21aZbNJG%Q
zIe<3+ltA}QE?~8bk{I2b-1vPDU?^$B0bkP*z=`2NS`*6?9ubbT`veuP&&mO=lTqae
zJBDXLXTa^&I(F>^RWUkO2DDm~<MO!60;=1yxHF(Cde_SIP+QrQN@>N(@Ojk%bwW%x
zO85E@P$y=mv~GANQFV;@FiZ9(ne)vjRZX2*Axrh#&h%_Q;d2`Rugf(Ea3{u`1`zOa
zAaGuLV)SqUfjesf+Fzck<{o61qJZ|?JCh^^w#)-)FH9mhFsMABy)=pFz+YPc+P@|d
z=eu2;fS{OEyl+fCKvOI#(RVdJpt&rntnYpqKvONMs_!L<*DR{GuU#%c(=95+7uo>O
zJQmg5_v@R0=2arsyMR`{oqYi<Pzk3_>fo#Q7N9Z3w7<KraWOy(v8Z0YW_1BAOkv~_
z`uRR-4QNqHXcGX#d?TU(Em{d`4Pb;Xq!OUTD8@DyFw*x+X+Vorf)2ZYalW@nN&zKk
z1g*Y(e-Z2x6fbqd9N$Z#5-n<>Pg4Lb$)Z;Hd_<M7s8nAVQ6-gtVgR=KI)?ySY0J)C
zz9K<@Rz@*Sx`4f4LDUKJdBCzlK(zLyLDdetOAi;BO@P4cWbR_K1&qK=5rDSb6cr4^
z7(fpV^S(3<45~wr^`;%e>~Qnxb@?<5hOvkSS%udCJtd09r*_i?1SGu+7<!Z7I28yC
ziU;&&UTcuV<_7e)Ou`LU-FE@Kx%!mK#5D$j^>>4tQkie30Q!5Olty5P2hdxZgaN}K
z4X#PCfZj?issh1p^#(ldcW8*W;Zs#0WMBw@klfV(CFE=Z;0ozcfMz6DpWcApS#3wf
zHZ`-0b>|1ESl@h9?C+XXEZHoU(!wm3?@d7OuYOL&$``bY4dPL5D%OaK?J}rX#Wqx|
zV+}wJsb3Iqhjgt*!>W8UKo2Qe3h=-+xFDcUQO~GAz?eZmv_3t!xf=-FmmSb&`ihxN
z72O@s=a_^MSfL!C&o_x+xTXyP^v~41ZXh`K5Zj(*d_LJz#6$M1$wv0<DMa?%@sK@d
zRkEkUI|Mmbvmt=KS^bbiJj-s2_=X=L5&PPch$odvM6S~0rd|DW0QzoqITg56(k`%<
zzn}ttm8SxYVyQs0!DfNrQh<I`Jx>M3ma+?+;|nz)<c&5|;KwplpmGcuxwIk~IlcuM
zxw{@U+Vs5CXr-xwA?r9`g!u9T-jHh=5D+rxT^bwnO9H--oI?Q?(zp!3L+11Wf<iiV
z27*KS4F*C&x_tnIhP<8+2n#va4+sz0779clbTye6pr~FA2y^R^ig&*T`1;KR^k^k^
zs_CV}3_XY9C7r(Nfq<S<$<|b6<Wam&?TmbOMz9{QcysB1&m72wMTYN<PXN8BMHvW-
z))N(PQ(cxXA=$KwfL=-oH@n_fFejiVE4is}gGp(5#XFD+nZT;3gqX<knaHYaQEoD!
zy5e1An@~f_Ho;U=nh+kXhbfxj0U}y|3g|IP;93occ)u2)=TZWxIU**_0QCGyAT>c`
zuh#9M7gGYM+7T0n19}-Hkg6K-Bk8H41X6_}0!UgdC6Ek7l<Qp}MQ2KILl5BdP=$h(
zC>jUw1yNL2NAZxYhHqjoT9_#z1cx|Ztsp>u!=lO}bZ<lQGm1*~Mn@0yqh8?~JU|Go
zGZFH}KpInpTF{uf7f563t9CS|`sAiD^}+<=-uyJC3VcXoYFZ$Tsl|nX0E7-12<Sr<
zwS~tV5uYmF^By@OCfXw+Sf8b^e<`EnC<3WckO;)I?fN0~c@{;k>Kzpbi_@nn-tq?E
zGh1l7QjiGvCevV;uLO|-!?$5Dpf9kxFB*nHt~1Q7FH*d3Q&BT}iRfz@1S=G856Un*
zXO%tj67_Y8_nMuNDl%fsZrdQb-5PEiEh^X=Zkw&)7VT?E<7lg;DbBZ=^nPnm`K+P1
z-5QGVG=6s}-aKBZY)?96d!;hd^!=8IU`xb7B`>*|a1wDu@wT-^97`wSL^=_t(up{u
z<auF=2v5|<DcWJL9Kw^7z@0Rn7fb;3FO)#d03vQp1oWj!U{ym7?$t^lHLNv+cPN3>
zm=Wuy1NtE)kQy*z#3VpJs{~R75!J6h&_N%e1cwI5Av{`%qG2b7@Hxdp^$<h&q8PN+
z5WZ|tDF_|iAJDHVD%l%dA<-Vf8(q9!01$G$1`Xk>J{rQO3>v~CUFN=TzC=L(&ZXuG
z07A)FeYYz|+W;V{odLAckGqU-ZOcx%B1xKP#<MPK?zHT5sh+2S)QqN`nrd2>XxZtp
zsM-jf)0BL>i&2Y5HGGYx^8>EnhXFuLr?&l}A97g}x;2yzyTpth+KNJfBQEto0H|{>
zxxA$UCD#>~)4yGFIsMypm-KJZ`b`(>7$~uI+m)9Hfvr0hWyJLA)*bpii=xPd>K+!S
z|LXG2qN4B9413=dM9N`lc;GU}Tr_ET;$nww4NqNp5BoJdvnZkAxkZtNhn9xNE-y8o
zZ!E#&g)3;5U&FsHb4W%bJWfCF(hB?J@cPLW_-_CZ@%=DB|HBp7Ef9#PLpe|bPm+MJ
zXgx^PTKc3-A!;NM!lp2b5;jFx6xq}~z;s4ARBeJ?G^d)&;f&%e%0Sfk&NP61YVZqU
z4W#alR6S&*a7;03E^<uKmSf7TdfNKP12mw{%BPwgoan>*=I7i^s+2W^3aQSaUPP5c
zeH@M0Vya4}g?<-6Fi=?(1F})!(hSH>;ca#^MMJ@SqYVtBmiaF|iJFlQh}VBsgU2zz
zH=rY+|Eh|S7xD(6-?AvTuL$McQLS*vSC34&Z<!K|&}I1m{dZNZ#(?Njp*HFstGpZs
zLWcGw)Xn!0>Z&&+)Oma~aV-3RCXRQLY2rx!i25Z*WtuqJ)u)N0Sz($uN>-&{q+)vt
zM#5FHYeGB)BZmr8Fw&zc1tU*#Q!p~REd?V1ffS4kEKI@3<LVTQ{7u0~$lGrNks+OX
z0#OLvOS5z#w>pynQTv8cBP6(khjQsBliXHp>@y?Al5VpRM72x1Wwp-@rO3gp*5u|0
zYwz~%=5m;Hbmt*L43kb4W%zox0Q4>vMI($Bwc*ivTeo(X0}%te0eV+=-~=Lm{g~Fz
z?jXv6VH}_ZBc;RQ^nPxwe2`Q%z#VBhbyL+Ki!yvY2>?SZD%dxj9L_L{iY5_b-P&MV
z#CUf!4HF^aQ;QNJCR&sbG1;O_5$oLAE?Y#ZJBkP)VuM8)zN0DReJv{3SDO6BW{aX(
znBo<h=G@vpwxB(3z8tooy%r^~x!<BpH+I6UB?ikvr`$P+5QWZIlqmG0MNxCpFb|8?
ze|Bq~?4rNAb9V9<y=hUR=xvLlqUEeke&E)Y*+n0^BbWJ$KDH=P^od28Zp3XCedgA#
z+eM$doo?i%MTw%&Ov<b!)3nGCStv-$L4+t2Vo{<{m_?C38pk=jt${Q}ui_3i!T?`|
z4iqrDqi971UxUUJ6uLubt!emL5*q5ct<{fjKxII0U=8_bUmDFU4c#JOED{drjjVEI
zeJy(edJ`+Js;|*VT1L9Fk-Fx-x=jH619u>~pjN)3JpjFj+jD>e9b(#cYX`lzrD2#a
zZZx0|cYFTgw4xtPk>DuHmKDA)h??T|&|pusqQvR$2#OL<_}-}t=(8-&^A<GcTDGM5
zzM=)(QcJ^A-`}(<U13qrW4|6p;fX~-iQPFK(6_if1O`KiJ@*y`WR}!;CAL0=vpX#2
zL?yOJRX{)B_UsP=$||w#Cj<HqR&I(CyM@~7s6{qaViU(w*y8rk&~C28{>=gXH@7D_
z80fCVj-l1XJ$DR^t8q$fY4YZOxji2T15=b(bB<6n&zfLhg%bNI1tj5`hsMt?CH5e7
zUz8Tf!+`S&3?qQxYS7FR8r2%mV>LBL2oSm~nGDoe@h~wh)C$WqEg<@8KHFm-)%bxh
zAmmO0dF-x5$YcLuE+5wyCy!k#2YKw=&B<fG+lM^%fkEW4FSR9)U8WOx?456r$Bykv
z9{YvqvEPp&k3GL5dF+p?kjGA{PaeCm4ul{ydwxLwQ&Y*fC}S|-)1PU<EFAFF89-Rk
z#FS+E=9ik7lDbgT3f=O}2#q3A(bY3yCfee4Z$pw`4zI#`4%5H+HdBaJR2QMq*7ks2
zT#ulMF_`>t0bT1AF8y$V9+)j$`r#6~<%h%K^kiMz5-uTGR(Cqz^19RcR@9x&x3cbc
zzSVW@nJuD*?sUF2b*J;Ktvj7>U0pigXuYkjB}7OO?e$zl2oW7EN;rm27DbMMx;89M
z@1bk`?4rH&sDA#UeJo1&?S2*|{PqBgBEKDKg`Y!o?Q2`mFx~05N9az!Jxcfc?Qyzx
z%P#bZ?sS6_bf+7fr2F0A8eNNxlp|oBXmcN}e)Uv6*y>Gl-LXMu)^1x^oW5DtT1Cng
z`c_$pS0IGTLgtpicG*$ciqa~;%8N!=yuL@*E=9@!d#@B>2H5+hhzj*+$tCpq29Ss!
zEGpbL=R=CuEh^gA@;zFESyT>RXd^&BVNr2bh<i$pr7%4oau~@#s-g$z!R{F8zC(4V
z`wrKI`))%6B~H&yjKRM3WdS{}ZaUs*-#S{-m()E3g*XcfRdf%H@v@e4t*3ivFgLfH
z>l?c1T>JTkQ8f0Bg{?up=CrD6p$mtdNNbSyEozi+62Y#OMUC?nB7Gm|p$Ao9g3ok$
zople5^(j8n<8{-s(I{NuD@r{%Q1_IMAlGg>*3r6WNCdfd)B8=<Jv6v(SzdOUE*-Y%
zzh_#cTZ#RY>N`hx0VOsM%~10!(x=3(3Ip`dEHYS$ji#AyfklQZvE~-wmlheV#G0Fc
zi!CyT5?h&CWT{2QDY5^M8Otp)pAtL1C7`dg$ap1oFX8iR-9tk=QHhPDk-1a%(4eiY
z#IkCDep>g?aO|MOennH)HLL6tCDuhQ`?^KWP-44KjQEQl5fB5+QDO&>qMKIkLgD*=
z(@o#Mf_#7OF!KH6EkpMdpoN&O(vVey-5b3?&QFH{o==q^8mkpzfb2AAkaNIDz<t<d
zK5k8qcS9}{%zqw|v&&hExGJkY(%p}^OdpujOON+ig%{A{DOnWGHGCvs)L=WMQtKa@
zW-J@x8Vv_L#W{`CYcX<O+9stSZj%e}6gKn!%_@HZm9K2(=gKDYtJ?WFZ;SxE5gMNf
zAUT^<o4fZ&AmAs3)sbb8bKVFb;F@BJYHN$Kq;w?qlUClKZ1QoQ2g3lRiKdv5!BFe>
zra|^;gimt-d8w<ECR!=#s>sG1?#3K>X<e!`)lAg?)R^O9V~%{Z=2x0(<`mtu2}g}4
z9C^)`r8d>_(!+?R99mP3Ft_riruni9m!Q0*Wj9>{@>6K0G}k<jvH=AcDS1bWq($|S
zrX2g5aumEj5}2O@@Tv=cw|;|*SB6=JzuOcjlqd-5(Mj2X!b&r*n)?6Pd++F|s_%XH
zxl=O9Omfa70TOC@og^ecNa!T=q7-TJp(7xIiWC)TQ3Mezp@`TJu?r$tC>BINh=8a8
zrKljF6hRQAgY8}WlzZ=tMEQQ-wcho6*ZTbdE2r#z_SyS6=j?Ou%rh5c*KDIlgtN{s
zy3oz(?eESux?8%C)x{?Ng_ghjVrB9-h05P%lV`P*d~v1nLqg>rw#i?w<u6rg|DX{0
zz;c_sklp%AWwQN3WWkm~I#;~8NrIaIko@2K0Ha7^#6Q&;^2x6@bu>nb+=YaZ!k!E%
z^zXlAg8f)v#OTFvnJN_}vH<wFUJOHf2{<%%yKC0gaA*<?ho)|iqc&vZd)A@IAJCD1
zZmKQv+oxJHpH*AU{-^Vm&Ax@4{Q=YSr)~0^wfvY$J>NQ1o=>yn!|N#d{7U6ZL*xT_
z)2=yk%|m2m<j6T9a>;O0Sdxoq0eNNQ$|p<hcbk!$oTww`b>~pz8uVsJrGMiGkAUHG
z*P<ThdovvF&5%MzyWw*;{KEyj(}&^tJ|c2aZuibQI&v&Ha@_5CzYdU2*BZm`7T207
zH!@7Tks-Yy!7AD<9#MRABg2*(8Dis&7`MA5K_ym3th=W5)Xk_OOER%Cs>+fd=?^3U
zMm4u5G68s|FT;$!3^~5~fDz}8?&AfVb5Bnd@R^rL@bRCPZp#%m2i(SX<(sSz)E}wU
zf#(xM7#w#3S({b;@@Bw$w)$^W{X@NguT=eHAnTy5{%2eNORBzQFTj~-)qAJN`agRC
zHC26h8M5|FvGCnO)sG`QIL7(2jc$%{;Ru9Jy=K@{m$1?ErxW+ALxG1}BfwJ~?)wsf
z<W;nM_qpV<pA-t7b;%k$`&_vMp16Jto_-oU-@62O_Vi=e+)sn&dsopm7qF;5!_58y
zJO^Cvm?RCJgRUU({NVCjPSoJ}QQnCM4PfXuK!fLye7^Pm0EXoQ1b7a++*6Y@c#gPg
zS`USdqq3yH^OG$3kv<>;FpjxA9g={ufebef)ZjVp3I@-XWCBlq5P1G{8Qqj`vYJh@
zz;htU3U2#J7I-e%>TjH6fyAF|foHI-J~P?sfA=H{JS}bYvnN^L>7(kyTOzB^WD7i#
zldle*S(C3BJSSWNJo%@C_8fAGfK3g!2@}baXwO+DVUsvfYCmPdW=5KZ%`#VjV1vO7
z#|LTHESIn`hA^BQtdoc3t_D>3%MgY=Ll{!%-eN3wwV)AB3}x6eR0HgFm$-OT+{Ccq
zCIPTFT<&ox8el7f0k+EJ>6@Yf_ND~b{lgf_hG~GkB>{F|7()eB9;PMnwyb=5IKxB3
zHCEoySUDiE@>m*SrE3sYw!4f8${|^UCt6sEOtoS;dZLAuR9pR&i54cB+UjT6>U*gA
zX+YL16D_Qaw)KDCHtzkY7UsURjl0yW&lY?J$ohVwg|H2>HGG_*=s2>@sn)T5fJ3GY
z+2Y%w*^*NtYr{Pj7Q@qIpDCix6oJJl;mA6DkA=ndX$p@UE5+kliAU{Y1o)(D#`2mF
zS&3x|n!s{A+yvC*N2e2JUB<vj;K1EddqeZ1e#z+?%TK%V2+N&EFti_`a@2b1gn%(>
zgg~{4*KFKkY227#<4B({t|r_xa`JdW=)=;ua%G%FtNXQS+{3OcGVZ|<3^PVBq<m6S
zR2I?l**b#ZV{P#vVR5;(c;DUEZ1JPg;__gN4{3|5!A<7mwIGX!x{NV*NzJv*ZJ|}B
zwsxp1gRCvSnIY$9hIH>7z!>JL`IiUSbTh+-o0YXUWRkTj)sS^tzT?0r89=&Nj<>j~
z(sE21$q+q~A#>SX)-uU@-&UBFVXlF|ZJ`tXs?rJHB`3VnoN(q=o6^kV_CnO%wn8;~
zA<b3@Jbdl$9uYdaa5p(bxVsA6<j>?rbO=VOop`*|-qxvI{#}lCd8FKlJKVxhcnd?y
zu5!SLa-}p52kMPtNF2qG(m8_CJNba0jb^w&l?%pDk|!(EZe@tRl_BLi+MfL`k@kn*
z#_&5;Vt}YjqROXlV<^8(Y|k++cTASvo@0Zz=PEAG<xJ42Ue)F9k)==dYA)MLPb1D{
zd+BM!yVOh1bRX^M)m@&1ETF;d45_y>q%SA@)o_UynAeYCXg)?H4K-cvw@mf5>~A!T
z+V(dZMje-Wl$Vo2hg^coGc}9${3X-U#X*(m5@h@_cQE`uhN*)kNggbX#xfL+RoIoM
zLq*W((8Xo!nINN6*Z+<K;{s6VuP29ncr3$=u?$&Xjkk8=4%q@NPA?2(wVhyX?t`<f
zO~2a&YjdAys~>FZKR4St3`X1fziO+WJi$6tKC<*=&a%~Kt(#!&^cQ3&!B&(lDXa*<
zb6=T;tcbfTyf+Le%&({v^TiVL73OZAc~{7KSyZWPQHU(^ai_Y*s)`TE*&>EFxav?0
zPmX2yc`QR_wL5KVw2rNit(efV=GelqC!oU-hOAd?4X0#-QH-n~CRj=$a+HH+O$$TT
zaa&7Lj(M18*0l|r)!kNTn_~sDudRMSjuo_aHa{)S`PaQACDhNuL;XCf(i?SZsGsv5
zriJ{C(@4BSDsh`T{;^yj<>3jUIqB}IK;k%tD&zEy|D99p_$$USyfRL$n#;MgYECQd
znK#~H+e(Mn3s2Y!OYMba_QE=QVV}Kl#9lDQ+7OU7HpClGd{>z__Bn+&P6zMOGzqaw
zN5f4%NM1pS>lUZjr8kU`+WVQu_)~e>O<SA=<R)W0!{u>$bNNhuc;Tk;41>l8JseB?
zRUPBC?zm=)KbID3Q6M>D7+@@w#;v?vD)N{yoSCnUTk5P&#;qUEuyQ;@$|DN^<9Vk@
z=5Lw6&~Jjy@Sk@UQDwC|8N%;mNO^OL=-HA+`1nqSx9`-+{0q)Hf4G3#?_wBym!9xT
za>6lpGqAfE(l^pZ{IXMI<fHFq7;v}F-CvQFF%ucWCo0!0%qQ0j`qjSge&95IQ8UZh
zce}MAF0E^=t)FhUHpF*r^%ripps~YN|A(#qn5;MQkrhA2+9!>Ct9$MkYuM`f*3vB=
zV+~tit8Z=7)4{3_tQm97p?*z<deE;y;3WSDaHhab!A)-012E>v_;<ZM6r9BcI{x#V
z^(g+2PGopsqK?%98LKlB8Gg|bkk9XyXmBpS{hBRaC@o%MfwO%)V2qN+wY)79oGJCS
zaig3K$hgk;Ff_kMgLAY5=cRiXj^CrfIa-4Ag-HwxCuwkwmf-9<nW1#D2IsBLgl#V1
zkI4+DChG~`E+@QX3d7S=G&sjd9A25iaAJxE=N+<g$yA1gQ<ZD#*B6gAgTOh{X-ri!
z%ewV83neY;*&YkrW}&3Ft$yZh76@;*)jw>jpIOfY=PS2apjvF}{()`S)%7e8Znh2k
zg{}T;o1P<9eW2a7hkBe0^?_h;l79p^Q{krICO@787=<$aWuv9`^=AA_8tV8LI&&!g
z8Pgc5PSf#kDC3VZhF_-X_&1dC-&e-)X_<cfP$YZqzn9_jd-daoB4-8-`_6p~&)>(8
zGLUR3c8a8T)^vt@rZc20n<6Sj(wluhL;C$1K8>8>LB;U<8HU`i;nPIIXX*V6i|^O)
zX)2NO`~3{R+^^x&Ojf=$gJIDO{am8CtZYA%p>(FgRJVrWdFL5BrUp2ToyuETAC0zx
zJHLSy^lhW9;4ZV(?;CAl=fAf4!?ybG8dzXBVXHsWz{FbktrkYSg_fGyw_4^T7g}mE
zZ?(*6Y^!f+)6?Bn-_xe&7F9nL$Qo|bGs~>c7R->yy609aUwcWmhEFk{a?HKeddjg;
zwDu6Pg5xtQ;Wi81u7>~m?4m>>Tn7e$=C@t*>S!4vD^~|aTC9#*a1->C4>SOb+Un>Y
zrM^jKZrv{y>D5u&8KBki;!KA5Gxh4I?QBDspZWm9=m#`D6C^&{&SEH?rSX|4QTOyL
zhIzAs9)0911G9FFvZ8URp$$x<tZ4X)Y!AstSy9cj)%PE5`RL{%<)<^3D$Qi2pYlx~
zPab{EK28piMe>&e=~AptLS^7U)1AGGwL7EaNm%Vc2KJynLZY0_NN(bT3=<yI?&Q*)
zs~==|^TD9wagZ7|@W!ZXwm4cH=$6GaTVuULSbTbfRMgA7{<m+cEne>s$77Az4363Q
z`v0LrT>o?DFvQK#*Z&O;aS?6!5JQcJ^!5KES$WsP3<Dq56aH9!CVbW-4C5aWH~ozc
z_wU8}rvHf}=%&BP;rX#xKZyO*A>1<JQHG(9>P!1(hq$zV`Y6L&kBUqC7Ki)hM*7me
z)nUK1f99}X+P67^F72N?JoOvdFYRAA#HD>jIm4pzprd$6(6)KSVYqKm_w$Ok9f)nB
z@8|pE2>a$TY@f@JHT`C5A34^@c0a#xv$YV6#ul)Rk=8<}ZmW+TY4tB?Y(3nqW$WL;
zR-ZG{S~!C(J(<O}`m8%fTKDsXjVr&OAG^iE-mb>~ddL33A=5K+wS|XbxAMFFk0G+i
zPrN1gem<~?zMuc$5cl(;^B4xtW5{fHi|uyS{FdPR`DEIDdf38oXA|=p9%bwMNE7pn
z$n0XP&l+nhyw${t%ssaH&ze{f$goY?*YsZ(ZAGZl+K#&B%l7tArzNKe27S5U%SVJJ
z>xaz+zrvAE3x3`_hS~G<ZnRP^yYurHex0Y5!TF{lBh|ani4oVl8@(xwI}m(Ekv?%o
zCBjYSBsXsj7|%$H^GAeksswLo@iPvwsdkvpP%@t(<?hD-W3i+9Tqm%6KEo^X^)!~q
zX&jr+aCm;urkZ$GP2<sPpT<%-4J`^3d_Ns9#!8Fz_p`&SH|ouS6tN?Xb)?b(+Gqho
z;R2mBj&;<_1#ssAhOrA6>WSTIyd$1^u3EtG#sY@)akNWKkd=EEFnqm$p?>+>4y13R
zEbnfI_y%pq#~2zv#*m(t2N)9_)%pVX{V|3MR4G=<J+iXbLWcGW8S0IKG07o5>~~=y
z!?}eFKwfS)z-aF<#@r<5GTrokMhhTiR;*}F+Q5PI#~Ero9`r1x>skFdjGJr^Ot#ny
zJ8Xr(*_%RKf1py=ca*O0YPvqp(~r_&htX0gG3iB~-aw}Ej-ok}3U5Bnu;Ousl&mhI
zviW8waO!b}pC1o;*D*$8Vsxls11kUMg*0r;S?e9TzdDc?R+TRG4g*S6ebc;wEwy?1
zj%+e7XAwi@BFeR<h)VG)X5=D<VT*zu5SMH7>R-Eg^`v>_mfs@0fRXAjHVh4Yfpy6=
zELHmLr9})&$uNPcR7W8hc61TL{zXB4Td57ZF!Y)YOP7YNv<z!cD2;a*WlBk7)3CWE
z+OT*>78!Qk6AT@mU`QG9sHkj6hCT8G!^|g?Vb7I_N9x+Jcdy;B8q%<evq5_m=@WZZ
z9Nc71-gD7_5$Q0xD$V((wJl1uwULe-vi95)45!K3vRg!DBeJ&ONrv1fm9_Gt1gEvN
zW!G*klh&TL+<1x-q`wT~^bnQfSwC0XN*nf<5g^0HKFM&)lX?UF%V<p-=-ww8zSf4R
z56GNTse6Xau<uI$)i^^Mr^OLy8#=KWmC8CoWRdp_E#6axF-A>nnmMtyt@XrC83G?2
zpJHhK6hlfc+MiDw39jnE!KWB@QYF7tROUSb;O?gxMn4?{ntVOmRYNRmx3v1#*`6`v
zB|%%9Rbi8lXszTMRVsfjL_Tn8NQk$FS1NlpL>75f=-Bz*Fb)isN@iR8PaEy6?~Oe2
z7Jr7p`3ytK;X6cSvl9$>=^2J6p9y+y&{aDo$7a|Mt^d_A2c&UbO~-Vy$tSl_^6e_m
zB}3!`w_Lkp4u;4gZyp_+TMVP6a?BH^W0tnnj@e@5lVh4KW++(9kg|fHx785eQ}}u@
z!)B^neXFR<pd)nDvkU{DWk^{&LR5-hTz4#CxbUoU;hSy638P*3)L?50X>I@2h1=vb
z#+WXA*Cszq%TKLT{)-U#z&C@h*@d5n$jS|o<|8)5I&hQY3T~uCti5$qT(S2D*g`4p
z4nu)bD23wg?(S~I-Cc_e?(S}bySuv;cZb2<Vdwk(?Vj~>_K!Vhaz9C4a&vR@-aC_*
z<X+<r(u-uC%pNCqIahPohRX#)`1;EOIs-R1cp=FhB!y)^FHbl4zIXDKrjtn3z16%!
zJcKMmaopTxedWSw?ngl1?I9l2HW+19ShnAN;V9PnmL8#YA2l;4=fZoZsc}z6XW2R5
zd{JYr5;x+<RqELxo(pgBnMaSAxXYc^=(J&J;|WYY@^XXwufFHPmCED@_1d!a8>ERW
z)8Vv#a~`}-&6$^F^)jz`;s=I}CVPbi(1XAGhSjR#eVCPo`C%hRG(-uItB>7*57}xt
z7PA6-FjS0B0fQU?&1EKyi>|XnNcJ)o_fSIdxOj{g-%O?YMh9W^;?E1PD&x;s)DFx%
zbJuj2@)0)oKcya?(r~a=q((0z60gEW6ZuY<u3N$PU+a^^p<>lVq_-z}c|v#NQ9*Y)
z_^rH+>#4g}<+~ioyQ@a{{@pIZ^_TTaJUnH4YeVYe66Yb|;p=YY?wk|Y+}HX}?VdA#
z8DwLZKw1`Gu`LdJGUw*H4E~sfGBz0Y7+64CoWUrmo<DT0|3+qXEx@{Yu!_iY8svEv
z<b2<Yu0=ZScF8him=ZB0X=$q?>d8;ncf?6@+uD+Y8S^IseL_Qd*gKZ=OeE9umQj-O
z!R=K9D5i(>t{k|*K>SS~f1xd&k+wl`_gQ?GYMjXS$uB0<xl;Ll5KSX6SS=Lh+9DDr
zq7kSt!^aH0yrv;nRS_#Y=h)S6_au_}x1I?cI0Plv)i3`ZH_5*O*=?}>&o`BH*O=vy
zCsX8m$sxeHu0`q4H`5W;{K5PtVYq2z>iD$^U%VLYi9cCB8-^<J4DUNN?#~Ia-;*G_
z_~>i)mi%dY&3jZCDO&Af9d)xW!$DelCh8xxvQh|<q6tYzK0&#M)B@&pdOVmT9wlAI
zXZ<Jd^I9Uae`uo0jai?Z7vC&3XDNkws~bL8Jj>W2&t}~Vv}l~c@8h3|+$Nk94dE`*
zaj{ZSEw>1Lp=x-F4sg*UqM6Zn^dBm~<0>#2)$(vI8R*3l$yyIla_73CiT1v(-23U-
z_f8cwN-txpQa5p5l0;Yf+KKy}n6ll)wlHWoFNdgyQuXW#OlfW8aXLi%EFaARo+fy?
zVgY(r9SiX+l*k2pY%>B|$LfdvL@Hh{MHnMJC>pay$`6DT3ES*40`JD~W<{_-_$rhL
z^GQsP$xKGxm4jVvoYi$>o3&_%8u^5bT`HMh)nKRf@qcywRw5ti39u=;V`_y8>U|yy
zHF`bTM-ob6!a~@k!;L!|N@4;Oa2mYqFMMCBVygGe%#}~^5mE0va|T9MF)?E$eb6G&
zY4@Pz_%>K^gqYWlr-co=e2VD!3LK$5K6q*=C6uSEKa(M~wyn~4vkvlKs<he3%GpWi
zGIF!yRcs)fmfs`e3wQc)`Bi9v5GmC%cvUtBxvwfN>L0!dS2gD{;y#GJg(IeAZNp($
zH>A;g!pep&q88U>g+>C^n^}GN+Ah$St_uG!z=h8tc<JrW7DX3!v`Yx_Hr5oIZ9=Op
zgI>??P61CBm9OqD!-Podn{Yn-g|}=Np(8lE(VbLusdo8^0PV%~q~!8y79=)8R+1Aj
ztv=?up2+gYPSw8M^@`X0h6<lT97;zL%km0?I+-mAtv3OsZvF*Pt-i$bM(M#TVyz$G
z6~wpGAej4JvHM=Sd%+2xMnO+4(o3T*%cv8r>vO}w1~)>QN-<%G`L$RJUe;ursc-zb
zZd)(n$j@yDlE9@zq@Zlq!d7WedQ05)HxTuBPOBg&Tx(!UYhYTP8_K630j#S&aCu7w
zd_`c9c4d)n`^Mi_=v0<EW$p{-8Q*h9A$0J0{^~@x{*SI|A!=Fp7oZ0Y*E#M}`I4*0
z*a2zL)n@A8CV52F2Zhi=I#T3-XI)$1m2Kz9<!JiKbQ^)ZPLCE6zAc0CobVOV*&@UY
z%`pvd9IH)cfFXexC1Fx&cZzw)x8<k2I{z+eSbkS@*T7|;7E+LF%)cCNP}{aO5XF`W
ztCJGEqOcy-gwLw9E{ZUrPrABK1a!He$C@Nf|BARge?ecK)A~72j|^1Sl9mg$0G0=h
zW-NL_$=%lbZX1NX&k7!_Y&3Fdxv^WX4RDQq%Fp+Dud>NAoWO55E#z5YNEK~!X6Xx=
zM+(}>_4#RV99)LKP_gjs?8om&-M%fYd>)TXw|rhVWT6ihq}0ldBr#|S5WR@iHcy0C
zPBXkrRjPm>VS+?WkwoCf;O<~_(9Caphwqo;1i+z1dgf(NE5*O*U;()tGo)jX?Qez1
znS}><@hQAnCB8I>e{|$NhS{4m@XB;$@v$Lu?C)LlD@UphKNCUbG6WT7TvK(`yvMH&
zS2E0h{EwFJZ1e9=k)8L*;cCNiEb-H(yLvz;^c+-NmbbszEpNxC#+c=4a44Ux!q|6j
zJ`Q3AI{xBt$7}BD7Nup;So~D@C6eG#4_75v*qZkbnMUs%5f6P(05+y1At-%Ra+t<Y
z*||tV#_t!;8X~3EnB9XWa8~b_wK-`!xB;m`yhOVzj1E;L&DiM_x}L)RS8{z6sR5Bt
zyohhQQ?!4bD5~SEj0p&Zs9fEMkmr4&D$<1bK6hfr^DoRp7%{A8E!~!2ws?Gq+j2l$
zh+E;ar2XK{Y`=TeyRVQipmTaqK-$-{vRB{~-Z#6w_&B)fQ^@pf9~;-Fs!X4yvZLTJ
ziGBzz-Fl#UHlXVF#D1g4#_&$_Ns&zDmEn^v^vW(GE>f(Kn?qG9E&MO-_%AK{FO7!K
zuA@(1pP1k1MUG7L(B7))LVT8Rh51eq^N8<ZW>8<4-!7?O>DM7G^ErH~^Afo2>m+$L
z_<t!`?C-;_ID;x?_H2;Ws5XN-w|NN>>zcor4Z;<ZcThl}m|ctps|({3y*u`0h+p{1
zdMhhV)}^W7Q7{?vja@zF<w|OBhnn#>-h)ryAsK{m3gdmZZ0%w0&5>J@cYzR>IjD;+
zP~0KzkGwy(aL4<6dbm#^@UDMgu(Icl7If)?fr-`YBS3nJ`+tRZeS~eX4F13(v?%+}
zx?Dlki?XDr9aKS=ytO|=1e=QyFA)(8x^mF&|99}E53(b|?GB&}G>t>}AD;i=((?mN
zn6w@E<x5bto;=)3z^}l=Sbnr1J3Y3o|68m7kD~m4$&?@kRQwA3IDz`}CCDz7@X{P%
z`=$S#fQ&LQJLjtm>6$3p4?=X?G~`l~fE={<!HSmZI+Xx9B{(VRK{x~hoTB}cV;cdi
zUS3F1rE4ezgzaAXi3tct?;fmP27ke3y%g5mh6PB*su|9%I>b>Dp1g<>T(lju3Ud&B
zOMX}p8U?QMJXSCB8C9BKN|7ey;#?re48edAYhD^*8xD1A4y!j1`Vmrkncy4}uLnSG
zJVAC*c{njk1cTZ|%#9I=k2zg*-0=aA4%kaXTGg(tKX?Cuy+4r)+T|nPNHiU5Hcmf-
zQnky8Q&i9Gl*z0^7PZTJt$8N~p0(Jw9?WS~YZ*6-ThtA|;9AyahBu^*40von_ru!P
zJo~q(=d<9RsG`DAZgPAN>vgX3M&XiY#x0X`tf9(*qg|N!QP84Z>gP5wAX#|%A4<M5
zXnxM%AASdqF|S?D%<h#I?p&lV8Hui4u9rfl?NH!l5NRip^bf9U3?tG`H_C1jUEuu2
zoOa=7Ir_W9k1G3LjCDLHt~P<d6;zaLGC)aQi~27w$jj(tv4BL>t_CG^npK3WOhI57
zi&|>52vjS~`Zh$SYE4u8qM%eC#gv;ige8+uXs687qP`6SX+1FlvbbBbkoWiu;W2^!
z<$#1%RS)gIJwV8LVaBzL*!r)gj5O;H{#0zkfa2|Ha7zSCy^*hQ1t1<)tJqyuLqAH3
zAX?!JjzHP@a|iPu#WbsXr-ieK>Qh0~+jtLU-=keF<L#$sSMv;mTlW7SkVA&#;E&E8
z%zwu3;ptQM!JkB_Um@Z1knx(YXTi0E&E{W%Q|lMa29AiUF=As$i;gHZLpp48D-oze
z7wR9}vR3THj|~}XN^E9a>V|2IKy?z=wzYv+j|5Nc`M}JpG@y!&a2haC(kHvfz?v-O
zli?TSlOIY00hMloA&LxQNeN-W#uBA&%1MD?*t8EGN&}K=0PKV?HsfDw#pddzdk^LW
zs#F7gnBPcUtC49RjFo1FXs`5Tf2~kTS!meAk=F#MG_ScUXqp9=;b13BFV+?Wx{P4B
zL-wVTnW>AV<pt|Fi)!YH8B2tIizmmhrrPyf+4t$e;@Jh=`;&XfCM6ufXna=?l#IwR
zSho#(Kd-$Y@g0rB2+~UE|DC^fP9=?K?@B{OnQNw@C|FY~yo(-asmWY!;L{C}t_e}t
zl3-zdXGqZBOx;_6xtv#~j|x>srccsg01}n7rtyY!9eA>fm}hWjPOwnHyLIqLLZAv!
z1<yr(x(pgJ<RxB>v849Qj7+_+i{1G@*T}U{9{*Q{4gTipmXMkfI~Y3DDZmC*dSpu)
znZ8yA3`$lDn7Qf&gd&5ALUVQa74HbmG+=`O7X4t!f6{7o|4HB7Q|7GwC#@F_rORLe
zQDyJc*Zia+gUDM%0#!M;gk)A&PNzH;WJ~0)>^5F#cHEi)w1;6yRW9wOPW|$HTjav-
zHi=r=L{JHbtf{?j=F6ToxG;PGZ<Ehi43i!{B&0yiy}pqFpPWIycUU?0Qt=}fIyBnl
zd)DW>zx4!QenJ1o0fLc6*CVR4P{&a}JCPrcgw7<lqy}R6Tlhb%O7Y(wdN6I$WQ#-G
zBvsHV63HWTS1d%!%vjLk9NRt{K-QG#Kp0x;JFMW_JTGUKR8ZA5G53zUbzZ<)v+}+7
zJJmWyp2?>y;h9cdBm;t7_-N8%T8a;G)*hji-vYxwJqy>kh(gSW_M;S(l0Rmasd!>N
zUO#u65t47#^N<t2W`r_yso=vFj67^8xHG#YJ0qPfFcgGFBQ!-?$i(ZmMHvi0oNG$5
zMcga=A)WV4&fU@hI*oEhpwv1nw;{c48V~0<jvnD*OPM)LuG6#Rd*SFi&0@nAnRrP7
zofoi;=NOCDQ1KRz!yqeR7uoQ5i(;YV@z<n%+jmIEJDB-8M*FbD4BVIKLPc(wI|ia%
zrt>ceZ-x9%C$euRdnW+;^YE~9EJVn0OsLLxy1u9nMxz(a&ry*`OT#g5roZHyV{>`2
zeQ02SHb!{T6@r^nMV$f#7vUu!IdktiR>twQlG}=n;mgJaS1YnUg$lZJOdu$mo@DyX
zyfnP~$>ev8;VrY~cf0Hgk8qVYV8yeaO2?+E_e}ZZn?+4Ih5n&#Ev{l#1HxZc5Pw;b
zGdAg2ia#Jf*wN;x9+02zcwTNkOk{;Ql4(x&yAIc7nPsz17{}%T+E!}f%jewIKOp%I
zcZ;Z*O#ckSTl+~J4w|861uq%$OaC};$WCdQ;V@z?#68*uFzPbcleWQRyG(OL9ZuS7
zgRxX+epJR`f+m}Q!itlJ1yT*EW}Jen1I#B=EG=8CEo-{K{H2k{HuX(eW$ZND>dqE2
zVVA$FhfKC>07|9vCBgjX;i|hMIfGDNT-wddoz&`>dGF)M6SQfB4gXOmJ#Z>3Ddp$f
z#t6i25+QIKL(Y1i76ImkI6;t3$tj_;KculNkj)DswOhCB4_3^-o7!YFt);D@HjbQW
z+aN!xP5U9oJiIuJfy?@!ocZ#3Oxxs6qXw_oIfsTq(zI8QZU!it*B8TBdtS3kE>N<Y
zV{t<=FD<i|ZV~!Xnw7BoC!5B8Hr7DZoSdn`)a;%qz|^dI=Og?nep&d*+Tihri8_iA
zj4K@Pv_9;%0zSbFvHi=9ohqH~8K6K9@$i~R{c!b<OX9|hBl4BQVFk7AmO@Wn$M*Wh
zJBYceF`J(GJ&;t!stD2RyY2fuCXlY=I{7J&F|yxgwV&PyQz$p(!mty>EHb2B5c-Sn
zU@V_`;p$gkkPOoCA|D)H^qBehOM=0Dv9wJlO!QGjomB($prl@+&XvW<>zxu%DH~M5
zWWXeJHeqpcTARAv3c-xpRD)TQ70z@Xqk&he_J}8TWX35n)$v`>*q}KS?c6KJHH-d+
zVYE8J?`;pKJw<x3P1a|;3pa8KpQ=iRt0=aq-hM7!d-?;mJp8Kr75bV5%f5cjDrC$H
z59<`SDM;c4WJhfN(oOxUcFAk-r-Lel-@6219iEd=dE1!EYp+4T6gb7dj+EAq#}fLN
z<@U#*8+r9IKml#jXc*UJa~r#60=H;md!qOVH{>ERB7PL2Q@Y<Ww_&E|{1(29>pz2+
zE=!)VqyxX|^l=h6@!H}<K8>0H$<y&?H`0Dl4J0e%HPO2@(igx7cx|ZqTYDh(S%I)@
z*U36|bP1XgNiC>_(yCc!(<K&oI}*2ZE0B<XMi5CP7ACAuJVqGInnE6SDa~=}S?3{E
zARpgcDEvd325_7R=ov}wsB+Fv%Ezt-?Lz*!F`n&UU6bF%06E8rQ0R&kcsfqdy<m+*
zSR!Bdm44e1sF2NMR7cQVIEC-?l#v^Pg_XSUsmQB`eg_dKszV8|1W=x9LN^~u0ZH{h
z&JJFk?=^eSmXyX<s!w%Anm;kA@CH>%oUgrL`W&$>GEYnOA6o@0;*ZXdyxL?nfV`D=
z`&G`}>Zg&oSp5Z6+b+PbtBIZIjZ8?(mA5=KncFpIlABRyNZ3W4mm->a9LHK)k$UBK
zI%|`5x+hYrJu$UH$0uz8xr-=;w(lsw7B0M)havwhV|I<-ea|M(jpKk5=E(Ue!tIKR
zLCv-RgF6(Kg;*k_;9K?iu0JKui3DXYYDhX=c|2qwZEzm7u!D8x35mSAjj?>BMSAEw
z&;9}}qr7t$W^VD0C1|m|vpZo0EYIk$2ip&gI?+({U}XJ*g&6a)qpj6?JE3h^PiLX#
z0oT<r4R-0gwjt)Ti6m6|>9*DmixUJ0^^F&^uwDsd6%)@|dNKCBVix>;;uGqjVH-7^
zYs|Ax4TRS_#%|}xOW8y59;kkx?oe+M4yh;{TSThpG!ge~(pFw593W_m-`-jD(DA`R
zucbw<x>|f|%y?gaVWH$dxjqRA3H$;RM%#v0xmw82V2s;Wpo4%#?ZVLBDD`*eh!)t_
z#+<`8IepSjecXnJ?%cM3+mhbXrgd!Do}TO0G|Tpft*?4ra?`L4|KNfm2DyC`YHs`s
z6Orpg^#G@J5q4%Ge9sJgyP4%Hcl}iZZ25GiR0;Fzorwl#9;T3!RhscJrEIyh*hUcS
z2R6C0+FXrefN*FHlR`Efn{a_f@E$U{%u&p5w5xM`(ky%|Z9YPJk5Yd>u?x7>&}FVX
zR_r~Adx1cOuAWD&p>A~o1+mWWWvf8hOfwd{!yi0$PQpbj5aMXh=?VTMDlI(GX_LdB
z@m1yf_wxK!koOkILEl|jEuK9=)hUEt-j$tbWwmd=x@^LrDL6b(@>?!f?>;)!K^vL&
z78l<N8G?0*{B)Y^epTQ8o|IYcSpp1499u8H#ka_M<tV2u-Me-5o85HyUmkBX$hOi#
zwks3WE={@?Q&O0t_w;M^!K4+dzZFtt;dOhPknA_XRhV6PwA>7bT0rwnaNl*IoxM7R
z?-1HeCTIM0@d>%&RTT6f=#uItZXV<5iVI@vq?8<^Bl+)zid4aqF0jaR9s|E4c{`~C
z$xQlrgYE9POY<mt)C=$YL*yi@EqQyUL-HZm6Q6gwRqoW7z0!GcX$Y+=I%#wJ<@er;
zqW?`V#3kS=Dj`U4-D*^5urvlmZibWycVigg*bQ6p>T~|pZ1mI4jmU1_N$AfR=fn84
zBm(@Rw508)q%@4egQna(k{Ht11*$b*y}|ZZaMTa)Rc^&i&r;1zR=IAdM^?E|bq&EM
z+;4;tU6<l`;jx{!;sx+0)Z7@)z0U~IdRSkSo62k;2Qzs_a7b=?BPkvVp<rap=ZP+b
z(Krz{YO%q%<Ei9Qgx>rD%~ZpBzbokWC*4xWixDKxBZ4&?Ou3~;bI(!t0vY!MFQk7a
zxP#*`<(mj;3VJ|1+%iq5NoO#<5<)x-=uS5CZ?QO<rC@Cf7uvhwK;5+yNuJ0cp+F-`
znx~(siFrSMrpNtqz)O8Ac1u%_GuOQSn&u}Z(P<&s%6**l*Ps>Rt85~ce)&nP?k1K#
zmVM0nR9v09CK7%myEkD^X>S%rvX)XuiWUyDEw_KDm!6Op2PokM#}X~Y0@F6KBw}#2
zLnE=iQZIz6%vqeq2@5RL;)GpwMrk|&<jHUe#!ISN@G{K*2;SGQP(1t3Z?-;7W^cD^
z&-NQ$EWYN1-nq6^q=A~@(mZ=T0j|uIWuZw->4BxI(AWUi`gH*sr)!(_f5Ss_;^bXm
zlv?6slT2n+YdB42)v_~f(}}jt;#2Fw6N$TZ?JRy)sk5vLt|n*klCx~xNruUyMv*f?
z-9U7;cxF)1B=0!@G2GkvPyq6WxO7rzeDW@#OXTot>y12uYytSSewkyICONko+i_^(
z%0i-&Ty2`$H_2#lkXGs1RIM?^G+s1snz^TnT&}gi2#kLHY#|cx8o0J#nsT^ntMTlm
zeTHF~)5i-mdBK|v9G$NmEV$m{1)ja!J~a<wOC?78PF)^7Aer}$SZcTI87=w%5jP><
zsyX9WDsjM{#ewt|naracO;(!ccXE<ix|h&@Wk7a%%+<_NMGCtMoRpCSP0Ir2|C*6e
zzIcFOuRHSoBCJ~{oi>WQXzdI$v~mq4a>cMMF1!$X=AHjZTSOe~V5w{H)U(?kdvipA
zv1zohwQZb&+&2vpucXOv05Gq3OtX%2mcC2pdZMYw6H4+55353HKDd4KbZv&b2gjR7
z-^sP~CxYNDUuD`KK*54LKicmxS8T8ls46wP*BWzrvr0UUjF4w8$RCU2p85q}cWG)m
zp*G^t^G?J7$(UxK(k)g6urzh~=98$>56}<c&Z!OKLZy%3gCH&n{coP`{vFcvXQ@1T
zLv{YC;x46fSY|GfNr||#r!LS?0?djDqew5q$S<o6U%%}+Xr$wdkUAkBx1H4hq&5^r
z<_j+cDzgf!50+2E95@`9=20p>`XNt$Nvndv65ooXO`-gX_Huc<z_;LTUn2Teb`6({
zPxPm-z&v6+O?gp;&Y91K33D$_DAU(B$|Tbt5sAbNQ#Cwn`Idcwj;g!W(}N{9s=MB#
zk?x3-u$x!K$70rz=5<T%qUoRyP;LNE&v8czv{6?w{2tMt;UZsZ#=lx93`l(a^0ld&
zvcFmuwJhKGan9`Y^kR`w9{KFMQ_gRFGZ2lM#=hvX_gC+s386P6+z%&o!NrMu&7?0J
zl>h~;a#5?{*F2#0HLbuM8hqWQ7eaTAPYQg)v5<(G=|jK54GLONyR|h@7k9R7Vr#Qy
zjqy$)&16=vz6!C@e>4CJ1gExND<0gGt``2lWaH3()On}7_B)L)?H=qyx`<<LNYIr~
zQOYF;6>8%NDUxw-DEzqNXPrKU6M7><68WdtPC}^e9%%4{4pf~ohOSacjKjQTGf6Um
z9*U+1aP-DBDK#`UZKJ@w76KiIKGoe=(UJt9E#Z@;Yt6W%nDY8U%%n_U*XPT`bFDD9
z{12?m?CI>y8h3!yX3Ie>-%tLjJOugYBRNNd5_ujeg+B5vjJrG%w)Y`;!8=-gL#gv|
zY}MvA6A^Y9H`kSM8#(pm60<KcA1hS`C1EWcK7lu{8so@wU}b#_Of~l)KIa=(L~KW5
z+lPI~G8N^}WNRS$tOOeoDeIdLMbak3X}2ziMC6kv?hEF(uX5Vz$;K=C=$B_?CZZ&Y
zulyrt{{(jBDI+g9Jg2`X_u}6=OU}lNivMPT?l#6X7~>I<%kspwD@UVoGNnJrx@)6`
z{d9VU*9SHnof?W}0B{z)uD!Dht?rIaxqdUn^VRNFUwft%@P(H8NX%u4MksTj)DyWX
z-9?fEsIBmEO<o?`7j}TBkZSm-&t!Z|%x;<1pEq76uI;6Jx*j=f^RJP}0Si<em>i;P
zV*Pp?qOSQV{sI!VamW30d;NE^zGEKzF7BN4ucpAyd`wshQddmJ-3!_Hyzi;Gdn^cp
z1lULnS1w(a!{DyCyZ)PA&?&V%rmeSs?rmV&<0B@Lp=?QL6;Ds~GbH)&6YoBY<WVt)
z>3#M^Wo!ZkucEho{-l(jOO6rmCw^Fo$k*o|LeCOC7&sq`T`jpGYy51nC&-Z_49xwi
z#lE`UBrjeBm)8=&Lo+ywUoHjEYO;(Oyd(0xBghR2gkg2Fe_Oif$Dc%a6xq?MdhGlX
ze6VnQo3pO_P`l^>k0Qj=#du4<_Je(j@t(63eVQ*IPIZ5M-7DhIR$aLZqnhq_^R{%r
zTI_}@Zdhh6`=FDDuLs$b66kh0H1AoL`J8#;>5#@-SVliLvFm&7-V$5F8S%w^E$1A#
z-1)_s*2pgZtemDf_lEITp-35DV!)%lL)=2~`}8TZ(Ayl+auYdJc7}=D1vBLNqRvdD
zjGHShj1J{9k%730g{y~*T~8I#fb9<`%t`t+A7JjpODMm(KcMjJXK42=XKlAiIgt5N
z7#lg%X12kS=b%@h=1|6zDr^MX_q+|O9RFkPG5rjcp5N?a@(<+*2RV@42$LXvUWcUZ
z+&WFY!ygq@<i~`>==+q)&l{X$)siP%Zb=4R3x|9|-IKq(C#D#fdBocKeD)iF&VILo
zo+xp2-;9%FL`bBUeTPw*>FPI->*epDEk8BA%Ot&@(DKsF1iyx@Wr5n<#<}FNEkvOm
z3(FNyTWa7{v)5J{1-BIaS(ez;h$G(P4Pk&kG{JJzcQA0w;<X9?%<&S!bVNol=F=VO
zD3FCPnp~|T1wsjhU2+*td-1|z7kA%saz|-JvkdXPqFjP1sM;P+0ewFY@dy-L6hs>m
z6qLE9<oCISHVOjEjIrF;xfeUjc_m<3Q$4r8GMZ=3brr!4Z)Bp>^GwNmWaWlvhM^Wh
z8z16RWSdexC9;C}=0(XdSSo%Zg=TZ;2L_D@Ti>_?WeNf;27I1R+=1CsWhaBFUAN{8
zz=B(Y<tHeiAw+~~B|7>wZ-LJ)7cf9uI?8SjI>tafqp%cGMrd*SW0C5(+m7?wE(Ihb
zSVlkpaHJMo{Mr+vPffZ;c<!;eA+3p6rk}{IkGjtB!6DOOYwR*%_pKd>Ve{x$*CN0}
ziTnDj*=St+dmZH#ekWw>USf;j6Rb2u=GK0BCkdI01u3LH+S21Uuh8u!a+VHoGX4&2
z`0>88%Du9+A*?E9nyVWH{aA+UJ1cC2hU`a762D8Nbk43ZuqYYwL=`d%?f=>No?EDW
zpl7ne*nMWbD!zXSOUHEDRqpV3NsVNnb}O>uPX6$4+ri*&A7q~NKE~Z2+zK&F{ww-G
z*8oo2U^dmelHRF9ux$m5wN;NTpSDC}V=I)lG>Ns9PK}hUV=%mt0X6;>Y4B`|HEoT8
z^$`P=@ID#y&LwnJinUe7hsXO8koyQZ%=M9twD>k6PY?@ge6lFDNSBj<ad`g|@*1AY
z&WEjz6vb#)Z=Qtk?~)27cKcU1PISwr&$-`K<`7ptd<+jA47-KhDHD6GX~Cym0HBGB
zz4k)(^ZUt``r#Jk_taTaB_sNk-*TV7*E>MXIAn8JD{jzn?~DyvFxhVHl^pJ2a0_Js
z0!sL|Qcw2W5)i&*p=JVz*;_h4r97j=bbi}LhnGp{6q1c1uJ6Rd4c;ugO>Ab@Y)<H0
z)d4iMvZFO0)ws+6WyX`clF7;|E`St0FMn*Xs~XG?kyQs%E=FX>Q1KE+9*mNUW+hgV
z&R4f<4Ktu7KotBE#mYI&a#Yp-1{k7$TX^bGT>`;nrHgrKP~>x^w(eB)-4iqG6Eon{
zGAA0{41^4OM}WN}7M&CfMX-GYYCbe~nIp!fceA^)@3x<PPv5)MSEDI$sPEhW-#`VY
zct2NeK$Qo3tr+>|fIbcnpraA0I205*03ID6Qjp`M8yBc`Tqi;BNrIov2HG$Agmlb&
zcy}8eTSldOBV@~sM-awJ@5_)YI+cE`E=rXeOnFUm{!-azdUn~9RsLr*^w=foW5T2T
zqYIViZ}$%4S5)2?o*WzV&rzNnKHt6n>gAP-vsvO?Ya620DF*jU2%;*vAAAI_PTr(j
z2X${-B!NY8LGe4~jvjNH%5%QY8AWY3u=YtHVj<=Iim<K~4xOA1U&`4+l!3Xuit5Xd
zlXPlZdt$K!Irp;E==@MQ_Y)lAp$Xpo3K8C@Al_>qL4;}g(e_-QV?X=hzLok<wJ!yq
zvLD$u$Vz2@bvwrbD!y~nrWb$WBIDrA7ZgB{#~H9U#ZoK%HV00MX@%{5``O^$C2F4$
zrg%V3AGIQ#x|nM3WHj3Di8r(!;s4Y^ld^$B`fW-Lx<VGJR`Ux_7G-)^``emDBg;e@
zXzkG`qOs2Zv>fx>l{%vFVO_*7e$nY`oV{1kS@|f(pO)G>>_f_J!0<%%8Oh(TjlC~4
z|6r+o(=dQ*IQKRUc@-^0@R_TYGpbX3T1RZ}aNPKo@bgyq8H4*GDiug<?ri<qo;xC?
zl37}Y<9geES4nf5O~Qp#Y>rXedr*=p-?jm$_A8uJm02J&5d$*~Ql&&3a<IO4xMTTu
z4GZ+*lW&tX;f|>wX$IohNGG*8(CYxl`xce#-5cO@SJ)f^-;e_YboqvweC&5e+Ge~P
zlne3UtW3*`s|=;a+gUD`V9I<ND|{dmU5=wMa?;OhAL;YW3?((6p~~hRQv~q4dvXQ`
z;a+oX>TOLw`F>?#72ZNgv`;Ad%pxT;m{Ca}VQnvOsPv`RQq#ioD+|tdd37n)&a|%)
z$QHjvaxyEfW^x8q;qV%00(4mk(Mt-!eRF=1q`-sq7&Dd?T9HrS&JVxGdE_S}$VW6E
z#;N^)d#|VP{mI#N6cXPp_U=oreXYln)^I_cE0|D|p`y=&3KE~YNHvK5QTUoxEIfaH
zR}jNE-k$;ZKD9ji_bZ6aJd5jlG7pK(0M2|;QTFP;e$SxUPKp*aEfUY{gX*rUP%fgU
zMEctR+LmXo)?-zd7Ud9)hC2)y`_Fkr9#O=p+3@yt)+Yeh%k!pjbnx(ZFuu4DOsPMy
zO`55vW>CPt@OZ9?2igQo*BlkITP!JCS)`#`JX$(lxphlkORpi9t0x-Zu0w>Tjk6&K
z<DYp4Po5-0jdD$!%>f55OsTO7p8YFowG!ez`gJ)=xq_2&grV#oqM@(2D(t+Ky$Y=y
zN}XO~p6`*qzAO|z8#O%E8nDV2#pCw8dG=<>1oDabYAUo3RZ}1bFGxJar3`+aT~uY4
zvPg%TBC3yYNI|kK+3`HiT%*fa!-I%Y@6gYF`b<aMBfs`<kUao#hdpM|V7{Sqz)}ve
zTH5&|dW6YEi;Kil>FcEgV5pTn>a>c{k8qcxGW?K|gFhWC@qB@BR=%fJ(HDelwD@Lo
zk<$p4y*1<>>T#pZ1ZZTEwR4I=rVY6HhpI4Li+H9Ti)iWhWo6?-1qIInO%D*a>vJ{`
ztMdu<3gP^dLh~FHYHGtAFG)#OPnF0VWEOTvWw|jo%E(bqELaYp#l4WS(wMnQ3bFLG
zKlwJ2HY**HZ9Yim>8GrLYJ>mwnuCmn^@tbt)YaniLt3%ovqArM;Hm}`q~Ad$12qje
zV#nC%bJynXsGZ&wxlk)}jV}D~fXMltG*_aSbuwf#)%1KH>!{Nn^X}jVj*XHD1qZFP
z>-;3AKhVqB`&S1|YCZtHU_)u5u+g^BXzCNYc2%*btGb4j==TRJA0(+QJ90`sR@tqR
z<eb-L*1v|%{@1&)U!sKIXQP<|EG|-_6C||4hS0taQ8)<yaNtP17LL*gbt33G<Uh84
zW-wN8CV3;e;eZQWym6}{gGH)9(H7rh7ohS`fjt-B!AtCqUC-sLCJ){1lE6xS08oBY
zA{v%B2$49T%v98&%vR*odR5?UxV66;8Z9lP3*n<G!l?qGys`!DhGIqS+|B<jo@Fm8
zuut%zXthdLY%k`#H02Z%;S{^t26vB0N6|5HtYnm;U{y4D_c{%H<q1G$4oK?^@#HGe
zwl!lN+Opc8ZCM6Hn@}fLP93=MX|>!6vkqNZRqA?icPgCB`R*TQ-ubgxWG@gAZEbxn
zY!mUz*Wf??MzqyTp5w%azom|q<MpuYS}vEKb)vta`>+J^CYrElTmi{8f-K7$c#oHB
z@<;h_Wn%SCmr1&Q*11qQq*pe0FP^A+8q`#v9eq@uz3>qUDMtNj95l|2B<}i27(Mja
zlk=<b_G%Fv6V;w;fUKN={_V>GTPVmy@ux*gyC+?&C|#W10fy2sS+PTYilqMb%Ys^{
z1E)YC=3f@pOg87*3+H%JzFBL}4Nrd1DiikK09NPt-_CU2W)p|=vW-v82c3ef&X}Oq
zwgcK!3}81dv8KV}D=2{MvPUfGCCU}SeiN2hD>7@cr^P2{U9^m$!7*g7qj4~9dXT7b
z@N=$(+!DdhAj$Wu(EUl4Olnm0ioI#Lh9#qstdm!{ZJn}S%K@^7CK*<{11}5c!(%xb
zPw2&<g4B36SnoZKe=q#{>%|Ki^vA8fo->b`;B_iZUr+uF^aLBVlH9xrXm1x>5>KnI
z)#Tk*pK0#Q@%cXhQ8pX^a?}}(_b+b`ia?L|O6O+32O@gamX0dDs;sV$j6Qqz;QSEH
z{+oxv767tCi`P5vk@wx}+h6Ud;}&fn&RnmujXSltPEuM5*{muDj?VFY$~;Z`>&I*M
z@7MoE>MY9Kuf6oS+{3Qf5pMpevQkAGnq{qwM(x`JCX}=^v~{9D&Ua&l<!Q@)zTxhV
zF}?FPRpHw4>B#lvV>8XPnH<FI^0O(G;mg??w%Y^8zc;(1<88Nwh;j^Dez|*fmb$=~
zde2+K!A@0-UFqx4>iBlj4oS?)>4c5!zuj=O?mJ?|pOj(Q3FFu$bQU-U9P+*p?|pUh
z<f!<9Gtb~#mB$vNLx!xb*j-cYN5(~lT%r<9R`g9wB7hm&n&$Y+0+)XMgIhKjl-E)H
zZHVlSa^*y&o^F1ZT}e)a%f2JbrR^C&ey39Z(WdiaIPIZTuQq?^*1;==J|AXATsCE2
z-x+pawK`EHT+t-5y6G3dB0ocG-91zPH|&1)D?o~%#7vEO>oM<dl#7ys_%`cJA8tYQ
zKf{nGJ)3U(r2b*1GeizaM2@f$DRbydi-P{oG&1%d!6<m^+#BzEQ?&NoN<jceM2=di
zT|X*hj&@{@TEtzyVnT;;%V7m!#(}pTzw+-Wdgx+T!|Ypcf1(-&0EMoDrR|0u8KYdI
zyUH6^(vXO5I5Y;KeGa-<I*Wbx2!gr75HjR@4=T~pA`#^~B}#J>!%+30w#gT(Y*y_L
z<M;dN{Mh+u7bW~2M;Z1k>)x3-05#y*7&B@roig}+CUCcj0&w&Q!(kWzePUKmx9j&+
zh64j)RNx{K`gMX`d*UB-li`qbw)dW2&G%Z5s&k8Gl?nC@GZSJPU#2MUiGOwq6C7R>
zcS=jdsOfq^KY8ec7j(<-{#j1OZmw0D$~#7Vo=D6ROLOEF_PGAW4tQOrzgl+`(9Jx2
zX5B-iEG{lFb-wO-#!A%cxbI*U`Y`smj-vx@eSKSL<`@Ez#G|ktE>+3w(6Hxe9+mFD
z6*wo&{X@fNQ8+Q5_RrTvY|A30VgK47?=h-n$1UgqMQl@7TX9V|ZgrAS@oZeyx^Sp^
z=TX)gP~lOmk!h*CgwpKfx$U7vTAknPVBip)6F8c*m{~J6WZi_Fwt~pEjPO^>Ro$L&
zu@8q!5~0Y)xKOChGv#>tL~k|A7iI*DB&K~XPQ!NObj^Ik3zt*2j%VQ(z=JJGWfWz{
zKN($H7ujf|!9xwLlrzMp+EmFyJ;IJQ{I*ehw2<WzPCx=#$SO1x*cV!_-juYVqB^0#
z$PX*cZ8=DIOUjSBXC`8C?J`a(Qwwptu`2uhtNtpBEQ#UG^DUlXe>R1D7SCajG5s`N
zEgl=SmRjPfk*LO`7L?2p-`5D9P`yJHtH{;v_!t@Qir#x2QPikwDy?0RQ>~YzRtjzZ
z8Kq+!jj^eK?Bz7f`Ef{ztYm~jFLLndKM-`?(<2se(=)<I?3HLUH)K2)N1ursQ?Yze
z`1zt?%PqVydBU9ELn?}ZhC|W?+|Dn>Y46tv!Zg@udM;_#SCNV`ra4}F72k)U+-{y#
z+=qFOR?(d<49ph_9YvhXnsyghjJ9^~X~l?gm1GYqQQd<%lwy}nENLfsE_nA_je}ei
zC{~O@DWsxHQ605cD;-6Ar`&(6P_|C{s|wJl7;pCj)V?%71u-eQ{TN5PxtIyteOA@>
zICxS8Ox5pD=Ft{%IqOz4p|hKXy?mVb+4GKT3BEJO`5{)Y%f^H`hIXG-Z~z+)hI!NA
zw5=xWYgzVTKAdw>$Un!g+9BEYDQL$dSaSgD_bDf(p(Y!49}9{0$t4&u&6Lu<jB}fN
zhHUX#KL=V-Mun*R=5q>*HXh>5Z1{w5&t&b^+>a7-tvD*z7YqG3HC=u8&2Rab;xJzg
zH<Z<&k2=yiW?ec>fZ4t6B-M+2+4?tsgoXgO+b64q*VS>+<;}C5I46LIYfJapX*S`X
zuG6gWyso}Bsg7RKi;N2x8dU;9z%}<6ccjm>#qV@ncOS;Z?;mtr4W8M3q6#`^E0iGL
z8YN}ddId;;U^{|{^Ytbrh`1Ri4D92ZU$Sxc0nGF0%*^9F_Z3ih>w{c-d6)YIQhFCv
z;5p3x1q%L%%zJ+GEh_POwZ)o;{)mRuu~Jl?s#a3w)6Xx_wJI(-H-n(z|KR(Etin1&
zNM37xWFF@NBz{E<;Rq3fP>)dLPM=G}d59zo9K{+2mOI0m&xZu2Q>^)L2wFmLbM+U<
z5E73J_ytPM%=6Gk6S>=hlyCk|&=0eyWux_pYw$vL35LDQmZgx^;R~ftoR6k=o)t^c
zWXYg+HpMUiqt>9Y6`>c++J2XwxIr(<nkvF%^8o)Ku}a%6KSmEpF%;%Lp9yhW5)S0E
z%0+M3$k!0T#m7IPp_=_^9D1KoDJ#IrwHVTTI`d`lCK8E?9|Moi*p7f??co56#Ht2K
zkDGhD9(J&~H;DlKYTM7sM_?e0|1u0+0j)CBMUN>qnYghxMBR$DTp2m;&x;JU3w%?P
z@d({^qh>G723w3>y=qj#k(TIgC$&^5M%aZEr3u1@2H8#y$I_5Mfc3us_&GKSY@gCU
zb+Ll0(%6bM6CvV}(^Q>siVEljf5c+Ksv`Fug2I+wt2Kb0E`h*HGN3I8wxsrvl;l*S
zuPGLRj|VBR!|d_>+RToQ$!kv?ej62un4@kq?1_H~r%w!}++mZ9e@V7a3{$wF?I#pl
z@Ve<^lb9LY6#dTmWeVDcwVT;Dgx*c6X-T+?#KOvuECzJAmkqnP4$^V3?nMKAnJ=+{
zp{m^7O6vSi4{JzXRi;LVAzIxtL3XAF4{eAB&v|yryqbGeqJ}rbqf=S--Ac+l*E@8b
zhaO>_N72+^dDd|qQ<>7pAJr*kq-kc?k@Af>Q$y9_9vYK74px)9WnRL%XDbLZ@5ZUg
za$c>->d~^)`4Ml5I!<I$hO#bOLsh<mI)<{U2MFUEFGvlC?2&TapR<GiA(Q2@<l!2b
zl154ykj7oZ>LCSD|ETH__m;o=6hvygr9hbaa6rUlxz<db-}O&{1PFWPcnxp0f<LN!
zxTT?*1A6`%Z<0oZ<KVNrceQb_ea|>J<QXDXVaZ2)>b$4$a_W3K6QnyszWS=sh$gD8
zOcUk0gI42U<MICypd%uPv5d|TBAo2_V7V-fz&Q9YCGx+D@)#m9xr>5i5J9vjvNl-m
zLkp4m|3v<%b_K7d%$Mpj{8vxKaRZQEar&i>l)s~V=+T!EA3_-KuKjO)-7^<#Hd2+l
z`9D^{2-OXn9R~-zLP`qwaMeANbU`#4gAvJ;I-h+FDY*#yziI}e&#FsE2KB3p$sGcu
zREJ=s7+NDknJ>W5P<8XJ%Sbi)1=i%QnZ(4Ippwz#F16gj<W2=boT1tV%HO;B=*x!Q
zY*XjW8MK+|Jn%n=>B}(dA$==$N2}x99vv+Ib_r<<^#MXKeIPnYH^i!YP7=Qori2Vx
z=a`&Ig1EWtoh!gkj4>s6=smNieKLcwJ0EWx^AC%y>lww|-%IdUYe0~))JG4d&-mwm
zouMl~Jl&hr<Egxn=2e-1U;+6ddp@+vqoIpp@YV;Gl>3>|KN_K1O+jlZqg7l6{<DDx
zsBa^DoxkocUUx&od|%D1$X|CQa802_9VO87iO(7s_*`4csbYTf>aMQo@b9*A*=5*H
z#r_r_)oebQ=Gomv0hDps{qVi6E*bxB+~l-}HycYPLSI*J*AyN<{=0Ms)<SBH#hk(R
zVz{P|Obk3_?56;(6aY(d+V8pSh+_iOyw?X4mCe;WobQ6=cskaVV205Es@CfY%-a!7
zRzc&+^ALyIF@;AzYi;2_J(V6TF8$NHyA2;fIj6!``P=>aX*!oltZfqT7Z$3!e-hxT
zV4(QPt%YeQJd-0vsR#>=SyP#1Xe8CJ?4kl(48_q^;^E(;tZ|X?8pbqsw4KqukZSDY
zD64xc97QJMLiYMwc}K}lx~hU#%G-|on7if8abzs6iW9)d*I7%ZJ9O!&rW3XuH3`t-
za{S>dTJzDHD9MwiGo)ZgBz9el`gt(9vY+RwJ9*LGOEj@caSB1>xGk&Ckw@$tTDhf9
zW%tGHDK-3GfO5?$`S;ark0{ke#{xxv(^LD<FSf^bfSbz0kWjWx`<6o$C9dYH3h!06
z&N|zdLEYq)dq?v-!WZqV_xZh(K;<j+iwm6^CmWZG-kFy0uQFMyCGn(0v1+Q@{Gxyu
zDv}espO}ML7rj@?xKSClb2<lNf;#rIrMof4P7p&696$OHl8~&DUZFIS-k~%+n!$=P
zpUp@je~{>s;EE+y0vL2Sz!m|NP8h(Ck$?23pm)hxdhWw8UG!po_1VOH2{o8L(>4e0
zIhCHvn@T{o^S<PIKv8RHF4)IK<Rf=p=V;Vkv+QIhGT)P}@VwIoV7v}DPmLXx)(<tm
zLoV4t9}}N!!?HK}H6M@Tp%lDa!=LVUCbCzsda%Z~5oopkUCSG?yNcW^TgFWbh@ED-
zdzSl)Up8J^s*fQ3K+XEjd1@KqG7$3%&vsxDW!N~~6}YAv`pJ;EQN1jp7tH_ndnrbn
zZciVkaPGP*1OMN=G>{~rCh*fdXCmfdcHRJ!TxqHmDD{x4{@=Lk06dExGER^YnEDv>
zEnZ%9)-y1BGR&+rF{4i~p6<0F%|pP|W&URevCFPo4WU@=v~T7=-#o6NsB^$bJ~2+>
zpNzn70N?d)(qvg&j*WaCj`O1tg=oOFGS|dg%wvO_4j#lS9$JY4(PJL&(1I@DZwZ)x
zegja`!2wl*!hAlVu$G?BJHk9%f`W8DG1J8+b`a-+qhH(qu=UrY0jj%o!6S!(d0M9O
z(V1EP<I|<IZPbv2YtyGoG25ukl4*)hU!LuZ?zZ8W5k7f8+uh~~+I&h`4&Hs|4P1Ar
zpkcSJGWecftwE^4$A|wYv%ob)z+*0w&EjE%zaHV$a_VSfYiJ%)VQyflu2sfsnpz=m
z<vcoKV|s=UZQOA)=}^<N*&=Lp=}PPHy|}7kReJrbUdV|$ew~&hMx)Am8pSD*cKAZ#
z<&O?bs}Kvz5x7;7W_n*rUOZ!7iG8d}aQc#ZgtMW(U~_&YE}~It&|>82hr6hEi)r95
z_d#>QoANmd_l;ja2u(ufcVo(6#aknD-lLS6OVnjuGTmJ=%PVr<qv~?~Jcy&zUd&3W
zlE}Q=$cD<;EJ~_e5K4UiCGXC65`ZoDFZJGnck@5&Lc3!lnW4s9APbG>5w?nuvvF5G
zfSZ?JUwjs$chh|k{-VEeaKB+g5#Aq~P3w_f7QF+6o-v{5aJ8nJa~p%Y^CN$Mku80b
zgOfJ1GItxFm2a}ZB!rSmS6^CEY*U1ru)%=J?fQ%UWJ-xJr@~ISFteROn@QW}-o=x_
z6wv!rtrT3xBa)*`#W^jA(msM@Iwnjssb~s4`)cJI1^awr*BD3E&f~Xx{FyVO!ib#@
zZ@9)H2gQ_-<JC_9a0Y9?SMfUf_a~;GvcV+sYzA)t2PcZ^i)N(ivmN(aBJ`lXY2sIS
z3q2{kUIoXHl|@mMZ9G=tGs`K|Z8sM<G4D8t3GN<Jz$Vi6u(b8vgE!4jd5fT8M}O=`
zkwVq23+ZOfEyTT=B=`1Py~Vcf^PZ%GbBQ_p-CI3r`6X+Xg#2asp!Gwb12>nlf$NKW
z)KoCl>ELF+!Wl)-dLtWTZXa6B)mg{_lVwI)<r1or{bY08B}Da3dPTzvUkZyk(J`?6
zud!)~6r1o%DFH<R4jQZL2;C<N)<ozkHc}DV#F&+R%I^~o8~qH|6v(CPC=9*51^}gC
zbMZ45IB_1X48wOj<WgI}pT{IJ$ij@>-ZnL?EQPr^ku#hl!RC0ZW1YY90}cff^uSg|
z{wTBrg5scf6rYW14464Ce_b4=6rYUaoM=R$s}T6lSInWEEsm^CFT9N3LfLWbVv0f|
zW@Tp0|6fvpBxz#w_#V#U*U|zL0!2bIE+@`6qIm3rS)1(-R8Lzd9g&(d)DQ6O@g&Dj
zAvFhCK@1FWk{EaYFHk?w(3QL4E6tRJQ(;qod=_CK$r+EKq@*Mv$s@_X@q-Hq(e3bu
zp6qjOMq!`Q?bxtA1D(&!k9>C6^tAN8=vr{3=__4V@l-ooX|PmtzUY{7X(v~797=CC
zfFNoFTa6<GKLEBni&shF``YGtyNN#(QB^sG@HQsVOUFQ1vCo}{zeK3&n5><y6fsP2
zN1rdgSV@=-H<FWX#LL9lT_sX{)i#$BY%dP`L2BY3N(}$VF=FcPH8E|R7n%}EvC`3`
z{wZFhF=~XOJ>L2XPU7mwJ~8yQOxlP>>vOg6lZQ~Y#SSJEue53A5BLmS%bhq)OpUkF
z#fl$xzL}w`U}>icLe{UpHJ}dV*ceP&Lw}>wvks8iSn{^4^v{&Z7=?D%{K|5Is!TV?
zGXjQ|cSwDqPxtGZV7z+%jj8dVCwC&+iE7R>Bzy~aVRstt+n}qB782u0nd#vz&^|@C
zMbb+%+*#(J;CwF=Rt>Ka&h<?4?(H0p-^r-15RB?l<}uLY|EZ02#swD8%BzkR<^2~g
zpb~zVHk@tw-7*tS@AqG|Nfri+%FrEY#OUbzhVO-Tj*zv3J8I{JAryEvf{RS!dQ(a~
zYo4}Rz@t`@x9+4dbVuZgDL!ShtowVq*EeULBaJp~bS7!#brF^1M9yH~Bg%HX=amIa
z6oMwhNn2na8{p1Q=Ke?6{Pm+YX7pr(>X@3N3?SRGB5C19x?sFcb*$w^I)i6QlZNRq
zwb|ucs;US+ooCDj`fw{Zraqe+hB<H3IFtP$H$)#ZKc-^4quA2K+h&BDh`C0h)Gd3`
zY6y8W`uECV6M9z&Wy+)e{gCQ^>70pY;X-k{5yh-pH~T(j`Z-i{M}}fNz2M^QNsNcR
zD&M<kW8YlJf%}94lgWlL_9l79Buv^Yg)6+*6me%UKI_q%hz9wlDP0=SIkKbC<Av#d
zLzAV$xG6m06>d6qn6A#fxwE|eM1eB#6Zu9XmWd^p6CrP75EYD!<yFQFF$&;_d{YMX
z(PH@MQ}}5Bg_~Au`8^D~&(bYa=_uoD?dg$=<MK0tR~-~_Zns(z*X0SoZ4!3>T<V*q
z3i*)PAtwbLBEG}v+btfo%l({Tc~xC@XHVeZD30d7%o72-mRUSo>NLf&ph5dUVDC{J
z&25jVw6^9aa&PegZi|_dZ$%H3C#Tb%5T8^>Jd@>fCm0s)xmKyMmdNB@9vwVWs&lxE
z_Ra6couRuo)-2wnn8By}h|=Sl`gxg0yCTvh$A1xJlxgZ&t_R|D7ey$paZ@R=aAlI|
z?Pm&DHn^z&)=8zlyGMDCFb9?<OD8j&oE5aI5{%}dz?t6Z)D?`bji>NUDW-}=xm`Na
z{)XX6hF99U{Eq2~vy9+D`@b;u)?raaZQm#%(kcwy-Q5i$Au%A`Al=>F;1EN1gLJnv
z(jg$--6Gw6w$J-~C*Hr#b#bq~;*Q@P!)#{QYk`!EtMqM*mW))^2A^WBml1Pzd0Jw$
zei^0gY2UKnvhdV8*1D1!GqG>#8LbW`GP6%wLKeiC-`rBe#q0}ckmLRq>o=XL(rU4Z
zox3|=!tzPp|28|iIWmNAu(4)jT}b|g5j{|w<4r`c=g758srEr3P8eNi5E!Ln&C}4U
zpOxV($P{55sc4^`GM7{FZX?0jaFhN~(}@JxidT-qV62|HKBE=0wUjY0oH}iFv~)MT
z&QMk4_b09=wwR^s562=EMP^9`6A0S7%Yk?YDL?3B0~N+vV=&ymV@}+$WvBE}E565A
z*!sM6M3Ni+&DxPFMxr1b$=Xr1N0hA5Q?+|iIL*uTi;)iLfLqO%ub|3oC2e6!9kt5L
zH#L>{v-fk<A7v^!hTbN^3nQdg9wUuyQPZ$!8|4?{?aZMNnEZ4CWhAE^NCtN_5S>|5
zr=y7}fpvW!DjevFHH5!<8$lCc@7H%>Pb=6Q`%ysmIXkeA>KU4iOA_W~v!!5y0Kd&#
zqiWA??b<K<;$&S6=y?9&kUaO)Ayyf9zxLj~6!+8v`Pq?&V%Se}seJy?kZBfK`24pr
zT>Cnad;4&?6*TB~R?!f}`P2jEsI!ke?2jqLpMnqdS)$Hit-)71*7)1=72NE;m8MbE
zde&ReMj8cL!A#&k(pAx2On9o;Dqfw#^c-X<39?310&4e{pMSEy*ObO-Ekhb2O@<@V
zw>Bb;>m);<(=n$o&w@O0sswZ#$qTiQOPE`!@X#X+wM<L=$)dTih%&fpcI-5K*0zgr
z4Cmd85r6bMQ2>RXGz@sod4bF;ng{qDJ0Ohn83!v4zXV(=H0|>ZJ0O|%54@r-iHb-2
zL@ZMg=_D*)&J;uCOeLYAH(O-8Pe<L(Y(EfI%Ew{iC(uWU92L#;tRn-TMmYm`=Q2F9
z-*VBx|L_WiKnOn{Scri*0&;j$?*`w3e9cT?@T<Mq>hS2=c;G$07C@K@nbk#bXuiJI
zy&AV@(-kim?WVb>9eAhokF>VQ%Xf?#?fz+#UvW!e=73jncy1X_EsxA%?{cw%4C8-4
zoAk>FRxl`pZ+loQ+QqK+?%vY003*kePQT^zNr4E@Wce4v2lJ#IbPWSZRZpIJyU;e=
z2L;nSxY)oGd9DU$$OhE?<>`)U1M9lFgQS4dQ$N{Ct>lG1q-aLnz1V@)*KFDIkIg`b
z8O%~wi#GYUW-1ZWNg3d%MH`C!L+1>L%Eyu}rx!*?zJ_)LA_5TP)2zwMuM>M`x^49L
z3(a{3r4zQ!0n8a-n_N4Z9hety`GZ@aY8ppSoC2m#*n!_ZAbv%OKJefWJ-p4zKInv0
zTrm;uUa&q;<~9}2GY0Y$z1S^%o9dC`pi)^UyeO994aQor&Odct6kDvd*$DLp+qBI~
zEJ`nSAL)RfT+1QTonvoBYQC9h`gFBn(LJ&d;`!x3@@~`UUR(p}NB1^tnw9tx#tm{L
zu*jx9p_?y%vdAUhsry~0kW8}VlLLvq)$%$Zy-o8t6_I<NRXZkeYWtmbt>)^>GY^Qf
zSqqnhHQSaojWWbJI>lgmI6lF<DQ%%<EFNUrhTOCopOAS>BVflnnYM&v$Zy{Ufn5gg
zwEMX^uO`&<Z&k$3@;zqOSou!F-&mIDn3KKM3VpqI1My=1wDk;d4~K|C$YvP?6A{r?
z47W0glhtla@J65axggkH1lz}gI_is4#58-SH5GN+g7Q9{y>%nXZs`_{({G%h5<4%0
zm4Vjds0Qdt8Y)@`+~O65u;zcclz`X3%S2@$t$VtMMKNStwKA$0cCk(V`(F;F-z8)Q
zvx}3p=CA#Mr%oIElFXB}Iy&%e<EV0PubHz#1ttexbgeh~^=PseO)2~pt#cikAuFp?
zXfw^mm4Qla;HU*#3UjmXfhmg3cQWCjA5F*HqA&R5c$t2|6iIokT?)~D-yXxrj%mt{
zk%2$4e|d_^o0}8lEL`Nw{hHdJ^XX%EBI%pE##!~xRl0702Hr~rI-!9i>o>YQL+syT
zIdv?v%cbC~*IY8%N*l<ByD@o8gk0*z$9+tYYkZN3yC+mvssu8TJ<e~xEF70LD7ESx
z3!Wg`t37YG8>W<BfLe5)5!ciUu<aQiDj(6-l?Rs@tV++i%WU>+P204D-*%g~Y0Y}T
zbnTi+f;XC1D)v;E|Md}0fPP8r-~Y52HLDdRiJ*V2D&~LM|IDZo|LeP`ce~Z+Pu;^V
zk44CG1Fcmd;tz_iZCb0Fumf*xcp3k^CI%dvNfx#OEjLE@KbA7lfW?28x80e*WaCfx
zU+4>V>TSZ^LH~H*#XbQlTQR!J{v&t&AI-P_R52W*0DN4uG5^uK-wCW=e{-mhXj-Z8
zY0AJxU$$@2nzX-T=4IRpm;m}}5fdor>)0gmFzNevm~RO_*|ao}_Jsf^7VvN(^)`z;
z)(a4e%|wRGyVY}Wbprx2<h3gm40?9zr%HqXKEXy{c)<IVoT28vsc3Ykuewr!$wj8n
zs)e3tr><cgK)+HUziDQQ!pk^)Z05?t?QP-kV=?gu@yy>pOjb9`_%jue7H%&eCYg@J
zyHoSV3eBbjt#hx&A5tu&5L7(O(|QC)vDUPT&c-=H-IM9t>*br>=eD`XmIcd;anE$t
zv|57HlHJv-G!_4~qk^NS2wT9ujbevcuEDr${}tKHGDSIM`lrqAl&P-j|1gN=efS^E
zt7}?vrGZ!D1auwsBKdFsYjRo8x*B(5D#<K&S9V$hQGQd_7)66X<;PTNPtpKZ6<3i%
zA$ureG`+6nf0ybZjAOj|%Sn5(#7GNOTpEm3T)flp%SmA<NJ~{*suV3{@7ku?KPTC0
z5HOH^ZJYW4YtZdhSPG~Ln?P!t@{s}CYNX5dCrR-J1RTpw>p2#t5%|@NdVOfnvkd7&
zv;oA<frSJ{AN7BXc>p^BgDHZIMmiyuMtXP;@Ob7o;s(fK6_+^W8({VkTO-||m+oax
z+_5io%M>?4L#r+3O+>6iAwB^D6#yyNg>2HTP)ia4z>LiRK<-<R0N|#kSpeYRL4c8P
zv=qj%RV6V1=OLrnlv`n*;~iWRBRX?e#6O7B$FiTEcmF3um-<*=|DX8SY{@$NCvM4J
zS||RIb%suyERJSV^_bP3bH}K<z%D15)#fY!R=!Ng0_wnu&5Yo}(WE^o(*O8M_ZC1e
z+srsdEdn6Z%F#R0i^*I83{qZw0g$wObS%8@HLtFm5I!#bT3NYWw}bjG!1=ae11x%$
zPS5|~l5hRX!7Y%3PtQD|2LCvf?uwbTuwG)R^BoE%0FE0VbOaRUO2AhO-%L2fdy@8K
zx|sDzz4GmEU?EM6(c#&E2Fhncjr7xA--!A6PWK0_MCx)yNS%Z)1vQhN<<i@~MYau1
z5ga42)U!!Nfn@*+#fX#TDz5LT@$gNIW7U3BFo1i7HM#$im-Nq`<jf_v&J2*bKk1u-
zdVlX)wocv7Qywt7T2Q|VRS%LN!Biq0F2j<g*(B~XUdjE{dFrS*6Zce#Y2zYbi@}{1
zPfJup-EG6trW1_(JfD*$)hbdS=JH%PEi*4FnBelfT=03`y(8Y`S!I7JADr_>BBNn-
zAoY_<faWFCQ7qF_jkTLgZsP3^{von@!A@7i?mL<J5@(stqd>gv9D(%@=x-kMQ1Sc^
z=Bz%*{#DevcuNz%6htm7($}0%!P!tdY1HG4_9`9n(Wg4c{QIN_hDYk0MWA72wDcg1
zR9u{gMgWaaqKyleive0JosV`z^a1gtSpJ#ip-HL^+*C$kB)M++cOg|g8RbG0&jS{@
zPT;Bf(nM;K4^?!+rZPYBuXwIZ4Y7RD*zs{9I8BDd9g~@~=pIJnHBAc8o)6g~*rjwB
zH0cJ0<EejZj9?;jfo;XZ*k^wm8yy$9N-;8Mf{RDvS;>eDtKtBiP`3FIOxqlHIq6id
zPokVr7EKt<1cnmMCc}Svg|sjq%mec#(0H{?N=7XqOj^;&!|@gkW53-8moRI3w>&ol
zf_V&sM;EaOC!VD$8lpiQQQ_#%gPMYGx(nP2evmZmFGYtuUXys|E2CNv#!ke?#TpZ_
zT@5=ng$Y{}d?2`qjm{s0S#oA>4YWq?zpTSTsUVO+(MgVnPce|ns9`EZz<digfT1-K
zD{x{;nRVrYqwJ#>p!W+2&j%Y3u7{N7r^PkvM}xcGkf=Lz$(>LPDmr{A>#`wuK}MK@
z4h&`-&#!}?0h5d0@(W|h=fznmBTU*U$lBH3;we%6;+}ddIRBZ7@Nate-}3-Rh^`JN
zJa<FoyST!|K+L6(u#u_uZVqiXjiIR^F_uX}JE~aMPAW2=&oqGW5jyOqILG2=YWjBG
zFJhdYSs2&4XvC=@#Us&Ds^Uxz5@kcXQdr3I=A}KhyJj-5Olo|66^W9pa(eRHdZw1J
z$xAG6@R~=B(BxJLsM>UJ_~pPw!NUStXtk<_HTJRnCdmx)H*F^D(S<iu&=uxLe5Pyn
zKLf&bsr|~h`tR^`OxVK<Nxom-2Vh9%>-8uneCEjE$p36HVN_aM3_HLmg$3ExOm1xx
zJ^o#13omz#R=}){qfs*h`2@3VOzB9Bs9rl`4f$Psap;xIkZIY;7Vq{pz#AWJ{gV+q
znJvD5F6D7wm=uL|%VdKBG=1YW6W&kTUJ0~|%p9GpGec$h<4$H;0*r(3PH_y5%qrrB
z4sojZ7eao#rfPem_2>E2lISRiA!y+_+|3Eb*858@mK5FN?|PAo#SD_%F?J4k(r8S&
zu*qJ-i%pt$4aDteXUs8q=9h=~kRMM8gf|c8%w{x6bBoxqwTVR?lf7=B&%k>v>lfUU
zWMSV9PeoIA&f9e~wmV7YIbK)`^Bde)g&D>}aPO1RYBQ+xB~3Kaq8S&sar2M$SbjOu
zf!Vu`<hSydq3m|i8v5fvtr;(>M8d=oj1J>HO<P*|PQ`nAelhPRS@C}e3S6rcS-wHH
zzpZ3p?jxp*wpHi!Ld8D?i8YZq6<0H2w751y5Zb^dsEJ3ul}Nkyw;6P;>k<lx;!Tsd
zxn|h|c`Yf*;inhK;Dqa3$P6NQC&_@k)F<bS>YG3x$LZ7wmNTw*W9IN$G9rW${#KgE
zC?`q`%h;=GJJkIlxvnxlWAVWW`C2x>Gi>1W>Wp5R>Jgf16O}emLdm@E9KSeww-z0|
zFsVJ0XJ0}WVNmb26BcJWKVfuZ`j(o&G~)h9FbUkNN>U^lUz(4GUvM#K&6F{DS0Hkd
zqWtSmukQ+J;nlfV;?y9#k}T<a33^{4JYXV?j$YCz{{1i<hkyPQQ{+;Lp;djpEU{I+
z+JAqXRjr)WtS*_Xh-sM-7d+#a{zmRTF{Ar0;-{EI&Uh+OOT2U<f>-WyE$?+RS=%OW
z$w6799C6I8&Ygc1o_cAX-e(M*G+};)FX&t2Ju(C}0%Ppe$H>2Hi!rH4LPq&#%e=yO
zOq1C~j!H%XP6&nPN=E4nIc$@M$RN)c^f<j^()U7fbp4e$L*80}U0dC#A}Sj=Xr5jA
zTQG50eqXNo3sKs)^%_`O<=!2)4Lt~~osXkBmw2nPJ6gPgXh^(z_P)Fy&I|OGzgjkS
zE(zcH9qcXtcgdKuK$e5@Sq5Zq%pP}Z5j_oQl-*}((>&DOb7h1{wnj#+6r^WrQM!lL
z?3DJz;}%+^!O4J#Ny)i%^EXqp>{EM?x4W!NW8$Q-G1j_8K>i}86px-(xTHy+1-5T|
zY3$a_6+L`Zamc4{Gwz}T+GO5<zGGFa*&7}Dffl=1aJ$jqa7fuEUjiU2=OLU})K$|Y
zf?v1d;CUi3P2Ho5!R^igi3zhROTsseb*}F&2Hv@9UP&=ZBfSVWw0v+O0#84Nle_+5
z)7lI=yMoFzg};Q8YqnnDgLs9EDN^LIZ;DsSr{AZ27BZo*A9D!r$u$Y*km4%NyoW`<
z(ve9UQ*7El(V>+78=tm6dD&LE|2`~d-4^Rx3wBPNO_Th?ulJCy(?4|=Cs=J4ZC-hl
zNT-JpWbMU_L1%$1*!{_-FppodTbFXAD4&KHd=#{|jmsVI)gJp8zW+{8tQ7Bs3-C3=
zE}BZ1sO(W@@G->JFU%uuM&bRPz*^aJ%muBk>=9RPU)Kyhg&Z`ilZ)AQ*1wA+evIo|
zWku{d5@)2g_IUUDxpDu@PdMg><1;yk^IaMpjsc7)S<A&0Ip{qxM_gNC*mEq)j{Q_U
zjg*M>=z4FwT$hmb7A0In^)<<)&h(_|lQWH!sCmA_dIrf#7Rt^aDow?st(}^Ce$Y`4
zXWV|r5XRz?Dm~h@n0^@oDd_zQPS~`Fx3F!#(Qb^!Qof0~!Pi;I8%Bl4lw-Kz?3w%G
zQnADJ2e@@%^R0}1`NWe`)CS)*iHA#?FK5lD#6I^I%W^J0nNnTybyI%p$;4)+X6a)i
zrph&Mh3)evE@|ren-@l@89V&B&zWHlQwNfdj*%8MfYFNqB<XE80kywI=U1acR33l(
z<R`GtWS={0s?)ce_f6~W%Uw2u#%{$VUY(8HeKRTYR9z<MwexZ`W%?Y<G^<{D(LZ0X
z2Wn*Z*)4Ix;#kx0?2I+<;vx4Td0%(G@+S0+9LqR)mNqWzeP4_`R_>5z;vvWVbj1T4
zUY4!!-KM0mbE^Qxtwk+&n!Zh(Bfldy*|09)*R!g?C`ApY{038p_=gWUS~t_n_zg<t
zA_}OK(`8RmKb(p(^Av!O<V55OIHypC40>*?qUp+(&t<e_{JjeQG~0~e_CTW7WSVK8
z6st7_AN4tEkEubP2<mzq7-dt$yWUU)+R@#3m%$H2eX_B<k4}T)x<x|m-PL0aYqRmg
znq{d`o-qtar`AC=8@r<!8JW0ujan!iDbHz(X**YP{JJ;Ntz#9e9ihsHb-P=UEcZ`W
zJU5rbYYNb*)y-pR*=FIa?L`)Ql&tM#>%PHNeL2cTnrN3S3Fm%+#X(BLs+Xm=2TW)B
z``A+Ogqe(N2B+wld)LzPD}H?vRljGh^~tfjNZB2qzCk#wo`1F0FwWAF)Tph6;4Z`L
z1~!S&KQB7Z^leLnbLE_LVBEu;F<*M&=QhA}69ws4`=`?2c7IhLt|xNHwS@KG83m|s
zK9L|t42C^RbGAlEj={+>Q%-gMesJYJ_vU_Z$MNnZJynU?+$CY}M0tDRJNxo>^I>#b
z^z-^)wfh%`-FJT^Tw+0izuxu`nXCDU>hdd$R8$b{3xn06h0J@3z-73G@wIeUAnA2R
z05U?nPV>utbfk^uGY^!dhSo_cutR8VuCHqK&=j<m0=#!I*;{uY$(3t>pN_CWi-Smu
zg6V8QVeMx5JKUf}#R(iSM{~gkSJ0{fZ`|tXTiCy3Ywlf^`4bs5bp~BBFoKZL;AXJA
z=duKT?VbUsC+Ba+G3=u*s&71EB8e@ki_iQU|9OeSpG{($-ZVj{X>^o7n+YxHJO|+i
zIsy;V#4L|^y75ml=)Bh@EOiOVuHivz@8w+zt+4rR1DgDK&mR$K7)F+1PW>#lj^Be_
zDD`x>7EiuCGp^x0gtzM+XdP36{!+?KB>S1<-%)N(e37!UTTMJOFP|wkvENW97<%FQ
zIwVcQayKNQ;iW7!cq><p;xBwxg;=5cp4bX8Q9lVr=p_y!4H+7GvvEqA=8=MeOAT{R
znqhHW3#pnZ$`^q>c!EIIMR=5I`CyTJ%(ilJ(uW9Llbp_MX_H2oN_AyBXn(7ss}l+w
z=aAY3w`ZXe9objF`F{$WP~VtmaoZ@zx?@09xVd9N)MvZkX?Eq8J4;YlbZj*A=P*)&
zkT9GeC9V;_5qbU9_bDfhP7nJ{r-0qoog=6)GPoPxAbrCiov!jdaD<Vq(dIl&D`rr{
zV{o_idb-D!4hUNjA+YQe-0-|6af=(&op>vZHxFCl!Hy*V`m-;DR9>|m(02c`k5=`L
z3rYTNvhR!(tonrart@*KZ&@_`;N_Hz?GgSxPa`732RM<t;XWPFG`f=XMIR4OEndEE
z;bUSFy{4YPuCnf8#xqvzJ12ybF(+X2$}=v6PJ_S{`m<)NyG4{IL<AA#z`+Wa4Nhzi
zM1)T9z+2UgWvn|%l&4&{oc!)}r43Z<yBHLo0=SsNjqaQ;8(Jt&8<p?cl>@6aOwQpD
z^?y66g~*`I2}Ii1BF<AVicC`IXznuwg=6&yC-q<D!*$t~!oNxczHjf(%bGe5Y0$&f
z9o3N3wh($lRE^5o@E-WU&+DMxCbz)=3Gb;M@{|KkR1XX2?MmmnDu+yMeK=dKrh%&D
z=^^1gW<W;PE%JOfKK6%_fBkt%qwLSC#7^<19UU6pt;8Oh?ZL-#<*?(cvyZkVd`q_U
z@+bONcg5j5c>j|FHj}?hh$Jb;-S+9bzYnr}#R(V+F0{v7@mwK6M=l5=YJpvB^LZVg
z15?%yX4Xr(Ct8LBMXS0eRA?Se5%p`D$fx>dLCeMA&zmAw0j@Kj(ptn0DapSUrWmKE
z6u4L;{TSa!HFHR;LWgC=BMLA5{Q+)C($OQI?_bV?$u|OGjDN%wY*`?sVvRbwF-iA(
zlW!dHL4zHMJm(FL(e7G_%wg8&1c^H&1B-tFS)xCSiy-jP4kXRm-tgB6WL2ZtKtx!R
zG}Lve>iy9Y*ObgsJqV9j)r9Z<B27|b=T)LA2V=KKgq~S&wePXPK7RfITO<b2Xq&%t
zlSr@B4?z)TkIKPCaiiq3BFu~Y&K*Tu0R=1U9Xn+EGp6)y6>>K=sdq@PnxrHgn{b-(
zXAbF~?r~Tns2YNG53W^m>gHJoKIfye<5jjh{7m;sal<?)KG_uBdRTYw5d5m(x)hY;
z3$Q(Mbcmm>-?eX?HcNfwkL6vgi$3_=^yw$(Xpn!>TO#GN6|0~Ar+H_AVIr~b#7#|d
z47k~Cc>VsuK1!iRPaw)x+o3WkZ2n*mEpYMC*~r3zYN-4W@@nU$w{e@C+(u&+Wi$}>
zQY~^){qB@&@gPw=h;Xam)N1*@JjzB&WcUTAHRQ~<I&^Md$NZvI6<S)VyA(mF!aoOE
z;}8(2KyiOYvAQnA`SS%P(as80C}rdvt+BO|Ik$Q5&YeLTKg)bA-NL;ikO14WMIDCE
zJnv&A|F|t!&!F7RceHO$?^L`vD&ArK7NgVOB5z7`8BR{ynaN^I=|N9t!@(K~U&$Xa
zLQ7BQTou7KOgwt1>n}#aV^*ESy@r-UAdS5g9u1%F(Up)kfRQs$**h?u{sYBFG<usF
z&P|^tVC%xvRA6w*1={XCCxH4Uw2Jd`|JQ?N>!4#fW>)lw3H31|51)bG(6RbW;r(AD
z^`QKmIe{tN->U*yQp1y$(}bFxNL1Yyl4P)NU7kYUZ87d@cCC^f6^B)4UK@E=Fg7|7
zSRe5ab$wqp?ofle8tXtMZTagYKSOkOHBU!3esBgCM7{C98F27m6}Vrk>c_@`EnG|z
zn~;aHq!AUCS_O`q>2UJTnL1$!`Dr9L62)!bi9xr~-|mF+2*97}?5qTvXr4_k!=&(^
zktFa6{L)i)LD{3IZkq~4j8NzsZ+CR(zkG04I)>{~$DRyhko+lnDscT|GJW5sKCU=S
zpw*>#N5NLymz|?cA1S=-h}BTPU#u{$SRx!=+#xLL>g2a(IdLxK4Q=1FCPLt@){K*!
z8sVJdv(Z!eTjRP+V4f=-p$C`g9kh9K=N8@TWIv3orO&|ghJFGecrH6#G6&h-d^rD)
zpvg09&uF7<=~%v815022J1ruJ7EdHg64L`+<aQF1cZ)uQRzoYiv@s&Iz0{pgcR_Q@
z!SJ5=9d0%=|4$CT-FM~-T`3I~__*Jz_^)entlnr^%W+g>6h8Jcx=WaQFH~|n5~r`l
zZQs7TshQrXu^-+`jkA@LN+-G*CxW&)@m(aZ9ipA)DbJsIWp?vSc*|Q}DwQ_EwQ^%a
zl*?~W-3983-IYxzmdGxDU5`J2o2}&Gz0mYd9j^ZZd+Bv$%nPojuMTr3UVzYdH?PMl
zs{ic#dcZ*FlnZ>#`+c_nF8CucSi;G}XB#irTw$QX%hxkmehGQ=ed7kbI62R`Z<#D6
zHZN+n&QDx3tTkzw<0@2|DGSw!zjc3!!)1liq(mgf*d&|z)1a_;nBBy_X0jsAjg@&o
zR}138wFLZ1e#0<Jy-CR>#KdC4N;>QzNisgqKwS{TQ}JsN-fQ(_==Vq+4*mD`3_JIS
z8(pnYn!j_)#1H=N2m8lr4%ErbNE$zJn{%AhIX`{xy&2UqogV2WmGzL#%$S9Dx~N-<
zY^JLAUQ&y!M&~e3;PCCXYGYryfmKYKzWKO_Lp;BZRzoD`BQ*@Qow7YIJvNL~gi5dA
zXka_I(AD(QY8bWT#uj+zF^jY)``}<XMzL<u{qh(MHeL-R!Z2+7JslQn6^&lMqtm58
za{hBmr=Ms7*Lf%61Af-7##(ct!-{5)5)Uo9hrjBb)FtzKO<cvEY!<P@Fs|J8M9Qwj
z0vAbwGjaOCO=Xs9r3q5vChZD?kKQ``iYfCYYYIf!3dxo$r66e;S_K?eGlCDoOFYh^
zWa+}f$czjDQ-8R=O3*@o&Qv%P{I24ZRyK!Lsa9@fa(%Tohk~>C8Gvt&83w+?D(w=z
zvTT=B$kneE?}iGd%r`hExQKi&H*Jey*vC_{b3IFTf(|&@8S-HbIF!(bX=hc}vkPgD
zpVvfhlI{|bhO?VQ*Rn5k_25-ae<EGL%WreIYtzJQb=^Ez>L2*RJ~#076~!2@_|gp<
zCoE5oFKhuX*=17`Yv2oL;L9{tFHu%Z1N+~Tp4#bwGe2CYJMt%ehlWdiN3&38D;=JJ
z>(0sLA77I{7I!h@w6|j}=oxm^H0qZ>e;0bnI5MQaAR#?sa#Q5p-$d|ZcFAAebS?zr
zx@YjvT3s${N-t&-0{2!yj^p2?+@1A3-AVV`#WIVhJ}6G8Xjdv}qXT1fpE4On>u!}n
zeqv9(!=WX|@!a;+*`n!;7#cSHme<phEf`S@MCC!jkcrci4<d4bF=`vzSOnH9Ty=^P
z+foSg!SAYqya(D0LbN@UJDLzHVi(J5c<TH^*C%YQ`>1YfOy-u8dZ%aAS@ig2TjPHz
z5bhFb%X#r_Yw|4R2{#}rj28wm7i3{9<Pi7$reSLizqVQm{zYP9>_^#kVAAHb(Dsv8
zeo>~=bgr3o)pEIIzU(Q+Vb?qDBJWqnUzakbwXoNfUO&Q@dN2pJ(hQsPhEu?*QC|Ko
zmC|ZYpS$9*pCIm6#?&vD$H}}A;*9qL?$lZ4v_r}3+BuIdNI5BMrFG5Uk>%T&iD#3H
z9W?BGX?WrwF$ha)4peFmCXr+(AT1Vh@6MoYF@$Cj-n3tR`!t2Cd`^e{7!AHCa)o<@
zt&U8`14`8Sw9H@sM#j~V3Oh@;cKLiRgIkJ(F?D59_whdqP^P1+FDuSDTv0%}FD1dh
zDQ)%(wYhIe549>|x?h~i+Ri>nerjLK0uGa-5>=_-kv#8CWY`Up4`eNIntSl3Bu+3c
z4zcDG1(^;0G6-E{ztjn9KdrP9b=+8FFqe5!3EW?HTmo69k5nSttxsofIMJ;2Hv7B4
zcDHie$0?cDaWGT_VNZQ-&ylXq(1B%=%wN2I|9*kMC?<0gi)PLJl7#5>uN@&VeT877
zeA$i|wKP6*Umci-SCkA3pXsJFTkL+mPwJt!oG*%D2{_g1WB;jI_Z9<GON|Iy<d3H!
zG$fk{8zLO2;qBDEqLK=8nGi_JyU43Do8#5Zp|$eMD%Z!E<4bG$%hlFhA+7Xc@UYk~
z;Z3ok9MA4-c1*uxghansG$Ntsf)_66ltz5uwlAOl-(DpzI{X9wx6&8*z<m_BUt_p?
ztDf&|X1~(;gvka3mS`S*qvV?`>|WNWk|&F_BprgLQ0z7<JU;`6N`S#j&-si2A47z4
zz#^{GRZDC^zBJ13LnCO8H6O#cEUZXp;`W*xKf~K%7~c20CHNys>_P}b!~^H6*hJU~
zDglU64!XiY1x98l4u=-dzmr7Rs44-w#{5+Tqe_m}C>x{`=ktz4*zSce?-e(Gn8C5L
zoHn#klfHaLz%0*-sR>~go%8x3h(K527II}+sN}CvpuE%3vFOQHggg+G?oAwp!;=_S
zmEqbfOse5?0&6|7#d3g}*f|4#z?nvA%^`glNYY(IPjp%20Q^a3`duW(rjgp}2A8Df
zn2BqTE7!&N{l;=RpGap!fs5(;Tt9}vnNnSrKZ-rke+`gt^6icw^g?6WGuhhjX0#()
zzb6-bgV7tHf}apFG2R#yrg$(rj568C*M@e@IAO_q{_<U>k6%lkq_3uuZ%fw}84!2B
zc`Iu@5~yRvpN!c7y9+!5PINk>O?*OPH`8GmE_&A2Ztni021?mA{^zXFl?Zp<G1p6#
zpY0LDeI*6j5g0MK+np%@eGq`=tHtn*6nuTA9OIVJAEz7_nX7N6{D3REg?1y3@N!l#
z&eBrSd;wXPxfv;lX}y&tr*Nq$bEHYXyJ17!&3czuMThtf2z0LD1S_I8c>7z<KwPs^
zx$_Q}f`%xYjoFi?#>X}iH`2R5yMfjEBzJ!fyJ^kfZ$m%ztjxRcXj=3f&e@>l3^?|4
zS@RGSIWlEPd5gC+iko4<j8a~ezwyM@$z-^d{v&WPURxH$@J2r}%CtgxcYa8-s=4f-
zU+hQ(qqai1?CLKFW7Mr&Rsorfi6gmJHpw%tw%uCIQU_%Pgg;s>o3u}93~4m;l`!8Z
zAJTM6WN5eF!O&7WP+e=Wr(!|~PhuEjhw)6&yliJ7N&P+F5^<(eX6!EH;B6o`<t8Ju
zOiO*tHfkQ+@F0zk!s7qyC+6DJa@-h>vF+jMRb%rN-l#g(<fD<M!KSdw(y4HO)u_-i
zc4zsq@7tZ(SCwf#l2o$}EIgsC?O%twoh)a%W9P>%(4Z9QAM=uxKJ;H04Nzt}e+Epi
z$sj^CaqeqtFh1|89?l<jPnPp%ccxbaxR7m+)HL}oQ+9%%j?v23W~}*WbbBWyJ@7-0
zxW9Ddw6hmh)51PhZ7z7DOCMg!bQjM%_=tznCcuaUQ?dmYFwR!r@gb**1RD>bL4%@@
z$GW5uQMRgFNGYr`EUB)VjQ8#Wzc6-3?kDsHI+5sG?$Y|NMEu!FA+9<;e(rkOc}>ZA
zdR=_l*__!qXO;uMw4|rESH}YcT<t?<b`Hms6DBNWtS%zc3u#0j)@8t*@?dcGnZal9
zi(UQ9PVnpW%#JOv)^)g3Ivmaos2CbnNmyTD;=ZSTJyK2(B~}27=zzf@(txNo7`&z-
z1NQ6sA1hB_Zf;Kl4XcYzS*r^^pue8*orbjHI}NM7memEh6|hh>v*VjIvx7J@vttZU
z{p`$6IY77NrNis0DhY$7rNg7ErNhqvubeIb;D>So?SDumLB+qo2cGLet~Fl<y6;?|
z9lza@MUZM%!N@k2pd|ZmYKCaSSC2p2|F)Dr8>9=6Lh|-~aY^!?ho8vEJNfC^;vJ6@
z?|7n#;G}LYkdG|XoPm!&yL4yABYPvkDszAZe!Aj@o<AG%BVqfVhMH|`9pKsTx(D?7
zUjjN`&6Muw0Y#twqV9X>AFDVEiRSNkuv{_nXA6r^4|0MH_y#Y_I~~5JZ~6g4>`bBw
zRVOE*_qU@WdIay}>sP9GJQSREJru0sxA9>C4%eyS^US@GbD_EQDWVDFDu7P9xn>$2
zp!+icN!u+HUuk=>x+I|c*@2)v4}GFLRzTQc-{S;ik-Xi)@!;<a-B*L<9=y!7pdNHy
zPXN^aTgA2A_YlFW-1*n+c@)J1-h6eLCYo560Fb6g1I;0XanM;Z3J75}&@s?}?so#l
zeUpeL=KJaRvl-#6fY|W=Pi(4?fFRut0MoYvCI8=Mh-l&kz`Abqg36yAX#|L?Iyecb
z3=f~nQ*T{u1!Qe|>Q==6YtsMQWX?8lERCPH)2k2vYsUWD3|pmt7(ajV1DN@Tlm3Tf
zhR=y2RGfsuw}ANni(`02<|b7SkhNgIgP0dwXCc~5szK)<#zD?FK_%$^et}{pknaP~
zz6Xt=yOYoaKTs$kuYfDsXw2j1K5ToUL+A4OKwMZNU3WcbT9loH6rn(Gjo@hHT>he9
z#{;^l4&7gXp+{VD>EX{-$*SQx<o+(G5Sizf_4BxIT)}PsDv%dONs_|<!h(eS@e<t`
z)*xr${^`wq!t%fxQjIAEI{c01sj$yY;ixx6EbMb{4O5I?mlN}#%Dj^a()x($>bC*T
zc}JTrD5Z)I$`qOA-H1HY+{~%r(TnBGm||m|z~>^p$#+Db5x>rre43hM$j5`CyUC$P
z!&`W8=ZL?qt}=q_<eg0}65iVR@;1qt1ewa)cNmnO&t6dGd1sRoU74D9Z$`7n49E9|
zd?LOoqCVcY6Y_bjcE{28q!ZbI2`wM_iC$?^kuuJsx^K^Pq0!F#b+q!G1b<^K+U!UM
z>pY3lbdcBcsDf-e;<j%H`Rl6Rc&lq#->&!7-qS#T5thsu!V<FO6dd_LGkFsN#uP(O
z^E$5rp5xWBV0PYW!&c%td}rDidgeqvs1GPeM_H$Zy+-9TQ{E(%>25+G(!q5gi}~$~
zEoJ^{Wos~6X+CUivm%Y_&~CE*;t4w#!*eo+%CC&0{o|2&htHWD@dEia<*`Sfe?~3A
z)Yo!5qaoI~M;vv%ER?93rQuAtC3YK`aQ!@#C@1_}uW5Z?u<IfqYp{+X7)PY@8>L-b
zX!SA$^g<G+b4ij&gSqa^R<qA>pMr2*64AzIHpHG{RLf{vu;JTwZuDt}B+;O)PfH|!
z9j?wDi}o*ekJ{+dNVZP;kZSl*kHG<ruGH<New<Ee9A}}1g`V4SBWSaYPari>CpAy!
zR<W(m5wZbcveJjTGi=sPI$fj9a;+Z6pO~oYV{&{1$(naJ%$o~@0~)vk?jdJ-;~Zv7
zcOqIn=W)@jX7u6qrJ<)$g+#u|+IN4Fo#gdK$R*Ej*hGAQPqAsX4?lbnJ9v{mE5~nF
zKlxX0q;^p1a#tD3iUcOl^JI=H3i+)&Q74hImExE>TEXI~HK5e=tH<?_0~(p4^#g}x
zJGCncp3aK``A5(fn{P+iNLcN$Z%kHSzxTc9P#nT|&NKX&wCj4_G7)a%@43sDh$IwD
zcC@LN>FSKy#?Ekga(d_7BH23c1TEVoqRVcYC$F0%Pu%6VXkkJ{;9980_ObO(cL+2n
zhfY=Yh{c@ly|ale*#2BV>%izBP%0{TKRyT%8;(z+Fi03;vs%5T39D{_pek>_W2T4}
zwB#Q=+a)UWbcS^cU04x{HWtKqf8yC=*73~9{6vmxkY!T4J-<sN%G$gz*%V0G@zY2;
z=Ph&%9Y?T;$3fn5Lu~(&*<?Av!XX%tRl2zWL0P2k9SA;}r=5ihOi8-@aAtSK)5|F?
zE>&kxKc{Mp&33_H1t}{Q_!f^+Z&8}(owXsUtqFi_K6<bOz8gui-1K&QR`+BbuUy14
z_C564Tx9-%`})4BZ;(-AYrB%{B3kyty_6$Z-?xYCLb2@QPB`61;0=uIBJ%%DdLMUi
z+k%Ez-4K91XHY1*7O*A!Y8k&h8EJgD@2?`eC<ho$T@d1`0fv9nHG(biq6;jN1B>o}
zr05O`g?|SiAr4H20+Xo!RJH~U{UeQk3>f_1o~)<=;{NuOW%c3S3Sj<>A(6eu9~Kfg
z@L_ojg+dX;0v!65_YtpC4Sdqmd%o>T?dQ`-AiCy@`%*<9+L?g~(7!9T=u3$cF3D+M
z3@OuTPjNGq-xCb2-_uuoQ9p0Ft-%S$t-<%n8VCMQ?puSRMFTO_%3FiDW#`+dvv=nw
zj4nAKQNNmY@to(Jftb_%e@d!<yXOe`Jz@S+;u-p~IlMh6dI&7o^v9fDiV}&w963DQ
zom)NK9m+o4Npbu66fgpWE!wHU=l6sP%;V~wZx6O@4Ql9|Z(jqv+rXR^wO_kNH0e4R
zLh7IN4>lmftMPPaS9NzD3efC-sXpoM{5^oKtz~P_-MK%e+O0oky|ORnRT2;$1C0C=
zY-IF%3I~jj&fJ~D18y{zo^KndZx51cY!7+^V+~+T>M|I!{vGgXJA(8z5)exIM}mG&
zrV3AYKj*lg+n6IryL38=Ui)3a{!Ij;FM9ul6A8dC|3?aLU{S?rQiJ0N()FG6mo31R
zPk<}`2XcLq^}{+~tqXAV^#rie2BhLIz(mCD_e2gTTOHwkHU$Jm0cEU!FI~SPW<^+u
zME&9jL`4Px=1<gqPbB{WNFbUGK$hk^-|kY`9`xS_lw|=vx~u1OA{k6KD{T+*wr&mb
z@<2$tbb&37{>dT$1`Ph8)cY^}>#xjT*-G4PaQ2%S(7l}C_@|VgZ{H#YsE1rt!o<q&
z$y^XTsFnOrD!X=GoA1u;fiPDCQPcRBuK&>XU<~qL%<C7x%m5JX-`Jvl1(>2DvcOm`
zn$*7<B-+{azw)=5cy}%b1i~7CF#iKk=-3})P|z16nmZ69x)DL@-wogm04N>^js@Uv
z1CWaUn*akUK;hs6focSbz#8ypp5c7E8VJOHoc`xHFm?w5^sgvzfw2bT`L_R;?f(=A
zs|!$;dl94tfL}TP^8K%W01%M1|4pK8mQQ!fK+*UEC|_p*L_9zg|CJvppj8^se(T;J
zlLO@Pe@k|)0x(N~lu!fA;Q+*KfF>ON)#u><Z|WK+7WGR3O7Q&&Q1JgH>s26c0J$#!
zHH$^q?FAGM6;K!G&VeN&we}8VX*-fH<fg2C<i`ulFry#lDZten3+esHVy$-<9F&oM
z_Vyc^i`|n_x*wZCSyqfy*~|UNBEG`73$ZYFjlOe*DtmF&!WL18OOT`E`o6%+MJecU
zG|_S2wObd}p9w@>=XPh#=B=e0+!|=J1J!!Z<cn+#tWgJXN2u{DGttmeCd|rnl<TV5
zD^i<?S}1e?o;X_;X0Ku+wIisY7aqC03Y$n!-67Yw`BU96WrH1NfDO+=_3Bk4G08Pt
zSJNzkI1k~$x$7^p;7p}F<LId;p|<-}5YOp`UAA-Mlr9&sS5J}FNfDcmyCYfHyYoIP
z$1+7RRb#l=NBS|zFZxcq5C|&Hbl)ySuIei(`~Ft}+2CyTm@7L351cW>Gb-L2g|`hH
zh$mq4!k-`iPOd#{sB=%^9^p#X=l-Co%{^x#9|<Hx-Dks@kPQ|~d`{Tt40Xn%T2Yi3
z<}(V`ft@t{z11px`@2o@7S$_05D!=EhP+9OG=Q&><m;bYe?CL%p!3=bM=s&2Ty$3P
zn82?UL7`=#Ce_H26pr7y==kDQX#`fw=;JNK<B2}JS8>sZQ7+K3j4i{cn)A9;Dn#gE
zBkMp*pRimRkZ8D@<U!QdB`7_nFq<D&IK=(+;qSPrj+VtThTd?<%}lMwTN7&f6&Qh`
zk84wcX;!XLW@2s)c+Sw1KT=g0bkRiu_f2c`s@xO8^g*Ee@z`%Ru*T1QSGZ>R1~q&H
zbWZ0wh!M6du+)+j8WFNp%D?H+gA3FgilIh5f{0o!4L0Jx>of~rxpH>n3B_>9r-#Mn
zC8RV<+(P9(yX0o9W#+6V=uR&c$XiY`7IGkzpm8uOTv2G><TK38elMPtKC-N)upTm0
zS1-3o=JZa_q{wy0$uIDhvUcn~w0kQfas@GKioHg^?cEx{=Q6|0=B#woy7W($WYtb8
z^s^I@`};hrCYAd3fJH_?P_JfQ31+{KA<+VE96dw}C9_y3!J*Uc+9o%}(owiTW`Xz}
zI)nH$J>pBeUF{gT+eeHQYdAdJy+7-rRmkACEGVoJS=sX?m>-CV35h}Atj>j5#>kA6
z1}Df;;V?|tkfrvbU?^9&X<YJXr4uwfVt6v^CPgmEg1dtv>RUEC2!xA@reQ8SKK+fX
zfzN2@Gp0#UlrpVM#Lj^xF5y54u`^_Cfo)ai^F*{WCqCY3HcF4LsTL?(0jV7HHGfSa
zM^Twi;tj3fl)a-FN?eJ28W!y^j7ER`JI9|E%vG){8|vp#&2UB9<=u!g@m6pC2*9Q8
z9dLj3(#XT8ddImGUt}F5e_0xU|ItE(V7O6#&LzGY^uU9Yif>|-air5S=ipmm{c%k8
z4VaHDqrVmF0KEdu{B5a3dung`L~wsdi+qx4{EjEnFa8awJtoR26yDmRkty!-%QPKK
z<hOe@Nemzz;S=AF&MwjOhCf)iE6MLks9XNl^U{fqeabC;8)et}JixVTVLV$JS<j0y
zy+-Fj)$zgJJ`C9|i^#<uj{H^}>|(u5b&J+$RmPP-S^1n;^e9_aAK8#xB&|J-kiF(o
zZ4L4awmwpCzf3Fi=A^LqNsDs}bfd)%zrm=8sX)@vLu>}mvIo&8gKPYL)?vl(6AhM)
zs#SIf^(X&wXX*(mYSPbJ)}?cL-@_eZv|PjJc+)nOph=rWp(&MBIIOj|_N+TLG7B6U
zG*?)`Us3LDr_0BXKAv%8*(`=f7~Rs=%BeHt{evfIr08IW=gaQely~dxu6~sxRRSas
z<buLinf7r?haWG~ZrO7ZI>w0h-W&CFS=Ikl(UL%?|L$}DT}D}|m<l#%Rkgpbgn?#G
zo!zl1f}OGy&#pYxqd7vxp*%HLr$1zcfo8JOC_cR`RXt8s-bn>JVXGunwbV$PSB>2g
ztR~;OJYzFGLtss)Rcs<LC!ZE4-{Tf{rT7RssHsR`ntX@RFomoJE#q-ov7+SNLgrS)
z*z{53$EF)8{jKy>5}M5bb(vvs%sG)=EvrlLN<NZDEaSKhtZFaSo1qSRIcC6C4Rv}t
zG0QP%&DrQ%{Y0|DKuHu=uFy(<<$`5dU8L^QC{&O`qu9}LTrhn&Zdj?<x9wu^*zFnS
zbtkN{$~kUTWb?2X9`rIk?ArZ$nD{CzKwUR(k;V<0OhhgZ|CLY@?uIe*>9MGsjxnh7
zU_<>qF){yy8|xC0`S3o2EcxjhMrMOaI)pMQdYiJ`2pi+Vg-KTGxJ21fol=*Gl3|;A
z$w`!5@H;iV&)Y81UoTW8zM!sBeF`{<tAh3Vfew-NJ}&!16|XnV8MHeir*}6yb`seq
z99~A}C9TR(y!@v)rhxQ8cFZMgR9WECM7CE%rb*uNv#sI65``=ShJlLjrhOSJ9QazY
zp^VkY#uvl-DDubWhn|LOgqVgR#XO1hsyh{;u=G+4>5o)$2ys)YAHVYer^2mDNo%VV
zPzuM(TBJSj1qNa&d4ImQ-Pcz>UX>Gx#F0h3om)AllBE+2!W^+|U2&$Q%M()jxWl+q
z*sUZG+LTV`G$Y~orapJ)4N9r1(&wy9*QJ)yc&5k_^^skYb?Tt7Zzkaqy6LM~*oy@a
z*|J2&hLOrBwSt0D7&N<G-EU>u<UQv*uNA?s?iKL2(Dj?|8K0#>z*L+)=WSW7wGHkj
z45M1Q#EIPVllm5mreliB{1~@|x~8^SzsbJ+s6yFkWr(V&is*4`k}TAm#iXWfNugu5
zcFI1*+5{)E;bh)wm_pU*V;ZL29Z#?HGUo12naW?6MPC!1FW*>GGhb-e+C@!MRwVJ5
zR>|cxourWC|0x@8n3rfnIx6=KagBEk^3HuXB70ae;@ngRr>4@@lDXSLjR8uw`2FDu
zF6x;C7j*zHL1}0q$`C}G>v56Tx-~ioE+gc2ovK0Zr!4waLMZ5|Y`C94HI-kt<(MEP
zpUUH;S{s6SCTjO}J{G+g%1pv<<+Zvq46>4*#ZFGfQp^%+sq)Z1p4md)4#SPXXV1S&
zk6=l0r)SI*u-aKLbPWX!fYaT;j+T&Uy!<M#>D`Z3ZQk#0VT5Nn?(<a<fD|aaC)I%;
zJ5uVyDb0IQQ7Z|(NllLc%Y=dGR3Rr-yzj8C(?#+QuryKSl`5kk>DlNkA>~lC93|c|
zb%dF@Xd-?q7eFAe6<<Ya7AHFN<cUin+A$$=fFk1TeX~ENi*nYJu<1bJuu7%fTyzGX
zY*PkDaBLJ2cdNQc8lUG5S7BSW+3F<>rSvQ`wG56%KAX#I<$G&sL6LmYv)ZG=Q*2k!
zFFbb7KP98mio`S}k4VZoycH}@9(N6s1=8RozEz=b-P(~=+9V>L7jGK>nspQ-A6Zgu
zOZ_M^x@wT2)b-6_tC-`)P%(?b<0*7o3Q@udEbWzwA`r3ZORD2D9VjVPp;c_uq^B}r
zdiujASqLeh8OaF(F+4beviO~@$KcTj_2qUdlx<gM91{kH(z1kno_;`7Xoe6q-e(9{
zu6$>2<f%p8mWm-@Hx60d#waLyUvH)UE{DfXTyOJ-jIgOkr}mxjx(H=g;N&|RHa*lo
ztKwI@<e@J(;V$4y&R|dBRy&K=)(FqED$C2Q)NF~G*rvY>MMv6P(;&2_XcB@Yb4U3Y
z@-J3jCXoJU|NiO)e7Q?r!%119$lY)Y$F0hsVX+(T!aOO}X52t%Tb4(xV93zA#MVk4
z=4K8Ly2ET}c`Y%IV?#V<_YswZ8n)2Wk7Z4X%9nN#b-$-U{lg9cKZvFc=g2>LavMK<
z`4pK!X}R`%NN;hH!DM-|AHO##GiI?y?C+FbU1cQSwUSCpPa=TbFUS<}T0>`Nt#E#?
z^2H~BZk($Dn}ooOtz?2rew9ypK3YonYYl}S=fF|ePphlDL;aZST;FF|->j6w^QEz6
z&EP70-Z#Ns6+f>`3KXt3do}*-ekYK>`P$DjaOE;-d_1c0$23L*lT8gSX1QAjc|ifL
zt0u4+gU#a2bqKvz#Ceg&UCXlrwy+H);;WrXPx&D^1ZrpDy6n>R6N()@2b}i~e|@y0
zSuNPF$=hWXeO+0(SxX~l)!a1~vLvXJWoYL$_Gi8AjSXX<`(pPk)`k?}od~Q7l|wN4
zQ$RqiRK?oBSr+Y3m5uDpsZP?zs(M7v=)8_E22_ZiW01F{_|rjL@}In~Q_1kkZP$Aq
zjwW#rWu*K+p0pT)hk%JxlfbGDr(b{epv?Ih=Ux%)8eHB@mi1XWnfm&mlie?$bO^c>
z=1Xx8mk1F{Fot<J8@zK&qRI|M(tkv{+Og^J?j5nuoMXIw%GR6EMzQszn7)n`tF><v
z+cbSZ`s96KD)k&SoxP@?GihKRc2l2X)r11kkN$nr`FZuE@bTf$uRsY6^5Fv|n(g{%
zlyAF241Wb@^t{QzgNbq0e1R|(1KyH>ftih7p<^T7NuZttkIXG{ANlc1ie}b$gP2m-
ze8D67ahe{mIYMCGu^(h?QjxR4Jlv<+`s3oEJ#-;UWbAkHNrS+1Z`=d_n4qmiG}n6i
zc~I2^>O)yOiLjdY>9>Bq{8)NN{G~2;HZ$FdK`YYCaVA^R44ZN<;ZKovA4s34g;te@
z-{iYfP_!Bri+#WMsuS>NuLygwDF~c?e~eiB_rN^<q`)6d%71>cuXlSE&32PVij4WQ
ze_!=yk4{nQY)R&x%T@YwCOeF5d&+J6;|;AT3ZeB(%!w(S&HIN$kK{#<&lLyZ+<As8
z;vwx@!+L_2AEzefsdp&o%htP;4a{e3I2Vv#e#41~sC>)M1I{_EJ@XJAyaMhrqN@m<
zck8kWIGOp1rK))vR<EHo>z8%Re`mvPmfYkPfPMGtYPvk_ISsq6cRzDH`~~I+yQ=J2
zj?=pW-@G_t-sMr98E|pXpEFVzdD}h8P``A}D^MFsH#eC`HD_Z^j57Ds?<RWaTViB;
z8we(abSzN_-2%|9f%*GH52&pz!?}|<rOea$aU8YZk@fYmHq*Jijc8+^2L2LdL|@l^
z1oOFCnA<#$+}64;^;EWMp>1n8`|5$DxM<4tdrnh@RQenuL2MPf<*CG$xHBIgS)p?6
zko^LcEv=5iLn>n5U5SJS;|yV$X{zs)nco#-W=T1%7!=tUGn%tp)NxD?gwbtV<_wlT
z38SmT=;cYz#=}w_=VVoD-b_r|R&dx1+ts1VaugqZC%>%A?2c`EQuD&g7dF77BR_^{
zHDS~!#7wamC)M>c&a}`4^UpLPTP>9@Yx)bX<~M#UG;Q=5D{A~+*Z}1&Xq1Hhn$f4V
zD#dAZ#VF}8RMA;bwzB6bXwp))F6@w;S<;$0`6hO3o3R9@&EwH7yiwq^a+k4kTxyeG
z?$2*xfNQ+9v2xatJ$^QunUk~ncnqIEH;~`N0oT~IJY$v<m0t0f=qi;)x$E=FczqN_
zaBpE>|9=5gK&!t;m627Hm#S$uJju4{dQc09(lpU4-)O_P=PkJqXiW^Ue^PJg&=zx8
z*Nt-}-=40oad-BPS<H2sq$BQ=*3fQiN$vf1?OR(?`v95z(ZbFjKz6?P*DwCnk}EHv
zQTdr3qg~x!XPUn#Bcq6(%s6Z$>d}M6f|rfvT8*X&(tjQ}`5dU-{MUh|-E3C(fL-^G
zQ`BYJK^jj?Kb>8ikx?Y)@W})9kE?1-ZVKORW!t1`s%oy9K7G|vO{?!yRMR`JHdjrz
z-)D90+1FaQfbY1ksgQpxsA+5NQ&iKNuQnI)wKlDTEv2=t8Lhv|k%hE7iCSBW+OY`K
z*4xzfx0Kq3X4KxZsclrLy%K@iT{gA7ueDHFY-&dB?N=?;boYIVYB~~u+Gd;D6D_57
zPcv$7ylSbYd+$?J(~A+PZLz66`r0W~)BO8f`scS-9o2MGvqvXZP2COczAd(ZcQ;Hu
z+7j>qvh&;JEkd;R$`)1`zIfPpths={y2a}J($`zas@JxJS!Ge%YTtAm+rs+m$riOc
zk2Po2>o&DTEv5EGGivu7v&7)dEkX<=wKWl_y=7CI|N1E>=Fu%K?jJr@pJ7kTBh4OF
zIy3PXLt7J`iN6@;I^EYxH~Q<kaj_mSSf$?DDAL=A{+})AJJ0lVqejo54a3l8^p{r%
zR3mVXZsdzf%t+J&={g&ip$GEU=`4}-^M!`Ci#;w0UTB!QZ-ai}Rb<|VNv0b`0&kdP
zU6^D$qekx#`B9cpqi4(BOsC$&uoKmY(726Jqh~6Q0$1B(pr>qH292P|8o@<|w$UEJ
zMREie{ZEXbtx==5JLw3rjT$}ge_#X&hW37|$8|kO|D{l|j_E!v#+RT6uOOV2bp9pl
zph_Uqjhjg>9f03hp~nXG_@JI@FyClB-sq`^#0|9H&~D#T-{6wbI<faXbC5A#f~>OV
ziTX-oj@&+<K1h3_K&lOzqbC`xh>VdcYwKP?U3pyT$|X&^GUTLP@nyLBqWg_IZOR7@
zS_|y=C*%V22VHf2HBIXM5xJi3H^vygj1wU>wA0x4UZy7++C4PZRD;#&$#Zm5yJ8Lj
z+ZE}tm+JmRJ(iYGlC*C8zR@m{K7%#XNF<*<tssdtv`=UF4%1xfF(F-VB~O?~_u41S
zSVOyOKVvoWh`G1EQaxf?w$*fT-12EV_lT*O>GkMA?Qc&D6x#3CiZ>tXnbg!C*&{~D
z3~k@j^>xk@E}rOqqcNz*YH>_VOtL}U*d#7&V~tBlpLjjGPdm83{;-$nZL~dmS&bfR
zREZHkwLg4wS|t0wcQ0dhV|g#URSr*&BS~m_V&>YhJ&ZLF7h{<gWZSibB7yn&{U@5f
zY0_T)X|EWSUt7GtK0^rYPkUKqkqs(puwg>}w3<pSDB2}fX6U+hWq+FMadQY#P^bH~
z3o>+O{p#=a7}_KI>kk`qNciFnZU0^te!E7)k<erN88dtv^$cy!tQwkBG29JLg|ET&
z4DFqLjOp>~b=}w=UJ`y12Vu{jt(yY&+{NM{8`?iZZ=+qiPH#O&=Yz>iuFS}wj!rv9
z9gQY_O{0!R7tyau-ER!lW3;)~dpa;(PbF=14b$Vb=<oFyZCd~Sy6Ib_r!<In2l58K
zF&NaN`-|lo?Mu*2W1gHWtxctFYQsro`9=#+QGeYu`s+!Cb=nB(?G2_UuhZLC>ak?m
zUzntc_Z{il7yIp7IAwbEXoGvn-e2_?>+jX{R6~2=>3ScXaj0gh!R0S6(}!sflOV<$
zoAr=5`Xp-6{rl@d@jL!vJ<VWxaiyMUT(0LEOwU-S=Tm8b9-Cy$(G#_6YV>&8Y7N5i
z9Q~`!7%h<KdFRtiU0Y)?3tcOXAEVxAPdr`!eT2S@)ecc#5{<ivY=6C#U}@sTVvp!j
zr?)qT>be$3EL$(6()d{W2sBQ=FF|J)*JS7!+WE)y^cp=+i>}dAKGPG8i^Z~{9_t3R
zP1dH?=!r(LLPD@vi)DIjqOQ|+;@2LY<xBVvcucD={jg~4+e5Wtoa2k0rCm{{XV&Pt
zmeiofYs1#*iAGn+%^JzgMm;u3Onlx7nyXi%j_G<zP{?Jfc8yq}(KSNZEP7ln=yYvT
zSkhCq-=7idF<HCy@%n~iQosHzVL@$S(<XYd7BBW1-Ov^sV$53GKLmq8ucoJIUp(%t
zq8M!@;nDOogW&7jaNTe05fgeqXy2faQ#z8;dF`NRm#Xczo>}b(uE!d?L!v7r&GO&N
z^i~GbbL;ftI^A!4F4&PcK<A_M#A2QI&=afZFYR}UwD;5cJIAZ(iP}nuUr*D{v&QGs
zN@#E!^hDaPY4;YJyKW4So$wplH?nt$+KQI9zF4-7)4n(;hThw&>8-Sv1cF3M!`x#3
z8`Mh;Rz&hOogOD93P7b`f!N)+afvnZ4SFv!hEhq2hUg`vs=HLq(PNB|SXO489@0`8
zbXGzzZOmw)xKa)6;aLs3UwaWOsJAs(WlbfCakXV4+^nZ+A4W6X8x%;q#+`z1QR{Ty
za^jt~u1;>h`}Wj33VxbVXVmn6+{+B@&X?q7GG`9)$<S`wS<iHTNKe!zTMWCvnpT}_
z`OGJcm-QqSA+mGX<wZq$toGEbZF)?N9-6CH_zLy%Ip6Cctvl1%<r3>xkJne84C}|#
z)fd6^a$->{BaT?@4^r{4?l%%`xHdy@*?J^Dhxpgu*kSp0GpPOYfV~L*dF=_;vQKMx
zf%TW$_2&=NA9l7%pSJ7;G3U<-Y(Jk2n`JBPu;hLD3$_LD*#q_49F+2j9&0?Or)rlA
zbpDW@s$C=(k`$wh?fV$}OcV5a^;GTY9db#D_b@*~wnzvsy+cPxi^_MvyhcwmYV>rW
z1N#e5tb8Y2rzdN|WO)HX|81MKO?2IFOp|+*aiOkXMy3NzLVbj11~armCZ;NZp8Z1)
z3588UE6zWxM&~r4enZ;_vVKHkZd@;37=KHnXksx1wMNO6X?lz{N-jS!<W(mbvTkVK
z(~wR2$@J(NJw$tx(+#nU#>j!(B&N%63=uOq`@t5-MT|B-EEnHDP~V_V;*GMqje4p!
z?gW$A*klqL|MN*~(9?{%CX*=5ie&BDx*9QwOz&!FYbVrEC%PK(I@hMx>0PxzrJg)M
z&oH#9buIl`ps12qY8|VX=C7$M68D8uMvHF<=xK_0mS9|{`xA{ip9C=@*ifWb8`|fw
zhjqPGk`^cT&;1W7FD~!-tMwY^%?Imin!m>JX-^%JhOr(SlDv85!Fm^SVztNq%9x>L
z`Vwrz@a_le8R6%K_SRp;glI8EWKuIj`xRuCEtplaPLI_Fu_B#mn}wC3y;nb)w%K%1
zZ9N;Ur)&Qodv5|JRdF>8-<mV0=C;fTbTfdggBms4phTlG7h^)y*r>^y<;~R?V-js}
z!L`+>*jE}5aKUCDwjN+u1cpVFtyu>V1{Y)<kWH3h6A%~>L=^s~PSx#uZ+FiO7?bb&
zp67p`H!^*1Ro$vnr_O#(?TDB>%;aw(B3mONG7G>s(pO<|q=G~p=)e%6yO2Wt{2tyw
zCs{Gf0$2d2kRdc`6liQuZ^G0FgRin#lSVRL<zq*r9jk&Owy!03t&p3zpwp&OS_9(T
z6(aCo({ogKJ8WvY9H7IgwTw|93+#EG5u5O-sFHVPyQutB9_40Se6>muc{%%C&r1cf
znTa}wF+4$b?s_H>A_Km7UXQxB_1l?A<s#EQ_NcJ;5pHC1CqJ0!-AM+etC(IX;5^8R
zGDfFXh}yI(jPYvm`x*7STD)(@^BCi1VS(7=_6!>acvQ^&GJ^a&*%u0VG&md-XBgo)
zn%~b32+jnPUi9w3k#{3rJ-_%vf)9M09dfo{!i)A6kTP}h-AF=gmMJtmox{FQ2)UD+
zatG{vQjZZx@8Auv@jZCQ{}y87o9LxZEA_)`iy}%vKUvPCee>KxSCA2hQ{{|hXCs4I
z3AI7Zla%!X!O;ug_=_x~n$-}tFOh2AGj1gd^+cMEMY>?GY$<k3SmciTVX&#3g-vDZ
zpR_0vl8WZWauziUu@#(tu|O(jW!MIKikH7CAT{#Di%|i+3L(>6i|ye^Ue*=Njim$M
zwuw)B4jWe4Q4?=xCO(H(N;dC8+8r}&`4#<HKk^sSbl+Gl$-^M4Qj&*5nh@ln#Hx_U
zTETc+G>DV4Cc&6~4{uN=nvAlN_)JoPM(qY#q-Gx03~UAiEt3~A`J0H@odwu1V3Kn;
zVY`%(hs1wP`VTgPABc(T?Zq)zne~6101bS}i~had@erUeH)H7pDE5-Xex1Ydthj^d
z{jn>Ieu}I&LQU(+;VHp;FOFkZq0QyO#W4@YzrQdNli0gpsr0wQJTJyCT&ghs$h<U+
zk1bc0sW}THX`Z&lcE`i%9S7JQXW1R4vEuMTX;<>Yz@-tU&SLpeI#-ixJy)({HK5jG
zwMreUZ3{hA204sgswTB{VG02%UCLOjP@TE$3nOvc-dB>Li(~v5yOc#^h2l_7dogGq
zO60IUTZSn%hR#7`aEVc17?KdilPB~(48m;4x=aanV$nP1+vhXLVdOG(KC9+Oq5`T-
zp=248?o675mX*z7GFU=LcKfjnY`>Tx1Onib>TZt=h{@rNb&Lsg9xc!Gsj^6_1lebu
zEe8p@(iwk9Yo0IgF+>Rcq}Z<81w80GqZXupry(4Fk1@Q6ueMLukOdJ2kE^)IGw;zS
zk}toVPaLQPhaOU+l)l@%80H2^z-vK*9$XX?aBn3PtA7a4wlWIEpM_<Z!=ZP5hPmVM
z;sDv~?=-Nzft`YwpCBQw_mj4IUsBubiHExvP+Z#r`eO$!4nZ?6l<!zgLTm>)ST4L?
z9tjdEklj$ozDn!%bhFjAv)M`zZ$a%zU1=iK7DCE>i&9Qy9)~x}1wlgwKb4zxn@Lkd
zG2UD5DIQ3j;z7BjPNFSLbWiI*jng{potEP78K%{{Tr!92m?_1>C@DUl$$j^67_*GA
zU^r~>XB-=2P}&%C;m>AF$nAHFVe^PEM$ymV9wUQpF_q>}u{c%A)BWg&6Wye)axOcV
zKp%`+%v2yl{|my2?*XaX9mlptj4Xx)Bt}ciVLso;FTp18e9(vr9yGH)IRnMt9f<3I
z48SI9_@?O;5quH6wVDF4r8Rurbl1{5XI^>^^jk&51TG~_Cd%P{y+9nDD>%bD47}06
zU=Z_-GR%WrPq1pSMaA`*^fU~3lA$kf{xl%N5&9vA0fNlr!GR|Vi6Qh`5UB_%N?o$d
zra;6EJKat6al?FvDfnPAIf1f%)Ce2GZPhfykOh%yu}?pQzU!Fef2YbKg@q=W2D>j4
zgfE|)*i2}PLcrd{|01xh>_xpy;!eKUYGgOy#jgaz<T2u59<|*@^3;uc&xPI;HUoPW
zFcvKc3Y`3V2y=zPC^XXg#E|?Z`eFM^1fHfcaiTT_v;hyGuc#&+ROy*|oYc^NF{Orf
z<gg&mlqR~4ygs(nd!Y`?BPO<l1dED=1jLr*!a{kj8#PkL=Ao?18VSaY$oJUGWQ@mo
zoP-{zPv4E<Mf_hRg<Njp%@x=|4B1QXz!`@zjA0I}ijX%kES9(T>Dm?SAnIW{b8>Y#
z9Ex)pnHI&ve9q8_lhD6*9%W7#Fl{*#WV5pjNth=QT(T%3-dx0C-g2c6AlL77Cf0_6
z3E`Uv!}=6y*pr2^v3z(s5|S~80p~y1N=6@&0kfWTtv(pG$xH~Z3gJ%;^arsXpN<Xm
z#zY4%=56Wl*5lWsuM_dA9|XlY_wlxLx_@9`ZWQzWjP>|W5#gdBHsbjtDqJMD_1air
z5U(-F*xHc3F3<AOxhc4Y99~%=C_IO6G$wXOdQ|jBZ97?qp44;s+!{Ssws7;+3MJgU
zpSi7+jlNzXm725PeOUNqj2krA=@rZ*6I)0x)H`5fNQfcw15MTJp+OAtnG)(w&?wb%
z6gu;zV(HB=7ycy%Dc*y5a9W8kZMa)Rw2jY@8?$$@Q;6sjJ?>1euZp_&a=+Tj&T1?F
zfIca9{J_M#3Np95w~|&-%$Ro-z9z&8eOzCutk3<$a8Z|cx>zlcDERETkvMrrKUhIP
zzRA7hj85aIDNuLDa>nka;quYfCSW7MU<dIV+mMl<X%)tL1F_YU;>0KIi4vtRg}hK4
zkyi<%6hbvzE|K!bF}zB=7>7R-CoL4kOW_YjrC9h4jG)vyj97$?I^mCbcf6czj{Gm!
zoHxQ2?MYH?C2?617<qh`xp5lVJqoRl+Gum678E0U{H_(^sQ-l;Z<<?6ESF@<`|N=?
z&aFMzE|0^0yKSYXZGTVODhf0@wVW7eM+F?A-Vyx~Z2l@9z^jYI`M*h_!9dLAO|jmM
zc<Dct>9`4Aev6>6jRfFwc|PKecC5qcxe><ALe98pW-}PSoH3r@F<!-uYEBxo8|kFa
z?lva<CCa`_Li6Rk5nk~W=J96&cqtFy<+sbfFQ@mC!hDu_Hzo-f%ZZWWVVuP>&|aH1
z$KrD0>*ht`+^iCt^pyaQJPREtM#ZN-*nM8a6Imgahz3lR;Dkd@SIhLQCpa7k>XfP3
z&dFR11R7BY3SJeE@k38=_&dXUpmiBG2;w-#V>pqKoCLn0IA;mGix=YW#gPAFAP6;H
z%2Dv6pq)W_=Clh42^j=+rk9W}njl4-H-a5s+hmAw_^2mixROC*-7lKn7{_{iBSMjY
zeIUKZV;m0lBrXi~s_|aI#)H_6N6`{OG{0M%Mewm6jQ$V((3rW>GxvV2668koVoaZ(
z{)G%DWhxQlW*oMQRk%_%Cs~vWDtPS>20u12%;DAB^aAnl=MI<^kbk0p9Om#(hId2D
z0t~}HgV+FC8rY2+v;cy1K$%3q7Zda5u=*W~WixpDBaPu-<ccFagx#fbVwwe5%-|}L
zaa+XowqjM@<kDGkru8^1*F=~3R$+l?y+n)J+qQD1EB-gEQdOsZtkE7Vwpam<VbCau
z&vN)QqKCzBH>9i)3)K>z<?w)5Vv7QN79J2wY>~1=@>2uvY@^TRrn6{ME_(L6wCE2%
z)Km=ZJC-*!897Y<NMmGXpD88?9Cm1?z13r=KLYHqN0^y90&rMnk1$G%fE=y}f-jK<
z<sXAT7!nZpJt<3Dv^YW_6Qo~FLi!j%Iwl}p%Ajo&pW!g}p=$B=diNPjp2D97RBDv?
ze_|=maOfmN|C?g?4E!pH4WW&J&%obEUcD(w(#>yq1^z)C$ln{%uBMpvRYCb@4u_T`
zeAZ)_56>8QF~12>e8C4}EfYb0>S9=@g`DS6`#Hc~Eosyn9F!0}bREM2I5LQlNi={y
zF?b%igv;<+4re}(FuYz!x(p6SSQS1F*O>xthY4=>a6Q#<-(JTuo%yr3t0SKS!>)_s
zUpd1@&QWj0@5Y>zqrO37nTPkBbUAK~Qdct$OMdP-=j$WMbAA^LVrAmAPqh;GG=~LU
z^s<!W?%L6xr0wX_&W=8v+|j4KJ9-zdNRrt9^p3{<E@5=6mDthGr_{8glsDnt(Z@3G
z=(+plaM9Kocl7lA$sLWi`VKql8s4*`a@^W>^!?W7wWCjRh_29ROYJ?pPVQkqynB=t
zB8NsM)&nDs3>t;7A<VOMKO&Edy$j;KJc{>ohJQ1iy~`0q?R-{yC6g;c=rLRoud{nJ
z?^?edX4Sgb0uJSSwdC@;LBa|NLRYS3WUOkqY{9}fRP51Ae3ZlT-{~?{-G;)C6lH&u
z!y`h(&X3}w@JLYnW#XN@0{@3I{GExwdj#+<N(<reTu^-Ysvt?!Z!n&~7^4`I{>rin
zK54m%-!2!s`{$BSPydZKSAE6xOsL!SnLX>iHfaDjsrvM}y=Jv5aXnMv*DHP#vr%I9
z^$H~@I=i3{yTT-kTy>vlaor6g`)e@m=TVaEUf@xDsRnW5y5t_dsa93}bMFrJt%?3j
zl>*Vc>!Z;EoXFr0aU8_p?^XB+hdo_{c;woVAF3UB#MzNYk~?w-ufX34=I~v2WSBZ>
z`&&!sPX3#BM?NY@*^!?2CwJtG>eJ)?ns;PzfxRP3|CZd5`2{IE@@P#vVt)<ZX?-C(
z@~T?ZsTBIr^Zwd*WKlutjy%s{VNd4Wk^r_-d-6PohY3urtK<iwTO7~L^BmTVW6VGf
zKauX6?pq=ul`U{$9Ag0@H?}lHJi){uH}FoWe7A_nuhdr-qCWW-WFh(^hc6#y_-AL|
z$>?}wW15-PBp=6^w@8^-sSF8sE0WfqcvX(F<CSktF;nMom^EJMe@imFoIRelhu$C9
z>~SIGa2PnAF@$_<sZ{&VH%BV78McHW<5@6ioSnEOqsT7Q&z2m9(ijqua-p&qiu19!
zG$;?34e9Mp@7r9t3j1xJ3?H<8J0aAA<f1Ism}fd=k_3%sET(AC=12vvmICaVaTF!X
z!Y1C$4N_;GjtNBgd7Ln|-xj5>93RINOMTEozx!;d-G&4b)H0D}i>*WzXj$1=Fsz(O
zqg_^0fdcfb-vX5goJGGWbvTQ|n-={6k4r0H7KbRM5NDB%<7|ZC<@5;Km{IA2sD6*J
zY>ojaSAn8G<P6)IGE{NV`($A3fd%ku<+S729QLWEZIkY^Veiu@m%w2=gg^>Iy#z8V
z_4>{CZ3DOTVqQ!wHcCWo6~pGF$aCEkSh4?~YBzl_X-g#TO*rsNfX$QuONag*0sZ;s
z1^taYD%2~Mu1r>N#;eu;qRPy-uUsZ!=vDXteESc2HY;B$?`8NH9DP`2RGiuzspi$$
z92-D!H%e>Za84Z19*o0;aaJ{{QzdpWsUD2yA@7Yq#Z($Wzu8uj4z=LW`vZ+3mxXms
z&9cIZ2<=}fbRvH<mx&+{z_v;dN~-+jT8zAIm2X>_y>7ta9f~8hX<1lmc48LU434i<
zdRfUV%WE+}4jVtvh{GJwlBaLjEL&7*2K&U!l|aW~bVLsH<?M{IkvxGPt<<Pu5S-EI
zoPI2Zt`G0TEK^X?507Z);Ye^3Qj^2Xm?brGhl65)oXfd)Ew8otMh+*%tUFS0{<jhG
zM7++*0urdYtp5X#8e$d#u5Z-@R~>c;y&U;yqRBUMQyO00bvE}e9KQZQlWv<=W?4aT
zoPIB#p<v}rY}&g^0yU!@&uxg_BK9LWQz_EgV)-YtNLbB*nIEVf-Qiw5p;ZotAs=c?
z9h+I6y~*V;?!&ZwPN%X4`V8qu@6UBp93R@)55>j?#Y8SEvlaKJc?_Q=d7wYGB*O$M
z;cK=P_T~?tSgEn3#T&qHW4O!yGEE}vIvZgZXF%9F3Sr-5=?j5h#<;1{3VYkuh!gL6
zfY5?N9|D4_?A!ENN()$P19nLoU<HByP=2~Wtsqn^4LD4&r%>$L{5-fh7EI$`$;gEg
zu8Re<Ccn>80kRfU8boZ~`zN&+ViP4G^uPu@ipYmxJwrzIR%0H2g$~xb1sPHvIKzvf
z`-=?g!ME8#${?D)hy}&SPsFexG-QZPaUkO`uCJvB5n<~|&ETUsMZfqs>{uL8BsH7i
zQ?Ohhxu3%(k7_#FhULx=9QC)vez;5Y$)Fx3X%1|j$D%}!qxc4c4R2bM6$fP}HOdCV
zCWM!W&1j}2YNk8IOeb(MiOuL^RcA7rId-!aGKDxvVcW#)iH@72Cc3Rc?cJ=|Df#+>
zBCphJvD|BwnrS7A_B|_<0J0{CIhhRqBL1W!W2hr@xA(}LNINopQ;*E|K20+$w|3+l
z%j9MyjX6bp^$o_s)Xk)De}&sVFxdY5p$d)7=M10W@ODJnz1=o9ufa{U`iEeo1z~LQ
zl(PY3i<BVvV2+jMIxMS@6j4%yIVsC*&S6f4##~_BJI8gTq6(5jE0T}|Us#=C7X|1&
zSFPyl75166zhtx6?G;*zE>=A!<LQ^~^?fTe8QZl?3n^-8*n6LyC5ZSOOG;@R)>UZ#
zx#^HlrZm5gDm0IMW{86bDv)gWT&s{9Cg#AsOmq@>u&P31NknMjMue|yMCe<QVm?um
z$rch5Y-(rJE-$@%hg)3Q`Lm?7H0lnU_%8j~g~&?Z+*YHg^v3n+lG3|(2)^_2&y)|i
zQySNK``T0~X>q5dkW_wc1{rC@oi&R{6Mp8AkdF6aLPC1u>j+6m$9k~~myllnI#QE_
zG`>@sfVBGB3y_ai-By!$l(;@!IvUf-EgY@CR?0?Yoovx){k18QQJ*``OE8*sZH;o#
zmz|_o^!l}`uui9Rq3GzfN+z1tDMchYdu_^|p0_|W{%2|O&{I5y&t#H^rr(i5+gJUp
zE@@~zA>~wslzY;Vvj4TIl90Usw;;4rL1lQS6ftPmwO*pLp_4qzWvav8V7dqtyDmin
z$^bG)0DAd4RZgVScM^X_{>&}?9DJSqcch=Q)e({@qHnNTq@U5(W)OasD-h1VHVM`D
z)uRR1W)ysEGUAqdUS}}<bVSNMYhP!X<et-Nj=jYkmE7}cb>utCJs;dDXE~>x+_5cp
zq)8Jae)ipEo~O8>jzx;hGyKk!W3jtkW{Kx}nV>E0EWI-+?DYB>!`Ew*b>^!NFK<VZ
zPWZeeop7C!&e1#5W2D+Sa?YMR)5M(q?c7q%>vyFKImfQ4RmPcmmt4vEYt*T{(<@QT
zZI>cY6yH^|cvF5&x^$y<nWURdciO_u)OP=oX}HCj3GM2TYL?vP5o*MSztye=nI^90
zxBD8eL?fq>&G0!G_=#pDcir|};d2}w6CM49_#8YIE);(n2Kl5KaE5n>u|W`DWjrQ?
zDlzZ*Hlx0qGx4q)4<$YKQSe2H)cu4<v903k%>#Hvaz2Nqd(;Ks(0?@vi#Z%Vnoe@r
zCGhTQEhz9$;uXU98A@Q=`iT-OXHQQNESIcK6)a;jq+ppt-g^oKuS&7F5l+lpt;K?N
z!LLuITR~ZXM{Uxy)tbxg5G*JZAA7z4>+ygfiXK?2FG{aK^(Pt&;ur?MNr*1jWc07u
zbM$ezne279!t3ILzvZxgk<<sTOFyqaR$JEwmX<RziT;*D$)X4=#QM;x40GYVauzl5
zmmC%@iZJ|ja^J8GEKyzRb6C76B3KEOm$RUZY!y%N)}%Zpwla>bxj|t?E;IQmRh>PX
ziE(Dsm*UduC*tDNU(VqzxeeLKphwqa#!8gpL;cBD-MczsS#u6&oj2zm^`yB7rW_Em
zhCr>~bLAU4{sg`J6TBgaC%@aC+~Fr&+&LtrhBxcm`5MXWBvmwj%f%}1<_RxCEv9Po
zg2Ad`-+VIDfhH6>aB(<lV^HyvQ5$!r*Jl~RY^3+fZfsKH799Hhr)F3!TTfAi^#?wg
zNm|Ti_$a(lKS=(R<4=Ut*(|Fs*nbbg^tLX%m0yyGKIvlHSy%jIoWzX3z_%BZnDL{i
z-C^*PwG?;xD~EFz8)S9w{-o{enxy7C$o`Zc_Fr69`*`6@9v1ZRmA12EvIhwA(@QQk
zLvsGz)ox_^x&?Dfsjd|M(krOo^#O!S(4x}Z_2H62w4ifX{8b<}ea<D}jHy-@ygrdJ
zYzS*FDLAiUF{Z$%@(|Jdn;uY(wf$Q>zA@l1W*lRBNs26SkBxY8oiA^VglVCE4)Jl!
z%|=FVm02S2`a(uIj)ob<KXQ0KBz=NDD8D3%t-33>2}a=XgIOeb;4f0(A{b0FjBp4E
zxHK!o2!sS&nh{)%)Bu+VteZe^d9B$6z@={rT*NZGaM@p4H(chq;IgOG1D8*0fXf?6
zxSURb%dAP30!(Ivi8u%oaU;xIm0C@Z8Syz~mA_Z1T>xlS%Q!>_HlG$-DX^KbPpcC)
z$BL~aY^Lt>#NG5CW@UuUdhulmoSBuH8#*t+H*Z<BqRmSV+PvgOn;kVl=Ox&6fS~iu
z1wp4c6*~Qgr9$V_-nyYPd6)y86MH?-`Je{qjC7#$xfeQ*z}u@L3OYA>BF7qe4M_M1
zhrbC9(WZ=pPdDsO4h&1i@kKp`1u}6gHEb)6*K+uFi45DqM$luigvZ$>5xPC401jsA
zW*Va3IlG@^x>x`QGJb;^cP~#iwnYkT&ErXlqItk(`fDHehyzm_C@^M=HLZD^kvO1J
zQ2z7=Nl{_d;~qQN+YOk65u;eTyWrAF@%Yk^4V<G-OW^d+WqJuk$R;eIUN6^z^fwjY
zTcX8mPIK((8rc3_FeBF_e!2ST5c+sq@r=XtT*=ASJZ*Ebk8>q2IZ7kh6Ma)XJtCi)
zG-5UBPS7k=``0t_IfbsDc*d>SKxNwmZiIJomHYVPr>kxL=bbZ|4o+W0m~nH8Jc>V8
z$oLe6^#-6tkSuY&Bs%U==vY!urkh;LO+p9;|1=SxFfPFMxJ#3*?>;|kRPPz}7*9yy
z*?SZ_B^CMmIP{9Mn7oVU>+~Ck8ri~ga`1!dKAs^Bgf#v6VksKm$KjQ`8Ro**R|JDp
zAAYdF_?v0Y$BUVm^^kp$O8hg2=bU+8;u?6D8n~oE4YPhQd7;m_V#e@Z4lk&Qe{wz(
zAFi%T+E-speAp5>@q0N$Y2s&T;zb<x3KDq}eJ4JQCVp^lq!RyB<HY-`fsfX&bK;YS
zF%qEciH|#<iLX@S&!vf1sEPlT!&y^IJbI;=xWQqLnD{T~J1gbHmxzh~Z;caQq6RLn
zd*U0!#NS{X&MvfK9@BgPuTi#n=`$bd_{>H7UHg>NJYH<+F{PQD*_ZTvbMYk@%5(!e
zhA<D7N5c3sNH7C|2Ls|{`>2aQmNaHv5yRim<9v9oP({Dj<M2a<m&2baG}9N7jdMA)
z3)*xcF~q7Vd=5DD`dq2W^M+Wg_M+E)KG#^RPzk`N2P-yKAjeQ)qVna}gRQ6?nDprZ
z^?|PjyF6Rs9lZRx7A6?IJj4nsBhXpFn%gF=KqW&wCRgOJT{I9Jp&t0dcqu#<5>Go;
zDTXa8gU=X}+zk$^4ydh|Im9xQDT<!uU_N{{z)F(Z_E2(IV~D0onO;4_O~kK*6$i93
z><B*k;;4vTNC8&@0^`?e=Tp7N6*;$Qs^aM__)3A+ZD7rQay`gA>h>^AAXF}_-LHiW
zyq?S7?Wsd&CDsJsRf1_+O0*8I9Ml-*@RcgIu2V9PQx=!%B+DlZP4PAQI1Jyfwrfj<
zmm~IT$ymFd#h#t<arjEedYF%`B^p4lVoMJp6<=*FP(PSVpj=v9V^l$F4&Tr?a{tc_
z^>~(AarjogB|L4x``Zn_8R{9P6^EB4Jd=eNjt$BPE1}5<V5!*nD=Vn+N^fJinH8>f
ztt;gG+=zC1ze2R$LnS`9;c#ld2cIVlO~vPpqQMm${7fKoP}w%G5C>fxbMZ5torBF_
z(m+=f&u1<-)fI5!pr%e<@lZ=Iq@!0Lqw6-24d>qr&8toe%}dl4nio9Z(7f1rgys?E
z$;dq9WzKa63siL8aT3rg1m3KgV5Q-W?RSyhtr8yQy5Fu~9*yz@H}#PG9p+}j8$%b@
zD=>${R55IT4kb6R14Z2T$DDwD5cYVtG>5~`{gTY%6<k&e`EZaG53AKqTPR02%P<cn
z3M%jz{6tWF7?7196K44kWx`w{2^Yc=`$_o$iZ1Catt_13|G?pwD&*F$Ew(}_Rr7tk
zhl~u&;jlp9SwPXN*EZCk8zsxS%ug@t($k|8#l#sqJlSHH6W}+^RXWjvq3IQx{T$95
z(2}v!@5#lq;_$^1W=c(_Ki3mt3qQ`Vg^E|ThO>gDa%=!223fja8Itw`<55%Wo*eU=
zBzXwoAEAkv5RK++&`ee1#pG~ovWm5PDu%6K&<0KS<5O^GvSo&_x%eGYeo!hZUuLDw
z9AJ^n)0Pae&A89Q%78#E1S(WYi9FaSfX{PyRuY9nU4oQU9B&e&!Wg<_)c%;Qw`}Sx
zWC{3Eqf&A8IlSFO?A#cl*_0B`?@)R0K>s$v%f-K!$e#hsb^l8Kr;&V_=jqxX8_IP1
z0F!T^YcTbd-+uL&k$jahO6H+6HIglVBL9&yOx`o}$|Guh#BH35hRkex4EU-MQ`52^
z-HqJ-&7pae1S5pJFkS`^$4MB9%UtA#9RfW$Uv5R^!&OS*isv&~QnzJ~Kmc>#BBE<A
zk7q(Xd3j4DC{D}SaTgk|&=AgTjtCvkq<j`hFr?4<VK=cT;4mbgQ7w4na8XR&;PZ%C
zTk>>k4x{rKky=#IC8O%>F(#$Q$U1wBb$Vc9N_`N(X~bc{JSq&eOh~K*W^4vC#j|87
z*AB^2uIGrbty&&owtH{}S%3qu<G~u3@!QRq9RTrj#bY~%ZOJ-^!|5i9$95qW`x6eQ
znvma60eC`}6l%P&iF6v)=g(3S8-0HGgX!%3RI^m>zPhu6J8w0W-`&)iLIp16Frg{K
zE0di4ROb}N{z_Bn*CvKe9K6Q^nHYEu=5rXFltQ6L3-K%$zWpab1bVaxMlp{+OUj14
z;3GLLa%ZWDE$K`ExrD=_ri?NM<-|VgoD#GUZ%PHAsna{1C2cKlN(ntaS$=OyXP5in
z5)L1F23(su;FP8UW29RzOiUur#Gi08vs-Uj=dic?yr$wK<hU35Og)Bq@C+eNy;uNq
zFR?ow?Oap95peiK-Q9YmbInmniAJ;=^O-K|$Zvbd+1?S2B|!E(WN+`V#_sLy`Ebhi
zp3axso5LYDjIH+s0_cN_7>DRMCRDVuig>(yfy4s?@a>ie!{2ce|3K<!e{2)Ls{`m$
z6y%|>SMDC#m}XIr;briQNremoa$<_0jC{D(Y7A{SjBU&)kvd0_hY=5(b@V7r=`p;{
z9^;%IcnP!@pub3^?Q}^|4Bu=b^}=IaY_;%>CJcX?+>F>mDVuS)F{3&lbk@KpuamkQ
z9;={IKV{%Eg%CNHRZ_)hEaLFta%Jr>DGz&VR>DTJlbvf_32<1caP7-FTYjKgo~W~>
zIAZnq%GA6Nh4Z=;mVv{Ywc>fQ$Up&|h@?Sd--})az2cFI)cbs@)lD*&z}%*GtIoCF
zo|twW&}A^BvFiHyLuJnMHc;6_3c`aQ3@0R2p47yU!FT&QXAZv0;V`xd<1zH}5{m0-
z_*-moJ%P_3z?^(LYpjV_RSX+7lNSeG%dm-U^vUCJUjm!Jr4#`;e>_Vl!Mh8GuQx~R
z@Q6mxK%L4g4kI36L=g7~S|PAV7XF#9cv262K9#PyNH?$*mofuUWj}|}4~J2Q%P21m
z7Uom5Acw)?VA!-Yhr`bNqzb+0VYh)Lhr^<LWlcI)=V@A;?>&EK>+G>4rN_5*_9)M%
z6D7{Akg0O09$Q0(t%Q7w0bYf-!nQ0rKLOYAAx@?=#7_gvwOx6=u;B>I;T_P|2=m0Y
zg`$`nq_e)EORPeibt&)7Yr<?PF&mqaY`Cg3a~FmZ2t&^aX}lsY!CFe8Fn6I+fY~M9
zMwiHHjRE<RBvG!%#Xoul{$6%I@@a%5(VG8*{%7RL(yvB%01Kp>BYDtPJrehv6uHmi
zn~*Ao4FxGO>Cc;t6t!}Fmy}e-x0<kkpli=zLkNc{Kva_V(OtZTnzme=H<w7XqDu;%
z%~m2&j^g+ibC~*|3^Co>EQpuGb5#G!C+mI9>r$nT@vJ6lSs!*O6Y4WdU7OJ66G{E{
zVGdtyNglH%(1_VH8d@jrO-$i0L+b4DR!Wb-b@rH)>;b-*;+gZ6rA!=jx<yepuz(J_
z&lbP>Ka`Y5eH`{F!C}}##H+64u%|I|vFo`HrI^XyZ_IcAFZ(k^G>~ERp<3DVWgM0_
zX82QSz>~7(LuMU4R;2VeS!a(5DMg5W;;;*G<T7#C3&dg12|z!lhm-b$t>al8_JgT)
z+YcJT2%#kXiJRC;d_o#s-{@kxkhOrrktR|>%HjQ)o$Bj@{#|rap&)UdWj5zo@Q_|;
zmuaf;KXlEzl)qR7HiXe)A`M{2cxD>-CoX@RoZ;g!{1YTBJ*4}^;Agurg%uU}9Fd4<
z?c{;l#IcpUT;E9`Z3x5V+GF@QXV?YadP(;SLFbwTwvrwK4Co#3HV%I?@nP7hRbnd+
z?Gsoa-{y$7w{y7H#HTn6uh#USAUr=yFUsUf@qdb(z)he{93h0ca5Y`s@@z<GcDe2}
zar_;x#6NOo;vWpU87NsgB%0J|;s}t(?5aNpzKo=m#ChXYK?;)c`$s43tl@ebCiP{^
zKn6!5vf!m&U=zMgCnH%`d1FUgaESM1ENS*WcRXW?xeonbr$O4lu@iJ9)iY51n#9<3
zH-r(%1ggxRl*{m@#mL-Ac1<(Q%&An;uisNiwSJ)(m)vICpA#w;<Wz)ZQc1q(>r}B`
zdr~C;Pwz_!z&eElx+OgaIzAX(&dj<}o;&>qQ=X@)6WW5qmfMmBx$2XiNSRg~UX`07
z5AIR#Yd?pBeLaCO>unfJ`;LHN9E$reb<QW9is**zgFal-h(s#}oQy=36I<mwt8N?K
z_)Zhykm$pr;mRmycq_x(rRsY^i)9>3&%Br%Sky<*9x279_-CXsb<N3?I+H#Q<NK;(
zvif8s%|A1tuTu-*w6h&$@@)^=E!#h%!`CMxblF{Nc%`qrh)>22o~otJVN41T?}(x9
zlXYk!JSt0DN%_TFGUG=Vh5(shRa+so>b~AWYCD~BJWXNcHD!WPZ@!C=ar`xO^GE?a
z#cKD|HRzPo$TL-X?I$a}lEL;a+J6utXl68O#bNRFp`?x56!c@0eWH9~k4#>XA~%uQ
zdChM#0&c3k`)iVTbb-*!X80@|J)+67JdM2NMxN!+m0<w{q6oC=m71(SOtwF}Ovu|G
zX&1u$RYaA|{WmJw(u~VOY@o=;u6`c+>E|%vnBz1U_NFquA2_OfB17#bpC8pSpV$6x
zx?-%49i>Ef7->~zXTfpm4E>HOJAThMt#E3#LiJG@Ccf24iAx)is%O1rRS57<)uvl{
zl<0x<OiJG)tdU=vag@BLJWM)<Uzxvwi=|h~JM(P=IFJDx6z>~!Omlc&-`8t!`Suoy
zkn;NNU9DAo{{=ZRvctjCEt?-o!u;NwR#nDo7?Y0GuyyG{!w#T{8OG{zGX9&)FnFHK
zaLshbJ@t(XUu%dZPLipq$K06#;X?AIe<XcUMuiYKKNLs7Bmx8VtJAQ4zm2Fvl7M-f
z!$tu<;NXvE1Z!Fffr2Xf;Fr;4<q!`~ydOTW)#)tAtH!^IKlGq{5EB21O5DMY;$Mch
zs-I1@tn6%<u~JiwvtjjYD@?eY&0+dVK{3SN0m9I1BEs}r5D|JJi7`E+PAr?r&XO?8
zXV^ge+e!W`qI(vy-F}x;LXCgruxhp?gm;*^QlpBx;sL{s409IM8Xd8vUxomPV`?8Z
zXLvdCm=hh*<4r4t`<_0kdAM)SH?2xyzTX^mMMjjrY1PhrTfypuwkFY^XI<*YR<ISA
zm&L3~;;B!}B%R0L^BhVxMk-RGYTe;YPTEf!*u6-`UOms@t0fUuh`G>bF{=ui26o^u
zvRp;Hsj$s9uv4|q73ap_5HD8|TFnGfiWZ-_TigVrMT1<}v4}+tEaLL_P1K>Y9SM4A
z9P3A2877^RNgQ3>87AZWQXk*imGto|IP`UrMaDktP8Q*?EkF5cw0tE=)$V+josG?5
z)Wbn)_nFf!o-)Kv=heuEQ&UlP=Sy^`>gvUo%Q*~iW;HCW-(J;kr&^lb?@A7Xoqj{o
z`W?upkXFi#hVGLkj0@=Iw|rvP-z<sLa=qXy2^K^j{|F19By#>@lI!#xVU&a!!#{HP
zc0+_R6=kZ5EB&{c&RrW`K{bzEK|FI)z|@ArB0rO9+6)dqWbaTz4g(s?9s1&-kbS#N
zV<sz{-OLTiiFS9TQ98mXzvnaCy1HURRJ2eDeaAk&Tf5pPPu*6!M<!}=*wR(7@(KRr
zNk8<cTU!lEj{RzYAfIuWEus6v&b?%fIPA@GU&b>eAo2I}M~UCw!l7TlF;Bnzu)N)8
zl$Cn9&n~5i?|C%rnavd(`UjFQ9R83y#fny@`t5qut7|mpFv#gQ^r56>p2L0#X>7xz
z$)&Xn*i8pIO|d11Lygt!vpEcSNJVC=JGQ@2-~QD8b`B+4M&;Izaz5YBnYNP7jx{Ds
zClXiQ)ysM-<Y8D8kfXocwO0EYgQX3L@6MUb^eElmDG;Md$gENiTlZchEj7J#0o~~G
zM-JU9Q_vitEmJktI|b|;koGiAiX0`4owvD-RZ&oNHm+ASi>DHrt#{CDQ5u>xgn0o0
z`%yNgU2bB-D7N8-+LX>VzO8$x7JOT#@NGd7-xj#=ZS6xf;ajYUN;ONzx5duJ9qN+W
zZ=mY;ZVJA&;jq-{cOb3bkS45#RXV7*r;7*mhBt9gud0g|^+q;v@MlQZ8mg;NSbi>t
zHGY;1_4UE{uBNQHCWX620gnoL?xmy(iX7gZER)_1>1JHAG2+w!>{@5NJ%zx%ySlRh
zzVfRg5T2)})ze;{r(gRst47^rs~F`(j*;lUo|&~zP4}BdCP`N%0L~4#=T&1IF>rym
zuDNDxsiKn;0j76On|IP3D%M9^viwnl%Ky&~1nKwtj~aR*5AbLq9h8#|8Qud|7^=`g
zRo6;aPQ$K-(iX(3F9fW525_pkXZ>!v!^?!c&3KgCNggTNYKmzT!6rG4F)Uug2ivB9
zP$(X06(r*h=rYW)LUJ!X!5RLBVJB(3TBpTo`0AeYA>xuU;Xm{kV%$g$r2DaGnu$%}
z)rl;M2q!j0!UC~go5(KQ^wPg}(@XWH2z?gdayQmxGyDgq$z2YA)C;i45c8QkkyRtY
zay6fM-(@~^n1Yri=d)Jx9M4MH+;{wjX_i4@8QGXmPhh4p^&n@eCI)bbe;Q%`CJtsZ
zoWS6lPqeC3aXy)^fD;&H%-s#mbVIZb1+f7%Gd*?nqpGg{Gj{Sp1(O&ud1`v;`;XRY
zEXl-x_ZJYlUUhGwJ}O@M;XbMgv@eV3NY6b~H}RX{76r;g_grY*#D8!&Gu&eMpi>n{
z+DP_Kv@+bW_tqvd0qFr{iRzS6fL5w~iOE)4joAeo>?DZ{FBfib)V^JlJ!)S=n7)C&
zNj1H(kXYA`xq*dA292!)*hcc$jT0=7lye7%iJxjD=5qLSf@KH0O!`#KCZ0N*OF3-X
zpe32;x|9KtLz&%ogu8D{^4~44zN^#wPXAOBYDK^O8vD0>e=RtCKGZR$ESa1d=D&an
zwl|Wp&txm5((a-Sj!|ym<ka$qi#MohWB3Dsh2a>7k2Rfe?%Zy|x$Yw+&V9T4LUHcz
z99|x2F?=AU>T%TsD|6Lj0r5Jk9?zbXj#o=6?aFr<UY1unNVk2G2LL%7;*}azJuZN`
z2gTPtelPJ?x(N~6K$NiyEW#W7K8x^XG{W^vF~R|d6NA*PHzOz4m_^cz!?;QZMK(@K
zMWFGnx0PvcCsZl~BD-4u$;z&FRN$4Oak3QHq?BrYLXN1^l$_X4%+Ecu%9^V>e_Sa|
zd84}N(PYBc^`?iU-lRxsOBYEM>U1Tc(gQ?X{>}|T%`4&SZXtXTUI7FBuqQ$h(eG(-
zG0rbCkY;C`2WgytaD&L|l`!+ALhJ^svcx!}EE;D-c2Mu+Vm+rO$>`NGadHN&)l3@b
zuQbp-+@K2!T5vd~g<LB3>@q8*K=zt-3hK&K;D=>1E%H#m|FKqu%^)#T;;mnuq#tn>
z#rrrc`&e_ZDHk?>qg5uvF__-NV%P>&f0InCGARLop8v)6SV<Gta;H(k#6NSGCmQ8)
zSn-X<47^AFc6C_b>R{mA9NrTR?sbnE;4F@paf7aJbj5%#o#OH~#AL+IyX!TIjuEu?
z)I^8&W-|=H&`nhJuQ?o;XoaIPKD*B*r^A=3gVg92%iFS>L;0eJjICM=Qeiy2kOjl`
zD>`tkIlSr`=(rk)zT29^>#ldl-0yNY^xI@J#VPIrJ1sdZbgku!lwSSqUb9nsElKu5
zI5g2>N!F9YVbCT`sB2gN6AonNJ{&$1%;$WPR@M%&l7UE@rdTQQ_~Ya>gf7oi{Dw{*
zo3P`sDV-wlGK0g0sIzRdR*Z8iU4~8JEeauo0J`&#!*y1>uFq@$Z!cpEo3y9$Z=@E*
zR8>C3eSXhj<UotzpOOegL3TorYS0M-Fk!eA6^q!or_Ovthp9#Jw_NmO_<Jv&E=~iE
z+F8Z(7QB@%W?cm9H)_N(TIznv18B=DupMW3dzFfp7&pbLva>_&Tq`n(7cYuX$wJs)
z&Vm#Go~VP?s|x*NB{dgRL){iV$<o8Ng1)jc>3vaJ`KT8t$|aF3mG8Lguo+CA<t8(G
zl4NH62b!B{L4OtkUm`mTrcWdP-r6;qG*S3D^f~ffxA=D)zKmH6|6s3W`ZOz+T2LSl
z7O&PS3vGAb*GILOa@xrJ2KsZ#_u}yLaoA`x|E(FqQA!;T+~2<Ea1@*Qm#DMbQZj$R
zb~rZRaB{rG47tazZO+K;lR0QDyaGXGN)x?M;`dz2mV^dGN4s~Un|Xn1mY#bte8Kmi
zdub20s>J3d=E11}Rux_e&l=bg_MqWltjVLcT`4K!I#R5FPeIJC!#R-g1P)=uqAOpB
z;Zz2b(NHIB*ksFg@I|>vi$e};HaNGw^%va-$?k_<h~X3lgU}!h_({}mG(a>OEE_F(
zA%<lPmWW1U7;JihG}bTBd!33c2~hd2BkR?9_%W{#8V_Y%=&)w8MK^Eqn39-Q*n;j!
z)ms^V`r6OGoRmyW*TaPUeO7A>3t?Zjfq4*nu@G;8quHuZ)_^HiB2$EYxjo#slPp$8
zH2zY%?KhLGx~y66*=^6%J?^qfjp;qo0hY0k(yl8~z?1Rz%Q)Q>5i(6)!A*fk+$`gI
z0oN<kf63bA1U**cuQ+@mG_YH2I<sQ3RZV31N?0hs+YQ!cON@ARj~0_5y#i(X3iT%s
z#=j85D`7Jl*s?8N2_s$*;^suq{dgsO+AUsb;Jxq-ZC1Y*V|XuA(_Zy@F@#tCl*}kw
z4``KACX3>WaAt(X64(kB?9&q1+>FU{5|ZacjASH)dV5lfV{=%3P|99ca#+#N(u4RL
zs73=3Rvgqqar_O3d4nuF?iiqfgx}doRx)O$dkQkxR+VVV#@o+(q-=6F6JHSu0lCi)
zjJK*4M|<UcJN}v8e4U6eqk^D1UYv(83?WhaPjP%2mPE?%Mab2|cqQB(7lO`GtrFY7
zl5=j^(&VuC<#dU4wx`jbIjj_o?(sG%JC`D*u6wywDK%#R2EZQ{Vp7*iTMn2x%}R?f
zU$(}P@%ByjdIwr_DBj?_-ZQyo=~NKV#pSF*=KBm>8j<g&bqlJ2hPwvZo&KGXuGc#!
zdqvH-ZMB&+Ek)G)*fsg>DZR$ny(XmgTD`^*P`6H&0;;J5)NvbZ0d>fsIt5hU07RZ}
za@jxd@Cm(8K!4XjM@X%hmMVw6yC#E>>d2=9r_~Tp<dRQ!t?|mIwooUf`Bb59qrlyK
zXs-M5_IL<=+$7nqor$-{v0VuB4Q$H|lJkH=Rdy(adcw`*Nd+mZ)h5y<S$0bfV<gLl
zmZ=B$VJ@Vt5VnGmN3?2e9z8G1K!^-7rD9M)zl@Ab*iW9HsOhDaAr6&7ZFq<(JWuQv
z!-lXCj3Uf~(cKF1Wd^&UFoEr$h<qe^6B!aa+44HaI&yeLV60E#-uQ`LBU>8|n>RVH
zOC7b&$6@OxX$ypL6XgXv_A~LNgQ=##YbnV;In?NsFZnopX7}Ac*>XDs4=+@=^bcGb
z35vGuIP`N3H7ZTnbW}<;^e&;UVF7I3|L-Yl1svjnN2yeb*Qa>=Lzi+mO8STZaX^m0
zv=Y8L#k0``9IB<ZBI67DOmPd)Iq>CrO_s2HZHg5~UuRy%l{~W8#?bGRVekq8m|rp;
z=ZwdxO4gBeG9+>OVXaCz0iJ{{11##loQgrzJ_mWOs$&Z3YZo%c<3gYtV1*^mL?0CI
z*FtzN>>p}XlXSFSD-$TK7n=Aq%pD@QZU?xCN}0`Yk|57bs^M@>6{1BAfRZcJL*Aov
zD~GXS6K@wgng?rMjN$z-J-d)(RTwzMB56f{<Yfk9NM@WPkCm7f9W%TV;@u3QTv>1o
zC<aYWXj$1}N`i*z3~yII?~hTt>?-je-H)wc>;a8o^C-zo4LN)~#Hz%X*)`~c83(kG
z6f~mhLoc(N@KI<|Mi=a4h0<3SqVnzSVA~pvQBKHTWjf|mH?wHXq4!$n#EhGqcKEi~
zT;|YJ=kWPByuMZ)^0AYxu(I8lwxPx~<QO;C5|qmx@4(a)LU03zH(VX#>2uj>_uV_S
zMnYgJLJ)HeHKJy|u12ofKpuln57y-|s6~0&<IsYVK@Kf=ZCWZVIJU;21%0QvJfgba
zl=R^E8W%n2J<UrGPOee(;MHmWb$UQ<>W3h)UJ``Q_Go295U9<>;j;b=-C<7`0r39B
zeCsKXRlg}ITV9XD{`Kl}Z)A9RV7=o!nC-Rk<ioc0WWI^p{5?OK<m?5!vmgkU1@H&b
zV>M}_S0MWxhYg!-kJXfk7SomcpuAk=TABC|>=mL-0~mftt1tv(rQd?FzRW@iTJq>a
znkj_)Ljx?`FBvrYVER5S6eU5dSe8fjaq-N=mawMSGVm$b_Ci?|-Va|u2m`w@57xd|
zSZLyt@S!GjkA+sK13n2$wU`hbR)}v<)Z|9IpTo$ZGD@^+KaqsP1FULErs#CpM6*Cp
zv(iB}HM`%4;nOhQDx*p<SQquwO?57&movt7s(pC84w;2CsEXBE1-67OLiz3hXI?N9
zf>t&v#4F)-E1~FOcSdwE>q`Im5JsUeHpzrmbmE6jvx2C@Wl=(j<!iJc)>E#k*F0iz
zJq`!gC{%kj_06F*4xYU;&BLAZVf&i%$FsL4r{P)U1{=>NPqvs&b=_LQa)D<rGuS!M
zGO;<79MVFmKYjhVUdW~OqS!i*gIz@<_jg6z>VCW*MiDWB-3PUhA%8~8umOB_P^*%0
zCh*SE2qV^({7-Fs(?oqrnIyAx1`WL35CUcQmrTrqgAo%O!ePz8+u^Fh1Qx;?5YLCb
z7)rN;P^o;DDnC2{(|WOxI5+JwNBrVd$|3Xwhrcpx0+&@HP_4T&OfP_ol6$$}RHh8Q
zL?2g%-tH4MWav$OO=ak9_>wa8o`-i|m1!k&Zv4J7^yc51tPt0ld~OSFtp2|wo$l1F
zNuPJ+sYr^?dqN*qI^BBjYd?p%eLU%Oy}weaK4*G6`9Hnvhu`$BA&c$YDLW6y&tXe1
za{20hYz7}04Dk|sRRd*x!9>KX3}RDg$g1RGPrlD&F`d2{TZLt-KFe*bmkMKL1Ga$A
z6OIg!3xmZtKp_E%NW%LZeSBIrU^7@cUjhBHq};M_8TD%h<?0>vYXxHkoN{4=5ym`T
z+K48U$M07E{uY~XhCd8r+c5h00lK*&zcV)YGv>F&20z984%naweX592uF&RsWdr8J
zVEGkn0l!tN)ZuEe#4(r;VTn4*!Ekp{E;}OUm=A-_zjr6u`(pTf83Eu|*?>*p6B;1j
z-X8nk0A9mcAvWRgtazQDPY)z&Ph3V^cYs>?L--5M3~Uy}Jbo`{_yC75er2B&SZ72H
zYzm7yhVfz!MJ83haGV{@V*zX`i)?Z5S0&Sh%T&5>RpxZzm@JL)vP8>z@M#|w#AYzj
zGGq=hEF&X#ZZeN}<f(}F>VnOEJW0e!^o1F{St1#ClaV3~a#N(fU)Dg8dfOD~jHF0U
zLO(^3wta6DX|RhTCCXHu)K{6)hUfRG`8dz7`7~3aRMr0_WNwW^=DtZIb1%Ee+}GaM
zb*#TOa>h8!=|w<?xgGQ}szp{mtotd@{8y|o`SY4_SZ;*trgK7t?Y+Dv`X=5ETTWEw
zM?^=ff5osq^y^@V56l(%1JHfNt%>gG?dZ7p_&wMRcGYuLN}Fm|O7n5OjQ}udAUkG6
zqU0+a{RxvHw<E)<-r$0WTZ;N8hcT}(h9PNo8=e*WE`ZC0V@p|uP`7kCm4`9|D?1CD
zLcc^r)v^5Yee#H3Fzkpo1iieW41K)wc`%2v^I#6a@4_59Wn>O-OXhHQt<2%h3uO+S
z{;y&V_o$VRNnsBE<Z$9w3|lp_=@xQmQDLLS#M;mz`rk&2|6gYKZ^{e<JKDS~3e$`*
zHig|CmHmAB>4@&PYrf98P;pg8?w^Xdb5qH=az@a&OC=8a<4O)8?^^dSBb8Bdyur7x
zF_v1A;Rl)Np`L*bax(ZwUt!TC?Hlv|6z!9|Rp4<p;AOD=R3v=9q|m6F6dpJqQrPSN
zZBjVEO$zbqoADPnD8$FBc{n6U;;@c3NtCj1D`*|Wrto*-`-2U=(8c%-(=gG;Z~hPQ
z{s%aW5a*(^MD@{G<^}V9^uaGfcCt~TMzITF$4gOxTpKj88&fQC<{MHd-Lr84i&k7L
z8g+Qb3JdY;wGLGt>1$v|mg!J^KhjryIqqDmq6VRB!1ph7EmuNU3=t+X-JeQ#KGe>i
z@R0HO-QLWswG_;jQ|YB(M)XnI&*oF<rC>((aZ17T_$sv&%<10VQZPNgvP;2y)7w=F
zru?fqO2IURk_2O6L^ydT5&gdHzV}q06L+dAD?g|KKXc%|c&)&jl>vC=Ht^of0KBCx
z;B7mV3cQj&Uf^v%Wdm<)9~baOoImhZOW;la{(-m32HuBSjZ9bPu<TSMp3NZs2{Y;L
z;&?jh)4c6c9*OU$qmil+wa@HqODy5PqA5MVVTp@co?+ifQ_6v}udw)e6+SwwU6}Br
zXQa<HS3X+Y$6NX69VhKHm&3dcw*HH`GQ31D!=^B+V;EaOMSI<kt>NUYrisnr)f+>u
z$`L1|p`sOsS8t4AYgjEC&A2f{)l~=HLQ=-ng4q8~u>s`pSSH2bdn50<_)uxbFy_G=
zL-!k)YvK*nc%6Vg4Cok@>@Qx^hNhK4v7xJTxH)=$SdV(c^J!SYnf#wjXqfgMV=3D}
zo1hy))Zwt^R3whRMwkzeE1BnyN<PB|@M9LO5{>d$Elpxo<RAJ>2r#)(yrBZGi&o$b
zOaLdZ3Ui|sbWBby5Fj~^`DX)%lM#m338B9UznHS&1L9{4eLUZO4$qSem3)=YVWGwT
zy`_9VO=8M6eRMvv6Dyq*%NyW`E<i&VGxL`3M8WbntX#@W%#Fsen8B=H3$axe0j#P4
zY!?hpSC{_~q<vCiyRdm>GaSM=oY<=AhIAdJWS9m5*gjb^W~MCWOkJkFW>L|Ybtkl{
zFb-k#K>jvOx(?~%*VJ`Llv5{1c<Y2acJU7!Hi}07OF2H1PH0p@Y}0F2!fqdT+M8&?
zPWg?J6IzsNdeU!GoJP1PB>FxVmp!StjEVItlEr193)Tm}jK3IFYE{`WiOFOd`MWGF
zxh5^JG5Lh9e`&^H><%XieO##%Z}DSTs|t-}BZE&%EYAgp6LvW7Hm1CL%k^$U%Dc&~
zckA5mfJ501I~BCl@|OGG;+o0olwQ;AUd5@swkLZbtSWKk?})>;!w!$^v-3NLN6N}^
zl>&-K<5m)iiPF^cy`^#{f+2&C1)#Z;^Cr{j?uJ}XwsOFe3+IC~TeUd;0+x=o=su>8
zv=BDnaC|G>8u~`5WeARYbn6A=*ckX1E_%wUi89?JQ{?8fv9&~Qw%|~)P2zYP7<ydh
zyj)IHtPzJn(<3oYX7=T<b2VcIw&$?_b&H8Lq8;VAwj@2uQ-?)6=+-bjP-|hVabweK
zU#;Dy(4us#l_qPi+vdapd^FaxTLD<PjlNk$pSaq@Kn4Dk8+bLzRh=;>fNcVJnT!Ki
z8282j+{K}MryU2dIBt<=vNebIb~^FBiMTi5DTl-RJJn>P?#Ze{?TNZ-$>GE{XRJAK
zZ+cvX>pQdJwMIkbaQI-SI0RS#$3FWv;-U1mP9|IL(N2(X=~#~=ser?$gex*2YRuS_
zD?JsP+@?}A{>J0@4`P&qoqI;sjj`NydBT_zM!%u5GfKBp(m&oPP7y^3TqJ86!s0P5
zsG<&+h0zax4JqHzob3)W>>rbyRYH!sV7n#>aw{IE66Gq#S_V3&mri_jOfBc78HYpL
zB`J_tKO>&0F2IhRbgr9|u_8mJehBlxH1HO<igMC+s0tmYO6<srh8&J=m-)NJOkOQ=
zvZT&jkd-zi{j%=1AJ}bA)ZO+&yY2D1+kUizDg_=#_^C%kK2lO=+RJMDGhcYxmZX#;
zNhl7m#%_MNmZ24Dt+m@8s=MtvyY0a`+A`R<Lu0YRLX{>oxx|XgGCon;+U(Ty5u-XO
zgJhVVQes89?&qc+lefspyW_&#OgK4P<+XC27`EZ?!Er4r>(ftnSIn-E0Zb=Um{F@J
zHa7+0O^;g)o(UDT?~mQ!W34c53ng(nS@KLx+^)$`)hT0As4sH(&~@O}k8zWM{z6f4
zLUr{5d=O5=DLC)-okD8*2baHPfsM8qI4&6k^5D!CjTK#ARD@Ul7$1XH2Ij#7aV&%{
zsdyyU-<I*Eqf=^5wB``|%&9psVpLkqiK<;{dw0A0CS<JqKv&=5^uGJ-zB@*z2geU_
z^&Onv_j9}Nw$#4OISh049gyDlu-$j_=-LD8ui!A!HPoA<YT_VaHS*D26i@r{_J3Q3
zYQYt*DE(%1>g}1|Zg=W$d^<W-!aBD-iRUU=-v_=*BA@h0(y;td@acx&5qAsCBZ%F2
zhziU!gy&=f!<|m+tH1(SMWMnew}VFw{5gk_gDlByr1WGbDGp(}AN^4r$haXBB9oQR
z8o`v&9<tSn!x{;2Yz93hy6)2)`K&9`Vz<1}1x7t<D!}iSmpP&y5+qL6*Z!B<TO{*y
zH`%2E?4;Rmxp>83-ZK(Enk8kW<?7m_dGt;7%*TRUfa#YUPHuAUKb@4efOWJ00oA{d
z3nBo|$xB0n#BL)zB#ly~EE>nF;4z~;k*^t}t*Fcjl*FnPhqd-d5S?gIm9lE_`4i&v
zzvc|P#N&8Xk))P0Mq9dHkjf}mDVWE$Xbf^=KZbu9*Ii$PSKfeK1%vc+n3^58DaBVM
zH74Q!hZQ#MK2=h4W+VEJbKT^oUd8pe_$T%2SJTHIhjvCB^Wb+CkQ;;N3fs38Pj3Xn
zh(`_l9gG1Z9>uBbrZ{$kW8KOy4{nZQ16Z|_VuL5fEkly8yqkm$44Zdq2}Kldf$3w2
zD6ZKqh~lrf{GCjkd}WMP#;bV+H><=MT(eMKJv1$Dh2a^a2z{_!eq>DC3QH=EJ{Yi5
zGqD?d5x1&!Kjy(KD~30~iYz0J0eHiTXO@XWRdg**7M#<<$t;L0fj6=q@2}O*Jb11O
z{{lWEj#oo>D=cVq#DKRgqX=(<4NOdDQpCjDU?YoB5K~VUtF<mtbWC~`niJdA26oTz
z@=F)rnLNfrK^nq7B4NBLDQ#8MTo<V%rTE|-96sA+OZ{U;Sxk>sX4@r*2QOms=AdkN
zYn)Soc;lA;dIe%%f6NmibOrig>UPaYpr6-AU%oiE6UI^S@a8R=NflM-_b&-;o-=9R
zs6f_dT3q4auQ|LXNWpD_c;`Vp5-Tdg`=E*y#^p}JGEHu8`~LV0Oqb8MN2>4&SW3wE
zjuk2@!sp?vc!eA$ZPiS5PtU!ubDU*})39#4Rwz$H$iOiSmO(U*SHP_X=G~+U43tKy
z3Gpgr?PpbCfI`pB%(bEOU~43loL>?C72alr@esCxsXHhJzY^~i7*ZBjdpLfJR;H>*
z_bhex@XXflWe@MB2MsfCWP|>N(bPTMKE{f}Gep`ZZ`Yz?3-dUv9b+-I7WBc{t(qyF
zozYTRT{@4$Xv>6YmVtkTnJk9)!7&yW(0o`xvl{P%%18(sz$vlIHU;`Awt~-gYI;y5
zEOFhB_d&1GlyW^XVxmvH7JF10w<_^I*hM$SLvdCmwt+QA-4?UobC~v~Di)FpYmZ8c
z+4MIZi`j~!E{oY8VeXq`F{?N#$lU*M`TLJtJqzi6(SM$JsQNE-_y1p5D*G=ws#TD^
zj(-2IU9352YKyx~ZLT`b@0D0#S0U$RJ5(yv=OdD-P*m&p#~j{q*|okJVR<Vu_pWkY
zo*a>6@_r6$Ayv!IV7j9*`ntwAF{0*#M{4|<t8w)Ruf6PzDn%j_B`Nl@1+Fz5N$C}{
zd(BDhwRnePWjj2=Yh@c)Wn0-MZu>s0Y-`3kRyJvobjyIHawdvdGR%PqaVtnh*`1DM
z?2Cl!;{)EetExTdHja@-2Hh7$q&_}whZaUqckpj4@t6o&a2UVCDbD5RFula0<qHkd
z;NUZ<W>??Qs%F<$pD9QVFG;V}wRMNQ;-L{sQGD&9osy@k(&<s@MvzQ@-}@0eOL)yf
zX5zgZCXKPe=!1>hH52a@zw|2gvrL?zZc($s)wd#>;U6Rr^WcR<2k~O+wq%~sgRo&N
z2^~|mDNT%i3r#HVpB=DUmns7vg}aQniI2cVMjX4sMP}T@8{r~J-%ssS^gV1~Hy9<<
zxV#Y^uocYQrbT5Yi{2Kyark5`P5bR_nu&Sv(O655Vz*zYCx(fIFnA1+pMEbH@IjV=
zg+k7|#fY0xyc%{z7!GC}ih(Ym%Ip=mG3gapbVO1N(PeZ@dIfeI(e#3_^aGT~()|GM
z9!c>7d>Bjm0cIVMRPCdfL)9i9@%RBY#E2?QIimak^!vj70F&bXmLI?&8PdWqWRDiJ
zkxrVWY(K#Aoeo{tGu&&>AHK(Vw>#zCNY}faDevO0cb^US(wfnG)CrjwPoXuRxMs37
zrB|ulYg}rtwL2XOwRyOgLQU9XQ>Z~(zcYo>pK(Z3RjEUwmd8^`)a;#U=9rr<$Pv(c
zlNQIDVD?0hBjDUdG8lG$OF9C+*?6IjfbMVA=?F-Ss@)N=V3+L(DE;CB906PVr#J$(
z56|QXn7QYC904;%r8@$a+s2RS8D6f~<){RkMx{6c7VbKKN5INqX^wzddu^5A!(mBB
zz?{8~fqwb0G)KU^y=t=kM%C>I*uTpe>%C!KN5BHtcgly=<p@}`S2+T{-TXZ{0?v$c
z90Aiur8)vW-sLy~rjGJPBH8uOt9B_*z<oT9e^2!Ud^WNcPr%UK(i3n)nkV4Hk+pdO
zrtEgG;l#*PPr!`bNl!rHd^`a|M%L~L*s<H~30N>JlP6&P-t+MU!0eZdBD@8TXOZZA
zK=}i{9&R}?0@5kVVOzHJ2b>;Wr!9WDO;Nw9yX^|Q?WwxkR@iM%4zIJ;)XF`X{Q=dU
zu02w0{JLLVPW`d{sbj-y_6bB$532U7?Dj|Np4umN+atqk^*5-YSKH0Ms2f6S?6!x8
z*X^6I+a4NTyNiTD<sOa23WLhuFl9JdiIOe`F_72Az@coo6_x&oq*FruQJ3RkR_&aw
z4Ts7vG<7Od91ofO4yC2i?@-hpyTK=<an7{j{fH)>j$69nazBjNt=tcDMy9(T7Q0UQ
zj*(vXgC0!tKkP3hskeBm7Bz*`OTQoVDvB;fPqppx;K&Z?e`t@7LCZq&KJ>#Y`(YuR
z&e97V4}{dtydH?2RgMXMVsV-^f73o2??$9o%<k>#J1)KN7Q64E)V|kpc-7T+OnTq#
zcHaXd>flYyrIu-r6)(12ceU)ahuJ%#PG>~SHOh$Mx||VJ`($yCPrqA@pN&qoV95l>
z6Y<)})JovTb~~Pkz9UmbyyLr5JrPK^IZMJ+;P@d@oe+7jtXs4L73Bl3A3`s%eG7wF
zHTt92pK(JLOO&=r8=ZTOtevzVhlEhcrLmqy9L{(Zj$&@nPtyDmwGY)0R#(a5AkW4F
z_O<jiT=>!mUUs1j6u-n^e-?Q%F6VI4wa2rDrrqlD!G62?!EjGqnlq{}M6c(A>XMh!
zu7PHz5A^YVjbStRc1*gH#TE!XewA4As_L2?E5YyXSm`7kE8lE$94n<GlJKpPc=l<P
z<5;1+vRx^0K}I4WqW+qLD!`$GUVv?2{Xs`R#XrH6L8NbPI4JbZ-*fp}+Tb=E)JWqj
z8{}xK9~|`9;AY9*A0E^y$OcEhr48;w)qA$9_mYDi3*2JayZoT07m%t<4>FqI^ny$_
zxaGq=Hn{RV$_96MNSY09hD)bBGbF_Z*Ykk$^7N1zY;e@_6<5nsX)RL~YLoi(arOCf
zNUhd6u}!ZYP)NOSc#5t%&$Wi?At{zSyH_H$*MdEchI@2~SHq1Rur=Jto6b+er7BWN
z#nrpm!hIXN7GN_Dt0p>1uGGWb6mayOq#bUXP^ugB#~c`2Y7wq%*;<<^&KKYfg>u@U
ze__~bgB!C)izaPwn}>U^)`BVGlP!{#6S-Y8hbxoYsy!}4-0LIM(=Tn4=BVK*ybxps
zYp)^BmN@+!Mp=xi0$rZ;TyC<DDowg%gp``7)U7LXFc0?ZP+r1k4e%9SUsQA>c7>~A
zcqROAT#URUJ86SCGd!cGQb~QwY^m?-;pgG0Ot?Ljt~s<TD#FL1t$}%Pmx+%<J28_x
z%oygvH{-3cC?Y45U0e{WueV7ztX_y+j5uBaBP`MJc(+RF;Jo3QBD@i96wiJg$1D5A
zup6wU+C}8o+`N^%J|jvkqo}BT+kVu-$Kms>(x*fPU`r>s{g?wrTGi5zsgpne)w?wV
zr!aV5i^byxzRMujh@%hseM+Xnv8B?%X{d2cq4*3gwU{k3`XEkEVNj{1hp-#0(qg({
z;1#eq%fKSorWx@H%!6UwVns!G1FW>2pNTr1pH&{`=grdL)Y0YqluFt?us%z<Kw~Z!
zXi<@Ld}1C<jKr~&!CBBv0p$Lcfmgv^jU0LVBh|IKMEi|Q_j>N%Z5Q6k@bZ957M?va
zg~4yxeg0R)Oes!tiLTpc+drljTTG8eGr2@ZPIBC7yDR_CxI|Y>uqwpioBe6hm$rO@
z#l&W9$TH9edn?J81{{V@vKZcMyG8F&ZqeB0q-*}y9L|kPaf`Oc`(Q5<O2CMSiTA-C
z7Bk658uR)>+vC6B<t)*zd&I<l!8zp!pS97hc8qzjd4k0p*JXQrhWvebusRa&ryF=L
zyawbr{p?dxkw%n?k;!$s5Xjm0TLbfMf)m}uF_8|`87!<EsJGPQK>d|`aZ6?gYJ0pF
z-l18nio|2s3J!`h-8?GLxwzCSE5duBx0sgP{<kZ&gz~0-HPPAr-kbi<cvDwQu;Nfp
z?DMowX)~5ju);;{(FY3!4E=nBK#F@goSaBL@>e%$bWfK2{VTU)wIALK?<&t~WjtiS
z(ujc#pvM++s7lgT^yW{o6&&8G>3(b;C#_Sw99k+c&L_y0n8UzQE3DAQ2feot(HdMz
z4%RA0$?Y(ElvQaLs`U7S1WL{YCZ;@Uf>nt=*e&Vf&{9h;#Czctu@|{8rBYKKAmu!g
zMZv1b4>Wp@n8&OlYyfX>(#p`sE2!Rzi4VfsiKG%w+ayH7e{lJm96=8hVYh)*cm-^T
z82Bih)<SX9kp3VOyUKrVgo{k^`LDNXrkM~_c(_oh^F|g$u@%hTBv6N(LC;_}4j)Y<
zXVANwXayfkBxg`h^~4}=P~QpU4N`WnA}oXxSzdq8K*pi>pQ>H%piF)tyf*0-T3;-0
zsudl3?2{J^e_PD-f}n}N;V@-iMBY@F3mb~%)$wKfBH^S2UCdnfyWGZMmS`XJI+2z*
zjbaAg&S9}=bcb{U(U8x@yl$Yd;|AJ9qVJm9!b)<DrZ|9vlu#cA8qzVe__lD(j-Y5*
ze5?HHNb<79<+r(<KQnG{Wa^F{7fw&Z5vaXyUUA->^1kWgy!o=DN4R~}P!jQNDFU(c
z{c3NIH&l;AN{<CMII?g@uPAKTl5j6}UXpN`BM2|B<>1bauV>ZQ&gGd~Z%dVeZ?Me(
z*ail>HXCo{@VVIQ+wJ?OWt-RBZGHnM_R$U0uNSkZfwyq^`!`%YBU$>(eUX^mySoeL
zFbHR5?`ScrAPhX~VBq;gKJ>m#DP6?Brzw@!QMHaZyRx98SJ8UU+2TaU8bTcea;{a#
z`Emy2luFh6&Pa1pKC;4jHQS37D-~9pz152qUpX^=$J^s0)#FS`k24M)z1@*zvO6hl
z?h_lW4)$dKmgT7#hd0hRC^hP~lxyTZOQIAJ?V-2nWt_ySJXm|Zkm-e5@j_t-c;WwJ
z?>)eyI+8`<X_dM)1Bf8u-F3pk31f`FUhlG?!8Tsoc;#J#BM0ooamVlNyLWAj$S?x~
zh>S+$I3y7*k-;z$AOQjqOfrZZEJQTPBIp0>>OOfiBd_tj_y6A8Z$GR#r@Ky7b#--h
zb#+ys39XYt<Nr)Qf)fs0hJC?|432DBHBnWx*Yc=d=#}fG<=8WN+f{1YyUU`qh5Ypn
z!ko#pGE1~xguQ9%oNMu<m&v`^TJ>8umPK{a7piTqFN=QOp|-siz3qCn?bT(God4Mp
z<s!BDl?pZApf<l;q2?Ra=9enee3RPzVstt;t8L3F1o}I*`A-#UzC~?*Aqpl0cC2?0
zzml9xYr);i!bGU$rw_XM{?dQL8(#Xm!#0%ud0hI%o^t8y&Ls83gMVH>@sM#e^OyM)
zrWA{l4ePmw<sakoGNw3#%o$*cvy3@Ync}qHW!S+NjOsAAFY%|M;lzJi&Jy&61Peqa
zO3#6q;D3Uy?z$O`n!HTwK$igh6rSM5;wOA=*BM0PA>Qd$TS27&bZ|F%3AzS2H$D;D
z{8kG61nP30ysuy%zN@U}OrQzeCYC7lULN(-DNh|a|ME!whaBcCW-)aW_<xj`#}mpY
z<ul<q_?v|k`<ONcH%I@^q9Gc)>FK0YxDY;Nka<(`G#;*a%V>Algd)&PfsXupv^(rX
z3wyp#k*tY-S%Qj(_%x`(cVz|GWQos+;m1&lPp6_Pr3_|Oa;Adx@a|e+K97zi^bas+
zwIeMyhQ>kh3SX)`o~8_@td`Yj#TFi10lrKqRAGu<QblvbpIRaK885;%;?t<hO`WN-
z>idk<avZW(7!PIm*S{BEPk@{iKCFvL8Eh=))9*1iMj)9#ogeYjTLmn!y7ygyUbO}=
zWsSp4{{U_HF8d95P!<HuGdL_6j9G&{Ss;z$P)Wfy8}q^)&AX+eB72SQsJMtNe<NND
zSmPivrGU>}EHGPu&maSFg0j_)@(brp&MT*I9-b+QHoMk1MAB-Ikt(z{3>ZSx7#CWb
zO$>94$vNJH!EWA}_rmiaan!#&T!hQcbq+!ku}EDU3u?Y5zvgS=0^L5qcLmL1colTL
zwGR#vqPVeY8A>8d2_el#3Xx`3%*hQ}XkNHHI?Zc1Hq8w*OWgM?4Tt-(4HzkdaS9yq
z`m6}UWa43Ry8zsBxM@QujprzjXy+LQU6UKVOq;{`s(fN*v<qekB4%Uw1Z-~3DOmC+
zLVqW3JiTTv@XR;6jrq2_1|0IbIk=`nGln#I34tsYnW3@c27AYx#uyn=U!1J%bHqHs
zx%T~Q{F8GVmoF!!uSR8AW|OcS8~Eoi3`=jy$NItY#+ob19v<2d=EiWQ?euz}Oi)Uj
z!%BR%riVhC!-^Qr!h#-(WZ{t*Nj(fglCCr^UkoNhCuwgJ;q$SOwEE>RByDM0jtC6w
z5ugp>3SvE2rvycyFL3;?cUMJVIye)cl2j{k4EDXEDbpD#X-1W@=oO>BRaNVn6dc|^
zn0%yM%O%0d3=;MtmxqD>f>-4G*Gf<&!694oL<WN|V20dF86-7;JqO!*+DfcGlBmXE
zt$N86qLu%mR=jEDOJbjjitI83afdOeJ62YWW3c)~lBg-=oL5wxY*xo5Dbkesvo7?~
zHI(i~uDpU=$+YVJhD@Qqx9R>qujuAl8g-?~K$bWL*HVaf;2X!@;D5RjapOtjVP&_{
z1|hyCZ;bV0f}}TDDSZnw0%cN{27US~5zRdpgRyS$6#=6t42-d_L^S?g45mvMeEq6|
zdDmTj%<B}-;N4Ujry*X1v6PjP#nd^l9ChgQbrE#v*=5mnX#e$kK`Z0*86H-L-Y!>%
z?*B^Fp|h*<NwoDVU575N#wXCmuha>&jj9uf!NY|99zNr<rYX)ExbiZmYfw{N%_UgK
z>i2R~s?Ievt2tU5E(|j+hP}#P3@<b_bK;v-;W%+DKk`aQ<Kb*qt{sO{&W>YUban(8
zXUCB)Dmw}ovIAxHZ>*TMG?iA3je#Jt<Y-e7!j~3qsOL3{%9C|3i2H7qf!?(;9C^6~
z;Rm`Jv<lINP?ys*sjJ(hC(DqoL0zQfIWo?ftS)jVU$PpW^<ngj!tOlvlELg8`eInq
zuO(CHJGSY6>!k>m-|!bjqg5}NOwRg{|Dv!s^IuX8&Tqqi^l!|KV`2X2_b-LjIg~-(
zi((8166W;NA;dI{nh`qqB_im*^dgaKg}&HpD@Xn+%Q+ZjurwbnQaA}Qb%@H@wYfH%
z{&~n<D{cD1T%%3DaBX<Qx)oFO3Wyq^dvYTg*59sG^Wfx~ZTjb-bgi`MC**22{r+-3
z{VsFk#Rc=H=SBSVk+lY!{u0`fG#M5aI^6Vmi%tJs$Yj&cE(~MSFAqhs=~oo$HhoFR
zVAGE)ls5hGkY>}b#%FLx*tfk4BiQsAq3F8#c%g&P*Uf6|+Q4Wwz0hJO3vDL-H{XU;
zWJS?U`eW^+NuPzfy`&wQ^e*U^jt7XnZ+O$V5}+>VpHAE?#MiDNH@rpgzui#Tt!-}?
z`hr8b&WmI4jjLEV5?1;`0(B>Y#|W}sJ@*|~ptHX3Dr4kqvYc^)3XtDRRw2JP=SSf8
zx|PxSJ&!BBmvw#%r}fN?itM6ZVz9ixp^ww_j0%iX4OqeZG-D;QpBkT5WQtFFI8hB5
zI}<WQ+dRx*c%cj@gC9dOq6P<bN})s8XNN<+G-+UsEEGX?QX019hLeW;wL<Sd9JHwY
zD?Pa0A1Dmuj&A6{t^B(#{<BZVpcvHAu44F)koZ3rft*g|xJN#LpHLu%`hpo5&hF*7
zP;O$IKB5in4g)dt!0%INcesOIj*DIe29ZDthA4DNrq!WmItlPMy>56(qZbDutY#Us
zmT<p_3c0E$?v}$1H@xn;957t=dQt{Aq1|C5-txZS<zETl7tebYT+nt_E0)VN*14E;
z#Sx{rb#Ao!Y?x7E?*JT#4JabpmT7X1`MGn}I~3G1-!JpwA!<B)--yt5P>eR!(y!2C
zM61J{zKCnD8(!f~YnGA0Hz49pK>{3J;S&|DYvL+^&$i_Hlx(ajwI(IiO>4p?z``R?
z_L7oKYcl9S!d!?c!X}gEdEIhZDhuOc`2*Zs?MMsjUE$E=q99!?w1HR?YKhuQON}kl
zxI!jIg`972vK-DcM@E;?1o%+Jt9PM&nRp%s7n<?<E@a0`E)y6;qT@9^6cMlOhJ|8F
z$ck4@25*(eO>z0i@K(WbzR-xn9~FzaLQirrfXjd8dTy}WVDjr4F8$AC(G=Wyx5-B&
z^xKKyMopDbzF~abZMGbzz7$4*oO@B|58DReP*-P?@D0pDi}*m-;E<t$`aZ8aQ^WAa
zAC@<Um^KR8>mA4f7lWP4e17IvWEEPD!-U2pQQp7;mortQHhC@0dcA5>V?EK&YsM=P
z)Rm})F2pg|-B_OIyec8Mn3RAtDFL^1K+|5+$Ddn>*`mc-31g_lg7F#I5K7je(w!#W
zEjNf6r}B>sPOdXtqFQ3Rkd?Pl+G2y2M~+s1p23d>Q29$DMytm$ShW$O)$d&Sh1Hph
zX)Ok;2I$wVeq3fPJDa&)zixGEnYpmBIOGt_>b>5;tPRWT%*t7>Q+Q{wjaj`mNoK8E
z7L{4^4WMo=j>fD$n~+({e<`zQtzy&3(a;-S52ShWv<0#)tgptW(5kN#+7=3MC0O~D
zl953h!s?h}8plqFO~k7@bBY9WmNwA{y4=jlnt?CK@P=2TF=n|ArmR^MwhWO_L$8{5
zG*2?f)4`m#VH0?Pb2F#+&pWOTBX^r_c{RB^{HmoU_{1if)E#`)R6g?iMnSQ)MVqxD
z41{7$?ykLJ6T3S)Ejcz?c1RvvekB@bd!=Y#=0xM{F67WjKlxSUO%M;A1GFuS0WNRn
z&;=^ux?V3v6&%lCXCne#MKXegue-(CwV@GlgG(7Q)YKlMwi-gg3q%vqLCwrj&5twq
z@daH$t*}ksRq9z%|7Nx!IH&hqVeh$G?b)|kv_beu2NYTnZQ2*E#%X`;&b`o)J$vao
z635>tt2<uMWOY`vaI)HzHiRJ46~JKwkMJVM9~q3+X&bT9#-tw$B$EzAWzskuQ0B^r
zOnQXDxdL62X4pS_p+J;A-+cF;>dqQ4r>BpL^qwvzabC>0IPd79iZes`EE3G*679B0
z^o~Ykh-kWii?V`}d|-`(l+ieLRXDYco)Ela_Bey|wL0O`m)Qv4ryfzC&9$s#wHXXB
z^qp$y`v`-BhSh1Z9rR%p^vPU{FX@jAh8jRmwD&Dh`yR`Ux=3akK#f}#ZMGa!A(vRO
zdWyja1E|q<tWK^MQnK^<zi~(8QBxd~Gnvn}CH?i;c6qtgBI&nIw@5B7_gN;K2gLyv
zyzcZEGsIaXr3eM(Y@tz54lfTQD5DLA*@&g~iMc_Yn9J>gGS1L9bE!>G&TTMEK0D|O
zD(KzI?SeAN0D7>!??tum&giD+R0F61OQQ+O6&3RK<#s`tZUB{T$Ljh9At-CE{$fF)
zwVcVQQHrESS=1jdMQm;7hEAa-uh6!z1doV|+KKR;nhg5AUL0;a!$o4~f6Ds)tr#5S
z_HY~A9L@PEfKCuk-Hb-G9UMmUZu(aWZ3p|&yvyR|ou;bzj`l-8=Es1?NyJ}q{1;6K
z2CTnj1t~r9r#al|k0I0ks}8@LzQV-s=E4OyvYpi?@FS9a#L2jeL9cXDtbtlH070#|
zB0=GA1m$A<DJJZp&0*^;ZxO8y3wjgLZY#Id<R{nm&_7Ar!X`XMUeqJ(_eR{tprtc@
z2?u{8oQ80UdHCFOwh(8AE5l5_GQ;w;JY<unb%koizLoad%$E&)mxgSUZ$qK}da)h!
zCKdFp6&5jnjKK{9=mqw^ThzYSSJ<~fw+(&g+WT%-`(82j4T_oCbG6?08++fKYTt`t
zaPDpBJImg8ccGY?$8JVT;*nEPn`w9-U5k%iY1QJ#3Un<#a-~^|?`q^phDwUR2s-+q
zYch0k)Bgoqu`GCAx8RVW0Wsqiy{>460V@6M*OL|WG$f0%C8h|v=Fq1X3jeJ;Quy(=
z6zbkxLdHqdKaPLwcIRM5MnDR+qQRNp6X9&TE8*a84o9HX_vL^(*^wImpNKP6I8vcH
zr(|ucLgQgRQo=jj=_`SIXmgmAj==X^cN8IT{EbM~NTKm?1fzKPUNalRcn-AZd(EsW
zd=BnyuUMua2e@2lkM&n2z~!p;2+?@h*RF`RhHbHanh2dZR`a^KlcB4^S>9S!V$bTP
z3>g|g2Tz}LqM(h|`-YeAE~pE7r=w%`+I4TSJZGTs;*jB%!wuKGZs<n>wEK(b7S_%g
zO5%(EP3Ij`y+~`Mu>X9&BvVv}t)|?YG^1a@20SQT+9jAFFE@>=R;=C3<3j%$|F3Y>
z;RY8Q4QP)i;W5r)_2v_Q*IYDB6+eYw41dj;Ac{_jo*SDI6L@nU*=Uzjf)7Q2{KIme
z3R(;2R^8|sjp)ZP9v6jEUn%rs7>z5}NxpI&vNZezdWqrfs?bm1Hbu95S6f5+2~5Hh
zha*Dk3rv5EF>~uxf#~b<XFN>oQDpmGF`it_ZO6a20~hR^c3}|v2+rUK$MjI>M{p9C
zoY6gmYbBc&muen>;+Jh2cXCrr@eNvKQ+${5r5t_#vQ6Jk(|h(`Wm`e6<{OM1JK*ao
z;4LqkmGKh{X6b-?+k4(pdv3Dye3ZdAde5Hro_F(w7GKem+$$}fdsp|;oPXJ(#D_H1
zbog1*JDgp^gzkRDps$5$maf}S6B02a*N9hbIk!rh2+j<*zdG7Po9B728iRQfVOJAU
zPBe%u7uSMj)>K^Iy&!M0ENVuAs?$CezIg#}4?5i_`?s9tsr(lq`+qe|<ybfuQ)K8e
z&1dfNy6EzTHeCW=<8=8yo|oxoP*RzT{P?t>oE!Y<r*JWzKOOkBJm{MhQyh_@2kcxM
zCmFim{%X9=&_1u389Jm%g_E0Iw=uM@%Fvt5NU6@yqfG@v@kS?Cqp=D;KM0c1xG#4`
z7MVHA?FCyluanbh_Hug?x9`^J%fpW4rXa952CFcx)^J`T;vo#=tzTlx-S+K9_3rY9
zB|cqbVqnZ_hk3}Gi6MW*BqghzQc7q%ocoHaa#{^SsFw4(pfdab_TtYuT@?BO6yvHj
zyNi-R+rgn~#kg$=ij@sIBsZa11TLXDli69y$)swL<>c5hJEJmH2SI6=m&4ZUTpVKN
zVj}brCj%9lettVUZ)xo8qp~xO!TJJ6WJ$Q)%q9ren@W?unT>!OO*Q<dzidYTT+<3;
zKW3#3`{M;F_TyIigt*5sn7BF$_A~7$Zk4|38TMD(UeK`L+RTjo>K7`E{n`~a>_e+n
z?ANXE87He0WiF+)VD4RqmTt>UU0*O~GPlZYHX^qQsS7UlB{CGitsR)p{7RUH!gzHi
zYqs|2K4`t3x+!gK{4H(vvJN2>@U}3%5{G!Y1Gj}oRpJ0obx<+_64?`#6;1EPLS~Fn
zac}5mo{}$%Dfz0Vg}?7uM61COoIs;GyP-q!i}XWS<>DX7?-<1Sbft3S`7|`ou9Z%z
z_Un*5`+PcOFj|-9S?1HhH5E@SIeVFHOn0qU$Ml<JKH^kGa{Y#A6Do}Mysqt%!@Rs<
zFy5z!EJU0u6gfHF8Wql@2or0mePV6UCe~7w3^Clj3N_hm3mILwq%7+p6{0O9BO@cD
zn6`zHz?<Fe9;DUbd|%?>quuw0ml!Sx@Md?b3ZIK?=JwOJP%r>p+1tL-AJ)20%RWb4
zUx@9JGa(uCJ@LI>JcHZUy~H##${@{6U2s<*ckQ~DW4|4Z-X%R0gP%po$S9+2p--HL
z({cy10}Q|E^}r>s`<cN_IhxtbLu*W=)#3ZQ4tKUBMKS=o251e~i1NI+a~j|G?2F@&
zr*{s@fSh8(WM*H;sq9RMHkaGNRW#t!+Xbl${OL%@mFr&j%Y0^6gG+J6+8k=qjHbYM
zIEfZ^3}ys4fwQY{J|1o#q%~l2l>n^{`>#8+J9@=#bm{T0Z9)Fu>`Owl1}yE5nPfJ%
z<C>^f#gOlH!|P0@ZQ(X9ojto)@NE`u)4%F2da??7N>3L4mWpU&*N}8mw1qVoMN!n1
zQ?v{>P=#HUp|mCxRN>@rYo7)kJ<kko)Z`V~4tC(a{hRhdj0##?C7{6h9()`ALkGRt
z*HC~eEw4jR1`lBhkX;=V^QP=R*pA16v%06fOnVYIhW8`Jbr-!RBlj<L*5UpW=HkF_
z?X0#yxF<U+CQ&(ueuhB%v}W{Qa0e0Y)jlY!P_5BHRKQa@q&1^o!dXOjSO=jTOI(qa
z<J6UQ)v;4O?wS(j<t{_~;l`B~y|SU8;>N~`ki7t3p;mw|<RdXpB#1&*>k4E-$s$#*
zYA~3R?sIa<Iegv02Yzb0&yVuUM}7+O=|FqMB3aZ0eZ|ik*S+qHz{he3>3vX$bA5jI
zG>m(@>2*Wb<P^@`o&+xAzy`WY>!02S1*ovXv~CJ_v2i+%yD&U^(c(zElLQ#;E28mm
ztD6uGF371c7o9)*x+ydjX2f!o_jKbM?gSVei-K~io5D@ZuE{Ua&)_<?=+iAY6esG)
zN^V*me!S`6lX*lR)Q}fDxRa%dz8b4&)<fT3gqY?m!wNFodY~?@FOz9J+`KMkth%^!
zzNhPaeKCNM2~>$FX_sEM$&z21gct3vdg~_Pgg={w?5exMGM2H*CS&LGRT;}%<s(kN
zQly|&+ZK8jIJi<@)01$v<=ypiwr%R_#vw6nql++^znXPL{)3{rZ3R&bt4}l)sH!N7
z3PgA6^4I+WxHE|<PPhI^+~99+L_`e1lGoK#GO}Dy4F(JQ`(mCX;yi}7g@siE)CJ#N
zbtwGTqW+k3WlcNfl_Ay%!3pe_F4o8jtvYhaYzr#};6hOFl}d_R&_Z68hNXy#uJB?u
z1l8w-?%@`*2+(T4?4DR9XZKx)0orU_YIb%B0}TSCSX@Zq!~Ihi#c<=zO&h``;&#JX
zP-r!1CDs=H^atv8!xAq>&YtY5=ockDFwdt1_&O4RGd&cH5q66hVK=P<-+TGoUDL^#
zV7Ma4-)9pyp1$``^b12CI)X6xzFMH1VhHq4TGpEl;_w$cj7k@^5Kdorl%~-U1Rsds
zvO@CGbbDolRo5+*5%SZu$_V+_MP-D7bUj<-lIy0*2ph#WmR^^Y5%9MXE^CQDY)OR0
zv+ik0ghBfqe)Ud#?kr<TgxuYFn#K!R=F$ck`}KF{EblT6@6K4>4L7_yon=n_IC8&S
zOc&0wq<&m$z~qFb*BG_eJZrD@yY+;T$Fj@`BggMo6Gl!t{_kbd)e^x!z+mrKJyqoP
zSw2fflW%rA3|VppUbj>Wx|}XEl^R5>r>W6f4DP1OgrtT>SFTy)a6msT?P#VZNkK#E
zn@knSTQhy(bKfX3_stCh#}{Oo{I?9Y7zS}(mM=p7n}ho?{5%0J&-8^!&xERYn*mym
zMO=0m-hE>k_?_y&Uz}+f_}+W;Ub8H{cB{QESbL@K(Zyv37ng9kO=S(eeVX_jIp+AK
z>2Su3)1_yaO?plnq=$E%OqjEXP9vt={4)EvnuNU3&nUOi2v+!l@Bv@X2bDO|Xbm_X
z^tovxSj<I)!DdG)O@h%ss7ZXwt+tVEuC{SJ7`58Qt{J}aL(U&!FlDb=ZDZwCN5$^Y
zOx<g^Lz8Ff^-XzqXlCriJ2Vq4cWC_O+@a|`&3uRE)&cbnjenZ)4vqhyyhC$mst+$Y
zQwDbqpxlV~_w&=j-JqFr05=9X(n4%)u@GA$6$LZw+l?iArDW%adAW42z85()!?G92
z-urWW9Q&r)EXAyYs-<{fs#XPLhM|P_?y0sTpjm3|@<}r+!3U2q*u7WpyK}1TMC%&^
z=p9p|75>OMC<}iKEv;DLkFcjrn9#npe%^F?ydE`>Kf`AUwanYAM-8l;VJ`mRcgs|{
zl)?9Vg*QvTL}{u3a$&m9EUmyGeV@2p63^gV_n4<izZ6=h5siP2{vSB%2w+9B*isQB
zpQYBuXv|>5Zc!VfXRNr%AXeXqd69Ohy7E+3)ErdBYTJ|1;c7bgMD(_M_J^;HaWtz!
zwJ{E;pDKw?!a=p|4_W1;`!UziIHa~el2wsf+=tcXhqI!V`97kyJ(Lx#zIN$;tam|c
z!Py@iX)+<{fU!QZfYyPoZW{l4yg!L<G@rcdk~Q1sOfqD5lC@g)+iPP4v((xcG7Xdy
z(;S8P4om!*#*~mHg5^^N2ghm!Br?NTM$S}2)~CJ24g!_^DYOoBKz#oN_j7bTK}?e5
zd;+Qj>eqt~Zm8tv6xC@|pZ+J*#o(1~v85{bGg*;xNq?_$^vA3yxuiwS50O$D@jFnA
zxuomYgD(8z^h<b-Z}nRQX`P+{8sCq<gO166qIG)F#^6q-b>Pn;UhdLy5vYban<k7C
zED<q&r)ToD&wiha#=`_|>pcnE9ex}$w>FOd0eeK*Twl;xk5=d4d6UesYMbt`4HM!n
z@dZ<8ok8MDH)i>qN#@I8l)<Tek{^So`@&vGq6|*&(-(~;(|zVENpceG-)FoutFP@>
zvm&hR4=}j9&sZ2};?!`3fi4~t#TOoQCgEyWj}_sax>uc|*xoW<0CAgKJ_*GJ5;j;#
z5Y<p*DW-`kLl&#hSb)oQj{3aF{CuqX{DAgco|s&grHF@&<-_3O!^DSX_gGBwI{P>#
zdF?;e=f{NIVvrS@3=?CW$)%La0Fm#r>_t<i?boY6^q*oYUUF3}47@GN9^*U1(6_I>
z?+vx@cUktLDYFfI{r0}M)xI0EA_wt4#~|APO4L7(RPCgvT1Rqymc^#2&0wAZ)UC-j
zta=~DdljLQdlBsY5QCKy^?E5n*BA?g2lngrQcj!SKEz<y{t8uY7n`VQS-vzkW|8D8
zl9to|c9zWP-$zwtL$mC~HBauh=Jb~<B}0wWjL4k**{IqM6+1`@{ZBX}@-h2@L!6$I
zT*ozro2W?!n3s$)lR|_$j%2vxb;BUyr`6%qF$dQ}gSa~C4jJeVz2Xf*e^Q(RH@xnY
z6dEEhh6Fg#u=|)JAY=bth1C=B^mJv3qX<iV<L_7b{^&zzLXg&iH6;#(J{aI@+u*T2
z?dvI6BBVPEM2A=zUb-Gi{0jQ}#?JC(3zs0Ln4>Q8*zenC2ycjCguW;ef4?k$wl3w`
zWttR$)|Mpn!T>*?WzRF;PaT(YVP5v%uPdU_(@myF4Y;wd;z{TSPq8JTFFT}~-$SSP
zh|^ybE(v|^WIYS{+Qa|lN$3;UQ0lsm?=f1#^2t6ob;0_>vJUrhK6zgxSSu(IwtGv<
z$s|$Ahkr9V0T&ZDZO+Gh0j3Ds8WT`L9{M4a5E7)-A-}}oFQf6ewdOM7rX64+`VdQc
zD6|6vV?@^ZNk2G3B7-$o!<#4a)?89)JGc_#MmfE9)S(})og0sGI;_;;SLiED{FXtl
zf1&X(qep<Yg#$6}V75YQ!RS(lVm^-fkU`!=AJ;XowgfBI@}F+`(^D)DLcSR<gRY9p
zD>Q$mN1#63b|{eOhT~p0{QxF$gxkV5F&;Gs{k21mVtJ5pFsP6I)F1wvMxQT=YdG~d
zB8V|{!So-v7*GcLgIYQEGd)Os2#{nrh7Bjjh&mFbNNNg9$D!QUBN#wG{XzUWtw)g7
zfCDjsztHM1N~Ez2jP<$Qd?YR&7bD?f&IZg)Yly;Je8Al53f&e?j>kmuWB91mfD_}<
zJwCS7ku2V&$#?$P7?`(O=91SA6XF?+80Sk9(xxr?qsC#k)5k<^`msKLeg5+}Dp#o~
z2NArYzp%s+l)3FGQ?uMZ3p*zHNXSnc!b^CV;pO7Kn3zSMCc_q@&{u;&Oy<7z)sQg@
zeE96|yXWcI-}`S9+260t)3U$M+NNcH-!o76sb+7}v%h~g&yxLp;Wm5r_cik@+28ZF
zRXqE<!Q;KU?Y(q(-+o*xKeM5&!QGuxTXP!TX=Cz2_Ig5lbIbguxBlja`AuK_&9ycr
z4`jb5q?@L#+5fmy|NdojkAbqs3QLdWwKa$3#Wp7Q_K+u}dopLjJxKz;>8PHu`*2%J
z68MR=4esqRrZInw!HI1$3w#wAD+TG~Ha(^LP=g@R*Wssan9@CCo=gajzePg$jCmp<
ze3_wlpLwQ)@Ha*8zVl>4_?z2)RzmoJZ6hayKckP(sy60a?fLp}uV@p&A-?qqA;P`e
zrj=6zf3*%N*Yc6I`m5z;30Ws4q?biPF6$UCHTT#cd))cEC55~$Q;XY>@=SAJuvrzc
zbK`$;LimBDx_C{tir0bKriAe0+QvLe)Qs?3lgO}ow9cPse8Uv_5mpe2hY3EkDmGUa
zN#L_u=uWWo+QP9_%`MVww20<@n((Y()6}RfC(4#nqO^qIvxF6^iQ#h%F0F|zDv%d`
zs{G7^7SY^U(`3u>Q2>`fXuna<k}bzYg*jce9NVG-iO*-q#$%!)FjKZ1T@kReWaCjS
zqGVIgewO%?Qj=*dm_C?zOeqTPmUzkBdQDPjofOS!vIrAHedoaF1vuU|Bukrx&5^Dr
zMHh?8tY<B*Gbn!3Z%&jhlBe6!rEfio@mdQe$aLxW+mbF_SGlHi>06V?n3TG-4s=eY
z@%@_6I!$PN1NtdE%xA$rg3g9eIq)a-Jyi8WC$~CRK7l&C(FbUFt*l;VN{v3fML0*A
zbWM(v?9XZuH6?ljb4v8BNdzhf5DDnQF^W%yPVOctFVN4RL4ekQzXfT$^LM5;&oxP*
zjUk2O+FYTHp)qgwXHovgKaqqq@7mB(Lq_xfhjGi{hMV4GNGHi~)$3`Jf_p;_>5@0-
zY(uNVoe3D<(C4T(xgPq^`=UU^KP%(_9cfMveNy{j#Oh-ZMT}<n6#6mjbBGN^X?#dc
z#W|2Lrzd<G$C@y+rQt4^^i^$bfaw|YzIKLUV_<7r5=&rVZ7oCek-ys#J&$@+WQacE
zRq8cKd1)wrHkUZvYI4WT_AYZC4VN3b`0xB<-#l7={<{+&2Fk7TEwe)neJpHl=pk*w
zoO1PkGFoovbv-;#IY1l2JhbkMdL+|^una4Q?ex0gC$F0}hg^KO77gJ%xu>gDDl*&-
zMVc-?T7G`pNzrL4ek^Qq=)%@vXxj8-Ik|1`bPotpt|GcUk(8d0EFxz(DNUNv=FkTM
zI2|7>76fegkQ1=%vGNCH-v?0%82`A50Fn23?94D}q5~N4vVD(N1iaLQc{4?!;2nFs
z0kvmFxSk4a1^f44*68Uox#9LM6Tdl}8c@lDRVzycjA$teFSIh9u4X(X4_D8(5*DuN
zug!eQn2m6!5@ta1>X0;=2oDF#6|zCyJ+vWQ#t5n*-4z&2l5sd_bGU}li37TG(Ygvk
zv}&iRllwgu!k8U>X7k4Z`W{m(&tqd?*#~?eH#{C8|L%r1QAaZS39~379<^DK<YA`j
zn=EW&b_zbqV8Iibqx8o6)|$b6>k4JDx{c*t`=bmN>m9G!ItJ>h+&|nZ4EGm26)nN>
zsBWD5r!gXPOgDvAgPd3_^Vf~f?H^;^I2~$di|Mex4d>#FC(57CXIe*P;(#a3RSqNp
z!@?18=c#h$^QNwHKF`4z>hHSp`Mij7)c1DN=kvEz%;zHxIia_=<`m3-vV00kl&BO8
zuS4jYb_)8xABKYdPnSbMK^IAZ$Yiso3#VWO;}mS|s#8$F%o=Gh5^y;J0TZJWu%`~8
zf3p*?=Djckd{-U;w>nD#t|I|=I&%X2ah!mG1_ILK%ml1gI02zL<rA={Ra62dJ|!G+
z76R_P8-{>k^~xdOTa|#7c*9{i60jZ#DD0vWu*pJz9|^b{fq>!B2`G6g><BCmN5Jm#
z2q^0$3FwVC055go1Ppd2<3$CXfPm9Xz=~F!fVEGRPr#P<qY^N)uDE|{A>h(GVF;M;
zOgRMPs00)t0rQZ6?MOgwXPtmu76Pul&j}b%w|oKyL?_@(T@lr8Az)rO0)8lufRi01
z0Yfm2?&*%4fKe_ycIl)OFwSKrU=b3qB?19!--}AXf~UpJehUGo-ws2-jQZseFij<3
z2NEzH3D}PWEHDso*h0X$_c#H=pDv$(yYEIN;L6is%N9%zN5GHe5pbx3Bw#dND>>4E
z6EL|FC*Vv+oq()Lf`FAV#d@CpkUdZTjkh^r{pv@s69&B<m9o?IO-ZO#$`-T;L)qbm
z<xqC|Yf0H4tY~xQYfjmS_+&M<JJ6ml(PQ!D$*;MMG$vk}-`WP~4HlwrhOv>}V2btm
z18{XRAv6}vNgB&0VM&a*Aayb48+?!Fr+;FQe%MQB3hrEb>zUw1IMbB3EE}pg2D_5=
z`!{bH61T*`!sKjZue{7mAc4fj;2*c%5=R{b`X=LlE&m9C!>q`1NQS%>bx2Moi$lg}
zrrUtGY^K}UWX%Fw`8TTtR`8slF8wXL>2^Wym}~2}_Bk!7`<vl%x<4DubUV_Hn{Jcw
z9$jfWZn|xX=VHI`Yc3a)stVI>VW)tYvZK&;`!Ry;HZ!{Iw&lsN`^)dbSw3s(mLu5d
zs_k|jZMXhtyIn)uZG^#gyCrS6HL)H+!E97Idm<>EP;{k}TQBTx^2l3ZD43sI4h3UX
zrE>t4&UjQh$583aG$@@@mCRbR^j%KC#CqiuaQU661oV8yEXb08@!<%#Tpj^C(<A{?
zDsuvg(>MWhDsuu#I_Lz<t!yS>5)x1nfq?nZ2`GFfY!Q><mSG48H7JLG43&W6NI)hM
za2^SmXdvLCkpP_Xe`O)s!m9PRyu;~Q^h^Y;e>l3<A5}jrVSU39HmE$Uzp}j~>|4A`
znctohmS08F`lYD#3-M)Md#?4@RtYH71^EG@aKrDYH?3Y1>Vm!#)iMq@O1z~nX%!q6
z`S@NOhE@|<m9DgqkyFH&F5Z?HJFlUp$B(v<6*LkVOl=?vXdG(kG1XDYX~@|+yd`Jr
zxd!EXPqJD><?8l^=Czd8h9Q$HlJ2|_gYO$!3uxs3HOyda`+b!18Py;kuR<+u=YEkk
zhXK_&BQJl6jQpu;vFcGA*wPpShiUm&HAq7S6}0pi*?Fdc#?D18%?Zm{A|{-SW6-;y
zObXP(5Zo5WV7Po<VtJn1kgzlw523Hn6-hsVGdSYId_iZ@Kc%Z(jVc=GQ)pwjf(`on
z6z8J`e=Y3}{Yf&7pFpd_mGR=D+flE(iRzlI1-&N{XDWSA5q|vWzFsa9^QxO_FBA+W
zX%)#k6s`8cw->#7?S-;8b!I9a%r8IaSw5`_zf_>VC^L~vDJ-wfd9e0NrAf*QTma^h
zVz(k<H5bqKl5#THyBMsQ=ap&9;~0#6)SjJw?%!?M>5CrK27CA4%g;`~^HI^}_J`$V
zr@yWPn(_Cr+35=;jLg5AveV~0rl)IO^Pw%H_@c+OQ2uL*^^!opI`XXi!)VDtm+D|H
zD^XH|4wO(=d}zxkzFY@WX2WJk9YT{}{<vS9QM~Awo~x?lL*p4+5`%G%X*UOsd}vBH
zxGgC-tX`9*v>_aJ>AA!wzh}!NR{XR^#jdxkRLn^h)K7db8c+A?V0OF}g{L{moHv2t
z<Q^okzI9G#&)jz`sl2v4qp>IZ9aEP7GCj%vPfzPP{`bFY<Inhd8est&f6hz(?0GjD
ze}X!gA<_6#hWyzy>>lP?=Zf^GHw2wLsBzmu4qiIn-XTaE!raQbglvDu#)0Y2=qce^
z+A_j5kh=e!XdIZOgX!He3I}dA;2bE({53i7EoL8EpT;?`%c*l<&ighFY_6-Je)w%G
z2PW5-$8_&U<G@xO%z?L~a9~<}&Vg|wehm&Nk^_gFoCA|PaSm*X(>buXm5l?dpVCl2
z^^TPTqn;5QSkNjO2MTpC$KQ#<fw9kU4rGn|H94>olZDLb%sFt;Fbf9TXTfP*d<$Aw
zIj~Y%Is>B4g0ni9l`W!hpr9e=z^%Zq$$?uq3;Z|>#u-+MWA>FIQ&;ihY_s5)oCPIO
zSBeojn9<Q@!AYD2yN3UodSDu6?AhOubKqO5bD*fTjRSL^)KI_uo|Oasrv(QJTSw!-
z0v*ha_o8s1@6((E%SQj2GLVn?GFEow9Oz@HJaY2`8wYOcHqU&U&9hb7O4mM!#(_IJ
zn4D-9*bcO$ejNL2azNz8_^CVRz^O_)2S(ZLfg}1tzR9*4E|#m|@Tm5{Q5{TCwAJui
zTn*EQ{hAyoLwjH_+5@)?v!J(q7F^WDcbRP#te3N(XVh76MF+Da+AP?Jv*6;WUsDhC
z#cU?myKoK^Fr5P{6&nYZ)zMJD_^y=$gX;+n<SNlPkgJ2a@NN_iWYpsvm^<p%l!1-N
zfyKyybb~!`-EI%u)={5p<G^;wfh$q%fu6cO@J%!h>_iTn8u@F=KnB_a=g}Sr7;M7x
zcAK!DZp>xbETa9=B03Y*CLE}PnG($+I)oO{;Ss+k2gagJc&rm%<$^^YX{DF8Cy{!h
zOwC8KOwHyb;{IT$-cFWWI#yrb!=HG|ma{)2StEGDn^wLZl>vjLZ`t@gOz$_=*6+CN
z_rqJ!_&rhwGwRJK{66(8=l9Nxf1BUC^?hpA1%02I{<dYGdZoU$Pwn%zIpy@WBr>dS
z$_p|}7H6}XY`P(28aSQ%wvE%d^>y`P<5-5|*s`~6oL;H-J8SDVO!iyyb~H{G=wMDq
z<Mc@6^sK-y<aBt+uA9OweRM?6$3%A9Fp=Hd_6nB3?=w+k=IVLW>#j##(0d{}18<gK
z^8dc#*MOtmBDif#{{O6W7&e4K)r-qCO>yZ>+c@~2)fh4R4QqOe;^(!OGv5e%89+@<
zvFCZg`SWku3g`6GzmWBYO&7_2XWopei*ztk-mr|Aeltc@MiT5PJHbPAI6)gaKRl1w
z-1iSA_olAW#EbgG8q&ftvCcQtCf1-97XO%MNXiQVsl62DXG)q{lWTL5$Q8F()pVPZ
z$V)>pC=(RDx=a5L%pTOo8Jv4uuL{@7I@E?ebZ)DNL%sGX!Q0*+*oOL|{)J_&Y{r-D
z*E6aCenkhfq*b(`-uM&_S=pF-x$xA0J}0~(8V|R-srE-YM)zIohIc9NOc3=x%INzH
za`_;)#&f3)Uj{S>dA%m|D+pER6LkHTd@7!a<!iRHnJ~iJq**2N=o7lt{l0a4zSWoF
zb?-+UpXD+Pa%dad_?*<gu;zVR@l@GwP@AZwQ*|);??)?~S{H}s_UL=DPTf4APp5fp
zEYs<`C$#C5)5bcThSh5<R;eW)`EivJlW9wm`$e2h^FB(}XA_@H!Kw;<gq>399QijZ
zyH3lHg@Y|^Yt+~V8h?h_`kj^i_O*=0<_S8OjK4);^M&U`*}$Rq!fl=Xlg{QlEiG)m
zldQ4%R!b9`w<LK+glF^iB)7#p+mu9J2*{bF-%9Rz9<Pw}%#<mA@wZI*n~~-T=NJ+o
z4Ef8ioJAM|he;UtTf!LI!4qy%DPg!Z7;8@=jJ(kj2L6^XHg)xcb57V`oH>IqMhurQ
z@VA69t)l_PNp$gy>KF#bOaWuB3S*`L#z_vt?k2MFV}anuR+S$M4E#9M!4uBuZiA6|
z9ATUvD`DVo3FA(8PdHbFkrvt<HXp<CW{by32%C=y2s9qn^bi(4X54mT?r?4g72#Fs
zr9BioIs;B2I#)+YVE9|2lit-6Zr5ysk$Vnd6sn?zza@;FX`XPNcpHp8rxC`ikrD>}
zmN35U><Q<|wGHva9}&jU5fTReR@3cw@`Ty@*zwpR__0vs#})%W3c7g0?V)XWln6Y6
zDjp>UJaRgD!ujQGFop|$oK^WT+`x}poju`pvNl>~T|gLnG9(QAEn%Gan&W{M^DGS5
zJMcBu;=-CN`@U8srBnm9Q|OcIfCRSFpigq!dm@_ODr$P6uqhW2+Tp=O)b+yOdZDl%
zz6@|+Q*gyU`ejhd9{iEi(F>COX$W>)hM`8<z!M1d${2|w{uWUG5zzoC(?Hx6AbP1F
z?&=^iXgu`q=C0S6wuQTxU%GEMPUg+nfFe^gOzz={R!vK`oEB%PjFl={{ms;BM2w|X
zn4&8&u&0}))hnV^b5pBapQY8`M5~rswTSUuoC&(g)tG(>SxDxgZoxf9Q|xmnz}VdU
zj)v!TQ>X{V;pm@iAC%wxDXuv3Co?-286mfY9E^P5+1dQXFQ5#cXLME}_pMZc>Sois
zSV*>2_1e?jKyuv_`i0CGKSCqnSmeTBvQb>L4=w9p<SnP@BwkV&+eQ6QMrHGdUKAi+
zHhpMjk0Mi}H$<a1weM{1WMXJ*2w*tcPiba`{sX?n0QZfZ%+EiDbPOQ8*+E6?rqhhp
zU&R+&n9!Qo-9o=5Nqan;?rN5;f52)~JNaL$A3A8s^B#8E6gtfGzbP8MrG4i}7Zd%T
zz#$CjoYvJ$=l_Cf$o@lJ%+Ei9<G5~)?_n10ECL&`e8aMK<_;ggE@W`Fg~1-Ug$(Z7
z$@+m!$l#?Ntk1u}yJf}QjnC;PFahy7+QZ!ZGZ>3>o$MNv$z1YX#aiX1{Eh?$8hO1X
z-mSLF>?|r%6*^=|nWG^8IMP}EF~=$YnAt=8fj~ERBF3mH^;TTU3-n*G7;h<JpB1w5
z)fKM<qJ8L$1`U4>^Af|a?UZO=>eq>w)zJJ{w<;x@oJ!=9Hv`)1+s3-|L%4zSxnFw~
zzm1iO^@?0CMXnli^<7)e)VuQ7<BI)N&w5%g)TH-}x6Tux?CA>U+#m6lHIeG+WSM+o
z)LU8wss724G0%I?hF(Zwo@;-V`?Q96sRi?#ietXlhWT_A^ZjoTHK=TNgUFbleaD90
z0M*HEe>LzK4fB!jnlZmsufmuQY-z>(QUi(k;FcQC?>rM3^L6jr(3>y)0EPBf3+if^
zpL^eo`Lwzf#{B5pR?NrOmzW=WTjTkqdXX{T*2;$74C!IoYJWBJDGl>$t<0E@eX7Ek
zpMA%QdFC?`^Yia$m`{H?GUk(7+tAznq`)m`f3@dH4fFM_&6sa|vcj0>y=TRI_0tmb
zmG5cNvZj7y%zN2I;<A*Mp7vK)bZMDwk(QGcmzJPST8^mFGWl&|eaO)bjb+BRN3Q%A
z4+l*;_XC)LI(L723`d?wBbU%AwU5&<IfO^;uZHVGIJk|O5q&E@guULkGU9e!$%x+X
zYr>aPC-M-E{?LZr;m2ei68ozok7<~%`p}H|j>jsD`C`S2`NldD^QDTw{42QiJbtlo
zFbV2)pMS!Q&9<R(V}rl-z0vM=3T|xXqm{Fx9pBi@t*UKo7UK1T2+QuAc7YVQ;!UO>
z!Vg%kcj{LP{SXdefxO9IDV(2Eqg41jY-ieN$<IUfS7UU3_WQe;p93GOaE-ZJHh%h5
ze%?`xMFWpKX{+#wVZ*VJWn`aXLwtgap4n@EHL;FHli#ACGU`-VMy|eVrKw*%Nz?Ur
zHR)a+WjPyU*Ze=qMPZ=*)fs(JSY%lg4pn?nm}OfOiq%D7&O4fFofl;}8);|k50d92
z?5|36p07~MnD4AO&llQwzFFn@;&(O7hea`d7TT@KwKB$Hf&EpXZgB3i7(d@u-1ymQ
zGk)f&#?SVanzT%47#Z_fcH3-=G}~s{Uv1URwr%g2F)w(g!k8DfuwuTvp~QTB3k~yv
zXZ;Z|@BOw7y^Au&(QkisslJB!H*cFUKVHAWm`{Gwius{uCFWD#G-{o^XN?Q->P{rG
zmtlQ3!<iZV2tu*$Qm)Rs`Jp#)!zHh~UXv91FUZHe=GyMTq2lUHahM9IJ&$^c;g~$V
z)LWDS*S*Q~EBF?#8?FB`Sd4cEszhe+ZaWtzNd_0&Urp8-eAmL@VHIcaB^!eWstmqj
zV(`g^`o432dwttX--Dfad3E;J!N#&}Nj1M#nsZ)ztP0mXh?%JrS{-gpz~si_UeXK2
zv@P7J%-i%yi`1q#j<?C~TwWXb>D<_2y(%bHR$J2}NUOue3Fv_BbJXj8CZh?~&m8X*
z{%-qg@x|qpg<rnB_eZe*)J~DGKJDUd#&nF-W?m(6EE4WJ5Fo{>G^W5tl*SO3#yAG&
zqttgE*1{$;r7|iz)Bft1eoZjc!YodE8~%&}Cpm9e1#0{AQlRF&L7V|`6j%7T(MMv;
zUDKGRz^YhxP&KGRE`J1XAOF{xK-<FY?woH!J49l1KPC=q${WzkIB{rD-uunie`%LU
z-<a+a=Vax<SWWq({I2D~(EU-gHC%~D?@MWi(ugBH;{$uK=*MMAUi+)<k82~n<pc9b
z7d~ELd$6FDb(~i`CC7P9E8+}jiX-%#UPF3thOr8yHQG`?lr-yF#Tb)U-ici?#2e*F
zyHL;N>1I5ar?#-yD-L1Q!EuYxA<qmEgEJ%Eg9kivaGs{sq31+VV(@N>m!x3ub!=oM
zzMzfW{E*o~=i6VcdqNwFy_Q{C=!puC#b(<sZK1kL+wwkf`myX}$@8*YaLHgIvpBk6
z9Q*>-)a+9=a!t+KE$v02<wdVs_E$Ib%n{SyG81(!xxz$^`J1g6^mA%0=)Z}T$xyP@
zEKm`S>kOh*B%*G{U-SmT9;NY)w_`oD#(G*E`ivoNZ8A6Z)3z`$mb39jw;-(nees;^
zcDL|KVJ;Sw-qDV?%)zV=yW3e>Hulq6(08J-s%H(D^ApAcm9yofwP4p!5;O)7T|eP1
zE&uQhqal{I30ew@hAT4qZ~TK$^nXM(QDe2xaTmQ<N%#0*!dK_<7rlPTY3hPL6GeH@
z63qXdK9RWnj7aOsnV^|hHDLBnSjBVqPy{mPCvP%!K{4lp+MDt2eyuNc@kyLaYrwS=
z-ZH)bbaM-SP#5$YQ+`K-O*h~ue)Q@D{B@_qn`}PVHlzPD;TYl<ei0nQf&ae^$8C=5
z_(k{_VoV~!Q3t3TFzVC|hLaM%$eSR`uJ@FItG7!;*>w%MG9BtoL8Q8d1Z6JN;tI3J
z5EJo>*lY-W`9*LHu_C`{xC}8CzX*;Y#OW8oF@#(FA~=R{sfxj=0liNkoZDlJa15ak
zzi7M+@j<@`jv=1q-<@7=L+ptaOdU8?)t~034Pm)Yanour4+}3Z`PyAi<S4>CM!^8a
zm|}xh`8U4rhVOsGm1k79AZ-Y%u_XS6_HLOPr5d#2El;&~*VXc&tZW|~D(_py!^Mtn
zEic=ZPRU~bLz}~Rd~&iQCd@+Ra=fD=Z|KFt0IYv}RV}Hk_3De8raPF5)Q_t6R(IYj
zFNXKpj=ko|3d!PIT58;NJrJvalefIx$*tw<>)A!eDifcSb>i@c;vBlrNs;%5<6(7Y
zx0a@`u#1k>W_<E(XWnZAj^vWgio9<b55-vgStQ8Z+fDDa44-W3%6lzAx!%xK!6@uv
zjFIS}Hx(IJ2X#jZ3K)mFxr<v%TDi5W-gGrSDd@tXu0rWth2^O)R_49Np%92<Jrg_V
zy)NOCj5OZsC!DK8(iE9pAs*)97>d+%3p(k&j^LANIEDvt45#22&c$yX#&3ztMkO6|
z9?!!kJMmlD_^loIt#ssZKcq|KvK-h|@6``^d<%Kp2YGx0d3+0boQXUZiL6F+(|g^<
zC+W!J8_456$m6U^#aNWyt!1n`(^2m=9iJTPz<W(a4S1k~BJWPdLl*WDDW_(3)VXmQ
zpNz#`C$QIO>@}!*F=np83_>Ck%a`W-HGJNUiRU|`%U`=?ra75sXr!1}BE8({uTcPY
zp$IQS5f&L6b35y36yuW|6yfhtgum&e(2fj7{zoa+8>yB|J3_lu3T(Gt4dstDDXp2v
zo3#^R#KXQy#WD@ItEE!Pj$!0)6$VWLjN9#$!S;WV#Ml_P?7-3p)fg<R&bI?oa61sk
zoDJk3Z*cH6SUgQsXbpu@_E92z81{!m_GG9^Fx0qUF@_q`s*I#k!r%(ua@PE9O_>^K
z)jC4buoggk&BWLk`T!J)4vFekB_5V<B7{M0rytYKQwGx)dl9$l4EAjjb!n=2XpKas
zFgIbCndrb;FQH8sp(&1-SmL2g_<#67TnQ1UCz(STROls`i|=6u`$9zdnOIX7b2hz~
zSpSj1L5_7}Mg+PZ+E~T<a)>xZwV}Zr>)!~h_x=yS`cDiFt(7?o-2&?r73)hO;tU|x
zLpavJpf;g3;iFWnId&f-3I$e^K7K!iL|O&^eWs>f8TNWR^QN^HgWK_hKBiTZnEbUR
zasR=1!k`YJzlBdz>2IJD7Rhj>f{W1KGU!C;?;s(S{ucg~ipA(s)h}(gd?|^+^s0nD
zp?&FEJIj~)RwY>Z>35KpDn5ek*0!^i@LO1w&?hxOKUx6|t4iqoShpG~r;7Rt3=x=v
z6|-@pPa0tIBNv0EU#H@QAEsn8{#Pua_c2&dL<qe<kv^PQL|8U`fK?@g`57UEmC^fH
zP4TXnu%LWreHzCge=Q&9So#3;|5Cju@BmzL=$Xpn81$-6nA1%YST21?Iv^4fEB0rN
zx9CIA#f^0=%x~lF6V-v^SW|{YQ=v;x>(zoj)JW}PXh>bZsY&Cx=5nUdwwU`YK>s1r
zUAowt`pdt|m!F4w`H_6-`PnZ&mM_1MFXLDXK2!mk0P%$0*P2hy{UK7sa8uosOGPh2
zoNa`5I=043gsu#l8!%@AYa?{QanWX9xo!T$;KUl-LcJc;+2a@N5tx1+r17b=N--+_
zGhYV$v4lQ|7{kWuqH3NPbj$|2;$JdVXrg!?BcG!X=+6bkTw4f8%T^Hi{(f_#`>|>o
zNfa+@iVSs__s>~G-xi&Fe(w#Jg4FO2P3XYqL6WnBIvpxA_<NAsk2(Cq_a`RaPhE+W
z)?_h_6X=T!e%Rq9;(u6s60-6LUV*tv35A+96Mv)Xwi!8I0@q^6Z);-Jn#11_qQ07%
z<HgG{hjtKkZZba10m{-SWtoYzG9$?p*em#)vJsg6ZfuU%nE#HeT?SWopr5TO49M|f
zsxc=%Dnf^T7e2_Fyy4bNKJ&{{;v2&1aK)s<Q={qdY$4WgRu*+!wA5?JHkHGQI0s6%
zY9Z+^1|?m%wIIluzQ`NELeVY;2RD=OF#IA@;J18Mz>N?o5^BepAiq7*-mg^Do0(rE
z(nZqF(4Q|KE(SyLNbrB)NCxixNT&YRk7RNMM)Hpgmf=WV*G96m{DE{Pm`2h=JHh}y
zl3gd^Wrsm|MEM^$nq~jPM{`nzM$;W}G$-L`{)xeI9L;MXQvCBr)5YK>H~qw#SVTMd
zX=OH!Z_CP2%qKL(Oe;fLh{nUPa$4>;w(QDxMPtfoxl32}{PWP28=k>(8gJDbC#5M|
z2KKHdf`H0=2b0NS9#5c7R>Sn@QQISDkgxA^I+HNVyNf}`sHzaxe&uKPmeUWdf}hjd
zG~BLVZ{jJ@CZ3!ue43?tqRq1?`<RMMwd7w<adN}^M{iJ@Hp$Yq_Q>h;e+PrzQTK@<
zmKH^w`4uCROWpsE$v=n5$-ij9D4)Sj2Fv0|MYP^9&N3&1k<8K@PIf^*#cHoJ$=oN8
zZ<WGziSPv%gRk$|fGc9aTiXWw!wL_0HCY95*-~!+J!(Z82;aUo4LbyiNytMcA%6hb
zH-!asUbJS;G~VPumwPSaf@I2O(8|!+Z=n3SsFW+=NT<$Jm3pNd>UT4RbEvu?-^H>y
z3lv%f8BiU9EX~Z0<bdEuszElm<#DJ>F{Ln-rDArKd&!%7CJs){6Mr;u_`;&|%u_O)
zIMBfavO>NXERP$$?sa`x_j)j4@DZWEh1$*p3LaVwb~~J@=<@8~rd4^XN{FsPYcV&i
ztroOai#KA{hX)w+Uh7EH%av@<%av>p!`F<#ja(n0uVAd^ZExx`O=(-`L)@Hyur{`c
zvm8n;U{Pv-Ng3RjW4YFnum>)9!<FL1)fWrlIbq^fLfjnaZT|jYZsbq~l>+?HAN*#l
zbJrNL{=!;hMWHV+Se@r1v>7_xddqPJmtSVP=pgclUi6whd6YrsU<{EUdY~p{lSBfa
zOI~9HO)UoJ2Z?kWGFLV{QY6uIp_n8x*muF3W{@edOi%_j2z<#omcn2uXIUI`j-bCK
z^f4@{lZ_>HYOzd_h2vpZbHSL|JuichRQfy%(MDW_Vzta+UT2bCAV9ATFz&LqENpQA
zMHVF<sAUXEgn}~D3_xsgY_<-;okDF416*{`TNF!Z2mDbyn51Fx{TK!#8;NrKF~8%`
z@b%C<S$;nzQB?dFEi-)h2Yg8cOa^|$Jq9c9-0@<*B0nLtwjzh+#u|e2#+g7LVQ}zu
z#7{^NjBDgfjb$AFkifq#BeVf-j;g@QLR>=Mph@rw5%nY(eGpE_rVX@#A6rOBETi|s
z*^t*bs(rac$u=2<sM@qV`c<(-jw}HE5QDLQA!-er#h1Otgy^*x6bW9l7nZTsB6Qx+
z1Zx&>osz&{Uk1@?*p`Ty6H8#kKvE2qNVrkHbSd&E`v)0Dd3<@JeAzh4L&PYz!ymT{
zqkR64|5c;h`!B{(zVyfcF{8XnALXI8Q9frK<-wQDyK7)@C<8fdSDYKlQJmOjT87-O
z?-vi%66jg#^L^&$)79sD4bKV8#+-o+a=SURG1M@L!MA@%qx3f@9uxDziboB&$Ooqq
z+omqFqw>5`i^VgzxdwTry}X@^ggwMp7<}^vu6pqST7@t8nS6Ds$w-=;{*%G%R6_q#
zD<?xAfbsbbla)PuK}0M2>;~1!hQ`9B4M*mC<)KE*6A9R8_71te6!L|E;d-{n>rbJz
zU@dXeB<PgP-+mX9j7$LrE@u(80|pP`!jVefWX>d9Lf%fLZ*jXSGZCA#09Pty&<T%;
zp7LYXn{>hgbO4dC#IrVOw0bHXPgsZs^*5D-IRdU?g#9Kfqi-`p-%|7saIgV<`wa7Q
zdB)}Z!9?0X6O|%dYmDW{m++B(6nl42S5HfK{m^Q;t@~ObKM4%R3NgJOPGpcY6<R!l
z4P6O+1iq!nxynKM8+oR8-m<RpRh{F4$A1>NuFPPp_>hai$qQb$$wCN;-bXE>AE^j?
zsbxAuYJ1EwMan4yE`2Kxhz@#zbSxOtJ&nryPV=nx#48NeaeE?8R7!g@gVq>MEA6K>
zKB1JQ^T#5@_Y0hP+b-A*&?=BGM*%im@NyMX6_#a?R9dAKt<1iNrSt*Vf8MJf=AAMe
z=3!IL;bCYYy}<m4<}?+}SVBK$uw$_Nz}$=80LQwOct$@bGzor3Xk1M-hWPTu$Q+Gh
zuwgL4ddBEMO<=J8`81&`ABJtYx)t+Vn70<yP;UW@?=Wcf-PFZ!q9hm5cNi>vgV6Ui
zOGriHRCFYENhE|qyAW2P#WA>)ff^0}u2Y7MFQ2!MK^%h#0lnoTWwCMeJ~(<#pixC_
zla+}@nG#|1`SLzkXaG|ufQ_@lfAFmFg8}^DFw+Mgh0B>Fl~#f|-qhGQS_OVM@AZhj
z_@Xk*=FN!|vJkxw68YB6nS`=Xr2)Oq`3T>+aCq4Yt;||ezJIUUnkG3Pp_N%vT=(Kx
z15s?~0R~G79B#QF2j~Y3Hm>xQGAADWZ;)g2(@$PQPPj)QFqj0LG7-{G7rg{)o0PF4
zrZ_RJWp*s1)nQC`QdSmA=%3)sP}Jmb^bgK7aZo)X*Bkbvn!#PMzFc03OMediEut%;
z<WH=$%*1#G83hE_97Uira+Q}bC7UL|rS6!yk1|*|RMN4_X6w%sCKRo~xNz5lPHDKI
zP-qg&`2+cHSv-TdcrLXro<r~D;`x|75171_kTkxaHDr*v%17w$8KKW(jW_yx5ejl2
zgR*>w(=XgiWg<ucX7afSA?dqr$YAzLAE6Jxg?vYv3{v33qy{!PlTj7znD14`WR*H5
zMYb_nEXU*#bxagFCXa}1;+}km(~V~a4H--{VeK(seJ<bOOf`j8K+uZyQh{|zz9Wci
zxR2eZ(dkT}ufg;`6U8GWYxM<hNC-MA@L&Ndx*|S?ic_KY!NxZTDmn~~Y0BL6CA7ja
zsY_FGnHP1VQIR*9Rn7VU9Jy|o6cakC$szf~aS2^Mv7@30{vCA@`Xo1IJ$&}p77KJ|
zxd2d3?6U5nPZ22c+Q@CjUlCZ|LH$fs2D=@^jqA;9pLS=alE8L(M|t4JpSegXYt0D#
z3xl!g;_!{Z)$?AG8pLXDTLL61`T1ow^7Dph<Y)Z<g#6PQ`7@AwR69VJ-yf?chdMY=
zY>CqNKgAev5+mP*)P!s?GFMoP$WaxeWtM8=^!yur<CycG5w92xzwEVLBsw}!j?6IQ
zOF1;91BrIcDA&9paxo~t4bgpkQljrH@3I$NK99iKf#?kp&a>;6%X1NZ!Tj6|{2kt5
zn-oHZ#iq$SZDU%B4R0)i6Ak3UMBJ;!!q@WR8=4>ZWY21^`V9Ms8o99yX06~tDW1{l
z{J(FApDENSKF7JlEfZYts)%H&32Z2J-N%inQ7tjN`*ed4mgyVSlF-*A$_!36C^n+J
zQb)PqzY*m;f%003a-KjrF0yQ#y=0e-0fXe&pSfh0je&!7*%)b)jT08x7^TU^X`^g>
zA4N7qe%nNxo-=d9Tf>^caMo-v2v^|wFa|?EX)pwZTA#=b2CmZolbgqGg<H4%!DDgM
zSaI|uYbOJI!*M{}aQvWcfZ`eK9zcqpX-YqU&BU#E_?GB<M^S7nrLf_=*BGc<mEnFs
zGwEMsSa1=>8%+B980_Qb`zLNxYcno-Q#nD3`j`>=52jET%zi!?nPpr%-iejb5D!@y
z*E=fX0v5(S0)+#GOMWyBS-9{BgY<#wHt^<U%Qg@l#l;BX$AQ8`oF2n%2T=y|+lCdY
zf@#fttQNv_HkHYblNi>|awW1hbENm?q+E$ary#oN(ENZLPURyo<}V6;5KjJ4mK}9+
z>jUzH>#7!m)qnKUM_?s3TK&gRDMx+rUx|kL@doz{^<gc|sE;<G?v%kICvm1kGOaDc
z{tFFk5oue5#6Y|_{77KXCTQ@!WlE2^6TVx8n_L$x$~VmaqE(iIl_I`*a0bN^KbLPB
zeyhk(k_5;O<2{wLjBh;0#3m~q{(JHZ3aydoC#8gyI+Hn;*V|i=Eczu#a`f83*+B&3
zq-S|ODU<2HV2=9vp~lar;ZfUyMP8y&7RTT^H*gcBq-=Ti-!JvLK{_vMF_`lv-xG?-
zd-tMAA;-h$frLEMl*YkHf{VtMm@?Gmv^#TCpQ++AYpVQ%wbq#Kw=tc%pqavo7{OA!
z`2;TVaf*j2-IANqJ_LrMuKR|-dQcP(Z{XtpeGN7_6ufvNnvKV1|AJlEstWA6>Qyvz
znp;_;(+Qz}m0?j=&wGnggHkZ24<m$r$cHkOc4z*`1T+mJG*uV`8UI?D_O+A7ug%cD
z_8P1mMu_5}tzdZ%jwrX88e;O`A~$WrF!9UZ8KG$b+6wBHi5A0*Ex64fTTlkeo)O>l
zQ;K&th$4&Uo+#upQtm+kZ_-Q=hiZ>9$QVpYQM7)#=ne8Q{t_<n#ml3>c86PFkuI<(
zqpcateN%9ZLKa@oy2?kPJ(LnRtp&TEEu(3W-$LQaEWe=#H6E?SoD*ppWVXb|=Novk
z=_mp>TM_|%<_j2xv?1odF@Pft!*GZ9;F||a0LL%c9Sc=CWh;q!ln}x&to;WWozZtu
zxcHYVYNVdwbu6K^VZ>&Vin`^@BCkiNk67GzPUkA%0XU!UP|^rX);FHcB)(Ur{DT~e
zbzWz(*s}JKaTHz4LBs&}KDe3hP_(!ZC+<*IgCRsG&_gK0cm{2XX^q4p;&c<1>MWwQ
zpjSIWAM|q*ktNf3So2px+ru$#8M$E3vmPh<v<JOywRir>;P^nI@Hu|L>q+5XIkej0
z|9?XA?+eL7AtWXDT1XZOAvtFflBAy@B>#k?D}A{99pytkiomT{zk;b)x+zWR7Z8Zy
zO6bityvey9o)o{+O{+sr4510mT*ZSy64Tc>tN}!PW6^{BDk2jmXy%_$BuB)|aLK7A
ztsfY;$g5CvT~y=asRzxNIeiQZmm5NcXcgpUb+{1YH}aNm=Boc+MX!^=#Te_jJ6S9J
z$!_K>4fEs?=$-2$(8ifS|HUBB=L}Lvq>XCwf8)8>cViA$Ov9Ej4*owF`)9m@)fC?+
z+>enrdc+O=y$rbN#^CRSwuZ-?3AB2uW)I;39=JkS00^IZ^ylKtWP#6I3LhBs+TtMK
zB8ggDN`QWVW{QV;nVa?^XsEQNRC9<8SZF=EO5frjVZW*!7)~Tbsw50w;1lP}=e9`I
zlQmzWrJfe=*y<pOv<f6@7R3#05^mSs0Tl!=Si4n%yDr+wBj%Hv9fa0|KRVsC4!r57
zHQ~8rI)*?Z9>8uT=;f^mcMP34SGGEcvw`98TSb7IuJT5n<$Gbz>$0hfHDJX|I@;o4
z&UX$%rx5rpN9Ugk|MNF|#rogH{Li}lse(_R!T_p5M=`ApGyTH3Tm=L9-e<7qwyg7n
zCM1`M+Az`7=sgA{ypdvVG~Cpv6@xRpQ5(ih_evO0&?z9=)?kD_uFx83v^I0o#}UjI
zYN)~31wK(TN@U)dE8Uhm01xfzGdQ>f_i&i9XG@Mx%h`i_g!~<jRID15pX0-O5Dzn0
zutV>#S$4qY4>MR~c(+l$Gt?haYZa-*rzFHBhF(RsUV8B^8ENtD4mq5G1x9Inkil^S
zErkZu7=+Y5L#%yHi9U?P#xhuw<0D$#CCXsM4hP}$ISFo`b3`kW6mbvr5QCcmpB4c!
zZ-LKpEb*PdgYPla>3d_oFXk!phWQ}|x3HlI7=wjBI`}wk8R1j-Zg2jN4(;GnxBw-R
z==Q755~(YNI*mTQcNu&)!bfN;eU~Ewen!ppg;C@;wmWc-`LHuV%>mWiO%t<eeLOEA
zA+g<9$;mU#E-@2Vsxz_Y0$;RK_El=zyZWr<!}2efD%6pS!QllyceuX!YTrBa%m0qV
zsemhx4q+5X*s#NdSX2sq`5@GR89vki`y9!%9n=Y`XE`GlTF5Ud6_Hwgmd2b3Og+&Q
zo7{%r--=vy{uaN#alX%7=B*inY-}MU`);<+TIj9k_xkJG+1d<>W8nYZA?kkJ$@Zyr
zzwjAmYoG5ki&qMR1%@x(uzV?wL0`4+YPD}Uwa6MWSZn}wHQN`Z8d?AE9cY^^jy}`S
zua&L)wen1pt%y&jwV6Jx9NF>tK1)5aQ5-W_kgU}Fwibgi_*Qy5O7z!UC&2iv4h7BW
zWAlAM>iU8One@`;sY2IF2sbXBcea=%UR}2CZZS(Yy6K=9(W;>`*d*pGDWjh=xXYEt
z7ox(5H$c5GO2j2ybYxcqJfAlVCl37zzV#KA3PGJ^6;v+de7}!vMa{@V3w)kr^Z}^z
zjz3cF3DMHsKUh-gOrXu7h>u)#Sa!~lhWWekcXLK)TMtcvX}%(bQmCCx+d2c32HlL%
zSH$}|u+!`GP%lg($qMqxLu<i=3l7Z2#&=p?2G;|=V!qYvci!RQ)+_v&=`#_4K4;W1
z?re0a{OC}mPvv*NqZF2n@TFmhicqyQ2~S_jQ@LD3tG{8>y4I5wZlzKNOSvX~g>&%O
zFW_n{p=}wA5l@{kYk{wnx^h@r1UZd^nOhuzh-Ww_t-8X+V5kb|M3|QuTOHa;7BDY&
ziO^eUynvQSFwKxiuz@*|U~hv}A~Olz+~JT0P2U`!NLHD^U_RG^Qi=N)*p;{oIo6zi
zT!{AV`MzxGOf5#wJf^v83u`ic3Vje(oO3ARSE~5sL6?PaPgrFJr*43AI3NQ?LqvDK
zIpKJrmxw7eZHt3sD{k7JLB<<JGGN~js-H-om0O4Q3_d6H5qQX%KmjGDlG7a<11CKs
zmcZEirA7OXG}GA`WpMj`w8&?~YP`t%)F>`%AC_5SKQ-9i8y@BoR@lvnGJnkxf<*a&
z&vkQ&!R-f#ni%8!=jIIxWzg?Iu|IK&2qafFtqmKNXl85xt&OD{y~5hS_$*=Tt}-=x
zhe1AX^ghE#wk5&?U9iy`P}?uj+bdLojl6XgSh|Gx(VWKL+?-B?N*>;~Q>p05h3!eq
zTKO1r;{m_OS}D$;KTlKFvqT1)9~8^k;?L3UZNMP+LB06&$0mV%gh9q5+RJkvhpn`l
zCR=9eEzjs+q*1P*)qQpaNmW<JRKMspT<>=J<A@e=9D|XMh%s7d7(8xhuhmI7@v$j=
z#~9gTo~6fnwFiY`9}}Y?F#Zu~8BdyeFRHZeJ*bxt-Tt{zStK#|2C>i*sei5?P^D2<
znx8sT<-A+<phf(yF1CnY|4mZ-s=&3yLb3*I(k1KcVuNJ855qR0WSv{gCF>m~ehaxg
zx0s-84L9^Yy4WO_6GZRQ#iR)35`QbI)M)}4EJq+ueP%WT8!#C1kY0!SW2+JPgDxTy
z%8^0Ty%!!)@OR+jwDQF+AYdNVVUDwX@R<H`j9HvcNO3yynOU4h>G+Q{_c$$k9JKTp
z`;aDp!#^hB%tsl&cvh9i@1~G{Yp1qbKkfSFkS>gOKQrzZk{H}J3F95{I$j84d>VDR
zsWUYsuLV6M8Wnt|>&jSesH}WQuzvMtcol&%Sn`lrcjC&Z(B{ldQ*FVlyFN3|0O}0M
z2@rZn_yb;LA^N)M;3|=WtwhqO6FTw*zfvmyE0sUp>G0sag6W^(V8DTgwEH4O`gM_|
zpO$}Hq!xqxhdEp1=JCKsw!LE|Se%4*!GkiGv;ixk&oM&(5}?od>0dltRNacYX07`)
z+#XDB*{;hatngEHbI12r4J?-IB<A!m#VI2K4?IkaH{9@W^vERgb52Lo%%|w;*8Two
zV~%+FYAbdOnV%Xq3;<^y&gRzW&Tjt3(AnL9)@hQ$X;>HQHqf9h&LK(JTGP{9`E-qV
znk?-&`E>QC(YDgJWy^x7E$_&d`B7WmeV90V8+OfkpO))dizT!&^sFULA$or5k@>B9
z*OI|sQNPuvmeFL1w3+WKTQ2`JQeb|L8kpa=mN71$OG&pNRQmtedk^?1tE_)~Zcfh4
z3`u}wKp-FlbamGkgUhZfn!$qWx`uaOU3b+7L5eGbzN;uQfQ8J!5J8lX2?$7WLX#q)
z34#pLi=l()gkA#z(hMLV?f<#w-shQTN*c1dzyG^_K8Bfj%5A57?>Xn5!{X!MD}q@w
z>%}}db+B`6R>-2z&63Sb8hmE1k+$&0uxXx2G5i%~ts%v*d7e-!|HI|?zjCn^TRNLL
z>EUG?-O9|94r6D_%z1XSi58RT45Nns18c=iwP4<C@uJpTe*YiNFy%#Tz`v29#|;0h
zVM-A`!W~K`bP1VxE<GQ^$}{X{=0ZC(_Lo^U;87>u<;B}!h)2Um;iQH3qQ#(@+0qts
zEq@H7@bcF3QW({jv6clgQMJ!&GOCCjTyw!nLMl8b0}!7Nk1@NQL&?nyZBiF~**;9Q
z**JXOShk(_e3?cLvDo)<_%`&KmF>$jao9L4RBs&=-J4^f*DQ<b&0_W3z~{qvS@&@`
z5qfTM)N{)k3+lOC@RI>rI)}@9-PDrk$BgIAi`s<4Mj`yAIi)akjk;h7H!#HfQEbk6
zDTVfv{auCnTb<lmimA|!+@Ua_zEqkQUvN>NLTB)&Nud=+cVh85Tx!6qUKN8UbV(|Q
zc3vw5Qr#*kq#<k;JHGl}A9jTiLV!1fqXo=Qzw}}7i2wm9o|c#lUt~Kl4Q5gj-mlz#
zadlOkL;A4#zu=c7==GY7HjW~JHplE!X!9-z^ez?LG(lF>=^O>^)}<NHXkVvDq*c(+
zxVWd2$+|b8p`@|hom}e9aiKeRb&53JO;FNtV&`x=x`o46q2{+oH9slz(&A2K(0G<=
zV@gAX!-h<VO?DyW+M`mTM~8QXz}U*p5r(|a(+oS_^3G8bK8Zu0hLzg}`<3~vRE}a(
z19{Z)w1PzWF(Fakf0PZ064W8v2C{k)Fl=ZK0i?+tV*sS1jmiZ`8YY5|6-t`!`@ENA
zo!2V`p4nXZM-In!$)b0q*xrFDA7$e0(8uG<#P-mSIpiDGb+$UxD~!PMll4M%m*Q0Q
zyEr+3IPSo9K1_zc8aM{qL8e1fA=b0UvVaOz-n7^4(qolpjb*=3uyQho5B9qKnP`I(
zV_Ak!R(sv9Ol$`Z2ijoHSf-KDZG#YOtz-ZbjSgRg-<M!AJnqH6!fzdz4F8>x32!+v
z@%B42@kO}bp<xF|(lkuqv&*%aZRi|j6`PtS$!>k;sG#Rh(hPgqxz6F{vhitEsNhr5
zDbidvs-d!$9qz=eB}z9eGZIX^1iN=r&BO`g1&(lX`TZp>r0znGQ%b!|A@<HPhZoae
zwnt3CJ{GWMU>bbl765mb+jTFz>A<eAj4~cCc6+faEN9}5e`r+Xr=0^+tc@}SHTLy5
zGRbv6aw5}IKOTcV`=}p%#)^LYiOcVgapuI10WZZ5^cl-k+?kWZ%sr}`4Iwy=Sv3_{
zgzY($>~aUu24f~L4O8IYE_V^OZ;2^=&<6eq%z?MV{+(`z5bLv9p{e(;z&h&vT(=ir
zf%Vk;HX2m3reZQ|ce~(CM<%`sL6#xr;c*RX!{;o3$uKdy2s^>4I7bmShjo@hN5B9d
zyQ9_p$dK9|(jii9pGa3nQ7Z%=V?wXV>ressIIZ4V9Nn9O&}#-o_2!Iv?(1mqF+TL%
zz^LbbNEhJa%dtNZd|<;M*4KjA5oYam3nJ(WMQ#@+!-?#|Or@2(!Xb-G!!#J}(Xb`_
zR$LzE_GV&B*hee)h=#AgMT=One2<st*_DZ}fIlun!&jl2cy@q(0bhm5aSn|ncpNNY
z8l{nq3(6m;DtAEsB&B>@q4?uaBJ+>(!lUYI8Wd$)omdl&jc1};M|Qd$ijy*QPO@?M
zGR~_cM;i)?O62*Z0}@qK_Kb+hPvlUf6xj6WOKWa6BuVgjGpepFwvuS$etLOx4QqR`
z8F!GHN#|X}cKa4P{z}S`b?w9C$P*mqG*)tCLwja*XvXoHVT+lZig>tuASC<yee_Go
z{`MSxJRoZ)^#4f6`2_lboGb0cG*gL%Ahv{6``tq97iW8$Vj4_gPHYMNm`lTkaBN(t
znvW0^LwCEwMWMccB*#j}o8;JMdr6M1)8!a_Cpp%K!H;f#6t3*UU<7kvP1rh)0^bCg
zI5a1AgyHcH4QqmTEc0T+ccdrF+KgLMu_OFQm>l{GnMmKP>GG?$Fg^}uE_XAdjE|z`
z%?+f2_vs`Xqq<@TtyC^1)wd7G3a~alpj-mI7)^y&l=bUE^rfo}3<4eZk8lD#-JsG0
zI=n+9fgVX$1o~kIL7)O8c7z|&X$CipWnQl!mG!+%q0uTbT1A+V4=9;K$xe4r0GzHc
zH(r2+V+BkIp5gnb<k7abz4y|yE1h2TXt>h{ZSXlT9#F4hVtLOn@uI1MO44A+Zg&aV
z;N*A~5Z8)#yGavyWHj4_@v;mK^+N77&<4fhNR>_6<My^h8*CrP9OB~CJ@o8Rx7S6I
z<m7m!N$Qv>sbh<zj+u%&wg~FL=HMribP%+3Xr!|=)AzgJ+uj;&@SSpluX(Y6ahRFQ
zG=y-MRV(GP64zg3$f0f!>%x(`r2=P<=~9U4u&b_EWqWNpLQ+`n>Fl~3b}uH^X_qiC
zb!~C<A+qyJ8RHCJ<S?=e!!$eAm&vXq;D3LcJ1gAyP&%1W1AFTV-88O?6M?t3--PL~
zr7|51JL6I}vYTz9yQxKXbE51f2<SgD{W_8YTASU76#bMH@V6ZN9T@(eGrU`#ZvMTV
zo_}t-)hiR5bWo1YZDD6V8gRHYnNAUi+5CoPbDEq@F_}d_&ty(FO{VW(HkpCSPUd7a
znZVCTxmO%HXE{@hIa^<sVI!CunzJQ8&z#LO&Dnroe$HkYb0*WJor;>X+|Zn@s4I~E
zqR^bp`<KjFlx$gI$d>;yWXqxANZIn?6e(L4P%pnU$(Ct9PdC>Z-OMn$xg)BZ6Q=0-
zdA|DEEl&u{m_|n)TBqGaJ>0Ohj2`}h!@_AymLUONpoa_>+@xpNJ5?{_PFWF%kr5jc
zc}<x%Y>6}hZ4i|ICPS<p9|u>Knu5}8@UGCO=}_RluK1dfR<*mJBOJA0?V_+m5XfQq
z6nQ4}s}zPQFr#Z0rgPYwQpEtujvS_UW%!R!G7Xz}i+JTM`O1w|edS{uW_DE(j$a6d
zARpF$!^$ZvOEp46nipagpLD{lo<h4VL3CH^TsP4ztSr&}FNgD87&fpQY2s#lT}GO?
z1JfvB;hJ*oC4GvcoBCmjUL-phL#|B;ofDr@9C=Rs>nY*q#HSX!<!RvJDW(&chl^t$
z!Iq}aZE{9s3Z&x5Tq4`$RRCu|n7<-4)544`j?C}2%k-Lp@T<V#w79C$U>yiXr@{JQ
zDkC;ZVwecsvyefuGUDYFy93f{URqwk7s2k!I~tbIb;Y6laC7zfT^oBIR1Ez&{kAp6
zv;U9^O~^TDu93M^yo264e+pyPHkf1=5=na47`J2MBglSd^t_Zhoea~97%P>(Zk?}A
zeMkQ)N6FRc;IfBm)UOHq6*&YtFkal*VLH7zfW@4W&!Wc4VVZzD=^XadwK|N`z8Q3!
z|5=CWyl<PB=Y6$U=Y0i*y~yE&c=JCwLof3=MH9Q~T2sqDP~4{S2Z~h#7s4BmNfr0k
zEBUDj83UC_$Y|s6hX0pLz_?I35*l&%q)QYh)9nr!vmxXA9A%w6|7mN`cZzupZssr~
zy(C7Keu0SED>$wv9iqVg)pf<FZd`xfi|o(9vih?iW`7o4M}Nv=f}!UANTxqo><&`M
z>XRJiNf2lks)iWW2CIwRg(NAibG6FrjX%0K2Ssnl*`od!Imm=0gb{^|sXMn6yZs?o
zwCMrTwjVDSR9c${@eLU46n!bJ=j1t@hB?S7q*7)jg%ZBO;rwKomh)hW)j_rghZo<1
zDP0+zqCQd2-$uT9fYUU8h_E-MkZvzD4vH5FD!7=;VpGB7_A>H&z&5vEj^##A`~PxS
zC#L-sc?|6ipLwuo<?x^!Q?&2+40p<T)<PLJ$V}FTTfKtur*<hrg~JZfVpkaJ35xDt
zus9=TKE@f4Gx{mEvk?m-9f)K`TDj(zsy|R}`I?gdUzD#YtVH>m-*UJ(nNA^po?hkh
zHKo631&RNxpuU3MDYSw!E3txsi26faVQUBG1e;7Iv7mAAKWq8RuI2l3EhkldEtOIg
zI{>f7WfGHy#=Z;z>PM<YD@@r$2K4YV;6J%cQ@Cic!pYmU8}>?~^_#($u3gX5G`luf
z(D*;KoBmT;=>L^TPUCRY?Wbuqw(K<7HV*m!ndE;lCC9Ac6eT3DqfArzkJK#ZZ8x-v
z(|<}D{a=|ID}1lXRLAMw|IAR-4B=ZGN>;e7Sz_b=P$*wbExX;0_t+8Y$#f4dMF7{g
zIPAZPVGF32PH3<HON3opz>hbHsVbIbqFmg8y-1k1(YMY+Up8;+8*n&kXY$yMvT*PH
zrxDhc$YFRb8P#^|pAKd19#M;c@AJw7GVSGnH2Dr@aM(_F)YN3c2HmzS%aLg0CrspU
z3quC&GgQv>m&AN_=Az%$bUzj|?lKI(H5ffD?_B$`=u$D`Fv-r)!(neeqiIuN4iD8r
ztYsG$Tw)QEGSCCAEb9EMVs{Cx>@Mk9$j2Hy1+8r`i9-_~XYui(f%k%8X<2J<xHg5n
zBI7WH*ZMQsHS&yz;iR;F8WZ@l)L?zsc}tl3x$<eb>Ze~(RARBUpN1=-G!FAOu(;cp
zZX4gymSHUp{@WSWg9DnwTz)??y%AB3JeacYwixG99C$y6_u9xhTC#o^ron~1veT)Y
zl_2tFcn4=*{40n4V?$Q>ueV3Kf2T}RmOquAXpO~d9N#LiyUO<rS_@5HH7AEXFRQ3l
zS=5XOzke{M$BM&ypO9&7jfzHWt&Zm9>mDrX@V0Fc-kJms{>f@nQ@kz0W0k<6U~<S~
z)hB$k2^=odXlvum%5v6sJ9(^bhHH~p7J`x(i?^5QvAUT<9~GFvje*Jlt*8i&e)2{-
z9B4`^MYD47n=<@()Ad;qvoMMAAWmiB&aZvj+!059W=sxA+#%bQhv?KKH477rSxPV*
zURx(KI>cVnpp47gLZ;Au`UGE+KZ=?A$iql5mPD8b>2&*`Nvz0E!18fNs2;upliOm-
zXmeHk7qc)qOT#2h2HF<8&2{nLpUR>N<6r*9{WDg^e@;HU?4MOGjL+_t!t~sBw^gHU
zV*?J8&AcTG-O0*MMO0GGw5A_zce^5z-!n{s37;@2|32RCCh7ef4%;V5PbVUSUEe6N
zlg61k=Q`mNSt$=6<R$oUcq_}dN4iY|@@1mu+wG#o$uDPNDu>*LD)+{k9;`y&dd(ha
z%?u9?_^g_K5coqnEDJ|FDL1xEIlkR(&U&za5@YhhqNpA&nG|yDei3zbDP5Ja@{1U<
zvJfBSFry7K&4ieo670wwrjP=8G(YO?8%%BIY>$vN$e~nRZ>nywLt(HCo-UaxeVYU8
z7a@{AQ27GwoRR;Je1GKRD~<B`d1Dn}D}BM}*tqSHPV=3ULQeBWKCzs8ECHR*`^A=R
z%2B?^BuV<|lH}^7(2rjI$7_>Vcvh#70I3b<1^%Kv5o6ry61$`x%9U(QWmNPC*0+@k
ztd%TR@{n|WrE!>ftJTFAcR7@4D)^b(<mVAcg~Q%u<gYB(>)G#TC_C4PLt*Err7(Lv
zeNq(cHj$D)iqQ5<Qq}2RP%$B6w!44Y$`nMeOw4>+%Ga_yLgL2@hFbZtRCLuiqdeSS
zS4_SYx~ypz`i3?A7js$rG7x!7b@IW7H^bJ>8rFyDX#qX|%*`CObXI!N#s!Fw0$pgR
zNzCuhFeJU7(u*Z?C|N6nuAOV#!FVBMOL*2H)45L#mJu10z+vAM#^_+2wZG7s4FoQI
z92?w2LEwfO)uaNwsg|nt@50WcrhNFaavR(D|Aa0+uP(l%E++8D#R~ecuGk_pY=a5V
zCWxuLK(+_AENlS19D17#RM=4XM^jG(s_Y71S{Nl17|NU#NEUNq%7r?adAEnq#+6A`
zqU?S#WllJ?$`!i2T{()q-iQG5LQ~T2a4)h<bhKb{2r?VPf``1kRQF0dRQB|~)8xkX
z7VRgC%^0}L#^FI$LIAbzWaf~D3PDghwfq$uz?-qw&b(lS_$+J_>(vl`NGmj4w*eu&
zrge^`NGOPF*CeW(W`&8{-5T1us03FHIqXmh=4K8jZ?>jmS_x(PDt$g|aU%)AbzOpN
zVI}9PY#J!ksqc#_wTuWmQ@zUPPs@I7nVZp}oM&N{Kv{2{#RNXF+<?2Q+oA*RF6hAg
z%C_i$yNi=T+m}h(BLnV&lfnb;CT~{(ciShKqESk=ms6L8Y?<$_llI>^@i*B1n^BSd
zHw22#f5n)U)WOuZ8P<<90joWDOdnk(HsG~6EZD%TK{M#EaoDX)yr<^6!_!VW<fi?T
zwd53YIh^7RNz4E-L5g>bewq%-r*SA;t30DN4hzua(3|vj$f37?w%bR?xRW_t+(0U$
zkZ}$BGZ@}hX8!J}DM4O@UgpI_J_?gzNiBw0&u*_LmK1C8xO-DEi^Gh6N;`|H&n7f)
zkO;U7m)pqgjK|%QY8Yc0N6NH#x<&3NY#ctl+0U&dn8@LyP7IS_RqSS`7|j+*9vivC
zEfZ~8Iefc`#mEXi_U(TSxmCs8;ID|(eww*wo}e}&9Wo!rq%-pP3c{McR*$T-rpwIm
z^+IqtRlKfyBsEF5gQ6zEHnn0BvJiFmbGY;|74<lJt52sf8;4tN^deNfX1`Nk1ifVc
z*}1A@|DbiIlKtVM>JrlfqoxAWG_ug{jxX2Q(nf4UfWz0%{A|ic=pHSU74k-4pXp`v
z=gK6e{T#y*<M{k%YU&HdA?KAs!#o`EU#;-3Mn-t?*b{=F?y}O>cmJI+E8Tv<;G^MG
zcxXt57E$mvWXbq%4r88V_;|>q2{smP&MP8{pKvs$mO~CFhZ{N3prO1u=V%mraL66O
zSbPE|aTt2UtqNF-V6uqp&?9b_{tM;D{H+ty;N16N2H%#_;QJ2_0|!T#on#hJ<krS|
zPwJB;Du7S$4E(!b;lDYgP_<H$hIMZ5;LQ7)=MI(ve(DLgFIK9dX%o~U4&7a0P3J=W
z-XUT47KCLFRe9Ec!*u=j{EA;aL%-J-x>pOo*(Rn&ZpMMbO#Okpa$c_X-Lv$22UpyY
z+4{Y?l^Wxx`t5@%zMa8m6Br9-Q7Zf`-ADos{uLcqEq#`ZOM`w@rBg5(w&w8tvof1i
z1HMpYu~TW-tm(>LDIn>sVw*UiEuFPFe`^)b+PuJ_e_NSZIV}D8?r&r1h&dmUzs71W
z7gf(Z7LBUE)FYi{#JE^AEQG3ykGaEhe*}h6n<Yl>kD{_uf2=?3j?De>=}4x|L~lIo
z)=OQ_9jSAMxi?}VZ{={18dT}{O)pd)jQRSrzGLok^Hbcy;jrmdtJJH?&Hx@5Ne90A
z{kl>aBWSm&Qbt&tgyjvgW{7Rzxo3>LL7#<BYPwtxJ#)~UW05AxHN!&Yuur3|t{tYV
zy0LP@T|4SFB?XdMfK+lIhxp@?2DkIWjJz1NVA8R$=(mO(g6gs^5XWF)tj6|~RNNTK
zTSts$3?G)6h>QbUwcwpYkxic;72foB5VPr%`zqb^fC47%sNqcy+aKBVw|-O8$?%!0
zki<Mz=kQGppHcK+OdY}TB`*@kkE&Bej{gUTgD*04hB%%WzVD7QHiCJRDsggc>#pd%
z@&sLeeih^5#0epmzqBii!fYJ+PLLbvboizri!f@6PoAi*V&h7g=L-qdez=%acoH00
z#x!z>eAG$hP264HVYqiD#60eHc2}gq_}vL1{y7u6T1q@?r&MoNmyx|H;(x=^l`eIV
zf?R}IH|%n&>~L~iR3@8jAOZ}HQeY?<UM<aU3OzFJ&%Li{D|A8wpN7fM$vIf)wLvwl
z>D04P6|2mT^)(z>DU~@%zx~6CUJa8c$jwwD?}3oX+n9jp2cd_p8S!Fk{LWCKL1<Vi
zsLqS6xC0-FN((#Uc!-X$IvnrKT!m<(;?ben`Nr(^VKDUrS!MF7+Zmd!+`(86CNrOC
z?_r-&NOJXWuD_7vp-`UZPoEY-ndj)`M$dm|E;lNsR@IsKK;|ifOW(N*3k~W}bW=q0
zlE7iXFj?yo@8m^7C0aA6B$ziJ?}Gd|@#R2vM&^C^D2$_TCD|H23S;7Ym<$KAow;Js
z-mMvwPK|QbOr<O}SbB8Wy=5e&^h;u<G=_SoLwVY)>7pwapJ7-N2K>5+Y8{AgkBa@X
z=&1v`YmnrC?!Fe-9%jTjFd4RIYuFwpQ~$SRJ9B;ddA@=Sugc*@`Pt=(zG+oF(Pzzy
zk{>?FhwE05%BxAbyKiqHJFWrA-)nEXDwE|eW|AkXkUed5mEDNLTr&4!O%AKms3H?w
z1nEfI6~h-ZA>@ncaQ(g*I+>KWiVT#2Fi26IGZ&fS;hV)WNeotp?|Mt7L=H0+>Gpa|
zhQVzZ@lfV{O|dhaq9kG;x;5+!M`%4qxW#HEaQK+{v7V|s%jE%uad&!ug169DNr#h7
z`kNvu0#_$XpuP-2@uuSPl>yqO3qI7$e7J8IV{-3F<GED;*S&4&s9-@=A$e;Kd)i9i
zFXfv8{xFPQ`<+DkL#z7Q=Qtc|%dn$aY;qSxR-}et&6Y6u7LnUm<#e1lJOrgEsUw9f
z-^#FN0ovhYTd(L}UU~hq*?EfSUCsQABK!-7lWiG35gM;VB<BvhV<d?jJyNFOuq*tL
zACZnp;*l?px}%aV%^a?T*XkG-XAKYGkyA&*@JMZ#G@RNjF_JPBm7SDn-yzeEAt=)_
z`A6w{kOPO@gn$}z7(0p?+2eK}3g2cl<}luLdFLTx>mZ<$dK>IIWF)tv-zb_Wa%{JA
z*g8D)s%;T1**Hud#TaEQ{or<1>8jf1-G`pA&e~5GW$7GBG$UQ^>hSq&!eO51kxH1m
z@@VAV<a4?z7x-ms7TUeog*)&ihA$HY?INRPqMi$==hEOn3x@G_tj+CMt2@T?HMDXG
zLZTK^c3MB)&0+MT3|nx9)z)GHe@5p0j(X`A@}*Fp=IV=E1PiWgM=Th)rRprWqFse7
zc;QIJEO;dr3x0l!V!<!l5ev?{r3x(gWxE(GI3^|wo{eC^)-hS|<dJADdv}B)(-Sc+
z4jd6;!QqiCculgP)nV|UHN9*m9B{}TnHuf9!Gi-2xyfnUn8QUAljTJ7;3d;#Zx|0=
z(Rr|6hzGCeJh=8qG!GVz2)*iBNfZzE8LfD5;cY*W2U}9;Ew<s37gOo9dK-fm<;0tL
zF>geO7r#3aN&fjGLcG|8TU{Y8%$G$vju`mWfmWY_OG8KKoH$T&VlB=vp7)S!=+)V<
zNO0j<GZ#K4%PB>5W7r6t3#EBi?m>0)?)*bB_pUY$J4Q)}B0ekg?uUn>Y1*bpA&Im2
z1ejdncEvN;KAKT^h~E-Mx!PE8zPCN;^vjK_Xw3TyhraE@7);?**ijO*?+F~{k7kSp
znqc&OVM%n~6F3A-cQz`DPr%wR^`P6x_ME_B&loaar@@qirg)dV7Q;<Ornal2nT9oC
zd}EnteBW}n!zZ7=I$Gu;YFt4sB5S}T?*77IPt>3VmJ!sT@e(TEn!x)}*Be5LQ-JG>
z7ERWMsm;mY4yX6KH4*_nKhv-gY<xQ%Ys07US^8DNV04+5%Vtg0=b}Ct4FmWjci_{U
zY50^w5Uw4QIqZ6a<zY4WIDvfJHXljlo3b?Q!?*+cF%m2JXp>d%`<bfV+d0hXt%=Pz
zWMEU6-#Y_sum*hi8eDwSMRl5s-5P;m><B+FhuC5cbUW|+9lYsll}m-{``qr2LeBT+
zwm>)J&_2iO*3b=C2{~WOcKQNhILnzv**j}xVPB?UEibycMs;r;$`ndSF`2_$w<GgD
zOn^-+L+>^h{aWgF+?j_7l$AIcK67h%xq~qQwlE)uk-SLZ%z=#rF`Vy6q&}cg)#2+8
z9b>`QD-EggStrt+ml{@GcX~Tjs5=*wxWy)}eC7FtAm&FRl;_2UN_qD0<RD9W!^$a7
zuORdOonk1@-TPxH&pH0eD9@QC(faYr(Ygse#>Jx1CKGx|gz{WGy7Kt7XkV1-oL8W$
z&b9jt)%kfrNTIDVJ!6zqk|mckrAh;)+gI#!mzP9ez^no_l=n+ak;r0){N3o#dzS8t
z(xXcXlpej@m{odPULlsf{9LH?LrJ9m+&DU<KMPAD71!p`mBF%~L_PP_XkCM@{arYg
z?Gb@xNr}$+?<gfYCF-4Dk1kJ%Uf5Tb5*=9(r9`*yi>X8fQAjW8k-csf&)~zcEGs@i
zd~?Zfn$)ODB+R>6h=jGzlcbq@a}`CxlN{DO&+sXO@h}Y*H8<gnE+M>OZ7t`j1uXpw
z!<w+PxyvCYPJC-&T8YsIBWG>@7-Iuao3g~c<F*E{He6Eb#&2jFN@1OaPjYLPQa74Z
zH|mC8`_!<PHW0&J`VSiR;s#Y5_Fp(G`G;BF(27jj8@+r&)1)wXmC1Uv$Hq$0(*{*a
z^Go|f9;{j%E`3B?mjLe^aQhtb4DaRe<444AG@*aY!~{M<#z-G92P4*k9UrlP1CxG_
zwcsshiBl7L_IKhrDcrhH7f0`nAR0^+D2QQoI6jtTVKTSc;}O$f(jF5?Icf^ZtqCW_
zk~wGy*5M2v;<8%&Nz*u9;4r|iJaHHIONsKV{0(1Z*aYe_wAIo@<<bM?+o=Wc`-m~S
zJi;*a&R9nn9^g>?B*Rt)VvtZm!zpCoo+e}4WNobP_eYA4_emd!_cx%U#L(J-N!*SJ
zJWtJ^Q^<F_MkB6XfOYy}B5z57?oFC$8YXimHsPean)JnF-cpbW*5J*g={k)=pSv8&
zYvB`W^xESZr;OmY%Q@JyKa%AAqE7_Es;hErMYLQ`^3re|RgIht$6dY!xhiD$xZ9e=
zgVuDiR2y|Qz8c0N@@~h8<&&x6|ERtu!#CN!e7pnvWUBs#4A*TT5J%N)*JV5Na;+|G
z57XiZQI%vn?*v!i-rwc6XqBrHvG>2->QqHI=Cn2Pu&=-MXHLWJBctiwRc_|+YoX$*
z^)+l*B>pDDx~B>=u|0f3nXPkwt#NAxw&!r>8Ajg;Lq1i6Hkf)xhQNctrx^4Mq7CNW
zAt2$ZryQ-sx_pyp)s##bSzpMMZ(kspGNOLfLEGUMVu7|?dhMAP2(-Olzv`f^^o0sR
z+nRk98$1ey4*FvRW*b;vVYVM$AcMz%`c*J^{P02y%ywdTEX+1xd}VBoOZG*>viUlY
zSsde{(3ZL&`gUIgW}8t^dCazLSG3KMTyX^2cI+~2j#DOt(9<`&qU;@?m@aSKRS`%t
zLWV}~D>D#6FUz#k1phYgih^x3Cn(r9s9}|3AIi0S9PeZxx5fJ+MepK*5OVusU!)LR
zT2Q{_Bd{-)<zsn)j@x!Ls|0SF@I(}D`#h>AD+|iQZSU?b3%3oN5QW>0?uv=q1YJnn
zc3~&sws$8IZo9CPaND~RBXHa5dK8)CBw@3%Ue$5i0%rtn+mKNaZkzR2q5n5$NZcmA
znQ_~+y^*uFW$cZ^ZFB&$t{C&=E;Q!ix>W~lle$EKwk10&1Z`U;Mu4^t_Jo191LG8E
z^Y1Z0+x~GeLEHR2;h=5VI09|02(%SBsGL&-WShIQOvtu%q8YL+*-<8B`+6clwrydM
zZNQ!|$aZp^k{LtxxP4g?vWeeJkd68?VrNWZPlAi0kwm^mc3{xX@Br{c4rjy-)d^yK
zOg%~Ft?A!H{<y4Cv^!ctj~uT=+^*dbAuNd;#_AWZ?GB^8TjeR`{P7Ao$WzRw<H<_%
zF<EC<9&{!&!OBLVL&pmVscVa=dn$yj!^SJvdJ|{ZQ4@Id6DDBBbamFk=GAfPXN;HN
z=Zwla7kIpwz!!w*0PIdRO=~3P%-0-Vf}IWtJKMy7ooIzoO<ib*!+)bQqa&M!A<)Br
zQwUT)v9We{B=>$gzAOl8O^wE&2)_wnGE9F>Lxin01Y(*dJ`?!dkx&|4^W|Y#^W{(S
zE8(?4huoT@kkS)P8Om5B5`7MKCJ+++<PB$Du0okR5`tkxVqjYn3T`NJpvGa|(~NAK
z$uP;|(<4mqbvSAfuO02t@O3z35rFPPk8?28v}PDLwS%>EQ^2EPJ6KIO&G$G5t1+!l
zv}Q#Qs+AnnBc?%(+3(gIWFd_`s&=q0kwz78g+{eD(LAbTnBywKY}jAJq0y;>I)$pt
z3v&4G#d3Y+g+e0z2Hu&#im*{jOosf|3h{OL&f?YNhT+<G?n3U>^mBW%Ce0CG+{;Vo
z|01rHXr^+NvL2C!wl0_qYoBsu-baZI7TlrX>l|i1?b6T&n}4Gabkk<g)0dZvR>*M#
zebmaOLbq&&%XTO%$j=!s3Tu;M-#*&Jm=9~iyN{OXd~%j(Vm2@Ib_~wM$KZVs#CN{8
zhL6EO5UX~!w^J6{IqnWpQ~t2g{08QBww7R{mNGp5{C0P#l>K*eU8q4?k)3$(9zWLc
z;_tZw?-88HyI`WkHa|v4AP!!^KZ#O99oZ4Gf87KlK4uJ?w8oqIQtZ`DjM&)W!X{q4
zmpjm5yxO?tk8!OAarqC8{a6FuYws1<;ap=)kB&n=8`Iz!!I?KH&wv&riP~PJ5-8mr
ze)PuS4-XE)$KZ%2)W?Un%NkPR8<mi<zt9Ym;b`wbW{ZchBMb)$ZadoBnd>t)p_)AU
z3zH*B{{Gw+*co<_k^Pfw4Ld`Sf{7+)JC$Kx3l&FFM^KB1I22KY7dom96FZdw)14)l
z499wDQO);)Bh<V<Tf<&(fSMnj?eytXqH({hsni@6jb>!2-`7i0*95D0aBnX`UE{3c
z!Ck$aP(7$3Z}39~E9imc?!vrWYzQA@$m($wN3|5{j4BV6UfSh$(9y;I6PTLTOS{~q
zyhv5l;!LK;3|p{1?WuZU6IHyhy}n?5Gcg&y>gAIQHp5B_wxt&Z1d%xVR+g2s3b7OC
zjVYqVUnMj89CLfk>kB<xgER3tI84(zCR@YjpoFG%q?%TpCTM24TG8?d<ZOa?)sQy?
zft*YbugZHPf<Tn#2D)ctw!kiMTv{bYXFKz9eV8Qf)2!*LD%`hi$(&#%gG3RL8;d~~
zeQ0_6zai-2M{2d-8|9EC?GvXLuySM*+F?v@&4*3fxzIiplVNi&M+<BN-&YeY4ez00
z8#q=?v^1=TGZ#}i^si}6)dMj<swm2@kZaZ=qEyihF_zQaC8Z8c5)GW{E+{oWNi=Z0
zyOYD_YQgw;L;|s<R8TcJoHHBtT5(y?_^`>a*O^0}ZrJ-?8TQ)B-|!{IHMGN??4S>u
zHb?t^(MY{5a07!gG}I4zXyVIp8tc#=PJ;9^?+BHwJKagpuCJk26SOP7nS{;$?vBhB
z*bzQXqD4N?y(CXAL<tFXxyQ|sLBE_C?4qePx;nhvHA>*{ew=m_!Sy!0getK%<~d?x
zq;?<;oMrk<^*W6^SPT{luWTp&isAd-@ENpMoUIMc#13$k2tMZx4LiVPBE7zX^qRvV
z(C`je<Po1&Sj0^QO4XH+s`HboJ3y*#bZ-(y(d<-`C~h6^66~}mQQTVKiex8SnhTTR
zqULCcHt2u515^2YRmb+c#-t$-ZLsN94co%(wi<nQ5+a%1mf=HWJPl@RM(g{tGo<pT
zW`e32I|S+U?2KMPNc5Sz+H$bq;~e6_YrQn=0)4H5ldm-_)QYepjB4l9oM?ysHlINg
z59j6jG{xlC68vT+Zwep1?L+$=QdtT5>BnF^&Do*en)ouBCapv$E~p+$Pn@P{8}1VF
z;22HY(CBI7@F|2u@Uk|7jF;Rd$yj_7WUQh6zSd&pdpn7ae*mK6{N7HYV@1Zi#NjQJ
z$DfaklVY6`QPd`ceXOz1>a;qsF^A#p8P<oR<YGg{$5GVrs>i*^VBuX3(a)8Svlj4m
zbq6vy-ndZ1C!yp?reRa)XCrg==H4#B=w5u73tb^lMLs4P`<vqjqawLA2?7r-4FiF^
zi|Fl|r-IlKMv6h%z<;|~q<vZ`+F<PM8EA+7noq95{ow{w<Z$ISoi3Wfn08{hgwpP<
z=6@Nj)~eoO{uk0>E${8rb=IlG7!3DE$#9RVuY%4srJvfvNm|YiTpG5A<FuUlVma-w
zI!OyEBAV*)hKR^dF9_+Fvx&59LtW82CJvUiW0ldNJ}Cw4pk*|}JHRHow6C{A=+7lI
z+?BnB{``W5yF$<=+F_Pe!=|&OT;0-3(Q<$|WkWBb<vAo-*7s5%OzK-NFQE#Q>qZj^
zHpPxZ3b7%)(?ly{31?er3Hvt@OL*ZqYkIzHFk;~nIqXjgmPbIB_eK*?Ji{mHh>f7b
z@4$&kuq(|aCNP=9{4SKF5T@^lR7|_f=8IO!d~t1em}2@tH($KBN1pv^D}TezoZ(AC
zH*wh0L-Tr}uSdw7Y8i6Y1(|h$RW$F*dJB=Wgywy*PG<426g0C`u|pt{Y2IxDCv+3c
zyotfPH3GEv%<Wkyc-3#riF8NlbF%SUx9PB@&nM@FBHZn;N2t-JvoIMp_9E(k8NMXi
zSkhC&mtmPrbnA<rPM?_k&*HW6CV$$In3LZTHjgJdfNgPw<{|80kY6L96=G8uo~<d7
zxxYK%`+f{2BoSWR)!msJA^Ys`eLJl+Hhln-A-A_r-G5eY2;L{!P2@1tM!mIWU_0)>
z4n}v^$U@`?%?B{z879K)G0ZQzInpC{Zu3jrVv?G|hS7v^<P5bElD{F$zr$1{R}gbY
z4#zqL1sM--D9HFoCn1SGY$znr(M~?8Il>7#s9{Gq4Gy$FjUDfDqWw<1<6%sOfkYv#
za((zDOij`>Y}yH*gz?!fLBV_CC@yVqLzfi(g+v1@ItcM-MAwTRE>Dl{;lei5!&SG5
z9xiAjdidpSqKAPtLdmYa%|W|s2ijoX9VB#CJ;ff*6If&j4_-G^X$sS_HGFcInB87Z
zd>w{!m*y0Uda;4NsEHi<IaxU?wrg+Hij5n~{6s$=d6W!4&|OjS{A4kdO|J_oo}ElW
z>UF1>(0R#XLgA#F6w;J9S7l6xP|c6^IKw(wWb&%RS(YYlxzwY)9>0Gis>h`x1dZ7^
zY_|~8S~Kuj?!e~^uH|06^!2w94>yIp5zLSFL8QU61S!o%8rWM}i&kiZPthlq^-`P`
z#?f715kcWKJ%pf{Pe^#RLc)iVH8a^@Q}FfFLQT-q*W$&~1Kt)-UyS$BvgI_9%jP%g
z=nx_q@()&SJRK$F>fy~q8+=sFs7S`edJJ=Ch!wQKDGGi&)T1yDZ7`;qFFp>64v<n&
z$58xQP)x_`@bN^(<Ux`|t-@x{cB5u<tA`4qHRUkOt?8`_4nNn;>JZHis_w(4aJWZk
zD(=B9unUPJroH9N^I;G84vCNkxSgR1gExJxd=g;D2_n;(K0}S*_=|%5)~Au<R~`Hj
z-<?#jXHI85>*M+~4Sxf3I$P5nh_EJI3upnX&tY_X1|@{QcnLOz({01az6(sOE*9%R
zH?dg$>S8AMb~Bk6G_D!bC?h<NjA87$`P#-|3uu_e@HU|q{-oh;UXvE;B7JZ-L*Cwy
zC8`#j9?Mu3-opcUA7@yLvKhdn18yHhoxToBN9pU@HH<pxzO9GCXn{=Lz<80%Py6~&
zLm6v%4}4ucAmk#fY{a-VL+1JomTw5r?I2dCG|E}w$6XYGDs3UMb=ur{%~RL|mW`qA
z_JmHFrU@iX+rTr2-O69^{RrkD3kKvJaXbBD1^irPfgU?nzqW6$xF&b^c33moq?QFn
zJ7Xo<^YwD(<<jAe>cNVqeacSrv=>i|G3`tCh-v3`UgR*Vx(&TDTHxz2QUFgojLLRm
zGJM_3mlwpQFfJ)XbfRkq<>q*7chR*34tvW{6b;~-oAiOt9pbG_bipjiTU&{@QsCR_
znikaXHr`b?b)GVrIyGtQ%$2rIJEp<9#$hH$M0g<>z+ZD%NL!Yba?6s);fwa-#+8jl
zV_!aQEkT3@cR7%a!wi_$UPA_J8)rB$1E#eXD12Bqv6WeRmqWuuSkRt{c^K4<sSS@9
z$hU3Hv(Xd0$uy9@Vm5+~LVw}24qr+O{2w?<oH?qShW`VHtNUmc@_I1SEIbGKau!OJ
zg!znXI$;UHKEfo}GjSAy{A%*{9^!Tz2Y&@}koR*uW0rpXv%OOKT_vko(4`6Df*FZI
z`hEF^d4+ny)_7`c*4tv4o5DE=hIM_eyu67ni=9Kz)YqOc#739D?<p>)!13xq&FR&A
z%CdK9w_7*NjT*{)j=w*IufvoY4y^>!I1FzrSh<c&B$QNw$vnS+ORgFGg;B*GGhono
z=J!JndQCU6TS<hA)g3{?o|jxqOxaS%5);3&Hwi^6e1F8Pp)D(@Ij9c%3MLIuR~DL;
zuQOf{&BhgsSyM5IL$d%G#%g1I_zMwMGKUS1Gi(hfstb9&y0J!r>30-v(62qijHeYb
zHGxyrg-(E?#+rt$AwcxFy0KHt&c?^Zl~3<-1RdBE`e+%V$0y<hKFiD2#Fy{o310Hq
zG>1VDq*>T`)LrToa;1cLcu@iK8E9He!;?@*#J97X*pYusYGFq=C(*Cu=Fq**!6$U@
z?rvf`IDzin)lER^9<bX?kImsQ(|mqRg#~e<)#7YxI@<p$6YIcK>gALkjusDNE!a_w
zaQVkQ%Gy&t39AU8Ebk$@x0nFRvL1rsr%Ng_-TNG@pnF&Lpxr9nyF$EK^J|z2E31pe
zU(_w`7S{3}tOZ5Y0~DCQup9GXPdG>euyOdx8k<wv7@T4-3J+p3EPYLo;L;in@v_CQ
z`OpT-Yxt;)aC#(h78h_vi?yr0PZJ~G@S4*xI2f>IX_x^=sw?vJrbv1rBgK$zf_hFW
zu`n;&EK^1?=v$q*$NRcq^yY8?G#?q~GO#(6TD_PIKXxzG&wjtfVaMNtDk6LT5D!^u
zYrvcnmMjDguUOL~ay0#c68zg$Ms)gP#~K{Ekk=#4TBuUM!$FIY(|?=KW9*kzB{?f>
zJYk`Pe1|L=rrNP#DDP!?A6th$_N&6Z=8v3V3VGJ=Q+{<0S-$WD<CXoxRjzYhOFH!H
zsnq9~L=Du?Q=uCU{<2?(P31rIfPkSXVGZ;{u7BrHzevWV4)qxJ1>o@caf@8WqM;rt
zLy^v5-f;`VUl~agz8xBwyJ5Jvp$3OkhIOGUrB}1LXr_R|U((>}Hx^cL!E(J`dDbsk
zuN*i`J#Jxkl}%g@BGoU`IfYNwclu-v8|op$LlX{1#ax7{*UycbtTo~WeQsP}v!-Jj
zEI(i|MJ1_2q<$F*SW_UbdpRup$iv7l3SuGEA_~?rrT0pMC3`GkISq%-E;py)i8WC<
z4foA*tDu^=+YBzFY`7(sxXp148*wTZoeCTCJxrxN8GPEp5FpiS>P`^TVBC%D&Tm!u
z$Z?yPtfz4|hvQ>CGCu2G4O?hfo5S$E7ONIYs^}L_Or~`Us4{PNb9hHQRvQZTTAW7B
zCYf;Yb>?K;FOQ|oa_i$O)W?TuaBRPMv8J0AtEH?V(~`qbzlY(25sT$Fr;8KYe$ig;
zHx?I)KFC0dx-dB4R*44Atztn6MtUz085~s?QuIXsKdfT%fZxDCjC67%SL@-7+}g};
zx5ooEfMbCWOizMg;st;WxcJ>4{yW<E7x5q{R28<zTR6>$jl-gq^jsP&Tj&mjVI|S;
zn9OI_qMjzJLMzGqIWlbi#)ZuUM;;}sf9=*-voqFilYuoev35)G*T%c3Si--=1J;IN
z^6l6F9#?~}2~7mCR2On$9M%SxOxGX-ba-nc*zlC>U~Tvy>J?VFi^Y7pjeNQ~99v1F
zZxs(%2R6|QYO9EYq58je{4Hl0ScgMTak+MF`a!0Xn7oo48_%l2kHZHzb6{E)CUdbx
zd5XjIPdqFX#sCehnobj^zYfua=w&%XQ1~Ar_<x!R)<zP6ODBS@|K>!XPjD0kh)0Z{
zZ-EsHr3>Ali3vm#t)CH8QHKbiSs~i^1T!tP#+uJy?Pg|DsQwt*_=9CoLzzq2??w=U
zjl*gA^o^i`mjo4Hnkz&E-<pU(Mhw@0YNbNoFiKIQ!>AqmD$qRlbC^)zk@Ylm%_Fo;
z7XFtGWbk&=3qPyqg$@oy;)M@Hz3?|-$Y`U_6CSn-@X0BKj)Fc3B^z^?a>~N+4g(#X
z^F^Ygcf}1ii&sOEhBt#tp-H-ZnYj_4On~;8c;I&9jYp#1I85A-rp6qgXtJi<i_KIj
z*ZOvBW<0&a=W&HUJwZI(gr4pp@L-I`Z!;cW7xnn3;_*ftsxhnwJzeT8;zf-(^rBm8
zx$Kz8Q!<c2esAU#od4NAOOWu*?>W3T&ci4OuZ0iqp%B+|dn{I;Usm(1t#D3OOq}z3
z4ihBK>ATnB2tgvNhE})~#~h;l#R66ub%}TpT4BKfi<hnq_eWjZzu)3@XbzR}``|3M
z#<d`oV-bJi8MfjuS>j?FY#-_=R98%Yq<omMg0WgOpJ^QCd5X{m8wBibL?<e2{6QuE
zhhQ2UNHnN4p`|?J(Aq?+jVZfS99jip^HM1I*i9@zxlzZs)cLzF!iwNO#bJj)wHggB
z-{3qS*owH9Lve3edkQ|!_mo+-W6KE(<5mZz@_eFM8($czz7YFk{!jdv@>gtd&z~!(
z^WZNj5i3@}7}n8@tnXiexdz_}pGS<M4u_@RS%?t7hC*vIOcb;$xOQx=hul)CCfBx;
zmZ+LsGl|)5P)#npi7wWW7vla<NBmPnC%9brH~HY;*`6vF<Vxf4b<k3Tw%R<%bI7v}
zSEhOxz9^&92LvtF^fvPM3*vXM+wo}*zbzEgv}A*&ROL^27DmqT5b0k2#!~u=lJ5Dk
zNEee~)gFt6DRwUlGG1cUFqvm!id~amGq5e387D_^{A-KVbsfVnPR*G1r}_w(J_4<R
z5qxkmd;~#Efpxt_Yp;b<a}P}Bwa~_clt(l<3zK}9?7}1sZT!VrqKBnuhg}wiwVuK{
zZLn4ww70?fZSbaNvHsIow+%KJf@uX<dkv<p5q<J`tmzdN*-7j`44ufW&Bz~Hm*`K!
zCdz*DU+Q~v`Ca_YLL0AD%Q&z1pU3}=ANT&ukKdvmZ>k>uo%!(uURxcsTWFO0=p}C~
zU)IS?!RgorRsq95!5>PYMk#UPR-dOdo`HW8)3V4-6U~QIPQmI$Yf9yABv;A1E0_b5
zG^-0=g^NN~wh-d86z}%ZDO)R?|AG$nRrtOl0mM1Xb2GHn!rJhv0_1;J`W0)!e=%Q)
zxF@;1TdcBD?p^_~@Aj6cZk1rN=ofW0H6BDqP72h1x7d8u;nf9vx7o#4pJ?I18_|hm
z(FxI_7u!N$8qLk>uPr5bx7RPb@V%)EK$cCT7x4^Vg?EKW6!-15SgF49nz*04N{TGq
za{enO%hU{<?sl1K^pGE8Xg0&N$igYgsu#0HPq`*N!=4w{gfYg+r?_7o)p}=++Z+P!
zqI%67ept_<u8YkDe6XHsWLn|)9CMkfyE*g~>M{+6?zQ-wvdT*Ba_xgQ4sXTi123Qe
zZ2g5~J=8+hLn8R)U@H0J%MO+NIX^R0^5@_tD)~byIxDV8Dt3j<0;k(JY~5=qy}@h0
zuyO^N{{Oi4zvoaO*Z$m|8?yHL3u#AnL)Ko(hRL5^r+BjZD-=(@64AnDOIgAPZM;Uz
zwr#w2+49QD;pApkZmAu;=+k@I?3WQ|rg}qKVMPQi6t-4X8phPPTT(Nmg~+>^#UPyN
zig*R3eXyP}S2z(mVh~|Xa$`*Lm<pu^j8afEqnlz-njo%cg9d4pVjBF4dC|se-l)mf
zuD95e=F%r$ulDrb998Y<hxJsUrCIdEbuqYJFZUEaTq}n&asHo~{;q!toZ(Yo6I0-?
zU<!C~#0<!NVVN_4GZ}m}&J%YlE2~&iM7<>Zy(*S8Qx;3A2|J1`L5FzHr1?T2!S*7H
z4{Jd2d=KSinOtNkCmn%!%Vgs@E!^|^R}MjO?eAeVlwuXU*qQ68u;4`+htZ`Lri#ng
z0`Fjtxx_^S4nKZx39Dy6pZP+KiGNHj77X(ED$!!`8B>d^2Sv6x?@V}$4a#ot>id;y
z@PfI)kE0qaj%aXTeAz9Y9#E+k`(H4%IO5&N77v{dZ*iri>=q|iuEkB}7B>!vY;neg
z@D>M^vy8+0SE|K*7fmfL>L1zSl8fOj9w}#5r}nM5MUc0yziN@kb%0@--DrPv-^lh0
zuZFjOG_LIS7hZK&w*5d~CXeTYw}0TOJEHwjeOaa3-*BnY?N7-G<-#<zfA&&j`|swk
z%Cb>m<(prV6H4o3YJO`}^HX!8il!y0Pk!h?YIfc$EdQQ6n<K)yR39e8+*h2L(jHzq
z*yD&*-Q;AB!Umf!Raj{3lz#7~OBGg4Ij!HjvEqBb*YDj>aUV+cd)Hs8Of{A>`t9p3
zRj%;bS^a^v74)0I`5eXq8Ci0E-@D`v5D;&`;i6f<qcngL5bIxLVVD9xDxH;6uFi^;
zLg#4?7lo>7V^rVKeX_-y!+f$s%kjwuEAq+GT>*L5yCL7~nM$~33!_}KW25}@S(Wn7
zPl)u-KOW0J-v(<wMvnPA>F;A`<1NVsoFo9r(5m`mf0}c?b(Nj-j&j|yL(I;3OmpB}
z58?xNC?`GMMMV)g9Gu}X3N3w?>xn2-mS1Wy9JmenH1V-6hg#}@wg5D;td5dLaj^A_
zMINFIsGNk4$`plJMvB5~*}i)-Gn->4@W%O^m<(64Wd!o9!5(V{_i~N?T3zOkMcnFF
zC5Y&wQQqlnPFQ&-4)0%bd#OLj!B?ub-4O#r4ns>V>?X>o{3S6}zt1I8UHbAmn9BQk
zOs3jcd8P_fim6=xVXFTJnCeLm$4yLiAUC2wx#X<TCeA_*4d~R@PDzX(D`MP!J;XRM
zHZd0dhZz5lO8CJuL&Uf=HZd+V5n}>}T3)Qn8CK^|Enw74oF!><v!cxz*F&3|!f8`g
zag5SB-<Dd!3P{#3BDG_qFR65LL?WXADUNM}JW}K*!&l#1*u9yVcj7;xA)PSjqU8x(
zHp1?swt|;JMIAt5V*33X^?Q+w@DWNS@eo2L517m9ZMhU)Rxc5z<xnbgn0dEejX<iw
z-Sa)+YVZ-M2LEiR!FEy$c7R`z5`31@aOB5XGt_iXT}{(nyg(T!R#$bppW+Z);E~Q~
zB?{7D*3M8|RP7$pZ9iR4t7*MPapapPdQ?H+L6Hk{@=S<M8bNnD3|M6Gh3a-~TSdK|
z5|F(PuCi1;v*qM~N2azkdcAjtIhw0qWNu4u2L6tN|6>osKgifPxdVPbvinQUhPrQq
zuUA>TXot^4Uu(j8(N$ZfApg$-9v7y=npKu^;_&s1KC;_?=P*}v`<YNiPQjYZcp>GR
zP2dI8rCH%!O6Ra%bSc4Z4;3F#lWC_D(0=??R6^l_t1K)F?QmW+n9gB9l_&Y{9DWGz
zEy?*)13VFqlWH8sU9d=F|K0%}S6FIIbrJ8<WWa~YuDSBP&{+aIhfmL0WOmJs?|Jm>
znzPSYD7&T@<HKUgAC?C&-U~As*dbrsm$VD*@Rrk>feHK}`4qgxFlnNZVzVT?-{usX
z6E0YUFg!#VHc$2Ul$Bv~q8NytJLy4{qGG;jB+qkLd``vvEq~8LUXM2NH*`iNMIT7(
zTyA#B&(2vWyCjEiR+8go+Cs@QTUTC(VEtsF609nJdMa#R7ouKsUHCdMla$AQW1Sa-
zN{U$){?8mH&h;onz2rTLsA>(%&RJZl0eSp4e7%}*SRofypN1db^OU<Gw{cjhrhyi6
z#sE(liFgl+^-1E44DPr4=<fcJ%Pwzy|Dwgn+1sd;O8K09NA@F0zh~%=mVm4<(!Z=0
z=bB!l8vLw(%m#Ov8}w0w6U+^Y9{J)E;9P%?Q$A7hqa_P(rEH;--C1}mY-dhP<}k^v
zVFIf-X?+)~Gc0@Pmobypui0h^%NaUvvd7OUSC;N=^bRzZLnyvm;RFdt4h3;RC2X!O
zw=k@kk15b+k%!8<Tv=|ZY+aY9xp*oJjiy2WZ83#;O>1kkaj%Td{R5nz>=Ar9aGS;D
z5YnB#OX)7t6_>mlMoM;=d!Ei8!3)+>L`qt0S13VK)u4yHRdndymOho~ep8VpK-xMU
zisyTbRQFTJs`AU^x-T-e(Q_iV(GN@f@FxR5jCD%@@f_@DgdqHGbp%-MqtzDp)Om}p
zn@2Av-F#?~lrtljUx%D2iCWI_#pdNKFh$Urbo0(B5xTk0yOFy2@_CY1V%@A9It$*Y
zpMh5Btcg!fwUBk?JYQR8(bU=vT@YHk<Eww!wL=ce&M09(c2!J*Lz^rz??a6MCaF~G
z6qZ<G3QP1lwDRH-&9mC9jJU*%a^e#ICQTvuG-vpl7heUN7n9*ZC-ih=-ifIkM%puU
zj9YvuW=;oXYdxX^=AZ$ENpZxgPkk(hF>cK><7)$5$3WGxflqRnhBo-*?x0ZY3kaHh
zwAz4XB?}0ejaprKX!Z<;g8~OX8-ix(uz$UH!A&IAKl&mvUL=LXnH4HtB=-v$FOot(
zVKu%-_oWX1!mW@{GKWhmXh*kMzj$RKtxW?C{p4OxR;fz%VUhqO`B06DxVaqIj>EN2
zJ&aP`7+|ax^cfTh6)&H$sKodyi*NK<NE?S~UrArA<k$@p6~{gyNac98SI`PR0R@y_
zZ(p`k%9^=@#nww%0Hs_l2r#C2bIg(uZysFw%krib{F@k~9n0nMYJ+1k&G@OTd@v<I
zad!h(P~06RTOF9>Eh5x+e1V&G-w7NBo>z9otM7*?p>z&c)gswA3=>3pCwwP}IDw9q
z)Z~yWeze1x1yY&5SMIisd=aj2T0Rp+%UjB(WgX8L#5?y!60e_#H*Zcf@t%&_=L|Zl
z6Yty`NxV(MPtFFgIfrirRJfZn{DUPfp84=@@eiFa`EZ-XnxV-+6+t8vhEk*=Rs3P$
zQq4K^nM_AaMsKrZ$U93J4-hHroF(glBybq1lfua;QW&g;+?XsEcS0{skwIgr0<IKW
z{2GP)a<~xIXU){-f!i#ll-Q{@uVr*2MtoOu4nEo84~z~MF>XyKF4!|iX7{jWC@Xpy
z96Q&fP1pVG+7wgyV3n|R#(a-8^*-zb{V8YZ#?=<5pAH@g@_&@5_F6V;ft}zT%2|9h
zTgwwKI>HSL%2&$>@61>%@y_OD*Rf5WzF2LOmBGr`spLfM8#D<34qmb_-EO5yhUDdV
zqE9V)FNf|^6-TdlJ-Ts<!+TdOgkY&g=MP>FW$(1hpHUWQ!DLwYhByD7JDVR+uyH6a
zDc|b!{hOLHJNY=F##3*aP@^+8Q7m5+B8o-Je{qPl_M!o4mo23wUa~|k@sg$2vBZm)
zL@lvBbYjt(MN2rOU(EGR;BZZ>V|b0(GhR=u8ngZ@7F8m~>-EU8NLQ~|G+JP<*W)sN
z5rZ@e#cX~+jBwV2G{B7yRIzIAUpdTtP{t<39G*OeKhEnZqk`_~D^a8K#vWbXRef~%
zebwkrT~(vY@2f_4>Z-*jM@Pj2?iWM*@F5!7;rpvNw7+o}@sPx{5zM)=uO~VHc*9j?
z$C}eup4vqDo58DcDn9NTgIAAVjpEgzeN4Q1_L@c31|HJKQ&w%@6qt0)qG3(=v1NE|
zVC3+@HKJ%)BJX_5iYf#bhVRMxw~Dr@@97u0zw%!;+0<=twq+sOVOT4HuaCFX;q|aq
z0$m?%S!r;sarmH>EYV@$ky$JMov`(+h0*Y2Q@==fGX1i}C{@**`$-k+WvVvxi`48h
z<=u)yceWIQ`Quj7W!JKb5=i4PF>(gSuKYz2-O?CSwj^p27MZ5(?jp2%u{qCB6DLhH
zi~2=+-M_jlkAf_3DMqkZPTA6`PTAi$ENT_W`C>7YtFzDQe^XcIjDNMO^BI+8LeDi}
za&^A*@9yd>KgU20HTS?vnC8G_?v)NtJ>A6990ChMnFbp1P1H*+54OWai=VuhN<Ce5
z%UbQH`ZA@Su2RG@{X!lNo7JK4)w=H1tjs$z&<b02TLPtJ?H-MD6eh<$Au<kwc`yu;
zJs=@jD+7{Ec~ctl+Q4=R$tJx?2;e)5HKP(fTRTOud?lT;Gn8|7^Yu7qr^gN)nDBo#
zaKOw>|6YLuPsHG+ar(bi4jhOX!ZN}XH84Lm1+ESY4(lsE-o#;%?l-!e>nVx7p?H6B
zXhU&!*)O-Dux4?)J{VuAZc?<tsa%f{LpJZKvD^4MQ}9^fABn}j%B=cUW7;1p-f4V%
z)m_F;<9J^diN*V0b;rWu?|bE)B;AHxaZB+1otK4gEe_r%#`Do5G@kwUReftQ=8+1w
z7IUw-%h+1%_C^h7*p-;Wx$M<zYfilEmRpNm{gmvUcv+2ZS3fDcjnS3fD@Hf?Pc*vI
z_f}mV=Kd+d)p2p7DR|<L44!Bis!2LsX0-bqhn(5Ucxuf-<eAd0e$5?$$Up8w)oujO
zbQfLytpjVqx_e!C6Xg7f==IlGa!XKjZ~0q-tSCtN*`Fk&H2S_}V_6{-(xE_3w!+yF
zZkm}<o!%fjZFaB4HDO9y?t9Iff6tv6FN&X+TZ$q>FH7ZemX@m2Gsqz|pdx!TOoxx@
zfb*DaU*?_I1a`+|D67U0EDckk4@wpKu%SXnydhQSvv4edROqlbG(j$Vwpgqg6+2(N
z|4QG>lN?5h0YAkVzDnljK{ZMhi5_kt)_v5YM4}}vsxDAQK3cIrnSZG)fwChfiUU8q
z6q5rl=9mP^<R2BwZGR_1pq#r$jOYD7(|FF@Q+0vz-k&QJD64-gOQ5WKCu%s8e~dYt
zWAEq!W!^<4P}cTW0%hJsHM+I^BLqqgjqb7>o%f!q3zSQLju0sCudk#)DV-B7P>x=X
z<jtY|VhEJoe-Hwt^v_`eWyc??Do`do79mg$uB(JV88tUTpe&2(^um5+3X}vYv06{h
z^pnit*elL^nqxf}LB~@LzoOlT^<Ye@Ljcr3E59t|>IX`GVOIZ}0_EXu)?ps$XEhvV
zep9&ol&dB`zg30HTV=SsUVyZ?uZPZ9!`AODR!zmu7blURo6_B6zD+e=9IwAP-s(at
zoZD<+SpnL-{I9H_;1E4qFyF)Ib+3Vg-uAGjy0y9nRm%x=>rb*<kD0o4^r}0uTODCl
z4SG@FH4+SGEwV^`1b{4{L|uA*4oA89Ins?04e!h3i0FYe4=`CadGf;8Ws^BvlLn6y
zi-~rotCGb%WDfkr5!Hy3ISg3F$Oxil^rIyzle(OeoE#RuQsI^1WKDxhZY{v=D*w8Q
zMQx59U`{Gc%lcPnTGkX<f<^^I(;^I!fgC5?YX29EvHdF$c$&lJQj0?#n#h%&fzXCf
z_I_oqN7K`}o4WEUjFg8i4rhmV#i5}Ua%!_IJ+9*0xgLGGQ#p+K0}FS|bb#Mvpbe%K
zDZk7&^F0h7p?Pe_T3`qGwF8r(t#rzm28<joK4yeVZE%#7zlxL>JYH>&8bq#TzbdVz
zSE;??3(~XV#a7&bj~I3?J!)-y=&WX;srXV7hZU>kTW_R{iOP{x5t>+OLKBiS52O@@
zQD%4vH6oK8u_?1Xd@U(++AASB5~RCSCOaBq5<eUoYoTeZg&HQc!$xk?h+iyo#5JwW
zj0mqN!Rjk7uh!EXzP)Ub%2Uq_hCKf!GEqFktqyXCH{xr}2P&L&^=WZcKDUN0HK1}U
z$l;R&4O3`(ZssuIg4^nd?S<wr<ZWeGP2sR>0Eq!1!8%yt;*)qGK2QG|sxgJ4Fd?s{
z3$ZStkip7?Ylp$%ewM}@#3raZTy?v$u(9|;g=WRB?pArNv8KFUKdz7^bMbF*pj9a*
zfxo5KflqKa&`M|?(R>$uzdq|yq?TPzaq4!-Ff%ThlZ+s2%3+0q2y$N0?rA<a^S%d_
z2>2#77!tV49V&6)2WD118$;lp3un^SGPXAcljfP36owIxQoTD9g}w%prB!U(n`H?s
zBV(gciaMUMdiw(`LTEh)hnSFBr*v;}{sIrfhp97T-K+&Z2PKRObh@Jimq}8;49BDp
z9hMy_&!2$(i#%cg#cx_u2j6#R^TGYqFjiTlX7p&$67ih`X0A<pV6oCXwP4LfX)qsN
zWC_M|w8JuGQu_^O*epvLbr!Fp3GavL@JDGjisx7#zE!t2lL#3(j9kT7JjZ%)BH%V3
zuy{xCBpJ^jZxtPA2pHvG_*#lNMLu2noErv>QfN;6Ul=215Bk626{GxLxRB}-^V-m9
z4ib~Ao&UWY%7{%CtD}5UijewMCn!vYZ)X{L^;<dhA9|u!Yhu8|#M<U(Q*_g5if+ow
zcH+&js+tQMK(7osmvO%<j0{?2-uV!Ah0~HW^WKbnaUEE^(8Dm1du7c-4eNOE0q($7
zM)_|;+q@U%SV`otLxn_R8hr0F`4h+VH2V{6aL}faBk`l2S!#U`+Nh2ZQdT2tV|xF^
zH&hHeidp@<x2l2wS;|;?g^NoJ7WB|ts?MR<!W^WRr+Rdw>gsB$=2K7Q$P>TWSQeFx
zXe|@m%7@<_;1MvwM%AQTf}uH_5p-Nz=-fYY2R<5AS+Rfrm^wEFHeIpEV4BsIAR;77
z8JNo9S-**Z^98w*PT8=;O_Aj=N0wV?Nv|(j5)Lc9mBpV$x;#nX@Pon)F43PYGD=_W
zp~fu<nXOY`&r)Kc>8fu-)RA&To<mv``I<H|D7ztt$%0N2lwkG_FxSvZfJ+xFej)na
zD7>e6?tKq(xVpm<%7kML3O1NcbOxopT$0p^$|kif1H=4ri5#Z=V369_e<7)9<&&DC
zG)E;VZM#8f^ZR?4CiK7uz$&$xav=)@F`BoPbKa2K%8gXEdFC71eGg(i*pxu2yH+tx
zP;L=E#2xs@D9Ro7j*$nzfmT@()E6|0sg<RQI=}~9sG_CIl`2}g$N<pazexysC>N^e
z^qWztD1pP2hlmtIoeGDrpXbEtl=R!~7C<75lZt*4Cq-5CM-J0IS3a`&v3+E^=OCHG
z`yNe6)4o=crdNAuk%TU^5#)dBDOZGy>>DjY%tFYFD!RcWslm5LY48*n{0Ng-9P_TZ
zUFGB-^9Cx;py;A@r<}1chfmY+H8?@lX@~T7;%jgcd^B4-S6WQ9s8{o!XJ@My@aHi0
zoJE%I-QC|4QM$L#d@kxCRa1VZ>0H!5IIPysMFrHksAuJG*hMr7-XzWCa5(UJ7~^ty
zHAf+hUoQGTq0}nNU<M!XN0z~iDAXUeeDmb;t;yB|1#c9~7sg&~U^lVX`DKc|1}^q6
ze1L{KMX*;J*hTC$If}i)o8_?Onp9n734kem%HTB{hsjsuvr)B4rMy4<j#=K@V8o9W
zzZljRy)+W|+Z1P<l*XR??$J2ou*4a%ny|x~fgK2Igleb?1t43yIMCc$BINvFDHVWb
z{oB6#^F(j2)(DozVADbwbxaH<<(yY)>tSB9AHv%ET{n1NpB00W)wW(L=$>%#jG$Hc
zCc7{bdqQDc25lR%wS0UHmLtvUTY~LYq7RecofQ_pR%B3{KZNY?71(Q|!^4w%`ib7U
z!g)z=??#CW8;6bjU$-;DI&kQ-O0V#gh!y@ut?;F{eD~*>_V->*&w9%+$xB7Z*UnI=
z_Mfmf*+=1dTi^Bza&QG=((bvOaN2$MlBC^rJ&AT5*bc775n#>{*t#8DA#Cl<CU)OY
zWN{h%4rg1j%I)P#qPOxIJ^^39DTc7%Ehjz!U!wTD@GWni4_m<JTPzyh?JW{gVtB6z
z9sDeuOb|li@KPltMlJC$e2`XP#2c&yJ_{!j#M_3yQQmg&H8?Fd7<rx;)G_JL<w}ph
z6?ZJ@LCG`UkE59Itcd)T%7<}TqETxGYTRLpACt@TVNN)dJfxQAWDo70X7@SZ3o$Wb
z?I|dI(OeJ1dYtyY@4e;31o#0RSdW`9Qtn&+%si|I=a5iQAVDifuwCpEP8>PcWb2z=
zmx2v@!h*OUCd2CN!uy)%Voz8|QQTi<J9U}2OIngAyr#)z4C38hE1AYN&Xzy`+j6Uh
z?IW5V|9*JWJI~6dFZ9-p8?hF$MJB!m8>(dx;cr-J@!#MLYE}%32UjK!O`2giY|Nnr
z==+NEJ`!(p275AyQP+QO(GbCFcStKuX72rEkK*g<g3o4k6QXW&bqcq=aIZg-Z0|$|
zd<rDxw)WQY2=UDv><Ly5Mgxb7Zi6_Zlc*-c_EL*3Pd3z)D*n<v{xDH{Z{|zb6&3)k
z^XlGF=ACp7Gda7Fn?50mPb+m^hFE(yf^yF(%H7jViM1!7xH{FY?pB!D9G`%%sIKSK
zZq5uP*R;qbc^xj(lDyl^iLb+j>OQ&n^RK!6-0K&8I?<Pv2NT}E>JIBuX<tTt+W)HL
zCW%%L5Ap<W09t(l#tS8$4E@vqf20BS?dHsAPxQ4sMGR(nS3zHkQ`BI-zbpn5YcHVu
zO_~W-#klVYxbSDHH`-M;x->;Jy0EJ=gHFC}B>KM*Tb3^2P7zw3oz*g&at;T3J^mYl
z_&+{lVT2^!Npz^Aax?pRlp*2A3l_o1Ti<Y!QxN73_BhBlA+9jm@M|p|$P>4IQX?3)
zQ{DEO+^J5jA?D}n*T?}nqlQB^(f^uT<0YI)o68<=xl}dkN;p*=^h&Ba-BnV$;jh%p
z=8~+k)8BUqv)<Co9wS;A)m0Gw;S`cZ2mYXB5h<QC50l=(WLVbSc_${o(xeEzv%I?>
z>%rnAF=MN{i){nG4#%rGNTlp<sS7qbH$}1N>gd$VKBrLW0jpM-#4nM@U0oR(+N^f&
z;u#rK3m7?kdc|`6FhxiT6mnyjqVOX`;X}JRGc?ut@2eT-zFro(F~5g5^G?y((e{i8
zbLz_+u3oaR|Bt&r0gtN4`p5CEdvc0<lkOzFWT6pkc2H;*#X-_2?$SYYoEf+QopB?e
zB1>`;Hc6m^>kQCA+{eao8MolRKtORBnMP5^E#SUIXIwyu+c>_X|L2^#-RTZDA)~|p
zeZN1Rht6H9>Yn=4sk78_N}Z(sR0B1U8qjI@h8bx467}jno3rxx1-mxz@5}7z<QMn2
zBCD|$KFMvVR0hXpVt*%#L&Yc*Y|CEtFXrAy7G!fTJr~M%8GGdF9EpXHyu7|8Y<K*B
z0COd};VsFlMq=D>ST5n>&s_p1tJ(H^xb%|xN*?>Gg)KjFiMQ0SLI0NOrG|v<v3j!;
z!^i_~vf{zh;PM{Cd;eNkiKoHEJh1cKLiSf4hZgK9IIzmmvWX`E(?KnI!%h`dLaH^w
zxBb(_0oV=Lbvf^0@xv8gyCQg)wClA?1;;p?9!Jryj)MQ<^7?qHMP5-Y^8MnDE%Hjb
zMVdOc$Q@b>24KT>7ip0j?yHZC!&+ER4h>3ZT~p60CP~=su(69Uc8^?KUzy|$tT$}s
z4XjBb@u|hUuQ$o-IPM}IpUyq*&4qF9q<1h-Z!DxvdMg9<`a<*7GE&});2SkRc-aLe
zpSf$mx4srt^NruvwRP|$l4wEeMxOt8-)brwu9|E8%KBL6ra~>mzh;ECE^RvekStTM
z-D4rXd;KfsyRR>Fw2ll|1rcTDm90D?J7>d>ob#Eg4jkK{`0Ir#;@B2F98vV%v9g`L
zI?~JKUZOg}CEs(gTWdQMd&&1)?6bAz*duMxPfk~BYV}d8%J*^2UgE!1<=kCkj)mqI
zT`_bglUNOJZ>;Cz^8aC(Wy2$<M`Bn37w70cV(BH7SOJ&h#O+~=J1(y`?Hx(<jo0RP
zpzSMF<+taXV~^Z1whVs@f7Yq>-(FCOzlEE0YW=qsnESLSbT~+$`y|v);A0F6Ra;iW
z`#*5`PuZ<sB;k`k)W`m#Le7I5FBYN&$HJB)OdMkakZcD4tKiNad=~ke3zY%1Ba&Q&
z74TXP)%kXYWM>+ZotG&{_AF=X`pvl=Alb8=&7Jq=vd%>bm$+Lx7xO{*v5rre|JpLg
zmf>``+93RP)mGwkxWXX(cGo8O%~wXa5@*Avg$Zt|mZd7g3N{9pRZ)gzY+Eg>N?<MA
zozqMrU`Zv`!aX+iu>5jf#=-nC06zOlO`%=9)7ARFe)53zQ-a^8&2Y!q_x6D@vHR=9
zzT~?FPc!3gSx|`<Ji(0n*a9=V<G&x{CjWF!hbDhtS-4-!F~=T>ec;DuT`ky)WNqxh
z`YvSRPVO*Qc<9xhD(Wz+J@o2}s-M(hy0j%b>tL6t4xFG4Mj+%7*^km)4ClkuIh8S!
z54itqN#zl%ck=i|4P2yrtbbi-w%}~otVQsk<z&Mzjo@t9!s9YeF0C9FR`B0x%fCn$
z@K1-fLdv#gF0t|MLbhe*CK$Uba(U#fttP?kbTjk&d-JKC)-k`oKR>}pF6SZ|<`I(r
zW`j01&&2uAn$r@|!&HmwsTNobSLL;&`~Rg}>iygbFI7>gcXKPeSj7!w!Nc4mpRc7?
z_ZxAnh1*0z*%72i-%i^RFT^?*^lXN=xkx|#$Q^STcg$rN=TV)TT3qJ;Cwn02f?MiU
z54(}ur*$p?`A2Tz59XR!4Hvn|JpHa(vEV1ng4ZxZ&IM(&Oi<xM=EAeCF!_o7s4)}u
z>ghb#MNf4J>)&#j9gej)1@64Ho;vO33u9$?3Oo(rN)t~TN8OvAoCZ$;7y09bROZA~
zkx#n9Y6T-x-pGE(mve~nmEO2&?(6@jF7cn9`!W~axQXqVE9+BL`i8z_z^Bi<Oi3b0
z!k_M~C$;r2Ujz;Kke5YVe+<EJ(FMsPSI5m(^ub%ertF1!XjKFQ@QxaKx#>cI0eBnY
zF%vCVuTz>Y3D*^6SPj?asqv^!A9p3NO2Vz1NW8!se{oUX<qy`!#$pxR&O?-MEHqc+
z#X`bOecJ3pG6Gr0W8g^pNDNAJmI?{`O`S!YMNeM7Oo%Z0VEs3BO?(mv9wY^N;rq)(
z45vw`No0m3f65hCv)Zld1XT`bH<Z#pJB61=KQQz^TpnF6;h8CH%4RJ7b~;4k@4M?d
zJ47Q&KXwrH)r~@=cSEoGye>1&Ssw|z<031<=<8ja_i*X%PJ{7hesOo^7w_5K@r%zj
zwtvx%sZZr*I-M+ZzFjSv?4bL<|DrA;Ta?54-5T3r{mZT_M|M-{`BS_087TjMQfZ&;
zB5ituS4d?@9XE;+5=%|=!4D(%6<2Uvr*Q=*OZaiJz+ZOQt^QVf`!p%E)@8PjfVVaK
zT;ABOI$dqe>LFoAqnd5nJcRtRzf5J$Yaa3+a^6W2o|-D~l<ZiTH+@>ScPz}^YweBe
zYd)>pD;6fb#F13n*Sl~pfB$J+hI{$dT4B4FH}0-e?&Z6UBHHd=-nhF?xtILdzX}bh
z_fAFH{B~DeW~9v@8-<FrxqNqBJgOpX{=g7rMB2Psjs0Y^ryt&?bUozxcI-jSlbaZZ
zt3R#lEVSkqYef_b%Q1f{dgMBu?Yrrdy3PV@?pZ7L4zT%2Mg`82@O#CdKKOc9UEB_^
zNzXC@Y%)>*`owVyh#RiDQV{9e6ak;x)TGAW^CZM6K|T-C-<le%=f8RKWHq3*tHYpu
zo`i=}-DZo!%STf$-`|zR!voa8zIU&&Hz<lgheIxH`66J|ZhLd12=Jyw(Rs|!d)Elz
zPfs2FVRzR({tVc>Ms<+dI4|-kmI8k-WE@wiZ-9}+Go--cD6XW(als)e*VQMnhuoMB
zLs<fT6Z2$JMWU?168*qbD9SblFcpUKN5?Rf|5KI~g|gw;7Rj+(;T1b_()xDf_*kna
zT%yBq98okXQIG0L4${?TNB{35A(1I2dT@n~mIC|7`KA&>@Q-mEY|4)YwVQ_*B}dE%
z9xowwoWO}$@p@bF7)h_PA|E`REu2CU9-*)HU~>&~^$_;3C#;|PJk!ov&qTT<e5<6W
zDy(biEqQ?IC>5M(0mS3%r<~1`lRs!`6mWZX5f7w_csBd_gQ@4wWIul>^?chddo)qP
z+NXr5<b%;~I+?h72SS<54AJ-Wu6>@Y@~;jGDjg`KgK}9fb)OnfO*~-_|2MG&<W;YF
zNSb^mYYz$kj4STFeke((50znY?a=>Rythu-OS~`t%t5@bPKozD4&r@vTD-T1I&Rr*
z3j_xDa0%;daoeL*O@r>vVx5Zxe7RZ(o?E+DnA|7r{<m6G(w{#F8Nt;;3SQ(jH9}?O
zDT=@8ToN~uB=*Q1EQ6PS+Nlg)<0ON(?e4Jrph7}Zqi~99eEsM9G8^Jj$Tk&cEJxr}
zcvUfQqCSDMU<eN!!iS&NrO)=@SY$Z@XTaNW6-a&4P(8KOcC~;jrV6}IM9>cl$TNAl
zE>ea*3IEa}Db9Rum*e<->bRd2Q*Li(N{+e1EN|L#9J@BxiLBg}_US(zx>i@V)mI(5
zn`2tL+^;)y!A`o$dYO=Vn0`#zDos6N|0blVx)5*v_=JEvo%eqzD^*L-PsA~9tXgRQ
zd0o7HTmFsB_L=oL@a&ZIuKWjw{{KJp+Y~g4$mc={+otfc{L@pW@>QSL>86au)GYcc
zGIVkfS;J?qSGz8g#Z&9mp6JNp(<D4dEI!i)QNrO#Jgrj<k5(8Smx1BKyF0<~&Z%h(
zUmfzlis9{31s*N%wAAp!1E1FErV?jkq%xICp;rR)q<)~E&wChaVyPa&F*1T<NsIEz
zB4waw8#l#pBk8n$>u`YFs?zj^XFqATY>VMRWs22cvD)iBK7#%95RQ`(9G_mblzv(1
z^s<15!Co6xi3M=mWIaT>bmyo@`-Gc*G6rEPHEppS8Oziyw%8^MMfa<_vQ8}3LsCVI
z^hmg9jT-(ypS?o~;ki+9>?`4c$*tH6wvXc4X#IUC{)8U5Z*l^5Ej3ZV`-epMK8gZf
z7-hEba-qqJBjbB<<abUS`F@7sTO#2KqUG!e+rGPY)uk3us>f2`Olji1Lc(?z@2)s3
zktx%1sEuI@iGlkCY!&wO%;sHnZEQxI0r$s+&@J@9v6W@x@N{^>6>g10NW;WzLG*Nn
zqN+@}p`r|@!;?Iov$@{M1WB0=v1YOl;hxE&JBBypCV0xXB+BMui4;*2XTpgr{+}Gu
znp!yk4;rFb_hByy8z#r$uc|!~61LZ-Rt?OAccyU6fYqXsTE~_afB2%#mK5Kt7HXU1
z<zLiARK>ntEmRjK@7mmJB|_#h1wBGF{DF||+@bp<%b~lH96CHqT6nlUB=_U)y7=D8
zzcN$#|ACBe()z6QW32SSPn;3O{Fzu%-5&W}9`+yU<FLK%=vtC?{TTiV+d$vOHbhXu
z8<9k&eSXU^QQ69Caef$*fr)~oS(+`pM&yrcL?wFvfrI3+DH-unhK!&@10~!^44mip
zV-W5hmDNuX;T*jZhe+5tSsNp;7u?3}i$eaXh3C9a7EY|Do8cIG;f2Y9N5<Y9rTWvq
zH)U;jLwH{8mV*)6Am!^6VJ|p|8;VWrLxehmanIxyr_V$pdO~r+`px$8<Di7sIH($w
zs6j$^D|)0pLLZ-6jk;=cok+^4<Ru`d5#K~wo6!fo1(v*v9(boNQWn7g+$JKecImCV
z>!P-?bPBxF$i~vub&0aF$h5LDJPke;kybnfZm#G3+TYZfWn~ef<ikVEj)YX`Bd8?w
z!KIT02K4o<%zi6&*9k4pB?O-6GPD~Px%eMEyiFYj>Bkdg0TwK<OawVzjYrGhRv-iz
zmMb=;L`<H9kN+YROJBXIE@CMg{R0(JNwguz36x#c>$**KQRh)5kZ{-2LZFa-6URw-
z%@rXQ9w!SiFb&5Ii(sH1jvGe5C{I&ary<I=_6=z(n6%F}rWa1K@87tUySfgaZ>+22
z&)G5O)@)6!UvA#pROCV<Y3kf?#a1G&9IqA<R?UtPOI|IcHyOo}@#=tNB8k+#s8Ei*
zOsHFFJNm=a?Gf}7L600kes>ER@(9&Up35GLPbeqx&ij=*T5tju#L$rC5*CrNaYy1|
zoGJUVJnaJ})xeK4CG;0~7@XdOz10cHy;Gs0XY!>XYjCs_5p>IPR;1+Zo6?ehC!JKx
z0U6rEOIIjy@?3}EjY4?+exahxs(nj(Ut9B5kThbnw?4<RHXoYr7m@Umt0%H5IfAhz
z<Nkgj(j}-O*Jm!`LS1j+vBR#fo9r-T0r>7YN9#Ym)kMJ7`-O<(3<-brk>wCznf>}B
z8J^>xlc~6x<lKG9;xQy2LJU&2g#z;rBZ$YR#jFSBao8<G3JZ1BSkzPn0uPbkujCz=
zsY9vhkws9tbswU90(GA3fqauqu3t($#1T(=ft5f*Cb5?!cKjVlUS2O{gwZQSE0)VB
zkB+DIKO1rlsnJ$ESw`?wez2Art`#TB2u`v+3b!rud-GqtFV}7ev1S$hwBkU;rUh_X
zv}`zfB@9(t7H3P{#JN(SS2oZCJ&fnb2+ouO1G15m9HPQ&k5o&R3^+MXs^-uLS1kRp
z1GsO*(WAPImjkt-mtJ$&6Ip@1q(F<lw}2m%(*r$>=gA0OK%Gs_<RnAYhX$!X9(fuT
zNH{)mQQ7cu;nCy9g-4eSpH@bYjSusPwXRNTMKJUx#g)w|eHnGqmlY{C{rA(h#CW{9
z-D~7{EPD-0MO8G`bk-kIS+_KIshiUoeoSR}thpOw@+e_hN}N5~%?!)8iu5`9XNR#5
zX@591fqftx!Cu6;eUh!Di9gs-7eS-go-P_9p;qW|G$7Z+AyC`OSM(iHIVP4;kFBJ(
zHtCj_jg=8kCpO@Lbltqy<37%hiJja{dp#yI(Vf`qF-PG`?)6w*M>@F<b#h(V<#kCq
zeWU7a9R06Rfspmw#GWzrc7)1hVM+P{bw76t_D((E27Ev`t~|^UcovXR>5(unqBiUc
zC&k4Qy0KmvxSzYiN`N)6MkxU@XwEt~f+eHytb=hv1p7ts_%if2;)pWR1_!AF@$M9z
z2vFu932W_*e0PWxvo))+=$1Nr`%}jkJM0&?b$qeYe(`6KITT|^c+GxsYsVL_+b?eE
z_~H$Ifs}*SuD)p}yh-e{(@FSay=^y<5NSl?BbHMoFxl*YR0K<=w?FbnvhMk2!ojI$
z0XQIrXTdpPoM4YCwTM^;d7=Bzkh)(cB|N^@823+lnbLLt+4Dv=Xc2C#Cp!$99uRuS
zo-;0@2MY!E(1U7KLIsW_0>WxS+$Sqol$1-zk0JQc4Y&8QBUOe-IaOe24=GF8EZ6zb
zO9H464LORtMBfT@PehL__apYigZV@Hv1rI^xzJL1oXVk`q`W3FG7?xo`ZFKgVQN7?
z`gs(eI#gjCy|z3u<S%8b)K8<9Y()th&f%?xTY4ohOl=#%Udvfy1o=C#C`#oRQbb~8
zk#0LjFo8uD4we?re1omzidyh+X<@{EL=tJdY{3c2eF#z~@=0jfUZ-YnAACSWF%N1Z
z2=;!=XSQdK5rd>8=~V_pq=g5oqLsqgo?(JTRQiY0>6<YkEsofkO8=Nc`VEwx>)DJG
zrNyQ|D*a}M^vw_O)Su9!D4WU7U)L+9zQ;?wbJYqBcLaMLf$kI8pe<w#K2y2zCI<M@
zKd~H3CUTSTa|^w4Rw{`{p37p}Ph$Hd_GR4`+c0)dG~^l?B_{;doh3MiN`Zv~BsGXa
zo*yN$9+90<oWMh*#WBXZ`v~sT;#6V9;HNW*hsYScCCf73?s9RAM#<(~q>PDH1o>O+
z1J5quDRI(oy_<28wD4r*xZjgw*)u{Wo*dOJ`qE2Fl-nI@##5!mQF{i%136sJ=a=Xf
z^Kq|cJW*O$&cs!)iaekhqte2Y6up$854^lY;P`-A!{H<L*TZ;<wD4D?frr3NIRbl2
zc!x^uV=wifuHn<ec$Bnw>)C;_0z)0%9V;!~>zVnETS^b(aniyQ*&MFGzJ7#Y`pvJT
z#bM4uvXS5P?DS1$c_&GWCt{r59V0ECd2@O<L0WiBC+{Xpi`NtUr|(kuI=wqVS{Uu*
zU8+lUcxRzskEKP$-WfxCy=w<E#Tt8q+3}6ve$$3$NegE<eCZctM~}<OLJWAFCbh5+
zZ_pG+8A(oDA+-TMJZ-PkSE$risnjoU+G~W=M*Hx3u~+J=HK~pA(I>d<q?W{^p=GJS
zPyoRXw`&5Ahqu!Af8zVr^!;@j`Q0Bc6$k;pA1C+`0;+p9;~0o*QJ!8|s#`_ssUAm=
z<*5{O*_S$SE%vP<q03Pz4ynOG8|kin`O_g176|MCc@`c5H5UE?a<w{vhd?b~x2Y?T
zkZbu>;nYhnPJJ|tAR96WXlN&(!Os$DObrgMw!evEWC8ZjU&k@?5TyQ(|DZrtNbd`Q
zN5dU;DU4nfgxS66`{()ok@WpbcA&09rS8LD@VH(hHIFKuzN==ao442P<suv);R#X!
zprWO->lbI&uaiRVb}r<(tU_i`A+tI!<R<4rUP~2{UX2xLUx@Yjvvtkw3$c7^Ar>#g
zvZM5Ygo_^(0uQHaJ8qy1^Sn-WIK#tLgtUl#Ytu+{A5RYX#Pl;2;=`HNj~-B~qbOUH
zvYnKjZH;rbkL_$75s5n||FkPa-s%P-*ZfRGPN1qqv#ZwNOzS^05Sc{TPR`D@%sJcl
zognhVvyRFC-4!Cwb_0<+e<mU)Qq{_{tG36P*2^DkN8}{Rc1m`(-OkxoKIn|dXU@r2
zKiCB#8@qwX=Ka7U?>N)?#|OLSkvE;Qt?LAl*PWC9sVhWo>jomv|4c+CQq?A9SM51x
zTJO$4WHM#@Wp=h_oU`562_i}7<PUU($d%nd<lUc%h*M*4a;Ek13`Ei+q#4;ZIA?pR
z6GR?%PX2UPh%|Hqk+%IHNA7T@^`(8tkv}_Ud$kipZgEb&qbo%AJhN{^Ry_3c5Gkjs
zP0p^`)y}lGW*~A3W&2fjwzbaL{@w{9Yn+pR+!Z44bOVvA9{TV1nv0xi{bnD%Cgz;&
zyG{^U=A8Wdt`K>y8;IQg(0^aoeEEzct(QL3H6mX)XZ!s_&WP-GPQLP?E)dz&4Mdvv
z10wG^(|TP7A}3R}Q?s+Z?VRm~P7rz1Ir+M-5V@lph-}{vh`iuTYtudu+3uX}o=y;X
z#yR<YT_JLHHxPMyKOpj`Gp&zhAo459HYGb-vvam5IzeQEbMmLULgb=uAo9h2K;$lG
zTK~2WIdZ#mwwF6W<j>B@U+oH!FSqR*k=VokeMGKxruF>{L`=#yJv-Y~&e=Zf1d+AQ
z$^YIJBJXtrk+u5)kxQIu{VD^Isg!M6cD5DH*}m-rk(hJx@47<dg>E47=ly`l*V`Ov
zz4+m-{hBuCY?nRkjK~+x$$$TF7l=IC4MaBV2Sh$_ruCYKyXKL1owHrv2_kPhC%>U9
zMDFSaBG2pxL|$~J_09}Lrckzu>}=0FXItM1BHNvl-_sQ$*LDMuH}?Y~Tbya#oPo%1
zD4Us`ZL@Q>EuA3J?410Gt`NDT8;I=Q4~VRHruF#@M1D=#re<fm(>dFVogi|%bMlwF
zLgee@z7bjW$bTP^>z!$RHv<u;fu?JmvwhGBB3C&l|FA1WKIjG_YxV;ompRkgmVt=V
zAi~AY*}m=skrmF#zwHW<7rTMTE&BnHZ<CI+u6U&D@sY2bvt9CtGa_xy$uE1P3q-bb
z1CfXK10o+f(|Xk-U3+@(J7>GL6GYy1PJVq?h^+4hBFX)L$ji>O-u_6}z2<Mu+3xBD
zk>{P0ukQ+x>$`!->-zzbC!A?*ex&Q!iN~C?J=zH(o1K$y=?am{x`D`N`vH-AoN3+u
zNY}ci$vN8#ogi|jbMhCvLgd@O?i-OG_5&g}IMe#}K6vCh=WOqFg2*+_$v@}{kq^6p
zNPNS8ACccX)B43DU5}4k>YVM%P7t}+Ir-OJA@XuJ5V>hTAoAT`9chhi=vvo&<DBiH
z4bF&s<(&MI4P7AeL^lw5a6cgOcV}AHZs>YcvDG=-)tw;nzH{<xyF%oiZXmLCKOpj|
zGp&E#&~>kQ$vN8{ognfz=j3;Fg~$!vKxF5BK;$WBS~qOy+8%k_IoqaA5P8fw`J-JS
z^80Qe^2vTc<UVIwpV`p0uDRPe+jE^D(&U`{g{~0!ZtK1g`JerO$U0|Q-`s~B`J;2T
zcRE4jI_Ko?b%n^^yMf56jsJZ_RyxzVdmnP-a_4M&Izi-8=j2~@g~+SjK;*{#fXMe-
z9cf**u^o|9Dcf(dv;EUKTf;_YM80uOe$mD*5P7N_h}^#)5c$}d)-@Zu9u4@&Iop+;
zAkylb{OYa{xvv|D{AJ^RfA!`LXIgLB*tM>C#W~w;ogng(bMia7LS$Vx5NX*Dh&=5~
z>%$wnUSss6bGD70Ao93#@=aYKva%b9{9`{L@_;j~$&FoW-+P_2J=+N)cRMG4j+6J~
zuUsJYIL_;Q+4L>WMeN`rf?UKf8N(5smvC)X3F~+(*pcw~1A-6MxQ!R4+h*(5x~}#H
zB3VN8T@@2_ogIU19il!-a12d8<ypnSYuw5kq&UnSe7;dc_;FJ@2;R!AsUUd88A0$y
zNHeUWZ+*VeUg7RBc~hEOpT@gY0=(_)B-pV?kKpm()-61Pe~;A{<C%PQyuKLE;;R#~
zo}JBCC+dr_lCR3M(#_zjXx7^^J6uh4xH`!p-KpuTU#724ba-}3`s(EL)#UWmG3l%0
z(pOOj3XaRFWyie7cUcc7>Yd7SN;fHssx#7g&q!l>M!J+qkgHpGB;@H9o&y&z)-9|A
zpYFq%{Hv~K@$dN=&(CXr!dK^}uP(?)TgAWgGs;lc^Z0iz|IXpxv-x*MM%m|PJgLk`
zQ<+izxqE$a2KZViNeew~p@%Ivn|{utAAUPCodhI=nln_4a|dfRa|8~BkM0)&C+Z7v
zx?Y24>NPk42Iv<4TCc@9dMzHO*J3%LNSp$_Im!%ST+hG1qF?a+-~W%72q+}hV1@|6
z#zkuT+>25VXCjru`&Bn@6sClg3tR2bw3^!`M4#R+7q~RxatZN$zQ@Jt#pR;=5p(BR
zBdTVNIA=z!HFxgp>KWGXQ6ooG&7EtFsHv_RG5g%JM$A0>>=6sc9`?J#4jo=K<D6M%
zTEl0bJEvyhh*2X)oIB_2*)`|PaB*7uX2e<NTGd%kT;Xu~(sky%bHiu5TrO9&b<R06
zD#Npg3~SN68P(xgE{z|bJ2yPb1uoa@bI(d$E;{pq+2L8P9C}}M?wpzG>6z8lGpa0g
zt)7og7c%?Yv($^oSvBX*wuYZO=LnAOg2H8J@BRu@sFyZAr;N8jqAU+!o<O65LsO`@
zAmecu|D9Z{PV9F_IhxZv4olL<#9=I;&rOiVZNXpApV9mf4pMh(IqnI_3F;|t>kWVr
zM?*$biIpaYf6(N;91cR00uSZ@Yn)R%9R2j?Bo33N$%C;-1za=iv>sW(!HQDRMGv?R
z1r+jGa0_C1fD}!5@U}R5Hqw(CJ<L0x0*Bx)jzdFEPyua+!2;8z<zNf_P}Yk%)v$x`
z7w1tb6!7(htttYM7g1h;LKZ}@cYhooMLo(JMZMCGC~s=uU2iDMQOE!mPO&fjp%9Z)
z9U&(55C+v22VxNt+(N>&YMV9ncp(dL@S`{|ii4v#FoNDAQ9l7uLY}#TDuf5|@l{kR
zx+kKj2!&M9r?b90K8oQeH=U3@u@DwTQH%+NB)nZ0Yp=pZ{2AYoD1L*!lcMOUz`}`4
zti9(}@P2GDo^swQQaMA2@<`6=InqRN0(y?bG84skEISazObLIzutg>H%YV^@o6(q=
z^;gW4Z`<#hss4t}aoa}9X13~ti9)`Qqh)}>GLosFZuzYH>Fs(|xQY%lodbY~^%9J>
zR0V&jkHC{75i}z>JVI8%5va>BqMU}KD3gW7VMJ3-;~jxP3sKha=GtP8wvTQZn8LY)
z^qZk@SVAtfzo60!v1l5KacJ<bJ_!w}Pf)v-Td@B`92vzt8Bv=tqZp2$KZ1D?ViL7~
zw~#(DNg+`Y3WdYr7#2cJ2nFPsW>`Lm=w~jlu=q$UjbL#E^#}@Z$I-CUg(G+zET}}3
zmAv_xDyG|i!%|=$RipG}gWUi}D6Tn>z8sdHAr^6C8hR0ZLWQ2O!<V?vKv7{Twp|!f
zY+-SC8!aQ~iJ*5H_9aG(@_y$L5iE$HA<NZf?1%~;0~a)7PZdSxz-eg6<v3FMu~!)y
zaypY_$Z2?}6gYYk9y$g4N4QVWgZ@@3P7(I2<V%jdvouURaey99vvS`xG9jZ<>#stQ
z6Eo$i;4`RPh)L?6eFZUveri=Pre-@KKjN3EEJviW{EUQmXC|!eJl!+<PG@$rJhQvy
zp_~5bM<Qba`J6GtFEyB3X$#kxb^y#$X~~Lesejr2s}1vae3be{x15GJOzK~;+_MWk
zGn!SXkiTXM;?$a7xSG<fSuQJTreR1HVeka(w-5)GWAGO&mkwkGp5*s)usu<3`wO*9
zdozdSPybAFcs8}eGy1Z(t;2_dQs99#7@VloVQJ=<7V?+$aQ0U+?x$wlQ|X0G4yC86
zk}h`f&#8c?GV>ERaujc2L;ULw<W+PaFE8GCAM$1Qp^x_JLX#9j#WNUrQYPc={8=5t
z>~2r%cF*X*@$M{+pP$%^<D+uhMERxMRxO>l-kHZ|R(8(gAMM5Cq{;i%-~l$P^|yJW
zul;wZ{g-STQDgH;jhSvu(}7`}UQBg*K@|C#yCx|3-{t)SGU~TKc)yk-vWW5B<bBfS
z(^!&}T8bx5P&xZ{Olfk;AyVK`5ezn|#Pd5z+{B4TN`XBSU8ht8^i?KDmnroSC+$hq
z>ndGFca}Gz2a5D&8I=`?r6{C6lT<iVTaAr2bHeO!J9}QSl)s{~&y<^`rTCoGJ@OTK
z2HP-ikBa_6HpLZkQzwdGuWW3GMA0b6@I=z(6*7i-WJIRQx^kM-TTpDW`C_)!PTCVd
zPzB^P5>Y6${zZttQHG3S&5+8}zXKl39(FdV^$)aXsLag3-|!N4MSiM3EEX-;19Hh|
z)Yk>{a(zHLWK=&XOp{G(w;e)noD?`X!jJee8es$34yEK*QEl~*GF{`!yoG{hbr18^
zxrstfS8vD_P@dGWJj`iD)i5WxqwFJr+)TfIJ`)sRzToU2Y#+;u9=T@IwsZg(kGv@B
z`T!{!CbFY+faD-~%40f^WLBKRT~TVU$sg64^rlw3InEJstvcBsB^(%*x=(6{786+c
z0^Lv*MY18H;T8@JTO%5%+3hGshTOq6wrc)C)ch4$%};q2$%-<mud7&*c4|gchA{{y
z#t>mp8wO!o8}>Ukf=Es$M+<~Gt=xV)__xKT^a9a|9MnhxXnbX+uhcCH=`yra&bM9S
z@#3em8{6&qi08>oD@c<@Ow^lDfDy%`VFAHpghS**!6J(#dwYz_=`xOPZD0U#ikzg}
zj+D?3?L*d<##L0wK#G0ww{nv{Db2R|Oo+P)eXuCXK@j_g8yafcv1TWP?EEt;S&ABR
zz3ned&nyJp9747_$|1P&<92kdz0)$&#kePMc%&BgKzy8PQ!1vXd<{$QM4T$e2V}F<
zBIJn#(G3fuD9&Jt!ZrY>hyEkwmU1CohBjf2-Kb#|hl~*NAYLN%S|@ZC^SKTs;S@Fp
z5;jprW_Em^$dK>T5fQi4!puNllQ*t#R+X9++6V2Y%(ZC`iS7%sg82V)^?ZEZPpGFS
zo^p~A&y_pT1HJVo(ss7Slho}RN#o6qH#RoH9J7%JM~Y-Q&(nA&qF4SM`^kyuEteHo
zw2FkMS3<5HN-M~@X8Q-5mb7K*$7tF-?4azvbkva@5^d^+MpUXaTQ6Rap%*VfR@p@*
zthH)cYvm_cYxx7Ru~k-nL%oj_mTA{$P1YGg{nRAS-nwkW|KqyMWVEw&nWd9H`K`bM
zVKHl|!y@al)s*i4NqQ<4MuZD0rHQ!`ey95op|6Fx@H<jgeWOwvT&#M@uTg;COoWM!
zW6hYY#Yz+0qOWFYvDw|wV$B^D*t`XHKYE<cb+J3gNth=$w@2*T#CCX5RE^XeAiZdm
zmzT*3^j_1zCtZOhQmIjb*W4^m{7P2XQG3fdNFEY4uVGM5M1%T{XO$OGdU5b<L>Zl?
zx?UK)66Qx_x=!;%JL?XPu|?~aMW`RH#*m|_V8g@IAHQ<m3^|j#ikQxYEQ&hYzWJ)a
z5hS6GM6pdJ4rM0h4;Qv7J5Q;~1*9s$Fy$s)g$2!B%VUKRrL|({gIc984-7Y~$X1sO
z&$&&^bnQxfn%!H<+g0EwF3bmWDlr#)5h@n#_b7Ly0$%Ts0W5u=OURXe#EDYt=jV|)
zaxI~fN54TE5m5Ihs{0jLcWRsq&QWvZas_(}AbZj;u@P{pu)~ju9++WTwj1kf)-Aiy
z&X508&0Dy{=EfmHL0-a;R|`b&B&6QY5%3;lB>8?p*!JoGIRic~vKQdFd@xwVmT=ST
zA!2s=SEz?4s=IOOZkoFL!M@}4H`>A4JD?r5(H{5TK)Vt>FguNL9(Uiin2mE)+`+#M
zCI4?Bx8i>ZxyVmLu2|VXC(A}2lZmAd?P+0+Ag9ZiT*I$SsjFUUL{rsp)1P}$RD{Fo
zyT8z*_S%z$N&2JHcj0svEwAwJOAdsTSVRc7-y(r{>t3{QWul6pE7AnTq&|x;;!+>w
z4>-~Gx;;40#66WJuDZFMxZm;RD;-Jf*l9I%39<1wmkV4!y8bWBkXE04=A1b*s(#ii
zDP8?;Ue&p^XIeADvs6LO^QKPIqxUYeh1Z{S!JJgY>QBw5U^Pd+O|VuU*nr+Bh8wY{
z2|aQx_c4!L%(m5`$_zTc5|6a|2&;T)>oDm>Hw1a2%`2fcDn*p|WXIAdVi6WeKl-bA
z$}A|0u&AE3Mrr_=V~W}jswN@INm5`b+^7i*!kbIOldu$S(zv{_e2VW_&X{rr7TR_@
z7?xdRtvww@7ITe7q!hvROQTK7oh`zkEJlAFlT&2V&?PMac$aDUBheCo_Z2NodK1UM
zEp0}j%&>KSwW=Xcu2DyeCee^LQCdr&0e+o&Ng;KRLZXrXvYApHSLrMHXahG<Y+N9#
zcmUj(gaymckdxHNF?WV0mzIOA^dt32To9&a6q{7LB+(7kWbaw2l2L*$Uc%-OA(S!S
z%Fd|)^CN`U;x-iUwk1-{7F@6lizZIO;QFc+7=Y{ZqUeYBtT3U+rbkc~qJVqzqGq}v
zHH0jny3IZ?LH)_I=LrcG$TQ`WDBy3IU+UN>{B(U4`PqKEg-92`-FYHC6&wkNC9Kda
zYKnVM{3eF}b>yMzK6^-F4f_pf#5zo*O-{QHC_hRm9`YoD5+1LjdOYqS^$(k>$TcCZ
z2_V95kBLE8TV<mEIvxlpvJd$vl70(=70cAoDT>-@>Nt`u9zIlOOO@be_{<|zY;iH7
zQVk49Fr!3*OUp5sNlNY0*-E8;6Vpj1t9usaQN0*LJ**}H;)wD|yC;A<#(mXoVhO#A
zVKC)EtV03UREez4*q}P&^(pc(xQVF$Fq3+Zg!dHnH&hAqzz3d6yK&8!YS$zpjN)Ul
z&(g!>R=KpC9Ik{Bw`*dknyh1rOH-U$nc`Hs%hiXwv>Xp<vqJjukvR8h$NKosV4te2
zHo6cEd87Rmp+|J;32vPfK!G;IXKU4SwIOOfq$cfFm*BVAFe$;^Vi(YkbrJmqZ=7i<
zg}LlhdG(OpT~;vW`K**KNbrfbAY-=5hhlXGF2H%V!2$D32EpQrk=plAXDy^3Uo+R}
z0w0q+%*XV%*=}c{-o_c5+B3Ez(!?3h=Nwv?^Xn~IKOg48yaX|7Gw{*_<tydGKnn#-
zkD{?2#c(XRh&shT&`=JXZzqPM7^p$dhwU<{hR@$qhi0v0-XZxOXh1KChDN^EhO^^K
zW&<Xb1ghX{X$kaBs$EgSw{v0`kZ_Gxpnzc5WM9Jr)0@ae{m1D{injp`d373LK|W+o
zTrCkvdmvu>FCQ;ai5}U&{;gVbQi6FYNfzZYB+MqWORsckIV@Dqv&RK?*e&nYsVxeq
z+5yGKA-Rp+v=DVJ{tIX7F=o4vEap-T2vV+mK96gTcC^5N9Lnmm(xyERJZy_-$1q5G
zB_6~qQi-GNv(!tJU~HmVdt@UDcxO%*5-=#mv=fmrF0u{YpcHz<=9gQ%BC`{LPM`CB
z?9y`lgkrIFB+<cMd9al!)h<sTk)lLb-bKVZf4MLzg`R9vCm)SU9cIIoi74sKXE)06
zXdmCmoSw5r-A=LJ>iyJXd%iL!nUc9o?sMwyS7^v@?eVt|=E>ze9ThS$kDN*Hq#AuD
z_LEUGqO!qW(RDh%@PNOSbmn3{CQ+d0O?1QJ2zq8KIuE8lJNXo-X7rJkdlfzMa`I7`
zv8W+q-0fS?klLUkHgkx#(i|91b1(#AvN<KJW6?0l!{0SAH~LbC^XT`WfPvhI`4VzT
z)7Qpu3>3GjH6){Lyw~tdnjxVi#svgT>=Wmuzj~84)<01;NNuElqijGAxyC4kgh_EU
z0>w7--pI??+%YU=3#~M<9zB1=(#`0*5XVID7fJdph-Z8f3gc9}7DUJwQ7nZiCVKP}
z<)b|08H6?SqZokQ`K;3Bw~$H;z!&*3eicT9m-9^wKrhyVE9a9f=T}PO?39}Gnpjl9
zBjHMEJR=1wgFX2I#}G^jqRN0!lQ!0?P4HqqOwlF?^dzxVABAJUh~h~7fgL+^N>viu
zv**h_U$s>x7~fp@bG>kqf@!_Lz3nic-lRt=iOqSKj#YtI!V4~~pJ3(*!Z-7%{+Ab+
z76##;^DIPoF+YJpSU=xXFVGKP%?o2G{GlL5_1!bCoAotq&G1CNum=MhQmVmYKY?n~
z)=iJpn;lhCX-YLwi+$osqStQ|y=*=ay-X1uo8OV>WlZ!BOms{U{eAa|_P}lVYMfH6
zz!7So3MG{2k@P9OJV<KyUW-KbJ!A=Nm~Wy1$$aLD2j*v5M=vug-7~+Vb;LwWJ7+H{
zh*SQWFA%3I2Oi}Ss<TOW#nNMG$G6~S)Gc1<SHMS+#rfbcCeKpnC+(ruXO%~3cjcUw
zjDL=tiS}``J^3#QfE+%mHj0ICx`_h%E3vMVv@d;_b%sw)M`OO!YgvvM^U=K%J@V#s
z_lLOpm|kj+1~0DUuWE3C_Iuv*q1^Mf7`1GH9&gX7mT&;%w%J*0NmpswD4#Y|ZSNSZ
z4fPQYy9#x6&Kj%rQvF!WtwjN~Ci<uI__%H7wqI<sFSG%E<!(DzzvbBrOIkBlwD5T2
zR6AiqcDh7Hx`xbjUuLIE3w}ebj3B(lc=hn)6b;j`mz}2%r+UGqx2Q*OU%jcsYw8Uf
zWDnIxQ}&A?cVYnv_i8L?KsTTBlvl~G3gne4n}jhs&(~C{vI@DZ@}#27%M-<9xX@2Q
z96j<fRs}_0Vo$waxjuo<dy|mMJ8gQf;z+RmrysSz@N-v8Y9oBw0H0hWJ*Y2Y4`Kkr
ze~(-@RqE?x#d4`{o5rNENd+_1m`f`j!JKNPghd}AO<AGxbj&G6v@*px@O~YUdaEK8
z{7E&&Y+_LFk7H9}<SMnkP&ol!(#u5<RA=S%)Q0&KAu%?4MT5HgtGXlg^IKb48rmSX
zAM_*^)8AU=)zT{ZiSmmOcdt^Zub@8xhPag503NPSsKt}bEvyh;aYYmcFsOyzpVp#|
zXN{}V?sOklMB^4i>fbO-dBr^9-KuKlm2h)?3l<ggO72n<d&)*$Re6Aky=5bNKYios
z$Z5GAhug-;C}mRilt-fn0(#7@U&?{V<&S148D*m%<73EsKy$qo79E;D#D<0eFStmW
zyA#+`LZu$VKBR7Y>j}kzvG(OUH>jnfvchIg!Bh&<e$2f|Z%9oy`LqGHY$hw@c~_II
zKDO1h+3LeW4}9y2qqmrq`B=r(Tv!cy<=?QVn2mYuP#;O3fJJb}8Dt3+gs095lZ@#b
z(Mw)TfDb!*-9D}G8e$iAHV$HEgE~MUj=n3<BQ15Fv>I^m+J4n6J*-rZask^dEp31g
zizMW02MMj8KV9tLtYWXh0kFubWM<6&2U)Co3$vX7OFLXB?o9G)1KjK!<yESuFjqU3
zhh2F{q?Oa;>MNbv^kl_m0Q0m_ss32lrVaFQu?1XgKHJNBjJ>+xhny-ngDs6Al+LRS
zDQP#c2eq5nZCC_zwTp!+*!?+wae$9;a>E(gp+uxlPpX3*;m&&PAc3Q<z>$sXI7c2V
zBio)nn^&Qp%)p*-UA=aaP=`-KZk(A~n0#ND_5{k3DVvqDd7&>ewm*R*;g))BkTQL-
z2>#~M6~qNZT`?4BBSi-N9!be-)p6lHVSXHYOBmRy`js}why9e`=&g>p<hvWxom9MA
zAfZ?f+f?0NPoB6<7$=7DYNAVz;J^kP3CAVYq334q_&oi`uDqs(l<{EL=`v%yx#D2v
z8H|$(g=6$E3Rro5_Hagxgs+Q8zN|XW#G;jH|7prz{u83Sn^_$`3y=_f#zh9e6X$iW
zyj5A{slEamiUb}kVXj)wlLNQc^Da#!Tze#xgcz+K$ZzxY@ub*S%+;GP&px3H^T=DT
ziDN!^b#m3TvJ!Q)na+DuYAVq<O&b_so5!d^j~>AMBnmLJ(ZU|ci-a*B7KG44){YFC
zk+51DFX072#=M7|@TZmvwJihg)&v&7OG{(OCqS0-WNN{9JYYFHUsOQ}n>6BuVhp{6
zC~uN}EYxQ(Hu{$1WKA*V%3{QMQX5z-^U*jBbCc-S%8F1_n21mv#auA73Bqcz=zf7-
zNe|li1BJ@YyR1Gz=1nmQ_&aZX;-y$Cg+Lv?tZS-lgDd!C-b+xxM~e8)#($fzP(qxC
zYQI?8LP^vo{zU~qp^&9mScRc^RF!~?YKQtK${MK+_iv;>14?0WRMvJ{ClduPV}f~2
z+JpdkGh<n@ez;Wp{2}H--n<lq%a?>Fp@2VNls`4!{PGLT1$O{vK$yRq4PcF4x#ug)
zC9^RD!iylGEM?fbIMuojpun;4++sdQnxP_JbaDn(_E@<p;!kLwmX|Bx${xbR5PZ6j
z-rtJ?8hTLA@cY~CN~bHon&L&-khVITFgLDDQ?(E~gt_sCsq|!odXlsg+@$97YN>rt
z>PN^Z7V66or(xlph|_daF0^O**78RNMATW<kMZsbV+|g<42?<rD<?@y>fhK_qB?cY
zfZs*X1AQatj_~1#YG&ga8NibF(IY33+mnnU%EkN{_Zl=dsRco+c>9a7gM9lpUD|X3
z`6ScEsI!d=gp84yrVa4hf2MI`-myT0Q3Q2nkVhA{&p}wxpUxp`bmEXt7KA6YVlJ#N
z5PV2tE{u#TPbk9mRrS6~2GIWsp`jfS$iiYs1l>^_l4LPKJ;^f-$8JE+5jeJrq0oIX
zL^wekD==3ZTZ~3>GUh{BE4l0l|8&LBfJf?*m<!MG^@H^m^r9?Pq*4ud($%7d8gnHW
z)QcCiGRMW$RBw#=03~>M7?zT*O|Qx#+wmw13llut!-MkLaXv)3g_HQ8R|^{OS)J}f
zAFLG-5{)xWbr{%)1RC;k<sJ-)VKF;hp14{%qm}v4Q!j~LL$~qL+b}<dMg!*m6%E;N
z8upZ;4NGF&PYNhk1Pfz4Qs$FFJDwU-S37sS=U{;(`?gIT|4i@C@M#D8&;$3^Yh#35
zuhOl;0vRC-JcNZjoZLWa=Q)>lI#pQzH0{i=T$ft3SdENnVXC1;E+gE>TGWu>O{9h~
z>Dw@e6m_nC4HYyV1$;HPg97WoSmbwmv8dc?e+FL^wqX$Bb7Q=V%Ycgtd9eSxxzv)E
z6q@LP+Gfm$7FQd!*~WV9M0Kt?HKGq5cWFlm^d>Q1AA=sUXiVbK;cW>l4P*bKsJETR
zZa^XVA&oqvRYW$CSMFe|Vi1*n0CkikRdI8@9?lr6g{NKGDMI_D55B6?HVL6ptx)^7
zhy@RhD-Oh5#hJvSSJv}L%E56IaP7RVFe%!EL3&y)P0WW?g<QT5<|omcT!y(%q5)^?
zNf@k+5%5sGHbTHTarn@cL>*pq@qk1;Jy^*sr5)iTp3+xf{uG`!u#bhe-}dLXDD_3!
z)uOmvVo11uflw0BB8lkM%1bc!dt!*Oe#J@okn9o5tiA!8x!TkTJ+Q#yjvc`v&FDE2
zhrCRj-d}Hqhw59g81}g0*i)}S4{WSYq5+HI=(!pV2*sfy4ujPayc%AD$9m*iQnW#O
z`kE$8JOFN68bi-aEUrWkRr`Lf*jOm7L>*>XJaGG#M)t)kOO+1i)jmnm45LeI(Y=M#
z^R1e|5_n^23x?oNS_JWCEP>aT>XnFcmeNHlHR4R4D7F`Q?914&6|*5>)zSp1p>fiW
zI(a<fV0ILH>V6zojXlfl-~QET$eI8OGKescIz#z1d(5=)C(7zV34cUl{`VJ$S8#6%
z%0j~B6Rk}xFom-O4w6ETlMysbv|xdLeiI_xr3r1M4|CyfOVy5e!f`VhUT|I%1r&!v
zA<R99O#nmcn-nZi%acA0pbZhW_Kz)2wb~vO=z;iR-NNE#)nvC&J=^Hz$0=RU=NPkw
zUuM`EK3A5aU(IGaj4Z8d*Y+6$ORT}m75lbgZhYHR9{S_^M2Gth3V$aSR+&WI3K`W7
zBkAd7y;_}UALzL;d!T1fm|P}<MY~FHxtd1O&m&npT6v}t@}k^UeXb^fd!LAt=+VZJ
z4A=Vcn16ytDe5dWO3{km1bXDfoV_%LMUC{0=S3oQf-g#V#ub;^F{QA$Mb_H7YoXMe
z^@YEd`gWPG9bDW#ZnKWNb;4@z)=AZ^gK&EuuRIUwtvE(<*C}-x`B|q-iM1A+5^+AF
zc=_UFiotv8>v7zxI2L?S><M$N&iH!mUVM$g1<BMRo+7(N8!#yStQ!j9L7fslvmi`-
z?I(Y|umeN4bYSQf62JLmkHiT2??jAr0z#{+3BB;rQnFUzWkH<EXvW)5v~NN~USban
z^^Q}M%t)w#p$HDuLpY3&o`?Ra*&cZ@53d!PtWFM+0s|%%$woD{6~`jEo;N}bB~S5a
zQXxB*>TC*pFZ57qw4{hDZ0mF=(fSE{bOg?7B`#WnUf$Q9H6U_1f5WF8UDQ4T(n=LA
zk}z8jL!LGvHNHWqf;^ys!R>ksi^0-<A+RWkL2&C~9w#78sf{hr7O>q=3^TODgm%79
z8|cGf5YR>n41Na%+E}5-a6k<Pr(!Wo(GDS?4x+aMKE&WuZIVwLQi7%Mr#eEnD2k<2
zO9>u56j0ihfLMsdQX7(wgY|oHghf<r7lNsX3xUDU`ST-H(Nqjr^e6Z^j}Nr)hhu_0
z=EwOv>4Mkurmul?IbLcfktc<v5<Fx*5*3Lw5j`cm?P?-fb3w;t2-z}K`PP|6%FO{X
zQr<e>WG?Ip*ZA2;`DnJlo^YMtjA1FX)zJs_Y5chWb?SB61V0+EL1=?TdRe%=@jD+@
z)#-6kr(PJWhjAqQPCHDjL(h#;{|E(KJ?H1q=z&kXOyk-)B#1xrnpg~lCU;togjHI?
zHcN;3&=*5b1N#2T#-W=`pakZJ(UWYz{6*-QOUQjx7h|AH;XD(ELU9;}6Qbh@<L6yM
zwn*)G!d^Q##oufE#cWL%$u-zlU_U+yzRw)&9l@URW*kEP;K&FT!Qu!WcnXe|usBQ!
zsh&M$qdJ?LzOjX;XGcc#5E1fFy|4*6l?VxE5^@+dN7TZBFwms5(S)7!EK1rZGwD_r
zrERXa<nQb>(<sfL%rr+(lA|pN)ux@MlF|e-(>%lFJe*O^Zz)Z`%rsAOn#VHIOrbOf
zWu_TNNshN9eL|&~OKH5BX<p`X*4JC|S9Y3eO5@2)vxC#zQEy2YlPc-adP??`E1ixW
z4>dD#g(%Y*mV}yAp5rOYxXh9dqBK)1UdW=-+|T7c-&whPeI-C8%(f(4kSgJ5D&UCD
z=^98mrd#q1JN*X!VzS#`3{w6|OTuIIsZTDT5{%4>y}^*(N{|gprHWFj!!lEaDbcCz
z&`+imqcc;CrWBKj`-YmZFo7dsV5@GS7cLOmSTD)wo+Ok=W0Y26k<@2nU+E`;OD8hN
z50wIko7fYI!rDPT94+t4=npcg%_0-+_ccNr>qCS_BZfVpRcK>H9P^<UyADAKr|J<L
zF9X9zl;NS{vG+LaDL3&T#n1>IYG&XRrH=(+Rt$SKVV{edaU?ufC)S}C2DD;t39E%R
zf(*e=XSc5psX>HW15sPh6s^QyIr^vYkP8M?kdJK+1D(Aktnv$KlFuj_;}TW~TZEIF
zSsbg-SEE-}s7It&8}tSV|E$xKjd4WyTOEtCS4AAhOFtev9*36UcoPpTSM_V)`t_7G
zrJXTE40EBeh9q!9%6eUGkZU_KzM3RO6BjKMKozNc$Hno`N^*2xt`m*afIo=1J%!cZ
zhrt*YRbcQ2EaEkL*J5uaTfbPEKmn_}CBU0;G`#B-=poogYDWs~RIhfFAKj!ijuBW4
zTk8^}wY?4c2qN@Sp^c$Nd2e?2iuXdJk7^s!wEhCU@WWDVsJdt4eM`08WZUj<r)~Eu
z*>?YoZTFUrw)@I#+x;dK@W-6A?H*9vpx@ZRIG;?QTgu$#g?&-&5T8Ay=3avyxTiLe
zz&r^r8cJ2>HKCg<)BAY@M+z*CqnBLmd_98sa4xUHFV@K>^`rg)nVC|J>O8oFEyL|O
z0(0TPB_<lMJ;#Cvm*_EN0!NB@*B!jGSo|DQmY3jO-M+jyxB&eRJ9ucD(uz93=JcyQ
z$jZ56VVFFtzxNO^rn+HCvxATJpg|^WB_fO#6`cF7B?SNNIpm0GBYToHOKyuH^%~p6
zn2By#fQ1X9n7>Lpo2@ywHqy&`(<t@vel?CZAcpxcy-6G5(}wtPfaH~-0|gF%=_cm>
zhCC(r3M__#W-9%B>VR)o>pnE#CO5D2*ijvAH{WMUc*IQ=d#2jNqKT>coA!kli^?-(
z!bhsAH@kU@1U$->`g0Bs-?6DJlb8#Sa7)hIVSC|lZ%#ae8%C1o2<QncW?$m-YQ0qo
z91R{dF>YDKXq2W#9wC%O0r}~$Zz$j3QgyP#ZqkWIuWNVs)EMT_793=u2Yh<S9!x8c
ze@J--2bnl%6CU4&9=S&QwO`rdP3TR=(4!A0#6C%V+E8wyN3rMA3-nNGv9Fp__(oF$
z7P=IA)PxmFiM-3xWEwop{xDc*z%v(G$O9FZ@auj=_m$}3SXuNPkMuWU0lcOq=s{zh
zg?aR)IGzN#dIbA5pl>G@!(Uu_D|)Op^umi$$o0x%TZMj(v!sVGz$ScycA5%PRvgEo
z<TBnW2)W8|EVR%gKa`1-Bkh%6@{Bl2_+?WH$^5p|coE-$Cx&jQws2^ekZt#%i@>di
z(4$`?^&?WH`x4~Xcp9W$*8ahnQk&#MFVvDR<AGc~q>U<2s3zJ$h1=_S(dSr!;%GgB
z9@wde-upWah0{m~dZa#HLVxXW5tne;0#TgWUFMM&@$$|hS;IT?Jk{uxvlxM%Gf{=n
z`~i=*C(n!Q)v0P1g4bSXF2PN_YzQt1<=u*v;2~X)q6Y@(u{h?!0}FU0g4)sMLW7rL
z-U`GDeq}<Vyf?#jNAN^37pkLBXu&*^C)(f=8N?7QBrqtkig|Lc-d`4=@ipcqwQ?UX
zTlwxnVYAa!`}lihhrj!JpZzx+#{m|OAkkvz@8V=IT5xzH4rO7T+pGrHzFXRoTCP<z
zk)`Gzcvv*${s+skXnwon&r=P{a|HEv4}6s)v{7UR{c(xV#*o~DH!mc8cn_pI5s%~d
zl78&HoHtct2?}VcZ|`Ky<gwVD@2<MNCiGB(Cn@1s@=M{Nx~Q6?lJK+;ve?4h6^K<B
z`X7e+Mp=l)S0t=9Yl3_!L)MVg%Y`o&aT6B;ad8w2-~%m=gJJtp3kSq;a2uH-D4;dR
zZgEBU#VUxOrF0B$dU|h>mBPz^V#WY6TU=f&YOpZq$D-94D(5S;y6#I|@G_Q<mfE8p
z+DISfN6}3J@-h_g?Goq8V}A+%2C9C;g;uKi--BQdD;$meU&6u(*nb}4Q5f2VC>Q#r
zHlXA<SyL?aghEJaLjokb2%D8cFe@4o-doK2JxQW!?@3FgOR|Q@V}VtC8IVv$lH#~X
zh92RHmcU(tm*EYLp$C#Zw85&{S1sf*l_a|1?t0P;XT)$YtP*NG=i3~T{T)$(ycpR+
zO&9Kans++`^x%apDS)<ukR_G^<lYV=$C9Vi;qQxySGT6xT)@XpAKH7stSf+cnfqrv
zOAf247t~-7zPK=!BI`0D3k#Rii_mREn_ng_v4^t*+)~E`h>ceyO&kDCtaN!g=X$j1
zG>Ws>lDP7gMJ*k;QuW`eG-t-K1RhE^j3M<8QNS~*$kYxhWdIuYkzdBci$+vCseOsT
z3d~PxW+^PTu7btXrkYuriVSGTCwPc}+NDs!fn>OxX(2+WNmeWLYp_rst{UM=s;}OU
z<tbL7p&b&y+@v10Ow5N9N%Yt9Hmkc9kzP46i3RY!mS{!~+`d#`;W|Y>l{x^zdI$&e
z<S(2<R>f_~{H5l+VqePx(o^0^6T|REogjfpl0Yp1hlzS9b$O;9LIHoX<(hz%84@fB
zyV4Tu4|ScgP={|yXcf#RpXZ1c3_;@(%N~7yUvZ@0Un~PyxXiZDhb#HIfOz&#-L7Oj
zqmpDW)S7H82Vmz?>c7WCoJN0Zx}JhgkNzew4?Yu&Pd=}~c~PeD`Ct+IFUlC==^>u=
zy+XE6Gq8oAhj|%qTC=ib(xI9Bg*IM>qGE>W7pM{Tg_wUl|L#_!?WBd@S{y@!o6(Zm
zga85i#$sVlIBCOt%|s+o1F!bbMhfj9@^l1z=;8{eog{5Q$5jfC*_-!v+B>X5=vKR{
z3R0%c+o}$6W#e8{FVGM|3f)I$VXg#U4D$v3YZA?(S;ZbO<YOq{4Z&a6WeNJ0a!^jS
zXI_2Nc-D?Sk|$TGzY(70)u#I-?5PvVbI9;B@+---8z7ex9X*8_cK^68f(TcOh$LsF
zAAC|L&_|Enc12{YVjBtZb+z>1Jwv6*hhA}e{MoIIEJQ<o#h;4$5ar{kdguO`K1>GE
z12r9IQ+b{F%JvD>ZT5z}^3*1>Nvb<-&E+wK4K)G{NamWvm?&V=PcHB=Rp8@X;N!U_
z=AN!a$URyvNX6t6Y}!ztHk5nO#(L^Sm(^wtrSyYGjVJ*Wgr{pGnWHH+{&YXs%Xj)p
zef|qWz-d&2)zq*h_LO-4bTdxLXhzJJ+EjM?+{>CVA3ku2)D24bbG@(^I)v3ihuln)
z^wOFxNuGqk_2{3MNpnLQDAi+g;htPxDI(bzy+NctcZe_T$)Mb+9ww-z`;sYa{nUne
zC662CPK&)y_&QIl+s5qpm!-^(2HYuPdI<YLi_M=BnnetArFL*J;%>Q6k&@(9!>`q;
z<#EPB^c~N?yGh(hJ%;^YhBjWHFOCNE;{9TMV`@ZWCmM}iw*<+Lf4N$<F+K^GaRYR{
zR3)~8#LQERQ?q&GMSP|yvkKu}5W0y52?X*k;hn`o8{(q`&G4i~V)vVx1mRe;34`U+
zs9u-mwxEDLHTKXABTA-Zxf7(9DqjDFdHwQSlMLLK>v;EDgEDt-C!wqlkzcki5Ruwk
zuaXrB<pwse_l8m%U6@|M;eq+upuHBWw4~Rn7!nG!X##yv)rwx_glc2`Xn<D_wNlmV
z^-5*Ytysk4Ir*{}{fFbB7DiRf+n$oQj;IM!x5@tKIO)MYN8z}+i3kol8OP0~-~JEb
zprf$=afIz!DYT=gH~*-KtaVuHsHtkSskQ@0=Dp(P5$&slQrv7vZIGY3=uhV5PZTe&
z<?Y*_<&m{AKc@OF=0bim>dlx-9?GR8>MPKIe=d!s81*_dUPljHqN#HnJefO!+m;Hl
z|6sYMog%bhg=i$9rj<d5=a;BGONADCSxO5D&oA7!z2}keKo8Yh3dyJrKY@jd$P6<i
zEVghkSx>Eqk7GWZtPLamI7%BM)HiQgBL1sp0>WofkOfl+*DMz3Az@QUS`+?(Niwov
z6{~F9s`J4QE)v?5%%^O-P4yfl+R0+oS){+Qgk2f324Q=hcpeMk1ge&Y9MeKo$dP))
zw&(PL_PF!r96h8R?t}3*c~2~+r&}=21%1I(!5}I~xe(jao1tvOa6TJ`ccl%V#}}s!
zpW@bx;aZj?4<lQA&*TUU!NW`1Y=iG{HuzANK`g98-@FWipfO;7nC$9&)VCwbSt^P(
zkJ<FI7bIvy2!$=&GHw(5SUBFoLwKS)ui0jT;Xd@pE$h^jXoBNNsfCY?92U(Z$8+`)
z6Fu^m{D`O3RbX$gy&TW}YhrFsL}}SQjCa-ZT8aP)c(<yH9_Fx%f0Ejrc&*x5{$Z6;
z6}R(@JFKZDnY!B@krnGm3d02^sm6SGs77ERtcM5|!CiHX#-HjeKd(#mw@V!5z_?=$
zk|v6U@U<au99&#$vCMfVC38Fy?#fN|o}oV7!ojf7Vw-xXHd1utf^TwLRoVoPcciA5
z{rq==)K1}<@O-HaEJova%%6aUPO6PbOK{8Ox5pqCaDDYpLhx-jBY0yq`AzS-NfnGS
zd6f;^U!O!HDdB*mg!$Tdp^fxHp>~LX`PvY10~GQE#OGCdX5ie$wfcEn(}8NU7s}ao
zd*4cu-OE$wQFJ$9FKuuD^%dCra74LI4bZzsBgsHnhXbYHB_B1Wz1~Cjr2=P#yNG4W
z!CSuV<8p!PhyN47TjrfvRsAz#w`4|Y**lKQzGAn$+doIeZrPG6?46Vxl+(o0?Ht49
zP!+>v9FKyo#}hk=&0@%D=;58;O&s~GRQj>73_Wrh3iw``#XKZ9HG4j*A~m12f)}M-
zVF)u4<$x9QV#MqXWqf#pUrjZPXGw$dW~F}Bo<mTfg8>XXWCg(DsCx9<bbKVoU|#l?
zrv+qQ=)3JmjtxA#+tAP<-e(wdDWQ<?KXrOE#nQnMD5^0R3Yw5(`UT5T=o>NkAyw&o
zzaM+ZVig(Jb_LDsZIWNxK#CUblEmZ(f)z&}j0!8od8V*M>XmBC%sp6Cg&uhgd$At5
z&3?NU2T2iSiL1gEK!L>zn2a*14fUf}o&A;C#9EWy#F{5zs@gU>HlmE!E0j^kfl@tw
zKX0<8CRKkY*>MG1(=i6^sDVJe4cb(L7!rnvj!_#cD!B3TGXn{tT$I}VZiZC!K{!?S
z>G2kI%n3{*L~7bpQ(c~p7|xLkB`mN{HUT4yAr&QLg{{5@sEt@cZp5RUnO0tqI=Rap
zK{!I~|DTEaRGw(F&-Nhf2ip-126Dp7lsKA&`V=%~N(;R(Q4gu%yjK=<9M0=FW4Kvu
z4Z2GgP-Ci0Z*@1*O*&bM;}qmM63)^Fs%?BZawh+pycbX4QABVB9#w{eNd;^|0UH-;
zqd2fDpUUCU=iq^`xROnS9<qqov>#PDmS#m%af~s@(XwR(50k{lP|$1-Jggz1?Z?3K
zDCU=A;07LENt@vp*+Dh*a$9{>*aM&IRHYxS>rSOT5}p(+n^cnrdE4_kj-jCm9Bm(L
zlcxgF81hTC(84ffBX2kg{ss@2j(Kt=;^}Et<48ms>l0Wccc7<C_o-zKYRk39?jnVD
z7b%dxVY&(;_SrkIs9AlDxA?*kU7ec8216-{jS@m)o%Tz=HcU+&8dFh#r_yAj@r>rw
z#&YhA+tvQ^I@OC#QV+}3!{gP%1z8Wr+MRe7{{~c&;T-t`Cfe`TakNm5F87-vwP#$y
zB1`M%YatRUMf*7GiY#iLRo|#rcPFX46V%-Tb$58y_x<X_!&4u&VbhKcs3+t2b`Ad)
zs+Y6W)_L%osm=2?>#Du&Glia{2hHiN^#OaEt&niN;21ROpB<MHJ$xvRfCZIw8O!A0
zHC#JhNI+bCpcJj<|BtzMfsf-V55;Hp_?wJu$<foX96uB%G0ww^CBI`CP-NNBT9$+)
z$E$=ejCN<Gjdo`?GqaM`iEXk8kKPtgXn^vPf%IN3w@#qY#~+7BxxL(L3Y6Oi&L4UU
zx5ZE>q@||xbt(P-&Uen4IWxN}Ilc7%tNr_FXLiq=Ip;gy`QG1mFy@yNxi&`pwvoA|
z6tt4L6l^0M6?$o3g-zsJ3ag!<X){PNHIXk|K_bjUf!mf4L0YwUM?N>Rs+=t2_TB7O
z`niRyr`y2wF<){G`A?58(N8Sxlj6zPKO~r0xh$#+yzOybC}jgWDA!QIjeeeB4`H#C
zxA9^rCHj~D&K;U-POw{#H#xz3QG@$Uk^4{cJ4Rv1_lOGcmZzV5@+rQN1eN~kxeD76
zts40yRqyVMO>oE4(4s9PYigf@9Zx`uc7zANK7xC_MLVLk!7W43Qi5ANXgLA59EO%7
z^zSyx$V%EJEpcaub|Y*|?C!Wix9^+JtFS@qfQ_f9h)adpDcE?BUbj&(A(cu|0=OY@
zdkg!nL&I`2q*ArPo4DA0>qnrKjHh5D*;RpCk02M-E5cjD{oudahVj9jS_xiFzwq?d
zzCP&GK8QS`QyYR7tpz%?UxrSV>e-iI*NH52YAM*oBOiBZ>ftHaHU+y*V>Hq>O}&H{
zo3X(&+Er}|U2&Z$xU~YEecBWYfSQ86hoMuOnbNY_R2z<_gU2ASj9^L#@1UP0b~{Aj
z^xNkzA*h=kq7Z7Q5IP|s^s+!iWv}KWv}o@@QEu}CXg=tm<Jx=>)woT()5!G{Y@#n{
zp)cs<FG#ZT#afA<R*GuS2hLuF4)PwNYN?Bq*WIYLwLv?@aEtfJUG=xIYLCbOs{gFP
z`c8Po_G*Cq@1wmobff4*@$3m`c@ef*480PwsP(_|yozT>G?bw8*Qn^yc^Ddw(7!jK
z@<;LTzIJFKKUCDjE>=gSg;Mt;eu~O%UpklFbr?D{@_zLqE@FpP(w4}mx(ktZQPtXE
z!`q<gLD+CVtGs+Og7-OXSxXGHYt7I;47X#zL<d<+QQRj(%wE&-AO-ctL(sy5Z|Z`#
zQU%^yNoff-o~BscqLG%wt!mqo&_HfsB^&N|n!GLvo5(GF&`OriU!$Cx{8XuE?Xc->
z^u3$zXA7_mk?uKd`3JBuv8Nqc9?+iWN<1083>|G$SAQJCaO!4>=@;Y(!o<#2*rJhN
zB$RL7br`m2CD^9j2wQqC(M}Jl^~V57)c9ufEOfjLZtGp94{TOfAN2jfpeI-8y_LLl
zPVa*|$p2P+XeA#!?;}6J6SaOPaWyD})}r4Ax`moU3)Ut=Hc?`A!no9_#fr%2&$F5w
ziQW!=oFDFhUpaFLHfrQ=f$Bn=yR)ov-x8I!k`hmQknyzcAe5;I(}U>1--YpR9pp`C
zF8XjU`6p0y)We@RljMss3~i6f=KL4r<zamCryxprk+nR%(PvV|Wrk2E+1+_|x4`c1
z;zT3IE7Xz(HCCgRH75&L?RxeKbZRG{<uIP3R3CF$gcTh`V>e~k4NLq8w_jlcpQnqz
zt^^%V(CfAg){RUIw`qDSRs^JNPJ=p|>gwk5+BoA?6|Qb<zlgQL^(>c43|@3(4IjiB
zUg{_DFFHCrH|kwl8{GT>D##`tq%29*$dl(Vw~b@OH(owMe6S`${QYBSU?l%#jS6Zn
ztK|65a$S5_i=xPlS_d?J6a}6Xr9^-5SOuEN$JY3Ml0`Ls`LXLo1_rP<A~j85r3A9|
zBBPJ<(D^o`k{-RjDMK|TtgXK;(W~Ogdr$Aup3}S;T;D(lUYliS<h{N^UxmtH%L(YX
zm#Pl5VM~AraZR;>n=l)@p^2(0GF~pNfS0G@czKgr%Phc=GlzE<MVTd4zs%938Ed#C
z^ra*gAL-&U(L8MAI6{?hM$0dNO8zSql{(t#QZ1w9f-Ti+wRTwl2C8dn-O#B21;8mS
zv9AMz6F&AhV*3|Kikl)Z6&UHwo6h?G2H5qB9J}5PA$C2uB6hV`W7pL)6uaIJ0d{@s
z%*(^Bzmc(P+s_BPjDIzD_1puEhbe;Hx&nfI^#2;cE^`FShX~g4@(}E6iI<IF@5l5{
z^1l+*2)1-SU}#sMrT6E;&>A%IUF8z1Awf>?I<%u#Ulunzgxu_}7ccs7h&+7*=VpJo
z7^0X;K6%4M*hGGRu?semx89J1HuBet-4VPCstAALh6+Ov^P=EzZE+6A7E|vC*_hy4
zUBb{<srn|e#0ykNra1VoVsNe3!{9*GD5znJybS_g7qGgaOMGiJX{7TabZB3ctR1U}
z`W?HWMbl^4wU3pO$YnlyJ+LVlR|5pTlOeE=)n3T&D0&w~vuhL<m(C-s|C^#-hHd22
z=jq~JU<&;!lLC!X*M-I#$tS7e$LugmY{y`{`lUrZ6}TE+)Lzh@(R{6<C2rlo;!J$z
zbYMzyqJ$@@BrE{U0F~@e0opbF5;T(u71aDvmX7xum{0g85bU%oRe0NU4>V9HiBf@=
z=`AaOPX3F^GCWoC%wiJS$q#Qx;&rw=i+9~<toz5uRaUl7@1t}lM<2mLN#B2rKKhe2
z!P~Dz>>4_cWv@%<ph5di;5e#7+o(jNzcF~_*D-+cvdWSos$RKQ>j3=}G-&TcDt!}*
zi!-cJ$@c+GtfZ-OCCSbbV1ovI3YtD8E$t(8X)|JJKL(K262~dT8c9w?KiL-+=_tOf
zGS6&{aZoC#55vv(CX=aTaFEE&8EBY*b$Gbg%~aJ&En}c)!}99q2fd4GD^CDu7qp9-
z&g#2E1{xE6?Kq@QoufngzE%?x-T@75aFa$E*ab~ZV%f?~$q)b+t`h*w<TL}o?=K3(
znMgr9*`4eIm5lWv+U&+K{WDiVC4Z>YStoARW@gqmpI<S)l$%+b$=@mJCEE4H^X%nK
z8fm@8hw<6-bR1t$a3C+7XCwK7(v5k_tnnK`CBL{bu72?4;OcIQnU6~h@2yOtVk7(C
zXX&us7xF;NOcO?HmOB4R&4<Q^5WIUB1H5vU!S|&z0=~bA6Z?HOu}|=c{eEO(Z{bZZ
zV$&B{(~t6|FJjZHK~t6dT}Umml`0^BMjDs+GF;G9pN{4q%C!4;)WI#S9U7m6wlskD
z!Nf2Ud9);aw=CxH0UX$O*}&e*2lm~n#ra{K7i<gy!*O6N_@P;qMFb4({+q`G%SiJP
zXt1Dj2pV35o2aBPlQ`ZMH2jew9=^Z=)xV~wmCI!L9R2%ayuPT?zox1uNd+(e;~Dz*
ziSzXD1^ng(P%Bum<p<|jl4QdR(4lXGhAHScOi@Rl5pMyN{JP4J0|)StGd!m21hfvN
zk}14+0vfa_osLK&p8*w(C=HA^S0P}F)&`BIv7~YfU8L5_I(Gcyb1(Nfio_jS3O19!
zK8Kza@|%yTTH8~1L*odvnG_2WW9^CEn8=iZ_2d(vV)$n(`IYmkPO(+b(@k&{TFG1J
zH+q&lMX(L|hjXkg^L)R(tgdkKA-cYA->WD@`SHIC*SA&3`ToD@xh1vy-ETO>{oQY0
zr-mm`c02>>!7k`{HGnpysTv+|)dvmQ515;TpLvnusZ=Uy)LWsQ_~;LQX+8<i&Qp3y
z+(XSy^>|wYHty!f!u!nsh%QpB-G^SQW;_!ENJEN8CYSK2FLesKw!lubpyA<uUETZ;
zG%p1W&nCN*my#MOU1F6+RMO@{Gb!MR{<hwTn#r4SL~Y$&-N+Y%(+~AlXnnYkPQN`U
zrn8Y96<0#fFP`J_JoITQbR~ns4BMxm<w_C`<HT-+p*oIM(vrfEAF2Z09zP$XJDH^P
z%<aSX?C67i55cZi!j1#@Zn~xRO~Eb~nzZ>gXxG|d*J=Dk)i$M&zt3brC10Ia#hf=x
zK|4DOCY-rSzR*DDKSL$3&hD&6zMIGfzEIc=>iq!P2x5bN8>rKuzdH10R+woB7fpXH
z{fqUT{}9$`3()X%&?rkaBl=Ur6(zBzk^Wgv7kxebZv7Qj*OmTFY;WbK9{nTiB&9A;
z$vTQ9^ffvu(--OVnRTon=sLWnR6B8J2h}B70JM+sLuk6XL^aG38bnhl4Y%maRnvQh
zP45|2#5D=)v~NI*wh^hs!_cI?C^F?*gV`>L$+lmEb;S3B8W%0kLel|g>1PF(o3sy8
z-XKah^V1t((>s`MpizWqpkFr9KkF|CFuBG`9b@g&eXaBkPpIIN-yKdKtAn*BcB|p^
z!xLuuP~&*0E3#S?D{j}bu#-GQ7yb5b+Kd6}AuL>+O2Q`6p6y0uVvYU|`u92dXNarb
zCH9NP6u>n}rUNab0|P58FEHmQ(}@<?&%8C^t+VV*t~RDip3$%HHl5Ewi<W{7S{vLk
z1UDs-uV5S<dr)1*vu&Qizv*kR>8*5C|MPiWIyiTu{w7cl!p0F!wwM^)$qQq%vnZ0#
znB>@t)MgEp{^7OIt+het+mSv{;ka=(bU)yWjhX7|PBNqdQtk^-;0pH8u6dLR3s5g#
zC(f%_ZXD4)$<UpJ)o_%r)JA#s;Cf6=zxr5kX7|mvfa-yM1W!|K-~oA;pg}u{bcRR0
zwc^Ha(OaRJICPJ-Q~*y!CD~;F?L*K&nz$oery>*{Io#IWMd`#6r4y{^*CLOIL<j##
zyr%o5@n%rptdTe0kkaswoT;{UXwXuyrH@y?W+843+ANM~{XA^^Hf%jjWvVs-JxX#q
zkw|@zANfATWMx*se2h`jHg>+F*2Y}OhxyT=N5pAzxSIt<W`{XmVVM3Ha|?q;HY^2j
zx(ez$D_yXKjQV0}aRGH+MwT5m(60AsZ$ibCQS)D5Z)NU&Iu=~iA)Y6DLIg5t7ntpa
zO}-H=>g$)dH`~n$nt~;3*P)WVsQ0z8q8qHxFCkey#ZOsjzb3}DZW-E1S?}Y9jgCv$
zcY>@JW<)njapboi4^L)qxCPYH(C{Sav(S*iWL*l|S1{tYg&h$T1PlpOzA6qDYF>hM
zn%=`UkM^9{J#VMdq(o=b>?LS=iJc144WNBf5GcJvJ_C#ICPt!lpYDKba7VZo`0*}y
zdiA=ic*uN7zsjew1Z$6AHWM>NvU2WvPhhgq*->|EwUf}OZGfgbk#$kTYRp0BDNrBj
zVj@U62?rRyu(IH5e6~bqSbV`$aB4vpkBuv3!{fiNal2##kIHBcqcTo+*9;!yg2Q1R
zJUH~P2_AeW=EWhQY-f>!8-hT0mHZzi3>eJ*{~a*6@%jP=Kca>KgX{G+Zc6{2lHz(R
zxhVxI`SZu4^9-aHXw=Aihzja%jH|P=T;2GeVHomBK9uKi?`<V-I!|fgC8RsANZhpv
zwvt6Ew7s*fotr%=nIZ4g)GRyqwu4cf-LT_croxp`%l@3E!e;XM@-owU@R(sVZmAmi
zfYyhpC2j3N!m_4nC)y(!<4ieQUZ}l<OfY*NQDGzb<@0nWyrgt@btT#9>dykzXFs#T
zvn?9=NCF4*w+ij!m#~k&rG3!R7cWx|u<S!Kh4fQAV)D80uvzj)pl5^nnksqE%O59b
z<V)alQF|EHsTc)<hX?;S&>d13e)seWy>G-~*$oupORz3+un9Uef~CI57QK}Y5q190
zm3aX9WoXgPb6@okE=&uSZrH4~z)r?H*iq4{pv78}a|^nL&+{Nos+|9Zb`csroLokA
zV(t>C<k{;P=<jNmK_&m;dYZ2DnQ0ouniDJ>>V9_jN@&nNgg*{FkC_Em+xXBbxMWA@
zV<({b1JI&9%fzEF@U*#t8TI=ql#|e*eHb=q?a)HCw?kSRY#4%eJq0b=8`<q?tR_Nl
zv7ZVB@j`{iXbeFU0`WuaM?G0#RExYW#n{Er2kBHcT@+P6+Lqbg{W?*hf&ALzq5>RQ
zmy|YR8*Dj^$`XsxB}Y?{>G4^-;?2;Y-H#O|8hAyCCXMX88Wyg2D)Ja}j=Uh|(V~%*
z-YuX*sr==jFO|Fl^j1oJD4MHZgSEY&{uccU+7eHg&4M}x&6`2()kx_gt8T&1$oY*m
zKHcP+s(p~+_Im9*l`F803V@-~vz)lAwQ@!8N^Eb1b=unjo{4EF<nxcEP)Q-5T9eZK
zN@8bg<x1jCDwTciF%{I;Yvj9UFLLRJB53Ph!p(Oe3EalRLbq~N_7<)@HtD~^&%|n{
z^aU-&uuE&}hR!FD?C-*cb_b_MdX8lsU>4uzYtW|M2>L@5wrz)?`60a<fV|}#g1wPS
zepo<)og}NLu-M8UqPdOy8K|J{!Od8zfJzQY?T`WlRZ33c8@F7ArY}-R_R>{o$B9tQ
zOv^!&)`sfqNfzDH_%Rmn{Ta+8eeap*#zHNgHFy!DLpDZVED8a?5H1T=LDy7`+@uPm
z=JGvxP=!XagA%d_+3bE#=?h2xMmF+meB?Xpj{LM3`4!kjt|}}su1RZyU8kVwAx>0Z
zT&%;_&>ryywu^pUWmGQk0d8M_#z$d0-QhpsJB!7ox6`jaA+pie=}CO7`Lf;$P2@kE
z=hYvQd}N=1jpR&<lDYq;s2AxklaXK0=lpkUv2WCxL4Oc#$8xb`GfUBIP9lZcuBmWG
z3AX<lT0~)i2aIFV{qyJ45Oz;hU0!8}ijrTzGC&%|`#Z^p&#RaVjm2Z04rbkcnZEA#
zG40HU_2iT1R90H_6A5PQT}v+B;6pq4<3+s>%QW18`?LMQ02AJzy_#=p`r=QE;jCST
z&cyb1So?mK(6?4=hR){^AJ!q+@|U2ItiK3NN$sCFwF;<g>+;3Q6%2oGr*i);<f7}y
zqgWUpgXH_d%zz5C>RlCVuit}kYGP(Hv~_=eQH3p9JFF#Nr)-n_$1{2#Y?+7l`!CV?
z{1Ko~(H>&<8(^K*k3{VXY$ZQZy7ew-B=0$|!ulm>qBLjy65Og^gO=|AbJhHdaxolu
zrE--I98(?s`CK<0GtZ2=wE~AO!mUrjEA(4ny+(eZU|l43mR>V@PiA4C{vvcFgWBRq
zZ=d9`s~^+!R%q{smI?Ia{c2gP(gpBg3;8ykT)T@idl#Eoov9tBukU1ObuC$FWp(}6
z@oEuG+ArhhhAC*#l7W?AnSywCIM>U;T-y&r7nPr%YlC&<p>UaeF|)pKW=~_0)yUNJ
zQD`x7MqlNQ5}o{T%@x=}-t`#Pta*{Kg*L2>(8#vn)+F4Kidr3(xdKIQ)cqh;1pSQb
zt_2gTfn$;3zdnj(Px0Z;=trPMyAT`r9%wPqKlZ-I#8UiE+%O;K8|Hu9z(@Y`*fAC~
zk{ho;Q-vMn+RV!bQ@v}~5_HT^S)^Z#aKmzC8OJYe35t@h?+)g-gv)a`onMni8m=(d
zB%yT~n){%2sn)JSyV&y!B7YDM^P&Xo8(6MO4~}f`Vdn`fvBlhg$o`r%V(Uq0XyX+2
zEu8RhCbK~!XH@7MgC^}uv7uCI4TTCKCA}*$;r6G{r+9?9jy8}p7g>inxx*CB?do-O
zcoEv4Vs*-}=;{X8Ox0a2*&d=1ZVGLQN_Vfi2%9u=l)jrBxr7FmtxK@&IoNs{t4el|
zwM<^WORK<EZ5H-u`j6l)mANT9wHbur)+xAq2)1-%h&EQOO~TgfH65d$9%KQu8!NDB
z89GitJGr9|HjxLqp+o!5MEtj1^tbWazxB}HM({V{q~gDRUZFpK_B{S>#D6_Re>_(2
z*)QU=zr~&<ZB@VTqdzC>J^clI`cj=YAE7_qSMS-c;Ip4#&q9;-TNGr66FaJa)<N4n
zBASt-D4gG;C*$pIq3vFW?X(m|TdR0rVz~OvdN;II^rghU)+FjrUslwhYFJ=(<Gfi<
zp&Hm98kH$Q`_o0{zwFSHlyaz-mZ6n=AJoJvn4EhD66ZftRI2>8!EQ~hpr7v<XvO1M
z50m*MG-<DImv9`B@*=d7H=LLHAwN@8{Tlh_b1G~|+`2w-U+{uk(Tlo+NqkM$;2v!w
z942Q{u=yx-YR90Ztqpg|J$-OfAKanc4V|i%f*r(B84uL^LZIjsJ*#&oc41@@`OrBo
z4_2;1E7^qw^F9}WU=muFI0VU<sxQNO@~4V=4O+<v_P*{SS3yFS_|!5qQDq#@5Me)_
zkZJRFO<jhrB@`1{HikPI&sq8WS%k?|y_@)nyVS%EyoL>Af!-a(yTo01;_3*JCCX=C
z0~?kT_u`j-uBtH_L09bC=Txl8_p5YN>#oIdM9dJ{$&b(C<ldUVS6`tNhcqYd5O;Jv
zS~T*>vsLeIB_C7O3W}ajs`A{)+KMzsADXCGuYIr{o|4a;Rj<<d>U|YxB@Kz&RnnmM
zRmei(cD0hYy%pAz@3Iy6t}5f<4)VTpbb(sQ{|df`ro<i1iCbG?GkJljG>b_%jHxBB
zhQr$WEVO73x4}K^Oys6};hy0Thgdk_2J-)$S1XBE&>6lzfpyRSJD<;GXeEDrR=ukC
z!3Of#^J?V^9Y-sr$N1HtdKFrqUm{;n)C%zvufT4|m|D348%QZ}hf05?H;Fr%^$KmK
z<7TJm9^33&=w_c5n|%YhTTKkKQcR}pPbcoGdZ3d&kY&Wkt0G3X(_bG9yL;-qTDeNm
zYBSOZ8BWh2arvoAr%A4zQ!nEr-lnoC{w`gtR{fRi=@#<Bc{Q<@!r%`S)+6~?LaiVU
zvDKrfqxaEylHbJG%PH8X(S7k3JUrvG0x>!?a)wjAn<}vJFlA#OmnO0?@v8N(Nq-V<
z(tX%?*oRG1aMLnuJPbFz02>cqf_8HCT%QlE<eEYUkHvJKJ*QH_qh8aqba3BQ*r0Z@
zHKB+u7V&fE8Ma}KO;ylHI;zRboRw}QeV1U9_F1$rbZReDaaB#Fz`a?Z&kq%~a)m4e
zFWE$X=bTD*>lNbb71GW=_5Xl(i+Y7*=$(F!{-U45{}pH<?>&zNA~%pvsw&Qc?y(Ps
z+rCA6QoGiNMdAO)Iko1PT1dMJTS+?6t?JicEqPW|^(2Cbq!_65B(#uEomF8yDJ|1o
zy_NilN*lM3&(K#9C(*6qVGKVwC*$5$QqX;D_MLO8-bX%88|$xHB1<aWo118JJfh)i
z=hP)~TwQ`q<ew7ko%A&=q#2DZpZE03!cMGz5$gmc1Em-XUSic^xEZCBWz?^`@aIoR
zPOM@DRB~H)3T>zlb<<xi`z#@MSonYFB^D;l!Io11+AoU`pbg9%x>=mZ{9?#5PX;B`
zSRiO4i-*R$x3aqhcK1H+pb+uUZPIzfyXdH#EI)ZLiQX|4!;P9rF$pSZPIaMtH?tHq
z-UbFg)QZ+?s^5pRLW{h<lVyws&WTdsoM^!FyS8u}@68lxS=1t^<j)noTLQQ^C!~wb
zp8Lc5=m@yqk1Q@z@Bv!+WN`3vnupol+t}SayL&$e$81e-;Bofv4~DI3?LMxYTfs?k
zkHfkp9gF2OhTbh4@GxxA+F(7N9hy`UYcvW5t(*SoWBIC71{&qd`x`>HX=i??c8VpS
zkuoo?t6vOESh0zXu)AMkcZ=-qy?kPi)LUma6#;l`%^T^O`*a+Qbj@+1W^5hjWhc`i
zX2=XCe}X}XEl5N1=Qr+!Ws$_LlC?>;9*bH0j-lJaO2hm$72VW4)RGB-fH^B)rJF9x
zWFW2W#S;3+fNVekbqUm01CS|Hzc$iWpHhY0Z6oRQVJn&G1}qGS7C2DJ-Yk8f4^1_9
zAtRyPZ40|=(nyZ>G%EG<3fj|@+*4MgQXm}>?LotQfVZ6Ox^7a`bpewk18Ve^fEuwh
zD$-sN>C5YRC<Squ!)*;&-yQfI5zZ%HCdKNIDAq;j(r<??6*;M$XDKu@Y{0u|p0n^}
z5#diUkzU=;zW6k|+sf{S+1=e(yWNi?@m7k&(-eufa>6xLmvG&vcZKBiO&pwL?L`i*
z>R~TMhAq<mzf5K;5&>j+B<*?^;$(u%FC&U#63G&?hGs9-A%H)O5<t+#;*^5Y{RVdV
zZvj+dX9XQ<(1_uKO8)UNUPd#hjE$adItJ$9Zop&;(8&{Pvd~HX<*^i&wtr%c(DP<j
zqB<Mtg3Zze+n8cL@oznrr5!GdqxGL=`AB;5GBjx4e7TDQYc=wxk6rYAe+hR;yGEYE
zqYD1dV;8USH(XewGIIW%Ga)@+s~?fL>pE6M;engDtGa__<dgQGt^@vQXRd$d<G7W%
zN4oi{r&UnNQ|l0#xA279o&0kv|Gd4<eHZ_{g%>$*B0Kd89&LgN;8S76uMzR>Jt;W0
zgvsGdCPS3}U0;Ru8V01jQS~v!;u?ALT1u)O;x4ULs$~C_uY$UdZl6thUmL(C=5EO9
zt+0(eud;&ASI()>LN&RYSit~MhW@xloC=)ORM@E{0feFSbD|xqiSlNajByPb$$zIJ
z;#1I|`LIsE160y+g=ZQt!bxm?;xSqWZq4$+VBEdF)CO>q7#<p&|7tC-oE-zro5Z&}
zQ}C+G(4>8WMI>qDSI$)cI@-~G(8m9^YpOQP0UtWLIF(z+eRX}%^hN;f7ux6m61}a7
zds`E)XuSk$NlCv9TgkfaOLziu=^DRDQ9=1P0znyzW_`>5`C$eoJ&+&$e0yxt$VcZz
z5`zBdzu|>S-jYy7_ycHU^Kw`nJnDN3VtU(9ReXnf2~_gWYK&Gjo`kjMp>YA$eiXTD
zBhRb(r?YC!xBpjGGq{t3fREyCI*OOhu0D!SBeq^Vw{lDJ?FJuOD3N>@;!U4^DFr*o
zpDBsEsYZ0+d<r_qT2{gQOiH+)H!oqGi@Wrv;1(SVbv82*sId>$FF}ib1ey}tH!vSO
z_kC}#pr>r}dD#A{K4^F$r5y>XXYA0_#O_wiFMsyD&%gdObZG6f_YSAv7X7t8k`rb{
z|3_Ago8^RF=B;0Vh7K{j<_c`nKC_HD4qcl1By9N*Y^VFAi@40pL?vUErMg{10y3jj
zw8Wjv*uCTF#4o6=iCbIYF4CX4O@&)dV7hyjPPzg+{t8)h7Mh5c680=SEaM97IMN55
zr1>H=X%E9Ttqq#A{}&zAT_^C8w%+nIG@pj;WK$nBlWbq#C0NG}sRAs{t81OGYY=wp
z?Qrh`+(ycm=w@%@6o_)Ad)lA}Es`JSOzla2{Km&bTumEo(G0!MiAEKC48Oh+_C7B?
zdm`T16!b(odm4H*^&;#br>^RKmlCgTy_|S;Yhq`sz6{&bu%4XKyI?cfsdqsqd0ij0
zk`^DfllJTt{LP0ZJm|P7vHK=yC9TU?h+*gwJ6z<JCt$}bDQpj1hV2?@rTo|KgRU=K
zfo<2ID+$~Bpn){&-S7%>O24Z6u>J|X3wDt1tlkCN|LEGX-VF`<J+O_~%TGZQ$z6fY
z3pfV!1kB34ZhN`{J4pNT#md#}(z1RD+Q~c5FGEZA>1Aj?3|q<CZoM0}k*_NHCD=h)
zm-MbHebA86$Xm}ZQ%VfIS~Ki?KlDBich5ruo^G|Cd|sg&ru!=HmZcOlkVzckThUyS
zT3T9yM)Ii=-A&(ZSk}9Exia$Bc{LEm68>e_LH>B{C5+;F(*jFsX-s0o+aX+rS8?Qi
z649wa`w|w+X=H^pZ^f@ZCMxy6>Pcu>4$dZ}d*c?~V2ic^I^RpjPUmxzb|Y+g9vZZT
zAo5Ek-)IP<2PznRN{RCJN)R!(HCgNKl^728oR53`C#o+3T{JZXTgkN>C`Urr^ubng
zci*ypDZ2z~$$u`R@urhJeS=EjxHGl9ymT2_$a~IT1JIsDq6F<^K8xG^zm`?Gz$UBH
z^hxfQeU4A_xv<F_gLs=8St8|)J{HF7rBg~m(=hbj4^7(qlvaTowe`Ho71%-EbA!st
zxW0Qqg(eI_rF`?vx~gZFkwSJSj<@10nl$pvf+|}4qOM-OO22zS1Z45ZoM?y{UGQgb
zU^G_m(<@7t7&OEwB3sFenyO!AHUNq&!VEzFz7Xh?YsuHvEkQ#CHaxWiTgiLRslI;k
zA_BUCfWEqvxV=?hPV8*G3fsu{7AUpDWYc!Cy$^PfA1MA6y^^>KGrLZwpi8?E8sB(X
zL5WCdNW9_;3QLOlC{epHQRrI@ib9lc{<}yNaxF9SbF7gmSH$EsFfZ|(pl?!c%md8d
z3<rE@ECx03Kzkkk{4gar3seDV@S$l6Ze`W+NZE(mv^MBE0&5px3puj{I|pD3DN{Xr
zegoTVS+vG%;i)i!7-K}`hk2whY$qnx+Qmx04+}N1<uXg8*T{wQex#CXSTt`l|GZfQ
zr=X3CCFSKSa0g|G7HoM4ZZ5$=bmZTR=>)8<1e}B$KMtT>;`0=h+rL6Tvsm?z3e?>`
z94LYA!CLLzEPqyeHw!KNGS;3_sYK2!Xzjv~MjEcMf^BfKwgC=JLzDK1b_qH(^5@D@
z8&#s&Nus228Il?~rNW6BNDje?6L5gsnS}jQa3lqtebChlH{Ssr+8&e|@tDQW!#0g<
z=O=SEX=MK;ltG%&hraF#ilLj2z@2AcCn-~gQMw7wW!&LI^AP&5D3QGrhuP6h*Y;;;
zRd}@zn@J_%!;SR50uAKN34YF(_98Ceb{}?J#Dbffd5S7a4O^G$>VhWn?Z=nIk!+Mq
zwY>q>X<6vg+F+*->pl=MsgSm1tccOdg6YZcDk`2!b`@FkU9`;+xa%-9Xh)`CH<dJ4
z<@3Fo3a@-GbZX>t>e2=r#};OV$)dpV#d9h&eMMLxZq(j_ka@LFDP*Tcep}U(ST3l~
zf`J)!aBDA$<(n(eseK-ky-xN)Uls;ZunpZVR3y5IG^iBl!z#QI$GbnpN^PQs)NpAf
zkhf|l=_~I!3_VAn<6ewC>0xPKJw7URl!Wf^;m(Wnb-!`$BE{xD=+N$ggDe1SK$E|6
zy+SqKD@tMwT%k?YUqR&Q)GlxUyohqEs*z{Ut+r8a)5wde3OAFFp6d>F%qNM8EBN<k
zm!X^dk(z{-X_gH~JN>7}uW$Fw!bXk!EP>?#J1Pj~{v)vCFx=}y&j~j5$KYN~h5L>`
z&(INyiuZ`g_gsvDB7R2}mJn<$S_wMHXU{F+@CNAq*+%?sI7r+q43JGJR;*APfP?r+
z3@P|Op^@$-3>QvlDjcAneSoDbiPy&}tdgcAE^R_1UN`oYV71f|2=aHJpwg+0aL|8|
zF38)@sXp9B{zgT3{UTe0czw^?H1Z>rN)t;6dHmw9RMdW+IoF5h@VumAS`GOfRTTvs
z8Z`YLP|5E-9@MhlT!Lou>m&(n<SUPN%dcpY$Y3*ho?sNn&(2liSn{Q_*MTJ;OHeHN
zgR^lgY0$_w&h~M;X9?-TUF3)ACFne&FF_Oe)wApe${04DfK6{ens6I$zV_2-$X%;F
z%Tnqtuwtn-8*9rHw*OIOq;fz>ths?SF4K>0T-zH+Hp{=JtFDnBDoeN#RgFBi>J)cs
z<SRJEPX<%mNxqa|A(MY{R;@Fp6zn2@oKT^Y5@PbxbGnbO?7&!beh_Y_2<lNa@{@2N
zH_!J$7kOhsg*NgJXS-{Siqg|A@?-)dDlS3ir?k(Cj()o8jJh=PGu+yhU~6}gpQ;RW
zYf1Vd{a~P5D?qoFf)0-nuZS1Da6K>j9D?riIEz=}i$0S;D7^iA3Od_FU%wX8qua>u
zsXlZKKpT1f+zONbipmbxRZ|G_4)US1KA!V21GkZHC9vMo2k?wi<gIP6`LKBSHu5J4
z)#th4?>wi*bHSe`RK)wke-|R&f}8ulO$DzO>ze-?7wfvzP{z6SY0ZE7dE}|xCtwph
z$dt)rBeAm(N%Inh1Aum<9q>S0au0Irte%37o1oz)u8Vvan%Yr2r<xq|!#ssT#myv@
zr20;hGUHSQ8a~+8)<&7<jriOv=|jSE$1=jNK!f%tk<Lfp7HvJ+spl`lU0Np`Amt?7
zLe^5AIEV$hDaPE@2W^xN-3=WoG&~$U%&jHsE+Pe{+8-sZd+&k1U9k5E>^Y21qr14;
z`6>#QZg^D^_VwWxyLd1x78k#na{L`+FHUE;0zmFvhF59raAy)4?u9#t>0eZ+PGWS)
z)?{$p7X3WH^f7vQJO2tL+K0Q~Zek=WJZ}3=tsR=~g+?k&jDt!Zs2@JwPHv~9_^V2H
z7u-Uou>SHqX1Mk7w8V#{j5DIWfOd0C)g#<zM3S%_s}!?uhgqU-ANqg^g(m$}xp7~G
zTb`BPfg<C>D(vBkCZAXno@S_GeU?-gG?NdX?*f&4lisl1_}=sAV%EPV{awOMIaZ!5
z7cFC8)=JMQX{S&u`Buir=WI(cjAD7wm^XZ9&a#!fW6yNqpPcP0hA~!NG{(w9wr?DB
zox()!jAhWTu>wNQHVRfDT`2NCidkbXR!-Pw;KyF}b;&N~(sOysIBB|b%2;{Ob&cbe
zKe(74va=5TVliz@_)c-iw_MZDIksX?8+mUwm-R)@bi+nF$IjUJj$3}e@4I`BT3NG{
z_m#1-F*GtTK6s2iZDxAdM=$%>!#?)1kA1w0Av@;}nCV$7b03?Tr({gu?7_did=zs=
z&dyi?SSC>Un>42fZQm^iZ9L1(nfcrq%jI9$hG!hjxmMcG&0CWQ<)E$aT4sR`IK@Yt
zc8s)>u?#a~7HNCMD@{AutY`V2VvLoI5y!SBe7BVL6*HfA(%F)oR!pyKr;QoQHnKUp
z>fQbMoaqhD(}6QsQ&bpqT_@7W_ubrd$&dUnXB^8r3lr9(CCg4*gLa0EKJ6HGF>mJV
zw3W}#o35vfl_xAaGj4el{H%Be9zbE_?3~Y_p-lCk95zn&kBtqD95+Trj}A(2KWP?=
zIeTWr$yhPuDhj|3?=_|!CvQyWY^P{s9NR)FZrEnQ3Wn=inNr#^ti|fSCw$ZO85Hbk
z!?ZJOKx6&m6NAQm!=nQyg29~_oH8aR`zHq}#BtvYJI-9GsEm~#Fx}DVN366TjB0n)
zuyFnvCtWI7wr_a!y@o|!EJI_gY)lMJ8sme<21X`>Js98@n~v=WI9k%G%nP)^2@DTS
z4vzN^8xsTl!~NsN#N^cQV02%wc7rE}Ciy%k248b(aAaW67@8bB$!9uNK4s?+^XNW5
z=C}pZSEikko$=C0Gzvw-D@}W8H&>*1bTpUtjS*`>jLA2r!*3UTh2o_#w~%35(i8i5
zA-ak8)uIsL((!q+*$g-ti@_c@s=Vpqgy+D(7z5khOwKDho+b4;WBJCs<$5{CHkkQ_
z|L7MD-!<t^F-pTbQ;KDS&I%E(kY|X;sM%@LwK>Sb7cJy6{;YgYWf6X#rj*xq>Oke-
zz#yw(V;rywISOq$_x?=AwLEX!v}Y_OXM4VBr!6C$H$9K7@Uh|1)8X1qO!kjY8k3_Z
z21k^!@~~si82#Ra#|U^9XQKG#j6n%pfN=9>zGNANlII)KmSGA2d9!Ab&b5DHU}%Wr
ze~46rBS*z{VcirB&nWp>qi4S{Z7HUmo^@O!Z`m^eJp7_zTMM<p99b&QHv^y*EPvL?
zc(tGM9yM~5D5WjKwTf1-67vRszawwkd86oB+1#Sy<qE~TWz1P+BkkBe#ax_N|HxEy
zM^Tz5kvp+jj#~6XDZ0*d-YOW3QcF{~FYl!11OY`7#7L-LG%^+vaG4AZog5n;8W@^1
zj*bqTIypEp$ybp<SEj277lWe4knLM;(Y1Wboj_n=e@918-8VdFyyn#C<lxabZD0`K
zb&@y=k2oi-g5#DI-=#3jQO-<dXWLrz5m!n%+uze`2<C@Gfl@uwEsOocMrc#Gc+xfF
z2>0N6b*B}RvLnk=Tq|8-+t9TNX3h?G;_$&Ln#!2R;K|YPDPwSad~}?B6JWc<Pv#AQ
zG&QJ3*d}e}O$x_y-lB_}&E+l5O6X(vn;w!*&+<**cM$@CphS0#;O8DA@bx4hO3;jb
zl&mir2GSmbH_h3;acKX(J$nuw+81t|lC*J93d=a9>AV>BaL;Z^E6wy=&Ym%{W-f1K
z0vV0XQV{(K-!%sEmg&YAI}VF4z2RAY6`7)+E@R|DpA(ip<XZ(LYngt@6;$t-<)>$Z
z*9#;!1{~WrbGA2mEEx4c!*|PuWoIZUJ65vORLDayBqC^VP94Y@If~l0nP-D`Ei+@x
znsz2{xrQ&(njxD?w5Fe%&RYyIy;8w5b}t%>#=K|jR!W{lX?vQYn6%xZ1aoj?a(pU~
z0YajdF1glXnvuq8@NteEQiOi*)a0>){dR`R$_ghcbcaYnAH}(dIK;O3-~)prlaw?p
zSms<l=lL>uqQqi>E_d2Nx!rVKvn-J_Mt};GfpQ8EAt9`9Y4XAE1EV98ydBB`As$hA
zoUiY=ne(iEcg8Oj^VX0(Z{~9urC?BYqA+4k8&0K+`}&Ut6CFdQ&hRen7;_7boiCg2
zOxh{gGLaPIgR!ZId=+Pn0cY<yRJ5!)CRcG<z=#}Df`ZA`%M&sQE`~iF@QB5T@S8Sm
z$IhkA{EFLnzaiwyblIPE>|iTXnLnRpq&dSyy|iiD4sy}7W6#F~RDN4eYB4A}JDz0}
z*oHtd8rz~&_N~IY30a<@Eho(xww1=ple2UKF%}U%*L&a8<e+h4Xyhp0ZB_<V9?v(^
zbB6B}>#PHZ$aE>2rHdg*n_o1hP0vzX$MKDH)(vHII+_U-=OjTqYfPKzxd1qP+FW3b
z%H*;*V-(AVUnp|%RGBrs*&h7cE4_@deFb@ervyq_27yWO;=ZzPc}%NCu!${el<bmc
zWqK((<~&)*oued-ZLt{99We9x5vSjsQO3$AolGfj9ksH?eP$qe$}&+t0uxR)QT1Wq
z%cXH!rTuVU1bs?RN)$6HSQM<nwB>rWkt~!g12QJ-7WMaA5AHWVqQ3ScjAfO!?(@Ap
zOk!Xg)+!YJvVkP7ntdUwVciK$kjW;Dl8BW<_OW1khWDu9<#Xwfm(Vx!n+)CjAsmMa
zMaRXLaERt8rD5!Bf}*_iZVF?%WfZ?q<kUaZbv#tT>j<y~6bZ`)!~Z~@92^-KJvuaU
zoUTzeZ_ap1#$x@{;>&TGG>38r6I-h#^l->1YbbdqZRYu?{i4Ce7-wbrmUi-`f*r^y
z)$*pbn!eTB%T^f)mP>htVOukXGjF-syt5F<nr;C%<KSZ2Dx$$hvXpSedC<-bRuOl;
z|5wqPdiDg{y^7rndh$U3@TtM5+OoPF5ek^)d?-qyfVv7`dN^QwPK{+{n^WyfZYJk@
zilF&I9a(K(?sLrrwo0{#l9EF$I+$Y7q%s?oXD9>d39fn-PsnfKivz}g%0^N<Op%Ih
z!lJw(=8RBsV`~;Jrxh_LG1|*;9ob~Y%3FbgSD$$7qZo-u6=!+!FnKr5^dqs2$q}P^
zla*Ls5`9lQ8MdF$D(GA8v7DXrX2Yc~WvSjMZW#kCDW*Gv+JiIA7@+8ovAh5-l%7x_
zD3FYMBzYe3h?zW$G*woNqT_`_TP)^t>71{a1;eAFG#?^TG>S&`6@iuXXUXDHtjj8T
z4WX?X27SM2OPE=cmh7b>YE0vqlP!^wEi4m2lbIhPnmWZH-||A6m_#3hXfwE&HXfjl
z#*LaDmBIoUmhC_<XV2uRf*YvK%2;`%L|LXWWRFqlus@UGy^fb`KUc5>;|a9>{>gr2
ztjt$`)h%k^WCJ*$1{uXgH1jyqhDW6s<@m^{u7REdT|K+Id%JtOdUyBs?C#mKyKCpT
zmFc?Q^!X3FdV22Y+EwsNwsmC2vMo24?%Gu_-Sq5{#e@5I?cdwAYo=@0=$@`!*#*}u
z&Ufv~jtvb2fJEbey5zcaAIf}vzKZuu3vS9r9gvE;woL)3(*yVSk2CQS*=F8~nn+fl
z;Rg)5LmA(R$=e0RE!mdq*4ytAP7m)hOs=(XQsftLs0y>}a%IDw=0=E&g)OqKWht)Z
zmt5Nr)`yA7@xlI+s2DOfR7!ij^v~WZ1FK*%$A-oyCM9#Sq=1C4;{)yOtulH<iHIcR
zh1!HkG1VBh%z0~^*;D2%r2FBJYTA+lejxURS1RzuWdw*yx-}Ly6mEwo5Le@Rdqd{L
z6|tjMUXrnf_ZgOu0l022?DE6?LnA8~wfC$l-Uc!NV;p(Y^9{5;899mKa7%Dt&k0>U
z1x{}TsqR(K8sU~DV^D3Aq+mB`$M$^VjO98?u7FCtYh}668>pVN4VM9{g`lX@f{Av5
z%m*~fA9bnTeA;#F8RmjP(b%>8d0{(|c5IpM1jTz4`MjC4JxM+cMo<blAzQa9qi=v!
zaqBPNt1hFQHDB*51*4ExydERxg)EpO2v-1%6SlKp-%rWmJw?}%I6_^mSqMQPX3GYM
z6}go`(Vp@)FP+PA+CO3zV$LwxOI1@v4b7`_QNNU6-rQJ-ua1}zjflK8={P4%yNo=|
zV`H$V4X-rqyQXBrPR}}2?Xjl~bJ}zAB|nr&7iKNA(;cHK2wyyBnpq99RF*R`PS{a&
zeIo8e*Yk6}6}q0#3>7R|&VIC%lYF0cpexT<e$jP`wV=(=Sg3Kw2Pch*p$7*k8qRPu
z#KuApu1Sd`t=iZZx!WJPI}o`$NU1*M1yLJQJ&fA3yA}^}1HC+EwLPd9L!)TXC~-3g
z@>oN-Z>23u0l*EC#=@*AxREjBO_Zkn&@Ngm7o3b?Em~=VX|-v`STNl}sTeVwqAyIa
z28u;F&p;DhKr#Y<VqEEu`uB}oM0iIxm65a2cxp+u8rgCY6Z&ho>Z?6F0;<Ybd33_?
z?4p~q{Vbz#^Oj2qL^^Mou97zM`OqBAxQ{VnEd&dQj(E#|0EG+1S)k$`vo2(E>F8Wc
z&r{My(RH%9yyZ+k5`d+Uvx8ke+_Sd^OOhCOHt#sDk;%>HGU0YZZ+OTua-QM4C87Ec
z5A{!Q`)kq6xt>BvgOT<GqH|Y79UPw**1v!{97UJF39G!|xEU`l^NwRwJNx!JZQY@O
zGFCPwr^W^;yYj4jHh>Viu_P>;TgZ65O2J$-xGi^Rl-cK*jbDg=LlegMVE@r6uJ;G(
z{z<BZT3+aiijv2S<)vNE@~gZqaUY&ZWmif#OfR5e%3MzP_D4oJ*y->*bKYXRQX<`<
zFgI47q&O}jQe2l}l?YMc%pS2X6EVV>UYgP;*YceFJgO30`x?)sX9t`D9iqHvaH%D`
zMud&Z){W_$N4r5VvT0KSa?&c$1xCN2MA#6G*xzD#Q8ApN`Dn>fvNprARrHfXR7sN+
zfQWM%M}X?6uw)I~KPoIS_B7oI1t(M6ITqT!?i(NMKY{CjZg9jChWw$2!>jtnmkjJ_
z$Ici|nkg*laCgjE<(OU{F;&G}{*-_Q+ndph8V|GZ1<5cqd?@f>)f7T%gfSrN;I2q(
z(F};ykbNJzKM~1iIFe_jNG!hFs!h95kEiU`LB3PUGW0GO87HlHUha%#x-*eIB$=<-
zo2JXYB}|ABIB>g6XiOL|PT6#aNHJGbOhd+DdPtnvfKM`!n2q+-<guRp_YH=oPuV<y
z8Y>s)Pv`vEqanc_K2STVMhwqi%@iv{aLI^3Vd!0#3@NyyZ|1oCjQ1!#8L~-nocp44
zzEub<HFRYoL?PaVAF(ith$VZP@)pyNXo)Ncu9UO={d)}&cXPrjdz=BLt-Mgu0}nPM
z6DMUVF(2V^b4I~@B*rv~uH{*_FF40a(sD1|PoAAC7OilDP6SbJtOF0tnN-i<fgjdl
zn(v0XaaXcUHlV?yQJQaDr(oYJZ~7c_SW;R+d8T5zGe*($JS$`P3$o{+wogTt^XxgQ
zmvCl{lA2vAPzGkD{lJn{-;&m|x7vw_6qXTyp;6qQ5yWL_YJB$(jT~PwtOExryaL>w
zmh-~#nFYgKFmt|QTMI_PT%^o%-lEzkN?H-)%$z~rDQsT@X3?X<*U`{tQMHgU`GT!v
zJqvu?I1+J)Q+CK{8((-Piq#isSa<S^IoHluvDMfkqlP?HuJ~13yF>aJn1|^XOwL5(
zQb;LB99d0fqpE3w;mVF9QRoPYA;B_yIY=UxF?R3CREbSt_*P_6=vqfJy==Fc$U974
zqfEx|6=u+mhG*e8xSCj^@1RVP$5Ek5NEvaJV>htK2GU^Bca<#F7nyt<gfPV9AylZx
zrj8Ge7~_MJr^ZJ@Qc76@h7!)?ooO@gNfrue#h4MCtySJJ&^jGK>@e(1*s)hoP-5uf
zl>B1J7m+7Q!SM2q?<vfM*DFJ;PV^j(gqfLqb0(NuuuC0R7~OI<eN&F^`A18uu_{i2
zoTyZc@?eg_7In9b!JT>;N{UU-Gbpc8*dx(sgt<s4(D3dc!ZonfiHrS#RJ3Ar0P_L#
zM4bTW6B6QnR9iScIB5(IjvSx7zm}aT8m1ya-FF<LVA^F0Tu%})i@qDPlz8$ODD=FL
z&2T3iw@S$7uHg|Oy{=~1C_3m>2pdv0w}xpt&Gc!ef>L41v;0y~tVWS>6{;hmF=VWK
zAG#UFTqo@bs)0l!6tRXS5i5ipw^++WXRK_@n%=D8%K?*V$4;BR9I?lw6v~Rc_}7*U
z`!Lp>Vy*4?hEud`3z3b7VdCx$!hoZ((IH!pSzG5L63U!0UGh0SGHu77r2;DN1LHm<
z5{mILC>_Y-6aoO-GXf8oTfpeq9lP&|-S@`s_r&fG#O@Eq?hmc%Hs6mT74u9n-?>$c
z1sx(cU`C93Zq5i5<L;J~#9}_a-q`$mWApEg&A&G`|K7c^`+c$d{jvKPyn18s>OEAK
zb@$Yb-d;79DzI^KH!?;r$}!t4z@mzJOVW7JSzzuV(=%)|<%M3!TKOIIEnz&g2<`M?
z>~_sqr@BV9h*Mh_OND(u0?<9N1>Li!)<azJkffK%K*8ZTI%Utd3Ot^V(J;hODX5bZ
z&WN%mnY5VUI}mIPD=-81Pf&72=~ui>xIVE^R<?#1<jNjm-kmyjw0gY%WDqeKkDsSf
zwY2)aTe5`RFEHhfOKv=7O1+Qjt;bxaFzf`#DbyB8n44#eI230l`;RNGZ)9DkU`QfM
z{g{XYahib=9mcw*C38ZtjLv6fyown+lm!nN3}y#N;kZogK<zaYZ0YYTe=Kk^puA9}
z1&oXy6<QqaUx=2t0A3mcFCuZkl<yxK?ms@kM#s2!80c$H^Nkmn{UU6(PGlk%djjbr
zj5eRO%#7<eh0wMXL<z_tXLS;yPFQ8h8Y8TTROyiS>zomZ`IqhE!+ZAEb@a;4z_epv
z5T*#R#mInASQ;PfKN|5%M~DWu2T}QIKIi4A#FAFLS;zIeO177qv8_y3XzFJylIa#>
zWs#GVWjh?@$m_G4py16T{AA-bXIlk1HZ&65G$*1p3#L)>tc()H0Vzdgp4p|PZ5hcE
ztnUrx60h&@@i8ino~{Ve2X+u?Q79&@wjKBM)Q?xl*`DP_Y`J33VfdFPk}7MxpgzZ&
ztK}t5JLq`yD1>B!<rfV%m!3@vi?q<tc(7751#-Z_>>}S&5CeUu7)b@d#0bA=<e~;P
zl=i1x%bcqpi8SJ@Ze9waWw=THJ~KVXh!YEHlr>_CxUvnCyU|WMnOrs}LJ9gureZ!?
zhFF3yIn#z~Wz)95y7gvvIv-|})yD-nTq+W;Z&<ePmRZ=m5pL#z(UW8S1CuPShzZON
zWvdi&4@7kO`s`qj6nTkVpo6xQv;BjHuax}k!I+L87=@^;!`Mh5nCEQ6pN(ZuDY2Bs
zKxF4Yzu)wZ@%)ewDFP`)+OY-GcQJ-F@8^p7GH%5%6Y7D%@rj|)5##94_~5|g&;x^<
zrpbYE@dT@ClU*G56wkt8Sc_?v+hia$oGxV*!=rzB<hrNiEgOZJdDAr<k<-XL@sY3%
zBnk*<&RT7gIr1^iK8!J$i+JSb79_W1eSKiJ94x)6-Wj1#ev!FO>j|D!c{)`lHHm*u
zXX$%`FgLcV2Pn#pSPM!vW|f&Us4%1i940+$x<P83955Qk;u;n?5#e5yd@SKs$Svbe
zP(EUbN5|y4>s1<<YnH1FER%#eJ|d|W!+Q_L<2dVugiQ>c92*{tnYycehE$4Nec>bV
zhjYxj#4<P1vn6{@${MR9aZvghPcmj1O%b#h8aX;RGC4drF;UyZ8wfpd_hx<Hv;5$E
zfasX9=US$3g?W3&9CtDZKj85j#u&SyTFFt$v(s2N;I!#t8e!43<|)@j;g&h1xOj_j
z<*SNfg)_|rabZh27#dP=b34<INK)5{oSlhh)`vOqS=X{KKNLHoM13^$5eXPYQGJa0
zm67AI&BVAL67M;yEJFCt7#YvUfU2yJP-Suy#@(=pku<_kDX>sSnOW91q!i4EnG%7^
z!yqOsf50rof~$B`Mu7!OqLl9Cq!2o$;lv_PYGr#n*(|0c<D4Zv5yU$QXDo}U;!?nL
zB*mY0BniisnJL$GJV@#N4B;rP<>3@;TYJj1<%!ft+;5bW8NT9LI5f#7Ry1>NB-<6g
z@L5W!>-iC1IvS@KAx1y6@0v9%fM`lH3)QKe17<$o+wabJu?;s8O%IdOU*@Vp17tq~
z16D++oM*ctO6wwlp><+@vvRh}#6bVZNPzjpvLOZ8^Xv&B2;0-4AQ0USsQibUAvESQ
zyBOu8b5_}NBvb9ksGJB~TQl4vdoM$FDBRXmuJw$WG#1-98VR)s;y<_t0O>>RsLl}T
zn4wL@S!q><_tuN`rOz@RBy+SnEIn$>8?K>NTCU6Zfn;k~!IC6Kcc41Scy6JF_l8FW
zMHn+CT%nMbiLm@^&dx+Mpjc3)q{9Rj3?#mkx<o9YQPol8Lo#zG|B^dad~=$U;_-+H
ze@-qQlcTynPXRlgo44$Elu|G5Wz5$Sk24BdvNKjTXHx;1@`2Su+5^o7i@exg-Le=w
zZCpg97V`Z4IgjPc70ZJ9MnXnv)ESU#X@ogTbCF^c=rTf&I(nnB29K!Vd4z^nO3zj)
zfPwr|y=7UBT{?_fW5s@WrdJ`4QPW%j=O##nD@pPq)&|O<T57iMn%*prSuyga&#bf}
zi<&#NDGG<QbDp``%nZJfYqPd&l89BGsK2iJf+8bhWn*CU=-{c5p~*=0T#)4?l8Wey
zPT?LKv@^0%t@fl3)Xh9b2Usn$bzoSD#OnsCUu4J6@l6v>mhPsaUq^>9c#R^(aPpaG
z$N=+*Q;pn<Sq7xrs#Kl1`hKLaR>Iz%eFuAb_8ttFqG0xekCs9eq;3(HlXBRT(X&^&
z-X~q}XH*@Nw^5|@6l714N?ArUZ9)>m%z|a~#@A-$oXxoy8KwGFp=hRkK0nzN8H*#3
zEspcD{e}7H8Nx?meEU6vTbnTQp6O{y0fSe=gea=K*3)0A^Cs!UOT|ph$evZBGv<sC
zUWOs9inJ*E!^;EV<v|6@cSyB2YCEBEO#(A8W$J^hG?<794Rh(Fm^L1r#;}1Rm{c2N
zU^r)6F|A}Yp0gI@vaeQLXt2gs<jky4jGAnQd#Veg7<tE@iN(d1(A~wU7b9&2G&wob
zk2uqhpfT9B9xdfuD-(~65`_h#=J|=i;bWKwEyt$UC5VUU<_%P}Ai$p+lvg!=9IU2x
zQb0|;Bwo8zpc)9H@htT?NIN!NTxIk?<gsPJT#Rg-NLC!*MXVqK`zY2dol%`pRX4&!
zEVC!4h47ffs<c!VauVpSvQv#a#wa2W(t$;@zGNhlmWq+(I1`v)evi2AB$Bui6p#>K
z)G@l$wM!mw%?0$ZNS=Mk>xhei;*?_gzAK7qaajY?e*z<hvcR>lS<B2Qfn5sGSr9pN
ztM(U*VWjSG;GU<G3nSX5G5$#iwE|huN+1C`lAk<RRXJ~-rQq4qSWqNVWP?(ZFbrKX
z0n|4y@5eMysfv;7%i+3Ad-P>tEE+@`*7-u;<5>AV)3YS+U65+n6ToH<H~Q4bNb*<=
zu`~UM>CSK<M~cnJIKyjdFt4c4r6P#{SUarR?{{isU~*`5<a!NqfwdyWW4T4Y4v!T+
zJ!$#Ev5kz5MC|YN^6M~pyR1aY5Xs8&@fwD~6>N8$>Ilz^Fg!@}x=#CitZ0I~U5EGV
zlNSN$nN)Eg8!uTGi*LjPhlu<b&E~6_nKie-HZiNBqS%>S0i#ZHTq+k8Dls8bvYVi>
z$mdSV9F|mKTXJG>5(^cILUNKfP!1-GB*j{;;)u=59>{sj_fpHILh*G}tVNK4<rj^D
z>#!|+dVDAhhG3MzoHuiMSzXE27eC^8@KHA-eQj8h<TzRZM@*4BiM+^&=xWzlZHPh#
z4f1jY4G~n!<sDw_H2ylDXX8=Ho|jlLJugybWj@L%;vt~HOj#7cN-#RW9r{Knq#d{X
z3Cj=b-PBQ#SzWa-!jQ#Idtt>;)16@(CT5)v_uX;s!3c{U$)@u;PDeba<fbjf!`N92
zw3khKOyiB3J?E_Qin>(H=CTKi@|u!eM6xXlvR!S)X95Jr1qE4t%)BC-Uj-SI6tIHu
zUd1G=nBXoI3bo??*Qml1%J6s>DQzd`W|ktknI$UEqpTemx0!K&l#6gY3D#ObQxHmU
zISLpr;ykB%;{N>y_UzevXm53#ZFMw!v}%s+N8@6{GP1rDBPfLj8a=&rjm(25$0nz0
zXiIg)-h=ThEEa^F%Uen@o_@)3jM>*h%+2RmwNOFu_lCv20>wX~cJm<ERe4opr&kr|
z352759(;Oibogl9s*^~soR#u#>qb1ps$Rv34GT!E$`hk%P%bSCb!g?aqqWHbZ#I?S
z9p1dEI)JeBSO4G#r8F#FY1v3|O|wRDnVjv%*il{cW2DXt*WjW88Ont`CQ7IbA?chq
zFan=R+f|wd({vVGvuL^~g~v->Fn*CY{hZyys|KV^Uzk;c*l15qW?+ok6A)3-PN+iT
zgOmNotNi<QiXTMT38$J-5j>O$gV=8jYr(3Iq1kqLKhOM&Z34+wpLPrz-AmPFcX+IN
z#3vRS0JwbiXvsl&t;$j^$?}n^T3A4`Sn{j!T&{RVm#1iDj9iTjYOW)PiOskI1t){h
z4g^Ljs>Ncg=c<xdi>@`Fb4p$`G|^k3x>KFXB*VRX>o_>-7s=Tp7sx6UnY<wtoaVXT
z$1NZ81jD5&=1U$9ovMWX>g9L>b8S!#u0NAuy{}r&1mm>jsEoQz16x0<JHkZQTt;z<
zmQ7b9K#w$v6Ee8vRJ}TN@1tS#b!xQ)5oS^(YHe2%_Q~DPa(qf%3r{q{DHifLB0Kx!
z{%Vw4iH3#L)r=3KMM<ubzNj$4#Z&UO<B1}zk!-1`Q5hq*GSTf9xs&l)8Z^cm#tT04
z%44+xRpeTXvRlHoJRi4sy5x$8oq|c_L}W+8IvA?|Qke@`V)Jta>kQpcXw>0pQzL_^
zNxCIs#Z~2k!g(xC=FMYKCoG5M6w8KJw9<y}2q}<rBMOjFBy(n7)EQWHZybylWMzd9
zqDE?-SX(F>{<OlXM~A5_G3#1bStbNOH)F)AR^;VSYsTY)ILnxbI2ZA+&YNyTwyBvo
zg<~5Z>^~Z4fWoX34f(Bu1p%31AB@rrTk}?aG%BiBl}C*_*McYrYcX`Ng<;K1_=^;z
zU=lS>P@orz4OxRTIhJx9ma~Xvn8$N4Bbk0OClF}`fe0iDzdG40rY*;G?$CwEt#Hxw
zK!(x`(iA@xs<`K@kSE6?7lM9KcNZx#V^b;P_~_`-Xr-oj;zP|?hO}dZtYt1|UkCE<
zu2CJeszAzhmgA`HVyVh1r=&bu>8oy(i|9j=1Xq<i(fASuK}(58VcNR%MMN?~Keg}Y
z<3)?*v~8|x1zuJu@W;$#YE;Kys2DNa922LVP%01&*1+n=fw|8wqRpj#>YABH>t59D
zIL9gv*3DOsXE4X}T30HJD}@F0u%P0IwUk>V6{KBMru9Y20iH|{4Q3SEE|-be@_4NW
zR?W#;OtS-H%uw-V$>K~jsbe`E?ukmv3#;#iNU_Kq3ULg3rn81?<t@{*c-&&KEc;&S
zceppG{uxw_t1Vp$*DS-Rv{NHGXReldNi~JQ_R081kl!Vf;Ca){VOE_?f&-)bDeg~2
zam$%DSOtWl<9WI1d<4On;YBW#QNz<3;uQ;(xV~bOy@#s3XJciGQdrohfNWnGEB8~Z
z5Qh3tVu~siwNraW$7=?JM%}ux(A2P^WUbn_LFsLdbNgy(YBduYc}N0P+9kQQ%*(NQ
zk?LPPd!x6}x?w&0l?Zksr>sL;YXtGe!W-mbT#?$=k~wZ(h=C~N%LS=WYc1t$zh{4~
zVj+BW3=w09<{>mikCkJIcmc}{PL-%({~ooies^Z|?1$d4tg<~_9mda6PZ-Q7@`}Pr
zl*NoPgG?rVIFfYUSR^q?P8Sd_pj!}EB}Ac~xP_~(I>ua(JW4U{Lx`8R3S-;{QOFir
zQ>^T-R23sE63>L8da_$}a1@sG8nLX*NyoM1ihopEmrja87rLzf2d9kj8VD4#Vufl&
zkr*d#?Hb_G2~wG`TIWMm8Gmc!@UsvMuUD?+Xt9u-wBtG@9|QT^+zc-x$Bgh+QAE~q
z?TZy}bgDeAH43g&)u@OE;@Q)NZOvdhMqtxWOn0V-{^?bs6)I)I!L%Sc6AX#rrJc|;
z<UPu)A`IAdk^@)wMAl_;`z1elEEa{i!LZ6wRGf-MAkEdU*Ec7^jw1&>Dd}kJL%k|M
zb!|2WLUTxv-8p0VScWfSh%>4}cTDsYv)DO0mYrdBcs<LVk66#DN*s#vZ|wY;>bf`e
zD{9o_=8;V~RvtL!$~xh7)<KzzQRl3YMaz#Tl&##nRLj3ckr!TW*m^WDW(12Emd14W
z9Qrev$*MI*X8|P_lvGHb_R~3kHc;a!h*`>H!O0-**R)7dK;Vf81LzK$$>q6Z;FKcS
zkzO=PaxPYdfUAawBH}%>r1Epq1{dXeelm_miPVbmk-~!*xB~5IL&CIZYEk_pQNFac
z93^uddO{GBEFHhYq^7E)(RiUy%*8AerMTwW6N{G)UqOr5S4-~0aG1b>E>Z8`?5{u=
zi^l@Q3wp^u<wvB_p@Hr_>9VsX;u(7J*wQ)K8ZPI-GBb^w^?AP)NhXX`{TeG9^o{&1
zOqMiBu{kgfaF?xRXJX|+P`bi%Qke8RV_}I~)@rP595eHt=$Ac(F=bJaNv?CiH3!2|
zOqWqqCga3@_7&M@AH+9M(ZQZZjV6|s6|L2p%`I9PBaL}D)yKXe!#El}J|J(|id4?K
z=sFZXGI60WZ>?}DpLAyHxaIkdYegy?8@+Ws$CB6}QpufS8Uuxx5Jn~5&^K0{L_Z&m
ze&l*}7_#P{F$y`m<XheXRnzgH5qou8a?k$ync8!!#=)=F``*yIAXUhaNJ5RGJW=1M
zY-*Vo_VM(rnX{E#!KlV%vCWTH3yDFo0*M)ftIuL~x$4BjxLIG3>bf;`1(so)cf4r2
zZ{4Z~bxxe&=SM~3V`{fOSZmb+Z(`hs7(JON5&#{mdr;F$u-YmIWEu0sVyCvst~=?d
zlgPOza)3sy(nRxyY{&PFFy<gA#$yC!c!HP<KZv*RgIEhch_mpGpwNzSi0e49>WY%P
zv`Ri>nCMzr3mxm8QgB=<*&BJw^OPFN{>(NT<hYB{19HowxwJp#hfy$9WvMgPqI7I2
z74I^vxPh6;)UJaN9D^n7PIRP}=b1B>RMFO%e#9{L?2asnT-_>c(_8h;-Wqi`WIK7z
z_Jgy6=ygxkTYQD8lXj`dGNOFPi6bfVXwZ#0FQ=YYS43Lj1YM~h+0dwQY)Fd2ka_f6
zT@&C~**G;Y(ZfG``DYke6EP=;(P?tT)L40d=igE`$BpmqoZ(5=e$?R33^$Q%!+>+u
zvB%Ul#18K{Si6cWk53ST5VtJgn$r3(dLjmGrcQ`bfVC<&O$`r9ht2Vl252W@Bq~!X
z6azh(S59E*s$y+;5P=+!;`y$U6=j*@F)~Ua?mWy=fEFDua@-<63qZ0|xC#sIv;)A%
zhoTx*o%H!I^Q8J2sg_o>DxW||xiZ_T!M>6lUbih*pq%PcgJOzEtrLeu5MK2{h5<Ur
z=>(`bRx)c!L<nO#W9Z_N3%JK(NWzlJL!R(pWE3p?gobL1DvEf^18IemR4Q_nF?}<@
z-|(B5G8cy3&($i4TunGio>f&DHDb>U&PI^~9;Fy{VS$gOC(8a1&v&U{S|{ltQjI#W
z6PlS!Sm51B`<5T%B%|QH=wqoP4Ddq(ckFRY2ngJMMKk9{o`1y2*-DJv)#@e_^q~~2
zLcy8m`-Ups(YjTN84%wZGeKxX54xwqml>8tm(=mVF~P|+4(y(sb5A}ujRz}xZu;kZ
zWK=IdDvE-n1{}DF&MfA-(-AmEK@fc?@Zn5HA>(ql9o?PGmRKDmQh!N<Sacq;<oRx<
zRIEm>0Ek&k*r*+Zh4vE^HLy`uN{x{F#nqP60F>!);R<Xvtf6aJN>-%WQc=Y9F`>E!
zXs{}l9md!*fX3b;ogVXO$tqa_@p*{?D~&oGrbvztPEJk*=@sHMM;0e4KUHG~A{b2h
zWm4Wj;3UsmCTg|QdDD(YwPh_oJu96fr7X<me9J4EX)79W<63kJNd^BE-!*gj+PzX@
z79N}?f62rUwx?JiUX9_Puqx+U@n4x1Bn<jheV5#vVR>n@XnCS)lyneu<P9u{fsdp5
zXI@09`UeTPnOxfRV~t9->*Vu7$EX@03!td`R`xT?e5n2vA(wXYd5cGu#K{kRL%o=-
z>h5Z;PIwqZ1Y^7vT5`VU=CJIBlC#sURj8W18AY9HTw#Tvc~D06XzTpw`DR}3m<lgm
zkCBfzqpzs3rUFeV=B&J0EcVu`F)|So=k-><*78NYLJ><9Y?<or@SPF7Gz4d6Mdx{G
zeoPNs36|A3!2RPgvGQvJqB_>k>j`lI<By}c@@dyHJ&Pe{-kP`a*MYebu@c0k&aRR7
zMU8C}44c=R&*yy0HS-Ej;$~AQn2Vz8qVHyMSiq((31nkS&pL%-AldMCh}yBq^5yNO
zEYZr;C0r65R@~loNkh0XtAC3l0Wa@}XH=Ur;t<s87VM2-ewgo;<#W6gUI#j6T99hc
zE7eXR!?m&k{Io?iF46`ydyb5dOAPfJ(7hF@gjIb2a=}c`=4`9R%p+@kU4W_4ieu$!
z&9E~8R=QLS7xR`U9fMS_ckx^`5ofJx^i_8t0qa8lhwZNj&Y*D13jK(DejylpzMC!-
z5h+l~h+zk_4j_JDcim|gP`Db*>dk#6^sV<y6smMJ&@&iq={ji&P)=y8cjW4?ryVnO
zJ@7<&D?u{O%Eb_*T~~DiZS-lz4{9BcBzA%4yEa`OuV|%nCM%L<rhUt;)psQ3vc~Tm
zDh!-~C=}~S%z`(jLUWC-kWK~33@CWUg<Z-wBBqNPDnr!!LP1||SOFQA`HlFIDMd_`
zV!MQ1bJiPa$%{U+)9XZ1OQeNqoB8q?D<XK*dODy2Ig#2%HTsZ<R=t`Hk~6yqhDIP;
zi-aI!GiGzO=UodTQCy4Aj%uKBK3o$F)u*>szo*{Dk2GR&BW$c}D*R`m;6_nZru9OS
zk@cJCEFwZ5?c9?HHeHmom9a9$blC_MCAx6Z-73?nIs;7rh%Y1~9I}8I9bpDf6cm<6
z@lZNlDwOi3UkCU#7-_WEXi^mKHS4e_@7Q!#z>gXPgY}<v@|m#Xx_d!bY-|S=lz=WU
z(KE7qbum6_W~j3o(MEw>&U(hb{GCyey%vH+4%n_u0;|pt&*n?stP<8QskzeCN~-uh
z6gGKQXwA3QB0K^im|Hubkt@)dn!VH&&#DLt*OFPPdX0tS+s-MhO2Mi&jyNMeP=ydI
z^$=Cs3NanVx7-3<iNNmUnhR8wj~k!3`GNk*O%SuWnOSDZ>{VDPgYGm{fgL&|zgl8t
zZDfg6W?~2m@hiLOPAk!WAO9ch^PBurRZfY^zX`s2KwMr6z8VvkH(m}N6qjAWR}YBG
zTlnW1<;Uu&3*v5X*ifnaPmJ)7gLhB<acnrW*U1awt}*C!Qe1WfU%jRy_HOoU{H2ND
zwZ9nxrfO*Lo3Tb~lvf|U?ZWEqRAnsQW=&Niq7?tL8gItF*zog(^qMu&%^UuLeSY9C
zf{BaE()YzzuM?Ml|9$y&;_mN%5Hu8*M}8<b6nFpWhe1Pe`BJ2zxJ&$1(6Gh?R0Ip~
z&pOkX6qm=pC%$^ExE%hTSohr*#Pv_YW>@}_UH;`?245xlyv_wveXY3s$PdEKe#XbY
z@1>xbxEy&YZ1ygG{iU$kcV3Fm{I$vo|ElNv8gcpC!Lm(=%g;;8_L>Xg?xnEdOEuQ_
zHNpCZW13K2=D+H3j*H7;@cM^~HC{g+yna`(3=fM-u|lk&xH}Lm&cotTtQ%`6?tVRN
z`0F(gc054XQvt$0EG~Z*X(;YSf|Yz&T#7|z4Xc;@VR8ALNW*GGc({sOB@#$5>VsSC
zSBh-n`V%3%1qOWk`*k6!Di6n@MLUawOI02oj=_pHdpfqeRpsIM)}YPepi-5G<8Y$Q
z;($_>hvQJ9&EmiyH30KV5@5vj`vNG8y{`&Z4+vO&U3&8CRq%TtzE^4ui2eI0AIcvD
zTVm`FVxz0kUky^ehJLGZ9<frlAq9LuP`fXOUsaQ~2dc@~1J(HZKsBa5P-6*jh-z$*
zdqQF>E|1rs$>Asi0z4WL;L+H?>k#07EwN=oR{0R_42F^#jSYpqcRTO#_TVLB;xZgc
zYGqpaXB;>`3Rf_=4BkF2VDq}*t1)rugslV|T7#F5x5mapl&6=@|AgQCW7w|#06pIS
z8-w?p5|^L+p46#WtC3)>PKibMZTaP58Ga&vS?k3QR!wlSdf=0_o}8$9@>KPcr)uo1
zs&^)ok{*AQepf}D*N7({{9fG`s0yXv@8S)f{azKEUI+&lhf*!kG(l<I*S{B++l;u3
zqAC*~sp5e~b$5axhh05f4cpi7A7B6dx?(QdMc@Bk^Z`{d-uJH?n4;F`EcL#sCsWt=
z<aqUy<JGzWMNIK*o5Tgg^|7G8$@kS@nYB7pR_*kb5UApEx72KR)w{=D-n+w9`Ro6W
zz3+gNs=EGvGh0Cr5*xu16=PRev6r935__CwX9h`TcZ?cCq9`b!v|S6*6h#3=3@%{r
zh>9qnU;q&iK~ac?SWq;UXsp=(pZE5D&$;iOGjARXCMJK@Pr~<}_r3kzbIUpJ4NcvP
z8yXSlLg{9@$gBXlB{Rr<@_SZllST6?Ga<%U^Vg6+o5%OaZOqETF-yJDX2whgjdhRQ
z5Uh;1ArPlRJ+&Ay6P{OM79(%VcMI-`_X+KZ-;KK`#!l{J-m0DOf!NfFG6f~l%2R`!
zPvogB^Qe(|<n?-U9^3PAY<nkLzYmaaCGQYUP|jX@P4v3dA<gahgbTPYiBhQENmRX*
ztX`e6H!3M1yroj3eMEs$Znye0;A6N%$GqqEL9N>de#|)SQ(96=b7{*M&F;&9+i{87
zi4x`HsEFNR`zQrDNai55K@3vTQwk<$a|{w+Pn;-ESIS9BIW;LKB;_=;J{jj_#(9}>
zUS^z^8RxYv*AkQdKe&ly%$$C$<15`tY+c{yt*e1MypQQ}L81|X4$S+js7LiMQIG04
z_ZHQn-7;u5zU|7O-5#X;GLMKNq|lT#ynzGkX8vvAmFzyDEP$sO(J($q$U0=uqDxr>
z_^M1(|NCR%v9aVmF*e4&AKB|#a@8`qYMESh+~hJcxr|IMQ)thF1jkuAW1PsOD>8ZX
zJ$aom_Wj~pt72K*%c~gRT#GhWlqlES64`&}J0(hZX~5+qI&FFJ%oASvQPB;j$!<tX
zoz(gLu;NL27b_*bT}+@lnbcrsk|e!eN>c8OP`97U<B<4v>nt8<pBlLC{m7WVX;#c&
z7@5a?n1)vQS9G4|H7lm)^*0Z%jY|Hq;w1k2qQ4;xATr<q1Nf5Mz+(s4)&PWl!$iO{
zLd58-ODTF9umzW<g_2@gO|hk6bfCy7!0dpC-TU57<rGqq9!8{87KhaIH)@c%ZyQAQ
z1nkv7^9u07hN#9&7VKN(a_eALLcmW9rbc?oz{M;Ae9MXnyk9--YXFZYQR-v^yRr!I
z9F7P$rk>M(!r-Utv59E$eIo)ZIPPi#-?8EzWm@QW4F&gHB?X&j537>EUAQd(hmt6J
zwSix-2sLW3N(DTE+XC=v5@pc_<5{FtQM&`<I!qtL%;yb$+mZo)JgDGZP+5WIS!g8#
z{5&V~ypys|1NOKT0goY34Vr8)RlEi*HjG7XTPQ}Z@`$m2jMcfoUAb6*=UBxuus^c^
zc?478M_64n!Wq>GFEvJt-<o*iS5&e>sa%;=IpAM#v47zdyTrS8YD0rlqChAcIpr29
z;JJmWjMO`4S;ad`G;|8^YKsPZ3)5~9>M0Mnidm~f7v(i2Bl{yCuRp}5x<!FXe__=I
zxRjf<R47AI9pkM6j2Gq1MwPRM%9*MWMHg#O%Yr?&jg>ZV6&JorDEA!TZ<+O5QN>)m
zD(2#Jg{BKPbE<K-rHk%%G^C}n*0N}=(2q58qws{B%#!qUaZ=KHyxN|IsCQ-5oJ)AI
zXi0k9z9HfYuXS-!k{<5U5V4K=d2v#b9(HMnxRu$jILZH;WcH8K`qL%~khYc)+fO@*
z`zeVu;7k(b02lSQx1b2EX5wlkd%0H)Zhw+<oJ9SxiukWnk}1Fs`xo^)nJ!A6a!a1@
zvVebO7T~A-BYMvB=E%fk>6C#HgXI1#d)*xRUZ<`FJnIc=2*5wQVfQvd*D(=rT!@I!
z6HEl08zLgK?u}T!KV1CxsrYHYUs4*ifOo%Pj~0X;W#XessnS%cRZLvv6twVJDY~@P
zfZI~qHGm!8z=-I#V@IV1)l`ES9C?OPgKDb53M<JKN)@UjtMGv-Ya7Zg1$YLDvKSSk
zSv1ZmeZtEE&g8UY=Vzl%U}(&f-r#8sd^Y#g+0M{ScqzcK%o^*A+k}@I=M+c3f&b2w
z;=9)io`=flVe*ajAZht&Nu>(!U%%Uk9Tuy1P^$7bB9>%4Y`H$9q*v7#C#jTvdb11l
zZ)**dYRkgftRzIRhq9Y#a3vaJNG8=3H=q`Jaygk?F1GfDK0cOv;#iSGEpnLjMuh8y
ztvfkxjVxV_ES(s3WffZ%@3N$oQ&%}|E{<-?q!p{^0()`X1vYxwNxf=r4_~D<9&ieY
za)58VYNw3QdrSoUBt%50@--p??)+N(vT|w9q#V<LmyoCiaP+IRqO}{X)F4eYc%LJ`
zuhbw-H7I?JlPp!LP<Wlc*QD?`Hx}T`S9z;w;B(9ZT=r^&0}=n7WoZ4G4mg8ES>*F9
zi<UVpl<=~EA8}e}h@D?6yw@!0Wk|hVEj*p*VW0IO=?kAsDq`X5wGkUAMr)LWN_MYR
z4>vtu<|Y_rL+ewxBKK}+sd+Qir?57-H#EtYsXAf<r#`Z}o$GkJsACRUuX?q};&O?I
zTO-@2Mz)W#8uSrkPF)S|jWx8qcz<h}{^`7ibT!~DB+3Hb&Md$?*4QnM(6(<<T)-XP
zw225E&qTnJLPUgqPs9x1MIj<WPpvK11j%G%Qyfc`Oal%iQO!W5-f61$R#eKGt(1DF
zsouvi@i?X4X{z@bL`(zD4G|Hle2Y>9%)Dh25z0~n)d2ostxZH|6cYiTS{t=4B_mpO
z!Wz~-XsvH785(AfH?8B9)6v16)Zo>Y4ESAYs}w5x##>DL)ZlH`vJ7}{s%vVHQ~hWQ
zzhCECr;Z6P{en})gqL<}nDEl5%nBCWXbSlNb!S>D_xcr5`)g}T_Dd>ZHQ+^Su+H>)
zhX(o_TZjOvS?2YtEbq_*9hRp0R0IC@O)L6uok?Bh_4T78cn*fNKe0RbPtcutYL#j<
z(CoLYgcms79thEXTduW)2%u3-4bZN`ZSHWVu?<%_`kCfvwI<R@07GZ*!WyTRHO?JQ
zTPM64G{=oR=O1utp73f=?@!+<xaOcF-9)zOK_=GK6gzdblWo$w_B1z>LId$k^ZY_i
z?m|%u>Fw77ZM65Af(|YfaY*(Xo<}(CUgGs>*LbWL{1>)sblW}<J|G6!h3$lL354z}
z4TQy~<}XEWRM$GCOL`Z!l><XeiiB5<De)4EUJ}aj!nSVt6J9k+KZHd?gxa~Vt<;D|
z2-T7<d`%*|!<q&cMNWf=G0)Yg86=l8IXDItAB!bs<B%lNbgi=&2-YHJCt$B_Ct0$K
z9M$j3*1j2Dw|$wr9{931lsTs@5`S=3ZT(%n;<c($YE`Aws!FL<l~SuJrB+o+t*Vq-
zRVlU7uIds=p7mw_JGFAOSy@O=@b)~tI@bOJ6{~;K^2|{-C8+E#-m-WpXP2pOUflWz
zQKJUyptTk;&NioM<R+4K%h)~MoO8@-v7gVzKCxUR+Ar%4mV}p;O_hB^tk+qo&a&=6
z(cVw3Eb&Ubip^@pI+8`jUSA^$$GhjO+&PFm$}7vfGOxuCng{*{iv4wsJ93p%k8*4&
zumd_w#7rUP*tLak$dVOrx}!vKsm2WS-i){z0jc86h)bUsDV4=Zsd6(stRRKfuWfOb
zQoUrQB+22ZG?XlPoRli!q~s-kB1kE@;>RGduG}Z8^FXSK>bw{!mBmRZQBf5qJAPbL
zUy1IDlSBE2<WSMl%|RQ0p7(!FYHB}%bW~J7LQM>Nv*3=DNps(f)JRvF$2W6^H;b6L
z!tshE-)J6;y>(PvP4G5|1W3@}4hilAhhV|o-QC^Y5(pN2a0~A4l3^ghEkJM^9D)t*
z@ZG$>Z@=Ah_K)3j?r>(f(|xO+s(QM+T1I7WyG)Sd$s^q{YG5-$7DQ%yxftdUoBQTV
z4|zK8lR*=RKoQbUGXgKt^XJ4X{5m*3Dl|90Df+cn09zX2R~8Kt7%`4jzS;<=l=E0l
z&+0~V1f)FzGV0;fLSzGiR=h-UR<l%?p(;xl#Hqz>rG9_Hl(N)bf|Tmr*VW2Dd_k8H
z*~SvrK4#0JeBLcM{u3o#nr!kkR^q%{Wqj*YK%#kcV^V6ZGjOpwL+m1Z&?&<^C+uKf
z$bg&K+Ever;w8sUhQwFVGf&h(dknT-Au-0Y@HPgH-}!a+Ek<{eUMLDCEdlhW%2EnN
z!3r4_g0rBg{h91JKKSV+TRdBwl)0EB>H{rBS5`tHgt@M?g#?xlFqF3OPmVC3A79N8
zD8vd`O!=7UTutKN_~H+~%CYZ%l{df*nP(w^smS1BxTa4jB8q@)86l#siV)_S3`kK1
zGXG2=d<cXaa>_~q)1FrsfJ>lKBY+(_2++A=mBJglOobA1V!*6oksq<s5nUe+8R($w
zbz2z_87_?aHYr4Kgk5NYE;qDaQUShpD<gC{ZX*LC_-#W03sI%j7ILMCNai#Z>O%R`
z+8faXnh|QE%MsRNNdk4Y$V6TVVwr-QY_Nr-<FF$6iVnUCTm$-SpY1}2-4qemLdd4z
zLae4jJ%F0yfs!|R9AT8EBv7D}v$E@72!G-!JQIpVrH=|@iGRbt67xnV*)Eg|P_;`D
z@o}IK{^b&x2?d%2Ae85aIQZ&Wcm{3|5cEzF(a>%xR21qC*Gj3v0srD6H2CVIj~j9U
z6s0MJS8lR}phc%4Jbtr4cs`Pjf75*&cjRdXeM5lZ`)&qKMvoh65S4~tIKTlf+G36n
zGQkZoqSHl->|J~#iFjl-6?zC1?vAuT5V7fhWenT}fOVZ!l0+1`rz?f`q1Q)sWf*+b
zy&Ur<kbMTu1i+}~S&<t;{_IGcgua#!7-!uLFiv#_<Yxx*ZIl#ZaJF5ji9R=!7q@~e
zG%|$&&G%k1{!Jh<Ad3Mvv@8R;y{{0yXLJW{W!F09jqk!Z8Sd@tQusWJsZe^ra`3Up
zLjP(_5TJw3#gX9>(QSmMBR!@9rpvGkr3S1{Q&<9*zmpOA(g>&n0Fg_l2dKl75`}yl
z02EFH3JU^-ahT~~>ZS0(K)pA)fW&MmnaDY`0Q~NNw?*RP-m;a#*EZWiSWDkxxGpoM
zMJDxX0j8S+v>64okpNt691wJv8!`zXQe{vMXp_i*rW=4Z_-cX+!xaRm3RrLykZ9Qu
z6T<3Jk`aosKEe@(Wkq6&1qc#m7kUHWPzIp?m}r6E>_$5HYV9v?Av^`(VGo=bt{GB@
zd9uxTP^$Phw<>_NGKz>R8{Q5ZANail0Y|I1g%IKbjs_G98~_{*Q2!sUKTh6}K(T#3
zV6=Y)G*#fIgVty(LYFiD!!><fjvM0b!-?T*0-zK!$^lOb=#u_FxITWIffEJXm-VF3
z9gf16(4>+0HoJ?T&NcpjfMqF#XKS&AxVQ_zg}C$ezY>Bv1BQD$0~Z2Bl?&j?Mg$nQ
zazMT7dl{ilr$FF{{)lAfML#m13S|dwzx}5)AX6EDegGg77GUe+A9H<XFvc4kj1NF1
z4{M`0V#vxH8KG!^SZJBZw;fW5YfmBoCjOK&p&9`Gn7bLFDL|;VeZX)9ZnAac+lCsf
zP6B!ZI10sCAYcM!pXb7W83Q5i1K8JcDs+_cyE~jWof<*?GU6OYe(!1~GXGd1yePmW
z{eZ|`Y$(uO4MsX>u!aB~>{$^}=w~5(f)xq$7>E&qDfQ47AY5xGw=*D46x*>FhzS7l
zd%zRaf#C@vaQgzlSP;<1Clh(WIjhB$C~%Xz5PlbkKO{h4UUx-E55N-tO5g%A#YRRU
z`~H>ym@5Ln0-g-lwHhDSmjp24R|^ETHo#|xIN$|^6*<aCZl_q*)`|Ex<YHb+Olx`Y
z2SM>I4dvk{vIm14p=C7k@Y-Vu=NX#gNG~ssFCkNu-*`<7t}&qb^&1GV55Ta)q)`zA
za_XT7sX3SvMY;WMMFtm~6^9u5vY8R8qc?vC(YXCc>G}rf2Zz+xPKBXdAPGUqf%b;N
z$|w*qe?Vt9G(Cv{rTvE&3dTw%dk4IO90<`6pn<iVx)OLSIyFof(jgV`EhV4>TIb9-
z{F;l=6T;+Hl?fySP#SyAiq)0cWDY?@qL2)#H%H3|g995Qb*D-SK&WdT<e}&$Q3$+=
z3@8h0oo262e(7X{_Pht`<N{pXI`H7NFB~A)Xtjelw1o_}o^^F$2kx|i?K*Vtyq^LZ
z06eqY3m@gt1{{NE_z8HxX*Kf)XzcAdx+^D8F4CY)4PtcHiRSti__VBhBLjJWA>o_y
z0kDX+nj`3(r{X|^|Fx|SMhNhAfXCGwh|r<<mU%fLKE5(ph6DfPfM;)G(+_pojwOKf
z0AlLe7`ejTY*b-GvH=`~eswy)iKMb~!9An^7?pSl!gbS|h{BZu_a1-8yfGXgL=GkY
z2bd-KS(pjXl&~H&=OT8Ge*_^;Zc7M24ajg|IEO?Sfx?tU@Owc0w+4r|s4Ll6;7~pQ
zb>Ht^$*)8*6DmWWWPuu^y{-}0;;_;~X91bPF8wrPgJO^$r#6F<i21FUu8=ALI#Z<F
z68BJzYHC6lx`;bGxR(PS#UPRf$`L4wkfQ`3WH-0*>Q+c(4lbTv4YR(<OBqfi42vq1
zFd2})qa_YyEu!r#w1-aZWPV~o#8rypmPY}(J6;)%5z?BV+s2Q4`uutdt_x^$W-^c$
zMhoGwY)GIqKumuDSPpP@K}E#NQUiL_FUv~wB&PI0a0t!7sk8ws1+ZZ=z|Sdmp&r2Z
znEodynJIT@halvXRwS@qMMOoQ9imV~?EVEr9#E}jEOK|EU1%NfUoS;ON5P*YF36`M
zUk0<ojDQ;K6cLYrmNXKmHyPl_UT%mL5XR)C@cs#UTjNmggfm~R`V=WdkvzN5GN4h3
z1>$|F5PlutY5^dm@d27^w1uQ5T=;Ui4i46wS^xi#VCFvwQvN?BXsSN5cJ0y=T0=hq
znCG7^2Y_tmrSS1U(+ChRj5?OiCDFZIET;34(TfewyOn^=6x><afB)4mP(R0UWR5x8
z(4&dbq|WhgRyM{<F3;G?IA+mA$2cTX_Z7b-|LWA!BBV2k<}Vk0;6@o3=25rxQVH(i
z7;{tBlC$B@D`Gl$Jy@eb+d_(a-JvO$&yShJWLL3OQ=WX{ZumxP`t9JP3hfR#y-=!W
z`PTcg<kn7(BXDW5h<o6u=Ct|XnF8(ViLX^fu>yHIV=BnwF;jC|EWRm8{@%`F0aunb
z2-<#7UK|mR6(`@>@8+r|cNKpVE&unV{cCyg6L}9t>Yv@#dW{Hq|M@dtRk;gtpI52e
z!)N%aa){&-VEK`c+TN*}I~foy^{RlrYrE9TRtq6*ITe94qg3uGj;_k$Sn}+0`ARqR
zG$uQf!L0IReIX*=tBPVia={#V|7nioisG4Zs=53*o}J?gwAhr9F%_n*owB`1Q}}B8
zSHV+{U77QOT6aMY64#ZF;2`Sox~z~k7_#4w?%Y8-CP60|8llJZ)JlWT#dq(YE#>4w
zpUvAZB4O(2-PW&7E{WT{UmxlIz=<2$bJ(S=`!H<SI}GpQhqUfa;>#Ng_u?Co`o(q|
z+D52m&6<J<GS{)3&X&4I-V*7~{dol^l()HS={~~T7(4#6Uq=!hG(Yx}M+a{uoTmF!
zt)l?Dn0)MK?pJ9?8)a^+bSzf>KHyY`A0tPhb!^?V4y3VHDZ16+H(7y;a>*Y@Zn9`9
zjKO_0kwF!UWlx@-uk0x8MpG8O(p{K_LB^@<@8r~XTKeD^nwCw#i8LDihF}{SIfvp|
zRqOeIBk{H#HmVZ0b1y16fAK65EAP{h`B+Q&AKL~J$(}{cDkDd`qis=^^7O;$UuY^4
zxa~)d=!VlHEakgKd_rjsH0|D`E@FUAUk!tBtlQRh?_W>nO$RbHjgIJqSjvZ_xLnGr
zFJkoVGBs5tyW9?eC{o!^WTzdbRhgR{tR|?A2W5&qa|1<XlC9+rYsXHU?!fVi6=i`K
zGRd{+bY_{W8s{x!nbT+IPNZ^wS&xS}yQ0sJNi)?^Jf<r<89#eAa*K=}v8Ayu4uQZa
zrxUW%&eP_sO;t&!(?g(VCX=M3;%!N@-L%DHW|Pb$Mq!rq@TB6|X<oJ_2Q%g3<rT7|
zX`b^4Lb<H>7=Jmt_;%1faF&P;-{{lWeQWL;J<0=}b_{{yQ|szvr~Rfq*_*Q8nb;&T
z9@|bVKPbn)%YAqJ#MuQtufflpo<Fz3lUtJd_-5!x{d@;6b6Vj%7gz4y*q>nN=sNlI
zJD@qJE=_iNbedeuTF3c>wzZpws-$Y0lqUHy>e4K6@dw*FLlWbY7?^=duBc?|%b0Uo
zpqpf=Cn%6oGI=6t4TrOfbo=2wXUXw+&8V@DWMVL_5sRfa;n4giOZmg?W%A_al*`e?
z#aycO>qN#M?@Trmi(QJjBFCJ4?$jd{4}$M%ztYrzDBf{);dlsMrF2oNle{+>PAs;Y
zc9OKd@wtons(8S1w;Mqdmkg%k>>Aw8CgLoi-a#Ws{v+|ReCTLkgpkcr{&;+K`Q%0_
zF+R<hm9y(&Cjg(bWODluC%O5HXGGFsE`v#aA|q>xi<Ini`gDl2^$prxTDal?#ohTA
znwmsqK2E{O6*XrOK=*=kauhlLPyT<0j*OE|g@!=E^d?q`#YxjYWUTp&z)SBmJ{p1>
z-pTc(i->V{IqZ<4bCx)LlSsTW|4ieR6feoy<*^fsn#`>MPI)JHIQEklO9mvDC7tTR
zKk$zBQK`5gUj*W9o1tzXwN#KAb)UNLu-i5wx}9%`BJ?>Jy@jBD^qr;Ze!7OGzuhN6
z_l^9BPYC2F?oXJU?QOJ(6dw|=i$fo<V%j%ux|uPYNCtE0%;)Sl4$+TQfVOxfEQzCs
zyTyK#qmA2jFbw+!ER!8Mi1CdGY8w+4F`5YTrqFD5lix}dIvl)3fqjP$WF26Cp}xNp
zl7`bsDF=>aFMMX!Y2=^PcdLxWi!Aa%3QU#ss$*jGj&rq6tjI(5C6Bg;qij$YuE8$A
zS2QfJ4ABoeLLr&3jLFM7+D-xTgH6bi-$VsFmXTpcT}s929%wbBh?c*GRIDfTrY}!N
zXt}51%0v|y;Y9AMg>T>br$vV<NJxe+vBzoAJxi#8q0_XA`hu#ZnX4E=X;Nh*3tyxN
ziF|2e2Z;F-q!|9964Y?Rln8z}K+9O}QF(Sx^;@}JNBc~6SnjaBBYIT3sYykoogOzH
z#hT3T{aTZRtGFxE_R_{<4)*-MlYNw5xA&u%tIp^>#T#y@K<8kc<jTUInY_RexJ^x}
z-SLz9S8C0iVtuk%W+!~+yt_${W3`73E$+<jy%hZ878mzD{EK8EI#ghCfeWQTii{A3
z5s$Xdx_O7x&S1Zz{H&8MqBcE`S9{v`Ii@6>0`tR5TEJ8HIcD_0rsCB+!x`+nuXtLL
zO#N=BUvB5pwcY5x@|Yx+3ysCMEn~2$BY~1n_`_-D5b?QclR0vN(zhOuu`Z==kwq7V
zQ-IX?8PR9LgWbKq+Ic=sPG;eA?Z3M46)eTza&`2~GvH$`eVOkS5(&2>B<832I5{yM
zL%jdyf`62I>`G+HuQUt4DV%#|7!8fE`p7b}*iTh1?OI{&v*zYiC)fKJtu*{u#`fW(
zM#zc>`*#vJWnI%Mfp7{lD(E+){z<c(nF`RSdrjIh?j282+*2KQdA@-<jTY@P`w=@P
z+%hJC;h%<ujXi!M&SJeM=P#VfU|_~%b+}+ig*@LGoEVH9!btw1>su#b{W514^V`3}
zl8_4^T}xronpcK{w}Z^KYKfR{Iwg*{Zax)>tgRlO2~1!S#$tYeu@DrL2kCkyg-Pgg
zPeU45vP_{hES<}c$n^e?sgJsyee0AM=@^tnyx>}*+3JkoJS<?F5Q*04#fEkN<wc+z
zCV7cVi;#((wxZ~y%g%!4*Nik9cRdfl&?gKiJ)F}mLLmUQ!Fe*-gFV*zd;%NILJ2O~
ziZ^vNi!!HT21n@7hFH5x#OD}EV#pT3GGO*D0XC=xV0s>Fcre&ENSXG<s6+)s7Td=f
z!=DP>h>nfPl{YN)XX^d=SQw=tN2cxv=C8=1$ZIKIsQ6_?pbH}z+am2qpwF-dd%10+
zca-XJJoU)Y4Q!El6i0LLew?fT{Pks=hr@UygD{gwqVU3S4Y0o6@-N*%ju%t&%jk)V
zE$e>t31zwgZN)=tsNR%ctKLdZM(^UV&{~3B#vzd4x^dPX!<klG{wI^;UgD+3us0Rs
zj^<`EYL5Ih?mtuKSX>V<-`2yo_s_IuN!aF>MZaD+IN&eC*}f#B<jvD?m)B74Qdd4O
zO3j&$J3G{@nXSljU&?i_Tr(P$6G#OG+2O1_9t<`0$Nn>ROI^wr9InO2lxQE==g)}1
zghQW)U2j=3hDb52qO6-r`aX5o(qrbP`$_6vp4NvO%O|0>Sm6Q<zFS6<)}r`Sr!n&&
zV2zC`$P0a}!ZE85ZM^51V;rK*iX&x>NyT0;bU-U_IeTtQoa7;8IZ<L|g-5K|qZfKs
zr@n<c$?V__PK}n-<GOId9>Ts`l#fTxfeu9zI8)5W<X^hzsf*XVbfm8ADPN@fruN|B
zFOF445fBr%UCO(&^97lHDxRvWX3>V1|B<%Wrn$D2OwE39wHj2w^?l?qe!srU-~Iz}
zbJ5pPxZM~`L&>#xs<Ji>szXFRsy$~Z6la4-;y|7GBz&Uw@rilL_VKYcJ1EupwYDYH
zKHiY^{5J|)@<VFsN?pz_`x#SLIU*mEds_w~pYp%Q8C`}QUQ0|Lc3BA8eB!}aA)n0_
zk~rvHeeLTq6&5?RcMcKOiLS<4iOM-;_~@$QlhKQ%&fkcD*tU3gkJy%Z$BSVod15Dp
zoHv$4A1ibj7Q0>BmfW>w_l#3_F6#xAmI71nLgF++)$4Xt{`aGnYa_Y7XCXTac2L?o
zTw@;>-bk>q-ol!DMPrw+`eoPGv3R(E^HtT0DgD+(23JgKpaCq9_|XF>!h&5#(9oy-
z*K`QaCQ(tUZ95z%%SlfthJ`8^j&f&Qq8zRv1n<)=bUlF#>(1GuYcNe*(xuQT#v(e0
z{T9|qTlPPy4OpCzFS7SbV{=gk0`holYc*p|?z$#zPZ@Cf=OD}YJ*%UZSGS}%R`8Ri
z1kg-{qctg8qCupbJ~wz94m8*6<g1R<r&Fe&@82;j2$fH%5F=Tlk50(}HsmMG8jR#P
z4n%yA-1GYcP<e<<)}T@5*EwOnkCQ3c0R0X0*<cfTTICDSJW(8RC4t<rc9T(8zIXxD
zSN`Zm>Va<J0-uN5xhB4kN{4`%;Dz-yCw}{|h8l<fkcKes;r}xdI>V#W83gQZOlNoR
z7N>4Z2S47?b^lSNM`5+Lt7toW{+PR5-1ltytmI1!aoZEqMDrDn<_wL^L~0M$3mwfs
zy4}8$b1;3keMLnDHT&U6B~G3Bnx8{ba-W(GLHn{40l|57IX?FHgyO62NXeE^dPCDe
zDcg|<$yb5f;@MHZMS`MU`?^wQN2$g{hZX@;O7H>O6$yAk6;QPrgFragoXYeN%!^&X
z`k+o1T9#N&00XNUhFf!C!?xaH7yNyed?i%Yqa?Zi8<`4$V%8KF+urL<LI<U1V}I^v
zI|%%q1PHOYOew2WiIil!gLkA^Zl-x-F%j`GUefMU0B^A!?~%NOD8@n@kP2Ck*rejl
zj84hT`~xUJONRi)p`yBck1MK4XP!m38HE=0nx77soJ1O5AcGPRE=h(<b7H$X0@J>O
zz_cZu<fHU{Xih2ObTMLZza%6Nn7;dx$*-$MV5d%i#dT&T6T*#+tv~v!B?c^;0w!8a
z&z8x&u(O)jYZk~a6?h@Xh4(qK!NvZ#Zw_b@+yLmrK!-p<NJXV7^OsJitUSB9(Ahn!
zQ;zwsbT>3jvGHU3sN!+)d~~TmVWsF#kRlz<@b7#|Wg70>COySfO*KO!B+(iRSHy~X
z5{Lr}iL0K<@5WHk(_wDtC@>120+RFN+z{4D3li8`Gg1Y-5RixS0a9&nRrI0k@5gh*
z_gJXZ#;F>zhY?!$t#<5SQi@%&jxP2q$4aU`Urw!;R>gnXz#ClcW~lBC8gN4G)hl>@
zFV6#cg6ycYh`F^bgi^6n%z8^mdJ5Zw_#vAmHdF^l&Ecq*=#_75>Am8IiO0VY3b*C?
zJqkz%dr<tMJ;27?4)(gVhaKV}V^NQ1knHX+g{LFtSoMc1uY%b}L$Ro>(vir_r@jm6
z7;x?n*F30c+DfjmS-}?!ex|%4SYl?r0$r=ovjZ%PLu+>2*ry0f*TcH}pmC0nRl?(d
z@fam_lWjcELu(v+N_xYy8XAJQ5vI(H)R&-S)w4gyqd<aW?8Y(b&D*j%ZXec$9^BTG
z3N=H_LNG$s?W3UkJwp(KQKYl0)cqmw6%6YtUm)8~DWa|Z14zYXTBc%c0yxPB!=8B(
zxgvU^?_?&_CM#t05x+vhz-Q}3qlG!KG@v#-o#CuIN26Z8F5SlzR-@e($l5LDG@4CO
zAVsIox|udp*wybet7&-QnbxHA<{tj|A#)b&d{s@h?WJ_^)ze_c-@w<ahM^uzmqOcJ
z$kvob4ZUtI|AXM&47^L~zW(Mpm-qeG#AXW2e$~ShHaa*V54@$9W_f?3%X!0+1G8WG
z;tEsvG$F^oG21z4n!kGzhHE_DJK;P(H(c%LPzXA<S7=>Y?4|2oN&wX&v+bm?nmUNo
zBVaabo_~_@0_IwMmJeq_*R8Uu#=fkd?bB=V!4``*945RaTfZhO3AUnRcFOr|YvV0F
z1X;vsLf3!49eb8`OtyCs>49CBEiA<FB{nX7>MO5^BjagNE84}YYE#C}&6@qlQ;AYl
zQ|m^!9iHwrzXjc+Cylv*S}V!>b8*UPCN8ydk8z~^<(KwUe@@2Or#XUanM=rPx+|ZX
z_ZIQisPo=cY1lPc&zy=Oh)N#sPEJN$R*u$=n{JjneIeN@*Uv9I&^JvZR~~n1n`fE&
zDkIriFlW53*LW&PO0jmt>!@T9E!nhGU!v2v$2=hTUfE#jk>APwVyn4kd_BX-v21yz
zbuGtH+G^bXP`%E|iC3GMk7KLZrDDF3o3zSG;YV7<k+joHc)EkL2J(`At>wsh!QF=;
zo)63xO!=dm89nJ7D1`Bu-y5xU3r0OiDbDR#<?~<Xc@oYGX^pIk;TusaAEmI^LRdhB
z!KCjsjx^s%Wm@+s$gF5nt{aez&|fq966-WhDHyd9s~=A6;LAi%E^PmPisayP)Eir=
zACCE-3wByhr8%I+#mZNasbp`RlC@ZDomFGqy`5<uKR@JT$AZ&ER(+$a8b|74^4IAT
zcw>RId(rWJdFGcu_+}|4_OO+e`(pX8ERDn>$rZfKHAvc5Qb~9Fd5YO1rW}g_MU!jg
zpGzMS2$H^m-O`cwE2ZsbtEp<{KAL~WlW)){vZhaE^p43i?;GuSL)V>?oj2`ZMfzg|
zzlJniO_b28ekmga!_5aZme;hb-mc}Pq4pY=ujX2`a~5nx7WCUbMP#8Ei}&Em3+1KQ
zVQa0(?;IKKv_>qIcs$bgJD&v!q9-p8yJ%;&29{a<NClj`jZ9`tOmJ;ppUy@`ZJ%>?
z1ZtX(GY)A{IitEU-~NVM=v1*}H=eC#0?{wpM8AA6)rLXt(!)#|Y+F2+!WGuSf+9>-
z2aoJg>Y9w$ajYL392fJQpav|TsrAajX#Bkr-Oh;>3yrV(q*PXJff?#PB3~IZqhC}D
z+uOU<VPS7$m-$*}j2vWGQN(Sn7~ag1vsGF?(|Dp;caa7DQMe}zvbYOvFF_@<c);U3
zYKdaeNL4RoDpAyu&#VMyff=nT)rDMDlQ|+<vUPX|-lzH-#V?jL@T&xw{idy8NAIgT
z_O`)H^?h36>1<+n+j+t8)|q{U_n}222bMUx8bMl6{V8lNK;0m?)m=>gy}FL^#sh@r
z`RoqqR5bZAvF7Ay+XfRSrZh<oN!06zhs293ms@pQUWW0m2pl&hy_~FF>DQ|!_V=6D
z%f#Eo9YT^@s%Uj~)Rv5Ndk%IlQ{%so?muCE6^IvEQ@J<#Hue6}y@c1X>XZ7jJ{%m^
zd;SQ|jg(||4_awH{6^Ihy$*y7W7yhlWE*(@VhBa#$41(pVC|tIJU=pr9r%^p(N&{n
z1>;r)W42#CX>!9~6U5}{zMN&hPN<L;&|iYt_6}(w|3(vqz%j)UT>^W`5775N@f&zh
z`i$beUR6gDZ!<&+96?JTJ9TL@4YR1wsD<22Fs8A4DC~@`h*yBolK?nJG)q7g@{Io*
zXLoGYIw1*6j|OVH<K#;z&GTeqiIVoSx7B@BwuN<EM+)6vy+_LJZRhvnFFrBQQ{Wt#
zw0BzBPrPC8X*9`Mq}3UaP68Pcr)2aCWv8Z2<*v)siRlqr;4vN4@D%MY!y{d!m>jl`
zC%z~rbt2Z5=m^#3F8v-rAJ0$vDhJ;<ePC>de8?_);EA$L9CG{z8GZZkZ#2s7C*d<|
z?rv*@^#$=C(iswMYEtL6QM~HR+L-bD@YlR&Y~-r-KBJ#oF#O`lOgmnG+^L^uZ~LU?
zV9;?#=x1mHKskiuh&Ov0zrwrqjO}2ssPxrSW1}<e*L&LBBzzykCtYN<3XKz&<D2Xi
zapb;{UeZobhu@vip)~+h&YX{5@|`B*zw4KwJ40j_G9H<|@uCrC#qW+|wxkSqXAimi
z7>O_Lom^xJ-OtA)tMGao36<xV$Drqv_1Y=&w6Ndg8K7{(GS%=wv^F)p-t%X;8JSvi
zhg`Bh7i%YUWx^=Z)%F1~Q?n-3_R*378aYPPu{(ZiLR_y+3N!N%0&7I<8=5qGizLV3
zL`+<E9#V^F|0o5!hO<_CpUnN4&{4A=d^xmuEy2I{UYWwm_@$4Y1<zJexau>ua`aK^
z0IO~eF2Q;G;t1lcHrq{&a_bxRFDoL|?E6)T4B3_x$}zT&{Kes%n%iYKcA+6^zD&Tr
z+`2!^YHTFu%sU(=Yh2qViGzVoTj!~dWN@`>+W988Bs9L$(t&*6<^9fbPPbYU+C$kv
zh0jb~iVYe^csCmAD=KnsJsFJu_{<a_wgX1O>k`r*p*uB+`q_CA!Wtp(9zHa(*i#PB
z8hRZ4d<n@4n!0(>uwFl2l#Mlj#@W0XaJv>Yh4u&SI?`>{me3zOka^SbzoqLY^OpJX
zmv4o0g({wI!7+tyq4*82-RBo4rQeltRd2W{vEy3uH>szM9fR=(!-$HDc^>8hEXoGr
z+Qu*cw4ZtF=&$$+{wVFy$K5lG$^NKAlb$}jQ-tH7EOsB&&iHHfYmj6s_Hcy=RZx}|
z(zpz;tsVs{TjLw}bRf+l(A+_f{S3eA;f`6`Ggm1^AlBurR)eha?;`?ha|&r(?uY1%
z?~BMBVoirl<I+kJC-05xuDq}WdY@HsN#1XBH3oquhpw;ZvoSqDHt!^v^DLHUSESLx
zYmI@IHSlsq3y<WjE+bWFAZRhEN;sTz|6CHeGKUVvAlUe89wIU3ByY0YTFmZ2I-TBe
zyg#~PjSd#rZZ2dOY&LsZagJ#-OP&5Y<;+j7d#~I2@4c2hsWzjNZb|e1>qA!dTm4Fj
z$=7@Zn1CC5d7uDpyn2*exDqap>4|3t-P@|1{<P0D^NC+N5JlMwSDY>Knq`-c2DSNp
zmeGlvf7G8;hpk1rsWN{lLsHQl&?gUEc^Y#(RA+IljQ3rkO7$*+%o?x;r7t&yB^B0K
zHsmoIbe>^DEIlKTHd&CrLiIPl4$j>j&W!X?Q)9L-z-rzPUhJl)iXit{DYelC?a3#l
zZx-$9p|gbju-D>d$_+w1%5JE(>vCPRaULddLY&$ZkdSTn7qx%<7`utBNuQF8LHWfp
z;8g)SmLU!Dz@(q)k(O`uQA2@6Ni$RxQ(Dv-vk^1gz?L%lQF7Ur+m<xpRtgsIn>CEx
z0}VPVqNaU>Y}L<pG)e7Ir|$lLu6ZFJw#1)m{@d-v;(3B>DmN=`df0h_I{b*-u)(A+
zg#|`Mf>da}C+~W(3GvTXI>ePR_)LN*hWh`)CxJFQE<89+LH#4S(VctB-^6Kuc#O+-
z1pfB-Jvp)(vQaBO3EjhNM9<z*{O<NvFqVivx5zy7IkRRUv~77;?-c<j7ObW>t-!;9
z>-SA;V=ynPat3=qL!-FFHw)|$`wH$wNt29XCS?4h)l#0<eyuIsuRe^J)p0q8ZB~m7
z73HR)z}VYEdx*BRdj#FPyj8>ZCX{zKl)q3pmU76}?kTUhU0D!ImK3O)II{~lW6%4L
zyW?I3{8sXKnj^?GPfa!-yZWqt$j{JsTv{Z-<cay00Y_s(jIAPSd3<9+7d6m&WlB<n
ztFi08&B1d}^PQ)RR`@bT%x^1I^tSAuA-4_ev-cg!n1AmMf-hYEevhKHt0a=kS{`pH
z<;RWfSPis#U9+%(;Cg88%$G4psp??~$L!RWtvrFpzVD4&z-2t+DP0EK^U2mt(D+<2
zm@7oJ>a6;mp0%!<J{M<kG~A$`UjaB1)@%p<ku&|liXK?DE9Tr2<=*8t3^O4iYY6}K
zjuuo<*uH8SibbLM=UAFz<-%q3OOsIB-c2Hk&GFnL!rcW)yS8A74t86%+NKYGCCN@5
zFU)9JL~7Mpnz84o;0ZJQKSC2^X7tupKO*A-)^U2^D*ARDmjr40bS-8evA9J1k$w^c
zzVGD86~K2EOV?rbf;sxo_mU$P^q_=%b;Vuo5-2FZcGPBC<eLtUbiAF9j^};;wU_j#
z1>FG6n&S-38h13G(kA6Gjq~h4?yt_KSW7SM9HW6)*2qnG?ATvD^)29KMq%gf@!Wqr
zRyMUcux!HfRKx4GW<!~BBjxUwX(+<fu#2~?fz21u-qp}F>P#ijLMZB_jem(%XbP#`
z37gS)Cdk!Xy_|7)IG?OFO*<J&<9h5)yIQtzkFn;E3aFP=o~q6%bPN8@;y)<J(Ter0
z>pN1PRRg(2Yr86NaEr}PGK=pblT(4Ft@TQ3M#z%<1A&~t4LhQ44sr`i2}1Wcw`_r1
zr0R?lPG{2P9?DrVAL6zkr}+$47K!ZT&epCmdc=}0#h=i)J+`8j>XQ%D2CedTdaKdW
zt&XYFjc2*GmZRE?tOg~`|2}HTj}CYhiXAG&yBB62C88Qps1QUmrVp|)PDk&W$q1tu
zf2jS88Lp0h<uKnKal0xx8;#sC#&9Be0h2al-!`_Xku~agW$c6#L_HF{i^0*zL!U(y
z@fmmA!+NOJ%E4CZ1?Imuxk`;85*-r5dRXn;0B-Tf9b)U5fN;ux)S6p2a=UQvA0OS}
zVNaj$HZ;C)_ZvUl)vbP<Z_r^z1)pq|r<zpxFa6?=H7|t=Fd;k8o4FK5z$-1=p`4mw
z{2p|Cl*T=A^Ey$+gc%EpZFquRXms9a1gcu}&jjVPaL8`B9Dm1~G-8n+O%l>qW)cc*
z{6BrT3fGY)4qk4V{>9&tssDA{NIUVPF1CWL{_CtYo5k*{aS%+Mj~s4)NYCSEt4JJ-
zADt2QHq;IuoN$_`$9i<#{@?vG1PVb}SZ!>q@6ie!y`fa~zuwuNq<YNYM3Ol#GxL_5
zc@#GTv&BDN>Kfb6<Z=}j^7bb>w|v$`gc>2TX769n!T6r%Cf38J4}!CZtAiHbE$NKi
zI+XF6zRRD5@H!!~JJmZD&nTMONvI`|j}=f<BTT)WRH*UQ|I_Au&G%@5OmMa!mRF|R
zxs6vwc74A?z!2Yo?`K&p6gmk-$a`P8PTs*9cR#0`>!-{2p>Kuc%eMc~FLE8xG%?M;
zpn&)v_D@O%Bg)IrlCkm8)1@B9(HT3^cA??GO3=T{oJ|1qvjdSjCwRh3He$kQFXk7>
zBU^!K^KxdLI6iDJUhv(ph0L|ji+9{fJ$m>F<eTfg7&bE2w~fo0m&kk(cdPc%VX>>q
zPw_62fzpE)&$J`7Az^f9^cp$A{W-z4d|zP7SqF>|I}E9u;P0r?Z#fWs9loTV;>alM
zf1Kd_#9(ieSn8d|jpufMm-^mPV6Qqw2EHu66qf+?(%`VkpvOzzvX0xicQdCxQHCAx
zgkZyy;Q#4-?ea?UKN*@*82^6TfZG2bPw_vQhKh>Rm(L`0+YadrS%AB3hHQY|R})2`
z<%u?Umz2y9189OTHLQa-f<`ZN`6yjZl#z`YP9K#I48{&*N*Cnh8d8$Y%N7_<>WbTY
zk~g0@G!%UW_{2tq{N>lFltoFK{_B4&`iVx(U?s2m=D`!nO@_vuBD+3Hx1G3f?#N`F
zyJfN17tGiEoyMXYXa~rteT}>JrE9>eiua^_&PamBA*7$DxJEYvWMcG9>b!fGt<!(S
z*8olh7#r`*Yz`PiWIx+0<#@1fpMH<pZshE6{5QIkHTg$OgK8^(-2M^M18*1V@fd6&
z^Q#;(iIZ#{m1uoOTeL?;3v1vnkZBwb-HM*hEefwyOfCpdkP#Rg=WfEw$DlAUQoQ}Y
z2v|UBX1{edP7e|@C+l>2!F#Xbeez=}eIn^4zU1O%68{WD`4F?fIic#*Vpr}=Qu%UL
zu+&*2sCh;C5mb!`8ebMOzf;w|B%*l{^GKHlxHV!)V{5=5zq$QvZltv5j&1^VjjQJE
z|2?vw{Wm_Q+!<dkq7v}BXzg6o;-5xO!1cZ0onk0ApyqX9?Ia1F@2hO9Cbn-o#47cs
ze-`|6LQVMW0)}84^gbIj+xg{8>2%m#I*|m4{@VX(qQa$HTgH(g?XaQ(>{6KEerbit
ztMhT&4a}8-4Afhukz}k3hjFp|;){eF2BXa_;Z7|Gz79!}P_-}|u`oHZE<JM*42xUC
zbwt`<iL1Qb8Tw8ZQtED*cu*FE%Fbt1?mKyb+N!0ekgoaHOTd`qm=>7Wz+NhhFii~z
zVj2~c{rQ8vJl*2G^r^f0)!}R%?!+?Wq{7iViTOoC%DKck>k?U~vxDvjIMtZ~tVl*_
z@V@2#0@eD^XNtAqYs11jdeEEF<HC6rJKGR0#ojbm9r4xLeGS7lT}GDOG+h>)aX2=M
zG=TKmW2!LPm!>Z>5o)EK)gIZrM>l=SvYY1mht-RDx4LDGu1fv7;|*ZUpq318=@l1#
zG-5u)g-+O8b`07Z6?wKRl`_xZly<%SSs8PeJVJq2A?Cb%$9C%)f>K9}_F5rmO?7r+
z583)1I~7`|SU{$K7&G48yV=;VkIwA77tB*9`1pf9L%*{8f8NxueD;a9A2AgV>sw}F
z3m3_dAhlH+^+)F-!g}|MYxCF9js^saLDZFv4`AlzhqYTl+n}zTrTQOd2@cD^uSB!i
z|EP$4{$kX8r?SE}?fiykE^LH#!&uyiK}Uu|R&Erb9bBoJK&rwKV87yfFB?m$!beh7
z9qqxk{wtR`xhi#dR+@G$=kq1Ln?_UsNza&1maH=08E+LTJ~#hI!e_A`1a7i#6g&*Y
zo4W;h(7ON5c4yG`hLAbXU|kBcy*|tg*J)a69_tERjY$*e3fV>{wwV5r*{0eO@2tMm
z`YXnb@KDpXWvP!cl7Z2oK~GOAxm7Li>T3XV(WkRI_Us)p>A*#w(lmn`=Ew6|!Y`mp
zeZN#=Dww!aL3bvw>7WK=6Q-5-KK`$guikcN(UroLjUbaY>y&I}n#j+3_2b?mh><;x
zF~;S~U$B&6yOq0MrlB@nnI^p4_$fI@QGGCYRnUFOZ!LhdDla10!CE-`8O%HERlIF)
z6WgI{K<^KRjL)>vW#(VVXux$q1oS>?p;?GF9wQ;u>1Z7e2ADe(fvMsLO>W}t<(}$?
z8n6;(u~yO+J2#tTAF?ghY8H>wKQ1A}gU3WxskwJKsSv;%f9R;1XFpIOU=my7Vs|D*
zhmL+-mJHX%q^E**>By{p@{JBZ>?Lm!Xf528MFiG1DlxNyN(nl{^cgU8{RH}va=3p1
z6D?d4QLk^sfGG(+#aDrD<w}yTSCfGC41%g(%6we?={Bt3DXj^hTVwu)2Nm2`e?-g6
zrb8+JE&cv2E666kDuaXlA*ckHddOt%s6k(OuKaDYptwI)74_OSA=~q^Jz7AyvP~UX
zs)duG5`Hg<flnn<ZZ@v5r_w59$1+4~^m)YYNvq~kr{$=Q?E5OltUTX#vvaw2=le1*
ziI(#Tsp%9Kj4q{9m-j0I`kO|A6=uy`cY%e1lL&=^WeD$gCru*t#V=p$bKTM<&6tAG
zEd;oxV~%)rVZ%ISPN?Las%wO{OM4{JnFSx1cGJ-|zwOP`NFz~5Z8c*mbr#JQYay%9
zk?Zgc+o|Rwckkg#1`I;zWu<1v$w}s{-qf8)m5hh=09y~{m$+X<xSbD?v9J>E!gb2L
z2wY>aB_&=KjgTH$<8D6I-1rk42DNxK^R}PP;(3kCZV)HJ{{D(D`g580;u1Qg@TTf6
ztV5x)TtT@d1}g`g><4LLU327+uPXnmSCyxyc2g<sqwi4EL3UUVe1Gdt<$r1AUEyB-
zmZm#5d%KIRKXbc-6<$()0z9AmW?rZcF><y3wm9b7N$&4)_fNZ#6#Q}M(4y160usyk
znY#GwSNe3E4V8u!Oc}ZO;|;s0X=3z&&g0%==h4)<y!}vP?KdBO?CLinA@|^`srwA~
zjN5jg$eoo?c+MT+oc2j>O_Ul6rVz*<v&`*f5u0-;2fdqH02wMdY<E`Vs4+_fU^=oU
z8|Sy43Ur~E?4IBUW_F>#tjyn3O4^@d#Bt|$94h_F%V-l_yy4v(;9eupT$Etyk}62r
z;+5!s@#LcEelK2jG*1*cD?m`igj`jkGacX+MmRWXzGJAZCf5Bv=dY5i*6`VB2y>!E
za%=Zu71f%Dwr;LPec@ky3g+?i5&2E0kksm`WQ*R;wBPZDi(c!C-;e4~|9CI>*b5#B
zl7ezCaxv8M%1;`Y7mzKi{4C08Jrh2K{T5z+C4NJO`+Ai}Wz|I{b<Fr&^+Nzxm*Qed
zX)4D4_1rm`!{8M)iw08awoSUUXS2>VSETm-PgXXSC)d$Q$vkXI=fzp#Rs3N1QNd<h
z8(Dv7ygTsn^nbTU;J$h>y?<6m;AWxtsls1FnN6<FMNrSx@*(lAEqC6htD&R@{PO&8
zy8Pmw4n7X`QCG~Kj9RYC@m7eF59D}75g6Pk>hdVQ63uu6uIdlc4Rfg;<H_2q^TbMh
zn1GDmR&E)3{B<V6Kh(&3QbaYl5bx>=LrG*n@}+8W?q<qK=z%A~7cpaE_KYS}NVpG)
zB<_>bT>T@byuw-MvXLJoE`5+Bv>c{(_<K?$v-3FE>hUzOL+48{1;oaqW74}3pgul6
zFJPmSqCBrHdUDXuZ=7R0ji#T12C2{)9CXR_ebIBej4i%vlKU!|oOz$W4(IzwNQiwS
z=UmvkSCz{hv=}#H6a_YS9>W`Dei#mWH=$Hxq+U>`+Sy$^uX2Z4G8%K6cEMm{`zqi3
zxoW>G_!tzdF1qyXRUNtBcF}kdD%Qw8HiOo+VUnh@Mw#sMagyrd6GCbn>>;8keOf{>
z!`oQYLGFOCp_oS4$J)*$=(^iNN-MQav5mvSX<kh#M^MN`;48h_;RM-^@){nUi@^Gm
zSNBrxq*s<p*q#{z%ib0-r(nt~qWX!iS2%}jq1-08Dkjh#$4|M9*Ka1*eZhW(Rh0}s
zK`5{O+*kY$Pek#>N|v8m(3EF%W0?|;iV6N%QXP<2o0)Rr*FeXrI?bM+D*3C5`llh=
zbjByHF21IHRT7aMgMJ)Z^h;+@YlW1n-(CK=zY4WAUgx?H$Rp7Bs?n5^y)jfTpbqQt
z@VxK-Rpm0jf9?NH67gGGgu4iJZ%c%OLFq1;@X~;c;ww?Pi*|hf;VLXm&OWEYKP$bv
z8wEvFm%J2t+^GItYtzeDN&XMTYA3#xI+xc(YO|oyc#{taCKe>nC0i>ImEY%w=#So-
zNha1(1-ovd?=roL=47yMLqd2tPIe68DTyPF{em`*1yC=(^N3P<q7vP|0&7h3car)E
zS?`=>*oNaJKZB(5W4wXiab*eU6AGj%+}KLQ;ij02kGTc47@pu`<X$F^h;cAu#pvC9
zFaNlMe=lg{)nB1*D9dSS8o^T{hZ-;v`<{~A@HCLZedtdA3f$X*Rn4xXzF^`=8LwEh
z3kR7iG=9&B99)-(mf-NyF1b@Xr<^dpaA}IuirM<mI=g&z_nT9^w&G+==AskhXrNHK
zlrt&*ik{?4LB)i5<Oc|r97y8OYmb?*d8y)$zd-Za?jOw#Ck!FSa#tli$QqOF4}EWO
zu|p%aCv~ueS{wF8Zx+m*s3KOcc?@E7dwEvF<<3f<YRr->oRsq4rEy|u(EOn`{rY8@
zfkp1sOD=_5h~PSB4T8ypvpFBe8wZS04@Z?zIJC#NUKZX5_-5nDu*O>bhSP5*4T^2~
zn9Pn7PUGGTKCQ2M=B;3+!1D1X+Zzn_K#kQtP9j7f(q76g9vD@u_snZMhdgUopaSpu
zR7ebNRuJKY1w+8vYy|6k`njJ|VVH*QWwH6XG44;Wk(#=?tM0*1cA<sqCS+1rYO$O{
zRZar|cM;cuBi8rhnknQlrnWiqP?2%+u+}mNjl*k%NvdP@!^*?mZ+|xC7D!IM^@i)j
zzUPmXYNC<`emmOx_YlKg(UOY=I-d!FO*c|c#2$J(^yVR3V3UbD*NLOn-(U;1J%LPT
ziHM2!ZK1!>p;=8nw-0WON{rX1t69=XtrDbKYy}13TNS@yODcFt49Y2Z7;{nlzM0<>
zJYW5L3|F#%Plyvu<_L9wJ7OOF?aZH<x<;LgSS^MJj*UZp3;=c;)$L`>%dkX_0=tRk
zfaL|F#Bk11Ro1Mg0S<-;r~R=Gr|(a23=i!gK;{Ymd;Y>JDa1~uQGM>VJtQ31YX^SB
z{Jv(5U)Plc^)}&^Gr6?0R+<K!4Tt^_g{5%ov}&xTjO^8+-E(sT1`ZB8o%)A0^Xsx)
zq4ZfHd>8(Hse&idb_pY=%Y5SP%T~U=??r!Qh@89A(uLb#s+o5d(OkaW+O|D@&uunX
zFe2fjLhc`R^;hn=V0o_~ay2IpQ`m5~eEheB4?LQ%ry$qmZ?8NIVNg0JZE?pR=kQ8_
z=X0Wp7WV|T24m)EW0YmR%C{Lj)~F;Gd;}Qn^fMozY)yDeR^q~?aFl?cP;?wCI1{ru
z=7}VB-ImCq8p^LO4hjMAE)p^9NJE|V1g?bEX6;z&a}U`uNBbY3ZD#DFPT?cft0J5G
zy-ZDWTA97-75j>0YK3jz7%QYTLIZS}X0&SF)DdKP5kzw~<uGQz?Dque4MjPiOs%Fm
zZ^pAce6oTS{rGEVc|R`IPLp5M_&J!5=OB2<W*TI0x#*H6@cm+=?vVigm|<v}8n0=D
z+F+WI8vpvRca}Xr=MHtaRX!lG@*C8R?}`kfJr`1HQz_FedfQH#(C2JUsj73B(}{MB
zxPnx)(C{!H`19&8;{ge3MK-%Ce#_kvDf@#NbI<FH7v0P4D{S}D0Fq_(K}fOXtSy}<
zrc>q{O8^mu`oP$IUO+QPk(XUVHb{8Rqvu9N;aX*i>&{m=C1HlksZe`4IhiPEM$p|&
zF!A16;@&KJ7E9q*E11A&hT6SEpuS-bc6HbnYi`UDXwLYo^2^*+)?y_9Wzp=si^8es
z<F~aTTj$6{_JhaY<TiWwz;Eh4hZNEuKV~l%d6PKrJ<(L!jE<Nyj+BFyd=Dst*>*QC
zEi2~TKkbT6N0u0m+GSpy{7~3u$pQa5_>FVAbk-;58EadlnxKG2BGAfYK91h;SB1p<
z&8p5)?87M~H)rijFuQ>+u+XpU+5D=0u-aSi&RlWu9;3tXn|tf}eNXq}bIMxj7&ZG&
zo8dOi+*;|uv7s$6Ft+|SrF0^Fj0c7%_p7*t>q|CET3>Dlc1RCrR8kMi`W;rTq}cnd
zS(uM)B<MmxU8As}n>lBE4lYh>X)fk2zyHRunorqjQGSyp5j})Q!VVN{J=}e<RLH};
z76$3lBmLEv6k^>fY;iD(J4wUOd(9K6gj;%g$g^s%I20_$=5!>3xnzx5cMM_`h^{n@
z#$z*^Yo%|tTGO6!<qasUZ)J=LHn2#)Y>V=1tfeyYDK*ygo(Adlj&3!^l%6J~f{<R2
zUarB4`fYg2f{Iyn9%XiPvI_*Kq-=3t`Qj3_!5364{%LRS<odt2(M|JcFxJ)I`wgq-
z$GrF}7@Qp{Ga-Fzjgiu70@;_2?`E;2%+dW}s#oW)P&1AA>*W_NJ@^xCKC<{ZCNo)6
zET2==#)!g-Prdr%0%(F5`>v&mxddKWZhhubZRp8fq|0m=IIqs{ATupJ&+9y^QCU>C
zGjp&DZI5b>_rX}ZLvA*fPr))PHPadx;svR2>7jqgaMB-w4-O(t;EG=a5{Q}%%K^S5
zt6LzN1B_bF*v(Vnm2WLivUYct8${*hPj`(0hUyB34OTwdV+~8lW|`cOqb(wz*;5tp
zW=4y}WBerZ(i`;j1b$T%@tabCw|Sc@L@46(%S>-OMKmH3tb%e=tM<F*^o5TOZ+vPQ
z0!^Gv;+N;woXNS{>dYgL89CNRpIumbUW!ZV^ZzhSAh~CBis1cyi1lrkFjMy<!+CZ+
zn^3Oustw}UnC<Xx2L>y;RGWKAseYDL6ndGFg(FG#XA)GhL#N-FV*<r5hvKyE#D{sB
z@{S||*YKr`I}kSz)`m>p#U!QlGbFA|_37(SKS?`S;@cNHf1Gyv!%)vn$=Y4I)vRh4
zHf@d1K2J2v6Qte|j$C7PPeyZ`9`nNu%WfwnRq5V-rE{)@tY~}IL7S^Kq;R3sqWu<x
zq#)JpXhEZ6&NKMx+IXMwF?H4?zeD3zXYV^>0D1yhUhVpqowve)zQ5i{bT<}Y-@^sp
zbz#J5k_2ElDHA(JzRcV%U@ZjM_GagszUN2?88mT*Bje_tuB$4t&{FZ`X>1-@kzy6Z
zjLYdF@9#o)BPr5k)vc~Y59XuMyN@yd-CyuM&*wKxFL$I+!GcI_w3=Gl(_TL%gcZHJ
zCB`I=Oh4-8DJtrr_%y=h`$vJ29#ieJpYwm?GMwg^tv|0gvNW|GT@w{26I^WD^jeDT
z4Ns!R#;F144Qv(v`7G<OFI{D_+{f~qW41TIUtLL5UCwUmM8Uk*s-K0_;}+3loX_*L
z3?ugci0Heq_tpv?B`Ci3nI;Js!)<yQH^ed8coJKIkh?Q4kjd<<K+cl;bWCcybo8hD
zCL-HM0(JJRb@n5N$Rkzv$Vox^qhRP>5aY$6$b~GU(ao1;_n#q!sR|Nkwp5xs0o6>1
zlcmYUa4(X6bA@1PVDa3shq7ZsZ%7lcye?Qwt&FIhr^T4nbkK_oH-of8yGu*KcQBLX
z9ORU$kGCDLPH4Qb<whmOCfILNnlJu^D-p+-z%@oHdy_l3PXYeKJQdql#r^<~q-Uy-
z=VMJiOuhVIQTsTQy~UD}=n=_F78PcIGaGbxnM65rTpXT`aMV!inv$j;_eG7uJ;EEs
zZ@<7$c+7yoeo)Azh2NF7MXgr7+4=c3hwn$8k&V3huU*TXZ`j+$AhYscJPvoKl4W$q
zkqs4UvQrfBYQ<9ucPR~cP<HL-j)<$Wc-$(9eHV!z#Vmy#TD||``8M*;=#z4?&Q8pZ
zh$yM?sBwM&<KQPojQ>JYg-$PE<zzlLz;J9Ws%vN9Pb(0J@?JU9DL5y&?f(7pU9abg
zckl=Ds^(pl2{S7&Q;PC(bCWl8+nuu`M^X6)RNCB$3Rfe(UH8(DZp7m?MWcuYCi94W
zam$9q?wR^p%BR#*m3tYlxePjUYfHshy`SS;2Uj(oMSmwqqV5)KjLmG~bjE(pi^T31
z5*3HHP#K_VPC4t-W)sfn?Byzbqizq-5!7#myp#U6#bBM=g;|k@{v2|$#<*eC;N_nw
zwIDEl+s7P8fAZ2cmF!@TOJm_AWundNEo-w#h~yI^$6irFKyA(6)s%T#vobLEak=11
zmW@7Tba)#yx%$3>T{Pj{)K7M*!Jt@nNmdI@xdh^}%e?tD7#5q5>hWOYMd_7mQV~g0
z%lFx#&x~zu<*JA5R9UH%Z6<a8>6J*a^X6nfmwfUx11~acy%isoSnWQ_Jh!|uaT$W6
z(9f!mAAC)2BrgdW75`-}P*a*SUG;DM@XQ%V<KCCHtl4{ASHD?1ARKkM!n5dqG4&N-
zbp*?rxVr}p1PktN0fM``LvRo7f#49_-Q9v~aCZ%MaEF6C?Bw3}c9)N?o~hGPtuxbI
zfAykzvPjt(X`YNF)p7t=sgll%>~&3zMj&@da0Bh1KMYWENzQU0lo^#0{;v^Fmoa4u
zgF;IaD=8$Wza?i^b96q@<=_#e#=atnX1?gy8~FjxW8b+tXKODu&7*O#B>RXtn(Xxd
zt5s$IsUOrYRM=n7RtJS|9d?a4An!{tnw$jt`PW(l1z>wfCR$E`fq=@qbYU%CJdv>?
zpJTF+u8=^IXw<aQ4q`QB<u6<wnmM33T)+^6B%#otT`{ilADn=y!qIwCX1<!Ec$E%N
zvL@St#YWMx3&W~bh!@3kg2Y^sy(HLEHH!)BALt)-$|F?^X<>Q(jw~Ov@xou6@t?)r
z+!ZW_jg}0+?VHl~@H{rI^}GQ3@i|NVqh&`UW<~6)^y@e!iUOSfv-!%)-3f(+5iU5i
zBSWnr0{?Lmx#M@&$Nwpc@BbD>IiPf5cUB7a!L3qy&+cjU=Kj;e^Y8=1%P!#+9wY<V
zgrN{O_@dy9IfO#Zm(ibdy{DRT6atO3&)@^xVgfBRPq=o#R7@lL*TZ2aaTq-=rkm$M
z>iH`#3aGoT4QdLG)bN0RD3)wf3ZpkTKo#3r02A_CY%^fpq$4gY0A9W}93eVgM7$^T
zUm!pq`#uBE^Nw@?G`_Kb_uTGmDTW>gsYFO(jx?<RZp9`bA1-Pr1;7+hI$+L75s1{4
zHeST)c<~tr9~}JIO)q%TlmgTXXm8s&kW+x%09l2c`0F4J))j=6IU2iO9?l5K30&YG
z?I7Py6(Z1<&lK7@5adlLKtVtpbvc-|eI`J4{JT3QCO8Y=^qo^vfVO~C{5;6&Aeub`
zj*%aj!s`R<O8%x%{GL;zfHEMZpm0UUhD-?!LpXc<*p5w<>NQPGF&`Tqkn%GOLH`S2
zZD|33!n6XK<!=)G#Gnj7cRQ;@IU+!{B*Y>XQE*VarxjqyhNnVz9FW_KL*onKq~lQE
z&;dHzUdz-JH;a9Vh(-sJE!1$uq=?@G5cNmJdoln-*diMySRbe)_PKCak3X*byutS7
z6d>hTKzH20CowF543Ox1#-AF}56j<v0?V!{6#Eb~j(R=(sjz^ZwSb%uXA#TQA+4+r
z4`V|>rDLZeJXivYyK)p35dL>O73|QllmLKyXeTBp7*sZN=7ZrCf(@$&=#0A_%8eqi
z2+xfm1%<Oevj2f&%J}eCId%F}8&JLXOa`*jrG{$CvBSoE>Ru6td9edhO#+sTxd8q4
z1#EGcwM#^xjxpt6h%qQAI6}h%Y=F|}2#pXiLA!g;0!!8SnCt<s0EFl^uLWU!NWACA
zfs!F~Hb>}_m&EiEMqyY6Y-N_|!H?-3KsBC8T%49Sg${bziRt1PMZmL~1V2w0(BQ8F
zS}(pN454L670~dnNJDsV1jM+OgZWp2`8Q^9nA014K#Vj1J@DzjD*4rjn3zuhR)Bx1
zpbPGlD;BpR(04xsrvgzQkYR|2w+H`#R}4Pr$G)m-&y5d1S+E2EDEOzMF9+1D=A^rG
zXs#J#ECjT>9!B~S^?X)%z$?%}i~k2sK#~J=C2d7u-Q5e|oCD&)ry}ssi;G(_VM7Wd
z{WoiKWILdD;9pJl^>qC+(Z!DG_!Y>&5D<S~^jleA?(v7Wr?9|KVN;rj=_8;9iGk+$
zfDKs#h~5?(#@mC=!vtyrx>`B@<(JJK7rYhm;A#M&))|@E6kx>X0(tNg>+2ySHI&~6
zAmTiL2Dmdg-9`K3xDTa30a#_=vVc_3KOI*>&|t@}UBC)O{=+02hWs!_l}D0__zKj`
zzY<9R^6vriUwtb}4)7Kl8zP5}^<MnU3zNf&Kdnpn^x*@xb!(zKG@LyykO=}dq~bq=
z4{JpVfge2t5@|)5o$>=}fX-P3bXRYnlzUT7?H^irfnmij@C|@)2*)6M&<?>0u;Sq7
zT?3F0poxcd2br@7T29!$-H3tx$6*C*w55tNrWpZ~c-R1r!X0RUX9o8+l%R@a)%<|D
z<kfJB8+3p<mhFxeV)T6Q*nS2_`qYs{D=G<$ntnidRiH{U03SIO!DHfDVN49n;sW`;
z=S*&S3Dq5LZ8U^`3iZ*I7#q_2-zfeg-s26FJQ;%(zU2kBWRLtI0voo&B&06{bd1{}
z%;`89G0kk8HvKF<4oUiupFj&E**WaB*|Wji=Cz5yWX=Ri#D6>pMak@A=vlBo$MBiZ
z>&Y^3ZoxQx!g7MFFhF`GNJAtU7Vk0qmm2{6<2Q6ZM*9P`4^{2dib1J?h40v$goYnv
zFb+#xKWhbvAi;v~cse@0zZ_i53QPms$_PycUj-3b#^?-;Q3Z^Xut|dc5R=r-?1_SD
zOORW7_e7`nYewWPy5;?a6OYaz*w%|6-<?pIQ<tRX^wZ_sHxr_n;ScMM(7=>zqk9S}
zQO;Iuqpvm$n2_Bc#&VK59Ua)#_wF?0+^q&&Q|17VZC!t|e+>6Ok(pU9sQ@<h-1-tX
z_`urXS8+Q>+PT}OIemNX|M2yj5nsH$;IcUbg<q^ed*f|-tl*-No_hxD9CZ{QD>g7^
zJSQ_ePdKVi!1Eh0(*qVYAS>H}3r}Ev^A`-)3Mh%Eh4#R2fVcp5m|n-Be#=K#v3+LB
z8mC4XP)Vhh-C{C38#~KSg`G3QBOdSn6QRu_Z}A5mXk$zO@N;YSc^s0f_7Vde+l+|}
zRs`mAQbp=PVh|#5HEDwPks*R=qjBei^V%eRJd!(pfyKSR#6T{=^HP`EuObzH&dh-L
z>;AwR?LbE=^|c96J=H$MYP}~W*unymiwzn4(>olNCmTRN`k9rFLmK>pzY3?qdR#-#
z=c=AyYV~PMaz;qASEX{eq)W5QQ%~roc~qFp$|XoQKoeo|(^5}xq;dEU^>2Q*82Qa2
z3nwPQE?11(XQuG~ybxoyVdB8mk?quWeOCEm+&SP!`Qi{Ow!^P5ZhpZRskl34=}`%<
zY0HMJ3dJKlydjKn0VQ$=^k@TEY1Fc2pRj?E4~#gYZKMISH0p#s0XFUZ{m;~69BB;g
z_0e?|CiQa23FgyLvzBQt(aDhLf#&17#i@*QW=${gVIO)JhtE@2MeEFpN8&vhh-e{e
zc3PG`4^D7=;9iMOgI;@dvhg^tOl6oetM>^v?JoS!)tXIl(!N2=%&e`7oF#%TcPK61
z7>724|CgV`#2~V7z|3U9;`GzxuUvwa3kmkp=VG85xX>vh&Cf*!ey35-S@>}|P@<fU
zIX%-YPI74T%Z_lR(W_TxS=GCpi}s@!amTF6vj!B8K=AztXUBoIOh?I;u9x4BkAUQm
zhnqf^JFV8@pNnW@hewdLU<t+W2$s){rCl85(583K7;D!U-~jU2MV0IL0#xV-$0H{;
zq}`lZx?IBZuK`wQo*?m7%!o!d`Nh$%a(abY^mAramCwiyz#%h0MgOt^9+q6;Y!1lC
zW|NH~aA&bSWww$6>UCd=af!^%`G!CQlwl&0T&QkpQPEaxTruX`T0=hpUeC}t^zXA!
zt9r8Y`haf{fkVt7{Sp%upes1xVrzb;286<)AJ$8$P?G!C!DB48Ee8rysS~zUsF~Cm
zLagd>nrK|~(ZF>fd4XpHmskd9U=m=6D4I6>wTj4NlK<IelX{rG8x$k@QGT&nPp7W2
zXk?KqD!h+aR~H*IZ$VD4YI$nbO!zq&XjGY|aL6VKWjL^r1<5JF#<-`x*1B``0;AR)
zhDV@hK+_7nyhRP9+1)6_BJ<XDa$rg*fMJW;LBrPgooVq^7MWgW`a8nucyVJE3BQi2
zZLq>O3Q!d=pOdj-PIKiK;eOIN#~3of!%=QXE*jBk$~0xxj54w^hOsGcGQF1Z;9UaY
zf-xSjuipx_>SxVHynqL$U9xsTVYKOnbwu<uxotR92OIEcwxHgqTyB~*TMb&LD@BFs
zTjt`FV>Kxn34?`J#~=!HGlLs#RJE10s%N}4Gf^CB0uXkVBi9<pj81a0@@hzRP9<t}
z^hG1pt~l7SDyK45_4N9^{jxaiD(R;(wa~E9P9Y|cG6}E<i&+5?J<`lNjRGUAcLe&M
z7zBBjX0a*5dr<Z#9Bl>V5h-pEfliVkmu|~O6Q4x|zkEPdvF1xGCJz)o8?>y*qmfQc
zA!-N!_nMRP&WcT=5X%L{>)HxOj-l8kMZOvlu1Xg3a>W)e&w}Ef?+pSpq5Zs3liuT>
z9Fpk4)@@KVEtB~aMurZWktb&Xbj&Rkkp6;`+pjvU+tqlQYmn;gyVb?A=SN)M+ngu#
z<(Jl42GB|o1iXI8e=Y6vh>YkNz2w5pi?ySJx-)m@)OXty{*%8^qi3cW8F?BI5#T$d
zEAQU%o@uN6Ubc3nF~@kps>*Q8Ix6VExqfY7O9#a--&lq~!ncr5TE4cdJ{P@i2rw0e
zELC${&)1=jT_*K)uyON#lxVBLbZMEZb~{oVi@Z*)7PmoFQz@_On47p2h4b$7QN$=0
zn`;gntI^PyYxa<g9IG`Kuu-+sX_WBUiMkab^8O4rO*~poD&9dglPhokk`|?J#a3-f
zkt>MXKC8BtT&eJV6$o6-fyqqHuDnh)%5hr0oN)YGdO3-Di<s^A{Dg9`k!E_(*)W{S
zl0sU5z7-Uj5k;<D{GkkW_{qqul6$Agf3DHf9`gQs<vT*D44;aQiAgvjE~5L@l?vC1
zVtsxotCTjZy71#5yHiI#X&cfluo2I(H=UH&=WwXei8kFuaW13TKXw$+f;PQKt{;Ln
z<Cm3N*dO_nc-Z}nKG;&_uoLSDEo@t9xM$F*`RMCi&ragP>=KB-fxq8IjXW&OwPh&O
zZv~O_pp<&@_fwGKFafm4*(ZkfA<yv74}9H!)aSI_0!<;n=6#v;K88&dt)v$MKg?U~
z{XHaFq7Z1vOznk#9B9|?P1?0EdylqG-<h`*yp747G*_S+2(oA1lVw%xgIwVDt(%8z
zlRIs}{0&)e99ys1Mojj0C0cBH)93G$V{7yph2i)jKPM2!6y5B<ymAEOWE1UEtnGc?
z7dl<jePRP~`6CWF?C9yky?z5bhqkY^PT#cZrV@3bUH7ed9n4N2RJ+<k`+fimA@^Q7
zO>vLK?dYI4yZI5i^T)jYQGDP_`5yKjw^NVKt9PpCN6p}VG5>LBVY%n4@ndI<KkshK
zET55+*13V^mza|>^OzUsgC_)MJruiFTYz~X($(ye0p04Y2>s|6bHK8@F86>Qv({-8
zNUTW%&xAbYw8U!WsTDI8E-Xlvyu)V%MmFY+`5W6oki28|8u!T^efDkn&!xw{tTB^9
zUk<-Bu>qMDZgO`gT?e?Vd*H@FZ<C2FhNptY*)zZ)Gm31b)6M5~IoQx=Y4?22nCyKy
zKI@QR*!Kg<+Gm@zKWwhCRDEnW;ZzmQQS)6WaOMnOG+65h&#bFNvPg*PnO&j>G_bUO
zJ!wZ`;88M2;E~uMFXEhFCZ}*-VQRz_R4tf9nC@PiYw;du<49-jc1RL1jK*M2ra(II
zYElM%&wp3lj(cXxyhRu+>Dv#NtZp6gf<eY!L^#2;mAM6y2r9q}lT>>0_t6mu5_&%q
zy+o+d7NjEkgXR1{afyKB6X$bNWLj5Cx>c1?l^iDNF-84}?A9d;ez9ODQ`Y+gQ;kop
z^>(;Zr<t@>^JwwY;hp^zrok*hyIfPp%y@<{GbzdO8n<q&<Cm8tpJ4i}ABGsQj?w&1
zAs)LM15ejRG($P-`R(ori=XsZs|~0~TL~L?g>ySQr5CMDz<~*U^i#3g-{B3H9EvCJ
z%$*Xy*VgmKeC`^*mHXn|dHRs@uy(t!w4}@bM*G#bzOmwByM+R#+w-*4*bwfu{h-6K
z_1-nHX6kz*Q%m(|h!5G&<avoxvMI#9x%ni2<sXL@UJJXz$JA>=8}N^1i6zpr)2KYl
z6n<yTF;O(!_N)fzpMHWXaqXkH&YBIPG0jN#Zf-r*3PoAX1xn=Zjh}awinw|CjSgq3
zGP9~H#K}Y9<azjwN~b=NcoM@RR#%W5C7P*iuVV85oqhjv|1pNGdHA)u&YlV7E%8jG
z@5HGtlf)DecXbl%bx*gfIP1Ig@naiY3TVF%bhpDuVSsPxTR`P%hzd4^-sJj2LDv+&
zb?XSO$+kswl6_8Q?2kT$RAnHyHzfNV((?7hzn!Z8_9Tj*k-S<*cg-Bpsp`pFH*B@(
z=ze97!*6D!EP48SBw8>(@7v@bs>DB%f|i*2Q~M%^2Ki5Q>##f@+t9{@W;&md!?eoD
z{D$qh4}LOZnABDK^fMJ9M*R+P#Hh}&N32uW{D$nbcOTB!Pv>`Ekc=_*aKz4#*KPqX
zs)yKRkGy5K`p7Da!2MU(Ht&Rt2*HW!p_tM2RU>0R9g!i`9I<XcWvVH78G`s5@|Mt3
zA!D$i<u;-$0@<{S9eFjP=8EX)$0m<itTu&=Kn(BjihV87OfXuu4PsqG%LLx`w&Q9E
z13593LvzS-aEA@DldwmR;pv8J6D<%raqd7{^xl;Kp-$|GZ4;}_;AbEP_fKJcBkp>{
zo7#}&&JHVNC+&w2#{P}{DMek;rDkS~?dsY+QQ0uYDYBfp;B!XfkNrOn4k8)I&ryd~
zMfC{Z=I~73UCvEp4-N3)MAvXN80vzTsY&dS>m-lukk>ExU_{qw-24`?OvYSm82edo
zeibEyoxU~9Cl)uTA_bohn9MmFLG{^^SL4w91%g_ntmxZ9vD=Z`6FBGtm3hPm@{|oD
zS(4HXJ6lv>))GB!ylTSGOu)9wYk#)ZanBqZ5;;8Ygd(pd$k8=N)Rba>0eji;Ydl@7
zC#Q*7NuJ~)bueqY*%<Tk&(s$~I=Hl-=@^e&;OiCxr#4(PgpKNWNq5??0QjX4U<0SP
zK;$r+0NbF-h5`v~IOek?`-){T?wMl=$u^b&BdF}UYP&U*Z=w(jL*F~X;uB(6bs!~1
z+d)ULCbHz7|B3(%*p6Hn9~7BW7Z%am5sb6XN6!Ub*=5l?N!JQ$LGT&vU=A^Ls;Urr
zCC;V2rwm=wxu;D7aNDY8y%pcle*xRQ--eoY_jFF$CZ4q0B$AD~t-zZ+$0spZ@*a)V
zNT^J7#HfUFlm}oSQaf)<ZQ$+VBZaKv9rpv%m3GzHjz<>U5~Ku~+sB$2ox=%J?O^mw
zGcA~}NW${Z#BJP<9~QT-aY7pq(l67K;<_oSUQwM5POHE}a-N|i1JM|Qj-djAmU~e!
zUZ5w<Iq0RFbkY`0q#F>!P(~_gOA6#o&v(Zn_;bu0(v}kx!LXXcp>z$wY{j60kU^AS
zdmA`Wz%o5mGKR~=ebaQ7Z{W1ug~(yk_m6r^?w<-y*16Dv?VsU9n-QV&>g8hbA|3LL
z=FXhFA7m%r7#xN7GQlbVKh8lHfsqc67JJ-oM`EQzm*3>J_?&S3gXeGMz_Ly;*FQs<
ze;}=o&Sp&KabFG%>zOv#$%TZ1pY%QmS`RK6(p);kKzEBdoRvVVf?0gN)$*gfww%-6
zm{(Wdo1YI~nV%B?4g+uqfP(<s!;GKe`ggzHJIixBV)&NZvxo0DfBrDPpRbaWGvWJm
zwclQv>+)RqKC-#vZ;h>?{$TF&`=d*H9b1il=Sa3ORt8DtmLoT@KJw_}KD9r#mKDy-
zzqaD=z=i_Wj*Lk0xi(`HD3kTqTgr6&DLC4e3sX(*u#5w;exjBo<xci|f{^v&-nvPL
zKjn&<%Q<Ulq3#d>ZAvFXy(DS}Y_cMA=a3v8pj@>~j{hRFCQV7BN%&-SY<A$+036=1
z4zlmv;)u-{f0l0EzepjgOclqEtC@BuxT+bxV3Ero`}#Kc#eh$BKM9>!u6$_yqkrDV
z8lOlbtaYd>8n~;`AsFfz5~Co4rm3B#YV^*bY)ymQoWc%~oPWOf0hOPy;5++4!(Ygn
z(4C?b@KwNL8s60H+I8rp+`ZtgfYA{#JzaI*gYQbmRo5wHTg>*7(e<cJZNed2#HRfO
zy+gA?eg&=HGdudi(1q@P(mf;1OzTfW>2dlRN`-uHVn0rn*c6CvEtAX9obQ|cWAqN&
z@>nS>h|Dz|`rOi<?M(mt@M`OaqE-P=^%%oO^(4JLA~X83b?bmjEbhN>BV6H3R@I)_
zt1CU;cG=$bQXZar=C#t>=C#2o@OmcKXs!lNNWoWGH3A@n40uTnKQVg${A)Ii9+!K`
zuD2v+Re7vudH+m8kDLi_%`OAZ@aov*6`dC(=Zs&PI`QwDsG-@$>wjwQA5Ne&a2P&y
zoobuEhSdiclOUME85)n&@?;99nfHht#eC+Re+*BhUa*7mEq2rcjU5RF;uw8;ca<%;
zjxG*%2TTqRXnHEzG^6<N90km8O+Jsw_l?2q>pBH$I<F;7e)Ip)g0S`^Fa(?Z#f65m
z&(oBh!`;52>8NMUYPhJFe^U|#l{bpXE^>2`kR$wdd3qTdndkj|`5BFeH^THHyE8Yz
zOb!cO4(DSnD*>fQ0A!#uTEQxa-^v}`7J6`smVh!}p&rs@7hCG%HX_Ehh&U#tGY(i}
zm$DXhkRZe80}Hi)>G=I>>zn(M#?s9MY*2T}Ug){7;DWJ5dBwlKj1et#`&G*>Dwyns
z01Tvx+MG%0{3Y>VA&Vppi~HiI;SD*maIgLlG#fv@0~I$F<=>(n+K+?DVU8#}{a9NC
zDg3e-Ig^)+b{pQ<<cS)rInJ7_!dW}I10C;NqG6E%JZ})#3AZIK56zn_es6l)AH%5f
z<K4G4RX}A}??rSsLiW|1Z64_-+n8cmx|3spGQx3E9~9j+y5Q(0zF%NzC)+_GtNk5X
zx}}CNA_TWZhH+1S-8&^K<p3Q7mjqTxQ@;MHXlmwj+J{PlTRSGyB?eb4t+=0C-&e)B
z8IB_R)F@xfbqR^7y=h?2jY}}gdbh_>VOzjeSy<Fo@t)H%j-%*IjOQ8!1r<>#3K`8A
ztN&ecKP#kQl%vxLk^ZWas`i^Nk|j_^mOofU!M5@@%e^J;KB<-Q`Hb~GX-3AdqE(M(
zaI}b<P&}NTH}hw->$o&(CKW=kM*@zC{-FZ9jWl#MoAegD0z>X^mS!v5eJ(3w`#I}<
zE@5_;3=YsgWxK=vdue3$Tn%>U`njy%EbCUBb6IJztK9ip#1((Wod6RSoJe!|8tjZ-
z19FkG0T<QOt_$NgL_iHRQGZ@bZoU6{d%oSz1*B1~LDM9iI~#z$N=Irj#;=S!#gkC?
zo8^NIF14wZG20@Y+~91lS*3bvR8ff0r>b5v21dC-osbc&CtJ-t+y5_6KzE7j{|1C0
z{{I5%q((I&0cm0^<}Zx53$YqA&iZUt6f!vMY6iqx^BA@rUs<yoJLX(n!9-hMinC>T
z8<>8>O{I0g!lkB=%kLKtZlT5Mh69nUE`%LLk_`A|r@4qKe%{;TlNAp`&e_Mr+!(uw
z!Xih{BE)odG2Kn?!HI67y4gF&Ga;Shpjf+0_SiEzL=p`{=HuNjIsY2mlFRQ&X0}B=
z=ELEm@QO*!Wbjb|_rm%m?*o@u4;}m6f?Y=hv-6F^mea<l0F@8gB@l$N`{#SH0!qun
zqV<wsAcOCu&2GDhY_LFtmUvjCve{QO9-9}u<9Y@it+l7)4hgGpMJ<=Cr4~dYVcB4x
zhbRQ!NsJ2>QN4#3;=fPRs+R_+_k!{WPRd_VsC$vX9TIv*wRD(Qf%Fvp15M0>{433^
zRGnHvm5B%;RC}J$$XEoLT<6J``QAf6Q*4*tDL;wjUX2ttK29pyT>taU=KczRkl08o
zwZ=;tA1U*Nl^!XB{t=UZMD!n__(!1rk!>M>^mg53VTV15>_Pf&^ZmQ$Q}XN~7q3M#
zF3E$X6Xp+mK~*CKf23eQckURxk~Xu>y^^N<M|Q1puL9zK39SF5hgn<tL;;<oNb&I>
zA^k^){}ICH2VW;TFP{*K%Vr5myoB(66Sg?5(+(*HYV7a<Gm1Kd)ai;Nu>>`Eo;$h|
z{!-%^$_2=`H5JGWucQwgnn?RSCTx#7awfCLYJYHBfe6iqPu95Ea+D#FBZZEbza*w0
zCqI1F8|Dpar5#v?JU4}LApw~ssHKjZ48xbx!X7vk`Cv{ncSQ!s2SKL`$~DB)<c>MF
zA{?d^e(hO;ja_L77YHshWv*{<-bc3A!~C;bJDW=EBWjxfgBDU=ek^P)YcAR@s;cro
zPV*E=Ui$1m&Mm>5zX`Hk8VkNJ5g~B1fu1nHw5Hj3n?qokk`toKp$tN}Q7xb(W5*&Q
z!0b=q=b0es6^jwKaXfkHiT}DmTc;@8vY}e_1QE`TwDA^Wckx*dSRX-3rLUiZAq~+G
z)i7&GRHao_RKwSAq<p;t9XKKhzxE_8ULZN*H~1;9?Fk)7g;5XTR;c~(_VRM#CzpZ*
z+a;fJxx*HWTu##M!5UcEat$P%dwosVslzoLu6ur&q`vzAqOzzfXzAzOXoIXJ;g?e_
z@TPQ*^L9$Qf(muRK+?|$Z|`KPx3_xX&cFwoo<Q8yxePig|5e>4rO|`wh?OG<$Z5zn
z2nbF89t`YWP9dyb9%f^KbnOg!o-1PsKo^V)7wbt#?ai_F9FSc@ZDD||_xOl_O}}iM
z&`7bIX7sy`hTNH521{`#F%G|FuS`h4DF%HU$oqV6n0u^Vu9l$@Jjk*PLB~E>4SE+%
z_BE1FWtzDM#Eg5yrTdby8A1F;NXL85WcTIPQo9+*n*k@T6DOO@uZh${p7OK5-YNu9
z%i5ma$+Aj$%M|7_)o85GBmV0vlw)(!EQF_b^39+W3>8A=a7y#`Br4m@elGqCQ~pb-
z&Pt(tnS(~%Ha&rkYa)7;Pe+a~4{t70DRP8r&SVy`F?GKXI3Qj#(sR1a0wRWkPS&`v
zqMn0BO?y@-X^&Mb*?U}FJH3-`%(|d{SEHRy)<q?$Xr-cF>y<J~N!SYSCLu^sn0NeK
zN^pEZF}?Fi+K2=XqKZvLsyM39cXXKW<Ot#cyMPYI4^Y#cFfiX`J;8u1J+;^9p=&dq
zF7Xtwd?knQCalVZkm887DDWI_aJ|->C|IfRT(e)NhiGQ`D`t$Wd2Ojs>WSl%K4jaj
z>fTi0$>Gfzdtke90EE<@7MKlaPb=)Tuil@r<%m7vq6dX=orF}g&1On{uo{aE^oBOQ
zWkl(<v}Ndk6(W$`vny6x9c-QLo(VFb>)qd+eErp&uab9O3U}vEhhRx!XGg2}{0@Bc
z9ax@!k$)y%v4t0yw{L<@ypvGFcKB}OQ6(uf(?Z}DLj@zWoT(EBCy??BvYDWsuV)jp
zezWd(cKLQyL&a$PMm-h8xd?}X(aTvG9q9tqN2`DpbuIV@%+HVy>|%JLrs}`N7#NmJ
zpmFoNJ7kA9qBk`?D3on5m8xn$O%Aa$QqTrA@yFHXG&bVMH!q19cTJU*T#?M*D^|35
zls#Jxza(0LZpRIVF`jNSf^8Y+T4k+B*4cTpcC#j9uEP+V>bNiW;YhtOdA*VNUYN(9
zlt@4`^EF8LvQmMvsbe0}DKm});Re1DgU2ep41^9w3eo70@actRk(@6*l(>raGfv(*
zw#Gf0&8fW*7aY>6n3ond+lasP_0Adb1nHQHu|+d^yL(B+&^>5Z;GhK7&+VaJ9JX1|
zeG=D)VII&$;a*zFWudcM`r`%jFH!2V;n&RYE{-ocN3*JoO}Ih}CyZ&zVd!Aw4CVO>
z27SX0guoj654RkkdUNry*@pu2-Kw2!6*ftju8HM|6UmdZjdku{3Kf@h?4M8|b2y~G
zE7oH#%QBQ~LDXMZK=5yWR@w@;^;XCg?TM9A08KG|Fly8etgNsose`A3=?EB?DWXyk
zQjK;~u9LRHA=W~mSkpwH7(XcEsCA666@;j6UEtE@X)NrS6hK#dQkjzYsoor46B}uW
zRFaVi*sBuI=eY{L_<^8?(1Mz#qd5D((~c79I3$a(f`uo}s<gGK*)J(5v?^Cwl6?lJ
zuD5ph)A`V0QtNS8VHC36xnJf}S_wCw<d4wQHsN#L@Q|mAX;rO&O)eq9fr*vR8-X&=
zP40_G)DNA~(^VU%4@a{Yw8R-udK@$&im)A9ki9e~$V0hOtQ`UF{$XYkBK-+bxW>oQ
z_EG(wgArg!6%ZN!Zuei2Q*_j`i>F-p-?m>qg|-HYJn^#@K;z0l4*G;Ps(BLE$ygzf
z$TJe7TXzg<@$_;sSZK}fI@k#RJ(Fjt#b6N=0~nNbr9%xakp)mT!7av-WU=mxBqqK+
zE%#dCDCh0&@xPC0+Rn?o@kfwfz}Rk;-(#M#M%Tw>c=_9{etIb@^~GY`IT@J7=bD=X
zA77t>d+4LS(CTg3hNe9=mw32lzwL_{v=dR^z;drHou|Wfgz@-6FxQ#ME*lUWlQ{>o
zz6MJQ9O#4@m{%y&qw5cI_a<8K1{Li)yY<-S7DL%T=fBow?>KC*n5k|$-VFq^tTRv-
z6M^U%SCYnEv9r<!ZP@~mbeD~5sOq~ZSsK-Tagv!df#0AG_`nA5CGY8tB-@0q?t+|R
z3pZ!n9zNY!)?LdTup?vRXS_FD@fS1x-pzaGWa~Z}G+j3Kq*e~Si<cG+TFmj??1q&o
zx~yImrZNpv$A|mS<8F0zjrwXt6!rtO^m*J3`nI-q_)ReX?gCfgN9~<u|9B}o3c6&h
zLXBQIS3rzKhCdD9M_i!JUAHsgbm8a3r!0)o98_+&FfU>zGBv?wWJpzZh|>~;^BYp&
zy?o4wNWqQj7t{?7isNbg%HRPlDE#(j-dn+=MDzA{Ez{J2qN8_h47SVf5s5K28R6{f
zHkeA(JMLjqw*PLUP^`78Wfskb@NIz-7ecsG#iP8-OU3U^WvguQ*vhLMmz(Hp0!dJM
z!z&G}CY9MF=Rrrwq(?2ZV8d6qnz58#0=2d#*M%IwZ$KlkAfDB7%(qn*vzTyEOyua|
zr@9j~+LR%0`?a|_-O6R-5B0ry?0Cr|KxkgfdE;6JqD3beS016wdEY0CAI-TRgS#uW
zgl?I~!u!iqCI$Fsa~Td4Z#dq@GeR<?1P(0nmR(Yna~WtDAjvi<c3)CSta_HM)~fb~
zuy0jfCpwW+({ktSCMHO|=(@-3L?eIkfVlF$O4h1Ik2*V7d|8pF?DEL?C}~8l^;@*m
z1(O}Owz)Q$WI$%K_b2@rx+a|srm%V0X)#e;9$2V>Cb4t&wGkKc8`q7-&`L&VgG>6T
zwN5p*rWE()Ot|kkhCRh4zq^zdB)f6qUNEESV3z3Qhw;)n11kgb&3n=P3588=ZdaIc
zaNSSe3#`9^{UqmDe`op?^6AFXOx@z@W9!13eu7XU>SO<)H<+9Tf1*=plPvvC&cEMu
zx_@#iURj^9YSo7_*+|=tSTPai9kRp{loecOfKxKLmOV1LmY?%u=r<z~gMoPo)ofHj
zYFcS!<NL(qE@OK*!iAzV_j@k(W}N-q+)pavVdc9S!sR0)b6#Py(3j-(-ICYjPH4(I
zf2G|J)#dOW0JNN-p<OiheOnnFamtyE-8pG*w~2O<BDKIMJfAUrghAPy>?Y3n8oM*}
zw<#HBMMpeIfJDO;ZA&21R?Ky*B+MDr5Sl`P`6bUoAW|LT%j{6FLuhIvw-B`&4E;jl
zP)H{Caer)KhL5o4iu?}3O|WCag+4=jxZ^{TB2v{J4NS^jzhAFuHm<$N#RTdUk{1I5
zHF7q-bFbS~AAWG=T7=4AK1+$fZIBWJ3Vo*mj{Oz(&#{P*sy*1xG?h$59h7Uq8RG-Y
zi0O=2nw^w~{Vd(5za?4_#m3idg86d3ZOM(24xDgbqVf&A)3cYVaYtg`RHuFILQIaW
z>G8TO^?4?;>TWTl5q1yH0$Km)A6m2n8RLx!DUnk^GqlV3Xc3SrwCi=e7NwC3&5dl<
zTZA!B@YE(W!JOJeLj#7yfPce@%9q>K{+Qc|jFg&;;AVcrAu})Zov#?@WyY2X)HV;Q
z8T0*mSa0uHj@M#k(6~><eTG9(OZ;VLy&bn7_Up+Xgk6m$k1{k(dOcFIh)p)!w+q}Z
z)%pgwj@VEg>ZD(A&O}1aN6g6a-b+?O-i`>f?Gq-aYX_)XzZi?c1Uwe$lM1W!Z3>(*
zgseU==eeKnN_Zf4CQxwC%RZ#UObXDADusARdZMA6oNvB*snm`>h1QrvmITUhTNb@L
zZ<C_EJotFKqQ;t&hGfsmMmu0NTYzFGn>{71)$c1K8A-se__}Q?UVCSx+q&N9y5;mU
zTT(;oRi?-1wswq4u%s&jN>*LNc%?T!RdYiAuud>0UiM`Q#BRUyqCYo~>pmi>8RK_u
zd=Ci6!+ulf6J9P9u2ruS!F8C+E_$a%EA4?!Ua<fr=0i{LX?T3pEk{z@GU=QFAD`GE
z_<iFy@hH_W@V6I~_n*{gqVOm1u<NqS64)wj4Fx6g2J@K5n3o&>u8`lk9?6pdr@pW|
zRlR^0oz)qfi)UIMxtxh{buSUr()lHu4*Va6Nt#-O6pYfq_o8|%=VDr;qh~#VbdC*{
zxkv)`&bgwbFFZ=*lwg~?7g_saWVOK6O(^w%gk`pjepDwQ+%?g<?>Fw<Kl68K@;Zke
zg1DgDo51zfsc0+UM{J$k2uESB3tnUPXQ=kusMTpG^_xdBL38&ACwA>zBr$<ENoFlJ
zdqiY4V@P(VuM>O4RrRks?yFV$Q#6i@e^nZ@kbd=cXJ>t}yI18{%a`xlpaa%xLd^@k
zYYBX3F{y7SHdPnwG(<M**m>F9pmO*&r9Snz$g8}@{!TkxGW&)FMrvob3Te<Tt9=W4
zD6lu+&UiUCbdM#~o`3iPAKT9x6m@dIeotZbg0A*A`d*_YBkkZ2kKEs}845IKmV*W+
zW2)aN`>BqfagZ}GA1Q+CUl?sJnXoR<Q=%pI_kuH1`fhjJjL4C~Uqw$XPM)d9l*!#S
zrc3+}#JPV+8K6QhUEZBgMjl9)U9*K$ZwmK-DTcS5dm=dUWoeEh+tkiBKo$^IWglZ6
z4^PBU?xVMJK#7*GWkkC?eB8qZIWKAx<}Jih`)E9*gYj)KBk>uXF9h<G<|v|1{Y1Eu
zuQ%dq2r0Ey#<8yms+j|zwueq#{=v~BdR;t!iy=Ynomv$HrQV_0mokh-0pdo{et=t5
z!zuO3lzuaHrhXhCWNv7Z>p1`<xE?2=dn)F+yYi?PLu?tLOOZb>rs{87e(}n{erT6y
zAE)@cWD|_iQnJ7U>0Us10GW+J&|R-X3(^ioc`za3Wz`NC;8?PPR=>$gHJMVW>=qR2
z*`}xd4C9j^A#xz&k{j_dJtMN<lEka@by+p1d!;;zJ4Ny$j84ji{@B66>7HvQT22od
zT@4c~Cdw6%CIXEMHOVf0d%ZTHFcGcij;=Q2zCXrgF{A>CDMmdbbrBzf?t?@XZ0riX
zW1`j#*$^q=S{tfR5-z}kxX$pMoN6~u`f!rgt4S_vP`G{l_x`tWlfQ0WLJf(@zadd`
zTGvq<9@()~*>@AtMR1MrtEh<z0_;*Jpg<e$f3K4>SCl%5R2l*hXSd9PV0<E2eHNj+
zMEdqkDQ@w25kpt$K8flvv<%_21f(&pLgjC&+Q*@&A*52THqDN2(kPLSCknU6_QyLZ
zE(RVs3#@=)UtAitDoDY}&sIi$zLy9iV~iR9)|DDyy9T2&G1rau>##3L8m!>xg2SD8
zSH3i@38En^j-n2evVerpji+9t=1E`oOV65WzRYT%e~7eDHNCxSiQYZ4ofO#=ogFk|
zCJ@HvQzADiz*yO*GA7bCZ0AQI8nl?rGXHiMImWPVZi}xiey_S8g>C0xqQGOW?DQsn
z7k4|I&8e${PSo>yl+CI)Ugx^TOH;nX=jQms)yxa{60jSIVFg{Rs{ZPlnhc1#Sw$mF
zcEum@#^)DeQ`({<r)Ju;#Vd78blLax-&u1hAg_S;xkDrrxdhILF)r%xao3tRvqf)T
z7({Pd2yfTjocWYwS^2T6hJj+2XpAC6btl9P{R7CHx{MSI+eQ_g(;&VB^?qYDl<J4G
zqP3r0kE6j0KX}i5u6XyW2yELFUMW849+$*1c`)i8D*eT~)YAerniBzfVvu>Zwrq0i
z_BHz3tb6GtY(^iPR2{7D@E}vyN<|@~)dRlhUAT*-UHU3y6Wd^Hq9vp>Zv_OdTfuV5
z<uz$@+%ewspmKkgQ=;j3YS3O#5f>u(?a`I6j2RERV8~>sHxBwnm!}v3FJ>Q2m&b=5
zUpcT^@Doi4skl^PBfjhWU>r2DIG$v{0pZC&;-<9+j5ZNu*Pu9X28}KeReD$>q(>4f
zquh$bDpK_)7ah?3IE<T2X-N+D2r-&Rb+iov?L;3F3wC8DP7THk8JEtvMBwtqcvi7(
z_Zlx=Q>#<#o^<c#0mSphX|*~EOGC+L=w&&E@}Q}K!}P&eyA84i^BCHT0`B%dIGCB+
zdTd0{U2FX+D9rA?^nf}uqDvG0M5f(nq%9$Sqj>r-q-Ms-a-#MAGZv~D^s<@)k}|pC
zs<Y2ui9QWtli_0GUTWtVR=1(=-+m3Rsb`A`g{C4dCX)BUAV1j2-f`(lM{Ka>gw60I
zYNn<wC(^G?CvtQ79V5y=wxpTwk>dC2Lin2v7yI;UROH`(4*Apb6P@oG>fDA}TNPrH
zTon(LHI8D61Uff6uI0a;LZ8PGA#}i!aivG>m_80p9+%Fey12=#sGX;E;XQO$@#y~s
zpqgky*k5`oCHEk><4o`;abnCKaH(9O3HKq&di$2j{?3o$uXmo=tMw9Zo*Pg=zco@l
zb0TvSlzyJA_Ne~+6=h)kQ@*6E^X%?oI8F-NEmcy4^0%&Z*itnbwPIXxbDckHpP_J}
z?wYpFA!sti3}~4s^=Zpu*h3F_T(qWJOR@9>z90m?J9g=tJ85_yZ<qxhLg7AbPtV|f
z1jX9f^7Z&KeT+tCrd?_RwhAgK2(iKT5~k(r(ZG?j@Ii#%`IHM3+~-SmJhB9g5`ZJA
zK7U5TcfkIBV)t!@dbevPuzZJfM%n2blT!+1fN(Brsng8IeimS#nvh1<u;V*t8618?
z*d6?u$?xvJc*PhJo_Sa@NUL1)^{8i+CAn_W$7*ppReAiVpS-Xf{~k*V6&-35#vv0<
z7mG)(BtAmI)9r3_2bL$?keweBm10cSoXjJ&O?F7wH^%g$u*HHz7Mz4Zw9Fm;-C{Vo
z7c3`kz>pV2_;CM@s^*a>srWZXrzG!lG>Z;^t0pO`xVBVtQ0X;0R;|hvV&po;UWgQG
zX?U$QR31<YqTbj^&xxfZoQfOg=2SAq(zVa+Ejf=}%6XchHJr}%GfFJi>G^|>K)rbz
z&Y0p|E)fh?Orp^BUn0!wIw8IDH7vk6_d1)qWUZ*k{yr|Nwi0B)`O8vcCj>MTkC!CQ
zkEBL>BoR+BA3qGnzMApN(CU-L>2EnJ&zKUrwIa}0MvRAx5e$o}h3Dl8#{jIrg(n~~
zE&jrEi^hK9*j3hmQXev{5Et<Ak!>{;H>+^<p#tW%<X^?0Z7a4(!80vh(H{NexQ=!P
zS(8)**uH)W_8VzDcoPFH%5;3-bU^BYae_~;c!5f_2n<&`FvB<g%BJyK%)nZ_k}*W#
zESZWS)=li%7bFgE-Y^*Wa~p0|@HAXtIkYV`Z-(}-A0i=LM;GV!zmh@QE#BLjw9vTO
zl>I+<G2sERc2LB{2=bAqYeRgxJ?2RYwSF$2txujh#ia>8QM>nFuX9J95b-O@NY7pp
z?UOxxA6uXg)9Vbf!$MUXZvF{Z9^-%zood`mwfCi1b^wx_K$*WaaKa(Kg9V3~%K3Yl
zDQz~2<^v}%q4m*AIkhaOK5*KNH#x%5?GkZAs}D8XNDQpERlbP)vCMZA6gDkEcu2z#
zTXs0lVo3Eq_~7Y-GUAQ0`b1Fr%fSOhjbwA5pcDg4z!nNAG%#tb;AGqRwTrQygWDp5
zykOr1c~{05CO2Mi4|98Be)%M0fS5sE8;g|n0rmq#mr?r*6z)~0Z(zAB7g;L9IJ^$g
zqkWG^NC2vPTj0-c%PtncttC?Dw5i)GNa0Gwhih?tWcd&Gabu^luM^Ux;2(q5zA%R&
z<MGW;O5`7-(NJFScUD<HfOA|U0+0=Hwt%GOih6qId4F6uMIty|x?`2%^Z!l8$f)sN
zGsaZn`+lI_4o21bHTj$n)z!RGaBpww2BN)S7d2A@{fN)*bWag%Mz5`Loz9*zBQE_#
z6jjjC0@e+R6q0pZj5jBd1)CZA%qv#b|LWhhQ4g}5SW|~LDVB$Pw(+N7(cH02Q{7oj
z!AgQh8}?@x8bS3pl?>D@ZFSLgWL<qg;nwTZGnD-f;ovWLE9#hO$R3bm$b4E*FI0kh
zKC_1UV%f;0VIga%Oo88`OaXIH?Y@lto%7TjMjsmV<R0%H5P8NxvN?m(sj6oyt7x%D
zl$9?ol~Q#GS+PdXphVszo~3y7k&`Kxrt%7VC||sVD$7dm7vaN^2_{J_v09#&pD`K%
zk*p%WZ%URnA(j2vU+HwhN59fiIjK^0MQj-@8G~Flq^m;-I-ifi_MQfZ;MFcEI%{*~
z_yTbzxY3xd7hd_qrdqey>hqIa_8JO#@NIqL5_a`YXUQq$K1~X82~z^;Z>i%ik%gqc
zhi`J>yx`cLrg6MB>ZbYA<t_+3$g;-UI!%>73B$6;h-+$n#h$?>)&7bVQe9gbm!rf?
z3QMfqn|02-NPfYr@SeIkANCgKA8&^DG(=J6&tUDNWLQ~uH^`}wlGa^{sc-SbPKl|%
zKgHpc#&5vP2ERyhFCZ;0tRs)jnx1_NRpcs~5^67ZrF5tjDL2HIMLo#yDL(E(X(F?m
zh40O*hsc54ZJ7r4-M6EnQ4zbhG3X)(Tz<}86OnEbI3%oyFw}tkUYOUJ(|%bk@PH@0
z5v}j5&F*w`Q&re--5%bzxIP|Up>q3_KilGzC8{6`HQ015vtW}_j;EI;&J_+R?A4kl
zr``w}b^m3Rixe=MhfjuiG9x*zq*mrdqO=fHkr76JDSs*z0YtJ+;!QNcaJnVw*9)ar
zuOU|-^z=Z@)9X_xFIDS|P~WeNxa<#v4pmdbghw+XMpiEKI#V-83vbEtsM-L|`~(6G
zs-?}LYhbK<!1Ckfs@(Dwj-n(9oqdNdP6U?Xxr-PZPmhJ82fWK7Ug(qT<^n0B6pj*V
z`HK{LZxXv2))dF2X5ndl<FiGM5^msSHdhS3032?BLn;bz5=h3FE6Pvb?PYYWR~Gz1
zN=n>9M@lR%DzkZ@r5$WE*j6SK*ec`MJR@MQBoDO0a-;+nvD5q+q?{0s1`DsKz=ty~
zLt}CoKX`>cVXc0UHnP8Q>N+OE3C>i{nq0YiP9hTfcvS6wL~iQ?b&{C8Pwoemv@dko
z`!kGAWqEI-SMM4v``E1ArDq{s(T##`zWw4r&5h1ZQN2#vMV&ukUcZJ(7?DkBAjiu4
zjMXBm7QrJ=I{hX1=TvGT3W%P|RIkxA%UVp0f1OED!M(f+y5rEk-j$YU6>MpGR`9)g
z=CjJOl&aPuBg2@B1~RXzwFc^xj?9iHeMOwhQiUnK5?xCwydPlt^bymZ2f?_#xpv|&
zqxF|(@xU^N{eikS%Fiw?iv!uma6IrM3dv+nao!!3juM5AH+j1AIjb~Ca=!S6gwN-y
z`}^Cnrm}S51vysjgLM`M-@LHh-gKjOkMt(FFdwS9>TdFFaF-K#Hd4RV@2o?E_c>*v
zkM=2&ytv+aZ0}QCI!(-aGuB%uL<yjb+q-n<)6TGAi@R_&`|BM?*E+6|m`ldzH5v^!
zzllxOW|gyM&bDUSbwB<!@yv^+g=(3nG~Y6a^PBlppV-zvlIG-M5x*y=@{Lpbq?T3l
z*oe<}ez==2yP<fFSN3{Ckv~bbjB$I)!`+`ftCXJgQ_sb^7K7+8GPzrj?!4H4GG3~=
zjDl!++~+hX?p7s=(99TEyCJc4cSf0WXZp74fK3u?ZbMXQZi81zrKDXcfZ{VUcEiud
z%Wgj@SDz_;V*7kngO7>ERpF9goNqW47Bq6eCp(p3%=zAc7{~pg3H(QKP^P}eHo3BM
zqd;wIKlYSKCZ+UBs3ePNhGx7aN2Q(rI{71liJ+?c!p}W12Xa}d7E4Nv1BoFl!Q27P
z$ApC%&5?9LaJB`$7pdbf>Gbie@Ph3Y%yu<q+vU&<+&h7&SMN@vku|$R=*)#WmA|Q+
zK4T9M?&q3GZd@OwoS7Hy;3ZyY9O`ml<zG%cGxoWh+~@jHmzFu2!`qvGHya|_wJdoN
zt&gSSet3H1lg{m3s4T-I`Rf&<PsKZQE8kLsd3I6vlky5a3~NW@C8<rgOTN=ezh(IZ
zHeZ^`u2j|c*lr8EQIQHyBQG9DBkutzwnyXhY{mwg0du2P<A<vbN!a(~)rriN<S!WU
z713JOj_&JRE!hUBT1~dBkx!^vzdLNzEA0x>)vVT^3a_Xncz>(%R!GGp$W8u!PMxe>
z{;`|6nwMF$IC-q5aPOW)gsp<mMhl~gLs8J$zK1OOz(@{KtuLj!`dty!-_r4}_iYEH
z*Pa4~Y95Gfw`;9@ji|uVJo4l1xY#@Jk~rQ|IGq$-yI)lr+90(war_41ZyA5ZlJPp0
zI>i=XotG!0;RlQ$3B$iS2P-Q-Q8v?XHH$13)EtC=;Fl$2ajS;!+j_X!t_P+UIuuXE
zykg)=hXs}YxS9Ad8G{P}+{g&JHFZVzrO0fr>Z@T4!Y5o8Hn0kf`&Cd#;|7ji6PgIQ
zBqXrAx<tSQAT{*Xe`)Z1`=X`B$}sELyx&lQ@3pB?-)lx<PLy>JV8I^a#|Phv#@=cJ
z8LK67Xtr)#a?Zf^6)D{)n>kv*1<!-(tyW=AE{?d{l3E7!D)Xr3Rx)cmgThmRg>mxJ
z5EZh?N}bxt_<w=`n^s?UTkHeB1y#-0@Fg_}OmR-kf0sSbF?Lpj>+lX7va621#&i1?
zxA*l`k$ru(>RQkw6s||oih;5<soC{gT+ycC_b;OiQ)ad4w{ysy?9W#(hFX)4y`R~T
zwd~@r>>0Itj_?QT^{6WDOjYe3SZ$<bvXuHV;#C@~JqBi>B+9XHUm92FhtQ{Cm;Nr@
z=NZtxEtw-4kX<QqJ-Q@hQ8Wbb%I+=3!&bHlXe^YOEyOgjGD<Wg7tWs&ZY0iDY~zmA
zpyLv=2zN1Z@^lm$`&DXHD2S?+om)VT1t&?RNa;`{M<A_xPOaO^VQ9jD_OGu6D`0T<
z@5V?zVehA@uh}@PUl3h;3kjKx*Kq*ul736dy6&q0Mt5(2><xoDfkXPikULzteHFVZ
zYBQz+vn6<-uyqkGqcu581fz~un1Dm+`wP!>ST*vN1?fCE4cRu67Vn(-s)3+1^hYQ2
z@7RiOo0|>aa3Rn-!_4+Vqkwl=GDbqdf!3@|`X{4<X3)Dh^6}>KPO@L0KqiG^a0)-!
zgT>O~!^6waOb_=^UG8fjQYWM{SLa{UbBA?;V+pI&hH3&{HyDxJ<9Nx%vcs2TO+N&y
zTv5Lp%iQCKz=A-eN7e%1iz_q|c>R@(00?~ezf8#pOMj6O5|;A$safXsTG_k4*>HBG
z*iODmf8(B`2-{xefa=9XJX<AMS0sw>Y<Qua5h?PfL?U(#Ci-j`M$|uHH{<f1<6&xZ
z#BCjQ9V9H8OXk<{EqC_0{SxC*IXe(3rQP^wQ~GzF=5k^?b0i~~psJ+%-fU_(*=8E0
zfOrBCQV?0&hf>!ef%@!RQtfI7we^OW0`=jkE0lR0CsS~x*$mACB9P8wYZgGP0K!k0
zzb$~ZVM5l)!h0?>3ldukdwiLmvV;b|?kV3u<GwW$nM#M1^iMsZs0}MVpv))2x#!%3
z+H3hZEEiS``yCUlX+8FG9Ua+sj3sai45_S7q6I|K`N|vmSRO%Cj6=z+Q*w*@8T1)e
zM+jQ}K5L=C;}VwH{T3tfHcdE1ZB;@YmC=2-^^mo3HptZqOfc{8(VNYo85C<H3|LS_
zY{tW{rfa{R@2y$}sUiJj8txVirdL<Po&(Z`!l>Z!IdtCD?SH>*+B|f}#_=^R#z;M{
zYCS!(OP(}!rLq{jpFM3;$=+kR48@GDsu-fMR--+3{A>vSaX0-y@TQ%hmh#<qHJxZH
zvAGJhwz~?a+P^np?^18f<iSv)`6D&zN-Sf9?i~0f+~iI&M-}1k`)A}qGIPBA%bYh?
z&(k20kb<1gn}z>}v2Tu&ENJ$ewrzJ$o71*!o70%KZQHh{ZQIkft!ho%c5lu1-rL=?
zf9*L{b)xcSM&7(PGcqIM7nv)V5`SW5zZ4FkQQG^hx@u#ZD8Mfaigu;5ni4&RCGy^b
z%yI-juj<mFl=czLvc44#CUrJ&_G<JGy`)$xm?nEnU`@CQjSL2M3J<6YyCQAO;-s{0
z$^6ADlL>ZW<BurPE4Z<F^xxT7We+@Vj;ulAg%-&dp2I5`La5!r4f)yQ;nTBXMwgju
znP_;_=AhxFyAz7Nr5aB0y1aBT?84aFd_xgwxG1`t5&e{(bTi1(d4R^c*3!^uyJcIl
zyK7su8z6nBfx7?wCtzTj{fFNL@NX&FNAgX|%4<)HOw)A36VbhwPtGs9|L@P$SNN~m
zK<upXX@Ari>qN&d$s_Lc^eX3E(&?w?o*``HMES*HIlh7zl9OnC21P~@vK(C*@wB`%
zBV0KLoJo869_j!9`Rz>ohVUV$m??;#P5GuaFhFu^u?9e1!8fk0A8SM}Rldg7MNQ3C
z8LC0|rdJS{H)7{ju2_1OWtN9GF|8&QUPXY~>B!%(WCXXc{aB^C>#QK#_`2#u$yAno
zTXcl7N6XNL@y0H_771rN1o70I-!Cw1hjD5cu0DkJAS;ZXZm#x2@0i5$t^1L@=lYqu
z<7z80kD+@WHdK0ryR|KWNEweD7VT+BTq)zNi1HrM_hT<6$V+9P*l&_5LBQOacTTcH
zf0T$7Y&C9~jQ6-e{AtKc*L4WWi#FF!`Jm<2cZIWD{gY9oSIP@h<+T^}b(F6P7m$Px
z+!xGybA%6HgA?$8{<Nw5<kj?{A#C7hCCx$8-0kPn=u-4e<tk3QTTe}!DZXkbkxJ;i
z_r%mr`+}_d>|*E6h(jdJk#N2|`>)5ewxlPDFruxM6Br`r%tFWp*<SsYmPsVK^O&&L
zV#GAdJFmhbZ1MDk^Yr|cnB06C{&!f?2Y);pT<c*4lno|f`>i(K&&tYlPtcU3C2*P<
zD;QP66!cWDr+v}(Y;H$ef<w-`FzXp%0+!T~N1XTNg<p2&NSYAmUi@o`;onCXC?iVi
zuqbTxStp{V7mBt@r8@2CVk+=bM}8=3?0R*%=Ss+)|6Y1~FIe4T3s~><`QG8nvB0nn
zLg**NlT+B}AtU>VCwEQkknNthR=0<pc7&h`q6P3NBJeqkcorMyu*e#6K`-xP$r(P#
zb+&dW0DW46_<NRLJR-*VDX?|m1(C%~Tei30>i|MIadT_jv54b2sAG*mQgx>5YZZ8c
zf7_b={(@OLO1FdhpGi>H)vB`-S?R(<U4=KUnXFj8Y*&t2Zp(e>))^5a+aW>Yw0f~s
zV`C+(O!JD&!)NrXO^uh(Epif+|35wSst&D+x6x4b&ELldsV+6ybfAm6SYwDb)qsdb
z(<346t;JP7Z@P{0V7P~$!wnO-tQ_xzFnvkrtd9=Gb*<Zm;Hi_AnVG4K2f)B?yzZ@r
zBc_~Mo|w-*jvWxBjL*VcqPXedpWUlo%y{^DPs2Lh?LN;Ipel9kFQq+qer4@b&!<4V
zm_&8ewncUAomSL|uctuF1;gd^@0pZppe51c!&U~*a~tfra9N;SR%%M2rA?tS7`O~*
zFEL!y&_zT^_DjdtWd@OFke(;P3ve(f{<cT2q;({=%<bk>mq`up!EC?3=5BA2XQ)n+
z`GPu79uLpN`tb<;WAoi+1bB7#VUK&aS>C-GP5%oj7^?^de7a8NTt;w3W((KP*U9-H
zu5YYosRlri%#d4?SD<HbUR~>2ru2R@CUiiJN0Os~UiLlr!(|^++dF58E_Y3s$hB4G
ze7aI*d}Hpgy&SINzQ>irN$hsaqq{l9wtlMrtQuq6q_O-n=Z%-2lh5;W8K+~g+k><9
zOX5*(pzCE#ZhPODVV+C<xOd4iwc^F-4pSH42h(yjX|UKvOtpoY7Q?pID+|UPDsids
z^HSt<M)q^lOg=$N@R#^-wvG&D-P6ZK=9}ULfWGlP2iPA>SFTHn7OQae>#f&?A?)<_
z*q-DTkrsav((UKA6284|Zff<B$|`TuGfp7c$FV*A4y{s?YN(o@zq_M3a0~3G&_88*
z>aMW+Wcp;pPLsrxuvHR%Zqm>zp13e?dvSQ5<3d$xwaVJ6MsyY1*Dn2h2PpgLhC&sV
zYV$&prIl@X4UL?64t40?Ae>-O4;(Mi=hg&eb@PZXUg$xoRh@C4bxf~px%5r^e9EAI
zjQFE*;<Yc}(DWttoY^zxbQS!5wR^_;*DB${k-!q&?_Ch%WdW*UlonPMWhV9%RPBHb
z%CdqM%yAxUBr5vLQD5sKw`z>3AYa{`CkpR{67A!+*Zuhgw1|VScUO;31NlHkN@>;g
zu)jft)24;f9%~AmhG)q<lKCqK$&*@PqUl6{wq3pJqRu(YLZUxa*}67hb6rIlwP4;(
zz{e|*WI~X_=TkEfhxb;2_2mxj-%?cTzm}pNU3z|$syzMZ*s(u>avsgnT}7HjMZca`
zM-1YP{;{dJ%<j{@-YhZ$$ThRZZm$;KlLtpj(IK$Mr{CyGsIaZOPhy$$aDbFW>DwWj
z5&6z_=kcTSR<oU7GMSOnNkpa8_t0AMd)9@gJSu^99_hi)DL0Gn?CQDlZhA&PGjFTv
zcy1g!excw&hRtsIt?st&kk9Z`NIlYcRePme^o*l>M676LfPWmdE!8uRL83U_nSs={
zZmrQX!>yWQ)QLYj(k_Jwm54ba?>DC&z}AZJ7kGjg=cXH{_?9ZDxC62);)U#Ezw|N$
zRY||RDEvP8{)r#~x)flSV|4NAEWlm*TtmnH%xEqmtME{fu8q{7i?UR`?wshZDQDw;
zoJ~FaxdShpyy@W;xDxiRlm6aLpACF`KJ@=MT>swKXjUs+k2$xP#H;^*R`QFwyUl6}
z3#~`%D`9P9AD0$S5AE%Z{&E!5SD5J#n;*HZ*a&Qs4ObSJl}-2WU9c}X`E?c=?$%3J
zCs{=LyIjZ#Xk+WWI?4HxT}O~Jju?`goAwbS2Fv7U>ifd;@%nl&Mr7iUsC(ni<ONa4
z(&QG&Xe8MZZW5QPVz99Zte9e0{lY)B75asV^#>-gIw-pWCu(;VrqbM_rx=ttm>)vV
z(me@O+$dFA>-X3*-Q;zJy#-li=t!#Sd#<T{N~&!-rfX!VIw=lo+r)365L6Qc%<?14
z4p|#n^>|~{P|rXEk1}mXMoy~c%a+`Om5?av+%Jy1M%H(2e^2#$RSh*}zvZv2fc-Gd
zBCj_sArvpNLHn`p>8jmi(<9$hjb^jOqfhHna+rNbuk)pM^>yLVIFkPwSn_2p<psHP
zQM*XrK5wijCy1_kQEqp6LQM^$WTLRr>gQXWLuny@_GBMuL2*lDdwYcRZ&r|RRQ;!)
z5%F$b(h)2Xn!v&%8PQWu&3mX6P-9eT<|_XV+)UY4(Us{fWE;cZ!0apj=fW(Zjc^|l
zf80oGWzoC_tz3!@pK>qnmMK=BQQ}Fly`4{xs`$C1OfY9v{&HMr<#%=i?(P3xDEIkp
z{;wB-|7Qqo7WoWtSMbfEV-t>QEAN2;RXL6$j0talSV)G4Yaw|+b_1(xg-%8=Rk7)D
z7A0NGuW-TcLOb8KMKnVS7qyM4hnmRdB-KJ~IaGa!<?|OYIMDC!mlTQN*R2AbL1d2(
z!{fOIO=Q)TWN{v9#jN@&)G-=lW4D9`N_;|6O{Wb=jJ2FomEj2;U-Kj_9BsqS^rELW
zZ9GDDBA*X(pS=11M#_kCd$S3MpQ~GEH^P#77O04zs==uZaK_99&X`_!G|wwb`Wwej
z&VSy36Yg^_4<Kvjf#l1V!p~OVUqgTXS3~c%U2O`>T;1MYUCsV`P53`k?(;Sqkb%~#
zYm|>qILmtw)Vhz4?IqogOX}PvXrq4+k$Kph;(+j5E@s33o_2Z8aN}%%h9=t&hKa6?
zM=q^R@LQf6p*uIN!>yL9F|MB(W*hvrm(7!nHURS1ao2PNNq1Ah`ESp9Fcl2L&zSv&
zQA*XFm=W5M_*)^8Gg5^laE7r%b%Ro*$WebnL)`!9!60Vyx?cU&i`aUryo}v?YaUtm
z*=~&?)cflDML5tTbDuI6(Y-tt;o@kNll`3e7u?gWtaFpO;3{8&Eit!0qdPei49)jd
zvH`=N(QxMJ{#bmya0rp=q4HV$W&{a1Abj#8y9xv`Zq5s<dTDF5n(kR;knrs|-3+uY
zSeFlu)!J&SfD(Nw#@zKe+zsN}Qs@NlboD-dL9I1BPOB}v7Ds3mo=A_Yo=Ulni(BW4
zG%R?Su1Doc?*|h1hy*)jECJ64`;4RPQ1k0%k=2GyY(^Dz!-{9BF)A{In!qxL-}%2$
zaZmnmAr?w^M|r{fwp<89r!(r;GnOX+0Gch_>x&(&#z1|q%{xPdRJ~HE8F{1rd#xo^
zuEo}6v=$izE8o$w^*5cCZHyT>EP%KYz8$L-R2Y8I+WVO9_ME@i`o!w$?&ZHGn7W(+
zj*|*C3rD~cEBU!~Jr%Ta{E_1Q9$l6LR{vGj^`FYvYi-kz6faOp`mUju6H$q-OOkuI
zYBdkRRIiiHc)jftd)AzD%(y5(l%(}4?DU<0wCUa1L*~UpJ?5~WnpN@751#HLCF}f=
zFMcGF{GtB~Mq&DT<!R~r9~=dJifj7;4>7~JOnYl0E0_aks$(zRg%JAFrBr*$X_~WL
zLEFR3-)yKR{@XsZ8$jo+sowCE!VqdodMWd7igh>5jR4xWliq-FP<g`GBGw(ck5*+L
zY!e-Oms)ag?~-U_jY4r8;l6$<>F`Q9aXjI^cXJ^1$`p!x9nO@DtnpG0qzdbSluisw
zu>V_3VQ|~JZz2i!rV}dp;1WU-0?AI~81Qnp6_AQ;22wvtX}wABHEzHF_~y?PV4SOU
zA`W$Z95@3UW}3o%aB|9r!eO0}sBXXD-PGb3gZ=qrl`*fyWgsLy7>(WSNe6<4V!#O}
zu?gSHNhZG$8s35GtEOUUJORsk$pLe+0CTqU8n=0eoFIyUjQ|6aY%DuOQ0nre#z8;(
zltJcu;+cF5t4~<P`Z8~Tx1$lq5$rER0nFFUJBJKfBM^bQX9>4}5ar+eE4Yn&6%~}w
zD6zqRfevG*_}9?xsUt9m1QGb%YUpZvT|@<agrO#>X@LQ@js=+Ca|snxy%?CnF0E6u
zY+uPNtozU$?5~iDvNsM(YSxe>T})F=Kz{76*{=FUACsHLy{{A-$4k!a7C-izwwGr-
zvAg!>C>8!%r;vVax@rQ7Ce19TQxwuW^2EJeMbm&T;bt1UOt<e92+DRZAa@EY#^>Ie
zU_be_j3g5Rl4t6ve2I@>*DU34MVXjgH2^^~;-!NwBDjAy^_)5&ss2m6A)CjvU7`nv
zVvcT})HaH4#p;!LnTm}T#x8l@dvf<Em^c4>9=5y80E|c9E``OoeMu2G4brh$aMuL%
z%LlJP_b~K2wSQ@Xf_Loonh)SvD-n{KoxjPVZv>Ys8H!i`i(by)Xm3we1PhdXqskx7
zTs@q-PG_+eyEkRN&t4;`X$2e2Gx`)mZSWb-S(*|zH6AZ5y3V4{kNtEkxrcOPr<^ol
z@tb>wR3>QK3)NkXZT5y8dRmAI_sk_i;!bBc^-gh<XIML4tRxvc-nXy>e#XfYFa%p7
zb3r11cBS!*C0U<96epE$)r{7HSeiyj-z<>Ienkqgey<1VO@5@q+aUeH$Ih+txEWM;
z^n%+fKF|2G6lQ|GF@W=R*&9C=fTJ?5^wI3ts@7AwdCd5}xP>43qXS+*?dNj}=zzin
z?*JCh%(WQNK(EPIB9r&ruV*9X(7aRTf7G5I@j$KY;B^9PEojgce|9Adm^SA~^8B`o
zrm4SS+-ESB{}T(HioMqFofap5bIEFRp1YQU^J|@}T6MRffd|0DBD~r{D`4m5<2x-w
zVjf%T(d>rg<!^wvf=giLmg(1)g}Vn4W$Wyc0ye{P#KGTzA#MP^KEpT3KgXp4c;tr%
zuiRr}ozxQ^C=2tF^4`TNn>xBaW+9HvIa}ga*-Y|Xd=iv-<bcqUmM8a8Et&LFdD|OA
z8QU9Q8Qb5Lu?RUjT_cG)$8A_0t+Rd{GCZw}rJHlzY>Jd}&UQDSBDPX+v>kZGJ&_Fe
z+TK{}4HJ6DH0^MFXn>GqmtYryKknN_$~GlfE7&Tzgzihd#LuYFLprEzDDITTOJiV{
z4Cd)+iA^$VnrLO4j&a{#OR7QYIOgO6(y+yv>cj_n#Lwuy<#Hw-yWk4^8tpGlcf>6N
zB?5q^fbnLPmGsFVXhFNjO?fB?7cZMtc8prm`&+@RX`5LT_Z5o*-IZx5d{4|HusJ%r
zOt$x}p0<7x5A<ynb^&-j(jndFn)yyOFhzZTrKl;de~MtrV_%&v_W^Q$N`rY@1d@YI
z<NociFDp#JYEze&W0H|vM;%er_~t!G7UEy4?X+DvS%X#vy7Q)f0ae8c*%LVPY)pR?
z5)?89(wYQSK|F=!Z_sSwZ>O#E+Sy+fxG@T*wgY*KigV4d+|mTck_lDu9L*^9qPrgx
zP2Tt|eQ~`htlk|HWCn|ZR|BsB`I;%~j)|QfRu!a<=3+V-5;w^b#J-7bIL`F0ToB`1
z7M}{8;Zkp!G6u$9kw{+NBIO)BBHkB9XF4)CP`I`4Livtq%s%v)`IhgQBoknlxwE15
z0yvcZBk2y`!LuzAPt6*Nl;w9`T!TTn77qtG9S~41RyauoM<x6P|89}TydS}gfWv=7
zN^FA4=+N8?XX2%vx!5YshKk)439Glw`<ZyE@Uu`VB(vAOrpa=TLH&?j&V-|UWM^(8
z8uq~-TcJRksQ_PGJb57f5Vy=e)@<h`iu^5#1@rIMMYPxpu3@|s@s*589OpcrbFtU9
z9?sO8HTQ(%I<pyh<8{r*B+EAJ!Hv8!;WhGii@1yU55I(BP+gnyT&bVdu)q+>Ziv28
zIpv;6dLUrLmsVmj)IX@Y4*xt{>(5sO89<pFr=mh;zNVk@!Tt0bg;GKH86``CvZw3L
z3c~KYnA6vJx|S92=n$#nHb-po8jR)kO|j}d`&8B6xL{_cI2faHUpCG8654=og7+z9
zqR#0A6p53wt+6E$5<Hn2qinU|v6cEt->;%n(S!veq31GyAWgSAh(@XeT1H^9=$u;!
z#k?D{kJYOYo7_P*;jfXQo9193>>(W0b7&(uG3)0LBTSw0<8j|NgDd#tW`0D%Uvh8N
zsAetGdbFDR5V2M%oHZ^rJYW_(Nstw<XpiO?YXcbl2%sZP(|<D^ld0@wD+igXou2HQ
z)*wfF2&`aoXu<K?<Z<T$NOJ3(b+@9Ab=NfEggB?k*rJ`%&4!5ro2>fma?XxY6r+lR
zE~;LSru!A!em8Cse)^w43fCg39@hj0L$E8tFr)x%bqH$8juSsf%d><Pfalh2Pt|~e
zNpHgwaDcMv9-PShNN7siTd|=;b%|Ekl(Cp?^c6In?0ZX(aA`xz(uAr2QOsnLaav*`
zvw=Sg3b6dP87_O~&%xB#Yo9c>*<Ad`#l|9Dy~SMuPBo}$b?8kiAGhe?2frbls)$qI
zQtbmR4+p^+RbGw6GrD`SUKhbqwYT>DO*x=9e^rS;NAelHZTr@ud!TeE_Vxrkk^Rr^
zg3(2h``rLossfRHdc(2txJ9b9_V*Gxb@H7S1R5UhKUavY^brAM(~_@aU$T(CI|@}6
z$g{q;-Vy@sCiAcT-nZ9qBjYJh@0(VYupn-1QZIUF>9wFK3KV~C$H+AKVH%t2K?%e;
z=4x-4t$udPGS+n{chu3|m6RfRw33TZme->Rwu+!{9-&PAdUs&2IOlg*$6$ZL6Q$^c
zOc)CkDq6!9O}uqhzAK9(XRmoL>Fv|6`2HoWLrZ`oeC0!6S3Bbe4rZzgISCElc5G!R
zSWIYoxSyVH>)QQV?+_bs&PO`Va>eEQ3DH_+m0e);7*#NB)uC+`iQeLz-FRRG=fn>6
zKi+<tykSR7opUS&<Muy3jklEclpDJcp0Zth&gvSr<<-~LNh%!w+jD(d#SV#%J>j^_
zm7PWYJz}!DjLCLUr45IzV1H>vG&f&(DTkghJX><44PyGtBtY7Rv1?O{xa9|Cv$X4P
zy`zv{2M}*u2KKI_(B3ZDDyp&uqB$cj&C}@A)-BX@XP6X^V!4frSMKWVKfaqebd~;?
zb^%nq!+aK*xm#5mLSFj;S7omYe=QVpq`R*UCfm4J#vCciS%?7-Xe;|7_G!qNFHg>g
zwh)GV*&EMB2Id=AETwEobD4njWm$16SGMYmuDFHFG4m-0c9?39Ns9J!EyL|GGt%tR
zEy_=>(a>7EJ{^SU7$XrY0Vg6%4h|fg-n5v_M}fGycb2&qWrjJ>M}O+(PCPU+XwkxH
z%Pl3Qv`F};w$-4?f=7E(buevR9Tu(dRdZ&k1E)IWh`yCI7_9p`0xKJG?_o9RtiwrG
z2)8hhKor?%8AgqjbrW3X_A#dY2*>Bzny9!P$Gw9p@a`$fv2@jwyc6q0o!7SXG+*Ym
zl3g|eeXE5{w+62$Iu1pd1@IB!ru9rX#cik?OKHJLS%S%o*UoFrOIT&*iV1v?EKUZy
zJzPQEZB)|0dzY#+m7j;7z<~XE<jwZ%VysS)Qb+X!e5lneMn=~fcCH+>2rp-DGjyRY
z6)u_HtJ5*n3&ytyy<YT)v;?P8LuCHO?Kmxu7h7-qK<y;egQduTjAY#N1Ng1%Jzk^O
zX(j;sz?KFP8oU{zlY?{@r2(O*(kAsIiM(O8O!+XbehB^~WXKfGVYQllGir8XQFb6+
z-A*g5ZB}^&GRG4*&Cw;~L^mzx^yRtr{#g5lyW=JQQ})3QigP~GM`z`p>aTHCu^8UB
zcCXYeb|kyJGHz5Nsu$urMFd`NnS9)9QveZ$odtDwk#51fE)&u#Y1l}EQ9h!SaInG1
zUc4^%<{Hs)+&hUHZ&ZrG?^y5NKrAfs@rFIooZ2;33Tsm_b)e3+v@x?2a%$3wHD$!4
zJ-ALg+JnC5`s2Aprux&K6KN#TLB!r&IK*f5H}sEg31`OHFggjF=Ddxx4=yVysl?lo
zWHRbn&D5H*oq^q43kf2<b9Pc*ry6k4@^O^c!*G;(W35O{$B*gfL|-5(g?b;;`4+l1
zQ~<D5PI4}5@2I|Ye9m9v)+q#9kUv6dpL3V2dK13yc!aD*L0!%*B^98(j|>BV<N!oa
zo+boSi9NR5v*h#;hSv0k<c89?Bu+a-j%7gbZnb$6yjX;s+ne6?3Pj3EzaYj_C4{j>
zptc)V9dBc5q&2M-CA(VnOX4~RA5PSi-VfQja-hPznSw7n`b-fNL?$zVr6m&|k2$YF
z@9iL;<$sig+O3jRJ!cz7lRdcCY*kU-+0rd)=bz4)P4op+)EezBfcw(1b&@CzWN$B$
ziV?>1Q;l<to74ntZY*^jahIFD1ACO$W2_a-c!t%$wqEUSp|Nq$NQ$<jb*W=bsdCAu
zoFtFp_=7QDVt2Vu!Kl&}Onj<Ckb_54_%DLU_Q(9<+u(QY<sQrcOS@*4Q5`KAX>D*j
zX({6!j0tUU8cp`~Lb0l44g=hax$mgR#WX7od_kZ}2<>vN3DBMR_$M32G9&d11k;Jg
z5PYsn9Bwg`6=kbS4rXounZ(43q-69mFoN%fMvrzQB>Ketm;DCv_lV2VKF79?UhH$~
zyiW^$3P@J~xbETjuWW<1Qhr)P1vD(IYp$eZuub=$(r(E}LDo_2>l4VJh^$gteS}^M
zU2V8ctt8;@yZk_9aO2#H288ZX2F8KS(N6^0eee^Q$N^L>B_^O99t@yxf#BN*0HNh)
zfyGi`tF=&nIG6=Y8@Ev%HOTexANKynPz{6<4~OP{RNzUM!ayz-;UwT)6+ktbmX2iS
zj|fmP#6)77g7hu|CiS)k``e|U>{$*nia@V&Mx*YXqRT)(FYE&ATnGc|+DO1kn|}tA
zfLr4T!8kN8Ns2(Xok;@q?`|LxW;P-EN4$MdF~m7XBxYo#P$4|YPOwsyA{oBAI%rKS
zFamv=o^)_YDi!(KS|0-yQ&YPSQ$8x#ik^NavH^1ElmS>3^bd3xomloJ|ITRBCducJ
zVhG;Mh3~uIGH~wu=IffeTb3|DV6F(T9S+eX;8j0>{Qdy>)dCgW*FIFxPb+vYLb7b0
z=~+;Iwpidz90Bhu>z~$a8b|`p>jDb20B8a82f|ckNNO5cfY?#dqHDAQAE(+s4wFDt
zS)m9>jF5>yKO2yczt0d&DX@#UL0<n#QgzqDo?_`Y*SD9ri)PI<3!dX8jXA_&$s~Fa
zQGp>Q_|LU?@w;foOst|gUSn}5wo%BZmAVyT;PXM4sxw$s#NJ}*Ki2=o>rwadt^YWe
zsql?PrcD}{YU=zWU5G~oS^Oy)XG=q?U+urHDzlhlrNS0^4M$(vY4&pj&+(B)UqV<o
z&!o?N(8;)`GIp3v9`kQRUxuvxR{=;Mqi?qSfxs6hEaUz=AJQZmx2_wf9&Q89QgFBo
zB#3U8xCF8ZW$%<-#yu+^%p@9-aWXn8#IRp6k4faiA@!Qmuxuv%_b022J1*Yo2DF3A
zZ}P7An7h}9<I2CO_FQ<KY){9PKY(3_p%B=05Lv*icNy6&TY(%`Qm<F~<8zoq9&=K!
z<qb!t(@A)YAy<XPu^U)SNBJjF2`S*$a9B+Ij9>%|MO^WI^XOw0-EbQZpJ~wT()PRO
zFzve(;y}a2SYz7)Un^VcHLfB2bUM>BqKtbOBc$0RHoh!tu)j0>G_<k35N;65whDAJ
zsb;D8sMD%_Ixs$Wv~@x-s|5}Zfp+oz&;q+#{lXX~0C+G7$w8q;@~A`w)r|`~O-kh8
zxBDnCYuxK|u<O)A0q$xD4eUJWWN+2TihxN2&P7xPlYK!^=#1VQ#>8+q=!auYsTdAy
zd1$|J6X)bnF=uLyA_oGgO5;7w@#v@+iNvd+K?hN25}qvNX;WqP@4V44<EVykStX*s
z#nay-nVqyS$b}iY<<Mx;-NR8mN`EX3c=-T#(kWXe?}tlQ$3wYAB!9(sE~xeYN{i>O
z4}OS{X8Y<nDFJ)Wb%x#Xy9~1B&v1)qne0+%Dh>=OMJy?A12vZ6-4uU;UQm`!wqqK$
zEj-ZOOnp_6SfVNp6i~nyQsH7z?&&llEA9$(C>%7gNzR^FSLVuUE)JYwOiq!8_#DEP
zj;NG@{!2bhtX^<HN9|yMS8PnuJl&4*M`KXC`DeA*+x%pk=Q=i`l>$J4$gMR`szZMO
z&l+_H?k&T&#XNJ+TWXa~u^BZ?vWwV9>Llx>Czc?!xK<@e`h>0KXHcvh)eOl1`L!}j
zA$%Hl(&W3D*X@Z3A)^?-nLx~20xNu@>t))JQ?EH7hvjYptVe#-|ALMl$(`}Vz7HvV
zO#TzaOgjl`GCskcJL^=k&=|M}4l)Bd^A3!-#I)0fK6<>Bs>ckH>UK1nu`Z<Nq<N&r
zb@)>2tu7!@JUTa9ipJBv_HFQ}lH82BBFSgi8Xc$!$d2<TE>htd&VF;B?g?(rAcIlO
zp%pIy&9yZV2itj|u%OvlP>-g|O^uGjvqf$awylCz1#4AJ9`#pXTaJS4!%RZ&`6Iq6
z$o5T|rr-h{VJvuiF@|SL3D=w8uZRpqd5ZTbQ5j@j$qSqa=4T)fiN3;}U{M6DxTxP-
zgZ&IiHAn%kyFXECK(JRymx5ImS#`PH+Ew2&D}Siwr_-GvoA<6{QfRA0r-%Zd%6HJE
zodx30Ut^y`2Z|B0%H|5c8W(_AUxzAD$e01jI?oiiDp(;-m#jW%ikiqR+L}myhhM)`
zw&Y_YRd@jjaxVUztL4YiO6*f^CMrxB)-<ms3(%zDk-gto1IwV>%B5h**P0d+<c3Td
z%4_Z#%F|`pF_Okgj1sl%^CQPh<mV`zrWs9kab)4e5*adxX(-S{#qx;Pha_|M3=7+d
zX`}<q$r?vf+9(o;X<YS@G026Q#&i5@vr|R6A5xudF=O~MRHfWhEAC153TAqAD~do`
z$-A9(O4CX}h_FwmeT(#2<GtN?ltKmil@QH}LEfS%E|%OS28ecJ3%Rh0L5kzf->3i;
z70Q-ip5W;Gf6TTO6u%|wKY8|_wdB(7vQJ}Ck-dRJ2m;Wm!>+v@3}@EQ1&jUkq7<nW
z%nCIo1aN5>g;oW-K2*jw1XAP#fYH$KZ4xL^pw}-gSKs&*M*R&qOm@$vh0SrVN4u@3
z4J_VSrDRUTX7-;bX7X<`yY*bTQtD>QC)@CWTX@9?G@10pWne5KU*jYtLwaW%fPc;&
zvd&5e`#acBn<doK%Qb3?tv45&fLy5ZU&y=7d;e)s{VcSmF?eMpoGP3*CnVW%rJzP|
zCmVx#-v@(Vi_1vh!xci>sr++-kb$O|FYHFmiO_b2%xr1Zm8VsR01}p7#JeN<-6o(E
zu~~X<){#~mI0Asy)4mnFhWjbpZJVTTR~%AnChMxW_6p31=UmY`^7A>Z*+n2wXvJ2d
z-^J)IR0dyH*9?dxIAq?O8`0=-^1h2#!r%&+jpfSJMWd9luAEAnh~!up<6is0;9R#>
zDPW+t>5ZDh^UlT&gF!^0X`B|77n$@Ts^Zph;EV;lttNCK;f)mzbJ6~>=t0FVyEd1w
zk$tN&?5@63y#jB!6)Xl(AU5fv#A}G(m<CJvtSk%)z2vsToh?m;r17EANkUMCHlOmC
z<`1^R8#ziQ@C?~)J+JEqM&zZLjs7;XCX@`7+DTY;cy9Gd@j^}+^{2$GE!f2K>OB4N
zgj`a%5JZOX%w`1!e%_f!4z@iqoe!dc!n~t_p!H0Xr3O^|?Tdb1W!a4dTd)uJ+JqEu
zd63!UT5W>8C&z;%NwMufm`Lq|9#)|PBW`{H_kzKafn1%4Hg4CSo>l**n-@*p2WXWa
z1h|E^1lmEoeYXPLQ3v5xdEt<HYh{UNdsc7%lAQM!VApCS>WtczGi7>bVipDIwG1sg
zue{9kNYY}tid<@-b@hi49lpbe0NTjnDEjf9(P_&;W++YiqUdopT`n7?{1uY2`+n#&
zwDLI#SR8)VH?vY`aT@gMCenC#NqHsOktKMi3%*Ad8G<q;g!9W1%adDJaZ|kk#gPRN
ziy!2C?gxLU*8;s7cAv{H|3yc5e&WvGo1lz~-ieZ1%#?u^<xi0Fu_07fNQjEWX_d2!
zIT=8uXecz$&VJ&}UVC1St2Wh@W7V^|={@XVdWpq9J=q@sE3i-(mfQSb%fr{`=Zv^l
z!(BhLnGN8z5&E?uN7hd^*LhJl){^D@lHC-w;WBY+h}-lxpkI#P16p+yA^+DsvbI??
zaxQ{$`3zNQ$gD#zRJF=f(@W3Dx$Lj2;L5gN9PKqau4uTIu7x2`0sXHsClm&Ilt{O5
zB|j5&bSvqs;FHIqhPhty1sT$bSs@^&Q(@%!%`@COTi^9a6>lUe{Eor`^ERn`n1(XR
z5SQ$8<uYq`g|nLCnVNPc3Cj9m5r`UPN&s^UFZ76lES|n|j)^^-6X~G1`iu4m#rya_
zIPst=c5nwp>K4Fiew@43tepL@nNO^@xjwB|PlkAv(TF3J<8kV0Nseg^zA}H`b{8Ja
z5Z<=bO$=jHbh{pnLn9c-O7Q+N))@I5xv4#W2}uwYXr9pbZw&cWyYz+{W5K2aSE(p5
zW#h4~MLhAXr-5jUuFaHPZeQPA={o~rW9F4%Q2RwGRhv4yToBcJ%N!nyzd9TO6TiNI
ztRneLA-7RZ<vW|4Qw;2`wZ@!P=CGJ$eq`W)anix{stG<J*1{lOh9@SuV*pm!o+SHj
z?6L2zY;BZo9ZVE+&q4-G*?h|~(@7}*u(k<Kr3<dxH)<3|x47_GHos7gwzI10g*Jq0
z)g6TMF;EQHO1bI<-3U03x5&d~j_^<op0@0u!t$)ojw|gGR#CtDCbcRFZgmv1ygLd9
zOg~fm>+<39ZoQ56Ev?0~Q|ZP=s`7bS>Nc6~%3%nA@N$O9r%OqrUeU^zDy}i0H8^Eq
zj?9L2L5xPNb}2=?@Pi@a$lHw-Kt6Z2CT)y&CKs)|nX6XrxutADr%j+1@kP5EsAMKU
z#Yed_@mbYWGwo}jEpFD!Oiw!2T5>Pd!&!WF?gm)=xKvYnZbfiuCe33%r9B>PXK+54
zGwzsA@Z+MekkDrW{%kutmkN|Af8@kuacOByoQ!?^6~UjGZ#HEe{pM@^p|DlpdxD;l
zbU|Krm!?<EA_kjfYK+?!5`l8yF`b;LHqbbZa*)8nLDm9V9P0+C;{4@kQ>3Enl~uIc
zw!D;`weSM2Ms`F&FpiVnqOP?c|0ZR>upSWdGQ>aayNmtV1y#JpCeJu1KwtZwME@0j
z^@>qihW!aN48Wfl<p85%qEa<B`$azwxMaFU8^_-xvY(!x?+~7*q=|m&te_$(aSYAm
z)gTBQ9iqRWaY4CKnf+Yv7*Is=yWFW_AH)~EMyl@gvt9D&%QelQfTQ=B0-xzrm%f;B
zGTqG1FyTsC)RLp1bM3aGIc)D`4&idBwBpWbEF$TdEzc%*T^rMKtsJOWMNMjyH%goS
zOV{kWBL8=A5z_WSK~uqNMJOMn@ieXqjGaQmxN4&5UbkkWN7c7VN@wOpT(dIx%wIp4
zS-FlO-M(=$F5*H=t>|5@`>zbVPrx$KRVztpzPK&Z>_${-L-vwo=zoA^xdbPdo#kZ}
zsx>kO`nUO;vkm~XKoKZq3!n8Ft=Eg+P6rnv1G{H8K3!M4VRV$aX=ZU=NC7v=Jf=UZ
zNQKISvQN0@<Xo!sELsC5SU(VMhDuRU)IRkA?;m}dBBI4gPJY<6m+F)x{XYgafk&H<
z1a5(`Tae#rqqT$$<!+L#B<}Nv1dO*gA8cwnYRbKR+Q&Ht!TNQjnIVgzO+TWDA<}O>
zi2u~$e3J2gZUJD(BS5sa1?uQVhx$|ct!iTsxmu2P4h`K7zQ|uTy+O{~CN0<!SZJ8;
zf8_S2X@Cr0(01khxd?WMoAn{84@`dB=+36{3;E!~f6FcTI?^ZPe-B=x0xy6KVXL3_
z!-&M=DYGaTAWSoZoetjIB*wucLkl#)E~9BIaBlOs<QRFk8QmuQljRTH%X^oHs7gqP
z9CvYXeye9O1ph?#0IT1citjd0!9-$1&jlo(L@;<TXx?A82@!#f0dx}l@ltZ@MuFar
z>KP1MdG%Kj`9oi`gNa4zesiFZxz|sbgL`Z1P|rKJcOc(sM|{D~b+JqWt=|Pm?d}f5
zYEAPH5Xs)Lc|jF0f}nmv(D4nh!A|z{lZz}{Qtb|P?8<r=4jyyc38-((I=(NH|9k#W
z-Iki44R&5}C+JpKu$aillXAC#S2XCFpZw~>$Nf@9CTi2G)K7tC0T<F_A$aSnpg;5N
zcP@x9A6T#_<lt+%_u9;UC9R@`>O%wubY9&$?czBbM%gDPPb%SvHu~IeDN=FwL&-w?
zk-8?@Z>Y#AzF}t@jnxu3J7d7JK)4%9Jm2!#4YW5s2Xu7qIvUL==_4wO?B)}Sq-c)k
zLSU^C@yL{q^@(4t{btgV+GZ0f`H)<ri!7upWX4rupXHQ=<gjS!xa9FqJ&cJh@lSVW
zO?+5|S|dtOULT3i==j1@e!!!$8}JP6yH?ZpEK}>dqmZuKiB#xzoC3HmF9kU}Y^*&V
zAQ3cHi#S-{W48_=0j&}2QmYN%b|P*05Htusn))t(1)$-sZG(oTs8L}5e65kXxYS8_
z%Do<m<@I$p51_gcZ4n@rK4ADz`VK(DB){c!0uo99@iF#Ri3smBh2+tvd(nu^E8TlT
z=|^VsDnVS+T~Wiz;HGw=b$rU9jU-SwNuBrNW7m1tH?o>1wXY+9V6(^i9q+#9l1Frz
zG6LatZLtscSo|rnS{Y8YP_)0YwBGLhG%1JGt`W8LK_Insuz9BYH>ra}DrslPX-id~
zA^z<E6<f2gkWvHX4)2bBYH4gs{-I7z;>RfPVFeF~M)H@@sm%gNE>u0v)B~EWy)be2
z)6N*a+_GZ`b7mY>6F$#WLZ)fPAW5(t)V=w4LOe|)e4Z@;2=_jniZ9=IZ$E|Mrsp{D
zXMHYO=Rt%GUQQW0y;b$aL3e(}F0&=;az=~gU<r(nFJV@1D0G-g>Cylhc#6y}mJPva
zY;&jFy&tsRD5UX)Ej&Uiu8i7OP_{fe*XM6000{sd8{xc|#x;-@*N(cIl3r~AYCCli
zgtxE7t55S&|5RxM<dK#uTJOO}?(3tze$xPG_FUqJqA+f)4QZv(s&p$NV8ExOV(R1?
zdVDVkIdjq{4_#4vt?Q~7MI5lCDZYvHuINwGQ)n(XJYLllS5XteQQGw9U8I)9j^|S1
z0c%iB!sbygGX_4~?@ZDMy13+y{4uCprQ#9U8eYk()t+7!RpMC`L%l6DGo;R9C6pH?
zz;2Y({Jl6919BVhVe79kAJ~V8yh_NN2U_V3sFDyMn{ApUcm~~Fzitb{Z*j_FqerOE
zZP;^Lu4wYK$EhAgnq)@}jj#6m?b{;w2wp$k&Uc#5ONYaR-{<Fh3Got=sJFQh7ra}9
znLpF3J+Lbar3q*e(w64zBOqfaQB8TRPzX>x2D}G;#WhIqr!U$wR+1=^!0Hoz!3I?f
z+)oYgUU9)F5!;7&1?%4vaWC0*>EUbtjwD)<>3z!%m(=2*i9eROYe7SyK7$NHA^fvd
zdYI{1fyq^GvT$hygah7d*4QyTC9BqNuALrcY9=PD<`fn6fiKsI8rglZz}2CYK~_b-
z@AZjtaWwoXif{ZB?5!<+&6<A8i0OL7p_M0soQaC&BIQ?$IDGdom~rHMhkgS5c$}+9
z0)ndcAEs_@ME^y+MRxUMJRz6o9cP7IV0Bum0bgrb=5M>{>*Qo0#i<V9brp!?sNK?*
z_#XWS!sq}y&SzWxLn@ommLqZuI1AAPqbCU)N>NZy<Eq|zLP9^lBcI|BFR~E3Vq8u5
z=I+q?5|%TdR$H5OhW4^l@@XFnKJZm#K+UelnAMgGCM}M-uUW6xzY)jP(|{<M<jl6h
zvF{M<+zVY)?MYp&=?!hHt|imqo+b52xncYeg5c{=6q2*k7m_Au7eb}6xX93;jtwPV
zw@H_<mBhcOf%ZLytWTnlk$PFsLy-k$#iBWWq1O+%e<Y_lxwxYlYDFs8=1;OlT{A4_
z-D<!0Qc3c$lq=6`xD{(YoH7~OfAn-k6WAFh_3<Sl-LMI2>TnNC#pBQ%0~2vv$8|@6
zz9Y+O5*@&@naAbOr7+-yQN@)=A+Z$8pNH1HiIo%Hj3l*@<(-7Ml5U9~&7*5jk>eHA
z<lj`$rbb`++D=w~aPM5#TiU0OGV+Ek^|+v}(w3@JvV*OZ?NYj^ZuC)ESGCb*o?*dM
zpE4G82yO9@Hw^q8gVt<p&a+@x^-u8RP)HwaQAq3V)$Jr?!E930c>g|Sfg;y@;cl$d
z+W^Grp$tYPu2kACxn12=YkY_Syx+b7L~jJQ<$o8|cMOHa+++VZg+O%G=(%(f%jJcl
zx7=l$7;S{?W08u^Ws^N8*ME7fnO0=|yHfbhVvSmKDxC#h-qDj#@vvdB3J@m(*#szq
z5OM{i&&=ilnp-&f9w<;cgkFtKi-0VN*?X)cK$~26cu@26lPEj{1~)qDzM3&r`c7|P
z)O%*r(O*pa%!%1nZc-_<UW5s{B?<bnveJ-k`GG3}&&8Gp@R{+I;Y{EC8^Skz&;r#r
z{PgIp9?b0ulWP4uM8HSR=~y~{O6<wcR#7m%+RA%F4>f1SY-va_{RF$~&xW&dcD8fg
z?Z(??7Sc$(csEyAG)NQq#mn&({%C?iH5vxgLec4Br9Cf11N=@cxT8g?gu4o}zi>9|
zX5IxUwLTq6|1DKQnuYaWIs^gT=3QpaJ<}EyjND%v7F~j@l7LD1YxvzHh}<;w9>Nti
zek%a+j??~z7T&t}Q_|K{8yYBL=Hm3YMhwO3EV3zxTX6&J0J!$~c$$Q;x+E$yOL<P|
z8&S^Nug=Lk=E{N2+Yrc)gesYjgywL>h%Up6TJPVX3X%wUb-17y1v_&|ytD>+XWn^l
z>ODXtB&fz<mG^HIxhGc#^ANj{i5PUH-7yr*{xP^%>zF~R0@yAi^dop-j4Gzzu+08H
z;=Y^xmWJpU`b%W!F@$j6L~YmRanTOy@q|q^gV|f@qV!|c;tyO^2(?Q;WM6Hj$7*yt
zeQm>`Y9$(b8DZV8s5ejHG_e~x4I=D~@!YMq*?<lMtee$<`UFws!$TGVQrINqzj_eI
zOiwpth`ymdrLb(I<{p1`$$w+aw82xdaD%EYX8J=U)!Vt&MR+pd*pD8&VsFti^ukTx
zO&n(-9+ui3Zjt`Dz5EkJC=O7^V*4{pn$xGPY2>`K`Lq9+YZ;%h<INLXe5BEur;R}T
zswE6@5y=Hb<f7CW2aIFHIhsmVn2hmN5m>!A(Lj&N;4vD$KB_j;@Gs7%sq<5CFxn0|
zpcG9P2}2}2rKSc^qG@0%mG$nC2&d(5`S=>W6o$yQZ3Ppc$acDD(HK2O-E9iX9q8hb
zN#T~^yb|Ib`exR<$zIa^5!^K>h~XX(K$G8fHr&+s@Pc02maU_UIHbo`k`uG0aAK6(
z2oj!W%qH6L-EUhHLb)8yx##aAxN~2rd4l<4d&ydJ&231l+cM)!$+N=!)amZF$CTB)
z5FRt$BxdYod~A_>C;<ri4CMc*XJx}U=tSOutF;Y3^3BG}x=t9&sg#<bD`^S2oBp$l
zko`Gj+U+-W1ExI$J?fPHg)vxH_u9ZlM2vlwJ#(sac9JuA(mVeD;iog~A+U+i5$`5v
z$kkexZWqjZrA7MaCBNZlKKih~PJQW1X}4|@$yH%_!WoB#r$1*y+HF9I{Wn{YB72U!
zxw#h6b^QlxBW)jn@M<PMd;|R$vsuw34t1kDo#YpABRr>9yZnZKfPbhq(Jvb-;u`%r
z4-k%xNFdO1R=q^DPl<vW?z!|Io-%9-uI*|W=>IBgX(6|Keq!!_#3bF+NF0Ni$wSE%
z0OK^L1-f^tJVIsF-9w{2LeG~|6@kRTPYeS0(3ZT?uT)WxOfGw?EXc0fa;n}Rm6D0y
zQy8$+T(hI5-^3l}`Yv}12oq3BE@tD2Q<N**6w7Je4NQ*cZPqzsYRN4s*?gmls<#^6
zx02@{=bjZ4T?>Zul2~`7@9ar_rbvz3w7R@R!KfnI{blXPGo#!|%T$dJcx6!!Hy$U$
zUsYjdlSu3=aLXc?d+L9S$7=tZdMN?T#vfOtN9&!g5sb88Mf)@WkIFBbG&~c}3bdzr
zh1N3jBdW%-I5-buyiEqcf>Z`;(E9Z0NUmSN@C*GI#eaj5ZlL^g<`+-|@-^iA#{2a>
zVB8>a=Pwk^mjZ$p%vF!zJnXp_IL+Wu+cMeTS{HqvR|OaV^)_Ij<f@2B{#x3rHR8IW
zfz0PP>?-6lr04<V`K2qkt8@A8lWbd0avqc0t}_1KCg9HYsppSyB1hR$gLE<C+|_~o
zfadP*v}Up^6xv-(^`?x#lx1p{XaP^77DD$@!lQGAKz)7BIYn&&@O!?Y`%0eZspDCs
zUwrD~Tb$sv;(4HtM}CysqH3XddxP{VnuZ-ztwJA5!xLh8f$YM<%>L3vso4F|aLo%Y
zkfDdeQ(Y{vRpR7@r|7BUPHx_j=Z)V2=e^pt4`8XLw$gsnkRa9Wa3UFj_XBTjYx8-0
zw8nlPjTC~uBk<j==DH>yJ~WW|c|5gdk3&-NJyS9>f4*9dShX@Geh#Bcfd|(+I>zt2
zR}4@gFg4?itH+|vBtmqF9H00^FT0zqS<d(#^07LNxY<AW{J?7_Jyo%*^%o2|-pR-t
zLRt=JrI>Je=C2*}D?R<Ebj7916O`evHjhy_RIj4_SfXc~dAI>W=|Jyv6EHkLiZ!fp
z25Wiqd$@@blwaie%r;`Y-T0JG+=5j!cdbiQhP3tOo>^qKui=4WVk18N$}K*L<APsf
z-6m(}DoVq7Hg&rvW<$aqP;@@+su<SOfALwXs7E@f8>}_H&>v312Rx~gj1rf3nmiRg
zXjkBa&W9Y&04!xcsUls$FN8-2)l|qfXLO|_MdF}^yRot9e)BS#{;GxKhesvJQ6%DD
z_{sAR1sxA?ThM~buLq({^|gqgDR&U}XJpGi{Y!cxKrb?s$P^{ireXSTP<*az%&^L&
zf4=BUloHN9U*JG(Tc8qwa37@72CI>82=<Q}2YM}2NG3sh)WpLp^^L2DSL}_Gk|B6E
zltJ{FLxIIfM}S`Qc3{a>GyJKjN}FLIo;(a#>LHmNeA9@Rd{8Y9ri9I3g+ftSSI-m%
zM1U6Pk35J7MYgX1Lbh{F%fHoTOGXVW<pJHGy+DsR8#B-^2^9hq5*k{<eH%bd%|{2W
zONrAD?a_-z%))sS*ZeEu$F7~xix<qotrOR_z<-Zj@WdB<I1663Y~7Sjv}cqyK%9F2
zebgjo71Tcmt?U8}vl(m-u`%}_BzQYBUt;IL=o9dN9{MCoAT*o}n{eXW-o{8(nd%7!
z#s|R@zAcnZ*WEdIR_ZT3T15{*RrJOJRI|Cq51L+>TfZ5X+b;ptPqUS=FYwzh>#0|c
zjO`uwjAc~_8bzTL%eUSsw)}#kq(rqoDuOM?XJlG<--;W%(6y!s)=QBC1nx|-plxCc
zj1I~RmPqU#R^RlZ?%y{vBdbjdtoow!eKTpX%@%H!-p8C-j{w}S756O2%Z<Duf})#B
zvI_vNotO!=y}&>`$qr(wL>RLvqAFrGye}<Ai{?JgZ#gT(jkHNVT2-|s&vJoHgD`Dv
z=%Gi*5HeE1klcp{!g7ciNjmV!IyeyB`{G6a)Hn&JU9~omfhFTW_b;KT;&J@o9O;x=
zQR?E@IV4WIve|So?i(5>r^l{wh!n7btQkalB4N);F7_kZXyBHb*Zhy3uMQkIe?2Hi
z65Jf|y%c`Q1vUAtz{5dwiM&@cG(Sd76}x$jrr*k=adC6kc9wOH7>aLW>HpLvDiem-
zKWs<?r|yhEiGpAl96xr;nEa(hqHon^;Fqc<UJ_CndMniHFYgt;VY0E2tqy}xJA#o#
z6Yw_iseYfDoB;*7fp`xU<3^T<uACyRam*n=KL7A+STm?saWgXTKHnUALY)BOn@sBv
zhfH><6FA7n^LwxxsY;ZL;kq>j6&dsq$1Lp4;ilo0A`#L%j{btM1So2s6osk%!ioR>
z;qwW%2j3o-eyP^%&1b$RPkiJNnl_*weF>2zqAG6J#oJE($@$EF<1RUN>S@uV`1^~z
zK~;UCuoyQ63s;R#pl@K52N@D#d!q~(H@y)s4mF_ntAAuYagR~x=S7kvZt_K^)cRHx
z95{{aJQ!$-1eB&E_qXd}@siMEv|bje7eLJ4_q@lOFPu<1ztDlRlgk~Kh=?Dg7I_}&
z&kAHQXM+LKUmF8w{1o~IUKvI2d#iPJ(m!`Xf&)lWiAXJYJUQL%`u`wLu&krZ5Fwp$
zBgwq4Z|!+tNa_5&Hu^IX)hM}67ls380Kp>M@mZsT-88EOxkW6mQ})eDSRnpTMHddZ
zkJEHH>!e#(*c_;u<~jubzNKLC>5?wBe0O5RpTM{|Zk9Xgaa^9dCh4WK$?;Tb0(@H^
z1NVW)9(!cx9XOSzWHLa;yxS2}>0j5!#s%gcYCv8~IZyk~!pFA!iVEWo@8i+n58joj
z5ATTtz2l>HJ4J!7g>c)CerY!D&|_?cM1r+h>@v_vFXNcRToBo?T#HLZph38mc#*5A
z(xpVw5K1$tN+<mobI_>-7(<(@<_ae~O)%oI893Z-x7-Y~^Tvws*aksPJb(GkdYG^b
zpW-|V!QuRIs&HM;&k1hQ2~IHo);7SSjN?h+`WjTa*P_m>p6H>QZS_p#W<{Q_w1vTS
zg;XpHB)cDWwB1pdNBldhuS^mLc+*hEL%?6O^%vhO9yzJbnH1MN8GE>XT2H^aR=fSj
zqaYtUWqn1j-p(Fj2x=35dU&UkeySg&AMr7E0pmAoZSHjrwe#0nYQLZTG|f1(qksGT
zQWxlWtaDEHy8t<Z$Nqkj*{@T$$rjQ$(sl;*6yvf2frzpUK{HxLuKAADm_ly3Wq|#v
zs}s_X?`q_=<y#B@FdgOq_nHjLLuj?|PH0Sql)3$1M7;%69KH8HT$~nNpt!rcYg^ol
zyBBvW#p#3FQrvZME$*<myGwC*iu*hL{(tAZ=dgD|CX@TQlH8e0lA$oOOB4F<+yS@z
z6u-?|{!P{k<Q=EzEw$Y!o7N-G(EQR<UXaWu_7wq`5fRXTZemFvpQ+ISo7Ox*9S_fM
zgLNGxz_i~GWjaB{qL!Z@g29b8(fYqX$mWV3O8m-&@G`biO;%BPc;Zn|qN|9WG@Ehc
z;hc?B-7lzCU+nlwgd6vdbdKG_)fkvVQM#XfO6eB;b=DRN=@v=#*0sQi^y-FNRacu*
zqB$iOZ_9{Nv{~yGcRbYa<U$Q{LHjW2TS!o!_*Q-95lY69DPs3r+J;PzYy6Xtk5H<I
zIK?OV6-N|<(JAo}F>*HS!?ukkj4Z}ueChOli>KO3yyCZkwREVCivDTOoQLKoOq_3D
z6BKzRQ(!<6yq`fF!zAaF-R(0|y_hP^Ht(<-Iar;e(okvBI5@x?xRO&6lAq(Xux8=&
zf~*oYc&DtkLbee9gWeryd6kw<l$@=g?kINLWe-hU%r+M(RT#LJ9?h1ZPL$t_#WE;p
zrwu4vmHK|2Uku!grp8icFT)-I?Q;Dc5R>BeSRx~cub_E(^c1i0DNRgM9{LrBiKjK?
z4294vEqXh1G80g&C8^%2Xn1gLd`q09(QwPZwsI?02$PQ+sP1JesfkH|qpb$jj6rl|
z3G&fWa4L&{6}@q7x>B69w#l~Mh8}b-I=jv%RGVog-J_ix?)_P3P3`<uA4lN%f6@&d
zdvKb`=|y)hr!DlJNw8LYnmr0j6=erz!Op6n3bH9I)M?Q;q>@&yEYT2ducLT9L;f<q
z%&>yNGi<+{(>{Q+epB!`;*en(@kA_l*L57FV3EWY!ji-~Fo;%eTg88n`1ym^R-M;+
zQ_qyXqWh=Ui@iO>*fze2kcTZ=G84^`Q(anbtce;AEQ6jDj`1WnS=_t!^_Q3u3jV;i
zJ*%!Sn&2;}AMo~FoC7<tbecfav~ph{p^5AiSV<p-(ZFgcIgr@@W;OWmN6N(uvOZu_
z#)Pnp9xKmsm!oMB$TKRSF5ruR+H1U3XMnG#=>^_q^b*CXWR408OP=}XYUvC<M|ven
zUY&&rj}=n=9o(f=gvA+xT4kW((y7l#YFZ5W%lG~lqMAmK9d_bl*7CUyB~vOWEfS8A
z2>7i<^$5x=si^){DMe(N816GJJ@`7cxl&`&Q9%?o@NI6PQoNP7-z{o4d8xqOAaUVT
zqfKZjEr50dIe8f4^6VKlGWEG2>heI=8L^(0;8IH$T9q<NJfS$4b9?3F%;x0WDa_#V
z^$8(7JZ|zpC6KTxXO%4y57FQCH#92`H`?vQS%QVci&#ZoI%{&S5EEmwH61JCKkF|!
zGqazHWTmRagYQLT7eJ{VgBLqtsBC&6$t*jcM>}h9ruFsHB5TXF<5kr;ecUj^b-q#8
z`i-yu5*vS?oIs!6lk!EY{3gyk*HjVq)$o*YUMp9QDLzdzHGf9iw>RSE1H-9d;^fd>
zT*;80`?SsgWXgI#ulhsMkHrXg1O~8{Sw1(|$=XCtvfaJ!gEdq4@w#kz4fRmz?p@T-
z8pcY-!k=(`&G6z!GnZ4Q`E^$Ws*WS5W_g<?Gt<1-6}9I}$6!jiJeYUC{+kD7vPMUb
zrUV6(CaO3YekeJ9Xc7?}27cH)O=N|3iG*2({`kO<`w%6QCL<VpJt8jk=sv{Hq$%?<
zNdM|m$gIUzWj5^Mt`H8EVcXw+Y}wit)GSvg|Ik~j1F4Zk>0||0o*N@fo5&qRXoRiB
zA1bzBB5X>Uo@|B*qhcye6^I6}2Gl6gl5wd}++xaHZDW7u8VjPZgES~^beG>^a$9^E
zt;$z9y~PZBFijBY<u$B*CdWT@9o#|o4#QWd@E=e@U;Dz&{Oh$uHhPEDEJy?%F9pJf
zPaL}q>ss|o$alWu-C@ZPh*4nL+s-9_?NuUum>~w~Rz0?@(=zq9u&JN=C@E~JzfqrJ
z$3(9=#n~UzTTJDeCI-Vw9Jb^>Qec1jot;5PA~7){o%rwGVRU!jn6%I6v{~ORMoc!O
z&{*`}2(l=j;fA`cecw3>a%S>$lh}8M_x#n6oPi}sT11DriuY7h?fQNtv=d(_xqU~~
zC90a}cLaekhGYNPBvro!?)4x;e{b;nbAiB+@YB=c_uxfPj>7SrTXK=4iv%f6ivdPM
z-6!ziOq&p8O!?h(E$YT(z%4Jg>^Xw;z1HVK+ai2#E$$Uj5W(B67Aoafi*lQW#pBu5
zlgSqaasqabMk~?ZR8qCDf{OfJMdiAM+9EVtVIqiXlA#gk87yKlnnOA9lpe#&xY+(h
zL)wW)+hwQYX`M;8PSUf}=%m$_e{&Sfs<!`=BUeOrOCvns9y0Z&Et72l54zEjtbqs&
z8vwT-%o-YD4(7&7-rHjKrX7$|8Bhx6zpbG0{nHXLJVd6Pj^#Y;PiXex4_EW28huE;
z6Le1PI$X5WO<i?Hs(Om^DB+Eg;nV@}c#n7r4hq(iyzLZe2%OFr{W#)bEQ}Q{&kURa
zkbo|s^p2HDx6%W}=_LcG=vn!a+OxjgLSf!-@wV+uX{Tm5_r&aj0Pw8|x`xGg&^p&<
zz3CE{=l{B35wjXrFQ8$>{c9OZ?f0_r*!Ur$8K$cg39(t6yvXdB?YeFgL2}&vLq+%e
z4>r{z*#G=pIXLRNs(+d5=WI;$mRO%#&C#A#s*)y&S{~K3@}=|39N_P_3dNsr!Ypg0
z%;Rxi=lB^5;DVdBonwoh*BcJ{cu7){_g3`ZP%R%-u0P-F#-T`4FAVh>MYxkAKHS;D
z+;OEgYm8DU4gS<tYig?3Uu`*{Dp`?LNC=XO5yag7n4pJO#QquOcx(XSkMj?-r(E^$
z<3j7@n-j!ir(NpeWo>v9mFn>vlk+2eh=+?9Oi%ihcj#=t5kAG+ow9}j`Vtvuv;mkW
zD$lBrIJPtPfpeHjo`~nYlecl0RI#l}GCAW2ToIu>{<jvpG+?>SZTR3W%TOLu&PySp
z8s`GDI`6!Iy3e&>(HFVO6hadaX5f(CzEi_9t`3tPI7WZJj>Y15ou6Poo6+H~*Ip)*
zY-^!=t4`RtEQNnIVYxb?$S7}Xy(?cWv-uir<~WGpnmd!G4Dp^EJ86%DB@&z!*SS9%
z7T@|aKTv1x*XG{=XEiExn*ol(Ny!1(xZSdddfeZhrJ@Ov8i{i@giZ^~{7Ch5^47`4
zK}v{i{-uWelN{ZUsn6YdZj%(0K2z1d05@S}iKf!mP5B+DE2GEHvz2peDJ*NqG8Q$o
zyt|zBzmBmv)0dh8seVjtDIesWvmc3W$dn{GAOaNYyyK!Rn_t{(OFH@IPK~LmL^TJ{
zlv<n8O>Y@qLyv7lSI6+DIb1!rui^do3kEU%>V^k-fe}4F6wLoqLI{msrzF22fZYFD
zT%ot=)Ga+%A4oU|<NkOM=GF;#3NFe2-!o3sI_hBq4{Yth%z`<0DS}0c$vf}K3v<tw
zJ}6>41<CJ*rtFOwbHsPXa%d{X)MAyyfnp|M!N#1f!h94=v7(z>7C`t)C2htc_+pwz
z&FwWS7o_#|jIR%6`$c3zM8@Q_<}e>w`8KT4Pq(+^-fORV_-H80yL$LiSX*R?YEP{2
zR8B#<Iq{fqmx>%Q-cg}n#M*vqt?UOWX4Pg;7@?hUR%<!WV7uq;57Kg;uoSVSf)ubz
zK_g=+q8Ym<NvnR>IFa5PNfYSs+dE~IeCCY>UdmkM3<a()`?gZhb0mCFi!v9i0|xuD
zZu&mE$RyU%mR@VyT;q33RZ_>{&-3dXR!}01FU`@^xtQzAyK8TfJ68#xM6H)AW}~Zz
z)t7CclqPNcE7)V#N&(Jh<^5&!col2m^1zpAeFEpnFWJxtFU%PAh6ZFBh-0H?)Dyv}
z$=DIsq5N2hvMME*fz<2tnG+mX;D!9l@}H`0KjYRd5fr9Q7DJj`D8N*I;n-gOeEB9J
z3b&YBUzC_|^5toYbw{jJYIznkWYk~m5IJ3^<*9d7yPCsd>D%%WTu`msYS!%NQyn_P
z*KX7|Bw6IL?mCxM6|4mgPxQ0)45wGI&N6-Q>U5km+{tEq^D||CS${2i&3Av>Jy4!?
zJq<|5VL)2+t$p}U=u5JrN>sp~hO{VT_mxU~m?uX*0uW&-0gNLWJLPqR1$-NwiYYtg
zY;8V#Q~(PNE!7ty9;%Jss_~#)u|!5GXow4t+H>hc{$UgV%GCnS<+LkG1%X%eIAGUE
zjU|fnBTeCj3nGWYCTY?@7kR$G$+KlG4%pjc8&1mW<H`uo#o>#BRM4J>R#bp*DUj;d
zVvvGb!U2E|a`9ov4o!e^-ebu3CIAEUC);o=KTCgr=`p}-_#M@k32Q0nCQ?civWRPd
zDSX@SWPp`<I}X*x9~h}1()p+WzB^t5kj+_zP-T!Z;0a!aT(IC1TTaS^lQMjm^CL@6
z%DS3tQ}~nl^=}eZGX8zYO%v~c`Y++!&SRZ=J^@L8RQ0HUf>1z5H~i`xz*Y*ToRr*V
zVE{KVXxOB98puf;z~*ly1@#L>==efVDyqN%Ye;M?VU-Ig(61Okw3Q18dSwFW4@rYb
z3aVub2)c|0h-@GYKvyINBt;?xBz3z7{nN-lxd6|VmO_yFK%grk#{rwgDaih7cybBy
zk!m9mkPO#G3c4M`O#m7uEy0J`kLDl%wS12PAc+8wK8ztZ*_RK6eck2nL%zR+2V}^^
z22|1z4inC)?pkLGZzsGANE>dU?i2?Un~?P~O}@w(qLECxeS3L2U-y6e?mzcSMLvjo
zL&u8(=EwLx`7X>@u!JrPb)lnXRDi7H@Vi$v7QVj$=6Z_G$cn3__%JbRrO5(Veje#t
zux<LWoB<QQB~9-Z7*!FS%5}jz1G@7p*7Xj};v5$5#HO8L<iDplg9v|%bHJjj1G^$;
zrlDN0jv+L?DfJ=z2%t27S2e94us)+7u)>44VaG3m$GXAykpb>U2c+qpm<lkXw<sb3
zCL`gie!$)lTZN|ooQ+B{QieWYn7U6~u!cD@1kj?nX*P@>GN}ycx$(n*@NNKR%@TJb
z(%)LmKpyyG1n74>z)4G;kriPjbqh1?j}iy$D?Ok;PQcxYfm5AphR!gClWRDklTtud
zE|6vE2JkEbq`Hs=;HtX9-2RbwhPhP(WLV(F+gRYiGkyX`p!^O5%973N2gF#hLM;Uu
zSb?=j=^7zlA-b3QL@Z3Nb-I_GIRr3oc>qwoITtaE#d07O=Zk}9T=I``Zu2`!TUKZz
zP~}P*%I}zEgF(2o6-?`Tv?-la)*YBJ`>?v@kROU%upO1ag+qUE@HRLAm9)vb!mL#^
zzk50_YI=u655VLeL$Gp)$)CF&<ZC%TIwf7@ur`;l3bcTKCWnT7Rj!YTL*nMspSI~S
z4>KKomsP$En*|Ds1YD@8yGAEoGo2@Lj#R;~+Ps#wg4Z^QsUO(ETJVf1=_S3+{EZf4
zQ7cv-TAhaC^!QrHAEX+=0e7!Kf_D-1Nk7P8Hi}R8d)Ty1s8yK-eEC=J&#cB1SuGqi
z#Pc(NLa~8nGx!r|5dLCcIbgpF4t|q3C=LYdGz56}IM8lyfMey?C<3SyP+>n%AuiA&
zb|ZFRUnN}`7Ma-jh9}AEWs{JE83BvI_ocuHYYZT?v18)plG*l?={1~8+l)AbD}8&v
z(l-KEsZNb|akAEOMAP=$gPe);`j>^zV9i3Zrnhg|M>E6=5`YH;;Nf)#bca-rK%0zK
z1z3j*vTmqKy1?w0q4f)I>~&at0P=~VJfW>PLkQ21J=o{`Y`~XHkbpK_jg%gRJT@5>
zpoNGJDpe;+_k_0NFu?Iky24~FuLBZ$0}@LE9YxSG-5B-ayfx{C5Fm|V9u=&gvMY>e
zt~pHQf_^|1V0L@J<UOBi-yz?S74I9p4@JNS5$57^1#G+PLuG-M0zZbpPxTA-f6=WB
zHVT<#Ix1iS;F=~N!vX8(@eAm1Cb+3Krh#sx^Pd<4z;)|PaVY#YzX7yw1m#<>l^=lq
zT?=q(KLAk-jv1m;C>SM$U&2H0J%%dKzH-DzaWK>J31GMYGbqi4zcb9=hUKM?LunEq
zN6+OrdPjlrV>A~qA0E*ErUSjT2;k1i08rh3K$Q=hly$&d(?|SfS%N-;aBH~65(flh
z_ffn2R25(@Lp1=@Qs`lQ$?gWFy+G3-+^YcKj6&{Cu}I~lKwxmI0sPYjK!yVJ^8Xyc
za3Lz-G$a)W3dDtsuouRX!*J+my^{1r1Ta<qB9(Y1@`eFmtiON_{VKL$9VVS&#4vg#
zt?C3ZhvAe;fe?_E2LQ7?ZVI^h*@SG63zV60hVh<-$6ey&ZjrM5+Wj8jL;KIc6#!?*
z04h5A2tjF57(nph!A#Ch*o6s2!%(p2<W}N>r3D1u1)y2~>xCfA@Ahq2p(sFGO#}?e
zdk_|YaTFF1gXj|Z^$Fy4Yz{BRpimay9S@kK1~3T;`T~mhdn7UkAc_FNXdJMFTOklA
z_yIpQ2U^gNXfVpXF*)lOCV)d4aDlBmWxzQAyc6HLU-E#B>PA<#`|MxbASqT-xe9;-
zz(mhP1z7&`J3vqJfN$!TG;8XDJ!g(m?i>NP^9EGO0lAK1-b8@F>ZNeHwFCSp0De>v
zQ@fT!o=`AktO*%SUAos3$^p~QaWX03DCDM8CcYmEfc_U|%K$8RfP%1&+ypWBuLq&m
z)Zzp5Qh1Yd&M<6%q7RCI@V*HYWCOxrBY=n`9}G2s{xoy5m*=;SBEZWf0B{%v#F7o}
z+avw8b|-)P7u4+lU>E?4Ul7=Ie$ML~i2B33iGTh35upEhpuyh(?(LgP03+Z3?-qpw
z2-)87Kx-%_fKkR^r>x7aQ5b|nCj)}GTLK^w;6;;v03aR!QeMC@MYrKriZ~O9s+Qk5
zb^Y*dqu%5JjL!qq>kZWV0$8#GAMng`0Gb(qgbfgK4I2o}=ovYozVBmD*(te|Ia&f1
z0Ka}LNkVR72I^-7V5|Ng>;V`lhpspzVtx+x(4k2<>>DgwN<Md4CbeYN;s0nbn%1X)
z79!3~WvmEX;0o0K3}|S<rr(xDlh@kZ+%?&vEfRmN4v1R%T(GYkKpXHd2gjc)F}vvk
zw_z0oFqXg_%VV<zygoJnQ*!J+uMdm<Puu<pX<e*13y%vu2<1&+!D8=g*(h;?J%@Iq
zjsm_-;(KwM)~>Xg6r5RIg%36`Vu_(MekaN-baVAb`Gj<RqD-)C8foRoFVF0OH~UFE
z9u>N-ZyQd5H%PdN4Voo&f20Y^kx_}PYbdWnh8{yCc`7tY5A#(JkEtW&w93?5OyW`J
zO_Er3%37#f5+{b)Mq?WdZtsoIs#}%A2+d9X2a?l(*C~0?R*3V3_c}I{XOaaC$E49|
zCEnaNv1e1om(9|FnGXVpr^FWCS$&sh7<Y4a(8$>(r=;Z+Z@bxyRmcs6bOLEKVYqjl
z^x$SLRn7Izq#1;EiS+b~3-R`p1FgjrX|(Pqpt_TjMyhJtTdUciC5Vcxd5jcVya-|a
z=Ub~gY$nsUH31I%TPwH7F^CG6af}p;pYOiTw~=m$ijZN9l;Zc7LhAWuKkV4P`1O*(
zzXK4JD_x+FwFu$d)C*Yt#7u;cC-}xn-SXlg>}Q!Yq@f&;p~8!M1evn8(+9_Tg)C~a
zaxL~NUqyh4y#^(&A2%NMh>1;Iu|xkLM}z82Kv8kC#im)XMUW<b#_!;+lx?~|dHT-v
z1@i7`6K{{e#o$H3``*A^OFvVL%yCI9K74K)o(*X!^2SaT2^X*Pse{XQvIj0yN)aBa
z@uLC4x{jT?Kai>I??xNZJF_cv-{X3wXAKc!v+$lIh~d{)^@;*vPIlK2sYHBl!dIT)
zt9*Y{bIgvN*|Kjv-~94RizS6VMoq-IevJWzrY;cFxnp_Y=UC&@@1wE9`-KwAJxX{X
z9%4K1+=t5&E2F=)xmo-Y7kPtm@)VwT{|$N|b-~%=sH6<l5v2m>D~a`zZy6sV#D`I3
zONJ8mG798j5SU^fR);B<)6x+cf^p+(-)CQ1*A$&&+wRKv8`OW!7g`mKJ%fMhMN_q0
z;hZL)j_#QEqk-d+O642^rzd-~tk3JZ)C}x$R8p@1Ja|jk)$S!uKHlJ)VODo-k(y)5
z4;F?bkK>15nW0J98Tl+wQ~n+cixvqo*+%OpUgEq6U-)$j!^VrdHbaLWl~VDj#2uzR
z$C_4bX7(Z7v#t;(+qn)zFfulxu;t~V*At1>?s-TZ7(3?m_V)q(O5Lj{t2H3odG`A1
zTP{H^QR2^Pc}p@j&P*R+!c1@A=S93Z{l0+5Kv1nt_0Z`YIaycaA)77roi5c30dzYb
z`xDdtRqywK?fgJrCOVQOy%INk#{w{2j{{R8xV2(-A=M;Q+BbuM_=h@b_5_pOyE|VC
z(v9iM+3fYD+%~#%3m3yPXH)*n^6?@A)WXIRGs|T3bi>i2CE4O+L=s-0x>dV^>7TWU
zEk7&1i!hQ1>XqON-MB13rhnEX%1KLBp}Kvw+szj`s8DY?UzH;f4{6n8{6l76Fx@pq
zJg}$8F7WW0A)PtI+ak;;l@&^xsxHV*jTJ5;nBs<GVbil~%&BW&EMw-=EN(k`yni+X
z>c_KE!CsiCk0x&5=;kF{?DX~tcSPll^USv8JKkUJ=r2BZc*dmS>}a#Z;0kMfI-Lsa
zyr}A$7d!O@E82wz$=vfv6T5mg%KIO%Ut#rQCFy$}lCw^UYH<E79VU}=3lhT|K!TxT
zzS;duhG-a6GR^G&M>M2^<<cnO#t-X)vK_Ite3E=@v-QOCS~a|tVf*eIpXu}2Kp*M2
zM!zBY=_V<QG;_tv;K9uTNj^apRbh|lwz_HMF^6fE-rRt8A}CNv?C-YAQuVlY#8<OV
z*|DV$hKz28msSUB9wZjlW3)?&*}N^D7^Zn!Q?!^f*kVYt>b-R6R2CG5C&C<e7gi|Y
zpF^Zuvr^RWVJ(4uTeE*W4Ceg&sr(I6bprOjt%`4}ym~bh+=f0C6LFMO_u{UB7_1~G
z2p|+vU2IWPztZZw>SoND@De`6>5^}Xq`3)lkY1DQj$BsB9TJwjgtaG&F~|!`>KGIl
zFU)=WZIYm;QDN;GmI;;){9gSvbt8Xr+Q?=)c}KUSia^e%oU>k*<TI)naqJhzCfWGk
zn{O$!UApG&v@i~WtM{1ZY%Tf(h53`!S#$Ykz3_dY5}IDYUhELXp2)-k@ei8tRU{?H
znl=JrYDnh{8GVlP`RPNREmW%fEZ=9XZAvqPM7ZBaHb`^7Zy8TK`owvICD43b(<#L$
z##XjHIGc{;mnX}gs20f?`ycIft8B|7&2v0$wSA|^v&P!23LZjJ*&}1^bJ^(GP}MYK
zYGQgn^2Wg8j%qz;putkC`vd|qT1CC-Gk?HKE(kFL55jIeRr|~9_{bBX@;-8S))iMB
z%H8molhGpbg9lZa@TI?9@|@06zw(&-OQW(7$L?k;B@yEBQxe@A+NrI}Ci&Cp_|UN&
zK{l#38UB>si0!{!XZq_S`qgGu%57jQoA`A$d2qp|&wkwGHqO39T-PPQpXplUImT>5
z&;vdffaCP(UK4K&*#|88vDe!8%^?l#-nziqqGb9YjJZKCgv>ZY{ujmI#QQlamhHHS
zP$&~9FmXa#$$`%^N*&2v0{22Z5bcLInfRKW%i)k&ujUiI*@!Pq^Vkj_a{K6xeExD3
zRSgP_&-_l0s4t&51?iVc>W9F*-WVe8QUxK($kS)v+4^i|lBJh#htU*oze85{E(uCp
z&cc|-m7dV1=|*-wMEMI-Scc6Yg-+1>VIebrO*2dy=M*JNf(=CH2y;8T47Z6K)+W9q
z*ODZT6$#P*aJkKDb|+Zl#(MQo496h-t)z@T8)E=zt{>R3d8i&KCZyoruU|pNQo)Ek
zlhc>d;E<m((rj1Pd?34ktBma9PmbXXQTYXN@ZdZ)inrK^OM{4nGStm?Cycp1wUH&2
zIJSVREt^lU?@0pQ@1yAXlaJfhT{yD77^RQNUKsNRiiJKrqAdx`1+w^h;c_sU2X3u~
z7URG!6`Cl#1BMp6k7%jMeQyu2u~c%pYpVT^BpXV<)&20`M!e)@9q&48NT6SvolO)Q
zX6q;MnAs>D)2dZq37&Q_PgbzRd!Tow-0K4mDp7^>cF4)r(TK6mCHrhCnWCKZ^(&o>
zA)Z>87930W=g#4qd#6`W)7Bg6ZwQ*drd3dVuOTIxn|-D(uH3^Wqu4724|d3)s`++A
z_ae`MmfFLcOOn|&UUm0vO(l;wSg9CuC&I3(c(8kJB(j~~SNqk`$B2??kolUTRFk22
z|JU>I_LK9yqJ4F4JImg(o*7Kqvbq^I=$^Tty&$KA2Y;F9;ziC|-uaZpd}@}EB~5oY
zuY?DeSy#vGr>!wVslDeC<T1{^b`r!8*)prW!KfTjD%>zvPL_Pc*U&C4onP#Qo!7|C
z+1}S6d`rL*ArDb>wr0L2Ck%hv1O@jtwA@muMfaN36;nqeMCwjisWA~I>N=;d@#>9p
zN8`+K+eQ8`T4i*JnOuz_DR+y;nT@HV{XBP&>#>ky6E#g;shQ7gBMDKguu`|_qwFZM
zEdChHTc20`?&H?JmmUUVuNv*TnnW=26dqw>#|2M&qX&l?g(~jHJYWEm@8YEcjW$~{
z*oyh9dsl<&CYSEsbN`nlh22+8{_GK=C4Ev(XTD|Hvwqk=M;GB`Lj^?2JKjEf4&S&M
z?bFax<B9BDU8vIIeZ`J^R2{y>y9}bPYHLeXTK<S)yCi6;HcquCTCzLtYfxy6Za8eH
z{=Lt~Ax4L-AFRE|+1O^}*r1o=mlF?u{HY{-ge16AMs~1R;g@4p5B?ltaRW#4eGbD-
zLPKm)MdRhufHaWtdltiOQWeOMd-){I2xK?|8Nw=JlQ0r5pO8R61~-tg@l|XxQ`sQ=
zn=z2+`V5>wzJYrwoWr<o)fAhYP<#0#22}P!4P;=e0~udmE~<pqx!lGI|C9V^$EbbX
zL7Tp|p#IxRPZ1$<cvk&)v9uzuVsVM_lvA2rgnT?;K1S`?7@#zsRm~x+BEm@T`nUA^
z^bbixttG~(NkBrNX^0nz?<4b-eY|~#J)`jG{(Rwo=A`z(+kM3b&pM#gZJOPTp;{NG
zE6+#fTJ?DQBpXI;i+tLZsM%hN{OP<u&y9bb><sAa8Q-<(c*ZD9gU_p{vi7H}n7p~Y
zaCWAws64rsrAVWBWBq$V>VEmtgmC|ohMaCsSzX<KXU%sPCbUP2kxK7^Olkf$Y(!op
zgLaq)IU~I1XM3|}v*!xAbxlEwFoJvo9ZVf)=1W782woA09#nXvH>@Rhi5qy<mz76g
zU;F&@aSh15pWQ%*QwM(8(hv)h2Hih&vE=hgZ&@U0`b*EZbjwN@O=T{u2BEE~FLUip
zf}iwTuT2d<R~ifEp<nm~qBTKWzUw0)%U8}%$)q{he?<>IMrVc?`W!o5)<klWRR(@c
z_-?0T*_=16elU_DJFnva;r@s@DN1szWC8wojC;jItB3$!C*CbMf`Bc8W}6)3-sGC+
z`!uKHkj!23f`3|9HSS`WUlI`TU0aJUYyENKs*UQ18Siu2hgA{-5+0S?2h2(E%u(@F
z%>-YBKAf`zNrQSFS+$@|_KCFQr*w+hE-wXdXlV~YwCH(p?dq@<BYBR&?W_)~ja8;;
zyl%;YNrQG7?ymbRy+97;!Re#m2pUEOmDK{1`|M4`gfyEkf8MyuKBOc7`nCSOk!ACr
zDRus=RJvJ}8H?<5@|wo8FhSsP=87Vxaq77LVukddGz{V-JYfJZepP$#1r^tWfU`Uj
z{8<$^>uijlOT$^YU_xo6YupnRp*%2p$y1uR7u4-h%yFhAO@HD}%5p===6+(j?17Z1
zJ@q_{xjo4-8>=Ru7H!38qc$P=c}GX+kU6$~6e}75{!G^DI2pdZ*5D6nIbA$6ZM=BG
z%mZ`##ku1kCf_9xvcH!^wDiXnTzwrh7?R=z1+PZhedCHf?SN3#&<!-b+a7_;#Gk%K
zPRQ)j#l$LoZD8W~i5>W@_eEOzo8{eZA%0S7dF<G?y^8+xR7)6MSH2Pbc`KfT-wGDd
zcAQ*nJYY^`IH|s-Ss(&u0&BOOd_3JEYS*Dd)7BH~X*62IB(VtGcYhB_-u1+75S!7h
zbDHzkFwB_MjiyH1jdNF=&Jz~8C+XD2j-`=8%$M!dX9_)s$J$fOS=6k}DE3|e$jQqN
z2oF&MwFM^bwdTC`z&9QoX?lxhq<Ayav=}>W9sZknm~9hD<!UTH46<o8-r*WITX-r<
zXHm0(q^a8D(GcA{uy5FnL=T42>hM-Wz@e?vOAYy7;C&H#(*ot?-{AJQJ4-$OQ&qXT
zWH6#{K%rjEm%S`Jz}fh27J*0#+1n-vSU6-Lya2|n5s51uewf1)(NCj7rLR~0(#;)|
z`_fm`eE#3za_?3>qxlbLiJz<0#Ed|ss%UHU7(6I7b`(<*Z1u>oM<CW(Hsh1o&<!uF
z78_^Dsdeq{R&A5MO%fZOwpnBg88{r>^g0q6ZS~>><8Fizs0c!FS?p0%P>5qAR6iKb
z?8R4sM7lsFKXkt^%E>orR7BS{V)gyYun}j>TK<*CWTi%yQlvRI<T;w|Xh4k61zKt-
zMd}|*qThvr+}$Kkl`|zUF8asubpxnsoZa3@kA_XZ<F)o~QXGA=V3ec5FROYNWuC>N
zrXtvVXhV<{F^$=Oq;apk*TC_yfHS{dKsW6{K%sAnf;cuW@-ODxMuT?gXTFs$ZTb1-
zQA^2v)0nSg!%ze{f)r~tMBE_)|K_v@OW4;<lpagN1VN|xL;Z8wLaNcIY0!0=FJg`+
zkp*le=3{}zdoA0_55Ng{pZ=*T(b~In3qQF8#5Y}Y;d&EV4Wj36X$JK4S*hz$MTz8#
zD&v7E+Go`M89JBC>u`Ny-)?1IIf!;CcSNfE!(NwtH7^EnY-E|*qIzIdZ>1_)9P13O
zi^_60_e;$UcOlE@&hi)5tOj;2IlUk9^4^iwC|vf-UlK?!UX3B`_pM}HVq4?ztV|Nt
zsF8_Y?5-R$_^bScf!PwonO&B3)@Uk^&;mI!8N*@qAbtIhx!ytHde=MW{pruHD)Dbq
zHk#R<+%rfnyuKSb$XxEO=tYKc#Idzwn<}-ghGH_AmbF)-KWb}<c!b`x#e_&K9oAx&
zJf4X5_x$^C_v{~b*E?3%XLLVX)|+QXHvapO{eoLH9?kLz&Wuc>*CN29(uzfi0T06X
zEg9Cr+<n!`b`7{ANGAEorn>i60D9L-c!t(8JpvZ^G$TpDmphU9c~2__?f#v}J}mmz
z{GE3$?$aRFoWs6fMhD|ChL)ovt2SatP17m=X~i8Uf(P5NI1tiV?TY^-Q@I4lvvA#b
z)mKiybd+elImX$hf}IXUV5E26SrS>oU1t?ix$sVeT^|8QND46FC|%7+a1e%-`;2xn
z5*a{fXxW_W8QPNe3(n_LY#hcf?+mchLuN?Em=IOxa_UMbJwrno26#|~rq68K@>;;F
z+@uxzC@f<PLe(i1o8BdSs>uiE@9`@ucW^$m<SHXaJ(bv4Gd51grE?Z^b~tJ&b4I!+
zUD%SkHsB;NzGr&qcB`oaCWZd6g9_p3xga(BA0a0T5zK3;I%?Vpr0W%#k0ySpjA*8;
zblAgFbzK$W=mc$rt@cUqT`eBeYXD+F9Et@g`GVW>%v(Gslcijgxy}dX#-4|5z*!=x
z9`bd~QvVWZJ7sCnty=Sq+Bb=F#2XB{>%zh9&pUfda7qF#&gLy82c?xEJ5AD-r-fgP
zSjS*AnN(}iR{7k6yn8oi7pVuL6<yqnM)wN3K>}x5EdYE*cM0^1)xpR@ftC@AR)sBh
zguNyp-%$F7Hi)X2&DKwR4kQ4zPLeOHk6_V}KdTn(-UV0NlM1?M>8@r>jZ}gM(ag_k
zZ(g+QMdBg*zJ>i_%Jz4=P22W<CjFr1l_4R1(v{j#96IR<^f4OAa6{2W;<~@yRm~iu
zOCIj7G_E3X$7asWUKm^pLsLDHSK!fsG_*;#u9mQ7`XLxr4s@bq_C^{3XlNAh5%j|$
zmCV-GUBpuT#FV#ABJYrbH<+jB*4D=#dYzZmehwK_a@nz@s*k<=BUsrS<K4ZMQMze9
zGfnv@J|;*!LHc9or#2o5PlR{he?Hmn`}Z_ob>6swWC)Tye@=W=-lLm1@6ULv$R@HJ
z+Tx<btRKH1*e>UW?clJtMccj|d~BYmcdp-*2J1SOADOZDUp{VyQE$-oM;Nn}ESy)U
zzfkA+l`hx+;MEu78z1hnlpr6DkDS1F1pSJtMZVajz$|EbisGF!kP&H@C^?h;bc)oE
zz`S*3{-S?&MPuDeROjbFd?PX|UAk*J<+c0q6<@puQS>vz)**J2W6I62r%!CzA~1w<
z?fNrwqQ?!5R7&GJA9(nT?&l|vKgaQY|I~n<^e>am(gx=kn-_g}VEcBF_QEvJN&PC}
z6=~}gQL}`|6cmMi{>S<W`~s5+b^^$Am#{gfsHAW=e>Z}UUaXQ|y49uMEIl1Zx`I?`
z<5MqxTI&Qqdy?u|zsj)QQxB+b&LkW3)2^;4`Np-m2yekf$meC1KJ&*iexS21YQ>^u
z)O4f=Fy6lS+=;)iGe1$U&tgROkoP%33t!Adp_Bc1Uy5NmCMAk3?s!ks`5gJ>Q81pP
z5HAHV0{s?(#mg%Ha1($H41CIaVIq2)u#izf@(n|y0Fr2ZFhOH#GP25_{vc|m(B4c_
zxweW`!uK{bnf}vg-s?(8-_b$E%N0~#Cs|S;SvQvSXNp%Zp~1S;^-j*Ga~}QN(z}P%
z801?nd1xk?P>|HjK{8fHZ(kCIHJg`^Lm8nEsroIVn2N=DE;dQVJ%8w%T|^PMj^4fZ
zy3@Y-=nqzj2s1Z<{aP!FR=3_(DFKVzn6?GGDiR0S2_~{B-ZpilDp`|h9}Uo(m;4gl
z-^k**;hr8{K)AE1JhvE1IZ1i_f;>rvkCOUBb@b-BVd#@sT1ZymWpH()_01VSKYaa$
z>liK+**F?~Xi#X*3M*-Gi_24scgZ?~<zeBd!sQK$;bL*NyiL;P^2V^p+3#I-u`N^i
zQ~pEBy_Q+Zove?i^l8vkosY@JutBk_lSeoh4rTY=Saa4+sHn&k&L_9XCY8kowqdMH
zStpB%fiuOv8r=dzmw3sD)a2Y2OouN>${T{dK{q#THXrZ9{V*t)wup$ng8y?9`h0C~
z^gwmlF~f2s#3LrQl5Fu*Jbw{mBVQg<TK}E6OQ^Fo?Ak`UNj<#oFtR}%9WyUKNbiao
zYj&E~Y9D(igbYb0&p!h<pB%?>&}#elU;k~4K(nq3L=|#UN@5kHA5~q5Z3@-R0qLl`
z8>eY#PS-`iz)FhpN1_}7C$j|7{F5ww=(WZ6CPVndQr_abeWGoli(N#tdnuBS7Yx9N
zO1i1MDegg8RE0j&tnnxXTHC<Ta4!2}Bsl`Uc)hC9!Ow83k%!3Gf19bmPY^Ymc!JOl
z`lD+eBnuUf9<cj~N6(9QVHk*ZuQmqkN5zhZB&zi1@jEb^o_AyE(S?8G4vlxClc53U
zWXd+^G62#$a4c^dU`b?W$whS|2#qHhLu~uBluhRxcsds3%ueAvfTakRrJt7vduFTf
z)=o`oF&V-!;*JM#8pe<QnaqSOf_LE?c<TEXznW^bXVF`0?qtqYy6JifAOY?l1!*rx
zK9&x{JQ2vDT_BsQWs`hf6T4kJI355G{<ZaCHI8Y2AR3BK_?#PAwB*RQ7?5nu3+)6X
z0=_TDD}3Y^VUmUXta$UQ^-1w|&AWcL-Qy0+bn#%tDV}eGWE1w5D~jZh=mPBIuXsZC
zGO#gN3#4Jh4oF`Mv-oV}`KOx}*yDuh&yn#ibONJ0IQ}J!w^ghk@9U`aq0*=g>vH;)
zCp-qwgEAcVfEoAE!`AP5Gd`d|QU8BMxdNj_?M{J_o!?=NmC;)MkEA%S&-GNRkd*z>
zqdlV3T1vd%YHY8Qn=0*f-0#`A7X!}c?L6)xTsOIU*fQoN4bVBrRuKJkbqZUq(WC%{
z6p|gC_C5qr>7RL1BK$~pR`9{&pmh&IvFg}{5&pX3wVZXEGvO*k>7BWoD!f6WOPF)`
zNT@C3>H;&fOs1Ch=f@CCC2vrL#e!aq%7Wf-;)5kgPRCjta8pCf<VY?(1_(cfS9oSZ
znzO30gR^J`H+~?`L@=U8K8rg8svNuIt?#>*dJ;cG37Q*&a$Vat2HX+ZL5a9m5F>jW
zyk3uylg}Ex?4ZlxiC(4)K2|}ZT4!P9r>CHeKJlgFwoZ=4fNV88S*X3Bh0q8j^4eZS
znp%wRHXH0@@7MeD_@my3NuP)y!tY)WzuOR`?rZ@I^|x!=i5^N;(2#7BI(Y6zF7tVb
zt22vHGk75kb)xnOdo^Ewi0d3;XS8BDM8=!+X$f2w212qD^G(w5moeNMxo7z_w4~Sp
zqI8Y{>=_wAhkNp*vwKq@R*#I5MoUdA-cMKd_x8PVK#sA4&wXG$SO#`2H+!`y(C!!r
z1KjHhPbr=Ru7|-4on*25J0!6Ny~6HC71@O5jR#U9f@0F0hRFOz1MqEft}v`q`tm8R
zU)xu94(Qh2c{2ht1%$furW-iaO`ogEZ^T0F=6)&WQN9k1M4hH{?yoy7Mw0wm*y%i#
zXm3)#$Cx!;fV>r*(An8$jQN))=ZD@a`zPgBJQsnp>*K($Q7;Ke`G~JGf8y$r-mXKa
zPwxbttn;ZAcg5W4p4j`9jpEa(?;G`f<WsI6Y_Mr08;wvIJmT!}w~MfM5kI_2!Xo=C
zp4R94k$Wgyuxa~$;?*aPeU#`{ZC0E9tnZ_97$a}{Ox<daan^?4oV!BbuWTtlJ!g|n
zeG?LNe&mY}1$h~5^VhsgjgQ=#hk9|+4P}Ou44W%q0n;xM-q5{Cp7dX`IRBKhyF{Ty
zMBXdAWq02newOtrPY~E{mVeq`Vl-i^PyGcyD}+5PqTKkMnV_xf9_e*vV5i?Cr;VI+
zC96+QzLJJe%>EE()fhRfx1n3WyY`3U@G0zbBx~peo{bPi@M(~PK?=?Z+UkIRi{u&7
zhWqm;X@pC@M|+C4thcTXg;}<ptgb*CB8p&pc>N;oruBHlk!)L{y_p@vp43N0S18d(
z28<>vF?kKzU8SC=GcUyWi}5pN44<+uo;IbGrmKrtO%ZQFr=j6CPXM=20TFyYUUa3U
z?3e2d>h@v($HY}s?c7^b)kUuRCzvQAB$qAnTkLft8Rv7A2e0>4d$3NQapWDh={iQ0
zwhYEueev&*|9&gF#KztF=rtF;d#(1ujHbLk%3by)PU<rIx1XP+7)gDgwzd#upCjkq
z1MsR;FLD9RbcmTo*@RHc#8dE#x5+SOt+{l56LukW()T+uixM>EgK@%PtX|49lAHK6
zv;)_8DQ4}1j3NJSL5Dx=w3uZzWo1jsvl;zrCA&7q`=NSr5@Tv@)jt;-(!8Sejn$(q
z#G)y*x}vgwtLg})nR_4zobi~NIJ0{TM@rrpP-!MaFeU2KsfM$-pJ+yyzj^Jt>ooms
z5z+S~A*pOLB&uu^1&+7KT85p3m2I!g`ksIAE8Eb~wG5GhnX33g$};&cj~fzSxFc<|
zKsF{puZiy$I!P1r-=+p+16U#wA||JEzC|-(%#|DNq-g~Gb^A$e&?)aV_n|~fWM+ud
zVq<5If18;0%ffQ6J0lcp`-J98sxBp)6U&T8%cG2l^>5YOxBvplVavfX{GX;0#rmMf
zk6??+h=TX^il<B4g6QLNx0@dngDS7|Ok;P#p2cWR+;TeVXf{77MtqH<oXsv#eG$+g
zQJ^jvK@DuRKf>^T;v~!6++a76@qY=E37VhbRYb7RKc1WS_*;eLFqdzSbymich-{v3
zPl%Kinvs(!Grey_9NQb68BE2zj`Q7>&f49yCdg<ZpNqO}$EeutVq{0wFI0#i*B`ok
z(gCSMXbDobo~HeNC;0xV24zm_n;%*$b7s_}$#3^YsnZLZl2WH%a~Y8YPVaX;2-cE&
z6dLLO_&5#r+$&!pW>MEXI~1L6t-p<g054hK>b!bzQSWu_Q4sIzx)7f&#}LC<RMroq
zOs&#@-g^d-=t7H!Xk!8h*R8;j2>4%W43U44-4c$pM3Do=Uel3}5YY<iVIx#8)aZn5
zQIJQNWaM@{4XQk~r^AmHG1b<G5rcTp!endZ>#XdSS{i<7ZI*#o%zlQ`4CkVGR8O{Q
z?SP5u^`Ep0nCcL*oMMrF3(HOs7oe1{$Q9--B^2sLcuwllR4y+h-sHtZVR*w)+q%Qi
z!*wF-vH5T>Y|gWrC5>7l%xfdN8)nxz%#SW_sY9I9Fk0|b1_(gLr{4rqrD`VtHABO5
zfa1|BJIb~&It8KJ3sKQ(B4^{*DG!!*0gqsQ{RZ5P;*(W@{=t|(foWxyg79oL4<7@d
zLWtX+9y0b)+SRjQI-8R>g}-d=a}#Ya_k1O5npENG`wRZ;?I%47D?Ffmlp$U|M;r^!
zy};$RzGy4{Uir6n;U9-d2ReBQ;1M*NZ*ln?+s%Iym}lFAmW^*I`<$;U)*Nt7Xm=jx
zfk3heCby+t$Ba&C5ukj3Uug1jOREFu0ja5K)74D3F^3Gj6B9YZk)1VGyO_lm?*g+Y
z?F{qpU=G!)BM44teLRI_TfZghYVnLZ<Od)+B%5~dhGIl0=9JMiY#$lVDbGZaFP7ks
z`C-Ilrw84o<T5YD@6Q8v<a=H~X~h}g#Z5_X6SoO+TLph=bBz0DxAw!B{MMb+%X2A(
z4HJ=iJ<RtL{9kKf)^l+4YTr3>`Bsz*u#a<L2td8;tB~+dF{az6w#Eq@(uxTCJ$<^4
z4Xvs-A$Sh$FwsAf>j+K+x)GT9m@fmQt<GcI+U>4xw*X8PT@Bxpg_V}GvW80n!*m2p
zK?jYvurUPAKi8+`gJyXOsA^`p3ak~iP4#(L-+M?v8sF<fC8b6sH<J^X>UWK4RwRoZ
z3LC<KA&J*f<0qXaHTl!7X#`@&W`uU_bXr(Z<KH4sVeJ-Ph<FM%I+wwMgg{Z7+zLLd
z1Mgx0L}ZniVe=B0xu=(g(#k4d50P(KF%@jd_?9B56tR1VrPb}oZVJ0zx@hrd*fHEl
zbE7{&=SXE0)C>+~XA@#^-EJOo^H`_Z<0xFoOyy*kb`*hm)sC!f9^Y{kIJON(vh_$q
zs-<ew2}qAlfwrD?Sw{5gkYHcHlFaOdUS(rBPI16I*`&)m>>sKMDNFBE#yD*VsOwm?
zh!55KzIBJ~&Wo}huq~)SGQ5;H4Ui?9Z}baTzVON1S5nfzw9Z>?8#G8C!20$52EE9k
zxf30&(QjsYd4QZM_9FIqW~29c61-?H&g*O8RPiq415f4mWM`wd1E8Q<U?Qs-?6^w)
z=nY8e18Sr6xm=S*Y+L}6ZDW4xUYlEzi7$#zwMFawg%j1E5$V4~-H$tq(SNN3Wr=oR
zl~nSh`aG~a43GL<4b$MuxfR@gwlZM<q0VW5$ujqLeb?Vkgu0Bl_krg<zf`P6^pgE~
zF-mmGEaD>QY#8~x_~Y^#-oI(M;25WrM|VIQ>4LP+ay-EF$`zi49u-F>s}&QdjpVR`
z*{gQ^RoGPZ*i`AE#*I(C$T=+Q*L+m}eWP{S1>oFldjeI>Dv2#tjHum={tBgV9XeT2
zrm7sjO1cajDMW_gzNBRd^E=n2!EP9}yO#-}mY8WXT9pBm_R#!?|95gxCgND1aL-_O
zu?At4&lP2g%GI{ln*)TV2B${vY4+y8gX7-{XKVLr2bkicr9-`29w8QRC(V&k(;-Y{
zl>QzgiqKt~Ds~N8k2^+24vNN=C7=ILzs<55m+Ev&(yn_o+u!ij$0x!+XD#Q+!59|F
z$U=b${_=_bz&ph^D(P={>_ulKxueHFBF2-!GF`#FW;Ud<6|qjh?17HFeFkV|TG<yR
zdZglTnqYyw<VWa5^62^Zq^CtC$qa_zY?<I^ta${f-zc-PHiRc(vvM_x=Z?N|Z5q|P
z@1#qKCQ4#=E-SGvD;_Q2{f-ZiFqck;aXNWZyZ3roY&t1DQM}tY`;30cDSkVbDZKyK
zLF_NZ8Ek$yrE)G__#4(&DgIqHnK90@=XXWc;KU;_p7%_hJT@vR-D!uq_OAnunKUH?
z*;J~tm=jI7?)4oE?&#hQ9DUiE3YU$TYS)Z$Z--Z*VAa`(@h9FTh!lfD)43H^;h@Q*
z&KF@LH?ZG-m}&#`uMHb^iru{&nw?ZK+1R&NF>0sT3Ljo@<d=Ou5!^6*ydJ4XLm1&Y
z2T1%GKw3`#LiCTU9H9kMuQ%J!Ya1#$0z~E?5&uU-{}BOzWHJ6rA^#(A|Hy*_K&~C=
ziATBjqIPf2LjKz=_(wGU5rluF{xk&EmuH4f*Kq1z+0lPwz=7WBg;M-U*J#<OCz?PP
z<CDDHYu~`%1~sdd%bL^Gd(EE4{)*AYeg)xYE5VM4zakG!&L@b^uZEA9THWo@W{vGj
z)q1#-dki_PX(JZj_sOp85#UMr#$f`qYy!EVN{^m<N}%*>I^DCb3HI;pmO-60<+8w&
zU-ZlV;ifW!jViiRbu~h3%IT~{c32bXYyZ33*-a@kKAa!vYq|(06?Zh!eNG{Vz$2lm
zSrOK~b34oX#k}?Vt}ve2#UnzwhEC#Ggw<L$(gE+y$-QJ%rVbq_63grCJbfmwe4@#l
z1D&@5Es;CHqsR*sbt5z)VY9{YyKy<5NsY3!@W7A%{47CEEu>Ezdn=^s^Hp?o5JTm8
zWg5C|k;Dx6C_j9T_xSZSuK9BQmSnHXT`Vt6OcB8~g%0z2ieoh&aAQ93%n9+^C9%J)
zm{IxEJt&H<T|Ie1`}(^C*;nThB5o~{8TWa37buj8+>xU2$mJxTlnTa>S$Mv0CdXwy
zs80D=hI>&RBbs$yBi4lKGA?K9mws1q<PqgD_DL<sdpS@oTkk1mV=ra9!Qg7)etR;q
z-o4GEZp^*elXK13<9*n!YaLpjpXW30J%pq6&&V?VJ8+0W`<8X`5pMA2p7Xi$Vf{_6
z>Vm|f{}5f&Z1h~rdGyTZZDe5J<<*D`@9ydCGQVm4EdX+7C6D4v<UDwQ%%_m}rbu~^
zF%Bv@myx^;^}0g5(3C7SVAynhl0I{?H~wod=r}JW*x<{tV;4BC6U9B2!d99>(CcIK
zHo2?OO!NPis)`V{mS}-fI%R`sH;kHNG#Z81#KO);!*D;EQe6@rgb^oUPuM^xp$j-A
z^RcZc<~C(4Xp1FU2ewwP#Ts()Zm~PZNRqs@;||`Le;UlGO^}(ix;gbz>QAi|sxqzB
zy;rFA`r`&0VipjE*Cv$%(N(CH{Q`)Y4eWzaepFJ<ZN&zj4hu82XQo){q<hBUI2*Q7
zvP9S^*bHQ$t<`g5hy1>j(+)wYZJ>`ntS61Oaa8Fgo@A|&R1VYlb6eP=dxp+yBb^)2
z2rOerPrjm)wAhhmwg48_4@45sjk#>2etJ^O%pGN&BYi_9tgRX25Gio~l5Uzrs3-5Q
z!r>aZq$57Asno0AF3-`v`l_66YWiN2PAoEgZa;RH=t;*8yjGw!wHPj}|5TA@oj~w+
zA}WEbUL(t7MUu;)W6DSG=ef&hTf+J4n#D?4`&dJ;mtL19sjc4@?U-29LpEX+spNQ5
zV;l-ffBcs0iw{3A8C>1FAP6lY!GWCZL&#_olXl!N>-BYDWYomq*@yqrpk85+c@z6F
z@)t8NGmdB*vTV@R{B3NHX&djxWfu9}5ao*ByJp$VFya#h$9Y3`m~)N%WlI|UBAG+?
zUM&lm6=hRd#+i8<xX7_F&T;DhtCXnfU!_m03Z`DC3XqV|G0y$~)>wP8Dm1&E6&M#<
zfs=O)0_9`ct_>8$_8h_V56nL}IBGgGC0Nsd+r9yarR|C)R34|~miPVn*ZgaeUNdVM
z|MZ?X^$sOA64m@pidI**?<+~MK@=xM|FhUFAK}cg9(QSbC&ixZZtM$-A<^RFikARP
z=Spb1L=~D$#Y=@fM?2ZA>BLImy?io*UYdR6;foWSH#bY)dUs9XQbWoY1u8yImdx2m
z-_W+Y-{oT7fkrFkx<onl94};xB!M`5!u6U`E2bZ+f30evmqcOjyw^3%ZdWwZ%$*;$
z(o=XtvQWz2atv8!f+%tXYb!gL>q)N~W+R<{3q>6vXr^;bT27ZWBf3U+4;3Wg&A3`j
ztsSgo0uQ?We^k8%R2)svHi`we4esvlE+M$PySuv+AUFhD91>hZaF^ij?kw)^b~o?$
z|KGj$oayN~v(UTKQ`PlUb@x*tc-=2pbWVDYhnR|Lprn#S@s7j<Y7+t!j3RX4^m0Ry
zt<QV^HE#@4@ty?kXaPfGI#9~A6sh<}I(8ZqQ17xa9h(IjSn&X^2cdxk7ma0OpqOq~
znN{prP;R&D%L=%z>2@t!0@r=ru6`S~edMx?)hhE>i>1fEjnPWxrw2<3Rjl;#2a}!D
zB+z$ku{iufVr!)P$5v+An-$nFBxAGG$1q)6WcuZoXWD=NcSk^DEQ1$jMXo>FM()PS
zAv%NAR50IkzjYM1KwbU>INIS5jTd{<b8xKC368>_Fwox*2bcJpTrM-Ye^@C+%j13%
zep>Tx$EjhCJcq7sU~}w=OjZtkV7$%Bd4Bq;SFX2$IcwB0iYtS~5tnuPwOlrOyn_GT
z9ZN(cCu)o`%1K0O*M}ajJ24uQefikDgf?WDj*<q!MTTlTnrD3`>`aaIGj1E7JE-J-
z+h~)}y(R~}cRou6t^6i_d;Edzg0eU3<4f+rmGx}{AYp(-6xHcmRe=Q-)oI_0@;gri
z-awYmMbZ8&V{IUie|Pvgt)zBn_kBek#km`Tu#?%lveO5`Pk>5q3@S;p6uhH0@BZM=
z`(F})TETTwAJj0-B8oN1^XARm)fjU}9H;MEH*NtqvqRUXGf5BuMPnB$*Q7%2!oMx)
zvT>xhE9k>D`Fo7ifaFN@qX%+9my}w5K3z;}>`nfEgq#j^ZuTSH%ng|lwRq)5y4@9d
z)x>0)eccXk^>qUQa?JTSLbMr*8gC`otks><&lBx-bJxFBM%yGEv|F=y;4r?7&V-4U
zl!YiJBcG5x#<%_G;RDSD3^g4_s`)G{?pX-T8`gIIpZ)1G?NmYJ3`aEE0b-Qc$;3_?
z_vgtX!no6IBgE$N0HOn)q$4F?&!<_-1()(i2m_;jxWi|9VbMh`9o5wFN4<<0IA6*4
z;MfU-nxE0A?Zk2M?Fcobe8Cp3kaBA>@G9gMUelpWB(+SN+@RF3>b`7oDdudPE+n(s
z+a6w@=w5YAzTg0Se}oLy8?&*v8Y?020+!vPT?2j>2&JS&EtUcE`Pr51|H~5+&_m--
z!&(~4KDKd*hr)^6e~IT&5zl_rAj2uy5#m30f-QW!+&}H&XFSxrUd2B#hFWG83qq@Z
zY&p~%e-r6TK8(B-6_)j45SDFfG^fLegu1d{D7ByI@v5^f6Rc@vQs0wXSvCJIQPW5_
zU4v;tH9qBWrXdh|l80@<Q9R+zf&pA34?io7F2N-4O|u20v6t!O_A^eJN=r;4DQz3(
z_5jO=5XHy(#c_(Kd%1GLiWX}1yq_KmfBcXTTVy9LJ|D=7YZN54^ZB%J-Irgr6d}_h
z#qeY!xY1Im6)V9FQc}OV!N?dIo8B$5`zP!fRDC<zedGkg@v2bC1=5P`65Qj_O+Skf
zR&kc4xBgVs;4F)oH^P!+UV~RGOmDHY9#{LD8y$z)dvkcjaAtR~9ZffDWp0nJEe~H>
zo@<&l`^q?WrOP=P<a-|f`o@TO%e5!ZHfppmc74EBH}s^p(hBda7RP7eWLnLSZIE!&
z`k*;ocucfCliBoG;2LJ<vpRb{Q@DpGJ&F`jKk*gk$juz`_o{5MYldHwoil`3rvM?o
zlb~?Ium}rjkmTalH(yv8o@V5OvIwT$6LVj;MoGrrzv@j~rg*3b2M%%C-zQCm!##8J
zWPv;CX)@QAivM$bFS_E%7}$0At6PE)qNoO)Lyf1o`RLnJQ=9Wl|FlHtLeH{V)^1OR
zbl%Z8{eQSc7@NBoI9}GP0Cs;)q(2(y&v=GOg7BvkMgm9D$p_Mmq>HhlTRcCN={Zf0
zMeKoPm~m0-%7oAMZ$O^>5tWcYm$;<4)3m&lW`bmdrqkb!D2tiSt#{Gl8ihr2l4K?$
zHc-GHF4Mmq8Au2Hn*-^L9juDEAl6h3N7FpXp>KW!d1z)zcK(0I<!p4E(;UoXuAglO
z(<}M)vTib$a)yeqBA;y)5<l_4rh?OZVU@i4qY8Z!q4EbM_G7Q9=d&FXjYxH1Brw))
z6@w0&1FVOd156WL^k52!?J+-;V`$nin1p9RGVbEf%EGdF+Wsj6-?IK+q8p|9!(zdj
zvei;aoLW@*0reWQvM$-oUz;lx+<0;wv1K1jmOV*3g+GP^cHD__wnytDN7LuPVhgll
zE6krnRWe~yGSS~0LewWUdrdja;q+}TPX05e>q*Fx=kPa2dEFLh$hzh7o#57Io%BdC
zXl5gEoJR|>ML)<=X_P>+!f#MplH%P<<Mq`mV+eWcffGlG3i{FiB7fAH^2OmTDj;jO
zPfv2T(p%0l^G^U?9L&DsYPiL%!s@pKR=-U;<_GGw6DOQBdCmJ-PTpAq>uj-JNM=G?
zAI|eH9^M=eM|{~G!57n)Idgr6k_F<kb2rmEn5Chv2YE$4UgAK@b%4%pdr7VTI20<r
ziDGZ4G{B6hz-C>br$__5M`EFUyI<RCV=u!h-i|3(9W2YTUSV=4g6?=7;@Dfu4u35;
zWmTqyn)M|+t9cnW*q^oJ-+dsT@&)i3Tj6F=m<xQ4O-2tbGd7YO0HfBdTuw3Cl3#nO
z8zmSE(*Ep<2~3VA6@Br@pmf^*pJU3x-H7gGge9~=5ks}=iz--nb?otk?&WkF)!LF0
z#sMYQwK*fB*tN03iA6v5K{NW<7I<%Z%jjL}*fq7jz+0mV`uC*QtG&oT^?P=+Xk4R>
zMEO-rw=?b;r}iRN65vV2;~#ya{)oL&i(5GMB6@?t;MvZ(QEUEMUrzpd-_gS_jLG*F
zx5{*WmBeyS>Gn_20H?z=!06$$J}=9=_JH|OxXU$WL|LUP`U|HRaN4ZP{Kn+eCXS`R
zhmL9VkPb}yU^I)HtYKy6W{A;-(NYhk(iTr!8$0mR^*L=I)cg8I$Dxwq3Xdz6xiPl*
za~#-9A-Ths#L<ydb8%lYBw}~uiH)zr{x-)E3#xA9wRigS$elnl4LF+jPjRFbmNmmu
z_>?ayn8ih(Rey<sy`DnjIi99ofTXkT5LIS6s2Y^Y`L(M->kO!UY$5;Vr0Ye`*rJZ;
z(`?jk!O1Qt9fR9fXz7DpCm2J9wGN(}wh;_30w*)SB*ioPJS|{zTWY~s-EgXEC@f6J
z+oQ66j4gz=jnHc0JO27h@SS;6r1pt8O>E(K5}758=>lMe7xy?>_V{#=4i?;-%$SlS
z$XADi{{%PXy)T!X?+Q50$*_@>L2Yj&Nf9#Gg=`?{H*J(C(p9wzBDA4&mU(0%Dk+?Q
z@1}D}VPTmq!FlyOn^Lmsv0Eg$+ey4^^)PXI%Ps6L!^+liP<|(`YJwGxOQoI_4O3Ia
z9tv8Zl}c?#RJUk<h^lm$k7wDw>4>=BM_sZrKg8M^5tZ@M%YJCOh+k+&Tl*ypE7+2|
zA~G--{0Oc7`U*kK4((mK4=OWP1@nMKCO{4om%>n^QSx00!)9Vt@63jskwAZ5@{&3n
z+<J3vetoj<-v`kxR#`}J0~9G;YUm&!vqryVeaed3Ld`d1v`@72*V`xc4w=xezTOh3
zBg<&}GSDpd5M5A6H5$eXD-an}^1DOepMH1z*G<{FYsPTH8~J|yOq4W+)jxHvd?6H;
zHW+?%qfB>z$ewNpT0wq8Hnvk662ARA>=P%2TJ4JFu)2A&Xsbrok{w<}!Ac(cmwgBK
z=i56?==m|Xd_lp!on$$QxipGGl=WK1C#i!I5clAXz&PoAse;H>Ww-1x{?(t#IQ1%k
zDP)#uIlmU;I>chlE)4&qv3%9N^T*rqYXx2A_h8Ml3Dfj-$u7=n$eZu`odV(om8jf4
z`4BOI+{9{eP9lVvslnYu1Ma3Io1Xhg1cdA^4v^b(;_KBy&aX5$xgA!jIR+4em!zRd
z-z;L#to`dY8gX4^!L8oBO4x$E3?X$%e$#7>S6E@v#%>0t-q(Rdbz-R`3R~P{kD?zy
zks!62qN~SYDri%8kG{MrP+Q%<ep~+6Z!KXRt)TB79+Y||Fw`f~il6g4lPvpB7C24(
zw4|VHRQgim9(at{4N6YH>oi*pA)V&+S#1O4m1YuZ(j02<!wxuHJoNRy$5hnu>|&|P
z7yO=<RQ=BGVq@Xc<z_=~VcIFRuQxfg?GMOo)JiEj{T0FguC7dUfpGcrLEjsVC82jW
zrGq-ipDDYH5;a+^R^`2!?VF5!s>t~ii{53p9x`=Fr5L|;rE?Eezlp0X|0sz-1c#5q
zUF7Q%UOzVy>cu1hK`YG7`$h_z@cahtRnMtZXbdW+peL+z8~I)fIIt4`SE5*{@bb53
z#}l*6908s6=lf~so(*>}fwZ9mP_C;xIVET-d#}h-FTg#CO_FLzgZQ(MY)v-(&ctk)
zUM^k}eyX$)B@S&KrH!CaVE-33YLq^spP&OA)<nGSn17}P{3dS%#YDtv55OLPo3x_f
zTcl<GVuEzfy`>bC5d&S6uA@F(P@sC7ds*5^+xJ6{4K(xE2)S?Las^UcFCRnAK~rUu
zX(y2ttx}4fuN|;yUE^CT?r)9#x2}Gb`hrSY6*sr2f}+Ad5AnZ)C9oKiZt{~QgaC4+
zey{SAVbjl<Q#;%~!A3^+uqi_gx1=Lxv*csr79QT3h~m4{jvLyY@t<ciC~ML?0lupo
zwQWhhaa4Esa>rc2IXlL(Mb3y5&5!unh>~;oG-_}uJ_Fa_Qf#l`l(=<T3lAsDmhLa4
z`~FJN4}{Uzhh4AgtZm=q@%gk=p6-$8xy9cs)py`j#;RG!n?%1O{TT#5V6O7F+g&{Y
zo@sTV$eSp*;^GUy!}y4-9o1C2JeEQx5`VzF44Re5MR^yorivty$+5lq=Uuhfz%rQT
z3(D4oj+q&c%6^e!Mr#1KxQ;Crp>EF6C|7Hh^(OcgJ?%sZkLaO~7*LG!g+Zn-uuI;k
zGP%6_WaVL;=z4v#ZT_We+2b=%<G2n1;l*agQs?{E+m^gN6Pr=!;YL1=2@<A+4@(-^
z`X2w#M{*q*6d`%V7W=i<t}n0h&zlOjoRPie#+5RCHuK{hDCAYpdGMPBsc$HtGIr-2
z8A2APwOrOI(up4-74oJHoUyOR%AwLES`SgT2+n!Z1OqgN6dj$L92=xFO@9K&9r_j`
za;Ni?kwLk(dQPW56;7tDN1y!*O@#0rv_4V^XDatAM0f~TAg3koj2vkkj;F1YeK}Y1
z-+N;UzkvTnX;truIIgi+svz!Y+FI|ske#C5OwddMXQ9Iy^M{kbd!F?m;=EWFGg98x
zXrMy6Y=55_sw4A+Rfe@3o>~;|1CC;|XGbQ=4N`gLQQscM(cB&eo6lVZXQY3&p>lsi
zqbp@cE8~E9gRfV~;$cgQ7CM#%2Q?N*;_2i$8op$}X_!Q$GE(_RYaQQaPrcfHyIdE%
zT5<f_W7^Qjf&b7v>MHt;)Kkl=hDbHS<MYxG&OqS!l51A_KvMmKynkiaLODvG{R)-C
zAjuc=SOSmo;Fv*El*XT6>Cw`8xG^#pw{+x^jMtNaU5!cl>rM1yf9{pZzEBF^3(p3E
zW%kK%;FxOgBwWCl$xrnCQPjIXt<S_&J;*!2em4~2k$Q7>lR77?XMvwxlIE_akWEM)
zU)$X*8LT1a1=2putQ=ADUw-+eOaD?28Vk;$zxBjW=;_o$Fj*Znv;RUw+P|nFJ_%}E
zUgpMFwVW`J=@|I`C`Li!&vzmVrPm1HI)GVW4O~{iWd&T8TOq&0_-TmS2lpFaH;L>{
zs@)wx@z#;MLXQC&=`H8g5q@huB+w=m^(+~aNU2H?%A^vN7KW8x5JprC)P~;x<fdxp
zA&V#T)9u%j7Z1Y6jOSGIfExoR9N!D0!3rdxEOY<7tKaziN+vg@s$u->axpYqUPaRM
zPf6<ToI+z?LVUfco**&OK%gX*9#0{PylpmCEDnUya2?wR4zQYB^5~(W9~_Z=|E+9h
zKSp*><f{Nd)Yi2SP$KR9je0!sk4`eS1}x5E{Lsu@B}J_}0yu<iz=XY?UeI#?;P<Sd
z+qhZzVzq$s=TT4DVaXvM@7};w^ST3mHSn8*66yJh|Kfw%d$ODEFIS!}a??R$VH3nv
zw)Dv`9ZzIhwM3%OQJqPB<$3uo+C1qlx;);9yX{XJz;oMmHqn_ht-i--=FRmB;b)42
zf^7u(lzz?6JxHl4tB7~ki+1_k(7;-M-E_rdzIV-!NC|_#;H?_*f4Tex>lF|WMwyMO
zCA%oW8EPoJkUIyKT)|m>ZHD3@g`2C7*l<h(Yvp?XJb0DHx}+##IUo1o3cwDHu?;K+
zArJp-VGwo0w;F`7@$Z+0<}JC&F}q9Jxiej68yX_vz@YF%Hf7~27t!Zpa~*`(+=X9n
zJA@#d(QT5uNtH^)lk*J|yd|8c`A&xkVo|%g8U2UNcK!!+ER~efVJ3ALA;@nixhA2f
zsn1kW_Pxr2-3m8IgtZN3a+ZqSgdl5hnh000DLa*T+KJhgr*cWpPU6{1aB7U<4Dr(u
zj=THiOU{52?ppoMwnB8pQ~vlACvOgWi80=<HVol;VpPALc&aCBe9e@EQN3=X+0G4i
zxL1h~+Si18xI5(Fj`YgE_8|qcrDxX$UJnKWz;wz_#oE^gYFK){>1(0{Y^;*W<nPGf
zxK(J>7)0xTznoCyk99Kn@{z2uEB|oRVj(Ak;mvf|nL;#7{2BUmA<}LFjwd`x?G7uS
zh1Mv^RrTF+MUuDuJ30-X=CNfsn=|MK?s)X0(lJP6SlkjKZ(3h471?<3Ycw}QQh@s6
zd;u7P)y-5sVn<S%_|=hzya<Tz?kQalruFJo3W5#&ef;Yc(YhfM&@!%nKgFLp=v^?n
zO8#xlrW(Exv8F9Z8g}vd)%+(fGT#&_2!Ft>0~sXcns*Sh0Sibo&c!uGS4v~j!?j1p
z8R{0I2Bcju^Y@VoQ@yckp|C~1pxB|v<5{9tr-o1`M>1Gfl%s$MkHqf2ZNma44_P>)
z5>V0j>93-ki8y*GK^bd05d?j9=3Cc^uva*{`^`$H%<JaeZ^cUb<j_i4eRX@-v#A9r
zpxznCy;Z49EOyCb4l`s>9s8eI$_@V%K^@@{(s#$~`cV=m^cu^cKFWzK(zLG_$RIiP
z%NiMd3Xc^B3=|N_9=X}uH0%{w3&=VH^9oOW;6-=k<H7FfV)1&jx@hiE@%gN14*oWb
z1Qp3^nEGR{h9ejn>z|<yl=jWC0R65XdZ>q>A1}sB(IU4j=^#h@Ua>c6hM6TNvh+ia
zh{Gbb`XstHg3Zf&T8;>eelD|GLCxJ``qx+C`o}-7J7n``PSg0&-S!RH6z3+B<r6N7
z9+X*QnTUVdxZ7V_yW3w`*Dp%tmEQb^3A9zKYYGj`WQ2~@pEgzQFXzBsY9F}NgG(W}
zq*TEHr7uAp<P-H^uDKwQWRVZC8Y)PV^@^b)R6VRZ=9zQ9{%Vsn1iA1U^8Q41JgFpf
zh1g-&TDamov`E&fIuANSxDpN$Y#{%iTXaJ>HcE|wM9My&*kM&TV_j$I-9`&N5pumX
zZ=)|Kn+og`LSXhnVru68eyW17GhfL-I<r?vs~sNs^diro;Tu~5OU+@lE50{65mC&!
z9~oCp>;o_Kme>aGA%_u>JfpZo{N)JladVK1#KdM<&{wM!k3OPI?9k0k|GX85MG`~z
zEa+i=S>w;>!!&(VsbK%=RSu)k$&EB*+%NoP|Hp@>%yu3BF&e~ZI03BPigGRNrM2>6
z7onm5{oc`>_Doq#p_-WtjeqW&RvOKf6LSJZEhnCoxeYydgcY}+s7k%fC8Ai9=`+55
zmmJMYnD4;9Oo`ve%k94$({x)?M$|`wmBJiW6<AZI|6d~jj$gVFGG|52a4~*~krQP#
zAn7+h@n{$R%jK>u9-!NbT|J4LL=TcKKNY1~K1p_4K6WGg&tUNTYKJi-@ES25AU-K;
z4(A!oC{=XynYM0UMMnl1ytm85Y>Jx#Bg50MyfxYl1#ve1+<H85;oN#VLoXX6UJd%^
z#JZ?SoykZH@VYq{(xghT4^a3P52C8}UgB~HfkY|~E+hVV53c_PC(a*L6_FXl!_3oW
zpwCGdPQ@iUSC$^&(XUtvDu(}io*LV1zKHZbR!;q<>8ZqfV@dI}0(XLBQ>P&Q`tG&$
z(!>g<;_RU#P^zF!h1daQIkxs$!!uuY7ar%6?oSk)#D}gUDZ0eFDl^QeeXtcCZ>G@C
zyih*Nvs5W%oDjo40G~6zX8saqTr*ugUCX~G%~KE0xTD+zzFME-ch)so{1%F-PGsyU
zKpdwz<V5N>MD~gK7YqET&;7#Rvw0YW^Yu6m=d1Uz3Cs6ao#GeW!6~-lLS*?MR4Z9p
z1Sb#V%_rKRI4YbKu6rO?jlM@T<wc;(##>VROL!-)YjnyRe3?fk`XMLRluZ)2alW)v
zrcg?r(pn4eW%hP^Jip=2QPuRn{o`98%S-MT`Nnyx?JAbfhfU8Ijg?jcLnII9m>UTr
z_m=X2g29j^n{?CPM3S<(=r|fzfQNi~VUVGEztmbxc@M?~g&MC6Rp7M@<CU)*=nmL-
z!W6ZrXN1gWFe0qA2!g#g(e5<u6A)^@&*@v%=XE-D!%Hs085mY0EUq0vIh{?nP^15m
zb>V4xlNvwlwM*|~!^l#mPaD+EnXg67Y$4C#-O)FsMvkgx^C>-$huIZPW^pJk=N3dH
zbSd1cOeo}hHr;Rd{PT0%^s%t8ZWRhi)hX!E+s|moyY2pvcalrgHd*EMWeHAuy&V`3
zJkLhOZ#od*?{1*y@9y9*tV)gk3A9|PvRoK$WT%4DVhhiuToFo!rfhCz+fl=*O6Bln
zGQYsr(@VW;iGCeJypSSkr|72{YQh6N{K!nH1SfkLGnk!PKXZ7ByO~!ooW>h*2Q9(#
zgUU=$R9yyN=oo-*Xm{>yD6DtPP~<UalmdNs3u_~NwekbELcK5OOaEk7H`q#jl(%?;
z=WBwH=~`taYVA_Gck#h8n<`res*(o#-5T_twOhQxxTrq-q-wjCb%H#4_X6sTh<@7S
zjaFqb&u898-a0q<rWEIpJMd0$=OSd%-~=w>+i7V#SF&1P{#3T9v~t<1b^BJlo&R-m
zD3QE1JANoX{ebYNbiFuuD1ZVls~g>kWMqn`sIBJ&-{|S{rJMzNrEw=x=&y*yJNvlk
z8xp4B4DR*2{Ldw~!r^86S74df!B#8wCxM$_Qlh8d1Vm0m`U@E&|HSwf`rGZSOzT<y
zw~_0ceq+BClZvebi!#qsqAL(_y6}d8m`i9_?Zo!Wz@C7%E8xwhH08EDDSekI?|%<u
zrAMfYEh8DVsktvDIuJSg(C(QTrZM~BmE`R0b9jcw$SfX1`A?oevCJ4bHy5B4cbg1g
zonNXF$2WPxaUEY+{GFFmUp3#J)-0Ov*MMweGN#{|OyTLqak3J`orXVDX*CE#Gyp3P
z;<zHemQ$tJFaGz7n>G+zySBbNspu1sk?D{5@H^!J7JEl{PQie#uqf#URt^Pr(xTgT
zyBVXoJdl`xLMe(@z6i@WlZX2H*Qee6`w5jB8YAPI8SUJS*NoR1zI-^EOuS?Xv)IHE
zal+!6=+&rY+e5X?(nPGByAgnpbIG;@g3#p+LO=ErIJ#YXMmQ?jI7x%4V+@WF+JBel
z=MEAkn^1*U4RXK?qIrR+$P%$4G5(J=`(l^k>Y!iBl<`m5|H~rm7Ncm#M|UXS(D|c(
zeJuUhSFpi{dNCS2H^Tu$#8)G0Pe716|Is5`q2jk0J@@!y`@#;eX{8Dd5`yPvencCh
z=k^2$h7<LI<Am&=G5QOpd!x^)@_ni-ye_Y=)>Wk_)tgod4-%~Qc2GZ*oy41)pZWd-
znco;NkoencqKOozp(gndV4A7KKQ@8EqTavp`0PJe=kKpPEy0)6Q4`~tFXaki8Udrl
zPrM3CowQO=i=I*1Db*<=!s}F^1>1jc)aPmE<{w)02_hNJlY3A(YmztA*Kx6qrIvX8
zj3t6rDq#t+YR8-_3wv4iHHMomX}vtlo#Fov7los3XM|PlKLW@ds|Ji+N4|s6qSH{-
zyte&@ku3Yz!g#AbDqa^cc7YDygP`?q=U=cQPR{&;i(9k3|KQ^IN$W^*w)Z$#4Y|m`
z5xYuh(gvkI42GNC1iAYtLX_$>k<B(G=Z&s3@dW?o*(_I}%m9stuUwH=m_`8kS;WFH
zuG5KSuJSA*&0-ighvv{f_+wxoqHhd)$-uQeIi|Dgryy3eoLN>+$hLTf@dPnLbA2HE
zQm)%$R%>-?WNu}f73;Uv`8S6;jErN-SKW8+D_>|)Fo55!xA5Xm4V;vvqk`5^NqvQF
zk7uoxSM1Fd`MVu`;5!#M;`vzoABK2fc)ucF?gGbux_)GPldz0OFG5@Q+$Z25R3728
zQ46e_&$`E?TbhB<^vejzL);I{h~bwCpa@C9(oAyUF*nsj^3O;So&HHBOLC6j+5aXi
zwDn$Plqm%y5#-~^_^vWjEc@+*GyinRB#L@8MN$hXyn9PFMcQz~CaZaNz5+hJ%h%N`
zwRe%od~frp+b>GowsEni1AH(Wyte)GS3dveOH9x?%0-z6{XRK9_#c4otssrj$iwjY
zQ3c%Ay~)##-#WQeuhrh<g(s3?-9^%&M9K0bRl$-{(L=NTMdb+z-?(QY8*FL%QOw@e
zo<#&sj-}5j@)lWi$^jHd@FF2G-?-|NVY0H#y$v>7+bIs;c>E8MykZ8_$-Q-N<wTo%
zT0ELABj<rJjEs<lf|-KiWsag?r=zjIX!o%pfQ&3!p-+Tv#@2h$wPx^YW$C>0`xTeC
z)MKEEAM82-SiV6wRJ|y&D~#Q%sEq97M@tD6OUqij0mlx{DoY%D<F9q`kxO^kN~#ST
zwh*%xaFY7|QGa*g&2PpHCGM5pCJos=lnouNAaj>iODQpL^);q+mihubWB*1t{F<ea
znEPW!*>0D5^rkW7PgF^CGgBGn*h@A+ip9ehiMa^S!8E-uBnJtnWQZvCD_lj(Uai%<
zL|c>#3&#e!Joa*H=-FhM`P%$W>2Qd9|KS|6*H;?DC??2a=01~<Rb(D(NAdfSS1g-O
z%igOzRnMSfY_Er+Cy(M@fIIFV2M;#-i!7Fa8x`R2W*JQGeK?aYmX<EIEk?m3OitC?
zCsSM_jV0U?nNqfvth`ap(eqGhpQE?wk2Y-QH>__sTZgCPC`j%eTcsRsFhxV&b@mSC
z)B}k8sC7EVxQgToe0}=OMis-M<EBx*1eC0yLgtHcXW$!;(Z*@o-92dRBoxk`Osnn{
zv=qdE_XDB~aD+7Da_rJ7fOBE7@eo)^{Ye$DcCD$S&^rcm-S-hCO08H((S1(p6whJb
zOS~>g?!iL3<4L2+-b1jm`9+jiWZ@|e#O4Dje;8)0slL%~s{%37O17^##m?AS%%IfT
zt?4iwoHXh&limiJr*ujRk(s!=oB#&fGQ*eg%s6W#0cK(3kP~=-as<Dx^$dAbtr8t3
zDZMWV;{{?o5V~+)_=_K;=r5XBZTFhwtgg-xQ*EY*0ezUhg@WnXJY)-7fsOJ7G9p`Z
z;v->yiMA!)V*dsJhAa4*Zy5Dpy)f@j1KD67f&#{QL9%o&&w+sRkgJ^puQ)oLY&vu2
zt_@As)vb54nV;`l8-1<KR5T)ucNT^s6-AR#2XL5A(j~(?4Nhgff)CDo%ZjQue~@_h
zBFXoWjAYq5<`tF*{ec}ks)-OHggWAD7&CaXF|N@`1QdRw2+tL8*}~<K&2_tfXA|bx
z(y~%<E;@f#t3d_c43UEr`Q%%R_~k`H$aXmGT!Nc$Fdo7&XT3_JU&1*fE2lsZ0^%`x
z4B_^(J(rAwas@GKVm?Zagq|7^$md_u;TpC9#&_xDd#!TOIu-o^1`~V-6)l6G^qtiK
zE~~rZE`PYqNSF^QqI_Fn1TFO+VdZRamQ7k?qfIR6!Vc#%L+P%Kq|71GMuOz}X%vg`
ze&K*ADC0N4T#Zx#m=s%nV3z7!uM&C6&$X(Aa?~toAHK(nrcpQqoV!;{p|G!=BVL~`
z$2Lg!s)5c~)V~NLZl`;wWwXH~;%Q~q`;gTfOTh<s8ur04&$is)8Ce1?EnT~)h4?D!
zTvqGuE;X)1=+}<lgx!mNC+Xcrr7Odb=gNhYTYi!*m3{*oAE_ykyz8~byIrEbAr!S~
zdi=1_@6liU!rhUjC?OMgMlz0wPI2F}s6TfZPbtq#NWMTlD6f+uSl|CNlR<L@(^Dab
zItU-B6UW`tga1K^qnyzD_wg4Q(e(${;2=&gMVeka<f!Z!wc|Dk{fZe$0aVD#-9p1u
zR$z+GDvq~(ACC9;-)eL7U%@*tWDSCX17bfzlT^`z31up}QqEQ--a3kx4P#V__KJ!{
zM9r#2^4VYTQhnNs7W11r9gi9skF%YQtiHwyqM2|hTU9{b7JDQ%sN$4p(%(X=?Fx!U
z1glQJM}5{%%80CPQ?Czd7Z2EM%se)kLwrlun~j<!(wpTgP`YB*YOEPMlaN8JF6^Ug
z0k5vS&SD46eH$hzVP0wIcq1XkXnG4`xAa>1_{-+9`axr6nyM2S-w_&W(f4~aMs-Wr
zR~b%FG|~2|tmBvT5l?!w2^;&Pw(Q07V$=%8;_{<*TzN}lQ3h+6!(1x`4zR|-Xeu3n
ztt&~gfkcmdKPEs7<C3dad)^_&hcZuyk>gX-mnpR$@fmw;RcJwE`&yoK#Rb>=if9Y%
zIRiC#>=s4~gtpTl`_^O!`Wi1^`st}zfd>SQ%CFoCXh1Q=lYVtnCdS>Duh|^+l0LAb
zdO#~m@ihRWW4smBV84!iq_RZBy=#7>4D;4Xy#&u5X!JE#hur?8nr6tgr@+L*BhFCA
zr1VWY`OhEzMkQ}FX?Qtt!_<VNq67ydjkxNU@PxWOm-I`xfK%@rj#g)9@jziCdS-H8
z@4k0oC5ln-LMYB!L6lK#)T07FDR+XxhvW^#TkN&Td-d(!zJ{7?F~&sl-19T>j3t}z
z^S<G2nHCg-v&ewOF;KBLKs6>3%0Y-i%7ODCK0E8`CTU2vPS1nuLN&ZPru<U%D+&j;
zS7U#T1)0?e8nz9aDG;~c$6!z}v@*ETCU+oBq&=N2ee0(B#z-%<L}WCGC=oLI9#)#J
zyZ*JwV-@*VNFHTRYvg>3G3j=ede2dowxJ^I=~JyD?|ST1Q8le(_v<E@GG6$t%@k(s
zq6((*(WwnH<nDvjjN*1*MBTod<=v!Dax3D4(~M&76};IP9cy8P*7WUHC$oC08j>}z
zMKjeWm)`A6P}Ne(98$@DG&V-L%CfRSU7@Nx6GMHwHrSGBu3XpJ8@yL0vq5>(VJkM!
zEtc_c^xEhG=~LiNbvczTa}iOm*;sOqA7{!93oMF+*nK5NSIzp<N6iDZvntl&yZ8Ee
zh6#3K^JlGmTpUjxbmhpTgU?(-vqIzDx8JtD;iK!UeGA4%aft$bmeCiDi;f12%ZYx%
zQURn<4jkU#L3*i+0(P!zpTI<RFI8#}*{$<ly6UfQ98cn%8Uf|U>hoo4C5lWu)M^+0
zNAgrCXqNKD+<`~(8i_Q_%xZZ7;43YyrnIsQj!yexTU*<e(YZ>NoHA4*{`#~shEDfl
zTRXee(Yb8!z1G&&dv>l1Iji!{&dv_`@sF7dTWf1;7B!?U_hSCWGrUK7OnIVb{^{NU
z9pl}$;8cyG;~-#m%#?cpr?K;t<S>mWfl*FMSHr&2x72G3e*PV2tC_*=8aElAhNF4J
z=2xbMjTJ~YfUm3`aYi~ytGOtnWf9l24yokkj6^ZSu=0poGHuz!-TrSRO1qp!WVPUr
z85N&y#|vB;z+-%4_H`4Cb7#CPWTSN*os$T9AJbY`=3MG(RS~aa91vuFB8dCin#7wZ
z?(|6{aF_h}+Ho~OpzDN`pZ4*}8E1NFYjD;;JnfT+;Q_fW=Idi~%wfaUpaOIL#FwVi
z=iE?h=gXbxY4KtHTccb}T5gu|Cmb)8UaAK<!?~#+^-Q+5pt<_{kMK-Sm4zrq?B!Q)
z^BYj&c$Ac<gkY`C)sW=?#f!Z!V{P2k&_<NheR+87`}>GLO0I10F>i`KS^A80?5sc2
zS=lX;{rqVeXI^2YA672@eQUNPn%O5xjr9W{!o<zTpxNbvq;kh`+UmQ5GKPl31M%By
zmW@)CW6bO3JdnglcNV+FGj4Biz8ZG?wR~?du)0B_v9nlX>lWfYDL>x3043hPH>tnn
z%kGoYPod{YAzJGfl0#wIpJ=}A7Q;Jlq}N84FB)A$+ColhUpEQ1_MA>)(U5$dVHEC0
z7p^Cme!3k<o;<_2+3$x2@*Y`~FJV9iURmUfJ83rjjnF(Q4T8y^-a{d3FoSqeO{og(
zZaaQ1@`ZCgT#YYd^hZ7)H&(ZwI&T{L8Qexz5sOVsbm>z|ER<md{W!RY(i*^1{|VNK
zR51vDOO6LOth$RN-QWUaI~eU-l8AF`oP)v+OAi?xR<M&ZtcU*rSM;p*BEu)`l7iac
zO?FszXC+w#Z}cL;!#iua=Y1YpRBuQR{;dFhdZgyCQV0?%`tH}P6p;aSqh8;G=qk*?
z@GeZaS5}nB2s7=Y)xSj=jbH8K%*+DOLZ5`R!^_p*EM%-w_1hgubXEM9+gGsN&i0xK
z){KobP6GXm``dx#&uH8hKIIvcScz~MsVjWacSbBRRC}xSBQR^|uX-g((A8C_Hp9fa
zT#|x5&g#lyxsTbHmppNgeWz-7o|GpVT*kf!X%wTCHe2HNC#y-!zltNxXzsq1ODdFA
zEgKkaGfUhiI^Y+i+A=6EPbabenke6sae%XxeJwV-i)FHS5$~t&NDgJ6EUHaF8+lc6
zUv>y;g0Uf944AoBh3H|$Jf7q9kX+@M%=%`6ctU#Y5_0Ks;AMo$02%ZghTROpqPXrS
zWu3?d8Nsh~c~$}VOat_O_P$8&P7{RU2Uv^8FJo%LEDW!X|0!$u&6*vSZ4h*Ax&{RC
z))nziRD6t|DO|ZP@Pw*qbdYU1LLdFu7BZdE$qU{RU!WoVjK~$BwiwvD$F@uK&GWEk
z#3b>Z^|5AN!W~rZJgSTJSpKu@gJlK0O@v=ANSqgUUh0d8$I4H+PiuyHb#*vOQpQHT
zr#bjrd5+G%Z^aC&?zZg(HE_pVuhbzuZw)Z-tRX&13si&A*_5z~*%5BkLy*$XyhBuN
zWxJP@7EWHl#Md916-NzRZ3)<72dnBB(D|baYA+B4Gk5eYJeB0?D0l2ZbwqROl6Z@_
z77&|X{5Stb->HYBS=zuTt<%;etuVo=^k@f$L?kT4yyqUDUUb?2o~Sa-Ub8@CVChfD
z)~&ftpdanh{qu#suMCU6@3^`&J99-s6&Thr7lpChP**5ddenn@Oj}Am=av;KG`h=B
zR_vA4CX~!7k~Er5LiZBn%fnZ+_%p?-K<^j-H!>xx#%lGgJ@mKWJ;%J{P8@TOCD=jv
z8NyfXwXO8z-x&V7k%kC?{z0K;ioTQNz<jlie0%z=+CY{cR(E6?tig9A_{o}cjJK<#
zZ{|6|UMAoS7%Ft4GdwMFVV%RvD59~vDZ6D*h;7Q{EarAq=gVKPMOJZ_+qvE`!`Q3W
zq!s+Bc6zfddB6UqgNI{O9;l9G4?e&My^*+ct9=G85<4LrIz|1qV@Fl_=5g!S2M5!4
z_%g!ZIzlh|-VSC&pkRp-3B8n;s~Wpu>^J!A_j@UuZ{cta+bPzbNTVYiAhCQJBVmc1
zm4hLnfLL_=M_8%cW_|zK@PT3)LT+5T>@9J7XS$)P5qJu0ESiS?QU)HN9p8R^4Zpy9
zUHbSM;W+^(lKcA0tUmjd3@5<`=(E?lwb&-&PWvpNeRmp7%t&%>3sa;C3wqS5B2^1^
za-gp`#DSw6bw9T3{$Nx4V1j@3OYXhoy1O-1NQWi}Dku#~TO@i%brkg^N=1A;QP6gg
zudCu+nG;ISXo|x3B{rK<KgyovJtnpo;~9bIOnB^6s+Z%CU2UdYanT6yy4+ch|DN!5
zR|ls5I+A+8BA|YXN?nYq!KdL3)}#*)X|c?8`}iJq9oPG_A*Yar_W30Ed}->$?v?u|
zTV%}L=x?sB`8n+wvHI;{oFwJkYq~<sx>okK>VsRLLdgqtFJQ8Tso%v?&Lw+MmC&l8
z{l!*pUtMF9&^bJ)pjb@NDhH7-(S!c>_AFw0rI+9D{Wf!*$@Xm|7<9Zy<Tk$kHzCH*
zYmBS9ZlU3`2U4cbM??J8tASjec*`G0glF3_Lq2fgl6IvMjbe(+)*6^)io;Dvl0J8n
zoIZB2h7q(6^{Rb3y=YXOD}<PsQlaaX5bxikGliU^pmhxzmq5JqyD&RX|9n<;OpK1g
zkqL#%#d!cX2b~(ZQzeGC3GOgr8UF<He&6zLxjN?Xgj5|F3+&Lyc8#qq?BxbO-nM%h
ztUEJ}(kV?f2%qm)cTGaGs<StOJGRxw<GE%EXEL>uMNN?y5<aQCIqMaDW!Z*BZW)x1
zj=!+vv0tT`Q34B3g)6iWin3n<b*g7tR5`&pSTbE{$1Pe`J7h^<y8>@J%`!_-M~<#T
z%wQiwwr0iLZ7z4>NO+5*jC916nYp{ih)H-;ZOMNuR}D|WtobCfB`nPZ-kPLOskL-M
z3YM;wLz(SUxFVBfbruT$h;y^l#xuX_iLmgOpuMp$OTA~`=~chZ{>2*umvYsr0(<Fe
z>fBKpsHnLKV$da+s(zcQ@s9kmdlbLvqn6?Emuak$_4_XqH0LaGv9**|N>=#`L#z!L
zDcq7H{JB$_l0_JSgH_nJD_(J&Cq|K3#~=ju-tFPA6))xq6{1_}{_U+<f(sS>-d1CY
zws_EYSnomr4_7x2flKu#?@+))sBr+7sZf8}Aw?wY!(!!v0nGm9{2+#Fwvy5wZ&vO|
z$mkK~C+}tcF|Jwc$#g%w3dLQjyN79&irxSy>`l{vPr^+`2j{)wD6WA)8ucXXsDQUK
z{L9B?$6?9t)XcZ#o8raO4Uh8DAc_kGC9dm<SnrAc&2G$34f9zzVcv%LAfLp<Gn`jH
z0K=l%xSCFaU%AdgmCgba2!4!EMNHB%Epd66juVp1R-33Qu6#PC?RWh2UI0}7g$-!#
z;nZM5;a*&?{WPl4dl|#ws`04dEbr~x=Y-iYPDsPL%=QHTA3)F}twO0y*=X2EjW;s}
zdT@-URGy_=I?VUns4C{d9EO<G8*LDxPGMy?*S8_x)@oD3WFtx!52hr=xP=r$>ug4C
z1#U?5lW`ABxE6lTfO-?F$!Xjnr;!l<(`R-XHXl!YtPZ?i(eX?L(dx8|ezC`0bkswE
zZV6Zz=3VK0zVtW6>Vks<%7W!*60*5u^pwk|)yuo7BHR<N=YK!@*f#WXs~v}@OGa0Y
zBh85Y(eUl!>HXwQ-@rcfkZ|$Kbe5<i`t^h^)Hl&8{)UiGl3T*6DR0bi&+i;BxJX>V
z`??e#h-|bh+LFpf--|re@P%jRTfCDvEY19RKo;nSMW_j@SlgykpAg>GVk|HG0qXZH
z6Nkq!ILrs1U;^#|F44blOm;){$mzn0dHtg<!a}J#_P+FR%p$*NyN~aR^Che!?kp^y
zf?(GI{1m)NzxBVaZhN!d4c5Zay1pOSMnK|+M!x&P2?|&1)dDVq7Q#@JH*#`qcRP;C
zBsVfpq1{_)ORF~8N&9YQ&?jRUt%425NAA>bU>A0BZGj$kK#v$!Q6~&4b8}C;jGTUm
zaP$DbxLybemU}~tg3$;Vagn*cGLn_H_N@Q=j%#T~@P2M0$qFiP%))q&;<J-KkuvpP
zspztcKH)YH{6r6~SWICPtu~~%mACgGLs8bL?1$)3!KPzyjv=kpMaR0yd?k;nu;YQx
zqA_*t=k+m0(b4=-wf7wd;F`LmJpr-DhY#)3LO2u^XMwDoOQa<+N};Y|YDNf+*}}|K
z-lZ@9<87b3>3iHB_|t+C_R%8H_7flY`hQ<-+UY8?vNkzOl?(pQ!9Gq^bBFju>~B>w
zUNumHsn4uKAG6x9wAUhe?7T+189Rbf@ri2rb!~E%55HC+gkt`^RM#{}dIH)9lh~0k
zWboET#R05K)r9TL+u8<9o+Ks<IhU!k7hKD|FOcsc0J!PbHC8UNZ*7B|Tz?OGv^@H|
z_kDZ^1qb=A)#EvK%LpHrOW{l%Da@vSD~B4?1&4PSp(HS0x}C2$3#LCS@-^wBxSl_j
z_m;<g-Tin74mO^zFu6(ef&=-aks3C3SCS5ndQ2n}dTuDhqA77zTQGW;XQUBdb!>){
z*Tu@))NI^a=2+S^;IErTwCgVT+M!BQThGkF`1yIoSYJ2-&eq5C13p_Oa=0fd1S1(y
zF~rDu(K#02hRp76m_iYG%vM-b)?^uCg}OKtnUxo7V%yaWoF_?)ATnZ#FC5kXuQL9A
z`#CoB=_8>-))Ka`sLsUKo@9%N8z_K2;Km87Z-wtHD3S#sZoWuaXP30hwG4+*t79^U
z^JMQd=K#lMBc5R-D5YfK{XKW&6#c84c3mi9n*4nes|`mj>*nvkc^mV%1U@V|;Na-;
zv}PTg4rH!u9KtnGNe5|(KrG|#2gAsg7Ww4bP;>5OOhKKWvL#RP8ul*Mm&})i?<cM#
zqqEJS<2Ui;fx}SARcQojoy878Ip1)kpF6REbYWNLilLcrG#%psqFXRT_mbHbD7mM6
zX;>kb?(`rk1DIOje0czs!sQ8R=;mQWaAq}flEKG!wFp71!bhZ{z7x^3R+fbzYC}gG
zU_z<3TA)<>+6*I!CV(#4BW|H&c=uPK<Q0AX8&-q&)BM0#wc@P78}<Zm;I2jCx@6dG
z%Fb4cOX>4q{xMEyxgphqA(o5iz^k72Vlk?4*=(K)*kBooRH1rXcRW#vh8dEJbvN*r
z<6S;7TZjxQ$2TBvG4sDbZQ+JCjIFVKYk=B%;irdgE=?|m@-IuyAQF@ES_liq@#IDT
ztY~UALPS0{9T2(MhM~Dra0Zg%lQC6f!OC+Vh6QV#92Y}YFRH`^&(YfG6>uI)E-UcJ
z`tr#AyDVFXOZwf&DQk8rnF#Jj$6V@e2Y0<)h#-q0>De`-D9O=bNjoV2_JU%lS2rmR
zfv{2!w_1-Z^OJr1s?|b0FA4w@HGftZyvOwVj}z0Q@6_uk<wyZHJu@f@6A^1=!yn30
zM!}E0z@HM|+9<Y_)HOBwrx=UqA%c|BbW*ahATMlxrgX2`BG5sJslFBr%i9WSz?@D+
z4F!8my&1xc;hT4>MIt-5f<psI^83}6P={S_gj-E<%`nMe<PG^TmoXIlA(dPNp><R$
zxV0IZ(me-GJCOKLUrZoR;lY|rrBsA!!4Xp8I$8J2LdbZdD29w(OrN~V8<9-c8XiDG
zkZTKDSw+Kcox2*>yc+&z50Zs74CRr%>X)i6Hi`)}b;cO9q1BI$c{WD-_Z60IA(>bR
zG*T02!Fg#P+j<C9^*~>NPtGZ19Nio?#IWtFq<;0LU*59P%T<HZ2jwy#FT~6PGUywe
zmeNU%g9n}jADgoHccPCgDkhp+pO4FPY}+2vE5WD3vx^!SOaT}ul?v*LzySX=tAHi!
zrSkgk#~ZzqrHy`QK{+8;ml$v;c}Qh2%rdt~m@6Da1vjaU+%|jS86gcZZ2Za*r~}Fn
z8!Bkw*xmM*)gS4sP*&EhDpr3~c4u9L9Mx9#e?G}4RH@{#Nt_=Ha<%X^-*Y1T8g=4=
zcf#@%Ln5IJ)cswopklN))d<);x6e8^z}6z)KK*%tPXr^F>5jEUNR*mqX5+bK*czqQ
z!S5=-i1rAqb5m`16HN8;Pyi0qvZ<$*s5S~i7>c)s+fga)IS74vWlroMD7ZOBaf<5C
zx;U)8z%#fPV$;-RGPAgf9c9e%G^jkcZir3opQv#SmPxOg@~7)JiT0jj*VI>7Mb{JR
z-?J_L`&Ztiaxp>9_K6PPA1l1UFdwtc(ul5UU#`N%oBJrd;Jm`|Km~5V;ovj`5Ho8Q
z9#4Sf75JyhsFu79JHsI6Hc}&VW){mjAHYKNN5S6kZjP4VK|4fW(G!#x7N=3~!m`Nh
zqUx!E9lF|>fq=IXx{$75+F<-f?qorSAsHR$`X!@0p;GlIB7k022VebwRc%sjd`-5F
z`1LPnC--@X#h1GLoK8vo*(6GTNL!PlvF5h(veUc}uD^4dR+W1+Me~7|h2vN8!gXQe
zgDZx{1yWGH#BHMue3rxli{t}h;OXKP?lxOwPlbdoS>p(mft}LouI*;%S}Y#*+lPwg
zcRcT$`ipZQcS=8RZCpndevc!*Qrx#sUBzaFh!qRB51ittb*L_p?Z;Gq6Xf!vl3XGM
z8`vMg=}9MkCFE(%qIcWZDcqu8^7|7`1yzo>aad}M2EL^8;Z>SzT)9?6r4hXG0ihQY
zn+Zu#9+5KKx*fv@SsFh%>r0uDOZ|<=tP^0NaUJnWaaER*S_ymi(H>-{--ch-PHjNW
z#u>VlQol~n#uJ`w$Fv*OUMhxt*BNBr_=2u4S?iKf>ZqdGgv;a@m+uKSK?3+Ian)C^
z(mHL_v{h*Q0_tWBj&lQt=kmBB;N@hvOuBoe1~EmRNDd8k_e8c2#d1?}ccCHgd@Y>O
zHQAQHFwehh6Cn2bmW!<l2L5P`1wx_J13X{)gjZM(x&pP<$WvGLHo{thg`%;+;TpIM
z@;pn~6y>dkIDa%_o<we@7P-;WLK(F<&(+^`I048O-){FMQHG=D9Vojh7u4{!HY>*0
zDZ`SuGSM%m@RR@O%kUf~vGZuljvOZ0ddOtx%E>g|AmPTv>vj;7&kv02X$^-IHC}wT
zZF9M4`~oKzvuUJI0C+^ptY+kWjLnB=TTqtWa^R9HJCCJ0IdH|}2x3j&rb+_|o1G;p
zznm;Mr>Z@C8ZFZr4tU3ZR05@FeS8|NP`#5wi_}nEWjWB{zqtT9M$giWWEPaT3Vv1E
z^9}^?V`Qv<6{F;c;m!NT*)?yY)`it>K}7*rHlUs<red(k$dOph*F4aW0_r@QNK}5o
zD#BHRgtJO+g!JbtbU^nFg@^PyL6`beQ0OL8k!?puS0Lvb0l!(3va9+xUbhN){#Yri
z={FJM-CGeGc5u*FQy5gkeA@0fN!hIg8OU-}6QDjKYd_+B&Tggo=Gn*!#jpGMs%`p`
zb0nY{eK+ske9+%(aQrPCu8+R#ENzD|=c%?R3v?S*yMI_lIQggWOgj*Oh@N4f`0p8}
zAf?@~WEM2OHC38ZlDA!vJLuLX0he_!No_s!<J2HGi0zbHl(OSC=I$?!vVJ&mY&~VA
zuz>*2p8!xB)!@)!5K@r@?NuT*%-RdZo-zYMN5F}V;-t7`d7kAl83pR2%eV%jGX~p;
z4t>$-fOj<S&Cd<v<qR7y&q9YwKa@M%I)oZE5jjJH`TK^Mr^+|{InL*lqlwtAsf7FU
z4z{5KOIzgbDi5n&?|}t5MP9+(<A|5I<`<n!Z~D6*Mbj3`bfdeU3H4l4-@*V7Vd%Zj
z`mX1jrkEsbX)p)+^h}#;)RieQ{BKtSEK`U9sHM%Xg|djl59-|UTZ>Dd%bof*`)VA7
zf`+vn0Fa&nG8N9<4oci{lwr)gIv7yz^x~0I=Oxx+-Mxxz2mpTTcJNcWe8Y(xK7Hb_
zJr=p~%#11Zqqer~HdExNldxW~0ZT0iolJ}&68&<rB<dP)ho=JVnPF`iGlh!5MYe?|
z76vaQ9u_=G6Ak|CvkLU@q`Amv8Wrfk2lr%zFjN5p3@Bok)*);a5pvt^*{{pww|oF7
zO$Bx^y0A*3h9Sfy7eAyWhq2F~#FdzfPv+v<B1;~(2RzdOpbYWJ#jODVC}sozd3`)Q
zB!-&2SXg6DJ_4lQcX$9k_*)0Tb!!Mb<OL#t{1y=a)rn0mPAjB=0i~E_`<dLG4crDX
zxD8?elrXqH{D?$%&f)+!BANXQ0df)<K+c&359yapCl0RyJux>I{FRa`Kc3pQTT&*j
z6iNj;K6NfKQ+zI1Nyb*(gLkx2K&&lKLYFW24gAn3ybLqNAFahzqj&YGkf)U;Rr*$=
z^{Lad3z$L<d;bqvZy6QG??2$;THL*Ou~MM86^h&9?(XhRad(PS+#MG8;_fcR-Cgf|
zfB$>VeQ{qUC&^?oyL<Lbo;;tVNWG{sDjN*u4zButvjdrBh>+qk-w-jL3$tq-yBfyS
z3HXh&N{Um~!mTMRDMidlFskaugb4WIebmZ7*4&t!<i#e1I5GaoTB}+B)zBFKeUOr2
z@(Nb(+S9C}#<$p4EEvAlX%wuU5lg0+cb{foZGsSND%tI9ts-Y8%?teqF|th+o(U>%
z4>12}|F7r+38T~Se?@MK>6}e%qDN*8GlB^Su?=6|qEw#+X?t_Dl6=J&-ugwFm-24e
zG>_2c(>Xck{+Hbp3UX6-_7FR{b`fcw$QxzT{EfCq&%?O}WN~$}p}*tki7|9mPEzF7
zeCdo5y&5haPmr{(7uV%SEU(at<&23YBjadHw7fT)rG*K|7#|YaS%C_Tokc>sOm%=G
zNz!^qL^<&B_p`4PdW0^z26nrI^qrv+fsm>aLGV6@2}BR*#|lG#Gyu-4YN#2xp^P<v
z^Ps!ym)Uy?LihoCy69qs-NULfT&VOL;P3XzGC{w#y{8ODYyAoT@o~ti#koQBy84Gk
zPr=1S#c$JLdVQJ_KGRxKpBH({CT01$1}pk2pF-G11p#`;=m0_d>Of+W2AiSONCg24
zwaLP#$bzwS3?)U=aeK*;pm5X1WxytHmyDRJAov>JySs-)ap@I!`Cv_dgIK;aQY3;9
z#XU^R7c@@t-eOVo=F@AGR`hVe$69!fMFEklLy<Y~$vNlJvFNvS(CRmwQ!GamZ3-9;
zv9$^U@4p(%&(s{hmzoF-{g%VmTH=GJ+-Azy+t!;exh|C#IFPmxfDmbizw1gGUr)0~
z1~6PeCOZh8rFkrW*OZpIgwIQ@i822BKk)aWClYVxPmZQs`>&bJf6c)EUAgjKGo78b
zmkwsenI=LCl=dx=j>-BT^bctqdjd)f53D?1rrKHjvqkl01M|ylJIAMK4legH#S;SC
z&ViR<?*CWKRyC1Lpk_81RsR1qt95n_<(Rgu4;o$SQ^-R}W7<QDU)MbO_e*&kcBsaU
zz7XcU{+<dCB4<%y++WLzNgHA<K6AvMGR#thF<Cc`z5^XphzGIW+KMjT%&!8`AZZ=B
zFb~_E9fE(4E!Avq&3L8>6fUH#*r`Cg*2Y-Av)rh8ltDEACiiims!IVDn6xNbG>q#a
zal12<hKY??O@^p0mCtAh5g%uj?j$lep#${HTd}vo$c``}iVsWT{adcYY!&~AL*3JG
zVsAl^BoluAD}V<&by7Tay80_{fcdhA6|KpHXGD%?$GE#49ZdX(uA>^}@r~`1+!l5S
z@k@MigjJTPHUrL-P2+dmLVsKxC@J5uc>jl^5{fNWOwiEwuqLh+gyd;NTx}p7(xo|O
zTYlQo(-{HiGD7h(f}<z0SUZv<piVMYR=N3LSgBvign|omPb=o|f-UMDuJhNu6+Fvg
zT=C4|b7eHH^O(!m5W+C>^qtj-+8^fpc5FOP)r8XR5SvvbA9US4gC{$${^FLj;~MJ$
zXgmRq(7x9&S=g63A;E8;T638rCfGh(I04-YyaEWpd0?gVz)yrOKyPt}7S_E4ta|Ow
z8C#sxZG5m>m^F)#n)>56A2ioST<Ddd$R5$s<&|=Fxs8*E%XB{Nrio#uC~)MkcHpUY
zEo?kI-#UJzH|%jKU(@27t-*e4G0+vhad)hF9ro5v66TcY%)=awVy9V!izTUjb1rvC
zB&_*{Nq(2GvHvhz_@`z$EwxfoYpgnvg&{B@e=?yL4d?vzjItF>rl@j#>fOHJyCbgN
z*Wv;voweShlHVBNNGgLmA;%EDz!_?vodYkPMD;m;DnP_8M&#i{^k#ZCnfR_Nu0f8y
zoR_M0J4M$HE-q$E4I@_J^wn0A##H+3d3t5*+Uc2lPUt{4ZQN$MIYbRFd&+<(O#9~a
zXj<WpsXhOIb$bV@auzr|S(J+jC@lzybh4!&vn@VhY!P^d6_{o!_@drx{DYcDtS3q{
zq3$V=C!#QrrTL}7QcGakEl6Pa>6Iq@Dnl{KY~sfjk5T?M57^`10|!)A6akuhH5N)W
z6I9?Q;jO-*C+D|t12SNa)0B<RuiBcCA&U@I@2(;EZCgNpwz^o+|0J4#U}?6<67rI-
z@0_36vqw~cyPG#E$xTA*@d)C5{xkG@<`9I}F`eJsABc(XjL=(paVD3@rUZ|iTxceP
zyHXYphNJC@nMPUSrXE!trrg|Z$XA)``2`e2CJM%C2!px6O_~&DRtp#$vR$b=O`q{{
zSHy_QY#M5$6xZl2R>2W_f}sAJoMMO!8Y}|)a@VNhuO^|$e92JSrX?cknEX+a9q_yv
zyQOpJE$TX4&;j>fWq4-kTzw3<F$C602a)luav5B<2SeoM9^F0n82pW#m65j?GwxUQ
zONLR#pe~h1mmoGu^O593Ckc+x-8&Y1m`)0reK(@caeoF}l%}^{u-ou8v;#}E8Pd;5
z=A7?W#rUv4-_~sp@wW;Kj8ddX>eWwDF;MIK1=h57?d@tmJ@k7vw=Lq*b$_r{;sRUl
zT~1pNMHDvYNLd-DfW=e^g3ABGsUg(_yq2tG8S@}cEEqGHMed1SIe??(r4UgrD=;1y
zS2Zq`k=^E=$wE*rVJM*6$HA2~jrSX1h-~X~dVA*TmhvezEe+9bNMm;tV5Q8t*=HXw
zpc|IQW)#-?X=j%F+h2M2pGzaa{=;IWm$+8JW?H$<)S<F!wdNMJOA+;^LnjcDD*2hA
z!lVckWW1z{yG5RAUT?ziVumEBJx-I<yiSk|wW_izHX0QBkmIAuE{$q0S#|BF!|u6^
zE!8#oervbKWkT;p`D^4$e`x$t{>HY$ZL;!9$YuFe)Kc-PG7b|K!`jn`Lh8Exnl@PE
zPO-HWUHF2dkuMrQz8Epq5oFoGm}{!>TVBwGi-T|sntF==ENiUXrkak(&pug}tyP~e
z0~@QXD;shgyvL?McRuyQR*ovsy?JR`Vp-<vY7g`VHnm)Vk|3;m+H}Nk7A9>e`q;(d
z=Ja|Gb}7l7hPwsfHA)e|c=KX~@2iJd%e}^ukgl`)lDL;HeGwWL>Qz3b_^93UJ4a7@
z5HSl1mHuYYoTtyQJAFS#KayrG40zWz$Mi#*i|hOsiQdq>nU@zIkS_E&vfaMHy0;6#
zc?Zx~1#OKLed%7MC7@Y6OW`JQN6PX~>y07uqDM2AYwC_X#2=+_?Ossw=<dRp-&_iZ
z0PR6~9hMA`%8b1c-Znmx9k6}mw+MnI4;GQs-HJ>`tt(jEq}_~;W%jig;~_U4i^yfX
ziJyZdKJs1@loJ*<`DFvutz{w#R#TRPA~~}P_Ciz$YdVm;+s3=&Jz^8<P2W}NVpo5!
zw?{475^$rKG0tB05+t*h&3&c4WY@P!x_+ZdrAGa81<xfc&Mwu*;S|7CYwHnaNgJQM
z*RPfsofQ^6G9rTye4KwYOcxlL^wL=WZ-!6HQ*Ie|ok$lC+wj&n(%)=yWu}pO6_r3u
zO?5hiYf+-Hd0EL=SiH=fkVfAIAsEBobG5QiKL%^ylTm$k(f<broFOA#3bmvp&Tg2-
zkqTp4)9h#9b8j_Em92rSUp*Y62_F60yei_OLcoAXS^wZ-I?l>getMlm&AlgiRu`GX
zEay06tG2wQu<iov!mp0Ia)n#TQ7Wjl#Kts3SR>_QLdUO@Uz$j)D5&Bt8NqR`ayW(k
zbSVD*>uJX)K2hKz-d|kCK9jC)#L7i^Iz|ySdu!-h%`=By$lMREQl|=Cd7QmzW*@lF
z2@jlqhI&#5=35-A7tRNxTVJk^lysg}SM=kTq{0)gS63oZzvJ4lx)>xURh%sM#22Ku
zFA3j=Em5UJ<k`A!(GmEz?-Vrssf$8Vr0O$jE#Kh@sw7pc?b;As5b>RrSJbeac{-_-
zj1~jiOp^UwQ)wX4s6E?Xa`~n4j92msPutXVJs+R^pq#P@ykY4AFINh3AP<z?*>IL@
zP2s(-g(#`gu*{;vkpe~!q$F)#v5n1*6L&E@2PWJe8fHE}EX;UJU~CuUqQ1viox~c4
zjxwUu&x0L@8d7NMd}^0clJR|3y*u)&S7Q<e752h0ExTGA>M-Zm|D9Bx+j<S9p9(hd
zB^T20cW$IpL7zXhpo1Fq$vYX6>&y9SS)2w2x2Zy05U&;EZrWOdK7nh=GEQIBVG4c3
zi*0;E&sIF?JA!NyHFQf$3<;{pZ5l(873!`x4fts1b~PuQ>EzTgRK9E#?vUtRb!U$l
z0H^PCu-{#_kvR)D;9!K7Na>7%g&E<Rsp|ZA^h}cz*sdFAJ{b4V1UInGOlvVr@(+IC
z&^uRS_1}s2B@<7gv~lZH<vFsW0cI|7mm`|rPkOatZgy1lLGlqXV(yQD#vd*vhWm)T
zm!_m2wK^-2GX`MqXnIar+$Qa=sOOdzItkm`${JW_1?zyVBG{U2K7RkzOofHTJ8llI
zBN&R$ENUVI7l($C7d3=hO%GQO;tHGX71b$K<;F@~?Cf<qymS0?aKZCl;k|9#@V{i1
z&qM_LMegTaCX?NmUBiCvKG||NKe>Hdd$T{X%cGp|sx4M$WcyW|opfX^0E^w&)Y;5}
z^q_A`f@e{h;=9zCmxM^!|0AnzFZgpm?@p%P-$NyZk)Zf(`>eXF+0UYV!}0Y#N1=fX
zQfc25qo(L?9^mQp@DE<8#;0)#W#EuppxVyostz0;qiM@kh&v5c6u4cPIqO;ny`5l>
z#10uVAZ~VuEx)+O7&@7zePi`ZB^~;aezlW1$^PLcN{5yEy?h)VIqq1d3~sAshuG{c
z@L`M7ECrD=ABA?hDzQDv)@VOELXjp4`@=1v*}8p_Yp_W(X+`<JA?8JVjil)Bc96q6
z?_!V%cM{qGIUtxRe(;t07{{BYz1i`#<s6j0#%!myb;3MguSeEv+xFS+>R<=Uh7{8w
z#Z*Cq@bKnhax=`hjy-^Y$@;Y~i4T`IDaa;V{<XC0E4|CZxn?}~!P5nT0{twi3C{;<
zXOvcE;%|?FBsj|o<}*22+qdsq2RTi#6<H*A^&ig4yT=~`e{5_kDlF_?L9=2{M=q;t
zz7a+wL0y}gwy|&Bj%s0>ckImf=?@O>{MOP>BF0Bz@X^^{2pfy7=S-BenecULIxh1V
z+rxU>P7)&4VFj5Iawr}NK!dmg$hefhugjr}bc-W>tC4+?>z005!x`wiAgK7Uo6wf)
z{kZGmrS|MtgVcDt#~wTiUWHZQKvig)>plBWK#oz_^?dr$2dsdDlX4<n3i>flNnoXO
zXy>dT-&&P)Qkp(i1r2p@T-E~G-@Y$el*<z&8Nd-t<U%Jq8Hdb7l(U{cXw;nzp9eg8
zT(W)fEeH&lf_8XS?n-8G#@Dn3wJOvUb6xNjG6+IvDr1?ACCg?e{FJ{>S?W8k5e3H;
zgVB)I?!-~uaDCT0d_+pQL<s1l+ukJ_Vr|ZaNxc;PJe(e|Ets@VbvykFNDIkCVpS!L
zKMJD8MkqvVOov*Tc`iRri67I0K_D06Pk&=S%+ca)c4kskjOPX46w7r@jM>8K`tVns
ze)VB^v$iE9DJSMMWD>S1uFcq`h&)7Efm0~+ng#3EABR*=<oy7Hv1cbgmP~>^GPYeV
zKhS7nHQcMe&lB_$39+oD&wY@Tg|-fjJx#@`VYp#^QAy_#JoqS)mMC)nkGkGb*)6oX
zxOK~B^9t3bH{3e(kF^GOS=->E!aA5T49wYTeZjg+Dj88Vm8;h-JnX7gl8)nh<Nh26
zJ36PtZT#dEA$%TQKjMx5w*C1aClU9t<;(ZjQ-N6U`3a?loOH^pz6YvkZWP{R6rYH)
zR_xl51xKV$P4!gg)3pc~%K=<LT-SB6$TnA6i6`IFY~<WWU~(bPPxxlOt~c0p16k+(
zWM*ud_PE9_eXh;CjOhmZf`OD&lMvD^rD`rLTe&B?^fjNVEN(e}hh%UvNt0F&_HX4x
zC<$$f@*B*%rQ?ceA#;qcY+Mzu<~m_=VTEE-%}LV&mTl&c?~s^javj~PmLWf3NhhRV
zA7P-1QGN<R_ixr)pB{+pICeqwkg4Me8W?X%kudoa1X%?4YlKAf+;uTa;cj2b{)cgN
z_UIBwKl)OPI}QctY~B%Ls9Y_v=~wjbCvxGScYtj%2O(ep5EYU$3Nwo0SWg5c)f{Io
zY^6*^3HsiSJ?+OKDFuu+0YJ5EfD{i%cQa{VGUM0~F<LVbAgfU^D4e}@v7jc#fK@bp
zi6H;j|N4tYfZPOX=H&lqtw5e?0yOGaHpm}76aj-L0s&GB>6$lLXf8_x#U1oTD@YZC
zeCq@lO$Z(U`u^rghD~vcAaF4N1d)#drd<$7H7Q^!2uYp~&CpwY8)#to4!EYp!k*t8
z(h2Qb3dH90!U$_DWx~QgH;m%TB5*lH0T@sXoqdZvflz@Hi+$@1NFOlSw=SsJ^GK;J
zy91110sc0xwl?EmX*9n7!+dOM{C!<~jAQU<nZ}7Y!^Zn$mSfZS*4xQy;d944>yGhl
z6kC4(XHf_?AtJgQJa5I-vAAhA=-U?1Gt}&O&*Iy!sZ-TJXRzp|X+tN|KFUm<=$T2w
z%8O3V=eI1ATeI6kGUe|Q@EQYtVzGXo#Bv%UQ2IC&1)zLpHnqf5#G>ePobhOKYzhzx
z2MG%-BJE9s?0L=?(*24Xg7$Ka-ykn?QGQV{Mi5{JpTCu7M@Odq5zH$IOf!7QNk!DO
z&s?w(J&ZxV4Pz1(8Y95!@Cb`VN%2s|$hY!NyaKynaqc5^WUOw9j`JLwL3*d<eOsb2
zrDNMVY3NaFjzQ_dB(PVrImc;bb*dJDYnR}3HNYT>q-Nc^6XCE|c6SD3s!&rpYO=I!
zda6_lWr~x@kg{SV?>{L+{<E4)xCKQGr>IRng6MDhCmHn_jLe;~&J7>I%lM$bDt@`l
zazZJDtOGw~33AKK#t+9u24nfiLzEwb9CmwYqbLb%&~jOp&AocrL!2LjzCPjGV8*yg
z4DlqQ2MBOeoc2}hf~zrDBb!AK_}J{wDQfC-tz1o?2WhPh?v27PNjWqggAnv7E={5}
z{006oaww%*R#`?p`TQ(;l@96-Ny%XkL?eG$oaG3my0DdSbPBQRXWVr!QVq~3#i{4$
zi78&KyK>f2JqBCzt*1m&wgL1iUK^lSLzMu%Dp&yM73&EAxx()N$kpx%KrYSyAXoW+
z&E`;X{0`6*J<G@oyAvCdif9mf#)a%B7ZuYJe`N%2wFU$6ff7!N5>8h^|I6hYN$P#g
zzTMmY|0OZE^C?Z3OkF5O$lpF%9)H;T=D~hpHlasLJ2t|f_gNwwReH)9NGNSjD)r_|
z8-XUZzFqCf^SWWGeP+5iZu&PkJ>3A|t0&G5EeD9kPDAiLzvbT_XwvZdlstZ9Xag}x
ziSXW<;_QOs3+jbn6XXg-QwJ(~t}k0w>_fwy<05E$^2nluj@JwkzlLPkEl<ty@qXUX
zZzC&Ty<hIPv!T#?3R7M|dV^iH3n1LA^VCuxW(V--p!s+!hat$=#n$qLYm2|Nqp~P-
zTozIu_9R2xn@__+Z0JWd6a5WiKsD|gRX=N;cfzo57vj)m%#Wx~(@>z;aSbkx(5`(!
z>t-E4FQwQb43yd7^MU;APjY>$oBs2IOdCDYz3H79DuxXk<}xk+h+q~%KyuWt`@k89
z&4hjjvvB!Ku45OrTEGxXD;trt2JdI)Sxr0%#6!lg4EYaQ)XmB4Pu}Jzn&?V{3VoTA
z)D-Be#kvo|k3EVeUnilX_t=c3z77Oa77D4{8_<~tIiW;Dyduvabm<fJ=xu$z%&xtJ
z7x*UYwQs?VoYS51QrL_fj9i3cAJ4La7d~E<l<BCI3lX6S*?_xu?UAi3@G+*XWb|<2
z%ZB;fSA;(?8<Bg*cSMrK-dD(!po!7|b<ct~$$<mq<50?y$!zj-O^L3f%`lAFUL12X
z#%KhTyO0r1QoDZf9;6Jb$IDj99d<Y#5(f2=ErM;|Mzf<1FXCK5o@bQSHKGLDjTgO)
z;;yt}4he%9!U)Yd^~ynmrF-p8?_x>gi7i7_Ou3~vO5fhZq6I}JTu;4)8ZwTwCO-Mc
zquUCFbxY3*AZ30hB?|tNsk~?iw`?I_E`K;}8gQ+4-FHELOJJV8zDlvk-+d%CA=tdR
zd(5srQoPwy9mMf;w)@<QG84%G@|sSMj$dP}2*Ylo@cu_YHp(9l)y@hs?p};%xkOk!
zxg(+{+gP|$M!J;zsiL1wW+-#hO=+G^*0b;21&Q7~Fh#dmV=<#ty1JZnSggZR#H!Vi
zXt1Ixia&^0X@cn>yBF5Q1$T?|6A$tu*coH%U9-R8bh1G%Lj)#Zli>Ks&06(NS-Sei
ziOfQxC27Q==FcpM&EiJ6QJ<M=em^)hUI7LyCbqh4Us>VvQx5hyw+0T&CsZYQ-<6-l
z?|-Gm@fn3B`3=96il;u)5&WghPo6}tLxTv-c>aO|lTHi{)_H1>*qb#}5Qq%EzUpHA
ztV%;y<@Ji@im3MksphwA@ze}e*NmaH_Xa&<<kLzW*FX(p3`TYd_Leb8a_E~wb&MsX
zx4d|?C%wPlpD*309y^jRsMbH1F06~z`R1>|CZ$HJnK0Q^$@-(trbJKkp}1?U5;<W=
zTjBc?5N-vjx`}5fC`fCu-@oXu6bVhTsIqp~-~BSf-jW?8kPYr8N&o5s?^LrC#n;t|
z;5@I{T3Eg|l+7MUhJGcuG87ZwPT!yGE78}6``uTR@qX_$Y*LQ<0do?Kg4re^$J25#
zo5IIcs+6um<XH^caKf(6+jXRWG%X5m1k>wItuaV|k$vi;27A}~WIBb+1GY8g4#MDh
zWunF@z@mTQ@eL4c75oQ_qu+TpYU`ZJr^HHyiJ0hbkt&7P%d5mj%d9$G=3zz6orYvM
zk|~w7y=;;l^|F4=p1z3TdFPB@AkOQ7_Dxr>OY5*XgTq0?yGHeS#fskPH7(`VvI^TU
zOjk)l57@Ii)I3MO<s7c=l#hvv7OV;LlC(0x8)cb&Yzo6_CEp~(2>8ECsq52qFFGsZ
z+ILQyJ#a7hoJ6zyf@E1aB=3y41WJkW+58`hxV<ij-9$}yS}2qNwqv{)+0vmfaTe`=
zk=}Q>o|(BCa8W2b=e3Ne2FN($7I=?eR}ecQvu19UF)nrTJb#~gyO$wwji&YnRFiwa
zdV|Cpq0Viyu~*-kx#~UhO;mHL&0H2cC08GaW01XAefBW6DzekH>aF1(W+#k&rMuAo
zHOo}$>yBU&xG6n9X%yW(u@w~0JcpP0!Hpc}gm?(rQf=yDNjA~dH{scxOOBp3f7kbF
zd;@0$P~Na9XR_ZkNqMYQoo1W2yN(WV^BSeq<4u$#DHLwtT5TSJlnoLC!G(})JY@<i
z?P*op5)FH(n{pK8B_L&3>r)YHWmVJOp(s@<0I<B!mZ^^frE88Rih1YJOFT*TID~q|
zS!;MzpMK@XNx>;I5w&RZTa;EWVw$<F_nj`TOUgF&n{3$0m497gIBQ0AQK31_ao|H}
zkp4DZc(?W&p13-nuy(9XYmz#xtv?I$q@zNJq8_&!@u_aJ7RoI!tZhVH5<iWkgv}}?
zO#?Qwm=Tc;WQk{Autu%7Ph{;TfhM+Q(jx0w__ILN)GT>pMA5Sq%I$!7#;eJGedt2-
zP;z@p>;Nx}rY0X6L+^8|;wfze>7jhAO~zR|vDp+%av{kvMF>HHx_8|LJ2%)}xY(EZ
zJAba~gSoa^$$SQU#sln)JR{#D?<#7yt|jm3bL=mp*(xQq<*<I>ot~4(S|j}Z@H*$+
z{vO`va2TxNp)>aOWA)$9RRzC{&VPGap2pU*c;*KiCac`(3>!4rBiA%n$|+4@4#v&A
zm08oIZs3%+cP08SU-KhnO<-tYhr^q74O%!AE=siJOw$sRXT@dRa*YbVJQgiTVAX?3
zVP|^2PD5$g(GEIWc~Gnp(Sj>9wHZo2O5nM%J3A7s{{o1{`oeap4)d*c$M3msnXJuE
zjib@KTuM<R-81&%dt-g+6%(_Eelct#pKSSX%B*$Uicdca!3nFiZrn|WY=bcx*J_dc
zJ`+xXPRT3>v+?S4w$x3LgZC&h!G@gE<XJ`3jFcJq4tFliqGQq7=Cv^7O*(OG=?~wk
zk=D+=;Pp?;XOAgrpYrJ0(`~+K=<)m$x&JL^teWy$PE0zsGfD8(U3CQ*fu!=ilUm~P
zGV9KH!oQQ)1KQ0@0SASabPdSR`fWAa1<nFTmvp5a2ruHiy3On7qK5yWnSbJ!rrARE
z>!jiThi3HB@Hm${|3fpw(zdrKX{(1bV>Z7saJ##(<~LzE<KH`Jp;5ER$8Vza<rW`Z
zEQ1#JjNqm>uhS{(#)hAdGql~}UI<|YHKMd7oJ%s805%i&lD9_L_z5QMnw`aew_MX@
zF~zMGU^8>~Ow6aD?bfG}`WHrOJR%c0wl%&*Cq`*<m<kFPmK$RK1f~baC+s{bOTU=(
zN?Z{%4wCkK68v`ZnzHx;;1+y39`gl4w844}jf1B4ca{Grh#_xQojP8@66MM3E@%)y
zB|a`ITH1sRL()dD9ztW!(S<%nCZ-Q7l(H+{tq`TQi=`P57uH{2bgF*-A84Ui7ZOj0
zPtV%iv;5y(9q4t)#3G8*v-EO!I{!z9(wsZ6>2xh!eN}A@gXtUu4%0Cv=5c)ARbGZD
zP!M0qdp@;-Y0;kXnA|RExOhTr3pBo#{^Q$k`OfzBH(rl1$p2$ijEj`JKh~`=wnQd!
z4Qv8Nc<eF@+KJ43yy{vNS1uAgU&hp;D#eAjW{TE|?bkA${PjUA_V-b7Du)R#^jYh?
z<<hHgpIY(86Y*f`t?;vM>$LWGT?=Z;_?>aCkB!lL?xjm>mRP0H>*GOs_jG)EzJfR_
zjStU65!o=o9VK`90`$~MO#iYz&n}|Gc*<{-gx@F>f@4IMVW>%2r@?$>oHgh+zukVQ
z`jP%~$9zW=N{areZ2DcG*2EI$n0kli1toz+YlL(gZu5)s(Mo)bXm8<Zx*qVOtP^KS
zC_8r=eNk}9nT$?cxsMP{%J?(WPzd=N)Qt39O7|sR@gU9Oy>u45g)}AU+z)TRCNYSZ
z2JCs;ri~?SRZCumB6gVSYTL{OZQ-XUP&yYWbPSTD_NJFpkvkayX+D!dCEPV~N%U+)
zGEEaj;4Jnk*})$Pm^)OET<wUTQA+ibWAdp`3&#0aBzDHC&%ThIJSi76+FvO=L6wc6
zQhA7EyxSKzmA<*&D&ae?%$JEUNNW^s7#4R{`g+M3FCwxsoFMPn^?Ty~lp^kmLciL}
z(A_3ft0(rgaL`(CEcqlpXh%e%kt3&*14Le#I^Wvn71X&W^&VJfhYNsxW6lC*r&yfc
z^+U)A9x|VhRt+3R3F)`?C#GZG@Z^j?<YLCk8pj;1rR|94jF-&^%}lxC-^zJd%UPqH
z4sbWP*d70>3$Q3+8U0oEOB9n?Wno!O<N-HXTceGNsC~2?mifIjyW<cVsUALY;gp#M
z`(<R0ZnIx26KZryDV#tp6|Na=unSGxIa}byAu&<3z2%WDm!h#~J8ADa2@lK)FpDvN
zvOLK#VrEn?i<_hTP358NLGi*_oYLqf&$v3nPVMsVyp>n8XMAR7M3+*b4AiDuz_Z=#
zDsZ(+pKv`nG{$;nuzY7qR(tBHc=5y%GdUF$Ng}gj{%waUccOByf@*F~Q@7@gLGa6;
zNe8*6M}#LHe38mxD*^!pKEvi^-H(sD_f|pls9*5Tp^yTP=ssjr{>Y>pg0B8k$Dv0=
z9FX287yu%<V5USN?p|XBvgKjuHLLkF<ibD6=7apl0TfXLAc=k;-2kNKSir)uY0MNL
z#Ol@^l?9*)088`$Rp|RU3xHdOjezU$1ga1r{qDICiYL-J@N&z^(0s^g5Z=NQpgTz@
zL`rV3($VdUY5x;~fPPZ}%}J12xLf*X5W-tB&=(4z9o-<wA~dfe0fSiu45%ugNilyZ
zA|$grAf_DRP{4RI0T{$g1VOzGC@5K!l0{eoz=%BHB>m4#0=l^XG^79Qr6$i2DiQNJ
zrMX2&MnGHQ2}Xb{22xF-ApaBKNlJ?)tKn*HW`R++p_6Y30S`$742m5{v#Er;AAlw<
zUSe2Ku6_eRH{URzP?0exlE{U-<H>uO^B%g2?|k7dYePQ;9<oI4PnwT+y&D8NcZfci
zHJpc%K1kX~@#iN$&(MCFDNLEpna=lHkh*D$#D$zRhxF^F^6947CSckQ<+F(+HH?pp
zN<qG@1zDb4Mx9^APd1+m!(Cu_vb>!Afwx$P<+~-{(ZPa=@fdRVI?BBqJI8WGZmqmC
zpiFS9>Egw^-OY|QkB8)Y#GqvI^gc03!gY@|f%`{l4Q9rGnq)`RGuoaR;LI41E@d`l
z1B1dK_IEJJFQ;P(g2d}3n?w+-Z*Oqe82K%qx{G}cW~?4c)@%?RAo!Fsj5O3XCur)H
zE83)u56`rKv)mi+*e_XHtLwc#uX>IuX>6!vk3hW-9MWy=iGcaU1U=|ajti+*>V~0u
zMd;!oAAEla==6-?d}QesIr1gL2C@8elkvynla(DVg8S&vWMMIGc~!rsDHmoQYS8-?
z^PLL8y%*Ed(I#A;fGvxj@&<if$tYpJ*kyR-S13v^*UUcFKs;y8R33@xL>Q%$z`twv
z6@&dKF2@6)oG+(_v)=zr+%@g=DafIqy3)aDC<kOdt<M$=S6)_%IGi9`w9hzw5i&jt
z%5lg=d_%x;9g-T2z4o@z@lt<mj11OmQ-5^%j(kQOFm2>m!NM^xBJ`d1{Bt^%8~S)S
zZ`l44+%z$NSO|fUQ7SQ!({@ZWx5MB-X0wq|3@K4Dfe|!5GJDP?6j+1-qjNyjNWg%J
zjZ!+ujn!+Kb}fR*Pbx?hJadJJ(L8{k(mn8)wL{#MlOBZN>>Yv-5FH>Oj&^GR_wO6`
z<3U)D9)kd}N?{p2`ZHn(W83Zvs!bgBHUU+zJDj8tAr)+fHYdwsR54NpRC7Lu0Mb=d
ztT5kBKDzi2ze*V8b~gQA40{mHc34v}l0(p{QZQGZ&hZTXud~u$vK2cLHG4zmB$9Tl
z7JT;`Zvo~6?JA@CU$Z~$e-3m)AqeU&BrE3H8f}c){c0w_11f}Ex5<V+HMJ;=pG<m!
zi0VBFG7mc!LkWP77hi0|Jgp?6h~{WnD{06N`N~1`32>ZMlV^ET264;F46RBo1of?5
zfKWNt$O4GXDZrnI=Gkjm5Ad^P91F1XmOp@N&H(p20h19hioHWA4K$w#T?Y?w_YGj|
zY!nWZg7EK+Mh^|O^aeG?z37|ZZw|cZld)R4LUV=6J2OY$Nx_-fmFUOZ2Q&R{=E+&o
zY;=tAOa``gAN)K;_58`(k$`ABpsvipIVtT!*!>gGAM`zgr`dk9fEobz0;FW?&#Y)$
z4R<LU0d;y`pwPWM7O1n0=N_KT>nOdn_OH0o<f}Po@0rcaiH=u5DakmQj_IRZ1r*E=
z2A1*inkB^>*Qmzxo_ZO95TQxz?2)VRUM23xLblEKc#JW0m7YPd5$~^Dohjt}iJZ5e
zE(r?ECiJEH-RQ~fQ*u@OnQ1Da9&2JopsE(=itnH|Hm1IJ7sS>1_kF4}u!h_(#oi(f
zfrBKq{Az`cZ-O3UNI$GpTAQIlY0@G_A3yxopVWY_m0O6ZDcuM~IGP{q>5;_R5xr#J
zJ{1+D=a~I3I(3i_8*pbxZA+-PZg=FO;bg?jV;HzWg|{4J9^kU<Ez4>b+ECD`;!KQx
z<R{jxLJ_#L<|D+Tb_pU}rb`QkPt!tMFCm>z0<%KY(}-J7a0Hi(6oF~0x_zaIr35S1
zn00d7@5zP1*<71bSl#uKpfOX=UM10Pfsho4fqj4GPy}KFbf^P~tliY}OJEMk|C1Ji
ztYAErVk@&ygd;SK3K-n|e16x|Z;Kd3sq?tolWvlA4x<4jQS%rR+;L#x@yq#zOa>6c
zcUQ-SJesGij@wqthLA1AUT=d0!eIt>n*ET%T5Y*hKF(K9QNXYd@9)eN(t&YC;RfMA
z_?g8)e&{6PK-zJPA#I7SR7fykricY-5dwEj7lXZYX|V5zVbbPTnafxV$*PrGA`tC<
zvnXs4T*du5Yzq-7qJqt^y#1><-vvQ~l&(b>=OCCTLo?UdjtVp5=-VU;@YQrCejm!R
zMw<pihv^VQh-~2q$V+Oer-TN!d#LyNTt@$#Y0b}QhlJPJBZEYjbhh;F^dBkst55Dm
zyv&2H*|9bsecFch#b09@my-{6Iz;ZL^S$j4TACU~1{V3VN1X7Ibl`X098W0=)TVa2
z8S)lCeYd{xhmPvu{80g`*k8OIHSKM-k3t_0=~p$Zm@`P|`((gkdUw3CVyt+|7zCz7
z*Ql{!`Rurc`NWPpdYU6qqWojIJ;*P=Py^f8`@WDL)@M|E>@NrRar6;kb3JKEv_Cu(
zy9^sl%=Z~mI&bXg8S!ZZ_Z!8&RI$%hcNe7H(K8`-4NI4ijVN|Rm<{fB4U8Lj6E)F^
z49igmu_7(ax?IqZt2HHTI&WDyRb%GsQe^s7fAJe7hf&2q&=0ivRb7X#MP?jU#T>(O
zHg(R&eCwrX_$jl{y#Yy34cu}2mV4<?rxlBUlQPI>d;0~7lSt}uf3TlsNw@>i)ahkY
zY_w)|*L6|&K=s?ORidcwfw{-Jc>(N3`WQ>MEl*ivMqlJDvh2bwGR><EZ=_?ajlmi}
zaO7X?IKNkccHr(0rwr*86S`Gc*bF^*B)e9YPet{Ovch*cqdLhPUB+`1_!C`f(amaU
zdezDUuq<;j;W2jof7j(}b?#OM%CI>mr{tsq8BmsV`<u>w4-`MuVo%gOX%%ML;pMt>
zf{4rtp2yVZ4qge8>#FDKrF%pC{=!pA`QgC^J{s82;X-~C<P#d4Q{UN-L%4bmIKb}j
ze~vuJcJ%%FYpFSHsia~oD1JGbr`|Lz?d}AN&*Z<gGRZT&oF5~RKqH^+D)n)ji!uzy
z1G@9~kTU_CGs}4KFSNhOJwb+hi4$t55i(4xY>A8B^5qMKF>V`|lxKY!x;n3-e-5j)
z&V7}I=;molMkO1fp!lQ#8zpDQhrh>U121DQCEi6ju74TClY{q}BZh*5o`KE4_+IaS
z15r8l7)c1aDR3<n9}xiY6bg`(x18xTYTLH<uUFSezs)i<>m(=AQs1V`D@<|~zFU}n
zSz=36jMc1E|2JjK@E5lr?%CE^^$GHTRy)Ro_ZTC`K8=dwZ^7TWN@QQ{hab08RHclD
zL@8g;V`!>V`cZHuyI{H|Zg!9V`D%mqn7$I%GAxTOsIC|%j3lTWFm-`%qcK-?#kBQ0
z$Bk@xsr8BE?`NV@)M>P~FJirWEY-wu%Rzh0zUrCX#fJ4?z^)$4%rRf)`G-2-xt$?P
zw|-Sr3*4pT2ikM1a-ZOYd5X8~8*_7O^bpglQ%?Fsd5>L@Cqx_mmia!Wx;j!jtC>CI
zdbOUSveDtYLJ?}vL}J1p0e}fKV*pI-oz?7d4g>1Q$_TtORWfxssg|!zqVL<|Mr~H(
zE^ANdoZXP&W8eg5JmE5pv!d*KV(_Ukm^xWGQLnDq(that9-cCbPs{E>`*Oz#P0X#l
zpzaINQvf--9w_uR2ID}-F-6H4FOrR%J5z`^YvPZ_M8-eug>O7%!A6+T*e2ZK)UXiI
z;4PuSHp$GPciV(9dOZHS?TdRm#~mj0ZAC_qv7efSkjHRhbkkPGs=EuxURcs>L_wYL
z{N=|?7}e~OtM{a9-I#0fv@6o6>lZ=IzwSq3J7bB_Y+@V}MYJnQXUFonF3vm(xMj=^
zMcH4hU@7zEoMSNJ=u?sz&8SD0&7IW1D!O%9@T-01p}M%4;yqol_q}rq)ws0aU8^Q`
z$KBmgER9W%GLI_Ez1!$)+)}pa{1;r^!coyu<Rw{AkjW#C$f%P{Pl{IDzGfEqX@$C-
zWOnHMg@IC!v<z(eTVBbk+T@h_KZPde?5Eza<*sWF=3r<iumOj58<l74&D>y5wPmT1
zV#N{Z>xxh5PNHJwkY%QNom7ixvsVSvMRP{2Llda7E!8llM9`d0Fw#N;d+>9aB4^z!
z!NP+ocl=w2N?P(>$2`&Al|1+J<<7-#o|LZ%CGv7~>upJbRq{2&5m9dVSI9Z6?fVv?
zAlzh6^U|FGSH+L^b{}Jw^y6GR2_<Tm!ov~+C4lcR)w~kTK+Weyq%E>pAMEl9GTGUW
z<jVN*>E(|cC?$7|J*yz<F3jE&Z>jF1V1MHhWm{qmzB;vA^FQIwas8roc8e^v6f^M$
zN^$j&KBnL~%2>rY>DpU9LoO-T+L}pbGs3nW)nyVPz^+z<Tfd`PX~;xs3eBTr%x%g(
z^&iX6uMQIbG+KlDHWll9x2-#6%<A*x=WgaAoS<n}M#M8Wk2N*^=hdL>e0GZ4J{8Zb
z26g^VV=+vWTMolk<J*2kUEu{FPbytQU>zdU&7wHPo!wC=2rzFxDQk1Osw{8%+w&>R
zuX^W2Y|4Pob%UzK)s$l@d*Y@Q8fs@V`15hDRO)hp9)f0~*fzI?%KA!MAb*0cmb7R(
zxa(zt>RP+KPhqMqKrW3$kRR_gKLg>IUu`BBvBbm#i{DrZO8x#mb#!R_k2Cp-dYMQ}
zpJ5!#+?4&N-}D)$oUA%aOace=F%~L@!fWBkj^@kOwVsTSfsfEbB}yB6Vl(n0l`JRq
zs|yy5Q1c*rV&PlDQ2n9=O-wN`GtoLOSVFOB?j|Ew#8vOv&tLLlc|zsB4f0o7^S@Z}
zA6R*Cn&p~2=F*@E?rU#s9Sj1^z&@lKGpq3I9t(|3Idg&^Ek4F3s|U+W9X|4jT>`52
z^)5tYiN9-Y)Uvr_!TG1>Xmbi0DXzSHrfp1R73(X5Dv`nEPq<Z@jN0Q(4(xhPcWucg
zf=Y{=Uz`P7r#i`Y1_2#I{X_W{2BS<@Pipj~>AMrGOxFch@Cu}cjrUkB_}5sa%WyUo
zJ=^YkYatr<obkF*%=`||w0~{bNW*w5Q=3gf$QJ2O#_fqIKS5HB@q+kYq#@=#j;7~3
zs4VU3e4@!Is41Y`<cn(&*U9*?k>}}3kfDx<;^t77+5_r&?YZm&6jbV_I5MBU5U^yb
zJENoosauwx4vB|}vvsPw|MMTh*@_kx6zZ`J5ZI%w2h7SFssSTm`t7hrA42N|kQ|uK
zs}Ui815@f1E1-JGOAnZ|<5Iwk0dhkt5ay!?%)@ViXrlWKL1kxj9#=nEgj6&@k|4x@
zlKYPu$YOCo>q=Na+MyMSn&V(VRRPogTTXhInjJ_UrmZH_Z?hE62pCWkK&X*35Q{Sb
zT>IVIp9ZGg+aDMQ5WV636+i)~(10sZ1r6W`S4!dTNdP6BdBg!>PL6Rv<W4-`WdNga
z27;R>fZ2P4KR^XYj4>&`+XGGb{tL~bpn!Q*3PaCT17O2l55NL+LV;MV?YJpg@?TRb
zA_$L;K&4wadQIPdm2D(4I{4il03yHzkU<x4vw1QgI*OOn5R+mKP(9j!NB4|HfHXrx
zIokXD-LHfO=9LPd6N3idwV@v?4RZex2HgV)p|h{^u!)jB?UL1>?0A_8#avF2V3aBu
zEUQSsFIh<?{KF|><WTb1o?o&Mtx4v;LfK=G9xUQk8NfqwFv<ULKNvGQfmS#kjBnR&
za513Lm88T#bl;f@Y-WYUK*+H`lhRr?+~_Q@#c9;S5;W>ukblv@g!*?^!l}7xf=WGJ
zG7&OD9*N`NC{gAD8&C55yWVWi=3>ZkjD%@QV_JUU8D0%B3Da{mHUUD&;#<~*9)wiN
z0);5_oH-6L!aMw@M#+foa35L4AlnnGxDC_VXTm#wO>nhP>lnpibZ^nMq>ZXdKDf-+
z?~hPKcM>Gc5jMxiO94VEn^S&vT9;oOP|8g{<FpiYmPny5XCCb-{4$Lmh#kO94s^*b
zY1cUB8!bHIqnMG&iNyUN`Oq-tAMFYEw|y^>;+tQIWW-c&E*u@y{-ed*4t!w$ag!uf
z!U!7(4gVs>{mfm3Y{%rm$Gp(P@Eelp?Tl9*d=1N1skapb=)b*m%wEjtySt7{K5d12
zA|@RK_5d&Ozn?LUy6qkc-SGNZ>0(><srZ8n<S=JJq&I_fFN*JM(B8QigS0rHz0h+!
z?^{PflE$6)e+~zw?U~fqsc2OTH$wZCETX$)Xj>n|KeQoo^6q?f<zPLcX6IL)C#tb-
zevsNTkR(G=S@FeAw<P4L!e5HobnI^;Zq@YwhcyKD8O<wsM0MhL9uM`=yn;E#uDxI{
zAtO8^P~yV8*t308CBu9xKcpR<<d{-<UKeMUf)pYWji}+>704*sBt8Wa=X{Ye#)s$N
z)-nBib=2*5&4fP1qABl03w!w~0*X&uoL$;s0#dh5aL<odYbRy9CNs<Y?;BTl4yk$j
z57*DX4~h4)BjNFxvwjvtb8WdKVWXc+ViJ6d4q4*?<K8L95J|oFR6<;om<Tpe5|LBa
zkz11=<-Fqc6*Z?bedSMHO<|&xrVFV4T*t6PQ6~Z?6Znl5-T*bQhAT)n##Bk4j!gjC
zlYX!mP;4&QMO;xb(D_wh{%()?tx<Jb-3l|ohsEnr^i6?|a&w@Gd6Op0VD0G@AhUle
zAB0is*$T`u7E<JDF369t3$N}zS~5Q)<P6G*tJ7?0)?%ruE=FBQ?m>Z$L^sKuN^-DJ
zsC#iDi|f|94mS@?tvEp@kT%B$wxi#lwD@IBbqK?YCMxFGHO^rf3wLdQfJ~l#Rf@Qh
zD=B4<Y)ojoQr9*1^8OCq<{6XM4rMXfFFlP-vzt)T=p4HtgEu+h1DPDubGM5OsAL0Y
zX6inGu2{;~lr#huUnbp9qEr<R@Ez8O0g)N>(3x#=<3ks7lCDUcbM;mno<?w9%Gd-Y
zWz3M;H>9LtOOX29!{M*<vtF}(AT+?mklErw6E4MuhEzWaU!PUb$sasj8zeS}$r0*B
z9|}3^mU=>6Vtkls8!hVv1NO!{Lzl`T?B+#bBYTW}nd*q^c$V7h(P4dOcp3A&S3VYw
zRE?wm^Rc!LKV;xv>e&^bIAi%q@`bOv<CEk`|7%_$>jdI{D(rxAgTJh(07(Xel(RSP
zm+33&v_`WP8TrYZ-ZHWde;id>c7=J@3zpX<(s#D}unp$d8;qXGFw(l%s~U@(8Rq&l
z_&{orTa<q}v8cXcx9k6M(B2GIC&PT3@tE(UKkq|(b%x!0-UQVI#A0`86aO8%AQ^F7
znzqp}T;pF~T=7rQSRlI_7%GO}pO)U!JE~}`tjO{^^ED=HHMcWLfEQ4_;4+1TC!j}m
zZ&uYfO3}Sap*;)*w&2-{HD^Lw>Ok|+X7lg6qc;^3+_D%LfqSIL`VQ}2n5*W0Fl9-q
z^Clj68asxu1;7-$PqMF$U6+`^c7uG0rv%*|aLasP9Zka^?qdFA*i*~HrYh@?IVHMo
z1GwdHV6WrSr13X<gE145v3!FNAvPK7%%Xz+q=_acj0c@iCgZQCq@3H$FTKD8r~}Vv
z?&4?Ha*!JZ`HudBM2Y=Z(2pZ5dz#!|S+}!|$|XU25FZ9{kZMOJhDdC4l>?t#%GLFY
z_Mq6_TKc}U&4jfj*r<Ba!#?6KTlj;HOH5NOh@!{*KVn%|UF93t4~~+JknBSMQnX^-
z`5V|lBbbGIbUheb&*`}reXG(Uprvuib_h!Do1z^0$rR&Oei8vEn>5|WcxF@f2;^6m
zF}SVY>>9@=wI$=NxQz`Q<142qTbt9KIG4U8^Pj99Oh&9xR)-i(?!(o4i?$gJ_&@xp
zS6Np!!Z;8+gSd0p)b-N41DO}7mx40Fc;lO7--cb~78UgJ>Iw#f1O{sA0;;D6+;K0_
z`3LbJtG~%WZqa_%K#ePU+pay!yccBO_UAne=b0B8TNmwqiJ~J--9OJ8&#mF>W+rl|
zv<Bb(RyAB~dbIdBL`=B%u6G+uW#d;lW!mpG%qGFRR(6f(&+T4+ENm7}6Yl}&k{^Nb
z2c}#Iu^X#<nR$lVjt6#xe;eTq{iW~s>T}xtd5W#~feN=>f3ElNyivj0u%U1B=f!5d
z6k9&dT!)<j)4HG1e*$q>4Whpj?};gP*edOyBYp~%!lM3`P~+)_mN;Lh&}TL(JL}i(
z%%+FRHjaaw{9H#c#&UWB_Yd}KD<4}mkwf=-$kbqRh`pUdE|<u&v#zUq+=r~>2UF&V
zsE6xk*d>YLP{QR`K;_EWc&oz1a>KB1WpRKO6fy?=O)d2KSem-jpa9{RMvj+KJbccW
z2t=dX3pJGb3U!{BU)L69B)Y9`4?WH^T(bOSA*$prZ>9QYTFl`R2ILqQy9&{Bc_TS*
ze~)Y+4s0!lrtNL{->TwBupty9M7DVvL=MNc|K^mWl7ChdH%2O|WZ^d#4kF|6>9$Q|
z0P%?fKOU~i7|15}l#bQ=z16@Yto~mu-v(=qmIhOu1K{Iwt~p~`mOETfA1hb_1sQP1
zxK}^<%K9J7O1XEY&N(?kfrbNnxLZ1znrTiJ>Gn<x-{q=ZDt<i_K6&Y}_!TqcbRpj?
zUoR__4lYZ6+Z-m|qO_2LZx2F^(&;sQ3VL=B+(Hqv?arB@&$#GcF?;Xrk5S>s5+0H?
z`g5sWp|jRth37_GSu!~IjnLb!mg^;MTkL1JwYbA0IefkWm1s1!tB59P{Lod0t{)Yf
zRku=$ZcO8&#(=iZf_`Vc)~-@(afCmSvohhOQ{+vi>C^WukAW!P4Rl{$%3z!~86#Y{
zcLLd?>mT+=adN%|kRP!$zAe}ww+i<%xk*>XI*VsHqi5fMg>~i{oW|mroUnC&-xSL3
z?G0J+P9}6+riHo|HUcl##%fI>!p^NU92o}?zC(Ap`8gDE#X;4r{yz5og%NqpfI2Ib
z+g!aG!<O!T&rpXU=`V}wrrStjZSH}ooNkYq0e`f^k_GtGl)Lhf?(+~r7y-rd9@S2C
zE8ZH-fB*0WuXqMcYqfBSw5y~v84I5bhw-3)bF6v9_2^Zr!|P~1rTodcCyaDUuoB5Z
z4?t^7w|<W+mCTWY|5S+3o}n61x#V^#uHgS+lFj<YTr0Q?B6G}=u%KmaJSi5{|7G&D
zb8k|_Qx}Ql>x)2aTaoA=$z#K?#SOsSI}tc{wq#E>r|4(H?yP(P2KhBS3!PO@jM+T_
z5-3jd);ScJo|oXi+&i-aC`#A9blT%DNe+C)StGnyR*k>x22sheA7qS{VfaAI8Da)#
zADq~*kB<UkD(GRnXs^F>y+5QYL=>w6Bg&sg^Px}f%Jk<v_m6Luow#4LpVvX{+}Q1-
z*X-<-<E$hiZ6f~2a5E=hRHHj1ikGEYX=A4!DkymuW61DxUlw&^#|6Ltos#_-#P(&6
zhbQ$<G~N%#*C@v<8e(a>L8Qsa62vn;IOCh%IFjGbR09^d6Ek;uCma(iR=PHb9OELm
zYK6yY)GPex+oZfsInhiF4`IttKVx=R@@jg?zn|~@5Xy#Ust6}%(<z`l|A1#T@=drp
zi6gFm9j6mE?Mxm?NQ1|tziHx{nNJp<o104!6nOmzQ{}09P@~s!&db}AY)MTMG`cA(
zOSzB0%Yrp;$&t*Q%%0O@a-fna)qxMfE1YQhv7P?vQ0ZE}ZnON_guO;TYTnplKrekn
zU5$rK`b2CGFPW4OeNO}quzjnt{I<0xmubQ_QadU_1DbZVPX)h~1m!Ub=>@y{l-w{G
z8!wEerSaMPvb1HRs)NRS7GEi0Tp~JSt<6$SS{#Z@QG&e3Z51>AoxFUsiemK;?d?>y
zGIT0uW?C04U%cE<lgRX4E0c+?)hr}*_X(q=R5^)=L3H$AAl<1X1_*~~5Mmb+c)-Ew
z6uFMSE?kC8@B+5n-A{5ftX@^cL#Jz<F>3tN0<rhbe1y*>T)&NM?(+ZU|0H<Am8EH|
zjss5h5i<&---zVA*OF1T4!JjFi%JYi*B#Z6EGcbl*I$J<#RB4^N__G>O8b3+l^(*0
zDcK#u%H}A?NDK)i5{7)orA<vd>`pLRnwUfp1O>W4yV3@dZ#&Xwlo3}g_^;$wINxPz
zn%eyD9e#`1ot=w#fw>;MZ#%a~N@~qkJI9wM@A2S^*Su=4?$3<<{@m%V4n9>HyuP}=
z46V%5R=*X4dU*}aMQ>7q&R|~i{~x~IIXbf+Y8dTPOl{lN)NZGqdTQI&)V6I;ZMRR2
zscn0zscqh8e(!zPz286IS~*!c=OjBjJNqOj$wsQRFVOi62=90y$2Ao&8{NOQ9-Upd
zk~KNYApH=T*i~>aQLtZZ!NZ76S;qHe@O&)^Y4mYF+r$)CQ!{jLyq!35tl0G6?v_uX
z15Zn47r9WoxxIhg=t>I_>&iG=y@4R0zE})y@9t8`^%qsagy{Yz$v7gmHhnH-F6YDu
z^(g@mW^UMvF+oNB_x0DUp0RZ@ng?&R`deITO6}lAr3OCt->%w_P}z&~*W4$}LB#fF
z$3OnEgnus<7`FQf(#mhV8|zMpd&RB2-Q@e$%CAm%RwnZEx435A<VqS8w(0LwN-{Wa
zp*6LOUlDrYR25O8$uooA8}rZSsQPav#5TY$aZJXy&DC(#sTRVe`m@~nxg(iEz1J3g
z>-x1Mg}y(f(c-NVQW;7q$1S~J_2T7f^%CL=Jm?s$4WG}5)|O8X-V6|YFZRzuX(+{x
z!yaFxm-=B-U_P>b+~k@I>t!)$$ct#jUT)G)A5<rr*PGC*Lw{CpfwxLk6fwPPoWyzs
zu~m(~@=(nb$<K-u4BMA!>`y2U*OLz|Jq{)Xl*r))D`zuXj1EKG)L@sTj$)Vj9(e~y
zOS9)nHe8t-4k=w-MZ(!tj$&L_X<+doM;+@Xn(lTnp1Qg1nwlw3{QW}c;AsDXP|45L
zS$hympp?73ek~`j>Hp67RU1EtS*gTCI*RYl@)>JRNPX}NAzx&!$~?BVAmpdH>j`st
ziI7nnAk521_m#VwF@pHf3OV6D=r3!f(Oo9qK+6N_a>CJ}eL^1RgGxPiN5Wn?nP1ST
z($&&BNQM<}ZTNoBOWt%evfEwguCiKGS5gytovY7yA^*>5g{YDYv|}2*g30IiH@yRT
zY4Db1b!|od7b7ok!<+*_FXnM)V_?f*0o}+r%gId~pnyrTxsqwt^dHwHvjoQq<wx@b
zjkTgvLGmb&*|JMvWF|5EwRuf&O`T6XVAmijVv{Y5_JS72BW%9!f4%Y&Nkxtu7q)&a
zd760`xltFiC<ib*Vd0+Vw)QA^Z4v6uQ%@<U|Ey-e1PP(or)F@hulg{2za@a(b!O<W
z;%Ek%Jx1`4lW6g>_D;R~WSf49X8)cZQJzik{pBZ?x3dkjhk~v?r)Nq|{Iyr&Pk1k!
zLcDw<a)v}?@(?E&8)H`NYKV=>zX<o+i~dDJ%w<!LEa%|1jwQSz`q5VKNamKANPhL_
zx4Uee;-|(|DGndA<}OD<<|E&4_LnzC<U_q$39OXLC1gnAkMR0R(eJ!9^o>40LAtYz
z;lEp5;!8T@vreWO;3WvBS)INH=B)Xej+F>iwfl-bvelCbL~e}w-w7HkcDtn~F=HI=
z2l?^nFt+CD!9eM-4E)IgE2X}3_TEDiioN{%7JPX8zRxG0?e*$R$y(jDo63>;-CRJG
zmHFv;nF6Z^i?*7mru_HxZMZC}nWI_0i1I6s5K&~_w7q&)WpwhnEsIm^+3Gf>B2Z6j
zT4_x$uZdVD$x=Wyz8Gt_IJ)2d*#0lcpxY5RJBg{;`9oYFs~Z(-vPXt-RwG_#jhl-X
z*?t(ywBbkH9Chxw;A!e)N=}cKO_@>z9dpKyTxk``3hB??yTzU(jHP~IrqiExgAu9d
z1=up5CsyN|kphhN{yPMJt;msvxwlE@e`Xv|;l`S04zoL6+|csw4haF!>#tF2AApA2
z_0BF~bbdh%TBR4Q#MOM@t>m`;Yil!$1`rk|2nPB_H!5q3oL-17l_vur&q2+L?WbzF
z71m|e-^R{ekgDB<-8scqt)i3ql}Dl*IRdLaffe5LSmeM8n?l}ldEQMoj_a~4@TYBz
z5V*IMIhRugozHxPWxhc=)e?SLqSwnbi$(^<gWf}#6Z+bDY%PLl-PL|SRNs-V6+Q_y
zArp}tyf^Q)03>X3-|P({vJPS;Gu1<xjMBkQe48$8{Kwp~`vz(xlS_^T4=q@Zwv%sR
z)6wXwK4$-fyx2U(?LekGZKf?&a^-g@pWS8|ka1h_4oZ%wRvipF*YdDC9=2T<yLk&9
zKw_<9UUcK*_56`I#~EIvBhP-8-XFCz?9`1>cN0?ozN97-9>(!H_d`3h%kl_MmlIFh
ztG#Au347S@bmQT$+h03e;nk@*8n#|185LC3lx>dhmw4l>R6wUOF3VaCbo1Qmw#PA|
z<OzC&R#05qxEPv~NQfP2Jvl1aVI$tC-ojPpF4!aHCiK1)i%UL>+6Y`fL*C;9kRV`%
zh?WEks<d5^QELUv_BI{k+yDYwrp}tkSD*a>vE*ZkWwNHo>uB^@GjFB30#U@;YyX5A
z=d{hD{6F`;@akH1$Iaicww_Dbt#>Q~v8xLe?8h3Sm)5?Y?2QxRGTFf;W{GrSi|h$N
zTX7NBB98UMQrz<X*78(H$YDPhS!_?88?!o&E2=m;v$9H9d<uv~w;hHp&><*bg*a_x
zRIXJ@!?7>Y*b=QT)*;zO{?O>gWFSOG9&vj)kVdwb=0J$u&zIx38i4TD94Eg^9o{a+
z>@<!aj12<W29M3EoY2ZytO+8tA`p78AXbEY?670HKyR-S3>qhBB>t+=T@o%bX^voP
z54UC`nNg@1m2qAb!pQe|$TvL`x38&nInwf;gJ!}R@M0Ti&=HP+OspkQPee9XVwy7F
zFqUe~QFh_~J64*)r3cC3zLp{qrBg7=whS-Ez#FIk1{I-$ootfB>^#9LMt-v?l*PuD
zQel%M4=QD8H2;i+cf8;`+A4GRSQP`dK61*X#Ar5AN}N*~bpsn^qx9;VTino#uVmZ1
z2d4MJsdlcO2H-<hvKYX8d*n4W>5QuNE!ZFapJ*FM@Jt`HiQS}3=J`nBZq3AfO-R8#
zQ-}pcv_E@m3h303H2wXyiE&Rol=NwO2-YKMLial(Ij9i0v^Hjr&jX=Qm<?cFRBV&c
z9QUGwa<5Lny%I>iAzH%Bm1Z=V#J`?Z@V=C*>xom`6|6cCNCCG2DgIEStU@l~fW%UO
zG{s^ZwI#{wjhS9_!>_}B$2vdb@2jTjNJf#%!B*GHX_niZ>b$E({cRA|Uh@0ZRpie>
z*Rg#zN~qcDxY2M|#i0!;i_riFq`K-<DmmfCv|HRygj0Fg(f~F_H9+c^q>r5>?IQDH
z$vl#Ra0>^7U}52$e`S#0x(e05z3QEK3DCJfP9{6)&b1{db!-VbE10nXZNis<?4!y5
z+uf%^1^@6425suQkb`o)p%`|mO@L)auyLk5=1o1L@s(03S{Y6|(S>>G&n%gjqIv4*
z5$@o-;Fs88oae3cTJ-wH@WR=8wt|d{5{at#n}hsW^*$bNjQ~E>Kt~(CvMQ3$y4NzB
zd~Ge@trUfYxd;YIE$&EN9LWWt&~==Zh25CFxfoC@>i^C`#8j3c9RT9*O#a3$_J_V0
zz1lR=6Vj@_%alpLX@52@Eukfu?$3C{a3z9vyYP!-h8-z6G1o+k3x>>B_sxyfJx%0f
zr2=?C&Rs#Q%|!8*P7%f0x?H;AeO=W^{3(f4kZp~>_$Iwk;WntJrk{?;vjLhvcM!j1
zoc(6-y!wj)#cdB+oIM;`J(;JZtu3zGx^Pre>~vLaX2ogsk(Rqe9++Is-l~AGBaXo#
z1QKJyi1dys04XcwUw^<P;eOI*2~X!$hfqNomW_@q`Ak|k?)bLnzW*&4opxRzEQGQ;
zPu$u5!tva=zo`29LX4y{LWld3pw4x-w_3HEPiz~SSb-K*aicqEL4uctU*PEBp=wJP
z&=TF+G9a5_mG{xTF|*y<@<Y1UYL3X?%i>S^tWO*c_}(-MAXhFkjQ#~}H3{jxzETaG
z7POth3`SH?nAw(iEd)8y6kXczcX)>813M~R`dS6+iiwZ|t$)XtobpOWEHvR7OB~>f
z_O|}OV1{yJ6pgjxtA!r}Nnjms_$x=s#Jr*YFSaAmd_Zwiueun0XDkl-sL5SxnSpB%
z#<txE^;Hl>9tfM~2?!=u6UT&f$Xljs3O<U<OvtcfTxMh(^+?^uU%KCJnE;gIRNM2U
zjV8nUerX4DNp4cp9%8P!re+w>85PlsS;h$lY({(1L;ay9U_IXwufdZL^hZ!f@EZW$
zXyvU*YvohEBF?)C!7$AZs5hWSP=~g@QS{4IcCuIBfQ$wu_Yzw-B+E=iN)TMZ7OA!!
zJtL~Ox!U}BNTpR{!adQUY>Ke%Ml7o8Qo5@k74OCW9?8k>^oIsq&lCpwDl4<<s^kZc
zcv^x_$VJC4Cd<!=(#UIslY#{b+W%}1!Qk^Xf3GTvJi56&DeH3!fujRQqNoU9F&Shh
z{`@BONpf~yupm9ityM0=^U7%1xUefd=P63G6g8#L>=v>Z@rBJG3Z#<N$!&}<7eyF&
zYo2s9eV(1cszsy4D%<z=M%Ap$$540oBtdRR&gRCSvb!W75v`yh$n2;hvs}R{;nl&n
z&8hr0aHPt^SVYg^{jM-sH&vl@-$HqaRI4FX>WAImTcvdGMse6)1(|iuZ67>JW`Aez
zb1q=$8))e48j*2%1vea)A(>6YdQ5*#&4#?iqHPP<E2+yEo{aD6>20MQAmCcQd>0=A
z-4<VVnbF>|Xm-XTek@JRS=3(2$MiwT2nr|YnyVU*Gf0eysrG$09vhOMi@@z4KP(q8
z;T2An#St-w(~t9?f49tdbO+P_MWb1!<fWdT*pZoN)o@O?L2&3VRWS;zbbw#w<u0dM
z&)p9^e{o|q57BS$_WBCeaT-8VTl}5wG%EX$80Iq#ZN&7)HKyfaALpiGX43KxjL=PV
zO+&Cm<YlLAa5=^0<Z!{^p@_2@sSMRwA24)SU=>w4;8R6=Tux9}6$o_EE&yAw1Oja%
z391uET<M2XQ}zxT8G%w(BA~-1W}{p76`<~!Q?E0-6)-ooJ(aSAuY;H~LXK)o{t`}L
zE!%;3Uxd?g4#M)c!voasoDn2!1XGv!#2)r1ZDFq=n!QU5%7^5WM~huO`SG?s+mKj0
zT7|p+*Q=HKtHb6hE*4-p91mmTgGrcW2uIPwIMB=UDA)Cumt7P+YC)MWN&qe-q$xV2
zCPGw18Og6-BZ)hyY2Q#3bx_1nIa&*%$>17%db*wSoTsWQx}7y;-EVoG#dDS4RW>Wy
zTb7(plJD7bDa(1aUVp!uyG>v2z05>s5RbsvCQ<*@746|jj%^a=jc-WBvDjbQZ8@SN
zr(L$Ai#FG5Zke7yk7%oc<wB=#al!YT;9u+#i?h1zQ~eQ~-XnMD?XRRek=fkkKN=b$
z+^2F8*4iNXW+4H8yC%s(x)W2IT^f9~Vz~h!H}8~K>X~+=Il5H(VbD>^#&6*Cy5T_^
zQ1IBck>{a^ktj6EJfaLG?m-uq>hjD_n|s_pNN~qB?z`xbYD;t1BR5dyoM!41YI>{l
zVN|zvg4ckbOudx<2NyWVz~FiV9~E^<YNovPG+c0xiqwFKyP2=kxmNL8&19Xdm_kY3
z#<aW?PE|lP&j`5Bgf^aaPY}$?(41T>=ypxh2bEe7U0z5NCOP)K)ymSp+&Q*{JGSJw
zxy+EfOz!sR%5nB1Q+zAXE)hnP@z1cRYn%!yXTC+ESHD;8#_-a;v7W(#+^L$@a{L}7
zT!XhPnK_pMc}VJI{CkPFNAkg5-xjeizvbii{1k@`UlrJq8{CNO$$XMuH))aDS$d1W
z^)#=&ySEKh780X!HlUI|;fLiq+<sZK9+9N!9i+2sd&|@4#t`wC?GQTM<UZZ`!@b$X
zE+~AzIHPx}$&Zwd$H2GMz(O#`DKf!OI&$+J@?FSql-ufW`yHe&AIw0&6FQ^PW3@u9
z(YX=Bc8+JGKP7|^gprlGEK78qdhKowyfh8fT5Z=Fn3kM{&}BoeIXA7HnII}0WcZ<P
zy`-1Akwx+POwL9-PMTdSH(60}YG2s1SdXfzhvW_pMF~*YC<~V2E5bnsjDw4PU;c`E
zwFZVdN1TDfI3J<JXf`E^*Z{Z;YS14V@X;JA5U~%f5}<gsOt$36Mw~~Vu(i_JHYX5{
zizUrRfX={;UOl{&Cfq@f-3n)%U0)edtBvc8^PFTKTLP&BVYT0b+n?bm{@7`pBnw%T
zEdPFCBl8|QSlxr|h<_%o^Ip65cdMWH>y9x726Q&+6AbBlOoV?F2rEhsF~}-)@`(6Y
z1EVHcYOuJnh#B|yFK_mYUZmKxBD7s{XbFSIyD7V~ewc<Y$_<7u#(jceq`q$~8{lfs
z4usG?{)vi1#%7ufdr*0n!Y}A=e)tu36-6H7x6HO4M!-?|nF=8T$J!p4uCCKs3KUI0
z9#50t9*gPpF6Q6s&sv=kwK2SOQ8#4L5c)-o!kt={eyEfOFC7VsVgvRits3?T+E$-F
z2Jjq|y`~`Cb$Y~sDBp)|D9Lu-suN+3{VyY6R{nTN1vkY;`166<v)K~z!1aex4y>m5
z*FMNjGP=s#s><BH&3`E*6@Q8yM2zIt-y=Rwk4}1DXew)M8lKA<@T2kMAb^`xdm_91
z8FpJ7m1ACSvJ-24+XPqmI>oOAH}U4v>FVP>g^8Yr)mgubizTMgBC?s;ob)2H<2J|G
zciL1k$J(?k2{0iL#^Xhqe=enFZwvcc#y3n<E!XSRrs6d%q+Unw?kdqvk8J`NqSgS>
zn~g{$oy{$in``h<#gmr|<FDdo$XLv`JJp_;?Vf4^9krMDRxbC^ykm>bmR^6wo8Rpf
z6R?O<{}_vf2539RKmZGWu^S+p0k--nyM}4JdA0tOLq7)wb$>k}Cn^?<ynQ=WI4ujR
zDL{%J)g`Oy^;^15_1%R>#iCW%a!b>to|<=3QP^B+Elc4#{|0g-jwkeoFh@k_UbThJ
zo-^?#sD|B-cWHWdbUhl<);ZnVUfO1QC!&qbeYbn+mrJ7R$!2V3+@5f(atC=vTH18u
zSY6BJw@%HSpyz%8ck7GPjs7zPeKhtR<hIH$Z_!!5%}Mn&AYOWn{WmI$0a=dF8w~sN
z`%8(C48?*|P&Q10YMmi@QC|%%h>X>4!Fz)Ey{#{N50?2W-nCBEZ&dRtMp0_ai6Xrb
zQi|u!h@)eEe<}72eVY&ISO;i@X5T_0at}5ws5yUK9+p|Z>+^)G;nrFvyw@z=)$A22
zZqal-1GYCV9Bs!_?u*u#6zre-`&qkC7MP6EN^J8mo7{*$=VDvFm?EW&x=1w2pUAD0
zBt|B76nv^&z(w75$@JYWvW}0R8BUeY#9@WIMO<95=YHc@7Gyhxlun@;M`tKsRa4rw
z2r78ekUzYnew0SIj`FAi+ou=@;C~(WmVO?U5dX_g+h^=H_ZoA)@V`U8@}|rk^txQ+
zmA^f3e?o>7u_erY^4WAhrHPfQEVbBH_!m6(f||D5-%8BF(u8#jT-uM{Y`Zgc1GmoO
zYU24E`0NRnjT|Ngwl78b=GRx|ZH?!1?NZN1CyZul`U|=jXWJb^CY2l6;wkGTbg7of
zJf(H%TiIqcs<Lx!E=hRdf^ugjJJ#;(k6bRjM8iJ`4&G*`=kR6~jWABJ=IH5UHk4BQ
zw(<Ppm*(Sp#HGd+Ed^lLsZ&17ru~v{gl@d|vgl?tp-$f5wdHHF)XOAt^%we%x+4*d
zy0nZGqa+C%Q?b)cE3-^$@1RIkbDi0yYkR^xD8SyR?d`#s)~OzaNjO%CYD`&(65KVS
zESDShF|p|nY`>63%<dLK5cQ8E^nPMCeJ=J9V9wv#sybsYKMcPl5vmGOxusl-?xNC_
z(l9d%^=K@9a5Y6gap}8kD}7xXQ7Q`jTdCcGab{?{KwpznbW*Ewi0R=j77SqC85S@f
zrE9ptng`paUK^R}y$3d~S#;z+C*;H&_*uHDsuSL9<dE5vUR$O<u*9J+Gph}*GO<>X
zxjsr6LL1>HSM>FD(e@AQF-T8{xYV9QcuhSVtY|$X4V^M_>6_-Lqi{VsYf98M6I{{3
zNrUTk2pIH$d=NV6^yU*_JBX1m6}@sZ?KG~FTZ&9%Q;#vM%4#%Zw9Y1$LLOK$pbuMl
zjLoXQbZC#vk<4ZWgeeys|5=+S#Kg}Rpbon=1o-~K<_h1tSf!_{*wlpEzvfq@+mWt8
zHYrW}b<cW}B;iZtI8y|(sHUTpc^(SK&4(GNTfe*t>*ZR$xBr*#kjo1g?hI6uij~eY
zAEj|}iGt}6A1{B3r-H@1+D?Dq+7s8BN~sJ4A9F0Gqz9Tih|->Cn6r7({_ya~FCQCX
zBkN1*^SlVn^)zK3bNKC;8bp!GWoBL3!>Ltvj?THJAf+f3^6){Ja$(we(xkZ(N~f<W
zXfZzALDM(9uE7zTp1Ic1^X7g3S=)2#_0qlLm8fsu8_{(X3E4~UIj#*xvbmfU?r-}l
zO;$wxf`)ok35KfFNJj?FS(PgGy}BX-#@*Q;#u5P?pbixtAA2k*_N^t4LZrfsY$p&j
zr%Js?z#Kgw7ahsaXTYpDeEYS~{qq8h3|tSLL_}*stXBpa1otoW4duSz1}ce2`wJ5p
z_!i%HG*X@*(EMRmM<Jp$D%Kn71}%Lqvv)y7wi5*)D}ufxCEF3YND%vOjz~#nkd~ha
zQ;v-en8ss@h^GrfN4@$0)l5bO?u$<%@^Sz}25u(tovbKA7E%Wb^x(Zq43faP76iFZ
ztoHx}j#|R0<Ka)dVj_&?2@M&zAgENkD?2LSlV1Xjl+a5E6~ML091%Z7ASu>czDI#N
z#|Z+>rH4kE!yN#k3^B}4ukM9w02%lc0t%__BQ+U#_Z78N@EtBXpf-;tB3?q4f^26^
zDiLNhV`6eKEMgRdE*Cn0OCHn!L}CgugTK&}sB;Wd;5D!)q|GmEZV!SsuYbRVyv}*a
zLfX7wO9lUY(GQ2==K2=g6cyoLDnt<xza}Im*2|;}p&Q9ONJK?u@EHaIfkOqJ`w~te
zV)Y1v3SdS=A?0vS4)-?~q>G40lZ8CPCK1WxiwXB9FO?xHf|>{Q+=?*>l~DvT@P{l^
z_a<gW6SAFl5a~$SB4D^JOF)45qr&~MClbZJ!%~6ky|+?`wBI|Dfqxvrf^fP==Wl;;
zQ1XX4wwHx`WBL}nV8c0G<gLM}jYhgTAl7>fA}ysX<OYc5yf#Q6gxpzw#DNGUbwTX2
za%KsF&^PZLl8wv^heC>IPPPLCLrvt13-{l|0(BNGJgC9+pazFV_}^oLc!V5l$?<v9
z?=_KJP9_#|$3e?!AWS=z09MNh;TNT(x4-FV!Y|6<pr-wBAq!0>3X4(2xKx5`&s0ju
zz*GXsd1*4=rvJ&JE898Vu>XA~aqpX!)Bti50}oo$errYq*Z)Af>rM*yclr-l%=@#E
z_;@0@uuN>B1tqG`*nh>03DAc%|EstaR9VOWRFL!q74=6A1zJ;LYq}cRbrd6g1Y|XZ
zuRMLk)AawOLy<_ye(8`<SOi>2YLN^8mcN9@cN>uzj5>e_!2^=5Pt#UIgVmCnFxq7p
zmnIXYkJyvEQXNQ55erm9Q<bf1sQL%}3B=|H|GjN~ypbCc+`u3au>#e?ZIG1^;C3#P
zlL7N22KpR%&;iu3pl+*;+m%7~(fAaU3SPJo1oa%<x8R?E|Ahe#A^_k3oKzS-Sbx4#
z2<hn+#H5y26lCBvAWp6}B{R4L@v0^1<m;aQUMZ+o%u7*F9gIQn=|Ld=E0<*vfCAk~
z4uVRJ4hVw|kEdcoy?T?RL{-9_^xyN(GW#N^^S$v2bBeXp9X4~9(&7+HL8Ihfa?)g1
zb{vCQSh*7|Gk#EpLAeuB?z+ZgHzk!;FR;Yj&vaLx@xNzyGZ@TUy{v;WGZ?kENgFyo
zPX-_iSkM6q?$T(a@4K{Q;7sZGIPgBl=WSw;XMzf7q=-4gIbFy?x+D?t-KDg81Xtl9
z^5IHM78muJ>s-z%TH6SYDtL?@f*dn<7(JV|ze>`HYMZ}G7Ed~rPNHQ}sXjlaRvm6I
zcI$2soa|+J&ZhjXy$hKs#YPVhN*y?KTYx)o3;#B8llpkLa{2P4ocWvradE=9%XGZ=
zxalKKVix3fcK{g>CPfxZUy<$}!bx}+j@XQ=n+nsZj7DmJltu||{IG-CVR8FqI_Z99
z=kEb3B2?VtNwyC!mqPgC7jJaADSCi99Nw0Rm#1(F@DYZ;9(i^xRK-(0GgX~wX)CCZ
z4uBm#24yEbS&4?i$fO^mvxzN&otdB-+7;Mnk*NwBZW(Xx`)BW;bD!1GmAk5i^|mxr
zm{P%B4v?6NgPRKFPEwMX%1<QaGRZQ?H}{4e+ZhQPNmX!PPVp;Ft33yxNiPKPuIJ5T
z-G}%qUJA|@NIgL}BDbCSej!ES<%$F8WhKn<q=xREXkuK8&Dc^uLY&{tI>j%elzExn
zoN;D(J*6b0viN?#{7vh?Qg~m@*cyr2dDzt+GkAMLSiL~<^i;`z`wnYV+?tz~J$stx
z$hlD=OCRdb5+HknTQn)T4;*RRHuWJlZqdhk`PJvQRMR6?+yd1^thAw3rwu!G*yg+N
zqcaZYP5qzqO^)MB%jH+LFaWVa7HEiW-ZWySN2z&-ABG~j#TFhQx|$2i2p3p(ww&g0
zsR8~y84PhaLx^2hSdYKEduI#c(^>s$V`dopXOrcZEs>@IhSxIwU!D#wGK1#LJ0^MD
zCx@QOs@j)|#6w1Fg=NATmx}wv5k?<L?1hgq=F!G-Ko2(#s@=gt?kt9EfaJ0D&^K9z
zyP4ZBMkj=JBuVo_FInZrjH3lTIfA2T%K8FOxe=J?p1ZwqFgkpzi3~6MkEI&EHkW?2
zi+;d;EVvjfzxucExT`Tq2BDgVG!CIWvu9M9=pZxg$iOzAG-^g6Bf*}92Xcu}eIe6l
z#mjey6o00kV}2RCdrLbKO`H7(U4sZqB2^gn+|B|Y*762KWGP@yIH&fQ*y$bHp$#pB
zd$7eWgb#o6-AjGGR;8QDp@TEHswg@QyDoE2rUW;B3D*zMI=);n)hq*l5yzSQazB8R
zXDk%3%^@Y0TYK(p5^>lqDY5-HGIz&$1`>7N7zH_88KA?*cE7+79+-e@EMrj2lQ8Y~
zEo8hG5Rz>Sk~y_W=V==|N~&a#%hUBhHzDrfR^M01(=&~*u(42I{pw7cG5c31w<iY5
zB~F=Ai=2KX>=avDxg)St{`5t{(uRmd+W9s-YLa%5SBpv>UCu5fZhMF7aY$F<RZH?*
z21wbIFJB1BVq~plZY$Soq1qgRWNCCu4QrH4b%?rbMUQ#uX>BXiPafJ_7NZO~yHxPS
ziq0+0!rJU}ZlR7yQNQ1v>TZoHSyHUfOX<s6Ch^s9qJ?!*uSF=)>=KoWONk_cb(uvD
z=tkw=P4t}aX+~v9U?8!WvWBE}O~hKJbph}YPusdCe<}LUSA6^@F+4`y-gyr&C>t5!
zdSK9<?YA_Eg)1z5^tD~{8COx8(E92li8F93kq-ZEe)k6sAZ^mEXyywUp2DWM*(oxy
zLfXt>NXNh#idBIt42L3LaAp~yh@8F;`xF{uj+oqnd;wKck_HL19gO|VN5pIBYQ}=t
zxvbU8Ne7+g?vF;c@`yFilM`9#`zaG*H_DFL9E6(4mH&+zeo_Zj_O&O`m#KdT*PHek
zzL(feh*)t$sDV4>JNzM;0IAcvISO9LH!5}}|3y8-g__HG+p&>n6i0_csBh!9;%HsB
zG1WaGE@<hWtYzj3f=2d#jY!^t+LI=P5JHqrY#YOHbujDy&!{-8++N>qAs4kW<p%CS
zMzoywrE*cRRH(90-cN14M5xm8<u-N(Xmfqd#3~mF=o=b|g8!pa--3{ozjt}~bw_zr
zjM}xrtYEJg+At_wdpGNz_}jy0Jp}u!A2U-h;$wJgx5qR<l=}ijRHmif9s@H$GWe^+
zS?p0(ww{Tt{rvjLlB;4TWZn$#Ed#21_yV<XI!!owv-~!>$co9T>F`z=D8F6y4}@s=
zhc}{YmB~&4nFU*Qkm*dEVlV15sxM(Mab>l<0>rXw1@q)5mGZTA)KHA80!AYEJe{ZW
z&H4T0vB-*{zvBnUMJ(u>P<qdc#{hi{!jQgdXrxt{bWP)eYRK?p!9l@x;O^xVBI)<x
z?oDy(GBHrWh=DK&9S$JHj}lhR-RI1dR>`x{^RHgrf4uo!GT(@N{uCX{LWY75k`q;~
zf-Il3nnBvO7pon_fLzH0%Yn*{+r_~c4l>lcvC(rcd5QVdO{3NOg>`k<to*bku6>|Y
z_%eLYph&zVP#{>d4t(S%3nnrmxX6#0Y~HR0W?YneA40XD@fUQb#Z!WFWiW@MNQ48t
zg3W}_QAzpf!>6qdIf$-bVaUCL2*_W1ykwE_YtfsgFD2Ihx)q+^b{q=!z`MWY6bRj1
zhnV0Jbo^*Ua81VNl>QWnPBj&**+~G3;9C+NfPWZ;had035t-A69);rAv5O*L|A@`$
zxIoN|;T^N(QW7dTl)#lGJXi}=ip~W7cA(24bOxxyu2nd;7l*;G{IF;aSY4ZsVb$Xu
zi(%E`9fLx^2PZs`zy<pkeGq`6w|~*gzvzkJ06Y{?Db@+lFF_>PX1EtiAm1kuTRCbr
z1eMJ+6fVQTCN0^fC;<bChM*<e{0(!u3pZ$Vy9;%C>wGs9?UMC6^SdF6+FU+=FDYmj
z)Z_uhbcJl|tMh;}FQZExTg;y7I}sZl^6bkj+7^V$!&)Zr)#4`_yf*p8q8i(WsH6)l
ze%oj+AKf8`mq4oU`5+=iA?c%Xkol?Lf2njz@TlYc)S2U=YS_O*Ok|?p`cq<_GI#=E
z@?#^mQp?c07};l?#qnJxpVzT6d#X{Zf5z~vuc282RpaODV7AYLcD0v~ceqqkZ-_9w
zYplaG{e}#2ynENCU%0B?tNhy5rl0h%<(odD?N7#!m-6nJrCxEj$3UKaK}oS!O}{8m
z&W?FsAb#+uP-jZ{uACglmWus)79PvQOXG8iXIM}9)*t(dmUGo#;?_c0wPaVfr4qLH
zNR`z?L);jHkUyD+f1Q-^hW)#&vZnIe>1+@(sk*<cuQX`#)g4meINFrgL~;XF)Wr$3
zD=Nui85dPihf_}~!i{BIR0ryd+pU;~{{OdhyDLh%nEy(_;cE-(l7uS`rP?S^e%3Ci
zevma+YK()s^~|sRvcFzV>Kbf7ci%y=#$dpc3Aw3K;qxmK|6S0~6%NinLnN-xw>XQ+
zf#@nGey86(?v>{zm3G~BVzG{K4Z0kiv&fKW^v@xNa>e*<6hyjrhofzSxeY|GW3PC}
z#aF%=2azCIXm{_eloam1z{+1r$HKnQ2_fNh@5HWSZ2%XWZD|Q@Hwof^cCiq#7=-!9
z{p2-|F`Ajjzsa{KiqI#pwUiC?$cF)WsJc6BLwGzOV2cfLVXgR<s`$vDq+i%mCXB#Z
zz|Y=Td?NV(ljp;T_@65g@%CjtC9_}fwbsNnVv*pE1jz3wUV9YyE$Nk_f|kfNVL!Qy
z&tr?Fm@bGkD|fug&PMIwpUj+MQ6Y3>gr$0QF&fRCcPMvlsIE?1l&$<>c_-6kHRNws
z1^Z}9X$VsYN}g98R1h4f??0q^)5I>3-;__@laAiQ?#<V}PAZ2KCbnn6t>R!secgo5
zEll+H`4U-Jktqr%NeN&^Pwni*1@1!;d<Rt|-Zx>Ma5&PZDAjAXJ0i<986yrX5|o7*
zbQ776=c9vts=*-*P$)rVjX=HGFqDO0%8z*f{YnJ%tryQ_%W=~^RJ(qi0~Ky2rLzYC
zhX!dTNcB!bo!=(B0DaI<B*!}iG>P@)sizbDiGReyw+3kX2aQtZz&~Muw)8*0hH7vR
za0Ue?`uC95x-jjKfHrz!&9HX3;pqG%o!$P@q+vW8(=zr#(~N|0`Uy6IB~|r+5l9M4
z`7|G%<2|`k4MS$j2_JkeB$I+hhMt4Fekx_gQE>^S7G`IahH5k8_!wB7Nv&k7$?|_x
zppGx($G-A}lg_-j)9G!S0PhU-u?l8X#AZRf@_?h$H!8E;HKanCT&V+Q9QH7;_v25!
zZfs$(!E8<m;+GJ^x~iZ#M5UL2FYhU*`Bx7xs6MX$1^r6N1-d4=E=__o$sz(d6|<oE
z=!&hA_ZObDoOaXN)ovgD<*D4|r}>)aBM*=-_(frmRbI81gU62XGZ~)SAJls0uka2@
z=|lFcCD*jQ^8@T3?8bO`;NE$GiI>)bkc0=h6*<TgR9`ltETnoh3DB>^QE$a3D+UzH
zX*elkrE|(@4?FuC1arSNQS4YPZ3BEKt7<ta(LtkNn!+9_*cMy{2kQV_F*>skujQ*`
ztTcEH8jHFmJ%wa3m_jKC9eg+|zj9<_0!a5u;~R`zX4$<3u)N(e8K2hdpj7Kqb_Kw%
zOG6JgzL(Z)%>08)83|BNQ-8G%{8PXZp}H-;A3fXk-FYb8_J^QOUlnC0Z5)XGNEKYc
z7S7y@Sb_K+M~)qqS+=p#Mmaozi;ezg2PClWIM0WU06$S-sc-AR&E|a;YL9AQ5_M`l
z^4u8bmyuY^ME}VFDk9LaIf}e^J(;TtoC6f!f~KKGT9P4tSj=ial7Tv$wCmzTG~vOC
zq<3RPf(y&Dn*$(A@dw(KhnYZa1`Z!xc^;Z;GCb(?s2SRZT-6kX$$aZzO)zlzOh?p|
zXgN+|Z6Y&d?9F|t00ODx7sU>R8NkjQ%RpJJ8N#*jmkHP8%9tY4j*QalV<K?y52niY
zxQhzNh@uJnOV=OM{?_BGogLS}HWDt^pwqSNkth_Sq7?DAA|Dfn8C`~>fXiJdfgLkA
zX?srWJ8Cc?GOW8^h1)=)D||R<2+k6yciU=zX0#}8gDv>7jTSFJ%8TB&)Q1$H@mU$p
z4&55@cZekzXc>;h7fum`EA9H2UoX%tsQjBDae3&5E9~5&495ZMH;LWV^+gI0HK;N#
z97BnMU%1s6j*0KCoyicaU&uom&PVcJTwSZ8N&@dOj0Jt&ab}4)mo6=J`Lbd>Qh_CI
zDib<$r2zY;C*Co1I-wo;v)>2~xf&tNH`k|R6FSbrU~$Bgf;!&ZE=_evA=BwHLk>>8
zekG=EcvlpLM}i|7f~5e-IP*0~;%Ril+OR5R<N_BfgeyBZX#gi^$y1-}Bg~)|pkJ6`
zb;2?E*r5(Ukq)lGXq^=kWIpT%1akIj%nyOVulyz0xi^x6*$7kk0f<e5W*rX8{-q@~
zUdq11VdMhFpMiyH*=s&{0`|m_`8ce{rUp&h>n0|<Q)s!H_k~}ChRwfYrjrNpDc~1?
z>sN*yLi{30In^45W`!^?qRuumh~!dE6h;}3kM7HgR+*}nwH4;&!M7)-0gFvVmfo+J
zO@(vq(nDG9_-xDU1}iM=fBNb&>I}Gi{7V&P%zWp}p%mWd<eEKlOQG0H?2j$xTi6MI
zWHHmBJGW2G;Sede+8JdQdF4B*v|k2pgl)JFr7oG<#71_R$WG4XSuqXU3KlXvUJ;{Z
z$Df}E)1(d2n76y|Ph&CT0Qq=QHw2hyOFSRL%ZaWqa!=%D4_$I0Bw^B`A_%{BT6&7X
z<UpdfLQjKvS<DMuo?2IV*xmsb*=w`6L`f!&OnDUDvrNa_a?;0jOXVO4F+0c;g}+J8
z)9Ok_DYtu#8XTMD-U4cpeL2-bo>p~w!_WcvQ62_+AMLZk2v;n^UK2m~2KyG|ImoJp
zKq;_16f5eZbgO|TH0P03qi*i?AMk@<(6G%YKfme26QVevXR5hE@_Us1%nZzm8_+>-
zWuD~V0~chG9SFHf4aet%IH#MIGeT<D`C^3S**-YJpfidN(U~QH1U{9N3oBIDN~&Xa
z<YDB0z}_(d)=h4fR^miem{&D1C#x!p-~bO*4CWP!{!EDN)V)tWS3UryY|@wrKES?=
z|GVHw&q^p7woR20Hn$r5Lvu>){xqt=F+gEAD^i{n<0~NmT|^t;eQvU~w0uXfrR)_(
z@HDYU%U}S_6EdjsNL5dW%pd4_&KLXmM+^zv+o@s%E_leO0^XZU&c)cjQ!)=gKxqW7
zu$Mj`E%1V|^Nr;dDpxvbKQ`|5N(u@5t(1Qf_RkN;O!QVvxe`$R_gwI|;&9lF01Lv}
zhd=iOkSpeyPbj26(QX}fNZEDc5NA0j2~*maSBNihfS0<zxe!!wUbhHe#nTtOFk2>f
zAJALjx8)WFSCB5th>a(Q7Pxx4B!g}JrV}N#>m62jWK_z!e_r8%1*fNfLbw$^`wi;}
zo{bCp7yb=5kIqe6&pw@?9(1mEZxyM+@b{WHSbO~Q4b-e}xe*}_34=XWJk>P3;Ci%i
zqasIR{Jlhp(D_2QFImHO%OOM^2j|DJsprQoO#-%T<6QxJTLxMuHK+K%Uff~F;f!2v
zwWL~N8*cMG@Zo(AUFQIF2m(@%ROR2NFIwJSRaBS4)0yzZz`-a@+1TZK#Pzb8=}J<c
z02QwWy;nXJCe?=xiW*L;PxX?f9^AF_ARkADBqH>2ik-ji8IbNYj8-7$;HKIr_t@}c
zJFgzXKYQ9pD(acSUo1K{V<Qby<^$B&F$tT*V;_CQv=3F%$Ft$aS<SQSCq}8<oSVDp
ziRNo@u5@6YTSbKwl{H>$Fvjy^+I*Vd_T?4XVay{0?i-!*h<hRfb-t~8TBN{eLo;9r
zX`l#@^bvhMyE1waZ_->_Y|B}ZKYX<UfP~JXoL_g}PMBtszHuv7O~_B2&&LJn^p1;9
zj5~YX?fyd8Q8bc*_U5mB19OALs~be0ikL&63Td0Z{!Ey@M(&_?m*80M^KO+Pzy$}k
z&hR*fyVC^24>sKOZP)?q@<|@CCI_}%cT|}eppmi9iQ&f;Oh~X&8G}8@uBJ!$S)km1
zcNGv^ow12ANV|jq0786N)6r)RlbZrz)=K59({;wO5U%xAW}o~+KbxjGBUyUmXlbC_
z-`@*Ve*D^CT59Z_x46#y!cV=wlEzM9g8rNR*TOK^EpBv^M^q~O(*@)_qi)8PoQm1T
z41QKQk4f3Rcgi|>e~J+!{KVtaP~E<d!ps(%-F3`y%hT96qURhd_oDLr>VkZ+H!1A|
zc)%)G@PSBv`Y|3E;Yp`kmU|!P-tG<#);?EM$irmlfg!^{3#Zp@6o7~ZL!nnFqwl>0
zIShX7iuPqR6KBU^d^D2-`G#RGjB&uJC&X|p?MpV51xUmZOWP#<u^223zC&OK(WFSd
zelo0s8|KR4xC&OJ)hh~T$F%P&BDeg5HOorveWQ*Vi!hU^tswJVb7`RwWJn}zYx+d7
zkqOhFu>W2jio)Qag>nY;Q}h0+4l_W#&J5n+#0J%^z2su-&{TegYFv32zoI(*VnmVG
z@)LJeaS+VD<vA&}#SiQ=Q7s9xXW^pr-U-35P9p=*L%yh}QFD(OMe1XDShf-lV@<`}
zMWdduU%7Kbr5_CCyY7<{e<k`<{%Id^Qlpil)o^+>dgc9dDCdRQC7W<ChI;a{L5DP;
zSIv!dG3#CB?-S|t9P{RzK1!g>wsd1-Y{A+#r!_WXa)mZB{YiD__KPKv-hq8Sc6l%9
z?o!8nL4UwJ)Z<al(FGX0AGnMA7k~W0YKeA-x1YaJ-qU!e_AYW70kRW2b_v9ld<Oem
ztvVg$$$P<if<e8y5>33Z$mBS~;XFo!Vd3}d>`%&-{lkG5;E8$RJO^AqrQ{b|`@W~`
zFZ^i{&XXO9>xu23`HWb%dzhMp<b4$qG{sWma!;xDXsKyRKozxbT9qrs4yhRV)X#tX
zJo|i@+<xJcGww9RGVUBqWegC+BBYg{k|I3T#mZ_A7AJjab_JX2$QdfA3TDYt;X0`h
z&pODIGq=z-m6ELVAU*k3KL6^fV>g(67ti8WU}?iK>U2Ee&f-Q`E2nb1V439j(<Cds
z+-`m<*2KfY3?jtHYKOeNad!TQWO&c0;-%HBGUWh(4bP}}&Au6QWVtVVXZ5>7i*GXF
zAfH8_Zb2-~iZ`DD*}Z&+k)zW)TVhC|EBH%cTK*z;%tYo3ER=-M<O1z@l;`!-kMY@i
zyR{NGPJ#K!A<HD&bEihfaph!dqpb7e?t1Lh;d$Pqq_oGNO9|-5qQXq>u*)mguWs&q
z8m{i8Gf0=7^_6fs-%_aw;n?>~?E}D^lRLg-<!q@ma9w;=J%zS@WO_ro!kR_hG9ti<
zO>ncF<>Dl;dPrOGl8O9awZsYiS%(w45N|kwhUyk!SWN(7!_>Zg80zDQaD^n?(SP-4
z)$n_GnzbMeK165mITP4x9A<67=Suq|cc-V{H1-EA?}eXLjz_h;y|<m8r1A<k_EoTy
zci(WBWt%31VZ=(6rje((7WN5?7r7ARmD^1!mCgN%te0exr9FZJTV5U{zv7zsw^k7Z
z>E0X))IKYgNU+Oah;c|b1a_D~5LZ7qm2j-GKV(93KCET5DQSE2=f#Vo5w1h~s9$*v
zif|b%3K5fnkq#5Oko@uY0pDP}b`ZP>dHR8xnD!u5wSo?_>ridtp2ybjsFM4fLQ}PG
z*E_j!pqcm7ISxlM0Q>4<9K3&t8*_GbvHgc+WZE>QSo9+Kpa$X_h9=fPE-OQdvLW><
zk_Yepi;)M<kc!m6ioR@+19WeR61lw=!p}Mlgar+xCYL$_3vEg0we}DjWGT0;M)z?G
zwQ#n}w7%)YLBW_E(ZAuu4o^&MVVA7qSMM~4+lIITH_&5d<zosxx?U=F4Hw^KKCmd`
zB;Wm0GQNT=o0U&clc|;{P2;*LP@l84w@k2|Q(Jfy_rW^8Z%AU?LX;lxv=wFOpp9ZO
zPGoe5B&-0#`qAc%c~wf>G@%SG;=8T0FWn~Bj>~ykM>S)*<lG?DtwQBvohAkL2o^0o
zxxQzPQYLH&z>8Em`U7p6sm;{L$5bX$Gt4;D@N00Z#Cdg<5BTVe^|Djy54Ji#n58Gq
zkb71N(^oWy7Y+NNaUVVF<$20G-W^n&0v!J)-B+iB?2FH}q|kRsvZTCxzXeOaHSQkb
zceUe*78t~tbn>1!q<#1gVLABE^bRX8h=+j*E71(zX~gGrK77e5MjsLE$yJpptG9)p
zg@!!3_FC@;WfJrBVFz`Bgc>~pop?P<z{s<RjKy$PpJ$6HpIH8v1l>rDifgw_wwmn4
zC+&HVF$c=1LY++-R&$O_JDEf?Cn<`@Z|)p=HRnaE=xmj!rtR)pBg^jff1C%EVtNR$
z?nF`>@#y8!aIqv2u+pF&tk?w{C?@w4zhCJ8S#+-kvREigR7oV4&u7P5otd;EM`SfO
z-c9|I>B?SoFF3ZNs@R7263?~6S*2db+2TslfUkn99hq+?)b=tm6E9FH6~vmWQsBtG
zY~ngKzmNZQ+nJ5|{Oj0~x}p%(OI)5UyOipFuM)KMbZlntBrCPlUIWo2Qmnk>W-3TC
zK^d_}G&Pc-%ENv_Gl46syLbYkr^XU4x6qGWSC#S~mUf2j91nBs1pg>0mSN{bvG3J6
zdDUooO#Bxa&NF^OGp0~>Sp(Zr5|7{@6FSgYrSRC2-jXU!%qc9CIhe`<js%1!M}h34
z5Z;{7mVGNMTjWAER>!C4(2*bixa<jXDD;w3(t`T!Nn)*?u2pADf#>$Ckl!}jBk!__
zW~wJ;aCe*q9r0r9rj<aAQ1@?unUrjE;%Gy1(X1bkLOj@}w62iIYs-?y#-^ijVhJfw
zVLPf%zhymyc|y}&lJdR*v<k-7Z9R8+#T7JJMyf7!OAO(QQ?Lee($isM{z<8W+)Y^%
z_F!P0AtO4L&6$_PIiCGru(>;@EbeIP|4fav^sHO0lh4!P8lS5}dYR^|>d(yZIMd*w
zRcOv7prkEq4f`~Y@|vhOlbT8gWl~B^{aj7le{EY9_`zKPE?Mk3b6plmR01Ed=+l9x
zM?yDI1AVL~McD?LaA*I@W%@;VyPR6V+a^1nRBoKv?3{X^pYsUhvD@ezr4`kwUp!hg
zFxWnWHP?Q?H5XdNN^8AU)v|WxQ~uf9UFAcBK2d#l=9O_%K?`d-MEv?zu${aP-Cmej
zr{Loq|7YZ_;&<r$&2}cznEoLL7Vo@TKf>^y_pv#er0de*0}+#szrw-ffH_APDpuSQ
z7WD$w<s67vDu05QZfTRyoZPA=hA?Ge6URJ_bcixtY7^V>!PYu9fG~ysyEAyUoQ(6x
zY1w|pkcWSf@2u0q_^kJ`ne}4b5f^_JFWqyw<GS(Onc)nW(8wl=T;k@h4OzMjugu04
zKlhb5#OvYEC;eHJ^2NI`9!WMSU~?{GIdL7S@0GFWTRrIqHpc*&^O9vvkn9rj+K_Ly
z%g4&lN7NdQ>x)fnt?g8?ZEh@=7SsOtBG~=kaG;X1t+yms?ANV|RzpfRa<05Y&O8yl
zEbV#axeU~opn3NzH)SU~qgi0iXY1{X;+ThoJl&+ZN@hr9)8$OQLC@~~M4)Pc0e0+2
zhK>|%qSXeydE1TUTA!}9_$I~rVfH`N(p-Jdiv7-tKeJLPHi9Tbge<c#aVOM-4i6^K
zKD8#8U-xzXnE1K7#Tgw&;A}e$D{fC8M6^8$H452)Ml}yI3DQlpHNdi;;39QtqTp*k
zP#{vXgL*@!BWqz@a7eBwFLA8sP5InO>6Fv?>SW$0(IoeKS@xKE1UKUAJ^^`ykWQy0
z%dJ?nHH{e@3(|SN`cKW=RmcBoYf+k*NbrqTehJo!|L_Gpg4&Jl6wSu?R;B;rjJ223
z2XguY>TWen>JTc?^9{-4;&<F~Y@#ff-V*h|uTidy_5XPjkwl;q;;#N9@f<+^3X?04
z2LE81=n+sP*du!6hH~lYE8y>UgucsG|4_>H2zo=7e|a3`idw3Wm;FGzN^JE&W2Q$k
zW!M#hiEV_qs{rnxk%wZ<>_;@~MGW#g_5EaGYxl%w0Dn9Wa%Vs=(0uxU<&|}mKVioH
zslg+gLvxd_)W`TCO#fVQ!rRdy1i6x8lK!~bIokS>#*FA1Tm3*MguB8EV=n6>`aOux
z`EnR5WtZXlWn(FiQt|uXeb}OHvpO?edF#h+yTa8%ln7nTcIkyE!+k+KflI;RAhp6~
z)!8kv_{Qiye8X1FX!|EC^A9)P1E>?OU+w{lc`2n@xN!}-b4DFjgFpqvD|=7*T&ulO
z?}ShL{PyOeGVuTbQCl)~$D*|+>deY$#WCg9Y2^v#latc9`<e|tj4!lSN-SQm?GjFj
zR*qBVoI~O+>xD}oG%%=tTr}`B!rgb7aGvM-;=MzMxg@(;Dm1w!qk`~8cOm{P!w%Um
ziwiqacUf`zXdY@f<Oi23pME<}o)i`B!6O*?j?~EeWnSQ`g;3UD=ZpfiAcGqV{J^c}
z>bu`2>c#Px_eF{?udYaLmOlH?r^`g$2E1{QiG7NhQhhrRa#*Z=6gigEcan*(UfCJf
zcDjg>>*t@~H>Vr%bk4ZaqRB!w%Ud>Yk=t{_cLehIH|^@h6Vwv)Eg+VC^-6W(7E`I#
z8^`_{?_%B_jk;fSq0T#PtkZS;avu`Q;zu=mZUSfCf8lY{$!3V_L0RxfuiNr!Ye&?&
z3#or_^)CJZ<Kx5BgwM|GUx+R3WMzE3>p;Qm@e~_jSk6jXePbw0i7Pl?TcF9xGG!aJ
ze-qf&CGYoCZ69({8Tm^PP_%&eIs7PburaP!QQkA?z3)R>^x3Ac9S1z4{*9@5)BWRC
z{w;e=AoC!hVO(0GQ=Rr?^V<@ia#dPdI=Z~cbLOkl#kyhY=DFa!A8<0I@mx=0UxHVr
zzP2xDdM%2s-AP|HVNB6CirQMT?InreAXKNY+enQt^b`3R*(<sBz;j_l@&%lnr!b9X
zN;9(czrdY)9j3|CQQ2oyv~}Jcf2+8RQ#3|XG{fmK={sL?Gf0l@Xy;&i>D4x#RC~wg
zTkYlOkntqvUK*U&azRub>-j;od*7#M|EF1R#i|Q^!6tpgY3qphwML>)uJnWR^9Gnz
zk~zV(DHe9G>z-O1*)CR9@c5vLSx#`^mRyOwtyuF>G@^d7{#x^SP5hwU4RO^XAvotQ
z;^~{?llK4NIP2v5eLG|UKL+Wz;|4*=6hp}(YYe}ur-?SqyVjSTw`sX|I`5K*F)S`^
zhnUP|&x_2_a47Fd{`)vb!t8};v@4fx)9Jy)m#{=%Ww$&P`)Ch{j&r3OWAk)3cmme>
zyZ?u+w~VTzi550-*Whjm?h+h=2M-?H-QC^Y-9nJyuE9=l*Wm6D>_BjxChxu9w`SI?
z#gFRh+ETlARX2V5saD3Dr#YH@*QC}1!1U_!U+r`_xS5?)COFERsJNwf_bJaBnAx3@
z3xoMa{a<)}LPvQe=V!w4hxbmtjRp0O2lXq}Zd~pnO<M4C6a|a^xgH2{`Em#Tosob(
z^<Kgved9^rE}ho$S4P5-MxfHK#Lt+2&=OzJ=XJa8^7`jG(>j*<`TFjm{hMeXETWE~
z;@X7|3dF;60))A!U4H+XM0Sf;AEbR&?HkSgzAk9eNjl*59C6P@HOdlG=A5FrrK0e2
zql45E)VJC)H#GXCSt{qgdPrA-MxydN<YRf1YTPCN$XxU}kn~A~Is)eJCVgluuM?dO
zhX0bOi=)RvItk4L$L>0zF`ChB|M%xH0By*jU(`iuW8nFVTuqW9w7CrLCi~-Fg4pqc
zu^8U%UE9Uk^q*1$zsml|8_pwf?d}sMhtaRPT|cVgVye0##^FMfh(CU8)aaj-0`g?y
zf!D^rhAd^bwa)cs_(wd~`D=qNwt0IeVcY$}&h*3Xtn<Rksd1s&bhGqhY1Ej`nnIh?
zHPX;c%L_*uc-1fR2Dl5l0At2CaDS>wa&r5<a6j1{*txV}V8Z0vl&CWix6Jr;mGLVv
z>?4EX?L|yMe7MW+&(BwN6eQP<aAoXBWpOv|t1oLWmlC<R2aMbE0U86Lz|+?p_*OHe
zq)hAu*c?G-leDM`lsx2f$cw+*YlU+c-#=~ixPbC@`XWNL5vo5Jr~YnQ_Dv?8^wR9Q
zesF4NqZ(y!@{g#s@tSm+D?3$?6Xd^ScRlhG)R<(*H!b__OsPIS{#X)q87q+6yOE{m
z^WUW0=9OQnAv0)!b#?KBe?aF?Ati*~^(ngk({yh=@_#el@snLkp~Q#J&z-ds=o`x`
zhPnCDNVX~rz#yb5YVOM%VuWIAb+z1PU-G(ij#fJs%mw5l51ivx#YI5~_Pc<lclJ6d
z4igWr%#mt)u}8<rs>tvHSsD5M4o^9w4><*2Pz+p$-wBfn3H9-!C|j@#6|H3yO=Uqn
z3+t=gr|gLhgmWS$0~V+smF~e#{)9J4^2!$XXk^{5K1V~Bh&#tQ)Qtr8de(OBr&^N=
zA5q%cHis={Lq2-zOTeF1D3UX3oHDg(nGdUZ%T~`XIW@&OxvnQuaGWi7ufK>@-0xJ*
zU+$DP>fQ1lV9@H>$5nLeOBE*`89Ubu0*I1o_62Vz<H0Pq`@mhoQ4r8^ZJHA)TVzck
zYo8&^{DzpUC~>5!kcOK=v=lPlK;SL<@X^8WY7|UkQh$k>M{wsVS(?~wbRIi}OHfe0
z;)b9WNh<oonjE~%OF(J)@iXCBZz?*Ep1Pm)DI5n2#)9qcB>FQ{;$8zy$e1xR*uTR;
zbO<9Hdm<ZyJ)TXvfXns9PvtEt$kZW++j2l0CRXA{!qdGq7iB+67wok=2tUju?(K%~
z9kA*8jI?j#8ksn@W(+nq>ySjOa%Pg*lFoi`$LZv!(8598(8&MvwR&0Gsc9mq;wDX}
zs$tKHWUu_!6CgbM96qrf@0^xK1_WcX{qLWQ!EYY3ywxv$B&m`mlPKAP<YmlQqWf%j
z`_)<heA_bn^Qg2UnpOk2D$zDkTK2hUN~YDWy9_4$jK<&0=+FdG_|^B;!qo~QZ`e2b
z?7TS4qU&^EwG{7{mOWL|x`376d)nd4ND7r$wU>B%MHGV2gq{)L5H(p<3YK}Jn}Ic7
zrrydZ;+6%dsM9z*?;rR9)?1`8O!`B6v-0TeEFvwGhhHAhGf4!jQs&P-9o-A)GMA@)
z80nHLPh{?)zWkpJSNamBm)_4Q1#X<3pCY*`v(gpW$tjccuQ&PQ5vlm3(C`j-pgz|h
zwbg8-aoY|aNM>*EXr|FiOENy2KK?1rZj-5B3-(;+i!-nK);o8Bv%Eu++Sf}oJD%eR
zx?AP@ox^j!7AM^61}w^6x#1pH0-%UoPUJN4UwI#8r)k~OqGi6=u98>kd4j>5-G4s_
z>9Ccd8N>Irg^>l$*GB|H<mY1>ov<EJydFM_6%<1I`Pl#wbAyYh&7^{8&ZjTw*0>YJ
zBf!7z@;$D)nkPCOzkvLZ`S@jsy#DvA<GmOK$p_`Hcfg@h(w|aL+oL<|zKV37FRh7!
z)mxN$o}b%Aq+edXM0g7N>HPFA;`_6I{`g1}Xjac&*_KiCQ{DX0y^gKslc$#4UK`}n
z2cchv9`DXp#=^ElR`TLL)_l!um(dbu>};sf`<YpR>$BIP2N~yd^x)dnfmKVekr^2-
zJXv|rBs0QWV{sz<`mO9l-lROQ>B@nsE$45Pd(8h_p~eMpdN}et`TBgUil@mdHPW}Y
zXq2gy@3z;<3jQMXS@fP4C(o-hPBMOp2c9VMa{XBEeZREUm?=#lD3+)!uHDB8!gETm
z`$V$c?l1I|n8O?{pCtIhOnE*h$c=IqLeclV`49bXq+tJ?oJT0#WRuCV%oMI4-{g&#
zId|v{WpkNtNVcE;PA9a~B%kndCD-p`H!ft{WI1ZreE1>t;O7;WhpYU9Z#YkdgU(t(
z#JZmol&^?9e02H}?^_c3yG)_};J4gJmdaEZyKSlCbk~O;3y&HG?w*WA3a<a_$Hx#$
zu^5I$Cf?`1S4Xk4?9Tt=;e3FCb3ep=oU^RL`E?bg<Rqf!<NvXx4Qhl9BjS=(7<>?0
zgmxBlD*rzo{>Xr9HL#0Np<B_fkZ*d;Ye0<Nasr89r@#<5AZo7drYMGS0@z>!fY~7f
zZ-83???;mW??*oX{6g+6D)8z(I)<%rM{+tIEx$~<FP(8?rCG1u#f29pTt}c2A+$i;
zUzembnq%w9QI2&<#f$fw^nS{z7hy9)x5mU*88^)T=s870$GWs^tHkU-WS7%V?roEH
zlZX&;-@ftWJ<-B%u?^11MjW$HgxgzAPRTOpf;LKD8bR?jR+Fetr3d7{V=W_<?_Xqo
zJ>uDKQD5NN&2(W&^?OM^Wn5G5^YYIMIY{--TaQny+;h>-9OnHYSc=QaXAxh-lgwsW
z+m(x($>?YgAvPxy?pEFVu~DttE;%CMTSJ0#_NayLYf^M@fTwOPzrg;1&NiXuQmv^t
zw)^|__)_hReayr-aTa9)VU)S%Ljqmf-xZH|<Lw&HSbG)?F=LWVXzX1mh4RE5gra%<
zGM(s8k5uo>t=SrmKG^)wMMe^b60>eSyEqBccf@y48Brvxz1E-zj(yEfD90aBD-d1;
z?i?{>1&L`%Ll0bV`j4!zFF5J9U4D80QnnH3+S4FzF%5CzZtBWq{Hs;CDE&<Fv1LN$
zzSnIL*;_UQvZnB$Z=PT-JLVEi_SmPoYM@71;45$3j(qH;v(Mm?m%?4^_W|}O3h?dK
z&XC4K9CPXO1>6n;Pi$8ZDRu$TkNH_;9v?K?FPj(p?$aZ8%%W1dKJ}+hKXiI(j^6Dc
zM`oi^*?o*@tvc@oM<AWC$SiJnd_h6?(w)*<=wg=YUylNBGZng0nUs=0c_&r9yVLaY
zB3K`L47%w`D}+*esKYukzN(pa&k-ELcA|top>0ckqV=>nQA|a?E#H2J$zZpDnaHm8
z-OGwBwRmU5jnwP-l3965JK@?5R@=tA#U>y7)N=JiZjbkr#N3mAob-22syI1avBg|)
z_d)Z*OS>6AYGOb!e`zc<X}j12F1c>MIEV>=MmA0XUgj<rKvV7k8mM{cLuA7K*~k)l
z8J}zxgg_Khg20IK3{2`31GS$ion?>=U!F`BOpbyG;-`uKH#~YI8CwGRc$(z+NWf*~
z#WFdHJT&?w=hK$kt+pB5R&pb;M=`l1b$IWtsyx{-H!EXVmgwxWu)gXap7&Q~_eov^
zdVQ>M{QttESEHxA-N8>Y<i)=$7r1$cl!Mcj+4Gcibm;e3oZTUcmG}d=Z!4h@>`$Ma
zT5fubK6Fj6FrDLNGT|BSNxq?@4V;2CaZdj~<Y<LBz5{o)<J**m%Nb+@nd;1#N^Z?g
zBPj|F(XDFa82y$KknzPnC|iD=Q-bFZ$7lD<8`^~x>hk-sq?kjQNA`w}YLuotD2yrz
zx@zxySN~yVK0mY=y07RV<^L`Jp<Fwao6H}Co@MmnQk7p=-43v$D~k8)BeQwGu$;}o
zeZILO$Lxii-ELjF0n&D-K@2P``L`6k>o>)eC(2bzd?QTgmcxI?CTa`rr~|a828p4c
z{GWWGm%D0Zd8x^7tt>&<?x3;+#bj;ScVMHlFAz1@WDM(~?wIpyhor`7v3Ode?kGnZ
z4}VMN_5YU}B{c-NQ5>8$fEz`5Z28BH>Ta%`LNJLbq<(`G1~tMn2Db_6EtlXmGk-U9
zY^>)0)4+^72{rL$FIAU_LN@jVRZ~=GSCn059qq0~U4v34Eyw68cOz7;i*{o}BFisR
z%(T93x-!`dt689xT;?q5MWu~_aY7@s{L3DLuU1CYk>`F6((@tgw(fWSj?4p94XgZ2
zSEyo{ls&|>-!=?o9E~DMK8(8ekHeks#Gc#)Os&k{Yx)&@jNzrX6)NtiP?|o{2@CN!
zY3l&-XpBnd{n7ny{z1`|WtuDpl>;suN?<dFg!ixV=U&@E65j5ZjwHJQ7%t1TKy2OC
zZ*D79HO=xvG=xl4{lXrS#Dr-ces)Xcw2fxL)R)n2A##mOXw2{gz4?3e^#!iUm;JxB
z$0`-d+E<slsbYuK+jyhtTjbRkXK9@k4BKMw%$%!?k{;&et;ioZ>yiU&wvtyjenWZ_
z&pM|3P024d`wrhndjk+brHqcUYA-9+Pa;~1V!&@0Oj5<y?``r`UugU~6iW-qJi9LB
zQx7YlTwg+&Xcop9RH-IetPEZB`{C;JnCeRV3*$6Lwa4q{<m)va<`d{A+cFQFg|`zo
zskD?5<yj5r&c58<h>)k!(bz1^`iMi-$`zR_P2&C!Ke`}sAGon;IzZGY-wUS?dxcQH
zGV|AVZVC5)2+|kHGy0wIJ}OlOB|SYqzq;~gdkcaK`>sEFD&U`q#h+m(HCpEXKLqLB
z*APhiR9TV1A%Gyon!wqd7AIOFxT7r5H8JrsF*m-~&(fU}G%uqRxYfaQt4=ctq}Scb
z@JcmO%Q>a&r8jcVf1l2lc5P|6wVqNS#SyJ3THw`x6G*p`Zfw1j9kZZq*EMqalaoT@
z;ddf2EO-*Q>gEt029b|%w+4*zGH;FswkGK9v<9@NU`b#Z?F+EYB#noB$d1%Z6Zk-@
zXwQBj&!ouvAmi_jtf@sQ1iy)sV&N5f<093sH=l>)mg~!O7pS-TF0S3YrnJ<}oGxLI
z9^gkKb;yP$L`AeMc4=atD)+uMVU}05Hgc|@;yAbsAl|fgPADuk$db?qZ?JVQ=}{`M
zR3#CoR@a+gw`EcF>|5~Skj-cT%hyEX=|HrccH;spY|2h#TIFKiFVy0ze6z_l@<%Z}
zJ&W@Ciw@!~X+uGGF~!b$JX4<X%znG^%K;nPrtWD`+x*&TKba_*0n76ZrK8Y+3We-Y
z+tSO_z2Ih_4t`3Xj##ywh_W)l*U?E0;g{z-bCS*U$BD7@**oaF1ss<QQitbJr;y;^
zyEp*w*{%GJqDo6z93&4c@n$veFdd#N0;Ph%gqV=pUDN<x3E*Zw0QgXx8u%OoK%W^>
zZl=Alh&2Gu*|-4EjXb~!0FWfPg2RNg_ZE9cVQWHZa6u1%mZxtxsuzG(kz7z?LJA{e
zP?)M?Vb%^>0lN<*Mh5iT!(JZBs@Y>=I@kcTVn7Q(K0d7gU>iFY<N*M!`Zb3|1f0&l
z@om7(lNr#&{Tu@m{NN5{JCMF^Ou6X}c<gr$c>L53NWo!2>gzKA2xce1gN}IvdmWep
zJSZ`_=t$*Gd{4OGJgg9s{_>DGX!{nLER-eICqE)!7PvF}3n<rpvyXmve6bZx2H3mJ
zKv>)q0|3DJaB&zpfS$7h2+TvE*Bk(=N&skl#KVM)e@X{POn`z#hZg^wy8wh^C?1OL
zK{-1f=*Qq7;1Ph{P2P*YqY!*V<Yp$b1EQzqJ0cj0{(1wT1bpWl0N?o{_m1Kezzwq}
zfk-;%V_`Z-1t64pL1RMV*(Qj8KJXV22MOtarhI?>fxr7=t4;q6%gsb+<p8iwdn$K2
zAs@HG_o5H^gaB+;1#qhiJ`&=fGks}bDE0rMfWn7s0KH^D53i^J)NqRkF!>0e4dah#
z5dqdf=fiylq1(|XUlaf~bU+-02t-s3phks0g<M550e!axbQ%NV3qa>v<X}2nE8dHG
z`7mHY>I0)m0v2>H60&*j1o%^6JPQGREF72)DnKxQ+ls^3bjt(CA3%`i0K$^gP^7K8
z?<jQZb0Y${fzc&3qTGb#e~+nLLn02diVwi3E;N{sii>oS3G-~2wbRugo5^&ovu&kc
z;Ri54G7O4?hyVk#fHR`NeKZ#q<eUElua|u%IX&T>PyW`C2_IQ8Ye9g=+<f9N9RQ_z
zMMDiGgaZ)GK-bWL)(88Tn6=ixr#`iSTN)N<@uW*&sKmQ~!N`pazyrpa9)O{N&~oNP
z2A~6nFM!+vFuM6{n5;FQfIL?JBo0yqx@SfWwN3(HyFfPK0eUY)0Xq6CfD{V>L-|Yz
zB#sCsCgdy-OtE83OtASi04EbtL)p=$ihmBhjzsvXr4JC2l@yqe-kd4opL;V9JUplX
zDR(M>QN{pRXu$poV0Vxdu*ZQ8Bmx07)C&{PAxtdD?zhOVWkdx0;08!<I%+64fGCay
zre!Z+Pa^~2&JPF=G!~?=C1qqn7ALUr2b(;Q1jTYNl>j}83WU8C7>~blFg{!W#|v~E
z6&>)wob<CeXanf89xz}ufF>q6m>j<ZAXJ_hz}!Uupk>|+hShK>5<shhU`Ry3G2mb<
z8lXNq{EY)fqXM$H7wG7k@YepHUJqyK5Y?reaCEXa`kD!_`nHve1^`ZbH3IQIvj8&j
z%^kq+7~q66;EpihPG)34IPu%&D#F0r#{*d0832$5m~=v5p78=+`2%~x>;Ua=0Y&qo
zz`s$;LETbhF97B2f`bM52>5>n_}>Avh?av9s4NCd)qMc|(L%$ZXafR(gyH|2I>Zv+
zD>;k;@@^N&&DD0A_5J7GFZrA(7Z13oVnLiJveLa6`d0r{ixP%;L`w7~kfZhj*`Gof
z24jgo@!t2-lU#Hdg$Q9-q8zd1zn0*4So-xA`0t7gEySaOJ*fUWy(LF%_upwmEXd-2
z5?l5TQUBS|PY9!U3H?ubf01E?zRka;waJkI%Kt2a=W?X}(^L4l7ejdDyW!`AFhkt`
z)#MELDZKDsCG7uH!liSfIR00+B})w@^RGj`K*MwEf6AwVu;DLo|Fdsi`GNA=@3-EA
zfvoz^J0hTI_w;`{fz|7OTt2=lto^TV@<89L|MQ7gF30%)<8TGgi|+p-=Rkf0y&Vw#
zwu+C4gVKPJO9s}|H_Dk0OR<HP`(4rM;aJ}U?w({&3Q;`!g;KN=mB>h}eI^2JDiNZx
zUCuqrS(fje95C0&<etJMkdw%nhH!yNVDq-vB>ev12m;PUUeh~%YTL^FhI-Cm*~{-&
zY}(5&LbT5R5t!z4aUh0O%vCoRRbq!V1t1y49>ajfBpKgML9&*AnbAB_7L#S=!cs~E
z+jutHJb~+l)AD%~^vGHn%&CHF5z}`MsZm^|pyr6InJ|TpvgSb**$_@(aLnJZ_h?Ho
z8nl1zsZn>8+rrJgqwpOS2bG5b%Ra_wc^~At9k3g~z^s`x@s~5W_ZHlnRLiIl&?Byn
zJ@w3S&~7i0??tz9j8>aP<))D8jGg^L$H$wLgXU$VX8GQu(VFk#63zHHlK-^J&PZRh
zL-yE3azrHwDPss3&yLrS*{*vLXx<s6#7JII(cfAG9ZZF^2yWuk3^80kS)S;tM~$-h
z3b+@Oi}IYRQA6cFmXpWLnf+?g^x@)393MC<8rKxu_ObQ*LqhAz#G~caXSqBCz)d@A
zODscIdbwCzO>5NaaNy5cmhYvkScdq~kGrGX^{BNLS2X49X*_*H9$ZzGYt~Mn^-w2%
zcV^VUSBwGVA(FKOv_XC9M+h@ZkTfA%QowAt8KDDCmHqfmU31i=%6-$v4A{hlfM!17
z*p<FcH4Nqwyu_$^Ipu&;J<MSVZ+^Ot+-~Qojq!cfZls=#eul@s+F=<(+p7W(y!)4o
z^`x+SZ1NJMd#l~FF54#Qph9KV($ea!-EWG*J`CX^BFL@=A5mH{V^_;0v#h4P8AH@x
zAkt%zpGJcOs73ABOH(4h;M%bC!>2%nc!8pk4MC8^c>G7g!V$e^0<^8ShxeEl7rRtE
zC(dLo{8_!V!Qt^sf1-HqxDFC)!h*=$;QMZ_YYNdj*|p+T2u`!BIlXgaK*k%`_uvb<
z#*Db!?^QoZ)DU@Yb>k2_4t2X|d&1$T>#Hw$Y@ZKGWkBZQe_3fZQv=TZdK=xjdQkzS
zyZN2IpjlnA_~Ltc*E66=<aXhLt9M*EOkWYB>@1EOP}0$lw**y{nW{pG%BB?`5pqbW
z-AtJ|Y7&AO)jc5Hu;h_EAQ*l?oLlyA8d$gzt069)eJW|1O`(h{|84HK&MPGUAxVBb
z++8c{#zoy1;$_#M1oGCrAAS=`MEe_^7$9(WMIq;{r4nkA9fa=hMLX+PPA3XfN8Fd+
z;`%&MG6+EUd-Kc&q!TM}f-15&PU+=gw*g;knJb6pLr)tNECtbr=hT#beu($*Z7ef$
zO*Jjols7)+{q79)!sV{eJ<mtO!VIIWQRmP=E{brB4`7V7>VGgPLbyJ~<Ilt3eZ&+;
zFg*Q5C5rI)+qz;NZy+MxH|D0!TO47w|3FChaaE8q<Yhbfyv7$yirHguF^oPh<Qb2@
zSI9EKWp}Owy_k-=4^7y=W>MHmWQ*-SuCxkUiIMze6UBCA5Tb%^2v*>0%r;00OzRiY
z+;U8d2mV@z04bC?PhXe3v5?MU*SHsre230P1K}6F55v5vJgS<Z!E3ije_*+c;|yu|
zGrbtHW%-xqUkbQ8#;Pu}@Euw_2V2D10DsAwk7tvObRubR0ud#M%$rYea?oblL>lMG
z^_-jZC6FI+8X`-=a$_qLS?e1$vrc0HNO9mh19Vro85Z-V3){<aaA%=Tr~TiDceb^_
zubuJNnpr}N<{L*8B2=(#Zl4pFf{|Orrvet(QNa?^6o1}YgId4lKp6kprp2rM>=Fjj
zn7%vzqY}huTVe*0IG&Bp-H5?ZhbscxT(}yoJ-=3$c5-cFgl>kb{UDj6X>&y6Xja$X
z9N855u`Vsz4&4LC-MgZ(fmLsn)*1)ESUFJ61^(`DTJ=*c&oewoc1VR_H0OaMFnZFE
zfXItZ+u>PNK*Zyll5AoYR>D}R#MI)xoh`X1y(mo}c*+oib(9+-_Ips=Efh1mct*$T
zd!hJy_iG&1(IG?{we6&_xfsb7JH7Wnnk-^v)>j~R@_lD1iQeS{Guip~+S$+H5fqC;
zSL#Mjt3wA&;4R(33T+hn@N8LC(ogi`zk<@fY+RPpudh~`xj1apxyI|67HgTORc#0P
zE=N`sEa?d>+pv(@Hsf)ddjsF-=!Xx87nvygV`;ylbTP@9T35I|U83m-0^h3;JCtPz
zGjZ)J0!IXj#8V%owkGNPJc@W_1eS?Epy3PMM?kybCdW?<>{0<ox)HN3zh?XwCI9wX
zaK@A28gkYs(qp~E)YY8%dJK?y^PO<mN##2d>NlRm8n9uf6~evFhc3ta^S&Y>Ilbz?
zkj5lN+Z#)c_vdkp3%o33e7@0~I7RY!pD8~8;s5Y%%?{-*^NSj^zf>dsrfm`2_^O#w
z@bb?<+AK3EQ-}qXFDNBx0w7aX&^XQL0LrF=Y(7-3)<-#amjtFDbaRAdlyQV<B?6GM
zdStG|ILupd!U(#)p#W(Zg0wEnQpy4ijW`uDhr)t`bEns4-N$1>o6<h($gp|cr&VVv
z%{nYRZUmxa!%RzygWp9J&LQ}l?NkgJ@YS-D&M?bPu4FO53!;wRMz}0lXrTD|-ok%o
z3>7$U!+>jT8;e?oV({1`XKi1a#ctwymj@;+ZDV%;^pt)>of|^|+6frtdR%7_1)o&h
zZlQ=|7i8j_>35=!_AyqEEq)q>(4#21(7;dbL^04B+YUVcj%aYgJT3=P%A|V5F;&R$
zl;wXt=RzmD{W=+XYZx4F@rv?ryd%7gJ{OLh347N)1|^pe41woB4r>a5PJIr+ylGEI
z3w;OI01-W;{Rz$i1-32V)d1IkmlxIn^87pS%0I;}CJ5H%mY18Itl9|I-~#SN-N!>1
zXeOHhoADInF6zq@5yT!4o`eU12Np#df#@1$1iiaNN`M5IMCMK5OxVT14w%+}IqVcj
z;sHibBDSiKwlm8nu(Zf4AlG8G5k>UYf!2s&c;Wyx!p2mxpx5GWD7Zo_cH1`xz1c&f
z0my(oQwZCr@|p}d9t(~=qZD+qZE}zlT`4iY!t3f->UnRyecPq)VrVdg{r7K9HmZXC
zl|MM$5rCm0{hWuq3eBbeR$d>e)aH_UD|HQ2E^xBEmGVT;kXJc4@!raDX7d)~uYrZ^
z0ofU_9z1QlLl7@<K{_DqOjw>^O%Bf2w?-eyHQ?-^$9aQ*X1W=35`SYh0hH0njA>z&
zl7}AJ<DDm~gW`<OTbU<BQ;akGO~}q*9&ViIO$5)*e8qem=dFm&j_g3!a8;#bxjr52
z$|=YhjSggt#-&1^OfTH~!bgRnk{W(R2Vjd6dtmdq;bygf79>J2L<yu2tp&(A1MaT=
zTc=H{!{;Mr;`&C(tQI%`U4%zmCLeDAF7*MZI5h`>@s!r5*qb#lsCUXGka0Min^Ku@
ztzV~bt%V4QQ=tTw4GF<za?l;(Q_Rz=%slk4t+G=AM9FQQNZ=HK63B-3Fzn5>AUGf4
zS%`e>MjEbQH>qOgd13~S5?diVi4y5D^(=d6DYX(#7PvT>wJOajb1Z&sXZg2)Ac{_U
z1{EC00T*4)&GyJN$R~K~&yX9&xSN>$eNa!lz<}Bt;%;J?K{A`-Za$7d36zI?4e0&`
zWE>d~?ikI0(G1vDd5gdn0<BH#&Cs{(8Tx4ik{-)4@o;c}w2k`S`?U~dsM&%5<W$F@
zZFe$O0`bE^4uqQX0yhr40kL+vgS#t93GML#$ki4OWU!?fWY-uY2o5y@)`Jl+Ut@&3
zNiqhNGsy@#prwVq!<B-u8IWRyV8PM4mqo4eL2~#AYih<FQ;(PjWwREsQH<XHm(;`E
zR(rMmY<V!hmhTm7+%gOp$H4@|0`Hi8wq9T{;cS3tXOnFS8`+1tV~e}b*tdAAMbEr0
z*f)JE6%slJ&+FI#$?^49CDM5Jn|xsgmyC1u77#R9APkAB$ONEy?B4~s=qy{`WI1y~
zesG7dhO1;3W=8P>pFk`5;@Dw{?^*&ulqiMLlDOaWrZzgmHF3ZGtpqtn`0f69i21wE
z9ZEyqbdD=vsx?(pn@f=d$iwCma=coS205xZ?9JS<pR+u5yMIQkCckeC#-eQ_@zYuq
z=aD4)9I}sc#b|Q`MAOlBeRaMDJToA*&Vf)A&JZ^2rA@n1u3<k`>!qHDwHeK#2Tfq7
z1YTNwXiz5%YajqUn7luRdPxDMayKx%rejbi{grxIa2tSYu;EU1sIqG)21Fm%*~b00
ze=fxr>dgM3LF37FnLcyrJ>*8a6M}X1&{r|?jwM*`;#@&4=Bj`K=ES)<*Vc0wtRoy)
zR{<HEVAcmEkO|C7>r7Y=_y&l4U?ADeAaN5+Rp7u5AKjp0fYIhdiqbd#Ds2jZ=cE;o
z&k?<u2xJ`&Fzi5D0rT?T<U?(M=mun8`J=uD9H=B9d+;|vNCDI_T?51dJ2H4G{~a<I
z8_5Z>#u(SY-V9P`oDsA)2E|A@+JLgDc$Y(MkfZtWFY2b9&A_}oM~)+~ievu}9$`(M
zgkUzA7wwf{hQ9kCd?7n7l>m$~6YUVJ4e*NyLxyYUzT^-Pk6&YimG>A<fEZ>2t|eMX
zeKZc)KT7#rWa;LtHw}BY`L_<d=>ne638)e+Yl9q!L^y|a>pmwfKhee3M&`Bqxbd6n
z4Yp(caox8PjZ%Vl(munRc9aJ8tio?LEPr|*GhFlcKfKiyk3p@17(dM^yX@C?^Tf%s
z$61%H=$JvM*o0-ypl}nXPB(#29jCaW^4il<pKDHEUz_}=QsObQoHoNXRnQhgR5vX_
z`AH=m2Z*52kQ?GVrujT*(vk28NbTgCj&d9ajRGZjvwm-<4f^$DXD)6j;Km!V$TL3I
z;A?jApjCJ~Nh;h4U7RDdB8`^KgY{2BVZ=NBf&uvIO%+67xthNrqrg4~4PFkDf#!i_
z2W=LD2mzKI{LALlyLKOCLuICmNMP>}V1YMaQ9XEPA>uK9>TDX{`}EbFXP2ab(i@U+
z!RkWmz7_jy{YsXgGf{iw)%dGsI*`(g);)oIcXsS!+CCWAy5vsP!dG~1wTqt~)#F@B
zu6<$Zq6AM%fn9?LsgrZFU!U#NNX$1KPR_=NkX4(m1d<Gwk9%`a`T#eWusWM{6Hc!+
zGkUXE-)EH5Kqxf}F6X@khy|1BCaK_yEc6)$TcF}gT>LV=Of#p!o;xv?2kjuS747;=
zKs12pq7pj?7sSXylLBAiCIMfV7O6(-n$aH41o#3cGl`u`3L0ghyBLh1xXI<UQ4(-G
zEkO-^WuBYXy!%aIPAsTAl6^3GV{CXtNZp*9W|&xai|1|DtSJGOpv!Y!YA{3`F9^5?
zf;@=I03Gx0dx>dgzzKL{^HA>ZAb&o>YX^NHFM({2&H$l1j)kKX8xew0F|k?`I0M-}
zsdJV<`ZJ>>1oAtMDTH0Jq4LN9riR$?2$6<4H{B_z!HRC+(>#6`{zFa!nt~CSu5{yd
z>r(dFfBl-|**6dK;^<WRdyo=~SP9sIw&_z?a7F!Yp1HrnIVfknz7Fh<qDP<N3DT85
zz&kGIwRTTgk#&aLTe~_kPIs|j)A$>6RytChg)~mY?&AYpHfO|bVZ{Xy`yXi_qCbb@
zY8TzZf+Yu8Cm|$?cB3G-r@pywrYc||ts#TUiqs-=tt@P30t|5%VuKhW)*61Ub2CJA
zHeID%+{Vs%u;P4fZanRlFg%k6UR_w4wB4)2&1RlA0!?0Mo$!uZE&V-%*^;cgggT>(
z#DGJf1jFckhiulPpsuOnI#66{{W;2fPJv-oQ=6l(dSBm0O~j0=-P`1vRcPcN>9YD`
z%!Oao%#q)PrA?A2MZ+N6Dt(Q&9EFwX*~t~@V$_wLWmI9lV}P&xq%k3N*|TSp@XoA$
zG;Yl%!%72co!q82@G-f}4aH%A{(_R6@ttG(-JNC~K8)UE^sno%XE&tULe^q9QVHCJ
zI;Aj7;4qyv8!k_5ey)x;?3XK&Lr`rIoL?$qnQ;x_z#JVYw8x6@&bmG;&es-S`3Hm)
z0`k#?kdWjeFSPr6{)4Yly`p@u9?i9ua9yEt`Nl2y^HX%7?7kWNI|@BQVH1F0hZsa2
zHQ$sVtDU9j#pi>y&^Ffx7u+=(P^>A!85xq;9RWX@hOvl4r;HlRR`bHOMh7VeX!tX-
zJB1sb5JUUK0f$V&m`aYOgl8;&ZEjJC_V73VVy8d}+&Cu^+i~}*8Lu0Svogg&c6}0|
z1MPHS59d~_@ukVz{V>!8RC58~GuaYtlJ`6-ZyY4<RJABlt#fQd)LQtGkyH;STXo~<
z=ZyJYHjw+<b^ExcU#0g+h4Cp%gG|UqGMj)76qg;+K#1VmCy4<5EFEINA-vwBO%Y&g
zxk3f&v0|o#f>79(h6v6FsIOZif5=uurW2Kb?sdv-qx?;?eaIJy%a@=1R}t{5c{PmI
z_LZlj5a%V|us8KvqG$|0ywd%J$o6IVL9!gQT7gTZ_?XwuO;(-gSoe}gHQxhzE&AY$
z<goG)^Y)W%=J9o-&{<0^H;gZjdwWE*+NsnSw1D)3gcZ)VrtL>2ewBdZVln7S33H@g
zk<A0ormGG^o(w1*Y9lCrnZ|l~p{KZD2qN5QQ=$;G{v2X3*^n~p4Seq(R#=bh2t<J}
z3)5uZJ3KTf9dZsR!?w?8cg}I`OX1qQ2;hKsiNql(wSq8Rk#g9^+yu?Bbf6_*0vpA(
zE!MirK{n$Kgo93pCF>YZdl`WC&0gOTFwSs?A%#aA5AML0fKKM*;960}`at1*iJQSN
zF5?ddREFaSK1iD6Y0o|3-N5}f`_aR@9`QtCuuT+Ewrz%B2?Td!2B_a86d&3|WeD5A
zcuN%F&Rm?~u^4^D0mGmpkQOTBSlkH&&3lGGwmv8lFl*w3@uKk_{)u7`P^s^TVc;m1
zs8eUAmnjcyZ@#24K#fnGZW^G0z#zS8XY!8V*lbaw1j05gwqfypo3XdP4#i;&@;d^n
ziOu|1n7rytGOuN1GL~fVyVHr}un@4vlyn9H6#9FtUyGl5*+h{r+yd8?e+_oq(vw0a
zgZ$VXa?H-sV^N=~-uHBzqxZa^dC+Dar3!BL4im$)e)*XhNZvUN<!+Ro9N@0}CG#vs
zlCMIGg5)<y{aj{?ZCj?7odxbL<!TY$xl@9Y8O)E}0z3(`+a(7nA1%~eC9LYvnaNVh
zJ+7yrx%6~Eb-gD!1T|KFxf_A96IFLM4FE461H1SAh(H#|*@22ncchRrCEdhIx)qOL
zsafDTv(75W$HVI}AA??H^u!=$zhQv3A&-3~Cms+0;U>Xv*=*6l+_ezn)yfToei;@3
zO#pRn`)k#0+qWJV)U5VFM`UF`t$v!VWsGxxHD`_r&p4&M!gHud=zis3N``4tf~Ce`
z>NXK(A34C*CfHx^vkYmz!g=f_Qu1cNzKFo}AUPzWgiMo-9dw9H4(|BTN7Uv#io^AM
zIXjr4Q_axT@jrTpW#*7P?85YMi8WXjlG$+nT`vl=1l~a+g(gbE_@;7zIWf~Eaz%>*
zaZ|G4wK^hCq-HWoMGN*O(me!z+a4Jel;NyfGfD{J3MxAWu6430Im&On^uSsv>(7#U
zY@eE?WFebP)wO#`nP3-lHP=wR8?iSz&Ez>wrj-Nin=mp%?=|TNV)`ML$i5(fi7kuZ
z{x(#zf7$31hL8zc`+fJs$`{$;i_KxLzw2<@B;;LU`XF2b8C62&rF0k`pwZxm0LCjC
zFN2U<;uJwgmd5}?&BHLUa*5ok0~KE$7(dK*EGmz4PAcI{-Ca?gDo6;+Z|!i^SkUJq
zsqCp3D&5CWr7Fr6v_LA<64G8|+4X1?=ud9*#$8`nl@SIJ9)2wtyU&bIk7VtsEP*tk
z;im&3hbF--?qvk1eT1FNret;yRNsfFpUlHHa4&#^A{}9a%rE+e1j4b8iuuIt((JGd
z?K5gM?}UHmryMXUF4t4324#Z&i4HUwB7}5@KTi)?-;$4QP&P#m`HF6x3bE9nhy;E`
zta=Alt5o|r0^UxB8bk2@yg6-y&btg=d^_^R2HWn|(ZKN}2GK(t)Zh>$0<^tuX?=jO
zf!aKL7+ya1CVRmM<ros(r<=uO`gs@C!1m~nq(5gE*RzM{5-l)Wp9@&nJNNp4f1Z4&
z)v|sS-`=mEBXcnQp`i^C;2`Z4R6wcSpy^ON>GhZHoN?<l2aZpFR05Bu#PXv`{W*w_
z`Vi_L5W!iK;;I(a-@-0)_=vh(jNT>~l0)Zjvr|^$lRk*oaNq)>!W~f>jZ(wU1`<&B
zg4BBqjX?5UY7;$jt={sWfm_T6nvhA85MG&n)Hpmr1ZrZ`lmot)c@Fpc6tqt{sQKb>
zmRvLAgD)zwzuKPmnr(ood=_ts?mZ<P{8YRNruSF7QeNq5oJ*&P8O<X>g+oOjVej0J
z!U^1(_1VzD8RszQ>P@C5S6NUUDwhUg{MnuXWS>c|^!#z=D?kjIgRmJiTwkWln{cx}
zY({@=fLWBaN|Ur4$Xgexk3X(6Lj>EDX$ILIoM*!Gh+OX5jGlgZ6`yB>EGdRV%A(IM
zOm_kf)<1B`PJLP;)_KY!*6H)Jzw0Q4cq*J?gxrv_DvF8}@&TUJ9N<Js;3A3^K(D57
z$p)NUQ^GFl^uY+lTj1c`gW1ubI<&0P$OV{_p#8!)E@QUXsbIg-s)~T%>*x^@)+~x3
z;xX9*SKd`^zax7At|m39%Zvzu5>6mv-m_q#oDq=#|I}fTLwZhGkb43lom==;C>88o
zPy}K}l5sVsfO8Q<IKnj+*ky)GjS;*>30xPLNIJzVXaEb+>XaW)(TV6l*1(PHi+Bb8
zes3Z%%w5E9Gm)>ffIHDUeuusBya*2Aa%epgqBt-*zv!!xdgG;#9O{9qSG4g2yN`Df
zgnL8=D7>}{AtBehC@a(=>xEKH`3ob-2W(l8?dNFK>51@k;Nn4Z)Y+{P!5z<)gm6Ft
zFT3~7$Ms18u7_*zNVE;cCsLL97t6pW0tBw#kFoN2EAWV+vm#+sF-WtRlCTDNo_NaX
z)NL&CS;G$%nPJ^AQM_4HD3f*2erbfI#+<J>z+z}4?W5+bu*ExYdEuyx2y2e5h_H<n
zb{zRN<2aJ4c;M&&ey@w)klwP^NCovA3ul%~18XS*w6aU(06)rG<XDc-ZXfHah683&
zVpfyQ<?6;<$CM&FPZ56};j-U5-$6&;i|Y&5mubQdInTW9EGfJ62o29{k%r0_waP~V
zePm}2iOz6O+*j+_5ot~G4A6a#E{eW?efPTfh{jV9b^O|Pe!7D6Igv8r-KV0jU+Wkm
zsRs!CyY^0nmew@HF))n#AaIN5(#QyLVhN43W4W5Y8pm+m;MU=NIYBTIp)<n1_g`PR
zpBT$_KI>RAjXgd;|4Ze4wt7Cs>%2df>1AGtQ!j9aZJo<tFPhY)IM_L<b#JAodZgC6
zo)V4h<=xcB;pJ@&Ti({tu6d_R;N@w-*&x8F&xF2K;dndK-a9}3{lF~7Y+^ivg9u#_
zzvA<^h0Kc2JZDD2&ix2Kv~^72)-7{&5{1#e&hXpXRZkCvCy#$(<S~?|#UpYFXF?&L
z2(aLUcHHenH6vH>xLZc)3q*U&mX-eM!k5#Aedy`ziO3*GH1>({<fKHy+>Pphh%+e1
zq<X@@@L<x6eBM!S=BQI#fyDwwv%2dwKKS<!JkFrX`BEz<FA=ICW6nSL{|XgcfBviC
z=KO>Dug1w)4K7;DJ1g)ja+VF8(b0hw2L^+n?3LHlJEzM}R6};qv3~+m^Dw;xEns*(
zzhUmy5xO!0g+zS`O&0S*zT+hxpO+O`JDciv9C&@qv;;y$K4SK+gHvi=$uYS$WwbbK
znB%WauN-2=rv`03LI!#K@<L>0BqaIB?VyK=0DkN|e#kujvt0g_T>hb4{-#|1@45W(
zx%@u4{FZ`vA4mDrbNR(``B`)MNpks-a`|rsUU@N`{S!M;^Rrp^KCT_~oUC1~%2_av
z<!z5`DBF(fI;|YFNe@4j_GH<P*+0~kV75J9tv->rC<(nDMK?j`WuxrgRAv)Rl07F)
zTnaYO`;^CJr*cd}b&h2yw~Z~&5@F8Cf72jnRhxJG#!Gw%9a9zqU0Kxz6se&XOvdeZ
z9lkB#w{p!Fyqyh>xepJntZD#?45+KA^O8%%Xi|P9F_s}ITq_B^fn95$HM?=9T?d}j
zzof=aTcp-h)@b1zJnn38$L(KLU;w!W)YYYVzu&}YSC4RKzQ^PfPn||d>*M%_=Vqu|
z&OB2Ggssl}i!J)<+*^m^im0nU=9jX0i6;hDC-G^{&287mwpdlyCh;lGqz1C*<as`W
z-x=q)A-3ICYpqRtC$JgtMXcItR>3JTpsXS}wV5^%!e_2jq0!)ts3j}<w|m)VgBP==
zzM~?n=2})K+pb#gp}JIc1ZpyLi&mxT8*t8iJD-xBB+pk8K_ySms+hJ|s9{^a?3RA0
zkt9O!DmY_ide5D}8T7Q~-Dt|M?OQhwaT#}uB0Y8Kn2#uE<)_&AG71jOGFK-64gJ|>
zU<ix|uAH)_BA2S>n%4(^v9Ih7Ahm|N0Ffwls86N`5i47|_*}HL^NzzjSi3@56Bp%~
zT76;?nkj9QN*eD+E$#D-MOsRii{SjmO!htalfoannBWWYm|^s(?6P3a9rA15+}LUc
zCU>s$qk&(UJ7b?t)^aWGkblB91};JInK%2Am3UsXkWO;5?%dxu9C>sF5=>5N?A-fi
z>K3f(4IO!j?YKBe8c;b$-ubvj@`R<_%hNs|^?M1m9KupI7dZ&1exQ!N^n=cZ7dE*9
z3wrhNT!%OgVCmHe6fo$ob<?mhNN_fl-nagwek7Isn;Rb^*d=8;uWUNcKGHEKn<?tz
zR}3y^-`5d-!kyxn<vy2CsJiAinNeu>e5Dpl6_n*IHD*LdQDioI?-tL&re&KjE_-c-
zd+MVj6PGgiB~;gb?R<agRO0HZkM}w^20^#6kmuS=@NGj%FyH6KcI}pQZC@WDwsLKg
zzedk%M02P8yYmo|E$v$A+q^FPxun^G(^le8i5L7KDGN-38T@bd6u6Jif1lE+`{ydg
z{J~wynHw)y(cD#alx*3l%!VQPNg^|OWfqrp!;g^;$Z!b&GF0x9e-3`1qRr!n|C3o&
zxXmrKYoU_Lqbcq2>eTai{w~(yJ&nv|Re5gmX3hu@?X0H)M8$lB9UeoTtL`EHx#>)n
zuDBS!%H6YA<<Smq77w>;`Egs=Va7BAOS$82!BV5`1udKA^kon#o^bQ`Df7GzT0Z_9
zQ$6qZ)#<cY@`XVM+e}xoQn41_LsYuEr^?`F?e3i%ASV1@>w%cCK9IL`lNgM%Ttq6Z
zQD$qa^PafLIt8LEq-my?^0_?1bh7PpSWoi+k)$enld^o1y7EG9Sz~V8U%u-rwM!f~
zFDG_;L}~jHK7E=zKi+`0)+J)EzP$F}#|DT6PXc1?*>7T6&-QlykJVi0V>FVk(KcOb
z`?V`AL;Wf-c2e34*L*JCjGgGiFCm<ORN(<2MU?&~wfgeD#ZIwtKk5FTF-zw5T*>Na
zBbWBEpF4{MD{WWnwIAlWL4iY!XL7e@YctuvHV?skTrZn}3Tt_$RnFjlJu`1Txj}KN
zA}n0Ns*Elm`6(E?o}g}R8#7$Ca-0OG*K&o{%((ZhI?!Wbty^$KYjg{%@TbJbgSH36
zzeBK2F?ORHj2-eT1uF}OYo7kiH>hvXSAzzk&#w<eKV4*X?~JCyw(9o3I7Z8oxV2~K
zFby5L1-inviM7zot{}(Pf3$iNTY~|_gpB|(JguCwGn%o6d7c0IHY-Eo=1thPnmB#>
zs-;oN@3NA<KIk6h`XWZo?w9TY{#nfZVoC?^iaI2`_H%7SYjF3Um;Up=3|oY$7I4^q
zo?a_#b^b+Lvy-(S=}2Ao+yi)Tz#5)8U`?aj=i~;FU(@>0$4Iqh$jmjf7x>J##P`+K
zv7eP21uJw{VMA#1OQeBAce>wtkJHvgGK-0S;|Myh{uCV6(m42ME8czS^kNrEUa|##
zbWMQk9Cz-N)yw;Xvv2lBs$z%T(Q}68h=?w|YejoLYtOPV=-)`&Z44W>tR#;LW_s2p
zI)%@#+vCigB3}h5@6Yf9k6b<0W*ELSq=?}XKeRr!*nfQ#_%E+Cble`1+Pb-ZnOdr}
z?Q(x++Wp~pxyACk#llkIVZI-G+yA}a@1*a0_ne(u(|X;g;sfX9TwMZ3BuSbh6v${&
zt;ZwL^L}_jY+89k`_5}5d-ud`5Xl!}h;8xPQ@2rvH|AF(>Kodmo)Tyj@D--{bw)(o
zu~lyF;$dHj(f}7I6Dz8I^5mfD{Xw=lmgW|(>LaaIxXM_Lr*>`j@y_GhDU1tZZec!+
zilFNqKHG{~zhsSHAIK!@SCWGp#ew}&w<GC;{$emWPwrj+b2jH>N|m^O*JPILBTaGC
zb{zOtkmHqXtnO;@@o}zw%anv_m7DVKK_k!Kx`ax2%E+7=?b4u=7^0S<&O#Oi<PC*z
zACv2?kD5I^#uWk>1QwUfbLS(grgZ7!dZrdjaFi1FMHX->Zol9tP1CK(m5bce?JU<O
z25C!rsT<u)qJvwRl5~`dzPmmcGHBHZsSadqe~ZAM-c80HwmT>L*#6w|op-6Oj3;V%
z7zB8zMAzw?D@`uBb5};~+og)t8E>*yi9D1_Sy;v(`qMe3tK>vxWhr_{mrl;u2ai{>
zBJO8l4Olrp-BgUvZC$Ht^`Q+cT0~nyX;0}Fu`xf-YZy2*!@%8OJanC|`PiKD$;44p
zCUd<rL@_$c1*3~`S?|2}7u>F7r!UL~j_r4i_zO*?WV9X)iIw9fJ|ESqZ)iQ-65)rb
zm_Eu^&1gM%5`%}lem-9sMc}u*zdK*Y&<oKlE1}C>a81`-FT$;S@17C4OS5Rs6Y2XQ
zo_#n>;3NIJC>TsJE##F2X*(YHbI^VR@m&OCoW7UNT3TlRhYYN_Vp7e=`mj$Xr^z-@
ziT&jEWL!g|+Z~U28)e^qB|SBv$;dcGq4B9DY5e)N@}cbu{1zd%uemnvZ9{HBu)0ir
z;ZIYh_R#mYQzET-r;2=sUeZD(!7@<1g#@MFPTzYbpm`}K5xIOZzbE+B{HLdxvD!8J
zM=*2JE(zb^CntUF8}?($W*{ni%Lamvo#NGXK81KrwT|avo!xNSqsLdcgQt7g1NK*{
za1)M)<uu;lqa7x`!+fXBE3Nb?qN$~ekE@o9t5wPv3*7rjBVq2}UbDM5X<8nVwV#Kp
zUUt=Az3p&>96-(m!8AzQ15rB4r+rleeohs_ZFBjne-!PmyZ6;)kM8mmxRq4fFEWH<
z&;2hmggwXd1@`^Njg8t+@Gzd{@j<=gIR=bDWmvz2rwmtZ3k=VG?;CqGVChlf6rRIZ
zYk~ekgvV?r6cHzFf`=X@@O~ytZFxcMIwVE!B8%_7$KfUD`YwT!Twr8Qe$y#)f`V^9
zC1N0;&NeZH!^BE_p;PLj#8otfx_7uuZg-R+Tb|q42JL6%?Ek-iuinYR%j0ARE_^OE
zs^Yoqb&D2dj$VEFdMIl>7!l7tpZM0|uls%*Ut&ZTPlivZ?df&QmS<p64J`c3jFe$|
zV)TjRz1{w+-XDX{HZtdz7`A2-qlMEDxO1;tVKkEa%03Z@9E;;c{I34T%nWV9qu}}1
z;q<}CM$;rrssgx9H3Y{v5240}1aHUB6-JUV_)_H=u@R0jQA<M?W6ktteG!h|qcZcT
zjdN~%4%HV|qc@u9&5Fn;@^J|d6e;H0eztznyXy$tVKT7OrY2x}_f!3RNi@eg5B*eS
zUr%SbJR>oPC!U$JIg5OLL-j-}!CjCn<lNrY&(->0b1&&VmOvi#vfXz%tcrl<-#jdz
z^D$GJ&{>fPmYSH&H0MhC(NW96kf~~Gs!tI)NMv8+NMIV``6TRRc((@Kz_*QPeX&td
zsDJL-qSc844~KNS))7|Mex`mP<5~IngP$xyWrNS14Jy8IB5oMo&my-d4L#?xf>6cc
zR7h|0puHu`O)XmWFnqHD!M>6YUR8<4ijJL*yRmgohvs&3+|^b4gzjOR8;g6P)LHhy
zu)K+aM~iC$a)TO3o-gIqza}ukqV|j@CW4N{MisHJI4rh;Q#j~hEBQEWQPR6Pc=1)r
zGd4|+(b?^yVyi(NW;a`PwQ40=+rO5<o08s{wDi0nvq<VoWZ{-QlCWykDm*r3L(%k@
zFH>VXks8aS1!BYopJXz<GMclt|0uop0hu#&?0G1qs`pU;(*iNcMX8ss$f&^+GbU00
z+0uOX{i(R-hdn%uUzYj{@T%%fo)-;E^gf?V)wpqlnJRkTs?0AM3jS41;tC^{y;Y^s
z`<*F<qL)_wN#6dks(KeNQf`JVJX`#BZm!@Cks3$nTYb4~bpC?U7Bqdua{JxF3{a($
zzpr`k)frSwb_dG4Qg9aB(J+m%-`h}T(@e2HTr-i9;&HXX+WY-7ElW&F#u9If7-5fV
zp)8RVTBz+`$l=|~;JlM@?yLINm#YtPnh~X5f)%E$U7EE@K%1j~J!y#8lxx_8q_3c-
z^Q$!Z=OcPQdS=;MKG^C#eNF}PL32*NA06Xg)f~1kb72qsd&-UB^o>p;z6%^B7KU|X
z*#4OKeMd`?&<whfM^wgh?oz}TBxIif20k(Oj2Qpl-dl6UjhF7Y+|BT(kngr7?k{)1
zCy3MX)#^818<5M&UBq`?&QR>PMATet<BMH^b?Z$78IyY4qoGT(Mo*qQ0{NdzY(54K
zP0h8TWOS@eyQ0}RyCKGN?j@E8%xqq;^iz#H^XQZa=s8Bjw`Abz6g}j}#l<oD@nh9t
zsh+^#@Ix}&yP*gZzK82ae+0D!Q1sEgbLh&%R84VLJ&{Z}_s3|xY=*26M$vV`G%~+;
zvd6P{3cs-uXgCReY*Kihx-VeRo3tii+&#p85bKjqE01vAwN=L}XE>W}sbcIv6vnXB
zNfG*EjRWHpg;dU~rswZHN<H#LWc^2wmBaHNeAgN)uNYS<YjP_G-d)*j2J9i6Y<@J>
zK!u6dsXBRt?&J3sZH~_b^*@gn_)b(A@Y-0<aF?iMMg5{0z~-X{7Ty|Fr#Ii0jhxI&
zR|$rE3*WIjQzh~vw{gh)KXiR%SR75Wc5n&q&f*Ti-Q9w_1$PMU9^BpCJ$P^kwz#_m
zcX$6b&-1?LoIl@nE$q&0cTe@bcUSdPRZj!uLV(%9Yagm2X7AFwNc?*TYBUF=6!zYz
z!y;Bxzd7c`+>3svGM1^MsnWq&6ib%_zy_lu9KfUOH~HoQ21j}>+mJ;y=n5-Xbk8d=
zFm{jBCO*0^)bbL$fABt)d3xxL3gu|OkAAo?NJd*VJd0|?xQE7Y5rR@N6sMMH?Vxu(
z=tN`9VCUvjSD9Rz``kN?N54hsVPJ8S64a3SXLZjVF6h3h-SpWS&=3G0x>&xS+TNVb
zAD-@wH}U|e$WlGo>R~hs4)DaKd_OdJ5R~;-(>FG|W=n1ZkAAq3dG!pQ+`M0?<pyH9
zb#a*J7z6-?!fxi1ZPRZU5TQvwm-8H@VD5fxGYwAbbQxV)ovAN0&8FGo(;CJXOgAAh
z#Wn>fQ~U@m1Z62oD^`=|B@0qxlK1?QX{q|QHalM*xCJIl$Z#SBF7xak!Q~%+whAVO
z$jvxIx<NnOp31W#_{U!Vcquj5IwaSHSG~hG-}EQxF^qRmND#qGeE!^^izB03_V0iW
ztLy+#TkjRsccSZ@m%<kwLI^Q^)wOBH<haDBlQfd;F&7?$?X*Qfk&K4t=hnGm{Mv$a
z+hWpQpxR433u7Erd0tg@vXBX&r@M*ut);kB$b>`*w3`iBLUF4i=d#ZArpPerW?)##
zN)S2rF>3rG9wx6aYl_g|d+{5I`>TRM=#A*Htloq@Dj0>2(8Nkh+4@|U(7KK9z2w)A
zz{P_W1a&b~f5D<H01P85%VWZ6ACrd9lSG`)yYZi{gw98S64Gzx5A7#7VqLq11$Ku#
zaLcp5z=%j|m`hXv6G$QWfozfd>r*cHwWMK<)3j(&y6dUsBM^=Xm`P1dXkiGDOCs$g
zal96skl{6Rc84;uPWg5gbr@&1XCWK!Kr99qENR9$M3P!PwNuD(O>o?kiggrs-E&7#
zskgRR0=q-BzxZc0T_m`wynxr$nmh`QX1znzqB8_xDnb6CvgQIJ%ZW!lOZYBaMuX6P
z#D{?46#%M2o>ui?P4Ga+tBgjp<%gqPS8s&?wj1r8ar&SBejJ}-cwL+7kJgxOY*vo{
zw(BY0p07dQ1W9UbO@V?7`$fAwe>x=xJU&>=z=HEO_%GJZ<-2~t31q%ds0>YMAgn{;
z7O|V~3vgut#)Xae;IWgscCh6Ny8EDACjXV0Y2MDt03ee(`qna<4U)ON=^v~ws<!~O
z`gSJYe>k_nyh?5fedT<+nwTLbt`CntAbVyL)SVmB8UkGJk4CoT_o6v&I-WTKjMn`?
zqNm%?e-X~$eR*un?*;Ls?H|$GzPG;jk0{Fm>YLTU;{!g?bh;+h-(rN(lk=3vie#Hu
zg77US|L991xateDC?}J0%(sK};5QifIu%6`S68I}4i=04%(aH1Ox&@y6~aN4SA-1I
zdf~9=Y+^!*l?|C}efzB6J;$PnD*lPcyXp^M$j8Rya<^#)X@QmiD7k?5%YJVo>AZyW
zYm)CHw3`ZY{3iW*NQyKtDz<4fAS|_Z-Vnvyybn=0gNolvbd*D1Jhde`0+LK4JAn?u
zF$8{OMH@~G8vJ(A4t9591yQ)bNzH)5spc=_jjg+z3d5)ul47#iQVE}3M1d#N|DiVr
zs5syI&)_~pk~>pI&RfcV>HT2VUhWgXrN_c|U|j0gdm`BU59S}TeZqE4zkz@Jc1eY>
z`K6(+HTKDuBlY&0IQ63W3R`uK?T$&Vi;1yaL>Fa&K+Kgrq5iHx4EFvb3-4ekOBp_m
zx0+3N%sX2;OgM=eB0AMQFm7ciQ`>4tQV6iF^9q8o#ednNaI!Hqo3bymK9#B5=+=nu
zd0?#5IG0Th>dcQ0SCu++He)!GQ<da8NO!)iW0348g08>vW#OogARHIEWLM?SKKJ`3
zY?09YCAqZ@G+hB~kHYl#IO2?mB|X{#2_}_5z5(5mAB4!qX1loK>x<_lM5Lt}7%rlc
zGC)rd$o-9VBw*X8=D$d!W}RdOIh}V0E2-Dj{|?MrE6&@B;uIm1f5n!d&P~KMJfcC-
zl4=xt2uab*00EpT{jNdFy{&;Zt*nr+E3%Gq{hZ(``d4Tho#aSJcY4>mkhte~Is!Xt
zc_C@yxQ6@UzcPz0Q#m@VQ2o^?ng2mtxldUCCOp2^t9aH&_{BI5)d}~|aG61OZ5Zf;
zd=&cN#CeC(dO;<=K7|6;`hgDO__mIOJ?yr(wfE2`%b3e7e7yQAT2E^|{Bo%;j(WG@
z@8`e&m*k^!TW0B||6;y+xG}}?7js4JYvRJ)uvn6UV$ZmLg_ryfT{dP@=L3gOH0)u^
zk)QgvLY~nSXJB@#e0=^v96e!6qy@y5)PDgd%cbQ4k_oW0{L(}c?w%@CiF=dx>p%#-
zO<xzG4`yr2^bC7dci?Q)6*2R*^8QM(r)58eD4g}K2jV*$mFEN^1Bfft2CEW(Q6E;g
zOK;4@s-Qs8(xKzdC4)LFf-wcWROZo>ugE@x+}E>#RLQf<yP%3=zn_GdEF#5la2v@k
z`&Ie7d!z|{KveRHFs^%)^IzN@Q}I0`{SyQL=4W1&fAx4432x3y`E2)}JE(sZA~HxJ
z3g_bD_HTT6cpiWQz2yB6csCYRAt!!m{VZ;X5#AjYU^otWrzH{mkZUIhbI-2>VP1sD
z32FI$&Q1MtGFW-|`yaJ({FGk72k@&2{Eu3JvEX#}|Hu4HBe0u{jQ#v8_eMfNXXW}-
zd+tg>@nGUVkhhgbWas@=ieyb7rHJ0*{EMXMeNlnX?vUj_s=WRmRo-oa^D%a0aM@M^
zGMo{gylX;&bggKOl6A4Grg*W1&h5^1H3694Gt0xMJUIocPR^=~QMhlklsMU>MY>qm
zP{dB{PVob|nDFdiXKpVElH^z1F<tEc8J~-waX0?ITtNnD@c&4z(}{V^@Ye(#Iu3s@
z$;3PwfHWf2zZ%g;tDPjH4wB^_`7ETzSjj#VU*tGZ!0A^$!oR8|)$*@G+{@*pntO8k
zt6R?hg}i&_d)%UroynzZ`f6z-sgSQRE%^A+a0%(u8pB_bdqhrx6nQ?{^`C>kYDEKq
z6Vd?-2PAdU{f(2TD5t)7ZR1~kxEMIu6jV2d7WN-|U%rBvZS~LaysbJ%<hTB-$4x<c
zTyRmN3T0Z^kLn+u+=={$;a{gf3Ngp=FHNQ<3GFOC|BJSL<X^O}l1v^0S3xwX{8wg*
z<H{Y0ICKp>Tt0*6o$g~qRRDG-e%Yn;J@5Vml()|M;#)Dem~Z<pd~Fhv#~7Xi8NjyQ
z;JtX*O)`itGpAcm%tH|%<Ei)WOr^G)1cqDkzxr@v@g-!V1!RG$o&ow71<<XMb+O#d
zNv|-}+}jXg7BuYu0+0ccuULZn2kwjwPDrB7R)I3{V>(^CL)-tb<m?~0GfaND7mLEV
zKYbk)67Qmw_#t3W1`9xb{SDM_vEKvlX@Q4fxvLKFQt;(^jeY{V!n$tUZ6lHZ2wVy*
zzv1#Z*4q@%K5XBWg1S9FS$|(cylZkM6Kjl3nsUhf@p;(oSv^!(CMzKGb5I<**Wnl7
z(yq@bIQbH+&-rcVvC7YFqOyMZrDu3Ca1pV&^f<V<Oqaz)4Qb2!^L#}w9Ueq6ETfo3
zeW#9M)1kW0?NZziir0e=04*t7;iVF^ACgi*pQ29-5)1L9g~_tpLMgH7M3v*22sA=_
zYS=*<pH{hgvH8M^kbO7I8nsl~aS%JE55qZ%S-ZA@g8Sn0&{f3e-BH=@@3uLKOtm(+
zz)p{^zc=Q-$8|r?OkFc8?@^u1eDX-u!s7%gyHC&~M*VU<KB)RYd8#$w!bj`qD*ijL
z9<6zmA;r30A`1{l$<Pwm7!`uU%<;$J`#mPPT483$`OGPamfbP4|1}Y-m8)3jfW&8T
z2_3osDIx!%TP3zwEl+qcEHvAaeMGcOt&GpMSPRnAUGveuTMU*8ie;o7Nf<skwta2+
z#HK@IauP33$nYt_vwt3Z?Oy{?u)c0bs|_GZM#z1g*;2Z?-eiElw1j4#6{vI;r5;9C
z#~sq2OhRr+4^WW7q@P~_<F@Gx$fWZEb93diyB9jxX(p2RqwS%8U(-qG<}aoOZSXeZ
zphg0PIX~F#_hTij41w{P<@OWke&op&#1XaTL&<U$lkZxOO$*Of#dm0`?J}IEaj$fR
z9zjVDIE9q3Pj1F@khl+LXTLs`{jv1<m0-<(_cY(KX&&tSS!WWq-3|-0IS18sogUW9
z$E`0~Wa(tQi~YxXSIZFYf|rcey|U5ZLw!Gj*a%~{P|@kOv3Bz{$|#)J3P+YuQG72Y
zyQWOg*%(p&kXLF7+1=ep*hxAr@{{9TYRp1nV8p_Uso;obEJDr8%=DI~<n1vOZAHC{
z;7GH&j(t!HKIw$c9zi(ipxhb!MB*+*rAV}T81~+%h6XntU5D-(OI$<Rr;7${?09nX
z^i<I;fmR+DYfm!Z>>@tb8u~-_QOTvp$h!_t=_kN7OeH}!0leeBy+ix3fmnFQn3}Kq
zljW$;R|<M-Ng02jwFc%{n3#I#rZv~#uf@3b%((W@sriVYMTs&CIh}ckUZ6`<m;Vlq
zEJFbB-x-?fovN%AphZ;}G-0UL|JYoZ(LJR0G9UJH1MMR1Myg#wCC%7)<KOYFzFGFq
zEr<~<Hryo+Ue~*UcFY`EB_V{2W-;`?cOlK|a{?p_(jl8QuI|`(j`ER0;_VP&^(`^r
z*NyD^@I~IgMiKhOOIj??{9mW$ke;g}<<4}eZTB|$qkCHG@xOc7o7;*((=GnklpXPp
zu!2zXmHSHtSI1>&eOGJTva%7LH)^#I1iP+5<3oPUK+4+bGko&yO^X}AUg+Q#e334*
z#-O+>xQqOUKi?@7?&l8PHm!p(s(vLV|AGVEN=gZZVc#n6eoldgh!0kMI4s#Ck}VAY
zii}0xmMlinGw@>3&nizax7kIJXi4cwEtTw}5#=M&%u9zHlS5>86l27Jty+7A=<lk5
zx(-w85QWA0cV1mq_Ib&BJhl#TTHGNE^mD&^L_0~9?_}j;`j(T|E(il^4bVMHCB@cH
zA9dZ02Ltf>2vfeCM^;VcCI-BYYa5s8GZCAm1^lA7t!`thM%|5*G0uz8KdAws613O%
zD`!FrWp{U;ePTeiLw}7$Q>nqHsq+Me`zg;Iy-8WbmANZI4I4@QSOR)m*MdzVO(^SR
z8K)Xyag{NLHli^);#7TTLBy`d)B!;Z`qj63ody`>;sx&5CL!OFgdIljoH|1sRYdQ?
zqn#a~Jkcw&@%X376-yZgy}8^6E_O;ibXF$NiUO?qRivf<n|B8i_|Ef23^O54jqVQ4
ztd9_AzNi?_^CtXKGpkgHBVmO~GHz%c*~lHHQi$kXMIJjN42adjU)fIz<CV$W>u6^~
zTi91b0fpm>fIS7Ouuw0lApzdHP|UX4;^}-cRrI&MjPTnO#nN>N;0tPfLU#K5acp!3
zF$_+JbI?}_Gew%xV7%IWLhl<CM|#(L{EXQv0Da{Q3_6-`$QC$2D!l~tWX|rjqBW9o
z#Q!wYTpkjzR<K5Lg!6PA<|uiz`risepbF)T(ibUA7cSCPLGIF)%2h@F{3V8fTvzF5
zuOq+M%I`^C|82%KAtZpW`Zvi@;`LqwqqHpw6ODXCGR9AAHiTWH)FP(Q=F>Zw|I<3L
zB@R%5R#YQJw!c^HTDg!m^y~lBDFQWBHIhGDxjTANLBP`_+)>0vqpsXzH~S^d&rSNd
z$-8xf;(t1zz98Hy<a+og?iS^VWx7}CnIkMUiE=;&e#rt6!sD0hjP>qlcN_Wtwle)C
z?&G^OUNUx0s*AJK|Mcu`>Pwst4-dKgC~Nbev*XhLT!2HXPw4B(Zk%%<U(7)nBhvqN
zZWh$JbUlKEcRixq$4R@GnU;S<l~DHAM}kQXyK)Q#k~f`|<#UB$M^FyHLQSomBjwBN
z5g3~yhnCo&Fk#3?FsSr!fV!n~3(KJLj%~31%1QA7U4XRfLQ4&IT{Dm3qNcd`qqLL_
zW!DKxh>u}LD9!-u(-rvwH2@g2kS4@u%8s&o0q?)|hbv4B{yJuD4}OnPc20LmMtW%B
z@XHio(kF+w7prundK05ael(Kex}HBsZPGMM8)7olP_4Ps!jqb&s9{`EseE<yEV3DN
z2$nUE0$L}V7v#?mJYaEtD#CEzeU)JX#%t9`$WKMSb(34YXPfNR$jG7Yy+I=pD|h9)
zC5~7B*-ORR3`}i?gknlx{#BM$J@z3^lVzRsyEP>nlC-O5Htmcyg(;Lh7@8=|eXPQj
z8%K@YK><_D#=wIIFN!CD$AFvC;<{We*`qa(W8Z+Lpj>?X=0IOrbuSs$+Ka(vVLsB2
z%{5rfC0%QC1W5@MQ{#(^cky24jk$?3=+T>$$cmCd*gK*`@To0MmB!mGi`e6S_+5&&
zgg`GfMd)1!gS0c)95jQ7pW#+H;<iDUtf~48551bw;qg841{Ui<56uS0U#57eJ(L0H
z20VE9PqCtyoR(@!Q4sNU>0dk#&3=OC3gRq3K@1x;jcm_CpYv0$e(Ro0<vAB1dO9CT
z`HJL$H|#oN_B+iX7^QyM6?17(0>|R2*fqys<yihX$<S1(D{D}f#uZx_Ww%{o8ijY_
z$fKf2;W5y10EJ7Tlh1yy>a$FSL5_4)p0-wRuIi6ro+c={{clJ>MKCWb?7nb4E*-tJ
zQ^?^xYEz`E!mwa+ivg*ri1<I=#2J#*kF;c=8mJNuU$kv|)O8jx!yXrjpe7p^vH^<W
zt2txZaL={_ozN8MIBO82&9Y*qdVfr#GJ*Yp>abAKW6-OTJm?o>#^%cg5w=O&R{WT5
zR@hAWBLm>0WjI60PDHL}5ukWS5%eB}kI{`?`UOT4hh0tSb&T5J6S_bdOmQa~a$H#j
z+S!}iN&YzE1Wc$=m;sDq_3P@ITCd85MAIeG^@0R?*gq`Br!7O;m8D^2%psCJvG1W+
z7BmLGV&g0H2iQ+!2=R3$s0qbc!~46h+<$?B^q4ZFL{Vq}k)IGme*U5W0I`y=3m_Gv
ze_-~jv8rwyb}Vy%yLN2=fS1?~{A%vuJE)E)7>YtAXjCkMs?5iLnj4B?4{&c2gAmqN
z`qV$mjt6@k0uIRW<^2jK{FTrg{K`26Ixx!s^wlQlLQ`aNfSh|l5intWUC^l@Q0Z_`
zX@O~>xXRD|?#BZ9V8ZuA_8^&sAcPrdK5ZZAAgb;{f_k@s?tGSN@&PJ*KP43Bh56~q
zxePi`?(cgPbYRD?Phq7mpbIRZ%L8&;Gs@^v$tM{>)hQ7nJ#;`KUswZxc9I|n&fJT@
z13Q{P#bXjNP)ru3K@bQo3dM2$Z7CKykia_$u75U1k_G^j26b^9B-y$jD7}g8Ps<7s
z1$W0Msli&)0yeX;qF}prD<%BYk9*x2LWz@~wkLZcl~yJ77GthbmP^jk9~8ykT-%d_
z^7--7rww6bJ?ZB0Os9ny=7c|2bI@TYawurEdyFWQ#B)%6zP@F~b4{5~+5IgPtLiJr
zJ7WcK{4$klxip@zW|kEq-_&6PsCScfYz2d;?zCLEFL~-6Mh*T-gR=adf($EmKMfb`
z!iuttiT;^RqehCN^-(HY;4o8l9k?=20R!>Y5fVVpEz>82tbRwzJ6wSs0Ca7!`m`#_
zfR4KGz6yNy!dvij53+s36+D@2+<0bXRJm|Tdw+~$zH9BDW3A@ALoh$~b<K8IzEd<^
z#7)&>!mV|?Kx?1qshL!F&DJt(VhjMjZcDAsvHF(eT(RCo<(8Y*kbpii-zBi1($Hvf
zShkkGq`i6|@|;RYZ*JtJ@Yz!}0gg02C+IR9UZ{Oe;N-RH)g9cuP^8SY=^UmK{_2w9
z=Gc|$K^3a4w?I(!;J(_C2r%5|#$kUV2TCI1R6|S0l_5PfBumdr1-=F=AzQdeKdYq{
z8T|7`4zxzVsTPsWrNyA@yS;kQ3EtqWKsk(c!F*0r&2KcolxgXLFV-;#o^fmZ3Gbq=
zMs15+;q+yyt)y7Etx^$>yaEyQov#}8na2O;O+c-T4ULAbic44g(O)j3SdsJHLX&H3
znQfhovI>D0YF#hg2|mSkh5T@KUR43!?07^OSKT1PN0fZVH8GTeqT27|_RA{noAOjQ
zPBk9_5L-<Ve%A=|rr$U3L$6i^qO(lD82bAA-fv|9b6<LGcyzOltb^V7VrVZ)Nd@lM
zoa!hCc>J&BLcgrf5Y?ffG>eytUfmeLLPS|!p0yc9(6o=3!-!U!yE`d2R?a^P|I5@J
zJeK5#ch{DT@Mbj+gM&t{Hy!_EGiLgjti$?kWObK3K)I5z%Tsc%QU$O%g>GYy5}TuK
zG~T+G9mw8^6@~%yfVLrWcy&nK@zW{2Z)WGj3hQ53px0#FUq(L@c6sHfr6e=t#0`)N
z;L|J=Dq)A;)xvYZvb0hLEaJ)|9@bPKmcwxOSXc=mgY5Ck*O^T&nQLW!L)Rnnb{g3y
zc2hVFl?BPk+`Br;6~~{_>NkHc8R{$-M{I=wbispi?34&Nt)e;*Iv!-*n{`i-yt4y>
ze-KAEHwRcY2%OYLVL>@}+9?TrC9W38(fxvdHZ(5r0`@Gh?(45x8JGZQQRLsl?Gq-p
zy3G-uRFhZOXWBBJIZ#z}R1!7R;6rhUbCJkYlU%8SZqy2xHVfE@iZPRoGOH>qYA>5_
zg^pV-LhKw@z~%^0a@e?QIK$+%OQ1%PW{b?l`>7z^o>p%z|3stAZr{i`3tf_?)VoJ(
z)widvf{S^u&Vyfgb`bq*Qs=WfC~@+2|BEOXwvN0pBcooD>`V!BFvrEF#F(EBD5EVb
zsNYcs3EFc)v(P(-NQbKyGi;Y*$9o@q+f~+@qq0~c2(B&2>dOw!+NoWSE7iFDtC4j$
zJxFw7Lc`r&J3k0in5VdDawi6BKWlzk?B>)aki*2?Dp0{V4N?oViF=-lG0ue<`#0`1
zeoc5WG!wVJ@s*m?RjxsMHh_;$YAD~>C4NnetwA4|KT!>zh`0NS{%?iWw(j+4_%XHP
zV3Rk2V9&1pvLAUZv+J{G1b5Muq#9-72alLVfki@XqfC1mzRrvEI=<5!jII392@raf
zvPiq$v#Bk%%LA?TPMC9;62bw#%eSUAjvkLv4b0{;l+N9tb&POl&0-t{iS-W2x4MP+
z5YNi%(O|9GQ1e0k+h+Q>?rG+?HbMp!UL2{~>uF_N7ZJ<uOXELzrd%p=QA_n=JyUIo
z43{VmH?3D8Jp$k>y8Z82YQATjFyp?(w~-So3L_$G62^AqbUA9aUC0%ltIV<bM4Xs!
zI%xjlW#vK97~7aAgorm7Y*x2$GR&(hN}gOFkCAZ=x)0&hykkVUD{~=B4yuCTHq7cZ
ztT4uTC&p|6GZAbECiWD2%yVa2ms@3U(^tE9w(vz^I%=oFk^92P$c*PP^>!DAT|`93
z`52XaQ~$?sSS*MsWOU8hD*LGU3s%=4!jB*?U3R{^SRGrXjmFC_YdD#KHPgnM64GWa
zC_u|ZgyvZS<E05JA+612yoLRp`??ZaCkJ7W9j4OSS$Y*#PSCdmUrfZ+uSahcRddK)
z#X>wm=<`?($~C(2>#7N^ymQ0DeE6y?E6I?!OT`0g0@IM<`n@rKrC)-Xa*(q!FZ6BU
z(@egP>Uq(gUnl<2_j_uImU}+h1A*4`;a7e+W&BYDenxz2re}@BaDFEV+omlebsZI}
z)?aH8u#}m2(VlS6S<*Z;{IUJ=c<Fbd3KOb{UGk;0*2;rTC_n2WA&IW^?#^KgQz1N4
z&iBUZ_n$vgT0`UL;Y~Tr7Y_$!ed`gLoa4_;Z#-xay7OLRrH^J*a0oJN<&2A0UfZJ{
z!;N2f5XMUv0AfxENQohqZv#rp^5}sL1d*V7=0NX7|4!Kj_-$P`Xmk?RThN;Q1+#1+
zwj4W`?@_jvsD(FR+OenG0OT*<U^Hh*0>TtbO9X`c@;F<4zTLTlPg`6#j1EBh<ZnE<
z<~LoUgh_a@kYnG#)nlQ$Rg2ry9!LsJD1&mP4T$X1TKUb<!nlAFW}9#~)S}};&O`T{
z5YvQSBbUi}g6g_>TLOzmfVk|j2^A{IMe6`KX9iX8%67+1ZENhOU+!EZmz{YB<uS_M
zIeX0z)1R)b8ZLIVDc$7;Y`w>>A3-JlEVN*!>lGjmpZXG*v@T=K;==6%&cniv^Q+m>
z2D^ImukDM|t~;m+yY!wyHsmjV8t-kwGZ*K22X|_uj&|=EWmx#$bT$3arYX5?%QF#s
zFXZvsUotUM;Kdm`on&HT_1c;-F}vX4+$6DSdtFtkf<J~XTfA>}WTpL$lmnCyKlpYR
z&qj;&^Z9GR#T4AqH8qFUb%2)I=&F&1@gg6NWsvw~G_C<Y;xhProI|JS;*44<$3oQ8
zk%5;|9F2<g-CR@j9Y&a#my!Yit$IEJg;ejC?qC)PdHa^5dpxeJdYrx5xX@Ykt`6e<
zV?aJj`0bKnPCR&yC})a!zm!d!OjQh}x@3215i^;Qb}Jz}wuD4PaoDn@4K)ObgyQ(M
z_$5=@>p)e%dsW*m-azT_&-MVMZ2VtmFV&H_)K|o_g`V19-Jd{>9tHo}w1OcF)qTx!
zc0wCFhw4Uzd1V>u`XL(OsHlUN5=@27ie~Lh`8TciU3v0{()xRX4W_hWu#0`8U@GD?
zgC}(29S1=iRYhI~XhSu!z6OcyQU&LQZ{MrZrJA$35;%>Cs*Dzv`Qzf+?1#qYop@;t
z9^6QYPv#x0Y%Z0J(>%H*9z>YE++STsF8Af#bc(5Any@8b7c4jIb(|EujpjPy#|O|w
zCY>V7QavkijIHcv34c0sdOA%MG9$9K!z_KgNxtC{-n&%F*ONx_6RSPnaCs5i`0D!o
z>g42=ZO9Fpuw~F_+a(&_gq$!%)LF4#e6gIe=GL@#;m%Iy+4|8nLC22Q(9JFt89`Ia
zDx2P}`C?sYG{TEe6=RcObWE~9T#J8(qq)5o%>Z_Fz&TZP9O*;jruT?;R69nY>^d;!
zwjQZxZG;`T#Ez1oWO8{?Na#BV?J(P;t1Rx~x)ZBx4*bJfDC(txfq}})_C&6xYVP-e
zdR$d?twyt5DMQH1fhoy+T=p}^;0?7xlu6zp^7C2;bIV;u<`04~n;RGWx$W<7h-D8d
z^I)5W6-FcxEX`O%Ut+x1A6no{@YlO3d7$YXv1Cg+%k^u(%9qXJ|0usPb2&QpE9F;v
znp(u;d-XVfRdx-40cDT60hC=GoLcr&8JpFcmcR~Ji$I&e!HD;VQRWs!JU5#ACY|{+
z_SvdwEr|A?AR&+Y0Pw2IPs7sc>CSMorBaa7@fWb-*45-5;0#C^%H3|GF0bEG{2$NJ
z<!Sd=z<TcN?l9J!vVXrHxAKJLq$e5)AQ^T!<&lccAtA=Ve+znyL6ILxe|hkGTuXJ0
z2l<t_tT==*hc#0}h<S_&d1s@hePP6zrEO<wSW3K5))tA^QeoFPJkD2FrN=mHw}Ne)
zIP0?umN$Hi8wfv}W<sv^8}9CY8dvxEDfkF1=nQ}`S%EoWGDM=ZVP$K<-Q9^O6k%eo
zcBcL!pC~t*Rd!M0wzw%3bR{hryuqiU4;P}t#^nh?DCJYegtRTmMX0^c%ER`0DIdUy
zxHGD^FRGak8?iA!Wj^XHglg<E`beKvLtocsqc;`?TMz)NS`~R)s;4Q;sxk93@V;I@
zt$tF_L<1Mxf!_3zO+G5~=g38snE>lf*Pu~%nbCcEh?-w!?A6xIhITkds!)*)B?<bi
z+vu$Zdjgq;vr+y8TwT}9%XT*@I8}L%G_4+WY^hWrT*kLR_-X-ZJ)*7{)M(*uWHuf%
zyx_7t0~8kGhiRJaFvFUX<=?*rrVLOCGa2|c6SKFlwxiVts(`KH!+w&YNJTTu=$=hq
z0Rjw25jaQhGDl_a-)N@Os*Ev6`|YYDaG8ywl$j;BEW!yJ@=rp!b6#5hraCf94A{H|
zN7Wf{G%n`scv$>Rh&=M%QDqrh$1jam%0aEmQ)4Ex;&^XWwV)#k^NI{A2=rCgkrZCl
zG*}VuPudy?IeBi-eT$YGfWFhhdi4`PY3Hxwq$Rc>jz~dn6pR^#Svg?Xg*Yq3xDIGZ
z(A&kt2U0nnGEWaQnEN_6Q_8l~XOupDhw0K|P9b_6%qH*6M(sVjx#w}%|1hbM8L89w
zD7)+uDMzMO<b6>X<7)fu&RuDm2b~(9efX4|c7ZMbPW-6o1`)3?`C~$lgQ-Qo&j$NI
zVEP^EMwq4BM+&2;9d(4-md;eMTwwmde>ELZtbiewaEsS4lKg|>8NZK0jBQ}+_HuUw
zzP?FnsCZeqwEXp1YKW9Cp^XxKV^l@mrE9c}8mQ&<)n2j*hV+AG$0GFVdL|_xOXg99
zR~cNaixhpOI=muvu@PZc^*8331e{XPo`yD_w_W|+R!p)HS%^TcwT@>TrVG-eO^I`q
z@gNaXr8e|Po0oL)tqMW+h2^V&?bS<E@IJ)#1Hn$(W_})NdNt_5?!m8_v2cV$j-bP{
zWg=F5rRxW$bY^|Kc@{;~=v(XD0pzE<Y4SS((D&;V{AO6jxVzgHW+p~C7YDrX4&}f1
zO{qzJxwyUFUw|(3stM%D<Q|-cnQOV1u<56xBS}NYo~$Wf<fnH<T3jx~jHt?haAB__
zT#kFgb7Uf`o!290VM+};hp{CF$t(tOGifS7nq=~)`ijuV3x`@zHe%SdLvZc{Yl8ts
z|7MC*qLG~mV`*;1OdWHV)TV8R=z#mv4G1Kkwsk&1%DcC<gg1+XH(-1-H;TvRmH6PG
z2mxq?dUGIm?+L+4p5#s9D01vIJ~J_DO+hH1n(Br+ZGkd>kpg)WCQ4X8x4yZ-Gok2k
zdrl<9$LJl*NGkd?MyOXTEsK#vGvk7TWwSDH0V<Jz%#7Tn-+d?yx0z$a)Cps^O68@w
zkOwLrneYM!VaK$>6i|wWWcxP|6B_M?5Q0p$zYXO`yY<tx@CTX_ciknrcL|J`uy?y;
zVuX_(P^K0l&Ek4UI~0qV-}XOFZ=w?yz^9!znZB4#X1_#EOMUrn{dYt$LSSqgfEvs(
zu_ge+_aBF8UmM6hLe-uw#P=o%A?&&~2f2OpMg$LgJxT;}r^M&L!`53XfSfk#94bO_
z8n$NOSGP&ff!@_1uZvwLCdw|8S0>1{GAk4pi}C4-tw;eypm#^bxd~vv+^D_!qx6CU
z<X0kWC!>aQY#}n!<vS~tDZ(mZEFuR!Z<wul7WnV-(N(@CZ~L}ZZ#nAp?KVT3Xe6(y
zYEZVY%h_2A5!D7N53#mZ8#-ogJL-sbcf<e8H;qXi%G&(&mj8;6dGKa@Pp2MoeL$u?
zknp*|6#nRIN)j-LnxyBM5ieHTH#Yv9AFCEk2^TTrl5O=5$7(_zt|eW_CQp{&Hcf5T
z!iXu6<R7x^@Q3(1NPP}0>)<40%d@l1d^iRBqm2FXsdz#@%;&JZ?DQ@SU;Lur<Vsrf
z+QgZnWdAF+asu46HHQkkIQ42>*t(^PVpQg)2E7+Y!+z~iRHwRoGr795&221hLDjN?
z355f$;a}V{7uWG^RqN8(pJSAhGZ-s+7|v#je}Y4jdStUTNhS?bU`sp7Cb#Tvl0PXB
zHmb#nzz~L+G}(;0sYUw|>~hmmLtHE1L0ua~A6vSBgU2^!z6g<@g{)ij5;+`JFH>Q3
z#`R232SP`>HWDrWidmqO*@9~qe-)g5sIU*}($K2GjR<ioSBeVavEKZwz4!wIUJ3Ls
zLN+z<I8_y&f%g#K`2lLTdWAnoY#==1=G~2>TAT)>q6UE`PT_&AU|V=G4g=U-p2r1j
z=U^?^&KKyQ>p!caXBfYj5+!^DT1W_z=1?F`I@-4gT^!U`uTTHp^UWPCSXIZ;NKT^%
zrS}r#2reJv<7$?;4=RNOwOJvPbH7VqT6?#d_*S5i#u%-4@b*#5wQ0i%2xDK@da@^?
zdzJ$<FGbe>)QJ1#D_G!HJ!iH0=JNb(_~D{`d8L309dl}xniRs`*M0Eq@(RYTqAxG9
zD<u4(X{<|3H3fR)@_{q%MaN8^l$I{2gwShg{b{5cd{Cv>R>eN%J;wXEyhGkJHSfrK
zyNdP&YD8<jDLwtSUdm_duf6vg<N2=P?4|ytrWFLUfJLlNXEU~6F%*1M(@TYsXg(zn
zseMcP!K2Df3Vu<~={0U^32D|QQ1WftHt5UdvYBC5!&#rVxlZ`gxp(F3xLY%3+QsSp
zkhdhyC3X3lg($mt@#%b~uM5ZQpv(Oaq%N2HeI(s%{$J=S=B#qrovjcW=AkaT$2Q_r
zH4__a0hJAXJdQ4|nv(w<l{es){P!%23rFAFvLRtQnNFK4<EitHs(@2U1LCT0P1Je(
z?bx`2B<Hm}C;LM(jHD&Wt49u!^m`pL>Vw?M6dEumURt>1UgtAcEQ3cp`-+yCymoka
ztPe&Kl}7s-_9ju4&SUGQQ9f&YA8Qq9t(&$igQ7f?$J;`jlie*m`=q!#__mTdqcclQ
znX`=>^+qZCZEX0SoFvbT>+pS+@IEF(R&mGQ=D(+eE%sqnA?@@__OW8q3|Kg)GUk&t
zp%E(r?&FzuVv?d35w#T&Y%ZLWM3!;Fhc?U7uD`;yv?27EpofK`6a0Rvqh5!_GELT}
zcLZ~y_+wLD5?fqdh2#cl+KQz#_*fYe9&!TF^4UXs&|Pb&AH{I?vcU2j$@uiDm}u1S
z)S<G5)OokJhLknjqdzJvEW%K(W=)1l<B;HMRWh@acoR47#oTl+V&&zVNt6U;1J?M%
zD1RgyUzkpzq!zonW2?mA*H~+J$8KZOtVCx@#+2U%XRa|frcsoHP6<)W^Mp6Q)d$Aj
z>{6J|XPNO$q8#jUT0j$)E>|Fq{bAbS>wKFBqm9~_E^}=PbJr~MWD+yucj?R%nYp+a
zo9y-Uu}%4)uH6>?taPcFT|T4z)D_dHavsX(YC=yQkFQp0V`~>;xI2C>a&jP+P8?LJ
z4`9UO17B6LHZ?y9bra>Q$PUua=w)*AQ)F*nho}2781t>@x#5t%NUj%OPyUrmKZ$u`
zp4mQ*`P})&yIPI;ra^;c(2a+3&ZjB!;8=Z-PpnJs*7<(vvQ59#C5v3a#r#P0$+IcM
zkgwUD)jUPOPHn8iXSB7E(dujUxgPG0DCcB7sNGs0AkOMh8l6eh<T@WrGi?cqx%8`e
zXO?*AqQ>E_((1X>XV=6ihuRnrfR8JLH_f0rv1_JLi!Nh`X<_GQyHC0xn)%9_MzQml
z1xHO!k2{H18pGFRW1KII-!{UVQA6X8_NAGBR2mN${G@><HKxJ|i^?WyxS{U`xtmzj
zDN;(pgXIRuCLlX2z61bMN&<h7x8R3o<`s}zIF9vVC{DX(a(hf9*B)3J4<yZuZr$To
zbLG^G%(&jUTQ_`ypuLkWU!y99hiVh6?j>I2CMb4epX!^Wu22>W?Z9MdSstbvpU};a
z-9V658OR{(MolY368z**|GL_N6IS{+ZgK`C<oC6Spj3O{$Oy3`ZA*3Zj4K>-i|yuR
zUv<b~1@<gi!YQlAe3zip($OGNiSg8gPJW^<85e&h{u~L~7ba2zunl-HU0SqS%1_`E
zfq8;e%`vbzu@UEJa4JM~C6jirFYycqShz$alkzw_NHvv@F@0&|*h5ol&5tNr7A|gS
zZ5BO-;1g=aZlBsVj;LtTF>>loe#=~!wei2+1Q_6zX(Nc+ncC6xs5r-g2cGf)A-64c
z5FxqiLDsvH4aH<{0c7L#S{7D$$p1O_1PbERgW@vpT$-S;4#%%g)VU*}pa5!(D7<Sh
zuoN8>m7xJeQr?t6AtH59(5F%~>&0BD1hYcUTDXg+zll)oJWdtPTR`!lT5+izX~wW!
zI~XSn1C*j^M~N}O^lF#xBl4%YVN%bpev+eUaz>LLi;k<53MJt99p)JBg%#Ws%#SFK
z0sa<X3N9VTTaia!wM`fuDDA8cl?J&C${~9}@scXo-2pkl7Rpc?D153>o26!CT^PVx
z7rp^TA9|`?#tJEXQc$6Je+lEtUHeK4R0XL^J7y!TXsiqfkN7JCu*>px!ADEL<H4WO
zC3;D*5T;QXB4Ndjd89YWm6%XI=YOWBpx}O?o^Q@)5Y_1u>BAE`DVUrpn9Ms2wJ$cF
ziO9uW{;jNMEoSS2YG(1@mrd|>-!~lRZs8b1xrw_<MCGX)SqXHZ<cvV&MO+y@$u+w*
z*Y*IZ<%&tah4X3m-PrhOvB!7$#${Wf$C!|K{|ym#a)&rSb>VVB<h<qPOw@_*az{H7
zX=h~M@t{S3srb<)rd$D1Z~6(PCxAHfiaegxgzMwf+q_<$Q$QvB!S4mx=kKD+=;Zvf
zu)G5m1G@RDhCzBYlIyx`H9D1rm*>=F4AFt$or#QP*;Rof7rldhE)q%szPef#1V!fz
zMf!L+`apA>5bvBKrZspaNdt>zFZ~1;1~!!0rXIWrA`^1=<~@6G<`s^3zVnBEQi)v4
zr%b+@Vl&4MROn~6J*VwbEn6|xSoI7|z;>yoyrh#Sk=dd!PU=t2mmiw+W4k|WoxSiS
zV0dbx8NYUjVwofxa^-POQ?|gJMG#0-eL1QB?S??-J;c%~)UO9U<ZS$m`_s2*VDvf7
z6tF!<-7sfw>Sw=f0I1KpyCc-K@CgWO_g2*~rPo?YSS_h9jXRfm<w1@-4(oMlAY|vQ
zvuIQm8)=N(v8n8-R}L`^AgX1s=BukBm#WceQ0!#^2r_@m8*Ky&oLk>%T<4#7kSFKY
z8_N26%63+-(!d1uEJKEH8@=LcPrje!n%=PLI?K4q?qxlvywm+~oKDlgH~wXGR*H(-
zH$C-ku)Meg^zxx^(xvems{XBnDI!(?-<lb)rZXc=HddOsG*EeP=W~}!YDBf2dCj?y
z$g)`;eiAb)vRPi<>0HqEo|nN+CF8?pv+cuXyS*AY*#4G>$Ap@ELfh#~$igqQx?<ur
zZR1wl$@EewZyj{xZH#QKiiN7;sWjKT5C<SFxh)(BF}qs=%WropINoan`95N!ES05w
zTTniDQ^vH(kA4(qWFO}T3Eis;yS#N!R(+vaPF#s(R+y`o&cCb9#&8__B%Ul|js&~@
zAtwAfpvqQ`l|0j!D?`(mlsA)@Y$b^ebH%woRiv#d!|F#{Jf$2cqcFR(v<-Mq5zSDI
zlsVc3l@+r_EuQhHafM@=w1W$4e~Xr_5EtjZC@sJ+42{g8a&gM9OkyN=`b3nsW-&lj
zj)l1wEQo2kB$Jds7ka17<Jh<fScIcOCDc&(Lw*{bC`4Ws_)Gi^xZ}(bMwwzb_)$F;
zh<kGd#t`3Jv6CAvp0La7+9XV2RQm?QfjK1JuX=qaiycUdsWK`Hqf0y`U&5*A@*^lJ
zYnI2f6a!Ud<Y+@C&kk0BmUID_YJd#OFjD4;OSlA%BIuegJ<#VfxVXg{wPIOxq-~X<
zetX+jRFIfml1xbYR45u$h9cb9$TvE6wa#!PN!^govj>qbe1kX!i!0JuQHX>m2Q%*G
ziQpaN{ph2=&1};u|E=@ThLIJ0<ji5w0pZ~MV0gGIx>^2fSd!fK&w%{(nf*<G^>5I^
zuU}VmYKjcNlMpV~FCSUt$$J<z9`D}99uiUguEYh4w$esbzt7T8nXA`gMtl%7l_S!E
zLbxKn307#)emI!K`&;H*I@XM4|JlO@c>$>wW{bjhLCcj0jM<F?oBG0=5}nB3Ujt$$
zaP>jkV4(;~3MZ0^49GNbF^qm~Y?R*4gysqP1Bpp0ra~9|OKsa8vGxL^pF>|xS$C)S
z+xhsXxozSUrd<3(95q2n<?ByZPQ;U#*tF`$V6>RUj>kNBkrDeJX$;>_4zajS?RlC8
z+82Iy9$6H!+upgd<&GN`jIk<YQ8B7G2rTMRdzG34Sb*afEv}rm#Gb_xZ=<@_4REXu
z3$N|LHk~RvDflkD&ScBxL*5L}jdI(wz4?4(P<*)?nmMRsbwg@KE^N%rXAQ>tE8M)a
zoA)I93_*mpo3g46s_!SjYxddut-Wj=?haJ__d*Il*IA)-acjUywh6*yHQVedAN3A@
zeR82z-zb$f`1YzmhH3_WINwagshDd0q}|@-toxI<tWXDQsdU}4N3+^;cnV|kRZ55#
z68yG~QU-=`g6xt0*Ng+H-YEaN`74{Y`DuFtG8fpoi)_iFA}x)z@93ZFIFArLEFed3
zH`*JjqF<hTY_c?NWn-xG`4R+6o5=;6Ba^-dk`A=rQC8<KxWNPf9e1`TtHK*~aiF2m
zqrfiYW|l{vV<PQu(7s|k-6bA8o?$47!(IDgCVhI6D*A(>`gGd{9jL1evbe5FP>`*l
z6xHpc6^qByn6-S^-rQIV_5l4VNEwD^NO&;<^0Xh`s>ZLDpDFlj18hM7i_UOH1>rdz
zgeHGqsmeVP*#)6~V$1mJ6x^ercafpj-=agNgc)vG5wDxk*t*tS^C8M9oEN(ETb1MI
z&=6BFR?|Z7N;j`$#x1h+(~gGSNh||}p2*eY$ST4#aXYGt>yXk!wMqxl*PvDC%F_CT
zh-Y<bhx{276co?K(Ah6VBut0lJP+v7=d%DNW}`s68RkrSW01kc3f)MtTw)2Ojr|gl
zZbgI0pl8)nmT?G4hah$~9qQ?84gB;hmOYFvO_}JMF4xSF_+<O29wQ<sL=B7>Ww~ju
zqd!+t$^o3-1aN$K1C}H7MJlyr=@6(=Jme}EvY#ffW?VX~hR`OM8-p7u3a%$H#U{{{
zJfy`FZL7vLS9LS%n)@@UX<j6McCl6)9Qpfqvf3GhKM@CKvv7qD+?0hGe}lyrB-=i`
z+TLpgjW0T8w(_ZY9U<Z=#YS@bLqL*VtK%o>#*yx*kXU<}Ns7Rth@d5A!bDYzoQXH0
z8`XSe&Q}iy6waSJ2{Iwv`4_AT@vk2S?gMW@<e-fIee@sZR$1g4v(Nz!??pk%TKXQJ
zZJAQ1o8zAY_WcSA<_Q@}RM>&XBlVdLd)>CfsZ2VvL+`22^2}-^AEQy3PEiZSf%$&q
zZ!qi8tr<}aX-`CyL}1A^-c{+(`^=~UIi%Ef`UUWL$uUKzn^^(Z@P7i1Uvc875S15A
z0{NWcJc<x<D3O(f;tr5Oc|o3jIv`fr=z!cj24{!ATsEnAiOWvs0$+8ZD1?z#SNI}f
z6wK{Gdo^?@flde%DFK)WsuTelh#cI1EQ7!o0_S+-9C@nLc)Z0ysXpt2klW=SuJEvE
zR(IW>VrDJIVWOU`lAiCCBFdLTsVT>4N+f8^@RM6_Iij$va2SfX8Rn=NY)TvBHe#j&
zPmH+U+Iwb%Ym5TUyOY~YoZe3jhC?C7dtgl2J<Q`!xyF>`8KtK<kvaS;=^=)}Y#BhA
zHnn(0V$DrG2I5qy2gPHnHpQp=Si>(!6p8~OC6yr@g1UmLrB69>ABATK-*5_VD1x9O
zl#aQF{}h8u^pO`DW+)w;WgeZcdVP6@Mo1!)^)pL15O_aRmUXi?UbAAteVrMgmY_Gu
z6y|}O@}j<HzfAk=i~^*zC3H#}?on-Zq-)aDz^@Xv#?FB{fpLjLPOaaM&0zKc(+<}A
z#*Wp>)^jY?#~0gJ;iQ`Mp}l;?3Vn$?+I%C#=WUS&ei$2yE5t`oUkx2-x3=(UdkY)_
z_L+$i1vwJ&k5T2-2*lMTYhg{mh8-`2#Y=viM}w3YvF<1B;3oAmsFqT9i_QKQjKJ^*
zn$PGLD&&+Kr6zJ63SjB(xsDY*S4v!Bv=57~-2)WtT1{@r_DP&uM+oy9^UoMM;bpJp
ztr`KzVI!#{oe>pcssgI#YEqzaGT~UeO@o@;lH`Rc7hcxUwN@!ru-z}Lx@WUVxj0w3
z|IW8eYEb#ibY(65z;stePCQ>GDa}NM8GNHWfCaNG4pl5<SE#!l<$ttQG!=oo%($Ip
zi{*;UL0aP4{8HKarJZ<W{Ry{P$f~ayi61-ee9s<ajtbkWcq61sj86~2t-ZF}dWr?o
z89xM5j)W9b>kF~1%$Zc1U`AYIY{w#<s;cC+q882*T12#Y7jc^d4(qDVP~5IX&Q60X
z?uA;}xBIwDQU7?_$g=<b?riac=N(nQEW1;2o`||d!kg=WZAQuq0Gi%OhDumKv;_UP
z?P^rw3GV3E;QP8H37i<D=&6v7mCsELFeBL-xol1zdJ-?8w6zFBQys?;18E-qP-}cW
z;C4jcdTq?cy1#L-rWkzTHAxI6`7Iq3RY&`rW|4UvfbH04-~~=WZ1K>zbY=ew){Mz*
zX~8+dc>WuYQ{5bn?~C)T5z_fQ!h=<a7kgi4#+Lp#LU*srvXCTA_!7%!b<+ElP+uJh
zhcO;~I56=6lV?5Ls2luIwoym$6r{s>lgv_2!^|?!U%98S*XEzL-r^L^urOOCuP`gJ
zv=zL@<ejWzztJBCs_5inEVGd*7@&y+_MM)-k@&8hn(joQJVC`HXc>XpAjWDp`CC>9
zLz3BZj`hO$yRFPpaf$3T0w#uFUjhJyW(@Rzz@YOwNLVrW8`DkO+Q7E+DLIbQyufoD
z!^s;~b1Qd`-dB+lNczRX>OJ+fv@~^no<Cod!*2=&zdX<2C<TSIIgTS!Lg%#|jq%#O
zG%PE9jQjy>lQ|*WEzut4;5<jOCkaU?Dih%sikI483=+`^SD|}MMe<}^`-0_*9HO-S
zW#1by&3rf!xg#_)zu9yIW<_}q!nQSnEmXDsm7O`|Tk98{n%8qI*{WB)o)lHk5w#oH
z@UZGQ@c+L0*|PUCm076@Ph&X3?73(dNzLL&JYfR2btXEl>`l{sRL2enH0PuA<(sn)
zAS?$&14a89@Qt})NZBVVU8gyiz9tmd>hBs9aj@EMIQ5H}O*z$pBj=NDBU$oK+7OQ@
ze3YPne`b*OEehNwM(s}62zpFryQ8!0T7=}yty#x->=x%=B;x&%>c6D1owypBB1FIW
z?r*+OcA+JU)DT?<<=7;sNdX=U2aP<X(&VoqeLu_gBIY7&Q}4~q%~z{LjDp42^MN$p
zI1b-N-rsdC@J3c6y<}XN37M(!^^KU>&NnvN`6fw$y{|N5Yv-s9GgND9A7Io#ueg+E
zjwKz1d$W}HeUf3KevFdV?A|EC*^H?~%G@yrA1((!XBB63dG%YlN>>p1K$QBzNa{(m
zoBO#-(XKg54!+1d_YX7?Z_4qVOjH?q@$*CH1ABDM=1g+0v%}-s{UpFn1)CV&u=A|i
zt2r-L_1zPcZ#s~S=QALeFd*Rf*ku6t4-dy5HQ@@{;29H3DRbs|pNJ;$`GmUj_k4p6
zDP->wiesKJ!~INu^eK7ygPS4?bG4(D^qQ|Zkoz5Q62g@3Pb*OqLYHFAD3w`%@(#;_
z<dT$!o_mu|a61IBkLO`oAOHNkPt(Mr0&~6Tnddif>Q-!lpA_b@H5=NjdP=YnWcG)5
zt$%}Xt)B>zCT)pV)#`}I3GgGwx7QBaJ-WuM5@r&L6>-^Lh2Crb^-qw*67N{n7U5V{
zes+^?T6TjszO^Ymw%Gw4wwZaPfhJ>4r4^;dyj)F1x~>{)YlWGk+W2lo#;_WDA}DJ#
zG*Fkk8NNvaRaP_aCl<djnz6Ps{%+O)hEbrJaiNiREoJ+}KE#=JCUWD6t-w@Gt7&V-
zsDee{o6^>Ec<{)|{zmXU_Rrk&*YC-ab3gVRhx&_AHc?xDwNg%NYccP6l&#r0j(r(0
z>msjZxv$`(J~C&w>1=$RSoKoyxF;K%p_08O01e%tZQ?Mtd%~`YAc6WN7}B@POS9`O
zE6g8OE#5Fg-)0MwffwuXwTp*_uXuE3z%{d*B{Z8Z*8MD@2YiWkim935zSp6YKd9^@
zNX`n?MsaVA0=9N*OUll9($g}>U@Qk5Bz^gfzli6ACqs04p3gXDz-2@b+3aU;7#5($
zoqNwUGJS+uJH26QpJa4?=)$d_rHxy<6>>K{WsV<R6MCCb()=IA_x)fW@S@~Y<P^z4
zZG$v3DBdq;hBPC=y$@(<LSPdVD3*xF-_XXwWl0bZobOvB)B4Sga`dEs=ie+BnoyL+
z4TO>IG^Rw#rPvpetQY=6qAG@vno@7jH1vH-u+R2;vwniHnj*ojb97t9iYvU<F-E;N
zHaZ95et=YvU*|pZH&?YL<FS`ta@+G;`4m%pjZl*<p(l7R%@m=_SWDnf2)4aDWI-^8
z^V&W0<S$woK4uo}%Kwk3Zvc+0>!MB4u{kj&b|$uMW5S7TTN6%f+qP}nwr%J2_rI$5
zs_w1sN_XFM@4L_0IBTu5r;g|fZ_O)^5(xgin`WMl;UpRAefZfhS@>!hdKT$?&sLrB
zX06uxD_vO{pX*S0@}|_}#jVX|aJPLo7xqW(HE>*p9&*QFF&oqhMsbdmoe9;4g|Bv|
z5NB@wqncaII2H>?|BLGzad=@}vp|JJA<5_%)1Ayvtj5jrtfF*RpUNo#?c6O)`Ex*Y
zj<!mTl?L%H7(cw_ex7Ux52Av5I6VFP>4@O<rUy~9h+MzC_}n7u@71iJJi04ntDaa_
zRzYh(MjhbowZ6ZY{O1It7zFPS>deDzQvu%>E>9G@n_pJ`VV3ZN5|oYWB{J6vi~;k(
zI5y(oyC2w+!dcZ3Z2Ftj8t+K(q{f`Sl?NZb*qox32QR)@n^?_v4B)-`0bGcIQ-Lst
zjb>4Fbn21IORiZvdS1|{Z1{9}dgz$&aJ}KrkkYuS*VJ4R9pMWqyXouHui=bC9>=M=
z_opb%@sN;ok^&18Vn_FLawhYt{vxJJo?}}&6W}9Wx^n7$M5zpS_mRp`zgYCxlr_DT
zdwCIiYsVd0221s#jBa^qhZ?hcrOBP<<UwQFs3mK>y3HIKXZtkkse3jA?77f}II3YA
zGF!<=!STIX;q<iT+9DsJ1kG}TuB^-AG}KyRH?8{XtE7C5@2ctC{p<C*;4C6+*X8FB
z>nTi>PLqqQ2O_aUVJmrIW1YdAV?e{}@3GOMbW-<r#YapjkJ?~__#}RZ_a7JcctR`2
z$I^F980g&-z<B!G3!+m6%DEXBPnW79f%LgVM&#e^^mQQ{o(+7jkESs1a`NO}rh`sX
ze*<JwbFF3+l2+jY_Ks}#`O#nr@Zkw^-pwnY>sKI&Egkp8TJpGM!<V#?6n5$5B^dqJ
zdW7&BI5ud5y^&0Sar3a_lij-C3H=M#8!XwV^{xrx-L_$qu~=p?LT1|+S4)%cZyIMN
zXQQA#a|IhP9x?+T#u)p#=9u0;PSQ0OFaC>#ArbSjJ6r25!>4~8iRxr^8~?EdqDd%C
zz@G~#rKg(D4gy0V@Ph<Gq608<9#i;NI9nRt=b2<~b>S*VcYk+>LNBFW?eepLNT5u)
zPgwJY!?Dwazzd70?>{4|V`z(kcoi8v?%&+)x_mOsfL8*Rvze(i2q6@8rRtVG)?Jj?
zm#RS%+ur)<U1@>qiHWT>u-AyMUPHfLz=Iv#&dsjN(|PYD6TXP}_xeckdW(rIuK>z;
zo!4bqCzfIu*>kH&xiMTSl6LK^Z0aP9dIMXz_DXo9RTgEoMKCZ{4%d$=;<+HPv!bkT
zf(0R*yHJDy4S<WzRuM1Onr$4VXm3zWzD_jmpq7Z6JbTAis~&Hi^eV9aOBHoNQt)qJ
zpEEjK;<IN7-@;|)ANxP1+22%pTkIRNWt-v^=ORU_S`1{BcHxP*Ad>ssBDN9Wzxne<
zv<b9(?I0=u?laJV*XZNYf2a7lH>N<QE@kXnGe3T*k+<khS5`H<4Ge_sI?h<k4%tDV
zNE6o=)<WEy2leC^_X3>sDr>ubtP3pouMeO^ah^;bj8AH>8}bT(8d5tieD?Jm2dRt7
zu+5(aTA|^0%&!Js{Ni$>;K_S?sX@yW55A?7a6Xskx<@0E6_s>kl+|~-KsV4U4ixwj
zhKT%x+Ks)7r<W|0ejAjTNrADD;ycDZgf*a0f_HAfN=g0ncx9>_50@sW9zJU*`C*=k
zDh^aFYng<uE<SDeL!}-<L0GwB0?mmZ!e+V-|8v+1mGCHDsTD}zg>{N~TYGMq+ASf$
zA6~O7u|P^VZ;6o8&ER%44<-nWwOt)M_<d}A=A;`FKQ@`p`9Zww5No+QWn9jwuA+)P
zYs)Yn@)h7CK!)wxBNbO3^7;-xHV#*(VoM6=5hv#oH^_@DneI+celqMlF-_;+Hw9W<
zQj_q(O`<cy?9|2_DpI;mch#EmN6+{qKfmCeI#vlv%E7?>WOe+tT!xw^jB$do#h*`a
z+?_9$c~gnglQMUYH}u4un#<gUEBpvo0~X>tzxOLzWX#R7F%>RQCcp6@pN^5U|6*W)
zmHnMJEY6{YK%{^-Oo9_H(OmwBIw)z>C~NA3Bprw^m~~bZJ^nGKNlcAI`5ecDj7_+k
zvW_b~@H6h*jBM2XeFoB}<IstCuj8|o+^yr#<t`qwDIO+M5^I{Ha++7$#EN83Yyf@S
zTXev^d$%CH?+{^7nZ;Ha>-Azp-`&!B!|b$>X{gXRs-4Ly##U(p!83V|ExO2w+qrE}
z@PoCRg-Wbs{U6+7M~3loj{vE;s`Q-2pcAH{bt)eHy|7SGptuykdA+5b6lp;aZT!+D
ztFyC*fsxC+Nc7w+G+4z2$@U$Lv4Dee`*%{cyh06E%rnL%_S{ILw$U1M#DD?y-KN;o
zRg=NJE88%h(6)}q3HIG*h8?1@AhIKjtE=0B*EN&CL44#$j_rJ`EeX$5x`apXY>CoB
zqnN|8W_Wn0j#<d^2o&bCO>|S^7$qg<H*k@wsv@jZFM8aG0CN{$6tH(SLkT6p5!Yw?
zg*NG1?IlD8ea9dV-7j$C6c1z#wSt^XmnQA2jN6qRaxB(GW=xX(x8e=su#6`zh3xo+
z*4G%6|LVE|H|ZPgE$A<(TNHpwRPEcVf}CXoM6bAZ?&M1<`=O~4HxgB=2};H+m*%`U
zN60iv6|FmOtYfEIbQ+~qp_YQWSHeo^NE?+M8kH$BZI<qDjgF}Fk2%GOOe}HoYsDR(
z=G=S+^8W$NZbsp9EMCDGw<}avLECM*iy7$5d4#)TXP~AM9MWS^9-OB{0RR1*XA2Pk
zVr!8Yz#~zZ4&ojP8&23aqEc>DHfwK*_1}N>kX9#(`Ocq{{X~i_O^PoS8&xUaUt(ek
z`aOv{`o?QbTu%C$h)A7G<?J?_ulDIzi1@0RFX0+q$%v`$A<Eh-dPRf6KcC?mb1=0_
zX82+Q!}TP3c}@BnmIQS$2IhYAPzY=-?&}c#?19(8B2qVl2>j4KK6Ml;(j=S5<hsHH
z+CZ0SQYCD`??Wbi)>NcOQ?3YyY~BLjm6b#}rE@YaMcHZVn{t%@H0PYmJzn1X162C6
zC{m$-dvGb`A5CXo+79tH1IqVYhF-!!`QZ7!E_2$qiD`)gsQU_hJZshvkj_<a`l7-+
z_Wy3*ttBp7vNlo%`3S8t$(}BAMy5lEo#_On+7u#wmZC~XJn0@s=D+=l5z#3JR0c_;
zuQ&rFha%XqfQ-jDDwM3L1z=z6{6K)MleX{q)SehY#e5-vM+l-YswRcq5=$QQw1vpk
zdllHF(v?gETYac2pCAsx?WXO$%Vv^%GXSpr&`DKsjD*G!&8o%)0(a^(rLQ$-SjUn5
z%e9KyDo9}<mCi&ejj}it>rVy={~(U@gfc1siM_HI^W(t>_6JnzEF-g8OzJeV^8~Zx
z60^S6os}bw)dA##92Yy0Z+XDnLf1TzEjuc}yIKyufPUnmO61OIg`7VTCUwjPl6fYd
zwSKk$JRbR8kc9k16o|A?3Xog}pF~~Aqu9h~$yP_`qVAA0qj6jeYi+xlqSGY<(?OyA
zoz~sfpuwJPWc}NiFNRq)-S-4a3<X8etFe?!-{QMGP=QjXaS4iX@!z;f#Um|87~nQG
zxjId3EQsoFim5@x)m^t1*$E#+6`)nZv|ycP^592xNlqXcrzVs?&l!fgvR2D1!ACc<
z6ljB+s4E3&D{vh6<K+gN`Pjh3NW(weaxumvccQM9tuI#zO{By+RERQN=0Aepu~V1)
zIOv5a>z{WDJb&2hOLi!ff+y-37YE9`F8fb(?eCz#4PP?Q`f7H0ac#UwLzjqLI3piw
z43UbpFOxBhBr~)OQgGNT#`)##akN=;h0@lQ1zU1`0m6RgGlM#Ks=A!wlW{6R;fqS8
ze1aq_p<+0CxJ`sI?T*<2P-~^&(DSqd;07p_K)}&4x=j--TQFTC_ueQg|CxVR#mxAg
zQW7PfoxwS{3+fCiAE<5;OVoX+{zp=T)qtv#2ht5mbRSQs1RjPP<UwE4mS7~5^EAcs
z*0z4wE`!6N>QwO3j<~W~o|taZ5D1sHlb#4e$PxME{FM>7qUS34mzY?R!b6c0UZC@V
zh3*!V-FiVb{}xCu8uL$A`4Hmnb9o|QaK2?3h@+dW2IA;8AKFayV&lty9HdHBEu=<h
zH%e6r)Jpr~J+%RujBY>zq$cPMOPqf~_6#c#3iAUED2{6aK0C#D33>NOKK9TDEC1Oa
z`u(}3jq7SA|B%K;{|^a>LH@*pVwMt>L}f4|TMU(Xy*SUa96jkeF)06!PfKddd(-`0
zx5)Z`9j{DoufNn1H4Q3M_b@mUqp&!HA8c`KQ*Dgz%T)!feU-jm4|MQ_%)SvS1KDY{
zSm(u8hNPv+arQ~_7~5Cw#A)H{sbM^?gesWS%!lbwJTLic%&|%hTNScjfY`W=s7yE#
zTxx0>i47&j#tx^RM}K_6-HgHLxU;FUxv+e2K6ko~@*hFimg7aZ$KzJWzH?&!pbTDg
z3yKiL&JBlgLK*T@6@tBcq3##wQ8K+DS*K$O2(X-S`?hzF0J`9ym!g1e^srX_rZ{w?
zO}s^*oc|SiJxt#`RWT63fanM$lR{1a!H9uCa_ZV|fFOZG*)?iBjbkH`yke?!W}i`&
zn(-A!V(Wsv%#nrakq33EGH>d{V%bFGe<W2PxUr!c@@m{Hx2d$SwHowwb2NB*FfjES
zC-J*pjxooS5vN2E=jBox@TMhZ;3F9_#tBPG><I+%lZyr7m4>r}I_L=_<)_~``2mTk
z>cEwp|L&#=(7(hjcV;7W#c4WSlw4v?1~it;jDHKW+EE(*&QCOs1Wsj8|It}%AOk9B
zfFxK21n^WkkUjGVNFdU{$Z38E-I8}iOI~e$shR0Wr&{V<LKQldBz3M#y^!@cfP%SD
zwOXqD-`JlbIAzVpvWBL`9_#<T*q97?HCR%y#Tf}nw#lU>FYV_eLPd}0utDXqp?^vO
zq@q<@qSx`>EzH<MQ%orbbL4C<?{(OQ#b58O8z*J=#Xn@r679!)xi)!Lp*U1BAAoJD
zHe%dXIfiOGW;kRT|IHLN&g>uMDh{pCT&p}jSrELgEZj_&YPVSulW4b5gBs7fx8z}g
zIyVWj6{DOG%!~!h44>fPF%PqiJ6RqgiL?c(PTno2{GM~%hW<O^6aJI?M7r@J8Ff{;
zGMRU=_imnZMNs4^LE2@+yZtBoiD}~oa90FA7VfCnSuzDLpfsRUf~qkEiT(_4!}h6t
zc;%SYxoT=-xpplHd9j9f5Z=}mEjTe^U9aD33$1c$7jde=Bl{evPUT=3d7KF%(b+_U
zZYDP2s&vbbQ=@#*xCgYcqdlT`<)7Y@H8wUUSaf0o?nB5>4<VX(F`06=WkArhaYEf-
z%fe2znNCEkawtPKfBR!$(#fC4xfil2J>-4!9MN-7Se5VA-o!X4N@NyhC(cnQbVgl0
zLl?q7BgrjoNd7kgq7ehO%<J9*9&4Ldo_$Vx&*_t_2HuwzX(WAUMQFa-&84C9uPVcB
zahMVm?F#Ikp|y{txw6_KZvIYnZO>_<@SC2-h++32i6tWZd}L1jGDKU{h}2K*s#DyR
zs`v8FM7F-dt6U=#stWic#Xw@Gv~7wbjoX{RFhr~7FogRKF_3OvM5_d(g8%1qWnfGG
zJX*sLuf+i^Zf!aMLB5=L!0RRPHAI{p{<0E&aY+;q_fw+Cz{FLh%Jn5O48bWonw~aP
zQkA5rb6F}vLRA*4Sr$8E+@wy6kPvPt`XBGfB?~3$gSNTP`Zo%}(6elxs{{1*D1?`~
z=5E5ZQIahYfm`RV;SCjQ_#CJ{L6pS4^fimnbV~1_nsS7B(b9=|)iE&(0o`ZF6oTbf
zfpG~iMPazMU{m|hM1qCCEYXb%rWANZOGme795jyt3y~y!Oph!^_KzGuda`WQ6Kfov
zGHkZQr7x;(7I9sY8|YDR?+9*C(BLDpK_U2o#`YDxU?2tuU&;?phV}WQJ}Y(H@z!zB
zPAi1toZSykY4UgKuly&n4^zso`5&h>=J4N|QT&~W{GrgX38T^TZQ#lFyK+1@!W~9#
z*x<4KW_t}I!zjpx|M-|*{R|F4@LNV^;}_@fiYK9{z3Da*lauB*6aY~la$OmFHIpOg
zU<MsYAu=e03X-dUf=h$zrv)6&dj#H4!Le(GIsI%2k456;KOxeL$j&YS{w4MEhDd1p
zae@5}^CB&ob}4~$GLKdy?-I9YB<1B25O`Oq21FK@-~h$;vX*FT`cc$4A|{c+3N?eZ
z)Z)GCo>1S;1G{_N+`z97y8OGxC@}+Wt;ZNsqKFlmMjtgz7)atq=F;WduPkznW~Pq%
zPD4Td6_foJD+S^vb+AD}3*HP&V$zi4(-Gr;7d#ZM^jG6)<pXaw2X9T3oXoLZNuxw>
zKBC;z-sWm}B!PntjApgebTP>cY;d6RwiZMq%|Pvfv@es`t!N^uB?qb{CaSnG>{1~M
z1AEH#I3*+nD#@_zW@-D4Q}{%1)wFK%z*T#tIZ@&^v#yIDdbq=n*D#dSMU3qVfpiDw
zKmQ4<;zoith;mShDeX0i*>4~cpuqohVD!v$O<-`P&HIHrYz#~w45+)UU2T;NEu!l!
z;QRglrCK&zl;~e_9BR7aY00-<shx|^uVOX57P_Fe2G>>YifKx|a#@;@Nh=w43CW_)
zP^NvA3<mvq8d+3SapT&*id9OLml9GK{H4pRP^~vJ_!LVj?=?T`ylb#Dn*u*A;jh8v
z@(C+h#Wn`*#GYt?S74$vy$WkQQxnkg3E7>(>J1}bc3Yx0%FA^Wx->X(xEVF(BKf<@
zIf3RLR9e#V(Ae<p7F}jSv74Atd^Tk{-fhDeg_wR`0#`~p{vkCyDs+uQZ2rOb-sES>
zyRNW*QAnTxA64RO0lG>b+k0@b2Fnp>cx-}@rgp%;P{UN-dbTnZJlr{XY-$wYZ7242
zwy1F`;L=iUf~ic8YNf`7or5v`^T`QM(mR<RuoNdLw2ig7)O}ZqRK#0m4@XJ3cT3o?
zjY_x_(pePLEgyt@1?sp$x?iW8C`T8IJ8Q?3I|0va+9lbZYsj#V_Nr&1@7w^T?;0am
zk&n^u;jQ!#NkyH{eO2cE8Tj=PdN5*WKq##caZ8?<%0^q8Wg7MgM4n>a2r(FaPXsPe
z-Y+(4>N!$s#wsk<yfEoJMZ>+gK{{%oy#Q(SyfDuf-c4`*W3^1rvUbQ%@9pPk*DR<v
z$7$Z@tivqNt4giKMc6OZco5gKVD3~QvJJI9?q+j1>6hKpWxzG;*ynP3X4v+}9^L&i
zUPtLiQcL+H(Ju^7HB}pi%I@py$h~1uTZL{v!>t=cUMVPZu^t#cv4pAl2)}W!2ukaP
z2tShMgjF<}E*D#H&wN?#A@m1j*2{>gzu9HGGR8js4RDT@yA&d=hUNc?cY`hACN?4=
zh+RoNenorc3Pk@wYJ^#6ViiR8XqlY(SNisXO9oUg;rv8MBk24a8O6)15lv>BFs?68
z6UE+0?spxpeZQIg+O5aTw=U&{&_Xst&%>o^fcUXi%-Z(7CVtsMHsLk;U8#7<W(LRp
zYZbH`MDxQNhtgvl*Q3}KZhqk%mqmN~SGPO>yV>0c<Xh?dQ<{9K2~|7IX=(Y$M%CTb
zu0=Iizm7_K%Qyc5Ws{PXiCvj?0kE})%aTB_9N|aN`I`$@XlR9wtZr9h2t5H|7$*~E
zHHI0&q+dAoHHdZyA30-i<|CAjtbQd|Khp~F5MGtvQQFR<G;fXUtUj5wdpfNQvEAiz
zZSlRp`}i4bOFYH1Ts1w3j*OvD!JCAWZ2NMHGlAWTs{VSl3X5+kVpDbJ;+;GeB&7Q{
zSLN@eaxveqrZUA4b_A6EEn55QS$=e(zujlJg}&uVT6!D8`*ZcZbytd&gorL0jD>>P
z+cvYON6j)nZP)fJf+WpjZWF{IZ}b`heDw{iX?hF8s4k<!Pov4y(tgP_Vey9{2U;Gq
zR}N0sH_s6Pvf3B9?I=HGn8EmV4Moh8O~COwCdWhP2CN65UoM)MuvMHnd@RG@xw04`
zjAw4eOobp1WsINV(NeYG+!NYs1P<gx91d-0f921ZYNg6(BS4VbAk=1Om_hcsGH!S`
zB~Bg2*sm__Xxsc|$4P@eZmljEyDUuUQc2Xarb|pqoa1duO!3BVdZk16t?CaRLb9c6
zUQf?``<)jAMo)o4$6Qz>IRs=DoMUvjYmH(|aFYaaraVLvv~_QZcXBRx(OvMM4}(|E
zgOj%(FsupB=JOKpr<tG0-u&kRW=PoaJWPIQn%CfHmRd0MvNB&3<zw;9i4tEwQ><W<
z57&i`-N!w4@twu)5fNB-y2B2@5Z#iaNI{^w&hd>BfU3ZL6sV&R8O5z2m=^RsgV#yC
zQ2rQN4P$<vCC+)-Id#(1mW*Kz23r)2h=24f@ULk??ZFvui5T@t_$pl=&1hCKB_y3r
z%uqAjdfWYxLRZu(R}&jz1)d!nwT=>>6E>Lm7&>m-yj!r+-mMKKs+XZYx-lw3Y;0~6
zPP%U^=cZoii<aE-zdh=iZ$lHBD{79!-IQNL(dmY}we~_;^rHk{RWLW@3->=uOa&}k
zqNE|pLp<+sr1Duwc5X$=fJl_JJf~tCxR(UrIlQYMb*4XVZ1fM#?by!NMfj94?tqV6
z!og9$)0I!s30i3zM(ZYv#EpSb(=L&ug&OpQC^iEM0+2BSN&6FE;Fq}ITBr1jh#V^>
z0X`H4k`(lsMCpRB7v$br(Ph_KUMnH$#mbPZPIZ+Uy?YI*JyE2II<;~yEkM`DBLYY5
zBZD=<0QJU&m<;3^=LkVL;j020lz(9p^y;Be)SNU@8tjIHR~b}(jbY-!k8WPFg*!8h
zN{m-Z{LI~{fT;B2!EXRu(h1}mugFmFf8X-ev{yB1r;K!`*F%$l7E8g$!wM&_Dm6G}
z8k9ts${y4O=L{b*A!{kZZ~7HW(Ly|F2o&m!0~C*m_CiOx8nikdlzt~fL`q<>Q(_T3
z!6R0Je&;+5&Td`7Rzu*Ok89=)daeDZF2BLqHHZr-s}g<?sGS)|)?&moEMR8_#EL}B
zG@X&0s^^L;r5#R<bI)~DUtDX^7RpkE9=Dg@EZpa#aZXL>4h53Mm##^9*F_ir#W@Yh
zldzKK*UfIIpI%&enj^w}6q!TVMaw!hvwjV#(2W(K8@DRa^keW-v^c=S@6F0q)R`<4
zN@?DVjj0&e877&v0$+$PVM~pqrCuPfM^Tvehr4T>6~d74MaFgDe|v;@WUgPIPO1Og
zbm&fwA|Mf8#^A?2qg(``r%=MX8RN2j5<E3a%e3#=4{^g*Yy%Gatpa75ol0TN_`N>@
zaShI(rl?e)s<tzvl&aN^B!7S+T0N)29jS0@)$`WNFl!-__C;TaI~XETIzQq4gaN<8
z79?a*A$xK`Q>yMyoD5}vTTxq9l|z&tphIydElTP`%i7}CaZ}l#<IZ?lq?X?p_XcK|
z0=_tFML{VL84dK?C_>T@rL>1SX4BB2aF4>jKp#7}^umR2<!Vt%x=YZM@IsLm+?6*B
z)ffl;-$J--rKtY*!(ErKTcHaKLnIJd2|wQg+U!DSFNKb*e496}E2ZtvIGh!39cPK8
zIQ*WGsUTj)1-J12&TR&Uq1<%!>WU@!$VWW-aXV}EJaHX^Exn=AO7*jl?2NQ6kxEtr
z(nd8g?O0<`e?20lf#(yD!)f<WgeJHJr0P!i{%VvmJ*MteNtVGc!G?k@YHMAJY+_pi
z?MRmxZ4a7tF>AQStEg7|JL>{GCT8WpeDYgCEJs&J{}6V<KcHN=x;T~?`ne)gA#&T2
z4DS8+?W}RInIj_rK2@!JgjP|G5ksvMtJvpME7;?WTSJfnCEDhV9bE$p-Tvo#JHoll
zR7*3dq89#0K`3dq;LJHa6qT_vuTO$X1pRIi73-O-4q)lyuZ^b`A`Ukn^c?|`yUU?;
zux{^vNDz8FgO*`%Vq-w?eq;JX{=HI%YulEWGR|qgoCRs2F-L~zNR~*oYcuUT(S1=4
zk65yV*?ERa93M}AQdKtAvw(k@?9z|p;&MymvIE^-Sx%=`Tr0(Pg^iOsURVSy(#`q5
z!H_}}D|g%Xtn$Grv?&37tE>{Lqdw!Y$=X?oN4Uft?B@O5AdfC3UReLAYxnAXHR;i>
z?o1uP_z4>les60%CRV4YK&YCn!`nD&Wh7T^Mam7D7+pR+<x_M~TjHkV?Ly5o5mw?c
zlbwrrq`?QN(jg~BU*ou1W)&iId0ydyv_KqYL~--;))m>p{#5T{V<lS*+3poYlMRG{
za0g!{!No$XN8USv5?@*|8S*0+QKV-c%40pxDc1yCyR03~_Qcw#1nvbgmdWq>YCltv
z(z^?Z5sZL)1{e@k<|Z<!H4fuck1dDp5z3j=M)+4;II;IYu7s(FK|7l`1FY=@uFbev
z*3{?ChO2*wt>?}*L7r*J0c34C59pGy@YQdUgts)geho}6DhU$+E(FC2JfLgwNi6x7
zA_(D@hW@U|fo91Rtc(WeFxFWnnPeEJq*-K!A^6SY-E;|~%jMhP${A8)yePD&-0O_7
zp!(Y6HONH<$XSAC;y`3BL36Rfa#fngJ(<PnroTyZGbs>WFlhS(zNq+a!x)C_9X>15
znmg5NCb1in(2b{;LH%%p6<ts(@iW&t7+X@S0eLug=KROddT*F2tl7G*0?D(fcb(wZ
zJO|WQVdCaBw}X(4he!VsiRaU27Vp#@&EUee5$}0kux{^jt7n#WL%9Q?47td+#X4Hv
z7RKtd&J8NwBhRN%@DY<$iSe`JRwWI`AmTZ|Aea;*Fc`&>x^=2B4xHoZ*#`Rx9(RH}
z-DPhnZ8fS1g3JHF8<(%!lB!qqfWaR0(lVb+kLNZbB;X(FBQklKl`8M2^s0+hIgQVQ
z@m{R;(OY8$srqkrtLo~~>MUbvA!G!TBU0ksnf)BQcHCCr^^wa%^IQDndDljNI#GAY
zZf}fEGxnAs>EZK!%nb~HvS0@xm}^eh!f5(2n_rC%@2$aK$vNn$&u|#s`5+n}@Hvvj
zu@l3mE33FxfDOw2j-~ik|Af3V?%hY&EVx`Psg79#c+5B<IysB0g0dV6gwWBMdqf&I
z`4XI2v~H|I{6lfZxhgrc_)|xIIieV@jjP}sZQz9G=gC=v<}%hF{Kt$cG^fbeDkQTZ
zsFW&;Fu_~Jy$D`vN?gmvIt0JKlH&y;!Bt45C!a~T?h-3PbUos!;AC)P+<|5>p}{Zj
zf>(~ekIEiRYT-j9LvYn;>TZPit2`@k-6%OX;0FJ|w(_;MNZLs1Qctzt9#3ZOoRHXW
zWatQPbn%a#!}l!vLx;EV$UY1*XF#rJ98qqlCLvyiJI9O-LswdoSpr;Zd^F=DiyzgN
z-#aDgdfG$Lp*A+wlZ{l(!BWwoc$Q32rT7<`09jq?FIMn6>Tw42J6yzMOE7J11?Pk;
zBsuEp$xfMN%3msi>dlL7Tz=<a3EB)NXE9aT=0nrqI{0&oi~2{fZCsU0tdK7PwwXo{
zI)(-3j0Hk(SU&*NxcP2%Q?C?oV?&yiR)C$)PUkp`1ZyJWXmSiC@qc4ag10Q0_wr~7
ziS>*s8w*-#(F%JHotoK^#kF?R#bg6Byj*qeHJDfMlpkQgfD=tbf+ik%6^b`*#gGYn
z&&#AEz_)S`Kp?soFCO-vDcHZ+O0HEqxBk^3{#oXwG6a3voKFu`ILmb;`s1sIC~``a
z$q$P3%$T=Of(<&~spSg53brQe*Y3d=kpl5Ra2&1q909=ee0BW|o5RYq8io#THPVn_
z9s=+0+qz<nbOho5sdR_d%MlX6of;tx#s#dh<Yps^p>^#>;QF0$2<hE=e=^`zV@G3l
z>|89}41svYcb#qtZ48Y7yq&kMXa=k!;LGPZyQ8p8w9I?L(k%1-s9H5wSb$uJsukvZ
z>vAOmu4D@)wk8S;(oUlH^gYZuWUwkAaVio_WME7Z-&J|%3&eUbp9<<n_1HU!{;C;H
zEi}biYMEJ6ua6|s-6YN-<EUuR6^OPq7X?}2qO65O$(pSj%bQ2`6BT<l`#@~;pz8Qg
zy)^f2I?3&u(*yIFa9}>e`?$8M96{H6H^;wR!1~#oV~&*R`c|isU<$~}Wrf&KzJ_^5
zXRSoYH^<EmUiK6L*v{qkJ5g%0KGXVq)l*cu`k|yT*!QIAZjm7u7MOs`0LK`YI>W8s
zKj2)gQ;rR~{AjUx2G{TMw9veVVO6ZY?Gm6*kDW9ZLDl;!89u!{`K5K@*SZu))si+a
z_t3sgLv@k4BAe`EIj6Y56RmEdIMaXBCBV5+P~zoEaPMovs}da@w<CKsz_;^rMH>b6
z5_1IQ+pgCp5*XO`I3dKu8UGU7Z}*TQ=uCgC=bjeTRI_G(ybxorL%b=vYRCiQ6DsiN
zq2~>St1(5Y)>2pldV?*{D_H(|C4%uNy%XGEWnU|%Rbhk5pJSgbm7K=8AE091z!Dc$
z|IwvJ%s-{Xyh$Yh<{`So)dhM6Pvye;s$3f4Gra+D+77+wlN^I~g5^Gt<4%78FBHUs
z-=rLUKgB=N@OD4eZe;OhaG?<)`b_R*@oumQNu;hVhn^uQxDEztJv5^+GEQR9_R|<`
zI2gO$5hEs<$<^l~QnCKfVJB5!kgG?KFS|{0=%#2h>N}8uilb7oDcMOyWH`i`@Qm6?
zIXvUd_24VDu-mp3fZn(>5W?yfv&1O>`Qwif6jos0FJfX1%sU9py9gN#0fdBp?zkQj
zRM^6Hn$w%Dr&rF~eKsEUfUXp690+aMf&mMXi@A;A*QuRWEoZg1%t@YgDL|K4!HK1q
zTVcqr>Y#3RUo2^+w;!yOgf90R3sXiUgiIc{TOGy3TbZs9V+U6kTRhOp?e(7bL>Zf#
zzP1F1>22?cLhcGk^tk8)Fq${eFkS4?o~J>viflHEobELD;=4X?A!6_Yj9Y;L%#|_9
zgYYMmMNUZG%e>efNUIB~))8%U0SGTYWAS>LJY2z6a<y8uh>&mP)XlqcEg#Tq-qBSn
z<z_7aRdW`At)f<t>nly0acC5FMZ;(E+}aLfk$oD`boE-FK3nYd*}s)g6;1uR5T`>`
z3mRO<<py4T{}!yB5fqKfG%R;_DgJ(YafkF}rCmcp*b>hrIM8T7<tLYTq%5TsO8S}3
z!wh@%9h+;;69*-q6(v)-1%@EJZSLptTDnp0K!i8S?890*Ax83(u7S3G*C5hV)Pi<z
zVgO|-KTPwevn4At9N~rWvEC}kOZ8~$_~r_t9}F3(D<^6ZuQP=ewHP`^;NL%$d6JTG
z))&We^p=(Wf^<n0aO`YbblyhK6{n%p%o8l&1E;vL$xQRITc%35ow2o=$n?_Mby}7r
zq?LD?sQ3n>9=G44W?m6VUJ)}INga*#9$AvokQa)$<f}P>(cJM)J>O1GQsSjz<-bWJ
z;ube@aJnUw&OpDHI3v<dc62MrcZB&^6+Psb`6z%dXXJC(%vgZgP?nS9RL{mOLq`VM
z&Mr__ku*B>7<$e9-_ZhhC@aCGQSMPgG)g9^%(9OzsFZ3u;G`rk=S1ub`n@n(PA^4h
zCf0)woH#8S03h71i0uPHmD{l_&#nQQ^reqUCSKAC<7AE0jm^{$jeYLtC~-$T#3hF@
znzm*`?BI=fO6Qi7&?l<p6FSU`dsw_|eiSc5kcIQW>^~KFP5Q+MKN_weK037ww1*WL
z<OK)G$_SGQXp7c@CDh3l5ry&xBDr&oj}K$<I)oc_{LZG_hddK-pdt)Pp**nW#>DUU
zfV0??&1`Xn`|mT3X}6q$bjb^E#U>xcIcglXn^Kt^&9D}n1xw0lw^V|3AqyVj%v~fU
zhkupM$<Ih#;&ap@7TzjNJ}UovvQ~uM3}XSYd0MHe{>e*22?=r@x&Xpal;@?9Gt9TJ
zacTIV!SHyJbgIbi3KD`w#ixD3X!fhk`&bQA&9V_r*W`RMFW|po!!7x`523Ia_$#l4
zb#?_`9vA#QJO8usv-!|FxTFoVFvIM+PY-ukLW?r;b<9gK>;8Oz8^w<J()aME)o;be
zjBoQdO9=2&OLqGno6pY9JQg8edo(+l@43Bt&+^Fatv4eI#V^EpIM%`GOIA{p8gZ!4
zh=c%M?w2d<(z#z_boM=;UU1-2P?lmn9-S>9axjf86N;K!Wf;H$VQ3vxN*>sB<X>tK
zo0BgAJW~XaCX@0OVH2W}ChDfTlmPdn(bVag<#Sf#(q#q{0|tf6Tx?L&<-a<^xl2UW
z>qP&vvA@ZOe@>FLMP?qhJjw#>aiz~f*u1>L_|Hbf#fXsqjIO4{Ob*dFR<SQtncYZ|
z4A`2TI(JCO0`@n3Zy56)noPjGx^+$_Q}#9lGFx!L8?}|r6(?Ux{=2C4Y=jngqZHDf
zA+@ygY!m3y!)oxH*(CIfH*gA8oP^fcu40W25@>WKF(TYKM&WAOkPCWRL%M`O(`M37
zF~K8G*@=T0HXqstN9%KM3g@yf`_CCIb4>6k|MO09iy;z-#(<(>I13bS+3HC@>qlLL
z8lBKg43CYnXBt03i=Td%V^<V<zi_yf_8lN?ijNq3ps`azp&=oyd-YzYbktT@%IV)u
zbU~w+wHSKhy*vpM$brT_&1I8B?usU0?g?z<gM#bRLFLn7PHJ|jAdu;i^az1+BhD;k
zAcnV3d_`e0<~}5~^fZ8CW^792QT)Y7o`MC(W<UKs>fccDbr#{(!N&)6A=W&!=jYt@
zZb6BkYuf`VN9zc<V$fNrxSlK9v{C6?G84m%gVvZ&YJjlXUMdHdqA{lm1?ZyOGUYi1
znt*p?OFa4^iS}`{{odr)QWnJr*-|X5Hb>u3IlM$GBw7FK!2+3AmG7g|!(INcm`*fC
zrsxZ7$r7Gi@%=)VYLNR0bz?(JcKrk00X!(quieSD9X=>-H!)0S*a)4XmWq665SYFo
z1VF2Lnx!)}!^4@2Ij`ysL+pHU(Sr=X?12>$0&P-XE>uMvUR_O~-2-SCMnWEFC-tc^
z$)E{!6%Hk=3UO#58vprQ99Sx@a;ccY?HxLQQ4TVeOKr=TMBc-R?Tjr{WWlz!#swqX
z2osZmx~h4I0}9W|kl~2HD~oh>dZI%U-XxF@;&P-=6Tm7EIR%irGmJR>xI+`ReulbA
zc;TXE+mM7Jbs;ln;sLy(C2pU=cNu#}Yi|s2K(;BA_PhmU0*Q)#R>TaY2NB=`55R+3
z1g{e`*wn%nC{H_+h>!x0=a~i|qukKCY9?Q+XxN|23&ix?oJs3MF)EyEkTC&A9CW&j
zw*H5;D(?C7L+Y=c_by&`sce;m)a+=g;BBA{OucyX9*XC9rxX|evEc3m<yOI}(Nt+U
zLHXf&<L5Y4n}Ba<tDzQD%(H_m!9*6OtYF2-f9@W_yse-5L0!pmLfqtZc82FaRDXum
z4j_s?zM*|CI`mk+6UAsP(F^W|bTtp<I!y^6(ZI$K8ksjm>&XpB8Ii0?@O-GlSy{S%
zRbA{SZx<0YvuWTfG?h<3y{080NW&%)ZI$VA&&zc}P-R8>Jviv);)m*$PDiP59-GtP
zg1QUv>+&+_A>0`}{uW+bg*Ib<+7BjTB7b6cf-qO|-GWXq@@>;DjWi{>SG}b$(IeuW
z(W}870DZR;%*o*IIYB9~goNe|(BPjjQ=is7D+&53F^qV~n!|#`+6Fj%$_>CFTI+X<
z&cWlD0KPX^UnrW0p4|idP_14(=Ev1AuK%2K%Pe#OAQ;ZVFNJO0-zjqeaX@R*g~&Q?
z&A(;U3Tp0Li5nSdYugNJuI#f_SwOJv?(t>w0QX~a<jx|9l^UueXzMF(wGTDidJqJ2
z-ntb%`=BYY_u`9}4!Kqyqhs}+fR_){ng*~UP_SYEu?gBncBAt^+_{nq_;h5L9>NUb
zL2#?`*}MaTV4qE|V)iY)mzP=}yID=ShJR5{i<D<v55HYC)WYVozN<2xA8casLps-^
z^Gue_?D*j|wW4+evj2Q);1vvf#`UAP31k1(TnoGBG0pPx%S(S6d|PrWbA%^V?L*WB
zG067>6YaAfdNKk#WHeA?W>xLTgybmB@86>qHfBAot(Iigx;2gA73Yst&a5eGno*MB
zCZ<VR(RH;s_>2jEu^rOMp3xNl_yd@wCMJ^@Qg^P#$_Q*y$)0uA<x5)gH8s>5^|W(!
zTG2JNJ7<y|CMeuoqc7spNSEzx!t{tSZhoYfQ{DLX`bCHHII99<$FFW#>AzOgFd7)T
zel^vNG=ElLHxHK>0^3+x#?NVCpqEy6=<h#)TdyZSCBM0_@3cKR>BF_uc3$_1B|@Hx
z6M~4p5qJxf8Xnu3mIcev@5oCOFUW&uYR{QtohIOrpB%t)6>1j81Ki+F6Iw-QMt^3C
z#mJ?i1jt3@C>J?%4T3lpC^J!<pp#?<$H<NT43J|KEH;`!?Rgxn{@ueKCj=8pAd`ny
zguE*r!k{AG_R&Z(8MxLHW@6`Bqgi29Ko%F-upsqLoBQ0)kF@C-7CKbFf$;X*tVide
z#0Rxz?U@cXq3D^~bD;`?>~Vh5uhZhx!d(^(Hv7G+BXVwQi{WqHuTJ$55))wvaRvRx
zk^qv@8cmg6^F&z2ssQUkQV4@!u%^Vgfn?v=X?-b!2Ii_i%&%}?l=GE3S$LCTbF0wH
zwd8t<(MwKjLRIU4Wz^TLJJy_r)qV;n{d;$$EkCUjjDFe0O3nRCNd2DWaKIK3!i%PT
z&!H=_ta2RR{I-0+p-pv<duf-6vDTB>AWxu8c9WIaSZ1LVpxv|7JE83T@kVJ{z0jJE
znpR_NUK*iV{Jk%S)|UDut9-xwK=YNl)uBtOD!-bkqb!JOOqCY7)dGT8eU!aF*`wIo
z4a16N6r-k+6cgxJ^czia+6^&!G?UWy(Wv4Vxyf8RESnqhvP$e5dgnp~%PXBPQkJ!u
z!h-7w0kX*!bI*&*yzH~=A<CYV|K3lZ(|YcD-!@5$4ykP1XSj{2|0+XcdE^bd?O+&r
zp%3vdiPrNDRWw&pHuFvoMNZHE`2?H(2j+LZ%mC{r?nEmxsS(;oLc?NiyT6EXlxg&y
zQ{`i9Suw^b=!p#U$Ho&zY1w*F1`Pv)Lb3QZ3wf7AdQFz94i@wJKilI%xkF_ecvc|C
zh{hl|yj9-s9OvR}JGzbmX)*}3cEGDF_CnfSDM04T!sEj*N1PI4&nWO^YCNfz-JR$f
z^=wQ75Oy~3c_Bw=m|0iFyH#LsPIL<wj_af@*osRVIK;P+AY{%d&_R3;JO#iCAy{(<
zHwtazz{nrtp(O<)XhNx8Hzq_cwz}7(a$n-5ri&;uw=w;hD#z+mr7?YyKnn=fZpCsk
zG!NtZoF5++)0A1~br5$(RkP@pMg#is99CF$)zEzwhK9?e{;j)dD8A@xG0;feuX|`H
zmV~<fR`ej=(-+kbiN+`dths9_rkr}-;gP*G^;kgqMlwCLP^TqX2NshZ+vsH^`3s97
zJOuL10yGHk3J&519P4ey9+lS;)VB`kQLGJ?-~V2>U2rFem39sie+rQAl)ky^^!)C6
zKcwU>#Rk;_CS>UI(H0=&H2u8o#$UVU3s{|lKl%GD6=n7~P0CMJt-urJZ*OYLBuz+&
zK3l-#=+zn*Oh|GvfBP#)pF2h{ry70~<JGS)qY;D=eG0}vuhqv5n5Kq&q6$`4vycX`
zw9X|!YZ?|3)y5*Ip2p)5XqcWC7lG<k=E&5v!UQ!x0)F@*YwXZCn<A35FDz*(?+~6I
zulO2?*pD9-StMl5McnL_r-8e98Q=JH_BB09i}F~|-IX+sC^)l}dN7FI3CgNv<Aoz3
zzwYp057twAZT#AI=TA+~8_}PrU1y=G3ZasqVfR8w@PxOKzX&>e+qlt@9)?v5k?NLZ
zRXd#b*TLB+Y)EY5WA|D%j#@u1x!huS(9#Fhn;WKNsC^#6L?f5FK56pHegpO+U9T0m
zMm<{n7|xr!yJ$}iVLe*obgP!6yIHYoG`q*}6)dwUiyM7#D*-Q>4BoIrl>5+fQjJTZ
zwR+HBp)g;eo&B^7OnD1B-RF3A6+Y8X%hE$k(csztnnc<1ULyL+u+_q(tyS{oamw!s
zrvuoGf_@a&*^nf~M-JRcGf>jd$ut?rvf%z69cWNjy)P^mUYASN<bC+P;}Yta?Ddwi
zxsj^;(V>sX3W4Xuwn+fS6AH`%RpEf`lS#1a1d&rjU>;2wdj|U4oz?;p{a^1^`aBHo
z#+!H%(DZ4(^I0hsJ=#1q`>&s?aLD&Z0#|igvOSEyv1e{2v~GbV5A|QiSN>x(%#3z9
zZcM36d-_-tnw4iTpu$-IgZZ2#?9dN1^SXd%%Q<0KHHM!`wh;WSp%QvjFNb7YT=c5V
zm-LIx4;b3cK;>>qjcuU<Dp<s}aEbmZ3)u#3cYOOw)f-xT0n_U5D1)&lc%tC4xwP(n
zvE5%dQq3w_lWItAFRNsP5v$K$h1ah`BbjY2BICm7zWc8;O`BEP?rftj>vcutXGd!0
zxelck^${$o^D$aO6X6=N>ojE~!fyv|-4HH6Rm-Ot65hF{NmxD7W?v4|mcSRMtLXKW
zRNZ^?UDa>Q)sr6%K^Cti7rxOS_|rARuPru|RiC?YXe^r8QoENfrb(C4X^M`LdFs;*
z7qxKIGsUHsYrpAga{_#q+_Mf@(yl#|X5-@{S*)AMTAQ3>sG7fh0qoTo+<*AAmKfn8
zox<6oPnrm6TCQKoAcvc_l&D;Gh%?917I#>Z6%Tk8k8VX*v}H!cHmnMM;tHz0Z#s)D
zW-XVeqb}pB&fx_ch+9HrtJ8h^c!w5?2A8@F)85HU7^WO~5I7DxBP?qz+j)Z>eF-Jv
zsL>*}R@a+QPNn{{M@ZdXSj-DWByq2cj~1lQ%Pb3%;)nJsE0y1gnmYKA=|c;b33Rwx
zTd7Hw!DO2!EBXAO>yx72>X+taWCN{3D~FgWgy?Jybe2_VSV(7=BOHz8C$l02n2YH;
zG)pL@odMp<iHWxfXE&{6Sld*ux86~sw-d<p)5?Q~Nh#_{&UE!vLuJ~!7CCBqJGRT@
z{5Y$cTal(f+&_ci#2vDZ$=fE+)$bA>r}4Nt>_1@!t%hNy4qLrE6~|1jHC4M`i>yj(
zb(N2kLj+DeYs5TCw%=^!8Mj_3+D+MKXD9!D!6LjW3fw0C%lR#=e*j#o{jx_1ZvBaC
zzPgZ5?Ws$3zo@xovEb~(>Ks|IL^n1kJ85^@5sYWmX<HfcLRsG=z{1TV(#UB{Cwd&E
zGz;^!qDca8SW(VoZUk<aY?$CUYDuGGx0|;YRXD)sy4k$($bJ-hzNEbh2Ra_iHe<Y{
z#1+0-OZrSxBo_-CS#_)UJoU;-snm)pYT?Fvx2)UC*D4m@@=}9X@~bMK751`nk6lBv
ziGEZ}SAFcm5Wh%Me?M%`mvZ#Sx=1}r%-ng<mB3$X)}*R^u{RtCNAJX6AL$4}WTBTn
z1|_hlct@5LgpAH=a%--owe=w8@UOKRi*>D3xS%L<S1HxBMma)_RHuo!iza7cTw>@~
zO;qZf2UBCgwgK0Zj8}0-;hEp(^)s3OlJm|NG&<V++j!`2u-13z^Q&jvVZ1q;a~P^H
zVhh+#GACForIfyP^-L5k_2);MiUj($Sh|aEBz{!=us)Y0XZDp$p>Cn0`4an?^hMx7
z(;`>-xdH&c*r+n0gTt+S>kH`fyivK$Dzi5GRa_d8{6-zDjixr)iqMKTFJvp;g4&CV
zG0vs*$W%ym!8(dH=>7){)zHUO;on|tL%zcz3Jd0}+@eU~qiaE_{0&uoFC9_}@3ldr
zd@EMJuN|T%ZpOf&x&GRkS};3CK~t^sxK+94kMAjUYX?kEwn{VJPc9^spvL7yd@D~b
zG(DdhI?uelOsC9iR43GVQN4hGx*IOTT#b<fSKzph9DYP8D)lZXwZ9=N!|&^CvW2<{
zceqCNCjVHP>jCWG+=INZ$-Wf^@J=x6XSl4YL7F-NmXb!g6wdiElR3ayR|gW0yUXgn
z$&9NR)+m!ulHK;;AX+4bF?m?+v8&xZBe$<m)upny5tCT`N2#xV0%0YkSP2a3o~2mH
z|1>*P_*g`#2{VZkkzzWc=_*}Me+3L>{c1b;4*6v<9*xUmj}#=|0UpoQEwhw&q8(6*
zJKW5IXJYW~rMk;Rof&x}aibd0vY@qE=WU;hD$+uwq(G_%u<dk(s0KaUR)@w9fTlP%
z*;sB1Zr5J!xwoy}W#t+0Ccg(NBOZjQo8vc^g%(xb8UIF~)-pa&ifO7qW!pT~)gtBd
zwq7+9_!@WONxH}E!P>4IXF+f~X7bp&tR7!%eK1Z#=zlplOnY(-8m?Mk;VW^+d9HP$
z)4l92W8T717{ja1GNtM8JF)}-r2^(GR=cpCI%=evA-ddH8Lu=V`gqG(Np6yL#Rd*5
zeoS)w8?^9`4Kep0A!!guzza#qaIGwwG}JfHdh`RD`tjBE>h>*W>XWC!kss-NW18&P
zho1BKK5mM4d4IzZ;kZpdqnw@6lm33X&Ei~7Pe<MQcZx}|?osi5DI{06P0l?PRGZUi
zJ%#k%C2gX^q|-$ytZllram(*4474AsYQea`LaxfM1>wyjs4d=`)0&js8{aK*qSaek
zrex~*h1lshuWPt$45MxQu=ma3is=nDGkGT2F`4664`DEdp{9Q1q(1VuPiv7r`gXg}
z{I3XBy0oF@b$6WXTHsmZj-wY*sMlBiu%i=vWeC1G9CIbDZn0)o=y?Gv8^{~2S884)
zXXsGqHRfDbNvb{y%*jdCr5u8QiTY!0WkGAYOd4iG5dU0(2`902Y~xVW#TmZ+`+>kk
zF3qLEA&R#H5#mfD#^9LY+W}Dgh0{gmA2nQ}Ait)@ig&cem8*2)V|CkkxpUXc`=Jll
zGvtZg=n>7QQ`VB;u{+*_+SwYn!15Mo+Y{nUqpM$4C&1})Q&Y$L^e@c?u$cJg=~!}A
ze(?5A-HK9puLUD*MPn$J5y2_Vq^&;9y4>23W7?u?K%Je}rr}Cvysp@5x|q=}LygH*
zjj-KXa?QJ3@}9K(ms9I_!}tN?e}8miz%sw?OI$d-VE~&B<!}wV3}1O9*lnkG|M*K9
zxl&%InZz*q6KwlIF}4gz`>^m%)-HC;wL{dR{K4$U<NrTwA_=-U_Re0YTh)NoPDXXy
zxdweDc!>q@R^|Zjt!7i=?wFgLpGjjvo9BQ>buD!>q%9<;>n=J4#xKI4s_9Q+r{%n+
zYZ_%PZBZS$7wQ}6ZQ?Hm&6A(qd;KnYHBnMJza^BUFU&ccUudbT{#@tLtO`3Gw*IXu
zv;I{{;|%LrTGsIxrxYE#I$dVLGlF-7{*4*_oSghJm8{_Pgz6KHG{#TQC>Qh9d$4~{
zD*3h5qf^vI*2Uh_I^F?I{jFYZV<2DD{{84DKhqDLz4FMJpbPAeUVozZuQDOD+>sjq
zA~p^#kqSY9iwIN0D;{v#qhRVaJs7kppdXDUfCtT;I0(;Jh%4Oyh+YOh4*~D5(YwF2
zu)a;ms`rbx{FH=ltBP1wjxNkmz3s{Pd{27AqNRubJ}YG~@!v&iBUhkc?(Cr~eR}X|
z*T3pZ?Za-4H}t!J0?aRrUf`^t7fh%H9Dk-`v6cq8e;g~EvCiREQ6el%f`+`L<+Cg-
z;}yn|^soLoxdwA7CWzaFkky%UsxiT%{ja)j6+DYjqD?k`1Rahd4gvA8O;~nH_yX?F
z9gY9jyW$b-;pqZczbZ`A@2n|0akb{c1ZBT#=0D`vd=e?EW*xsdJ<A;Zcq}<Ho&e#w
znMsKhIAqO_C}Wj*e0nW&U%wP0Q(u~=m+16_r^A7jHCP?dUX-4v%r6V0TG3UVT-Q&h
zc9~HBp+c*I`|bw|Z_J~;(w+0RDJZOj<TeG0&g%z<coU2*g&Fx%tVenX2+mrwwJLG@
zE4S{H0y0IBiFywKY*m~Z%u(6b=ET#SB>al*`aev41yCHp@^`QhJXnGUcXxLW&f)GJ
zAh=6#4esvl?iPX`?(Xic|IK@^zWS<e*zW1syQyVnwtKpNJ=sI!ie%@$Nsim&8&c-W
ziLZgBmAJCjB=MHle*)4wAH#jO1{L%8XmH?3P`am><txlD&`1w)6rympPt7BIve|gP
zo!>oP5)@Mlc@CK0W#*o6CC(=w?<tPr8q6)#gt@F>t!wf`VHeG7DilUC%`I8T@Xsx|
z`N@YzFtX8K)=P#=((io5MP=3kL-0p6CiqUn!VWqqxY*aVH81M$a&l?SZPM<*qiC>U
zOyQlcD8mp%r>YS0eea}IZIJmZo@sJ9+e6JeQDW&9;l`anw_tIwrf#l~6}gi4^mL4s
zcT^=4dRHnf1J1-$vv4ARY{=Z;Y~A}%j<qjaL@7&9RK<#M;%0qtjA{Ov3`x7Y4kf?m
z<BjD;>_<MSU#{|npcvEwX9;wYjbx+t2ucg62+p#4I$Y_j!qtyDQQy=|dw3KZ9?i=s
z8gg!Rw|V<JlIaTQVeSmK`tpmA!<wAa8Te+IbsXIxO;$Kb_#%z2M)cr8$v8>P7@szE
zTP3p%P$A6+{fM>=yXO7`js+knTf!d3`5A}QR76mb9CXh#mc#Urdt=P?i=k^-<(^_z
z?AD*C3;%R1a-%+H-FRfG(Th%+u;65Xd0)Nk*xD~Vujym^EXO(F(A?N+*UYYbc(LW0
zcXS@+c+(?3dm3E2=$)*1+tD}Mmx~@z+J<?^QfGOFdc^tqDX;WC<_J5EB(fA!q6FDT
zAJh|*gl`100p&}KmfDQIW|k@;{5<UHDvJ@gcz%-lywTSwKmF+<^n99Z%`4nu2)k+-
z5(PWD5qab0GP9AA_rxNc>9tn`iop4I5fi)-@>GP~J-UP&R#S0rn}l0ttKzo(Gz#k}
z7{2QcO5O;g(F5!8@2<st9T5%dAN`JVvfPW%BDRZp-9PM>Aw2lFFP?H@#r7S;ER||C
zLiH7-K^IH*sYtHeNCvet<_S0fyhuh9udqEv`dU)_&~EJfz$VrX6u_Lldyd$QmH`}p
z!rGRacc-iR+P7nQZMT+gcN<B0Q>oEo9^)!rq=yiZ;=@pQ;=D!GREnnFa34%@=ei13
zc}F*PePixr>FfL?Gbr)7e^tK!ssw>5<7A-9cmcTKkN?ECi&=6yS+<Qx*7C#1-UBGx
zX=`4$kKp2L!rwtWCkx{W55l*LW2r`B&bLuF-!vca1RS&eR<3bbSQq%ki&xBi)^QT0
zDk<*J^}4H0om-l<I+1+O5zBtapG*i+!fA>mD>N@bt*LmYem*7-XbB!{`A#1rJWuBR
z!`~rXtKUVVvaE*M>Q}?=3RweYD}4^#K7F0aan&DvoZUa}-DS~vd{i3^gKkw~itf&6
zOpyEnLqIUv!L|s#rBIPjejI`;(qVkF_{0!dMkYxH8W@hd#b2%$Tc4lo6M_G4#iff&
zc)1kNpZ;wX4l|4GiB%5c^zbuNS@?Dh{pG}l1S%yX6RU8E&%o~BUoEptQ4LJ3Uy(T9
ztU;KEzf(YOyx`3KTRNYf7lzq)pQvjc#yoTRt*@imH)+P&jQ7Bt$k<=JlL!j_uEXeK
z{G?#lV6ynB(C6To|G~E5$8)v6yd1R$L`0P8F`R!C!JIOL(7F_?*ZlU#_%D5Idu8#J
zcvKD(Ea&=5{l9MS>NA+SOn!zpoM4;yKfOYDYJJKuPW-H8f=fb1TIH50za#Au_{RL%
zgLI;{pIQRRnJW56;v%SjuVn_X^c$*dB3{}Q8c0~JscNag7EQoOpMD?OzV(fk5R!)A
z$G<hTiti)^9;lkPjExq_GK^<@s|+voUuP+2*x)5d%SCZt)l!4c<@5%l*rX&*QT}RN
zCMRiC?q`mWSVq6?pc^7{+N{{5_(4adSa&XtQS=0KW+d4{W5@%o0|Ojh_K_WQ1t)8>
zaI8=1`gvuNBFRb*YfUNn(fX@NK6;d+A|vdoy7!tGI<PDS1nV=-NZ3brM=eTQ1jd#i
zVtW+kRT4c&;(G5A670&BeO6*VN6p1#q$7G0=OpH~??XjyfhXmy+CI!fKg!&@z@Vo*
z<q%fMj^5ips*9+!&8{bZO}>_Bd&Ug^$G$6wVljcum-*i(;L`I@IiRap^l}gG({*q7
zk)r25^oj1&kpf11w4C5dp~cj%yDIc*)ol9INMFu3QC)1XxL|;MJkG^Pb#b&O#dRcc
zpFp16ZH!{NcPSxOKf2s?gHX*IYYtKf$J4StEkV)}@AyaQh8Xd~dkU)ctp4#lp^(h-
zs^Kpq463yE9AZvRf25w!l6ZK!5R{IElaftwi!QwAYhLAgj?qO^nOi>ju%t*nvtewa
z;Dpo*_f(|bY>Q)(D~C9S`D?LS<icNnE6QFtSP{O}D)f;<$KBAI)_ivopx*jr{$&8j
zG=}_HZk}#dD@QLY2PS!%>Oq}8chr~5Z76Q0W-UQVcDaD{IBSx1V|=<k2wwL^Wb9)(
zi)cFd!*Uo&_rB$n3cPo=lu^9$2HtX5p8$oqz-4z+#X~r}cb?R?N(lJLKD5lA^;#@a
z<x%>=Eui~#87$)PeI!PqUAg5I6|C@~>vvAt$10kKNOC7762=(uUccyXWZ!svjDIlT
zNm2P!5q9y|T|r(ILs4`UNEOE6TOh#l_)smdYgu^oQ2k}Ou6T2(fZ+O^SO&JVs$^R~
ziW7MxS@R9X$GKR@`&d}Il8IAR>$7qFjOG&R%IHOAEzgLS^cK?k!plfVcBT)5_=AbC
z3si4larD#aBI0xNe!%`0Ou@Uhd&i@n4t7b9_vsfaWOr0rvy`(LLTaME9Ao(rkgoeO
z=LJO4V-CXjJ1M!^-Qe+je6kH9(p8xD6v@yum_ThIqQk9f;d-2(RdcF&ZDyv4HC07N
zg_*74Ic*sKX2QN%Vk>fab$K3!$hOS2B{FMqNhQ=iCI`9pcI><#rs{wq3shvMgK4O8
zXK$WEn86<za04Mc$LP+W&x-rwRE;6`G-ZE^K8z=%URk&VMo}F7?GcQAcKs+TJ&jiK
zi(D!7g-mts+6?Ez)YL|z(ePZ(VG54j>V93QF_;SXQfPHx>}<=_<<fUwk9Gv7qScz2
z%~KXU!-1)tm++S1Z`&{&rQb8~U68&_a(62nR4EiQoIrV5SnvV1U-o|=U|tlsD#DRD
zXXf1F@E{E^E1VRhq#~s{@qeH8t;!UWb%58byX7N=xlgIkg0$jcslGNrSsn>G#h$)X
z<&}4=slENf!uY8CI264lKi-WYzd5Ez*x~fC5>J`hudptrDVYZ$fli)*3iPu}9KQC7
zZ6%?TUnpSSkwt-f^h>IfzT90&Z%4)Rj@<q2P)AkTrO*W>)ybYs8SI?J?P7~7Rz=tE
z4@iUK$ojthsaz0<rUYebUKOdbE$mND7e|6GW{TBfU_%{{`t_fLuNZqh9=9B^D<G6+
ze@UtCFC%Sn!iQdCpPHu!L#EW-r<mbft4~ct56yWlsJ<SeaOjrOHQCW1?&9Q{!8^uR
z-Aqj{enNZ<nasK8T$bOr^e0#wV(O-hQBvG9UJipKIK5P&z0eAHo!MtTB8);_n<d3!
zOZCL#SS3KYZvV2<j=GOMSFFt*`wly7^M(E>cL4tLS#B7p1~OpK{8Ly8%I>MIJ29@%
zqlm4919(iF-xw9EW^bHo&iAM9={fxF`SO}JE#gmU@5Po#KV^nshU@28a-T?*#q9JH
z8nBL`oM=L+z?_~3w9IkV6;%4>^R80-pGLR@9>OEH*W+a0$R{-hJ&h^KPYzP*xx;;_
z`T{oE#$p!MxF}Yfk$8gg%N0b+e*zkplm2$PwoX+w+n8i3T=2<0)rawLqO%TF>n!C9
zR>60mLpa~adq5V3V!+^u^<{F(^hA&wV9lAMZQy6F&wBp-6zThop&X<HtK?&$EV^_;
zkB?!(P=fp}F7TEzDld!itYT<Mj!<Q~(JMGessBlkLv7-+bl2d9WNj;*ff)>19V@xw
zoAuj*QF$prR?sYsDB>P<^Px7Xtf8L&Xa+Zq&+2u0jM?YjHAVThqJR@G(MRcp^iK*#
zQcZPeGVC(cU^uDBELlv8#osu2!zlJec=CwDmrnX@#Hau4RZOR!<kfDY7zV^GkOF(@
z%AJjr8GOD=keM9afW|-uRqqd<*=U=hfi<o{zoC64^s{n<R?RLEVIc-l&KV<pH?~fD
z>;Px{Cz)BxPPxNh*dYgKvljn4?P-mnxwSWDoxKm4QkfxHRL!HP+It`P^Oqsrb@qOb
zL=nCBN29)M|Mq!`TfBVp_rdECK;8)Rd*V;?KmPbHxV{L$l(khQp^}|mx+Z&!Je}k2
zt{`$zI<@$(lc;erK7nK*wQEpRk6^556q;kT*<F;C&oot@5|S_jU+X<8RWF2OAw5lf
zoBFy+l*n2r;MI91NQ|nfWr#X4HV#F9Zk$Ls+1i!WRTXg@+U-Nk?x{iXsr3flll@};
zsRzyx=G_nzM`1KQ^!NxF=jwgmZ0MnwcAYyp72|@&P@3b@Adpzn3ns~au=fFrm=CZh
z{HDI^nc6Pp`1<LX<F=}WCTST0Az|qB@y)upl0!A%jN4Ju_DuDqy#bdF)%REHF{~j5
z-rQ<idp2t#)-l9;*)pW+Jt2K}BVYS!4r?<-1I$WQQ4(rF4PS#c%;5dg++CZmld(vx
zT=hEUi3>yp0r!Q6-LuY+chbo>VN<f;Pj_wpuay=)2MNPBzEBHEh~f8`yc?eg>^^`e
zY#@A2t-_}`Qc)+4zXrcB7Z-Uy30{PgJPa_sq8akFXr*+)S|oC-_i)tbD3swwmO;5H
zpvb3+ZB`Sk#rwokdzEN?t8nDgDC+|C1iK&YS0je^ueg*b-PE3Sj=EsuhM@_(=RSXM
zh*Z(QO<qMjQ(BZg;?_iMJ)X1He8v#CI~8exyx8M^N-Xtny1(4Rjz62Wff&3iX!H&K
zTtZOY`V9bGo$M$0PGzK`UO)ien;&-#VuwQ=T~I~MzPO?BE0mlAnCV-oa#E>s_7Eh-
z>deHP17t-j71-zO>08or_Ao`HTKk{O^m;5Ms+TrZ%aF<qnxQ^rghgyNHat@i(MbJx
zQ44CyK*#U|#clNS?=ZpI84Acd3mYg2*gB`?N(<!9DRyJ7&Dq^Q_kV@8ZfXj)ZKlR+
za0z`adap`5DpC_5t?o67phP|iMzU<R`xF=H`x6#Jf$h>7I^QEgJbUFh36jM9+~x*G
zIg_<)l&;bQKY!tjZIQ#LEfd)G^7!1es5BC=$h@)EVuGKijuXnZWbSy7-M4ODxsJuW
zqtkjD7<OR$^e{(_VMB`igvz482qRr-_-=Y#0C*a(+h^40#`)izQ4!WLxA_vZH=R=r
z&0xY;Eh=dY93G(?P&pIWp>KU{4_6sCU_08aK1pXCHTv$KNZCMqMJ*w)Gql};<gIB^
zgOol8W_bnx@Ow$BqLY4KJ?60sLwJZ<Bkm&k|DSL)SzqiRyqx_I)w#u=d&HvVSY_=V
zs-ZcqUM`jDCDd}~=2<cEX*<}@+zqCIJj!s7d22a7Ca%jGB^&gz{^)W4p09;1nE6+4
z*xDNAnY&7Bpr!;w)>UIr8|?44ZC{C#-Ax`9O!@_y8~A--@4@|fjsQdcaO^9M!rGw?
zEf%4dJ}cyImNyk6abwctSDD9i-JH3CI?QEQ^5-bq`8XRgHxvk(^hIWaMnvt+RE+N<
zx=)EMlR3YTyC$^tu$UoLn=h%YQC6p$dUIU+Gd%;LV3f0W;P3hVXd9`>)qO9w%e%j6
znx<K~N30=JZJsP#u<tSCa#=L)%*o)UwviZt-YC9vyhgWk^f({(n<6^BWlQm=u`Hq6
z*lk#Aq@+8VJEEw~z7ol=MR4^%+C>qp8m2GNUX8(m82pDCYm)1SdGMyNb)nRe-220T
zG3qq5GNu!PTCJwWKq9@wU~kp*KHB5-0k*zKYd47%>2uILYS27{=jbv{pcjv;Rvv3b
zT`*=K1-FNWVyzWldE<se@JsXbNLVj$+Ny?P>e@hG7-YJhvDo3D4qrJX?b(ru*r5~y
z4ZK&Yn}#BHO&W0XA-`(;7dMRx+gr0JFGM>vBq@s@OJt*Q$&7bQ-5RHS6=rZo-{Sss
zYT!L5v)+wuEex8U*xuCU+6717BD2V(4lssF8BEazNy)&+nKH>3DkZaq8=%GY=4&9v
zC1a3}^%&%``}-*6dDHIxA^kIWR6Oqi6MZbHV{7i-^Y@oj#JpnsWvr*RHBAag4qxh!
ze#q(T9ae%#W9_Fy5v!YP`cLa`r+m>!MDEcRRoDjC4*0A{4}npce<-bwi?RLIiGsx-
zYM?QeexC0v!yB|Y!Qna15u~C%obXA0+R)YEwNdnSxVAw}&1-YV3bbSTR#JL(b}^IJ
z#P0A=Lx%T5>rm;8zkB<~2JBF{MR$-~YK0$NLt_H+_B=1rkA~KR!GzWaon*6Zg8B+p
zmu#DYu@JUQFH4fZvQzsa)V2bh6zbjKKE6ucbg?>{f)D2;=j0za&`SuA-(v<hyKUq8
z&~0&zep{Ymc?uh(KlNiJiZ&Za8K?(MSCf9Yl`LRXVlmHG@^uJ}PqvCEy3Ak$NB66!
z;Z75sP?AeWZbkE1z&t2rsD8M`lY;2XhP{JH^t{SAJ$t~=MH;$_upyH+!M0XH0CVE>
zq3)tfxUb`kp+>tb&pcdvL^c%rY+g2~vqR$Wt}j|XdP=cR)$+ZsN0BXl$|76)6I{n@
z%eu$4zU+#7-7uNVv#7sOmebQ67v0m%XUVAkp6BzfIK5ToEEz8M)|(c_maOAeWoo6x
zHC~oh8<W`Z_@2mdX#eKNIG&9^5Ak(Q5#;9>`(&+m(xeV&xT1$m2l8)jhPso{%maFG
z6)5b)irX@Q$k)YJ{2=&=Z^GG;^#tN@9UsO+@TE3SA0_138SNCpO_E}g;CGS>d^Iel
zn!<B&6V6VV|5DzTX4gw`>BmP7p;N_69*y^PCuY;Su2;3v-lGV0de7zXunfLvYuPdJ
z+8Fke*20X^6k^klU5wgAyy{l<UUD(ImACk&IS=j?`;285C+Ei}S3nz!QE@@(GlLKa
zi%kLu>RiJ~f-P5nPXh%H5bdf6p8RhPm<EXfFOQIIx2zPc*HaW_%t6P?N7MoIRy%>r
z?#fqQZ;Y#Yy#-Mf`=4rAj2M6;K6#{)fUj4uwY7}NoP%l#-<yeY%_yWLSjWx1A5l4<
zY1Pv!hqDs*+zPLa_4bC0R@wW#{)k9<{b$r_Ma@-Ct`Nn-n45jm-aE~UXmBZ~ikI^R
zqcKTQ?U>54p-tl*VgjtGi@#p38*|vcqu~o-`aGOlyMm(YB#QZWZYgSC_nL8a5bl^b
zJ&-+pU9dBUMZ4d{MI6Pm>T9#m;VfG=Y$pO~(?vzg<SinL>5EQM_~#Q0=gCKLsJm6O
z>BRO;>+7A`7C8C>5y~>ZED8VvC^<zY+xM6LMX(8?QNHLnJcux(sVuu<rp>e4{z>NJ
zh42`R0LlrDD^grn2v=`&m}Kg+<6)F(L#8Cljo1+4oKC@PZAqw$I^oqDb$M-$a;Fqv
z<91}HJ>~jNc^D}QzF$B}dt%FgrwlS~8^G1$yrbHk7yFA3)EPyWVuG#lrPc*@`)wGR
zP3>A{^v;gs@l2Ya^rnUiXj|$IsusK1kj7VTqqH``SH^dKub;2#gQ!+Qm%)!nvz}u+
zkFBC6k!6%QqE&_z>x~I}Eq#Tyh;=HqandR%v-&nvo>d3~5?0yFo%1lmW^C#XP+jvT
zi@4Z;TGGOI;GskAlKlO<<qhku_PxcNeBdk)dsWZe^h#a~)oA+kWWcvEFzfgW@gmIf
z9A7-1!1{ZHZ*<cw5Zy9Ge?!Ni%<$C?@I-4<AMD2JE&~Da!J<DQd}Nm>eCW*2;g^El
z$??DB|AmCT;1HFDaHq5T>kpP(#n8WR1kgHP;!vr&Z&87@9~nCaQl{~mIXAx|VU0%&
z+dgILUG>#wAp;(nY!|(H|7$Ar121-`KA_3E86BV%KJVh5Nf!jCM9(@9Q}V9|38-K3
zDt|?BF|I{DbC93i9v#V~K2wuVXyG|8G_NCm>+lwtn71yAmy5B~GZm?^Vgp-en?Fl?
z8qFGx0>ME>J?rYbE9*z9t#4_0oyfP!PnsY;{e2+}Xy1;HZpui~BLEfw2hhKC|EY^6
zBESo87El)2O^ci8q@NM<8hxLERnV@V(N-%y{S~kr!hm?3!&kt1;FfQKX$LjIXdeML
zu53O*>-7u(cWN`QEPpBZHieQw{^4unT(las>!vwy^A8|F0<LGo-20ROv^kqtJOYsK
z;P6b?w-qCs#8Io8#%Y-*GTEsh*@?>32iRu*F>3?i@GBI-4n0P@JHe?Rrr8ew-Q$ad
zAY7mlxA^W)^h-hM3X^`dOW4yi8Rb+<wWl9zmIZW4gjIa~Z>a(F`uH(ZPJcj71tmvQ
zAU;(VNCM$$IwV&};OmA`t!kMDbu6OVSO>wA5x%mmZRAEvZBz9w7E4t?2s!xh>_d||
zefLmb0}}i=X)Hpsf&(3EZ5WLSW>W1i8{p0I_Bldklp_6lfj9=kspbH|Zb9E&03-y6
z+=FZv0`OtEEgyV<L=f-5^&LP5HCfSjN3(t1;7CQNmVO`Q)Bj3b0C7K~?aS>|1hJ1k
zlmVV<vMGR=H?L$9KBK?QJAXfaf6KYL-LKEFduKp;*TZ@1Vtw(kc<|A|SzB$l*lX^8
z*FkuV)<J;FlZ4VRJmhjwpfOX+fX@!(9+mr65M%+elUekZtzQuBAR;jsmP}@r_J-T?
zD1E0QrGR&RB1~VSRo8-$l8DQv+=xIW=){)EqqZ6^EX0eqB-k}bz{JVJk;Cy5i8p4C
ztq_~U{tvZfO0pQzN7|^&7UfvzaMxt;McH>K{?jn}hzcV=v-Y}@;GUlkLf3TmMGgsD
zg(l3!!embqN&BO@+XeUK-wQ^!DmmOSz#Gh}RwU}I{Ub!yk;#};1{+RUJf-S-#auEh
zcX|D&8fN7TNehGjCh&B=bS5o6400~=raq|9Bbpv}Em5b!Ihf6<(+pYR1hg+;BLjr<
zo$5*4|3yH-EdN0b`qdu6Jvv8T@QvKVwmM4@i#1g0MM+CQg)ep?m*m)Wq(oQ*EHbbD
zmtd;IN&DjLQl$g?H4kSav|@Fnz4%Jr$!<Y2Q3o?$*DyWjd+!XHeGn0+0X#kCh>Gr|
zz<uFnT*8J%emAJQp^w*-vOEv-#a~vog$Hy9VTteMs{t~%Sz^Wf=n3NgwLiPxNwc#k
zvuTx5L?va0cunStv5#_1`XIyK12&^}f7<$S3rfj*va}P}O(}q;U?lUmjXI`L*sOJE
z={yOTKGtf384P<jyg1ACx5ynJm#GOQ7ZLA`SG;?^I;YmKkyOR7+tHV2%waUG=79ND
zAWd;N=Znx$A$yxQaZ7LemwyP6@{#PwmQmrCS5BB=a1Sp?$WM=t=ntP7@l&Y{^o-y0
z>Bl<8GqkwmxphTry#vI{z{x2%_%bvK@^hpgySo{rBxa6@58;za)yEKdI;^glK|B+1
zE;^yIn<ON|GD8VL0nnreXK1D_WTxw2P*T+aCeFn*xBNxkG<k;@q~}DNnEP)yhH>y*
z=KZU5sCPU&O<>WkqGxUtL5`M=YXEXU(ec5M@NKaRJLFQG(~U6^pM6TCZ>!jOYVq8V
zxZs-vKHrm&ya^`3l<<In(|P~zNZ+S#6?U6`e>9t~{ZVrl5R#jC+)DQ&hQ$TDpnG;o
zz~`*6QN!X2P1;^_dtL|If@7GiNm_0U#a21G@Vrrbf@AJ;BjoZ7#~L8Vn~P6hRc14f
zR}!p!smmw1HdrhO@;@-KQJ0gU@^ip<CI9tjm)~Z>y)j9zEIrQ@VN5mC3hZF}^cp;|
z#!Y-$!T0p)5R&-*iDxC209s^^%3kyZOjN-ugpjBAmOEljwG+3FeYykNR^Eis=ON-*
zw(C*e(fJd$;90?yPfIJr`8wC2>@bv3W(!BHqW?C(ua<J-B*!m_{%MPQrN+H^dx&Dj
zWalt%SX)BRNK(?8qxF08YA8ZKl(?DlSfcXo$oxJiO#tPVZ^wTNSL9KIKHHO<wO@oD
z%(#bB_A?Iu;WxrQz5Sh`hLs5Z(fbN-{hyfrs@qH0C{kfO<SMrR%{gE+nU;AK5mANx
zh@ODO@-6Z}VN~FB$ak^n5=^L^u7Kch*AkgV|BmnD`}wR=Ds&l6fFWZqlZE?xIg=)Q
zrsuLbM?-yElWEvK^s`)9FE;DOF96rfpU)pYI7R7|y9`O6EN26u2AHB3WMi{W9+l@*
zV**N9vw>NDLvy)!ily~5Q`d2r`P;K*k)@U;W8#8VjA?$3sZZ8brF%;)*3kVdqt1jC
zCMrN0lYH6fm*Kp24X?(UEw?MvJ)i1p)DVn?>sq0bjI**(Ad;7s(egp^a80mf-W+Ne
zT|A9qf$*4pE1!CWxqG39?=b`ULOhK5tEqfi<zgXIon`qj0*%VJPB#edg}v^{>Id!B
z>YOAIg6jzA_m;1V{H+{(ye^Q@$`-&DA0?N<zgy>(q#!(e2M|0RsV(`7efa>VMojij
zO?ez!dwvK+)*dxxF~{w|vH_VLexPHxNM6E9#$Njp4q5Cb{~@(t>XEGphRN!O&gx%7
zp9xENXdFCy>q#z%R9TyL!BAr}9Bw(1G{dax%qX?5LnRR4Ech3x+)>2OgYgHwA^QxJ
zmEm}r>uCzTnn~R7(J4V4;iy4*r&H)XMWKr`Dbn|iCdXTf9v8yv86)4Z6mZIvXHb`X
zw5%#IoyP<o<&Dw6T()@8aF8FrO=&sjftm~^2JEG(B5SdWl<c|TP<eRiOTV)~O$I~@
zFG?16CgE0SKe{NP4Qc}9EuB<J(?WY({8rsW9tK!}pg`~`x)`H4CO;b^WS+dBFnh0G
zQz7QtOGD2!KJy@1*#SYEKTGTa8f`UkoBRF`rCl>tnhn)IVOL*M8$eTT)<0uT>xSy7
zA>Ru9<`}z+aN5K1rIAh6IrY8rfSs>voRP|~LVo(}Ci$c%nIkb4ix8=Jw3-A_PTzgD
zL`^r%v@N0o;MBl?s4bQ_KDdsHG;1*9_Hqdh2QCEF)P_6}kPAeJf53MwujgC9P_J#3
z-%?Z0w`Z6VLeu`j>`VeeteZz+FMf+(oifGXef|j_`jU@Z=((2J{8VgSv4H^gUEw|~
zTZ{kr*AF)7Eul!(kBFhU_vZ0*u&)>5LSCPZa?KTVN=iodvW>a2_%bE8>xwfH2*ba>
z%$A;Tq&s)s`f?nPF>dHk*?J3F7^GrBFvxgdE0&JM%aTr*(ZabvfGLz9FY4+!nmkQI
zqym_9!he1^Cso>$>v0U0u_d2o8S_7k(s%z4hQvoae+Qf_H|xfLvZCO3^_Z`6<tbE_
zoUKypqzR<4AXBoe*eLmUHA6f_)gU=hA~YfOK)-blvb`l`Z*2oB9E~GO6HQWFg}xDf
zu?<X#rynK#{lmZ`$dInMspw^zCnKx1iRD}rWYYL0evHbeSE?)k`YA3~L4l{JKvTh^
zaJN(F8|ln`62t@w#?kfA=Nk))9^=noOcf}n&>2TK1k_VH1yux`-8g}RG_jm){x2IS
z6Ilq=UvI#q1#WMb&~igY0#0bmH^K4#5PHu!{LKm%k>A`|Xrwdbfv^=mIRNFydKX_y
z1;nh8ZYp-qhsOKvXdW>d41c~pC%?5C?2`Z8;Tv6gssvacEu#n?lOuIAKsGA8)6dGj
z6eZx^a8N01rxHXjXbd4a<3tCf;4TRyCgbKBoeVSKE4p!y14Tj-$aauNC914Smlm=y
z#JAf2ESn-!%a2PK7XPB<Q2ug8oDgYO0eXd;`Gs8NOfyHrSBClZ{!#y--42%*rL=>t
zI2Hvii9g{nr)`Z8(`^Q1+!sO>;eN(*7J$3xD-qTenmH`~(0rX)P~#)fawCdUf_Tzy
z`7?!1NNb?Fh`^+qn|NSy)g%tetkI_LppASw^rU{cyG=ixr{B@KlA*S;yhsY^0XqiG
zS8vY40bP1<@<sAP=I;vt|5yhgg;S!LW?C|0TZ3jCAlAv1UTlPnl34jeFhZe(ucfVe
z3gLf<+vhcwK<>h{^64W0NcA$-c@_VbAC(P3+`f9BsU8FMi$#J6<f%!czuLG*ST7Z8
zaKJBp%tF+wFn;w1R4Yq?S*Xg1Ax9W=Bdy!EI;wz|$lK0mKHL<|(<|eqiyb^k+Zt*L
zT(|H*B~cX<65ibEKuVB5C#Av7Cp1Xe`@bSp<lo#&qa^etF#Sq#cIv56@-5&FG|E$#
z<442=d1nETn?<{h_d7Iz!f10?NY8eD^rFndKc$5|eW1OJK*^%ZXefhXZhXze@s&S@
zQd12bS~*ylr_2$Mia!`KhIhKh<QaWE&;;Hgq+XW@oLt*uk(6w}aytST47-5SLMIO!
zqUsia<9-ED0q%vKh5S0N<nNfrR3;Go^#qSjZ$|9!c|TQz<YSj0bk<vR*L|Sh$U?&*
z`I`x}G9DQ~An>}PBA@=--iuG*D#DJ>$syu{!|LKZ{8`qtbvKFBE#*eB_C>`c{IN@E
z9o;cholYQ3Xva@KnTqFSR^?Np@mypGAIW^g4bL%{W=#i(#`N7t==eFHhcOy6U+icB
z--<1u<sX~5k!8;qumd3(5<oJDGY7zk`2d(){FN;qo=3^(yTivx=)0doK`0Mldyp^x
z5=_j9YWvFn+bAD&+8s}`=IJMF^ZgzI<a0sH`rgM8E>6V%9SbH&d=u+R`vq%H=9ZdX
z1xNlZBHHYYmRZ-BlV&_a#hCRKbN>y#E(e}N+48RuGGV%g#h9LMPmz4VY<+ugy5P8H
z&uSE-79PJ=Sj1j{{hwMl1>+s%oNUr8#3M0dYkmv>w8J)N1g14G&cMr}3cT|QsB!w~
z*@~h57(f-WrCiueHQ;B|FXX2Z2EES{8lb~+$mlXJLxQF%9aF6o5|E4m$3%o?s6^Ty
zAQ>VR^Er;#pa2VwiR!=dh<|dLfq#-}rLcemCDL*X5+ZW3UTG#Y!}X_EP)HCQs~i&g
zXnVD0SkSC6E34$>1fi(NFAOB4|1yG;cDQsgNKGjawVH^(Kf?dci9f{+N@c3k3`+rw
zU)G&br$(W$<d0#=Z1wc4AKq?wqffGMjwOC!&>{6cO%e`BiyW%g^qp1Xj49ftgXgx}
z+r<rLa0?V|F~mDi?GmHyJ3b>sVj!R>)3Wkg|LMhH`hw%I$6ktR^q4^IWl|Wx7LQg9
zLFpU<;T`d@a&m=}Ej4cr>xX0~+#2#BpY6(u@E-&713I~^_eVOp3%DVUoW{3aIrpZf
zvF&$`A89lVNhhnJ(S1&yGS(`8({<^M12#VQX1DWIe6zMue(hI{d_N=`^l5_C!dmn_
zCb0P_7FacYXT555yNC1n`&}lGzvO$c4v;(Yh_6+miFm;_#OC%Ob-T<xkd54od(^K_
zjzS5eTFPrq)1hM0p+fTAOCpl;E;1F@RBdv;>%mgn0AH}=OBUJ8ZeG0F*N4wIg_J>u
z30y+0Ifa&$b4Vm^Fp-KFWv6keH>9{L?eN{p;Az#%&4kVuQ;pa7Z{*|1d$p&i)}nwi
zwQB=;9umO_r7M%&Xi~wUoc<g9xqkkz9^+`rtMtfnd?gk(2)$Y^Q})_tqCt%Feo2*g
zyVAow!F^b}v;C8Yo_PK#yquO$J_5#xJy*=Q>ctn?C#~>SEicR%IYqk$a;M=hn>`xD
z9p(D3IK(MmOv}$tY*VlLP|dc_1RL2iBePvs7MrcoDl*LWYf(RwKR+sJpHt*D$GAZC
zdU<<e=-tLKF|RUQ$0(khQW#BeS6u*9i~k{HFQKj2CKaj}=Y&=bX;LKNNAIH~-z^($
z$WLi4(4R9m(fAD%3rQ~|m5m8(!XiR=uBqkE0exym=1W-Ex6K8Tkq3`zPL-FCS&q6<
z-Oq0+CZ@LvimSFrRuH`xY~?U0-ej7Zw>ID-js&tW&sylUq{4O<<(}`XhhSRhYdTaP
z4tk14`3TkxTICB(*{!9Kl#W}UjJ=Xzs{PHvsTVd(t5R{K$djWCsLLFOgEnKUR0XbW
zf8xvN?*YRisp0*{X@SGKUrVhL5CVszF)w4n1BQ<oRM$n@)QeB*L44^opyHLBkU8d@
zt7l7AIbC{CXKw6=SidT?L%iz+wNO;Pqn{<am||N6YVZm2R9j_AyYpe3KN1uk{ZqS>
z|8`1`TFRK|krk5e<yN7E|NU0=g}MvWFH(t0Ew9qARxr#)oqFD-io-0%>sq1UR!ck{
z4;;0z^|6H675OG@zBI7wHg2Rb*S9Y;o?zTm19*!!hJq_0W5A_A0Zy3*=K>`YD5*e6
z1WGJWqJR<xlptb?G#D7-=r_n12`|6Dc^!f~in@eX2lSuaKwm?6QxQZ71_1F|?y>sJ
zmk?e}fG>dAazS-IjjS%)Pg!YX=Iynn>DwLwh*p3w`bX4W@hE*!1A?j*O|-BHlpo7f
zzbFFSr7^(Cy3v364lptQ7>R#v{t+Sof%=aS0EkH-#GZiXUz<1=<ZxU7N?lx2ff$W#
z0IP?|jlb(6IB6YFl+VkR5t+?tkhvy_xn_E8Ciak4WGLl*4AblJ7Ig+<YC6QzmNd0W
zDjtLr645Rte^tpx)EE}^Wi%~`?#jR!<x_QgxPF%X%(xWxuF4jaRvY1ij%z%?V2d{L
zh@DwhExzlUmBV#-2D(5;!Mzw_mDd@acAzJW<&xKt8K#t#o==aj<bu)}?G~~4*t&=4
zIEH;-_z^h=`yh3CY(R7=m^{{s8?lO#S=LGah|9RNE|}R~o_W@f-s?69yY=OExSK+6
z23(=lNW|II_LkOb8^f$9N#GpA|FcC(3|_dj7bmR^G<JhI@5@eqfiJprRIqd;B=g&b
zi_s>Y-M&2rDx(VrFkHBh<=I^`?SAuKxCAcK<#xd94~nVRCDIP(e4h8*ul_XVGOvcs
zazHGLOX^zBfKbl+?LwWIZCG}!jwtTEpkOpf6qZ`$SaO$ggDCul*C<FulWwGI0RGi4
zb%uhryU|f-)3v&quH*TIdR_2=x~Md+iY6^Uy1cKeOR{(+HzY}y7DUWq9Yfva6UrUb
z4l3?1<u@r&c#IjQU)Q4t5vzkcwTt^L`lpplmJ`IbbZG*I`!MV?KyDFB*!sa6W&O^Z
zB|sheOshSZI_JtptXzu@q+1-~B9*Yf=;_v=5Q^VDWECh)`y!A;{Y&Jm%wbr2$@kL8
zFapv!Sw0S~dimwtSXh0|S;YEv&^mEJH3*CZ3>Rzz0Bnx}jK;imU^MPsrzw0n1cuY4
z4KS`|0iwnlAbJ48-U=Wp0D=jC0uZG9Yhw-&f&bc=0fhY{5?we8@Qnv(jY&4;?@2zq
zw6lo`!G%kOmlw3w8c9IfK0;%@mlA8}0bJgf@atun&p)oO^ByDwum?!KJp851+@K&y
zUguet5Vzldl==F(9KrL2lHiackMj_64(Zb^uxgq;3?=J2q<R|j4`5(Vmp>YQ!yfql
zYRnIXiCxF&6dE0|6-{sO(a$cb$<Q7!Jq=Qt3;`4LF_5@@3s^)|=^+B5fkl*>-URJV
zEubaoi8R}Ftw09y(+GnJnqafv_l-~~sf{72n3(LSu9a!oH|~Ac#1;$zux{8WOENJ@
zxUBY&JM1Q{fI!$a*SlvTGNyohXjnwO>p;S28ew@`EEkf7!yUDr1SP%p05_z;A@v;U
z&r<<6gwLIObgtCm!}^EnF>cbT#+ivRkojd(VPU_iFu9m~7U9}c5}$Uq;rY)DpuCmq
zh|-V>3b=+Gf^Epg3b-uj$D|xA<cO(G<i9&iX{W~RO{KHWZ|1ikQ;a!r0!QshIZVo?
zhX0t-c8r^vlnH#$e>_8+dv(_f@|*N1Wc^t94M_&au6Q5E_5jAyDuI2F!6r&?39qZ3
z%iF@?|M4rD1!F|AX(FlY!K^mO7EAwlMY*)Rban|Yn;#WZdvnzPE)}bYV+wg~21Ivn
z;WumFz~A*(yb?IKGnPm}TQy-Kse#hk-S@2u#r-)KgGywECL?0PWVw4!;epc7--`-_
z$$m_B{Y+5^odAwxEEfHZN3KGw9n~USEGpUFAzj>$zsNQZpMZ6$SB^>jJ^G3{bwshd
z?CV5b7Y{YP!WDh%oCxjgW>rbw1B}f6YV-EMugUAb$ij?1i#?FwYYZ^a6FC$LGcX1x
zYAX;?ieE6%5J&)S16UGKumM8wAAtf8+0_66vphV?mY%ZN_m;tLj(%oKj-2x4iNHm$
z=2-Y{1^UzT1Mtc|242}c^5W2VcAdcB6540UA;df0m#`1air7+V$NfC__^8;vEH5rY
z4h%|+qNkxx^C&OI7y=fCt-kskbrg<*2TP*_GD0^3vnO%BTi0X2V6(M@BlH|4(`T;e
zns}E<p#IVRTR^$s)4k4LQs0Z6KpDuaG-=4JtgzAjVq&9Af+HVzgn>K;;P3#y>V9za
zmeM#%?<p`B&Uat#Yuj@kVt90$(_4@N=#p5@FJ}B7Km%!NwNZi(1JZMoR$&)4T_hL+
z+xUJHd+>9UAv7;3vQGVVX~frvMSpom65Ml3cTC{)a<1C6H)85L^HG#OX8}>>5_Lpy
zV|;qHlMyDAHuNGE4%pI0d!%eb+Cfu$%<=3=IjktQ%hFi}<ud<7X(I}$3>#A%IemII
z@mKG5Kdq0l13ic2d*+K`s+4{0eBP*y&K^C@elrJ?njlLJ<Hg3eut=te#Qu+8!OkDe
z5c*fmMM~vh_Pe*e#n<^GmBq&Bs{e&y(>irgS9|r2!<c~b?0))p9v)s7MspVqkAvxJ
zM|S#4J1=1Q(FUJR;4-Y3zDWvP_`&kg&lepu``tJ2@BKM_LcgI$nAiV$#A2iUt0OyW
zx!a*Q<3<F>6>S^z`Ve>+gP7UBkR#=KVwkelZxAr-<MyKU&R3BB_R`Y16Sg(7UkgI%
zWe29b04G>N{4(HLor6&3@;c8oCTq0s!wNMt|3%gLx9U$l?m4+e7tFwlggTNOMu=A%
zaVjUsX@RYE`h~hT(i@I)t(VN#jv?to?|Cyc!JITCijCObX2su6moa6F;?U484bk5Q
zNcZJyTXG*BJr#{dQySEmIDD%wsZCF>!!DR@A$phFVaN^kaIy{%)6(p4)BZa|uH8!i
zdR8WSt}VZFf^9X>#uyB`!ODh_UZop8<FhSz&A7Y63oX`X7~YQGWz*%&-NJx)irg1$
z5zttkG4?N#=v?bB+iS4|NLAGDbbo%UQW)guBE?o0rmFrjR)cA?jBODlWxD-31sM}C
zHhrs639w@@#2SO-p}^_{LmaB_lbI<Y4QM|~KTBGKNyjjWEh;|`U2yr-O*O^dIDO!m
zK(BO2`$>6H@%SMajmkO9|CsgbhHPt-Sc{g*ruP`^1MXN8X>c!kD#``SSQF<xN}poX
zA>}?F43PPY+-KXl^3fmjnvd<$2bZBB6xPen<;Mk&Ykfq-1wEd!xOi-hSi_5T;^fcy
zlkP;!8?l>Kjhn!>F(JKXmKLZ^yLrQQBFd;Lp*Ig_Y_&j-&EJa|2MJvziCO6;^`2zS
zCIuCAH|?CkKFd0cIk|+5^ba<Yt!)vDI*T?s*O8W!?J?XRJ;Np8y6*u`87znUdV9dX
z^m7xMRU9v_4fF1R4-scR*jp^MqyymrIVScTYpE^vt}?p=L0w3ij0XBtN9ftuwIZXz
zpFb))8fu~WZMn1EbWk2tBv6n8i6@*7y+M?UZ~+25cHbQ!#@|X@A`~@?mmxFHfn@fP
zXQ+%n(Hmf_ec}MWrw5Sr==|T-HR;&xd(AzA9ecw0yFh1?2)Uv%Ro-7wIegYI$xz2B
zH%3t|87}c)B5CgA;*c3p<eZ4Q-|53d3376wifCc+Q=BGfioNeWyj2}$I#xP$cfHTA
zZtp(P=dZ3a*K0}hUafOZ>sA#W6&(___<7VrQ6Z(I&$=M8#oTSEcN?~Q1IZZcqL30X
zilkr4?Re>E_7`!Jwes$qoCAG5RIzk8*y`cA1jursoSaATUt%)|m<nWExC+D=C0G$X
zZrXDsz_`-R{mt#dkE~QvML}_(toEYlbc2Ed`9X1p2$Pfj$nd57oan0s)!*+1=^b?m
z_r&a3zVEEu8ji=0!P^pw31@OLsHv=BYANDkrHLoksLIMiclZe|Xv0M|iaEwE5@m7L
zQF-N_(qWl?q#gy^jwD&F9d3AetsGO47(<;{ObxD+Mj)yf#nTXYmuB&VEw<A5zr~dy
znJJYQSSn$I#hN=DQCh@E9P!po9KX`>k0N*2ieh56i5D?R@=!(Zj*F#h*CR$f6n3WP
z%r%C7IDFcjUZ2Dv^SCTdMk&7O{GOkPF;p3mtXb}O%Rf+dPZhIfCNW~_al=25cTaV;
z))dk)kJRSMI?XsW`c`b$Wx3~C1+lX)krndhTx={MCL>G6<L<a-M3J>8HX_|<Y?@zg
z%rF%3=1I5sM=`-zOI#(^CLyIs@$p8uzTEhkE8xmPv|fBjmz`WmwYGtzkUaJjQ$@;I
z68Mj04dM-EDLHxYiPhSQ$<VD`UARm4A3NllkS+5v&wLrvd6T)kGL!Dl^2#%Lc7I?Y
z+X6F9;tV#wEDG1oOUO{oxAD#re_5{&c^kDwK#^dL;M~e6R;Zl{*Us@Q#Xc15OD&Zb
zDv~GGBE~1yB9SG1{@FhRs;%mb;b7dI-T@xY91bcK&EhdJ(5VU@Vq2%H5*?t=Jlp|S
zC1yaMqrwvtPRfDjsTRQ-rQqU0Emm74dY_<sc>$8{SKiJuA=BcS>iE*2lPP_9^{)y)
z*M!H_m6~j;WIvaUfBy=EFf<-ry7%91uApM;_3`lHO)_qUaO4ROMd8M%QD&`0-jr;%
zmCE-B^VQ(HNS+dJ5-xg>6eh;ntkT<d4;2LizrsVP$sTL-tpk?K!|M59-I>Tk?YW)q
zZ;{_*ZR{(XrfTgnzRB+Ne#VuX5_X%G(%IF8P*^aEQa#Ggz$*(c5al8+iHL<~UNEi_
z@s9%xOzFFV5Gt|SbDrVhqOr-^G`^RFt<5UmXx&wQtApLTAcFs1P_tgKfVPEqlU)tl
zn{`2`Sx!;#WXoej@$wxcy+Iv(yo-!mLs_|OZ#$bqL8$Wl(@ezi<(wRiQmt7%YXlZG
z365J$#Zsxy%_9Aziv#%iE%VIok%{ubB)wl^PjL<{X@;UglQq*X2|3<SQb%+bF0X=S
zCY$nBumlnp=2dK!hooO6&a;Ys>)~6J9ey)D79*}ZB&>Dd7W*#EkJBwXmUemJj;UD`
zFeUs80g0Y8%g2I39wvGT7nz<k$mVp1!5Qy0xE_#6<*!cbzK5$X)h7w)-Knoo{X*dT
z;v)SBh}>H2IxKe&ewI^TF7cvRDNZW%DBfj3hvi6jT8}4<%Zs?GdR$5$_t=B~AVr~z
zWZYeCTrFf>B~a>|vwqK?JK12=8yr-WtLxu8#mC<h_dGdaZIi%0^;W-S#<MK(z(Q`A
z=|Bk9Jjx6dp>wM0%}H#P&^1e~zGP+5p4#o{xvc2mbseSkS~+GN8MK2PR72U_CX=g+
zC@q_&CE@AF>!bY!KEv{o%bc^i+2CY~cRt$P4s^Q(M-kvr1bxqNe^jTddP|x7wcT&$
zAu*_4F>qz=sZil{bMF27mD+L&88JAvAfpxkw5#h&r#gONZjQhG9fOSS2{LDsc@1~J
zm<Y`Ll7n*%kN#?II5($Avw5+;Nn4WUsYU@mJRsa(?wGLzQ{Q@0;ZQ#m>6jqa(cqQl
zRq}-e!55}Nxs(_^{G#T1!S1iMArT{8CN{JrT4cAm)(sslf&o@K0sBuRS;VhE<usn!
z+SOsYbB#^g^rM%}j&aiSeB#cv0IJ8ak@I8v5_@#V>;@<HUx{J**C?y~`r{vAe9jac
zvDO_SB_@2kJ9d;BwfptqyAp5m605vQLPjO}KW0dO!Ap3qESx%5Nwidw{_xgb!H~w`
z<2*a?F+5yUo$K6L@%h|W7vp1|@{D5mHw4c=@z-`N?BLM8o7<`EziXfy&C!&R-HI@#
zpM4I!Maw&JBIIehiWq-W-0j1{x{~9!oy1HZGB&(KDB$#4W~t|eYuz#<ZyvJDef|bw
zaDJ+!vwHuGbS=XEPKNrG#bx@z@}zMSXF!bnxfo82bxKG{g7JCs`NK%C=Mkp>as0_2
z7`MQL&cFDIvkby+<%7q87)@VO-Q9==`VeG0+JB>6_U42ziq$GIu-;w?hXwyvHjO})
z*`*lo5qb-6^u*|1-Id<WqlBJEK(WkY>F#&3uNWu6>)H`dajnbYb<-%iw8lkbxqNse
zPjV=q6snkVHc{iUsuCU1bl7L$jn02EUBN)nY||wh^46>9{ffiG^fbJvo<v7w7=HIY
zoc#37Np(gDsY7iEavYPR(3U0~mmu}?>k{N5jAEQ)>*`L3RIQ$<Y;47ab3e$En#V<%
zgna1j=EqKxx#`W)aPV8*HP&ul>S9c9EFBX?v>d-SI?|}SaoX<eP%uR<_YnPP+4MCJ
zcuVE5gSR#I{8|EPJ(@erdb7pN@hazJCFG2+cI4`4?s_w;SgtmDd?fF9AeductZP=*
zSzb58lM+`)iy`A&+q*YM6&%yyBGf+<WSvwjRa=XPZ$-FwT5b2cqs|aG*NTJcr!2|h
zR9v11Wo(z*&mD@fpYW3Ht6Xf<?aBiiOgT}##1exJ(vRto+-M~4gh42#5@m0KVh1&)
zP7&gkpZj29nxzx16S#n6_{DboswKz=k_Ftw(R0~(+{B50b(198<;0$A_8i+KEPp4T
zKYM4c(z2mM&1Rbk=YQnGjhf3Y5)myg>Q}7EL`SX3{3<cvZYbJsNXaBXo!BmuYy>r_
zyjQHSH~PTacxg$1Pg8C-rI?c`9YYV3#?37IBZ{`0ssN-AEJB4gKH0!jkQo+bM>){3
zRdDd>Q?Sy?u}&D??!i=IZnOz!e622i%|BsKf%Q*1HL9~+>VXdJf_g>d+n0*r?6R2U
zj`wrpyLUNL2uMm@7=_J=jfeOid+rd%kwICvQ6$*G0=exb{UWZ>tC|g-C~5M`%k4wt
z+mwEz6c>C`xanIKygeosF7TM+%&PmBE==~39D0Fe?BisodgUQ`v=;|FOZ@BNb5;9j
zO$mNW{MTZqm%KTL4-J_x#cHJ~zM5c|8F&8dITpx<Ow8ijcEO7MkCuEq3dh*~8ep_h
z_d@-|=<i=SQ*S!&dET%|5YC>YCew&gXp>|jmq^zMYvDQKhLr6!cRW69&mzJFYu+2G
z%48BSN!?`}PNs1T`Jg5Y^@nDvX}$O4Q*pCAO;Z>@i^?)5nM%m+CJQiU_2$emYmkqR
zUmGb}O5;7#SzftFBwo#(m38G$o?&*S1UMDl=P|>r)$NJf#L6e*-b(me_1HGfI;kYG
zE_q!h0DlhSSv3u-^az&Qb~tuwY>4!{g=U<eA<b3@8l)zihmDSRG_TU=oODR~ub@sQ
z2b*KEbl<9=uL_F~zp7bt#4WrrSuSnC-<zVH8Ijnp(018nVJAr4ZSykUW0>z{LXNE{
zXQ#;cG5v^3H;9@$&-^kL<)g{^>@&U9TqMSVKOT4s3bEIj|2pAT)YHs6EqFCAmfKPS
z?HVe{%8_t#doGINC;D(DdBC1<()1YgLm6%rEhgKVI){hSa>^bDnawHKV)}gO4VCS%
zENg+J$$~b<W2TS+6t%SD?xnGV)>-mw%42c!gw+SqQ+^1nRC{n5GIAJ9J<f<%j=IJn
zHZNyO{nB#rZT5R^#SM>J1e%svXWC#f$zif0eHJ(^Wsq``mAXoC%R)>yPZZRl;TFMh
zxw+Q<XV>$AyGk*)>g9y@&vs;&Q6R8IQRyilANW4Pba0#TOiW?->;mb>Nrx7)x;|tS
zFSx?Y7p=(u@<rn@*2e+%q+YUnEn%J#!eerjR~&BPqMTQ}V+o&S7)f7Tcl)OcmfSU>
z$k2Pd8fDWjH+JE|+b|~mqKp&Yj5`7R>Ot<}Jo>YDa>IQw;=3c4E37Kjq9eQF8soP8
zSvT66>-NM2H(gX7Fpc59o7f3&RY=Cy&;<n3eWpKHfRNZ(w;Yw{+*snI{rxs1V?S&`
z`Q4V-xpp3hhYKzAxp1H9OnDO<nal%ve@D`8m<^bMFTp&z6dnV|##OEvCzw@n9jXgM
zHGlrY;#sxJ@h@I-Kl<?LQnYO~9K4IwM@5Sszn<?ft^FTW-x=1_616L$B2sb?kPheA
zP$@x?4vC7wQJR1hrGtWk(tAmes?=jaPzVuG=@3Mu6CeW8K}sS$L<o>T0wE+MB)Qw~
z-sj%u{-MmCJ$22RcdhmAnVJ*hK(l&n^ymG~D^TiRXEBZqZMhcd%}c(+-}cJxkXQ0^
z2hs+&YLBciUn%4fcv$|BRuv5^HYIiWTFs46kNaY3On=2<Q(^U;w9aJLi;bfyN2H?F
zvW42-^d{Gu;IGx3bC&j#P&fQ#-AIKS9g}MQfWq;H)(ka|Ki~K>?x1Xw6F*k6o55E!
z+tjaUo)R;-Tr+mcQ?u=)_PC0trjh;7isIHg8NXKV=x#sn%B^=%UkF+>pfj2-TlWm*
zcjw21QwQfPpN~&ReWUxed}CGI@N5V!#8r`_)yk$<4L<7;_DU^M*R1m^OS(^Dix@Yx
zqaRJjRx}?o`c`k1F_bS^AN8bM%4RI|4pGv4v$1SNOlQ)hrD3vSxuwcgd*oYl45;m$
zDeeyK=nG%PnAJ(c-O-9Da*+cKXI!%)=DIobVVvfI_jH*#7Bpdr#6xUg`H{+(@_D&u
zt9R#Qly?++wxDqjVF*9Zvzc#b=C^iU|D4xycy-e1wB>V4bG@*~nX`)8JmU@NRO6vD
zfV4e)5Dn6k_l1}sg1d@VHkFSL(brZUK48U)i)v*rKL&n+dUqB-?DZLzB^eL#8kC$b
zN3@Y?aEVIBvQ(wR^#pqRuA=e@!Kr;K)#K>yQ`V74(W$^yNJQm45f&YeG_a?H^!nD1
zZJQV0K7EuzOS6j;lMtPgnlb*yw)C%@XP^}-7&2p}=w!LQiF5|n^u|0d;DVb`>BWn_
zOJ{fnpRdEQ&&b@;HH}|&C&8C5XSUkN$K5*5<rw-Ncl&IrSfi7JEt@j6*dD%9^J5^<
zqPr>o!`ZDTXBZ8Bh3W6U*FE`=t*q0GbnKT3ERPlYqUgD@6`-rl`xeY@$eBS`&2pbC
z?*^!BQSOdO>CJJUoZ-fSS<#>W-;)NoQxj*Ve`CSk|9`*4v9Ub&dRbI2o0+B-?3pf@
zJ)g8OAE}Uu+n3K5m}}d!qZa|7a_-uSln^|Ofg6}}(?}a-@6kutSI$@jsYxiln(><M
zxrcC2jk#Xd(mY*W4uDjP#}1R>I%KUaf$`@aFKRA@3M#NgOQkOr*TAD;T01!2{qpR*
zmz0xht~k%C;Sh_!5w8Zhoiy9acc}54`si%>d9>fh=vafs8~HzUZk}P^`#$0L#d!KR
zC!sX<oeW^p7^U8ZEPs8z)f+e4cIyS1BxakAHHywTzBb7$4Qw^7u{qgxPyWgM+KS?f
zu_Wx=uauV?lV@3{;P=_4=6x>}B<w`CrEM@j{`0<(TxXavp>gSBcCpJIPU|!h=`gS)
z@Hj0Z>w41tk*qvfvu}5ZtpfKT-B1a!Ti?DLM*$XDC}5F22kq^vc0IqmR9$tv-evr5
zc#UGdLx-DpbM4QY8;G3pvP}t5k*olHT}z1esys*QRWGJkp!a!EnJrkUS8r%LsJz-l
zm`3AbH2);y2U>Yl@@i*Li$=lTf5nGoVqcD{D)||`E_rwG&+~sK%W|_7lx!3vF$7Q<
z_xsZ9b#?GNlld$DCx0=7o|V<!my$TTtXIChhP@_MbiYBeU*)w`vE}olXY!+NxfaD<
zi1fXF?$;$TTk*a(23i5X95FXdW-nY?lIR=G%xGM5&K4`VZW0^a`Rw)=$y1*t`usDQ
zpVsU_=#SU;x4plEEf#jDW@)Kz?{4kRK0Ckc3_?f3;}$kD8!$yb6uxA9dD2<B@o1a>
z)VGiS)_5b2Pgb3T$Gj+ga%j(rhC5c?9=!omw4gtttUQZ(b!JA})At3%|Jec(lAYo5
zx_4KoFE=~s`j@X*wQ0$|w1{C)n4po&1xB>)=8vd)^>wi{gJ4%F$QwB$CF}67t@lAa
zHr)5eQ;quunWOX9#tP9xDw6|3rcYk-+5<nXg6|8NdV-q}X>DEs@Q^`8wd3_SxqBxs
z?nE1X2qB!@`1jkbf>!={wK$W`vF)wR(l08%o(7Fgo#92_Is5CEnC+>)>JeL;?fl|1
zXIfO$Q;NPf6VGnlF|snOw|fyhah9)EKigs(Z7Ldks;}SS-&@4p+E~8mUuPyxZI{ii
z?q6H_U??y}av!+vx-53!)b^oxd0Q~iB)8P0P{oR`0omWXT9O#`SozZ6e##x{#D9B(
zf4}*ToCT?6RdV`XaxQrKp8OSXvW;^5<vciJ*t)MeEe|kK!tf7o_64N<usO}H8{EE~
zdz*1vZ?CZ;@LVt(XLP6f-Wv2ZsjEn0%O?Hg3+~t3=~s0puJ7Alwwydy*Hp$8csp)X
zT!$)ow}QVd{uZ5HT;5%Mp5vI%+fbP`|3ixUF3Z(p>YF>P$YJi(PPyr|0Gq<mnH8}t
z*CIx#3XpK(>%RB6HDY1AP8I`mG@Q_q$c?maGXR&%M*MCaW9P_O3K_kTgtd)I_HwPW
z=eDwGlLvn@O^t3%mMfx)$ye(A4Y<}V9b4IZZWF(W=@<6)KHP$}m%c=T%YRe;zkeh5
zPExd2g0aEYPj-CkwUdl3POC^AK5RS}llcbJZ5cGQt63~=H$sz!;VHNay<(2CO~<TU
zWv6nT&$DhP8J`b6U=M)Df0WXzo3hLHq(wiqRym7_e)_Q$J>Rx&BzJeorn!7?jn4m<
z$KBuX^QRRJ>Cdn)o*&gQF=!dH+pP`r;GG2w;}waEyFIhMBTk!3%n#Rg3dGY(i_oQj
z4)iUU)XTmwhY&KG%}FjvYECvJ%zfHPyP69;Tul7Np0$hKp~`TBexHX3xFpq>g1@;%
z<j@UQo1X(3@ojib{d67H>aS_zH0I8|q?+qB2V8@4=;V6;4?x*!nzGKml)0jV!O!tQ
z%0bqU+(TmtQr*A!$j2o`BxA=yznbPKX1$Snn@Wh4SL@mxdr=RR9s2cuUT)oZShY*8
zpEbA0)&&2i^?x>D8`|YuW>w0alfBS5D*7lQVm3}46%TiQwIDY20ccIcv?<QzlW7Z^
z*$by_<)ohb<#q?qy{B42HZRP<D>a>wH~!W_Po9@Qb|Wdm)S;xs<$;mtr<Ok*kxR?V
z_WP>e<FcrE(&fp?Upgm0_q<dP>u-@chx`IK#s0@#sfUmK{QdYPr)zr__j3nTj=B7)
zbaG=g!r_<hs=_1RiMW?>`udK25b<GBj?YB3yDp&LZRM}+-TAxOLG@QcR-5Nus4t*p
zKm5^H+J79xR{(dT=;7@--q6Oq#&}Zr&DqiO+u**$KG+GZ=OlFcyVLBr-_^xVr+KzJ
z?|C0Z?>)WUfYSB#--&kkf=ns~v_O8~eLvNSGj}W@)tRsTPya$<g5h!IcdNcif4kxI
z^08&%o7UM+3L!iG9?$(W93ss(TG4JF{PfPe4ktHn7(>8<Hz*;Wrc{a%IXIG(R^L!p
zSLsdp`U}4IN(`6wNZYM%6^7exY|Elr@+VE;l;CUi|6*zSCJ{TOmP$VZON;J*>h0ym
zHngxs=H`^Tpq9d>_SwIJRuU>E6)Q}KrREKp$qe7)Xk5Nvx>Xh=s8&Y>c{=W=XTX&H
zO;#4JrQ@G8{Rdt=;3Bc_HxaU)0S9MP)-QWKf2E0!Nok+AQI_j4coR*c^v>JXW-py9
zj<rH=>)$j|>bfxy`4T<o1T}c?8k)bD@nASuze=!FYECS#Y4EOPNgN;jgUS%vM>XWl
z_}c7)&Yce}vY#u0^<89cgPT8VSmcbK*Lx3vH39MconXQ;Ke^%jH+!<jYxGb_tEJ6|
zoCeJ-i;+9ea^PRT(Qv>!c1@Ld4|;I@2Ez!r`UEI{5-8u`z<7J;oAF0hSK3yG@e8)-
z&^IA-1;EF1;AR!~FBeM2Kk?D^-1PSZW_?!EYur!qf5v1;&a;GoVj@J$ZI?sK#el|`
zpo)R43ViehkA(y9gkLGHWVXkCzjI;3Pbahr&^ulS)nWErhbJ|oCL^*N_H>_p%cn&@
z=P1zGWYncr30J|IODyHxeD^G0Y}h`~UhIK+5jjkZhgmV)lX6st6mA#&H&713!-1(A
zd*rj+ayR6FcUgE?^glpqO~*e}kvzd(86Z_bJ;6<y)yGGV(c3h2ud;I<sotLADcp8D
z%9hcPnfF??5-9~gZL3^2{Za&$yv;kbTS(Qzjf|$pNf*56j)Dw0K{bFPPc2I8@>wQQ
zWI5t&Qw`05U)7c&e}+!b`ItjTz~ViiSv*Pa`+75BE(?by($(cQQ{Y|j#eabG>|*YY
zs!vOG6|vGidJJ)7B!Sp<Nn`9Bc-PGRov%a5F<{s$j`?*|co;<{TDy`XI`80yM|F;t
zx+QW9m`3}*fVN1PyADOyO*`?NfO!dCbd5Z~70Q<8h{ss3*ECH3s`hJhQ2?fBiE17x
zs(RQA7!Fs#vz@Xj+^%@m4J-XU8D~*=LJRWpra<({cCaJ={KR<U{My>k=M-3om2$+t
zF;-C|126cY@TXQXtYE8{I@b6+3ri)OW1f{4Q0|gRL8r$J#p$#PorP~yAyeWE_7zs7
zSra9Q*aN#-J#{O;oc)u2X$&&~(sg^^vayE3ZsOsoNKL-8=M@7uf+l+f0iJ#hieyoC
z!AF)eThgzfKtM{Cwd}WDVkw70a@2@YdDYC7hWTaQhyAOOj?)*{Ll7V|-TREAjO#&g
zYJCPPcuGI2PhVM$<N66bJK9SdBpXKZsS2ocMpG?uqL8CXDK3(Actu<`tkq-36#Gha
z!HzERX<vqF$kd2EmX$p2`54UKez><A$JOio1)H0nZ*6L5;7$R*`R5PM$Sw=)?5@ZG
zf-1gf92czjCA+~jR5QjPY(S)K6++&a;5=Eq(a_jnE5&OCo>W8|gyjggtxnOy*Vm<4
z*;9H=hhTp46a<b~MKo;a%vbQx2f8S;ACVXlWAUiuNybLgE`@*n6QXyDxUeu}viF|V
z`>2E$4cuou_!KU?{Asp>zL#6KAM-5u0h1BkZ?!4+Z@>xGJg$a4pKmA3q2pRGp?QK1
zm@w1~s3~?^fWne3GSloQeVo}7d9&Bq=MVku20L%g#54OxQXN>U1JZQ2hpTK)3MjSX
ze4v=K?`zPL&@UQ>VZ{yms^lDrijH!WcBMc-N(06OCDS_cuqMqKu4YWZ7W(l*i*+=G
z<9d2<%<84(d`thh^u=%{Shf8;Z+Ct!4;of(Y*dCiRq%KM8fD9k6{x;FE5hh(ff+W@
z1MKNiMO-uZAi7O5f4hVfl_hJH;A>hUP+KB1Q6{(hNJGdQ!;hNvCctvwND-;dPbM)p
z^AVMNHQMWFnHYyWQFe#0uAq7{6eG`6Hax(4D&Vn(%wUTkx2rjF>o>RYb7^ie8_Ehk
zab+kadA?ru*9eBy-gp@FIR|wW%f*dY7V??x7oc59{;3$eaHE8x#`>$^Om|tb$LbBN
z^BPN*^<T6aSoFk<C%NRwmbaNMKa4-0(;s%AfUgeE*G-*rK9Mwnk!m<X8u?_xBQbXv
z_Zc;E%Y{i+D)7d_T>mX^<!)sO(~br}AzaN2Del}zBkp&>1S>(vc+#SMB3n|3vwnZH
zk!m1H#9Ssc#x`r^p`BPvQi<ALHk=Kv&BW9|?PKgY)x=z7X>f4scqXAVn|MVD?v}i1
zA6a4z%d+NLNh0-OOLm5hh1s{OpLK4PLl9qGr<Ihv*wGL*JKFiVXA4hF;wE81HtSA7
zFV~%lSS90==;bf}#0o=b`3+n(vN(Q*dZOJwSiqStVCKbu4<3(jPTlBVzRf(dFL{DF
z*TSj#DmA=YZKb?6qC1IfiI8_=Gi*k@0+HFUzng`1@6b)Bl>~_8+{S9+d4`BHs3jnT
z6}2Kt*`68Ixeonl3iZv`De3xj1U>Tx9%t({k?#NI=Y!tT1#&UC)+jf(a|5*^s(i+O
zoxJ0HsWpcXo*T5UZoA=P*)|yw*-$Zq?Yj`L#$f>$G4F(Ig!>fy+k{=LMhpiz(fY%9
z4=2zEx%`9-Ze}-E%=w^0R}DV8I98ne1V4`$4(rz9@vkd=pSRe1R8s^${T{-NP##HT
zbY!8F2IFax*bDxNXpC_WD?Hn`2Dx+($#Qwr@XEtcx~KC{_bm;<`Lalz$46#>>@)t9
z&5xAuZ9V2evVf_I<x@>z*a4|NW^jS(L4wDcJR$mYZ{G##rMyEm@%0{{?p%+v1s@uZ
z0>XJ-(O#7+&@14&m%0^uZ4!<vfnZ^4N|y7-C`o-Nu~sQjhk_$goy%$Y9@@f`pzVX*
z1MX_L$m|H7P6Z20EgK1AqkHpX+`EvL%}Z=6<vNM<O}h8nw%SQ$vQR3<ycqg61~F*e
z8i~{)k<+Un_|v)|^-DdPNyOJ8u778_=SsEG;qReGL5Ed&|Lj^V=BDY_ujUV!;t%O6
z!T5z3UI?e}v2MRzkapF=m3%XFnmTxwh(8y(Ffboo8<7&X_}ihC4o3IuAM@!Ps)+^;
zpZpzsK>jH72XzVySIgb-FxB1BB1B>TE)?&QbI-jx&*I0K(L~5XiwcQt^ab|?5HBUi
zl`&=2%hht`7ZTo@LML$)nCi0+S7$_*TLsvdDC0JISZYvv^2Xw#$2^OcLfqDO1VJv%
zI-x-^=V4O#*hrGxJWG`vgLk8T5bNO_+O-SRGW1+^lkbZXw@j2X0RWOxH~kP<XhCkd
z3cYKwJA>!fAXo&%^)&=XiB$3%pqHx_5;@N8u80Ex+AsyG3K`x3#V5b*p@GRNi?^6H
zMHI~xx@@}$T8>Z^prxJLhNlHiIePKD<k?{;EqUGHMmPD9D21sMg<iSbI^0NMN4r$3
zM?wQkZ+F2%wAKAX1MJ}L1F9Lbp~wpP9VS(96l;EIirCjgK8#GHSZePIEUf4YeT(NT
z>`o!|l4-{(1!pX_rYPSPp<1~<ozb>!bTbqszGZQ5JcE6coQ}6)<`%(M6n5S4x{WM_
zfVjFfL(}+?u1Di-bcgl<j^txeb~~vG8g~TCM(M}8r_?GXwK2^LV><OU+vrHIk(3#a
zF4X|eLo%`xyogL`pOp_dJ9M#H2NjW&-B}{Sd6wO#Cvak~>n0+4BP955`TNfBVPJ;L
z^{=!lQm5ePk^KBj7RVDy0I%o_G6$TL7!De7GGwW)bYWNFklle~OBBmf4SuFsKad8q
zv!p~6wH)@|hyc*$8+7Y0S=ggMe)*P#d|K?Z--a#H&b2?x2Ds}_U8QFm#u|c0g_L;4
zgvpD0Trf8X^rZ8id?%H$5gY7!2l=_Ei|gZ~Mgp%U8$)HII{F&$p-OF2aUUCJ-M{S+
z1C)`s2b0nlk!hyxv(N&tq{{ivT|=nV&i%JXRWKxwEY{dJ){2=yeCBzk7(K}i+C4S)
z&<$HNKswD`ILzqsgd6laVIJ0OE?CYV2-ur(;{CU6oV7Dh3P07Xw$AL4BRqHLb;%0I
zDyqrk=yy-RJq_Bs0zkSP$S-NQ&bo`BLj~-XbN$l|j|dF(6>n?hE8KHD-9M!WNf~#;
z()Brmw__EuY=9<8KvNgGFljzq(p<a06}DvjF_~r;^D70i<)*CC=?!@-XwX#%Aq#1`
ze_l%MVFq-}-_B9;Uk!sIscYE4Nf4T~!{qd^i$<80EMO<1@WO(D>$FU3!cryE6}P<~
z<dx|<1ZfH@tms?Usy{wJu_eFH6BN&;%1@*M8*c38vj*r6bA^>rQoRlrNOTc3V88JF
zT0_DvhaKm+9jU+=i0bvu%ss5Z{-ez9XisgWkH1!WS=vx&4VPiLxGF5%_cH8TZyeaN
zxU^1rzInHM5L2t*hS%$-{OVy6Z&TKGh=Zqwfw9O;6vxMy@ajM@Aw)cG=fl9o9XNXj
zOK%0myjhZECN8b~Yvdsy)ETlEmL`&kwlAI;r?2fOH=~QbI{X?f@stXW$HXzu76?l*
z0|f^Y@+Cns98w}j%MOMp!g2~o<27OBN-+A`7CV#i-=D#FBhAX%e@!~2!S9{YM*l!M
zhP=%DYCZq6?fo=DxK6_OaIlP9M+*$i`WRba4H0XhUecXQrF4GM5b{s?1u=Z@SnICt
z*LlA?Tw`caJPnM&E;18pGtoyXpD;<@<gONXTVvkoa1SLMc9dbqgB)mIFUIPdL65T^
z5_FI9k`Ggz3iKf&uaR!*(v@wFB<!QsG-HK;YGUy%q{3~A6a}`W7UWXv&fVCXgm<h4
ze7WehnOw$4965*FJMPD+ox)n?U}+JpR(mqI<hsS!#sjc}&}6$~%a;VF66o%fYx5g%
zo)e6St3G@8af2o8CvjFfEJ8E1S6%+lLi``w;zZ%SJlaw7_~+E8UGp267uTKKe%yr!
zPHmS_box22KU$#G90zh&HT5P=93l{dd7>ep_#exv?*YfQbtY!GG@$*05=cCD-RW9W
zjy-&5|AV5(DV+Sg5G57V@jyeUIx*j)>E!&zT)+e)<pPo)#GKH14oCX$n3kMg7jxyO
z*vo&?6;e+~mxL#vyB6HDIztErWC`Njg8k}@3dED?^?Ho=JTOf*+w#ruPbb2R0O*!p
zPsA}pwc!~MV9iK|XAGb@?>D;d@g9}8zHT`>mDpFVNQz|TG)!mf^fyg`$zA@`N8M5$
zM+!=Hv88aa@N^`m2Jg+x^?YILRpGYI?q9Vsq&uqe4RoH4tXncF>9I#oIP?I*)POq?
zp1c-Vy7W<+l*>}o-qAz}<zjMDxCtLTtnA~5+<QOFFW<;LB-e4@7#?(`?JN6Sto-if
z9Z$HTx?0a(QC<+_s&c`>1+8_rXK{iV#q)=XxeH^GdYPQ(OS4cZ##HVV2iZ5Nl2)`S
zw=@^czR`sgBT4UZN@OwAf`1)(C0CR!Eq_$Jti-+p(2n3{eBk|yKF))>2s+3=X~t5g
z+M&#6{n2n^zjhYy&L^pMKY3&_PHk6ZGvgHEO_8{Fr<O^K=R)W^TH{$+x^iixl)b$K
zbRg(vGPq!Khi#J=#(G{KQIF>xDTiL23HZ0^O}FQGgjd1HiHLP=Syt8R5|c6IqgyuK
zw7Qv`Jci&0r%rkpAz43bg^;PIB$P1}vp{)fVgP-3XxR(37u6KIW=Prn$c2@+H@<R4
zj?!ZlTsk!om1T{lTYqIh)0uiReIxEuzvf}S@6QniwR`R^$5OaRNu_Y=HOGtdPHvKH
zNvbdIuPGbO&oZrM0Rn<B6Z@^!wKzuXEIu{5XDd?wJvS_ru!Ly7Z_G2f!Z8m`clQ+Z
zL5D^|-^1QA#r)$19_%yg-{9R88oEyUM3Y8()d53IHo8{1^F{_i$jeYGbMKUM(TbPv
z&1x^RXl%r(<)jA8{bIByT59+lp4{LEJ%~Ul#EzDt1;RbRxL&{j{(JBR0XWbQ82qmv
zEIr|DbE4tk#ia*&&01ezW7#1Y-2Kl}Z8v=puY$h!I?h|6dwtp_NtLbvRjkk`Gcc(M
zby_v<O@k|0(nFunuhA2s)*MYefjj7Z5u`0gD-vohaX-6Zt}#7uMMw5?PT;O>$v=E_
z%6q4ywr08mYnN5t!}OZzK6==-JI3e>@3}sqGw!0Ze)0jeN|1r50?ka8+;N{W6su{N
z#^ICpk*9nvZ$-8%H2eD)gbAj!+g{<kT4f<NT3uhj)^;9W;hd{BxP+Iufw-=7b<Mk@
z?^Cc|&FhFg#%P?VR8HuyG2+Cb33%qF@|wd<A3a37Q0YSECW=}0v93S`#=l<SQFB=H
zmj1xngmg?uo~WC~4%%};2u;xC+?TJ};G-Wt9=zdmRyWK*IPOI}>&t36@HbnSbAyl0
zKPo8DStJNxK;SunYh28Iv<mq*aF_6`2q|+LEj-tJsATgFf&1ja6^{LyX@YIUx1t5H
z+ip3#Ew6*uk9!<;ygOIZ_GAK^8ts~J_ftVo<*Ql7XSq<Lg(Zl!qnxO{{4r%rfF$EQ
zw>Zyny3b4^Ahj>>9mt_$NW<x3QO2u!cO#r@Eod;lLQ=@>Kj;8(YAW3w-d!0#8}^j3
zHQu`xzC0qCR{t8xI`@VqGop^<t}_3EH>eUevb%i?^q+H2L^^bAe+W=2<~p5f*O6wQ
zM|<$*@&u-0&lN4joy%|t%D)OFItK>NfE}k>+D|Cskazlx9>2!ktPzNY`0UAp(c9HD
zg<Tzwtkn#z#cfj7>XHb@2}kVOyRhj@9FJ!`ShbfWz1C<kM{U31zWibcO)L_Ufs(DW
zXxH?-pxMD~9{l}UEu&7*6Ntbf&xPyC@T3^`HX%f)3)E)h?yBafMZ7KkaihcuuUMbX
zpMm1D9vN=^H3@!JD9Cv<u?x2&5H}sN0a8veit_)^&~6w$G$0uu3CC!m1UP2sQ5jQ}
zeuQI8eFitnuyfbc*1z1^wZwZ>G3mLK{(0JauZ(5Rj^9M<UoIeHx5S`%K8Fh3i8WR{
zE2g#~fgwj0L$!Vy=~Nfa^-)?rsmwk%3>fBw3%|D^-Fj(Gl74pg6%zW=_$9ISg4%^k
z%Wd>r5A-otff}8ijanhVe<B<gLGDt<Yo>5T$QAttoVRy6XQ1|b-OFC%yiCi;Lnm5)
zM7kYg%b>z;C=<Iz+&#~*K(8cA&Z#H+d35(%4wo%`bmN_1?U*(YqZKWUBt1^jPs?yC
zOIIumn`wX>#in~9qfXe|y#UmqgFo%H{{bwdazqu(A^}_D$AvCeU&QF6zryjib-PT#
z&0}f$LmE>hRw5i7oDPOxvY@w0iY%bhp%$nzD;m)kbhc2@e*bp&95Sb%m*br$?BLJ`
zZ=;dWZoJUx%Bhg&A$O4v<c%`6(JWy4he2^Fy1jFP;fYoq=FFG}KF;?@Pgj*Y*Z2m~
zVNn^ZvJ7KgV+6yQ?bowMjW4p&9?q`Hq<swZyg>{yO9glF<!lGk&~KJoA;BLDA6-yS
zXHDcknxHr!-Qb_gXn6(7>oUZe1v|q&{e1f~-)NKO$lcKLn4oITkw`hfLsmK*Z8z5v
z>l1n+ELt$;?5wlMoMaDe2yo4<w%>Msu;Zh$dm(ob+;bPCp6u2&87N|2+8L8i{amrv
zuJl+$scpI??oosOVEN}B;24?J>csSNy@9pU%}ySm(6tn<N2tqnkfwXq_p2g=Xfec!
zQ*I=Q=;bCdu3iGqjUh=1Ow`y%<E_%_!C_OH2ilJbbei`V@q14VE}J)g6r~7F>D6-g
zVK-6R3$iQ#Xe&?iH0TmK>*F`4CtJ6E?sF>j<j;!3%TT5k0lN-_p9N0idX_^QVcSaC
zZafZaW}yUX&;GgT66k%Laq4Cd*Pz)uS3fLYBrYa&&OLL$5$kTzKX+*SZYsM|hAQsJ
zxYb^ASiHgjdl$VM7Sqg?<DUZ4cM~*qEoqB3>vOT)TR9Of*-H)K8ujl&6sFe1LPyT+
zq6e9A{A7Y;i42Q@0^2)#ucqG-F>n;_aTsy~H=lM?n6jHV?>Y$=t0Wgg1<sZShl$KT
zoKU8}POC-d*zu~LTf@t?2eiuFtS}0dLINHpPuk%Jh+Wx!atmPV-p&BSpPT7{S{wf5
zYgJNns*!S>)dMk;;kz?o+>+UBYH0PVVV&ySFJl|Y0?SNIUbqXUeO#-D@oChqeO9kp
zp@(@vrR}q2P^GP%hlvO=>Sq`<$+9kaDYW~ouL8RE9Zf&(K&(i+=(wLQdr}+<N)WFe
zT4qzd8V^;+S5zC-Zhh4phPuS|$c4sMb8Oewo&b{N%4XkZTdngXH}^pe%0z2DN?+7v
z&Mg8XdsHDIeRR3wtE}a&1J)qlSMTncuX67B>Z*<3%2?gI<<+l*B*4|g`=eWp)g@z+
zw)#z*qXdRrjaFfQSSEu|J&2A&Tz9Zh!1ncQt=}2HIR~F}Lk#acvQi$iyVHEbVTCfH
zP!3he<i6f5b1OOWb^Q1@hmDqbM)L*oVnra;ZjXeFAHnbi3eO&P(hO+n@WF>rdr852
zLcp@b#9{Ra{dCxY4MUM}J9NtVEE^7>8cU-?qYy{Vq4(Ch!EC%<rBJRcR_cR_m7(%d
zwv)Rbj;2qDiWmxPpD26P49ba8XI~o^UJnbXyT=P&{Hj0yn!VfS%VA4%9U0$Qa$n)S
zGf25SY}d@<Tzv+ShD%mk<UpdUNPr7i+*hynEk7^iurv^y#QQgb6ytNKm<`lFtqYB4
z^g@YSHKQ11WlLIu7=xSd-ir7>3hn?rOy$D@)x=Mgn68)9Sg$z9!0268I!XxekOIZF
z9GprrT0AA68_GN$D<hg<yskSk-q2y-p@}>4E!D-t>J+zvwPUNi76A@ZboN=jp>ur=
zro9v3sl;ExD&VDyF_x>tvS?aft%7`X`q*40Zo093W1tzbtMAkHDw8GfK1MRjX5waO
z;vXMc-p}r7wAGlJ{r=cP@N<$YJ`9z;q}$z>rsIl)&U9UFtb>sLt_)0krE`A%GxPOQ
zdYadwu;Y@6as}po<Bi%y3$kYCy@uZ--Dytl+T_rRR~(Nc^3}|#CzgO`tCPB6`OTrA
zEOJx9a>~{`Spk2x8>6vlne_@pQqg`|hT^$cdUy3{tobVkSkHczz7_uEqo-Z><!)i!
zL;iM#A069@wm1;2fJ=H@rLIF^1^%Dgd-{4<snx2L(x}!|Qg126Ymf));cWdyF3t$+
zx(9|N=X>0kN`^7d^IM*EoqtMOjEE?l<qlr%X`r2EfKyqbleFrQu>FS(vgRhazN<C%
zB>y(2g5^-(iYcGFxyfD=(f3@ckY6m1HI&k8(Dx{i+oZeY_u!%`Q;fU7XThu&MJsid
zBNvAysdBjDc3SM{mI;vse^CIEHZ{mAof`ArIW_0lTS>3fa<0N^aoXQn@p$7K4j&P+
z^fuBMeNEyHcw_c9^c%2N0uHVRd`85O3^=t%{FCxCw{5B)aP|l8a_Q+{EKMMk(QyK$
zRe7c9f=N_GfxjEpi>{0aVx(qY%8u?RSv(RcNGlg7AGB)u71gFewj|O!f3_3^(Ow3*
zEJnmpA^Q^5NpczV;#66yFjh?FRrGdmMNQ1hb@){U(1sh9qu4AN2)NP~ie}A=TkR|x
zYDl%LS7dQ0Z-eQ0g>4qFUG0FSDBjj+`&zgAS-Q8x<~ApK`d8SiaVRYZZZEg|$$8jf
zI2c(T{05HpaoMYFXVB9uS==uISOw!nn=trkY<Jlk^cVm|_}@rz3TM2=No-Giw~jO#
zo5ay4K&G3K{uP_Kyyng*mkW%G`FB&{$$Hd9gmMEkGjmJLu#e+(-N;RbzV?wJx5H_%
z{5e9+9475vF6P=!LT<dA_8BcxCCzeBr&O~b>97Y2>#b<si8l{i+HO?Up=Xz!brxD?
z*zMEJ==NVebF;qRV;-=O_fgv}md(|SEL%4Y^bXGg(n~~dEPx)u_lD-_>ns=c2p|3D
zaC5$w9FnvbaD~J8TF3S-fw$l0{(AU2H#o*W{Ebst|6Q(y1I=ti8Ie-#bkL#0j;hjM
zrQPqe9LjE1tbl%cKJX<F+WLVH4HhJIL{q_y`C*?WiCD~6TkGzoS%**Mak{_Y`S;0~
zyX>G`S$5DrEW7WEPn{4GYmxL4PU<>%?r+={(~8YF2B6U$+1)Xb))}!k8q-4Mx#9DV
z{+fvlJ64XoYJk)U+^slmp0u3Fz14I^WE<?GklodwM?@9|=({{qm(hMYw0N*T?*8kB
z{<YmOBYU{L&1S<)0ck?1Cz@`2g|qNQU1r2O=?g{CFUpLky6e$kzz)N$E)4L|1B&zg
z4H;tUZAOk!W^UPy;@U|=?q;~*XCqRzARGB3rkGljJvAIWk*FPPqdd0p%o^N`UW8Hu
zGnT{jpluUQ@o?zj6RAXucHlMJLcj*2YD&XFBLnzu>ZQoxxbG^lBBH5Yi}#u8`%DNS
z&Ui8ay>&t-^v(QFM8Imd6$q2XJR{<orL;chH3;p0&{6a!wz`nGRpp3uio!C)nm05g
zUBEc0cHuhwa@8K>^-?BEP<8hJ982IM#6_;pi176L=w@-Bye1qTDpbZHzGvfm455DO
z1ycIYhd+>DvTQpIiy?7@x=5+j4Xpjv#bT%tijgof&?wUOscwh0;FeOew_5M7W**Sj
zEUJm0(MTldOL%t$1&Zy<_$RV6BmWDBCzLVtvJ)-qZJBM7kwUGfx|v1_#@NBph#rXW
z+4{vcuynT4OAjxc?6>6XXA7G?NIHxVCD#0sn()dQa5Na0a76fKK=<0iI#?-Xgrc%>
zeR3CKNY8E73_eXYFn-cH5b%ChyRk{Icg_(B69xj+e2y|MUy67}Ky>)VJKZn^5l&G&
z5Z|rnx%+EWN~jbq?4p*(r|A)~qz!~?RAT!{r<;3j>0m~&pi(IpzfVs0SMv`~q*vGd
zd?3U62E>44uB}bUu)fB#9xu7;%nI->E@6Il%V85wp@e!no<pL?hMv-dIjOj0WJfo!
zF|m)qL`M8f<U<r&MYIzvHbYz+-lXPs%2JJ(BF_D-cMoGb+Nc4JKN`7C<naK+eR-))
z^C`lOp-e{8m|e2W5MtSxbG6~%*&;vp)f)`(<CN;+Y}ZEF>L=c09S^C^_?EbxdyJBz
zT$t2tg1I&eE!pxJ0{*<<7t4z$6@u>RV&^XQunaWca~(owBnX+Lr{C}Fj!0B=R^aQ)
zdRUolwVs+d(eTUtpiXspA!S*X^{s}kMc?9m333+*uMA<mr5fojJOrZqcl4l~*kU)c
z$;Mkj`vIOVO#<IiKpm#;Qb0e1B04@eqY->6nA45}jqU93t0h{HwTP&&xz>qiK4W$X
zb{_nV*E0v`jr?<SR7Knhj2O3f#$+#RRUh+}jlfz|)3jj6As_)cZhm6iizO+lO5TIl
z&^k4?Bh>`3za1`^w5_Tq<lsMDe1l!y-?0feUMX7hw4v*T#@^K_DVz-CVBO+Kpuw!j
zz{jBZR5?62FnbA2C9C()0{^TNSFcsowofgSqv^=A9fx`lM;V=smOV77ezjy3yl<oE
zW<t6mhLSDA_FC<)CosbZZT~V4#mahP23kTCj?^UU0Io?dobYaRLEPKkOwxn(1rZ(#
z0DSb^ENizS_H#P%I;lm)ofGU_lTxo3I&6!mwvV<zY<6-r%zYr1mYTb0{`J%%xia1E
z)sYt5LaI_n_WxNl&_pv}1|3?BuqA^7CK{5Eqnf(a#vVXCKex*bFWM-;6-k%gQsw*`
z|LD;$;e)M1s8yFMb#J$4fpRHSCItw6Oa_XPSSF2MRY<3}&m9bvT#xx(+LX)OGK;HN
zoc^<F8cO^gvl97cu#f7uk)JIE6}m)W`$sp7`ope)hIvLAY`1>9r!oq9{tB5ysXr`-
z!`SD;j_C3u6X~08L@iwsifY6Gwn&V=Zg11DGzH*`WIt2#FbeIXl1&RH)`9?9%=67T
zAY*xv(jQt$wt;TgqZF7Wz=6;X3tayx!ubNMxQ+G2i3idwHJ}2v+}RIimv&+RW`@JR
zYrZlp3?KdN;H#Td1>J!>=o|HcQFK=r?JwPf?GK!-ob=6VcyX!)zl*WWYk}Icg0J)_
zpSyIct*jD>9hU-+IFAiQxjs5Xd5XxO4V^~9)=qO~LF0}NKQrk!Lh-{HBr(7_!}=h1
z?A7R`<_=h3V&od*rca6b<miY<DNhgq7^-7>@V3=(3>1Ggvd_3us32F_NY*LNhWl&`
zc5_{_5HtXJ4MeK@<ydn)jk|K37eP}g&zVhM@Dzcuu+))`&|)aqQ|Y6wa8~N8jBScL
zvW6)(n6MzdECiJgr>aJ7VtQydK2><3+O4^U<SrqP!$4HU?&5UV+(>z_9bPh}J*}wa
zUZ$Vw{?jnB)!mW8MfMz3I8u}>;P#Z#F&U^fE5b{@kwKbM$$;JC{s*&)!8O%r{Bq2`
z!Qk7MfPs*=2|sU!IxUJuE_(R1D9LR|xfe>N+)&zT&oaNfLNFx1W3`|B<%m{X;g*2R
z-y?J7IB}QW!{nQ9rUfgN+8Qlg$vfyIyEUfB#-z=Oa88oV@X)kswjEi;6OaJ8MnSH;
zSJZiiOGb2Agv!3lT6RZE;cr7$sJc?BNZ~SjgUW|f42Qj4C`vHGFXm<v6TdbX^>71p
zSWnh?7eh^j+cH{Y%t?KF#~|Nz$B}e(-nr%Ij!+!&CV^t-{(r~K4<)42VFBn*$<4L<
z7o``*pDFbVf;v&zFu7SFkn{%W^m2H2DfB(-K_<z*Q4c|h>iXyq5_QHrIlF_8D%q&>
zigX5GKj^2#U5}iXrf_dTZKCxF7ckFi!d794cSkhTjnNl@O#n_0U6+++Apkj4*_U8{
z8qsAhPX`E<T3wG2-_Hpnb&U7W>HvAwis~;**I|YHq4G>amM6~0vSI*+69Z>!>GHA&
z{)cT;W3)U0$kYhHB-)%SDF7U;&`UtF8<6}-mbC}eFthdAHrIO<Ed*>tP%FK#wG@al
zkVDYQAWSBueRTW}Ic)t=iTe0x?w>3cKnOr{g{{R$FKcVGj5qU$ZEk3Hxx)ECjI0($
zr$7yT3P82F>qDH$f9Gpt9<`$5)x}&7sdVaS;;{XJQ?wlG1^Vll1NMsDhDys-QZ5F}
z|CX*!8-0lE_bZ6-*uoZU%({PN$kTTd`4=nNGAUr`X7fmn<1VA;hzeL<0tFe1JB+nl
z<jS>cCo^O|OOwQwVUp0rhCyrwV;MNgR7;6PjbOU#6C!PUG+$7fEO*qQw{x%)kC?Pp
z&>^c&h|`W?#}_bpzg@UOcCNN1zol^41WKltYnPR>Zgx6pzog%<S?34S;4D?uk#&O*
zB^{2ZQ!R~oe}xbA;x(y<i(5a*iHw_y`xIwVoQh-Q)IDMFLOgJR>T9=~P0+>lhDN36
z0UUTe-EA@Hs$sA6{e4A?D;%R${hhFNi1v=!!FA2ixT9zygmA#ww19GXiDPW%I$po<
zGn-gJ)y|t5X|goZpVAw#$=v-kn;saF5`u_GM*s9%zq58`vt}`rwRI+T<4G1_W`5cB
zPLu`W3o0N1ib146s-f(LKq=x_T+iN}(3>dzN<s8cAj^9Fyng{t)}~r+mUm=C$TX6a
z`XNT#GCqKzv;Q<sd|zhs@=g#xwf6uqth?b2bo5N;I_hjJ7}J#XuTe_|3wV)qpk!hA
z;=Xe8CJ=U!(*;hVij;bMD8F^(amkmldA|t*`K+X30coPKu@1kbPa(`u+c64{i>E*L
zCmbL~p{K7C!}?<h(Kq@xWENX3-+DOLkgcOFu-udE*Im%X_FNj)Z|*I>o+U;G8%T(|
zABq(T&5BVo43Qo2`z!;8=LB1Lm=23u$q<Fc!W360L^O7cM;~RSh~qP!_H5bnAQ)40
zR$Tq|AodRKi0eq}lcO^j0aJbKRt{CJQO5tNQzjkqJlwZqn%W~=f;=L}y>LVRY}YpG
zcx)OiIDmODwhyQDb^S$HcR5kAxSf3-D;A!TorVa`20~;(#gGccrfk%DRDUVuRR2bN
zst?UDMzmL)tKEy^y?5rzvYLD`+!$nJB_}bQtH03=n|7~8dz^PX;;M;b#+-&Mhc<&+
zP+E^kz|JtNAu_B$ZUy@vbn3c;Q-mB+N_N3}PkpMQT1EafuZ!6AkOlaM7)an{d4o9|
zdPgRg#QBS?)D=ecG3M!n<NtA7r0>)3MO-jc2!A@aC=O8Lo+6j9T2uih;arIuhH@Kf
zC{?JJO%dw2^=J0|Fmj7SD80uQNAkcmM5rY;_PaVjuVSs%Z@&MklZ1{q6ha;N$B}6<
zKafy@IgUDQNU<PB(T_*AeOGIh(|)(I6XF8I&#HhT1Pt1}DwTV5jg4FBmp0E*Q;P;$
zih5{=LaRL7LTkFPcsY~3z1QNfqfmvHz&7-zGY2KRVVA1qA&@ojimJzKja|{*Nv^?&
zp_GEyM`DF6lgIJqOv%AZOB`Ed(CQs;M_i|nN4LiwsebcP<l)%hybz^R0*dhh9(e%N
z`eJo$)*?xBk&PN^*`L>smCQ<3>a?2If{iScEL1bDq8LvH8r5C>oR!l37d42$8QV<J
zf(Ng83Bg?t0+&(1m@(A$#imNy^4<CK5*B7Ke-NP>jHl=g?5F7O9$S0P${k-&@|6c_
zQgw!Pb}<=2k2QMS{@vtx$gA#}Z~-VTG@`llpjK!A)BnejBR}=D27_QW{XK#w;D4bc
zR7D25j-mbzf?ZG*Quz^^*Bvdwz?`DSRy%;>r7#2Da%hLg85PZVkPPu?<I!qOAPjz|
zc_@W@3^-=ep>z7wHa30J1lKXT@Z1IWmo|OO&&3QU<DVR}2*EuiuvFy_xIK0FgWDoH
zOaf<}r}!KB{FB&tXh<geN$~<mn!w4R6$GAl-tq>TT9qs(%&{Z`E6WYos1%Y+h2#Di
zHn#9M&X%U*p8yO;>2E1@O*Q!-XyU*`+`<~=BHAO$QECc4qN})5aoBnL4NdQ<A5@Xe
zAE>y009Lv__Gq1nO4MA8A<(et{^y-NRvo;+BeYL$&t}kz9@2%KF?H0(jeO820H;J$
zejlbT)n&CPo5#<KU0@m=WZ4~_=cnitras>c{zQ7b8siR^{QNUpIfHAcbepH%{3{J9
z%h`JqH;6!8qR;zI@PG(clVO9dRc-lJ?6L<L+(BE2_*QH?63=?EYNBGP!=m-yuO^%|
z=zZ%u0X_MiD-=2)fwj;s^znio0@+aR_C&WUzi$_2XGmR`(%4lZc?EF4X{rmz5!zJV
zb8iAJ;CAnwlCC?|bx9d@ITz<u4z3%#CspQMoMf`E;)v#9thOv`-V7i8*J}8M!bfDZ
z4zU^h<V{GyTqbMg@PyC%7#HhmV;71O${)(-R!C~i3NoUAN|jRlKQ6@*V)GmSCcA4n
z3QaxLQPY^m_RiaF3F3rywfjeUx&O=-twt+mab8K&KREH#ExwZ;AO*t!z@o6v=l@g>
zwJzXn8ao)dc&YKAH+YF9nF1j|j?QoCVM9=dAM+b@eI3ap>Xjp5gc;92rUJmESjw&N
zXv>Za5I?b>#E^tuYzN=c!|Up<CGG<?R5gnFU+TBQs5=++JF$LIy_j#u+AVGTUH@RD
z=Oc}`)bG3SUbC$u*`9@|n4v(BYHJebu<nLgkAPIy$f8XiVD?ekFLSxi@eY2im$HI|
z5J5J-p5<<?Mt490B`WJP*vk)kC{NzA?@c=m!_JfWq`J-k#H+5x^eT;N<QP2xT<9KW
z1A7bvMIak%r(rlzpTA7apjw3^#X@mEIOj<B+D0;HlKMmG9$Jy~)E)}06po%YT{s$}
z?D$qU;M;d*+hjbeVKmdO;L#3IlMIxeob5`wfGYg<Pjw5%$2|ZC5{>7_R|NhgFKVS+
zc&p<A^|+&?eImAV1*H`$9iH5_7y?i`kETkKQZs1V*#*7-4CyMSj|!UB`QIOiN{xE?
za4>fS;3N+IZbj7pV8&$tnCi(3+R5fnW3)Pefnp%R>z730!U1^Ir36UalU0Vmg!20e
z5%IAzoet=~UC|m-QvYLGe9J~ON2j#=13C3!<cTwKtR4Vbk@!R0e~d<m0I*5rmQ=th
z8?e&-zxVzzSCr&$Lkps6%CO1T3H#wf#EW<r)R@m7{U?_9Bh2BaCxMYMnz=vNG%S+z
z+)NMJX^MXpXh2$pc^Tzw=eSRbS6cNioG5OuwTh|cfR{lQ2pC3vUtx0#P#zzG&~&YE
z{5@tHFkG+{J?e?6I^iYH;|2W0t{Z_`gFOLg48KMpZSP>C<Yv67d(rYR$raJA!{X#$
zbd~8v1YUB!Uy1$TS2;!ROKI2Hm2&5S3y6mi5YPEam!;O>Jn!$oS=n@W5!>|Q*fZjt
zYJ;S?Ma?NXWcO*Bu`nk97tuj$5B?bj&-RbVh#uqcgD?l(y6s(aY2#*XB^@8A=8h)-
zYuLdWs`|2<=AHNL9mxx))P68G4#SXIoPh=@9U^uHz_vGQHcJ+m!<YX!kaDyDX;%zn
z-dd50MFd&7K8b~91RG150<N16W8BMR%6av8v&G=zeHgjRSflk4U@cv!3jK1S_2)S^
z=@yi#Dy0~F#H@?v5ZzGo>UDayHN1U2SF1YJ-E^r@AT~fKNEq8$MGatrTLVDsRg?(%
zU`r=)SDL-BL)gk0*3I|%KBFJnMQUGx{q`g5C;1yV_Zwzwt}n;~#w6N7Ka4KS*^FmB
z^UwK%r9lD{4p$=N%spHC?#{D(0ZC|y$g#zajV>qv*##W*!i<FDNPw^zHT9Q~d{&kI
ze42r>vz!YwUigE(#ep2JL^!2Dj=1*zvV5OapFj9LAINdi7_Iug{RAoHv#Z0GO!}D^
z5w^!da2xDd7*}HioPOem(E`%GqptOJU8$}9?jw}XxrTWUYG9Fbp&hQJ4PexKw%qdD
zYYU6y+i>QGen8Y@?#kM1x^_>Y_{m?VB6$Z|RxTSuEjaAUN}T$ITG5VybYd1kG%wsl
z9SOz6#Mamjf3VcUnbi<lUH@*FA6R_dWr<!ty{y{2beMfv_jR~8rvCfD?llwOmXUYW
zk$0_HJMIo9+M#p^vc4IVdw&qOIl!r;ebqd2%fL2c*B;2Gf9A=eo+>#siGjzT`Z_-I
zuqOFJ&DwNLPrJCi2yrULpz>dX`pn(%@;_POBMcw>$k&k5<N~5o=5C?=vX%?h375|4
zph;xSSWwR_ZCjjzd@8ts_=(C+(35Xi`iE$!`}nKQEx-s^E68kB7PT@s(=gvpjh&LY
z8xh*<nu87P*4#Cw7P~QHo}eR1W{;QH{2I?`*v!;zY_1*aUW)7blS5JkZw-bii|^_}
z-o|}nFp)qFSPtLrHE1vrqt7_L|MkC+x$&F*cSAR@?r<5)vsvx&YP!RZN+KH=Ux41|
z!`;DcZ($d~U}1w1wqzBpcO|er6aht9C0e}A&F)+dYT9_5ra7zx%n%8d6!$9S_PWv0
z7Ub}j;aubVZJ?73GhA{q+#9+|1OSb)A;0Uv><&+-jD?Vu1<KR<M%Tv&OEibAGPiCu
znZm+{Y4o00`1Lg{7xp+V*$E%6#EE7WTW>zI<{oFwDTvMuaE=!A={NClk4DInd;->G
zO838XQ?0scoCUfn+!Z2?9&;+T*xmqujTUSP{9FEyYeQ%8bfd^w?hwPxUBpqSKkNxy
zSGZl!@AZ!dUN{Nu)M7JY@R5Rw#sli9Zk?4s=X?GByI9>I4F93a=z6P1p7|}kz_=bE
z{kfPVAkcNyWN+OGBRZ83_HCsG+boB#0tkDX#AX@wc%`n?r4Y`P<ZdDdKR}&~Bu3T$
z)mw4YQ1Zl*ZUO&DV$NbW)dqK9-d`TA4<St4>@kuUju#T<_>#K<@J9f@1?N!1Egp;z
zXBMerZqyNT0i_&!#Pa*d_+l*cV(VvN#w*l6j}KE)pLpn#ZF^?Wa<M)5cUC~$ULtE>
z4c<1Dnf%Iq>~VFzhoN(C^B0B9r|d=8RE{y~94sxBUz%}F_lRYxCSE@8F#6)Y)=wY#
zYT`(SaU|&R3j_dtr#rH!W{t<aJG}*(vXfjqA|emN$_`T!0513AgXmt60bYr!A?)_w
zKmwqXBAy1J*EQ7<!}BM?0a{VppW1U$bMOb4#|Go;xgJniz#Y42_x)ErO3eJJg+~Z(
zbKe;vicH`v9?<=(U8DpN;2gltFe?c_3853AOu(}(G?>y5Kx`Aw6GpPrDHR<rsA^0w
z7IBzrb<hy>CglPC)pu(+^Md?gQ_MxGapR9?Xr<Vm<!D}NkYH-3^~@hzOjlQ?@LM87
z3IA5(d(@(8q@pT68ln>6Oj@i76euvBjpfV5P!^9gig87FT1!t}kLZTp@{sTHMlELn
zl8HS5ISRy10<|i8!^}@bf*%W}hqMK2R~`gE&Fwth_`2~fNT*YQ8j;7Jo-?#8^Pr7`
z{psUe&G`@EAt3Jl7V&2bJn4A2UDz$Trt`*ehd}<>qsx$>^RtI^Fi3n2)p@D(IPg`M
zNKG=f6ZnYh6t|xV41g9cnY3u~XYLO+bQ**QDG11Q4ORNZ0KtpD2EE<ZBOISaMIXyZ
zEa^;tUg76%6sc^UlDT*am0mml<d31X$4@veni{a#?^Y8=z|Wv?6tYi8oja(Sz`|S&
zJgS=Nb^#+xmBkfCF#xA)`yn8X&{Y=Le9>)TM<&(MLOK;NlIStq=qf(}gU%ZF6Z^7?
zi~1kWVMBZXW^3U7_L~CGBKr@ZR@cj>3C<pEz_<kJ7-mLA14TIPWen6K+YHF==Oa5e
zfgyC@a}^fo64sR-##jyDu~aAAarD=xkElUgr-JH$NIwY=qMAnjrKr8M@xN&L@_?k$
zsQt<<bD`BG7p9z2vqG~HH<-!NN|VZR$py(Vr!;ZN1!YM~opPH>({iCQwbER&as^aU
z3l}U)+!2+~Pytcd;m3U6_xq2_a=G`t=Y8LE&htFyY*I!~@AX=vRHR>(++Tl&Zlb<q
zhYn(kv1i-4l!oc#s6Djn_|D5*|E4<<F%D5ENgrZ7sZ;ex_1P_eL&aGxm4R6<LJg^v
zxzhAZQq|<s@(uf?y}VSP_TAjD^;7Q{2m^-<kt!@hzqprg=c_TCmdy+CS4OYuzzpYU
zc2r?KX{CS)4&=~-Vd;|ykP;2AI4gMg9G?>i)*4WTGLvpxTi<(vuEXgC9Y=G#kRw3d
zyI$ZR+vyChZQ|Lhhuu3b*6meVN1D#`(!HskkQ${qiSI{m_91^rUQt@3x{Jaro}pK`
zq+Ea|xm!I%kN8Gdxz2K$1Ofcn<sM~Wtmb$G6m%EV;lqHJ`-XvW`M1jvhZ1$#bf?gz
z0^XP7-5+RNrT-Ts)J8ACW@WaEug?k`lwg-3lhkuqx=lW#JadE#Nvo9$5EdvsCf$xr
zP8ruV96LReOQ_jJo!(rm(5eTep<VD7bc<ekblvYP28DaX*JwB;j)AGmkCw}O!vY-A
z1ZgG*wKJD{l_peaByOnJa_{`6j25i`R^+3F_vm3AYFrl~qzADlK)ax0SJW=!&gds9
z5^GLSh703l(^hOmAN3n#Hi|$>kwt?y=Nwsmk$h#rmCWPbERzaG(x9Di^y-yHm7ncT
zCy?@_8#VBCvRT~*Dz0~iwS~L;zelr%Fe_9C-kEfFpnXXW))M}P-VE84++LYAE6AjR
z;~qxSQu+}^q%4wh1yL^#2RM?CmPu{f5^N0OJ*Q>WsvKV1&ht>C$$+k|Zi%T<oS{yC
zHf884gQ|bWU-_LD6i|O_8xpf?F)kC#4!rsuZuX3LtmXLqz-;+yCqy;!#T3R>rn2c5
z-Ng<b{rW2&S<kusp&4@Bm*W3lSa-dR7Lz`s)-5?&5KJ<~_O!_fFB^&1{*cM$$1LM*
z#eCy+g!R4-d*rR%2IryrlN$GXv*iK3;?em_m2}75a^%+Y^j(v)_d&%s+NifNM-KLZ
z-Hm23N=Bt+%dY!$BN?iMPsw{Rki<4v3se7I`)8x)g{eEV*S~YR;PFpmr}S*4aL6;c
z=PjLGUfBX3uzO15F^E~*<KS#~9;!R}dzT<vj!wtOt`DI6N4SbNx5cEdCKnHS_xUTS
zYRs-;R+n9t*h=*~J-eoUM#U9p+9f|>6K0%eCskbfL#BEQX*Hm{iCyc5{`=~=?nIi#
zcl|l%#=ZAhMjX=R8GBgCPznEd*DD3(w)pY<vd>~<Tdi+8>wr%u$labJ38a~CTr(Mr
z^IpVNG|Hn(&4}oav6HwjuSf}h$RzW67Bx0g2{p=wXCI=@TC$qrTJ}C8I=6V<e}^m^
zy1EE0o;7CeER)x&{DLuv?_RxFtZI?swn^N$ab1k4oU13)%<(=G<-Wwd)KiFKO`COV
z7w4S1;_l~H&Bbh$4re^iEUB&%J_2M0&dl}SAIBsPlzSe(Tnzv5g}#&8Jn=;g@$fRP
zN*u{3*l$02h35tQY4N!B=N!1p<vuNdF-L%)uS6FC+yfWpB7oScM3*>@=y!hTPLDUA
zq<bR)!cQFUnddit1g~iYN;JFCZ#NsYj~@WDX0L?=ZK?FhxjEJ4py*bzx>_?!u&3Yt
za)#Z7`efe>QY`_71wOzz4M4u|V!5ih1y(`m96Vbt1?PrsTHKtxyN8;8`0&4=%=V$f
z>xc2dpS+GNs@PsaV>UHhYV+fL_@yx8<v+_QSkGl+$vq^j{QDOw$-$(Sl-vnoxRU8L
zvZyl1b5G~&Sw|yzMULQ@f;sE_Td?BR3cEI3u@06f%(QKD8W?Fm_&|E2E9QhU$|9=B
zYsTW7Nj~f==??IPCV2UPTa6@oHVL)0cw?APR1G^izpXYi&C04L-o%K#wg?8R)T9|g
zXs<hky&<ihPE+hISXEbi;CupRzJ>1GF<bVC&Wl+}0J3=QcXK;gS+nJjYTWn{zAM`~
zEB9Qb6DksS=p`qNcEcsKAMe(yUkY5e*9!;87|<c`=PV4WXdZS1;(py~lgl)wQh`O}
zQVP|9X|SdlC+-24o~g_Jx{PBd;=K>~Dgq><5Lp}n6k9CAZSzdwGq&S-&Nsgc-ap6f
zk_3Y<eW)68zG2dPo@Hht$oMYm{vh8ixuAhik{9Kdid*nOVT({%ko`vt-dBLT)^V!9
zL9lU-Xh|N?*gkwO8g9;&=hQ=Ey|W|-v64d$p(WG2Z(lgVg<EYswwe$v+pO72<&8BQ
z^=MP}V|};{W-@JL?bSs)(B#)uv<qG!#r;lv_?`Dn9!&tv&cdO%mYl|1T%1D?4z31I
z3&|rT7_fE(=2m$681^)36u-$4<S15n#C`w!xIBBt6_h%A^wx@wo?xU<&zNnCoy@85
z{82|skGn()5V+r%?7hUYbp{>2z_OxAHh0IqFlVrTH9ufu4lL3vFcr^{_Xs-0vtEj_
zk=CjtmO;`e3wGqykkO(GddrR*T&I@wdU%$n7bWmg?-$!}N54(`hX+X5*HoBN=JYtq
zatZ6#n~2k#v@X1o+f>VXi@)#54<tjQeRu?W@SP;m?J7pn$aGSv8<`PxaANp2i>Z?(
zzz<I96#bVbA%<s(E74=I{rXHG<A)E5jqJvnd)SNw@N7l^%AuyM7<SV?qqYTY1`&C4
z>#U6-=sU0&MfwFQxC}yD1GR7vM_MkqC;%;+j-fb)-G=;gw>s~w5k!{8iH{!XL`J{6
zsA3Ll{c)yb=6a*&IhGS{BT=1x+xDMv!gkVX)!!JFlf~cf&6!FnqvwANV}^KS)n9o%
zfye`j&9$`)Z%JCoJ4QOEW%pqn+D*CxO~Zzj+i7dTDv9P1x{gzcF%sGr1I}kf6wb|y
zbEynVlkICcbgYDbw11GzuP=53W#qG02-Pj!{HEJUlcjmBH6I%SRLan6|8o=`8339{
z^=x=@)v>D}c>Tka_74V_Cb$MI{M_<5$*WF28ChMsgceslf-B-yjB-6`HZ@}Iemqb2
z4YMsWvl6JO1X)!Z5U<%>rDIoiJ<LQZ7#>OF-So`KKq?fUlR3gyZ;nMIzuLQ3bz4^c
zW{ZwZ&(Bz#*syTu^sfBh@BXpZ(q)V4pPNtL`^}*Ilv<YBON;KDkxg4(?Cnn7^wHw+
z=Dp7~@6QYFU=D>kH{d<gomp*k$ue{xu8BZv5RZiyjHWP?coHu#UD^toodCFLMWz~w
z>w^Sd%hXbY<dQ{*MD;1&Y2ZC(oNPT-|L9vOq!zh)5PksDZI-0omy&r>vCO$HsI~NY
zInUXzV91w!x>tzs?iC98rNlLg^bH$!g?>p{o<L9O7F&fRXL--$dUyByzWRiF_<}B~
zFrMgt{-Y%1MG3`n$$#)Ez484=+K=Bt<<fsRTeW{(#hcF|(4>yoE@jJNiSPVw%ulFz
zmTUMYsx2k5X_wvsY#HuH_f+HD0ZGBqMls1wpfxroQLlZ6`};1a?X8I&{2m?r2d;^0
z^f8>h%*n3dnf&6JPN-!v00HK*(SB#_!RX)JteCtP;ftT*yz~=8?qcBOK$=xqzC>fk
zKd~CcYAg%pXc|^$Nfr&1v@v3*we;jAm^{f>Va=VJ<D;~$KZ~hPJ3rP{#W-IZC|av&
z6r5|O$Y0w)zUZbB)Q0*{Ew;1TrmY=8K7A-?Q+Tk*&TF`K3QIA|g?~}p^`o~u4k|r!
z6(6#0<ATuZOSfW}*KHpD3wvuX{-7|h_FcU<vM82;i2^7=cku`dgLB%`^rt;=z?r;m
zVG)x2zmLY*sPnh6x2A1R;+x#B0}S0Rn(oIlqBa%p6~|`G!@O$hAPP?fCF#1%B&d6(
z#wrAbneu5@)J*G^%Ld*PFTbL%)oCmOG#=MGds^^d7HkFTQ?u&uF6O@(*IC+sjxNWZ
za$LGF*4y`J+tN~8b8;9{qSn`&;V?q$AEjUih3_#P{);N{@m9_RMo3itJNVe`$R@wJ
zT2VRdu|Q=X#(sU9{>c&c_p_mdBaoZ$7#+#KIg{=%WTIwU01EPb_hcR6Go0^^KZpeE
zlWDGwP0&qTNjcu)#v48DQXO8Pj*->kluh00Q^m#gKMx`Bk@5DJ8imSg0-2_@e%XL-
zsr(36mRM?2*U-ObP>a40I>f?g&lq^`ogAfzZ2&SOaAq{o;BY8jycxZn_-qkwMGuB%
zh<~Xk!!2{8=Q-`0Rt_yjviO?P-SU@nicNf}PvJkvivS6vXN#~HzkaX>{Cc<_oAbgM
zx+U`<vfd1RIm+r_>K?nXgIk^UgE6=JebmRQ9Y0^w=s0j^)Q$Wk71qu|3~nu|x87D`
z`~r<j6(72@O*X2(o*?L5f1SqJK2jv^23Ytf;pA^Skt;ULKE4+;_q9gEACN=SdQC20
zNEdF)F>@h8E$Lg_0(SP%Y#;Z&Q9i42FLoa~Ou|!qrLSMdis<2;V^}F`3w_@U)5cEf
z69BYhDNA8CXgg90SONRwxqmEjx?#oqCaowgL)gf$Cl_$DMS#i+x%;Bj0@TP|ZKV`&
zX=PT}EN4Tjdf}ANE$=Jx*8?qJDyXwcV|<O<jC)gEpmsL7Xsuz>QW5B9Nr2mjxQ6@q
zxFKur>VlNVZl>J{rhPjW{t{Vfzq4eU^>X;whj=Nv20y3-k96v2ry6Q@Wv)c>yrzsO
zzCk$AmyniM1@`bDts?T{x@-&DiLdk(r|Z62LF(jBZJ!NS=!fV}9#`th{z|m0wmUDv
z8nz&m3wJJDJl44xjCtmKSiQqP`1^0IL5C1VBc@Z+Vc3scFI~L+1pZL>TE>04Fy<~N
zwhNz0+zC1Svz5B0CL@N_5#U8{z9;zKmfsO#w`pIL(q9-&VYO%`QHP5GW*M<?mB*P^
z6*^(vBY8a~3Tq;11$v@5EcjEDV~wRx&P8I6?4_U?2g&0dRx(g-N4w;c^zTFpEzkkH
z+CS~k>cr_Dq!MzbG0amTG~`~nKQ|DHeMB|dJ88ZJ>NP_+JX45<?p*jq|0H|<pxV67
zYH=eF*w6VgJ;cicMBV|m5871Q)tM}+WwawgCVCY$7bD*i&N<hlq0GRf-1At)J<#@_
zS#?7qC%`AWKckKmYjRr7h%lx}HPaWHc0*pjq-RGa4qMl-GV+({D!F7Rq91XbiTJhz
zDpTk`fTbbg?L)=EiBGn3VB6f>?NrzA|7_D7ng%CcHfEh0+1r7zN;I0aR_gO2z<{Z$
zEFZ6&ZPs_u<QJ2&?gVqEYs1&Okmv@6QzEF(T$af_=4&yNZo#8%4KvcdYI@g#kFX;;
zbHft1{){di*$gc!$?f1rhRB-FHJAQ2aLR6|w%W0=V<&jqz}<w7^lF!oXZlmRl^w>3
zJcH!Pm1a_Atxbdo)MLjJ7kq^tY?oqcK#_;x2beaS1CQ*!W?Qo*j~9v-)r}rnj@W27
zNlDg<O3v%Ymwjs6*5mtt?zp$qDTwT|td~3$zjN)t(Z43Jnz*|fc|7#-XsR7AV_fn(
z>T|peQ?7T-b(9}u>Zr2XEA?oxE=O139g1XOc_q12K7NDpM$NRl^q&h`HRkPzh5ixn
zmovca&*+Q2{lu|Fvdb=9<ZZc$@W9j!PVAH|JMJJg8DT!6qI;Lj*pW3}kjD$3DN(CZ
zDD}i`Rg`(8X|R07dMUnU8pYk4`1)PYcQ=x2on?g1xaC66v+%s0zkWVv9E}Y;-gb+$
z+Mm|TfC$Yb(%HIAl9!aa-P-9U;M|0aJJTLujl*fZ2yALHD(nEW4fYyuDfr4*hwSqh
ztu@|7>*`isFBL(*nrPbgN3)!;X;PV^TkHX0&e+5^??oKVN(%|z?r~=}c%w|Hj@H-f
zJT10St02GTnkK@FR|wIRC;OMR<}BAHE!OWmgiuL^jliC<*`Kzd(zYGXNL!Z9pBoI&
z=q;1ITG4ats3|)uaEAj8G#Wbzi$k96XY*ROC_~RC14w)k!L#NXUU=l7GV>Y8bqs}$
zUbbXqpOr!W!V|*Y6Fl_~u-AMximSfq{!lYIAQ>J0v;eTmsTX{OtmzCw_2B8#PUTX}
z4w3U?U{3m;5I-2g(}8aphywop2hIp>5?r}qDEE1>Vcl<Oa`y{Z_-*9g;!T_s-dr+p
z^<U(_4{@%y<%YuL)C7&fsXV?;M=rxgXms$%(sVi0b^=u*5;VQ5ubp=4xHD*5%HM5l
zo5DHL?z0Q4@hB2x1l);+Sx4;U^m<$c#%1*HA9QSv=-Uxt+eILGOUd$w86-KMhezPL
z$@<feqnBl@2BHN|Tce|>+meL5)IH?FRq_43+egP>Z+FpgB1BC33*D6|U%3u!4ia65
z<CYd0fGa~ph@`<bg2UvhR__^WrI=7SUHOUWE50?W909lUUOdjHd6qOz2dVl(@Un9J
zir5JbCa*x%GJ`dpw&3oBc~Px`%Ph-jP}mn`Q(yL=UAx_><~iQKzJmLoL>>c~xt~N7
z7Ut0K+SxPf#FwW>@dkAJI`wKTGp}a+(;J)}C-P*SZ#Rk`akJAFHdfd%jrSTLDOA*<
z-9O1E3X6UXe0aU?FqcbKE6{vQeF>?%ULhgA99~+E&;p!0XavIl6?^-cUr&WKfU_%r
zk%8Zwl+VLVLKlH}$sMfN-85_r_aw@8!e)v<nzISG7iOTbBaiQ2aRghM3MW70ttY<G
zs@0oyH-cr$aSo+NPANXGbDQP7p;Gx6%v3(+r91)AhwR8WAx!-niTVtF2;qcT%ARZn
zZWqZbC5?f%nGZ5ZE2039td|KLN~Cu<d?IWQ(jo_IB-&;@4M;*kF04pSUeCpU&F!S0
zRE|rYuetjtk>@~_>kRs*Ey*4<p=s8(j_PD7rAG-J%~7vM6;VOLLqDe6?pjLjfi|sj
z$O#)vb*%}OtoRPj^Ma(Xd;F`K+McmtAqG$Uj(h5%&()c-TCGQb%iAQ6H>dGtT7CdC
zw0>@W8aEW+HnIQj;S^<1)qSbshTpPmZ34OoLJ8SWRPlA(&rS}b-a{bgqp%g9Y>PK?
zE)EnlQxcPakCny0ZHNx-L08+Z&xUgq`(~|tRtqAOL#lxtqrsCYWVl4USWB%V%px{Q
z&%YO(XG)I-+_MX4R&1?Z<s1+;&vTwDnDWxC!J;`vZQBZXXa$x=ZO`W3Y}$oY&+VMW
z{=&bRD|j=J`y?9zJiMLxut#!r(w6_K^aw~jlb`Q&)|ZuQK1zEV6pFDU#(bG5NMVsr
z4~y<ur%HZ3pvczzRaVUz?rDY_D*zS6YY&(BS8^`GXSLF3?H{8|M9b--Imw%cii!=g
zao$oYT(yv>!d%?Q|Af&*8NlI*WzS%^XD~hV_MaCA%CE1-e*U23&}=!F;?@`I#4GM*
zp=;(8f5eP_gZ`>)g9u=<Jh<up<)LeB?I&Em?Xp}*n2~J4YT@i;4-hmj({7&!lJaAW
zQ&FK$opUf#m7PAPAU->s{QJtBkik64)2Y1HGxwdT=GR6fw;2@d^za7R8R12Q>+OZ2
ze^z!M_gRJu{>;4-)P3sl5lFh)JdA8-I#pwB)s^#TM{wJ_3OnLx-Gw(8Jl0{!$w;rm
z*)YB}_u?215?#<Sf2*}b8F^Io3C}hTi6GPUJ<%WPkHfdI$w0&9YTJQp|Ex%P5jJos
zGi(g@F@*S#V*y=y0)srP-TV}LRG_){+Y<lMg>Gmj>3a2wz*UZrOU~fX)yYXH)q22p
z-yKsM%orxAUctu$%!D4pPnbY$(1mY}CrCkgpesB$NV@F>cE#ckyNS(qO5xVYsQF9F
zTAhCv+GZzOBOOEozfF0_B?kv;M<;-{-(D-oHdEDNai_SGZMDi?+gK>t-8vz1L20`R
zr%>GK<fXnCB%bizO?~NsbJgm)A-Hl?EbgVxg<0f|c`eD0$pps_UJws`avYMgm0FE8
z+D`GF<Ym%0&PPsO=RTo^jX?bBbeDF%d0*h<YQb~u_Z|?;8wGEZs;KwZ_kO*VGl>)6
z5sH2C3^B<4J>C*oWKR*8t5oBRF5r}NAsM|v;zjcHeUfzi!Y|3=?VLlQ=tA_3tqMwW
zJTYtx_^$Yh0=*+x4iSJ9WTxYg5c%KSX%6k>9NRY)epc4_LccTjByojnSJUrQ{Ng2T
zK*G^fhc%3PTc3%l239B;S&W1jg45*BAE`IhY}GicWDR9Xt{ND*L%RF1g*1?BH~{p&
z*1{?JxCN{C8^8r1xt}<nrX}N^f#yjb^Abjj7c&3{0yO!ux{ipVx1S)qf1iCsE<$S~
zJiH4xR;qt4=RP>H5|>ug`+0IpuY+Q?@_>N)Rp0XiEBsRlg~Q+xG+hj!h|y)aAa9MO
zQtp)e)ykuR6+5WS6mU0+!)L0T`!Oa*+ajKtnE&3M7<!Jr72a@tnSIY`>;PL?E}bHf
zbvZ;*wpHYrf1!#G0~V6cSNDuds~a=AlFVtA&BV{5)=TFHKsf%Xs!Dqt<`AXGPT5`L
z!`fQ@5hd$!g|c#;i8}QpH@YvJd~%-9a0{2pEw_~0&u0do|48usOct8n29VELUnwpa
z?l{D~3x?($lUpUU^zczrcWVc$GryZ%e4Wd~#8(myyIRQK^gS9IT59@wAHH0s4JxW>
zqxy8qhR+Qx#UZvk6~$}rSh|!*gZ9?8UYycZSStozvhB(uuwI;zg?OT%uTB8JW?U5W
zK6NP=z7Jc0mo0ijC0&X2ibs;Y&A6{C1)?WH`M09@#Nc#-qVHli>ufzWM~^8$VS~D5
z9}CuQZbwH|1m+au3`h@Sh=in{&|Z=z@nh&}FMC5Xs6Z0iOfUUa36+%>^juio-7qPj
zL#XCq8b3)p>CA@7TCKUYKmCTnv9a)k%oBLoq%-r-aLQXoz1mCvS5nz=^h1^93q*~(
zH9WwI=9N#JufS;%^n6m=gDCCQ10tV+J&>$t*st8nE1-bHYYUiC(sY#;S#M+ky^Q<M
zIb64ow{N?z49>8#>_;JzcRO(`rTbV=7$S+;srXm<($2DHooOkr-zd&Tdgd(k`bfQ0
zR*mStjK_VR3H8;Lr)Z3gpzC!h0&dIqqUjy@U}o|XYU%RNgjn?3;AF6YX>y_9lxZ{!
zm<B6zTK)qM(9-`W?!0k=+B|L-UA-eAe`WEcopcj+N$Kl#MFAJlKmj5ah1=%chUYkU
z{HA1YrFYat?Gs=axm<ID#`_#vr(`;&NxkL{n^C3YQ7s%0h_OqRr4aUxwPlqCJzIdj
z6?+G9&tU6_C#wO%$V~Z~xpZsAnkedqwN7qyc_r9jpg6!W>hJ)Y45ZjcZ9{J*Y9tWe
zpsBafyF0rTOzAnSvrm4%0@l0Z@3sYH{ItNzSZ?SE?6}%mGMmREKD~u6T7}ubgU>@G
zU1-7T{y>|9pFhx2vOig(&x$a>g_=St=j0dG<}CD6p5pzA%<9{*w6B08_-W)P&5PgM
z9vs%2Qm^cI{j#X?CH@X<rBt*mzpPw+_Alj?u$OT*e<;)$b`yt{BG<ca!FyQ!-tXz|
z)U6tilOG6b5i`e!XKyO1o#=glgR=cyiXWr^`PCT{Y`b%*)BE^*CkXv;<x9gJerY`G
zP32P3=^#y`j%(cPf>B^w1kFFjFkmBoOwSh+D*Frbmq_Ih(y!O&0me%wcCz6c1VkYV
z`{FKsKI>RQUE52Gv$TH5?&~{6kum<W16V*$x|Lk>KRZ}BF|Pkw$kLdHwha<>a}(Q%
zx&=MvpEUg<@Ci>lqkc|q1#izunVl}7NVUx)Vc@^(3AGR1EZ7mT^~-t|Y|e*`;*58k
ze2?u?&%yVztiCcNBbT~T(#lH2uIdSR(<=U`<&F3>5P6f3F^uz`x+iF@#J~DpIVV?m
ziq6Tsru!7ps2s@x3?;p%C_W<Yhy1PHW&}|$aHhr$@hO}$TxT6x#|feHg6@C&Z`J#|
zd{wqMjcou0*&yK;iM1{*TGOH2q!Hde#~i1YnIVf@)m2MwTi9Zpo2lVOu@58pRMee|
zrTz2ioDRS)Mc8~v!I4tKMmGk&&PjGz%{$}6^uD^$@b4N^f$e-R-wj#}C4SnZv21m|
z25%V#Oq5=4HNn*2c{+YKawW4AAxVXPuqnHVZpnjo3c4<iC!FUQ(P?!CNspta%BENm
z=dtjV+I?9gp9M|`anS@T(MvQ1U1;ebT5B$2@35cQ<&o^}E2od%v)Xi7A+?e8N{T)7
zhoV48+~)KwkEMT$yrWL)LJ<^x?djC3Z7^*oMr~-*>~8lp(3oWyfFJTt?5%D|lbF^W
zTilr30kPh$d;1Qf-#<^%`#ogu;_8dZ0SF6<wl#exK|G#OYDhxC`EinzxU;yzc<L;{
ze3%KyTN4GKA0FdR$O@i^drW@fJNV|ZQ^WJvclN&w-#Fg+CzqDsYfit6h2_Fx?p~Dd
zyp^4Ak#GnsbY8FISW>l4hY9yh=qQ7E{#h7w*FcKaPTa>Cf32Q+YO~iUXJ-stS$fpi
zG~La>hndfd*#vKPThKSy1V?`{O@L6VxH@+<Yokayo-8N9=Wq%Kc*bt`esY9Y4sDTN
z;k4XUdBGI+9C?H{nj4QEo>au#mdk{?nvZdPlgQNuB?Hup=T1MB3ZdqnY8wk(HG&5w
zvO?Bd;-P2*h`NuGyQnkp=mX;vcl*fpDeWE8C&9qO7Y7<E0%94X)G^ubfLVWOApv0T
z&m-OE9BN|vNgP~Fe>~<Fo4UT^v|b*i(t6BCqncL)frH0957r6tANhsxrw%y>ffqL*
z&#!RqO#yV%zgYieOV=E)Zd0UiqMP&}I(&RRM@u|G>T2xxguo<w+T)I2>A-IMco*Y6
z!g@Y-R-)Z)ZXc1hLh!vs){J^MLv@93(68s9RIt6MHz)1kgfkA=PjOlkmKM3r^XX8s
z%YFJh6WGXMM|z3*zPIIi!ZES{|FL!)GX-iFI4ue^Nyt043<BPQ?qW8%`vLaZjGd@W
zmxRT~C&N+DEY@kaX%1KVqdK#8jJh@#ZAt7!SY+MSfj0`6EAuHJmGz%32Xu%4fd$Qf
z|Kve10HSGh^L;IOj<*St4G};G1>|$oalyGcUf^xH7Ojr7E270!RC=&Qnb_)3CcIiY
zPdBN%M&q#ui#M2)mBK7#h26FY&Uhucth!e});Vrpn{GNeM`@dh?kKqTYd282ydsE7
zj-!stW^D0X0<oJ|`_Yr9&v4x21rNr_Qdb0arPFAQ+Bv6h0rvRS9&`J7O{U<({BFDY
zTG0k#SKJSc@w2&hTlRNc+NbbXb)3G{q>Am0<8EXoCE630xUs??JJumhmG6LJT{>2&
zsFcoxGG$rjqSlAjdY<TSMBOW|0s!ZF%%8|!t`N4~BKI(EbSXB8T@xe92-HbAk+3WY
z0RHP)_7kdVRrA3zH*-*jO-{d0dM@Oo`&h}NRtrC@L&~>F`oopFUcL2HL0i9Q<MIoj
zRRigIe-lSjBccIs70$fgIGh7j++?B*m~VZ9y{vFP7qF<p72vMw>P6bslagcD0b*?c
zK6*%7Z)c2Lbej)0R?X=21#hV!hfN<As!2`ds(^NSa5=ya3BBr^`UAQjTDUo^-EBH|
z3of-s%_^dDa(b8b&LEA-PPge&So73a2j-8$Ew<B3TwP^W<~CsI{JPs}?}l>R9M6Jy
z%$n}RN~(!iiv8og`_{E;9gw_W%>2}K{Ph<Y^m4{OV(B<fv6NUru-hCd8zB(p>erwX
zaEO5Ygd+)dpIMjtqTs4{mP#^~a_bJ`yn#+n=XkzQ5%1(RaAQk2cA7X9mmWBseO1<a
z*-!C)jn+C$<j9-e(T#RJqYEqASL4<(SUkIOgRDz9#+Spre)gV=QZ*L5jv?W1tugZJ
z(*8*(c{nvUF0+)hahYxuj?D<m&^zr|o{T=SNdg%jNm!EjLfBu8)*(r<<H^87xxbZ4
z3`+rb@>wa#^!IqPTgg;x&TqNGbL+8>#>N*}`<1Q(Ed)kB$9>zs9{YIstk`{&6~O<9
z3A&+a77SyeKRmkCRd<Bgzz}i9S<a}V(<sl_5mVQ;5SHV~GxS7r8a!3g+DNIl*r6@T
z5_mzwOvHLJ$0?jFg|#jDER{4m@NFnVuYq(B(x6P04F39&Sa8md>PfGYV`hVvtyCq2
zVvD7R^|YS>9hlU7?7M|Ea%k!vXu$w6)n70!{nNVa<t@m8riDKiq<=;YbbJ%N3?{o!
zWDsQ~XA38y7YeUQ*ghLP7`d#m>^*!ZaCw&HU3jL&F@AiO5jHO>l?HFtmIN7c&SISt
z@(;;2K$(wv{zfZTq?-jR7_U{w_|c`uuRp=>B5j?zr4I7!R)t$A_8NJwuXYu>Lk2b2
zNQiP=y2Q?S*Kc(bdu+UC&8}FDlm2I4)zm&kgggr@<P7A}2kM-S^6H&c`l(^Kgml@3
z4gBkhY{|qpoh8rPPK~k;SbMaR9I_h1y}F{aZPv^s3*a@7(3SW_2#sjl`Oo?>rYsS^
z;{5E$N4LChrohZ~?kE+HkT_`#{atBzHd!=*JU`?7Cd>R0)zo+Gb_oX^ZCcC+326KG
zDJtq3FP8cMET}AHu;o0I$evE%T1&|=EbIWU^pY57Cidsvd{9f}dw0v!BoP$UphvY<
zL!RipM|JPD$$sgHMHu2Z8lZ;_!H4xbOv*CeE$#Rqo3V=mMRY;xO%C2(b6<=bp%c%K
z19Q%gNnYDV;Prb)ASpl1b8T<JL0J_hUis^JZt#7jjNcL;y(2zF`*bECp3ifvPU4DU
zJa@_zNI|2|``j-`F_ww>b!50Q{UUzh1q8xgG92b?ZOcnKp7Iv(I7k7^ON3gm1<_?Y
zYNdZV!j(v3lKc6O<91h#-(MUv&qUShsmBIJ)yH7CHpB$tobzt<+h+OU>7*8e;h7|R
zZP)gq^%i(SIE|j$UfUIy2pZ<^p~yK}lvW>ZSg5mwpgfSIh!YK2_Vj@!l}^bOaUaf}
z@Y9YNAPgNH>j_gBJcAaXONHMe>Bv)(^~+<lm&w1}9ZMGQM65Wh70(0Z-Vqv21Mc)Q
z_J1S1eM$TFMH*`S)(Lu^V*<A!HV2`_$pTb_Shi1CbEHN#32I$6Po6w3_#nT_vS3kn
z!$+AictO~1rY|=?IlvI^4&}o=YenbmfwDIdOSAkorAM=6#ZQqxNksm$eyH|+?HR!@
zpZJ!ydrO9)7-?1*Y9bw}8K6mP$Gn6->oY%8(g*MUN{P)&!ufq7W?(q!zzM2L1-&-)
zE$$udPZZFv6@Rb?gDJ<b^+uTzB#ZtKt>aH#KSdGj{0cmLz#oM!%}~ZbqB;F$n%6Kb
z45K@UTtPK_jwJo!Zc2Rct#tpS|EcoIA+gyPsxYr70!>w_ze2&qx6JZZuQ)s*WtHVu
zN@>M#1enF%911nQhg_k3ME*Mizs<oGY5*l;O7G)?bwQI=zK}C5F}TM0I3$_?boj`P
z9G4xsaQ4J1Qa#3hCkeGY41Z4L$1Q8c-E~I5!Kb4PJW^2Rg-G)}!JoXhkiR5TwhI&=
zaMxs1=PBJVavFD!Qgd_%!hZk;b<*Ta;r^+bl~BH<7iL;f5_Efy8_HDsoby>qYbCDa
zmc}z)iGK%TTlM9y4EF+iv__<o4;&L`;$6!w#orUCNJa1*<jm!_zQ;)<=^SEgLA4Lk
zElsO1-Lq?Q$OqEbqUQ53a)&l#{7izDv2rPgyBK>DC!C3A;QB!#!0eON63RS>X%1Cd
zYtu$=QFi=oRDQ`V*rj+FJ>!;F@ZXnvXlg&(?Sfm?l_kKRN2wO;a&As5|GClNu%uwN
zD3M+DxSs?1@8?fd?)dq*Jb&$mxGY%JI^AgKIvj;QW8G9i4vKPh$;g~0N9mve%Qs$S
zh0T0V^O64tPk0{d{V6EGJ9#)_5=Vl}``YZ*{;63gmD_$RNxm!7;{T?jHyqOh&?R&u
zHhE+`LYSggb_=8)(#X2n&m4TW9WSyf;Q!zFiIEb1$KaND=XZH)FHINJI~TQ#=`r(~
z*NQb-EA19uAa)HqHyp0r@7bZYys+c6;I}MuyrK2{i42{?w_wO`&bkes9Kc0j)L9Y#
zj6i461=85jl(~p`;N;PQKPL+xW1rX(z5f6cdbY)t6jc&iKP%DmX0-*t?4d=s4j~L=
z5#4LKpX_7mlf}P(%g(UEF^SG?kK$sswY}fYe0}R0Pno=H2p+DDcR+b;8APHpvGu*t
z9z42<a@Tz90w8YfQUoib_++{MxDrY6`7gN7#nofJ-dC*s2MEpUj~A2+N!rR^GIQ@^
z#pjxd+Jp3+aQ6{i-J>*<YAXgsd}KTPAd6(Z{zbHF2{WZ%cd|N}6}T{9r8Z6$(;T$#
z93vYC=~eXkQ0$a+rJ>vdblL@U!%oH33phWz;+E{dzsPfm<#-`PQocd9AKx+vm(6W^
zMKTq=Pp!c0zQ6wZ?fcv_H1*><m;A?J65U<1emQVFD?w=bUrmL?yQ@8UqL<~5M7`iE
zsJ<o-himYRA9n;#F#e&*^xc4lk&K_;-wD1#EhHg31ZNWuEp7s`T4eT2F=i_f(&L94
zsB{kQP0}?(bX7G&GD>Re1s~u?<5(Lz8j5UcYGOw=t^d6g6%{U6@!a)4>kyD>uL}^~
z<HSOL|AX{}74eHxi-mBsROf45Aq6f&5TDHTg|h!Hctg;kvBq5ddiJWVDf7WUoIjOw
zJLTr-1j550cXNJ0^!t^<=p@^|Yg0vWzh$xIp2zam?%paxC~-}@Sm;98R>5i}w_j2s
z3p1hgt_|H6Pxz!g@~tfBY|efSbs{x8x~Q2=UlWVWz|O@I8^$to(t;u(9fpNazUron
z?}2jvP>yBk|BWR;ly$oTGqr8$(SKv9uR-6oRJ2ry$rTyqLe|JM!}ttm#_n%#FMkVP
z_)C5y$J^A_v!Fe{Z&rUAyRJzh#{>v`hD$5Avh0ONq?;kI;%th1HWp2HsU7vP5cH@=
znH)CMNvH>iRrD?~n$<nD>rv0r`UU=Dc|8ayPnK_2C{a&8f+O!gE59tC7JRAGYumkE
zhL5};u2LhO^gUsZ^;!-ypo0yr4yaIM@BM^7+a=RCMjm4V6GCx<gG8hU_Shmn$7y}q
zG2)lm^7xn81av7>G_a@I(pO)%<-UaN)7;Z)3b$+eS8^%WLQv&8Yowwqya-NXXSL?D
zvqi$AkPQX0*AtvS?9e)q=cUN!IMse4;{7`unCA8T(hd1j>yv{ltZECweZ-Y#M9`3C
zqoN<jK<ixoOK_=Zbe;sKu!o;e*22|^p{A0SuscVfSxEZ;EgCu20_hwoH=;Y5CKnT5
zX3=OWt0XgN`gopPv^{WkZ>i%Hpn&{=yJuiLye2kRQMBOJ0nJ+}zFc$Sb#X81n8xAP
zNPLFR#~2~nN+A66Q}b3O1Gv{xpg)Mu2yv{3rD!S9?M=#M)DQYk!--EumBMpGBgQ}R
zx?bbW5-lD^S!8Vox6<`J&Wwq&=a}6k>(+UpB=#P!-Vqae>^6K1EuMOn<-;$Y*E7&E
z@3ef`>VF1mLeJc_$nqGah<I^mB-vxYXOzN!eq!D5;WZ`w#^h)7(7vqJmb#7Fm%Bp@
zSTeo3LyLRC8|2Yy?5uaClc}&HE>TaX@1I?dJ^bY#ttHkU4=eDnfJnH&^ZC@!6*cc5
zvM>0`DDWKL3y2a{;i<AC(6xNGXKR4(IB!C`RDZTgi+yi(CGmcI^6Q6_hcS8UHjswg
zV}c)<(;;EexSiMyRyN3i)HTKh%C7Dt$cMmDVcvA~$on!f!X%&1G<=Lx_=Q^Go{2;g
zBqy?%w1t$aK^ZZHS@KFR4%ih9(o_6T5m&6&Cj3XShfCgOfo8`6fDZVyCf_(i{x=oF
z38Kh2nY=SW`$o=2fu%Ehli^Rh;ud9G=P8vpoemhNz~=E?4e!#HFiWbtG!JH)^4R>m
zqGp2(It$&L`_C$b7XCea(QiFjl?jR#7~!8ZUJFX^tg+rcr4CF5_|$W(CQdfT1e5=H
z7yYkt^U>hf6u+Yv#iuh#Ras2H(f?2}S%|V1MN`(2&FOne?7?O}sPMqbS~LBua}jxe
zR#iMjND0L^szSEF)BEl5ZWf$y;yu{PO(v!vHh3)P3;OSh03fG3%vW1rDS9H<3Qfm%
zxLjUBUGX=B9izUUrZ}*gB<!;AiF1z2q_)-7=XIJ9&*y0B1n0#~Wgg=6b<|1IS?-ys
znmIeIz*%NB?%eLYQhB5@eQ{wWSrwzEqz1+1U?vl4VxVug;=5stu(NXLi*Pg{1yh>W
z0}^UOUkxN?oZ^oEDzAj<T3w!X{&-_qzVc%Nqr)iPuNzxrK|>11E;VqBZh9>P<2q<6
zuAPWf9`|@DJIAM#lhb8x?;lk^-TPxva`j<uz;${;esN+x2ETevcv&NZert1eTl$lz
zhu`3tvhQxD@?R`IngYWxxBV?sSp#huB<-eO5xzgoiG{qF{Mb?XcY#mdx@b2Y_G2*~
zeU@hgR|3Z2#cXb1Y2)JG&)afyVDFv>YjqScz{9PQ;E<ouKEl2HUxI5XOx%}d3f~0E
ze9)u2A~VJ^E1k^lJ&LIbti4Q;wYBmNrJ8ZeEtFg128cF1b;y!NI4hd!ZX~u4a>q8;
zmf?}<RGw+iabb|r6g(9fz!?Zk)tG*>K2e+I?>Hv$KpAiQpAAEm$@NaiwVIU#<f<vX
zMvt1HkK!+8=M|S${Cp=P@#ZHbZMDipxxjzYGi*$Nfi5|YP!scden*SA`-EE}Tw2!8
zCjFn!8Zx!R7hu<35~a_nmpzjP&AOpm?<}&@!=^#!76r%qWAhTGx7M(CAd-v{22yel
z1kk&QFrPGD%)k6GJVo?2{@*~kVu+Gp&TO%J6(Q<1JFncqo<Do{!_9P~<VzUl-$@AW
zW5YO0zZ~Py;&W&5Rs{yf8zPdWSw497F?28EhEUbXQw+_M5gvQ~1kL`<w3%Jsa8Uar
z-RL;&hfY2_oF6oB3#<XzLQ8)K)Qy9YHsa^5F){eu!DEn9_Hb{C#DoY$XjUhga-4al
z%N14mN>BAnP;_Z4$*`q+?7h2e@Y_&h>Jq|yA8C1>z}Ns*Cw@vCsm`j^=k6*FgZkjS
zn&~`UqF`Dh3b5Fo+)T(9!~&kgSBH`+cUHF54sM3?udHM4$5YmlH*yF>O?p}@WAwd?
zNx3uSN6j>a@?lc;Vepu4<X@a*X0#g7)mnS~Zb@N}EMH`N2X@5M5_v#*8MHBy?bmO)
z8IKr8_mLu2TN&sk^{KHwB6T_z+V$ye2$c`W69w&}H`ncN+v0f@ZVMZwAMMfi>cK9P
z&ZDND-UhwRkxhiXT9>k}N{9<zs}|{&!ZzTo>uNp&JNh!%)4kl-WtBCC==>(mmqf<C
z2|?s0GU8+<&bzeDUBw*<*1Tr9AdvU2jl$Yy<0fZC#Uu+_Yrz<er;@ieXNHCc-H@o0
z4Zvs5K#SwR8~4}OcwQLxnH`!cdU}GeOsH91{bIc<$7?`?Kd8gmAqvMXJYojEc}b6M
z#=s%(o)B_`SxPN`ZB-a&D4~O~D7hHCZFVj!(Li34h2OM8UsqWQxQJl^c17VaTd50W
zzs3cAl~!vukR|8$l2<gBx5`xP_HOb?CMIQJK7DjAt{;SX*QS-X`eXM9b>H!?kwB}Z
z#+DQeT#@!u>2*3OCEUn}@0~>5^-)d~{A-kv^mH?QUh{(hb<O0-i@wHEp?bP<#BZoM
zc0`^P)6e*1%eq9|O--4C&!m)Ogr*Z>%GPH_aN{pdNK*PZt$8IejX&xww2|)ohzN*J
zB?SN8w#(IOHbI;9C97(Qj+j(+>r`b5{7S=@Fat-?f&=nB!mBkOFj~_tT$_Ee+Lu-B
z92~ZM5}OhBpyugAIp*8aU8B>2{b(SzdbKBLJ=?91<J(+AG!9ZJIzSt@0#oP64{oA>
zx)q(goB4Ew4ZzBV^t689<K1m_nK7gq1Z#_)fBSMtzRXe#PSgn4?2_cr_OWsWdyEJ`
zoCK9-c07nW+Ly{{C&+}8H=#_iA^jj2)V|tHYRSTS<<<tDu|rS#;ZHixUGQjekDN~U
zL>PsU_3CzI-37D*_Kqq}9v~HbvQyOsSQB{kAXn0BH?t-cJ@V!Y06aSuO(PG~K_mW<
zxONg!eTJ5AB5nc18zYU{(LgR|4!92Bvq3Y8U6siT@_D1hn3I|D!f<1XWET6a*K7y<
zo$@VI{)%%B=ZVo`6YnhA_AoXzW7<9t46^1t%oim<AldrlmcTqw3S{e)Dl)AkxupT*
zr0$X=YY>KJ7o2e*zm7`3NJ{=%5Le$5>Iq<?)FIhV752i%&y=jg7Nzhlxl2J%CN`6I
zDlV-4TeA-CzjF%H#G%oYO=Wg|3@)Cu=$<^%WJ(;WU6tl0)X%0_$;SfSLA6wwGX+kp
z?H_&t2@Hl^P)2&<Lt6tX^6XCLHST6s>ttAC%cjLs@vZO)YNUQ_kTahDMYE}i)PE<{
z4N-2?Ojju)D{;Z<Ph!UnhrNbFaBB~koHO<nn<*=#S9vrRX3H4+Z=_(IhYC8;y1#R$
z(0XFNQs$Ao&uWPoE3=&GU0tyjA(!AEh5oWUTA2Kq-7>Nur2eAmtgY-P(y1_dN>#5u
z()+@CqmSx;fN0&bjFJJC?9m1pXQuU4Q6Tl^S&TauzfYQb0K0>>sAOXDeNCw|$vS$`
zrB(}<#pt6)S!e7)v%$~7xdY4LLw#@;dsx4;`ehanClXna&J-LT;BPxCLuw6z__hlb
z?dS`UD38s`gGUQ<h=K6jj$_>H<#kk8c8q-VK5W*F>&28d17rpPUz&V1#%&^7PqpBE
z&@~B#3A>NsHb)$^$TdnDq3zmXN!t{PUE3-@2$f&>K5ng9aX^xWna>c9Mfb-s4va0F
z6PAK&g^R#5f;XoXZOUZ7_g`rA=0>uKvhz(GRN^odMi`%~uc5B&ugl$G9NpT#x8t8P
z$5~q{&ee}1TlzEYMkAWO$kxY3xhG;BzdLE%wXch@7pw~KoT$*71IRcqvcuVWb(3Hf
znm!m=VD_CA?}kahLBuTU@{Iz&-A$5Nh6@+bM44Q+JVKSd;*@i@l*|3l=?s)`@5Hnm
zrB2<G-f!dk;e}Gmi5_vOgP#&4vV5-6_ZtL$nIv(Ii@c~zhhG5+xS^+YdW|KBSMwa}
zL`U@2pB)@TVE3P@i<?*h=ab}b5eXwar{x|p4Dl7E7+>+;OL}8%5TsW7I<%lxXLUFx
z*X~KogeK=QrPcU9wJ!C(_;Z<DZC%>t`5FluG19&3B75J{I1lZd?bi25?l{~*LAP}?
zsNAh>%U2R`{;Q^SpyIbe^3xIR43(!%5-oBBRvmD+S%NzSt+kv59KVa`_v=BZx0N*~
zw{bVft`IHzeMwJ8nV-{r8qbearS;b+>vL=$h_x8eaLs7#(NYHQE0)(oC5PvOT5#IN
z8aTZL^Ef8vVPtuaq)cV@U?(DM<eakgPqO&m<>R$!U#)91$Vtv7$8R4BR?S*oFeO2w
z)8!d6&Yo?@>Rx5>%<_aJ;TaHM$TNJ}ox4k@HZeI_<D+}<c2T}^ViygOog?=|jP*KW
zPlAeE7}~xD_oncCdykYS*0rP~kTdXmil8do=uGGVUd`I0Akzv{(8)38#DnQ&Y6qzr
z$lkb6x?{ops$YVuLx2N?A-+)FQya5`<uk(9%gAl-VK@j`QI4d<6(cRqon!<boUw!m
zYf}CA98F+6yAUsGR3ekd)=qo>vZcaA_^hi?!~P^lYW&?l>lL1|Ydx|sc7v<6;_<t#
zA&R5fz$9*$Y|=D7eNr`<{H1KvC)<17O7nPbM|xxQR7%e?^9M3;fHv^1sLuMUGpT$2
z5Q252yVqx?OL&IEZ==Hq9?cDH6nW4YXlPddLX<8#BFjW!>#M5&5<H<wN@KQ_7gTBx
z<xyMP3|+~|7bk{le_tkQ4>O{xHI#J9cmkQBQn&Kgx*B)zs5IeSX-uGEdvTmTf9rZ1
zUbdqRWk?-o_~kYgB-k?FmQck1c8dmJB6bI@311Jy9)GZ&zVADS<~YG8rJ+L@E>UU`
z?XrKJ>olUx7+Ys@?q0rL>kxHp4VUyJS$>2RKNtJxAwG*^i#uJg(Y(ESe6p7vOZZL9
zNHx@jr^hXaOs0|!1w%mE2ZM$T<HbAo5e$3MCl^@7n#=OYtjs)*ar2&g3qGhqY>j#M
zSHBmN*T_}xJ_CLpk=u1>0jHDH^*WKJ=W8;WNyA%|<*fHNvpAqBUy5S8b{Lk%AWp7p
zm^_BhaE%iewhIzx&)`)GI+%|pW&7c_pn}j*w)>CdQCi0ju9`21hA<zCE&1CGC;DK9
ziKuC%uU0+LzgApZbVhP08csFc#dmmWgth`6zz}SCwR^C!h3fpzARw`N4zH2huH3~l
zHd#?cFWDfluV3xsxoDgpx7R6DdZ?bAU-=&I4L}t}gQ##er>-Z?q<i$C#!__TN+4ko
z-vw0P@hpMzq$_;i%onrlIIO5--RWPJf5Y<M3oJZBZ1S?G4@F9>kcjAXr}c!XSCxI#
ztt&S*%_<7sI+2(o%qQ!hd{(F5B7a)f^wPu$;)ST+`_j^4eJc@}t<50&0v?p+OrnRy
znihsM@Qo9239F;20t<QfXuR`Z_C?APZKv#M{SD()?5j1I!TTrPHLb22yB6<D1yExJ
zP{Kd_jOqGQ%h;g-lVE-DT4aKvuXU0w1EXVVCXvYV150(AKel8n+0I6l801bR=db;M
zDfw@|4VZS^5R6u%@G&@Ci$qSG$@(U9pB~#V<il#dv{}0KDZViYaaj6*<(ZMsg2DL3
zuP=ngo?xv*CN}ZkL}6!BW)Fq6_V{1OkJf=_xK*`C+*XXO-tQKvK7f3lR2(A~Bu-tv
zRKnir+s-eGVxsy!u*Mc#Zsaf9@iI?Jw{{^Z_2uep?X|++e_h^ShBA%U>f5_~VxPSH
z!_97G;q}0}XCE)(gNxQsQRrQZn{7e2U_jIZWqkoiqIP;vAEqyJa;WkJCv6{AiYgdU
zmM?3MDfosfI6yT&JPX;0*3)a>-qc)^EIvN3OqIvE3vwB##O-|y`-IZzN8HenlPJ0D
zVDvD#qz?QED<=Y$GcJP?avR6zV%261JX8Im_V=YE9KAZ3(J)P@TfbaPM+A;+j&FX-
zjvfI_sXm(a1)F-NMLXGf+_sF`Wc>BgsN%fb1N;x`pT>^#>@R?vpD6kXCMx)v;duC-
zgU#CsdjzqT$c;|5^?^CG=`|-(wFlvf#hRn5^o`EVfgAJ7cFY5J8LL#!ru>+=T}wyR
zA^{D(Optu@Haa}%(P7S6$G}fN;+xg)#T>d_I~a*PUN4DmT}RVk*pzPDXb%$ZWb^%e
z7VTQV9DiouUieb9O;DB=s_@p6?8WF%G4Dh8QjBl{xEFK(;Z!9yyDvMTHK<~uqQuo|
z>5+S@Ugu@n81v}t)caOL!I<=T^o!d1o{j_M#2$4=qvyTp;H<kt8BNH4pK8ahCMF86
zWw54xEmQBsuCm?i7dJbSPa9~tkyU*+By@tNed<(+1;PCO@rmAsM=MeTRw>CTi?h`!
zEH4n~2k|QPE;Dg$-#55}Q>SmdrRP&C3wWgaYxwUD+Ucl!%kuP%V%Re!c<$jD4>lUO
z!$+LIuWUm#!nXdanmk-LAPeoKeqwJh%NLe0^d7+1RacrP8Dh&-#ZG~=;2!vGK3I?m
zzJl3%8oG5#JE6j%_|X#gMXRwMd45#aywf4pxT2F8MI-ELp1NAxY3z$3l9dV<@ZTw9
zD?LZ!))9jAR36{Dy42ON!g1B}R#V(Na=c%bxq(xDyt1m=_z-t;!5Zj|U#QbMm{RJe
zTU$mDcbJ4mG!9rN)sPMO#zeJ*PC7#9tgFR2L@4<XKiM+KK-Nv}%`jtlHr<ZLnLcj+
z*!+FR{!Tw@5RE|EJp|o$J!}|yY@wj4B7X`iXiw*#MZ!k0<m;9BXOo}&zn;E48p`jF
zKPf`lw=5$RAtq$aAZuBxA=!mbs1QO1GbOT{EJc=KW{R?=WM^b8+sqI`jD1Fy!HjK;
zncsYW=lp)>%z4f{f86KZ`(9qJ_r1@3-tWEl=O$S7CsRW=_I4%!J#~GP*;3<i><Ud~
zgbrN-?|$d(qIg5Y^hS*4+7E;KX4i-L7wOi|XPzY%`2AUgiqoCbj)wd7znn&dH*}>w
zh;BR;QQ%55APqIbB%qv<E4qc;6Dy7IFukB5UH6Yv?A0lCj^3`;?LEljsmU~-$>C5C
z?=$JFW8d*hqrivm8f$gVktYKqC#xUMXf00FjcQs&gX~&b&+23}VC_TQ&Vk48XjTvE
zKN>cj(*HA!)xAn_Lqyhvlezz!$zCfA;M}0ot{lQR;K@7dYCiNGD|+p^=~pkrAEK1N
z5r0%nGSmO-1`G49WP0+ic4o~SH+44H=2!z-wq&fn9-F5SmLBiLhRP_yZ3ptoSnECS
z_o1e{vMYQBk{m`K>ag+|tRsJ?gW_+%@7m>Y>ijUdPyG~4FX_8XhV)*?$Olx?5xxM1
z(}VfYM57Kt@#eVQa~TPfPY1a7ck&uN7M6bO4s1NzRtXFeIP1Q=)u~lC9ab6qMcjjC
zu=`r9b&hp3Pv~{)PkKUdSJBn~in^4ZD$xaBw=S_Ve@NOTbon#!YcoftN3r(b`<m?T
zA2Kas%aTHn=`C9#d%C2y{59+6!Vv!&%J`p+1*G&aWF9kZw+)^8MWE+w+`0U3tp>{I
zC)dOnuAzV0m+m{moTiU2O*_@IUM4YDs_xOO>l(0->zBXmUM(i1r!VQbDz{4aQVLah
zL_30iwV!&u6Qc?+JX4&IaCO8W_?6^?)5}rQ4;Nq@tUC2XAl&HrtWz?*{D(d(6g|1d
z-M`37J(@dt$EbL}_!D;KDZuUdyB3TxRvMca?)6G}lK~~k&tJ~_a3EH~O65Q2(t`oS
zvj076bdPRM;+zvWXjuSyxotQ3V-`&SMO*tXkG<+fWLErySHcY`5>qx|Mnc+tfVwzo
zFVR6YKWwhx^8Pz$1~(!Uv9%KfiL$S&@c1Eg4{uvT`t^CS)M+Q)eZJIbud-#t)@T5{
zUhcH*doFYoyZ5{`2;yj;Q~@3KG*YkMeS{bs5^<-7fe<D-ZOz0*<+pBB3B((TAjliV
z^?N#PrHX$Yjj%%V<r6#4BFC`%r!1RRzq`YxU4DT3z}H4>F&*G*eYSk}da(&9&`gwP
zB`NnZ?PCh`J?h9%(NIrQ8Ny3f+RavpiNfl^j!zZoNE-~{Km~!Z;t<>lX0$jzizI8}
znG8^%^5NuhQIv_W0|#f|7OQMW9mcsfZa@zbiS%?FP6iuGY5t8~<P&2E(;ozfJkrU%
zK++?X_Bf%4XnP&_3!HrYmuugsQs#V+L`Z&dd~R70A)IlHX!@S+@#XDak4z%q>yXDu
zO+1>=aBOW;XhI~U4t?Zneor<Xl+WL>J38y`+kgeoSF+jZ-klUl1}dQ*V{y7K*zlIu
zyB!PC%IGP4&Nugj><|VbQeik<r0`%Hg?TNYNMi^5$Om&k*qWn+Vw<*M{%d4pfxSHS
z2J`$(jNE+m_)(}x(asZrjW9!+KAsoZ3#5*dPMeV703bD!gf}U6%RD>~aH7`{y{WBm
z*1qry1iYOuHgP*Rk^v$Zpv>S0-G`B=sO5?*bb-A^%y7UQgi4nl)S=@^2&`@oc(?`k
z%`lQt6a)})^p;A2dOlc)`5}L2p*0S$_mM&#!13VaF`*3G{pdXjBZB{Zmrb(j>aDh|
z$27j<xc;S<0#!a&lmaP%Kv7Pg>~|=|m>mXp7w^8JkOQ71ENoeFGdD;#BByB}l4E>3
zHz=&OD%gTgwmk~H0qz%~eggsQ@@Sh4M<3^%b7W@dU%gI1ZYER6E_Kts)Fk$LhAxD9
zgGdN2*eOYr{(7_>N&VSX54hWdA1bq|-vO`Qb1bA;B<-!=NeEXM#(&dY=ItW8dmULK
z`*=ViAQx6uu0(E-80aqPF;24w@)a->hN%)mISK4ez4EwBR|JmP^$0NdsU$bo;FnOF
z?$vZdhXWs+bv!eIYNF2TR1zt+v2_I!@1GcGA;tjWQWKz3AUBd@#a%mOA}Wy!Bn7gp
z?jj*Oi!%Un)K!wJ+4V{bK2gRlX~z6|OdQ}Moq&!u(_@;|$kDZik?ox@>1NA=7F6OH
zm>{k8upY_@Y5x=qfFy4b(TOPs38bD*&-nJcIp1Qm_GCL@02(iH!W1YB(WH8-4+onQ
z<mk6Zr@u<$Cb(kNAnli#cfo)r-V#4<W*=(|OjSrLjt?E3;IZvCWl0i4M#s;d0^KBm
zaPVYkt4LeQRv9|?4D$-r8)=j>>rMg|uT>HSCNmHNQ4bP-IaOL46%H_blfJ3{TF3@}
zF9!o_?X=C|r7}a|KVJMR#MJAbA73`Iso2aZ^J;cSSZ+o4>vdit$)GHK^*f2ulYZlK
zG0n4hS4w##4;5vRF$+K9#*=36Tf$Nys>W~<nY5cki8xp05rv91G=-P6%dXs$4lxKX
z(v6;Ex(WFXPuN8>2Ft{PZt%?uEdXohe_8<F6A#uxvBaJWWiuwF$<VXj?Wv)g=2%h6
zf)4dc)8^O*&y_#Bk5UneR8oE#r#h?;?Ib{pq28|D1f>9E$Fs%oAh}^}s?UBh<vIi@
z&g{dpLfm|!I>xN<HcJeI7YM}#J_}F91x2J-vhFB8@(hR%WK+p*kCqYICYS()L)y&<
za#R9t(fp{`bpRjMbI^3M&A2-tvE7bjibtE%eW_9cOf_oEBri!Nfx!)l6o3`{a_VOC
zg6z8wXMQ`8eh@W1&6pmk2$d;}BqSqA^KZ8RZG&_u2j!*l3c$`m-X(n#0D<?eLqr5%
znC;X9$H!sqLLq9Fa5360X;N<3i|RjbZz7{iZLyKUd%{at9%W6MNob$R0e9;q0c7cZ
z6AuU~R27`2dEpuA)p?mXfHL(OHAcWs7Lv4O^b&A|s!CcjE0n>%if1kfMwJs1pj<Rj
zfwI#qQ;bH+v`ma!q7zefCrOt&nf#DioTmj@4O>Ps?}YKkCgLhMM=^54-$@CbFm{?K
z(h_Z%qMME9iHFJ3^pQsC0Of_&WCW02jI0r+-2nsCG3D+*^%dy5_^^aowl?D&q5@TF
zejnw>a~woP$_<B7ugt?vgTSQgxKy*kSdzzl&2s^Y3rUuA-K=m8hfcuo(QYFZ^A1o&
zib&Q}W2l=ZFm9H}C*xUDEk-Bu9E(GebZd%Y)i<sz=os?}g-oFmxns|;M7wCtC%|wf
z{V;(E&#<I@0(A4h$h=05YFg?cXSZv8KR2GqP4&^MpA~4k-+eyKgXK*uIBmi4m>(I$
zdt9UgOUV4RL{gO8FjUC%K*h7a`63m<($w%S>2#+Ne{2!1jdTMQyQ#gMz}nw@YXXx7
znRQPlBNXYENKGa+5$6{@*MosK2y*|Xg+Z3xs~HGY7DlU>7bcUOJ7F@AQrrZJb6}UQ
zLDau&?ZzqHA#-uh9ntI-3<zO3C#?P82>+bh$awV9XidBZu;q4v1NQE|Os@npgh*Hs
z+q1@-Lj9x)VoyVUkR#~w7R=F%u&6T=WJKt_LJyMcvUIG%1ag*t%99$*%b;^FR}y&&
z@L|eRv|!S#RsHNz=w`4}{jLD%fu9~kvR{*Z#<fQPQV=fLW=twZaTW!xDYB$LTLRcM
zfo1f~&it!2{JCaEpOwg9UV>T~orYzQ2<9X_3Y5#TfCFHOjL>2^jwEMy2eir4Gl{*<
z3m(4O{wol%=yta_rY9yKgM~21xHeQ_0O=B?TR+X?3bpTFn9&CW7(tE#P&1X_{tdyn
zuI{j6Gzn=^Gx=iImgI!u<N=+G{q%GHAxpeiW4P#UzR$v$*aZA?tiiLIE!Ybd>lNct
z%`u#wKWJAL8q9!#j2}){0dj?VH9yPv6z2Jajtyl%4kUY|Uvi9*Igo#GPmy{?pse$4
zp=G>>7zo@=e$j5;EtBMNnR<#UZBm@pe%AwoCJsQaL6O16SRq;&OO-}R0EJ%1kFRq)
z4}cad|6jxL#Lr5y^lypI9TeH$z^5i49{0;rzn2=Az$8I;mySeOaR&1>K$co^yZ05Y
z#sbKH7-8nANOi@TniV=wy^vUQK0z9q#eob7NaoLdA6DOl;AeQUA`T=6t+J@3$l3W&
zy#>mOwt3nVAtJSKi4>OO-XT3e8D!&36WYaNi}E~G@L|3!NI#xfMaVncKH87F?VsZy
z7;h-c!k$@CkUi;`<#mW8ggiBXG-=|Qg1AKW!)qqApPNyk2IChK7>bY&xW}GDbU}zX
zBp%1&As!G1$cD6tH%)-bK$39(Q^4^#>IEd3#aPrX5&-Gc_Bupuc+sgO_e`5A3miDn
zVq72r7B2W9iDzP!AoaKjq#swTB+IyAX7G2%8HNrdG4}zMa^jJ}0uUheB(krhMu>Ki
z8iOPxw%;Y$qljFrF5Hl?<V_LU1L||+g#Vzf*xJ~CBoCzLXx`dqj^PBnWQ^cH3wo2c
z=e3g{SCWry4C}p@DN8#sRIes%@cKFyw2mF}^uKSZC-17e{CDt3kB}eJ(@xT5Q6SL2
z^FRRNLq(d9C*#-JZz_6H-jQ{wSE)80;jltob8l&=2x|h7C7h{ypT#YXc#f5+XYgcc
zTvq~A2vUawvtou=ZAg;1ViPH|6C>Kzf+O&vW1p*Ug&B%OoP=fS^4$yW55Ejs`x*1A
zjvc~AbBt+TuP@E9Oe?mb3f^Hvk!1geq<M|x?I19Mr*Co}lwu>LZkNH5ZreT0{xCSn
zlEpre=0IUqjbGPzLpG3GJMbmoV*j_ZZ7H}3baXs}ji#PSHl&`(By(lg_%p-uN6B(_
zAePkx!#(6^k552eZV_IyNJtY8LK*Pb#HeEc>dV3qXjm`N&QHptqk`75mB_<1M5o5U
zEcvoGM&piO;eaMs(QQdIF?nzG1wv)T$%uMV!0#H1fi$^5CI{pj`)6V=K}3+4pnj!(
z3LE5$xRJSPVU*ZV>mtzRdBz-8;Mle5(uO?sHuVZJ(ikgD8)E6K4AsZO%FIxQ%SH2v
z&^V|!kz`}C8q0VDOpJ*7y>D@nsKj4U@hnn$z>3vnQdwr*M7m)D``=VOEm>V&r>Tbk
zuBdPK9DK&5M5$6K>1w@!rc^0pqzP7Rxrr<GBTf@XiHGVys#yjq_H&==qK+ujZ$1RS
zBo~fgcYQaPh3>5!JF-kEx1?qojE4kcyc^MplyhSeE6_6#HApxmh7E*iM1?cICE^cl
zOAmP-ZId!dD`K{j3JiOZD#GetxJMFW;)qC^L>bhebLkyrPX}9#`9yZ7f){vTZ^v^y
zNxA4~3~^L*#qb2ni4sd><UJ{3JVN+a=24qw*u!BwR_BPDDmXPnA0#`1St|jaPyZuq
z1_tF9+ok9~81?PkhSC&94}u^OJV+`%2gxSD57NV$tVY0n$GW{XO?;SnA*W4Le7h)%
z9wqUh7U>!Kav_Mc-O1#Hu+W!hN}qOn9y3Mq27I?9tI>5(VyRG>^i7e&he$F%BZ2h5
z+ie+5OoC3vd6=hF)ZpME(=;F{6J?+^m05!`#luJ7D^BlKS&{I;YMh5n%X^?4-wm?b
z6h)i*6iIm54o)kcWYI8-%`CSHit*KEMi;3>oHcGpreD>#=HS}~Oswr>^WidCk+dAo
zd`vYmZ#O~~^V9B77fpb$Hninc*bo-N0>20J0?+4r=2+pirJK~CZXHaeohhHt8YPB$
zMSXTWZzoB24bNj9)o#p3@W~~fpo!w)B2${f`;!n`>IHRR^^IWF{!vkoM;dmPg!E=u
z6dZWd?Tvwd{rcV~x0@H1i6Z$#4h{duFl#tJAp$)vRuiImr)Gl$=zVo~cU6WoF9%KM
z%>h?xp2MZ~&~T!$-+ne+hkVK_(?N^H1m^nbLy)>KP#oaO6!SDSi@eS_?pQj?c4q|R
zYDAX}ycSX;F3bF2*sj++GS_9iiH&Ichh*g!q6`puNn$B6M<{!-<L5k(XSJZ}5xh>)
zZlE&ci$C!+X{}o~Mm+ZG&wVAT4HA>WsQkGvO}!uhQ-o|AMi;^oJ$BmMYm97KlEcw<
zmX`J+%K<N-_5RouQgSCjpsjVw5+#;&D4q_u_k?V(fuBgGthiB?qc^tS`O%{{LXOh5
znZElIlB7ez^ieYq2j8frsNV2Yp)H@HZ5OZ8?yZ>}rN#g);0%0qFqrx_dLz716C$E6
zlgI+#4Lu2vCkyDqx(&BHz<}|@>Xn$69<6<9%xIFwu>4BoHYdKTyS>4}uUB;~?NGx+
zoTiS4OQ&Q0Y~~i=B9nG5qF}%&m>kWjwtA%mF1Q$Ro)%OKcS%Rs#}0{|uYVt!LSsed
z0t^WqU7E5wRP6><h|(-Tb3%E{lV*AtNFW4xzi%N;ZG7VjiwcaA+D(^QBtTB<oE|r@
zqBL!)KYq9v%_l?yJgaFm)NkQAzT8VmAhDYlz9z*c%nBZ};Tc7^hNKX!Gi}C&Frk*G
zp5}DBe|u{5_PnDLD+7yqq|=dE@{*%O9GazG0Tzz~X8Q&-j_ie)YL<N37<=+RhBSPj
zW#@0Ay{%R^3<NPOzCir0iuIzNG`ztOgfu6IWuvkG$+O~zpD}TT=R(@?=mTG5l*bE?
zcm~h*z9i_iy*|2lCY?~zv-9~bh1G<MCUVe%PTcyn)#tx?ifUqL%Seub^MZ=)ec%hD
z8`d^bhVD^--6^krN(q`(x1r0N&vk*M!;f)^oC;Jb*4M;nn!{H{(-T(cNq}BOiDFs8
zHELGkp@TBb`x#~Rs;2!!M5GKK@cqGpkPon6=M0Ny5jf1o@NrmgS<|qx-p3<o12GOj
ztw{o7`fg#!`!N08r$AVwklzc<6H)FXn!;_qCFlaoWsoQ+^bMNeJ8N%>wG0m2Yg6Eb
z#D)RZe>6Yq_Q*9f=DY4)%$bURmGNi78HUQ0s^6auhkP}ZsmH=6P(+#fnxi1&eN+MP
z=x-Vz>W`YeG9)i4Obo)`e5i2;0Qn``LI>uD0=_Oj(OfoQZG=RU^b*%0$3gu-`gh13
zhUp$-Nf|9uiv>&LO}7dd5-A?faQGq5l3O>h*Zn=qux4;W|32pwKm^VZZj=akh6^G_
z+O~799}x0l`2K9ev<^`Pm?WX!1rX$fCQ*x;CD;;MZHd);LeAwtiM{)?0h5G4liPxS
zX@pp<L!IL{Rcoi`xu`b<VDgar$slM%3Fq5CiyMAa)N#a-!@6n9M#J<x%5Zbd^p)Y@
z<Mx-0Q<aJ&JeUQzrx*OGa@5E7o&3<8wvkl*E0rp^t`%K<PsCnps>f5lH9pD4;G;ZB
z5*mAfK`t%i)2H3g-$AvL9!t-}5K2`ccyI>e0>l6^KAHj5BrZ4gG7IJD9q~~o+n%PP
zC%Ty-o)l?i%b&|8v<r}7fF-u#$-ece>zBV_4a$n6F@*&9&Tk@kJqL3M@<$|tp}KrN
z2{7^#e>6ILp5#2iT4+DHMz(<S`Vm;^nrsRqG8hsxJ1~Mbrdjm(6a?yLxa!Pu{`(15
z<E=c&&uW6vHy0=Y*s0}pUA-6?Y#KAjN@@|<;W>ak1ZnJiz`Q2D&S)om4x{iHE$<&A
zX7j+!<bCRhd{M=@!&r=S=DKyy{`N}oNG#@CgYu5ABw{i7W`qQySm$}YIU^RhK=o-r
z$!LcJg)a<hPdFdX9E&N@#!{fMFh%InQ$>dAN~|6_k|?y`cE498WRt|)&(k|@wA>~t
z(S(*HwHxEK03MF?;>)xKt0?Ft=&*lFyV%UZzSi(+U${<lAGwlr9Q<rS>_7eO8cmF+
z>3(ZxY`EIiL!{X6#h7m0UychkoyBiS-LP}ahds<Dlo)|DYlsmt%GzVDH7%Xk*Udfq
z6h7+vLP(J;s+e&Ia1Xv@cZDIhqlM+{Q)09TgY5AWDm1?o51S~H%UDkgk0fam<8@&f
zUP}z%=^@;~A6<rA+orrP`=*C|sLXIqX}^!Bh{VbtiY6U4o&))RMHi6YO5a{^0Ccw&
zEFEYL?GM?lwi7(t1Y!5f7YXT@p$q%l<B@No+e5mQwx%et?-pRjcqhR!-y|Ww`14LF
zOd)fo2Oh2rdHbVIvv>yv=P6I+XgMlSfe?ReZfLu0!xcTr&&%3#M;MXl#1GdYPJ1E)
zZ*_r6hwWttMquizCCT^R`#u}8Ieu|ya#>+|Vq;%G87VditkIdQ`RA|SJ$j@P4JEs|
z8*8$Sv1|8O5rfI%zBz7_yNeaai8Cq8H+K==UN;}T5^4L4@~k1Xy>2E-YW-G%QE!*g
zC5K|qUK;+5+$1hb^<d2K#bD}CO1m{4=J0R#`fiHU;%^o1woTj3kbEUbS;2i`vd^Xp
zuM=JApe@anl6&Zf<g~4un6}K(wO`!t)?=vXVOl>Q7+u>YEZK|BG3~aQpGn^nYljI-
zOVI^~o8woPTR)SIUpMVrU)iRB*JBT^P^I<)R$3Ydat^S{Gz&0;-LBA?zB(w^<B1}{
zlp#NdHX%Od@W#nDX$~burp~wGwD5jHZ>vr!K)VO8hz}ab(X9}UZ9~C6k$O^~_wg!(
z1rI`MaLB$Vnl#^Vn}FY=x1B%s-Y(jDerZ@b1)7Tjf~jS~$I|9ZH~hYGGx1*JG2PX<
zPn>V%&`zia)`r?|-(6~2Jqb@Ffb(YD1-DIm^|udgUihU5`c?n0v6%3&syXxE-u^bY
z@&F#Np<NjM`~$e=`jBBnV+&^N=|05;)+19z^7%Dk+CDUN6p+HaK^Jf<`y0HX1evee
zi~4XonerVa<3KeM0bNcxj;f4p`+M~tIT|@`xR*oNXRQb>*l|&EH!>CV`ay)`|Babo
zPd_s?N$**S>0y?lV0MN6)$)VIj6Y=upgTg|S%Q*%5EQCaNCVxvh;}IyM!6tH&@R;E
zThc;fG0)r}4lbc_6Oy^r;;!KtX}4@st<xXrX~+&0WQisQKXYr=(dt<f)zVY=e70KP
zJldk?BW*tlESNRQ)F_QcXDyluT#vkEb(1-*p$2*wuLJt-VDFZt6KmoCd99;fUDshZ
zW}W`n`EOidWxS%Ya;V8ehoyL^d{AntE&QKo?yNcp6mAUp=gIsSY%!A5`1=#!*Xr@z
z=(3A&KvsU10j;;OF0GsTQmD1;ZK$uCjkmYelh0$|z^`@HYF25NwAIxtf(Nq`$gC$_
z($pR<K)lIvgXq6+OC{E=SfyHHw=6#PrVl2ir&`^-u2pT3rK{I}80nxn$i6VbS=N_!
zP+?>*VN+8iXrJ#5ZWTg}w1(8)Syj4oOG#dn@ikiU;>WbK6x;OFTX4$7o{JYPizLEl
ze>YND!;H^N@4BjR>`tTp&I<|o91!yHJEEnpOjfvHW>~GOEZ8dd_wO8sT#oBi=Pmj^
zmVGR)oFE9MOXRMi5A(ehKlCxjY87{{5uRJnrenSufU;VZKCh<xfU`#JY{?jjJ8By9
zrKM#x8jA9N#k1dtDxSP=i`P?7$8TVYpAevB7QQy#HH}=0;JcQkO}(py8X9Wl!GE7m
zFm*5M$?h$|$Qs)63V2W~YY?A;xE2?(nE5ATy+?c&7e^$beeSY!7m;dB&dGd}hj{aM
zpF9@Q?Rf`svCJ~uCe_Ni5u~Q<UY@M<3yoh-*|*ME%hPw663QB#arx}r_ZuIeCjZ%T
z=O?&p&fy>^WHr{#HZ>?&N#0w~US;j(6=};1sXPfGNgX+b@v~uNSoB@ZtWhDxo?>^Y
zWs%e<m(s8Ff+Drv-tOMM^fU>v>^y;q#?^pVm$lVp_0*JQ50{>N(bS#fEXz8SHmX|4
z5~L&g^S>KJ&05=?KTn*PG|)Cwi?Dg$YU^6sn+D%O&=ZXwS7Z;@{Snu!uuw8oba4oE
zdkAs(+t|27)i^wUZ#VGAd2c~u(Hm{oR5`ks#I+g{a5-T0GuJOPdc?=#!bR4k6N>hj
z1&BSS>$Sl1vvmQfTcaP=svnQFMx~Cc+GV?VPJE4`Y>lhhOR_17&5klA71fk3g~vJ1
z+YO2P@ix(Ovl-c`-knKlRNaP))y!?*^6WCFhEsQqR;6P?an0{z8C~MR4i*k+0S!67
zvzb6O1tn$K$%0Ji&Xac%I@(=@C+s#&QFiuug$vLAd*tvpKwa9?fihZj{+CY{xL48g
zV_90Vb%vEuV8vXXYs-84^h;u4qhByHiekInckI+HvgEWC^z<%)9+|m0Jh9r*&8+`?
z5UDxwPFHKge%wfHR8p*fF~K$S;gMRtY)10N2(PVc(Wb5atz@f|TL}KQ08M>c@h(-L
zLDHv#yrs<KkUO`|2b4YXu~N+X{_a=n=Mc1@#_`3+q7NMn^t25xjd^C3YA6~(D*}rY
zcC%4U2a!D6<acHJF}^12dEMZ}h~K~b&)2TrxfP<gUlwpD;C$`2+-mp&p{g6xWnW-i
z*8hlXJLuf0#`;pb(511Exof8zTeAR)$^gaA-@IAB5^#4ga2#VlV6n~zwhydLcwWvh
z%qBQ<Zlq&BkB<HVo4HtIy|FLwu;{<Jhe(N`Dd68fDl134%gUrp@UHuYhWkZ53a1|x
ze=O!(|Fx*9_2rwpT3|!@N)LCA;M>qg!N_~)w0UoEmR-;(v_)z6!;5d{fA{4peBGBc
zRMl2cSJ<TrwGuAAe4g#yI-4z|^yXSXh>zw%mQPihT|^^!nZ)dy8m;^J)%WfG;jAv-
zQaZQ%t00TtA;y)T*Z=*i4h=ur>uVW$wjbDhq~Gdj6Y<a?67p4JV6d{?9Xj8c&?sTn
zU9{MlZe;A1(g=R~RP>)o%!QvX;+h47skdVO>rFNga7=AVEpUGyV%L3`q)Y79%XHrI
z5^vm!y0ujPFStrq`MKm%lgd5F5M}hq_rT{xiV0iMRV(o$Ui}xZzizl9R%$ko$Th36
znRanc&A6*RdtN!N?eDKYYsAfsp{kc5e*YaVk#;&g0<TU5v3<k=P%l(}@f!s#rJq=N
zb>iW)x{#Vr@@+!-b+*4pY=4F7-nqJ{23^+T^P1)HvS3TdzkM@+T6JRY1^=R6r-$<N
z{dwNz7KY)%3o{>AR7}Z&%PM;#yGDAZ&CsB!_eKy0<jhTN#D!S5vDW$j)-L}Sse`jL
z?yXhz2?&=cIJxRasJ}Hco9uUu_To(+g{^*6gR&^WIzU>V5S2Ay5J*u3bcpcJ{t=x`
zu1|3#NpYHKA@~nEb2#EP>JxU#KizE{d-!CU{}`1-3=>=Z__gdo;dYE@M-*w{EM5xB
zck<Jd<U*0LmYJIw#3QysAx>h3FlYV!m0G{N2c7Jp?}t`za0m>aG<iR1a;Q%@_2tx(
zdO<T1a>Cx2<J+&>=2QCDKAqV2Q`>Kt=iWNTtsLFSR7{t_K6o*csNDkp&>(6oJa>Q`
z+HP5reQ~LS+{G1fCFSC^!V@)ofgaYLV?O8YRE@@O$apc?0?yMLc~8pe>Qbv#*kagj
zN!hH98N5)vkohXP!k^86?WI&V`!5du)Ax<cD;sj1joJfV9FLlw^nBw!dV*307S7%0
zi8$f@;%M|2zx(qiYyvic0!iW(=aZJo;jL1wY{~0j!ENs;zMtOAr#Gt;{Kb=O-$&}0
zH^;YbcYhjdcCT`6JMugFK>pV{gE*VysL{b2=Qt}DkY6?V@-QXr>{@X2Wx1i5{C}s+
zA6MlvdTXV+>;j42XOQoduN(a*_vqo^>|p<Cu&<h;Pk>`(?xlfxg`fq~m4^b?E7?9N
zbp==fZ7ly>oNYsUP$}+5vf5mK6&RpI<MZ*}OM4M<<Z0Js{Z-3Bfwv{%cA5E#llM;h
zTme$vA>De9OPBL(vRfNo-3hP_sWw^mm~o%ia$UMNW%ya<RQbc-dSh&X$)l(muMp8s
z9d~tZB)>2WdS}k%I8ZJEY%$|7kxT+K&%H$4Pc%#r`YZV7(<Z&m_VWr<$XBu?O-Bi+
zd5==6jCf;raY^X6CGipO^;IeBk0)-;eEkoT<#Q#>NHpiKv%{K(&m_cg>2uy3L?twH
z!giqiT2Gu!g@#b%M7V0@1V6rc@IVe2)hjrEDsb#e)9urDF$!$^4>WeyobDziH~i2q
zRk+#WwaupDAB#A3c5?|wC@z$J-&WXi{HKTzhFS)x$z?X*NDo<YIw!RpegbUN(Y|q*
z``#(L*()zE)8{J~^KU+>z93!*cp~EMxsKn2uAKFG9F|k+VfYD#tn`TKPU=Iel$8$q
zF1DddFh0&_e9#}#C21<?BMPOGCtg@LUuyltv5C-IeCr;Z@^sx!HuRGwrtaZ~x`zxk
zzYliy$AfuUX12$s`6Jv*G9x)sBki6q_im|e9EtcBJCwv4ojbaC?g%QecS}M6Dxq-k
zoRHBup{&=*o==7DJ{2;;3uTd#i%DF!sEA@x+xfO{;(xB7_kB-Fp8YUKcbigdsw0vg
zz}FvO30;7hu8VKJp}@i~+amPu^O^lA3UM27L+?^HNsA>i|C*^E&u(cr=soI@QdWPM
zpuE7Ly!%ec$YC^4Z`*=bCAd>}c8xAF1?O9@m=h`C<XT5Odu)86Jg-rHCoxmwOYqJP
z()ciF9eLpRU&cSE&1n(qvsPdg+0@H2clhgrzFQaMI3E3c+)#az??<q`zuzd<_?ovx
zIb_{wSIwSCVy|Vph^F0$9frKUG+QM7ah@`>&tCt;;4QtVsJApVX~}*1u_18uQIpja
zy?xGI^-fnWcKtm_%RTd>mbLd(M^E;PO?&?tzTcwV&mGrqoNO!Uh87s$y3P*jJb^;q
z7(dHUR>_Ze)ih9gP2lCzvyO&WQvOMI{+r{%c{}ZD{mg#yCU=sm_Soy~`O2=xy#saq
zg;{!{<i%nzeKezK^h0I8fi1URpk+$|d8hKb^+uM-Q#10guEmR)2?I9aWTZg9D^^Y$
z>ngGh=6fDcyd(Z@!}&DA|1K_z_qS<xE$79Od36x{<SuuJ&DygP4p{*9)*Iu`Hw;Ss
z9+#jl07jQMQ#cmXZJ{L^|MzBx5tc<WzALj#O$SWst3<whqUwp#9?@N12H#yO{oRBt
zi#C3!uKLZm%05jckCK+IXt6uC`XLQyllnk{_qCGOg|AJ<x$W%E^b?2}o%jKum-R2s
z#xcm8gXT%+_ov%Kl}l0sI&u$BdA{U12&<U`eq}2^%R^c>JjH$S!u@$Rr1!ZqVuc;m
zL8lv+MdyC$p3KZ=5B@52J6SWtgFQ*Z=t7LbpIUM0ByY>Dv3$17)YlI*gp<5al_<;n
z$Ti_m*5qcK(tggp^+HYOM6=<!n2)@36&dU*yr&x8uya^Gc%e(yxYEdWeLVg~rpll8
zl#NgKJ-Df|?9`(`ufT3+=-Xw7U4Y0s<P2wh@g262L$)U#UIUqYTfVl1LijHrUv|0g
z9PDMhx1kdBvh_kK`NrjM#tyA<!0V?XGPn!%?}<OJ-h2lt5e(?~Ztx{+X^nQ$Sns`Y
z%Lgyw`3K^h9m7qfUTR!P-<0@uMHdk(r`NS#tWEg`mwhFL!f2zrFS^(YbvWRC@u9e@
zX*?Z<E1aZHyd|#;NVX?&GW+93Enbo_#O{u;4Bp$)XXm(|87HQ8aQ!K&QrVIcJNeIx
z|16)>kGb0djedz8u+TFyPn{YnuYu;+*<RQ`XOC)^<gn~|d3ljTv5Iq;jctpycm+A0
z>7qURqogG<=oe%?`zpFoItjf&YcKf1QI_;l|M%%(!I9w14ql?5?6Yh95xU4T5$k6o
zkiv5&kPC2dT-oI=ShX;n2xcP>{kZzkV9)?vc)p}7p5Ksz>(!<4*@+VlCph*pWyKM4
zCuwdASq*T<@y2b*$0_BS?#;GaPlRST%&mQe9{<O$9oO(Xtj#84<mRkq#lyP_Ju6OW
zT<BshcXPgr*el<6LADiNMJ(c<7v{eIQWTV1(QFkpdeGb|R$Hpqw4cX=ebEadX#q#`
z70(@Cb*_q+lzUzHo+Q}7KQTLYd-kN>(-gSi{U91&unM`e@MyrbovNk5$^CYdPcmTk
z$&HULr=NZ<@3hbrDr6%(k>s5@6=_<3{-a~2dBBYJ2BcQ}<DK5ej5j(9Q7ys)kxHuJ
z_i8y0?YQ54cbxg+do0Dp`F&2+DcDce<%_w;%9YP+zFm!H2GQoKtw~SX+=AqKD?J}Y
zjs@jchHBah>x^%BmqOQcZ{!tM-yMdQ2=jvkhA*;R2wq%Cb0-we&ct>O&w5A`iZD&y
zHkVS8r@^#6!`NsO!Yn$tZz-^8+U_p`->@1oFcZ0;Z95G3e?LTGp}MUBs3T9ourwJS
zu;9ZNlz;I5Z~pfep%7}KQ+lgRsf?>^b??(vRkM8kolV`5>hkx~`iA~fALhp6CQ8b*
zJnz}Zd;v)Oxu(?ev`SODGN*<rQU6S}^!V(1?ekh%*W$v976tB^zpTtZ_eEJyVEI-h
zX|=g-Zcs9Hor7n#6#nS5eFcg?$MNGC#BqAnZK?B-zkim7CGx6*uRkI7psKz!6Ms$z
zuZOeyuyTvs=l?fkkOO=nLEQt)^zL~~7CcbtdzV;nu5$g0X-hKqIqA~N@WQcQ*T0>=
zWD8dHlz$!(_AIL3uEx%nSL3lVx_f;oy8=BxSxl;h*UWw$ooHTN%PvT&Z5i-kr*8KY
zI9ZCV4^2*PtV*|BhlGdp*UenJR{qJVN1#(~tvQ9^=;jyx-Js&%e<Kz%u9ZPi(X)qo
z7UZakhQlT8;oTLvV3&v<g86uKTaX!D+&$Q?7#z_O;L`4Jqc!!@bhX4)?dI9SrDOge
z$HCf9da%Qt#Z-z@-;>}voqP+L`GXzXDB?2e-`uHi!HTwX7cD=`Dkxmt2mWoIb+elA
z-27=_>zcb7nh>o4J!Aha)G4sTIszK`3j$o*+_`^nKQdHo9ulVLIVFd$P$z7aRy_j!
zv?KKRua!Sa<gO0Cxdv|$=HmACeby<q-a5Eji01*wMn<^Qx3<r(HV5q}LJNh>pS9^_
zXB50yF$r4dzjD7{N77=vK%^%1;<BZ)LU*?Bsh`H-&(7RxeO?3R*x24CzRPuf)^>;7
z>SO6#N~&|%{}dG+sokQb>lx@Wdo%W4Lq@;NqgTff^;r{9<<Z9$vxeM7tHvMSxXqkT
zJB-kMxCrAh+0DERx)tAn$^5;%`c0hU`uywU6!9M+3FGG~t|W6wIlb*aAQd;Xj(M$w
zwB-yP?OS*RtCjEEs5Nanjs2qIS|hbQ`dEiIR6j0whq~S9Ql0g3M8Wytc*o7x9C;~e
zsa__7<#D;2)UnVFk2i{!kRrBK<x9Tc#{=mQErg3(wN4*Ikmq>JK|zVCzZ6^Mg&m$o
zK18UfB{3@32QSQx*xDVGuLQ`w;d!azyYRAT?N<Kl302pNQR;J+Ovs>X6G*}0>B3dF
zFkyn(U-kD_Bi!BwX64$}Ee*VG2#U;&QM&iIDm{*ieb&p=#LDLr?^I;tY-`hhwoT=f
zukJ~Xw<{ZK;%|FU^7;I1{rGVzqS&3g8>-x@o5YNu5XbKVqud)=6KhZ(CD;s--vmEy
zm5{DQ)XqCFeH!F-?pXo4_d;puuZnWzYff+;wMp5k<;+4qZxh_TmE4J#q4cSg-GwVk
z5>OSenSc+U^<tCyxU(pdf;eqg7bR>RR(9Lv62V~GMfd7M#?67KPM*)(asS3jW!ziI
zNt2qu@6L_$17?kw@AEtVy<JW%^y5yo8M{6AJbbsRBBwXt+}K$dI^w6M?@MayYP@1k
zYV&>JwUs+tZaXGe=-%#Eh*P^=zU2d5;PajC+WER8<KKVo|NUq#ap^zXTbdR3jNpsf
zREZB=ILRI%HMP#GR_B__t<c7%FsSp`-*s?g*Y)7df8Xo!@5YEZo?dgrcvYmjd;=Z`
z0rgEk%xkp_K2KZ5h4F!}SX_pDv-Ibg$-uZh{!je7)s9`_m@mJw8lm$Mb$T$vCt@~F
z>(biy`M}8~zDw8-_nze;KKi`5=4NV5_WG48_cVOs)Ox1)V4D$g#<E5es-_|^_O3B7
zuKRZNvYBXktU~-s<7VAVdDXp<FFBv8eBb2AyRZdi4uz!@)`1E4R9<>cH6dGRZh9_#
zRrvel*?ZS%SDb2;w8DR8adB^F|F^?3uwUiQkvxdsLzI<>Sc39|L~6$YbhGtpp#vM%
z#KPxQ$AaE}PPfSJXD0){3_K_|v(d5H_!BVyd9Fi9;#tPC-eOKx9_6M|s|83{Oud?;
z6rn<V{+0H-)PKzj+U^Rp(dyeWceoViNA?8b{m=z``dWv@R6T+A5{E#)dZK$w++xfl
ztIKN<RdLsT<an-o>rqlxN0-ZI&T^tc7xyY*uG~!ax+jEp`(w?6YUS6It`ysG0x%BC
zA8RMFTJWDHuS_o)N@xXERl`?mzCJo6A>H7c6H%GRF$nXW3H1GwmXoDVw5`JfAMbXb
z`mo1$&k~(4mhAtD=^_$%E$gqucW+sVTSSP1lk<oIKFR1`(OzHWCQRwf_vPvfgM^b-
z7XV{#rR=^Aj`~w?f8Q}0E9i_NT*F_kdiPcNVb1o^F1z)=4>5D;hwpi2uEICTj~Twu
zUmB;68$R48RNtkP^-_-y_JwGYOXT<D-qyq#BhZ1uXUYuXatdSZ8&;W}IkdmETeG`=
z8`=@W96Gj3XGCCL%3$C%1UkN*AST*+n6Yb}KHULZ>)YDpGwM8Udy26KnB)D%5BiK=
z)nHg<U_eBgb_$C5ZH~FFa-g3<+Kwcsj9|~w_uJ!YU{_Ixek7n4U4;T7H5|~!;E)5L
z;1(9*R;<bHGQS27&V(&?z@idrFo#G=tT2%#$xCn0IiN*~k+Zi}2*G+=D=n!jwE1`2
z%#7DMba*?(uo)V;5`*b~$#mzOjq#gs0~(5LGN*azxtJ}sW@tF}5Q<`FD(<Ycw?XsB
zJ8+=Ug=yGq6C*&_-1Ezvp9HjCp6*H7mV8ceU&wWx8^U1lUp2Q@j(Tde=#d^??Xk1?
zSC~i|QxN>r6N0WLOlvS;&*oal08iM9-#<8+Kwf&;`?w>j-QwZo7Y4ncckIU+Ssg~J
z_(!XPcWyC1AIV(bKS!UCgB)v4FlEQh4nZrP;4S91Tq_iM5cit7J|RM{SmJ!O<w@<3
zIUeOhlJk$|VEyb&K4!%nb9d<I#z9S6$>Dx(?mz1snPX@k3^TXN3}!n2fbH)?b^kCw
zb28w?V-qM3#!>W*=XDX2gd@mpj&&?}_efEGSII2$n28&YJv#aV`#8reNH}E50}hO6
ddjE9<HIT4O_7f+VOt$}B<fLMi8?_Wp{2y%t5;Fh*

diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
deleted file mode 100644
index dfe37d52d..000000000
--- a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/METADATA
+++ /dev/null
@@ -1,93 +0,0 @@
-Metadata-Version: 2.1
-Name: MarkupSafe
-Version: 2.1.5
-Summary: Safely add untrusted strings to HTML/XML markup.
-Home-page: https://palletsprojects.com/p/markupsafe/
-Maintainer: Pallets
-Maintainer-email: contact@palletsprojects.com
-License: BSD-3-Clause
-Project-URL: Donate, https://palletsprojects.com/donate
-Project-URL: Documentation, https://markupsafe.palletsprojects.com/
-Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
-Project-URL: Source Code, https://github.com/pallets/markupsafe/
-Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
-Project-URL: Chat, https://discord.gg/pallets
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
-Classifier: Topic :: Text Processing :: Markup :: HTML
-Requires-Python: >=3.7
-Description-Content-Type: text/x-rst
-License-File: LICENSE.rst
-
-MarkupSafe
-==========
-
-MarkupSafe implements a text object that escapes characters so it is
-safe to use in HTML and XML. Characters that have special meanings are
-replaced so that they display as the actual characters. This mitigates
-injection attacks, meaning untrusted user input can safely be displayed
-on a page.
-
-
-Installing
-----------
-
-Install and update using `pip`_:
-
-.. code-block:: text
-
-    pip install -U MarkupSafe
-
-.. _pip: https://pip.pypa.io/en/stable/getting-started/
-
-
-Examples
---------
-
-.. code-block:: pycon
-
-    >>> from markupsafe import Markup, escape
-
-    >>> # escape replaces special characters and wraps in Markup
-    >>> escape("<script>alert(document.cookie);</script>")
-    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
-
-    >>> # wrap in Markup to mark text "safe" and prevent escaping
-    >>> Markup("<strong>Hello</strong>")
-    Markup('<strong>hello</strong>')
-
-    >>> escape(Markup("<strong>Hello</strong>"))
-    Markup('<strong>hello</strong>')
-
-    >>> # Markup is a str subclass
-    >>> # methods and operators escape their arguments
-    >>> template = Markup("Hello <em>{name}</em>")
-    >>> template.format(name='"World"')
-    Markup('Hello <em>&#34;World&#34;</em>')
-
-
-Donate
-------
-
-The Pallets organization develops and supports MarkupSafe and other
-popular packages. In order to grow the community of contributors and
-users, and allow the maintainers to devote more time to the projects,
-`please donate today`_.
-
-.. _please donate today: https://palletsprojects.com/donate
-
-
-Links
------
-
--   Documentation: https://markupsafe.palletsprojects.com/
--   Changes: https://markupsafe.palletsprojects.com/changes/
--   PyPI Releases: https://pypi.org/project/MarkupSafe/
--   Source Code: https://github.com/pallets/markupsafe/
--   Issue Tracker: https://github.com/pallets/markupsafe/issues/
--   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
deleted file mode 100644
index 9063eb12e..000000000
--- a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/RECORD
+++ /dev/null
@@ -1,15 +0,0 @@
-MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
-MarkupSafe-2.1.5.dist-info/METADATA,sha256=2dRDPam6OZLfpX0wg1JN5P3u9arqACxVSfdGmsJU7o8,3003
-MarkupSafe-2.1.5.dist-info/RECORD,,
-MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-MarkupSafe-2.1.5.dist-info/WHEEL,sha256=s4nCzmeJHzzKs_3mY44pZnIB7xTTMwwgEpWpc7aab8A,154
-MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
-markupsafe/__init__.py,sha256=r7VOTjUq7EMQ4v3p4R1LoVOGJg6ysfYRncLr34laRBs,10958
-markupsafe/__pycache__/__init__.cpython-311.pyc,,
-markupsafe/__pycache__/_native.cpython-311.pyc,,
-markupsafe/_native.py,sha256=GR86Qvo_GcgKmKreA1WmYN9ud17OFwkww8E-fiW-57s,1713
-markupsafe/_speedups.c,sha256=X2XvQVtIdcK4Usz70BvkzoOfjTCmQlDkkjYSn-swE0g,7083
-markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so,sha256=RkdkexQSewKzJi93ZG8LMOk_Kk2BHITY1pBWLG4V0TE,107968
-markupsafe/_speedups.pyi,sha256=vfMCsOgbAXRNLUXkyuyonG8uEWKYU4PDqNuMaDELAYw,229
-markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
rename to lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/METADATA
new file mode 100644
index 000000000..82261f2a4
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/METADATA
@@ -0,0 +1,92 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 3.0.2
+Summary: Safely add untrusted strings to HTML/XML markup.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+License: Copyright 2010 Pallets
+        
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are
+        met:
+        
+        1.  Redistributions of source code must retain the above copyright
+            notice, this list of conditions and the following disclaimer.
+        
+        2.  Redistributions in binary form must reproduce the above copyright
+            notice, this list of conditions and the following disclaimer in the
+            documentation and/or other materials provided with the distribution.
+        
+        3.  Neither the name of the copyright holder nor the names of its
+            contributors may be used to endorse or promote products derived from
+            this software without specific prior written permission.
+        
+        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+        "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+        PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+        HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+        SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+        TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+        PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+        LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+        NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+        
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source, https://github.com/pallets/markupsafe/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+
+# MarkupSafe
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+## Examples
+
+```pycon
+>>> from markupsafe import Markup, escape
+
+>>> # escape replaces special characters and wraps in Markup
+>>> escape("<script>alert(document.cookie);</script>")
+Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+>>> # wrap in Markup to mark text "safe" and prevent escaping
+>>> Markup("<strong>Hello</strong>")
+Markup('<strong>hello</strong>')
+
+>>> escape(Markup("<strong>Hello</strong>"))
+Markup('<strong>hello</strong>')
+
+>>> # Markup is a str subclass
+>>> # methods and operators escape their arguments
+>>> template = Markup("Hello <em>{name}</em>")
+>>> template.format(name='"World"')
+Markup('Hello <em>&#34;World&#34;</em>')
+```
+
+## Donate
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+[please donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/RECORD
new file mode 100644
index 000000000..816f1a7fa
--- /dev/null
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=SJqOEQhQntmKN7uYPhHg9-HTHwvY-Zp5yESOf_N9B-o,1475
+MarkupSafe-3.0.2.dist-info/METADATA,sha256=aAwbZhSmXdfFuMM-rEHpeiHRkBOGESyVLJIuwzHP-nw,3975
+MarkupSafe-3.0.2.dist-info/RECORD,,
+MarkupSafe-3.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-3.0.2.dist-info/WHEEL,sha256=Op2RVjKCU4Yd3uty1Wlljkjcwas4cTvIrdqkKFZWK28,153
+MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=sr-U6_27DfaSrj5jnHYxWN-pvhM27sjlDplMDPZKm7k,13214
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=hSLs8Jmz5aqayuengJJ3kdT5PwNpBWpKrmQSdipndC8,210
+markupsafe/_speedups.c,sha256=O7XulmTo-epI6n2FtMVOrJXl8EAaIwD2iNYmBI5SEoQ,4149
+markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so,sha256=ERBcuz-gl_TnODv5KWmFWXAr45_JjnsouJnevCcUXlc,98536
+markupsafe/_speedups.pyi,sha256=ENd1bYe7gbBUf2ywyYWOGUpnXOHNJ-cgTNqetlW8h5k,41
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
similarity index 79%
rename from lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
index c6d160f28..28270706a 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-manylinux_2_17_aarch64
 Tag: cp311-cp311-manylinux2014_aarch64
diff --git a/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-2.1.5.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-arm64/MarkupSafe-3.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/METADATA
similarity index 93%
rename from lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/METADATA
index c8905983e..db029b770 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/PyYAML-6.0.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: PyYAML
-Version: 6.0.1
+Version: 6.0.2
 Summary: YAML parser and emitter for Python
 Home-page: https://pyyaml.org/
 Download-URL: https://pypi.org/project/PyYAML/
@@ -20,17 +20,17 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Cython
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Text Processing :: Markup
-Requires-Python: >=3.6
+Requires-Python: >=3.8
 License-File: LICENSE
 
 YAML is a data serialization format designed for human readability
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/RECORD
similarity index 75%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/RECORD
index 42eb09908..717462f25 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/RECORD
@@ -1,13 +1,13 @@
-PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
-PyYAML-6.0.1.dist-info/METADATA,sha256=UNNF8-SzzwOKXVo-kV5lXUGH2_wDWMBmGxqISpp5HQk,2058
-PyYAML-6.0.1.dist-info/RECORD,,
-PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-PyYAML-6.0.1.dist-info/WHEEL,sha256=Bu_ZgMyqfUEL6K8HKTcKpjq7RNrV9wcyW-FmVu9-j44,154
-PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+PyYAML-6.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.2.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.2.dist-info/METADATA,sha256=9-odFB5seu4pGPcEv7E8iyxNF51_uKnaNGjLAhz2lto,2060
+PyYAML-6.0.2.dist-info/RECORD,,
+PyYAML-6.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.2.dist-info/WHEEL,sha256=GG4OgPmr4wzR6DR9C05yHdxygRJRIpYkqGoQ5EARuwg,154
+PyYAML-6.0.2.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
 _yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
 _yaml/__pycache__/__init__.cpython-311.pyc,,
-yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__init__.py,sha256=N35S01HMesFTe0aRRMWkPj0Pa8IEbHpE9FK7cr5Bdtw,12311
 yaml/__pycache__/__init__.cpython-311.pyc,,
 yaml/__pycache__/composer.cpython-311.pyc,,
 yaml/__pycache__/constructor.cpython-311.pyc,,
@@ -25,7 +25,7 @@ yaml/__pycache__/resolver.cpython-311.pyc,,
 yaml/__pycache__/scanner.cpython-311.pyc,,
 yaml/__pycache__/serializer.cpython-311.pyc,,
 yaml/__pycache__/tokens.cpython-311.pyc,,
-yaml/_yaml.cpython-311-aarch64-linux-gnu.so,sha256=5h0eqkdV6nKXFbJVfHksfaxDW32ec39xhBgazxaEbSg,2519832
+yaml/_yaml.cpython-311-aarch64-linux-gnu.so,sha256=EhAbtBnK_t8ZgK_qVq-hOnBZ7uLhfI50OMzu-GkDRQE,2442640
 yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
 yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
 yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/WHEEL
similarity index 79%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/WHEEL
index 0ac102d32..3926d4bae 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: bdist_wheel (0.44.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-manylinux_2_17_aarch64
 Tag: cp311-cp311-manylinux2014_aarch64
diff --git a/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-arm64/PyYAML-6.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-arm64/files.json b/lib/go-jinja2/internal/data/linux-arm64/files.json
index 6a1992bde..8b99933c1 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/files.json
+++ b/lib/go-jinja2/internal/data/linux-arm64/files.json
@@ -1,83 +1,83 @@
 {
-  "contentHash": "03f895c361713063cafe2a3e5fdc700249064b2bae1be315776267e0a9024d81",
+  "contentHash": "3fe3b4341c6219dd2abce788a0b92f15a19416d0a07437b580916ad6405e505f",
   "files": [
     {
-      "name": "MarkupSafe-2.1.5.dist-info",
+      "name": "MarkupSafe-3.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "name": "MarkupSafe-3.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "name": "MarkupSafe-3.0.2.dist-info/LICENSE.txt",
       "size": 1475,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
-      "size": 3003,
+      "name": "MarkupSafe-3.0.2.dist-info/METADATA",
+      "size": 3975,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
-      "size": 1202,
+      "name": "MarkupSafe-3.0.2.dist-info/RECORD",
+      "size": 1199,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "name": "MarkupSafe-3.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
-      "size": 154,
+      "name": "MarkupSafe-3.0.2.dist-info/WHEEL",
+      "size": 153,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "name": "MarkupSafe-3.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info",
+      "name": "PyYAML-6.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "name": "PyYAML-6.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "name": "PyYAML-6.0.2.dist-info/LICENSE",
       "size": 1101,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/METADATA",
-      "size": 2058,
+      "name": "PyYAML-6.0.2.dist-info/METADATA",
+      "size": 2060,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "name": "PyYAML-6.0.2.dist-info/RECORD",
       "size": 2785,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "name": "PyYAML-6.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "name": "PyYAML-6.0.2.dist-info/WHEEL",
       "size": 154,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "name": "PyYAML-6.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
@@ -417,47 +417,47 @@
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info",
+      "name": "jsonpath_ng-1.7.0.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "name": "jsonpath_ng-1.7.0.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "name": "jsonpath_ng-1.7.0.dist-info/LICENSE",
       "size": 11358,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
-      "size": 18072,
+      "name": "jsonpath_ng-1.7.0.dist-info/METADATA",
+      "size": 18400,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "name": "jsonpath_ng-1.7.0.dist-info/RECORD",
       "size": 2549,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "name": "jsonpath_ng-1.7.0.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "name": "jsonpath_ng-1.7.0.dist-info/WHEEL",
       "size": 92,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
-      "size": 69,
+      "name": "jsonpath_ng-1.7.0.dist-info/entry_points.txt",
+      "size": 70,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "name": "jsonpath_ng-1.7.0.dist-info/top_level.txt",
       "size": 12,
       "perm": 420
     },
@@ -508,32 +508,32 @@
     },
     {
       "name": "jsonpath_ng/ext/iterable.py",
-      "size": 3680,
+      "size": 4302,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/parser.py",
-      "size": 5351,
+      "size": 5416,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/string.py",
-      "size": 3261,
+      "size": 4045,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/jsonpath.py",
-      "size": 26402,
+      "size": 27219,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/lexer.py",
-      "size": 5231,
+      "size": 5276,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/parser.py",
-      "size": 5883,
+      "size": 6077,
       "perm": 420
     },
     {
@@ -543,28 +543,28 @@
     },
     {
       "name": "markupsafe/__init__.py",
-      "size": 10958,
+      "size": 13214,
       "perm": 420
     },
     {
       "name": "markupsafe/_native.py",
-      "size": 1713,
+      "size": 210,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.c",
-      "size": 7083,
+      "size": 4149,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so",
-      "size": 107968,
+      "size": 98536,
       "perm": 493,
       "compressed": true
     },
     {
       "name": "markupsafe/_speedups.pyi",
-      "size": 229,
+      "size": 41,
       "perm": 420
     },
     {
@@ -800,7 +800,7 @@
     },
     {
       "name": "yaml/_yaml.cpython-311-aarch64-linux-gnu.so",
-      "size": 2519832,
+      "size": 2442640,
       "perm": 493,
       "compressed": true
     },
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
similarity index 91%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
index 86be119bc..3a7d08dd6 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/METADATA
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/METADATA
@@ -1,22 +1,21 @@
 Metadata-Version: 2.1
 Name: jsonpath-ng
-Version: 1.6.1
+Version: 1.7.0
 Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
 Home-page: https://github.com/h2non/jsonpath-ng
 Author: Tomas Aparicio
 Author-email: tomas@aparicio.me
 License: Apache 2.0
+Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
-License-File: LICENSE
 Requires-Dist: ply
 
 Python JSONPath Next-Generation |Build Status| |PyPI|
@@ -32,7 +31,7 @@ About
 -----
 
 This library provides a robust and significantly extended implementation
-of JSONPath for Python. It is tested with CPython 3.7 and higher.
+of JSONPath for Python. It is tested with CPython 3.8 and higher.
 
 This library differs from other JSONPath implementations in that it is a
 full *language* implementation, meaning the JSONPath expressions are
@@ -147,19 +146,21 @@ Atomic expressions:
 
 Jsonpath operators:
 
-+-------------------------------------+------------------------------------------------------------------------------------+
-| Syntax                              | Meaning                                                                            |
-+=====================================+====================================================================================+
-| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
-+-------------------------------------+------------------------------------------------------------------------------------+
++--------------------------------------+-----------------------------------------------------------------------------------+
+| Syntax                               | Meaning                                                                           |
++======================================+===================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*        | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*        |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``    | Same as *jsonpath*\ ``.``\ *whatever*                                             |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*       | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*    | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``wherenot`` *jsonpath2* | Any nodes matching *jsonpath1* with a child not matching *jsonpath2*              |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*        | Any nodes matching the union of *jsonpath1* and *jsonpath2*                       |
++--------------------------------------+-----------------------------------------------------------------------------------+
 
 Field specifiers ( *field* ):
 
@@ -236,6 +237,8 @@ To use the extensions below you must import from `jsonpath_ng.ext`.
 |              | - ``$.field.`sub(/regex/, replacement)```     |
 +--------------+-----------------------------------------------+
 | split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(",", *, -1)```             |
+|              | - ``$.field.`split(' ', -1, -1)```            |
 |              | - ``$.field.`split(sep, segement, maxsplit)```|
 +--------------+-----------------------------------------------+
 | sorted       | - ``$.objects.`sorted```                      |
@@ -377,3 +380,5 @@ limitations under the License.
    :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
 .. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
    :target: https://pypi.python.org/pypi/jsonpath-ng
+
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
similarity index 54%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
index 20fe88195..2f3215e18 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/RECORD
@@ -1,13 +1,13 @@
 ../../bin/jsonpath_ng,sha256=_vbWgaZaHk4PSatDYj_Vl1etT8NE46RCsPoozVTHofE,260
-jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
-jsonpath_ng-1.6.1.dist-info/RECORD,,
-jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
-jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
-jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng-1.7.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.7.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.7.0.dist-info/METADATA,sha256=SeIBPNOSwzieZEWYZ3rJOhSej3WLUbmbudGwGZVvzF8,18400
+jsonpath_ng-1.7.0.dist-info/RECORD,,
+jsonpath_ng-1.7.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.7.0.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
+jsonpath_ng-1.7.0.dist-info/entry_points.txt,sha256=X7ZlkFvz1kYSNtz7hXOsRc5L2o3SOCAV0f7IBViZkGQ,70
+jsonpath_ng-1.7.0.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=DU869YGlpMHa48K9X2Ypgb8OwjYU7kEtcea5mC6wv1I,116
 jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
 jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
 jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
@@ -27,9 +27,9 @@ jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
 jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
 jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
 jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
-jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
-jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
-jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
-jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
-jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
-jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
+jsonpath_ng/ext/iterable.py,sha256=f8PMyfT2MgSCvpQgNc0GNr6ULhxv3kj7tAqA0f7KvIE,4302
+jsonpath_ng/ext/parser.py,sha256=0nkxkF_ComJUMs0jUGzaf5KthC7phlPwcYQy7IHaSxU,5416
+jsonpath_ng/ext/string.py,sha256=m1fUl2yWTyI7I5auWXeM-O3gf0p3WV0CTh9be55Q884,4045
+jsonpath_ng/jsonpath.py,sha256=mfQmaDWfgz_Y6sAqTX-8CUpxoiOem_dg7R9S0ZFyBQE,27219
+jsonpath_ng/lexer.py,sha256=ZXGwVwv8RFPPDswue7pcgCMP4KIlYH_m6xpxQakLBA4,5276
+jsonpath_ng/parser.py,sha256=kirRhGux10hjc5nXqWtz1Ko2P_cfypZciekK1-PrWz4,6077
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
similarity index 65%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
index 57e3d840d..b552003ff 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.34.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 
diff --git a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
similarity index 98%
rename from lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
index e1985ff19..105e6040a 100644
--- a/lib/go-jinja2/internal/data/darwin-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
@@ -1,2 +1,3 @@
 [console_scripts]
 jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
+
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.6.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng-1.7.0.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
index ed6553b2d..938f88c0d 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/__init__.py
@@ -3,4 +3,4 @@
 
 
 # Current package version
-__version__ = '1.6.1'
+__version__ = '1.7.0'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
index 40ae1eb5b..c5cd0dc08 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/iterable.py
@@ -116,3 +116,28 @@ def __str__(self):
 
     def __repr__(self):
         return 'Keys()'
+
+class Path(JSONPath):
+    """The JSONPath referring to the path of the current object.
+    Concrete syntax is 'path`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = str(datum.path)
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value,
+                                   context=datum,
+                                   path=Path())]
+
+    def __eq__(self, other):
+        return isinstance(other, Path)
+
+    def __str__(self):
+        return '`path`'
+
+    def __repr__(self):
+        return 'Path()'
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
index 756b72c69..fa67f4f22 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/parser.py
@@ -96,6 +96,8 @@ def p_jsonpath_named_operator(self, p):
             p[0] = _iterable.Len()
         elif p[1] == 'keys':
             p[0] = _iterable.Keys()
+        elif p[1] == 'path':
+            p[0] = _iterable.Path()
         elif p[1] == 'sorted':
             p[0] = _iterable.SortedThis()
         elif p[1].startswith("split("):
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
index 1cd27632d..9bf912dfb 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/ext/string.py
@@ -16,7 +16,13 @@
 
 
 SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
-SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+# Regex generated using the EZRegex package (ezregex.org)
+# EZRegex code: 
+# param1 = group(optional(either("'", '"')), name='quote') + group(chunk) + earlier_group('quote')
+# param2 = group(either(optional('-') + number, '*'))
+# param3 = group(optional('-') + number)
+# pattern = 'split' + ow + '(' + ow + param1 + ow + ',' + ow + param2 + ow + ',' + ow + param3 + ow + ')'
+SPLIT = re.compile(r"split(?:\s+)?\((?:\s+)?(?P<quote>(?:(?:'|\"))?)(.+)(?P=quote)(?:\s+)?,(?:\s+)?((?:(?:\-)?\d+|\*))(?:\s+)?,(?:\s+)?((?:\-)?\d+)(?:\s+)?\)")
 STR = re.compile(r"str\(\)")
 
 
@@ -60,23 +66,29 @@ def __str__(self):
 class Split(This):
     """String splitter
 
-    Concrete syntax is '`split(char, segment, max_split)`'
+    Concrete syntax is '`split(chars, segment, max_split)`'
+    `chars` can optionally be surrounded by quotes, to specify things like commas or spaces
+    `segment` can be `*` to select all
+    `max_split` can be negative, to indicate no limit
     """
 
     def __init__(self, method=None):
         m = SPLIT.match(method)
         if m is None:
             raise DefintionInvalid("%s is not valid" % method)
-        self.char = m.group(1)
-        self.segment = int(m.group(2))
-        self.max_split = int(m.group(3))
+        self.chars = m.group(2)
+        self.segment = m.group(3)
+        self.max_split = int(m.group(4))
         self.method = method
 
     def find(self, datum):
         datum = DatumInContext.wrap(datum)
         try:
-            value = datum.value.split(self.char, self.max_split)[self.segment]
-        except Exception:
+            if self.segment == '*':
+                value = datum.value.split(self.chars, self.max_split)
+            else:
+                value = datum.value.split(self.chars, self.max_split)[int(self.segment)]
+        except:
             return []
         return [DatumInContext.wrap(value)]
 
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
index 19e5a9eb3..c2e392b9c 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/jsonpath.py
@@ -369,6 +369,36 @@ def __eq__(self, other):
     def __hash__(self):
         return hash((self.left, self.right))
 
+
+class WhereNot(Where):
+    """
+    Identical to ``Where``, but filters for only those nodes that
+    do *not* have a match on the right.
+
+    >>> jsonpath = WhereNot(Fields('spam'), Fields('spam'))
+    >>> jsonpath.find({"spam": {"spam": 1}})
+    []
+    >>> matches = jsonpath.find({"spam": 1})
+    >>> matches[0].value
+    1
+
+    """
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data)
+                if not self.right.find(subdata)]
+
+    def __str__(self):
+        return '%s wherenot %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return (isinstance(other, WhereNot)
+                and other.left == self.left
+                and other.right == self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
 class Descendants(JSONPath):
     """
     JSONPath that matches first the left expression then any descendant
@@ -597,9 +627,9 @@ def update_or_create(self, data, val):
     def _update_base(self, data, val, create):
         if data is not None:
             for field in self.reified_fields(DatumInContext.wrap(data)):
-                if field not in data and create:
+                if create and field not in data:
                     data[field] = {}
-                if field in data:
+                if type(data) is not bool and field in data:
                     if hasattr(val, '__call__'):
                         data[field] = val(data[field], data, field)
                     else:
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
index b2ad5ee6d..bc86488d5 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/lexer.py
@@ -48,7 +48,10 @@ def tokenize(self, string):
 
     literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
 
-    reserved_words = { 'where': 'WHERE' }
+    reserved_words = {
+        'where': 'WHERE',
+        'wherenot': 'WHERENOT',
+    }
 
     tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
 
diff --git a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
index 87e353ebf..a2ea6e678 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/jsonpath_ng/parser.py
@@ -33,12 +33,6 @@ def __init__(self, debug=False, lexer_class=None):
         self.debug = debug
         self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
 
-    def parse(self, string, lexer = None):
-        lexer = lexer or self.lexer_class()
-        return self.parse_token_stream(lexer.tokenize(string))
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-
         # Since PLY has some crufty aspects and dumps files, we try to keep them local
         # However, we need to derive the name of the output Python file :-/
         output_directory = os.path.dirname(__file__)
@@ -47,19 +41,24 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         except:
             module_name = __name__
 
+        start_symbol = 'jsonpath'
         parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
 
-        # And we regenerate the parse table every time;
-        # it doesn't actually take that long!
-        new_parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule = parsing_table_module,
-                                   outputdir = output_directory,
-                                   write_tables=0,
-                                   start = start_symbol,
-                                   errorlog = logger)
+        # Generate the parse table
+        self.parser = ply.yacc.yacc(module=self,
+                                    debug=self.debug,
+                                    tabmodule = parsing_table_module,
+                                    outputdir = output_directory,
+                                    write_tables=0,
+                                    start = start_symbol,
+                                    errorlog = logger)
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
 
-        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+    def parse_token_stream(self, token_iterator):
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
 
     # ===================== PLY Parser specification =====================
 
@@ -70,6 +69,7 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         ('left', '|'),
         ('left', '&'),
         ('left', 'WHERE'),
+        ('left', 'WHERENOT'),
     ]
 
     def p_error(self, t):
@@ -82,6 +82,7 @@ def p_jsonpath_binop(self, p):
         """jsonpath : jsonpath '.' jsonpath
                     | jsonpath DOUBLEDOT jsonpath
                     | jsonpath WHERE jsonpath
+                    | jsonpath WHERENOT jsonpath
                     | jsonpath '|' jsonpath
                     | jsonpath '&' jsonpath"""
         op = p[2]
@@ -92,6 +93,8 @@ def p_jsonpath_binop(self, p):
             p[0] = Descendants(p[1], p[3])
         elif op == 'where':
             p[0] = Where(p[1], p[3])
+        elif op == 'wherenot':
+            p[0] = WhereNot(p[1], p[3])
         elif op == '|':
             p[0] = Union(p[1], p[3])
         elif op == '&':
@@ -146,9 +149,12 @@ def p_jsonpath_parens(self, p):
     # Because fields in brackets cannot be '*' - that is reserved for array indices
     def p_fields_or_any(self, p):
         """fields_or_any : fields
-                         | '*'    """
+                         | '*'
+                         | NUMBER"""
         if p[1] == '*':
             p[0] = ['*']
+        elif isinstance(p[1], int):
+            p[0] = str(p[1])
         else:
             p[0] = p[1]
 
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
index b40f24c66..fee8dc7ac 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/__init__.py
@@ -1,29 +1,84 @@
-import functools
+from __future__ import annotations
+
+import collections.abc as cabc
 import string
-import sys
 import typing as t
 
+try:
+    from ._speedups import _escape_inner
+except ImportError:
+    from ._native import _escape_inner
+
 if t.TYPE_CHECKING:
     import typing_extensions as te
 
-    class HasHTML(te.Protocol):
-        def __html__(self) -> str:
-            pass
 
-    _P = te.ParamSpec("_P")
+class _HasHTML(t.Protocol):
+    def __html__(self, /) -> str: ...
+
+
+class _TPEscape(t.Protocol):
+    def __call__(self, s: t.Any, /) -> Markup: ...
+
+
+def escape(s: t.Any, /) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    # If the object is already a plain string, skip __html__ check and string
+    # conversion. This is the most common use case.
+    # Use type(s) instead of s.__class__ because a proxy object may be reporting
+    # the __class__ of the proxied value.
+    if type(s) is str:
+        return Markup(_escape_inner(s))
+
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(_escape_inner(str(s)))
+
+
+def escape_silent(s: t.Any | None, /) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
 
+    return escape(s)
 
-__version__ = "2.1.5"
 
+def soft_str(s: t.Any, /) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
 
-def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
-    @functools.wraps(func)
-    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
-        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
-        _escape_argspec(kwargs, kwargs.items(), self.escape)
-        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
 
-    return wrapped  # type: ignore[return-value]
+    return s
 
 
 class Markup(str):
@@ -65,82 +120,72 @@ class Markup(str):
     __slots__ = ()
 
     def __new__(
-        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
-    ) -> "te.Self":
-        if hasattr(base, "__html__"):
-            base = base.__html__()
+        cls, object: t.Any = "", encoding: str | None = None, errors: str = "strict"
+    ) -> te.Self:
+        if hasattr(object, "__html__"):
+            object = object.__html__()
 
         if encoding is None:
-            return super().__new__(cls, base)
+            return super().__new__(cls, object)
 
-        return super().__new__(cls, base, encoding, errors)
+        return super().__new__(cls, object, encoding, errors)
 
-    def __html__(self) -> "te.Self":
+    def __html__(self, /) -> te.Self:
         return self
 
-    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.__class__(super().__add__(self.escape(other)))
+    def __add__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.__class__(super().__add__(self.escape(value)))
 
         return NotImplemented
 
-    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.escape(other).__add__(self)
+    def __radd__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.escape(value).__add__(self)
 
         return NotImplemented
 
-    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
-        if isinstance(num, int):
-            return self.__class__(super().__mul__(num))
+    def __mul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-        return NotImplemented
-
-    __rmul__ = __mul__
+    def __rmul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-    def __mod__(self, arg: t.Any) -> "te.Self":
-        if isinstance(arg, tuple):
+    def __mod__(self, value: t.Any, /) -> te.Self:
+        if isinstance(value, tuple):
             # a tuple of arguments, each wrapped
-            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
-        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            value = tuple(_MarkupEscapeHelper(x, self.escape) for x in value)
+        elif hasattr(type(value), "__getitem__") and not isinstance(value, str):
             # a mapping of arguments, wrapped
-            arg = _MarkupEscapeHelper(arg, self.escape)
+            value = _MarkupEscapeHelper(value, self.escape)
         else:
             # a single argument, wrapped with the helper and a tuple
-            arg = (_MarkupEscapeHelper(arg, self.escape),)
+            value = (_MarkupEscapeHelper(value, self.escape),)
 
-        return self.__class__(super().__mod__(arg))
+        return self.__class__(super().__mod__(value))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return f"{self.__class__.__name__}({super().__repr__()})"
 
-    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
-        return self.__class__(super().join(map(self.escape, seq)))
-
-    join.__doc__ = str.join.__doc__
+    def join(self, iterable: cabc.Iterable[str | _HasHTML], /) -> te.Self:
+        return self.__class__(super().join(map(self.escape, iterable)))
 
     def split(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().split(sep, maxsplit)]
 
-    split.__doc__ = str.split.__doc__
-
     def rsplit(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
 
-    rsplit.__doc__ = str.rsplit.__doc__
-
     def splitlines(  # type: ignore[override]
-        self, keepends: bool = False
-    ) -> t.List["te.Self"]:
+        self, /, keepends: bool = False
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().splitlines(keepends)]
 
-    splitlines.__doc__ = str.splitlines.__doc__
-
-    def unescape(self) -> str:
+    def unescape(self, /) -> str:
         """Convert escaped markup back into a text string. This replaces
         HTML entities with the characters they represent.
 
@@ -151,7 +196,7 @@ def unescape(self) -> str:
 
         return unescape(str(self))
 
-    def striptags(self) -> str:
+    def striptags(self, /) -> str:
         """:meth:`unescape` the markup, remove tags, and normalize
         whitespace to single spaces.
 
@@ -163,31 +208,17 @@ def striptags(self) -> str:
         # Look for comments then tags separately. Otherwise, a comment that
         # contains a tag would end early, leaving some of the comment behind.
 
-        while True:
-            # keep finding comment start marks
-            start = value.find("<!--")
-
-            if start == -1:
-                break
-
+        # keep finding comment start marks
+        while (start := value.find("<!--")) != -1:
             # find a comment end mark beyond the start, otherwise stop
-            end = value.find("-->", start)
-
-            if end == -1:
+            if (end := value.find("-->", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 3:]}"
 
         # remove tags using the same method
-        while True:
-            start = value.find("<")
-
-            if start == -1:
-                break
-
-            end = value.find(">", start)
-
-            if end == -1:
+        while (start := value.find("<")) != -1:
+            if (end := value.find(">", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 1:]}"
@@ -197,7 +228,7 @@ def striptags(self) -> str:
         return self.__class__(value).unescape()
 
     @classmethod
-    def escape(cls, s: t.Any) -> "te.Self":
+    def escape(cls, s: t.Any, /) -> te.Self:
         """Escape a string. Calls :func:`escape` and ensures that for
         subclasses the correct type is returned.
         """
@@ -208,49 +239,90 @@ def escape(cls, s: t.Any) -> "te.Self":
 
         return rv  # type: ignore[return-value]
 
-    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
-    capitalize = _simple_escaping_wrapper(str.capitalize)
-    title = _simple_escaping_wrapper(str.title)
-    lower = _simple_escaping_wrapper(str.lower)
-    upper = _simple_escaping_wrapper(str.upper)
-    replace = _simple_escaping_wrapper(str.replace)
-    ljust = _simple_escaping_wrapper(str.ljust)
-    rjust = _simple_escaping_wrapper(str.rjust)
-    lstrip = _simple_escaping_wrapper(str.lstrip)
-    rstrip = _simple_escaping_wrapper(str.rstrip)
-    center = _simple_escaping_wrapper(str.center)
-    strip = _simple_escaping_wrapper(str.strip)
-    translate = _simple_escaping_wrapper(str.translate)
-    expandtabs = _simple_escaping_wrapper(str.expandtabs)
-    swapcase = _simple_escaping_wrapper(str.swapcase)
-    zfill = _simple_escaping_wrapper(str.zfill)
-    casefold = _simple_escaping_wrapper(str.casefold)
-
-    if sys.version_info >= (3, 9):
-        removeprefix = _simple_escaping_wrapper(str.removeprefix)
-        removesuffix = _simple_escaping_wrapper(str.removesuffix)
-
-    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().partition(self.escape(sep))
+    def __getitem__(self, key: t.SupportsIndex | slice, /) -> te.Self:
+        return self.__class__(super().__getitem__(key))
+
+    def capitalize(self, /) -> te.Self:
+        return self.__class__(super().capitalize())
+
+    def title(self, /) -> te.Self:
+        return self.__class__(super().title())
+
+    def lower(self, /) -> te.Self:
+        return self.__class__(super().lower())
+
+    def upper(self, /) -> te.Self:
+        return self.__class__(super().upper())
+
+    def replace(self, old: str, new: str, count: t.SupportsIndex = -1, /) -> te.Self:
+        return self.__class__(super().replace(old, self.escape(new), count))
+
+    def ljust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().ljust(width, self.escape(fillchar)))
+
+    def rjust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().rjust(width, self.escape(fillchar)))
+
+    def lstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().lstrip(chars))
+
+    def rstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().rstrip(chars))
+
+    def center(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().center(width, self.escape(fillchar)))
+
+    def strip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().strip(chars))
+
+    def translate(
+        self,
+        table: cabc.Mapping[int, str | int | None],  # type: ignore[override]
+        /,
+    ) -> str:
+        return self.__class__(super().translate(table))
+
+    def expandtabs(self, /, tabsize: t.SupportsIndex = 8) -> te.Self:
+        return self.__class__(super().expandtabs(tabsize))
+
+    def swapcase(self, /) -> te.Self:
+        return self.__class__(super().swapcase())
+
+    def zfill(self, width: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().zfill(width))
+
+    def casefold(self, /) -> te.Self:
+        return self.__class__(super().casefold())
+
+    def removeprefix(self, prefix: str, /) -> te.Self:
+        return self.__class__(super().removeprefix(prefix))
+
+    def removesuffix(self, suffix: str) -> te.Self:
+        return self.__class__(super().removesuffix(suffix))
+
+    def partition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().partition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().rpartition(self.escape(sep))
+    def rpartition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().rpartition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+    def format(self, *args: t.Any, **kwargs: t.Any) -> te.Self:
         formatter = EscapeFormatter(self.escape)
         return self.__class__(formatter.vformat(self, args, kwargs))
 
-    def format_map(  # type: ignore[override]
-        self, map: t.Mapping[str, t.Any]
-    ) -> "te.Self":
+    def format_map(
+        self,
+        mapping: cabc.Mapping[str, t.Any],  # type: ignore[override]
+        /,
+    ) -> te.Self:
         formatter = EscapeFormatter(self.escape)
-        return self.__class__(formatter.vformat(self, (), map))
+        return self.__class__(formatter.vformat(self, (), mapping))
 
-    def __html_format__(self, format_spec: str) -> "te.Self":
+    def __html_format__(self, format_spec: str, /) -> te.Self:
         if format_spec:
             raise ValueError("Unsupported format specification for Markup.")
 
@@ -260,8 +332,8 @@ def __html_format__(self, format_spec: str) -> "te.Self":
 class EscapeFormatter(string.Formatter):
     __slots__ = ("escape",)
 
-    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.escape = escape
+    def __init__(self, escape: _TPEscape) -> None:
+        self.escape: _TPEscape = escape
         super().__init__()
 
     def format_field(self, value: t.Any, format_spec: str) -> str:
@@ -278,55 +350,46 @@ def format_field(self, value: t.Any, format_spec: str) -> str:
         else:
             # We need to make sure the format spec is str here as
             # otherwise the wrong callback methods are invoked.
-            rv = string.Formatter.format_field(self, value, str(format_spec))
+            rv = super().format_field(value, str(format_spec))
         return str(self.escape(rv))
 
 
-_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
-
-
-def _escape_argspec(
-    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
-) -> _ListOrDict:
-    """Helper for various string-wrapped functions."""
-    for key, value in iterable:
-        if isinstance(value, str) or hasattr(value, "__html__"):
-            obj[key] = escape(value)
-
-    return obj
-
-
 class _MarkupEscapeHelper:
     """Helper for :meth:`Markup.__mod__`."""
 
     __slots__ = ("obj", "escape")
 
-    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.obj = obj
-        self.escape = escape
+    def __init__(self, obj: t.Any, escape: _TPEscape) -> None:
+        self.obj: t.Any = obj
+        self.escape: _TPEscape = escape
 
-    def __getitem__(self, item: t.Any) -> "te.Self":
-        return self.__class__(self.obj[item], self.escape)
+    def __getitem__(self, key: t.Any, /) -> te.Self:
+        return self.__class__(self.obj[key], self.escape)
 
-    def __str__(self) -> str:
+    def __str__(self, /) -> str:
         return str(self.escape(self.obj))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return str(self.escape(repr(self.obj)))
 
-    def __int__(self) -> int:
+    def __int__(self, /) -> int:
         return int(self.obj)
 
-    def __float__(self) -> float:
+    def __float__(self, /) -> float:
         return float(self.obj)
 
 
-# circular import
-try:
-    from ._speedups import escape as escape
-    from ._speedups import escape_silent as escape_silent
-    from ._speedups import soft_str as soft_str
-except ImportError:
-    from ._native import escape as escape
-    from ._native import escape_silent as escape_silent  # noqa: F401
-    from ._native import soft_str as soft_str  # noqa: F401
+def __getattr__(name: str) -> t.Any:
+    if name == "__version__":
+        import importlib.metadata
+        import warnings
+
+        warnings.warn(
+            "The '__version__' attribute is deprecated and will be removed in"
+            " MarkupSafe 3.1. Use feature detection, or"
+            ' `importlib.metadata.version("markupsafe")`, instead.',
+            stacklevel=2,
+        )
+        return importlib.metadata.version("markupsafe")
+
+    raise AttributeError(name)
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
index 8117b2716..088b3bca9 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_native.py
@@ -1,63 +1,8 @@
-import typing as t
-
-from . import Markup
-
-
-def escape(s: t.Any) -> Markup:
-    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
-    the string with HTML-safe sequences. Use this if you need to display
-    text that might contain such characters in HTML.
-
-    If the object has an ``__html__`` method, it is called and the
-    return value is assumed to already be safe for HTML.
-
-    :param s: An object to be converted to a string and escaped.
-    :return: A :class:`Markup` string with the escaped text.
-    """
-    if hasattr(s, "__html__"):
-        return Markup(s.__html__())
-
-    return Markup(
-        str(s)
-        .replace("&", "&amp;")
+def _escape_inner(s: str, /) -> str:
+    return (
+        s.replace("&", "&amp;")
         .replace(">", "&gt;")
         .replace("<", "&lt;")
         .replace("'", "&#39;")
         .replace('"', "&#34;")
     )
-
-
-def escape_silent(s: t.Optional[t.Any]) -> Markup:
-    """Like :func:`escape` but treats ``None`` as the empty string.
-    Useful with optional values, as otherwise you get the string
-    ``'None'`` when the value is ``None``.
-
-    >>> escape(None)
-    Markup('None')
-    >>> escape_silent(None)
-    Markup('')
-    """
-    if s is None:
-        return Markup()
-
-    return escape(s)
-
-
-def soft_str(s: t.Any) -> str:
-    """Convert an object to a string if it isn't already. This preserves
-    a :class:`Markup` string rather than converting it back to a basic
-    string, so it will still be marked as safe and won't be escaped
-    again.
-
-    >>> value = escape("<User 1>")
-    >>> value
-    Markup('&lt;User 1&gt;')
-    >>> escape(str(value))
-    Markup('&amp;lt;User 1&amp;gt;')
-    >>> escape(soft_str(value))
-    Markup('&lt;User 1&gt;')
-    """
-    if not isinstance(s, str):
-        return str(s)
-
-    return s
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
index 3c463fb82..09dd57caa 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.c
@@ -1,22 +1,5 @@
 #include <Python.h>
 
-static PyObject* markup;
-
-static int
-init_constants(void)
-{
-	PyObject *module;
-
-	/* import markup type so that we can mark the return value */
-	module = PyImport_ImportModule("markupsafe");
-	if (!module)
-		return 0;
-	markup = PyObject_GetAttrString(module, "Markup");
-	Py_DECREF(module);
-
-	return 1;
-}
-
 #define GET_DELTA(inp, inp_end, delta) \
 	while (inp < inp_end) { \
 		switch (*inp++) { \
@@ -166,135 +149,29 @@ escape_unicode_kind4(PyUnicodeObject *in)
 }
 
 static PyObject*
-escape_unicode(PyUnicodeObject *in)
+escape_unicode(PyObject *self, PyObject *s)
 {
-	if (PyUnicode_READY(in))
+	if (!PyUnicode_Check(s))
+		return NULL;
+
+    // This check is no longer needed in Python 3.12.
+	if (PyUnicode_READY(s))
 		return NULL;
 
-	switch (PyUnicode_KIND(in)) {
+	switch (PyUnicode_KIND(s)) {
 	case PyUnicode_1BYTE_KIND:
-		return escape_unicode_kind1(in);
+		return escape_unicode_kind1((PyUnicodeObject*) s);
 	case PyUnicode_2BYTE_KIND:
-		return escape_unicode_kind2(in);
+		return escape_unicode_kind2((PyUnicodeObject*) s);
 	case PyUnicode_4BYTE_KIND:
-		return escape_unicode_kind4(in);
+		return escape_unicode_kind4((PyUnicodeObject*) s);
 	}
 	assert(0);  /* shouldn't happen */
 	return NULL;
 }
 
-static PyObject*
-escape(PyObject *self, PyObject *text)
-{
-	static PyObject *id_html;
-	PyObject *s = NULL, *rv = NULL, *html;
-
-	if (id_html == NULL) {
-		id_html = PyUnicode_InternFromString("__html__");
-		if (id_html == NULL) {
-			return NULL;
-		}
-	}
-
-	/* we don't have to escape integers, bools or floats */
-	if (PyLong_CheckExact(text) ||
-		PyFloat_CheckExact(text) || PyBool_Check(text) ||
-		text == Py_None)
-		return PyObject_CallFunctionObjArgs(markup, text, NULL);
-
-	/* if the object has an __html__ method that performs the escaping */
-	html = PyObject_GetAttr(text ,id_html);
-	if (html) {
-		s = PyObject_CallObject(html, NULL);
-		Py_DECREF(html);
-		if (s == NULL) {
-			return NULL;
-		}
-		/* Convert to Markup object */
-		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-		Py_DECREF(s);
-		return rv;
-	}
-
-	/* otherwise make the object unicode if it isn't, then escape */
-	PyErr_Clear();
-	if (!PyUnicode_Check(text)) {
-		PyObject *unicode = PyObject_Str(text);
-		if (!unicode)
-			return NULL;
-		s = escape_unicode((PyUnicodeObject*)unicode);
-		Py_DECREF(unicode);
-	}
-	else
-		s = escape_unicode((PyUnicodeObject*)text);
-
-	/* convert the unicode string into a markup object. */
-	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-	Py_DECREF(s);
-	return rv;
-}
-
-
-static PyObject*
-escape_silent(PyObject *self, PyObject *text)
-{
-	if (text != Py_None)
-		return escape(self, text);
-	return PyObject_CallFunctionObjArgs(markup, NULL);
-}
-
-
-static PyObject*
-soft_str(PyObject *self, PyObject *s)
-{
-	if (!PyUnicode_Check(s))
-		return PyObject_Str(s);
-	Py_INCREF(s);
-	return s;
-}
-
-
 static PyMethodDef module_methods[] = {
-	{
-		"escape",
-		(PyCFunction)escape,
-		METH_O,
-		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
-		" the string with HTML-safe sequences. Use this if you need to display"
-		" text that might contain such characters in HTML.\n\n"
-		"If the object has an ``__html__`` method, it is called and the"
-		" return value is assumed to already be safe for HTML.\n\n"
-		":param s: An object to be converted to a string and escaped.\n"
-		":return: A :class:`Markup` string with the escaped text.\n"
-	},
-	{
-		"escape_silent",
-		(PyCFunction)escape_silent,
-		METH_O,
-		"Like :func:`escape` but treats ``None`` as the empty string."
-		" Useful with optional values, as otherwise you get the string"
-		" ``'None'`` when the value is ``None``.\n\n"
-		">>> escape(None)\n"
-		"Markup('None')\n"
-		">>> escape_silent(None)\n"
-		"Markup('')\n"
-	},
-	{
-		"soft_str",
-		(PyCFunction)soft_str,
-		METH_O,
-		"Convert an object to a string if it isn't already. This preserves"
-		" a :class:`Markup` string rather than converting it back to a basic"
-		" string, so it will still be marked as safe and won't be escaped"
-		" again.\n\n"
-		">>> value = escape(\"<User 1>\")\n"
-		">>> value\n"
-		"Markup('&lt;User 1&gt;')\n"
-		">>> escape(str(value))\n"
-		"Markup('&amp;lt;User 1&amp;gt;')\n"
-		">>> escape(soft_str(value))\n"
-		"Markup('&lt;User 1&gt;')\n"
-	},
+	{"_escape_inner", (PyCFunction)escape_unicode, METH_O, NULL},
 	{NULL, NULL, 0, NULL}  /* Sentinel */
 };
 
@@ -313,8 +190,15 @@ static struct PyModuleDef module_definition = {
 PyMODINIT_FUNC
 PyInit__speedups(void)
 {
-	if (!init_constants())
+	PyObject *m = PyModule_Create(&module_definition);
+
+	if (m == NULL) {
 		return NULL;
+	}
+
+	#ifdef Py_GIL_DISABLED
+	PyUnstable_Module_SetGIL(m, Py_MOD_GIL_NOT_USED);
+	#endif
 
-	return PyModule_Create(&module_definition);
+	return m;
 }
diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.cpython-311-aarch64-linux-gnu.so.gz
index 76b01450112dcfc7db54cadcddac0d602f492d3e..333577cb1f012fba3e29c40ff6910eaf197f2d8f 100644
GIT binary patch
literal 14411
zcmeHu<yRd|@Fo%<cyNb=;O_435ZocSyF0<%x%dUb#T|mXySux)!$p>N_qSj7FWC7|
zGc`|lO-=RFbxxn|B8mD6@!tjYapvpoLolE6;ciBzb+c6a>V__gxe6ajQHvo$Y}n<Q
z0O!dSYbiRao&c($k0+N*#2}zzjt5N@fMq?{s6p~eAo7BG`BqDUmUUZ0OTfEDYqGgV
zN>`6vLjgHm90h%ZAJF-5W7>j@+_LfY8tikhhq3NGndLpve3<2Zk)B{;t6l$!pq2Pt
zs2f%IuP=k|+VFM7Ppu4vF=2R~>1YaxQ!&S;LYhVxvfUIhLY@+1)a+y@Z7Q!_b*IB&
zpABY#OWY!ya}}Q!i*=udpb!5)yA`&GPC9V*ts63u#e#dYg9{DN%@t{lFBL9*A$4#Q
zDC@fV%&qk!Lzd)8Yxs5z{j^mgyQm|TezvEGf`WXHLXTyGqbUCF2f3tUr5R_J1b-DM
zjYXeWAmV(k^)Bs!o`c@+?z|-2*%JtS77kcFi+My&D6xI2SX*c;73)Yb5U(&->kt_T
zTOiUq-l!{}O0a-d@W$ZXq=7wAFJRkHoZ<ZzsmjPeywV>H=>e5ur(2aLSq?7ftHka!
z+aKR)56o^5KkXkh`jUG|6-)Z%IwN5^v_&tGc4qlb^(Pr7K6FypJk2{V<nGGpvYlxM
z(tMcKe@Z5p%hxitKVkoMUw!)l82Ec^$i!Y?nXsLQ*&?AqM%v3v-}JpCWM&1aFTY*%
zIIsXa@{4kW5N}NHTxLlBC}6_iTNYZHKqjL!NBc=fd~{R6#?Qk0%cXa6oauL3r(K<G
z0&|^+4dR9^UhemB7{&qXW}iU+$W`B=KbymYy!1~$v-}!iIx|OoNqcWoe{yc}oAzXi
z?#9C#81;~FZ1Z!Y^;R4)DU(bZXtn*MB(C$QTZ6^epj))>X_bFc$LN>~7WC{@B<3kG
z^hR`e93~)McUFQIn7lbd7W6#Abtu1?+rjAIWZ1j_Pznf6SMgE4gUM{ll6e)MOscJI
z&QAEYtyyAZKh=ZGfsF}_4*l7t(%axm?AfNu&)enw_3tg*SO$S<_%nabq!P;Zv6~;i
z2^OeV$>CQiDpVQ_P}+RI9eEOQaU75LQ;KxG8%NgT-1HqTXVBdx1yE)RtlW*Y)n+!z
zy;yAM#X*5LA!5e`8=k}%GieE&r8kBN-b0p;`LQTV$!&BNTMg}sf}_%MB(Z_G&<}O*
z7t5<8<0fu|BPMQ7%nR+68tLGi70;bL<hXO@s_hiH!i~0^Bu+xZ*SFXS3=$s+zpwn+
zly2UrlUCQRIUe>gcT?Vx_3k(W<ft-7c(=pW6fHF!DiV`oBn$32K{*j9<${{AIoi?u
zzM3WL;EfDVRNt%gXVmPrZFq{uYSQ!dgyA!;@|}DswL|!BQJ$3J<q-H`Nk$Px51GRV
zDa*qMWR$^F`C{)@cS5g#nj+~=CE3HF{lRKKJ!r2CH>3Lmue-5Jq51tr<2RmM%A>9q
zav@ZorT2{THeYaw++>T_83}YlTh8*luQx^AE;NicD!}lgrE~(r|0^wOcGJZ5l$e~<
zhCiB@vI>vlS>*|z@NTAg{$T=jHf1dByf=9?|67Lco0|*v@gLhxTUxv|O_qfUzxp(V
z317(xXXMoUq<empcGp&3#RVvK4Ew>CiQ8#bN6H1kmB^g*K~8>WO}s`8Wvd(?(URp>
znxtjnJ2Gg~Y|1y8aqJIQRzdv5$n$%F=$RG*Rc*!I)#=-5XppnZj<06i@DcZiNul`;
zbNQw(u@?pL;EN>X-=c_HVA+rknYf>m8%14^2k^tw=MF4anBznGYWy$`RGtVMf~zvf
z1q;!h^Ev*^(&5OvJ}-1yhs(>D;5PZ_Ew%fA#NxjtKwR|)<hS|WmdGg<MZUE%2|P>m
zYd+fD^!C+Ucy?qCDjswkWtD>eJa4t>lJI#Edp#%~^Zg2|DRQTtw-<DQ^wN*DxuEDI
zinO`#%QLm+e7*#Y8=U!Fk5{a7%6T$*+P`-10d`R-B<;WwH(~pm3hI#T1tg`@&d&<v
zoy`dRKbkLwIg?x3!%{NZFSAC@aFb3Of@KC;HZ`gNCg)FNC{hAr^34`R^Y(GWY(>r&
z`;WidI}!NZv&Qb?iC+6|xfVM01BrKBIj^_dEHCm@(uoW@px}bvtCBijN1Xk?GJ1qt
zDCjm`<t6Jr?w!i8&+g+CvG9(84-`wpL;a-`j)LS+N2=fQJ|j2GpC5-~%5pCT4peS;
z&tCI{La{NR+!f2?mlDWfgXC}b0s79IFQJRAugVv(3<zX4R^LM0))DZJ@0oLY1;=sj
zpD{n5^Y87(vAhuTJ|~r4X3e~LU0G1r$MN(0SnPa^o4jDY;%{()^0Kg>cj$EWa_Qth
zkx(25fA-9-QF+-&FPO6lyxaoy_4=>B$2RLN39N=m;+Nk0?v{we6}Sk9ysw@MPbyys
zHZ^}_9VH-d+$7bz=NDOQ8j|cTJ6tLI504W`Hm@HNEuQ-^C6)MZgq#zwq<cBb`L+nj
zo$oQbW{0?`L9SFethlDjwTIK@7kRq)zL$)}dRKJ?{!5qRe||Cl1m-!M#~U0ER}T_C
z=X}dS$pQP~k@dR*<c7T2hUs(Lhd@$E<3aPvXRMP~1svDM;;2X>ULS5%(qE)eY(5%Q
zo}Jfx6v|8|;uK9!Dm*Xtr1>ZHt~`C}KU53fa}hf!@N-|J2{&CR*OpL*6p6VnBfFEM
z={s$8_=+!E9libiS==|L-wWEQAI5GOUNdZ5l`8$vFF)J&3tW>5T$-@lCvWz|{RX#C
zShoJrxjg3q?Rs%54A4I+FbF+vmB_t`MJrZ%Bdw~)&pagaxn2GxZ2Vxh>FktV5x{WY
z^p4*p_C#8B=agO@+#Y@OYw22>hdG*<+?#zKe#G^D`EHL29GRO<7dkECWAT!yLM+yA
z{wS=mBkX&)1dh!`@yO3v1m*3y_KKD$0kMa$A6-`SKs|Xs=y78P*;@wF|Cs59H>dr<
zooV`_GBv5wGuek3%oP4Z4sr@<O9X;-x$Vq@fn=6{?R(k3dq*T8{4R2zHG6znjAU7!
zr}o1ZR8~AU5C61bBqjQ{-xSV2=S%&EOx&O?K13;;1FSyeC~nJ>y-CRRHjxL1nrDJ*
zBajw_9=k})Sk4Q<|4RB!d*upyiv#Zu@kRy5Oj5rY<t%=v4K5}>yARX)-=47QUwI#W
z4M_O>igWw=cgTX(sjzgp^vrRhq>dA?c7KoeNJjxfQ|l|kW#o)GF#RJ_1L(aG<yqP=
zTld#xqn+Hqt;#{4nj0{Tm@SKSh(7p_k<ja!d=Y(7d68u?<u=FH><4g*DCy#6Lr-BW
z{Im_6W#FhM$%p+du3MCG%>THbR;r7ZaT0?CyW@4Fr>g0~dBS^tpLVSFV<0}8%o5Q(
z`QpxJ+1DO^y3+eOMc@z}j=E0HO`rO{HMJ#m%w6wTyCGbY(ChbxEF(Tt>eQVnn{CS0
z^$jhMjBFcQ06f;Fp?}b@K@FLZlpc-Bv1Ay8{Qt%OD+aG0Usq-B8j>0%6=cd&p6<gu
zXb0l18loGK8QSR&cZ0CJcw^&G9sMw#md01F+xW+-IJGPN9cYqrA8>Kb_MU!-+c#@I
znYPpK?;2dIW4&CbD)uHsPbguZ9@-+?H{&TyuC8V`KQT*I=GavN2T3ngB^LdOiYBjW
zs&|<MI-(5(y9dchl7Mm9$?qDst9t(W-VHN3r9(vKTxV>2E?!(chnEb)_oK@_J1~e0
z4~-1^p7YP|$LE1~fyeK7=d6W|ik;Q#n=2LKud*VRe!o}ljt`AX(ReNhYu-tnF0CL5
z`IPjXpiBi_A?&4|BS$7%AP1{X8S^z=0d2I<u>|B@%!*c;GF+0wVJx{)7x16}Qh;vh
z%#bSz0e4XgWKl0(Oi^A_cBdN@L*uKph@ZbmWY5T(yJ4M<3}pMI+k1~R&c%=8$tK7}
z!~2+)yT2@YTvEU3{kI@wRtQ?cPfp2&hVKRxfBDl+>uM^t4D%8NfEOH5mHmSk8rl!&
z3+s$i!*F@@l>=u6`2tp12YvIt6a!NrCi`=6SIg+hj?p<Ba{DS|gz$b1SIxH74w#}V
z$-F_jrh@@&Z>?<SBN=!CR@Sl*uAcpG5Zd$Zd;u+gkXPn`Jdmy+Kyv!u4UzgXAAdSH
zp83r6fE6|GbX3iJx7n<Dfn{Wul1|E6yZa_Y%`!i2*g1C7*|jd7p*me5%jW_dX`&PG
z97>}Yru%f3?6Xxz3B-x%$^F>y4d<FrNn?#JtW3!zW9GiTxbw@p(DGR+c$u&fDS5oa
zrv}QQOpp#{<Uk#r6X->mpw}~m|NXK+Rb%=IZ%5*7!D+r7(4=<?J2Fax*LdScA9Hh4
zJNW|P?imTYQETlRP{o({^>5ps1omQsLT-V=Vv-v;;@r8#CuqDYWrGc=vI?sw&cu5?
zn5$v5M_w}PzXb7MAA9C;Z#AKdstc!@c{@i45POV&Vqhe1R+qxCcOzK;rsrqhBk|#V
zGRYh){FPrs8M7*shdYy--@h2-3E!ya8z7`d=Z?++g@K(i<fX5`I^fsN!@NxG?;@J%
zlq$6ur_|zE%&yk5hZLuq{l~R{N54xIyPJJ5DB$tb)jk>ebPkK{NuoEw38A!??6CV~
z696r0MS$FK?AwnVU3?qS-J8<s0%?3Aka0^taPIamaL=dpB+AY(^MwkzL*>4SV5y`-
zKIn43%>d<0eY5D^r!%ABp7_21@#;OE-W%AGVsoXahUo$~C))R7FhYHVQd;#bXply+
zC6IECynY5)YbpqWmCmN5(c$m<;VO{u)@D@*$5l>26!3_nhPfs=H&1p5P`iQ}ob%78
z?JRZj4BYK7KN?XP(~0-tOqw&$(3R>)@)0Ce16H2gK?n?MNJ#h=S~bI2#QRX^`=~!A
z?5)a`3Lfg6LTZz5{wo-~#rhb8u9xkgX1ffz35QGj`HWt0^@H&os4(mf@93FO;S{mg
z8dTZdSKuz)p;mA(YE!R%L)~|a#i334EFih4Z~7N<_>oWg1DOC>x}#Nk!<tS)f^759
z0@+^mmpcBZD}Sx+Ypok)JF3tp8?DR$P^)CBZfbKL;gX)04kR>I%N#<U`H$MFbH^0a
zah8s%b9HLqIXrS9acBazVn&E!+)0i$gSUTQROJkVuw7~OELH8zAz#V#xQlLBa9|wb
zE3-yno#%o;Lj7VKN2-cE0SJP#hVU|LA7s#WGr4{8GbR9x;<SRb(HZvht`S(zDN){t
za~kdo5T24^Duk1W2F?wB22X*{49rl4X~3(;dUo`o0*;dS8Ho$z{9IsLu)d%6V_ftW
zn(&pZa90U270e!RzI~`zA47G}xtQyiH1WwE3x$Vy4MZ-4m2R#ZAzYnw1IBPo!t16C
z54h{#l4T0ydTo0^kf?48M%1DFTB`MukV&n=e;mVHS`c4H9u~>k7Cd$<dx;|Pq9*(j
zlnAxLOWphC-ESOy2QU00Bh4^x#B#2JC5bzK34>*8ksT?X?1PMVzKEsI`D?z3d!8*Q
z(s5q;@+UIze%!PG&>D!3pyxL&S?M?NDD8HQ-?DVcq52$N{_JBLsYmGQZ0tMz&576e
znylnTgx*u@9e$ik_1cwVH&diy(An&3<Lqb@mI>Fg=!0KLDyei%8N|)#KS|uEO^hga
z$gDA|d!Au$Q0hT)6D^-E?T9`_RGp}bzVL>h+98+@{v~GP<41d&y6g{1K{;%$^3!RN
zT7yNf;w;*o#Q8UjI^pm<pFZ^LWm85B;79Qr!q0Ytc)!i>row8cE=-aF-@Og4AYA=Q
z7f(9%plnKSxr-ZIbtM*7f6}t4bfnIVl}8#!ABPd!jYKN{$hco(kzGTS4x~?xFauMh
zpdYj;2atp4nD-`sEdX^|1Afub?|VHEsFu5TZ0Dmt>f%go0onjwEh7-F!KxXT-tpND
zSf&B)kOWQhEQ#&$$UZ0kTnOomf?(NYmY)$guF8BBx?0nSd@4@Lh`U+~b~sW8IM9MX
zHcXQ3VMD1k!bLB<=w6_ljrsLt5TK4$?}V+T_D_v|S!}{oicPhGEhxA>5*c=`Rayau
z0I8&t0;Ak42<={`WoEo7rljs@OS5-o|NJDx1r(;YT<Di_;FCDMT=EirreagA^G0l0
zor?TW%=m42-lkgdyy*6Q)&>MOcRLIV{H=jfigC2m9EzNybeTu%-wUf)qBxZ`S=;^N
zo?crq9vP)f$CCdC2UosZyj{DEgWMb34z^j)Zbwx-58Aq5qT<gMfd<&dJ#c&)>Jf3G
z&#Z;Es(Zp0EpqlsHCWle5eEA)=is(CstWV!tXkT+_Ps=|$A%<bU~zu^iHfKgM;|Qm
z31!5kSNoHSzf7Ubg0hpXTB`*-wHrw94T_%O{4X81<UQIca<psFin#33P!oM%TU;tr
zzOITyQPQK=<erm|Zyd#D*Zm8pk@wHVvdAGp4SCNMI8VXrc4<$bQ<sSLXKX<GnDdAu
zfix>Yi^+$3Ncj1|*$F9rm-IR7Wb|Tzp0stObKr=5v-N_LQ?eKP<*uR)QT3*A-u5i4
zIbwv_N!s>(A<(3E*dg@}TWsn>NCxL|p?<amrVhT9tX5!aXt0eMvDwMFSylbE%$nrV
zsY$43WV_56gB7DUDAK@<7s9|`KI)7(@#Rgev*6v4rV@^Z1V-st>B7;k8!=jTc70><
zq&U%W=+J0Q21d!RAT9+ScX0<c8F*xD$u~d*y6(KW=86Wx#{jo>VRLKsw01lvMy+A@
z6^is(Uy0TQH^^lOTP#~!cl6YEUOCrW-tr69Wg!zCphg(m**dYvFHn@h9HdVvA}i_)
zzjChSDj`&NO8Io&Y5{4R!ec<=vDJC7bRLf8Z#GH!X)BZ(+U)p`FoyPmR{##~rMkYm
zz6PY+*M7;owqL@(m!5cy?nu;v?URc?%;vpLT8lr_=LZn5QRwx(Yz?bS3)BEN8HawN
zWxX*4KjtX3NBvXfstg0ckn55kfSYE7tt?@9D#z;8bGKn}PGeUW<y?mIF9ke2(fcj!
zE*dD!HD9R8%*-uIg3dEbI&OW|+D_QSIqk#k<e{-tjt`>v6O~unykMjsKdijDL#jy*
zPv(io0TJmudY)x}m|W^~cJvQ+;ULzh)2*Y(QF7PxTH_Ds=^;n>u?T$Fb|pvzLoTlO
zZ3sDRNyQHqeFHv79}3K77_o$2)RCvXFt7JaXTIRYcW?&Ub@0pZ4s!T@hfKloh?s5_
zn5cP?+!{p7sB%m&2YIP$YeXVMuLU01PyOR0cQapArbekMT!ttW*c1vHg&);_@|1?N
z9UZk3dWjJG0)DzB26`}fZmy?v?Fmc8rB2^d??94W3o4$BSo!7DYg4}oL28q@L(V7+
zDDZVsJ0rR=DnLyL3aw}FM*I;3_QFt0@iKlNqY99P^da3yH2qG%4>{9L-a%t{Qi#3f
zZ?c73!fcym8LKi?LEgemFVqe-N7FT@SPuc9?E)cu`(D~0P9IPR@%w?ySzDg<$|J&K
zVL`ge!1;~!I(-Id4FqAJ8t@>PF@%XUeR@egNt{n>4e9q6!lg0d*v>A%Y2D_gf^096
zBKMajZ0qs;DQNXHumorYRa%1S1OeGHwXphy&=sPJE1<yx<BFZ~ikx!F%@^aF1EhaJ
zx2?Po&U$fcU;}R^M2oop60+Q>-2{Tl6g8x>zo`Z?6Z=fLpyAsP^4L>N#F*vX=jfA9
z+Rk^)8L&e;^L5d!bh0jRLeme3h$%LyA193D<VrVkK>P1P3hY9zyeqOgM8V<yM8QdP
z3v2t+oA!lDPnlljTp0Dr6_x3>i~_&^D1vfSrg1OxCEIKZhj{A){cV)Ot7w`vmBrvj
z?oE&NsuIp4Owi!HFJxS(EYH8plzgTuc-*8$d|ZfVK1EfIWz>#cy)%xkb-KMVRVUSI
ztQoXctAh*|uAe?!8)n^P>aUCNTCA$+=FTC8pxIE8s`DTy6SyeTY&xkHD50j=P$uHQ
zW!7+Jgq2q0G>Y))(7sk`X{ooWotE%Eo0n&*uMW(6W~WM5`CUL>Copj{{IG<_4n#v!
zFw&IrC4H3bhc&qdQR7T4i=lLS^-M=O9D=5$G*P2+J`yh7u6j!=Qd6CrW=U`L49~I&
zNOB~AB-N4D6<7U)$_%ub3|W=@e>HLtVf+)A7ss~(eu)BlaS__KH6vhjB#?T)s~na%
zUq?G&#EU;_O;~Hulb7S~HD8I&2GSTYbHex^PF_t_mx=Opids#_g;P0`w2pM0bOq{E
zFe{$ZZDU3Nn6D=uZg~7d$*UeM?S(NpqpgdO@mnsUt)M;B4p!F+LhgAp#rGrVg{Odq
z#moR_n!rWNt5ym_Np=TG_9?e~_%vZ~LFi!ew?acsqB>d{oq_8#{4z+p@@;1Fp)83>
zLKUFh7PD(E?2~XzcnSZ2$b-j?@ks|Pu}akf1mogWTB7wawniUjbQ({2n$by{wxJV!
z95pU;h!OL@Hf&AxQDX!Nxjap|iYgfNe}!2O)p;MisVP#ll;uQ&&MN?`z*fr@N~sCQ
zAmzL0y2n{^9ZQsmmm=-01nrt$0-1iV<?L7U^-Y4wcE<wjCwcnE(C;eIIm-l+1CI8=
zCjo}pjy<?-Ix@HIj@=#?F{`Hm<F0E2AKGwy+LUd-j6MF2{=ONQ=GhWFZQ`^-vY*4e
zl`!XbaO8iKh}n+GFxpsBM}5_6r$%kSe~C*-`I94x(Ujt+iTY~H-<bH_Ii13!VlTU^
z;!c78s@3Z^C_OaA47*x+@rxZO12(rbP{+~^nyFP-vt+({Mz}6TU=>1lwyR>!O0(o&
zT8f=5gq_`%x)po*oc5TEH-3Qq)uTJ369@DlVb>!;AcqF)l>u^B5^`60HfWiSt@4+m
zdZt!w3s&Rt@Ck?E0+^y!7I)cd(e`RHl0tYo-;BDFgEfE0W?{PaY`$j42!Eu`1QnY+
zvwcl0)Y4izz_pahX7%{skY-<PBq0ww*M)D37}c<$iY?P9kXx0<UOk32vXEbs=e{v1
zz;idyayJm-$ErZum$5X6CrSugWef)+s4EoYk<5Vgn67^&^N#Xeh=)*}d^i@FYhUPq
zUv-%i!iv8YR5xaUGHLC(0AWY%7=euPdp~IYV~H+}-y<P$zM|rnoD3=vm$I6#)2v}f
z-iKG;-g?Ehf+G0D2;RCpI=@c;l_=rbV+lFp6Le?>h8_L-tIDTcu6lM0jV6ftALvo9
zS<=*xy0*;;nzs#oU!|i>uuH$ncJ|a>KZNTz$I1Lit9e;BSw6owq;MMTIDyN#b{-{W
zCH(Gnp!_R)h#ovFEi_5?TT3#1i{8s@v@-4URkL*05t-dGbW#9`9C|9zFtMiDXomp2
zhbMaDS$NH}WTfqTR7OAph21im@ogOD>Z||im$elWnFKpge*^gM>&MSYK%L`l3PVMV
z|H}%t^~s7mGmI;Vq-y1u-=GXAb(!bp6uxmGY1T&NT)eaux^m26Vlr|H+6qfpbxvnm
zaU@#tNG;0(yrrqJ3QXp5OlmW7BXEjY4rvi5q%nDy;!px>Mu6yeSGSp=dK|U8s~nB?
z<T-1?I6jMMao&zIF;l|$ONix_&@}h#CF^_)EPN|;j-S{#HEFhKdi49=?+Ys#`^+WL
zFC}&GO<ee4^~ZcC3b6xW-`C6S${`r?z|zOq?H@lmzpszHBw_SgN@XsyM#-9$1>806
z+e02T?Mc%}UnXwO2)gZcbV8-A3iq(-Ej0!+jgyrd=-GcIm;%dbCf~dMUd#yAGsor_
z2^r^)>(ecXDzQ8;s$`4M%F{Ow*D85TPg5(eiaKVA(6Ys@i;Zf&ldX4*lQ~0+6VW=U
z?fdqlux3ygKwK!=u82P=ATmSG@F?wkKl<D6z(5hO7&WS=EY!&tV;7TpHEMtb07&7~
z4a%M^Zz@as*FDZO!6_X$u8<(Ec+S{lV~IEK0PvTgy8->Coh}i6&oV7)6}x~BDuzXP
ze)D8V8N5!u$`Atv3;^&B;s$6EfftCfrXX*cCauSi>zo^m%+T_+Yu}}e9+<pb^p)wd
z(dF2-L?Xhu@Mcw+)|lrJ4JMuwC`yPKc@Txs9?#iW6Ll*XAJ9miiyuz|8s4x{yH>c;
zS2Lh~K7njTiF`D=M|Z7ksmE8+&MgI$MB+GH(JH(}CK)(FS0WVCD2X8JIVnQ2=TJk)
zl#%zBmGVfI;46*FLmd<gE!#-w>7(@94tSU4dGHQEVnv6rj`je0d*D^oWzEpk{>^yq
zrmCwnt_-IwehVG=hjPr4Qa^_yQrx0WwIP93Y@Y3uo2ShZMPQCyRJw1KF7pyoHHpU4
zT`oAKnPWWYOqjUyPez~-yMU7ESE7sSTT*p>i#!a)IGa3xAfPb7<(VrmUyI0we;jtj
zQle3_gcekqI1x&8yF5S4>a3dWG)SMQO1;kNzjkM})yB9+Dr~nT&<SaQEG3?vb;)L}
z`O*7)-vy(9VH^wY<DR)Yu{-Yap_Df$)35N0r1vYun1vZ<3pyx$p%WKMsVs$CF*Ac-
zb%xL8*>>@TEO<jIV^eVYy&-032C2P8s+OVetHv*%LH;yj_(0SsH5D>8tb&u4X-y-T
z<W<8uI0YCRi-<r`gJRgf%{uS|TzmSI=?So!AG-25hu)46-aX$!H~HueHZ^JBz-?Vp
z_vdND63zhI_T$N<X9RPoL5bT9-AXqt+j*+RilRD3RO{H$1GCyJ#F76(!X##)BcAFJ
zp=XQW3L6{6cej@u#H?qhgWqn=zoPq^Ipxyl+e%TQ*CeOraJ0A6r%M&AhN=uVXx2AY
z2ol;Mh9qtWYOxlP{~Hpb;-|-sL5-_7<qkqaWNx2!p}|SQ9~Xz{o{KLO4-HceWJ>=&
z?OlPb00;XWy7$_G3vC)H8LD6=A$$P`H}`~=pQiu>1?^zg${>LjgW(F##Kw~><z#kz
zlv}8R6oc+5b}D<U0gI8aoo0s3R}6wfM`NYP2lYs^_LR>}SzJ0808{D8|H<)?|GoCp
zE9w>_W9LhrFZ=7xg)gfZHNZGa%MDMg)kctamP}Tpdmf*CNVO=VVE#|mNrquxG;Ggh
zVQ#UBENm}1+1oCjuvSIweHHDBwGSn<_}7Np)KZDhF>I%b+dnSMLl}mAA}OK?tIsuu
zm|RxO$fDg&*80e4BBq0s!ZPS}_mIrIMAm8KJwQcSW)YS!a`sr+kHVd6R5yC4#OKsm
zj3;}R8*34%sK7-=p?M&W%R1$Q0&;#r!ZfA3Q_qP<Z#Mg%Oor0@yiMsWdr3xxm>ac0
zv$PY{#PtX@N8`%!S)v7eDT^D19#B<J?<e=Do=SFY**f{NUZ4(Hk>FNxS+;_55BoCt
zabyRh^gPP&u^Y9HU1E3-dqff&>%RWjuL;jU*_$N4K-Qy2`9gyVCn|fM@dx1Vhh9$U
zN>f26dS}-rs8Nf>Rx$wa{rL@2Bh0#@toQOp_En^7|B+WVg~F*guDmRo&RJ$8M?N&r
zKIInKhXTv)0Cs~~2k8|Etix|Qu7`c+)gqnV+~|8^da&D{&Mb&U$;dE1{h+ovW$o|D
zUR$_)7jNh|r5L^!tTY{M;)jL=80@H{xR_L&J<3+1EV3N-p=kfzQ+{V8E0TQfrs&+H
z-bXbtoh%HX-Ex0Uxkk56H;27@dms;K2$8{0Zb|OtL~oE;u6W`lL{A{<NU+^J{LU?#
zVt=A*ncH;0MQ&QLz2yIa=r-}#Y`j^2k>wqAmgRyr*kN*(RfV(0E%-d@Hlf(e`LWM<
zb1-Rf_(gYA7g9qqptUl{Ep~fWXrX9S*N?oydk~~M-jK$P<OJ6|EyT(&r&C7eUm5KK
zm9Z-M7O-hJNH*2!Q*K(-+R#h}V9_6uFyaqch3J<G+B||O#<_x9NMzO<5tL1wRoN|9
zLtiW9_u=L79ic4vC#L-FsN(YU_CYdyd^Ot;pHgI(2sMI0y+x<SkO1Y!@?_FL<ijBC
zCX@&pH0>cq&~3<+g^Mq~c%=5yOsv~N(PTIuS?P)B72hF%D-9~C74o9u`X+;%YwZF<
zOZf*eQJbn_T*#h{SSI!Xd9e2g|ILJ|IdUGRoGjdey3adk`bminbK#F@M2t4N-rwk7
zOflWL`e6lA04bEv8L57BOP3gig&FJmJCO=hYI-7>q9phMU#2Aj8A~b48i5&#{1BrW
zu_Zb~vIH?@L~-=%C8~sA<?imODJ8ZI#j<G2JhES?p)<orQVtGWsj(>i7W=o#f3L3)
zDrLQ>a8Z%1j#|8~^HaJn#Q8N`tHkULm`eKVm1JgVf4Ia{PVXex(X$iE9<JDJWWdM*
z68B;MUT@c@t`vjDFf}B0(QJ@VgA=>ih9d|5mdjI$64aZ>h{{FP?bo{6P9+`;vmP3(
z*HL-w&!ixRSmIh*eP=89K^%dCUKFE!)S}6jBC)E(((QwWREtlCkBVXyw4L|sE|UUv
zAdR3HN{%wD_gE|uC%QX)L2^YL!|_WUPr2^D#4t&R?Y10Gvxta}j${eHb6G2V<<p?)
z`T^CQo7}~7?Jopu=$I(|Msi`>7JR<j(T4bW-G(wzl4A<U;-p@#88b7{T+^e_zkQhs
z`@yr&;dNhQA7L@1Z^sHaaPx5$NmIig!ONo#d|2mk)@c506Jx|EA#iNiSfqrtClo@X
zBr+5|d}$(>l(|Qyk@1g9UJ^4+v1=>rJV0?t4Hh(oX>Ab#(H8f6rS&u!O5|+sAkhd_
zHlp?1AC&dMZRHWwKQIXvzRl6vtqAdJxYLv3*9Zm=!qzcoMTf%mM0DpVDetZjBoMS&
zb!Qy6Wp}Tp^KED_Xs;$2_s$8`GujSle(rIlDp*S=GN;KI8dG7(RiG9cO;?*C=%P_m
zz^L@LZ);Me%qSn>pW_kDsN;>wg7O!wy9rBtYs5(LqQyAHe&V~Mg=k;AnPfie)6)7}
z=jUwQh|}Uc()|wPpiB#G3M8{!W5BG`)#O4$4VwuMp7~)>;$R_#c$1m){n^v&$6mC^
zP<l%y^?AajJdgb3#oqVz3dhX>@1VR5RZ@<u1<h9_p9C}Azm?NiUIG}yR!mZbEd87z
z_d6*X&p2{GUk(F?J4J$M@!8`v4*4j_{JbXr6~kgqFH0MX1-XxUzmIw~oR^||Te;9s
zj;Eq~S9(3ef{zew0|#W#De|<cTO5*AP`fsZsrKRL$uWAGR;*SD4LsTXZcr5?QRKil
zYb(yUj>kXlYZvRhq2e5b7f+fYc5cfq7U)&mWwKJ<l$(|KC0`dmvL5cTbVXJ;&kGVg
zhkggXF=diwGUDw_-}rRiX>Z&7#}%boU<EJ89)kEePc>5VBR6LiT(9KCMV%ZKiU-%w
znN(syN-P)lA}yg1pz_X!zI&(D&9<2x)zYfrdKzXxlT{!uWG#dISlBasq=ZjORMU(p
zNXO|K0}H6sooYWq$XLcfyf2~(%TVu0{mr6g)x?>N6!N+E5R7sgD8@2w6!pvkBImR~
z<M$mfq5zH$Nw6!%y0kGRC0g)cq4(u75*8W%nE)qWX-7&8Q*UdMio+5pJdXcBtx+nn
z3aHKCNES2V;_sVy{^bx<=S*R-_c@tC*A_e$CeXpk+ZM@frBz{NqtFQ+CzRXq7yP|h
z(ZJ!^mQ0Z`gyX$xinV?@NkkTuYYQJLi!5VR)ASv#!@Dzl(|Zv&MJ41U(A(S}^4k{I
zAm#oVKh3Bx_P@#zC{~M<JNT2pZt}c2EWV|k_U@(y5~Ctn8X_4LwwnNRo#ZiYLWS{M
zK>88B9=Duk_YxObi5xSWgxqHJ-l}RfP(+XzP4Y*GpvJczlpd>uqtNazh-p%6bR%B`
zjQlvVBL|ulGh-9k7#WU-r0P6oM7h}4%2;J0oG5-A-6_Xq2Ly>C;UR+lULWg@bLo^H
zzm8o{&6G99abOE#730sT;2L;~MS(<pME5W;3U7awAY10Kh46sfaMyyliwlOiw}U8>
zEST%CZhE3gdJ3&TjQFVi7OaE+Vr*&>`W)=#SSdL(Rx+j18cK_277<N%+m~%8cLb8p
z7FFU)+Bj31y}V)v7EvXW%D?8WPYjK1{_<aXYH|P^3F!XV(Dze3S-D?)^@bKX`XPE`
zHSN186e5muQBGXu9`P&UI%0S}9~=;f5OrY|=UIunZs)_oK-coP|1I)Y*|lRq^^se#
znFupJvj8?4_WD_vUW?eGZJR3z_WI!H*jeAvGF{$Lq$0#=u+bjp#t3SZUDS4i4yw%x
zxx{iDAF}H?dQc?-t0Hp?#i)wQ;{Fxp-|+Mz+~~c}hjFc(d~a_QMdlT&18UgE|1h{(
zKJmwGLJ{kwVH7lv*1AA*awm^+F%%aD%Vk$H9=y}r_o*P>xRH>1JB`~MQhz8>AHokD
z3YaLkHeP}&b%{uoYOl5@ZBU!w;Iv1BjwLthv2|^rf3knBkxsYNxZe@=+BI{qK~B{&
zuU2i1(Dm;p6yx94V(xj@H4n*cvPgF0Gw{%Dz<<MF>`W=#A<iNEGGQ_#O@Mxvv&ilP
zAD-_s%gc@FovY^A&pgISo&Y-9$lh(2j1R+DJo9#j^TU^V{1-8C&Zv{xd`zU_R)p_F
zA@K~*%Q@mL?h)Ne>a|C9V=~x4A`;fZjqMF`SgoHDA^n7*{rUNs;;vf1Y=~guV@0F@
zfp?zrr{99OwT7K<l=RdwlXM}Dse)bbhC<ASjjB0lwOoR<hIfA6K<g*L^nWKXoHj!9
z=8cQD9gsL)NyX{Y_Up5HMl0LjXXU4(Yt@thGfa0f)3W;mUG}e&>V_-XTWb(aXiw$L
zBhnT%`QBulWCd>dGKVWX#jJ1Wy|H<y%|-WI5c5U*BWeu@GQ2Y8@zPzbuWxrC9|r;J
zSViC3?(eiO1a#hRd~b!`=X%T^3_LAKpcRW+Psa{pMJFm<J9+Kx-LN(@8QeQ6>R*X!
z7=fN0^N)vUSW=wkc}Y$jVhWAlPpA~gZV{yG+w8N#E;F4Hj=<3_joMijto&Lm(~9Q9
z5_E7_2@!IhZEN2#4rPKkWhq`%V)WXz386;iP4fNaQ{~8B(<10n0hduJF`ifEo9y(H
z*m0z4RVud^K3*fv99I1XyAwq}i|*RMRX)HUR*J(m)YtQ%pwQXH@QYoE;lxC@2;q?5
z{p>xFgSDYp>v7SSr0Xq~09-bcm^Awn_UA%<V|I2=27B}13NxAvv}bJW1pA?geQS)-
zMT*oa`Em-y%(N*pMQqnXmPW%oonSMR#(m$=@t=?Tc`fBsFrqV+P*Tm`l$qmElQTwm
zm_4|nTrSXqIO|TrFTAx}`yNAM2~;?F-6FbGdwbA+ZyOIdhYr>7sRFS2u{9v5aYSff
zZ#>d19gV)fQ&8z-;j-bQ#IYUxXSz@UvOxE13GPs;QxcC6(|ma>u8YY$+B)s0X?t<k
zluR3X*yX91y~~WDV_@vOgFn038%@i3C?fmx`OresGgxADlT*7xV8u7JUcFd<VtEEm
zz9{*KxAx?~{`Sv(BNrp_gg`87hp4t=#tT?rl(qHG{bLT)*zHYkucsKy$z|P?G&cch
z(dyH{sbwjXD8RQL%RM>#vYz-cOFV(01EjsBJK@Kkgi@RFF~6K)P=MIId^wLjSG#X>
zPwN1kBKU8p@a2@@+<5EQWig98v{(wqI@`Eh%bMRA@6_pVwNxlUfb~Dh9PWKm#`1qC
z<6hS96B6Yjok*50&X=O6{J_YKNG~Z<Cv8o3Np*>_?n}Wk?Jp?%&;hz4t$l4NWBdp{
z$Ix^4bSvb&OgqI`PyfUX63KNE-AP>;8wmy2W;4#=0rq^qe2`0uR*OBaIz0_UsXW<=
zS_HS~@9e^^Qx?t!p13ybxXxKk-U`DRpCEe`*7L#D*D;F)#sJ(`jZ_8PLVoK%Zc!Cv
zNP7gOt5#I-&~P_7yGWYnjw>rZMOG;@07j6a)U)Hm^i3T7AFMSByvtXcHv@kA1xM~Q
z*vbv|(2Qy88>O-eDwtEE&up<C5^oC2k}Cf4$%<aB;e2qmjW1otAFru2uQ2<?ZoVRk
z5L-#4RSC)e-KQZIO3M9*NqS&g`&vB;^HO#SUCT#&g-QRS(IX&p;Ro!bS&=|yn6|Ar
zGYIkj*uIgko3TF#F=7+k`rH2(Oci(WST|pEWR{)357(B;C_Wl@PO4bwuFV3yuQe^0
zrAFrOk5e8kZnSRZ<v#8`urjSx%YE5?2$gcZ;B)XS`P#sje*u*$P^U1m{Ed5Ea`N?w
z2dsf`p+1>^#IOEp;{@>aF%R9r{1cb0FDtpMbpp5~aQ{phyxUc6^>Kkkv;0m6K~a(V
zH4CA&ZSCAnE%}_A>M)TT8K1`0?T3ES#0O1?Q107=XI%`XZ(<lL7LZe4!n+26=5lq(
zUSw+{B(r=({~P!3AIaWpVibwyWZvQ7x8|88Pnd7n&*tNh80kkOV~PCM!xPcbhoOV*
z;?70)z1ZG#K)aQ})i-fJ>HUEHU7Tv4seIhGU2$#NaCan0x{4>v8K==+rBiQESY$n^
zt@h?bbqCyxDSWBXOT;6@Bw5vxPKvp#y)U@>baL)-64cny=}O^^<-L1sbNs0DYJG2B
z<E~U5=iX=FZKdW+vL6{1z)Ft_UExS}aXOP4SEdET)h1EW0$R;$Ui4KoUM{qb8=YcI
zHcfn5{@YXsY7}@b<?i*0<Y(v6@jCsRzQDRvw#1rL2f}gEj(ob6d)G9NND3#{k6gd%
zG_tI4s&Hg@51+8x5a?RvZ(AQ+g%-aF{TE^i)X}m2<>=mjy!ex5ly#U^9Rf(-{*Q`?
zI{$JZau&zs^A{>ICQPb~_Q#fII5n+8I^Fne_=5!doBgYy{HdwpuYy&-G7@xh0-`jc
zH`7P^d80S~e#)3l*U|pg=*^(fegJMKEg;IBpi>YK^@!Wq3W#E4_w%R6`K;Cu_R$h%
zrJ<Sx>v0fW_QzL!>wp3y?D!5`e(dki#%#Wg_G{pE3Z_L>F+71?5v&}TRK6NmzfKr1
zbfBEW_-QBz^P^z(abiXQ9mTJ9qqZn9yE(DDfhu48?a*GuFuhVwyIS#RJ7U`p279^G
z1I@45x$mB@3wLjK%||Tvy{43dCo!-E09nExMRY!uTQ54-vRoT4y^+A*RnONCS_+$%
zd5Wx=X1ih|+esvo#?cfcAKwo<D{=*%!TTiloobn3A4q~h#E)1zpRgjZJLmIw_Xj~`
z(LL&(e`sf&{WvO=f7{m$1EtB=w<q3)4LZMoT~<OyzwF#uqp*dMx+oIi&ITHs%am|`
z0b=ndHkOyyCvM>O=D6nVJQBy)BruB1S5Mu);=rf;S^iPOFXs|Km2tc6MGe-0H(Mfw
ze2031BhM{?cxN6E^zRhxzOvf5WNFh3{zxEw$)XZ5pvU-lePvZ(7=t^DlZ1hq8_QV6
zRw(=%_(fZyt7GNgFGM|@v#3LierWjMq+?aDrYgp75@NDeZ_}#Uvaqv3-4356GRhVa
z-*KbK{=C(Q*;8Rh7hnvlGO_XXbfn|W&S;ZO>8Ft{;lxM=<(aUs;m_?H?@_%Z<_Xi|
z;t>-PiZfZ@*Ibqy#AkF$+CInHzHh=-`#kdDw&i<oM2dHRF6v-|3Up}D2*39KWJc}|
z(WuI5G&+X*5)`GOkEL55oW!8D6k}Lz-VeoWd3~dHdq|I3*|HPK9_96i|Mq~<05kZ#
z5s`-%htYt?U)Vvy@a62)9u5xhQ2y2IzXBh~<r>O4*_oj2g!pUQW?g~$wAZQ_*r2zd
z2oI(d6!O__!*^hZ;S9p4k-^*e8$KIU$#l0%F;1W=Pe~(mK8|9+KOuh~t|?x^81X{!
zpN2mla5$k7rai1&l<a4v-w-|?945Y}iG45W7ZDrs7Oi1}k^=~76G;E;!p4`PSaM&5
zUV(@U3Y22uoiRUx%$xk?n;{+zJ^V$5k_{L6=M+$?4o5FzqM0*A<a-t_;oMH}tXCNL
zGmcanRiHj5{7YF}fR}gD3M_M^_-@8g9hS2TDP2p}tN|Rw)uvFY{B!?W!`}XZ?pKH>
zrX=a`=lmQTTknaai`PxWoL+xk?J*qJPK(xpa@~G51J%fELdJtAF!c2M3DRXV<8~(&
z{iphMnnU{zK!2|G+E~=Dxn>`}U|*{f2>f9Nym3f-iU6bUx>tdE9xzVhZl7<THP<@B
z-7=*=R-kSroAgQ7quMqNOJt*-1x?fK-}FwH5!>&Pnul2o=6dt*JrxA~>r6Yi7*W+R
z3mZ>9U}l5-()>tt>RTssKeAJw^EbZP4&v=yHjLpsy5{>Xp;s?FEsvIF+4zLF+)oYn
z+}X*3q2Eo!$8hd%x9hS#a2Ge9+T8^{hVTv$pWH8anGNO~2cKSx3UphW>HWA&5*SY!
zgWCRlCZ_i)?fb*qIFs7vZI|1R*-v+-&-rH0xO-pXoU*nB1wOt3F9k&3y#Tu_74`%U
zBMqdt;^0A2peW5Y@WDzj$R|$K<K0HUUvl*La1lHGqimSxp>gE+kP|1}f6Ipmj68XK
z*eD%x{<w_jI#M>OVBZ-PHT1E)&+~B1TJHZV;n`ixrTjkZ0tEF=bvOD3HsaZL^b_QU
y@2Z7*-ZYNnXFZcXy`4-_WbCXRdiCGTRjEu+5d8Rngn;-T(O5^Rd=vl)@xK5Ip1%wL

literal 18869
zcmeFYg;yO-@FtAA1iLr{cL~l#6Wrb1-Q6uX!QGwU?he7--R0u$`tkmDzukXg=bV}8
zs_N;U>1VpCPoH{-BjLdQJ0L#K-hI5aRT>4NyQjEW6C`9=(s)a3B&mFCEhr^Q<t6<K
zkA*ZPCDw9Pp1IPDWz*wEq=Bq7e|Xt`F)8<YX;A|jS9e8hW@4H>%K^gMq=r}>$sh=5
z$o%~8s^B&?=Wn`JIh|9PUo8XtHmBbAypoxm9(29<&KnnXy>eJX=NP2a7!oMpAu!*-
z=1-OHeams49Mg-j5EcAYrTdjdPlbK|-kRuwk35}1*dHZE^Epe7wp=JVzx7K}=8Qi_
z+jo&=ZnikG4lGQx625(ga&LNOMUR&U>GAj_Ak{t?N7rb#$9iCSTlpp+wc0;yA1pO$
z>+yFx4-dCUQg$ZM`}W){sP(<a2@tfHJxZYl`_eG|^|>E0>DFsK<GZ@nO!(|1n>RNx
zgcAVo@yU6u2cgP+j<AAwDj)xt)d&6>XB-W#9yA@sZ8-%?1jRZeSX|(GK=!0Se)jX;
zk<f7ZGWeHrUx|1e1$pdqg7Q*smOX5UUKTvA{3Z$>?TOwtd7rX8u0G>n^|FStgFO!K
zGk6{IJ+5>Ck7vB4rcZ_)S_$FZ>ZBbJKcly3VITsKA#2UQ#~}?S1b{*8m~({->T%(T
z>WeHL1jGWCIDTVDFl@Sbc##7Z+5-8|WQfQ3(2q6<$iaKXpOo-`q18vvg^L+T6;gvU
z+}<W^>-dNk0Sl|_IMXnmu%T$;MoX5x)6Bq7>><NA!KJHQ(V&2Z+P_VVxWp$i`A+UC
z^ld+hPY84Y;m`^B{R<7SWN{`!Gn>X-fX;kSg3UE@_}#W6!%DKTYwF*7%DDz%L{ZXO
z-GnT<d<h039Y757SHJx;$VUXacrmc6WSX)6D#Ah%0t5}^=Y9zV6`Bw9=+kE-9i@yJ
z<>iGX7j4ECepTDkWG<Z$BVT7tJ&UpGjTJz<<y7cS(F7SimtjS&LEgSkV29NdmHT^#
zAW-9euGx%^=<x7gl5SQ@rQOT#1UHqYUSa^=sJFUNw65~IQ`X3?5UpCh5q%RM#TcGs
zWj{lpy9*V&vun1OmLe=ncYnlPDgoZilYA>1w>vX8&3bdTpH=|gbdOWN5I6ZGx-X=z
z-<RWBV~Ck|CSI3GFg9)a1g!h8Gfq?B^-TMSe|%~C6fnB_eiO6rl(XE3=A@iWKXQQE
zVr<4K#LPZHV0111=A0Tc>%&gJs+Vzhvan*=S%~sXAIx~4v+PSry&|OS82Ww5wj(9;
zbWhpQisF`Wl|<>?4X<a@hnjwMIO~0~8v2l<SW^JG>~XUCx%yax?jC(LRPAH_>9Fm-
za(rO4xx~1!lTgCTIZ(n&_i>q2(<yCBcsr_ZRB>rZcq_|(AE`Oi5h>#%cbeKfG|yy5
zc)MwSqShSk(QSDmXH9s^Z+Mb32R!tdn9q@XDRTCsJm$Oy#rrC4$-T(DKNoJz3*_8o
zyhMt3ZxTaC8#zC#)7f7gD3^u289%_1TMvafg_0Y1y@xps74>AGLh4jQ44vj^@B^Sw
zh|~(bNaQ@CpO=5>q4M(I?<be6MF{v<y^l2Ud?0c?;n{m%UmqCpMX7PPOKg=|5gR*r
zi4CX+|32T~WbCX_=?hKG8cL4&0|u+H=GGhCu2iZc_I2_{Rh)Otc<k_4o-Thqv|^Us
zU#na;$eW`e($>5=1618w0J?IDPNhr(RWEx`;Bm;hvPzXFO07_T;1g^v*19c9ylyGj
zUwRRzJYM$xe)<cmL#FGofyv3yl$>uBfsL<4^>u^97YnGOjpAi5Q{H%;Y-@VI^zpv_
zP+B4~eR$*BS?`8T*u9^dS>UO6k*2dGY)6^YYR<iwsGiK-dm2_U)~l&=*(n;Tt#tvm
z6>kQ!hnD17IS`IAZG`;U5LD|4_(SOI{b)EuB;s*9SE8ijRkE{9BpubQ3aoQwvOg_X
z5?yTa5a7GkQ!LfFq-kk(Awh9XX^xiZEqvMl<<b49cd=%={9N)l0&>;6RN#@xoh#68
zuKV$~=_1(Zyf*8ae9lZSHcrWP+ng^iM87lHzOS!h>wZa%tlemzhIjbaOv2r0Ti&-z
zdjizYt{nt_$zL@~@=j;lYp%PC^XaJ71U}LgeJ=khdR(@a&R3zezAWnZ4zIdltxL7J
z`rw3;GciiHm=j^yMGya*^V}(FudVe$XybRHT@dl@;XZ1+gW_0xoffHcjVEBtaHso1
zO;0^UsP98fuBdG|#_!Z-OODM*jcFw(ww%~crBuJE<*Ul!(;Hvyd{`W7(rR#bAwMRq
z9U;b#<d4h~Lx=L&JpipG;o83adK>hD-DqQRi;UgI_*v!RUQ;E4PNbIO(79UO&0*7A
zDWme<HrxPRquIGI5nV@?VJ+!r!WNBa^<>>YYs$8Zj1{2kuhJH^zG0>Ac)HDXfsBn=
z!Y3i4-X3;nGOGoOv7_j-9{hT3ND)HMcKak>7dJ*86=-EylC{a7ONn3OvoLa`X>T|-
zS1|h9i=yb}dMR<#%g-6u7<nWC+m@VlLzC3}Ql)F}*k^tA_u4S^P^Wy>+j47N09r?0
zGqmJvP;^V!c_NQ1R)BVf{Q!!i3y7wp)cS^q^{grpNBp^ZJkJ=<2Lfbz^CXp#2>7+Z
z>F}*j5xer(BImwLh(*l#+G@>uhP}PjL{wS08OVf2Fz)Oz;PNMLt-Api*fsz8c%S6m
zd;%+9-R~N$iKRfsFHZ|?4KckwZ)qb(q+6;t-dkE_ATJ-9HrlODl72UZ4Y#$^q*1Nf
z?IG+0q^$*5EylBd(TE)_)lI)1*QRKvDQGGm6*dLVel8(oKUS7yKiUi&#UroW?CrP5
zFn1g9BzzSkeV}t}JtCj&3_Bjt&fsK|T&4SE^g81AJh^OXZQph~xsP=Dv&szGHl<zi
zaCjC=?z-;kHa{7NQM*bWA4?S38*Dd~XfMu_wT8BPqHS@FT2Hdo>l*+T8?(SH7hvOQ
z<e0s<WRc~#Oa6zmYt|EbHHIHwR+-0SFyUqP<bLURuM;-t`Tbb=4?Ad`7j(E8m|&$?
zidSxD@NoWXquH%kk)3Ub=SyRixy5G^aocgmwUrqJax={?w$9%9avp5}J>H~Mk<-id
za_mg<*8#k{qOX_o%Ss3WVP~2(1(%Qxct4X*yc@LcI&^sTpEsC-JzxKh(z@5=-q|G1
z8m&lDRw~VoSmr<LOW4=T-F3)ZcH~*Nz_lCK<hTkQJb?5oe8<Mv+lbK@Gc0Q$BZ=|;
z;jTGE=nchlkxhH9?w_T1cG&Vt)EnKYR78kz70g7$pEdC+kJ6S-0OZBgisHRT^d;o3
z1X-V3tZw-g=KT22he1bo7l=RlzPwf%DT1SX0Jv`O?Dsi);`AWJh`fxR)rS{=O;7g+
zMqb;Vw^nux#E3~uzTJ;UH?>Qa57O(9pbV|f^UIjUv$PhRR5~g3n%nY8!hNCQB@wf*
zruUMn_v<bmxgtx^qzJFA@}6aEx#PyaYXL!+8B^Jk=WSZHga!2>Qvp<uqd2!CT&eau
zxhk77C5r9TOF@pOI5V@WRxaDyURaez4V1t6ecn|zUa!CAxUwD%X!>N$VdBfH#9bPl
zsX#wQXNvn&qm#+KQzVr=AARX<)lPBRG>3AdbOoDS9eGBQU*(Ei<9ytlI>!gQOS;5>
zfE>wlPsXCDOT}c)HbUcsn&3P6PY>Bg7skt)<0uXUg5J}yp=Iv5;41H0gf{zF!#iLM
z_CV3n*Ld82eLjPIS8M9-q0Wu(aQoAHCqfpXb9XabH;+sA)Y#5rCnJG($@jHOR>vow
zYS!kh+XF$012Fr{^U~0-I9f96K*KsPz*#(Wfch0wc&O$aR_IP0p8F+yh`dY)&PK6P
z9`9QSc+ytyx5l?r9=q&W8c#v%k5g!VBB#qr9b1zoZ>c9(F>`xo^l#g~rdwflumb`6
zjkH|iAgBBiO^weQyP<a~rS@Sa=ca16?U6+x9K=x^FD&6Tpr})EJ-28Pq1zU7-9v3c
z+h)*LJ;y%+?(xp2W*!bqW?eB-0;Z>OD8dlnGsJL%)kJvGP_JyAe%z-S*B^IA6kwY9
zoLqmwtr~m9Yt(KjUfK2R{FsT(WGt_LSGRkax;^shxw%F9whDKT=Swl;-MF~PonJfz
z7eq1jW(z!5!Bf5Z5bC5<TYh)x`rYIp9{FGi-+eg>MFU6Wy~Dp{Z#|5?&=AXndmG#r
z-YaguoHEZr<umf3Kg;=Tb2{hlelUMTpX)>l>HZ<35<x7@+fQL8g1?x1Fgxh^B?w-R
z`Q-EhpnH7rfNVbUp>CedlzA77(Y2{ho*$fg{11C6Ug-L-of0!k;fy_V91h;J4T9*d
zCNtaF>5R8Eo=<Iye49Bl4l2qMdZf3FLLLy8Y;;rIIRPN&2;WCiDD&tvtk)pE)H=L$
zs5OrdPl+Dcc8}v?_7qdG$2-p8`!W4%2pWAS3?Kucj@6}k%W#4p@xXYpIMn9DCnTZA
zQU#rW+5NRRUfeiGq;!sh3>q=03L7Y}qt2&`LZ<AmHD}J}A^Q=-WjNx?;48zGS8HxF
z9e>E|<~BvTQs36@vvg<W34;@j>G>`qlA`ShpEF|JH$gL7!lMPsHo^nd*Tqhx3n|I{
zdx;MaW?{VP(0ODF<{<>{-`nBm+nmvmKojq-j%2Z8uA*poqGZ@XJiPVe6`w2Sjf(JR
zNt4i%t9i84k&|OayEs6)^$y4Rql*zO>>W=2em>*fuuVOO?)f5*qK!f3<vAOGYzr4s
zurAVe$_S`RUv)J375SRZlm?{Yvwku*CHIKq=XVmi$w#7^lqKJ*$Gy*NKsAGbg<+Ds
zm1oL`@#4x@DT{g&z?icqV*Dp99Q#isH5~a(@(DUM{5uSDSQ=O{I2URU#9+#W-tg<s
zGOaU><jokc-1V-oN6yrjS@HwYwi!C|mu4lJ{Eb&vT6PHiyK`krD*s}EBE?X!h7Xz~
zAjJ2(66F&YFsYAZ$;Q#1qj2RDMqC_kfh4>nR==qP{zgFb1V}s~qJ&wS!9T%Ix+q<`
zJ7%2hZLL%}@_Jn1bHiois|ZW7%G<@n)0I!(C8Ya4Iwn^?6p&;L+q`1%+<5>5d$%i5
z+-)Aee*q`R*pe+0MNI8LJ09DtPHfuRS<#sFHM<5aj792tJg<PVeFuX$8f}_yrK*N?
zg4-ijyVb9tAA4p%*xgURhH6t*k<h2Ygfst%8~zer6KzQ0VM@rPJD`}vim30u9s$L4
zUFDbeH}*Box~zQu2;2Rw`%JN93z|)dX2?55_qE}9P!waNXpgv{eG7bzgccS;Xx9TC
zp4rF7C)M4ulnNaku^KHQo}Cm-HFrM!T5}JSFfaaxRTa&#WKxx6V@!XnLu0N7d@u;G
z5_mvAnAAeIzu8c>EcxfXc4xArmKk|zf2Pc@dpA1PCWpO6<M*`Ux_Qesvz^5<(<rd!
zQ1Z5uZ?=Xs`gKv(hab>`(fmx8w4rL1l5t#Owg|a0@iZ!BO!*7ENEG<xn9L_-wa<aO
z{LrjySx%FZyg{O;dUv<0ru&eqV*^6=`TJ*;V_824`Tt%1?-=xdy5*LtcSo1K++Wdz
z>rn9f;@gFN*luoHr|J~yNx6S+;JpI_9#I`U65O{YsxhAL4fu7<aQ!ZwX+@Xzv~v>n
z9=Y$zBOiV0d=E^wc`~!*U>o1cu1@i3vi$4wa^}=-e8IaH;a=C%o*=8Fc{;V_^F+3e
z6Ky|TWpj3Yc82ykK7a7@558u9=5Y~oQ@qC<Dp<{YPTpIaHP&#{=j<|D8uvX-k36R+
zn-2Q<*qHu`QPsE!+LODovT`_V@tR#(>F((CiL-n7+BccJX6Jkcy=M5_W*l;Ivga)A
zXLPC}J_7?K_@}4Wd0}s(Fx|}l^8Gyoe3lVUt0imYCo<@sLdi<C;vNtKAfl<P7z<qv
z7@xu*xSGWM3uMYVGwq`T%P|Gx*7>pI_aQ1%J*!G9K)eSqnJ8vl>A!bfH+LblZJ*^y
zw%;}jt;|bX?O^w^3m`n#&O2sAAoaeVKVm~v1w^3fylMu+5EW5S+qptO%QWf;yA<G4
zn^(PZHRi+x1m0Q>b9jVc*l)4zWXyL39JUwSJdT?V?USM(#Y*|-zl->{+vmMPz{?Av
z%eVZsk6lPQE<7e(bja<|p#>ihrjVoT+HG4vmlr<wbt!t4F#H6s)lqHjm0D6m1anb2
zUi#}?b_oDKIjEQ`)IEimUm#*J&1?H(UVT+Yl&f;i1T{Zd_8a?1o{2o0T{i{)NO_B*
zuJJ?yyGD0|9P*@X*OYS_`I!M*URm*zB~8etdUe+o9r{_mGj+<e4pN>;A&u<2U)4A2
zoB5;>L9|An0Z{uA+Em}Kbd%>LXVhWA>pqqkZ2NM#Qo-wB6Y`026pR&-s0zT1+F$yV
zMQCxnMzfT^7j_8^kq80tyDXHI#zD!#5)#*h<dx(<3FWSdn6??<2Rs!NM~5vJ&~~p`
zgnVMRm>?oLTpq{#LsuPzz~z;7U%8Ic4|D4X9J__u_!Z%XeKxmP#{{&HhVg0Jw5^*O
zWpn@5F;YMl&FS>$#G948(#Z-YVfHwc+`^PioN%LWKl5@H3?RF^{&3*Gzl5IW20hXz
z3l#6ZQ(Rhd4&2}m_?tDW#T=-Oj54L@oENK4=EYSf`mD&*b_Cs>mA)9k58NOI`-5z!
zSZyOr2;+PzU$W41wRFlMva6S(YYSf(j-N$k%AjzR@k?)IrvBnDSE$DN+a>WGLx|1~
zg@Zm>EY{}n#iyFb+*$(8Edvj4i4Q_IdUQ@0=AUhg<{-~hatcR$ssoen`R~oxT8V2c
zh~+Jo9^Yy*<1b<*y}CiY=#p)r3v>kjpg5M&Z(J22=EVXAbNu-naonL}hgc9|3qHoZ
zQ=>F7q6=<epm0aY3(k3n+1tn)7F2ufb9;#FPsZwNFshE6yf`v?&Dajkx!>9Jo&JVY
z9&T}^a!E`yP#y7Z;2L+%9%dx+bRL`-2dth^<d?E6?;2Ao!9CU^Ucb-WtL~zI<x1RC
zQFei(%zYRVJ1UK@6i_R3R7ch%6?OIN&tf}**d9pdHfcO!rlE8VJMZH;rCDNXb({AY
z@@YE8J>TOWnF`;r7V#51P-DCFY6({8J=CTNbm>aU*hoFLifflvmN`bWB=LNeRurJD
zQ{)#lG&RIoBt1i3<TVG9!6gm(a)d1!FXH3F03sI18I5XuI$(*5b+VN&EdI0M*1fOu
z0+NEq<cn!liZ%?DN_Ix@Z#;Nu+D*$M@C3PWPU>cPFChqtvIbeI_W&yS6C;3gZqIux
zQVWy*Kw86y+njypud%=Wl|6Nu9=Wlq=vpd{^Fjpjdd`rJ(wx{gKtn?1BW7~HKJeif
zRln?!^>c_(i8oFiL1^~xZqqqA%AfvdZ{pv0Y2dgPglNADsJ^olyfo$l(|!&}d=^2)
z`e~jpepi$OmzTXr)7JlXR`BB6;)z0LP7YD`8qd}%Cf+wyrpgjH2~kB)4o9p092fal
zk?#W6SUKZ&w%=IpE(GE*U-y-Fc-$s~_$AY@!Mm04%h>D?&M`)ybHn$96U^2J@nfy1
z6Q;ljK!fZ6izG_?TsA#JN#~r->7nuj3|2x}!b8HUSqC=jtShIyMClkTXvF`m;?c;u
zCIhD06~B0XcH2p1siyaIV_ky>iK6)j+GQ-wl$t`~LCWx_nA9U{^yfEI!pZIJzRMy3
zro{NY{XOMZy^4J4_(%DhPUU+5#x*wjHBnO1ub|r4hY%wbieO>EqC^e$YUchu>$yY$
zu^C^DlvhH>emYMt|HO~72t`@n6iV*0wQG&p_p(jjocRvbBx6f{ig|fH!{AARIzr*k
z(=xuOJFCDu{-8t(l?CwpHjS!c6P0u4*x(z!I?$hAxu%p^(N=aYkXn|a1kUQN^dxE*
z2}wi4oXtuT+}+Bwq{z@B>(yPP2C!DO+}JHV=Bg!s=XJKTrf>iN@QPnW;Uu5GoBR>W
z+i(VkB3foLkZBh!nRivTyOyD)uOzY~5rYQ&+ft-8&)zB5JelagdCx2MRQC$K;7{FE
zh|iIwG)h$eD3<CD0{K-O!Ltvnu`?^XRH58~k^*Cvt2q)q2#XqjInY)l7cEpkvDssH
zn$<+P@tqNWoXgbWxl>qYP8V(^jx86DRkw;Ju`1@Ob)`Ik8fNnM3EAuw^%@jv9*Zm%
zWR~FPq^IiV>&3E#af}>wI`7D>=lxM2#>Uw3XSmZd6+Lpq#rjEp7x3^8>Qe%F&e@Oa
z9~^T+WjWqg4jeZ%Z5ggH<?5gsPk+%5)Kdb5&kPi#9Q~{UT8cud9$>+VXFR|-i*w$>
zSnJEGmSHY-YLbPqNu0n<!p9%)hBb3v%iTh8DS^IOEhc{Bn-K+fN)rFwYa~jJmJ<`)
zBr98d2S=nm_K;QnR}sLHGnjm|U_+EYEJ^9lec4ii8_d@b`DE|g&dUX!G!GYC)0Q>V
zF96ej1^!_xtz>I0Op!eNb)Uf&EF<k)-j-HukDRaw?tv|1P|qSSt(62)3I?Tsoe2H&
zW@tVoLiZwUwu-{k)%z*3hWMOde1ja3fY67KzAb)!f<Agug`S(axGg9l3ZBP^upFXs
zc)PCtL^%7Pbkip@9x1OSzOTAbbP`nfqNhGo-X*QuvQppjJFDt=u-_>%o*I0#BYO(7
zOEP}d+%l)qyE>LUOANDlagyG!WaCwQ#AY-m)nm)R&!QKrWoUWp7WYu)A;lI0VOgQm
zpYZcw!a4tf&M)nJc79X-gM1D0?}pw32AB!Tfh;J6x91<MvEZ{LJE0Z94R@-0tS$8A
z((5R>wD%M;HR`dC1t}%J4ji?>;X8cllgkP5;k#yTg~T!STV*Km_r$fV7jQ#?4e8C^
zDW2P76kD@nud|L@j*THch3UgQC>lrbQ6}Dh0{GAusw`gqa35MER%5`#62vJcXyxGF
z0!r7(p~0EI1;&1JmaYxwf>vlO@?Id~2u;W;WA$?Lu#+%|^y9TW7Cdxl<guergghz}
zXYC!aHl9D)GOrSJ$nWlN@JlNdUpWufBsGBE!$N+bn(l;=GT8&Q;4StFyh<{}ypLgc
z>TU*g?NRjRRw#Mjk~b?F`^nEDb?)U(w}kx{AsTrnvZTFqMeOej()osZP68YGMx%C^
zxfSN5Srf%?iV&k7ue`AGI|eq-e;{&O0&TiP#FkgnL7k&xLb)8&o^W{U{wGYxvm1C`
zyty2ncVs0QKpBd}L;k0`J(BA&a%me?N>6wpw;|{Y2HjeCPgYbi0Vgnui!y`Vaz{vt
z;G!*K@2%^btP{{?)WE><Nl>tVA#-@}Xl|hZbebf$&pM*C5h??7XHt`pL>a+7dYU@|
z+dBkqEMB36Gq&De>%${l{NZfR(&XQav=}eT$Y<kzDglxL_$Txj%Nixen6Gupn{<DF
zB-oahA9@atW{kG9Vxb0JhNdd$3YJnVe7nzPaUd%6?ujZlKXVD+F!S5`#{DWwC9kE+
zf7>1DfAT&af<4M2i^gh8Ayj-?+--)dCFwFy8H1IA&-#K5l;oYNnH%N4CKz`Qmo;`-
zhd&r>V9e!h4>qVKr+@87MUJG<zaYbm6^Z|68~Eh3Q2C}1-@u~_p2@>O#z(#<j`qD#
z9NLN2-(%i_Iz7$T@bL4Bep`!u_c})ox=``i?Lg4T959XgUHJ3?SN7LWi)7$I2H5!4
zXdI@n8Z<t&viB~o?wl>ZcXaO@eI<=@`YbByl-DnDYS^l8=)(DIQdWuikC^oCW5P)Z
z5X72!V6*UtSl6*OZ97T$v;ns?oP`)k!q+Nbdf@gyA!fsme|uo{NGZp6aU!ad5)EZ&
zYR|ty+o^&5iJ5@FqsR@2{*8Dl%^NY}SmL2c8!#AY3a*1*qY8odUhjWOzO6)FXau-Y
zfnOdgw8?~a21NRYB{K^HX;9-E80!70$hSfNoD9NHl>!YE{zAom{PQL`FNb0@RQjBQ
z`la2lA#u)4zXmvG0xKjwNn}?Eya_$97$uf1a(yS>@V_fS=tR1^WtoomztjJ*qq&>$
zoo{$?bzms`uGeC|YkyZRAy7^I7=r(f=H%S$<o7@UG^seMEG#3O7|D5c$ssxJQv%eJ
zl_^99>+W}-ITt&uX)ZHLdu{NKTrf~JOWep&p?n7e)&*tTtVWLr%Jwf<f2sE87zky|
z?QS0!`{AnxxOYBzav2D`Pal|?5%6ikJ6=5Vrw1hcP>hyEc(!!`$d(ysYe#V8m<h0>
zuzhMUyzF%Fbv?Lgi?W?0+@2(n9xM_6&(Sms69gcI;EV9e0K4E`NLo)fHn>-W|6-`L
zv24M?x9-l0I0TFZ!Mz05fRqS-Y;!wHnMo)jcFLQ-Nu^S>A4ESkc$Gf6L2OuoYi1Cv
z%KCWcoHoWA@hl_;?NHQNidd{RMUrM7`q#P`e+(P`P4SItj;uXxqzOtx!-RccVRX)!
z!^;Dtg8vMeLGY+-yM9P}?>w^x^oP8MGO)%$ByhwJ0ZkzuOM6hmY)Fnv8PF2*O~}U=
zp!LXz6z?Mt2*`*4e}X9tyHJ(b3@?VPJlN(91!)gwz8Oc%u!sdss?g(UMF!wUim)Z)
z)TJaEixqSxi|u6$^l(Oau=#2sb?DOPJJj?&X^3)&6f{8Pw&MYie-_|WR+!%<gMF6#
z788=^{-dhO_E8V@gu<ETQQBYA9qxM9+b1Bmt?O9}<zDsMOCq*a8p(obBE6?m`2xIy
zXs3v=UrL9&12em)(>VY(H;C|dR)uKW=*!R_k^(cK`_cfryt|_dw01wX=V$WSfL!1E
zKN8;sxbL8q#4E8Wn3u^m2qPeb(+o_csAr8x|AU0T9Q&>3E&N5aC5eL(B-4WHGBK<9
zY^v{DL?yF0Fud4e8*)i0jfE*Cjp<PTeKnGaPuo<H)$+ufuX?h0^oC8t7X8VBv#nA(
zaX|sWFXtvD+#A;N3IgO=TE=m0vH8#Z9W)6RPlSfeWHY(N;OU4kz03j$=Mf;w#2f>I
zmplcwm~!lrZ?J)+|C5`!oxmJ!9Bh*jwo5Ln+zc$T49pK}+I|9QJC1fcfHph-S6U!h
zp|#V>BrrRF(=xXuz2xtACp?B!#XC@fdxWbp<XD+Vgsz#iaKku_ruLAMb1q&>TYAaS
z`9jZwWn8|CsKz}|n&u_Q(!Y#FY6e(Pv3NjNK2#QfUG5RFh-=cwsHc%+>95>aS`m%&
z5TkBNiYy1z9vV9t$J6)xqyAQnUvF0OW^>U@<up}Q3a&bDKh<RmCD;%llbyw%=Jnvk
z-s86jH<it7oHM+$(lxSPKV<1&z`kD3-YBS2d3EMsbRCn*x2B0mUv`kqXG{OF_YC-)
z)ZEsyYBh_&kNkA+8u;{NxYDdF70zZm6A;vWkv2HMtc{ZfL!h*0f@etyCpj-l0@*V)
z%7Lv?!ZEc<4G@ToofWN3?&zN6fZfS#>%Oc*Z7;(2Nev+}5psGRw`2H2Vzi`0<LUyF
zr=+Ijz_PQxexUKI*;;R1AUC*sPIvpP?;KJO2<jpSg3US$T$>p!l?5$TKs~)mNKJOe
zYQ{{RVKt=ElVKG>+w-5W>oL00dAi^1{Ij<%xQq-|+C5_il*|zCF>vsLQIVz%)!i9r
zU!k1X`xA&uOmFG!3Y_MLH_wI|Co}Fpa@Ln5lvjjh>tH8zFF@fE&BB-qsFsBxO$dM)
zLfQ_d>0uhd-o)*(B%a>cYjqwEbHpGVw_`f30<|`*!LA?dwUQ5Oi;iiJ@n7z>-bJCh
zk5V}vyO5>mPQ^)y`S7L;diQL3^QKIe!k(OnFtXz|T2Gsd7Cm_8R%U|~6BNeMZx-r4
zJaeo6uQas)*}Rxxxq=_^ZubTD#t#cKzG{=LN?4S6d|2G-8XqQ)hw_Wp633}7ZB$+@
zCKMK3gD&$ltCefdi<PF*o+71SvuYOO$mEs!+mZ+sAQqg=LH7HXW7+sJSkVRlR;V}2
zNk!o0Nb*vhrWU0etM9Vt`Dd|SA2@2!P{+%|g&Zc!x=?4^@5{7N^X|2C#CB1nGw07!
z?C}4CePXdL)tw3RW|)4Z`0q-QJTzrdZco?K4eu)D%Yso1$vzjHLJ*PyM3mNTGX_qx
zWO<DkxR1n5Np;QzY&&02gziv?@iW<EpsbG*(=;qifQcgbdlf?>Czyc=WTSXH0hvFw
zHl6>J=43Y~x5`j8NC_QkHqFf+kI?CV7+|cJ-NdsaAJTf9?Z_yVa~8~UM=H?}Ds6w*
z($pL=&^oT&n?X8fYDqpGu9?krdPs2r;f`Hhv}o+F<4H9gJYO$<39gQ;GSudg7xJv^
z1w=wRv)(_WKk!@*)F1o1#=LpG$4%ZAnkG~oy5^ZCNKBaCiwaHDY?@l~53IJOTgg~f
zv6eqq$lt=1wo0n8QqF6eDBi-~1BGM+?O542Dk{t2)93F}7pyTYfnfs_$cny;<4}x5
zB%QW{p(f?j23zsVx4glY%Qws4N$~D=5TNB>3d7Hk%jgE|bDZ<|-+)_fcDXx+I2Va;
zFINa{&&S*SUIX@_4PhZX%X1f4@gG(Fb##$nMSte_$<5aa5uFv3<*;&;hlm2YNke>Q
zMP9D(;N{DnuV{W~Gn_@GfJy!!uF4n)jU2dgiv)YVWVwyI+0p2Un8IR}_DMlhukD!t
z61RO59IB`No)f<!#issD?Vvi6G%CudTorG|nn&j+sck2jG-_jbBqKqr$+iu(&*PHg
zX9uWZTZDX;<#0!v^9GSVD30el5&Czyu(%|aK<zAwQXbU#Bpo+nxkWU)yQO3zvTdrt
zzZt_^72pc)$<YQxnnKi@LX`W8A(ekf`!NY<z(0+&T{tI|oOmu{Wg}N?aw3|)-O%Tn
z0_52d)o=JPDg*bR{okGqANFfa05#?Sx+UYqe$kPe)|I`E5|Cp#$2bH;eTzzWI`o?(
zfH~$b-f%<pBn-a*zWH}V&?I>A6gb}SG=r1>KY|bECzt+hwD`}$-OT<R6dn-7tah%2
zfy&|Bjvty_a%6cFi0<F3SF6mGE)csV%>7ZtL_otd#-JTpcZMY!)S=DH7Ag?ZY0AjV
zrp6nBm55SsAbb1fj^c;Z?!|aD(E9e{tiUNi?C@r&#xE7I<L7LZy&5<gqY-$@H9RR@
z1w`2t^ym~cV3wd6&ov_1{aw>j#v*$R)c&HaztAc;cR|pVo>L(y(4+HX$zFI4ZfHq4
zEi7jn+#?TZIgv8kFKUmN9`YiU4kx{cT@mB3y|r-HaT^R@yPs&dIw{@0)PC`6ldzZ!
zki}U`bx%4L_BjRYzKL!S#h#w;_1L7_lRN4h6#5vm{VUx)+`gd>Y#?L*(4t^=W~_-@
zoJpY#7@CCc@?n&-7HhnIiX1)Bi)ecFVC?2aeOlqoJ`k`5^PLu?y84y9>}Ln|vDky5
z<vdGQvmEQy5nI{AImKSxgZdnB`{oUepc&kW$)vhH^w#6qT?>J&ivI~Nh^7^w_R?yT
z^8mSoSnhWS>$?woh=#>_hw(>Hjg0f|Sacivk2mzBEyPLs6K&flb4z<zWslb3b;XM-
zhP@re`60W9>b7c-o84DK0)P%XHt=eU%d&J{x~t#4Uim;P=noqry?`#$?M%~J2<W1I
z^EB1%S(q+}6b{Jq32$f=Hb^zjTP$}m)|vv13PCZMLj(ewZMv&G)9uhN^CE7yUU;$v
z^oJQ_&gE8mz+-wqF*LU~dv^<ECj_ybcy-TeIsu)%go`J1wm8PrWtnVs4{f&zbhL7b
z+O+pq0l};m%UwmL3hU`_xWG<xRnN>x2i>=<1}I|oKpIWmok9T#Yl_7QSjtIQ)j3J+
zt0;*qen@?pG$hR7GXe3q(L&s81eI&)n?#8N=uJGqs*qicLft~$zg2(15|8B<q?8Bx
zlUeW`PRL~WcVV=P<W+M08QJ!;;oC4Lq2!fGXoyr6C?v7`H4PPO<e?*&^yeuk<kw9*
zN+2RiOd#Y(g}LTPJ8(%e1vP?=RTXq8Cemy21Jki&DLdks=c_gK)BhD=h<i5*wFy)7
zyRa!NjEC%&Dg|gRQiD?}i<=@+rZdPdpf{>hBv36FFDsa3qcgXX_cwyL$OnuTcufMr
zMVqJ8pwp4%?T8Yr0!rfxryMo;RF&DvdYo_X!i+=o+MELg<5B^KA!#t0>;+~fil@UX
zzNr=?h1`iLPL=sI!J1ZX45r#3+2nM(MafVAPj!VxweS2h8b_x`nX?J<bPd=9mg58}
zU<vF)`j-lowR15|I=@o^d6L8gmf)?KUE=qp3w3S8acuK^0lCZdR`<Y7J^hn8*Y9am
z83sqsvh`{%f3Ue^0`^*hL$dy5H{JD3tyA|-H&81j#KdXukHdM71x7Wrxc?kHq9}vX
zE<>aUuT<?^PqNWKfdPPWp;uK(TX#qC3^n5qto2J-`!h|vVPtQSlAZ9n9(Vx8iGf&?
zQ5TZ+P+6ZW-Se5p4=RZe4gVNRU}{!J7}fq}#+n12S_ssIo|jojPG&kq@8d62uOx8o
z#r+-=1>?yj1f0af-R<@SnSJl4^+}gY@_ulnS|j}~_)6VG7RB>|4NZ8jHShQMI5ho)
z{<C9lXG~qlexm-%S0CnQ9_!#MzR+s1F+D)Sd?e(sc+j0b*_uG|A3oVm_8@X+=bv8v
zj^@udXk-V5d17e};l7!?i9ZuEzgTc;<>xSDDOrAm??^*^6GyVtG&g77xuk&o=gD7s
zPx<~H8<1z-!U>o~N`xSf&x>6IU4}x6qo7*C`w3(o7e^}mE)doMLqb6v+|^cR;mtk9
z4C)sqntefk85X2x!<-q9fNe1Lqc<M>-5_kY9>t8$&b7`uzf>~dq{RRkr|ulox`h!b
zGXCBrPM^v~)(2_Pk1^uT)%G(-zJ@9;3Kp5wDDU62e!8Q*dgPFi1Ak?5cAh=?%C~6U
zd;!yVdFsd|<wT75{Y1LV`0{ZQ9;)_4t>&l9NraUBMD0;M!uUB24W(mc9bK~n<r5me
z&P7n7juK&Az2b9%Fpi32a(f{lbU#sNl!5b`S+J6Wj4Pm(JV(hfPabfoMg3VjFkQ?A
zqU{dZBH^Yu7}N4b8PM2KB#L{NH7lx@eI7+dXAMG?LK!$#B}($~)tTsDk|N)vdCe3d
zDJjH!eUlw1vbJ@Q9BmdCD-v>0rST(yq|0;}#cE?K(XzPV&Z;ssONu8~7J<gtb6z-Y
zGfr`QMJ}|?cZ?i|%be4WpCaK_Ij~!rbN3MuDcYxZm~a}cqD<L$dbUf<<QJG2m4InA
zZ3){tR+N=MFa3A`P=<!P(aCLmZ)}K#<i2M!1(oBv0zvV6>yio1FiM|UX_`e*rnNZ}
z!k4W-9p48U9gAWjqW5oJb@)d>ZjCLA?QaZ>(Mj6;Is29lmCmvjGh`*aFe8`r$`@O^
zx7-vb$8()>4?K}BdfZ8`Y1Qc>QJ72KC57}qb{*Nov?tkC?5<nh6zcw&3?UQKGj=Bz
zB18mBt@s29V^+OH=@U#6B7NeXdHKWcm3+!G`#J~hYkG8B6_pPh=+W@XecoQjHayLe
zT(=JwjcRM+tKrJ}ToK!!7_FDeX=S}k@XE>@I-E=)mG}yjD0RQbaNl!Z%zwV3a^HJ6
zmTfi89=J6=wO(otmx^Y;&dKT==i@0KD0WduO!i5dC86&D+n*p@J(HY@?u8X^KB=J7
zO5UzuMh+fZy(Nje8K<l1o60Fv4L(I?=qiFnvu;4Aa9UMw8M_6J<;+M7BUBa=ql^b#
z3=GMQR=OMXIpc6CQ$^CT6{QD?l#*%L22mQa<AdMqh#TMe$%2D7=_|%cqzk!HX{DfB
zDSokc%w8rYHTo{Oq9qOuB1=Y2Jx;-m;nI9?dun>~CxcaQet%9HqY$u(AKkm+K8T2r
zEZM)|;;WP`ojgvvaGo{gStH@0OB_r4J0h7_g)+juRm6)h3LA6NlYHNRnaCm$F7cul
z)Kl8hH30}Id{TYM6p`dq;yiL1-M{>WJ(eljq>iQ5S>GeVf|!&u(y#!a7HG-7sm(Uo
zD`=ol#fX`ka5Wq#T6gQ*cdiYtQhp6vqiN@0KCw&t`|eA;Hj>kpE#XG<NmA{6P4F>z
zuWa}=J?>c%CACdt)jE|bsnRgs3O(y?{xHn848>ztnV15tmf09hDQT)ojpbKAKH0SP
z>7CizG^r2LOyo|IzgmjynkuC|U8yy+L>#do*|0=p^5riUb@a$0Dykp2Ow^{3ZLQ0n
zJ<cOd6tH$Vtf?GF<H+)N9(eswGrXI<k2)r!^H?1>u((Ad9?Lk6S2Dfx?ba=(c9v~C
z@S||N`%HSlB<|KV{E?sQ6L<^+@2sE}D5)1W!P-F?ZfGWK%|>B_H5RZdc`PfHT{tkS
z>Rg!FjZJ*4y5}}NPz{x{!=PXVnZmLToyR|U+?{gPFmo4)n(bhQo+;|aYifI+Ssnf;
zajvBoiii2i{TE-03J|ojw#UipS3BWE48S^tI9Jo&Tv^-<-Y<d36OOl4izPt1gT;71
zBIwH8D1iFksq}JOcu}a2$Rb`d+;2PjZwRiJJ+@fCG$FG3fuuFsQcV;I*Dhy(FHu_i
zdw77qZ)Ad?9zFjzX;QRsiW%+>ZK<lcc&P?{@&;q(w5Xxf=m0@E<~))-k(c4(SU{Ap
zVQ1I_RNu^h8D)sp(F15pfqCj|EYjq?!usF2xWqMKAv)0*aHviK^jU~D32<;C$oqrP
z(*3jyxmLZnn<=<)!eC(8oPC|2XBPq*rP`~s+wu5(0$Knwf$%cjBfmgbKn6U`a*7br
z5oy$>N-MqEz&Fls(I^y+|JXH2C4LQP+spiy#3t?t+1jzM|D6Dt)tH57y>I{nk5n^J
zCUe3*0l-P8S@Tq&BL$gKson{d)gNh8E1qlRE{}m?WF7voof~3K%`2!_Jrk%V))!8W
z2fOzJP$KBRkr7-F0B)1(W{-m}Jr0QmAZR;~9t`zNsO9PwLjK*rU&lreNgCT^c8^u=
zaRQax;L@1JKKSy2jwjO2RAnLl6-*OW1%W)PL2<)%dFD(K9si3oK@YQzGndGOC?+(W
zLt{>2Jv;pOE61(xj1WOA0W^V1jz$1S-e5kQ3Fws<?{<+jmk=d5-6?JO@ogp_KmMJP
zVJyWJT9rYkv!fhRp@}!2FF<{rp0NrU$^v{KF6^EHGTb<GL-TbxC(oR;gQP6jdxsj)
z)UKvk&q#x6mVvJsXE-kCTAgVs`1=8gxeGHZ4b`$WCzS)cOqY}UkFn%Q_X^IRtjM|;
z^G>3A2utMg*LP8>1Nr!O6<;vJ7=_!jbVvw^;vsHWm>K?;i${_x0Gm6odOtH+^u_b|
zk15i|l??}Z42^;M`0zLg0~6$cEL5ETt)<RKhqZeWv;^&KQmNb4MOQ9r{KP#&d?A(o
zV=<}yrxfLVBdg#kZ7Li&2Ml_geYGjVUvV)5+gvBEn%_$(n#n?ZopJi4y$ArAO9Z3C
zaN#E<&F}qzUx6He`nxZqkK~V7yd%%8hepA(g(8R<3;IxabS7B&G4=C1Q4EO$_{IMs
zp=iXN5CBX9R1wuS@FO2!65yZ{ewv4GZs!8FQ9U3M2_{-&Z=Fc6kDl%S0L<Wx995j!
z{zAp~2fZDm#ld=^*AB}o8cB#rSX6mf6OHZGg6r;J;0M=c^{1TPt6?q$fIZJQ=$fa|
z>-iK_cRmN!KYx#_Hu#P%OG%~~1V9cBQqb!ctfBIDFur<&?g~Nf3Za|4WxvzGKt-{=
zVZU>!GUw!|q|nsUC$wS8=nKC~$NwVgG`RP%rG1fh*tYKQuyIFgJVj4#rC|CMSV5~r
zHd6eSjNw*|`sV6Py!h@rBT+CKJtyC!2AxZn_6Q@L9FuFyjTCGM%m3lvU|MCm_Nv<r
z5@08EfOiEUH%Io38sZ>d$FuYVemi|Ot^g(UKEWLR`Q4TLM2bL(?oEPx^s1NxkVY8@
z9@){Q3{Z)7Cnbo4iSI=&Bs21n?`)owoZ``hp8&zecVN=%v_C{NzGP<~{h7<pm!J&s
zMDM)5(nrrnU@=GxQ1BUmQmwGnYj?(Vcn}H1M^|2!Q8Kzk2!(hb34l}g$e)w&qt7<B
z80yQM-py!;)h#7MQ{n=ZEJ0NFH&C&3#{*YKhkqo(hZ{4e8;|a3>e;cucVf!di5ZUk
zhI0yplJD>&tA%=Yq+V%`4IEm8A$0p2ZyDt9FC;$b>^mzG5n_`GOjN`?cSoQzz6(sR
zupO5)_>$QORWECb@kz!@E|GeFt#mdG{2d%jnqB-giHvYObZnFTo;7+j3QUwuGD<@6
zzbP&_XOwzK1y8gY5(b&qxQFPb#$AGX*)^_05ij;VY5>tRKUSn=2Ma7PFx-R}wKR;$
zq<4x-yl_Fd5&37+4n=$~dC?C&8tZ|C`cO}d+v6z+XOwCp(h7O2vmIx7Rw_GTz0X9{
z@E#aV)|uGlQi~1yTapfPZ#)D$ys%nw#9*%hkFZDT<TGwB!R{lew1W`!!@~lkN`qDQ
zCx8^bdb~+-7Z{S+7w0Mt=VZo(;@=D-W$Il&^I8)u3@!`0bV$L3H>JWM>Rc&%C)dbb
zHos=Uae|dHQ~Ej|2}3;6jZ3lv0gH{PgN-~QrNziJKcrCl6%OGF%OnMO!cs%n3WbKp
z=oCWnt?Cy8ElOS|%yOw_B*ajNFAnMEpFHZTOux3YMF$mtRR!81v|d5_`)b0WaU>1S
zmVVV;xV><srtP=8Kcoa3T$s`ItVmecgT`+|&2Iv5Z!MM`S9IwTkPBY;b{EnGT}7t8
zCUS<K+~$X`bYP@r6xJP6aCl6a1xjos_(GTBSzd#m2zl3rNQ+^I4GsS+xXG(VlBs#>
zqBIgjl=LYaa~q9bvRUUwmXDegTkHO6FCV$etWlYGX>=GWhIZsVegEz~69=G5M}u6T
zOV406B=NM}!>{Pf*PzOP7qN@5rbe59MN+Odzfc|ja@bBdzw<rD4Ja`?W9PnOPW*&i
zph+KrV68s-gNf6T-@5R<<9IrmFTc4`u;U-ca;um#it#XJC+sYX$gMd{-ce^ZCFVo|
z?r+g4pOD4|`HDwp`62iKxk)-%SNevq@%kI5UX7B_prJwz!q%0JR^~q^+Y>4liExJw
zAOV5Yc2@1r3jw@uX`Qd%A>&tM*8VL;AY)fyOn611LQoa*<=>XDW!dk<HK>W)rjo1M
zt=5S-%Zl%Dx#%=0Eoo%Y<}ICIz;~*KX69AdftDo6mPl6?h3hKAjkPc&Of@jj7JJ}?
z$?3lN)6+%t?>Lj*VoaQ+bDQQ>9PoEcUYQ)V(JPl=73s^bCP31Fe$m1>THzfplL4EH
z;wHbkHeV%}@dnyVvUYgP>u;QV83sfNe)aWdAftu~-zGb6tPf^1bIZ&MgR<F9`858@
z(nUN|z$#7#D<kbUXHs^DP5vwyVaj)6vzeUvucLwSk$^-e5-dn=OAayTP3DYSQPq=>
zIyD*dxASKmU%oWPZYl=7hveLF)2z(KsiGvSl~d8NCb6+93k_(!5%t;jKhTQ}Vhwt7
z85y19^#>!z6NXwZ({V;xHI6_;4lRxh0^#@$b}jdZQadfcOdA1cj&-dt6FF{<A&lTT
zoFIgu`G9j>!9KA$I(iRcFX)Eq#%^@?WolWZK64i{LN3a#NC+tPS_gSFX*$vQ_hUrq
zl{og;8PQ|p?X_G;cB*kPwLZC1!%E{3|H4|&Vr8tDMa#Wu$*MlgF|nb(MuHokw8Sf8
zz=u0**+44Zcx4>~%WQDqNu$%SXl8TZli#`_Ou0H$IFemU&=E%ey1qbVd97+x`e-w;
zYOoYR=-NJ4$ZExTjxhl%ZH#Js?&u@NaGx_=v5;-QGKmpdU7oqeFi)>;-^A&>%YW|v
z5+aK^x?+*kXInis-Y)lc3cww@Qh{#0ICk}$Zm$zV94u!V{JHrSBY9<;@&n|O?~!Cp
zuy^o<YY|)4l}xSSGD&(nva(;3(V_++S>DzO7W{j8-Kbdi0<jrat=q7w)k|IF@mNza
z(^`6$wbhHORwiTKr8JeR+F|PkZ}QJasOFA^8eaNzi~pdN_2!O^))r3*I1?w^@DeuD
z(yTZC(9*nh-Rv0Ce~<E-($VNeMcm3}TPFm_3?%tV4`vK7Ca}#&gi_G=-Pq&Z+XKqx
zA`Ep$0-X1MwIS_eFea!8gEkrt-RkADR59l=A&-ZHopHr6Q`sVAfmr=3r8q=(SZ4>V
z4NN|Dn<<UV4QDF3Ce;uOT8+t_2o38)ktk9{d9w_wJabJZ)zg`wHVWlhbB#bTl}UbU
z#4hL?uF&&j>z$R7kVX1@g3$B-4c}|(LAb$We^ZS~xc8vb9p5u&JM6ySsA~aNaJ1JT
zCun*lJ)ZD4Y@LQvb)bXkwf*4EgTdJPAUE@;lL>GGcCw>$CO~8S9-i9@jR@zmC-c0V
z0QRtdrLVs8Ll~eCjo=L6pfMBLcfRDmE!8{}1Fp;`O9LW;;IRm2vTc;R*$wHmO-M1$
z*Jh2^7<dTc2%C8$6KVzxR@%a(G3SCTSZe2ZjlS%hv&NU2qs;XT<tWu72WV1)lMiNa
z3Zc@E_q#J<Vt5p$%}jglbQPJ|3V1~Cx!rgj_u!~?uTSel%z=%nY{cx7)DA;LGZIC|
zzfpm+w#UO|jqfWc>Q*lPzkN^7DDJdMd_!1I!3WCPn6zB<nojuh+PHl17@E`zwoOOi
z2DCo6OW7~e8pE|R+2~QJ>gBB}sG;!*y&S)9w8jqnj}zG-1I84yM;^){D}xL+c`a*v
z2irmBs)hZ1&0TjIa%?3<Q=W4kP61=&GR{?!^}0#Hnnof&u=fSqoJb;(jsKZA1{_(-
zS#4(jkA8wX_CkBu5VCct!oyCLHl$vymkU-I_R-q`s5qeUbEXbMcWg1=1mv1se*`Yo
zsxSB5{Z;sdgUai`<#07t#9$+(3vE*2S3T$ch6blJ_hkN~G2+x_?4t=<<;26C#`6F8
z2%oocSk+L2vF1e9Y>|!V4xWUmYq^ylm?hIYu2EL98~-5>rN?1)kw|O?urtoY->Mn6
z$*eyTP%EDExf@>t6m_LqC6IjqPk2e6{sp|*jK_b#ZzhT)7A$85%Z#pk<KBqLes)dC
z5}=?trC&AXHkY44JHK$g$Ix2mz(_L}i0#ZGWQ_}_)yU|SV_+j>5osrrq2x#^43}=G
zmP)W`PBb9JaA~RAj<UNABi{EuCO#CtE#%p&gu3=sFwms5+f;FXxKuQ;tYmGdLYtU4
zZYC0Tl1i6k6I(w_sT97<X1nC$rmP)I{fBOZ-kIN8IW0}?$uswx$7!77m5*uUYX8?G
z7yCPX*uOpdAFVS{_5@S7g+N;^KT+YT*U(+IXeBY$Oi$jD@?aWn?TwtB-qVj(aOR*I
zH$7nMqeihHEM(+6rIcDxf=|-G69LSDj;Wme$W-CEJLOokyjyaJgWurRBzJcrfHoa=
z<2W=-BVkV1xVUfvFcBPlO#D_yS#mHczq1RuS2jNIEbK~N#~0g4i%Cp;cR;1MuA0Ao
zsbD%c(n52}HyTJ!i)}mlOjNWIoKoCLm%g#r>Nt`XzWg%>bt?hDlrD1u%g}Ec5Q-dN
zC0sxGv^3}?Qr|t?@gRKJ#+GNkX`K7Dv{*#aooQ!~p-$&vg%i0{*9<pTEi?T!b6cc`
z0GOb>x0VWV;C<F}9Q%B;rm;fBG(EjwbB@UoM@evl5+DRtthf5YCSO5;2nfyYvyssz
zcA<!MbAChyi4Z$;XAToD-{bajKYcP|1w(h`-}R0gCQ7`YT9hp@0MeZ0)TU|_7<M|!
zXLnUiXpp&;%R?MEX*od^;)qxi9x##^UGG1?P>U%nl?`*pDQg_97&-X=0@w#9_}p%U
zKWC3CEEngJY`157Ajd{^h|?b`8fT-j66M>dtaQ0IDl64^8<p_t^J#~R=82+l9CGZ;
zM6yvBb{37d2<P!@lh`{g*A|hMVog}yE&rhMtRP<Rv%c%*;PS;AkmCJf>)UnKSMscH
zC0bv4vA#ZOeH|-lc@4?>?$W!Kw<z<?N4(&7CVR6=`v;`AzV>&f`B>qD(p%q4+ja(j
z<$Gc5Z0Us_kq_4RohcrxEP2pr$%lMzJ8idIcUyjeuwKPOKWiRZ-ypEQK4AULYImNi
z^;ghG3&yu!{N{Zod-MG?f4212AIuMYKzlzZz4d3_Gx;mu@2_V||AZy}A2go%er|l%
za<%%|dUfQfYx(SG;@1{_U1IU8^=f^x`R*C)7tgWJWN*I5?Pp7GeF%OukG*ddjQ>>m
zZ0W6!ZqMYee9u(RmcGfd&OT^7-#SCQeD3kD3oK8;@;!nQj|i+!7OaoE2KhB<d88zs
zVPxeKm$TRMsOvx;efgg22>ZIvU{6*(;rJ&k*HO!Lz2!D@Grx{lZXvC=VEObtYPtTu
z(*H!^_}60=z4>m`ggxS(VR{~Ym3+LmDD$3bw&e)xP{+R=T5qAN%tPN~xyM_;uPyxA
zYWXjjt^XOb6|Um=Zhj5%Yd^n6KA^mDL4kzBQZBrV<2mt4&V#rD2lhE~;hp%HD;M5n
z{HC3WFTjDEcsKh;O0w~VMqo4XMQF{5SJA2F!WZM+nq2r2n7-9-!h3+px$vb}pA+xJ
zp;J;0d>J0ji7&_DocIbH$%(JT-c&Ap72e2+ug2ya?<OgzLAR6(Uz;a?Cgj0S%!8kl
z2Va*5KRFNnoILm`$aOpKz@JlAy#7xpWaq;Kb~BsCS7y*>=bMht&Yzj%>Mg{AJaSH2
z<Xm(H`v)!dFXQ%G@f{q$*Mk2z`<tC_pWyVP7WyRfX*y4&3_02P%>Lc(9Qbc=`Ax;S
z?8#m)|H(gEV8!e7rR*PX%*JQu^HXQ=XRF1YSGb+lf4cs69B=*C(sjMrb>pv`-uf?9
zof3Yw{4+d4&bGQ-^D4oCy4>^ax6D_S^mqxpD5F&zKWM>!oO{DsAL<x=8sE?HevTjI
z_z_E7j!Ztgd=~VzzD)eZOnx>VdE{Ki=(F>AJ;VPwWv!n<*3GWxNj@)Y{)})r)_SYw
zPxij^d5Kn6Htd(u|H_LQ?w5cZQ^j+6=zpCD|GorF&4I6ybJN%7!TV*hKfAsy$V1=C
z=v54Idhwsku90)kt2>XJjd}35<iUR_5B^Xd{7>`XpU#8-RUZ8NdFEBA<ffmYkbkoG
zk#qCVgZ-Nlem`B#U(nbaPlo+5Oy3Ol(V=U!;MIY?Xf{#QA46|EnMe-x_4#`d(&E~N
za3ZP21Id9vZzLAg5||!BAP|ZLHbi1Q!AKyKjKvdy;Lv9FDYA%`)I$EI+!TSna5NkU
z#^b@^fEG>0htU@g4rqbU(7?bj0s&KxeVr|X)co;5;{%nJ56|%r%VmC~h<_=~-(-Bh
zEbD`xmM=dB0?XF6UA{E1boG)zfTog&1^R>0P((vu$wybWUB03nfxz<BR|b}LaMF$?
zYY_-^UEVI3man>EaoeiE70Z^bTiO-qYFoT&X#n~MNn2Z&uUfIVJuu(jd_ney^#Uup
zE)S#~-*tIAxxFjc6VWn1SDEKKw1GhH=AiLuD61~x6OkET)MA0Le5%p%CAL6d!$2$=
zNF;;tWFV0J(cIjh`^xnZvvI$WYWXIh`5Un2FMp2nl}6^jJl?Z>lvDo%VCF{>;ZF<?
zB!fNhCz5gf+AmtsSW@$Ehz|LChQg6hLpTK1V_y;WhlZnx;Q{@cjO!!(D}ouFKpg(K
z76}p|Zw*G0@H1Qd?3<Z>77l+r#y*Pa*ZTR&=nuuyJ)J{eB07g?6Bh~g$79T#;6S(+
z{tdAt`=e{qCHEu}@b|_B256o5Lt4+!hCnbLjBd~pq8pC(#f+hzp18J2^djM?CfaPq
z93ATwO)lx50h9QDS|@f@asMf<({udxoUtF#St^x^34U>(Dy~h&y#O-KH8A}!q?+{m
zEI%-9lhb+?6TdjlwQ{`R7x%s5`W-3z{=<3>Pnql&_s8OTzQumoa=jA3X%oNo9dVz@
zZ&Hr=hxnM_7x&xZ>Xmc*Ps~5c`4{uPxGxvieksjgm4kmXw@cjS&$c|EsXRmc6Bd4P
z-V#@@#o^XH^#%*SxX%;Udy2>B-)i9(=OS_Sp27aln*JLpMqitGwf^v7m3O;^-#EAO
zYu6d{@3ruY=N01msO9$Gnm_mIr)48Q#QoTzQ@QEgmh1P~DL>6G?h7A2Oa4c={eoYd
z^ADeaU%)SU>;%8KA2`DKk4Tw*b6etY)S_S92kcFy*Y|k#zii<b&u8A?{M*mK|62>c
zxF6fhE6p2cnEzWGC-}wvO*j9pSnV13|1934ww~iTe<O0&KXH9O&u1V0jq^8Q{Q6la
z<>r5g^Z&*_K7Umn{(G8q>`xuz^H0mefAxoS>{!Y8{Ebp>|ApFh$}g0R@4rQP^q=a~
zv5V)AuYYMC{!4GtvDW8CQjU1!dKcrszw&j=AK2GZP0dmN3r)FahQYgZ{tK1y^_S)0
g-~T0@a@`sB-~S%~009600RRC1|2pX&g21H#04>p}c>n+a

diff --git a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
index f673240f6..8c8885852 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
+++ b/lib/go-jinja2/internal/data/linux-arm64/markupsafe/_speedups.pyi
@@ -1,9 +1 @@
-from typing import Any
-from typing import Optional
-
-from . import Markup
-
-def escape(s: Any) -> Markup: ...
-def escape_silent(s: Optional[Any]) -> Markup: ...
-def soft_str(s: Any) -> str: ...
-def soft_unicode(s: Any) -> str: ...
+def _escape_inner(s: str, /) -> str: ...
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py b/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
index 824936194..2ec4f203c 100644
--- a/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
+++ b/lib/go-jinja2/internal/data/linux-arm64/yaml/__init__.py
@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '6.0.1'
+__version__ = '6.0.2'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/lib/go-jinja2/internal/data/linux-arm64/yaml/_yaml.cpython-311-aarch64-linux-gnu.so.gz b/lib/go-jinja2/internal/data/linux-arm64/yaml/_yaml.cpython-311-aarch64-linux-gnu.so.gz
index 8cecbb872c866b85e71bc8ad165c0cc5438d443e..e956b49e85ede9e89371c51f16c92123241d5b22 100644
GIT binary patch
literal 700886
zcmaG{WkVcIvkl?F-Gf7L4-niTNbnHc-Q696y9WpkL4!MsySux?5+JzS-r4sDTs}0X
zs!pA%?w*;QSqAcG#COo2_mKV<KVQ`a(0zRMiVw%s6z5k@dHA3!%>SrGmka8WDUkl7
zq@^e0YyR~K6%!UoA*e>u3?;`pTV2bTSjT4xOWR0XX#m?s$H&#xwzjBbcUs3Mt^=c<
z^D_qO579u!%Y;{-%3newqv@b2uMYnJ-?_AG-E+TxC#`pl!Z!c7l7&va3>TcGip0yv
z@jK!p@cfvqu8~FD&Pn@(1+`-uBBbFgt$TS;%-+~v6@-rQC>JguHp6Vqc>V%5^C!1R
zU+4S?h}_72XYnZVIb`kTdJ7fl${wqgWL2uaJ<IR>t)81cT2gIPgII3J_#52%CKYzQ
zX+}$R6i@mbkyjFP9R<9ZeAh4k>HF&`Nb~ctn&iTXisR#P_zcFD-^F66g^~qnGMYz#
z2YI>P&ArAJoxdq=K*5b<?&&9$zr~cveyh&6yrk9N%O!D~$-kA?$BomwO-ab(Ia6-5
zBWK&ga(s9uf5?HIP(D%P(<=HyU?9atMML&_U3^6(ibyJs_=-#E`hn8*KT2HHxK|R&
z8+7rbG{k)L(2nZ%HzLX#fspBN#Qb<Haih?HD9k4z@uPUe{A9%Z0BOWmILaG1@uSb;
zN7ab=)tKUt{OV_`mmA43IX5N9<IIvq1(F3M?`hmYWHb3%TFtYs0fpS}_1@>zN8bV!
zLu9mtd`Zx)_T<dWVd3TKWJ_Ie_SSm8QEB{H_?7x;M``Kx-=Lx4bO40yICnY@qPUV)
zzALm~z`0NxHv+jC|4paggR-Q@``PQchb~&DdG&Nw<8H!h%KmLy!|O>TXWggt?ZtQb
zQ8K1OZ_~fvIqn%<(DhGI`Ncr_nRJvchTwxkZg%ODBDkuoI$YzedZk$x!J{`vgWK+C
z*_?mV{ojGbG1;=~nf(6WM*|}F*Xj*6N&ox)j(C5_^J5$SWStK|i2laS$+=#gpvTqy
zR@v)jg~pqJLaj_ZzDDeT%k*x=%rWx})&2*nFg>mUg(oo8_41ovYwaufY|Ml}-QXd4
zUhQM}_;ULqhr1AjM<UCIv!7u?8B*9UPq^pJIS(mE^}9A7_9=0<J^LI#;dfm7I7Yae
zWjJ(rZr-xlM|fNzg{VLpOuiKV58?>_Himj@VOHApQ6fvkbbE<I_dJ<!u;^oO05xp&
zurlNj^?J7q^_6+J+mCS2%m=<><JV5>6`F~QM%dFBXMY!4pWCZ&Fr>>O-J^q$H#0wn
zitso$iL#n2m`vU5XiAA=o|CVy1v1U=PX0#K=h=}#ImyOR5f0%Ae)HitGBpTu`a3cm
zPHq+fxkr8VVhx4>{ecpVbfY->o6V2bJUDMGY{E{o6Z0`h2WwvsP;a}kdb&7*(W}i`
z96D3;G5(<5Cwg!k6|zZ?#}K|u5WX0UO*g~LEx#zkLw*z91agjV)uG<1T13<fNMt=#
z)IPshg*{A}9Vyv_J+{&JJ-lt9`nBYU(amuj)i4H6o^Vu%h)m?=28<|AQ4wCfxrDv(
za`t1G9znWHFSauC-yqqP=Ou)TKiW9wMQ9|lFgRk)?@(`F_<}d1IQzkz^B^vXEOOJU
zDP^!SypZmgGNb_2Nq?#)E_<?JYW!1Y*OYR63gx*F;jUn+7#*8gX$g}=mVxO}-wW!c
z9B0g!Vc5e7r|!}&>dEyv=lHz^#}U|v@K_{K3>+|pX<-rO#Fw7$Zvam!oRN<aFxefD
zmY)mkKEx^PO@?sLMm<b8iv!F43(EQk2CpFUlvqgSbV<?iw>JZ#<hP;Xn7e@Cto@Rk
zul6b}n+1;2Nf6Z?C%dHZVwybz55{ZNpZjyp$#0w~7`lIcw$IqQ&x1|9LlI^l&?S<t
zo2a*PwX0M3pKpJkfGX!*POqtREo80~WM5H=X&&9AKn~i;>#u#(5SOYt$P&Y4JcFO|
zF(kjYx#YG)vurC>9bzK;f|+(Y<$tgjyp-a-I4Sew@U_yxJLHs}AU3mz@D{X;I?%Q7
z>jqNWE24NiRCOa=c3r$no}RtGrS^anT5iF3%jBn7d~==dthc9ft-bT3;bbH4Xd*jz
zpOxlK%xrxF?)PH=z1ynp?;-X-^CnCrdSF;tUw;mP_9;c*s$TlH@5#DpS4w)-Hm)KT
zj85E&vR7TjRdR#`PWDM6)&0LpVyfxFN#9PHYtfnfJSRT!D>h+UY-UkcEAO`F?Kj3M
zUHKPHInX;b5lhGKkrlmp%_aM0V1o_t0y3>!MTl`b)MAN+0^%8+#G|TGix%x@6hGUM
z1XRsGX85@JDp;?Z{1&nB`}Q|Jy%?uie@01L$bsRtY&TifUhT>8>x{%t4g*G92qbyb
zhIE6xYd2tk!@E<Y>cYw#*oURpGPiMVZH%UV?}v%0`*m57jnNi1^%kkW7%DgQP7lHL
zs}pM(L^e9wCmA|6Hs9?0O#GPsY^ZK&##?Jt_|>@o1};;e&Z32-_Pd_CN`=_YMmOT7
zr=+1lVU?2&HR<>Bc9j96;nw9Ls|!FdWATu5Q(cuNWwG&L(blsUY*(qrWP6{_Xr$HA
z-00ruK=%hb1@@qGF==tpT$M(!W-QauCl3T-Fyi4^Vs)_IRA2f-Qh}wd?YDN+$JMzA
z=sgWiludIL#xd@Q8JwgR$I2Fj6Q6V_5c@SU5$X6%#ExZVHlgJv^MBcP{Bu>eYIe&K
ziBf?rBi6Xk*%~W;H4Ga&3ZpX3v2|yj+g#PyS>~jt=VHP^TNbS;D>$2C*4bLAli5Bm
znYJLj-qHk`TuW$GG${8#!9H%XtGu-<cd)zVTC%^fyKQ_**<0vLT`V@=Dn(?{PG!p8
z;_V$fZn9U{F?ZG~TaR2`1C~%qoNi9&uZ=Bfwk=m#)_<OcX-m!7x_VdM$z93C$+LdM
zNe4`kX*|!RSEEf&#~DkH$3%bpGPR}DI>wvv)R4^F)^yx$ZyBgkNcas-qSUvV9O$X+
z0+aRo5>R0;|7_L#c1v*%JMpWjT4)<sD%k#FWUAZz`T3Z8v0<_CN#>&}4fTF)$I8;N
z4cQ=5Dg%SM?b_!2dPWq)a89b|!L*F3bbU#7R6cppvC+oER*8SXw(|bTGEes@xYMo?
zqqsjwP^Qtc(Ltkpx3EEgPZ#5<iHi$GwroLwNav*av6EpK!5xb|E~fv;N>e>^_P4lt
z!~E&;_J;P-EQhup)pv)7-Q-Yp8l`H#z|VE7;EkDe6-c2HUy=LI>a(u~{4_rnJv#(4
zGI59$Z!0RS*6vzER^>v~4Nw;Pk_KZ(aoMQi%KZeE7MktLtgW@?TGZ&RHrK@^wGOG+
zOwb2pJ{<Hi9&0znsN`^vF=VGcYnNvnkA%jaIm=>|;YOO-XF6nhtlcF#F5GUil*xS@
z>sdV{E#pc`A3JGkimCY3w?U`B@5$(DjrCE8sXAbGi8riQW1$(9t#L%`Ta21QY-aM(
zmI@@Ln!B-}%4>G1-O6Tea^8%3T~?dS-nMLO{b)^Q9JdJeXG39Jg6~&S8jA>yZ%Oq=
zKhM8zEgB_OY}VQZSA*Oo_oTL}5=DQXd?k^`yN;MzTb)0xTx)G~e~go=u0v;dCFCm|
zZ>~#G`ZK#zYkR}B<nz7x*D5MPL=1MKwRANa29J01Lpxe$?1*F#E~u52>#T9KUG+vq
zXJxseo}H40U%^<iRCawAx2ZL<Uwc!xnT4wZ2gTYdyE(t9SDNjbtIuO7Ws`ilsY5Lf
zS7Y|-V)Y>Ur&@l7{^@rf>??ljN2T`Z0+|@ve>1z4Hu6D>#qb7u!~euUwTvueLUSqn
zQiZ8RD?5*A?Nqe8_IHho!hdb-DT6c6t#wpR4r<K*G%b4h(Gc?#yT7kgSkq{D$~eLO
zHviDs*tc{<!z68DqvvNbR*LSw*HmY0N+zPx>=w?E5y_#go$2ScX6+YC{8NBxg?fSR
zp2t+*fgntysDYLm!Pv75a=6ZBXT6${K(L}xVQp=_Tr1RA!**?_79~&OTVrMNTKv?X
zR4QMd6ib}!a!fq?K~eKLVs?_zNI}6)Zto7bOe`vt7Bzxa+KLDl7VQb#7wqLWi;s1z
zn->;%7HL^Q+?O0l<?AKm24?0n*yNL`X9BXqs#8*BqtdG&Kk1WYSJP$bJEDUdeUp?w
zb1sFvNJ|aB-FQ(ZPKbG)h=#TWPI#K^A89wIPs?o{Xzv!exVaX6PMZ9$r{fCorM@zN
zHr~S0QwHiypWO{iWEU}b>@8PkTAb99o9%5@^?w7W-D37Po)IYrYi_&pwa$)Cr|ac9
z(r@FA_1xTE9=25WCOHX?Woz07OG!JL(Lj=(OL1@+D1E0_n&1NBEUUKw8MENk36s-M
zPp~GRc^>R<FqqNY;;-<M{M)I}_}^~@(*x;D-^fFU)fL?>e%-O*-c|YPy3AoIX0A<Q
z4_oQRG6R)Q?4R1SM?N`R+u2+;#_?Z$`R-?eoN#M!DWBl*@8aLZH?X~pcT)S`KQ>mE
zT+NI2f6BKqjA-rtY&}hsfo*QM?JATiZ?>}7${y4HUdSjvZ9C4VE*@5P4mRve@Sff1
zBpAt@!Nm4mTj1K;TN7PtZVbjokqq(YMVQ1$L^aLEQ=9Kalpc>12o}r9X0DwaXG*(y
z58cI@Zq*nK6)SX_&*IkM6_Ro%HhVX&Wn}n`WZIxOS(Dt!-n!2%lCtPbFFv8I>ENs-
z^06qm9Ad4>`Rjy?YE;s*lxK^8&vxh6e54-Zn>Zn#ASRP9&Hj+=AxI(iVV6*}7zFZS
z`sdp%qz9rBK(3yzR7sWly>W-!QbsbMw&2?oOx-BLpXVvYDZXMS{hg-IId$Y}IS|>)
zBP#2I$D|owNZyr4@n`*oOkcDjrzw_$^WRo4B?(Uy)}M1d)E;$tV;yQ~|9M%xMD!Ar
zT%I6T%kIsP9k?{yJjBxm%vecZn}L6xD1w)M3Kw2>>8n2_3~sO<z&dYOzG+)H7us39
z%!{bx$`#*gm2oBv!h%ye|4Lso$!1^AdM-#FoQqnm|C3*>E^)e4shgy-@~u=Unf#Oy
zP&{uXw>Kq{9K%T!3(>yJO&feHNq)n#T5sZblv5+Zuu6K<nf1(*opJHb@<@JTE51Cz
zU<z20*_+ECJm4$*oXvDgA_rbIeVLkl*ixqn;QOf$-YpDJ^3GZqF?gDL{+@HQL^yYt
zxa%OdcXl8Pnd4P?0T&H1e1FOvjHkcVD7u{fSOfuj4+dghk+YD`WXdo1C6^}c1%018
z^)5wH^{4!R&_k6fWUi$}`ELMGwerjJ+`}rIEJVS|Tm8mdZcoGi_s!PlCSh=qQ-k#1
zE-PC<^&+Qx)*?u8?JY=XW2@>$Bz7(3WFvQQ00h-)X#_@38+GSS-_${a02x3u{!I-S
zMGDsApXMHdx~TU~#!c?$QU?dXDQ}rWXW;hFRlt2x?x3BlkQ&f!@`!i;P5bE6oj1|>
zx!kKBon3oIve!mx!$WXcS7vb~SR-ZWvoI@<mCr2i=-1Wfxt7Y0S^*S7{%J`|8Qg3s
zC%bbGx4*u&eT=;q`270}+~>8#@Fc%S9Q)_n{iD$a<J;2QL%Um9pp};c<9(T{zgT42
zpcl<#464(iS;Y6mL8cU5H7gQ^=OXDj&xo)3=XamqO0g|8!g!6tc&ke;S!A<BiA2gz
zG2#pF#UgQJ_u5i;bBivSq7)U2E^`^T7>>X0u`xP5arT39DB~t_nsVr!28)~uPnGaX
zE~%nKa(lLt2Lmb}9KP;V%?q={1{6P>Pi+S<$3he?A#OyuB@Ymm*n9f78PvDoL~e4t
z06n5+hG!`qqH~SSALBB6tw54Q)&SwIYSE>WY?k!g1B1mZAW1;)<X&`1C`-Z~>p}nI
z#U2Y$RX@Y9@~y=N%Mfh|v;MmGChEGHk`>9a@_suz@^gK9^$2r0eP%l+d4AK`0frN&
zI6uh7E`XT$hdLphM*t#r1bjkJAF(rlUdQ?FUU`lIb8Qb8GQA-;vHq=tn-14iwfAdy
z(1C1e`S~9U6cyN<zTQPc5e(Ev1x1ulG^J~D-uxSC3PA^YpVQYSR_GuA40kc7fY0|1
z;6*`E4s_6|8`^Y;UIEe!#>srTNQcREa;2fZ@VcQzumv>m{kd%Ck)Hlleh=nASb!?_
zT&c4B@7omPi3L%BP@_L^*|^;LNk-SGSbSM}<u8~p7+<*9_jxma9->7gQv8rByH_$9
zw;5jC72pAmdwuhBI$PcwfTGu#_1dAaWP!Wqd*H}9Y5VE-4c?!+gDjL>ZciHbO)HGI
zgyW*iEP{Ljvnzo95tJ>P{j^!-yn)*s^At3O*sP){?eqlFB_5zt_9Yp({tF(b7Y^U$
zr0<N_y{6Zf7jaOy9Jsl@#|?<s#lx*G?lKU&Y`k%q!VL)7C5v(>e87)#$nVk+y`+sg
zFL-FCXH|Lm8r3CpsfW9zbSZRm{fZk9_m%@ca6hw^_WR))S48U4;rq)HZa~^DWz;jn
z8{vRKaqe32156YocGp2!Q1+5M{^>@jEI>-=O6@+xp5e_#yBW767nK}nbBoULd)6EL
z4QiB))rN{L&#}*YDnXf()LnRh!!z4j)DpSKG62a2hKU9sHSOD0IN^>v5DW+he1E~$
z28Auj018k9l2`#hgtSs8%3`jy$P*m^U_j#G8ORil14vX*kOR$gs|(+irr%V$jJ#=8
zxcvINlY+OGZtkhXldLiz3c>^ob6XZp-+ht)ht6}PFW+lJa7BcVeZEuq5&_OFv6I|g
zkJ+b^2Uj4F3$-|{UcbL6HM}thM=y#Dpg=7isFev==LNS)m+zq3Ie-O*<_Q9MUC<a9
zS{Dn5vE>1zP$0!W0&w#|;}-Me2GS4MP?!dl`3*3h0cBqXXk(C^5y7ZyAVFUos9yvH
zQUDmU1WLmIIR=V=)del>3|IlswwQpJFC36uO>*1OkEQ<=V3b4oVo<&UV9`MtXi#~B
zU%Zk|-Xf1YQA^W6!+n5$XB?pMKSgP)*Ltd#Txcp4R6GU<1jqsTC(wzP0Nl4J=)eak
zLD-;-EP!DH1lJ`1RtW&wp<+CMbPIHDegNA)3F?^vikSl$BC-JS7Ao=|AOa;mr~~dT
z=p19A>?nZU3|&1=Al?kbJ%OFOMf~612teE51n30N78#&<(Ag;g^aoC;CNq!|4S-IM
z`Fl6%2R10p06J_z2RI-hAQ8~-f_BRWZOH?wXae{l(1T<SQnSDwbzX9-<RlL;M4&sP
z0cCswf?d!Sw}99sIkf9FXg!8XNCnm=G*Aug0RzgFgQ`KdJ^;Fbkj&j?j{w~EiH|S$
zR!5C%Z6d<h#x^)sPk>W!An*HKzH^Nm>wrBiWXzZ6IY0%HZLHjtz0)(8*Iye_xzoe_
zvkpygS(ag~H`or=Ou)0|U(qQEnJof?&wGp}C3=B)1RXjvC7MSys=I7z5wod}j|@KO
zBT6gRU;Rh*zg&I469T+jN>|_A8AhgJmdBv(uYlV+DYvd1F#JRIOHPMm004aRbBabS
zB4F$QXgnhUabh5DPYW1d0V5ac)dIkM(#tW{^BN%A1=Sye0$BiH03vT#Kxq+5fJrfu
z%Vpf90Mr!#TwN4^D-B>mqJSz}NiQj{lz=-o;Uxp>83XE%1pHkIFDazZWI3P=BpL8P
zfTC^5`%7`ldH^Yx3W&W2^3s6DI;DV`XaF%BsB13UJ$O|5Xz;$NEX9r<Mu)*nN4C4^
zM;$4R;hNkEAB~}a%nFWd_Z<>&ixya!Tvw9x;%)tw{E{LR4OHO+w5RBRg@bl~4>aK?
z0)Qgwt{)i?AXH5agt!3D0$_-U17%I1KoJ1&Nn0`#0npU}CfJq;XqiI|AmNz-3TS{#
zwh@PdL#QBIA~0<Z08~Tg4-3QtpbMx3^e-%Pm09)(-KGD3webJf^eY{Z3jrE&hi)Dl
zuo!PjP!Du2ib-3t|LbT9sOI+r@IW`n0J?JUKxqlU;4CsUv7LWmgIiM_<xUBzOsQij
zGF%f~iBo|dTv;kLq=lzQMTXBIb=R^zi(gm1fAtsOf&f)=B!PBGfJ$Is<vJn&Z6Bcb
z&RhVfByEZPudD_zw~h?J13kdVp_|DL1<=)n9XT)j-$Ez>OS~Ziw9g52qy$|ITmVc#
zGt>4xzFk8F(*R}vUjWd6P7el%i+p@czWcWUNnI{MpDzu9Www@<_G~%+vaS9bU41Bc
zHTWV-!z(?gf0(Q=%E4qt+eu^Nmccrte(~xe@J|8nc;5FU<XcW!vSLr><>x(TN6MKU
zF+pFA)HT|V`x*SyU1^QE;Q{NZ0>a;3w07ew(luUqG(ANl!iDPA&Bcb@o}1R)e@fOL
zlkHHB@~@SYdc4-1Vg08d;k<?ysswu5FAoulnGSk31+k2_nxoC9{8!EI)zTr5wd}FA
z`D&CPW=!ptt)V$jW~TO!ky`3aD|Jl}^*G@}L#}QBUG!?nI6cDUnqbPXvkqxrA1>EZ
zL7W(-_)@f->XDF&+_N1Bjj~odI-wk$23V)@9_qJ3D)nT3`}4OiWjh|KxeN7GRTe=S
zT58W+sdj0a#T}PT>-ZDWqSlnRq|%l~5n?6E(tPbBd7g;*jo6uUWM=hi0$LhAlXf7x
zK*{<qVF-m%1`()1q6OR<&z)<|nJ|<ZyDuVXbl%>3P3yED8@eO=k7*>FiOXgpzeuOJ
z(LOhJe)jaaFOjXJ%8*%%T-87yv6C6<D_e73qeDGrdvs!8R{QNCB4x<}F@e8YINE4d
zwX8&mObo|#KA=)tuN1eD7}dlP9>|WJu^92*>||;FNwpuvag=VOg5*jupRbETyVRR(
zV(Z=(C00`GS-d0QFlM(DA?z?lYLm3I`NrOdlkJaXjOmGOk}%g9L(<0Jk#N}}lp;v?
zM~W0Xdeww+eydFUbyF0bHTKXDJAeqgJb-@8j`Gg?^1>-4TJBLd>zL<qg>B3ZChY2R
ze|NUqGMB&<q@Wu6P#EVW0cydG?X#v<7m>ROt0FKk%KrC7fXwVg5cT~%7hgUV_+Loe
zn)Dz|(H=&S9_p&np!xI|e06=PUxL}H#9peH%97T<kxS#X>e^#>deL_k*6I^>NjM!~
z)j@L-*~wd9f}ocH#KCjvu18^UQkWtL47^y%j!`&lPmaZcSZ~1>2r7op73QfgH&ahe
zmePlyrP)FBvKgZN{QxQ<YV~GT@xX-98nFL=K6eFMr&@8{_4fkzXI}sPu!!?C=p^=w
zwwPXBVQk>u3hBf%n_l%LeoF1nYs~4FCSpAO6=;Y&lM?rs8vgJXbt_5Lk|kbQWHlgQ
z_rWtnS5Uk}dEqo9JG<fe+tFr-o%C>{#ryZ=9BdJ^C0`Ui{F6OSq!cO`{Fp$5LM^ok
zqG_&065?N*+Wcs;M?#h<=Aea%Jgj~F-2Y+3=rDS%tv;xEOw}__N@6iXD?)5Y*%GF+
zRbTG#rNV}pGrB@3SYPjgzuYby-Val==@q`*s%ym<anp3+U-NRsofsR2(pJ*id*)+`
zJ(}$O035xkJ~wr|Q**ke`_C7S<uGt<%a{LVw8;t-{|mNAr_h3h^c;>SrRHt*FP~}&
z+02XKVV6g~eV|t7L8V#Zs+(;2zEoaeRN0(l1N*D`OK`J?2qsCX7Fm01ry%c9C8Bs=
z)b>Q`Pcgo6L+1|KwXQFw=cmb(@V8X^gVy??k#`Q~QjuJRDY;?f`&hy!&G0;b`XfeJ
z)N}n{dREfW2`Fk;cfT1Wm-dDQB5OpAa7p8+85Qi|QHG2qGUnelM)V9YvcE?=-o{Wf
z?jPZNFqc!WS?x2_lL<8w2}1D1OO5(KiNMagn0HvWf!e8jifI2mGVu>)@bji<O@>A7
z3+?;zVM8l&s&rV?IKuiCy^0TfkT|9m#(rayh#m?Hgnwl4BBA{et{GVNl<e3783TT?
z{lg#(%nyRhXRnB2)v_@prJ`ctCJy^`9-UqPtkfKTmG*j(5uc$^O;d5DDp5FoL`X%}
zq*O24@!ljM7tF_|YE2;W2nZED8R@-RLM+5rj~L+6)i^863&Wz)vPV0MqM8o*tl1eM
zid-)~UVTu7_Hj7!_+lj!agxJ$zal2ELWHCI{YV+UaVY=UpKow0!%@|mYTL#G!+0gg
zx@0J+E@~8B3*x7RamjJzp>M``H{rJ}4jss6#{I*O+IU$Skys}VYCQ%u#-_2dF}j++
z-^-=+?Bz)IFcuEh!V7tn$-ub}ZASE)Bc-)_Jex?t(k+#W{u#kGmPT9msz#QN7`QUW
zlL@a2(JV@g<|)gY{XO`~!dSz1C-vn1XS*kmXsk_b`aBz)1`klyhxL|Ag1SokWnSR$
zK5Q^|ZfpE_i9#;qh{e3lY`L~$)C{e2+#+T?ivCsODoWLlJh9G}Bi17&6+_~uf%o~E
zx$4GrN6i?&(@_@=|L2Fl&oXf4i33;9j0wg>l<u?R1AUC8Ux<8nLXh>%`y+f+;8YUT
zBe*nMTuRgo5o;b^G#E8$tZRIw;AVv@F*&tCo%VR?63lT!Bahn57^R~8m3YR|mFu8P
z#!p|geD!I;R+n(8Fj`}Qs(CoZKe?->M!SP6fU4SXTP6cC>m#CBjeDKZjLU-&iJiLe
z<Mv$syY{%c11B{<H1-B9RC{C#`#J_tk0O<5V9n!+#&8G|v|YuS?e_|66eAx0>G~qU
z{-h*5(;MwZ){j5nfTu3ekHF(^xwiSBDLDuVgGnwOyyAzauGWvpc69_>6Q&PDB(|hw
zRS$u=ISncH=DGu2b=mrfvUCklU@@-X*V~d|gg{|DzrIX#v=L5AFFd@UpjIFgI<8NN
z(v)3e!eWHQXm0ie_7jDq&kPJ07<EU~)%XU&lnqk!$F;V&IDD!};xT^w1UpL^j9ET@
z=)Gwq3ZCo*$8*;FoPQC9EnlZ)4(Ja2Y=~)mX<NlJ-i<63lO@m-_+zTKgN{%Wi_7TI
z1-_8uH|90i@v{0uDXv1xxeaapWhW<U`T#TY(1!%{51~1{u(@UZGE?thh0OLYAEQw#
zb|)UP<f}wbhP3b*CCqJGqLGLa;5Aw+TO9Z^Bh0iTf;d00*D;#*)b{Esl9`G|5r!_0
z=vGOO1+k`tno*&sBz}$HirH(;W=^@rU(Xz)U5wj|WIp<>r8#LKwrYWGJb0O<+aKh*
zO5Gn92Ywn|{t|HDj9>V^9<w~F`?kU;zr^<AS(Q=#^Ynkrjp=aLob=20pON2~W**7#
zpNx|o&)L<K$80X567Y!M)bMmi)*M5Jq7=x`gnbc^Q?K1$t|@R%flG)8yD>F>Za1MM
zT57Mkk>qfk$y;RB*Lf2!a+IXGkNwDWPLPZG3(?^)AAKV+g6Zu}Smt3nW*PlxOaZ>g
zHplc(6m7CGX|04foe<4F)3bF1<`15*sUpT=#+Bmtg!rw5?6agMV#EvE_UdTbg#&s7
zTAE~zyJxywmK)mZMQVM{`@I{X)<>H>a2^V(ea@SqCWC^k{z0L?8QHJmlbK&)u&5vp
zS)t7E|I(D|FF5_-Q>`n+Pc6xouDMY7XS?k23nkPk)qhRhqSs8zEi2#`!jw}CU4z7a
z6PcD16>?-^UblgAe7RIHbKi5xAlQmmI3h1`X`qcs5`>j}s~Ma4udyAUExy(9UWLn2
zNPE3e5zT>$eOB*xm~-@pzuMLCv84le^u!(*b$Mu(PD|$4RK#-ZnZVpblbIGM@K!=K
z`&1RH)PftPSo>q(bd`dMTq#-3>{R;XRivYd3g_G@-5UZ=HY>xNQ-a&>O2u#%j342+
zWZ=*#)%jviyd=@^a!A(w0&i5qeb(mlJWgs}!iWm-!!e_k_FB=)jJzliJpA(D(W?9O
zEaqzj`O!VPs>7}<(a(rfB{X_a*IhKxI5pX4U->}7q-QH7VaUP+9vG$hS>*9Mr9}H4
z^Aw?^;^P4b2;^mA=;dP0{GpmV!23rdrvDtZ(XKSC6WSFi-LDj@=!)U9OZ##a#Cy)_
zv|2uXA{%q!k{QYlTK|+CoN1k4#wAlB7eQ#@7~rdoH~*h&i$0B1E3J9Y)sg3VaxR>-
zym3g3<O@E|e3)xX0v46fhIOf<Qn#L@R?Rvmj2ss$rMoLU0-P3w($xFE333r?ll!e;
z^B?$sogAF-k2buS*+$-5b<_0ka)NBkv=a8*cXF<nOA!^iRkWHgucvlfm&|^oF6~v_
z0(wGNatL*ynnsjMYYA}P@nrX(&BQ`^v4(W&uvb$&%zxmH;kVwIiD~rMu6NL(w65?y
zyzDT4VmIE8hf#Axp_00x6gu;wLh&9w>!r(;5>pV3XL|gaK5j9gCqEs5>gi>PebzSc
z-`EVbZ5&a}ojq;^CY_O;YP^r4g&2ka!H^=pb3GyZN4x{X+OU<Z7jt}>XXlXgOIAhU
z9JtxPB$Vzqtcr}oc*Z|nS~jQZ4dFxx<yb)C%);Swane0k-KOn=p9zN$>H}})Zekcq
zU5IN&OuC);P#7NtnL}Md(*szSd^l0m^8}gei4wB*LNs>-tA<KpvMswe)X~~S4}-qL
zt_H%4frxldNa?bK_~Hf9s$nFC1KW^4*XWM-1<!F&5Lk=y3oAx&txsgL&2}@^apT(<
zO44KG8Wh0ba2R`)!Be}pV{%S{y+^r}u_pR1Wzjw-bo3IT4RaACSP!D;H4+^eM?0P#
z`BwRKz>jV`Ms|`(8t*HKsKIgBQ|XU@O@ti!XY((`E9xSm&*w#p=*Y*~xE$RL+cBdF
zocx|YUr>P9+Vfztha#R|h(2A@GItfgl-UMhUbAgaHd`6~OpkBdnhsR|Z2Xu2UkHoy
zAIOn%$xRh@Eb+r%@9(hS&6#f5{XxAUE{d*d7zS>!1SQseZ;{zRVZ;8*8u(qfXvcE}
zw41u<TGh|rJdX)+*RQG=mvQt%m|!1yS#2oJ^kN#%{{$W6``Shk)gBV!&WFZ4DDDan
z!j(|57r10zWH<lXj<OWqeBvx1$I;($Hvt)8Ss?$aX>cgO<ivN;BjBRIu-rcV8yV!=
zkS?I}>1zTLfs4u*H6^~mxEq1BSWbE9*#))O3Hy#`E&eV$dah0Z+{%<wrp#m>;|C13
z9--&69x!sM;Rv4=h3}jlttGAk?^_W5?v4+R8*2bO+=R$?I3`aXZYoYz$S+1q#B@i{
zQ0zgk53k>R$dor7%GHPu@81VgF?-G4Y_seCRy^63_LhQFlj(+~&ku6agMx%MpD+0C
z{M#c>qrdRP1yqK5uBg~%$lu9-zla*4F9lC%p0Mv7OqB+~H}lozK7q7jD)vi^CpiBY
zN?Ic8#})5BHOo|*w}1SMmn)P)cO-7ktg$)t71k?=q$^%PCzWmZ?HSZr-C&5Ge)-6$
z{lNKai=8D)D1mJ_R1S0ktDS(*=*SJQ=+d0Qjr_byXTegWGLrWBYh}UCs)5g`N8R#w
z6lVNKRWm<QPlG$=UZ0P#nw6?|)xD4%HLB2CjpZ&Wg?6!@d))Y^ukd~S>(S+rAS-Xl
zoOMC)>M<V@;UKU0#PeS!9+WYiiUZ-uwexq!3*d5*{<JLQSZS_;@h2x1dSq+gjY;zJ
z`mD0turB=AwCiyOp%(@*h))rbs^(c~>Q}>-nMF+>Ec7`06Ll`+!GgXbsCY(UZj}X(
zc7OJ@Z$_USNZq|QpgZ9^$zl|Iied2-YQnAd93z_t?*1mdEFKzh^u(M=H)@M`YrFXK
zV4W+51o|M4mFwG*=eAwKragZ3LkO{P9a!~iQ9FN;dh8wYxB7LQ?5d-52(!bkyZRh|
z{t$4qg&$LEIq$9&snZ34(MifRTof4DIh>T-9Z8&by59KdN+Y!|tS`}-oBwu8T3;*T
zRe2IT6zzS7i)6tp%y_@EPDonu#bY;`om7+5hswDboz)xsR3riSzD=cXMb)@a!~g?4
zdSmE#8hhho@#w>LEP7tMyGbN;1hCot@P~5d9M$@pWiVbhf4$-T_{)nwzUvL|s!X{V
zxsukPi$^8(G<F+#FR(9!j(RNGSq5v<9aZ$>eNUimdUnxX6Q^-u^g^&y!>)ZL+30VN
zT^%W*VRa!Hv$>FRkoU0rX{>H~Y50OAe=5q2<3igs8)-W24c_sN*u5)BZaIR<eAI!l
zkW8&r?_-g-=E1MH16d&%Ne@J!lbbx3HAjfIkgMHdFzvUw>^Bsjo9Sn<t5#M|izk#-
zG?HgJ(q_TWr1eTiAjW%Cl0{-(x#1`jbs`X6KA~pSLU6-5dVZT2hW2Kd1NUDs`<Y<Z
zC-j|Nd!dTU@$TlkzheGk7%Dy4y`dU6hFEqj=YeEoxE9+z+(N?+M`G5X?-As)!R&^8
zV2l$ZHADEY-`)vZGr_o>-+Avl$xtbYJ0BCt_G`$f!LIqIO6HTmQ%+hXJa4XpjO9h0
zM^o2!R$^Nw7FC+!Nxn!iLbByhqmm|e=Vc`PC)%p!=>SmoyR!Qe@F5YliSLNO*wiG4
zi`t94u6d2K5Z!HF^r~Zz9PJt9z5Mzuh>UUIm*$%+#@LKJvsVd9SRkoK?o2TL%B5j5
z*?tRI;oe+mK8(;la6q!6ANP!|T~1_rf4JH_PcsveIYr$GT6|Y7#Oahf^Uge;bW9O8
ztMV7+@EjTiX$IvDJ|S?f)1EnSyqhuBYWw+2gH83y5*8B2szJ0}=aC~)REF}5I_=T@
z?y&!1<Djcy^WFJJcIUFicka!kX_XC5W?)-gE)kS^wiUiz5A)*Slk3d`a%OJPpS&nz
za;P=@pHbvsIYV+dU{&+9TFTeoWt5VR*`QMVoWN~eBFtMCLK)MCl|e8^P9u`>MM(7^
z5{;U`Wj$jL{OPf+!}dY+j(FR4hM98HJg|ocm7>e)oz)gIrT_f94syaga06v6{*AZA
zLt7hKq}!*n?6WT4xp%Dzum&7NIJs=Pcbor2Zln>wl^)LK@vsC(dRfAzL(i*vx@M)A
z=Q_V8ghI}G&A@e_<8E8uw;CArd~v~tIGDw#`dZ)hcdMnaxk5s6y!Ss~P+<_rP>Dr_
zjoy{zDIdMAzhj!V^}S|-9X22qwPwI=HHO!moEqfWgHK>15=ACJh7E>y{747C@{Ysi
zzY#v2qh_L=bl{2E+nD4&M>Zyljl1`hncaE8Mt)q4L*zMIszuo_<XSEUDLdzW^6q|-
z2*)M1f>4iTuwSr!yJIe3_)|{XA8e{qIllGGfbj$Q0@!eiLuc;I$OBy}O+iIwFAJ10
z373ljU#beEjZg;#o?c`p^i-5s3esGb8$3ebEF)oN<LcGAW8LuuVaXTZ3^Bzjk4*Ih
z+r&^TeGvNtlH+aOL<|eW8OsE6TIG(cID%OB`!zh`=Go4<gFZW^IkMY^OpUC24<UM3
zL?%Yl#Y8q<D?fXl{r-v5A_1m#+|QC5igg?jSW=2h<hmVPl4{w}JL-A~!^%)I-Zye$
z)qk4(qL{-M=`$>Zv6Pe5FI0?8wecLI9Cx_O#P*?w$Z<!<pQ^=^Ak~1qccqT6S2PpL
z`T_KCl_}-elC3Fh`rqGflAWt>RJ?+$%v}y4^|gHB5NWB>tMR_8uT)tq8BDsob|DM9
zg6sD`vBoJ0Ql~!boOXhGyRmWRLk@SZH>5Q2(!(8eKld(h75BR(d-wf(T;F44cdnfM
zFFx<l)3OX{l!(^FR6mXIx&<lb1EtH8R25RyK?WtA)8@wjLHiI#!CX!$Jx#Jt;&JJ*
zV{wO0I0cH#**Q#t<5NRmdm<w<SF*F8v3b%fo(Wt(D!6{Aeo{KB&BzPtBKF`@$aAtV
z@hU(nO!exGeUBrE-%9ME#M6VM9wVBMv=5?9=)Dd(8KCw2?9G!pCQre4j$c)8{sBBP
zsB97>C!laqB^wj+YR{_68;X*f)f-A&>}(MOm(@P`U(&t(j%+28?hjkRZ7wn3b`_pG
zGmrKY`4}2)LfjUMu08t?s+3r^f80OxT#dZqk*M7}9sk1N2;yePKflt}NY-CgYRFTN
zfBK=yY0&ZzhP2oceG$r|U?|4-ut<qB9IoJaH|?8$PKqNqOt5o3q+sX_-tM_qpa?L0
zZ)MntDXiTsRE|w0L8mbN{F8xQDXg9Im4`KBo4w)PP#-O?NAG_>jj_-*6!%bl(S>nx
z2P+Zrc4{E#th%0b_Xhhfk%z!Dy{3l<&kt2~>Kk9X_t|s^;Yyn$8&eU9XPmV3@%To3
z=I{TCCQjq={E!;&X@-}lz{n7d!b9R|G*5^%Pl&=tT*@~0Ofd*N@a2?w2CU-D9V{o9
zPHoFD+mz_=!;GE5ublGR^_OTX|HXp{3_-)F1nwC<Nu_3Skkh|#y+3KpHAyui5K=RY
z>?~n~=ROH(xe%(kfCvkNLWAbAquHw2CAhjU!(%zIGf1>~c0I}lQLnr?mmhU~o6PbZ
z506mKB&emrh@^a<I?P*IR#4S;#hH12^&F23?2P^z5k4opOzuSq?c6Z`6b;hcv<P$b
zr6stV+NB16+-cuJEf+^|dcouT01NWG2qfI+=9Jl#>;>^m)Nr(7hNGY)gG4?=uJ{b2
z@?d0&k&g~sed7#K!gr4M!QaWpV5ahlXT$c6%glez(z|h<DMmaouoJeTt51P|;b#~2
zW&FcJX8brs?SS|a5+}0<Td&cco~}MU0)`&RCFl`ExIbr}U>y~DG1J!4Zi(LMG>94x
zhi?R0L!Hex-gycnBtv8A4GuO>aL5oNqQ?)@MA=XDs&4G2nvwJzwuD)+{xRml5-HS|
z;L*7ywrP^af?sv0O`$^)-uKf5+nZ>V98}DN!$LuzX~@DjXo10uKiLm<w0Lnzeq|uP
zB&KiZKKO_-?-^CAYy0C^lpUR5a<7*TOyid+<vTTqkCK+E-AzUs{yfI4jK?y#6V}ED
zntiW=MW<U)8;BP>M6jr3*yzLF3EF(`TnSg`mo?qI^4|R3)3>wdeR=<YrhRRoYX;74
z8;jxo&|Zy`Fo7_CE{X;|joamn%w|;|{&FEU75Gkbdr=srB8GKv#}g|JOcoxlsJ(rO
z3H;KL9t6Xo$iUqrc2sK`hGzB|LEf{*lZS^-YHnZBhx?#wiqgdm@vJdZbQ!^v9gyWe
zC%}ygk(}{c!=Mp`A9yfRgq~xyZZ>ycy$e66fujav?+k+R(=kco9kQDOUw*<-pJVTM
zkH3$<y5G*Xw=q5qYh{@>uva+!8P<ON;=KNT_L4^YXUl&E#0}k4KYScp94XVlgyG@v
zQdQTB3Mj*MaMXADl)lcC_q>GPPlny}7PNPwW{_82{$m!Xtl{>?K<8oJy?VcQG5v)J
zHE|t|>P=;$qgS*O&w5?1MsNe!$b>zOfG9ltP<uyWS4aMltW~2$*EH1HA1O6WlM;B2
zNrpeeWBsYsLzW(xKZ|@t#3W;OkF+y7Fv9+al&|Z#6mL}Ge&?))r8cd#WfFPk!T5}B
zpGdpn(|-0D-Ak`G)382MMI397k;o8@wf~Pld)<EG2Elk0`A84G$$0AdK29wcWUN!1
zWEiA1;>NFD5|IQS;t#Ub6O8YX4v+pL5%$6$0G?+C?lpTNXm?$nD{5x_$Wvd{6Qa%t
zyw@sfdR@p<w;F;P&i(VjHF&NsUx3eSy!}1(1jQ{j*8sy%9DerM+eEHQE$d}ZHUeR9
zhb!+rDmVAg$~>glp(`XN892F6#{)lIvW&oR_{t03E?kTeZkd=|+fYiX_%`9@UgtM|
z-xDS#-_tL>HR@eWLGyL0Em-xvCi%}!y#C~A;GDql7;aBp-Kg-ayZ*;3NhX<{qTZp+
zM3-uyt?^YuUCWQ1=8Zj6Gex|oUAa_mxxn|pC3Eo3RcPr)UwpZ?;8!fMJ5>yW<LIB^
z<ePu!S_a3*$M+M{H~sidBL$zjY#6w&YaQ&kqXH}v3<lmx(yG2mu;9=&5`<rhh8MV9
zhu!=LIglmh6->Sul9WN@$t!g4pz7QdVL8a!{ZCNY9u_nRKO}h<t#nVh6Z7q-u7!Kt
zgTA&y@S8Sq`-xFk0?%4Etzs{Eu9WygY1DIzC{0$GDfWGSv;w#1(1gEJ{s4SxH#PHl
zlh~Fp@e7l27cV3TO+No?%bG)QALSv+BOY=8nyq1sVlQ~JMoeJJm;I&~t+li62W{fL
zB4lk}=wj(>+n7&@fv{<CypF0k@1&#GS)}JtDH=9EFYxw%37Hh{^{<S%2pp$#0dB-F
zRRdoVbtEH^F~8xc#C#m8&Z}qcqsL)*{(DpA+=iYKMJe9zrH5C7IG58_#Oq2gY$|US
zw$lrC!OdPb1F<b=v=PadB}0Te@)G!I1nCjs_Nz(P>5cJOoQAMkHsSGF>WIW#k&hl5
z*5OY1BcAk2=o-=g60$G!j?S5D`g$;Xmx|XYhc11;<XDEs+i30x6%OwFCbEw(TNUVt
zehChBPXMn{(xt>#GuPt0ZYRBCN>Q@}1<QmAL}PwB6I|DdF@&AjP!aeP2d2v2Eb|AA
zqx0CDQdHMVd=+6zxwYgQ6hiV)U){;m2^C1A;Qe6Ob);*85H{79EjM!kg4GvTU$sS`
zE3525|6)PYu1)XrZHWDadL8IIxB%HBmC{hqtEJv|e?95ddS_NqV0l2$cg6w1h62Mt
z`wxcxN1xX{_htD_xzi?z`)BuQ{+xK-E5-Z!4l4u~dW`!8iU%@mDl^WT^%TX%JU8%O
zQNXMVftJs6%A;1VSpRkq9qM{YhnDz{o?(SZQzW>5QfJQ5q$I||srSqI5I6x6975k~
zJb__^Q^y@NftQb?+no~b1xoA9=wjqH4rv%`J1+w6pCqp@9&Zu-C+juey3sFdNMq>9
za|MhLf`?+;Y_Leo`(>2Y(fO5x&t6y2y@ko|@zaB(Jr@YXoKFi#<A6Vw%mr>ss>j@*
zE{hE*4GMAW97U5Y!bnF9x{zMjsmI9w`h$h6p3%ZEL6pCp6`6S#DW&<8^s64>>Qbvs
zJ;6e|rQS_j?Cp1`&(QC|4Z44MlF79%Akx;Zx;~@CfewpPOjJ|gMgqZW8eK>m;YcvK
z*49-tehx+thxALA=A=h=>|gYB%!whrP;^fn)x9d(6it)1Lw-@5^q6pN0c`#=%99gp
z1j__sk46g5wP4336@>QKx|(B_?Cz=>7ygv+HusO70)dWGiU>Ejmlum|+B?b}KYiqi
zaM1tSt?OX?4UrHdws3EA+Az!B7P0{Ee?&k{<=ggSM;SXnZ|NL_>AExBsUkwKEJ(hb
za6?a66381n32c_o`aneTDaXSEGy)?cL9|}K2E#uS>+sL%9db);`xFc;Pa1;2mPa>y
z-C@UW;3NhK5-IK7JOT-D6+S)}`TI^sJoEZx->v&RP-*O@S2Sk8;sxDaOO<Wj|8PGn
z_3G12F)Tlm*OA~(U_OU1;e7(^Fj@7r%TUc=IC}Cj@G+DLyZ;+qlY5F{-rmV6+s5<Z
zCQzUE`_aCPh(MRSXvw`lM41mmVu+L?VE^4?11xKnQ{cd*Z{e5Eh-R&}RrO)vlhNo$
zx<eA+Kv?u7kRWdoTh7UUzxN)8y()2J6$wM?s8)2r-emk*bSc;dzj63GLf@`&vJIUD
z$w7E7f$RTdvcB(fBRAsl>GrbaK1|$=@sJ{ktQ?1!t;LGlDWNZEjY(MKV^>E!Ok9q^
zDINjhpk*W)%HPV*#;i+!5At2gb~VmOs%qQDf2B`37vZF?$cz7ranc2wlkwYRO|NuI
zfcddqS|Nwtbi<8`E$u5v=tI|uW@O3A&nvuD`{`fl*En)cs5>^(+H;uD6dn0;;@54R
zdpS(;t=({V!}jgISN$G9N^=*;FC1mo-Pn__sJ=o`Y`KfVVI^}6dI`fBjg#Nz&-6SJ
zJPlF7ex~R1=!6VX(hZ;U8U^hcd~^nyg{fCoXHPt_-O0c9qjNpm&%cJH`vm;m?Ij|s
zzI)4K7HLVuqjzFXk^V36AH702AneVLDIL6#Oe+ppqvrC5=pWf<y^<f;ZpIAwU?zEu
z1PQ}SB|pUQ?U*;??6=@dqVeW?Oe58uhSW^~k2bGyimqZQy15H*+4_^@ERJIHKJi`B
zCqYSG>XZQin^kozUb>N%c-C%@x^@(~CmgM!?ycM8kE{tLZK63R??J<G&b27}G_00p
zo)1jX{KuUWF2r|Nx(q54SH77Ti;ChC5n?tx?fou3SlSf&iECfrf51^L!OLB(ECnOF
z)yTy78t@fM4&UM&cyNic?&5&58YIII$nxVJHTIiQgAqMOoms_=8%OTg64%-uw@ZO<
zMN;7$nglUZI_h7`z^)?Z)3s~Nz2D7K=yI&GgeaQf()X_&fcIW<I+Hx_nl~!N&tLsT
z?V~^5=m(0uCL#aJ{W#fc8F1w#JSMt&?K^sH*VQKY^w=~rb@ax4IZpJsG#DpAvl81&
zMhL?HhL~Gw0labH&}0hd#Zo5{t~`W>KauhA$}w6OJU2yh1j_Q|RtxRdi2jNi(rvfD
zvs(Z1<3-uYR|jAFr0MV>F%scM5W`5zzHPF=9Yg#a%{t-r4>Q=mCJjNwfaSz`nRd)3
z*Z<G$Q|9V^eNzsB=fh9tX0IG=$5%eII+54h?^QlI)*Wvd@H@VrS;;zBswGjq9TK^Q
zl%AX&*)R%uj)o3C4d_MmjdCs)(UP?TZyf1;6`p$75xrV5<7jHTzoZy(KHGpDF*&D;
zSBvLzZ}xx~JrJHKrPRs^NB^;Adt7toz5V1JdlP)K721FN71nvp3GaBCVn0b!!-oO8
zJQj8Y3`%4sm@_&2HfTF>kO*#-9y|`-u}Fc8=9vr;&MOTbBg6<?wr^8JuZsACaECR|
zh!fT#^gE|ooW|%5E*7uq`mgt=P^oh<4%Lo20>p<U2Z0v``4X;kND|hBjg{9qsjDZX
zjBhcpoN1=U?5c+)t6`#7C54W8`|=)i%p2}1pOe{}QK^TveoK>nO<nVMVD*lTVXu}Z
z_4$CSQ8ulug2H#FZbjIB@yVM-Ej)Ukfh9P1Y{X(qLgGri0FDluiccn{;>+;DNWtAv
zvlqps0iDV34*jeexv}ljgMF`Wu6{GVA-X>4PELhlHV(R}YvNi*Le4BAD$Z%A%)u<9
z4-rx~n?7j=O*<xSV|iyrH$=Z|3Xt6jos(SLllewyU9h`wWGCOXcG442E?L35y=XWK
zdB*qiduiEc7LJ4F-D0GTO-Zn+q(Z^;P23alMW-VAscQ+=o}J_;)F;WMq&e4HL<wtk
ziAODQ$_U2E{NlE<(tE3re@W|i<cJ*>@?&D&yXr3+eQ$efTOHKRdJ?5ng_cSFlkKlb
z>)e6LLz=*spkM7zl+i?RvOT%CDg`qkdveaiGs1s$5}BJLHInw8nY1Qj>sIP#!OIse
z17=zVGR)Rp9hqpG=v2OLe(D#HPe;p?gRuzK^F3(EWPxJUw1{$;r)v4=90oRtjAw6n
z_1p{94DI$U8UZaSS?4{r`^K0UIbXGu|45~aAs*5$>T)Ic=CjBTsrE~#hQ?8Ti;tXA
z4Kche>c2<gSEYA~?>5c$iFPt+CK7YyoJ+jG_<LCgbQme&`&GYCYB?5@#B{yoOL$=J
z%{%#(ao3bTI4AS948ws;Y$J9rhr|O8?4{%z5Z(Uo1TBIGntbxog02w1rSfkfZz%!i
zcVpP%Hu0SHF$o_=+JKXX8Sx8#hetCGr~qPH{#Pa6WFsKp=7!u8_AMNl^!b-%_c#1k
z^Sr<wVm0H&w2G;{5x?%0%`)*JSqb=;wl5u%cV#j$2`%+N=^34?0w%@=5%9K0xxv~e
z43VgQ>)EX(t^L*l@z-j<x_8O7H1~9CG@yw+QOwnD*TQ8h6&>`TBlse=;gImB<a_pS
z;ryMZ({D=Yw(?KcPN|w5lb^4cg?@=x$cSJb535lz*Mk00+gk)UXFJuG!j^eGB#jKZ
zp_8RI3Wksf%B$(I(e7=I95&GnZH9~p1@80uYS}-J|In4gibBwAa8DuUz<7Q=A9G#{
zN8kTA^nHtJ#hKw!FDTUXOcUEhh?u-HrCrH4e4b%!pm0!e@mJ}!!>hB7p$scJDYJs^
z_ah3}oAwL(>)kPbkU}{2>w2z>rEBiJyr?62v@U53F?o7m-a&499NK<oXcgVy!RnOM
z^OOb7R#&7g6;XCx*ipjzj+Aj>&a#*F1?mW?@c|Q-zryyFRB!PgN>`mT#Mk2i#4b8V
zP->09!geQ%$Cv+O>AK_De%`pERI6r{)UKlTDq<HcMbXmQd#f!rp=y-cYF4aTReRTp
zQG$xtvA2qy5-WuK@_oI2f8_N%m*?)ub9e8%=k9Zt=abY4Q0}5K3yrTe{y^g~#CnS?
zS0zmMWJCH^<ipUa_$ZWh>F>y77c{%(S}R`gwix<WKmuIC*y6;HVHbaVkRrSEsuIb4
z+JJBBBzt`rWe5K9cuM)%0bpHO;(q5=;A;~32wC`@)<FnoXz@%50m%Dy9`to#o&i4l
zT9n>_505;Xh&s2Nr-<fwX}eykt6llhcTIEC@P@7+G*ABMn-eefE$5_fzhCO1<G8-!
z{k|cyyJn<Y+J7k!VdiUILa{R4=MR0PvWa_T{Hcn=HRaJ_<TdwD2CZMxqrL@i^`(U&
zc`b@|%lqS|-s<L#;>!w==|97}xcwmxV>br%NDi^%MfN`hF^eu46+IyR!+^sByG5DE
zs&}f}(ThimBB`!C))mvMJo}kLW|Ma+3?lA$4}cCdx<Y!{-m0Fo5wbKr$$36&`(d?a
zn6=Ahto$6{^F`feb2#F!=*5EfwjF3b_Ry^l?Il^D+{z_ZHVg4vcjO3(cy!@HP^6z3
zP9B>A_7{%mY{<B!mFT7yf%-|%`PUB0`MrgAYV75ij^Sn^J4fB+{EL&E`>!hVKK1P~
z3d;L5+&Pm8h>@YiMNBv6+czDoYn9MQKBfU>D8GyQ2>*Oa;+->FO*U%Zy3wkX&f|?v
zNb7|%mw0AuI=|jJGE0@S2xxusYQ62fjpWejVvClt_~QU!N5Cr+((%}B=_ias8pj%h
zOM076xn)8N$!@+AY_c74x$viJmjRe|h|<Xw8`>ycjm&P&Z|}v{|1^$zawampDkI{*
z-;nm{73{hW&+dh1vwZ1$nzZ5Kpd%dlF@;p;*HaYfi{dH%%*dQtUAovN<ouD-)s*7j
zC*w%XEBTiXXe(c<jPbt()akHa%K!a1|4rY;IlI6}g!kj1_MKZK->1KlCO_)-9Hq)6
z#9f&S_TGBUgH+5%onPLp4c9uLn~=d(O*0l(;vh|@Q(NxFt>+Zxao$^AGQ|pf<a_9c
z_G3&{zxwJa{!HZw*X?^FqPPk#2Fwz@kyxiyc6cSUK9Y_T)iM|sz8dyqh}|ySR+(bp
z$VWpuF`1m|OK9kCb&}87u{UvMCFMy=mLITnFOQOXnzwcLlfZ&t@{&vX!0*+cQ)U(v
zA9>h1B$&M}V$wByILWR5rQAM8TJuLbo{izmLwmQ%oa=<m@VEr}Ql{d$eqHFK)P>WN
z9&nsrxuUTO`uWZDCwv*z%~w+V?t0iC_JhWUSdX*u!If6?#v#idVei;7^Y4Q$IZ3_h
z@Jj3xyM9eym%;j>^%kvdrzxyhHE3N`y+e0=%3uond^^AIszB^1N-V8mQhnnpXuc~*
z_FP#h?X<X7w}I=X?CzD>)%3m+v%MtN$*v|Q$5isP?t?qK9MtuS!?Lm5ugiZiggsF5
z>gh8viDOpnenltSkm!!OF1O%Ku;x(QoJ{GKo|wWcqti%%UXW<SUJTY$ZnbE>`dzSy
z@Rro<cn{@)bBd*(EDYh+yR2<FvTXYX!K<k0=gIt{>x#jqSZ33iMCtg$>3E+3LZCYI
zwgsl+U`N&BGx%L_QuefJfV+9eSKF|=bxH!bE}2*b@Ah2j8|+0lZa&fLq%}!R$_xBf
zy)4NUpHF|&g2~O@b2V3bp*R43RvVtJw4=K%KQ_fKvKk`lV3MwE%TG=dWUw6`!gUW=
z^XjgMGi5dVV_xvH8!8k-c3HX7Ls?GtsXD#c+MLWmd)mzVVqxltOQ%gChh>E*)cK#C
z{s(*OU$Xlfapc@Sn&c9XM?t1!%XVA3kwQhfAkz#+Pt%NZn_>R3cb_EX{_GyV4T#82
zpYb+++F&D_N&j3%;6-SF0-t)Y+Mo>fuQv_#pP&bS&5p+}WE~82*1W8T2cHAFHpJIY
zsQ{z%;wt!eWUzjPr>Z(d<4thf%RN!^uZ^X_Em2M|8of-Z)ePB2>wc8kRtjaoxei~c
zx_9{Um8+P-1mkw+wbpjZ@W<u$?~!ahv-nSdlxZ`O3oX5xKJP-qmqVEgM(a{};Xx&3
z<9!wKQlbw-_rJ_&s&}Y;>9m0>ZS4*63M8mmu7&WM9R<Dm=ghFt*kZ)`CFHVf{8fB5
z-Z;0$wpv)^X<=FV;%tv%@!^}UH%lM-Zh~noeTVA4h>MZC6amrtU&3CaB_rj@Jmc@b
zD*8w602NmKYzg?mYe4REpjjXSCV=8w_4i!?iYi&1%2VY7F9*^I*{VluE<4J;O+U?b
zH-cn=`)VfK5v`iSC8?wi#8xUQpX}X!k-a+}unHyJuBj3Fi1Gw~+;dLGwuK;TpSj>4
z&TRdqo5CM6Nn8?bD)@8+uQZO&OGn)-q5lpfi4|E;ZI26h6#u@Z^TgZmh9igoJ3~6z
zb$N+(^UCe=-J{FNW75u_K^@Rr1xF7*!q)9)cAGMjCLKw97AePorhmpgsKDlUp63JF
zM65HfUIvvu)4@|(%{hFu&rcaX8Tn=z#%MLdv+9C*ByKEn%c(L_Ea>}Vb4#$ol-qrk
zCH9(>-DPIMY3JL|E24|XxkpPUzo8~~)){tAnnki`fx}-KiB&417hh$D^u%uiZqW0>
z4#^UgKOW^T4IF@%yc}NWVo;W=n8`|~8kR9b62XcOxdn_7#q7k}KW=RY@Hs*(NQ^J<
zP-MJUVekC#=25>?0p%2DUX@GH$A_EBOM|ZEhw~y?DZrjDjc+3j?zg2F*vQ9*t<3aO
z62AI*G&f?FbTg1myR$mFGJs;O-0r%}oQM<$p6!T1^CBrlE7*hz<J==qh**Vn)`2Xq
zd(SPVEBa5?7A|gBRtZm$%juD9@+<yd6U8>XKX$wqe+K1H-S_}_6j75o{>KTxN~ITE
zXRKz56Zi}#%G!uX6}HszG9=}YzxmbVC{c=goKryPGSBer(6MiN$b;^g1NB7ljY16E
z=MQQWSC>&#9{i7@PU&p?t-}S;u_6$5E*WnNXYz-jKhL@hH`Glv{k<QLWwvwAH{cf8
zBGG>T+~toP!tFgb^!D0R)!I`Dq=lVB1k0Fd`l6AUa7oX;-euJW{G;XD(M|`<QwdSF
zv4NaTy}RLNotHy4{Nbg-Y;QC(`!sjZ&{grGk<?iE6#wb3{XUNqE4Y_K!u-<!rIf6r
z_m&51$gt|5)B8yblL;i6JMA?Y69czB+-mGTeDeQo+kc`NztF$j!LIa&($$ok+(#y7
ztXn{0NATmBH%0Hp47}Lo>s6ZU+1|Zm#zEndfzO!E6`vzCvD<gH_}5d6<UlaaeW<ej
zECOWPqtSmdG#tqCi6`(dco~!icyEITUi_v3pLip9Yc-DJlfvi^Xt{Qiz*KCuYA2b?
zz^((Bv#cj{Sx#p%K|=8@wHoj4$^+nxJ7`_7uw@R&7_fo+M(^kslW`Z4f>{QBZufHd
z>_q9MxS1d^lYr4CM+BgOjK9283fW%2o)T%eZXF88G}Flr!muBu5%dRCkZ_t2I$+b}
zGLX8d-IGk^gfRw`D2<?AFb7J@c)IVf@_KDNi3$>Z^COI7+hxUjRo?uy5`q?p|ILhY
z(Sgu>Pmo!M?`BCOl-j&hVjez5%q;^An@t_FSm{W8;9lZs6Wxi~NPwC2GHm(iGAMph
zMS+QL3a>S$TLoG@pdA0v&5VzgUXIe~5TUz-bXTyR!LIV%35ofr)@wG8j&%2~L*EPE
zFf_2me21-!V2R0(Q92;1+H19g=DSj}S4Qv#rHmK!^)|I@SLkj6=sPoNI1)yS67+z~
z{PGIj@6O(4MTtx6Je`P$Rk`M0$oHj!aK-HyF{8|vff5klMkE<2;v&=of>QEdi>JS2
zTE|IyKrBNJdjrS9F|W`-w9m$qmxKl=Zn<~4$jAaj3m5W=&;!x`VAvZJ6=WuAdu<q)
z-{<ZDx$pj8N+<^7=K(o&hp4jx<$?xe;0gKy6A>wouSGtE?sjowWWpPEx9Be05-@Vh
zz|1g&OO$)14Ckdf^PZGPWm0S1R^;|y^=xJ6L4t2M^PV#~60uy@Y_`T$L@>gnc$D7A
zBW!tXGJxW`r2ElzsWcKT2i8>aN$jTRoT6;`<&{daG=rej+e-NQ%ge%ZHL~8q>!v4x
zo@b}$MT(;K>LTVfKZ1_gF;*HOkPGCEa!Tn21Pn8yh@=r3oR>;55(MBZB}^J-^kvV<
zA@bY3QZ<4^MKv<r!W2`!G$bWp$UGqA__c2A-9pAIkfL3#G~ycXxfT-j2BI|h&I2NM
zv(}q^(49Rghd6SF%s)|J$}aYxJyDo02l}5f0^>ToU=ZNS6Q81P0JcFIvC`@V)p&|v
zxBD)QaKx{@mDo%#K~iEnHx#7d3Oc+yJ=;$@4OU0MPZ-eN;nLon(#v?ybx8{F;@RHt
za)7{MfVN5!7(savExjza6w12w&!xa0;?e5WYp0NvRa`-gIwsfmy2(kvxGV#CfnFJO
zmu?F+6&+rQej9?^K0@mqFlLmfG$MrxQWQMUI-BtIH8LW6C<uBmihtcNvj_`Jmqt``
zAv(02s=Ldp{=ouqF>+|SOVM?fwS<P#n0qKAa>QQH09IRC$E}_)+>uJOCx6dN*X5^l
zS6L1dBo6yzV#lbjVjp?7N)tvfh^|nA2F0)pwDjA6tai(k`$IBMnexA$TKUx9d@n#5
z06#?E=RQf2Li8*H+2w4eDHE2A&gm}Ym|d!*k)QwLcdsCTSmkA-utS*aNO<~5qA&W*
zIaBU;a{8~Q`FATpXwB0d5mJNHy@XR!o%}<N6ZdclXdg3*QX0V;>3&5nK_{~e9BB8-
zko8=il0z`KL+rk=QNAAU;`GeBTedFP=yisH1-8;VauwQ=BKnG!fs>0sW(xCYU_*!3
z#Hbn2gD~={{2{c28h;_wczpEE<)W#+m&M>iphSn)Az|wbx>v|L_ni!aP5@mw3PViq
z^kcc!FfeQ)v*T<y=Bjgp<u447|DC)@|D=oJvb_EsgxM96DviK<t>d!Be2E>c5~X#P
z5-_$ZUN^7Ic2D|RHzg_@oL-j$Lbrbc9(QhBhr|R!bfzO>`7R%a`-ePbK-&_FK+d7$
z#)o~(RO7dsEzuZQ@MmTZ;0t>7EZTz;*p+sRCED-eba~mUnlPd1pITY{3@z$z_0!}>
zn7Tq7JG?9o`eYK`*jzPDFr(f`Bb*~|*u3&iV1e1ps8JSR*ti@bkbviR1U&ydZ@QM@
zWIz!yqZpTgNvwXWi!Yqox-~+#6B_>3-b3-Ighd0Bf;Moggaio{1QR?UGeVfW-&3oV
z?Y7?rAI#``9ijz1ZwOPU2`{29@^D+=L$_SVf8!J+Shzuhvi5*<`EG>th3oIJmMz+b
z=uAe$mbY<kZ`9~i0YV)&TnUZ&&)RUrleMrd;ncvRQVC?+nK%Yw%BS$Cq?JZKB1c-D
zCZ2Zo9E!<mQ<IhMC_OMDJPQSz@YV7tp21|7b|!OFPJ)Tc47L(L5N4D%=jFq7`PBqa
z8na^+395eCOYtwPTzfJi#W^UvJ6rAv14>c~;ot#L<V9F>21RuPxR-%))UBRW_s08U
zKsC~cqR(c)e9$UR8x8dE--y?pj2L&mq*b=e+v^V07rTC}wd#5TYduJoKt(&5X8gFt
z8@v&+kN`4?F~JPzctFB@H*g;02q!d<yxpt!evqh`cG&wd&{fHLWs8?P2G$CX1*ya!
zDIl?4%RrY!AaCRk$uQR=m<&EyedOQw3WtDJ|BkRx|D;Lg6RTCS>(KD?vy*on)b~2Z
zwU+~a>vYu6UxF5DED5Oi%8cHNJd}Y`*7q=@pS4(8dR_PuthV&rm~tPBNMSzFAV#r~
z@c|uYfh%V)nZ8)i{lX2muEZ1A+)4t0$43EIPGEfPUf-x7HRp+#GIz)k;YUx%u2TzE
zbo9MS=YW>yux#LVx6HRU^XgL{4TClogU6yk&k7r8P_iBnQ>wO6O;+GW=LRmCnfLWf
zL@e`(_9rOHjvsLVCPj1+fYV9uXb}VD@+89%oaryGt*GtyF`xu#MA_2+oiYm06&#{7
z6A`|1`L$Uo>C=Ym_pDthgdqV#`vvbMDm9SmoF=xmBS$dV;RIjTn9$G|KzNoka$(8H
zA6P4OmUwz!+Q6-iFnnjaxN55v(sn21ZW|n&FB{ePU;5a^EDL(3DlP+Syf;_?-(6@>
zam)X8%%Sh<;)<Nke^@prV0n+^HsUD1be+XvBR*(DerBsXFmj9~T;g%?hN}l?O<rYN
zz7H$s0m*M}9o1k3(syn^c3>0|CssCXHz@@*OZi_KB=uL#))Fv6ya>|5k?ike^3-`i
z{5mX~;{htE+oQt^x(WNg7j6iS9|sUTk*X#4_C^j1FzMlBrW<55aKmiBFPr^4UdU5T
zmw>6k1PP@VUN?8-_Yy#UIsdgpIUup^Lv-Tukrb78(j-BJxN4XBYHqs%1A3Iy;<!<I
zS)6xyobyrLbr75x{Z5*|w_!OX=(IYILVq93Oj33Eoh4!dr4bjD3QW0$VcM(mO?(U}
zATz3_!|M#RF8^x#=|autPA^S&2suU7ONds7SDv$dG$;9quee}Eik7n(+m9AM+PmTM
zoo>(hs))4}PG<Bjhd90P2dqaH|I#Cy<xN~WM{kI>8vB=Vc;O4%s}VQ&c7|8#n;2QU
zN`VseUBIT$=lFFxEtolZ_O18J;!-kpxFNm`!F8srv?Db>@XNth9c#&TABUf+u_Ofz
zUlggrKstcwnBSZm2YPL0gJTwq;&<=30s7p0@2>~+nZg>H<B3%mW$i1~SRzuzrP3yD
ztEgG!s=|PYT;yKz`$8MmpX2YA#XHh|R)uZpnF!nU&B)rl0}<xIZq?38ylHlwL9`_G
zP?msqRVdH`-E3d=T>hrG(yhd&Gyx?-Wh_2`@nV)3Bw4O^_gQU4#-iT#Z6wz<q=hcQ
zFh5mc;WT(2Rc48GP=|fI?;z85+L2seN`Bh-J55Yv{Gb38V8)w8tnVm)S=^gdT)0uz
zPCgpQBK}Ql2OF_o?Fr}H2t8zE^}@kT)eN=t)N=G;m>646Jy^KjJipxw{A#jS>~K~R
z@DP(R{@AWE-FnV=?Mg_+fYg3ORi4T?KW*aNRbE8KPSUFjC%3hhA22+>-;HtP&AT1r
z_)1UBg%3OpYnbOO${v2&Zv-7Mh2^t|=lTB$pz{LSu?UxRJrsX6#c9jdGB-n`9@P?$
zVi6DBNjrMB&h#zqD3A~QV(=9%NfkycY)iBr6EJMFo$S@34-4a<`W(Me(x^8$7J6^#
zJVlJ!ze$|y61|KQxE;3XyyQhiIcbXKeW<$$-nQerZXP-BVhLeP8;hudj~yOwT^&4x
zp4A2#`mPkRmA2e`d=qy*r)TmsK%LS$^X(9%y(k?J9){Uc8gCwcs#4=K|5x4VN+8v5
zhrh&d*6Y&cb3DNuq4_Nx55R90@d=1H|JWH7AXBq^G;z|ARb0m#AV8x&YZ|?t?A6%M
zxuMhNWv>?<!qsoG{AJQ!2M{9ojx!NW0G518THOHO#sC3XT-R#zPwbxLc@O?r4g6=(
zcf{%eXs3q<SZpSNG~ERizl_b8rebY>SH(E~g1#LLlHOCh{FdP8EMEQSi`I4(lVMB1
zaG>^}#_Z7})@qM8fgL92$5$(_4Cg}fJ^z`%QQ;*tk9ULg%6oTc_(!PqyVz6V@P5K|
z0iW`bb1(9hx7>{d>3~fh52zMB9Ju)SQUT`js!^cJQJ=7A_$Y3;a;#;rqD}`Nl<&ut
zlCnmHy@uL)<x&Q|GCjXrc1`x|)a8@G1%H`#>NDT8rNdDOlF#|Wo3X7bjfrTA`MEAn
z6KG|5Xgk{SYvZkEO8voP$)^0J8Rg+d`$~G*;cq`@!IoMR!Wt^DJ&2Sg@*Teu2FdGO
zcKcwTnYgC1+;SF-&nN~9J4JbT&F|HhvejS7I#HOy<RHzK$f=}#=+Tp^xr}iRS8kVG
z_jYvj6SvPowneq!-^<Z+U}<h=W>-K?)cptA;Nio)f=>70*~hL0PP-=UXylWF_ogr@
zYm%4xd;8FZuZ@gu0J%s)PIKpTu#$$U_3$kBe_3k|pj7kXrZD&aa%Rqhb5a`zTmiu^
zD6!9){v5VTYXtXY9EI1W>*}-DUrF&gpD&1?-802LJ4N|fk{?)@!fsg$<d+)EgOxNV
zLhXhxjAs9omE#@GuY*$`Hrt0hcKtg!g`Nc~X-~K}+c)0%ucTUgO@x{&z^&InQ9Jj;
zxk6Sk!@M{Zg=vZN?y29(Z;g2)Q<!6~f%CVZrls>&sRmZV7iP2k+WIxMgtoyp#~1x4
z`{r`4kWqZvV$Z_ZtT{QQ=(i%0`Yd0lNOhJ&TOSYu<xOoARu+)wc1<oVcO*Tij6iZa
zVGwtii(NjnFP*!l`psr|>CAGN>znRFb2a7%nko5RldH?G_Mzq)CSQd%KGiC>l|ntv
zeaD(-#f2#d<#yHDMYJZCo9(;x<)bGgeLI&7H78!1M#G)2CM8ct{VcgP;^xFBfK?La
z`j-E7<6BcTvNG*IV^b^hV2Q7dC^rBYcyI;y_HzN;klJWss%EK^lV4b#L`Z&Z{9vjU
zRtRF(zAh<H2%FR21x-($XcUxVZo7^Bg+zl!&2m<VdeHpZ*VM}G5=oPxpoG$!DWrWt
zf%e2yyBi=>Ij6F`!PT7XUWfj(Q}Rzp`4`*L@Ac8OM^yCQ9@A3`uGiHM8qrR>Ew0zm
zAd?%nZ?cm}k*6V8bM5<cmkf6RKTCBQPMP^Gma5BN`n6Z2`T-m<?cXN1B1%J-kb#Zc
za=QBJ3$jVH-ucKW+Gd1p)cw5iDFL_KE@7w954%>TFzFW^f-_U{?MuEI=E4ow1g+gv
z`*YTO*GwL#L6@b-vdZ%k{bdP;u5q@@NWiVJDMPueu(59@411}OuYWAH3|uLFzuu+V
z(#8614l}lg-3!|1h5tIp`jP*=d?h!iI${#lx~+Tf5+i(BLkiA~vv6zi2Yc+(ws*!U
z>W<}@pIF{$y9zcrr?||m_E1}L+e81jm2$(StaMdo#~O2jUN~TF;+S}Es;hqR`NY&!
z(dDZz>xARopu(bNRoObM+y|Lr-T#Pmv2HE4E4y+yIkakI<!ufpxRF5OI6J$y&_6np
z72#WW_xfs;OOBkbqGpw#M1oL@Q(>4O%uPOQz@lFxU%u)(iCRVfNJw7h+s3do(M;&x
zy_8iyh&U<w6zXSLU#)y;{a<0_pk6{L`{dC7G@DnV!{%`GLv5rxa&9+?^Q1ebt~ZG$
zq&v(6GEcJOF^|KiR0<?R5roV_$xs-9a3`}h5G*Dy?sCE?Wmn!yzL6v7m3n^Z@n2D*
zozZz5D@bX=#q9?56(c*rPRP9FSL`AcMmYL7xlJI82`A*PH_*+F_!E3BLFiDt;)3yq
z_rI$7FJ)1TAKO|Hk(qgXt)o1!7%wARxS7<7sV|#aAnlall|k8D<+!yb1~TrHd{P_~
zJAVvrt4gxHd3pInxoc94oC^%8at!rmQ@b=$4qFyu<N~L;u@8jApAeNvOIfBszNRR?
z7(>Zy*%zZIE;$JLPi{Uz5n@WFD|q@7IabiK343M#dC<~(-EzjndpC)#j~4P7PEf2E
z$q6~q&M`4Zu4|C8$Bl{ivf8Dxay}}nJ>@1=XhtlI3yeR?3qrIX@-+=@g@J$O$;r=C
zKf<TA&1J}~m8W5!3U5<z`^RGzo_er2-pJuiDs1HKEp2X4BPI-}RK?7!u0ZpuFBtVp
z?k)C4s6oGsYHJ_P|E9{IKajZg+O&xuai38{JPad8;K<Dxv%|)s2?alb7_;#R?I!-M
z>q!EK9U*X+^s}K_RbQ~zz~&W;3L71dfiv{X&#ZwYt1EMY_)v8=)Sn=3V^}~}y%$pt
z`*M)u@*Y0SZhLi25U*3$U5A@6U_2z6@xfJJWc;a{@r?%k@(VEsrXSwJtI)Pr%>?m|
zlxx^8gMOAvwq_;03Y+D{$OEOC_hN=pR#!y?Edwoe*Ng<(*JXW0PoO<Bb=T!43?NH|
zW+nX!8|allGrID<*uXVl!GHQ^){I5Z86!cvz3=Re9>KP~^I3}^&3?!!akF8bo|x{-
zI`F(c|5ho!=M11*o|R-^byZpR4z5hrJQ}Lm-+@_txz+Wnw)k-Bpv2elu&wUU>@Qqa
zHvNr3YUx0_@yIvI1R@gOj}@nup?$b-lrF3N;(N@ST{l_Sx{-e$kHfF?c~r@tMDM*9
z_aUYKeF`8t@cQVPPU-T=1Rz8%D))eo?D(HUk5UPk#wxfc>SeIX+<UDEMwMY^BKQXY
z@&UVG5rctcYrDvw_Fw<pZgO{_&ohU|Xq|H<vtNmhPhbq~-;sz`bq$e%5$f>S(SZAp
zoLLpI?<`dg(B=!5VeqV#SaNX+-_Qug1(i@;6aOn~wgdGrjjO#N#fB5fVfm{9R%_xy
z<p%g==o_L&hC@F_MyT!F3o3dOPW8CWl>*AD*zWkPAEZ3TMnb>EH#u2JO(2Zly?Mrn
zIo|zj{ay{s4~sDR*;=o2tZ}m5OE#<)R~4)=#u<Tp2M}q1p6X#&BGs(aFsNR4ow;e@
zIj_w9^$=l0<mEQuj4CQbFSmpw<;Oezx28!okMZnm$I`FLkCg{oJROPCL%wj=0Iw>B
zv7gogG++>4wIi?!eYJ<AobBFOQg)%3gIXxj3B(ZJop~;T%>twl7jzqe8Er%7)SZsB
zpV-UeZfu$HIZG>U>dR$bmG*S=-v`Aksf@#T7@f4GD4DjoeC(;<oOdH#xbM`Q^sv18
z{O^xzmi}Rcr^-;A?^BX0^mz-v=KgEp-G&|ev?g&PkjmXifysi<7d(Y=A)ep)NqT!+
zRdTN(V5u+7XVN(f!eTCF)u{z_kK@J)kTaLU-eUjIs1>Z3ggDXhzEsbPW-1I;x)BPr
z0-LrE@sS)nTPK#F|3c@&N_8?%0(S!F{P4>&Ug>SwDY~8O)4HjCSu!Ys%L3#ZuTY|{
zqhmrT{=mP+qk0aZ;rnS&!!XysfMIq{B1|U<d}ZMRO?!{4Oa9?wV>8%MQWh=X_OsB~
zX@6O7g9>7?DFLGE(=jI%|B!8355*f+7jEW(R~<BUq{=QPLdv#YIB!<MW-nx904Mhz
zX&gsNpBrSw?i%*yt&JO#E#6#BHASA)_VyLq&5r@JYF5T5i+nQLw>Q&#Y2*Ch@M5Gh
zYRru9^pN_@>qaO10nbSzah*2+PL${cgD+Y}?eg2JWUkz8oFES>p=>0*Q)Phd(jxj1
zzp+f-ZjZZqT!9Yz2pIO@KB2L_`72(T-CiBvY+{?9#5<&3dG6xMT>WP~n1fN#M$LtJ
zTZma%w}a@Ci(Rb9j3*;61OK5IQ9&(QMC_czI8z9}3vk-=R0+H0lz9A^BH><`h%Dt0
zddU7GK;|&OPaZ3nM&+<syfHVl*<kf3E2SaP(edl(6ZWhW;em$g&4z~n_^Y6&SV42m
zv#;HPx~QzNu%4&vpfmX!#Ao<LJ*oygNC_W3Wf$k_$qG9lypUob3opVhZp&+XqZBq6
z?+?J7|IU*6&GT4<$cSv7Ng+%3DUzl_r=j-r=Hk{~jyHV(iyK|n`?Z6jhigTDh1vfG
zU2N}=z+)O6wr!P;&!(A9rh%WqFpY93zmL2?njToP|H$=A+HS>8qT^)AJ4*(+JO-_D
z=(n8!DNMx`KTbEqH}2o`NUxzZh2_WtC_e+#1pE<jtE|Sm8h!S@_1`p-I{TJF$Z2y~
z&7a9%HEOn$b}}~4h8en4Sw^FOt)FWSGzb(L=2#s*UzFM!Hk0yF8l{oapqDC_?~ZrM
zBnj^L!5n<=?`%FU8Stp7j@RXNrM)8&<PD6@#5H4_=3Uj()z+99Guv<|k(Ju>O`X~^
z-Kv$GS{FIU*Rg1!D=Zo|>w9lB-@_L*in24Z{d*M=x!!@_^R++e`Tg8*D8${ETeYRL
z&9;>~>kQ<YB(vSKF<a)i5KU>g@HJ8~V4~ekbZPobu#h_M)ZO$isOjMGNslnPS;)Ko
z05mJ5@PhqSrc-(rNbiKf?=|v1vrxN2!^+W>9MvWLRqG1-$|$87qu|_Vym>s95$y;g
zgW=v^Wxw?pp$!8~n`!RD&Ape5Uw+AbyJ=*CfVZtB70)y!CZGJ_%Od$m_!ApnYN%7I
z-i)8*81K1lDCdLv0_filD%AXXf=|M;nUsIj=L3p$9aFSxh#`BaU8gCcn!EgErYnxm
zyetGx!w*RcoOi6MAJ#RQzyrMi+gjpAXFWJ6#ygz@L1Yg-=E%3=emT$`mEC&trrT`q
zQs`kaYja1%uPgs|)q36WcbC2so#=m-H$~D`RR2jZ@5%>Q8iifi%p9Ulk+auuV1Q&{
zzWA29`HI(xIqCBp0ESC<YWliTLtcxL*Ptt%P3+^*C#eHvbyG|2pt$T??hx^$>{~`H
zwO}|f+^aTeAkKwSxB<56Te!)@!h7vvTPym4T`&zg&jg|SPOX#jAHzmqG6{?z)i`-v
zNsSblWArwO1ine^VpkC@c2QrugFZhJyI5CLBr`;B*ow9#CH2@T99UnyR=*j(JjTtC
zoYSbVvm7&kM$;n|J-KmOzrx1v9bS<h2H$oU33=G8!D3nu^_+^$i~s;uv*^izyL~L8
zT(=V)Zzp1p#YMS_SVq-kw&p^u)L_881Pw)(K{5&Ns*Sm(A;*f#PqA1bV<qnV_x9G;
zn*j!Q_-t<-e8IFXloq}g<!X_=T-xpaESbF<P%8V+TKkM-pn)Cu&pP3Vi@?bI<Fir(
z=8j2-XE99MT?>AcvCQOzID!Qjj}87D@AGosQKvTQV)U1(#^zpX#!u(FJCL3AH!q0P
zi5_b`C9zF9u!Vi!!JWTYtovsyA>k?H{UaN|F23dA;-JQ5dz0bd(D7NOCL7=(v4szo
zV86#MDY3x-!?8<AY}|(7uD)g0eG<cykHE(O7__qktcD4Lc6We1hT+=3Ws8k=-q88Z
z@jx=kXe-EiAlGpYH>NL?Y;br#@Z_TFdDt)rf6Mj(O67jHYY%=H89MfY#S$Vl_WgFU
zAGak5SCuL*y1<RPa$xc7D2?y9%GBXqcx;w#uJ|oyeLZJd0FO<m&x9a2PF3MF7jPLi
zbI!42zOqqV2IbYz1&^lYUHS#iN?%(}&)DiZr(Q24lwYb{cE5nj@CDiRzJN>e1#!5&
z<JTVk7@K7ZX?!93x(~8mOk13wRq}FjtVUR_<j6>~?khEq4dT@}^+9>tiRyfk+2xSv
z(c+r|YHi*VNE-Z>t_BSo>9;RO`9RSc`UUBYi<YxI$7l2uJT?ou_JMwuuwGO&-8U1t
zqbAykQPb1ka=s$r$ajkxc`w_q+#f$v_&WCJRj{``6@-H>Qd;v3^;{(4xF_}@p!XNq
z9pXafkYDa=!Jqo?W^skQN%FNQi1x|rY0}~;<PJf*&GAzpT|aIvGZGbIupv`+HGH+^
zIgbZwS({N^plrA6jQP=Xu?@<Vds@d6$L)bj4M~6jCXBi`g*L>|A!lY8HCt1=l0LFm
z?{X%_<t;R}&211ywdYZn1bI`O1-d_-B5qmTusK&J`!pYq_`y2h2!127^kVzN*tbs{
zN-|vJIv+{br0fe$S$$4Y(h}+tL+8(qht1)Zx&7y25e1SjbFdy}YT&W!V4nl_7>}we
zQ9q98j!KVaz6hJHo%PX2edkkEEAnZ9D|Yg(4Ym3CIR=dJA8!@}RZO{mc)X7`36V`x
z7VBTecT^bRbhf2j_Ic8j>)I8qU~gf#zye7yA`5R;qIZ7%T1AfghmxVOp8w*{s;^zG
zS%cAs0Y8``6j>GzeoxvUZrN{7WE?#&+{g@$M%zZ8YDc+>n!@OVGAXw}(*^3{R_B^?
zD^%E({oP5%UIxKNa@+EYZLVPAbDmP}!#Euh;!Drug$ky7>Ijh_KhEdYo}tAJ_R0kk
zg_{E*z%Dq^qmf=&b0q!C=kyYH+$z#et!vvT#FQiP(Sip`KF)@*mAs|I_VzewUwXhw
z<=4+Cvhh))y?rJ#R<5{~)T3fn_9}e}ZVayv8KX{Z=uA^d%$R}wD@xQ_^U-tm4-RSz
z0V+j|bA8SLtLBkz)Z&@Y7o~@pj?apyO&w_Xk=E@bHo4Et!s)|OIUoX|rl4P`3v9_8
zEJnZ<kh?6brHIY35^5_VfiQOA2&-hn`{B;^RN@q$p3PY};9!@gUsxB1XEdA)<I$h6
zDG224a2+!bA-(SUy^44&HQJtR{w|iYCOC?+_}XAlIVj2&w`FY0v2zv9{_m0)^R|g{
z*ntSrUH6XQKvQJ;&4uV9#g_k~>G{Fz+aHL&-U+55`WgFe2Ek47GBG<iJ6xu^TiwZv
zX<#Wu1vT4r97V}m@x<ui6V*0fnbypjmc&>VJx*11Z=F<|I6EM%_;6+CYCCyk+o!vc
zDef5l=dMSEvipB=dCSA+M3U*KTyMa(cavj6>z}tR3o_1i-834!4|*ecghSp=RY_1D
zAhG6!nAo(ClddTRPy3d`2G=DI-|f&n!%2lj)pM}M5|^RR-c5(9|JCa%O|r=|)4Ja4
zQc{*+!|=RdLj~LCu?a1{wSUz<^P<=}XWa9rgvOS(lwRhXS@;Mf)0?%7Q!S~5NiNkd
zwcY--<lVJ5F%r1E%@<azdNWwVgWqP$#J$kFIn6s>*-hllPa1V&QU|Irex~Ro=g-T%
z<t=CTFDr=e{w|}V-@`xKzu}3!$CRRVhY-Rd{xmo8;Vagt-_};a#nh2rhrN&(48>4y
zTS`9j5ctu(Tt{)C^_ExmW8a|oTS+4lcl(IX=5%GVs5Pyi$vRG?w!#fXGz+%54_1Ct
z)<rKTxa_}IoFezKf*)T>*yY~x3g%Gw!C)j+xBH%>5loHga+!7xtczTan*;BiiQ?~+
zH;jD&Z9naUU>iDdoq3CK@ZQb^YZpYY-CcBNaOKK<o$?e$^xBo-`{1m)1hFoR@d4YG
zdNAp8mo^lM@V$JYGPrz9U^n>;iM_RZ!#il#;&0!cwuk{-jQa}p#Yey%OR!dbQVruF
zM<i0fO4jAu57Oc1?V9Wzp8*`d`yQ?_Ps#9)I>G!Hg0t(?D|Z%8L$hn&z95z`JOQ=z
zblF$vEM6R|2eTgCEovKe&fK?#(GCDi{#^E`KQ%3$GKQuw->XC18?-Vw<85^N@t$60
z-_y5+_0c)cxz>JLtJ~9>QGSuS%a426P1NnQClYQ27|gh`!J;wxC>(im=eWI(=SeNk
zc`PJgr{Vhp?9tmLLU={&Q?$PNP4;ci^@kL_+;^u4+ts!AnX;gH>z9ex=Pp4SI6s`$
z=7;Os6d6?+R>t;LjTW!fOeLGSEt#v7+NGO>2foRMhG$=}VAPW1kzu1*w7<G}Y}!?;
zuW0b7OXr#5ZT}UeN!@m}uqpknnYKNQTmx8Z^r;@@-ZJJ3OMAid*M|saP0GDlgp`Jo
zv<lLLntrbZRsMJn^p{=9<w%hD&qI48r=`?yTg48_*9OEVez#v&i4+Ri_g&_edZ1JS
zj_fBUh}pN%e<GVRZY2mmMGKDdG}?QqEpY<i5t=6ZweS5^mrG41jK5NB*|@A2*MF!U
z5%rP#^WtV6TqFw;slSxkYe_q{#YvZZ?l(CTjo9oZO&hQORe6{fR|)0FnfaLx^msB_
zQnf;1c*%X2k&h7Vmo75wPI8$Yok?=6_+P)lPyc#p3&QxR-I5%Xf#3fH--;<)qq|o`
zz3_k!Y0?L_t6KQJ=;%s~oMj7Mz3zUU7BJSJf8L!dx!WIQDijt5NKDv??G?6eXU^x$
zJ%8hnOB+A<WGYi*Tl3AlYJ8MfJ{5TuMjg;g`%x4*QwG3%PAgo9V^Dc3eE_xMoroJ1
zYbc4xejMsw1ph*1kR+zi7z>#7qqV)k@i+)Nz?H11B_8KivR$qJx~@x}76!@88zbFD
z-#Z4?v2Ss5oQx8n4iodRVs=ct_|4|f0nfs}rk7YRYlU0dUMF}znF(!xyB#i@Qr()u
z+qT$x{9<h9^^@4>V#0*g=b#V39XU1EZwzq66?pP$2I%HZHb~^IEpOtU6hKx~S3prk
z%#aZ+Qp5$8Kb$9A#j7N3?VRrN9(?>!rUYxJEPuaOkE&3@>fd!Nlm<y=#X<#Tuje#N
zdHExwzsqzonQZO&Ci25I)_7+SH^vMleDoega*^Drdi4B9D%VP0hJJ^mU1G?U<{Jlc
zFbx}(D%vvr*4p6Hed&{%3`LsiNA^o{-{=V)^!;^~YCT6Kk+BlpV9>syuxdaCwNCQ0
zJ6+G><=Zc5u`RyZi>NY!fp#RDYdCBHC2IrG)>Mr^Q8Gw9lZ-~qEF2=&W<t~p9R2&L
zlqYRb4Dqd)=~<JzwB_)?WY3EnYYU-J)&XNczohUV<0rpa*dyCQWc+=qQaSf=2`xYR
zTv$)W1E>MNtp~6DJ%|+aICh961s+vOnpsqOOH0(QsK;ZAw2@{CWHVTy1o$0@LsV<Q
z{aJze(8a;{K0cj={;V)E%GNFilI{1mQ`sWFF@!n5YlyPt=>|8uj=R{|C^oH&ZQ0W%
zSB<*j5l?)6k@7<GsMadDm~?G&1vCyQK6>uqj&<TC_O2A-qe#{lAGv*{GMSV-68{o1
zzlHzRu&C}N`r4^=f)GTJ=h+XR2g1ZoNoF?ID*}=3soiF&8ryP2yig(4UocKIYw~;%
zU1UX+e7ttrXUT`iD&+)}!>{h%3Z@E6Qt*5c$~d5b`eaQnsNE+#>OjJG&LZwIz}#$Y
z@9BQ^UvO>|S8rr9pAn<h0R=_xAA!hb4Xb6hzrw&HUO;a;?U?d*GhG3z-5o=ClF{BV
zKt+1tVZqVG3}J}^s2GqZJ`#`1_*cVX(?si5voM0Ia<yFhutu_?9XTHyA(?z;7gXw-
zgnsdWqhn~`{EzH|{3d+Mt!~PxWF2@?PKbsqlGN|8x6b3Ql#t~L$6<}aRGMriyB^1x
zxRbUgeW8ThP(wbS-hP4ar~qbYnu*$Gbf1TPo=@T72v6htp_r;i(c%(9*+ox8=_QLn
z4b*-M2mfT68y4<#KB{;E&8s`DM^A%iN;1t?Lgp--pMUyy&!(pFeRR-%oY>T!A|Fjq
zhFDl2PvPIpEa$zAW!_F?$-U-=bB#KMna&zX%Xp{tt75(mmaAf*W$U@dSL|Fvs0)tw
z)U?RFONh43>blwJQ{o2-S;#5#Zp5kSj63@Be*VI#DL&5PbRow#UHsYi#B^5srQix9
zEo$--^Wl%8iZzvd4LA4iMq+qqAL)>QykrYCA5|+CGi|L`CBVCVZRPL5KX|c|yZ91^
zjMQuHXRFy4gex944fE7RQ^CI6n))NCvex@up`VE4%Pkn`bK@_8Yy}@~@4k%(>4X`5
z%hCREeyxHK@%ZH1HD<P$KgRe#l!Wo&0l}N(r%_o$87q8RP**jUZ=rpt-XjcGt|bq<
zTf?suLa>5tTiEI12`sN`81SpFa^)}1iBTd^0_wih6*tNNRElY>+>wCcro{`r83}h!
zNM16Vp4%5<nmD@k`r2Ri5#k;i22|2PbcO3FrU@01nnk(I+!&l+k1X8ypG*H`EtK7Z
zZdDCkePa->J41;g1vc}}rNdg{0K@M?!$8%P2}4&o9{x3%Z_DTeG6(MceXU|RoLgg^
z@Xwc`w?TaEMFgq!uaeDgi`Z7NmOQ5x8zKqm{7QeN2E5`_7RyF!fdX@U;<Q`4+iZXQ
zSEFGIb*FS<hh&;ZdO(N0%I9SC15K_=aRNmR&+DOKpKliXv%*6axzFB>&BS6BXHv{@
zp&um^No-FWCFBhTxebzJL%Or@XKD^Hfjs5RfQ8(!(DpdMf;p;7Cs^pL{~kz!f>k8K
zIECu65}~eZ1GP-M9Tq!`#OwBP-&yd>8Xv?Z>mo%`*ZTNwLvJS~{{^vg4}*$^4S%`K
z<aD}S@^SmOUjgPl(`&6;e@7RbG+L*VTJM?Z48^&f))w*X&xSE7p=u9)o%#G^&0)f5
z;rkL-7W?CcI{VBt$dY6#wQKV#Gr9$P+Db6vU*EEYh23ILQmtf7M6dfU{R=1nr~9(6
zRNsFozh&x}#JhD9ilts0wPG@6hx6`{U^pExL{Of_Q#P6>mgvNh!uAWrga%8M@B_b<
zF>a*ljVC*<WcTsCuGTof=3|Kz6cleClB3ZTzjLO=dp<lYmp#7vZ@5MOT730B49C>v
z$=NSL0tt0q7@Bc8Jk>d*?h;fwdbIeZ!rl&S_D7_CYsm?qQ1YtouM+WYN5qUNUc!IK
zw=0A2YDktbk^;#pQ^VJ~ogz@7v|A22#K>%G6RASQN~|5UCK|UcKITjG>{2b}#+Nal
zdH5x?1uC;if*}FGon&Ft1z92VU0U@$<fRIZYGNKYgA+-kId`)*ZabLipOyL}g&jC7
zT<Jruhs8V|oMYW*hd{KuqV~KJ8Tc5K?I!JSuO3_3vy?qW{iq-8U!>DxJK6Xip3I%!
z<A^>5{Sb-FbflG)CKpty(d2y~`(k9DM4-7a8ZVbjwMOyvj-<V4lh0#>A;>mtZfNua
zedf_6v0H}c6eFKw{Wa@plrPWlfjHq<Akf*$;GFltK}T5_$_3GBR>^m8W<*_CzdSSc
z?M;mbKaIt7{zB(@VE%C3)ezy7;<}73vgq2H@9dz{VQ%)?qQ4_I1mcu^2EFK>J(UYa
zQc{Q^{Gg-p+BPE>aAEhd7~-vv@d0OMAy)Xyoqw4z@PosX+bMeBanCPNGY)>$s`9r6
z&F6nUcO|bD0&C0%!EklC@K<&xCsn1Mp;<0&c|G)kAycxyiNOJ=B3?s2f_t_Zm7Zw%
zWCI1Tn?t`FLkbn~iV`2N-<o$cXltH^MFrfPT!m1*kRh*Zza1H^V+DRD8Z9H3jKt2H
z0W!X?xG-Th7RySGT5CA(_s&;w&%C>{6esuRheBB)dY#eei}t4j!Ns5dP(Oaxcy@-j
z{!JHuM5;1Fs8Il8&d0jA%Po6)*$=!D`#9v!&HhiZHGBVfMm@m(VjEO%E9PW6v0#T6
za&wWmT=?_cu7NCe-$vAweeVnh&UCl~?GYt6q@hSvV)TrpS736D6oEyeTM4QokZ7^+
zIer8vKpQ@4^<eB9#I|P+78rIbe{^vO4O%t1HA8h9TXJ&96~f-1sXreD`hIe^@P1}^
zVEQaQ&@V44BGLC;jwy`bMI(*;M~O?W4<QrPG`2{^2Sc2D8Z-ZT<>9}@3;i$daErEW
zhu<KfX5>zWJA~L8T&efz#iY${C!cpv4nNxb=)NZ@o<9~W*coyFg)j?sZW`XHIt!PP
z_&TP0O9#it+S^Y%#!xs@_UlmNvuL*ET<qz-CQ*gR?)yYrj?a~!8(Fk!V%cP`t;r=k
z6Js2@Uz}uvqe1InhkXqULf^=-Kq=x;p@4F|jVFUGa=wnkLe22gA{${Hkgk3aO6g?N
z>6eGrAl<MJ!EegbpX$52*8lTwjF?uRpm56|31Z_siMWYW%p@zVLie)5IgqWB-G?Av
z?d^^ou!A7l=CtOE49yc4cujd~!FZsbj~}^`>F<k`$7epS@<wt_ylqF70Kh;{?@ZqI
zcI;=L;&lozqPMH@;{JZMjJ-M}ad~L8qAzs$k&DG~x?g?;nWb=1pZX7*ktT1~lpnUD
z1Bpc1FD)AUW6*mJJYd@zRP7Q>(Mqik@^#oqA+ZLOuDQe@S1IGKedvqBJ^K}biU1@p
zux*p9wK`jo?MwVrOnAw#6O!~nRn5`5KR43A(dU7hxa>U=YZVdzYgBp-ok?o?V%cSD
z?|J#=A(+3Fb->#$^rd56lWza{zJ;7<!(p!a<lb^N@w30IiU9Zw$EoS;TMD=@Q7J}|
z7Rh}UdP=&6`UuntA-voO&=OJenQ%Ifwt}JL!>W2%tov0?OjzmUAD(rL#v1}K?DQR5
zdDf>cFIR&7MY)2)wT<Kw-;^!4_}5)hzi>ZCTSZq<BY9tDM~VY<SoUnzRMc;*#8+Be
zjJh!ckB#g1k4ls6(F;AThv0U}GpPBd;5}Q`G-?z5-=DC#v(nyqQ5cEt%bN>FbNDNt
zy4cqUk4&a}U56<iV$iKWW7aG0<y@9-@s%)1Wc}7PI(qwOMr00Wp4cQlcGNjliwGHu
zv`sx~UB>RK4O|I)`O*4Dcvqi|=iQ$j!OCRokqB|0%2e$6b{wID(xqu1$<x&%NPmiR
zxDMP1EcE|6q~<|(FpXvj%$h^nrd98-j^|ElwGoROU3Exaf4%C^{reAW;i#i)Mz;3z
z5F*@^1m~;s=A9o!<R9H&EwBx=nDO&w39h`~ptf8k+JT>}@Yx)a(th<t<)@idawufG
zldh|y+Rx65c6N~y-NY4r!bWM}uxTNfy**`EZ=l-G*n9uaHFkDstfokGJ}GJGm6D?0
zg78%rb9?d}XdfmKlxUtx#gq88k`-<QcR@)q%pn!6xw@{f_m|ot$RpVn*4)_5Cf}I^
znmB*f7sL_Uo~DaewwiA43~D^2D&2H0R|x%-RIceF&v&r-!h0Ee;OEd7pX>t(ejt|r
z;3M*#ZD&~@IQA6Y$J((4){MXES->i^ocCX_{>lZQV{j5ya+ZdVGx%Y+k;jgs*N|yj
zp)}!ua3<6tb_aO?&l0%EaC21KbRA_$3;s6UwK^!hqBtqBLMneeB2gVeFEcK&(kExc
zRHuOcBSWE%m{ZH9mC1+8%-(3Ybac5V_{T3`K$E*{DTTk^5TAh?#mX20DMv|Y<cgk(
z$u1a5doWALR{4LxE)TEHN$f?7Xx20!Ov~tGL-@yr<g&t{NlCZq-KO+BxzZc3A?Be9
zk)sK1DeFvpZ7i?N)Fq5RkV7quNNP5^3KcwMkQq0#K8g;!o1aRNM4Qf<&y~tHL$%m~
zxvJRi^V~4Iw+DjTsJG%f9`+W(-fBf;+g(%s8@<_}xl<Ni8hTgMk^K2Z8QrG+5RJup
z#PCWu!MSSCER#B~{0uB^M8`qDK?`9iOW>8RzTVFaD@?94p|Mfff+N*)rV@6*3kP<L
z>aVR7^$hxdLQ${lLxC5LpK&zMjpcT^qR064N9`tjB@}y$VFe5|`Yo{@Uc**f3DKvn
z%n~nxU9=HhNz$Tc7`JjXe1KcDb2PNYXahdP<$iE&(|J1(fkPiMF2itK&>jq9b^j*E
zR6`X`QRGq$nmA^6m@0&SCor^l+xAgh?IA!nn>N#0<uTZSHTYTQ;nV|_xd)*rLZClW
z(TDK&L+1=wg}FMbJYw|9DpPv`;9w!^Z3(Fl#D5ImKQ8`g@X51)XD=`<5+pEs*#P;m
zo|lnSe8ju?n%iULY-qF7TOfr$29d6}or-lw<zswJ4#lKW28@=O;>EB`73};rA+<3c
zjUounD$V7rh6QXWoIEp}!hfWaSyrx7*q^^JLg6I&IB3gw@Bph*vPBMRr5i*2DLNf&
ziaeBq@g(<H-57E2NnftESA7vLeNxo$>H}e>5`b-uhay?cd{bghy@&#T-8|L(JnR_$
ztld&J(t~`*6vW=yi4IsfhC*RSS}v7P=-h&^@gCuF%}bq-FoCcnrz-;o-1PVRiEeX$
zD8GtzEj)A?t)p<$JY;HAZz4_jc6t!wu}w6yvogyMRnMc^+CD%^Ke6$0$+cN3XUBX#
zP&lt&cg*^WH*6N)NQ%dTv+Wcv*-jw~9U+5d$#M(5r`ue^63<QMziA*xiSe#NjJ-?(
zJ^x1blx{mqRX3!;Xthk!PQ-A~%x65?5$NUI0gDXgdl?y9%1e}kx!`-Y23;eHzgPyw
z0YpK<^vI+(A(u{t#H)rW^gBQN%_zb4`(WO6{_jNG;O-ET?kAtrk~1i_Rt+-f!c6Y1
zv#<<1!oxH**lqU|NhTZ(Poq2~US&$lUk)B4tKc#C-0TbaA}`#;+m@vcs3@dKQB*47
zyU_mto<L#0zTU;c7!&V$_{QGT__wXh_z7eF?`>s91Zi1>;+SeV9->(5*>#+CcK#^~
zV{L(T+|;eiz}ygTV<wLE)*_$>kXA%!G#w^7?|4HWYhQN_=J4R_WfY=(erjoDVf5cX
zOP3+B!mZ4B%ldn0Z2VUKo|^UjkFCroVay-OB<p>ksV`n)e$=n62xvhzp%b?8+|*V?
zC`kje90<j68q6kC3Zzm0$TT|p67z$mHPLO%2<+u|&LY<W4K&_(ag|KyKmh8`g!T42
zpOG<e(YVC?XxBxI`BUz!@8E07qG*}5zH2E0nz5A`Ek%Uheu??zd&@fq-W%);iSZo*
zpjD0NQ#p2V3p1)NG5_DTG6VI+^~XaptU-R~-YBC-8S{@2^Z&?9Lel{9?&+>;)7qmS
zu<%NN_Mb5p9xwI}R)W(0)IJt2Ur^a;t$X*faHS9DcRAMjOnTkH89*D)F(bZ*O>BK;
zX5GOVgq~u|zj_<@;jhr1ML?Uka18%*iN8nCw1pWfFJUe4*Sfo9=%|5!jy1uOzyMJP
z$ksdTIQMrc5M%y~I#vR-EgMX%8BQxoY+AOww4fiDvwU!(Digx<Fh}FOKNaYiHc9_f
zh7&)#0>U`=v?>E*C4F(tJS0}><KI$>_k#)6`EDiX{kK~6)|i(??f^g3hy5@iBEvFk
zpV};=IFFsO_REuZnUd@4o#M_6%!v*t=^}X$o&hi?F`%R?k&EkdzqJQi44T?D9_Sle
zcw7;FF0rgahGlKz3B?#Lw(jpp?JfS5Ly(6Lio0;VQZ)#|&Upg{f+<}N6Ur~|EM!xG
zKD?C~(V_eu8^nydA69Z>-FGPC6ZFLrtf`h@4Zq`goqYzsW+Z4$L2b02zl|B?vz}0~
zordiq*Xa<wPG9}BrsDcpzbM|j6!SaU#Kw+(D8InM=mWGr`e8L=e)J30dJ<?&^CO`D
zy0n<0Z(aciH!<c9TI+{F?GYKm^1|}YcVvEFrD|b$C-MkUW;Un8Zo7VLeOgmP_w>{e
z_50~X{_UfMd@pa=V9=TtepE&)O<wQ&7e3tij_hxbXFzyWI-!Yl>rR(t>)|ley8mL?
zJfAFxV%;n5l0~y2oUree^@H&0EJ73FURjF|!qNVOw)E#~3Hx4I5a|O5Z5cqQFGs#T
zJ*RljRXOtQ?|^T1Na6R&q-+RB#l14AFN9l05xUX`a}s?ayfPE!KsJPZK-OOcWIgt)
zk|2!ngSL)J5Z*kDJiFl$`L_eM^1Ee-1LG+21z*2R&H#OeGN?V&$-)mY=C4}#a3{`h
z@-v!R{^KXqKV$9_;{yF=pO-~5v4+r^GEXz3{HIT-#m{Ix?A`w&KR3fXR3!rqeId^O
z-($u@Voq<Vg!Pz9o8MzbOC?#4d8z7iHt_&s{>!)W?>nKsH#6p6BEg!2*8PHE);hUu
zqolt?uG4Ys4m!h(h_AB<<GN)kq1ob`2W?UE9)Dj7PO-x2LN3y85cKFtRyaxAJv+1k
z^cL&x*^(8%XUsnwhTQ*Bfuu(_fF1>H#qV(L2Qv98Ad_F@e?NQ`kcU?><}Y|gQyYHr
zgj&IvU;5D#D(X_mn7{nrpHS^FH_mbXIt$>$D++||cMU7kpuRjyeD`NGw>6~0gh*Ft
z{qRhf6ObU>{XCC9kEDa?d>;{Wh4tMW&-*tU?E5#%9QSY5IPTvh$9~}Y?y-;Ke#ln)
z{>_H&`!~@p>;BCe>;6sPdi~nd%z!R_{|0sV2*;wTsjEI&k{TP4>-EPkh;O7hbT7DF
zQ-du_)H5FUHPBW+^CfLHBE6@r;<l}Dd`J*Rn-R2`49hTY+V()1Zkt$bqGi_i?;@=k
zI?g|C{(&^kU+e|`a~md7ZMbzyPa7tv!-k3L^}nBD2BAqCVy<e~x<uXZUDx;ujMED}
zY#4ffiCUm)-8Q_qu)cf$&az<^gspq(7;o8N?d_f!A?Y~J`71#mWZm=h#};hn^WD++
z#P6g@P`}p)6I#AS*5kO66qxYD7G^Z3!{vOh+8_J5=<})Qqg`TVu)0QFJ&n%|Df%bI
z>FF0z=L#Gn7Z+}~aNNIz8SzKS@<#+O;@GoI&Z)euWaX#)l>8J==lLmdk{Q7zHEQcL
zm;Dms^uy;<^OJOu=cl!sd)KSwsTy_l4Vt>c6$6M5V*q0T<zOse3}7r^3=~Jl>2@5H
zZAtRC`C8-Ylp_|R<Mbb#Vg{UI6LZCTlGZnU7T2g7rfKRcuJ;qZ)W1qk|6VJ6^?=*I
zB}xBY<MMA%^!bU?zc(#bE5>;EH#%N_`n;DN`MvM~!oR*R_3zey>fd|Ozu#J{t{&r_
zf5z+o(TjhlZth*LmfIJr6<_;b_%|}X+rPWsbNY9yw|^t!_12Rf{{7}+wR()xzi+30
zPo*=oJ`ONpg5}4&lshlwtr>cx0`#Ttaz9<%%nVSV-n_&ncIPr-L(Aq0x1s+eGpc91
z^UDN16n<R2;(Y3!Pvin$2Y>!9|JGROyN|2Ivo$pjdiL*so`0KdmHN0^F<Vplw?&ih
zyPvhbF*PV=pDjQH^dG)!t-Z(W+{_H3K)n@bS%ePs!2~(Sz7vtxeJ29vKU_=x_&u&?
z9Ng!P+q&-@y!CFX-|c4&&(){}(>-E1K0*I`7k^&?YkHLHyvv2Q+j4>#4MvSxG2Mkf
zK0)8v<*I+gU9R8uqKCAiMy;N%sh?oY`+SXBJY7>ia_ooN?~1u?HdWZH%FAY%z1!^i
zUTwCe+h)J$p(}sZ@Pox_>(@MNMkeaZ{)x>NqRsw&v05<JWiv8Suj<8SxAvlk6j`hm
zj}<oi;bK)D%WamdA5y=4X5SSk9su?8WLOrJ32j(cX6=nWFg--0)_1w2_IMVAqgjN4
zY@Pou1M7}a>e?=4k2KS5Lw?qvr4w2%LnG#7e*Y;i7Cd+(t<K?hpm2?6<bc_UH7saN
z$TLseuY$*=P9H$tX(czdNcLOnpH*4778un2ekO!-7tZT!P6u6_4O#D5o0pjBv|mu%
zxxKUra{}kna*>7S%CM~bjk1*cQcgU9zCHIKPb>Zy{(J5lWmLoUWd@ko2XmL*FL93V
z^R{ks`-|J7I}c?$a(N&AoynB<jwCRf*Ok!+rb~3CJg9xuDeI2PGKlu{1J>l55g%iI
zCx)ocdN0?rj}x0Ffw`A5)A{ZTq1<k3Ht{o>C5-tI_i1aL?vKSbG2@iAmXKquR|B20
zi5aa|6B;>Y<@jYt55_0zKRv;W_)(tY=ZiJTZ#OaHfcX12o0x&?j2~_0>-}F^-@_=W
z3z|#R*4wP{u}qU-nKeG3&|1U3PMJ}TxwmeKT6`PNt6uk;u^u?8Kp1VTq(eQCp=0^<
z5CyZ0E|Ni<ZS;Qkxyt^INOp40Nch0iT)rv?Fqco4tZyUSy@?t4H`d6+@t&q*{#=Hb
z9P{TgYyQ*<asIU4)nxBF=g(xV3|+Qul~_<K)CZhkMuc+P?q<xNVyk$ezWO_w+OlGa
z`ZLOmtsdvuXrCQv+&*m?P>;5;-dUERBf5^;2*;drd^uw%<@{0svwmF}{q=OoIu|*U
zOM2XU^Rg#N<7ZLYB|fj_ImeCTeP-+Tzc=xGefVFsEh*}@?aL{)-Pmp0K&QjDq)7i;
z2Q##D+_pR2w$+Ms`8%3gRl7tTNcsK!cf0M|d%nFB?dr_8Q@rynV*7v0w`=~t&bO;K
zrsmt*W$5_-XTE)G<3Gu_K3Be-(o4RblFYZ3A9~5R_igmfx4rfGs`)m&(L3MXx-m81
zezL(M-@+ulUq{b;J7Z%q-%i`e^R4`DYQ7EKTcgTTUHO(wvhwW@J9)k>|MwcTV#>dm
zZ>Rh(@~zL6Z>M<V+bKNXW^QB#{{1iK+xVpJobbY?uaIx!lk|08d`Z5A$@+%Lnks##
zM$PH`iurcR|3SW;@)h!}ulIcW`i9=~?O!(hFY~Q7x!bn4Z2AiMR-3HP`r=FSZG5s`
zFj-Sqks5XVxi8PR2}O#vh_jIjxp;l0OuD}@U(p99-n)UHZE6F-j2!0s?hnbZrbP}|
z?}G$0OZjg%4C46`ef7W~KCY|M357@a`B`};grDzEXkjKlH~vi)k8A7fn4c%=pa6A_
zaa?ztRwVs<pf#QSp05tq^gA~2JDaVFKgREY=UaCYHeJT=&fpmBaR=x!F#TCz3OTz`
zPNH9G{)B$~>>Ag}-S-2tc>e6pomu=Yk-d&~=1ufvF`1&@yOG-~dY09%dU&Z?@GAeE
zM~tg$HZWrc<_|fbqkY)-e06O@2=yJ|cZ5cYd%*>-5Zamz=8g8f;QsvnZOXmi{tym{
zv$jRn9Ws6|xJuj~OZ3k##QCa7+#h?M-ygHSqw-z@Gl<0Rv*NlgA<t;;RPthIyPS>8
z*msuIcWq!syf4msdDcBuwB6}nE>&&&X&Kf%{4ptU7n!0LzpAOj&RO5;O8Je&_!(Aj
z-+%h7!F6Bc44;!)8m#+QV^a57-WB7^AN#O@8HSaY^JC2o%vi>l|L6vumlumO;>HGM
z;9Sr!Z>ie)Cs%%sOwrGr?Wvn~f{*Qn24+0LnE&yO{I1lkjQJl}xK!ONWUg;u#zw~c
ztyrIE{G3@k&BCi0t1p(Jqtv>S>uXP(Vqp;X!Ghw>6FJ52_ZG+beZlxiex8E%ML(S$
zA?Zb+HI<3nfn&YX`X*oUj@F?DX5d`v?la{}zNd@hdSD_$NBds0k?&EXu86nTETbdx
z`ERL2U`Dg%0~4QH?>9O2u_I|P0s9Z$$c()r9|Y3*_xw}l841j@N?r`d@Pow?uR$cf
zci_Ii`Qrxu4zczAzvcIyZCdZp)bgCi)IogDAnC`%6n*ho?>;S;Kc>oey8ND)qCa$&
z8OX=ZFCXIiKkqTM_)g7re(=}i-U;Fy#@~6vyhmsItovmb6e)IR12Y0Qfq5Qt;|N04
z2C*;sO)#~q3B9#}-!F@Q3(PoZP4Wh2Pz7S}ZEKCW1|Xm}6o%*zWa!8nMyzl8J(kYT
z8OUp8^aH}bI}-dtszV!(Z<FhSnS5RgELQ4%U2NS?x5o3HI5Xn6;CLP^?x!d3gbv%l
zjJ(3sJ41nqU}|3@^eUmFb_<x=HwX<ja2+FsU~1zDy+UA$F6J0^H!uV7Mr%?r3>5nR
z-l6|Kp?`TB*Z<*NN&O>>mAZ#!CiQ<I&J1la>OWNIKhVla7-vTtnDOhH)VnD#4NOfT
z>xbvToWN2DKamUJ;Q^QvUjpHu4u$aWkuXQQ6T-ts!yM@uejl&g`c0U?|Bt&r509eC
z8i4UrUD?<fvs4I-bSHoqL6$6_ps7v>(bv5wmvMRNfZL4vD&np)6bXpqGE&1*Y)U6A
z((Q&)0pdmnm(fv&7!<b|?S$n;1DF_=+>rG7J-6=dbakf#`261Q`JU(di%xNubI&>V
zoOACziw-c&^5JtnQfj@m3Xg$0>WNZv``2`hTqgk#x(DkLBKiw<gW9;xp$Ekz|4A{)
zUkq9U&gknqb`y|0+8Ca8r$NmS&>Av9YZwMv1Le0Y&>AGr8mJwR1X{zv2Nx<$S7-{(
zOY-5oWM8b`jq?I9w+PXGR8C%>wy6?o4?Y962U7d^mIu&is+4OFq+aSf_>5e;9isJ{
zHm0YqSYRBL*(tfR1!(aI(8A7UQ}hF=DZbZ_p+Rkl1F4tzOe@c8L=QU$gINR7y3lzJ
zm>Z!RXJ1g9(QmQ2_C4o<**HZeu|9L2QE~j%M)mYL3XbgQYZe#{X5*wdW76+MalX62
zd<QI^VQ`5+<WVfwXKY(}MD#f^+TW1-WTe0x?>ta{qI}mM<~Xmicx<utCJ0V_Nk6%^
zo6jy`d{(y+)KQn0lIdHc`E1DoD3BdcPtUK%W6nVIyPXHMPojBnRyPm!^L_Lyf0wc2
z>1Ht7K8^9~x*N<eZ(2N9#B45{0wm0<VY-KT*4e_&T9i-Pcc4Le<OwP>GhvQA2Grrh
zU{2j!P-ko_BU&;&Ps=2m$F<8hfO&5ni@yu}8%(>896Sf6)u*3z1}C1sfO#v`1(Sey
zeqeh*;6Ch)&w^?6D>;|;o0$M}0?R?AaweDuWM&G?aSNapJD{H8t$2HxRUfG-FA{I>
z2B`UDhZS?yO{Z=ec^Hl6zXs~4TT99Ge?-#=lVFbP2~fjyI&m60$sd8bcalu@&g|!-
z^xB(8&lQYjJ1O38>gzjteShEHyMWxl=@zvQt^sq&$I)~PKE&uo>9rJ53S0*H!xLbR
za3{mV{C;w+Jx5hh3e0g{0csKD&%c0rKm>nL0?Y|M5zVXJI2g}x;4(lRkzYy{RCVuT
zUE^z<Z(E~tMVJ>8{3pc(ix&^%0kQaTXg^;zU)O;=nQVC}dM(<+5gxS5$FNLn3^8BL
zTXvvvT?nP?1Kj4gG=4wIqv@bEjDBT-Qd|^~t$`3qr)r<_`T`|ej<kQB`;ryyK;vkL
zo&PD%PvJcOf%PrPzpn&H;SMzRmB{1+-e=+tG(HP4Uy*S;(D+w~`3a8Mfku6Z*^hSl
zJ!%J&-&A%}8NMvU>V`OXpkeYcf4`&WyJM^@3W~%0sXNg4JjCqZ!8_2X<^2cjK;s>b
zOZ(i(F>^m2Vs=>Aepnq~_OJJ7w6CY<J*-*9eIAd$hsN*_N<&Ve>nM)XsLtE4K$&Hu
z%Z<EW<{9)I{n7%Z!qzuG#OAlJXZL&2>luHBaNW6Sfl_T7`}e2e7usi&FPg^&b3O^%
zE|+s&)!xDyB0yT0Cr>wSc)Zjzfc@iF7bp%J-zJ4niYI%utHB%`;4$K_M$6vd%xKx`
zyb;XA0F%8zU$p%p-vXw#$nBdYKnp$NzP^Lyw3hz{rX_pw<k}@OOV5pxKUD6_0`<<z
zK&5g=E(ev$r1_t4{~B=WQx~|&e38k~`65K0CH}zPVtUA_8<?DOuK;z_&86g{7o%nM
zyd;<-Tpf|svG<BpmN#A%`TzD<S<dBH#twGRK;>7U+PcrMWc-q#;On*tU*U2-mCN~}
zh@5W%tzjRPhd1^0?VSze=-2&yo%aIycMBT(@>tFeyPXsq0cPrJ(Q?u|0!+*UlGzJ=
zgKjWa?BKEO>!RtaT@yp!VlbcE!Rfm`TDO*86Rlf=H%IH%^3&+na)6p&-$jF-pW@Q&
zPOe-20_v!{OUXyi_SCO#`ONhz=x459wU(axRm%V~??a5T)noVBoqt-W6kB$BvQO$l
z>3YiN$+C4Xy*x**btHh^<N)HLXDiTZ|NA{27rGQoN+(FrYX9&aKQDQ~q<l61J;qbc
zb<FNva!Bw|8Z<h9)LjbZjoZqI(N8AS?lmp|lk!jdduRlw0HHhs-e}v{IUUR;qT3gS
zeK@2xYYFVm*y<}vmOh~Pr2Rc5V8)&kycdG$Nn-62sh;C)<>@_banFTd2B*lRNldbG
zfF4Lq@+DZhak?*1+CE7eB$K(tpm&H#ehN$7NsMo6$lTsq1L~-0rDS@{9xlA_%xz-N
zi=ghEA``n^Tpiwf+&11fsJ}1t3!@KRo83ls_6IX{b&QQ%60tLqY<BY7ohZ?LVVBKx
zOp1F7V}h-Hx4fB`?0dBnC3^NfE~fgYbum3X>RmL3bXj>4EZmGbSVHRfI_n@>7S4YY
zYp6^b@-7-w9xd)-c1HTUXgtJ!pY<*pm$AE}`Y;?+_rN1%q+Ea&7mU&=T*G**BZZ5u
z;b0}y(sdkIlH$AKT{I3>%C&SoRA(Jna*6NWPG*;Myo1I!T=$-M2MsEhe(glb8I(zO
z@I2iWI8PT^8UKuWlI^W{I_%E5(dXamI~hJGy&B(PvT+TbS`S~cd4W=F(|_*HQ@4NW
zjRi`RO=pkpL@C8&-@-B=^)xy++&8Tgr7iEWb$Z5uc_#hCbA`tcI~g7~yo1IIo$S8P
z?VvQW?UDQV9+?d4s0T_((zG7;6PxY(z+2S&{X`Mx{oT*wY40aS-?vbyw$bOClPFPn
z7J8TI8Rs~5x8DQatGQmD4(ceilx)2IH1J*(=PYZ<?S8&g4)2!hqxYpJlb?b3epEQ_
z0Gzroc^Uz&lpH$9X)~7lbLIiL>mb`V_PYx2U@)J0bfJ=cCF6nK@Dawtt0#M*(`3Hx
z5ulEmT1pN~IrX}=NxjqQt0QdPODaxJr#t_(K*=tS(CL3pqEs{(=70ohQ5wu~{{_@A
ztW(#x$;PgT463mGKGB5|q=3Fpl>DBMwZ_fh?J0Nva}uST1kl?i0g){|RdTKf%wDK^
z52<~y*|HD3Wu(2U_qOE~(QPyMUTAt7jY~Qs^T*l%*wy?0IXhA6;P)4|+SU+j`^~qF
z5o`BRoKSwCbfGel;{V;Z(HLgQNV(Qd1Ijb8{4w$*N_4%2UF@v)+S^Q)oy%n=mEXR%
z86Ubk+1Zfl&-HIJ{h1p=DX^-z)>(;E_q7P%w0LCHp%U^~2&FJBM+HmBLww9-Z=*34
zQCjjg8U<Y}{%rBvXry=bPRH>f*6zu-SzQDAJ=Dqb|J%OJ;p07F`?l;P`}Q#ZMrr(K
z9`|;??OP?HbVAJZ+xL|vTlOzdno2m&76JLDgW+K|$JOUuk#$ae!c9o0?eAyZ<e2^M
zrEb#N$?RgPJ17j-yv^QUEn6u8^jEr~&r+KXEKnTNBJ*$WK#AHaqYo}nvZqDM0lVIR
zt%KpSoX5=5@3bw|t(5k3pB^XyE4LBVt+9KS;w!<X2M(0Tq@sh-kiwqB*T0w3joRdt
zc2suRX?M-ZQ~$rK3ngd1n`8&i)m?#e_22)(WZ{ADd)LPYKaG|nb2}n9i<LP~buCb4
zl}6g$*@2RCvrMu*xw=cv)dfD^?SJTfzNbzsP_k`fT;I|Ac{hd2=WyH0>3k#HB-?wQ
z?$XZF_a9;NZTv^?^KH5(TAxj!V@#!EoU6OEb9K5ecOQwI^**>W{#c_wTA(z!BjcRg
zfztB+GC6(+T6fc{QzGx#TxaRlU6=igcLkV@l@9&*49c%V{T2MIng1pDM)e1B?cqpn
zG73vLKN;MPHPl9;ZCAX-WXO3ZQQFgACJzPJ{NML7zg_2P|HbB~b5nhLoa>!Qhta6B
z<&mUgc;91lKJgYBzjiUaA34nMy&f6ef98KLK!#Ha-~Pi9T)v77#^oQMIgBtZK8yq7
zz!><5!8qeBH1a}>_dnz?l~9<*xJkD2JlzH7={JUX<(de6qxQii3zh84*m>_wf|7Hz
zOtQVXx=YK|FXMd=)W+{S8W$)PHlD5~r@r6X^l>yV%_9s?8Dq~JPtGav@$|u=o_Lba
zV|eQG78=(RX0t!e@s!@x`+iRuv{0#-t|`>k$0<PWrhO06{eGVAlF!o<IbM<~;^XD1
z+aqV_TL?;D_m|1To6$P^hSwN8#Tq>YY>g*u`=ziRd<Ff1Jbj4ml}3K&VV&z=qwAFX
zyK2#(`istI6rTBf^2DC=(Y;yNAISg2na`Wg=G#(>Mm6V|ksPlN;_2@=@9c<{g<b8@
zePY{h5*9}BS!+8=&NM3Tb9GlBSFhr8AGm|jBTAN@yHIJmBtlEl&h`g6#QI!_jJC)4
z-_IaQ-}aZuw->NG;4uEId*EL1=N%1Z_q|MI_+DnHbr(i#cQQi{q2UrEJW9ue$t;h6
zrxuNO30qeKhvhRoHC{fxJhFFRX=iW`x%bTBmUGSw?!(PJ;g;`Va8Im7<BpTP@1;BY
zFH~mHy>u0$-O6^9sQquJleL!Ig^J_S2%R2jM~T|$y^VWG@<PQiJ;D=}?I=-OKAsM<
zc<7r2ilZdb{^8S%|8f38rTWrH`@2rl{!V3~vh%V?`<d;%<K*B43l+zIMR1~?qU}@H
zFI2KGkF>qCo$YT){SERYjng@m)47Pz*&(p|q7yN9wR4)$XymeVUtVP2%L?1~w2!%+
z*>2BuM0m8vnR;CG-V<#!%It+s2ftmQWZUR;@<g<q6mFN&xIn4k?K<WqTX%tuGZ=sL
z_tAXt!wHm}+hvmN%++0xtJAeTcPMfnc>C;VyXfQQ1<EX&Exn)jr~URdNBaF5M-Ezi
z_)B#E_fDYnO@EneFGuTsGE7f6#lF>&z_jlExE|ce@BP|s_kPgK<hCHPbAdDL|2LD;
zFw>%838!I42YcTu+K$GLUF`SN?P!eRZ*$bXnY^9ZUw`BOpT8ZAm-+7r+tE<@8{zre
z(YS~IK5si3Z}H!wx1+H?{EnChWCWl4MvQzL&cA(vD0Pb9e~-lX@3LZ~1~c4D+>VBp
z0%kbJu$IBTkJ--Of0DuUfYuP)&SNoCz^v#iTlcArVyYj!)2(~`?)>z71m8m$K)$SH
zZ-Mk&b<_c7_)RD%Fdq>X3zpWy4~u>~ye&4LTEtiOz&12!e`g45jv-3nahDcXD3*Wj
zO~t-OF)epiUn^FyVYUF9J>9W_Q+4rhWNiDm_1jo(#8yPflq-~9Vtmd$4wjqhs9d3Z
z$lD%>^-C9+ze&EkLJ8j!v%KmV{_VWaw}=uQgZ|#beZ}9{#&ST0V{FM?3BDU0P%n#4
zJt3IcoreUMB>S)o$n0cBucM-9)d-u~-|@_>WR`!#D}oxXg)8&C8w+iDHz+=42~f}C
z#w9Cmyxf*|<HA}rs_uA3nFX5CjXQ0s4uPq<d5Fh>&v5g68!YDZp%hmCHCO~JpGKMu
z2GOYtDQ*G_N{O)-jSA3|y1Sq0G4>0+j7`^6M^Fuqe<)5KkMv<B-FZB&0!Rzz@sI^j
z!OG*oasq0Pm$%a~f+^6Q$Ky*x=_Us(E{Vy}5zfz{^*?=n4relS=jZSYjO6DC42;gt
zQPn4YevZbJ-t%(^DJ(xn-GE4bj=KJl{2bl^EI&tJKy-c%cTyxjhbJkLpCfmBbbbyY
zk<|roC$<+-dD?fo<-c1K_8Xuy{2wbn1<NO+iIIFVPO)b`nNi!=yOFmGO}7IU7oR~s
znJPzgJ{hL~=KPabV9y&ezYW!I5GC#LN86u|$?4I!HImb#j$lC>qBLxKB&Wwuh|+BW
z)JNs?*emE8f|A}OI&{}QG_;?w(0%(eN;luy@_JmcmF4e{Td{DPEw4uz{~m0?!Z+gN
z^;i)nug79rUXSIrydFysrK;Q5{9(KgkMb}5e_uA_ZAYW-o<%)ngXbds)#fvk4WGrz
zhMP+)*|4~Y$%e-J7xfr>dGr5`Y`FRiWCQd$y=<`O@A?0le8}E*YWd*U)>A&*^Bd&D
z*<1ggmk)o7kq_V2^pp>2+s<4*4B3l@=VvS|zk5-)d?>QXhtit(@}a2a|5iTK-L)u6
zKAasTA6RYK;BL^H+CXpI%Y4x%)}Rrbq}5K_O6{gdeca#_t+r?@uOT9W87$Ijr)*_D
zNI{X=e6zQr;Yk8BwO;V0rvZuBV=RYv;eZOIQOwA#5Nz_miqX1Q_x;TFti8S6Hz+7F
z-{gk|R48+5(4b=<MwGS=s8C|#uk1d>n$Xjy*aIv-=zlm(ZsFs7%i{$8P{U&Sjt{6%
zD6Q$7^#8x$ZxGkiuv+rnF?Ric$Teu}+RFXd!+8sA`EQy)Qv|UhdflFj^}BxNzIV2^
z_V_(WlL;MPt?7O2>=aF@x;bX-;KjPy%h*xl4`$;}J;nHr6iu0bT`cTH`qVQSzdsv)
z#3{yaO4gL}t7G9W(np+f{CB(aFFo5I)XITS<90y33s^p0Dkt(6l#*hzjA%(R$-B9P
z2&znSVAkK~IULP_6i_Q2VD9c?y)!Q^w{oOpch|n5@X~oWO!Z8+fKKI-Yt|yA>nFxD
zz-u{MIgS$B3$^QH0*Nh!Gm=<+@CTD*;=N8LPNAi6ts~v4IUBAkGGi+m-hQk;IH)r5
z^zFSq_|;o`)(59&Eqi@%XWvMD@a<-FeegyHi$(klQF1z<rQC`G9MQergC-guB1$C!
z)Ch>yIs%~+R_*V5IPJEaV70%$v+4k(`PZ6gZ0CFES(C;8nSA_kOyX^}I>@sHSUfA7
zgGzIR?FB0yarD-34ys5jqSlILc{neP=Fq1$q7iJtf^~c!-fN-}Kvp-LuKRHg!xD_t
z5?8iHYKd=YMYEpQ68D}!mHAVq`tRZW7IN5|#58|-OdWC9ipDE(;-6ypZ*!RcvK`P8
z#eXU8UimLVj|l%QFuVD0akp&)g2jKr&Ce*e{2%b&mYOr?zs)tjjsG%#BmZ4;3jX`t
zjL(0#CBlD)w*3Fce^1q%p8wVaqxo;wmT3O_eoIgOd$Z>B{P+2m)AOIFCYJwdy6t;H
zX)>7AAfUGF30@2QA6wAyj9@z4inYs-$<8fIXTwM^gIO|pZwvS9JeS2@-Oq9D$+hI7
z6?^5H<R()c(2~jHue5DtmjA7o%ww+_SnSmUvP{CUR}X&Y@OdgkpLsTz9v**HvIPzK
zJSd=RX7N{<R(+Fp5iI$!A}iV-*xLup;Mp=+#$klfU<R{gqHp0bDD?kF$>g~$-2d@q
zwg$J!?UYxd*N`3qKjm8r|NQS5{14gSUvk9Z(<(&Y@|+0#saw#1mnr;d-SJ}qN6{WS
z_su36-@hCa&y;ETU)By+VUAC<{7x-cgnZ^h^!<-$>=(hWeH`&2x{-d%lZlt#KY9U3
z@D(s~&R?JuPiFqzS)erxvE8vI^0Us_Jcs$YTUZ`yrqgnC=MA1m$^iyDH#wgH7`~^s
zF@}QHAU;s3>>R5pJz|^t^~}2+=*R4+Mp4YQWE91dSJ0{c-aj<SmwynAbkG|151sCd
z^#}DNf*Bi=M!#*Kwwi72^jmEF7yZ^FrYo^$99l4;r*Ek@p=XR1%h{3c?-~2>DZlT_
z^wah1eiIG4mIfZ1K)?Mf>RY09cl*hk?C!RK-?e`DCK_LIJAdb!XzbxR!gsvMa=r$|
zEdM)ihI2t=_?zfC<SwY)KQ!65^-VOI=vm}0xpx21GT&M*d+cpqwY8!2pzT&8O6&N(
z@cfPWv-L*voH><B(-=*8${Kr^f90Fh?m9I-!h1N^WU-ylh0(tJO;~dax2G4riN?j;
z*RnSlGC^zD`=?69F;-LV=Jks*Y;QEZ^~t%rQpp~xDfWFA6u?aX8KZ1|?I)i9$%eO?
zF}N+^@Y>s47t`iv4%_MAnte~DQan~uzB_|;ulpZ{|6Lf4@nG_0cbI<v!J7X{fV5MM
z^ZxynO7&P)^L`kj6sGCv=I%%5q&C79_Lkz^0%owUZ24HM-hxI4_pxx+GdqRaHS@QX
z5#Z<VA9?L<dY=CPiaS0S?CzNVXHaDU3f62ZBYdCfTFjeDa0!?P#9@9a6Wy^fv(D)(
zmN8XOM~;|IZc7)!GC}w9*a^D#{_!Te8=(6S(gm{)WI|!APKfw7!xLr1Ez0D;K(M~K
zMIaq#fi*rj1+_89q0@bPR7{M-md#A@wcp#v_sl+~E9v^}vL^U+M9v>`38u!s4YT1n
zER)|4G5lV#g~dF}tC&vevF1#+X7>S5M-H1#7Is3^n(4Z#?6C>$&;xe7gTZ|ZhdT`8
zgU7&vF>p^r4#et?mE51P2V5x(uJV<jj_g03Ed2b`aC!a}4VUG2Iy=R8@-iTkV&JOz
zl)<Il)4P14u-)GqY`|b^d<xW&3DZep)2U$#yxBW!gJWR3_M}xO^^`Jb-H}Sgk*_I@
zy}`FV66-kfol>%}=G5?ccl8e6!M!o?9X~yMd*7;5c23Zg+TP&X#Nm4c)RC{0l96AY
zhUZQ}+dwRQt*3`?_Un~O@dQoL`5u|~CX+$h@`wz2jPG%}2es9`>>V##NBLe*N3Jg=
zBU>P@ym<Q!wg;)a2poo9<wc`ICZh&1dC}+qGAWhGi@-5v!-?S3?Rco5YnjIU(r{3U
zkIe4lJ2?Z$<9nGMV4a!l@$t7t<VX6iY!7(vh~5KX-rv&I3+>wZnkzsZ*;z_%Tit_p
z^-=rs<=$y`O$_ZG+<OMRb+A&|nWrh)oOXlXWVj7fu=^BuY%I=TzE@uab!6Ifa@+T(
zhBvsUclkCl2Ht{id%_#FPfu1V)%luoq6?+qld`Xv#}^u$A7B=k^i0s06%*UsALhV+
zgL?2v7F+1KnZ*{mJ1w7gYkjGpDW{AtRC~e4Xs+WZ{l-iuAO0g6A9F8<d}lAQg*|Y!
zI~rHj99M0W59jvvecQzF6?LC_RfGq>s%JbX?_%-yLpG!FFq0WQ;r@opjG3U0{C6o?
zSa)hVI^XS`@3u6>=!0Enz;|C%Dmy1?%7U(5;H&3(5N-o?<d>yn<a4Ltv(3H3_e?B&
z|2#c>IiFQ36%#e(=HB4@nCAnz9@LSam6FmGr-n~{y?6L#$HMpF8OYp^DwX1inv&le
zd;w11>p&g(K`B|d>NNPfuXp&S#KIRi1DzVER2&mErGIbmt>AL+R#5ZTl#&Pj)Xm4b
zWry|EYSTA!-;>+H3=Y(4f47<4AIRHTeB=e2*}2=h!?J1X=O@Wz%QumD+u%PfIlnj}
z=hG}1zdsMi>>J#cjBgXu{QJ3_7n<0a-O9&hJG(jyBIo66>#R6q64=giK*_J8@qQOd
zmfYzZC#S+hmQ%qq0o46Grvi*)aP`2+Q=F%+26fc4rDXc!(Xm0!*t`)Bg=v=LKgwgG
z=-Mp0Nqu~uH!`}>HFfKRxm-r%#<$g|u1e`->&fEurT>4-7PlCtF_mMqJ(XoAPxeCR
zgPad1gF5n1DY@-5e5n1UcRpO%7^B}_IfH%jpGu`TPgDNX*$aF@9*;Ev)RFs2$%k`K
z4PW4|y~8&r7QUCxV4r+lsW|d9rMNfvTKGOG19jxlQnEogjhwlqcla)ig|GSy<lx>)
zr6NyLvU-DWGsoXFP)C}jWaO2nh7Ydk9X?kqd@q~<d^MFy#RN_HwKx7-%=O4PP)9B;
zC8f8WMh@Q7JA5P<1K)}>;J+o6%Fc0`^3Rj(P9py`H1tmEez?AS4Rb23xLbP8ck|fW
zrrA&%j=c@vVT8xO_cb)=9QON+eka)-)y=OnTUD;WLb1;RrJ{h{9mJkz6FEGCUqfR_
zXYY3#B@b3AO=C6XNC!&C#G(FE-9uD9RH;;q)s&?tQ4$|zzr*-RKh0fB#YvQYdX3BT
zzN}XA>H3A|n9E}s<$)}gasI0@cHJ5`dAf_?JZ`?(E|hZ4U!YK$@8x*^=c{PYIrq+%
zYs2#vPu3LsdDiS;IHWT7y;qs;csYcUYjtt0@C6oxVHkO+gjDhQs$ycb>vmxc?f)9@
z&tvykzhH^w58M6s!4h%=QCjyZ8n^IxJMXJ#XkF~i@`YDf{+pmU#Jay+`6}auuWkGm
z#u?=|JFih53&*1!kXWpD827t5E}A$lD9=%R9FWR<X`GMfe1GQi1v=RsDgE{c|F+TA
zZm#WHu>%$tgHvx4h1{E;a1&=&WW5&cmb%H%*l*9eNe1_!?aTu*laDv^BudVAWRmR}
ztGnc}`X3t^KP5heHSu_8?<?%wN@?lti0pwV`JB2yaTKyPlRHpyekPM_=Q!O3<MeCz
z`1}7AfBc-Um~5wg&!v4orm&6EUGg}+I1Jmzy}<Sz(_6G}7VZ0QI`4Sh1>^NR-naDO
zUgkZ-?lWlLezb4BOtORL>#o50`iStnRq^}I-o@;4+P9OS<eW@lK3{jq=j-Xb??_)S
zFu%`iQp=}<#Fr`S#<KSh+GZb#kMs9Kl}Zzb|9c99OxJ$C?t=66qd^Y8zn8VY$Lvnp
z_cIHAH_7&n(OudYeLwGeTYWF^FJ`iu_O)V4R5!`?jMrWAczqA=`{C`q^lhzFiaE@$
z(Y{~GB-?ww?$XZJ{}G;dRs6o|K4E7K+IOwBUOMj>-6fCFschI5WcMjlJ{)+x=NLK9
zR4Nr5?&oR$4=BCI>8`*yeN!0jKleiK1MK`y`)aiBG}?Ep?h1_6SB7!@$6oqwXZKRH
z@0>XFwq$hD0;RZswYjqwdRLyPR4O>`W>OfYQrwNxUD`PPkudz*d%<0h*(bE`)wHik
z`;OIJ+F1RMyzl<Ed+GZovmLDcPy4<?*FHvf1;*$%^1cfNFsU8z@6Pz^+gnwsRF7w4
zjPH%-msctd-sT*F(&_ZtUZYaU9<M1D4-TWeFhO_86ZC>GAN?6?>^NLEYJt);iH$#q
zuj6_CCRrczZeiIZ>nfF<93GM5yOOuxhzy7G_}_0JN?ZENB=33lE@Y-e{0i*nHT!uf
z@Fy@EMRwkzXOcE<Kly&>>3iULj-8{9yo|=3ooueu*Ux+|=biEA`dgg2<X72TyI)4*
zjxM%OO8Gh`^L5U+;>_m`&W=C#y>aH&E@N|>FQf5?4mQ{B>NB59E{{K#8fPx3Vsov0
z8I8m)wx|2?bq?VCVCUh=<ORwszDMU-aej0Ujn`e;czp%$S6Uv~L*25Lu=_Y`|F<)l
z*ZKqBuc1@F{jGbB$*cr|(r${2zcO5W*$XbBVt%h<xM(W@Vn5SQJ_Npz{ecYnAyQv?
zf1WLe*&>D)+E#g)*;^NOGI>kC?ffAkXE%lzjkc&~P9sf?Pow7l#PPXN7%byoMq??r
zE2=r}4s|iT^&<aU4KZD`ivK+`bozJI*+-c^dZnGOW5RFPzgNXyM{T@yjAQEv`O$cS
z+Y9$`IFEO+xtGj8^SQm3$DeyuoVf$@*xWz*(KvaM%c;NrhW&d<{JG}Enai`7&GmsF
z4Xu;eB!zsP|KaPLJN`G|xHSIUo;Y)R&u4RQ@S|}*;WBdKZ{W*|;?GqYXD)d>o9k&m
z8uKVU$5Wj+UUvn?>&y6h_YdhQ3ueOt#ldCB|D0fU_>upx_D+tU84vvi+FTeP=FB)S
zYY#A(Z}Fp1b&}c2yZGFb_}qC{{RSSK7=Lc^?>KyM1)KX~KN@$2<@(jXL9XY;pX-M>
zbHP<?t{gua5AyTGGQQ3uTz9q={|4PTKK|T0;>_)Iv$+%eXe9A7#Y24V!=21dxu5_2
zO;=C(6lLEy7_Tfm!Ff65H}LW~J!Ss|LGVrK4@CcW&${}~BnI~$9~$SkGk(5=!+9lg
zo6k8`cfnXIx5vNv|Izd0!eP;Nqqw0`Y2tQM&2i3G=l%wscJ>bYtT?dC=P=k`@}V(_
zFugp4!#6C1(y467oRyVI@pw%cb0R{E9(H#wvm0|xptQBWObW-ad=jQDpG0qK@wg(q
zvlFz2<F<FIaeOUxjz~@tPcDmxe87hWwbQ9h9q*3Ex^v=q?mEusL+SGUzaw;6g}twR
z_9|vOAEA9Oag%K41l<J_EZW{?qwUB;p&Gj#w735PWha+k7xTWf&%3sH+b}-dVY@nK
z02^c1aoR4`s=06~AEWnQWaonSkH^>N*8PKz;o>dMZ!`LyIln<F^YyXbKRB(bxo^zu
zX>QVHd*j~uePqucu-Qyn3gbcAC(+05S&G_GvTCywFn(ELtIcBfJC3TqG&mNPR122y
zTg>r6DZcPK%-Zi+PLlB3MK=%SF&?6Qnl>@}ZFyK92194Q5Bv7qhje|D_+Fg%ePl1%
zapC+S)QyXsn;0$*#n3Lwt{%+z;j-iGey(N{8h_%k+;k0Z@HJe)@9$pSghqRa{q}D{
zBbEPtX%ian^WW<?q2cRfzpFN(5#+yL+=Rw^{P*fjXdL6eS8PJ#CO-bMO=#T4$NBpv
zG)D8^&u>EGFZ}njo6wlg+y8YF8r%8rCpV$7ivO<MgvJ+L5kJX!92d9Qd?z2{-!}4Z
z4{ZwP$Y%GY_w%(s&STb7K~qMzqtx~IThaBdhVyz?*-)cp$YjAL{w6p9Ol_b{$Xy9O
zI=}V)pADvVR>Xh$(M`;!QO;rh#AAK@{rp@oE3;&Bp#$pOqEoNvD-#dM#FbLac!%nl
zvt_bwAXqW(TW)vwW+#BYJ&XPgBqu>8vsIZ?pAE$R-sjB*^8Tn`VMUVVkFppxm07ip
ztoNI~pwhMHfTlP=YslWj{9ytE!OU~OV$aqxf(~eQ4g%E)T7$#KbKp+^v&kWoMk_um
z-CxY}$bLN#Nb5_yW{Azdcl&rSJ?YVLQgS+&$HYv(EKVbIy)1t__Xj%<)XDkNN#@vY
zzh0I@0knq3O$-L_7%=IYZWNvR+^uES|53cSbEb92|L+_K#9j-&?n;NxUT5oHoNj?!
z2HPXw3BCt2z^cy|TU$vU7^&4v?wV$+*Zfg;u7IYTNWDGjIM)2_B{sgx0gI*aGI4!Y
zMqD71B9N@QXod);Gl9iNz?k|;mJjb9Gy)FD_x$&C-@Lyh`5wAZCi5<&vI0!|9lem<
z(@z;(U>=Y0t@Z#|^6BlD(Ac^O4bShPhSIitYjj;cN^2uaw&?8vQ0W?0B1&3cnG6T1
zx$aj~jkDSRyAahd-JrirvL`dTRb_*E!PM#Gf)U-m(ky2UXbp42bjyy=O+FKvodtx)
zdgxUSAYWww@o>6PeNXB3=yyVQZ9vbj%olgwOK2FsVl;k!WjRkCc`1HQ`UovE{P(_u
zhRS_rDWBf;5*pXC7>XYCu}cNmTw<$_T`WL7tBK~&-Ml__vd>-<?W0J&xgXGU3s4`9
z1IhXl4bOjAO|(0#dfc`;)WG5tFL?<KI-eYl9g`h;HE2rJoC@o0>z;q3LDzFVwGHM(
z$1rOBz?3-bHK18_iR}JkUNKI7Wk=8YB~B5{Fbqv%dTyhbmK%oUihrY#cQo2(8yxKY
z%xJ@!^LZ_*jF-^(nft4!zJx{-qSPj)`_)G)lypH;C>;j8gvJ3x>6n;m**Jeil=APd
zP(J1U)Sq*irG1ArZ*Gk2w~VO$meK4KKwUmKvft!Xy5BPV2fjihFbMJ=nkbV;eqei!
z?zbNGS`vHWC6EB-w*ApO=G@PC?8l90jN<<EvH1RGBO2>iJW>xDmd~kBy1qx_U<f7J
zZzpI<<AW8-aHsec#Z7FVU%zLy9iQQNXySDmc5FoBTkiA!&PFu8;4uQV8__rsLTTGZ
zG+II^IY*R`Z0`i!rA^Rxe#d0@H(z2+yt%3cO=+B8p?vi{t1(9VX7N64oObyY6-teu
zDfjWemsYaB??#jyf~HhGQlb0{Q3|x68E+2S#{Fo8^3L~Y+{fq04o=WrfeHGm@0d<q
z`5&xlqGK(pP~PVAWP;XkOwg30iz<}MdB3)AS^J|gZPdS3C?$we7`J{zX>y88hKta8
zcn_+DyiQ%+W2`nEI)r9zH>$%$7N0-F`oBlp>Gwbbsuv`KPH{WqD>UQ=EEp~hX%-OG
z^&yllNRdgA2(6zBpyt@>-xY~q@#HLC|L#YJ!y4PpgB}W(2lSKY0T~KfLy<VN`7nSg
zJpOq5j}D=^P5|}fc`~8AdrcgE3a^i@{m$>vplye8o_IVN^mD#K!_$TNzr@sAr#8-*
zzMzKVvvc}GO?ORIUQaF1AM!m-$@+&cv3hLw|I>0HzmV#f4tMRBTg#$s-l7zkqlut)
z_eo=YEdQnn5LH*UDv{N4vyUAVAm7vBt{t8Na~k`AO67k*WchF$8(G|9IKCuYFa4O9
z=0Cz?E3P}SP@#6%^{S>ciBfK(n33C!H!ClXsQ>=^=-PhT`B1}ZCQ@CH>OZ&vjU{Pp
z&Ytz-)BM2=Xf(v=iuBXzieN-nJn>Q_MkYKi)fK@uo302t^yeGUklU~zoxlC>wDSO8
zOT`RLsXMYzp>6*6JBFX_RIg;YEj#tA4Q!7%hk)rh+im5msNcYC)Inf+vfbpf4NSIp
zGMUY)ZDcWU&Y@t2?Nv{qo8%3XEkA-iTgxncJu8X+4MaO2_^2%XgDewBVP~=xKRA5L
zzY~2c)4-Gk*bLf8UD<$!caS{>F4gZ8Sq;<G8`0Q3ASV9)cVI@@k23dr%>Xrj+H`Vs
zNVNZ6Rgz3((Wz%&A`?L?Ar!~6GMUXrZIkOVtn=Vvd(F>4CaBa_v0_gv1^om+o3#}I
zDS6*bjz6E|n|4((!6k{ljBglTqVz@rnE4secAD0o<(m>fYk2SrmP4xhOxiD^SHm>S
zzE)FQNlz*df5-STTnm}%c*~Y<MyqZ{I`e<C>S4H=*%|qw4UCt1@@a;@a0Am3QTjgv
ztXzQOHn5t+U#gnY*0IpiKTTp<ZljpmW4~PU9kVy0@*p%bKcqZFDRUzlL4X>HTZ_kS
z^&rbPM6W*pU>?VXilH(;9Xf6XqD23u-&1*Qz~l{V&Ovc_e&-BL5n36~=W?Du$<KLY
zJsNYl?QncO8XLG?Y+H}UYOb%t{P#4sCp?F+=4(W03t6a`s;0b$DCKo7RF0~e5>;CW
z8191W(GWy#tBXJcf!XSfT(()YGJw@#eVN-ryVs*}g2Ph3p5cByqBOT_p|Vuf6lw!G
z*UKc^IZ=1PMEz^dYY+T{HIuH@l;y&c3dP5#A(XDaR#Wyko{WlH^BhOBH+k3iEgFA9
zlpfp2Z1juyTseG>|F!OzB>zK+PbzdSYO}2vD3crhm*u%L`bN%ZoX@QshEel7z@+=A
zakgOT%IY|KsC`MIuk>p+C&gbl&z-iP<+*!$JsRh7+AUg-#v#itOrti$V!1o7ny6>1
zno@Oiq4M&#XxxM-g?X6b^eS#k(%*9rV9oO(s{2^HefD}Z`i_^$(*QL9ni7uJ797wL
z)`hNmW>X$Z1yTfkn_UT@KG+b^*|NanK?RD7p7}w70+_M22{oQG<XEaqn)v#zT5rXS
zE8*|qd?J^wN2A61-Pb>TJsJlQrQ$@YBm4S`RheXq?S;kH%B0EBQkb0}6Z)+}Y%k1F
zWl|!x6qdXylS&cHTj|*Yw1(Lp(ANUAQoAB-ixh#Q*+WoW3(VdD(9R0OLG7*k)}!G;
z%>UDMY~2s=GpfHG%>cFY@aw|wscs5keyvq&wy#xdmX7N^&T7p%9MDo6D6_r^U8w#n
zg8#Md`p(;;^8>cC`;+6M;J4Q>y?;F#!QZz}IwnG{)*+J}NifGPf+{A+q<peW>YQLw
z98_3$+!=nE*TbGWHagZABrw4NE#aEwvIJ^SOwWy9vyA0?qVUr(i_J3PS%-$4+dio-
zNhXsVusP`9I%c1nP&r$j%XEyDXCRmAf@#F6J#E!i<gt0<K`pp^I$1V>@r%IEyOu1?
z0CS!ry;&X#YE<8=`MG-ns0HeDa%^JHzFGq7>*Y0d3T(BZgY8%oz9Xb^kN)2q>(F=y
zz~nI}Usy3G4ltLWK(mg^uQ~@1;RL()+_28lFQ>#+P#or8y$+3EI1jH_hsO7a62(_H
zu3AbgTxGi%uBbg&;080x0WFyhXz?b=q<B#o5!zVo;e^5Nj=EB2|D6=mtvsQa$JQLk
z1ap`JTBzNX*;Z!xhTpiTjA*;dtlV6|Jefc))Rb4sz9PtMt||a^I1Fk2{5()SgJhEa
z$fNDlrsw-sxAG|_$z(WWHM_>JJXteSpw&GA)OWsf`=a7d9g%zIsQWIlXRLYfte&+-
zgPAO+WjOa!af(bRKD-kkpMB4W`tF$k`TOWORvhO4C&%xBB}u-bb!Z$|GTpbA>$EBB
z(6IBk@Dr+9hr1RM;CEVwPzz7UOMY0#>;I0o?4Zq7PR*s$NdmY3g5zRxC=3IW?mG%o
zlPLLLtVRPSv`@0zIstwj9=Z;V^EiB&>(HQQw6}7fR)(yO_~S~P7n{T(xs760ZnRua
z)YCyz3co>P3$Qw2-L{SZ=EFZ@lzwgeiOt(p&E}#w=%_~HIHFXZFB8{jFkSs+(s&M&
z4ex)+)=omb@a4D&Up{y~n3N|4&X<n1GU8eg;Y(K{s8tS`%pVCR<-fOPfj)$<k;=C!
z>rO4RSx5!72!=FYF^c6{lOB1r-L5}-+(9HU-Z(Bwe#)OLpIL+#<P^xK@Ei>1VVwlz
z-D))UO_Is&9QU==Xk5U5U%Z~j*IxuCB*<jQeKH|M(fTUjVE0AI0BMZ>qUY2SAfM`H
z3KO-}t$b?dfVnk<(f0tIKw`f|Ato<YR-<u*&%eAHji2~=bV)TDpCC$Ec~2{~oF^Vf
zlse9PTDf4graXcyf9+qZ(U^=VQT<5i^-2h(3-g~=zFn;;_gcC=)Bjk})5-;FG-asm
z4J2w!BA6!+p_yr`T^N-s!VyPD$I<1o1I+C|W7M6H^JiwO%&bP^N}kK%=4xiE&^7;|
z8jVJ-<FBhmqnUr7QH{o7YIluxlWfmK-6c=d|9cO68(3zW_lXcnZxuYPkky)!$J^I_
z#o8U`d@fg`k!9t08`6AFDyY{#9?e(O)^qNYNw#;Q?$Rde)8foCCxlW~$<xXo)@aHQ
z-hQoZ9(MOX)RHyf^E;I{fjwArAT`NH_xpj=={~0bCfz4tyNRBu=AQ>DZL_DEwTY@7
zJ%q`a<6?rpQ%v%A>*!C>r26R(A(ZIeaSpO{v^D>;>v$Y5onMNn@tgr>Bi+xUWVJ20
zPbOYR(VkA;K1k1IqGZ(?KhD3&S&?t_Z^(ig+ILkI&u=qcCf4_1P!n~(`~{OawC#^o
zO#W7eP@=kGOg~U(4QSs+W$?@dXmty)xI};!SXxG0@;UnKK)z1bJR9b(vepeUp=YHV
zFMnEbX$ktHYcz%K!w1))afOwuZ%FeM$5HhR8uAR41?l}|V%Jw{2&M0or<IkwUn$*7
zGoDsz`QL7fhV1^6?xVN6c>doiG^h+|pnP`z)5@c(HDzUp+06F+ME7S0|NnFOzB?gi
z_@i<VCxJz?aGxb1lx`fy`q2I-Magg9gW-0T9zc}BdR91&mV6v`gX|j_Lh0&tj1KKx
zD7`i9X@%nEz7R?jw_(1axU+B@5cOiJ|1W3lBpy$Yvknb<CcJUd)5?%Fn&P2ygpd1F
z2&M2i_I|(cI;j*+x-JUqZB=O8LTOx$M(_mo;PvvspoVdiRUOGG^<y>9zi}3r<;je8
zuKQ%tm<JaA8V6f-+5Y|+r^{uWpRV9Ch3=o}Rc!y{V+7ugD;c~WgixY5wezQ^ADFb?
z2c4{6P=Er8v$aX_`LRh%v-r`%CCG&G;a7am9u<fAyXU-`%^9X8#TAvy`E-7I9$@b|
zUpN3rb{}SI(=jPsD1GRh6fQc)yL|k1QSu)XGyGBWTos|k(hy3GMY4tG;UF}-`hi;g
z<aFPTza;r~TnI#DdBDFA0f^`Tvl^)W=4Ue&V`aLUFsg34w~_8&!P>vScp1J^==o)J
zl5byfitlGH8cnOG`}QSY;$!mMVYO{60kW63Z!D3?&-@%u*YqDRTTeBj^yw}%yuV-p
z<ps(U_WktOMT`%x3!y~&?c)7vtU6Tb{tG9w|EDtlyHbV+`+m73#C*8Jf3M<giuri2
z>|*1|Ut&QRpWppg1fLg$P@;D9W0Rj&C~QMw#vdO-Y4t9)MrRx5d;2n6S6wI*if=fE
z=DP0l+uPRpO~{mM=^4(dotp?MJ;N0ZgE^1{s`VBPPCZpCCF$}s;z^Q8nk<v01Hp7s
zKGa6)S9;M14upb6F}?dfP;;<zlu?Doj4YP#Q2?!B-Dj+BR`*-kKrnLzXpse2Y}t>2
zM7`o+O{vOyO4;xg8fiQqXe9soht^qz+P!Hv6i3}z$F_mNGHK?zAdm)Tz5^D|cR2M5
z$28)+c{(ZX&)(PFX`tqLrjxvkZo66MZ(;T2wmU|xFQ`i$PMv<o>l1txSu#mD$j-(i
z22bk%2dFu($RsBn%-d3AvIC%XtOV+8+k3(eI!*?t<@^jk69lWT8_~LJcMg_owT#R{
zy6(aRYP*e|^uR!wgmK-r77cG-hHJXsfTL&+J$qkNg~kKvV6wWnHru~{%)Lh6*c|#F
zcIUGX({F1Pzfb!WYv_2C9<HpXlvp}Z7^i;4a@4QjHcdY-8nk_ETS`ybemrmgETZ(#
zK$$E*#_Z1r`pV?QP>Ab07L`+K0GMrJn*XRM=+}eRaQylN>y5wM%W6T<^9{>wnCcfn
zYq&Lqp4%9Xdc2J$gLz`8OqL$U8q1c+c&hu%P3_1=F(Ws29kU+R6#SC$Wz;?DG4`JQ
z>Dt&j1QGmxur_Q*ruysFqOl55Dt=f~>dtyf@lo3?Ad_s!(_O)d`X{>?4IWB+O4)r9
z&07$q&0aLTZCFG3&&A{K!uPXeEgH-D7{htrR&KLzT#Lp>h|)V=c4zk<qO?~O{IfO6
z|6;Rz2-S6nHKGIRZw-`@nUK)zZAKLivb@zUjp;~eMzspDW_Ey{p~PnGXSDJ>AI%YT
zDuXEfCV|$lhOhCdwP-9ulw$vXDWddeFB+bs@z?UvS~S*JZ(TJ}{yfhPWd1zs21AV&
za@P(|fC(NERB%8+TaIA8iP3rcu0?~MiM3gv|6{GS|8psSSh;71K+RXbhkPe!R$gQ+
zB-BzE=y^Lfwlm@fz;d2N$&XuY@*@+}ygR3p-P|UoaM)$YEG|Q6+hD(l3`sm#Mk=#p
zvh@BEg1ZxZlorzlms)aU+AA`d_Iog&Op(ct0Ii3Ig1W#aM}7pb?wKmM9GM3WtFK*-
z$Y*C3rrYGmgEl$R_#zt4{_G7WoWqdf_B<~d`M>WeN3=naw~&dSM!y9(2Y}i1cTFjO
z<*$~#7`11#Bt7rTXg`iHJ}C}jeKbZ2&_es$-rW{k?{1zX-Qp8%wEm*k?xXQ(_q&_t
z7wg?^vGwleNz&i=6pg?U=A-c(qD0qUaFpeQd&nkl*!j7KA0mqr7z`$*SDTpOKc2&6
zj&^?uIabN!PRUxk+{x&cJJb3`<WB5)6#6i^lXi^Boo-zy#OOjTNvC+NdYR$1aW|8l
zH}d_p`9(D7|Ht+TxBrT_zmlJ0*Z0ysOt(*X`(i%+iWkwSM3iFN7cbG2#@AV&cX*!y
zDtpGeNw%D)yPSFY$_BRI+7h8A-kMy#zbdcpM&lgb@7FI_`=i|Me)L5&wjoN-uVpgp
zbwp{t^~Rj$r?#Y%<2IPW@@78wPc$0e{Hs#2r04pU>_)@>UR@W?KOMu5bnKg6Wa|;=
zS?MN+Z!oplO9VaLCci2;ey)BIjYqBXnZqBJlk-4mhJ8#<3J$0r5hx?`Afef_HzH4q
zH6}L#P3(@{6<|5+<t9{P=ei@#{Id|Hv1`$A9*HkMA9|6!6UE|T))Gx|zwuY)Do(SH
zLlJ+1@Vm)T(c!1-&Tv5eF;Vp2>R`1IPKbg(u(gaVNC5q|>27kX1E_t|41GW?|9f#Q
zJyYDeytp<S5-ytwX?GPrAumxkFJ1LzBGi};APXR^->u6XwfUeaYeBe+%5D4I;CzAk
z?bzSr+=3-@qVB9C@1m*xmKRu#_Mn*QKm3BFcjLC*xwVXVrn`xo%XW869DUVUVD8yk
zMks6#O&6@(!sITxza>9CTRl46O&Y}^{v46jEXql6w7UW$o|*ar8c{jD`hiJtLGeKD
znr6N8dnUSxRa1lN4$-MQ5@h1aFR^?(E7I6qWxELe6=_Vq(s{pofxY#6(ycRCy^tKS
zL4`h`W(|_bcPT8V>Ck>mZpksVtL%4Oa(^(}-?#EcH+0;Q?6d04O#+hkBGr?bek#92
z%WkLNW%5BkCc7wHvAI*VzR~$rJt<&jX2j%hO|ilK4Y!^9S$eu2o-OM>Z&O-Rx>)))
zCTEtA3?}rm>fBrJrHvxwHi?jXa&D>bk?8{Q{M}JIZ@HuPHtv^p&kJZ&AxfI))Dx+F
zen+xT%#_J`%RUz^8@oIaRG}Z!jX^21ke=%<<hpU_ponhFqI6B8x^akgcP5KPdpbn$
z-})jNkDbNVe^Si!w~JZ+Fdm?t)#khG1vK74lrDV%jl1|Az;ynN@@dHnXuN<ZxnDrz
zW1jc*;up|(8BtPSWcR%Ee3t!+Ose~VS<255uMPmUIOZGy13-0m>;K3(;vamj!JLm^
zaI`;MupgMz{%IG7_+7~|@vL&xu0)jf@%gE(`PJi#ln3tC6y{5i9&HChGPV7ciyF|N
z^caXJr9ZJqiSk7Ru<mW?7?gfTI85|!#|vm=a-V^Nh|(I-sV`krN|qN*v+|^;%Q7kG
z6FFaQU4w?F52Z&2KVPPG-vi<cXcSs!nheV}>Gug51&bCbRG+8aqbWB3T9eNA8MlcW
z*D${XN`rQBsK4efi<Eln{{%l+avYkyM^N=5ld%p<jysy+2&x;R?Bc{`&tWF-Ay8(?
z#NZ)j7gHX|0<EEaub^jx){xC{uyYL>UTTlO!2B)Z$?(J&*#ajSe^EH!T*Le!!f#9z
zCzrm+eZEg%P0f>w6uNf0zQu@A&HP1*$>~7PU9oU=hENLkF<w9;aNJt+W*4tP9fm2$
zarQXBKM)gS;&8y`;!R~__9e1~pZNf4*iZeDHB`U6)2&}b0Zb2nUriMvIyhYGW7>=S
zZHMb#s&~#=gN8uQ`r}zlN5oe&t=X9j>H~=pU(sN4{iKQ{_LjagvAwY3I+;`?wiJ32
z+Y6nlOq_`=g_W<#q$GvCtFHxUy+>r{a|hp7Yr)YRaDeK0WLA5z^~TQL*0+5ZxwDG0
zeI0S~Pzyc%a6OKQU;0jd?<B8b?_89I7p)1ux1{+iD1U@7-<&8D`@Cu=*6io}J7Epe
z;dH#$5T!{emd|(V;m(L(BwY_WpqZX0!akB~9fGx<&-h#rKHHIQUf&D>o-eW;)!m3v
zrsYTZNIUK8If-hf<wu$37d}NJ*ntJ;$h7<@KenCO!nFaZJ{#hImO{~~zh6Ae;sY!L
zvUgrzUw(>AnugKyyu*KVG?;6Xpw*QMs;fV>^Bn%hG9b^awrUHtes&qC$IF;4^42VB
zr^^KA_3`11$ejU|rOA|k&xd@c=+vp+&2+$KY1lN&-(^RKP#b<*(O0v3U13`pNu4TN
z`}qNfOx8M}b-`Kg4p$DSbCYB;7g-!1J@3~g$;27<OUq~PjgAYM4i8=iL>?3E`(HN-
zOuP(8Y|ivxPS1C%V0O=(<nky>k8Y-WjKaBNm7_MCbD7dLoO5}fqqt+=S?-Ry{-8Qj
zA-~Qc6YoT(S1lg^doD^Rm|G_b<eJm0zb^YU>;JNttzTv9Zxq4bI0Hzz45qixP3(8c
zO)fAgovI2261&FWu%5W^4(pj`9$a8Lwv`d@DeSoNv%v(bjX-w%mq41VJF+Z)BVvnd
z@VWZr7tpvLAdTYmfSBel6<~9Y0QKFq%$%e3Y$}HZs4s>zo!zC6)<=NWAiRJ^<HibQ
zmeYC@Ig9qA`pMFV@<9Eudh1NuZGW;jh48sT@-JM2hO-R|slJ>Xs8GIgY05|e>PHCB
z61+^d^rihS{Qc2j2CwS*y^?;P5vTnqFxPp;>&(YLGgp%b>J(139*q-yp(aWe^<%Ln
z&ehQ{N8&3O+;l%y9Y?jWKihZ5%YeAhdcWEHeiF0osGjtU05wl^>Xh!YKI)x5!T>O<
z3k71ym}gnv@?ua=#jmb@VD9WI6UwucmUR`Nf3yk>ix)2JeJ<LM@^;mQ0`Xq#j*3-@
zYS$Oc%xz_4`^5s8yao-rk0~!}L&5YGNAvNlK2~gmLiaSKV^y&bl@lCNqGf*YD4M6j
z@BAxe>t5T+8S4OIk9qptYBV}U@b3+=_lrwcp;7mA3273+e_V7}_YB$nW%BlFt0tKx
zD+5XJMb#dx*+}Vn5Y5K*6^hE`{DxI5R>6v$T!lt3gpzj^8eJijUR;I7OVkcqg$AW7
zrQvd32f$c`MkXI)=_>YK{r6R9{4<2oV&3m>tI&9z>$GQ9p|Jx|`s*q*8ZTqDSm-zl
zSE2EF2&MV=N3YqQGxy6?O#dGUq4ek~GzK6_57TjG$fPBNlC}zs?XOiRUpd)ZNO=E@
z=jZXeSFxB0Dx+rS$wat&x@G&*vt~}3EvBTfe$p)Nb2lriy>ON)lkBXPLdarvLSRTs
zq30FZ@>@>ecEZ@RKoxCzbuB&9{4UxTkLuMhOmr{OJy`706n9O9vQJ9#&Dn*<-b#nw
zG~1y!masa)fjTtyNz;A7DeaRe+(PEGsCciacftN(Qdt24n0CIb0H|rq12Tr<Do-Yq
zKdJ2KtzCAw-Bm!SEa|OXCT};ZNG4Q%%ODdKpx5^OdHXye#{Y=NL(w)OZ*xKv{L?}x
z{bMy66GAB6@Kc3SGa@1r>HZ3YP@;G{zLMeSWB&KA{O|4j?<4$gR`)o=->{PHW9tng
zIeJfebHL2!vZ~^rC6@f4_=+b(8eQz1bX-jJ&rXsFm0jLdj@tSVuN9aFWY<czo>hp_
zY|EAsn}ffw`*gc4CI5oz4K)?YwKln5Uc~BL=0nf8!8$QctrelCjX=LqT-_T&X~owS
z%C$MsIJ}qdd5Wj?98bUSJxRZ<UCGXH^!tBve6Hf{f{4;c0b2I)_msUk4t)cp=}nam
z-Ktgd5gMK?SU7(}g>s=akLce`asR(q@FAUp>$NC(JA~;qiu2h2o1e*a8|BN`|7(=!
zx!b8zKJ2l#``gX{LnC{;I*sk^S!peWavIy)kjD3RAKTvU8)t9#IsM+w&ejy+L$<dc
z`xhE}OZeXAHNrm$Fgymb+9zGWc`kcqaqss~gV_2lK8wZMAda^gJ#ph6#N<Leyj2YZ
zGt6fc=ka*0DiO>zCPwiUnDo3k%rC7(<Ap98Z=Z<6+b2-X{IEhP$UZaPZcK~A$7x{h
z{wbz@%ug&fg5vksiU^;YT`0A#K!cu5wyk3Nue=K-isQURrKDh-?VUQsx<{x7ZKS?_
zMda-?_MQ6hN;Gz-fZ28#d-tLI-TncUBXYD2BY^o$utG_<$*QnDu(S)MPgkJPjwpSy
z0u3r(TDVO5a0MDoe2?^9iH7$u7HmP3cC0{y@<auq^v()279mP+tw3WEqO^Sl8dDLa
ztt-%QBTD89G@eA1-duskGl<d%&c9du2i5Et{*@D>?}jM<{vi~On_%moy2>Ue+p*?`
z$htO<5TKr}X=WEne_z>sPqEk)6BqLR3N&cHcc`og-&Oq*4UctKCH91845E|>T7&zM
z+uG?j=SQe+pyxAD^zW6DeEa$(`|kV)8lDfaV6QaYx36EBZ!IJ?&kv#cY6zuAKB-Wy
z&DNCLteU5EoLjAN0!^qc2#=GR<lEmb*>~MP(10c^*qb`tx4&PRZwDk;<0yzy`}PXu
zL6@ei;qvds6>Q&LZ<CYP+P+2Vuf5!T)=hW7;tU7WzwcnR|L&28>07pzk-I$u^}C$u
z`k$Om{g3hh{Z7cx@9_Lir}p&ifwQdIZMS*P(r*n6x6Z4xwcqPUMeyUUKEAeHeSK}a
z`uW;+_4l>y8sKZ&HqdwI^+CR$UmEN?xb}Cx1IAgteb1-*@FgJh{NGdpX1nO{V-~bJ
zvp_v0fr<m675acWCIwVXf>wDLsMr@;%d<eGc4hVgx36hYAKx1Wv%P5hS1$q;&w^H%
z3hF!uv_6+YZFHv|6f^y<Krx|q=kHgd0UDTdli-WsY#_AV70I@CV_3UX%IkmT?e1Xh
z1|-?q-N4%Qp*;3DZ+91K_j!V?oyywb3N)OL@pkvJcF&2ncI_orJ1Q@Nf8_1v0(oA5
zG`c1afa)A3li*As&P<sEZvv9@l-p<ZO_RyqXZrXWuLp8Z7#~^C>K@1NFov*uy{2C-
z^#!kI^`kp}yv)~m)s?>BO)?2i0n&blOoDgGBv=9@c&|)?lYp$81$t8%l`BL1pBiX1
zmC3|=4dhcjpdIK%7hFW`7N;(ZFD7B#R&fBxT8E=nzB*VaC&)y+gx!<8e<QnB3tSPC
zd*E_rzi19etsu%oONxKjUUwmwE0XAWnd<o={whSP4(j3+mM{9^Ob0Bk+RExZIo6et
zd1B=5;a0J@<JMGn$NYYv1|~y+cWW7GEMj*`-u|Fc*acN4jSmM3gGDld6q(4Ef+<kF
z+WwbcwZ5PZPk}eI+pT|FJ$Hag+x>Y3tF=5l;A{@|0d;r+yb-9h-Vm4!lE>=s3X?%^
z8EE`*1sZ`zphf`gtWtn990jei0O}PEP%#%;y#Okn53O}&pgQwq5_}klbG%F_Z#c)u
zgz}PeG^HI7=LnflUUfQULV5cEL<!G^RvA&nY-p`21vT9E7@~Ay8ntg7{@`-PGu^!S
z6yrsO@*>sEH!*%p0!Zt=<GKn+1Mf$9Z0uo-@bYJFtA8<FTbP$;07(`gjoKIYt+0G3
z3M=l{l&XI%QtlNXjpBYdK&vZLu63=Se`8SsOmJFtCWrW+p!$!}X9}ZFFd;%8_q~C_
z;1ot5ZEA!*0SBXx_a;Uk?PgGEyL20UoDN1G&qML)qZnuil$Y*f^hpLtqcFt684NKv
zf8cyad5!WM<-M6Uo|`5XcT7ulchvn3RA&Jcylv$_8QL6329@raERUPa6s6`s5~!jB
z7B?oz#PdxVDNbhV4%Z5o2g@Ceqa(G|;U-Y!RQ6lG3Dl;(GLieSw_0H|sEq?<A`fC?
zgzK!k&td)DsXgngmycp~)~jv=HOT9%SN#E0_c^T2x_mRMv+n)x=sN3FBS4**0IdOt
z)L8$-K!dI&kOKu2M=sEmO)FS^SPSQ%DSJy~GQUBn?cS#V%@lXtdlia1ZXN9I5Qc#&
z1LUu5uzX*vzD<*4GJg;2o4Jnps?^x}PJ<gdrVYNfqdeSqk5Eg`?%I*~HE$Y6v)GR{
zM}TO*M(#DD<kM&{m;4IkJ1%Rz{{^OYJlftWKL^Yu$ANso+XOFVu`E&NhEZU`f#h*Z
zI)Fg8Uk`M(&2Y!WIeo?N<Ffo!hV_14SUgu#%D-KtcmdJ|h@eur;rSfZ&jltoT**xK
z-&1efmz&wXzS%&-lgIbv!$8iba_4Ml4SvkzggcS-J@g5xb3-Um-Rk-ft#5}vw~d!D
z%^L3#I^J|X-c3xmz51E0-6kdvE;i8cPUG!n0+Hz0eW7)}z~&q9sjbg?rZ*=TXvn3!
z&-FllL<UbC?{m*5?0mD&iW|xF@14!hdhd(YS?{*@(U3pJLf6(sN+&?tiEq%P_Jrp<
zR9om+S<o817}T*2j>A!)UXjFb7~rzEaVV&H`7&vH7_9r|spDnR8J543z>>k|Q5+70
zR__Q<4?93@n*@aF?Y0sionorLT}<_#5L5jf)OH6@FB~S5j+tycOP@~xOQ$>2n0}^f
zoibP^Cue|#ho-B545Ro;f>uajwoqdRsIg<W?Mm{s?Mn8wa@p@m1dFD1>8ve<%hCZ<
z&))@P6hIo)@t-bZ`u%qyls;aDMlR2(Pxlz*m&yDLAQ)%__hMni1DfJ)UZms*u-O@o
z^$iZv5B$@LD?KZIyk3}(9sXaIqoM7^!lnl_rSX?V$`LCk7K4xCZ1M=1wBG?FjHgLX
znVgsnq=vV%ulb~H-8EKR3e1sHZ|bNU#^vg*T&`w-O64h)tMO#2JQ&pVTg%A4DL~j5
z(>h$kLEYnU>U;j=CO<l)W^WRxv%e`L!6cc~SuuNJw|sXFF6o$`9+At=0#F0|x10~^
z&b~4UTCrJ<X4f~U1_#QdZXok7r!tw^ctr{DhWl$&>&}u19Vch7V+NJaYeBqg{vNdC
za^uv9TyC5KYTYQA%u9ed&Wk{umjZL-i=yRn-Iv%cmuC-?|32#p$LiV3(SR?pfbt)u
zb2(^Av4O_w5K5OUL&Mt@q5oh5jcY?F6)!`>s>insjX(&c&@wbubfGkL85$pkP`Yp#
z8lQzw5<pYV;{RUA+gH!gl=Al%DG#uF_{G*6t#eR!jp&D$q2ah+Q_4SHq})Y$*TL>C
zY1<qD>gm~THn8>^<a6{}1zxv7l>FI(^$xwc7}9i?Hd_B+IU4idUZiBt(R%Rb#b?5w
zVVdPc^eT*q)~n^eU|hXgbp(6Wt96GN{oFYb`nj_sdeu3W=~eCgX!;3<u!ml4TgLRN
zvl%VD>IO}r_SktLl)UucF1Am;4)xqG)?O(AvOk2<TU*PhJu@e8){Pz7`>3+FdC6Z4
znsQ_*uU$RJim_Upy}gVG>sTD(32AK>I$%x$xH}RC-)Ozz0YvUAVE~v?9p?WLQQEu=
zjbH<s^J^9<tF8C{tnN9!TFUCQI#a-G6rg3V04>x8aBXM4W#Rpq0L2{%gKz4XpUCDp
zDGIq^-=07sm{Z=xf<#1V*)lY=kI}3$7bzM&2Q$CS%_9Y9nH?CYhu_Rb@Hn0OV&Hj$
z!xK!5z_V|POzdkvDXq<#Cx+KPt-~co)^7P4iC{k7h6TTdP^wvGy;tVCMVZjCoZ&Xs
z-Ex-yo~3Be??XGVuzIehxPDlqyc|Ml_A)e_9cb3QvPiiSQCfGJac<({+|-GMO>;G+
zu5pnSS4Hu0LWJC?yrev5+m%bvIPohMW<Q`Q|3AvUJU*)Gdi=b3A&EfQlJK&y%mhS0
zv}z!T(efriVzsvR@e~!UGX$4bt0JI*AiN}yuu6ugkD@ITtjo;TCCUpJwK@TpR&Boo
z6c_x~nFOe9v_jc(1DW&t+~sAK4E{d-!;j(3UC%w|+;i^Pyoc+xjUwj7IZAD%@~yKH
zf?*jxvgKvZGpPUVZ2vZWzi&tVefoRJxyLY`L;d{T{%!hxe-`!8y{ODzVrWgL>a}~K
zsMIVmwCe79?anAFqn|+2Q-@aDj(RN<QOTpcY86_M*Xp%2L?wsfS`Av#YxNq$-4*t|
za$gjc!4yXfv|O*&Yp0{AWKw>%0xfrQy>>i`N*aaz8)$i7sn@<2Z|3!l9KNAHV)2v0
z|EWfNGyaIhK1Aiz<7hf}p;i5IJ*%ra6Y?LrdJp*A<0PL8R&Twu7nQM)|Ip#x;0qT@
zK7iF*C-w62AF#*z3X2;MmCnb}^zTBe>7{z@Z&5zqUG^FdVsSltJ5pzy59$n8Z~wWz
zjrO1Gka*M68`1QCgvB+&_H{!enxPM|cm*GG>G_~89o&lwT%t1Djijo?H5jb$OzywR
z>eUb8^uhcB-=%Ul&lkn-lY-z|@1i+hW;q-utG0ig4_oMOkt%3?r4h|YmD*Z&78RES
z4KC*t-<(!%+lMH&TyYka4tgK#uh;$|))G$VYiUXci|TUrTAb<q*U}_`PUqU1Y8{)!
zIu=3eM!JqgYU^Wh>$o&-9mZKy3Ktog^jW?3UT+NMTgCalyBmCMg%swiwvH7rKhy{F
zRa>cyYr}M7G}b>q?mKOBH$CqS*b?S;{05ggrSEQRZbb7}XHogp<7gTyQnz`&5zX(;
zpmHM}XDwRVSyZ&g(NveC^^Y^C^j293F$piu;4uk%N_b4d$$5?di%ZC1I`KmPK+tm>
z&@4G%uM5Weo^d#R+a0rr)3~AAjvr|IIp{_3%kJYhB*q`n^~J{ygyw?YLgji1jt=;y
zoII1S66-f*1osc<7dvohVJvpw`ilOs1OE9x96JzNk}`In0gUr~`!=HqH}{Vn81*=s
z`jRAH7c~|)F#esyxB=rQV3lq*H1AV=aRUubJCA@d%y<5ulj8<HW^x6EXOj)bv*mqp
z7~WFuW10oCNY?Bhh9%5S0n7VS!*bPv7%Vs5(jS)Ln|~OVaNoIMxpFg_>g@io{7WO6
z+4rT0!<ZU_=iaxI;xH})%dy$e+MY-a&-M>~7@nsq<bav(CPm+r5p-mA!3CgqOK_Cj
zn-+kB<)kxRB@~7$0lGSsZTS?A9rO+dSU4+JU8bhTWOmOS&^_XBgZ@2GB~<SFUAmjU
zr=)}K8KM#@`z5@m4B%sUN2o*|=9n{JSn2-pLT>k_@%I$B9w+zB0o^O)_V7(yZim}J
zmqBeE4{9sz*W}>uDSiO`*-`4|?aLicEonqEEWxznLgqWg_Bku?7C<)r`woDGU+yd?
zVJgpMf=>5HWF_bsacfW07|{I=r!VVJ8CmJb>k9XxPT^CSp^}Ppj*9{=u{Wz+by?_Y
z(49gKcDiElaTap;6b@2}Dd5wT$>B3@D2Mj~0iQ?)A0rifqzn!p?~R~4FA(odH^$%t
z^EiCM^Ah1hVV(@1iyF~1(kOhC1o$il$Sz|0&hJulK&SXX<oqCuZ5jxAM9yMw$W#Wr
zWV6Uqk`ETWZ#yJ7+P1TtR0tn7s`C*lm&&$W>h6(d$7Dce1Dp*Og~^P$Fpa@H%yBb(
z73jGKxen?{r+dw1GVWN&?SuJvij$*bIO)%g!5owrPHqt}cbx+#y+44H)dDA*u8Vu)
zyEX>%&@Tkce~}3DwiGzIcQbqUoOWE!WqPCya|Ixq?)|f!<%I5kr9<iRoX7X?N#{9A
zTngx)?<^-R;@zj|?`7okcbM<w!s`ZuPRDVAp*5zv2_4%t%*dzXhj#KjGtLaq4M%A!
zy|Y}|+wzaI{9jqYL5;Ckx)VMgOZS*K*U%(r$+-}w9@tsVa@`%5N3xuH+oIghlFG<D
zcGvdv<@|>7+!S$NR6lL7<Gu<-EPJVEn2+7j#zdd9F+T3=<G#2r^<A{6-pb>?hWU!#
zM$^BC$9+XuEXS+>dmjQrqw<U4aJ2pzQL*v*9j3cv_317(J`w*q1uTlQR3<8Yy_~rG
zsdYAKauUu?28+U3al=%%h+lY)$KxdM<I)C0^FF#(yZ3!GvqYS;tw-+=aSd-apc(o*
z7Sr`7_jfcHT3h8>?Wi3OM%(@$7TftnUTk1~V8yBCZCbuo>kxA5_69W7f7t!9gZVx*
z9Xw7fp`U%P%zU5w9<LMg4Dq2kPvq?z<U_MGMPK`lzeMz{5`D1&&F)@Q=s7U`nekk;
z$Nx{%slM9Hc&^%`{uA~1Gs+WZ<RsXqU+&(?_1y}8vd&x9lQyih$2*>%(`ljeGM}39
zV0i^yd{zWgDeOx`Oq#<1drM)w&lR5OD}}W7L+|oAcl-%k`klpQL#y7rR_lI`@2?C|
z@m%62g(11!6_(pS6@3@I+P^P_mut&f?VqCWR5AZWqR$~Q)+F)o??vqN$TxWGG`+VM
z4^;oZvD3~xuv%CwV|MUF1&?L)-(N;f)ec}ZI?R_khI;(KbH`AJGkJc*6K`Nk_7iKh
zoXv)o?6YL&ou=n6Q=PjnCT*DS#rIOnB=lQl1DeOgUT=EgzufDH6np(mY_Fd-q~2?q
z<J@}<iCmD`0c^3huGMbbY-sNZfBfqk&?JaTg^$N8+OgN=4Lp~~?c#egqLK`Q`94F7
ztmE`?&wDYy{@0?ZV;()Dc+BGsZ=o64xK`WlGqmI}Z+b5=<}s2K^T^}lKJJTq9No}A
z*Sh`tDGB!4wCT)Jd;A}vPUWN1avrD6J*YdPsGO)3ao!bjU^*E4D9=m&b{C=|?zX*@
z);v*Ee&XYAEAjPf>>TQ+H=()fQ!Gy2ALV^g<y!4k@vg9N6Pm`0G2ZvvO=x;v#9}%J
zZAaTDk3r!*I1b)73ICWcH=$W9#`$a$n)f5uQ5Wn6pI7Lp3wrzOsJHc^Liry#$6nsu
zgeGan=^yu^BBkE5wd)`jKQ7ks`X)4|AH?E@C@M0jGsc5D<7d77<4r?P^Z28P6pJ@?
zKHWdw)Oac}-V~lfJ^6g1(f;FmHuWDr^jQD#osT7s@88&ed>694EFBN((mVmf@q57M
z9LHfer?)?>f0^Q2AO-xJdi&$sfD}0RUKEwvDZWS88^B&EDfa5QO=xB!DtZH&o-b0j
z`TZs|-;JW;-mq4y@fq5$F?L25_Qw8R-5c9)P2Aswy{Hg5i`Cxhma~GJdr_gX_KDtj
z|Dv4<vAK}z?yFB?=hloA0r~kRkq7#6o*VkwP5j-(IfLhgp1n!D#a_wtLicRqae@A;
zSbPb~@8T_Xlk8C{)sy!Yf=cSrxxYME<>XUUC4~UQ)hPueP)SLbBjC#9ITD<;a^Ta;
zzycAg_t9f$`e*Xk$@o~klQIOe8_+yCB{6<fRlxF0aFfwujmDK=c_zC_o>-$g4lK{b
zZj!T!^H0Og_wX07=TK?l9!AFP;r+Nhd?xlFb@4sq?T_sNYURKq#j!nXeGJV|8Qnv!
z*u%(RSm@=Qo6yu}CB{=ar-0=d=q3&cj(Uf<NvV2;Pio+A{vH)9Pr94<hcVxr88cVG
zLKp`6)eSrsn*Tbm3LMZ(*X*5K+Dg|NUl(TPU~Y%XoWN{a3q4nXJ~I;*HtC>CqOSFo
ztK12G^a=L!OF4Y1<ng{daQY;eMLe}yw`;Jl+o_;e$#c3(O8a7XS^O|vPj{!}tH@Bv
z8&pPLUQY7B*hh6y!_D6W$sHMiQ*$!|Cl;L-kT#*&A?LGLVhT6<JIlW^Ef!1M3W;a$
zoEnQ8&UMqjIV|bi`Bpj0|2Y=&yFx(qN_to420f*2^6!mks<XPMdpa_FLmSYfXF+u)
zJGXH{4#AuhIRbO~$LFazDeAQ3r1n!yt}hW*`roZFTiA!<j?D|sdJN605fv#-ogp2?
zX)L#p0~+Q}C~c+q+i@?n7G9&0<%OlK($C76AL{m!Sd94VCHyQYzIf&FJ_p15S>$RE
zd1j4Yb~8QpO3-J3)=jQTtnacd0~Sh7&?$W3^>WgaobTjbmFa)dxLBJbNo`ax_8plH
z<e!i6_>?2lRpKn+XC`H+Wb0E>z>Zb-7J)uss7lT+0?Q97$rrKetahOsi(5~q)o~$M
zkv)>{u$dlUwgE8q&G;MwR}Kd9LWtAM;pr-?iSM-Q$&E?kDU%Y<%rh|-!%pd(*?SHl
zv-f<x5lxqfakO)2jTG^2`;9uS<2GKmpYr46SolyHSjjjI1N!HWb)E-SM9!L=Ab-Gc
zCVzap8_k?9Ovn#n{EO!jdVM3BzZ5!I%SJTk2$}M=jl9MUm3v;<h^FnQ`r<}3ZxJ??
zBSk<cK0Ut?&5nE3)+0qK`4nUI{poN1xZn08Dq9}oJXXyHD<6z~sbF&a(K^i`U}DF#
zKejP-ot}97pE(Q`8Y4lUnGFluE{@|}PrFIGsB6|y0j*VZO%-aZCH8IKBf~fGJYMP<
zOynVd!<I>69rtZS^AAx}@<biH<hAF3v2VvCby}fV{{}=QUDRDWSNr3Ybz13dMnY^m
z)oH3Ga^6K@WamAA@3}q1hVM0T@Led@X#eJp`|Z29b);HD(Xu*i{%wZ#wP=^B&7vxP
zE(h%Rc5!#@5oc<Ah%Ju*WHY+<_osacQ5m%n%_UKuvmh@HmZ|Wdab=yhTfp%OM8(F7
zbKy;ns9pGDZcAosNaij76m{f!HlR6Jw4-Cj%U%>mlINiE*hqn!(*^#}xw2ExbyiKC
z=D3}&d$6E~zi&YES5$x5$YqL~SdP8ypuKiG-!bj8{We3JQ(LE1Q$B9v@Z)acjK=+Y
zgPZvn_5FLfo8-pfW&D~J)z@jIVm;qPQQ5z`PTMZvYPT;)0nghI6-w`{R@ZQ_eyF`Y
z<}U=F*uDYHw}fBPwhd^uh+0I4rvrIv1Dce-Zi}MgEO3+gWpcZ>LT-OH#9>n@L5n@l
zj^;XTzK5^1RkR1u?v%(g@b6w!mJU_P@80HgTRA9pA0^a`i_af25G>mFOEC6z)4QOT
z=V(aYW6=&ie;%T8c#q`65+IRIiM@Z$r*f{G8*Kd?0&fillJ^e3J04DP4*R#&X&t}f
z`>2niQur9(!}t`uq-aZ>wq3Mc9z~^SXPvg4u0gb;-{~CwTsJ8+<aU=|Zof&~TaN%(
zL{@@hqKSORKCeY$?8Bn}OJdFcK~xIt`G3dTd=;fI$q%L)XUEgL&3-}4U$Pvoxxw)p
z(4_G6^)lLOw((h_^jKL=D2-A2$`f~dzM!pme4@DYs|}pS=-vNDl+)OZD6hqM=YOHU
zM5Y57y8+E`5fGTlbr-7B<Zs~m%i$uGs8hKPle2-#8}yrTIoARHyn*Ws?Ar{m2)$or
zr*D2tmua32DydIb$@@YNIH{^+HUKF#r2v()=N)$hN;A2vt=7tcoQs(rz~Y6rtVh$h
zoazDj{dAeg1~fmtASpM_I4<iOBV)3@7eJ@-UL*&mUL)u=q%wJ_dHzT)?^7N)E)9G#
z0J$R#7WyZGPVw)KOjziWK<|*CnexZd*UL$_><E_exNla6&pi<=0At@p>jj^mPUVqV
zg!7*9zHxTV9Yg1`;dIcifE&AeuIO7klfmeEPIpSavJ92HDdhc8Lf(hzOdf1LJ1-+3
zQ@LEu51yEt8R)DyFCbG~kPCu`ncT0iczY`M54e!Zd_2#1KN-3JEVDQfcK&f3CXwkX
zp)g_b0{}Xe_d8@Icx)Y-&Jr&3Q+ye|v41@)=QNmF0EWiuPB~$r=St8$E7isk0(Zg}
zfVE(t%3`SbTC;+ya#ce06N*QniAnhvvcReys1jp@N@k`RUCxl&vn~sCy6(a>@YN29
z!EafmtGi|(^zFx)&ud~;Wx()+HJ-s~R4$rvs!q$g(-8G~m~6P0>YougZ!(h){aij=
z5JEFKf1E$7zy1;)o}wP$@cz1wXLx@-hmM!J&LWrHydv+zBO^+geq!q;g`!>tg<bxI
z=fb-=4DX~1L7xhG_v2F%Ydv8)Ec6WI_(f%cv&lM%1kLWa{8!#7pwAtulG9W89&R2K
z%a<O1pTy&qrvR+ZJ(BN9b|=U|hU+CjmJbG!W|fo04Zz}mZdlLXgpE;Pbubw!pZP*l
zd^SYwsbtuN@)O~!j!eS!G_X#cpY&c3=DFuX>(Gow`JMcyb!aBz+DG4_&exC~T)H03
zv1xFre>BIxyM&zo$~rU|&-n^lp5!u9Gu7LY;rOz+`=43I^&R@Re_gEh;P2P*I(~Fr
zTi2oakdVL4b!aXYIr$!6hvs}l<+1hRZDTmEIgl;xQYvfA_)DF($jk9MSzn@h5XJpj
zLU%FNovXg*hkbtfkE}!UVnn5n2m1T-K<RUA`RzJ1-;UZk1LxOi8@SF8?!kn0g!f^~
zs{(#^tmAQ+$@`%4D%oA9HF^y#7g33q0g~Izc(+d5;We~`+WZc%-h{-wXy5>A`RT+s
z+wdtKXM5E;G%c~FE7tK?*B&7c7q8<r2k2d1w2s$j`RRHt8w8?!ZK>9^^u0Q5zt_;d
zL{w%RuhaG~Ff<lJdyf6KzR%C@Z{qB8*YO<oOGV#yI*vHsRQ*?p^$%Q!W<0%(7kEkK
z4BF3@<?a6Vm{is%@54PM*u9q5kxHh;fdc<VBj3l2!*$yJ3ck0OqNsQ#x=CTk(e4U6
z+E4!}CVTbBN^o`*mDVG5+HujoDT>N%Lsc^BFZ^8Q4vN)?iLb?wz)yzru?~W<@AMwY
zM`fQG|KwvbyWd1N`H7gf15x=x!0$>#rS)i?)+o-QCW=b^dM?8>C!NU`2kW#fvBt_2
z=e6|HI&J@a{`-UWo<VMRIpy{@{>0()Fo1PJ9vOT-seh~Jn=96uCEA~$=lgA)RwUMU
zYZMhKLnrk8ocBEsx%^4bxu;X|JuGlA5bgi{k92(#+~kjI#XIzQ{EgSYR@}?y@i*S5
z*P<Do4kUCQm+x*^C*;8CJYJv5brA`g>0LC=Dkl-SAV}pq7{%o~D%Z{Lk^=KVCCg1N
z*Hvti1M?}5*vV`0`!f=0G9-f)PFKkc+3BPDPlr4pDF2Mtp>RzvC416&Y^D9?<YMm*
z-P4-@NVNm3aFI%m%S!M&%F7%oivzcDCQJC69%OW&1ZS;9lj6%uy_}Zmd^6W_ed}vc
z>%3$w&k>y$t<#F`<ofg|A=^{^aOvqfZO)zieE!pmN^5tWw&+endp3#+A$3~gord-g
zijQY_|AWyO@1p;1?X6?qa@O&AKT3#aZb`}oDy6hJT(*|W?0#WyxOgp(!DsdMXK{I*
z%Jvi2qS;BmXUq;5*YGp#ECKSRICuKJvqUBEQ?SlRaMUAY_nbJ{{rNcA{gja1YlQ4x
zy(uQU8?|!a;mcyOdteQko@=P=K1#^$+_#SDQ)|(jJ0<a+HYRb|-8rVe>|Q+@rrxrS
z@0r;g=KQey9=Z_po^#0WJxO<$_d+heU$sW$slSHeXH1T&=#!&vVscdE8qlwVx!t#2
z+qZtst0ZVRHO}Fy%}~kqr1yHbmdRHQ9YsJ$MW&G9M+HybabBSF-hqJ;?EFSD8J_0>
z9Tn^-QpxHoxD0<P#oN8%0&C~&Bw6PI2A2j3lWh)Q@Ag!FkI30U%EMs|n$DjK8NLLF
zb6tNKJ~SJq(lMxRdZY;09_V<KFEF`&A}mxhL9Y-swmPQs{uQ|@@d*3)ks_7A<^A7b
z{Z6ndnEapJm#f+CNAb~ldH?rZ&sZws8v8C1xJ=tnd9O+MAZ#C@5@u77RkC<6keO*U
zUG|wQ9|pu3D((5rWY9gpb%tk!&fozc&s4g)w+o$t{#z}G)zKyLs8}uC%Xux`BXTx-
zKcp~_x>2V*^%rY6&!l@ce#-gkwQI!N{Lt9}&rdmT?JP(S%%W{)0_iN69dQ1X)8pwi
zoObEA!!uP9zJ~MJLlQJldW;kSS!I=za=~Z+kp{kU08+R?3e<o~u6&%+;P?hPPy;}o
zw>Y1T6wD4lIV9BW@RWiTN>@o0<+TOrff%nH8T3vsC1tY(uPvAzuz4+%a$f6lb6<73
z|Ksw=pl>ajRR3XTEqp;v$mzk?0J5pRLf8IqlD<+imFp`MHcwCGbQWQ6i}7@JBcn5S
zG3e9artWE%_vv0NPx#mAurQR#=_%DaD*av^r?0rDgZ|`Dm7Kbq>ubLo6kBh+Z6-nQ
z91m8f?C@;?W8Yb>uQZ%01F}r$D@&NZk{2AmhU+WN2~=On4f0xad42i{<yDkt^|N)2
zPpXeKCQ(iY8LXQxOQQGBdH&JHdNkXF&eBjXbdLkr@(h>p8dBMn-W2bwtLo7_F7CwY
zdNlums8p@tZ*Aextd34!eW9GVH@Y)J>$N#|8QN{>N&IF2FxmP3dNeNt$nKD!!PXIy
z`E2A9Y*|o`=CdOH(p!(_`J(>Xuj<k45$~b%>d{OS`i^~f{AUf9<={-B>~8!GTizDB
z)b#=`=h_36jov)3UR!jRp$UDznch_qxq$2Yo)JvnzvnG9lXc8+S_<7h4XkAS%9GZ=
z_L(y+#an@#BIlx<g7?WkWY>)4HXKrq=I26p98{0ymqHK7tVi=J0m}jPX#QR3nvQxj
z!$QZvIy5^3ew?lQAv+SEFGA@-&IxuF0kP`2PTWc5j$F=Tsr)~R`R4O?(Q}=}nSu3M
z<6Vh5o5ulG6D0C1rvz5nw`h56|4slBVl|uP;NCi3w>B(GY&{>>p-I<rLdbHFq3MAS
z>d=e~ogMfWqViQem$NStYy6@0l?<-ecHCuX6s|wiuIfjeHvT5y{6BR(Zyx1^2QRPJ
z8h>qQ3lJ5XhJI+QiHOR)E9$i!zcw`6rfAYV#qpy5qjIJ^DtNG@Ufcg`L%Uwky(B?%
zUXpGXKL?$k>UV6dVvQ6RR@R|O$4us5zIwqIih%4*qN_6()@wWNF|>;jm4cttYsY_W
zXctml=8#GXRY$wa<7i*{Mob4fD~}Am-WwaE>Y{pW|2>8_M)cX=%G;idgY}so^ERDP
zRDL&9C3!o!{o=_u`$c@sh<Lu>9LVR~4aUAxvcuQZi^{y>dTq|HWAMi)Dw*P*zWoRI
zM#-ppZO7dPi>FJ~=BdJZ?fBh>)@7f|mHb>NerYyL3`e`m?`WU;MhvEv0M<!4H~6!2
zj9Vq<eJ0AsSl7z?{)ghyW%XKC++IEwb5lGyJI>*&6k}=3CXg4*7Py`;{#ZW#`V@U<
zMN!$^Cx-%|uspe%o{_^x<<jeWIn5m|0`mQ8G^xDsuU<}bR6h9EYBZ@_aH5yf!I`V;
zwXEN8m{8o3z}V*yG%{~yy;k%aLwhR9|NWF&ug&?5p~*H4x$Ct>zcDlvzZaD8vHm0e
zZIAhsnB!O!mAC8on*O&JmHsvmwKZ9v8k-3V4HxK{Jdeu4rhFz}936RcX#$Q>difz6
zI}C<j(*7^xf__$l2Jd8*Y~5AP-!3xwJ9RbHXD?Ps+iI?Fc&NU1nM(e&n)_QB7l7p{
zR!Qq>5wm<XmlJ<m$L~O6Hj5G5>nV1VsiS5w-KQo!PX0L{1?YS?s<AoAmySTszvRG;
zGnszYO!YJOYBY^<s-GzdwiPNntgA!wik~Ib;x7iv*j1jGBWW5~o)Ibms=JL*$%fUU
zuD?okP?fA%E!OM?%QHbGtHd5d!iVhgI-zrw$M$r&*wd4{%GsVA87iT3`S(cydKS9a
z7d?+%M;w8jU&?{(lGwfmtwvKVkIyle%W}+7+R^LKym?~c{p`5_tjBkilWO4y%Hp^t
zfc5mQa^jh+l4>fCO$4h|z+at_ls|b2hrz3L!u~Uj`{Kyp^m+5uR)AT|hs>69VX#X4
z6F@ICZs{HijxO&NpgZB#Zgpl~?kIMS5eXVt9O!Z$2O7Ep^hl@VqwuPs{OgX4K+l}a
zK=*Y(cJC5)Xot%5wXCVNTHz#~d;dTV-7gR|*;Xdvt#K8a$#p-xnf>eVyE4Jb{sygh
zpXTa+(0e#L`0rIzZunu^U_J+S9lJ|n`2iP?j-B1ptI+i1rp^y|cr}_uO016Ev1VSw
zAi>vtaO^$&`1D%#c2hcu`5g;cFN@21&Me=*ThUxL7A&{SeHZAS+%k}+)7&qqbrqU#
z2$^c<D!YD!65O#0O)7JqqT@+CrgV?P>D$d>O6T^)lzK;lJ_By<{$fm`51419N_MXj
zv_FQ@zR`N^YEk2IILD<iHZF|;D<r|u?oP=!F3t~75$_72(LARIy|Wh-yUFRSjKH3U
z+~ni~nSstZ=LOELO7;olcl)Z5+$S)VJw?q)l3xcUzSpS(ljK$jtepjka%<=S*H!LW
zh2{?7OU>%jtU_~(kUPDr(EN{h!;JUy*gw2hn}30!CCkt=9AM>$cewbus4Sf<bJK6h
zZ~q<%tOMUC)>>A-=e3qQ9)Q-XD6Ae(TbGD;e){cl@$ElCwxi#Q#J8`6%uK&sEWZ6c
zuHB@#Z<KF#$LVDM6n+8DRcO8>`ix$M=5vUOvYNlqQl66=XIEGhhtEGlR2B`W)$BLn
zd~vtWpTO+`uL~GwuIh_H@O><5vdXKt-*oRP!Otdw)h&+<=EeE8&@r-Hwc73r4DAoB
zuI8xV2T8drH?HQfFh(b~96(eGjhh)ibB(6_?3Qk-Psa1JHao6e@H2Jvx%t^+I}`cY
zoQrF<j)|O~?fe2;mI_+jTg(0Mj;!MCuNScVu$Jd>q4LWIwP<b;H9y~vqOzwJ%{d}w
zAykXzbyU6@>?VcaXm>ds?H}#p@F#M9@Qn^^i9dtma;;W6!O*@Hea;tcsoa_^a5Mfq
zn7>FG?=uHc*)gD2YeZD04^_$B4rFw9`8n*T3G_4^EE4CBBa8WzxcM40`8?D6{Py_0
zK2G41zYSZcEJFFp{*kp>;RS|vF+le5iM87HiH5dI*bVHxHV&)RN-r=(d`E8Ixer|}
zWZ3tx<sm`8eK?a<tJPd!Xu}20(C>35)M_;o4Q*Q#l`XqC@7kYVt94vpXj`MP{&TYV
znjEY~Z+6fz(a>mn`dikhT5SZPGG}zHRyfhn&d5rTwz0>{7I6k1aFaqqYIpgi_FHzL
zN!QqTDZdL>Mp2>rxA#u_{2Nip8my8z?;*>TmXjIFlh!2YrYSjR+92*9OYv+w#fdn)
z4Y#1_Wi`1W*cVf>hv(2ezZT8hC|{$wliPjc_hG}ZaSW$BN^jY#_&wl153H@CjlKSN
z80<#|Z8{wpr_a)Hn#Fqx#Tkk_18TYN(PFv=r<)Xpq;^+WY9G1_O=l;z?7xuH*fjC`
z{X5a@5%AgH@n66v?cDI$k^(;AFo)0o)$n(pgEeTrfT+-WkMcT6f`&fd!v~->nI}@6
zHounh+Vm(YAJy=;4cec=DY-v|AMNua(TBqIKGA-6iuTF8k@lr9@2%neZ;Hm-Z+0+U
zgVk%3pt;lG^xfkh>APFa@!b{9@!jbk0Ng+$zv^2M{*kXj&1L!sJzJ`aP(1`!rU!6k
zMgUi42EN&LUf_s1FmPzopa9+tq$pD*9SYSK9l@1D;FvK4^eI0AePucvbB+Ri<v?Dy
zrErxy!0w-n^uXvE&J$^S7zX<FwEYM;<{t+7%8_u)C4qjL$qqTe$UvS?Z%r+l;c_4$
z7gz_<q5W$I92@KeoyfBTly|#zm0S+@Y;KzpDwZ-;Qa!4B*UU6HwsAO%i8$7j4SMb<
zwUz2vxs|!WaEVInenoK4X76;~uc?6dyM7q&CuM`4CHiGmW(C7DWBsPVJ)4_;%=@+F
z^L{@X%KN#qK+h5Vaw>CzE?FhUK#rHE=Uo$UCC6e6<udK>=1T!1UnPw<IRdn8BngKj
zKLV@Gp%OD6h%rV@Sr?;vFj!BH;rR~x`%nCp$-ETKegJ)CJ{)Vy0G;JCEeFE#-<FB|
zw=+eqyb>S{hzdPRLjt{M09f>VBgavXh;wqiz;g+XspU2YV>CafzTe;CzmKH9mjF@o
zlYT$J^A`@O<#q^AlKb=D)9LR&2DV0j7H>o4qQ>)hp4GZ)j$3{GKH>9r*9c$20^VmI
z-OmWIcd^&^gio;Rd$e+M)z(KSj{#$!_b6IfxoT@QqC(}orekR3<f^Uf=@|KNtZ4w~
zPNVHgm$CcG8HPI$&X8Yn8hfq`k29{i1yT8HHLqFwQ8k)AMCC8lXs$+7eq77%tFamI
zYIPUSAN+O=nx2tB@Al1e5tRwGBL8bTyz2TE^_?|nh6<o13yjUTBPtZ$R8Dy(9bS!m
zi~7qoXd3y@k^{!(3PhzZmuwM`nF2PAf~Opjvw{O8XpkjnuyejuI4AlX+#jPMzRu0N
zVC*ZeMbkU3M%$jr^p*y&<CH^LzP6pIbH3U5M(1Pv%Ri+r_v`*@G~X3#N&fBQYBb+F
z$8Yad^P0s2BxpXw;=Xf&owX9rNm;?`4}@Mu)A=<Pw>fLHPY{)RYS46!gBCiTy=S^#
zy6@yY)BUnoKQQ*ueV<p0rpsBQ?M75?qT{&!yK(BoIHzmSjEt$#nh}**beysO-8grN
zaSqp@*)+O_$-kG;aYp}l<IEQ0?5{!7JE}(8fT%d>I0gURI1|J;Z8d1R3Tm`vh{_N;
z&Ua`<@@lk)5fyJ?4a-O9zC<O}d0@FzmALc3a*A4S;aso|&@)a`$?o@gy>zz&bf>No
z)fFoC3{;78ME9<-X>jbfJm2uKY6s|^`DK$RA5W-}+s^OnV+NWRA}W%|HTC3kA|JqE
zwCFtlL{!u$T9x@~tDPU=XEmG_6KV`}V#~LPN>gDC^WCW~tkK+JFYau<7b%<Xg~jV-
z_1}xv!Si*o+A&$7;>bXixPQd&3c8<}Vn5-V$|li!BK}>&`!~8DCHN<U$DG>xng5)K
z4-Cil<Bp<rvTr|1Ft<kdx5e9v{?7M9*Dnp`>u(#x*UxnRL2Uhd&$WJac&NB(ph~2)
z{_FSuylfJ^ABF7IPGzsA_j#<+Mgz^gQB)!TN9p=6dycQo|3%{Zcl514C-_aZ$om_w
zJAcO4ACh1%8!L_{gbXwjV*3v8x$if)o}a4E4g<}Eya1nY{P7w*z9m(k=M3)4)A#oH
z2|pv<K(mSNacqtDdK8tWF*VxGC@S93HJTMg#Wku%dyW2{U!zg^cUCo;{&sBXn<FmI
z7=>3|6qS-{G>!jF-DZ`+<8dylM$@x5b(<;!&E-*4oR_Gq*1x2x#5)))x?ZR7%?;Bt
zf4`j2bC?MuySyx?TYhj&Gn#Ih*HyIhAo{=K?@xIKuOV!o=iAS6Jx+~cODppEAd}D6
zmO<ys3EDKGW~7==3EtO?CdK{ZVm?+Y@hFFF?@BaR#Lc(;S@Av)#g<wzpGOus^n_i~
z#%aGJ)qFX@8=BFixY{k|V{bWOjx&*!-1pX=ukKk9Ulzp{%F8}A&{Y4O8s=jRUfcC!
z15KkVb(<W6zYXj$SgntgZ3Y`?-i7_+C8$h(N|u6D=8Uh)+~-4nHTMTeupwl_LZb-u
z&n4KKv#UHoKN_103&RrVV@JV4V+!bF$HT%V33QLc&EBO7s|Bwa2`#7P9HtL@%j>lH
zw;0+q39?zc9B5H?l@lUCgEzhoU|K2nt+<B!R!|r|aSd2sO0c&nT_x&D?gvr*Q_$ZW
zqLQlX`McP1F!sGZFfQJh>TE@cZx9LZ<VEz%bAxB*Wdu%?0Xe)9%?^1~oX=8jFjAzF
z^DpN<OH{W>euE1a$86}ITuuK568>?L|Mo>-F+U>;tBW|S!qY&f`WJ;GOb0z-|CXEW
ze|I_GKb`lJa<Fb)S<Y(Nj)nZL$VH$x4pGUDi+E1DEdyhD>EidB@UA%xtQoS?*CxSU
z$WY1gl^KD;0+o#WhUXwk8&<~h)1|$rlJR4~S}kg?T;xj3PxlT$m*E7xTI8p@gVhNx
zWBKXqTFA!O++up>(?ou{?4c?N1CNFOYz3O3IWUdq-igJ(xC}INwElIzc;3pa;CU<2
zym5Mx&%(t?aSWruI`tFon{ZMd8SJxj#lHtTlYCWjcn%i(eLw!)-+t?-_W{G_pCrA@
zI>Dl}fsULm|36XqrYXT|SE8xT=$_7EpXv8}Hz6y;8~87|kK@S|od0<=?%#N91(&mp
zIoy`?>`Eb9%wcgz4KCT~^Ax*D$ta$yett&mEfV%i0e_q=iLNdGpd*m;nH<os1Ivbe
z<q9;NbK>(56fk=PU02&mG_!9^iYvI9$6!QQjh^@zjCstbsrr|oUk<l*f3EfQ<FR+8
zZX&0t#Cy3)yw`$Nn5L4#Yr&$hvEw^#odcFTBM$G4G8P9ke-6ic3X7duqK!u_WA=lD
z`sJzyI>l={POpZ&Yvu+|l>r%dcPYW48G&(g%SdNAkQ3Jdx$spE_xN{nry9e%FXzy|
zfv7CcWInUatP7$^*HL{-oi_hg{%*@`PBVEv#ZC%eI}Y2K!)oiV+mU$Z^PDY8aPA5;
zvv1=(Vx)-mHTr(f4*p^VnolIfZ$lTqW3E~8|F=s~-l~3z7Cld9tNa(nc(7WhIc_nS
zZqq44u!7}Tk-O9mUW4mh3HH{8%Go!61a+6l#{ve=g$@y3({~lC)0Ng`gi+*`%?&=W
zg8Pnzv+VaW?pt3de8)~E$;ti*whR<<+lUotjzCoC+8f2X!{aEv0L#zt@Cu%HZqRtp
zJ@mhh3?HSBcsy%!ay+YX#_){d&`lR7#U_Q3>bd*qS)6zj%}-BY3y3%7qmQC#^Xj&J
zsLy9Up**gu)Jb_6AJf=}Ep`lY-ko(?(L6)j29Qnn{Pm+~8p1a5)uU*3i@(2k6wL)u
zR0;(T#+4a?vRsvn|Ayx+OdB?f@n6S_D%n0Tu1@>l6m{AMr>@gpZRZCaG^{u)j{nlT
z!sY>wJc_1s0!)*HJ<`u?$=N|>w_br}&ZpRNJMeliFFuOqHBnS{3*MzhQAvQw_!vyW
ze~H25i@WQzMe_{pR)Fk;_M>9$J%5h1zh!=%cKlXD`?-MOV~?V_PQ>1<e-urP$;5Tq
z?wbrPnbs%`z498Go2l%Tgm;gx;4;{J7V`nYQiInN51rz9g($w)h&t@fQ~mMXIGKp=
zaMH&2Y<8X$-#wYoVhDf#ELA1bhN`5|72~-DkD}?%kGBD52R(5xuULWRlD}Zf^()Xc
zrgDBV<F|EM<2>%G&+RafJ$xnK%b$9=t%TfGr|r0v$3@vN>5#J~_r?1;b9}#k4b5F&
zq4jqP%TCGHE$0Mp6LuXc8-;qgFF%X_xPy-ea^Ky_?f}l0a)Xl|Mf1zEiE&TrSuWcb
zK8ohoRMuuZIGe$r?v?J*rv2ebYheEVy{LGvtJAjM!tEC?M^X7q;M$&EROmWdf5Tz%
zfzaU`Ja<w<sk6uj-<A`Xn(edkh}>VN?U={oegZ4Fz1urgCDl~#9?bP`ii_{R%<ozf
zMWv57&ZyJ2-)yj4>uqD}G{;;+i|4Nthup3@t#B@1Yi$%2dauim3Y$hDzt?fOxW^0m
zy?$mnw}poa`Mv(iqeAZ)2UbO~n^5_h-tY7tbnGf85jj7&K=?+lN(0{l08+MJ3Y39L
zZu;I4sK^9g>3TU(20%OkL6@$i*w?Ic-P^ZvUt}lfPMFv2DePy{Y)<geaK-M{++Exc
zcig?DgxNPMG6LO0GXwNaz3CN>n`BCzc6_d(o&0wqo_L0HeU9>+T`zE*yXm4jtz#~~
zOPMV7p3tKzpta)xXx+FR%}9mX+VOzeIx)&|-gRl6R(P|ajc0bY>|n9*XQ)|@=7C;R
zmOskt3Wg+TjsWb9&#(2~@<hEoe2DAqi<YA~Uic0^xE#%BFZVV5?Q%2^_wsk1-z-P7
zSA4hEcW2!CK-j-+xvIy;i56_J>5FJ}+WuP%Z6eDJss!trIiB3i@}uQ2S=gqTe?7|K
zIja|yrk~Ym9k&=P*E+>zx4>md;BwZ>9G_n7MTJ~nr)Ax0XlLZ?V2<D&ls|ZdFN{|P
z5{dAfBGZ=hoES5HQKuE%YG}ui=crhE17ByGLnZbYv~QaOh!?<mvlm;UB47RZ<!F}l
zVoQ(k!FDd^@tpQv^W*GH|DyErN0k(U)b4Uh?dLah`S$gfv87t)a@ETM#zU6#7*X2Z
zcqNwqA?;BSCwdb5&Nx5LN7SB|p7&3e^ZL+q{x5E<(;9Czw7*1A$-9aF{eBdcx5RjN
z^`eq9R3)Fj#O1E6K{5aQ_?+JfIa>yEeTv^XS<E(Q%bX{ZWX{LL88r!?EGE;v$nkxD
z6`HsA@|<mKtvA<ci*7ZvKSWWfF09k$&o#7rdO5z^_rVwA>a@nWhV}&A&-r!Qj=6@G
zkdG>p=iAwYsN6E4PMb5=(7J^k;){v=-;denp-Sy8kJR4w3Yrkc7Vl(Em)G?&e%p_Z
zj#r_{aaIX_`U>CIk9zr7Ij`_oQf7nxJGZgs$JtojBBz);xn7_n2209kC=O6Q!|bhb
zeCEoRxxMvdygm9WPRG?%yaqYt2P>-3{2ijQyb8^K**R#z*jHJF=C#OiBIj9bsX2>E
zZ`B)pZzKmKXy$fIDcH8NoNRMQUCs%h)A>$U$N^)ZN<tIBqViNcUikBqYPyaFi?-d7
z4`gf_9Q)}7pf`?4?89_^T_p<KvpMYMZ`SH${$_o>!r!c=0?<9bDx0KKDnU`py`93*
zrSS20jRZp5{dxlEjU!b;?oA8C&oMup+Z?Zedp3K^L&e^KDsfL1@31-i9oCfxx+lGC
zQhueBFo!#b=PGz(2+J9F?5A{&{KP$Y(s`{v?{$3aYBBa-v&0*(l6w73Sz`SofQ%gm
z$JWxZ$0WgYU{X!CTmjR8K*nanv0qOFy|FN<&zPihu=|W*=kRLiBGAX?!m;lLg8rEV
zN5c-MPs)td!*os#7yHvy;$U?!bAsD1;ksz(qNG~d6ToUpR|)OUbl1#M)_(rQygkdy
zdl6U^KBpZ{A0IC(7&%ZzwqF!`*NVT7mJ9{U<KpY3Ydr5F(6>xbiST1&H8$z}ygfa3
zKf5P^ZVgdM_9S3_jJt%bnB`{`?{$%wZv%f{p8!^*jPfj&_juoliUEPUUgCaLbltWu
zWZU^kK9pm@nlmLSj$~ZYd(9ZI?A+b-exP><m7i>TbL?H^eWt4_VC+->$@#=1`D$w)
zev3NI8<wFtTg1w{x_G-~aqXlo-mYdDe;cLawSC)vyryq?yUJz!etLKrnz_P;bFhl*
zo0tx-Mh<cL{x?-<s#Bmv0b_HaXxCoFdEFfu@M_x;-p*5nX6Q1Ycl_o{MY|8;#`Au|
z+ucNY)1`d8pD;a_zd7xfcrNb~yVh%5cF&&N39y&y4i(0gKJbk6RldS(r2CR#cl9z}
z%bCte`@5H+NyoEg)^8D&E0>|EVjmwr+9(;CE0n|Di%-0`p52oxm!TO!ROlQZFB5O%
z64$*c->hH8Z7LCQcd;B5L%~|~IkwR8roObE&AAs*ae}e$%@kuioMH?Z0@m@*_!y7B
z%*S{KQBlFz7fdn6ohimp2ZJ@I1lSnXD}0QXG49@qv%ye!tz$k_#=gxd#=kz*8V7-O
zT<r6c=JkEBec~K*Oj(9z6{2ELeJaHqQ&a6B6RaI#juWrO=2(7?IkJ|ad7n7<cbB4h
zB8rM1jD5GKm@hZQe9i%2?LWZh(|5$?^B^kCOVRvL+@UWmwd2;Zg2AO|4iq-R=a-^c
zE&l%FQZzS-znhk#`TICr+d*+n)R9}fljGW<rD)po**QBJm!kQ+_`6{#ntu|1Z(NGz
z@gB6+M^T|;J>C*q>on13)l&P;&k0udtvx%qVkw&KQI7v#QCX#e`)?J3v5)F|STP_l
z=|v8k52C10y0Lb}#vhHSOsnF*Q#t9fDlU&d9!2HHRop&CbvY35<uK>(*>5i8@@hgJ
zW(lmz_hHK?udio*z;wR8w>>HL{*1yW_2)~`d_9WRDzUd~<KT8GO7&tTxcJTW+IPZ^
z#qvX`Dshhli^>4DEsL(h$N}pM37Vxel@xvuvz6QSS;!3)!yuJ}hY8t3*vnb%v^)6S
zosgSUqI1j&eAUZrU3*>5DZY>XAadsdFxxDZxja#{lmfN&n5dWVKLW3mrD)QB|55zA
zO5kmRY#l{5$5T;MK6!b4LjHFHz-knH&i2Ko|CR)dUXBV|^-y7}9ul+dG5Q$NA0D>7
zx=>e%L)hD015?=Bg`AXNZ{Nx7jgd+;mqueSsr!R?$NXEOy}BpP-cIqeN6@D|p7d94
zuRih0dUiLoAu8Fg^1t6kUT;f1kDs@6UTkmdtTVyt)8R$EEpEHa4Y~qo();|hke%6C
ze#r9%y;g~)&ez^d*FIOAry9kUUvisv1N$wG4;`!Id2;*k;wT?$TO~i=AD^RNXJz8M
zIM@4?psy0mDN&9q>nL6CVLBe~A7|s-U&;MWDZRtHsoQ*5iDq6DmCB`PI?vIjtrE@r
zXezsNZl9f7%>Zl02eutJug}i?w->mb`*fV08~(-L!tSW#Ic{uNru`vi=eAPXot3`x
z^E*<_mm7TT1vDM9%HCg8`(5te9NuM>JkOFn-#5RHo!xVY%JijZ8Yfc2z^LRr`{Jc&
z`j4e<^GGF{b&Q770^c%yX;<J~3HGi6r;qAQtHZe>7R?c)ZRi@&%m`pPkcv#Os9tqK
zmV;*&4G3I0*s*?lCRlf*!7(Wf^oOZ#2r7xp1oE{5j=h)<I+bzGEV??dTY`rD5;T;q
zDrfR}#ZGRg96zkAr+O4W2j5xd_hyOw*6j`eGJgPA-ks%4)(p#1un@QmTABvFLIBcR
z^%o{T+4Imn+dge}4a!b{<_>_p70!vi(y+q(mMC1tQ#sU_=-a#$O_y1t(RN|lj>>9&
z#piGs+TfRB@*4ML<MYuyH=RY@-tV6gl}{c)^HVC1X7V}|64g;X;Co_J8HWdeegi-@
zm7izA$Szd^-BIQ3e#hbH@*?WhRo-qo7Ucs6(xKg!e-28}ut$Q1JTUfE9V{mm7Jt`P
zs+M-Y<50Sc!Jsq!h1EGK5Ot0USe+wQ-y~OE=F9-yZ`a!z8moB}9t!$)Q7@O(l{yb}
zzo>CE7Nou!N0Ch4KQf|!y;Uhw)ZH2ey5Fw5H5By71W|8w7_Yag4oj@J>P`o}vxwzH
zIp#@^)m(kDlG}&qK01q3A`RgD+&!SX7-s@`xDw6K5NNS&W-M0{qC)%lN0jv#GO*e(
z;Sps$P8oD=ugGC_Vd#9D9})K7UZniBf#N2e$JJMND!CqNSx=h`dV<~A0ao=HUe|X<
z2KZ*mBfF}Pqy9OfQeCyQ`!Pht`*eStDs&jyBQJ8Cx>wvAkqT(-oDO8xBm51rbGk~J
zx^Wu4cUM;OI{I{dVMOIHz}`bF&SeynPdYm#-?L%G*C9K6tNw_lF`#?8O$(8kDk&5;
zIlAxWhk5+D^C%X-Eas-)gW`MWdn|qdQK2xQ^db*dNvTuuIiD^k>>gA(?Yv)!ru*p{
z?JuJ4#o^uHixl#Dn5&T2U3j)o^7(gz&kx4d<#9DMYvO8OuB3B4QKQ-Gbs{P*@o)QF
z3ljWateF3Lt;6@Z1babtGJcf~dF;(+fIrul7S8oi-gQcL1dq%Ca(FWYa0n1wnHj+A
zfXIWvqWp`<a<F8uWBnbOa12U7|9AlCrTLtnxiUasmZ=gasH8*A4~ENt(78rsmr*)7
zwy_lSsTII-GNb`yv-%k`K&SF!^|D3Xo^<eSlcg><qVB0$)EzDd0&cLz4N}Rh49fGJ
zzMN5IWF^3{?=DLmYb8LJX96FqMvO&yMBiA~0r6Z4*48v=A4umO49A)z(CJ#4-*y`J
z<7Vs6R0(Z=hYZJFyc={1)06Twfe8TFF@8BRco?AB_Ww=bmuhYwzg!^r<?Ko{n>MXa
z!tGpNAsDPi%{%{duDpG`UJPBY`z-2C2wgP|)PO5fC6ViZgvS|IF*#0GNzIZ_abBiM
zhy<34(pUG2|Aa?@K64Pf8Y*D_KjzN|z3LGjvpX{bUabbuA9w^!sA4&YH;3iC;Hm3W
zlK+U1>$iaAkexoNPpJ!Lkxw3G@A{Mdv%06pzh_ks2J4f-FjbPBKIbTvxV|c7{{E%c
zsAT>fu{WXPPcr`n=I><tFGyE_zIcdAKAFLN0+tPo<+6;=ry4(>bU9daz}R<U?m(8)
ze&@q>?V+rMoT-1z;&G8wcd-BxVqKfE!1}a=$BWvrqLHager#}A<>YIJ)D@CIr~eM6
ztHia6^SSCJAZk(P1Yhkz)A&{5{aaH4Rug+m$_X|(fVhwGckaB0fB1|k?k)C!FUMI%
zD6eDq2cSD0kWFDQ7V^8CC7@R?^K`%Ckl6j_sq%C)Ix7R~)(mJb9Hf$QLTBw=g68AL
zahem1ean{c^MpFEC>>P{QHhl1CWWFd29*oE03;`^j9mAKi21$+EJ>cl-t{`=tYC+n
z9ZUm5D|&>>bMf)j5a+j)f3xr(`33iHq4SNqMkQHkZuYKC^~8$XcwQnpk97+__wdh?
za_0P;%7%HtM;;b+Oy+@=D{v7Gs^s@Jj>h#lJ`XI<4ZNNwo#(42G;^Lx)SuuNVA*sS
zk#i>7w744#?f-&_HJ-d#U}XtEfpeW(o`_e;tIP{tf~f3znCr?55S6^NvPrHgDM)1L
zqw#kB&n5f~j`o=;!!aVmb+BA*oUu}E%=7<lYd-Q^CRBcTPlAT6%a(Und|pnTwaUpm
zj{L4rI+tD43@SIsLUxf8WS8)OnCt?V$7;npRW7^Owc@K~F1xsgCdw{t4&L9LrIPev
zjyajbO7~wd%rOTc{oaVgWf#}%nC#-Zn%9c|It><jt^xh)Oju}K3wk=JtrvjWO8bST
zf^KAhZ>3{YS2zvyvoZwf-sqmH3B~2*-A_hsndIsof0Wm&Q?st_QKNR=RxXnq8k!zB
zTmt02CBlcy0ey1G;gTPcORnxYG<0^L?P8wuwJ(3E11#4WoEkZU#q_?L{4n!HVEO>%
z^Aum={rV}dr~IAr`uO+&%I`mV7){s4^(>#@Dq$BqR0Je)FSK?l83APpnvr|e)<Z=q
z=~T)C-m^IE4S^dJ*M=@Zlj6>TOqJ4Spi@o@cF36lmDQ{=_Ps0c;)!Jy-Kzv%Y?E`k
zLPJ2W&QOV;$+T$#FVYh6A`^5&-~v4l8%I3TK=%(+NsWycgFtT@q7ow+F9!1dO(Rm^
z#d#brswaYOh+3)AbkLh7aJ+C{#qlCMGZ8ObnV=t1(gUn^XC~;Gqt(rwB|sdHI-UwI
ziOIEx6rS6#DIIigMt3pQuR=@ER44v-=QKf_llNgXBkTD&<qNzsvaas&3t5=rpvq+7
zoM2cU#bx0vj(2}sEaC*tpw%S7(d`l({r}-zXV&b1Ya-|g{*$A@Y9ctz!~B@Cx;zB+
zP8ovqZ0VU+AER_p(fuc37hbcN+a4)DTD=&}nNd_IPxMQ06z2{M$OS4%`=*@nh4I3l
zs_;dXIIfEMQ(ZKszdw~RI<-HQU2i#D#{F5R3xBG`+@FfoTOPL<O;zIlJrsw-EaylT
z^X;MZne!gD+_VHuPXSo;JC#clXitNdlfZpS_HSFS(S81WF`AtK4Ph!*v08^&eSCUx
z0L>Hou!Yjf)+j1vi_sh(MJ4;m_1Y7VSSwMDtCeVvXOF{T)B<R(74W>2o++a8M+uHT
zE5T8gS3%HM<FbnGcN|$=A)z;Vet^c*IK9#1jH{39;`MR23%!xji+6}h{7HJF>pb4y
zn}WvNLT{AD$9S(aj@QPeGzJ%O8gpKhNMqIMaWs~mNMjj-#?Hpkn5{qFM)k)sAV(IX
z>3jjLrgfZNe%>3$rv<%u`sgJqraKCHaV!>bDZOY>T4@sW5?=$B&c98zYrt}PY0CgT
z;XKp9T7CwnRWLlw?{W+Mk<!T9y{NzvuKQ6QPsgtp@5lCiapfX3?cY2fVDaiGDxCr@
z@G&yD91?J8TO6lTE3*TKC|o{7UHV^~exn$d>7kA3fx|O_G%XUkXd}=282J*X4HUXv
z{T}cctR7$e);9#c*|2F`geKi9UDMMia2nMSDStUjby)G8)zjU;VgLPER45&te#YS|
z68;b~dr@f;yzC!mQK9@G0<pMf=Kr$@O{d5sXTziWp%^^Wcd*zUW%_dSA(kJyfaMqI
zlpVfj)m&ePtOQ^8qiL8}+$Qd~kI(YG%wL4&>RwbP3OO@f@T=Pvp}DD--)*-nLUT<o
zD&}ILpNqY{C2SVIT!iKWy*$T*4V%3W#bD$A5Q}RC-0k209QQkXh{aU`wm(^fX1!QL
z$s#nDi+YFUd%))&NA>Rdt)Gf|htCVWI}FCwzxJXM+0OK|1YS`n8QM)R@Yt6u;SY44
z81wnv;A<-6W6q|0Xv=!71q|))tR{&%;{s4;gnAR#y)}N_Ut{qFn1~ab<9_%29gD}Z
zIz{Tz3qW1^QZGMW_?VyT%0+0ZBVZc+#`GWd4w~nKKl9(8U(9{C`}pmJ&_dU@Xv=z*
z<M_?RT;3nk8(S~E52tNiuN8|u-rZLxvVQB4sDRsU@c9clPSd@z9GgjSqcXL3>v}EY
z1vDr3#`fTdqT;$lC2hmGjiP#ZEVj`(9ITy5@qm$dd(DVY@zQ}RSt^0$%mClm?iK$D
zIk=wdk%gWsgHGWYTEunT1Rk=6+rnEOLUZO>_HNAL18?0T@}Jamd&ObOSMpQK=-<-c
z?kbx^Wqu;(ee?~pX{*G0SJ@<co*9*SL1Q(x&~c<q>ow_Y48BiAW3br5a`j0;yYA;o
zaCE8fa{pY)D`$!Np#D9)KB&v!bq1Y#cn#6g5a*x%-Kg7qf${{(8)lqEh4R`CfaavP
zsb>3aYV2Y(+qSP~v6`1GqB?4RaPlHFjqlJpx`@j;&hOBoy1i?$n_RG%`;4hS;x@lC
ziv|P=7YkqeAAxn@BJS@QZ*%p_iTN@OIWdmJ0I<#sf);kSi1)YaA42mC_UCnJXHhAo
zIKK>A`uJSjd;R){(ER9(urEDi=fWHroIz>Iwm%FL_J?6H`w{b3912$3`{nHI;tndq
zIY2jrkB>VeRQ$Unyc78LDx`6|Q`0EkWd{od-o^W*g}ZoeE#)CJZ^Ibgy=4l0`z*F3
z;OQccr-L3s(>#NUaSmMk2clxc;bLdpzr%=1g1q^6{uXg+A-9_sP#KEl<tqqM*pE5O
z?Q4dx&$wl-OWXFKkRx^6<CELDJ&45FgPh&m9&~Ua&#z_g*Dz!Dpgb@(@1pnJLumRj
zcAoTm{F#n?i04&G<}ceRe=*myH?)60hvvw$sC-I!+t&5k{k{F$cYvX_ZR71bo<nos
zSyWzm2u<}wYFz4Gh~`r%=B=UQJi*7=`y86xXHw7Q{ylH=!E<PSf94$P-@@Cx{T!M{
z&Y*&2<Jx<xpfAVa30Y#kcZ|N$Rnk!eEPwo`5;Qjn-zskN&StdeI^-tvFO0pp?Vm(x
zZ5BBo!QM8<c;7P)+ZXya<_qne40;LN-u+Y=SYDaYEQ=rX%0Qa(z*^}j=nCh7zTGj4
z*!`Wx?R|OC+@-Ytue#4%!(#)bH1K(Ou3M(x(Ei3X$^C!T*S~r+?SDsiiMM}$=Qz>-
z0??Zrv&e4IUp4ONtGC)z0s6t3S>()}{rej(-aj-mY5p{o*z-#(K`+TvNmX_K{%Wr1
ze;d`?V*MHXME|xYKrb1ll9C(x_xG2G^?OtF&ld1|9`ur2mCOtD?;o1W`+FWu(SH>0
z?+Sum;#5h=iz(oL8}AQKr073h*suNv^pc4xd9%5He@`XvuQv1k2OQ&l+Z|4yG*~5}
zi#hz=uYrE>GL;nUOmTkYynj;*=;0!jOanv9T8L(LTrEAjW}IDfEg`miSc;s?!~5q|
zrZPivO)USA{yCmKL;B}#b`I%ZzbX8q6m_1MA4SgO-YPYaD*g=1#`$>u=7QiK9z>Jw
z+j|7{>U5R(Z9mB=rL6XR$5Wg>={;Gs6|5$fccmcc`lgJ$^9OdnPIf-kJv|{$-&C*;
zTntld(p7R37+UEyDtVUm%MLb8DJ8r8u`%auORAG|FIavF_JUPTR?5)jTn2jBQOau5
z9vHbTpPo%b9yytwPv=5Ar(Z$vz6a49CjS2QgJ@nw<($`5Qm8_^%LDC;|H$w9Go{dS
zt~2$z*Jv$OhSnn&1gS2*2jFNJ?3(d;z8o;LmCvHN|0r5HN%}jFWzPy;`yh{Hr@BG;
zgWQiTEawJiJ&5K8algACMDsCWqx;E&Xf_C4r{qDq-cnxh@(0m;SiH4O>+4$(yzD_V
zkBAtCA3w-*s-J5=^v-M=zeYQ`)X+XcRJs;&x$(IuDxNFdq%Z{St}wJ;Bw+ItaK1`)
zhX472aa|MEXgSLaZ6~6VfHU1?3};FkW9NI&$Ir7#g1wR2^uR7rTexF8Ki{yjE#GBP
zxeyjEkV|`r43igRxqGBvgC36;{z+gF7fi#MKoaI`=5xm5)ImR3k=oe-ItQK0WyR*A
z^RPMO(jGdGdu7r*Q^3l*8>Xh5<MX&VKBqKR5bSx7%THs|;8kZhajfuGux84RV;_G5
zI)JgS>;VzadfcX??4YZ;jC}bx9|L-rKEYr`<+?rpDQC8vJ3#K5HO$>ptw?%@3@o1|
zz4Ngg2&;Mg0$8E{lrvi(h4ra2*=N^{fzQiH_!r{)JRq>4oP_59374xRv<q6?h8pO+
zj=#@0y$$+U$nCnm6?Ap5O7bczyK^(Z7oS5kIj&w^4VDe7jxr$Q;^0;LI=7urcy*Mi
z<jq}Rc{5bvyj&&flVHhdDv_V0vUwh>8BY7t_Oxv$)rG`7@|(OqxZ&*2JDm++jn7a?
z_!lbK2GAAW3VL`B|6BS1bh>X>E%+9ssie&Tgu;XVW<0}xqwt{rZu%H>j{&|ja$fMP
zEC&yif-h7vwwvNOrIo*I=QJ{%{(GvM6dKU(@<aQto{7<pz20wo&rLhttJY{ss(76q
zy62xffM#J76)G=1+vk6t9c;Rxl+>(=;afpHr=#rxKR~?SrlO$}f`+O`B;undhu19H
z=HPEd)5KdQtE2lMn&nZxx5va@DbKL)LhF7suZkwoySO82>f_c~7k5V-DkH_e=XZpW
zm3T+^?*^+zj8!Ja+W9w}M#rnDkKs+pnz-@8Wu#Dy7h0Ee=L`kw)GuJ_!(eE1+zJ8T
zBln|udo(qls(CuL?x&vS^y~mblfc-wMfifjvq?3h?&7iLpKfC`J9%sxT<Uo)(MAJz
z#b|<j#Ou1-b8dejHfPE6u{m8}?5h%UI$utl(|I4C^Yyqnoo^)0>HjTQ;c>DrJQE1{
zUufMW_W#`dXf8c~Q$ynZ*nU5n@AsnO$##=$an1*?KKGs2v~7)cvf9u}#CZE2;C6NO
zJ1p*y3xX~6Yc$>9xnEPsNNy2};RYa01HkH#vnNMV+^r%mRD1pzG$)I>9=RV)U95ZY
z{b+6#-xuD`^Q+OnJIjD{%ms4a{b+WUsib4BN=`>nxpDFuO<!hcj->U($JbR$U=<FL
zEV{<{_4lo}2U*U!8}CPRpPiex2*@w*N3)|yCC9|K>+eU?O<^j|<Lp^3d%V@e;oI4p
zgnuu(`F-+GtiJ!}4{`ct`4T?o{su5F#-o`2u$0TDQZ4wL51{F(hN<y1JThsoH`6sW
ztHkYu_Nm+Z^Qn%r=jKyQtJY{ahN1mQ)GN!rAI)4bUY*$2cbIx#^Q&X~>R!qB6`l^P
zw(D3Kx<YsJeZ}uJ^dSE>suq0qekC6y%A}8T8ggui<((M00j#j78~e2by43smIBn^%
zvHg|&+ZQ#lv74Sr8vCdiTkr&`!+y4vuRRhs7E~sliS%4-oQ{Di=_moh#@oVq<MthK
zJm$3|UUEll?Tn9msqQG`f-R-wlg%8?>K?FczVy)Vg$(gwlH9z4^N3gefM)n!pz`vi
z>PLw@!dM<BcWfyoZ*3N1eay$FJm}Wnqe*3q@c$<HIBcThJAxfEfjr6i6yrl3GgYGg
z6?9e9NKpYucpX@8ig~<^Wn}wi{%#a*1<PCOCa*rl?G;^r0v#NnmxG}lzE^EMBIi#&
zv`B63pz;8d^G5|cYruEuZ_$KzIj+a!xBo0E-g=I6Pm3}C=K$!{y{LQF^Y2gE-#-K0
z1EAkc=R#DxoA~dK*=sohx(iYFHuCRl#P@p-@qYDSXrCb}Ew&!>q?@d?+x!!B2~ls_
z%KI+0$NUHH`#c!hpAnU&Kk(ldir+u_7oYP2FtiY>$H?>*pUVlpYnuAgYx)n->&7)&
zi(zQ(XF0u2{4JVSp5<e1^~dOy-J`!n^ZB!>X}4o(jCLz4`_ry*OA6Yp;NSA%Xt(L{
z)U><3E=IdItxlv}&t3g#*LZ+``!bGp-G4|L+orWGF<LwGJFuvnw2Q4@B@s%Oua}bu
z(>okpbWYojw?KCHEXY!Oq*;mbl3ET{pWf;zB}aW6j^W>f6)924>Fwprj?Qf8(^XPv
zl@r^RenOTer@`Ewv|*(^)jv-h*SIkzhaJk;mftCln%u$sjq-x4(qQ<c`_S|}m&n`W
z@xJ2>KgaKX%jJR4lUTfD)*9_ZRsZ{LR+PnhX;fwkI~=W-oQ>5VvSYrfo{&oZ?07JS
z3$H)GYp|UbIu*qQ3RlT0C$?Ti<$^SMZciGOJtu*lkpJnDIN5V1mG4Iesr+zA*_MCj
z{b+{j`rl;~zn?$DWtBn$d@c|8Y6LFtkGpSgIFni~-M&0d)~bq=Bflym4O_V!>0g~B
zmjYO)Ucza`LXK<~u-5P6IjK|8jH4!wX83*A98WX;IscEjKaa1X$ohcs)7>|VBtXnU
zV-n3xzy(}K5)e^SSs)+?Qg+ydn*;?xM<X!f07E*9n8k$_V!O>GfLmX29`w0UqT_f0
z#~H<$QAQl+nZ=uhfMymHLQ>i4_o=SBx%Va^Fu&({KkxeoA9A~^t4^KedrobqY#rVo
zY%?wwe->;r(&NM1OyQ$J{;nd_W_)+^dV*~RxG&uwY%>MBLVe4vLYKWY;MpU={&&Rv
z>&$=Ui1B#}DDA01cEb0EWOYlohU&9(W~iN9A?iju|1&$unmuT|GH+x%NqK;pzBZac
z)>E_g2^~whRYUBB>GtD7h7*Ln=sKNRJHHZpwhpzIN0?q+W6zBksr6vA)eXhr54+Ee
z!w3ISi8CJ4@q<0Qo*Cl%Qv!Prt*7Rp5pcZes!E){S;wn-s9N#>|2D0Msu`0i@jOP`
zNjootk?I5EgJEcUV+7h#6RYs1Y8}t+;q}B1qV0wC)cm-Y&qY1Eo|=DP{$pYmNkfv6
z>XeMV!?d@1g!W4Fs&K;-I=-f71iv+<5+B>F;|V=f%@O_W8L1DsmAGSzj@2HjP7~$V
z^l&<TKj*){3L3Yzt*7Qw-6D3+0aCc0n$0<g{IQ46%gtKPzkw%1=U?^t;OSD5+yxPc
zq=*>!uJzRXc`sFw50Qg~l5wa^GFA@5llw>F$=oX3@q~^~baOu6ww{_#_lom%_lvRB
zmuze`-krat5^pRC9b4@a?Y}Jg+H9|zIgQ;C>}R$L`?GmIq)N~je%a5z$|E@%A|<f;
z``nnU?%j`p)}+L{JMZUpEU)DD+f<|&%@J8|(FaFc^%XP85fN*;Dnnz<`sIOqYuB07
z%zskHcFwgss|NC|d6$A`q<P6#yLq4c*HLrx2y=}Ek5%G)UB@qUQ}sPT@B4oLw~m@u
z^@x2KVjTGGy1+Paa}QO2asT;sDr<fvZrG~hvJuKilet~~q?@YGi8_DXLse%wBKia1
zfoMd~1EF(S=8OE^Sf+1x^l-oXsff?K>!>O9QFXhh>m$*p?)5x2ym}F6y%BYZe;r{i
zDeJmQT)SDvTDN`f9@F*EnAS(t;`{lzvh{;-CYb*PJ1TL9uH%`)HeOsu&0qIXwf4G7
zyla?o^NqcHUfR#+N7jkEV+F5Wn+L6PECCOSLL@g1krYQoJ9u-u-4B2^5fF)VfH7w*
z&zUq4fDlD;Pjn!X`V(i@>?j~HJ^Ws}XN6tdy^ixpe<ajKy^8`iS}f>ee7|oUxAFJ7
zsmk<v_no<f=`(#s_`FBJ!*sXg8EP`UE;TFhrc!>+*B(nP4%OXYz7axIV?DQ1*PDC}
z<XB7<{-TQ8X)w<YihkVI$L}5W^KQ~Qe)pfBcg`O{$Q_feg`9U;Ht$N?!JE~+?q1MJ
z6+|2kFlLVxxg!)HElRRG`6te<+$bOw5r`b=rs{n{hmI`ZI+V~))f?7P^H`~lQ(vsK
z&-VC~aqbAgS5!Rcj?jhRIV<>jqtMs*b=178kFQyf`ve~!2wjWv&IeDY_-@)ry0@ni
zXO!vq6++dI){C4$Jybm`u=vsu{KdhUl{jImj!nXK<4Zw{ZG%C&f$j|G#-BwWTJGby
zr}&wB+13>&WPVA6jXLMhhA)NgI3;`hus`*)Jp0@ui=hr~0gZiQh%&)rUe|i?5GBdo
zvmB9YMXt6#^-?w8Rf%`~RL9Im)rkJFZ*LX&|Ev3`nI!0Y?>=gd?WHPNC(f?C!}TlU
zwkjO|#8Ca3)I-%^J588XiQ~8GI8W%^1NOeL@$J9srW%SKUo$=ej7y?X$lb%y-Bhg=
zG*0iK>ND%8S-+HeSe&&<)OV4<rk(du^Tj@@E?v*})$9(EQ;2-`SK^Fv9bZRAkYipY
z&e*Es%L!Fy3cmcZo9ktPkg0D~s9w6}1oU!CZ>ViY3fo32xNTR~a@#)WuEfX60=A8s
zXajr3`oo?#6+z?O_woIZ=hD~Su5;^h>Ax%SrpI)Ax{IoDLYJA%Fu4ua?}XWvIDM;*
z-{qKnG^vm4@kG&Qv}_Q@-5${6Gq#?{?jPJo&DVN(|68KMt=+RZ4}Me2=UG~!W?A}T
z&WBmG)YN4}*fan7u=6(X^eT$GV{Ii)-=<@)(8cCVAc^-;vpExyM|-H+6Lh~4>xZ<Z
z5^pNe@qsR?ezlJGb#pIOj|m)^F@n6C7F6P6TXk#+UIz0p>-|ccP@&^JT~s}^j_=P(
z4esAO-oK}U`scih_ixNF{exS0{}MJ-;xpTHTq$CWmbHv#&P#VURsV7yHGMOwhxK!l
zkjr4dx3PP89WU*x#G5L0ys3+-wd=S&e9GeVJ1g-Q!_-sg_eC1-%ZgfoTX*t){B@Vm
z*8`RKSb0ES_2*~<duHovIoH=W*M{nAFkK6~xDD-CE8^O@gZ2>22-wh%{Wi3O(=<)c
zgl^|Fy(4HESkIgeo`Mf6acu=3rw6w?rE7#3?s^`lOzxuU?Lt?Q{cY#wl6rk68Sig9
zhqwK#Xgd{G;*PBWez@MC4eS}?2Yb%=@xa=l_B%M<jOq%-i{4$lJ?AXm-d53GQ)eYk
zs0_5{{eU*GXRJN;oVB-bE#H%NE=*`juEGt~I{sHDRk1CHM0aXwCGIF0I=^weld56D
zmcHwuDvP0+EwY%JwKa7uH9r>Pvngw-$>O_)>npL@7iveTM=Ei~qdNY)ld9hdELq)6
z)qjb<Z|OPDK7mD*IRB?QKG-=_-%F#a@TMvqzuP&yEi_H8!VNV#eyfwJNAKgd@MRCj
zz++KWc;hg!(Pk2A56}ALF^$V(yk8z+RXCw4C^jpl4eXgMk1Ecif3D&Al?LOLzmKU)
zD)FYD>bQEizQt7GV^umX?+n$Cje;H|=sB~K)01_170#~-(vM%z2KJ26!=5vGK3+r3
z`^6n-O{;+XdQD(V(zFVZoBM{+(R5Q4Zg^bB1)UtL4y*}a)w?7xXJ_;K^GaO%sE!wP
z^0<=4B>UFznB?I;&i9PzRoL_RP`)P<s<L>O(aU09M(@woP!sis>eInbD{=m#I=;1&
z$9%iiFkI&Jcv&4^RN`Zg2Ik`#T{m`e?5SGAbby!L!{X&N)XcBe@$PX|_}QLNxhD!f
z!wsCz&-?j2r3&Xi9^|)+X#;y^^Z9X3_k(Mw`K$h6czJ6TPIyAcV+1en3F76VZWjLq
z#%NEy5E!Gic5>bg`0C$PV(n2K|DlVjt~Jz5cudDx-&BV5x#KKV=d7isH=TM4e#dzh
zyl&zJ@Fa`<z<wEgb2gBl^tLtBWbgg><uBtqJJe4e{Cy?f^r()%I?MM3F(21F1<18)
zsOk6R%~KHhRQP}^gXD01H&vN`zich{@A{3@v*{0&c;lm?Ybv|Cs4D$|xAS|kFR3X9
zNXud%&8vWXxrX1n-;{$$%VI>DS0RE_(EMY#-JPMdg)_bhKg?)*xr^~X**^Eo_<u;$
z$M~-&fyTx&Y#j4kCsj+<inXX@o~ww(t*H+o(v$}_e+!cAdrF_q>>M78Q+HP4j8Yvx
zewMWv?>@4I>)MB6?&s@!1A6hZ5yt+z7gS+}$D7ZdJFe?kP=&Q8b(|}B|J!>5yk~VY
zziH>4ErLeoKfU+zy@gEfA+hsWsxsbfDyqa^{8YzFyQrFVY^bd*K0AD$3tp+jwPiY9
zaF(j6f3Cy{+e5#bGf1x_ZzayJ&~eT=>XXFSc*fbGc2?l2#I@x*P8T%SK2V8wZPW2J
z=ZKfHL@a*QIoc{cU5Sr9reo(YZIwz@_*kWmFFDI&U^doz@Lp=N@z&==@J!f1^f}sZ
za#rDl8XZTT9YNL$dAvb8M4uk!y4%^we=|MrSY3(F{8Y!^593douB*ZckL&o~9ie<~
zI?UsyZ#stIqwsOf!@SE9@!(%NsCw{kl{kNpJdbspLk~n8^SchJHVvZ(zv-ZA!h@CA
z!{YyQ*w4X<+}HiGgZb7=-1$o@@y4G9>UpD+KOewL@&46Lsuna?;@UxNx;v;^`uCxI
zcxjk^AH0#{|Ia$8%5dWNF7Dr;f@Uz;=da{#8J#?rq+gC}JE@x5GPLcQ4ysaR;=q3O
zj^(n|!Te5dR^#crB+K4Yb1}bz-<1g38AWmf=tmdb!}m=3Zsz&g8YS4VM}i%x@8#Kf
zfDTBoqyArr*!S>&)UNF1Ya7`fd)=kj0Xg>CMnO7gcFxP|AY=M_d4$zb|2-n(_vVol
zxTHNhXidZcOYCoU{{XZmC#1joJ+ku=1n1=a>%BbAN^!uOP&{b=Q66}{mgVoF9|nzm
zTQ9+mw<XvC6?r5p0+B=C^EIJ~G1=W&I{%jOj!uDr92WL|!fE!t!5u_#*tz>7{rd@L
zi03(CKVc>i-xNfU1`X&jWHnDi_Bo%d<)Eb~Qv0|0prNsdB#HfmVoYK0-G2?h1Cki;
zN<f^~frs%W(t(IH9g(K#;JMO)$g9)AW1sVb%rAQtaQ`xY=>F*XYrwNM0ukQ~L{cPZ
zhv}gCGWp-7eBF9SK{*(e5q3T=d%cXktG}7QV|`)2r9#m3axhLRN$#^svU_?C7|!yP
zuHR6qdief3`#$}0*=dx?xx|?s*rUJu7SN{LgvedD59FEP`EDiHQ7CeWuySxKXuD+l
zJoJvRlX;{(5s_UF=MZ{VjK%kR&a}@&=k7zKVi|b0M<Vhyz;{oq2)*OyYk+p&a?r{K
z&P2=hw;^YuH;$j00Q%9X;!O0WF^I(__PzIiUrkMPD`YVL=u;BhUUA3FRrgZ!%%;$s
zvEFO=85<U--C$6&_77EdF6*<qc${Y6U33w@8zu4{YTgbIKP<m)2|CkoBWP0)B5~>G
z;n&T>@au=e^Q-la0KZ1xIh0?n1taszyYAfldYbX;=Ar!h>pj%e)(^_DJ0ZZY)*aN$
zIL7%kwKj-fXQ`)I8E5Z_V;FcCV80jOGkz~bqS5jkHCY|Od-<s{(cZuB-{X6UxWnP4
zqgjn-i)5pPjXUhzGUMD&-b+o_0!VLC#<>p^f_>+PbdNp9GWmsj#Qoe0prL*gBApo0
z<w!*QeY5i^=R^9QQHbagoMO)vPoAA;Wp*?o&5Gg%Df3Hx38e4-GOLlb_rrUr$#c$(
zcb{0z=P^s~p{92+G{i51^uLQXoh!goe|As~Xcau~o&|EuUq%H_eRpV?)Y;%+w7lC5
z<b!Uhk;SZ%Cyy|^c7mAKgn?Y}d~bf#&^!4ddgxwah#Go^!yCtCc+RsFLKg4*3z26e
zICYTWW;j15@4OzgQl|SNACL1Q&=PM#q<a$2H?w;Zc$i-Pc{PtqT@rY*8Gb3MeWsc5
zzd+;?bo$rY$AIVE2xv$a@j8?LuD?{_hFTrR0mQGnho4zSzo%1!%V;fCIR6<Pj{=A<
z5M}fugUb9*6|Sx2_mng#@sq_Fh#gG#{rZ^s9FJQ=_}d}Q|E;FxEB2Tn(jB>)noo+m
z2f|kS_iiS;<<<TivPo`QM9n%%)rLP+;YGDNzKuN}W#857=^leZaw;+Z*R_l5t-ZG`
zC)DS8CxYkQe<9Mj6B@t#KF`iMlLF(~(N%+FkOA7bn-E!aId~3+BO+Z69w+EWA6d=k
z9bH-AITVgW{-3}dSRpx;W$@fA?wtDLF20Y1(F9q8_S;<!p3WTEIBP<q(ofaHMbw-v
z`tB{_XFzs2t8wk~I(|u<2YI)Mn%{_V*E>Z+ZGSl3W4zy2M9t^KnR2U$n$7)Gl`;@1
zoht5Anacg=!?k?v=?1Zvc6$+D$8%*5+H-s@cwD0pxi=P(6vy^<@XqS~_GZwo5bJmM
zjX~ri2N+iXkRC;Hr~bs*wRRMcs~m_-5VC$y)Xn4>a^C40UiTWi?#J4}o7Y`^GiX-^
z)qTPN#+3l1cTnBqM4p<5im3UUKB~HI$RcSV8>v3Y*kbZnZOZRyL&xV;nBlC|FUoi&
zBeh;K9u{SG9;OZXpH^Y!yXr-m&z|A$PEo2d%uhJX@0eh5-j7BF?wJrVhkajN2;N@}
z9_FJ?E92Z}6^F4H^rQO2Iiy30vGe>gdGg#}%)ZCj_bl0Ya%7(Si}{fT7<ArP<Q)Fu
zFl{*YdrohN?fstH-Ze$k{GrG>FsX=|rzur4IsUra{r&mqKkE<E-y!|^VW2<d=je}P
zg#LIz^yeemu;~jfqff;->YhSs5=zyJ1>N6KE|+yeE;}hzAsrFlW#Eyc5!rJY&&kUC
ztKUu=`~B;CiSCnme0`5$>&ZMs>i5xxlT(2Ft%#Z@r|>mC8ykYx_%c9aWu6sfLhSiE
z@boI<+&xO9Jzq4jpW~G)5j?&zh$KQNX8lp<>aPo_`R9H%ejMkHKV5|r%+NU^7w|hk
z_KNcC?*oO@tn26fg+$)pLzi&ONe$}n-}|Y`V(d@4sfNb#HNK>1M1o`NEBmO5qL6*R
zg{AUXJkb$K>+eL{&lggY(OoaWegLNtUon%6o1JUlXPJNyNpOP4EAr_qD5NHGvRG)`
zz<pWuGT*1h`1hkL8NK6d`MmTbHMO29%yg~6<na&FH*Y7?-*N7(h17h{zHdji^9!Wf
z`30nQ*MIZe0ZdL4MScPATRgvjKMw(m51nuEJOrs;j`Q_z@_hbhCphdo{s6*2J-?XF
zPXqlZ7H#<J_q{T-e)P)F`s-f~t>5|b@b!n&0Pm!ExdbX^lBOs5SPd@YbDRZFQj_sv
zV^}rb^lX3^u7A^p_h~>@b4G!-EG|?|Mg3I$K_N9i5POoE@_<}hNX@1^M0WM_HN{<H
zs&U41I-XKU%`yE{{i3xBZ+eE0hwV8gaZke+G1WN#IUR=yyk>PJin^W+(g7(qmw-N#
z{MVBrPD$kbxc<q|^&u3?=Q{oI#20N<xb_(x|Fe&(EQa&n6Kvm0tnxa(h^xl6&*?b%
zNouzA@w*Lb3&r~H0qXI`LU$HY^L=~mKFOW-4EJFrBB#qg3#hqA_`Yuoxc<hEtHuq_
z>G=13{H_DNP~1l(a~onhJEM@tnFob$XEHzsxjueXK+TALsva$*ruUcB^M#19{5*^i
zx$pdaP5)aJK31#axB94>u2$n?&*}KT`l!0`l4_jrypH$vQT2mDYQhK9vr&}w*VQLz
zXZ+t*DCSr55Q|YY=3ANHo8L>--J>`U8CLoESU-mIabt2d&VOFVpFBZLqc2e3x}f@8
zqd@Bw_2u?b)pJ=j-t@eV9~Jp$CKQSNUeVwI2O{tgBEBg=^k_cM+S9}MKW^autE-DR
zPklbx@I`kOW_JAv)3=T)oNwy*H~mySL#uGYvpW8;pQ?jx<-uW|O%-v;aC)?%fSSwt
zsQN%5HJRUI<A8&MatFO#K+SdiR9#(2P5q<c%e+xQ&1(hTF|5D4fa%jXH^X~|>kQxD
z=%p&-z1CTUH<>zSwspqA?bWccTyk%es&U4%{2n@g|7S7UJ|Di_rwXW9)=$;+*lN7#
zIUO@x_V-g0eN5}4>KBRCIOBO8r-=8A2WQ%=aK|$`PGtJ^5B|6R-2?qpW&KFr!F?8d
zLNok+D*iiOc6C3`2mX=-`v>xYBlVp5z$b(c%?F+q&hzKiD}mhKte<U4ocq@Rr~Em&
z*_h!F8#6esGP3Iv?c6Pl7yg{wZxm9q;BXag-l^lk<BKbw89pcX;QZr{#|3C$a=fUA
zn#1MsmU;qtyw47ozx!nN|KIt$|4ym;f&{0^B{=nemA~6HCXm0|JLdl`fA_)Bfjn#n
zqXYT7>qqna-QLj`mcRRzf|2ugZ!e%GiVn@+{p0^2fA=0&Ab)qM1fP{j@Y(tDckh-%
z^LN{E-FfnN2j}L#+ZD*oeUQ)$7CS#%5XjBV#$&$**fAtGcYUIroBL-^P}AuM&CR_$
zC^z@Vt9TA>^c|i0PEc;{!{WK`6rK9!F!{Eh9VXxQj-Y(o&jjV$X0fq!sA?eJ_9RNx
zf`e5d`L-v9<lEjCl(z-k(1i%UdtR}zfGDzCad2DdR3sY%3U5M0z6w0q4nz)J8FYWv
zRp5C+g3ny<<dG5?+MU;crc3ZyLC~25@74U-=AbhPO*eq1pXGPXu65b@n<o3N<#%zX
zUIg0NBE{gjRL8knUDVX?;qzE}AsBbM__+I97axP@YoKA=dPw(UVxm}2xFl$8ASAbL
zGI(ABHck=aQsB=9=i%@s4V`D!lZNK?KuJS$b3oEC^GS(A=c4q)p>t6vk>~Ij{{HAM
zY<z19N2Ec59Rue@TC?oAqwJMI=TTOGhuIM0G2?aifjn~QDr&k`c1;U8YvSN%X3|6s
zY{t`xtL(Y9&q^JE9N0})f%alFBEP(f)B9+o$boI2oe^V7020hsX99SdiWI}Agt-er
zKYDx`klquct+PJ{a^us~EL9L;am4XyB2Tjd#2F8sMccq5>inG5S%29eIb6o`1^rTj
z{iRA!zL;E*@1_*AiL()LRB$;<4lqh>+JLxH!IPpm+P#<ad@&*4uMpqA4BA8&BDvPk
z@4?BxcP$&{`}@V*_G_R`d<c=3-WdA5F21iX0qtBm%f?&{!Dq7G&LW5Q1?2PL>qF(U
zdk<*4q7m7+hv$SDkdJ(B`S^Yeo+gFMCr!xbOi8qL#Gq!I$e%qR8>ZKZ;Awj;R5s`#
zHZJ66E*#>nbT8wxeRpfPyLB26Wfe7Bry+8g$RWs{^{?d5F14RI+}$gwnIdwgbgrak
zs@SW1W+gQzh}<aOt)%AV0!RO~lA2eF`Lgzv)SM*d*G{ga=G7t(%kh=eJfAJGwpqXb
zXC*aRUp4=?(|{Zk&sK;#ig)MmIkkcuey{7#cJTR$(|@835n`{$NI1m!v#GEe@BO)s
z2j}kbDd2gP;fUa^kMYm}o@Pa{*9i6kobvk5&HEA!#>4;FNzDY%G2`RuuV}+3VjO6R
zam5oW#eMH)==ubV2G425;b!{toXBl?Vj7T^4ba${3B+7U&6W+Q@x(MlS~C&(ADbr;
z?w0k?*g6BqQ|$eE)Yv)$5$0PrJyebN*6H{{d2rCKFU<YZmHs=+#<@4Iq-GQ!L+==v
zf4DO+|4{oB(>s1&_w_5O3C|9lfACEM@`%ti#|sQc9efRD8j!MT{=8#-H7=^taj+dA
z`@Fxyy>ult{qKJ#^pbshm(bPk`vcGBi)U;M*Hq4I$YI~r$lg(babyP{Covs5BKX{9
zhFh5{so7@EvaStk<7QDG=?~aQhIr<e)pe|`A?E~Dcj4~9Il;H<0y!w`GV{dwTQ@Ir
zoYC_d$IlS#n#ZxLU>|4`??mLocL#i=!Fc3v_xR3mD{yXJb?<qP*GpKvJ7-ycZsgds
zI|!RfYeCx^jYv){Kkx9Wz$O>NAkhZX_h4Lc)&$NbwLHk|Bf?z<`q8GH;nvG5a>>M2
zur7}Va^k57t8NG1XU8zBH6_m~0CBGytN)2mU+*ms_20}_U-5pZ-TBIy?u6TO1uQ;o
zn*pTzZfY{#waq}pb%<l0AM2ct@;)<v+dKn^bRdtgnCJtL+Oz8ONV8g(xC)@Sc?&eY
z1X<lL#h~tjGSEW$`{?j;lRxGBWqq6V376Z8N+8FXzL?Knmi_^>isgvp{v}jy{OqUd
zZi|bwQcvZO_se+Bp|-f$mg_4{_rV}p6}%1FU!xJZ<!$cg4+r^qaaP5aTS)((=CbO2
z5J=lJ=Cc&{%dT9~q=dUaYz2$S?bp#jTH+$D^c~#qGhVjD&9?l0U*8=nr~2)oa&nCU
z&&+Q_&&$+5#^e+>AgALwKz7{Ceb@0EMBtyHzDj?B_qS;V;`yQK^T^i#c3x*DuQ~;a
zKZLCA4`WdG!N)-h?xXK%@N9V}k9;jBwR=C{F>UbKTW>RecBl*trUL_Kdwc!oZ&f$r
z|J{QB-c$A*w4LuM^(%f4oa?W=4)(2`H?I@4_x#^RA<~osq+n+bnO7$6k?i4l6_(eC
zb3gr{dBb>K1z*i9t4&Fse0&RPWU+K>Icl6x4#r<sP}8YM=}prRVe$0VyLsM-aVy0f
zP=wUrThI5VF$}MNk7ksP;&F(7{)zdN`gF;|@Sfr8iSlrZ;r^s5YIYo{#^o>T_{7dx
zR-V`k+m;ex$xJROdDi8^mmeP+Y4xq3=JBz!t!nDe=b*Z;5`C!&m$ZY#pU**cr-|q5
z!=!<H4!;@5=b*Y1#rvz1Bs;f)pKk>_vq+qH*M5mKkkjD+`_|;&M)}*!;NKR!z@LZt
z+f0`R@;SKKcXj-IU$v<BYH1*!!yZc2Kdzu=$HUdQrH<#%IiFu-KJnO=YFu8g<L*AH
zmaOFa!pHXUJG@&(obggGRWmkKW2Iilm-kaO|EJY>Z~giGE~~$_kE-{Hcp$Rx{4{Oa
zR*etW>-ft)s`};6e3D-W7=6q)xyoRO9=uw~_qLuZ2FQ4%8t2q=9r;z?Iec1BzKFLg
z&Vh|j1$^4fCx*esH3A!-2CZT}BCXF}m`^+OT&PbYri~l>gMHe;`$79<G$JqF&vA0^
zIdC!<e_%PUhxs&yl?)fd4&>RsjA178XUxB~WCHp2Nsg1YPaB&Tz{!<^{23l}{xS|c
z_nL!na?wzKHfu$|pZQ)0^=GcdoX#={_7CUJ{CNTVzN|?L^<}Ol;Bmbpa(isIF)cJt
zfx({z=jD+O2jQeEo5YoJ`t<j0oZR0$=<W)J#i8>-%e#9NY4Yynp|t4t@Vp5nN^mZL
zOWX_-D;#j~yyevN9fkos^vwk_Z3WMB^Z5#n)%71j!?KScJs8K^bxxn}b57rj{yRM@
z@<{n<j_0{CIo(ndXiSDl{@i^zcCHEHEC-K%I**9+LfDrF#FvAJw-6c*>d0!z<GJ}#
zi|u*5_6Jsj=8Z-q@sTZETOz;+UK`p2OkV?M67}1_qnDtaOwM-($r-HyPsJ#nV~?-h
zCfaja$CDzg3T7|NmXh+U`eH~A=Arjy@VpoS7dI=3?mr3qZW|k6J+YjcZDaGS)gqp6
zn+BwkJ)6eQ>G?4x@*FtBaH&J*IP)@u`f8s9o|DhekUfH~XIPvb88TM6e|hLw#ofzk
zIawEOwQPaL)*K*3tjreFc(QJm)tbZazV(m$RxIaZyxV%I>KdO#(vWPVI%VVDr#Mzt
z1kDwl>N!7d)|OS{mU<mmiuxL#<n{cE4v%wX8v-~twRm`(OZ#yE=kD1w49@*n<hk7f
zTE!MbS}QLM=h7Yv#kr+V4#l~wRUGG%S6w*H`EI*#oZJ7z@Hpq28H#hxj6w5m<G{1M
zHWcUdsY7utdU-(q;pd?^2h;yEoGYC=2<K1$=g@|sIOlw7D9#nU5{h$wE)h7gI~3<~
z1<n<Q;9M@>AG|P>j{0RB<5-#DFz%1bsp;GogmH_3^e^KW_v~^JkGi3u`;AbHdrQ#f
z+8>H>69+KPVPjnBdmQ5u{TP?YG0wGtW1M||VMU&Oe<9=7DA12y#K!G&f%q~Jao!IN
z-U?(j=kWc*QaNaukl6ml4>{(AJ+irLSp*ot^H}u`M4IyWdPvhxK-&|E$f`*Au3#f*
z@14rBg7-m)`PJaLN{(v|@K^vIr@$De1O&ps<7Rj&o*{-iH*(x$nAtKHktQX{&G6D5
z&(8oGH*Ni@fOL+pNdjN_nt>l%SsCx6kp8Wb?EXecavu!B(wmoYES)Q`^qUz#zJ1{$
zD}5O?znOu^w=c}Gj@j=na(_DmNZSG+*Dj;xw=)oFTY$(P?L1;xBn=cJ)h8QMpB#!`
zpLJhA-1moSy!T}tFX`bJ*)%~hWdFQINwoFh<9vL@V!z{x!`<7>+bwy5x7W((XhkGV
zSBzAbV#EtNJ`98N&XMIu)!-b9pGOZ~Z+>dInCmaTuz9vkVh-oZ3&3kuzIIJDo=~Ub
zq#jQDJkb}%Q$O#FAl^01t-*))>3D1pRd)&6Ug!?>cg(kC%;)9ih<PJ64)QML<Djp5
zgwLD-<URIm1|nDX^LaM*>}~Pv?>+q73w!pacy>`gRsDUOAnG}u3FMn)d^~bI6OpU4
zK=Vb^CHl5NW1C$j+<klokou+6JU#=FFT{5(b>SBCqt7p;W()I=nTYHWvS)g^Ybn>u
zHGRDNj-}N6vWKeG%lH_@9s``V*S+_%{xh0(1AGRL<dIak!f06!_W8CGaS_%)Zel=W
zh~BNQ#=l<5=M_)H<yi;1`58yXGv>n|7JOs=o9A^>Y@XaNcrshi*RnI*TEptuIm^1d
zFTk5ULA+_lJU<4{Yr*-lOz<VUkE(lRr_olV7<A`oi_h(axr<ihl0QdFRw3v|+f2?g
zN!S9TcTEt_@&wPce%^l0Qfl7PCt{AVkyhqXKJNXk$YI02VSSt~zGHoi=nM35is&QP
zBgK6@2gr4-4i+z-N5}0s=k3)vXSa@vx~Y0{8K09p+a2J|@*v)<znAl7R)2suae_A)
z{Q(}25j+lO&t?F*eVM&?XR>`?&`We`#y8bC=heX2bfg%tRLG$v2T0cvYPQ79w(j@a
zM-GtFOQ_kFgNPyYnDOK~K{Mma+|``sT|HD~df38b_aG1^yYK^fWVHjxPsU4@e;ul2
z8rWx9m<)H+a2dA5<yr3D^YgOfv1(kjTgNfoRIOdc{o_8t%a4~(v$ro)rXMZ|$n;bD
z-6)&>UoGJ>T_^bb?h<OQ6@7kZ2{r%dk4JUcNOj2ui&YOk&asBYs}*+zu<%^G&8XzG
zP8!I467Ft`im?29h}xp^Ea%T@LvvDu^~_RgHYep-VsGS*kiC(6Kx1VViZUT%#h-$w
zQ{<0haYN)%YWn8#wcX=Oc#Ki9l+RbO*v4564T<HD-mS>);ByQ)<N{*rA64TC^*Vl&
zh&7tAkyh(mAnTWKdupAF$iKUXA9n=H@EEPe<*)Jm?z3K`Au*x%1-@?OA3q$Ai?r@q
z5*R-mkDF~By8u1OI9iQcUe@t;Le(f?bHDH5GG(&-@0x%tpP*DdsW{x{s?)Y%A<MUW
zsoJ@e$80QSpV&=Rdwh7BYToFi8a6gej1Jv9_((6e(SoIXZ-Z^4zo1hSF0a8YZXK)C
zwwoRQiQOEk4%p4OzH{^3Vdr<QvHATnJwM+X{#cEbS9E+6q3ZifxqVgjQ1!SHVW07j
zI1iR&)NnrC-^+2F_2;-fCmrrCa^>26d#M#{9N!xaq%|qhda9b5tx2;jdrn#jcdr!o
z+_V82zgSGorVXg^sy?1u=TALUMOS5!(g})DmZR8q`IjJBu72SBcG)5Nm~(++<Ob2F
z{0rb;!k8LdZt3`BS0KLFyO?85YY$b|F6Fv-PcKzFM7?G|?-T3G=%Bv*?gI2O;|t!G
zm|m(b4ARRf7vPs_$JXGzmX6==qH4B~_3U209=LKbr^C5oP#%-H;5jSS!ydHtLUCWv
zJj0iq&bAAo>#1tIm+_^Gs>w^ap6@19r89tx?xregMWl4EVw4@`@?RdrvzIE)FaKkr
z--mlHO#Ykx#A!d)&vo#jUaF$;S)_EYY?K|A4dx?n7BnzFx%!4s8p6&+hv?@A{Xza=
z29R%FzsU9x{&Dj+ug|gcU9{nwt0Sy7CDMvoLd|ck&a+rsy6_jr^AHL48N0WFW|z+a
za(Ho|d@$D5FXFy~m1DjmV=*;-i@EPuw3z#jQ;WIpVBez$pkebSNbglfxqFn0?C~b+
zho>{3>n9gclhMQIF6gD|z9j*jWbqc09h2Ez)d899wC@+=dVVf`*|xQV^J_yt=RfOP
zR&{{yd+ak!TvmtrsLIBp^KJsIa7NcV3}06{;5*jFZh-x;E03h2EA2g#Mc#Cy2uh!4
z{bI2(>l=%qQ+0=N;srjZ&gfvV+KMIAWb`E5T!a1NjF#7ReBuRur{}!>(7p`Yj~K3h
zZ0yjK!^hAt88kZ{6!LFd4&>4$)I7m>By^x{IU@CQLg(q=Ht;k#ki9;8LVTP05F%|6
zQI`J<#)+Ws_4(jwTE)vd#hKpV_s->^??b*_1P%Ui@d+i$B5wx9#wX(DT4;UOwBU7I
zXDRdL5$>WzfpU&sd%s=#@7kHaOsrWJ0Y+Ff3fUv`O%GLXTO`JucZSY8)n5-DqBz`T
z4nz_N$Eqo!Z2inZdCRU1VAZz&0IQD0a{0U`@}eb)`q3SOu<)8d{Y_n=SQ0i!=C!B>
zEBkc(VINi7E|iX^xxT;CH*(z#Sv7dVJ{`Z&cLDM9Nj@$>ofn3E`8zock91#P`8dwI
z>OQL0iod_^<@wupFUlqL+h>w3WkR;s@;&svX+XM5`Cf~VHRv?(<hNAgmRCkzV`J?`
zcT%-h(0U=*%f2b-qv~(-shRNaYJB)r9iJG%zuSD?Ta6Fz(eZa@sha;?HEwxT$NzHy
zF~PBkJkD!58(7N=Ud#1fH*^i}?b4xZc=>0l@r2j-y4`1ILwS0I;AwqofTu4H!&7jA
zCnKc>m%DZRy2z`)dl|1ILDb>9GEm2^Vd`*Q3Z7%`YMit8+;U<4esvIyeWgQb+&WDC
z-b=ufQCE%2_vpCn9Q?I)?Z2w=-n}}0;w)7M<{v+!T75JkNe?0G>u#!MTw8<7U)S+N
zl&W{+Q?p}o4K8|J$M>I4)}7V3=rtYx=qyz`-mJzg=jbad`@lKm3Rex4D;h?w88_76
z!>@C>E<4LHhsF2_`P6L9M8uCVab#qgH{Do+nJ=1ima4J&)NJ^u8c%px$4ABZA|hyR
zjQKxS*6+)izsnYLL#bY6VBV;8LWJdS<3v)V#r)p!xj>#@B=(?9$g@tc*nKV{PxMmN
zUth2dhWNglIgMp3{{3w=&Uu-y>HGWql@{9Pm~K8t%f|Abvv)a&`0>A1<h^R00pt_*
zZbsm{pE5jnyBbe;Nykq!J%6hjKPA?k7^eJ6qvp3_?j&cC*t0SN+2@%D&fw$#@uhKp
zn*{pP07*69b@6Ye27QAj2Yr(X#B~+_CK2?f3nVxNkXV!4&F2}|IK57zCL4>#_J+<i
zpI8p$SuMz?F6VQNBjHQO->dQ7S9JVo2k%>@Moqu%{I{6*WVTwSQ8Qljzl4<$7~non
z{SBA#a-NQn%N=XxIBn;e5w_4Av|qtKuR0A8l*VnMTan#<yV#=hv+cq25yv8G@C1w7
zMD2OnZumLxZ%qg1F^gwsX*}kg-51cw!TLBbzPp9%<ljaZo8$|;d$@zDjP}9h{Q7;&
zQG;7v)A8C7Xm0qv8Y{2qc-8rMnplH#+&a$hplZf@)wt*-9e>?V)%<t3UjJ3(U<;19
zbSHSec|F`}%LHQl7d5|meU{ahiHO$$87>J<om7(Cb>Tb?W*D#=V8>p7Q!Ex{ad5K|
zZ^yv?cvxV=emfT48*aUr&t)~xm)mM^Sa2M?m$z3v0xxT?tHFC;*KtY*8{a0m2V=&N
z_~te)pG_mwx#^W^tnAhCsPpmk`D&cAN5{~?&qn(5TkKZB<L6J<AdEbtB-`{cI_<H8
zz(|Id_MTidfRQJYBCUp7Yw(G=Ko;f;j8yZilS#9!6LS&C?V)Nq=tp<bk>e>_m%6wQ
zn$~mvvbCb@n69B195P=pvj!LK)3NsqRhyF{tOv^YoFd#!GlKPcaO@Nk&-C%OF7Baf
zt+yKQeM!gDgK#AOlWJV_vW{Opa{+Wu;j-=TK7ZMKQTABp@HS}AxrWzZ#nN%*nE(zk
zdkDrMW)r&1amddrKNc-13Fx<7-|QN^cOS>04QHr&>;vB4zCNmU2%GHg8=mLv``TGG
zxO|_ESD&G(Jswvht(Y<~9#>~uzA~CIlFuBN6S;}^-P6s+m&xv6y9pbNhqv;wRySYI
z^5cPYR{#$>`>AR_uZysHuy|gVXJrPRRbu}nkZRcYG))5S8(N2DK+|RErfFcG*Ms(Q
zey*&2Hl>;qbnI1DeVG%P6k7sHF>-*G6P+BJ8x65*K*uGzQe5f)txbuT90}nynGo4t
zE`c_|?jywKj(0?rKzO@T0!?09bW@Q7jG2za*z9<S{Q%@*pi~3VMqRH|?5oV)>;us1
zdQ*yhl{uSr0FA~#u?}-Kf80+spAzZ*Go@-|BpA6d5X;(A`l-D?a~9}Fn<-UuVlIs>
z@hZhxeN@YhgxJSG$6tk<*LpwXyp~Uq+!f(@R!1C=4n=Wif}`ChfmQ+1kvfpuckU>A
zzFCQL$6{*gw;=)$SEJts<iFW?5p-;yg@{9>Z_8o(`~!Pd0zd{o548WQf%Z?cm~uQK
z4nV{;Cfh0k#}NQWO$o^DMG|Od6xn@dAvFsUk=<4rAfiEhO}ePRZ_6RO?q)@Cf4h*H
zh1;_&5HzI$5dZtZZJtpSyWgpxA1#`S$lkj|?vkm9l*&LJ)c9JEPpwM~Zims|qJW##
z$G&HE7R4ZPIts{XMYikn-o?I+v(IIojzT2(TlTLW;4`Sd&KP(G(3lH4o(Rym7j&Eh
z&=_1k1>ie~uY0~4a~Wm=e3u$u_dEjd5X|gBa+l+PeA)BzyQu1~gZ-Y11HXgi&v?Pl
z>PhYnMYjE<ea|Amk<_k|KYom<2?}_ao=D=J;yp4V*#Jj$S+02*Q?pR!vN<TT@8lz;
zvQ%?W2Ev~2_CE`kYIe&&Hp)UTmS<ajz3|H`_*vhUUk2%@;(pZj--whzSUU;>?KGp;
z&b#MupH;x!nFOR$k=<bc@qb-NO<jTXav71A**{Q@td{v+i#8dNCMC{32lx><j(iPa
z?N9Vmt=Zo5&2+-yUb2vy<)TlluLX90l_QM4RFG>rlh`xA{(WfEJ8&K-iOKuJ0XqmT
z6KsDi8%o{^)kn_zY~Z|I1xouHVBhsC>fn6gHY&NZx=Q|7h`G)>W$+XQ(aUH}1G#38
z420PqdspUv?vQKBWC)_)UoRrZ1x5t(p3^4Tv@w6f+n3!8KfMZQF5vpG3ZUH!poQWA
z?{}%pe3s;1#l8X1TsAGzkx>hIzICo6aKx`iS-^FL)xmgQI*8YWz`w}^xxKWPYV6yV
z6d+7rFU8b!$>1rpzeA)Yh3g-~{L(=>DT#Ip0NKy&XAY^Rz|Q#v<YQ{*kg#*g4B$r;
z5T||CiQ9vGi+;3qAvFOik4|1lP1iCYOeXbF;DH!qxVA@G0M8yRxEDwodp}FO4+9U}
zfDBjoMHbZSM+-2JMD~8Wc<%rYK)m4!zu1CE{b<3{Kw{bZp9AqK;E_Nw3gmbT?$nP)
zv**760`~J!Mu9xe{wAC~e-{XnMfoz-f*bUsz@C4?^8rZ^ZWNSVVu4dX+I=TAU0?F{
z^)T?r;4qjx3d57E%K_pGmT~#GWN2ja{KW1LA|>0Rtdc??A1$P2Nq?l}+Kx!cd?1JH
z-!Yc!=ZKW_Uu^x#{vBtzet}5ID?r}0e<xV3cM&Oh8_3)2_cqmXeS%2IAs}zrzb~;|
zUm{X+6v!{^@`*OSm;4<_Ft!HM#{A=6fX~?YpJ8ng++w79uQR}Rol!VW#~)&9_HFsV
zmM7zZat$Ko3N&QN;9+*7*z@NphN6dAQf0U$-NO9HLA#y3qP~H;T`*90*+d<`fvI`U
zGOp{5LlbrU(nw|CdSlN-9lwC78NdrpE0Vw?UxP@t0u7SP<O4ghcT6y3MrZm6H2MNG
zHeaFRilOcAA1I?=Z=_wR<1M_*eo<zBNEx`^kgwG7!-7UXeLmp4Y>}a1H`A@kFe`|r
z(7IgG08MF=bi8V~_WWgBHyDMJbi8P!GH|_-JxRxR1j*J5;E_K=je8`>kUoRPbJF4s
z&>~;0<6DMn$6u!YdL!*>9Zw07PXHSrDhL~<>PP=}C&z{f%(gBQwsn!fhH!_4V8_vd
z$v~3W`|HGe2YA?XCqRuWJe=GA%|K#VncIQre)})G$b!%GqtSN;;f~C3Ba!0{`|e&K
z4)%T>5U=F_ZnSOh{R^n+`Vs%m>)`fY7(UjrF+A9|E(^8$Pi<P6O)FN(6+nJ_C$q~i
z%XK><B~yWX$bN6T$Z{=1qyz);+P|YL*E)t3(bg~R-=i(pj}R$&7{~$p`!U?Ew+*uE
zpthU1U5CmA$wK}&7<;bK@$VLf+O{JSkqTkkt(2as@TM9LkSr-uwv_QeN+85;LhG&%
z)Lk}R#|)p&Sw_FXI5b_yZ;VvNd4sWMx{hB8qS3bL$bd~ZQ+g`fJJFCCjWHw8=2Qk~
zlW)=SQ^U3EFQZ>?WZ$CW?IV?O-e9ENqT`<i(PrCoWRN{aO6Ruc`T#xIx9NEOuzXMk
z?78eV9T$#N#(9HLc$<!wE*xafj|h8yWCVK##{ey9NXN5>YsX)v{sto(={R#?z@F;?
zJedH+O%Zj8(pDaeGaCGLFj@xc(F1KA%F^+*3#rNYHX#xgW;1<uLUHO1Wr>o0o_ZiG
zz`q<FCk;bSYJJ@@sp35KxB~SY%GL2j3#l2>pUU%m?+v13mW~OtbpVg__<6oV;emGZ
zbliUD@c78$8hgwKs4-<86tj5n8ws?OJE0iKprvR~T)<+)a75l(z;FVrl5LVzvQ4&1
zwkcN0His25rn1Mzpry=)Vpl)a&QPkdZ}&268->X33#cPlH*|ngMfIXDuIWbh933-!
z3LZatBSasTAX2qJU>l2r3V}Sjz#juGv{(#euY*fGuZ@Hxqu@y(k29WbUufs}E}&Fn
z@zReMgvLr67KFx14=xCemDVo^jg{6c2#u8r{?6CnT@q-{J4>uI1fLiF9mw4acplK@
zj6YwZfpSgu+=ArJx8KLPSzOCvZsx}rpRQgo4E93AfZsfnq~jk7nb%9;X;#3UvK4G!
zf&dz`BB62BR>@kmRkl`bRjgH89oDL?Vb-b}SUfwtUfHs6i8h?mjBHKE`FB#2)!!uQ
zXEw&?1)wo=t7K(vm95OJij}$5VP$R&vog<DKST!VU!>z(ZCM`}kTn})b`~jC&xSCI
z(r}Ar0)cq&tOEGX9(O8|n~nQB6vf@8I3}+ikGg%4ph*&VK+=z1KA-2Gbd3d1lZ+;H
zD)H`8877s;3GL3YpfNw3JfE7rX+Z3`n9<CCJB*&al40l3IxHEaMKXMMMOYC4@e%@~
zDHF(sY%t;<0_y`gt{uWa+bAOvKN>t+!x8Bn&GQU@a)-#7s>Hi<dZ?+7f^?sf?EY}z
zd9wS~9%_0oV$b8<*iUOXA`9m8ym%YKz=OgVzw>N;m3rA&ncti1Q<B^T^Qnm(knYPw
zHcfu|{Iq5DP>rn5wOXbj5)Kg0#<f{dprv-w2FcE&tsnh*o4t3=mgCpkWb2R&jemL)
ztb=2Ke3b@`UvE>aueUj@ueXI+U*8y*Kk(-w>f7>L+m2Z~K1Fr2cAWFL&NpWQsh`hv
z`sX&E5oyW{)%j=VbDQwXcbEM;+5Pl<JAW8HS9|`uSXjHwB8Q(({I7z3^ly}^Euy{O
z3>Ul93*FOiG_qId_~#3T^M|60??$6=g^p_nmEm|5&|!I*j+x%nj8qr=z(^D2N*7Sm
z8)UELLJm3q8=FNJ4bYQTsN=N@Lh;iX2A(sD<UXiy9Az>{3DVVPyKSG95t#cpB=V}n
zyDd@9NvVh7`W``Vp$v@$;XnrCe95*jtK`Pexx%628bL3bVic~{@h!vg*ca$i_G%qZ
zSrF{s-sSO9G<bqBqf_L+Y8l1n&rXXuwzG<3GEu@NcPrtOyOfB@SqigP$^G|vejdcR
z7k5(=WXMPW{b-z>k0j3huRHAAGwy%f!SmXEd&f}y<T>j;dd;89`R+UTId5+t^)yI!
z9w_&R1MMWZZ|%1IyWP$Sk!S4AJM8>fZdWh$^jr<(8R(kI?CR}#JWtkNwxON=T$<N1
zSt*e24Tp<iE86+ZJdvMN;rVQul_Yn?JZgTuZpKY@+rT;~<W;v#u}WoV-1#L~&-_cW
zo?90->De2hv2L5gs@oQ3)eW+9JIBt|%xCkyvA^FN&Zb<WgzuhWq^;F4qyM+_hmohh
z9J86VjE4caF`2RN-kt9s-~KYxA0z?sg>&6KBV^jCD3h6756WDY>*odZxs^~;mmniv
z<dxYf<hOaS{DS5VS-F4B<9Lkvsb`arU4D@4e$VRdqv>{TxOrS=(8ukfN$|NqhQ^Iw
zg7xEN%A|AI#o)I00_+gH+M(O?2LWCc{!qso=ZE@WS^AHB@Qxt7;PvZK1N9$zSjQ{o
zGraiEc|InH=Z_8Id5YlqrRU+fF$~YU<_36P9K`eOgLs}Q{U7q&86CizO*&TR2aN}U
z<DdU6@4bO`_WVT0eRm9sb;E<=_3=>b3IlBpi)WLe*u~=RiBMcB@p%2Cc|7K3_`+h9
zlxQgSv9j@jnEw5F!^h*p;WR7%<~(X{l(Vcl8QM`F&y%dni0sM+!#$6hdfBS3*I2uD
z9?SUlR2EN<LgZ^P4%jVdsuN{?HjkP<jvJx;c8w13VT+F6yJMK~3-ew6*gqMOYSx#2
z#j@u@t^l%qUg$hX**q~15<br=!F(*>1JI;;$tWlU^6(whWbX#X0m~5CG%s|nq<CKF
zTuH&UVdDC2K-SFTG0Z)zpFcta<@_<uD)#*MY-};cD%l2P`8*NlPYsRpe=skUH}&>h
z=;*+h@CQ2HXzR#3A@<p-j-Es*&-dyS@iD_v77sH#J#G6v#hnW|-MiyK>r}wqrATh@
z>PJ`173YN`z|#dhZeBc>nkWK1as-;xrGQ&@u$XyVJBs2l^Mbk5^kwpx*(qY??g_HN
z;`H7Y$>>pJ!*^F?AZE@JF|!8N*K(YlOO?gUp3&gh6pl!Kw78q&_5g<bsEe9jJ7!LB
zcitYrfQP!M38Q$-{OH_3%v?5?<H4Co@OUGcjm{2=nUh3rgk<-wxzzMVK)Npvkv~(a
zCWtt4yp2_txX-Y@DdXMW+kNC`k~0C?buo?{h;8$Ld^4BJ@kCJBV7WKV^~bhcHh-JT
zV~D@ZJy-0&^WCy~CMe^L=1fGI!)2>!J!)*a5gHlRG(CtK$r!Lmp=32pg+|)1ShU|^
z(f%;&T=lU&eoU##;^*H4^_l%XES|U0VRX+qW+48RAJg%%dA2VfzKnjO(Y#&9pAIdv
zf1r%(2BWY-#{+(TLzv|qsZRKTQC6X2R*uC#gV#^>2>*O9A`r=Wk7Up~;()}%vICMX
zeVzczyLN@cLeQ6W6^sJ1buKmQMnQ3<12iU!N9IzqKt_b&l${@;pK2X(h&()(W0sAV
zqk#NyF2llXj)f9vejHpom*e2Qto*nj9E?SzVD5$B?cpIlh>sWiyuaLNep1Ij8ji2^
z0lqdru4C5k`x&-K;Aye_hJG{?p!g06G>F!5As~{v)%ikEBq9i;np9o-yoB``q#CEQ
z?)h{1Dn8#ZHqe%#V=Uz11@Hv(-x+hBdR&2e4(-%2n#b_0fzKI_3B>Srj8UXmd!oT}
zR>bdT6lHR!;+S0O;4#N{a{@8@x=uST$`~IMvrEF3>Fq=9t#8YbfjE7`?L1C*_EQg;
z0A!aPb0@g}Jcr+V^qd`YC)nd|R{w%dd!8|aOhBZKQuV(9cI=k*qZ`Vm7;N0Bi+DWj
zc7CSX+fO}BN`kvtxx`&Rhngwtr{8oYM>1$hn3W1T_EsaSZkueexZEFuH{At|r(41-
zG7U)Q254Lb(C$(|^U8>1>5@?~F3WNP9APvZ90jB;Wu`SN87%0XxidFjvRY0{Zx!X&
ze!u;)Y-?7sY{6C~sbXA?l^d^E+b_$tW+gkUig7co-1t!3@bl$R8W;z&!SE^L+<CWC
zv%ZU_9~y;-Z#bOrjU9;lWmCtDho8(HMqhnFI`qt-xPJnW_vbQQcss<m)d!8=&MNZc
z(nv1*hl6C_ewN3Zf$>^`yX<z3&H5nO_ig!PK<*uLxZGL136c8I=jMo*vY&cNtC7X`
zH843jEC9*K0UfvGKqK8ITXdUZ(QOXv^q(9S-4<r~t_RXF1<2X;Ojdk-UKg?|9R-BR
zgUO4@q;*`D#bm@})s~XW<+fExY7??*6>@45a%vqcCp&iK{TR@_<|)Sel&WQEV3gW&
zi?{XH1(04g3K6E4?7POH^4nkJiV3U@{7lEJ-^=Fu@%F;xF(ybJj}0S_%Y;0VN05gR
zERPudXvT>0kd31MFUuo4eTY0ZU8p>K0ePhD<?=Xt`%wSK@V-8huP=-a1Fb`mC(F?~
zR&1P4d%+Qj>=?}jQcWE|dy4|v6kYn<1#vY6Yd0LojD+ISFwj1bq4-({XnV$_y-){o
z`(Xt%xgyKT1lis@mlgwt9K-jUWdJk|-diTSz>st>0D*DK9BKlk>2@w$h^vue5IHp*
zX1FdEYe4Bn^Q$`k)$PN?0sb=HsYcmrI&K)TOooyDnvVC~J`C>o%P^nws*d;G9z4Ey
zKSaOvQJkN@3j-}ITE~p14x68szaR^K>LArHJl^Zz{L~??rj+qB8j1@dI6p^+gSI>N
z@)wxy?F|F%tfEXV0nX>uG3>cxD4(4{d|m>R2Jg!X=5zDx;rU!{&#T{JlmeXMbL_E#
zKhumouj_dA?bJMH8Q;xD**+aFAF<4IBYU5Y@rY$^GUR<ao-?S7EiZo=hBdG27zN3~
zzrRn~hX{ChJm!*l+?@vY+GF~}XhaG(B4X<)fR+}C$m)j>$%Yt%@wALRbD+j%fQ(Fl
z#?*SguT<&}>?ft=_F2ar6XUb2b)e&`Vi4H_u;bq3`Ib~a#<=ehM6#V@jdcKx469mA
zunHYO?oF1h`y7h3I^JQey$T2|2YVl(>_PTAKGN?#!0a1&?>?XdWU%&D>6ab|ZZmh+
zHoMK)`l>Fbr&lD;x8(XU#-v9ODRPcACI_`S!2#roWZ9Y&saO-^9oAJrZTk7uZpV39
zjiW)w^#B>JpCD4Ou(Xl&`JZZCVnKdZBj48r8UDR}J|)WDJ6Sk-zSaDcY!&<jk){+N
z55Bq3`e7|1pHh4NGyQRC?2*<J@>?%G_uTiaj>r3QclxF&lZqM;d3?I#g@42WX*IL0
z)w^!9+Ul~bdtbcOYDz(*Ku_uN&#n09XB`?M!FwJ%xc_iFqQC?55K#b4FY>~|f@Fxz
zoCw90(V#Khn<m*~6&wu^Z|8rS4`iYPJcG;s)&W{)IDA(h2HNUHh*UV>^TLM_S-l8I
z!Dd9V9bgnb3}n}+_^4C|7zLYwY;?p&Nr0wj^<_>?i%g1L1xhiCvC^WGV^`@)u`dj?
z)R;?S<rpwBy-G0x{dv3nUVc|wD(FYo=26oX4(YD>L;FzGLp6r+U&wsy7O-bNj|!1s
zd`hYM%4Nv1&rOU%B(;95v3lHmi|ON9MmLHv?gJe&omf3iw(h;mVf&l=WN0i52eLL?
zv5F=K@9PwGM}yHosmf@~WHd^{(>Pn={9?R*S@<LvhSm{j^aW`2)5U0Iv@v=aeP0di
zZ#)pX|5(<K@;$IT-tSVR$^705#m(YlIt9p-JZk!`=K1RF`GoQ?D`hKKu0_bc(}?wp
z$uYA6iopR|iUP%Zgn!6}SOfHnZC?N}WzVO&VvVBBh!n|+wH9>jyBd+TGBkcT4p{}^
zKv;~sdYr?$_p<rcy_d;W;bf-c;Z}1dkbmY;Q)1sJ(&V9IZN4tm^4Lr(EuP;;`^|XJ
zWCs`%9ALCe0a7?02mqSy1enffXZmU1e=qdYwFvBcp_!gC{q)6xXBsU(+L0p}XNn}l
z1mE}F<&wepSUBI_D?Hu#NMbBFq=k?Su_>#e_+tlXP7m<kzlGwDBS2$(ab64>>+2(N
zknZPI0e~hs(DZ|`kp7X7?_nliUu>v+U9q-&&n4ToI-dLQfVdBU>D-=K)I_Ig25a*z
zO4XL~nHJc5f%b0{&<;9on&z8=NR|T(MewI!KG=PdE|fo=0Xy72i<-_(-rh5ejw`&+
z>s=93S-X<muGIdTJr@)&=7JL3Z!#LAAl=W)(w@wz&d8+L6i|wNjE~XDu_?M@&$}`l
zU>K0qLp49$j9$qBM$?o4-Rxb#d_<Vso2LLtWAx6q&#nERynmPV?Hui&8sS|N#{zqP
ze14FeZkk0+-#=)^GeSmwUQLPu?VPgNj7Z@ke!jloVMJU^7FXLc`rMWe!`z1%%{q1}
zK+>swcN^csb~Pf`QK~i<Nk&t-WcYF<W5FyQ%lPfMVC+o;c+4=^kH@+rAP1?9YE4r(
zpBR7A1i$?D_5ZXSVklKdYX9T~ybtEV7$%3a)Ye4=XgWmPG*yaBip><dC`Bj7W(r+|
zm`h_*yh`!G)Bo@4;<o>VF0yxP1&`k84?Z7rAn5FY!yOziERy)#;SwhpixKcW8j9>D
z;%>7fT``hD$By{<R>e55WDOBl6e9X4Ak8v(UXoEG(=mo8s{zvMKwAGm9B9lZmgrEN
z8V1@ui}>CAMGqtLvI9Q9XAzJh`!~lNR#uVuc_kJL{JJlILHEq0rmvS~3^%tMym#T=
z$fVe>K`CZ2|Gm-4v0v*-F-V{l#atR29s@>+S1I;_{yftW79+H=|D(ZZrBtm`r1dZE
zElqqW1~N(}La{Ffw32ivUOoQy&0ZO_l1Qc48wXlRrBaL}&?*uj<Ciitx^Pxw3M8+O
z8pkjnE@t+)TZYCjDOH&d$OO4~cR$r25=~F3m-+hAOL8%bo0+Yza=>@@#ekMoj%*xf
z@nuyMXiPtxfTpLULvejLXen1gv6uZHsT4b7Kuf7qihTff9j*vu>EU4cW%2^U1qYg*
z0&=lLspgDC)4?TOZ2K+;6tC^48j3;#ddKuIJ1U@mtnL5J`;yH-3gr0~qm5x#q3|y@
zuE}GpFZ}df1;zC;*t9S`&WZvuPJCZ9pJQQ>{mp#KkAbX?qWM5<ER@Gs2ZijI{xJFN
zq*Tokv@x2TLG%pN83{&eBpBI|@cBO&UMS<meej8Hc_uZTXK02W(^s?lL0bRDzp2Lb
zqTt_DyCMZy%x|xaLiV}b2~mioy5a_Wd$upm@cVRsd>QQ5N77-Y^I4!DeJz)ou7A^v
z9Hyg;SMhSO{x7Pn{s&DT4G`}X&!kgyWd22hv0wO!k=m_Op!gsCR7(|c7}Md)L(bQE
z2Jj;e{IR9O&G&@J1F<E;iyj5sO>3a>_%tBp03M&BxL4%zIVcvF`qyoC=JNF}{RR<#
zDv?%Ki)3^tvT<gDY_M2V0f_$@D|a2Fw?36;HQV#W@%H`sMc_D60&(pZQL2@M!*`P;
z&^Cs{=cy53-!sEvl0^1x9*e!>YwWzbi;<mg<_jo&y1PX(&d_(iCyH!zO^}T<B`3dM
zy#SF?=1VH1g%c`xyjLV*K;L6^iDg$Dem)x@wxkz|WsoPM8}!7?E~yyCqs`uHKx<ZJ
zb35Jz#q}3~whEwqjsjXLi_7v5DP{V+K;U*B*lpQ1wHT4Y4g8$5YYUId3KoMM3lweu
z;@SdaLpT^x55vVI8y8b@si}9<3|}T9Zvw>gT*l*VJ-#!Sn&@&!_xC5YHxPrlQUfuV
zFE!x%n^+7s0*&ll!2;p8@`T@75aieXm+wEIRAv17EigU?`f@3g;boBCkt5rFh>a;)
z)r&0eC`9T<0b#t$28f^dsI;&m8Di_=q4?w|(6S@ZbmWDFGab^x$Yh9pnaS~TD6X%Z
zx!D5HP=$!^<Dq!%MWChLEiH6LC*So!JQP=s1}*!quyA%V!~#S{v2w{{Aj27d)3l~M
zjxWu59A8-bt2ZEW6~nqMh&;x8*aAdmI>1=F7|5CpK<?QBBn;5>nPa(+n;8klW07E7
z6$zia762Js?&WA+E;|~GifAxWqj@=|6RS4>Dcl0YKI1z|_{;@BlK)N9Gb7=<s?neo
zF5vM_$}T7_l|h^1K+{tX!orDR(!$hah^-LgRK0TM=GkYd&8xge5@Q*^P6&RTNQPL(
zI~otgjCW8qXY)l4&|1|w7L}p6Ow3PZyAllW#T#rKSPF1z4;$-v6O5uQh!iP`wT59z
zCL(JTXk2^ce5)V=$l5DqYqjdI3a@74z)@E7Dj@4~hhM+tIQ1#Vsdy-!9RZs2Z?F)A
ztUmspYFQQ1!t52iZ`rJG<Dq!=4V8(0*{%4Vrb~{*SmuvYqd<Ex0v0|=shS&^6k7*M
zF+_lt8=V|mrz^$v5ujzqTpH_$0b`X{Db_)M{<Z%fcW)ja#c?H$zwRDMgCt9`5DW;6
zW+Yi)ocO>aghCS4NZ|M&VB}uNhRte5!p28-vtyjt0WWGDHW;!v?Som9Y%~IF)04}I
zg~Q}xBofD7Z+49wC*Q=0Ju?!AjZbWj0!j7zysBzV>%hk*`_JzWeKa%OU0wC=t6nkY
zdBQ!bn1QerpU9tG%+S8b2K}+3i;8oKz&wyZoowuU$Z;>)*7m(Y*Tj1_$@ADkVDw+w
zz#`;?;OAd3=0SQ!dThh>;JS}9eKpz@(tbtVY1^*`ewKXf%K`l!FdA1$JLfC%|6THb
zNZLJ3^8Y&dAMg7#7>(C3=J^LO8n4E=okt$zf55fj5$2hUK9DwetROkvL>fUly36)q
zG>GH6TWx<zgZMoXHYn=`>sch&FJSXE_95ew%=oy*<T?^h0{FdOR#w(M31PT<PBGGi
zYX;e1^fUb_751fUxjia>R5Mkfn#lph9Ij`P<XPtbz;_xR6XjB0E}`{kQ`Cq(KB+qN
zfq`Dn_gjjb59-e85QzU?gX+<E%?*M0`<fD~OL&ieUgbH5SaY_{W7s5D<O-S}=kg|=
z+(>@hrNZ%lQpMg>v4?5;{PDRT{JxOu^Xc=QzfbnteY1(hTC*&}P3V!b94oX{#I6Qz
zg!t(O#blclE7<__NSE76t^j&xqY@83Na%rV_z|~DK{=k70(xjWp@)yEKW^DUs0zyS
zk3IV634C8v)t+Aq)1I#%TJjLeD{#ZM`l76F!5jCys1fCm7hqexTixaZZCm{t_q@0W
z@x6o4wfC*GqAEO}E?jEiGsmjxEu#pw`G{f;P7hdWK3GTQG+3?@#Yz_}vD}ral|5Ut
z)O-=o3q2_8Ez~W|YL*!)&oYB)mpSk`h!4&MdIWKMlKIh&ANU-J56&et^f;k=_}Q|`
zaWC=}QA`{M=Ya3S^`r~%-T2OWOU+lUbU}lq=4*To_-=eBzQ3C>PfNYaY;Jd%p=OsE
zEO(hJ8)V$@L2-8O`0Lj;h<p}a|DKE;-pA?ZyQ4N3uL;s1w(2amtL7&Fs*~DOP6I+-
zz9jZQuTd?uxgNPO5bs*8#93>u#ai<$)|zjz)(b4wT41r(LhFipnP<EaXksq(00A?(
zIhQ|McMn+e5Kc{EUmaX1ujk~CUia4X^RdMBBK!FZMz7Dn>vsY577APMp$^SN+Y#+N
zPolFQ?Z<uDaN#WE8LiN&fy9Z_L516Z!Cc|jbb6LssT!bzo*Yh#gAuo7tR}Q9AKtxo
z73gg%2yNde{H9$1`^tJCoNNZYY(In({|I{7Hy}(_gZ{NVqmd4%<{3>h%M1wLg8W{U
z*qQb~4f<C`iSVz;bkGxj2mW>~5a;L8<#d&n9fR-^H`!oZ1UlN_>JY3fdlJH^a|S(K
zrA=obd~BKMm7ziGga)slXs+zzHe)-e^Xr#EHICf|!2L4x(UL1c-#7)TQ+E-XY!&&L
zgaZ2EgPJ)wpqT@^H8Z_iHB$#wGufe<w1Gv8Jn$#CE$20E$yVU|>+eDwc3d|q$DW%4
zy0JpUetL5k)uh%4+pB$rjGL^<#7&Higto1h=Ra%|{#x65;OFKw7Z8ib3v&r=F9548
z7k>v@=7M+c|Du5VEMA*SYLQ-3HwxKjXku^WS2^tvinKQsj7GKw=)csn2xECx@^(Vm
zI-p<1@2wYD$-4+;>w(@<&-2=&GR;ZTI2O(u{l~xspyL?$Jy-|T>5l7otgQ)@<JVrz
zeR4Ck2KAHC$ZgPV*9(}f6EK@U4rW_UG2IF4O#v<+c+SbTM{r%Z#^)IG*zq*uN=JU9
z&Jou<$@C9`dvXn-ZMIFkMqF=q*u?KCP*Uz9wM`{zIH`i}q{Zg9m>+4+RkUh@u?%$O
z?$YAAJC(4PfL`{75)Qq|^bz}cw0lOFUhXEfO)?JAv_}oM4Ktn0HX7Sk6T0gf=sDY<
znY2YS&va<!D#d6ltAudc(^ZOmLS~Q+fgI4w{1A4{xNbu<SHvR{6@p*9NN-vo9vooR
zNKXe;xc!0wrvF8OlCvGEdG4Uf={U*v+RTa_)@H;8D>QRJn;A=A1+<}oMH25bfBGtM
zcF0lQ-?TJ#xJ5GuJ2Z2kK{Jo816qsp{~q&?$K_8DS9zZozpWR){W!oPi&2&zgK*m^
z#(5Uk;+_k7sw%OwcOlex2U&HG0wp%h-pH6|aRK-{H}W13;XTDmHY{5TI`Tp%;%B|=
zfw&sDpVqz}Xy-<t<v?oFGZ)ox-dO?soO^IV58@Yj<NJ=dOz$ZXmvP2~e5V+H2l5sA
zj4x~8Pj!5Lls2!OE_lt33nizDxKQ*$iHA~whlESamGFGpY;He2Ojsmwj#b+<jPyHG
zp5Yq+qyHO(MZAppzcs|F$IF#a0CmH%j9eKv4>C>6BUmEiQ?ukeE&_cq!gMvEzjUnK
zcWz=#YRg%sC)blv`se(x-r+m0cks#jiF`8t`f-4g!Mqh#eF>Od0MS4$zn~t!RRx`B
zi)v85j(JCGW(=ICjoUWqgCmZ8631;DfqnyRyMvmU8qmz-Zq57}!tGV&x8VW9bqiG~
z6TC&Bt5POJOC0g#A*O%OJn-7+T3RPr>tA{O8N~Z~5i?4y7crx*jX*nBh;vdojpr=q
zG9O`p>+f74WPW>20Y7`kj^FhTGd(5ohH&@FvGDoP@kFc*ZN5Wq@_1Xux33~B5`2wS
z?;UaYV%ZsA%*YkKSf%vE+MsPG^45HN4kc<h^yduU+;W8J*9)7UBJJ@tt^>YT&7QN5
zF+C-(^LeiW+Rx{unW+lROb)0f5Ee-uW7X{=j`tiEG<sgRxxxG~`Y&$5{|e4y5<Krf
z9r;)2glUdBDLAKbYyA_-JGU0@{kfDec;7FWz7e3rmoMh_r;*9$w$90?=}GuBCEjO0
zhwoJ-3`gm2on!v%CZW#{xo*=B!qh2eIUnW}Sl=CC9;Z%l>T8tu(LUxMuLrImETW7s
z59&+h1*Y>ez5rer^nA_&m|<?2yWDEYCA8d4XdCY-KEqrGM&p*bs@3UnS%aP;E4>Y<
zEk8GF5O2!?+M#Jy`=vlpp8k6HufuD*l*esg^v|nf5yN8D505a9bA4Z|W0C03m><V_
zZkTzz`9g;nQit?@U+gD2skuznT4Y64qj8{y&;y$kYc3d#$8O|(i{j}ugdUxx@ScbD
z;C}wtwj%2mH=zR!ZgbF6Y#sX+(B$T8tYGH?t38*{^b<hW0QfhrR^r_LB4h2hp}Mj5
z+nG8RY1>Aq@sOxrj=F>&b(O=8YI_KMsvEdZwM+U_yQDw0OZrp0q(5~&Taeo}`ym|a
zmbT4)2rKwGpVT%P5WaQ_=uK`d+%^S$Xkkb7b}@ZFW1fx%m)YLoGTT~QrcvQCkJkxb
zD(M10&ii)~AE-Zn^;s72K9iC2PY*K>e|Har+x|noy9dI)|6qDb@?X*=^kDaU((V8?
z9C$BdgOMJ_ZLsbW!UpRa&gkR4pA~fMw5?wp60s6tS5J%mkg$j|PG$@-k4@J|(_`p4
zIm1L;Bb{Hz<lGS!Z!x`Xn0W@P`gX2;E2k#CgH?wa^E9E4vV#ejp)A19C1T#*H^sc$
z9%1^;qxB~}WBTvG4Wd>mmIL~G2NkoU-o@h{ry5lA<ZjiJH7T)3yT<d4JIh^Wts?d$
ze7oIceyiDKmH?C(L@|vAfd;dQ)&4l4h6}7<cEB=RinX)|4h6I8EyJZ+!R!XhaA{UB
zdx>SZToy?*?Z5YNphlw-FFWWx{<;eKkvYU_-2_(KRzjbd16JpQgg!n8tYj|Xdu*e*
zKohw@>3WEFfpXl(>l$WrTNQQHKn>95I$ne8N1npx{~u$X@v+KGk2Ddp^nuYh{+>2f
z)O*_Z3~zkenqp|?_?j;DZXQoQr2Pw_SG&NRKZVdTU5UdoLT_?`xo#EEV;x}LyaDLV
zbCz2--2pUriijZ}DO0V(*_n9r%_8P}D7YLbK6mpSKyTV0?!C#Ki8r^1m@~g`?JA%x
zcK~hPAmYt^S>iss&OTjOZ*^@_taM?HRX&B#)Qu2Nqdu8JXu1LD+O34*IH3p8k6do0
zA8=cB;5rUDpnHj824!5OJYV!xXfFs@<@t)$UQln9=c`tGL4#GEuUYK{ORRDkSFvMO
zkIQ^-Gz;{{?R>9{v1ZE{YXXd&y^MM6UY7~k>$26*!a-Ho7Mipzf?(|YPsTj<xLz$Y
zZUQEbyHCbVpOXK7CjUP+NlfQ=C_fbNBOLl<9QIrC|8DvJyN+6tXL!74pM$5A`A83c
zI>{miK(&B_*i#TvSMfbr=#ME;FhfrRExQLS1)eN!Rs->}dlajz2xt>1w<p}9F0BgR
za|gF^FKpQ$a`VCEqQ38z4WcJriwjJS{|!KIYS+wWRf(q$f_d{QC62Tfx&!DnZs75S
zBW0S^<`T4VvIA)&+uGw6dZ%S8p@XXh4ZPn1@p?C*>Fa?WDQmEfl)0_7)0bOFBZHAC
zRvl=(7h;Ast{$b0U6M9-N!r*YX=9gzHbnijfJ=p=ziEZUxmVV@XtMSYasE38+%x<0
z#Td=)S!QTgmKki$GGG1-izG&vKln7Ek57W*HJ=r6J6z`ra!k?h58@9?9LFV%{KOFt
z9*qG*Af5p5H$Tnoo|QpWiIXTC3O<c|Na*1XFq`iXIBKzLx0Z_>`7Kq;tz&al>*jXN
z{Eb`GXExs<aM!v@i9g{M{M+n0KmYc*GyJ>D{lWa3(EfV<wRsZx(B?_xv++Fnl7!id
zlfZoBGrX??hxwl+jGuGhb8u8YJvj!}c1>jVNwF76#7|4OjUo2yyujy(uoF4!DHdA|
z^vI`KB)I}8nI+<wsJrfJ*UXfbYn|OK<CUuj4apk2X31ME%LTrU<PsWOCFCj6J@U}i
zdAwg^?O-I^YMZjCrbX5`1ZP4I>dbSO0<C2o{ij+~^JIr=zQ0>F(I$8lk|#ow)hfEj
z)+*kb2YOOd%`~sUTyCjupo1Q_wRi^j>kJ6b^MI}<I{V8ZaiYGmcV}N2EM%>D*2#ma
znOZ?;*$M~;XMsK#x!OX0zFIXJ(}mYqN1lQ>xCu?R;u;7|H31DFuX`@Af)5gUWIfRI
z0|i_*1wF$4^Mlc7_dO6X_3J;P{Z}%7?0zbNpV9c+v`qXhF-`Dzv*hsx=-Bx^?%#<x
zUlYLb`!&!*u0=J;)r5vzV5+j7D!p3Z;-l6|26LciV-8%1`27#`o#rNXMyJ9;e3u=E
zbPuB)Vb?88kKOud7Ku&)KR$!+N;&Ey6WN*EJjuz#5xdVZ-Ja`c-Irso{F+@;wtAA9
zv%m8CFC4Xv%BNW*c!pIYE^J&TR}gyc)4V5l<79kvzPa<7wewu-ckuCRGEeAyC(nDW
zAT;fm+n*M*NH7ch$TtXI<ee)S^VGSuaCZ*koYdBps9|_b_(@3H?V^9ill9(G6QVQC
zHr_kFeW%YTH3xDDy#<WM`aDt3e5C7YUeCOCx@xtkqNb;LKI*bOE8POTf5&(k_0p$>
zj7iFz&u8%-H<&q$d3b-H6@>l>f6E6`Wz2&-cIGLFBflY^&2`p!YSUsr`i!vqZ8-Gv
z^CKqVZ_502TeNUMk?RIE+;)cPAvdY5i>l#dlIeAO)NtxF(_QEj48h9!*-+ecM%1r|
z_?aksPXr)wLV;r^e3gAWQ<^X411MHrWqzD<-7yFsJIVBNF#1(j-wD-7o(NR-j^5Y%
z7v_IrT<!{O89RUV_<J9mzv@~o<?ng&R_%*3c`LGFV%}=Q;!NHuI(=f^>W;;kyj67C
z#JtsQi$&flQ6l8My|41$J2dn3LB&jIg}i3o89VHdu|xFTP?qQ95gt41*eG&X?dyRa
z%@y(DK~IjQ-Y;Ut(-WQjNQ(<m4jc2$bPZ4*N6v?Lr!<LNPWwiY&)EgAudWBe!EK<|
z?T2tM2zuLhz~8o-&^i~qd+iL+@xH?v#NJ~&i&4(M<^mo0z{l(7h5rXLLGJ;muG<1(
z$O66YUzD&B0DWNFbv$<33hMFa3PJBK`jGt5M~I#Be9=^~j>BSqc`eTCmUB$+tLojk
zs|0G=O2FT9j`{1p4ZI$S*HC^N!inoaZ(mJlc@TO!*NeJBgmb40Oyv9a)j*p;+19xp
zXuDk-6J1oJfU@nR<}wGh>n+w=WF5Ux*re_}!eJW%qtOo~*SA5=^LtdIaZpp@>B7%h
zM>iK)sRp-+_<Dbq5`Qh1&~#z3_1d?9RzAGII`#z61DtjUWh~EP>wx}j@z@y1PZp1j
zfdua!8w2@U#6QO8+IB9Um}`4v@z_|6Ic}c+wm6e(bB^tdJN^7qEE2sJ{B}OE`|Zr$
z9#ZY7CI3uDXNBJW>vCUz?e#T|{D%H176~pD^Zyjetu0!(_YEfa0Mu~mDAUz(xv{`e
z#%T`W*uD&Ux>N`^xQxa@m(kb)ouzf4-5x#8^j%+u9<&1yF6SCF^K6S|B3;uC&8(bp
z?S{WojK-i_?6<4)L%4FrbsM6R7o$GVaW3d<KJ+>8kI8L@Gr3LUp0T;j=l=D>bDQsd
zibZ%_Xf>g4k7VkRdxs|0Bm0IjG4v_fps$}gHuv<}%uFsB*MRn1-8=}xG_j809J!8c
z&`}2YvY?0ewXvTuaNXB#P|h&@sRF1TkhvL@FH_v0r`(HbQmx}?r8Pq<ZBoAYTyV&+
z<*TfZMEPQD1lm2s_T>ST*f{?~EsG>5tLE`gNBjkOrrHtP`)#e<^SOf1mmGE5y_D&S
zo7DP(%7wn!P+aGN@H{H=9b@LX-a*qJGf!2lK#4P-l&)nFZ()YdLZ>r)hO*k`Gnk#>
zGv8^Ze-P~cuk%TdGUh@2bV&T5j%tzkK|FOhWb!T<XEN~lx7off#KX9J<I+!!%QxnZ
zr9Co5&>r#>(jF-mv==N9w1@IF@CMtrWn7+Xn#?WWSa_d?>(G{4KAGpjd3CG+it}#Q
z3M}92Y~NjW{q;Nucb_NMH9DSK<c582IAq*KXuTWE<J|Aa^p?C0Y4WhBCqS9~MMrEZ
zIwj)=NAoB8!3eXbob}*ora$xwtG-NulH@wEZaW9`Ysb9peAiWueAl6I`K~3kERuYm
zRsYE`es5}QzH8bf>wVJZ7hA5`@<8ImTLOBzBja~nqJZwJgq3waSHkm(K~L5Y3SS7_
z9Reuw?)7d1C>x`9=HR?mg8$wXgm$|~?Yk@!179*C{C$MWKQZR{ARbupAvw2y8p*6X
z^`^*iIpNtWV-WbR#t(VdCmb@Q?f66)a_n`15Bqs1UPgKLZ;?aOmRnpFqfI7xk;_Z1
zzzV#`_9aF>7$)8k=5gvA>%xrANlBe!NWRaJe1DU)dzZMt+`Jm-y|Ol<5^dcn!p=p$
zXp#BgHkntpWdz#9?KPPiiuJ>YV}X~13i_D(rni`mew*;uE;4<_McfC{@(8ta9XA4$
zApGlO{R`xe)q8EjOz&JxXqOw_z4kiL+tw4>E_F-=!bQ%lf}gplZ9_d11yUPbx~L|K
z-&X+LeM`%tRzHNJSA*U<55lBE>=!bw7yE@0KG5s0fu2zrwgtjTi|JQ^=vR7TIFt9A
zzlcQ=QQ=#ozCvBKb(neXb<Zk3fVNgG==bK&E<RvrVX_$X&Z3KoFD?SJE1`wEp>3zd
zm`9a4vF<Ku)9i<E06)u|*mIv2IWga7L04r?%=aCpBg_ndZz9~<0KSQ^gy1X_;pt1x
znlvA3&vUYT=sygP&0Su)h((O6fafm%nK94#>e~XJViEWQn^50&U=fS_*D&);<uL}K
zyI-kck?1L*yU|ud`0hY>t|8Q?$lNsANC36d!05kM=IT*SYtmOiTJ2a39N*|apr5uI
zNNvN+MKzDPM)wMFdcD`KgOEN=H`>C}#eI0~<iE3?GMIL}qYU(Jn6^y=qY>?oT|jD=
zBw!_RDJwV623~*6Dj^J8mTtIp>bSiKb3kwT^6VRz{DZO*$L#<uuMV<~r-qpxgsFL{
z;RD5GLuKJ+Be3C`8qm{g2o3UDeK1>xl(2gy=!e$;C6YhyT~BDo3PLS4Yg<~&iai0a
zZOcYNvj9q3q|R%CDaVZx(CvDr0Jygeg8IA<vYzi;E!G+WQrk9Cx3E&yX+$psy;9a`
zkP=~!td%jh4(QnVI+ue+BjVyajCuYJjQ(!MJRwE=hIT`@{JeuPPe6Wt2<-{^`I~sZ
zCO-cgjwgTLiZU3)=gmyudsmK8oXRtb5zl;o?HaT>grDG~1Ehggd`F&m{x13aZp|o8
z7aGOAxkj<e1?J!ypqiu`ypFmY-w`Mj@4(-VFy^tJOXV8H_}ja3JiN!2mu2$3A)I%X
zc<<link9TzG3J@382$L$BVhEeX3V3xNNp?1tyh??xk+uSlv}MRxBkNPj=Q+6VYa*B
z5XvcTa}^d?$QLO8H6XPID;L!OC|pjxI>J0iSDeNG^d*0WmA5eFanjzFH<;e+sB28-
zJL0NE0>`@~j+er{I~y4Dtd;aY@<3l}@1ZCZ`!4s$eV6yby*n?Haj&(L<lgfa$v9Av
z$h|KdVjh5L&%bvrV;_+V9J#w9VINgU`zQo$JD)r!Vra`8w*BuHvPkqL=0`b;G9rTG
zmO$}Z|J5%7s4JD(P~19H7T%jHc%~DSl}jd}nagas+5_R#ol>s$K)CHrrpHi^YSVZh
z#Gfu?5pO@^_6jiOL3xU@l<Oy$GeJLncO<hu$en2aIoF5!@Q3G^=P@^!FOP`-10&4y
zUWaPZ-Ku#K<)=0^ChDuE#SUwl$?GczRP&8REE4=4^B-*@)V_}Qj<2muFJckzcPG|X
z25TnPR<5aGkz0nC=dpY+dq>3oeIug&>GS89$0&i~b<37<I3HtOjV^>WxNo2560kmM
zz{<~!gSBfC*#FPS*t&=CqD<YxduN%)mk;KZ=Q4FyH_OjQhBGl^yw|SVefk{p1n()n
z5$6B|R-&9tmOwGeQJiaolpXl{ADI~c#bNOu$6tQ#{Pjl<BK*21)*ltsu*i&|vHEb`
zLKaDMiCUfuhM4DIRo~8mgE=*QAy$3Sh=X>5vrL~cdjjpu9uajKfglrl9Mo{CiRr4W
z(=d8PokpOE>HK_R_pIUuF!~v2Vee0wo|8YjxCOr>y~WvRed2(pYiG;*n_hf&SkgTD
zK7W?-CLhf9d^m)5cZ>AnQ1+nQL7DT6v}HnI^q;O~kwjeZ0@_&CF!P|zbK!`P8R(<)
zdcT*M9+LZ*5}J@3C^J%?uARR3H@*16$T&WVPUNFM4oi7iqK3PBm>wTto`BpZ6;wbE
z$nl9H_^Qb<{^_&KgY$hFp8=!)J^B6Jv(Ejm-{<jb1p;wrznwOKY6Xl3$!VUK_ajgB
zzbX0{PUCjUG{?T27kONb@0o2;&AZz*vt<>bD4Uu$aG&{*%*pe-F51AZJdwj_kvYTG
zRZ6_MK;#Vvb4Bhw{lF9}HB0!_=?AX0=t0#?<%+y*x-gH&vVD0#8OyiWSAg!TW)b9T
zem27_8S}pJ0;_A2$XzC9K+i(f(SNc+Gv9B}%pH(CakfR{{ZTe9Cp4sec+T;X0?^-I
zM`-dZgm$TLJo%5H*BKDLrWABYboP58aRMrPcP3`SLc}XSlil!|M;5XOl!4z+Np0B;
zO4v6WbR(P8mbsL0?<~-bTvA&$TM38oa{;OK&VuUX=4&mSYjSfwpFg`ED6YRd7bshU
z_B!l~0hDaa0dwPWpve;G32LGa+%@Cc4S`C~KT56-*PU|oG)hd*=*H-DnRA>fbmJQM
z*3QG+$Nv1N?|W@F=)RmqH3*YXjw9#z6*2Zl?$7dGrZ>WzY8LUn$ErE3wUXE@=UKuF
zStO~=icRDHOJh?PioUr>mqq;ZwE2_wqZf3Vs7mZ4`LGbzVEcgAoE_WiWnndo1gC)C
zrVAha@Ln&eGfcN(Fq-poz<^(~bCF+}Bv<)YUVj4ZgY&%qoe#K{a^x8keilg{Vb!~w
zwvv*ehhW*n9#=CRdAx@mpC6QU3l}=Z-|J@)W0rvH-!bNK@{+Mc#*RNPVk~4C=&8fZ
zf28bs?!T>_F8nu?j}R;~%h7*}dd*wFXuL(9DKRmBSzx6%0{seOo{f26F2w(ZVEP&J
z9O=52kBf2##~sWS<7VNwP|3%&&w#ea$MFU?0&Ol(t()X~*3Jj|54gs0{A%+m^64B0
zp9ZzDeCl)k@A%Y-mxMAopW1N04)Izf;GUAO_=|+a%Y5$3tYl8Mb*e)#cjpqC(x%4_
z<^oM$C2X&qZ?H(R07iT6)a{2bxeW9mz&jy;cOY75`hq_5@j1lWlS?SV5aIg6abx4P
zv^G8Vt6ZQ14PtB`7>(I)ivHcaN7n*Jk1iQsZ(AVq4Dx%(1$t-|p)GfaIFQscW@wd&
z2RUo|b}5<uD<RQ;xb`gvY&3*Tc4loy9kENu$=I$WXJYK~xMO|gU^G6SOXxGXKnJzy
zvBTURRp;Y-G%)&adRv^ofomjw=o#&WB6FB!ZY|ulQ0%`eD^a<eInuSvLKyR!8o37@
zyyYTxK`K5H?I*A2wYHp&pT)JVA@mtPi~LZ=8Gp){$G(m>zugNC|Cf(2kCN!@_d()>
zuQIVS08kS=$Er_tXeMhdu-d_B9LOc~)lG^uunp*d<~Gk>PiT4o;>ZuloFePo8bZ&$
zU0?;Xms`QkE3ITso~7myTAl|q9RV5?y`ebHU5>teAx+?FG{^EWaE|!v8?IZpRPJ}L
zM;uC<iOVqs^aFAaypvCitHgeyTO@2=k#P7kW1c#{*q>H655faEU8VJ)<<@-z!rm;<
zn=b@Ej}ObdSJVr7Zvn5pirwyKk<eB`gAdA{*HcBlwAxWKo~avJ&hw^yGH==^^QL_=
zZ`wDSH=SsI*=tyF6^p=cGX1ff`8jXCkg-Wk%oE(8r_M6}M}=!2WO%7<h;jV9=HQp4
zJHsz<!9;#JVaJe5)Np8sak*FKf_E>O3Hm6{&x3GOk-A`(m}l=vnKK7996Bjt&vi0x
zP`5`7_rA~c=IrGb?-3*V>l|v4@{{*+%r4-0%(m&7`9JE2XDeqWju|?g`OSNQ_$`@_
zJbA5kq${8ECF%_1OXNeJQE8(7*pmxf{@Hwqa_~+`Pd}D)gt+LQ0-5z+=vcoWc<l<G
z+dK#ds8}2KO;!o}m#@<;)>!Wb(<}8v@M}O@CaKkV{VLuYd44iq)anE!U2n&GrS55Q
z=$@8wx`*e+-L@^h%t{w#Tc{&;OM9H_3MtPEkF$vJ7v{HRL^Jveo3FJ{MxdM-cxdG%
zC>N5N+Z>pB(IqH%P==t)KpBFv&h_w>)}UvsoH#Wi>Yb8P1Wou3XK12#(2@InlZo8#
zAk%Mg@b>)+ScLqRRsVd1c}De?x7_qa%Xwb~l&L6h@%=I9J;5^5mn`El7i|u-NARBX
zuw$RB+o6l6Otg`na?;vcOux;Mk7|39>7N}_3pG9V&wdth%7#5dVjbwmtzN()(YIK2
zo#Xw%Y=@1OJ$WC}zc_M1ftQ)?bHJv40gD*Vv+A#oWcbtfC#GM@m?xMc_jW$T^kANV
zvG-94<ENPZ%#geXebgT_y>Cd+`qvoqlx@+%spm5LMB1Lq><>-;R*aE)mg!%XdgoSY
zGva)IB!9!tKNzv=T`lgf+I3dYWA7<Y<}1dR_J;ucO5#iVeHTD=nQ_s6KNyV<+qG6t
zK%B7)EXE2f#tJRQiY)d3(76j(B>5FlD;2c&_~#Ui)=HJ(^^M{>Kfi?6QWcI~_u%!-
zKuNx+r9waW;SSAAX%||jcZ+^c&OE<eM`g%5s?E8C=Vr&(QK`IkHrMLAFq2#EEf%%2
zyjH5rXsq}itZW7Kwp6aDBdYrzgge&rK6+#F)h;lKojL3FlFl!tTOrQvqvFi?-Cq<s
zw>kkUcg=y~rb-A~Q$e35<Nc$$c!tPHf0W#KUx{P<3o`bX`i)Iiy0DnrH91DpnOnhV
z#Pxfl1?HBGLat6lx#}%6@0WR)PLFDB(KM^Q&}D7D6zJIco<E4%p|247u&f*U2FD$t
zh<9E$bQjRg3s{7;7Fx;8gt88x9Sg?S35juVjJFx{IAO8Z4SHPy!k`OycgUKpPPzW}
z)xc}FI%Iwj*P7BZ>u>&oSpQ>XM&sP?!Ab^Mx3#SX9r2d(bd}ZtgmIisp|=hxU=;gY
zZC^~aLfp>T+2gi3Y7Wxs*t(P*P8&AMp_7+S)XBFw;>zSo7D;HL&J@SG*>SD*N)~}(
zM-J~Rgrd)haA2(vM;cLw*uM82?+z|^#I~CzzPm;8`?ZXD>@m@AL>MQp84Ke!2aJ6Z
z#%&T7y{GFIj_!;2Qf6O7@=Fu<MIgL-9CP$44)`b&=h!Icc!SiL%Rj&tgd)((FB7()
zQ6lR%mVn+?0@bpYoN43|+FrQa@}gcV%(q?w@EbP<;$^`52IftRK2mz}35Xwi;yUY$
zrkaOy2|ZikGS5Avn#bn4tpRODEG>Ht4D$Mm*|DrVpr1j#dlC4J)r5LK3q8q$nt7^4
zGf#GCX7Vba$pOtw)*#Qg%;aLAY$L>tjfAG2An`hY+q;)$>QMqq!T%IMHS!MfaML{D
z?+tjaw%*^ZnS+bbM=Xh@dAxmkEcYrFiGBk7$-EUJKHMSV!&|Ook;4rxbFjr_4rrw@
zXTA9F0v3Tw!JpiAgLviv@yy06S!8q{zVwmPp03jLMu^)z8jND$FBv(qXJirR$qT_h
zkhgra{_6f5&>?S8P4cdB`+@KJczffM<(XawNe4fC^$He=9%Z97O-?%-<_P=Mrh&u^
z(3N+X|D(#xW{1po+S&I0Mk5z==USiDU`#FkeOIuE*9)WjI)CY~H%JlagOTgdetluf
zT<%xC(7|ILQ+fOu?bvl-G}^iEEpt_?L(_PEy!}$3gPvk5{Vkv)Bg|v>1PJD4dIBVJ
zGd%&6lT800_~W(FdXKv%sR#KhuWzwohPKD4%pO%k)<ULE%5&;ujo_`Npr<-kWO|lP
z8`~4YD|=I*AHeBP_NGYA67dP-RnC*yWRy=K2Q0DIQt;`Gud@gloTPs5D}>%S!aS3~
z>sM^@-=B8Md57;6Et)9D{>kBc^&ZdEMLsu2@V#B@>GZ$Im4bc)f6Ca}sXtEil>&cc
zdV9`to-65CEqsZN)fxY*JxBOozBw7X{)MA<GjMd`nB7MvdC%(^J0H#p`!Vnm(|;>v
zv>)NrL1@6Pk?0V)Ha;&|OTl?g8{2!e!_N0;1=a%&AFVAHM&X3CFa}P32zQ^#_-W`v
z^8ONTFcAj0Mtm>&X$TA3Pvdo+cLDv^k&G;9zMMspe`eM9ID1e~rl&e&U0z3~E)VBE
zx)w*z*Z;<~=Ur{37882k<t##8&(!1HEOpl#=tCJ0PH!Y}wByj`@PRr%aEMi>HWP}n
z9eF3DKy_MM&Sm{*os>`3N!{hB&E<9bMq|2_P+R8bUBMz9BbgfIOD|`U;9*w1RPI+X
z3I$EI{U$?GzTYr?tE2Zt?_s8YC?4Iye;w`XFgQtHhXFCp7{2Ln$d3+({OFiOzI@1a
z8y`3yq$k@p0ZwBD){q0ouU*C>-lsGA!f99DzhBg3qYah*5!<(WIP=`gm$68+msOvX
z{?Nz}_f20wxs5X0M=mx|exvM0xsEdZn-2Itf0>|#2ZtR#=nG80gfY*>vi=H6K)+bl
zUqxljOO~{mqG0S?IV||=^iam<j235nPBL|(&x!Q^tKp2^QT8)^V1#+lR(xwHv%cMz
zu}JXy0xo!McbVwhgfOc79<1yF?KZ_?qc$??PqeqIhk37$c$o{X3~Hdi-=dkPIyCd-
zZjGOxl-8z;dVvAW9MoLqz(LJSUcn;4qs*UbC2^!(q}e)`I2TpeC(~sOK}pQETV6yx
zpAUZY7tlt*=icvdnMc1uXgA{PE}VC<brnp#J^(q-cWqLvy{gfOxH!7G*h+P{&2-^1
z>sW=@Z}Hw@B|eYmcuTC;z6-Sc8&_G!egZUvG5~#&)<O&Yk}qA(BE~jC+a8j=(^RoH
z^{R3E?hU@*qLJ@aML*`F>{WI8Ipb?qnl2YLD?tE1zI%W<>l8|2pSxmge}=B1j9x)J
zZIX2Q<ss&A+9aXNSj2dl`B9I(<*0EzB;y79hcdq{9M06GJ~t#jKRJ~7?J|jboYUoF
z`oaHj%zoICL}x$x<3BNseoxU8C*Yfe@_r3R)gLbcqu&pS6CM~m@${pQo<O-C+Ad(-
zeTj(8K@RkM{Va+9@e|;0UPWlN^n=?y&=cH1Xd(;tjmGVMu7$e+bia~`VFz597&h-~
zt_I@G0M*T_0`c-}sIIGoa4PGg$F=K+>lTjIRcjf2Z)g+sJ-**J#P;EQ?Ksb~pX51w
z9vl9XBmUF(Nft?*VbwEvZhz(^=an29J%i>yr7n3E<@q;cy}Hzw$*IC_NXWRYF&lJz
z$Bx4+;vHuGpc;rr0jfhA2>R}^d2h2waES4o2=8~eNW?+$I<B{T0r-7Yu&?Q12pczm
z-qZu(L=EV?H_FB0Jd(Qo5N?|X!dBQ1VIO|Z7cjpzCg#(<7j&ga#<k{xZqI|C`v}H^
z*>AIm_YC884*!0bMG~jQ=Uy-xSG>(4<TT@P)4Lro`|2lI#5gs1oZUFh#>CmZZqR#A
z|Lx-JM!v(=EBNp@yWNxjwJc$$I%Dl5N5<L<q`z7y;FCPYs=vBQiT54L<mDG3{k+Be
z_L&}07)$?XgO<OUx&ITNWRd6_tok-b{4;fW61(nn#;%LncHLW<dGkJMGXCj7T76x>
z9k1iNT>vHaz0Zv>PLDpCvCYt)ZOIlkU-K#vKj-_`@lWOkx?LHVCm8dz$e4S*>@8wH
z*COq>78!5fCvDG1>@~jOSmTfyZad9%S^qM6W<cl;pm)o-dfSZ5d+SfJo|%%r+8Fax
zIQo0oF%5+A_?QMh`;f!O3k@>8!$AXW?=n5%z(Ht$>3f{@{O@FNk~k&z&%Vv{ryOhQ
z{bOcLsdt$Eydze7r{s%o53)$|FU%kO0in%L6Iuo;KmS$%67L4^Yc4`VI|ywB<v6^=
zbclk9_we%^z-SCEP~udB`5!2QWK4K9W1f(@%2L57Zf;cK{5;<aM6ZyOn#TKul=E{6
zmh)a6p$7@?A7b|nVXgUAu%E;aY*MV`^AJaxP9KE$pr^n}ZUj0QDYTl;LOi({aj(Sd
zKsz4I&-91bRY17T{jmNWw~sJS)0Y*#x2)+6B^<p3^rkzNaBwc@P46pV?>x|(o`i6s
zOvtzBGSHibfbTJBItJn7<)An1g)rO;degr{*xLzuQ>TbQHoc>S2|j-Y!rhIahtxnk
zwG#Xd-++~sU^KSOhT_&U5KdJclzW$5xxOnpOYynN8Dv9<h<AoQ3p%(m@s{p7(3=aE
z^E0n*+CXR!;K>lclaQQe`ix6VzGqxhV@EYD7Rm;SdgJCfq9y`y*IeMTZkpsw2pfma
z{v$v81d9Z7fcGCUoiv~4=x=ht<TUS}B-eF0$|#rUoq;^r2GA4yn&<%=94WBI%l^%8
zvIu!r$orW{zrSIAq#vXYg7mXh?5)M|k_Um;sig}GETk8tlk@|H7Sc#7rxDk2<!z>q
zpHuE9`MK%ygXe@#Ch|Pzr*WK18yNk6zLZ6b->~Y^5m^V=1L0sE=&c5Xw`76dS#@yd
z5`dbHcUU!-+1XJ2^;LoR*R!CS_n+Z=NUBWKHAgg8?5LI%YeBkDAs);I%Fis@q*-gH
zi<$vtB*W8x8DX9lH4tx^0oDB7285rRCiZ}&z67FnyF?9lzrpkvK#9$l|1%<URf^G=
z^%jc+f5H4$jxY~C*S$FNT<UeEzsQ*9<~hr)!4AblIy+L9jW%rTUN_JIFd9`b9z1r8
zMaa(tettB-BFUdJ|GD*9ye|uFP<c-Do_5U~Uu)QzM`&=B61Qs(?OH>-&M;j#h0FcQ
zJfLlU+2cpk%s$0vMBLZddu)0j+;*6a+7#9Tp)ZvyGd4xrAe&%Qy!!@=82iM$I|f+9
zD?g*p@ToUhB-+FL$A<;1HVz2-@b>)e*A|+eSzB7J4e1$WU3nqlw0yIakL`IPpIebf
zXu3({Vh1C+)_|0U>CHgvAp5wl6eiI4%1=lduM}rlqK|=e{$;tw`T-V!?+X}&6r=If
zn=E2{kNIQr`ls;v_auxIqwy`g{$1wZC9k(BMq~I*7D>jK|3Bn!H=JaVV2t@69Y$Rc
zhzI^3tF~*3PM+bt2L0&waz6P2EJWUj15|UqNLKN)ZE8P&1~o;{;OCC9i1!IGx1s?S
zNjxrWSsO=)GaFB30Aa+_pr@-eDEs5I$XL_bRZ1Lj_d)pTy+Pn>y9y=9e-+Cz{C7!_
z;J?r^2migmbkwzfAB982_|kq-44j5+8FsEiGhM3Dh&VqxpqZp|la<UVu!zxgX7C`y
zgLy#tZ<`CPprnI(qv=e29tgklI?!9T6Iz}_s1LN~gF6WI4J~=d1?uzl0MGLtmPOOQ
zRqs}}kvHynvD~d}Q;2dX1j@D`0PlOhVLprC^9bXX9faN#TWK|b_Ixy(SS@aCTUA-W
zdaOv>c3nU*5#~`BSkdf&6?G}r-l}?QZ>7p{vbU<i+FPkvd#jdMdn;WQ;>tIb&^9+v
z{D0enK>vJ{MG{NEkNB{Ci8>A9D4$#8d0lqBL#KzJO=#X{<KzyYh||yppo1QPld3$R
zN`b(MkHZl-|D+B=+?PjaC=V#|QF9?!&c0IZg~X~a1k1=Hl;okF$hDG92vgT_BUjiF
zXhU#5c@XGFu_eARBxt$wot&DMcbGpLZ3_d!&n^MIt*UQlAd#~W`M}r5s?mlB<QR=h
ziUJ$Dd!;RGK=@Wo$gf@nbbAkCG$HKki;l5K@&V@m^$_zQuRN+sUWv}-yz<W@qQ^k@
zh_nSk4F{b24}U3a_wHe)zcb7{Mpf_5#4mDcx_`m^#~AY<T_O!2Zjk3VpXCXjL%iS1
z`*|4;-hPxtq6@)~^l#&^6-3W&q-&&Uq-C_rwoPIKTy`moBxGN@#~rn-QAbY)sGb<J
z+9G2eGad5l(?de{R*X2taXH3uO&sSj38&ttn9vbubK~a{VPi-CTiDpWKW6$JBh1rL
z)w@&s@0^;{Z<*g5p1k&!C==hK%UH|(Qg3gT-<Qkp%TVub(ZX#%lzXi}4g2tOzT9{9
zOD6VR{XpOg@$tlI7D==+|B@l*Y5F#VQ)R-3N13|hEfz^`V*by_dXzU(Qs!?GdJB1n
z^W7>!S*zO;w$c=<Ess!Np0JU4AMjbi&*wJhJHYG4yg7u|QJ(Bj%u3Wh+O*i7T%ZG*
zs4G&yXuK!QB1R$j&o&TBG*VmE31OcCI>{lmNxn~^G<Me|EJ8Hc2JbX2!t2QbF?KW?
ztO2bwR+UHS<Ge<5TI_Iz7+VFS5yu}IWDz4D{K*DF|8+i#5HR|?E@6>m1JFbs^!V(!
zcLUD})TTZsazo?-sKzy?8wgG1xh-S%*cw)Ay5PCcY-wkgsNv*vUOy}BYA7~+q=MHp
zcjSpPUXVW)0q@`5ze&y^ngcy$0JZqrS{X~&EMo~b0c^XOpG^we)~y11ldRq91yY;J
zTU7IFfNd>u&u6C_4&B6S$8nrYFU-U(!9_4-QH`(*vN^9-@$=x6ZK35r5nlJXdEEuC
zX+^jpUHo8>MG~s${S^dKTXqI`{c5F$a2u5ORRnkv*N1EE;AhLt8&kiEwrGo*u|)?x
z`BwUNpa^T^$C>lRnP;B)EP}kb>Kyafctu>=c(rkA&kyl>AI@)B#F-vt%!B{=+8zDu
zI#FM(0$LBswzU!-%|L3~wM8`{x&Ez8<U9jl^z*$Er`YIOMNuu2_q6xm{6NOok&X@^
zKflK^dk56a-hrg2YbU(F>BR`k?C(i_$o`&}nb^;RK28vf{w?zROHAzdd68vm#{P32
zix`8f`uj}C1Lc8?Jm}t@kq7V-ArF-8Oy4)mJWX35to&B!2881hw7>q5`9E_`%65Pn
z^y|?Us(TW`E;rc_e2wY0?O~`!BhnK0u@6EVahY6)_D+F?w7~0=KSyZtcF~g&<u&R{
z)RUqwW3FZUSEx5b&rI~Kp1MTHpy&%u-)dUyKO~*}*V#<WZp%CtAp@-XcG)W@a5j^J
z>K>SwTT})_ZV~M(+r~pXYl-ot{hiM<{}aPfzIHm~Yi9<Y<S8j%JD46BW*%FwJaKlS
z&T6}aMZEvTxX#)m<KKfa@8YaAOgMCccM_d|uvb-K=V!}t&dFE}MgO{$ReyF^>ZeT(
z{j@2gpJ27rPyfpFeP@M!YFU+26ZltF{UZs_kZLprkF!W{IrGQmZvoY4Tyva75}#-O
zp0mu;<Q6gU(H;~(XZq{s#Qwh221owy=NZ^5zhrvqoL%qt%h7l~WJAw;niA{HhMu~6
zfcImryGOC=?oq9}do-)=9+#yIk+@HTY6VC<r9!oGMIfHiz;A3Pv~35WDpAb#?LgIh
zVl@|lg|?uYAF!GW6suV!aaT#bwRXB{xk?(WwbM1rRkDQ3qqZGDyA~+%CO3qmAkL=}
zJwN+Kdm*=t@S3yv&fg8h=@6?vi8czrH$wp5BmnQUz-6Y7%r_x<nOXiNqcL|ri#V=7
zIeI-<Yu10sXjJF3h=51j*>5f;&Z~sj)ZY;*dVi|1X@4fPRh`CrnV#0P`LqHk)m$+R
zpag$Us-TBdv9D@<J(zW<FB$qxp80=pK{d+k4lo*#KXE=jxZM2Jbk(92gdS8O-kS}y
zuXJo|XL#dp_<Hdk9C!Xa-W!mgXE}Esi<AMp`<@1|&Qfv~G|&^-Yb^9FfakQpOuPcr
zzYMJL=Xu)Wj){|05NiM4*OzVfrnAk&u59y?c`OoDgzuS9MXu@_^LTAvZ0o#<XYko$
z^u9vqtFoVJr2;Q>2IrV|U)3#@#1j3zHS@mN0n5%Sb(Yjy;5GW6nWI<;o76UOraABD
zw+863xffXGTo&QyP8C8=Xh9&Zg3C;I<XV9O@FTA7-cIP<h0t?SQ_T`E_*qeB52~WJ
zwL>+}?N-e>044sZun+Qho--UM038ZR99*yxzdw5c=%5(=Uz;o74f)WcXn{-GRJf#h
zyU4MGb`aX&TDqUdop%6jbwjv$JJ6J;t28tM@zw=O{PzgEZ1D3rWkU~WB(CJc$~qT>
z_iCV*<wH1ej_Ht7&vmWmsL;C_7>zlz2z??~*aRuf!}n>gVl3iyfj`x8o#^2Vp!2g(
z*8ugb1?!J|58*7i-)?s7r*l~(ae?Teaf&g|v<@)OYO0Aen<xmJ3A&*NeZ@hoH1^CK
zVv!uMD!^!bELW^?X&%s&mK{rLIk6hXBEb<+U*qgej`Wa?_SCXgtDL|gzAszShl>Ai
zBs8@~?9oV#pw3fbQ&C>e9eZZeXzx#LY7F&B^j%hs_&X+R7@hsn@psfmDaJhb8Lz*>
zn8)R*N4w~o$}F^pt}xr>dAfs<JS(*>a~=bZ(=20kp;Dm#gF3y2$76f&e+d9hEhZG_
z-ljqi&L8>8>jFK!m{0;hlXYl^0>%5ULf%lI$2tCU+<t&>f^oTt^TIj(nK92V=CX)Q
z&%F18RubDk*HM?geyR0S=`T5d!}UIf_t)`Q2t_#J9P0q+UdNb!=KVAGkDeWPQd43m
zuaU=2X)5mv&X{Jgxj<7>z<=j<LVL2I=l5>#cc>&Dbi+!d%VSePN1BdK0sX!?_138d
z#q2C4bf7{p)0$$Y27udxzsd!Aq%6zIVJu>}z#m)?h#NU#-1imeF;o&SD*@i`p}j!h
zr>&Gwh+biKB7P(unhR75aglx?+e*~|O_mXQ2hvE+644V_LH*El=AZDlxrBnzbmlgB
z-ACY1YOaW@AdRh^J60~)=N2z<E#2R;gZJ+V4|=*v*N#BE#RVqvZ42`70ww<1To&<;
zFfspO)`Kuf^IZGXSnCW3Cx@Ai_<0rYJH@JxNPF<*xuVZ)KYm9YzEz1I*aTKen-)V{
zqOEpdlWHB<q*(_xxvT@5vaACOfL3&B`%$KJPOrE2?9eQfDG29EH_*-<4Hn`6WzC-H
zS=NB3tF*I<&^-%eo^1r;IQNj8`>)VeZC}md1zDggMPRN)JN-Ki){(AktD}n0P#@4X
zZofl(?N%j@^TT<HIg0t=d@4J&{ezyRd`<|rU*`(AUF-%rSVkzyWj?QLpo0~JqE9(E
zm(V>0Kp&rz#ccqD@$Lmc*N&U#PPF~fS!PJhHiLax<~OTY1hT*%>?72+uce>SuYl42
zFC#2syvzKfYjcUUIoE>gh=PE73y649r98XxgJ6%e{rGn@tD}_A3O7)sQKZj3<q+Rh
zkY#l*0N#Jdwt>GmZtkHfdH!M_p)Wgn5QoN`hwbbqF8I;jYcY_Qe~B+w)P_Iu0HOOz
zpr>0U@w#gu9IXJI@Bi-*XHKIodwfp4b)?H}?J6ZSoeNaWL;lOP>XwN!zUpoOezw|l
zx%Y4;82yV84lN{(^Q>D0;bax)bvlHjGi6`KPl8@|1@Lp}lIuv^$OeDiYzV^w(CfSq
zPS$|#)uzXiQ(+&sUC5QDn#bkkH}_W6TR;|=yGse(3P$6Ru4}C6a$h;Vd#eU04@A9d
zj%M9gChA>}lwDw@*8@HFM1eKXit=n`>}yqG&-tBIVh{Qq{QvaWzf^tDS-(PWoU0ON
z@7eb`ui@OGK+ZjJrFn?&Q_iyn22^uzy<$H8odzqt4rp5h_1^5*t|}4F?0KD7T@2z|
z9>8lryRK5=N9KTqa381v`brgxB+9{$czdKAdZH?cpVCTWxbCuL5H`v{_g~IsV68VB
z{NMTmp*vqCv{frTj`n+r0wo(8z{Ky~a?pdCsQ-SlO4yFU971Pa%pzyG%{M)Eb}`Ut
z7mIVyi3Zz}HKM2GGW(u#=n3TzdTueHXa^jrWRY~8*mq2{S=-W;EQ0!~>2~iTgmbBc
zFV5M6Yf(up(hSmH89?})r>pc1d1gsW>Z%K>SmgI3Y#-iJDrxIh#ykka$LbYxJPhO6
zgdz;@b-*y4D`<8*uJb|xziAgrx<~r;W#|{jUn%&nzxZNdk9mtkye6ehjin#B#(EZv
z#?1%CITcAQd;V)haOh~FY5)BPfo|TW#9KFk)w)TwS~qFdJT7lFu?NmAdOxHKud|v9
zvN&CR{ZC-sSpan7e2Cw?0OFwqqHh_}+ii?_x=TqM*NXFxRuP)a6}4_;2Ix;0LJz{Q
ztP{eaJhaD2ts9I+geBUA?FR`xtWAwQ!_Vk38b4PAhw2ke`!^p1+CDl@Wpu8wQWCee
z6RZ6JLLcwc_9JiI{2k58&Li}3H^T5b>)r^VH_yqku68Zmf9rO|desf#*K!HPb)dco
zm1kYj?E>?*1rWb=K?VmM4C3t%WO}mU`W7(e!8syaACq&uTF&vl^USezlgnz|lx4Lp
z0D5t!wx7>+PQA4^o6y}=gyMXcx|Z&Lyp+%?x8Sh@ZU`d`4|}>w@%^{(IF-;DEen9&
zE9Yj<HJ>q$O%EtnPC9!0oETvqw~R;aWz0hqqY>xNc^YlmDngBIN*v{1tJDeh+{-()
z{YXDHJs?gI7DyKezm3J(B{;8}7G(Ug@p5OLeE0p52ljpd4@@RUetWUdA6)jo!uH`h
ze=#D~i*n?rBVt@!Q$jHsooiYmafIu7o{96E&T7+RxEAz>E8K)aa)F6-gR=S96W3b-
zfOl|gAGylhI&Lq*`DF8>Bg}*2;=Ax!g!{w1kJZ#zP&FFM6{8X7_$S2EF}4r!v6TBF
zQ)5~38o~+b;ofol7(hECa*efihh`}b90Y6}lnWfRIQVc2!i4KVA;TxY9d+Y6prdm9
zPaiDDzwE%lBmHb2t`*n0W`ucy4tm0Mj?&XQK~G<10yZeS7EAbCJc2g(PshX*>>fZT
zHFZAf|2_@;p$ozPwe5t4+W(&0HHl)-(e_e;VE$@)J+}oz{XktMFlq-LEakmaDe|`0
zVFL!GZH2beqKidOp|LjbGn`%(#{8k}g!&lk@dAmLeFAvx(>@KV%RUWZBMbCkztH9L
zD(fvR2#2!2y~(Nvc*kWlovBY;WnMf((3e8|=4~?0jPJUoO0{mv)vP0BqF=&b1=5h{
z<<Zig;URl2Wdy>I54vsF1*ZtRPLs8`Xy2t2+rASvIF6x$(THQjhMA{%2cbTqn5{fc
zG&NR_{`hvF%@Q6bD@ENQuDR{BTr+_%af6O)_YE-}Z8x;>TlxvjDuP3hXxi^mjK-EA
z9J;9wDB6@r`?!X#O~B8<>Dr`PU7IwkYm>|B+LUE=EdaWtQ`_HywsT3n)wx5n*1DGN
zM_8fVywnY}^5F){S4k+&xpR7!h4yjV0$$H*a$m$@BaesG!Ah||8R_fJaW-h8B4dL-
zDQ!@YcBp~(HfNim_G~j)pKb1|5dEtW$2V~vEs25jS1J^v5!Y7*M*r22IDzZLbx*d|
zhL5q<`wC!my}x3U^9J%nTJDkT%>n;c9em-vFvAyn&chdIe<Hj-j5oqa4-Ve2;p>xp
z5wQ7U5rh+N(3|@SZ3x1lvP$6fz)1JV8&^x7SnDRVKIu1+SCH-z28vN_;`lai*nDw5
zp0MX|T_uZ<Gpu?V82!DBdDcq0L>Y>BxUUEfbtanj-`ocjeYX#z$E6<uN1T5uKN>yS
z^Tg-4EISA$K3_o;6UV6MKA*<(&)vB|TjdxwFBVtI7{PWzAq#py!r3+B+6_rpMh+P2
zL^<G_L=KcoIk0zVER7G9i*xso#_t%%D<{jv8BoY8N2P7sWuL!=?@}So&svk;|D7?<
zt^#76s!+`CTtdBy;1#q-(+{|;-dvzxE*IyDBvj}b&`M%xn<8F*1x8~z=O4vNYU+F&
zM{Bt)x5T>dJDT;YTtT;M(Kado+CCrR?F%4&-<&L~a{=($Xq%ty`K|w7@DTYM@=&zm
zBk~aW7(C=%IF^T^3;$O<^!19#d1&eXPk1O$!6H$~Lte>43K217*OtlosKUWV-IMT9
zTGQs^yncUfEFaBx@KJaiA5~1kN8cI8M>`#S6dA`y(MkAdr|<uckM5d;kM0;f@9pE;
zYSEIvjji_E@{eJw`9G$u=B>%tYSEg%+Ez<UanRNUnHXHJDquREt~4p1(O#=N_u;nM
z*7C`1HOK}X*M2@*ZOQ+Ut@d&F+6k*Kl#jL5DqKtV<9cyCP8%{$#Mh5BA;-B6*Z;O$
z|J!2y>fLjSoB00xl^ckbfqx=91OIN-XpD}t^A`J9gh<|9HI8@vzKp&2z&Lxci7`)k
ze!X?FLNR?a2u0qEszxKqBAZ{I^a?&DBkW`I>7HCd&&Q)=+&puAEaE-K_&k3-CZ3wf
z*Ctnp-YxHGN-VTo<giaplEbdMC(Ek40%*w)iT_SPej{;1f$HeiK)mc9fam<nz5rpj
z0(t=81)sOp^nM{Y=Bx?7<Geb7Z;|VaE(pYfHQ?_?dBAMET~yrk34u3b5$N3#Z_x&U
zw{Em)R9hBL<^3@=QJdZ996x-Pc}AaIl6f{D<v7B_`8>k^9mYI3Cvv5jQ|PSZr6myV
zz7%w%?Ngd!?wX)?cn`D~%Hjhf5Z}EW=&l_=4=hmPyL~KT)Pg^{ozUcIHbL)@y387b
zpUKR#P0kZ_kUdY-H@}f{^j;>$Bqv#q=yj`@XEeoB^Xsj2q04dsiKidPvXmKwrgDKQ
zc|f~nKsb5@=!lQ#?+NXGMdTL^MeM`!enI3ScfA5M<rOi`SG_D^-)rZIWF1dq_f{p|
zCgUj1*p||%?N1jj;qf6Qk5I)8G?|M$v2-+EcxNue{d|uN(67ri!8`%??zaTo!3`_R
ziXi;#38qK;2tC!Jn8;%&zg&r?{m4^-*Rr@Ce5?=Xo~=s!_hl>sZs<vCQ#p^}{0_?6
zFr4T6nlj&>YXgs?Eah>OgSmt@xPb->fQIJt7-oF!bP+?jfr+>c;$b|koj8-ZhIB;j
z^~@1C@*d-R=HiI+;3a}jIG!HJvRpF=^%{#zgk!e~@n|;CT?MMOrxfT_a-2k&fJ^Ey
z>p>XsIwtu%t{>MPl`<w$#_hO$D9fWN#LMLv(OF`Q-T?<q4>Nt2)GY@_M4b}SbGL(j
z-}ADFH_gQRQxY$C&nZT|5<SN<w0o(8b|rt#_yCx_J3Kkek|hFW#w)Cc$Eg*gao1KQ
z-k=CN^Gh5~7Duh<)b{h5nH`#?%@BDhgfsF0(p_i)&{swzJc<Q80xxIaL1u!E@Fl8<
ziJountItiGyYsvA-oc^skCQ)i{&Dc$w`_ToC-MJM#>Z~U`QOQ-RxgXdGy&t_i$Wej
zC9Ev-LU_yXneOu&{ocyNPVet?7TR)!C`Myn0kM$AdUFN8A+4cYIX8zzqBA}|uMGgE
zKv}=!5?)tuK7PA%gn2lvD<USkyHC_sxD=xiY2c<JIMkA8+K)WHd+P_s*Ik|3{z^#~
z6*GiwiTvZ0bb&JH3w)o@v{((wyZ2eOF27%eaxlfJZ;;<FNBA9Q)yw4fOY#2yX4Tio
z?{mE@Lf&N6OXT+oujsEr<o7Z!ix|(c>QBq>v%D;lIK-+K$?qO~-yc}DUw)s8{Fh|a
zSBx+Z$9IdscbOZ)RYWn5db&zS@gB*tDpc;T^&{?|7=ifXPF=KBi6d>KE(Q8;bNKl$
z`%aB8Pq(Z^b3NQ(;TXJUM5V~lApPvx4zyd2amNVre3;BQQpO@iLdc9j!j>5q74w+s
z;f%~kx*d91%8a}bUYpYR{xI{Pei_iF#t^rHjwZ)%s8id&YdfLH`#EkBM}E(qLFihU
zgGbvGuZ7&W4no)E3OYmo0@r%;0-(Fct@C%o%(E+<Wp=CCX0$KM+&70sf-f;Y>Y-Q0
zUHictarSKRcj9{CNTv=2WpM8>^B^7D{PamS_WAGF&-aVxUm7?5jyWu191_=h#y$H0
z^4|;MT6BbY8US8E{o)09rzKfy`p6;^yfx;oY2y7zPxd{$w$HvNd70Th4gC>u_UaTb
ziwtl4#hCoNsG(D0C#M2MA1`qci_Bvk{Wq(y?XWgAc2tAd7D%3W6{d1KdpD5UwRe{m
zce<37owK31Yb}ItRY7m*ft7qO=(7;M-v#;s6~aW$3A~>+ePpqjMj29M>_q#zU4?jC
zw)Cy|+4Bdv{Wzd5T4<k(l2Bpve1oVe&Nqn4b5XM3-koUQyb4*zL+6<O(446}KKn?$
z^g$eBY8M~e*>Nss;bSf^-)G|dj}uIsyMgxMn7JlCW%|gcCY|d`Jl6EH(R!j&ni3PW
zj{=6_i&!L@1w9B`P8S-){C5$$sFlz%t>k!80sWC|lzG!)H($hiV8l||bgmniI`#Pd
z06NOtnmHoY@Nhkt_*`g&>A0qauTHa^=W>WT#b1j$P?b>c6F`5jPTlsNI`#SG7YV-v
z@AIt@&t3JDBX{R`7S}55{Lh%>8pM4$!Y>|wpYS(+F)=<c6=*f6+Z1mg9#ElLb1kvT
zW#6z%@<B&`KUf76Tqwt&HXEQMSS8NK3snJan@$$-9{zIzad5$f!8uC&fLe0gKp$IO
zGTJNaS{LZNeqf|-p(1P8qb?Y&k56W0>f_N4!goAe4Cd&2`kKUhobT?R<hS%Bznu`j
z{Xy2`{4?_CxlE0PliosAqDGbX&#wZiR+2^K0JZqL{abrBsYTwy-}@Nz@VOQ^=K3+`
z^&`eStq%hAPBNc{IV_Sm%l!EM@wnK1p7<%f-DTB+x~&Dkk9bvzz+b1898b7FN7`Qn
z#)GGt4xBjElsbX5zTaguda{kiM^sYVeV?*2`XH?I$@9AE)<QV7xvRA74G6p4peL#l
zI{~2B3ozeX1b!!u?^i*erY)-ZF#5o`bPqAz<^|{4#Xjd}Mr$ZF<flCF<J|skxNc!I
zSDdpD%>q4IAofZmvq9fid{Oa%K8>IA`hP(?FQBYBtAxEX$cE4vrayAwqS3h|iZXKn
z{9G*Pxc3axgJ3kCyA)^*K*`6Yt*8D5w6%+$sg>dBDe6R?cH-u1G6srxfk|-EbrG-W
z;q-|1@c+l#+rURror}ZI%xsb+i4bC7F`$|786r@y8%PkzECdAwE6ZqYwcVZU4rEK%
z&3=S0shJ>tfvv{Uu0?8srM-muzt`G$>)v{6u(Z|M+gjvWYHbaul@|O!QCTwC=lz{?
zW_D*c8??9Wi@!EI=RD_}=RD{6I?wqceIsQD3pMwiXT@F904huzCIB?}_@-XvGFPJ7
z24j`WxCC$Dv7!LvXKv@iybZdJKlpGZ>3enAjV0U#%8U{~esVOFlQPfLLYR~}e#OI;
zPx4&JxSW1;^OdK(0?34Kn)#;Q-Gz|8tIR&g=FF{^(mml$LN{~2-nvUM4n~@J_j~iD
zMx4oj1B)IXyj)8Dn9@N?UW@3EjPd@7vDc3Le#$6Aem|KN|9N_t><$?F_CFMa+K&WV
zt+8*v_W6kzkMpqWAsaZolU)hP26d!gW}oi8h~2+N=x*M>W~B%66{n69n>^h`<BIK*
zxkMvC_;^uw<;y%*ym5La{>S#eA5QB-lV7y)Qa#}p>)4Qby+bHB7dG`)8@Lc%-^oi2
z)v3(8DE*dqQJ^q$w&`E3>pz&3qwDkZ@9&YxL;nPseB8k8*OM?V4I<^ME~?Afc@}QJ
zl>DFslGMlGppQQwCC8>P-ot}a`FAOKoQJ;VCnWQnox3AN&rpO1in=R5C?U3koiE`Y
zlaier^tk{Yw-KMH=c+C<wx%G)Mb3!VTgr$z-^$J#d(C##6vnj_JLjIRv!B&T=Eo~B
zgU6p~e}?mSwOvXQpToSrwWbhcPGfIKka_Mmc`2!JFkjs+CCt6qq@C~e!&tMOH(!Sa
zd<z=pB6~BVvrtNQ)DnIkcM3{DuC~GNh<r@}so{jc9VFj=TV;7S@L?~a+~I_<f5Np}
z2~T#|+520hKh*<Qb<wv=?d(h|Y1eFXoTYCW8_jr#;7srPEM)h6b`EClG_M}a+-dGj
zvU6jd=TUx+=n9+EV76Oj+{Hxj_Q1GP#AkNto_f(%Sx)NdK}_GH)o<LtNqi<UUXAw%
zVd6)-%=`Pu@7(ta&ZA6pled;jkT%(wx5Zu7KE7(<qhDI?TjV}Od9Q&l?bF97OF8#3
zb$*2Mk@T5DgEs~;yzz5O-H)4fRq$c&AiLY=2b5p_JL`TnnCeQzcvqsEhw$!4yDK#S
zC(%8PP_h1PKHI<SwS(;aIy(m=3LumDxHO8LO>qf8b<Crj=5}$KTd+ZwZ#sJ?lce*8
zoD<m`L+msUGSRUxgwEpvJfT?p6Vopv<@Oo(Pnu=Dm97Lw<nc0&>D@|Vhq(1`51~wW
zew<BnkFwauT$@z|73*txkga<CfDzw4G!f%op4p%amA^bi+LDsySo~-ry`Rjo#?A1j
zHtb?4IcVrJS59C4C(n4CrT6Hs>NV$^bWe+5tlvZ+sqm!#kRX2*?%aX_VO;H#0CmmV
zC2DhAz?CTc@Hw6g;EZjT5;2~wdFAFeHw#_LcA?9=MCkf)rD2OBQu2glpZcjh`X+t;
zEoM3Yw#_*I#<TNp=D9a1=iFQ8M9aB1fI7m{bY3Yg?t0cZ=a$c&kn)kr%=xxZW%l_t
z(oTQj=ji!1i8Ic(-9FO!w!_9bHlgd#38Ab1QK4&7<?wTCuT-*gO2;bmonvEl9J-zP
zGv=8ZGlozNQi9P24mOrTcz`Fm1=#z6058%$_w#fQ11~^=D`Nd-b+hv*T#YM1%8)r9
z>GSxB7>8nTR<qcboBIJIJ|I322k(Jc#m@6A<+{!ad@Wxp^`010(5n<mNxsz8`{-z{
zmoHt?`{-!C_c%b`WRPZhY!K#bAe-mf4iI@BEhWkPeM_;FoR4=L`4$Yk-zWe*Q?WoG
z<LEfJ?GlWi;9-{s9H+#KKprsmG<ypSec#haV+Dj(q<>_-JW?Oi<KMHm%k=+D*ryR4
zJ)>Rcq>G?$|9GjF(15KI*$$o%3J!h|>0Y%u>%9Cw=s9e7k?Kj{({}l`A&g7K%r1YQ
z=t<+Af*!DphX`H74?SMU-T`O?{?wxa$W!vfcV=?g@tr_{rJf$>BL0j}P(R;mdB4tU
z_-VvG`pPaX7mc_L2c3JEed10X&`}nPq~w%K=$in2Qyr||f~DV+ke(%SlCf%73SCuj
z$tn04)8kWN8K3G8P|nC$W7oroj-O5c*`Dv7FPdL%gRa++y>EKlc$@S!gMJiV<GM_`
znq%^L;%8sZB?wMmNnu<%#pu5p(a{IsgbpbYo6OD!?B=^Gy@gT|?9d07yAnO4sJy>O
z%2tbf+D4M`xp)ZU{b$fg;CY*rAiOD+GMZ9&Z#H}p8PE5K&otrS@)X7g-bH6S@9KSq
zhf`iV$TtDJ`0{qX>k@#9K12WfW&+09{rOCXJUEDP@f~#b6-vn`mjJ!L_U9IuDRez|
z!oi_Ij1Qb<ZOtaW+G$4nD&iLvfXw1m6AoJOdril<q+{I|5FI97bWQ$pqQjw%d>=oL
za)kg+#n`89(wfLMp|PG~V?p~5+5P_|ssALy$xizJ7NZ><o3r>NY4a^=t0o+T6n$UN
znXaoRyRJSR;{$IZ9lM@ER_6zVzHg%Q4`{(b%9Q&z9pmCztgANo;n$Y=7x$2q<i<cB
zv2&#C5`Y(pZWJU}Vu@Gis@4QrPX|Dl)a5Gc+{4zBm_2+zr+bHn+1A(|=Hs?MA|=1c
zkK5JFk2}@Lf$aR0u`{V4+qb#5V0i3IE6Bvo$awv$V`sTI5+9S;=#D(T5wS(zyaeOk
z^H@h<$o%*3ooD^zpD@olXw1Pg@z4LHwr@H}3DZa5BwH65%gLpUGpAO-%-1Hdv!X3F
zkYB5Suv7^0YZD-RoY<fJQj++xomWT+7!7^i+ogm!7V5}6TCC`<Q~{j6t**pU5$YOk
z5VlVP*<0vJDE}oTL4-Q*c2}Zj3OG3to>ZqW8{S+7&dypXQC$Xg-n(20ts0!#94R3-
zf|K~`w*geVHWk9h0c4rXcZ#h1_A6@)`0?r<TUWDXZ<G~g8Dd;Yq0>9wmC!hFT7AsG
zWfzVeC~k?4@#Hf2U3I_bsb)7Mm4lG5);}BBT$YUe^+Zn36FGM!dJ3VA(8*f}b=qZ8
zg81cR{;%*WdjYr?s(QFHU!!*>NQo*!dmG4#vB#0L@e9L`ZP4jDI;|55Se^a0Or2ia
z2z5?{FbE*;v())R!dw3?CE<O1QX4PPdq8{6;FB2}FQn;6Y_QlOC8|USy9U|(Y#(Im
zdc@4Hf$(u-{&w7w|1Ea^id!86bvy^o&N))z5CA=Y?gDsVGH6Gty>q&hofW;_ud}^$
zuMj=>9;4;pAjUQ0w|SpV<q)$Y-mkk7WPT%l1LWr}0h#zl(8A_E$KN6IJ$QiVFRs6w
z`WK{*$-vf>+Q+*R$@RA0jeonT_sfGA?|%=Ruke+-UgIlIdEW*35@74PG(OB}?$2|Y
zdoWtiJ1C4lI0-cOY=DZ!8VC<Kx+{qdooZjTRT^!)3o+KX-+3m;->!u^&t7(ix|Qc<
zzL4R$<N0{bqW_++r)LTqq**Msd|a4#(44DGu8``<JZ@0n4wCW&Z-QUPbS_<&N0@jD
zPJ*lmG#*gfs6n{;Jj$9duC^bD+(`*GuY~o7pS|TgCxPtan|jl+%DKdLj@;%Vy6<dK
z32BS?*veK{V&8k{oGd^c8T*}t2X1#I`UP<A6QFOq2u`h5N=PD;`2h}`gdd2!pLiFY
zfau`L*q)@8cTiS#x)Pma?px?ed=I$VpTCVxQt$S6km`y79ceqQhOEq=fboGpv$#?*
zqGQRQkhVkT-;VA|u)|oDzPA7@UVfJ=A?jH7=y`OWCjONG?keEELg%=3AS;ulWO^M(
zV00v7uh~HEobm}{Qt3)q=fe%4xnt8gx;Nc?7tVDF;|=r8=$0Wi=e141xHJ=-W_$Z|
z%(9F30E^R{cNqJ7jrqUy7?T0-57_*_=OD<rc-&UR-ngwQgRpi5$W;|U-wGkJ;i7MI
zUwkn3@=d+f{a0oAAZM?E<b&riF7|<w*!B<CjOsmp2iJAt{^j&eEK<&Choox|<M5;G
z^^uuRWMUN3D30RTKboUBD%_`!QINhI7vKqNf0PFyN&F1&7*3vVoEK;7nB!}2<}^2v
z^#rH6FC%hm7s6iSK5wxIWNkFmQJENHygRP3`G!?4N-<l0SB%NXZ$3W;3>hRiNguO#
zFd4%Wj_yj2p)U>%qTJ6zEdaPZ0AD%&TSfyyFT!&)t|Mg1lDUcN(h=5|a>keF-%ZoG
z!~mj$_!S=D!`vv4w->WFe!RvTKZ-q@_v{Amsf4GV1E<-xYXsiAC5QLKpBS;H|6;tS
zC5H3f?n3A~W~>!-7<&^sQ<k?B3GI!y6s5OVd=1`0dCTva9hgsSLK!%l1*xGoW%RFt
z5BDcg29CYQKbycjYv6CZ%lDC^yVBZMGB-Rvn$h!X1fLYvWzk|Z>*Hhx#>IYC*IA;Q
z%=OzYix2u##s@w067xZCyEx;!DL)(TrztPxNqap{+6OG{9zrW)p6b2dvYznc%z8rS
ztN)s|e`DNR{MvZq+=3uA^n6&K@yEAkXyJX>^2XI~|26nD8~FTWJjTUeX5QU1&-HE^
z%Fs&uHw&$PZlTqQf6ZJWWgVyQXWH)n|EcZf$x<@?F41EkD_>`OJ$rt@Vq5(OL2fLC
zFdPI~F=UgjXH{~EWhrz>Mew^00Zt7(gEEy#4Z_+pOfP)?Jl&7xRD}Kp!UKnnoLeA*
zcH}kzb`d||%^`FUy=%tUH=Vetw_3Ah*^rN~fh3p2xOO`@&+!v>o%0O0Aq(t~d_0M9
z?^koy*tcbDh<1$Wnt?yUKh1_9KjD=31jxkCJS%Xu#2)@9r@3$BG&hZ(8E@?Ml(09>
zq*Au#L41Kjtx%VR>v|S*>nW*Uz~+CB%>1u{&Hp|Yfcj8ej?YH$=(Ow+pmU{&lq7SJ
zrN&wQW}Zvr&PjX`NG5c2oG^60GKlht9G!pYeD-?fC>~^Q@h9Mzqr<BWKjvk_=la7q
zjC=jyq%^95aOY5dd-2<G+4jP_&#)Jd8unt}aC`A_A#}Zg=&<4(Aaf03m(HX7HX8k{
z;KRp1K>2x#j_%)Q(Mvzf=q2SWlfREG@^?Is{2k9Df5-F4-*H3!zGi7#+G}b12bLJc
zhyR+k<A{#f_M7N=G-a|ezZp;ODc*IQqjwcQN#~D6+4J8OPhWWc+s$8c%3A<(C1~zC
zV@~vAPIKRE%!wu%@BU~!(-i~7>>WV!%~qRz)mF`T6VN+`$%|J2`Ibr9^0Hzgi}Uo4
z9(fN9X{$0vRvLwhQ`I`kbU#9LS^9p5jt3!m1)`&~(0Io~N4c{&dtLDOV74qg&w<=C
z`qTMXSAynlH+(F@+Y`oNy#EDsYK9CP8bJm|=g5F`iQ%tLF#L5#exHfRKtEqu+aqMp
z*=7qFzqOxdZM=OB<KAB)^;w91-q%*YU^frD7J}yPBeEoboAj{}_^))9WzTVXlPH^g
z*!MBYM8<svzjOe1>fTZLecy$29#~1|fe)K>ui(Rn-b4A{EOOy3xA;xhT6~2w{~DVZ
zv9v9gS@zsn+OGZ=wH-BhqpO0w%|Phd^B)<%si!c5k91`QpUw~eHTZnXz-L1R#(Unt
zx+jc#t(9{a?|B{T{(UIhe^{|B<3DIi4gaCh@E;n7`wzkYL##7w#5zq}9XYs90BBg0
z2WG+lp{;jQe}5UC&Q*+9lGipYmPGU+(Y0H~yAqpUzNz<DA7Q-b%itU*jN4Tuj5{S2
zfz0j+n?Uagb`)yvj|w&SZb53$w!>=r9^+;%ykqCJTl<SZ?k*O>q6o6~5wN!!_d|FT
zN&inF+%pyA?*9_#n@!z673jGOjreG%`LNUma+S{JPg;r80QSsVkAcfT_U@Dt{g;B1
zlshy&Q%<YSj<=5zKt8%6M+Z7Ga!&e?whh9#Q-_i$6TO>{Mm%WlyFS9WcoR5@e*U)M
zxBt(@823JkPC|n>$=L3c64D^n9i33Wpt}~rJ1SRg?FW#%BV1UrY3?26($?cPkdHd*
z7d%`9T~_<`ymc;KlE;3{hp;pk<dcOUcTa~fECRXL4s!P#2=^=mx%&zTAF}1l@7ptV
z9x7$_jnu0P6X_Uctp^}Fy0-&;FSlCYY7gba)NDVy_55*PcKy%Kw%}}`Ejz=>Q61V#
z>aB$^cYk)-dxI9-F4Eku5V-MtSiBPCUK_|zu*2QW!}|VtAdANDeL4Fo?hRRNezE2z
zK2!H)5Ekcw+&vk>hj!+~D_b-0u2RkY-?Yzsc;6M-aHGPOxMqpw{t<!O31Mj(8_VjP
zIOt#3W{(}Q6Wu`wcix?Y@45`!zEaKo9Yc>@c`?St2Ux7HgOr_5c<0)!{qG=^BNu1z
zIq?loBK^I)ymHOMCC~*GP+kEQB^xM?0)4ATGhz?}Is3N*e?wU__PF-n0P^ngOUt{T
z6~diwF+IK4GQaK2Gr#T3Gr#T3Gr#RL=C{)k9Tb;se0cc@lr>|oEu7Ebp%s9v8GCI9
zsu{fog-Hi1hzy$arEl<#EE`#4?6vSjA%o53bsNE}L~0;<M)@<!f3o0t@;u6KrHuR@
zKHP8YjXLxpd&_9|XefVp40JWK^?@Uu>%H~#-H-|>cTT7%@c^uEMU+RS_4>pM>geVo
zsbSF2(O)+1*#2=j#=W~U@qqRuOYbE*=o?sf{-3a}_Vb}^TQngDj@YLC=ZC{|pa1*&
zRq}r*<2(P4_i-A14|imHOur3X{zXFbJJ|jLLi0<K|C;vSG<=oC<@65q^nQ||b1c1{
zq=%R;c*%hMY&ph7BW-^Y9aettU24&3qc!(EsqFmcms#>{np-pads#WgwN`X$g48ge
zSbVvKmigXw8DGxzyMK+2h@}{vZyRHYt^J*Gv<H&t*j)_e4_^%Qp5;o+romrb7X3U*
zb2sMD=&x60@~cZV_kvs+F1FaJ(VF`+Ir%dsOZ}rY_Y6yZcS;B^p93=0|I019X$;d%
z5@>GgUTm<z>dM$<Yf1qsx-W;YV1up`PkgJ=Hyx6D1-@hwK*JX=hH#cXyOgbU?VbKg
z<=!z+ZmxORjeUpT9gA`CON@U`<<Mru0!!aUY3_4F=rHy4zTcqC<aW}9{mde%K{w>K
zH%G5rl1J`lpC1lWbN=u5Y5zCL-b|2;w>rf8GjDHbR}O!BBdq`ZZTvC$kMrjX=l=0J
zs*>pVHn4Sp86RT2=X!LSu>#T9gJxYLCO+#QKEQbYSD772u5apn{o~BJ5c2)n#~J;U
zPydte-t)s@_8WHUqOlnFUd#CEq4Vs%OU{U+m@!8Bmc=&d8&!7p-bvLxLRhqcoPLM0
zF55>r`B{{^lIV~M>K721(0--Vzm4eF&hxv>{l@({er|7lW_||?+5ApyVDmd~{qXtS
z7m}>Lr8eVzlp&Ot*t6q{E+@#m@dgK(r|`zxEUqNV)nyE?Um9=45Z>FDLb=+`(hsry
zZS?m~5gn$#{TDr(@5ci)d~|+zTJHYfx6`uWxFFx2D3oZNlcfLr|4`<B1DCxPKK*<3
zd9VJD+s)U`W&E?w2T*PwLPt*_{H|MoQ?Qrmw6$k3uFXfMX2kY;szB}(`WuKnb5*i<
z{$2rgk-5k{{{)==a1I@>W4F7T7uKH~2XZ6ur<x~P{Q1#LpKCe#{J!*D{nP8v|1j|V
z*n;oh8%JGs{vWTS#E|og%P=lp&gA?T#=Bsn%P_9hva|uiPZ?E)@qw8v?Op@UR)%rO
zNIPVt;TVkf)UdR@M%wu?7zZP5jgj`@7>s*ou(aPAZM-)I<NecFTBiYbY7E9jBW<+d
z-~43^#<giIO*i0<kHPrBRF<~XfO~Ze#w8=ID3z@rj~agWOQilO4CWmJkKd5`C$qG6
zqyFbf{nbXBLzeh`X~w4#OEW%|X_uOl|G3;uHgM?q0OJEMqO+6lZ_s$Dp|ga^!fqaR
zm7YTf;oBv}7QQWJd<$GQ-~QQxzhsH;dGp{u-FTns+XlbfO~&olj1ChGKFmF5(f=`n
z-A3p?fx#w*^21(jj6;~vcRYigoa^HiT{wP{OwqOaBZDc1YeABI3(5RvCuWY2{@};x
z(0+wZufabn3I62_ryp2iw8Yk>$DA8ZGcq0r412sV$#5cR-~E{3MSk~uj1FRx;Frku
zIXs7Qo#8M4&qu7xFAY3uiTsRac>L6eD@+^1?u;O5^{I><zhs2D(EL0w^HS{1ld%Rp
zK6{?ov)B%F+Kj!h9fRnIahls4k7YyF^N~Ltc7AM$0Cm+MB^pHt?<)pbDRd=_H}h93
zg<QgayOdDN;CD*D=PCNe9nU4E+DRFBkDhrND9AeV)O`lyP-xv#X};M6?@gh50SmfL
z2tq9>v-=Fj`%~F_@fLi*-r4XLx)Pndl;CYJwz-g_`1Kco?7dy0@BUijVP7-WK@Pu9
z_g*`d?JKh0x=`GZJOsn<H!Ps{&^>#A;4;O)|GE#+apC=$nf|czdIi+aQ_irx`K0bg
z-^Vz7jCIe@^EBCTpFe}~fh5*FMek+fyOiyGmv;%@^}iPx=WyKYOsshh=RXh~N<>O}
z3%P_?2EX%0ASw2Hp7QcsqT6!DF>6e1PzT#arqfn}pADSpF@(ab_4GMp3<XHjF?}Y<
z4M~n0nT}H}e2_eA={ppr&#gJmU|br)Vf<mG#e)`FoUpvH@j*_1jWbjSmvG?Z%Up@=
z08W_7_T`;$bXS`1=#lXl0C3VbXGEZHh|>A}`?>qg(_{PMRO7te3Bgutp4UA29>#l8
z8UE5Nbm`<i9e@4kEIOJajK4n3+WSZ}T4ABlYZiX_4PIE@d4Y|4?zsH$J$4?>?Aw5)
zZ-+kRm~T6aj@QqONYnSG8f{u>`i&f#Dmu#6evYy9^HmEkoFx9fS4z_R293SWWL%f?
zZ117B0OYC(5Uv(Lp1j#b_s=cipl<SBDLLhUloTJAl1o6?RsEEd1mJc7@VlyjKQnN5
zcO~85J{4%JcZy%4d%u0aztGXcotcd&FKLkyo*D>i9LVO`Kk_#h_J4*9SP{a?5X$0S
zDLMIol&pT7!123CyF5SzNzZEg0^`?g>gyT^E2BT1zHVar`b8@1Qel?9{_J}g7Yo_`
z>3niPb+%ZT*4Z=O8?Li|b!G&eT?5odq5IVfvUSmELk90hjEe;szSBl!_%7ew&eIIO
zdqXIwHT&@A4?eZde$lFn&%T?{*>yxOf5db)`JQ(M<J!mQr2FE}qccrEZ?>*{{auVp
zA7%KrhtJ^e`jm3>?;lWInT6Z`uzKqr&ao5Ml^XXcxTWM@a`Ku=ne18b?YxipgKp*z
zjbul*;PCe!P2Kve0CiMv)<9S)U}N^T_b{&UEdEi2821)gY(-(F|HnV&_ys>;_c>U{
ziqlpxekdA#9+tlS&!1bM&~va*Li%9h$PJ?Wf7P!YJeT-+4o%-JVYZUc@K?;9Guz<J
z)?>=M)UM~Znf#~YgIOPtwlimQUo06uo<Anz8IkCH7*;%gUc%(kw3)g0p=Rzb<_>bV
zN=fjuyD@vBAlrJ_+vxtakc>4;N#1xHoj2Y_=Z&|~dE;$#zSP$H=;&p=d}%@NzAL08
zHy4uKP;p9ZWA9ScgLY&B9DJXyQD5JAWD@kfpImS2y`+D~kp}30e**mN{Yl#U@87{o
ziH=Fkuj`l!bPsh$DTKv~K<>Ex;@*x_MQ=xHTyIBed~e4DmcPOVGAZK)R;HQ<xwBA8
z?gQvEbyD%$7$4xk*;y<lt2uVA$O}-XRWhH5z^#6p-c?S|33v}m3DWPXCJ6WPK==KO
zCq7L2EyMA{?sn~{0QwetXCb>cg6M+Nrwu)5sqerL%7kaCUo0ASZ>$CtFH}jwnbIO6
zS3)h}4}$-6(2m^ssCML<)!Gqi3u++z9Dv*}_V1~Jg1=RBAXh=r-<H_6S3dg@I;(rQ
zu5RGynQIZG#92hg5*w^$_boD>BlX&eu1%to;HEvwb$OeC#$Ufxit$+a%HD3?c1rmG
z)BD}?zpKUiPjT<z&a66*!^Y|{L<h|uu$@_z9G<_M?d8cDv+tb7xO5ijn2~hq=NChr
zHeO14i=l7(gRb7@2gmm|fo+!uY^VB*L6$&jsOp1o{~D01o`P^sG026J;Nt!rYz?Kb
zh0XuK&*pyxt;Qaq&lA}+;?W_H_e}zt4x2OS;%%99Nd;LbyR@8ZyR`f*0ctz?g|G`i
zzNSoSK)Vp`@5sQCawEdtBZT`SAQO2%Gzl0!WKO>+Q{KB3<RYW|NdaonD8IZ+YN)zb
z2oG!p`4>jn*FXr18$tfwBq)D|;A!ChrU12#M!98WQo}O<;q#8}$_W4!gx(LH#`wTV
zbmr2u^Fx#e1bCujyQ8;bCzn`==y2JjhBpPSw(%(lYhFfQf`6k1;gdIjJZ;9IJq0(w
z{Dq*oYd~|qBM7x`3HI9K0)KE6d-uj&44S(PH1|cIxyOL!E(Oh90-BrXz(Ua6KL+i{
zV$hD<Sfsf<hRz?W!|JNXAw2IgD1YD4UD<dZ!p~KLJa)$K_RQm<d^JC|_J@_=B>stA
zgVpv+p}cAf7q;DV?bZQcdjkh%f^0tvV`<*^AiR7$$o-ep&u`f&C8{_GuOEANCEasd
z$7117%VOa$6=dT7aSo6R4LnKT=7Dy^TUo!L8piIT@-~agTSNIIxLBH6zhItCYG~XJ
z;lLD-8;gZ7w+Q5UcBz5Trg1zU7LzDb7@my>>Fc3$D33kOt+wxAeIWg9EQauzySpnN
zoblWqHxK1i92c(P%WKEZ>#7U`>ocKql@4KB*^OIWmxKJu$LM@rsH}ZQsH}ZDNA6QP
z#=Qer_p4MUo#-oD3gbPmVcp@J^!Igo-l^`VsqA|8=@=LPjCD`tz&}jt{}a|dkpuq)
z9pgQ(V%=jo@M}o@f5f`)=fF1&VO;zp*7fATFCN0U_Z6($lLP<jL5%nO0qb_>!2e<p
z;{(UA?&~RZP`{uI!u{8gv4R(2ps?$>!IxIOrWo&y-kCy2+Lyc9GQTt82L<#zK5NVB
z2VO<ywf~EC;T#+{zl(A0DAujd!7=hK#`|BwI@Q3jqn2ZP(CZnV1V_*cyI!Vq9^+do
z>N-Mfd!G=NYKYDg!aaXQx$0>leB1+ajZJE(dYcb>KLc{r5Fb8t66G4Z)L<XQF&QX;
zaLq}SFE`eO2yfpHP(kEODFK=ARn>hEKI7=Ftm4LgMS2tEG_M(JNS%K{DkDVyPA4``
zD6A!X440Djp{vJHzn~lJr>-4)cO}s~Gr2n}3oilZbVH6#3Wc>qjt1UroIln+vAlxl
zXkG|=$AVm5I;nhY>!fneb|I{ZAeWb2TJCvPp!>;)y!DrXyznw8C-UaGL!jr1D+$cc
zgs^uC%OmM9J(J!)JCp8h0C{5DrR5}VFa(J~0cr`1G!x{G5+MvVAYXYIly{K2>p>n{
zc4_%}qD!9@!rmH?J-dXk*9|hshlcF@o*67(T)^@NrZD`^kT#wb!pZ>3^U9<Kj*Q<)
z2p>AjX#2$vGjjWHh>lsnbl@}_biF(F?#gZ`IQ9R=-d#Ce0Oy-RVeLmkVJ)FyA-iA5
zam9?^?QvH!{rkfdI;=G9DFd0%)9nAgk5JwU+L0?;w$>B)jyoXipSWVH_bAFgM08A}
z<5N)kixfI2FMX8{-%|mUUr2jZ<9IrsBY*oR5+4M@bW9!Hl?kH^h2!{eH8S3-+Q)~z
zvq7%<9v{AM?A?_ljl%5X!!VJh_g8{U;edU+hEO*9Vd`GeAMRat9(XlqM@${e9Yxv8
z+q+t~a)}cHJi+l}YOm!ks^$9~=c=K&mX{`+>m+_&zvJ9004K3)8_D0>xkSgaketbt
z)CP?FDrv&GmB#O-2F#rQKxfBxF0pBd$Q^|D{TgMD0O6$<-%)w}#b2)^HqvgNSYE}k
z`#0^Slgg_)g>cVU#ve6h&_(#e&UNm|m5a4+v3IlSKK5EBPs9$nK13$V93MV@meKJk
zw9t1PJC{J@aF#)TVz2(<=&mf}m^|)#9p$-%c6R8Rgy?urD6E};=t$e6?GT<?xniq!
z80E%V@_W@*k^C+e!rtj1H|`X|odEK@Qev-oy6!;Al63A@DDS=u%DZ_XJWvDjL_=;L
z1nmgneGM|Q`#%53o-0}+^&XxNyWT=7Uq3Y9`hn5N4cZYxqu+scWFG(Eo_Q@{%Abwj
z=fnHnM0s!s9bwRpOirO=?M^B28Zg^^3ugE<aER%(7gFfx0_}(+g${zN!Wnpz_BoKB
z5YH_jeWLY0%7?Y5nN23+K>PMHOvCSc7UeYT_xW)3vnU@MLdPD^j(o=I8}&ih^<$Km
z*`<bO`q+MZVi#!MJwll4Gwu%qKD_ToD7%b0mrc^#jr;j9_al^lIE0RxQs^QwoF$`|
z6B%8#Rr)c?ze%CPlm{XMe<o#!j1BQ&CBgc?D}@e%^IJpcAbg;_#Q5NgWd0A@5m$>+
zPjFjk_;6Dvtk^0&fpX&zI?n&d)j;&&dH#_->GmCbSouB5dxp?)Wtr6QpDA=KER!1k
z+xYvl6gqx!4(AhJ`??`?%xCwCI2!FjxU(8)ziC?)eE850P$qKZJHdA~PZqiqUg+{Z
z%Xd9u$M{DA)b?KrPVZVNd8^K7{0u$&EhY8=)O8k1i9^$%?zjN8-mQ@EZa3afm;~Vf
z0K1EAJ0!e!Nr{27a|@ccONlBQzy50#?0grQ|52E)LxKmbocOuTJeTO$KDL+cMbFvK
zI;zsLKZw`LIe>=kcCDPVYvtbQQu0D)!N~lI#wia%;`=%}C|_t0-alc*)_wuxXPo5s
zwOhU9H<A6zKz@eEeK+F`!Y9WcLD^L%HBeu>hYte}={&B7<x#p4{@I6e^$<E}zFi3K
zdl=<TW2_0?s~<+nkB*`2n88y;jPBA{7T@^!5VJpVGPb2sgQr9Ycm5J(G8WsAr8N?p
zGk^;gpwX|VAiVD+(s=>lcVg3$I)hzgtcQL1G{(JmqEjoT@5np7wJtgyqH%v7f%%dh
z<I)avdN)eRC7`*L+ofdlK}gUT&`y-a8`#?&&9_7H{UY`r^m|1ZC-4N;e7j?X&U6CN
zr8gO}Kz#4&S5W?|jt+pw%e{9&;x;k|1?|Wp%-BrQPhw{zj_I`jvgj$|Gu#5&5h5S2
zfOh1I!owLE`7R%p_MlA44!n%C?8ie!+dLok@=OQuL+F5F%}v_Bg~gJLdjqrY<@wFu
zFg|b_Iy(&7j6Tg`ldlY-V_sQCAN72T>8jH@I;tl@`F9Ea{X*Dh>)x}p#aB=F)7*zL
zNm~lqkwesO-m%Bj0fety_c7jhK+mHeYKVSVwN>gu`6@kg=ey}MdwEDC1~W1F0b$(1
zJM0+m8)V~tvIyfn?QG3+w#hF<AMQkXl|lbEjP%bFopFy4-uEX%j{+Zd{VAg>39ib^
zD6i8EKEFo@AG(vt0g(yiPL%h7cI0_dU#Zlv)B@LeR|c;7E(S;XnU<fsP+o1&@ZSs?
zzGds)b4|;-dIUb)xr5R0>NE}S+VdV}(_FE2@0p55n-zTcxW?$ZkkEB2B#x$-y)f;<
zTpb<d+_?p&t?|BK%ngYRx*uhaVaH5+O6(-Dk!ScvsC^`5dY(u5OGD_O{=5^y+ILZ2
zsaw~7*nNY-%~BE_kmS6Xdr&)oqxboOCM5<0s3Ur}89*j-w6p-^<}XXhY7k!FfP2AL
zSlYV;xEK7}m-W8>UFg!F@#TIVoW~tfl9U7Bc6rxAavujz(siiqgcrD4cJC>>!-!AE
z9Qjkk&+~7W61E|9X6{F2aK50FY+~`yav~qqUVE3HhlKKV=xwfqL{^=^y)YmM2Y*_C
zabNLuy$Zjw_az+O|MdNrv!o<k0exo$?x3<=O1Mg)&U+KVsp3>~DSb07(NhdgW#@`s
z@6{|mI;E8DFOnvMOklftIJKe*WN-1xUeXusB9Pz0Zudp0XUhM2YLELdyu*E<Omm;Y
zJ>`EJdZxTUd)QqF54(Lwq(l?I3mrC~zM*1g_mMnT0dltu&PbPm++k<;2cK|sSH4r!
zz2{v=_a1J!QqM1MuAeOOC9aC`<&99V9%h2Pl<+PTuGj1!yQZ?bn(kS()paSzN>EC^
zE(o<jHyImY*Ax(Td7B~W3qta60d%=0LAgig!Usw~_S5w}XdwMjZes5uD>nfhC*?fK
z)Xo-yGrhh-?3^2jzHP9=SCDz69nPG-gsl-Mh;i?w;3RZzruPW(FK~#?DjS^n^#pd$
zs`m&azDM_ttnBpwoZ9yR^Y3%-zasQM@d3N@^G4uaI3bKX=qkWC86zIX?fURyDe2ug
zioVI&T?%KO<ACDrtz_$3=D6KEmf^M#F|JJjC+Rb3mwO-OUm!Zhz?fa5Vf3!!qojtz
zqojsTkt>;6F}}PT3f5OwfxKku_%+p2q1**r?Hz;`k~G$(@v9qQ)cTrBKqmBlR}g9m
z4-*;_S_6#P<%2P4`d3##x#Yb1rE1{mo$wyLDtxkljROF;x}S`N+wdpc%%Au+qJv|1
z@7C^nuW|kq`^54N5NO<dO6jEX4owJ4<seTfyR^KcUkLA;05YM&atEUWoI@wUiOSQ!
zs4i2!h+NTi1yi;xG&k2IT#~f95iVLEc$>ztA8(@Tfup-feMARB1(Yvcx$-3do}N4N
zK+*bpd61WED_=wUv_yi{&vMY<tAO%mx0Lh&zq-i=T_kTQKm$ozN_;6dBqbQ$cjC7a
zSf2)~f5rj5FN4ZU66Mc<c4SEzl)o;FsjUX>NFhMQjtVFzJh^=WU(yI;P7RcTY->^K
zziz86e~shAfGB%|QgSlD<3xs*c#FHL0d~=KTOJb4cR{be5)xkGdj_TCz{ed=(DOQ{
zP@Zh`e@Xx7E&;T1QpRtT@l`@%4Wfh4TRTnH3mL7Tw2RQ1&}%=<AJzK~u>~5eZrsd;
zo3!OywG$`@>3w_Bme*hFb~l2szMAlGP)aVbLzfFQcXKl&!46%@5lDE0ko<iL9X~?`
zE7|CI-!tAfQ6Bhe+}#MUo_o`{Q&{K2``%!EUQ!BO)n;9#nYs?A*!tTPLR&kW3A}@H
zh|so_(YBY2fx$maFJIJU(o1=e@lFNln}M&A2j3r%KGzdoDqa8lUr_!EqJ!ul?>$Rs
zyq3s;_nxI&iLL7>gRlhGY<-^Ityxmis8@xTXxDCi{+NXawGzsMpF?!qPjIy}TyHo0
zDh5+ZVXj7W_>3{9<L4dKl^(mVL$6W^i8oT{XbwursQ{0Yyd6Ckb&<Z1KKgeum_Me_
zF$Lg(YJdksfCqfyn6By`dlwAYyOxw|Zla%}g%~IKwEcnN^w>|!*}Ec@L!V%ms4afI
z4EicIONqWQ;N&JrNq(x7<nFQc(pdOtkh=>Ztd)Y?T@2yBVz>J(NB5q;6m{?6>!svH
z02TB-BO=GsAt|-YsP`_Ek_9c(>y_<Iz0C{Rm^3e>I{Q>l0m#!pYEV;+^LxxYML3Xq
z%sWMjK<+X2$BD%t7np00(;@j+;|}ZZl~t~(v9t4T1yE4ZG98l7z^L{2+CcuEB(3h*
zR=(!D+ltpf53DBm?AvBvLvX5o09Fev(<y!cMY}jVG_c==y9(^kkjA$xgYUlcDEoL<
zuQG?s3%D1&(D-r>2X)U<*@6eEd&=_M(Z|+vdloH!>3fr)oUWB#CMBD9+UUI(q%P&I
z!d@%v_e!Ch%)h;$9hm}b-EC@%uij^aE}~QJoKR5G0dUHPC?6(zuhfFiAUc)HNS(G`
z^Bu@^y>_56APux5e>3*4So5>^X`rmDx@SxmNM&8m+BEk-0mk#@4~*%0)TX(QS@Hqk
z#dJQ*?b>eB+%FbjeCW1kD9;VucF4G=I`ePZoGa$ejn>Q*W6F9pDh5NM5?R;2K@G;D
zV$HOzesNu3qZ*u<3#V>Ye6iLoVkoGl3uM7BQT(D$X>AqPwkqqQ;@VI|T)O4z_Mk5o
z2nF-DyI$S0DHQQ%+Nby}@@-jbloF@iC@L{=TH9g(XjY=C=xbG?QE>*VYlavg^~6L)
zY*CdqF}9^m1yDD~)L@j9Cf^y@7KJwI@%RJ2n8zbVTSKu~Vsm>;q%{u%UMQ-8Sc@7F
z6~AAc;q$9&MN%?d!3;4L5@Ri@nA2d$DB<yt7NQ=Hc$Ij|oH=v8lrE5NkM`H&2?Pl~
z5jEBx395cE7z)k~5aQD67)CSah@#x0ib`{!H4xiEYGUxB5)=c$XiN$ER57$xRK#d3
zLePx1H#1^|){3OIKveXrZ4uR{#8m$*Q3?9R4ayd=SrsGdhR{aUF9w35BCc(ZwMSHO
zqZ*+-3au4y*b-|A1?ParGi{DDnu{n&%f{5?vlYRZ8flBDF*PFkT9n{ARrISd)fZF!
z;%qV25{QZ$LjLwvRrD!AF%)d2$h3wOKgA^$qO2CM)Y3-&7YX^)Xmk#t8-<N{JghzT
zMbg&>T2(U@AQTC#3j|4eo8nuqtTVIPl!zLPvGiC=20q%}%<%F=RVCtU@wA3~3gO0R
zj{F2w)gLAFH~E+48(bX~H?&7%q)TK#g6pDY{q4c#P&=W%8fyvp8P(Q|Tpf5kN-!9T
zF%&$WOtor^uz|w3GSvJP)fZ#%>o@t;wMu(y?9+e)8=EM}%t+pxoLV*oT3e~8`Pw6d
zY^_^FW$jwk7o!ZlQE6>gqhfoMaZy@)i8@I4+vB+qR<ZWBR@I8uh<N?8urj}AL@7xE
zp`a4kLS=%~*i5*!RgJ0sG+(H(SRlAg%wLXnf(QgjGx{5DS6YM01~p%Q8B<t0?D2d$
z*tE2(n|*2<?U9Lei?UHA@M@b9QDO!KO#Df=Nj1~lVzedH-s)%IX=%<;BukX2y3A~0
z7Oj4oo759g0#S9LrFEueOsthG&68CN!$aKE5}-oQ&`}HplP1OWH?CYMM$~9~YfRh}
zh_!^;W1<>~gd$`RZ`krV3g%g=w6^BR<0lB-Gy=1ZSc{<89#l8CF;$dngv1%sZk$2j
z4TA^k)R-q4479bWv3&M(+MN2RNX%ecC>o&L(3-Am+MIdWHkJJI2cm7EsG7lNLwjp1
zK)ByvSYkOx#0nq~+^Dn${Nl!#(%h<wYpF6JWda-8LJ`s>W?ItK5_1z}gKd=Yg@S8a
z1HRb8jKL%J!2B@VVg03i5mVQx5n@9kYPdZRAyVN}f-_>Is*P$SCI;1YN-VI^=mg>0
zXke@Ai2;}iA+c47tfN_Gp;$-^r1hMSsyT6OAZD@e#0*db{Oab}q(;Aq3=nCdWHG$}
zzq&RM%*boH62@32RJ6T0>Wc*0C?yEo7G*>0XFTNp=lB?(h&9uq3#a)FOQvoJ#B$);
zwrpnKbJ+LNWg7yqm>QX5!jgZ4Z-OCzTK=r?Hz<*)8kv&?;%iZT>n$bnz-NI(lue#C
zl0I_%Ss>&i>QjPnVfZvio_toBC#Y_YdDM-Di5d}Z<aV;~V4X@=H*&uXkTzAdg6D(J
z0wF}UfR8i|X%N;}EVNz?UKk$(gf^A|9}yoDgfwOW9|@l{2=nK%;6m-Ow)U8(MG5*_
ziOVx0oqeGVMAvxyAz#|1$OlI|?}>#x7JFoYTct$S&+&MoG2(13GSq6QJ>pXr=a&PI
zC#uGxF(syYd{n!8JbByA17?LIbTB;8k<vX3n>_gXLapr^h{HgjJ;U=`13@*DJ3OE2
z91B2R{3EKr-DkyqBzg=7%vT>B^iLdzJdGNB6%7Q}wW>@*jKEh`5c-d3<_$`4i)nsh
zA+bG3TxGE)Z6v2{^{4%M;-`umLJ?JrwJ1Sq`e;dN?9zotpo0?hwS*!g>cupi%6@pL
z;WzX|Yl!NUeDG#oPJMyka4~@!gVY96+Y^Wdl-9sjRcs6R)>C(c7*b|9O!!r7k}`u<
z$)=G?YeZH2WWJ&X(`I*$=vHT&RYs}1p0PP?1`L_Uwg*~cfnd6RV;Cdt!B}8}O8h_*
zf(@-dq_SEzC^27)wSPwW(1teRP?6H6FJ(^OrupYg^AkVJm}$+JHfJ8SiPNH@(O@<#
z@k0%SKI@t5nKut$O^Xsy{o+zqvt_22nSHZ)ufeh-!xPdG$9z*H6kJFBgIQuMvPF!j
ztPf0%2?<3@C-cf30WvsWiHWVM5>4A(B_?hNMPtySM3q=9QZsX*Nd5+z+heLoorY}x
z@Pd43X(-gj^l?5oGw+l1aMY)?Dv=T8GXtlF+tr}YDyA2N-=MU$1%m57$=_ghIZLYY
z=@$!e>Ac#fw2B**NPx=CjA_vsVnki5MhJp_u~}V9bb%6$2G#{F)7A^(YsGWM^`W3D
zZ)sCM!Bex;=kc^{+3aZ#QmIuv1Z`?cJk*vL_0kz704z%@vFI%7ZyVyB$G#0WMs!{_
ztg+nw<pnYPS*9Ks<4s#L5}&c26V0F3uQK7HYJ@2)Iv>sa9+7|3KpB!}%l91P%beAE
zLJ<#(Ol0QmhQ0Ba-$r=E_$DQZgJGHHhkPCnODEk<r?dHO1}-x{&eUVho@qTa&St{X
z{B^CNW`)HRJm!Z1Li33sXpg8Y-}uPN&oG{ce&p0|1{ZST6~p5y!{RdF2}C`<P$bkI
z3j|3Uri#upE+fcCUU>xShY&er)dKTth#gtGmXv7=(HI$IIZK8=Fw98;0Eg{$;jrzX
zFpVGL_S*iJ+b(=jxI!ovR@$c8VzyTP|8aM5yZKu=8}|%P;9ac&CAuu*K+|tI<G{M8
zNzWv>Ol7-_X_+OhA>aCCLB9!Me8(bNSPK1K#T3|@m=cLu>IM^jjiC@N09nMe{JWsj
zm7Skg;B%dd^tU;2&uzz;^yM`M*7O{KH3$8I&SVB|ME#U^l4NZ^-{f(`{8%>eE%|2m
z^G=%bz~|0?^W_h7MsxCqW0T3xod@R4&r?C($?*vJ)_LkuX1gNGtj3e32cxk_yDt{X
z&T0xoR9`HxQO)7!CSxwPEa+dBhkVw2IZyY~`BW70)R2{Lsli~wG>%udhBjHmF#V6D
z8{(K31xtQDai#gDxaO<CnxC(N6+z-9D6s&IR1v0(wr_}vHFGyl+bnLRKdxAyEKurv
zv&6ZZ>wI(9`s){vpPyZ;IP03{&lIl`YnXDJB{F3>iv^HoiA0CaqPBRJXz0zE=EUYY
zbxU4)XK2BQZG2yE@~o8>*5NQ6g$qvFGWq$1+sw}mLXvcKLnyK(!*YymE#K4`$>mlf
zoyL>bii~l^4eEwwH4+u0?Y<UKiHcFRb?qEu3YPYk)y-|K0bd~2x`hS-)hO|)HU(lW
zqNKFPLLTP))X0%`m6Fu0D*oZpLekqJYE%uzax&LY-#9}-_MIlP@tql>HN?Tn(}0Ed
zvZTXIzdlDNW$|Jjd0JztZKJ6*v52Z{$kd+xHc(^VBh{9bpT%#o>l*e~S(lx@r7dd|
zZz7XzO9K72l=y;c)k^cPwcJI<-(vII_|a&5&oTbi=HP3DgJH7qcboBdu{qyLuTMnC
zFICwf(s_4wv^euG4bK9@fv9MP8I1ha*3c$TdoW=5YAj@6DNnzx>kV1cI8dTKHR$(5
z)M%)6qZ$Dvx+Ulfgyy7uGh^m$`cKX6F(Zhs1VePe*BUJYSk$~FX3iBC(>S%SMP>2o
zP%z+AT1SXu=Gxm_`|4{61$?UcH%k3gB^tG=2GdWa>Fd;3Af|2@mhU4<%@YWEViCos
zHq+RPHC|%+i^kk5O-WzIZW-V06m!3tL%<RIano1#2cmR>X8H%&)C2H`nBQu~#tpp!
zYLLzA)Sxfqw+tX@dxJU2BHsoNo0Mg-N=g%!Prow(Gx{CP&?g<lQbgu%q{mkb1Zg~i
zajgZO>bcx+j~eu6eMgB111wq_XjK;jtR-w4jcsYoaVQvX`P)e;C8mmuf3FnR1|rdz
z81k{TOP`tz-ySrUGem{>+r*#uW#W8Rw<p)n%Jr*qO-HU@^=an~G!n{86y*UHRs#t5
zr_KGWA0V(Hn{FNtoBHN5tVqZ{d0KQbGsogIziFmL8h;|Dnsm;b_juA_Ix{}R*1sqX
z#A%uJ<(&CfAj&w*R6geXiHb{eL{-+O=d(({VsAGnU!nYF^5BL*kbav}+2Qlppt{M@
z$zVt{O{Y4{__2HzhB30uu_J$@mN-+JF(+(eVZUMP9=ZN4v%i`7U|U388`x~dFNS*q
zEZual%x|{vn#s>ZRM>ZV+pK+6TO3W-^$ddq2u^Sht|7RS;O-FIT?Tg<!i@!Y2=4Cg
zB)CIxcXx*YhL`8y`v>1u2VI9%-L+~<@4eP936Z^+m>SonZRw$e6Yv3a0ZZd5Jzz;V
z`n09D##1~xKT%POXQn}VVDigxG4x~J7#K3v*2RW<i-9k`4WAZppxpNw`I3jVWUV<K
zEI&7icU-SoXHCBp$#f9DP|)qdOP!!-mrrOztM}&zpFp;a*W1t@a$Z_pq~bI)9~s~I
zCwn!&WIuNCHEquNVZx&OF@5~68piV4DRbSabrU;02a+mk<<Y5Nt0k<P`g>l2C#o5R
zCqMXjk-QtDU5+Kf+77IMU!^J$?i><vm0M<~IIqz<^V(x5kpU4OwFb9M%wBCVsxU&h
z5zzd2^k8GY%h5F5o#XH1y6+G-wf^Q1Q<*6QhMii}6YaFmLG>{P+B%<jFc{?1jhBDj
zrtWTvFmDjlDF6c^4;vNYM91_NhNA<_w~goBJkSBufK-8lUwm$T8@8xZ!9Hq+n)T%M
z_&9%RnPJMsiHi$>6B{DdK_L5Ug3Zq0X+LhStAgFtC+4T6PqVwGMov&yC*GY&+-7^6
zn_fdV4dF-Q7ZIOY>kyY2g}dzg?D4Beh7-IxjoqO(ZLP6PpZ>pA%<&@nXa@@KR#-)-
zcVA)K#EJDN>qukVK%QlZWIkrJpK~>@JmgQ`cl+4pRThiVrJF9!&?-uOw<Ku`&MdA`
z&5f2*XyK^fLO_)@;aV}a8jmkFI<Cck_fd@rN@aiHiF5G?a>*rYjn{tcwQYrbS};sF
zM_A)|l;OpU#agj+h9Yx)$-z4LvNx_rKT;8EQ7ko=8p={-folr$Ra=%EnoP(NAkTT)
z_pU+6t#DPHTKr^e!l~L7KK<dTcg6*iC^?%0izFG$+tB+D4S|<gh~sYDFng>0pR0x4
zqGG?`j^%jH(bx|TQqxmtO|%m$Nm|5S=+{ko?l#e=CCAST(p!gSbRvM>2$r1aMMdwe
zTbxUoUOzbD{lCWuACeI~fIn-U3cPv;M@bCj6uH-g!(nMZmyXhwwk~g_>CMvkEe@Fc
zyT6^joK5=%g?-*579Te3s*IXq6haplGXzW&fYY(RV418)m-0;B$4L%<RHu>s7irl5
zm1rvba;Suq)<=kHxyvRJMQ`DhO5D4@bG-jUd@ZNR0ZUixkK2&~&Yyd<@et4j#;&bB
z?`DmAc(1iJmmzHEZn7jRP6C7K(W{))0PJEr)NCM+QHKS>F_o=9v{j+{6(euV(^!Hv
zxB8RNtUS}CLE#E5Vs)=cM8RF3qr*`95v_P7>ikn4(H(<5V_IDQ><=QgpMh++lymQ1
z-FMtN&wSszQz&XrKNZTFMm$1lcJzNbJZ)OL`D(i5*dO-)4c7%N8kM}<Ml{m1JDF0<
zmi5h+B!%@ZBmY{8n-F~B#7-m+C~T~hu+}sMW)u9vbWr;YG(?Q?eMM;wm6oYD?S+~n
zCp>|K`y+ACgVcijO<4jbKrVxP#c8fyrkY|%E5EE@u*Q<~*D|)6Z`NEA;d7>vK@Oa>
zDug5HT<K8zA8#(ye$;+(h&bBtLy^@O`C?yiGcpMg3%MeopYKM=f8dA3QKqw7O1cMb
zK^b&&t{0k1X)x7FeT#OgvjI{>#euxN)k9?2tLri9*=!Ag*RqP{u{0@!Xz>;dDrn72
zl_t#86I_>Ev+;bk%0ac#qEWwO#m(Etb#%qj7sJuLLx%8C24=_ErJt`(=2+gjra@pk
zpO-#t?N^I~E_s9+&w<M;9pYcgB{^+;v^qPLkz{;Ce?Ks=^JF3-|D%cYoFj1w8vo&d
z?+bm)TV;J54x`E1_J8!4OMbdwcffxkZbt1&V11jZ_<cWBUG3CvMCZZt+8J~*W_{wm
z^UUplAGrr@9baW#95NqAV!rxga|3qcS4`kw8z%=(Hj4FLyNq>}YB85jeWdcx|6EPN
zENiR4pBxc-A~vv*7Ut&wTYk6Fa`zw3;7jX1cUYSw>c(hGoO^$#6?PB2XQ^8I;6GSF
zsBY_LjTpHZP~-m|M^%=wxj-%Zpca!uwH!|;qmPMCC+wZwSWt5(8Mf8x>Z0d43%i)7
z|C}uM!A*R}fHyQ`Pq=dg!lK>-BSF1hnbm_9#B=_0=aQX$$KWqXO#3K&{{bKECpyN7
z=!!KB8^pIF7wg+{S(<3-$@r;yYOepY4U-bHPugPmQK^wgHZZ1kQOs-=o*x~_C3=^4
z>bAQyuraE@A4C6V|A{){zx}H<mz|#054-yuYjQlC%EkOV*)4o&t6NXm$^5NXdwL!F
zW5!HZGasc)*E76sebzIWezeu97~P*PEuEw*Wb1nGl$kG#)-MdPHp{noMx7e$>u~uj
z-6<ryy&fI;y_|Y-{Gl6)j+wp_*m>cu4V~tm!~a2S1oJzG2DGhl$>}rcpKIq4rkS2i
zVn<=7JQ4m1t4d<hvmLu??|&2+eSD_bsm>kP;@-K?qV&oBUZg)SpyOx2U*oT<Zc!0j
z_Or3?)MDB~pgC$~sB*8Xr*ccvX~B{8T(&Cu`6Ew4dty6$kt4bT-5@uYS@P{7zlJ1R
zB&K_aN5HlGd~0V%LJFryf_4WNQ-1jPwHF<i_8rnfzs{nzBVxRe68W_0M0`0X+0Fie
z=np{y8;0f2aZ~(lHKZy@9eW%U$wvZuEqHArlz7PI$jZ?%7TdOV+__R8#g?uR#j@)f
zF=JZyf|f$1DJ)34vHre(`JS4c)O;zXNn&Yl>(hV$NvGF)QpW0e2Gl(7eG?QyF}k@x
zx|&x7ygme#B*BsJa)-qv!AVzt++Jq~fM1+2AEFU>p~n>HkqDRwqzB2M+YkIBdw}X?
z*VA<LnmW-z(-|P%l3PXUH#W6Do!JPBThmupR1o2q=+Fqjgtx1pCj8XyoC+IUY$w0w
zB2cG;e|{0@?&+pyhU7U^zJult5w4E*7wB;@Amv#Bu3sK|W|Q_*9WIJ(ej<H712kEX
zB1sF4^Z%uXfX4Y1Nf8|Dv<LU{0d~TqU{Zvdm1@&TdWdj$v>&zp+|?pI1i38wQ$HY7
zgEajYaJP}a2@jN^TWqSt-UEX~OAT*SA6l^iYbqCNi{Oo1%A?n@AwEC(&uNbA`N>#-
zp7{!c|5PDGCDC_<0D(MyGA0CG{JGj&DhP<3v@inT;IP2%j@9Er?B;t+1$j+(C29GP
zV^Sa8G!5X{C^Fr!f+RE_dAf4;!0h>tsb9<AmkV;dFXyi!0b#c54-!0e>Hm){jgu72
z3i2#b8yp+~n5?)7>LMyTg+?a~z}>Fpn$G-yAbXs&w3GCBHAf?j0AC)COHx3y7qhje
zCJ-L?W8OOxNV><-qAPpPl0H9_4UyM7JNiNYBj)q(Xg_?=X^Y`t9SY<Zl50gZ!0PxP
zyC%?aGKgPTANa+sIr@MR0PQN>xpo35Y|J}d@Iv-{+<d_#q8p$2S;;Y!H!AbF$#VAF
z`Ozbh9ATn^-bj#FC(=niK!(WdRR}Vmmd<rm04RDs<8)2~n0TALx}*U#k)L=%u_4f6
zS65BAK5Tx6a`;P;%AILh2<cm8z8_T&vB=!jd^kV~<7klwYxA_8KP%${1^K+wG&SJB
zg<tp!GR1vI^dRkfFLwUUsvI!OTWc^&4jAp9vvWNPnDDRI@ks&B(z$iCq8NFo4w7mB
zEED*J4G<`@7p~?QAze58%MyTt*k~3iQS#%*j1P{U^O)QUh`h=?{~geRP7OK#Ybpgy
z^ouQWe%d^JC&>0->^Ub6as0;#ap6JV+Oh^r=!VwV^Y>h{VQh^M0w&PJ4y%DBM<jpo
zZ2|5cXt~{ZqW)$dva1kkNJ;*#rGQpnb|?k?_<FXo(Q-LajRwJ?mx0;<B*YNMc{_+H
z7-Or64<N8k{{6xdaD2w#YsA_!{KViJ^r9d4*QW}=+s+uQ@Q#sgp<ut=3sMH(^Ll`q
zM}hJibB~ySD(@)r<v=v<`X+p;w<U_HBH$pCp<@u4Vk7Nury}4jlfictxn^eqm&_gR
zw2LEnFaz*>A-`o!*K^&j%G-!;biBr}s)ywGc#bP<faG|Zg_~6Y;;rEbHopPx>N8{r
zWM5jMfKxGQcDitz;x3+59|2D=Z<OZ)(CljV-@qq8=!Fs`Ga!~+I=2O|c?n`j!~-n0
zsd{qAT*w-)z<nRYU9SghT4|y9-~rSHQ~ws@0Z4ql1k)kEoZ}|XfgU}IYl_G=FVAsh
z?*M*RxahMWc~AP_gJa-?aN=KWG=S7Y!DTHXBmtxN(iODzhP#Xh_t>5Aw<s78`u@<x
zha>T$4i><J%Q#isGDQWhdvXT<O9I@#GOW7Oh}s39co-sI&cbko-D!HZE{c`);3>$Z
zx0)mX;M=0hMJg&0h6a5E$H!V+{%W|zmp9dxYeq=@8(T1}9N_-ugW{owQ1f<$n?>#T
zmiG5|KcFeQ!12KZvNu_DIoA((AW_^Jk%W}86;81NA7hFf)8T8L_HfB!0S>~+f9tV(
zwnPdX<56>t8gaASfQ!PiTdgzzKkoO=2Y?h4rUxhRG&}gv5OIo!*y-Xc<kuv{ydGN3
z4oaV)A(}Efxk@)tPZz<}A{RhSKde3()WAt8+(eRdLDZ+s1bA7Xv|$3cZ-gznvh+-+
zV>ZWiXG{6s=|Dh+q7^OZJ#RF9T_*q&vObputmhzJ4;s-5!mIft0Jn(Aq^t=(W=thK
zZxPjm4#MSt7Ur`iki=d>uo=Z@uo;uQ8@Rb2im9{#sCiil+qQu$lJ)6ofrc<X3)c|!
zwBkFx*+5=nD6(jugu)bgL@O{<=mN6EU8{gKLQw>|AZ3e1Cx>!kyL7f4+GNe?24ukH
z$>fREK>o-_^1I!G_Z$4&nB$&8eYIl8+56DE;gNLZ^WS*z<-*&O5?d6l%qKH+u}z2h
zX^SNc6^qBIJD!st#xgz>O3VKF9b9Lng4W%LkUc(YkmNGF+_E;HWy^xJn8-Q-&@%z_
z1kXEhoJcKsJWBDlK28P@p;ckW8}<SP{pzDvn4frbu2Wn930*n)8}V;^pR=b*gJ<7s
zNDJ-wS=fsHGx_r11Xy7Oh&cvifIJUT(_om3y(FTO_^#A@f4Fp@(XVlNG#m7*`i^%z
z_VA%^en<2SU0-i*_Q#ZhXx+&+Z}B<quzhK-00&*Xc6Rlbah{OUW-}{AE5;juP&Zj0
z&yUvD4F=x=qhTJq_Ta*e-OrM}|D`lt0igJ9g0cE<HuW&#F>=Yym@7a!c={^P?s1Kz
zKkP2#@<fHqXcLe0LHBU_HtM@SayeLLcy2#ta;Cc=QvZGba{R){YDGtI=6J|}Nk46=
zwVz5eJdbSbLxnV>W8~#&oS4GaH~@Da*N&t_?eRx5LSr0&BQ^{l5bf<6>BQGy3#FZ8
z8~vERM>h-Vae)&}%QGcZ8eO~0+?JALc?$9KnEnUG^Dj3d4)jk81lPV;*e}}wz?^S>
z_VLaUb^tDa(wIM&&ajvM97KQ#Hw6Ece|-ew0K?xD@%N=s3|ddq#1vl|d-udF8~lC^
zTF!Rxw^idnZP~|d%>lfE@dR$jB5Keh!S2vdJb1Z_ri508-cAD8vxJX$MTshujQ!Fz
z91yXS#L2t`ECm?7>5!UwS=I2*Boz*@>CkEdE(df-$tTqY1iq(%5CH3L*<Bx}QLFI)
z9c_w(O?sVE;?S2l-frlFg0%qwOB_i&)&X+P$%FcS-*<qI=%5yhxBaI%TLpFDaVH&v
z50|c@gUMK~2)RB?r6)}M+{m~^q0fr_pYhqAES8!Fm|rEI&TAKR32so6H>x`G$ymGY
z=S14Rw%j`w02pM-e%w1=t*capvi^!O@IHO066tFDDh$nykpA6Pyt`6J9P_$<H$tvg
z4XX{O4rq5(LLSzEhH6zY3E%rHln1yban^Rv+cB0W`~uuJ72TnowJ%wIPnVDY6cW3h
zj_$SVeuakhJVgM!g%MW$Bmnh8z7zk}ZSp%$n9uIxpg)(I=+P_>vEd$UuzFgRAo<r|
zq{Zj*Z)%3BYgccz4{Vz%8d`6>Fg{DxG&$A;nTauK>MyY$%@XBWq)<lmoG~a@dxb<X
z6C<!n@*sIRd3lm9-4Lr<)y8BUo6^Rlrdic;JXA_8W(}yU?#jP;&2^%$Z<c3%_i1UE
zv#@TzfQyS~pVR~62?N{e#`|TT>dyJ)=TqcBM8AAiY4koNbm}SU(TEL^m8JFEWtie|
zH?rf}JaHRAt>RC!1dij~5$^8!R^P_m1G2a+lw&hP-K<|Rll$cnESz%bN|<|+DZ|L2
zSfYf0<)DkIe*?+YbNqbD<>k|p4H?3F0dIE1DhJm6k9Liez>pP0%z``c{_|lLtjnZo
z+1<0Uri{b>Tcu%_w|=HSERCBeVEF;uDda8OFDSV@?ZDx9g?hNJ`oaOS<+%%Ce1euH
z-!DDTK~J_%cHmfw=2MNLD!Kn`V6Ir9acln`zeX8-wruy|Z|}=^s$k}n$RAQVWa+tW
z7Dm<IJtI%{eKvW}edS8lajBV5C&#h-!cFv|0JYH1k#I<I5PJ46_?YwGd^f`5W98&`
znqJ`Jj>p8vnwI_2+kfVY<2%XAgUoI|EO#+FL}ay`!gk1<XSJLnX2=bKR@Qz!c`Ih;
zY%wn~`3NnJSM^g9hl@H)EZd(It~T9JF<(wBb4yoYjH&bT3jg?1Zt2ElEcr0koRV*D
zbs%TDe_K(P62?(Z*Z&cZ#6Lg5&fJ`hb(IN3|C=7OM%8t5$dtdgMQa$ZOn9}oanP_v
zU_3uW%ZwiS)~o}3$h0}n-_P->?3osr`|&k><y%~vVkwM<3A4SCXLblZI{#!idc6tG
zr^)6jbuQ)hW={Me{8Os`!oi9zUn3zZNoP5aS$w{8o{pGxrhicr=99^LxV+4ZYg_om
z!6Gv&Dk`Qjs<O5RYM-4ws$$?mfydif$-}97d>~+H<?5xwaO%9se;$sYXm^2zP(7hb
zkktm<oi_MyfE%5+D_?6DWX$J+w8?<sGSgNP2Kst&hIV$8tsDHz$MM%o+U=TXG_6T5
z5c$VM!zUe7X3J$?O^fW%9mq&#XKrVkzc7#J@NijJjW&r&7M2QY)X1B3kuVu=O*v1&
zf__@eTzweb;mzlf>r?3*_0eB|YmL1t(WRiy+(xXX1i27ZJTeaFq%O(QZ|lxQ;|tSS
zqX{vR4Ap1yK2qTjS>}p&X%>t@P?C?gMAd@Q0v{IRo;8t5l^-P;Z$~kYs|r5W&JVME
zg28{je^OUUY^T6SRxu<cpK#GZiC=!)EDMZ$C^J%ak`g!pe}ntt2L{v6_w8OJ-Y?zL
z!4ok@?c<r2Q!3*a662RdR5m02mLF$l7Kpy@<*4cbR42UB0kUUrLljTaR$cyeHM|Bn
z+p5~C!MRm=TdFy`s5;o1M06Gu`)oa13bc!dxGGW+QCT~3GK$ZefEB3slbBa>XT|cH
z_EieIRjeJyObFE}*|8K^tu7AFwds4}@1ygw9J&E1%I1(ORak+^YXxu)ozV_bTFaBj
zAn|lnrzX5_xxL2qRTo-(t)7}wSJL)<ltHJ2G4xZ;>!Awq)XXB2Z+EP~i8{rv=G|HR
zA*#20C3r>dyAW?`F4&pNsTLg9aH9-t;6Fs&9O2q`-L}T><DP^Bn8KGe;=6A5&^|<6
zQ@E>?2h$I+DwEMg_zl6NXTpEVvjRD3;jCGHD+<md{rC^uz}<&<ymP$WEm~|7KExoD
zlL2`YF{D#uvr1EBtR^y)Tn=ok?95Gg^>g=c*vPa+vU~Ox!zlpXydcCya5_gx@YBZ6
z*dTfLIzRrtuGbJhIg%TuBo+iCv7TR`=^u9USd^aSeYgg&yb1^`qkeYWYgjy}@6TFU
zSNX22A|<f$MhEoCIzlUyc^&wCI;|x+fPLMlA=8s==_4iweOG)w*<G>^1YSoFV)21%
z?A>`?=Y|pND*^@+Aen~GlMiexgpPi%8z+X^UvmOrA`2q%US9}nNRQFn4xx9|5NL{&
zUwpAggB0`<?l?rx#(01=mgbC<W2p(Tr_e0tu76!w@vY^wm{*mMfiX`H`;&n6X)%-N
znOtY?z}SbkQ@ZYSDRka{Pb0ZZz8wy!oRAGer4vJ-x1x>Z598NsdZ{0ZsC*f%;s6QD
z<zLTe&YgX<Tk^!Hae^sE-{y`Fy!yWZXpxMb-N5wP<gLv)e()=ryYbyu%>xao&XWyK
zvp;4w#xc3<#lyH_;>H`ST<7(ua&7i|EZBn*Zq#GMS1!x$qfG`1pGflzXg@siT^b|R
zv{&-%LIX4>Ujn2iWk&)sM8ToSKG!dys=rrt#G;&NH=?qPkLnkt@N83u*31L<ZW%_f
zjs$wTZkBi+wddIBrlyyO8Ds8;pSD*ErG@A}FUMp;N|}ChD}O#f6F+eVs&!M_Pa&xL
zA?u9vmg)8Usal_!4|~-Rwx7qZrJNp1zHD`KHeadWUy@2Dwz|pWXK|-PSgpIU7Re?3
z_(KLJgYVdJ5FiQDL>^KEPIPY&*G2sr`t+i3HSY8c>(47oZRNbEy{bZ;FMfJiVX@L0
zVeMFHU_UO*Qd=?mTGujzUmsIri7ky{i8_vmQOK<=_1Me-<68E<CD?CcOhv>5V+|GC
z2d|!XSLC|wD{QfkY_&#K<e`02PI=<xpPo6^Bf@WQ;qs0MAq&TG^Qu<gM3M8&dH>Y=
z?$RF3(Y+}zHP3GH9DRS|`YM@hU2-+cYc3+9Nas(65&D@r9i<d?{AzykLABFU1>kwC
zYTtATOdA+Swrbu)RoEBtS&nvozqr+FB1KKi;MF;*1KqaQ`R{T(y4k0h|0p(NU!6-9
z2wK^4NCpgvwQ#z(IB6<;mpx<?=afH9?{fbpX6E2uzF{^tG)Bwd7xFQ>{?0A`va&%k
zV`lPl%|dzxtD4yU;DKY2KaPAR8P-{n-`P^mp_DVite+`tYoJwJ-I;%R%RpXh<#tAD
zXULI$5whrkoWCI{rb>SZ_l|8w5BDd5<t49iC}+;Jn|4RBi7khczLURB{vUoX*1Mc>
zOSG~{l)K@H?tc(eh7_^tK?$h;^)c|e@0)Y~-)6S<>&tR0i1O(Ax8s?>I;<2iq}#2R
zpX7e?#K)0ImdkKkrgFy0=ITmENLZu6ag;5Q5_2Z^nJYPl%Uu+8?%F}Z)qeg#!p%Zc
zIS<Wh@++C>>iPkE>eh$dZ}bI~Qp0IYd6&Z|#=9>yqI0^Ka%Sgd)k<UbH7sDZDCLlV
zlnm?iUOzd5=NIX5ILqZ1YN17=QTuGLb<I;{AYyvA-+UVPCg$E-P+;6riWpy9)9FG}
z)3@Je8p#inAxJIsD2z1i%qPbm8;Eow`{9RL^)myr&ME5gm+7ldPmj;9aHOZ&CaV5r
zIb;J+Q<L`UF8WX3L2(gDpW^0L=Rr;y6u3ZVfKH=ELjQ}m7wtmh=hh99Q{NX|0b8RB
zkx;<-g9xg|ok+7`kHoGrj0gV58_Y5{0@USkQ*RnX+o~Opp%#KAypti?By}C|tUc5S
zxynj>eg67j`FOH=Cw6TUGKX$Yu$sD_SmdL?_uS=vnZ*p03ISxxw~_FZlM@D6DQZ)U
zeD<L)%(QhXZ=})mhqxa_e8xbkA~X6av}Vh{{0hRsq5Mp>#5^(#%Q`32D!gFp2*YLg
z%xsM3_5gp#SKUsRJq)!`dicn=YMRT;l;Vf4<Nba<DcJE)C0oNOwK#sVoD%;)-L&U%
zr1Ipum5JxidahczxLZK0e%PHin~P4Jj$KNf=B)6tifDHWtJ)bE(}mq9l^h^B63t=9
za^TW4b(54e)HX%SJnKDY1`<hC#_MLQr!Y%ZGJCnt^4rSW)f{lqaW0)(&@vs|3}WA>
z&dq7BPiNsDxl%2-Is2&wb+XqE&u46&95d%w^6fBv9Q=Bs>fGnscymXNDOjE=#}-k-
zNNLZ=znrf=rWN;XJDm=%|HXe0sa3`3g+08Dyp%FZ2I~mBCRSABqAk1Z(T3&X7}s0(
zCe>eD$gnW0T7|7eRoZ9J&W2WW?pS+fr594cl_Dl(`gxMn=Cm=~%dH9e-_V24^+k2Y
zF%RM|jAEdf1z;|nEfif_M9aaUytSVypu6~aeyEV_sqU*PD4r60cFsVVQ&HT0Ir^35
z{G1`@TGis|X7Pdav^~|2Z3YkB{?lL1>yL6u9zAUkHUgsR^^ZnpLMdV{J5;Y9D%W3N
zqgr&MT9FgmfddiuCoUX;BT{UkjNP7O7W#Z>V1qzLpd&rb;<_WBYvSY|8EeC17;b==
zv#F|aRQWt%iOVdL!u`IuR|Jg>MWwTx2>g`v^PBwUjwM^@R~#h4{1I@ZZP){sZo0|R
zish5r8O^mQTW)pg!U4-q;qAw7{z(-r?Zsb4Fi-v#%r;^pm)rq#yIlAZN%5}?BEBlz
z%d*C(uIke7BxRpjVYs^OhiJT)oQ7A1Vb8Q?>eJk2Ove9-FOQ9=;5F13IzBkcsGU|G
zi0>G>@XcezNkkPlj-$tQb+7GfRi>~A`|GRng9=3_C~%@m?|9++KJl;5dEVc&EP=K>
z(lUi*rxu!fmK)7=7yqgh=gT?@>PMyGA786)dIMX*dg!E)f*eEUmZgcTA(J0}EjIc8
z!OtXoe4PH?m-Y?zK2`tcpZmU%>%N?V&LEz{n7_^=+tPa4KA~?TI7r=?BC2qTk$`{x
z-h8g&;bBt#*RjEWnG)Xrl0?~tcZc>X87e)*!)(oM8*tkG<u~^=55(>AtqEP{`LEuT
zsIK?D$f<ZJ#Rf(Ywj>V`j=jcrR1^!u7zHSK0EG^ePh-GQqlE<&U0hWa?V)q{ZV$Lp
z+Xo&GW5t&5)cMu(_+^*q-urG3>MHmLH5PDdLWPW)7N_6t4SxF07BX*&KJQI!O|NEC
zL+`mppVQ3(6!P^}D4vOJ_6CUferT~REDU=oC=HJ*jj+r)pWxKJ5X;@7+BP|0NQ;K!
zA9CFW_uRx}x^HxWu3^RI0s7^78&pWP_oI!^yMOl)TT4~Yxw(hY#+`E-6&*@b_S##(
zvDre;T?DV0?h`$&#J~3jXie-KC_?7>(@;}VLP^60Y?CaVy#kq*cK<RRJva8#9Ow_1
z+q8zA7)(za^jTjo3;ZNvB^W@Pf@-pw1P0HjB_0IRm-UM$;0Nne-b<T){MhrOC)~nt
zsm9y#cH2#~wVtiujmq#6oJqb9OFsw&RXo#VcMmMV9=zXm@C*+(;kyR*{Is8?9&JMw
zyy4u^?g(MD9yhU~y)^^5u;f3LN7rRcrYF_aqBJuw4{FCp=z47B#_MWBTu<=7t|^*N
zDGG0raK)DQ;XZXL4^tyl=P%(tR-b|D(eSJ0e%sM{k3xSdE<aHkY<h^;NWmqU`@LRd
z&dU~N{IZIUhQCj~3wB;4A6!^}+l%lCEC`sC-c;5$r0334!k2<W8inSagHEJ?q0iH;
zl0de*d}2Nn-sKnvDE+21d~}gT72^d3qIYu*^ET<vWQ8x;4Ia3$+~qMFIN=>0iAn-<
zqCp)~??Fv<=VpDpQ-h%w+GmP^cvn6i6kgtPrPaF+-7(1I43EdV*mAmoh)r18ww#y(
z?QDswZ|6o1nO(eslP**j?iTT2QZ&8PHGF=;*NL#sD?AUc8Gs!rn)>A20R46qO1IJ)
zFOhWm0=}D6A$=a~&??8xz;Jf0<0TA={x85kyCr7mxL+G*X}55?C;rJV_t;9P`2$zV
z-3*WI$4ltX@)O-Jh^YqtZhi~c0Z(&xYaECKt&T>1)=^|cAUngw!HbZCEAPML#2^yA
zlB%SiU%E^`PH_NU``ID>(@CCc++UpI+OmF<DDCV{AnvmsqmsrLM7UJBOSLl-x73ud
zCC<HNZbe_Ff42eKa$jC;cPS$bv!I=*WTMIcz>X?r7fM94GyF$4q5Zg|=D(|A5m7r=
z)52FY+)!FxpRuaP8`F9{mJlZMv%1`6I;9Xz+1=VEI&E!9!zwq#cmBI~4GcFDVclSU
z@ZxQ9*E^xRf&jH8+18d{kZempx}Ity*MaVh2amU@L#gBW;9#|JpD02}VEg_?@adMp
zun(DAfXON@MJl&_4#m(zCE`@T?Kioe2fpN}=~7*_gvCL_@DAYN*I^_1#|?A?Bd<5R
z_DiEtD&XA%nadzByCN)0%pE3xp4xW(7SPHT1=1_e+lwD3B}Y=PI7Ur_uB_G_J~xub
zfKV74?|WT!dtDoZ69z#znh(LO!*K^=jmTWw<b_CHxC^i2`?RAbvbgge59%MkU~wSz
zJTVkJd)kb2d3iOpu~D}Q$De#|?K;o;?tLv_6*>T_w1xHw5s|6cxN$*W_**ONr>&i`
zX}9~mjdhJP<#*iu1#5gNk99}>+E#i9PSrNC;Zpkw4{E8r(E*^k(C@X*yI!vUbF-`8
zBf|;S{xLL<m<N_-hOQQlW(NQ8LKn^MvX_a!MV`jq!M{n!hp)K$^D|yH;B)Tgg|8e$
z*J2iE=NJ9%klmX2-igGGRK$E~Lg#3q@BMMyefSOdT*@D*mk#IvbPKNs=9Vfi*&hyh
zZi7*(UMfW;%<QNQ+x)3w8*AAbd~!BEt&+GkLY90^#EmBH{azey@;o0-J)=dwVhvTO
z-jq^B7ZY4_Pix%;qu0C<1XWi{9KR~-aF8p(%QxHJ5cvlTpyU4{ifq<h?hQqrPdj@8
zk$tM!3A^7$%ojNxK}fxzPlqR2n#FfUdx`E*QcTLc0Jm)a2+7>iRD!c<z7KZ31zp$k
zC;`vh{;+5jwS-oSvXCBT{Icuvz^-xkF{CHJX|*h3sm{LduzMJbCSTH2J7`(fkJ>cL
zan>@lYV+;a#wJ|K7~=8lnkjzFu|C>JqD@}FG@LsZ@f(pEiVyL;UvF5m%$%Ee_##Dn
zvr*4IAeG^QWK(A&)zG3Fiu;A7KUh_1?UE~s5G^fmKUbl5S7FzBKhyfgmimg$+@ylo
z;38a*j4u3m;Hyy*PyLRTN&wy9b7dPLHru}T9+d%ORHA*7A6DqUclOCL5{lL$HctIx
zk^QGT8Mon6JD#bGDKpe5ZvUWx^%>F@C|^Bq(xst{qV26Ox?@#QOgAd_4Nk$Iq?^yC
zY<tR0#1I@ezg!p9H;(DcPa98e_fc3W$-h3cLJk&|BAD&{$-v300A}k$)XF4ic96pY
z0X^HIAILH1{YxfvzpXI5_YsnBR}<=`pM$0C<r$3Frf2a1;}f)6UavWAoQ4smsKFk>
z+cthLifM~s<->EQ)O`JJ)^|ZVB-b4r_ROS17fSMXKXd!PF&Elf^0&8v)c?f!C-I0H
zu{NHAohlpzW=LydNgus%B=C|V(Td=i)8KGVPf$tS#JgfBU2YzDX6MXGgukjk4M*Sq
z12U`s*n25YtD=aN8=3`M{2rd+0^REF8G5+0<PzY9HQaAcRKa<lAD+f*{Rq?ORGFJT
zZ?4)37PJ+POLTWX+NPnp@^H7Ol$Wqv_<9BV?iYtuldLk{F~Mqa@yQT)yK#itS<qFU
z@PM{)fjnzAZ}E5%GKUe>p}cQP@^2HJyO;-!)k-EIoq6j;p`F!T8GA7e>tN(<O1kp&
zb@QkiFcYwf?|kK<hQH^R{}6NCY}RA}ZzDNxV7SDaM_JynuIsUO#z}NTRb;FwzGUd3
z-`PxA?$kHX#9=O;$tGD?aVDRWuV3Dszcj<C*VS2X>os#}F*!C-<#n5ADe=)y#&Urq
zPbW`v;`o%2!c)vLC3|y^6S+5C$nflxvCxuLo5B_{%zSjJBRc8B701!*oh<p7n#0J}
zUC)$~1-wJPReniF!Ob{D?L6D{%Ip9y!g66m9%r$lVmdoHMr)hU+m52yecXM#yz`^h
zLYP#c#w*sV*Y00U%LrRzkIApz4#!997P)@~PvpIaPQ2TiRgCqOJZk#qj+xKT(_|*!
z9jpk#ZxPV>qIOH}EwH(fwnt31jZ3@FFXWShYTq^=t4Y{BC&fX2m$Kd4%l$ske=jFX
z>lB#Nja8$6h~vRse&2r)bF<Jluk-4b?Cp~CXO<vg!7Ri6Xe`Dz{o*8p7&xGX1)9e3
zN{BOqXSnD@L6}RCSVITUgG;-xcms0T)C)nF%6^nC5<q9odSW#qRhQxS=87b|P(i7d
z=b`ksR%4I(vd6z7Z*unXR~`+|RJN#%y)!v(?tSU0@nLm_OwX0fG3kytj*l^Zxk7Eg
z3z`k$G+Z}8Ne6PxYa!dMjC{Zw83pOjUFDk+Q{ZuG#TgNmFNMdPxI%~5D^s2yFJ1g7
zy-h;R&~iKT>E2ge7Q;C_bQNZy8BGG2*2RC*S(EgiKSN(Wz`l+I6oa(iPEiYwsMa-9
zs)qc78U;=0H6;^AtDrt+O>dd#dL6TL{&Ymi!&RQ+f-`vQ0$O@be<H$y>@77z18~LV
zBbY7!(&=$Dj#m5Mp`3ny&*%EuZpsteiYy_KJXNr%UuN3|T&37&4>Zgpo&FC}(B=Wx
zBF*~;;u%u_>m!7W0e7THyy8m7R-vMMUC&Y*yAk0xK7ze%r1h7|3#)D+6efI$z?1x(
zpY-$u2$eKWd!%RAD9)hwT$(fGrx((*Z>Snim7|AS`BUnmZBHM}EYsMY0^w|>ccZnQ
z(Qa3V-o1~Jw--@uJLwn2?2T#T1()ButIMfG3DqhKImM**u^Z-FOJ4p`KC$|fJC44D
zwVcC!`Xy9PgtlJ*dXZ?sigKWrtTpm^3yuFwDgjMMkj|^zsW_(nR+){8QMz_y?)NOt
z=+k8W-)bsEUvT@<KdR@7(MNFcEdROePb@IqPaTa2-xwmkc0Wx+4@m9vlShOgsi+Pn
zZz2J9fLhMRJBK2g^Jf8L<n~K}d{X`>1qsZ>c-&vmap@e%EQV+_IdMu%Vd;X5PWBId
zw4vXZKn<M?CL~K6-5=n%rKB_VLIwk(nm$<04o9q9BR$>)c1KO-GT{H%{)qPY3|-o~
zzy53=@zkxi*}y?PVGe!O2Xag9spNm<K{+Oet4*H|V0E1OgmQ$YbsA{>tV>i&o~i<_
zjL2Lw`|VdWzL7>8w=9)uQukb7xx9$pHmvUZo=Mm48~qAG(SQ`%Wdh5g9uohqAr-gE
zho<5ECfu|%r#v5w4>ajE%%}bFY|(U<edo=uc-`90PM>+HK%cyNj{f9MQG)x(!t`rf
zgnUa?nOLS|uc6TY_|v<WmT`55{Ff%HjB(3~Q-m~LtM%=0xLW&~(`qs6^@f>#z7oo|
z`y|((67Wdb5&6ZbKPbBe$Bx3fdMvOF{t(E*m-=GFJ#x7n*dAAHv%PqJJlp7ERl&}?
z3128)<7J>&uM}DfPAo487#2N<4f{&ZP5kW)Hbl~-eKLGz^>7C^>EfqKguCs2yOs5r
zG+|71eHhC*AS$w@j5&>)-QpO7ecg9`81g#aP<>Cdm+K!Lou^4mwjL*Rj_5PkG<!Vg
z>2J6F&yh-Q_HcdJb$8#B(A>X{u4591Yo>r(SkH}nCiL@A3Qq<~aH`8E1+NL&ZTf;f
z5(|LcKEZ(xY=ng}<U-#pf-YIV*>-n}a5Q6<jA4Xt%!GO|aYpCCy4ly&KD3~ISLseL
z6TIOZX(f7yJiL#_him$)e5m(!|85;ryhQ9#**?Kl<A*$g`{!<I7O9MsROlNF&gm?N
z5AMB^Le%!gSm4l8{`(GoxR7g=B<xxxNbclRop1tFN{A|2)4MWQ=lBhOA3=qyY{T=*
zS(-A_8)W5?*qAzQrnBa5IMj8cHh&g<sCV6=MkB2`_NTep+leuoz}IS_a=e!M$s~eJ
z>QAnx{ZYO0!_~u~joonNG#eIHweoYWJTIbRAq*eH$0U|(W7?fc4W310QKma+9Nscq
z8oihw?&2245bE#AYRsKVhTSlP1{9ES_jzf(bfViQc%HfZe;GFc)5TE107b3rrcuQE
z#98QP<glMH<u#826ny3{gmlNRF99O*SZF2Jh^09)enluhDwR&O-eS6@>~A|txa}~n
zXGPRa)c=?szj8#Nc$7i4^M`Zex4wtT#cMpq%Cf=083cDnxH}v|L;;J$l?QxC0l%Lc
z7x1^CTIIKtpYV1(Rf5|k9Ur?jTFwHjvh-8X79#y1O4>_}2mfz$-+U}3KVtO1TlLLC
zB00$h`;KHU8SbV8yzRYsNL-}2-qJYZdR}&G2*I%4OCvwsHzG@N8E#I>ArAyT`%w~Q
z!Mbr5s<_!~N1r-K!pP9!MPP=ioFy@cb0U8|pkTx3wM@Gg5u2|2pu;%+r}no@F9x-P
z{&}zg`pecE>CJUGKbv{LQ~XW*Z2&i$z#EZ}s>@sG!QOxTuy&72_q*5Qn6kT>W(++r
zlj>_`+``62HB2;(zk7qM1@=$SAiGtDtfuRGk|7qymjJ2owkj9Is%m<TyGimEVcklP
z12jF1MqvR8iL>IqgV<$QtqkZUJLAuZ613{8u+8h%5okfH^lq>SZ55{3_?n4>w9lq|
za-c}i0xRJc$@YD_Ily@EhrP5m%VrA%oc9Hu*nfXx2Q9SkUqe|!0?+cD@Tx^Typ3RD
zHiB7~RWGftD_$E14@%v8jL`CHrFHh2m-461OcVXPUc;A}w=w?eMe0{w|BHg()ro%B
zG!IJ?{{E9!7f;`GzqtbFpR3<8J!jw4l&i=w1BOSRJ*Ht#uMI4lFG-q58#Y=Ibd23r
z{jULw7j_!!{gdiG&o@1;Gu_nsfwD+kU?EzJ)!u71nP$yG0k(;Qs_)Gjh0o%R2|@pQ
zTz$Hz_4B7LP`A%=*<?J_3*}&NZ8(PURbqvs?=w`x`15#KOSPMd2(4OqwWpMPmr_@{
z1kcz1%BRdrU8VYb|3jQ-lPWBCmU)}LgAHSgX9k@w`Fsj^db?`53%=UcS-%T#TYsNH
zS>0e00e^h3Yr$OyHw(u3LzZ2TbBL^m!{EUTDYpMM>a76t%f!>0yuqbNXZBN`(hj%Z
z><t7e*r4!6o;!&FU(`~6EqCCxW?C;5Lo75e#OkxUcv`ztzouQUrPYS2X{W*@8AW;`
zQN7Qopt6rmGEjSf=ky~IcGdsVs>=+TTkD#geB~~y@AgRhFj}Ttf@v(N;GtPk{G<2D
z<yFiES}`9`@mEa)RuMY4#}pzJ%r-K8p7okyH=B(yXWc#G8fo?lz9yQ38FD&H#rm!t
zOoKZOr&b1>p)nr*WPZ+}IfG0Yu+^~1d=c9ym7_^FXK1u}w$$4($+rOJ&~yp6v4iPu
zukswW^r{ecFC!>_wTck-7kh7B(lEbel#liZ?gnA|mt$=3@)vx?0D=n|v3KoPkq?n{
zeGPu)zyu}d@mv%?`L!U?E;Air90Dc8WVS)UY$f`gUup1!iMoN~-n}fu%|<WWv}4LL
zKZl6~b@$=+I~gi`jgXA|?J$#?Qw2BL(7ptud~=u~Hj1h!lw3C=(D>(!*dcSe(S=rH
zCk>@dVycAfwTO#nDc}G`CksM7MacYO39zX*%d>8xAY1}83UIy$M1j$Z0l)nzKqCwI
zz}oBqOo2pH9zbp9{>4lS!w5aa{a29P2pdY^qA+4hqKqzN5fijJku8s4Ldi})`ZU8X
zTG5wlcQ95fS}~SOa**&OS`jTallew<g^2!%H^nRP$LG+I3{x#YEjtOLN09@-WITQ+
z{-ZkYsBPen^2Aj-kZmTKIzAoyYk3B#8e~x%-QFon52cS*#)%6TKQrb0UA{T~)k3Fe
zqSk?8o`%Mb!tk)e5)m_<D(#lvD20O!KTIJ7JKn8_?7%wytDdaq@3EODG2}4P&uNAQ
z5~qTS%G{yoya6&(KhQ~?VZU>nNcc}rsjWK9C~*Xincd-PaaywmGcagDwFxw8W$3)o
z0%W-|R^bnwLdcH&!lro+Oe>|9lXaAky3pBIB4S{|wGk2Kv*3F}_{yzX8g1sj7pFGH
zo$(m%dHv#l9H(w@>F|>^*c7ZQ68G=-L{>2wV0)lwn%7HHJFw+Su`Xcp3<uIO927Qg
zx`EzzA?uZ$nvA3N6eaqSFsweYaDuN$0h&$e19qW#fQtSj!STY}YgPgxtBtKLyH5bI
zyZ!=%R*R%udosoM(y9SXiw%Z{0P>^-TD&xRu!;jS06QWfAVcx=;tYf>hs{59o~Szr
z7tTQtTlq4CNS!>8@Re_*L0@!ReuW<)wJIY6jyjp)q5y<2QqCf}&Ajp#K1V*yNhp?g
zg`b0rUTa_s0sEluToJ&yx#S2kiXfK7S{ob*S5pv>$t>mugwM>bC(;7Kd2|fT*oPC^
z2y6O_&uGXP+s_i@FR(HAzC4==JU>f~#Pvgj=$y=n6n6heKwd+{x#MKV5+JWkkz)vx
zNGCwu?>hK0`Ocd0bGuvsSu5mN-1MP>ah-Z^)c9=^xlllnb~<ucj6NrP&3IXd{ik?r
zf;2fk4OHr-)I0}IGHXP;riO6D9;v+wvv%ud%*>2F38qj<!0>QIF>RqeLu|#Om8bp4
zO$5XYsobg7Jw7vX5N*<w36Q>~p^!Jo3UB9JctjuGl}iu{wt&kK<bjJ_pcWz@9AFW~
zs-Y<)rOT>Fg6O8%LsLCNihv^|y*^HT30<hl`#POLi-)P9a80`na)?H@(~>CL(K>2D
zGUm>+rSe@0kbDEu|GpzQa(?-=D!U~Mhlmqf=(_^Pt7A7w9ZR#Pgh*1!?I1&32N>+?
zBd3X_8NUQXzlP)E48{9v19-DEE$Gc;nlIo<Ci`M);%N9@AUk}6BnTzS{(>luzH5!K
z@;Y9A?3<qJt$M(+MB^vOPXFT-w^4b#58I|E13L%VV(DxnAR7GD+9z?O6S8Ce`~;t)
z^E8Ic+htB}1|mw*bq7Xk#cMJ30L|Ive0jn(k15TO-JX3aRzj1EJwVaqi^IDyj7u26
zX!8EJVRAJCCU_DNnG9QyB7JWPAUeC&AzNMb7ho{F&&OUg^lOTZzj44UVusqhCMdf3
ztf7IG{$VDp%d}e`$jbP60Tk_V_Fha~SSk<?7?k1ejV%&xCU)#dx%@ER%z3921Bf<U
zA-01k{DyvG-Q+cY`;F!(qt>m4%By(87hfbR29(l$X|@wh=DY*bKz8K+1}s7BtdA${
zAo)V)NZb@szkh#AB)w|zE|yax#sfqv&X2-bAKP*Or0{J!<$puxD<S#m-}e5^T4n)A
zgg%zV7LnNjNGu5(G=D>_;Wj<9ziIrNHLQXo={DxB)A-F8fZ*tBL`T=E_8a=33mEj$
zY?k`%{f7I_^}H(<e%cMb6Vz9-rG2%feLr@l6I?|n%w>iA3-qh1O!({&A{T~9JR68^
z>CilcdCw4)uqNuMBf<dDF1NGwpK=8-A@TWqe#kk|u)(TFeGh{hEwzgNi3n5uJhd2z
zFjDVfB^vI0fQLq}W-w#jqgU9M2i*JR6^+QOVv^2P$&^@pF%4-P+5dr7qFS|)57bTa
z;IZvd+^g&-s*x(~HUyO=WwXseB+aQVFwD`A5_!m{IC%?R;vYi$P0Z`Z04VoTTh;`?
zMUn{_yq<><Uy8vbBWPDDcFMTu1m*~n41|gO2@ijKqxk^D`aHG9z$tRg*prmlb5Puf
z;OHchR+uqd?2U@B8Yg?n(6eXML*L(m@5o2^MW^+aVpCRzAOpp$_a>UOrZqmm0(h>|
zWzI1#%TTXyU;->WL8mY`xK336XE}&VVJ-}k|D}#xz$~4XB|EYP2C61IhgQ6-Arz>8
zp-^}V{v@qE3~0{V02Wl3h!&~FAr+{X*$mPF7@EHr6<n9#OSjIA*;nu*OD|cC%F)Q7
z_<oWut=rh7+R-Khs5)4R23}{L1STr@MltXxfmFF~Xo?co5eioSXr;z0ovjYzr+&3$
zi>*tlX4@<0fFzPm#H)Y(kEaQa;epmstVRT}V0CbIDSvhiso+$0GvrGfuJqEluR;FT
zpAabmN71KPqBYz7kk|%zX|KpD5=~eGlJt|e9oJ0=F&IHL%hLEN^%_+6gt)_(>&p)(
z?G<;Gq3$pXWME^@5#vikDd-r3xQuuoPd0BK970g*9ZJPVm@0f#7>b-k;um+REO`S!
zvDY@&r|SCyW1M*#^_>Z0t3M1s#X2W`<NG%|NDIdx;?a@xcXcse{7Lh>8wwxmyZ8^>
zqH4TIG{U)o|ELB0sA|G^!C*y_VJBfJ$_bLiTGO>=0e?$<W~2X|WC8zNi+&xpv>SU*
z;g~!~RZU~m^8$~;E!KvR_=9wP-L3%xC#du&+|9}CqX!S5G>9-Zzk>o)Dn{@{-%FTG
z+KmGZWz%A*&$CHTo>@bl7_I<)?!ET$3+_q~t5;B(Ai1vd^?+yBuKzP8#m2x~@Sr_l
zmvN0}2Qaz!3h`aN@}a$9bLv5(?qWl)Q2}O2H3P3FNs>LOYWmCJag_-JWw|JEVmDmP
zILc&x+F0Nw$?|ie#s*~7q{dZIs5WhdEqw6j2gNG!HgWuX4u{<Of0b9}!ix>aJvD_l
z#EJ4#vW=t>%ZjoEJf&QTn5%bVp7~-*6r#K=(2Dxg!6qYbalR3ye1Y8GXu@4rW2<6^
zxk~?(<rk*>ZDS}*kuBd6uCj+x7EJW1o_=zO6!K#5*G95YQTc4XBvoC}`{28%uzk5j
z!5wnX_~d^~CmE1ci)Y&M7jz96{WrC}Ictcoq*sJSmb^03Nyq%qL)wQYL{SGVt7M^=
zemG~T?`%7<_GLPW#KC;(TN~>ihcb~l9kYCjK+Y-OlXqM9XhqL89qMXf31N(+Ulxkk
z=Y`ORgk%vuw=5OexK*>*^etKR)VC7FPCB>VR6<^a+1`YSV*~PIhrKkT;C5Z~VzkKN
zcQ>xDci!JA(#WJX$3>V0{Y<UU2H2$CTok7KMEtpvTG|u`fq|opD}ShDyHH)n)^?pX
z8Oa=}veq6^sFaC3aR(JUFw$xFOS9oJa5dd&a1HXGHTVSZ6k9=@^}*BN2O2LeO@(y9
z{ycSAPzQ$!eZTC=qd|ReTX_J$QNBs2pMVG_FdahztJk#n^b~RLL%t`A%GtM2$$nV_
z`|H)BV_u_BU1xcYH(q4r^J3<4@QJCH+R=v|EF*}_)2nX}mKj9BNm({^6p&Kq^>K5^
z6rxKQhs1lWU6)xH89?BOOPyhke$M0ql%fPVCz4XPg#l-h=9J)~O|n!O15bcb$mI-b
zA<__2L>&F9j3T?vMBt|pIqx3!1fXqFNIFo85LA{}9|Mfm{<v6HfCLz{qqQ$qeWc$^
z?Ik%PGl#+Vu&2zaGYvNkrcQbiCHWN`!Xc6<XZc||CUR`X)@8SK#sWi=0v-W_RP!_W
zBfSl#+G94+45Ko)*oYa*nz8(HgpR69sULWg-{DRu<`cR1k+=BK0}%b`V@pnlbb4sg
z$Ci?pKt!`oAXWwY4{*`4!Xp1>yDj0O)3wRv|EY_Vwk1!-ayDjuh3Y=y%3Pirf_NR~
zI<r5(kCL2>qb2~&7sPvNDWhLl6GO%!ruqCUgAVW{%}Z&$8qw37n(v?%JO+?7-<(xl
zGZr4FCtlPpWr?RJj#tp?UQPQuL`1z<M%Tp`to;#J(h}wdMGK@gz<H8U1g(|%(1mX&
z?>M*!9o@xzf|#b4EeL+zT&z0gdPDE2{T%M)=!q8tB6&E}qyuGrT^2lZ?aYwZ^rI$h
z37n_shkXElr&y(BL|Th}9uG&!i7Zk$V&(p&3=>_6TJx1ok~xCx01+1xwXAQRjb7@9
z?Gj!<zdJ%*i{k@x#;<CYq~bF;fP<fhZ>$&?gD#LrV%o^$&4{nWW&nc*`fcCO=<2{a
zjt(>5iyVcX@7Z4zh5UTbZeOd&et68lZ5H{E^yGXSJA$t_`MA%6%hfYTFo*UOBnC-M
zjbu#zNzzRm#;#4z;L-b80c3*h8p8xBZbO!CU&>PYKa#F8psi+!Cc)jE;!caZ7k77x
z6nA$Gv^W%ZcZx$P6i;z?E$&|2?WN!Qle4pPW_DI{@6Fz9OAi@SZGBMau;BN0o(q9@
z&Kd(e6sJ6E>1(Q1>H7eDY9zK3ugOkDR*e3wq#{6%9qBw;_f~o=coPj>;k)khmNVpB
z15f$)R&6aDD!t|+9PAG?xIGy3pCn;rv(>-Tu_3BOrCPcE5Y;Tm)Af!d<lJ-Aic5aD
zrv<#3<GnQzvYafl=2S|=)?P{N@C7bRV=tOU=*!nU<;T`9UyWtDm($PfEiM)S5`qf-
zuF0G<wO{5G!>wjqA(JJ3eZUnnj^}x{A*7Wy(``dG|9CO@&L&?@llw{K`=7_*ps=gk
z@0y)C!(Bg~az-ab%yIsVcLsf*oaTJ)Z(n0<6iD+-u%Q)(C46NrUHF~an=cIBq&5u3
z(Y?I2r;t{WupCT{LC6u4&Lk1*C&2)zOE<rZ=iG8axIS;MgLS5>AG&@q<2sG#w0V5@
zQ)+(GUr$)4%@29wS(`&E9e3swe8mQ1pWKLbEX^9f`~1xz8AWxi3Xm<MIqy^j%3j|^
zh><TRcJ8bo`~2d@wef6p`I&CuDjCU{Z0=<W$vaRLrnr}Wr_~xU%Fs5(>`A1FO3%hX
zQmpXQk4?}bq9yE)3M){3MNTtpT7mybm4MMQB<r1=&$J8-V~=}t3t%0Cyd-Dc*?_=B
z-};G-=dXY#!!7RVc>j-grE+?=Z1EhwA7qgkkE53{l3V&0%atF>kep*ZL^^`gku5<r
zE<#H>xw$aE`Z*z`D|Il=O0pXW$jkennn*>d=7!*=lBC5>o@nl!;m_5U%&$veJN;=l
zlEKASeZ*gmTvtgU@0vk1S?^gL0U^U03otc@_RLw8{x9f|T`L2<;petR3Xy$~(Cl1t
zqyW>?Uh2%6MZ+oIO@2gc&WPrhOUzTotC{i;_$qF=bN>y1I<kl6ZOJ%jg|UxEhY1p1
zLNnKQ+p|v&Qn&0?FEz>hx!c54oXi2~x97GfjdgeZ?I4f@iYc9!F0-ZICKGmG9&y*)
zx6BISU3P6#nnS(9f1(S^s=|&pI-&yd=6Dmz=8cTll>rV>d>+0SianYdHJt#b(=IQY
z!(k4Yy&w9Q!PhD6{+?{{ol$A@2;l3R_I4?RVyB(m7JjiuhxYd1gXZ%FFP?a#%2XMc
zL$vm1Zx*)2ZqmYm4iwcID|C1N6AH)=cdGmt#b+4s)Yo61<9Tp-R}Iim>&wWv0lY2c
z*}Wra+AxmvcXf_Azx~%K<}i-F3I=`V$^Suf9(?=Ek20y}p@0D7b-00%NSaeM;Ywe}
zZts^hDvAshOuM`e04L<JwrxJRd@yl8$dtWkqX+b${(XmwA1Dk%XsP&gMPXtnL0$d(
zv-VZ2O~uaV`U)>2H2|uDYR6RxKctSP>4O*JV_Wd&s3hGLc^@ja_a7M3`#Y{OK5}i7
zt7aVwLF(LB*S}M1Yytg*$mja?A-TO?<h5sTC&((ttSg9%IVV43mK%AM#;lEHqlc}j
zZ(RodBAk4GuivIri}JW`eLaB@50Bu+VLF;LGuLUEKHEul1t7BYB(u|awWEpuTz|zK
z<V+p^`RA2Hg$_q>jIN-lq`wJrJk|g@!;eip0szOB$E>fjZ`e$G*q>kKAdXMtLnqZE
zWu6q&q3`zgAZA=JMBiJ*1U8Q4;2W@I{&X^5%afLD`@XoM$MXqnA{-VkoV18-rF#dS
zJDU^4r@tGx?pBV>!;S}F$SIIkE@vyJV+&)hBxTsV?wM$Lmdc#E4dGI_{R)0+Ia%g{
zl%Osb039vHkkJO!KhYA$SGRi<!S68C5_6lhUOHC8<1&!r!(>p;N>mTciCL!lmfs}7
ziIwUI&n7Aaj~+v_dDDOy3zgyeT$35pOJYu1Yl{fx$`NI>EjYR32;kA$1Lcw=JU`R1
zM@m~(VHaE0v;|PE_gvPSBh7}KYR5w}CooP)IIx&UD6%T{z4zbRVzku1PhW;a$KZwh
zky@2{!pgOIY-F$Z0=LagekC~!J3Y!_u~B_n_Pu>iF;rZPMwv+@mdL-kM@eJzg2^o=
z!bZd76p-Kqa=><;5yc1Sy%vas=>aL$ODD=!H`9H<&7(tWLS&?%du<1h;u?R`kJ+~g
zI>4HbEsdy)@P=W2C)2h4I;{7I$2x6psGYUN`zG2}pvB5(NZYKk1w)B6q%9kWt5^;<
zk&gv#7QcI<gtT{QMr-!9F?G(OnZGZjf$mORO8)+APHe&C6$|5jj_QMbUbA5FE7<3F
z-o{?*0t0h7fxY+kNZeGx#D2ow(%$eGaAw#l)qC6P9qZutY-1|u&sqO6BX57zjI(^V
z57QcR_6^~hDA|*k19}Duo25BCn9%!GgzQ}VIM*GfQza9S*4$r;TJoL(=X}228)0{Y
z8r+;9Bfd)x2W}3P5%-=%^)~R>m(82jR?4d#NW*~RpwpAhQz9y!2$d^VsY<!_nHPH$
z@)a}z?^kO>o+=y<R87`y$dr2Tw#n(RM$V|Qh%9Kfaw#Z!u0jybUv+ilPzPR!doJ!5
zB7UnXqB`_MZa$60{Kf^epB)@UY?c9I3xop?*(kOPPJ2}|R8V~+<c22XWru3Uig$XF
z;jCt3N<aDq3#3n_!lrX576IM*v2aX=ynS#?#uiTzOgU|Dfi6U%<1kyCWWLC<gSw9t
zCL;$n@YtNvPB14#%>4j4BD-VoPK+0$T2Et~tW<QdpBn?)$1@MvJ;NTrejhb>fwm;A
zVPq0VagA$eMINsN3G7vuoXNlxCbxHHi<hAvI+jJ7;a46)bm?Imdez|sSW6(~_#85l
z^&ta?6ZVboqcjQD87yOlQpc5y`B74F0ar7Rt$URDI3-<EU8($u6lb=*#p)oX@b`_h
z(GkwC$R8=QK9mX-bgQTF%5k)30Aa_w0Nxrj$JISxNWK)<E5f{F6Oqt{Pbe`ZY(vCm
zB#Qg|TVmDh8TcA?Bj>%|_u61}+XK2Gd0}KB>8(pzW}B!&q%1IpQ?_~Z2yAwExeU*c
zTo{0U*JDkbF)W#zf88H+o+=yJNVYP*Jp^t}mf%mnHK*k#mXkqdeJH1FKPkCqiVAgr
z-URr^nrnJF(G_JnQ5Ov_%1Lv((-6&h%_pcSkt#@Y`ymj`2_l(mo+-h<Pxthr-ssSo
zF0tfD^48>7utHAqR^&v=YBq{`qSO+)<JK>kMg+0>-1N(PXYosR4j;nP{pwJW-&2qr
zl`fYi{s_qSBre2f3?^pdC$|N*KRrCF1uAs9g{(bQnS1&Ii~>}1>>ENP68W>37Ejvq
zGmM(<EQZ=uD*39k6)k6OqXf=Y*1kCp_Me_=IXbbFS<q|<4;#1&da1Y7x-cXyZym4T
z{}=?v$?du6n~6r+p8T?o`Tj~r@Ohg`S(a$WDp9U?Ig#J&7v_ayazv6ERp2|?twydB
zZaPz&Ca*YiZ|`4qn*+4R-xMj>u4y4pjpi?mK)iL>_6fQ9PQ}lwtn%8#x{lqV$yHqG
z!JF&A_OAFUE^u%VmP(d+33}n6Dn`}K8talWIsx4?c&BQ3R`Hi%R6$@l-AW1Z2i{FG
z^pww;9c1U7tcSAev~g?Y8RuC1YeJyG^cJuppJ;;OBCZ0R{fq``X49@T<cV6(%af0-
zx?g@=S9ydGh%0Ok$JE}HsAM36I2QOpP&QK_#(@JP_mheq!IdpO8uiRfzFDS)o3I(5
zCfMfDV5nupg=<TSb5Bj^t;JqY2$bILcw>0}D!zx6lQqq1!CkCkAl(94ZulFFl|OWv
zIu=AiSw23Tfc}@)wfGBkp9pF8$WsC-FO@=7_4)`AY`NWW94UuVX?4M!3Teadu}6{L
zr!P77xe8UHWtdM^{K3QsPMd|J_Ty3?o;AMt>Dp~3W?wk}3Jr3Rbtp)anC<?&)=l4#
z5jMg9Ep^C(KR8pv0C8xP#!&a@)^jinMX$SEB)(dd6bMU44rmWbsV*wt3x^f63J8H!
zboRk<4|A`bWK`Ry5SwF+l&DZf4wt1LK-`O&b`PV9^{8`{{mSX;Hu$yB0V5GOaAYq^
zF-^p^if%XxS1RJB$k<A`lm2Oi9c`}9+<ORSMJ_4j`*!WO9Of=$?{GJ35HDpd%k*sR
z0+PlVMfAIpnFQOJwWu<S{AjzYipah74qIOvGuqUp=jOEC)aXUtl;|}Q7;_)d*`>=G
znCu=e;M)43=18S3k~gcf?3sNR`T48bz!mL2lKSq%Cp?nU06zHhSE(`-pJ3Vt7Kgcj
z!sxea0c29{#v`NVIxQW!%9<#+ZwpOo8{Qw%Kr&}6$fO-5xO~IR49+K+ios@6?}w$8
zPm1k#s&X3=!XlGn{RJ`_5=!-wW81kB8xmB`3ha9m#Fhqm=`?s;KeJd+w=jYe>pPI0
z&ENZzI-CAEd(TzpyPACrE=(`8!R$Y9n5iKMbgjyzA5c!^__lDh&9-(L={t3rT*l}z
zd3?RViDFR1yYAP)mSk|<LmXyp+3-z*Za*svcm|KY#2~6$%}d&z+rHTY_9|M_mxS=%
zg4ULAkQxp0rRueu?q!qwo7a8^@Flh9K&@oV&+eQD_fS_s-d?VQQdDHqBsC<Al0sEp
zFT(b(ajvp>7lh%OSSrpDk=}Yvi}{g!RbJTnQQo0YTer%gCD*|{|F0{(m86CF3WrEi
z+#Q?obO-d0_r~Hl?%5JY>i$U*qjov7B;&S<UGrr*Xw89{5==8h=u?lhmAM<2f#tlv
zq><*=4-s(k8v=VNQ*Q1^speJqkEJ?3f9rqb?J!eLzrjKOUiG$vS)b?u9cXVQyh1hg
zw@1_+(&XWq+JuC?zC>1R&zffPY{f5JD@Ih|nx!=8YS0}_cwTF8*-7oZhYsuSVEC5*
z7Coz;35`|V|K?7HIa=D~NxIVJcr_JXKjq^cg>C2j721})*9Z10H5$WEDFv<RWwQ?G
zUGi<@^c<H820gxaAi4QI`>Exs<R{pxB)5a6!udAg#c_II(p6W`=f;7z=Sgd=TX|mt
z0eBYhNZ9ZwJU-I+$J5Oaoj+&2BqvKGEartx1=;QznKqO@$3X$;BwTi~!CW7C>^jc>
zmB)VK0-uF{J>T$v68+{6{kuZ@uM+Vmfq$s|Rmdfxf72|LITk-hD~u(ckgMyyQqqs7
zp8T)^uH_w@@x;Np(mXjC!M8hI{NWg?`7wna^Tmz!>4$OIdns~>QbU%d)#6R^Yj*N)
zuoW~<NjSi>ylX~t9Y2~Un4NafxdBu%I86mld~6zt(QY*e<<KkkF8NRxVMCr-Vn<r(
zgpKpF3F;&z^qytYVj+3xLe!aHLy7kwkR3VQa)KHT&1KbWmf?ITow*Q@syI4NdMy}s
z|6xh2e}iP`W8N4gg3=QvzuAPQ>!gA3PJUNQ0_pW+nXcu!BD!yX$4>q`jQB6PO;M!R
z6;SOuNBoygGY0;HXTzQRybsg}4%HM09kZx3rhiK9Ax{`zz9lp3PoehuzFE|Dq@wXn
zXgto_sZwLQ^##ClgF0lAP^rE8(zT`X&1YBB#<UGmr&biO(|ruB6wO}8d~!J&5~R6t
zGL@oD8`U11YLEQGNzfz)koN`qtzUeaoIAH;GOu#Xxir7wDR2xB9{QINQs<m$niXGl
zOc8o^1{Q7lC`nF2^RHqO#+xC~M08B|Lu-3wY#8)9i+CFoq>0t+EbD=K%qRIRxYRRb
zxoyb$JO-!AAVwLaIWNdp{CHYTs{V4jN=ntG#Qy-Bc1KoJAdb^GLwMMH#w-1Jy4qj2
zzGlWXYoi!PNWHpYWL8Y#ze4Ewg_Q`+DHaF+yg^`Z9AOOCJBCLj%RcKOiv8RALEgq~
zr!7}+EP>!<Q3zvoy7n&<QyJLW=*Wt;;KV?q{qC>t&s1W<gtw(c0zO5UJX~jq_pYZ-
zp({8nJYZm7;D;yX40x&fj#H*x4H#ID^c8UJlUqlqxDJkS{xK$*VPu|=>|1Std>*o6
z|I;a~_RFb_eL8@iMC)!<Ic$puok~3GDis9D`fUDfVRuDZ@cyEoP#@W`6W@`eKR$Nf
zd0*c?hSH2>fBfg{VD_=L)tV!uEuyyibeuj6utqCA_t|PX)r=_IQ?SyyQulX(@OW1h
zRkKs0=mz|)K*orHQw*g+ttUsER~CCp)p`6Cg~Lk|k(mggLQM|;JVFfnLLBwNc>6j|
zKOsjA%F2j{1ulBl!<hj35v?D~O|#k!DDh<<w;+?Bka=ka(SA2ysliIMczNQt`Ox^c
z=iJSFg@zvzU9~Q3N)27|)R&|PtBC<u&49Bj($VCT+Epa)uHV1k59KNaZwW$6IJF-N
zT!QspXX}rj!k4|3v4UCCfMyT;Obo!%8+GDy`e|NEmG)wQJ}-Yut|srjR_^aaHOa6<
zUJ@p<^%FsJ{SATo>Lq;eu1he?5I789`r<))3O&w>V+l!by7qdnJ_$Ue6(3llVx~hy
z=Tv%mGwMv|RD7v)>~7A(^#Wy-oTPSLeMN{@KAKrGFZEGj`qGcXHTzJjg*r@aO<3Au
z4xie=jg@|z^aAD@h))(lOuxO57t6G(8$btD%{hua)&zG5u^+pJU33Lu@|vPj1WaI#
z)NG7#0jJgQ?w4}F*8yL|k^2JtKolL8vUDa~0RdKtk9$huD{%&ZLz%FhS|w1_nhVTK
z3HleC6LSbZ7h1dk+OtO#XCrKUE9yygWUR%ddh_pYmCu8?#boF$Ip#>ydgvDQ7StUR
z4-FZ{sewHOq?(P22<U^;<fwFvGL82#Q(O4d6an^xPvYo5?+Jfi&`WH^4FFi4(&>SR
z6Y!p$E^-aE`7X~W1O}AL>uU(I1pL3Wo5+blvO&8hDfYF?u(Cnh8`>FqG1p$`f0IvZ
zh``rK2zP_GY2OQi2p3s%DlDF$>z^pUF7tB09Qc|Mfy4sWCp)>im_(`ghuf347_q(L
z{W02XPM0vEtOTFA>o^78YCr5T?$Ju-CYUREp(T6Q7+CzdA9ezlc)Y8&KqzFvf<GMF
zxRjleFEq@}kch%325F=;Ud4ADLAHmVYc<0Tp%{yl$+>j0*qmrAt8CJ9VXVJx>+mC3
zDb>8_Fp{MA{5U3|r<V7dpc@Q|sRD4wr18y}3Qd&6sVD($8fmDr9yZ=I#-31F{x;MY
zjs^!oMd4O37oLWb{%`zAiveJ$`?p)-Y96YrHoDQqu};+PhSX3X6-@lruW|+ddW8$p
zla!O=L2n#B#HH8y7qIzuI~|b}p-QJ!;gqDIb7wJNn#Qc#&HQ0}!CHupWNe^p(teQ~
zp_sJjA%KTO=KB;$jO7EfkjczO9j{JMaX~)ouO)1kEMG~yEE(+y9#_YivcmqNxjN0?
z4)WQB^RPcN&rju>4}H}--d7MiYE0pBW339&R>|z*LVV*b_XW0TI0S#N7<gbR4$nv`
z7&~X7@7Eo}iI2Ld^)2hn`Kf7kk!ztfAAV4ifWi4q`2EF4eSd%iaLC+0#P!$GFtuX*
ztJyS5(h@hGvk{fmO@y3YlCm3nhW3;O-K~I2tJ@;FSjDDlu-h22SjDbt##N80SjDz#
z%MWv8iaEFP?n5eS`;AHc{kEUr*}(#){aQ!ZVr`u0V}l$~n$7?^ZYt3SHi}c;dZiJv
z{i|rep^cHwX_XwH80M3F(Un2tZSLkIa6dv1d|kzOap!`Yu>J{N)_B_^JcnQ?l5}TM
zO;IopLv|v=U7{1DSSOc5=Y|y9T^_oluJpY2?TS8Wuq0DbT7)Cazd~+50~y!Hj1iQ_
zosmn`sdJa8!2R8)!vnWPGbwW+t_2}}JR=Od0Lc-D+dM}scnc=UYEv^aj>AKwG}PMO
zZ1lZ+l}~2a=gf@0xTlhZG7xVjnq|(hfU<qHJ0Nkrsz1LcgQ=AcBOU}=rJRJb12Qs9
zmZIXl97u}|<5`y<OyQ!Tl-hi>@gL`cw6=lbFURCGKhGOhO@`YvE6&t>i>amgLm$xu
z$!-jt%G7q&x8p282}R5j6O}oj3id?0{wz*_0=<R|5<9>S9@obzkg1)N=)aGXi#xgj
zbM<7;j#!g0Q(OOV)U@#+JZr_OTk{j7NXbkp@2*;|xSi0K2;<V=TA-X%!D&^@pFp~f
z{+dfm+)gn$Be%a4@|Y-=hUxoFjJknYl;Eh(<oQlk*a@GOVy`%l^QOT`TdFr{ZURR?
zZ55lc+ck+vJnrI+3Tt4fb3f~!e`ej%sKK(>3sA5KK7T#uS45nCl{TchHA#h^E7@FM
zrdqYXQw6#qP<+6p8isxBV%T88KDgAvO3Wijj3rzbOUx^fYFx~|7AhLkE*t(M-qMXt
zS!nh%DpwdMJ{4J*1=)Sh4BV)wn$=73lF|L(`mZr~849%#-BZL^OT{|G^SzMW*Vx4L
z87B=E$`7~&#PmzJTePLt#XmNwGgzzd_dP;jz>WH<ZBANK6DP36S#TbyVqLO!{;~5r
ztq~Vb)~y18@G(w#=(_8Ep!oU!+RUvsCSU3Dd!uE{!UNzK<qkCcVUMPQ?YOC;asEs3
zRke6867+wcEG=`yjIj?;^;wVMTJ=YL5cu=aK&uRsS%Wk7xCg?f-LJ|m=MEq=_W6Mt
zgkq-PCM5Sg3b9th{AT29nB-}vX)dgT)nr@;{Db%Ga89bIOH`9^pnxj$_)extep6(!
zLd6|)rH>xSRX>wo))*)0f<@#qwzPwdm?yvWf!))@bdav?hkgFy(;0stT}fXBH!9_`
zB3=^>hcuyF>$9T;QBexQJ{F6e6-ETc&HJ#UIq?9dJ2EkY$rRjLH1gw++(pL513)>n
zbPls<VE3*jO&yu^Kf=Jd+4qE9>;T>4!BWqR|9TjcYLtt&Ei@tr<Pd}$PlkC6sa9f(
zz5Np68z&YtjVz0Sbgkx4Fx{|5JxLGiyH^dquA48`?FxuYenf=3L%bGOKUb@c>z23F
z22C3Uv*2jE#y4aQG}6KSQTcn|viW0yMSY5zq03i1zp^)3sc1~%=iX)?4eAF_F+H4s
zO#WFJ?iFKj4dy{oY;rZyHT%><4lbe{T&u*jE9ZxKfnX8(NlxpKV>khY#beFP5qNgN
zaQrAfC2?Z7$7yvu2YobIB~XV(Z~L|!c=r9|yTU6L*P;&~VZ$rB#w`Q5R{4D6GNoY=
zr6w^^d6Lo>5E_=mysEpeem;hbC9vp9(=WE~{<jbKXGqf=!sx$Q+w%2unDvD)wd4-s
zH5Ny>Rp`a9-uvHTLuL8Ut|2l<M+iM}qte7(Ra`1R@1HZxPgR63u0^><3hqp3@413D
zcz<o|)(&N`2u17btpoTP?OzRYMu3NKN}fB&xw*C9BJj3<Tmg?Y%&l4f8;_ik<IfD}
z@kZEG!wZrTi?ouxpPwzUUE;{%J8hKz^huK9QTgNQ8qG^aKo2VF8+5V}i0*Tb@_Y@4
zdn^=tV|f?f`Jog-7sC;}HO34&#XpF?0vrndu{EwKbUTADrUnIw#oWA@pReN`^nhN1
z5#o*J{4>)-`su_TbH(-}>R+w#DBj^6xOKa)6`8+1LB}|LMbGUU^@%W~P@whgV&del
zg;%gtJB5^(4L&SxZ%9-WH$GQHhh+U1d1C<vCMM4lL$##Zy;wCfMI*DAsdUrU$Vhg>
z^>k}&gEidP(&s$R-3IHmH`WQ9_Wc#k{n63=(F{(vvmCfZm%g>y#oyF`+d|izHqKAJ
zPi4S{=8kx0AHeRT1kkhluLSSO9<ZX>jIpqzn9HhsO+?P8N3JJSD?e)wc5x)iutXeC
z6tk1;8pbzQUB>uZpn9=@>Bn>A-mDI;UzcgPCg3E-lw9KkW%gPJ@2Sc(u57QpbP)#E
zJeuJmz_4Bc_emz?1g&qaYO!()=&9|K-yCuxO95HaoQ{kNpu{n8V!S2nvuw2YH>j^=
zybTip_{r2C$Cz-Dnw&A+^6#QMM7-phu4|vfF9H14t=mBkycU!DxPp589lQls!LH%a
zI5bblp+y*YeqFZDf3d+iyv2CSidQ=_Q2~qTy0UizQKt@?@f>d`6$o}IByj}^SCQ<E
zcu!LDsjN)o?WHTfI8aRTm^=$zn>+<=HmenLHLA14)Q;Rr1hx2=XK;aCsweZd+OdT(
z`wD%^nkOG{-MiFJ0CQS$xO1J_Crk?^I%l~2`NY%(0mvIJEqK+Nry}k>jx}1p){W5X
zpv_lC@f6jN_{K11rfC*P&-x(EEv(1Am!%6fRI@MFzdJ&!bBblJvOQggH(4iItyqlY
zIy2NdQN=6cu$k^EU37_ZDA@CNl5JBCUkx8D^`oZrMBJG2VSxnJJx!vu@#}C)lf%`K
zr$p&5gvzC;Paz_;6mLnRLTZ)+Dt<+|&pD$2oh9l!1{7||lSkIM7MT#Qj}hw(;0?HG
z%P>uv@t%_9Q`Sq`Z|J{NfBN+x4Svz#E>(W8<sX|DCBf6|%v54OC4f8QUx*iUD0gwy
z?v5w`4;Y{TZ!1^B9T&%%wd`Lq3U{4`^P54<q5w~s`XsFx-sw*PI`st*v|^znufA^@
zCq&5&>l!ESePmOpCU<yk^7U!z$k*Yf3l)w5iP*=YXtYcm{!-;{C5vUaPi9feK_oZY
z6pJ=hJ%)^GCti&1?0sR#tT2P2N>MpgzE913;EYuZr|=39epwW=Xj2`=TO!+%(#15~
zwh>)$3!`VY?Ji%YQ1xHz96oN<AO{4tti;ah#VjhIC2#Vt$J?)(k!|0;CTl{9zRoB9
z{rj)8l(hiMg1}LU`U%EcdK}>1_eGD2`F(~YSB6{0J|hlH6Qi)kV4CU;VxsA&mv^+A
zYf%9PALpa6cl)K4W&s&ezmB5<bfp^U@d2YU^#$;Qio_M2Q8_h*w>iXMZnYDAJdzN`
z$}3KH=G&uNz?BXKsdm8hH$`}cTZcZf6Sz9DzJ4<nice&8AJ3(_5qbb|?;72$kN%sN
z<~n*ZnaMX2-FY;AtnW-d{y*HD1FB`Ip)d+crr7q#72(CzGL$qWoeuUITocOSPdUWL
zcZGm?#rjH3`WL0#KP&OtC(#`M{EEf2PtB*wmA+gbyE!%E0(X=?{}n0o5f-0&92P=1
z*@VvYkZf`b0j!G97N!-){C-I$&sID7pX4lP@D!B(eAP9wQYc>Jt)F@KD?aa7A?PZU
zbT50D;4<O8%BCwbiR2IebiHHTVX_@)9sH}^5G<=J(U6h+yV>(@>BA`WwJxQ~9flGr
zL$qj~WQ%6C6M@~SC0wB*Ji)o2u8)W|b&S}G)POkKs4n*ZDk)OZ%8(IeRb_ko9hCr&
zIwgvN=9(I>(&p1ok2|6vt=VsG2|2aqUlQVF8s06yROPfy__O%QWjsaMl9t&f)DUAY
z;h0=N`>DR`6LQ_{@CM_q4C^Dz`;XB6F}TtK9Oo-)xA4%q7gw!u(Rjzf3jL{p(UtkH
zcE+ynuo>lfFp%VEvg96I>AmuBSqyfMq-f=Nu#t#pmVc2z1lpdGotO9)P>)?`mx+;%
z<(f2*A=s+{Wcv;Kv!5>DEp!cW1?RXmS}HWJCA#U0x3>EM$47tNQbv47=vd9GSM|c$
zUIO7af}-aKGyXpN&^*^-b1SIwyrDIgW}UK-m+8=f?7!uMo>zz18({H{-iT?JmO^Y#
z$)$eNFLYdpyz+Grz$}`6q<!p?&{)O(Nc(hFkX$3J3iCWuzM@`0JNI_Q1^$3DOZaB0
z&+~ymvo(lYt_D*x><z;V(4?-~^6IDnXp&c@ef<yyu>YA~@vPGZQ>CrS{aUMzQH!Nn
z9W(#}SL4lEzJ16A7|@psyxCvo+=To&3rg3nC4u!=T*n30#fAv%b){-2XTf?52Vsnb
zLaz$vgSODY4p_7NL0-d>&B#ZELD6)8Wx8^OSA=<xeOrFbgUr<83T657E7q))Ae@Iz
zm;A1$+;e)a8hV`o62;5}I{czzB*hGQflH%|_~5k_qtICjAx8is|Nb_%WGO;?kuc>T
zU#T4t;7Rl&9Y+8n(I5Ij^HPjbAEzz~1h$tiGQitn$;88<S;n_SRgRY>09cr|-rUzp
zUym%_gyRLYORS>6mGR2?+f}uD=$dyQcoN^6bV&U@F`PDE@ht}%VntJ^m?xg&CMiCA
zO|4mJMO&&E6iQcJgsoW`BsFvFhOJe~T8Mbl{x#+BO-Apgi?&7)qZx3L-sanqpE^iD
z)1WA-Ff`}lb;I);@v?+qb#589a*$T#S7kF&VGrOovCTINq8z3y@122ud74JsNw*3;
zHkUE7RxXYdqizP<IH@xs6|Yv-UrC?{uA2y&Uu%z2r}K{|9lfwX(@FQ@G|Xh2cAt6O
zJP5NM4@E2M#oUzpOn26!MP4ZHh3;m~0P1JWj~lY)spHf-S^>K#`1eRD?XC@QV(4{K
zIzmUT|I}8=Yba8**L7C2=H4=sHvjmKu`N)2@y`W&#TE4NKoXe}`(b<ULNPsS;m>~<
zS8^Np{(}3Ez#7Tr<Cfj@#3bku2O8pA{9rVc9+)wx0<{hR247}C*+B_PcCJuuP}<&a
z)_;M^L}?kz`zt+S&^)I=^-c~-c8-y?dR+=$taAQikAbazdRun$tJc2HalH#wqAFfp
z3HO;E#;tx*&}`$9wsm>`F<-vb7iFmU!)D_Xw9+01R{Hn~P-AT3#C0h8Qrk{pU>pB<
z-SO8ygwh{XFDs9svWN-V2UFTkOGA~CzDlU`Aiiw;>VLdB3jL~oyf-z(M>(ipW}DZ?
zS}0+?*#FcD8l33S$7nSuo?RkVLtEE!HM-&=3#u>ExNoJt;6C;%vN2?YqUaRivmw-e
zA*p#i=|1x&&N|lL7%F#_UOa_E`A*r2$5Q|NNo^jpLUCPEZPzKXR?10Y6NL<99Nqa%
z922LwS;|RE@mTC5yzcdcjcx`Uk?qvel%yG!xm|Q%PGJV!AYb%aT7N<o1<nUw1>`L4
zk8}p^7{rM@AJOX$R;8zXmE*tTugW>Mp}59CADmxxhEvRZcm#zkYs3@bukuEuT851N
zJm|w^XouA^oysf8wWk?miWZ@cPBjUssy|3ev_7OA)Q|rA(bMCjW7C1$59{x=g96ba
z!CwR5TGk6|cNCaEk~JOdyV}Un4w~T$X9>(3$Ctf-G(zS8h6veBc?{#i!1;_9s^pt@
zey3p7zs{LW`WVt~J|&1v^nTC|KY$YM3iIPy(}9yxK6fm|nf~=<PGc$-4Oal>hb0Nx
z&P<UB`4Qa6+EP)K%1~!0lIM>yh;LOM4h#iT|5LN&X_I0bE3HcjFR4SbGq}|C<@~uj
zP;R8{pzI(eM(5;SotYmDyw=ngbJwBC@RADt+yRyxC9hDc+I-tyd4F!<^blJED0^TA
z>_87?4OnS(vp^B#`okNVy}qP~)CzSHM02Mce{cJEmdxb|#nuU$;TC8JudK+pIW(P_
zxl%nXKcF;0jG`S~Xej$bW^J<2vgQ<r{h%}>$qaMee-)tLS4o6=$sqz9|0_i1`-3pl
zdM%{iNhPv2D_6xZ?fr$vj04xOublttwURRUCiTAcP&8iUHUWw~X}~JzXjEE10qBZC
z`LC=;t<b9Q3V*R|m7(c$e2g~)kWfG!*bRW}^PxoJ^>-#;{wd^+vVTK~t4Z0EQd`HR
zLE;Mglu-GFP|LOapF`=Sy`q1P3Sc1Wv`{`h41h-wN_09!sN;f`B$76N(*sqsit?W$
z{wrB<w;I|7j=o4f;|%{I7vtZw{+G{8dtnAG(3er^+U%eH-3R#oe^ogZ2Jjd`9j@me
z2!Dj4jGFXCI<(|2*#K^}|00T4O1#&<=`8>#q(PB_xGRaaQ~QNc-%2F`D(6{$6xG_Y
zo3m2?l}mT=^XQK8Foy+-L|i^&@lZXk?W<yBtrkYnA)^G8_JzDi3%cl3coi40D?sG|
zb!<KZC_bq*Pe9#y@E+~Ihth+hEcfl9=#&DeBmE~Qn%dVu&17Ohy17tPq174s7mYNo
zCJIfbc88$=Bpchf@)fJax&W%)SF2+F7xeAUX&*E@@C!#2Hq?u#CVZVb6ywT5<^BaB
zD(yM)uP)fMu6X~f!+9Z0P+2(kGP?yTi_j68T+wv$2v5S-F-6uYoyqO^LxET0ia^%i
z;qhS#V8C$k^Ds|CMOy(X>moZwL)ifW3DLAr;0PU~#Wv1*1<h4RZ`sYPmh+~{`#bnD
z`aE$!ofyj^T|pOJB^3j?XhSHj%TZdF^e&W=)3`#{+|oQ6*Pl@6k}<D_LXgxBF_hCK
zx1$e*x9CBSe~xL#P>!Jmy}&1sK#P4*q2h)5Z!IFIh7N2V;je>ZP|{lL;0Gv(qz^(@
z(X3ZSpA(*c9&!gyp<-tW-O9Uv*|1|4g8yt{8fp!(joa3~3<^Zn8U}sq-+-?BhH?3G
zy<|{aVDLXpx&L#6OGTarg`L;N*MFiW)tkze-GUnf$4L@Y40ZSF>RqVuT9rIDh8n%4
z4+hEkpFW;RiqKyCJSN-WN1*BSghp3J+v(ZyE&%}wFB<wvq>1-`Jb0sI!=bV;c+d(;
z3cyT&&K=JHP{M?~|EVuef(%p_5JgfQ^v|YWTmKE3{kSgq3LQTS&<EN#&>2`GgZU8h
zuXvivUr-Pg-+_MNwTYw-;y@uVw0}bZin)zB^IcFhB9Q$TW1C3m-`vFe)?;NV6$Ss*
zn?A`-stb<=UK}6kt>bTh-Tusg7JC$XR<^N~_{jaZTJnB-A;Ik2F+qPLzhCKLrAz7;
zTD>MzS@W$-a7qd7I@x4d$3a&quIe^uFktp1C0d%-Z9rhSE%)HkdX)7HGqp?h*Swea
zj5Wn5Gk?wRGC$Kfp&@qT1<^up$=~FcCbmB(1}N3@hO6h|)Eu2sE^+oJX)t)&^^IrB
zvq_fwGT-heGi8}+cHljsWac+9LLKe*s|S)-9#t<^GRmPl{!2t_AhPszmM*>(emh-L
zo?F&v=&&C0Y^khhHZ?AJ5bDf=CV~{VIeGNv4C+T1s|EOFp$RwZDQ$LLXd>_DB$aIh
zlw*Z$ZOnMf-DmXi`^Bb9#TxohCyBU1=S9U@R7YCB$33i;(~zUWPQg;Y-6Glg%rmz~
z;aSbnvs%aV)LK)X9`uct*o9ExM-A4|Ou}mc0*$WSW0yRRznPIrHFoU;$)};u4#AP{
zh~99w)r+G~5BU4DILVx*aYdXHohC_N<E37~9Rq~9CW?vjtgUjlF0SJ<Ndnb-<eD^1
z&T9JH1Kuvn)ETX<4y{f#sz*hi%u#o%4%KaH#!9Y-psudT^xPOb%bv(~O6Hs%o0RGS
z>*MT3?st4*oL&<)!Q^i2H%VP&!q)KQTpxCnIL}I?8?OEEDX2!gV-DFvQX7dvJ4N(X
zBCw;U!5{Vd2>@ilT#-6>kDj}xPb4jx{1a04>`H(AkOS!5>QNc@HkDrLe(Cb?>A59|
zO5M0~K0f^tJxApHAP=*}Qw97Z$@72)S$Yo<gl@@b%;5y{$Wa<*fn4~f#LS!mJ9jbk
zjs(+QJ&J%cX^L+%CVhRkphCfiOBI<PbKzUhBp1IXX~AzsO)LP}VgrJL*K-xVEdp5J
zA6+*MQ{l{NuKqJwSVfmDiUOjW6Z|Yd7X$u%4Xdh6-FBcpT4RITrpMCdsBZ5|16o9V
zIHpU?uUWb?4<K6SAEM_KK8oA;*VGE0EgoD@y~?Gw@o?(?N2*tPUJCD`rM$%;bKXg;
z^(pkmRfjDpaaZDJcYr9S$m^;m1eZyFhI)T<`*{0R7|WVq@GNf3ro6o#{=S91rk!oz
zM$xx7APc<_b^FE04tHCWV(#sTjN-58Xg#kC_xo2j(*Q_&gg~wt1(ylZBuD!3n<5g*
zR{?JNxL@r!5v$|JsrW^}dck{-w;&Zjp@6mG2weLihPXr7GSKBIM@*KBz&2yKuDKZ=
zKv{jW)^b^X`Y0OVXU~U;-E+)Nw_t7Rgo3#qw$MVOGdDi2dHQ7R1yT#(YWg_Wos}0s
z<+%0<C@EZ8Pu)MZ|A%PxqKzmbYW^PMp~I$;^3}vR|Ma-9tII+6<vwv<Ofxo;;DK5v
zfEV9bgdl>6;6&Re@pP>Ap8OT-;)3nsoxU4Ipbi~o3MKOO80Ynh4Z373!AbU8i525v
zq)H61@DX{6{_SI<QRnLfq0yxcLLcd7w9~He^E(6oiOyM8@f$BR&7!VqVN8pk4eOCA
zL729F->KOa8}Jb?=Du8#YxCX95aWyZ?mvfrj62hYyYGwmgF42mO0FQ{mFQMRv~pjj
z5WJy7Nd6`IG9~TOg)Tc#5r~;$Wg&QJannu^iv6}rL19~(B5Za3P<Jf4{_*v*#hD0%
zd<rpw*wJEL1X2q<2^(I2DG%e^>Y{eHI_3@W-Tsx+QD~mlEwJ#_b^C>=78a9W9vjhV
zeAQm};}@fml5{Ly4&w85V#SLi$=^LDBIjkF^WH>Xx!wogOU(c^-e1x8?4zLG>UvRl
zhaLP~M<F|MoZ7#D=>R6h30;oa^p1$~fJ)ieV@$KrOf{an=fv7Gd@hU&-Feb6;APwa
zrg;kk{911}>w?&9KdpRIXU@wvZpBX20&*#FgEU}5l)6{wN?fVnSxMm}z2@_{XttF-
z0EL3*=?@Jvh#?y9#jMK_L&o7nv2gAT@G*(UomSmMNLLVQm0?Y-4st`KEv7kwO|r@r
zB@1jlS5TtC_`vMtqB<bRC51WoR(mZR2gOiOL75@~Uc5D0xrRwov=$q#sKBMOPfVOk
zr*n!e!;>E);;27@@VS>Kuy9ANbp&IM?UmwHl@l4+6#l8|^Xeo0IH0hf!?Q>=V3UNr
z10|vYyI{ts*tGK3oevu3PrVhp&nw$N7Dsurd_!x%&+i5aQ}?wxFk|lQ*ikWyt9kt=
z#5h^n=Dh=2Mc{IBLLI}B#kJ@1fqS=2v010BHM%0%m7zm1UB0tsYALji*YCGrW9SKp
z6vpo#_tiqYj};-a`X&z}FvLuS;HKQd1)-?e+w5lG*s~9F&ru8c4h-c7AEm@7k|QJr
zU}0u-gkY)ePlZLV>Fhel@EL!!miK0?g2E+0{MPmA!jOw%SmVHZc+!Oz`#f;yo?7$o
zT=2$S-><;Fa+7C$r~GP-#_Jhh&qd{Y2b}&ax3*m26%1?Ufo3Z?2`4fxOzXWKr_eM)
zk(D4slPFwTUm?}*R!nRB!Js4eudSi{(LKTF5;wncX29qY-V3{FgguA;>?TBX(*8ql
z_YaxBHqC$vaT_nO!DVQDHozgV4SJ!Wcm9Rcm|NfT>~xEM&tr+nW(VE`M+F+8G~x{v
zd~e*WUMUq@&MBNL!BF|)^4mtt8n$b_MDuo7vKJ!<r7_2PubSimJnTp-#+d+~C^dMN
zso6Ho1R*743wF%{Xk4)|SCnbW1<5AAl!~3J2Ock}7s0G&g1FGPGVZd%a`}-0f-w!_
zjtNn|Hg3(e+OEV3>H}$LT$W=;UV};rdW}ht8#^qwkWEL31^l0FDeiMKDv1`)jaE22
z#nNSE=u?P3E?UC;@r%0GnWsP;xnJ<7o2-gd7H+H`RlW6OrPyK9@hl$Yu2Gh3pP-|-
zH=DXR6IPA%aTIH#2t2mho`;v|S+N+ih0H3$THLu7xez%3HQYA$r*_}sPu3k_d+)Z4
zvoKh6mh1!MN#2GK#oDN@mD#UL$MjIYa_!m97@Y(EaBnWW1igbz2c>s5d{XLk8CMf)
z1JrCBUIsb$F}=Ee=z4SX`En?|BANkgJno(|wsR)8ae4wGnexOmC+y-E7Ai5l{#Lf-
z#%u>a8Ge%bLiEA$7b_;sHEQ67_B1g?BT*N3OE)5U+&2Wp&F;mJsGxFpIjqUWJc8v<
zpJTT362X|^f#n~OdS7tSxg5trjf)Jf!(H__G5LHEA&%o{MOk~~%mDH?yzH5zZ5;1b
zR!Cs--D!&04sK!6{Q+ur1Coj0ewbSI*!J#fj@wgw;}_;X+-c<f<eDID-n28SCU-6y
z<hn0z0pG#f$RAEI#?aCo@a^uv6co-D@Q{YRFxSesq&4iqmbLu%b=fVQJy`(sKwYJ^
zPp>1RA0K8=AeW(7y{}kEbqQ_{Sg<pl1YHB2#;+`b%WGz2n4jw7qOW&98?GS-^2Tru
z#1A_F<^kva-;iT7kNp^s&Z+k;zy?~y@cVa1&1-WhQcHx~&05fRkPL9Xe-?l#<!H?!
zEGUqV%8a)ME~dBK+G3NwEBH(VV@n8um$K&T2KS(zQ?Xw)BBJH7ZJ51QzBxWobNPQ}
zP}e!4e_5((`GZn?{eXx@hjWgQVk;H;8ehmmD_~QzeftTbT$s6w@cV@lg{@w5MjS9N
zp!d}@`An#lJ*F>9H*+<6S*J-ygF7E=ZrXFQ2M*jyjV#Fsvg}c`=X-&HWidvp3wFy&
zbj#x0M{-6OKON4YV+$h|O?!JU3<{zby>Cwp$7uR0nIq|yukiKHmLM?rxF2{@mCR3P
zF|OTImX!cE?oXBIgNc&84Xo=?pRGhb=ieRRfA=6mkQcMxTa-Q6>}-lHYBe+qYcin;
ze_LqLxsB-a(#6~%`{jA;%2Lbq#}OK;(=xnC7W2#fn%2hh1E8`3xB8s{oTT!^1if;Q
zZS6#zdZ1si^PkWw0FQy@dEFP7*f`X(01HaYQIye|6J<E*3~&J*g||Gh6*~2v9FFrS
z>{pABvF|&;z6Dfo^{`Z>_vEH{>A^yrljTh)lR=c2d$7z^*I2bkK$0;qZTyOq_Log{
z0&t49!2BqJuKQPbWD3^IU0GFE%We4=D_35>+bmX@?x0Z!E%8xjB+Kw>40DzOr3h6O
zzSxgJtf_HOZ^du6X%OnZ$ewhoz0q)0D@T~AP09AOKY#b09$3D_DG$zD{LpUz)GlSQ
z^1Y~|L$j@;4OCUtz~0t^dA|gDmh59?g#~dzRA3fmP=d*b<BNfvoE66k1~HZF6&#$*
z9ZTJ|CKd3CrQNi1VzKb==K)t0wi`rf-tsW|PL=TD77yqR?Qi0c_Kr+1;@5ntr;1<}
zM=>j2NV9+<XH<F&a}hl@(>r^K^sq=r2rMt;6G7?c1QND&G(^I8dd9kb<#qg!BnwGf
z?<F+v$YFd*+xu~}`?y6fB_VyZn1s+6vDu%~Gp`@HAx35Wy1|y(F5x;_{4IUE^7x}Q
zjaL=7KcGMAH&iTXQ}i%ZRz&HNGgVdiP9ta64ObZb1f_*uKrs42_7$WlLGLw-Ty1wT
zMVJ=2cbn;*O~WZJ?=jI(3l36f6tHI#H1=^Z=_98T28Y}q7`n2>(+;2RlT-3w<~tJe
zaAr9eaH@1lSo83I98Tx47zj{(0nRrkT49<W-oFR;$t%n@7Yj9Us4>P>lj_#CS4Uso
z-V86J?22vdy8!Gc&DPV@4WftV<)I%eLV3vT`sj6D%)Kju=2#n?jad8cMf~e7ejgwr
zRp&-hy^XTUjT^mjNdV7+!YL3L%?q9Smg?_`E!5$mT=ZKvIMKeT3pBWvJm$<OV>HB1
zL!x^h2*$FFs7t@-3=3Wzf(`tNvX61+*BIh-O?3SXR%|+Hz@$|nKbHhjlC|piU%M&0
zyNqCA@sx65ZuR(i$#+JF;hx&FWdz3XDR#<pxK^irAzMWQ5uC2QcEA13Dd+w{b<9Z7
z9zo+x>{i{*Si-*fE|!CLM548uftr!Rzmd|VEV%a_?Uee8ROqpxTtdiL80ZZ-JUXHn
ze7+qfIfEP?NrasU>h5Br5oab9KFXqFq<CIe(46UJmYlJsr5kRnLDW-s(oq-l_LHFM
z{J6WVwc8^@h;2x6aA14Dz(MoKH90jfS-%u7Ym-kcbr}DSui@iE!p*z;<^mJ-&@WM6
zgH%Xa==hs-O13BUVfE{ZE4<Z{Y+o}<K%1Yr<tLJn2M}&bX{3tc{Z<q=&!G!$jtNoX
zhD3oFdZ+>yE^@CbCUrlfG%6-v#&pD`D?7SqjoNly`=@7IPI4lx8t8i|9_E^9ZQpu6
z?6Pb-d$o-4tr*tyZ+4FXMn0evI<gsmV(I_vsF(KWqN}^dafCARNjktLV}#E=^~at+
z>0auOb2){%`%1<uebbn(5)0Gk-N#7u(p#c!r&sm4uH%tU19{MvT2E!7U)80{zUD6)
zz2(rkr-l0(WGX8(CAJmW5Vn10@}&)71oaL{w-mQsdr#n%2JWjDH_doz%QsOu;3f`g
z<lXT9{fv)j&5RF~&JkO%B)2?vKs{53^)8?>z5SfJk3)^LLv#Pc>Hcgf`#dW)pc3{C
zyeq$D1oQ50nE0Eh+m~}o7G43ib=3_9f^Da6SMFCD1V)0a=b3l|C)^truXnDA9ATf5
zTsO`A2Om<}P+RI;(<lkF|8nefkIcmjN^}Z!B)<)YK0GtA!<MFb){=vM$lrYH$4u8E
zo|_^BEtRlHQ2bCt4?eVb?>~&p4a=nPP!moFa#QHTwEjS%C^1e5nq$`VOG|A<2SRJr
zRjV4<(5`tu#9lO-sjdSHt#gp2ti1z8{m;ft%*Ex6zia9+ztdCXe_yEoz1|$tW`d<f
zD4KYPg1=#)3@(sPNRu}l_zG=-PZC>--;dMdaWO@_Q*4jz8mi++EY?^&Zls{4)RJJ6
zb6bzeNIQMvr0KNJ-&T+ae`2D>vd-TYl#q#`bg2yfW>A7Q(7Ou1dp3V(omv3V+;di=
zfDZkilm#g*t)0cF3tp@^<9&wfMWcN;FT<Zct=Ilbj1(X1{Lo?s%s0$#+S5*6HGa3S
zx^$$tf5+VQ&J7EqOENhH4|}H9pJ6Ds86bEb`3{k+9bi%|PaVlW0mE<(2#FTr|AB%R
zcMDsU3*HwjVu)tg-8bz#1?0K|a(nLW?n<6z%$9jU`aB?^<`Phq(s!qYQpiXwI0)xQ
zt6;T+g3sFWu)#A~*M6-Me-i!Fgb$1g_LVw|6?F5Jidnv!8HLC2j*SV7e8z5zFl1BP
z_C}vKwBfIM0Jl;&`6;l|2DN=Yont~+EE@y!2*x`h{o#^qgPDAz5M#s34a20f3*lfB
zrS}13xoou2!0MbELFX5IL?@<(1G!ui-q2<K2~jMS#ZoV<{$AqkLymX>6LL?4aR-)p
z1_w&|2Vo3e!MH};Z;{pYU@UGSP|*0Z#tY)zSK>R@TGvqKSL>r*VSMP3Ke0D(LnD6z
z?tj0p*dzY?0Q7nRuwt{HIn@+|ieheIEK*rq+=C#VYS>PxmqFsvr*JGvaO3u{qeXY1
zk(c0yS1|1+nJRYWdwLb>QH5?x2Uy)d!ulz|Anf*+zd#$Hm^@%Z$}}+P;5OS2@)uxY
z0G{2AQ8(0-X|;sDb*kPPhzxLql{K6S7ONB!w;(p5Gt__y9tsANA2!-MPg(TSPHS<E
zjKqQ-r~DudVkRyWklR%lBQ#j$1Qu-0yiSB?Jj4|gSbLm5LsD>XJipS`U@BsX!<5TP
zp5M0-7^bJK!1!{(32?)`FS!doRjV+VmUHfZ|1^374tRj>8o3K@Ern=bu8!RW8z=>z
zWr2)nj_-N{ApScdlhlX@#58vXw<M`|GTbXppL2hlOjM^leUSPH=9E26U{H&8v2bHF
z*Q39aZGr<DgzS(FWl(Im$FER7h#>wNp6k;D%EStg2B;bq={-8D^Zr6UM}jAw*=mx(
zizh^NM~1hjH&1XpB;N2l5^-*;RxhjJNER4)pA!&3o{ozeL$5`?hR_5HlNAEIx_N>a
z{DvS={arz@3<VHTf=i%Z{>gf(3WjeQrNZXIkUM<sZ~(IefVH)UmoOLl&rV+fYDLt?
z3i>{BKfgN*!v3<sWr~>HSVuj#p{qDjeup!o{LwW^ac#`~{2Spss&`|?NkpP0_y<uw
znzhb4R`NyF5atsj{@D|Ru_&4y#)Q*qY1Ibtx(!2U8I@1+54K^XwN4=szXs>VfF+oK
z@qj0Wlx0rnLIiV_)Ow1PZK4w+nFj$m3nuj$5p5r}$i<v1Fm*ly|4<8yIM)H4)E52M
zS={7#0%e*A3|lPc(nH`?>>lK947g0X)Ii?g?I(Ma!tj$<OQB+UVtSrwu39`eLiPJ&
zX2D}}<<U?9#H;{ZT^MX@tRAqST3r(o>rksl%v(>3yNHW?e;MoC^R*ROH7jm-Wk_{H
zk|F=0=`)5ybW+>@Xu1lZwwkUT65O5Q6n8HYoFXmm?q0lDaRLQeytoE;r?>|w?heIE
zaVYNg=ly2>ncOEkJGt3CyGQQcJ$ugLP=abIDl&BjD`JLmNM7ZK^-9QGjGJ8`0lE=(
zk@c<(i&x=ym(+S80`iGJWuv9p@|H2?QpO9#zf79d{~h~<BRHEwoPrEf|J5Qjl*KLm
zM$mtncARS`xvj!>!c4OTR=P(B1lC_w)tSSFxDO1EdLi@XGtKKbpmof|E+R5)#BU&z
zLYPw5J5Gu>MA)u4hSb<|;fgqZTom4HMr}P10ehw5NkXb7>qHNbA);Bt59c5DT6NCF
z7@VDS5Gp)~ll#?ss+4uP)}Ge%-oAfq^F(-(5gKCSYRcvVYR~?NuJphusyJuVdkyin
z;gH!{+|;c<M$L4PBL%;RJh3%xzswK0*7Uja;<*749;NQQY-#aWdS49}-|IFm<2JBt
z25u>SQPfmWGGJ4!C;~UKIcc>aneq5RNaH1a={G$^K-^!JL81g`6p@Hy&$j>)+Tb`^
zgwgL}l0Wkp#R$wS6-6HsGs?waIq|U5ByZwl1aLC|-(X6n31!Fu!KyL$fR%u|W)&p5
z23%SMa=Wa7(hPuKB9@v_(pK<YoBmqfD20aCS7{5Dv0c-|Dzi^7q2Q4P+M})7qk%Ts
z<>C#>|G+d(9*84cB-voi$ug3|`mQ3gNWl#{uqhqLyhu4!Fjw>U31h@)FFCQl8tZaa
z5t*{}7G(>b75uIFL}~>}tio6a^+rlv>*(G^M2m6}8(w_@_8$%X%L0~l((lp@KtT-&
z5vINlW=0O_cTh(x3I`5??oDP`+=Um$&MwL!W%gAg*Y)r!cJ0iXqzNH6JZZYSm*!tU
zAd|(6vza~lW}QHi(h0JOBb-L$Gg_qG{`TOAX-Rv2Gm~a=?m@tp{9qf;cI$6hyd5Gw
z0z1`3WUmp(>u-4^m7~$?rqMy3L{Dbl12~X{2;RRH*rk?cZ`L6xAk&kDC+%ufO>U&N
zfH;g~Bvf?!GUp0LB2m;qypD4!^;L(wkgPyK&YI%p7JW)lEZnodSAEr+tg;FATcD#$
z;~&&<M2bq+{QYVzu$WF3*nS#W2yk1qn`^g|8@p&OZ>Lx#1<vmu_02sLYCJwu@+vS5
z08cEflT7e2#^RFIAEen`Id$X?h@FCWomi%G*0@2gO-MgiM(+HJInFc;mv^X1<y<C-
z&s#^amv`1r0Fz!b+gxOBdG1DSK58PlK_ajeyvHfCHk%fQLkhf{W|sN+69{Y3Lt9?k
zi1zic7wp^%l0vnD+tV-S|I%0M>K&`--?gIh)Ih!%YqwojTyb;rS#m{4vcBPY5N+e4
zW)1SCVFvDBS^KZ(2FDBGxN%J~km3g(O08vkF!eTM^fQDcB3+`;oCqg63T4dn6#4K^
z@U_fSE&2W&)ptj(0@ouuqA>SiNvViI5fN*`CPuX=D?+MdKq2E0^OFp)mJQ)7pH~$9
zH3hJ$^h4d-4aLj~g)}Va5MZ>UO2|PN=3p5;&$Vo*lmD!6!~CFffLi#a&^qUlYEy$4
zw;qGr?-;=z42%*18q~`CQC-*VTP5iuCi{fpwER}%FlR~!OX<`RvXdkv_b=fg=O3!5
z?1SOPG8RQjNc_+H!Qln!_Fx<l;2wD7bKsaBQz;wWG#e+L(E0)D)9?6Q&Bb4+2IcfQ
z@WbdsPzm0@fj(pVp&sQ{dm8f6(5q1!D5Mx#xR>>vXE(=@WRi3i?ag$=z$GZKb@lA&
zOSF(zBs+ZySb!PBK?I>9Da<`QY^9ob{QxnG0b`N6wl>-}+iEKTuJTC5W{c)No9fql
zAS*$wT}*f?jqgp>`O5jG%K0W$u^Y-&y{i`g61H=ae_!Wd)$FsRL8{wg$Ii$IW2-+J
zRNp*>JKR`CY=8}5v)?baRumT%fn30|trdkuMFVxO?Y`zj=cF^;JpVg^nV5u>r`zhg
zo9S`<u7JPZiG-`Hc-_=}&0ZO)yjQW*sI|ik*mA-NIIjoE!wgO>oG%sZiHZ+u=ees{
zz*-iDr$Oxy-h-K_(}eRJ{d9xgARC4(Iml8w2mAS+#O}<@bSochM3Lg+t%48>C8wc4
zZ>?|#eRjpRfc$q>j7+*PWyEY}#iL&QbN?G*)?uex<^$!XfIF9-D`uZ0UFgxVI&bWe
zzXcb}cck3bT7|ARm0-4B7>^c{Pz5<Hj-T6-YqRgmyuSi|n}9a-pXN;BQPvdv$t_=y
z(m$svg8uHsAQ8W-dw28EURmL;E2F@T1@@$P_ZYHOa08?oeEPL8>-tir_wz}Z4Cl5k
zgd>o`24YoEMCZ=F!EMh@1wo0;-K<JJ6Kq*p^a~!U6#li(-Hx`|7X*`M`}l{F*Or&*
zSKs4hL)#a&h`mrxW~PV8RHrsK3qmGo4Wanq4VKYir20rkT30h_NPsrG@8M~u!l-UP
z&mRtG6u&7J+wRJ3oFM*7=d!or-ZK-#?4?h>FLL&Sm60t?5g+dA7hzi)6GzMzCb*Jb
zR_BglhCVXm38kVUW)8U7V7(5NV{GmNz1J6p6C>Xb!AOiDw`~CP+2Tn6xq78$j@B2X
zkv5?DQ%q=lzxX2s?713NV~j9)$eA=na!C>r{slyJfb6}Sh9J<DCTOIXe+8_yq5_yW
z6*h_Axu_~JdliZ!)MBAPOg>5qCR7On96tbc@YMqWwO%MMD*2*6$<5Z?0co?8Y15Qb
ze>(L07W<?hD^lN?`3P(AVP^cu_{B!1rhq&dW-qi(DYQTd`{AHrw?R;Sn(XsDHq-H%
z@;dHdZ$UREQNNY;m&GYVFXM)foY<VNZfhOOdi(3W$hVJ@ju3L$kHPj?4cq)`Rcj?`
zCmNz@GSy#DI6ZYsy;!oPOF0h^2yfNk<%zdiiGIM3VnpS}k$ab_zP`XBczF%6yk{8l
z<)`$!kGT&XytQ2V2x;s9{%c^Mq7LAO7(jJ`MDdRS;dtdkrvZ@y;D*JEf1L@TV-4dj
zFBP%Y#f7G<8S(6X9oDlB(JcjXm*Pwn;^aCxU%dj<NUchb2H41^JaZ7a>v7;81R*JO
z>*H+$M93$2*$A+&CEgRx0+@Y4fK?iy$4UXg8;|)arf;U6p9(`bOIyezj!!_9{|a(3
zSXJou7jBTsA6WN8BAM_!EFTf*9$Db!dl5;`XGr5Sp~qWbTf>WF+zWb}4X}+f4sb%H
zJ{5+sk1YW_4w8`~VaX-u2keVTN|VrKZictHLK>O9DEu{~oBaT_&XCaRS4o;rxuFx5
zxUNAoo3hqI9=0e5OvuB^Q>%~Y?5C&(ro`_sf;5~%V&7mEVi)tjlXebSz(!8NO3BPE
zFHBF>%FIng2ARGIL#KU*SON%S`MEn6jo(+;#+wjN9hFh-qtRrcgZ?9)cBPpPX(@#^
z^U46-HM~K?q2c<L+PlX?iFya}y9nh}Y(J}9ku-r$h!7!1lm&VzhkiykZzyt|OPp!`
z_J)<?>kIoI&J_0T5!t@}($?Po7j}i+$%1fz`1_=&XMO$*qcIm|GtzRS<H`I_e=SnO
zfu@++oHw@WctOc8>NIESI~GACpGn*mkzO84-FQ$*+T+pv6U&XpXpJ0ybDQ;Y?^rm)
z|C9`Qm6FleF}gVtTbt0Ssy}uBg&vV^79u}GFLXNtS^0z?m--F#EgWQ`72dAbk4p0;
z)T3^E-G1Ip<YUWHeo0}}vK%la9zwFV#kuf>e#)}YgGYO2Op%quPy)a79eR8elpL+&
z-AsS~A!gzsd>InxqtKMU%uM5*<hXIB4l5|IN`wa#)QQ&M^!n5DaiqWBG3J%}T-B51
zz1<gVS;<AvOn){t5(TB~d5r-&mN3nFe(YDT6RCn!U$*|>2()~Lr?r+o6ae)<TnXZs
zx8KgT(q8rWGr4cKUM?-wktS{L-fxo2@-}0VW7U#G$uK70@o)A8T=&zyOf=%$PLo6-
z<KYRnr&SN0C&hNt1m%CQ3S7NV>?QgdSsc=7MA*>Hv*Xmb0=Ut^3p$wMkw7+ci3<L+
z`Enae1A*;pKqxu!Yxp??58?5`(}#xd`652NJN(>Yr_q^VYbEAgl+ALn4X%G^1nEWA
z{_xfISV1oy*lFmqH!3DPCrPi419s84Y_e)bB45B?VFyzd1mAQ3S!69E?x){u4!y}0
z)21(C{_0IPh+sT`V9p1VBSHFcbG;pWcn;a?9t1fmsc*CNz-rMXyU`#_sv3jnZ=96?
z69kDt=iFW2<K{LaAR98d@y%#yU)0{YsH@|?GMo46sL0^+xYKe6(E5mDHEHT<OKR#4
zMActL`oDsiQPxKyU>6Z?W0X)-ifm@n>?*FCT;RKxYE{I*H0E#Flk~aM^vsuwSeJ{`
z{1OF2%@;rTCA{&uT@(0oM9_w^>BkpI+FvBbT+$FLGwH{va}X)EcfV02UwD3-!;tQi
zVT@<w?cJ(HHm$(<%SG+$s;5t|b23f@(>?UcCp%m~yYPyl-HbK25~@^5C13w$?CkiZ
zZt>sQ*SbDmSkWpV)$Mn`!>fBQTB9d6f`!;9b0^!M4X5G}E_VNzPkZxyl70qlSDg0p
zeHWP@VX27_!t0(<(UR4i%ERpk9ywOrJBPPL#IhFgi5{Ukx-z$$!Pf1`8x&bnAFxJ=
zWi7LTxKuZoo8DO(J36vt$>ZX;?W-K6DQrPB9W`%>I10hW>KY1G#c%Q1WdDgXYuJ2m
zAfiPz{Z#v#MF-jwsaa`@rPE>2>0JApZJ`9Y;;V(RpdOU)$mQ$2e%%#aWHPfp2c`Bh
z;K<;wV#P+TQmwPBzhZ9Dk0TR$K~!!Z?y%4)TKN;oo)5fJPY0+|;!)0SxZo1d$qWL<
zIdylzz{-{yM3(TADMjAcCTgu1<x(29UYtVuXO+!OJj?ceU+D|6Y$TJKy^;>Pdr%gq
z%kNJk8Y%UGeZ{voW)LJ|;Wq~~@@VXbA3bG`L+1gHE^l861^?-)dxU&^SGL15UHD2o
z5Px^#v1tIFVs2!qz0rqVl2AjQHA>@yaB?t3!TSG#WA3!ywN#hkZi%R~F@Y4BKusAU
zuFH!K9%U?NF?nazYIg%xo6#C+4$N2B__RiEGl5SZ(JRPUm9T(d3T^aLw6L{e0JP*o
z7#n7owv==z8+#V;uQGxo0~S#>I*^zY{S+hYTQNYDCF~I^todsws_xx0;ijQR+KQUF
z5w~lP+TAy`H#|gk;@YhK^J-~S>@qFAgT+A05@1twIQmgYu+Ah)SP*(xW-;(6saG+)
z*S!bc$deiC87GU9OX-vdA~O%+3j?9A5~y;vuvY>zZ1^qw2gia~`|q%7V?LGEvLbrV
zs@*lK3AvD|RTCmV*+eJezU?LI;>PlhB`g-u@)kkdzwh|XGc7}Qe#yVNz<<yFc0ldT
z?`ZrTT9FN@7$~-ka;n@mX8N2BXL~VU2}rX9)P#T)ov*IVmwV$gj~Pe19=$djOsQaL
zAHbJ^hF5)lc>rT7<hc*F;RkV&ql<<0GV(zN_zHW4ugC2;;RMRt0>0V;ntp|&&t`&7
zUaJVfp}j?X5LpHDn7rDiR@^Q0$uWQlW7uc-AUa^P^Aq}_g#}Fj0(H@;1qo@jzPpA&
zZGmWf2!=<<=p=QP8YTg{479b)-(lwIW-+p39NB1A<4GcCBte=ie!QgTEN<S^iGF_s
zZGaLJT5*kmn$$WvVQn<!wt#g~$Vuvk5nF-JNZXn_SzLUuq&p2Po0U-iR&x;YA)`Ep
zRjF8Q=$1E!l|rXG^<Hah>7jG11l@N2)S8Of(X>0&C%4x0*<?4kclz2d9YrQRw~P;l
zO?+`on68d#mWkm5JU{2b>kuRvxYW<yd(Oo0`))k>X^Vdl?PJPQNTu^$ud~sOk!D~s
zH3LGd>9?s>-J#jvyTWt`0zZE=dYnBlkVMYC1}dr`y8kg^Qfa_Hf-LP&GV|dU#|APX
z@a*=maSc^6w$-vN|I0@37z2d(Q08MiYEV*50-9_A*`lVgEPow9w@L;iKxbQ8{*Fti
z8?&c%hrtiEQe$r^amXPQjoubmYn*7YJXZ<xY^X)WBOs3w=4_{v(fa5giKih1xfQR`
z{jfDuayQ!YgdoL+mkC*lO8z^ZU$y7|You_&?kJwb+OQM7{l}jyB{Sb*`wCri>Y4ih
zMpt3Y#>RNNqkVnYrvA?=UH@oXA#t1zIXu16PB){b>mz+wYCUt9=p+8-K?Qml8wixs
zJ8)c|3TR%2d=fBw`Nxnu=tvXsJ;xMSJdRvEmNI!OjiuZw_G$QN4&248%n8L}Pp_il
zA0Q3!q`%A4%q&I3nLx%K(=iobdMIBr^R%|=%n@m9BiVUW-LnNzk0Cp<baBSrgMBJy
zE<Ak^C(cU_`dOwrZu4a>xolH?`Cr|{HR5(nC-6A!+Q{wf|F$+~Q7F6ImwAX~Xmfq!
zcM%r3yt2bSTX78A<*?<N(HB4&$|;!YIQeU5k_qzXk<TZ+|9WBMX`SmcSvH^jLo6i|
z$;y_6Uo%?za76Nwq(stPlem^sG5<c0_{=#)=5mpJbB`TOqb-kRk#>r|n_gL9ocNRl
zwa4gv?F8*qw0ekGeel0!^zj60Eg@~)YCD^5`su6`ETv&&M>ZpIY55W@?cb7o%p_)}
ziu`5g6yr7U7)kuyUN;r;mkzcW7#R{^hKyj%LBO$c**9pC@45$L0#zM;(C8;FL2MFl
zLr9pO9FY*mD$PGbes7!crWy&BHFz$nV1ABC<P<A5L7|glm1N;etd5MT)y?QB#|Z?z
zSbxFt)8_KUx#TV68sYwS^(uErits9*sS{EyiA=J8kv~M8;WpJe*~HZ=pH(aaggK$E
z?c0;Cq-_unnqxjv_}1UT%k4K@wmb~R75Rb=i$$&QR&(}?`ROa87r=+&Jzfhhc#a||
zwa%397+R{H^aw~Wt*o+<?5B^O`~Ad$9nuHxnWWs!N0^WVs_h+XpQ3n9<Z%YNs@+Rf
zzDHT|osKl6%7|lxCRFKh5l#*x74MYmRFb%6Pa>^PB!iY_mnhYB<=C1;8qG`o(i~)=
zc#IX4m0W8tmX(xZ!H9=!PDB_o8)5UEBrR>XA;|xX9a?T_Gtx(8>z90rN{kM-WJhI{
zq|MYQV7x`+xw9GqvyE(g#_hcIQo6+C#`oZ4Y7R>2f6|!TWUn=|KiT9l`e!d7Xg=j^
z@=?|PA~-^cOzpgze)GwPBl{x<Do&4|mXl8|f|vXcN9Y-JKFpuzC(+CDAKfUoioPqq
zJZAd|W|_Frg7VzMzWdYY`CA|UT}dFn2!3~89{b;NXz=zjxcQQ$?iz8o8yI>X_=fYL
zrxQ?1G(;47$}t}z)N9_N*%3o%3iw4_Y8~}fbH{a9(3S+i_fhwv3YiU+M=P2a-jQ^E
zVJ-MVsU1V8%b%dT^D3;yH2$uM<b?Q>jh}78Sy)wnlAln&fYTFcqw>)Xp~x>;%>&<u
zmjTwWE4LJ5$I7OH&Md`znp>C7tV~(w`*mc9F(+<W?Q4a?_D)E4_`oRA_Tf7d&Y`kJ
z@7CPjDeqRZqSXyfz+<uGG3q7slr3TZ2WG7c#+?IdY)cQ|Q3Y2j-AotbuDZhe`j0(=
z1R9+k@lqpD_2p#l_@KyaLs5AZt&7X9H-arG`Be?RP_N|5EWaq2nt!q(uEKy~2J@u?
z9j${m#O<v)8{LA~CJq!R2Ddx`h78F;D^z9`7-W}%`iv?dJtu@96D|{zdtC&F?DrTI
z0Z5p^aeLEh9Jqd-uZ;a2GCor5)IXjGvm${nPARIC2*&!j<2h)Kv=-Gg+!QMaI`rzO
zV;4wE-XFs{im#%%_J@)=qqY!n_-N~cl(agF=v+u(j6`>+hdu`1l{mR$Ia)M;wI&*;
z{O?_ALR7AO{fN$HRVjkJKuc=N468#0A(FdQfdB`(IsdZ^gXac3DmtwumNz;zKb3o|
z{*k7eO#?{>9p)bFg54D5OYi^=Z1yK-3cE6zq%3iZ8gq%BFQcXIYErik_Q(|(&q_k;
z!+X7arn*1BTqGW{xid+G5j<5vMeb+4J(qYPYvUv_#z%t@#2phzv+fc5YOfawstE5Z
zznDTg6DG~OIZbg@d9$6eL@^NEQT!MrQbhNlz|Cu5-JMwC<ZOx=6YeIWXlEtB@7+cs
zddz1a-FKf9isMHAz;g8}0=*qX3KxP)&mN<(6jj6}@_Q=6H@iMvGDltY`ACCM7|#r^
z3mb!a@A{(3rXtgiKJxPbaS<K5@)hPzf*&`?o5QND-Xa@0_LW4yUFojdIW%vm^W+t9
zN&Y@&$js>N6x<QcqlLir7>mY{cqz>Pg>~t-w3%$)%<acO+=It*+`D|-DFMa$$++pM
zyIy@rcbIMFZZGj9&%?qSVI3^8!1B-H-5<N_FNDKezstq?$4<AQ+Ue8hSe9D+evdxq
z9{pApwn=+WLD!8s#PLTJ3H;%{Qy6wtFWTv8I`Atq5iP#fq^vARNG(7|oJL6GgP2we
zr_16lU}cibuTg+q_PLq5spwkTo=<R2E`Z$Ik_nbQvG)y&uUSyL))y=hPR*KdG=?I=
z48a*m2YS(O?5wqsT#{Ol$bcL(T_<%1G2YJ)tb(67cCuG4R^XmevaoPk8t+&VTQAyq
z!AMAjtmK>YB~GO)R^&E9HqFNi(v7x=tlZ*u#XP`DPEEjF@oL+$Hs&#Nie_0tJq`bu
zHETelUe;@Azq0oogso2DT!6il%~Cpm))d26v05XL9l1K8cr$3qs*_gak2m(zHpe29
z7JF>aZ;&zr4cqAb<r@=Dff^B5ThzoVyL!9Rae)hbBeYuYmu&vsBNBt;o99XDs~g+`
z7f&=bHK2Ew^m%#7{<y9}a9<ImqzK(?IHa{j$=~c$_&YIgC*tJ_?<UBiO&z>y$i2ad
zlFf!9N-~RI6K9rP3Bc9`WP4>0J)+y_FmV6GKRcGoo>%2o+y(OO0<&EPL6zNR*y$)9
z*(lyNYMcHt-0j*3XxfsQEba(R>^YPsoCX`alrE6*Nn190I-lo@@S4Pq8v!X<JZJMj
zKz~)0Hf)zwQWJcbQ-!06vvl|P^RR2U1zr0`&G4dc7airX7Ln^uh0cHuqt=Kv-~E7P
zmkNl>&`awMmT}>LH_2U=d8;!$$S|`;tg6yy0>u#?Y0e?M(cyK}VB=o$^qw$8XLE}y
z#am>aGV!x@2U8uVsl#=3LzXagS{b{c&YSz4$X9cpd4Dq`ee6Kkg+-rRt-0`>)acP=
z<J!nY{bjIi(vDi6+y3iM|IgyC!R$=ccO_d&DFj%f5jY0xKWdOVnK)jBsatB;nMhL-
zUs89@kR<nklH}(QYpRDz+npuKOb~sCt^ZH!&cD6XPbL8^FMVMySbB`#v2GzoslAjb
z^BD7UBu&_^@ip%8lRut9{a|&zT~*Q-ELnQgraIK&UH+<}`TdZS(!aMu2#%*8EEI(M
z1xOlW)@yYA{PdrbEc-8f^RTa_7a%*=yBh1?9)|iCd|RVh3wJnokw4^DQluSOR4>R5
zrF7+Yef<9XU8kdtHnJ&2EYm^hBhw^8&y!fpl7Cl$xGTbx3j*#KU(3?d`Y)q8fL^U+
z*h162j)sl#hiRlUBe~CQ#^MrIZpYGQOVYx*^6c9GQWQaL4qZO~gbysZ*b%c0nT^@M
zl-0F2T?Mr)sbU1f5A0Xj97qT?H=fQsP_27Zzbscdg&xi2yp8xlaW2!D5v2c{>ifz2
z^Q+ejZzf|hro!qsP>-Ycxt)oK-WtmdWM@^y>j06o!IE_Sd04c)WZ~Cu7v6X4rdV^@
zpkX36pw`}eav;DvdmpK`z~?DAdXW|ufCtYOl&}$h<dX916bW{Wb2vC?KK#m#0uj-k
zaPK%Dn?kJZ^8sUkaWD-KuZl=#jznu6@M<Gay{NdkkY7v?z2`Fk?njrBll_v-{Se_T
zQMJ}L%tq`R=9(iM{ukDCm&YK9B;n2Gs9+ajkcr1PrVx|AF^Ydh9Lo!nQ?-USEEOT=
zidt_+03=)p<yO4Zv)iJ$_Q+#mlb{@Sgb6N$v9FULcoGkJEZhVis?v8LE`QWCTPRBS
z93XBEz|+6iuO7LJZ~qyqwhDPlVL*a=2g<w7A~jZe328>+j+4Og*8v&j(gsko|7`6-
zEsA_^N14n>5zZlob9eS$WA+07F7lG&rC!MgbRU`cC}Xfr-$+cJy;n7nPoB-BV<Dya
z2R3tgC(Uk$zH}wp^#-*h1^iMNzdr^Kazw#FY5VcEqXSSEx-FQxCrg#U1>Yhl{2QcD
zt=F6`u2J!erIiz7o26CkDD_g)y|q~&j=hM%y}Gf;@((*idD5wu<j<fWf}>ou9$lb<
z!*P0oogs2<w9z%=N{m0GF(rJ@ztFL9VrMyBbzMc}On1V+?PTv4;KdrL#x$uk%#zP~
z%87nDQzvw~l~eyF%_tnE_|&Z7F1zRQRxzGKh$)!ObS{G6`5s;3?2!iYZiMI*qw584
zb8|4vSCN2R17Sf(_vkmF<f(27U@V2)>ILW1Ge?5vb4&jE=cJZQx36PC0fo_NZjb16
zm!b$>BJyuOz4G9uzvquDjbHXy);ykuJSWjflnLb_9A{G074e&-+%qz%C*L!c<lsK(
zGQc=L?6kLT5*l3ZoRuVr?>v!|xc~Y_^+%~Pi)A%~kK{O!qAM(9o#g&rUs!54RUFy>
z51Y{ZZT^|f;oht;1-O0@$$HB}CB*yG)t3dY6RW5OwMa@|-^|wSiRoP)k{|I>g)o9;
zCg9DiNMvuWnjYobg}vtS0q{QhRJNfIeFk|qp<M@|-6RL)$d)S9iycJF38HwKedrVR
zzh7hap{V^!e(kmuPw_9nHWf6<g+dlq40_l*MC-j2_D8W9MmO6+hq-Nm&tyZ-(X7EF
zXaReCkY`^?ZzrU)8FYwoJNB;{#9ke^7s$f62Z+0B*wfUNpvBp)MTV?t*ZU`l3oum|
zm{X0o)RPH=X-n3?gI5F)+<6e4F}@bPX2N3UVI%Vp5+Z?|PBhFiq=$K6iUcvRnQm^S
zy{sX&_ODP^C+d=+4v4*!%)6M_yDdf9_nm76af<<lcYLLA7ulP3<TpQ&?bg0teE)Fo
zSv4ngLn}LPzd1m*`S=dvqxNpfjRUt;r}|kN?>{x(x70o}eU$I}?K20rYZd1GM5E-5
zLF<iff5SJz(zDkGgU$Iy-ir+b4FB$w!L9gtNsdNKt#?zllvD1M=Z2J3$ec~yn~3vL
z$=Ql!rqP;Oql*YdS~T&#=gv{#rYCiUBgGv!Cv)Gt4n-smIRizH-uHfGHJoFsHbgl#
zVzPyme;9{sguCOvtx?@MAgZYXP5h_~d!lEU5!$yvhrJA8L(fRfnBq2rS_)Q;P>c#7
zDxCZ_Vn3Qpz$4uYptu^8j?xBd;mAipP6K7>ij?h9rDn*+B1l4W+SCOI5&(1x4(0F4
zHA6hfA@9fm?q?jEzmPY5X!D&BsK^nV=*)b&TEp?;2Lz7`pAsD>sY{(~GacSE;=QSh
zXS~E@;m<>?4PrDcR-$J9>}){mBJW?k0QduPT`K<z#bbat`HeojXJ{lySTcHRy8?Hq
zt#>+#a{=aQ(97|fK4Eg3wxErzpe8vZR#p}LD#kZEvXyI_D{~orVA{a&v0g}0TPNWX
z9}MNtM*lksQuJ0au)L~o<9*uR5XR0<>}tdlQe4v|xmV3O(B$+Tc{9;Gc<wsia7FH8
zFgr;eOisS@Ntq=RQmC9n5aTX(f6%N9<H{_oE(n+Ck0D`_h|zA#a6-;-PHCGF1knkA
zOy~zx1KXNN?<Q>)6LVt8szd}$vYtF{-F+@J2RS64h~eKo#AY|du&7^8DjOh2HUn{w
zKeH9#E8eO<n8c@%B+d^KIbe^5e<M^=qZ#K^aGAu#e3q|&mHaad4z0TQRkGI%L}}89
z1^2+~yjCDOD}U>F7qLbc>8QoeKW&h>nN_bMvu_lu__sOBFnaFz{+V?#9U{nybp&C%
zBr=HyG-0*0C}-b=p1@2CC-60qR^J`sKBNill-(qV?y%U4;MN&aIyX=bZE&i-*9aT?
z?x#c%K7r9uM=4Z=es==s_%g&dcuE%B7>mwc+TdV1%s0q%3Sd0>A(sEQav=FAeVfal
z#n0*-JJ<Ic*xe|ija(N8D*Q5sy*W(zQ*h!GAinh0Z~K-K2BjQG-%cU^&rQ4d2U7A4
zp6T#<%o1AYNzw!IDI)T}qzAVzz-5uQD<{j+*Z+j=Z+jI6_2>U7iv(kdSQCh1S!Q!k
zISUH<STMO7rFZ-!xQpXG=)$Ny;mz1|vO5c`MZ;jDd@&tmY*<111>e1wI|cr?iO=eV
zU|l$QF(OR^vjZ{$E8Aw8qbdIGN^eFO!~Pjx>|fP<LC85xkS{@*M|kmsh;XohqV2s^
zJ%l*}tSGrFRj5+C+OYLZP`u+&CHS6Cz?+R=Pn$L^JSIcly980b&VzriaX-JrRg^Ei
zzM8r$tpAjf?D!gzoBxO7T*Ka{M}x11IU{3Ls~RZn(<f8JE8Ex0+gQND%DRiCN#GI@
zDO)6)b8NMzH$5DwfIF(<1&=RmQ<bh?Pf~rleSV3Pl`eLfwdiNFP?`R&-Ugwn>5^}@
zpczEa9K|;)G7P_#v(mHcDfL>QIEYP7C;~1dw#8o(;8)wN<mTlG%y#8o5+DL;Um53{
z{o3}_J)sojio$J%VrpIbmr?^B?CJE#_yxt)`0D9<v?jJvW-I9XS`UtrUjWM4Z){kc
z?6j)#qdm&mFm|B5!J!JxXC`V&wCsZfBsaEkwigF+FzatL$F*S$_{k7h7_>u8hF2E^
zVJ2inepw&JVCZ;*%9g@Z8goJ$2m7w6qL!(RNl$nwZmG?4=FhXKwExE|BtxjOPe_76
zVZl*7>vPEOQkT1XmZE+bdH>TB;lV+*@9$>>?_=OUVo)GvZjKvKC&ruls2n#>dlFZF
z5((LzW@A{D@l(25bjO>+ZMc@ydHE(mK-NY6eRX`1-NLFO;=67(NUWV)uZi5%=1Y?Z
z8Pj{RR9qK|VhuVs<_)YYVqq&qhA?~V*A=X%)SVwI_f&)G2P-5OR@gh|Bj&8nHvl|8
zp@6VYB?>w1C~5WI=2iFnDCU7JoMEjw*}EMx>SCxIkrE9FgL$n@9vZRvbL~nzTQh1x
zl(~KSCV`7SsjYrEY8~I=tYk%*%1g-C{?5DHoosy-gZcTTbyiBSC-G6eG9|q<1mdVQ
zqnueh=TJYEB?o@_dq=CUu<Xd~!&+hedPG6325exR-rzd1@|mr1i}vsK7`X&E@iE5R
zS^i@Ck@!I%9bR7fd8Pd)4d3ho8g8NLO0)HW>40ztiMJ=$=A{a=r0l@z<DwvhYaQTE
zELYEBkn$ol&`N!0O+EE1h?e`t5XKZfE^=#iFv>)73nIC>^mA0JWyaY`D2Nr)UkmBp
z(Rpd1E?u5HES0ZyyIU<aiy9Wb(4yatru+7yoF|ZvUqA)2lh>K$>b7);6-jO)z-|GV
zH)6<k&{W_G4j>Z;V6agn`HZkR2!d>PahLq^rnTUg^h@<we@K~sb7UVLE_^;EWwt3r
zL!%mT%wT*$)z%{~$g)L)`$er={pU-iJh?h<FN4UhfYFWz-kwTLzZaUbRjKtdN-@+V
z3PP0o<c4J1UY>v)j@h5x+fk7?R6r^rL?Mh2G85LG_bI@zf?(y1x{oIsW-o7P9&vMH
zjM0-Qf!I_QUM_z~S4~ip0+~`7M5BDXw`C=FzTh7l;W>tnGGNNvaZJ_3cuTZoeB_w8
zknjZMsyD*k7fCK^Ky2oL$~d4PzR4tm&Bs1i$u|TtBaDtm#@bWm1*Uo6x_od3T}KAu
zN?1o-<<w6DLjM{a%^Mz?`!`eX;1tG`ezuu^a>cwmOndS6Gv!bd!(K80**!W0>$@P#
zt^*r>8f<R3Amnr*A?nTneYS(+*?;>rO8)wsyYgAGT?0eZokGt)OII_va)0I=z%hE^
zWZYMAaI_608APxh5Gx<%%VfG5M(~|aOZ@pHuv@5<#fXgfTC(8%_{hL`kZF+XL^{=m
zX{XtHaOv>(5wZG>i7qu4vQfmyyYM^vM3;_VL|NJxp(=ooKtzM_8YBvY6KLrtI*~Fo
zM~!5n-}fkxwx%z%ZJ23#$ai(74S^?6?>0<5y#Z?Hs3a9J>w?&U=SMwKR~bf&lV<}`
z*T(1#|32xlP!r}IeH9yhY>dzO*J!yrXt1MTTqfL(tmFa2+<g?u(F&ySYycIwN3eY@
z*^}1D%}JbYRCnXJX&<q6GgQ39dSKm&t=fJoA=SZPfv#=ZPzCTR)N>;C1t{bf5@#%f
zUnON>{`iFna>UfK9HR;}VT##FX>5c95!UW8N&2O~Ye<9zFx@{$>lylV#{&1uDt~lJ
zT*S{MB}!g>gvCAQ<CM6m0)?4;h`z(AD0(AJDS<|j7?GC3r3!onmuUrm*bk%4-qD38
z=0p`mY7j@ltq930f%KH5q1Duve+Rbl5i~6Thf5&(CEnVYKRVM~hs)C@D=dy!%tl%6
z<8#RLiQX-gd-ERQt=(aiK-^1O*4~vsPF2p!OXIc8mDxvNxBOFg{DR$+pJ@IxoZD^d
zaB%DIau{8NjegY6GYR&D=<b0bPlu4Ql3<n+gqcIg>MU%wBv>cl2qL$A1VJ3euSUJc
zYGltbuKcQ01M-3*H}NP)Q>q1#m0JEGUO=dt1dLCfoiJWn3!|qR<xpkq7`cD_B1|v=
z*q*2rd2eW6yM8>j8+;u#_fPhfrMPMt9_hVclxfJHa0eY#z?J~DV>Fy5^N!E=)u8U9
zyXJ!H<;jz>e&Tg9VnFJygTAsJ|LS1KlJVD|YKgM~L<qic#Jsc~@g=#-eF@K=cR<}f
zjKH^p<-t!?{}P}uLRR6|_5ez9^aj@|mY*1Ttu=8I|HuXw*`8y4qr5pc&Cv>kG6kMg
zN;FLl+p|%xa800RtmE&)d`*cxBk<;z9$M)YgHEZSD>jhqQFPueXejK(A^Ikt{8t8$
z&rW0EgZWfp<#3x+8`ktH&06?y_@JN_f@B<d0hjTgX!g1k{y;`aP)r`R*yt9h{>mxM
z+&%5mye|79S5MW)zxq5$o8(FvT3XTWE}y{!UWJNWyJ6(syMsLA0)KzFjG}6@&HMb5
z<Z)-R)kurC^u3PcM@{3o5n(_;FW-KUrq$W-s{Ggh9PKW>!`a-Ew@ItV=HqP7o+Ec|
z4ve1F5JjI93?YGIS4F1Ikta41HeURxZh>R`DQ3Hq7S7v4)u{^y68k8h?qA}x`&83M
z@b%}64qdkxH`}Ai9@#XxX0he<KEN{tT%@febmvx)M4TE;+rJFwSK6F8yT?TCA6Mjj
z6L55feRa}XW=GiHYRymBZ9uSdC|0MUJCgNr9H+2I8C)1Uzu1qgO0To|?8ry|7;7*w
zu#>Lb_q6n*8;316FMZ&p)%OKc&KbV*MUFZ{gf)KLPgo@k67`gGEGN&n=dM^?Tt{B$
z;_#}(8IQIJ7Mlc~OacS+q_D@8EX?;NfP)jj7zy+3)~#@wIM1>em!^ehN~|ES?fOK|
zAeX+J?fUd_TRF0GrW8<IGDzIX@F@7<W|?3IW=>q1x->L4@sMY|2T9rcB{!AI$8u=f
zg~wmcviZojS#L(sPHx>qxq__chpp!uJNfC-B?9#AFcX-Rc;I<VoHMH;h7&EqWg^wd
z5c`qUv6w2+o2pb4r^Vo@(m7+1ss6|%LYeI06Jr!#OtTNUF+h~l^|;v3?N;6WdguTH
z_5-65#j`Je+CYH3i-8fRmmz1T&>Fn=j5)O%tMb<bkljV|uYi|&3;$L<jv0sRS-kBT
zSbGxE#rw;R)WLdk*rN;H$^IoUp8{{eaoVX7fYqb;E03jBgv>kJ+ZrX?QPY;+zcFAq
zm0DM+z4XF0t<pyZ2p;7>;^-8dBTfj4qIG^87+qo1v@H`!`Xg~|KPTu^rJNrT!5oMj
zqc8a!sl4f**abf|0qouvU%tv<=V$|RzEj{^cMK6LU@LP0yGRgplMOiz_p@?j8Ep8j
z29#_kS181GY0vg$V<(dLX^EbnWH(8}s~x{{ChfC^uO}Uhk?hx#1Zx62P4cHTq+SE@
z?vnFV+w;T%ym`DPkZ(2wBJGXKyABh_8JCXSHqrM!liAjD-uVSE`Pmp&&DZ<^4CRh}
zcm{mvG(_X|H7Jn49?4>O+|C{I@g*rXZ9L&Mtgl$mJw=v|?n1y(jkIn~iEjF>nGhgo
zSvuU6$@8(B`rx>ov_4(lc4J&Gx4SB@{&j?VsX)K7oA2(~8RsbQi1+)m%nE%sC!O?Z
z<#p1voB|@YG1gQNZ}gXR@mFm}vpd!Bm+;WK)z=)%0Dg<gX4A>3#TC3I5z5?c(t#?W
zt8NR!!E?-KhtTm2=ORD3qwYJ^MX@&0r$YK_fjOcogkT3S{3)xi#hU(kv8ASF<PGzU
zXypj^08Ydh{J{13eeYi&(2iwM<Ia@s&rG!Vu1c&m>3~YC<SC0|Hq`tW@AK1ui&OxX
z#${in{Ap@lxBbjh#V5d8j(NviX`Igk`E>Lb3uLP|T#cc1z|2gkx1TB>RY!9tx-12M
ziYUopyoe2-X4|Biw#D1tQRdz+PS#d1t_^7gUD{~+vOT}cCZ$}m<5@F}+dW2`lJIUI
zt^Br;wJziG2CaTMhRayjtTa%}Sl0=4Ev336wVp$4O3T=)kVhP)Q>>F^bnv#y8{*}v
z+T92^QCb`qki%Z%V=knw{~1%uEA$n!eZ^Mo+v^Ksm$Gp}^{KctN{xu*%5wU0uHk`&
z7T%j*HW;Km?1>WtaTC!nhCi6pHVb|AzJR2he~Oyv_mnBXhTpXn_xJpeg~Ce=J0^1O
z3FX@&c+NfIxVuk?lFQ*QyFrMx=>%LQua;pqgtwyUh*P2_WRu*6#IBR$SO5-wJJi)I
zgsD=G?TYoD?x@*5xuQ63HWw{l(Ta{*pD|(8<2^Dc=dF8;%HCsZLN=nZ5{dlgL>y@U
zNO%A{Tkh2|be&yN!k5R<gnD-&Zp}WB-!x8Gotnn<7*TDUVoiEu?Y@mkQo<}Z2!Wis
zM0054IPy(`3T5CO<=M%*l<UNUfilYn{XHwYvu9}k<%h+Mx90&}t^Yn%<(OOvE0)%A
zwtV(Ia!i>TJ!`O}@(`%rjy+ILJ)`^N`5KV*$eCGvr9kq&H>$E;PkgXN^6^F0gLriB
zN<co)$Ng?z)UBZ|x+?YV&ufIU-9#48Zdb9edy?hiOia=PaUs**S%C61d&RQ5|H1rg
z1blggeTpb<q5K(ra_fD1Uy^X&I7RVTM9S14(v_jWhafW*!|_*~=^Alv`Bo-TZl>SI
z&D3d$%#SB1yX<q_70<4wI>t`B4fDi`(wV|InV|yijG14O1>Es>jElyzklOkmXzDY~
z>ptrq2$aO|$m-|&fys-6Cgaw?Gto`joP6z>0<qRM{(ZO31|9m5LB*t43LD6`x@0xc
zjg_Zu={8r!zm3mH|7Cu9K(5+-SZr`9jv;dDf`_-hf8g&NFW8eeUUp=zqkR82s`HO#
z|K{^lVrcGPJYT{9zE#*4hza~nKvXBf1H1Z$mj4Ci=B5bj4)6HS)0h179p4<Zu`lCi
z#zEBHcg8SVFve3aYKJ$0oiWOt#{tq*Dsm+g>WS2u@G4Gj4gR&upVY6eNk}SYiOKeK
zHvD*04AMgk3+AVavuy#xa!5O$exGpo|Dbw6G~dsGOmgdR;xHcU+)(1Z$Rg?rNu1}}
zplzm)i>0Ol%!4932V9BI&p?WEYs_p{iBT4)8?P+b-%Sz<Nl|1}j|!=9JLy02VSiWI
z?0GnXCCggSFc@8I%_h)0ZR9+8ZVFR{YT*El=0(YlzGr=D`4)pFYL_1u4*0ruZcmPr
zQFvFe0#L@cK;?R7@TevNYp(r=_1e&)l`xg91Tg6ySM?<WPOpKn?T(kM?X{N(^c^wu
zTFKTNGw*dndQTvaZ&3L^RGn}A^lgg8NMo;w{sbrQvJ_=Y+1T~~Th?|5TLk)r9env4
zs61kcYWflSEo{PH@IRE+wp~}r(`+f6===D4qPulsQVccc04#W-<&pBQVK#kZ!Pxfg
ztUmR7J-{C@7b-M!)x!iA9Hj+a?svmhcbxWl`;i>P>+!N9)lzXZ#--yyOw@ibr{ipK
z(U2^wq;1FkHZ8PVHLM(8P&)@*yQsYUQ+p`uRzkVB@=O<TIoLk*hD<ZLQ&By+dlW7s
z>_xgG9&-KooC?ql45+m;xSIq#stt{A-#J%m=Ky!B&gc*<3M<e>&v~k>RPB$gJC)Rr
z<=1B&j72e6`JzI*F`&uL;2;ukg%)(n@2^*<7%{Y)=~Jgz%Y;(QkLsi7)q?%3ra=|k
zB3WCaS$#4^yD~IrOk(Rqg)^9($sIahuJVfSv+o`uYrAcA;+}VD9ivuygvq7uA(ygr
zlR^xgSF-hF--@0iW%pQUIlv?aA8A9s6iu|lof(IJ^N}t37|~J8dNwUp>>t-HHZ?cw
zSK5M~w^2W0=hdf9`3x%Ca^(>~iJ*(O=+IsU&l`n>HgL;?1KE~o+eCZ$1hLEi8u5{m
zOdJvlsnOi0VDxAMSAf5vL0`%z6kSmNy9rxyL7W&oEOlqN=<|#vyJu_&y_ZT^PdFHh
zrK3m$7lcg!1fkQ?wx#8l`{Mtb*?lXgy2PX7W13Lmv<byWLU{Ab2dh@o`oBDg`|$?&
z@xh6q6Rv{LkJ7fG<@Mg(a2A3m;~X}4lr!3UgR;eAym#;%Il=bG(dql~$9hF7ueSE*
zP}9P4S?PIzpmtPf`3G(79)vuF7I@Y0@6UOxD^h6{74VS8rQiS<d=QdMgl8kXdu>$n
z+#9EaN0j&M^Y|3zg<o_3$E$}{9P5ck{_|4avWxnzYSa4uQ~w({3ozXuw78bgiE-&Y
zenDtv*aV`s?bzG@Q8YfBQ4)0|dO(wO0N$h4@F1r6dBVW~u1KE<_3l;G*h9$Un^*o1
z4d;bBwDt)(%Pu8<dVSb`8j-q_UL@5l-_J6&UokZBSm1+(ormgngih2;+s0=8huP(P
ze`^2Nvt=u%a+1XZSA5YdrM=R=$cfOtrcOBLm~fLD4iHdX5Q8O%!Ix_uf$Sb|RtBvT
zg2NOKpM>-u4fl@^={=@B<vPmtDXxp1Tu2=cIMOE`yn6*T_5`K(7zLpls8HE*6^eMn
zq*y(Vz{JXv^Ih<u2%4oQ6hWR4iYM>rrx-PnZ}z-H+lvtsHenhzfiDQ{Mu!%aPmq<>
z50qanS~*EuR=Z~>o)uOT$P>YDbCS;_h88K=Y60^)<E9SMY2`AV!D5=f>@??nu1o);
zsKhq%CUdHF_~TOUQKhbDTdcnC^-r@-T`t@53w+emkJ`b~+C`b=l6mC{+S-9irTCne
z%!6<TcN|^MfsaB(6>Yvs>e@kL|C>^{_+&_W&*<(Sb9$I~&Mq78SL%4CbTD|Jr_L>l
z$+mB#9zDe+s#P7a2PsbbTyw0f&*ax<98{{%AU>c$zlKea3I2z^+O}Jt|2L;SEWb&l
zOKj;v>hWgv-HfL716TiFfNb$6K0*mXCq$gVOsLTP{QWVOL{mkU`u(gQ`C_Moo;P+f
z`^87>?3x}aNz4C<sn5yMk{jdOs)#9J&3z9~b<YVx@Uu2Ff+_Srg=$-DCzk07B_PLR
z+y}d>GJ_X$YEL*;^nDeJ`TQ93%DSh7RrfJnXa7TO&sZ^*|7a5Cl6}<LH(L76ZMvB5
ztudYMH}hZj*e$?OHux$ZppzKTEoX2J37Ad``m8csw5>@Doh-3ad~Tf>k3p?D01sws
zcra%Fk53iTC(6@9)0M*}Vx;%r(n=mS@j=^m>eK(mA%?}Eq}a&Thpu;}Z6dIQ2x_Ui
z5-Y#~9!*ynqkUrZ{6_?qZ#`IL^N=e82Tc4=CHzyK=EQ(*2+;Z$9ASzS>{ECQ%v9($
z&H7!l7PDFqn;Y`w9VV&08&{rZ$zzq$_B1SSbJF%?mCam>uDH0NZxKyr&1ojmHg{RM
zNlBThumKa;;88ij=au+BV+2RIF<M+F{*S#ovhv?KPk7#3&|l4YuIqR{WHtULc}M9J
zz51b<8hg6`6Qi2Y2~lm^e*OOuRHM;AC%tE-+DmV|*H|ApvC;%S)$`a5tF7B%?;RkP
z-s8yQ+fasMz1n<hx6%KkRVPxQ0BNyxDY5p$qP}|deus|pieb1Oe1_@+iOua4^E4HS
zEENTz2IX%I%fW)s#L3`EeGmJxjD>`w)x(cV`A6(xCE_UJw*Lt^F%LAa9&JMr%JDxb
zf};l9>iOJL+;zy>j%qpOO!@RAx~eR;9&|jw>zrIZP3yzW&^TkqoWlMwtw&1h!GBl*
z)`S~CxCZ7`VXLkmNIZj9^PPs|yU!y1kGJ7QC{uZV!(g9+*+Zx8;6E$_7qI@1<4}t2
zgHWMej>U%-U`;kcs1H$7fpXLYYjM4Yz}C+>VY&T|!(#X7DgCO$=nm!_Ow)#aip260
z$8pb_&v>*R&{@uM)o?BY-|LFEzBMM}TH2G0?5Mcq7GdRNg4%V`+MVUBPn2+aD5J`k
zw4BTUy6@&?)AB1K{pAC&;hEiCKCyH@;L^BBm}X(@=|7nQ&L>$YKF+E_$35|~z2fT<
zOZ}r(ncjW9f**y<KjG{ZAnDO=>~~7Uuip(9eJZy{4?e_iGzFp#e4O+}95fjA&yuA2
zXrM+TST`eEYQ_j=3>Ctw)p2BvvchYm-<Z_@mHt)*7Il^ywK*6#y&Ep{Ifo?g8wn}-
zL5LM`FN0uvzmTXZ-w1q_EaQjA=o?>mz@b%)SB;#x?$&{d(TNJtbiE}0-h9tAym(5^
za}J_cY5AM(8e1q}_}lfp$t|tp%^v}y8`=&g$2SZJ1^>+7n~*zyEfJKu+!csU{xtA=
znR_ggd&#ibyk$Pz@lzkGeJaY|5%eJ&qRpJY2h4`pm8q?S=bKngXjd<8W)Xts@q)qC
zTqqO11S&j}wxhukooL-Y1W$ToCkt*gZ9L{imc2i^Q$W^P!`)BczrC1X+Z~Oh_^j`C
z|Kb1;H!xTeEoqkpz3ui$c#;;szRn%K`hlW+J`-tmwrygNS37p#9ZyYY^F|pj`YP)s
z#LT4=E2xp+yRW)4yA?4qy-zIq+o>ujEO;O^AO>x{ifzmrTSkRpN-!#<)B(x0if7B-
zasga|-+;mjaix|{!;$hU1b(=B`-=zXh<)+_7yAzPcfSr`Es+f}%=LNyGXn}2;ZKT%
zafcgO+@8!v?sH8`t-2iI@ylt$IStcZeAAGeSN`=%>^uCMhlDy!KB)}icQIGR9s=J5
zi%tX3HtznbR3Bi=lC!z|bSjT}Gn=V87L~I5)$S4zUET{x?IwS<X6WL#(B$o?S;%5N
z5ui?j?+I0NImyEX=`4fVobuAK4B(%Mo8{<st%3AoKJ>?WXtdxvq*+kjELwwq_O0B&
z@kDqhC}{&al&!KGmFky)>&3IVAFJX&7wX!I)&t*8+7N$jMB5_S=BvxrHRYeI15+vu
zV0?R--o^M<@#dLf)Lb|IA6|5Jz?|X*S>UiQ@xG|-rB}y_!?r5w8Pkj0x6&Zxw!h?*
z43}9v?083C<?jjP9tg5Xx!#FNscmrj?z#K0Gq9BhTxJdG|LKTTvAQRidG=xA`Xj79
z5vk-zvUa4pw4>_Uc$d23HSKRAF18EGX`*|{uL+b|N15b!(tW*$aXsm7izaGADv%b-
zy90?|65KXTe<|(`J3*y?S!3_HQi=1CIJ1BL%d(l)@xAtdp_L(X`8V6}<u+~z^<{&i
ziHxh$7M=nzp6F<+?TCdLG@euzR<D4@xz*FT)mDwz{;!lOM|u_{giegNOEU8HKAUE$
zmVS~dud+x?%C0#XZJ3SUWxX1G-u?acs<!B{n}LjLWnzxI#lC!kD3>S09gk|eZMy!8
zsPwmfN&C{NQ{fM2CeFz6EIs67n=%Y{5YnsyMBTI=B!&ND=_<qG=z2D;Tbu&L-JK%E
z-QB&oySr1|T^FZ#afdF&ZE=b(UZiYs=i_;=Z~n|RnIx0s+{rn+Gns)7Oz+^(-rI2B
zx8j^FnIP#h{w%SEdeL?c5CzJjlDQx~^*SQa=l*=j*a;-t7<H6jhMoPPkP&2`k-2Ms
ztE638aHReS;?_ld-I!`gLpBZAh}9vL+p?+V>zTg3f%-BITF~ab;_M<w^Sn&nH%c=+
zVHU06ThC%})si*lOz~v?*5$GTe&D*q$IV?4pP153v5{($u5{@A&?04K0*QV4*<xbG
zdr|F;;cw=C!X&t7e5!2Uk<`nyL)5laPUpkp5c7gPBD+S>!C>dp!)Rc|G~e5kuKegO
zJx^40_X73ovp2t}(d#xXNop&L?zh*-|0XY~iGNbgk+~*YqO+==%rtI_(b9I4X8gz;
zSJP+KtP#PRvq}#7q+=ff|MY{D*F7RunqEKh0nOW%zK800UZ*ZCP@lf1Iq%3UUC6O4
z_xW6<-Ky;u+Y2<YQoYza%}N{i)zG`0wN^;*Oq=#4W2U`%c`dJPT<NVQ=<$R1A8Ni_
z>+=hip5j2nr}Q}ONAl@_7Sc8a`K|i+M5ZTa%Hz-6e)a^DH?wHBZ@<ebnZDogP8C$G
z^d{T#hK8?9aWP&{)jr07UKF*LR2kC{F^G?y5ZAbjB#>W*B2_SS(G4mN*VL<ChRQ3y
zO`b4oRJ%m3Yj67t+V@EakA9EX5%}67{~~C_7%GnDnNP~2Dlc4q`gXyq{+%YI`?T)@
zHOOgxYt?bBrJ?pXrQoGKN3L&Y<B7_UHFWPPDpFjii@oOey`xr|O%UHZl5Is<X#!7G
z?<b0ZoBDFc+Zo^<MsW`|syb%{-v-7KV{YDr_}zkz+R&{{Pp`EaoRChO2h5Ia7`C^S
z531Ksp*H_ct<$7ZEz^-!)L$jb?qGBU?#g@NI~#f%25YqSlI!Wt%3-hOs0w#;t*JYa
zoV2UU+L;z}>d`)X)ygB15HJIawML2urzyaT<#gx%*vI~e(2L4Q)qI@e7Brv@w?wwJ
zBbsmoaI*&HG7tMBFE!8OeQE5!6t=6>-@T!2o4+lesa$J`AlBUBIw9D$O9kLkfuFfU
z>E-Oan4OrfwQvjt;;Y-~z!zg!q4@%iCIQNgBdVrYdPb~Cc43sf3+Wv#4^Zl%<<y2k
zdmL=H>v-<^nV+)Z%?@|R;K#^iR+O2`dRtc`jWWu~Ff>#gHa7~!>AV%5h_KQu_*7Pu
z2m`EEqRFs=kC9Oc{@>^y4(vQcs>!V`R_T&=x2^qXGKFUEddLEu@BPt1haW8q{v1;;
zpy)<;jLddWWV9p<wQue*1nAD`Tot&L<$!3pH$deHekKtCm*$WCh!De(#0~Fcb90J+
z5#Kz=FJ}sl+B8A~4RCr5aS9gRMKy^Z;`-}_4}LAQ1v6(zmWH##eb?|2aOhE;zWVpo
z$p<VAbWxOO%yQiI!ydDjmvfPaTFe;;kK}Fb5x}}6Gt&*3anMbn1D_gT0t|7ye_Wq8
z!fdzG1WpUFHo%-4Vuu^L<=letDf;ov?3u%PPtaU{;6ngcN?mY~ZFHWt%C>x`alYv~
z3NnDON*h7;?a^94PX|!-a&Mkuc^yuV{fxcxnB%m;xp1w3MgGINfDPweAbTUn9+2+k
zUJWx(X(X1QA<}7r=(*JP8jg?YJ})C=dQGE9ZeGLxADYQ_9+WHH`-u#{F5(d%HN{n4
z%{@(rNsQhAH;Eg(N=2+zf`D%zu1ae+fDX>CM_nPT{)K_pWZY^DNdq3puMJ_7lp|s>
zgzhA)I>UdW6)&p;+N8G<ATS7pf^)-g+SiSg1=geN1a!c0H0N<JiRcswW<Uu+=~YTm
z+~y%TgY0s|yF*|V9LjG1Uegc~9;G<84)~FVRX>y$3CqL^s4nQJr1;Kk=8WhhH;;h|
z{sRM&N1FJdsYQ*yq$e(z-YN)p?F9p2MgpnyoNP1JhEyT83d$2Ne~b8ph(i)q_vo{h
z!)sp^_{$bClg7>gp*nz~gc+W8m9Zu*uBHxXA-_fshlejmI4kzqn*wk0guOj<BCQqJ
zPtr<}!jT*X7w4oD&yZCt)EcfrXD1JLoh$~TL;9rcSXOPs#MBYKr96*;2L3GuB0}o6
zN3O{R`ZFKD(46zZc9Y57W5RcN|IYc?t;oiE-W<wCYnS@MKUVwUXUm750$;NeOVf-c
z)MN3l{nFYELjO8g6!0Cfbif;D0&8`^Z8Ya^2n^jH%&6d()^iWnSe0<uP#?ME9Rfs=
z4_YZ%EP>!nZ{u_4l4>y8Bcr?`9&lwHi<et1mbBU^e4-xMO>-U!Q|KbeU<0h}aZ;+y
zu3Rz{zmZ=HK|FrqjdURzYa5kOpCNmo-4p%@E|y;dBmWw#VEx&{dTM_zMvJ3mj!3CL
zNdVk(LhU204opt8)4hwa)UBsTwmi3h_3vf<L;qFa^c;^i14SA{E3TZ@#`_{*D{lxg
zN19;#0b8F9ywOo>v2<#O!Ed8=v;w}+@>XhRjQwoIU!>AsXBQ(_$6@0De-@OsxI_C-
z!FhU{DdO>HdpSARq0)u}{6r?uh?#*!pO`B&A`byOFal-fCcsH)eLy#-eH-nhpspSV
z7%Uzs0?;z6s@^7+NPWlcwq?CSXeBasB^P*=&rvKEC&Ly|IHe8|V;^WG9%+O$5i~T?
zdgFq!uxuy}pVp=i*UBB!R2X)<&WN@~FG|`z3->9t?i?35K>-p3EV>jM-zb9hm~FM1
zy$wU{BTz&+)pkXQ7u@eq7u@TCbK`3}$O6^+96v>Kv<C{QMuSV_I%#a}o7*))ACYnY
z+5mws-b?J_FLglrw6<gf2D%(50(|18i-o~%u$e(AK3;kqqR=n#Sp?iHZncKO(shkF
zCuRm#{d`8To(R-oz`n;I5}vnMXyjypBb|c_3K;ok<Q<_c7?yZ}jvT8}xjp=l&S3yW
zEr_EeDU9n3&p17<L0?=ktxY_FzuHPr;>z1m!vgtIfI;j%ypw5dM~KHiy(3`(c;4WV
zR&nHmyOTO#ujRQUY@Ca1j1_Pk*$GcuP8weayk=Q{^A*EjE(yv4Z`=aEnFU<eQ8R1K
zq7VyM$G+uAnWZFN0AZjmL@I`xs4U;2fxn%jWWO6mNi6+@i7Ne64|Ez|n}xep6a=v%
z)il8yrvn{yz)6<pC6pw1SQ57QpqlL&o??v$+sZ{aCY5C!6z~ofND_djWA9VNn(1S}
zeC*ontsiO~g@r?CJ3v~k5zbT(EE_kdEg@-Tii8TmYiF<Jc+2K_kD~cA>&FuSUnnE_
z2*=)<5=(oB{zC#d%CcT6R0M-E@RwNrnOFsmmOWx$dfg@t@GTn4nOp6^jCi32bFyAq
zN6o7F_A3o?+Xq^NXq*C{GrWp^Mm*GPgrK}SVS2IDl1NHG#$DwH+jIn{=I{nOhin7}
z#te@9Foo?_&iYGbGlL5J>qg7^0}c!WT!k?kpuM29y6nE4yDSUvBE5|t_6wfEBL<?)
z33ks(Hc*K9c+}D<8O9iu_L&^s>5I9A!5{3d8xUG|YTXh#_@X3oo3MIbWiGVr(xX(C
z6}X+=7KZ7e)^i&PyhX5CRR2$h7W1)l^KBiB@O%+RLfB=}T2A|)Y7VD#{A=Cj+c21l
zc6u6aweN+cP>cVi#2#M#Ff~bQyD$V1DNe{5K95d(p^jnzk5wmh%TblV3V3G0TX{f^
zTX|q8{>r%K4EtCo4ADelYS!F;%Tl8;!oe#j-NXa-oTI*30HGa@VyQTIc8F1xw(!v&
zYEKxEDHsSxtsRa^lfjD4+|A)%%57&+z+)JZ5I}}Y)p3%R=P24qW@#V0*dJ24ZSUP{
zQD@zkQL7vBj?l;Q_ZKC)s+l2!;sJPm8zZfDqfvGXb--Xog9I4TQ!##!*l+K+nu=0;
zW?Q|ucE!-wr7+jbu)nKe&y$un+4^Ebnyp`8AA8^-sz_+;Erv}D>7()n;?$b0uhaqz
zb<`!2vN|tT-aZE3tLM?;ROT)bj(;RY$`VztVR-6>|1}U#uCl#A1#cup0+8(8KqIYW
z^pSS&nX;hKYMty3W+p{FCA7UqC6<;|MUj@R2bSYGMZ;uz(ew_BWuJ+y&>nZ=XXKUQ
zqk{=ZQQxeAJ>HdV{EYwA=)CmOCA1V-LRd2do8)xfxb_0PxOP49c#T$M88@|T4heds
zFZRgYG~(HHz$(qw12`Vu1dhD0hT>Mv^9G*t2K<ctQf)MFx>+R4yI~VDb8(vg!}JMW
z{T~aGR?38?qOkVWup|YrI&(FJbbv&tN))yV2e?9$x6)XYR;kAsu`j3e91nQH0m=q=
zuBfPw*!{0GdBk~3h87f}7|@4%4BPz&CRQErGT!;?9LZumE@eSjQc*kS`MjOk8ZC1*
zgR~)?815JB5l*m|pfsmVB-Q(L56`&P1IIIf3t>dc3mHMuq7X;aQL~FX6pfBBIh9%+
z6C1X1R1yr5$?;x8^XHb%XA^Vrp(?NjGJD5G53v51SB1)R-Y8(cLKIVOwW)Pp-~$fN
zHrkis(ia-BhM7p2Le!b?4ksn%V8a|8M?~#%+m{h{wb_}-zW~oQ74_tn{{>={aZLj@
zZ!s5ZSZru^O?v=gSWjG6qtyq&R^0{!_iowpNNacts1=U+xR}u(-HoKRf*V2(&~mJ*
zmhSow)7Q#zyvm_7UUUUkK(d4Xiu6!D@Is^Y9PZlKW`2PAFoCgy(<!)%!>J!%E4}oE
zK`gNctGB!9q(jqFm#NzU@g=YHhICdO+Zg4JQ!U=ZySDUbzvfr~{a7U~i&;#w8>^Ja
zc2S^5d(OjMdlBu?G|pQ+wCJzIm>G~nQ2MimdLsUQZq0-84$#RMrI8zJX1zYHDEnOr
zE5(JDQw@x^CuM;RFy`t%y$3bb`1|QK_^4n^W0Y-fweZ4Hrtj4gXlP1H!B`XnuHmZu
zKlLq;L5N*U{y*W+6qX*P+|;&RC0vluI=^->`HMHi8Hk^2w9&%xuogi1;S;;RmQ^b;
zF|~wuSJ~skwel1+MTXU!iG9Y=vOwI-u6a<|2a-Y}sgNY16768|K|Jrn9;0>c2J6pP
z;F=mn#pH;GuZ<!ttpncCa>|F<M4^8k6SMLLGNINqhf`^`eS)=L%LJD**9HqNxT-t<
z>av9uE~vRF`X!F(NqcPp42^&Hir_!5cqp|43_`6vX_ah%ID%?j2$_cB=^Ab5a2YF^
zO$lKQCas3}ng1<X(ltL9+hVLOWj3XU8C|T_$MsX|N^k!NwXU?+L^ytFh*UsgYK6~~
zQ;WsV$f<F{2j&~2wgI$WlQwIP1^*iW1(l_K0^r9@l<98lf*bERq+aH2q@a~<CkE~K
zoGEem9_&YMwZ$H93pvy^b3|6<rH|-pMtl+gc+xib5)Ixlh0{=BZ9#UiSubj#Au-rY
zZ|30tmKIKOOP^FBz%=K`O+bbNa!m$Mf!WrkhF3q7&4)U0P;AK?NOm#){WxIxr)|w`
zH_XdMqS~z3&~{4z7n68?9gzF`nh)G!w_u5tPk77X|5v4pD*HaNBcS*uDkhg&{N1_E
z%64|g*&QozR-=ssHt%;K)~uL-HxLcArYXFk%Kiw!*2)KjhSY71jP@qxeE2*F*PU78
zr+NSk+C&W?Vz`9w(MCZva6x>@tdT}n)Aj*<1GH{qc*=(V)e}!#Xk~@FcJKkQ1NKA4
zoqYr4L*M6gxcOEW#A;<s2{BAwp?3I8MYS&cMMmWwmruwa&cz9*#B|TaO0o~yOD30z
zE%VytLU97HtU1A<litSl2nTxNm=$&haIM|QX87><YheuvU~T5(Ii6{UFUX{4;;XY_
zH{L*T@`=x5nDsuXJWgpaLGuw%PI%>4@ZT+V@poKJ@i?`>Z2l3yXNS-H9Y#Vvem+mG
zPY}4!dJ2cPkq&OB|4DS6x>@Frs?ZjmRc<F-yaW6efI~&ZFpHr@E3T~rp5SpRfvLEr
zq2W|ZBxUGTFlp6ZCe5>3(}!g`me(5+OV##9XTiy^L3C1CFyiJvc2xyYBCS~>e_<5|
z(RR3Bs4UQ-fkgvw8aTk20ig+`vzHY%Z&GmQstYqSJAy@T$MW}mRjdD4O#MGLsGTMq
zfuB&$|61%t%%1mCYu$7O0w>)CQz~x~AYH=#<dD=SUuUYK_cvVEcO7iX>W#S9zV$+E
z5sFssYmxKa!+vn?)_c0ug&mQ;UbS?IX#mEPef<yXK5rMBP|hEWdp<qPTDXTzb6zSR
z2S2m^jWGhU$oR$QzwpPst#T3EFJ6{8_?A4t#Z>V-?xz!k9saN+!A+sx&LD7EJsgTC
z71n`is5PAW04drPgqzwg`61EGZ#j6yw0+j+jmn|@rXNDR!5!+-)$dY`J3DG%YWn?p
zK8km<8~3qR3|pG+z$=Q&v?LH5s$o%r$B^NI7bm(+{c`daDr$Z(iCC1X;CsdY?=P;<
zkqe)|=AP0FDeWt@8y$V%HzE;9$geXFfh#<fHk>!asJ(#&!1j07=nEc!Dm;}6oHyJk
z4_VYVdB`;buYf`CI3qLfUPmIIz-I;DZQpd<*2(<@b$;odsrwdul}wy|DG0xJet|BY
z%BwT?t4Ne)Wu&PZKOf%A0KUpC8Tb45@~Y%eT?)RsH=J<_km4%MwBm5TN}|$LiJ>Oz
z@E_39(Hlbm+YTckDv&8%5Fc|vS|8m}4Cv3lXredxDBQBhkTO@aZ4QADhJuez8MmSf
z`v6@~&n%CCz?0GpHMjDNG3_fLYQbWFNJJGvbH*pY&QL(C@LY&Se;i5_tN@WB<q#-l
zC}382F2+mR0}?e%a|ys><Q25HD9zZ>25;-r9Yy1a$Uq{=xCGuE`bSyu!u-yC&x|&z
zZSQ`|SP-u9AH|*ac^mDh9rPd#*(cFidvi?JERFOjaB^=T<rTo3<`qD7VLCU3;4wk|
zpjGWEr(YF-h`gli-q7e}QAJB#Z^=0Y$QcS^$`qb-`B4?_$<b_H)YBJ)=Jq4WG}l5(
z$73}><nlZM%t^TgL};ToS@W;>GcdHzh*9bPvc`XZcRk6xe;=G<w~9Ai{`BPhf?~WG
zZQA}UOLrqHg|}i$ccjeRf_{0rDx+9Y8OVkX$cDK9ic4n`3;G=*@ovRY9!|e1<i40k
zfB<jiG5tR)@D=Xa(T<WpcJKdkyQ?yui~im}(*=<$@CqzdDXFxA<b~>6L!w$tP~S&J
ztB6-1AAe?_`#(YE3@9d^%5Ng8=Q3BMzW<ogOCtGHIR&I$nD>hD(s8|Y?A{pZY?^W2
zfwo_)JtB%WT4nTZgiQ)gzb3>on|Y5s%EK`BEf$0-T6O&%qQe5NS9$Fb3x((Q?-Raf
zz4LEXOnX1BChlb+T1@}mT@h5c$BA0l3+H-O=dU2hxNUT;$%LY#RY^zvN6BaUkHVA*
z9kHW3Y5@JosZ1DUV>%aACQ4?6%%L5PNdISQ^S1ih0EkiJKa4S7FudD<3vCc!zW*})
zg?a35dDbqaB|P{dFJoIdjyd|9=(M#!7h3Z+33KzW@Qrec(HYLv1EyvJ@do?Qx>kw{
zrZFcpt~w2Ij7FZ+w|CMH3S1`T{aG|FQ|T;*v7$d8CYpZ;HcN;n$?>J~X_e0g&~Y`w
zzN-R+%t|?Hq%3S{rU;;2rX!6hpu6{lKg)|3>7=gUSso=IS=otisi#PCDOnyrp>bUX
z;dXVxa&3>25?%Gj8dXu~R*#t@`hEXT7mIGn3ch7xoM+HiDoHNlj0!}e+pyTPVmm7O
z5Fo`7^H|j<3I~=k3B)cL@vQG-wP=^-@Rt3Jf|u>#&l2KD#u_ORY`J5hT^}aq!wbB}
zrDUc)r}{B9%ZXR=iRl=mRN?P?pj~#yc^dJiy6}lD>!pZiEANXcm)j&rxLJN?5E1p6
z2#mtXs1PDlV<;n5Q((zpMzhM2ciZf%%OSWfi4E+7ZJrM&ftJJyRZ`%JXr=g}HTT0d
zkA!cOQW*cHYnG5U(M?IV<YVZk`zse%p74fmc`u9Rz9>uQE(vcLi<nzYfyp#>!*p34
z{#^2(s@`&nKk`;QI#wF~!oPv{EE!Eq>6g_K@>&e&pVTg2Hj5Vzm@?YvhTAF>1O`f#
zVrek)&h$Ti02{`dIRu8Sb3V_}{5u*jeEnREb-m9kJi+nN>LMtz@DBTthK{ynaGby+
zZ2N-x*`NI9sE3f)DDDk=smN+PxQgKCQ4gFjM<k;2x%BEUIC?fPd{6UWu|IbIh4l0K
zLN@L==T}O3P7J9w<YTE)-EmC>(Ze}wHX6@3iq>R`&Or0Tn9SVw+bnmzxv2aW=F_tE
zj~2`7)Khy2?4F)f)H*`PAKCnNX8uUMu@~*q=Z?r=Sxd#FD|L)XfoOG+CvXc3kN$mo
zoRz`4q(Ye~`|($`Uw2~mW_0{BsWs$V?99#8y~V9CcBC=(GiOiCQAz{SXpT`FMei)v
zWNgo<WYBE5-qrm)?o|RT<Vq$Lf#suW5#K*KU9PZXzw%5+?@taQk#A;2mptj;T6pLE
z`r$qog#_4HQSW1qm>9%fD=p8qC2-@;_UrC4eRk^#*hQgro9n|_sg7;zruA0Q!QqpO
zNmT&()0!cGujUtEocKf>gyK3>{{0hN1FhA$eRot1%=vt3N`=BljUxVt*d*+RgMPM<
z4=&@QJZ`D?|2m<q)7*zTskf7n>A%DE(YJvQf`@+ACyf~>{>BtU9_~UOp8VQ&Y`&+^
z1ODb3j(B3~wUt>Nvg9XcDlyRij8auf_<P=*<x~wBw@<{B;$!P04#o{F|D^dRvgo~B
zYzyAfZGy33Ld?AC7m4(puBf-*uc%nPP2!LfX3A{yjCA+L5eC^kgpcj;wwdbP8Eq-x
z`wrhw9s2fH_Unr#X#cFw95+n8{I$)`v8uf9Fv9t(ahXzcd|BMX9V7;FgoYClm<Ms(
zh50<YoTVN0aMh}%|GG|(LwaG<_#gpZNMfX&?9i1_eLntmC?YG>{Yh~STYh~A|C;Vw
z>vin!$Eu2;8&!p3o?uQ9TGE1Q%15`X-{MIz{jV%yJy9+wr!gI9+fb#@<!N38YL0qz
zG3HM8fYf^-ub++|!it4Q{A+VZTo5litj;>@;f^`p>ZM-211qD8h*zCXzlIl?9xDZ_
z_}QpCpSq(Y`Y0nGt4Y9I@h@*O8viY9Cs}RPU|SI##NzI=8+YF+4noy^#4)Hd#?YGN
z*WSpaOrF#`IcRed5Iak5A&1=cBluegKpTT2YhO?r)`b#h;RY8%@J*fak<0f}+}3c6
z#A~MxzUU@vAA*V;u<i<qY&OIKL}46fDX;yp292*BKYsw~L_^g15<9OBNE?GuOH@C`
z14GicPlG|lFDU0nHr5da^vBzT+X13xn=g^Kzk#8Vf7i(nZbig=Uto91y?PmaR<>F<
zbk=APuJu?%Ne2JI`SBfC3z>$l(b?91yy_Wzc|q-ay1J^<m1B5bgs*$VoqxhLI=J~D
zVxUHqE_MHdE(gnKx9Bc7*M~PA%qG52bm(_+uDVKl$(9ME`h4N?h}&=Om;HI_DNada
z7+iwt1S;~Le5#pRFTSxl$89~Jy4Zn@9E26RaKOR)Ej1o+0wZw^6JFbDwpE?on9Aun
z8i^tO*H7@|AfS;&LNEOG+gQLR49Fn0LovK&saKRx%s2bMc%I{ej4O6PRICseE+VV*
zfRyqo$sD_z#x_0++FJ;Z%9C=msTzLyoZ0&ggGPuaWrxW==Z+`0Jfo!Nz2}qW>ekwC
zbgcJOKhhaBujpboEE17w8vzy7sb)XGk^+J?$+yjFitx7(6>R!XX5i*48zoEp!?z}M
zT1QHcq(AEjDEZ?B>32W!^>B_aeEVD+^FM^UA(~nHQi-kX2E_;SxHDuCSpDK2k@lM&
zd=*ZC4vFnOK2e#dzT8Dbl9SO$=|F!)NFfg-fbWYvU>`+H1`Pe{6rBRCYyY}9-M6%)
zzxQ>#dPj>^&7GR57(J+GM7YL=Tub&|-5J4=0z7uBzM+T;Nret6%I}M14#liGFovyt
z6PR<v`ssodW)LO7X@+ICLBU(<NLB}VOuj5+%Qfi*6JG=>(jz$Jh{iw{DZ;%?o1#~c
zuz4}4TJKrM5PW$N)XHUMzJ9Pl#-0IC@jLh?Tomn7OY!C`vNojJIn;f8!@GF4W9+zp
zqyU8=p~gE{F2AZ!n?G4??2bgB7DaRomm%TGV9*U}W~i@Mg<?-8xPiL0cvbYWr$<oV
zy8u9{G6e(02w<9dR6KTEQ_t`5E24bqpL0?~a`+71iuds^cuEQB83A->pOjp?oU0St
z<-g<JYs0yG8gxOz?Z+7;!_hl`XIU?e#)A8XW#oz+%?l^PMlk3P&+mmo>5qb(lr~r`
zBZEiU>5O8=3cvL*{y}dQWtAbU1F(ZEiE@GVwG<(XkE@iB-SGo0SS`GEixfo_C<7P5
z8!Gt?hwRftm>&)y#7=51EdCqLM~<(Ff*k9(ggNw~1B8RrlBnMhT;mZw`h8MQD6@>l
z3H~~$!1uMRmxF#{Us~7NDcp28U}l;c+|5D%MH=UeOf%gWPUbU>2&?+^<-_N#E_Epq
zVtK-0s*~%FeEZDFd@R=|zKx1hb8&K@7M9eiV<oO5_?4^uMH?f;*?)IJ9;)-5r$XQh
zB5v@(Ecd53JmND~)wimtasAn|71(a9?F9VoeV0TO0r%&%bA5^82Nn=@Kwy|;YNT*#
zqzJdZ8i^t<e*)N(utfC>y1`U<7A7?dk@a;lzRa7iJ7GxzqE#5%$Z1(l<2USn!jW$*
zh}#pooBeIq6ve-g18)-6JCe}+GU!mO;HPT;okQzlz;yX<tB3ktabnoMK#hIz^y>$$
zVc$@HVxJ^tQA1?&_+q}t=dFL3Ty3P}bgjX9fM1V<bVj~8O&4ZE;QoJ`!Jkl!d?Q_-
zv7MI+iw`P)7qi0uc-n(c5<V4SxR>q^Tf_k(?|yzex=-{2xq@;a=4#ORjrt9ZF7XC3
z72ja~pP!$-hs48_G{(U2yAc7RM<NU<e!4$U;P=|#QtzT5ku6jg!8nmR3R@u<^v^Sw
zWQ!aZc3kpO%%Nm)m;yURJ_%ET`O<`Vja@p>-lt@WYf?%iBpj{s!<T&&i9?j|TGOFk
z-7y+%fG~|n`6*gQ@0HcoYd!3zPmT3heiy{ztJIflDZsI1g{|!*ioog1zjGWH8o4z2
zCEtdT|GLjURZsO~Nc-}e3|$Fbq@+f+Q~PaM;b_$#3J1}cO~{2a*O_gtSmM0Fghr2c
zIK1_)i`5w%k`7ZP#PA`RHzv^Z(p>hjQTo9u^k>WBY*{=!Zg`W&oPRAer67+n_T3_k
zK^(#S2>)a7e$JfYBOy5}lDX4Vn4aMt8fXfH4ExAB<HLW^csm(?`L;|*aNy$hg%_$G
zep~JKvKhOeiJU}bTZWSQUFe@{@bF8w0^pYr3p^+0q}bF@5JeVsz&VLS<9UpaNKYE3
zVnH%?>*%j0DJiePZ7V4j!|`vl!erEuq9fmE?UJ!I^lD^?6-mbiC~KrUEkhs)J}QRN
zK;sIG-h0B5P^&xZ@9?r@)Fi<PVDnfws3VHrhC$g<1xDa2A*5v#r3g`IWLAH$Nt*`A
zV&+CDa984mtwh*I7MHs9X1?ZTxzrZ#!l);XVAwPn`|m`l9{XqMu7nr@oqwgrJbB<?
z9`-o>GE~&E-%hG{WW*&w11DS5tuK6w*ak)Dgt_cU@FpW)zuwq_uFCuzL|7euELus;
z8D2%rMYfcoHk7qFm&N-NG^xY&eb^~3Lmfch(MAQ_ycdH}P$K0usif<<4>FxE>}Q<S
zRTvS0=oEoyco)U5CE3`+zM~cZGfeo8J@B=?p<%U%;8B=h!Dwh3%;U<$%-VWPDZJze
z&RP;}XL~0+bzj(LoMQ)=s$^OvB4(rtoSbtfDNdDQLPg(L*p(i5#lEl*MPM;(uTU1W
z2<E+B*}G83VO*2Qf=958t{jNp182!Nte3y@wk!0q0_9u;yG8!o`-S4<UQbvO#fvm1
zx+S0{r9>v1^I0VUJW)XbNxK%^?LCZ>G91NjZ;~o1%{HTM&2*T;HsDq5_e<oGVBQa_
zPyn8K)^kbJHuR06I0-von2!9RZe<dQ9?zt1y(CD$UdwjFY{6a&*h4uQA);<&-!s?G
z>)%7&93}qmz+DgQu!q{1#P?;UF(K({!WZ<G$R}gF<n{<XO#T<SJ%al-xbJhB^%Ke1
z%MBLY#FaR+?Or8e;!-ctba%}u1$%8{r(4mqDQQ9`=tzVKoeZER)N$MW&k)`2d>wJ*
z1BHk)LcHr6g2V-Cq=*0uL-eLrQJz?iVAxJ!;1DG&8H3F@?rtyRQ8fHFI;>k|iu)g6
z?AdKsn6*hhl1|PrwV`<#20P=&J(82(8`)(25V33qiBX1da`Yv-4Oa@zxD+huV=|AS
zFndb<5EL(C9&!lRz|NY{!iu*^GL>V}E+7B(GaDL^DEda0STDrC-s~lz6T%`PjaMQx
z(G)DR0k9TUrg<ikhQ1zs_=ez1Auh_yHIr}e%+Fy-1^F3^@c!)guI{FPvH^0I5)Dh9
z9F$FCzFV!@=VChO&onVc@8?t~o#LcKTMHk_y%iPYP)g!Xk&mQWt)4x7Ia|NpWu*Rs
zGZyTW)*6gXoT~b{uF=FEK{b6@^ghk(MQiBsSUwUp9dKIpX_-KU3Qvj3S5)^j1qM?q
z1O?p6@8aLK95$Jba-mH1Uswd~b8o)clR}f|c;e`MpP228W!6;lAN;+ly+T)uvF9Sq
z=171yHC{WvZ9&bp;k?z$VJ&l!xKmep_3-`as3z&CYkO@N2}MeT<3cSCq`q!kX494u
zcV`C3fmuYqy-e$TNyzu}D!?S_<gnLHEp)!IVy63W7pinxDs-LBSNxc)2s?nIaZ$fi
zcHRu-6qjh*t!-WlKD8B&pfJX-b&`J|{=sQzYOU&zsgrdTraHD6!JY;E-Pc!^5}TG~
z*JXQ^E%O(jqrgFEJ^m*oI6Gkybb;;#e8NUYVk3AGCwR-jB5*QF)fN@xnn#0MjFHAH
z=eY*l^^<aj8&fN%)H;u6vp0;9_ORfFr7z%DHwow-!udA?<Xtj)C5xiB<u6TdZW5?h
zwq6*|P=1Kv;lD-?;E|TZ%J;~>Kb6uMUS{HC*@Gy{1=JA1bJogP_?Ppl`3iEm3a-i~
zm07{>vtwgTMaUw<%UD3>>k9-%nL}ZqTKtbFv|0TTcbCizds&&buFyW?HL{al?@tJS
zCiGP+{Eom20~IPpgG+{gq|A3pVk?xmBapZ=Dj~bEq_}-r313!;9j!|3JF7n5ozQxf
z_uzl9{Qg^E)?)!>5>d?1_(<%52lU4d!AY_ZK17B3c|=I?l!TDG5PIwxu48Z{_UZ{j
zI}~^iN5!AWi9eBlFSwH#UR3dtO&+D2uN8Asj`BWt^(1BYpQ1{X(XTd5*Izr-RfNd0
zz8odYllwQ$CkNsHIeV{(uX|ohI2A$?=5DErD6V}$3@@BA>$8F3DYpne12&Z3floL-
zI^w7Ktc<+n8{YJU`kr8<scz|+ue<pefo}*9;;i<zwB;xiVJB|W6aR%U3~rQjYpiFz
z>f1qO<Xsyq>nRG)ko`*d3i|;=mZwc~hXKL*+_?+qJn>Zy$=e<a_tjs5GkR&e3*EKz
zk93WnmNDZ_XX`?IkRXeIe>9d&oLV{9k~vrw0EXyaUS{&aF_eMW)LG@uleFL0KPsoX
z)z9?r_S1M7&LsRk^VBO?wiYfXVvnH}B4W-er)f1PEFp`dJ&U*E-ZLd;lOLyf4TBNJ
zA%KGY?`RoweemKrgjCikE?+6Lp!H)tTH%*)nZ1G|*b=)a4ZvtW(^Po{B7aMxoqspZ
zEtj=i7ych1bNm)MWW=&LWb|2OG&HS=X%{2>AZ8ZRZ-)ISUYVjW2r|MmG8{69n$NW(
z8@)Cg5$4WY+<(<M`7VeEXb%tXhR3`7*vnKnJw{wZ4Tc|<uToEpe=C`6jOns{IOB7R
zoOF|kw{<Fir7Ln3C<4>ea6(UO&8@LMRm}oKR49y8cC4e9#&?|@r8qGV^5mff@~)Z7
zUCN&)h~cUEP`(Dh^PAI|ttw$8WDGuz{I@0!q%%W>&w8Jt0z(sVR)4}2<;e5Xg>vHL
z>{v)~CNUMscaDcXczrlzW6PE5+&`n@n7Nuq66rY>i3fXS<@A&<$95@VPtvo@Jk-YU
z+kG^9X5sV^VEt27f6eP=vdMcX<zS6{sZTZg(d%&I0FrpPVTFiU+^wG5gLgFupapB|
zR81K-ENxo+y*&RCI(DpEb}uKY&YQcTJhBnB8{OPB`9nVvz9pdxeOUPCeB=~eYmw8G
zF@rNKx_>Y)B=@(>&?Uzwod-wIdP`zgytSv?_AK2?A?3@&<co@lpQHUQ`AW?lT}M}Z
z%noAEq(n>SpgfmEKH$}2gzj{sVv)<|HyJFrQ*U!^Jyzz99Ku`|^w(Gd{M*StLqO^F
zT1vu|in2O5imWrb!Xa0JKU)dvm*_RIXW`{glrO0#@@<FP9KNTJILvqfwMuUX;Uhoi
zau0K8lz!wsOZcqkM}9_~f$#uJTu=+DNQ?eg&pOjyBug7y9R06!=mn0yuKm-Xg6KxS
z;Hn6T5JjZ#PvpaAxmloY)UMNk5}?5FS#%cH8f<<uO2}&zLb0y?POILVEzF;I6mA0S
z!0Q*Lg~WtcBdPm1#FHnTqL`(-dL?5e!p<E1ee(qh>cbUPTs9%r+oX-8rEcLvm}9*<
zUZEw1U1w8~Uv$Sm44m_@!R6hJ$gdBW;j>IS)Z`<)HoM&iIA4x%@}zFB2Gc@f1Xo9Y
zn4GQrGLn#J@a;_B{kd&n<ED@Ivb&Y1crVNLQ@;oTX&3+F_j_Cynt>3Kby=p@xElg>
z3VfTQH5#W4&hGz3?Jt+zORY2fsW|G5IvXme7)tm1MF^`k3f$>{C00Dld(*g7toMl-
z`8(I_ldxFvsK3g_)P=s8BI<dTd##iZa`VL<#|5b>EA5oAf~!fhUPVa6REem<F5~Bn
zW|CL@(}!JaH=}zE2~@>%7x_YVoNpCqinaQ??B>FvSg`|!3ip_bfs1Lr_%O3Qy<d4*
zU3XWePdZp`jzSl!{=7HHynSyG8A`DG`(%(kWPbDU$4;j<Is#2B2+ipTRw3RgttnHi
z@H7--5=DFx1yAq&Q&TcIlS08YvbFGA`Z5frGEfVcdKXf#yFkgfyF?lOc_A140__uo
zzIknHQv#^FF31@mV0P#puCurm%RGt7oQ(@t8J#<B^Z~{o6tf~)KztVaH8=}6jqb7g
z{RqWu_J<D6jI%pLC~-A{_rWWiw+>^qJq`M(z-3^HsgDMtH8fSqntNn==W4Vxa?x@2
zS%}P%({WC3mbfv0w4;SQW%k1K)KPgF4Np4WGD$o$nOLvuVDmPb<9_odvmKt8;_Sz8
zoyG<`A|=jV`Xy+~_>)41nLt%6eiEb{{KXs`#XF;=cIc;}!w->u50<S>Kmkx5RWwn-
z!C6;kN0ZMb>d_VI3^bsX!v;oGZ(!_2@cxVs`E8mW`56Y;PXLg1qcMCrnXtqg^W2o@
z%2&M8ooat*)7m>Oze^<%gKQh@m<~Me-9f6S6Kcxq=q1p_z0|$Z$QWqSs54Q%U$N(n
zK!LC}u6&YM`P_RD3lOSMbn-**_?Ok;`N3@b)7GVP9VK2pgjJR1${7ZWRW%@0j6E*v
zj;iD;zAlOf4V_c-X_NbjE9<2Ri(aRZy3QQ83t6IozctDAE9t*>Vhg*TSLxpK;O->o
z_?InjT+4OkCWoFkL)p$2mG(`!-%}Ej8SU$@Rua(3UNm!4I;D`@>_-Q7T$7;peHA;d
zNN}$41*QEuDRYTBrOdjQ^N~}>19Rj^BeY%c0$*a8`F+)=?9%higz_vXs$&!3xA&Dq
zLi>|sD*wYXKB!O^WhVH}zK8QIxm|E#-aCNU>Fxww42iu(hQaEAHNlDNd!(3XKMcTB
z^|+<zzuuVOAXun>CiKof{7@YRuUEnMRy%yT90s~2Hi#tA1B3$_SHX#(OsBBQb?$!&
z{%hVSx&A=G;{tC+M9uRFJQwSzU-J7-?wUZ6r>zXPhZoDc`Nze3Cxy|L*!@>{amBOa
zU$ew0H(!$4b~k9;2FBZVb=YnbH^jmD?mIFPr-{9cnA>uMt*N0q_=sW>0hlc7;$R&D
zm|<d6X<}4KUObpntL>@A_-RD38yQeG3um|uK1|fPaFa7~iM9glX+{V;%!%eE@d+)`
zTP@5Rxq~U$iuT;gTM@U>JrKn?w`V7<GrA`Wz4AaOHZBfI`8{yLy^M^!!$?kD{X0iJ
z2cMCKJEHXaCM7LRJIp%A;NwxkCE4=Wces`NVDz#0=x#Jy)KkRcXew90W5%yISCE@P
zMhHIHh6Bwib_Unc=RW4&#Jqi_MnirN{qjkxLXz>GFVdTDG?V#iO$?-lD*AgYA(^x-
zMtUlH$RADA*Px8RJl<r)@W3dSSVW`|?q0ez0z&k&c$?KvvpctkcobF{mzDy-2)thA
zZ5_JYO(CkV{w(Il-7!B6g&>+$Fz5uFzgTfV1#kt%zg#7r@7>X`E<X>QnsRr3Zgkms
zW~e|2^Fnp}sik_i1Ssl5-0=GDvU9uw&^P7giEG9`M5$2(viB*~cfWle+H4%=*P2a5
ztZ8f~l_hgJs4s%^)MIt&cdMQeG^du|PP3qq`G~9G$4WDqfF{F88;>)cn0I`2XCQ#r
zM!>CQG_}K8lw;j$#wiIhx07jPG4nNx<te+!<|xoJ=cD$Rud?@%wG`&6-?_E7`!bZp
z)!U|(o5XbdUDJEv4>XadP(YE$nmw~Jy*I<`O2h8UQ5IK$evML<+FgySmi)rQF|pm3
z5OyoyX01GxGAlsvWX2zwMe4I>nY@_-D*$)4`~stBH{OCkX98r9%jt{24a)CrJkG+g
zIceoli+A<wlZ4J}794a5Z1!I`Cp>Fpm@+jOd;TctQIAgA2uOAvROBa7wJOn5Tn^-`
zJowLhuCdwJb{XZV?7K&&PFDO8idhsF3!3y?uFtG&F%uZdJAm6fRa|(m5E#06KYdTf
zp{1HqiCZ|xAt0Woa)8<TR_BsC<KS>!=|LL?8AXV$QEvwsRV@~CQIDb_-Qiaf`HfS#
zG*~ILl2MX(PBGX!p>q3QhD|5b1mBxZjcurv=ND1rz5bJ$C3aZK++-%qtNY5~AFPJ=
za)=h`z{EYwU#q0IP*78rd2%@RrM@RXmjj{xE0j=VO?w+Xw%bBxb}S8-aA}72lYAgC
z*6O|MtA6RDH3%&lZ*C@P===V;9o4hkTqqu8OjYEQP>YESDW(p`h9M>VfUXW#4wObB
z<vtTo+?YW*cAg2))#dVyN1GaK9Ab*rskPk6F69)i$QW~&>fnOr_r;kVG7;Si8x1!(
zX9Aw_a&2PKw04euWc}1*Ru0}Uh#qn9+NrXg$ea*)FeJL4HW}scC<Hw7HdyEls2~R0
zrKzxX1vI3GZU6BCY}coUnO0_594^2OfV=>hD}M&r4I*r`;0<?lZG<I1d`2)kB|>V<
z)_AiQ9tywFIH_9UE-+#z@q-W8A*f<jw*QJ49Mbr%BkBX7h}d%H?k7^TI<XZ0k{D7j
zF&{_WCI$S!(iiBY%R8TFeLB;PFZ|HZ2Y}31yD(Ew2<o$WJYq1baZF}eX8E%R0x#=E
z)$GSVu<(3b2#%J}kE%+){F_rDhcdBx1J351z4BDc2h#vqzHF3dch8+{O$9)9r%9=<
zJ<iZAO_WL3`*m2Oj+1Y2`q*eWjg-=kt!TKRma!&@=|s=z`2GhDFJtVq(9<UIQr!W|
z=>BnyOnQ3m1ZAD$%*7Or;0US4Ud!mKahyIhMfB$yXS3>N=`!75NzldzX>jdHfHeNi
z4pOX1VLL}}XVgz<&;?_d=>oRGwAMtDi4)(%j{paB$zNIXbBfpo$4f!KLS!4uk7)d-
z*FhW}@luV?tN@!1x$B8f^)zRvE+yF>=~9hhhD49f_$@Rcu_nwNTrBHMbIc*kLwAO>
z{$8qP$2nAUr-!x`2yU+*{a;$<l1yqf2zAQG237G7<)A)@!TOAVZyHL!CbAKkoSHYU
zct)c1Sot!=>SzLXvR?+^L=)7h#{PA{4Tz>4s6A(apdN8CK`#|VAGSuoKKVRl@au%$
zF6q{bmV%Of=d^I5+C73epY+4FGnMB(MSjn4xb$$5YJ)Ya&MFt&TX+gt*NM{F-_tKx
zaOmND-m@tJa&bQ4Nz$#G#7V1cb7pP#<%16g&nl%dy)Clj1?hyR`zP#n$E^4ER^*{l
z(s|Fo(G2r11l}A4>m|y_iKxhY1e}Gb7IAqPY2|;O`ywFY7)TapIi;1{hPf(g<wbef
zIQKy*G^4d9OcAE`e=2dcXrRQeqHqI1nR!qDDz4r%CT03BnUqZ0c{3cOK8QT+N;cZf
zJcZX<(Z=5aTf4D#U#xt%eE()tF8I?+UKP%J?)q^3I?t%YJ&!B;WLSBn(7fsSx;hSh
zQX#sRK1GrerG?gZ#g{y?EhNxQQk9IiJJdUdZU5TGvG&{|yBEIS2|)<1^;+=wWGHSB
z+$=TF&_mdLX3n7@%0QGtq!@=7%-JwFyIs+({4Vv>Ll}K-4n-l^t7%;NxXDS))J!u`
z<Go9&Z3C?4W-1tUOg-QD5pPy&YqR#AcQqHs@}(3-_<#5Mlx0W<&dob}6p@12FRYK7
z4WlS}hz>8ZD97qI0lMDtSmm*R=d~)%RwYe`=?ey*5{=t2hkKp(Bv-JAQF%}4M4o7u
zg++ra!HGn?Mlr<TvRlrCReI&uUn0?+L0_PnJO>I^1J1R8=WuSqN1L%h7Y(GLNC5u*
zL%*iyaI(gGrAhhO#3G3le6y`SQK~@;HxNMtK<4t?@zEZ&Mg7mYLO^srkvqyWCdZ;E
zMTN*2jN~s^#+yiZfFcHmFS@zzjxLaS+RpsFEWBg&;u1Ex1=(_EMIap#r4$CQY`Me7
zm~Q4+33%R+sony9$G<mLQYVLuS@Nea9=28>1{40f9=uTbG1!=i{sXQx4FM&X6C$#%
zQGt9dGzQJK{qAc{wLBjIxWZ8Ql@}NTd6C5V@knlsB4k7b)ojb2V-&=yU!|L?wf`uY
z$r5E!e-qly7FGQ<U#d|>AHZ%cfBmTYacEs1r|;03^Oq&#^-1-4-JT%rT<w8(tjV}O
zAit%Y>Bx$6-<t6n%~mF6gKe&M4?Fr+mc}1(KoiYhnIFXQH%6v0#yXN{Jszn0^~a#g
z#k-_pG6#zYRb`th`tz>m4uP)1&fPPHfH#pW;e2vNl8Ku%+`z9l?E3?r%ww-pl%Y0i
zoW2uMt7;Fe(iMABavGi%@aeQxtcheY7eIh1p(0nR@q;W8PO`#vw?_u#Q9af~e3a0i
zEd4lBKxUxb(YYksu!gjcm)v62SE)3cY09gH-~WKjg5PUOs*y*(+`fhx<vPx@M7L)V
z=Qz^=6Aqo~4cUKlQ5n<GnR2>W>!xkZ0uVxC!BLdJh}d^Inh|YcU8qvuomx600D0Ec
zu5#g(oOVRoJ6TAvu4@ma5r5Y2oQ>R^pB88#Lb6gU|D7?NlEWHAmc%VIlO@vl<`%7+
z9RJ(iBbJ9biJL`)E!Dcto617b?WW3Gp}Z@k0P@!@mWRFYYqhTg)wEtBk414fPoX=Z
z$yDkgQT7m4YT3JhOy2ye?iOvT^%i5aKo!kAO|kiEpaSLezPTK?d$v@bM-|~rL7E(H
z1*zuZLdxMdWAtbh&;0e`a^Av5G|!C+_o4vnx39-`(M<~)C-JJ>fnEj*FB^8z3ss0(
zJRQ`^O$~UnhH_Vj&aphR`&=25nQ~XfM$wq=M7`3SxOQnCM9W7C<wOmsbUS|Nc2ebL
zHH+I_fMgG%gyZ=X>(vnPJRr7oYGs>Z)ZX=~6iP5U=z(sy@r5XQ*@lor{sKRQJ?}n=
z>zrTw#;a5Hv`@p;VwNL8gxc#4OcZ_1tr4d^%cUj6Tyg)ZA8lsyeoe&6zkh`$n{MhB
zjfV#%tIj5_?D7_klRW?<0^fTgW;l67=)L&VEsS<GJy+h~hCB$$|0WF#f{((NjivXD
znVt%GzW4O8ab0&Zc==38N2?QL{-wiTFn$x(@EPbFYuYJY+{CNzVN_k%G$tU@V7K2?
zUV2Qu?p5{)=^b<ZQ%VwU;0IW`EMNS#&k2}H*Lb5!HVZC-63(uB@oAnq_b+Z51XTPj
znz7)|qW9`pqK!Uc=kz^d-X!&ih4d+E_{^TRXJR&aW}jzvXL!d_-rz)F>*oDEd?naa
zX0PmVGV0F%K1!zsHT*cUt@})7Vt)V5LERDa7j0=`p_`bonm6*vXpMR4`-4?<Wj0ao
zFs^15or(3aPi{#n_`A@#+Vqh|^2s6h{UI||iBj1mk;zQ<dg<E?BAS;ZF2ZCzM5O<T
zNH39FY`U0`>Fw9xL^14cuzAd*{7!TANf)=+5i{Vtk%QTpd6AW!r6F@5=^sh6>WGs^
z1IJW<>2ABk<}t|JER{lGgMP1FS(lL4DAjHKH#4A1*K*@_A8p7&z0h!yJ2c;+MGGD7
z$s*zCmnYKl9bhLUv*cA9Y54`f@ys+ttV=Wz_-|EuKeUmeTewn4(GOtMJK?H=RTl(U
z>>N>pe2VB`0Nsfq?KW^u_0c^w)G(B3c3(tnHGbhRzJ0m;9Np^xs5a657{G44$&C1I
zAW%}rCtNYs{saRtwq2NLuS>u<X#DmIe9z2|YYQXm#&C=``S)rqg`m$-_zB-l%mzrn
zDl0@Ly=>q7SG}TRP667#20snSd_>o4UPKn&8OxlVa%kA0lUh~3`=Y?(q3RnI6dsGU
zmv;(aZdBwn8JJ1&F`g31Bph<)0Q6E0ud2J4o$AFAW}ju7Ki?t^tr1Hk2wVLqe_`Xy
zVyBX6@f-4V5-9b10x|cdQs!rSL{L6OI~J`dBi-f0329$NZ&(ugYVx||IBzv+<lUJ^
zJ8p&N1Fl@+4ihtmAFYp@=G0qkucqReJp1}tQ5{1%fAC9UTsGtb)?K&=8L6wU+5Z4S
zRL?Quv3_9=J(v=?H*Q7b0}%NROoX*(!mhL0`~0U}IC=Vqzm^ZkRs;%<1|I!uh@+nD
zplXtY;9HYq^gq8C0*0LB`IUQyn_jX!&$c><NIEJkk~^od{PTYrYJCO$Ia~*9Z)LfD
zs{g?8xS8hb{U`J~BxKY2{;EB4Axo6|{*?uym72+_9=5gP{S8uFOk2?2H>CEK6s;+}
zr^)p6B^O5}u?O(n5V=6-L-c7=+x63(vpPR%F(agP+c>)4hqi!ivAq|%SvB~lvj<>t
zVbAYW)4_4y-u&~=d=DW0?*wJ1Yc^!cnDNHuFQ--~eZ|%V*^t9s<gC5bw}soXYXfU$
zbQM{$4A;ls!qLC)XbQFlMxiYf1j9=FPVU7eKZ8)K8c*7#+nRTHj)7WhsCPsoTQ(f#
zvYCsFWk=QXJBwO;WjEEOu4~I0LY!TSV1+cAds6hf=YPN;_iWE%vxOjmcj_xYWOJV0
z$L240LI3QvgGFC@Tc9D_6XiyAkepLq_pBO&zov&JBOL=$d(YO?Cx)1i4~_E&YN^~5
z6SpYprGpocz-damvO;u1gO6kJoO`m&hC1JIwu`@L47vhCf2KMI{9*ZB?!fyHK1~kU
zaMNr4_YzgI%YITx+Q&%UTsVz?_7G)u#10rqQ?GE8@%HUI$^(BfSP$WM5*6A#NM0z0
zyCBOVPmd!%e$3Ho?X6uB`h37VtND{5u#s?A3PUSKlhyQCzjt8+X*SD}Q_DbLZi<M(
zovHBD`IXS@)%P;`f!g4gP3BY(^xw?qUHPsvUKqoDp1aI!?vCjY){q>*J%UN{!=(F)
z|6}PZpz3Cxw~JqjJCuvNyIi!mySo&3x8hvfU5XTUDHL~iDDGa0!^Iu`yua_u$;p$I
z*<^FhZYJ|&X0O6qvHUaV+AwC;p}O^j*gU&vMm`GeaTHxW+uWmfWlPU+2Q?Jen4&6k
zn)I;OLa+J$SzIgbbU4`Iih*219&4vQ7i=EbWDt%8c=}9m@w^IaO|4hImd*|HMUl9S
z5E<Vx_Wq4&fX%py;UoEz1K?7SS#Z5Wmw0;!-Dx($w{eJr(T1@cyv7MU?`DU68B=z(
zLEvbZQAU-2j_tkR3CqG0=H`Hb^L`;g7JN5`u)}RGA3qDn6DSH>d?dC8j?jaJ-@rQ%
zEO-{zPg%NDTkp~N$41D8vCp3vdvvs%EMw~M!SyD)Qb?Ad8LKQ3tFtpl>rtC7ev>Tz
z(azUuM(eH<5&T0D7smkG%D>78`SBrtO~Scx_tFIra|97%9Ur0X>XVo9Nbeuf9zGkZ
zC=%zh6W>EGtJ8SOrx4sqLfO?Y^wV@AWiof32DW`VIc6lW<L2!fZYJCj*23>t<%e3F
z)KM96Zlp0uq9OZZUn0;+=Fay>8=^Jr{fThDN+=kHC7sHRL5}r!JW0l{y86IXzB1EN
zchc?}%kCN`67ENO0_x4*eFPl~)%-aU7qzy)`Jb0hjTWBJ-#2vf-`Eff6U`C($1y+N
zAXsupW0>{hNnEkYDd*J1ebYQ+81SiT;?UwO=@h5*G@bw6L`ls$axXgMjm5I}<8n=n
zJ&}S$guv%QuxUnsc?P92<=h@cJm@n9^xVp?5M0iVI&@mCM2H?7^g;ZmZdtHy>d0}j
z=~vqK&q24umv;HbYT8tN39_(`mjkD2`c!@Mvh_+)v#fL)d4`qphiW<)kwOZ!@)1>b
zsrJXO006d<FEP|cE}5H8m~zP?1*v<54ZsIoyBh;XCtm7n9|w5Z5^y>w^;I6H4@?hx
z_d@aWxd9w#iMUxHfaXt0{RteUf%q~h)q|&jcwK>M6Ymc@Py8-TZuq1gS_c<AnRA~9
z%CVQ~Xj=euEsTf?Xk?tII}e<w#6n!SRK2na`7xH0d(OMw<)ioRR;4s4I%;jSLO0wh
zyw0vGF@!j5YjJJ?5vMZRw?r^`j{xafN$GOQ?L1*<!%D?N&77WeVQ6LznrsYVZUN}F
zc~ZAB5vMKnr5=sRnbaiz*m&CJJ6;&MT3cfW6j6DUU<vh~gj&i;Wq!HjtNI~zD(I~n
z5DtiVG(jg|0$*i@x3`D*kzk}+gx7qL`E#3s8m1cEk~tSeuAc~oV1>wo82aOdFRYgW
zL))&<6D-WuGXPR6Q>K&L6E6tuu|#QCL#O-KaOvwdXXhBTuDYvuD2pO{U4=VJhiWuL
zl_~gpQ8jSsV~)M~mOCsSQnJLw+K6l7!ZZ^N?~ZaapIVucl!!6WF@`94cKk(KBf72t
zH^{Tnmb4OgC!s7q#>&v?x6rqlXk*x4mJ=l#)e;Y_xcM%^dIYm{jacJ{(_;<ICtu36
ze<*ix=U-ViT{$$Znm?vz(CDcweQjR_b2pl^&BSTBKVyM2Y+}n2(kKRRB<)45?CGdA
zrVL6?O`mRyu;<bn5s_>e*x+p0;L^!U7D1}=?Y3ARi)p4~wF)izdXaR-X`6B8c*!c^
zJtxv^<?Q;UvJvIZM8N?>AI*%V(vy{RxdUn!5*0RS*Gn7%9yeh%zl*m9h@Y@L5M(Ha
zLrjRE$L~0texs79y(}MC{>);@PhuIRm$Wf~)zSFveZ;Rb=w;N0&{ZEr(FKP2fMb7f
zlz$&8vjB8K^hz)94zLRk?FBIR3Wy7>AGnb`4;&Va4E7U(7J8k^5*mh<jAAkxEGbc|
z0Tvs%L~_49_`A>1Io?oI-6ktODhc;d2p^@KEK$wZ$U$)TD*>hY61?Biu^fC(5;X|A
zUjYxE27P61uy4Z@q?ODjjt0Sc2i9LtXgjaJIyrC@d^q$x1eZYN9Am65P<Tbt2-tmL
zZ6-F+6b$~>aysIee8bmMM;puF2dFv&Oly?>rTi-{*f-+?OTpS^X6L|}3N|lNHl0i`
zDe;c^U95?LRjg&3f{HG%>5=y1rBnQ9>=x1CmP*!giKb{Foi=ABFkv=uo5@N(CC)pJ
z^$HX@YfFf!$(2IesaxnKLV{GBo|8uV`c1444F&PTun;+$`ikiAhWTHk+<9^-n<q-r
z*IMGx#Q~QzFNcm|)>~RsvMi3`+Vj!{ZhdB*wZ|HSvceAHEi2OW1Cc}E&e&qn0Zy_Q
zTXOgljmTNQEX+2pR9e3>I<jhO#1zHss`L({24x@98X_qKPKp~_YG-wve|#E1DH=|S
zn2)gBd>Wq6wR*IEHPUBtKQM4BS2av{a_9}eOLB<%aKz3+)ndULCeXghar8A>U>28h
z)5O>_tF*mb!`>fI$xi#{vYvTI&aPw?GVF^UElo-HblwT<j9q^&o<14MVUd~lZzHG2
z`sxHr3+b#F^lju#WGmQ><G}RILnGy!6X$8XaZqHAT=v9Par%@W5GZ<zkR0tpztw>G
z%MuoS2tj(FW;R&4BvjPyovy<Ds8%mxV=o(AfWrik)03uE-EUD`$+sHQL6pGLMW1R^
zR>uCxphd@zea6p_e|UilreUJQUa*yc*p~k+GcG}Oep>xmW+~Ulz(j@pzaj8-rYsGN
z@n1@{Mjes%se_8FrWoay-pL)pO(XjE8*jRj945pyU0JqrmvcUIyt!jnRr&7Ul<SV=
z1M@1;<=^N`+x!)y%4Hcu_cc}JS(?b*tcnLxN(Zs6@zlf_`UtCwGOm7ST;)=iWL5(>
zbY<A~t=aYk735EJF);O3(D{{{h4X7emq!n%)^i;scsFJH>_Zm8eAQIzarO%M8@gm3
zb-0pU8WKMcDx%b?5m&0sac<YpZJHA`UP@6+)CohEBbaRv-tZ_*-~WU;m80~k2(88~
zYgx7=fFQw!@jS%hcoL_rpMRwv{<=k}Cu=HX3R;y#5G-RNYpHhoGq;LK-9+UTeWfH}
zclk&B6w4k_$DYb`$yTatQIXsuD@{>6A#_=zJ3WGED-Pn#AKd(5ExBv-0F$g?05dsc
zN$+y##(D?fbRq;H-y@e}SFyhQrorzoO><eLG?!HwXqrl&W<vS(jhc?F7>W2bd!PHA
z7UR46_r5=On7<f2NtF>Im!~_wmR&*j>ix-x@VkZUi~Q)yL8mnDCAkiSU`46#U?2`0
z;F$u^acv{cdE<VVIFcSYq?NMNr|BC}baC@P5pP+PiBSwd%yZ5`WXqxQO*<1cHjwSH
zd_B@tdDequ`plp@T^az4JQ6>Zes;~FM|Jw%hVJ1x16lED`;r$3h3l(1+OYJdh9}xp
zVSwW?SH9c$9X1Le-)}kaNmRZIJe?K<9ty$~>IP8y;?nM1H-GKh_==bpWPnK2F8gp=
z4r)_neu$Y&mgdc8Fwxh7%j<1(?xl)cz0eYuYsbX()JR?jF#XGhTBN-9$QAF7sR7^A
zd}a@~jYP>a#AH9wPZH;8!>n=FNFV@pmQ~_A$%tAErUT3klM+CeRDB36bR+uJdSGKD
zb{c~;?Sy;GofkPwB+U~xBf(BeTuOr^ZRJ+Nd{drKI6}95!jklXU?Ub8#=}3ce`<aV
z1oM1&@or$_K1?qX)(6{bvlbHW>^Wc}sT0(wQPq+DA~aFpiG-_2VbFj^iu0rZo>+uT
zP;R`9d|XZIg>>-dCt?22AK1zC2Q_LQY&q?WgY&=n^PN4ZO4ON3=2ZvO&k*QJ{5KH&
z+U3|{PZaUj3?j?xan+Ix<fGfMaNW~QE2;+7AFWMgFBF&845I!k+b@kg()H|1J?9>g
zpF5jIYa+cqM#H@5Frwx)O!LCKWGA~ZkM#UuMD6=rA3OnMLf#6(HRGO0*GTyux_uc{
zWqQZ}CaWExPckH<>?$C=wqWB2jHf5)bRy*2pamB?wGpvPO}U8dbzd7K5b#&hnoTJu
ztoVg(qH+C!&)o1q=etc%^!7*VvlJ{++gu1qm=)_;>3N6F+|5VKBo;*MC<RY^K#q^>
z2#{MW4;kM|#3GM`%B<v;((Xd$KmK6k=2U{!2Lt$PhKkg62U(Db@T1B^JSMx*iNqn5
zG>v%r)#e{iA?HZ83Nrf!0v`1KZBnjmqn6^Spyf)rFk78OXwQTp_(N}DY(m%GiiT7_
zuuZ=0^^0z|8-kN}hr2%q3HxC9e?)<@{Tu|}iFi9O;crU@(RCE9-GnVH{rk92`A9w9
z-0btbu+?bj*!AXe<KdTBo!Xk6Hz&7`jM>TFo?MY`q%P}eS=MlBt7Ycdb*%7E(0n?T
zy9wUtH21uTM>`u7_pG_0ep%M@C>13MRw7x+LG=UJKcUA2Tfa+fSVQr4l&o$NmdH1}
zmVx?jVH_+?15*&6%&tkHe{5H6+%kW-fx}Fkh&{BR{l{W<4}Eesq<W!PeN#fNd*SN)
zy#!ddMctlDcY1dhJ+pBQTy;MfvHw@$ftEAN%J)5~bgyE4;?e@$#0q`%Otu{BMmj~5
z^PytBhLb;nRSnj*^Mqg-D85WvP-k+B{1+ZWF>?W>#*x%7xIXk|cY!ER-C;(fb@FAJ
zw6Bn~^=YP#BwtY&+6Ht04GKXFFf!kEoPrZNlFHbK-zMR~vl47QBo4WdC};Tx&GUp&
z6Zx4hJ{JjAfw|2+=>0pha;<Q0ZMWC<mIJYqyXZ`{4pS`~B<?ye_Z6}BhKAQ+3{$0V
z%C?gg4}wD0;TxMTi-&Q+ZO@Jnf&C4K72)Bhun8D|$v+7dcSlonOJl3`AdP|}LI%ri
zsoL1Pv|j_^K|l{fCH+u2{?$N0FaQpOghqy!kxzY4mwV%MUmJ`?LyYT9d+<?Ij>r~k
zoGwo8@L9PtSa~w4_5#`3pg?3bdx4|9;K^RIjgX7g+l^D7NP{iHf6E?zmXnVx?OmZ^
zG!u)J{9*vRP0GA>&!R9S{BacAFGAur4<kX~W_VeYZs7zc`=9d=l@Nd<TD@(H_l?rR
zdE8HBcAT3l_wofTcnp7F(QjRxn|Zo+O`dkL##OeAZ6R$N_a0->>t5AL1QcpmG)>){
zvhS(9?M0gLtz?ZpW5#__A;p@t#PZVkRloV@Qxe?8Y;N~^!50WvFQIMRv2+zRG6gBh
zE5~Hu3NlzuoUuF-*|d63L^8L}Gg;Y!?PV&EAF9d1pULEr$?#hn46>?z4yzuril+XM
z!10MtKLn%q)uWgH85RW~h!%+&<rL!ZO{gB`HW!KV5Q<vyiqpDfs2?JV0rtYALk-!$
zbzTwbRun0ar4Jbg*GAEBozJh=3hkn3A1i_3(9>{Lur8JFCTD^2!7KT@I=3|SjqmGj
zM6MaEOT~~z$5iEqK5y>OTHv!VcGs1DCoj-~?uAEorx}dN4gT*#P;EyCe`i{`91_wu
zf}LLui8KMHno#MtRcw4{-#)&VY3gs`CSU{;*~dy7YfYxmvP=8&7p`oujbi!BMmD(S
z1Nw75oReiA{oK*~4nC?UHWyz7{G;^UO&ROnkXhbUA0s)S^!3!E4+u(j8m3DXc6U(O
z-}3rM&pC<iIql4bURh2umHh2Pe+tEV3bPeEG^~nQnw~`$LZq2MqQS47VzL3ujG?<^
zgZYH<*uY;)Il(DTqN**N;O{%&wVhe?^?%l^XwAs^TSV4?*e%le0I`-fCu_jo7U|0~
ziZy_Lla#WX3?+X^S+qER7X5g7PVY}2lb9EzVFR5Sg-Ra3ViDC1M!lkijFCiEn{S>I
zoK+vOhpLuyk1sTB4nVm`VFizRh-tH51Z3YI)%;){7&N8v_V<yJ?9CKIBoITC9O+QS
zjpG}WH&Ljum7Uo5CZfBeE*pT&<B`-jc(SP6hoW*1X)Ru#pjGP3T{7f1YMLyn#utG^
zk$PcIc+7CORSJe;2sft?74=ET*GYJ|Z?%mpJ6zj-`f<)EoDyC2epoeamPT;5xOAB(
zdsOEcmE7&C6xO+e0j>iO+$qMBic5^tX}zPHIGVzmD1ec_D~Y4mQ<yD3QwBqLMZ-GX
zw<sUFWLUGY-W>Z3Pp+3aP&vw&#Loe~V!XnZt@Pr?MnH=U2=&e_4<h3kYyaP7#E?zu
zy2)^Ymp6$AKm1<TeG_;`k&$?yMcEDW&J91T{~c>T+64w~x74;4D#t02%!4mw5FXHi
zmm`bSl{4twJ!7X94R9|^3SrklhI*&YeoyGhn>3Xsl!_pf+P-bT-=#(`Q6h!l>L6oa
zAu7;ddL1x^xszZF`H64))#KYJeJG5gWkgAXfBsG~!t>mk{!`_2vt*#yVS--!d!yr$
z7qk%%&nJap7=d{`*bI1);jCkfV&#tN5wwK9F2&l+QQX$Bfc{p1$RdS>%%Zc^6PeIn
z09!iVh@zfbMw1e(mekPk9SVj)ZTM@y4%nvwa9X<xznLw8Pw$UC&t2z)D>6~v35Qav
zI@}YY0}j@KE$phQ4d#NlQ2c&u&5B$NkKB>*xN?A-wfZql&6%sf>O!4bFLM(;+*65l
z8?7bcyLRMS@bz4TMCb>r9k<T+KU!1Nj6W10xPuddhu#gNzh$uY3>P}xH4axpx@y0g
z>Zjt1nqx44+NK%nxAY$-O|Vjfq#{bzJ$)YDOz(fN459N4j6`^4EUu0;8(=t#Bk!Pa
z;8x!H<BIjIf%UpsA#6Ix4c`D9rX#C_gd8d?0-p`LL4uoa5{5?YEMaw0^CpIe#HIWt
zsy?1KFr`u*<ZWNX9%RtDa<T^lO<;wnqVrFI!Nb6$E$i$u+=KzwyY{($U}5?JdfOBk
zzKlvSs6zKwA7dDXq4x-6mqrJfQ@GFmNsv_HKL4c~a2nar*S1BleEz*B8w8I32Y~BF
z_?;nV#hTuuxelW^O?8SbjJpZ*mMhi57r)I!zpZm0_&E<fMhWm{X@@-Tu;tgy4r#a#
z+|NVD^%I3iCsTE0ePVn~rCZv%>qyFaT;oeGYF^4}hsvAy#D2R8=nyk@_%?>(+q3<s
z&)H)m4s$O=w*CU{=_m|x$irOqqu<tkNXMP&2~|Rr5~7+v2BL^}i1A(#!dzgYFuumr
z9dbZl5TRth$0R%x=zM>=zA=PPopt^rr#43QPTdTf5>MeZJi75IXBSYtJF+@gI}(G5
zQ<ekuybJigYliGj69-Ytrd@V3=1d@66{7tTk*$OeGWyFS9|>O&HA$j<L1!56{|)k@
zII^qEnZTP@CyD+WFG((fuFZ6mPqEx#Y*KCHW3P-tSNX2u9og4e%IT!x>npUg?7M=K
zugN96c(6K9CO~l3{@@9(lrQj4xI|GfLy0y+DXj_4SJCRJb-p|?4=XG{5rR9f0ai?H
zHLXmo(v4+H6+9B^@$W{cdd#j<O?1k8{`z(R?wCgG_~-ZYAGByH9PH+y5M&d&uNxPA
zy=jR}`Td(c)CJ~p>x^M67|v{gt<Dt6<PjQLV0Bz{3i0do*8bE5AQD`*sV3xq;%TvV
zFO1~`J5JM!^(p-Nn;tNg#DFm_>e&2wEUd6pJR6PXP!Qt18Vehh_O{R2K|Cf1(Ln-a
zA{E7tEO8S(*4U#7Fj2mAeub4zmP1Uany#=$MGS`NLrJdR6BT_9h5hEPK3b<>Sji*v
zEGnWy)nWG{*1kp5o&ebqJ@V8riF@%h@b{b%?bAY%Aya*p@sT@qg094M$o8Vepz|Xm
zvnT6KeERholke0hNOLqk0;e(O^foMZWQc@^NgVa0VA55ABpDT))Bl(tT*Rv9CsKA9
zid`b=?+M#!iDgmAf;b%@!)jWR=7H9d6GF4QNm0kV<J-K;`X<-+-AEQyq^%I@VvSe*
zDN1>VAsB<L{P*)5%hMOHf_?l;p`bHYA5B^_<M)RzR_{3ZXIjvyz9`@T2>_O`!_$|H
zOPrm(TEJ#-So$qT-4R1yR;{=OwJy$KdOdydj7|KUSFv)`97C=$wP8fE3siIb4KCMA
zikoF<S3JJ<wf;{Dft^P$=<9K~umLRiD3VmyAh=8L^loT6wt_bs-UD;46J>7C_kYm#
zco<nM<dC4&o_`WxxM)D*)>!J5{ZpcUC%ramB&Ur)(pBdJ*UtKqYF9<}4{w^tv<r@C
zL>yeKn6k{`n4kS*<&sExx9P$T@^01B_dM0UfrwJQ|3a5aR_|V<m6D{;wZrBj{3sWi
zE=)y9dVlRrs6v;6N`nAQg8&iV9-W;v8f3;x&N^c@lYgerdcI%0Ob~kmBJuk%V7tyZ
zl^y7I?y1151f}N6xcP*btVunaalRg7-w0B?nJFOV?6j`T6gNiH!S#vkwEUehPIj5d
zW8}YY^kZG&%zNX_l^1<L`TH)=6;kxQf)?C|xn$IG4W~Q0)!#~k$`ZkmO88!P)}(eI
z6Nn3Rx6>Ex`fNz+gYzq=GF8xa>eub=9Qa*KKm(@qmlfcvg)MfFLgdZOs~UaK+Gl7@
zX)5LYb#&IT64)FqbVF?sR+obmm+HjZ(GAd(sBEu^P0@kdph@57KJ7t~R1S3OgF16K
zljQ9LqnLiiNt2>~38cL8(Ko&Yyz6=*E#<s1^FY?sq5L^n(e_l>cwWNrlYlnE){RWP
z)l8aZP)%VCvEkM5Vr1YJ7EuU@e*C4lAffx^@=|;|m8Q)<KCbD-ggqebi+f?IFP~|F
zTz#B+`R6SK*qG~vC<UqS#{^aZ41rv)v*393dm8Mefe^*LE3Bh*Q%y{ZYD(+43M&HG
zIO@87#lj(@Ss+g>Wt9;f(2fqZhp*!)QK*hNq9I!{g1oCS$w>hnVVV&!^4v5Hzcf-q
zwteOz8>jv)i9@nm1I$<X*X;6E1AP7;wrha<Kk(OuP2YGWqU4Jd6-{&ru7q#ZG+fk>
z2jC#~Jx$lmg=?qBrd*=m9UX^ts6--v3;iiTjMY?_8D(!$?R~XSJeI7ELve4TdqHQ@
z5wHe#`=~l#f_Y%$m_r#c4T@cedg$c=LyKe!Ueh52ak&3Lf^~j&I)95l)f?vm580Y+
zse}4Ek`(XlcfN?Oe+dpcDkg$8eB)0bEL>V6pM2P_z6|c)+zLA70vFm26g_xur*nay
zZ2_AF_`-Mm+s$dpwoJXWF?1zEAQ<~fdYz{c5&>N~{T$#lWKekGZp;&RJCP>uE(_MK
zF1H>RBAo<n$Bj6`+3<{b<U`w=du;P_n?&>Px^-wixd3VzYu^hRF?|N;mF^F^S?I5~
z5PbyvYQF{h=v<>4>6c{*?%$m3*9wg?`rz}R*z?NS!veX|>zw_9aeA4hJa<~j?d&u1
zPYk0G>7X;l>TgHa`fg`(#cTGnjdYS)#)Z+0sppQ#H3n>LcfXk122_u@Gu^7A@24fx
zjp#SdW*-PtxZ9FA5oAvYjpcJ8>J@KQ62EpQ57J<QBOxzHB|+T6h6MN}{;uHpYNWa{
z)@xTAM8WEI(3Gotoa;}#e2Zogi^QfAC}cf3fR0?*k<Q!%5TZx1y`$Sll(^!blnE-p
z2z;l+l%&M$$V!7-9yU=(>;5DlPq~hpNn`<I=aX@u_{p`4O8z-*d%=mU#{!&5L&H!*
z@$y>Dr$|6#k^8HoGtSAKXw*?^vR)RxmgcvC($$(uLv>P~1L?%Z*N<~HO_^cIKJP^9
z+@Cq$%yAva^|!=7vR(Tpl7AEYKy2quewmsRsGM4q0k_E<Gg{eYc;o)|W#74=bjQ8H
zs{Fe(3g#cBR9f}n_1?2B{NzC&b0CAEx8+TL@Hb9KGfYXDv2H2$uV-!zICI#kp&7lt
z3EelzG^lw)+W+9lC&Qa@$&VqZN%r8&a<t3={a6%vi7U#w>|sl)@xz@(@dS7R?NC}a
zj8?>(Yl31imhpFPT`H>s!{~)T<9V^rV7clSj@nRf?X6Fnvf7M*?PL<9-&d56Ii>t2
zLdX0{a~DvGlN{$*fg325kW?{dF5rf&^cFo{lc5Zmn_?o8o;4kqi_QhZ^q#wqXKmp0
zFP1iv9z!!$nq4}QUR03oaum;q?y^r^j*}yQ@3#!b%LQ2DY>{Ksh9;GY^nZ@&B-sXL
zCYA1vx1*y!l}woJI=4ldLaS@|0XZHcq1D#>fIUz24hbDslaoc%zK>DzJ~h)*SzohQ
zKcsMO#^j<PLnSYt8m+&khDcZLk|>v$ptyq9+T})Ln|NYMzav_q|JP+r=7C>>*@ce1
zP#n%C(e{s`C`7S!gv*}BWLL3s1c&B{jrI#~XR?z^so~!?y2h2R5%-lGyJ&rLPYeOi
zatY?)%BsWaz<2w^O7R`?Xnm-5z@+C2Zma1nU_S!Ghkcc2NMsPN75;)8d6|mKv6s2e
zvc1SZXI+A~DSDf!%ph9-moCJjdMINo<{T!s9dXE^9=E;ijM{C5NoI1ehOQkE%X56N
zCZ`=y?*o~eIiZV32Wvt*Q#DfFk^h-$;h5m)xFd7QQgF&sK;73TxI+K=?}F{B`+HrB
z6a>f9u)xf#$kyf54{|%&07JE2N$2zngVaLPGETLD$WN=IPS(9dt8&0&@GPLVM5Y$I
z@J!%}W6c2b!_}~179i<HqUo|~&Qxssp}_RBm@JxVS$rWgP>y4iBq)5<kyTOvp&2vu
zwalqKHPBdthef0Q0bfLvs>uqr2U+t73w~yVEUk%^HAqeM_TQt2onq{P&=!HdGsJzt
zf-b0UU$0#?4zoh?@HC=854VEg%I^Rtv(b_@!x&y4ItoS>Unl<zsc?2Py`K#2>D#SZ
z%zw)J&LOexo#Lp=a#mehEPw3(aQy>3zTyrIr;;%gkaVQ88rNp%;w10badlWHWxzOp
zy7ssVW_R(zJEiii*Fts7a*)x_w)YBHl^a=;gFu?u9=ec^@S2VW@u!_OC}*V*8@@W-
zIbXe*Qyt(w0~GFLra-!a(ErwWmDZ#ltVntRj6)_R{}L#;x`E{XU?%29)v&__p8;#w
z;n%CPb7w%CVyuc{teBTs>^~G*6<>SINShf)Ywhl^Fg6^kgay{ks{4gt{W<dP@Bcd2
zRw}E8!jQMv9#h5gzulU$fmp8dRc_{{hmM5?yYSA)>8~OWZ9?;47%3;(X3Rd;Ntykd
zYcZvc@l)qM4GgaK*id92h)S*+m+0%WOONL5|2TldSD5i4k@u`{50O|coLvZQxoYcw
zd}a#Qpql5@X{dWE7}<8~3v^4;0z+7@qY|i&z`Tjph8TVQ6AYq;>q=HFA3-<B1SUGj
z2UtS3lSQs}(WJCd61_P>AZqaWRo<83S{d$_!_p^X@h&F&Hd=UOqfQJH*G)cu-ah5u
zLgD;-)b;~@4@CF=8tT1YokV~Dutrdi(d|uAE0z}xm3QBl8fGPCY<Dnt#K0fgQxEgr
zmpWkeH#E=C^1tygf50w+5vxe(xGL1t_9o-XA~_;zB)Mvf=QH`|PGZ20c*c$xgs~S5
zkA=8NS^I2-VPSaxi!-^7H`!QxH0ihv%~tn|Ej<4<#pH=l7#0$DX*`Ue_fF4j&GX2Y
zN&$&p|3E=J&HSWzWFdAA#G}mr==qqh>u8w7mSbYgQL`IG>MByFBBB!_5@v?;ehCTA
ze>^s%wgXbqQAR##7uLCSRwlSJ()~pzJ4Em0=tf_3F6s;i(1m}zdaJyF<^3k24gFWV
zv-$nt-yf*jM!S0rI82eSN~emaV46RLM(c40(lJM~GRU3#vbch`J;cv_(S$|uoxs~n
zV?TxyUE<N}<45+S{o*kVg>-j$XOrG(ize{w&O6@a<F7nmM?Rvpy_K!27X8P5bQMPs
zQM|aSlSr*XNY0o!Oo*kPN~F)Gi74iUscrv1fA1HE;X~v~BsB(mEGYJIyT673h4G_%
z(geeR@Bd+(9kluQo-|AY;%oiBbCKHzW$!{HRiP48l`N5GhV{?9a!-1t&3Wa61wo)I
zU|Ine*}0D$cHmw=?urjZL~+2)Pzb{u)FWDQs^q2_8nOkk-eXLktBNbtBgQu@%oP22
zr~6W~S^0HwrU-r*(LHXwP-ZU<i#)!vP=;%`e32^BqykjX$B{b1=jsaKHF<aT{wJBb
z$7e3=I#)`rW9jh5r}%K)!sn`Hq*bGO$H9{aDDZGcnHLm+2$D^&-|&ifJ%T?({W~i1
zNwI1;cqo+6H-$e+%Kl@;vs*I*f*~u2|F!8-{E=Mo4^D9D^WYpcYTmjhohXzcVvu7q
z;1g+a5+(8>F4d0-pfi1{OTwPxpg~MkJQkbQm4_;hpez2!L83uCQ<7yv5tIQ4mk*?r
z^J6;yp)NU01|QKBXQ&g*mSdVe-BFsH$^6H`PilT=W6R-{84<GP&zje57FLWXzl(60
z17|Ql5IpQr?xZJQ>8sQNMVo=%HMBzE5brp?ta&vgis6a^g|LcU6V!ZCDb1N{{yw>_
zQF>fIsf_m=zAS9E8mo6=P3jXXOkoM*Qb1f{J=mR-PUNn3S}O3Kqi8F+X!S~?&c-0B
zXt?QxtR;?`OHktDH+Q!`$%+`%*-5BA3v_+6YOszfZ{<?S17g=!v$drFPsPzfnc8e>
zHvy)2>V2CdSi~uNN%f95WF4twk34ESex{O_f~-30K#KJ3G`Wv&;<)8FY7twpl(Mo9
zhTTWQtnST*Ip4A-!fH4jc`?>*CAdH;*#eJ0>u&_nLDm_RyObtb>)B;7tL@sipL%S=
zcbUwyJQGbE?AraEvPU_IIeia*EJs%f2y)~yav3}&{eQ@5|M<XT5|Y(`mr8WrOgY~F
z^50VB9yqklW2!vEwmrj)2V`@LFJc&h4=Fi`OcM`O#!<GGMUO$jL58q6)*!cv@?)jE
zIv4v&%;gU<#@`a)H;ulm&C)l(0lu^ZynJKnyW#*B?+%w5g8MB22m|qhhOqu=kobqh
zLy1G@v_EHz`J>z{eF~#vVpNLmTs;-4mw3=&U$BYhKiFg@^lmK8F;mW%fnQ2g$J4qv
zMkGQXYN(z@4FZSy^KYh}E~Lg1ge?t?xsVG{n&_h-E(%^8n;#f|!&WU|Ek*4)f*bOi
z2zslP<7~o(;k4_kI?TB=yj`q5c*7q-?~BSDkXkeN7d^4b!0sf1Lq`-Ym{%7I#%})k
znEh(_VjUFG28r8G9>v|QSwvp4=UEQbCBT5r;u4_NQ#Vta+J(T*UIRD_=0{d0Nu)07
zIyGmzL|JQbW@hVGGyhkbovCl4lSTy-6S3si-*=@+<Lb9=VU`!(_FZ#f9$p@-4JGjc
z4Ne^I0z!K)3wn1Xf=AsMT-6EUEXSO@6tt1+2sJGvNaEBTQET&Sp-(N|uW)>WQd4<}
zHUC16^`s(Z#$L+!q+*ZtnKQSV*tg0jXS%t=msHsXpI0j8bixZQiBM~ad&w()vs3tj
z_?}(7+%GYEjo&TBUIH0~<J5&wYhzKMJZb|PLH<2>?x3NieaPo$yq@#>+O}~tE9JaG
zT|d;?Zb2x`KU>&uiBCX635)djPj}I&NAJMlNqC^40(d^4kv-t<V0mYHr%@m9z{9{%
zfH>Sg1T=(dgu3e)>$nvdemDSixFA5CdNR0r+s64<gE|~M5thXmu1)yk20Va<GNzwz
z!&4vsMFU?XP;2ujpfs(_yS766+mX_fo21gdj=AkQoeb?qhYD9GHMhIMM$2Ch_F+|0
z5{|IZWQ^k>1?XfV_3^faIzO83I7Yvm0pf}soj%S<7+jyjfj4B~OJ0eQQ2*A#f+K-+
zSfCCe+)TSbovTZ;xP(!l;k7umPUg6UQwL{A{|Qp!C_=`1h^6cAJf<OOw>kU3X4XtB
zHelg5-i}R-%%M+tdi#Od+HqytsI_R~CGDvz0&#^N!1N0~fhxYW$%6+Kvn-1<eB-R!
z1|uh+_Q*cv@*Mq&CB`txB`{WjBOYa6q+8oVt5i`cFcxh;wsQ-5Sqnz+Tt7`q&jQK3
zLTIGl$b6oNsmkl8)GLYE5J))aFN`3$de}7Y%&rLWC4IlqJTcHlUyy<$t()b>L3$<B
zth38TVA|ktIH6vodE{=&+=P}Tz;LsSz&)_8A<d_9);sV~bN>%!TnyE^F04&}VP`$A
zxdg_^+=Cn_mvM*nGjqz-*eZ=+ENfwtPx|#iplrcroE&JCc^`7QAqJ_fZg~^zQ4`2%
zPWg7HI?6?+<&5(oo_x|<417*^;mtmXTJQP(GdE~i-_QKpmmooc?UmXl{hJqCy5T&z
zR^P}5R;|t|ExK3CgIcIXgFo)+&JWCc|MbcQ!OMKdRB?Jvq37Zy(H!ZsE(Y=v{2L*H
zZ{<wsvrmkBUf!9f@$?5_KRcW7-lNl;eSgLDM+j)CNByd)ojY6{I-_EpHjd|ZH#2tg
zAs8Mt2gYSzb6b0v$wfW9<9k)c5eT(SDrFxtle+r9aALtSoOW44+0DXf?U2J^O$0M(
zh&*7QQvJTCN>QkWt{dwe`h@Crg^y7WO{-@Sk;*hQn>;*f=V~e6L(uvDCeIeBh06W;
zWW<ENJ-go(gdiYk*brs#KxB2w(Dr9KT1-=iB@E-l@tJ6NTRIW@JbqH6P`*!NW3i@}
zSW|B=`gfykUHHNx>~}pW|Jv0G)wXJb5JAo7u_k!N11pCn9JrdMT&9`D2UB|mV<)qB
zQ%Bobkv?i+b9%qvJdD^c_1WKgTu}3_!T~TZDdio+`kDd?`cuDrTGgvNE^gr}!$%lR
ztG}`wv~=iajOAdKB;9syW_l&`7@{!quPEJB`anx9z?##8woa~z2174(oph3a%0Ww&
z!p^BfqhTB`sg+;?^<}_>tLnZi$CbZPv6g=tPy4tRmm@1}dohUINu|1qt(*M#h=94h
zoYb@9rTSa=AIdJ??Wl>$?Y8kWnR{_8Hl@=#hFPZYTJvt!K@TTRJ%EvN`C3k5!3%EK
zm4P?r_qfEFOB^|BYndk<;%=Ssw4H>29h}s_XVhULe!2JxJcG2mmKx4+^|{reg<H$&
zMuVXZCW~|#iPQSjab}o!^t(m1HX)58A5#p2yb3qL(VCOn>y(<x6ynYDUSj9lB1J}>
z-pkw1`6pZ?ZEk|)x#cGU+$v?f@d~C+j4y=|79?Z?^IBO%->mO?ae&X7fJq@)D@`No
zI{~={hT6Zh-KsXC^0|wrg=V;H`_E6ZahnVvpw>m|pVMF7x()H@%h}uYA;;r}6S|`q
zovPM%e+9VwlcPQTYUWRG89-eI*4B3_!I#;yr;mf2{CXS;!ji^F!GarKq$j5gMx8}(
zKOSL-W0OL|NzHCqXH<XL)A-z1QWho0qABXS(B51Y&V<!}`hyttQT>VT%`L%OGwRO4
z$I-^qmr=*#8o)fHT#%BQlm6^I1z`8Vcse$U*Ahpn$@s{e<Wu~FK>C=W9Vw2$tMzB%
zD?K*2X`ifMsZCO_a4GhFM=`CrrfW-WTJYev&c<8#Oo<5(52HzpmaKm5D<wKTJ-@Ln
zQoFg^CITx-GBqt%dDYuEzakvv`8A85T*l><AXV{BmG=~EVqfxmj7_^T<f}pvOj@;Q
z{J&Bml*%P*DD0{*=4Q@6U#t>#mXs@8dTrvqSB8pkcb>72K%qp3DA}+<WGtN+TkUyf
zMv}q8?t1BHNmCS+(*F;KHy3+IZgcj8acxhoM2Lqq^zt6V3TJr=sxP}+SAClE-H3J4
zu18FqkiQ!{>U>4r`PuD4yoJi1BX!`&yBg5HgOx7kwPh5$5hhZi=zE1SobC8`nd-G{
zNHGORqAK3Szu$SA5H<XL19R%zX#A56pGduf@(SErJ>I)-|K$?Tn0M8i%F593u7Q#8
zhzs%UlGD7wH@^5AV4qxU>h&^vS=qJM&rHc2^12j}TmwRxgUi(~am2P}0qP*0zj^hb
z_(5CVF5P~UzgvD;*G|tetx#KYuub*}2M?07Nz+w34-P2d-%fLOrwZ#!K4Yq{A$XV2
z(&se-&6iy8owf3I1zrMX`JLe|r$lm_ahz)#fh@KAPU=l)fx|f@2IoI*_TEF|dhg!@
zW-yizjd(Ppu0~W-2y8(m)f&NmKRv6BXc{7JCE^-CmVBV0cxRsUe#oVI;34zMWB?B%
zXyK_%2`{?5P#;$xTW<H__&HzeU`l+cm-L5+#sp>2xOheDZ>~=F^oYknMXvkMl$EW^
z)8G3n^7qO_0<kz}x=#qTb4Px0syL|KjJ8T1=Igo6*eF<#ONG(yVmZY+eHA$8!7vs^
z^VbCID3T9Pila7{sC+dG@(@@8oStvXMk)ZRl&~S|%|Q3=edC<Mzz9cB_Ld8;%Ld~n
zizI$vzm9Rc0&PXlT`YZGQ3DuNVd0YizMaoXZTJ4em0lcsA2hwuf>Am~un+6<T=0}5
z$fYYaME$m6=(d6T?A~x##eygtMj}}BV;-l_x2<^5wTiguJ&1m2{DXcJa((8{B=fvo
zv@68RIq*<Yegmkj+B@u0d}ze}fhM%{y9G_iXaeDYgE#Em?%plv0C6ts=o7Q})AkPu
zn3fNDq*MFb?wXIOy5<w}K%o)G$|A-I?<U9Em-qI{Y7)+5p@)+F5F~tHEiU4=Q_!Ev
zR@7}#d6Et%qT$jLUSD!%^mDE`DE$a)U9Cmumpa8b-52*)zbYg%++W-YRR?8Fx&0V=
z?19l;HI|6MW{T1)mOsV~k@ct9j61J-e=Vg(M>1{Rwvwfx<^In7*5@;aFl;~y^f5$m
zB9riQ%C*RP?*wd%3ZQYP3wbU0#1)?`sGqdG`9Dbfz<sOF-8=U|rPzO)^M&M`jQx-_
z!2Y<AgS^RNF}wPp!X0>2DbvVL=aD6{nCeDguciP))mK}X;U9#&F&%nJm%Zd>iQy`6
z&b|=`RuUb)FvF(3^>q<wQ=R8m6>_=nMnb%IOYav1V<@6$pNM*NqFhX1hBHxYTBQ(l
zgDgJL;1thFqUOZ{hw4;eTFS=3C{SZ3)n80~I)w;9KK3a>5C0VW%J$eJ$<xr{)<@WU
zD8idZxcne^gdkkI6d`Su)=c#=gp1XY#EM8T+M5Z*aB=Jy!hsPDaIRXWNq4U)GK4!*
z=z%X^3TZ#&9*xb<X-)z7_M-^R@KyQQ7)l%=Ox<Qx^l96Z+qt7r=4l(O0F>i)=Jjb?
z^K+UI`+=tDXLa8jB#eHghuN`8_33mOeJ-xnahJC}vj61RF3=pUoP4$2j$`=X2k0X-
z&gj;xmf3zXt*ULiRRX%?D<$d{CF+M21AFLM2AD6S|Gh*{_KLoE^7@&~Jivj>zRiYR
zD%FfRQr9-DIvUFWsJi&_HIMW-W#Y1cl>Jsf84E5#^Nq9U^k<q4b?yX4;>3=Z)3}3f
zxJ%Hyuv-;PnIh`tv##>~KWMomP?zFA*7eWPMq;x{om}+S$z^+v)dmG|SYkGH!TQDl
z?88DL7q?1mPr;;1-^<eeVgHp9^&t#i>VNvwZWG&UGzwfwYF%hQ6!j~4qJeH_E3!M$
ztoO8I7&g-51@`yYljO%#I2xPey8!8nn{C&Ds<)k*E@Bqp)xfi+&mwUXaG%{~q<fFg
z(eogSeYOYCj`sUb4*SMxu0dydAa478Tovwviem;?P5#-+TJnmlJ{6DzCS0i#Z1IR9
z9eEtB$X~*vqZM6`<2mfORyttZ^?8$G=I&IoI+#*qAMeOI>RI`-l*Q+83{tVA(x^2R
z!?sL`R#D}DrgId2Uo=aO8ALWnRJm0ej}1Q$+xHf}7Lvz}*!%aYd%Cw$m;c+L4|?S*
zIyINr^dcN~UE>8F-6>}JWKfsmL&GkFki7}6N(=hh5=sql=Z9yf*MvVMIHJ5dXc+}y
z#p1@k5LBo`3y|-RSi~S~+KH_i?1fT34%qwesNauD5brOO_-XuA33{EueWs8~I*q3@
z%^Rr%H`%8iumDZr16-S&C)TM$gl}#7hzhD`P5aJ+?19fsGH!syF3Oz>6p#1Sp-XA$
z#+S2#UZW|EKKRMoUxSSs9&ws$R7)n!^KdEuNx8fl^ADGuC7n1;;w;(eFF77)x99XH
z`gLoMWGdn>DZ<IUf95jsUSFQN-19)q`}qp~a;E+xEIiBJrah!^A9a)kQYA##k~cw4
z-917Cr0{g&4X#ZEq-EtUgh#`T^5^GntjUmMwuF3}M8#oj6sjaTSuu^f-B3PB9lj(2
z4tr$us?PiO{l25u{z9ai|6&k09bX?@oS0?(hzuQ#eEZOtgPcZuzD=wAs`9~LCYmH0
z-K)p-sH0Mxh+5-eWe6!Xb1OPMc$S5KgjknRQv*>KyYOlnHA*q}Pq&#S2AxHBUPZ9)
zCF1fqMRvWWXc4nn^nN00X*mPIz~;^7ovw=*r@}wn9DOzRwhZhn2hx=TPyZ79Tu_X&
z;2*@cM+n;DgOT4FW%H&%cz;E9@}U`Ky9~*JGh82>vA}DtiBd-f$OMZFWmM!66$Qj?
z46=FRAyf>Hh&J*iJV7@}W&2ukZqxr6N_E5@!vk+x?mX!>eXORW#y5pirHfkD@;k&2
z&FqRfZnC|lao7+CSM0bAcJGuqPJf27atPa?(2+jqmQeZ8Kk>`^`rxJXLPmitvb6ic
zVf&B5I|r3-{WR_<MY;4I=936873#i0+d4J5P%TC^_M~zg8gzaq<1tYCrQKf_QPc%J
zT;0|ts|m}5HYeE>UTDkgjW-<PxY}FYALkb~fRF8<m~}M?mb_U@sQES3IO&;D7SYEA
zyrQA!5@&U#<S$!KzYP%-8?9f;IOFbTd1Fo+Zc+r_H<V7U`-A(_^E<|)lloUV<20hg
zlqP#UOJn=vt%2#Yyg+YDIo}LUaV?_X$vs`4_Zid|xbB<;+NCtl<~5{NDv4Xd3%7_-
z_bh%54Y$-F`~fDxhCe7z@ynv-o$X|l@`~G_K6;=^-8liVfyCK<t8lO?Sz?a{uuZfn
z?{d!D-$8FGzyhxD9)mk1z@3ZR^0>*iKHW(pb$Do&SkX4bomRMtH)d=6@}kp5vJynO
z45GZ)U#8{t%K5&^g%X)17Pno;o5FKU33};B-wWHV6LIZvAPk3p=6$(y#@Com^?2D3
zs4oD)o>JFQ<@@IDvbvE-Eenm38MsE&xoZE8-$Uxn_h&=B)<=-y4Cn1Nv8L^=<jvk3
zc2;#BaVH4Q5o>irop!@0Pkm~7jvoHHpzqflz3ud2BwwDo`l=f57UyuZ&X>T+pYu(Y
zFT9!7f>_!oY3h<SNAJ>6<8^jjBmd;<?Dw4FfV0lL!UO*uqmyw{HNNC8Jj0VDvc3}n
z+Do_@lE&RAWq*pI?KTmfL6T?blX9EWzdVHhYmNJ&6&ZC4d8Na6qhnh&>)??52M>41
zUO)0o2SBIF0#8-@2r$9o+`8`6IZmp`S?d&dkj?Dj*g+ezSBdO!=KNtzcCUCKzV9Re
zS`+B^y5!dg`mqG1qHv?SC)W8gh3pL@qf%V>$`Eo#^5?3oL*HR6H}r;K&_=$ZI?eO;
zn8>#%Gqxzs_uiT*<Wi25qO!L!T%n;k#bE#ar9`9T>a0Xl2SNW9MlS3W_${7vnjuFY
z`Fs9JV~h;3Zoa%0=oE(o)WHD~7_9pqJ*+X{^rOFOWJEK_Hp3AXQy?@$g=qHrmEiEp
zW~gvFzF~M=*{lS|=I2}B=7La1CkM#KVr)m_e;t6tjsC??9bHhj%C9jfzLEU%4*qh|
zChN^K@%KR>xj)fn_{*H2S<ajV%WhMP^7(C&8(KRD$iuAS{%4zhkRbbuVDetNJnFZH
z$5I2GR8K{vB~$<f;{F9a>NLq;D;H&#ktJX->N0PKXTqKl0tomK>gzWT)Odx}`>^mq
z_V>Rk7;GQWt!93&4^l}q^c7R8!@A_x7i{9Hskt=Em(N$p_u_am;!VV^bK$Lj(!s|0
z--Z<HQ++de954yuaGkmiym)>$6s{eQcAau{be$HwpAZ}ud~|sI+Z_Ned%f_Rh30iE
z+COr`-Rf2@h)W8YQP}kB_af}FEQ=n7$-p7mAQfx)uo42u4zJ|3>b6@}(4IAX%(m)J
zowlH`qk@_A3Kj6A>><yQ-+Omkq@=LmM$d0I7>G+wgKHa{+r7ZQRnXU$Dy2b=4fo;4
zVrz>YLRhUrR}TlC+V7_Gl}ew&($Rzq2QuHP|Lz=ZRpI(6#!8@`{4xAKb7JRdLP0o-
zQYFXJV@kYP;=3U90}!`alee`@T%eF6!{fwm&@!7v0N=s!(DGF0RBU99pOHoO`?%7h
zY#H{9`_2?Cf5DXie#*j0>kDbm=9$U&Ct}Yrucx~xT}-@-6@P!OT&&%lvLFNk(T;>d
zcs?N4b~5GQn#X)kNug-RoovV5e#Ctx_VftnPji<`QCRKJ13NABcUOW-3tAfyDL1Q)
z=STb0U9NFXh*t@^qjX77hCGZAa02_nr6kBTQ?!FXwu4|lA{~;AUTdBf^iM~>LmaB<
z7^L^T#%SEDBK4q{C30^!^se${<XTY)C)J#kT+WLgQC~#R+o!@=2Y$$`JkF|ZRR%k`
zm#H>S>+rhoD$SfgJH@<bq2FHQI&<`E!Rk5I^e@AUgXTkTXZ0Q5w4e?~7@-%u>oU<f
zJDAu8l)4_wXIvZ*3G@Dl=J!BV&|rqYVXJD~eFI8Ix_uAVpaQC)I~CqMdiXbm(*vG@
z(y}(L75J`6Tn$f-wVpvcp@C6!4IbLzo<N|AJ5^Mx!k?P9O+kqTzw~dUpm41XK`7k0
zxu&X_?$q)&K%)%Rc^Rs`P4^f`Fh|2vVEC(ITp8d0x}&+V0fg!PS5|@4R;C}oO#*j+
z%`O@`b`0cDKFNSu>g3PWz;jWlHa>tP+6#BT<rf^o6LX+@PXwa94_37;3?uux#>5W>
z+?BOqw;zX<Z!lqG@6P%g8p(kC1uVAV(+hh*z26Kh^NZs5v{znj43XWBOLm-Lf`%o2
z^MAPN<b9KB7mO$LI&X=}OQ(%0&)!vfebMXQF5*3H2_j3{#gt%M5@FkE3DOzXc*%B~
zdF?~5c6rxTVHtT?G0XB(*^u>>4`2KpaGUBN-%P?&r@@}ugEK+loOBer2S2qkNUJ^=
zv5hVEy!5gWOYVa5!bFE#VLHG|%RR*f(XIh~*%_p5MA<J0_eMK6s`So4jm4v7T>45o
zTmVGC6vM>Z3we7R=iM$2L#A*+>Bt*@y<sC7st!Z0bVZq%!jTgymbHEHtW8@?nqJ0&
zm&{9$F8sn~$7^D|gJ>HyXE!Mks@kSM#cmR~HP<O_o9jE<BSj-&yBRRs)07PF%bT&1
zwU)>J=Qzb`GAZVq)T;U4>PNM=o0OmywGOWI&vlxec2XVJ>FlpyIr~{efvGd!K%*dR
z$1^&ZN=3v=ha7gNM{GyQ;ZU#IeS(N7tlif6FuWf>nKqf}HlGAww)UMbE0F544VxP1
zUK?Y)*rIel<2ep~>W=q8x>VdJ;LW8OxaPP2xoa&nm9(oMY`;A>C)$BeWhf8YmAJ><
z%>mhyUU1?$W_%)CTw64p-C*x>>R5FR(I;9xhDx2j_4u*DXTSYsy@N#M1b6%Q2nl8y
zzsytevG1_b=J7BE)qeU@ZG|5g?bv(h>pcg&eu%^Or@merBSo^|RsNofSfM^Ve~+P_
zVN2u(h>^UJ*Hui=H%sI?=4O)3SgMLizAkUR-+nM1xY8h-TrS9nj?i-V*%4AR{gD{&
z;u#c|<E`^C^-ERIrse)bUS}rlw8K^5)R%|tDi?BsC{tkRq2QnQawnR>fd=@0a#0^y
z9U;4$4e<WFmA)o-8u6_IxG=VzxHZ0HS_cLi5BgI#p+Ww1JEA!}Q(tHW#(&u5Dq9Zw
z!q{J-)KPg7Z#Htam1rs`o&4#8_t^m89cL#y8f$hzX*p-snAh}u-qn6a&_q2yVf5AP
z3MzaofVeJD=O@g0?8sfCtg~^X>&O^m4{9s2xf^d2`t9d-xWd0ojl#|M+Z3u|B23^P
zHvX(dZy5){^d2C$1Yh`k)-S4)1!*q!RCKo@3Or>8B_4>cCG>>(T-gyKO%rH4DIzM_
zbSteB5b19A)ZCJTA<t6;%l%~kN7FZkNAg5_Z#LN^v$3(k#<p$Swrx9^jcwbuIk9cq
z-fWz_`QP{64^wmMR84n1-8Fss@JH3jgKMrxtU{2Zd{oo}wUjy@HzWg9oyBB-m<eVy
z=G=SS8SwKM4ihjRfH3_Fb5t++Yc!k9{-YCYse6PbqR0wTJ0MCsAO<E0PId1&doj;q
z7LADrIF{X`pS%78y!tJNdw>6puqk=G&a~T_IU04=YU2ku3f+heX}ITwhS=Zs*T8_w
zOvl=FN%<eL?ZR=%a%akCl_^oeqesgykdkzmOIajE;Zff4SWKwnnm-^dQ8DdR-1NNn
zy18E4!(-ho3=7^lMFHFI(g6WeKR|ABl=SrN{%-kZf382=0s_{*SW=AbLAjS56=Hzx
z&4>H|GdjoZEV|xwVUF*u9VYF`iXv5s5o`==*O91pHzMG6I;eXjdd#&Kg!raXw`aPH
z^5^l9Yf0`!hoLPZ;cS2710HD|Zt<XN|B`ncQ;}2Ymaes-rA$+it=UaP2zIWfz)o}$
z4{&*m@(+>xj|izbHUZb6gSi!4q$U6Qv*|8;&GJZrn`oODJSXej@|a!HedQbb>&;+U
zqC|^fXX$*XM8~Q1cr^~`s*7Hw^<7O~F1zaW&IBBTt|FW6pxBc42lvm=f8{H3%sD^*
zK>ig3uf8?O_YcjO3j^9$lFa(n{6(p5*UAf^{R8R!L|0rPOU``bk_U$FbG*x=m$^oW
zHcmks^-nU^F_V_rK5#rvc}Rs$VUEn9^5P_Y`Gvzp=`cKCOzj|52au(x-*MKg1`DC1
zz@rzQuRcQYfqMCA>_;{jpa%Ol1yu=kP!Vb{ObyoCUF5-A%g*z!camN?+U9oEF_rwE
zV}Z1#1CpNW7Z{i7c0>JVwEyIpQkGi{CV7{k|DU&)o9t<o%3y;`!}*lXpRX`3ka{dL
zALU@nCw^Y#PMx6eWA%I8@(ox2hMPJyIM^P_pM1JDlY0)))Nh>?kVo1oSz`J5spAw=
zeiS!JVEOkeK8w9m74^qbs_Xss5+ThOBsD-V!5u0!IPHV4oUwkT9q&JAeRZmx$`592
z0r*{}xl1gwti-i>+1%?xOv|v&ZN<Qzl2Q!Ev+b^hMZa9c54~mB&OU;w)g7%fdyomP
z=8+Vy5ftZ_<eltgrU;g@agUWdAQ%d^f?U#3l5v(S8+-QA2~p))vwG*xOYgLTbgaR$
z|I>cS#pvermJd49<8IHZ(PKRmi?AK(7~wA>oP~RM6+u_$O*#!;L&Y-J8OQ?B+4AJH
z&0eTAeSKo8;MAa8&oOA6*>Xqtdk8gd%X%tE#(!}(YSMZ6V9`iEI>ZG4GM7CkH8`gz
zU%HJ+a!@O>=v>z6G;F9CYenj?|CZdLv$>eZz*oMt7`v2>@cYJrCBIJ#snIIpkvr|2
zJmypJy~p$0Ic@UapF^q#7vOyX%uqUS8{%qyexQ*_{-s!klioY=!i(OzrZYLidDrb3
z;}ieeund>Eb3!#P(vrXCr>y)MBX*t0T5EbLmG9>H791eT1{-jI&=w=fOHoKdw`l!V
z&wu99-wT5?dS0#GGX3`L<fESHct6D-BdlrU#G&`s-ZI4pVM^2ZYa-9#B^n`m>yqy`
zX|L5SbAshhxk(7uZfep!H&5dt*Q3<?pU9Z!Ltt%m6_tLvj#F>OYQa6auInZFKRihL
zv)%i;o!fS)+MN=rQXA}GYVZuVqGBjGd-7kLYeX?@4wm&CxFSu6@Vm{4Vw`?=(5`Nq
zadf{%TvzBBu9SAGoqOQZn;`MUJbgPNiHV*|YoQhf-0Cg#Krb};QWLn$Y0ou%P#csy
z)AQ$mxj%FmtEoQ-ME`7{9%ng;*D+}-2~8n`Dw|DKn<LR0{lq?~ZlN$yjK<&?`+J(p
zXyUo^<RP+}15UfnSCahBv2uHVSkEWM<@?cbF<lp(bKb3abnHGntuyv^A&Jfxg9o*c
zO<NqH>$A9|<d|1gLZ`d9Irr{qS@x*1p2^z%f~ZB^W|<+gR?)or7llDD2EpG?mu8su
zFWp3jq$&UMi^^Mgh^9al-uw>BQ@YJhI9-&`wtvCSt%fxmUynK~*3V--r8leL&>Pby
zt0|Kjy35R=CGw$)cbSe@CtWXbf_vLF>7`Za&Oni#_uuI3uWNo(#GRfP>xb=h1`%0@
zXKEMZYSwj=^;_qzZO9^OA8+SVjy{LfYFC9nOS{B+;hcgp4Ej&?z_Ns-4vVK2B+z*M
zHtWjft%{z?4x#An&Js;zDVoOXK3!T~>PU%khXXq$uhw|$PFzllXFXP~<FBVA&^{dY
zwa9(j@n9Ch>z<R}Z0|2I_lx-wu62%8p9~&tx^=^%QyvWy5p^GNw)q^q5zx9?{N#c~
z7&yxp>6);C7fT-d5;4!$*&9iZB?T0sp|ox6L$=}lcq<E*-M2m3OYu<6@>SdR&`Ep0
znNFfUXS+~2OCuc=+s<?ECO`9$?^0wAp~%oUoOhJNKcUdn&h+4aupq6UQFU8Tl@4#S
zHbvWgApB@s`m{;7ANw5MdV5>TkiEY{--r1acR!|U3L0Fo3l;*J-$q5$4(mWP=;H}4
z$eN&gSIY#UF=PyV_O{T{mfq31C<u)E`N5g@#hF@`v<9h$SMaDD%#^Mfr>#-2Gn#ss
z>CeJ}_uF9-HYwR3xHDz>)&&p@GU6(fh%=SQT7(5;kuc`So1O2k^ZhFQYyi717x4d=
z_;8z~2gm%RVybgy=+o)G+}q-2!kbq@G+D@Q^GSd6gwL2W)37xB#s_=xCUk`Ivu;M{
z(@6i=Crz%j;=$oJG{@(Nx8Nq>WF&71rU3&{oLs3_VOl5IfQWsY_yNk90YkcG7=0dc
zn781x26Ile^i8=mVb09`(y)jMbd3tZ*Zh))TL(SRwTi?6%FiauMGv6-Ari7ipl&Uu
z37_D~1Yf#FAc%01THx^wI^|8=7;t7H;94pGT`E9`rEZ$2u-%Ddpp~f5V~WAQjy#x7
z!uq3eI-k<)IMlhdW&x`4R3WJ#hMi7^9m|BcDD17ZZIT(sOA8Ng1CaurbBN9He<@N{
zM;yFJE@G6eQ8KhC>ri8+ZS-Afbs0f(nZ5UO1sPmCX&)^-=f5c$>Ud4?oMVpzV!LaU
z^p*R-wmxjgE+RQ`6VY_C!l4D?PQ8T6drgMZ^w#*PmV_aJuZ{-`fXoWn`$_G-b4iZ{
z;I}|*bt`M=k)eLqscKFGx^E($D;0&sUm%37A{jbSG2*m(5|>D@lV~VGH(-M*!@f@p
z=G%%pZVD%wyw_y2MEYqJ=b}r+EOthBNCCGN6X*NmI`m%i@(ob+KFV41(9O5Y;}>W(
z<1p!<OT|7sC4PcUtUKUQC5vs^NreFOhHQa{zH%h@w3Jf`4m&?@vcwBNE-=ySIadH&
z5tAsKMx;-QTaai7Ivut|d9y_6G-SMR4ma9T@xl9*qaZ8lsT^fqP2gVJ$oxreU?E|f
ze1uOzO|xoY;gwi)dHWyN^;*Zkf};tb(bQJ7>7uUL(3hQ@d|+TP8UsR$J#B1EY{s60
z9B=nw9IIUKXaW>9{VCeysf>qfS!542v7k9eOkXB=x~VBH5?Le=UO-AFts5DLPiC!#
zH;5G6OKvWNH&DQ}un>^5Xss?hwUuzng*V`XDobC`=>K&sA?3v|*4U`!0=;|=E%ht0
zZ0@hyQtm^{o!1ACfkn&@#4{*pDK8fP8^v#ZN!O+pd1>%czmmTewc?81n0IHqQ=xD)
z+It8F<Nza<h3rN*$(FRzNSVo{)gS{0j~TJfGOuxnZEw2{O9;?9LuOqh`A^3%c~ecX
zub?e6mKRfYT_wUBqNgrr{6!dPAjku1^(2mMClA))j@ybU-_RhWsSr~K#Z^|oqbVY$
zI65mIItUG1490l^!5^Thzv3vVpO5+~1vC^VFr(i@m4onuLxVK@7Kz?Q;}Yr{KYjV>
zwdTb4m<{tQ!2{vWQNEv}s5><O<AaCJPl8md<o?aRR30wy0GM7TJO7sLmMp2YrWwS_
zQEr*CyZ3D?A^?c-eU#Hb1w~vOfp`YQo!d^SjVxw~dj5X;%IW<SQAdjaZO&i1>aTw>
z0lsC&@7@tWKbU9~t`iGcC2F07BJ_vii1{~;&2Q=13W7d!ar++!oYHY$7%r}ON{b+g
zh43o&GauYFC%^AHzmT(S#b*Mu=q9u19zGy=ZN*b(Vt4uhm~npJxv-I&?UQTX0dGsO
z_8C2}?<nri41x<r#8(zv#gs`6woJe(EK)mO_sH6PhFwk)90H1wT}~<%LS^#-7#Hn(
zZnL-&$)s_K7F^KZ#~-J7QP2cY5U1WG-`Cj1<t&AtViVw9iFC3OXjKajm13DcT!m6c
z4ZVm!OQOb;rOD*zcV&N$BhUVb0-Z9m#-ng|ej*mv^=ZSF56DmpE_%rSn&jTMNKe^H
zy>TNl(4A%`b+(mO?N5M)++!Eiw;t5GjtFM!W-xFz3bblZaB$huG*o6dRLZ3;<~~oG
zORcSA2pGhD#itpz93bJK%wWeb)>KYV=@%j5ollJ&miU1;|B)lBrin6^rudJ4D@!`G
z+}ov<{8ldt@W@dxkXc_nlzBTbnRqrf`B%L9!ywVG3dwNjesmaciAPqa(;<>994~iv
za7Lz(WF!iGMfVjq>YLds*f7?1I<PUAN+c4qlP?!m-l<IJcgMbK6piE1NnO9JN<fW}
z(;OvlQO<=S@fEW44;rn}t=r76`{;@KJ%tzTvyQJL9H_j+F}Lv#n{;ptY&J#V$p0i{
z7{G;x0ZzyvSpDt4r-bY6`aVz(4@1T-_RQm^u;8@GH*n?+5J<(gSw*7^=c(AQGw2dL
z_|QcLZO2E@3Xg)?)oZ{Jn#8;Z0Ns&6EUOQ)42?eQp?qC=E5+bnYVFD~2BQLtyKINJ
zzJ=HR2m@u!nljM7GSFzB<-?Wp*6$gJFRTPl_UiZI>ufU6<LQVio&sWc77fwLmppKV
zc*+<wEc3Ztcp6oU;trL!iYS7<DD}}S&DN6c`4spfZ1a^yQ79S6L#!m{>if6FK%zGh
zE^r_V(O+}XWCbb6U{6J>I4H5F6z|`Wo(@bPkSW9hZLA4iSw#iubr}8eAYt$J$CTus
z*%6}X`GxAggoCVsDd&^otj>kCM?sU&ujxqYA93|=*QpVAU6-MuL^Yw6suqdriGDMY
z_BB`<5qCQ2C~K@_Pxkaq3LmdWK$l68SrV*Gff<J@qeAi*zDa-|%dtody1rkua)G^?
zWAHkfM5i?qyu`0Zn`!~6Fk>FEuzH@Yz?s?~0bNO|Q|`e;X5<I%(b{C;GI1jeG|)lP
z2mOb?GpeX$JjkQHDaW3?5>GbbH4%?mVzbr>EK~?+aGI~S<9F8McYZ(x?J4}T5&vO<
z&;ci5cp`3@Comqt7#xM3Iov`VX-o0anPm~*;QjOF;=bEXVr3z|*Kxiv1ZOT`gYtKZ
z6Bn)tPQu1i3-Lh{>LD>2&r`E=VuJ*gV1X(G`eoh-mSusgiwfQ|@!`UhFjk%sL`$kF
za9J~~{+Y`5ZgjiBT1g9ucRw=-J_V&SZHVWiwtcXu2(ro{aeI;h)Vkb4NZf)vq%#+8
z--Ol|5|lRdE@}m$s`}#)qxPc~ur}o59!Y;CQw8{?>9n6s*n2m;GW1pYWa3?q33bz*
zb_+!zi7U#5*6g^6G}BsUiPayA5?*TW1w(4(Q48h6yy|<@L-^iHKOSDGg!0Z!9ieF{
zhA=dAJVQTT(YZFQsC?pbdtH7SH-_*Dwy^%6(?ezy-C)B%IKv%tt_mtt(N4*``@cbA
z0>(6>Qu;zX9#^nWq@gi<5|?30xM6fLYwf~+8ga?SV)2C84U+>R6y8HS<%xmd@Zoo1
zZYTxBp*IDn1?^{`gM{NLe@h!^mGx9hA1_XOwJ?WeCe&Xjr*3|kD-IYN!86@(8eCUH
zEd&F1DZo>Hg<pbTej2Q}C!5JL1vGsR{D|j#0-lxr%qB>kPFaYjiw2#g;fc+_2OGe}
z&1`*iKMvj>a=+g>3q@i0BAznI!0>fsTYJG-3xqak+eX5~v7(V^#_C9ns77Bd!9!ON
z$;M>t+>on%D^PD8>8g>a))y~+t;CW9D!33HyD^iz;1!}TPsK|x;a_0Td1-pRy<_T1
zHhniw03262&%sLOfjm+-E{pkaexyo#|I|O=WW1379^&k5Umhp{;$7nVFTcMAYGV@c
zDu}}zI5CWGyr?*W*~HEsimmm(2L*VO9OhB7i6i$n1Y?rjdh$G6sdXkh9c(*@-dX*~
zwKe7vfFyE1)l{E|cPA1c@Zn9{>pyUzeYl|2NJmfL1DmNb9`fu>wq1W$p7iQy_<wu-
zC$yf#Lw-JnP0<d$lzSOgDUHvut|tm5s0p<@Moizww&H5i!iDI2maDCSAW|pR9zwPL
z3v1<+XcrRiRQ%?$w3rXo92#R^yl{CU2Dr+%8FynW7Pw45yyFBC`=`P*;u{)~;8X<}
z&psPDQchxPqO}oMTU&5LgS_H<=j>313wY%$ca)V*IbvYg>~F~og|(npNWAwH1F=M#
zZ1R>RIxRO~BZw?v(kmz%73t&YB)~4KIEk3SX{sjHIpuenFr>~fsxt!s!#nG%v&6xW
zC|hu(wW)XMK#gQ>le0UCq(evJ<@I{%ZAcVVh;hyc6$j$%x!kI#JIjA{r41AMg4kwl
zyd{-n3>;U=4V-rp4zLktFE7J^1zTbMvhhYK)}wW?PR0tl_r$|TS<q2jNZJDM(aBRr
zDl?cF`+4`O3M`CYkc9Z_Vf5(@cb0Ub!B%|Vs(mX(@0yN(wtVgwJvLb^=+gO?ag4s#
zQg)WZn9bh_<t`HIY}~-t&|0v@Y$Z6q+E=uhQ>RGFPC^t*BX_t95?$(WN2_=a>t?TU
z{ZXKyA`+8m$NgrPQ;02hi4HP#+@$A)vUEf0L6uQ#p>eaNEBFM4{zMpftog>uK3q&o
zQ(-b`;lD(%(aBf*j$kO4l%ow^*&$mE<_hg+=3$nrW(ESu5-)w@0?IKuS-TMpxRN+n
zNDbS2Sd52`g$#ph+Pn7-zPt&&L0_N8fN7T8v_E2lJqiLcgaAo7o{%$~A+JuhqJr9$
zkGyvLUX*XMT~Yp8UC<exNS$tzP>r-p!#{R`BldxhRl@vUoEzH4uhj83hQxgxtwgyz
zMn2rngu7W7fUQL;u(dBW2`~#mlRhv=Nw73bTZ8<jM^bmTviRcu!~%L*7O&)VZQ<?4
z7Fv1b3{x4#TN2xL12|mAs=Ihky|lV~Ri33su85uv$#6?B?+3JOr&L7q^iM8!h7&;_
z2al@^%by!fK>=&{Vk@HQfEf|VD55CYcr<Fb{h-OFfwwx~MV;efUCJL`Ya9a8Ol|!O
z8y{FqIdWVw49r(x227+2AMqQb04;s6R%{#!Ac}14$55|$L3f+_lY5~8i(y&xdd^5u
z23!B&+@yXBY=K>HL{WyiS@3L<*WnP)bD{TG#;)}^8K{IgP1xNV+3rLqdId|A&M#j}
z$ud5{Ln^5dLCqqaX}$DX6!(=k3D6h}%m6eJk|BA@5GqG)mhS82jE$x~_D_zcnj}C+
zkd8i76H&rEiEctLbg6$33vLmAzn`R}dyh_I`3U74A7BUxR?ECCBTv0H4xBcQ*VvCK
zt-KZEZe*a|7%O-<Fc##B_AhUfa%ue3KAOcwqrErR!05%eP!ZEkKAjN_c_ooWS+?(C
zNkimGtAuIy%aJDErK7s~=HLJ%a4^=H;kiNqz2+c#vxD7#f0~nnX5%F|4|E;PMHWmx
zKl*WrQOr(fj{ionTO~Kzp6l~a0yN3FE46F0)tR|^#R}jhIuHCe*L9`k^eT&l(OB~q
z8T%JY1EW#zEz*9Msh-w6g}mL<QFms`A-t7HB}cFqwZ2-+hWF2m`_HdgQp~Es{+*N$
z`xL+!_Ny<=uc8Doo}J<AknFnAU`qa<(gbg|zHD^n2pr`pZMi;osK-ApZAy>>i{o2!
zc|?0ZKihM=U~AWZT!NP%zsQli2L8+Ssdp&4!}g@-u03sJ#AuXDmwd9P)JU%LqBM9_
zR`~3ZBYERY+Uc*mgjpj|+03V;Gq+=jnlZ%wTFzsRXlN#>{3OhpnGBIPOH?JyT0=2X
z^i4`JANWTOO1Yox(vQo&*M&R+*|!V(Yh0zlAD2iuD4;JO<=jVJE~mk?G80;Jd}3eP
zta7gEi;VBBTWe-!mG&%S4uu8KqqCpmKQ3itx4{&J6RZh&eHmmz9FE}Wcb!0`(*Rwr
z9|M86y&dxlf0aVGS1Tvoj%x*$br%A^siEwaiLNy`1U;4sol0;v-tOv_l!OH+tsMh{
za!}MC`b~7AIUF);a3mna@KCNy;CUFbZg!k@r++4@g-bc&fS+?`%@}Y7{3t#(3CS)^
zZx<YXo-S(0A<24oXEWoI;(TQ<X_!{}N1l`Dm4P-D&x^t9aNsO>;jBCR0dJP`-e&)A
zKWmCtmgDt=NY+fRRbjaObZ(WdHuHV&6zDMzP!VE14NaxZdM6xT#gHRImBAPblU2eB
zVml=bbx9e*0D9^ns`m<I`NS|ckz^Z@e(h#@9n_0MI_OzFakFhMnWZ>y#Wi*E%=ZI2
zXna2d&evEwXXYnO&R1dtv+FKBoBdDGkY>USyEE9`3pQVYrz4o%3!!de=O;z>*9kg+
zRu5{_d#@T0R}blH6VI=@WeY&36J&N7%L62~HK%y@rAivMxr1sQg6;nmF+mS9LG$7)
zIsc>clY#!!WPj~_znbbEPXVoNKd0a9FN0S37!qdOi|zk?ndszX&9+aZb}zi9iGh=-
zQ@#_@pwKkX>i=w8=YOY6fUf{JGd<3Pn|<lS3z#0XsqSHF!4c{&nrV#l)j*Fk>wQ22
zh+rmR7V{a=Fzn~@kIED&dD@ZvHTC_B{6lhlbvaXEXw__j5GR`?lV=bGk?xF-ID3X9
z`)h;RnBf~y`4;uB#>9|CMqy0(dT<-m3A1Fqx4DB(-FGjnh!M+4q0K%`zwb6d>|Q`o
zRYa*<aJ(kz0nB>H17cHqeR>Dpn;ZE4s$iM%3B7sWQpuU|x%Kp~_McvWf3!5jNIALv
zGctoV^CJ(aWeeD0;hA*(_inl}<!iF`>G<!DNtVx^Z&FW|m7z-Oavv6G^>vEWefsF*
z$zY0CgCia_`Yp=-pFsm)dK&%1y6aBz4;Ai|@0hh94q3KdcLRcEq0#)Zqt$GO&-<i|
zbpxQoEFwyF)JwTOQ-l-B!rIokoiW4SgS9WjkA;m>B~>Vw!>}M>fDlE>*4c8(FPkXN
zohvd`2s(#|jq|zqguS>B%SeLB6y5;!%M8>ZA+{pjHfv$2=hQGe#{vA~G;kH~dwM3#
z@Hm<CSheI?yrSdi3ctI6Q`b?rrY)G%29eU!in_jbf*OCd^7yXW&h*3cj1aes$s~rc
zp~fRau%-=|?KG%qJA{|^9oX-P*pOU2MdHn<wxHOoXnIO0Mst}X^%M}%aF^>PyOTP|
znVntq!VqDV<N@3!R#Obp{?Z7gtF3tjGU&*BRSFS%R{9=RpMfPuDC%PZT^n#-=PnaU
z6G|`XStrBy03+gE-w>6t-G_F7A&ty5S>`^_hiQBiLW9LTD0)4-8r@*7s=<G!g?~my
z!I^^^is96^(VyNHEC6ndn(lL-DZ$_<36-fMjI%LeSA}aJLg)*;6|q~7|7N!*HAK-*
zm;cEEtPjmm-ffF)5@13uSd=M$*{wn*C3uMps6qko7RArJh5;Xu0oC8!1iew^UxM0W
z4fEiu9Q2ZL=z?J~kO9At4~5ffHfPv(P<&P&+;<75h>>MUkuh;8GCJooRc-3T!hcQ2
z>0N2n83j6NE}9YadF7=tCiim2qpyYNuhS4WYLu!*cv9tR%ibn+PZ}WuH)de~;OJwE
z`NAY@t(!fYEn~cFOZare-i`7TCz4;9M3P3Mrnq?h;7VEPu+v%pE3cDMcwBd^{Q#=b
zwMDM{EX)BML0!%E$Eu-_;He-e24*lAXoi8rNwb%=Y8YqcaYP9ED`F@FN)iD!L<|H2
z1tPxA7qR*wSQHE5@l1mQ;7_9~CI3Q4S)w7${Ra+~Os|CjWwo<-SexbKQT2s_I?i)^
zr)J5}t2bC()~QYPs#?P}T(*@E0ceZ(<N4)(hf448{8X2IvSE-olS#B9KU`>dUBcNF
z<<SS^{X;fjLtgooyy80V0@z(8AsvK*!&;*XN0M?jC-KoDo<bT;-qH|sw+d^_!29?1
z1M02H?g4*O-LDCF^T&8os7}_UR#roBrBxV>6hsSKqRy6Yn$jj4UXp?+D-n+5YLL8!
z`q==qpDr{vjSE*mHR3-0ogHm{+o!Ei`yvH!Nf`?)x=1oB+E2N|W9r-^U}Ny4CUMrH
z9Ej~ji#tHv?<xYirNnbeR|OuS;$8ZnPDvh(y}~CWn^Gt78dqT3Cpq>W*e^L}f7_@}
zym?pruGLm!?JDggVN~=}TuAj~23r{W_I@CKD5?m^BsGYwZQ1^J>aHyA7<&U`0^}Hn
zuFiLE>BKj!uJKXi*~y#OxCvJ~=2%o}jI?)2laGO@hTgWbeo)qyz0s6ayg_DZz0(=w
zF)N%k>PGCmbQFv@%-1UO<=5Dt6yw8e$)tDS2q3}pR`<0T&HJv%5keX_WI1Xu{gsJ4
zn%A}GzX%VX6c3FS|79cG=~pC5DSe_cZ-TF~DBRWj&CZ=83@w3-BZwBFP8QN80d$`-
znC`o47bSzjCw73JB#a`67qUerP;$g9WJl%XSkMwE?F#G-M@UNHU)vx|q|~Xs#>QQH
zhbFQJsO>&M1Nu@yS7(KcZ7`PA3bH3t&9M{Jnb!QCI8YyPHoW!ibKx)A+EITXwEC#?
zA2u=d4DVg<-2k_=jRZ#ps#Q#737**ew);U~^h3bwo|XRT7bw>bTJv+gH^>gU=<U$r
zSZaNp|E&c`u^lhoT$nmcc0L0cQ`${AYXMqRL&npfkXHYW5+84aa@80=<3Pf;+kS2f
z-Zsjaty|i!?)NKHLjtogUjL#Kj#^71wI_b&;Kt^+&`kU<tsM2z{j!1<Fq_agw_l}=
z;qnG(eN<}SJY%4|G1B`Y(1GxSP!}tQPK&e7rP)`vtDRjtDeL^c#b+wZXEXVt5WG#|
zVuNBHGtcY@oIY3IHdT=XRgswYzhJ4*cC%DE{d6h{Ou6uagSWxLQS&fmPacrAV(ve@
zPjK~@C_!pCJV)@c-Qo7Y0w;Q-3*201wB2D9Lo@p_#wlXiqf?~HIl?y5uJjoTmH=E{
z<>t7$jzGUt_UXAGG}E=Qdek2a?=P(Kt*T;5ywa&Yzc3rp=`EX5Yex9UY4~}|9>(K{
z&W>r2@6jUEP|&N<@6pOC0I#YM&p*S4#t>ug(U#Rvs;j=(NlS>@R;_K^4T&(WGd{W?
zb=P0!UBNSsa2g46B2Y#72MOuk*gW~+9KL5Q!H6bv!VyR<VB6Qum<4v=C`*V#RRqdA
zx7*GZzs@9*oJT@?eY_WX_xld5prw{$(SG9T3bD6}COWsD(Q*SuYHyaXL6a=`g}kE>
z*TxNn2_79%ZaKsZd$!=0@c^565ebxe6N$rwu3|z->?~=_SZUWQ1I|Kp>+bnH9eA@i
zDIk`NEU9<mL_z*v$Dy^21_<&4^=NOZ&NV42pczN3^hz={x72475M$}*w4)Wx?w;nZ
z2Jc7oO`jX6;i-zK)&<lcz6SYyStI)}heUR|-T~L(opV=%m|kdxbG;!`Q;fY%)+0I9
zg)^E4E&H&K6LftJG&^m`zS-~;)Vb17Ts~bH?Q3OwHsCQ>_Y6E#Vns9$GWV-1zbMk~
zmLMwkZc`?=-GKx}{DQ9BkzeJ4?R>$lUtb9?N*1yVg71f4%|4cLu@Z$EyLqZ?0!z0i
zf*Z5PcU0D-jdWdt1TFsp&PtN&@Nh)AE-)H2uCpRGTO*2U)ds}&2w+wT8<{|h7gV*y
z$@>)0ua&SNbJ{S6L`9vgv!jih^h7mWYvveih=Nk1AgY9Xf{T6uA~*o^7ahi5>8v5F
z$ne&vrrSh9OF(Z*qkmsmt8CI`Gr*39z=Er;;d=>Clgg@aX{SUhE5M|bti)=)QM<L-
zH3Qm)6|ns8juhlCBj|=)C5ZKXu4!^pIJHaS<SIl4h?|jkMJ!w7xcXVIeR9<z1N5^)
zZm&oXbZ7npbfV@x^DT=w#px(U%$7lFr{bV=A<G$KA9hoOwkt|)ubAQjp=&5&J}-#m
z3r9i!Jwfb|B=C+S<Q%wGg3eGJIfJ3P>84ko{W4s0Pn{EWdQ~F68~XkvpcDBU(Y=l0
z-Az^@b@9ZLxA|y%seF+|0z;Iu5WQ0(R$ELZe2;U>v-^GxxTvbEZ{VS39`EvcQ?!XN
zyKLC-8fLYWReBEWec+yhF}o*ec-}@abutZN9COIOKV#^0Q7;NR8tHglDt)Vhx3S_0
zPS{4N?;$g{I%8m7kuL2>+v)F%e1E{y-TcDDPSZDD`U1F2tMz2c`_9HKF+VP#W4@QF
zHi^C+iW2<DisHLXU0KtIE|^6_{8fGep~87gyIi{_{JjUM0j|FpF*wy9<2#lqj%vg_
z4*hh+9w+>h+;1TeI;fHc;&M9xcD)6$`7ULTKNv;}`uMB<5__~l8yI*q^2e6p+6T$K
zErf(iwHeryyGrLI$J+;{(0&zgxEZ-I$Nj;M1ZYFzj}{uPNx#IvAp@8fQ;wCCQ&Bcz
zJ(-~tTc9^9Xqy|hCW&03O!Rf9B5<L?2ihP?4zq&%ntv8OZi>1aWXOA#D|%XTNb22I
z$-nH`0ROB5=Me0OF4jqtvP%-P8~YSJk6HvzRa#KWty3iFRL@2?^(i*B8+Ih^da`C*
zJLF%a)&bxxFhz1}vZ<|EJN*vQMSdMwwT2yvo@F{ohve^*NrI<X>i~=OKXZOtvaOR6
zwdkv#GN;^Eo?mH039M%`*rM2Os^P5_NAMsbE@Aa|ejC0xIg{q*f13g)4MDx-B}o`%
z=@ny^t;rn{A?Qeb={3kvju-GC@o3yQrDlcn^Ok^eIl$iwCDMOBtfon&Nl{$T=WemB
zPlT#24g?gOjZ8jP#Fgk6dYPL7>~%qv5p>xr67JSy8W?(SR%E-2SrGWqM!Md09%KgZ
zvh}pxGp<M<8x*8l#NhpXW8F`Ck1B?HRgbiSE41G`i_KQ3Bw18b+MWz0g4>_+_s<;Z
z>ebVBTb~R)n|*EvI}ZEl9B6qjC!X;!^sH4hqxXMuEw}7lE#`;wu83gPNlhIUmfKP$
zfwM-GK7~MJ_C(OTVFVnSa36p&Ptz<Z_q=e|5`4NetC2=t-H==_30tpB&hcIujp|i?
z4p}4U^vo__PqH}DUDyU%u`NH)GjzR!Lbz>X1Bx-i+NPcM{UOd9(qv?&jMF6Km)H|E
zSeYU-$M<sCKDkOW*VtK5N^__wz1zhCo5&lwH|8pv5S0)d_WiF$rzY%FH4Esz)x;``
zeY6;xC0AJZQ!y{bNn6*tr)6K%DQkEIKOO#>*6U0T)oYIgcO_d73yR0Jz8|lZaj12<
zM560|mde{7wAvHUqQhNIE=Zv$)*UO%=^(p#k^b>g-DG7qMDY6B5q;f-u)Z2YTBD*R
z-xZI$jS+gy<Ud6-XEIg{+C@{u0UFQmxcC}W6$p+kd5kG=Im~P}MGpwnFWO^2^t{?J
zYs)a=diV~RtwH3xP6^026U);7<I-rqgI?Mq;xF+oalQ9E<d|XeDd93qXS{<Qchv2>
za4(a|XVG;=gdb@JbS%BIfv7pP+}2?xczi1~1Ng^X2>E7=8@>N3@ONwsul=H45(zul
z+6iAj+}auU5#$hG-UKFh0KhW#z%C_o#O^A<qWpd@JOv=qmnA&cot{J5pF@E-K5ju|
zN5hEG-L41*eRzQ_ZB0+2_)g$97rLO>F5uXtC)iqy54L0aTJ2cP4Ike_nPLrVE*WgI
zYisgfhR3SnE0T*<D!10HE2As>L0(W$mt)8|E)1hLK7n)2#@%bfpyM+yXwC;{+VUN&
z%C(h22eoT80_IzlZmWa3@6$AlKRTkVJ3a<Jo)`X1`U-w|uy@UVNEIh#&kEwq$Ho3@
zat}NY!BWYM7w%SH(6`GP-WdBV<7*<E4Y5+}R-uq?fe^Qpnr~H>?w5IxHy6GjrB?v;
z2T+8gh>j}3lZGJqwG`ObzBG;F`nSfMIHFnS@|14?t&lt4%U)V1wN4{Mba!#c8c|^b
z_zq-veHOQCu>Irc^@zfHi820!+z=Q>(cc1A1}s$$8-Q|-Py{e34nm9vc=2EFTM}e9
z{QX%|?^^+X`Hv@eA58EZ92oxR@!RDBkNznbC=>k4z;CtD0riAW?2b>2Ipm{1DFE6F
z0;2Oi2ISIkMwUMYu!cZSA|O#Nb|F+MUnn-8%n*j~=09{INOK53-5?5ho$=m05`cI<
z=3aOaJyK`x>H9+Zf4yIUV}$_9LI6X*9s{n#ptGV8&)|9x7Jj+uQR`IlRWCKWTSx{k
zsCUeAa3y#F?Jq*rBNF}#h}Ay(s>rdsEw*sCn7wbAYkp=a4p$>1d)71${b3Q<4ng{G
zAo0G+44St%;+Eg=`R!H_UDjEvbPXOf4{cYB6uJ5saA^UYd^36W*%83rb^ECQ;Jp##
z+--9f{1XL-<%lNsD!~qAWS$iBY|hj~&`)*>96g1ADdPvI$)i)aHwbHH$*NlrZd&)s
zS1xE@gbf7qIwlZp+V#dJ$+DNnN+$l3<VMX`!PKPsE%H0580E^okhJ3p{4u&iu0i-_
z_N4o@w*U*G2R1Oy1s^kBz?~{6W{i^A*gUQRa&+C<989PpY9E~XGZ?mm5qg~w8qE;b
zKG-w<Q@v2t0UYCGJ{Y#g7}57=fQs36WJVV$MXvs&GUw=>N$hMTHt$G5@Sy;rz)L8&
zBpR6$mn0V%qvi>yS-(*nBx24YJ!=?^th=us2ahSlGunoXUi57FX*ojwK)%Za&o>Tc
z$5)o`JWpv!h0W;gmKf`;?EZ~btTvu6yQ1uB#&Vn$h9!$#a)g6&fq0kl>-8o5t{cO$
zJXPXmEYb3(g5^&NF&P#%7?!3n;>HnFOHYOb#59V<#FC%!=gRX>(x4UTJW@bGMG2#&
zX1auWCdC4A-iW}akPH+Ppe#*L<`*{o-`d0NYM~0Y#xXS7_clmaJ`?0>Gvvk#NLV>D
zBu-PL#&<YOQ)8rJlephVHdOtDx5foDfderbz<g?fd@0sEq2}MWF02NYtaebxSKxJR
zSBDWt(R*(`J2BQEyH$u~VX#|^`Jeu3;pBQXG5#ww|LS^Rhut_HtT<0#RazXhhp2=s
zGvGPtL*%){*iUvjfCd~O0lE<a;)Ac30&khCTr0<6Ypw(ImMg7+Nc?MXHb>|`91#04
zul&bGz+59^n*$2PHHpK_9Gn;N6V<vnvv~&4nh^y4M?_oPaUTPy%Lrmwi)@4SF7?$Z
zktNYl5I0ygvt0#3nP3>86MaAOBD`8=ry6Tj@}~*vGiSZbw9>{%%JK3RZ{}u26<1}#
z$39@U+k3!2_6#rj66435qQ5exJ3?x8yVrAJeCaZP4gO}S^#+grgWcf5A&@o5t#23*
z@jPyPJT87bzW(ShGz@@>Mu}W}^w*0<@jar`x&mu*1h6;)s8wzn=XZf|U0GZjKk(^P
znYGVSd^LYLy%F9YoUDCwlI^e9NyY8k*i<DA3}d9EA$#2UBSE8*QMvb%do3%5EJNK$
zt7;q`*Y`-iSt5rm#SOANm25TrAA?-I3WHo2OM_^L%0!-_)2(6lPb&)DiFy61fe4SE
zl}+vpa(+J^zM8LTK23FyxhfO$x;BFm9HBO3x)Xg?URF1ngE)=67Vn0*!<;i>IKz_H
zM$DCsLRV9Mc`++lIlIXs*ME2o-F&N`B7<pMPf881l4355u9EyZqubuA_3)iuac|tw
zoc5o`eI}xgdka|D^-|<l6^j_va`4_FayZUvjH6!OCuV&~tQxP)qVK3Q3f?G>_&<=W
ze%n#ZPtPIay=U~$T$(Uoc1tm;uTc$ECzy0qa$=#wnvZ)u|A89&DS38Snv2$jgZ9^k
zPO8ZCM-?jFSA+atgU<fdAbn9J5g7NFTWh+iJn2mjI&@+-Rp*DLRS#V_O%FzP1s^aF
z=2%^+NyQD4cB-Fc=6E@O4OK;w|FL3cuTfAr+S)0^J!ac~6?NUpC!7^lJ+R|45urW3
ztQ<M)5)ol_zML~qIV#^$HDSG|mty4njn$UUj)fZ=>5W#f>?$EDwux!-=-QH+&{Z^8
z>5VeOi;m{0t#UHl)xL_()Rxk3Nc!lgK5?K6AMxDz)hm8PMsK*r<*%T?^lsK-EVa;x
z+(y7pr8CXf9QU?-aAdadD;eZIYfR;ojR4qdO6!1`F8T79T`s#V`Q|qK+dd&#J6rF9
zZS+q1?B<(D<fv|PA!d^kS)89UQSRcKSWx`b7JSskQo)C2YFfO3$U6f3e>&MWuyz+1
zS&jfqTkG(Px4$LsTVD{-Or`LV$ICOwjx1;D-^f3!q-QE;McyORGH`KC)ksG10A_My
zsU8E<imF`G<qsQSD`GTaYjQ|Coi&3OhiS4YN&vs)#%o{r3`7NDkDx0);hEmn&7*5y
z1X2~K8;$-fR_mS#E%qYuKlC$Jb|abwFNzB88RyI)Av!z^(lb?ed#Br<G3QxsVD2RG
zFjjwXOhi^}^9s4|!v<8@mGCfEvzGL?^5O(E*<Ig#KYv@IOcS8aMf;<|)hq_FG(L@p
zp0mqfLtWYXa)bpsWg@IiPDPWJ#!|20m3lg=6y6JX$Z7xvHbnP&djIm!?v8Ef#8Ul(
ziyrWh><wD;Hq+lc!^zv_2t){B0YCRShNd_c)_*_p5bU`ptc`yCrmFuw?E!lK>U3AE
zJVyg@)x~sv19cJin=fF1jWC8Asy+Vl1^zqzyOX`1zF-EX0nn8dI>hce&M=i68GQnj
z1W;y9CgPV9KAh63+uFp`ZRF}ny2Kk_Up$^+J8ogaH$=BL1caZnIE3)s!tVF+n1okd
z!Yhsvut+5kqn%JinXd^#_*m_7ut@8=q>Zi8|CxM+21Zi=_&TJmdq4n3a43ZUWyCi5
z7x%#DF8yg7_?`l=R_~|}Gh7i4c$y)|=McEbjgqVZji$hs%^LTtyTqpe9_b<g-vQR8
zC5+1w=*VYi<)={B&6G;$CB9zbQ5LofIaI{Xbf^m?^krmnXF@*#K{97F6Q>~xwZ(Wx
zsL0*4s7eTGKLHppgA4sAYS3`ip=BYnYS49R0}DdAd!~G=N(hhtA~b*xYS7y{aY_g@
ziTX5Sgg;uO(ZtEB5u^3u8ld}Zio%0<;#OwFwxrP-pnLQPHdMrQ5|7&5$%QKD8<)O^
zDIZhr&Q>^{5j0kLY35ZbGd#@fQ|_i!7@iqysemfKMhx=fY3-RO%0l!ILQ~sMDD!U0
zL(51q^RhD;ToS+ui{V>EOMPU97L-tLDey#&86IN4m{*=rHy12ON<B_dH%ly7N(EhG
z%Iw&#((j8bAdF>UX&M9A2W8S?**4J?cbS0&<S}1L6s4SQQFfO}h6j3`QT*veWjFIC
zF$4e$PpfFFn@p($NJU;wmgRwmd|{zGbf#InoI<yZq8o>W1m{aimxa>TikDg_A{iLQ
zDJw~EC1uW*728EXQ-uT5i6g7C$4V&*LSt2l|4&-CL_qVQaeQ6pwY!)AjtBaa*i^Ps
zkE|Uporzzt-LmfY?Wt@l4p}$vE*uZBm5E4(aqf<7#0vY6d1r6}dz-(2Y_?xGJ$8tS
zwj*UB3(Z%DTrT3$Jj|UE(47+YCNR)eX9PltHOpeXav>LGA%eqhNr}_2l}<s-X8P{~
z23RZwDbSS#>ut-%so%>8`9l%R4&4X-pz5xLca=*^&F5{d78M-JfSlL>Ye_nsLtDhK
z9iv>u482NzSM@`b!B#EN+jhv|cF2*~9WKP^D0>kA(f&=&zgj@Ax1tAITq9c~-c}L%
z_KT%Bmx$V&p3YjWVJbdkLO)_maM$zJ8=_qZzvpFJT)Q`6%qNsQj|*E|FW|HtuR)8g
zse{sS+;<gxG)D9p-D?%5lh8GGo;!x%*xzN5?C>|TbVjR4b$Yvda=-?@u=k(wmOsAk
zV}*VLvS0%8_Xt}xS<AXL1R$>)UL8hF{zMUt9f8na_MOPL#cj>eKNal-f?aoOD;6H*
z#bH>1q+Pi4u&$KZXM&N#a~CATqI>J3)v&u3pEhY}qmGWMc-Dkbl3ku@_el7j6Jntf
zSR8LG3km6o&rB1Tv9zQnFUg26iJ=l{vn0Sc5<^ANu1M$ZP9FqyWkGRjqy$DR5?~`T
z1BFuwP#*N4*A?|okJQB5>obScME#W&VNobi!6LHcyC&_??W7&S(IAnMY3PqCRYnL+
ztw}_J89M^ITXx$kT*1qA;5Vk=XBuO|7&6MB-4VU7ZuKh-ahZcwt{+YCwk4x`#yogW
zNa{Q|(-}Q%S--vs(F>8VF;P2NJ<=u&Lj#h?lF1W=f0(uKqY!sJ(mUCJG`I4MKS4DZ
z%4+CGBk#v%DnS`T5Sv#r6fJ=%qH`BT|5`EZmM0AV>-fu)3QX{_7QK6n-h>g}`TlYh
z=9c;3&by}_|0~%*i{@{{nP39y(7p~kpR3gNbbK~v!_xV%uysY|^ZkrzM(%s+pvSpY
z|6(^5ix*cDa)7~&Z!(OXa~0a=x0RJB0|hq7YdE=Y*e*VQBOrS_uV9rrnB05rSn=nb
zAGSBYJ*goCfAC;-zOxtn)R}~?{&0fToo0x09vy#az48dgo@V-@O?;dm3@}$S!V0C(
zs$#%(joHz^7U(9zUt#QnbBo+RXAXINNCQ??|4_G{0lUAge*<3*WxlmEyeowH;TzM(
zW%tdke`&ZUm<b1SO1SXUD2e9?Jop45b!7FxN??vW*ypVPYfi1<cg+xkH)mQ{rc4a<
z;-rCi)}-(hDIZLi6JgM&H>o45O3QD()!v%{$S->F#Io3Itubs@FXQVl$_*81*%WR}
z{rQv92iD~#vza|nyKy#O^j(YjM{S0|yzSR-cr1NzUcmbs_~?;5m#-{?x2~^D+%4%)
z^4xG?9H)GP-5!}3Zfn^m%>Uh%_%HQPadGQaDyW@)H+Sl&f4JQfa@FFGI3I(os^wKj
zQJx1yni_eOc7J%F*DCvOng2Ae@~Yn;*%P9?ew5{&evt@8#oxNgHoLv+XR~Q_=Ftd#
z)1LxXLNk$)hO#(rBRB(%$Dd1Cb>J9+PFe96iz^6B=`+~xB6h4;z&@IWKN`P=j3eGH
z?C|xUmcbz1MJAf>BN``@AN@lU39EO$o#P=s<Dq_AKJl2MCc4ExAy=sXAU2tFOL!oo
zu*y?fLL{*YEve*lVOf&W=;7|A-%NBF;?`P{GBLK<Be2r{rp<7_Ij0x3z`!RqrrDMe
z+q5FHG`0z>ERxmOPpovvu2;P>6+VX6aKq7GF&$gu?Mrs?jHa+MA<-hoSoDPh_)~f0
zDJe?N&7P!kANl2Hc;t*mfy1gH&{LiA|J8Oe_e3_^nrzo8`Va_ihr;?wU2vNBjR}I?
zglDu;6fukoBVjx1af{v6`NLd})ISjf%LLDu=B%F`eI=Pbp3JNT&*(iZP(C!dSofJK
z&3WU*cJG=51BEq(XRJCGu;OBQ-}ja5OSk!^iiaWrWr<^0>iXr?fqKC+JaGx_b8%~7
zI_=GMiI(AWIM0-T+9NwXan#OE>{*`7bbmiX>|YR?;QZk8t(NBeFSeLNew=S0cG%#F
z-zHzt^o)2opj!-{=?TYFUq>~`i5y8qiR^r(DAmh_Ev?5jmEdo!zOP+1CmM$an}GDu
zW(+;ImoU9wZfc6GEB)sabU%;?mReti;}}hWg+f5ANqe-@_HoP<^g#rxMZDWK>L`=`
z<tR_E&teYNw1A~HiQw9$s~pQN*q0G;YZYnn!xl15&&}vi)rsI1`#M2;!yIO}q>;VK
z_8IrACW~)jv?Q5vh1G^oW4o7aRkZ`c?Agvla$>orPPy3^yZ_7E7SmS3fFr@AwMp2q
z$TRX_?o!Ouz|o7=GBU{(IajAL`rMs3f0(>@>O)adqa-__tm{@Bl6n0|Ka`E=xFuus
zw3ygnUPg0#hJxqFd*pZzAM*@CYn-64Q0#=iPN)w@f24QP<xZZG=hIPE=us&@+jl`3
zsLWTJ$I_KF)9=gpTOa0EF%&ab_guKptEUM5VT=7FW%+xiEC8`608tL^ZLuHIPtjao
zm$N_9`F^NSxI_3tAifITP35Vhf-trtW0jLKE569@j-z1_SJq5Csi>y}Hs`<Kg1>$x
zOm876-R4prMRbS3H7C{eCy-|JjnjzEMBPfKcdffM$j)M>^sv+V`Vv~>qsWRZ_SMmw
z;ng3V8d~Q}nDHc=r{T0AhrdZTe__F@acs_NjaR1?lwX_U+8vIrd6txvR*~8^J;=%_
zXbDWMg)23o9cyS^|7FITPViWdVT8ar{Kt8r)e#7J;IU?f@+kQ;(CWQK)+;Kt!bmQA
zp|?J}*z^_0#C^APhX28ZQs(FK7c1G6k8kW|RRI#cv8odrCat94#X@44Y@yI=hrC}`
zqQ$*y%z#zyzdP-RXYv#@Z&TmZi5-DoWwdQkwu+J`*wAO2&VxkB{A=&1F40tphsBF<
zA(V@Td7U;PPlj~4(yFLxHE}*W9nN*x8d^J#Dl1(ktEAuvt1KX#E*0CIDPgxsIxip)
zjuH)QnST(28jgC@SbV}*KaXo{-g?d(w;yd2fWFC;21`b=iB2)rKd~%>NTs5L9^{4&
zuGLn+J^2znyX&WF*({YhV_lkI+5rSiinczlXp9X{-OX61(C@!t<*m+82Ol@InhtX@
zYn@h>m<nyO`~pk)q-=4x#Kg@=Dhw(toVAUIkB=W}eHJ9K2rVfL0!31o{V6o6#}rMA
zpHerGYM+Z=NKLkzLX)O~&~98KNK4D+F$%_(AN(@>yH#PQ(akl~Oc;uf84~h%q4z&i
zLw?2c7Mt0nP0lc9XqaIU{}&T4JH17zmuce8ma%(j4Y@FdroVZ&7*$cNk0iiet#JFH
z3GYS7JCoORZ8<TKvdUhM)jeUV-?cv;T_%07^^+roX#3RCSmGekI=COF%@ZUPYqpXp
zb_cmVX`h8M;tAisjq}{sAKPFvh0`X1u+I^;K@vj19um-I$_KIPRlLV78G^pv|D;S9
zGiiW18V8O))Yc+6bvWWawL%y7<vU+;I=JvaplX=(XoSD)${qp_dozOXhl|GPxiK(l
z=5RXblrNa~2-rBm6xw0f`lR+$Pcx&KGIBPb4#qMfxw9I^)IA!BO6IAY_;0N}c&65I
zBVogsM~(-yVTZr(1DYa};GUuv^L$WD7g~Q8>)%H+;Bb*{EF@}J)*P!3@3i+h1h)@k
zt;7RENSM>Oq)cjeaJu1`h9ux?aLh2>we7`~aTK#~j&RMycW~}d#-tz(Nvo7_BsoHo
z42C#Hcb^=BsYeaE_7K^p`tl5E!S_ESkjJowGjRTq!z1lK`IAhzm-E}7WRKriSMS7@
zvk!1^cxR5&2RMn#x~q>RY7Y|paZ<<q3ZB4mJz%ts!?{BZ5hM%IbHuWBg4aSBI}MhG
z7YPr#cE?>yr{BjP&3gs}lgW-$>pDPVUGLod0|c|l($_8k9XW{;`gsNklAXlinYLQV
z*{S*ZYSkUxbJ>YGI5N5V?9-h_WM}XlPvhJ=IUPqhD&fA;A>e(<u*$PhalH2z!x{nb
z@IJDPo%ZnoNu(!-8+;%xV9Q?7CwzLY(D`c9T1JX+$j!4v@U(0=Ji$A0|5gI`Le6ha
zAZ-aIXC^W(NJ~;aBX^U4+v}_NnO?SGs&BX(blvxhK`GY|`8S(1cmiEC>gWiJr6ijF
z$JA9u#nCkD1QJ*X?!n!IySqEV-QC@7aS873Zo!?!9fG^NyTjf0`*qLRnd+{osh+b_
z)4S7E^;9?M%FAO37F(vF{x6Kg*#(c~2TDaHj+=kg^Z4DgqYtxGAsHoD)Hn6dS2<QU
zOlc;|1*7#Pne|vHF2DCo1kd|+4mDHGnf7XEl|#<llMqgY@idjx9%{z&;pF!iS%!`D
ziN^4EYM{tUkFjGqSjLy!G}L<vc|w+W48D$pk7jru)%uIeGtY5MY(?mldg(?|NiuJd
z@VO!|YofvagOq2!<DICSFC|;u6AAN%z1NOjaY;8=wXhvs9d**|U_vpI))BL}g>O?C
zqee@*zMO^Q&%p>;xPTL$WrhQz*040}F~e<UB8U7hp5Aqz6cbkX^&PHnow*}k6}FZ)
z*p;kRwN>RGb3(v<ge@3Ar_Of%L>n1L<s`?%{f;&W4Alb0(0`-t+xpv~EMNb~v?^IL
zK6ZiDsV!Hd$d2J7x`E-COcZU@Ea4rt?K!0=no%l@vs|@8pa!g_%=!8(q{e&mlk1Qf
zoE@XA)_(J|Y43-QBvV^L?mv|c^gNmxC%7}*#iZ^pG+l<L<pb$VZLq(cNm|?s+Eq?H
zRF0^RaE1Rmbv%&6>d5j9fz1@~@nFz)Qgt-o;AzxWN2L~AO_yoJF;;iUC!<zZZcc^k
z;mF=SR1Kpu&oQNN-Z8E6c?;J$d5c^%r*hyC(svkKZI}dCw|@k?2&{giXPE2gabZ>T
zSLrrArS>&S8_eMl_c-|DVxHrA8_`NW`f&C=q=e3%MpIdCS(DXpSWW1=!=CUuwO!Z2
z8avAcL|^KUaVZUw02m^IRVu4wZGH9r?@h_2m&*ftXozk<I_zbE=+JZwXNR%HYjmuw
zsr_I7wtGBdjzqT7F`zlLLM|rb@uxb5QtxTUcz0;c*NMutLjJ%yL1(b)PWZ+)mvHD?
zatMpnhFQu4r#fduems5C9!yJ*VuGdA!;mVRUL03=l;kMT=@o5O{bN>wQvaz<AayVt
zBIFL@zo|EU@D}r@5FPAntg$n+;3~_BHfAy7BXQqZ<QmJukJ^Pro7tt-$qAN+Y$#Xi
zHlhR<^SMs31RUb3gN;ZyZaOBKs^TfK5ZDwfFxpI-s?!-+2vJIElIq_blMw#rNLQ#O
zpEQGA6QU<MRtr1+Wee8Z!Y$-rxb0x=D~PYIhi$u*)gHgOJ)*O;XJ12xYAPSu%pzom
z=s~GcDw4bIk~GdWPY>`0GP|%p#n5ktt+$1-10H#(y!0~>sx%+dLv1;tEtHA+LWB%t
zP+9^ZC)QJMV1LSCFiG<2XLGp?m${u>=<OCKyu1sA@WYCtCiFlV?wpaUUcw6Zpp*Y~
zW>Z8<;2210YxX=SmM~p@hZR;su&75+^>4+!nz&%yT~|l!0$oj__j0M%J-qjuzTcyV
z)Kr&(?iA33`DXHbme)VaaRw&Tu#`v#@FNU?K|9Mda3!)4rpc4O5r+JTK9-v<b}AL>
zXlK3XA)nfD=hf!fTzR7d?&ac*=L7lcysk-kA1X5!8!e+(U{kO2C0<z%sDSgTfxS)o
z?{>7WPf%eTydJ8AysEW6Cj)9(2VC3Ro7-d_UDRfN?eFle7ib1+<-b}wN9S#@Ucm4n
zuP>Hb!CmSZ>7$|&Ecmdd)!cOWl?!_nL!bIet3O^_!D-;OKN+kqq6Opj#*wtCwtGq+
zl^Y`enE_T4M`C$mT*uri=T$@zhs+V@(MX2OB`B-C+QI0sc1~XPyHr=SLY&S0(o%D<
z8g<swI;^-W)$YJ-uYci>s29~XJMzg2IDdX1G8t1F4#xE`UbKAmMKgK5;p%HR&9_cl
z{HavK{Dd}I&+8MEHw&-GCON1eKUx3lLov~296m&m-F-RY+fp&XdA&)>FPvWr!lzSD
zwFNY<%E>k(@FD#;aBx2el$v6{Q-kACZRaQKX5{m&&1@MmJBUVAZ^?rmW&bnh<nxLQ
zIAyztdhqlSl&jO^z#m?p)jneXKu)h^_w`|3J|=ayoyi2J_^8<add2mY>otKAC*mjm
znz8;24FOXxN)4LwaNMffZMiOSEH@^zGo`7%T@@|;>zto|RXJ{#vb)vML35D^rKvNc
zuyvin_<~``WyDXg@t36*H)G+qlcD`pLD#q9j0mSkj`-;oX)yk)I`#M0ruu$WnTr>u
z2&&)CMlJ5^Z5~OZ^}pH&YL74=ak@{4B8bq92b}is*E=*n{1Q81+*Md_`9C;$c@wmb
zM&*{N(I|(NklG-V8qdCu5eFuAo|z;S2`I85Hx74cvWZfvBO{~xyi!wB8;V|uiVBE|
zQYkzr!M^2WChTQ;*=@gmKJz54Wu}c7$B&Svkvd5d=DZB`z{Gevi&F(|k5#3*P(L7w
zZ!C%W-N&ojCcQ3#%K{pbQEbEQ(c4$<wY^&r9_vAh9kl(!Z`;qG(kjtK(>a1X4}Kt$
zrTZ~M|FYO~`w2VacU==8+#!Kr8o~FGACQb0d~|Cqw&)Srb!I~Jf=Q39?j0BTQTnCA
zWf{X~NseG@DT88RgpoSy@1y0bV_M2OzJ7-};bDHQ97<|z>-6=PT~WwQz26TPATCxe
zhX}7#HI56hx}*F6t@!+J3vq|J>IFRljSwc65oiO%Q*8uRdf__A57jmS0sRmbmkZTu
zxsl$vNtZ}BgXlz$GvA@a&;YI7D*9XZ5MA0@q<gxz@d4B+d;eTJHCL)1lV5+R0oR6f
zm>3S?TN}XlubN}9RY%uxN~@-rBeN3<j~Y$KLCWHp46;TSMJc|AO9^vXiOYVZ=R;cR
zf&y)TR*tbuxQH%TE}~nT=_;YnT}W}<RiWPm@=-S8zI9E$>M>QP(4~|qdls&gq)59E
z=oo|fA{2`BSs^rfPmfdTq#@xkX95{S=VV1(<o!|~KtTV43X_ToGl_WL4>mXvN0$-F
zAy|6ZE$F*z&9niPQ%9k;Pf$I1q)%?uslxVhg<RTQhhgq3I%nKk?gpfu^_cMqI%Gl(
zC6zdJ#Bt_MFG7;zI%Rdcp?-8BRvD!!7p1S`Ku;cx)aWlZcZuiUp%MJrE(wmKQ2U{K
z!5^zc#y6})`}{RnPv;S_j_X2@^RV#W92t~HPk+Ey(xNFP8++q^v!QzIATRXJo9@vI
z)*dZ`uwG)-8ZCMBl;o71Cv*=-Y|z3R#p^mql<ZM~G^v42lh7AhLeV0hsKE~FC@;*+
zE6g0HQaw}8`{zP2;Hw6I7l+22n5c}0#$1h^>Y@@&G=?@{lI>!*TxYm=Y6!RNINx)M
zJNBpr9UovlDRvr@#JBBlW{LB(Qy$Q#_RQh|qxU(_hGaj{!>=|lLmPg~#He9(YQE5L
z3RSF~BB2a|$8EFKKX*AbPhOr|MR$Ad7%t%sfomg5Z`+WCY_y9g#`l=*>B)eC;7nbf
z>t18AzbQ69IWI43PWd<Iz`i$kn;h`c?5=zWTZ_+*dtjK8Qp8tkjQ5a_*bsmhea{Z8
zJNFqAXx4&?>a*h;SF-y(YZ=2+O!Ar|;`^Q)0FV1TcM(b`Zv8uB64ygpTy?ux;Nv(s
zAOZLJ=t60nM;yOe3jBicm#bbErS;7QQm`2w3tYSR8>e)VcMOS{vvDMu<Krq6*CyK*
zNcS-4ym-=9Rk^wdw?bK>Q_B(Yvnc@6c8vFJ6^gHGqC{JIAKy1Fpp>}mZ${FjEuG2c
zYw}tjJyUJr@SMh1)#v2(SgS|(W9vcFM!mjeuPWu>pUrC+SE5i4Xp-=&mAa(bmR3vQ
z#E?UgiIb*O5zCo7+*#B<=VI4#aRICGhROM<r@894F##uTbHgo;e}{&jd`hTOY+IwF
zUXv7HJ@US12_>&%C|%eO^(43f6EQa!8D0_egr%r3HyQ1BV=|YhsV?b7M+@wJP*I@c
z9I0E&S$|*3T#bnyZ0;=dmKq_wCL=KClSH3fa~(DIt_!FeaI8@nA$=y(BCkQm8KzcM
zqEkR)<{TJ`rxwNFr0UYM-r|+46Hpv?RN&FE-a0fS+ZU3j;!pd1T}I4K1>Ic@MW%by
zQy6O{Dm40{1Bn<BoVdEqisY4oC`AuLMbKfTzo|oHA~`rDIGuds1{V5l*wYM@Zf*PW
zS}<I9-#KM<NvJ&ouXO-<zFZjF<kr6-IEw-aFZEREnYP3|Ov%Vl(C_c?G7)-?cc*q2
z&)L~4IoQE1w0$cDhr6>x#V!4_go8N^mNS8bUJ90zIE{*m(LRznfhz6Tb4no83rai9
z&ZDzCz5=ihjs;JED^Rz;KH!C1z4*xh_Rb7Txw|)|r#S2>p9?i%Mq<34X9wtAhGSH?
zYzpkZdh0gHG%R(zLYZ!+;P+ea3ywe7);$m85Ae0vZN0yC3=G25stmYB{#rVnH&jMn
zA5QVfeP5&76RSh|*ZK-2=M?jVsVp&1fK__uzZ!yf@vBK>#Iij<W%T&{-=w*#+OXvy
zB&0Iu!wh>z*1zJ)ayvycNRFE`3gMeeSdDWpef>*FqKX}8C|Ck4z@C0_C3ye?w(*Em
z{Iv>IN#(;DdOa6{5FY?wL)!D<wU|7gr%j)*Y7@z&IKG_mT8OMbeBufX%pk;4ZssW@
zpjE5{cJ4r)Ulzt@q9`^~um~wfSGLK{018-z2%(uzT?I+rs>9oUDH3ZcNv-SBBD+N1
z5H(zFyJ%7MuqAO|d|bLm|7k6^J<ja(l0?5q;Sm38<_(a4jRoK}h)xvi)rtR=ApmI;
z#G@h7M6_la-cKgQUvg4iToG9({KxV@h|qgQib+MAxV|37_;bye=afYCxHdTSLo2gn
zxxqI}cyt|8sp~|zWsjtAO@?A_5heh4Jn;sHi%1L1&jn9~XjFQw6ouZx6xy?`iFOhn
zm#az}EmP8?A6oO)>3`X~oPxI>vzW?Gq)X3ejEMtW3cD=F3LEK(detO3WfaGE&{ABg
zoqM8p81z6$l8j)EtAh59wEA8}A#T^a@F-^%&4;s|WEvv&dQ-W-amREGSLmECAyl-R
zH%z+^Ou$<tr}^3=8QLp~wn2M`*n*5GCC3=_%3@Y@FCtK^krhw{ABg<-m1y@>E;w^I
zuErH%nW{C_3ds};DDW|`x1$wwRU~MiwR%1<KqX3<h1#~T{G{wS;}38N*B>9gJ^-Cj
zZ`%zc5GzaBJGB9ULd|WXNW^gD5Z*>lXfN>lt6OA~$0$rukPj6``pC!_NP?%}BJsM!
z-~xEDLC1ZkSWf|fO((8gf*<~9Ds3`lsnxe_z_<SJ4caeKVG8}>x|Clu8HAj~!XA+w
ze4|+c+FjEP@Z+_+NY}+rb=Zu3i=XUths9F{PDxB@W7rFOYS*Aw-sr^0WShUSMIl2m
z2P)o8_QlMXwTV0KVYXq(OYX@=)y9xucHG7ey*6L|mKSu~dpV~jxSpwU+w(I75@2au
z4vV({w(00v_IL1}x9LEC>FPJ){1!!*c8O2%JR}o1OII(4Kl{>lr3azuK)iDPH5eps
zfW~);5ZJXc2<C3nP7=Ksr+XhfNaZ&`f=rJd2o86>tnJKdf&0b+_ewA|pwSmN?`zyi
z@>xf)P4clTlp3)44mf;sH}jS4AekCPiee(&jN>mV&0aZvk9nih1yylDVJ8u>&<cZ9
z$R`oq?T|)AL0()A(>HF!O@TLd5^(h{F~`Y!@$<C2NQ?}X5QZ$LgpO{OcC}dslAkc$
zudoE>%quF{+ccWiem{k5f6f@Dj3Ise>a%JUYEbX12VT|Z511yC$xzW~%KS4%IB|`%
znHG)o(M`V6(D+Xlg)TAam#eS}l~eG%VW`WDVciGN+;7>iTF3ID8Dv?fpf_VU^@0lZ
z5{co}o5QfF*RUk#2g3OP3d9&SEj51t?cP)(ztfa6?OWFcbmb3JKcm9Fi$<!z6aGfn
z`sLctfPoqcJ<*reK7ZBm4|-+jd`VYtMmPK`5cnl<>^|W3t1DeR5SI!iO=+m&)ADtX
zpi78{83HiNiDRm`?KRh6kc8O4hxZ18D;xg`uFue6b>=ZFF>PLxF7L1xb3Td?KO71P
z@WADK5};y)oM5iEtC-EG0RK_4P;>1R=^_xIJQ(Ig6z0o|P2jva#C!Xoh%11A`2_(3
z<wyW>)vU(u;B-8Xsf2*pBMJbPaNcY`5(Ikd5`|V>2PDrg)TD@f*b#2?gVh@dn~icy
zt>8W<$obYt>~%xH9CA7y^u<nHDvNJ%I3|#G+mSjh69(!b(Lb+;63Y9iMcZ5X<gy-}
z9U4M#GKEb8NzC}+p6`4c`+DORT^>#e<6gfZXYUMGKjIte{Xpa(=yuMC@L6x#p(Q^%
ztt13R5kjb^bI84zan;5jXQp4?REB?R63Jxo-nD?d)YS9V6_P07_FupqCqsCH&p~+G
z5<rvRWcFZt303olUU1{*ZM3tv<gGQKIiviRq|@e^^05WWZ7zsPqZj#YOpgfDN<jQ;
z*B5=NigWfCWu3`38FW3S63D-6U3-;HR;`o!Dq|=^hd~=Tp+BJYgSMgQN~aDA&`gKJ
zV+*AZ#?XYH`6qfXD(eUiLUXF|n>qG#QI8J`XDfemi6U@GB5;)~t_bCvJeudd!u}ap
zOz=<gy?}2ag*yX5X^nFFHYG~4Ep=o+ymp^z`xH!^!b8_c;@G@=m{`9+vaj5sjvh@e
z85aGUa-P1_5}Pxkuv^s@he5?9+p}rFxi?9w!ERLW&gOu5>WXUDuS_}AWhs!OMYx?&
zirQaBReO0c_lerKnh??Z>xj;_EQ;odIWv6CSz5VxXd5#n+rf|M=6!MT?h(Fw%W*li
z95Y4l;Wz2zy|Mr9F?iY}!~e@_>@IWIjvuB)YeC1HK3z!55;pn=!+_maZG-JN*%Nd9
z=Ve#xKNugjVW!NEb15=&qPR&KrSLr~c6C3&1&X9uSM3^q;+@(tr=Jh|^~PPIK+8-0
z3lRSJ{G{1}-8cZq%}7|^vt)mJ+rGp#Z#%CwvR*^qr`xt9B!7xF`??S5jBYO?_x6Y1
zBG<+LBdiqJx>qj4S?}u$aStrsGb+RxvC&37i8(F8^f>_A@nm#t4KtUYI1p;gYpmFZ
zMc{YhRG`i;SI)h-hB2siYD&k`*yG{HA9MS%-w(Q1C;ey@>TnlrnxjM<?TN|0agE`m
z8f}i59XeXS5e2w<pg%0BWTPLI)@R0FQ(pqSjg#ch>MZ=MZwJfI8ZADL3V)edXEtFJ
z@>4U(#RZ9(#|DLDwm4wp;Y;=<-8Bg#g>E*%#JHgFY!kL{9mSy|Of}MUun%LHerjht
zq{yu}Ru5U|d9j?MB4C>Y;jv6|n~Qwsj~9D&v&QDlV%Z!2Gn;xZfnA;HhTD1H&zGU!
zgrodw9k|JpUbcO?0v5LzmLw`cM!S(Hc6{Vc<!aj`Ut;PPRFFgC?41)w&3wt0old&X
z-X)3zLdFnaA}np2MPV^geNyWT5<*~iYa>sGkf+z|ksoMHNt;xtIf|>L$cw<s%6Rc2
zxYLByQiW~tyP@U6OS2FxNg|Lp0LZVortN8N2arI8NGLUs(G5&)$s{~_G5x0k1(o9^
z)JWKBgx6dO=}8`W#M|zo|B1-4YzBU`qHMd9q5OG>s>^mcQA|TpOY1M-HA0;b_gYaU
zVkr~anaOs5sHY~XrtbA5eX0>z_v}2>&c{z&k?QNYX=_Po|E1V5?>&9)a%mI3Q+3c`
zKh(LFc)8#1$5ez7vx*XZvOfS~WJ;VSO`MvZde1HMYULe0-RVrD-Wk2>Eno0rzH!r4
zX(`W{#&rw(fy&BKo!htRP2%a6|15Sln+Gfrf)N~%x8%^(#dNEDBu{s%+yszW!;?7_
zows-|$AP_ePQM)K679JX^{x5yk{mta)L1`TJfRYd4oF|tljbXwq7}-pdn0Z=URu0Q
z<%$z!9!Ou(09ED4JDd=Kla2ps8zW-s5B@H^qE47q`6QRT^7;K7e$!1(Th<JE&^7cZ
z&li3@Vv1Fbj@69LJ@16uQzOCM=5Nx5;!>p$QKc}ap@*Dd1;|<<L2!P3A2!h!h6hDp
zf7^`5^#5M|PP}S9?M(sYTwT~#vjHJc(e%Y#A;`WNO7MsFmxgjlbBzR~VS{_qAO7rC
zC~R}2A`QA<tkD`Y0TBdhb9v1gU-}n`MHY#VbTGasTOpG#64RVih+HdDHDdmAmFtO#
zXuGexZqo#^W(qtQLGe|Ia{P|0EUiJAxFROhW3NUMqr@a<3)Boo&hKkk!@1Y^Qh4im
zr}Kptk)*@=U~#kiiv(Jh094yT+xT_&Z^h8fM{PPi+Am$OB;F&)hAn8y@-6(LrDWqU
ztR_c8|9#ZLBWXfVA0aN7N~&d_9I^5U$4@>?F*&L<DN~viMu4@fNiI*<A#9&!O@0GI
z0HQx}^UR*SVn-jT=AS79Bppv!M6pI{JLh@_h|nqok>!kafd@|CpKcgIX1Mp{CE6MG
z^7$u%YW_<rz@wFKoiFJ6<~AUKkAhzGt@9P&dLv91wB=8Z8qaf1xi>%5w^P-HJiIcK
zt;-c4ztwF(uEZDk%&!eKm0mz;I2V|CkEVK~Wc{u_EZVNZ@h{pQ6ldZ;qi1)-Ef|pk
z!V*%xreOIJiyWMfa@`ToL-x7=Oiqy0YyH)kAvvgE{l11-lHRDa$RZC;MlF|!LR4eq
zKaDgk){Z(ne;C^5L!AeSEL2A<y<`0jy>iA2jC%}v3^U?$MtctOWKJL<kT5<7Ut)Cu
z(42&AR}LU5%^ioQ`w&08asll)uf_2DmWeBjbh;sACe+Gvas^-c7>`2B+t3A>2{U^@
zBN4fr9GO=vp9W|UoZG;xZEt|YbR{4i69m&8ngAARqs!CK*_KH7eiV~`21sXA8Mv6Z
zb%9B9@kmimwsQ;jRpD(H(QbM=`}>8t;v^<Sosz`xV!XK>3WqXuJFQ2nsBiPBcg8D_
zV8*LbS?yVBL0g{!<$g<HCe?19?5tFpVFCZqR_1iH5k-tm{DWIDXFSd$NVi;?Lraat
z9LR(pSA`4T)_`xI$gArwZl_TyQ&)pc>CG#9{U)+Ip<qzKS0z4NAr1;or55;EuVpdq
zO8&AAGml5t-+hYwQAwd4hO&g%n#sN`bXOx!sjT-sTb7${Xxn<j%1?eSr;MC>rJgU(
z!bfq&w%qNI%j@FDJ<RP1YSepC>GxD?NIq%p-xD*X8_H@_*95v>Z_2|r5;w-KT~9_t
zZjYyh+g^3!X@usSW@Y?;aoQ%d?#d3@pq}JHK7^lqB8p=F<ag(>J?W_@?m98yyAcqY
zAE5bC70T*2ud22vY8-(do-nRXeh}4QmJcvuv>?o7Meb=vw@>ItaLtSw77_pdyVU=>
z>WTtd-PrzvD3A>|tfUUf=3;Gvs}8vJg|hz1xm`&O7Iw-Vi-Uz><(D$h4bWBNYFdqo
ztYlX~szKxWI5cp#Lo5mVkd5O6HR=3=8hVc71e|!|1bV6bqhhK2lj+O@HbD~v)8l#v
zKdKQm=No)otgJsG{`xj<T7O`hzrXC7+^U7#)0j0rTSc3OJ_uOR$b@q4K3bdu&hwgG
zfe%+U;FduHxRtvQGmT%_NYXIGZ*!+fBlblzgN-<9tcZ>4g`e%q^xH2*6Wzv_spuQW
z`}(p3?arrWrVP1ALT`l}ktoDZ)pw7B{SaUcPCVdnd(#qP%DWpJB}o$4O?B?CN<Q?O
zfwI6(_LQN7*ueA|M(T|&dBt8tU~H0XB}Zu~cEzqmv^45{10(cK0r)Vr0;;DS{{r}E
zA-zqgQkj`_ZN%5sl7%0-jA^9}<pW*|z%n>0wM>_ys2^eEPZ_c*Go#jM(v+CeU`3Vj
zNzXF4+any4@y{&fNv$l|vG`LdP94o^7AosecJTu4yaCgFXUQsB8teaHHBnZm{iRj(
ze2uFc0Tm0Q)<pqTFz;GpqU!gmrrfsHvg)gvbRbLh*v}^NOgq{9vAG7ODt)r<hJSsR
z+(Aj1Hbo`tZcsGOjY(a%ZOrN;{H|gO3)=AKAQ$9H(tMRG{Dj#vkAT)&7Uar89~!Vg
zg$<z21|V2=%Zdg(zPd#2$NW=8oo+SN1iZC@soW|SZCgg$l1W`5bQC>`2{RBhn6e7<
zmid=zJyW_Kqwp6mKonz@#ggB2mg9W4FpgcX@3*K?v8a(gw~(LQZa-eepagXExh)Iq
zp%q7|xv?gTYBNd4phY5w`I+Oi`mq=ZtFmx-e%(@j+-8h@;_PsT>1@kcZe35bm}+rI
z|4RHI4MsH6Im}#kk1LlsOO4H}giDHeame?GLF!1c*9V}89Lc7jQCpB$eLD{mE3P67
zn<mRa6UF!rO9U<ppYybYa{)4^UXUN2q)~?GuD%z@SB~VYO?J2IFP(kDkT?8D#2{Vd
zVB-UDEOQV-yuG2yXtw3L=i1%Zu>MFi8o18gf1LK!)lmz)!*(SUaVEq%9=Q1GnoKE=
zp!S`)XELspPcwqk>T<WF;E%XJUNSAIvKyB@=pd{}xB2!5?lX<u%5&GYt8a|3S2_31
zAFeGeAa{e5Q)J&FyEbOs7hfxr0f<swO_OyLjr(VmmCy7cP^)W2>>~*LqZI5!)}`;O
zxJzRq&(RstO`u1hwsUIOlY(Q)nGPg;_JCjMu7cn@FBN|642j9c1FUl+HK4LO%UlYi
zj{12k3J(<{0O8+;da=0>+z7o#{m#nsb`7CH{BJ{p*j%G7q~F{~&1)8>kyqo8Cj5Bx
zgvBkzL4V(d8nC%A+(>En`2SfREv?4I_WAKB3lELN012M{;Ilf<orzFhNC5W0NT00E
z9myi@WZ}7+6?wb1DBCz61v0XDL^?3OIxwF5>0E3sWHLMaAghzq*(`<@Zb3U$<so@q
z0Kq-sQI*w6m^}HM1o_;Vrt;7(6{|~21nu%1?r-I0HsDQlMJnzO7V~JW)2@5xpR+yQ
zbN6j%9{A8<)>T9Es6RqDI|0mI$l6wymN7Ix9_7D?MpzRKSuS!({F&ZXJ15=3^hN>f
zEqit*^gwq4E+2?b)zd_bB=kxJ+u3I9)OZ~#$D7%EOW1pBr12mF-kgfIUEq$5>6Nrc
z6E%x<GL9bkb;)j3)9r2(1i}sJGEyA9@;6&vxZXS+4_0!%jaE`O1!xcN3w+AKJuuVT
zXd%M>nyVB}k@ZBye!#F24ObE?$_%B0UPzH?35kpYyE`pLT0!uQn>}MRX-CbCU9q>R
z8{l*unCkOKTt{*`vo*Ev>yJxuRGC<wL6{>0Hn3eNn9Yj&T|=<f!^%n-+T!1RZedI+
z{8*H%ztjKAg}1E=6>qu!1H@6f3CGnpxAGAHZh3jx2{ny0YkivYB4Sk!7dus2R0TCT
z){or!3uGJNd+^L=TsheVZhJ}7?0fq>2KTs%Qe@07Pjitr#vyd~{s<7rF8HGXVDXGl
zxTOmGSQFY>ECFm@6a2t{h*SnJD+5?l=)d9XbtAP90W{TeY=@&;&)IpPN^?wKS#1e%
z65Th~%hZ=OVC}^qXa1Z%5X~Kv#E83I3LmY6Rwl$HydwR3MXDq*Y-OMOcN20J9;jUv
z<=@$1?X_3o;E5dDsxG`7!bSbw1PE*C04z}s?%D@DyFuc;+>7?K@c~&oN*8(~19-k-
zkc-bpL<Y#eAR#y)&AI3F(JnA_<RQFI8*WYU0XJWeEWI1CD77o|xIZ1O85Jt%^ECAW
ztunV6z7KLL2Fp}@^+~zR96McJC$g6<`i=PE?0VD;FKVT_1FsRzu1~gMzX5Ohw0U>5
zG@@eyIrn6bjMOC3$4Qs{NxNg}{wPG~5)Q@dM#NA`pQoo6_;D>nSVC`LrWbe_%h@BR
zlXa?_FZgQWs^YiNTRi?1!Xt*y4dF@+48o23KENr^=L@{@{pNFzyOrb%6n!6FDdEVk
z2r8hroK_vbU%hQ{%Gpuk2MvIix11eC&}o&krw$TN<pCE{T9hpE{@xEQwqq$OkLYR#
zhhMrg^gN%B>8Q}v0t>>UK6XOmb?wz2qYH!vys6DT#;v<2qk-Atj}#4O@(kKt8)mst
zKiYh-`h7{(=QbXi6R)>f5StLneo{529Hy>t*Yg_)_~muFr`s2FPj4j2qbBp5&ut_%
z<F3$@tx}Z;>00j<cS=Si6)O4fV*fa=;`CSW@t@v^fdrgG1J3cd{TV#{=Qj4Vl)Owv
z%Q|<ly{znBl;HJPT`ey;5zp6W)XgugAORYXg%2+;iTRzEh=d*N0v2``O7M*tfOB4E
z|Et?Cd7X#JmXxa^=5|SD0Q7947NzwD_S@vp2UD7Jow9y%Ww~>ovXRfCPL#3X)_e1F
zcwfoB19IDyjJNpdjjk!A_#EVw_T8VLWHaDH)0Il7o?d;!<7u&ymq$!lr&$is+fCH;
z1{Wj@D-<jkI5C#NE_ZqZP0!`ZA+4y>D1)o<u_gd`3mN<%rLR-O)7X4Q7`REO?9~nv
z`z-6C)n(l-?DaRp)4~qD<e}-QyTL8Qkk12rCan^_AFhZwQ<%PSQgP>TSCJ)s^LB~K
zs+nW@W&;BDPbwRZDMlOjZb4uP$9+Hd1>2e@XYC+f?u*Sn?v8VH6Wyb5qOEAHw-b`V
z1Ytd~dW?JW^rc3i-Yj>=vpWox+n3E=;Eve{b70Z3>2|Y<dS?nN^O=zX^Ngu)$HaJ3
zyg-{2=gKHHu|TFK$OgS~8d9O1rFduDbaLbBL?1L3Bx)DC)ukI&&wfTAv&6nMw>Zu%
zurP+bVOOSQK;VZX^R%g758~s?k~&I~Qe7IlREE*JCg61QrwBp9MkJyMG>WI5ky|z(
z_&lgQm}e7d8A2QQ9l>rdbAQl=e&KL|Bs7SG5{IK~Gqdr4@VM04iqOsd=O=`FOZ?i^
z>V^US;SCDMRTB~LSI0NzaibTTM`RN{r*+udRDR&q08%}O$CW_JoIO$G4Rjt+v8Bes
zJie<Xe{@x$v|77^VXJ1-`QGHV27=B!J(O*otFj>!M;>cE$E#sTMvbYqQFnml$CDb~
zwN7<_mG(|->&#DcfR)7<e*)fQR4YwB0e$;8)+!J<xc8%^kD7~`3_@+jRo+Z)EElnG
z;x~nwL2Mt)iC2dT_2u;25=EKw6fu1jpGyovRR*N}_6p(K`c#GzI}+M(c%jHEh$Pau
zMxn@JhzUC_x&3hz{RZ{PtWj5^4E6nvg5mo@RECUwY+dY8S9GC%^Iz>sI>5?#qU<fP
zmJM(asXl(Rrdr0pQ*J6X8`7Qh!90e<p*z)0*$Yi=8xLr&@nzO}aKNBEOJT*;q?2ks
zB$0ZHAxVY&K%pW5@QQ)cZN!k+q6v|kuHS6jrWTZ{kN7vg28y9Th@of)H)nwdh<I_y
zg15FQLpb;;j`!>+!b*Y&d6LL`c-_pHcc72W8b9q_h$S;CjzS)l7(^B7Wsar)F#`wL
zVM}T-AW;wcqW4qs$%|B@I5&ctF(YNk(YkfS8*o^>Ri+56E&zc2AQmVac%trJXf@;=
zw)JGaU8yB$;2K#mD6S_5l%RXXZzSrsU0NpJe)Ka@hZOx;7=w*85B`cFRv{I~^(CQ5
z5NDdaRIGtTlV_-nJX5SRUX0=9qV4Ce&HYv<NhK-8#DAPc9yWnuR8q(BN|x9Lge7~_
z*SQS~`Nm@F3W+xyMesIvWHYu_XO+bBcAPy2Y%dfuj?r0S!*V1o2%L{lGWFc&<#da=
z=hg)|E)?y0akBeg+E<UzjlL~2TL5!7m-}puC&ofV9ruQJ)Cn49+NCO~3t-U2P_-#K
zYNgOr@rStniRIAOdHx~4+fpxCuXUHt)+DZj<y6(ra7@vPEbD!l0g@Gn+GR6@T%Cb4
zJ~%5mSphiGr7TT%WrAYi#TP&g<)Dx{U1dm^!iqWJVkix=e?2Bi?(*=egIpz0?L#OV
z*fhmZC~J#96y@M=hEQUnRg{CAYAiT5q-5YPqRF%gz=vlCkq7^vDhEmL0{mjYG<z2&
zYbdfz@WE$)wd<0X^(x#c1ADLZy$IKCEA@zjkyV{PyVkWM6C1aq25!*jvaI)tqq(d%
z?^Ve$^ukLXeqkWItk-W4l@Fi31WKHTt-UK6tTpf&xCz$UdjtdQMctdr6>&)F0;OZ)
z#<<DB@44v|Wi~OgY}i<Cy$YZtP?gBagoF8$GK87ggf<50n&OAmSDDy_WvtyYNqnra
zdgpU}B~Ww&o2}>zb6bXisn}SkFe@UAtg-fmN|Pu2$%MsFRpj7&&(Si$S`=Y>DnqRQ
zSi%%2N)!=gy*uH+VALWGr9=*pDpxTSCn`)kc|@6D1d4RTM{HT|BPz_MESho<8d)~l
zJCSmb7Ag!oIam%I?Q?{ts!T9J6;!<_Me$n})73|b%fPy=_SEATh&a1HM<@hCGDbY(
z7*DF`gpxN(DoE^uVlYlBxYL~gAdrby4gx}7C<ozH_0Mfxj{u<(V5$qDC(8uU*RvtK
z*G99kNskcIu#KsNv%3E=vL5lKO@rgHWm06xX|rgdl@T7N%f5b^%fWAC$hdper(!2&
z2~C%TmG#Q05UYX>;eQtML<Lk-{@<fR$Db+0!4SL^G1EccT2UsrM{Q+!<znTb=LnnU
z4%>UAw=zfg`Z+Y`KX#Cd?LX`B^-nX^<8NpKYm^ccO&RnXPQE02<MMQ_DwM(EQx;Id
ztQ0$&$LNxNqlxuG!!^@??LFR=rA&pv0}-l0F==P)4CPq>zZ~k|0g#D}0^iX3LY8DL
zt2jz_&k}y-Jh-lmJqw9V2P>m>7AB$Ohtcc@r_kvkuukIxcY7a9IZLD(l$+|(Qjbin
zVbPSoZ}c#(q6XJJpKyXwrX-D&3q`c{sNjsOTQ5=9qoThNCEd7S;dm-xWsFTB!)7N8
z4w4m<&3`vvO8_nX&JqNq5k<)!z=5KE{#znlQ}zv?Pp-3ASg^4EpRE;~?@+8q$$E*(
z6lWHk`Q?DGebW?aax%8y)S~g+$+oeij<c$%)VSQ)h@^X^EEFe$bU^P4du-{>4h&*x
zMc(UH%)o{c^Ltd|U2O%{D1jqk+OwF2ZA1!gq$rH2yNZF0#1tiD0&URrSOyfIri3eg
zrc=v`V08N+1IkVVE#WE}a_+n$895n}Z$HTxSjSLa<6irO)wMDw*n1WCEfrFJFfXbP
znu>B8P+3k9|IQ(!9hlPq!u$pJt|_UPT1WvrFf7Li$WF}u0tlq%BL2b%{tb@%$(3<+
zW^G~2bkT~F#&jMWx6F}I>&w>LxR*UUOlyyouyQ`1MPgJG8mB=UJuc=2QMX`V%$Fhi
zG-b^gwvi#*!mWjnk9(0P7UIVeEz=1nq#nY+^z$dM>?dgWOs$yRvC0IzHh?L1AOp4i
z8;U5_k1=|D*9mZch@^eIA$D*F$=Og`-54b^ivSvy$rQ%o4%Mff?SO>($q6yDK1}O~
z{nJ&!Jy^KpixKxy3Pcg}-G;G#<0$*1!{3Cxfb)%m1fE`Yyz5u3F!&`q3P^(GJMGqH
zTmi?Fht826PVu}hL%}9{Ci^Lk(gnEcf}LI9vVX<&b<jB`%?>{W<S(waf;uO+bI9B>
zyn&gS{1Pc%)3)nuoex}gA$k9EOagXUs0FXYoi-vqIUfWDD8AZ}C9qe%>pjBXp0#Z1
z;M}7viLWaG!A1x9Y5^A%!}-ld1NmwQ7o_oFq>HRzMVGgt9mv)Sa5tsPBlu*@2dFcr
z)Ed$e#VXHkQbPD<NON$f<aTR)tM&L6^a+nSP@PTou-n&G%JBIRfJabOgZ^W5xZ~2n
zaREcqu5&yx+srhB7XHhF^S>FENgmtjy;azrp&K`iJH1Z)>5Xu9d6lNm<$OHho8KlC
zU0mhOr&fUtYw)=fJRsCtz`PM=Mp|bL`<D;)KUZW^QE4WoF}7c}&SgL#8KL_Cl8JE-
zH|#GpeDYY=JiUI$WByI_UE2fdxsMP+L*Ge>uex#UvQ_W2B%VwHI?S5*HzIy@huK@k
zb(p#K1ZsDtPJ7jLm_2lTUv{C&n^*FfI?Mgec}pggk+R487qN2Oi5`{DJ52=b1+i+}
zq6Q_TQ;Hb&UHtkWx<O6@ctq<#avrOq(BlX?r}e<P*>%5VFy3DTtXSPJ>``DCpTP=c
zp_3xCZb(d5m7cqy-tiDU<~r%H{5~bN^U?`pxAS7vk~Hs#M@n2$5!N;HSUolD@L07v
zlLD0{?ZkTA&;I)}@?VY^{<*s3QhmHW?wbk?naGNn3tWp_#s1HsH;RqRoXMSU?=>_q
z-Ia;Woq_UW2J*#ob+3NARjayu6##XUjR&dA^6eV@o2JEi_vTey#`5uDTkHm_>wP;{
z%;wJYD&jdEGFva7u86B%YKK*;eoLXp`JJYzGghF1)l=BI?Ak+mXEKAsFO6nB<F7Y_
z>s53+50RT(fn6~@D>+Se-EY&PojS-#o-1ANhQSOPhSW<pEGUb5<EO^k-BPzM)fp~X
z);8>iF7+R$fX>D6Q{(nU<fclJZ;tA>TpInJLihJOT+1GUG-3*Om*mw6c$)GYExOti
z?XB7NKAkOc<ci+EM?JF6#MB(JXq_SRMxh+CD%YWeD&Tjx(nOd$0K=!o6>LbV)<}yZ
ze9HnHErL1}k!N((2}!FGfVI-<gnRx|pDfzE4De_v(ZIs!8?NQ3zn_SUBOU(h)d{j|
z5?I|cVAYC^3Z8DKT+4dvoz)3d8xrm|1ub%}-Xz;gVl%xE?8u|m#NQmPU%52$Q92}5
zbSb1)M9jM-wJE%OQ4Oj^SZfmSRzx^jzzmudk(MSfwQ5eg+A{@fK2~caJhIiH$XL<Q
zrjTBh!D>yLYJmE%+{DwISqG2EaqS`Rw$2Op$Lgde=F~WJii_@B7WZrEsc|)Gcbm>*
zy7o|yJuAkZlU&WvUtiw-^%V3B7<wCwKBaV}yITC1c6xSp)M{IDEOFkDqM|0|mj;&6
z5ndK^_8kp5M8*-z2d?ewMHuTUNH1ALRvSjCNlRVEG8xxos;0l3GppCCm1nIrsHUBA
z430cYjCjj}t-P!a7gXY#x!;(f9(xyIUiC2Nt)0azQU8~`W>teq=hPND$!C2h`>c_5
zB>gYf2fgOc36<EU*fKE88U-aK83Y}d<>4kb-F-qu%Ey$!z@k-4ybVX{>MFs*ol(n}
zq5t%e&r51*(M3&^m10jX=*Odxc;&>lEv^BA8E|a+3xw4I^lAabuILdfto!Lvm~&F>
zd3ukM&wS;sFj+BNW^%J+7_#LtqBo3w<c(nj(!8oo?8??SL{!R@U7Ps?Ui;R^9_If7
ze%F%Vna;kBtgMnL`xRgV!wSoxB!CCm-i)-dLQDXml`9po_huu{fPIJZhPNriVXFG6
zb~$M#n*V#h&~cCXn&_4D=EJbZkEXX#rDJ8;fhO-<^}nz##8|%Wq}VzYTtePLEdIO5
z$FKkJI{QufE}Kxg)}{Pu_M>hIseBT??$KaBXQOaq5;*>uePV@dsY|lAq3PxLmAg~I
zosDG$nh3M3wbm`+-+lLdaJ`^aSr;qqkX<WJ=mD<LJyf+VtO8(G=ah4B<fU`HtMfgD
zT7TK1h1!t7#i5ba{y6kpLQAnGp{=JnSV6_D&iq4>*nT1AFvSM4m1I<d=QiNAi5O}|
zzG<e?)6ULM9j9`YWhmz-<61tq0cNZk`;G8dEnMN&iU-cTQqAaD+EM^*DOzsUUT&Kk
z;h(6Pw@xkALP<rur>HW^Y;rGMg+^WL^S_QS%cXYeV7cK;B=|?c)%tK7oVpsUbuY_3
zS+=(=raG%mUQ9X^+mRjFDD`tFbYv;CWL3uIYM9NbKKy)yiNZ!DKO>A<?uG7QE{cX(
ztocGQSvm%O4^qii;OqR;lG$zrZSacVz}f5$y}baY>?iO-dpO<?DYSHlblyP>m+%gp
zkNr46BRhak-2Z%BW33d*z^*yZ1chB$Tm2uCOHdDD5sUlUfa@n(ks`iHn$^fX6Rky!
zq5ZWjr-%Kun4-Q%{=?b<<*9dq6sL+z6*_9V+SG4NC4Y{T@is{td=m6Yv+uj$Cib@O
z9U(#NKF*Dh2DaF>_KK(LQ(yh=>S`QlIgDz!Xdcl24LhwZYai8_vy%o5<*<ls7p-fG
z&c_1;ycjpyil0sOJiguxJi&Fb(CW4Hyw%Njxwo)vI271xbnJ?4k6p*$1lRO)+oIWq
zFV3_8XKieg(Ab2>iRVu#)<Z^LgC=&p9Ad}WVSd_yJHK`&GV*h}C7=Aw(%p_U`!m?Z
zLN7^4FB4N>wfZv_5!*XN!#pCl>=p>wy0E9<mPIMYKF3#Gt9B+<T~|0x+jLH!{L}Ni
zT@p=yF|4YyV%0}7n5Ss#lWV%HHAL3hf}4C6g1T#>PfjV?OwEmZiM1I>%^Cew?bp|y
zFK~xd?UL7?lmF51>zC-ClUi<n&!ckJ==~{__p93RuY3C{p04(_^><Q`QZC|mC#2mh
z+F{DtVZzh?uIr7c|I^bo#m2VNHGMH;-@dX9jN@H>XPSjrvTOP!|2UI<qmg}3P?Y+Z
z^ZIlwn(db6JwY}DS9aK{2cg;h6x;qjz;yJ_7R2BFU#ws&hGn{NX@aoo6<W9?d9n6q
zM~bjJg*frG!wnca+%QJn@U0nu#i5+Vvn7fUhG?E$F5Le6+xVt%YHR40TQy+XmlEP*
zL-@%BktnwBL{zkAx)a#t1=HpW-BO=&b*L*;(8DcofGmL61{vj@5&OcXp;i2<;_w7J
z?HT>c%r?#Uif#M6c_8^1wG}wn`mO31PhXLah$IDRcw6>!wo@B4p&iJ#hrqCl2Liec
z&my{*7pHGt8^R9$w&v=wppW+X=96=UA^G3(SEnfaBQo&=m6f-1ai%AlugP=1u4}=D
z6G2{kAzgrv%4ovNoDXp1HIbhB%qsUxe>-xe;ZLn;&XuUnn)s6!n6i4MTs^geFj*gU
zK$UJq^ioOYCDwY0A5r%7c<w2+pE~h;R0G-p>`F3GA}{+oAo)w`oJ16-8JSB+q}?23
zTk<oCH8lw`DNi!yPDCN=Bng*C)RQx{t}=~_ABO}v$X#XluP~CY!FDJ2??9K=Bs<IG
zdM3TTJK1#{%1oA&N7RpX`b-uSIW?-1goE$^kfib@uh5g%Kgn4z<QkY~x+1V$c>IE&
zck2a`O!&Yz0D+GwvuNRsKVvr~n9h3v(Jx^rqJc9iqhpe{+g`w+|8?t?b>-6kULyPY
z{K4&_9r)y=E5<ew2IZg|=0kqVf&7=kD*aq9g*@voC?r#bh=hVbsh5nR>_}w@uAdfW
zvGf%b3n?TcjevxK7i-8>LyhtfEiB`OfaFSmWEjuDN4-y0ybBF@h6bjRCe{SCg{ImP
z5U%lT-I-8*By<NHk73_e+Dim?$^(4#I10(T<*^>Sc<!(GwhJEjd&61CqG%&U#&qIE
zs)B&!(EH1gLBKlb@8R-@D11DWKALHN*G}CIG`43g@4n`3Lw{SW*O1Fm%`VkjT<)nd
za{&V$JB-F%9?WtTt+3_Xf=}?_BfNVPfSX?BBeZ@7Q*nMm@9VE%<K%z)GQeKztu@a_
z`uk1csfpZI0_!^O%4S{R9}FMtY_p4X?UhZ|XRQ5!un^&=;Y(AxkBIpjaxbe()4}m7
zta2w&9BKsisT!NgI9-X4Na`JOuSC{4U;ExYJFIEzYZFE~n|Ix8^8ltL=U<k?^UcKH
z9`kNe9WL|ijN?Z7UUC7(ut+Cr-wJ7*=#?Gs^JK#ox#5u!GI<G*UHwRLIfnR&_x__N
zL&k@HkVOS%#DQ7_ar^CMZed8i5>K{mc*M?}A`GsR?unPhrGNS|_LcOM8cYw~$Q)zN
zS3Ck1OH}mm9E<mrs9N2sO!}ecaLd8zuWCb;!oZ)QfR&yut|ok9W2X(V$9ac6r0pLc
zMxJ_j!J&ZfZ$m$PTv%RGk**m9r%ozJ-i<&le_;ODomBLx4X2NM%lZ4sED}0oydE2!
z?=AoC#kJw7fjXtt8mzHin{64(#j~3y(b-7BlUtGe6Uv;=kn?Im0h~D(o->dFxd1ER
zR{aI;5Y|7F=F5ThSK#1jDcAdVfmhy1VqMcz(ho0f`B%x*TZb45gUKPzY#=AWp*u=3
z;p8>xcoD~`Wa^+B_cf<$=Dmnyrpl%FvOi9O*f81PQ;R_d7c@Wl*-PryrYYNHEk;sa
z4$_M+vDr21?zj}1w@}MfxU;uxJyXV8DAEVP@l(3BN%kA!cKfHq&>~u-sR(|aY4)AA
zY$IXwA@aiENbo=dhqCkbCmHZVjgGchE4KYZdiaArFOO=pX6G)<y-tXMSABEvxQn=N
zjVqSlxo{Gq!N}pIa@+8f@J(50sl@P902C*sa=pfdbw{<GCJ!Ta|D=>7j>7bifl!G<
zmn~in^4k3&%BAh$@W6oTDfRYb-{QF!r4#m-`z@!B;JG8-IL>WXlcXPZX?}g?vw1L$
zZYdz!4v%cmi_$-O|DfDPyBjx`HG;9-%n|i;Pe985jQ4L&N@t1Uxci1z1V5RvuT&{t
zOGa92?5-@2P^l+y%g>iImo=u0pg~Hwu>eT3iS!oD=D$EXXg$ZgiQ@Z~-0b{IzzW;Q
zHL=nNxM%e3voXoNv1*)d6BVL6<zv}Y^}voFsp(DN>T))$Car4Rh93p$Q{rlBpJs@n
za{SPb*!eAd%a1XO{!i7oW(ka$UtDKLQPT6^PtXf<eTukN+U*nyK0l3@M^uu=CnAWx
zdrTMK%B1TZGw(w0Unh>4$s{%56Nbd2ZHJ0mcLfkS_+Mv+zDbu;($#`W;HP)?@~Dt}
zo0z#{^wuZJlr^3aS74|f#a*}DmEHjJs`?RoH7cz80dq%sxT@(U4sZ`g={mcC32}|k
zcr!L)k!|pI2cjKH(`I7C;$$F?Pvq6WuVW^;m|3d{5B%w_$Qc|c(l46x>bwPIe}vIr
zhmK1$U&1IH<*dw;$a6T~NyK=ZR`@~B<HrPyJ883XfFb4*3;E$&Nv5LA4!?dZ&-A4O
z9?y)cdmBDUOXS0XY)+eWa$CaDco{3o<Gv(1{VHfVWxshO4$Za>`hirs%hP5UHCxoc
z8{hdW+jQqPv_UX$P!tFy3PN<agYhVh_%F0>3rj@=OI3v7pW)h{Em~#Yups$TdnMdk
z$EZyUjk?81Kt@F2822R%`uA03Y&ApLl*esiP>E>qSo@V4{8yu*u~$`@;m$n1D~)XH
zHWIs1rr9a;Y1^U1ZVt_s4tfma4?5zfbCs@<q?CXcH-O6pIEXIrIH1zuhAGxftZ#b;
zl*PM)U@(mbaci?(u(qrvPNSy&J9SuXNVmUf6y-U!z(Fp|;wDO5K%>t~<Oh0D;9?$S
zhzkKp$m7%{(ubFLTc2j>?TQ&5em=At!0i$#iiB|^v;YWM8XO_%p&H~$5%LR<q&TN;
z0GK@RtsnyWK?uE7j>yb$ZwKq4NF-ZHCUrROR@0r}gH=|kygWmOivP9~Yb>j|J@pEM
zf~hZPIPy*0P)_-gkezqvq}23b<49e3-q4*hTj8xB=Vv^Dpa#GBu#&pYFIwgNP;}L8
z#PsKpeuqZ$V}N~7?l>xT{-ERl0ZxThM9x9+laY~&^!033#2*P42F8B{6@Q}Vr3Yc(
zhv~_2X$~R?Fsx{N`#JKSEaV2{)gm^3EtEYO@LTk_mpv&P3UhF~MZzpb!U&e}TP!ik
zQGeX2&#rPE(dBLG%ycFXNDUm;;`Uo-XSM^`FTl<Y2f4gdY<?2eb>3Y{WuxUfhkr&+
zDfYM3b5G;y=yJ>p!f>;OY2gZ;KqO5=i#HhfK5~iZsWAARVoghLrNW3VXQd!E3bwtm
zYoXoMB&3x@cZ)X=3g`?)h)}$imG84KBxpBy5HkhIHW5j^Swd@9EoN~a2{Q@9!s?A_
zb!Mxb$1R(ucV~s*eD`>U0JAJV>%CMk1ILObmC(6;mRG3VOX%siTs4lL%Nbl07nJGs
z&B)K9&A^aOfvoTb<zNV#{6PE>aOpH&nOqdL2>y~SpL_z(5X5P--0lC^Cpq>19{|Ka
zJHI&(YbLt`hvgt9*W2$CHs2Rqhc{D~OPyTbyid4tpI~%zFWVHBS$yG-8U|04#h<W>
z@AiO@_&^k&qKfCR9K<aC_yfYR2cr1?s`#+~Ig0lOg9{8s|CXf)4Zh!G0I5x+UZ#Jq
zLF*n9v}&So&vpbuTTUWFz{F3N4&DV#q^xC1b>n_9LI0B!GQlvHQ&{FjVXdMdQ_4j=
zBqpe8x}fkT7<O<9+np3lojavC&*hwtkI~zv3!OU#hNEBt(6_1TddImw$LPb-)v<u<
zSAgKAQpCv|U|vkn%1OdUcoz&;!7Lx)OpRfp#w;J<HI3nd#t_JHOdsKBABG`5%<>U_
z=fm*14-=7so67L%GUfCU-boie!bF{+wa)n9C%^{I0IE##@)5R>HClwYNxEY{WSR8&
zB?t)fFwT({jtCIrL|^ck2|QOSvT-QJ=b=7Adh#&?MNOn7ENbFWpNTQ7kPC0bV+Ka+
z48wE=?diu1<mn6t_>Ufs8R+QC(88BNpY)i4@&*?v1L`|zD+4wuhSi>|!;e$+<COe3
zg-Vmm3l$urL~&E%$<34)Hg~e%=7Pa+%n;lJF$RMPZdNgd7ntB?sEZ-lCAop8Ih_{6
zav#Z!>}^b?6gM+snC}#UYjRQFkD-R2;9`#-!v;UW#jG+6X=OMU&K|7ZZ<!gR*PkN$
zu*s;uC!@1t*wa%U!l*f&No*>`R>*t({1|=p6fvENFU!!fEQ7J2h4+|g>Qsi(sYpIy
zs2!`nulTVp{x(%l^>BcwSmTsCKyXV%;e-aQORRCn1~9|CMoK~Eae(w#)^DoQle4HS
z!-BHR^5jThKb7+I<m@iX@K#x-EOs*$6#IV~v~#gW=2STcDa&w-Lt4Qyo2j7V9PqE$
za#yB_(2IA<GF&gqtk8=|{tWH?83H+&8G3PvKf_#qW`$n7=g)B4pTXA*mMLfw3OUVV
ztWxka5pJ<_07It$hCu$sbPG-oU>Fym7|*fC`cs-2bTM|CVEpd@hCex^8FVqvt|13J
z!TesGCW0>d2QriiWLD6{W`PV%`Hu@>2Kojvqy+L&?UZH(U7Q`rFf)+Jpo@nURhe=I
zUHpEU2)dXZ$gr6cy;#S<mw^nQa}tJcw0qFSg(6I*X$^gOKVGK9oyocWJ=U+obfLfn
zfeil!3Iz@cVh9QnsuLZ=&@zZ2kmFcd9K<jnNC|DFqMFO8{t;_Tm@b5NIEdj>4ryv{
zwgSxdtlpooeqT#g{t06EJ4mn+7|h@wELdp~%+NeoXz}1+hJL|JDBKa-l5-~hjy3R{
zP`J;68U7Q@;7W8(xJ^Te=IZWZbB|G=I5w#5bHY&G4Q9B*DY%+@n%WA@Ws}L2GS<Fv
zK?@{>+93>KAq=kSUKAn}g$PdyfpI}!ND7@p7&>tZEt-28>w(Qx$bCLR4vo{VJSQ3;
zJ%nLGh&0wqR8he{YtZV%>A^G9u)terr2<Ih01<Jl#|-C~x+;WWMF_KoyFd<Ojd@o4
zW;B=Wo6+23bgmx9cFhp&`*8@v2O*+;?}jkk3=!?yvm8UGa-w}dD97+lIcX~-Mb%?!
z#<9~g9%U;s6*rll+=Rukn3;l`I^`Lvl^5JBEYC2nyx``i@(kaX7u>X~zz|<Sa<jmb
zo7!<~%*;n|BSp_tN^w&+j(sxIDdpW27<N<;Ts)}2aJz!wVsu4@Ar%?WlQ(BJZ=-r~
z`pKDY2Qjy+M$G2`P2%*jvxF*qSCQeHio7GoJ5<5<nUg@i&DJj(w5D<FKOAfENg$vS
zgHee=n{^VHREc3c|1tg~@OCAJH!Cp&avXi-Ng${)L)pq=YL;(v;#ukcO{}tVmYAA#
zuFTM>G6O<S39#H*x;lPjt$yIzC|JHRTkSYpQ0kk^d5(<JZ_1jcS7sPjnJb)IP0iKv
z6UyjttafpF&Dla-c2;J1gL7gotAf=gRXzuNI!@1=EtXZ^S7!L8GP70)r(3Gfqo*A!
zgql?tLaQ(s%c6X|d~VjU(ne~>F7dPm?YEeaS{dS4Y5yt=DOH$ttaNP^hF7XE1adI*
zSZP3223A$bxslrHvI*M9N=s%7IX_dC;pwVe&M^WkI798KyAH>?1%tns0Zg?8z}fpV
zCgh_G9e(#R<V3|T?N<$2!Q6VO8L}%@-~_T-NC26VcWkwbb05<<q0FibbE`6I1)rrh
zpS<7;<_21X#SCWU6Vl8_^0NPp@vAz=IfHqlD#P}wVg@6DT`J`{gZZW^!&g;JOU#?T
zP%$D?^7TC}B~D*4M|6Y2stlJo^Sm3}P&hX{m{(n*VkkrTPzJ-lwDq#t=?c`;E%&Sj
zZ9trUQ<jzx$`BJOI$fdabmyG=bkjo_Ci4>3dUU!assuzSD{xMO_Dr1KZ>}gIH<Teq
zmf#yDOGrHDDB<5whQD|T+oOC+IseZ~sGv$n=Oqk`(?5_UgjZt-t0qdQqDshimhfyf
zh5^+WjNB;i-9oXOsY=M_B@BwwtIZQ7tgXhdQkKw2m4M$IB^<BDaEzC5D5|vGOkP5Q
zDk1VW4cfDD`W#t;e|0{th!PT238~H!I#y?BTb;o;66GD?*(xDfm5{|t7#ydcl_g|W
zXULExq^J_|oF#l%o#6m4;Y3s^8xUp*?W5J6FE622oF11cO1M#-p-`3};SAt+M+r@8
zFf^>e;My7Owkc=soG8+fziZHX$LXsi=`l4JhSw0J`$wy-b0_J8H5m4D(ktCao4S{#
zNXwMcy{F=I*L<maH5e|}5V|)`6(dvLx>u8-d`$+|0=FXBA+fIQngP_BZv{M#f-7CD
zvCQx)`AzMh$nEB<pve2ha_Fr|z>xX6Bi_;?fE^ZJdrb#sSxEZwL_+8Z@!^&EYV-}Q
zAm*>R^PMq(g#9}>j}Y2TK;(Nvn1_JVo7wgFTkzN%p%+B<UAr)r)Z7Lw_q?n!Tie`@
zdiaEyZ7m;E^h0Smd5yX~Z`a6>-YexSU7KPbGJXlA-EMv9d2yT7K;y+v0^04CrVBN@
zwnb`ZS?NL@ze&1KZ?~LqF&5ZYlOd)i6E4)-Ef;aTzw0o3Rfoa<Y9^o+wKP3(9qTeg
z)@8!4dZ(r7SADu3LxXxu_*IK7$hHv-aS=@TRqwVm-H4YX820l_)2~`$WsZHEq1oe1
z_*L&&ng2Fs*xQ&1zv_J}b8aL<Vk8sZ(g#-Nt>z4WHD|(GszsTZcb;I__5>5&QXeaG
zT{J_lXePX+x|R839K*;sCcLG-R_2yA40YQu;Vm_y%o>eq&oHPx6W&s?GJ`rWuntUk
zOPPhfs{_L_o@shZT~VgD^m0dr-#aqlE%md|GdeL$@5F?+w2YPcO(%xWd8X+tEo)^q
zPGYE-#DurhKg#r$cIwQ~v@;Xl(f|u`UKfT@U6}BehQtVO>AEQ4E&U@(KUBx*Ev*`(
zU#Kg*rTJfL7`sq9P4+|yZ)uF1(_~MS@RlYzohAqC$(evm*#QuvjAjePl<<YF4D-7(
zfK_i~J52^H6i$;Er_&_ScA7MDI!&^_(U7o6I!)e>GQFj{x-z`cl_3a6HT<?vZc~34
zWqM1`cV#%&RScrl>#OnksAhs#6U=T5q1_majSWk)#O4Lz`sz8LZ!~BJqx{M&5*6#)
zjUlBQlNW^Rt4Tq94{3Z5WqC_ycVn2z5fBu4R73m{={w1ba`Tq9S7qjMZvPuqzUpG(
zJK5TeVRJX;={q^ojp65R41pZM_MPBc4c8V4-%0iE3>CUFu$20??<9Yby6g~@Uf=ee
zEU{kzGDk?uTUyf4-CJ5Jlx5zgDse=9t3mrTip^du>`q2^h8f*O%gj)9P5stk-VStU
z*w>xGINz|esXxbDQeUk?cnP0Hv4e}n+NH2NLjlJg-q3sQU?Q(o$ax(3a1^^KksJ14
zsMmwRXdmG{#WZbYj;fnXDR1eQQI<PyXb*-|PULX?Qf85f1$Eq)zjKyIzo!;$drLi`
z_($a}J*?pqg;g=y_LlmFD{tvx&HQ9}OM@G@drLppF#JWS_${M_w=~I3@mod<Z)vhq
z@e{+<qAT2^tGA5S8@?#?V{s3Lg*~|9M?7vTe%}{`;wL#3KUpb$_Tx^)$9Ec<ER~Ai
zD%$jx?(4y@s|Q0+>USD`cu^{TVzlWkt<aMpu&3x=;~rPu((g1A#B82nJsAe|WN__o
z?By-(|G4t;ag^54tVGsmZ%>Ato>JpeA6I)lk9&xrO|<1L{h=qr_dQLGFZ^7?t1n57
z?-=doEnN_<wBQR3TBqoc>q~{k7x!ei)zeGk6OtL4Co=?c1Y6^CztC`gsnGa$k{Na<
zGq5G$w#I+DREA|o)b?;&<Coe;R;>w#=_^G;FJI}-aP<Hw=QSzX=<|}$?EA?K#mPeS
zIjT;<Uph29rWZqtUJOP|De5I|@v0IMzto_0jkbKHlY22t;Fw7bN*k@e$pCU|tL5^i
z8nnt$L7%@Qw*PW^G3@Nc;5t&<a|1EIwpt6-_VD&S78S&n2?~GpVmQw!oc5w{K~az?
z)fFC(3hFE=1oUPo+nd2vSle?8vU(lKc^>CHI!d3sO!T@Iy&0PKmRpcXb(Ed?jQ8j$
zeZ?|2e_=`;)#W)r=cu5=FAIO+klqaadJBKy+1?B%dkcSI|ECywJjJ`yXTo3j-BS!-
zJ|+Bx%~BX1PZ66XvH+J#IsJtVUKX1r87U02Qn>mLuVecQlV0}n7tWA1T8J?(JMRcC
zmHxuaIu3tfMufv(7~a747rt34vT>^6|KTr8s3UDbf@ghVqgdE0VxMzI3d8FuVxJRz
z7_Oy=9mc(V7&i71JB+jYGK}sk_c;?hhw%6)*87!5?Q<q7ZW2AYX%)rxN^W}hV~FY}
zxS7?TVO)Q~O~lg-m7W&d+<cnhkEbO!?LE0^6UELwk{j9Em`W*b+D5S!uR3>KKN-M~
zJ3w$T?iq#w&j>DJ2Qt(jDE);=bv!%;?V|L4ue$jQlRX*j5XD}6^-=!91xjp%yw`V)
z(!Y3B81&+S3^xWc7_JEKal_Q9LrSM2xydYu(*J(d%^i55jvAji0HO_7mK#7pgfbeR
zYtSl08x6AD{Ds}ZmA{Y!#6`2kS<c<I4ucrl4HCO;64+0rJa^m13}Q$dWbU?&SOSFC
zmBq`H8h_SBhuq83p*^<*cy$oN%Yzv71xtWW1~Kg8Kb9{6`ajFi?O6tW^Ae!oS%!1Z
zG8l~nu|6|Rfw^9SD=gd<R!_)0rLNkg;^XwDXd`a9kok<k3{wX)82R-}@zJiTX<&F=
z<;&v8o1@FU`I_)t?i<Xocd+nW77S*%Fqk2bgPESohN%p-Q-$YpX)42_RN=XlGzs}%
zTAs_VmkZD3;Z%maRE9wQ#q?bI3}GlvwOy`Cgg9b(F0U^a190jPhG&OJ&*d^z>&PRP
z=d$x_!gINB2*V3Qgy(YC5Qd#Ygy-_RAq?LRVF=_nrswj;5Qb|*l;<)_QI#pD=klf3
zgy*vAP=?Awh37JHC`0R^3@{4oyL&F>5Gbd+E9)woz<GW>+BpB3XsJ;{8HNpIFfNp)
z9o*nwP%V|kkwatjjw^)0-!_zC(@<gX3zP)&k2nl|;ZTMGUcl6dhiyidsLJCj4O+Dr
zeWxs;;V_1J!$b+Fr?l)VM+w7+F{BP-Fp?u4wiy{*PtDbM3DsltGAl(1n};#1mnBqC
zC1g2EI5mvn1TSG=#KSg)!&M1+yo4Gt`Z!rax#0|f!$k=Zs)Ryk3EhS>Bn@XU(jp$V
z-5H}w2>V)tRx?IFCQDc}oZ)#{LV_wG`D;fBdBYhF@e&S4Jj|Ptp;q*nyoB9RA>&sG
zZ%XlShFimhHzjTaL*xjCKn`YlQ{EoI@YV=1LC8>y+5~NHN|#k)f^csH!`%@K2wft;
zo?T^oQ;t0D<xM$UPxj(qz7~HwD#UNK)0=Wsm6rI8<xSbU%FUZnAwmMkl$ST9_DF`X
zk;0o&L5=EO@Sfh3^Y!G=lg`WDALTb{wR3z=8p+Ucq!`~NuuG*p$M^9g8ODxevgxxG
zBZYjqS}{idYPD$kl_MFlMvA82uHeFsIhy|1NQSRRG8m^DJj~;e)j*xcIHo}>7o&%-
z5hb`rG5C%WB}g~}sm>DGj$&v%iosRTz-y;FTanJ<q|3+XizMl}qZnpL(%T!T@xw{_
z=qQFGqZo{$2Hw$ktPSt|ssx!*8{QRSbgUJn`KB@Wq=^mhgQ_%{^4jojkj79yjT^BB
zr7Ts<iGNNbNkyiV;r%E&sO?%Y@$Zqw&@GLxHye2_9S${;ydUzU@OgC50!d+78p9M$
z;jkBlql$t|shQPx(LrBG3LDcH)^iFc8hI{0ZZuNMCcfnTC0f6-R@lDJ(ir}mCKn%J
zjnztt1D=o8gV#w7Gv|vH8cSOtQ%d!Jjb`K4iP`JFX$*g*iP>w!XolLO#k_IWXojhy
z#k}#W(F~uBma|t$Q5nXw(QNa&N6lWVC~m5Fa`Rg>E0)}Zj$tS_MsSlchGF^`!OgKT
z3`fQYZfcBWs61A3Q{9uBKcZQq^^f943XiFj;^wbtmbu<JmmW8kVdPlB#V2DK4vrOE
z1dL-~<Kzj3uzU^L-_iP-^=`*d8mV?l<^cahvp?O)_aDd5cbp(UcN{~;IEFwDYnJim
zIEF3bn4CStC~BFU+LdU%_69L~xG|3Xf0TW9cvZ#r_PftMo0%aYg%UzYLOSWB3MfdF
zps18kr345N6_FA<_lg*=s9Y~1Dkw@ZQUe4C5Q;P-h|&qYLqxzRsL_jxg8DtP_spDq
z&Pn*)?~n65b7s$)wPxmB)7H!y)Q%xAcBObLr+F-*P?fcu6W6vS$7YLT5gB6%632>T
z5i`aTOdl(bMI0VWuxBiRAEz;oMP!U4NF65zm_j8`VT$*$h~=}z05fJB!RT>(fEgo_
zeKFhS`9*)bYXi`nRIgJJ6I0Yw@Q?=Wr?$G!98unP#}T|Wj)0y_@jMkVU4bo!Q#sq|
zS#yLE?Hxz3n+rmm(JsT$Lvxg^tRmWGD+`Em*~-SxQMR($7?-VVni<`Tm%yR*<|8;k
ztjn~tWRA^P79c)sp5ro>brW%C=GaYP*5=PtAf!Tk|8b7((qOF1L=`z#tl~%6%vAsO
zbYOca*;UwfbCs1WEyZOedw8xcOkC1NX2^Q%WzA*HLLjAk9-z(5G%Z}!&8!p~eWis<
z+bAtub2G<WZ4cy+C-`BUv~bPMoXqL2Jx#FhX=%)wmuVWaUV4_`foBPPUrYzIkF3ZO
z&l7y`yfjgjWSUl<$^Rs{_n!p5j$}alIMXz~M7&54^df=pgxP>L--_J+BEiNNr7diM
zMLuT|!JtV5zVEaEw1rmW<1Z7WzbwsOi>$~mULlzGiZpvIwj#&9N-*M8Y4$3$A_u%i
zaQ#(j_F8I1&U=F(^$ltET4qIdeT(4wG->u)Zbe>xhv3b3q}i*?5`MsY1bOdCv)2kM
z^6U2q&b%khUMnr~Meh@gd|#TqR#}n%{*a*ahtlj-o@v^`2G1pUXs)zyt+w*KYaW5m
zJZa%tlWAJG2A2?|lt>HLS}WzN^9dfFFD+cBv-MVY4d5KJ^u(YJfTm~b`<mM=TwiDF
zyIKkhSI!m<eM;m;_l_)K;R<%!=-!bfEL;)xjqaEb*}KS)8k=`y8BI!rdOxy|VB|us
z-er-ljqWZbCbWHZBv@I}nox(<+xEXY6!cQ0eY?A8tA?15<#zXpEYr?4Z6U#wg#`Xp
zTQ%%1k=xy;vrIeJxrGEL7K$m<t`K$JXsc!>u}m6^2;vqI7y}|4^>`<&2vH|VIOWMK
z_OmSBh(!bii{!5NmJl^x@vM_mS(csa^+g1)E;4t$u}wqie7Wmgou%wt=CV)moW4zi
zb}@^Td@QDFYZehKTO>*)(>YPS%{DO%T1*hIn9pj%-AZNl>!K_7Z7DnDh)*?WUuThX
zAB(QMa4|svC+`~Jef+~D4pqc?ocK}}37Id5=Pf4qkP~-^sAGS_95h?1L6Z}IlSLku
z#K#vC95p$&^q!8B>!P%?o;C3DeBHJ=|8}0~X&`X(4^~f^7U@dqGRM6=!1OR6Qz2^e
zd}$_%%r;Sur~@i0TSk4Qq8^Y@*HzRI5#>L9gNEz{GWyAEm)R*eSY1TgpqZa6vs2%2
zH?vda1`P)nNNs#ITbP~V-L&!5Y+-gvvuk5su+&BwQpkHXTmN{0fa}f01ivrl+E^6f
z(#FpgSR>|tN+<E5|3BrEKxaj`nVPn1_+X*by*IN>Q&Zd$g775-{sr4L+`Ulh-t=tK
z)HG!Y!M~OWl<tdAE2Hh2nZ#`D6H5pVEg_&;QC_B|jS*@;gOg0lCXX!?rHCpeh$xjx
zR~ex;7a}~0{#LeSYP!Fapi8M`T;8bRk3~}H-ph6~HBAjxO1Dvi_I`HY&_%-3G_I6j
zbg7rAsl1e6aVdcxCvcgXsyAxrxk#9rVwV!MT1r5s2fIv7DT`d5rOSdHb$OOHk!_ip
z`nK{iHI)Y|TgN9Fv{~6k<s#8RJhhZy+)`2X6{<`*pV&HxvZVy2O9_l_t?Ij$SEV=<
zaSpSyEmPB#r34o_WkGlyYfjVDRNG9=JS#M4TQmLB7K@cu#4>`=WdzhW$m_IwkUH%i
z<k65{X8J!Ra~QOYU;xh{)GLP=l|zhY4u>-RD`XBYFC%z~=a3xax!TJMl9H!!$<Jl#
z=N8N3yUPd`FO#diiHcP*Pk1F$|7)?EscA}(8g6)kA2a>ilnPVRv1J5%mkCo-pXCG(
zEElGxJ<AEUFDLNhG^VL3wTvLHOqiOcml3>CCMNol0aYQpscFU%G0{I$MsTW(tNg4W
zm#Jy(5-(FzS&%X{9b00z7X4eAnks^9rl!83Hd9k=sLRyUxU?=}Be>Q7VQMN0k|Roy
zXL&AUlK+&71*vld!Cz%!K{{*&L9Z2Jt;SXo+*~1+f@LcS=B<<qQkkP#kbad(wwB&*
zLHdl6<{3|EzRn~qmI`SGuOhf-m5`>WoM1$`kS1g`pS=lbwyq{vwOUFu!Bd*cndG6R
zx06Pqji`{4rY4howA8+SEm%X)dySBy;aY-QYlIXl))IWQR+^e726=3Ve4D9nU+QLR
zn(Qg))l71I>FrES8&$PUU&oh+nR@y%F|v29Ah@@Jz^G{9-Q$?*yGyCeE>HEnmFfTV
zGNHcjRuH^hK|rg#I)IZ(D^Ggn&>+iyoy=iV1;Iw1L$y~9H7bW1&m01>{C|@<d{sek
zf#*=`)rB-|t}e{*DhSQeBbJLUgsvlKuugU%InC9c^?D6jY?gk{a<?v|TXR_-MLa=j
zmj6>_q6^7fN078mbRo0X5xl!jbRmDQBlv9{fgh(ayO5FV2?nnhUC8eB1fQ-KU5I2r
zRmk3joLDZpkUKXJwA;YDko@MZF67tcUR_9$EYa%-E^}S75aSu|LMAkKbs;1^+|_Gz
ztvkIl!uC%2#HjzH3(0CO(U;{}p71PkpiC(3$PENTHVCENzJZ{8gHV@Q8wp<9DAeVV
zPYC*aB9&I=sB|GBi(tj=l(wCcrk$rWQCTE^g^=csO#~5}gft1837T(~w{tcVe7{*p
zvu_K*rY*{L?kP=77MXTiX(ZZ+3Mpw?XOW95>|MwQTM1s@Dx?^{jbO+&Aw`Ez2@*e*
zT}V!Ik1ixWOE*@!bs=3n1x?H%ZCBo|3z?{@Esal>)3WquR*Ej<=BEU|eM(?74f9^B
zS!NEUQw5yZH(Q^n<S{48zG|ZE3JJ-wvW-0}g{Ed!5~NoW4<cQKRHsmsZTu~X22>LC
z=R~H}BR^PHIQV4pjchVxmEG#`VkN-~mBQ*F6EhX^w0g|1Bq*sQa>7qrNRebnoy*yu
zt-rHMi1cM8!Olu~=P0;^>`==2jP6pletnggGyYIX@Li?6I?+P5YqfpO82=eT%x46~
zrIz(xooJzErJFQpm$UW$<$}YA&j^NoCa+GkP_xoaHV$(>BbdcG)V8e8($_(8DB>Kh
zWa}FxhvT0S9F`n%6o(Q!hk)$_zS{|mTP^Fehvq2`Rh+{&*?P!o!QsK}1ov&1S0@w)
zY_@Tjyq%z!bD*Jh*%Hl1G8Bij%^I|tY<;5Sux&fRCdpxx;!t4caAP~cb<Uw_Xnhxb
zCMXWmIfrkv_4ATL#twqi9fHF|#i7#9VayJKQ9B5XsiAdkip=~2sBR%~TFW_nmKFHo
z8etDzyn|r=4q*?yvV-944gx=(%(RCN{+yuS=VAz|R)V@RblF1(tr0`e($5K&d`^In
zYa-dWH7<K-ex#Q@G)?XH6mQX>?aT^nu~yha8}RS#)b^DO1>4M>H#uLP_Q2-^`#u*Y
z&vt50#*4;f@@&XcW`(Pb{VkTYReUvN%X977@ULHH1+H_GEnmr&Ux#e(uNAUg|D51w
zDO<jhE&u<JZKIMcV5^&K<}fieMD{CFLp<7JUlt3j5QA34PJ-Z_V$hnhlVH+LF<j6u
z2yX2Z!^L}F5WMk)9JFSHc#H)HvRLPe`o;p@ht3L-mg5{Q>(MOsafQ7P4f&EF_)F1;
z%EVNKJp0g2UlMfuQdy2iwNz)xKh>a}&DQ<bN#pC61S7r_=Fs9W<*!GC(mc(fi+2$$
z+(lq446AEV%()dQZY7m`X_>7*DY@<6MX-C9P|0Uhx~fW>N|N0K`fdUvKD0hN^<=fJ
zhR-x;=d<-AlEXc_2|Df;9HuA^X`k6Rys(?#dCnm>w7xrEvlNE{&f!9~p1NLeSht&C
zwd62IahPuB@Z)ZRtGfy4$xts#_?R%Yjl;7(ldVseStslvh}|PkEr+RfwLR;RdkBW@
zAuuZIm>O6^=G0aa6*8oNn4fLzTrY;q*?R~+*dvGjIf`hGCsEgI;}1zxxrbnzA}Uiv
zWu8P4*+!cUg6Q%dg0DFd=@8_y2Hm$oS%c8r6+OfiT_U0jp8_VD(Y={Iy@%jIE1TO4
zX19V}ma)<e!ZMcA!1Cb+A}0^Mo&!F!IGBDiNpXma^~nwL!j~Z}2kI_XPT#s6SL$;C
z?NFL&ld9@t5yb>bn^eLDX_GpX_Q=)tz?{7VbT2{ZniMngMNW6*5W$;=2tv(USBKKx
z=aD}hC0KQoz}K{19ZoY1E2mEoEIdKryXGT6JCbG^suE8V)Si;|qoY>JZD$FdIxFo*
z$E?U57YNo}koKb!X{KSNpqe1RTH23JT9M1D3Er!g_M=l4`J{^kC%=;RqtjO8z;6kT
z)kyo%87tD~M}jARkoKdqR%G8_2!6dT?MLU*Osi1%?*un)Nc+)wi~E*82$uaJO+^>1
z$eT9_4&IceqUto$RP^(o1iSu}rlPN`lnziF|67`hUd<G*4NlF}^9EWiWZ8~BNf)-G
zt{HmP!{W<1A3*ylU2k=v7oa6%=>B;v9e87t+^+7EPOR<fQn&5uKIz2Tt}eH4S6?3{
z6-0*Agt|{U$=f6p<d8;jP@{YfUFh1bp14Wek|?#`k|<ZVBytPwTi4UW9O%1QZe0&f
zZ^p&Bp;27dDEw=~9Qb{c+`1l`?!&)kI4DvbRP;B6%J)Z@!%Sk$kQ@}F92E3uq4zC`
zLN%%4B>Cw+QJY1H7CI>AJE*)RQK-7pLXT<~lI~*?>~>Im$qC?J+0ua_TjbVtVR{p;
zMbciBQ=m>ag*u=;n$8YxmUmel6xU>N$_izNR21s49p}+0TI&=>Wuc>vSHMgsiUm^G
z63*fAbmqH7tjqFrif){G>WDgwHXRCFrkFdnxEXB*xEpO27P=d4?53S;m(iwZi!`$A
zPZ#ExS5%adA<QvpO&r*(qB~}|%rP+!%O>S%_$SjGWAq(d$Fj!1xTynAZj~@!m?2=k
z(GBJcGX%^l?J(~!K*C&xRQoQ>AZ@n_P)yM&Ueh_ui$=I$K60yo`9?d;D;3OVjc~Kj
zggJ2UHVN}jGEA7S(kYhf6#fNa4t%p!!hB1H3G;7tip#pdMZ`#Dq2ZX_l3~F-+DXyM
zNnz|Otj{{?J5tRiIOV1cpMY(mV1u0$1Dz7>O-HKz{gIyM!7?ng7dt5?IZd>eH*;Xd
zrxNYkGu+UAZGhq#<bd{h2HU+&pnZvxVu6zi-<=~R+GWV=AX~MQ;yf?mgpqYEYD;b0
ztbJr{X9jEVsX#t4D0G9ua1QrgPMXAYpi&!7yeorsmc;iM6dgHn=x}ePBQ*nD$}sj*
z-OGyUQk(pd?rQT&ooeGBKphxZDIxM>hH1om!Jv5FpztrE4m7Nk5c%1{^E!iKwILu<
z-B(oub(l%4Nu5D)m6xKRF7+`X@_Api+UJzD86>k(K%{j8ir5BJtWEayRg*xT@TUyR
ze%Gx5#e)q@SkzJnHh(5zaU;V&*WtPxdQ0&sU=C=%X9TwTOxW+9Za^`<0rj-st!qHB
zya9zDC$L==V-5s-ChT{Kgd&De5cG4|@4l~eT@DTH=W#hy&akE`172vpmjN%LpIZ5H
zVgJZ5Uj9sA_<2I{G!fMv(@)(MYiR4SR}+dAgu-Z=U&o5W+5%A=avD0I{h47I@U9Yy
zZ#ZSw!FA}ge~ym>Q@2Z)49PTMl0+#YDTRNDj|1u3B}@u3O_<E56dzI{Z&g1D6P}hQ
zF}XSz#b1=dn3Z4G){c36LY1_LQx44}gSHEp+{q}~G1-%Rt_mhYswWwiX+dTfqZq<W
z$W-|_kg-=n=Fv=l>%n0QGPR0lt*-;xW0`@I_6W$l$0+{AsP!J~zZz1EYe=mJhyUqA
zG02Bn5UTN|IO<E`$1^Y=9NyE2VtpfOy$5`~pV}vB<S^d@F8$p89`Is6iur!jdJp)L
zAH`Weo>wD>^&W5!e~Nqksr4SPZ-0l|!&#x9i}!#p`cs_ur`CJGEdwZ81W@ZeU`gUo
zA^Us4&d<d|SUCX{cLz}G4XnolC`JZQ>&ZY#W_V>F-^1D*K=BEueLBX#r2vZa0aU#Q
z?B}rF18x^ckrhbgd%(2=9bWGNcl+G_9&k}0#W+r2z6TsI$nn3w2ke#D?LFX`ffVls
zT3go6;uu3gfTGCHYN11)i*2V(ffO5gS`#bX`pc#);R$bzi)i(Q*TcbI1yY;~q!xt2
z8dJ1rEPyhwF-5<|6n>oA^>A=E)k0>j^5Nij8&kZ+Nq_kP*x#69w<I+m4kk?~bp8wd
z5$N26q9gy4@FOs-3B}YV)Ot9$Z-2F!z%xHF&UeL5@o@0kCKRii@L9*G{w}M|zMWnV
z2Tu^6uk5rNc3%N#aetdZ`11mrsiwNXahr#Otqb`64y^n_^szNfD2_LwAUT6veQd8U
zR396XFXEs5!fhlp$GCK>mnCUKT(oa~A%(>q1BQBD-nT~3H2b^V&kR-<B>WxFFuqaV
zF1wyCX-cu6snFBQO)1VbrSRivO+D?|jG}Whp{G*^yX)!aUkW|_x*5fVW<pOxgD66R
zgq}(ghYH#CwCqcvr}qR=bP5uBIy#7=Fi7aBBs07+kb1f$h+<Qa(9_F76c>V&o)-HH
zJ#F8dBD=ZL)9QS0J-z;=T~D8EPBFf@)Kd)k|Ikyf#BO@}UUP~W%`H7`z!hcRV2NcJ
z%2Aj9$2V=gTZgGQo10U7(p)IcSIsFdG^du%Gzg|}1`C}@38qL07CQ4tFvZAVp)*Gn
zpGtpAXTI7cbmom<iYdWdXKDt!bOyV<bmoTm++w%e3nHM-e3!~tR^F~d)BwTRwHY5U
zV2`l!t`4SH5lk&B@AttJ-||03Ezr6JMRW^3Q1FIJss)C(pcvAET2|iKEhye^L9H!z
z$w0TUa#?w|?iPLBkrot(TJW+B7~(41S+BC)IYxYTyn?@W+q;BUm6dmhtzRe}Vml}@
zb-2sqd)FSjDobJ`zOeqT!#J8>mzNE<Za_@03I?gQb$|ofs7&L=9x=Uggi!q2LQGdC
ztL_(pw&~TIAr!BNP>_=TuIb9fJ<8@_+$gAHp={mNQ90%WI-os~X-&IMhfo|3;fv(_
z`gSOrs`;x7$rs7AkJ9yFd)4WHnSTIN`l^d5!~yM_4FA9O3Ij~jmJ|Uksbzra+mhnJ
zmK1(GnQ4I8-I8KQOM#9lYRc`(&}D!*vsa*_c_>A*Pzr?15XpYr>oUNU3~@8Sn9nu$
zRYndj-n9&pzt6sP-yxLZ&QNM?-OI!cRLFDdet0OwFwWmvRdwwrb1&vo+rKmP5B7;w
z)s#?*$)S8nHn<K4CuYs5DOouu?w9G`ZojCx?V%LgLPgCv!YFQpQuy&?X3aexM)72r
ztT{Ccb!F(Pxn}!C&Fu`M*b!#doJf|i-&J!{hI-eWDjWDTcu*#JW52!Tz6+zM38Uhn
z>wdE40(=~*w*12>8ilLcs!%hxB96$hnfjOeMQz;?PLUB#VN4uU$Kx3sl)KavqJ$Gq
z$kc21i&^=&aEdXUjb%3-DEpZzp76~~ee?mLakIlI-VPTUcT!1{*Vv|UfvqTfT2YWu
z16`8zJs>Zoz_>oBK6~mEwZ<-Q?11)GroK;d9?^<oP%FW?#--~`Y@D~ZqS)4o!dN)4
zjumW!^Wg?^9#$*ZhdoBb!5NJ^9MqvTY-Qk9D~cPfD6~Jr4crkykrhFq)rK1w7C|vM
zf<g~!W#EGdikT4<MmLdJp!HguStRoq(g4LzhSUn@k&Gsj4vJ$)haxBrMo`d#hdmE6
zje1x)y7SCod`6Q>nZu0;ieGsSMP4~fP&rKS%;6syO&nDshgOjkVUZNH_+ihZPzxWH
zdQs5C0qxZcl2j$2b6+GyZX}g&eXAY05}xq=j3)Vq#2ENwB*o*AVhlVLNpUDrjDa1a
zD6*sYq_~L~13!wQ_#jG*fj>l1)I<qgl?<o~*~h@os)Vk#kEUoF&Bwq?54*;|>ME}>
z@P@3L$#5LfJx}iPF%Sc6C!M<4hP{ls(=Qxhn?6^K_&-iMZG2ej+D6avyq@8+@sKdn
zj)<nnkEWKH_S0yJRs2tnNCW?fp%@=SEi>)UF%&g1RG4XHj%ot>?+l;s4&Cl-(H14m
z7EfvZli_pUVIj?vu@u8&g)|9q6fNR}G+)P2oQf0D<hQ2i-I@vvRVfrkG<86mmO&mn
ztWFr2n*k4d971|KgS>Ir?GVyF&l0_v;j`uN?MfuM5*1P<nx5ekaKwIE>P%~jy{$z_
zX2w(eCtj4qFM-0DAnUctQ;K&peC|DRyQ5If0qT+kFZ%}><fS8`-+noP;>83CV@p9D
zN1?VJ1G=fr=SohzGNZ}EM|Egtj{#c~C^jTeXa|o0zKIkK5-I$6GX2|Qz~DrReu)(N
zFUNqDi4+U@AMH4hkVFxkBy>tLaHx<f+4k|l&5jD4`ezcwgd{%xjS|Tcj_R_vBO8Tg
z^tlAw<BB)3#4OP7xT|NhM(<)(E;MsME6-^1>rpX!f1E@yH%W}%=aMK+BvJVBWaj9d
zm`o9uETk`1(%UjrqxTUhePJ@ih-5DPRFUkPqsmDXy*|Qi^fui|sC@Idcxy69<}uM`
z|4F8JJ(<D?7+!}v2|n~MR6EVZoOpeP&)diBL;sFsiqDe8q)8?wD&#q7s!67}lB}iy
zp#zmy-yjFHy&2?y6wN<{!Y75oNE=>{r;AZ)jE!i{^)OTKa9oVB-BT#Kq=+r|F^Y){
zd2P9`NTFEHnN1m3$5x;@-cBDR5hX)vCfqQ+aoKS(-X2Y%s7evztzRmIZ>kt??@Fb}
zOcmqp>{N>PQz?u&gS^LEQ&}nosmFA9>HeJ_IQfK7mJ_KIhf;;I#I>P_XhY%0lbOo$
zY#WO4ZG^JyYD2NDjZl`(X%rpP1l%gra-?FAx3b)OLcncC8pS(l9Bx%2S^pC*Ww|!g
zr7YuI@kY_`x|GFycXOzEK7p6(wM_l56Qb3&rcrE26Eh>3t^opqZ8Ia^bczP)6eMD(
ztEFmAsBIbJQel1P^dyDDypg26o~aj{6r4w<Q}jz0oP9?qP}(^ogW^^?g^@L)zH@q#
zgMo+^yv;K81Cqnt85DP92t>vVRStlL)`Q58GAQO|P#7JC)^)h%<6}UH%B6^Ndp<L&
z)hQj?s$;<C85G+&b(Kh?9{&yKXM6m2*F@RmruZ_kFUom_Q!@28Pf1^K85Ffr{FB4g
znfBrJh(9Zn;=N1?qjq>*ZXoz%E^U~yn0Z><o2EB8cuGv>wq{an&ZMC2hIvj0bB3v9
zt!ED5=}iJpiySUxQe5OYboI(1Pvwy3nL~VflRh#BpDYTNML`D)^PEsVqs|Sag*c#P
zrIU%L#e^~=iy|#c&KedfRz*Bv$8<9Hw3{=AS;M4a%o^s={oj%9^ZRKrWf_=7(JxC(
zS>|R@yqzTm`jl*n*laP-znx9-?`%2H%N&)4w@dd)I&-_}#vCQh98YQPO!s;HjF9H{
zY>Mx*g*30<LGi*JLYn4nDg4_CX<lec@pM}$O^K&89nyV1xvey^@`ws4X*#9*G&*aa
z{CwS(;zU~^#nbI5o@gheIMI&cU^^<DF;wzq$Vn$LXWg7Jl&f~C<q7Uh_j$@K`|S1<
zne9dPgWFRKY)|3G)0#Y9Yfmw$y&B-QsN5o2I-qq;C#%ki0q#nBii_<jjNB3RjJ+t3
zrJl}-2c-KnI%gky!|$XBy;F?6GBHyj&#|}jofP-nsYDy4&SzAGI-re7Cl8(zqK&$f
z;?X-PjOhj5%g>M-;_%eabFNK;Zhc)RylCjdw&PyYA9fwvdh47zF(ya;!}l22bk24J
z!~0QVxr#qB4Y+bnEPT55tLu~(tr}>PW6B_#9OZ*t=gL}~cbzK>i4mJJndjZTD<Gtu
z*cR*V^<|X!@|forvL)Xo?7Qc0D=axW#FcihcUo~(&CJ}5ZqzVWm0mors<dL5%Tt4P
zK^IQNl&1#S-n_=udr4lkZFwtie?fRFcOvE3V}LfwIyYC`O}t;P$#Zi{zLMwWMx{M|
zwLLKRPKy8BNyQnr$E^cp&)r2)co!9C+(uiG_jI7h>_EjCw=q`a)eaP=c%*s8ZLD=n
zY-LA^WgV$FWj4-=yw;K85|1=bnT@wjnf1M!qTAh6oH8pCht%$-sJNSoQ)b)J#3{4w
zY5JV*;ze-tiHUCNHUD=2ZBd%uw^}GfL??>SP82k`yXN6Y#8+m4G)}cTO@Fak-oEHW
z(Z7@2jFJg`P{0%JNYgJ=i_!JfP82V6lG6{7&JUIE*hbXfJ5l`7iNa{tUGtvckP;z0
zhxc#Q@+m%qY!UH3U%C8=92Ie`Tydn@M&I@;MNcn@_;KcYf8AY=gircP0Cr;!+w<bD
zq?yl)uX1=iFFvQc$MfPYDz{UbEp~hWXhYjruiyW1QNDgZw9RPqY5mw|0Bu+s>uG)S
zXk|eg^Jt~@#{F>d#YEJ|HrAv2CXx!pAM=#tBO;l3I`UER$2=AJnD}F!h8!jSn5Q5g
zZ)2W<wBGX{-NyEw{}XL&@A;2uV|&lPSDN0+dht3<kD75&p8Q(UMw}7bbx|JT@=X(t
zE{bF9hq!#xgrkcoA{tTOUDVOYJO~k<W;&dR6W#*SOa~J{TqE;TLF=@@gbO;a(q>%%
z?QT(}gTIzldUu=dJf_L2>428grt!%@pvk26=AVRNI?&|I%jTaPvl0>?0<^AeqIfc^
zvLCRj2QB*i3(&q!wHVYW24AO+G~3Kfd@0q|GFMV<E%QyPtz~LNGP9PyO|{kXcd52o
zzM5*Q<>)q|mRq;c(PBVLu3SQx2QEorcBJ0tD(%ixTWNQu+Df}K)mGa5skYJ{NEM|W
z91Lh31%us+LC4fbT&2C+UfLXcY3~t#%mUtPFJNbT0dwsIT$(BhSeB}z#WgNknBbpy
zS@I7{?dmFED|-Q3*$ddpUclD&0>;Y%j_<)UPO%t-T#*bCQy%37Y*N+1{4>eSrpXLI
zOG>dyJE%3FC5u01o+&A|dT5hktA{l4#ccI-@x|1~j1)gEuBDHeDK<Q0rP!(~JH=LA
zccj>=>+cj%UCvZJs^JwKjaGH%J#$K9p0CuGttplgBBdEuz{Xa2D?3{KRE<Lpa1Fkf
z16<>j2Y8b1ITUSjC_>GeZk#gQbQg3F#ngK!Ld{BUobtSRjQU=R2k)iuHLI+NRg{zW
zQtaW8X4^DP3FSgP*O}s}&J;b&W@(mUHj5Z7gDkpDohep!rq-ZyR*0#g@&!PPNYQ`3
zA_kp%aw$6H@<E4V<GM(wBVZz+MWr-)?V1klfy+9^<WdyoQfM76>!{A9*p*A+$CK&(
zFYEZV3&oW#6#B@^I=0<MG5<aaz38%zn)@lv-cO;wcv;7Ut`tRGDfBlk>uB}>#eeyq
z_b=<1_#j2mgB1G0%R1UWM3M3kg}(Z-jsp)-Y~z2nUDh$B8^y$K6#CxFI$Cz8@b6Bc
zpS-MNLwAbh-6_H^U)B-+!)4t%mvBp!U53<J;N_Hn+!}d)s0YQ}J;b?$Cwfqf>><u2
zNHV8a2J&3O?j96h_7LY1uJ@q0)`QCN-g&pA&U+Ei-b^tbsZk3EKF)`V1O|$E0wY!b
zvPO*a`8_G}dWv!WmPpqC5tD4={5L%*zUoO~gyv}VIQ|@Pw-mc*5}<vY;{WKkV!tsf
zk0LEk>^DA@M=?5&!jC62_ZtuAQ5?t<8$dD}hb=?beq-lv#RiaXFN%h}C=gO0l0E#b
zI>|!E2r0#WBd?)Rssbvxcq>vO-uhO6Grbo@8=hC#Z<lr8B_Q@Y9r~@yI`Vr_^zB8_
zl(+G8CE9dP(N?FlGTV1cFN#gQMEiczi{e5r(Z16ae@|lBzFm4#bnY$Mx2QM8sNUvY
zeHia8(q01QajAT+=&0&Vv9C9^p3g29*%31h??Eh&n|&x6^bxHpS^A>jC0nbe_n}DY
zLt*T@yN=nLRc|GCOJGmu*>6l~|K)e0-X`{;_-7v~jPfTH1Z7BVMIKHe*S~Xn9`V}U
zvInT-xgJd+=~u<9c0nJCkGN2U9#DH#ITP+A+o6^dH%Qgry(+MLp%29=S?XYwF0I&B
z>g2u@@qH-_XHFfZHpLs$NnyDd(0Zg8yQO%K_N5rnmx7jc@|<)}?IdfUgj0=8F}}O%
zR_bykP!&&5lcKl2CbBK*OEHHFHK49in>z!Yq-KKm=0B(CU9ZX9Lkh&l{A;e07qfCa
zX1B%N>zv(+O>YH}G@gBIioQe2cD66YaV}ejPTsPSWWgr(IpFLy;WThU0~opDLt0lu
zMw**_MM8|g&A(cUyA}>UTx?0U#`f2~mt*^uWZUFrYqD+7{xsP(XjdlNM&r+tZKLt_
zWZP)GBiS|@|CuaCV=YBTi<W_WOcngUQT*p5+a@pbl5LZhdC9iP%e-XU<YjTPZSt}t
zSxjEqJr8Ixg29VFNCq*<g=PUw4}r1Cwkb-Sy|nT6(k9qTn`kd>lD)LaqO_OC@>N2z
zZWX&&7JG8CjuzYB;L{Ny)p;eAGx>g3u^ZTn-N0V#2KHk6*^BKjik)&NXGLPIIgD6q
z&5Dt8m@_F(F^3_sqj)`>??(~ek0SI?FEes-YzB}sl;Vyd6uvL=0@K(QTVsH~M^XGT
ziV81`EY@6XO@EwX+~ZVuVQgqc`aMDM-DnEmG3@}&C)Si~?HGy|#!&cn;HC17wY)Hn
zr>GrA;rsQQfY!)L8T=H*@h2&K%Xr=US&`&fip|eZ_|~-LrL`hQO`wRFK;hf8A)p0V
zkuSbLk@*4@m+%6u$YYZzhD@Tuvtwf`^5QEL&%8o~x5y?|<iaTw1Ex^nEwZU4=gI$2
zRQ`twZ;{Qc$ZJz6PEMu5F=UWM{?s&zjA>N7vDVy5N#CaUc{&x(sRdgp?|g^i`rC3R
zq=glkGm|2CrrZf>X+<7=pW@_uawjCzigeDWc<N&+Zu^B<kqt^IN|sP@+b`UTyn6-3
zjpbC__G@K{<k&>9=@Tk$`$fc>OWM1(Q5f4Oe9U!jq}A@)Nb8<ol$G1^N{YuS<qk}=
zmD|)E6#aL|9hjI{Qz`!3NwIgQ+<}R;Qogl|V&E={L{m3TCFyB-n#}>^S4sL75s}la
zP;=WH{_ZEaY`z-H)MHDYsrX0n*izJ=ih{<OmjRH|b*Sd%XuAK;GD)bF#I$S3RIZS6
zOdT3WEC+c7Lp8gDyy`{3t)Jy8K0QvX;tQhetN8Rdv5FrRWxI;Cudf{WWJuW_(&LQn
zKg$>7_fQ<zLjkh!F-={?`r&7B6-#n5?Kv`kQ0L>C{VLW5;EVst3l#0+%zcC3_E7wH
z4~2ih2H=VR$_o@7;>=o3-%F9QR}Aj~qh!VKv^<G9T0OCs;<3FH^wN`>=Z(W#kIBhQ
z8Yj6kj?MV5DA9tw6d&)EHz%B<<VY<;sv7Q!vpiJp+Dq}pUi0Qe-eTa)b$N5*-Z<f*
zGRJy0pr7PfwV1D=<4E`GVz%<*UW%)Gh5agblmw3q#e3SX;`dR+?c-CUQCc0wK6B2~
zPYNEe1kmn}BX3+6!+6hq6c2Igh(gWF`bB&N;jCv3R9v?oy?MK<n=?owXO!l4jY_1-
zal32<|MGRf%fCnv4wE1(as%No3Bn0>5IRRl5XzA2-b$Qt|1a`!uzeJ-?&Bbw{-_It
zPyZr7SY!v`1O>v$ZXk@<2t4$w1mR;A2v_c-ShkPCzjz~1`-=qOXbXfj`zS8$6Clib
zT&=4%!c1b;b<}=}@ck5Ymp2F_9+!Z~<0PZvSc_jpi3aVb7_eW0F#d7bmNKNO;c)@N
zm-bV<xZea}#Co9lZxVz>ae>y2FAIdZBP7q_^?>$N9Qoo`0m8-mDdz7N#VLGTg0O16
z4R{y!Q=HpRVN7_u4&afT5iUg3{_2gL4A&LB$Lq(A%iXAd?Mh(SZ?ZT1%IXbG0n_s3
zYKN!cpR7Bn#gAy-$Bg}pR{={@J`G#D@+rty?Y0W$Co7+J9{HGtZU6FBK+Fw^gQV6b
z4jLYya2yb;uo9IYPs@{7&+s0gc=Uj%+=cnF5vo_&DtF-lijo5qhOdWSPO+R12b2RJ
zE9Px2=G6x%PD|$d6my=ICo!3)9HdA%D6g9-<~ijy=8qku7<rJw$SSO(;P5Xh2k!q}
zYVpw4azofni-)$B8^U%iZZ||~u?#8r4sC5T`dwiDqk|N44{|N8DspLY``?8Y7u&UX
ziqc~Gq+N>xwg7>DNG&dEZEEos2Pw86r0_4=0<8aCR^ZcC1)_@LmaLqDCuIflv^<Gf
zId@i3+)+hAyFTTm#oeA%^~p(|Y|Spn5<OK#QB)<hxbKrvi)Bbv!&9v-Eq=d>VrG@8
z#W|~ikvF9l|D$!F<#*N6;*ue1C|M0?FSI7J{*eBVswg&9iJ@fHlTwRi$ZIJ1t%~B8
zDhgxclXZa397+}rQA5cZK%3Z_9Q#8ICE<rCLJm<FIm5KNuk&tH#5tV!rPieJO+h^1
z5Jg{3-0smj#-TYwTs=gGo8Enix~OZ+c(VS!<PKL~QaKl3w<LnMNCZ!JL+}=f;8}JA
z$Mlv6mLb)2TUr|jZ;JMweu!e)A=CYWZ8CK8ra<s?JA!8^1lNwTBe?1l;K(hB;4dr$
zZ#YD;_7H`C+9qJaEs5aW7J`2|MDhJ0f#C8dB!YQbp2V!{q{9@g4^vQIZv@YILZS(r
z<jdCV<6ELcBM(yyKP(Zv@Cn(LGNh_umq758!xXO_HW6Gh52*Q5BKTlyx5-d(Z^<*_
zBS1UUnhg3=Ab8bbisgp|f~%j92$mtQ!#p*IDXtu*Fm61d)$_co<Yu6Nb35Fcy#J>>
z$ajRo=Lm(7Jk%S(WMXd@v_AXuc9WsAPyA1lAyfd<{*oa4U4pR04TQf-5SH3O=sR43
zP=-|P|K8f@`<H04`;Sm`Il@7B@^Kdki~kZJEU|;I)HNd?V+Uc*C%}NeB?wf#Wn3J+
z_dZ<Qix+oycXxLvz7%(NE4~yj?(VukaTX|0+`Tx97AUZ|79Q^J^Lz7ub3U1qoops2
zIg?4QoU7FjH*zmgGhSR8Vs?cBJu<_IoPJl8D=>Z{$EKXrqTILl$NAB~L0&8v5*a=~
z5;=w%DVO&PduI3b6CJ9MGIo$|IHyV&=LBwK02pCFU4coMoKMO?7bZSRC$!NVOoH5v
zktyoP^6(^4VDexb3Y{y(qe(=?`ox6wX$ff{DN%b;Oxawunjq4DaEX0iSn@iFq1erc
z@@1EC$Vc5&cO@Qt>PFCV9&yc2NqXHE)@X;)_)(pU<OJ&?2V;t;Xjr1x;SUyvjf{1a
z_f(BT=7*4)Ao8YzA1Vif3s8;E;;E<O49t?L{z1+MVO4hcx4H3MGIEc!->Q&wby=_v
z3iVOJ#U(trCfweHjMlsF8`+LiqQ$e$Qzj;;WkPw<GTrpZ7;L@^vkfTHG6HLSH`!s@
zGS-SxKODm^YY$tXFDqKH#-s&he(@?YrKIXAG81RSU0U{bTL#_0Pp*isZh}$3L?uo>
z-aA6MeJ<3ulc}EyA1h~PFHtIhA4T5J3S{xZ$7iPZFI>^mV@U|gb6pc6OkFL{#_W~1
zrFo__p*UsAr2U!Yij5d41FDmAgt5QBKZfZHh@VcmVoyg{`{-1{?$oP`XXxPzl-!vy
z)X2+#G1j4XL9qUxeT|5Teez0%-2LSo!1J@#{PllB@=7k;QTLu6o?5g$I5h`^R23;F
zyo=L0$SWU4+))FTduuJU574zq9`a72;I(P0`AI7cCj6Jt>t!-65j%NXnih;R*O^Tl
zh|T)g+kZ?sh{FPWl);&6Q1UqiqOOM`eP*Z&X}wOSr*h~fbD>OIP*-)3AMxwh_|a$6
z$9=qe_wA=EE~^4ajI8r_|B79T1IPU#3b;)?J^2!q6vNn>JIky>Rt)yzy^4OJ>##zM
z_o&hgs2B}i3p>xaQHU4Kj?e~i?TB{++`r0NmQq1q_uOMIk~}dAEJ-Xmh@>M}&WOP(
z_HI$@gvO01zvm?#pg(1GA|li^dBvq5W}PU6TapfLUrVa{{TUd$^0B^y$VziEXV$K8
z*+%=^!*^S8@pyk5N6aK@(Tl2cGbZ=UNv7F7qr{HmYDaJ+BttW(^e`fD*)U!Y;fD@z
zD-e-bKltEO_tW6Of!26COwEQoVT$nSQ`%(h8n=~Vfedo)^TY4lQLwp)+aW0>6H2Hw
zzIC6YlZLcOkl<j@9t~0z3#g<CM)J!Dr>f(C0jCmUC#Um`{=bX~me%^eQ5g5Jw|O61
zta%h+r;p~_%bd$DO+a~HQp;u1y-zG2J&Fp)ZFAWQwbL;*1|<w17Z<DJY>_%0SD%?R
z3TZRh1Ku0BoP9Y1h5=u%mNt`i1z)cp^}T&f!F;1?1QYrnQnMC^>S&AO^jx~K(rLXe
z%S;LOkW@_5s1OF~XlXK0_SwainxM2RLu+&FrmPmy1hs#={IrjEk6gM8-qBENnkT!#
zN)_zq5=u?av{4~jHamgz-j`vtIs{`(sQ=PFxE>quweHC5!6|+6yAYC_yTn6CxLh70
zvRoP+Ryx<Pkiw9Qd3BH7ebmt=IEqj2Vw7o6l1nL%yH?kl6tZ?EVTG@FR5bmYUFJ3S
zckEf&G7x_y?W>X%K&F^UL_;gcCwAZu=X~H|vq|>H&$YkgLYG-$ekw3tZC5h7jCWOO
z#pbn-R*ash>uk8^40Py$s8v29#tKDmDV3EbVY&XckL}M3urQ4kwQN)oqqy$Or`CUS
zjWy{-9KA}fB4g1qJ_D{b;k5GkEFKalE{=b9XlPOzrVuYl*p^V^x^6ihm~PX<I%3f@
zc2;mskalie|J;9r@zbmqr*+1tYSSmjV!<BuZ4KimtXa$&$|nccyo!#mM$<6qn~{|V
zN|RmFf-=bgz;M9*R&#-%a{k|4+8Mg0;NBA1(izQo;nKs<aTo5@1(z$Z<e9N8<CdtU
zvmprKjyI($KW)FwTC7s?zw4G=+N&gaSijR5%{n2PSe@#>^m>lYKc6qrhwg0|<4e6)
zl}GDf38+8udTiND1ngD4*-r?ci4~1%SlG7xQm-fRu~GTE(P(L_q7g$zq@B($GS)Gu
zvFNq%1217FXI*vB<Tnw7p;5<iWEvwXzj@B*Z<;Io`Az0;!!PDX4L|UlXS5%Xf?!Rc
zslN@K%#T)o;As@#r{_x;VRQv`_8NS#T{4V4ux0wA<@(o)tlp<b0CsJFR{oz{Os|lN
z`(xcN^)0*q{&%TS@yp0PsobFFGXFxL<k5$id~V;r8z<EPtM@R@);NYo9F3{|i6v7)
zT6xu_OHYts5})C`Qo`WG0Y)Oz!hC0W*VW1lw~w`{qcg813jz0}L&kZ+^+k#4KNAYr
z1)~r*KKi99ym9>Gp-8DYZb(e)L9=tV`1gjr)8Z0yCZ^EzOp4G$Ki_elz2u{RR3)n@
z<Y-56+GltOT@Z?;@c-Bj_Het?w3#O-S6dcZe$&X7f%?Z5UE?jbM<2TDu+>MWi6*FQ
z@qA7~!~65ctDt1h-(QE#tcm#$1?ktxJ(BPl=x6*1Rk7g^E_%{!;p}hwM|nce0*hb%
z5E4lDHQv%ulxw6p0V5)y=szsEYvdIgUO7ReYh=X|UhmSbRmp$I<Z}`TDZ%p@A)JPu
z4xXMTUp{5ZfyM_H1YxmY8r5{V0DMS7zPA`HpG+C&KR665M56_X*@o8~k2KB>b&FDM
z^z7Rw`O#A<s=On^0zlI~BM7WOjWO9!k!8rnzVOdPO-qOEJR3h)?(&cRF7bN1nU=|e
zGN2+=sAkN%&|tnO=9)kA_=(y6DL{FFBO~69x{Sy@+2W@h)l_yIUNrkV$o#9?+_fXs
z6a>WN6U<glw8Jzt*km>AT%K%4!(3KIgs0*_ThBBklgW7ANn7?iIA(W2MLIT+L#L%%
zH3|+G6h+Zl5xW$eBYgIe5LFC;3`gaij%sW8wx3ncS&rv}vsK;eOofNSF89#M1fD!V
zqW(O(OgVi#EuiM2!{CigE$T_QL30Ncf$aja3ge_})H%l!jnecQGDeEipxJULq#JP1
zsB+La!4n-a^mN3FE3|J~{HNcu>gq(gq4pE=ksc@8=MZrAAL)WV>C3<P$6|E7m8|SG
z9_0zQZ=8xZSl1xUAV0YqER4Qlw|DB$Z(Q4&qE8r6?@02%Z}r=nb<grQSaW=MY!0%R
zR79Hi&G%R#0=Qzo;)!E@9sDro8Y*j}kuk4MsJdci5?7KfgImu>vSq?nWp2)nPpH0m
zhSusZ)`$d8aq2Tzz)Ki~V45#GRqZD!1I#Z*PI4pi?$-NZ#FnJK&cJFU(M{!|y@!aE
zX)2aybRKQT!|205!MPzDDsYYJ+W)HIzL%qGlwCR><!dnpH|1K{qL$99CRUz}t@269
zeyh6tTP^;)u1TeVpQ)nGE1DdHLptYLfN`snsvPAm?XbtdW4CR7bo@V~JyK@SBCL0R
zugS$r7l^`pcG1Gy#?gMc6c`%svnIe<TPQ_)<otYr{dYO)mmjJyLk1qwb^{twQ4Pig
z%-V}Vuw&yN=^8S0TQc<F)>m&<OdU(~zuM)jyT9m^>a5W!&-mRMr?JX-PWc;ECv``!
z`P~%qA?*2MLzSZ6D@$W%n$;POIohzUJEZfAC2e={)C-Ktrkkhs4v*0(PSA%Vqg#c~
zpL3BcuV{Z+D+-q`PSYOuDY=Yz151T*8LsdIh^_*T_A92LB1fY1phPm_(_^Y3A?Hs;
z`D*h>Kx7v!b)Z}2JBQIw{ZBw!5X0aHhKS^iK6W_qBThZ{tZAV<m3aY`j~7BjTgjvq
zEFaT-KI*9hgY#tUL+T5B)!VA>st-un>5t9X5Tb#IGH^0(zsm*pgTL&3cjVkBL?15S
zG7>xIQm^4od*9?Rdw&w8kE!Uu5ao}y_|eQF(Fuq$2uE(sg`a11Ojhuaf{^VpQ*IVg
z24@flF;isfcfa2i|Kpc}13n<4-xx_uUDtoQNiigV)^RW#uNG6EDv)r-+fg?A+-c{Q
z-_@xQb524GkM8cryQ;^#Qf!0il-?w5g4<vQ-Lt)`#=Djayh#SWOA^K#pWp5V1wN@@
z&?Z?8(OB>o1*ev6r-{a*49Zgbl`)a~|8N%N#|GZ!A)SGi_P(<#xHBG-I;7lCnTHR0
z4`{Lo?K6Ko@cCGsMwQG>sP^o53%*^@cdt4m?NytXNGFxo0!lLrqHB`E9{v`btVF*S
zj2`>f8n96tuTAQ4_+iagDZr~^$E|=nFO4)7FPd5;+H3gxFT(iae_}=!v9)xu_(?d^
zdk!hDUHe?wT&fn~?+iwz<I{WamV&?h|6Vzr8M2fAz{8wGXmM0}YEMxJk^yD`!$(Mm
zXq+1oM!o^jWk{}imrE;5lIqht7sEUs#FZ|#l-(HZM>$nIs@$q0@@3#C5Fa=R{R{Z?
zoYDt^W>m=@k+YEO){T%}fBC-%Vf+1#E>6PyvGs96TOrVD^wsA#w$hKE(GW`t`b5gA
zK^6cnxofmu4P2ej_0C-b5d}~8ZH9n<?86FKz2OY<b5`eiG(?4h%jSQu_K``7Ai{=6
zPVeE)_LEzQ-5(Y3rHs;SX;XB*6s>=cQ1}@LU2EYhFjGo!BrRj)t3@_{iKCi`N*PeE
zo)u8qlo3ZsAhz7dUgfjEfNo01%M3&*X2})NgV^Tn182|bxCh6+_h`w>#md|7PGJ3E
zAwH-}8IKz-)w)XeJGky4IS8OwWn6l3e3SKIn%`nP3np57ij_}}sYdnZAJ;Sk2AM4}
z&fKJX1A38X?}muw(`tyPU#-l9l41?e?R<YVC2RTIfgZTQtg92hRHH;!GoQFweVPh6
zC2zG<KCrQGWsx2%ds#C}p=iwVY#Hnq>|`ioX`$L7?Iv*O!g}KJsF8)cMahc15No)|
z$KbDiH3RmTa0<Mi9a-Gvpb0CJLn|o^CUOu;jw!M5E-Foln-`&SGixD})4>ZNYA&_2
zZjscwmPel=M!_3P%MnOGilt9V>s-kgI2{{E3G=ukYr>m-qKE%9g#0z1m}_H6(MzIS
zd3avf>Mxu9mcuV-MOu^Yn88!Xs6om1f_6NB20?*t`q%j%<%sl+!CV&EH%c_X)`YB9
zN&7z|J5bAI*aIO6;M~_qqaw`^pz&ALI`JB$fI4wRhQ>aNymtRC=)7dL?~uvz2(H1`
zI<kj_e?%3JXgd@ConHv+n=Ul3?}L5);Qa+|0_Ln-c5lc)z(hk21=TNnUe*#&XKZUQ
zRT`qkyWF{uugjq8G5(?697pK9U<WAdZuSc|k|BB9VpDjK)%vc+w4YC$3A!mL5--9i
zQiZ-sb>);7I%*#ROnrr=CQECYjvI!f7DA=QX6X?b?2WK4-M<9or~cM(zmu2xFlg4S
zWo1z#U66o7@)L`!h`8LQG3WMjLw|%Q!ML_}Kbh&Lw_f~d0sT(CyBfgmEb{IJZ>RqQ
zumJ}BX`kt5<OiVp%gnk?Xf6!8#HGY_#fLX!D?*A<N!OUkr+*PD14KgCORPC69-Iwh
z{@IU7Vd&dP+z*!=^wH2^bg2Y{XaQoLm)fQssHY|Hf|zGEG>8OAWqtR$ylw3JeA^Fq
zao=GyXOh{-Vqe^1=eS(XNmuHYGi6-hwOVAGx8wNtbzKKzkKX9E{G@9lT(iQq><?N9
z>c$9mD|_(*dz+fsBC`3sj7Tk7^>7Qg@bjPftqqoSy}p<(LB78Cm>)4^kEKk52^FyU
zrc0OJ9K@Jj>P)))r5>(cpU{*4pc`P=SsMRn$NBpw-fkFcOSMRczJhr_W}1D9P*_0c
zPaS!QleFUpXG<qH|L}Fi74s_X$zpOg<=xQ(czZ(UVa^(&Ysz^&MX4@pQWPaTSyw(w
zzf|081TwuM_HH+=0%Z$aoHK-ayWvLpPrCFr%=?D3I#Yz|1_%e8NSK+ON4g)@%<5O&
z+c(}EhTT*S+5bBkH7O?ijf(pl(>q&<m2u<8**kiosgz$0+U=CU=WxRKnq+UaeKiQI
zd{v3()qvogSBh!JsuVf}JPO3hqC&c0Ko612i6@H3xYV^+b$R7_{Lr_lj#sH=_<#}!
zim<}<36#Yd`%c|Os4=Zn0-PeU^HfR$eY+BiA*TO6JQiN1<_W};<CVuwxTHnZpuATp
z>7619@TA6JZu?1*gN&}`qrC07)b_{Lbk1YtaFlmv&#LLv#I*91g_!lQz2daX<hhUt
z&MAc1IYcqxLFWO_ZF6$_^_+QCV3sajBUVQ=Te*<PY6A4@E?RcK8(Fvm`RTAbFLaLR
z(Z}8?WYqieXo?{8&0z76J^FxTrueq)i^9yO-{0ubZV<O!zj((k9DvjZj2>!v>`(6v
zeEEj#{p)C!-*T@);L1d?knCJXvNHFs&v62i#v@E?z5In<&$5d3*Wq0GZT)(MB9h(}
z`B|Ygf|4PD%PQ~q;}0#qmXjoNZy#;^xU%|vuTw+$2V<R9!~6RXaNE0WjgnQ2IfH)D
zOs#KTjARLvSV|L0OJ{X#icQ4kkqtoElXzWyL%t-p+mFrG(BbNXBwDlq_G4}t3OV{9
z+mS4N5Cw+yD5mx9$t@|%L8~S(u2|L2^1(IU?d!d9e8Ga0XMQ|mx5`}(cUjjO3s(Su
zq!>BM9Gzw$Yr_UhiKJw|Fw}=eetTKoi3dzH3=PQoJ*=0f%lO-q<lc*LaEuetQZo99
zpOLOzzUpA(YtkIeJiGu~9%P2IshVm5;RDBS!43TBS^m8HDBq<fE!6_-roTcv=e*`e
z7>BdL7)7`j9)_OMhu<WU%2ucPK`^q-=eMNLl85oVd@_@NKj(SpFw2&XX=%%<6}$Bg
zKH@C&m!t9dGyvAV?0Z3>a=R7_Dy|)D!#6YcW>X6n07c%yMOkBV=3X^lR80J%Qno&#
z3TBgU{CdT61Z*Gbh1Wd3&1J~kvRsbnevg~uzb7_RSl@6oNo?y}>A-Qme!f#{nOc$m
zPYk!u@tcus%dLyXsm9J3x1Rje7v};VIPRHo2^)E#!n8P-&|=z*rZ~m5J+4*7|3Bh4
zzVmf!lZa6Vq0m5FpTM|<n{9<vqrmtfg|lng0ma!ZspL9=^>tF4#Q0|sq!OoA9enHB
zd>JkNH@oOkr`Nee+0~a)vV`WP^(IE+9<rqOM9h04T^4PHHm>Bh>X&LIG-+96ZAxNo
z*6x^s4I(6I?3gZ4|D!Ubr9;H}zLS6aCh6|8;9x35^+Cay#QI4=WIGlj$wL29TA#rE
zue67tpOY^f<;@QNvz9b9QPAUzQ?9pGMMz6RGCF?pfA>&W-zT;8mvrNgX_AcnN}ro{
zfIGpLd}dX4&7%uw)Gr|fB<_k4j>wzaS|{hC+liDAv$<SE-uVG>SxN~%DR9|65~<6|
z@$kmmK=;OOj=1ye2nMkz28;SqAn+DM?3WS?Jb8-omdHt#vqv_9O-zaA7;isV2V<g*
zd92!PW(BMSo7f7>)kGs+{eid~w4Cu8UuH3_1+l-6hRP!T3j*Q>;t;i6O6c?C5vKf_
zWr>mMONRWqP(t5k;EE*4R*!tP7G`_1v(#O+R=nNUnuCd2RiBVp>q{YuP0c=#aFpX7
zEU~hAoJp}#2ceg}u@>SXW(=^t8TyuSmQ{4zZR2@Q*M?>gJA-r1TAmeh*9<p9cTqkm
zoNimixdZ`F2Su1lNGMWkm&rk^U6+x%z(2Z(mJXRuFQsSN76f2KyL<WPKA-4?tE4*<
z=0Tn6$*ZK#$>W+C<2&zQ$Je=>HgjaV!8#tq|KSiaLt2u3zwsc7t#Nue4u*bbPX7BS
zqC2BD<8yhH<fE-8DMSEL@cLCF0xwwTG6<!eVX5=4z-<M=n63#IN81Q<fiMOGowE)o
zFghK6(5=X{Y|UkawDhfUZaC1a2~Z_aajUg}Xt}`Ote<-ehM^8QcH4aR=o9l<#}o<o
zpRhr2>m9mE+3LLNwonz@<%5TBCapi7geS>=IV~YA5Or0=eNJZ$PQLG|*DF-FCCr`v
z;x$^oB4H%iAY3v2gMx7LHMgx~tF4^JNhve+si6}moV)C$RE$h5r_FOsEb8EBoV+OS
z=*fxqcuBpkfW49@Xedf}t(^SL4z7zamw*9)Qx9@xXe7<<pXHV@iqn1PacfEsFhLyr
zgO0eD&3^l+AX1xC^#!%)AE9*+%Mi=d7lW*RNttfHCxz~EhcCjFS8@ErZN4ntkvQNK
zh6mr4uOWfSXG7?~Ym+Kd)04}jjAc0o8#aco0!9?&9+=fQbqsC3%x`u#;z>eEl1b|i
z3aMm~9MrEEc4o52W-6-#JVfC<MDfiV!Y`#$$Gh()n6PktRH*%<-5$bw1HDOVv%x9C
zz_xte6*>4VPW#`Wt_q%IZ^T?1JS)9Kezp^x7bhlIQ`qy@vfwSCC@&p4v<Y3-f-?9j
zy^{Smx`pLd={fRCoKiE@wcbGo|K5el3L}@lp$WX52n`#eCw@eJGL7l$T<^CQHLc$G
zmUJKAvig=lYUlDz5_^`jUPWX3dxf=^QoeYc*EwqICQJXOH`Rmx00(BuHFC-Pl|3rd
z&O-nkdzQNtMdK!YxwTkRa;BHk*6jE7CF2})PQyA(?S0aUIWM7T`}O&oq|Z4+oWiM8
zEp(HkW0t95eD~a<-k7)zvumxqJq7irW6;kU^d`lv?bOkC79FJo?>XmA_NdsK(U88L
zY^b$QCjM$Sg^Z*GeNeV{BegN+mxlv$deJoR7V0;lZ&X285f>C}FlR0-R}IDJPK*p8
z$pRrNKPoO*zKk+{8IUndOm7}>1Ad2iSO+BG8;Yiw&nk9upE=3(zA;9;ely8FG)l%T
zw5<yM+@RWRklYI5QVmQ%>9f2yOb&Z9|NVl9`*q~JU6z<90WxQ=`apKNHh&|s{K^K@
z@Gm>|{R<QKvOt8MV8dy!HA3Dps$#=4nah^>6VovH*pu*XCPQV%g-vZ#FOBntJy~Vv
z{PTFM9J+tpK8~MunE`Cyr|QgJdikT9?gRWf`r?d*lqwVa^iRwi-%Jb7&ObRdD5sE|
zc+k-6bV`pW7`Rk*{5lXBIm6K(qmVpOzfvCjsp(!$MY;C1-26*b$2=CPbN4*fWdSLr
zm7=rnM|3^|1}^CWgK;+}COE~Qm{VmL9|rewDGzRe?^drx3k0hm-ZCO$;)78Zj6s<x
z7K{)!>jz7wh&L~p!JPNfWs3C@&N8^H*l<g~yigxxEzM5S+El(Sas%Bb2pPwF8hCk4
z%kKDv#=dF#$Y<ECas%hBRZZ-XO=*#M-&Z#|xfi?U-Q0)<zp8(D3(b{W6nn4mA5BOL
z<qYW}+O|$KwF~T8mL@li0{TfGyXAv__V1-pGg>4=qN}Ta^EN^<;~t2XyCq#8D=$q7
z{54Fy4mXCQQ)GlJT2A}&iUlgS1l9usBvH3KO^rITEw^JDw^DqB*a#a({{;+Mt>d=x
zS0d2m08Q@|v3l912qB0AD|E<vXOuyQaNZnma7k++VvAWmNp{Wl6GRp4N0h8jqX+|P
z_sCfCzoiI4l7vmaKMqirK=K3Wkhhy9J6wbYPY%#u^<-t%|I;){KJ0k_YbOpMMRX@u
zuyd2N%grV6RBiEL8GaF*Au;f>C=A);<EZEObi{yR&N|ibMz<IzmG@?Wwtav&TBD~<
zuwn`Gf;SAq-9A@!=v#(0?!s9wdfCm2qthh_qhU2LS{fM9$Lci8hBwX^cZT|w$3wJ<
zBD9*yKJK)#x4LUGm>dC9TBg+v1ay=hk=SR^PyS+Xtej;Vs+>e;o~?Zz!zl7@h+Gjy
z0r3j>)u%!oY@;(TR1dPOD-?Pf(D-^UScwO15#WsbA$&)c1Yo0mRKN07$dY<LOGqyn
zfG&Y|V>BK5v>dKKj0#-DM}LJba0=)ToaP{axL63~>%Ujh=+_LT7uwKsty^BA0v}o4
zmst+Hr*5WlFIkp~3+0JhE~HlpI!nGB>2v0pQfYl|)xITU5p&q9k<9K*kutU~{_9(G
z7K~#p5uF2)R!p19sqX69hB*sh^zVw3G~87NcBGf+V%IKiUT!;Yu8*dp59(j(t=Bxc
zxGH@_eE;TbF_RvfXD<m1w4@t!WFfNKBGtIS#OGOJB3AdNNi#{-UDxN<^(ZKuxsm73
z7GH=O3VjA^)pm){_@#?Dm^BsiuSc!rU4(hwD=iL3qbweF6!VL#7PZx`kG^COXK!EG
zRX%W9_6J`%Y$*dL!1bf?2keXFV2vXFk;JtI)YdVU4RABxeB=Jtn6*4k+}5wPgv1RN
zP!5N(;`M(xt@(qhi$119-@BDtTnnVx-f<II-v2;)=&7H%W=*&9EszjaNYy<w2m|lF
zYL%$f67n~sxJ~J~P2EPG_LzS%;i$6^Y#)zwoW}flZ~9KXi|iTU_-H(CFtvVE%!#w4
z_p?<>D5BH^&vsb(mVPFQzr%;w_K(5zmo!kFD{lrVI^N5uZMwOYfj$gaVS-5B?Ic`i
zE4oE(H`ulMIyA4tmN1(pMrEAn&~3Ly$Q%8j+_kguL2hNe*ym*Y>Dh?H!4U*|Ax^3F
zoF(gAK;l4=T1ECn;Vjf1r<J=b=d_8_atE&DJ(30wDaTP2Th^)cSuG~=;^C^6h-7hF
z*Wy_K-xBA(RLt7tCx<t7+YZC&9Wxa^LGrY!;Bjf^=Oy&j+5@FsZSRI?2OAtm4tu`A
zhb460MUvLe@{<qZ3{0q&N|>=YY-Ur9Uahju?b`o8N=7Mct!4=w>2q!sTL+?7pkj%S
zbk@42xMR+)KgR4Uk-WM%qvrFv1MqEpSCuKf3gcl5xYojlUhPO2FI0YuagY*0JZ^?g
zBS4`m^B8Z>KKo1DtGgK7aT7v3eq97PilznIDEr}e^gC8Wt}u##6Q@(4DO7qOp27G8
z%$VUn?ZDz0Vq8F5@yomnEC9jBFF_lcv&WxCa7x_fl?u&q?04KH2BJ6;zSMeS40bE|
zr5iwv`hezB#QsaxVOKk4jy5<y#2i*QO^gR6yZr}QEW(;a+*16_|0cMU$X+@U?Jg_(
z4RL6Gv?cJ<9aMk?Y_4#Nwk${L)A6!iutQpZlL6G0RJo)Viqe6}ZJP+-0>cT-md|*V
zZehaCrK>ivEX&-iW)ojj4KyjhIRVpnnbFBooA_W@C!V3PO;;q)3&PvF>ZM4LJ|+r?
z3<n_R0$rnm@b!NLCAcd4jeW0KAv2f1CNJUo2(qr)^;S`Ks)bC8!GmM}LUW3C_-u-E
zb)0L8tu;_UJ)gi|%_g7|Mu=~)HO0-*kt;B0fNXqpXJ*+z6CE_{|Ij|`mQDzRd-&*H
zr2=5}nkYqLhE;;$-gG)6-TuZR>491!HrX060_tZ3@SQH_-<rmXZ~9?Ce;k0qCd7MB
ztre>i)ox^PG*Aoy{I%xG1K<;b?kynwooiixR~Y!<jV^E0)04ShwByYjA2hGifBKZm
zJ{z=o?E`gqlDGr(!5q97C86Yp-`#)8fbzaI<Cl<KoQO6Bty(D@h(EfLwY)JInGGh3
z*3WRx7m?8TS^N7VhzS*tuCgI|D9HQrBQtX4;uE;Qcm%pAjQA#MDpL!<0kpIFrGqRP
zjTtz?r}W7^{q((5ex7!Fqw6no&9b`s=}qd3p)fqs#CxC7DdV*kP+9auu4Fvo0RDq`
zRfMkmJ0<F>YYzZzhmHiQ_z4Yc?&$H$T!LZjrroYoIAB2Tr$q7~f}u_>vs-|G6V#}=
zz<e$Maj<=BOT|MIN)4fX4=tpBj80&8eikg^w>14$xD#at^Cpf1s2?aNFcI);Ma=}b
zok7>`8v<~4Op^kf@m*ddmbc(UYf7Fe-ZuUMd@fdR0F(&fCA*Hgx&Vau*x1+{eMv2*
z;&;-ifH<riS!Bl8#n56TWHHIe4=~cHA7GM8k~3yy7AS|_c<!esw>D{Cf?j7<j;N-4
zM2_;93Wa>9C$o7JBzE(gLVAEbb<WPKo_SF19CyF+TnL}(z-h+>x3VbHLu+>E%3iWC
z*rk5uos<-@5M7(I<Xx5et}56ng2Z5eC0sa?wf-s2{UDTT5U~5xC>0@AO%0CCR8$*K
zJdt&X%ef?;+AK1^Lxcg%)4>9$>2e`4ig18O5?-h6qCu8pjiRE?Q2jg>uqYiE^$kAl
zh}wB7*VE5*tEgC3m%*o6R1KPm0%#H<b~v=tJmsiI1r(e^1E}Wt8#^O2H{n74QxpiG
z6O}i7aI-61k1?`e564bA1Qv9U0REH<(bFHOZ4d!(CF!2F?&M#pCj#3&3Bk&0Yb;F&
z(fU9lKpY)7)<isUH7ERu0?n_Lb0<BmwAeNgk-|*dtt%>2Uj+`J;>pW8iS22Q!jX|_
zJ@>q4k_g--#kgxu$KOe3h3M5WX^JN<)&x&F>IRnrp$V{nL0T}dbMO@RBWQ)+!Oy$&
zBj}IF&%HuqzgG7s{TbK&3|^A3nB+D-ia4Gm5<ahu(c07>vhwO(mf<Vl1mZ)N#iDaF
zZG3PfJPPPza+@WEil6ttVHDz^D@H$Sjz@i{G8lpMLH4I(Rj7U&8W@P`caQ~1=hyqG
zQfAftF+sQQG17OqA%XbHaD6RBZO!qNfm*PZ2p}|_w5Od(xK+0EoB<0c#qcxTtb**y
zV~D$dM8GgY^-JK}xqYC=XyuQQ+bQQZDw3J|@#o*1ODb?Vm-qLGels#ym%P)GwmR9U
zG6O6x;WQ8ZN8kCbWQXPOb_8;f0*v|XM>op`YoVXs!$`n@c=i3x3Ym`r+hMG=%ckCR
zK7y`ud0(h%QmI<?$DMJ()B=uGy@nB8ZOUhKw2FReF)cmN>PY>5T?V_guTP_LJ0aCQ
z<R82xaG^%jJLyNTp!eQ`VB;73+!LCqIOb!DQ@!<)<~vN1%Li`D?q`{4;lzH-{zmEm
z)DMfy1Wk-^8R<ZeY+(Vl=ziYYb;Z{<7~)Jh;n{^Ke)W7i>79l$!!}zK1={Z{$gFW&
z6n)OiZWccfpBrPL%$aDoDDhU_Wf^ZoAT75B;7=164#hJB-?LWW;Ay%E#@iHM%Zkj-
z%MmOf*94+>)3XS`grO6dzZ*It1)O>EwTvAs+3&n7)u1`qwUB5N3<v4-H5JA0&^2QF
z=Q~dn(7;80(dyM>>5kronFHwg=daJOfIehD{H~v;1TdgI8^6tr=c@M2d##Wd-M5uk
zUwJ?SknMet-m5{0x0K-rc?VBB-U$f^&h$*wq~ey}Zzh2<k1e_J>qlsS)%v&V;la~{
z(AY;MnS?@FEI50i=Knop;aeFbwUGDs59Wbdr(#jB8O2zdR-=0Vgx*J`!L&kn@Hhdg
zUrd@4P(l#w@pZoOl|d$O6N$JT8_Mh*_3k4<9Y~=bO!J?A=M0|S7xL!eEmbqLH)@k-
z?cjIGy@MJt98#Iv8&BT*zC+pBXGau}ATHRU#UBrR^4iVD`T}R-K(kXWA5)di4%IG|
zT~y`)pNx5f0?tnX4rw`?z;|{lHe$f)zz)8n(Y^4Jylg%1V6E-|%ak|TM9mjxV;Bw)
zBN>3K-A-|%q#vm!Tw@*8?@|63n)5?$FrIB7WhTwopr*w3eTY7M!jLn5hemyl%oNj6
z|51;McfshaYYd>-t|tb!zu#puo~zEinbXfO9=d{N%qQBnl(qH-_mai9gHL(@3)(-{
zK9mT>A+`>rPadpY`i#NWes#h-m8KJzwcJzTyab*4jNxEmqX)&op#@WyI8o3k`_ZZS
zhT9nImhLPGUYqsTLWQB~A~2vM1n{`Y&Mi1pzmo_McKn|MT)%x}T&m3foxNH^72R52
zUuwU3n(jm0SWW~uzyVZC<UrCZnUU={c5Y)~KoV^Zf<1Z>8eV(|LTB(`Vj^hl=mJ*C
z$TN*bKv?7dtjc!9`@*3S(PJs+XRXBXof|lcsI^8>B5!tNpOwY1)A~6etj_x$)_xSy
zDy$*nQ_!@ci|FTt1$Fp~3OYRYSm;C7+=^{hbC`kLIu-y+ON6cG(aP#3%X(hg?V+0$
zQmyQDsPE(zkt-rvZF*;PV4V5<BB9k+Ehw`o^kTV(9X3wn-L>IDrR#_Q?^XQUMDG_h
zZoQ;=Z@uKB<#6#4%mY}ffJ8Z?18&uHo{7i=!I89NfN+Vw^%)&b)<*a@XN)^bQ=$5~
z&cx#D75xljHI!wgq52wdfQ5GZ2OpA)B&SY?nX6{jfDqEH3doT&@!v~)2%k#B+6Yg|
zxt39og8MJGZp3FF7?5hGL*a3+!*;~rY4#a$!In#1peg*CHxBgV6cv==VaWG{Q$(w<
z+TgPfee&xDCbeCk;ECv;ab)lC`F8_B?T(tR`km)X^TCGRU(%-9QzP{~7n)Bd^2rfE
zdv6{~z3`3RpP)IcI|rw*pfOlLv5g;w3N93fX|*A>bP+D!&$e!}!JN<0*f_)9eAk5m
zGH3(TuZq;qn^+Vt&Iy;vM*#N<?09>01I^kTp<@jdUnFf|Ktzb(a34G9I@KroPs&HZ
z6+Jd?e!(3wgMlKvzx(QuK~_Td%I35Sr7fNL{t3fpvz#{3CRyJ-LFVV4APPZnvyYuY
z*PuZw2ZFj6Hgw!AO8=d@?k^)k+M`xmg{dGo@$amgrY?hR@w<|*e}cyh?!Zy=o}<p8
z5=^P~b&LacJe+Yol0E3h^J5Uk4Cl!rQM!}QQJD~=rDB36ll9Xp%Z}Xk2kkD@oips8
zaXv6x<S<}io1KG+8Jpf`TThL&r_cIZYGPM>UK6%ICnmjML9Y6cb{j+h845VSkp1-W
zBf^Cb?oSb`53UZqK&40GARJMAlMCih{dY}BFEBi)7&&9?Hb_Hm#v;;Tt-9Z`60zG=
zZs*L5-W#1ph_pP)XOGXJMMowgAJ$K9Le?zy-9gci`jPoK*tP2*0iG~+rp{sg7)ng?
z80vNQE1wXH@?x9GPKLwom((#VeLaqpwplw@^Yw-jG(>zHez)mF7%|i`lQEPjk=+NT
zo%sk<?{N;H6pfxIc_iOVKIyZkSRaK>Y$7bO&J9FQAvk2%{b$Fu&KOt+>I1MIi;?M4
zzOU-BItGEyiQ{uzzNW~g=|f|7@n<t>=UMK|I1N(N<y$OGPuWw=>(%o9CY1<{0-1hW
zG5AGrsdrV+50$~(?q3!ik;D@d&42!J1!Mw~yLo?~>PF^(B8`M;F5{Qw?|1mtz$$~o
zrmzmhI1a_<n%A-XMW5d_uHEQ;vDZJh3Sb?==GZmk(uEryM0qevoG}7Cs#bj*8~+|^
zI`*ncs+BQIvVCm_%6IcsiDl}QU+k9k#`S(+G@onh7whajZ8nxck`I24R=zQ9QQH3Z
z`&x@q)!+^!ndOG~?GK%Bqkqe}zqo5VaJ5^`pdGaTv_SO7@W!KHqaKpEN&HvMrrWRZ
zC?BTnHf2j1cIlG6>YQ40^H=;yGsr5w0<_T+RkGyXBZvr#%KL!-C$VoLzY4IR^3aj3
zwJBR7yf8GvHf`MhYYTP>4nw!kqzEzuiy?lzg}NIMCr@NiB-|+}qYdMl*1%GJ-`W1|
z&q=K1!hq!n#D6Q9OS&GFkAtTb5#<~U?+*F8G>af6VUpgp>9C~lGfQ($g;vWXMCT+f
zE>X0+a~jS3-Pn@?+yko{(xUj-w#R!&)mN7!;M-qFRRNtTw_Hv5y?>Gzao5>g(P2X!
z>XH(!btomhvscU6pg8H0&b?jMud11;8o$|j!793#A4HeG?Tm9MxB3)hU})GuliT&D
zvJA5;_x_9DvwE+#(PMI~gMUfI57>S6%%@WV3o`%^CiD+>mvFDrZPEL-*)Qp5O?wj)
zxi&Wi<N};FB41P8vr2nU%@c2OLoWy{1beV(@-9q(3us&ekJF-gu@#CJRZK2|0aWs0
z8Nd2%H*5PXIY`vquk#1T_Rt_fw&dz;2X4$>hLNh5x^BB@TzOlGbI}VrfqbI9@AH7B
z%J5{fZ;%_8c=0^pv!z)V(6{FAbUmfN_jfl5zpCv4FnI1A8qKN&^D1nWE*RzKY2}Sy
zq67<?^#|vAECj8s#t8ilU8bPw@mzW57faB4z#fe|Ox3yudSxWx*JKW}$TVX{MwqlD
z3#YTED~PURA+RbqNH9O;I$1|=O2O!C0lF$)armR=%IDL(?k^tuDGMjhrz>o(fI?t$
zeAi`NY{XnguSZRlHxA9K;INN2mg`ofISq|^p3#_FEYI0|)j#Hs3`cUkBNSXy{&Tk_
zaes7)tfBBlK{$|wUWz0vGqA>>>+^3}$|bSkpiNyZq~sI@*LArEE7XrmcaDwcD_>kS
z!(=SSq{{O6eIjQN`isxMVrX!GRMXikU1S(bVQ5OhjBk9P^~?%xF_RhinqWJbR&r%9
zoQAAo(mWwY5T|p%exoFrjRjd~kifK*@aO}+KJ(GU|BLuX?9znPivA~1Qf3B@7)+Ev
zKKykA1|t{KPM+|Y;p;NiEsul+JN$3!anj+h`rHy0;(N9j3n4apVhl?}!>>UeQJi<r
zatYezr>+N5HHHL9pUjWrwABbq7l~ZE{!lxEc`AbUlw+2jcwQ+8Ov}n+2N&(nZ;43F
zpQ|M>``g|NllV6&(-=j*xD)t2`U^>*=3r5TDEvBZ6frfb95R2u7NQ+7v3d8_o0dCd
z!P<U)Q-w!#;BM;!Ag2(G&xvWjoXA~qFjNN2tN+pd;S7soYJZTpSG4Z(0lJ{G$(l5W
zov{UHvO8$oLEvW<$!7Vp6qWUZeJYdTjuv*?I^1N~-&68AtiVVDuVHKqdj&r!l27)2
z6^gvZ6@g5{vcJhm9;z5`N34Gwa4l-YH+m6{-p*c9V?@XCR?S(mFmnYzWQ<ekoQMbY
z#X$`@zhiD2De(OwUHZaNTl8W4po-P^=sPw<hguNqsXMqH4>#Q5*_eb)Dy!^aKn%J5
zMLA7%Tm{^UkGLT8#n*O?cY4(cZ5AK6nxk|F{no-*NJPb-*NRpCLewsA@Py&f!(tns
z=iQ8sfGwUK(TTeHRd=wW)FevOUsYzx(j=;kVuAB63(-}+v=(cfgZNcwSWgjT#_RPE
zRf|RSlU>IKzXaoudB5F^H}5H``n!~69&_3BPOR_2H{yh$?uaP?<FfH?kKrtr0ml5D
zMPeD|nG2BxFWlkXcQRf4d9Qd$GoAaVec9ifk(fs7?il0l;&$s4E3+?x6ljKh4t{=l
zNm1Kze4@sz!{IxOBLfx4>z*>?eAKvB_Bb0VsU+sPw92@Enqo^7j;T#YVs^8=a{p4*
z!Io1nFWl?ACbUwMifyE$`uiDnhMtUxu3|}GSi9`+Y4PTtu;2N!QxLX3nFrce8AjP*
z@@)kEL|gkyfq_PT6`oixFW8XM!7|c=_lVu*B17S?pXk)~Yaz5*V4&HJQJ+d203S^t
zHAQab&TJV8CZt)xA#~S{4^YPH+mrKKi2G8=w-96%uXYnOGQRXdJ{`x>-<PoPPr@a2
z(6QXGEQe3{D1-Lx219@`7`e0Vn;N~Yce+$b+Tk-vQ4o>k7|#6rY3^4j^|=?v_0XG5
z3f6(zHz<9T{;(eYUvdAsJPdA>QVZ6t!OlpH9uzikXQY(2G|+HBU@LM=HT>eCreO#x
zdYg^W3TJr8ASE&qZYxqudcermG(<qD@ezwv9Nv4j<NZgYncm;t$TWvX3_hZvfF7}k
zpWILow53xF2Q(=LB<ZP~P3SUX2{S({q7bPLL=sLc&~!w4i%0574=^zm&$2?gFd@yD
z{RLbN13j4fw2pXi<N90~m*Ka#y^(9ZdEVJpWcp6xB*!Xtr|%31`c?_<+<4rUVqC)>
zN{t0)Di2bPZHcKg{gY1wW&_w};W;7=HK*jT<&mQFRBXfZUbLAzM+(rZJsj!sNbVnz
z_b<q<&)AFM?s}$*+6v0wUg0!*6PxO=aE2eSd+~5ilu=MZvS^)dX`F0uVu$s-i)G=M
zsG^jz@GLLYAUNkw*yqS7m)g>8h6C5Hk+v@=4!iH|qy){Ul$Yd6<>Vfo*H`>=pz-H$
zhVEO?lBP{Y<7gq2CUw?R+B!ObBmq99FJ&6Z_CvW+i<x-pcTOC^Qw_m04X90@fj9+<
zD1qdI#s?|q>7&(lAk?mY^{Ex@2}kNszod<t4us?M$+`PI;0LjYX2a|bD^F3$5|ran
zlwK%wRv`34ExCw)2|DHs_g(CAO7H%58wD)#Hq!UYvEMk7qt=+JkU})dJQPYl9^!x9
z5M0GZgp@parG}Vz#|yh#B&uG0%3`F6>X26A(RgaQK0c+nH8QQV>afTgNkAG#SfqCt
zn6VNLg#j)GNg0zm^xwkX`mjbC59jA^`|s6c^bA^`mWoW2vijAIpY6<jK)&r`fn_d@
z6*JpwokDpoTJ*cLRgZn+M+7npyl=8$DwFTILIkox-o{8J%J~po=#_KYA<x?6zY9v~
z&K-7cNA81ZG3G2y8Uv4{e@1Q^eaMXYr7ZyV4H6_=0OsL_oQ+z=MyD?ty_dVkOy))$
zM^m;dhI1j>y;6T9Z@-wC#|$X^Ip@m&GsAsis#UicOj-e73xoF5MiLTkBFZ`S4|<*R
z4GMVNa|D$g{tO0xod#ItP2v-U_b98X$W+3z@wpkP);F9PmlAv}L)D~puF+Uq=#VdG
zMACoA2l|EiBEOSMLv474E!v~7mZKCe$>>%rhHtZpPpGI~r!)shiY+#7(um}g6LW1H
z?KF}ga>wM#e~8E9xP{W7-i#dMU77<qn&K|gQ8<awvF@p~Nz%^%xHKSNON`|t+Xi3!
ztWbP=<ET?A)BUGc;do9i)jKn<E=njHT-uY?njFD-?I7}Mc=u@CSenSa*#NRa{stP|
z{V$TxE6=pMI|H8kXY<HDgnQ|+o<`JjE=XjR+o~9f2bthGeNkQF=k7%B7~=x=O!s`I
zEjHUy=N}_iy+JH_vsq2vRL!Gl*HDf4vqs7jZ1q3G-)<<chMF0p>KHkO9xw<;;081>
z7*tUiXuiD&8GcOWMoM;NvQv-5O^i-$LJd@RIrv=Ujz+!hSy6XTA1k$gp@D5SBY5Yy
zM_6x{H-V3Y9T^P)^PEqRZ9ePNbnH@wYqCiD+}>1|)bbGCrzxIwUfP^r$iJ_$y8WMt
zo@KEDggRH=<PjD6Fc>N19FEyH`VuHr@&B&}xW-dDxp_#icaFTFFg7Kx@e!Q&$ziFZ
zoR84m@9DX<>oPDd(cMdJE8o5n6ulVAI12Yq_NaRgSS|_uUoX7SX8>1vuDB*5r-zA2
zZ(24x)t|S!!1iqvyLwA&dvl+A8yMt6$pW*u$^V!}%vK;0-3z}kq+k&#H7aQEY@QaO
z)zDamExHr5RCbx|>zio0(?Z%6*+(T}za;F2`^aK1%ehPSl%P15qTC4*NU3J?XVW8o
zNws$=y)*E39@RI=ej37RA#6}Z8o_${<z^iq0CeL6vMj{#q0l&@;tHGR<OYZXOedaB
zwAx#F3+Y{zn32-ZmiTh)&U-?Q;QNfg_p&zKs-5?Me@2l6j!O8SDM|Q_T_rooipBZn
z4l>HRw#PsM6SEav{QYu4r$&)8QGWj$f0v~W*xGr!l_3m066bKr?y`Th^)DX)i4GYM
z-7*^uo;WkzxJJou1lfGq9t3@TpUhp^gt)nB@0*cAo2j)={|@|<XB+VD7nAXrsR|Et
zW2NH!?2%N+u5c?6Dy?PIi*~PXf%2Ask2`%F9{6%I-pMeGvnJR{pmKh!Su|Nyy!5g*
z8LY}`-m(K=?Ih6e54LADZ%Pdu$8285M^HBMW*drn?l%~K={L1nwi?fWJ~J3l%kO@T
zVM*Ucv5ieadOKO`0zERY*YQ)8@pobyT8;Z(`+Kj`NiA0K7l+Zt=F<6sY&sLbwl(V|
z^zJ1eTT#wvlP{d4Xth)Rd}*ogq$D=W<@}5@q+DX)ORW&^98PHj$Zb@`S;~~X-HdsS
zZF9z!jdsLEB}%T>tGTuSmZt9i!<n<p1Azq12;$whs*BWpwyMA2syIfQ>0EAD)$+2l
z#L>Fqp2{fD!#LAlN9{JCqyqqRFDwh?Sf*;2{Liws*bEvO`pR|rcGQC6V>fO?H(zQc
zR+WN(D*bcrV$w)unpWXFSNG|Ie_u;Hv@-v`cU;mG+RSExiIlVU^Pl`T+dgcFWP4P5
z?~B>bOG1dcbGQs9QkU4q3d^TP)v-eX>A%P;GWu)e3>$&*JCC6~lLCNOs37EYBxYoD
z!yX(2{#Yzew(Bn78-1$9e6&KPYRhrkk&7@q(a3=ORRb%jyK{un>=oXeKd?G_aKmx`
z?*lF52SdzznxG+iQ1qS_0{_1p*Zse*cvP26yAV!CIjCD!l7c}BNsdb-qYGuicSM&6
zKEZ+cuc#w`vMZ5?-W`Azwjqjp9rlT=0cs@_A78;V+$a+?psd8L2a*4l;f+GUlhXp!
z+eD@+^M8NM22u}PZRoN)TbT~bb_M;D-@lgYdX)c`;Ei&c1@AaG?h<J*S>14lgj3PA
zjhwvs(~CxyDuhsQ>7P6@)st+<mn+?)1gu*UVWgGA>L52d-LEvVxCQq+|7qDsgcYu~
zbtwF4WIbfs|4g79l2A27oeD^|)Vk3`-s^|%I>%!lYza`)gM9r0#k3p6@q*%uzic2w
zNL;$G2RJsoXd**8n2Ova{}Y=33Ac`8`ETFdbi5$5|B1%`1k_E3^#C98BL6MsKd}V)
z6e+fXqS+8d#Akn7Up3a+D3CuFH8G(2|A@i&%M0M;p8@9r+YHlh?3CB|dk&F_1=9H@
zrc8@tt5{<3H_%Fyl~Wv15)IfiPpW{)ov;~PfPcYGb<jt~qlC=yxJWn-EKwbCYtNrp
zrd#W`D2Y$-GuWmd%76L!Us(?%aiEFmIDqSxzV9q({>fGuo^VM(4&lQKIBdRb-Xw{P
z0HKL_4*3}#kqs28eH*#&aR8G(lT+P^?Oq0hh&Wb)747b*E+2YV5;9eCv9)uslP-)u
zl_337bC7zdLwL^+kiOYcdCi(Vu`Hf-A?Dx+mj3-5qiNSJeWULB$OJjih?4Gh-rsm8
zqB`XXFCIyZG`s@vJ^hp%+Tx7UxUoja-X1F=E#6>o)FjLNUxKAPag3o>U9|61x+2fV
zziREDNCVPYJ@S%Klk4rJfM}V<vhTKgAuE;An;^<-qcKTfmJI5q=InDIB=uIh>OA!}
zh-E;h9$7p_01rNhBdGZ#`b6At!3dkaeK(*1|EMDTz}hgr3Z)*oua)}ukL@eB`!R<B
zCA?o;DFiaDh}&_w%|^HdE@~SLEMc}c-<ej?IiiTg4X2E8#Vz2WN_}--PA~@;YPG6v
z#)!Q!M!yko2ZI<j0T>v5U%T+f4;_EbE=PvdqpZa`hVow!7X<}kJXG_Ut2u@X&>*vS
zATA09U?_r1D1Ex{Gb~p^kJhkG+NgeW3q4;T!H_T1TWs$RiN0?6*`Nl9o_<UMW%cUq
zeh4JK=<JQiGd2iEKCY{~EN-)37-FcvFt;OVilRGB^BwXUce5lJ=;DXxyTwRSZgcSR
zMN_wzB1(lCRh>b-dN=)RF(AUF>VBK07K~rzO_*a!LCl%}%+|-3pD~3lDt;wwQqF(n
zMYXUpRd(U!U*xOmt0~XtGiJlENBR!6AbYhT@6#(>3>s|@??3gLgWG;C#sf~nw95%G
zy>a`vA%Om5ipbJ~Va>`?YeP6pce6!*xwkR5mP!A?cr%JL#&20vgn|Qk=%~b~h^&~;
zO14Edy?`cus1k?PtkhMt?XJ$2COTtA^gk=8;os$4dmx2(46Jj7Cb#o|6EKD7qQq*A
z@GqZAm*JRfA5~hs;@I30{iKf@B1OuhGs^lpH=PbNLuYIww?BQ-??;MKrgFst+mDo(
z-s+uE)nY5*XoTaH%2v9x7P^PB4P8#V_kuSENdK;^#YASwCVD-um#7&4GUP7)w#7uw
z;G*0eyXtFlw{PP_(1ay>p?FT_GHux7pe*1-rF6b!d`MRuv-v}OIE&(ei;|1uO&7t9
zaB7P}x4^*qlaz(`5`*c7YS@)r*8j)URYtY-JniBHiWhe;PH}e+?k>fxKykMeXmNKf
z?(Q1gDemqL!S&DY{q%mwOy<tslbw5V&+b06`^;Srqmbhy4W=LNoOO4&t)x_{^`@qS
zG@`>`$odKi_CW|K+lbfzH?RB&2atrvy8oBrMb-Cf#yai@Z?Z`*2k&N&?@=WJF_!uz
zL7H`N`O~oZg>54A3L^BqpG!be(5fGa4mPGSO=qr)fQ4lYL;FFp#H&IqRnoEjn6w`u
z>LDO?7+jfx4dsuT&rl@}C^D}0(ua#tn`&<2J)KL?svCqcX&X_jMZ_1u)7)_R{}+F-
z+8N^D3dSiDgIMXILWu+Za6Rjwy~^M2JJ|O-Xw{<iFEN;OMdAdZv;HeshBj5=^ncZR
z*q!0>E!xEBJ7Qygha)Alm@K#R5~=<^15_+Sj@A8vBJ^8%09E07TAz)qoPmx#m0$dC
z+fsSebn@UA*0UyFeaeFd+FiC|9S8LnoW*GZ-Yv82=dYV^owp7FmP9&Ul4LUZW;52g
zHiIqg9iuB)Z+0w<-L+a0Miv<=IbVM1_@$2$mbf8^Ng%AtEY+6s*xKad6C-Z8k}V<;
z@RsRx+umU3;B+0U{OSsbDJOp`hu+gpp%w}T3atk!f2G15{UOf{^lPEq>W_kLc$t$E
zn)3=)cOV;KRGp?eCn~)gaa{7o)v+5g?UzN;pdJ3)n*RM2KJPy?l$(<yhc&p3?(R%R
z=2)hB5TdUrJxEh4ps>m-kA!lWJ;?hq6?-YT6Z3(R0f%!7_(P9!p~m4t+oM2C5#o8N
z!5`%)mN3oB(^7LAw;&Q`Cs7~>@o#T23vTr8F#aMD9a4ho??U&W&!-YOie?^Sif0md
zlO(fjA}8|7d{`f-*g0USj6GM)l1+d-+J)xyNIrx%AKf^au8!8M+vmgCjJ$QrEWfpP
zWmf?YH920j3DBWhw)mVj$-Q#B1G3zq%M!l_=`+#{1qaTKK-_mtmF_`fSVjS*0_0ux
zWQCR+tqYbW#le2N&lnx8=&deW&lqj3=v=NJI@^`nXDabRI>C)P<Cy-A5>~q9w3%o2
z-{zn+FOFhzLF&0-T0w5qQ62|OD@LpPPC<<uZNi62UC)e}&rII0Apu>IP;K+ee8FM2
zVnl1Oe^Gf7Jw^~STlg8fl-sB#+}bS1>{g|sS=`GHQQ;hkgW(wMkYW%gK4TxRjI;Gd
z$N7Npt*7Isa%iiDYqCHcf|6|(Ey>?qi+5JWq+8^0M%`}Bo!2syS90Ymuk~&z>Q5z=
zAq?M0ZnjRAl#9`0<9hG4twg$^KR~iG$&}@AV>G+N%1@=-3H0Nc;!ai~$UP=%EMllT
z=z4+T2E)0P{Gq^Hs10OP{~L;z37%Qo!%DF<?l0rneQBGM%6jY2CK~rN>L*N&arBaV
zH4*Qi<u~okZF@n(i3KOo!0%|tmqvZAW5^u<rQ3Zz3k3&o+`9hY?2&l!(np;@D;Hw+
z<_}VHA^pLZ^-#xpw1sbC0S1L*A6X!=N>j`@L{h46#OxipYJ)ya)j?6in4EHw6Jn6m
z@NZ(4<@SfO-|pHMGLiZ;f2i`f(^G5y+kMY9_2T++cyeTzeXT5gA?c%zrbuxE-2U6j
z`n#Ipcl0l`PBM<Spy*#~M(BP|Vi9mXDp9|>#EJ34KcKOAGwZljptJC-lTkvUiV-;6
z*VCHq8Pnosub^b<qoRCtvW0~(IKi(^V<;!&2Ynyq7*4~Y<gff@+y|559sh7r4Pz*o
zbopUu29qeb@Ns%7)>M&UFx=NvR-shf*?-wNH@M?T$A(C@DLcvi(W>OUwM$6&$8=*j
z&7iUvj8}m86V`0Th$i~YV-1m-(^y~RXEh`3?ON=W(%52C)e>lPxs;uB>V2l3+gE_?
zGlWU>zje($Q&0RWpzDtIn>9nsOt%=<jv#?WOC3mQSpXiL<nAE8@pYo*o_Z#~qUV#?
zD-`VQpOt(Ccd^PsCFBCw*ivSgwqH6=jMz2P2<T6!n=4pN1st)Z)q+>OpTPI>wFhO1
z<#dP3#XV(tfNf?vWv<XiGsd0eul}FN-9IfzxgubGNBC)<z!k&lN0xr2zrAdAAp*V&
z)F*tkMBl0r)h7f%;lzI};!;g^`e+q)IY(9)nbvhYD^)W}Z}qpbO3wafo~`Ui_e)7+
zoFS+6-y{or5O>D1l}kaN%`&Bh0AGxnA@+Dy4}l#pW$%U!b(ix4P(i?$^{Ud~$olN=
zCaXUXh8Ci;KDzDe?TWs&O}5@-YlQVEK|kN&KuRbdMl7$4yaqZte|*xaGHidCo^>|D
zjso01^M(80t`o|8ShDu4ldZq3opO*^F>2uuwmEyy&t6P2o-bVY8;fQ4tXAy}_JFK|
zTa17Za!^x<V^>nBIHI{Y;$2}z>iNR=X1M|6UvVBff!F%Q^FA$}pC$?9QogBwTn<mH
zi@Hig+q4%4=!K3z=_^&j6zXf_oTAm08%?CY-YJ7ya<?;r?CuV23!yT2BVxWqp!{7B
zEWPBw#VjS?N`u}LNuhRuOLjED+v;OwCRdOfVh73)C?4`=<Vb1dK^st`kEDRIdl|(+
zpoU%ma;P%^UsY_|H68@Q02NXq9=9wAl=2i!$u+7zxx$TfvX0V`Z<S$yYAE}V-fXA6
zxPU{XqC=*bBSvNAsI9#dgklP~Yye^~5lfYelP8hrgEz==(NnzmsMSGzee@e8K!s9=
zWhL(6^KFMo_q(PXZSVj}W>wqB!X4Y2?#Af7{jN{-?|;4zoY<pUX&e%g3otc-&SsdG
z&vKPTNNJ<?z|4t$s9cS9HB9h&Bh-kfskkCw5{KUpLHvoQ%8BXomR6o2ez(Po07N;}
z(_F^%;BK=Nedhm*f&WYz=FMAV#*HC#mObxbA2S&W27uv3&rqCrdxF5D-p?UI#i&=5
zD8v(1bY&r=YogMs>MER6VWcPhF4s3g4gbR;wSgw+1PjqZg@t|50r=8Rj0dL}>zUhl
zvKdJT(_?Vw);*p76!(+R4%!p^#z974XU)Q&_dJKg22{4Q<wn4N0_8){z^A&|>xF9P
z)&DN<37Rdw;Sp)U$(Qnt`TW%~c(z!{25O|AjPp2?IbfP>5eIv7oPcH#XO10PxfNk0
z&(9A@IWEXvMQH$fWQRPdSW9RBq{oM_Sv;)3qGC?dLjm|HAyxEvbn80rIggC;62_+U
zt1}30MH@BN9LPF(ePgN;kVnvQd4_Ll^qSGMcx3OUdwNqUT6Nq>O$msU#_U2iLV1#i
z-sAg&&hh8L;K4?j<&Mqa3%Tu=9<_@h8!2{XB88N1X&;_OvRCGpWHrFMEVUnQr{GX`
z=#I0n$iJX=ie9K_I;O}9b+%<sEqZcp4Z8xqh%76%kSVK(MY&s!pCqK>i^5WNl-~F(
zZ4uNictDTq?;JVpcxEO3>&1`p<DCcz$-#`n+x;6CpX6T2fV>Xrw6?d<2?G<jLUhE~
zpY?2i{nb$r0RXPg@Qy!zOLpCy7~5msatH<a+7jD<BZ<|Uk-T#UJGhZ~L8W0qcWWtt
ze7_{;k_3m$g^1jPNK|2uw@z4n{J3BIamZ9IE_7Pn2*tjVWwd^Z(W<A)|Hnge&9OCu
z;7+?}>z1x(U_(WD-(%;mqmGVQk9RxaoMcExhgZoAFKjWdX9cz)!-nN0%C)(MxX%u9
zr4VPCd6K&aj;&3^pH=p0_ttpmewLxCJ3hZa|6V7M)<Dhg@3j5RdmRTnV%t1mtn5BM
zI?hbh)l)xrqAeELSr$#n%q!6G&TtAjD>aqZNQeZ@^*C9TMNzr3-(=(WNe^(^73`j4
zBeuUh8DqN0rNt7XR&9j`U*u+@RQ2k3<M+!25KAYGc4<ZJ_Sgbw=ak$y5gUsJgHM4%
zJ5NgoBTcbcFxA-8D-nCN2)#2y%wum)L(@ZEw!Xb%<WJ=WI-j4oM?uS5?Fqx#%{#4*
zS5<A^At5-!0Wm4Jtla97nEZi1$oz$#VOgGbHdWEXW|^J=iAN|qtyjWu7cE><$LXBW
zf5^~Wa^3u`+9?rRHu<6VPD9ho(O9s-AragB;6eN!J%fe84qB0xj*60izP5S4?|Q$I
zfswgnl*iW(N&IHqHzCO2Fnw4qVohqcRGU@hH<m3rltQj4e4LqRiKjDgLk9dkq|F*!
z9d2HpTiyt5@MU$V39M@0fGx@nNVY^T?{N<(jFWWHf*Uy{yB#NDs9)p{0KeI#Now<l
z=d`;cRFBhWTVN$fxd+@^V69uAO|C=HOw!0_C|oKYmUdqc6K@XLfkl(Lc8I&3Q3LnU
z%Y79nm}D#|Nbky9Jc6-xkBPg}J8I-xVA@$jFUN?ENHVl2lvvo(Y&z=22|X0LGQ{zQ
zf9l@;C1f+jAGJEs*ttMiJ=Ea|jp3E%(f<=MXC|lEc-B#G`IG0~*BQ|pFIIP~t|QB=
z@wo66B|jr^fzM4XhY<zo>-SyTclaL@<ofC2Q#h|E9(CDFD{t^`?8(ZO%uP$MEup_L
zScV7J#I<V9jr*lN2;My{qizW5a2@66iKy%g9jLpgG&9P{2<^WNyz7HwT40~6Rqtn}
z!>Q5P@aCS#8V;m{NXJuw+Wg6r(sdarCl+bZ>lwgiuH+o9uNB8GPL-$bE?PNuh^qcL
zn8z0A$7YTIPgOB}_ju3*KIje~mb0>+?V?Mei5$U-lZp+X6+A1OUNMFA0|x1toi>=2
zAvj0B3*~f(%+3_e@&`--J_z}A>(IX2mZaxf^ij<@665_3nA?4f?R^Z!JARQ1Pf!*l
zOzSvK;K!K6{Bgls^KY%=bWac+#G~MkS;3$2#AS}?YCjUuapsC$nbJ<(Z-;R?U+6qN
zJ>*$9J=l}ooJn%+NSdrdWeH+S(c8Y736Wa~^}L-?L#%g2Uj4*$=wdP9YgFr!OT%qh
zvp=d7Gyh2X!aZ6MrmEle2x^1?Y$giiE}^s$HekN9$hn`8ASJwz33u6RT47y4eMDp}
zMD8jin(Bu(<wqru@{xz~48~oBVJy3V3iqQLdx=G>Xb#7e!(9tWvUF!+O|}iOWCJK!
zvW+WuCB+ZXtGQvRAV}TFGGULi14zv=6Wn!zEipsP*z5-rTxiIHYwG3|pa_Q8%<AMG
zUGCqV%dkhh>AE}R!HNTUDoDz{P~?tKfnyRlyWjE>wzl|sis3*e$UHr<a3Eh~#Cg_v
zQrta2eHK!JN^e7_uuiUk2CyF)88FH61z7^Ozo|V?FWe)hA5xR;5$@9%Gxd`kD)3fe
zOt$cphN6R0ika%O(U6|$KQVC7uXavUMygZ2V(%ArLxucB8r(IaHEEQE#@9Z*`>J0c
z{ve}S3b9DZ45J-M&;oAFy!owSOhx+8v7lG;$F@a}4sS*Z7d;6nY|Q*>klb-axV(`>
zN_|-Pn2v-ti^N-Fn4?W>xtQ~CZi_dz6xzMq8o10@M_w7n*-wdyMxZ7I0@Rj&F#c8s
zzWXP_p!3T`^VjTFAoXXm1u2+dT&yQ{9RCRTc}ALYGc?J+frR0JWL&Ib=hFCKZ2SoE
z<gLz;L-oyDYLFBVaU@6GxDOMYLk;VY)XzqT%~KDmb^zo~jH%~Pe&EZ@z*U=H=9={A
zZ3*Zd3C21JNcDzt4?c9{G2;?&zeDAREj;|1lZ7aW8xmr`VM}H%!>Zt*0+2En{@K^7
zV?{=qLTVu30G}y6-iw8Dip^J1*WaE##&78?|9P}mut9w6VI>iX!$8VoVF=~fMMxza
zzgV2-f+T?LvETgfXjxm=^|N5kJDXUxxgDD~8c%z~C4?=Ad-QwDPc+1d4~Pvhsp}jn
zy%zDL4slK!i0C(wVE3DFtv=J!$Ip*FTsf&<kMcV&xfQPiil{|Zw@Cd!z#eFKubp$B
znf9eRV@^p6=Xn&C1X<@k*&Q;S*uOCf*c)xB4bu@Vt_jLXy8b98Te>d;4bI(a?rW6c
zg?ay|#;`n4B$-`B=F=LazyhPGx3vQ7iLlqyhSt*iW&>yPG5K5Kr)^8!Gf8TA;~X*&
z9Wp7v_iu^wz<#o<(#Mg=-?hB3iW#?U(^k<JZEgwj4?Q1^rBcNf@-|@rkTU@8M3N`7
znAx7<G6q}xt)t<VR6#>h3;-0(KbzmKXK?lAk{f&F#Q14yMI~bu@`q^7Df|JoYnT*+
zRa6n!6zOuY3T2orKGY`oSWEvT^Mzzbx)>z}>X_*Os?rDPw6cSmm`GaJvZ`lxV(MJk
zRJY?aHxv8u`Q>)tZMz`uojj#DxjKMl?c)c(Q5hmj`F4E%YqB{9E)82@a;rT;l}?ui
zNT`fQ7s<Rc!f+qiS_>nooMKVWpah+#;GwqtDXXS(30RRhsgqnzk%3)4DLa2?|DCul
zP1%%Fw8Fh0&KmFy&{P0wULW|Zbny0Q^8t49-v1mH{5R&iYy<u>&@r4SXW<?om^F!%
zj0SCI%fhE*emZ^t%s3jCr)5uqKcZzHIx`E=?WWtH$0{3ZMbOIY9QmhVv?sH@CH-U6
z(~7Sw67v+YtVrUwyJ-XNoP%|^3n%fD&=Xf)>N<rmZ%H>-)sl2PW^f?j2}@Tm`xUJ+
znklFqWT;#De)+oIb9|He!EW!5vX#jR>up-csrq-`hGF~Zt4G%m5-@X4b4*_xuR{v2
zT-Dem4w{-`@$P`Ru7}T_$>du1M|GAC@WGymTboo*y0|5ZuzYO+gRjaI-WHQvTdSOs
z(O?i|KF$>cIRW)}DH4>+hV(ogF<V#DI0etS3kJ>ugI(=QGP<ep;ZKSU^xYeEl^*Om
zShXR*f}S)pyz)`EE7`^569DA`a<GP3IgOe{aD%p^QFB(zaM*0#G(F0^v+6(JT#*ti
zA`S~~Zf&%3+EX1ClzEoso>F@<Z7#&%+YELIN6FxZ*B?baBmN}SE7sM^Ra&gtma@#U
z<vgyz4dZRR5<+VtRyBdfEEUGpm5BvI#_G4h_MAwdy@o(mPZ-j4UPX|f2|+pn7y6wY
zS+N1I3<+MH?3vgX`|CSOW8@c1J6>2|)Z*_X%<ZQ%s`eyts}ynN_%aUd{$u6;hQ8sR
z#=-kE*Q+Taa5qt9_`)8#=ANU0k6@@HZ|KQ3Ef=PZgBiT7QDr#4JyreM2W!VuBxsJX
zg;|I?ovErScOva#E0KOhrny$-L1IKMF_qzVmj-N_j%c&lUwZoTw6KeKW@+`DC?+<j
z0P0f!PwMUi4=v+ZEwM}nXo83r81M=es)qR=s#<)Rf0=mMVdYw3y{pskNa~kut9d$L
zZ84WAFW4p?TXo2#YQc)BX(tlEuSlKkX_U64qPL`KSzlpWpQM(}+OX&DSp>b#-Xf7!
z3&^UDX>%hrX5y50t;na)YafjIbPm(Z|4Iiu<DWQV>tx4KT@528Xa(Ef-aE}F0E?3t
zT0i>5R`(+V7&b}0Sk+u>k;GT|2Y%SNJRKInj+sO6xTFO{-m<FtPMhq=keo^~YytGW
zQv%TmJ7sQrY9#bPY$Socqe7LKwhrX8%M^^Rv2*ll7Qi)IVeY>5H8HE&UxeR%o6zGL
z9mVaQaKP?*paK&5QS^<C>REQwpFrOg9PmDq5A#`9qKIBg0dp9m%%MZ=EP_4t&Dsdy
z&W_q{WrWF9G>4+9%cMk0xSMId=o(RJ_X-E&(T>f$Q5*Rld9YRhjNl1Y#nq85q}M)v
zg&@9Od)SUmP>zl5RMb#LS2HQ4wbZEEozDG9@`{FOcdgpTU`F;6T|tCe;ps|l!Z>!o
zO7b#TYBhgF0lvDcT)3?u+BZ1?J1W0u-rHa&JuTXUX6^NN|JZ{V$!o0$w=TJKe(?;G
zpMOODDl814UtN=W0A7YKDTXaiJa#l>PI<Id&z_9ZOQ5kb-qIno6s%kF=MK94C}CMr
z)UM9dJEmR%_}d*MdHL!@G(*t<JKj*mI*3<QmDWWMJAyaIYY&s2&WS<x{LKX<{&RDx
z4*oHE$6Jq}O`jhn+@rKFEZKU;L4D%?1si+~fVpn5=i|<1WzSwIyuz$H?*nrQW-9Td
zPTH%TC_=mOG2Lb@keHWrb;hH2#p`__1q|B9N9L+0x7<3%f^L|6XS+#WJ&Iy)iXTH+
zp5Ad*8zP$fPoSVTF1amk)9g%vXQturg7u=0E)=vO;<{bUU#=)Pp6*wW57}Ykh0Pzf
zq)+*BJ49Ny0pi_(K*7t9Zqw~g@dbvB>5lf?S~%ozpaAF~0{5NRB(JFd#x0f#)cFyl
zN1sc7I1n0gm{P;FIj%)Dv=2_XpxcK9kBuIOjCdDxa;{dPhI#)hqEw^$ZjbzpT*p8}
zTZK%Bij5RLO^8Yh39%r;S*71Wy@l#GVX=rcad{?YIq8acaZ6}jCkuo+O^5cJynb1{
zdZTiPPucI|jQ$B%&oVHS_XOV?aRV@)%Vw07>iUmFjNH`s-3yM8ZzrvN7gTdjZ1?;c
z=DEJ#ku2i<*j_PgD7Mq#v(9D1V$x?Q<S@Dh99jZiTIk<+>OC5Q$3I+m6GGth=ZALt
z8fQ(;p%jf0X%Bm;3(AO9+B?e(wJg!X<(K;CYA4dVTnBZlVtw8+IefFlDFfJ(t~-n$
zfO*e2*T&S_x@UmW1#Ph`H+`z;5u{O!PBg!7qNBd3?TprCY4X5cQZ-ISqj|(^+E0ui
zUe~Q+8U@b#g*V<l({IjNPgqku)!u+syQ$)J)&69xEOB{WmS%-dMZbjM?AQ1CD9Yfu
zbxG#N>f83uKRHr-pMvMcD1@Ho&uGh+m8x;ISY7V2laaY1N)^KPvMJUDx$m%;FL29f
z5B4g41}m&Vj-kK|2zXH}8i$Y0ajsmZYg~QTODYpymr!EwFxxy?W(IZ^9s8e5s7=p2
zTcA&#;~Fl|;pD!DnP(dN-hSH3Gmb?5InCME_jHvFXz;U$pZrsRlfH*T^=+P5oRNHx
z=LA(4OZR<Drzk0mPPsAF^==YWo((v@nJx|5o9`gI)E%R8L8|$TgUS3V-%Lgo=0m?7
zl19}>LM1^;RSYib<xHs~`J*5wLsTlFLwwrxi03{rV;HG%CGm$Y9$Plz)jcc3!2a<4
zXxd03KmV-@&yIngMw1W~Q;7fTjep^8N>865pi%HHyg6!@%w$(IsG|iLTF1oM%mf)<
z!?XH5$7n1Il#YhUMMCv=idR*lM#aiEP1h&paz)g#{@c>YzuqrjbIFg}jXVP9#DWTx
zzdSVWCUvt(fr`7rpcj~^X6dLF)6<ak&-@gy&EtGi)3qX1`FF7=cQn5mjuA0Y)m!G3
z60>6HFi;+|#$vo`s`dAYfnhZV!Z|g{nW)TguUi7i>NJdvy_Zu6^%<!2>2{riW5huL
z;<d8pqf&|{oRP>iX2kCQNII$We3lq{A>>KygPv*}{1OkB=sj7-)9zl?e=vDn@HKkT
z!}qjs8(o3BBE*#<ztL)5?zJZFPQ*cg2>Uc-J;8{Ud^uxvQjqo&V(D5aB0ru+$Y||)
zcv*!Eex>nvl_qRg{jyC&4qx(Kzgfg&lCfWw(6g60WvE7RiN5W)#TU4qMzyY=hcC`y
zmzyyGijYyvFvguu<MelcVc#GsmJNx8q)Y0_YAdRG7jwEP2)dt=YBMr^RkG{VM69fL
zRnq^=1pMbi8}W*HIHo9wN;~4dhDal_5N|O*SxY0DMmx4CB37qJ@EY9UW^cN!u}C9I
zN242;xvzN&_MT&5>))j7Cv&&!3#gQY`+;3&Za+tkW-PFSGRryqC)qyCozVp8wnO*C
z1{pJy!jMJy?A`H~OT?`UO4w%?XZ97bM}nJUD&rAZ&zJ?xXn(dsYN(d$4(9qRfFu#$
zJs!+rA8ml|q|%{|<SFW18J=8lT)<Cu%IKPZ)!YYDXM$g<H}>%qNDvoGo%<LG5d}Qu
zDs@VUtN6tkG|v8hR)5YXLa&U$NiAjR&4bmk$!rvR%q8-u2~(~L%gIlK$;QPHGDo8v
zNAn#=%Nz-02}h(1M@;&)*F8c3{&`njNW`Nn!K2!@Z>+!XF7Dwj*=6fWvVi**`9w6x
z>~CEuP}U|qfP(8FG>=O+cLVtmn3the7|m!_f=+&1U>%_P#fnFfl$S|AE*!e;L0%1A
zIjK}Q!o`c66ouoL-xKxJF1?Syhj_8g8P<4^_)kdX^gAAQU|IFdSPCH|Y=yimc80vW
z7i#eA+%;2WIE5l~PS%2m&9R)eBKX;q?++_oBhVcqlnvZ#i1CZP-8T579`;f$r~WfM
zx_mN}UwL}es<cW~o@%-<;a}t&4=0*;U|cQr3yQWP`N?CvcicGJox0dcude~%a9R-e
zxy0XE7)A7_EcEqeYpIDBED#fISkwAKh)gdsH|^BVbgiXJ@Hk3+-z|jIbL$6Eeg1Ev
zR@`&u1LW+8WPwZT-<RN5a%HbAn)&-p!)Epm(vQ`Ycu+t*Ea`?6$<Tv=$2v3Gte^vT
zCRMqxtg^%Xz2j9or=n0%&#u?XoVax*S|Lta!Rp$r=Di#7yjBRf<O0gvFULsaThl*>
zY^sDzvjH_<v|eQg$3K_5bmwREU(1dXz&u^<e=Zm3MEg3y4jD88-f7-#KNt|EpN83W
z-){qI$)--$Fc}ic_CCEzd3dDd96@PEC%~}#QRcr&eSi~8dwbnwU07L<nZ`A%a3lV-
z32%zUC%(8}Ep&X&p~J%gkZ^$d4zr`;AE4(F%*eaf1B1f`9LX1~A78K%w9cW8-bL{s
z2%?_*%#H_W;C^Amb;hoOM+4(sd~i2AEU>Mud&3gZ+!8Ui;{rMs=Hi-eHPMf)bcTUM
zxzYvA>lqF5<;SWHIHm4|HEhT(mhQfnOve%coE#y`y?-926pnbFI~PUPZzkmf@_cO$
zAJa_zdGL0i1Gdlfj!bA1xnm$HcI`nLO=%OE<rQ1x4KhDA$XVbO<Gy3PXRh8SGU4?e
zYDL}@*m~m?Yry8zc%VW4J(19C-4v?ThtH7Eo<@J1P228~rGS91a%-m2e2o43m=-Z_
z{s54DB0>F){+KG<qH;$u|L&5sH|%_%7|%5;hT``z%_wAg_($kn=`G?CRTxetEu*o7
zE7v;QF>M=(c)QyG(r8kf$d)H~9RfSr*(NduC)NkYMOmt;CaI*uw*gP0TzY?r%xC!v
zQ&&xL8cu8y8Dt|{=!27r`Cjs_R)0UCn;TJD^8E@9EH==tdzMBYM-4G+DlHqwo~*+E
z2jtWsY8F{^4>b1tTlgm(7tuTdre+(3fDGn_<1!#E2lhx3nT{Mb5gq#7a>O*2&M7nJ
zDR#TerMM(d6tHEU<X=nI#ZFyz-I_-Su_?9E60_0+a|Rfq>b!lKm*@0);N+Q1xAp;$
zH-Na~hqM$5$Hr&xi5v>sF~Lcg|K#avQ&s7$3mXnR*fUwkGnlr<B?>-vu~`*H)uvvL
zjo--AZ5^qu%M+WkyOx)xrX^zv(eI7Vs&J_dmZn)d(wP|3ITY@FqgOS59Mxu*yt^bA
zPCHt_!-fC>b#j0azrtc5U}3R$9uM0=pNgYhCZpeF3C{_|6^F$RmvP^KYOH-oXSG$P
z*(<ir%IEjgCMF?57u#OUscx6>q@D?{6Rx(??-<wL#*=%zQi3Wd)o|BO9o%0oJIS`U
zMJjB)Sa4um;OsA0Ofjn2-u?;dYfW|OQxLWGVY{4-f^?Hxg5EaSa)-@7rlq7~UtCz#
z#uR_)-)|cPr|wM~7~h$L?~?%^fD1G?GnO24{71HH#i(A9EB-|c?Hw7nxk~DQ0o2Fv
z-;(>htY#m{WDh&2BS3A9fTHLS@M_M1GH}>WqFaF}B>8@Vv^9?%)Y|CZABJh;`W6=g
z{z5PmW_X<e3VT(r4SjS3PGUO!GzaE5{Vdp*d9)$*H@A0NM*8+#P1zZXkgyhL*ukuu
zdn0JyU#A67GBU^7n9;mxlRI=v{Fut?NM$u{A8UXg%V2@a)(k=&QXcOFJ=eX~402T%
zex_*1N_zhu`Euu6xnzax`x8$<><a*;z05|6L@lPDlh$Qd7+Alq=60ayETJ2?3ihM5
z2ie4)**Zta*`7}<hx$WL%GkgUY?x<RGg|fDH)SNs69~GUOnYaYtr69E5yndA2U`|3
zxHpMCd3bZT-J7lj)8Dhb5sF!`MV`vMM6pOsD;oDu9ZMpVb)}Rw*PwhH(A$@Ulg4W=
zP|^K^r#9h5?fZ3P*mJ9Y4a<MEB3BSt(KSpnnZf30J&b7ODC-I>vsOOd&1o+rg#Sm%
zCk|vCJ#4f?jg3qCHy{G+1+KCY_yn_F!Z$_iuab?m_ApUCPA$B2GyZ)c1f6j=o4Y{Z
zb5B3KVh)%=4w$p8uL2|{_=)e{qgEV*_zF*gc~4hA=Frl?H1Ds_pW6;M%}sD`kq`S$
zDXI{aL}XD}%d>CoEH<)*XKm5G!a#pklgWmlebA4|2R{b;{cx5EI9lDG`ZUurZUR;4
zoZidJ{kpo3_?DwbNeLrQqa_zGy!*t~ZT7PPP%n{bx!?Qx2{_BIDbhmNt)$_GR6l#_
zr_-k(fSyC(ZZp}!xIOm>d(Bh!o7vsy`M)m){cE$)_>Y8tUSyg7lfe>xAoC{J1dH~_
zoyst-A2^p;kf|TxpJsB`aG(ms+nAu`L*4WcQc%wt0h>iZ3%9TdUiu=IbUB712pw3r
zV=Q>7k@Hqxj71kms-X6q6cfoyNYFeM=&GW0*0IF0g7IezGp<weZ;-4m5)SN>aKXF3
zU|IXSOMI%3=waJ;5{gpxJP|z`l|^{>9F(Jy5{h0Ft`(otr|#Rjh7DQnxC0N+{INVH
z9@4v=`?FV0%-?W84H}Ccn-u<W6lhQBNP343^rz(hhKpLZpGMde@!b`anITFpI9#Lp
zi`e_%N)BAE75znxeee&QUuz>s&vq~(slAeJ$rJ|<U1yA^`pzco5++KuSArn5tfU0-
zmla-Q{#pISt$lD5E3R99OEuj-*pC{C|2Os>0gNpRGuv(}`qF6E@4D)a@n2_@NZw`q
zgq#`IzOqYWtF_~=3e~pbyE@XJM)WdlGV;AfS9u)L_c$@G2ZZ3ia=(5aNnsQ9oVjo|
zSO*P4?ImR&?LOHHs{vn+ET;qfA5%GuTe3?~E}l}CFCB!{2-hL(4O{GaC`Ok}n@8)}
zP$Qmy&3^kvCRWRP(gs`**QB|uUvMTB%qfWNq;KQh!3po+H9Gxh?fWX9tOsgrLhRH1
zT2ghBI|7$5>Ss8Dwovi#ieqxX6vXXqtK+eT^h_-FXn!Zz_M^X%AH?a7nACovdGi#1
zd6W%18hD~v{}MiR$P%>I=gI(|gvFPL#YnwS;ql6x`(_ZdcjwCBwoYwlh9;Ma{rX1Z
z@|2E#WMI*+MsBXDzf~|@<%28fLiS2)0e*U}Z|>PinQfLvY>}=;JF)F#NL4AgNn{R*
z7}>vIS5dxgkv{A%?mRp3>;2hi7sV#EciB|l(X(*t-z@#`messno>Qf5%yf9t7;wJl
z0O=Su6|--V9_ko070c|Be%K*FYfyg{${p|}v9SjGf|Kthi>Z55bkBs|8W$Xd=r?El
zbkbhW>;2vudGk1^?*RuFkZBJgvMCtDv;z|KZIa9BdOs1XD-nr_@(rc+;ubjNEJ)KP
z&PK@UQ$Y0<)JDjcNA-M%Z}zd?f>c&$02>?Of<Kpe{k3I(QbET4z+OF{kf%FwFd^FQ
zZ#7AqjzL)U)5|raubi(;nGV0jThIW#q<_4^B80*$@r`bpzJz(%dCM$b#w>{MLZt6B
z)db(3(YBWS5lbDqO3!^CG#l0N<IxWsJYO4|g>Om0_5RHu2Xi3xek#>h$IWwLSiMGB
zv9%S&6ZBz?wdZsuYRdztk-E1eJMtD7A}f^8t!ZU4$ZvHxt=U9JV_qWV$=fnB$Y|2i
zf~WoPkH2;!kZSC!1tl~nzb^Z|9_5_7(}PAghj--(Wx><&)ui*l>SLBqa?DzN4r>^H
zcowRX)vn%mEmdEnUl|c?Zvko{88)%`X?vEfawbvP*2|oOlN@JhJC<o~OgHSlq&SaP
z7vjn8_+~E=thAi(U!V<dY;!N@+Sk<lr^GE_S7rW@N(n-dZAu`#nzX)6*+#ro>-#@k
z@VuHdDPr9xy<LVvU?6c<vLd6N@!A-^uKzj(91WwyeLe|&)_g=Tj&gvJGJr=w?d@s8
z+JE4(WHGvO%t;Cjz91UAI-4+btL3>&>xWY6xN-KqEnTnWb6h?SC^8KHZ1ml{BcIPv
z(Y0HxYFuE)yw?V`U48tcp(Z3U`Dl*lp)?JK^swRi-zGq*!z*=Qrr!oN!@|W&n(=b(
zZ)pB9(V?yL<>b7Wk@HQAWT&CHw2pCVoY3@Qwf1Qlw}NdOOw}^6Pw)5NRd0f8dAu>X
zybmG$s+0%Ps0dlkJP($RsaHP}i(nW8iG6k`RwpsnX4{=Gjx4R`KD5f(WZYGh=T2S}
z<d@Q&0$d;z{YJC)!O7@Tzo{HncC#?{n2+&ZIxeBl?RYq*5<-+0AG&`O5Iss}ZKPi+
z<haPe%*>0Ibz>B2?y2)cY5-3SF_wlzj(wi5Ffsz^n}o{>_l>VfU3fyhFSfAsYuoDG
z+Rk4050+4qXT$rSoAlmz)_%r~4lzwIQ0u6@cfS2Af$v`YpI4gFn_vtUVd{K~Joqmg
znqX|e&m`~uZg57k4C)V2^}dO?9<G??u9$0OkmRb~JMO9pSqB8a+x<BeAEJlBbS-J2
z>SKZP9T9s{!_0eMB9F;XEz9C)m|$NISHBx4<H~55<D2)g<Jp}#9mcY{#ST6#U*bUt
z*UBdz$E8p$+U^A?VIxE0$L>;ykr9I7^#`NO$%%-qkzr<)FLBD@Xj$FFLZC(`YH|O&
z)|_XSR*}4B(O3tcr7tn^`PK2u&Pg}SN84pT)Y<EuxmdJvzKciR%P7*S30yzao2#9<
z)RTj5J7L4jH9yqTOJ|V^NYA^9YZey&G3ikCB5AY6ftHc<wXY$uus?#&i>IsMwfiQV
z|3`nO7BV6=iW<6LvY#Qx@;C0rLBdrN1pWw`Py9JFuSOaNI^9V<T@(!npRDiqUcj1t
z8^SASLmVBXca;#|%A;4tnP-ZbXZ@LHhQj+I`HKp)jEjq|6GkQ1ndk2NjK`DI^-wO?
zeTQQo2Q;6J7HB&MbH5=DVf}Byv(Mc(tYbHyPOg4;C(^KqtY;%7eCo=%)x;ht_#Hs7
z*)8ag(7wcy#E%tN1x<v9u^G@$i4un5LdG!#6|O`OgLNpPnFA9$Hxn?lY|Yy42zzhC
zMqPB)3vc`GIn?23i1w3AXs9O|D}gh1rxY`93+>S<=!Yn(3*aZ-AfOPImz8(Ogosv~
zbhleKbB(r!{(O{R-QAMgt$IOoK+(Ml?dK-d&J>F#931~9#_1=U{6eUIdq^Y#^<Xw~
zltaQ(kqcu40^ekK*v=gS(P=hz6m8PeZe6Jeg0q<b&`-F|cWsPSY7~*oHfxc6@5*mZ
zgzu)m_Dl#I*%kwhf{CkH_IU|VzE=$L(RY+Al3~z!UI2@FIOktYIr&h?Q3XD`k)_;f
zv7Qte&kHNn_+fy&-iyQ2TP5KtAX!!^t?wocZ@|DkPbtD}ku!7z#w%+PxiA<QF{0{5
zLezYJGVc6Q?5~vYp=TjT1sjf=QeiL);za+Q{gnEQ02U`kM0M?EGvS$Hn+=R!>~-%A
zTvbMx58;b=4P-0{8Nr)$kg}r8NxMU!023i1JL5gWP}IRSpWFmRpgHHL;GKL*zX)9w
zH0NO@ELBlyD=zNX^e^nb{8)g_lXYJ3`c`Y>?hYRhtZC%rf4;M38IX%+Mc@PRZjSr?
z8yx9jMQ{tfs=1bHhM5e7)Lff3!?5>`n@S4j(Kl<sylJ`=`{xu7JSbBVRZE0jk+a#b
znUj##;bRbzDoODu(*{LHzehK?LzR^tz6JO{pVn;=%?BVzO29!$N{Yb2_4BXy0Jqo1
z668nQ%&dxYQapx%HcRP+I0cDmIBC>LG$o09)a;x<H8}<bmX!PF`>}O)XH*35jf-dD
z>`6*Xi%DHui+SCy)Ftm99i>>)Wyn5eTD0<|%vUv9b2b;0dsj|r;X4l=fB8%_Tmz#!
z<^XM_K%c&id2|bQMjv%lYS<7Yp9BHb`F{#NH=n6*5H%i#nk&fHEj+d<E2VX`Blp3)
zLNvcHYsCOk-_f{*c2{ZvSXxQ|Ec|QGuxxtu!XIVu^;BrD1e-4F@AJnE6IBmjx0%-0
ztvY3>__kb7dM-50fwwG+fzL{iY=A*G6>r4U*NCQ?COCPE5DW_tAjJ-mvK@=Yc)L{8
zaTcA`q+_mS%$+gCZd%ZUtrOnF4yATJNanl2ul9u?#tKo768I)r&Ni|~G45GU@1u@2
zR=%?2U==9`G`zi=Hx^d5WN>NTAS7=x<@9u9&ctv<Be=Q&zDMTB;H_PQQchskO*0#z
zZ`yOO6<@57?qY!e6wis+dAOBy-)f*SCUa!%eaI^-5MIntQU=Y;{+0ERAM<>MF$0}Y
z5pk1_X4M~!mIxKsQ5auzk&t||lRK`Ox>kSTYr%@3*pDwo_|Q)db5vhu6Q-gS)sT%y
z!1ZJ3Q}3lTTj6QYPsuiz%(Gvn&`KqXwSi*7-xNMR6#_T@Y_K<avlJX<)H%YXI3|uv
zaIfA3Vm`1pRSOge^O#c?ch!|OwqMAZMo>N+-+f0!{HwGUc>1J8gxUYFGXL3JG^(^+
z&1oG#K|3Nqdqn)(K_KbDd%Tshp<HOY3K4D{cxZ!$NdHCLkOGVi&eBNC;-sJ{Xr**n
zn!ITl1wLXo07h+{$2PE1HZ;;Nb?gH@XUSJ9nOKF(QB9PI10Q!?emy?p>?c2aefM)G
z1|PUeETohpZMI&V6HLyLzZedl5+F~nr7&MJg&uKc8JJ$Z9}~>X6wnr|Hnk4u|4tln
z1*j*ZcdN;lGZq7fsu-$&)-mVSS9Z%uahQm>v{b6d-HZ0Yl-Uv;p+78QD}0SgdWZoj
zVqf=3$BJ+6L|cI!{y~#sA7i|n0DP$CC^;%=ufB=Q*@$>~`mDMk`g|^x#?w~XG}ROY
z-*{n?9-(ni@xuwBE>IGc(_Y4=zQt62BMa&N{zd4T#Om;vF*y3{$lQc;h3@hnPe=^9
zIO|=0@)?1pY)XduIi+|OYs=P`I|6j^LtKbsii{L8jn>RNzx<yI<P`a6a`{LM)+HSA
zhp$rIRMM`Izt9*{W+|cKZNGtl-$0+TzJsZ#lcxAIyUolPw}!Q$;$dn)EZ^beHSbhu
zvwAJSW?k8|^4r^p-<<Mn^-GY*#Mcc>Cwau8dFpKS>1E_zKHpYqPLHDeMey4*PPka&
z#CfTzbZVpb;$wM=7@jDSafyuIM$~bF-BGRzWh7soF0)(U8C>JEU|1N(VyggB>>!Tr
zAa;h&tX((8mZtQ03GEI!L*0v(+A{95F(ANaSAAVQ@FLpMCn66hN^vwY$gVE#40yhV
z2kD@|u3B<Z3CvXMFYw5?N(GaAbi)+-Nqid+J@}D!F0TBxLoQFs2KD;l0ft;bKM`&N
zPIlmKy25FF2w8H4rCcLTNv1gsKW^dP0W5rYPH50eX}=z>*jb&j<h+|eo0tX#_`UVE
zN=Z`&DN%CY*mJpDv%tJM8yf6<@rQbSibSl5M2v#$wGMQY+O9swR9-pwo74+MA|6GO
zL_Kzxw+_U;|KlvQ<wAzAa8fW@QL(;TQi3NVVfPVkV@jFom*mGbkkL~}S5jD8zYVsJ
zTbTG+n}W9opdq1zSa;kwDGqTmRxw{$v)9B;44YWHsJpQsRaBUUieC)=Qq5yjwP_{#
z#>sq@<7gYejBXmZfEh7)YPVcCJiPsQefmpV@!PFD;~5y^wI3;CFP$m=dw|-*G9RY}
zFtvH(B_6)X8t?t40lg`VxJIhBqN$#8&CEd<5Pe>zK#ujl`$DN)N@Hk+I;+Sootgk!
zZdifQ#f6|W1vsHr4(fca#0Tv{n}%{}PakzRfRDgT0&8bU_n@r;0GKZ4W43I6c!v4#
z@Rx2&UM(;hO!D!P+frju#A6E~opK56(FaGj89GEdw89Fh#sf0r03mB-wi%Qr)1n=m
zZXO?7y!u5<s%nNo|Ax^*WkcB<B7@%s^-O;=8`pBAR`cj|?;5jhrJF%v6?zqlyCKsM
z(<7xka8fR&V?cZS0mOHXBX*<%Qsix=hJMf(U)!>SmBwM^x7FX{zH75SQchvf*r#JH
zbKn|$Fp`L@cDY0<angRa{oxj=611zBL#}a>e)Nx1vrHRR%2u##K=8fH_O$R%mbLcU
zV#J?3+l-BjOEKr5*ned&#EDV}AOH5OHd{v3N<Cu_mq@)dtaS&)OTpc%d5`?O(v;Xa
z$j8oN=%_OT!On)Pn~2rhupEmuxe)ClLX58y1x@aBW!ubu^8IoKTW(-x5#}%rx6$+i
z`RVcJ6*CdW0rzQG9}%^v6?r0yjpLY|&BkUZ#;cvrS}(-KOsldv#q2jyeRi-`=vv<B
zun5h7z6l&1gs(8n@%J)^NxN|6->;__vy+_qVN|yR(F73-{M<?-cGt!DaVay*$sebS
zg{g~Ge^Isct&`Kl#Wn~sYU^gTQn^%9$+>kl5BkJxgx30Fkfj1pq!-`tCc1wS>XPN(
zCgSTDv(?hz7I~b5>l_pn_%uzng+IXs`xm80Wopj*^@4=c@aw+*U+7!njM4VACX`$S
zLd@-ZhO2@MN4p$9$v>q3LRcfhjWiWsbf|^E3-D(xB7*g`=tff^mwdPmYb_OhmX2V$
zz}AM2CKMBH+>S-H`jpaGtd>@!l9IIJKre}Ea*M2G^z#M`HBJ>eP#WF$QYlHARoK>i
zbXB!Jbp;C~6a7CarJjPns@Wvv=T2qGPvyw*U|L__*)>d=uEvk|8~U2+qX(h?L>VG~
zB_KkC4uK`KT3mG*F72X)(oGxH#lukP7b$3>Nmm-H2z~3Z|5OpqNqYXSN0H--9gE}o
zsUm&Ublkx`dGJpY33D{I!_j|2(166&&$~q+sq5CwlhOZV=UV%1eqpcX#XbtiOzv`2
zEZl&Q(@;+z6KBdqbCi?RrGdzaZZlt8FxtMfYlD=_@eBQFTn4fg|6(GhC-&O-(@B(}
zrg;;iPP3vP6Hd62Gc^#6?H)##Ke_8pzB<s!9`JV=6Z&BWXJ#z*wHyaBzHy2(I<`Ud
zdS(nmxPrNE51isgAT&Nh<n}bPtPTu6L!@27xOwe?7jjTqT+GUO$FtiUM+GJGqu*=<
zqqv;QSpAF5F#>Qo=233xk%(f$u((jjpGg#N8TE_UIby@;nOTQU!olwixf-$ME0Pl)
zl~yzMRac&sE~F|qv71=E=^J|uQaeMr_+-Aje#Y|INBKDCgu(l>A?EY&E7P)-7F<PX
z%+g=>TyM+TN@(v&_AMQftvuml`Ncj;fzZ)R04^UE(b68<$mo@TYt9%Qrl|q8)NsUi
zHNdT^q?E53K=4DIr~zz0l)D;WK@AYqV$NnmXl-mBrB6#MZZo$In|zTh@OLW~zO?{D
zb!JGHmYX4xHC~$JH^-$Rfr$Zu&dDxn0S0Petad{a+o0{9LDJ~Gg~m=-`7(oY0o~<(
z=I-^GnnJ?9F2U9xMui4uPz-Y(2b}?8MO)bP=L<29TI6AIjRZLZgirRBK;faiy{p_G
zxZqW0s;K;N6=_nUOKmu}h7Wo%+#r^pYh~SkN?W=<AMCxY42Q?{hKLIs;Ocw%xW+;P
zDnU1u6bH(ZxK2})2lfU4QrEq|iL3s4mbA{7qEDhC=?BwB$-MeUa?P_E<!<4V8iRa$
zZ=+B`D6JUZTQMSTRzu4xAc@*uwiMN6ts2kNI{QofOZ(I5L=ViPPE}#g|MLD3^zy{*
zG+Z-Pg+6ChFYTj7ChaA65qrT;ooiGtpGfA`c64gxHqAvb!__}ymlw|1b&;rFS|xH$
z?$7TptsZBMSFF{wR4}BkXs@pdWx-n&Xuds)QN!e`RlZQmb2SxU^Q9&qxl?{Vp-Eqv
zM%r(!ZEC|<Km9O9u?3RJ-c7OZ?YO}uKVXH|0}dFR_nn*#t2V17LkO&9GpBO+$peJv
z2tfpRE19gV{GtvRHpbTO;O``|D4drD?qDI3BSIUp7YwmmX~d@~WteC|vBOEq9dVTQ
zD@2oiO3-44a<4#hZ~K!)l5}5<I_w)eh9e_ZtVTSPsefg%X!7kPPYYdNKhtu3hUAGq
z5Asw9k9=fOhWJubQDW6BE4tT=NgT&6RS_xq%L5|0OZyKY4)2BmLBtwC#K>A2%j;0V
zhhA(!#Ht&z6QV3<vD!khQaIvcNAm@A(=uUi^tVG%5pG#c+dLh@*FQ-UCr*+l0Cgq;
zRI6v-GAEXQ(F?4~*3&2Z@n#VDU^^0y<V&p!__F{9YDHDwu}h~Z)F<7Kk|u-PbAhGY
z&4gXlu#&$Bi|cEWAN%wj@o!HrEj_5#BDA-p6|%=Yai=t&`NpwhG{Rw^&dS%~rYToN
zW@ShmepGI{2$<3orY&g-5}{bZoN=~D2!>id7{@&3habIlMt@p1y%VujIT*$cXq1cQ
z_$|EO$6q&2yD#aEb3nf)VR#GZ&Hi=QYS^<)G!Uwh>jfJ2jBrll`aCyNe)Cnx<}tcr
zVw60flN~HFizTogv_M85kFb*3^G_hf0)Ft)xE0?g3E?@tr^v&R6-^WA1m3D@Sw1w(
zD-J<{JB(m3ICyN6iiF4-K06K8K2=iR8pZ)CX{l8Yu;cOI<c^YzOs^G${|%@{XJ3nt
zZ^cDh$Z1%ovE6Xxjsjng%>~5pCAs-@I?hq)^C|)QU}CA}E;EcyKO5#}ffjN~Bf+#L
zbM>L|*)DZ1^jrA*0KuD>xrjv)SPc>;9r7J3>O7J^WOt(5#L^l6vZ{#`ChvkZUyqpm
znH27jlhZeiY}z)YRR1Qeh90-0utmUabILHlkRdFd68!Bi-_${$vItt^_43z#SlX81
zGVNUrQ$Cmh=!%ifk$^Yp{6M+T<8-C(@&(o}d+xdOLnTm&9&ZC;6&-uYlZ~(uMH~!h
z*=g{31D4ka<Ba}v6;RG-x8AG0wxhc)6@iHYCa}i&e|EFjcr|Q)qz#U7Dg3=JC$=(x
z`dg7Ro=|V!P?%J#$^MB_4Ebz49(Q;bvEo<a%iBx<24mbt@^DXW2B)WMs*Dg>e5%Yj
z`&WX?$Od}Pj=}<&4Q*g-yC5VIc{>_oYf%UP(79f4Q?Klri@Dr}Nz{;`XJo`qC)0}>
z>t<iJdWZcn7>~iznY-I<urPJlM_Jk0-T)%I+qRmz!of)?`@%W&z7`m8mQ|tZ3?aLo
z!}_G>uNTv)jCAHuX1Nx|3x;28T?x8rU@K{pFTI8}F0(_Pb|1|jX|!TEVnV5Yt$;f!
zGMnB=OT5|5cK)<7KxPoV-9U)6GVmm@cv1e?USLJv1wqInvisDiA?gJq+e$xivy)`-
z2*IJT&UR&oT46|1d;)^C#>SpfZ~Y4%+X|@_nLgPeGXi&I!El9rfzPcljlZxxMW+r9
zc)F8F2U>14;#j+K%_m<op;pv^BeZNzrF#jo7dSAMlX<7!JtITQ@b&in0SuYl(|~2%
zevx|@F<n0Lq0_R7kqMO$bt6uuQP$^@mLt&8QD2?s9#_mmsC!pSxFzJ=ezVsF>@ASa
z)D&2q1sV|?=40}+Py*j%nT@B)0JyNP1(^JF?5`9&q?N!$f`G#;`k}^IuJ-4_w>610
zPcI+UJuMERRujQtRXE0SQ<1XgKOtRSm~vj2^-@(<cx&OT`M9FCw|_zqIuNzIt}w<J
z2=?!3#*P%Gyu0#Dj2yrR9RN3G{=-7X<6Ie$GU1f*z1kL#qAwzyFX+_V7m?)(aq?E5
z6ucw^`ZO^UWSLWd;Qa3|<}V&Y>@um2PaItgHpZiagsz{RzTl=c!#0FbT3<7w5cl<p
zX{@ljqF6yJt;5cMVW+^UH+EoeNGAxI#M3z`B;kKNU1d~TO|-=d2`(+}PH`yifdWNK
zaVHdOad!{y?k;U{innNR4-}_J@Z#?B^1b!e`!#Fk&dHsdkvsRyK6?j1`U24WdpU40
z9tf__hvxLj=^uzHE?E}Z4$~@{zXNTwBkDZc?6|;|fzZHvtVNOsq6tJ(ny!#Q7s!aF
ze753oM}oH@L(KAJE^vgjw_WxtMzq<96G(m+#ECvQU0M8M^4p=KGZmLS44AXXY8g@b
z_O;bO&9dhT+oqWkrvR7Mj$9h{==!eFFBSiVRR(K#%4tsnny&!#siwpU#UMn-X57PZ
zd1pti=;cY<GhylZn@NCpQrjaC@W8fI$Ji$!|NSB}QR0XfB$#k&geNI~yTc1Y+U4ah
zltEjQ`QLWQv}lD%MSAE8Yl^QP1qgoqR~=Eo0p)}vq#fkW7QXN5=<joKrya4O%|%9J
z?b}Xv3!^U8gJ|vXi;ieRu9fLN3P;wZD{v8`%+j!EdFA5!f5Tt!t+cz~>&Qo@$_Z+r
zW_c~HChfMxyk1JOD3)6_!Mt8M2sF*Kpb|tbGqJ!B)?Z>?f82z03G3r?U#}RtFmlNz
zzWFW@l@(USm-!J~$NKCV3Y<I#)Gn0wK;lAyQ|gW=hb^O43;Y8?l2$~gyJk?DP~hf*
zeVO@>UwdphLHOJgZMm-Z%(P~JU>v%4QLV;0n^Raq$j&BqVj|1RIY9%m0AMcXR8F-S
zQQ}6wM_xlm2auEp0!wHp^J(yJ1@3M3>qyN7nKS~2s6d$`i|F1B{%t@~c)wt5!_lTZ
z6^M1+E^F0J$^pfteL=^mS@Z9ZEWp&M+0U{0A}6Td#4bW)+0x;X4)ILOe2&c+IY9y@
zb`!#=zx?^}GiAOf%GmtuiK%w)AMf@!t1C0Zs%a#HF$kho^8=#DAgv4I(&!O(f34Ox
zv7uI6M^zc`;*0P+k;^=*h5)mNj59)o{`FX`*)qZfGO*6&SJ>Vmum|87*S}Ww6`gRc
zm)va2!ziMY<lO?=$15~sk9^J1-#-aPs$SW|{cJSg`=%rd43>SbHXcEkjs1oJdAPJP
zaUZ^HeP`%O>eLtW?gIC!6pAAq?lmowG5c$EA*k6F_4NEBv_ZVVQ3z=Q4Edu@*qA~Q
z)D=#Ii_3ymu#B`fFNkziz<evE3bUsOCXvTyPM}>#5keVF#l-Zo4=B*8H%CQXs*96u
zNP-M701aN^x*wAu`r^};3{K{Z@Q5VDOewK;KnqbI2$3f+*m6K?1g|s$>Mw+R+TCt`
zE{(4iuQXm@I%wQwoIXnBY1R9*gSAUmSV0#W#UTd@1SY!#CRZLMz~K@ga<0N|(_hi-
zx-akOGUo*|=lQtI7*w)+UYUgRqQ%nf6;TAse+IaFm9EMcdSQb{Nq<gMW|W<2&<S{n
z3J<?o{Ww<VPO5AplwLL56!jU1kR3lzF&N(AV3Ag9)TUARE~=&i@uX0&k%-@#*-<Tv
zy=8r_ks22HUX%&`B^v)xG~NumHNquFTXpBq*JVAUCo4hy+>|SeB9^5umW6Z*Z-oEh
zn4s-B^_AaW*yg1)CvxZD`;7^X^#{JFv(t`!@U}0G1n$AR4?bBmFFrZ8k#mvIA3us?
z)sDFp%J)l-hrf$4HrCrtug`CU?H7=%lM0%Ae;z-BkPKkWDhqbxBK^4M%z}((fvz(6
zfKnDNvk!TzujJVC`!%f6xj4TH;qwFs0nw^Q9Lz@1pkm@1Efl1e97UrIXh+Xng<pt^
z0*GaPw_`1&zxNV~F;ic_snXVwv6rq)?N@U~QeVQ^Qe{-hQiRDLqj%;g-exPHAEA@0
z(a#jf!KOV?pI8WdE)*YDy4h0zSS)8}ruNc-0YXlmgz$aFkWL#Ro<k96_b%XmWTks?
z7cl5$vEpFnBM5d8lzH(Ia^lFT6Uu>YT&(Q;%e?Pd>7E&eSThqDJlaT(*`58q%c(Y9
z#4##RX%)^Y{ET;c`x>;y2GM(w=)Qh1cj&Y)4X%3l*?iXCd{f{q_=U0aC{Q%4&OZ9K
z*_1EL=_?|2RAJiFyhDnc|CgnRT95dUDo@S@QMsBz=@XPY9;#dw8K&Od<SOm;u#MuA
zv+h7{^4%xWASva9Kg&mc{5?`KXJc`*ATt#t)bsxQ7JR1_lB7q>exHmi8S?Px|Bs!(
z9ci3<)LYl3pg`%?_H7UNW<A_7=`_S$UwU?c`J>;ix#U;D_z=fL{CNQk#X3TJSL8Lz
zjk_MU?#(y}!QOr4PyWK~J3W7Kb2dW1z7G-Xs%OC*Pw5?Fxb)5Gzj2TH)RFzF%C2gT
zR~S8Ncc;F6ky@_ccT_COnNjtaqVs1j#b1}Miwie`345xdzj5>!NJ%O??>;3XAKeQU
zD&ZD^aA|%7qNq&Lsq7?S79g$d;9qa!LqSr=(+5ZgL^ylk0wj)%^&zH%U)@i5sg6#D
zGkG?~jxe?i7?<u?7v-mSVeaBqa_25U5u-V6b;GE#2q79p^>n&f%J*t+d1|j~r{1?g
z5?r^Z-+tJ~6%o%QXN)S-mf9s$+lnsJ9(Wfbsmf6uohScYD9-mE)ByePqjl89uh}e{
zv2A*t89taNdC|=~-qu7nk2lFJT?^CpYJZ--sW4c$_5e1BfuE8s6^#$y2x{<iUhKSs
zR(yf-eJdvj$Y$oybQdieaSI{9sBNeq`AtRt<>H%kG3`Pz_KUwJ>QcUXaLpf}eK}F1
zYyrw(IT7yJ&}0Eh(>Va{Z9c9L|Mq(&SD^?Cc}Mn;01Y_MAG37k)%82x!j~tu#3TjM
zR2K2i_2%Q7RRK_blTn687Im+IPwzGL=6m_$w+L{z2`JygM!W|+`Wa+L`0a>{Te1O@
zX8eEv{!(i@UFKxE2n@}yns728KLE!XFzMxnUi5+uC;MZK@1p8#RPU=j;oEWKDW$y3
zk=E{j4qqVy4P#j2Ur*vIb@GKed87BRo;8E(e-_cDt@#uyvL9_px^W^ajw~amrZ=3;
zS)n&(cpx<uuxR<`7j|@_vijxM<twZ%BmecycRKI}Z(69fi3rV@>dU8CSZ)?m1+kOs
z<=9EDHKW={rob%9>zsx9v#D`x0<HB0C$c{b<+9o3*4UgEOV~X=t3dCw&=k^jRtFZN
z6~a^FCN0_m)QAP2{h8s1DqlW-_^SKgvl;P&Kaa2oUxdX`>=F^4hsDv1vs_N@ZnT<T
zXixB!+WCnpKO|_KkNH7k{ff4l5MnatVaa$~MAzFyv1!>EaTsnog6Si=g89pBRdKt=
zXmfz#w2^_@7M{Y6W+Jad^;W2>pEb+r5(l(hAML0&Pr7RnqF@zMn;fQ86t;?KoU?5Q
zGh)3=S%efXek%I^!ZCZU*FHXi@ZCjFQKu_lfU*d7?+U1Q-P$wz{TutQzMvJ^$vcvg
z&}UbGzX(|GOs$ZS9PkA!{o=>MV~-0Sp@cg|q((;i1YLKYwiJs%I9(xKRL&0;5_o|R
z*0}Hu%8<?Sj4tO_3JWthMS|RhBo<#Ll`RLyndBzlj8KbY@c7kyyv}ZewCoVZTI6I@
z%YI6$4sHK4!6v0h{t3G@@{-bW=bHf;ET0V>caq7kmw$BIjT@iPl-A}VI@r;a_Rv=*
zvn{70LX43F)mntT<+asyj)K!ziWP$E5)(18!kb=OIS40w49w?oees5LUO=*3cL~ZT
zQmm-WG`)5O4N@&R?AXR0kHw+Oxjcun=7n|Cr-fz6{`$O5PSo%mZ|K<P)W}a<=Jh-c
zpCx-FO*2I_r{wy)GTT=CKnHhdgP#n^_%WPcache6y{@Ra9i3KrzdOcaF-a1=Dp+tj
z<yW*<c>#PGV<8P&wNg=a_x!y^g4(}*xKJ2}eAHrIxPt;}diD6ej8v~ZC~=bECMNha
z46=_EMs>q}aCFnWxxleISq-7WK!h*ru^zRWE;@I$Pz_p%Y#LyRshKJc8M7YV9)qCE
z2n)RbVwzcxyo}h`CD38amSp~hSYoSsimd~{-aS`ZZuHxVCgePS+!?Q=k4NvpgBMD2
zyd-D2b(=vXK!20h9vtq=OMl|II~2Xn-iI(Ka@#7@tm7M>4<-KG9O4+)x_l-9`kKCu
z_TZu?je!)4anLtz;%&Hdi&^<Doc);X4(T}+MLTgaL^ZhnO6y7hew~roMZVA!S(m4f
zUWFb)OoT#w!DS|JI%5t(Pk3F89!*Rncrip$iHvY#JP?KicnR=00gKiMK}!df-mZq<
z01IMz9h-e9*^V9`=_Y-(2u{xlp~+0*zv<1E386aF2nh`}PP*K!q}^zwC#H~r7bz1o
zxh}cyy$t`}OW$MwjJ-=`33%X4Am#){668t~`u1}|x*+R{u8FdCmDVf5o(R0iNu2bO
zuVkO*DUWk)+Vkkq2lcs$nA<tf2X`?>d%CcBPkPSIGk~?7RVG45vWyC%wfFf^13j<d
zUIiU03(r3<VSx9UgFrl$cMghBer}=wIK-;0Bz!0X!8WrkDLm!XUd`IF_G#52(nWzC
z&ZkxL7bk;opIh5BVS+v0+$6V)Mby-R-9-6;lj(9}nu?6NRy2I;BX#Cq6YoM<pKhT|
zuX(!L=z%tp9wvbfv{C>Im$oGN^kUH58DU)j8@T6F$lL*;*<-}%1v{F=17Y1iZ74-8
zp}Dm&%ArS$fc+)YvnSxi_Sj}vi<N!*s!eciu{O`fE8ke2v@3QwSV%k>7Jn-oa~kJS
zT))^FTj!8vW5>n8@YoiM-#t7={B6|*bhKTLUg<KZA!6ksb2IQO_B!0%dVgUXk~9ho
z7^Zgfcs=O-H|74=1-ieD#xluKsAqLP=mI6<C#q~+{3YtGv30KKtMPYe9ssV5+K@aW
zho8*@kjp+zN6!OlJFOi2z0U~oHE6!C3<o`*Gp+a8LP~0*uEk6(>0~R|0(b<yw0(;P
zez60Zbce2egDaj;R&0}YLhE~WEy;dY)4J)?jbt{3@PNZ?x-x2M+eiAt-WZ`^?xQAA
zVedJbqD1TBH`mgV+J@~}rAQ<QPh#NTz?s%R`b)350PCt5jZ9_I2b%ZJ%WG57gLcSC
za_41It*(_o&q^BEH@bv^Rg7p(d<P**X^>v_5Ag>r-=poPI_?GLTh|jr0Udu$KeUdv
zRpm&fnOG=}6QadqJywPW`BiH}hP2PI{(NX*KckO`y{KK*2tv>~fxc;@l`NP9SpIM~
zi02}S&A(}u+iQ&u6^%BR?21loQOZl-3?G%vTs>fYeSQ2Ex?Bl?b{fAIu2af9*?$X_
zGRi$6Sn>Zd+Y_IEGd%V>L+8$Fam7|9utD*5lklvSS;&#)z&S*mo_FH(7so%Z3g56U
z->FJFd^^^yiUW~}p#w(Z4*5>C@Atp<+L-c?b!8LseRmEZf9HWuF^BmQEwzkm={W7H
z!wsJrg1|pKJgwVHQWlD}XvMa`WYlAWRTc<uWjxqc{I=#pC&1fU_l1GlZ^bBFtT>&P
z*|-g@k7AX3>g-3j`}|`4Jn+Gk<$$<xaFy20KeS40@+~pG9<sh?zJ#%~S5;6VvB}#G
zMa)_4p^Ke{7Evtj`)@%X4Z6qk!L5#x5A6+b{|o(e#pZEn*2K2twe6YH7U^-$B;_df
zO_NpcHMv6qrjh_!sD}CDfxY#Im|9fp_xB&lGVYAAZ5)j;=+_vv0#XV)0;v}6nZYYL
z5Mtk2!?l`(?5@T7E)xupU*GwBS1szO9OKcSgP#)N2@qv@S!r7d=5wtIB;|q@K*uVf
z*|2vE&o(CriG`owV#g37wEC$!=5^_h#7|xayh&-(5a><k``cvKFyjtf4hKM$GJm1z
zZ(Jj<nA00W3uA_((<EUhuNYgg@?sH+PhSM+oSHImKA5Q5{4^K~S0pZ>Y{<p&_7i~D
z&zcKv-OWPUXLV>SJ!mW5_8YON#{<PVVqT8FBKqHQEvGhB_bs5(lVC)wF1yaL>EmkC
zEQGz%+nPB|_cIQiTU^_?;MCv>PpKOLt!TbZx$|k72vsgh?4h~WTB)_Fp!2t-jm_Dy
z*Xe1HQnmR**6Xw9a)Py$Ai?!)D*t)>={fvH`23-8SNKOL15wQ)?}0tk)sd+2-~6G?
zEpE}A7@B{NfY^1H>@7qg9dQVF`Wq5@LU>qX>p`he5gUoon1J$x;UQ2s+irznIGV#J
z`8N*ZGJO6}(MZ{*F&%$7*_u=M$%~t@UzlLB-;auv!zvEmTj{E;uODtu5&cRh_m8TU
zJ<I?a)KvU+be_;epZ%+=9Vh(MKx1;`0PtpxAjEq%#5?VAjDjgu!RnOHkJKh}c{JZd
z!OJ{v!Q^^M6dG~Rcg^=E%ZW(1KK^u5w7x^dP~EF8J~T@ADKAI5_X=`<&`;gac>wH~
zCyEtbd-3SWuN>_<<c+ym{mi_RTirHbVfur^Q<2qH*{oIFlXqU&RRTQV6I^q306eK8
z*-N(b5kV$2?y6?V)#rxwuQCX)Zq_)IV%^_rwJp`OG>vM%mP~9>HV{wLs)og5n>w;^
z9)hJ~*c(fBeIfBD1dUc<9=W~=PRR<QZ<csJqrw+)(5gL)sOl+za0;N0d=Zte5TWEw
zQhk^QrC-76_ygKQ7~bK~xps!9>*#Uy#tYs&G!*a9$xr(9E~rb(MY$d%wjo9P?ly>{
zD>YY=cz5cpL)WAF_xLg;DTK!RPZ_26Yt-nuwzBTRQX7GtII~4Zn6td6sGtHoKo5(o
zJK76bh2b;H`-P8V7yFs!cWdEzfD=F3$CGOeNDd9)MU&t-kRS{~9tM38eM2bvnh+(r
z?8Wj8A@gg@7vJi{x~fF8!<X9UjI+Rtu1zJj!H%bs%D3<aU%<<<q2le&kGE@OAm|#x
zI-dPS?3w$Sq#+8w<HN1#q$=b%N9Be6iR5LJbvN*u;<2fxn7TZ@AotK(8mkle5fS6R
z${eC|fR5jg_3<;mOiUNDUt3mPmcp;UNP>Qfthb4US6#@Aj&zI;bT+*XNNt9INjthm
zubpra;EMSYPUT5{U~jgki3jTUGlHIH0-3-EblBl%&{G2NeuttvDgme<#oTw?j%*?J
zo}}vrokv=}^Ea~H4N+2o0}^5}sGh}Hyt{E$yy4vDYVvV|M!8J|HZ3UGG;3d)syi@=
z*Qec>o)y3NfZ4$lI<t4mGQTj{a%!ma*7w<bCh=Mb1?|&(=NW%UeIi6UI+~i;^@%Pz
zRyPC=Hb*}hvjyzWIS^o;t*&YRh{V^EbHYAl_YA$EjksqVY4Emgyr>&1_a-R%kVL9s
z&H8Ht4R0zX8bH*#2ey=p$ZJDRWkzD~A%jh>AT_@xSmh?{&9I9=vu$nx%_ZRSQ5h}E
zdwpc26!)Q^`<mnAG;E&wIUP5@K90vL$LUmL8NlC?^sA9nEz8r7L0atHQd?<;m+FHb
z1$a<U#1H7MbV1?-RW5l7+-DjKbfkdK34)(>3h=Z2L4b9O@;jD5Q08saz0KAqkzeGf
zOYkYRj+P<kK^BO8?lh(TFr|CxyJnZz15UrqITna*F3*@Z(U2YX<I-}_u_uwuJ%UkB
z6J(T@BmLoXO?Zy<^EXJl`tYwgo|PXpksdz(mOWLPn8Z^IlhB(3m2S5*LHf)Oy_rja
zY*_(!sZQDaA}$atyL=R3rN?&(F++ajf89bS%Ryh6OYTWaG-*%`mQ=ev#d;RhU<Rvb
z`;IJq=NN<o74=kb2fO}ztm6rhitl7mLBv7>UJVIOyPeBGi54u+3D*iW&Z*u!5_^`h
zH8m%<5*J1N3ON$jsjER!&$7MR7NX9?;taN_vi#yJDhP&=TLfQmZ_OGKeR9wnf1Eu}
z2c&8b{OlwA^xu_y9S8Oh_L9)w*Kg!ATSHF|alf?v9&y0~f6ZdaGFg_<8_1&MQXh>w
zYs}TZ_$0-~#0`X1#PZhMyb)My2t8fI)wrmvV0)`}{@r`s8tr8g5HD%@^|<%Fm|}D~
zUDGYEMJ(^nf+6N3e$eiuT+E=N6@#qID(7nJB;d1GI)UZSOHTJz)7K`))*Y-Ir+Rq&
z^G0dcDC>q>yVouDPa|EPnUdC&2;}4qaFjhIK8zxgq(D)5R_|yN8NJaJj;`Y;uXj!+
z<0?-ISpDF1#ApL2K$kyc#NJNI1fUiiGTOnD$_dc*czeEO7B<E3@U&*~1S$MdAZ10c
z6741-6QJ7_5FMWn)d5gDBw57IMPz)Lq1`bBL_24S4v=6+Nfy6hh6{S^+e7*V4}wNr
z2JFV=_ck3dg|$&UJoY4D%mllQ{>AqTKVuS!UxN{l<=(qBcKCT?Trzf3c(m9Uc@CVC
zw$q91H}Kve#907!yVL1zCnn-dMEVJNgFp0Ppe6s2>bSM=-yMf|24!{uPL)8IOR8n(
z%~eAOQqJ6(AdTQMy_4-Sv54KpZ9>fQax<%(DGE)Fy#}PSuP3mijemi--%x7!nu$*N
zNYGz{_mYV~QqX_OL~pJ2=J3@(<Y(jaRLeE*nV<kGZv2)U{Bc{uUnHdUIXrGcbl1lw
z>!oJX@kg&D|EexD=B#fK(73+JR?(po2y3(tnR?JD8ZPi8Qgc$J&eAkViT69JyA<j6
z{1K@_iMJ(bu(RVPj44;_-4{Qm;qT72SKRpvvVwAsmS1fDvy+n#`{3vJcL}sZx&!iw
zYE%5x+mI^5B+q~k3-?U=E%ZW9(XdnY^HvCd^#y0Q71ijsLgQ()os}VV+)Hs^n-yJ%
zXIJvzd6MX0P-8^Cgxe`Q^to1XHLg8OOX2TpM7@HHq=0R9s3n^*;j;FSq0f*B=+q?H
zli}ODSA-Fyb1OqfH-rX<Oa~5Ip4Wt!URyXOQ?<YwZ;M{e!tHs;R_*Yw9k1GvDJqw>
zxWAXYy}x#Z4{V{3+7Ex@{N&yoD|(l2@g{${n}_IjrBlg88IG^24D3ZaN-~Q^PIfZe
z>8e<#T~GM1$z6~cZ)aMFUI@TRCM;ItjP_?M9&q@oekY-J(%t&WBHBUJMHl-N-dEP8
zp^{z`l*8ucW(M61cmH>C<_J&_wl2rWs{!R_JWEOp)p0$!A2FaEGC2Qp%q8TKMU>WT
zs;JtMD=sP6v?o+42VxvEV6PL7DF@0vSz0lv!aFZL?<GOUl0Uhg(%uQadF%P_B-<a-
zBK$;;=kq(ltyVd(YgOU)D^1&pe7x?qCsS`bg?G1EQTen#<l+I6&6t;f>0R-!e=sb&
z_=afzFypI|&R3;?$ZT8*u9+EssiK2`qH^E^FzcZ#n@{`wbc)2x<$eH^{UI!yFD;wz
zMOAhAhDdUednWbAOzNHE*LzDT_+`L<|LCVQsf5ZO12!*jj8vuM$xp?k>u6{X%r|8)
z08d^P)}_HWxcIA*(jd8CpXBSA=>Mg@hKno0@GuDys2DFLSmo@574=*b`&Nc}_4FyV
zws88@TY}adfii1^lvyFrc8bL$uKoEmp^;v3`g45z3(yvQi%d?BKb_06BXGQvN!VNY
zaLe8mN&RIWE77~y8~J>Bjd1lby$UPw<u=`E!|*4U^lGIR{-moCx$#*7UAQ~)`K>G@
zDFT2j-rtVo{XhqrqLZ9?^XjG*sV()#3B>4Q%GAVn?5QHS7<5GzjbX9tv4};!-mH;J
zIz5A$rGFdw4q0c~U=}z}VI^&whtc>D58Dz8nG?VhzNdnBds?XODKS%g%0^wfXq%`|
zj|8q*MF3UtM(?JP{vmce_sCLtR0y(Dn@~I=bSh?A)<xOY+W(wBW1d4<5kP+27|)>_
zT%tLu^oUq$W<TGBM;|llk?%i^Dc5K9qzVow&mdkb9j=*9$|IFm5_IRjblg|Ipl>H1
zR4ll$J~kw@BVgxGs1eaV2`~9P*S;E#AHG#4T6c7Lfo6RF-9R!rGp^E0CEse*tS)!5
z*gct~USymAzgdd-C!F@gR@{)M9g&~-OpaYmlD^%i@`T{K$_*X3LSP4xi9&Y(xCqx|
zr!8}x%<S)=c`+#=n}Zbe#u)zKmUw)VUHX75V6Hewc!EK}3S~B)FeIMvF@MBUxvnHp
z*-Lc3Y<vu3fSM^*TnYB`BG_F4SeZbGA{_N>E@>tv-|C%;-%L-#YL7eSKONM`N0aFh
z%d<@?6DUNp;1PQ|#e3#&@%w!IXjR)W_rNiLrp+(b>0jopB;h?O-5$o7zuZsK?ab|)
zq%0|Xt4G?-g!UIycpl9dI={EFq?17R!AiR~muo-<o{i}aYFYx(TdJ09-9JhiZ!9z{
z72`0iw$bmfiFCdO<R<zV>3!LA1`Rla%i0Ek4Q+kTpQN{3rCWpvyx&c_g5GVQe57O*
zSH_Wf;fDsz?V+4rIU^3tGjvFTA`1ZV1ptFJEa?j(NHz=Li!3*ifx-SO5oU2R*3p7h
zOqhHu-n~!eZf4!Z2hd>3#z(ymc7q!_$Ij~r$^s3Rap!g4cE9SNKfQ<;5H2KkHA3P%
z#=Z9>L68EVdmuC9s12#F1^rxPah@coxBwU?MRdtP5(LwP6lyYZfxfe@2$l#Gs#2V+
zS-0A7yQ&fVR40f9r;X4oZygZEa!`<p83jxoMKMp&_qZlw10JqW>RJVyf-?S%y)qkR
zgYIZTzG6Xc$9rdob>lfV7Clpt2R#VxeE5RsBL1F_dpkimw+z1Ea0DP=A=9tc``Dm(
z-vE*taP*&VM+9ZV{|+X_;W?hAB3IkD28(_JYJ3A4q&T4(s}oJD5y5<BU(tRuU+f8e
zzJFx~{Q_<MW8SaTIbDqX!<}4z^J!e&`9Pg$E?-bW%ud`hL9jda8_u3SNzjQJ5pFK?
zB_Qfu;xsx;KHl+VUK2g{iXI2;l%*#s34P}aWw7|ZW{il)T-7_=cMb9FP+je?S|44n
zncK+LZ|}owQ}IE{a$(CE_)F=hnCe|ff3IqsR$rOP0pULg+fGW7tLm_SU?vc}G0_8M
znwskf@9_;PGd00lljq%3YR?EJDoBv6^J0RCod^~_fmpY~{&1sYC<92806lRCXikC=
z+D0k|S#-wF@L20VA|?u^XylKe$h)vYOCyBv1c>w+OQyh$!0Ukon$wkd1<Eac%OJZS
z);jC;c>!<-dc=bFaie{fE{lkzF^G<M3|nyZM=_Jrb&-7!MI#OHlT0MAVCw%NU}q>F
z6B-a2z_hLlh1p&N|D&?ULUOCBLxPPZv?c$Em$k3DNO6qA_uok~1!e@Mtz`|O{U}3b
zBL@FYDxSp_kp)OH7>uX#L*}dj$hl*7q7emj;@$&?JmYwqGW(T2i8{xv+mA^bt=q4x
z0T&aIbAf|oPz>uCRVudbn*WMfCJCv<*y9aNC`;3%9PWNMKv1n$gxpJ!6ck1_(|aA9
zn_sWjCZQW3aO>XFqKbEk6?NF}y(mi`7g&o-@8i}VmV5C&rN_?6jO>Osz61;+>FRC1
zlHPZO;C4lYrWU-!@f-;`C%Sw|q&#X}f{H78pW7g^XO58Kwf`1ramBXP6Ub6m45IFH
z-f7>-2JN<g7m>#cSMA!5s!m?lEN*qzfrRTr1M_EExfeP_DF+q;wqHQu^C+|T9MQ&F
zoItCef^|u1d<@$nNLw*=ifc=23Y2)a`1qBgHd=oyh7C`6;y#oIju$djbS@iD+jm;x
z8r+}OF-bp8Z7u!qnd@|w2BP~yi~Tex{`n%<dw|(jhKoKa*CX{@Wmm;nhl~NndqN35
z7Kw^at8gPY;(*5TqEOM~GT4c;z|ML_pi{08BsHtz&0`Vhkt-&ZExWQ?RrO(5JgVm7
z8aV?@<3Js>Re(bE^vvjXpHlJ}CQjQyb!rwHyw0+NJQcHx4B(21Ci;xMS38Dk6iD#+
zyfJ>&>MgD4w8*R%=s{g~%ne-*%v%2<O2cY{ffgqKgSOvZet-xRU{HR=n4z+zZN-`7
z;7YHol_(tSLdw01ak}RYS>1m{d*}$7?F!>&L9e7!^_BJoE6wU`Vhgu%W1O;-<K4XE
zz#bgoy|s_3dY3JyaKk_%t`|-}VF^8OQ^$6%?x4^8Y0w2EU^fg;`M<y)f8iT(@V@t-
z2wn8w{;kukE|Ny1hw$Erke3KN>q_%t)Iv_g2mGnwF7VYZ5TRiiaqo1a-%Y?~cz1d-
zNeT-eLkW;nzugcA?|s+*8&R;iSsH)WP>QFlCbr>SE~Vz4Ps-wVd-)1FNm7cJ@qOA7
z0R4UjjW{9!Hpf6CHn|ARxezautbe@{+=M<xT9SSy`q%9lyI<fU&+2g`lDYm#JpYPM
z;doqxI!*-Of-!VrPbB69A^dh%!JGD!hG1E$Ak9sjy{<9zXV)m62SU0f0gOG(vO|R!
zbz$vok?xW*$aC4>4(<tbVlB31wgX)&RPQoK?x#N;EfdJ}q9{dK=$A*XL8xVrT4i8$
zS3c@%ZMNUs+ET(8JX}PVqgEYlaRXXOn5lHLpAWMQ?7`)Ax`&paj!}r2L#>%ZjhRC=
zxw6-iEwxK*n|3?p+m)5i?Lt_JCxE@MhM>+2poBNrV+@7Zn0c&=<D<v-=*IUl3esY{
zP5Zu+k<^>rmQa!mAY!)28KwjR;+_d?M(-ndj%k9MH(&5^pBP{sCbRs-DPhe;lU~Ku
z|K5P6-vkSOsH#j9T0%Fb!)`a{EWvUvu^-^yhNY8l1UD1Vy`b9H;5R*mlU&SbVcGN7
z;Fp`yk!sN4$r?^i(bH-&j%(W(3MSo<zVA+FhY08bmeT0gvnnBQU0}}wbGpH9r3&KJ
zYGbJ4c9lnKHFILh^tVGPh-T73H8Q(xi^*P8gTHLhgh9@PfqgA*9#C0JfY=O7TvWQ}
z;Rod5A9Ug9>1Y=|o=}>FzLn$6xY_Hg^O+=v9d9Es)Dq=)a$Q#|iBi=}1bGA)<i!we
zb!tm-*;r}|%uWKI^NIg$fyOK~`Nrc_Vnn35a`-Gya5UlvQ!vylI`ZG7nY!fFor)qm
z_bdm=<{@{C2(CvQKx%7<F2CD%BPc8W2?2bdf`#|0Aup;LHd@*g6`IJ^Pjb7ypH6pj
zAkdt42{8gNZE?lEnJ{=TN{w?g=$aPVjVA<DaCBjiCvEjjamrDccu)G>I|ko52EW_e
zE&3hoiMVK!vq^!;#Ij(pOp<SEQB*nhP-vCD>i2sdTy4%Sj@9Q8`@&FjuC1|uL=2No
zI|u|GRtvz|A<6yIs%8r?)PV>ww7o&AQOl5$mVSj=+z}4GEkvG0zu3FhGveb7F7hlo
z@F#;lbp+3X6>9vaB=h_P>scqrTMHn!#bne(WK?nZKTp8QF@9`{_Gs5=&fKuh7{QmI
zIbZXSOLE}6Hcvo<x3ixk=9*#-iiOH++e0`7i`Ppg_82dXuUh6rBeM!TG2Xg!(6vu8
zkU)=;xm~0BVn5GT+R%sK_8J$wNfmOv^S<x~p{^<sa{c_?Y|<Yz<sZ^{L(g-MTr`LZ
zTKY!f9f|<hc8BxmlaYP$=@jBB-C;ysDgvOgbe}Q|dM`}HNGqwEZ8M_Y*CQA;NRLB%
zTJ!*30u+1vAN-5<0!+jU_=g`3K{<2m>(O(gSJIC;CaP7qT-cs5pH?k#Cv3kb`Kdn#
z2(7-ve1N{uvBh@$ie0ys2ZYRhw3S1H|5-%Obw5Y0_K`e|8#pZ+D15bric5iNhmD-8
zqdtVeyg-`&lUJ@~0)sHDN=~HJZz5=wndWqg%uY0Pm5Iitguih*tI6x*&jl^TIOpZ<
z`;!1Q4r<DBe(Y@&OnMxS8M2+dv3n2J#aI`Vt(M+DqP>&383~+}9_TrFExpeE-VAG4
zu!n8b&_it0v0e9;Ez~mt%imtr%3KUJBv<;*Kl0#A6NzI@nbh#6*QJ&Y0-6zOHL@)8
z#yq+icO5?|oiqL}IrJ<aVjCXmsDpQpb4ygRrm<kh@iCeFi$N*Ab$5eqYnmS6DIVx?
zzEuf5W<r_U=g#P|u|4>Si&%i2)g#XV*$UieBmM!5FU`u*>Y+s#)*T)MnHD@2A9OmP
zOlDy{b$`uZvfRkOvBM`3&?%<%<{qb%-3RB^U~%m&5Z7abbJddt>e8wcDqIp9EQx(;
zY|z^w^LfwW1c!V!Im}i)o5QoEJBjdkHMvOVhJ=;mEj$a{9tgL9?^F4aF5M~Wt`!@t
z%r4U(3e5hQRe0bLKVmTQ&%^7@kwkRDoZFRBCw6BiboR!#?LI>jQrUGdTDPRz>J!D?
z%VrASf6x}Wk?NaWE1)-8apKv-h414~VoxEGhqTI*7ZTk`R~{8tfUfDTncmUIn*3G6
z)_VzzUd{-YtJu@?ngIXkZ<Q<}WaMIHmAhdtflgO0eU?W4g(=`5%~nxQCE^+bP6s-B
zgc8sXbd|x}V~Zho%t629;ku<^#KEG<;N!q>-TW{tM6CR}^j~sDE;dOnlqocIZ(}uG
znL6jK5#LZkQ85i_?4DDLa=N=hcfdAbosiLy$JQtEc+aql8m9KwHt<2%OoF~)4)X)A
z_$Y%sn^Ru`oI)xb0U&ko*jK~;(pNRE#*N>rVy@%K#SfGC>Eh_>L#H5oozQoR>inAO
zhV^_Y*JU|(BF4f{vU8ZNWgOyJq$|O*-AZvxt^E)#->NX{Qv+}M_G5V(aKpuV^TTUL
z=EI7`4L=>l3-@n6#=F1hrDFtN%PsEgPz{FcgLuP#8(B9wqKc9B>I|4U`cbgPeq?8T
zKr&eUp6E3(b0CPnF}Z$f4HI2OzrN>x{lJgr^mCoA1=)Yho|Y?!?ydBm>BzK1X>_qT
z|Jyzh)xDQ~r0`eB?O^yTR_#*ncBB&d_pKJl9%wvvm}XArC}^h^dDegHQDk#4v3uH)
zcAP$r)b-4gz?kDOZ_Tnvak(nHPt9MUv(Vt8pIW$*DsrKlB1G(dhcuaG({<sCZP@z6
zZ$C0$*wN35;ZM@}rt$}2T#B>=A9ICYbD=+MiAigfR!z{U-OjLD%XcF0K8ghmy!iby
zUpO|0rLQ0_q46=k;zM&<T5mZ)y5A9#)}WOI7k>QOJ|ZGHt^C6-)%Db^Xl6YcTjotx
zW_e1f#~T+f9{XIb`6gWp8=a&m_oFvt`QL~7lCPt&U0a2Hji_Ot(&$QP3bjeK>n~J#
zvn|$)lEA1WQ=)jVx4eIU46W}DmolXAZ*S}HlTEYpy8U1zUH#ry*G||_UcnR^oE$J`
zcXKVytNo<Q6z-Y^k!Q@S#q?Iww%!58X#vbn@yyLD43h7Ed~Ex%-$xrRF9V_o4IxEG
z2il9%^d%0y*I!cAUM!bSFDU*-2Kr4ALOQ4Htq?+rtL)tpLh9h;ZPoE7&BOSqdhz%l
zzg!2yTmG5vV^wcUE61j3J~{G_#;1`j=@RS5SC8@h`Z;vIJ%X+Lw({+z2I0M2dV#$Z
zYvo6+Ecj=(+ETt=HnvHC6)ZF>)1IcZA`t;~w^z?(vs$J=<L^V`w{7;9<LTw07U3h(
zBO3dNKUTGPEpt3_b(3k2pyN0tvL2ei09EjyX@ddlj5~I|1#htvw7`)jNqE>X9AY;X
zIc!#|y1HPm63hmxRdpTkZ4}l<FXphhW|0g3i2<ND^sTuf0TmSg4So3Q-qbE1{!zMq
z7=CyxK5wZP9R#cc(Bwa%`05i!H8R$If(yR=TO2-BRPI}0WGud=>xVH^@xvi$<Ld>D
zwuYEL#w|MpeuIyGbV^mIrX8NGO@`QW1U%#N6u<2)tiZmH6YJitz$U4Pc1};-#bpaK
zqW*_HL9$upGfTR!L!|Vfb^unL{W03YHI;}qjjxux_wQE_TTTV9UDZJ4mu9j-Tcs9`
zt=Tq_=`}n4=bC|2Yk?`N)(U<!Eo+_$tPNta@ZI-Mb-$01l+!GgRRYPk{dh(Zun1gO
zm8k6IKDNP6YsNYLPn)<rU821l`6MKTH|?kh9JN!aXsF~ZE{rafjww}!#vfw{%QBO2
zr0VM8)iJRzQXx|;pTRgG)-oQ1&yQ-P>g4OI5nDbCFAl43Jm_mY=)D>jYc)A<wbIzv
zMc$EHw$r&PVtw8tWp-I8R&p8QkH`XJ|MAB4WN13i(8=E2KGYCd*T4<enDZ79gOWCX
z_~*NF<u@aHAIB5UZgdZ*J)a~tr7;e1Eb$`XjgOJ^x?uD=rr-UXgSKjR)`L^|!vlHd
z@}61TU#tJlrSMN3y6h7<c8_1-XSw-HgW9fU+r_7@_=Y6v-!#bq?dXN+SB$3BT)y`4
z$VVr(-RtDo9bb8Dgldt?1V{sR2{uJ}By+)D!l5Q-qE3>za693K&d=p@$=m64S5&U^
zq`C`~XR6<n(PY1(IjVV+$<KTW<*RwB{`_`g10ud`O;0)?&m-*JZ1n?^fpkvcG-<I!
znuj~+vkIqY^{?$1z<jYmDKdkJxSAL7*RSIL{*qDo6IMf5Z?K2OQJ0SRMMD_Kj^%l5
zI<4Iq=Pe>DhYMfj&7K*nhOdYddg~0%7+`PO^6ueG>;t0APovCXhPkr@8aYJ<_UI3v
zt=%k`-=5^6*|1RD{x;z$jFTu~_$`PyD)KXX2ZVjgoq}sdAiI-Zidef{R`$YT6w>pj
z&OT9vzY;%ZW~m%?%1~I9Dq*PQlJzh~fBM5OIx%a>3Qy{=b}LojFO}!-qelFmz=tue
z0?`sfnl((K+4A~bB+j4UQ)}1lo4;SZ>CaA$W)HR4@h1a3rTEdAyjSuB3UdaDH4+|v
z`nAp_Fjj=EM4628dI)`AP%<!6ekTiVtn1#k3CEfO{lnSk?VBOmAvH{Z|MS7_`HRwH
zbg@&j$WURD)ovmsQ0FmzTs2r1*TB^ZydC8Eh~3~ZUNHp8k=`T?N24YSAo6+_UKEHe
zi<Dt;oSjG1%flY7|JzDvfTx|L*Q~DerP)@nY5C>Lyq#jQR=OBts(Z1_?X`DthA2Vr
z>F3zJGP`>0o6mCGOpBK;C>GqaZ_|t3SM8OB_w!lw@ev7rz*`ewx7}D3c(~H1@(%e`
z2A$p`!LebP*uP~>2WxYLdK_29Pi~S*MsITOS-WFbO~R@rL#-ZEBRY_K$M3Oy!q(i{
z7lXhWsOS=xLR1Ijd{quZX6j;<pDmLOj)ypxOM_q7v9N6t@@9+r`HgIc5S$2?1lH~x
z(bisc`7#AwI)hnW;Y8x+kNQ-`M5IfMJbN({``_mxduAhLOcCRvGLDq^eCSt$D3qLE
z>+2Z)!<jx6RyN@FP`uL6el?$Qv3@ww=OOb?w-eV#-K%V&O;&T=W^d^{>JmVOJ$_U*
z39HfF>YGU)HI#e9$*U|OcdgIGv?VKj@-jr+_!Cb;_%5zt?=-%(37nyT^+Kb66J!42
zv>&T$t>;<sj3dK+M?8nAXmP6i+T$>P2quz5mzl$rnKOn~^tzfMPghtY=rm3)d^-vS
zLPALPtoE8#ivSm)WQ-mB0R=LiOq$JnhV0yo1po5^yEg?5K*G#Brf$wNo%1M!Z}qY!
zE&M%7E*{ZkX*0C#M=>an0%l%2WkT9Vfhf3EG7_A&4B&`N2mz~-RtOQ$9>O4WWl=zA
z6*C?N*h2*WIm=9;zEJXqbmrYp<Ri5Zs?i*tEkQ7hGVV}#Ar-8viC*o(AeOIY<@GL0
zrgCv8zS|00o*%sf%pkVvI8c|YU?BLj<hzJ0*fpFQ4)oY^_I>_1`m)W0o(lweAY6i+
z1}qCj-1>sXC)s8SHdx{7#Mt*iXkr6RW~4m~y+nr#Qz2mX1Qo@)Py@c(W((LimW8PX
zCRtx<{X{bbJ@#<SYSPPXpoiaFG?+i3J;hAn+Z^_hf$K8M0&jyruNyU+THWUI9QK0&
z|BNugBJMNLqc2~ruB7xw5H-!2<vVR_G}Rr)V2%6G_vR|YOFY6$JP1II#koe23k6K9
z8Emr_-qX5xNyp#2gOCbUwd|#p{i^p)vI5%Izj3{+VNWXG2%bA?QC{NV*h*q@4R&1S
zIowQ|-$hA<uIE6_wuIc*0&M?GQ#HUNBVFWX;N#(^D7%d7+x_PpuJzP&V8{KlBd+2f
zzr)xJIIQp2Db{8<H}pgZhV$u51-*Z3f}?JK>RrN`2a`6FjGH*=3A_6IA0MdC4iV_b
z1Wq>B3($I^^4~wG3OQ0dO4&Y5p2y<8&r((X-hQgOH#awbT_>q5juaW`chIyst8Fyo
zmNQF|0n^0VGqAT`E9Q)ND~pPG(Fimyv}ELFUYAwZ<Ah`y067zWe0{t9Wo@$4`ozE1
zxA(#~e{xyM?Ifooyy1Fvt!YBk7ZxL-+h5!?8)H1}2TPbtak*l=A5I2!<)tY<o|a|u
za~1<si~DlPXx=Nv68^F9d<|Ae&6Kv0yJe5YhwiEX3fOxnpBQadbcfDHm<gNh<s!c@
zCh~L;&{Zc%gS6p_xBd*!Re2O(tpL5z7dd7?`WF>|J%=<;1uwj50IkHo<6H3h2un~Q
z`=%iy<}c|wU5O~8<K(|b`fcVH7RVt_<V5#^#I(Y{dBIknkwZFCCECdp@yF~{ZtLrj
zdZZ|b9E3cA&CENBWt__J0Fo-r^d0#^fPiFk>CX*SkzYWOHXzu@*iUm6O(=^haH*l8
ziuF&d^f<uaNMGmB9zob352G0WxzVu$nHvZC{N-T3Z=`i|l(8{pUyMeklsL518=*v<
zU>?@Fy)dQUOc4QC#m=p%Hg9|*hCFcsd`>Lbp(Q}e65u_)8kOqaIQwQw^#YmdZMd!#
zvmx02L+c>>mtmc)W=6l|<igqy&F1SAkbFn{%R>ux>UNpdQT8<^LyeX<@G>2=C!3#d
zJ{uB9+P?pOs{HfK8!i?@ji&?)c9(tMATurhMG9~)vb`qRil|}GdW{amz8VdnM4$8a
zE@=Hp2jW`|kPmob2{!w7Pl#suA$Yx*uRmgvm{w0R{G*_Jkl7znkX9^GPdzVW(i{zN
z982d%B+KJ76G#upe^au4&muiy=ZN-OZxXeKwl((|ZGm?gCj|Lwg=6Bj4p4p412RYn
z)i|X@4#|i??@^=P7#Sl>6LtMd+uGPkf%bdC`z>H+<_4u_G@o{%C>9HC?edk3q&oF%
z1}&>HW`RR0m$OYxCVyZ*{&9b#$b}LId|QuK6@8Epy)PQr$d+EmmHvN2i3{JaG(0N-
zza$nIB2Nh~&_fP6+5p&ZpaCi{F?ztx5IScRG?IP-;sGGOIHiIxDU0-}2PHf~I7Fki
z=Z`ecOCV~`9{O9F)o$NPr>yAePiTPf7G^CwPHCQB0!3eJkwcPIZoq}tJWb58UpS?m
z+-;%fb6og`ONBQ0V>ie>QS<H=a#3Y5m}oCXX41-SHJcu`(6Bi)`$c!EgAHKJCU9xs
zKs39BZpKy?=3zYV+<*f&rw9qy`xXDs9>}mnc&Rz>KIWj1ITdf#gt*MAbo7e?)h5Tb
zj_(4;rfA;X=&J&&&7f)SAksbmy!(tYtsEmh$mCazY~a(ccmW{98;B;c^DAD)k<h2>
z15C_l-uYS;L|xk+Xsj@12q||Ys0j2k9$b>&5U|^FKO^^$RO-|pP7cY)5x7kCroT!(
zBZeQeC~_EJ+Lv~kI*(7z@C4+t5Oe1F#5g^2hLm_PBxnkbBz}K0p=pZ~>mS!{WhP%W
zh%K()D}bt??`K7OQW_ptdSo%|A7C6u==`%cWR>}KprM=I<1!?(<vopRV9x2?a`6pr
zhwAOKJqU18hrg;(L&mCq&<PTp<*_ykyN1B7&C##z)%R9R#-z33{HLSWkWxgERSSzn
z6AAxm%QYnCs2{r&7h+BY7=X#E=LG+&fBA!*TjeuuoIJQN``ybcI5QYW6o20xpZ~N2
z7vd=vNhYkn*qala8~lR`aDm9SenSQ8V$5T!IBH#Dr>bw{2bVbP4ZW!rYvXQJ5h@&S
zEn+BSfNNlcr2EJY9>qhHsenrr6r$xFvbTp+A?fb23M*=mT`_`72_ZMi1G$B9_BJ86
zT<;90N8^yIX?Lpm8CIy?^Sw!EoDzSbL~Binjy1F)5BU7Z{p%<^9w!f|EJ}1)NFlm<
z46<1a!zc8Rjd+IQQ0*zTE`}8fA@1J54z||~S=|Va$2=hbtupKZh1~qksKFb)ko}Vt
zm_|vxuzl4H4plsJ@%b4JRa3vIk?YKop4FDchw&+Sf!J`Ye#(w3YWR*XV<ZZBWond=
zh6>JRZ`j)|D2toOtZ*Jhu{+M^I}mS?vL{38p*&AAIZ6FQvht^2^ch5fMzSv-DrRaZ
zirj?=gH!B=@C9*U%rh|CvZ(GaRzlF-l|CWVMJ}YMP4SR2u@!(&D|2WJ49!wB$~32}
zjjmjYh&xi`1js9)5=pj?#q0OF{GCn<_q*%tr#W&aK@LKOpBkRf%9Z}e$0{+fmnScv
z#hu0OA6NLU=?c*E7ZK<-5*yAi^@=yS>6pE=Dkw9P8nPpS);D${qxg@GR$g1UZ|jow
z@Q{vnr-d34gSdir!<f3qMq4hU4(iB9W2im*L(6;<7@8Rq$HdjDeE#tt`5T7mSACcJ
zAH2H01!a;+05yFvBip_o!pEgSW5M|le~DLpk5eg59pA9bsRg*m&0YLyt-Mj$q1nD-
zcMZzeHj6k2l}1VU-3@Tb6Q`>6LK4nbOKES`e~AYuk)pNfdRMoRW&+vo0NgjB>ug=o
z`;D^Wk?T1ls8XZwfO8cH>jk6g=vzwIYDM3(zMXXCe0Ma7FHyx6^X)~~-Z;4)?=K;+
zq9aIg8C_@37-3l{1ov|cS#1e^WB7nCcuBX{ORlHU#$9A*8X{RA{ASo6sQExx!6H;w
zY=i~h(xlK+<%o2w>C6$jfrezIU24Q^OOW{kJs*@<q}tjHT1EtD^oJK3^~^vE3J@0>
z0!rl^U(vgy;_F`X8|<ois4cpDzxP;oQJN9|slpmhj_0(2rI`Mwl+9TsCX;lkxibc+
zAx#u+&I1A69mAA@Hw}S{6k!L+OhWfP0mv&N>@?nGTzc5x=1ua);oM+}2ZCRhMEp*g
zQqb@KbMy+#g5YoW1Zvkr{HFy0kiZ*68ukp?f9l7!n=gQsOZBw=ef+}DLw_8Y9ekr*
z+ortXyjrE@yh+H5I(W$vd(3UMKJpAHL)34t{jbj^y0M;suMk-d!5}k=_3U6|&glH$
z^ACUdoxr7UG&tMy9uL@YYz`Qzy?l|1hLJ*=C8nd%QGwjJj5ZGp)xv^_r&P7Mk&Wgv
z2-m+1+7qbsjin^Buq5-I5JUC%cbOj@czV7jG!|=OxnEP$42t#Yw``*~PABPLQ>p9;
zWv)-Y6zj${ZakYo(|XXJwiVf@CFvLu2*#-BMo>arV{!jCh^{2l9u?yLw`_31T0i_R
z?<eUXo)P$$JxMy0G$3Jd$VY#b(l<Xq0at8B=8fMO6%6Vd!y-~>{(?lk^*^~b^85vu
zGVj<t6+v{vl~@WEKvWi+s%{d0BMq-JQwqw-SybV0|5jf2tW2131feJn6KP~XNQ&++
z`UoNn-D&<ZrHcr{9qcqU6G00=CZ>%x`#-wTu#`y}r6H=fx$Sl&LCBgCxqe$bpgb_z
zrg=<p?jzmV!NuqbK0o^smN~i?C>9JF3owm@m%s=(F(NpAEOv3U_vOAZms6vbCzVo(
z9Xbgo@W3Mqh4JN{-th2>Q{b@3;j%zZ3CN%d#aQP5yQ8~yA~H{oAS%Zr!Pn%;JsovI
z=B<Fz4M>KV#Uh|UPypzP0L6TjOlFS<Bt4c%0GVq4@@MZGwZdbUj0&jHfSCB`6|WeS
zJ>7_n*6IlW{e`Hl7E4P>MMujl^WS<7$?Q&oY%sj)o1ysdU1ItbuYXB_6J<SKU)6p&
zYRUMV?5x536d8g|VZ|+$`~#_Qa^cZIIfK{h9^U9es+021E38m@6Sl+h&7(;`wIst{
zm**enU49VU8e)|o>}abZL<KH+)4YYU)QfJnJdfTuvEn99uG%V;{aKl-@aA7R16>k+
zh9WG&<4-+bQsM+V(XW31QduWN1hc8fpCsXM9yjcw`(g)CA0YCaZUDyD1f5E=1SA9L
zQpsTDgL5$_Z|ou`Y?*^i{Vxw<_!8+KeL1o`55@W8KYpd`Dd2ZnsdlxYgy%S0tX69>
zX}H$jJ67a#9)9;$ojBJvpWTW*gZvLsUjY<H6RnHu5&{HR+}$O(yGw9)cXzko?u!Ta
z1PSi$L6ZQ<VvD;hnz#RbRrgNS)ajnn)6>(_J=J~WJGHxt&NkUtjfc#{Z~aQFSexR-
zms|d=yo-Vn<|==$<~3Wh+mDc>R**8{SIH|@6DlhXRLNa*XC9)^qq*>qycIrTMU&n1
zD!WjF+vAa}bjvS7nY{4#S?^S?CT4rQI~oY;8RgYz0YwT2$)ev@Xeudg^ab-jrnh)d
z$CCs>ON>)J+^E58GN1VGztn_I<9}+A1JYXJmW|U|q`_yRg)rc}c+pj_W}?k7r1!R>
z1`JO5?2H$~T#pGE;`bYsv(XH$dt0mTh?g{d81Nj`b1*~K>#EI!e?5#B^VaSPXQGqQ
zW0Fm%(kJD!u6Z?qRP^V6cDbG^&LXBX;_%<U@aDU_a}RCsKh^TzTkpYIgdolUEXj0e
z?OpP0cir%~@hr++!*H<;Q&V^|w*R*4HQWJHF!tsvS7MgnVTdsVH24+=w)8Ib^WO)z
z=x)TQQbASIO?l0J%I1i;ohq8Jylg6Kq2Xv*`@c+zW~CJJ--8TUdL81JqWP=e119nq
zHaDc>J-^IkK=y^-PNEBVs^8nHq;C<X)#ShtO5UCeS+q1TMb9z~n~SScfr_ZR)k~BX
zt8mQ+cz*SLqx3LI=f4Lic>mep@hj?XtsVzHB#Y*s^tzrBi5!S;ZCK@ciP+G(yA?f*
z3Hl1QcfLc89JufHnJ7*>qz`>`y7=vNnko9(D5Npx__y@L_ppDLCle(EaxcIIC*Qqr
zpBR#H=#puftbMP%Jr3|l$Q$O{GGf?+m`GDb@TG1(qcZU8H$HDx56eDyNQ?$1i2qT1
zOv$M9Rd^+muo|~cl`cAq*+o(z`v(C}cp9s>neDSs0ldtP_V8sbbvV?68N8^CBT<8a
zO?j?Dw^_i9@R@rVt!!Ba4o5V3F}MJY@=2BEwn&ci8n>k2bJ9N!!kF(naX0bDEweJs
zf=_x;32wHZp;SJ^7H_;b;-~p?8y{6iu_4)ly+o5x@P$LP{Ibl;<*c_9)LZYxUHl3?
zVAB5r8u4JU1H6EOtvle8AB--JqUV><i7&*@Fo#V{!6pL#Fo)YX(1<Tqs(8@uY~Oot
zmmu??iO*5;?!IE2{MEqxF;R1-Pb%}y+Zy{Dz#dPU4XTF=mckt>`6sLXuDx_gMQTsQ
zHBAH4c7av}lI>GQ@DfB1W^WG0a~zU4!wn2ota+2JLC&4<AH~kMT5(WgfIG`gdGa%$
z4i$K#16Om%zLYYHgw|xLps5pFNyi%?ov@}1Fvz^L_z+l(vEqoclAXZbRc9f`YZ!nT
z`kT_-WzTtd@h5j^8dl?=;x~)AWZW5BJid7XeP1^|@S1a^xZ43jo1qsP$E@bn$Qai#
zbUf4ch109zGlf{8^dY}|e_&GfmGrz~DzxmtSn93|iN=33b0_X^EAzInL*TtQe*zRd
z(iL6oCHq48+W;r~0@emtU}9dqaqJiMD(pgKs7;e_C>j~dvx7uG6P;rwr^4e0siO}T
zX?|L0WS`L95NWHsn4<SS;ER8OAXa{rd2xri>eI@OV(VnV=57*&turo}P5?PoaIv?<
z$Cc%E;0cNN3#(63vAn&Q`nUir%-;bzDsK=uRX}kP#jqN@WIlE1hFEHvXsWqPYKY^@
z`!J<Z?63uz%>ss<xad~y&`Cj??kCB7slwJ9^!S??zIq6r?mPqZ#+E(X6M`2CYTk)M
zx-&<&3fYar&mU$Fn`784;n<D4pJxBMM<foK`*0;ah8%s3Y5l_aLo`b*|4RC3jylx7
zKYY<2ekf1m9Q|sft=033I>`wM#;6N{V`xV>r)R`zKP??sEn0a@Va!ktD<!KbCBWAm
z-r^s^QV2icdslbg`ys0>SVtdF@5U9vQX^Ay%%S?i^JL<iKTq++H;Eo7c2NZ<0?;&I
zvHwETv<ii9qFFDXRBjE0&|TIN=n&Vus>sI~GVw3|Fa69j!l9F74|~udp*7*>BUr01
zpnK4=O@a1#N08ggW%;dir4~A!Rt!ZTOZFn4&iCRy?cpSCa8^nc?z_sTQT+eb#WLgg
zIs~}PtRFnaN@JqoF=dU*m_?ct3>5OdX^i3v6XJGoz*y}u(JU~QCUx@rG&xS(@z;N;
zEZr$uB-G;pb6c-uEKM^69<tiR;C5adz2G#t!(#fKgr;fIZGg4$l@2kLsOl*G^D^3>
z%C4P+vfa04k1=(<Mzjs{j{d_mk1_rUEPG_VMt>Kap|77yx4t`$9gIcmB%=Qssn;D1
zk^TIXP%7AD;PH=TxV;%IaLP${)>I1E8C|N^Z96tx8QrCfz9y#EP}3^eWgdoQ_=nQ>
zArIbV1)pV_gXYDFNnR=p>nV#xH@G)aBMe!xBxo$5S0_42CpxWCuVInjxV8L_SSs@)
zQV0Z}g}i}^6p|gK*Pvh~f7q8&3b`48MKd*3UkvNBlpRQphVbLw8tFAK_T_7M@=)zj
z%x5$iUM<;570w~`-RiLLS>xE+;oR2gHJbm77Vmh^+#9@_fPwWWKG$TZDSBRqulfxZ
zF8;4V4Ff=%4!KV&D&YY-9`5T(dpWHuRn&+i@3O>vtu<8!MnSLq`sMzYDmHV!v8TTu
z3z%%4>Q|g}?+&H%H9*ZpPUC7OW8`~dG#5x(PyJof-ti<BbE}qdR1WDER98GTt5x0M
zgvLz=UJU-UuaYT?q}%SkX|IUeEq31{C^~W9xzO2@4P$L?D?y|5c80OC-eNV5Nw!zV
zJ{}^DV9^Fk+e4FQjy#%<NVGewqSi<ANv!|S(2cs$$hhI*e(l6rbH&5`<;Ec6!jKt|
zN*0|*MoZ2n?GT*l1S0-omYKTd!BF<9hETk(#Jcr&Kl1?jCyO)x-@Wo8<1d+s7+`7@
zs|M``8U$W@%*fNIPD~y73)-Y#Oxh;hnU||-WycXk(ILX<Z=mtY=GH{_kZP9Cd&WHY
z>rEgh!?f4%y(f1<@DTgZN7gtEDtUL8VrlyV>B|e|u9PXN;Jn=(!#nb{9!WU^MbODp
z>CQ~(U-eOovMEvX71v>g9(2RLpuxMXXsw=r!-X!N@2IE$a$3%ea84CW-#(+Ql!h#=
z|Fns_+%kE1FLZ&^A9PJVJSzI4iTH6jBCId2#WxkhmzG9c=hN$(tQn+%j5=ZRkF-Fm
zyzAJ4R^E?n<&ve`>}{Hk9j734?1#_a;DpZUdRub~X*F&HFiSW5kY@a-G3K;FiaUoM
zSi>`fV-P|HXl~!sm^Fej6H>Ym`hsBid%BEiFJu<ueo_&ce{k-@CMvAnpvDoQfAF3{
zF9PVp_iQBDA$JaL|DuG)^5MP>FwDLb&(f5qgsBTaMTbiGy^63d$FZZU#NSWLpcDM|
z>sHsC+TQWvleneN?qw>=w?n*)JaG<hqd@ZteQ$^8t&>W)K+^x`_v0_ug>UdJsh8{6
zJI>*2&uDB9I4=Q44?p1?p3!a|&}klYGM-(pMM=z|>=t`?&u9V9)(wn>hB{L>&f%{;
zd+;~UXxR7hSGob>RKWwE@r}+I+BOz`t|}nKGLyvyeq-70kr^ZPP#c_hMn`-|Wb0*m
zM)$hMOBz*8bpscT;_yMJ+!>7Si&@)qjrYkRCeP@<?-NDmvG4KT_ApF?(6mJ*82u!i
z-HOA)(>!4`XLgfr;cU*&ONO-d1kPdt9!LJgH(bMCViYH17Ca&`j$?s}j{hz}pnObH
zDl^J4$g90^n&=XqvXehmPyraCv0?itIs79EsRFEP_Iq+`ZZ~_0N1y^bP?#f(#h0H#
zOkpET<J46*`?xq80~;Pf73uN$?*frb2UwbOyS=$<ifZ^IZnXbEGY)O!U3|#gx2(k*
zWBbPK*ngcnWWh63!&TBdWFljt6p_3S!cdAhv~_G8(%ep{aYx4|)wLSRx%RSvaBGuS
zPVmo>$UDQaz;K3>;yCmRGI}7S^FwQyV4m_u6YXS%khY<#tEqop%ik7ba3k$h#sbEL
z8#bQj_mvk_SvT*LpL^{~k4q>E$@5p+Bt?y)7w|s~Jd?h7Y0aJ)S+M#sNT0*My%2_+
zivCR<i8jMdWE+QUy?&iyQ6O4h2X@PcFdYE1>Nil4oECAPg*w9^@sbsxw81YGgQY>@
zxJ|DLmk^gNAnzr^aGW?gK&X(evSjXhtaRW34e)ftFbpoCMVYG7)wv!m-RMJzI)9P*
zewR5|>e&^|-GvZE48bk;q(d>$6*8WO-9#6JjB+<ecRP=N<7~@rA;&)SJ^v0WQpmWV
z`}rqxoC=UXd$j1RD|!|N1Du`mewvI5dPC2CN#q&52>A?GGLZV7oDAnL&108x@n4=p
zVR*6ZRNUcIjLU#s#<E9Ec(MQa?vV@7is)8(WN3q+lD>y_#KI?JF_S3KLC6oy;h2hH
zM(_mMekx9qlTk==`68sB+fN9>+tGY=g^duhEh^{#oF_q{Q+sXzKK%9uv{>be6u0{;
zWCR}&{X8-H6Ql1MP4pTGg>8=J%RV~btE=XWka7W#_aX@XL)acp69m1~y~bCQPBgsy
zz(eY87m3DA8Aof4j><dn7mdk}=<>Kv!}1g86y$`s(@f|`#kjhp46I<>`vAqfhSHkY
z3`%8-ZH?O*kKwLegaqm=S_5VXmh2iH(hPbej>!i&7?!d@vBsW2&(tp5MiR{PcXzvV
zIGt|dRc+@Lqk~aF{59(HeTlH7|2<N?UW#<WVVd9OfWV}wU&-h1yK3(()jofI-o=ZK
zV2~LVy+E>nEnue8{UTdlql5QrzG@=-^m>J&ad)5MDUk{&Zuos-)^w}r&Izi>#eI$f
z{r-YGP(o`g&Xk2V&yY1qsKh(Turfoa6r85+&u_*S^^-LfSL!oLqfv`#=m3yvU>{Fy
zFA)d#xR{=boW^>aN$Q#@GCfOY1-O@me$3_Oi5?f3l=3W#aMh_5Ev0t0ajI<cc2=(&
zo&BT5asa+>S%-zWh(1f0?StchCi^YerENqqHgSJ&Ia;h5J!Nq&)kNpla~=LwC9jCz
zAZOf2TQaVswIWvB&d~V4ePZ!OXu;*21Hx(QsJ(~}A!E>Bwhs+i8Q*$p_ClOtTL<~w
zOqsikbq{tu=j)7;O=9-8DA5OJZ!yXj<spY*j_Q2@gC5O&>BmeIWRlExXlKrLXlp!3
zZ3kFhk0r{eBo3%wa=o!iLP+SeFK!47xi=oy;kknAV7Byra)1&jPxN;lOK5OlEGIMx
zD2BQ4{-7wGX<ypWp8UGQQlUljrgZTJN;KTc<0%4RDSt^eHRa>o5WFkZI9wtc4yj#q
zvO~w3$B2n7p$iVwWy}i5N%PRPC1+>Bq|uJj<=Y52F7+4myXx}IahJVj@<@5_p7M9$
zcX!^ZxO|P5nhohWqw0mflOflJ0VHkF`>&wXKQF0eK?vHnd31E)1)P3C2Hw7~6n6;d
zbWL7q8Li2o(!An^%A)CW2|C9cE6=-!z92S{jePGzbRyK;Um5Kt*&kf8%^@Fa?+eB8
ze!a4;kiYR*94<(m-Iky`h-0=7Jm<GS?9hQh{Pn$vde5)sqUSAeNdsZ@#%~6*>NSKl
zEkDS^J?;plhB!7WtqJa~5|q=zS}ALJ!zf_A`X$;Gf=;%e+*wop_of*49>j1eq|V81
zO8^#|t~P0>E=`Kf4gDao$g6eVz*<Z7;@IMG(sGy?2SLZ4_o7so^F@@*rs#|KTSfSO
z6FX)%4g0;f&H|%yT^uno3B?OzIAue)MwvuP9(lealRVMfD(8`WnaMW<sZ0dHAvxP=
zBJm%EL7C=|b_&^l5A2k;%<o^tE5bSZByRs5APiR_Ed8^?M0-SbWU{L|{U_t*^%0A2
zI1Cp9nGjd$gHlWtQ@O)7#z$=5lqW?-?SZsQr812gFRC)FG7bA+Dhp>AQKhnwEz@RH
zyi&W?t&weM)nxWAOVcR*prj*HyN%Hf@O^?{#E=rAbzn-B5wgFpGkcHG-Xme}CCSM9
zf&gB|%y=*y3v#I<v>!zg4pQDG;dswYdyz?qHbHk0#{QmMY5R@?_t-c~KMmaIa$;`h
zc%Jz+HJDHJcY`e+1usm4up>X}OzfGy_^&)q^=lD))?J>e9XoD{3GGI1;L|eA`R}$s
zXg?f>4)yMg<6<|;31a2sdKg{rb^ZGQt@fGA5BYB_RCjujTq`V9&`tSBEJ#=ML*$*+
zCn<1qG~TC39a%QbeG%H*$K=Z)H>3(TT^x_bkU^9Oh9Q=N3P&Fcj?SgmZ@$`O8sv1L
z+mGlPS2gRJ$M@dY<=v5oHXF?WFQg}LT_IJ^5c2bq+`tzRsh1brQ{05q5O`-H<_=nh
zfY7c&^3gw2Cn9hA^XvmE?%nmWi}}shO>zE7t}g`qCi_;hQ-y|KdI8woYyIA-?Tr~{
zuEMnnL}O81NqT*U^g)Yf%o*q5%AJ9!%S4Yxef_~=a^JRPwK@+uN(xtV7v@asEBU=y
zar}D^v$a@4X;|Op9x$t~>%?aF2<K4;a9sb<_q%s|m$CO%3<hgwOFl%Tvg14%<C+O%
za^TpS!l<7a^=UV4zq@I-3={^-V?Xd1_Bi}lqL#7I06R~SBSIpX>B$IxMr7ooOXkY@
zmV*B?^}nV?x50Kp;TGoH;|6EWPz$H|=5zl08jvx1@b83SegMN~6KCt+B)zyt$J1Q6
z9HDnh7>=4Ly?rIe;pZMD`{3+SoxalDA3DQKrU8$UDf#PYcuhFBHJC!Cy=shpMT@NW
zk?-{NJ{+RG$=N(kJ1lNDO+A_Lmb$PlF1?{p?V$W8sQA|}A>UXS9Tv)PIDz5a)+<}%
zpIBPLv3PX|lNh)}hW1HJd=`#|f$%(;Aqyq-M2FoZ^l40_^h7UQ;NF_QxrgDtdr@2*
z!Spc>mQV<jSTti@X??)4_(c;*Zcww^Jb>=^Mt`^zBNX^5ZU2T1LwnJfFySOcjM{G0
zn83vx0b)wWyu}FBVY97RY|(?#S&}|25Sd9v@qMd$n^k-y{uHWGb}oeRHj;@VMNe={
zFO>Qs*G>Ay?;@)@a@1`*aMV%$F5kTmBZOwFq=z;t6;1T)%jF%sE=m|nCaMZE7m=|_
z9GWPnnLwhgZftJjthRiI7iC|0+_y`9AS+5#$TL5=<9@v~EvZh&qrb$@mB?^TEW-)3
zkhTx`ww$y?v$L_*=V>qnBm>E(g>jAbar3=%{~zcDzdLKaw7S~(X>Jji8dH<OWQG2N
z@WQJsUf(AWb2@plI(UFAegrlTQ8W>WN|CI!sS9yVD7s>FVq^mjcJ_95?wgwjuUC)#
zJMMo9N2UrQMCszvePh9(D4!mF)L%_&)NT(6HyDm6O=+Y#8$<+N?}mQ&iJPteZW1$y
zaawFz=k-*dicT!DC@G4M?aQk1-o7+d-A&bEz6yT!E4}db>E>~}RG%AEvKu|R=sW|g
zpUsNA_T@)`eNcJS!~Xpkx{Qe$Dp~%n7WQvxsAXYjcKOeYFp-jAJ`~ttk}}r+J48LK
z#M`i!;?|S9_rf|nWY72E=we3w8T3|6TXN`iD(oWS8~;V%Rn(?u;^+chSX50ceS|({
zLe#ETJ&fOe-Ku&Z=n9|9<HgrU4fJsHV!HhJlL!ZI!JAvfhnt7~ZEngvN6%m8cLh*-
z!g4k#egWS~KsPBqPv6s<q0~u;XI|v&RY1}q^KawaS%I1mOWV=m#QR-_wt&AAmpvtm
zwrE_zGE#+wqn9KeF3^pmwk;Nif2CELHw~ns>@h+9EWw>sH+|pKwe;U9^e{8UT&#P$
zik;+xp=n&+7E(*fNnldE1m8P5{~5D_#@tQ<Y$qWOQAJEWdJdg@wz>=y)kMxZ5MF+-
z)f+(kkp~D#98A0ZhT#LK`C{=Xcr_oQAUZ~M(WQbj{tOvyxMi9D%Q_$TFl}<~cb?_7
zeX$u|Nf8DqHYR>IedQ1F4UrjWh_-dVlcq)}d}S3YAJ7JY$9864K8w`|NH^~QU;^Y5
zny1Pg0P@(_N^ip;_}ceRP!97eYn5#gTx>2PP~#xQUiZPSbHTsuq?IJcw88RkdXG4>
z)8e$8K<>+FK!o80T<kskY_EhWUq@}m1F~ZUB2dobkuj`NLte%PE9}LR^4hWN-OTL$
z0lKE}ik~F=br)LDs#)}|KKbCKPPn_)uGfm_wV=AY)&LSG2-BSNlUIU&r6(2z)0{im
zM7=15#l>49P^?1&MVT_n!zIp*dSjNFMV)9U-t2Qrwen7lL~JYw`lj|LI<>EiQsr@U
zFv3iPP<H-wnySwCZwJYNqH?_8dCqxMscnZ}-;YV%Dn7(4aJQ!mHFXl<0;WqWDtGX4
zU>3D)<jgU@UrjVJgDXi{vj|7Sn<}NWT&er|*CH(c@ez}C<{^zfq^K=0)!&($*kD<{
zg7d&1PT#(?Q0@?68TO#{=|`l2^dl|&(WwkPIXMTlu2boN@3PD}W6zoEQbp-D(&p)C
zWe!6sqj4nxYm`)Fuk7s(&2@3nNtChel7MljiR}LQJ^u0M=DISqGWb{bvXmJ~z<@`8
z(~YR-3Z1jgM|*r4&<Q3|T8lZ#fH{5nWUQbglSvBUQ?#rAhf;ZNBoVcMX7X~35O<y9
z;=+gH!}qh7wk`fChotyMp7~&$120-so>{a5DjhY=b@ZHC>Yb6CnDYvAntqQG&_?6p
zF5?E{Rh;@(@(h4rK=lgBrt^|>Fr*!O_;PnIQ-+3lAJBWO?%j8+el0XK8@d+7{x_1N
z$n<o%py_qG)-*0-qu$vM!d%=}n!(^XPU>P^dKOb%<Zr9K1<ny|RQTCWZTwX)V5X^W
zS+%PZP04GuQ~BJ=yNldAjF8FW>tmb4Htxl#r`B2@G_0f9gK>i8>@u&-rmAhMAGQC|
zZ|%_K_`|)6X;<XBV-ECK@9Hg3AkQL<ljo0FVzzZlw)FvvQ(^`{)jwunR*iKkO+Nz$
zg**^@`Jk&OCG~YJB&OG3Sw&$l*IHour%DgDHkL&V?(l4MbRD1@do-G}cZfyw0x?Po
zh!V}oLzPZGoHou<c#ildj`I`?tQGcq85j4bx{`v5zoV4p8s8D!7Tr;slP=(&DlP4K
zH0S0Hab+9{qftVcHj^zqtu0fKKTjHZe5Vo@ZI-32l%+OPtVQMbhmUKnEJ9T2XPIev
zxu}~T5UmP?T+4rdM0_d`F?VB%Wo4%n#s=a}UrI9aG`H1$H9FJYWz_bBGYXVt#S3WS
zl^**sYmC#{#w)GlV9Q=MxzYId+F&lEQZ<Sjz>$rEbYufO$g()7qE;-0#kD)=CbJ!<
zYptzuHi-RUBO6Zp8@6lJ>*4L9MffsqLsUM^?NOQRe5^rt-H&}R@)balWpjW~kZ(g|
z`#%X68=?+R-GfLFDV=VPNORlcV}^d(P4ibkF73deCtwVQUw1dnwZb+rYFigFt)cnS
zHIZzY$({%~H%$TedG2&QFg>5L>~zs^B*OkiDHfK3kDFg>RkMSet_}23EK~){AXlD%
zi7&<2Gh8B!)y2Z<@pHe=g0Sb~XLh<qrg^j(IiRw+cJ`*Gm(MjK(k0g_n^9i6q7QIy
zo4fMJ>jTv1L-|_8VCDI8bJ8@UV(|Osy=251gs2Jxo{J&D`W1ye(mhcDH*Ir!(}?_s
zze&x5Y5EZ`>6FJ-)VEHAk$H^SUQ|fAxu&$~PLS+o6rOf^nZK;<b`+jgIygB2#+1*{
z*PeoqgCg*Wp7cK4h*VOKG$dFSn`uX_7wXU7RNxbNvLpn&l~RvvC8%sgWnP{wpAQ8H
zCY9*|d4xd^`YWA||F$|!TX-$BFZWo=Cw|3o_2Sb9vT`MXzi}>E&5QtZJX2Db|8zI6
zddMUy#mThK*Z%5s%%;0Y{DcTXUmq2!rm+A#3qA)H|9=Tk#H4$yA^4@Qra&KZ>mx97
z>~7oS)lD$(p04*Kg0#cJC8K9)tFfVhMJr<0<V75+gA_x;!qw178wrbcxTCocfE4pj
z+tOb@eyG*AQ@xx`?(QxeGK;KcM|bj+O?0eH(6F10aa7zO-ZZ;7z#Wy|-}AY7sR>!l
zBpb<~?x1hb!New3Cwr{t6E>Y<PM!Y%i%H$AdxUaPZ%@tP`xJRWa!k-M@22I@qsUDz
zd8{`k9R+Z4r$b+307Lqb8SqQkh!qG0NH5p{+f0pE8FjP4IL*Od$0BFz04(*~hgO~X
ziw6d=>m@decFwJTiyQ%GbzJ&I1_UD0TBc<<*!ETied1X5Hs4qUw3ESwj=@!YKi(U#
z%~+BnnK8^n&O(3(A`_+j^I!kY-vHK&?G}yf3^+@Lq@{dN`m}P8dz?6Dn}$lm@@$4c
zgha6elciw=HbdJ5fZtBshr3@{KYuo_!5u1Purat)MH-PaHGmZ~Y6qIukCisV>RiqR
z3Jr{wx=nrkdy-3Z&^xPP;g*BEifw10v706DEA;gJSJaYBR0mA_zTlI+<mGeY;Uj?N
z*21A1b`T3xKy~D?UL`<O^lYbUsGX27G>oI_dl$9zrj27__$HHse5Lxa;X4&BW$i>|
zz8%?vR8mgsI4b`r%j8cXK=lddU~%z<TKH@axCrhiBpYsu4NKm&-wt7Kj2R_|JlEjM
zmnz~mSnSy-l42s1M)nbLA7HWat^KKtP?$!#PK{x1nUaZ~ZrL~ire~q!q33UjJxrt7
zrN7<Pe0rjr;kLwWewI=9o7}UQ4!>7z><x1B^;X}sbHS*l2EmB-j~LQ(dU*jlXQ+3;
z?iH&`2*8+-ivnhIUro+);g*e%Kvmau&|SB29|w7DY(M7FZeEyuHkw$s1Dci$m2~=S
z{c&^|bZ-`ueq0|%RGj+=7+^Ygp0gip>44|CaPIpR4*rBluLcll0!@4T5jN`C$~rNj
zAsVKMv5HT$wkKyIoAKD!Pa!<h|4Kvjl{&_%>;05Fea4iqk=OTgw`5d9erx;HG*~uM
z?Q#2O_fr+5s4<h6TjeiOldutw+AE=7#}jYp>HJzd7LhK$_4!GBJxGJSA?BdFSOA=}
za5p+Z%>A;GmS0f@tp|iQCy2S-F-s@v5xoeu!=e{Xty+3!uj8c#Wm^Ck`hpPkUztZd
z6_2}-?|13}5Hp*DyHSf~uB?FM{B^vrTjG(pX099d4Pu5BNA39+YjNfm=}qLG(~q%q
z%~!RAKEp+Z>#mQ+>ZBZR#`if_P&s$`XFPHyAJDyirQvy-aOIo7(AK_r${#pfb+L07
zZnyZ~BVobG7Jr-o_frg8dZA$f%6&KMCd{FJ47;MHQjdwTyPo~epLElgjsvCGPIht*
zah)by(wCT@g`{iOiIT`4`^`#?2^$(kYS;4Ichp*a3Elf2g`^ADk=>g_Ydw?MM8dts
zPXJniH#d*6{^qU7CU-wn=lhKs(wTjJ{}USV1NHib;sih}jabnV*A{P5;QOEim`RMW
zVWxzS<&2e@!EGpwFvy48-w1xY6~LWx>wZQ#(PGxxV9g$VyGt_3Tg49}6QCNoE;a&M
zIj6-Lw^quJ2~>1S2YqUF>cz&kQVk9<c$xtD3h2y5Ew$KnS^EhOJ;MfG{l#~hmroKj
zD2}wi3mu_r-|1dAUQ7G!&qFN)OMWf6cp6zyCij;VVHa)Hm+eqAccT|EG3`@AKN->o
zs1U6%#GVFm^+N1p>$m%8;iILSraXls7ZF^FEi04w)Gpl%-Wf&y{c>uiKOqP<*}?q#
zwf_>hhoZO-x5FyVtg)vzsF~yovu^sB9s)Jgm@~fGEOF0B06@qOEB9hSgG_$w!C@D*
zCNv|&?7%PrI{zjnfmP*}rOP%w`V+1?Ci+!`dUg6l`F6o+tH}%{Zb3`s+ddBJ&8uV}
zE=fF^pC3&uS+b1AGmH)p$GbnQjsu!`ZPCCuu4t*wCixAd`x3#?+DRXI40wong17ap
zzs`TO6<CH*ZJWgq3Af?Wk2v`akOEGT-!j%;w_S%XZSm5lh*zU6WbjaSm*T5!zJB`k
zqOR<8_@ynshc<J)6~B3#Fk-TR9#CKKSz^x~FP5V4vxH2>kr=?5a=3sS`Vl`u;j9XP
zqY8UEGehD$Y|E*c-%!l)51F=@@VRrPRtA%|uxsB(Un@4XfZL15S%L?}iRYm8!B>+f
z7I{uaSN7|Y&Xm{1*(~Zc`K>L0p^yv4t92~EaXarLYxwzhZ)f(o^Kqf6uOsIGkow)b
zeH{i{^nP`G(~0CZ7v7G(+Gne0F3dNCAjxHZu}(0G=Aw5&?ANyh<xeE7sX2tk&-QU2
z?SLDg{GbhTCLOm9u7{=b*9kA|-yCy9Dg1T^<Q?~Hz#T(Q=uOADsI$Bw=cyYN;DAv>
zK865#Zt;B2VbM~s1mKY2N&lRt+E};O6~}g2rXWKr!_$^b5dS%S2{2M2OTANXAL~6o
zpPdHK6{77}HGW=Odtt-PK&>F^Pb7F8<7Oj@G)jp6Li;0qWsQdF(Ly=)oDEshS2;GB
zO;+j?E>J?4hl=Q4f%f2*|9i$T_17YkY!N)K0PGmqy1pTeJFNV?Ox48N40TKPd#qSp
zH#Dc<Ym|`*7-jX3ve+hJ<|3>bjm3x3(>{yiuDzaP#foP9x#I^mDTUG*av`;4pienY
zcjKJRM(-g%Zr&Mj_5Mi6Pt{OGuh+ed7VZ%4v^-o<`V87gun1<M@^oQ|U2R;US<xVM
z`~W>5Fnj9skEUq^hGx8ww^>59VDhyQ4R*N$0;hWU!(a2WZ1ZnMdjv+KoV@WkU1MBa
zfC@_)R}Xo>$Qm%+sG)HMxHwPK3AF=^oc))_pShG`4NG=r@Jyr_;|_k$;+cqrNj_lp
z{5l}(>Jh{$?b|TPww-MAoeajw7%f*4>l)+s0F-$k1dxnz^%66rb(Rq~Z;#>z$d7UX
z67eRVbx5TRLBgFIZI=#RW8XXg)pKi{^8_NH6Zif;6MXn}m8xeV_Yud9L~rp{2V#rs
zMm#bdwwDl9<7bJ9He2YIk30_%1c`PnV~G!zQwt{7o2WuB6yOx%2_Bg-%!**(!Xl4p
zcZHN-56oqvf;HYwpOhoXld>56>`(s?@s3ejKCk0u1J%)G#N2^~bGM5Ru+RY>@&WI{
zst-CxJgW~RKtEu=J!kj3dvE_cmZ~awGPO?0XF(|@Ztw>mz`+G-WFI-1y6rOJ-Unm#
z|IR6sHcF=`TF;^CYMe}cr;|y=JT#li9;<pf<TRtPp*sqdUae77x%_-p-)4p8G-19+
z@F6|O6Q+kDXQvrb$viGdTWlnghWJVi^Hxp;sH4}O0Y80@?n74Zwi4D+MDy43s+Lo4
zvl3wLs_rSdQN=!oM+amLnwPd5HbQb2#QX0=<ht!!?~Df;$8PLzI@ZR$FawK1jo5(B
zd0_ceIHH)OkQDJpT}(N8PF{8M#VWUU^9dsW$+qR<fm{3E#!jO0Kemgy&h2n#MCZM8
zrFO3E<`zM*wP!@PTSjd9OA!{Ds3<4HYy@A>B#Aw>c<sFmTWuD8l{Wsdlx$1^$jPIG
zz2#1xQR`G)Kw{JYh72gLqXd{c!d%+>*_cMGEk3pqb||k01en_wvx_-;Z+&BtKTUvg
z-WH3AHb$2rda-WZ+=rE4*?`aF(zii?z-(vC;)|iQ-$jzm*)Bur*ub2S!P0>om!V^9
zqJ!Yc($47)b1S#l);^-!`=11R4>tN+xsn(8E|TtHv5BuhX25hu>C<OtOm;$^lGZ1v
zGiE_XjmkntX>7ynR0m~4v;ot_-vi~<wDRAx{6``dv^5!lncHMm-fJ!gg>C;NP>3ht
zg5*3Bm4eikTx@}7HMU-HOYr3g6J$$kMVBHR(Hl6~b&}6w;{mdr0kk4!<dYgsr3(Jj
z<7%VT-FU@ksNB6D7qc%<dsibzwXv?=kx=(I-zoTKsNRQ+N@4wK%_~*unN#ry5lgce
zl}NvA`1l!|FG&p!aDG3sCQ1G1^I#Pl7BUM{|9;0U-bLX75V7JGf0E#$oKx|CbJ!5U
zEsiMRgoaS#7K@5m97542%6QW+d!gtf@#-?eJYuTS6eG6uBAH?~dH1yn{^T!N;5c>U
zmN@iu0-b9W{|+8!`j!)EU>g;}h8gLwhR<g>UqxFeXWC#fceKU)d-&6!SWah>a@^v0
z2Wqf^7o+rD88i5&POq9jy$GSZ5u-eGNF%mb+GdzXv+bWaok$3=c+Mq=FUw+DBQ@Gi
zuaI<3(7|^2TmIHT(d8y@mc^?^`sGUq<H%}R`9eLmmA@}AO1#>aL8OOyr04r|wB3UR
z-~tN|eSv8NNU!usZ`kXCGZth)4UPu`!v4Fy0S2(eB}UtEeEj5Am5;t)#aEbr3E~7<
zY`U)-S}xTrYy8cbgFOpG|EA(w2)jQAn#cks()qEY=I@J}T}>-;f^0~x?9cw~_iQv|
zeS}E&on4E3Jb_mn!fy1Xhs2iJj$iZY1UdS`hoxZ}a6Yy7Do)2|BkJ)t)RJ$TRHCHw
zmk@UptCE4rL)hyv;aq_PIL1}{*NBERoT4v%MG-1%@dyL_d){b(Pf6yS83=5${=&Jg
z`E|M60?*4_<KA(LE~{v<HXxBPW&ZZw%ksdM8xS-V`05vTd50~>`9gh{$><{O+8q}<
zCeH;;w&dJV)=z+Dv@`xjU|m~WV4@VAWoL+BWl|`?w_5SUP;lc)DErAM){PP*5vW%^
zccQ%Zn!v6dCv}%7R%1HSq!H4J;$oV_GjSAu93szkOHQX@!skmJ+Dfu&mtvX6H63&8
z_l-@#xS_0W04qJrCa5$psOL1MrkU4%#wxOkGvfG9isd9Jokrh-9iT`YuSTtc$TfuC
z7Md6j$i{^&mJtc-+|;cn6+YCkBY%({#Kl|1ehw&qBC!G%q~O%_y91=Jfhb|yYca?B
z6WkvtSTy=haIunKkm@cdW-hn%BaYWR06+$fzGjnm#s=3icMuqhpLAl;93*jvJ<jD#
z#Gql4K_mvCt)n2CxLg*9I8Ghs+9ayh5Os)`xHH`)3QW?gNukyVDJ@~Bt4_63AmPvy
zJsps|YpE`O^4lf4PkNBJYj>1@uybklvEE4DIqed$rxMnfx*$krqn9rPshA%MMW6;L
zi)e;4a`z_I%iOJ?18x}5wEyr#Sme_BlsyeFaEjznYV^Iy#O5+!XqO12Tb#;79OpZJ
zv8;_hu2(31nvVzkX1EUMTsW7z3)zc0e%x7z*-Ji#oRQaTkKnE1{o|>dKoUtgrpc4I
zQ^q60py%GeL)fg@j_A@1kr)h<x&xSL4>;%kB^+XF6&im-#G5n-!j&GSMX~yosS(nW
z^|=Y;A0u%Wnh6Y4&$uv$|FNQ|EUMwPPa9hadYopc=w78#^b&aX;ga(UD>DMq#+C>M
zRF`Y?y&#rmN~cU0f&{8{;#)HK?AgfSR_S@7)od53Dc}ZFZ6_hw1=!(7B|J$`5KJ<E
zh>jiJp#?0j<~+Q(f+f_{Eov4o;595J5hI#Kvx<pkc<t8%a~m`_@ys%-xo1JleAJWU
z-OK@QGLyyAX&<u{Z`HgNXi6ZP%@6E?`&{RcDsE8vrj1oSbAVT;iq#-5VFrU3972wh
z{|D<RF)+M_7x4(sGVqpz0*<AMi*+Yk7CSs)nMg_1ZgE`<Zd}C<$W=6S??Z?9Elb8v
zaWHl}j%pBvtvVw@dYR~*iXCVCk8IDQewn*tg>vyKo|pOfhTLITASqilvw55{_4xT-
zaFjbDl^G{e*ihF^Z2q)mzNy@zbBGe1a`_|&@Yt)|(TD<0Fl9pWA`Xt^wg@}i)Qr>n
zEmBe(3J1NzjO781JJwtOP5Hr?>!jVJ{x?~Iq-{|NMQG04UOZ}uZ?K}MN$Fa=BKe?U
z*kRmLYu+5{i4vAz$4un^B~SeNYkGR=(lh8VTM4CO-h6{QO49Aq)ZhXSaNhIX7z|KG
zGDCV0152(~_eW(x@n|U>7gFbyeMNnSh}gV+J+l243sFtZs77{Y33zGS<WuSoeJ{sE
z7NXCpmiF1Sq)6+CYPDf27+8jnVi9yv(fKG0TmS`J+l({kx;=*~UApM}HF_?X8qn5L
zU|(7Y)Nfm0DwTJnfIFhDIIQxJ0X(Nw<hj$aRl4QX`k4=?w8Qu>cl=DtBRgm9?^4C7
zWoA>=ug<NtkPp~`F&i=YC6xXFT&plb^n+Zhw7@9+c~hJL^ijTyn}d(}fa(Anz3&kP
zX51nVba<@8SzN9KtjDZrtW{xCoJYz-JGmT0Y9UPeGPFF}$_F=pR}f1(Zmvpi8Q#6C
zrhvQ2B>I#=M5<XnwgGVt7nKk(tH&9vq%55EB(fkMV5uI85R6rfl4)2e#lL0WMcCh(
z0tjayGm5L&`lqo<bWO9yVtj+vzbRo+k!DE?0DC0Aj}MUN&EB$Lho{<c1@k6K{=0#1
z2_qOeHvp`y%OQ&9wW;Z`cd3=&_C&fY?#Lsq+VP0+6#l1}4720q^yVA+`xB5NP2Dgc
zYAjeqOAk*U&r|n%;*n8bpz7=!(N{YjV6HM$NVOu9l9dmET)1ks;?4}WOUJe1%JBu_
z3IC^)xwWFf-E>V5&}oY)yuV<v!7snzuwxuM+9g7q;p-{bsO3eJvT)~Nc;r~K*T7x0
zc9l`=TIq}-ee~h#6D7$Bn*LcR(`O|Me>Pb`W|$Xx&1zLeAm3=_E-DjXt4~lU{cy;`
z17l?P!#;>x*C|g=PM|vSLu@9~u%J)g#G-AnyPEs~*J%j@XnE#_$TW`wq*Yb$DPPSD
z(#9zR&0jd+Ndj>cX{B(7rf_KXRb<#t1;>uvRC)=0nI#$+_g2G}jxPDhUjlx9{2{n6
zxW6&w^(0jN`BUWKQ*dnkf8{QMHwEt)=|Ecf$N+fEXs?2vaEm8|BT!@_lfIFaP<3q?
zg3qfKQ9>ogO7@wz&b7?eRwdFgpSq2G0kdW&$dX;TxTZc1W92M!`qH9KV(W``EXOCh
z<8v(CU6^d=*j3GDBa2x>uLHKZMD<ax=H9D@Rn)jiN3rtCkPZG*OFqw}aunv3d<5dl
zA+W9MPAmH%WkLUQzDlXswwsiBb|rvHx;o~E%4$}A9lk{sL>ZGO*=Ul}wv2OmItBnU
z9^%<&;gM~)<6H*E08j}r{>$!*PpNbgaBmtj&So{wX8oh($yTyr%s&8w92sAGnm!gS
zZ~YklCR549tAJO$Kf@dA;4u8{!xt`)V&*)P5)sXowPv*`(a_GFEZ~k1oq&gsOT~m%
z{{y?FK%at8b+l!waCN^;v{!<noj*;{&{BI|wO9A-rkZ^)QQ@yEqSJp!5MJfGv&VMw
z`J-L$*ta7D@AXQa21UZsAl@P>{vw!6Ev(#YC(K*0I_?PIw;bc;_${w&-x3U3V?IG@
z;3?9o{yHq^VmRC4$`vL4FL6c?%n~b~NJPpcDK>xP%!SUWd7=X0ZEkQ^Qys8`*)<PM
z0+@#d+1T#Cdp*6N&mZ-F)ubl8bgIWCV?l@9j_CnL25^0!ywOLVm7|O5*lcQAvi{TF
z7A+T40upnd1gg!&9g^V93g;a(1l9FExe-Zk*$ih-jthDA`}Sn`<#P3YQxRl<4c@~4
z%3N5HPH<Q$+#Vdtj0W;g6wLtp4XQv|>vzP*v6zrsd!msd8`$VIm|wK$a#s`1;c+%#
z2Whq913K`B1$AyRwWduxg{x8aV@e!)BdHu?yw%!Yzg#&z<F1}?#Ea<<EqcK&X-<PC
zIg7NE0>E}vjplh@rG%>O#RYxKUxSO5Efm`<kVl^Ie+be+11b}l(IDQw$kN*wU{FDW
z^=D(IqGjt!O_|suP@T?)nx0^~5j_^<V>R6n;hzhHKEitMYo2eEV!yG_9n&)%D2Dde
z6q-twHuWb+8qsNV{$h@;tEW9K|3Vx_L|#MElTfzG9MSzXxk*W^M%W&IBwPo<$A-lZ
zHkKhxmU(^CBZ70Eo~rHg=4*ZOIG5*j0Dl_(_t%Y%ACrIHX!-q{QUQ}rK2tjy&#Q)J
zUhS!4?2r1G{Bm8M-VVcpqXJJgi0Isk*GK7x)nS$OEU)f+S_rSr$C17N%eIAn9O+(#
zO%;<Pik2a7HM3asg^Ym$@S!8vpxA6g!zTHXb!3e*xK~c7TE!;GKU217H)Cw-BS3x)
zjbNeCrlwc71=ycsv1oV%x_=Zs2Z6xDf+of@8sBq<(jgF7Px%X!UAkva@L2YOmT8Yb
zu20HQv@VzKYR+U)Aw_UoersIb`V10&r$Vs{Yh2Kqdv$NMmsEC0n-`h%y$~2A)o)wc
z9OLErK`%Z9tI8|zJv(UmwwZ`Nc<zr7AME?QI>GinbAKnVeAKWKmBZ0D?1iekv!lK0
zx{ARucYyJ+au8m^KL|g=x){|b4-7(gL3(Q$x<V116a5b4Ba)B2jm}ZUB`%WBcL105
z#QigPX07}gMZ$3bKV4i3tDFWq{a#acH*6gTb%Rf4?msL+opek6cYr@$<-`NFM#d98
z#{;k}>2qLg{fVq^n^HJJj4E-PESIhCZ5JTcjvJVyCc7aO+@XY?<|P)HX_~l{t4C1M
z*low@J@ua2T9~1nFM!sZ(3W#{mzo{r166tONFxDY<4ai>KFO_|5t~5vkUOh%-f=p&
zj!<q0<@jUs^iFNPvw2OMWWjV@|MOG^_v#SPE`~X>W*;S%047b{)W!7dsx|aN=HtBG
zqAaGN)F?>!XCh3i(jJI7a*YL$Yo=DU$t^)i<>TfYNH}wF>fVnVv@(MW(2*GyXC1Qg
zxz7i#AD?pc<(AE;d?dVHSdLlo{T{OtR>eqVRw$Jbtb34H*4G;qaZg`q!;K(_WY00Q
ztqjxfRS$;SeE@BsCjR-24d4HMpr?~QiS_}4K0$S`HYfJuj|tOD^M|?nQdYgYfmSOe
z5B_~4*-!I<k+UM$(_g5W{KO>>`r-KZ`>7cz#5b2!b14q1zKIxRjdrTWYxQ-KZ{lQ8
zE&N(pLv%uaKy$o3)sjzpc{hig%J|7WOzYD7q7ijTGH0Tb{CjOLAIa@+M@c?KKN@96
zioqIPIyD`<`eAlgbAbWL1`NzUlNzBF`e<tbG}17&Wc<c(GQf+UJKEZ{oznV2xAmvQ
z*A6H~{_6Cm^X0Q#Y?#Z3LM+p*(f3`7&U_mGnOL0{0=IwD@{t7h$6NfMZ~bXLLmxX=
zIBFZ^RS2ASw&XlV3y^i=LsNy8@R8{2crKgZrt<XYjNLE9FN}re1Ljq(x}cRRv4lKh
z5KG0XXU?>eMDc0s!%QYI!i8yTg=udWK1POLL2i6$>g9YSfL;SqXrq7zDk6zdM4+ze
zX#V}Cldd1!yT)zH@P0GE7giM4U*0^fL8jYORU_BB%7dO?v_qQmMv8fH78~z>zJwK2
zC_4@Qiu^ZbX|@#k&pN32V>1z55Mt~qwB?Wa;kydd&Od*VBuaF<#W|`|5pIuc0)8H}
zguxGj_2CE?OhFKYb&ft`?qv3=!&<yYw?8*TUCBX$Gh-hHi8Y^q*aY*{aF64n6O@>L
zJ9}x&UmPy>yNS*`Lk9i#Ky!jm*}?FfZ)bH#&@(r5U|0`xS*Q;x;<$K|5-{X<S`fvY
zPQ6@^BSNh08g-2i+h9vxdm!&OWb;E?wuHBxQ><?UszoJ;fI@@BYQqco*sX^4YHkYn
zSS?HgH~8*P&j#V(YGk(#xITOKe<aJsPuQg|DB(EvYbaXhJ>fWCTGinJmCqw^6<NCF
zWMQ(^h8E#Cb@&&Pi0V(Q1e{7vDJ}%&q#xZ-fcxz`sBDAQ)4RrXj$;$oXqmqD;hI`r
z*RBe%kxpQ-_Tz}Md6nCV<%qGl&w7pf@I!N71AfpDGHIg{yd0U<0%-vd0Bp8Tp&>Bm
z*!ZxGj`@;ER)-l)oJjW4`YLzL@H}mU098FWX7?}{1oO9&nm4$&VuX)yf&Lx-eLY=3
zMG1@DxtsgQ+4Rou)sQj_D{|xtpThd%A0+3iN+`6=^efz0H#P!khcCQ^(BFp^KJ%bu
zhj$qvtMI>nHznZbq({LS1-*(@A6>$~HxFW<j9Bi?g5TI?8=ARH{085_-jsm&4mH=D
z>6z91q;7pNBK%LLz%ThLs_m_?s&`1ftYdbN@s4l;=vjR@o%@C|DI6=l9YRO{(=(_+
zokEsxFpPp>reSL8tC0KG9rmwd6g`t_5Ae<-w=p2+@tFkYFJVk9@AIz27<wQRQ`^K-
zQyu-thY^KlC=C%*XV4a*A0#cvx()~%7G1C0=E^^Ayh}HV0wikK1WWtyFMITmTjr_=
zjjIfWkXtIhGrt??SqgWFsK<rFJV5Nw?)!?5_E}lyiS@y3@UGS<>4c|-dmZ9w(uDo!
z5z^27T}%u0n#oQu4P)c$EjdW`&hA5E<6E3SBD<A9;`9}0%ucn7qqQLvrR8i*&pom)
z8Gp$1Uzis{1wMm-X*Qm7(FL_TFT8WyU9eh9bv(7e5iDd;M5df)BsrUa<c)jN-UzU1
z?+AuoUg8IqQw~iharqcFIJherPP2GL{TDFn4L61`K#l}OPH_Whm|shUBcHpzgQBWE
z;WCm#&t)hnFHeIhIWNa>B;p4j91$cV`fL%0BE(}6=rnh5^;+|)gs~_m9Wj?ce@NiA
zW|5rB3?K8^v)*}bOgqe*K`C|;5IZmo^N}9olnQS8pQQ2c;^2%v&KWGBq&ZQFbG%8&
z>%w;s+s;LlY8XWysI(|P<ywC$;0kZ-AUHh^{52I9Xu<}1aDgNICE=CwSEea`RRhy|
zj@5InVSTnByM9sME3{JEo;je0UdyXi%Dsk7frr$$bZ=}mys_<|a~@79=L~Iw*)epJ
zl+I<7biqD!6NxJ7&of*HA+Pw`23`AD_!<6Os<`8n06WA7me80w0vTb>rLrV^YDa~?
z;;TY#>p*PF5Z4ITO-Myd<3n$0UpY0_Lk$r}Y#FnU2o{Q7+BP2~uv<GW8=WO5wc{;1
zAqjM73R-h|BRLC(dPE`fDS@pVp%cL>efWbD+WRtMRl`n~T<!7d`-4L5&^$-sgw)!R
zvBx~2YYYtl9ZD5k$5O%e)HyMZ)<?U3la$X#jxtCa2ll5FZ*extP}<evef+HRpUtSw
zH*>^sbtyvcKiC%53X%wXKkJIgXtxVM){ZQ+kI)5Sy1$6uZ;N!-SsszRoq65oFSx25
zqy^AZQB5hLp?gWt=Ub!T&?S}scTkpcN1>(o?=w>~GY5LeaWFr*<0JQ#)*Q;pj<GPO
z{#PWpK5(OFfvW3T<d5N>z=8H{@ku40i@GM*QFq>VL(>aY8w|?T@Arnjeh|u3xd^0j
zr*FMJ$MS5PLgyonP_B*Qn3wK==mb%GM4<RhR%j#d)bE@+V?%g;|D}|Ac&nJ;Jcs<9
zF5EVo<(J;eVB!ZsNqls@O=jcPtQWsR97eR7A=4Bh=N{su`nQDlI5^b4z?cuV8H%Iq
zG@N4uSGGx?x45Xc6L4DB8KFgq3QhOyTq44V(=mF)WrR~DH~jG1J;`Yk*k5=>5&SQB
zq>@ATH?c{mxEtKTkmUD7Je7OsgU<yx)QD9tN+K6PsshR%BAxKdz3W8jqotnU7&+pu
zB5&{mfMQO%`x5nsLk#8x;mUhj`fU_{aqi78Zco>)9hl-rmWYuO!$cKRG0*gAn9n17
z!#J6rG<IfP!yk}yh56BFw@J(OPp1oTk$w=wh0|Y%o4i4s=e9j7Gk6`w{fw#oFhosU
z|Fpi(Pd_>G@S3ZODHfBwlP*_$bnKa-POQcvRy=yq(c62bTzraT(i?g%P^R?;D+!x$
zS1=SyR}Ql0KCe>Rd;HtSXv40p7V|#3I<v|p|0Cv63(Yxy9kwYV{1kMetVf08=@!Dq
z7<Q6RxDfs@fGnGhIVZ}r@Z81XPSV=1M08K0$3jeM8BN1}?sddFtj_LKEjrAl2UfF-
zHbbV97hq>31_yBsYwCs15;m2&T=&$ky3C_77;n-or-L9{kn1)qmWQVmd?6g9Psi)<
z+ZV=ViP93&H!_1{zoZc|e)KhN7GGIZYDNA(*4{EWjvi<ijhWVV%xk6?V#mzP%p5Z_
zGjq&rubC4wGgHjWj4?Aa-+jMxtL~|L{+=pny6chDYH4O_W_BN`d6MBvRTA?G<i7`z
zWe-AoGLAZVt1nk@UFgsO_Yp?p8djo)1N$z9FYk^>v@TSe<3OOm(ng+CNR>8t*=M^g
z5TjTCtz~WGx=&zv9|i+l2Stz-gHFkKWxH3acIylO&9a*vM`_9v_aEDTO|w5pg40fa
zkR*++$$sFs3R4bcT))2F<jyBH6(dsL`yIsos10x!xes`BZoca%iU@d&&l|t;2K!&V
z@mmM+l0>ZwtxPojNfYbe`{Mb9A;huo+_|p%`~)|%Gy%t4)f(PjyB+g+8!oRSFGnW&
zkhAJ66+!V|j9Ap7ex{-b^r8EE5a%FDp^?du4~;lKYbmg`Gd40I_Y|xcQ)7{5(v$$7
zJ?XK?ODju&o;5j<2_obrz~c=(NvSjzC`ma^XNvgH{;6P-pL4$DFa^&Sl;o=E37)b8
zBPHLhb{VUI)^c{xT<6>>a_#pUs$6Lo{L$Xat!Doyiq`jd>jU7ADRJOOiT(DOd%W}W
zhWlXWzO!xc4BQczVPd30ZbpqyBa#v6KzJ}PX)B?=eP|r_NOn{0dzz=`$XCuQYGjs@
zmE7hZfGvCkvG?c*iS<%VLUr82B+HXwXXaSjpvg?QIAMG@YRxMM$A_j6Tc@U`-%*;Y
zpTMqNktG+7^w3fKxbjt@enF%`*AsW#wG>jqF7gVQ%{qRbz`m;+Aqt?gXwTc*^bu3!
zjXr1RTR<DQOGy{|WwJ_3J#tr-H@v=gAa%SsB|8PfetKv&34?Nq6O>q?j~MxrCsK^x
z$m^n6vztTZ()}km0BGIEH)<kr*~ypk<L7=eKD!gcJyannbq~$~b4yR&QiRCTWU46m
z5fBOW2<RI%Ufdh!>1cTXRA_TM?ll#}wtH1!(2VRK46NR$$->{$vU&AI0zUlbp%6u!
z@4py$p{`KS>2rxtvS2)>7)}4S@PGj<ALQ*oT8K-BnI+&y^}S0pD~m-7)3)5)mrGF=
zQPPs{Z*Z+Qg+-TYu(H;C`#Ysqdi3IH#9fw9|2h}%-p7wbKY47sVT4m-wi}9%zL~!a
zuW&@sT${0kl=W|HyHCP)G)GW9MpSx+P45eGrlL4JMxe!p=ohFQiwhA>UDPCuVhH^m
zzK}8xHJ2r}h3!t**e9bI{xz>m{>m~sHx(6D9&=_W0&!VhbeXI!7@Y8a{U_kjb%v*Z
z*iGU{lyVqN{Nd%b)P~7-Z`C;ZjCb~mc5aCja-6YF1AO^^vTG;l(=pZID6@X9-07l2
zsN=5iN&tzrir{NzhBrlFr0RwwKI$ii`Q^t_52Q?`dibII{NtO-bD0%(ddt7qHw|Sc
zfB8oFKnlaBZki~I<eMZfjU-uJ-bDU@PxN4g9v?p!L-r7cj9I&ct=O+O8$$L_VHCL>
zrz48S^GT_9@(Bj=JTYrkaFqKmxFg6O3MepZ^^51Ud$FD|YhU#g(7fNjMlR=5MlPGf
z1wen((?a&}ziW|dZ9wqPCwVKUGNORm4pyBad>jV#8{ZNWr6)d2ll9RWv7noOwe;BV
zPI|JVy@#D7L0Iox^{V&qK_V_duk59j`D57dou>0U2uO|@Cex9VK0<?{;VFU(7E2yt
z1oES|ZdYD8QtH}uf6L*v<n{QT+^$dlHfJs&bn$iO=-Z-oc6eQ#?=A$}3se*Nyn3r$
z$vw(ndzC4J!ks%?MJ3S=5u{;5k)Xu_15?<)PkEOvv5c8zAIoL#*XWT_<2IWkNDrQu
z!-zTZD1maFJ9DUPgl;>%*1IOlht6U2sO%W7y--$U$2z=#I@=3<|D>xiU^zVbR!T>q
zh?3b+84wkBuEqPUZk&g9^<>tYDE2*bAG|V@7Z7}-j7ISUd32brX@e`R^6kzgi@(gI
z#ug}Fj_FNxE2{-|>PGy7d7zc<e>|K{kcq|rND%FyFWI|#urATVQT2K%Om~6BP*s1T
zWxlo(+K)hgq_byFJ{B8pYvZU{xq|IPt8YZyiqPZpq4G9;@{1#&n97tw74JQ~hw2E?
zBl4K*t3Q_1KfRw(AI9*`Z(ow&-y{h-{Zbv5<rxiM72L_&GKu)8`Nd->vXhO<$C&;f
z;bAgFd-x>DA-t842W&QBCUoPsxASj^ubcgZb_QZ;VI9YM#Lq8fjBy?~-YmmN9HAW3
znhs4%8mYqh*>H;?dRyz5i08a78%OsE&V=Yn50ur2%e;PDG?H_}7jn0{<bMJZ-f2ur
zy5X5^Ow7?*)#K5~+vAxxbc1Bs>z=Xx@de3p)IC%D>kJxauFIv2TBjQ3C4a5!hS-FI
z)-*8@aHsg^s~BG>?#4zDN!7vcbZ$ld>MrolcjlD5_}tutff&|f>)~aXuo!p6c*K|=
zyQ4h%3>ULb0Bw&>`~gXooan9yS{uqb`fQ(d8t1orcJ#Zxr{~$0WUYWegpq*QSpTKf
z5y^pT(pVe0nLg4mmm|kNZMz0C{quFa;cvx4liT+Jt#bpJREoDUibK#JyWWUyT#s`q
z8|#L6-q?Ht#s-r%Rv%#oT~QetY<*d;eO^6VV_r(gG=7R1Xxw}6#)SXMP4-HOo7Fv!
zFQpN0yfOl+=`ICkbo_Vt0;=&ZrzRBN=gvN|m`(!)Bf~Zj^F%`N*gvE01+P^4xOJ~d
zsAT1c@pa}gwL$SW3@2;kF9#+i2SFpJUyNIZ{(1kF?y%P~Aa7%sf<&||jo!|AXiz2Q
zx7?1QqQjhRod<4jw|_Jh|ETa86-LW`jzJ^J`Tee-&G`Td5su^<gjXPC>w0VmG0$y^
zH^KYEo8wRfKp3=8phQKWE}9(&?q0vgLx6N-f}`&XX7jndqe2Skuvb|(kk->-px191
zFc_Al+f|VU+@rsYnn?$#yO>f=F9OjWh+7qTR~LbJ4)$GwXnpH{>-lVBwqt*QDrcUy
zRNu7ets?xLct6!+a!sW^H0f>>q7Mb~u2I$Bkm+tX2Ch>xmBMmwi>53i+;s>Tmc8J2
zZ#X!f8Al)xPZpuXJFgN>q)9t-&&fNTL2>imC&Lms>qdrs*hnGw4L-=d67)Wcy&!Ws
zOn&BQ4kx(JCrzYJpOkhHsyHeZ?N*V)pYBIH*R6G=>V76Dm2bet8*kdiWK<0<7X3sz
zbN$twQFokrVq@(tt=+BsCywUfE!rIaUxSxZ32!V~dzZLF`uyc5AdM<*g6f}K%qaS;
zkZBD+U{L1}p$A4Q%N>T^{gIt-=0{=puo|3BbL(qPxRAtHsIrjA_eOqGnSE^Z&Ub55
z7tGuJ;wALs2z;x=*0SBFHTUGb+$%{ouBBZX-CfIo0!`NrhI>5K9*k9D^KV(@o9yzb
zrg%SLiCrGj&GXrle&3M1^YGdm?H!f8G2w2u6R*n?H8d@NrwK~TK<tscf9h=&{0D=y
z#b=+tlTH+na3BT5fL<?On%KQ?Rv~It2xishsd8=|;-t1!X_EO+p2ut9NM#5<^~$r!
zwb5V4dTL+v``P5rjp(7>!~i`SYjv(~JteUk@vtTialu>6r_dA!L^c_9`}6@3S{^>R
zyRUQwy!~w?nOy`PX#JD$6x;vaE@!>Xj@-2N^e)g+a2s#ga@!E<sY|4&C_8zZKax$Q
zOmxXRg-w0<JZ&Q}S^rNADYdI4>ySK&XR5>&`^8pe@-{)UdklJ=LG#HD-#rJah>A&{
zYl_M&`qszl#cu>$p3aGJ=`+$>&hY(^i~6E@wZn$=-1LGsH#4X8dDQd6){Hx~cM$v<
zGwCd;hz9D=LIUb%bj{rcR_ixiJ&cWdb}<`gA2vcd<=g=epZi$FCD%Z%-`%qg1-t57
z-bV=!xr!R&Xx+2EDgWb~GO6rr=<)RPYu)9I(RwX&8uA<*cJn76&7dJTOjnuixUHz<
zG(F_9aXOTWi{UcCykN&=9HBz&qG<N~*%G5kSrBGxG7&N`YD>gEHey?3-^^&#?vyFl
zYkTm~*L&w*vSXOEl7lzYWt4wNi;Z}^Ze+vUJ_nD}ZDn{@KKhr4>G|*ODk1jd+F!ym
z`=Y}-;eCTlW5P40IgTbpuI1g{zt~-7+p9~UU_MfUv-+hUXZeFHmUaq}gG2hwH6O0~
zv<d^yqm=`Dv_td@zNT@O(Fw5Mt$#TCQ0VMc?DsGaX+$<W6fqA`wOO3cH9Vlz`64Jb
z6^vgeAFtk?HaOy7a`88d;k$Qk$amF&tP+`r`kEs2J|X*ZHTI@xg;tbS+KmAY(~E%~
zQoW4yhQ``MIPU{H>0)o`V(U0K&q__*mAg^zk%a;mnVX3Mc4!|ZHqlO41@eDWb0c=K
zx@4mUeYprJxvT<(3{5I6qfw#Oq(koXPTK1lVJJpZmok#~##G$3IL(VIl&qzPp&mxi
zMi<mMVfHW3N6(|wV)q>PnGI)$VLmBQJB6q@glRY?)a|M(*OAR|zdtU@Bk{OtQNNXj
zb1cr)o1fK9yQj`Skt}&+&U#oMf4BDeGwq>WF$kADSjs4sJvt=0D^;YlA<mtjEhkT_
zwkprO7T+{=S$DNek3_-23k_5mAIIP~=)uSK>LzU@)RSJd1Bs~b`|kG&tbU>J;mNTt
zns)2>L`G`vG|YD~!#B?a(M^X_*q-qz>Y)j2YicyIZqp9@;#kF?*DXh&+bF<Tb2Unp
zCzuYuK`XYqaNd<TJfIAAaHi_}=8erOyNQpT(BhjA?>8RX?@bFD=>u<e{aF;^-ytRB
z&SLP>%#cdpD$ZZaV<#6IQP;M#0|V#n@v^DLs5zuJYO07#f%Rh3*zlAHDMUlrBQ~w$
z?DJI{o5*8Kc)Neh)0m&l&SR~&tl85;o|P}cl!ljTAoS2=?osADb$M}G4w@-Vd2z<7
zi~{+@yq*`{agoolCUdxvm-Sq#Htc%MQm>jf9cXV_h_Y{wf$_1+*zlF7!(y0~Phokd
z{*D7ryy-){Z<uLcO>f{F1n(rbwa(nr=%s})rQ&He_><!*)tye~v5MkWx@(x0xWjyV
z<FVj0a<AqaC0CXq9&O|Ro*LovY)I57X?C}Gv{vhs@CZMWsdi+R!Fn~FJGT2**io_p
zc^iAH@*BR<y2$Khei>_qg&h5b#SxhE#zPLP^Oym7`IUp=?}R0dsS`ikAm80@^09cQ
z8FohuxD=aO`yKBsTDgsyfk*hi+8Ju0-Zv9lD(kAmHeWdPRP9p`%ephXV*wLO_ATim
zr_ENmAy}_JKz6i?O@}Bk@gta~NDYM^?K*TJIHuMOvDKnsGXZtltfW<lq~UeDT9tf%
zdM9@Z;Tj(5$nj=6do>4*wO)@9&0ELWW0UQwpXTzEf%f~6?2hVoHZ!AQ*XmVgNeIBp
z_87^)uRF~m@5Sc<y(s0L?jIGH2A}*$?T@93p9~zR_lMo~hBvQH-9B5f#4m++vw<*L
z0K$9>78j#zd7FiZb8bgLDwN}Xv>0jyhUogiSRp#iU6E$atf5fz3~1CT1jZ3qn0jf5
zT{aHXsm$AuJ4zn^E#=bjy9^#_Gp`R{B!$lE-ckAM1>sFN>^lDNR;+UMXYKS4OjbV;
z3msc)9Y$|@g9@C{jYO($k>(`_y+&ob&h`{g`wJA(oIs7@kuN&qh3hR%*PcH1>}R3$
zD>&rF{L^Ch51Y@_klq3J8!CLuU#+in<IB}$PskTpTXK1CB1kL5We8ggly3)N*m}i-
zSgJC-{|*X0jwP^}`IW_9#b=%lB(R(OzsWfpv!xFbV>srz<HOy|w+c)lgt)77d0Xq}
zU?ApBucGdARn@9k3;b^Mr&*1$0*T#Z!#|flcqnzT*cdg|yO!T(8?ITM>#}n3Wk1}+
zJQsJ&qec`y3~^Jfgz=b@%4)3#wNF7sXZF7|Per*;TBufj%3a`TeL@gxbDkSFsyBx>
zdfgc#q59e!<G91oCrp<5oM5tc$yrqV3=GP3hS-J7*U_`<a5h_@*{64CKCFg7{rPln
zyq^XBm!03Ur}rHW<SdUfxpEf~Vwg*Pm_?t(@>Uumz^^pvna|^%iop9?8WJX;hSBv?
z)??iqd(fvS%Q^I_uUMeI=9*<cD>Z!35snVPLoKJGBvZ8F6mgLiwLa*=RbR){8k@>G
z&$-FMwRD|Gs`WaqGlWoVdG6fs;K|nHTs7gEb>en@J+WHjU+$RYP|ki<uJwu{H#sEl
z?fI&re=^puY~T8AkZXj0oh!;<b_bhP^^17+&(A>{Qs3^*j~K%Fm!(!(i+2G53&Sa)
z#t*{&m&@n%-l*L2`%99=&l!L1pSSj|mx>HIK5s}!?!NgKgeM!e7R%j4bv1YKA-yEW
zv;PhjE@m0%bUq40dY|2I#P!Z6Uq*ZPszI+VF1PrR&fQInZ`S+#*&(lYTsHZKhWq@w
zzltjaY_^N~Mt$2N2N6DP4UhcGks|DVGwtFdCD<1zARi0zH&PB3Pdeh`7c`EloA5-n
z|L$}asG(fbTu0V=EwUMMZ?Za9usZi%vz7;66C0ZkjZiDA@8;R$2PH-FX4&MhT(R7Z
zTHa2v<mLg3dI`J3>EG6HRF2C=S{Ln#%RnbHq+IfiZp}yc40Y8Ul!u&4_@8RU`no@w
zXjg-|V&mF*-i{Z<P`3}QJQZ`2y+^$Zm|``~(6sEkB<c)iVX2Qckr?X+h|;qt3N9O=
zo<hAECF(Zz8ze5C2YX|-O864bFXVFk@0+oUe9JpnH9Rb*$g$f9mGm;GeC#LCkZ9xj
z*L}tl5mV?!oEG;EQRIDEDaJID)bF*{!9Y{YVouii^3l4NW$^~xYK!8sWs2=?=$T5B
zqYwcD;;i{h`p+~B<-a3MToP>5&RS%|lz!%<PubGnQrc;+bw9F0WV%!iY$(Q`pWLyD
z-svf&P?V&UE7!hTWRb8E?O3eOKmi$A`tN<MNsq#PUl`7Qv-<rVNHRHj#Qu1a&;HPN
zxt{ZXM#WC_Q!M_prT6=K?l>>}tmOLQFU9)sJR`gxXVuFPrO-R|GSX`)a2@>NmU`F>
z>pJ}zMthL=89DZ78Qd1;yD%`}^e}}z`KFn@;@<L<{{Eax$NR)0P~UxUleMOly`t}a
zZ2pi<|32O|hUIML-?v|WT#~)A<#NsP`abldf)_g}PR7{iu$tajBa}DC9vslOyq-J9
zpBnb*0tYGg%_!eS$eJq6XGV!9=hFWCEEt2ZQLC=89(9(R>s+Gou$;RziFGu7n|DjY
z8r7Wh)vN;?ie1;5!Ft>w_ON_UWNe?00jAy*gwIUaytZ+y5VxG$)^eJ>if`*|mbKR8
z)A0Et7H7e`FbJ`tz}?)H_j6+)?(p%=YP-5yi<&QOy8sAcvos@K(#&p=LA6Fr&PZQ%
z<klotcU!cRX?S?$;W^kSo;cac{&W$!h;2r!lYi#yq}rr`X-E39t5loLQ9P8oyLLA5
zR#Kk9ew*5@^|YsfWyu~z$9Bbm^zN6$-_?%v%&A(S1hIojHnA(r)qg;oICQH(B&%F(
zuut9dR6gx7EQObJi5T;FvIF6~VUNA|W|n^izn|N#Q>oDo@#u&|<)<?Dld5ROV_i6P
zmkGjo3&4eJnxT?5=*5IQfG8TKNZqPxQSov2l2&<rWGA@oyOTgB9a|o&{nJq=IV82s
zY8Ap`w<TmLR=Z?7!J>#ZJLm4x?(b`RNFoC@q%J+)seiNLM|;RBu6~>1tR!E(&Rd+Z
z{_95X*73D(HpDKCh81}L?MDscE~<=ONV(YVssB%pXH+CMoSwAvovrJI>>5SCUP#3i
zMl8mc*61QtrquHX9i5H9Uc%;^i#OZK0CV}D9#^8{wqxR!X|s)`t0=3*7;vn=JE-X<
z?~GxaO<q2F@9=HsG-6w$5%p3Ns3_Q%%QmIT=y@{TQ_&qMf#N~=S8GxowQDFG4){Pj
z$T@xE3T1vKN;Y|>hL+1VgaP#l2fa86EvRG$Gf45qG0u20QMT0+S1Z*Mwf5CSFZ<x_
z+=9($9#7-WC-FE^8^-q=_fTbq%lU<Jw37*kGq*|@pcuXJhE!yyEv@>uGq=XS4k3RP
zhdaxL)rP7MkwdAXf$cF$k)<O!K}Hn9wM?-_<ij#^x`SW87vxqh-w{dIx@h2jPq{Q2
zc4NZyd!x2L6O5E|VTyK@8aTKk8Nf?6vX<Aa1?2zSjZXV1cH>bY9V~UCS|tM&T{9M*
zWil9@BfVBr9@GH7+phErY;$2cYRNwrCnml$&#U`T#1}UZI-RUC=iBBO4<e|(Widv(
zj$Bti`qg0Z7=n_FQrmDR-C1x26@Z=80T=EpXKIlV_WC4+sf4m_nBHxNxisd(HPs;6
z$03D^1~EMi0tT9?TmWzjPh6Cyb~NXw9|K#hJ@N(dyIiOprN}l4^B@}ek`1zt5p#z~
z%%IWc&(=iwRie=29AGh*OKsLU(6$L*{&jA}&)y*hi)Zw};tdYV-z(}(V)tomiDF1|
zY>Vs?)v=>QN7V9=ye}>N+ph}O9R+*S%D8ChI(1rx;I%Qur+<i>%lC{>7mv(u17mlY
zfrO)sJc$GYIhXgvp<E=OHADP^n!(TZ9RUZSr~xAaf6u*n<Xb7Q>zyEWeU|8r2;pJa
zHO8eorBKg_63RZ8dnQp|KuG<_y&lI?F3H(F(^=kNaFnMpzH~m$6Yk(EE@GJO82%|Z
zo(OHvRg!+jRVY8N2n~k11*KrF0NXY_Q%p<~LYT!{Or$`y*aruADCU&ebqHJGyI2qj
z2YpaRD6-5tcgS_8NTE+VEMIez)*eFEJs5zk4cB%kjO$+ws5>m7>}?d9-g$e#3k+5s
zV0KySY<=TN@l2?<W$Gs+^9wccOj`Jd75Rlx7Bpr1--DSNDw*cPXaDYb(agAQKmqZ8
z>9M@+Y^OKr*{^!pGTuBNE(?Xa2T4~Wi^I)Y>x3JMN**`<J(BY}hiB^es_eC4|1Ck!
zw-2D(2QbBdn?#;&>RPW7ZZ>=iXp}h>FYJb8OaY4P8NLm;JRgrzr2+?7dtw>;7HeF}
zCW~*|1UJVt?7v6*f*0!Nayx8VT{%y~M;V3>D7O7kr0sLV8SE<3>FJJJ#FK$L>F3N&
zBai6B5<I5qG|!eNn2j*To8c$h^6KJ)eJaY;>LYCkU08o-$EViNC(9BR)}ich6+df7
zWCn?*FpU(zEM>t0lYVKiQV#zz(th9l7(Gc66<#r5S~nUfh)}~hHGii?{v!+vsw;vv
zmtK?Cz)4|Zp~+17N5Howpqu@Kuhb-Z`lRRDa`49{X%X%0(x<i={0KN>z&-F*a#K7#
zs$e2mT9vqSr^lCGqq2&cm!T3r>Nm+wE5$%UcdeG@-Dk@rTeL~WC~&r%i)D`9NO&SM
z8~c)X6>8ei9vxnf+b3BRnWiL;N@JvF3Sg*PKG6)>+=G^=U4fc+6^U9gk9MKvabf?~
zFL$OG)nPt(-FvAZ4@uLVFS<6wh(~^1IKCZd<>ecVo}s5p8(ODc20FIhdrAt>tpqkT
zDi_M?{~;8sl0pleLE}2yh4M74I_UVebL4Z~BanT2EPTo2*0xe`{b~CzH-#B$=V{Dc
zV#lVba-jBg=sFTv_I4Ye6NYl7<VK5GBHOUS8cTo61fWh?!7@7Xt6Ln{6;bk1G<hU>
zKXC#b8iK%d?;c#YIHMlh<WG24yjX^V$FaO9y=3;fohMLf&pmjZ>dxhA&DMYY`{qiv
zXP6`U&yTLIWA{*I*{+#bfJ(-2eDbj36C7?)&#-3%1Op{AZ$gQaZlID-tDOzH$Y(*C
z6{D`Eb+}n&cJSxCmYDFa%bFGo+s8ES37=%t8-?TBzO`0%U1Q{~2byonI<?eZVDQIN
zaIt-O8A@U_!K(4d2;hgN8l03kof@1<5^hFf@<3vAj!A8C5-w5kU?Zz=U4kIicH9VH
zi;@L&r6$RiXo>Yw#CRuZNPRn|Y^HAgFO@}}#+=i|(6Y_P0un3MbwzdmldLM&Cvk1@
z<1eWoT-7^+XTh7k3eZm8@Te#GvoO|WO4?LX*7T^y^|KJC)X$uz&&q1I>~oY&LCUyh
z7I@NnFx0x^JO?x@VghMc3`AEpP<P|y;KBi4kzE&5tPYpe`vOpORzHLj-N<6L!&r}v
zTKk^N3vaG8d`ak<YK}QEOAbROmO835b0%vzv-9sHGg1O$3)xhbSgm3TMO=)EzKOd-
zNv9t1S-Tkhk++$NAmm1qT8hk?btxwE@U~zPn}mSchuUQz(_R&!|CHF7TUn+>tiwf3
zh+rIPA@p~I8Z=(#iu^(9-E8|Y4R87}v>N}sC1bvvPUKt()hfq*jd;lRr!$(`wDX5K
z_alI(wTH_f&n9nQ6?Y1G4l(OkYiP}Fh#gcp&5g1~NHDN=%ot{!9JiRmr=!MC4?17s
zK4A_0qxEW#`BzXgjf?OQWl8!sy=--mt5KG`>{0|5cdanh;z>Vc47JAJ7tF;E1V;v=
zu$tHnYS;?Q%d_6=!?0A#^k=NQQNYW4&>~=0o5iKY9<ec5c`afQAfUKbr)5?Cr%9Uy
zhz+Jp9;D9FdMj&-P>Qg<uVKgfra$k&=kccp4NO#0Prp$l8Ol+L9NRq`tj#psA4r}I
zEOwy(rsA3GNX40YbHI+A+IttL*{|Lk?M@lF@}U$l|46xzu6ld=5t^?lJwv;uqD_*y
z{rH2@wJq{f=;?d~P+pHK-5koA%}xJX<<#SPM2qnw=JAsCqm$K71@HaCm%T60CKM$X
zLqmn4u`{vn$^}IvY*Dq2{l2gXrWL^AjLYppvWbw@%oLYT8JFL8dAANd`Km_LCo$iY
zd6zYvuv#^2-ol!j?^3NgBsZBzFdG}?_X*E2U5omCM!)|<(5I@~7R0Rk35ot{!{4`c
zgUfyOhyc|hjSK@wh8cAMYg3qvyvlj99O2z1_WHw$O2dj7I4-gpn?RSKFIz8yLlWVo
z<wCM>1=8%lp0u3qCQ~OmFvXWTxIB9@ghMkCaoY$I;||Q06VNQ4Kqd=#?Fxw^f829~
zoUAY`OuK1JI3=APMkIKSoZ4O_<<o@}@EW??9T)3Ntd1t@^)!h-+Ye$dXOmjrMqH_4
zUal;Lzon0nvT|cFxlkJ&)k*Pli$#z6F@}ozGlr^aq~J-)LE>GsCuzXkLe+AO|MYfY
zoqp2xK9Tbd&<bU}pr$H|R}sOtA0{b_ROy@EO_KRSZs4;6X_i%>ufRNZkTggV##MQ1
zVc>?=XDS9Lz9&TXQSQGoL=#~!TBS@s(|?O>AOFb#dn9)j#893_`X?=aEH;UfkM$*(
zX+FmVhvM`Oz_*rtr$ZcKNg$lt@BQVI?~Zmc8d`Q8r)fKemKgJD5bZf^H0%%wtC|1q
z6S<@IlO1^_&F_&d*yilkp5pYo;_lKHXv~spR-CW%LNUSU^J%euA9>Jhlw|0jyg|_d
zIEoS`G*40(D_K=b$v`{|H9}=D%=Qbjgh?spf8g$TNH$6<$^Q!3C<_E*E}bFdzy)tL
zNNL!S5Ns#|0eE3Xf-xdYd4u^t#a(c1zi}8HVz3#8)&PqCAVollBQ@+iCnl5?!T;U@
zasEjS#fl&$Zx909{~U_6qVWr%5Q3E~_7$A5V2tkvF1?nEmU)y<&_NG$No^bhr@gO2
zBjw-2Piuk_N5O4es+PdKSaSj!?5QUioUe)=gPjo)JGgU~@Y1}yn*@Oiho6dlER$|f
zl}1<5)y`08;JVu$ga3($0Tv=T8>XIq@9-EX3<*v~$6x=4Fba&&XbTL0q?Bh3%tMhS
zm=BByo`A&gmwf5}f)U3W2oFaY>tL|+zlnZGjKeg+a-hME*teknW$znyng=8kxPgEO
zfFO;tH!y;{wx^#1O$5Mr{S)=;c27SV*!2Ge0U?`}7ZC9|293_ec<qDwRk^2s>G~;S
zI56Te4+TbcUE38C7zmD+Mb;h+h0%Sf1ixl$Dj^Ahfs`w|*V8{<{$xFG44w~C7+LV$
ziR@&s!(A=>rry(^|I=Vc6h)SIvRw73(1g}tXA=>hYviiq3?>na@w%0WL=yrdi3_YV
zrIUz3V9YfnfmJy+Fgo|^KlFQ~Dt;R0KPX|uw6wP`VDqwVFCt*QNkk9aI~BMiXfXEj
z@&>hjmt-WS^`rOHfcWb+d^K9^72ba$@G2wks~(b%V34p!_5qZ#?XRUnTe_|PI8+6+
zzclQc;)OllCs0L&5x0{YDp0=vS`v)~HzDsRT7|C`cnP=z{#sJ}(Q6HE?z;i!1oCf%
zy!X4G52N2u!tAw{B<+xv0CzJNAw}AO9_SKsB@GhL1*>9)SqC}8XnL0<>R>FGyx^-I
zj^o<`*!D}&|FEMnC*ivhrDGj*6j^)YjDG#8`jXB7u5{@j&bdwFF$nr<`KpuS2C;9I
z+a^pe5MS|CkAXs%wBv#TB7$Js)kyFd^iQ5b_ykNyDOHKglPs?H@mVr!<>Ocd^P$#N
zb0;#Ws0F}-)qoBJ50HWaO&Pvgv!RPL<cgb4aFQVS3NKQ~1Nr+ejf*2NmI3w@1GAU5
zGzC0YEJ1?SMt1O!xS&&(C;L4_+>IdK^M`$bQi=s}4_$fbA(D<zqpx}*Oz_qJ)6|zn
zh_vGY5z?|2zFJop^u?}7cL+_7oM4-+_y39@`}&`6rx_&iR^%OeIFR5orDjtIJ}uyZ
zCC{nDR~Lu1gk@X9HidyQv&^x-l5Xrl3O$P;Zo7I*dMq122=ETv`QSq)V)dTJh*JO3
zILW7j?-DXg&k3!;+qYs#K25Lc(G??6{#PX`CXBe=$T5T?yZ5iE-u6F|(#_ZZgQRpD
zL}yf=F8&Mix+U+86y`!&^;<!YZiIB$6!BLyo6O_qf&Umv_QwTz=Rt{UH&{Z~@J(xX
zs#=l9bSz*RQG<qJ;<2t!Lg7ds23O0e=l}4NJpVs_QhWG4pOF{)a>Z6=DL%pCA24l6
z03q_{hzdHm_7MB2qe>i!KfH8ZZ{K%*nXz3dv;RLmNr!U|!u?)6ARf|vqmNH3u)S;O
z6Dbksu%rlRv6c*Mk1Qw$yIV~PcDl5h34F9{Vaf*=gX{b9LCea-LAWD-cUU48ajA>=
zA63KYVdB4WHZEQKza|pt;e?s~RsGkh;-|yX510$?Oyb}5Mt^nxCu6ppJ}^!jm<$B9
zoBfx+J7_qaGl{1_y4%`AutbBaOZzqU4})hMN4tlHTqdxc-vk0b=0E&DVh|YLhKF;%
zf375ffs^J&KwM`FhNybShggcib>U1k@LxIZIu4XVBatN9Z&&=)Lf}NbCHDIl!fex{
z?sx>ePPM?7C$ko7GQkV76SU@dcd>xz&nGB;fr#PvA?_Xq#<wO3RbekYW>V7TVuUA{
z(5=5_FSqjR$WIi!+xB-~Jc*rN<LOf!b(t~biFhA3?m=SU&Hq@15XL@1S}HMf=zD_H
z7HNncQ>@WS^Zg<}^*ER(e0NNj2(0W5;C$YU*zGC#+Vyz7?OEdXC)d6_-FSQ=`M_)A
z<_aW4k6t=Mi*E}RVuw9rC}4fm5W(No@kThE?7;1-8%F$gMExR89EEDQo(Yc`g|n+p
z5u-LPAbw$d|GPC=k<IX~{)zv4zELlyE;`69`a>O^OG0W^yaz}U5%|qN?^{<V4kN78
zPVws(<C+1!u3!GfUZEtbR~n@JW_cy2uszG*AQ9QQ1r2K$R)-eNR4#ay8oVhvzO?<c
zM)@b3@kJ**q;d=HA{k|uA*^bT;Jk%uS?2e3w!yk4dN%PiBA+H}^0EEt%iE*_1a9*g
zB+$A~^SmEMYfa=4YH-2`FJbbgo=!!V*iIUD^tr<hWnrdc5R>KZhZ*&udMic$?V=_H
z07@D-TFn0!KPrN*99g6VSp+8cvN9ht<G1zq(Pxl7vYIm9a}9DIzAbR|Jbz`AzNoec
zWN7+bWIuzbC)&>LzFWiZJgAln#LJ3XvN{I^pThJs1}tlS{O6yoaxaUTmmi%kf-ABh
z!WU3#3P>6Qe%+ue7O(PAVpi<a*IWRK#8Cg%-2*lt*(YX?mCQ8)*#;Sx(DU59IV1x5
zbVN4gPZj4Q7Pm|D9KvW-Ks>xy^I7+$B<_nlm8>hp!5KU@2v!$YHj2(+hd~)UZ+s=K
zed<ykM9|TP!M&QamR$PqRynV~zcnQ-*(8ZtI}N7>Wi0&w;8M2*XP6I5`4}h|i7P(c
zorH1z?bfG1@X|-$8`BzB>-_dp4vFCdcAJ^BL-j4aS53%o1E%4f>N^l!1aM5ho!~RN
z_0pvNfsL3llU6<kOi5t^;UMvUAiPwY0whWjXfY9U#AE8$m~|FY^0T^E5aB$fJZk9r
z;B1pILW2v}5peR~_fvBuTofWplSXkTf0$bgebNNOcqZ~HPS$j1<;N;iCf782-=}yI
zwzL+(#!x9>tZK|!5ntr5yKuA~2N>);S_&>4V3HIEkv0b9zieVU&5^1#7k*h%W7N_8
ztJug2^W+ZGCxHdHUkKB+@Zg65F2v@W^MuA$7k@b|aWzMrE=<gCNX*Bujn*t4=!9&c
zPvhl6K9bcYH<J-91O7~2M|V{NG^zoPgoSTD)?jw43|{mzO$oFI7{!?;%Z*wF%?N~}
zo1y2nY*QRXu=>0Pp0u#~%KLw|7iydlX-z&V(s7U>sA01)=Jv-S!L}8Rb$-ZU^=+56
zbmpi{#4FK-9V<;tcV;}i(9Kp-pT^4Kh|t0O#y90DTsZ!{VIjJ-v5~z&jLd<!bCS?=
z{+6C!RVW_wWX0lDGLznubo}z|cX$RL0oUv7J$2nL2{dKH=7;g?gWTgbF|EKlZx?%e
z^ZvxeTJlAd<6TK>arD)yKY6v}B%5eWsh6Q0R`qPAWfM*0ib9#TUf{KeR*lte(0JjO
z=T@QF3sy*-*pdm_B^_og#pM=Au93|1q6>B_xc}M*8ok1oe~3>nt5R_wRo0UMSZB;u
z@ZmAdhh4i^Mja$r?Xum)arI(GUD>UHI&6R=@!xK)ioexe!e2$AbD<UqD4Hrl^X25S
zmS@-i<kkhtA#8x9q-6`s>|II@^JTlbR(b7|cfu@FPkwUxY(RxOw?O!1mi}eM3UQq?
zseZGmqFqzoU$ppiT&kX}8MJ9#w<;oGNOg{cfCXbk{0q!epd(aX2?+AtVH-I3nocu~
zii*jzV&##?!ch6d9S68-Yc)Zo$W%)FN5sUPS6DR@XhS9{?a6NdN}1?zfQ`NnB-kDj
zn^FWS#6zKuC__;}OJ@gSKyG+stS`edqC=${^9drvO^gHvB(bR61*-J-keL@Deqv~4
z5iu&>QBaKY`7xb2Kh$`?b(EmBp3!v=oBDLwKey`RpguVL=0KxRNLqM!8Q5!{+w_w7
zYE)p*Be>?uI_t$W8<^oiE#n`%>U8>^ZE;k|2EezTzi87a`KJ|r^XU~ZN1>|Er#R-|
zOeeylH?(nhDBe=a*SG#aW4&>CsCjzA9a`#I=MveV;k`SoK@W_3PSP+LduMEf>f1wc
zeBDk#0dTm+zi#iN0M@t}vC?go78;E8?<6)=es>-9TzPhsfV@HryuP0_c!d((H#9aa
zamV_y@+{U`7dI}|L$T#s(5b1Vj=1uWOH{6ze#B0;O@K}Zw+f~(v1tz&X3bx$pOR$~
z!aAyyB3sw6=Z>n~`tRbw!4r3(_5HTxi=WxtGj=!>?--P=Qx%5S;>-8WZ<2ZRI>wgz
zxY9e0=X~zva<A0*X9awFvs)h8eS5oG!ACTC2mf_);@yvyA&q|?x`kUuenRw$H`H=B
z0StnEipp;RBA}F-n4nc6Na?B+-JQ%6<-d=eaa=x$@jhFxX?<XQ#J)C4{OgvF<*)N5
zw1d~OVR(yI{RVBy@Q=>-{?#f&E2^IZR#dWI0UGlxvX$l~yNj87GJvO&f2+LJiSpsc
z#cTIi$*?Rwe}|$1%6^OHH3jC&L5ZkokzJWV^*z9bdU;haWejht9kRRacH5+{aRz+W
zdE4y*KgRM~V^p3PZV%b?M*THestxtX96TjLs|a!N)W1P0xR|vRvxvm;pa)Vw{i5uE
zr$ztdBD*;w8<&2fQDBI$fc25lnF%p8!)c{pcQO3AC3arLL_WV4>a!bkU6edas((?n
z)W+Dc8Zt2Q(u&j<C#~+N5!zeT(7Bp>VNxaZOyevjVKI@EeUPqoYg7D;UHME|{4D4{
z<KqbJp~9L(XdRt@u>g0l2<%%gf1Idf3QdBsjz+s!z&~67l5c=1Y$A7Qd%B$HPrUkP
z7gjF1Y&|0-x*SLSN!+!%<iD|?2$dFKq*Y!12~usx&|3)ch&BV9C~M0E88S+W@XV_8
z*p{@70q%4#xxKZmY=e^A?_#JH(LCB_-voBD%KP_Hr}yBv@cd6K2#C&DKX+KEa<`%X
z&I>b5BPPGBS!XvgWwV8&aP^@rcTZz;`i2{)%ODn-T113KQs7ahSj;IN)@mbVGU$0D
zJLjyFi4vlV^HWCqn9%<o3gc<wR)5On-8V6&h;yKvDI3n|e?Xh;r;WUeXqIsKgqNt?
z7Ne{5T^b>0%gq4)xXen%Z3JSOKNqV-Qf&8CJ%bR(B@QP_L8}r$zG|BYvj{f9P5wfV
zv|9OdhwNOv!ZE>(cCmFBk5;`^(OZ(=S1X8SJ>Yk#s`EW4u*tp_v4PKb$0|^t{{GGt
zJv}(coB@qj$%Ss<Qh3C(azc}utg0o9`p(sjGYacafVwX|@m48w?k@RjvBz>b(Fch2
zsab>9XV~v)OV95Yj_Z1NXYn<6tTWM#w0xA)C|zQ`OvFydz}T2j0+0QzRqHK#^>DV%
z__?s`$T28l(PQqpJn^@yN!7LT!F|*C^(MN+0krOaNwjbkSSJ{WdD});)T4bI{(W`;
z^VlddIc-iV6Jw`ag%N#~nu&_{oPa5mesFrA1(ZfBnc1m4j;TGarvNw9f9WAwI&Ru^
zIAii(zPOc4=d*Yw1~KP0n(`l6I+*YmjIIAq@(~?*i_tNR1z9H3q&xGv#*SONq~HFp
zR5;#*M6~zW9o53zrezZ^=SF(1l1%e$5FE1B%|;{CPgjkUX>k`5-CP4IsqjnQ3mi_g
zGw<Ia>A*6s1wliO&^J4P8jc1OR6En%>7b%Q+`Wz#^86&I!aTc3t*WXAfqPL|srAz;
zdC)xm=$7v<PkBHYj#EH;8<UR2Z{jhC2RCz%P970HzQq<632d@gCsESbD^C>0(uC~>
z@zB9bPjHNh7^)`*xC8cI&VftbjJ)%~`T4H&U-@E4w^>7pC|UzP@jR!CthhXzd?86<
zKK7CLm#|ARvY~#Q3^11Ch}?@gEtes1_4I54HoREorvy%fcM}Pe(C%B<;5fM@hIfW8
zLOrFgYFizLE*w94W|%cQeHJsflQypxWQ2)B)qPFwXFE|vmiT2CRpxMH-pD9ye+f*N
z+ScFC@9_gLl0lg-j1^?xXF68opP3sfb-M_1{%m|U#qfE$sIl)N7`(8_bGNqJ)*l|O
zjyPww17g8nETb^&QiNnq*j-L}=C3+=`4aS3%EY0?FO2hc$#Io<-wS?_e1~w~{Bdvj
zX{owopGjz)DD};T8=;*BhqIia@7NdDi_Yp`CUjtr@Ez#%%EY>!i1aoSx9uRX%9HH!
z^f09~miG7uX;6XR&5S3{$`bqE$<)=vF+k0^E?^!4Pz3>4z%fUNE6GTMX&@Yq=Z??+
z7>=W7-Ati)tH0j-v8~9*ZVqu?J=Y<Q1{<q~f5-+8y{ax*{p?E8R~vY(r@|ecZxXL_
zsT2$p2Po^!F>G3Q-N2ctvYxWl!!hX;7VvV0ZwCs!8I;i-A!9jm(7zr=O?FiVnj7(q
zkYWeou)rOVaUW<&jBk1{t(hFceGjPC?Et<ot(R0Wi8}<6KdTv3pEfX?=822q<M5EX
zTI0AU5;Yf4Jnjv}P&^!LyeA=rE)lm>XS2R%1_RxYBRSr$!P~vl{AnZ{SL99`7`gc(
z&~C8z1hw^D(;Q$1WL-{a6d!IgW9&QotGw73j7zjv_r}$e)TFoY?KCg$y&b*eL@3{t
zu`jcKfgkRtFKpkvIiqTG!gVPPIouJ~uYAMs4g!5Pfk|@gSMnt__ER(kfT4#?xav_7
zDS#N2H13Fbt9E-M*-?f|!i_%_#%77<c@_DON6czWR92Y0*S{Ve61<t6N#f)aC!86V
zO1?&Etle;I%kyM48VeHcXD^8*2sOtxyVgy^i~^=)dWW=wA*O|w)P}1jq?u>tF&Hc8
zj@l#fhB30@>37kF_G+Avi~HZxoqCvUODg%^9*#Eo?cvy`mEI74#IaFB7Ro$I5*pE`
z4$svJukFk9dT+Mt&%^qN^wuIX;yq_m;IPbT2ht@P=a+UqIT`Jmxw_fcZt(Vp{IZS`
z@s+YZZAYc|ct3XJ9X81rw(!r#IxCgbB6w|YUf8UugSkNYSy4W#XQE`Mp-g)y#y6pt
zxGWKP<zXzC0CVa?m{}Gx9-4T5g2@_ZP7#<eX79nX$xB%C(cS~iIeMEmyGz>74=P~^
z6HoNkSZrPz9HXe8;e<w{O|4&bm!>qU7iI*st8G{3KCh)P_mdLXC2ud{Xm0HopH1;2
zfyvHeCIX%bNBWd6GIrnUD;S@9^N%>3BBJ*D2+zV8*lDxXy81Db{nucBzeI)M?{A!P
zzbY8!lqikOZS95Zh>!y>i2qJkS&|t5Fo;`xxP!KP;6q;~^joK6#{|a4znN;qm|R7h
zl<2DLo_)F5Sa};bD0_YWTqn^h7!y$OoPAbl(qi-IQuJMu46P(jC-|)>yS*$Knk&wH
zcaYC!wT0-rA2ef7bX$|b7fI@@y6$@#padw6OB6aQQvztj{{E)#f{P%aEf|kCXO;Xs
z>2^yP!jDm+GnHDh>>hsYR`|V83aPXqleW_nvu{-iaE@nzj5P3=L@UAa1Ak)L{am+J
z>fM5F@9t#7leLrZ53U~Wgkrl8|FdWep}=&eEbBW8oB7*LkYi}3T1+L(%@CsxUq*f+
zO6u`rxp~w3Nzip04|63-$x9>fh&?6W?1u>7J?o3~-h`f0#4tw8Glfwft7^&@`xw(@
zc6D&9Wqe~9_FW457mV{vIiP#?K+VGs%hPjnrVbx$s5ZM!{k7miRQRCZV}Bpy0fcs}
zSF~{(&S-ocGoGOfTvGsN82NsF&Fj4S=eGIx6?ML=W|fVyqdHO?i<b$QT}XGvS%{-I
zR<-EPj~&s^Mpv%~El5#~jpI9hcje2VM)}LGB(L0gFaOBP%KOj8kczpOo!6%B<<pPU
zpB)OjPVQGhC^wjo`<ej#ED8n31V?}kK@wa`r+<V%4@9zypN)Uqk;C>E++8pC0tG(B
z{c6~gL8kdw<C5Z>L6FrpyiUFzd+N)CdPzIgQCTWt4B-%?S(fV2sw3dmCS-7ZZZ?9M
z`<aMp*kpd~Wznwl5TwzJpMCtgQCd;tSFSF-c^nI3`=a)``sFdscv(>T!UpOLZ|I8q
z`?Dv0-r?ijt|)#hqIBfY$3)H@q{5Xs+wtWflTSHiwjaC5$%@tN?uCux?A(P5<wn`x
z^t&G`A9a&PE?;O$rNh@N7xQ0QkOo^XhFMrE+pO}2Rsh*kMJjKOI9?AGuy|APGQf@I
z$&sWn`~tQ|1ZyJnMc#kHw#TLTSsMNIi!04v3gpUg-P}P~*OB$ODcOYjx&rR(eJS;(
zyj<XIxw@x{BA;H+Nvt~)8`DiX|HYn>YBr~Qkve4jHJQ)rx*jrkPc#267t&VAJb!(p
z-pPNVogi(0a}qlt-Yhd|*z!bBI&pr;xbB6L+&8qy^Y`SEPyt2#p62I5#^a#b(CM?S
zXexT%H9t?w=S5KM2BBv=h9X-F^s*O9pEE1|i6yVhgjq($#J&^zdatfcIe?T4$0MoO
zB@z2$k03N|Dx%q;{2H+6aSt)>5xRQKTI`CSmE74nms?@yGU*!&lXH1T-0OOt_?l7s
zWh>hHQZ1u=>ujQBmC&=Tem&ZFh$R}Afn)dW8sI#{(T$so8TX#qg^S~ol6l>A4S0-A
z&2(Jy2wfT~pJ;jB#OBylw<TS2b7SAF^3Gg~b`{(|rRdS~j=Z&W%yE@SYzLoTnE>J;
z7BI0rKgSENTQ%w}Nz23?zt*hrHPboY4#75n4u4)<qkF~w<Sm@X2|q@41J=UE=xDKD
zQEeGEZMC1VH6q_!qfXcVg{cks>qgUGTvK@*bH8@eSFz6fXV(<Gv$ec~W(K`rs`Z4s
zD&^pPIe<(uY#bZYTO}?siUr<VzNJHfCUP5O@)9-_Em7SqiRP29dqELeNn0y$d8@ys
zIpT!4?yAkG)iQ%Q@SI&^lb9YT)%CA^Be2XfU2qBkfQ$hwqo08OU<%xRMgZL3{oIX|
zMRzo@+a-KUHFgHCzXFXth!%AatfwFlY<$ai)*FLfeBbWftP<=yO&8o24SkC^X%pl#
zH{h_mZVpIZlC#_J!@zx!joxb0kTpr;QtD*O9<K5G-FEM(JUXiUkc(SW<YvuY(#f8%
ztwynb7y%GS1eHA3IM>#fW!jxutu7%A3`{1phNtkK`6xHlW;&DQzSTGv-)>8x9}PM9
z*>VOU;Y(qQF5#kD<8ajzxn0o4T<mn!!OrYzIa|++Bb78}W<g9HRb6W02}TdwC-l=Y
za*+|uTqL~Vp`G7^lV4VEWM&7nfSm5)+&oojzqAjfST%NjEXpEFltImC6FF@r_|9##
za!W4JELIE(l-rkoy4~<Fiw;?`oyHG7wK<>aXF&}$h@0>IdF0eVa;5*n_gi6<m!%N7
zhQFvD<M)BD{9zPRw(eKClx+3yS2^rDjW(CsfVX8}yH~h;3S7{6YrsO^cE&?|pISvD
zL;SfqlY>^Ahb0n`t5>F1f5ngA%{JKCaoA8x{VqA7t1()|b2CYkNy(^JpCQ6oR00?I
zlS!5R*NPu-n-@8ktpPjWrN87m*!l}UxKlCI-o`%o_uZieanRXyW3ii<to2SyW3%;J
zZlvt)zlBCi0ruZ^c9AsRkqnt}L>^2+=Q1x~HZMm$oj+H04mwVg;-r>)v`E_Y(cv%x
zu=t)q1U`g*yIm(%VgP5j?r#dtCixF7gZh8|fO5yd+e$N3bPH1tp?x7^w6uHwzG)vf
zD3YLzST$M!(W?S{Qvu>hTL<u~0KMcBG$4o0X#=12TMfpUlRS@fctZ@gK`pd_#YK#~
zOk#r_Q$>tE%pnj*3a)+8GdBen|Db37z4fyu|K&-J=-nPH1t1kOv(hJvIiI&MF)h@5
zph5fN^RMf4I_BUUDeO<0Jv-F-iY+$ch^k@mr~c(ljqoymXa(S8jZHs!;-~9$*^^rb
zVU$s}n4XoUY`<H|*rmo1*O*I=G@MA6Wfd{0${UwxO~Z0B#cZ!x0{Apk)Vremc-LV|
z)`?+I;?x%P?qiS!=W_n>D}QEEU)^~EGN=A~Qsi`t9sl5%<dSFg2YsQDYGg7m#XEqH
z@SQf!k}6AJ54^>d&l>ubgEVEH=F9&-pD<eK2lS>HVab+eF+BSi(&rzw^6=_~YW`)`
z?2@E&Ho^OMfz<l)SyNZH&$5{8IJ!L!lQ4i7-DKhSWZ^%B!W&KEfmB1Kj}<2zJPQ6h
z2p@thek_QX3g*MPlL4!J=D9bJDh82R<V3lbN-u85aH_Vnu=H7z4vQ|KWgL-#dN|At
z-SPQ{a07xAjt@K%mh5}lIG=X;$d0ppgJJ*yz2RSJYYav|z0m%1_9>92Xmbi0Hplo=
z2{Gbn2LG*sL2-WsvQ2+n(Va<Tp;p%5bN~>Ce(g%>@Bs)d!Uf#-&&8*~_;3VozvBX8
zS~YJ79YTEE7nhZ~EKX;rkkYt>UOl`PMPKPg&~Tzd1r3z-HH8Vger=b_?8uZv%izv3
zs8wq-m>zk3#}e3`bfk$ce_dseUSi{_7Pveqr$4kzVhEs){A!!=&t#(eF~&Qc+d4=^
zZ=NW3dN#A<s4QaAi|X!mPNp(q;@kUbq;tl#nY2eaWkf7p=_n6n_W#4xTL887gngqp
z#R~)|PSN1*THM{CxVyWSA_>;w?poa4-HW?Jad*G@fA9O<J9B69tUSKIJu}&pJtqsT
zzK;u=Y%t35dt5~Y)vYrs_mV9vi+F@T!gYvppO}5PUC@8fXr~}NeBA7iD;|k8G?~5N
z`y}L+mD59g!`YF%+BVMLh6Yp2zlRL;Xi0uKzK@DwIH`Q+LjLyxIgCk*MO`rQlb;8C
z-;35?@2tHuEmEd{QX&0U8UN-(#kfu^nYhllOiE#WyL32xf2zJ}dVHTb8fdBF(b{%a
zq~Vvz(CD||FcKM&WewEavM<kQMOhc$4<!XHDWUPcPq5tEgoQcFbayYKu3L;<fQrAH
z1S(v1pbUmN-G>*;P2EfyvmEsM8ocnLa=I2AC}i~g<&eU;XsZJIetWQLb~pa8h<q4u
z{enwJt2ANk^`l^JvL!Fov8LJZ5*qzG5qEd=_5w;8=~f6Y>dPF|yX}|u#lKK(Oi@n}
zovDta{nBX3{R2&=Ur*BiN!fU!i9K<;6x3B3^V|@a|2nJNxs_P55zf(}y{R%zDJu~0
zLF=QA!x9u2S^f))utdlwuxy=m$f0F5p~X7^+wf1r!*$VGtpT>5AyYdKd&r&KrBZV5
zNc^tl8PW5A&q9%CX{R`SWHw{JlHkk3S^kH>L0yj!?Aa8;+X25o{EqjZhRG+`-Ol<o
zpU(U_SXjMR8<$o1$!2Dr-O9{!r$9dCmwe)PW7-dly1X;a3uIKAE7Q>m_WG_5e8`G$
zH%*QRKLnw{s?|Q3ht!OT_*VGE&2y7#5_J)+*3#<{>+Hf1VE~`G{A?U!hd;i`EkTCB
zZw5L^&#Jll=QE6!c3$M*QWuq^gT<W;ZPQHzeI}Cp7ds`Rv;~1N>n!#${JokU#&p@J
zz9B&08r#_KroP`z&PjEmn~jth4RVz>=WR2(E96QB=LI8S?C+;9)391x$<*8mV1;;k
zpu&tbmfSv$rg-5<nG}qMB`$2XeqVL?kMTJZqc{Dq^nYx(?NKw7#D?T@8fp4>btsal
z%qha+B!-h2kkvfN{Gf1KKmNa5Z`6~65%%$SbGk^PM;-n?vvEu5Y|`v+&l8r1?1o{j
z^#9n$Gp2-JPZU<Pm^DJ(_EI7P4@MI^9EJLb`^9Dt{TRjCZ1Ineeh-eRrv(V$TWQ-E
z&SCpTGiyu5e*p0xZ*{{wtISJQ;!(%jW42#UzWiyVffY6!x;%4FxR=>j9AV=pl}lP)
zjwi2kH35%Lw$QTiYZX8(8ceag`h<nW(00#+qQ>L0aolgm3h*`=dm$@#q<n2p$<3vO
z_i{z*E22UbWRi!bOR_cJ0&CnW5Ljp9BWDP!Q}5~}v98rKY$Px<n=UoVr(F-Tg*hgb
zuI+X)GCjNk>bWrNxgH7_ETwfT->WTo#bWmpd<PlaX9ml}&g|IaY~P2i4e~iZthhbx
zyY$B}-`q^1B*kf}oVetMjGed5I~REAI@uiy4+Vsgv<o~(VNcmeM3aUqq7PRR6*;`T
zwOt!ngfB^22K7v%ShS|HPbyd?)5>DM?@HW`Br1w{1*Q;x_OK<#4r?M))yE&~-xf=2
zp4o0}*5KxwJrfjgXvHbZ*mB*t{3rKBTt*zf#`-#?Q2SwF*<GweaEWW#4V$N?Ygtl1
z$zq)u-NXYqTQPMqNss7ggklHlzELl8@-U(~H`Y2cWS5`N!Ih6W0<TT!L?3Hv`NYGr
z#eg8!zlb(I=Joz!PuMJ_koA2AYj@;i?XLSQZIyI7V#VIp<fDk)fhzd0o>TEp3di-7
z>OdT4O{ocVF#=Fzf$V<@zh|iG3+QK@j}mzKS3pgTPPjeRQn{DDK}$WR%HCMW2VVN!
zhe_Q#q@I8MTL@iWltmzN!p$dQ8;F+E(1reYr3*i3;YU1_E?zdW$VoG#vH2DV``4!q
z{cqZR7nIf8EoIO`&4*ghLN7#?`~i8rsFVh}-r;Qus-h_y?l0f_2T#xfF_*}RC~=N^
z4Z>faWQbEkSSx=?M60tZ==y*H*!ufe=>OBEK7y)v`+yZW(S`({ErqUE{0pu7G6YqB
zzX+vkI1jB`d;(R0;vTfn<`%SI387dBQ4;4gs4<Ap&qC`CK~xnZpsf@l|08%SD*xHe
z=Jn-HgtmUE^PwiGSk65)Ekj8mPH>+X?j%k2Xcbwu&khVhJCm#s=PAK;DYx!#rL)rF
zsC1_hf^PmPC(Gw%DF$wsrk4b%H6vf~e&2NCjxDtmAKNG{W*!m0Kuo|u##aaQhUS$|
zuRCg&ncRf-5kWy0?Xy-Au#aMq7jW&KpnbXUDJ52x>Dx+fn4<s@H^*PL3X0X!pTysg
zEv~<=-u&r^B?xXijhUzwgBllNO8(xw8vg_Q$<tT2S<eTk4eiww@%viz#(M1lPJ>e4
zxy)%mHKx@HPN)Xam)D~D%!Z}%nO;;}JYvZhpqe5>joB6@q9OwFVwdbc|AOf_5V2$n
zu-hk(`_mzZI#nCwvYjYtRf!=zxe4cW!6mv1vhsnu+_3zq_?X}-Z1;1xx;HeNThwfP
zFOCN4!d5Z@HRYB5s@?Rb)eq^rH3az^155FHxC9htjv1z_Wv17x?R;-(ymt}43a9P2
z9|S*s_OC)+NQI@}M)%>MBPhXZJ?006(dz@|oI|USZJK*~a$@M$gb}nJQ-8(KXW)j=
zXWVByg_5FV(N$jN<@Dmbe=XTYe)zy>?ltAq-=6seu_c&s4h6Y5h00OA(@uQfLXJhX
zZtmr14xw+?@53>`opB0H4t3MtHvdYj<&{dbT?6q#eX|Tv$$+S6^x?d-6>KASeV%g)
zr57Wpy!`Vknmz-2!70?Wm#>mV1sy^KYP!nX$QYk&n|qo2w;;OV^zEGG+sJ|VkkEmk
z9vmj*Y`RJ(T~r7$RI-#>>>_s&CN=j;^&uDi`WS@hpfyF%uPr_sZX*{D>>&5?A!$9P
z+y$~#UVf4r!Z{!0(BFRlfY#z+#MN5r15{r66>TF=S^iJ>OF!IL`d5}&r%*%|G_4dL
z6Q|HvHZ-l~KuEL?$ltNNvo`m>L9lq%gd{&*9YgQOQND{zigxl}eDuo8`3eqwV{#&W
z<GlY%KxlSCt;bT$4;20FDqRRzh7JD<A&6WqJ{-c`i3p>Y{~1Crp8z314M`oK(n(Fc
z561y~*xajtNvzc@Q(FXq&{GnUIUXb<!-yW7fNy;`8^qI2p`KC@xYr?CUQI-?`r3Us
z0lX@Z;vo<OnN3os&{>Fqb#szaC|*sHb111P<1TW19e;Cg<Ogh})5-^~Rti@i?Jn|^
z<DGCf4)r2rDq`!wJvh`|kf|J_fDBjdzhX}qGTs<*5dEue%I2p~2m+oIbK;>1qJVR2
z7@^?J6D2<UF7AW=^&q94hkw+xb1SD(3$X7C2=Fm{Hie{@PhD=%%NMHI-RHz<X0Y&q
zvK6I+l$@VjEH+RcsUFW^Y+~NNvij7~*g?J8KdPOSIA$LDvSSV_wj*95-L7lJDN1fm
z#2>a9QZ@v2rU%}M1x+iw`WLpY5LyNj)w96^w>A&mZ^W(F%97dTA<N2c*3nj9m%|KJ
z2l&1S98~!4q}$Qvl&2v$sBM}ofNNpf)AOTr>LBCD$H2p-zId5*?+rB6<jrnnjsRk#
z+gmfIFX@S>QVvGIf8AQ9f|3K+qE%QKPR3enf5Sp_?yj^sM!1N^Ww8oP_lQWU;79lT
zEmsj&Vc1EUFuy7`8)cl!pcg^yJ2vcZ&S<pH;Ccm8_4(4{(`DJBJUW<Nt_=ryq*KyV
z1bhQCHm>7Vbi~^k!qkt&AJ51teLg#vAY3;eRDQ@~JZCda@twBdUTH{<{T->lAHjH*
z*N{9?_5GTea;)>~`)Rd|5ZNYvpSG`Ut8NkZIGt{hA~#!o$L}Oi)LW5`xYDZ=Mc?Aw
zk~6l^>+E<NJ28(hPT#NwDm>2Zp2PIxF<ls*7OOf!=@ldUZkAijjW$Q>;e&jqhkF_R
zs3to=1<CT1-5aUN_3oo@!#7+@#r~r&+yCGA-X3LYrpwH#OfVoWUKBYPDp$AahrVw<
zojzuB5ExBGSw!WV%5QRs<{vmHpTGv<X<)z|c?6K0&f~Lk<(<DrYN{X&&F71Ymre)?
zJY?^ka{5*^Jm}h1eYaT9r8dYiCTER4y+1ZpD~P5hEeXp!RYBu_`b&@I8!_QnyGS_C
z85)S^D);pR>z2Y1OAo(z-EwE;g`wfoQGs))dgObc*XLwpfJ@=+;gfu1W!GkZ%8NpR
z@Y9cy!GGP{w75!g(!#1by<J|CSK-V&SoGV>2(n&e5m+uU2TV{nf?CaQOg^kO`oGKi
z0bU0I*m@V-Do=|zF}FW=i1m$WH(ZLmq&kq|RSS2l*)`XDIhk2z#dqXOz1J<%tkSGu
zG|Hdg>HGABI`66NtirZNQ>nwWKar$Z?*xS9__e4fD#~<Am5SoLkpZWCdc2+F1;~h%
z13++_sc`*;%g<T{?Y-N^=4qpSbc22T!J~2s!CEnD$ouSCJkp4K()3al>U0XK$nmqM
z%gQYV!4#uIZVaPCb5t=kZ_6Csbtm8Mw3PS^R`<LJ{u=OEyY|g@Iv_A-)Y4#DF@LX!
zPgS7X(XG>Uuq{Jm;dqeY_&&?X@!)Ms%<<r>#+#O$wHN9~Vwiez3@fVjdvPBrD1-K|
zQRJ6CRo`BNBx{8w_Kq|B4Nr?SZO&P7p`j1F;E!ZPdB6K0&?~Hx3t925?{I$)qC!NA
zb7Ky-aS|xfA{E$?LOZ*f)Z0@QjCx-rVF`8iPgah*10bDkPww6b@`&fDR$6XW-AY)d
z_L<;P;c5poTQq`L>lAVluA1%A&msquV{VGRPbi-&U;~?qq3bNuQwDUqvJhTf8$ntY
z=_SVVwq3HYLfQ5vA9mOSoU23=rn*}2IexvkQW6eR)fxp3B}B3=LYGlNwo=lh7P7Iw
zI;r-ExWZq4%O)uKuJ%-q^e8_qR-m{0rKvs+ma2E!ma%`tv%#l=W?KfbnuGLCL3JDn
zq#A$R>;Dj6U)o@cH|&xCrq=(}Qe*zf@mXXGQkP~-Pqeny32kc2H%}Br`DvmdH}I!3
z<VdvL?kQ%SZDV!TIyI+JzE*dznsX2FNh8oAY5p2fA=g`6O_yZWYwVd^=(~VPE0lM5
z>bBn3&u{LTuMCq5XW_Ms>jt^=tmE#k@@5k?ZoY*%PEY#S#S;yX=AgUpr2w|&WSyID
zB3WP`1vP>&xx4S-$-QT~IIOpx+zSJ}d{g)YxAXoh%X)xSCkXMM-1-K~X8*}es=uFO
zX8z|cb6%gOf9_Hj;98{u&ldwv7PkqHTZbbbiHn6QPYx4#k4Uhqm4C_(huSxF!@ko|
zaoT?W<)qIv$eJi$6;(sM!sQ}7ZIeDPvUPgmMHnnG2$MC0HnT5cnRr%&8Q(LoI6HMx
z^^^P%Z40H2!_yT#{rXe8d02dfTrQ#m?ui>W)yv{HsPUVE*pNP1f7`5*+Yoy`1~<Ff
zMr~o4H5qJuw=b`;#lLtdg;Rg^wAAqdYE``S5}isJcGq_kY=69TVAj1R9DCiXg8BOa
z&rXd07^bJJ1EsUpRRj6}@dn?~+CQJxdo)|h7XgA{AmjV_8jIlf`lbFK1I9kB{xzVA
z$il4m&ZYjU$keQb_H8#mnaX_gRU9wp1w9(AY+fZNMB-ebmT#**R?*-)<$0QsLLvOd
z=K?ly{!quM5;V5%t_q>3-=h8=KF9d~6y@ai7;EMZ{4t7I9!aSupTi4<E_|Dx^`BEf
zov}K{b*p_NzDa33k13$WORHv~Db;Ld0j4|a6}!Oesg!^@Z0S)Hwd^Q!YSko}yQdR2
zZ2zRxlGO9x$L#*8ApYc3;CT!0k7v})J*T$sS@}XI+`PxG4hE6OYM>plblqYhZu@%4
z+N4xog~-h~ydojrq|~Jj26_KHQf|mLyL$HXkiwkM<lMnugyLPqj2JD&)sm7a-*m-4
zLf-VtwTWZ}8y{3EA0?R!+v$x-bJzkB^2dFo+|JXx|8+7`=al?=#rLtPubC}Wl>m5e
z2ZGjl2l3R`hyp#q)~MQd381xN28~ajG+45^uGnD-n4u_j+Ksx|sfB!2#El~|B~;-q
z)Ap&E3>@+<?H5keq4nR(K{8Wmhb$i5iDcF=Ja^vMeOcU?J2l9&g0G$8>8$%npJTOB
z&PQ;A;G2HZW$y)%Lu<RsZSV2g8ALRF&h9YUS;s4<7?s3Gy{&Z@4-Qj8t`O@BC3(+s
z7(vEH(Ml;vsU19P?rQJm+ch|r@tka~RTglK_8B}In`*W%7VATm%tg$1N)5Mcdp8RO
z2||`!|5&&7VYKUJ#H|WJqwrX<u@x#~i9f284~L2E&UAOje~LnLTM!XB0zM}M0<$}2
zNDi4+mx_z79TSSRK*i6Q%_vV)0wS77AM$qX!Pkb1Jif1>(8-O>2XO6!qtOldW11jy
zPH@yMW!u00{zPhr@AzCaS>LU9QWISi{n}^xHxj8$wSQSPcc3XBGQ$p6WSLQayOF@o
z!czb!8kuw`Kpk{h?F8c~xCz{7G-dpZa(Do+HR8J9kBE-aVS~!ZIcWEK8XX@1iY&pd
znyEatke_u4&D2P){1ZX6WseV4_88y#BJIoL&s>zyXBRT&sZ}-8fdSWv7Ls5+47rma
z*}+0B0i^dv<AvR#d1?o3;=$4(t#s{HT^E~G8*Ilaiv`n_v6wH{tH@XK<_CQ68#NWK
z%xqf0*|Q5X$O+7vTY<K=w%Ysuk`pUbcL|D}9Q96kVy<N+@JQ4m)^EXTAK9{RNVdd}
zFX-({Wv7pnsPmRJnOBO=m{Lr%wVDH&1-&{ro^b|~f0`qm^wj&$1{|)y4H2v0^`EO?
zatB-?vNeV|yepl+UwaY2iTU)D-+EL>f>yJ75-a?-n!jg>e3&u4%L~R|GiY=jlBITO
z?`zxI`q{b<FawSU<fsF*?eVv6J_)}ud5!d!C(G~M2xTcXLo50(_meW~G~SDTt1^lP
z&2dtTzJd?Pd#k)s=H;Sj@UT0yYTP?qkyNTYnW(NOvYY?5M2YVM*colHJg!K8j{B*s
z4EP6n{Z)st_NKwI6~qhkBp<=v&&^CqgwdooYJSzQ`wm`{*zv#%|9&9YIM^S@d9Ao-
zXe-~|7FK#wT6-oq64cb+GIltIFle_JRfIJ&#lEYakli|}lElzP2d1eII$|^6eUR7}
zGHcP*&d1$QL%Blk7)6)O^}Dhuo~55ttP6?oC!lrkIogw&@=TE@D7dCd)E!;Sq4N#-
zbDCLj%~@%}_z)S^Ar}leO6py8p_1LPsSCt;GV`Ib)vh|mn)bGn%yD#CYY}b8dbde^
z$xwG?w~NP++2Z<izxN<0VtKCD*^zJrsdYQWy7QSWx_F7AUA3zg<P6;jSD#&CqMKH7
z>Q~5g-PhUS$zpFb$M(HDW*jH-z0ZQFWBy(Fg%zFRU=J;(SnY)PwZjtbO?+@npJY?F
z*7OL?lSC{GM&qGxuj6a^uiDc%R3X$-b9D(SYw95TJ*R=@t5SjV4Dbu>4krIjsBN?>
zR6VjBYY7KW2&Czd*0d24h$rC?99W#E5wOh>*@B}9<=b0(#L>z$Uwo<4#i_5k(+)A?
z;iG&Eb6P|ce>0hjOf4}8wGk{ict@A#<O=8K`|f_{-%sXF)9z3?Pk6BBxSE#4<}9b%
zq&-QOw@Q}>RQY#3DdO)FZ+Ip=w6o<_HNg&qd$i!(dgSIbp}==!(gI~;i=pK<8`>dT
zQyUFb!GBzG%2|j%vDT)`ClnUJVsoW72jjdRbvG(dZ!Gn5-Ik|o9EogOU|Xjv-0D`Z
zFXtzd`Yj%<s}y_g56D)Tj%6AsEw6(O>L_lu0+(xIQ3utqAh)g0+Dw-_7T8mETq+(c
zc*A~u;xmL0I2v@7KBv5fflfA9rqdCEg~GzPM}xDjzA;r@Yka6q2Feai3V08JJ<r^#
zyk6<AXTocP9~xH$EIK%4wwyiz^-|Gp{bt37xD^r@#}Ev>XZvp)*&1s%I<wF?I?eM=
z8L>N>EMdb@(R@Wkrihm(b;jFfYv&bI2!@FmS%d)|xct{ipo`5o0?p0=@ey1ujJ$%d
z?=1uUIgHd`e}0OL0k9`ez7Ol36J;X~(Nza&Fva@vk@*^WB*m&uRV-Xq8Puo=I7q4~
zC8cRVeEGsYn6xqFG0Z(_{*MAZj8D6L-s~#1Pb2M)z@g5>2S&x2E*wMPYX44?!YxnT
zr=`w5VkIjFc;%O5@|;;s>^nUL_4Czj2BZN*&*n{p^&ZU*H45|~d;LkjA&;bMYqD^d
zeEQ&8!pI=K#<XVVGEgn1ME7w8wWghUV_$Kuhb*R(SsCb}DQ&0KbAdmJfSZ+pQ2LcB
z(YTj>(;{!3i?-dhG4-%+0&;athI+1ZVK3UTs|Y+~{_CahBvbu(swcHmdQpjTK|<ot
z7_t5s=EAOPg48`+*!+;1bjg7{pbbQ@5T^9P-jvSc-$pcX>uE1#ALd%g-C0j(#}T;c
zV6x}In}*nwo-*>6u}Sjg+5@|+39`t!bND%p8Vy8i#2c%ny)aGa`s6o>;MxwyQ@!3V
z6}7cUCGtW{J?fcKV%%VJr@GZhOzp5@{KL^#(SI>bmUshg_1=x*YPGDlQE=5G#mhH*
z?f$i~ub-J;zDOE#qT4)GB>UksMP-^mnhWW+1Yy)+5)OHj71M7>e7Qt^tJYIq|276h
zpjmN0DZka@DL)PoTwO&BTbjd^ZPdZ7gnykP3y#IV#$yj&++eLq`x+>KZFN%#I`veT
ztG0ohh#l;^$?1I3Mm;(UcxU?KQSQFLg!mo@%S^I?Y`adcSsQoO>B~8y=%Ik<^G1h~
zsv}ZmV(s-{4%^`~D#|nktKKO)vz!8l`nf7SzhNQ}(>DlfhFdq1)DdU$>M@J%>sy8(
z4ETX|LT=88b0S^n$bqg=!)~glNdxJ!7Hy0+=3$aH#uww=9eGQ_y7p|i&aTC2ujcTg
zRh}%f!dvNl7<)Q=h;Tamz!8jr@lx@Ex`{dzPGf`caDqQK9zNu<;SC=&<+9Pz4=XNr
zkoip@CCzQ4C2}5|G|6B7nUpcpQ~N8UF5gA9=wC<Pi)z)HO^9yf#T&x`vF7nsQ--H@
z>BxVAnbLqU@9@OuM@ERCwHv|`IE8+GVLZruA~7m~7#Y8j?*FH5T@L9y@dr6W^bZ)I
zuwRpICR?B!ZuBPk<pjFLyY}1bdST_SAYE?Qlyith5lqVe7zY36rLge-#7TPjKFR-I
z>&~?T!uC$(zv!1fAkN-z?+YV_B)#Ma84d9uv|+v527bS=Cc9sVpge3!hG{BWHETc8
z0dWXQhS+9pjtq-mU2leGo(D^N(oKvZY+m6_j55|yJNqyskL-q;4A0hTt{Ly}gZF3%
zAm5vle{8Sj@>~>H1sy?fP=N({Zse|chr1jQAA4*V7YE$@DLb{uA3xBp!=ux#OT??S
zNZ{7v3FCg*qU&xpNFPsY@e7E+%UL@JcgZFl^$!3(Jmvnsos!jq0}U>+v4e2@2&?%6
z8r{1mP|V>C_5r+n^3>E>x$yt1`M+kZ{sEIFKz$)$dVJ*b8?lxt4ELAUaU(Pc$FLgV
zf3%P9pL7o3ch=DfijT^f2vPRY2@?3Nl+Sa%wS*x2|2rJx-*zJwUH*P4g$)?{wktXC
zZTH*vq7rV4-{hJiar-$vvhr0vE9eCL+U8^5LU6X4h&aALXKz9b`kSJ|rX2aLh)fh1
z5u?9>LnP~=A0aI!aL8c8eaQaxxBtvJHynAbs#V)J_j9%(wg}F)Hvjc=As(8)JO9<T
z$JRR_Z`>fa;I(p!{Li~49XdhR3b3(N+0HZ9YbbO_Fzy3h3Udpc05(6!43eS%v2-I5
z$G_Si`;aGs=(W)aqH0ExLJ&+XY9Zmiq}cIVm2>H%6O83Sb?xUk6C@Wv*n`_Qdgugx
z{`Zh_9Rf^w*Odce^qUIQ{|84OB(x+gB(`KJI)T5x=G4Yj0gGK+^vCrlu>(k6=g}5+
z^+X)nQ*>`hA(Ea=A%kSeA%p6qzsw++YurK{hpeF!BtJ1AMmPCsR&<bj)$bbn)(08=
zS|yJa*-Dz8p%1e5x5<hsiIHT8O*NLD#nMt}h$QcSh_LKjLOjspAVvpsh3;nk2u2Uh
zmXJ|>)JXUeS}FuVzGe#IiNz(Zmz1P3&ia!RV)SAj<K4;y$onrMCBziL*M!#!HM)_Q
zBcT2zA*b;5@Rn94!7MvY0(5uu0v!96-|fgbG3|n53II^ee>0^ngG6l~Z2Qk^U&24g
z00W{eaJ&DTS5IXKob>aMxkQtgU$sv9194w&i}29O(!3bD?VI#r{w6JbiuT3v*qQK6
zgih?ahE&?rH=#cC6wk0}$CmyKblvD+Kmz+WgUK%M^sJkDbj^=TrHF$~Pq-4T?oKJ%
zs8Q%b$l=72UGF1VFQr1MC3E?CG6YJPm;*i{*YQ|{p@Rz}BEMK3PQJASL&RD>kSxo9
zV4`sY=`_fmXqI!KB>}oFSbNt}FhB-%OSqf*wyHG)Z7t%BN!H*4y|Jiwi;5IWvWA?s
zew$T)Ye4cA4;A(UxqWWfWH<B!Dm~vkEQ9c14f)GgiYHcKY%j72E8D}GnsFWl_$XwG
ze=T3gQhjCB32$k;E`OJ>-`1Hj`X3q<e2O2v%gqNqy{`4-swC{ZL8?fgGh+C8SU`4k
zUU5(8SCv~_D$tI)N*quTk4k7H?8`GX;XtA!6TLK`Ph5uXRwJ(;kOtynwTj}pedH-S
z(xynnF`KoO7&$mN$JrI9-I!XZclb=z=*NT&>7%`&5>CVQnOV|-4!Km~{8K1p*WTq>
zZ;?Fm`O)0@6tJn54@p#ZqO&+|ah#J71Q@-~yC~8adnMa{Q5$+?vG4S6@UU8ybKLGa
zCz(Fcm8mS?+f6hOI2UhlCgqS=8I1*bC582ym}ch2vNEEyZHV?To=Tz&U?kUYYR%k{
zngTZfg+YOD6XQmas%ak$HFlV|g$y5BQ3I<Iv_QKxeo3yn*-+`OT)gUxF98$*4gy;T
z2Dl(ey4B9!sSXAh$zHv+><|AU;5UkRji?6<)0asYiZCUYkLVES{0_{4B2ne>&`L?b
z>=k;zIjnOS=0L&|ObsIcn6!m&we$N%Jk%~ZYm>wEW;)83<cJx#z^{5gnXn6G-c{^w
z{u(9}J$8}8eSwV@Z{*MZcaVkD7Y!^rnSEPhH7@wwQ}0w7$hwNUW+mQ1Jccg6_Ob0j
zK}UtY#3aAhAqh~c48dQ+-x2x-O&QXrBR~c=h?|a#_DrgWp)^%PFdD}l(2n~(0CtsN
z%`$T`eTo1gNF!`kGXn-V;(D4+W5Fi4BibW8wc>yfO4D)npsN%hZd_DyC2W*=p0+$2
z-7@&S9dkgvEza!qA8b@0fr`Af5*5B@ChV6BNSio3E-Er*(2rq7kp@4%(o(J-I7x|L
z6$2dwD|wygWrRD@9EtfXD)3!|tvPZ~OLFukz=$?@TW<mn%7PIaU8^o}>2J!Y>_OCc
zeaZIp<{<2}U8lr%Mnx+fyH<(l&xFZV7S?%^*P;RfjzS3H(K8GEu*)xa&?>Z))ZZ!z
zdbi1KFu#^_o1>n-_i4I7wJ6nu9sSG|NEGDP5Li8dc9}GZGsGECK{dt*j|i9B4PI-?
zhVgqCthMy4v6LSeARS8Xr}3A;)xr6Enu+v<UBC<;*4Z~{HuTO7ba<5YPY`E)!qzM1
zU~acz7;+5sduFnWH0Md;<uuu}-^Rhs>lI~MV5V|6c9!k5OjHxRmH@_QM~-Bb9{w@t
zyhu^w^fD3Ey!e40@{3AKsM=MUl8L&~v-<|m68|l=|Di**lCwJy()2yHq(f&n?^}=`
zhUF0EMg|<fnf%88E=u~$mwI%QU8P@z>9UY5p=^Vl^+phT;3nxN>Lp-doZVD^q;2YQ
z?|E(J)wLKz<B<jwq$|}=Lgt``K6^}`^C+mY9BlU3BT`+Cxit-Zm!(r#`Cu=;CM$H&
zZpg~!pC?gumbAroz)beowjad>+9y2k>XtAwiFr_sjD7ym4w_=amvvqPRQKmT5fC|h
zX*hd@@?2N>C*jc{F4wXa*a;b-Mq$;`GFa(C{R(1^x1U1xaEFnujcr56aayCz>vp4@
zr$G;f?*T!zEF?2>Ab7XomoE0(eKlP6_hXbj+HD0E#-8LQ2vtU^J~s<N7-7KN3jI_r
zFwAwOMWG&L14<mDO_R6=?;Lf>|9%|QN)^;g72@Vr0^T`9CUNIt&J$C+PnB35q-)e4
zPD^AZ-{&6`1fDu+*U_FM9M(F<`Wf5g0axd@nCsSEtKx0z)Zi?CXfpr&M*@DwCJ>@W
zI&gdagr;@z2o^i=luKn}Z}D;wASd6K*UTf!Q`jZp%=%_q1tRuUNLcVAfA-RZQBE*9
zB9T?n*!oWFwM>Pq->ckuLV?J$R!T(BIu)F6Pi<--)swpwzBA(6=%{1!XCOC51t&`E
zh%`0gX?RDOrYDz^G}UXHB2p|9F5E?!>-SU5K-A<9d^I61=bj;I*|B@R%m_tyz9zX~
zii=O!79e$8E~L=f1n~yfghF+Vq#58qS|U=Km0ph-fcY;&ayhsOZ7I}x;mdBmDC))C
zi-LZ~rnrjd0@GKz)a9Z>C52x~jKMVGIM@8!N(!jv-B?8#AW;-QMETdzp!}@uZZcRQ
zm+pRlMEQhMOEF||B<6`J`TDnU6P4P-bNB32o?UkA!WT28Wjc){YHbcApu)?XvC0&O
z6q3PXeG69oTg2VARtScFMZLwW{Z*$e#+z119mh!y=rM#^b}1?1mFXTXmXxFBk?dp|
z4?R>1XVe-oU2U>0=<4WKj(kjkPA$I~;AWo35!<vM>q#KRLD0}7!Fl<*is$`nEV?%y
z>-+h<#QrI2*|kB(n##{uHwjFk861hFVid98LkJCq8Ry8Fb-l&4EJ5!7f*4*;XoLKy
zQP`KR-$EHE8R3V&={$l3pHy+(!nWvjc;eCCY;_*F%kHBYC~KYlXi$C%J{jP?54O5W
z<2slsp^u4KuP%ORJ?P&G@r5f3Y;eUvov1f^%rF>j{?^Iiyq5z)e!n}t`9VJwXl?SI
zOfBnH^qJnRGO(_T&3Q^I>AeD=fBf12`cb8jaCxz9Fvq@(NqboVdURAs7<%EPG=rhy
zW*4YBdHp$apod)?Xq)HuNFrq}Jo$OliC>vdqPI#Gs$L#tBPP&fB_^ZK@*TI3k&gKS
zjcDEU0Jwqu&+q|EvdN5HLa<4ga#H~c@8VRsd)VkE+)P`#tw2iPq<vf&Nxrr()2X_^
zEU(|F;7!GAwa_VVmjW(aIV$);OvvAfZ#sS?KKNOh^m;<hYjOUyR(8N{cDI>s_0R#r
z@-U%fhYQ?%+~~L6)O+nvx@=ngifxacT4Eta^csA(;`OZ_fz1#j!D7U?BXFs|EquQk
zD}V*_0hTc70rsK#QD1Ll?%0G^5Z6p+cGsjMObLT&MD8{ti$J-1^3NU{FU2GqluHXk
zwJZG*bE`r3KEDXy*J3w8CLL0{JvNWV1=&ARU%#}h3rqj8GK)VMH1r=<T9eoU_M6$n
zV|B|%*0}x5oqD6<fU?!bq=|yfj$RX)_{Q~x`|LVK%(wIXm4IywYQ?8ud>Wl(#$!B7
ze%pUlSd;ezyS17A`ofL0<?38%N)~Ng-eQRg28pe|iTt|1JxYG*t(8F}KmQ`tP;WZ!
z`vdKPkX1kKw<+rhp<@e6{35%B5Mwq*b++(Xg~#~b?8a<LDuWS?U+r4@q~aqyHyhz~
zxz@_BmsFTd;9rJeoXll&S5ErHo#SYO&haLG6Y`e`5LV2Gg(Fs9*Fyw|`^zuAr7QB8
z?xcL`1rkn`2`8@*gOl_GGc>a#?kgvBW$aP-KTFvGL-MzR7BCIbEh2^AeF0^H>*?CA
zxMd^nQT!G=x|-PDcs0TLjJ(||Na*^EJVEVsDMbcM*@h;<U2Cfb0<o4;Q;AcKwb|Jx
zjGw14*jzVtgbXc&FHS35c-EGE|7b_R$m`pi?Pq%IbN%62`Q%JCHDqQvI;#8kj~(&^
zPNIS%WHZ%+D?DIPd|$Th`a&0^_T*WSrsc32YrH{0hln9JHIF5iv6!s0vzC7~?=irN
z?HZE`+|j<b`i`F@9KcbtE!CK4IxIBz_|N>gOX2pT36%E?Pc(et_VE-63J+jaxdlTt
z8h5t^vOC{7QiHv8moXY_5TaiC`YpTCODxKd0+-&4Xf$D;R8d|vk=2RE;5*?4B6CXk
zQczyEb9w&dmRKA+a?X4vEe`JYeXF|(`V&U9g%EA>Q&L4E3HGrA&}9Q~FW2?IAlkBL
z9`Iw9@b4np!U);n4#|V9t5uLXRVs}6Nd?y1jy_muQ~*eP1K=z)8UiFXfuq8(mV@WN
z)&pQp)Y29|I0%P_bh-<GVB37)@lw2vNAHQ#-2Evh=PwT*BYkM)26CvmXW)!KKtm3;
zd&3GWI1S)*g%Oz-geDtPf)<t_w$<)pf)e;5rh+G?(!~hn7F+yjP;D;o3zUIkju$XE
zul}mU)Jbx$Eo$<*hEcovA;9h4)^m@(NHthEue<B1DX1><S{7dD7O(hS6FxvcIIwcz
zW1{D#4MvH*!{aRh2GJnnu;C;e;6;jLX-cB~cPHh$)YCp_!@^fx{Xz!n{W+ehT1?&u
z&1Xydt1?dFr+S$@pmbizGcPm`4P<?<`N#$RND10$pak<R6bb$Mq@OAOJ6T>OJNc7Y
zk($*J;4W7@#}z@s1wlfrSlr|C?=SsNbKKN0*_Nty69vGN_~~}f!oENkabI2I$P<uU
z{j7PqH>f)?v@$)OI^q7Qi6TW0nK&#)Z3~0;@-dq@STMhv`DwYdOC~rF`v7&<6wzRT
zeFC$f?{yX{Sf@*8{DQP9c<wkjqfum@6Vx5d0DjW}Xoz74|Fi>_*n$5<Vh5)#1F&mp
zkG0dESFwWOc>%Dlz~c)AxUA89FS6J?w<kw**bBQ|6Qj$8q<@2uPI4oX<<?K(jNmH!
zT~xnPn9ag&{~B~LblOX!^1jc8df_VE0}?YcRWKq1H9`zxKM-a#F*3fxspC+>mfg^j
zj1`y2${=je=Pc=ps9<NJs=pCHt>CHd;jq=k<>Yp<;UBJt?X-!4pC?DU{iy(^a=>FH
zB?KY5LTxQs6~2*OH?!2)o*5dPM_Xh816PE4y<p}`zB>&1OWE~cDLmdw>h+%Z;_ePG
z$jWKUJbjj&rQAaci)EntOJfjgxhjS_6<p9b8`y9~Mco^=+i@Szm7q5FngFNnp9trM
zp#mocxz1Jm6`{P!f9wP!gP%R1x29#mzVx&Nd~iVxAOay~=wm{dZek5Uei`uC7cuDT
zJOEF#t`G?Is;+RwNPmj~g}tg4Wv4Xlqyfc~Q1G?tO9?3n6jN1hb9GqW>5s=xjay#z
zZ0{!F%yp_nUWV}R1u&#V-HUXWdN_~1$gjrm0m{L`W!-@qTaLiXM|H$^5Dc^W)`#X6
zF~Ca{1S_l-oD95tM{ZAtAua2MNa_HOn>dg0$bNrd49mLl=q~fYSrwXFJ#L7d`Qj~6
zGO=X+)?sxH<_WE*D!Ov_Rt^cX|H_kAn=4zBrFi?RfbM+!`l;f(I9@un>_;SSTjtT2
znp9jdj4s0c=%$1?0&SE6)ag1{h*R8H?<V;(fn4LROPD2TXCn{Gz5_);2-h9BU*^$E
z(&ACd|KxgAhUFb+>65i4{g_jAGaHIVDz|ZTeAPMI`x^4`?XcUpIMDnhz=_Ws?S~;V
zQIm{r*Xc<pX??fr*&grfs4n<xgNx;(2;;z81E9oW^{Jfn6piU*<N)&e2x`eF229n0
zYPm^8T!@GXacEZzIpFo%k@jiqgyV$G^3yIg;h9j_Jt3oV120~4QOwSTJ3xc^0A^}I
zML<Pr`ZsaJ&hi!QUbJu(>XsDn9WfV)uEiSjF{n|grf-_h`ImM&MSsVX5FQg_6FSxj
z$GgLjq0*HraUvpUkuyNBsU^!qLr`KGTgjQM>ofjl@XiW4pfKEp2)=0l{DFxP=u}ML
zEowfLLy{Nm@$=T2CgW~>zHH^Us|=MWu?sO36LH$f=gc`a70V)xTsyEGHpO19LWbgs
z^QO;C%*z6H&Y84FRDekJiE?L2*FdLmn!a((33NqL&B*~e;Dt~7)JM6xtb{^BUkXf4
zqO$$1r*b0`$mfw)V&S@11ao549wg(@Xc2=9t&z<I)5foIdMK{apvKrf{pr@Kz{;us
zn6CbXE9T6E=%t^>12c!CtlM}Y;aBZ$(j_!+Hw@y2wO263uLseJ&(b)u{<6XWNDck7
zGozwX>Nq$|Dib!})H4Th`PT8(r|I5+dInxDSCfJ0WTrp8EG;6RLmRzFtLpptCC9_=
zq5)H!x;w=5{rqk00|}E!UPH)N=%=F2I(Xn2Ml5>lI+fD2KG_74VUL11wIgY&9Qj;V
zIz2y}Ba>-(Ui8TG61(3L8h(Q^xQxTRyphkY%%(kg13G!{UssL%)Xi%S$tz-N4na%+
z*H&$YR_$slZ7ncLn=ZnxNl)GyHF%C1JcCh3#01c!)r(;WN5NBXFj3UXQ&Vf~3$@m$
zP)(RYsU_xPzT%=`(J<#W&(5&Cn}VTKyR`e!eoNrc6?m*+dc~l&`_OQc4s@`u^-7}h
zx)<XHe_v;47{wBhJO7sZkOLI_;`S`ixH6D_#CV1^bDhBz`DdS}_@`^F>;lu6E5Os=
z{il1on^l%6zfie{-B7%D4C>Bm)1(KH^7F!9gM0ggb#BYg;nzgwN2?nuxO@DU#>nkF
zo8JVg{OQXTsQA#PJQ1q%{ZA6Ceuy3%V51pncIFFvb21(&FQYusXw{*O`}pr~+cbW6
zSkKUE@yRT-F!X+$d#y(tAQWWad|Bz6XZV9R@H;Ch&HrrM=Keb~IMzoc!DHA>vY~j;
zK0;Tuu17ZgP<I5B%UHVHEH5>&GB2rGhsQ=da$n*;cj{F{QFvmbXMQP5j}u>;a}TF#
zqi#1t7jAU~kNiVPF(}7QeL)7Yff%jRxA^l_x{2>a3{|Pn6}DY5qO>}wYu0-+o_U9N
zpV;!H`M`V?(_{5OkW+CLPh78F!4#~@K!+DV)fj5P@9ip)UkDr^2`KCM!#$9<k(8J4
zi9sntl=TB3ry~0^?^ZA|@2wQDAO1=}as&ss*(%u2A_|*h&yV#g)jr$a{LaK1z4JZ`
zl=X^=yx%dst0`8~cjlA0`@vwesO3>z@&&D6GTzHnQ2B0(fovZYyu=RtlQjmDB^0uA
z#SXMt?tG7{I@8}SpI&Zl-hO*U1;bhn`}=LlgZtUN`#UOiL{1kyh6xr5B5AHN5OR)d
z8FE%r0e6<F>UR?`jaf1^Px4?s&5HLw3^_Z@fYQKRE23ohxy>wieIML`P)ik#jb!+%
zxT^7UWfo0X{M?~g^lPW9ZXLiwHWmNfvksstQ)2(hEPH+Q8OM>a&h+-N6E`fxQpL}~
zSeiGT+^I1%_mL1K<Zf)xDW9Zyv-j_j9XPCxD$LkYP2bv7+tyT@Fvd8A<bxTdPta0L
zzK*4wH+_eSu<t8j$Q`|vakE0KlKrnQLJ+1Y3hbE}=3;nl^wi?y*d!Q%^^6)e*Lf3|
zE!ln<{Stj>79g2PpHAWcCplWA_LxvEdNl5s5k9MrvCMa0;cDBg={>ADgv6LJV@Yct
z)4DotQ#!HZm^n7T6r)L);PAA7uVgHB&=!l)<!<2QaZ&PjO9_Lvf=N}^yUTS$bAxC>
z)`jAoznB68NPKje$zI}KS>!3c6{Pw!6vKorZ}l4%*|;uV%&P;&v8)>d$iZ~Hmse9y
zMKFY;pHHlBZoS!NI43JGOT$sOZi4mjG@6ARfVStXbm|M)=3ltYEjg!1^mHNxzw3J!
z`|oF5bg4+zJlTf3NKz<{=hrew$WbEnv*m9#sC4o?kX?8;(ta5Dfn>wDbr(K-^U8_B
zBVLpK@ivY#Bqri5CnjU<_oWvWAeN19&I>PEb(958lBWg(7g#Q$i=kb*#NC%9-G#R|
zRrZ-l;C`k4T)lfOvGo3`(H<LPig>i0N7XsktEfBMsx9}|sdsZnXd~RjgOpB~zb)-j
z2_NCMu(_F80u#eJfRomE*x*F2rj<D{yDEzE^(Jx075L*oIpOm2zkF!~TcH~wF#lxk
z;W#Xb!q>f$Q>iDnuCVCLU>FiUJBDqQF%+*u79HRT#Yv|>SaAMlPurfHoKm^reZ`DB
z<<<$gdy%0qxbv-Ga&0AcCn-SR(k%TLj%;Zlb)XL570wjHM4aH%SkbKC-N282T`@pB
z^t7-OBL-L4HEQz_gIMYMH_5xpW$S*3(o-1YmoDv`XPdTY1=Z_V&<{m9XjP^Da9Jgm
zT#sMy_=ypL^g&FfuF!Ezf6EgsFLq^;e&Uz?{5gvhh|$$fI<OP4KuwY9W~Qz9K`#;B
zrK-*z3bZv{2NTIIi2R^DAFLFapol6wRXT40ARVaA)ePM!xj}Pf$X)HU0Pf0Kq4Fp5
z4+BXg-VnG7ZfJiT+}wRg6F9|-pY@ag&?sY5h+CmKK}RBqS?H*|*?EgkfcYLbBcI=Q
zCdTT25Ndm*{c@2?_}GcPj$y!5c*^ST3W#8)f{2!1d4Kqbn{Ua%4tOeaHC%UiMX+Ve
zMa}0X;Ai@o;7#UyZC`wew-mRnWoUpFT24v!FLVZCc~(CbiMRD5k=;Z<7Cr5;Wic!>
zMt-yV7l}91BauEQuyAEwN#IvvFK4)c2@2q`p&X*khvL;35d2(m)O}+LtR#iptc0VT
z>4LK>b4!F%&>8ThoF{m|&!$J+*MvZe4H1=#5vW>+yd`%E3Bd`dTRk9Glw}nCcZyUl
z4(z4rz2|d+!k4|iQ`D_7YRf+T*#&DeH#I_yTsQUKH`O`mgr>{k1L%@+T4kvf{BwhG
zQrR461wknr8zS@Hqr21eXwRDy^KASmauo8se90w<%QPp(5B{>r<<qfq{3@2t$>CqU
z=Y;9u2f}z(+Z$3`-Vy^M&vQ(E#MTk&be#&SRMOm!Ik^1LQYtFRV4(5(7y%?J6p5U*
zS$F5&<Ayav*@0<lj_Wv#uFb%pc-m2)1t}k-;Yr7n)n&Dy27Lt>%Lk}G$R|OIG-~a=
zhlLB!AT^*#v2u-zeG?(4xeeKiK+S_&a%Q_5^1y(a8O=qSD62a%e5>X>^sG%sB{P+W
z2jX$rNzg%&vVdSHIfvGQ(O|w^jcWC&@lk5SWa&}cc??$6A9n<+Tc<7VdEVmE7{N7e
z0mh2h+2gb>-Aaq_;@z`T-ife|I5;7r_TwoMh1|zrv^GOxr%`pVgBq<Y{a6O<o@^rD
zCT+{`=u0guCyn5ob7HEhg}b?I^XMr>aCw$0!Gl6!ijan^>6toMtGJePTaed0DGBzw
zFV}?@m26W2m~Jr{8kRzfSNYheMNl-6F5&%;kq$wNtO%RC3;d;~nW(vJ;sv?s5p9`(
z0TSgcIAR~GP*$NTLVIwOj#LBsKx&Xpq0~jpj3LrI(SWnNeOP+|sIee9=<+9lp5Hr=
z08>sUuu#?&Rpf|UbutnwsC;8`MOZ&A5(laKsH3om5ihM#(`v<HCgygQx{@4tqI_ZW
zJA0Gdk!!VhV3f*V*U?rcHt|J_B#1fbb|*_wftd@&e-Cec>@0nqG)2KbAM-JQZlG9g
zpD+UCsjBZugL6S$dyyB>5}9|p_3g~ekt{7>5`k`?<dx8Occ@WKqlUNJ(^JLI4Nroz
zjC<erg&>GHr|T-tT(g5}7WhvozeGU+zG(T5y4q)`y+%V&HJD-+hz?=@G37sRqn$Y~
zDxs5s_gPbzesX|(mv(h3(N&*1fPF8Dfaw9!k(cLncBc;$T^DY8lx}q<ui~&Zr9pV_
zZv53sR-vCx>l#Bo&${8Kw0zHe=)!OPNY8x<v=4LO=k*jliE|Asr9L<>q=XQp#`((Y
z=~1`0*3>}F`|vao=X&udEHmjJo0h?UB`iJJ(WK*Y?)qWpa-Lx^(sIG$>~anbQR?#A
z*;{+yl$-RQ{%{{@F>H!=RZ@<3-7KO!2+&rTT$huXe9K77XiJXE@NN39rswr!rs8e-
zFS7fOy|n|nkrrFM<ct?APKZFu<=jBl<=oxI<(z(gZw-5HZw;etq$OJ|-t|H=-ZdS<
z*Y$Kcx8j66_*S{MmfRfYO4Iru#k<zMOFm8hT{5(w@2w@u#+grJ7<#h#oS9om##bdy
zs}nN?R;?p?a53k7A1JoqRdh4wRTNN3+BH?Fm~eTuNWc*<-Y7QXh2+FAbU^pbE$k(M
zVW@n|jMsvSW{j1dm3?xM>BphKsah=&`;KDLE`I_UpPs*L(r$$i=h&5IcG|vIS%DM7
zC~{uklBFeYz!D@#fXaxAK1qcc@BJghS^j_84}Kn>GlQpPlT1mLh9+IcVPBSXVkC^R
zftv#mfp2~y!w_vHgp74!wzX=BZoY_kB<(V2CGF-;L-Ncx9EA{iUSF$)CGX_r7{d_p
zt0tfHd!!}r`Hmy&807q{58#+{9{-rLQeYj!P&DfYw<T}ZzE&O4CT{-!jt+FrFjPFC
ztrN321pKck(TUL+8F6VBq81ptdSHbl>1zr}_Y_1w<{Yj~HRj9=32y*NszYBV#utL5
zW0XcMk>_RE|JaSoLeM}Dpc%U=tAW^Rna(o|RSo{pi7|}Us3Ynkpsyv8TGfg9Abue=
z<3%5U*z5F+xcp~js%etZIp%22OM(kQ9#UBRZ$X{TH3-QMZwR7{H&pt6i?JdQ1dP~S
zNOJ!NqyKP%L<}m0_)W2axO1r`LNr^jE9!;7OJM*R(ys8hONJL@MnMqWD1AAdn9V3_
z-m$Bil%zT$c5}~KqD_zgq#xEvrd;^CnfqS;r`f|U<LY{liNih^bs4{v9dQw0n@rq)
zyyDSHGA$B@1YGh;-RGH{ih|X1J7pNcSNxQDDh7x+#vOZ}=iiXEKi%V=+^B|%K)yol
z)#{fT4)im_+&aPM=Isnc?QLmdKo}Mji0@rN@V+rx^4^OJCYvg7Qlfo%dl3W(uZdyq
z1!O&Nun^Rp7dG!2fCb)LhTJB5w`XaYQWbx1LY~Y_HzU(s6;L5#*3Qb$<$xaMXTc{M
zYfkr?L<N`Q142>wK)QD2_QSldF@KD_ix3Rie$l|hTy9{bf19>PkT94=MzHNOGCeQm
z`3L~F`ylvcUZfhP%GB6VOORlM*JeqHdH;h3Ba-9{?{0H(Ir(J^NMGHD0PMqK+tJM^
z9AECm0A-|k!(*0@TtzI}&wT*M$G!??x!=<&d9vt`Kb`zylNrj4J^YO)9rD@*IFFdN
z`(E;d@#o!G=k8l+H7zFaz5s^sK)F0yOy$)S`SOeiT&1&J1|V~0l6chz@5HJG6}14q
z|5MHRnTzhxsQfTBBZB*@{s_18t1B(SMB?Llh8(MTW&gvtKDd~{&-Xy}wC2j+bXRZk
zQbo0Ss`nsOD%cy#a9IF61F1H>0hUvcbKX;>oNokB46~UUZB-i)T)1e<<>MZ4r}DMU
zwta0$1_*IG#cqI|b(i}BqQCDVLYX_uLaXAo+tL6^)t7f(Kl4^8ur@bIa=$!B^m|@V
z06c}suR5+j4UBPh4sdn8qZ$%otvPJ3eta4bLNT24L-z0N*W${~bL;H)oc05w{L_2n
zT74{H_e+i^V<#rsWW1qu$YQ=?%u=cu?tK{a11sQmX8%(oGJTY7IbM2PVDsBVl+rz{
z#Z@+A_;u*RoO9SBlGkPfJx~pgwcdvUB+)f;pISAGq>zGbNd>&m_C7$CZ=ATDN_fhC
zCfhfR1uVF-e(or=Hn^%e#C@Jc(N&=Bv9CRBLh3PlJD~tPrUIa)^y|u>Rq^#FqN$&u
zfL(l&pIJ)Kk~RNOCXUT=O#G3RmnhG=x6LdN`-#i`1~Dzrm-&}ZcwhzU)e`l_g#u!k
z62z8jf9*_!x_k=9Q}uI1`|61)aZiq{9#HZ*_3Sg<DOtEXJh!NSUITjVg}wBq)&IlO
zH2_BzblnX%&c@!@oH*Iowr$&XGO=yj=EhDo=Ek<Oaq`dit7>jd_p6@1=iKh<H?Q7B
z%_>9o{_W;U*n_hTUeiIuEpy*57H_q!Y~-XsnrpaR*$8bd&r$D<-y-HZKT`iS{%C6U
z*A<!bMG<}65dC&KgT*!z?YNO2ZCyX6+1q$g*S2R~Ea7ItBbD&4+(f)hoVt^bX3cT9
z2tAlE<s$usYS=eUDc?6$q?Ifbu{O_qgmaN+ZD-YZ(XWqA$2*}4=vo}>-tG%^&UDt*
zbZZ)3wkIjZ<*hWTPh#R?d@j4$`@Ax>akAp*oSQMM?tCF<^8J8M^PlhY^c`P!T=Iy<
zi{`^a?H8iU*S5gZR~Pu^U%=Jl@^Jfh)kwR&g3$&?Ip7M9WT;)<0(1X!eR-&zzeqFs
ztxOAT|FhK$aOJ=BiEOk{r)Iq2{-4HM=5Tx7jk)ng-ZI_DM-yeNBYzEO_y?%*C3TPe
z#QOy_-tadcZU4%`-T%}gANfFF1BrU{8xHe`ullc%4@^)W6V&e&jdrX9Vd=G_9_dk!
zaoo-yYX9oO-T&Q>@jtT5AMMC57~%L8^uHH(Apuu;szw`M#USJk!|nE*f*{RO(QndA
z*iXJ7L9PH?Z7YKG*Nn73RRXTQYDe1r`w8~_8bC9Y(T;q`*J3~A=mM^Obs2Byuk(z2
zY^e>m`>XZjevP~G`j_JF`_<8o_y&VU=KSBtJgSk8Vztrs-q~2kUPTa0hal`HwB+*_
zeIKc4Z#4&_jiyAj{oG#5fc{a2+T$n?3_OsAJk{D`MpclOvq(q(3ebcl%(?GmAo@90
z(Qif|`v1Yr25RG2MSB;Hv=bhH3|~Fc&VK<KzlyQ{S%0yh{_oKz7KAAb^z-O??5F=w
zT4^`huy-78|EgH}4-KOYcQ^f+<K`dxpL!s>TB}9BAzxrWIctMvnftN_T=9eKq<=#=
z(%w4{!ml6W$o~YgA{I5^s%R1WNgiadG;Y9^yt?rQ2WaO17b?KjHE79aTtTaS9_h%x
zg0b&ci@NWZ1A>zSg2N4B;L1GmA?g<W21;n|8x1ns|4X!E?`o{$_8WhMqkqx=;{Wd*
z0HS;dq8z3M;tAsX-|H8KX}l4q08;<n`*Yt<$Rqj<2m;n?ML*i^e*%K~1mY;(VYHEV
z1)_BMB>~!+Iv{Xv!|lCeAW%&p#X%ss{_+J}*}IIk>tDq>`X9^;wdc7HfCy>>uJm`{
z`@liQfdOsC1W^H%nReaV+JM`s)u@{rO><u4c%rX9=69OlshlJjlY2&n;LwYwEpci+
zpJWoCzVPwAoNiBu(HLr^jvr!<J@aY<Ir=t30n9&tbPslv@MUfp)Uo?LXEr*SZ%!{M
zPZjUqyq@@}YG1yKGW6c@(T6_T9~q-B5EhLcJ~5R!uYQkHwDF84Ii`tcd4BIQryhPT
zK_Ao4fSJ0asN1e4Y=xIT?xTbi=x-ItKWC2oGf4%fCl6VxC+4`s42Ldv#z5e)A81h6
ztreA5tW!gfU9MBpa;R>-T&~crVd>Yg^!_}Qn%U;aVc(@^`6tWBLs}MoQ`YeLXH1%(
zT=dd=a$b0OXoSGrp$vuO-u;>p!&osK#h8)bY06^K`M2=cN;3Jgs7+<CnVdEhk9ji}
zd5C7*?^n|ls*=a?s+*6_%8cP13jF+GWMHq0e_<qvR3!rp)g_1`6y;K=s^Dm!OSi;`
z&cs;?1A1}vh)SU|*8rtSTR)t&5-AbGUBN_vdn(ulBk|74U=yDJsatMr&OpR6nh0b{
zfSl!=;P*rqtVn?nlyBpWstEQN5XFl(v1Oh0!{01-r;Ro4AAU4cVwB{iq95>#|KKs?
zXR*$I$>uXTofgj|5UxxdDtCI%cB|d4g@U9u^7zYxkz$iYI9P#>F3i$o6d<%IS}PmL
z%$aYC02aB*xxq{qn?R&S<tQB;*SL7901md^VAn`!T6iwdk%fq$uDmY1xqvh9gSgD`
zvV3gNQW66oU>fcs+r~X|#&H*^%C4c_zvOlA*k(UDte+%eWHdyo*2GRWYPe8~miX;#
zADv7ln_$D{8*U<O(YTf?dd<~!?ub;*Gpi&7u5M)^M2@l!-14vy>1>Nw#X4ILfWRV>
z7&EGi9A)}|AP$A#y0%gNL?Mn7>nhi&xKWUCnUdmW%Pto-Hb*HuJ)HrN37bumLCLnm
zs@wW&^D5|I6UQzCM#LOWjAxcNr{Ylm0@d3sm0J*JqN%BanbT@%)czj-1h32`1a>F;
z$3V)r6RaR_ZZQ9p?g&Nm)egPF3|*tuA%}FQ+^hM2_o0BqoL-{DFg~g<rvhGD*X5f+
zT&&zE)rQfbq2ZyC`cM76v!H{$k_v{<ZaT!iL-xM`pV^n4%Ekff^l4{E2PCl&&=m+j
z1_`UjLQ{a8k&HkWs0Fis`%<bhLTJE|juDQjX`JN~d-l(_4AUMO*vxS)B=^baz}na$
z^)TZQ-iUyNSc>{_&I!};`G8)Q?wC_jnLs@39D((8NkC?XWo}lcz@Bm-K&isFPs0o~
z(0U!beHq}`=lZxo7v0oB$F>j3o&TcJhbTGgQ~k!_CE1Q(zc<2))Xo)AZaY%eS-L~-
zSewBXNEQtE)}Aud5q)D@3|&UnfQok}Led~*l_cSe7|-0D1Cs={A*ho?kCZOcIA>#+
zBQ!u?E?rcLI(+2V<wx0YOvf0^>0|zgz0G^YCgN-prH*a5i4si=iAFxO)1+2wK|$r;
zJ{JY6?`b@kw!x{|TG|q=V2u+IX99^@UBWbHo1L^FE!xMcn6$afK1|=g=wO_IX?ax!
zWCY;+iA<z!rPbVB;Q!?_lZfVtIOVE+JT8KJVsMbc$~a#c?=N&n6<*Im9bJFd>Ucf5
zF1Ff<0a&$^WIL7Fj>@4ojObLQQ)Mr_%(gYteBP?x=y`<c_`ZuP6xza7?UK4)iDn~H
zNorHR9_4E$n;ux>$|!Wj8`gOt!TQKHZAh@u=(KAAlU8(YDc&0sbDN*kSt@-HQ=8K1
z%*owg<Kk!!-PyS^NwLB?A7Hmj+q_Br+Zgt*)uVzO4sQ*wNwl%;bE{}u8@(a)m;c0_
z2F2*8jGRmR_$@FiJKZ4(ttvB{bMhcPb-W-!My}h`33Y>la?aK%5%jgg&NXhAl!R*M
zq(qvL-RzK*bd{csVCcj=C@ZJdK0fYdPwzayVbzgfE5p=SG7;4rHx*|R2d7nU8JZBQ
zV*8LfjigZgGd*&Rx@^eziiS53#{#SWF6DIBj4CJxUX+JLo$5YcDNP(mv-F@!TUys+
z{Axv_@ps+9S>u=;_&A{BsvviVxSUaKd>^bw=}2XduwCKq7VVOT`R7G<Sh8uH8^N{d
zPr&A|X9v(L?BX;##7ngO+llW$$_e_YSKb+ZjJz^d%0iZA9?Pe-!sj)BDgjaKyp<j0
ziLKRk>{ma}pE#yC_<>_b!w}Dn5#F+Ot-s+UZ3)zFrB)Hl!P2B!fo{uFjLK7j9ad06
zyUJYyb8k}Sd}?fY!%GPWCf;p<)hJ;FY5)XRL+?y4Gs<5gs}O7=>5T+6MG|G07sAHH
z#$M)6NJUX>z`$C{jT=_cRV7ztM1d!>G?n5E#6~(*#uZ)x`_ba;JAVrneB%OmV?&J*
z5~*}F{q~M<Bo3@k2WOO`%qWdXogvMmfoKzka#MyqQrXj_)%Y7&|HNQL7TUd4Agdwa
z{NSaqSiA3-i#=!K00;hB0-ex#wK#lMQuv5)xy5hqE%f$dAL1-h+YRrCR?2!oQ4|{m
z$7d172!miL)rDC(0HbN_5_KDb@)!Ua1BD$ig<fWkW*A*nyjklq2Ud%;6|M!vMlh$I
z{xQ<_^vA7TPk)9r!C)JH&Oo(d(W;n>+uuC~$_;84)njkvCSJj|uPfNkrwiDPbDt~N
zG@wDqAu;1X#4mkaX1MA#<&&v$_6ZSd?S*$0UG&`?WPiiLsp7<NmI~HA@Fj);n?1ac
zYR>$Pb>@&oX|6X3VmGMPm~!s^7!g<5RmtBy_d=B;4FoL-sTbT&iMoV($GuetU+PsR
z@XDmLcZ>1vBWoz7Vsenve`1()gU(#Wn@Xkq;N7{PCh)0L*cR9-vOClkb&?`CJHxiG
zmh%gMST~9KQ=C79V4hmRI{f;U1{DELi>r~7z!>abCJ*6YgS5~woqiXy38WK$ft8g)
zh!}%n2)KUJJH!~^69N96fvUo+_`J<VH}Te^vG`m*Q}GRlswo&n;<5PJj??LL7=u8>
z>UO8u{75heF=SjVb!9%Uv7G{lkyK<t_PtC;4Am4&vzrObjKIN>SV!Rzoond#mrpHK
z6u1UC0K?jt0~c)=G~hD^|GAAgcqA-r03y1_Z1IMeT>t_a0iVU~;aio<bhu%#7?PVR
zHlNLuMhnl)YlHAec>uupJMvE_Q46Z>zSVPaL>x3+xXl;K8{9#$urQKHLp+NQlUWqw
z;cLZ}I9#svv%UH%V7ME|DOv&=xx*;h!|8FXe}$^YJf7GX7>i#m1dWWtV$lqT4N}P#
zJfg>Ya26;m20wO_Kw68>Zgg=%TqG8SQeI>@h}A2m%WrXTLY$@#@cMQg7biFpO~AD5
z$8(cOTU+nY*|BH&M-tf@VDfO1P&CTfqmYM$&*kJXnRpih8x-TRN|a_W;86gkuESy!
zZ*4R9J=!tCZt*b~IvUq``i401-~=o<3<00%gr=%@5U2|<nSBhdKGrD-Bhfm9taE>i
zuNs#BLzglz7U+-X_E^5VS5aua`*9qE%j2^uAk86$jOSSL?7JB-M;aE>uGDC|x)fWA
zfa`SmEuzzLhixz{j-HUc5dO<ftQT@F7wY?vIO}?rHOyQK8L#5oOVsU!dZHfQ&KK$e
zPB#H9_R#s9t8iBh|1GNS!snQ2K!DrVp`h-HQFyLJyg@iGbF+LfnPi;oGE3rv0jhn~
zcSKt<6#j^Re}zL%(r_|y&`q%XJ(U`>7|~4Bk6|0T7;WX;^gbiTf4>nCzaENV3A!wd
zM=&IdJV_SLh!S;vl8L18ON19pQ^TKmDWQ(uU0&Q8TDS;jz2Xpa0}>Hxe2a9QO^Y+F
zYcip#bIYF}E^b9CsI2W;t<+Av61Vz^yv!7?e=NEdHCg;aZqY2VXx3$)w`XqFpD_iO
zk}~bBqx4d#v8!M9?A#_I)@6Zn9W;;`lb_#@CgUYmkDFXTn{b^jpIv~QG^=To5Wyj%
z()c$w8FI3gJ-S}_xDOS_Z`OwZregv21TgshjiEjukIA6(+n=_8HykGM%3{$4A|=8#
zVXJh#xZJV$Cckt9c?tQ61xY@<r}TI|lOMd?*o#p?UM}^Dy>qi>(a5mS8_(w0@m0(_
zZHSF5dWGK+F4I7-<BFR9a>Uvvzdt`&0SS{hCcr+X0y@AwfKczEU|V)z{<@bp#)(kx
zwk?Bk`*;J-x4*nCaBsboewvRD#q4*up<E*WBO~D$!C4=~<QU0G#sfglDMyRR`GK;T
z-Z`tGkgOJ2=h-F_<aSNqiVFPg8Q;yYyb;ef|IQwRd=~M~MW38am81DQ^YMu>td(ep
zBIgr}v_P@Uv${;ObH-rbdT_kjtG(m3_q9U+cd-cZGVF(Up*WtWSM__|AVo_70XCsg
zlRTxEPtnhuy0;+qWm^=ACF8t~hEhBcdBpW_MwVtabwCKnL^Zr0WWs&XKLE|{TjbG9
zbH2oSytz-kyw;eDK)mpO4=+NQx7W(#o4a9dh?IEV+;6<8C#PCA3WT*Wh-Z>oJa24L
zpHgE+Hn3!;a~vnI2;_5HVhZxJp!BDot#F-g5ZAtX;qF|2#-6Oa!v4*EbT?HW<E$&*
zY;VALY7$(I*1_)j$}!P^Q+t&P1|irRGGQ;Wv`7cxABGNvI=w_FUYSxY#E|j+&c^r<
zB(;cMfY9O7a-4;Mj$ug;-;)S8_CLa0Gxq2v8~ZwGxX=&(LUEv9c?<zCqIYgumeq8V
zD=7<CA>tD6+h@P)Bie2jDKUm*9!j^2A4URP5ghTH3w^Pq5iU>OiW@qZEdhdCXR%z<
zOQ*A7qB*rmXN%?Hc%j)ufM)sT1y|larn82Zf_T1g%ZVMvl2VyCbD5>@IIuQhW_ar?
zNh9|aM$8y67XBU)X%^S-5*p%nJwGoiB=<Gl{Y?%aD!}*>eAm7CQ32F@2&kO`afqiP
z(r|Zwwtq0oA)lIxsTVAQT}F)CU{folWY90N6Hr!*+QcKWuFvM?^6-&GABg=sa1ri$
zvKqnua3K{e%UOESo^t#d%j9pLcF#ekDZCbL6zr9qP=<D?Qy?>rFPST%mT!&=X7@d9
z>PT8Rv-ORI?}10oES9_AaK7`H#V!#QaXHM9G$$~d9a-GsKEncSRxh*WPAHC@CYtCN
zX0UP;M=<y#@I8NPdX^8A#zUtkD<NN872y1r{#UuR7#Ih-v|bZpsGS92_k^3Hn6_@6
z40rHM&Rg|ybeZP`WfPTs&qP;3ag9ezoSJ!jJ|b-7A3MX<z2>*f=Rfs=HVJ$4F0xS+
zV)3?)BdC9PFQaNhl(T*&tpBY;O-!3?;J-H5o_N!uE+a+be>1d@A3MyJ@9^)T%f<5{
zahNssF*WB`HbE<VyYM7Plw}KUA-_;ZeH-)-P4dzqZ)xJH@NZ6C{F9WZRhsD4%T+;M
zL;m<FDM_y?d1)nQ<!CK=$xU4`s-o1DmE_gjQtXzOyvVPjM950nQr=R`7hk;UGGoTy
z?5&?93+2g|*8M(CTw2uaRuiH_h<-@YMTfAG__!||wlUez?{I<Il%As(QKR<cL?`;*
zyUuM9f8^gS;vaN_VrTGcbu?TfC?sKg8Iu;hu!T1|h_PH82kY)KEe~g9%0S^iXQJJa
zS@AeKsca-p$Gz)PG`=>PotU2%mZg#ZZ?VjTwK{2*yBAzbF>DdJ2gYRwmb;IFTa=4%
zOafM+sbn2;+3}nwR72@lQ8G`57+YyGF0$V`Xlto5+vQZ#1xwS(X6qwrG@usc!i=}7
z5-=;Nv#O;S3B(r^5kr`n)Y;Th?8ix6(WR;+o|%-nuB9X{CuNl>b!OqLq^u=<b|NXc
zS(3=ToV|FkoXFkEy^)HqyOK!Xah|fgp7@J{yEOz+Y&EgyTt%CtUbK<C@KMrc{Pz-y
z&G_Pqs`lM}CZ>&~x$v9tYT}<(`qS#w#JZKLR+FR2fm9XNtn9C?VhO{$N;4(S)`}FR
z^zJhgaQ@oF%=zrax#h%6CnY8RisDjsO4s6+;?i2Ul^Wl3?fIG)#=o7zZ|J28{C2q8
z7S!l?fePim=c=KoR93-}6cJ{-mG`4jC@RNQkCkUUH%^dC5y;Spwu%{?M+$BZbMP*i
zHRoa_s|@0t2N%2oFvNR5SS=a6f9~M9x$VGMFm4;!76f<BbmDrSej~oXP9YnqH$>uB
z_#y25`AuJ=u%+$zW;l{bVm53n#iV6P=i11kF2|o+zp4}a)=MX8i#+PI{pT<v=iLKC
zSj8yDnWb3xll|zq;l~Ps?Kp17rhe1!!$0T06(r*38Cq&bJ{v~3)qQTb7sxLg*vQJo
z51k4lpy!%Gxh=I-BO7m(qV~@C1syYFZ++zy%hvbdWUYSi3eWq{f=^S@Wzv2@PE*=u
zUc+WqtSiG!s|26CBpw~Xu;#T|@O@EQ@EI>`5L;xfJB5~7{@~S}-}n)D)Py;G=pS_C
z%syQcWS01^TPW$$-id756~*GW!JN+-8LQ~y+wzz;7*}Yo_h!Zm%Ry5-$c3Am_-L{*
z$HtEmij|)+mRS7+HWO!l;oh}Jf}_Pzkhe@=<uBwT<R!P`cZ*0CS0yE@0v`31@+UP%
z=s9EIPCN8F6ao!)zJs50+1i<!0Y$%Hv!XLZ_2RA;{xRSYBGgTm8W*y?#a$*}toPDo
z>!QSeQCW%Ott(Hq+ZZ*wyTetDFe<KoSp;K;g4K=ArqU(d{T)1GDqaKc=nnYONQ{<q
z3fWJ>bljG+v+`LFG96eH!9$>UeVuDeid5rhCiHN%rM(XQ*S+*ylf)6b6nkw_xKbFr
zXI5%|GIJY_cY7qWJK+t^XR#S1RwNi5zesbrpChtS74tHq;1%J<zwaBpDHdfqh==#i
zLZzpqfDOjWK5AvNz0ti)6ZmcyVL-nyk)-xDSot}Vq#n0K(LF<!YCgRWJ9&`Gl)9fV
ztDP2u%<bITRKWXyx@&L!@W*KQ>_V@ByGy+~1uwHs!&*PFN2k5vk^QPAjSlZ=22tnN
zN)Ni{u$P~(GyGGh=xqXM2lU7~B9@KOwF<Eq{NPoe*ZCQEBo=j)%`fPjB<tKF>g){9
zninZ>j~I1S%`bQ_n{_mS=rrtgUNT0zypLjG*I>bSLuv8bcEQIlxY<KnKeF417c=mP
zJ?h98PrJ#8_c76X*vmZ_)Oty@9!8DR(rDnuT`yEEPO$bDC)JCyod4C?(pzMB1_<?v
zT>PYDXIuGfQyc%y-`?@~zTP;ow*qf;O<2~`GqH=M{Wwq7n`&qEr>+Kb`VF*2ZP};I
zIV5{lf73MT(M1S214W%*kCw+yGF0twE*1Wu$=5lJTL7KSe*6vJ)W6}tyKoPx%`=1?
zj^laLAe)huHoJAaNlIuvjxswg4Q-Nhvzs68u$;l#+en_@L$NK8I@>=gK59u_98FZo
z7gf4fRmx+fWGe%m;xBt9-)F>Cl-{zEGB>r9-sGjMa;44|j*5TU(O1ZWdbLt#0?tZJ
zpi{0-QgT{R(ie2f34?AFYoMN*r0-VtVlb%pf)#RutCh*X2qiK%wlKMA8lkh$sy){7
zO}sM4<L?X9uR!3oK;_3*f#=t?jqR5|Cw0}8nk0dxoRyWeBmoz7g(Xcz(X^zjC4EH^
zCAn*w)R~5}Qj)gxS-PmyleFUN5TZh(V!rv!4DrKryq;yqgUKz5Aby=X@mrx~mWVo}
zhW1CO29Aj32VJWwMkPtI`80i^OJv%KYT<IPC|+JDL%F!Mtl(pdS(sZkwN(j9a!)yH
z5QbM{|BM!x=}Wt<nzXc!^;fv6`JJHKtb~!ZY*FoTgQ-TBn&v5uOHZK?rI_}uqOiiX
zInjF42jz>?`xf6`Q@x*9cP)<p+#8O{6UNC$V{oUUf$tUSB1;U>7q$q?9hcs*GB$5k
z?-G$$b%8G7fj#$tb$q3P!jt)T*F=1TGtfW0(GY*FqCCooT*~lVEHT!sUauGl)@_(m
zTM~X6)}a+ZLzo-=xjda^g;>Z4mzcy%)cY83<UOKo7XI*y6Z&x!sFV;tbEFRG!&m(i
zp@R~}+8*cDaE3C=^i&@LZ!pZD3>#5rr=9`|B<>FYfarId{kFD(%sE5Xo7*-thGK{v
zm?GIR8Id83a2WA1J`g`FS|T<QQV`)wKBp3|^X=b5bl0bQZ{GIn3#ZF=t+#!S0wu`b
zs9vi<VPg`p`|CP5Xs|C2uXTJLS`*2LzD1zu%SkO^?Ud-KCA!?&>CZLO&;*|uwv$A+
zKMToc3@*^Lqpx@@C3nIa5QcpF9k9gM-Z#MmL?yH;J1;Reka7*2q73QZg=un1zd?Bp
zm5}Ijs<+LLRAl0G%m8%8V&u2xkI8~FW3$Isi>2had@>vJRU^nxO7r=Iu%vV=sgq<h
zDxWbkOO(Va5~IK&0Imj;@p0>^&}SV3ylb+48foO38+6!Q4nnAfNkasYFw=&E)2Z%k
zkdKhn&+19#p^qSbf*<O!7idV2e!~L$#4jNR#k%5>^u9p-IdJAWK#aaO7%}t|Pjg|s
zp(gbXlD_eZV-Y^CgXYU0(68vmHFFG0fhxVjWhEWiMHHT<(_K4M&YnT5QC(j6ryN}&
z(@=+|g8gBd8>XtYJE=MLGN`oGGo=hT{rTcn7hn8ih*%Fv6%jq27OaalxV(Rd7-F*j
zUdRtMh!3v1k7W-2Fk>c75PO@Ii5pouw3)NIcPQNie9*yUR5j__I0ySY7Ln)=Ig20t
z?B*6s15*a|_dLd66A&!*U|5kf-o}dLh)3h@@JOKqgF@7n+-(=%aKRT0q{KgBP8p@f
zeRycbJOc2aOO7+TNx!GMp{J9BqfTcj%z=En<emMAQwGoOqkAa(Deh)2$LhhGNtQXj
z2G{RK=?pbqL{Gb+NzB0l{kD(@j}ZJBn4;ii%unnI9Kn3i9mKaJ7*lXV;%JzRIWM(U
zLVV3L0xP&&9A6!B#ygMcLYLo%=9gU=FL<lKGieAHv<duEWj*EG7a1f>Piox+2kKTA
zU-!_=k4n=9#mkznJr0w?-zgY@Kkvi^pgjjM_6;!3IZo3R*HhG`H%*WTLd}xc)9FHM
z5^+&22nybKdn#wBzE46P+|P6QcqZPdXnv!$o}ylobAP}k_Y}vaR$Y`>KRIQr%XEv_
zy6x~vY|wJD+#;BLzeTzI4#hydr$(lKa2%GTpc+vv)Z6sijCcI`$pH7Mh-1`9oRPdE
z?f9lLP%nRRD9um=r{ZJ2a-8y@JTzNP*0g<dG9*?fCc1Y&1^k2R?{r<MpR361?84E_
z91eIFO*Xz&sS=YN`Hdm7{9v?I^Iw)%^rj?r$~c#yh8z?_lNhLuv%8qBu3|{r@r4_5
zB-@e)8hr@;3Fec$H;mB|6ALxF*H$>rUrCQt`X)Cx(>`fpkki<oJ1qZ7w_6j)!|nWC
zwT7iI;9g^kKkTa~c7@9J`aeI(BL2}mY(0AChA}!>WL16hR0O*-LJ;VTj)puKu|$-p
zOTZ-Jkoy~;Ljz0XJ@73<(Mcc{2tm@KI;M6Z*}`U9HIQI9>?DMGkmKSo5J|;^m0@7l
z*spW&4U|qZvHoIq0V%bINvVkrm|KREaZ8_~7Sb4mUY2%;h|vT<Vw4ywUQqa%^i!#$
zY8#nU76q@m7LM+w((-2nxJ@zaDh^(K0#YA)Donk08GgXy^N>zd^dQ%ZG&a$blLbL|
zkjd%|XMFY-4+5xwTD%K@_@zIrI0_<hMhbG=k&<jbJN_a(Oyq31%AP8Tj2z;Y!LuMZ
zyGGrB#wDJS;d`D8*+(K=8S*$*p!%!N_^iE^LOLjnD=xsgI`NpI^QKbn*YD0aNfdWN
z@}S3DDTrOU(Q?ScI|pw<SizB9@0M#P^{_@Afb6Fjo+n>L2>NH2JZn>as6)59b&-|M
z@Zj}D5t(kUCfTBIA=0~__t+oT(KE8og{7@;{jb7)3NSf?Th_gxvSTL)x!oG|W<u8=
zGJNtC`@%`22-7Y|MMz_7CT0@)$%{HG)cqTfVQV+OC`HZYs-etl1tPM}M;{Pg0~Otw
zG`yT;rG<BWIWiVTw$Fa0ttiSk&l;p-3P*iF<-#`p9Ez<(h>7~V{21Q|KFb_}TZy0J
z@RD7d@mL5ir&vLQ_i9`sI%)z)u8{GQ(C#?lH{XS=`bzi2S;CpPLS~aGeA2H5rC6^i
zB^s37JaKyzwfg2IjgHDfnDOmo*jeN;31>Yi@F=rlm-ZmmNeZNOGK$6uw!ubZn8<Rz
zhzPyX6!PY|nlYV_Iu7PaB=u`ifxXPkjR%)(8rVoAc7C$y?=+Ux9_G)6BhSBR9vj`T
ziP5m(H0lz+p<~F&HYfQ&M#op@>fwp9m#RA#&##CuBFCqY6Zn;||1Brflod8$cVVrM
z47AiF+eKX9H42$#eXhzkA$}a6B-S*5bGd#`MW?0aNm-uzgVVnpDFE+=_Gmp1$syyo
zU`J6zw^pOpb!YQWHuiFjj>bslZ%GS4^^&S=GSnqbXp#4VK-FZo%=N|}8X#60h;x&f
z{V^znJrAmHQN`6mFKfS%tf7;Q0CYzaP7an-4gycw?SiC7U)X8SZc8T7IJNcq>7Y?h
zj$K~vWJ&uL4#ioF1Jm7F+k1DeHKK(>qpOeR*JoWhe>Q0ohJn#B+KXE%Ffp)>AN(+S
zryjb6`8SJHRfsu?%E2e)&a;G2KX9;)d~}oCbY~u1GO^3|cUK8r9|FUAgbqaB5mOse
zxzZOr6@j6np@O%U_&RQF^H`ANQhJ{`k16T|%xkdxgg-cEJS<le12rmQ+=%EP1P)9F
z#gMQ+4%qGIcl04;f5{)}M>lH_Q?RF5auV_v4;uAH*H7*JuaH337vdn-4E+B5n*iAJ
zqpxtNbE83m<=@eT;=d@GzL9v0w_f)#5h#HtzY9q3%}*KBI;lfn8_iSq$g6JIrsJsK
z`tC4L9GDvFVJ^Flo0_Jim8-o*ykloi7*^w7sd8aBo0oIOD@f2LTLZK+FeVoAP*zT+
z_h!wJjnS7_ieM^^aC=zEM{s2ine2MibTYsf4%U4{pcv|TgooiQ*$S!y+Mv{?1@%+B
z>v_oF11-Vm7;pR-4*DV=mc`O5MZ8~mH4ydCH3%SU-13l7{4k&xoCB)-GxwjVqXyX@
zlfuL%3{Lq<T52Qos3<w#WoLPM{3Mn=VHRXta;FO1aU^@sbD+!wwwV(x^j+DL!eTGx
zww}UIQNjY!2IqLA1yk={!iGqQOZ!A62fH{;;NE%dgEHPdrxMpc8Q>JnmW3*)6b3wu
zDrwA$5c*i*zg!KQRic+X2}Gz{ly{leFuQ4ipV5MunfuMB<dV@i-Ri-tu3oUH#$gvr
z5dg4xBw^vbyzoI6Bug+kgeQ*3&;t30vq&Cc;+u69jKN5O9qU<X5~e2d()+X1yFXeU
z{Karn2REtfToPT#gaPg$-6{~uw0j@jg^L+f^i(MQi46*3fk>o*g7)AUgO8^N%8B4<
z@kXkFPr_V*?)=di-CErA5FsuQw33fm;~z+Wc1-SyrL@r$ad9hdfS=(Cu{|+tobPo4
z703lNp0+eBl_Cf?!62vVVdS>fB&8Ef69q*HJ_WgnVM{gU<dnu}{NF5uSLsn&y}WJ>
zpGt0%GuKQqUZ@GujMb>XiiMyl0Ydq-FbCD=rlTOK_&@6vqnMXVC5+0Y)XrQ!$zd1W
zCTdW!q<J%G0qIbLRr7k?`fKUb4$6Oil&n5`aM!TEB)vqL+^r|3><qaOC|1?lJvd<(
zT~#CGoo+w)-f@@Sl}<QGE=m5Xc>h@~>g=fpE5~1YIIEY=?3zhNWH!LV+e7D}H<$$3
zLe7M2NYO27f2;T)X9d4tuwFrt2n)r3bftTC)wKh+nNxu{4xIA$eU3lsZ#$gH$T$NJ
zTsKCp2wcY<0M^5XF00z~u$ybF#80q5OfFzf!Os&R8ib*bS7#Q#pC~YR8D;@rn8bnS
zRvHZ#6HM(CgOG&umm>UT2PeI--Ix?o!aB@)c*6#x=A8TM9q9Uhk|F~(X&na(o*oPs
zyjYmfJ_{2bq-EJ;g1>86508R8!9acrQ#~ar+3`Dl1MCROkY>+Ne5t{4xOYijb_E9)
zM!B?kozsIiilM_!sKa`B?=)#DrJe*^<QJLzbMJLmW-<oWNaofDm1<~8jPj>HySVYV
zeEhNi6<hHvGDzi!2h2g7^rQsJ?Z_<7th_$hO!1On$!emp<z-DA*0bwp+mkxl+b(nr
zHYwm7wMkLKoGzCbSBF*G7APuV{ImPr8D3ozH1oBlrT&?P;{BeD*qlB16q1~ewO(4^
zdYWItG*8n<eCJQb4ut%QePcLOCMuGx#w~~9$N9y{fFy`+9xAC~IC@#FYm@P~rSJ%o
z3%$5eI^ZhH0!O10^Q2=$JiaPIJmmdPn7MXO2%|}_vRQU~&-Lx%XBHB+F*}5{SwA0Y
zaudeB`o%tJ`HAnKyh4BdE1@_aQ^^ms!^emegd?~OnBf7F3C3A`H;5B2EUsL{Q=%xo
zrCDs)`#>(T-u0b542y)T*d!j|-C}N;WJytEx|W6NBgH=oOYfML0<?(d?=Wj#{N??J
zd435NOTQdfTTZ`BP24h?S**q&m^^Vk;G{Y=y`<7|%&zwMiwIuwmC)-=^^$IGw(C#<
zX<rCTvW@;uu%3v_qIc>QGoDNgdXy)cWBC+)aefB{iBx!ssowy70oyGU)(2876ruW?
zISi)1DEJWzC6h55(+5dFhavbq%XcQLw*yeF82usWQ6|m@7)7#OXK+Iq35io9U%>9m
z`XDC)>>+pS?=Rer#~w9X-!Ik7SPYxaDR(<x`z7t|-iVGz-Eq_NuF|d7)ZQ<7yTy^V
z8Pol)<33b-pI+G?uQj^%{a*%GUTxHerENP7hjpfYe~QgjAVgDNr4=I`_c5+XfJx#l
z<gCU%A>_$KzA7&)sfVtXn=-hBCO24@{kl9-HKcxqBNVUElwy?wyP2=UaCQIGdOdbW
z6baHLm8&-EQi|*%Nxo!{7n6%nDh>?MNV(;hp8x$|QJJc!3FKEE0q6QET9WpoFsG|;
z>=ScRfgiwhO6O!4^MN%b%X+m)bMa41jnbSI7lpOn)!jg`|KMgE=#n_R86=*7{nn2#
z6|^le(kt&7p$3ekdqki<WC>5z6XpgGEGl_KoJv-iVeC^Ef3k4mbD7KiV)6QerE|2g
z>H3HN0E!ehx!CFX^~WIrQ+r$x@#Nt^f}KF5h$|ElBMgxBsmd2}5uK9>P&osY5)5gP
zvH3lZun_SXNNY%c$OQ|R%R#crGJUGrjmPpbQ_l<=A_aC@X&|acpzU;$xuM0ZJBj@v
z=+^b{eVn$He=KOW*DW~SegH3o=Z~RyVxWh*C{<ba@=xF3N-e$5e`~4)>iB;-EW)Yy
z|2c9xO7`9?2tul(Zgh$`cO&=Ukm2%O;2|jgrgk`|!6{u*L9YBQcqIK)QA@vFzCxUq
zhDdlB;p3hH$Xk-X^ySiF46921p`iV0pz5pRAZWc0qipLc28DQEihLkTa|hvGd*-5|
z8aNT~uZXi6?r7eJ@4QHFC)843Qs$-nIZ5k>O%hf4grSy%Ulm1ye<Fb4`MTwT;D-qx
z`b}sWv5CnuP3HCWlVE&*4Wyeow5YuOmWi53%gT4bc_@x6g&Y<#csO1PxEy^kPb~1j
zZSfVwtX5tAaLiQ6*(dGNsmIC75=;ecNK$A8$U2_v9wQtJ943zdXAa;qDbcZ`_%B2n
z9;bqy#IzJB3P)_kWg>WDP1E11M-HVufiR?#a0m`mXS09C#kU`sU#R+a_t>Vzg}u6N
z6~8g)&iSx<1RNFF>8JZZ#;8gIQ+i0aEDv3i^wl2W;D*I2vKj6v*ca$7O##!L=aCzT
zPHdKpiEf0b%#grROwEI;>d~6cKj{`R2&Jfl{ig=Cdt8z}CQLz!=}@td5SWa(Ls9z~
z%yO^a5y!F1P}z)slyx{j>3#v5M1FCFY7^L`p8S<>8dBHi*4W$kBR7n|Bgm$k<DgC?
zuXT&3n`4wTfIxa7(Eg=qv_489&AL<nUTPN6LfF+H0-@ok+BB5;JCppMZj4F9B=3MG
z2?n$ueTic%$$rXDq+0A7S5EcpYeUE3**XFpVr*n0<>-Dxf2Ngg!QWF}>wR_9A*`x}
zp&kQ;J?J7lM2>)fM*Ys@1T~BpZWNP$R7s-X15>#_QQ^|5x5p4))Mp8+5w@WYA^jOT
zEQmgvh9^^F*%|52YdkGC*}gN<U+ALht*_3FOHVQ-rY*ZAcQ@lhweB$;eXUnK%hT%p
zOv)-Bt!$hAi4uJl<@SnT+=0IiHzb9l5m;u3%4S(jH;WA6iy#;(;D7RSPPY+yqk9@s
zEpXC*K6NuZf41^#5obCPLQLdD?@>tWqL=MPkAVr40z0c{FFqUA{JTI(A=iMNf<~Zl
zf)DfPgo6>xZWFkVm*DGqJb#c59Gige60GB|MS6rkNOMv7jfY!)UV#-An%93hNtkWt
zCk^{?tjp%(z&pPfX@3VBWD@pp-PtR}<}gXx)O%rOP;u4YL<b`-$AnMe+&F32{9bIv
z1&SZIn)WHO)L9RN=fj9!&-|#;Mi=qt<_*NR66b0&xq%DvNk}>>+Dl6CXoNnzs$lzl
zf`IepMDW3AiVGLmfxn!L=n#hQWd=VLnpGE3J`?s@s7&d50<^DElKke8(&SvB{Q$ln
z|3rT&wn8!IR;b->AssZg9rniN6v7zTA8%~cCDFH!`qyqNdA(-kw;I=Jbv&5ui@JQ~
z%sZ?O9qD{O+$xfAJFtX`_khV5Y$^y7uz|PKsOZhHgfJD5R)See0qLu<c*V_UK@t0t
zt1@kQz%e#{))P3Yl`-mMTTFS4;(<knJbdE>-kL-@{9=WyoYkKf1CQ$^f3m1JVO4|R
zxo>165hhQxL1;1?zpHzrGR`yj8oh3K7>Y1CPC`ig<J1_Zm2`K{<TU4vye%U!YB6?s
z1C6nYp*&072RnKz@zis5y}kS~slgQ9#$<$qA~q^kH2u6Z!Ak>9Cl6OelY>y=ot=cS
zjoGt<B$4*Q8<~*20Rpl4=lvJ!PP6igcpL|PG@0C_ZiU>jSDF3-XY@;ILz@e2EV8Rm
z=N%AHCh%T4SnJ}@T|uh?<eq<8uiH2=sIUg}lwoa|w`Tu31x?|Eoi|Mve43ufkq)z8
zLMCMyap<F=j3ftqsas>pB9bO<XVW$)op^e^Yw=K`Avr=r(*{@G8Cf(CfUt1dyfHQ_
z`m0kDSUE7~=r*rNj?E}uyf`FPiB_{c(<Rk(VJcR+fP$O<P-nR&BjmwozA7Xn$fcBG
zDGPN#lJ#0itp5)`veF7bP84jqPk{2<Rs4~gYSKF1mXy#S|A`^dSZ`}}G58MJ(xp@y
z=O30}-lBL)%{WbETO+QJfmABl2_q!f^C#p&X{yo=jA&4rNk#H_3?U7)j4Ho`*$gU$
ze-(Na_S}8Xu=vdJXmsxOurH*%YOWaZgSRJiDJ%qGSV|pBwW)zKHh`Q8GW2^KR)YSe
zDOEX)ke0idGZNUj>MJz+%9<r@l*}D8RiTocxZlS_$8%pq_%ApV+Qw)Yk&U@<jep8S
z0}VhlJY;E%pGvSJ`WEF`&a0f{V~`YsdnA}x5Mx;i2Ama@eNGwS-3j_o0XP@;RCpg&
z7^Fw3ifm)V)VGa8+ra=}N#F042-B(~u|~Q?xPPz3-CgSuurk4ZL@QTIas%%qoIZ2o
zY#(uh<-%Tu<stl0rG_tlYv5Js^i_s#8ExU~+KrJw>7W$6@72L|RUg-XI=Gd6n6T5K
z)3{+@Wq#-+1}yIXw9n`lvLC?rO)FQ7D>EkNr|8E6KNqZw*FQT{K$C))Q;*0eIB3pe
zyap^4_%yfXT2u3fFS~O+vOv@kJ$_U!Zc#gFb{En)rL*O57hR~mE&XN!c~1}nH7$`V
zZp2MBu}>aJ`O3Q%RF0TbOdq#x?Q_<8rm6;NP6bzLxD8DiC<Ws#hXR)xn00C-SIe_M
z7wkzpO}9RueTBE>JG7;FxSya-J<;Qz@<x34)+^L<`!;zHo2oQRSBlq$O?gRyD8E{&
zm>u0DGvQ)bfycu*a(hg`$l;kw6NIXC*~#-W6E{X6SX0mdgGpuIZZrPr^nvbSm7d8u
zsgjgp4-E7o>w{fcprk`F;-J$_^13%nGA8xWvYzq?MDm=2?ROlfUNx6Qku1)hRh6KH
zuAB<U@URR~2X_rjFxv*K#ps^VTu5ns1tV9Y7cd&I6FsTNv;gyg>E$qmUkryCL3H9y
zN8F$yt&=T66px5?DUw}7sFr?oX~IzMLGV#%swh*7F!#Cr9lkQS7Z~Mz08uGu>b41Z
zg4x;ep&&RTZK;e$L09@Fx1tC_Li}{}-vVgZtp`kx>FnxHan4bLEg_cQ+2k*?ivMIu
z1mS$g30}H{QVUa6LcR%L)lhFKqcL)ob<kMUBPmBMTWsi;3Ro+gMGrvtVYC*5tSnM^
zAlGKZwwzWdw!8ssn#lGYmnO^Z)Cc(}m^!D_lq+q}y-A3FeT};*^tA><0^LQ5Z<VE3
z`q)E$c*6H;F;(DK|8ek4h|Q^_N_R=$!<`SYC9JhXugRXE=w@dRD@FNQW(9p3SYsN;
z__?N3fQe4^);hE3v+%K}xC_(!`2XgGoEDy=!c}k0yIZ9QZWG>lwKd;A%q|5@m$z&)
zT5ymJ)l{WGPc`AP;|+HX1MiH6sR4Oe*d{zH7qZy-+)*vxUEK$seu-F$K{V|Op)MTJ
z`9}>FS6&cSQevD>y_M07xs|BIgV~H2f&%EIOK=$D^xBuXu(Aa6n4#4!^WCYs`D6lF
zaxBkqaQK|%1KF1hhwRg(DE=sD6h^2A@~T3X4nAzBgRR==I`me-ss7SL9iRMY4$hMP
zORS)$B(1UK74wZRH!21}CTU^`*{{MEi8&C1>j3Jp`(r{mVL?)@N7T=nV29*JFc5=m
zJu^S9Z2*Cv;-2QDCe$)R;}1}?8-I(GNmVrUYL4J1+4&JsC3>vPUPYtS$ua<vk8JEi
z+MPA~f`y7(diR}tgmb?>3ILnR{ctRA205!AV|Ve3DOG_<x%aThEX%ve7aCK)h~o*)
z7@gd+RYacS?XnNQGwvUX8-fCR*iOB&R@N8H;em>DM~RBG;d=3?+dOuw+@8~Iu3eGd
ziAJ-=R(}jN7du*K&8AVvg*;i3?4A?0M+AUhmKLptFHhtk*iYn>M=da^E^GE=q}zjI
zrtfae%l(gyuhmbYGGZx%^yvZ%;MpnUOH)m1*VmT{x7G73t&0VoFux2ET#wsnlg_~5
z((Cl{I3BPB3v$!{l0<&qIooJxa#uw)48yR&$F#H#wHQ!7=5nzImEy-TD-wo<q~FTE
zb~Q-jaM2<`;kb9F50q?{8t)PUbn^7z93r37E9rj0QxBl~(MueuyVBJWl7qVn*L?)L
zFd{Zhq=3pB^JgmHE_z#-k4|=JYUdgLY96~@I3Uwho0go_Xq185v{G=0uyND2Sy9+K
z0fV?s+Rjtp%3ZvLPJ~DwgffGHAl%{72u^15ACp4w;)!PuYBJn0rC_2Rt*o02K!dpK
z*{8vW)>Vrzy2A{tZe6}qmTBmj^}QO{$e@&DN<7Jy<cKD~PGeEx^0DIkT0li4v_>Li
zsTUc5P1?;LIPNjCqFY)&?Xo(5)e;>ztE^L(m8p$nYi!VpUC%E5=K$BFVhz|AZ$jdT
zTgR~gfL>OKAo(&Vx?@%RZ2c6IN_$ZqYtnkdQ<Pzvor+?z%-7u&LAtMEs&q(TGII(G
z3|LA&+RGoSX>G*k>k!EbMOg4N*D5QU7DbyKso0ZY-t(gl-E9+AO$(B_I$;jUuJq2I
z^c?Z9X5h4WU|NbEQ`C%L^MGESN+t9yJ@{Jgk7eWB=q_GsD3gM%E>HrmI-DJjn~vgO
zoRgyt-U_bXNAr?a)D)gbkP*gsW5F7uHmvUL+=N&E4uxpvAgJT>jG96L%3JLWsXBrX
z`3G3srgkt(kS-$f%_~>kQlLz4CdOWrlBqju5XVx0l6ICa!w`(*(rP^3&r+mJ;%zWq
zt);bDnXumkqnAFfmSNGUCCzzUPj2_Oj#sJp3x*aeLmmdYjs&Sx+gc8L0Ia?!Aux8H
zpn~ehjz8jgQhc74u@Zf?0wE~gfl$pt<Y-ZJy<;X!H@M;wUA8I+8I1+@t^>=+Mw8Ns
z3U><IgB%M^7$cqOl;+eg2^85f(+A3HSNeK3h>PwdV|Mfe_rSaK{_~S^@G$c=_^HBw
zk&9X{%<{E{5mY#r^-(@IQ$~Q0voLbIM`*$gLfa9-pLp$!-;(2R*;CuDpP`!9({KFT
z^Z|n@fu5Sz7gJxj@a~}T`lX^;<Su;H$t^~NWUns<mbsHN(*-gE{8XfTUo9kIHBYKw
zY-JB)UnOWd7^nfO3GiX86kd(JLS_~)^R}FTqSu;|ft?iMutN{T$nX+rFEzynI{O5v
z93xNL6!A99o?qD%?p1O{e2=6FvDc$wXVlx(Fep$)U;S`P6>x>9!sX$nFYqvHRI=`s
z*+7+4+PTL@AvF?ziAd$ZQ?kl0i=kbOh5aR&C_OE82dfmI)xKB_0_=k`XTt>P;ugKb
zYU=gWD)8_Po24sclfZ%Xx-upunMEh-dws;fkwk=SW5oN}CbXSd{kpJ^;&z|O7C5oE
zl&U_Yw*fiQ<gW_O<9uJ5u1Zv$T-;{H1e0$0mc`1c0)GhwoXT3aVhgq3)~c3Qz1H$y
zP}cHzqm{hm-2C|qh%~o%E@D;V?iJnCX5#?=uzgz9s_=tvt*UGGIUWpQoP%^%X$#Pd
zRl_Iz)kO5#Z!ULrjORs3-bg0ZJ@6cuXxQabhFQrDW_j=j@mNMqV6@t>Uiz@ib|*%Q
zqFwZqFuyxSi5i5V$3sx=D7gQY(5m^ND;Kn(M^J<L&;`Unt3;f&p7skgkXL4?XnZQ8
zHz1iZ*~YWxdI8e$602q;O3=pg#%oRnJ8Nr%5xQK%&(6d7pDHMR+p3u9Q2rzWPhck*
zE*gjqgLAydL^py(Fe7|m@=;7+9fMd6b>zNkZQ-^WG*0)jnjBI{&jnBSlQ=KxK@$$L
zIkh}W@kJ9Z4a@W!6JD2KR?t9B?Qhe4OJv=5xDg(<NwQbgPn_XHIQ>m_KMFKrqgZnr
z+TY43CLC5D1(eHdYFOd9Y^6aeHf}gTKS|0Aj2WCq^7&MYl#3N%%bYL&_ETP1Ve;X=
zTod}p9S?cU_|5~@QbrLvfaaTIcqbUwXpbyMvH>o`Rqp65pug)BUm$l)NKgo$=UMHP
zjPZa3sbT%wbhP*+$(iBj4U=W4w<sC%&WD1aLYpeK_!G)>s?WYuQyC|^i#qGye~5E7
zlI}@nK+2)wwSz%`1$$rd+9qq@;7?%&|6mSg$rb(~2k>Amkxt<+T6M`Drg<p3d17D~
z_(DhE%)Q&QzE<mi?-VdXA!XO!Q3KuR89q>QX~!HK<q9nwvgWZ&#)7dPzpk`%-NUeZ
zh;;!q4!n5ge#40H4J&B3F-TDPcveX^XZ)N8A*n;&>Wm#}tv&6afc>DeCPj+iE}htr
zAGLVl$Uh&6-%Czt1{Um(NA=Kq)RA`BL>tTruX1OnyXr%MdZS>aylKeNu7izwydiHR
zG4`XRWU@6smi`_Bi;ZU9^hY{2@%fXd23_B}I0U-*s(yaNx@^op=$cwFQ$i6nc<p{7
zGe|NacS!nL{5i(TEM+2toh1B!emKRAeO(xg44TD8O$^=bmcj^n7mNwa$^FpC<8cuF
z(U{|QQ_GQUNn!qw>hD61!~UNZX4b>bQK0k<y6LuO_mO0xExMZY*PdAma8@5wV%nA4
z^#!daO{7)E4Vv2+UqtNA0gHTa$(%gwcLjv~M#rOFjT$USg!qWY4Y~Bjj;l35V;ZWc
z{?8G^Y!R4enUc?PH8%hK8-E#QToag*$s}T;`0=_iLr1E##;pc=tY;eY=g4|^Sv1MM
zv~S~2XOS2oejg9qpJ$UduJ4Y$?dKW}>HaBWqNO&J8mNUOP3y+(w|Raf8G`t!zNaY9
zlt|m3SUE{1ySsidKz_&PA{QlQh-b>@BH{ya;u|iz9e<~=uY%1BHArS4(!<dkq~?P!
zwtdV8P6w->E_FdOVZV=WL|Dg+R}FI)BP<uLGz75fyksz22&sy%$u@$^JD}mncQiF*
zBX&(0Por$vTSFjJU5pVHheF%0bqn2B<%#y@i-=$3)fPDVoCBf1jJMmz9e1|AlyGcx
zjNSTNgefbZbrYjSD7UaL9a&V7h(NjGjUc>Z0{vyWV*p(TbrXmG`bC{B#lN8PS|nS-
z&t1Nli1$pWWco><qO~Fg*6>c8!}OrT88O0(FIb>iLkE7j_%vmMk;M~C$X?<6!WG5&
zL5Nf~oo6&V;)C_zQO=s2QD;cwLlw=?q%}-FnGYnbn2&KxS1xKHfp^uP%D28gp#a;Y
z3|;5Sg#7lvPvxn#qI+_WE38(X;=J0a|F`h|e*CVOcEFPyzBOGP^8gs)d35IYvICc5
zNn>{HSzV$r6d6);hmEd;!wfk12?>d`QbWyMePa7!B0BTeo}rU^7fFf+f$^@KJHuI7
z$V_wjhNLCP-h&Q$jdxgQAjQxu!8X7F8$%`TlbPR(uyfllE^)Mt_dtZPogOj#u3nUz
zQSW7`kCi_aI87KvrNMvQDn3-}1HWx*H+^V30ccVOgJaA2F93!>dA}7=kS;3H=-)IY
zq;k*~m;~999}+rvyQs*cPp~g9d_;pJPAl(s1}3U@hNtsFF+;JFr6-4(<advk7%{n0
zZ4!)<s4L$D>zfBDPO-V@MGk9<G#9PV#Q24}hObCtf$4plk@+Ee-^Ou5j}913kkqqg
zo@g?I{HX`A117?4lOaYp(Ij#e5J%+`)CrnXqB{3+xL6d$7q06sfJrKmX0?Zf3la1(
zEi|sg=OtmU<i7hox(=|KVLD@P@?3mdOOLALcA}cv#{7_o+H_s8-$Uy)gP|Y(q_P(Q
zDnzfG%WCBeHWBrG6hGbCuUAfwd~4<0+OJm55EhLgXezk5?6()`$Ih7I(n)g%A=uIG
z_1qM#l}4EN-JTpion-jVT*%#~SaF5#^g>Q60lhT;UpC*cYf8v{cQ93*QDasU3rtG4
zwq8{tbNBroeXe+x%4U9AT5$$8lmFzB=c=^Fo&1onQ@4=A+MP`At>7E5?!yoxQ~g+&
zseaHz#*`x4x;|iD%r7EmF)FNU3$Q+n!_|G-Q*nuCn4XG=717|_hgmt!_=P`U&f~&V
zJ&$4gG#>Bdhoa7>ytB{4R8Znsm8w=XK07a&>cY-zrOEHtXW;5=@#RxPg6r+CHDSLK
zGFRG>ilyIq+zj@oILz%DavJPMCdKp#CmkpzK0&yyE-Y<c)9IfaHc>TcpNDaSw~-Q{
zXV8clr*IHNQ{+KSkt{2mq{4T(3T0ELMMrZA_bTbAHq0XjRN+vx*TWoW-!RQ3bz|XP
z3$5Ta^a69N*R#_!Xe0M(F1R%{!b<*rZ={vHdz!03tovAfyw{^xWsN72R}#u#A`G0S
zY>E^P*Y<jTy6MnHE(zlvdp(BU0=+dY6p)IeEg`4^hrV(On#=Zl?}-t47}+I^%dSt3
z$z^?uVn-enmu>RcY?kF@vjZmZ`Fj<cIfcSBQz&#}aA=h$5Yr+&wIsqKoU<;{BAmJ+
z%p$zBTI=$`E3`#;X|*;t^pz~QXkHnz!m<bpSC_^jyuLWLML1-=i$yqn1?jbYt2HMq
zUmmH~7O&BYWaDy6uPt5^Wf9I<Zd-&q*0^c$9V?<O!r80CEy5vv8CirEuLh+tGo&xm
z7U6}fL9z%3^<|~82rtOzxLbsyqaZ!FMx%f7a%~Y7nFPsSVOfL+*Tl65*Da215pG&<
zTZCO!L|KH(*MwVy1DA(cgeTW%E*ibuvIyn1aEtKv@?tH*b!%c;glCs)i*V!`Q#34d
zu?W9kV_Jk`m%CVmz1K$Z#gDcK`>l=3OAd>0*6L`B@C}}e?cG%9q!lhIv}kn+Ey6;z
za^{;W=V%l^jWAcvS$pM-SQBLtS{QO#gkPBW@4ei`BK&eqgh=1GTuZej=6wg2MOuVo
z*6QhezRa=+$E=OC2xHSr^MBv9`VF&}|7eSF(&`dggojoXXAz#h8g#P=7n#V|yvDW&
z7n&EhtZ}ypZ2{JsaTvJzC$b1PuhjEcv`XXg(28h_aMbFU7GX?w9<kDeolmWbwg^Y9
zv@ODutBSJ-M-F5$EW$mP!$P=Am&Vl98`l<R5%w;|B3xpkYU8S($Rhms@hF4vaueGg
z{C;J$J$S2$(;S@mc(gTmph>aD;D*N)P)nPrmlUmxu)RKA6={3TdAt})aB7n%Lr}8_
z8G=_=T87}@Ri2+{Dz+7v-^4TmiyjZR0cSO_*lO;eSes8vFNLwyo@FuFYSx<KOu*j7
znScv5*jt)J8h{GA1cvXz<hd*?PV4jG!<w1i<?shWk7%uK+fryJTE5GnXMr?gI6SCq
zhs}jn>e=)HrZumrOa!LOWtYnZKBp43v-G*b<yD(p_%_SH^6<gyWd3}UC5rC^rJJEB
z1L&6=y1mZuSGN75>h$Jsj%<&@IUHV~>rE$aR_T)J5@nT_ca+N|l6_l&!=OTS+7MhW
zU_xKcfR73zI&dX&_@Y1?CLb0?6vQNQ__BbAq@uTlE=_Cp6wr|jK7r+Pbme8gnlZ~u
z5h^ohSA-1i3xpMpkr38tc;^e_W=Q97*heSdsC^+7lvX=uQIpN)aG-#xbjA#I3QyFS
z6b{!5Y~{bXFh)X;PC_=K%p*tn9)sHjy0~p=D4;g8+HgVXMsI2jx~(u6FqP--0(I=w
z@S3`Q7t6!U<slItt6ppIbeRxjj;1C*Rn2aRT6UD6WLH(}ic(eVI@(+aAsL|W3rdhM
z)wHRSwF$ASQ0HmQHaUEIp_xsZ!(phTjy}dhUU$-vnzHRL&_{?(Eex86^Z|#f1-j+r
z4)ghQ3&QijT-YXo4oJCHpidy{Q)r%v+K3y{L1eLaL~a!@$x!NeL*f_P;2M00=^{(R
zQDZ58{0)pMP~8jnl3^J!-8MgRy0y%_=^G|aH<>tv4|X!4t-n9R_rGR(&MOOpLKUI(
zxyi&oqzy?roNv=kHP*bxkhJXcf`MMRc8|za-%867T(w^sT)+&09XQ;X60-NKtu5;g
zT#96X3at%N4mw+^C*$p~kG;Q#ZK(7RICL;5%UbG?PTa6ls&s~u6x=`O1|@0ATdVl6
zrbU%6$445Bz@g7kGD{OV>>M9b-Hm4-^-wyOGK&!MCuqCuz!7c2E*T$TI4nCFX*dj?
z;2J+7DK_({$Kt;|<3on3D$)+%)T0rbyujgI1Cx2J$X#*$3dPe`j(8-d$1!-8b{!uw
z+=nJ}IH$ny!h!M1F?t$$$d?Xc9M1e+ZwrS1XCDjg!#bLFa(HXWKj#WquE0SIh8G4|
zF8Vo~Eug4{>URGuhgFg%TA1XNH~V3})-owv2qEwpuFQ(u@KMvOQIzl1oWou@s-<%j
zHNG~_)YlACn?nUAEsH->T!F)=#gh2CHDdz9+Hi4$8GTwDQp`HFNN3gWpAr<9=yFkB
zdVs^B4a(sMWUy;~$T}iAfk{rCwZ$VO=jj34=3CK`L=L-wsdKPrcGANO<Zw-=L5rP?
zbvK8TjyG+xA5?)Jq@N=h=T{sStLI1(30U5ru^->^h&u5v_#$X=^W4QQUilU^H=m-^
z`!=NvflqVzK@zHYI5}_54I}4M96sI_WcY0Os7v9ap5ZWPTO@0gi0DTbX`)MlbC|kO
zN0at1DlNrFY_#bxFpA<=!YST24#mH6P<-#A2#Sw)yy@fODSpdI@$dWn-4ws!p!l^#
zE)@TGqfPNjQuLB_c`|tnlw}EJVC4)75v|$nk*b0!F1pHxsjk91r-uwG$^bHm>7pD2
zq<PhtiF-VZf+N5%%SV;=WWnE{U8KlHz@O~*kV&1=8hz62P0ztZUQ1PEnD%-83{&#?
zVc%{!UZouQX?mjgVh}Y(SDajVlfJ|4Al*fEDLK}kZ2F@f3wf#LO()+l<iCFM?^6X<
zfD{YG-%St2v&MnLnmt<Sd|Ui*^w#1AZx?aXof5rcojLrQ5)EIkh9f<lG~<VR!qbIr
zOn2y;kJRuaxII0j&rfoF>=ttt*Gn{ut>*A+B^q964*#k|!?&5kuZ9heHTUi2@GndB
z^d08#FG@6gr#bveiH7eohhHwy+;^M9FO_Kc9&`A`5=~~WIs8KWr!zRPN18EY5dbWE
zljO^BXboi<co~PP3?GKqrTFqg6)AGY%qNj^a*Hi;TH7LL*1Y&4XTw$xqqvGGa?lSm
zW|GH>HKd^6IT5{`r7s^)&Eq%8o1KDc_Z&AtwPJgGLG|H$TTtEFLV}8}ubmf(CBb3w
zR!foz>4qOow8o#B?lOM(9=(Z^;iHaLC*ELH{B$fje7Hn!{@hsa5mX%Og`P`7(mkWg
z*VlVQwz5@s$jjkzFn@r^41=U*Kn{l!b4eFq1{|CnVor;z4ouoX7FQx1njI2Y!93P|
z^bQZx+cRb&Dq*HIS0x834b_a9T%H{fb=OZBzr&2v&ko-Sr~^B8XiIO-?2uU*yCKF)
z|C`GfN4|7jjF)azPr+IoYAVy><Sb=VCvup))03-QqFIg^VG>lAdf+8hxed#9>dCE}
z71FhV%XWGU^UWt`g+(3BIQI0N5?UBEo7n%#4p)tvH!D8-@7n2M*gTy5$LBlQ|G{YX
zZ>P9_&rZ$#5|N7kS59~1e<_eO|EF_?zFKkx`22=i2#vxQ!nIlULg=;AUI?>ixiEI&
z&hUkBg<0cQ&2SmNY<KuVSpFufiU1>3d?YhqGViC0!kOqn_-v!5)7VAU?pD!8B0n7R
zyp>P}@)r>?4s3KK#*&5ciLrE3ge=lnJwDG3t8=!xNEJV(^K|spvhg`+k&Vxb8$H6b
zfE0%-23_cas+pU@QMI)*tCEwGeUBdz7M0QN>yCvX3PoTx3@l;{s~7@P;lh<5jm^e;
zbFdQ>(b@QOLWch#>*_0Tg|3ba8GiMsk0{eww5B3@tEUzHZ}7Lw3))MTTE*!l3#%tq
z{`8Qrx(*mZ-YbpZ9!2WJhg^Zb=CD#)y1%tNhe#hsuJ8bQxsO0gg%37(7`!9Q$>-p&
zp{AVt>xLhajU0H_@zZNiTmIBWfu*71fn4_oy$%iJ=;s}%$-(-tj&Spo;g=Bg8^8>E
z>ff7F?*vT^OojO&!@e^Wyuyz)VW&s_R1mV>gs;LWdS+h8AY=4nZkW8jz93vs{~VSS
zYC*lBz$vKb6uQgI|KNhko5E%0!2)-gxu8%B>QM#ZYwYK6vQV$F(FK;EJ{04n&v8MC
z;^8lyT@Xe@{mSEo9#tFDlkwInuw-Xjt1wRm4(I2FC^&mBe7?;ir}Kia3=PbH(Q~8I
zsSa*a@;?!>-%^I}oKQf!bJ78A9~J&zzTIPm|39DOl3X=&J4yC|b4i$dvCUPOOqdg2
znCzBD#}l?NQNHzvX(f>Dk8?P(-D4|+VI{e#DTibBO%$B>b3ylH@mg4wHW8&)yLm>)
z>|Bw=Vf}88_K%m&AO-j$hlRT-587wzmFY9xB;cuCS^@^#^hz63uc)>qpUtu5;F#^U
zUKu^dMfe@xZo7&OK{?WG?C0CV1?7kiM98CMtrd1@X7~zw1P1NWE9~-2=L+k&%bnSO
z#Ra|)#q96Ta$jNncIg$ic4qhrdjyv4GOdl7)(R_#@zP&%L3?T8FD;ts{?bM2DQH-x
z(9Ic^DKvPuHib^iD8>}Z->oNCG{ZE7@^{;&(9Id)rjXfpYBw#INi%7|9Ny)+U>44Z
zzhGAE_Aq=l+!UHWxn!o$s@+kh(C(?OuE4%hm_i@Ubod0j96o`YX|uSr(G7fnMrG?z
z#rijCJaiQ9L5)o*W>90*n`AA0QN~bynTm6rSP)X?_WI45x0fy;GS-1lH+#ZF>5>JZ
zs3QZHZI0qX0Soe7>I4me?KsTaA7uCklRedD*z~C3J`OAP(^k})d?wVLE28csq*vz#
z*3?&Xd=k}CSZ$bVh2T;-+%RK#y(pIV5{D(*$fELD>to)6P{dh7(k<GoSLE08!&hW8
z=&?mJ{jK@diu_@-%Zd~NYjZ(8sIqx2$BOK=AWG*Ya=5x#WxZhvhZJdheEFWp!4w#f
zK-)ZCgW5W^;;pGDPVidjwVpVAL2S=n*e56r+@fERsmo5IpER~)Pa0!Bi5f7p))P$O
z@IMT5;C?zu^p^q?8FdFtQCTgGjD#}qtqK5i-{QLL`^=BO?9Xip_kfh1>^7@}A%L&8
zM1%mQ%ynD$=eC8fdq1W($3)&De8C@a1OdixA<j~{PV-$B{K+k@I%=rf*fU$gb=08u
zSQY3f?v=*;mkENyyiOva42)k)*gU?$!?2Q~V8NouJioCUJfcbtOko0wf{J&~F4jSW
zVH-Rm`(C<sYH`S9|Fs*{A$Erdf0J~0eYuLlXTazk9@BdNXpZ(L5;<JnXf{7s7{{oZ
zw8=KAZZC}3^lhZviGbO-Z%~oS3i#|wP-J5#*zXbOg~I;SG3WG^V4wziVb}ordPa}g
zNw)K>kf@4Y7^{B!{7TTkPM~y_m&4-4p@8k92o5LQ>;gI$y<4gw|84CllOPwy)AC=%
zgYs)CbbCv{tsoii_$u^Gm9P8yjR=o|@cr$2kL_u_2DfOQ{lh%1`p}i;`=PY_J3$|2
zVCv6vFb#Sskgr?`+HOMXeSXY_5z^yOuH08&1X&K;4r(W(6AYo7z6yr9ZQ2~(wA;hf
zR={Po6)@O+E8zPQYz2J1+uawQ;Hp+H?~5N{D{^cFO#ZvJ0!F=6;;n$2mew5bro9!g
z1EuODN$?yGkRM|^Bnf5U#5_XZ*sX*<HMh5H{C!mrAAjAX&(ky-f5TiOl($O|q1-yp
z#$Ul!SK0HSTd?xx*6?-Ets~1KEKEzau<$G1jtpFd1$F517H1@rAcKNE9s}=t5L036
z8;WV~r6;W}qik)svyc$?;U-tU>s^8v%=t|ohEGM~ZH{XU=J?k5cssq&#@mQZKh8)?
zSLwrwlcohr%zo#}m^XdeS+So=Ku+ZFX;Lm%M^~+zqXqGtLXSSTZbyN>)N_}4>E=wj
zlqoGWy}!D60iEw==>|HpQYBsY{4gj2YCpAL7g>LBpRio*QDm&60X<EV|E4nekwcf=
z9-)0|gYdV_-Dfc9;Tv{DJ^W(|iefDoZH87)&N3f9cxS}Jm$=7f4f6~}3Fd#YVu6g%
zN$z+cn+{XqlTI3UhZo1eT?rnmCaEBsyGLhrY@e=xl~)Abry}}0rib*&Q&MBdrGp5|
zNwKVcL&#N>4$HYtdD>DCGI*}kF#&B%ZrJEyKHU!#yoNG{XDtem`3Ac-nhep!+;HdG
zf19{T&+3PTp<ES`<0Zr@!6xb1)(FJ?LYcSHkB<CqS}cY%ckuTxCPBh{{=G2urOP}v
zZPNzF$8$}CLxVARyZ+_GoQPkhn7?eZe?c$QV1f&7U<GK)a&4;#e-C*yfurvkegj{G
znF#`Y(80h|IQE{<CYhJR$N}mI4QY=+ZzdnvufJuIKu@~TzrP#==dX}<MlXy}mWi}%
zuoDc@$#&l?3gv2pA(6wdon{h~JLgAlN(8K32^O&{VIraXZW9SJVm~v?yAN3IJ&SPf
z<ul1h+OUa=CM+xIDP<)+YgtJvgSM6Q3hb7W4hlLOexo{c6w+Av9h^XUaZ*RauPv{9
z470qRQP0e^p85HE_A_6DS#<mUj`Epw>2I)<*36bStS25yDgKFb-f}+iGieUM#5b+m
z$CR;dr%$fWxNJd+ufcc%^h9UFFEN-`#vlcns1C%`jb<xwSWcP{eXw?u$36*n&cX=K
z+sk47CUfU(VMK(}%ZUnBL^o=iK$38ij;;D?VfurP9SAG%rZ*sB=KQM61<er$ck9PR
z0n}xN2Iz;~4uDjqK{!BN!V?L?0qVNP259sQ7l2O78Thyl(;J$)oR-l@rJ;OqM!rA7
zsB{HR*8oXEC%~TF#Lfx1^lisGjxRSl(U$=IkyEG>0|os|nqGC%w3`b}ubDLM>O#}&
z4w_DLqiNA5cN9!ns8MiWlPAi)iI0Nyn`{)6fpdvr%e%Q^`j!^c?`Ut(I>y&wNm<GA
zh3yT!XwHPM;->1>C-v9z@U|R2xua0`zX+FT9gmP=Kp9;ymlj(o?XH8x+g;k^T4b4A
z+qB6gQQ9{(#yZ_IUDI^N9tTY~y0G;uldU(nu=Q*QTYoX#g{Fh{xYP8~bWPL2dpuET
zQ}Jmk*Ba3jQ{m1VLQCE}2A8F`1Y_SdBsCP-CWVX2XBF96*uwWsP4QpDWRjD|-y}=*
z62`#YjRK9kUWE?aoiB*ST_1DP>0CiH?)nzmxEnCf1$S4sM#wlqpC#b5V^myI{zMK_
zx5koev*&3rc5ZcmkvA_IjNMx`7!&42gRy6;4Mw3G7z>IALua5A2Zo}#bb1uc^=f*7
zl`hiUF|OaT3C%^cvZG!^`d#0kQ3_AJ|9fFeHfC_Ut93_r^L>hE=O=~n>=TM-pRz<v
zK~OU4kas29wuPlh^4rc17Skud;<AP<=`S;lxI_*Uf-%@(^eoK|CwDs7VZf|tb~tU?
za{XsTv%?vOy|#Fk3p;Gy>0pN(3Q0a_?m>`fSTIYAhAlfiQTZA1MZ?VP5o|K1OzHS!
zZu{bicDSrbv>EM5P|Qh*At+{>w!==R?T|OaWrdlh?1ULEE6ic87P{FE3wFmr>1NZ2
zSm-n&^gd5<C?&^DScdHZE-)SbPn!R0-xUUyhjZLy#4KzGTZs|ZC`QbH5nPV^;$1^O
z;D2Ej4L|U%;m1t)6y(pBI-6Ez7QWA53CI!KIvIY<fcL#}M7Iv+1Kxm7yz=KuZ`040
z%gUdJwl{zN8}vw)KmYKS!yNw$tn*s4E_z#7Kl~ZyBwIgRc#CTEi;`lHvgaI4%A4CA
zr2Kw%G%0VHuGx39qe*$&u@66KjtePi13a3PZ7fnwn4?K~bi0F;dY3u6Vl>>+)hpt-
zS|TN15+gdqSPNH@tUyl(5@3?>nUH5vHb;s;leFuIv}-$&Uz44Mx$qrb>DkHfSH(;i
zPj_AHY*;rng6%Y7aVN`j*_uF-@vT_)+oJc3D)>5VBY$_^d-}cveP2R569+k^!@wu+
z*~&w@^a}j15=`)iyk{F-hZABj(TDRj6MeJA!9?G<XxwkNm@TJVH12m>Y$h5%--U@j
z+hQ`2U)fzP!ZhxY`6cp<tlTFNmKzoQhkliRBx63$VQUW6^x~r#^w0BjCPxJhsm}JH
z5BSWwi}MFn-9>p0Lnj3proe@RRDsb{UwG24weZ7Pd-U*0K?76Z+(Fu6ZAKRuK5dV7
zsn$@d<rS+wqdbQ(!aUXD6(gVyaTzMCVu&GaomCgDIb5vnEV>wA|18w+m#b5;f`0oi
z%%gL<ze)rC8}8(U&E<zzBKB>wIDD65);n0u7GBl87IGBXH@^~I2{uDeAy~SV<v;G#
zm~~)9IcD+r)K>#$X4_~H)_YcRh@<zc-yE;{PG)iV_NSVnuHhb``^QXtH3q9DF#HqT
z$q|&|-~CmyqsK@g+=|xJyHw5EupDNBlS?tU7vW-#YRYiGRUk9@)#5u`zQo~jjtX=Q
zvR*z+PkNI1whFL6$B6q#*Xm=#aXyuN_V6%-s2R-6G0YvzL9YsPWYjDGX3hya94BB{
zXW|%iCeAZ-CJt|H9($4%aqP()QJPavTB?UEd!<x|o`~OBhn*Ob7A*qQ5pYXTbs`uv
zpQ$Pi`>c~MH^)AmXT*H-bRK4if8g;vjzf8{p5qiALQIQz@Y3_jI-l1bE32mn$HRPj
zmgw|zd{{|6MZr)>?Wm-1csXF53X`rv<$nys!II-d7>OwJM40h{4um=O3Y`b@srbhn
z2Xo|=@Y7)EOqYvW=zO=B$GnJtAM^76wPRi|l{YdEWZM5q*m+En&A-hF{IiaVGGZM-
zL-K#a3_5}>&Pgw)7duXR87b`>Y3%OGVgEXZy%;c(8eIT~UXQo_d-TQopLu?S!npit
z=pUdlmh}uNjj`^ACsJdq{5W>YxGgt4|JE2WvE<Mg5>ckcxO!ZjA=YoKIz#Nr@qf@6
zVtvMjT(riLo+0DkhlBlFYsAnRAB_z~sg142J^xSZjiKKJUG&D-<DP#h#j*98hZ*=s
z4#)CC)XIapxk|BdcUXHbv!$vW`jYfasvE+<KkCoaO~v#lufDGQ$^Kak1q|HpmXeKi
zI2_1VN4J<xzkvQOV-0EA*5Pm{YII+>C+pEiB1Y?gg0KP#b|7H(D-m&mox&L>nEpy+
zoM5+LX3rBYkU<NEt)LpUX{}}<VY@~`K^ALIy>u9zSyF+6>YJ<DbiQ7^uiA>kt}NxN
z&U)QyeVL^j=g`fjlRigZ-KMV6;8rj=i{dwxMcg;WY^0@IE`>clW(haN#(2PNNLe5D
zWif1Zzm8hWdfjq$!+}U(_=d+@=7Y}6BmaY8RS3iQxRVtnBVt|6g>P{9HA5d{2XsFl
zjrKLaQD|RTMYsH@!v*mHgV%+S2(22hy55y{cD<XU@7!61@m$^rQ+!z2=ZvhhFas+F
zzRcmsDC&QQ72xZ0LFSB_Sq(2KQf58>#>?vYz5NXR@bLi^411ZwxfLNMFa?IMmKynG
z`fh#|*oec;$w7vX6AagfN(bv#9D1J*T5#O$c*`aImLdKaQ2bWGj11l%#u&Ec(6OC@
zV@t{4nDmNz!(k!eSfb%*%i)xUV-&&BmcE-`1vcccUc%9s-aT%ZgyX+C96#p{$7ubQ
zQz9-LGb9`@*>H?585~9W4O0n@iyDrXIDDqz7)x-xMBmM?0s|ZdOE{X)ySEb@|HEN!
z3^=yyw-m&O<IphGEo|80P`ipgY~p%upnO(Eq0BxF7d6MKj7c0$o~8ztqeq4WCdqGt
z8Ws+m7*yx|^^$gVDu+X-Rk<9dWFX#^PzIAZ^qU%Fm{E<ARKM6q9pP$IYnXm!YZz&-
z-;{P##$6dYoAv5G#+;{Y{~i&{vjIPxV)ganaJxvi{ezVwLd;r#UI~2r2#ma99rMKG
zgW<c=o&cG4y{FPl;7&)0uCS?;huize0Aw7#&kqXvMGMC?`5Or)>JTJ>;?RAfI!e48
z7s3G;NowTPxQh1Q*++((-=t>uiK@9De0xY$2V**~B@IAK=Z)xfWiT0j$PcPBx>Gsy
z+RvnOkwK`uo)-(1nb3Pbb#YW13x_60^npz0FzNsubf1CQ+6w79C74Tv)ZZ6L8%p2$
z-Q-|ISUQ!%`v>%NQ+YMj@aLSG3YL>H(lHwgXT$gFUXZB_e5?^<gi+N^foKz|_W{Nv
zAKV|s2J+WWifEmcjI&bseg6Q$r*cRWK1}yf3!+s11es`5k(ME0s}%(sG!>k3kt=W*
zHiub#Stt43PO5ClVdKlxl@%5}&QxR8p*=%^7>!vkU3YKHs#N6IzIJs)zXQw-_oPD8
zIV_c^tR$^keIB+nTBW$CqPsWNkau&zBLP&#K{|(Zv?}$PDS4_}DTm>Q8RPG${;Rda
zZX_XcY&Hx0IPoNnbAU^2q;MKsGeR~Unx{zBtL8sVH1%y$O35^{=D!8gzXj9(1A<An
zi{7{;7)vTGoyUriO1riP|D~nUAO^=C3OE~4#%e(Msx;*mZPX1YH!TV>^mACakx9hR
z2)agN1ofgkw<x+7WuJ{^!$Ctg9Q<lgbT7(o8zXyBe!J*L^`gAqGNKjbphwic_vMxX
z69ra?-G{L2Bi4R+e)EVfghh3oe(uEPkv$0YGwp{u+X=SeaJa7JR$gow-juMH{o1i%
zul*H=6Lsw-ghTTF?k0rC4%<x#dp;N4gYc_|9Ze?>Y=~$&IeBq()5+}{BAZUmSsdMT
za@~f=rjtt-|EQ*u^IJN5PVRn0HA9#gm$a*G9A9`gg0w^HIZ1ow+0v4BWIc<t(<4Z`
z#eVIHXCp{Eww_Je{S*Ff(vCi2lXh#%XwuGk#3C(1-{gQ<9QZ%H9d!nF76(pj8d)27
zps|6eu;Wc5J0~Y6M;ZVdQq-X`MNPFplCrNU<AHXhTPHot)KF?ibXFaJaUxmOh3#)z
zg5GxL8|wo`iyy25Jr^3Qu8I4bDj#xM<FKBIJDb`q6Q?&;9TWF9Ev{kW7y9)(N;20k
z_2BI#8GKa_-d2*qU+KYxB^i8858hgm!PoWREhQOzLl52@cQAw7jafh?Y(S5uM!;}u
zI%PJVGI%>9vcc8h!$F&Os61RL)&b91c|127I~r646z}yP?(F1r_Hc9)DqG@3_Mmcb
zYYzSza^y7r63D4yUwn;@3+FH(#R%&&dZ20XC)}LXh%0IuzrW~Pb}y^x4>RZ}?AN~z
zkH|Uwcfh_>9~u$dGxAu#hI`Tx4R<Qs3K|v~UxlL{5x`FHrhLr8ko8LrL3PC|OnK0P
z2e4IG$+Wy|U<*1_U9}t1*DFJpWvuu;1my7j+Mu)924Q1(Ge<6<PUkxou+sfjH*?^I
z>f4qE4B_1Tg9<F641KuPj3uZv^uB?}jYYFK89rz>CSGas)d0gL&i*t6wVxYSlO=sr
z!~4y`YAciA`+zRu?b?h?^=ce$2AJ89Y5q!QL#CapbeH6=&CI^Vq@rHsuz8h-neX`S
ziSS&>Y8-CckDR+Q6c%QGl|!MrS(j6fd)%d(`imy2nA*_A)DK1%Q}1hL)l%mNto|4S
zn?;wMUkK=aIbIG!Bn7Z6Tnre_a`k@AoCiA#4wnOAmFf%Hv#L4Sh_JJ);P82{_@e!y
zCs_i6sSRCA_RlqoTY26m5Z15D#8jWAE|}`pByQRH>L)EsEpKR}qU)0i72h`uL&dj|
zsCYjd6%*d3t3y+S^XjQLrBFhIu_=PX)K0nzf9q2c6AK!+)!-j_GA<%UG<5A;(B%mi
zMD%MM7ZLNHvJkPkfsKfp8WBCi5%J}d5s2vBFbomHI%qkJ@I{i~Fe9XazD+>)a0R;O
zQ*nX5*dTmyYoKSj0ezxTT%b?dK!4%@I`1h3^pOTe3HuMEszioeRIsQL&*6@$rpXR3
z;8A~cLiW-m8WN!PFP(H(kYUXwiZ0Z3L(!CH<DzI=J%+8KQMBzT7Zj~+5En&Vnp-IP
zuC9%uHP0#(t*BQ@6n*ht=}<HpZ4`A6X%t-}6!mpQ(Fe`rqUdVf@NTXeMfp#=py+J<
zxF|YmqiCE1MPr&P6n$Q|lqlNTsdOk>onWJ=C!vVM?|<_EHR+8s0REdB`g$!}EYHoA
z7~S!xt5{weAEk5ahW7)BsdZO2kI=ds>uRmLxVfoy7uK~@<n^Z<N_Rv9W{!-|xjh?L
zDtB4)D3!a!e%{rmA~kLwd8^%!?tmK;EUIs++=r;vCE(gSv3IV;2VXsEwV~VGJX-4(
zIM}36v&p==VG?#j^9TvMpl+Ciz5E`_&Z&wBBN7CMeW2y*<fkPa57l>D8H?h}*X0dd
z+qxWeldlEw<?Dc_EsR{QZ-cyB%h#Eum9IaPQoi<a$k&S=Yh|?L0en8vFd0Ca>B|PL
zD`0$leZ0qAA8&LsOg6{Y$9HVQq?^MqS*G>zx`w4h-T4kNP?sHrwFzDuYYUi#wb*T8
zGhng9&Q;xEH#Aafb;%QEAL!+cbQjor-$EaUrwvSm209$n;|Wo0@3N_lEuZ2>)97}v
zpGfBnCO#o4c%+dV?=NT?mw+o9hg+8Dhj~j&(%-Hght-WE8(Z#L;noRh<!YBsND=)k
zyFX!3{&pivjI3!IEk>3!wi#o6Q^god8;6OJl}#PpKx>)d?EQ~vMSA=hiL&vJxuNXK
zr{kimdwo@z9>McNo^%2IPQ$o7zxf#p^7)V1p!Ix4fp+t;Qu6%5j-?Y9`?$^c1*Wah
zM_M{?y`CG2#yk@jMMaM>d@dSAYu!+^Ek26Awo&wv14WB8iZ+!NMW;)NqRDP3T1qI|
z;EJNc_$bPMOtqzmK+#n<6nz>WMH8R3P;{`KjiNIeMI%d#qCus!SZ|{Xip~>?hP$HZ
zoA@ZYQ_q!)K6Nwduf{j(_t+?!=0MS4ZPZ^Xtx><alqlNjK+(j`8buRZkoc}+qlnsy
zIAnOPh%3V%4YOZV!`o%c-TUMIlEch3L3I==sWdfw?(!HJmcQh%C~7>N)N0$gen$)M
z!lxa!>zewyDej7=b^q>p^&{GM&w9qqi+#*&-u;j+vu=pKMiEq1_UB34{`|zYKgZ@q
zD~=<N+C-m_tB8K|(J;j^IyX#l=o^ncY8jz$rL!<wcYoa?;v9$`b#%Ml7N++9;St9n
z5M5eIQomovZ8Z#R5qCA5tmE4Ba^bTs_#+Vz_xOj4EiBXxsv|7iOmCrZv$swdZYH&e
zu+8_^3A4?&b*AWtIs$^jrJ#{e2EHMfKYGOK8QZI6M9bJs4~uG5VFD9yM0bo`@|<c%
zxBg*~Ll>4kr@Gc%)O(>rTAJOEFFwNHA}WeNH&W~0yQ=lU@zwf?`l_#11b!DcbHQ&>
zAg;8zY<mF%9A3c8rxkK{*Ds~CIs9(vq|KZ}7lAy7P_)w(MQh@tsGz>8;*UVlSvM5r
z$4Aj8wpu^wQ0qrDit<W}qK`|d*1I`S)JS7!AGwm#U0umD@m<M&4O|bY>*a=_?(tp8
zl{OQtbTHBT8bj}w)|H%5N+vq)z|d7QRJWeuP|IB7Q2XPD>OQUKD#z})Y4suTwfZbO
z4z<G(VE9sN_5P*R>Z3~;hx)=1huULm^*yB3XS#~|Q@L?bG~iL!fW*gcqW+`D;-YA|
zE$3I)u~GEB)`49gHA>fT*6KAYN{XZtWfYRsi+{+C=(pYXa8Tr6C)h##w)66sz)o=F
za4`IvL3@Al+GWRxRG1qQ)pO7bU*=JPQNP1My`{Q=<?7?#ALH=t+91P*oZ+wJb8fXa
zs^(<tVujD16OlWqufdld5x`U!8nX5=u|C}K$oFOhbersx6Bt$24R`MOX2Z2St4H?8
zBSDq}cg(%aPSBSL>f={bHWz&ydWH;4gqvoQ)WW7liMzTMHC8!z`AwB}ENUz$$wBR1
zA9_wVb<KO2Jt&p(d}^Dv<xP=8P!rHrYsD*%MD%dYfP*cHZ>+w(juo8P)grpBy6ym3
zhryrJ@gB=s*ga6Gf3D#?h$)I4s2#ba_2~)Bz)tYVk)Xsndg1H@BJ=PgK?A*TPLp8J
z;UF_PBNYZ54vGhb?)`A=Ickb-{;y^>UBzWGIdqT|@S0}<KM~%fc1U9;$ux$@^tnl<
z&zgph>Y_%?rBU0>QP-_e7TFRxED5MtZD=M`4}9vFv#oCN9S;w_M{J0%!}J8=OL-wX
zCkOKwoGdE>`Z2vb3Fl*4s>eKUJ!aUu>M`x$3b$@D!tTjc_dI9abN(H5&u?H<qIFMC
z7Isq;b<-2pO~*T^o7%vnB<rS;!LXZJsGC|@H?7yR`z@@pXO|ZWyXi@F(=*mh<5Z#n
zz6__3Fk@c$E6h!y3wz#FsQMi&^IDI+^Iq6vpHq+h54**re#-A)0a`Z=?JSCIJG;2E
zy6F`tEMwi&gNtH1Ql`Qjjj9)6uZ^k|or|B|wRg?w4diarkKHi#EX@&LgVFXB4`K0e
z^?ApH>z2&|{lll&O5OCI)=l4O4E`Q^D8i@<+4x(y>7@((-&TZa2VHH#Yz}9Vr~?p|
z>bblMTVl>73g~Hi`Md^)60DoX28)NfSLXoD_b;#yXufkgnP~W?i~=Ai?uF|?ts(vl
z-NEc<c{3?cOmDzc`1mc6or7)Rn`Awm1bCnNcTu;@UY%*1<1cUmte-Cc{S5s(=URON
zKabTm^1EkL@_4t$>=ss6pNZ;V)%`JjGVL=_{i{BF%o6V-o{jEab-tc!$IzkAs=j9z
z>P3cKifdpeC1|}EkQ{tgK{C0X4av4=qaewzrxVSdje=xqJv)l-0!bftNWRjL^sN_Z
zYR2zwIHG~w$}v{I-abz$xUMy@;p*~K6kInN=<~duih}EA0}HPFr=sCH*uWL8Nlz)b
z4mF5O2#7<WtMy|*a$Z9+%mK;KXh=qANRC89GSY^m`_s{od{^HUlCDoHNWQNh=`Y2n
zP<}nDGwpXBDUs*5(A8F>eL}^H?5|01;fv7MYpu@@I*YK5mSa1yQd!dni?^n=Aw5?c
z(h@Ik#30C!7K$Jj>(~VOxJ48}F4s{g@6jTPAXjYLZcdA6g6ygjr>(aNER~?Ew?f^@
zIuT8-Kf@THE!DiX-ob0LqIqqj=Czs8ytc{awIY{QGtGU~?A5DgdV|Pq-uS%MuRcKs
z$KF$oUVHG|Fh<E>C38$ClyV#Rd{TT?IsT-==eUM8KKDEsh0h5M6~=Zy8HLZhh88~W
zJQ<D8j~cq-^VX9JpFJ8z=3>RiXZOc!>AHf&0BqRP3b6C_ZNPdx9R=9M`fBPupN<0T
zQhf`s0vDmQ!(AxN)<S7#{m4jQ9PxTBmZCVDs~{Qis13>C+$cysc~s5yP;L|?qaL*&
z>E^PUf2iXM$@?u7B=0{O8AymvqM~{>iCV{iYnoQ<`y7h>(`dzBq!s&^XvKcOR_q&H
z6#G(l#lB7}_GR@V)4k$QXiwc3kbKl!L2|pU4auEoNbb~CbNwb7l5gu;kW6SE4axDk
zu8@pvt|0lWZe&(gJPMV8^9@<C_UUq^;o8C`Tf?2|C@iXODiZ@4>-EB0>R5P-qZi(C
zz3>)AFT54@!aL!z@W#0>ykmOdjjtaWUyjeN8y)uASDj-3Hcp$=#~mj1kZ6<ogf^)M
zN1N22+a~q$XQBaH|ClRaOP*1HZFnqlKRgb<_IfM^Bs(-Da~zPYjfSK^L$W3sl6f{H
z7hND3<_^g@4axAwBDbyMlW2K;n?zGXF#x-!d9ROy_s&N1UO&xyXQFwpzs-C7TmZY~
z4p?su*!9OEvpV7fcH%L|X&*~4yes<Wol9sN%qn@F(@}4Hv*2Pgg~%ZR8<EGGMImxn
zK%webvnWIkx62_uaxn|;G%W740hOK}|F8ii#PpdV6KV6u>Ny?d%@3E(JH7%JK?PtZ
zqi_d)qPB?+J8Ys6(KgXhZ4(WTwuz3}HqmMq;8zz5{GAd4KdYhT!gPCwIinE$K$r~F
z%Nr;e1AX<D_D7(1ve_>C(woAag+`{>EcCY+EHtaB!s4#RHWnu|jl$v{U0^i6X%rUs
z+SzYgn?_@CVPnTyY!rq<l}lC}3R7YFBO(XO!$CSRX?!P<orMkIOC7&SXrS7Vr$Sz5
z3$@q~hFkHS!HI#WP+L?G^k92YH3!?kG}E)Bts>LUNrmHY(;U8`hWuUL7FDZaLzq?8
zqF$eO110Q#UY_XkTa$8UJH_=5mVu(7dQ*|7go5UFCzDUQgZZ`_??t?=s(#0yg!p{2
zKpRh69LCes=23i7sEw!m=23jI%{HEPyBJTi>oO~e#5z`29ek(lr#TM$No6y~Ytf&`
zVcVmz0z2AXzvi&lyF}aTH?+O}ezd)Q)3(?1b6o;Ek1|JAjPuxmNx3?<<1pDzmK31F
zffxY&@Pq=WOCuYgYfnT0)UA=4@>fqp0rWv53!qP$MFVs;V9UdXQSwk#b(J8Npcl=B
zKnYoS&D$m`FY}tLyh0r-QZ?%2rY&Wi8<<0zm7wE(>Hk<g`t7f}4s&HS5!Hw#pc}CW
z1n!UQ;isFisQUGj`<<omjW~?T*KNkEj{PU>A;O^6S7Y*Z>nm%_amSbdwfP#GuiJdZ
z>E(Z*t+SW^;_3_m{!i^|9%?I8YtY5jRqFJ{wzMr)lf#(mR{43KHfB;8aJW-bm9Tej
zL%05#!_}J1Q3KzrjaiLefokB*stHxNexs(dUjCyPWA)&#Yg(nUJKBaPd)MGF*`DAB
z)^n0M97AeiBOf)kqgkx+js2*?w&6?UUJg_3M|EivR;=+lhwo~dT?kdK-T~?d;;TgU
z_S7;iMhBCgdvs?U0f*nSZy7Y*QKElYjZrJgY-q15a=jczCs4~v$^-m#dyrvepDx7r
zA?MVg2fP7VzkVLD@&R>ON?zNrY_D|KTV17aO>axA?dPz&x>crfuyq*ZFL9W7FVkf;
z0v|U|Y1q-0Dxm*=?0pHCRK>M_7l%_r!wfLf!{PulHGqH$cf=${L!&V+N!s@};yQ>X
znnd*FB_{6$^=Y6l4Ew&#44cd_vhNBaDgr7hi0rcOJIt`}yZpa8Rd?y`+cOPl^73B3
zFOlhc>(;GXb?Pj?It!J^f47lvzwfJOEe<DdXL6WLy<6O8$+Ir*qh0jQG@=wF9KL>*
zA`=_gylQK^yohB&4kH>f{DmvnC-$2gz=>QZt4%tG{gs%eeGX$9D;nR~PUU5o&{)mJ
z=631`e~kXUvmNb$2RRfq)+<$s!|_~3(=<9Vem0MBIMLLO1X|ZFlDL|1C~0g@aUW-j
z=}l{Z=(8S&ag7bDQO{f_Ura8CbFM|m=EB40vukd2)(N$ZWCzc1xYAVE3)Ie)Vj`Qv
zbZ2PaJ{|E{zvj@nnMzwrJ^SI^XIX?0i<`%ivMMmx*pS>5FHC14L`ar9=Qqx5&YTvO
z>%B&0u?=9AEZQl`Uj#X1F+1En1^$BulA~%qWN;`n<zxlyw8c64-<yd7&QJ5$l30z`
zv{GC3T0zO68es;pE(~x3tH8dt>UH%%6{4%jBu5P(@@%|`2QWE{a`y%>Q)Tg0UYYNN
zE6Qmg>2{T->G26QA89ooSAKKbNwxu;UCS6|(9Hc+MadtW;tCnbRUHpl#~5cE4oFT?
zg$FQ`zDcbn@|@b%w^{S*T*#z7mz=JI8dvFoer%}498G(7ud{b&#O~e23GCfP@%QeE
z#tc)NDCVWN>k7SHXW83znQOa#7Js`IH?z0v#Mte+(%BPRpN^IVZ#$2Ui+WTtQ|Hl5
zG23Z;Gv<7{m+SVrr>$))6;x{*_qDe1)MmoH9eX^>Jh2U}vMg_`&z9R&L_w<J%Z7$V
zNWFRTb3yGGlu-VwU@#&v-{ccvotbZZ+fbYoSle#)%z%Z%<=#)@aEjSEan83Z&z98R
z`lbHXbM4%DdVA@sXCtom)>qF&T<z1CVKx2|LKe?<C4M>4&Q7@XB)s2{W@BXng9}xV
z<9A8K&??BD@>Rr$D`>p5aYW{t6Rv0Ar^1LDlqz>r4Zdz{An-;}1Y=l9d3289ROs7?
z;WKcvRZwTuv&wO=8Z2!r1l|qP!-{!#pG6Fom`XO*=QMHciF~=>*)-$~4wv5yefMnq
z>T?XM!_>dgKsHnsSPzE(P4jc9JO?xvzlqnx%!dDi7&%RI(37IYby0LIAy_vDL@);~
zLKXD%QfyC@(Xrbqm62U&PtN%>!^|m)CjU^80#eJ%<;4FVRv93_QC@nnuj=agDybKS
zuyH!J62gFLLcnBGzq8=EU<5%6dm~^fhtI;&*jc~?f7QF=y%8h(tq5YPdjw);2wOo)
zQ02XcMN{Q>!fzFS2F!r*)8bbQLJs@ZForc$9fxW`wdAQpe6_N$1{aDBTcDrcM|tZr
zIP@YdjVPoRoXs_aL5Xo{Fx57T22%TmhJl7kS(Qrqj589-7B~RewQUuy99)Z6O6hP5
z`uWXRBUNSa&x!mXLtu57(pGYJ;PC$1@HLUK2SpI*Q45MzQiv3l+28@$d|4mUs2#x8
zo|d}dw$z=ph4=$)skh|}YYObhgJ>!$^$Sk<_C0T@^WJf0go(vr!WLajfAcug1`yub
zLWNTTmg3|$u$|<JB8Xuwu!|GmY-vzO$9Zt~k}W>(VQOO#I9&A^R!Yahai&UVc4&)E
z$2xJWHQFS5qpaNOqoQ+Zwtf8V*f@nUdA22SKiO&(@KkNNQu(`XCh2l#2%Ewq29_|`
zta7)##e(kr=k*4c`?8gmE&46i_Es-a+ke4$GgtXLr*Rl3->)^55$Angs!E8%+McF6
zSLa71W;{h@$+ox|gsZ@!@utx1`eSRLd9-ROeeabmKE@6HQtWrr?JhA>NG$cV{Df>M
zDYC(yAf-LuzAMa}RC@|o8dl^^j7VAD56Wh_k<I!?G{dJkoRqDeDL0}J19%6QM1k;%
zp&Y8e9c$V+(j6RnZ`IkT&dKZLWKe9u;rte#tr^cAW4e<Ww&SpThflcl;F)90Ys#Y7
zj>BrIsiP+Oj78+seLYSyZS_4R^5tzgY*3G?REouyd^eOzu|9{j-Avm=$dB2?nH&zP
zxd?!tvOaWBle@#3T$jmIC<p$46ICj8N=cxpu&^%$VtjhqC#+wB!@|?nEHr=_Zji~_
z%6@{wg1)9JwA2c8xj4ovjX>cJJB>g~T{rcYj`!KaHex)(-UHdNN`9*jU_3O|j13AM
zyp<Xd<n0P}Jm}Rnf2&VNJgP*K`^I{($hccEA^sCjaSu9%(r24}R&CG)<INx`z-b)j
z$`8@qcOPdaV6}W`jkKF;Zi&207Pszdf5D$Qe5*O>Ri8H}jnOGpVrYu#sHcjBw3p9M
z>~2Q%PJG>KoW)#gh4a1}=H@acjJQ)q4@XY`x1W`?+-rkMWE~Rtdk)*=ZhMI{{0lr{
z2>ee-H^_uM?h`k*8u61d+Vi1@7eBeEP)Q>77kf`-D-J`p_zb!Cvkl3(A7J=%&hXc?
z+F$vMsP?aLn7_qG1?cXLxEFuG^S63Ze`O~1ccJumM3~vvWFgGvkfoEeE3>UhLTjY)
zk1akHD(|>)<5*qYdD2!_b?0ScW2-w)v8L+lv9Z;ir*3tsJD(owQQdifB(0XN>dx`F
zRNPZ)ZSw+$kD}Jw+NYPd#Mu{;oqtSr$LCRYhqFcWjwT`j4qch2qSKPY`&*b2PuP;z
zKy1mgvAPSROKyTJ8&lv-IqaZiOB~8Dl<KW=oKJ1bDmHw*$>;mCdDZsFt}Hh*e7l9&
zWqR|*g{{ikDqrjVvy5g<il&}@t)g=m-;9S2+^!O9o+fR9ak$VYGAX>er>QRhJ<97+
zR|B|R*O$9`+R8M4KB`l?M>+U0L*d-$uZ0=#kS_h^cP*NqXDjn<Pxtudo1epk3yfhc
zmA2n+U<%K{`l%$x8)RWEF6d8x3j@<(_lpXyIVo2@o%S^JeNh!_s|Q^>To0gasI{4P
z*2xl2d5EI&?+2jE8C4^Ja#mn64Ag@ek|AjR<my*b<qNAdN8~qCUBogP-oHf*Pm*>I
z#-aZsR*rdBdig*AZ`Y=pZ1X#YX>jOpI3%zKgMy)qh^6eXsw5~|&^2lkq>sLpGXtOD
z@a|BRVJVdpmJP29ZIh+J?x0<p;Ik5^K7u0c1=|_JI=Y6R`yAg=si^GLi2E6~aa1bh
z!n`XSs|bFj_3|nNoSv;j32zs6%G0U{jfq6x`z@u;xAYOI^1a{E(0>aK@3p)ZeeYoo
zUp>O2^7C2|((R-2o-EiIb|pSZQgPBMURs($U^wB@bBh_n``z)<N<G^dc4w@}<S?w*
z`C#O5z-PpJ`!_ohe*4>FSX6RW<>tF1`t5mR?6+(6ZD-i<_G%ztV{8#KvQ*0*yTZa2
z2PKv>_l|IcI2fa^=j{k50MyR6y6Lhbu`?c_p3!Nm)wn+09?r8xRT783W9Tp$X5B8g
z<%(ZPf|+%@(0>aK@7#VZ1oQtmEdLdwbh@@~9)P1;BkF#tWcqK9rO&Aj+qZ@d+D@qq
z{>+@4=;v)wS6yGUBOD1s_&LlT!&pELCo3D1coRiIk!zR&m$xtqb$UQx^`;nrHzc>Y
zU0@1)*h(032HtvrNlBK>8CD}nAAsFkqwAEWfnScSI*cF71lHiUSLT=jhqt(xaj6Rj
zsKH^X{DL%HXtR!U9G(s{t#47T5ML@PNP~}dgb5vJtFB>th7BQ;p<kypi5!&0WRhWn
zd{Z@^qlPhKYdAtERO7H(HmFWR`4QIP0jx%Nc{*I(9#t`>8i#WhQGV-j^IPj?$&P65
z)L7?DC3><e^u{K~X0V)|r6yQKC)tie^?nW~<SN@3*Vh&A6hDVk@)^mfpXUr~3+&5y
z2nR47Eid$C1N$>>;2@@*u`X>7hk}Myy)!v1aWUH@4*n4Sj5BOxsJ!ARpvPLDcLt`1
zIP9Hjs@fH58>sXS_wx`w6lu1;<*<37OYaB{JLRjB0wfBnhHTfckr6V%-sj02K2ZBy
znIq+M8MkeOZ@@hHsucJ=*#|>Gk!at@E>2rr^ohKF#=71+^7>ipdaoV23JiyLwlHZl
z0Efj7dY+thONa^1i{hmfpN~{#SQn;9Hh{dbRbZHk-_S~)xSyzEbW6!5_K?6F-BRek
z1&2{BuaW=lek6wfZQAC+|K`4}`QKODV)>uE>E?ekcE<9*CB>5eCDm00Cmhj9d}?Mf
z6Ici8kfyUKEXc%RLCNW=sX;B@7LI{zYH;{M4ofn(4O`<gw@==tvQo-Io4+lr-ucnn
zOkmm%u}(|;DOZ-}$emG4q%DUn#SzTS0B%5$zuMaScZNMMWcb9V4kDf1y|LJ}y9Y8u
z?(lwchYw_&=|T|2JHxiOA7KC!<x6j3C>6<{@gP1(Rl~B;ua@@HZT8Y)02aK>6u-v%
zHE&qIGi+tZm{zO@yed*#>A|45ND0#qnc-$X_Tc2>4+~lY$RfQ^3FXr}!_J9RWqAXZ
z7ZX#@#)cWOb0lY*!vHmqDsXZq<z4xy5O%bJovA}kIee@3c!_D?%g{taQS)|%gQ@{?
zSY#i|;fwJ3BXVA0voDD6GPxCAH!ua3hDDZK?tx(AB>i@T%f}IBTf4Qdvs=~io@57B
z0jqK0c&Fa)l|(Y03Yf#3l1P43LG$-ZBH2{Myu|%~J2Go%F^dSzx?g#fKcs#V`5fL!
zmGqv2{9>jZ%gLu)`%fI%8CD(E;IN>WY$qVieyh9GJJx^|YTscRuOWBYeOjaF7ro1#
z;ZQ0G=p{Wy4tI<A(PK2kE^3I+!quoDO1Xcxq)8DZf>eq`4mRY%DkFw9v<q+shpFp*
zLF*6?pM$lNO{He7)zHV`?cs_m8*9f#GH9-J)NJub+){NQ!w8U7^+O(_0>TY>j$&)+
z@YaqPf!dhEPN|kuQ+vJ7R%fr*hBLCuhS^xV1$|v@My{}Ta|45R$NH*>zD(Y;$sCGX
z3CBqJ0cL3Lvj8_Du@^&*{qO@!L;X7<rFl-Ss=G(ZUrmD2a<CTp{s^oG6I&6xX8d);
z2FM!8|E9pE2Mk1**h<jfLcqpOk`z|97RVY&O%>)oVAIpuEm8FJVU&_;*d$f5BbKDr
zj!`7_4&$&)Vas<K?(JQf;Y%ErNy?kW;G)7DTf}RE9453f$j4c;q?O~sj4<TqVM`HX
zK}><48(Eq79NZ&<Ld!5kMuT>SqpLEJ{l&8IIk;EytA(bQN@J-aAz=u)8f(>RRHQdU
zRf8(d*U47yDyMRobvX7CEcq238np_-+twO2L~I_y6xi_qGxU;tC70xO*?!Lb^zma`
z2CY6)p!=f+HPrd7c7=5j#<z=@&WW@utn)*a6fw1BrHyHoj9ejSw4o}eskdadwIvHT
zxVI#S(n%)cYU_RGD^Dt}-|Ci%lgH}!9@?RX5`Y3p5lYtkxxCKE$G2dN6dRf9>d_rx
zgNJgd<oUKSQtL`>j7@kmYr_tXH6=J4Qu{SP{sz?rHsc1?gFI_`zb4}Q<U!`Ov?3J3
zR5<;B+M6Y<1ab9rebN_>H5YnqWen@V3-qmd@=BJjIy&V+PvQxxL!V?8gPtlBtMEnU
z#;5}S^Pp7p=LC&lFcdUY$x2vN%$R|7>SGG5mx4YW-eE!mtT1zDm=Py^R_aj#pMfJj
zxj6@fjjXKOv$F76ILSoNz%;mpVfw?g@y_~~_r^Ey87PucAq6gkMOKy}P4X?R<v4G@
zZsf5t!`C?UzD)J|EeH_r(BR)|9RA2qK)Qji!5;+zq|-KD<;%tDvQ1T84^VJezR4H#
zI?%;b7`2(XozBWHkT+q1DNQnU@c3z-m*?FTpDH4EHcz`<^t}>!?s7cObn3|UyW(TW
zekjLXV1_DJf=ylJV=(Emk8z#BtSm3~Ojte_z+~9toSixSG7dwo_*C`J64R=QBu!X@
z%-4w819R02mtLl`6v~Q0N}Pt^mgJcgCQ6(xKjQw_Oo>OXMw>`gIE?MAO{8sC700PU
zmvo}x6b`Gl`XupwR9|2!ob6#!6cq|stj_N_t6Z7Gg15<U{PS&$Vb$8`x9h)m8LJBO
za=5xxLBSu?7nTf=n?x?PCknr|d=!3;M&aeNHG?i7z77u%gKofU5*pu>r(;cF;2p5=
zcMNk3Nq_$>#Q{Z)JfaT*e#v3+q%gy3@ZkoE-;kg9#UwRhztp8$7jCekLKHnJwc}x}
zcVtT4$+QpFw?>j<Ij*M+)=2Uo%wX;&A62}|#V0w;l;oYO4*Y5uim(vQTa?`Uir)Tb
z@>~a4=P&z+^3#l1y2on#;b=@i(<%DlKEpZ#{_=`N$FA4)@!U#YFoQ$-NwDg&&+tBV
z{5nscI?lP`I(1x_=Nv2wEj;F0AG#nf_SEr%E6%Cofjo~>$5B^wLa;!#u#!HPPre8l
z4E=S;Mb^*n!E_!7O73VKrjV92c&t9MFX?JlBsH=*jJ{&IR9Gi!W94)1#^jq(bVb!h
zgx!+ODCPS4_?Y%sm)*oeuQNETkmIuJE@IUd$g<UwGxJQtJ|-6&im&*b)Yi#T3dOwn
zc@Fb0`>b%_l%R*n_MAI~oxn`!z1e42z7QRB828!nCUe<t=kiQu)vL(g%vfzpr<31T
zFaBv(L&##748IPcpSLLI%xlx{DB^Xj8Ny^(xz#7sFH2?KXT3f^v?L77glSvtQ6s>#
zkIfFX1NeiALlK=w#9Or7lr|QSq-;S2T$8mgVu)z=Q69o4q_B8gIOki)p_!C_iYxi0
ztW9B9Tan|mgW(9@$7=A^Fr6-S?!mC-8@F^AW0-uCwS)sp!;Y|8UZ5<8Mj@(yLyt}`
z4d)qAIZw4d^i3gS_)t`-oBbZ5=Bp7})Xd#)i5hvymD4^A_U`aW-u&h73~UMOKQ;xX
zS^}qJ(KQI1448X?F-Opd|6PLS%EykNdA~Fq>y`CoA&c<JnjO;!I7}VpoFNyKh815q
zT&RvZBvWte;xDlzlE&e;xt3$+%Al8D=TA8l-S2kmJiad+&#iOF2=5Z?*pIR{Lrxqy
zGG2{509y)~D>+4JI7W_aE7WpgcxgB`KSd#P5>&*@RuYF#<-|xTO%;wP$*F)a6A~qJ
zKh~n;QfW8=QL?CzMTwFtrE%fC^42&;aO*X8bOC9f-B1T<93~E<a}%qNVOAf93a_{0
z;PsD;q6>}}Fd@~dht%;AaJb|Xo;|(lwE;MFpk>qQ(y)hYA~<fN+@!ze4ATXMc}V$_
zt0N1k?B^(dE=+@4uWf!_^_rI$<CYZ5{)NmiG?APx4I7r!pDEXbq&}e$u!#zd%Y7xJ
z@Vk?eNbev)IDCvP2p8&a<<S2u0d4Wct|8^Fk&xWo@Ua=hWSG2&Ubo?6(=bTH_E_Xr
z41mM#`DVfsLay)q8HbH0eIiQow$zeW-u`!5{<<m~_uKtU`_x$8oOjA6C3#~5`!je}
z3BoV>nW}4fSI}L$UZSpZ*l|in8ptc!Wq$1`AG4#wF$;>Aw9G#V3;Y>;!UWzSbp#=$
zjvSX%-h-+saA+b3prn8Ts=?n_SkVR5C?J=^3xvYlVOVpprB4OEhkMUxg?e)zv*P04
z2hR9x_;6&ONTpErq;*GwMAu^qiX71=G6Dl(#~Ev0`X~?mdK|XNr*i_9WA-O~Jm8l3
zvQ0xSC1#qyhVTmMO7|NastT+DuNgK}vD*F4ka~K${L&<>1)Y1^Zi4Xbc^}gbhbQ_(
z?U|p!%ria%e*~{9FTLWhP}aI1E^PG$r4igyT6u!Qxvk|ncH6<9F30X3V<Q~9F&hT-
zaI#Ps_+t(yE`%BWB-;1;o!(}wKDAT9Kh<GOZ&T}2@)BkK@syMU`e}>n<SCcMmDexU
z&-3&tO(0$R#adivPB|9Wlztu-*G9Q-0zBX{xBBc)Oh%^Pi}f3je_T2bU~&smwroMU
zVuTiyd;29~b8SB5__>$#^YC5Ya>~=sy~wNW_EWa`qe>kHV2IbMT(wrEi(VB}*DTGw
zX^@^R>lNe8&tc*@r(KrfNn`p(Z={W<^+uZ1*A)6o*Po8qNQ?V=Y^3*Pn<gC67`$$P
zU%=}IHnhC#guLTt_Rq>mm;p<BnvQ0?!&27B?CJ-$d(#Fvi76b0?sox2v#*3j0!yDb
zP$c#0FTYQ{nh0#j$VdXSGBS*eM@hoYxTDW6g>W5Usvj|itNhu&zW95XBa~)p$(69&
zkIcZIaDlCDVz)MN59f<4$RUZtSuM1%30DMtxR)a6CXj#5M<4OIw1Sns^9pnsYpP(k
z5tRf%6}$UrsG|6c1}}D5SH_%iAxE5H8`$4TOPGuOVgU=~m7K#38`C-M(_bVwl<ros
zLN|maXL9H>nv5!CFm3B=c?u+P7;{>|DX_CIN%<ssMc7y5oY|O48i&ni9QbUn`s8eQ
z>l8Uw+8+E@S#%qK(Ux4^)yL((|JEs=g?7x!W8%BgyN-@9+gl;Rllp0hBNG;Ha>u45
zaTt89d&0_JkWCC$P1AU-3<;YnV>Y{v>F~o>>zUAzCb=Aj$~9}p8UB~RCm=T@gn<Eg
zQEHI?1&e%gVd0#l5BrPKI4mwQ6MET;FnARUUSozJ`H8OwBXX-$t`w12<wXtwxzXTH
zhF5kKfvk@F^+HH*EkB2P%+9yM4fJOtwr~RWuRZUIqz(DThT8MK*9!U=CuScrQm@6g
zzu|TH_QRz&W8BvNQO^7^>@?D!pB7=(Gt8ZaCh$Kodc$ynn<#MgsEX1c{SvFd*0v0*
z!-I;M1h4gTT-hfKG6PSoWZz5ZJ4MycZW5o>Re^cWuw05}Fh!!V`uGNi0qes$h5_H;
z)v+d|<>DLgN)S^TBgk(L;GO9R>GUz(pJJX^RZZx9iw?4V$};hK-Xf>S@?^~pVA{i^
z(5Bvu_3P0$qy;dkmZg|Wxms0DXS)20JaxID9d&{JO~+LEZ!PsRpqziD9;kmO)9)1P
zxBZ{=$e-#zSW~$Ur_!+L$-ZsLt%3gD-$dxQX6r<N)+n-FeKc49sQ1~f#=YC>@mmLy
zj1DBpl2CoXnI=pRz`B%!-1^O-o{*}i(rNeSN-5L`1~(P1c>XQ9kroPY7}Zo>s>%X6
zcngQMGZ-_ZMOlpqmBC-sYE)Ck^DP3?TjRfFVT!aNYi0^;z+v?2u%!AVs7jn*`egEA
z|7JZo`c0oqUU~FOaF{xoCGMh%sjy~!nBgN_P{@hPvM9}sH7tfUWq7O7`KxNjptcq9
zge(rDo$O{~%5SgyJH0!q&0$?rrcUS6IjmX57$!;8dHT$-p+ScXSRyZ1Cf{p$H$4k0
z^Bhd#EF_!Eof)=sPw55Q`E-=gGQ62u--Az+dfAXeVKatJZHuL6ZY<Y3+f;6AQoyPT
zwa)9OC$`QtAXQ+^EFmXq)EZi6KU8HLW=@j)9#(IlRh~JC3G0{OFntoc7Dwa&tlAJ}
z_$U|nxOVEvreG+)UhJnuj2}#XGnJsXk?JVPDw|uJn}9uA+{{+EigFVW8-3PmvGLxN
z3Z=|V9JV%7TT1y5J{7fs{cce!c={;|z3Foc!xr`m4t+Xy0A<bOwCLO#(!BJO=aIB{
zAx-Z3TrRMlViE&8*{n@5rMc6X<}5cwa<iLM@IyccIMCzksU8jE@cuX9ic+1XH6og+
z%MfZ~Ro)OG69sRpU@S<{C-Ik8v!Gt+RvhNc)JZ*`F$}3fZmndaZ5N&t75l+{d8?Y%
z^NBQGtQ((8r16qlJ&*NIJ?VA^1`hpnrzfARDDGNtSf(LqxpKSz#%Qt_uWJM`nM?aZ
z+D?I%n8fK!hHUFDpg@s5kH=ynGny+4a?RrwA~K^nvw}YE4Dv<|lxt1iQ<0uE%{iRD
zg`p9!$bRxuv1rrUTjb_oSc5mDgbXx_(T~TXE2o=BgDc-W8AasdZ&gIT<w=W8jlI>)
zrY=4iOXOW|Wdz%1xWSWJ@NF9%$e+RM#)2r784PQ|FooYkSTuD$FLE>h^Yv&JJxN>c
zCJys%W!T(a<K0ijlEbK5rF2kuv4Ub}Jn2fjag!n#r;l|{5|c{f@SL=+8U>xMCb_$!
zB~KC9oD2FhM^G-?dI4-=_qF&*5$ga><Vk*f@T$O@T1Yhus!0XrrYKsC3s*0zh;$WB
zJ+}!9D$RDzOlIhC$H~@7Uv*+JDy?p}O*$Uz$mFnfI5=1_%LZ^|f`cIVIdt8mndqL$
zv4@63*E8~JQ!HcXsxWiZJb@{VFtq_468h7nk}3qI-Gj-QSe-W}SSwYaVVU5k+D73<
z>OWW=4pFYbMsTpXKFOK>l;PFX&h91G8Rp!oJwU#GQdbf^w2m?FS+OQXe5aEltmDbS
zQ^M95=|hG#Q!Haim|-2EkHJ!ivDATvI%HvdTNT{-GKWD;HB^A<P}9jJS=3gJCJS~;
zlU1k7A>eQl8SU3<5ZeLe|FVZIdziq@I0kVNhr#cLSyvT6my20EhqP(U%!cP0(ZzAM
zH+2r!b3IBEHPzIa*H)AtDbiXcu*;@r@HS;pspE>oAN@G$(awoKI-ef3@a<HFnR2=@
zfc0SJ45l>F8hY|?a{1D}Uyd54L1g_B<j~7f-sViH$jz9mb6w=nJ4)lz>8tFFfC3+a
zBb&m6xCLAq47ClRAMO*vFl?Ch?OO<C#Z&`ZaY29HBcj0L4NrMs$K!8d0Vxzou&2R{
zr&O}2uWk`4vQt&Qcq-DW%i-`%gtTAkA?;`1LMo)6S@nsl!^FpFU0`u@-8-ervfkt8
z@bObBP)(m)vv{xqhmr4wm5%T-yci-w<8H&Xx^reo1K~PXH+qTYObLINIy}+MlQ8xc
zW&~9<!&4$RL`%tGa1*Ika~8zpTpVbj$y-;sz#-%??;Z8^2L6G=9-qZ@>p;3~cZ|#x
z727G}q@BV8cw3geyGA5p-;9raZg?WkO(3I6(!_022U9c<;N&9y-b9tD<zK?!`xFL#
z4h6HMFi7D{l2|qg13&ngt=s26Eu!=L?{3Ci=JLF!W5Y&1YsPG2S$Rl3T@gJr;;^Wh
zN}tujdG2B&&wU>I+=WD*`=S|z6@EIM32Xri*M!xve<LXxgq-{&$vh@aSE3>CeR2(}
zm{0kPPHvH+Sz&@8@elBu5IGfo<}+NwoiY7?EU!a<PROv+*hWOwO4+kXopwq)_O0pc
z#sf`KVf~sg!za1G%z%ABIOr)61LYmQMKQ2jDFvTC-qJ!S|0&_tfoI*K)$<ikY4tn;
zs!!su@Ljb)+RyB1gPyz@K5eEiEtHo;tPP<5^W6gU$*}<aj3kxv4O3yKoS>R8W;#;|
zFX?wKXZUB4i<vM*(vp1w_h(oqZ~Hm)oj?bc-^=hC$2}GZMIH;};xA$C#;~^GrcY!d
z@h5*y5TNp~gKu&L5&oMTPM+~~(5aG~G)Zq#ZMhoIAc!@y@J;x=fi<DNz#7^5cYF2w
zP58aA|1w<HYCr?g5UL8ODjH%<cu7O%J<JXo;~9Rzr&tU*o2mZ<tTTxm$&k~Eq=A~s
zZ^HWUhRXFNFZcs)yETbts|*&6gXvb%7HmNOwk4m5x`ed}{5K8aH>5;C6zj~Wus`Ji
zp?_<sBqYiD;`Q~!YyI<&LtRRO5|c<j*^o1?+=6pr{!GWzrdS_d7Y#Ebm&m<P3R!^L
z3>s7r>rkj^dN$T=iD@^hL_D=yV*PB)$k9hk@ZW~l@leJ8xyECuTJB@1^te4o94Sft
zE%KD;;fPZrg=Q`2X-1)BAD!3!P+#^mt>i8rocA%j*#@Te_4GiMhRZfJIHXB-S`8NV
zHVvh$)rIM2efs!`Vj-<#km-9|d1!}}#4j;)bQ8&zn^C|Y8Dg!<m7usJ%;0=wR!4a;
z?3XPB9O}Tz_aLm96LGSH9L7|$YOpj`n)Ns@&wfg?Ode9)i3UrDelfFm*qXh3J$nr~
zl*y-WvuAI%*X%8oZS2Vbe=cUg+N-{ZW1<!whecC6o6K@;ttXt++ab(=i5FF}AE>TC
zr>VW2TyGJ2wKdP{PSBh*LqAZ-#0)sn%Ly^3yge}ZoJvrP9FF!1vp{M<xtYo9{N8}=
zfL1DRs#}HURF09KgfJywupr}9-)0X%U0o`%mpNrhSl`uTcsFNwmk44KOz9+N^;O9j
zY`z+Af5-bX30{@5>rwq%@{2b}yRI!<3|b)%3R5&NIfT{dz*)QIy(+BUJkFl=qZv2K
z$NU_2c2PMLguuHwOqS~!<P3AA_=KsKd_ikwkGQ9O$T`MBa`rBDGa25cO)`KqBa#;S
z{1ef_4>_Fbs=wyP^!W!bmizfX<S@Lu$tbUe_4$|q-+t?hI%bXCKV7<b@1Gz6${8Gv
zZ}1t2wz=DqjLOMVqqD8mg;X_frE4j^xGoHv8n*QI4QrV?Mwv7<9D9y(aV@i0Q0qV-
zP#Lj4^j6#pZ`H==*>9MTH@LiGMBhO_zr8YI2JF)69yYR#&Z2J^qkB8`J^h@#jw$@U
zbQ*q&PQ8%AZ^j%N%CE@zsut-|az`c8)q5)=)`Iu+=<36-^ygQB+i7;N7Ie@Sa#fu|
z(!#h`se#mj+1K;*YV~v-I7&~~vX;a8H-IfACD-Bbn!H`BmbyTn+Djcb->$!~rK&h6
zBxN<`(hz~A6HT2rO~W0M0BS%hAxVi&@-JNRF}wwOs_@SXSA4?yWl6JRSK?7ywoPq=
z@=Vv!KH;TOm{1+4wO4#hU{jcuM{%rc<tyly^NOVjykbt|D{iq~q4Ga<i<VcDE@^qS
zv77DvJmHd$;jOm3I@irZUiG-7^5S#Y(2YF)8o=aBKDU#}qHa#~ha8uF0KV2Q%H%Lx
zzNo4FqB5@+4V7&&Y^_0>lFhk6M5+(Wa_kPab~9s7%t|ilfCo@+LLNOhM{di#dU!|n
zkj0@Y!<*nWp*xa&RU^*{28A63X2E)(?@t$W@LkYRI~%U-Y@d9$=5SRq_MdWw&ytiY
z=tShb*w?;%5%T}E2x+9`#Y0}I@EoNI-yPBlY!W<37it?fqV9heO8ReT95sv^@99sB
z!%Cl_12J*}3L(qWAZ!xMG+Br;H(^>aowha*mO>!4tNOMokx7*d1SZ`w$gv;nCe8zf
z>w)NB!sAyGhd+o8A@uV<I#1~{$sN5+p%T1VP|LpaKBjEL<yU<cmE6N&fZWCRafZ(k
zNeyO3TLPaL4DP7Q^|;6?$YHj8K=QSAL{@V;%ISH)YozJ&S7xT`S`vr9ieN4#b2ziv
z$I|5%3Chv!k!(@R!Edfz4jR`f2a`G68l+L=Qaa{I&M4mh`;Ed|8VgJ4vTG2>mJo}P
z#g?2dPaF$X2`5LA-Vd-A4@ik@$>nS<ms|cXlFOLF?@(g7+axn0ohfZ2*w@_*5q9@8
z4wIE(HiQWa7yP1!8FWK-JGL;EO}V1rtG6sabw8}{X$q$qra+I=jH!^jOH%i=&(YIh
z1-Ro$k126ihr?&*NHW2?J-#6NYrU*qvO>P(Wx0X0Bi3*;$`NY_l}3qj#In=MB2+c7
zc0I(Kt^dNC24WM@UiQ9aoM{~+MYvswmvp=-GN>h#-08a67y6ez`47=24|wU52p_Na
z34Lyy1RExp%m{`exGu3cGlYIv?qdNdztmbb*3;DxGa$c-qXXu+%o!r<6+OctBKy&6
zH1@w^x(m;+Sm4l$K7BG-lSAiDjCu<Qyj_qrHfJ+sFm=X2$Y#7j5HeAjw~ihJR)KfV
zGiBT!Zd=Z1HeGOyW_ILg<n1j!RtsxWlo~d}+V;P%8;IanL*5y_))7b8g4Z&6XZ3KY
z7T~ukzmPfrF7y0KcSKudB99HS2ZHlqiYbCvox|6in9GGpcDCQa1FoU#(@xj@O?vWO
zN3n?4kK?QOB!|Hlbq{smcqf6iIP|^j3rd;WAdt&=2y5}1)US~G1+TKWcOQaoJxvBR
zf^rD3`EL<xTa&{Z<zGmG##Ei*$=qvuE(Ll?CYx;FT|xYjK`%cs&UCkttb@bWo>FH{
z$6D}b%|o8hObu(oZ7f%|Nh!Al36D=CM@UxhDT{m$-UWqnEI%@Wl~Jxhe>w9%Qp}~g
z<UIa>{AtKn{q)8MbC(*-j|@yPFxfEFO9#1LD(4Do+3!{SaPeuz0w`bzGKBQ>Ky6Fj
z4eaIuS^>_w>SXlo7ABSH%q2#4QZ+$_XOcj!v+GpjsvKf7ZIL!6y(_O<*rW2+fXj@v
zmqS_lCK+k8B|q**StV=0=cioBNaps7+yptcJIbZ=YSRRX*cZRa)bZb+VPSV=94)-)
z3;yH3GxvM?&R1Y-cay0l-`L#@eou53BnGw07muXS&ue(T+Rtmnr@|^6x?f}}L1i_X
zSl$7v@YKi)De&drm@vpJ8dpSxFz<+yC#nu)Q?us{D_xYkAZ9b2wgRC`r4UqgLh#GN
z)1vbceq9iolWFAvkDN@O4%a!E79Oy2GRaF3IhhXcbme4PG0&ZoY4Yd)%E@Gf51*Om
z<YZb<=8=<WK|y3rrg>!^CpT*goPB(_OeZ-hDDck7w7<-ilj*Y|Ds9&VmTUXwm4%C<
zNu$VvG%kCQM!rQFhi%fxk0y-~yIiDE5<wd4|3w;hx~?TI(m3Qr8iS)q<KXu|8fkEI
zE+V%N3QF!t6q)Ey5e`AEw6<CL-JcGq`WxDiYXrNeDSC`++-1Uy0`hw~-dfr?KaeI~
zfO2lt`9Eje{hq^!`z%lbCfy^jE|lI!34=D=6CxWfnLi`{rA+X{?qjtr0vY8H2tiWQ
zr-t<!uV2e@z3D~D`h(vEom>}g^}P~`aKTsq8!6>?9E$H_n3=ALMN*2NTn_#ca?ymS
zm}!(x1U6`y47ci(&}lIGKB-LZxrcmqKQIlKZH#{Y?00V$XL6W1ROMdE<nmou1!kM{
zx%GwhwU=A}YX|(FVwDSQRw=1JmB`_hkkUz@+dYy}FW)B=X?*t^Aw=(6V6oue@esDB
z`0?B2b9I$J5@gAty&$kUhuT4M^0BkR)(fgXt&N*z*y&`06{M3@XQOA7T2T#77U-O@
z1InmoNe1*SU^=`J*7&66k!+`&?OGO&iO)Y(5RqUuS{<Qsz`qSy*+Vzq>y<t9UJgTl
z>dqc|>0sRKp*;)ZWDo7D-GcivgHBcJ%KhCCey=7-(7YC#w59{^3A*@BumVIb>-rJ7
zNs{wqa#%-fXR4`*4LFRd6!cW_UiDP%s&ObRpt?i(!CXu>C}O|t{y19VT^tI69q>nn
zfp;<dkupi+woXy4ldZGBVKc&Zjp$Vc5h*>7S`X%zqoKxR<kX*`Q+o36vvb822d+_Z
zi9t-}w^P)ng0H_5VUsX;yj-q*T@I;IBkv%vN<BoF!Gawk5|VCm5|UO-2OJLOGb1vi
zY4dA(eqKH^phbwPM7NDoC3<t2&a*qAfRGUd`K*ZE`+g3S3N-OAFN=*1om}AL**#n4
zk!QDGL7Y6h<yn*o<=M@fr!!f-b10EKy8{aBJiD09_4yj7@c++zo+LWd`tU<#6;$oI
zF<VaU$g79LxmK3mZ{qfs1Z{=)f=;&<^c(krmUt}aI_tZ}cr568*MffKwV)ryThPfj
zx}Y<y1?`&9g3j|=P};;_l!b#{8RpeQ9~>X{&OZ+v=FKy&nJdv@a1w{!`OHWtLGUHt
zwQ<B(y*QzFhTy!RPKMyChr>ZDL-59e$PB^bJ27{S0I3JUfP0Myei{-|&AFeUACB*&
zY`%kvO~Zi4<(1L9=*pfV(=f0utX2^q>-PFW2_N?Sp2GymJzr8RZh9qAf#|}!4E&LS
zT^Y>3&rpvT@fPdhazsc_m!qR2nD@gse(2%n(EDPA$7Rl!|Bk~n`Q`1^DPE6#6`tZ5
zdcv0J2~#UP=djKJ{d*2yTXzV3pL!^4ctPN5u*1%Mcln;*o=5qfw|`Fb@b)}Y6-Vi^
z%lDnVVx@Y;yXqAy<tx-zeo`9uSV^wi{2M)7`z~4#OCB_gF%g2tnJ^5@gn5!v+PSbZ
zQ=PwuGw3|eIzpLI77oTa$6(iZzTti(>K2h!KI70wZeAzK$z2p4@6x9gvfcB<eODK<
zkWO_hFrUGU(l85QGOQ^iUit)w6>@c+)^3jUbT&*Zv=b!DR*!SoC|f-h*=lrTt0y_^
zF4Yleb}K>}vbeGW=xP9O=a9w(0=%M&I}LbC7k5%MVlV6=C(tD5DX*ugDE28EbfS#)
zlfnX%JTA&hw{bYA%RvD$STtPa(#3jYu(ahc|A0?my@1tV;cz?IZW4zzz(i%hdN8A-
zZvN>3pIsER`&(vYPL~s|H+|%Eltvxte&nh>&0+BYoe({M0%o3aMYOo$BRRaanX!aw
zaDCp-v@5}kdn;P%*5|NMjV+*7>STeF@LJ$w9Qv10Y-Pl99xRAh&Ndu|$yQH9w%T40
zO&X-TJax^BzH(H=qJOYgFZz;E*Rkjm_c}|_EoRX#M=pBj3KqTdL1)pw92K?b@3`J{
zX;`_7-s7Na(T|_J;YIJ--&yp1qdXRU*j{JR<<nyrZ;xY{y$Av2kQ{(|)<1Zsa(ULl
z4cU;)?C6H=zMu+Td72A+h9K)7IC+zHjEHm+ZwX`eYbWuYBTNxe8uGCHKBkUOGdrlm
z>Jes8&u3I&8?EYH+VA8!A2-57i9f6wkRx24Q=@JF@N#Ojfoe1GfREw5szzHzfa>WH
zNYuA5CM`H}=w9YynDV4t3MALx`W*Vnty=?5_ao4<H44~wGQk|{ja)g_jYy>$Ih^XJ
zmFk5f%mnffURCM6m44BAgsGecIv?;EI)%N8zaMV83pr<U$UERuk$ve-Wd!8l&qY5M
zlJF=BK>1K2^dF(q^q$_Y)ASY%cc-n_E3)x`s>7FVQ|GDS71Tmlc0hM{a=4j5LF46C
z^Aia*Utu*ro>23ZR`X*CHD6^lKRP^tIu2_O_?RKAd{fhhn|39Yp8I@^_FH`|wdG>?
zq4<!`z*H#9HwE4a@0kKqsVJ@b8&!o`KZn9YK8AO~g`w2qgpZOb<{$E1OESfF97^+b
zy%a?^WNgd5l}Enx&i<M-(i9cdKwQ4h$0#MBRRa;TVM0CuOOzcZo3~I|e|oqK+V+(h
z{*=Q?`K<NOxQK^Zc|UX?ht<wQlo2nR8}v+lo`Vf2f1G5~>kCZ_rmw=`ol>7>_^S#j
zuXsBSQ%Y4bbBiH-I?VL&$ys@@ygCoXBXymJUHe>h9)^yLt@E&FpC+IoBV+44?A_<^
zzj-4)>O3soXI0kA!PFLH)CY8kp`x+5BTYuJLid!j2eUbRwa-Z<K5L{$@r9+X2Jd<`
z_}XsZ=kT8T{;IG{+DWeTt20L0T*#g6P!fw%+CiF+vpR{atOnRL3;zQS_>`r;UROE3
zG~CJ$em93t_o!-%i@<R4xr+Af7uLSLkWlk4t>)(wYQFe@PPZ?6C#Ko!fKNrQL??+X
zzd!Gy?A+kF^8a*tG-Lx~SkDlc0vGz4)}(cWReI8n#G5oNFWxfknnaSBIh6<{qe6hm
zVe+up?9=6zri?H{wo_TJ4a$TL3H&XG<x&xS(bh1c6;gp!C=Mk+OfLln@A0uLcvH}b
zv+xzjQX?*|9B-LZAm20^xSshF+#={8V`ybtOS@c=yjf%|=B08cKd8Lt<V+iC!1;T8
ztO2}Xz5LJc1FCBMoB^*{*Y1Ya3KCd+N&y6FX8QG4Go!TK`J+t3tu8f&vlsMXPoExP
zp*-{&Gj8bG6-{7+`ug|m_5CAk)9br4?xyGnPZ|Pi!iT5GMd*r69a-|Z1(oB|MLLJo
ziH?yDTZT$H=*ZzSsSEjGfqY{}`73DsN`dqAe)L11)AajPUsE<(>9d|7d}!t%lf_;A
zzNR6+;7@Q|fBdoph})wySPC5NWePcuDUGx7ZaC{xaU7pjQr!)-6;t}UHI~LRHuCxu
z>-yL3>zD%X@0FB&F)Y9LBL>5jt0$C{vsCG{gFBl7zV(SLtO-|6`iQzN_cfVX^GxV}
z+Gps!p4ZQ0)YO0rVcDP~3}6;qdU%v+*sMZWdB7{dq5VGQt_XUsstEcs{j+V5hPlBP
zm(5ab&_k6BDh-Ore`x0>s$wVdOXE<g*j_3Olg5^nNo?EjDDjuXVT838w+@dIe@Prh
z9&p58_XzbrNVV{@RJcs%1HK9p4m)9iRLz<Gq9e)0VMl!a(h{HYUsct2q%{F49KPA(
z6KYNIKVfqvwW8Zuys1JCiw^7BEVPa*hng&lYJuacP^6z9RVm){&%-cK=YzKe<Gq5`
zbTTvCOM0JL(g*a<6gbo=2v>Xt1O)643v36)^4(PBRWD--TnaPT7Z%tGCdixFYF_Ib
z6{K;#joLN9TjjsmSc77f{-~da+CoP!E$n1n`jk$F_55o*bfn36PzZ;Oq;Tlck61%z
zD*AQxBr%gN{mmezWI~=PfXWp^9`TG6I45@qc7(om^N<u=r2|Zcg^a^4=EBI*BN77r
zL~GlHHb!=CunQwAWYFtqm|-%UA1pcf6C5TTwGpx$3kF#}*bRda4l?Vgjf2?D77dPu
z$UZ)5Lu5IgXi1KZmLR|@hGNa{4T}IvzB#DDlIg>)11$OMpaWr)4vhv&h8>OoOZE*d
zA1oPl*a1tX4vPXyzIMH7=g@M&l9IzNuw>oQ8wN{?20LKM(qSH8$*hAmSYm-8_rw81
zfVYk@)R03^)kggdH}JOvkKF9QBUcM7-j+m@aW`}>BOaRsoeSlfS(?eYQVSuenyXGR
z3tU_gt3V@xY499H0z+|`hFEqLm^wDNxXc%{7-r`}ThrFLsRot#6cm)ngOsn^0fHz?
zn%tEg93$`jf{H<ug=LPB=LS)>4DkX{<{a^{5T-P6P!u_u`mptwFNif@+#pkV9SfLq
z>^lKc##+k6z`{g;l$m8dJ9yNEoGdMfZkx$rR#|-Tgt@?zpj^+kDj>Hb52DHCPJCVH
zEDjjZzD|^&9|i30$tdee0R3{>Q^@tf5O^ntUgyIq+l{VW*p4$y6F~!qGA?;l<fzZ*
z$K(Ud<k0Pq`os*FF~(I|Zoz*>=Xv|Ix~qVqa)}<*Ap+#{!_I1=GRF+q_!mWpOTfxn
zy}cT%%#p#yzo>pQZ13<%HMC<qy^%0Q?Uhhne!zVk7Vq%cbv4fBo3UPlJq}r^mD*9t
z(STDzPwtX152|zAv5YjzeZC;sVvF*%Ew<p0chUU$`H9$ed55*e@^M1VyIRfXCDgo|
z)%>G`ns>LFf0&;D{M7p}!B6OiIeUFUOog?>O@a4BVM)`Z6{znC4pR<XD~j~Z@Msh%
z8lPQISPpB^_|e=_pDJ1J!jC>4WJ5tp6khEfF4sz_%<v~1J}mV`MqBI}>ILb{JWP;I
zTW?5bVWEa}J}q@YI<pI7A)Q5~dQoN-#zH!umpVG_mO}R$<tn9jVyVw^|7nc^<{ht?
z6Q*(~8fZ#Ry8F1#AZLwa9Z{XmS<oO)jnM-&FDw|ANafDSr4HV+rqBcLnc`}&+N;6T
zQqR(!D+=S4yqI1ZRo~MOiwjM`^|tSN9jpsER1IpQ?>-J+NY?TIXF9?C<$T?HeGc!I
zs{sf(CC3J7Z9fuyv@GFRn8qsT=YnX~3^G|(mef{P__PJ9)cemW*ubi+m<DR(wvPa6
z)c2epY6h*@>TWSfI2=}^-jJv+5ww*F=Alf`skaCCGjVV%_~X*GqQRfN2YfUUO*8Qo
z$Rs`fPa><HzVs((MzGFtuv4UekzWC<bMcVgcAqE2Ixktx7v(1g!G)-#8)x2t!kYdj
zgExg9|DWLwVc?^1w347@-`CN)b2kJn{D0ptQx#a4&Y;U7A2YBc%;+SW&oK?vTrX_N
za8vNy2oq`bAo7}=d5o}>Rf9}J64i1tjP@S&8NtexI2@Ve;WiaC<an3$HyPdqQ)z$-
z9Y_}C7?SNI8<Bdpr@{YWfj0OTm$?l7=>@R{|5s&t+NTx78vILLB)6_0uEGCKSwaTC
zp)vp|(Bh9w8M`k-shsH&1}~{x0UP(Zt@M&%a)06*u$!rs8xy9LdllZH3uJRQbkEcM
zYMvgl4er(9U{)4B2k%P4AUj*AS3eK$F=klS_1<tr=C!H=2Oow>GpBFQ(uVX`+J?5R
zX{kT|Q5d9l_NioGHq0Inb<Dr)MC>vD<N?vg{OeD|9`hHwTS@D7=Lu!qinz!8Io7rv
zl&_6dZTs8~=MHJxr+2=oioxhBX>qO?%2M5b$gv;47!+-(&N~)iseU@Bd`orVF~?Hv
znIC1T9&^3v<3Zk*sv6!J5bBYWhg5&^kq`AF)ZNn@zBr~tOCX?T>9<@&Gs+3E%6fec
z>(w~O0aEsn1jD6?R1-?&=>09QW;Q0lutCaqe*ZB?QJY@kQq;cLZb!LjEsbRBC*#7(
zEZcC%ClzJ2XUFA7923{)u#rZgByt*u%R_ZhebQBR?ly$=mUcbW;;RRSdK?cAJgkm~
z11w7GRw=FSQ&<q8mb!u_KCb2=1>Q8Wu}Ncre}sRNTk$`jsxa_RP?hB9=RU*D{0WG?
z8#)tPO@UOAjU5}3K5*ig-tSnzIII|C#&e(w;N9B9mkobITG40y6*?rZ%s)xU(4ziw
zQxq`QZ-o?XKN*V@4eKB6Fmv!^EKt<n)yg2C=;TQ+pvb^1F7$?L?S&M5J0t=r>U~5b
zMdyZG2U2wYu(K;>4~*V_%a2FwznKHe-+!x*JNxg<kf{CF<%sj9DFe$ziZ&c~Aw|Vy
zH;fdmEpU*c{GlF5(ZRzpdSdJALW+LPgZM%;QuNi}NTld4c>k#8mP-e_k)r8GqmZIG
zgX3#=>yBz}I(4vx6s<ezAVo_DM<YdF9=#@{sPo{8k)kuQ%b&&~MdJr}Aw`EyM7i52
zplHG&UkGc!=6o9{x>|M}KoKUlpqO+UC)$*+ZKF+t6Tyl09reVC@&|k1L<f(0<3u6V
zEM((E(I8P8q)YwdNJo)_X)r`3ihR|u5F;H@rZAvf9L%`De5TzU(5?+Mu$&Kam5G>n
zOjnv${ozQ)+v8~Fw&9hRe`4Luv${(qpN*jQ!?0(n?;sbk3K-sr!NE#|1Hq<hic}|d
zAimR>!y$zQ5;ypyUmR&H+y0irf>RE5)N7EFO|%M!P1Tsyu^eR+4o6)b&+q3jG@-n+
zKRspHoBKz_+M9~6NK;e0GW<OuvVnV@&zv#H10q{-%z?<{f*Kg+hC;=v!2eT$6E!s{
z5n;8KD&y(ij>;%C#=d85jj^>Qo634eYm5bFZH>{EU^{z9%emsSww!D2sWG;;*zW3q
z(Hi6X$9+nCobPKYX1E5l{HmdD%BfvC&{h@4A9n;ukABgj>f)&gQI*%Pd{Oo7DMwT-
z85kw1X1LyTrEfy2;=9KkRq<lqNL8`h>3FK5txz8r=%p$a9Jf`)$%jZ)+>lSI;uNXe
z`LmR&xISO0iW3i&rz-jbltZUxcC?~cc-*BZ?i(1PC<2U;L#WT;b;G4C&L3zhp#qDJ
zyR^k&gS56-c1&xFlLoq2f_4~PaXeaC{C1$?KWQ9Bn+k7(U8|T>S^A7N1-6dDGSBYz
z+4ls8)4Q(~%j`Y6A}q7lkczR)BT}LHStOR(qu+I5na7SqVVP40dSRLSj+cjJ_8y|K
z%yUOvSmu?%u~_DXBYJ%<501q$FCKBs_3=YIu*_{oBCt$?tt!Sc*A68tbJ}4qER&Ay
zzZt6K^^PHlV3|9PI8fzVLp-3$ovsF>yc+B};)!Jr9}*AC+;b!b%N#t!K^qU0t3?vp
z_+h__(Z*<Wu~z}1i&@(LOYWg{+AXf@ATyDwRdVmVb5yT+NuoMs&{is$hf=8!Lmgh6
z$zi!AoM>9643g8LaWw~2Gz>x&w-v;qiY~o88dV&5*rz9ea7E>0(W|oZVD4ryoh!$@
z4}dK0Qa*6_>2W<hR}yOenbrJqLd_Rh%`YX?{Bx`M#e|xFVKu*yQ1dUX=H~|{aJ;ni
zI2|u(%yRBPGw6+pYf8va{YT)~#JkUqG=rAydmo4Xdo^e;DST~51rl2@@vQ_CUvOaJ
z9)l`?i9fWysr#Trrr;y1dA9^MkfD%^py7oO_Zng$#1=;UL%ROBbLnol#{!3E4%OiB
zR0h+I`GkQT;X@ZVtR8re!FaIp11uS&QDSTbpVK3L@@J=d7(ELJFTPMlcyW&cg)m$0
zcQeY!$7W4|Y5g+F!H<KO0(nCSD7_1&R}uz}WiVKNr2>*Kg(HyUpDKj(ej6eEs#7ov
zpMei5=_f3JRKvUJEHPkoPA8@?QF;!RRdQjXa>W0|yuoT|#1P7H<){m+J~t>9tiEb-
z!n1>7!RpS(9Bx-UI2NofVKCwt0atmQj4T?_l)Y9qU%3byMp@kYRhXq{<Qqbpv+%!R
zFOmPtu!ae22BS<vJ8e~h-Bez`QhPm}KU1^&U?l#Wm4(m3Y)=FlQ(&|lkO*Q8c#qlc
zUg-(q(H|&0nx4vxL8iZsL8cXP77sBE9umS(*q(Mvd|WE70#k0u!X`Hx5y+m1f%f!<
z)zIETN#SxD(?k|_Y-C_E%sS)~0{_aP`>L>^Q9T!;hb=V_^H&ZpGR%T{A^a=6C=ldd
z$O%e;)lW#Z<el5p!tQ?Dhz?51Z%#_-60o(>uDZ~?;uu#9^=KF8DucWnDR{<q%p*DJ
z3qn9Mp~oG2g2RdC%tC@LJr-d}R)Ov<l)Sz47{yZ|hfCDj$#pKIdA7`r`ai*;V75jf
zNo~>A*|HexY__(}T&>nGi*{F=JX@oXb}I@tXv7U{Vk<`YLjoa_?AX4=kJ%XH4>^3&
zLYd*8Jm!Hk>Keo|TaY#;4W!GDxQ(~xICN_%Fe_l)KL1Fx>8AU1I&}kv&vEG0QrIaX
zA9LAq4LE$@y!KSYYuj-cK#wVy@!({3Loj0|hra8>w!*pXu~>bxn1*6;m#wNrij+LU
zDb_i=g=_Jp{XRT;@eg<`{(zXpKjE?X-C`F1(seEVnKtglA7ZG*KiWoMk~ab^6bW=O
z?6sH@O#<s9NMOP>lfY(&1P-@}B!NE8YfGX@V5f@&3U8bQwz){4uLlX7h#-MJE)p;t
zpsl;+HOt#XaEm4|%TQmxqK#EIWU>*>Eol9I&IN|-^|M~LtBnV$H^WfI+=D!bzpzbW
z1#2d8s4CmSYXXxb-;VezDDVGRnf@!<$Pp&NY{QP+3_8~Ijz{Ag(@CmHVU9YL2BwO^
zYCE{wBQa)hRp@tzD)pF4RWJgr(9c_AE$&K~{6QP-Row`_G#FJv=5XOrMpt^~C<Nrf
zqm;l%{zk#Gt$N9)9<>n=`Ib+8%v&o|a$#PMn%lfK38<a(bKF9tg2oGU<IZg=)=-t=
zy&%V}chku}JQ>95Qb1PKDVn4et4nv^Q1RXj4udv^rLa_Pgd1qqRQ>5?w<#m=y(cWb
zmIBLfW7!C>5d=1c@g1dj-U5O{O=S-EiV(Kv3>9eAyNxpK&Kv9{mqph#{)|wPwGZ_I
zFMia?itlpWK@JyhV^Eb<t_1T)FZl8{n`#F+RJ-i)3L&7$&0`Rt<;&gd`VkJZW`!BH
zv38b9gS+ZW4}Va}k{{+U^20F0M;wPx3ebL#8}8kyHpiYvJusr_IZR-UpJSCqlu=kY
zF4u>>)2ZU}TWi9C5F`Qfsc!a-dE+K=7_}y>=ycc<34k^eo7?Ph?c=fRaguZU8;{$Q
zo!e_XZcl0M1?Q}MJPw*Ot+@r}NX@Tzf|{Q`(N>iH^=*pM<~$+vA=@myYx_p@aa#A$
zC*tZEeYJO+$g^_F3%H@V+%{Lj0^Sf=_$QdeR7~8*m2BL)Uz_rc;@J^nu}%V8!>ATI
zl4}2BMx00A%W)650!}q2$Ne1@G=5(<?o|O>%i#tEIt4A$f_`8UJj+z##7oVU+R^=S
zRR_x(J_8P8HioZvP1Gv)yNzK=b~e5OYl(eL?kMmT*Z=}wgyS6zcMw=#>#^3{ndS+P
zb&xCftYMEca*P@9#k#O$zxm|Wu)CAU!p;odt|SE3f;y^*&txi#!g8esIAWvL0FyYp
zZ7Lk>vX;QzJtc7eHWf<XgNCv<qa^SwFA2Q8WknKrzaxQ%+Y)$U8zq4^>B`;{+b9XV
z$pM%qwefPrbL9)uwRC&sF#7)VfU4tk`cVa}RD%z4^t3N|)Ubmsm66@Oc|@RGgpn;5
z_8~#*{4CrR6HN6BhHc;{ve5$~3saz~fd7`3d@CXFH;_!;xJ|rq`A;8Lu>8X2&h*TA
zJO-5iw7D+Q|9A`}|5<Yzli2on3?!i~{i)3pai6nlKtnHJnmm}IS}G}B*#-m#+@^7u
zrZH&1PM<5_i%vbK*gm7}Ipj+n_}{tQqwktRQu0clA!lhYBVwNtmQ;QwEaZ+Ft&?pP
zO<{)9#eS!YQfhrREVA&=FpJTa=t=uzNhg6Xz}Iq@WWYkJQ+x%EGrBa&)K6k-m`4Sa
z{si~P8-q=uZ~O@^$hLomstQ!z&BXO{ikCSoxs8QrKULE4l$Ao7)*eu__H+I7*EGT{
zoeVWSLSRieIhhHad2B<N3^6-1b~THZc9RZU3yN}tzL*Z{AC07?Y8=LBCcEy@NLs4K
zp(MwqrEedNV$XgK-Evseo~G?}=}|%N?Vb~@WXFmhrw&mPIcc6Wn7x(cSMTd&uV`x+
zAeS!_K9KCKo`D%KZ(UdjdsZ@Fo=I~wOs-RE1FQ*SCo{Qx3)hB4mS!67Jt1_op`QHD
z>6P~6Kd2`E7y9RKq~>A|Nsr6V>v~W5pf+mCj~mXEcWV<f<tH^cbZrwe<);jL%BQu7
zo$~dD=af%wqo#a=5zSTOPPtv|j{J#V;V@uhSfC$HN{#;&`74M`VM<5g5@+fz39;hq
z7nI!4%8Tp$of(JT>uCVz<eGJ6@@G)}luP~5y0D5k|8ff5=CDOIAFrElk<BFwkQYCm
zLK^Hw*@T27`r*r|c0>EQ*EpQ`BAn~;|C5(qXIK;J1o1Wa_dHAie+YrHgX5j)2<cP-
z<G`<(XA<O^Fi|K~W7BU!TFo0T7**X<c6Uwy{T=P<;7zeUykQsB^aq?O;j*cksoQhY
zRmIZwc9C&R;!UOCFt8TXkODAEO5HW9SVX<<UIQwq*M0sl;pBIsKb^j$$AEA|C`B@y
zKSA8Op_Q?*`v9wub~=ZPCm0=1Ti3~WyK;gtr;2yy0d^JdtFo(F{B~98E2#8o=sGj3
zDql6=uzHmo&OgWarKYJrp_}}K+UgTl{d0ao_nBesuCen4Wk#>eRPfQeFDTAZl1Wl8
z9aC$O&w}JyAZ?)(`nP$y<H9)k1($1=KJd+C*vPiYSG^Fc>QB$q19*o9PzN?;>cY?*
zYB8(}9o%)IySxy|Qw4`JnGA2XUopw!73-{5^rBbPh4Y#2K2JaIE<N2XOKs!J&s!C)
z^Rk$$=<_I#7wpbtcoVnEeOZZHk;8bCQPIt+ybiK#s^r+s3}G67SaJb-`>Q;=IUau|
zK~-rFJRi#l{JhCEU+iFClp}eN*lMzHSdUQkgZ$Loz~oRw`~Q&b@6aO?hNP=ytDPjc
z-6XjYai_qg6HG`!a~-!ZnZwl?VRe9)#9K;vn<IxM`EV*v!GOS2OW7azTV~Z|b;Q~+
zXG}Z$t1aM%sV5o3lmHis^nc7@lYGffIKx&disC2g^w7^?<Z2eIu!lQ2Y@VT`a(|+f
z+`H`_MkLb1T^zQ^9$ImRLDfSmyNBs!(3TZ9WBqz|`DL|GazePUs>ZJNMOBUc<~<f$
zHI{y&U$s-3JUzai0)7~Wkza=^I)9B@M>a(W$p+tD#d0wP8p<8Dhq0H{R8O29W=c#6
z*G(??Gio9ysr#!v@888?@^mWL`4{1?;B8=aN{*@vVOHY}F$Ip$hr5aytjBvfbpASQ
z6~e6!9gN6F&Urp^c4;|}beZGz$l>xH>FfE(?(!Zf@O)&W`;pfScOB6GhR=PZES9Ze
zMgRpI^MBWM3o9yHs2pwwT-MdgPIk4bm&r?nY#e!2F7=CE`U+>|Ny=vb07+@6qW16?
zrro^59*$Gd1s2O*r2>mI0X+t&qs<f!-A+dFN_F|t3C6gg>$*3N&$)tnC_ncainJl#
zgv$-2W}78jmHyA9fY84v;CrM1KZm_XRb|$Ht^5C>b#K67*-`QUn?Pj0?s3aqKZk;F
z+|kRS-O1r%0}sKQ*wa7eaG`;RSWoQfyEt5Gz|i3E2LZ1c_WukjjJl=5%C0dNB=Nuc
zJ<<NPRO_`#-Ky3*Vz92(d*G-G`i__uQ2{~8X{-6KPx~kPG)c)Lsv6fs$T)$)2YbVV
zq6-i^9&8gBhxQEHLPkh7ZZEJVWCXDzHz;<D%v!wF_9&;Y@F`5W(JdR}@@33bw(FD~
zK4yof0f!$O9)IRQvg4-SATp@YFO)^{0vGsuieB3n7T6SKhXwu(4pt&l`*=7gyRg!X
zyW=9$;Mde-aV0@EpC67N^$Dy2g9ejJs{5DVaP;Uk1#<kBt3Wu%kz5~HO&;YHeRzPv
zt9V;)_tBn3+I{rGE}vn$k6s!b>ppsEm*t%8x@l<l(aXCW_tCLM(Z`?2VaF~NPc!8_
zr5Rt}(++y<dj31fj<v3*j-uFBlt|R$u3fG)<3&X}&G_zJk!i+<7e%KT-@D6-fTRY6
zMIKSL`*-OWbG%tL6-JQ5ati-|Jc>nyZxtQnDLVL8(?REJqk|W?3Uc{<G##kq%5F7=
zb6BTRGgpVHBUQ+|x<rfMNf{$XYsxsV+vQl?--9wrcWcV%H#*j_xNNsW8FNN^P{#7z
zKGGeE&iUld`KZ32VJ_|wRv~eebXpZkE;v_S4QQIT&SM?Fo)oycm63<g2la(h4BGgP
zia`tXi|?cwv{2=s+4WQkR|I@vLfFe&t2NiuzGAm$jPI1u9x=Xac1KY7q|qJ}zIL~h
zMFC;YXdQ}DBrog0aphC?mS@b3l}&7qkEv7ao$@8o8#Rs>njutx#>L$#G3f^#a}~FK
zh6{X-K9F+8J8`}ni(`TelR3=XslUMqV-8{lES{n^Pa0ioO_fve*Bs`qbEeR8QSCh<
z!ml)!!`b~|6{YI(KD|0TqSezJIv)r#sypFobtbY^TMm6>t7jATQPo)z_7|CMC)E<g
zwbNinks04ddC)GO?J7EIlo{osx^J(~?V~zulzFXAs-?0A%R{)xjC4~S;d=Ry$d|X{
za7;a_JXL$1_1&na>fzo_?exn<9?@}~)o^rr02Lq^RWV?3Q8^U@v|Gsx+08?aUx{8n
zO7DHq;q#xBIEN~VA1>I=7}n8cY889Z?tGf@Q~sNS-AxtEtjWO7Vd60#!vJg=M6zY#
zF)CI?zXXTz$F51X{EEZIK_<h;B7MsCcukmIKP`NAcqk!N;oZGH%X8)js{C)@m+0p&
zVJ%m@`Osq1cAhyTcc=DDT@~}zh8(8t@>%XR-zf2&4AZ6fcDb}Jj}+exIm}ezJIN}H
zzqH8hLYV}!clnfy&hjGDz$!u)v^cTb7vYJybacG9EVqyBX-h7CHM)Y-?9MZ1tY?;t
zHWT%KrMO_*0T!#a63B9>o<~PRs;KvPsHiS2*9yx{gVCm?<#vR3Dk=A}afMPol~YGe
zU^4tVm_Qvh<Zx5SU4zjT3M)jAw75mRv=(<P?hHE-lE`82HWiag98(atbR4-c1BOqx
zxw%2&^;S+b5@G)uhn*vb(>_%i23D7t6fv`1$NHvm_~7ylZr4XSEb3}9eB3IVx4Og>
z9@P_5VBR*LJ_h>oZ5?0hK}VJ=!uuYyA}nu8EvffK>7sJT!mu)93}rl5<yvhDQ~xF~
zB^#$RSX<dTj5;~m6wyA!%e1~WQt4|8>Pr=N(&2E0N}At>sJf4(82l6tm$ZWR@jp&M
zo2L}C6dL?vk(!xO%)~V*W?I&0&FsSoacX@chkm_GJ4eY7xe^6xB?{C^Ok+@1S*3M*
zLRjqv%Xayy-KVPER0a#|73)=Gt(XehTfI#c6e&i7=SIW_FO4LoInhK$Cy$#pF{VbW
z_UHRi`;+U5UvZ`aE+Lsjr~)RjPBDoFF-*cwct|RT6CIhrnlKQg!f~Rb`kUn2v5w+;
z6oZ!(ePs%)Ck!iObADel!Jy4kZyL%^P$%u}b4sV<GO#I}?PoIV2>F!>3mD6SuX;!j
zEt*oK3Kp~mkQPkr^}GH?zoliNqDCiH*3OA(9QrWZv3qqqW-4rEWecDq79Fe_ZAoK*
zcdUymMkf|{pTeQ9oOojGAy3v$q|*uVcKUL$DV*<USTiW}4E_zy4>pA%#dbr1^<a|%
z3a}}Mygai#B7A$rC-4_AfxraVeBNgm_zNz7Tjz-YHDkYKru8)|Bey{GSJDXU!XXtL
z(pZ0VYYONW(vsOAxw;aV9pF3@_*a-64q_)rZjVjjmnv25r#^w%uz8d_JR+CF_`R`~
z!m3fxmcq=vv6jM@qoOT^5BDZuDX1cKC6Vc9eh90!>y%vYl$Zwj>*_0M@`{MPqD_W{
z+a0a_@aSlhA%Ay-$#8IVIaz6*<1l=;V;{^YiLwutxZbp9bj4X|8gTe}yXud!^N)6A
zrD?~Nk*W*|nx*z!kjt%WmX?>q7>t6$%<Zv;fnyU4FEJ~0HQ%;9(k8HU=J`clI`cQX
zY@PW*tutpu{5Qt={6vYPK=<EH`Y|?=tTjR_o>t<aPOsV?sTfZ#iByc&Zr6(Ov=UN`
zRiHw7JR{*<CMT#VT-@qo_y>5OiJ%r`gG)>+WMHurL%K$7d&wqx^sZ1(w3(WNe{e07
z-yLm67NGjhzQfPqtMzWD@H5ifl;o9~i7BwKBe`uZ0wvbpyQr9*p|rLQf1?L;i4lI;
zH}VTBGyE?O{dW2U)`cAxeL*jl^q(+6+J(SjL?t6)&{FmW;<D?%!j7Fj$(UM0RXs-=
zip}UCnUJ2QV^K3=#|&z<6F3|#r-^)FX9icKg_qh~&q~uQp?#QFLqxuXhm;TVFZIvo
z_3+LXnL(GYb)Q{6of0<_dY$z#tVb2-rOt4$H|2^Le%42GU#5N*p7l}YhlxE*hJS?3
zaz*~VA+5^vW3~wLbJ#4+U{43>`O5691&en192e<#i_91w=`Sqk{GB2*#!LE37j(WU
z#?tk3m@N5#Wi_{oXEn#$0rD-4l)5l&moGuRW<W=w9)gqL&O`BEu%aWA)AkE#D84QU
z?rWbg@UKvng0!|(HY(IPj1UE5jo3~E*O@`OF!a)=2)Flo%*xYpoc9G43z!$PLEz+O
zX749O7rnZYDpxre-_LziiC)Hi+g-~zuq1XF4{X=VIG`kU84qrEmT_*0$1;8`8FIOd
zTm_FRp<4@<ZTH1+_VPU7gO<-=(3_cYD^$<ZY^=<%m~l8ghY5tp(%V1Nuz|e)GD8k^
zgILVqWg-8hP_sKwKxrd6s6Z_;(>^W<d-{}f*ic1^nYwUhEmQve)}p9cA0Lhh0y?mn
z$wyx1(C=BwwplNLEga|AucYA_?H&6*V_28N;YJJv<UcFNm>sB%0=6eIN@<X;ucDne
zXsF78HSv)SdsgQK#RhQf$Nw~r?1lpVVZZjvDEcZKi~VnZU!{7h%V9UoZ;_f`Ilb$y
zcX|WT-ZugXOzjxg)b9W1o7!V~Y74xk_JA|Bn;J39f{D)5F8ljX?qt{WZo9teZT1hG
z-t&5T`*}_8ac6p0HIi!OJI?ej`uj}pESrVhX0xz7FBW!5v#>8|pdYzd*av@~k<PbA
zYS<$^x5Q(lJ?1hUi*W1<g7vat@JHlamz`0Y23huboIwUT6n(@P-m5$^Y}bt1SVO9d
z864&}c3_<$C0>qo)p$)zZ%FiabQ96v%_!iH46#<_N>E(l^0@KCerZPtIMji~KMNu3
zFvooyA}Mc7H7hr6W15N)<HE5=+2iKY^Dy!zhN-Z>y+A*Vyh-T41&84`UCSZN^BnfI
zXZSlOCxTygA^Sc^ear4@W@9QGP~8`n*L_6JeEcPc1MM{&y?IGkBhdc_6Xr7EJ|bSb
zB<xP7oylR+T!J4YDfYX5Qf!?lDgJ>&>9dhZLYIE=|Ji#F@TiV!aa^OLGh&ezkXB$!
z(T-?#Vz}TqE^*eq#Y>vYON3jTM)LAr92blmtN?@Q&Gg<o0!%f%H_-&57)0+jMO0G^
z=>N@`xx4r7-n&}G<p19Leew4h-Mx3}nKS2{Idh7W&C?o*Nv=UcC$0-AZ{)A$Sq{uY
z*M(yIk@w8gQrwVrv4bj}$HG$Hs&%2*9M(%DbbQ>089${#__SEJd|gQCQkKqR5o?ND
z)P$2*ryX^c$>y|HVqr{wg2QrEAUgQNmri9@&0{+91C^N@QwBKfmhDy3VHMYgY=L+H
zZpy)@`AON*Ud>3oq&J_g3z=8@H)S)7LpsswE)NFXoMQ+$y?TdKs@ZdAb#mFWP7;W)
zsuxSny8G$4G<wB}_kQ0-+x*Od<HY!-#&h5yW7vB+EP9UNk2%BpmGjPz!;Ula9txCM
zd9_>RX$e%`>{vOI!|9}eN&62gRHYRkW^R!~4)|MvVD?8zNmLw)pQu0$htv)P7&(tI
zQia#>>08S*UI|%!MT~~53kB&MBOBo`Zk~pG@w$+CfZ1nue=t0zKXN!emuY%dteVi*
zRdX5RBFEp@&l_u{a3*w*=*F${8XnuQfNR86z^e=(Gda8xu!OD8kqb_$Yqg`l8W+8(
z{>q_HGV}l94BIh5ra)iUHNIz)#nDaf|K3d=wKZ9r!^sDYC?n{5Idpke0%dRA?+cSN
z(Y+mbFc8~YAL^~>d-wKjbZ<MIdK>zzBG#X;52>gcg2R`j{r_H_x1DF{T<7v$9}3X*
z!iyXR$<MX26heC7=(><_OuZ)gXt89TRk;!5O*mCv@~Xt=<w*(QGkV~OfGuq8Upcff
zNB5tQX$D_CyDk(dr;_6zC}u22^*R4lJzh+O9HF?~^Cq_o=bOG29>~XpTl&&-<eg>;
zJLD{K8LA)2`_=Qk0RA@)`Ep8sS0{pdMbwV=aVVY3Ov|};>tihE0@}ntH#Su_rpj+$
z7czLRV$RFw>1!r^_^1_4JaRa+o2Q+`MnCv3vE&!x-)<~Xx<wC%8@I!U#k_{-9b!C~
z7#DYQX_3Qv3-(DOl*!>%Bn87^Hv!Nv^sTHr&-1|8v;QKOIOE?q^}p6N>MfFV1b7HT
z;PQjU|GckB?!Uy1rZ%~Sl-CXGUJiTZMym}aG4e}7wU3d+NUkm`DBSqJowok%*`!_o
zhi|5Y3|}=LhmRRnfocK){$_-qgnSBOg~piq9H#PmKFoY1C7Hwd-!i($?s>PsS|Sqp
zfHWtUe&eh-N#)S*Zc2<+QQc{wx}EdbLz-n_hWuOAjF(W4F7DF8@e?xXx7Yj~j*<`w
zq2R*@)gLNxrvyLMne|&8a>0kS>BU>-?-Yg)sln{Kn?@rkZzU=-=C>+Jnps4aK;TWu
z;;IEV@B@1Sj2W-QYHByuXDW89)<oQBW>Z8k*jry<8q`*LhmNlZ^CkTr`--WCxL%)F
z%^#Ry#+7Jp*uzT9$uCz}iJ$AJ@!P&nSP28uIlN(5!+}KNf1G&5R2sCe&*CGA$ru%$
zpeKv0=*H(W3dp}_TZmGxjLDa5RWe!NuxXNHH_320Nv<I*-oY4VFp|IT3}6OVqPT}Q
z!RpF9uL%#}W1PHUzuFdJm@Xm#R8o?$I+XlYZM{A_l+9yxI5Sy$?#Nekhkm#6|ER&C
zSDrx0a+NTDuX0<P61CB>I%F^%7Jk=u5;1%*(Xo_Pynekstl)ga=kui?)`HGT14<4Y
zBt3jv#F+fT<tIabGQY?@*(3$A1{|8I#g4jRv(n+JW(_!~zv+7NJ$m^QSu`H6J^*=n
zeQZo)`IRIySTzT$_(}V&Y#AR*L97b1_3&!Juk?H>KobHAR)rSY47H-RD^~f}I25XZ
zRE1gpOzo|z_8oARYF9N^!TjsPd*w>s!J(!6T(zotK~wFdG}Mpk8Qx1e`x+9_cs*>Q
zjXUmP+NS#vr8oD&Hi<Kpcs(7{gD}5MJ_``;r}IbYZw(G}^8)CBO-am$ezG=253i@;
zRR?Q8-v$g*C|WS4=3rJM`qz&syfLP7#Sl(4(^-`AL$R0d^S3e0!K(Ah6xhhbbuWJc
zYsn8i81yU(5!t9B{z6hPF_-bLFm7<eQ2SmrL;0fWQ{YBrB`=Z2jO1eAop+%ZHcw>+
zrU&q$0Nx)6NHTN)wEa*rhfx#AF#6zEjPYFj0spyL#Sx6d^)2CWD49^1QRF4XN>9AP
z^gVs&`pl4sz~OAJ-1%4){-F`#WsRX&1@2+FvWPc+2@jWm$NSaVSCWX~@yVZZO{<#k
z;UmHc^HU1L!3>5pp!kx8m*VKP>B(|^K4Oj^%Eqe)0toO|dX(JpuOj>;Ic9Y!oxL5P
zn;)MKpU6U}5e_bw`4h!HJ%7VYa`ITM)Q7cTp{Z_Otu=!5ibe6%b!$VeOqF!zo*F8G
zR1Sxd+J-z)$!Z%Xxfw24NTngEAd-Vx9g|MpnN1j_NTy+u%x-@OQ%rRYF^gsao75#l
zgYXcJ{mX{X{||Pejj8ZEftkE9*5cI~5+K*EBk`#g%u~Z^9Esm&M)6Asrchf+DwqxF
z!Z1TQRkJhP^R@p8etYBh<zlxL`6~$7Wb;TqF-n;Pue7kU+?*Vdjj6m2)vO6ue`-6d
z-t1b&b@!(w=6Mw!WdxI@U87H|OD`!+6LMJA)jX_vIlbqPMNXy*yM_;nt1hWa#D{~H
zz*>)TIQ1mMCv@~)W~cyH%7;3O!#B&47~To}m*zQ!w#!tZ?IP~?_@FlG5imkljg84J
zyWFrePxYz9HLL*_b||1!;n00D5vYqhLPF`|l&j<m9J)=8sMn7cI9$XJoTDz{wNw5>
zg1qP}lOFq24H5rtwt``~#%#{v^FQm5xmFkG@oPh|F3{h6snr$z*M_tUw0uQwo{lci
z?F&N61^UJu%cb4b^`RIS=v#BNdgjXdP>c(7>72-=;m87qd*j0r9vR$+mHpb)q)okq
zeBwR)QOx4LK#Vv1SFft>_7sE?aE3oRhdH?i_lp^8Hir{)m~#qXf_v#22Q^Xe`5Nve
zYfLqfd_{22;1vHMfRmWL^Be0OZYMvV8#z}_E712zMJDW*hGCx?PX0V^E~5lTmBSc0
zNP)yO<2`QH9;iW;O4&H+Y<Se_eQajNr4z-C*~|!#%riUBD1$^=#B{}Zq!i;N+5AfF
zGDUMKZJ;PyI&W{M^C`)&a9v1=-`zkRDdg50VA*<MA3zj5K!)NP{#=S==huW(a>SnV
zna+PRtso?9$o&Hj>lE%#_TMvWLbmk3f8u(feWown$p&Q4;gj@8d000#%_`6f)hPC;
zfym!bR|sQ5aU%UAhvj<}K5!@{mon%;FDMROuGZM^R(SFxOqj!L!5xYULQ%mTCh2|P
z;n26H-1n#dB+vtWYYP3G$zjA@at0{i!h5U?TaHE+LWLZ<rJIgOP+w5y8Ca03EgNV+
z;|oI8{8@!_7*iiM$BcBEhB|pGIBnDER6tSq8;`{j_y9i6;jE<ZPuWs#1O&cmn#r#z
z2$BB-UFR;CV>b+0RuF9%vPg|d`422npXEH3svYKm<r00udwG;)FOM+yvZRDoHz~bY
zT`-^`oSV(mnVJOMwE;uva~b0Xaj-#8F|Hif>W7mTR^>4I4i*mGt0%jvhj!HSa+rNS
zGPI>uw!Q2Uqg3(LVO>|tAr~{@ZguuuZ9V%6efF&Zl<V!^$KL;&$6k46gnOCo)F>Hm
ztV)9d$eyA=HzaWWhf&r!H(0K7Zf?ToTv`=<2JiI;>k(W>;_Q$e9f&i?;pFf2!Be}*
zYzR^Ek%0B+Yo_PSryX07L&<Dyq0xIo*g|96Tsu=Wm*UJUxmoBux7Iw*%{R|;Ys2Tc
z`IhrsxlSNl?ZUO|{vX|(DsqY5mv!OrR0XlJ_v(Feulh(xyyO2-<&^JHQ!gbFP)vR1
zv?+QzZHoQoroeP4s2%v9+R-9Lb5%ACGGhtkhio4FhvpDYK<9co;1X7b#Y^)<*=LW4
z3xC_N3;(|~#u9pr+Y(~wpLgU}zTrY1lZL%!GxzwZHc>1vFXa6k#?4_S)b|!R#$;+{
zy2y<zkNl&htcoyWwn?3PZwMJmtbZH&&ry~I9a-4_YD8SgDW3c#iTdVHa|D>lge_!1
z8Am6j7kwfew_=3J1tK5<LO#cCHSI25L+=!kHt!RR7_$9;?>^z*wEKI~?xrT~zV&+>
z?KXr2?Dqdnq&a-4;Nft!KHWBpAbMe5GluEGAo`%TNR(TtTZpxihDXa{>IUG}l#mfm
z!B6#fF=hnat}sLZ4H&X0k4bp#U7jS5zVk_y=z+D%l7xW<3|^9_4B0x=XS@YI1fxD=
zcz=+tUcUK5`0@h>Goh1YPu&m+eX_DpgGv*}#nU4!iNj2NBQJvL>*kK;Sq#43Dk}!@
zp`h$ceI77P=R?cnFl=r_*BB;wk_H77aOQ@-=k-Vm!(|M%&r`+=b%i7C`b*+OQcmD;
z7F45~7b>goW^i*ZV{$Tbm#z;v-qR4IF4DpV1Ne|2P*IIu`H>p2H#oInt7PmoC|`JO
zK~m2r5zPd^w@Eev?!Zh^82%0>&ry7Ia7}I7sXCuE&2_l1!1B4wyuvD7cN-Q7ID9*g
zxevEOSS45<#RC^=DhuL)(Zk{Lc@?DmXzKsIAmvv-U|2KC5>H=lxLD%-|8cWn+PRf#
zd#uhq6S29w{6WO#?z^sGo4fUw;wfyfDz6?<_h40ir>P}U^khK~LW0_`#&q*o&?BT3
zU+SgKUt%Ar*2aCt;J|DN3qq8E1tC%Xt5gq%zE_x$Py{7^8DZ8k;OeVE$yn<NdKQAN
zua5i6ynG(TI81vpa`&7QO<7Y^nZ<L|I&NuT_<TNJ4%XBee$w^8?l2PpnJ=nw;vJC}
zRk`W@tyz&7jLyUBs*8)bs$UO>V|&e*31yW$ZkGJ2EOqk9y-MuUOlr^=?FNt`$%7Dr
zBDoJ;nPiXTt_rv9Xys^U&;6_DLAed(;%xu_*}Ki}MFHe<mRmKsoR4zYKbtZL><oy1
zhBk1Lc1HeJS-2DK5jmXLE6*{?b{jfo{cl16(^j%aPkoxYaL!^YX#=7t1NK;htYdpr
zu$oKKmC*+VBJ`{va*59_&b#dgOiBuKeKxU0IFS_iXWJKwZ7#hUot5EVH*O%si}+vJ
z@^r>w=uL7<aQn{|66D9)dO+6uHA4>^-j>ut;B*GV^YbKfH8IcwGq)ufk(X8A$hIW<
zIV?X<$TH;ZGh<s)!cNOCaM&c9dO334?;MP4L0fAuE){)C2jvp-A5u`Lq6=>&h4VjC
z-~$DnLv3xLV{363ax2Mdv@n+$X2&fe9k*$daL1QRlNde~)A58h(H-w7wRK#}so#U8
zp+x)b*M_Nly!L)O#`JsH-f#aDr;gWrmvG0^+cPIfpZP8n)p5`EHuI2GNlqQ#x}I>y
zS7dvS#dJI_rsG}qj=MQ7@!4w$ciiza#_;i&j{9AY?)XFpTgS&7LEYhU!X2OM;<(0B
zFGqJ=*u~cIiDaja2VY3I<Kpft9O2H=@$w7N9WU&jK*!Td67G0SFGu9sSrXmx_+G5c
z-PAMjevixMo{s5vZcM*xdf5#x3}x9N1>bZXJ=7!MO_EF&{+;>hKP6fgwTlfGtW~UC
zdTV|#yQEA*AK=i{EIuot;@!;RGZQM_-7Nk^LdAQS#b+c`yr)@wdP2o}nZ>7-U7SIm
z-i!rAI2-@jvmwKbpgh<@_i5oI<MVLnwT<*-=kh7sdN0Yw^e@4o$F_2XTmKD*63N(_
zMQkxBV)aWrfWJ}7R+`I(wlRSzvpIZmD-z4PI%H86$@_(}{*cGptu)Xz)A9sXfrVRX
zpsS~;fquC)W}qp|iTD17%R1H}DonrJ#%V|$OKst`YX;5Hc?i=p!`N?Fu%G19`E4u#
zjDf<!oi9xar!`L&Ivm_{Dmt7QEY1t<LW1@T{vJM68G1g?P%#h}l-OjY)x9)k%r7xd
zwY52n>8V8SF%-zS8G_#?EzK#hUBslp+FoJxK}kqBhu({J;<o&+Lvlzg)vh6`v68c)
z$n?E%@n(`H1^8c(O>p{hTaxKPt-!NApJLpFBPQCjz7tSSw#^f&!AoX?_&fLkwReIA
zG@{HcBt$8gP8dD6kPwA_2@bOh%Z1VZ!D0RMJchXujIIIWuO`_v?ta_9TJMe(eu}9%
zq)*&!=JYvV>R{s3wN1oo(GTy@WY#4K@Gw1}V_RrGLuSx?j%}g&&@aK^$d+===S2>K
zXXum*;rZ;i;yj=5OyrAz9M@zs`0+@mne4U9!~=)6Q09h-YS>?Gq3k>Ar;lv)U}yQp
z{xXLNa_qm2q>G@)w~e`hKeBl2_lb<n6884%HWXn--TI_*@EaP!axisxfC9^_W_|j#
zfiLrbr8_#KZu>4;Z`p*ylJ;6}x#GK!3ILtK;2$jV5k0&a3I)3fw?g5x);<n}Z5i`Z
z=;AMKh40d~v}Mev;}A4Z@yu`8SaBto+m`O~S0)+ggSmM^GT?$F1MZf;d*sQV7Zl9<
z<Qek7ufjz(rdh1{F8bOq6FiLCUEZDvtjr%x;aCF-uUl@pzqVMaROYa@JyRE$UVg9A
zl|9Z?l!88%8UBI8;kGKY77V`?qW#-Uy~E}V>p(U`PnKy{eBf4@T+YMcfP@Zs7>6C3
zlNeToDPIth?bw`Tn7;&vqRsK}%j2Wl#|nO|k|PvnnEZw23@XepX2Rm#Nv!-y6J&$v
z;ersCVtFqapQkBfzgu*yZ3?H_GFv?3p7sT<!{JO@8m0-G!h~RRR>OvtxxIav&7pfZ
zbng(kKf5bHh4)^M)xLN*%(0a82U1e8DimCcaH4cr@)=_(sj%W&NTs|wm?ZmX2-`a-
z^JC(OKA7d){QlU1bagKI*=Lr41Zg1Gt}2kE%Q7%Yc32ONF#{V)ZmjgNUKkvb^^{v^
z3LI%AD8w!?odqnGB|oJY&$AZBGp$XYP)d3W=Xo8DnBh03x6xsIk;B0D%%t2yHxlJO
zI*YJ#=*A=+=j_NVg`k5sCayI24VTqyvQ-V}b}1>|-LHiQT{OeY?)uJwa*u0IlpAVl
zCt~=sBp)?}670P&`6J=SblA+bh@(Ksq0=V>ON0KApLDpBsPlk?#ZJYCuPHgRBMFuq
zF6ZZoYAB$?wxl>_$QfMLV^{?`$$HT;=T#?}^F<yYE@#S|D;#CcMOx<caA>Op;UUu$
zn^p29{i*<eqQTY@DB#G}Bvw9=c<{6YMB<T-!`o{YiA}k_SKB;8q8ltOWDI?<ONly@
z3KhMlpPI)`D4)FZTMj#=yz@#Fk9~~?@pn;4lpNXYAjM{>`ycTD-fv;dhe{oyxed`3
zJRC+BQs$=<a`=rT@}!!`GsyBqa2QbTNgYpcQbmrFniOYJTb(8~MOVn-k`gq64-7RI
zQ#{^S8dBy(*&Mn=q$c(8a%sp29~)BONC%=(YLl5X>TyM*o(dludVQ#m4X?oERD#)-
z3rPXZfbQdPzH6RJ^7*2HUfA-Hk=Vh!L+_YF1}Ggs8h_vAaG`EBC`7t7HoctDJMiVL
zBr<+^LO@I5_hTl9zP@lAnS~`~SbMcM$FsnC9EQi$9p{mrCPChRE);MKF>MHLaAC+n
zWe6h-<O}L-W}##yDJB))zJUnC)Y-Jjwr?Q9K)(csZ5zrf!%ms4W!OlDC*pdaU3It+
z@7hTVmY1)D%usOhop~b7Rvh!hl^BjGh4n}|%`bO+8)n=bW_DKcn-Ml{^unAE4ZlCz
z@7HIt;ambFIbdav4(GB<--Tk?<L_XY>6CE!yHLP_(OuiKC}1B8v&>Zm1nfm~2-vF%
z2-x&Xa9B}LUSKbr69eo>?!#Py-RW<m;a-u$xXv2x#osEpr>b}6=|RJN)3>pbN-Bp{
zx@1Z!ro-OLA!YM8wu_3vdarp<-M(HS)?9^H>lI?n)rhseTyuSa!<4!DPQhue%CGIl
zWrw-;>!Rm+>T-Cl@?F$i_g!|J>+CL;xt_kH=i0ZcIajimUq=(|Gmj>EW*tqGehChz
z)|G3bFLC&MULGUn8MT8(Tz1$&7tGo9xE$U=@?F#pYIE6P2leh6vxClFwCtck-K6A;
zHQ>xe%Q5Ldl4&UE;jo_M7ijlop7IWub4giyAcy%~3F|d7+*+Gt7L-uAv9`RLx3*t8
zsI}%_2|0)rD?2e;640P*JczkmL{j+>w+rBFTtxH8DOa3$<kn8^JaW<%2Oe3ZDws#`
zT%Maq=R+JjKV<7Xs5@6KT!XGSxT=2JiK&Ep_!19B;gTGYJl6h(8w5|&xvv&v$b&Il
zOVUcoOwMw3!c|2**S%->{e<@;(nK{yTYt+12_Aml#G*;8CDhm7a1q-Fa(LUgUDb`-
z+<Ofu4GGO2wtZs6oSq(2?BPiZdzk9P9-6^1lRf0y*+Y?yJ%o#djWBn233H3$)wF5G
zEg-^DyqX9L{Sq8@uP!gQ7`vcMZt>{_2MXGwhiSHUK1@O7yC@2J^t>Yl&F^8Mpcl_+
z3fjGA6t_6FisssHA<gyFDw-?(5*)r>RbFn<cVU^_qR)AUx!yA8+AcEJTd{M!bk1?E
z!+Kig`l&hBo6&RqZY9mN!y=mNcPnYG^h<EKwz9mWvHhaxgY&6V)`PPkoo8dK<}*hH
zWI+yn`|6YP+=~t;=QZ8Tld~LphJ}!Y`&xM_M!nit9@TXx7WL{Pv#TCXU7b~3Ns+lG
z!)$oVyo1QpBlQTC9@q<q-WLAak`#G3tiGNkBIkfz9nEuqEO)N8p~Uc14r7>sb?BT~
zOJE&+<joX5^m5o3l7$2uPL`k4vA!f(=+!D!YL2!_%~2XwbF|TFj+^CEbF_(3bCg_4
z6oS1>HOGP*4iH@NX;{sXX{tFgNzEbmw<hA<KbB`BP2n!4Mkt)JU>|xt#3V6;C56P<
z$0~in-mOZZF>;zxXzbZqhC*ZPG*W2n+v=du7&9#ag~k9!jll_v#-JK3&NEd8d$r0y
zj&W7@FabTcf|jn=Vw%Lc6|~Xlm*8-AMR^Hm&&6dD(19fmMCDp9O;kFTgo%oL7e!RA
zopmHC1AAMDN~g1$s9fzGMO50TxwctCb8VyMO1}h$Tg%H!KuZ^wNkAu_b(rhdz4crN
zoDI+Q>)tVQ?d&|)PM=%mI`E91>&efpbIl;(CD*=(+I*cb#VhTvH_?W34x8wUo@G+J
zuTCbqUndOEU5#<-YIjd7#jEW`@wA@kPN7YHy&TT`-H-%O(?26Z|0Z?{(?0{f(66-!
z@AU)eMj6+$L;z-8c93R%5Bt-#Rx}VTyUe~Ein#~Hx8X6GO#jF==(}(_KhL}@?o>H;
zF!oGhG?;Z490v0ytgq}gnDrMdPL!&v(Y+j$;0~w!eI<^k{Mnh3lWhHaz?@h=g^SC!
zhG*u58Tom-!arb8GJRiEXuAMTfdfnPSbS|V4P$Fb$l!{WrE(~3&-7j0lUz_<GIdxm
zFHNprx1ATT5}a;jsCXj%zzT&GPEdGSLE$+I6c#%{;SJcHsR`|p5+%%9+<^%3de{_j
zGe4%2f|~fY%qT5-4(%&Ri#T*V9cu1m<IEX{&p*+(j2RrR_R%x$c%Cd{GvHbeCfnr_
z2e^U1OG-{j=K}vgf33kXNN=lDD|Am%xe;lE(!*)LkIhkOzpa5Y`j$AIEKl~b1kd=q
zBpf{Blr}SfekD2_%c)-4NkP8R4Ol>`Rg-<%X|`qGJG0b9#ORGC3fbJTw6f9WuVur*
z|AudpCDIOQ9Y)%9ihXyFY{%+wqGBXrZk0!*FlC0y%Yx;T%?rI=*F#3Ee;64-+(qk8
z%l~;_z5ErLpcnGrG0cv?NfKBa_Im<YOAA*0*M+k$n}g2w`|&NfVIG(Um<OhJVUOhZ
z@2Fdv{&`xdn#Q4Tih*}XD)|@}_#|C%KZ0rDZE^Kx%<83aXx~oV9byd_*Euhu(OB}1
z&1N1sEU&~OT2-~$Lt5B^n|k12nxH%6uijRwk98pQ9p(NsMuB#|dfV)y5{F$$OqHLM
zXWoKOtgP>>-Z6vk=ns=BG0w0lhr(|u!95hEkgPjD&mf-+e3}b<E_{(|&iddr7h*uP
zz@QWXlBf*tpomJeN<?Wh_C!bu<&+)ML1Xg1>mefwle43EkdU~rps$q_eD;n(qIwpb
zrocyV?Sr^WH^Fh~c0`tLd#C?_r7QQ!jk-ckd6hVHzaBEZht__lNu~tT&Hj-slggog
zOC!SKJ+OiW)KWje1wI|K)aS02N%vDZ9Pemy53?0J_vqu?3N3J_wk*6eyH%i_TTqY`
zofX1Pc;12W$%Lq9D+b~r>Xl1njy{b;QCl)UkVw;%oc+DLF&*J_)D*0&Q>E45(DQOq
zK%WZ?e4WF&E_s5}t<*--t;lv_N?}+Jy0m2hDI_neDDZ6<(b6z59f~(62~mavEUn+T
z0ai30@)n`FsN=_$Ffmyem<7|kq)=<y!r&|g$SUl*HF_9Uh8<BxCbUvC-VV2-Le#y&
z;hcoXU&!brTNwBNg=(B05-KH-!2dQggPbVUK2eTLqBhy7-KZdmYL^cJ=Gx6wg3E}A
z;NsyhePJGphlm|7xuKAU!=}y@zMlp06)y1gaAiekmR++D8d&_9Br~w`TFB6sSrX)n
zK9l{xs%w(1%3nhLGK9%A1tIB=O;o*{PLnva+9I7z&(EXVLu?6O%9Y809+eWIr`;~Z
zMN=9>8iz^kl$neX(dgFUjWJD6bIZ+8Oe%lEaG2IkhoOL?n;~HmXmeKhHf%zgOovTn
z?7O$%3Nid1tpm0Ee*8NeQ3jkB*XfFaDDS+PdGQ8%>qhKAX`H3)Sb%OzE7>hI^*yL0
za;Nm7E0kRFDPs|w#2+?7FRYbE5z#;+-!U%@@cgRq%wB`BGxC_6S0_5OcsMNd81C3p
zc-4wM`5g%}imuwQXKF{np6yo&d#0)~+ppTNM<1ikRWahB`Ox!jXr9VpaMyVJ^x~B$
z!jlSJI?+VGdEcl-sH;S!i%Ld2yw$q@X3S9g4`1cE_(l{AI+R*raJ3E1uT!ZF23Oh;
z3_6z*46dj$olEUIh(;jKa^5%)-*w5_+xV{3(w<AU-o|yM-iqm>O#Tw;mtk0hT(wgV
zRwfIG(JcdEzQ-v<qEb-Z38f1Aw{J8PeMe}rqHN!oQg?q->i))*y8D-e3_~9S-+?1i
ziu6LSJfoHb^wx^haQk)fx0N3QFbycCdaHoHwye3mlKlC_I{}Txg;l7f&sKz6dJ)<#
z%9DkrX}QP4VQeMg4%HJEtx)aXjUe{TMH^K6bt9;rx=2v%r^=kVXo0HGbl^)G??yG=
zcj1PjbEB0o;XHuT=dA<i-Gdr0Id2<4FVc#`x$`uDUaHKw^Ag4e7s1Hd5|ox^XhFW{
zTqt0r4qj+aQU(4UI;E+F>UxEum(k}JVR}!}@2*tLG<-(VYNXK}^m^~VPV1d2-w5-K
z1;uK~x$ie~<j=lhAI1AHq8quK9&2G(4`S9bsT^j=vz|pFI}{IyH_lms*p>`6p!A##
zh;4cj5Zfpqwozr;oVV=_TD21<{H8>~FCEtGXQX~mC#V2=Vaez`AvxQ@ih|^w!_2NK
zTKb+ryJ=;*(A0U9MPMKc{FxOJvcPvte<WFpCx=3>3n45kASY6ymH@_H2?Y$U*=2qt
zzgp4FkP*v0zU|5^5{+bQ?~^v6C7f3q_fWe$wcUbJ(%vl3NWaw42KHYM<%Ul@T8_Nc
zPHk~m-YJjZW*D;Gh%1(Q-LHoNI(g_yDU#jEu)ZYqrq(5F$XXi~d>2-qq7PQL*EqRF
zTQ~dQ3n`^N&h;F(D1+Fi<ZFSxZ1lqFR%C^OuR-rrL1{rea5OC-|LRJ^O6-6!#c{dG
zKZ47dwDLXwu6F(3;7TT~V|IM@tmPJk-JLt>abLNj_fqFhDm8?96<JDA%kMX^8T3sN
z2DXHrsd9%NkXwg@E_?%~R1o++^anYpW%QwzA76#5bZYP3GC;-Ng&9<H$A?6lUWFkZ
z5x{1!{u83Qqdp-)4qHG0$)yWF2<X=Pdgbr)@9JvpE9uSA<C4}A)Pv4#nH0)f!bl<?
z1)rF8ODj_pxwo~9`#y945x|zvF<Arzz5{*osPp5W2-SE=6;d?(BR~{nKt=iM?EBPn
z3m8Mh|L{Bd=K_zM_0(iJ>md<vw18P&Ih4L3`C)<lfbYQh6od4!;aLu^A_DjdjD1hG
zxwMtx7a~Vu#4->Dz7HD+2;b7)Z3$=6sIuyWI`5Go0tRM6@w*JO9x+4^Tf&42l=777
zbYmQ**D!3J!ZzRFM%p)67JP%@9Z)A1yD@k}AV3}3WqXo>Sjndnyj14Gz-%rs$L7;3
z8_42tb$^nGD8eg4$5DAg9?GuB_oOEmb~QXXo_89RM=m`r8FHvd2z<YYG&*B{5^2{f
z!xr7#blqGk_c<u`fkUBeF%mMlvgI~u&9R8deg=mbgSE+i;W4f5MD>#Ng^jp@O_bdL
zRX%&nNf+2-Fk_aKhY^np5787KhlPhj!hS#UQw}?ZDWSg-OgS79HfIX`6;pXryhoAV
zUdQaoeKX+rU?wQ=ISe`$GI`bU!4yB6*T9OfEJ>bl7UT(m6=99?n8<+7^W@L7O2q7+
zXPDWDJ=$Yp#$gwaiFDXCOztY}F|pu~i^qhQ!@gnae2i)QUXocK<%%NRJQ{)in;fp1
z(C>6iIZXUky~95-6p+m@HS934{#cn#0jV4=57yctpNd~SX<6j9D{;4m@bwp2VQpKg
zt+4DWlf?-QsO=Dom%{l&j$R6>97Yb0+>2@Ffc1wQ@5R<xN@_2Kc?Tohx*}{H!PKSM
z^n*4(g&)F+;Y^zvQwJlRJ2)RZl&c3FOAZ=g8H%zRJAT08r+^h<sqC^29A*aoFk<MO
z2E#(KrcW-yt=3XTA^S^a@#*b+!s^qTseF3nzog7iWlj%_crRNMj!!%4U>|pQh`x>-
ze$))PBwxuPr3dg{!t)LLk|ecV^G5^kg_0$C0y8L&01D`|JSp)on>AqGHO3<0HO2n}
z;WeA)D5HyP4*lhh&~|FWPB@sn9T;e4E?0Wj!6(8OBu55nabwsCeN;O#P>b&JjijpK
zY_6FcJ{um17dQ8?HqC~q1DSw|%n5Jy9xoej1`Tq?o3>7P({rfCoAXCZypgYLcr)CJ
zH$#_N@uqm$zwySzo0S&4Id|LvZ@LY#<IS1lVZ7-zNaM}9;~H;z4bpfc-)L?O9J&mr
zf=K8>X8aq5kr{tu1V3+PG2@?cIAZF*Wti!$e%N;ODKy_tv%lYJzRwRg!Zg$NLhp~8
z`!O4em_Q+^9&p%`Otwk#(bL=vW>AwvlK}pb8~7q6W07TZeE2JJr{KEo-Ky$mj0dr^
z4rc37_KH=6z#)t`$KjFp6;(c1Q}FpE56Z^FZR@`8R$m)(gJP6QQLd&B8;5~2lth*&
zuY^N#es!pU963UV78-<G=<d|QIR&>&4rdP0^4tl1hEsSTYS7QkI7&K`;HE>C91HT(
zBuNm`?~GkTFNYHYv^X(W(UvrrINWrUSajIx^_|J#b$OJp8?Xc{7;Z;_vH}(iw_`>b
z#d{C8BTW4G2K|OJ76_1tHtiF`yu0p1wma2`R^^Y5rd1gnj_lL4YS?I{*2|z*Sdl+q
zQkwCjLt4o6ayYe*cI=Dh$L>U*uqKC#>PwFKrJMTVfy?`}bD}&T@y7BTK;cl;MU4EL
zA<xyyglrs<yD@v1O9F7Ab9S#Bq!WO9;Ydg{!uAY?llbM~aBjag>!Sn_n@8ysM_w2g
z5;@uUI_xz|&Wx0Ng2QLB<kM9043&Hn`l?u5u$7ENqA0}sj+7yd!^UA|<bXMc<3tWH
zL{$FwhhWSgrd)((FHbTQ*&aK}EnC>G3KYJg`wph=x9(8jRM%u<qppCw97^{vm4XLO
zF3Ah$Y-z#+c%S9OGWWQXE$1LJ$&1``_e9(m1$;;B$`Qr%vBQdEVH6Yp|Dzas^`-6r
zr<C%ACPrDTKcZnX$q6<^8aDnY*qBahV~>Xf7ecS`v+&I@#!TD8{)cri2t%d+mwO(C
zPbD?;1+b#uK$fG*o<0;Z!l+UmCKt1a4TeWY5++5>v8Cp{+ap}y<1rT!$BxFFNj)3}
z3<+P8e||3XKWE{<61yjVp2LxzOy84lI267ozdoGBoqS)%$)Ai&etF6NiOJ9IWlsM3
z!4R|Ee<N9KT^`76K||~&a`>jsHk=GE83`0ifktG66_iqJGo|a0;;PaE=xl1;PK1<Z
z^U^>Xks?KHPDEu>^Kkffpk9vB<56_V!{N%nNH(>JF^7dz4twM&?p_re+?OLT!;h)F
zaT!Ohva_nCawuG)jV=$LD3j;raM(LgIoDL=0&^(Fl!%|jkjjv(H5FAya}LK1J84Pk
z(030DXE;jba75B@$7MKhTrb0@L6&7GIv%?WV+Lt3Z*y3Nv4bMZ@ZE8TW#~A_Wf|g~
zU=mt}o8~giNoW~54=U#}C{^|GP{0Yc3f*TcQ6`r`tOWyBB+2gYRzceZrW0?0ij4AX
zDN*8zBD!=IZEOY<K|v-cIbjo&3}te1t=M96@+ybV#*)bia#*hczWPYi&2Jr;K3K*2
z9JNe}29jRP8|AD}3yTIF?4p5UVx<nE!IeFXsi>LCr)ZqE%l$jt8Z6f&lS3yEQO9b>
zOC93Rh7QEt$rNGdgvFy;97gUT8OI%*UJhR`r4XHD`7-*D&GN+yr=paF20o@OUrLTf
z%`KP1XG0jnKTEoN<}nc;aB^*SR?te!S|<1&`Dek$VbKu9jRH~_U-wg?JFN{z$Av5s
z(vUqY;%bJxf%QyW*^;V+?D3~O&CsLmNEaQ|$6eX&a?)49(xY@qxO@m*63Sm;6$y>0
z`?qDpp*Aob-jEd<l@W;A2g8=;1u-3tETe!%!<ObL3FNbVN#b^Oac&89(Q7$%ac+t3
zVipi!a~-c#PaUydseV3`<SjURBxD-UcsP8uhq3q)b`&;rw_`(mIopB_<0LkSu#FCK
z*fUh!uWtN=;T<qLMe<mIcW@C7%stgXhlQ_j*fdC`ejgMP{wDYqtVz)k?V#_Gh#62S
zhk=8YT?sbh&GEG;vyy|yqKJzZ#t&phPBx~(RXQ6XhvH;%g~V1oh<P?&4xS_YJSRNX
zc1~jzaBa6d!<mNanH*jTSgt&BNB|>8hn_m^n0e_r)?$V~g+YH3mnGtlex%F>5w%Qa
zJ2ZwvP2-R0mUxxq7x$@K;=d6*4~2xkF`Xi((EOJ%C<OWN7G%mls@}*}!d`8ANciOx
zhFlDpcFE6kI3#EEbA3C!;ZP`GuKU)JjL~9bin77_h=UfhO`3>wGqabao9hR4H_yVk
zkxaAEZ(0ewgHhhkU+@6_+UhS{8^#>AlAyg3%=job=&YQPP1o50GR+MNiF&i2X0*>*
z2>dPN284jENfI<Z7~NWkAiTtcxrF0Sn5m=24P+vWR)nWVk13s~o2FKts5(j1si{~=
z3(U?4Kc^(am*aJ6kUAWu4Q7;y1h(nxtbf4BA+&xi;7k(P7yJYMq<%LQ0<&S~Pc04i
zXK?fxwV$SaBJe%9$P6Lm>#?-<UikWB;m5zgsATyww~l<ZzqRli23CRf$qX}_D)qp=
zR)UhEf6TB7R1*mBHzWKc<WmqUG{(&5DCIfN)rqsA7PF_$E_%2;sk5I{jSPOKT&c6g
zUvxM^%Brb&ds8DNnM2QGv~1aMelQbQOGG7H|NN+XYQ8IjmET-NP9Q`zGLMpX^(1)~
z*(<QB=A7%%oYU+u;2Hw_N9tvDH3iiY{SaygrgO<bZ0Wv95c@Bqj4@lX^~zzZY`y8Q
z>S0>)MbA*)-sKOMnYR}?D?4fLf@kc>*(u*u_hZ(4S7r*VNajN0|7;4Zf9DpB$$V9X
zKdNU)$)FO*TsZp~YxXOHl8QZCX6~y%xpH3x6V82QxaGbg%DX0?T+U=A=gd<S<z(fE
zym0;~12gYJFP#2~f$0H!D1i6tL{6Kgh63L&Nf6nMC$aKpXX(Y@=0M3c4K%z4E@B+M
z^5nY3%FnX@#QU^8%pw&lzcMrlN}@XLC((ukDXPr=v05KGx;PZH8WzZpBcGKr;lZB-
zTult{=NvXY%kWpx_B7F{+K=pUxSX6ePIta-PdMm{d>0k;Wz`;spf8(rIWiU~+8t7N
zoB88avW9yDSOZ3!3~9eqMl&Evf`8<2U_f+q>`ZMwn-h*9ER>q|*WAFDDFBIx0Kp5J
zbogIwc6oAt$SpM2%^CXGxqM3^7cIBU;>!{$UTPL!no#jJU+CgX5-Q%-EWS9Q;_b}h
zixMjSsabqsLdDyg#TRTz;0mha7mO*ZPKnU(5_P-QPzskFUlQnnYYh$kEI3?gSRSYH
zrW`(diA*jn0<-EoHxfwkD0McJIy>4>=x4#<aJf4B6Ne!$G5kxUGj-WNY`0SmmW$)*
zYQLGYF7CTxt&8h0){=~+q&QX=*Kw?d_1WTBU0kQJ5nbGXy$-s#Q)B47=fjNWNeSoE
z^ttcekg_a2J%&tqRR3G|I;KxkltwGn&WtgYYPKjt-S#@%!k-&s-ojIvE_)rWNiK}h
z`RX0AdF(1KI~>2Z#27x7F?_;miJ=@&ilY<g-x|ZL0m_d!W?VS8GvSUqOk&||9+r*=
z?27LA*hE{$#o*L&@1le|K01}Dph5PIzbuOGc-7QM$6grxzILRo#Nkk-NU-?pez{3L
zdsA+b>wX=Nq{ExEPp<kC3l;xI4jtZP*gSfN%-ZO*L-x&zw?lew(L1DMhGmCz*b=)#
z&YOg{{g&7ra$!bfhvaW@*daS+Sa(Q{igRghh!a~}G@8P;Cw9$n+!Ld>IP8f%Gi-Ze
zq_s>CJ&jecMICX`eiiH-NnR3TeKBa5i45TS=8zF-$^BxGq=o`5HF)74!Ve#4cIwCG
zP=`49P3@$$HX-J4)m)A>2^GIKgRxI7H|8t0SZ>T0sJ1G|wn#yj32R0vld0N9ydVa<
z_Qm&GZehB-w`1`2XtK2_4H?$S-wESQP2H#aLP9Tv&Nx3>Y0*f1yYk21SAA>9T{@$w
zM4_fM`g!~8{?cnko9PMng$%8?QX^SC+RRzEa9=3E1LUBjG5ecX+V4Q>IXq$LY7$ql
z5}azq%*`=$f;HgY*oJaH?j=4twxQ6^g2U+YGVNl`v@Ox&Jsbv7`zNXWfz<v<)qekS
zwf{PY6E87*(~1<)barxa9OFJkc45QV2xZUq>4>|1X^f|7jC~s#`dM)JJb^K)u<5_x
zaOx#yQM+j>x#_D|Dp?U$PSCONeR><IJ0wjdrzkn1D(o0b=_}OYj);~c(m3og<%r?Y
zazq-3uPk!J+G2-O-$DtC=Q%^4z^aYW*9bklDf)N@RwXk8SXE2{MO9d26=>SV5h$qX
zx*QgdrI_tX7LMt=4u>U{0*jprEL8;vGM4c03!KWX7)#_gl`B2NUwCu;Plo?(3B5S4
z*ePD(>amK%*MM(|oFj<a^FWXbL4ZTQspgesu>&($t6GJcDmLFe61T>^Op*ES5&Bth
z*nLkq@qg^gW#IprJ!Rv6r*YBvPb4p*GHx8f-CmBk+h(FNTWaczyl3}l<o$e{1$hte
ziACPN<1}&}+7pYs{l-O*w~G_<UbP}`jznJhuV4S`A*LTj<c=mHU$Y|es^T&v<GLKK
zTky246YhOyDbU8Lzzt_azPZPtY-yQ@e0`4-BDWi7B65CF+$1Ks9JZOrdv%Wk^0psm
zA}=W!D(ZZ$+Ua0dw2~p6!@7xD$?)Z_aNZ92&QuO*CBx)hj@b-O=#nX^Fn=fAWv-pX
z$mZeR0KwoFJl9H9O=pSIJDtK6Pcp+5?~H^io)jCdc&Br?;z=<M3k!Ed%z9G*%0M;0
zIc%J)1Klpz;TY)F$KmuOZDiVaXUJr@@|}`ve!)f5WRw>Z!(48VN4VtaBymE9pn(5L
z0#kJ%<si}A9AizP8hw$gF!#R^_#YB-IcnLwF#RLp$BM9xn>ipP^{6JW4dX%lR3cg<
zSl&t!rVT(O>3st|ig7pOFt?T5Do_B-yr@b^=CE*AD43h8HR|ITt0o6#U^6c0vMYx-
zF=ggd3b0CFO?P+O<Wg0D)r6`W->-W4d#^>|T~j&qZe`fqWKV?xVSzFm{|skTl&{i;
z5f^bdTTx$f;@hzQIfj3L<w*hb!a$2Knk@^SHX;#@#=XG8A29@NlBxSA0_4n}B{0Nu
zu`P>`Xt_#W4l6=ZmR!O_4timk95XCsB7C*zrL6Q?`b~u`O!6lTYT0bfU6MB~$d&87
z<}RV11&394l~eYcpX((1Eui+-Q2Pt0{WYrnFYhWR?^~T)2JhRrvuxfsX;LJsU|9B>
zOJgjcG0wfq(9eRy?7PY#`>oG)ko`)EocQOcsqth#Nt=jM&6;FkpUZc~vd=k_Oikv_
zSoS%0QiOeez0-kx4$?FUt3E<pv#|r$Jie2zuByV|Nfxd-W>?u<bI7C!Q#`oSfzb`M
z6gc2iVAv!_uDRE#?8r%Fan0R3ow(+hNha6qwk4kUXZntExH!X1AG6becaEDBhj&ga
za^Rg`Pc?&J7KM4Id>6$#I~O_f&QAGZ-Z^j^@y?U^ib<#dm=YK-@>~j+s^f{*fHs@s
zXKl-gWXus9O205;VD503@E4O60JA7CrGU4n^GriF9@O4^G0ch*z6kse5n)xS9PSq8
zi0urY=D%~RL$a|2(=_bXY>iDeCO=w}jZN7e@hr{auyKl+Y;4Z<FyJ>#VNAnCCmY+e
zJu2DQ%qfgv7JMYI(*2mqv!nBg6>N3QC$@N+C7;;#Lic=PE2l;06Ej0S4X{k&PaO77
z(W1ua?MjdGih75Cjmal=WP2hxvx=u^!)O6F*CbJjc^`TtVe$IZl0L@a%$IqL!m$b7
zSWaKb6hWNGcmSucu&Zzu^xYn_>FRJeIfbHRco<oQdO0l36PV6@L~#nYhm2fPyQQo<
zNjF`F&4V%~fbUw<Z$I8c#s(ddg*LUg(3<QB{0{%rR^32<3U;YnqdI!EQ*lDNu5V4%
z*t+<|l^QS*%ngRE!^kB2`WU<I_7ln|`)NzC%??Vj?}e{Nv55GAufnKgZLu8)+iMq9
zFf}_T>PpTw=rzgNPSh3pS#UU3x18L4;A>9Yy_nh`N9`9=`{PvmyX%(sWcylKC);fa
zoNV(WxqHLheHV>!5{+?JT|++$4m;|WgS$_B&4Ii3Ds(&@&xps}&u%jh$NAR7@ivFU
zalUyt-sW&P&bJ(ni<}O}Q_JS=9g8$~zc$r+CN4_gOgz<cCN6S16I%+jaVl_Qs`Ht6
zo70(iYME!^ZH{N+{P3B0Lt@;0+ide>yv^xkoFDIGyv6BcJi|O0Z;70YXT+Y2w>Y1S
zXGBiMo7Ktqi!!<UsDcEzdyvEaIeMz6w>nI<*EB0%_kTaW?#9&HY<6Jky=H2Vo!b=4
z)a6GjQ{Pc&W9p-)n@s&cVHn<{rbjdND}_-^z0-8cAo>FXtHHwtW<mcvfz{xfBvL~R
z$rI6B{?aB_F5hRSh0EXC=+5N_&9rlQd_u>-SYBvj^0TLFCcm*T%;e=e3zMfYZP?@(
zJR%)d&m{NeN7N{mZ3@}!;?g)Ql?9Z~!u{m`oyP0aNO~8>Ql4YeHQDLq@bR?yaaLh8
zQq@x&dY>G*Cv4Yf_tKzOa_zKLU=~);MuKrtpvvV9Ul8ppOhn8%G+m21S{*W(@fMiR
z^nNzN63raO4g8X69^Ab!l$%QzOyR)F#J&$rw6kxAw3)+qIkNB9p;Ibttc$6EvMwu?
za;g6e#sb=BrQ3%rlE3o+*v9ar8pAW;w0INWkK6&`YjC0>X@u7OFrZC-b2-d!%1BG%
zg$a3<3qyPtzNY8}6Y>I<x32*O%BGPFuc)LCn(NY{5TQeBST#fW{kIXOYD5ckecvog
zo+J5<`&ES;EyT5XM?3sLo601sDRbaSTS6>gxfV5rt9R)_kLG!PhYC9!!23D$nVQG&
zA<nSkqdG--vA$I`j6gu$&yr#6=erogn##q;%V9@Q;JdIpNlFsiek`A-H4UH_#^(tk
z;esBRd%pzK`k+v7J86~;rX<6ei6ItL5$q^bS0qX-jq3c2@Th1|#XCdhOgJoXxTk4M
zfpbXf?Qk;_zW*~sz|h@B;)b3a#lpI#+W2Q!p#r*2ZWxFO+D(HioNXW6jcq2xY%`I<
z()}E6exXahY+xfONH(xxP7ZqENDI}WTDAT5tL!Ln6h;<_?&neri!|fmk3=S~RQ@sA
z31yK!X%sUe6a4@-tBDS87#l9#5GI)P1wCOwD($WbV<THU*>K$F=!NC2g<t5-@O9Xf
zOtDlarUvj1E&?{susU2g1t;#a!5W+xPS4I$-hX!~>ehC<1FQZ{9;Zk_T**`r2efDq
zv@qnxrcSu<eZyZHDn%5LIFP||eG`3rZzvFyySEVxp2Qe7tm8*7to%^;v;DQP8Fa5m
z7UVrJU|#GOlzHaK4Lai7$W&U2jdz(imrAtc=u0eooCzqPLQBK%_t(O|z_w(8=`grq
zKnO$f&|9yB-NqIbMg>gXIxRY2@{{@$-FbTy=X#aHX$i&ul;_fKC~c34%X{ZUaM{D*
z>rfz3Jk)Zuge8aKiOjG9vleb*(37IZwQCu$V(3%_mSthE)KxU|#!F?<%!Zm~Hj;m{
z)lZXjj*55wr5@m<I{%Ud??X0f<Bz#mtEy~l8(S~Y<Vk|V{IO=F;!ee(a42~nEF;Yr
zZKh|8n5|?_vLQ*uhnB7MJD8Fxuo2ArB%on9s<npKrwmS0K;v<(16JfJ)$t@J7e#`G
z+9O=Q4DDWK8t0a2bTe`8$cGl3n~^GUZqZ$Yb2cr#T&}KZD$rzIbGgzu3~r`^C*xCG
z;IkAvImZ&We&|lO2*G-(XHG3s-$854YpX@BqjVl>rB{Af=1Q+g)hpcyMtmaoxCG$H
z)+{_HP;<J+oRbgszHF}E>eSffvu6iEFSLJO;62bjSpw{WS}S}5x}?cfoZBj3*$L(<
z7NiRF!7T`w-F#q_MQ|HIuE2(k@rNqu!@$-i;q3xMc$Zfs!W*;@-bc8=I#$a2h;|HE
zvX=Y}SA3}g2rgcmWLW6%iZAnwfTXP3lhhL4axwwCHN8B97~uzU)T7@qvI$eiYkn9Y
znO!2P2-Cz-uUTngBlzkAfj@+bMtIf|PkVw;#UHkmeHoT2M%bH^q=%VWZph&RYr_17
zbW~vcUc}nS{*(T#OaDG5NB7M$<ki<lIm?`WhC#7cAcI8><?mz92smK=miy-0XDs`s
zC&leW4*d&50d<1ApPPpfs1fkVJ(7z*<^mt2J<=4@6ib;_7;~Dh$6>PsZ<<or4BZql
z$f^cMWSezzu-Z>)sjE>4A_ITI1qQ+`TV5O1*OleFbPivTp^vud`W2@0fZUnuUy`G3
zs>U_GFviP}jscZ944BTsoap$*C{8qCrW+@kRT#^OR!lcJ(RVE=8ng)0k*FjdyWQwW
z8i%bjSX?5scv~4nsP~NW5h0tTexya2L}*-^CPHZ(mVFq1tb5$X>Vt1*GLem5xcQFZ
zuZ3F}^r<AwDSZBZ;GdsCtFmVRdIml?R?#wuJq(6cl9X=3M*&S-SA3|6>wm+}3i8v&
zj{~Mq+$ur@CxQHSEj17&Fw?g*fiFKQp>@4gK&3^AgyxsfQl79kthY2Oc|hCA%#iI4
z&J)qYc^RgFq0+L;9)H*Xy|B+5kcUG@kAXGKyYEIEhS0EO6GvMyz0aqn$fM91B21l=
z!{1wkXFMmJ&R`|20#4=!BSMr4nZ=qP^b3*s!70Y9m)Sd8G73Qt`5vP3Mae;TXbjsH
z1C4|E$`Nb#hmJwIRlQ}qqw0BJ@puKr#UT*|f;0~8%_KvPgV+;0h;huI6|sS{CjJFF
zBh6}Sg+L<e8p#9h<P7h~5pofF=aB~Et$=OO_I+$eL%C=hJpw;~ZJz|>l-k>;RFjNj
zy+-*~tFKzE)ArT6@~&R3ZeEd+41>0Yf>GwEji84lRaUH#103yD@#sH_%moIe24J?y
zvFZ>*G7#bOhh^1GFG)r;M^f>I2K_eFZ(?2NpJ9GM%nM;wLjzfz+#tOc{#ufU1@K+C
z@}W}J6zx(nqdCY(RwVZ~DGWb=>601558?L#b*k*JJEVzmo5}ik)n;diVxM!EEYBM?
z7&hR-O5YosvBQ^ajc~XuSU!!>Eueu<YmHKozO~GPDN}TWlO5Yb>LA^Adi=IeZnCyL
zU}kjNHw(?S+fLVQmllRZz-OM<13~Kv(Lz!1b@;S`Hm@GDQ-YDu{lGXgLfWW3Ar&cO
zyvonATf##dy{Ex}e8%kCLQxTH32oCQrY`*?ilSmm7){=CFeKSZUUE%@{j{}Qtu7$^
zHjFh<v>}J9t(e(hZS+7vMcL7g4}-Q{PD4mhi#TpiC=f7IF1Ed+n2=QNmvBiUQ6rf4
zKC@NC7O*dcz8p@rlHcrF_%6($zIwE_PYMS!80nE;Zn0=Uybg!c<j(!{;{ahAX2A3c
z0c^nUHif4#v6@#7yOr!Dr5yt+3A~#JuqGKj(_SKp&w#IAlG|fILxHRV;yuWeR9II_
zf__YcHkAY#@Gj*8dRJf?w67$$-GGKP#f~r7H?o{bX}SoY0k@I@68c`~`L2*OQ&yB!
zhDXEeby$)j=YB90h+2Wy;V_UR___xIq-;>G7MI63Tz_@i%NW*#-_r!^a5(;wKqFg^
zT9J&V@XbpC>trLsK%x@zMGy`6Sm<HOS67K-^lwO^Zon^*Dg)NPlq=*I*MG!pN10mq
z8tkBzJKH)C_2qRa@{o``vt`gP7yrvjDlq%1Pv|7JwzX>O4wy{`+MX?y&Ls<O%6cC{
z|5g&8d$v|!8O&e_kojJUU0RT1nBtXVxY9cM%j+;nVd>zHt+-fQwzgPlgg;Gj*hU`k
z8b5X1KVA-V-Vxd8flZYpUM~J1NO&nHI^g4AwrqKsoT$J|=$Xe_pciJnOIs!jio7Bq
z3^bsw32{F*g==25&GHLFfq<-;3`vY(lO#{_!B>*#KNxp}F~k}^Y{KCKDPntq<XYN<
z{IV+mo&GaPO4~n7xx~?rZHJi9?+cRzrqk2pJP{5wz~MuE_dpf0QUGgEq2<Fu)(^y-
z=>vrsu*YwZgjF@R@epI^sSdRndb6^yI>k~`u>^cSMh~wK>CA^-xP#%H9A02p399P|
zNp*arf~o=mxoe&l0)HrZUNtELr)OamNSB9$CRED6Do~$cRd`k4kNA_AQG+YJcMX<>
z`Z)(`u`D|JdFo@;nuz>9xn+10^^QNP{nF*ZkU=$O;G-PIGg3!B$}=!42OsqtnAKQV
zoOtWYCUPYuzcM_evOq!SLu3$HS4Ht19*SHb^Bi?6+U*eC3p7!|R7bd6H}f2>GMV%|
z#MnK^>In|l{%9zQm63~gJYw+|R`=`ztsx`4{Bf*C-(FQ0DGMBf#H4fRx7y6MS2;i(
z!}|=<1XgK+$m?hqENrHH-+Y)&VUM$X*o;F%7Q_eOWr4LtV?-{nwizw3F+IwG{YV~d
zsz4*^>tz+if-ai4T;IA<Y<gYrU#NgKki#M)RGP%;3!+YmRbb6(ro!N8hof*<oJ!mh
zOLa%=jI|<c!s@UOcs<?5Bl>q8S-iO{ufyzMg?6rwk12)f!njfGl)v!Y)r<u&lf#?_
zhAf=PtDvVYX4Xc}FEF!qbNazy%qIe|s?sM{$sshY!mD9}d$3vqtPCH~?6Q1WoQ#qC
z45DyzXOA<cxIvFW(dy_Sc@f~5dccAcW|ZN%1F3<669l$8bPH#KZ^FPRs|@6@C0z3h
zs)-F?yR4g8OM)^>eVVL3RfC-;EUPix+MM>q|LTMp8F65|aqGBsyH7BN)p<3n(ExqW
zQms%83PhSIAyX@x-k2E+d{~`l(5&t>a~Ra17j?N@m{-uyE`!MBY41hzcP;awzWGo`
zKjhT;3ypU2z-YvhSjl1A2`%VO8yF5ZaQ+lyRaN?8*$ru%3`yD=aOl`CWFS`aVFT{P
z+OG?2P!nrEfemUlmwzI3Mq*q&BPAKGhAL#HFz93<G3V{M==846R)MOZq6m_Y`U4y~
zEn)(}hY#=!tlk(Oc%J_CV|5=sFa@jU&~pwx&?x%fG{}EAxmO0m>QM9yxlWd{WU{=3
z{D(-wsLrA28I`l>;RO`=B25mZ4u}6@K}?rGH|bPkO=laENkXQi-4qMahrV!FM9ehM
z%bVyD=;8M&>QqVLXhk#hJ8f0Lp&FxD9d#(m&+_Lek<YE1;fTI!Sc!Wvt3Fn$8TnUM
zH1~QMw?t*gq%I`-p<3s?!<|VcjFF6u<=}n%mqZgOFa||L@;rri)WQ4U1A&!)td=f|
zzO^K2AuZs;%2lvB_hDrMcV-Sn5U47tr5cIkN9j3O)la`NlyQK`hgS|RKOctGN12uY
zbg&{tpC922Yb!^lbO~OASHZ><l!e#zVNJ~rnHmDmK?>895e{6G)flVtNANDru)cv+
zc@E{g`GLR;UI(jZVMbNV;a;p+2eY!VW)mubP?7n3m?1GD2Q#w~>tN-d%ICZJ&#}G_
z(Welk8fn4bG4KcSfkR6{f9V#I*hD3kqe?QUNFu<`I4leWD2fUGj913Wb@6Al4Xj+3
zf>z~FD2`O#0Mob+Q~f*#K~c<MBg2$Od#mg|K$0D$a;zuo>Bz<-U7}lSGssZ~B~Eak
zf%oyoCRR`c6}kK^B-=_4;C;}-P}0kN&_eRRbR+yECw7<VNnc4|b<Xew-W*?646}uS
zH95uKyq~-)%&629Mx-e>$U-ra2%(82dj|eW1<$8=Ig*a!^W4CnTWs^ZnpJywGg6V?
zE!Vf9vIVWLu%$A*Cj5SK$N7O!s>=W72L6M><m4zD-9PaF1(C?o0XXkdEi}>i2EU?6
zmp@jsGW)8f;+HC%%E1f@se~E48SQ<EF*RjpEx3UnL|zE|8xK(Q>gv2PA?goQFAYq|
zM>2JIo|0MpC_DQ{e!r+gq3a$ICiU>}oGji#zDw7B-6Kpq5Y8955$WOTK{IY?xQ-4<
z6t~(nv)ZZ=W!xD@>RdPLtW3PlcV?XxiPyPtkeQL0;0=M<oGd>o!;4ZH-kM|tIV}B?
z++EcOrK=+2@E*fd@a7_e_YC<Yi@qn2gV)ff5i>;xHx!LQ;P)#Lq4NR~5z^qwYL(qU
znLo~tn0^6tS;L6HWpcPYU&Yviu4|YfnakZ|K)~>xNae5R+cQAbfMY2_g`^(xiJASP
z`x?fu4(wVIQl^nAMuTFcpOhhiq;fbxlrIg&FJ}y&;gaf5vIndKJ8exiExSoGc%^Ey
zI!usl=29+ZAHM3RW>YysPRaW!67Q}Co$jS3<qoSS4@-BzUyXnitg9(KX+4!UK+g5>
zFI7U+I|NoW@GdToP_)=1?={d<)yD(vI8+Rh1r&1F{7Z&yn7~wcj*^5uN;+Mvnj5}J
zk|QE@YakqM9C#f}hc)#Xi80k+@&_uim=81I&r16MM@EGq6DS+n%Ft`r5pDH%WT?v2
z;IqH7!45gh+0Phx@=|1i#`<qvm0=}({7RN0%BkTYrmWHW9nu@+%<zyh4C-@8#oGH*
zIFCdZ+Cx70?qkVnzLmQr>y9iP>qG7|Ixq=?|6EHHTFjBJ%p*;8@~RYAA%Gc*%9AER
zirRkjG+{Yz$g_MMMU#exVuausM@(7&%uq+^<Q}-Snr>p3<^{0^bZekQr5apH$4yjV
zUEomgij)#}w4x{*gl7Wlz+{jJFflKPFL0RF+K?YJIK#>Y)}w4V3JV-wNwQuofcJ4h
zxxN#91>-^Z;7}_DV}Pk~7<B59h;|=0WHI@ok_nrjz&qh%2_r}|6g8LV+5ofR+=nz7
zzno!h$>aq7iYs5*E~$)S?^evk7i0r12*p4B$e?sBLiv#X2WNN}^hlKj{y_!We`FAE
ztSNW8z@~Z@l04QjFvtb|Ld`-}%7$wnGJGUU#Yf9jnT3AM1->M?D%{|*-M<I1Hiv;9
z8JMjDsgaZ$2&Yq)7$NMR%%t1aPh@u!z-PE18YHCnW&dQl+B$r)UZ~nW<>KR9;8V`E
ze#r&CQ0`AAkQ_ce#{~wRKRwR{2`Mq3+J&i6%%`CHr(FC47x-uAz8>Us&x{X?@K+z9
zMb!&9ESU=&nH)|Yq+4sItGpId<tX--RR%>>3E%^|%1<1s43Jd@t15S?3eE8yU7<x8
zecWx%zNxP8ONR=BWQC!TLDB09nb=pp9}qRz7Wk2Fs+B`i{bZGaQB{JpnDQ~007%T<
zt@92y)g0f|O}+2X)EHT1e7Oef*1Pk2aXUukHbL{fBMen^Z~6GTLl;A3l@TV6X!Nw>
zf!X>%`F2Rci~Y9l^*x7PKbKYd#lYgfb(Mc4S|yj9&?!B;LzO<VO8=-T6$CCy)|Hkf
zJJhmHGaf`PM3vOj9>{d#LzqM3gJqRrdPoHz@JT3c#ZY7+_=r_K3x~tMhtlt_!@v6h
z!*n<+d25!>hmZRZs?+Hh_^(V}3%o%!Q@(o;t|m+7@K<6ww<-v;kQrtvLmj44<q`Tn
z8RhgNMUzsqAD^KTz0+ZT@D{Dg7h#Wr!!t~!K{Z{4DbE6>FCtA<MGj-OFqN{*t90Dy
ze<g0CypB}p=bkNsCXbeqUqfCEAFhWD;6s7;<={Ozc%NVX`#=shBz;mtdVY|eAIy<u
z9;Px6=U^ZQf0}~<zx?;X9ISUAHk8NUhwEX(TJqm|cVh#1Tb<nlyoN58Dg|L1^a3;z
z%b+w&quxp}<^CMJ%P;>`LwV3I|9v0_@A@J2@&K=j_3PsU56WJQ^7caTnUTySqO=Yp
zN-`lz`1ery{dM^F$YcfaOb+d92~rD#%2riFt1%ztjO<ZOLAi!9JvEQ+;1Lq99^-K4
zk5Yi`QcL18Wq(pOei>Tco;l1>SggTe`c+o8a~Nrf$XyZo|4nxMBPGQTvz{;;yPYsO
zY(5<J`l_drOAQM-7A!h!=E51~c3rXkuuh0kSu5-6VkQMS1}~H6j@=)rGYEK<6s9+k
zz-BP~Zw&8*W)u&&do=^S^4L^ONtkaa)5bAn>hd4suvi`=pA3hjRVa`fK8h}!?|AW0
zi^H-tq?XmW0T(bn92YZNJ3=9wzWQ)&Xrry6sf<s>>2Vqw<J!<yW<#deX>&`!$S>n~
zoq~=Oxt1~fiSjy?uTm%-O>)rcj`I^`xf;+v^%&*ApXIq^YOP+;Q2Wofo4Z-YdTfmf
z3Mgv^c`nJ7mYRLsYo63KqZX>SD_FjX1D5>>fMvk<0?Ttemn37$<l4JW?urF0Kj*oY
zSjoz5!oB8oXRwrh=?0b?alo=M0kBN^USRnd&!sb%WpWq3be&x1wGptG?w6LDCGIu5
zt#t&;8CS6MSnCd!1qpy<;qAtjgYJ_XvNkTZ>~pU<+!-vzu3#A%4Hioj+=&T*Wz+Wp
z%kw;!&XAVLZFZkrz6C75<hgX5wbb0;UUP;sSk}9OWo8^~>7M{t4ty`LIIQ_1_sK1_
zfaL|AOLq~Ln)BUju5bp+JXf%+iUXGR34rDN?WQf0-6yv-K5d!cUUR!MSjM@6WoI0)
zT$oojSUz3%eZbO`=hD5BWpV@ECwIgGmS6K+(tKHJ_H(a!+!-u=T)}cO4p<H*0G591
zZu2Jk%zbi~ZJVfh^d|b$z2;SCu(Wjr%k?;5*_;4aCak;7oaoX#*U5EU7nio2cdyxH
zog-LE=DC5T+d6l!EJ^?@^KUm;4!ciokOeHi;<<EtYpHp_z2;D7u<UaM%kVg0nVbMv
zHr#Ho6uM7tN_?<va<4hf87v!I!7?KbSOz8lmVLJyEKA%cx7Y%fmv}Dz#$I!wd(CCe
zV43d<mKE#V#ktQC087d32Fq0U$!&>GTPC^J+~y3H39ew-9tT@4%`F=&ZP(vsuncye
z+#w5Ca(ONVys*?9;9m2nGg$h$g5`J|upCYREPZY_SUR~+?xF=Ozva33ioIqB_nO~2
zgXL3Kuw0D;mcj(UGVXSR<=eTglk2cP?wRPKd(BSk9l>&bt{Ygotak^?k_5mq?{<Ub
zsQcswthZuI^Jr{2<X&^IGguC|f@NqNuuM$=EbDJKShl%OZjuEozu~#q%wBVgd(ElN
zVA<pfmT7UoGB^RS6yI*JEOVdSLJL^_gXdzdz2;)~noFF)vd|SQ%i@5gQvzT)bGyMZ
z&3$s4EMR$==i+beHK(}OEOZ9TBv-I(ivyN#=adbW(%TJ|q3)AAU;&GR0&9?a&BM-M
z8Q=<*qwC$pxuXeyrFX$?21^(B$(^@=#X%*}(Y@v+XRvf|1<SW_uw`2UU>S3}!E$wu
z>*PKyh^ue8>|XP;0!Of1oZ|+TP6h5@S(X4;=G<<u9Cx2wzk;|&#Ut)D2Rei0kSkaQ
z#{tW<1i-TPc7tWR`{X7R#N9+&-D^&E2Fn&#uuP2umZ1rNW%um{%L@0&%`dQCh%}GZ
z>n(M!xyTtTi(SF8Bo0`*BmkCEw;L=o+$Xo8ATB4$cdxnG87xy=!BQ9pELUfj4VIg?
z8!W@!C%3O4?)BLa_nHTt!7|7dEQjNO<#+;M>AB%HgQc7M<Vp(S>RURy*Sz2imX5Aq
zxfBO1+Y<oGsM`&e>$6=a*LFi(PISe+X8R3}V7WZo4J@B+a2MxRBmkCKw;L=c-6z*)
zLtLfhG54DNoxyU%6)XccxMRzV1i-TTc7tW7`{c%Lh`Wi3+-pvB2Fq4guuP5vmf;D2
zW!LQn%PRND&D#)HZdvYLbAdBhmb!vvQ5>*zO8_ii-)^wXbf4V%4RJZqboZJYoxzgt
z3YN`rz;b<7*<ktZc7tW4`{askw5548Z5ifXbH6iKhPZ;|U>vZVOaLt1H{NEj^l+ct
znfSD&t9#9J&S2^63YH6Tz_K#|u#C9fV7W2Nb#kQ^u$ajNEH$sW*KD`Z5iD0`xq+qq
zMt88RN&qZh+-|UZ<373G8{;Y#PPo_X>kO7-u3+gO2P`ua0L#jax7h&oEBDEb*%+4-
z?QpL--We=Ku3(wC(OsMynE+UJ+-|U}ai83rjd87^R=U^x(itqvUBR*-4z~1204yhN
zH&|x7Pj2nTxD5IW_nHOHV43a;mW>;&=HQzcpNfTcb8y3E4({5}SE}cysGVJm_rg7K
z+8OBD&Joql)6`C}Y-fL*cDlK?Q=-}dPk>t5AY0lTr=`-FuBOZOmNv<j;=$;GYfGIs
z*;?8nTiO<<rDLuw^*39}rIxnImUhHx=_}Wk#@NTSUAD9<PD>kHTbf~SsZh356sM&n
zt}QJtXG>qWwp3tmsZ2PHb!}<aCUZ}MM<Bol2Bkbn2xbFZTRmFN@pW-+>AbzA&9bGf
zaay|hg<DIv>@Dq;Eggu{(mB_bx^A}6g#EIeLvdV9j=8qepW3NG%^YTYI3A1B%pTWf
zMr|$^t=sI{Q2u5cgx1QL6~t+2xob-c%GuIv*Ou1WTPlz(ZHm*<1lN|fZ!RBB4t8zn
z&}MVb+=T!i8T@`~@t|z+NSr0?>DuCH3nm<um~bLaGwofQxkAm{nV2ut^%-u>wA~UJ
zO+#)__=rd&0p;?iElg)PdZj%EOV==lzku{yd{+MRru^sWH}LoL<_-LV{QF$w_aEio
zpS^+2<=>`}?|+tmgOT^YxBh)T>hCY2zQ3sdzM%j9Eb8~K_1|CVzrWOfpVEJy(SL(c
z{X7#Hx2^oMF5`<HS9Ja8?>~?9`=&1criRCxy52kT?|YDzi|@;)x51l>@5q1NmH)ga
z|7l_Vw7+>TT=YZv&(CBVLHQ3g`IavKk8sgQfuBRgTzpJEW%6H#?GnC->mL|QVfZIF
zPF_+R@++v6W|N&OHTH+aJ{^Xq_Yv*=ICWUOZc-R#aQOU)jy898s0yo$kHZNS`r|i2
zd>tAZm<lfku{AW3PcH@W88GD2i$Q!I9+6K^1@TpQR6ac!#NWeX^67~n-UG{%3>`tF
zDI7^M@J?tM6u6zieFE=<UjzlNVepuIej+IFCD@Q8pXcNS@g>+t<;T!-2|f3w=eA5f
zmxknXA9_AR&*SL1n4ag+^Llz-PtWt{xtN~E(eoL4?nBR|^xT%7dne21lGgHh3_b7r
z|JZvMFu95<alC8JoJ!xG?w)>6PtQzu-JZ$hHB;R)NqFT>0L2F#0<J&SZA3*L84?Uh
zNIIEhl9^#60=kL;bQQs{>Z&LMEBGX?BDyL*R&?>Xt}g`C6<_#3*H!=DIaT*|&x?n+
z-*5l_@1HN<ovPdS)~z~q>b&aIIb41}mp{klPjmS$E`Ni|@8t52x%_%A|AEUd=kjZT
z%D*^7<+pJ8J6wJ*m;aT^pXBm~x%@RQzl+O1;_@4~{Ch6Hg3GUIr}8fkQu$^se~-&|
zaQQwie}c;&;qq6wd@GlKz~vjb{5vjR#pS<4D*t+t%5UcK_qqH}T>cW5@8R;@T)v;n
zw{iI)F5k%I$GH4TF27Pz`LP33zLCoharrhb-+!QnKM-&?SME7bQ}_!3pXC@QA2{Io
zm0t^p(gW|N2ObjeeSYB0RQrK|pL6X9)qW)44_tdW)gBS>Dh|W)oBcI~KNau>uKkE=
z|0&=fx%MBnb_dt)+i%|cDAzu2-}@Zb-fw^VI@fNY+7AUh#I+l#_8S3@a_t(b{Z_yq
zxc2h>o?rQI0Ub1u-%gmWzb;G<JVLea33v<FzGG{*bM4=#_Mm_dbM2E8rVICS?L$=i
zF9G*+?Y0Teul&(|=B*QEx&4qIc;kfUSDtNte+~V9JmfiQ03SX7Ls+%ans$N5OZXX)
zgK_w5sD>9q%ENKGY^BS~=)(6d@vHQAoBexf@XT(yTo$~?rCoH{NtYdTxsWbfg0{8=
z)$!oh@u0nJbDM8I*SxnqXlhH)OMXPa586BlAKu#_-W-vltvw{f2YW*y2!RNN+QskV
zu@IXELLm_fiOSAhjmqw=m5a9QYwX;)eb1K0@JO|?d*{wZW$&KdmF?Rus9b#Eg_ZNq
z-+kfM<JJxD-g42_^Bcq4x9!-wzcNy-Y};|+_PrNv3Gu_WQn_GTW6zvBA+3XA==@#V
z^o5~ND72?>(M4Ov^;YUf<G`*hd-T>&8{gixQ*RAHD71as1%C0s`Im0jTSM*i`|fQ!
zE;e`1-?L}S?uIFw`=dc4+qYd{e()~XyKQ@8c-xMR92*)%$Z7kz1QRIw(RLf3lLG^0
zu!93FcXI}at%_q4cG|!KL*{UP&IAI8np94^_`rQpqi{`<5ZJ2Npn}KKp8*ah0djzU
z1dbk^A%WA8$~J?E3WuI-8$lDou@AHK*JQzLGw}yAn3f3+Sx}Y<Oq6kri-{8Uu0{a~
zj^sR{uv@0Fw}jnQT*KE`ALr`YOJC~3<9n$0CQa!OOlazd;%*_;9C-?-*>R|^+)p9l
z4~J?toHC-^j6!x|Uq6aIh2egVL6ziaxTjP&C<w|ijyizSH6fAd>w7dc6r*A9G0_Nw
zgs4ywZV+`sQX!KbqU^^NB#tgum>j`yA4jk9%A5f_>f-8>_M5e>N+p-0GBJR~3e>RQ
zZ@pW>x2OFu(57kXcxr?*Juuv;shEMjaJ7WDn=sa9ocy@Pm>FoSU*QJ(*ryFRIH;y8
zPxH%YgH51~-6|@<Z#;O1J5!a~L>5;lWD!SYM)8k+K0l1xP>({o^0;QIp?;3vC|tiC
zj%__$!LyXYVdY0G;|OL&sTHD@RUD+j4d7re7PN^9YhrTcJdCK84s+~krLdP!K!Br^
z;+!Fv7WAbAX3sEroiYA8f>yPJ{RYk*Ne=m&RT$^2Z*(0-PIk6dQZwd*(J~f`m{3?$
zR8AD_)&I0MG0gYU*E^Jw&qqvWc)r2}f6Q;joHEA0ig|=EV?tw+$J#P@ZHBCSv8bDa
zOrtJganVt0MPSbI$DDKN69HmFTsKo%WAr!_E{7F`{o3G-=AfXi+=xlVYq=x^Rupxh
z((8xa5Hg2Ju89F<B89>>ZKA{~j;mafY3v#1_`N3dM;X^ifumJiS0q5&hUi|u=hsH1
zz_RBD;-v+rRxv8|ssM?{WO<XxKV8E}5b~TujTSj0oC$N|{n<b2)*lyn{;AyZyJ*7g
z_nTUuNuIl&Yi&f{3^}YI7G$MVsg&G#|1nxcEOI&ulXrKYwl5!OdD#R6+F>&@2?;+B
z)dR3qq+2QDa@mE29xPStqRL>o<WnCTLuemI81jOV)Pgj7^X`@A-J>riy?GxjNa24i
z&uiU&W&gadyl`&yZ<<wVHZeZ0S;DTMt;wg;<Ctn~y2?@W{gzkHeg2%eo$6>j9h}_w
zB+#z*6w!1pwvC{P03B7$=+AAm%%23>EkL;aOC#LwCNLjffN;d*Tr>Z!2``VUEMG~t
z;=^7Y3`Q?9k&FFMTI>hvMM^E*iNe!B!uex!|HqK9>!~3jt!sgKZ6<t;dCxVqVOwiS
z4#D?Nw-Lj+5yg$HlmbsxSn&Src06vUDg|~w-Ojkg(w}Z4-2}&{F&2MyS4}J_j$)l{
zR1oth<T(lvE+lpdiF&2N@y+dR#)$KEFu&JN)mv$W)U?DpDu^ZQaG70pY(P9&j<qg9
z^LxxS@$@S!b7+<}9O=4}Wb{sqNo6IIDhkPO5aKYB!KF<My9bDbW~x%ls!X8RW)^_$
zYyTW5_0NaPbIkp0fU23Q&6_F9PpUD!u$?5elT9<MCj~Bp$T&%v8TZN{+*w%)rGj{8
z^!Fs0#uY3l_4{GR(k2~T&B&O3hMP`h>Tp@j>;*%o=2Wc!4Q=m4P3Uouv`Qh3$MN0E
zOu#)5R=r7LOjauu6VkPgG1=c*?3H4S=b+aHQzx0FWCGQbN<)t(O{dy)9Z!RX!W4g5
zZcO8G{52XzQX@i!VGb|Wa@1sBMF}N^Q8|j(D_<nzC?HkS%Htry3Y{wB#9$LA6k?nN
zSkZzPMB0g_7|~uUuZ9J9uFzOsNeEoD0oY*&6P0V}a>QcrrD6%%+g9Nr`Uz^=n%n5g
zj9ti((-!Krn&_CAgEM~t1Y|)vj(7@<EW+7>!X7?D89|@mb3ogO&|`tJ5tYQ$?B~@S
z#<L{R&o@j+>x{)yTqoVF7?usj$2enX)Z-K+9Av&<RVqHLIr)Yo;d~QJo0fUhcEv|=
z!rf>cQ?SQ88aJx*+(*qCV64-8E8<6rc5RHiO@6MBF{|#EF=}AFO?HxQ;Zawj1a7fX
z`$K=RT8gy}FZDy+2TaImQzbjS+JxLA5XBH*%yF>m^Wihev(lwnp+h6y{)E7BY+{hs
zN9^cM=Fvs!)Rr03)+OZ#+v|18_F9R*3?b`O|1TQ-d)&Y9=nXqyMH5e+!zcS16-lZx
zN;scy#B0PObHpR}@{Jek3Z5m?7%O2?o{VK#!lWx*%nlLJO-d+u(9o4iAZc!E^0V24
zjRhQa9#gF}nd(#JrA#x+3mNK;W(Tf9V(Hl~W?=h>fyL{@z|zFQB2v@*T1XN~*vP9s
zTl@bKSJPO4mk2DuBy+6eRHb4#kiZVjcsq|vEeh=x4n@51QY95eB%CJ@!BrSNlX&2n
z%mdRNn^p>Nn$o&v*;k$s{<W>_Yx|PyYtxfqU)2?Mt$ZvbT96z&WVLm0St+nrVU`Cc
z(<RK7&>=KV9#@f^7pc+0jv?vEa<R%0XVZjSjvT>)w6Da5l87>iE1rQU6(QiuF)86P
zE&Va=5=~l6n74w~AAv55VVlc2$lNky{-o#Bw3UN5b8`pOQx=Tlnnml1N$?TvNAox_
z+@+e*3tLH8@y{^U37Ta`OZSBsmNkqF@M^I6S~R9$pW&{hxdap?Y}3{*+f3os!Y~yk
zRKPJ)u*1U$X@_Bx7<VtHe}br9l8aIohy=)&^9C%NzpJbWLvc=R$kaB@`K>(Xx8OZ?
zQj}X6CLp`%s+t#HJJ)qP<1f=snM=1){KOiI#Vdt@cvr^eZ$XIF7+l^0fG>jyg{dBb
zPERYy>Bg>w5a$FJjt;0DTOnk|)Q3!U$kbRPmj4ihqFx%LCq2$@J`k^%14Q!(;WXb}
zfic*weY-^muXK;sx6dwj*A~&wS?nXs`2T_RRDhK;^3Pe)W$TbPm%@5-<b`}+%ae_v
z%pf{wwpGEXsr8~*uIv(6Rk!ZE`{_&YdivZobb0k629z$+)^j{r2L$3@*<R?mgk3j#
zafaWUbmqzShuc!NQ+sN`l6_@Ry4){`%Y*JsFSbbAL`aBLCxt@5Tb2I{wl4Qvc>azZ
zTXsLK?Mo`1w`=#dedjl}=&h!q#Wyq;+qX=NSVHxdun6!eyPO3MO>2jEB}6=2N9-cX
znIB_vU7i@^UV(ZOv0%-NI5CRlb$GHNpH{z>zA%==C=_^8Gbv#oBk&~xv+#>4h3R2!
zxO^6~GK&Qlvwc|TCzhV>V|^<x;q7ho__wCC{oN#@6h`>tq;&6Y6B0CUX`K-4%5-9w
z_m>8&7!QudsLWs?*fAoRcrSNoKYihCPpU&12@i3H-uyTn`Z0Crxi!RYyFy|s4N7vZ
zJz+sa6l)#RsVFI;Vc1Rjbf?*sRB2<Yxl~{ry6A^(3cDezaNX&cHaXRd&cfLr@gx~j
zIJg#1>cPR~B>MGJp@AYN;h)0<8=hj)sUz!9kcJd~33jmNDwGkf&ZGw#0v$-xdQVWF
z6Z8cCW!Y+vVsLhtU0#0GSs{xugSm^)DP!jl^@b;2^X7G^t(~3wQNEDdL4SMF0>Q&5
zHQFJAhEYPw>*BeJ6|HV<DZB%hvHfq7_Y2{HhSJ6^LDQAC6IF2SbY<Y?4iZ}*YN#S+
z;LRNh)9}59vY8(<#g>_K?abZYA^h(!XMjE0H~(8$VTXqfba)>2Q^y7LTHW%1>C~4W
zzf%dgjr(zbvmZ;KQ3BrC!CU8l*XHlmVq`OlzB;B|-mf&QP5HYJX1$#fC_nZQ<M&2_
zGu*Sgjt<-%Q<#N&b}RegbO{lD9;03z*{v`;f`#GokY^Z7maQ=+DdOERV$5rV>#GhX
zEn=NhLxtMf9U{{CaqdW7Uc&v#%Q$x^e+ov+7%yXVh^`%S$N;luHcvc6`FyL5k%U+_
znB8SYR$!h+su6?uChGdhbHGZSHjCA*&Fgqf!uMjr@_nc)e{Tq3gy-!7P3tJs*4|Ft
zceELU!+pP)aWzjwjQ)<zLtTVEKeP8sHK&0zEs0t^)Ycv$ypQopqDzV|U!}|8P+NQS
zXsE5dvtcEGZ4F)}ZBqLkP5T{Xc*N%bI7@#ZSvS3dokr8C&0jNdW}TNR9AH7jp4Z{@
zb$kadvA6@fXsNd^+3D~&_4Nq#`mj}r6NexFje2v44UCXrCL|n#TA<m*fv6LltEfcl
z=v<ARo6#v^XIU{~4WN_baiq$aaZ#7BQyN?#?vkmHP8^dJCQh?_bunQ{6?d}7pQjbn
z{wk%YU8BC9+d`e{MEch9my#}L{Iqm6?u!xa+NMDBjYUcOx6eFCI{P4DGp9ReYf`AK
zT}rr&;2NgS5Y>>Q)&?<V=QBz`?4&Pb44F}KjP*xFjqzVN->eWNbKGbS3e;wv+AI)|
zo$!O9w)QyH)6`s=J#}`}F(Z4JgKG<p4u~-mIz}U}<7$f&Bj)IqS!zVlk`=qq((u3z
zg@pmk_ANru(rW_xm4O?RL}(x0p%&+dcP0hH-k{Dd?avD%=xXDj6F9CU&E8(x!w!fa
zVZzV;KdXWas#$_gKYdCBo-{%xXK`fAWI0tW3N`Y<GnWy)U1k`(?L~XLYHu4mO}oFx
zYdX5t)Q-paTEk@(b|l$RDDI-#U=0j0A1f;7ST*)kz7c~oY0_!Zd@og8vc(Qb+?NOQ
z42)7aHfa8?ImF4@Jxs|oMu#ybk0V`~yGB#ZGv7c*Ue9WdZ`7Jklrp{nYpZ?&Iz+_r
zz)?o$l;LtQc`mgKD^=Z>gyIq+0`nuAFm@5<tC)H|u2<Mu4-h&g%_gKHNm8N43JQyy
zI!BK0-5_0g@doK)Y#*W&63$TQWO8;XRM{ymsxUu>*>TKQF!ln>mx+w=RgPdr62H3s
zvT+X!>40H<B~A?M*2@fr5-TXy7P72Q#|08+up)$JZ#<=Oy~%vNUg7cHg3&-i88s5(
zo<gU1>#Z1v7tCUefP0C;JalVZ501j>d1GTWbRefHLz^m^cOVFmQFzCUF!Vhs;l5CV
zP{YG4Jhn??9$wk0xU6cHM*mA(STkb9C(<!{hnA$_5g(jU^O;1xg_~_;Bkz#LWZM7Q
z-(E&v`%_$TS=BHG?~dCHS5>SSv`Lyj6<;JJ<*wBz9@CZ(q9e~GDdMinNQ(G0w|W<~
ziW2@c&UrV9$45-=ONO{4aVXF(I!`q@YWuNMYI_XxndTd2$$_@^(vyu^XmPv!L<U8>
ztg!OjE}>iSIn;Kz*yz*k(9Il7VFF&PiQ4ybvBo84^E*75!_;PU)?oeu(hD+Xm6b5Y
z-iP)Ot5rx}V$HjgtZ0TG<bJf79p1KahID6r!CMgV4aJ;88;-CROw6-wbeuWh)!0<t
zBQItc2uPVN#yuoQ!9yJi^F>tf=7wQ{0>0WI5Ho4cx$3fSpkMH{X%8c+VmynURGr=0
zdde7sBuTSdbqOPbM6w8KJC&KkGP?^VJnZpWxv?WRVyA&zr%TsCg(D;A$m96u0=OEB
z(5<jj!X|CfmwJX*pU2B8JBHmG-S=P>A}q~E>c;hqNXHqNg@R!A(cQqTi-lp%L>*hl
zM#EhA3``X<SH{#yM0PSJ?-qPuMkB%-MGYhH`DulxlCT5s6GB!>n1CPcR*3M1n6i8Q
zHhujgyG4!G=S@+K*&KW2<`s6!F?NjWRoEwuJF2U>I4lK@XzZ5jFb0`A_ox8tj^IXx
z1&tdyi5wIKZiEYn;-8@~3CCu_L}s69h7M^D3uPQCVqpYN@GuD%GQa+E=!k{hpeDe*
zsAjTmc{rqTm7=R7VW`Fr4QO<!pYYxp4~tT0>^qD_ci250yREZiAN}s0gE2UNoLlN9
zm8MGC<*<iUg%NnJMo(&t!DAtX$sF%`ouIIrq?^+S9x=$=OYg!t3WrGgz5<gZJ7zf5
z*(o+{_)4Cv)Hm4Xo-mpHlSGet6z1RsHOzXLlmqtZ@;UtYz}GOf0t;&h`Y#L5VwN)&
zA3J(DTt5t%+2iZpi^q>(7Iu!~5L|i;V{&8j+l9Zv0T&A;4+l2UpO=lBCkrQH3SK(i
zzyef`nBTAp|2RXG@QWe(9XiKx;5ICj9>YEf@1MEX%x(kwTr3Y`ALm?#^QglkJX_bk
z%xD@LG^RVTFi@PY6=fxSD9c%tKYoeEY=4oM4Z^RoL>!+>NHDG%7>8SCju87O!<fe9
z=U^2sWs&k{p>e6?>tzhXcQC;nFk6n+GllR}!cTV#Hit*le6!hdQ#;<+6z`-<4LjkH
z4vp1P1!EhJSl03ChM-=2DXOU#i86M=O*0-p<Vg5dsD^83=DvhU4?ZxXjAL6nyu4ur
zBbKt;D=c2On_+(=T9X1kd5I!S&JJT?Oye4OSC%B7TV`rF%KLvp!WBEeiXC87*}Vc&
z&`~4NDgF#}uEBWK!@{W;@3B`$zKjth&tlSEjm{{>WR=u{cp06dJVPchR>inJqOCVA
z#$iGedXAxx1tsCJ5H0=$e{dJ+(HSDL+ld6^sC0?4#l&+_^%7~58HI@<MB`5!coiok
z)hfOKBe!GxY{UU{&P0TLN|tjuCZ}=U#2r9q03#Zsn=#Ud;!66+E`9s0pBcgkM0Fhz
z8eXM>5h8nz-Q^RKlT^1DXI^4>LT|9&BH+tYME`Sv;Z$SzRP0n3>0!@#W9eQi;T>%P
zRS)8F?1F!vqVK<>O=046#0n-hU>AIIit|&O@4lvuB%GAMgv?nu7^x@lYfs1$qPrI3
ztL^Bp7bAQnIFzKD%gOj6qu%4qVg$Z8Ws-B#3{cMm<P_1JPfY0s+|@=u-e$!tV;0QR
zIIW=B0q`Vzaf-7vcKRj^m)TBliGkN?U_om|NceD@kX_tu7ZY0$H=#P729(BxOd`6c
zw$9vyqMkp&%n>sN=U$q%36F|%=Il|?!p2`_*?3ZE#WTiP#1+p9vG1GO1yc-+kor*!
z>@tQ6Cq^;Si-`fcGAd$XH{;;Y0!-9$z?cg+k_IB+;|D#A!bjR$%x4}(iCI67r7D!*
z)JS}v5Ev$LHK#CHXQhSUnbsI4V2;Wobnkr!nasfF+i8~GcTk~2Wq98~&A=JJ$O$O!
z&@{fcv=cbqOJ6yLj=UJ-GKtZ#z>PfGXTU|jhsO`!%%Zb|pY2iU3_9?(D0i;YlblgA
z0k<9$C{~b$2)DHB21Z~{gSk_j`#PX7?r{cml(1aj0Gz96svHlaRm?%B$Alv*;ahv^
z+&+=tZ|z|VSGpIon-{STNgC#Z%LxD8(S8JmG@Q+>xL?aUM&N@Cj!MODD8YN$YfA#P
zI*XZE%xTOVChRzJXc6p4DNn-I1;}x^6Cg(((=e&#3V2UPzDt~f5mK&49}lNU1f)*w
zthY*d)x{+|Qg+P)D~-A26kH8&6)drQd)laeF}dG}0qhk@s(NufvH3fM#vGwb%xbTl
z5<W0ZtX9;Bn6ZFpC{SKumKoC*gy-90P{L<JN`7ph7vm=&7G*g{=y3t!fE<wV7rE?E
zZ5Za!#vF#JF}fTht5DoY1m-&(w6fnZ<qL`b-e!fw8%W-UA9TzU5^rh<O_I!SBl>W-
zaTrtAGn1TVT)AHyH61j0V);Nv4IOE$Nu9FF<0+6Vlz=VTlsaLHYALk}c>Oi2f)21G
zkRXtb;c6)`L$ItE!B}%~xfHmH<m+{WjbEFp;}HB#_;OloaXBp}zhOL26i?a(Mr7;M
z%w(+)m^Jnrnkncy!kK6>2bU?5<kqu>i4yW2u7|B8;9SV^Ug1R89-d_gW##pO>`1+a
z31y_d)VFZ}4$wTWFmPFOe4YCHd|MkoiYZWa%)(h74#B=-3=+=@#(VSvu`dsAnI6Zi
z#yr6RVzmsPC&*H56mxPKSG))-iYEM>GlB_9R>JGr6v>J?*m4*Pu==nS6|>ObVRRn$
zWyF{~7Yniz6BC$&Gx-xAn?Bt9M1{Skmvd2mW`o(TiXG;zctKaXC44)?AHL#JQ7)FT
zP^n=aUY(-Zxq_d{&^%W@gARO190~lC?6I;qTr)jxY!9DrBaPylQ#Gu@d9z~}+bFMK
zIrYXJ%9!Pb%pbLcxY{S-nly{6k8E!dSKppd*attERy5I%ObhHjhbI4;Hsh+1Y>+6I
z8s@#hsDyu>;WI-q&&Bw1jP=kEAD-3>jbVkWdT>~?CX$!1gVeK!LP{$6;SJK=@9P2S
z99zq>vWl+2vLw9dmdCO3(mRetZB&?3*-O4k<a|<LX%I)*c;?cZf=#ltI5sN6fUI1{
zX9TDV3iBoGmK8qzFl=_t4&$gCwy)A}QiZjI*Ubo4>|BM*N%`uQP}BY$>QPXH#^U!|
zAGx^Yk<~5tkMp79Vjli^M&T;BFQj}p(NC*_T2exW6t?XoO{kVeGC?CQt}3<w`HmTZ
zE;raMVJCNizH_QV7dG<Eh`H&aTcql#rlmYgP*0rJPk%E+-+udyk}#we8O(B6tzo~`
zn1r{@@DbO;B3!f6bOe)dskjxpVf`$vy1&~ijv&Idj>c|yP|RwKLysV2E=YKO4aZ~#
z*OgrC8ww_C9iK&<0~JzSKQt}IumJxgYS`^zv7Z(4tc0I!w`)p~GX1BdfIo$fRkQ$O
zK%BpXD+FhoR+v44IpuD_q;$=aq{Zf*BjI<`<HN)OzBJ9bxxXSbp62(bi0jI9UC^ui
zyvb_mWCX6=+bT1_YaQxSRd2u?d{k&0QY0e`88PMuA%R11!wgT)4uxZ;q2}<PW#GMz
zu$gWW#P6RLJnBCRZ=sE(AdkmBQu!aA(nkH_dCy9?en&ufV({H0Ey>F4XE66ER?c0F
z!d-&8dhayj|JC9cz4cH4TK@Kt6piU{TMd)&$EjH^vrX%cUE_hc6NWd=kjnDIkdkoS
zjAp$>Ncdq$@Nde4pM*&ES?;^@BzjphV5V}JhY1NkYgdR>Ok7S^1+P7*t*rDwyRn0%
za|XZ*#N#uG>BE19cn6l~o;mCssTv6hQJ!K1=<4D-k!BatDjX<JGkvV{e7#~upd*BF
z1&{Elr?{YhQc2x%A+pVW2OMb*zArSUdOT}OPv<Zt;}{-5XT%=y?U2RhmU=~o>k@u3
zEfz@DOmA^OvR_`ekcw#LkEa!;ie*H2y-?C6iuhc?=m*CpNt*c-@@*9GiAkX~M&YYi
z^EWC<GC$hD$S!m|S_jw6kV5pE5Gil_J>r&xsc;?NzOs!?2hk!=)NiMS52naz=*V-J
z3w>~}YT54Yt3JWTtRvx55g`@)F(hgd-aRe2mDlW>%gd;hGTiMbOesvmJ^K`9`#t}B
zK$efS@#a(-3o^Ud29zV=>WF~TNa_y5>x5_7VwbUVFFq3(m*I2FkkP5IP8E@&K`0ww
zZ?Lic>b+*EjIo;Y`3_?Y4<F@6!!3L9j;6Od<Z0$h>>d3XDi<+c^}jZTDDN~a%r0y}
zUdv#*zOfKYj}Pqs>|nP~=C+@jVsIiHYg5v#@RrXOrLhd(nPL;318-?#RqvrGT2r^Q
zX$;#nG)Rs8Zb~SO!BuVJ3~oolZ>I#t;OaKdniw1jk4_1h!&EQn*L0PqAVR0|*Pv6e
zkauJWJCXtLD;PJRcZLz=nY7v*nz@O(_2UU!;l5^c*(xFaCnlf3O7^T4E1AX=ycIo6
zdPVG%o-tA@OlnNjNXq$)u`3rbR>9=0G?b+0@7+owhC9MXG4iSa^MAcp8*J}q!!D_u
z{aA1{#^CaZ(RH<nDP;WN{iedc2jIPvqJc4ZC-U<8bx31GeiZT9a)2gXW7vd1_{Ox5
zIfZ4|QbUI{h*Yz5LKDgoP9%2pad9s?o*W?zeODu30gi-^M%adTw?$jGjtIYw2wM5q
z%?RGwhku(~!uS`5_hXHxr}80;z}H2M2nelTjKI3uy@*g1^!;Cj1hI)%&j^hU+%#iO
zN&jK0=Ccb4pPQ^9W?I~~;0~mzzHd^`cit*kA7M7Yyah$8COwJ*UcM~QqzPS|UQG7{
z$~4mgc7OK$L7$8Q{nSk})D=6=19pdt)bDjgbjrBy1$;e;2(VPfe~O*AY#;y!&hxNC
z!WTk%0eRq^l1FwM5_#j44tC^eaJ)xv$v^^LA0~16#}mr;SzFr2NWj~|ym|OJ!bG@x
zTH&*p=-=aSo!mA-)%(M$MJ2vtLU<T~tCwl?*osnB{w|&)H`-CHlNqW0dF~Juu2g(A
zK@VuwV`V(yB#g<8vex1cS4D)oXFQC&2OVz|<FG+n6Vg??j0x!#3C4>bg$QhKn4w-=
zN>uB;Gi*VD&xZ_|ao{YXV!LPI!@Ro<-<tM#amVCw)I$kfN6`W27^3{)6Hyv%EkI{t
z+;VZ2zxfz%!fWz{djqPSf*$JNBh!azVt*e}{=}~HutFqZr7^jzWIIxf6vu@sm$TM@
zw}Fm}@nQPvD4(_Ms`0LMr&vJ1s1Z`&FUFKiVq%PFSqk1a^TZ^Nu`edaxEm3;YvveJ
zDnh&8?tGH`T@qpX*Mtby4;%9NhG6F~&VPSstR_csy@?Sbq0__la2dUKi5kZk+&MG8
zkn(yhl=r0=gUiM-4qpxFBa9k%&D0mrSfbV`2^+&~q=>J75ISo87=xQ;G!|f3WB+n2
z^k805Atpx|ED59Bv$EiEk??*{V{Akcrb9RD;|_dyh7_7lhYsHhznX4a$%;*Y?6gGI
z&{OZ5QLPvmfgw!<2jTTIjFD?tMt}3JfELH$H3@Dj!r^q_!Wz727Csl!AA%caY8Z!)
zhji<w9M&kK@Gl`+1`hG%iPohyVz!$6ZT&HWO-C_Y#&|J^d}8gjgk~J(<y5Ka@~y_S
zX6$NrPAp<qdlrgkV1$%%aW&D9Ny6&ej0)tyPnOj<Qe6&y5z;m6b}<Hb&Cs9@c(8)_
z<4e7u5{LUk%pz{xS?9I$6H!9}*H0^~z=J~JD7<T$w2M6o<M6l3XtW<aKsa-|phqU?
z_M1_mfIsbL_sSeP`HV#$P#y}1b9g_yWx|~d(_3#1D;$C~JW+q8n}$&1NViJkAVD=%
zvs(b2ve*1oxLV_21)t3pwD38`^r<oFvDN8c2x6YX4D1vr2!r5LVZzeq`JHmKPa0#q
z4n8?i^ED%)Ap(BWW;TDqQq<v!DeCu1+y7H}HnQ*mAj<dIL&~TvhVqp8tQW>O3WWJg
zx-v$jz>zOU0p9~*6cPbHm~Q#R^`ccht6>yAbx`0ayi{QheiPQ1^@^C59$Qh;3bPtB
zHPWa*V@x|mOja;^D{t(3*49Y$L~417Au+PTTkQmC<wM%2H$J@M5L3o4c$Ff^J4_eZ
z6>yN&adsWXUL{}Xx6be;b@%k<_bM`+!X)gQ#Z@q_nG!k>J!;I>M9E_i(I4FWoXxlj
zUUURwFwpQMymCV1{FA>i+0XucSw1`_%(2NTdP&U4G<H|;*`c;}@mzMsBz?@dy(fKF
z8HieGyHB!Pjqk=xU;cWy&gSF0CWxKB9ayc+VMOLI(;LVTL>LJW5dwr-j<^z?evByC
zWtL|F`(KSXfQmP<<UlS<uMye}ierq)_a71#Rn|Sh-?j7pKGE-U{|;!Zz<@?)8qWmB
z!{G`J@!X;HKTN}aPpKBy`ZSTcv@efjF*}SI*r2cg&kkG&g@liX1Qy_<Oh0{rWuqX7
z+yixzmw(kRj$s6DIw;0r(185|hv=z)f&itNN%zP!_A%!qwNJq8Obg0?VXj32Wxvd!
zvk|d~kuqJ?E`o2y&Pu~>YYMpf5QBR~o#=T2lA1)I6;RPQz)q(ex(Oa^xASW{GwMfc
zi?M2+g&!PHS_S$n7Gw_7t66YeQg9<;^vkgD;6wWbG8w&h*%3ymzuzxtm3bJ2+h+u>
zfS-mKERVI18=lL1eH|*-N@bK(B<9+kUl$Xn`y1nF-aZcQvxF?y)-VPinG{W8^5dsO
zOh^|E5gq?jdw}_Z)XP7oFCIJ^66l;kTq({6zf021Wn=>5y@;pKJo0|~%~B`{Z=0lf
zduO}tZnIy%Wc3jq<bJ(n$=|;o(mr@^nc+Jp@(qnqc#gmUxJCpU#q`iGrfCj-71E>*
z7<9N1?Vz1p3nq{V@a_YGwX^?_qB&P9S|_TXNRt81FkSn3x8GdVv*v8!4=(_fhh6aL
zNfy%?H)-NNi`KR51iK@d_64X@F(yCDp}~sw0B&4|2VqjZ1SZuw`}cV;Nj)BHo<vze
z=ry3Q2rtsCz!{GgD5?4Lx3Gh2(YXQ<4k*^b@^(50cp}YJj%Iusw?W)XYwf)U1c7!1
z)0z`Cb{I_B3=xH^t5_b!RF%hSC+Y5K_VE0L)GWC34jTji%lkzQQ}ACx9Om7P6pP~@
zLXscV5qeOsKxEs;q{bCQ_39Xbm>!1>f++Pz*-m!WEN0-g1B8qBOJX8?{5%0aI>6Rb
z)U%j?%MS{S9pl5Y@DbFr@JvyIF;T-6@N<J_gR_2zADL$Oy-@^y#y)P*N^>N<N)XE4
zDw{qcypl+`fzP%J43BcS3{3Q+f)5<5S!3$QtT8o{3(QM_@C;?o7tkHKoN*$mu;}5K
zMo;5f22F?M?z0$^%Z;?0(TvJQy>dC!Ld@#lU1r;_%ZGWz>RLsT+LEkBrD+bkTMuqx
zOkPKG^Wg4Q<Hf&5h0mi~kM*Zb$VvIN4eYpj2|CY~qh=Tl9!A_>Y(|^8dCwwyW{-c4
z<OV(f!&|Fx-5#2~pGK|uEXLbL79bID8H{IY370*17bK3sWwXPOAiTYZttGeu9&Yf&
zu9}@cuMe;x<=as<6-Er%a2Y6nC37U{eQWZVp>{W;;x$3S`8OwtXu!?1phx*3Z3y4B
z6;?W~N7gzb)miG<n;T;B)lVPwa0T2pDF~CVVx+!b@^P8NHR366dlup8Jw*QDZ?wf@
zN5V+~W&FKC%*#b^=kghW9q?Wg#PZ>(M_Xb^xTBX40F-}<zA1B<a~M6Wq(n9LR54m4
zY>pBkxY)4tl8Ln%W-pRmv=FlF?z@_|$D<?cAm&K8Ob3nx_6)+@BckUtt8Ew(;<jQa
z1ff5L{#P6p-F5!%Jx}wjXzR()h37_}=&WeyPJ34L?ua>9w#fzr%8&9wr-ia^t&Q3-
z&ie~7A@I3!7-KG;Buf|*96>W?7CI4pri_?|KeF@Jn&5Cr1v7BDqwFund?i}sA7g^L
z-VsWfO`~0kmi`zY5hogu;~=7Fcl(GCE^^@bWMd2-oEHs%16|mN03=SGZNtS>Sd_0+
zT7n_4ZZ0JJ_cTW?<3M-A)P2F`5mSypoP^rltc&@_+b<Ki45AtfuvhaFtWL+~M6Bf6
zh>28d>_}yWC3rq5yCa(29pQXoDeZFO;d?S>hxo{d%Xi1@uLC$}L)~^7O6!#5#WIP>
zu~v_JH}JUcknlIgmFEOyOpqp|Xk0>GV=SG<l+5D#AwKrO1n+PV(8NY5f#7sio2qNi
zt~p2e;Y!QA7>DGo7B9>>!XE91*wT+5Vhf`r#+PhtU~`(N4Q6KuLVG=JXYe=^LWPtg
zuCKI#6kRMym{9D_(W}gv%?X9+4Ol3nkjFF0&tMX64U<}zhA&NM-eq+$3AeF^4gD%0
z+R8FdKJ()mkGjBjBPQ3fs1URMIz-gM=9omd$UQjKW4E;lQKuRDPFS2NJ%(XByu{<P
z8SO5gY%s?g_?MEo&xh{YB{SoUz*Ffv6<kr`uL-zoe+@BhV(-SDj{^29h0E4)XJbYu
zbuFbew(A0i@skRVlNsX9ou08S$tuUG));p&bGnU?l%yI<eEs$`+*rVgjSG|EvLBgd
z&}J*VDCDyYbPdD&IB%zNz)J}Q!GX^B*jt;xQ5&(k!$gSTUG-JGj%9`8<aEdr5!brS
z!@+D=QjFT!iVf}&v$&nGxE+&4>`XF6iMceXokbsg4%k>UNv^Flp$uqF@**Gt3HC(Z
zTdI`ChTW2^jL9S>*i&u0ns<(+%S0sM)nJYT!ijdNZ8SehKRA%f*R<*6I&;$=JmJH6
zeN3=|Qa_hW%fqcrWH|!S+>7iC-rGi(HQa*v)Mk6AWuL0Eia0KsL9oh;9?Lny_LTcy
zvNtOhx*JWs$d#}2HDP|Lno~S{7OuIWB$fUC#T@3WT?dDJGIpa$NVt*1X`6q3=$aTf
zH54Q_#=!B|HV_Dn@j!&_&{&cRGYU(ZuZqM|8d*su_$;!7v^k!Vf)~`V01t%BX)0-n
zp_Bq$|5V&@zEfjbGy0_D`Z<4l&4YZ3POdlAmY<Ul*P2a5?Qp{(6C|kpIc6QhPeGd-
zaNQx#Jk-zUT-#k!>$5dJr0k!8nl$Hm+jDeDFLLq0Xov;;kaYBXr5P^|qa}r+qLf_$
z_f6X+kS8_uJ;I!3lW?x;4#q&s_KFz~`(*}WRm_#Jzl5<eEu~zM)>OWan0#8MF?Tu<
zqBQo)PR#ZjG+MYGjkb^{O)mxihcu<N${bs@WW=>b!*yv^CA+1Ir_hZOuGom(vV=)m
z@NxvZh1kHt1wAq>#aPKNu@_H?NM5(x#Kfap4oEF4n>ZeJx2#m8rcTp$veqsu%&BuJ
zaFroUTrD*NwGj1wu}W9a0oR;ZTE(t7F$o`>(U>C$xkUI3U@~(7<EAku6PPV84Vav@
zZo-8g7T~)f{^E(6PZ}rXnDy@*;7=!|E7Rz1z@&@$esp^Y>q*PX%eP>%Pi~f-nD6(f
zh3ANLnoXDmg54%=rn|x?!rM%OMzP3+e`)8S4(*J9W^M3c5QCzw!P_Kz;qg)G{91I`
zZO?c}UebF>??CTB?`ZEpuN;u^0lA5Ea3-=x*p*D6<6>e2yL++AxWimgJfm10Dr3S$
zhr{NTi)C3cWH$wSRH;Pl^CqFO-#DAPQo&iG#E80Iu#ylnxLM{a+X4-IGv>5>5~`|(
zg_AHpfXSlVC=)24tT7KSRVY{{#O1uhl7;<7Y&f0fJ559Eu3(|aV=dY_D4b4%B`g$X
zYLj+qGj?iIP*Y0vQ9FMMnQiT48A~N<rLdeOw33-o%*!%$3I0m6pG!YHa7bhNbj*&x
zO`zbxL&`WE%+XnyFyvYeDBS=8`(T%nX<SpnQW4jbv5x>nT{uC=jQ{Z>*8IrwStFe&
z`zxVJnMc~vyMo-^0<(OTUN|!2VL@ibeAx6=sMJfNW!(3nQ;?n5-M=`1dV4Sh=kswu
zxK=0*K5n|Vun&2e!DJCv!DdZsZ<Wi2)Vte)Fp1-s9Pov*Byas&3Lm!=o>rbTw=JWB
z;^WkYEZ3`=bGn;twbRhh5zLRFfE6}cT3yeVv|2b+bv}XPz=Uad#iYWM;P<F83s+9+
zGcdh|rZ^9eA?XsYnq&)kp@Mn%E%JmPo>VO}F5rj_<O`ShM3l(s9QoV;+r*p%aO`bp
z_#)HE!ED$kv=ONIE-~TYMSF*5Ypar)4-l4kjduHD*!&rGI3Z-p`Zx3LRFc7SoKg15
z*uioAuu28i<|-U>kMZ{9rAo;yjg{PzbV&jeRppCq&(}7F7RO42vaVav<2*Csb~Eqo
zB`a&VfvmxzNU2V+%4?a%9wSC)<cl!YyRC1eufOl)KG`oj`w8Ngb5;-&$RhcoCVr`>
zk6*3wR{8Oe%!EaQbC<@k2umxSGK;Y_RwT+wxc{JFs!`cW-1fG1Qo_G@P_>c~Ou+5!
zj9Q;RI2W~U_fL$s!C(8Zb~tMdQ|~e+s!i(cPgSL)g1Lf-@nm`_i&2^ges-9zOk%P{
zf@E4IH70%RnXjPw(RtS@qheJTM{TaHSpuKC=HT<T;C67we%l`V7IlkJ38NP%8x<r^
ze~gshUbKQ%+1zD9#=4oKu}7NdHSlQ=R>#aNP{L%!Y{!=|DmNqcVFvCzG>!;g0L2WP
z>MW^$29&X+x(d5W!Ko`D;mRrXe;qNG8^nC!<058eA!0r}*@~ENLPE^%PtHfo8x76-
z&ODlTBL;|hb_-&bo-$&d_w*5S#5KV?M*hbUb9;c8$)|*vFsYPf3ju2Wd)re&&6}qP
zHNV&9qvp+1jGF(^wiId}nbH4OnR3;j<yqcS;>jm6PyXqCg(t#w%ZMlcY<~++zGfNm
z<X`S@^5oYpWBmN_{<--1o@FA4PHuT}dOlA!Qyul@Gvoe0iy5D%|2$@#`ZJhu>q2UB
z<J0|x7~?!>9LJ#~$7E7rcGHp;8hc8k%*u&9u#qzWGDv?x%}4sxnyqFZ3u%jUEhxt@
zxNAm8&ALA+Oae9vAHDVCp|^YssY@JHBG+OZs<Ci+Y=5nF`{I-<eNXu1Em4O!4V%l+
zpxa7p_7gBD5Hr%NV*>sUdjm0G{+)N6zln?X%$i|bbmXSMBBL<{@8*Mk{iM9rP{8Z<
zYs|nS%M7f4cgQ#draV5vmXU(xnjak`MErI85?=~i4?R|ZE006`T0EGSqIX34HwPd7
z58ibDzOWmP3qRc>IdX6hU&CeWDH?Z5+bKA}3G!mfw*mV>u9prezK)iykE);L^P<L;
zxQNj*1L^W<>eRj5sYSZ9PG&K@hL3V~b2O*Nu&%KSUO8#@_XYf-Ic5Hv^yS>5$drH=
zn(6-1em<D#p@8SnoK@*=9~z73b5Ov)g_h`%@4T0lyelW<v;932JJ7lNBvsxL`%Osj
zXSdQ|e<YWfdMAxt9L4!!6i{d#RweMDY1%+di$C1YAyk%VGVga+Y7VMqXwZD*N%~=~
zs)h}uG~>%3nlO6P3<2rk(0nLex5RgwC+wpfOkO@@f>g#NeD?r#_&4}C=#P@9Z(1rg
zAN>44(2aL-H@-Hf8!%C$(#a^`PX74|{4-Hs`__l~_9y4Q6|MQDNm{vo_m^FcBQir@
z+krh&D|j?yy^P==_^8&Z`3SoNZ~q4K_IC!n{Tov(8|4X0n9E<&Vy>xRchSmKzcgD;
zaFMFPEr&!69z#)sFHegayhex`9Hz^6srt}CQG=I?8WBD=0R4Dc1VcTY+U=@f3_eJ*
z0o*&SHPw0Cm2?^f+#wb$KJM5%CWTC6YM9zdm6Q)BPr?V<#Z$yZxLSA`d*MH)Om3L>
zlj0O4X&goD-B*0!P_@Wrsi86_I*C>l#^FvBH4jtp#u+oXceT|PV^BmIrv&y$_B^?I
zM$~HX-$K+pxSFnZ+w7|SV(wn`mbuk&j&A&#(NG9Nzxv;?VZG(jZH>nNXmsPncB#Mn
z4ZBPI+78joS(AMcie81;0h_859ARRBlrbjPW0*6n`7s|o8${2TMd4@r>Ts>YT>mHg
zI2cJr!nF?lpjvjA&6f0=9N}knG#;VN2$Q^vm5?x5=eYa0(xzsM$_%PvOY+QE5Oa2|
zQk+3^uQHB68TidU?@4z?!rPqIJSnM{siva@%Cp$_iA1gSex&CrdL{;!!<J=U3z-Tg
zHE!V1^x^4tOJiPmX9-D-%Z>An@8gQg`#6_fOu}vxYj055&t-79jLAOCjN)KlV1^wo
z@@_JFHi`nT<cmoxx^JH_1LbY~%<#N%CScYf(04Pa9&Ype4bK{4)zDDYOzvXjM~<Y(
z+o^aaU6dc8xV;xU<jH*c%sx#|vc=n>-=m%%XOn-3*XUBG%TXiqtvtb`6*bCP7!J^5
z96Gh5K^Lla)DY!ArLo)QhYfZw<E?4=c#@Oj3rAx!ewy!f$N@~sXJ8IuHRI)SsYwHp
zT#K<DO!CqE<l2B*tYwRq^_)uipfCUkppfCfOASvl$t&tbx@uxeUZTAx0Ui@w@K%h;
zQ>;Z?w62T7Mx*S6V~c{yk#N~8=k@W!v6|UCj4QP<H28o!*8+}1b#(Dw1>tS`SnGcI
z7)$e{0B6i@dM@x)*k(3WlU66sS#2a^l$7RkMzRM9lSk|$-4#qqg*lnVRi)sNdB(gX
z7)WB2uWLMwD`A_^9u^?O&Lg+X%r+@io+wof^GvCvSY*Z*pfVGdb~%AKikcQ}8M}?M
zu$IDW5*7m{G$=WDvgwc9@MoaCm~CSG<D)!1d<!4!c<^8l%DSh5qNFhFGIBYYW*n7%
zlkT^f`zAqxQc^4AtVl3Us5ycT#O#LkIA%!d5*%VRVJJs;kYzXS2W9E^odJb}S1<F3
z>zWXX!bGv^Ye^em!VH@e2^{gYjK!1anjd1B0`q|f1j+&Il^K$PP?k-uWs^bTd4^V|
zO-dM<HoL+G8-;ZJJQMsudnzZ0I&9-x9<VdLo>pT{TR7D?-Sk@JVIQ2uvl+};*vy%Y
zE1L1FN#KCp$zLx|F;RN#K6TP`Fl+vFwUT)1QqsC>nl44TOL1+tt#=1sUS=a4#|YqQ
z6Ix;z<B(FAhaGHoNhsTQkNVCI32?UQri4tb873L>9%kTt5~E7Wlu$yS3Q)we)`fi@
zMj_5<b<3dut->5a8s$cwhZSZr`~2loor~n2AMm?FW9(L3<9i?;=Tp5ApX%B5!}K{(
z#}0We#^qS+8r;&lgv`>%4!K9#+8SKt*{sv6V6V9u=FVTgH^{adIfvJT<NCg8CKl}G
zz&aAPIcu04=P=gGB!MLHXg{rdG3v*n$Kx$xF#%~eVanSFjq^aON0IS%+iOfUH8Uc6
z>^C^^D<u4lTEg*9;riv)^RE_o{+(_-|28b;`G*2t&nGaLZe~i%-AfBZs^5o%3KF~g
z#hm<tlt1j?mwzG$zjulNx#F8plrYS`%RdZht9?Kh5u67O%^Ob?ZUjQ$2M;Zj6>kJ9
zEAH?EYMs_f|JXCVjQJwd9~0^suAEUs7*!otti+;8Qh!!D<6A7vG+jr6S=P{?Dh_fG
zW>#c-N%=7X@JHFEa?b(k|A=|*&HNgRi&=ZhM2e=oxYn1XDk$LSM023Sw7~CZqha1R
zrI#M&+mJx?k%@UA%EP<(-LEcqH!0zrZNf~>oUF>e)8R_F1(O03GL8A38V&24A$AL|
z6T!;!8Q`y=4y+~uZkYFV7I1zTHgU3uQ+5dU)w3z<e0_j)0Rh)8c-fKgv#`L9_hVMV
z%eb*VZQvA>aQ6Z0qdtyF*@uoyV5y8rNuqZ0Ny6QL`)v!p9D^T+1v;ZfLl{5-ubL0o
z%!aw}<UYLygmn!KvRg8S!EG}-&1jTq$$nQd0!%sZ|2)0QUjI66UT*MIjQRfjry8-R
z(ade9gY)}Yc?#xanH1{@%*am6^<zIwD$EVG-pWdt&`Hv2B7)O}ahk#$W5ZU=$b>Sw
z2)xAN!s%7&eZgNskk)2Begg=>Z#^XZA3Bs-QvH}ek(X4TRr-yGES#oV$7FlIVmUgp
zXdf;6M*Eds^L${r^)3Hsqdf<a<lTR+j9ZHAw<O>?WS?QPxJH<uMg~x<=Ib;@Mlr02
z0Ehv_K~VV|p$(}0zIJ7zo+w!*l#R<V<&n@nSB9I_wfa%Mi=$~)G+8jTVm#b)kYqNv
zt6kUBcth7_F#&fU6ew0oczBB7n6g=7+))(0j7_f08t2hTlD!$@1RP}pDh`tZ*lj5C
zFb`{G){bv8|6M*O;iB1RDfeTv4_CXvja6;{YWCGz$HfG6=o%tiZI13liInh>y^M{*
zq7dOhAvjVhTfkS5IzHK=I;w@-B?I3>fnqr?jh)nHzNN_)6I=^W5#?TPBFfH08O`uu
zmu_xmFEw-G{AQZR3c1BTjj;+AVV!60j$llhqz#)5!Hf1|zRw(r7fZdodcn(oGw0=D
zjxS|gebYGHhp~Qp{OoJ{pMdWwjKP<!TUO0BI>;V+M0)-uWPUk&-Y<@X-<Ub+lnD%%
zsr$XgOPY^|oXltFSGia&(Ur!d{4YwleY$0&<psr>(PZG2d=}aqh9Q6-B1U{O3haaL
zPc{^0iZmI2kA|pbnzK;E4!PVeLj^@rVoTTomw4z9BaQR^6mMR5X7d6%YL+<k^WU7W
z<r&qE9@!VD(pqazW2V1^szeRP*htv{=Q0zv!98L&7-W{n;CVio$Z18d5;}Rf93DEr
z1gzKaEe?FNT?Z7{vCB83g0<01oq-Y#czm$BWhZlG#hl3EI3b-F?x)E}uhAHXTc^$D
z%%_AvCvDpww2i)C&N>ZppD<)zA<emiZc?=;6?P8>P)aF#9GkD6N6&9!YmzEiTaPe@
z(PHw{CiqCfOX<ceFXWF+@+!}9kgYE+Bk|xp`&khC^s+hgiqFMJ+03qql7rz!EA~V*
zc86^`f-&~T^SQhup`lBtphxp`!QL9D&+*So(4)hegODcWS<R{PIFESicsk&v%{i{|
z9CsUxA2O~V!3p@3XMkcFSpbw6>`@Xr4hLB@=RhUFqEiNTYK<v)o#8|shb_->1D;c+
z75dIL!9g=xepDvHB<I3K<uSiX=9>ef=Jxq-Ktu)a<a8ZVaL<%DqHA?%%+eps!NlxW
zsgQ!~tVi{`+xP)Y!7hGemYVs*lo73RG~byO^qKXr=NM*Hg?D2EMoAEOF(!?(%(o|r
z62L4^{Flwd|D&1szs$U&f}~mhjvNXWr?x>zTcnqiu9>CTT-4YBmkFtvHs7&N@Gf{)
z9}&^65@wq+tYr*Y*-7*`248TLyrN}lms%OcV9t3b(|;lM0*;!_b1-269FuUD*(OsM
zhDX{J_QBsDWN>}0UHPXhIJ!73<)Voq*lIx1*dZrSNyvJb8paOT?iu|p@C1l0O%nqc
zd7fH?^1W0T`{4lF4~I>dZcM>e8rW4WgmdxLFc%Q8%S5ToRyHj}oU<_5!z;}^)1*iv
z3n)@j!h|<xH8b7C)F}{e1#T;XrwEmw+alCW=y^yD2ab(n3Y<o*4o-a>CK}@;5W<xQ
z8Iixq-07W@M=W!?A6s!b;7yXFpeQWD&qIcr-Y_G4(^Xt!>?mFPk7BZ7PT9hrLS73-
z@n~E-1=s<9m==g|mGJBW(U|JNez<(5jwfmybg^IIiVDW$8KiuqIeib4z8v<-9ARIk
zg+3Fr%R<jl6PjORL4&Gc*2N5D6&BzUg;_afV&ilP8wR>+<NuP{15SMrz{lVpX88D1
zS~pw97+hMTn;VYIx%n)<*-@Kwb1&aqJNNa?d~?m*C;ysn_P0Knf^%zi9E5FxpfSi$
zjn%Ot^QaW|ma$v*VltiP+{;}GSIHuB<i$bQDa;hqTc%)qypD0Wd}bD_5b-=rL3|uH
zz&=9Z<1)=yCG?#aVm8~-lMH+zRKo(?IpYH|0~ZR6pN@l@a0A4~v3DgK*Az|A1{o)0
zUT!)TD`KVG>>e#&4|DLL88P0#6x`G%JVM-}g}=re+%_dh;!nZHL!wrPXnh<SjqwIN
zPv{!vVDD@VQyVo#;KOag!vwr<AFbVMmwEK_yX|k^H^04lA1#L0F7xW}$&jcMkpCkj
zTE>=@&u`YK`4h!g$Lq83#cA%u29hY}506^;L`ctR1)f)%TTjfZ@1Iw%QXNhcm<Lbu
z5s+RYgc?hmuvp?WFImzw2c*Ci3fD-5MOm(6wur?tu9YX@8b4I9i$$5np^{CjVuBPa
zENUL_1)_C;DL7tu;|;h*2qq<o`gjAA@bg3B7^dKI5aSK_5={U!W;KTuOV7^9w-n{m
zkT!K=gM_TDjat24$1J>`o$D$rd3Pxj_4-_2D2>U{02{LsCQXD`daOk7II{&h`43>>
zTI?Ffe2GKkcX^mEVOND8&A@}xidM&?AyKc@$H5`oc+-p+pT!*Mdo*ovcwkE4dU!Nc
zGXZrgbICFhfs<toGs~H=r{E3dy@G`Mra2}KPr&>cF`>qL4C;PAL{M^O`91i~w17sP
z{wM0Nm9Nn{Wa@B6{cISbTXp4u5@*AU>UB)Q(HTMgeXpQ?CnfxYi3e=EDC-<|_tVp2
z(LN+0BWB?Z(*onLS8ER=@Lz3W9E<QR5}PCN`w-V&Ib%@1s}<vuS7^fS8b;unHZcw>
zX@$hbH5TFP^mY>N5@MFK5z=bhsp{~tDWNe5w+VrTp*sA%AjsD_9QT#<Qw&}ycv*ip
zB$#Y6hM%k~h6@RI@2y)arHA1PhkR1L)vn6$?s2iNWRI+}e|xtM4zLCxJQ|oGc5A%L
z9riAdOQAetnJhOqQ;fkQ+>d>ItcF?@Bxf|2UOx)bCSTm}v%)t`w7zXS+Una_G1Zc(
zxqi)&u+uE>1Rnv(n{1mxLc(a?7u(ni^;Qdx@hrAy8qJyD`r-y|N5aL*k0{{SGeX_$
zk=E_UZFwN1S|RMn<;JzBnQTzEZm_oOH!U^xGoI|&_i*Y7Www1Fu58rMHT5OU^&Rv2
zTE;$^#&~H?c0_4*jm%+3)e>p;G+&m^aDrsW7$f`vJzw0OKcX|A?1*;POmeY)noS=U
zU4IcdtVeZnHsl~ZdFxoKtz$jWn>$vw2`sY=o>osMYW~KYfQS*z{7uCLGux(@?&Yn5
zr^GrCnO&6BfU#p7G>0Hve|ID)vvtNLgq(@sB}Nh99A%EDpn$(-Lr9U2PIi;nc(D!s
z#s(qk>pE@T5U_$@+eXE+T3%a0ubngJH7#M7D0jM2a!DA69f}h}u?Yc6epe*?=8*Rn
zqc$`gyKS}kDN>v49BQM^!alv^+2u2XO*HFft<4Q+DF2RX-f<*sU!33+4Z%5Q34+t9
zn-p)rPiP#`%{Vkqs&@u+plE7kzvf8TTJs5-afZ$?%C*5hc8sW-ZR4`pG%ngxPUYq)
zCvIb0KLM$GB&6p~@8EpGz<c(l_!j{<NpFVEm?Ibhes_?gp*3?}q1^1pYmCs>S+(cD
zpMTpf0(Z$LMOAvtcfNCwPlqV~G{v>;9EIVyzszJs;9Cc4s)iYO1!q+H{XqlXh%EV@
z>^IW~g@lJD{pEzt#d9NAckq|OT^3|n6E6WWbC3CF%+9bBH~_zNJj}u+9u{GrhXbHA
zRSgAy$39`Lr@Sd~p+EswbTFWOpS0!k{<{3Pj4@c*;A9&%WERU(9xILZZbjj<HOENw
zRSieNCmN*2vP07=hyrG$#tcW|{L?gt&AOWX21cx-2hYpT7QQpi;g@Da8nM9iE37n@
z;C5jK^3`b}HFlk9S$<Rse2#>j3ODmsA&uSIaOvkRdtjOu^6x{!c+p4U^CS(HO`_jt
zaVR0{upTy{xGpvE8&N|4c+d$)5;1<VU^L%+{azYK*Pq!2#)#VXFFF<W?n;FxlQd$o
zW(o;!oK}e03@iI-d(D^~ojzGk`y0Ik9c!21sIlwQ)W>@toFxf(?-49QhvMQ<Q{)5X
z?`uldzG>*me$kOt`VB{A0*9)!;HaGym?S8#<B#haDcs)+k@$S`j499J0NgRdaNDi?
zow;7ks@$3@(B+UE3FYtM#x*7{CLJ$!if+lm4P}#OzIP3l`+03j9YinTgx=l}vwJ<`
zpV_HmR%XgWxaKN!T`api;2={|h2x~4Tf)JzIf-#>B0#QBncb^9g!b>;XYPEkdFM0c
z&h5=R|7Pyo+Pw1>bLW=kov)iaZ*SiDrn&Rh=ACbwJ2yA)e9zpusd?u?bLWQUogbJx
zf6o!-u5J^)YXM5=r6oLjsMQq!asn=?Ewb_acHW!&gII*1N2O@Me;(q`9BF>|=jOw&
zY2NvzxnqLeeLN&gV(PTN=V*I1M8E!IYQc`VgfDR)W~b->6o)$_0%L4s>xGraa1A_1
z69&cD5T4-ZrWyx(nUAZkW@MiVI@us$H0MpZRAGXHoX8PApstk5I76bhAxs1jZ87b(
zR!pmT;Uk=l`&qtK-y+lCn8I%0khaUQB-3T%DXZ9}#+umrTr86mn1FFb3#3nJeOT2M
zmisUcf6W7{VGLfZundEm)X5jtG<KhZDM)H8bHZ@gPQPYq=xp+or|d%LknmQ{t^56u
zz+sue0psPCPUEob#FLie@G81i`&xE)-87D{`_w>S*f0Tqn-9<v2^@9#p=^-hG0i`8
z;<|F{+Y6f;ncEzW`YsMLX37R3p|wH<gUZ8F4b|AfiO}^r_VzWwg57W~H<ISuDk*^p
z*ipk$r94DH&8P>xuO30?1-JtKnl$%#sfG^FZ`Hc0Y3<c9!y&zsy5bRf6(OR=u>|*p
z>Np4~O_SpkF%D<z8V-Uv5A-sQk%y%UN#pOGp-13sDi0Y_S8ph7NT2pF3UAscum}%3
zx?#PTUb9a$a1g#6G3@rr31hRe-jgS`>>9>w*aSz8a0rp8QCIuzEgOpTWEYbvNah@~
zInL;TZYi*D0J~`=Faq?ExDqs8K>`2nH21#E76@^;vgU(CWhq?Dm9VJH9YZDj8WUo;
zjWhSbuZ6OHSyh_YB0RcG5L_N)xah+K__IBY5%}@}aTvSd+GT>kwNiPUnCb>XS$Qh+
z56r+m#dBc*YS``9_KT*&l?^&A*IUcAKjuoSPgbYQaFCC{Evu8mZBf5R74n&~vMV)q
z$~bQocPbAD;f7@%Z<oJeLST$NBS|j1DlD{NYLC`<D+pdUA<U0<N4CYWWUk8&z4x|d
zf-z!zwgp)nIGgZfNCzcV#|YeVK$t8g%I5Ta@X!)zJtFXx4$h2`E7R+5nkHZ#J**q`
zV|5Gf61;9d=kj=jx97?P(I1C&t#*Vx5ELrj@oIyR5a&Cg5QM(-zvDp4?k(qE^cRev
z*cva<oIUy23GL?W$+w9$Sr6y6CRF7B9#0}skHYYBKfI-J8!k7qh{jy(C&GlB32(rU
zZCTAVJs_5|VvTZBK=!iD7?)#kzGf^`K~(O<Y8342;PAGUJ%&v(luaAb(~sFArp>8}
zUMpnwwD|8m5E4ce*4WSC-213=LPBpXh%$hil^noMIVbo$%2R_Np2y2Hc9o3Uww~E%
zhg@&G`cA>;SdU}td6tF$W<%(>!l5#DyCqx=SIsC+@CPTU6()g)GV#E$N9ORvUY2{a
z@Ia`ZhN7@p1xeeiu~faOg0&KEa`AXrt?)RPwA`#5U_(TnitDi?p)4>DFJX#&oRJFG
znypvn76hA>C3IKdN&-NyOSKpS&BR|ElxbY8Fi~PlI8oQt{BBm^DH8rTMYQd38>hto
z<CKRET-Bxnx=FK|DPy^4_MrS$$E;((PY<b9T9htwwqMc_I)<B;7vuj%s;-G3Cg2kx
zfr(8h;G=v58}6Sn7ML}B($lT*p5HnbH}(=)-`GnM%-ure`15_nRKw|LSSk(NH9F-W
z2jJ>t1NsMr$6;%{5}xGJwa>+FIl#dVd+CYwe6DD-!e=Th!9@ysd3PeBFxCZ*z>SOm
z865K6JHgTD%I*Nts|RsVEd}>f4o{L994Wb&9SUGSq6qv+8#Z^4b2MZnyl+}Fc4wuF
z&y-LQcmj;8`A1T+65<|Xk-ud`uo$qXs#vMPtV}CRm$0Xwg9f9?!gv^Hn*U_oeS4ZI
zjou6FRQ1@DMh*89g7?a`oW}2vpk}fz=HW2#%K9&QJ<FT_@J0}LYU}XU<4I;f%@IDs
zWC<KmcARrZJ-<eDU@nBR@X=|*Y)cxS2~ovBF>&uCxC&1&rSn?6$=f6eFUQ;PXzV!-
zdz1~g8B;u$ZIW)eCYWQ^KH4p-EP{0NkqLtA7(+G-uboyF5(DrH!I1bn1M2|^j|zcl
zxMo_-Ayfkre#+tH;dRrBEgwG-OjqG!LNv36kD-9i9uh5QrL!*flraJC0flM!*F$Ov
z`j>#)ffHQ*aask4kd<)Xln9zpH~{~|fivK9Q+DPY3D*h1!sZ%yL}=`GN&5ar&WFB<
zLskuNNUZ@E^BmX8o+uF*u?~9?4!<riS>Z$3kMoMg3?CWKO1M8{VwyiQ)YiTXq8?A(
zGM-HdR|?HJI)#MWrhFtOIAn{s67FjwP`qbqDNwA0&$Ss=@Xaal_}v+XFSiLpWH~nO
zDnmP0RdEAfyZd<kHxsuiUT9fPDQDrT;HoypfnWPDr7=Y~2h0gv8fWVBTa#D!?v@wt
zF)x1De=%!RzwR^>d?Df1U<n8Bd`ZygZ~uSTdmA7*uIoIsXBPmM5)?rtxP&J{$?6dj
zArT;V7Yktd%sgX>T>xt?c4v16AQ+;m(c9Cr+nAZ|L3hvoC`g1VA{Jz!Do};5jCy85
zIA#(!LSiIFV#K0j*oH0Gf^F6_s|-K0p5PKJ!YWh*+l+-Oqn=;gpL5Us>zUz_%9E2o
zCGOWf=l<V&?m6e4d)k~|H`x68B|5+Qdw-|EzMxy^=d<=_{s9^PZ}s#mxUjDGpZ)`}
z$=W+~OYa|%4rMod|Bru&H+-w4U1!;MlTZCad7}0A{=Ws<f`>G7dh6HgB|_Hk|8NLd
zOG)^CFa4T=RdEj&tojQma{So3PygKkdg1NKzq9s}{7XOT2TO=b{-bc#^5MeT_3L^c
zCu6w&S#AOUkx#6B^b=gr-?R238>xy)_Le8PrRT%zdXE&SQbFOfYabo>_{Tp^_N<R`
zNA7Lrg~mtMjbhI9>u<eD|Jo<l{V!xU{Pg2%e`MWbG=%b#?BhB8>;CrIA1Po(wtzw5
z!}Pujt<SS;o8Iwvm`~xS*Zvr5_s&m~|9*ts^`r8_cKY{!C)J%KH6NxmpL}-h+TQ<-
ze}0hOl=$T@_OC7U9&UTJc4O~nhy?h1PJjQ}ZN2VOYoGiylO#V;pl&BD?#9R0ZdkW*
z?e4!#Bv1NSSoewkwYz(#pIZCrUK+ZdC|^__`HXb8te5H@y&tDHu6l`z$V}!>G6VX@
z*)<*7ucU*>UkH{<&EU^c$&QBcS<j4)JJ=VGXk1MeaOeLbHP>pg?kOI7rT70Kzp~Z$
ze}0iJJbFd*1r5<y@Wqw#N;7cxE(Ctf@#99bl?4^I9!7!Vy3LhkchSw_S`hK4$W7h7
zMH;f*^+_5xiYq``6F<!d8T+9gNAvykKVg(fd4y4zg<d`ULKw|s>T!0p-gVt1sI>gR
z^;fcm7|PCC&3fRvJ4T!&NL%&HC2P-(yap-1xU%f-UD?-){49(kRsr@4N!qNs!}QMm
zPM7`}X0KaOGxTfqz&+?CHK({TzU;fDEN)I@LE@2ooM_Iirwd^<GmBtVgaT+?lrm_Z
z{MRL|c=DUO%a7}=M&u5<w7M=YVt<g0W?8ahEU0>|dgc^Y+=;2Zv*Y`u?pyGpN}ZPN
zRR-CgA@*kn`!me`?Bsb)L}9kq^B023bFHwRg;DBMyv!SPk|1j(ksIL<hEXMmpt&Wg
z7nZ%b@hD4H1Wg(wbnt>is?%7Q1b!AS24!i!)Z8>n0<S?@afCO+k6k~m1g=-{nuJ~=
z^|C;oXfPk*W)L}PYc8%<(;!RL`7pfGsV#ZQeCoKx6?ZC*f>M^W{LJy{_1LerBA+*A
zJW2KinZGa*m9&B~Z{Dpy^;0*9Dxyx6*l#rgF?VtN$+B_0bS3iL`5<zuVPy2kXg&1O
z@kLBcdahpO6OCjro+Po7BFmC+u9Yc2)ZBgbc&QYeXa$iUj7JsL!G7#U&AJyxeo(J3
zdP(XOS4u%tnWc+^rzIU7&mDK&9nVO`xI?>m2nx1b#cB+k7e^0Hx(7###fho??$q?y
zxRmUm*KCH-{1jX9b8IHLjiBK-VQx$gyK`||cjv+=Zn~8?3Y_9fnGV$cAe+d71|60q
zHwu;lY#?9m!LnIeDf5zybz(H<dSYlAl|Wn6BVxV`4*K;t<&7zh&X&gA=O(B3J}(;f
z{P>G*sXSU9#~OG`Zt8mxnM9N$PR4Pq)pUw0hrMKa?s(vnmAHSeI~JziTs>g@2eX4r
z-6V4ZQcbxxiz{wvyzI`7@7p_777SG^F;;XG!#D)es4v3Gp^ccFD38yMPP(PNqm!ev
zZmIm@<haT&7~S~6i860%X?*6;_|)EUccMIgkhiwDawrPv;@g+RjeT*_@UR}N_AzU#
z!R`(ReikRbSFgMKMoZ<rqmz@Q8()~79V>|}nn_R%mz_q_O<QxRpM*_gA`Xv012b>V
zDXxr#e&$XE%bA!#&k(-s`L!^bXESIq3FO|Y1P)o%Zf&W;SY(>RW_Q}TJaoa2$6-X}
zH_~RdTg-WBKr2=cQfVskk>Gt2R{}O6C`Xk!qrT1ThW&835~fWuBNfiIYgj6SYypcw
zl9Ik=<~V0DOhagR)^xMPBLvzu!;5g5D=z63Y13=BLUuxh8g<t4;>viExG#7~q|6FZ
zv!$?-Ets1$Wy%s25s+c9iTn`7Im3dr*c~)N9N7w)2}4eCh4k=frIG|`I_pLAffGh)
z=0!vvsC#M3X8OL#=@)R0m&&8FWw$*2{P>hpT$zlcd3Q7|rQsI>*O-AjpK+?RuN=zv
zz04zJ9t^UDxH1j1pH*qmtG5ET(MmISE^s{<7{X{7HzupER1f{YNf*2(>BiC0-iZmG
z4KB&?sWFw|G~Lu~WmR`@mpd0YUgR&tiCYh%dC}EblQ2p9U@Ox`-ZmSw6{$T{dcqCK
zmf;6(5;Oxb$crv7KbBj+2&*{_8)UlHf)&?~ql_$7+OW~77gc^lb|h&tf^{|)kUvf{
ziRbD;!)2Q|H#ukCoWw6HQp29B$9@gEnQj7X+sm46C7@fo%-$ys7AGh6PL$oT>Ai;z
zj!%{Oj9`5(?{&1dT*AyJqAW<7Nst8z69{O2W7CJ8n;ds%4o#QG$8>(n`h`b;;%jCq
zJ{UCOWW~u6(z9VyjUA#ZM!|AMXIU$ZvK>P%@Kh!?&xMhftiXzAH6*OfO(mRB{4^cK
zr+mjF@`S>eBoRCb{1)RLNzm}Z2nFlO5o1qgyZrdU>Dd?E@!8qwS@uROCu!qf6k?f$
z`5}$()jiU=EA>Fx!;_jJ&HJ%i4eNm<xF7IRx`m}d=4DyJWi~?$blsHCc2zN0)CD-Y
z8|R7sv`#z89=z<L<V{G!D083LwR6Xgk!N-q@*a_M=7J=}1>BMrFja9Xaciy)Z7Qy?
zeuDkElqK%odf+9Rj7KZQXB26l!fr|P$zP`MI3mvym!)Lsh0bq76Ke)Rjcaghx>6BX
z)KT!Uy>XOzVU(6Z&6pe<akFGa5{7AI<m~o}zM;afEUj|kO$e*f#wyAtwHaUbgC@!1
zpqKdzL2An8e%y*OCnRe%^6ElJ7&PWI?Z_nXDqK5C1m~yBb|NC$t(S#!^?<FLwAD!6
zfn|5uT}<5pr<Dd|i}lIEkvNOG&x}u%XI~UzByx4Xl?2N^+b_%^<pLk)o@CLR+o{m0
z9FS_5m|$B7NQ<fyS$K-@&KThM;c+T?%F=qHNx0}z;MMA3n#uf~%H{!TKhki|#jU84
z(vEXnKc*%EFG;)=F`iUxo(;Up3UE?|6|<U1Ju80SJ3UqAbW}#gg+ml^p8u>Drom`3
zPdjBITJ-8+#c8-?i+9*oNeEv&;yyPzChA|Lf*)IGe(ctk;;6pjCG%`jVb1~^W}<^4
z1nAO>km&}Wp}j+;X3jp@W<i-}!()>n1rfJIDjLm+9e7z${CqEpqtF)<+|IRjX{=P(
z48qi<9YSZ?vZ8G=zEI)Pz3)X)OobUgjutij%Wg&?Vi_mQ6K`FzwBj^y8*JIDMj=g5
zq_Pe2i*`~flMhjn7)=kA_l+>4gp_01n=f;gR9+w)fbkGaH}u?#<#G4<iK#KiU!l88
zqrqiK##n+1wTGmc=ac!~Y;U)jYgMac0;szOsR?C7dF>M2C4}#+=@Q0B%N}x)IL=(Z
znxF(vvMf>EL(+n)?wse>P;*)m9nD99tAeV=D+|bObH&XXO}?a^1utC~r2id~%4H&<
zL$_P8>ABS45yq|`CvhtaqabwzGpf*GClmg;l`Kf9ipj=mG^&&sx1z?VMl(*bu{g_u
z%E7qOB0R1YwbGz6WNcsNmS0?%3{$n;K~!-YXl<igvpclYDXy^W$AYT+oQIpEBzxBb
z=ium%PtUpsC#I%n<!<L2;}p(h+4gDHi;ZRIr%dk`B}<8=jZqb7Rna1MIfy+)wiD#@
zr$LE(n=Mc^(waL;$6L1D<>ovz$mCAO`hrF?TXE@5VoE-elma^tla?7zhN(j3hb1p{
z(-Uq=)hUqds`YqD5i4u7GW>z6jL5v%%p&FT?x(DaNg5@xwiTgC^sCwxq>~5}ak55}
zZ|G>SNU3QtM=5JiHD|?TOIYYg<5PR5$0nxso9vay29gycYr56CH=jC{fR$qt5A~g*
zMulIds+pRqY;h+$Lp}DrI&W3hbh*GCx8HTRo!Vq~D2JFDR?x{NGBhM>FJyOjqhQ{R
z7lVWhy3nqY1}#EJin7U>o8QKx%DAx&b6&@oF{{&jJ)ZOGw1T1UM6HI~2qSY?CZaIw
zXuBBPfvwlYMPRyzM<)-BYlg;-aww`@IO&D$V%HAj_R<=JG}8W)+wX(C-$9C(ErNV&
zt%UPomO8MTgVt{@u#P-vr>vPM%wexruR9^Nt)aL{lmLea(nLTQ6lh4%8TJQRIc_%M
zG{ZTOf*u2Pm4wDa5#8t}$<$|TrztP%nv2ScY^)~}EKtnwY<pullUiW$Y?V?8s}j_M
ztYgOv?G#63x_Bd3oo7RaUS&Ca7Mkp##qyH&MnA4FPC)nGEJ*f+QJ5~^JZn{};j(yS
z!cAO#V{oTU@NKZMZQHhOCmY-N#rDR|#<p$Swr$(o<mUZfe7IHfrKjqtsT%e4dAiS;
zxQq8F&l_=)72iXdt5{jngqg_+r^vs6JRoImrqV9(onAv=DR1vSVfbasGE5tIWXAU>
zf+^x*8gMjX-Abh*tCUOlz@h(QYfg}$aPG*lLxdsirmNhIkvFwI%@G<NQRpD2S+7(@
z{80k`bc46KCBS*RII9x)PXtsX5Hyen{JmuwJn0KmZ`f~@pYyft>nhqa)%3~03sFs&
z;e2QN_PD=C+wL0sdWV0f$H!CR`}tgXpAF-qMLiP5%OQ3Jp>X|&c$qy2cP>iI7E28_
z<dKw4a?X>w&iwDpNQ%!3qf~j0cabOy(m4Ksq9x|k3MhvtPu7nUw?fh!%L<DSjmEB0
zjmj2F9vII6h-t1u3hpDCjm_Pc)`v=ild_9M(s;8un>f+48A)#?c=W%sa~9^9Q${A2
zbKYfUAOmlv!OY7F5afs6`O-*1dc_U3iAiDZmIryC>K3plY!e;}+8C)J%CfvXLcgB}
zcR`4or-2MraT*L?waPW8i6!v3;{3+tXW*exig3?p%qNt(Z!K!<rf_S=Zy~Zj&StYr
zz%%RFE%##`sVYtKS5{5vWwef;mMf@TgB84{oQa9WFBB&t_hQ5$@uX_}bPoG8U*)U-
z{bRT@Xj4X;B`^I9QW@LG$CQ;#U0=9VFY*g;HLEBOp^^bAC6SIau3T4WH$Lvq4(mW;
z-OOCuDCPPKVcFOz_=d1-s}ixeR5U(`9m_qkkCw%V0bG^4SFc{{DR>bGmIT1|I%uX1
zGY3PLfSn{PHLG%IJzuBVjmcJtqgw_ns6<BY)($)h*;zxaqmhZ5m1^ab-ce9MPg$sN
zZE;YPCW8RESxY<?R#z#DrOo8&!#bF4-Oe?7oIch^6q;_7fHo#;C*TS~G!$FF>ePb>
z$ycz|{19bAU#@9|%U*iK3{|dkBr4)S+DNV<rnm*!D?1znR##-QFlK@~)$@07j@PLm
zH^LIxBvNl{H;pDJl=BRV+R4)}Q5rj`R0xKQ(X5Us27G99c?OcJMRxVsl#bsC+qU4k
zFwlgnET6!#(<p>xvuT}i#e5X{NE?oW)xmVzhd&}EA2gd(kh!cYFj$c<i|{)M&;S^s
zOsO;{b}sV8yyx>7x3=JCu6K%9`U<9SXB#G|klOrvj0m0m`5Cq>gaoT2Rzo>*C&ZwY
zw=X+RjWX5t6Eey0o}sE$3hjlVEgW3Z7QxdwS?buCwu+~q2L#!d`Gl|dUr}Z!r0nLi
z!(4tY)r?ru#D(bZJ=Y&7$H%*!y7l8a8?Xn@h5x2}^A+pAWhXG1BDGx~j;dm)y}l%1
z=qL*B;gDY*;ngQd#6*>)DM*fTxt2e&Ou28=_P|D}NWUmAK(jT;ge%{TEX00&IKGVe
z<2@&a`yG9V*|n+6r{}mCZfR8oa1dcgI?}N>PT)j1qxXG1q^Ao@cpK{zl5(%~G}PrH
zN!g+^?W=8@52N`}l6kGRq088;o47M}8<WAVGRr=t$;qm3;62|1sTYic<FzL<^iIf3
zbEY99h@mVX2j_@l?jXAqov4r~zsul`Z#5J}I0mtLVV7%6-?nuaV%;J)(8<~#cOH`~
zFhdsCY+^CS^&I96$om*G`ip3GxdO_tM^AgLTKg!RN{4#j%w1j+h1`Tyh;YBrcxkBy
zT|aQ?&Z<Z3iP%ssZO$NU<mBCwHn>!aKj<_f*2B>+$v809XBfFjG#0<)iA!NirUOee
zs#?lG1Px+%ZYBjYnVNu7K;|2;^4K55Lv^e2omtcYnGwC4YW(Q``DS2BB~RVU97vX;
zg_^Es#PyI_l!Ak0nNm_u$&aDFc^^6CK+K{zB6CW6u1zd=v93&p=ZL+{EC3*%NX{mO
zP!gLDAeX+rd_7%_jQMwo{ZC}krx3Z&Hy%8VmZ2%lFpzx!U$d~?Ek*)WxL>79^%7E^
zE~+(*i;WK6kIjq2DTXv!wrj}Wf!uOJ6s)*anf$_*xO}*r{$D_fBs@7BcM;9FW@yTL
zPz8k$_6kPX{`A{{%_+lWG*033y;d=c6!Si{a-7Y0(Qj~OD{nUYDRx<@W9L*2fuj3n
z!H(2_Ep7Fetqu!3bLSR?Ug9Se5!yI(6DN9%*gPcXFiw<##{OLp#eJlBQ*lKrVKlBU
zXgp4ZC(Vl#d_xJrCuSoOIVGS{T{oxBrZ6b6k17Yzm(iCaN<+~;X1ae_gSBdnY9LH!
z%a@dxUaYI5OnQ(iDMdy!*&M|2xXBK_4q4J~!ke{dW3rrUj=QD%>M1ZUL?3Zo((^0q
z^)!ReeZZP`%jcIMrYR>$c$PG!9U2L7d@HCkWXnn!Z+PHZkU!+pL-Zj#P4vo#^Bw%p
zrmIZ;cm}a>b&^OV)%;0G+TtqDf->c3*2Y4!9S~15tMQ^FuFOr&pi1~~9Tkt;hrZ!z
zMpize4SCwjyYKGPor#{1Fgfp~>{N`e%O`~LsisNbbA{y?ms%(t<P0#qHp_~677Si;
zS6E*bNY^XI5~K0(DuVn~GzrrdBbAfJ1OcIW?9qxe?fAk+yjTF1HR%%k0S#AzWG0TK
z8M6a{D>J@eKwC;PQdqv>3rAlp>LfaR%RJ;ibUoMDPr1P+i^n*Y%STXIxWGk!@_@bb
z5XhZKj|&+|0}&YF^%oCj)K$TjH~Dc(OiZ%84eqAZh&mPSCt3qn0>2mMsdARgKI?ZS
zzaFZERrdT#j?JDm%I~B~gPpT^Qb^Hz$D#48Yw5CTOFt?R@oB&_TC6tKd!^iiACJ}K
zb0j7UW-=|tM&8P$$9%)y#R^Al+Z^;<q!kkwSji;TM5!0iIw<L~Ub;jGqOxl)+%zT-
zgoVpKWY><sQq9LCw^mxOr|AqkT~AT`-12l)loT}J<U5R1tRYad=P9F?s#MmrN5`|&
zI}w(g#kM780u%x0JdUs5do-+Bkq!S82$A?4*06S@!@2BaG21e!d<8<@lR^i<F#K~I
zF;C0Ww#ysSGr;a8*{!3>8msHjfnpwi2&Uqay361`)lK?0yLi76X3V3d`+9D4INg+u
z#3@pg76$xY$25u~flp^3f~U5?X!N6fNtyrG5rnjb7yXi02C-{C_YbYM!@v}-D`|xu
zM6OGDJiZGJoihH~S=$bO(;gzz^eqmGgq?7arCGR0mQ`wZiKllyB|ljPe9}hx5XMWa
zLR-VZkw}Be_!gWiP3W6OVLY&EI?5#ZfSCxN>lspcz4K40K5nxX+S~6$Pqi_X<~9&v
zzX7=mCZw-2imAVw9$YD07H^Z|Q6;Wyhae6hCs2lqHgkcIq?~i-jV(^-7!_7HOX9-w
zQ;YRV4sCYPQ{^OWDdREuqI;4Gt$OM0i-{w_I7i%8a(Bczxc&vsdG*uaK|;aKoB_})
zyFsN?F$_SL$c`S`Gm@_RfV)Uk?7DKr1Uh?1Z!5ny|0(?Hb}$*xw4u6<+k7-;y|ThD
z)&|jr_TqO#&4>&$sOx)0k|LYroJ^3Z@`S7gtc3wfQc~vDquV)ia9XokB9b_8%?c>v
zWfPpd6-b?<OG34n`kVrZxgpYLm0it5(>y{xOUU`f#U<EwMxIN|Ml2o&)z`gZkFVxb
zFW2tfBAB4Gy($uc7;lCIhE~S61e^7;FRi(p+hHb6Kc!5in*Cg1#}l_S$`>Tz3QxWS
zY6RiO^^+njCG1|rU<{Tem0B?|(aJWbswgJ|hKL5Re9E$xK$nclPK>ziS^8$iD>Ykk
zNv$Xk3ydrXh{hA4E02=rP8qN5D!y2YnHf$?Yj}-6`!ZMf5v9DCs?QLruW{b~>$2rr
z?iJ|&5RaU8NG-@C$ZfP-Wp^lsQYX5Q)-3^@9wJ&VaF$yftc83xv)Q3-^-MUU>)@Z|
zF4waxZCflBZRcx6eqEfec`8=hZYiCMaK!UqXstU1dgo-33#<2}Rh3u_Y3Fnt)Z&lM
z#2oh`#hVW;dfzh~LrxsFp4|~ITvglWZNGhnpx~$DcXfV8W93CZ#o&!=3U*md1X|b3
zYXUS+H+X*!N~eRtX|^Ucs-LU%V+mv(AVchTL>omi#&)BA!&k7yMCe{-Dod8x62fnb
z%LLgaTnU!+K^X<%5)R?Q#=q^>IwD}_)A0_RV0BFl-<#S(aFqag<l}B(RB?EO|FHPZ
z(prMq|0a^3G$XUabnSlB!Cg56UNE6uMk(zd-zz)35-wc0KlN=2=5cd&-eyIGqi(fc
zi<-qT?KV-csa9lQnl@D9DQ!qJgVNDWu3lh5OHOyV4NDz&4O!=8;{#6yj>jrRa0XJ&
zX%9W#?zPvyJ#WfS>75??McpZhF-4VWq?F*jE8H<`<OV0TqKpAj6F<o0iJdo*lW8K_
zLH`#8`QXh!tbVA!4{T1$v^sBmhE2Uqp;G+#@0P^pYLWV%T}LdJDUmuCR~;Ru0h!i!
zK9~c?R9ZnQmqHvrXdPVIQBmb$V4!rVOP({~Op||AlyD~nxx`=#hGl8|S~`CuQPhTA
zOXK6PE2Wq)nmFW@(d2j{^NF#IrQys@%{WqmPT16QSHbc_PMYU)_e)tKw%aA#LOj*<
z?uhs0y$~p?Urm^52sRo^%>(P*gVYqTt@E8-w2oclFsq?Ugz_^v`qqnVAEkGJyZk@@
z^_V%S-y5g2&51cdGfbx2BEQ4%XBPbln2E(-tQ9zQ5~g6+bI8~{DsHMR)1fPNt7|C6
z8TT>Mi_aV1)<Je}@@}~(Yi*!XbIJx>By=t`e&30VpYZk!V^VY+5aZa4V#md*zUnRo
zI*?U{2!SCis@f5;YqGISBKIs~&9q4=J{43p%sKiKw7RC+)(5sZ4lKjv(`p*3>*|__
zc$FZaOS~kTN|@;a_Zd*35!D{sS@V!)FvyAG`D+;_Mz^LdjF*#W=|c`sBGIk6QmR%n
zIyQjO^#&CTP0T%3xi<5?b^pTa1l4Pg#nG2TkWb5C?WE09FF4m+t*lXG|FcH|A3Kvw
zUR<(S7ru7abre2ukjXL8g7R33S{$yO^A@rq6V4RGn%e}E?1N6xU*zpmt>&_s_@y43
zX&|sL0pc3$6_ahV92hp95~;U8jHn#yQABkemv}Pgpytf@E{^GMBW!lb6F2g?Qz{*X
zUrfshueVww#hvC()?x45j>2xhEzro+L+Q<H&3u!=>oWl9Vu0C425eO=J&v~hZNu1C
zCc$%Vb|J>%y{to=%WX9BjL|6?Bp6pia5gb#^gA@bSv!}FHnkB`F@MfZ8?r;pL5#a4
z6FX~5KfcucfecC}VZNwK2>WhYi`EHezanib#$3;7eCb-28@l0jJcaxRiXCYJWm*^u
zIt9xzk9V9Y7>4b;WN+=6jj*z?%tj!c0NK)byw$yY4q@&fFCHE)8BaJUivMRL5mwTU
zA=}-Mkcmhe9A9Lrlt!Bn2#S6J+`gF5I{^}PUe6#u-oFG-+=8|SI_EwT#(K2ypm7Uq
zMczjo7y4_ZfSk6!fzk^Zf@cy&a0QUs!huK1PgiO|$&TKsf;Ypo1b3N5VsRN&dXq|;
zCqO{0By-wDu@<N#a314BZKjq$nA;a=fo0;CHB93AW{<UE9``1o1QnvsP_$~EppChC
zRwXvq&}0BczvtUmRfy$s`&+)|ZOjqvkuWW(0EXV_@$rn18_vw}uW7b-py_~$Jl|n@
za)3?E%6w;&$FFqo4rr10jI$t1$}JLu@h0@3e%QX_c88|(_+iVh^L8z|tNs2eY~J8h
z4v3Ve<Hjr%^n}7N(&PgbE@Z+iER*lO5X0eUWml?5s;xv*M7?Wjys1Qvv4E||eo?3+
zQGFA6PJ$t+USUEqOLE+C+63j+f&C=S`mQcS_olU6>KTY(-_#1VWcOqea4XgqY-JOS
zgG7dXTgP!WuQhXdek@bIic|W?difNbs+iE-1P}g}@_A7Gw`ck3qQ-LXuI@%RXDjK-
z+2aV_yjM6Y#hH9ARNy63891X>i#tZ;2)y#Q=jh_ij##Z-t3GLLnG*?>1xFyd52dtY
zDzFXCR%xUw8kZ9v>;-38CQcYT8Q*!SBaV+G%%AG3>nKXi&ptjINlcrRWU^q~aOtLM
zg=^-PWJ0Oc>oEX8Y=QaQst!j}W8S-=POG#_!7XFl5HRN0KegpYv-=6tvM4GFMg63X
z%2b6djwZIXa-Ag!-9fA(R4|7r$!rgap$5;ddI2>!rbKG#i=XA;<n5QP7DHv-t79pc
zO9_qK%0NI59(P^IE9!w5%?>=aCO;QJEyNZTCNJSSHI2bb_N0qr-dZIG`Xz2@n<<YU
z4|n~Rdle8F7|mT{nOe_DQZIq+Bx6(E3t!Y~tF;d?9svWcq2VmVuKvk*l$-o`n$4}I
zRO4Shfd}q!i_QUfg9*VBL$cUtGrCr+3M2P3YSE+&wOTw2=CQrq4@HM>!K}qfIOPuN
zn#rltY^@)Z!DvM&)qY`i1w-!-cGxM#ep$!B5qN0K4|ZBmBGm?M;!Jvbuq<IyJ&(ys
zM7hqw#}Qy<Q~JFhO^JjNgh{0HKzIpUHcjN2V#Zru>we;N?sAqn%ei>e>l#H)n>8Lx
zwY8LgDD^_SA({@43a@@3gWnN#8(@}Pu-(pE+I%ql6mjmiY`e^7{F=&WUfGr;%Y-i(
zig`HK+NVDukUKIPF%ZZj0S*y*H;gK2aUi-Vg?DXFR__cEO4=#XKR_rP1?EC6Jj<u(
ziq;e&WO7xg?2o*=tyY656VSW@X(6g*=x7WNyFO?^;9XLD#W93dp7xG4qx#G{hr4)a
z93Zx~J&xPGimhrRS5Q{5nr%Hl2GT`5K8YkBxc$`E3vH`0rq(z`$zEuuH5Fm=;t=X8
z?XHefGR%uGfPMYVwt^>4Y1#?1XB$KU56AbTLw6^$XriTfkRkB`W8bk!U?O&OSZ)@p
zBwbkTKy}KW=?lNxgr(DQdjQ|yeqA<AUh3QzeVv$Kh-v}-(ul7pGU$AP3ht?6PQZB(
z?tShF1$kMvV3ALhvKVxFsG_{;FT`S0sU2J3aRsg%=}BteJ)P<sSaCjb(01^+OARI8
z*dH{>zZ8yn`G7tI0c)vQK&5^6&;sjfs-si2L13aHYq$UBWbd6SmahMI&W2U>U-mvt
zO^JoWFe+W?uObh_oc!N`7Gt(<@GOp<r0B>pK?C>5bf^_b-BI|D%bFTAcAADb(zHm^
zA{vJx&n1@86PDawNAITR4Y51%y8*0tVkD|akwiqaBJ~QtUQ`Ju>@yb?qG5<`{?7k0
z)W)zGkd<?!aUj3w6s28`&WnI0G?I$I8?+Uh;uBi~XzZi@lqB)0&bxNf%IK&Kq+Bm4
zz{7LOY|hsrx}!;~7M!(%6f1ODh-b)U;w1FXM6$yB%$$@uF<FSza*kgSJ2WF97a1xa
z)}-I*Mv8G!OKuGCQRQo~N`MxY%UgVas@9rj=zPs>&{M^a5VufDg7C9so78Vs>(TXV
z+%HxXw%%u^+{0;Kw@K~EuyeHrX8fU>166kYpvmUBCVTKkMLQCK+4AQY?4!-y6f255
z1^{2THx0Dh>9K-H2UZTuh&q|z*{|37Y>2ua8j%zimo$pVdI`c~|F#)Y3gCHY{pV-{
zEw*N5e0hSaw8Wg$yRDmTZN&sRp(V<PZNMMDf3EhVKx4r{bULIdmZli!t8qZOnC$LM
zge|-jPHiX>`PP>x{Sz7zsUPoJv$5JlnG_WsZ$x=z1T7}_t%_Q9%Jz_e=u`i-@u~M~
zL58H1^oLU6;+{gL0JrU9hE#EF1Vq9~7JoM0N)prs3*~~QCTlr4ql~88l7wRgx*NKJ
z_&i~z+@p8Z(rc<X21L)6pEGT!5+Fl<j|@it`@xvX9AGNx=Nd8FU)m$&@+K&!NcBC7
zDIwZ|CirwN5B1&BkumTz9j*jUnAxhbK8}J*jrVxM%*I5TJT1$Et(*L!W#E@9c4Uxr
zX+K(*O3zTVo<5P)IEUQK*JE~VuhYoE>ssptMx}*9>fD_!6=-!Zw)G6u$CN+o<5DJB
z@N<WpM1I%jL{?+UrsENu6LqlS5T{HW{N9I<mu3K;gNdoT<dB0CJQsrLD9W<KouzH!
z!R^6!NBUPD_ezfP;R%Hiu_XED9#RfIO(INo^gv}LFF*DEiLi6>s0d4QVV+Jm3~51U
z4z{m0Sdu*iyp_V@zPVUgdWQ?z`G!Ef4Jv4z%xArf_ewe2l}3R?HV(zy@lw$_ed6>z
zCWXM3hJoA+l~(hnM26Y4{Pe{zv8}`PYP-((HO=q{NXcc|)~RR?pBEBNvz;Z(viW2W
zI>}4Yoq{vrnod$3eX}oblcnu0aOge~y+Nefmfff^RWBLl;?Ke&$;fTdz&p;0C7-Iu
z6oT=nyJ7B6LB}Vzl7yki9DS7kkgx^*)=XAj3B|}{N0|vBJcN{nuHm(}=~~`ezw%@D
z_!H-1fBc0_nr_!zpr~ZM0AJaBz%yhGeLmeVKM9AqclwJ6d4MkXC+`qnfAo)JodXwt
z7%IuC>v5jDfD=hDb+}5f|3;`FgPL)x40P}_0NbU8wNba&nSo4iL8kP*WF*Q&+hc2@
z-{P-C(nA+)jOSohqiT2ccwrqX_vD>1EAw2?(cHff>mO1DUKfGmD`hk;Rm{OGo^yb-
zKvsZ+R6>XQBm!VeawP62Kjraq8}_5Z&mqJoNZLtJFas-PMxoJ&x&|lICw{)<7gb4)
zsbw>>6W=KC`ItLfU<8hqkwo|nmJl!bvuSv%aECr6tf<8bE}pfxd!`vOZHPmp{+aU;
zDE-pjBz}db;|L1?#79fm(<&3sCc>zJV0w&R;8(Sy|B?msn&Jnf!BkQw=bTna7?`+?
zS|;_BC(TvqedK}Ue9^o)FAs-MCU08ZK_X<%BaKT|e&F>y-m{~WSg<CfLa}}@THo~H
zfQe>IM23(kc}nUPe-ajs#YAtSu@x>87rgj%sP)oE0#}@B@IZ(2$?!Gn?6Gkxr*k<3
zs}m1%wXN(JKE9)W<B(2SM1@WBO^kD@EXiX1W*Ci=-q1BvzuM+vnS=v$&L8Cfuu=-+
zMYPWRdg3Fhg=1{ouLgvX@}0$ly?ww}?mdL~;ln1SB+K~q=Wmd&2Dn%Y<gzQ25jiV*
z#LK+(@|B}2-#DJ4hhnX1Ff{c8TAN?`xjR8cOuveUV-v^jlleyzzfEiFQ8DGeUbV73
z!HXjoFNZEarqDdk)~1Y>YSQRiEz`@?SLnZwYYvhAkt4u_lw?nVrJvd%Z34dDKKG>y
z&di+PKS*;gokjn>4|1eR6hzom*K1xf1<}eUG2=H%Dq&vS({YhcgnQAZ$0(`j1fq9|
zB3V}T!CGwnprRwJH&T&+psbBQn(AGhNi2C_erA5FTG_DZf$h(4@&_AI??qMqevLra
zrA%~!;bEh!{Ocwf;Hn0d?K-}Obuo<D`PjI!vAy|0$A4+SV&H{egAs&=mZ+ms3eOf#
z4f^RmJb4i!wJ3b7L#hOaBDxdp5K+YA2*=|U-|-WVp((8-rX2V8&m$!^|1B&STh&_p
z8?Rd0n2FWh{IE7$9P-3t<o8l#5eat1lAiZ{1O%-Rdu3zS@~(`a-Ya%nFACWyY2-L^
z;Ro7FG5iQWw9A^N5%-_Y<+UEu>o}9PXxAv$4H}!EXfdr^2j1kMT<3Gs&MP#AgZ`-;
zYfjqSh1bi{`cV6hOMf?oVz~v__R{k4$A2PSo0440b=>Hu?O>?K7{5w|h<H#a#W0tm
z|5L2?bOJ$db4(Bq0yddT3pCB~8Q30})u0tbOF;V3ODBg=YqBnTNLT6xAS<_JP1U!R
zXZ(8Vl>xm92%<w4bQ0sYo@TJopadqC?yk0Zts5$6GGj3gW8hFBQ_U=?#gqHR_;>3J
zy^FMvi6p?(xeVpRJG3<vHp$|ED@DxSde{<sdMT->4>ln)<>+mCx6^pqbIV6z5Z$!3
zRhS$L&U_=6IYvbXi|j!(x>}>bo6*jD&25dG3(fpv|F<gB{+Tq#Xo-2%i<+uB9)Nq-
zP10uP$EknUy|pcv;n#xS?`{J$RnUX2ml4=%Z+8Mk&JW<995f!@j6UVl_MM$(3=flO
zB+^wfEA?rJ`p9e>ARRfpz4V^pWzT#j`g9}kbJLRv-F)*x)**I<fty_CRjTv<wY$l^
zThtvb0=S{Y6W*rPwL%jMJP#tsI_f9e<7j~)DP)^lEzKk=EvU`LyYpnf3pSlnY8-`u
zO^6o$^q;Yp;@CJn0mx$?ynek)72{)L+x?5?NXP2p8#nT<*qMmenM~~xKjz#YkC=2Y
zDVuq&v(#8zjxw<`pz3~B6=dBY{VO0Pm`GAwwIHH%4QcA#$M6RdV3Kc@BfXCjrZ0K|
z7DF*+^ViG)Id#Wodm?L@l%3>m_|q6irkAl8zfj~Jf*$0Uf%;LJL%!bwpENsb989jY
zVxY<Dcmfe;nmXA(QM{FJi-bSj>E|zgf)U%p%w%60G&GOF@`3Z?#)j8{c%YB^kW$ZW
zpL=GjC8g!^Cnlc>L@y#p8n*HR%B0DtI0J=-IL}CQaSEcL_VT$?%e8Jicf}7=z=P;H
zpbR=aT^m3rQ0xas&m6A8Y}IwAhS1zeStX<UiwiwZ@i;JQc&%nOG7?|BI~#Xe?TD-?
z0NkdMyQv8J{drD7yhy0NR3j()h9Xr-{NVsbs|eln3`70-TE+y>IRO;M29POhSF`e#
z6)J<nC_;$RA~qx!T9zi};51Bc3qq2GW$=9_vAqamobtn~QXL=O%q{W2>@5&O2oV(|
zBg@3Wf<_k(V&v<;#dZJ_Av>c0D#STkF?^YCcz>&%KB7>T{EHcY_D=^0t5|k!VzJdk
zC(BP<shISK3#bE9f_)I9lN4J&`QUvbQt+q<P$Tf?Bye`QfJ>dbONk-q5NGx+Q;8pc
zF*t(!nz61~s=w&VkmP7rHYQr>AV)RNK@MB)jB<0^=wF8yfR){P7xA2zN+)Acg#Ym=
zO;Vx&?b?)7AAGgM%js+{C%TPZ27WT@g!A8^Yy2xrIDL#<;ZcxJkvf8K-VSV8T6Q#B
zwj{jtfQ_ePYa-|$WImB_OkEuZsW-Cok8&TyD1Gii8EFmw))#3+wMNEJ)$$_!HZx|p
z4{)T|4|N@f7mp`Z1`37<;*TsIl@pDptufB(ru1?j;qcbsCQ%Oi&Y&xLS!A|OG`9E2
zxUI$@jA&0`^EXjXRtYv8IxGM8tW2v`TveSMz0P7+t=4oRZ+(j4MZ4nVz|pvF=M`Ba
z<{p~%T>TW{I<da^Cw_WE5uJ3E?zkiPqxVfoBOK9;hz$O3VcUgTzIg<Erf?iK{5?c6
zyvq!sPV}Wx7BfO&KKhXTlPsS;K#&p*%zP2y6z+TYS?R;r%x*P1f#111Ty2*~(^0ln
z$vN!6S|JBUf1bF57&JYnggQyjE7_f%_2zPCa6$0d?|cO593QqPdzoBpzdjfe3Y%7P
z4xs6doka;z4Gv4Y5vZwZTnB3)JDQ0|20Qd7$$$4)ngA<*<hKK*;XT1=j@h*I5|5B|
zO9@Akvt)@E9DdAmx0j?09j!!;3!!|+z5Io=I&BdF*|iCwcW)PJfzfHt=HAB0+b+`E
zGi1rlLsv0WwLRw)sL&2s&JEN4IeI5C4XqcfYG3Oej=w({*bjE9^$2EhYze=X{5|Q5
z<Vobi+E14QSzT!F##5z`YCi5(t(eKqM)SkwX}c%+S@#!{NwWZsp?AQI(zTZ{#fZ2u
zVc%%YT<-JgQFQ!VnkpJ5QYZnePsgBZEn4sEEv!>wORlh#fz%M{;^{;OQ?++yDR*Wq
zWUYDLn`q)`uZ4Vlf#Pz^KFbXWQuX~9N0`6KS+>r!j3e#UkZs@OWIH~{$w!J5$Se92
zNm;|q;1ICwLK<5`JeJ*L4V`yt=X?e_pil%FTUbZG;qQ7*C(1HW@+Mj@88^qayJax)
zU;DI`om8OA&kb>4B60`!e+q|UJX8g&ezIoxA6j#;6Cq;LM0zx*CfQhFM|J+@_GB#+
z7vm35gaU*D^)qqZex)2PnG9>CT|`{(a2a$mf%}%!(Ys=Ub~u&X4P%~Xb!16b%q{ZI
zw?q0`_X|zR9Q(BIHVl^aLyR~R$d}}K*{F@}vK_F-oYREx1iMOr^V3snQkNP2R7;Wx
znKEqEiRWbO(laY?B&61Mmt@c^?ham;h*FA#lV4-2c0-qf8;MgFG`M1AHCeaZ9j9e7
znz+lY(`rWqRQWOixd-9;bsYexq`pUsj?m**KN-8t@M^>M`?Ys6*G><pD+8OzJ`ces
zp}RG%+!#&b{C5fnWuAi1*6QND>^r>;JSQE{h5|K{XZHl3AC;=Vuy^=O^gRSIhQm=~
zLTMf=I;zo2#NBpmF(8%Um9a+k1TKFw=$w-k-F75>ytE(GGB{R{eJ`5HaBfOERMO}j
zLx~65u^u43KQ7wnLrv_Yo}OSzzMSPuD^14^s<#=R8CTYqnJ8_y?sCdN{Sjt3%NS5q
zk#Aq1C9*P^-qKlJUrfNRQSQ5u8}>yvA+|+PD^Fp;?nvEc&4ozPa`e<x<Md_iVpN(Z
zh#eT6E9BN@M~e$xfW(e=kF&G+$p<LCtH4tT15Hkz-L}_pxGO|r4b$7(TR|lY%;PlJ
z7H}!`yV<?|>ibg?l8t>yfQ^Zbi@C`(+vCDs`bcog{5A00*EjQIXUB*UbtR+<)m7@}
zHIM=GZQIpm-Rk$@{r!BF_jR?jKd9HLErIjlj47ata3cApP!g`dGdK_P$vI#hqVOio
zP>z>Nj(l?CWYt5u2?(qucfB_9R6Ry0Z7muN<S)`xwq%<sBWtgfz5(0FsxNCwfgVpR
zrQRw_dMGlc(}!_6wqM1rWQ$^i0x5ys^A01-GI=D<E3&p=wMI>J549?i%z+e`gVq9;
z^};8NsV)8eyQogyY-HjHW6LMB_@}U>xMcU5wZoOTq`p#M9WGlZ)fqvJQ)&q`HofHd
zT(8ixO?|BUIzMhyQwy?z5a20_5f7E%PfK`4lP90-Zn%|AW9X|I%b~|?nN&qd?x0mJ
z;=+heDEO6B_F|uFb+{!h%pvJhgH?!_rrEAume{Ma=gv2o<H2b308!>dlXqi^twbZe
z?}>NKgN0^d>)uvWpR?wp{-D0@<f~Hy@mZ>2&R-bB3t`T}b8))M$7(uU2%vmh+9xd(
zLdasgPslZF+*T=x;Zk2M>3+qxTV_8QVSPAv92Rwyf!J!77muioqLNi%c3O``@5oHh
zvI2jub{?fowosd#ht$7Cl^LFlNiLg|!DzOA1{V1Olf)j#*VRvV^7rBzo1{*7ZeW%9
z6kph8DK7Em4oe8!)=(w^yh#bNvU6)+^cgAM7*We?!nDdwGsj~@nBs+7J;Y)z570_>
zwhtUI)RD7xnvS-oktO{V$DTS0ueALV-n4)g3SF3Mt7c1%eNi!qEzFT?aAGbaSg(H3
z(fdQQ^eLBv_Q?Zh(nIVs(2Zx2XFz5|`G-~$Nf>jFU8iXl)@r^55^rJgm|O_0Jx4J$
zApudt>9^IWSeQ3R{c0lR1a{6SNXy<Ej3KIqR&|t%I-YUfenUM9))Z`e5-eIq<P%{M
z|9o}|Pa#VicR~GOk~UIZ%ACp?rS(P@@ux|Kx5mqypu6ZpZQEVLnV^cm5lhRXyl&#k
zqH9A^QC?-ev3fjF?luCoDe^}l23H4Lis6a$->5V?QFraat9FH***xfZWtBp~dv&=f
zSFnwj1;g_aO=KiJ1?R~hRq_Zv0T^WM?TC}EBe!juN}gcB!lPeRyMv<6%_d@L39b8*
zLkhZwWEsImU3HZ3=N?pN@10gq+jMr!w<Idjslr3a;C<epKY34g#95^K*A>EhVtPJD
zFn@@BSCu1+2>N|I^502LSR>4m4tX+}MUt|c?%>)p+F<g!wwm#kPSX1sC*=<^YMO8+
z!ywGKJSOysjIv!Tt1GEK%@v)N%BWe~5%o>zBmlw0?{SkV;W7zAcY)H14ky2LR8vNK
zr4;be$(}8`0$&B0hlwJ?t>9=Jtl=5hM2L6n*tA?2CeFMkuFH<g^^%U;ejB?QOIq7z
zycrr|(tca%)EEr6Sp!$HE6FaQ_F<%Umci;@N2y1{aTVktL!D(F$$n2vsDim|{0hvZ
z1wf!vs?xvaY1tLQz>9A-#59(b_uo(&-YcRkD+8h+$bUUVBJ$S5<<uR=(<ETQ249TR
zuKqRMeXWng!Q)D;vtJ#ILnU6P^FUG4f==I$2a^hn3aaHN+eTJ8bwNSp5dN#*Mr1^k
zsc*16Nfa8~<T*|eVJ};rm}W#>5I3aifl{Cg+*2P~;w|x|{-*NmmiA4@DdwLtL_@Hv
zRtWM+uMF%x`d#htm9OXxm%Z$#j>z5ioy%=5R?TAGR4-M{Qq#APAqjaKJ6JJKU}@UW
z_?)lcu)e~`h3W{ZzcmZ3dC|Gqa(yRf=9;!v$1OF(P5F>$v5{RzSL0ILVA8xyc<z#p
z0VA&W*kkt%1b%Zbp<(Fux)Y%C%RS}W)T4i)tcMH|IQvVR+3>@$I?~Y$DEn~CE2}7Y
zMPBQkb)-A=yQ{yUweS0x6SM}nJDN;r>t?S4LTeA~q*l{%^sAAO+X$JD)sgy)G#CMR
zZXos$`KkIUz@jQ{0o#1$;rNi{%rmo5p~Q1BSL>wE=K`ODBDbM9mZL@ib~2lQV}k9>
zhK?=FGi#ByL2<R$PtRhZ2^=X6bj!rFa)@m!v86a8bM<2?(?Ae088}(2BcsK0Ts*{d
z!+WRS4?k|5EB{E{-fS|$hA9j_?d|1(pyg2ADEa`hULL@FY|H`1d(RJT4=oX8o5`dN
zWOF($;TXRB59oD?WDE846d~8(egM1VU(Y2}^1w<qA`14dw)UPHn!z(y+S<TE^bCx!
zzj<~d)Sl%6yAb4UKYJQtHa;;?Z`~C$5ii~vJtXilny|ZPSP;-hc0APHS+7a};;v;d
zVm3VqQEv;XusiotBjF@g5SzD22W}pgzxE*H8&HdFlKC&*J;irMixqwfJz(Ak4=y@h
zU6g{00Zu({W%8hsmK@Ze<J(t8#Fjg>UY?Dk%gH~tQ}i!+P8^ZbPr&#dTGQ~^)Ia-S
zaUnQ{*lZhfGJ*;5p9b)2Wuvs2eqc#~BqXB><Q~+COwqvp)!A8jHQ5gk%?fF&@!MHS
z6?lZV)l74atS+A*f(Zd=oTi=h_oG@}eqcp1nr?mNX>W7BjFH%mP(ROqwrt^lb}|~?
z>Tl<<`g~9)NzcQf%>)7dTJo{q@U8ljaX`gWNZw!t59cRLMf|*A6tn77L<?(GtgyE!
zf6peDnIV6=B>amPLvnY2d48iX`v5`9=f3b0Ep+t!bnI-9cInA*>?E{f-M$QQQ~K_l
zdJuSae{#ucvWpL_q*PQ13j^;bwZ(MM_5z4Uz$jY-YGku(4KOrUdt`=fO1tg~`3u>c
zB(2?|_A1gu)L24`mSgyI8LgZ?<CQWFAfncBIjo&FE2kV9*he;&j`Ni=ZX=X3YAqJY
zS*=li#4)GVgSZx0B*;59uZp+LAa)8bcW+r~?_he(@7<nW>NV{?iPkE;I`r+eTd*r&
zc#QilqrjX7G#N9x4A{N;HtEr6(~W8lHc!+pFw`<a>o!QEw^Dzf7s%iI`F6=#c-z4d
zUx>|+6R>6f*Shw2VD^6v_YdlA#&QjoivPb^>kqZKqwNfHf!*?tYboXwmntCbO5K(J
zQuEeXEO~6L)Ad!G%-xvhF$UpM_c-Io0pgj?5pb9`ORQD$t+yU0s8it%Sgv2S<)1S<
zw`1luEXK(<l4r}T$}|Czf{0Rom@V=1SM|$vaq3H($pNpqSL*Z!g}t@jP~u}WDXf7;
zziVerS3La3PI5^Z|GtA^<7bv;{-u(?iM5-{z_(SbaJ7aubs1sin!K%VJytzp`F!>k
z=jIu5sGCxCRd1Ob;<6N>lKCY=yj2NE(bOICRM)MOaO7^;h$)m{;oTym#o86`(>XDO
z#z#s@Tj9{3=-;K5@`bYVuGWR(vW_Zw<91~(yc&_eUNH&NJ2?tov1vwQ>CpUXPUhXC
zXAHjdeg+@T`E1kKKE;5|!V3p^Owi{rp{8jr!=^EeOd2x+7ZFx#oZcl@+rG1W0<Y6=
zm`#JbzZCW+P2oSZQLsQp-D3VE`)W|TzDi?{ku`k-e@gOTde(I~THl&LwIV$;YuM>1
zxWxl$o9!*021?eo;?*~*Vx3ib3vLR4M%Id-bl_Ro#>}3sn<hw0vuzSdHL`LvVy$T{
zJB-CHcU-cc;j3XJwFiblCbMmOZnjyi_A}V-008%eQi-`riMizaDz&1^IAz}6W)aZu
zuLZzr(7~pz+Bm)t!&7Y9zkzAdE^8qzjqUAXCrOeT`+y5dz#o&RnnB03C9n$IY4h^|
zcCvzwM0U9GZe8JZK4Jjm?dr+Tld<ipv!CU?jG`!IOKrG#Y@Pfy?6++n)p^k|uH!Y+
zIP4U&i1s+B__znlQ73>xptgKHo*<$^dX1!Lv^J~8)t2Hduf9ByPZ?SUq3hm6Thqov
zjVdkAv-d|qLEzhC=~&19xDUR$F1mTqX<(GPHudl|R=xT7y2&~JE{DO^N5Q4Gm^Pg%
za;qqlO=WsrSB3B@z{C^WTj<bDa%QF(>lqWR-n2dHAH;2=sOvgq$EMF3SlMM=)jr}^
zWKFas8Z~Dq-P2jVP2`JQ-<i=DYG%NL|958}FDI2BJ;xEY`4qLvvm{j^3FyR~znqkw
z?l}ItfQG-pzW&MQ+mRnFQ+$O&`AuK3?sj$e4fjjV^w_@=C&%xzm&6Z+!^1BWuC{N{
zmo|({FusF;hTId&HFz)Fl9tc{nVcCusIF&^H`!aOFR9aFd5S#KhslLf6*~oaA8K{D
znurKZ@gdp*Bbou)Kea&>$8+6jId(M-2^$G&qtDf&&Cs{}*F!)(40=<7A9@&9G$5a1
zcUHrdMoYvpkJU)4%a7LLO_A@43r-50=p)#`gAP#i8q-=&TI(9O>)TBMKF%!shj_bo
z#tOb0sZ`xuDxbF0s;6|EE3{}H7Rd&#9vGs0F-1n?G*<y(7m%GXIEtIh3IZYzx7?TP
z9S3HvBU6_#ZW&ouHp`RM%K%pxv;P_w_z8}<s~Ss3d75ra%0h;?Yj;|fotZh_T8q1x
zn}f@5_wlzYz>~lB|17`zt4DzV^;>4hr@fsTl~*CEa*4~D$aF%5RCpB5yi^PsIt6m%
zK-kdG!2a}|9&|Pb%>Qf6<xtv0EG86Y(j6E+dApC?eA7(Xj=*k2{&II#=myPjho>mP
zE4zE7<apcF9M`u}1rDJ+IUly{?e&nln#2E~+wYk&zcQksQS;m=l<Yt_qfh1}UOk-W
zN^OxmAIZBxUcJn~pZ&BSPKJLw*>Z01q(V<!!e^}Eu{ZE+0$jydI`Y$Wne3PZLrg8b
z7;u6o1&RKlE6|&Jag3XO<Wr9d1F@6U7b}tYHL>+~*$7rB^rbbamPF>mOjoWQBqww^
zVaJ|1B-18sSkOk5Q)S^EExaA70Bi`<8{6!f6!flS7iq$UIK(onU*LMoD`szp%awmN
zp{*UuX7jb39nDK;+s}y!z|R_>Q(n)S7CrA-5g6wa;g86S7;qb`5COXJRc%8b%Hi)6
zLIlz25&H4$C2@$m4LIC8Im8`NdOI8Wjw~(F@6+q&KbhcO1Pj|7>9+yfK`x|M2R`{o
z8SI27OzTepRl2SxRu*F}mF$9CcbC>#&0M3Wba6^&bOkcw&Gb~^^d4cB1lYRD&Cyn4
z%;jX-7czL*_IGyuu!+NG0Nk3ECeLTiD!BX~(q&D5MK)n@wDtD9t2bD5nk1%tj*QMg
zSPsb>8wp5Hr`lMA3!hIV=6~#;Y~L?K3R>+SwcA?+3-hqH&5!>KyKbW6Z9wfON*(5O
zx_?6;mjG3Dy(w+_<gvXJx+$*wfqUzCB=L5C<b|0w<eLa^YL&ZyXb1TChKEifBQ&L5
zfC5h53kclRpDNp`9onX80sbn<4ynNSYUl#IYJU+8iV^!4q)30gzDw*(JcFuvL2>*|
zp;gPMQw0>~cb&V))AoQPP|X)<p%{GpIZ=`H9G{2$&;v#DL-$x|NFLmRgKh3MvG$Q_
z#Mf4nrUO+$2E0>|ep1OaNdv@Q2-@G6%^nvF8zkT}00K4%fCrYWC7vAv60@>~cTSB}
zwohkxm8=D=9kdR595(v&g)WN+97pKcb*b<jLF*W)o80OXf%KWcR$;)QroGt{EzGn{
z#&XV0^V1s{`V?{`z-;5KxuNO?^rl>x;gJ1#?uGb|^3rY1tI(DHpGW0i?vFLN9$5D!
z(8wS*)Iqn6Q9(d8G(oq{piscuN|1YJ^vEEcHHgQypkQ5XVsT5btd%h}=j$}%k9&Kl
z^T6I><wKL!7_SSaq(Q~ogX$b~a#=`nU9mw|;#K;8r=GPv3l~uRZL-nU60@6NeWhT1
zLxR#wWo3+HdxC>@>RB62EG^2mZ0`i7olW7RGOx+vh72uc1^Uz(=X}BR)BgFbURpYh
zP&2Bp0JLt>wG)~dVFQYriD3gSv;ghv3AN&@L__WDnP4T5c=z1h<Hq-w-y4%)2J)H8
zEPl^D^H-NW|Mbkix$V)JsMC0;lV13!TOJ^<J68-<KGv2O#3qmd4Ve08u1wos2I$5)
zg)<jPB^hiZBZY1wjp$FDf#7~b&Yo@wZk`AUjWKH#7wN-|3|n)nf3s51Ju|B*95Egm
z+;nfKFY1>apsfXF+fkt>vdr91NV&vo0(?NynK5PK0XK%A$CJ?&`!1}ZK)h8JU$@Ta
zP{7&hKT`|xGqoi@Tg!*^SL>H?1X+v#;1yHPb=Q7jgqu<wtU3Z?@t8hW%vI<Dm>gEf
zNnfa6z47>&o8n#6T3?LY-;NSX*m_5--;J&+3#n@Bv99?AHkT~H0`3>3n>0rQP`xKs
zRXv0Dv7nUm_{z`ehWmN_Z;SSG&^hIjdLALots)DysY@s8ok^R0-1vAt_(?<|@!G^J
z8Db{6-6pMlhfZZrC#}U;bXnW;`=DX{I%#S$Lfl+9c1~f|-a7r8-|aotJhe9k7kq8f
zOalHvnTAs0%<q@hId^q=<5kl@V9MSV-&WxG>=P@kzg>EY<~zfjvG#xFeCO1a>Dh-d
zQYm@uaa<+EF=j^cX4-;|*fC|B6gya~g1V{5x@kONZ5n5xyHW3;wvAbP1*I+WP0FNs
zX(@QjhQLG@Iv6I)to6u5j`UmuOa;1bMq1@>V4Bk*AKnT2j-emMHc|w5@5+CHY?7Oa
zA#(P%xUj$5PfWD#q>c!Z*-3-azpx>B>imX)t?UPJWhgE}4de%$@d1<EJQdd56>JII
z9cZ~z$Lc1|`a)C;cDgBs_FcVAg{ECHsli>e-+AIU%ZDMBWyXN*!(@CBsX2$S^7l5q
zXs;oE@8##p_}2Xi$eJU_r+_x;^ro(xokuE9V^SFDdV@Q91G?K`ImMX$F-Vzv^+lNd
z)ye8B)-j!H$j(6hyL9WHT*u}&$h7TJX#dBMdSrJ6j4d~j$*d$lR+|Qyog_a_AH6U}
zUDNqY%_kMb=z3h*G3RiPJ#>*$BkC|04=|M;0}9&#wVB3>BTP!p2Fv8NUT%#Q8x=Rb
zHg>k|Y8Puw(-Sz$eBDCk**=8~_!K>-PRS<u3JUk|X8Xw<ueOowJRXL#rS+m(%f}QH
z!D|{Rk{9c+M}>?8`YDq7E60=+Q+E@4RURlms3JVU02ln_KEib~6JTqx{@g*{hIs_8
z{qdcrO@gLNdB(WQEEjp@`nXtULGJnDcb1P3?AJfnCWw59o5nH=46dpRa*F9_kIm--
zOh)|NpVtaV<)<ab3BgJC%-7fDi&!>LO{6-1uN^U3Z^n+Db-6Lh3+SZME9<BFwDMQQ
zD9|oBE%+`vnSwj_$G_%G#Cx6)vCLzt?#F+dDhTt3_vOm-N(WT(M&k**Ll_$=YdUJu
zp5x;xnInl<3U!O!lMNNpQd}Gg4qz(F9uciRX&CBB@#EsWLm8>{{VJ0!3=i++%F0Ta
zC9R=UvG=I9AIx?&)MQ8Oyka~0(Dlp;cfudc1l81JOXeOCbg7Q<C8@Uh$Ho6?;BYF`
zL8!#sp?++nv;mf=AbuysJECOoQx<zCm%P?Jo1*^=bWf0Ngrx%ifZDN<qN%SYJ?`fo
zq0V^3p1pteY?`h4zdI&Uk=;L0t|q*F)TsKFigtC5&TPNP@ENujx1YF6dMNd}>7dJj
zya^Zj2GVa@lrrrc@_Sw<HmRSTMSgu(dxsL-`9j3Hb9sO8l=|7bpYV*AG5C4D@Zc>$
zQyw3?&9aTepG1v5;E{Su(2(yWJcPuxy04TLm@*5h+4__i`*BTY5S$>T^2ZPi@6E22
zu6DjINN_+4`yWNSL*xt?<G^H%v&&@HCGnC->yg}NY8Id^&{y;Ii1s)55=uW1SQN#z
zJGM%7-bZSYcx5eMK;PQ`I*YMT`w#b_t-H((e-YSzmcMxa+|J%i#o5kPFARiUugM1N
z_VD-AO@ZzEejO}F1FGp@ZwVyWo7*gS=G!>SY(IZQ5xOIzq6YYOl2&MV<$f>?^}!10
zUYMP$R?NwGa~ramu=tU`_Odj^4?&kFi6pOg<w#YH|KUo%%BC%&FJ0tw7<vah3VCYO
z%2q71TVy3I_65Hr8YRoeKDYTlbSeCV<*k~U6h?`^pJ;Xf11m9i1Q_c}jbnZ~=%UH9
zViQ@B1-kbX-eF&&e}QSgr6{)Gkr5&XSq72^o28hG=QQ2K2&uoMHrQ<r1?+^G{WrLq
zfstQ~ao*{|oyfTr4aR^tTxqe8Ukt~5e!hs$`wQnc?=UpLz8>l-=btgB17#m+R2@{Z
z=f)iYqd4iw8dceH$VGDR4FZ)j8&TKNPI$ll2w&NmQgg(jX{)>z29D{keOKTG1c3?)
z%ZvBAFuklUUk@b^*gEz<t1A(AE74?hzYd3Gi?oC0{T9+h|MCq(uzC~D4x0I?S8@g!
zz7jUb0_1n;1*p>fd%yKf{E8&lwyG(U`3)xyMTTR(J?gg|VFJ2UwAnbGIQs~<b764W
z@j}KAJWcqpXMd0q+=jcm%+P`pf}cNmH#o&IE1^%_3679PX|i2>7<HR7QcDlS;k`D7
zp;zsgZ<hnib0WaKWc;u6*i*hv)5N^32~Knt;n@OAu<1ZH6yG%yOkR1!btxKO6UZI8
z42WNpIua#Y#Xh;Iv2fg<A$%|iLfjWU*lvxGxn}bv8cPH%o&2nBx~r=>BNP9OoWl0m
zC%ht_Azc1f>j`BxiIe-Th4}-+p}Y1WC+O{l2BaX@$Y+iF*4`ol6R5x6&jk&F%Nemx
z5jukpAkhbKSrxL36vGhr`?25Vv~-qm+Y6;2EOQLzq5)^~(qIDjvY7MKC3pHM%I_%b
zAL`HCUCi_JruZr^o=}Ib+@kfi6ejv}_=wqy`v21x0!0oTc!l02CI99APLuj=8dKv7
zmU>*^_Ya%5Gu+b7!ChV2E9gc0pUw52nVoG)v}E)z-Vh()+e-JNp8h>uZ!o%Y$tI9Y
zLwz7#D!sQ^2=lw7s_^5>qz(Ir2}zIGgV3L`FZ`I*S9Lbbes9IqgLosDKl0JJdE5gA
zk%5<oDy)Y0xV*vmJVYNQ(75YkYH~>w_GnI<cwWa{rQf!frwbq9Z;@<}doL**U=D6?
zNYDgzfMF8WH*;Tzn$(o+BTAy*dS<si^%-AcZ8JJGJt5qIa99jj$ty9NV4t+&yP2si
zFZF#Yc5PkGbhj{Lh<nw4+*%FsS_L>tCCDeavd@Br*V6F#q*8?|ht+V9&m*79knS1Y
z?v3G9kNKirZB>JE(=>L|%f`|+S`$ONcwm(7oyd)c_ll$`$hLn2^e)9<#hL=9m*W3o
z>@9%eXrh17T?kHa3Bf&haEIUy!GpU6cZUtZ-CcrffZ&7$Hn<bq-GT*oyOZz!-@R3@
z>Q%ieW@~zS`e>ii-M=1Y5Z2>NyU4klise1qRrf8K?U^6Cb!{DG^{+zv2577ASv!2R
z59up$$C;qIqHGm6#Y!dboENs4Ew!`-aj#@W*SfAS{kO913(eicrl|v#vpeNc$1=wx
zg*W>X>g{{lpZ_~OU(hElSQlE#kkz8U*?bQ#^s?h1#Q8o-m@0}0l4R7kFuF0pHoVC%
zG?P&4z!1>)_w%IsEJv|^`W9Ui@_Gha^D$b5@EdNn18z1x5tw%ooL6;D<`JI-Cuh9}
zPn5kCRW;3%aEHSSS+yQU4Qg*65^{y+^PA2gh5#~rT1cAF(8<`<VTx{5|1{{PgT_wP
z@tR~EQ{j9#>2V|KTtSai#Wkq@(~wSK?3eb~k2#t%?;Q!mFyPDNG14;(u`<ZSeo|ZV
z6Z$NsfQhd8*c>OB<W~3hMd*rGLf>-J2;Zw!v+qdg4(cJ;*i>p|xEFZ>vjDJ*aA;9~
zg8*E4zNy~;2Un=<)33M<>Xqb&KbV$(?cgL(ERk&p4L`e%{8&sTKR!;W=-j8>F7OFx
zSH>+p40@dG%NTxZ5;wKn@XcL3w$(jK>%H7hnL~|XXU)>UQgW+OpU#&SJ_CeL%T%$E
zV8aC}@`LWFIRq2z^^kGnDu0Z%`{?tDz-PDhdH|x{wz3fSVg&LzH7cc0jyM2v16cKa
zBn2~^P@E0eP<^sX{aUhlEw}mdDx{zNqi9%~B%v0Y&b^QHrMs$|U8D8>Jki7t8IdUV
zhQ?eIU>$?|KkFC+V3NI$vLiV3Xrt(+4B+UJ`Dj~(+l$=~JNDVBAU20zC$tw$f3dkQ
zz<+yxtyGRO6&O47#b`|B%{+|Gm8$$YyV6OZcF0~Wm}_)VC7vZwVQ!r$byoW%JyT@>
z{BhTy(>GU<j~OC(_^4E}HGcV=BeA+)9PjDF?rk(vpK?LDmv?oxro6v1*tx$m1RTSi
z?r-VaMcT)-)1<na{k42rN8eNu`B%Nm;Rim=X{{>IE_GSFig$nB-n0?sUj2RMz}EuJ
zu!(zb@tZ~UYu(+&Z`>by{SEu-3sfxg!(Zo(y60@-Sb;yc5M`jktfY#K{(dDP4?rxe
zv<<<k<9TeU4Yg{POV&Va(NP@S{Z7_?>pnIN?0Iy~z-zX!RebEInTaf!J4D#Ge>4_m
zD>T|fc+$IkZn$-<;{9*`;*5OG(dOcd`sZu!JOeZ3PS(hPZ6vjZ<t#m^T+XHFXAaC{
zwC3A^l_$l&ukA`tf2S|?onHDQTVA#I3;H!$x+sVwJsT7KFr0i?FeR~#J#n?-s@E%q
z{J!`#JLVjF&aCXPPr(8Ii_m#LV4^HEewfX#Ny5W|+TNIl@_m-^j}>t(ndXL<fe22R
zE77lgVN*LR3)d6ItU}|+czz2*POcUrb@nXwl-vwuj@w4RnbTA+O`F13xiYlB3$ooy
zL*0v=+V6=p509Lc^?2)V*4RYRzZaWzqdn2h!msP`nT!$9ezK>jJWS0UGdS-{byy7i
zTTkk~uP0Ra@Tt$ga0$L1_>;K!t4&C<=MlhA<`KmVJP-Gc(y?33t#|I;9=F|?*#c4i
z4iN*Ce2!)Gr7s3yoa8s^U-y8n=O2N-zd9C#*6eZ}dB&Fud{54nPj;eSw<Fx10Z%#4
z*E<f|<^VfUxVvxJpp~jSHVYw02JWrJfo-E>vk8_S9W#`>Un>nxko4Lb1JUYy;yYP{
z&#eh1<KFUrcfJ;K#DL0KO=*ajeq=|vDIgLu8GZXc4W)kJe|E6GT3}rXuw_{g+|OR*
z%>~kV7R|nqyvAVPw`1DCR!AtJYOsV4-y*#iFRdTt`dT)}Z?ccp&tP{S&ED3gXDu!N
zIbkkw_mewwu?OeYT-DDGTP*`R-_DFuq7VL`KMYsTdEaTpW#n^9ZxZBMN*?^gF7!#g
z_{xHqAf<b}C+aY${XCF6wPul}n9>pjN9IkAz!x$q&8urcJ50Ac6U$V(a+!OrsydfT
zwpXns;7-Nm!XjRc1Pr3oD(k!|{6cgG{<{DaE^!gjWF*{fizgszS(MEihW&Hhp+o;}
z;Nj0shXd;E?}v9VXS%!bzqs~zp>p4CT|*mX6o<5nG|QuYY_DW34l1r%p^lOqyZp$_
zlM*se2nlPX>ZUe*dMsQTQ+@uJX2g0rvN<l#mS3cIu8@^pV5Q@<OWA!?Pb%_Jhv%&U
zH?e{Lu(exbR^)c`Xy2w*-cK2McT_=2&bJ(nNn%<5ft9sxtKtt|i>81=8v%y+xNz>U
z?VNxC7QgMdjig6Lxz#AbsQB+e&*A%%BtN7lnzx>O(07IiAhtj?R+L-^N=lfci3jkM
zm(9jLxCEhPpB-2~hLYn3gNFYlLJ4t5jZkR5E5Dyd{WrK487L#1&_lU$q{EW(3iDfD
z_|q~kP5#gO=|mIk#F9Bopq<zZY*NmM;3Qqb_u^g^;n$iVR>xFeA5aLu94Y|JL2E)7
zA9AHK7<?N1^l9HMmyU*O6;nneA`AX<6d0Y|x>Ng4NgHmfFaLu3F^fI@p`?er3csxR
zSHtVUbh1)ZUpoZo+rK*OKO}3s>d(8ylRlmmpnVw%d33z>zwFoiE{Ymk<0<p&EMJaZ
zYS<rA`h(NK)eF;TWopqr<=G@iu_*(!J?kzm>mtHuF5T7q4Iw`IlcqlY{V9I-kd6H%
zsxkuN2~Wp?>2+Nop|?p|!ni)q!A4fd?wd}d9h(4x`Uf3q07TCD!61BY@+Y4qZ^XW<
za0LrL+y1fti%L^O<Cm8vo2kZijmrgHC&qj8#yA4>(XTgLTnIMCt9s2>vgnvYz#_nr
zW1h(0#)|><mG^QFxU<}1X)Ajb)XL+02NJqtpn><J3rrCfm-D3|gJas#jF5me`73W?
z&GG$BnqLSVJ<yUn$#7n7sO_4XY;#@g5Nk~d5mx@ZB)v)~BiQ))_hf~bLM0;0_qPoV
z|F4385~}IV;nPW(X3HZgs%`DD@f?4E`su3|C5hndeUH4h*%^`28~paCg_T`T<)nD)
z$zk0We3C%-tZjiqu}J&KPeoVSs`1bHX~S1U`c82EAAz0A@wFgaW?~7PY)&817JE1M
zZ{r40AJ$|ZTIO^ftg{RQu9Kvx9fT~oOp|m7@tEMU_AS5H&w6iny8lWP{K_7|_&%a~
zoe5HF?VE#pL+Y9wJb8Lx88ODn{NWe7rMI?q#@tR?s^ZCR!!EPR4XVc$lQg`4{bsAG
z9!Ks0mnHJ4!a#9{d9o_^aBU{Z7_cNx5sFzb3NAN%)aV#(KB=aRLg2yQc4%IP)tb1e
zcTt~|26tetaeIUWn!iqb`u)4i-=MH5w@mzJNB^QC*1UH1qs1(B`2Bf=Purl4Jum-8
zD&Og+ETY<8toHAm#tO}LtJz?K<kNu%hWwLmJ#->iHkeLR`LYtbJ9ks%^Hr@ft}O4Y
zLncJh<>Uv?)T?kZp;^mJw}h!h2bV4_i(^KIh4y2i^EdQmW=7!X-pY*mf$GFO%`lGq
zRr()2Nz(FBNfxt8q(?8+7yd^Z{sUFWr<ZyB;uCwPqoS@w`)DdR0HU@lng(pZFXaJy
z@!dd_l70|}Nd4Pl2ZFg0D7S|MuegO#XL7-xhI(nXo9xFDO^~KZsm=_i3XFa_&^Rtp
zzUjpph3gSOXc8FJJ;0kk;Ib`O|E-j>ito+{hO!=Lv^tcl%T1&7SDO;IB^E2=XK{!<
zdrC7!{82vn?3w^2{#`;kGv7#*dV(HpyXo_s+^py@%+*B3UH9_zZAr~3yAeSyPx#L2
z^O8?a8hJQU*@*5vZQ_paVq$5->FI~!m5T2^@|B*iOG&2)M2cq~qNg$iW!YZXG_LX4
z1$sRjf2wj~jh}3pGDpJqh2yvF54o#h%7y5n*6M6i^h&8V*Ra-X$ca4e-Hy>2=NVb(
z_7m+g^wAJlMS_4>yo-~0sZ!!Z+uRe-YD95;Xu2G0YKpV5K^x0&ZYWCCqqHrGP0(T-
z`NDl?8}D{Zt9;$(tLz>9lD*NgwtaeYUJ56t17ILN>%D;@QRZ{}kJ1kuD*rkb=j}LQ
z0=n1L+)~;d>dW2LO)}1lSadV*dj||y*5(X4Oi*5u&+A^K1i@=#NtyTuwDjY9#@aIy
z7X%o+k$W)FkCQwXy63Q4Ahk6=J1U~xj*wHYc*m*)E)8-kR6CQDX{y9Muf5z|isp&@
zDSZK+dQnHx8+uuL2A6)QeoxWT#q@%{1{Qf4?^%U=@B4ai%*9X12kCZYPErk$#YRE2
z&O-QV3!V>Hu7T2ulOZZ5@(@CH+W(e?j+8{OFdU-wFL~JJp#A{FL6FKbdZZOeZg(<h
zEnW?-Bh(ypB5MxeeR35;bXpRX;ed4qRUtbOsl)jh$fMj+C4!+031E)^0)*EXyw6n)
zTTW1&cziG!(0*K=0i5>_P6XCpo(bsd5)tU9nR8OYATlpfcXAAsj#!``z#?iC%pw2e
z@CD@X{6Pkic@B|9sXb?VPrHsl1Mj6p1@HHI5Y$1N01nUtNMFAwB;c%XcP8WU#zx5^
zzE2te8A)<L904h7UKH?-`Hmj6sc2yvfgudwI0_<IAwbqu7V*>_U{5Qi^~#G}9d6lA
zbyJ7r#;C_(%Sn+69vW>98kaMNjHA_2!I}ZnbmS%R@$?@CD#wFK;s-$5@#yPyl8Cp{
z<CLO1rvfFfyo><d4QSw7_Km2C)&~P){BpX@06qx+=%c8^L1~L$J@O=i-8$$PhDb02
zmEyrd6bWEfRDizrds>*SnmlX{Fo^*m)2>1g`Z|o(=9Z5P+gu7l53nBws{iq10jlo<
zzfOgBKL>s_hcy3d{*SvMz+DqCjS?07BWoh~=%IPCYR{{?Qz{EF%;Iba$x9x%feUcW
zJHTedgP_&40gx!n2jq9XCnXO-6OCg4|KrXNkaq{jC;%4zXIY0<W;Hlw!@gw5uq>jJ
z4saD^5M&6nU4uqj!eQ_}3Ic|&f5A|PTm5PdVgmHN0PLCw7$%Z}3C<6~0Cu>$Nyj;z
z4P+YtDa)HfQ~<C3xBC7k_)<E~`n?ehfFd5@Jcz@(|CtM5t_HBt1(>hGfF75k1{VM^
z2k{yuG)crpX@3-2ucb-=SO0Sh06VUeGSIHK0irzx#{Z1j5`F=fVux7(N~r!bI~XuK
z17LQ#M6jPW;L|J7O|H$;g_n1uKC%6;bg<Wn6j4qilW|S~%iT6fB6@YR0XH}ev&q-z
zZrKB!x;BCV+`(A<$`Aa%wHE!r0XeLZ@9sbAt1KV`#f1Z~?-bw}E5I|f09Si}&Ic;^
zqeuFNJ7+#RAiA<%0N;-R)!sn05}=$Opd8^L*lCGv!x<w?CIF}wi8KeP0DY|n=$gcU
z4R{d%(fVqll0i3qr0Q^FK)|2@m$d=^{8MeFrqDaJI}A{MmKO*Jdq?AD=TFH4pgd^~
z$Q~^RjPRdkq>3m`Q)~)w@B6a?i4a6EZh%<e1lUUh?3DrAb^xIu@S=kQ;Wxa<Lm+~E
z2N)E}BGv+tYe)d}IY(o8h$oO4P5^(s?xZ4(a2C2|;)~%E0*o(0HxLOj>Ia;Y3^)gE
z5F`QwgkxJM&?$xIiZ-@xA%O3Nq8Px2|C|R8bhcEW{!vrkpTyxobC9g(?6jspIK0~e
zu)aIsKOkgJOC%BJ@3<R~oLkQ3Xne5%sb3$9k^Fz=3?ms|tT3biQs5rTPF5lwK0`qH
z8lZoz0demMWS5&-G7wUAVR1rt;T&x@Vt+s20vo`1|6)WPh>=u4#N|t3YnyGSb6y&7
z`WBG3Mu2vNfRX?C;IQ+{H3h~)04~4*<E4ZK<SG<o4vGUfi~|;#1I(QEU)?HT2Hrpk
zz>cf;ucxE=mni|HjyV9{H>O)%%@Q(hY6%KN<%IV_01lZU^i%&4^mQW>OAzl0%w+Er
z_Ii+_%lTh+{JA;93`<HUf++y4YW}q%1zHeu!nbTR7m)^Sjdq4Ghjs%vlMckJGvom|
zjJ|jTl=o`{^o$Eov;Yo!22R+`drrt&{|Lz8(SG|6N$gXT`N!>++a>FS%~M+7p@MY|
zOT^QHWTJH@fRPc<xFaS5tpB1U=dtHC#VchAA}6e|1pmFGW3(n=RmcE~0M(EE|AYdL
zW`N;ZFTfDN649w!Nh5`C*;RdUkv|t2AtOxEK>_GJ0<f<E+I2(&?F0Z`1eS=kC!REg
zZ~BP?kYY?pVjnSFWH9377{F{m|Jno69xnhy{_AW19s+@b#$|wyUJM3*4xBZuNwFk%
zul%#h`AI=<WcSoRYXXJ~d<)nGA2_rDYqkM$b@l=JJ_{!w^JhN_+Z=A+h6Ap>>;()}
z3W%c(NNv<T0$S|_`~+oSSB&Ltk2p-}7Ixg++;$R^M`-~<JQr{xn=Av^s4p25s0z(Q
z@Y=$h;JON{Xp{fN5Y#;651>(}nWEx%vE3b_;`~9~qp}E2-OWyCt}Q!yUW}s~T19Yt
zK^mYN3Vaxc8dwN8J(NYLjnDw8P~*cmWf4w+2UWem<sd^bMu>I->ber}+$x<K82VKM
zbOP)eg~=lPZjBLm6-Mk>NE+U)1W+ed1CxAUgqQ(sK>)=_4Nx2<J`BAa#QHxJNr1;*
zNdbzIj1WhFtu1gP3%~@e9JDII2)O~6WQz82_n54aZ@t}g;#314$uL6T0m`q+LCOG6
zDu8OJ28b{obzKf<hguFQ&|ZRU%%r~Hj|y4kzF<E;@cuCpL@JF*bbP%&`UeVsn(oDo
zd72NT%eQXLV6P9*Oe8Ov^Fpv6raBx67AwmI$Wfk^1+peS_ZE^B>^Ud|<E5d;gUwB#
zAQ<PJB4r@m{@mt)yT$n#1A+p>O>PQ_FsL&qmJH+=p?v}39OQ;Sm2(>fc`5xPtl?4u
z(igKrg{1XVdP9(C=n-L3Zh@fNNI(Xs4=#crp&$%2kV+)bl2?ul1bLX~1sO{LE&s?`
zT|*vzGl15M{)yWGhzk$o86D?S5zNz6HxbNR9sv+&nQ9ES2R2NK9Rjbx3SA(Fz2#Rz
zu&Bump7mj`me;2SK$C1YlGnFFWHRtj0DXrSVj!h}7l}avGFdpllxZ@7ZC!xu4i3r;
zRAwi~>VnhG;tAHh&pwl_*Shhc-s%WxA$Z9H617MPl)i$##uNwh^a8pZ7AHx;h|m7u
ztYiPXw+$FRFo6MHc+<;?Y<+2xfofgQ3rOCTe800^UgjTO=7(Yrm9c6bZU+KZlypXd
z*VwUd$RA^oi@stR)mqT)vrTgDcD-)F#m%~rmH$gLfdUpe7w#xwVJu-;EYNNEX`#x&
zSz-()VH{5BS?W0j!*ViHvJ1~K3~t-4B2GsP#pUEN^RydFuOo^|O%HDp;9+4|weUZf
z7T$vn56`i@OxwynYOJVts^nA%xL2S$%`E+f?@%I+g2XsDeg}DVF9pFHmay=_{83T(
z4(&6+Y`;s0)>AJSLCRiB`mm&iQ3S6gZ+uYHY9HPyvb`dhmA?jVUCNOOr6sN@5mW<|
zjKi8k;QhYv1cFMlwZW$i%~^2E(o5Ws!m&!w{Q7Yqh<5@J&A0|2xq2lIN4$swhMopa
zq}y+#HqU{f5|rSjXUDhoEYM?nK~T-qHIngEn)OJN)8NuOP=_2b0;F&M2o2(z`<eXq
zZTU60nSo|KxilInm(oILy)UqUop>=o#UDdR`M?#H@)Fi(herHT$%|Bfdl^W3)f%!V
z#Ieqt0NxemSZAk#&psc35Qd{W4N}8*NSQ-Cfl31^c*Pg|1TgOtzH@cRcQPU;qy+G_
zmpM#|3ZCR<08$E!I+-$vP(@(21`q)zXv-G^5Kg1~yNHm|j?LrjPs`HgkUgL(N)nOp
zC;_a3MYJ9*gXot7bTuDyn5`sY%T5A#4H$Cn-5m!STD)^gd<dF+&0&BbwR6<)WRx7R
zN;0BTKuT8NekS1lzX@PRT%z?38N}t&xuVFX+MSyAg|J?$2=v-1YWTm@95B^5bg#q#
z&_C^nfd&Ua1AuL;45D3!e0M}hjM3G0R_{O2vt<yo0oG6%L?J*-b$|~Xz{lGh)*Oz0
z3fvC`rt14O-shv6B{d0t^|dnqeF_d3SsZ!`Fy+_+?&nGXuig`nN6T3!p#7%mw+-qE
z>32uDLZ54&{v!9?V4Db){vC>o#{Oi7@3`7?fF*;gQ5~0;X#Mt!?s4n<wM`-ufrzpp
z#B9pE#cV_Ayo-M!r)FyV^l;)e>ec5sy(7C!dAF~mB<c~C3+1dS)<LALY7x@&-tSWW
zPzhEQ;kef(N!|-L9;L_0PaDs0msa;<9oNHiFisE%win>6Sjs496wrG7m7x9Ehhb4B
zseaTGEYCF*%lT(~`$s(@<Ak>d)(6_pW?J`*s#7ln-1&1gHFu`d9R{5>5kz^FlEfn%
z`n0+xmP?Ei?w0D`ag;c}TBTS=>rhupdRsD9;ka`M8m5%x5G_<lmO4nY7;6^Xzi@ue
zt-v{EUs6r^gTZ;E5uueaQ!L*wph)E|*MEc${6wQ@7Esk+sz=m~psS?0jYum4KM<uf
zMi0m%n=AfJK3sib@Id-y-a^SUrwro!Hgr45kHOEbF;FEvv!nW}Eo>(|Q=qqOW`u_7
zv+{>z0b5bSqLCPlk!<#Iv{Y7w1WO$}d@}P&5pyd|%5DYEqrDK(ZpHe5o7=(6JBvf*
zm&3BaL_To|Y=VyS?eH*+kuWT;6ey_q8Qry=UU5b4V%Bj$=7#Er>9e-gL5%ky3onx0
zz0Y*u(c#1($)kn6m3;(RePCQxX8lW*GK;Q#s~q#fz#hqi+ca5xn+`3<R^Sw)Pf#y@
zx=>ufrh#V?&(URP33pU@HANv)&uAU6%c|OgQ1ksujk*iOCQV<|c-OV4{zq*@Stg4e
zWliq*S=9~o;cKoJgvYBI?V~k%^#NhVo8WTx751k#%tmQiViQ%3ma2~X_`3sfM7mE+
zdA!fuI_kRCB80pV0&fUe_EC$`Zn;fgM273by|T){Yl+ig#ooiciEX`;iWy9!vUX_$
z9y+EL9MqNS<w-$RxOeFD&cWSAPYYynrR`7Y*cwBe9$#9GFQzV9yJ;n3656S1A`%XK
z<n3oD$%WGA$2AQTFntMO)_okN-X3dakBtvxTfh7@sCkkDdzB_1?4s#VC8NI(ZDJ!@
zhW8VuQ*t+b-CR5!Z+lk{X?IJ*SkL3DVWyy6jtj0C*G^_F2U)y%@x*tv3UU_1bH!au
zrp=@?ogNbM2A3G@qC&0=d*RhL&{8JbEzO|H5uj>;8X+L6uR_a=rOt=TrlWf#J6}#r
zcM<fcvN_r$5gL0e8bnYgY#x3Tx-^z7_piQrW?(Dctvr<Yg2SWZS<X!tuHeo{H*+bx
z&1c{qduT_ll4<L<Ks^1+F<j%Gi6JOqD4cLBe87_cWh{O!T9$^5J|{eYyUDqRoJ>;y
zMb-H4z;F+ZY8#YS5l3m5sf$L2SI5A1=><>1O>7ZmXuEG)$ygq#PIsx~g+H`R=`G>V
z_WgE<5l4yr4jG#c!gZllLYZRtcDo@*3AeXFni_)E%25XU(Dvf?l>tWyzBf}E&0<PZ
zT%>qcfY3u{Pmh~{VFzslPtmU;MOL$`?a>!oMa8M}Se9bcqLgAq2kq5XTC=xF+BOWD
z6iS>HF2v`bS%}p0pzI1bqq4rr8Os$=F@?Tq2DZLL$*oCb4Z7xcY(t6cjl&N$G^&QW
zu|wOI+y0+8O4QFYnE;Zl<%$mahQ73B@=L<8>QT;`6!sbxF5cd4DbY46hPt#7x<@kO
zwVHHu)NDTz*;f)g)#VC&+W5D0x`(#M2HPsk6)VqC8395l-xaHS1B7lu($ficl+@+%
zW!v;D4s1MAbRBxGjJ@-dX@1hixLde*?jWdhl%RM!0v9M*{489u&dC^v)Kv{JX(KF)
zb!rv=rb1ce`;t?dKL8rqM_9P<Zh!yCQBr?iM-Q+8*C{$^89vjP39y{FB}x(&&j1(H
zR?ldF*KP;~mA>4(DZsEfU``@V(B>aZ|2ssSnao&AF8pAfu`K0nmK1HHZrD?#@nvP`
zGP=UTh4kE%t{7?fA(dvLqoF5tuyN=i&0JC8T$fg^fp)an!X?H7v+3$3Ji<nKHJ2vB
zK_SaAW4QyWB-iJrX_yGm;lfKBv>#MRGFR+AXQct;b8l7r+XN++>zih(5lWO)pQJIM
z^Hewd0tn3J$df2pI2j9EP+D~Z1WqA*1E?6YX5pfKE>2CPUbrIaXb@2eXT#2xM4WO%
zz##m|P^PHLusEZ=&L?FKm!VR7XO^<nr;%KE$<N}7(UDS3tLEH=(&Fl~60*?O0N@fE
zaUwg*uwZa9<40w1_;%(|f71-$kZnyddHjJw_(-bpMG>y2(w3P@D7LIl`_KjA(1GSE
z7QkeuR}?rUQ~L;zq@s{>(=t4zj@aGq6_&SH6m)>1c_&*WLak*o#D~z_k~cIBqYD-1
zwnKP_KGLz(ss3z*ev{UL4M$nwkv2g;O6xEWN0}yv1Vcg6I9Eea1~e0q&{`=~mcce1
zyp?=tsMLm{cY9>rZt`4-YypBdX=L4tF&pk#HGhJnl(&BbjcyWe%DdOhY_tiIxaZH<
z7KX;64pqH_a3+DvY`kPRSO`1k8<9A5y#0tfM}bjG#vkDh+6;W#kpfi$<{3`FHP7r&
zL{RDT8x-qt<o&Z9&=ZV*=51fxx8rV&j(UP|?*Q1`yDf-Wp#BfF<9I6+UIylMPlmNM
z{E70KH_Cc-ff4{F6Trt~J{49d^;(gDR`_KjQn2U?k#wI3N&V87d!35xFxchOSw45F
zvN)cyoL#rUfx8ZpWR{jCF{+{4FIR}*n60r)1UqjYv!H>l$4`tw41|*onmW!hi&DYs
z0SJLB=6cY@0TOh-cbOA&P5>KjH3F-vQ7$-3-q6?dT)=dnu1uKzQwdxWl0GFPY{l?$
zHm%P?XOrQA|7xbwdJ?UDdW}$W@rhT5vb*h^d6lltKDBAF)ci8?Z05+y?!-^TgPyok
zN#XhD(*x_po#ORH#_}GgcBV+)ouB2}eQDlYXZMTPqwsA&G5D3zb+<1gcEdboDN_;X
zWvv?Ti#ZzJ!SV&WCGzEPhh^K9ZS^_0e|f6n38L-kF9x3D!iF1@Lf+6_5tck1Cg<Rk
zxNEcAK=uBv(;{K`K)^H6)>X<Pq+%#c5SvISe<kEi`Es%CKH4QpUn7Oq`N2?u;2FVt
zrQwv#lgXv+W%vd7k3eg5rX?ydn<3M!&zh9OHmpN^T8x?s7t;R<4zdnvi&_d7%Kr)_
zo(RC_RZEI9${Ef1M|l>=@s#H#?P~rN3?IB{n!0Ult~K%1UReCbW9inY0~(z6@#m00
zo!ihlNM+6K6H>K1D%!0*Dq0IZ3Yzv)EE?MFw~HaTTxv$xg<zP<>aF9QcFCjI=uejU
z`x{2o=C>yoB~N-*)#*ROg1lRr^-r_WJ6OYuKuQ~19u@@xgzyI+M3J*8D%@5)5-<N;
z<QkoFmhNtJ90qv~t}g}2k}ga&C8%KY7TJU2j(e`}Lo38n14ns!bWmFzH}q<HN)~iA
z2jYc~_sFQ0>Q7^Cx!5%DIhJ$l^JK#9`n%>fr$)5#IkH(7#?>W510Gjyx#%lUiN;Ki
z_JC<_>&4D3*WS_Ip$wW1JVWbad!!_HBX{GR)a6q%GxSQ{;!0JiaA&PAN5ZOCn2r3=
z|Is217uK8Re}*)d7J+qoJuKIUQp9ycHSn5=VMkwHL9(T&sEF-3K|T*{d8YK$U$rA8
znd2K<wtkmk<Y71Cy5>))VIu^y$FA#wm&|<Y&xh5$AWq+a<F1*OJ!Eheb+D7cyx{o|
za)ymh4gnuQE`1Fdn#_Q0R~P@eZo?^oxBVxtH0Z~QB-VPJ?H9^(0s9TdB<-w_6WW@3
zf@cwL_fNOa?UKj!Pp*?98%Iy>69g#oxMQo8fWoU5W=ts+|8q{u%V1ym?_5XORjsbF
z%Tza0T{DEaw3X)JYuCPR=J0<78;PS{4?dRB?-k+)q9Y{_)-DM1H~v6ZAb$~wks*ln
zTRRbTQu_D_Hm>>!wlDjsB^5{lfkm~DB}s&qho?f|1DJspL*&!Z3qdi*J=M{tcL&OD
z7O!r$l}CoG6|oqYsQt1RB6P|j$nM{O&m%~tRA<R0lKC6XM^s0zcQoPFb7W#m9t;F@
z2Xsh1dUO+<My<siU-1IkC`0VRSx~)KLT@q8Y#ac8o2w9aVJ!rOyoiX5wpWOUzP1<5
zqpH(Ed$IS+e61ORUW$2rp+hAh`t0YI`5h>0=Ult8C5Zj?V-^`jyLKI)5TE@ZfBhE_
z(ns?0sgNKxK-AKr!Bn)`@8!47S!T{ir+AVNZ1&`K6SErAuOA!EBY=L8?@Mx%&9D0J
zMaixVjcv&;$MW*`L&)XJ`6<}n$Uo^39qax~J?U{7#`x!X!cW(X!TL*eOoc2mh%Jro
zpYW+pL(#IAKEhRoBGH?wtwt-gUeB|qalGrcmrZR@+l*%KuTZ{`WYo0(nY_5GW#`Jg
zFg^@G(ucoyKdfg>lkld%d|Z2qpgz{F%<My_tjeiwA-iP)D=w}Y8LY)kZ`Vk&RLJe(
zPv$#!uF68J*pR}wkl;H1!tEJq!&QzZM9AH_*$p)|HnP5d*KOOzCi8@M=ewM~STQAx
z{i;#3#FyhzX1z^C-FRJ{)#-YA<7{Sbx@D;5rVcK8v4%b4MJ#y>TtlL3T;$s|&E>Au
zvc7B3*cibP&qHtcOiy)L(^jij%_yyGOEPP+wO@1q&K6D<#%@_c7;|U(;(i@1=Y9V1
z`p7tWqi|rP2F_P2$00+wQt<{NjD1@`_{J;Sg)_j*&*ECruG`SAyXx9ju|&dRyakqo
zvcM^aIJw)C*q4j!yBb1jqvdISd?Qss25SqeqlXJjn7@dUH_j0@Q(F~D7AAaSahpnU
zQ3=b{EY-6dXPgo?R(WN34F|uLzr4&Z)WP9P)wE=2*Q|3qmp<~KaUG2Y&50LIGN-Ut
z)}NTiHL1b&<tZnz?0>f9LIUXvxK)S1=4`6n4N$7a8%@<Zod4+Ceo+lQ$*C=38fmOh
zZWfxW;4qLs?$e@bx0tQqjVjuGwM-o&{OwMRW^GpU1)f8www6I0d2XMaX0cEV(ej<j
z9J4-U4L6#nFv9nk&OQJMnmnPbu|y-k7b|!>^pZXO(OQ(wmQKt@{NV@Ct*_1M4pQW2
zCZVdD1HS`CLgypw^;kv)HAAKYe?QN59>BrHcF5nqL94;SU!T!_;t914?SgyuMMd*s
z!6B%o1=2Pl9)VL-8OYO6_$Qs{#X*hQT^6$xac{Hr2BBfhPHQT_1eNunHEH1Eq-dN<
zePKm>eor%yO3_&^fY52bc0IGEw1vrJXq&m`NMZZG6on+!^!*WVT#Vy25_WSN)V*4!
zRht5jNou4!`F}wMr{U}iB&a25q)X8jXDismBJU+9yBW}{?Yn<z^GSh4R&#QjcB=H+
zGKcAuz$dl;Qj=v?NqV|IN1{j9MN|tXtNj700mD26Yna!)3*a6>s^C~aH(B-_M<HEp
z=K*XuR*bt~Cl+kVb=_dB>ep1Spj*H&^^j2O#A4`T0#0KCYAr%ZDUB~`RgmYXu;HqK
zQFoC-9M*;{-f|$ii3}!pGt_}u7Qorvg_D!&cgmT7^?)>{M#HSn5_o_-s<MH!YVQQi
zg4g$WOf}NFW!by6U;ZH;puf?az15s0>81YPi2>EJW;)Ye`k~z*kQ|cz#9R7+@!>Nd
z6FwjlK4oy_!kIf+?NuTmg(lUj>{wu`A`=X;oTm?t@{u<@WZ<7u_ldxAq5*mb95(Aa
z1IALfa_DTaOSJ+~|EV|ZKJGTyY3F}P5>aKV{`@%Rp1%+$AP&<bkKxL9R}%e;47MV_
zLD|Tp7Khma+Lhf53FfO$FO4nb;;ydhL?h1Fk$hGwr;wEju<*nx8_Jak=x0>QZB^tG
z{J;<Q*V(0j+-aT~-VoUI;0C}Nlivy8rq?(`r|%QM$^g7G7lH273!q#Q<`A12VF+=g
zayWdhr{R-J)iF{qI=az1F15YrdZY|p|3Uz)jf|+s&^F=`vXs4i5H>=5HUN={K*w<e
zU@}8Gj)69ob2vMwB;}W^Y^=jD5cC6p<`~MZJ5zm?ENYbyU2h`9@d_Jg2}eI6u;So&
z{{-=lL$7mMynxRw{#I{CfWuSY3#7t-Ak~_S`GTI}B4P=-(>Pjdzq!3}9mJoUl7p48
z`yrI2;~Cpj42@7!-jHCGh7H#F_-^OAP=AC$KJUDf;*l_RDV>9FmbC#AlcQZe)kRjY
zXzr(N7Td`knEONHk9Ur<!XIyw9+52eO>gB-{hDj)so(mF5QuX!jI1QS(UrydzUi_U
zAIxH=pnGO;ZQKwdt{e`4JzYE6d&hg1nP@3O>ivdvFus2e{vy7ln))M}h`sY+DWf^S
zEO+murFHS6=c!yJcCLF|cG|b+Z?CRxbCsmKJboXf5soW}5p`flOY;+uRaU(}?{6D}
zqeb^?{BS<mg#fr_AqKtIl7}Oh%}Y;6{yZlRJ^#`|LPF<F4?28Q?z?S;%DPuSHFWTJ
z1TYwR`oaMj9d%?YHZvzpiN)3M!8dY!Cg*e8D2(ejzYq3>?K1Gw17L=1G){TcOyW3z
ztJO`Zbhf+L?GS)}Vv!HfKh^y6uzv}D(6nqv?vC-wegze)^n-cy>xW#M?(m25<nswE
zq0^XUiIXf@OHlt%q9j^E2Q~TFPciEHd|<^y+>X~SYf@ENe-2MFRF{71ykIM7oGG|V
z{8u81wB2@ht|FUsSpn%AYS5?U>jTTI86|H}L>A3=Z}``H7%W#l&7UgxZ9ad-;7C%o
zDzJU4#Hc>?7<ETu+NxN}J!i1tschc`{Uh+Q%x%kkO#Ad4@(C@BZPPEg`LI>;_#Toa
z@=Bw=d>Z@nb#S@OGj&@|UQww3Jq`Eq6n(jK-gCe#l-x0q;B-H!p{H#CBSg2L`Y$p|
z0uTN3d3VI(I)p>+xO6n4D-3rA_z?H)X4r{s3{ZCT<5M+2qRT6a1U~oG<0TgP$=O>k
zhSx`Z08FIz&cn7nehC5FrO{;owsYl?U$;BxUo;rvF;$8Ztr4)Ty|Z4I_JO2SxKZBE
zPFI*Jn72l&q<T@>PeD~NbNfI)RpfD!3x;oGg_ko-RBC7spf*M92f8FgW_n$3;FI>S
z5$VRarYi0_tZJ`mOl{wmr62ux_~}34hUtqhvzkJ2tpA+z6y|wN9`Ng$oI}oMFT&Gj
zPq6(WXZ3FCB!_N>5z*sV`h-TZK__6FA@nWJLU8}G#82IM^ZGaRE48#c;#T0bW2g)8
zLPN0<)$pj!%;lUq6Ww=?EL1-Oh;kMiN-J2q_=h=j%u5>Vcm6Up%$2L)?iikAc(;yv
zS(54S5qG~!F}2H@<6*Ukwns5TSIm`p1HgJJHjRr9hTCSCm*Gzre#@&9?aw~30_P4>
zIQBQs7=4|YW_E{yW=G>IZ+xlb*s20c2|K3H*7idjjoAFYeYp`IwG=B<+s!T)VgF-`
zIYmQR(72&mO71gn&I#|D*G-qTu|8)bVNjI8ux`d>8=zRE8gGNQxmiQ!>CdB>aIS?n
zaW(vBy5zXB0@=O1c2}55!Rhxhr1n)d#ny*`zfT3V1xw5*OjSf2t)J^W<lY;iDvBzm
z5DeOmcRk{c9ae{wG7?)_NK(FE44&ongQ5r%E_}f8F%7o9j`92$_2;(2LUV^XxoyT_
zMENdsuYU@2R6PuL!Ae8%DLV0<i1vz8{=h1Edi-7JD_QrVIy{a>>gad&0%Of1!28tn
zdr}D`xpyNDzbtbRHRsVYS~2_o#w985dQp$KU8|?koRn4iaceu0QsPZ!@P{ERh(Cds
zAxZ6l%J%$L`<t7VePuZ_QKsFVy=zX(Z>tSt@0h@3&nt1_!-LOZXMuv`8w~h@%tth6
zqsj?ts;DUi$rMryVv&n|B%|CO19WIQ2e;PQ^OLBJcGRs(JVub09qL+tXkxi<naY5r
z?PKgwl}}brC36(LqSEeHkF1=%nU_#SmDmBtl$#&%U)|Y|4hs_NWN&ZEe*_p!>m^u;
z3D38fn5{g@S~M!*6eRO@P?jns6P`{=ox`cbDO`VU)4rDPfA2dl=oKJ7F4A|JZ<S>E
zIP8k=bM9BZ@}AWy|Hr%GPYZE-Obt%v3#cq@I@RLvXsHbD_1ruvR>?v+s^@OfgHuGb
z{|bZb)vWc@w}xD<yI|#_IOjxG3%cGdnX90RE(*`NfYldSA@~wSCvEw~inbu00Sl40
z$Dg?^>uhpm2z`dmD)$SaS&UzoTLv<Z?!|&eLOt-BR>psJWFs8;QF)xNQ4Pqqt2q6N
zpFtvWGDefblAQ9T$u}J_Al58#$wV?knN;)@#(r~mD)TBgpQaFD()x7L+AAoHJE}}n
z(vTddmo4H;e$zyNU3B>xjpP^G>#?E15CV}B=?pmh9lWx4r5}2E_}LR|ikAJx1l2<u
zXYGERzhZf;qru3VKo2OVu{zx|OI`XemXy^7-z?$u-`3)6b<0O%(nqtu_a-wjJ{J<P
zpv~<#A*!mBu~SHKug!QU`)VLx@iiw!V7?^(q2jAjmF~(t!pHBqPbnJTJAh9#(9yrT
z(D9J}KH@>}H-WJ4cbl^K9y>;#wNV`XejxqYe&ESvr|13J(!|RF`Sz2_($nuUGA;BV
z?cNVH?<xS)Xq9JOm7X04J9WmwP$izE-(7TBGwZze5~C9s@asay0V7dds2nlk`j0c)
ze=}d#%X;hmPw2I4X=300MY`?({e%*~FlR%Ck+H%-^B2sgVx>M2SE_$=BvX?`5ku*-
z^45FMa4ygMIvg5zt4HS7!~c==HSG%0!sNBs$2<k{Ga=PQIwR7QnXv*_eq5h(4)VHY
zwbtp4AL#|l-ZpRLn=a~#kD#Y;4`B#dLc)Y>4(W(Y_Fm@U_}8`S*D1q3(hP@0#Z~tr
z<EeGy)c;S>D!DFKb*SQ)IN$ux`9b<Hx@@vz;%9i3!e3(Ng0~l?nez5i0jmOjYu5F3
zN1x<r1fhbGTq%pJQKHLKn-iMzyy9<$^yF|F!>bq`q$9s2m8Z}i*f3p>37%=c_03l3
zQA?2Pk!T9P79FByx%@Q02d(p`$_Yw_A~0B@En>VON<NyJ#hg6x7E+G4rERgN*6~c(
z0d?+77X<!fXcd@Vqhun^?eqU?F+MkO=GV7>a&Tl+^kb*^2W<sKRM|`T!Bd>%_jfX<
zP4;+g<S`R*bQJQWwHd>cHu8AKqI650UPad`+Qw~P4T$<IQe>c#U-gO`x?%`YHHv@H
z4Z_s)*mF4L1%7^0p_)GAcnGpVb%77Y)m(hH;l^+QtyAqPXS7Q;x4SzakF&i`M)}}%
zT{cpTa$3?~n5}D;>zGMyIT4bp#*-J2?b=EO>zACx1LsoIZ)`8~9J^0`gI}$xV#6eC
z399m1>bmN_mV|xcoTkSfwLjMth3>soZy@i-Si%*{EHo@7vba0lp&S30D2!dizER9h
zIg}|iZA4eY7PU#ZlRKdKaQ1mQR~D`S#{Do#Z+gu%St3oeiss_QhPP8&X&-2;ySb7Q
zwlh0qvP7=5sV1B`Ke=OXl^tvS`1?4HZYNXZSbz^0MmOKARrcH(()QiZ{hvVUh+HDS
z;r!};75?4k)PC{#Lr)l^zIIVp<JL2yKJK9^+vCw?*&eU~Ty|4HW{~vrW9x7{WK^Z2
zd-tUFj*Tm8PIO>FUwc=f;)Zc*o`BtsVQ5)W(%jN_no<Wd%Pz=xx^}Qnip8#u{cWcK
zu}>b}F2pf`<Ao*R{|vIl_US%^JZQ52dz?}-swhG3;2?)iDG0ryY?bDeM;;ubbY?km
zA8I(_d#c-_`8YwXf{pMLS@P{fw(470izfbMLZwVU_xGoxt;pE`CH3Fr?Oq%H(~)!?
z)cJI|grjpkab5viksi5eOi=%i6FubB?rFsWg~<oeYK#VZtP1YZ3^PQ<8dk|_IjZu-
z`*W(1*T3F8`3O>16d5@ZCRh{)<lxSvV=Ljhjs^UEBc#z8Q0<b|kyNI@)^|83sPmZ5
zm?NVt*15`bUXotr5n07>KqU2Sz3H)3*M(8;15$#TT1mv?6HB*1h7U5GWV>Fg`BG<w
zQls?O2J<9ZFv6_|`Uzd@_k3X`$<R4ZE>K|pioJq9Y=dLKH~Hyo@)LGSywo&(Ih;zQ
zkLo2)B~Ro`zu6@ZN;q6UCf({-gLVf`E!`{zJ|0WqrVd=9rCD0hcBYWV1V@FC+qacm
zHZwZ~60<g(e}BIJcN$e$X5E_iU-m4#QJLV#bQ{%ycA|~+9QO6*t^9O;OtV>ecSVHK
zvcE03e2KwJyHRqF#Lv6`8D4ItTCs*M7)vWP26z|x&}JEYG#Sr=lNI3RA}9gRLikss
zxYsi>3a+q#y_7>j8$9#3AuYF+g9a0!METH|@IUt!Zl9+JDp|W4b}|rjCqF#;nf!_O
z?cNqtv|9EJTp}w}jBNH~Tp=!LKWeCgzUC^2?j~{dt*M$mlG66A$-ObtsjEi@W`k#%
z(1@b|%hP%Ixn5hH8#mmAE8jQ0seeuI9*8iMlR8JfPDRk5tG!@+eH`K#fPbAWcKMJ+
zGjsB;K8===F=c`YtUBb|vs=~;0p$N?4#;o*1CYN3vR3iBQJV7=tmgO84ii;OkYXVg
zVIX(wQmqLOgJafzb3p;$g|ZIhRI6E=YdDj$l=Ow+Gr`Tq0Y6&XU)=$o0dH|Wc5Eki
zz69A{r|Hzr(Ar##2--gnPw(EYkZ#A-?|l@@spe}{zAoEvR-bY@_&~~<_dKS#{rZ86
zZc_1D+K)-Kbsw!A%{5oJ0XH4Y)i2;p>zfA+YL6L^A-F5c-+PzvM?2Ik`TE`M%CAUw
zP2V8gVx@kB)(yISwOy16nK-lxfeXo!zm%=}1P--P(gU>C29c;6NsYGZ8)RAZ>h7tW
zqLs{Zl@TQ)u0*+?hoa55aZ9NSLR6-yo7^aOf6$mI)0&#GOQ0uXlqgZh(Q!4b@n`+O
z{HQLDE|UJCspWL9oNO!#*q_ajq*Wgj88F<}K+Vy@W#Oe&X<W7wdi|Y2-KNK*8jC6E
z{Q82ng5fUMIwVtk9@}S?d*Px`_s&~dZC5_Dza$Nh@*-qDWHi_>TFd)HGb@)7bDS}5
z<a1E|&v+za@AKki&c8cjhU1nJB9n}SpMd#*`oHOQuD{aTtrJG}=W3j-lmDB?L@Z);
zJl8nWz2`K4iKDDOgMV;D2$N^@9H@^-xo4J*qv)+&m#+@exSzt<JV~L4b6%v@KZ#=w
zJn>gXqm8|6`b==JilGZ#s)F@oJQ>#PpXbem<<YXLJhwb&6SGUt5KrN`{QN%@O|VV<
ziTk%WaMukY8`6sluYOm^^jW=ntRgbL+z2b1lcLlgC46$#Hhym~zBJ)V+x|$2TvW%G
z`M&Hk`}HrQV`n3uNVfzGIW`@yBq->m?!0vsK4!{4iq+ykiO#MNmu@HYin}=YK_10l
za7u)(6pr&fHQ9#8i3{6A+cMLUNszq1P~JOmOxm1?iDp>dH>)^isDM-#2UFYaU{asZ
z?YFl&*K%_b;O4wbS~mSFGp?9sClBTV!ynaBRIf;0G<s;dep-s|AcIR;9{>PJ-y;|j
z@P+A}1O_U}tMcU5PEiem(#oIJ%3AJUh?1{n5r82Z@gce5$VIbN(gf`J?kHBR&7j&N
zO+?Cs1-b)81TXbJ)jH*ndj>-mkSX>3C6W0^D1&X6xi=`jt<4%#f43qrAzWV$Mng*v
zn8ifXo~mbMUcagYenu+;KD9Ui2$mLr7G3X=P#Qn;=V4W|1Gv#!fI<o~_(T#p=a4fN
ztM-^vgi?Pm0_#07W$+=e<CVGR51?3i0M8fz@EOCVG&TZgFi^cZ%8JI)otvkbDGZr2
zIz`#|`4mL`>atf-J6j(;=;7TP*%A+{5aTzALHWeBz22`I-v#CCVWY1oMB@F?D*Diz
z3?~6e+6tJLo3ILN5Lr6DKdPcW%EkBhkUgwlsUGKP5m{QHxIc=YwQ5Td5iGh|a3~(f
zu<>uw+pm|<%{$im|64U@6&B(2X}^9&K93acvdy%ahf`iixiHJ*2%Wy9$}G7574viT
zg>Si8wtEl<Df!iqn;(Sf!Gt;M^3ltPp`W++{)5*O&(?7rxz*MwB3$2(4XzY+tCj+D
zzfad&%-Yvm%lNAd-ESDO%Q<ox9-Oa{fsdx(4h6u*g;cJ(i1H`x(&@N-X&wZ6xXi7u
zrSwYK`V6XFJFR?TXZrB9hW!#BAz?P5#m;X}=heBwutw&1#`pAr?(jIzGj0W(kSGtt
z!n8$?gIN6q7)yqe&_irmB{4?6_4VtMAz6MjvtL)vgtJ*5vv4*>O!5G+y1{dnU7@hL
z3~N@q;jU*%Hual386(CmW;`mxEz2imWDpkA=boF#D0z!dn4H~58SabPYJbe56<wbh
z2i{-KyiCmoD`7bCkcxUJDJ#?8A~vw=cwJfZUR_06+nDI0bhn*FB|VS_Gq395oaiBB
zyeBry$Pm-zMUmN=L7>C*0`4qjDdHS&Dqu^&B+@A%M!mnA&4i+(>tb?~Nm!JnBeSHz
za)IQxN)!q`8%qbr<<w@^5L%x_DtR;-TPHyV`o&jglU;<Z3suoKMsjK)Bk%p;*!$s<
z5)9S+?hojD33Cl!Um%nbQWNF}MC+&CzwVZ-Adeo_VtbQ!djG4X>MF=N;Sg!7ZVs)F
zzB}MOYi_%-zWl?lmX_;`Sh-{5DfY8tUJ&jAP}A0K?1yuVw6(c{)>k?m@V?{Cb<mlV
zGtHYUgS+Ft)PaEaBA>l}-3IZi(dy&pDwiq>*mu29owv+o(SfI?_oI`d2%-BZPU98@
z@T>lPz8VvoPgda=Epx;lzC6&i6JsvCl@!&@ln=4R;x(mZm_Y#`C7Ek4=fugoOF8-d
zDSC$QDtSfI-0t~cnY$Nvca))(y=iRv+`sN->*_`4N@^%JuBK(Ys%KNXJ$aXOj9!b`
zZw{3-w$B;CQq#Lv&L(krLi@+neK|=ZB7^Q?1`yY=%2zELP@ksYzOrB)+4{=e$>5K>
z$+dXxe^cRwUB$nwwo~A7(MFpxX=iH#Z~Wd}zHFySVJ*IN)o)izj7(0{$Ve_4E1b67
zAn}$HmX`a>EU(6^ny4F|sP8*8f+@eWZ-zOYzL-?UlG8V)zG*_mBgV)({X$|h*&{ta
zn6!KQwK2i-4d!04!=Qo$yH4aB+?ZUBL9|C~i@B`JV0=NQx|?kzfs*Q1xzsmm8hVj9
z3aZ)+kqkE6{+nL}lDzfw1YOUI$^+jQE|x*37DY#AQ#+%YTuSw6F(p2+iflpO6R2Lj
zE;Nm-CJ41)K_AwAliK*6IZB9mnAh*J%S&C@@ZAY6TlP%^;p78eePp-}LyzL2+3q@&
z<ME?r!)d(T2IWGRL|sVbo@+=sK8DD0Q4HbdTR9bK+p}~gYXYZDIUnDT8ZrbkKm0Nr
z4u5gQ>|&MWuX%7!zvklsKOHHcjYsSCM;8tk&@I*YxItMZRHk?L4D3DN4KMb&l2lfI
zGhB$nM>e@+JoZ#ke2pi}tD48#k5qb3f5(^`@wfC5cs<zXq~zOqHuVV10N3%;fIMOg
zW|DOM(ou`?nMkd9?gU(1x=G*N+<ck5-&WG}1CEhbadqSeRTqqRSG7LO4|3dh-9sh6
zyN3{g!*aZPsBf$rpT~|djq^SHJIk!fo-YiP2#7wf%+Lqu$m5knD6;%M@Z7;n?q)AU
zMzY?$@8&q^hJJzLT)uGS1b;H?`Z*?K!r}N7y46t<Q6{>K1w6v9QQ|QDI4hLaf&9_i
zX{A=qp{+=!3u}p4p?|~`NsdCLl&%1*93doJx;N+_-;{}UZkxuWrK5C=N{o$HkQ`;Q
z<zi7k@{>DZ`NOghjlF`%u~!Y+>4mbnBDZYQK_dDTEm4UAhobh*NJD+{;mD_XbRqZK
z3uai}9{jTqXKaT!{jvESilSDk0Fy#aN^!MQ=Y~{*xUzIw(!`E=x8nlhTE&PsT_cm_
z$DuFP{(t&%%SWOcZ)GKa_{~}mDywVeruxm&gr$|!@!KhK51N=&$YBtxD`oC;jjJ)u
z_*V{0y2_{Ks@Gj+Cl>D|GYiw#Cj&2qDw(@e%%(^)h2IchY}SbXNkN?!J;4xOSBH(e
z&5#oO&c8}##4?n7<(-S`S;l-qx~&RF9arM0x-f@}4jUmtg3B$7SnlUUtQpJ2;D`?)
z-CqXAPdO)@=)NBv?&ZZzh*z@vB(kv3>UGqaPZe&}@f(Qo>|rL1(%~G2Yd<!a9>i<g
z1t<2tN!Qnv-+bIiy#3~8gH4G_Q}5kpkwhqxXG~`|GQ#QioIbN-xD}jzYn$X}FJ2RV
ziNfAlP4PhAW3H9a$~dJV{1Y0^8un*ZCaUm%G4&QeaXeqtC>mrF2oO9#aCi6M4#C~s
z-95OwTX1)WMFPQH7nk7f67<dQ`@i?qtD36q?Y%S8(>=FuZ}&N;AL_r%!*@VJY)w38
zQHNbVn6x0opZy$jYxyS4@~c&%GtokICWJ=|3%6v1Z%}&fAX%$fD*<)RRu_X;3U;z0
zZJ%JtnRIRg+QLJdn%-PgCM0dY3U<i=SpMfWEb!X(@kZv)^#@!n>>(m;==smso^NEm
z+}7T$tq9F3&eyK4P!oXqcaN8N#!j|sEy*mH`d{J%F;ar2zoFC%PLI5pWXo2Ge*>#{
zs^Av1Qxwz0^v;Gv2O7#z$BM78)lgflt7<XSwC!(L2{mp0G-idr*c1<rP~H#u&@EMI
zO^kM}<wU>B?m7Lven&kWVU-)=&-0>^Rpc<_Cj@f8T*dyFfsgqy!@6VCx$+RJ-3*Pt
z;KDMKEV_XK%?gHo<KbnRTAVS7sG@2lEBq3f=2>cNB`idT?s)<!Yq`HU94s419TTai
zCmfMFVx40uz(l^>_J5CJz<}id7C6B4U_%cTlzutEbwiJ3EJI^H9z~%N?A+L={?~z0
zeuA~3ar=ov=5Al|@;-+Figpgdh4<=uIs#TkLb5<UU2h(|t<2%MD6iZ#1a8(~K0U%(
zaAs8(1D(wmRaPSn+}dHOqYl#q9csIVI(nRH>#5Z8+~lAD)Wq2$Ar{#*lXQj=CT8S*
zWd#XfJ^{n&_M0-!_5bHcVbmXEEd4Xp6;jP9m^62d)6D)g&@=!?3i|oyk$sZ}?hJAH
zlKe6(`&Et}e!@cPWdmQa?ZRH0<+xR58|_Z|a3k*P8glDjH1-~uadK1aS5H*WBlWxO
z6x^wN5V9fk@}a1Yog6YT^Iu~~WEg2Qy%a}gqX5A?m4@4b3N1d{Icv&<9$NC&FHDH;
zPe(YIT3OLLEaIKtlvJXmu9JhyI2vi676VGOMD2KTvHDp<=%f}3=weK6=DBg(tI|+}
ziVhRecgrb|6m9oWSi>M6f+YRCa#Ig(y}+=NTfHGuUrV%hnZ5qjNJMr5UkbE#XB??F
zl!YQ0eJCQV(CYPWBR5HT3|3!$y16hbMhA}ENlJko+Q>q!5+n}qM?^WM+H9`-7|GHJ
z@#h>;6yRygunuCm#)f<(72M<}>u8tczgh}+`t8L_9mf9WRLD&_G<9FB#$_PJDp6E_
zP#k+?OUW8_g<E=d8**L~sidUr<FZ(0jtf9xE?Bq}^L&F`3q}njL$nnXA*x4Er(*c!
zmfE!r-ZOy(b=U;)9J#Qwzns5o*`rvfan5XtvJY*cXKxDQ`YKDRsR4e~2>8|d^A~3i
zs{NuVLsu5!i9q9zzWDqi`ZK8_4fO2Zx)WRv4l--9bgL6yL#5_o5e?VJX><mtnCRqQ
z<0)nMmrt1Xl}0l>sSzmTL|3hB6q>HVxn=P(HNqXxLxLEML{75w56A?k8iwL)?E3=-
zdfZLK_)@&8`2_h~FW}%;-R*G}pO^(>gHTGFr=*mJj6$z!<rca@{Jd!s2%q2=2S6p^
zs)XwKN-6Di_uom_!5%q0>d+yr2LtR}oa}u<TGf@G=FV%w;PXy#ovcp)B%acVQgT<m
zJ4R`#x<@mvKR)=Yo`J{${31aPG4_RU7;VDjG8u1P%yBS}W@>B(?SG*rM_mIdp_KMN
z{}`F0=cvCoH(vDkX64Bt9ubT)$*=wI=SqiLf{qvkjaDLm2Qla}##~C9Z26Z=gAn|}
zG+h*`vmRk-BfkOKP^G6`-4bk)*q>5<5u^l7RZnMS(bObj%#?9>8UO9&^c43v9KU4u
z?@y;gMjtWevEUU4?g<*nlvVhZ8+@~hKKs;2A^$$0(Q+Wpu&ijaOc=)`&!ClNQCC?Q
zX*MtXM3^2pr^Gd47vccPjZw^@8yz-<-S{jTc}ymi`(IR$2XUyWQVvf{m=ClG6F(Op
zi>8V<7+YzIGo0*|d{bH+MY>i=0(@d_SbkN#ts(om@xIDD(6pWIA_s@C#lz&9X#pv2
zCW+27k&drBvI2vUAT7X?0^0M>RRzYMj&n>RW)yER0x1X5Btl~YC%(SkU2&AO^dC8w
zh&jb6!~3{ta(a&mqR!2oMwu!?u1;@+C21_nH%^3Q>SzC~4s5hcSV<ZTaW%&^g?8OS
zX=KEg84FJ(-UMWjE2bjp9!@ax(jwHbb<-)aG;=bLGvJx!^<$o_lLAe|QbR1;#u<4$
zJOq#yyfGAWq`tcXC>=hnZOi8sQECVw@BSek)gt~nhZ_07IFXtpGt=1AC5T{>tia12
zrsA=IBBD`8ZJJ(?bgZICqrR%hO7R>A9H5=ZbC}x;8uk5&o%{^PNacQ{8^0IxeuXat
z04N_-^YSTs#Hnw0u?a(RUnUEJxRzr?fh>Ef+uc?qAgkurbkZi=7q4q?Ka_?)c2`LJ
z{|NX2gFs5)91X(Vq;;YKJywtTrw9ADtlRU8o#qSu@if1d>lE*mSFblyuYc)TH=};w
zjb`iXCf=(T&}Fpw>ck27bf|Kzhq6JT{hZ-^Hl@S;__<VTb4VwKAx<?_xWp|(5ttV8
z{8yJzG`G0;vuu!$n222_1M}IFox+?cMkgX+;-E5q;wjiHr&!5cuj9wVkEAwQ)Hgo%
z$1&y)%-N0pS>way87{Bd_FZ?2_Ahbtq;kFQ`ljM5v<wz$gOTL~j-@{E+G(H0q`Zrk
zrnJO6BqLvuysvg`)(EO?Xca}*@><Y1rW-1RiWcI=7!uSBo*davc|5O97-8q8E}B)a
z%cR7&9TI+m_>N3QaX?zu;w-MHcSspndR(zCgI#(cz6ZVu5dn(>;<A$4q8BwwZD>oK
zyV*8CuvZpKu}4hLzJ7k*^0J6Lv&M%5=$RAz6{s4Tg>;~?hNZF6J@7TY=_ZJXl<a@R
z^}2pmM=fEc`!}6r{=H|s%?N9he%RR|8D!90sY^TM=!aDfG2Mp?8+CUj+!B3)A_FGU
zB9~mMuvIX{f1TXl{Jp8SAJVNI@5eTNQXWmuqBDtUpJm&m;X0R2BGH~&nL3~_MnTCo
z_AMXLxf)ENb=;A*68R#7%hHevAF9uH`&2A0lu6{D@NiOf3h`X7y?LVf<g+Zv0v!?4
z<MAcKV7w*f_#A`@^8W@&*w1z6zabn8W9;+{O&oSDG6cVUkTsnkIi?&rky7+gbQQ8)
z@ssVrxp}jNDS&N{{b))(a=gM;?KJVb<8Gknnp3lA`+94@L|6_x?}2rY2U}Zt&y2NM
z4p`U821|)jq(FdIA=(1He%a5iJiER@)JFafY^JD<IkENlLdieVnKgCxh&C(1O)q9~
zk_{tA_KeD0Q7|4YT4RBRrs|FL>iy51GdhC{bK?P%&Tq7zw7IUA)1}lk*kq>V`H^Qn
zCP9|AUm3ni5|dJ^_CEMvHLh2tn0F4#77p#l&;@nx?r_VIU?zw+rinL}1=AHU#H$O<
zM>Snn+SU_k8_@_LDQ-RHKQuC@{&xDN3THH0lnk%cqx0+T20pXn{&&AfmvPF47^Y}u
zpK2jbQUHzof;XMw=uk5kEsb+rMv)-+dRwqLIR}!fG&X5{QDS<~EHT?~vvMN6?0L3c
zbPB#FQF7Dsexu^8?Q#Xo2suV4t!r@rGs-By>{%2rV=e&9u73b#W`G(0MT)C>lD(J@
zamCCwst@*(2o^$j`uspoqJ}#eAx^6Ok!NiO6=NG!Z8Mp7h?u9Nn5V9or<9l{yO`%E
zG0%Tw%e0gudNfk^E0PUqVzFzA3cx1u2EB^^o-}EXhD|y@jksad=2ORIQ`@Ie*Ctb6
zBv3QPQQJpT*G5oZgi<pGQ`-kp*ZO%*xhX26T*cy~6K{ZES)0CTxraXpt|LA^I<kN!
z;6|Gx1G6A-lL+r^7K?h?$akAq_JU%SC}rxpum{}u7Pa)2yvTdh)uzGS3f|H_Q2>!>
z3bw}E#2YKidnxMh_8x}^-g+;|Mj^TKkCWWsYJ`Qr-`IiBgVr<y>_R?vOq=ur8x53^
ze|4urxb>&4eWD7Fy-+)o4V#){sRw*9DvTJCrackmaHw#>_C})r(w!T2jdRlG2mw#8
zV}-ikxL?8tuMys4YABiAw+{Vn<My$d`kNKok6_m=_tlTF(-ybE!!9+=Z(YF-#Zz)Q
z30APyJ5$-<1}5Vfd>J)xPZ@hTj=j`5XKcS!WpeR6G1?Q&+x0*~j{RlPLV9|alK)kY
z-ttMQyb$~kOR~k{GFKJOuEg`}mdGS6g2$xi9qh&x3GBu*8G#9G+`rmDEuTOX+(1l7
zwz}X}34plD5{5C$D{%d%oMKLn!A1+M18^JD@(Na$2YgBdr6`fcdtJqvM55nAFm^N<
z24Uy?)1<C?Z;6^oUEA8l1-Ha%r*!yy_R-V*Zd+D&;oJ7bS}688U!C}dN86p>yN2Jq
zj}oqQOBNdJ5f-`3{+MKHulUgd#If;y=QUrjG|}(DR>9)nVDndH>0uO(&S;-qTJZ3Y
zv(5JipItF;fZCe^FKJudLw_2TEIZIq9zo>z#AgY`Cm{^$@S5Z@5FesX3VqAY!3&b5
zo)BmBzjB;B>FMoPNT7i94VBBl%41+|Wn<%Bl7zs${Ja^3-Y6Kh<0n6eiN_`SH3kv*
zmfA;7Ehdelns&%tPEMf#Ggn*fc0M=`pEi8yCRJ4+<Ak}+xF=msIulv;g)@3cCLys!
z`Y#J96M1+vr{oftSZ$BI{p+Z3XjQ@o_ZT^%F}hK+xO}*JkHHBlnE=parN5AcwX{=&
zexi&|ewkky^N^BbSEKk$zLzhW$H-m7%Q+>jJ9VDpZ+}SFP)sc-cbswHqnlL5b!q$e
z_RXl1XMVB;(fNJPRgEaUEQSUSxeV4C!|OZ&uQMwUux^_2$9d)Z!4DLC&NbNZjNtJ!
z7w&@Ug20iBhp!SfUM`hJZ|vU=^kMC><2LSJcGr&GLsVWYZ?1LY@XwKj9^dnN(p=fh
z6ZJ`xLi@Q!_@kd1x5(a+rpW*if9J*Po>w}LafSDT49JVmhC=Q$rQJi}IaBVKiC-vR
z8VBXZsT@_$wUXbSKNdKJgObC`zownWR{muUbyMBXDthy)^`ptar%ZpXI|k3)N5xM6
zmvCo;!x7C(^|xQ>d95M2+0eoYlhFB;kc*I9o!_OI1FD<5-NT*|{?9k%J-!dT)z30(
z9ea#1E$do>QYA{91D{{@$ZbfK8;CgBTQgl@KUO{C#}!rBlUL(UDTWkol!^^keJs}!
zY8gF)7R#?KUbYnB6Ne8_J9?cO*zo!$VrD9N*MUgLVk*wUXR)l%B!WlGD~Ou}m3rKt
zSLI_aiC%Dh?XOg3E3I@_ppz2rFqc<lv5@XWBqgXli-(<O|3l4`@QMBAl)I!!5{m`1
z-NQ?2*=)9GE3zf#je}O;r*YsgCABf3+W!x!0>D;^a^BQA-blDf*S&>~H=Om2?+DU=
z&g&c$?RWHow2k#>I%YT8jy*R%Kkfg_=I>T<QFXAMy#bTYH^Qrot$_&Fv!}sW=fxF&
zTd2z_q(_opXq9~Ro3#WoKJaE(Y29ucH%C13zANuu1Z_r64A@%5tQG`%nONT*YVTII
zeEU=*)KP3{$k_niJ#N;<vGhnNaJxU`ujNmbAJrMTOl5qgkC66Z4w|o>G5rqF2yGH^
z2bbY<fOr|yb$RIu0en)-mno~9b^sV;K|0U~^3UDlxiLD7vx%GAbK9vRGxP$}g{$Ke
zaA<~#6bD!c-$f6XeDfA<xg}+p;pJG{7aibzI%GS_$#WtYtLGGQi+f!&fhbty@kIS&
zv!~%k{n#rr$Lvn|0U|myVQKukTw!cm3qyCL?^yX$^(mi?=RF;K*CJX42zT;IkN|T%
zaAYjrQ#aJaHr?*nYMq1>mWAgov>FSo;hPAJ2xnijA5Tjt6UW7@sD@qrK{M8R6^+Sg
zqu=#7_9I~hkEMOnZK(jJGaVJQ;=g`POQT{9LaE=-Pm>C&-3nJ4a_LE#E16o)@0a=q
zrA0Hu(Wdz2gTFG<$%5?CI~mYf`=VVh=4Sai{;{Tf`VN~E=C~hel-*v5W1g!T&FYQ0
zGaeywJ|(55<{3|uBH;Ft&g}+%sa0P2rqICUL#kix#%HZvO_7+Y#iFXVFV}F;{c4dL
z>FE@MakRS0LgSi%8;h6PbWx7uoZ>goEypaCL}CRQ?0zpF?U#sek>dQ5T%N5zo#Rcz
zpg$svG8}&$tKHc$a}BX_<Xz@$juMq-K~t66GOyo|foqFEw?vPiY6-i>F&i&7kmTam
zTmG!nD9;l~c;k0M*A73U=#t6=r*rf2gnmdjHa@MTd!|m%@Uq>f+$X7i^eghLp_S#r
zJ2DUYG_Azob@mG#rQGkQ;ybmTrm^ERH_cZ}*{T#9ipK9neaRIq*2=Oo6|5|*D+x@-
z<7LA(db#@Jn<jb!aqb;HyU^Z;p{Tuj2d<WDeU-Z*EVl8GSo*md_c_>0U7qPr7CJMG
z&?SQSW3BVqg$e{I12h&_aihe^4oYr6_9^@t#PBks=qRagj6%)H|MOZyIo{kF5g0b)
zleovF`^pECua~tw4u?qrUxbpdp)c)~;CiUrtiCr)2biR_r8($@=MH^BP>k}=Q+o4F
zxc(*U`J;qSL$f#_nHQWKDEOV)|9g>6JT<n-=rQJGP6UavyG8|a#<lQAWqw;kO^&h&
z*h-LR-Esia&L8X~;WCu(KhIUnQdTZ|p0U^KnW??la|)e0#JIQeneT(yLM}{(#O9HR
zTGJpK`ED33mK^+*HrEMjW<d&px85eSX8E&pj7O((S%F9+&#ZE<qHU%bD4Jk}GVdqo
zQUST@mnyc2K^v1eGxFgd2r=Azg2$_qLw)D@MZlgWOlGQtLmIp<5yK5&?KFh0<QoO8
zO!ktEDhi%~;+))$N&?0oa54>FivIQTGzKaE`9;QKXl2K*bj9JY(z@*CjSBpEu~*sn
zcI6MkM%mAl!G<X<Y;ZV0-C98PfV}ayX~NZjh+KjLumuk>`q&q7|4eR^a%;J9k3#!}
zupk{CP#rj_+=Rt`{%lF~nK1VyQl`>cj4W?1@j@wa%5ubAY9QAA9E96u`yMJYn`fIu
z_ez&ZHsKZuTWfdj;R*|u;)Y&xT3`>bVS6PGf!lD@#2;R=I&!(=49Ls`@YzSGN+u9G
zy}K7RF>=&H5G0Gk-P-?i8v%;R-aK(cI5Z=oRRIDVE8*W)em>$qTs3qg^lO*H92$EF
z6d;c~)bNiUld68uDS1~kL~Rj|Fb)%>+QznD1g?x^1kV@x+ANA;?2CI%6zzR;zMy+l
zH9F;#bge*V<*}(#%(5N@k>+NPkrIXE=lj30E|M@~Bp_PWrUvrr&>uhp^Pgy!xCbfl
zI%E}MzkO|Q9AAqE*fr4{);;$iVzo2{puMgSu!N4)%5X0@>`OzUjabc-VQ#uNF98tU
z>6g$D?JxLS+z_#wfCJ!4b#Y}-H=^)d!YZUWIxt`M_JiCjm}WO7^t_=SI?V91t2>rI
zXeaBrCa_B`GuG7XJb@-BOl{m6^spMM$V@dMf0n4g7TiLBm?f(u0-|fFs&uxFR2GK6
z*2(dA+6w@FihK0!RxR3P#QiDx9~?{RMj9${MT-pp;8ZTn5m(a|7K|m^yFE%uzK6ch
z`3v0<mg;j>?`=5(A(UB31Oh^t&0hC3&6B+%T4|;elu=h0S=Yx5NGbwB)dM-uxZswg
zssvDt8#5FpIocz3@%;gk?Wjd<%&C?(S-C4t=smLMO<m$WF8P0$vXp54_Q7uTkAt4v
zI0w0gcj)PSQ(7^emNt5^(d}{d709x=ai)epxHI?uSzygx{XY4o%j~mPN$<C&6CA0(
zJHQy1pHd3H^I-U`)^1*aX)JoD+BKy0@8jW?dJ}Vu5`9c$<Vk{R0j}zYGY$|&4NGT2
zl9_sw^nDUEa$@O%O|Dovi#ls~{l-8#tj#%D1DE$Oh@(R<O-Y?mhL6o}X9N-gVX`lZ
z53yAz&|RfdH}uG542H~0X{HALI1PVNImK`MDamYl+C<c-V&wa}>KUg>IursYMdYoW
zcn^z$p%4@Pq$K-sCfi*QM}>oVcS8I39|vi)Hys8Q^jqc8U*!GA6rsvWP1JuScf@d=
zzK4DV1`JY}+t<2Pryr)G$fpe8#~kqYW#$#S$yk))ajA#P%;;W6i9V#9eHLPS2&-QR
zH#AG#XIHXiDr0{(Q6*N+#rmUdM@y@Zt28rGM$vhHqg|BIPxmlJRJE4J=ZYILJ{pgy
z_as)~E+yfWCYHuRic6U1mkUZb(+!ux1dW6WmM!(UN`=qrDX)>iW2*n4(ow^B+llPx
zy%kY#&s3@TF<0$VXSA~r@_w%Eg0K)}!Pj+QSw5{J^-ENiJXTI~IOJVlrU+MwjV01Z
z>_lUPMEPu9ygJq-nJw-T@5Xhv!iLwA1zjpGiVVTSd0ySR-!%##HVT|$^ts;e#D1Qh
zQXA+3Wicxgd+P>pW~;w{A|KL~j_rgx(cO50eie3U7yd#3042CW;Ik<zEY;?vpV7jS
z8?>#1?TRJW1Mmxr2vt^!wW*a_>68dBX%uxa#YRt_1uRojelQwdx#w)k3{YShlFQwF
zsSHZ?ym;A7Lh#s^x>lzANLS^*1BxSc!jHDP3|=bHwa$J#h@0rYJD4Z;n74HPyFHZL
zSBwiOcUNBRvDkJ^8#l=M#Bqak&}^_hpEL=|C?kr(U3u1sZI%#^g|x|fWJ9c2XYQ{e
zW$IRvOw92yL>B0l4_I;}-i+It&OLNf_J*^^U%sZm_Mjx32FUa?4?^Jt&Ehz$abtb8
zD_x`jVJo9cb1`B}js@S0mLyUcltN^9#N3>eJ|2{axrLhipW~LiC@(`XZFGyudKd2|
z!@v*hw0X*_wApmukheuX!oE}&!_ct?4{B5xWB}-faOD5sEWP6gLMiz_#SdWf36f18
z{JXN6&s~HlqsT%d)h49bqzaoBM@2gYq>(ehf~f*=x5%Xy885Y)MmFBKlHnE7FWq#r
z?k5yPU$@_;?k|{cbV|+}_gi)LCIoRmeKsC2NYZhYiVG%I`)@Y*05$P@u9^Var#h1B
zTW~JrgV6PSww%q?PKuZmefYirVdJpGM;W5prQ@Rxu>>9X#Wq;xE2PX`O^=cKSLaWa
z1p}Q;OL!X7JU0<RH0HmzYgh5}%<7ZVDmZ?A8VX(}NFZPEY1jR4MtHA(-Icb*NR6g7
zL~7j(n2@C9I340;uGaFF_^fJCM<A<K?ljx*J5w#B%Ckl)&H*Bxo{u~lj+m!T;-e>u
zQxwf@+Mi9q9VEW$$rAd2c0Nx@gAQMgh1+hEJoi&_W`$xz8NFa-Jk&r=C|O?7ZbiyZ
zrUc7YFD;=sfiBf5DPhdZ5?eH~fJ!J=3Gkhv?@f3jUq+@v6sAw%*}I>MT5)Zz-jc4y
zh;a)k>D{CPE+1(sdOTd>_4wo;Z^CJ%crhZH=V%3tz$cil`YydK!OR~hhDblk+Pyna
zBeH@B|L>xrpWw`{`6Gr;YU09y`Pc&!YSIY9*hq?A^VouX2F<u)?(WRq=k@2|6W;<I
zMpIe^?;js_>YF7?zB%iDuj!;VXr+=20r@VP7A%Ni-%|qXh+e=tqH=GtR-;xz@o<=c
zrB%~4i~i>$)BvXnjFSCxQcR)~S@Z)(`pHPt073<k^5i#<?97|CnPdg0wDig`71-)b
zJc-t`^41oyB{xebOt_=AIx4YjyyL)?711Mr3-fyj#WP_yXLD+^cBl4KXtAdts0ypa
ze;}tFMz&Uh(6_l}!__Nes!z}npxM3lxTyr#bJx-t+^7=(diK_S1rGE+6KF6T_5i)@
z&W204Hv<4qIg28C&;mp_6f_u=_ZWaNH_?;tJb?8db&u!4RRZx*00_lv&mY$5jJEMN
ze~C0<P5LH98g9qfKSlJp-e@QDf?B)xfF8$c4h<%EH5xo?t$VRr#HXEJTo+IXa07J#
zirgJ=qfhU^z27<j_WGn9H%;#Vy&z9pYWU~62U7rmHIha^yk!L7sX9dwAB}-Kf-m_c
z;JI$P5Vf@+G-xm_U4Q@U)G#Fwm#_gi7LX$^fw=tyCLM>F1PIZ403n)%7XWQJ4p9bM
zCn7?-lLR~Dc%>{&_r<CMu&q>p?MEt%sD8yRfyi~22|VS&S3|5iM@R@fU*}0!h&9k}
zvI2{_eG5+yz*Xkn_|5dRI(6K)=lS?3NSS-t<(Q!u{v$Jz2>0F!ii&o+(!an;X@b<>
z0{4&zTf?y&DAB2PYPtL9etG6hK4>jHbr1nnNCKx51#l0A0PZ2<bycgY>3z5&y-m#L
zK6d%w0A~P220Z_N<$`bmrMa9(4IiQBdk-4UI$m6m3JxFz3<UNO8v~*M9_fFaQh;&E
zCK#<!;M)8;jRvC^{kd=9`NISzUA7Nt-`JvS8X~mzInU%O3O6cY=>?Bg@9Fw*(eDns
zSJL{jkj{5tkhyS8DuL+nCPC-wVG@Dma4L~-a9nNu6A>EQqv*0tzA2!UG@-8<DBCld
z@WB%^|Ei7QNgSz<oh}A|umkGdIsp+H0@SQ62C;#eAPG$M$-IDLPY3}}&`7|dd1@D(
zFVpX@1@x*PI_~#s>ui7}3DE4TF^IP|6f}-6C3~b6><s6!{E8f0KLgM^xj}-<bTX~p
zlWZ))PEpX(3szx>#H#ju4E^bD(<M%;cJtm!g9FMG9zk7%>pHP;?<-=yGd$2h<N(a>
zm|VD*`5Cex$VUOxKQU1Mw4#V@QVE2~1ca-ipmh0v34IIkPQd}y)TzoIO&IhBsdIfh
zBr`CvVk}UQkH9;%Sf}*6uq%|sU>mM9WQc4AMz8XU73x3Y>IOg={jWZ!N;Qu!+v44t
z0&;*N@{5AFQuoJ=_<<W<;sK|i&%kW#dj<?~%)oHWH+XE%D4hV$ZuN>BbV7#)bHCW|
z5s;~G3P=LZWfcXr4YPvcYzyGoT<P>YvTK~10uH$7`L0Dl9w~Eu#)%ft_Rd-!HfU$O
z9eMg>uk$zZf+?_kXSd2BbCG^D2e---^0=x{KH;~@0q)r>6;OxPxlZyoZ2N2q@V$-)
zDX?H670xfOD)KW5m~5{qlSieg;SN$W3VYdpk@NEKa%aiTR;3iB#xzjfVe|3<tfKIb
z_Tk8N8|693caba92lMjyKu>U{4S*h7d&C~>sGrKS=M;P)XlBsbIUMEF6=hXU@}>(C
z!M^`1&6sFg)nTcVykN6Pa6oN>-p9H_6*c%?nWBLXvL+39xu_IpttxF%51ARGy=*M&
zd(%k8|D|#ep?k!&=z34xzhW9ZxE~7Jf*5%))wT-?PDZ(P|I-$+16<q6D}?I-v;4~#
zckvQD3HTS)fRj8mhkWo(q!I1G7j0{KeN_$RTUGATS}Wfaj~_GYd)eK`udz%ZkF358
zH5Co+(mp)znBathzEN(>#UtIs)W~k25>*?4hol5Nju7pfI<h)j*(S$%rKFEr%s<8X
zsS=(<=f|x&cWKWPNFp76t+38JQkwQaMQcd%8O~#eNK%cJ9wMaC#u4ryqUgAn9a(wg
z`d2|L4>+|7lSD`HR+GDQYK6Fu;D1>q{L)%8=6l%!l|hKmn+nL(z0?JnN=<s)rFWU7
zbpe%M+*B2V_p(W<CXO<YZ6g<H51RD4M3*Wpx}4-snuUXDBO`&E>+p)U6_&L*$q%@0
zhmlEr!Bn3tZ(EG`TzB*d=r>z9%jU7VA)cntL*Z7kGwFNTgLFGh2JpS9oj^kph%V)q
zjXB8!+i((DN*Dc~<l=eqj}W&KhQ>2<T~Cs6+Kz_oxfD5!ZML}-0-&#w4IYaupgZ_t
zx+>aMO*QHyuef+?eEj`?d2^y%|I2HU4zB!PmV3lyO##&yx0vRMKn(r=@^(bICcl`v
z`P9|S3Fco3%_Qz+r`jYVN?_7!PFjw%gnyof`0QoxS02b^LbFalpow*WR%!bW!JCKp
zkTE$X-(7vOrp?Bt>A?)N)PFp3QN-;`r<Iz%<N~ZQ?&c*Fv~wz}`fTMWb{<pZ`~=HR
zo4ooOOOk9g6<zMq;|{st){Kgifd3OrmNKuAws|h*WkYUc-A%<JT`_@BzypMWAY}wh
zC~a#JDG@2r|G|h!MY;OswGo0HCeXL53RXwC*B9kTz~zT6PV%h_r?-Oe-^&`Re41)V
z(6BNZMq8R)Cq8d~oD*0sss_pp?dz&ES)Rm`LsL3EGB4$ZWT<N_iip@8qpPh6kt9&%
zQvUlDsNV0v0h|B}HTbFIax8xl$Jr`|p;xVR5ywh(9#2=ky8h@3mPl4)U%?nPU1~Os
zk%g3^m<x49II$e&%$^F`e?C`6((y(0Pkc$_p;JXTcc~%{%xyD_t~_nsKGw5{b)?#_
zF-!OrU=NWpIYnp}Zp`nwh&PeQzsAa;?9jL6#Nem*RG>)h$OYjJ8CN^k8eUtpTTs{4
zQqOelmIWSIRO1?KE}X{hqwMbZ;XIDLfp@6OuAG0qvTCGrEz>6mku#ayGfg`w&x!Uh
zUwJeWJXSrz8&RjMndDAweVy-Ursnj0m|g~k_0NPf3ZS?{Dcn2wU;JIsBR^Nfy3n<|
z+5iHZZ><=zvF=W-qG581SDJSD6gu&iJP`XAbrZjgN_UM_&tISu|LTFdZ~|Rg+oAEh
z$Y}<+x5GbvK(nK&JY#5Gsd1;>&-XI5T;EGwbPvCbZD=}ok~sl}4jy-|fK#Zp8WC!#
zs*UT~4ft5a;iOf^*lKI5Q~obxvI_^3juy0!(P!2IF!29|9RGDvn$qs=#kW|1$*WM2
zSC#c0f(pN2ID@3Edvi^r9W)Qz5*je<0A58q&wdZc%PWy!l-<kehc!37pn$i><+H&l
z*H#23#KX9}b-S1G&MRl8se7pZYJj58)b!Vx+J_Y(Tj0Y+2?3fDh=^yv6OV6-8a36B
zbCRIK*a1Te7X8wwMS7j5RA6xO)LKTEg4VtoGi;V*)Kup;M;Tn1gSeWK-?{o}9T-*I
zhGpAv?wYJivLGHdnziy7;7zV6pOPFtzxD@jKlwlC?KF6tuX;GR(C{TYy3%$~{wV3P
zlz2V5NF=)a<Hq)~vbpT^PB4RYhQrk@;+JuuUGpyRZ$i^&?nb+D34GioYjzcVfZ(&U
zVBwdk9~GNwsuk@{o4ZMY4~s@<yg0h)eF3uqz5Q2E)N(ub72%@Vl_NL!?#j#MyQAxr
zO5?WFrxKk{M2&{9VjlEN7~|V1*;t$}-!kQ4mHk2?fvnXg=`8~pMB@Fe%u+ffx^*5i
zH`az$J@NKc3>W)?;yd6GHh;rxHPx2KLMnO{3v>U|=7<4fL9-W&^{jCsnwtIBGC?*i
z(s3f>D)xQ<{^M*8KlHn>#iPC~MSrS{l5|0~?}heaulbjn#&3mcwycKlJYFXoCT~A(
zOn#OLs?eG%EBad~d1VOR5}R8Wy!~Z@tdh^2eses)pTF;2dgiy&)9U8K2%a$RQtLV5
zN9?~3;&(djUiTYF`iOPm>6iY7%^$%rnF_b<sS(ARD;o4C>*nR#)weS+ozSJ>$d<2_
zNmS6KFi8~g1K+g(#|<ixY?Fs_q6oUt5JU2c8gk1^*SD|$n_D=7V7*Gp=>TH5E~>?)
z7w+Ucn-5<%b{~TdqvxVX`tN1I3h`?3DjTH*m^`25Hz<b-l?BoBCL62aFXn7Zo*o1y
zm>0kgmPyn*uNBL2$Gu$&-m)iWz8#bEkd0FLlCXP$7?z2~JWpD&Z>C@cV_EFev?yH0
zr~Guc#b>tPE;$>eAI$3a-LZK$ttyi89u=or?N>}g<{vk`{{H^EZQlSLj9V3)lP*Oy
z{RR#%b#RLR{uumFPZ`f+sD~b&<sghnY95)J&0WES`#>SGBiq|11)IdM{U<6S#o_1B
zE>fSfA&ftRR9|awIwBI~u&i6~nf(<?-ed1lj+|`WZ;szD#NsSAMt!D;FYQo{0Opr}
zYf22^g_yIZAp$9Q5as3o9ro=rwz7@UPu*nvaUzyo75c1UCTJzgpGj}<D+uW=c#+!v
zVm`2Ie>q^Je`wlprT9x}k*2n}0fZ1FG2tUDWiq&urjgkCRFP4Us$%vMCPdi?YmhLs
ziDO>lEv-=M#uHXZlS3N#7baJil)|Crl8oMuA;tvk#hLz1H$9*Buj%Mb=aswguTSG+
zqVRJqwltjDJP0Ll>|Swmv1z}U^hp`Z2A{#i-)UN9d~T^)5%Kw8l>d&}`SazAB$NAv
z&l1VY^P0LMJ)LOph6owWQ~#1twh_{+u?A^pE49P%-!OPyK^J5*gARs4$Gf`MKmWGP
zlzYmUFCX(Wk<)EJMnF&7;-&ZWhT`5yV5Uc#B<#WbLH>%bAj%OC-YVwx&(Y=uOC=ec
zMutRex<tD~Y@4{25fJUu&7?<J@W9I<zDkG<JyAM(>h(dkq5@LTS}5x#_0?5%wkqg(
z7&P`oe%)u#DyE0?fafoZIkEV-_tfAJ0%qbmPf#bVQn-)UqqF&kv=AJUwCg(8x4IkR
z=#&SpE6MXnBBU}eG&7LKUY72rGd|VeI*MkK#-V5(0m(dkFsD%L`^61hmGNO1Wc}z9
z3DYpc%0&J#n{{&hS1_}42KdoI(~N>ciAEu$Wc__JcN;zFnB2bL6W_BOpWE|n%$Scj
zftN6X*U(%POdJocAe`z!Md=${_u-$1&yeqcVka#oEbAZFut40tD%Whc#KDZvA9MSb
z7^-sCrE-$}f1OozJc2M!es|-Y@5hyWsiF+Uuq&~oP0ORV=r@_cUDYxF`ggRMspGZG
zQv)YeJ1hmM-BUx7iue4pK4q8-_$0K#anW5wSYZ7VfBP)Mc<jKOz&2as1r3H1Y;Ame
z<#Qj7?R$^md+MuQ-SVxF0S5o12F32!wZlm7;*Q}K9q$(Q2eVlcvTTDv>HGus77fO*
z{mR?;cu)+iLN|+g$J6<yc#04Ee#pM(a<#sN8qVMUQcsL*wDhmSH(;A1?97xwuYAq&
zTp*#;GtI{+qkAuV{Y=4lCqtXbq}^WS5|lEAJXNcs_UJ9Pa{;8IYIM}njrJO57iqP$
zYr|VmP_O|FhRuI1lqK}t#}v!`>5Fz9?WdQyZR936$06*T5nl&)>(}K_!<gy$PKs`s
zN<ttbQCV$aV{UFrykATwgOhlMxT6~FvWdi7&zwmgnY=6t@oU0(mm_AF6r&!pF*lfE
zH77f+ydLW?ZGucI=j1V5%?KY~?Go;YCw)y>1gL4A9rpna&<6GMRfd>H5Z+GqC~Al5
zli}BkM~-5Y>{pH@Pqy^1!qrcY`~jRjF%MmW)+`hBK*ff^)K6)|rlH=L_Q0Ew>)r2=
z77;OqN=C=Nah^)W&}{bFyZe#!1YX>4CT`YUI8VOa^#l$)&0gcviIgVWJJJUuDUWe1
zAUHg?KnNXPa<eq=F1eMt>GIf8Uhy(wItJM<oZ?(R9J#<d$5|@K!GL$>$zFdXWxMhu
z_?1%}A%O4LBddPXe4pgWkrdqGK1kuG9Ov}<rB9p!e6^meJYX*&FK1@d?fHm6{r$;3
zqga&7dQFyjRoyZ0ZxGlLwIZ=6_Vihtif1Xte$OOus`L0v=&r_RLHSARC2zgUmOtP`
z{|-4TrrhPQTDXske6gxD0wMREf`B(s<T_@|VcbI%`Q^Zc0mEUz6H`4S#vF&>D}FBK
zU`SeFD|-mCZB(9%i2790>8W;%=h31m*YyS*{^P6w0ivlnXCJuNaWabpw&z`rXJlYf
zMYIIMzj2E3C}NjB<`+)Dh1lO$uX!?|L;u!-ztFI0h7BWXmZ9zXCAHBxXejeH+NVA?
ztPN*69XL>HjrVgdmOB@kVzN>pS86~Yta7yRrgm<gN*~rvavhmoq$3{0T0Z#;^a+1=
zt@-{$AayJY1uADCN1<7FAoU<MizSM>Y)Jv#U^&$VuqDeC3a{$1JzoOb7wpQn%&+^S
z<8YQ9OIcTL$f^79f+TZiJSF&WbGEO|rL1+2Uo$?MVK^=sd<|Q_)d*W%MKJqZH(;ED
z^_wRsz@0xAO3!8PN$9)WmwO)Hr*B*PV;hT0V~TUPy&qvv{HJ#O%+d+dg?b(1(1zei
zQ7DZ6{N@t3aak!4n#hJte{^Mv)u(*VMOXa@378<vkfgacy*@nuW#;q&ECJ|=A0?mb
zmb4(t0$P`IUr}N7ob{HiW%)7F3BTWvjtZiv^8m8ImigXLH};7!)gf`bwYftXEM<e>
zCLi3`D0y36#H9<c*HZ=s)yGj)p+H=?m)0-0n=I=;xB`9)!AOGhZWLUglSQ}I3b~so
z!p~<t3%G<_a#4`TF+@ccKn29TtGRAC9yj&`JvJ;8N(P~cIHquBh|`>@dz=<<W>gu7
z_%P9Faw3immKm`PP*!td=olga1OCY?e`V%zp(S!4pSN%nW0={U4ZNUsR5}B3r3;om
zjZaq<=x+1W^nPToUp;24wrh{vh}ILpR-4fVccKnhdgkT(y+o_L)Q~B?d@w^~k{{5f
zV4X2;%4BI>gT^Rxf@Ou{+CH*rcWNEqWuK}1!?s}84!_LDm(3JOP>^2&$9kh*E8eia
zlil^1ve{x%Pm-b;c|oQc#vq8&J7808Y}(yFNv2wurCjyDUq*`5h%@GC$da@|Oq432
za2OGgM|QsxXMCm7k)2Ni1zdI2Zpr@|a;p?>uv3+st;S;?(3z-jb!GV>&4Eirexg=<
z+?moyGwX(iM*wk$o*fjH;zcKYmZ8@4rzSsPEH-&9F47Dhjfqb*BctJz$Ucj+4?=o@
zZiP950k@sVxz*EM*|KYkPPy)LcmFF{vpwRe{92r0O3BL)o8!FEmJzcIFX!!xj(53g
zxeQI&B_AO}wbQZqPHCrJP;xIoATr;v(tTo;_P1jN9<snd4kRlstkR%%c*l!P2=>vp
zR$4fNnz(jk_ufnw`<i<SeW=W5#vj_`x0G0NdW%i?uhD<`w|(?jUk=oPi6%N^fEK5V
zrSIO2ZhIr&8b#HOTWecOzLZ@2=O4`g4Rga76^T1c?Y5_6z+mY%W_(Im+^YkVeJ5_6
zou%cc9NVs0%h~@Z)Tp0+@6FnoJdij3B#z{`S{l`yGPLyLWTFNe$vVS*(I1Z%`PdKn
zrvX>SHyn8i#L!A?xc(8i-wrH7Oxd!ZUn;?$;rcVbNiLp*CEY!3n{@ecY1R_SFP^-o
z%${&w<U`&o|KGef^7Ff_wB`+5oc1j4y1o`_Sk~U>bdG!rmi=$f2=AzAJ#YT1Z#pUI
znN3mDu3K^M;pp>1zlPA^9v0GB?>J@%tL^@F3%|*Get=OPxA?~NIv1H9Dl2eii<E1&
z8XQR7(x6S+7sH}MAlE7dYxb6TPg1wAgXFt)6I+Ggum;GX0UN+@0#f~|fVThr{c+$>
zx3rfKh%y^e__7$~Afa^{h5|DQX#Y3H((#UkHuT;Wx;J}wRlQ0MVma62mj?w@Z{Q%l
zJewp#hx0E^zd*%OMxZ$Kl?LrJiXw3B%w1V?3iDbxHc)^bO%Lu4)0WE!#1V!#sg~{Q
z=>Nu_mvK-{Y{Y(Z0O>-(ES=_@eXuL0JcL@!ffP1koqH1puAXx>NPz(5)(+^4wX3F<
zPi_)hO|6blYx4LA0R)pLia146p2YUAwl4T2Oq$&wG`lQ+)`|y^ESAHp@*(sT`ZAp|
z{F7HtvAyTl-{*2jvS<#YtHJQO#GRPE{Ba*28P;QA+8#FfSfU<|HXM6z{oU`>njA*v
zCZTG%#=vx26*pdRmn}D5$y1cDtl>wy;jR39eKlMlpgSXoJ4IR5WN`P5_Z=c_^oU}h
zKv?^S62Wi%f%9a-FtFBkZlg2=k^><HRtX`6>3uDp%1ay^)t`V<izGOx%{nxDP2+3;
z$x87;1cyyhSdQC7ef&-*dM3?YG<zC;lGyUQ=tfSc{#RS75-`E-WV*=Yiu`k2PVUJJ
zQKR$JcIpZB$uLb=zBykHuG@DWre%C)Y>3ZT0zY!w4(00bxi4t^+g6=9BGd14^M^QX
z|5f<24{M$a80HS(?L$I%wpvdYt`^@J?LRsu4+qJsGkw;;&IZ^7%Z2(TVNZRtb~L46
z^QCGhLwh4}l)w>~?p06Mo-BfQknMVr+*)DMX=;1#M+RyyNh*R;{vJz58m3C!qafA*
zA}4bX!q?B8ha}@V%)c=O|Ld~(ftJ5uE{v|@;Z0^0I#`a`3-ojeUYFB5O8<Q6y@q!)
z^H4{6L0ni>4;mUX3?y<2`#|IyzW&|MAy}fF4-o-HP{B}eDt004h@#5`5wwhEuk5`m
zxw^2DQRX{^%C&JSiWfNM{JMuE_j69=P4WGsrj1#0lCm~dkGx6kSicH{F|RfDJa1YV
z&jw$hDCzlfxy|*Z%O;7EJ*s`D7#e)mXV$tL7}d*%ytHMB8=%15K)1z>%sqMzL18qC
zAF8eC+)+Q^D~5MK#qGRjGFCrJRx@aD(ihB<S1pA`l5I)Sz4@9hF_bP}#CImCzJboY
zS1u(V;X7)B-#O0B6nEcX-UX8cuX6`rSIJnu>wlX2LwJKMtEOL$Fqpn_sb4&Y7+8?|
zDb|CE+G+7m&4c^dCc=352wSU*OUsLz$4S`ThI3xtjbQ((hVAc>plRFfA@P&teF48v
z0pZf=x|)(P_4lEPvJAFu%I?1p0#~Zt4-vImT?#&TUJYx+$EOnAk#~Jp3pQk5^+Ub3
zAD!6H&%wISCOzfz7P-}VeenQvB#tTO@y4E-*zgayp}a{fO4skU&2$*pBhH>SA*No$
zmU1HMmf85=QO>R=kJozppDlTV-bs61wdkS^Wv4A~(XD~<dans%1Gl+B1IT6+H{Isd
zdIsb->Z_XV*xh7BY2WIea%y1K+EY3I*VB=QCkl6NXl<P4f!Xbz@+)53j1`%p-<5)<
z#}c<_KR)v7&o=1apJvV1ulDJBVkrTSsD06}q{x=RTUAf|6S3Fx5`m6h3g+-H2o6q>
zxtH4`9alGRimMCxhiXq_`S(^Mi(rw2xW0V@mx`#qaU)??U`43BQ2bxGAx)l|fKhMe
zqQEsV^=$RFXTBOzgrSwnGonZU^%<#nBf%NzVC5puUZE$j$=FA1J5mzw#2B(b+|zoJ
z%fFnyx&)o9oJ>JFm+)qv)wlTMJ2HkcL_xCUQ#1ylIV2QO&vqSB%QF*2>ITw{ZiRM7
z7n1JOEq4tvYQZl93|(^rqH*rF;{qAeGBSx(O`eQrE2@(xf<>OUsD;7+4!2z>H6_bX
z(+>>%w`2GOqukf@M6pia=j~@84emiG`Qz;gB%VK%{Nc4VkWN=JI~4f5;XS5TH3ejO
zTLHiMe<%q?+GFv&>c&Y&zX%MZzVgEc61IDp2EMZGfxG;5UJAukchAJy5;HN(dAYt)
z5ix}-0~$*E*zajPEBnj7T{`uoW)k!lwkgnzRdaZ2eeb7WLTGU3`3OJP?1mba0|Egr
zJRMi91hS3$iGjp^<@FcZdoZDMr%D{(V9W2mItM;^m$=62`gnO>I*<9Jz>~M~C0Dmn
zZ=9vSjMIcu*h`a2IBMtg`~|1<>ki&B2VGs?wwPP7Z-)s$n`a!J0=IT87Z{lYSk=aT
ztN);L3;0QUm+gNbV{LTrP@B`~x#Np2yS4~@NtfVxYq|CtgSQXc{mF&647;>@77yj#
zL69h6r|}qhbL<yln;BdzXicDb@qu(pueCD~p6<<kMZWGb7265&7YlEGl|K9a-n0bc
zY|H>J{yy3(Kp|;?Zc7tTrwl9k6yX0C2suM7eCK$^`<?mFl&dJn%b57W>vrk~33g^q
zUuJ(Bf~yI)+*)gIhO0vK9rf1r4Lb!5gV<MJ^BOmFm3j|)P9j0+u6l7>SQYqs!=Iv9
z*)sYP9p_gK@Z_3)!zovE0(zlUSuXs2XLKSlg#)!184=929m1Vb>PrIifv3^+?U^Mp
z1(v3Th%HkmwH~r)#z&`lYk&4<p9z*p1D33L+K@+i2%TMsyrR#<LR^v}I0^-dY{cn1
zC(1TmXm9O$TP~il2{nd{H%o~_x~d!;K5y~}NVwz~KWn@*diz7EXgcK}^?4G-(Ny4R
zd;AgH&#S?~Aa*PLO0uZJ*;x@@j<XOP;c%ATd{KC4XQNt0`*UcAe<O;XujcNvbwSpr
z6rClbwdCM=4Plt}1biut7_wb)yCQL`jwrPm8ZtC2+WgNAb;0Ty6DuCUY93ZQy4Pb#
z582=}ZI|YSOr}UR-;9gwaqxp#uJiTo$T;i~omw>mk6QIUq3fAy$jO!<uK#b509e7g
z<L`fSnr!am-3t4KIHw~XlHRvpPj6F#8rPRH)tN-~6DZMO^?gD@`Lx%OM?1&Q<*w&N
zL}Epv_YxsuLy3^JLJ)Hp!Dc?qd0k5V7Us7ZEBYAdo)|O!0Eoq+Grd_FQ}r+YT@4{^
zk1r8wT0TipR;b)4nHnB!c91Ljzg+_i9>|1PGLEIyuFZ2s)&bn5H`Q#O-n7p61Yajh
zFfQ0!P`i>Qo>AoGj32&x9_OE>V|I@%j;@=w{5hcBbaf)S#0Wjjr(ELM5?Y$ryg6Hb
zTi1J^vD6?sHfa@wSCwtl&f&ZJycMguCSTyYMjtze5SaIf;HB2`<Z)Sb+MRISXtiWr
zEeWGf$<llDZd6^#z@<j!XgFV+Ir1dZGm1qNRMIAY8M;&3m+k)a1HSW&3ujHk6)fx$
zK<ceVDN@j{C35;1tqm1AR@1~dqGixHp@E!&3L-G>nBjw=5n)5dX;v9(Us%;zFE+Zh
z@EcaknqKf)Ih}70wnf{dSCeF{VaNREz10g_0{_G!AL`RwcQnU`+<y`*Rm<)1HKeP6
zA&1sUR`0>#c$V|&c$NXOSK0xxtfHfjwbAE5SV)!Tx({Mqu9~<yp;$r6;Um`Iuc`ID
z8F&yDqhQwcR@ccNh{fHVwapzn4wU7N7{{3VLw)mNKx|%=`NiRJ9n!yss#2eB8hkdb
z9aZmQw-j5nn`Bfj>*~?T2JI+R5{;!#1NUkT0$P>uHdWzzm3PUgOPR4KYJyw_bM<T>
za01rQEr%wkO3p@kHPCVNe7>1<U7Kpw_h`l%$t^Y4i7WhZ*?{5|Pv6arQAZj!RR+mp
z?lDd}t8%8BAX1lMz1q8E>N*@s(2$ShEMQf?^;SB{%}A#%8>jbd_Yc$>rzZS&$b_V|
z3;G9x%Dp-$2D}SV-mSjYv+0(e$YqG}L}_4Uk3_47mB&h^DU7*gnEoO&ZpzRhHWWeD
z+y2+2AvK9)!%qH2=MY?@C%4f^XgIsNQVqG-tcw5yTVdI8v$xbqaz{A4>oH9})m|0b
zUbOFA*RYO8&9o&BS;H;<pZU|QT;;NL0s~!|{GsbcyN^sM`JS&-o|n^cKju8>ZzW+q
z)O!%bE{`T>R99(&Uka9C&x$dICcfssa&-!A{Thl&qRIMG9gs^CP0@xu#)IS2N0McL
zfuPU~d$09@uLt%1m&nndw)*4Mp=H-P1Vyz@7Ex4>c(p&!`1b{cSA42a+06jQ=7EY#
zuRoP&=3eQ~fo27kN3aV0R?P?vj2e#Is^agO2SG$U2T=uReHQS5%qfY#f@_;w2J{66
z<rX6@=K7V)snwgoMzm;UJ}r!1;}^!uaLr4a*t*J7{srQTddA2FT(?m-F)Btqk%Q)^
ztoo+ik8_FCu4Z8AN{LOiB%A6YfU{2fBg1a@oyTX+GQ%#BdbD@@`tEW?=tu2hKw;|n
zSJRERt!bl@RbZ1T&z&(BpE0W~;^_+8Q6+cfab}(UJzj-En6<qaUGwNvOP*b<TFm`n
z+8Y$E8YS0%b2^YR`ABP(DK5KHo*gh&iVSa>>c84z)$%im2i&Ol+ZNO8Pn!03PhR!!
z^t_)N1=8mYqBnhW;Ir!np&dFk5ontleU*ME8|GZ(SRwGW+O_MpK=!0@dYtBz;d?6=
z5n=2eX_fZ;$+7Ks;blT*L{|qI111)M9qAr*c}}xproS_u`g5+loEG}-`NsP0%`Vcl
z+sJw1Dicq>oNktM3K^whRt$fLZj{Ihr<=qhh~ngH=i~l!`L)USo?(u4a<b@*5<V>j
zw{f9+)R9o`<^I_Qy>VJO#3j1keWC?fcVAB+aAv<8W-EBlD97M!z5%JsFldj*)_|9j
zZvkb=1lO$>6|cYMRmkoA?YCM|x-Y&X*4FPm5}tZ1G#LA&Pi^!zz35v_dv#e@eqD)I
zC*0%AVyz@pX5OAOwDgRElh=409IBQY8UT38G|E|1!}u>nsJ_Af!_`*+#qk9Fh7f`U
z3&Ab8LvV-Su7`VY_ro<1oFlkPaChgB1oz<X?(X(B|5x>W^<LFpUEl1?PS4El+;;b`
zy93zPGhT`{uxc<1bM+H0s_O=!2s2Fxny)Bcfhlv%UKn5OEwi8q%``BmI`}4<Hsp-?
z#{8&0iNt%Dd~CA*O#8C*Z8${qZJ_8K%<?OJIjUG$dB~!Aei<WW+E!Am{DrLlx%2JB
zA9`u3?R=BC3rWJb3p_U34yysAHQ`vSK%0~vQ1n;zChxwCUil}4H8m&1Q(QNv^w-&i
z1Y<>MYS1`5L^t9*wfA}2GNL%f)uRiuQCKSt|3rDFJs4~j-RLLNMK#D<`VFu}SZL;y
z>D!<dmaW^LZ&LVpkY+L~ieGIbhPFdhMw6%s9!9@(tIF`4W`?#z{W&9MlJ%egt>H{J
zg`+aVmT?G+pL*Nq5)*4~1#td;r?lyV<i29Qi>p>7<ZT0$3F5z%I;@c-zSW3_VHUR}
zz3%+oVC8Km9=TZS@)l258^upj6`%7p<N9dCD8C({)jYMvBpHk$F@U-(t<}c~@hpKy
zu6c}y%gxDP%6>Qe((f6iRXu9;y&-L{U78^gRXI^t=;*i85;2^%@%Hf%5r&sMy&?5U
zWMPlfY#1NJIy+ntQ&D}*bp|1a%oT}gK=Xw6BJf+C8fcAkNr!Uq`x>wKq0|K3LClZ}
z^+_^ik-&w{z;*$q+pu6b3)@VDrY)WF8E4)$uBo(v`q;PjGL1(ZYM2UJ?H#$LIsJPA
zYmS8Ih0k%(i-E|CbNwi+_j3XW&nB%q88LjqR6_b}{e%g>z91W+sr?K)=Q%SdTR7aB
zIcb(;kw~ByA$uj~gGSk=BCvWiiToVsGyEB*++@vMbcuEL*;$hMMhf$IV0-_EB!Np#
zjCvfw_Qh4YW+rN~kEPPEz{2O#IxY99>Ky)CnqJ#npI^ihCnkeA-Cy-8t61-qP*}Hp
z4M;@md)spq?G~@$=Np#&QOTWOl9vfHH0#;O8@BMrmf}y)6bV`xVKwFTOisriNPg^o
zZ@66br1gqc;8kCEM)Ih;clzP3=oRgB{?X)Ohbzd9W39twp<NNC_`=V{g@7p6tWYE*
zZ22%O<#4V9aY%^kw*s<EX<Sr7uQiux2F|-k=fH`Bt&BPzaf`ulmn@^($GqtQ)%@ml
zb6zT3zH$ZPQg&x{zIeCDjGAP1YUhMaNBE%0;f)+)GZu3*Y*)=y;>!`B#Uovm*Mgu1
zEUvP>CAg+|BE8`o2`)@za#<bkeTOQfm8|YgIouL_VNNH%l;}hJj;vh09IECjA*P-2
z<d(1#9~z4#u4WXY22@$qfRNW4-m7D4`m1VZc<baN#w;|_RHKylgsWS9gHZ;m_?5Gh
zDo<i>vqyk|v2<u!=49}eX=%b^=KVWa!A?zOqaDDMc2ss%$2+galexuI^*S1>M*Q5z
z?DEGC9-d?&eqHtFr6=AhwVJrzVL&pFxzP53!g#qrk#z$gHdhK1odo>lvrM`ducUk1
z0OATDO#J2jRHY4*V#J8&uB7w61Hb0~{Spa!5Pr*p;TesX_d`BQ%<Sp*9X<VihjAb3
z3$l!$#H*UR)1U)gzX#F$yN+uIm9(|62x;5zV+L|on1uF<R+vvW_7Lh;_B{Gu53f--
zc?Yj4A#o+Ix2_awucx+t90whzF+iarv2@7`$$gYY?#t`gs#M9#Yu~?WezP&E&##ZG
za_sT+Wqckwv)x#&UM`1ByJh^WyT4b_Bl6FuM5WyjTZxTCKFu;kSi1>yk8=xLz9Iia
zOfS$tZlrS~3Zc!p7_RP9uPW#N)Wm*>@NQ!}zg#qaQ`VU$xp5BFQBmMswTBnu1zx<B
zQOFlQ{S+0->c!^eWu8RM&vAvs(k-`tr+H??9nl6hh@HTYTu09x81)aU;`a^bo4f+~
zt<K!)Xhab<<dA-9ja@1A)I)*qxjhaIqObz5&;5$p-yAi^xgZvJ8X-rWthBZvA**MP
ztI^)}G93M1iQNoZ2fwfLgIV^^b1JBbKJ^GNM0m|j&q8|lQ{eXuqVeYM932EMkV&rU
zO`G2xYwkePKZi5g60x8gq&g2<L2Ms<5q>w{H&*-D>I6UW{dvqNwSI69Otqhoov?pt
zC+UWK(Cr1h*us$&srOM;XElWI&3}N&x3j@)`8&8!%=`2N$sN^_B%)uZgrMD?U#J+c
z_L1UAo(Dz~BdZm&Eac%{QrNqnE+jXvhGFG=`OMbV`%>&lSkGKdl|smGesy6$4)EOv
zWSrY19j5R{U1{c4=OIMyYgKOvh=e060^GEn)1T=vSTA}zqKMp^+?o$ax}SS}UO8OX
zh@vjtQ$WmNw7mJE)#B&z56k%HDbazBw|p@h&>SNT-4W{0327PL#Js#sGaSjwRq;lC
zP3rMdTc5gn;zK$E`95N~1$u6_Shl!GHtCGMGRcBV^@XZV_dZP&+w|Il{`759T{jAa
ze6zVIa)kg7?R4lzQnkwJB7H?YInSdYYwxJ=4dU1yp8SLV?ikV4sF;#F$E(&5scA6Y
z=?=mPzU#Y#);z14iFApuow>qOc)sUicV{z$6ATxdD`)9x{1N3>0oE(9o={{`NmIP<
zjpW9`tqPRKnSFE<OJ{?(HZnfz^TI-SOjZp=$djDXL^TB^5m#y5JW0>cn6RsRV4-(+
zz?00=@6ovLY~(y_1Ke>_`_+DjFA{`5wzzL-_M0&vxrq8b3V<tnA}D9sw&uUXI48{3
zVk5Zv!-9$R!q#WGlt#C3eJuUob3zh=lBv&+lUFGGwH|pXH}pdqfh1$E@@1k2-Z|7s
zw#jj;)52E<UD3%ZXb8=x9+{V@H?l2jw3lXzOL&q-<4EgzOPl9}=DntC!@xfm2uEQF
zV^J`$2PIw4ifq0n^s!%MriT05dL-gb7LSAnze~q3oo=6buO7*6DuTGLR4`FQG)S3;
zOf-2}_=ztydq?sr;7nJ3r<oWx3B~s_>jAE5djKQ>rmT9?!F^bH{$Z-ek5R(2fQI;i
zhLK;p97}RX4$rf-z9KrRDX%g4_NHG)vq%M9>12cG+qrC}=ey+-o=MJ-TW9?nm!zVr
z9vH-q0OPxrGe1zGagGD~XpNPP&`0z99^uD*U(A_JMq}}p0_z<Q_E9J6OUVuXJ8P50
z6oG4{2~i5Y=PM{pg&y{<ZV3;5p*eAOit8`ls~GMJPNU)iirYHgn`~6x8;;f%J7Dqu
zXgEhI1+JTUII#u%n5sxxs!V(2W1F4l$jUtE^;GWA;u^fFEu|HhZp%&joxpQe&u5tr
zgeFY4s~2+=${WEx*|^AQim3VTP-f0o#9=o?vLP@8s}`-!D?<}M$IW7zw2T}IYV9SK
z{$<qorGu&#hLiRxL$^?s^;by2htdh$K!yk;Vl4GbkD{eTRKB-m*atGtiOA^p+H*6o
zb=|97VprO#Q563HEklDtnOdp1eFpZAGO!>zF?`$Q{TUZKj=MTC>dCT7{<&Qa4S|~k
zet6`Z2`vs3qwzh;tm*eCBh|LtmleFsL}6^EjvxMtqpi(74oR(wHjl25I~FiNFuJtf
zNIqD{tfV+)%tE?TYPbtNm~(MkwPVkx41poU|C$XGj1oJfv!)AF@D@h@tD@d66QW@W
znKXz<*GfFp<^E_sxG~3-PU*ldE~yZIs5?!V=GKEJcLFZ!Ns}8Ef8RLid#Y2+4X>Eo
zv2x}%8$tHWRqfRzFwJOv4&&C2HBU4#Dg!$3#H!@T_bhcM+U7ssn4~GU<50(KJk0Wo
zSefFnb%cV+f2X~D%~#`P5dF0Oirs4P8>FQbf#&{=9E*!1CZS-eo=)HTzWj`L$sQ@c
zzEVO%=SN`pMQM!4gXYJaIxIw!<)(JJ(|2wo<uv&HEx`i&aBC-TiEtXI+h~{cvNx@6
z^W6MfdFL{jb|AD&fn5u$&(Hm+sTF_1l-2z3E`I}&b4P5}QaU0L@qXRSgUM5C5VDSS
zB9637N4Ni*NusWM1n!E;p5U*xgeh!mPD>i6EyMF*_Vz=XN2$J#rF|eC{is4GD7NCZ
z(!hf2mV0;wIsIY(Aa6~Pu^rz90nyX+VeG0{<1Q@c!ZHcms2vF_)ptkI)Md)F<sW7m
z_Mp9*;KO*zT|9SMK1YGu^okajIoyizb@$t}D(Huk{FiMK3MJOHO17tEaE=s7Rc4V1
z;|p``;(M}bmdd&^h)22Uk3WYF^my^=m)Dx$r7}NXdSK`{XLt07E1&Mh0Kds{nhAIt
zQaY`OSMJuL&niThGD8Q+v)aD&P}JKr5z7&SXd-pd4b{a+el4~g`2fEl!TwO7N&07?
z$=KLw<Piuu;gq#epSX%t+4WqYw4mgYC8MzpSpO;|d8;5mOzMaiVaLnyu8W+wkc@Hf
zVDl6^`R@$RaN&<|WvdO?v$|RK0a$Kw&yrZWPD6uY?Xq6q-7->xV8>V5i4IQ|X9$JZ
z)A5!fUie;rW?u&Q&7PUNiN^@82`Ue0dw0J0ahoJx$P9JG&uX7oKvCUxMJ*RsL#tCA
z845axi9Y=dDq6ZvbwSv_x1U(X*WP;h!uya<)(v`~Qv3Deua88Fzz5A|8M!O3HR!h<
zB9JJ2MkJQug<b{L$fBbBpOg=)?vy*?AFLkM?R$f2s6JoN^<709vrtl!%9NTuZys=g
z#z{>OL!pBx&zrqm<j)*f(xK3BqUX&~F5|au=egk!Bf%3^y!m|FnfV=;WM$zMutDd&
z1ej{?S0}U8nQDMR!&>ooez@Y#io$eLp{-NM7oYOJM~=&$;VZmwz2bkLFLM0^6{(2U
zB2s-FevSKD5$KnOZQJl~0+@gacru^6mW+{rtE{t8J<}dyO`iqKU^KRDzRSfjlA;~s
z@4lHkOpen_4>O<5;=b5K0Si|~{%@_3T8(H`V1bFl|M|abt+oo`P-TuFKxMr+yGrJQ
zdx5T>jz*CAbe4)yTA$xz9LM;CYiOT<pfeXb>)@u<Pcp4f$GD<clE$|_e7#EYUsW5h
zc)KYR(1sR|$v&u^MNYsa&C#CQTb{mMYwi%}Rw6R#`AubE1lK)}w3d-WwT`}QzR>_0
zwtBel2(QNai0+Xfdlar%SpL&r3R%#D$6^@H2UCc<n-Em8!?*r6x_A{;pNbjl9=d0I
zkP*X7V#+z`lh@>X>QyP${uGZteucRjR_8V$9jaobt{;1FaK)`*lY$>E+O$$buq;c*
z#qn%5OdL)jmf4(@&>(r$FS*lL$D8PI6$2j}uOP$cXs(+HcHJ0l;x9Yu&T#Z#nh)dK
zls>FscAUTSeQF+qk|oJr-U%rS2wQw?9i0K8{R*%25h@s(s774up3mO&U%8mACUbk1
zN~aZll@OgGjacPLr`fxI*sXl#xW@yJy>3&KU_X@xcX+9N+J~*cOepJlHFd2u$}8DU
zNK|92<Tzui;aw`h&S!iDm)$qy`n|9K59{(>6ooy~lb4IcOD4_4D@*Iy+<%*3Q?pm-
zeJ?#@n*IN-$Kw5==H>Bs?j0fWXr5>f(Aq7EUn6t)6$~>5(AjQCvE&V{zGbuGx%QC#
zkJ)u!5Y6!)H{)ThB?YJZR+b%|w>fJ~^p2+2T^Ay22$v}QurA9Sy3f%+(-5jQ;X{(`
z+se3;Ez8UNxi3+mT~icyQ+)<uizuc0)Ezj+?UcadVLta`RpF8mCI;L4qU0<&!bRuh
z1pU%B8VjC0Dk;ocBezpW((R`)`Sa<MPvp)1<kf70QDogaF<K5fW(ha2ZTdd1C`!+L
zq5Z?R$e4zL{aGVUD@xLf;fy0SKg`;BbRl&~Od>^*_!_%dViqq2lHT#c4x<Kkeg>Xx
z<w!`OrJ{&S>T!QmDCAF12fdl|Y!^5Fy|KQy%Q=xvmv)dU=pgoRMdz-@Zk(f}QMWO-
zB_iEX&oClF#y)j+(RUK;R@~aJr>8n8q%A&b(QaPcZ$6Jz%p%@!m{YMJz7al6T`bj^
z(nJQ@mw(phJQV{Xer7P`D)gMdsowl9W$}YG;C7G4c((T#E&2A~VPXnHaMfXXeVZu+
ziPvTi@=wCH70G+A4^RZm3qexHOn4%lkR%(Cyc%YJdO;^u@fiw6cW{`e60^ED6-97g
zm*pf?DK}sRBAJJx7k>k?%pqZrO*<{3zja+g6{uIp&^g}_Wz!!Lx=M~tA&$FG-ecj>
zh#p8Lo&?;hqLUd&972lT9Q!8x@-^i(L_IsE8iHT?OxKx!bF}gEfNhz5c6YA;Z&Loy
z4qv46Q9cpPJ*?=>tldHnsam60k7cr64Pwkc2dICX<pQo(cw}M+w4!^kqnOOu0(Gor
z7K|w@$*@Zw0G`goMG>07LsViVD<5VE*YdajhRhcG0t_QykX`4IUcu~!;yCbiM@$g|
z?s>`KuyP%8J_cPw%!@sw9CAVaU5&uZ6hv|N!;Jnwh)D$y{cS*>(-L-DZ%6@*KhcgT
zT|zI6*oxi|f>c1~W$w8t{b|kL&lyQ`f3H-j4f`UxJ)}3Gc%>Qs8jLlFoW26nh(&fE
z@f<q#FEhLm;2?CI!Ti%a0}`?hE&07^VpP{^)WKu?rX#f&Sn1*==Yx!*4F&7(O}}j&
zEt4s%(M@Xc!K5XHm8C>gU2y&VVjm+c#EEM=gDCGFRg*pFDwlM$gefyrogkGzq{r}?
z+b*#HO~Jp7Is=u6VUIUre3`cW)CE?*<^lEWbC^e`N8B_@lay+N+!4HFu$A|UOUB71
z89n@*j7n<)?FU7$vn|F_R%17xr<-36@e-q#gPWh6+cHId)qtmiLmT$tAK|>?^1V@y
z8JE$MrcsXr(+IWAMqH0WSl8q-J1J9_!!=&^naaRi&yG)={okE6I7U-PR|FjRmR<uL
z``>?^dOv1ZQ98`s1mEU+>oI@GRTlF`*V^Q`iwJ)-txP5TE{cSivQyj|%D_s{52EaJ
z*V1{bTi>rPuE;o$seNFMEp-;l?)z7h5)HNiw}yZS7GDv4KJTPRR^mnQgOo}OMZOE7
zz|u(z<}e{5Q?D_nxC1gV8_5wWx8XIXCK^42SQBRww!W;K`v&tQ;Fxk8)>-m2fJXyO
zZf4nOphZW)wNba`WCnFkcKNvG$nLnNwSMR%F>aahHtxU<@EKicO3y=1jC$h&<@nV!
z7P)x|;^H<Iyw96P@i&*}+SA4o$c^Z*oE@ixr*g;-XB9I8&t^@&zC<3Vsa>P&>Ja!=
zAB=Y3OWqXR-xJ-8;Zi)0@%a%?%sW4<Vjd739Mj!dN}JpEXMGubkF%{fY}VkrA;Dse
zRC8#Lq+mzQreH@>o5i9MY~b|rVe;E4r80A)J0A7J{Z!3bH-$nQgKsQL(1R1^ZAKXU
z>*?~3D!KfVuv61b<V1vN_t`sRUN>Wki`WEss1YHfp1(Ef?+mWmx(fb7(*O*rCk8!B
z1UvGf)}{cA<TU0p9s`^;e0f-y1dgeI(&45X7y`?|**hcF=K$ruMzj&w-<sSUk$Y!o
z(||mQ#xXFbF=+@t(|J8C^W9)jwFWJu+&y?DjU(^jN(_aIs+o#=Tkbw^(8zK7@a7M!
z_Vn2r23hD@v+Lkwms5{fJ<$gbzhV_o3rxfPY7^1&Z|BH=lgTbqZLMH2$y6bamX_VE
zSkwB(dO-S}dnzC;&#Nwh^qgwq;IG2y>|WS}P5dXZ=h-ivJxYf19|IKAELCvUn8!^@
zfShss3BbEyuNF!YjrBgUT=V<kczQJMqbeDy4=F;9X<k$<P4XMX-phmQ&h?lwt7?+B
zx-4!IJpvdvm7^E!Cddvuo|mfBYd^)`^NSo9Qb-WV>C}+8XPUf19k#Gw4jEFAbrnBC
zGs6xq@(h|DTP|4MLRUUEU;jZ_ovvKRy*KZ*lNeK#F2LdXQQD6Dv!(?mje*viJu9lP
z#YmU)95b10EmEA59Qv4X8MebCUi>+H$rCv^vv)ENr2un3=0xq6WDA!ul?trH6;2fA
z7uGhKLeU=b@KaW;a`YMBw`1{zE%}B_EoO$!B42Q}4@776Bg+I$x2(@k2n{GpzpM#v
z9C@X*`b10|>ulw;Ea~NB7<Y+L!hvVs=^UP^Izr@G1-2^@9QE0)iRn%JDjZg8FBx!j
z6EnlVOzAm!2TMb<LDssaV)`)Xs1T%U_~@uvB(Fw?^@1w~*?Z911$F52w#epZ8O{E{
zw-Td8c$jdw61DMgP3}Wh=Q$4CpSBR_&&Ibn<&pM|595E>=~{d02UI2z5dyy95n}Mp
z8%IfdrdHg-S~VfqCT<K4_7X~kM^<olJnvk<Iki~2)!vfLA$%3J<;h`FD6b-K8Py9G
zahxG<HQ1OkRLl};!`^1SnNwMC%74JL8E;JAJz!O-!**w;t9AONHM+S`l}?Q^{l{N3
zV&ntcV*N1UCU|*JbhYJ)a!_>FiZUcA8ZyJox5N=4C)4_YR|D&s{Of^z8$o8Bn*E()
zhJ~10yfiuZ$#UKLde>!EGaJu}oXwnn+d1twNYG4KM}jzX=4tr1h@^OrbxXypi3hg7
zY+bst%$EO`Qevh{)^(@e0*?5mYt_-f`#MuCuFh8W=Ven&9mRyF*7WL@op9O24fujJ
zYCkQSmsr&&N?LVUCg$o-_4(_`39O6K4EZH<8ke<_2kN&K&M1FndcNk2Ch&Rg4lZwR
zh))PM*<TB<(cusHPr*Ci=Ac2eJdFP+^~*CzdLemFBKjCy4W)l59;&A}NNUc#mBmnh
zdC!|D6vKRH_n1?9OYywoJahYApCYA}#zf(^?QZ49YNE;k8w@+DZ88zC#mrKFRD5#%
zPLNU&EbBO(A*Tx_Y147xn~jgGTKH?<lKB)9)tE;O5_F#BMOFk0Ipd&FUaKZ~3p%RL
zjEUbYdyUI(>Y>2xThUx~Tpf5BsDx}Tzqfyi$eL@dVcyzd9(g&we!5w?!#uJSs42XL
zX09fvzz*9V;<niTeZA<ci}#cq$v*Qo`*QxMxKnPj6%Lt0bl*Tp$}>p7T*e`*QvXYc
ztP4@2(ANdW^7`GZ%y=xh({SnM%<i33I;|XJO|vdgAH(rH0hyPV-b0Z8NB!j?ckUS4
z&guaQ%I6x;?6z@{Yrzs$&<{-a*5Tm+js4ngGx>EL&XH}`Z09$8{&{L2v*DrMX2XY}
zcW}JldHi>_P_rvN#~2x6dagvV9%BO5J@zN(;DRYWy(9yx-sK*tLR;~k3Isw-v3)=n
zC#y2ySnCgUr*GN*JvTX{dlT^o^jv>;?knwJMqy5cXCBKdFjT9@+{I2viU;X&>1(Og
z9o&nx{-oy!x_CdH%2~HVW%`R_vw*`^G>601Vua3gV1~QGxb(|u-a6cQo#;@^SWJTv
zt>1<HG}}qIGqaedqRLJmGP9V1DQITwe2je2LE4vAnj)iFnprb#Vwo7TxDzM38^STN
zi~&Pt-c50}=E=di{eiVP0>~8qF5qKb*Xdhl{&@NrwyLrZ+T3hR&&|p(VF4_8Svlv}
zZC|)W-nWZ+fO3S<B8L`89HxlDEcjOKuZd@!x>SW94w{JRZ|LH!4AC}dHx&)?HvU2%
zHH`9$1mf(n-<lHXO^8lW?w%;{aOCpr${n)SfKyD;r8DW(h>17oIit8JLe(74Jxfa0
z&#24m7Mf*_%g28#kvway&ue~KvW;y;Ib&xGcS*+{v5t6{yUdA=ETh;g%Bz%Cjdk3Y
z8apSfX#C3%eyKP3?Odvo-PF-${IGiyy6qZiqGomcPXO|JavdgEQ1}{8=2p&_s%zAL
z9TiQbM+X^BVZCy-CW>ZCluB>JW9Ziu-+y!=RPP|WYuRSwMCyZHs%M(+vnFT{cpNB%
zXbOAb#vLr0m0VO=a{{`*HM2r;M|Ew&I*Lh1PmCj*kd>Rf2Ba5n2@y;&YFJT7q+4r{
zZAaC$kaKmWc_s0r6_>ENEv}2l!U!nQ@L0k$4VCw28VJCkBZ>J|tofe~j;q-P*-a!W
zAf+YxMpPCAY;i{%)BlcKa~j!}A`Z_>>$1c(387jV<AVX4ni5!EeUD+Vzidq=V?8PI
zvJ+Ozc2&n&15O7zy)@T06Rc!t`=M!lI4m*i#Z*9YT(9=&!EmT75Ew|QZ~i@-Y>dyB
z<1+Sq-;VIvRFyV0K*u6&OjCY+-)|MIC8$ULGJ|n@u;F5}<zTbmki7apv(M3t*3ngM
zZX{w;b`Vcc%Daut*~jriUnwtlWxz{Kk}iXFd!ZDL#{IfSs%^Kpxho7pM1$%cjZMoP
zm=Um9{84`+A17D-`ht01EMFQ9?V+FtcV63#TN(X{RzYc?AH;6dYrU#RG|1XSqy9)_
z4whpkVb%A@-##C-W{j5C5AlNL)V25EhV=h@adctnC5ZQ@F@3vlj%^I3`SfIdT<LVg
z`!PL1C)Jm}H!C%$AGD9tR650C+Z_#N?rsXfL{IRWn-)5aLBl)iqsqQn&=;Tj^yw){
zzmA`W|BAnVi`w{I3V-&Z$Aq1#UIoqV+QpYXJi-bAffLBf!YnA0DLvL}kC32a3x|){
z%?=?aJYM}x=8a-r<PS^cHKQ0#`9&0M10)i-onkU<%UPOXKhbVd?DM8snlG>TeD8)q
z;&PizO1h66uKG!Z;e1Cy8KFNfmc>SJa(CSaJyC8Bzw&@DI%`*w$O^NzNlGBy9vkgN
ziP`BA+U&=sl9l3-J0Qu8C%n?Y51PkcY0HDB9c3LR*TuFw@EtuhB#5s+xy3DxwDO>r
zz3k`_(`;kIK__ZPH|rCx2`b4qsJKRyo!KOIIrd1>?0Wa0fRJ0;b0eZFU5p-9zh^*s
zqYLJ7Rp8;gMOgRY7nTw>{Ya*G9TDiCM^DvO>bKN}cX}jSCp^0i11Pl%)wPmEgUE|#
zs~^L~k9p)ncpCf<jy?svs-CzDBv=TQc+a*y^Z{YP^w{q9@2!2+NjhK3cql$OoY(Fg
z$aWTw?MM7ULrtA3ULFG^&8zS7p{kR+D5Ps=yMWwf)nSMLbJ%W(Nd`^?qEP?>SPS5+
zZcHkYX9l>j^N58`Apzd;K(V$*CIW}94>2_qb*C?8?lW&^uz2g&Jbe8xK)NdCxgaUM
z&mv!i#6nep%cSYoA;wtwj-$V|``5C`5&@>sE*Jq^Vn2ZX7Si_V;R|p5Q!ME_U9|tC
zM^6EKPG6QQPnVJufQ1l*7%NJVudfj^IATVrdvDA|;K+bj1^(8q0aB{VIeb<eWgVtC
zp;MM*?`)u^SfOGh<1qTjSfNui7;ho}1V{>zPTE#83bRmDhnWIVqnN!n8h|UQTB8jx
z(4_LWF&31(Usnr6bE5a&^d*WamVx2`@fM3r%qkd&Jt7K-<{wE7hlT**yN#JZq_Y&5
ziU(jSJ_A#Mj`4OBU{4$9AwQ{nHnbam9Ht@!Nz5t^7~s*{m^pIZ&S#|ns%uJ71kFpz
zH1uLBfJs!07k2uK9OW&%PQl#%T7Ot7dbYK{$9TDm=8<+|!`v=jy?ZzNa3I9&@<ld@
z##!%xlN#r}o5=Cw5wW?W|0?o@R(1VaWJ6uf1n>VlQ9FkDEBJD3F-VFLWBubKkg{E+
z*<5c>z&PG(8rdbSCD`kqj$woVB`w3vVlHyLiZb_GEoDgX2rf$N)klFy(Jr&d;AKG4
zzQPgB5Gg!}${d>EQ+4bu+Mpt{aVpw~RPMnEJ$no4fe(_B$5@XS#W9a$(g!@v3nH#P
z7DVuXzPOF!9bqvzznGR~X%|*}TvrR>9L2Te2YlaAZPQs6+`l7GCnpMg7PAUKz#+8a
zG@d$Q!gxEw9FmETKSWb)gFIRLFoYnU2BuwzRIbAm<6c*)!^^cO40BlcWx*yfeuBOZ
z5gj*+%wcSkGw%Jb=mz6k)_+Ar6n}(6az=20`!5JtZk!mMtR9FKAs1i;lMQMWYdZX!
zjh8DtowOHA9r7L+@q$!P6e>z;*cE5m-y!n-rc&)+BSNxVts}^kvnUBuMye`Y@n|lx
zYaS*tJ)mXp23#8otifCYw$_y0un)<ql3W@ee;1GzpndP>BYkKk-BMhpU|ka?ziWjt
zXJj=@4FHQ`sxo8XIZS?B&d*;rjriam)!&<Jcc#jv@gX20Wx!Dp{3wT>WRM^1Wk4}1
zK<dy+kTQi#96wOLR;EN+-;(cr5KNJp&ma}*Gidd#YYMb1JDkJVv6$5Lyjm~e*nOfv
z^nArHK<04D|9&YdV8t;ncy}aY%pVsI>!7z2D>7;Ujt=8)#0*+@UcHWwAndW%`WT_U
zBY60?Vub+xq8;DlA`{Q#!WS3#c0UVhxt;PEAG9&aVBsE7+$@t%Hr1P&CV>@Mnfxxd
zGW%Vw;ucj<ljJZEhW7Nw@35FMg7-mC^7niQ20LV}x{4@qV=%1_b}P^0xwm<ZH~7Ew
z-axH94@s^d<ida2&}Rb%Iy9vw0tD37X4(pomLRvP0d7u;Sg|hWPWK|XIC*P~QlvUR
zMH=3$FIeQ6|DG-%tF=2W{$2_i`=T=of}?dqz8>~vY>b>w$fPr5xRY?ljs<%vVr{fM
zO$=SB5fb@kXbEJ}Q4qjZ96p0+=@~|4`Ip<RQph^Hwq!}LXQZjuE}XlYpLN}>i1rkt
z9_0#8g0MtKk4AktqpwwWSuZ8v`5+uC92qUOo-F(*U>&jy|3`JnN-q|E7L=g8-n4>3
zw?9YOcFWDZRN23)yu;jD6$CqwQ1zibj|#gCY&U@lq@O%?1=+5TnI!Z?x=GTNN;ceG
zlB8Tn7M4BjgBiyWp(d)HeG~kr3O!9HTd^^L1$<Z@Zb+zC=+DLd8DxMGWXo*a^jJnq
z+Xb()(~{gE0tg(P(f@`|E)gx6Ln{T5v?Id5!tR*0MKSINt2^cBQNfFWoSCZ|1zT%`
zqi9H-*tlu9Gj&v9xWD}utrRY)F3U5SWt`>-S}G84kBLlSvdvqi$T)<&^zaIg@2Z;O
zvs2$RXsXFHj7(XJ|Ag0~-aDxkRT;5jsc+E@W2u5wBC<4X!HRHG>qd08CMryf!wnPT
zJ*u<{a#46JYH!n7wVG*3hh+wWv}jYl&{JZX<#T_VG3s~nXX{4fmc2l62-sR&Mq*=C
zavtDEXoe$QmKn&?VM=kKr;M}9=iZkfEBQp7<4p$ZO@R2jaX@-~Ex{zGEM6{tJ2tFF
zg;iNS{PO!00iN0h)BMFGb*x?fJnkW_b+<ax5HxE$fZoKAHsu3Dvq?7lhPc?gk6i$6
zi!&_QFm0%yJtA3DC7$q9oE-Y~nWfp6yda7L7?%N5(_U9a@bKJ9-FwF1&7A3b{|>8%
zqF1$XTdy~z<-TvcJNDsUo`;~I>o=TzMI~0u`U$E$D?B5cZ2s)XgE!TGe_gQ4cEKDb
zpoKEW$={gPI2r^~DQR_D#g6zpGH;nXEOZ>(@^pTCm8ClyTuKAI-hWGE3DMc;y3%G_
z)aP6TFt`5{G_zwMobjsZ8eHujh64C6uRLUFQ|?zhJhb{%a_`qDH`}jZX64n<)(UzM
zq4MeemiRZ8GxV^zlAAvCXqw}=m9ll2f4j_&GB04<7!=mDC*i%`z?W4Z@r#>)#;B`3
zJ!7>5d}}x&i90!DonTHU=(vKkx+3bVO4j4I4c_Qe)L@~^(pn3|Oi#jco5sLYew<GY
zCWwc-BZ}LmW()Fsv&dNE`VHZl0-!fO{Njy0_I|(?Yl--gLTpFSytJ8l0CUvX?_U`Q
zfl1HPA}-5^i@<b`;l{z#QWEg@7}^=Ag}bUDGn<KRvk*fT6Yy6{e1WZ?de#`ZGB9ii
ztIsF4w7B<A0vKnAG5v8ojk&wFP=H9YhE`nFhFcniUFW$o?^#v&<g<=<xK6iWj`j(G
zsob%oDEzM-6$_D%Jk;DdF&0KYi+VOR_@Fk?b*2eYP~y*qjpwks+aF!J9-Lp}Uzo{e
z;y;ASxHCb+q$Uhn*ogm2OqtaD$2>jr;N4ZZbWv8n&wFlLM+NHC<hPkM8q%8mHHEw|
zV>%|gTAlwWW&qJ0DE6M)vc}1u9tc%6jnmI*R$-?Imf4;{yt4<M#yMeCe+_wcREO_H
zZ?f`gGC#?bW1i`VT{B{P9~UchQppy=bR^Va8D>7k-{X>W63X8-qjhG2r*ve>_4nGz
z*5buEDP0U8hk}aWx1-vgsCPV~J3`d#CUzM-0>{ZgdHRY;f^r88MKyJ(Sr=Y(@Z2V0
zu4~_7H;qMT?{sP7y+VyKqAESzOKN}oV4a7^q&7anveceVO3;Vu@z_^k{vH*5evP?2
zX-x>cfifx_m@>k^@QdmYHW0~bdk2a-IEMDZ*6n}O@4||(p*Q0sUPWwqv$+$|hl)xf
zQ1OafTmTilotvbT>Qg?HmYheHE@s==znn4No}WzG*X=DH%Gj>a(JghLn{bfAW@8(A
z`-eYae!?NT<_o;-%xk7nM`g+T6<zSILDZ$iTSZfR4*tT|w$rtbD+Oy38V2U0sU($?
z(fvULn}XmdU$G8i@>Pj8gs+!6-L8~bW0NBJMy?G<4>8P-LB2tuk6Z>W{8Vo4+V+u;
z0;2Z*tt_HKPR{&S<dJ6!rjk0}Kn4!a{ia#dGaftsAEx{DVz5bSIQ3np+$v{P(ev-<
zw}RdbgWiy@spa5LIK<bWd%Uun3XJgP7uGz6dKA(M7{ZG)qgr#zsOFOOvQW1nXsu8S
zBxD$22a{8chYQ&hmbo@~8t#LUL{1YA)3o-FPZNnB?e<-73Feo8Nd6oQAJvqHIa~YY
zPN)^{{U<+(MvcCHP!{OozsnpvA2;k#HOMaWST{J`5tyyU68hPO6_ccNIoIP5ADNh4
zZ>F+6%esD0ykv^P%%_gHi=yS5*~6t;^t-RuG)PpRcld(!Gkpg$p%Tyj-M~<OIX~|j
z?PSk|f0V5H5dIIXw4_5#kNuK?OMfxN?R@0kq?1H%^`N1hJT?kuQT@va#+cm*f#37w
zPW9BxUFJ>`wm*{`t9aT?FjYU#0%5B0SGCoNIRrL(dtW&RTf&Yf_}nJRwgem3kYuWN
zJMXxx<kARrb}VTk4}3Yk$@{u#-6AisZm``&0Us^10G*kev!R&d`=kjEG<d-($Gxu6
zOc(bF%ZS;5XaEmW>4y~IJ<IylE#*E#ojOY<jiX$A=$)R)%#CoX#vJx$XA;d!VQaRb
zf{t_3q!H%CK+;4nX^WL|MR@sF>ZD0C`oFY86$16cZawKwG7IkSZy5#!I2!<*r_I7#
zkE64HR?;H1Aqgyj7mqZ26|=KPn+t5Kyfkm1d{&+;fNXpS28fV<L>NFc{v+h{xV5xA
z&a$Fn6d2fjkFP1%eQ#%Dk)o*m7=Qikr}~7i@th~J8R)C>>zqia`0rhouYfYVl2xon
z&9bBwvBrT_-H^);97ckU7d`9S+&@k|3f+$3!K&Knxo$oCDLc1u(UK)szU#E3J^Rn#
zkO<S>>KsHjhq!6Du{Mfj3R%=7spp}PRx$o<qG+peyh$>r9saeV=g8a}Hps$Qla<>Q
z?n-Q33(K7Kf{4ORx=W3D`{2s2LZ^w`%zLh*a!<ODK77xC3YR^~6V}mnt)wK|Kc?#(
zBj-2{Uz49;-AkM$AhFIl;u*3N#zTj$kkG-bwIre9_z+KmVORq(ET5fyCSLA9gHAou
zro}e|!-3E?BuX>+Fk3Bk=@f?Ezzy5O)cE3JB6JS*qSvOxjcF2)eI@TrLH(!Hzu!{-
zuKd=<I=gfYFc`$hcb%Vvub3D+zuo5+w$gxJg_z#+rCQw9UUl<7-G27nQftSbr^QtD
zdEzKuFf02ds79|}0$u*iSJ{zl-(JP<J2n*Fehhuh-gkClr;5vGS~1c7%Htj<9TUIa
z`qV6yrF78W1F!$#_dF#J`H6){F0ZAOOZY}j4R@i=VcFWSv_hY9?;780^W3hgl|J$!
zr8c|%N4g5VgId?5j39Mw7Pu<!Lu})A>itpM8n-Qx`pe<rYjQ`r`oZr+WQ+redtiHQ
ziNmsl!(SC#LE={{+zN%1^S`m{VjVpT?#r2bHDk+-nuTU!%X}4>hEcf5mS*NtebJc<
zeYAG<V<W6(AwBgEVu^V+|JG3Z#H&;J5l`~ioUop{p29;GRjvvKgEl5E=3@%=Jl~b7
zf`p8TNnQ{lo5csMSg8zh*^gtqI5iZza|CCqkPiPY2I-f%%mc!oxj`Mi)_t3?OUs&B
z-LX&7-uE?>VV;X4|CSCMq7%C&Xx+3pTJv^@icCf>?&W=%tc7&uL=Q(w>Oz|4cEHG=
z(vXqwR7WXT0XG6OCH`5B^rNvhhA1@A$F&<iybJ^Hg}16G4zHt8#)yohXF3Ko$oWja
zmqd3^sVzqC7Aw|=-fmY>a9!;#X@yr)-0wzJQ84pK7_({}Y{(bD#Rqbwe3Hg%U*9!i
z9LU8Yq4E50Z5X8450=>}Rv5#F1~<|ZP4pdhC<?n`-x-`bhiJx%YR^Gb<W`H69FJA9
zco?PYCXo2b<6yEY6ycV66mKArC2rcWlK^5*pM}!3eh7I55@=y1$ojtdk8<p18EV>n
z&DdB-+SeZvwa~keQ9iFRYn%(p@aArn%`rb(32pjmrvC>O`eh%rX+Mko@R-O5-`8Z+
zX;w?{qxlqs(uR}CNB!tAKNP06F_G-OlV;m#{@h1m+k@hC-L|oT{D*Yips@k*yYvq`
z!vk>Z>AL8n%>~?+7|kc1cC(L_ydSAogdn=O`kz7&|MJmo{IHoU@Zz_6+3rW5kSTq#
zvAI_+?+V^O7Ox&k64XFk-66Df?$POxXjRfHPs0#Cskq2^kglvAnIPtU_tJKaT<!Gj
zyCX5EqrBwgsnl^4;;n%vo9Y%})wfgkxM^)*oL=;!R&x3zh4DL`HZ-x-bObslKojWc
zX#z{Y@!Y((0U8L^)>?}#{gsf*Ak~wf7K`p-){0b|k)zXXTNOp0NjJC&8x8@nZA3h>
zh&%pj@{?WUQCiAi?sY}W=M;A&s%b*i(v`g8w~@sG!dw3#F3lIYKE^%VVYlVs87V>C
zbKe#&;G43QovF>oH~FPgA+jA6N_*MBwM)Kgyb!tp%8Gh&?E^YZD7=m?%nhRhNUV{E
zzMZB6?W<_Utf)`E|By~H2CsX43Gx2@rA=jiP(pc^rLwRwAI_aOMeoEiTMB$~jK^QV
ziX%0)hNwA6KfZ2VywZI_>#P#RKJkn@u<VmiBCc3Nl5_a+xv3x_;n!Yxt6k=k;2FEU
z57W*g#b+QGs0tPmHNTBc?KYj`!q-Cnk>4J(dHjXh&T9^%#%i>saIUgS3dk8F^`FPq
zod!yG$Q?7wAXbQj``Mdrh98-{Nj>{%^O*?4F3l5`KR({IqI$f%HwtRVjIJkVvV=_N
zIno`z3#f;ye%wgeHLm{*L7Aggc$dHGK^r>>s+0S&!L8g0M)0?eZa=IuoW*vVh2e0U
zEntIiW;oXEN9M|#6Wa1_T1?_4!92EjDLUHLKtfmUMYbIOLX0!Z$ukP=Br;=;pt8ue
z$#>oq%DjlmhJ}Y&jTY~I<%79$%k_KPo;>En+jOWLbzXIfD>R6_K*T*K9Twwc=e=p9
z+8VMNU`GNM?BQSwXx9gYn;)3ayUv<PA^W&|C?j{oxOd2>$|;C%yq@Qv-uSks$*WU%
zAJK2E_;i)|Jl#M!m#z{H$M~?LVA{Sl^cykYA)}_1&gX=S+3cYpb3#PEM}5C7eC$NS
z+uQ67k0`^NnMaW?0h~Sm%I?9|0ROEv8H^gWv^I@N%Q$o~>Sz;nsERi`PFLZqs$2Mr
zofj3cx%K~_2g$Uh2)@e3+pV_IRm}R5q=&ruK*q5(%U@;KGkHkYkb0y#%QV!bd9#rZ
zdw)k~bjG#Mxl>)~w3#%hNGFDnkFLGws84YR2bL3JUUWb03E3ALQZNakVLgSIVnrG?
z+H2QQRe#C>bCIkTMj!19o{I@wgpsYhzbQ2<ZYrax(7~QPK9Fyd+;X|LD#l9PiczZg
zag(Q~N*D1Ci_i}XOLcjcf^%*F>kCf8P_{jWmk&|Nd$AXlNOi{nwDDQRvLW(1U8cx9
zScBo?I8~)<Iy!FU5qgI<ADo24WBUk!DM%w)PFvDO`Y9p>hjLH<z-KDaSMSUlrA(Z~
zYUh8;5uLSIeCMhR-4w4QUU@&ZKx3cLO5IpF#FABm(<(6#6NOc0pRCR1f7n=dX{HM|
zxWTJ|TR9|*rR|pX6I$0YPdm#<{+8$>hnu9Qe8NrB6fI4~zB1+yviuNpFVTV@bJlN=
zPfO^po_?&m_<P5#lh7v$u?!X24+DM9-0w6=ij>+`?$%8zkU%%#yG#P)>D~66Lq&L<
zz1yNKMGO_SndcI&<8al<tF#)6eA~R9VmNxAdhTf|0vhbNszShS%Ivo1RZN~^nZH4$
zEurO2D<LFqCy;(ck*&QPor`l5X}&TvF_&?oc{K{<K^v6vT!aOASC#^=?LWWwQfYR!
zd2%iYZ9*Q3%mYL*D!h@zsuiWXe#70ceCs;;8eH^6D4t6=?u~vrD5GV;NN+|8s#Rw~
zA(#qDJ=^+7<U(x)xP-@1k!jCTySJJgwkR!Gxa=8<n^uOtbt+%kCrL^&V(^Fac%Sje
zhc<Yr97l9O>uLH>^KyQ1K^k#&(EeEVt^oy2#Q}E>o9Gd-3A2R|uh?e;jvu^u_Lg%A
zb=j~Iq+vhFGl7r#kr{|!1e5tZNQ(KV$$a<&FENcVu|+fj%<+u5++mvC<oT9`1^~Ch
zCbRj5w$@G+=SP44!PY;`#c{k~vwDGWwHT%9gtI4%w;hz`F@Y*NH$&R~byxXeUVN6T
zY0u(Fywhqj*rq<W8iy$3Am>O`tMgk9K6W%kS4yC0OsW>>yC@R7Z|*>AjJ+XT%R6Te
zNXO@u-vj4Y?io8)ci|a_6JqH?E-vrsdtMm-q)y~Bs92x8);s343+MhB?@TptzFOD5
zNg)*34-&o`R%^5@Yz&U0r?Qsl8fTt_fy2*yK(eKntvaV?A*hW%m`;x~C>Z&6G_D))
zj+#!+xZEzh+V{kDi!*WXk*-`-4o~vrciWD1jeC*y!IXPZvajz^cQv`7?zE3u<!uPt
zrQdiglPaH4i#ARRzS<&X>2df)!9;6KCfCk-(MDO>+%=S`@S|TRs;mMybjKvmcO)`w
z=aY#uQVkDWQb-J!xqtA@o5u^RgWI<A-+SjP^nG5(dQrE59oF<u=d9N)P47XX1)^O;
z29T9h!@qfU?BNPP2#|5Bc)d}+O2?3d5G2oX{ulRc{@bpzRDtQJa4s6z_KFh=9ck?O
zo~#~_-jg!_bWaw=ydjI@`<8|4#dUO}sW#}xQOO5_ht<skBDKDiV&8Enw6Me5ouV%D
z@{mqLe!2~&kIs6+5&WDD>_?`Q!&PJpF3ZbQmw`v1$(EY?MHWmfboo`td}`!JY<o#&
z0g^PFX>pe*Tlv4{E#d@grzv)?kW{tvo<-gKX|@^T12;5%9%IRNuj(5H`W}!V(%b{<
zh?H2Iw}vBQPF3XAa6ea5j=`|ZRijcdcqSp;T2kks?>M<qyO}YROmME9swh7RL@%Vd
zT=J9Sv?v0XI<*v{uarS^){@(K2xk2*R@|F#CV8cbBe?LAWc(m_hp&-yo0p$zx_*(H
zjwJ>`bdKeuBrPdh_^4MqwEaQcT3gC@NMV@~R%Uy$pDB@-89C`RUmTr>GnLW;M2D#S
zz#Xb?94d0WuUXyDY(-@%Ut7XnA!u?yDO;EKgUs^xkh8>bYk1(*hACMV4k6{SYSEPJ
z%w}#k-J!Cw_OZr>-uIgBix4w7Pr9z5h&i{S2}|W{kI&=7Yy~M#>!z1_y^60$jVj)a
zJ`GoNM_;s#W7#W~DqZ)BsN!0iQkgF|SZPjXX%A<6oR`mXM~L}FQHo`><Qr|kT-wXh
zkr^ApEz4QPAa&2Wjqe@IA;^KneX^0PFrZPcLr)Xhi}hCR&~|p+k35?g@1~{ISgsv{
z(stZ)SQVQF%O21$OoN|Yelr{=p|;N~Ft2}<C#fnPV8c+we|T7h?O;-2H2*+qc!&oW
zWe@=vV+98D8mBT$1DBUHVW)et+T|C#udTv(li8>swfA2L$izyL5WKX~$h=!N<Rv@K
zIXihTd-)Ct?V%&kbE?VoQK~)ydp0!p5%dO_QOr~RM+A7N)Ug0yOJf$Wz$BZtXjh<K
zn>R~Cr+tXb7+6g@jM96z#HywB^)X71-QH#yy1<bA+{?uKuqWOL*r_wX(CUbtC|mT?
zVD~VsSy|}b|9shXfWtdDp~;_3R5wWu{phEn*89#NsblEh=)G<X1K)W8`WC*Kr?q7K
z8I?k{M3s^oxu%tW-i(EPW0n<(W_%igC0mUdE715Zq79mIi1y{?>lesWAjKO(l%;z#
z)Y{t3-)Faw4@gSCR^;_~L(po?c<q^(A50V=v*|~wJo7&3`WK`lJc?0*Lz!HEWZS7E
zY4gl8dw*QT8sm`qp{es+2$<A{1zXnygf()QWb*JaOPUU?Z=TMD8B2PjsNMeXX%U*P
z40!pwK{>fmAvg|bdIMTbbXrVw2(ewn<)-JM-deX8BmFa~J?-HlB%ldX9uN6C7V_hq
z;RXw1;fCtZi<&=e`A;lzDeeFETE=osmIcDCJmHdxF%Ax3Z)>9_$-?^~Z@`(UgG~<$
zCWh7YM1f#FEI+OR<ig&CoP&l?{{d`#2(|F~Hq`gVWgF`8>jRKdv&f^9UyiGC4zzp$
z29pTRU|W<8khR|Bx|fu`h8i>K+DgAh;Nebm6uxrkKUys(_rm}AP;|Kys4rqKSaQOl
zM#8=8B|g0XZ%|rl<NkU0Z)d6ru6vph^gh7f?W!=(rw>Dv{!vP-s{H9<K(My82~Sz~
zeGitUDwY<?KeLT73y4i`E|PXC>Dpz;%q@35I)&kt<(vY8Db%`VA{Prs%0wOafts0R
z6fWi{X1nX?FhKX&ALp0}e*6WG*|Qjda!PPboEa;i=pjJVbA?B~$^>EYjXmD|JtWnZ
zR3Tkfye$&TS7em9LzTT><~%<7ZG7=+rR|Qq6BAZc=pWYD$!b;A%KgJ!p=22j*6Pit
zEA#8<-5gmNwM<Mg43aW6Oq2a>lWq9YMeJ|}tK$AyT@O!T59KwmWWY&&j_(MYg+RGk
zu`Oi(aqTeLS62TZHP_*s2_7zHs5&)UUOJSn^lM&D*dWNX&MZi<>Szj*Pj=4^$<O(w
z)#S}g{=NU3=KpL+4Y@r=yi=L9L$m>0`sO^J4>;^Xon^Rz9SO*`jjXS~rGmkXIuQXN
z$n_nbR4`;R8i+|KXLO<${xUqX56E1p2IK4%%XO`*pv#Iwzw-aI*}<EXdpWDQXNs`A
zhp{_-aFW?^2@oG%n%IKyOc4mu3oImm04FOfb@_OqM&I~6@F%Jk`F4Z}E-^T7zbEL{
zy8b;t-SPrL15y&D^}l(WXNH86SK6xTwa%q_YVoU-gGk*vcFGuzcQ3W1KeKfFEGiz(
z{g-r;?ZEAEE(aJ*LSb!4DBbAC4<<MTAzUW%n_fd7Wl!-QJ#W>OenS@_+?S%v3q=9<
zyEJg*k5ux;!rvuD0cx4*)UVMlIcSg0!mUs*UBA8e9q-ETa019Gptttx8h#wg&z5Sx
z=%((ev>L6YvXYF|T52)T)snGd7TCt^^n|zcXSP%UH(`0}ts1k~e|uu2{>;;EN7mof
zdQzfpJ`?pT7%vho>jQtruA7F>dD?ckBAv?wfSJ4g6u_8|oC0`nIv`%TA@KI&LH3TJ
ztq%aA9|!=DbQZDD_*Z>Vgt>ElVDl`X-h1zYk|rsNmJ1@v4Msn+`oHM(B>?PQFCXOZ
zMJf{aU<}y5U;BV-n*)~fF90au_;C-@%KgCyC=$eYn<x?_Wx8sQ0HYxU01xs7rC5l8
zcb9Acn6TMI`pzc33NeP4>l<KG2dwe+uZViKmFxM`|KRgkc|aP0bO3W+4}cWX0Lwf+
z6#!(omj?D(AVB^lP#^*1JD~zh^@IRwAs8X%zjP`gK+{w~Ib(^gL;zUcCWbIa0$BUQ
z5nyhC>&w5;_RLu~T@(VWS&Jbw0b9R}fcUd=7o<=mR-}*#NJQcXj8GVWv!h^;aVQ4)
z%L3h~1LNWYx&dt3nW;!9Oc_?GIf_N!B!QZxz(p{C|BoAT3Ke$#=a`>T<Hh_yHkp6W
z1R%jkK{Q~QPY{&xl;|1&xS0fMe*(BkK!BMfK}LbguzJ94lSH8gW=I}`)bQCwD)?|}
z-x8Spe>^7x2nFDb-UAy@@MsRO>;qsIJ_2X{rC9lgT>w^ap-<FysyHed05232imqxG
zYG+dYAF94NypJYoG`4LuR%6>X8r!yQvoRXm`Xx<c+iqhtW|M|@`+nc^+<X6+-I>{$
zGc)I$IXlnp0fXeA+W*Xr=ig}QK-d(ZwdO3q1M2KW{blO70NyBp1>pfI4*zsE02PNL
z<?vdpe1hk2Kv4q)J!gq#ynOEZo<@97vmz%3?fM_Qe=$ga)&yi?ee=L#07VKA-oK@*
zQ~Gh(f21o$FHxdHFoy&1fUq_XKns4rgTCVmU?~ug5s!*2{SW^@=oWtf)Ty$1(9-pN
zg?OP##mv8z7e<*UDRF-A2G}9n6*R%8RQrvfL2v=1{Zmj00B8UMOqmgwG7xB`{8+45
zr=t4!<iUE41Ta*<0Nm^Y)LI6pg$cAQ2U?N?ErDuBU^4%h;(0b)s7NXQ9jOWx85WoZ
z^8ZfbUql^5fWLr<I?F*Om=u~XxE%VN_dp9Ep3IIMFi}oGr6X{K`qc`zU-;vPr(>qh
zzUMetM*Jp~o-4?JZRA3YfLaW>;hzCU2=L>GhQ9A^BqB}l%6Zp39<gGCN57d91y^YV
z<owGNE}&1~=7`uZKmO)a0RW$-L1cXK9T|IPHkXm~UtGZ;AXP{qVegCr|D$;Rl5Ff<
zIa64~W7+`GgnFHt{rjFD7Zle~wADvIIgtQOeqNQGVQ~I4^SDC8-htk4pMZF;9=`=Y
zjzPHQErzh?4y?52cT*%508^_-@T2qF*fpHMdt3nU@{3JJ$awmt5|b}a1%E%>mTEvN
z3X|R}PX!YQmvrz_Icih+OZk}B`iluLsyy(&Ob-ZosHhRF48&nR&nkjw%{Rl}C))e~
z`}y@R_-~>~yyLYpRJAjX*Sde#JOB&FKrEOUo{i?<M__Tzsg+>M5+^)V`PI4K_NYs@
znay53|B0O(;8}X56!EVg@i&+G?`RK7$lLb7kS4_t{@kkIm%y^Nfgzi3Xe_~V3tDp{
zmm+9vT7~F{lkoSwyQRWci4sTST?Cjhc8dpZvRD&Gukgi48v|3JG6r$8S$oDzD2O~k
zc<dv?Jo4c!D7a=LAiQ2nfDVd#Ki$2F*+<U2x1NCFII4Q#k~1q{vx0zL&+{6Gzi*WH
ztiC{o@?kpigsUCnyu52Ph4-<Cid=;1{Y-aSMbPv2-?f0Mx&>v_e1wPkGx{!7lo^{D
zQCgBJRT68EnU0#BcU&cy7k~!KiF)uV^%1=+=vU}8z-JT&wy|9$Pbo9zuEkN30GR~6
zoqoi6?O;U~tB|BCwk7zBkS!(!r)0P~inhrJ2*D{J-7xc-#1e>dqY<1d(f0eA)iOTG
z<;cukE+w)B;P(R7aG@Q(8wf4M&2E|eobu1yOmAuU`-S#^#!n)!3#lj=d5N;|_s9J0
zbGphR#fK1iu=gZwbKt-;0Y?8>E(gXR@5Z*ddmU#PZ*)(OZs_qO$v*NKkOcSOxY1ty
zyY$m|+P|xk7GdY+K0tujj)4P*1?19?pJ>m)0JJ9_Rq#Y~>>d9~m{J^I?=b;;kGm41
zFJSMdm$yIr$o}RHM*wxyD7TqF4-k*$?E1+ve)RFC;&%#X9@#JWC`=x+ygtnl%-lLx
zo)GpCc>e^r2Hw0r{Cy}AssYvic|1!1(Df42+%7=uIRcoRfJ}H8O0V<CQ-o7c=txYY
zW?`xH%JmYBcv7u;@3kz(!&HU7mIpykb|u&>#<EUS60e#6RA$U|^WbP6tI$y(#ktp0
z7W>HPYoIOi4${pG&(;k7zNgRw9YHfe!JEbjt(tdu%yr(Na6aq%Z%GP$cThe%N{1Ux
zqb(QZs>kU)V?eOZ@4^|p4|mxAdBGv0?FJ8~<h$@Rw=he4j_@?w2`OTVMt$NpBU-1T
zfFc5{xj5y+gAoCGtpGS;2XKUg?#SzZg1;~B^yZdRYwJx1)cq64fX-QUK%@XAik068
z&*nd6uwDCEJgXO4^hCbA3;cb1qyH7JdJ>?+>j|rP?H=32@R-PBfF}7g19vEo0VANR
z|N8aJ;ynhC0+HANm;|2&SfdJs&0b&ABzS&b-&w^M2BpB^5(mD=-`qI?0Yv^8p5@HW
zW&MrUM;pt64uPS75&&L9)e&&u4ZzE_>)&>hN5XFzVgW>Q+JA!9d7=p?h1CunQ3AB{
zC2lOME!u-Z->X*Ad`eeh+Gx&isgVje4ltm%^WiYDS<V*&v6}n<o_heq@4u4=D+Q4o
zW0?6A+ZYgl&GFy5eKVwXTU>uovcIR@md@fU`x5Sq?H{ql?J|5qG4jp5DKqLaNilTw
z?%Rxq^><vN$afq1-ImSs12M=xg~H__$w963*<m3tDyen)Nk;Euio(HTN_b=Hwd8pp
z$EMB9b<UC+c9ZLO`(V8zyXV9EA`Tr!JJY76{rai$8nQE9j>E{@d53HY2!}$_c9L4s
zltv;}<Dudl#-G0XG)N?NDNB)WWaSN2CdD?tO&DCSLYR!RN?ET|Mk8p0TGDo$+Q1bL
z+hL?qCCD*_!Xy{S*5b9u8vGH<ZNfb&Y?3)9wgr3?I#ebGFO^Ae#FLC~l<Gu<TC*b*
zKkK~M{T`~a5*Lh<%@5<=S$jhNSgnVBzh@zyhSm=VWBz5_-_wsh&IoGH8{M~_^s#Eo
z>>lQsadS52CR}x|m--(5A|#R5va#LuNO{<A#wRR`3ug-w)gfj~ZJZi61E2KSoWj?h
z*$?qM>_*3t(wNz_3K2=^5b*tF$N17@2>M_?OP9rgF)VUaFz7$7A*B-AiB#=ku;w5d
zHK5)HUlH{Y$l@E*u%9lTnjVZr)g2W0D@vWT&g8Z~xZ=OoMVdZ54KpPm)vhomxOOOT
zIe?OdoBjQH$0Tc?XY4?<N|YM)5{b=+%qltN%al548=FtM`Sr>d5p$8~ol!~tmRKL6
z$*qcPH&!x<;#G<~)BdDG0g|s@X5`t2@v*Wj-s{NR(tb~qrAZTJ#2ws(!jg)iHs>g>
zB~9ls1JkJB_dcFVLo>fMZVT%u_gJjbVZa18Bra_K4zA85YFQxZ4V|rmwCQ=ok_!c$
z{lbVuHzqK91PSYum^}#_U_e8Cu8>uc0g;`myUU3sgT~K(Ri1>TFAM?gY4**FsOpZo
zhYZ$wyf%SB{~AhAbs|53A(^#@%FCbHOF;8LjYcfXUVm3?KwXlVLO?S-xH52pZ{|<c
zHJhf&mJPLR=;liq*}5})Y61frMfWQTajN-#thlW`sB~lmJ1Tq)w1;;{XqkSTFx$yP
zCa^b5PK`K`bb<y=sQuK4dcZ;W5MsXIJ@TXx#}?lHN?{xE*qC>QcTZR^+Ph2e-^~Q(
ztvtVz&Qx%6nO~wmQXb151l-V}S+FNRQ!)$>M#>A=!`(Q~QAYW%q22E8tbALYu<!JP
zPvImN=k4oGLF?V-Pn3u`NrgjJKHQTSp<XYSm58ixMZ^1^P6aK+9MgBL!5jkues3Zo
zDg&BavA2utqPtZ@xR{5LEad+(=!d8!yP6ZJ5EPjbBHr{~9eXD8(NSA9=%@t~F1sp$
z@_-*8VRB3)pwzTerO#Hh19XB1N+Bv*iSR=q6|VYt-t?IYSfH8tS{|OrxtdCr52`o4
z`LLUFzq;&iBX!T)bF7g5k5<_sPWMRVU-&%fg_W+ry%)p3d}WEZqN)8`I&y}Y_?+tj
zws2keMO)KW-^w&tZi}8a^ZS_Rz}LGcu9h7}-FDU5yw!%$!z}ndT9ar~FRkqOQC;uq
z@C&u$T6{<`tUuFFOb^X-;L2Z{?aebb<C-`=;77mj>gj|+x~<=u@FqF2!K2JCm(&c$
zH!ncwWg{lu8Qa+%3iO;DR$=%{cvx~|6#F`)_OcQid3#RTvLLe5s&Gp+Twg?3h>^5l
zM$_SNVGy-|6&{S%L6Gyecv5f6XdE5Yq=B38>lrg*-nI<|qp8(AE=sITYP~~<QI0T*
zMP)kNBm8MQxR`QiH^(;TYCNnWbIW9+hRRN`-z6K%GcI^0TipFafDNNCY>@To1RPTf
z6-+7Dc%h&gHJm@9!uQf56AlS=<r73Mm1xwphH~oVPE`SAe!se)_<2j__>(rOzSwz*
zUv*TFtMbD&>SYzld#B*?pm2MI?^A_m9!q#p0ozC6Gu<{CYe~Z558-ycxRKL<le@5o
zeQJ||7Ith#7=dquOEGnisv&(Z)YV;-FJAEP8{??D5Qh7LCDw?}YxM!qW5KdcI8TXx
zb`%KO6Tathf8L{)*Z=BUO*Tj+U-5;kRDRdD8cf_Lj;CV{=Dg3R{N^x8MpMv4!z1LX
z6@>#|eY=1jtl*>a!D1$EdX=i`5HY|Wn4w%6qZ}I=mOZ}*i=+umXa#~RyN8J?6ki6|
zS5|xke>V>@zHkdwFd}lZLHjB$7yk&3O=w~nS-?KsKKmlX6Mm+-Z1kYKLN3dQQ4I&;
zHy2&pRW!;uW5Ua{eJNQ7FD?tKD*Mvg(8?ji4w<S+iqk~Sa9>I1A9%XQ8ev)N=-|fG
zEff7<O|4=^JnOLZh_yPOiB$d&#KtXV6`XAteMg4cPHc*OQLXlk4Jv*#E~6GzRp_4e
zjwyKmm?;t3F7k;~QNRpWU8)27De>1%qG|%5g$Q5ABcd}G%bp&ASBX6lI^L?N<LcxL
zKF6(7Ca=)%Tdgr@`Zd(7g~PGq_F&`}#7^uuy{O)mDh?KRtEcmO=7^$HSmw7WJ=&W5
zVfe4SA+XW*p%JH0al8aqQz_0SCY&J+;`{Tnb8mG7N<on@U6GR#5nvgL#i8)U@1aNN
z1Or&`N;!*9j46K^-zghWI18wod69AH5F@7|$LagN@xIv~Yz?!2T>Vf&!dOFKx~kv?
ztBr3`N&X`a-X7XaecJaj5_l3)H)lWnJ$JbKyYvP$v<>dP%=d3(4#6ajkZThGx1Y>|
z5hQ;NdbIo5{`&OQQ<Q$6q(0stEuxuaSPQyD-LLfM;<uIRdkFrBMuYrp*H>Fn`elgp
zQw$5)GF@6$2mCc3<tPs`UR3Ysd#ZFpWE-lgdjz%L56;>We-RroS?sTdAW~fFtoRu>
z5{gfEQ4p0MMDj0ER>JuB8E7msWd}t)kkxUt4IH<nQH9$nu8CTljqEZqsp?=oJOQKc
znIl@nQ~P`%<4GG=!|vy~rbMrF+5)kv9&&87ueo5Lq5*gnEL&3GgOvLXVPRmwTGigZ
zUYJ&Gv7pA?$6hM)P0y2wZHGhF!#cq&9U7TcTxSkVKD})K0x7IBOba<-R?1MdV5pPz
zKJap&%kZ<MmMArD7Lde5%kNDM8b~t@YtJ4AY|zc+xK|#YT`oJ|*vd%He19~}k70ZK
z2-NQ?u3t@(*Ioji{f_N26lOM1T|FBuV>tDF1G!5YG<ZoE8#D;3tsQ4Q>2g!ok2QFh
z?Zv+S-|XNq&+aX+l75QO*~k!f)S}D(KIQ37#MC}m?PA?^B~k(rMPV|J?uJjg@ch3;
zXQFaqBP%6-S*?*V9hBEtmu~_C$luuTgSbV9@cnjn8lC@i9}2vKfYb`4Mj+MJk8!+L
zei73lp&{9MaOrNT`Ne~=%|@;N(y?|sDf`3oTDW_h-E(<Kx>Dbf71~Z*;S44uS^;+B
za6}jt$I<g+$hU-`qOi39CT4$R!5%jJ#%6V*BRFI7aO8`#I*a;b{pah?p%$LXP_`7Q
zehy>J2ON$Z(i!fz$qvdMf9$?Epuqoz5^#!ufl$tl?w#?#sRHylCCs@AI;3fcsLe(Q
zPQpV(2u=Blj%-Yt)Vo}V(Wjk;{A9{7BJ1DPrIwBS@(f9@b?%sapE}^Eu^4@SsS5@p
zYMnq{V-Sx($lM?a9z7W{6qw`>Z)MVOQBba8|C#$#;+{JaQU!ajZ?XFbsMp3PHJyUn
zKRfI9Nhr&Q&M7EAfSG1<W{pJm#gg<r^~Dw}QgEzcf0>8$Ue5V6VH{V09CeiiYn;yD
z@f2er5t;2$5C;#Dki|1GmO#?C$SPWN_;;XHKQ0xWM6mv_suu3%1m9F$jDILhLKanG
zJpEIi*?PF!J=n$_JIT~;RY40%M``>e%OZ&0u7K*3knfaQE9Y#gDw$;gc84j!lYm64
zjPegN&IIW+-|C9U3$E7ufHSRvc)H)<t;b?)Go@Aotb(acG=dK?rpmrxdbRio@zTFt
zc$dB7W7{aLXOqn5<dQf%50;_YO4SlcmFx8vey@hO(ow22LyJJo!{iw53t^h+ofGa(
zlqD;4Vx`h$im@H4CI5dVnR0!E@pO6eY*)G=x=eIe1Bk>0c$VNaY6eJbtOh*<moAGb
z+JwC<748W0({i*5N8N-jx^@I)4Vm%~gmDfP@@yD-%0&@qkxW~kjmnIvMYbjHGdZ>Z
zb(wM}1nE_7=*%8`O!PSDzVE95gl7PPQ*{CbomNm}%{Q?;gf2PraSfGz<x;&^S@%ic
z)2zJ3p@EXY!iU7h!4`|82jv2F8IMD=RjVv~<A!xw91{h>izyqlx?H)j+&GqkEPa;R
z|1HsFhtdtxWxXUEfxLUSblKdfvRCLjTNCAdYOT9%k3PRw&(V~byM0w-J5-h9(x&U=
zkYsC9iB(4w<}k+%8sm^`Y~aeSr|oo?WFuCQD~FVm^$^MHD{ST#n?+<&k*kK*rw~@^
zSqvd8qZ|;hHe_=#l%t-JmmT`si`39pp|<-`Oam<-9C&+8pv;s?A8A>FcRP+HPQqfC
zar}24H6)_urur+a|3*0L5qL#iw4^b@=P}5mx@!qzi*O$j=P3kbC`UG>Z2{vrs;Q98
z1eRGy&pFi`;=Squik)+Hww07U+*?<1-$hWo&Df;isbb<j#ohQG=^gP@lm$bGAO+-B
zMb&5zsG@vK(7^M6(m*KfxCNbGE>(>3HZ759uCGl>^8ozpq;Z7LC0jvtMDL)}69Fm%
zE_%xC!aT}C179=U%b_zvd+tD)pG*I-`AdRpS)$-t-w$d^w(YaE4CHPl^I$^vyuC<}
zN;&PI(5?T<;X*^fgcb1%=tz=LreL-ULR?N?T;1IP>2u7t$!<GsyzA%~it(hzGlS44
zD9`xVirdwp-^f@VvPD!rJ%v+%CQnhS&t+QczRbx)y1=9C1`Nb-#=#-Jha~=e;jvcu
zkGRMI(c4>;GzxCUb21s-&2hKEVn)UFtpy7^Z~EDQ?2s|j`FM+>n%%!yVA9Iio0uTc
zNvDKqIRh?WEPt(2Ha&r_$A)t|vO0OiKt*p4v60v&;q8_s{0O#NSVk20UFgPc<fg=k
zA|bzPc*ff87TVKa>&2tWz`2swTY_8;#lcowwiMYkdCP@^J%t=w2EOL!w=J!4aAuwM
ziPT0-*Wj0oy5`UJ*e%4oftwP{**+=qmWBtZ*|?oNccJb22VgJ6n+)YbVw)*uNU*UJ
zQ#TjbAw=_QfNOP6KDjP~^M2ZlaFbNX_-%clqtQX?I&Nn*-eAa{klPz;<RDH8xZ@(-
z%%-WC6f3cr;oL~PescnTr}+pl5^G8vJGDNw=sprLcbN%h{>LU|yB*eFMYn>9?7K*_
zgmC@56cN^{PEeLcGnK1LJJfLL(FW!^MklBa&s^bPFFwX?#qufZ0>5>hh33%|t0KZ8
zl|O$BX<U|_64xqnjw{ZzrBPu@=xu)O4RaXZ#PDEm3ULEGJ8n~bUdh~rkap|~t2Ctj
zP<X5EC^V=RZNm$AbT2Xz%PU6q3t^n9MQo@D!ear!N3kx_{4(j%yj{$TO|OW5Mr%y3
zUCeL|;b-v8#t%Qbl#NT6^A?Ry*JMBE5qKo3U1U!BDRxZHBO@I9ydUQB6$IU_%no|&
z#KB{(E_rSg`4PIn_a)7}G~>@1(6a>&zteV@dO?m%_BhhLbZIKQ3c`0?Qijf;^wG$!
z<|{0C(4@Kl46e6+@#(r|VcsZ^_~ONezCuhhU>)c4C`W<5GA%jrQ7Ez2pK3(!p*(~x
z>1CM~Q(~XTqnm`Sy3T{nX+<0f_PT}l(~oncObcg@Qx4WtnQ9DTq);w7f&bgU^7y`=
z6IcD?!f$Auz9+|Q#TBNO@h%H4osOxA8INz8^Z8O!$gu_|e5<vWPy!}h>bO_b_0Xv=
zU#ly5PHwTW?>}J00Uv9BM{Ul-bWs`)N{RO5-&zZAMNEyC5pE4FLbd@@i`w_uj3Ckd
zjSq!DZ)82DW~~e_F-`kCA)E=@3JkEQT8zjqzu+~SO5{aW;J$+Kn8I_(G_9B*e9T{;
zHd1+VkbFbr1*eI|be`DLU+|9L0bh-A%O|!b>XuA6Q@HvJQ2;npr<?c{HKln~EKatK
zjna)uZ@e1nTaDTHlfur5JJ@#uHm`Xs*eV*yIdcQtdjf$4*6|ydTc1324IGcL3j`_#
z%?_3e#Ef2EAL0-^$TkJM;&-fSAAQ=g78MEt6WCGR3Dyod1>`@^?YNaQ(CDjbP(*=A
z*fXU!v_Fjzcy35e%g)6#0KNZ`t2UILW$#o+YG{29ona<quNZ{JKkx)^1S^6jRn0U5
zu%3R^a3_FS39)+>ow2YBL_IKQ?hyPJc|r`^_1y*0Mc^1>E-A7ZpJLTJPrih8q@Hdf
zB-w{P*$hrnrl;`_57)Ja6<<d)arLs!xKz^4m(Fh0$rHz1k0A<6CRxBg2SocPpR>3t
zW4~mP^3cZT%j=Mg5&(WA`Vb}B`|7(Hg9MSi7-xt*!Tfy8txxoh-5`x}N<ACTn8T`I
zzOOH+zr%cQY-R)(^4H$|@yAE(^~p*3;l4$W$$%!*uNu~Q0ll=WHik#Idr@7o&oZty
z`zOV3x?W*bKud1Lr84V`R`jy%G2LjN#~``T!ia<=#<La+jGJ+^A4c!n=O8BJfJrK_
zS1t<3ZmHdYRa1yT%NRGUbC4auvHVp5Jw!pv*i6jMekhU<GsH#|`px3(q?rDo>ZBg)
zgurUS?J*{!4{S!th|dN_n$_fv1@8`zLdfT^OnziNXjCYY@9?wgLOVH<Ft5ZEFDU#r
z%j%M~g;#oZr?1bD%GisEW)z)HTk7v+%GB#i`?=q@O~v<OUC3Q>Gm@a5{DPDo|Hd+L
zM}U~P|J-oAa%chctao5qrM-V5_+C|6+X%RYs77xhEywF1l@er7%8o&Ftr5s_8vZ!0
zinczA_2WjClP>$Q%BJzm`7wxfQJc;CL;Z&Vv~*R0#bR?|iOo8zVrbzrr59;#>Kl>b
zcwa){5hZtXMvUH@X%?aIg{-5w=10nIy~)<o?{m`e;}xB{A%j`aje6mM)C!slH>=|-
z2Tf;6o5I%dU$?WuKS1AVQtmCGAjk6!UwxsD8C$B$$=A*YWuNf`c=xNur>acF9OX*G
zSB^f*37pmTnGM1b*4|avg-^fPVUvoi+NZgpjM#Hw_1Z3)4UTbeEt}JBD`dHf+7KjG
z$`3Zoxqqf>b`?mV^yVsAn7d75o}y|j_vKDP-=B4^&G|{Ji`xfUwMEa~F)|Bnw}6t{
zm^zc&XgZTUo_~a%aqtUos;{FUf0nm3Kip<G6<LWsATYsHkBd`QVPZC?V<()t!LO7|
zsO_gY2`BYDOs+r(#+8x;AM4_yCy1#9ALr~-!uvccyhgdGt`q1HY$jjwb8uaMF)+=3
z!sd}CpOdOHne!7cAam!!`N`^wMuUfM$BcboA<+uo+3Smh!&nztXR>Ch{un_rkka+T
z7!Nl0Hs<Y+d5oy;&A)i8y#}Xa@!1_i7IT?j$TFMfKY!a1(^`bJ2zobOb1-)4*G$gT
zXMb)@PjJyqGl8uNC&3|!JcU=)Xmb{Nvf>or-bK3~voA7eOCzXPm}7(5B*3;sW_z@-
zOV)fKzu`;Pyd&?2ew6+rj>U3U<b2*E`J)`wt;#p`a(C$(S(z`#PYERF-?xxf>~8)b
zNLK)+1DT4blLn;4RJ$A>dq(C<P!k9QIl3pdl5wzMDn#O^a#C9@+aFQ8@$aGzv^=K5
zZDy8XHvgL{@0*PPqO4cO39q$lCNoEtttUTfZw7&CCZ6GSG)XhAE(dpO&KQ}^mw}Zo
z%h&rJk+gtz&InS4$?Y_7qHE#DIs5aha8|q4PEH`pKQyXo>>Xd#Rnh(fZvhNLO_jN&
zmkqu36`I^m8K-shH3&x=_U=jt=)XfpN1BB=x3|~SRWMN(r(!_rd_{+z;pZr);gu+P
zu2n^i1cq*Nwi;KdOM2a(#CK37aL*BU@~tyz0zPX-_nFpd0)u~Y%T#QIB;TZwZooXC
zPuKN!oOYe@&$RvvyDD<C)O&n~LpZUzV-n59QErhL>=U%)N-3nDqLeT>0)Yi=sQSg&
z-!&SdhM;WT1N$^3zg1mfx{dw@tDE#*n)ZqUm!W{?!Njz4wE4gHwIv~NJ5Tw_{DE8O
z{93bF3{SH{pDO0;bE7#OH`bZn+KVk8Z#Q9L_mPBn?)ij18E)ELFcB=c-Jt6Zk(jLB
z>S|xlWQ`l4I45Sn9v?^`HO6Y4f+<TXuL^wK$9?ssAGH!IxW#P^>5;t=ZCtif@J}|X
z*|nLlUAl&_XtVXsZf+((QCayGX_n3z@=bO^7mY^krIGJ*at!>*qHo@3WYtcROdy~R
zZ>R2&xT?9V>0Jcbs1mZBb|ls5p>857%?DIO?QBzStl-zQ0$-y@lfP_I6PY(EJ@Emz
z7I|r(&2s$ldk^kht{Vo?C2u~Qpap$gSfx~hcIAuhXSt6()w}jniYGuXy&o{9d4}IB
zt1KAgY_fUVl#|s7b!xE6S|{?>L`!E#Bkq)v%?Necf+Xf~rc#K9bep;{54NPV_`lB0
z<gJU=Vo&mmqBxo-sK9@kDkAQN&F~7%+Zxj?!_dlB=l4cUiURtV0R58|{frYYb_5%N
z?&tq?fA@AD`jU?w2E8Rxq>IdL?#-AqiGb7dYgk!=3F1;GM8<DEM1~V9TEn#d7nzL6
zK6We^#8%UoXI5{Ay-yP&hM*?Yl%5M$-;dHC;4}r_T5dV?TX{k<V=$egO#Q$vzW)lD
zRS!oou8~}s=x!{yZ9u@aQ|<Z^x0x6gn3{jO80lO%N_)nN1McqZ40kt~0h<uXpoPrv
zLF#u!sIlqt6Y-DGai1XWZg@8uyzJTlMssq6#U*xgvIMn1h||Q>wiy+7oEs;`ao{L#
znzurVr~HUKF18XQCVHBogyvO&f;v-zlA6nBH$iqPy^2lKguY`!1AkN@qPcNeBMU*Z
zXhI>}>@~i&s^#}`&7<xQ?&;1)zGgvC?aO9>)`!s#--px7<sqtwPyWFUIWI9>rqmwc
z^3x@Wv??u?pY($VWuTo6<%0^=go$?<l5h!hp4+Y+)TPbA+pRO@x>pBq6^T+Hd5Tk*
zWV>$(3JjC4yAbHXwt$!HJNXFI7yd8^v4NTm6W2Z=`Z%yC4VA|Qg(o~;*@myqS3!#f
zte>b2r9n%rXVDOxzcbv?;d8HLa7C2){~n@m)&UbrBUs-k4FCL?fyD>^$k_~Iv*^$n
z$zXq*UiAq9OuAKC9qhBILU0Wp=C{i&+hl>zQ#ev%IsSAQo&-4-&LzHLFlXI3UPZ>%
z#B1<+8*}L(f}S;fH90E#xq^V->E8FVDymcs&HtJy#ld?cnn7$0X89fH;J+dL{D#9N
zGu4~uT(!Q64sCns5suiX%m1LISX)sxjMkLHS1eLjMg`A~8?Z1_IA|u0k!WrHY3S)U
zTqc1avFf*x84RQ8n?Wz<g_-4nEo)&O@27e&XSFz9S;iCqCiDUT6Ns(&9cSP10#5Lr
zh;`7MyN~(8*$B6ZDMKp<BXMv49c(|K<L^?>7hM|st<LPN)^)*<FOA<PjlkAQiNWnD
zEJdWBUVjCKFf%{+y+rA*?PkA1{45FWx+0fGQYHe-AU!V_DRzt`_YWFUNAcuqsdnRJ
z9w=IDarO$Vx?!2}A6fRTz>PCKUz-><g1~Y_5y3`Vv&^iz41I_VD8OsyQDj#nUWCQ0
zpdvt{Wn8U|$euwhVAuRv{a#tSZGEUFUFFgg4QSjjBdawC`%|CPaCZ30QJuBrgH|V+
zMDxQRcSDqdh19@_mJ&lzFzy;Zy;k)$^RnuKfyz=Gba*X8^%`es&s-nbUw>!(J>D_H
zGGJC5;!$54kZ-fPAK*a$;QH{0=`9-54+gx_fE%ZIzP64}u!}c@^OjCD9S<U4!i*~C
zV;E^!>HM6W!qqT|$J-^|g%p^>;3t#vlEz9j>y}wA>71Ss4M%h)2#|743owx%2pWj~
z80wb6I`5VN^@Nj-eoJES)r7v(9%#E&JzPoSUo6uU{?2xxtDlXMK5gBA!9cJcIpkyv
z<CL7aNTj-hTG0uktaCqXFO3B=dlIUCC*8j-;kK)B+w)%EJ|r#UIiy7I<rbuSiT`GU
zY&Ny~dEQDNq0y;1Qq+#sP(*!0P}jF(#aIr-()Z|U;4l%Sf9XDX!2&`hrg<DiZa)<v
zq`~z-{$tnT#O#%vzj;Yw71e6+PNY8BhJ3_7*v4CGFhiPGnJbZt+Gi$U56cn}nTyp~
zc^Dl6(|O=HpvlwMgn#i6@RTLN7u>@BB=t$J6Y2Vl5AxM^224{oR6w-G8^-F*Dyx_k
zjDCn7rVi6fHW4ql$`9YD;OH0qZDhw{d0`muowmy!<jEVSpY6>et*y{BsZ6dGYN=q%
zKFJQYKYwYaa0%C2o(n8_AR+l4E(rpxoz*qlF%qxwSv0t>3wxt>zaHj9<SFiW9F{EW
z`yS^zb;Rsj;L9sU)@*|r^0hR+f8g}Q@#nu!uPEuWMyl7HQFeuXEm}&#n{)j%eKXK?
zd->;lsk7UHDvlg_#Q`Q6E2HNdGhl)UJJI0p^og@SR9{|m5@wCCRSZeyy;^(akE%*}
zKH7IX!3u?uckZmL{JUtbfTpMMvu~p8!m*;PAaU!Dqb>Uwi?`WI)vi|}i&L`XW)HM4
z(?7dE3rqjy0sK)AL9N^l|G9Nb&kYlqm=z^EJRwW=H50Bv-(4X~zO_T+86_S25}4Th
zOEv}W4mu?LEmUM8m?qt*xLPfe%~(WQhXt-w0S`*801<+26*@#;dQ7FBpYGG&@2gWm
zBZ3E%+i5*jel_Jkc^0`g>qjoWpToQzp3X`b{pJ$9zK)ZdGkTX4Qot#+dn&Q^;uPC7
z0n1xSERk7@+<@z2W}@D)VmV^BccMUTtjvZ2M=g4DiY8KVmk4B<p{&ea8>usV0|%97
zx33hFI<Ebd_qW{t?9lCf2<~Y!f)g0<hpo?ddI#)@yc-v>Q6Ac7YgL<Mrzrz(XVbYF
zGP>cfH<_I+l3`&-Ya>&8<Sgm-EpFh_849(N5vbL@YPDp?7|abJ<5;O*KiGqQ3{rNz
zrjGG11P7|~$hF!KMmfxt1d^S+aF4b7g(0FVkko4W2^{jZ2Mb_aFMtF-;-kq{H;9p=
z)a~Hxr1#=;S?U?yTK#FuqnxP<qlj(a)gqEO&Guk4>$=w)tctP7F?HpJ|CYq7Zx@h2
zf0k^=YP#rDH5ICUcGSQK_tok8wPT?6(y2bU(H-uux~~U{65b;oRAr=B`tn!J%rV=V
zd8MqSsTEiAdm#5jwz}|2jM&O)w3XH8FUzj$_}l~rUL$`XetfV#1bmfQ@yOSo?2*bA
z`IwF*bbogB5mPSFpP5^1+(pg*6)ErjtT)YYh4}NS0qz6${lhE`^G#prUT-2M(&#%n
z?@f?V7do%Ydum<YQ?8O8?~Prr@8pXi+)d#?!9E}=IEd$k_MWz_TlsmOz3NNP#@d3T
ztWE_?UuC1W>xxwK-Oz3j3cB~Byc!xa74cOksLSMX)9IHJEsw?A$HST^z8;xu@kK!I
z<j%AEeuHVw!Y5%j!(F7Folq&moqxdRZo%$@ot?m?@S&@t;zG~GJ98!<lF?zEW)?L@
z_LarQjN79Aasbmuu_nFZTm^NMApaCk#QhCh^smxBp{>y3N9;G4D_TwvT$eplPdp6$
zE(=VyZ({Fv>*~^~s-($Scmk?!neVKmW~xNN8_K(j#VQTx9EbA)^sV>Dri<KP9mAO1
zKM#tX<1UMxH`C4Dnj$n21YB=j;|7duX%Ko_O-bu<D}1>KBDU$NrR6V2Bc7LDQ-ltG
z?63Yv{h{0XIJ^dtfy-Vcc(@x-AjrYef%V&|r}#Wec3S#*>Nq>>YPU=Vb{^Ye6w8$3
znL4;C_?kd>5qB+4xh@EE6a8>l!S*VaXy1mok&ENQ!CpEYS3P?9WD>a?V&KIJ*4rBP
zPyhEGtWDbg8YZ~!3^UCAI_mwe0!vI{dzB^r>ZAt0y!Xsi^qTW9jtBCW9qG$#(<$7@
zPYoAAl2z!no5D}Tx)n&!ve8W(icI7%i&M5~p;@am6zr8tSmx9D&HWBdbmjdC&HXiv
zz&)UOyrz-7d{-`QH!-fM;FUgY*E9jRBc$za{41ZP?wUpd_leY9<_O?kox0oI3*2K<
zcd6rL_b8EtR$rvDf*yn}BYTt1tf^ry1GaSh3T=)_Os9ef400#%Ht8*YmEtO8VzU<w
ze^F(HB^&w0kiw@&HyhDxO5KV_SU3_@ZV?}$ZThgi{9n!Y!V!5swvk(g6m@aB+3El4
zqzgw7d)P)c{-^H8e|5`GJSanJ-c)KX@GCeL!wS}{1lQ0=JHcVv6vJM0vpLPCFcaV6
zZ}MWZ!B=@dUZ3gI^GJH5d2w}8FWrW=e|!=sh<lkGVpSe8A7f`yjN({baF@AbQBFzD
z;l|$_N!!Bj?e7IuC1{z)_YQKwT+M#);I5C*)J%IYY`?=iZq*`;tGyBLLNP1)A!|$b
z=XKT|xN?7CE*y-DG!`0i<N3)B!~cuJML<;zv9zlGeKLisJavm3t0WUQtR^`|BSNdF
zMt3+vHa0|2HNyki3rm}7>u;`%Y~hNnPkUB~qWURyL&+taQrgU0=kS-Xr<O{_nP$qL
ztK)<4iPzrDm%Mwabgs4Y3i4(NN4f;s9H@6+!j{TQ9t?PqC50avYpT452=#}+uuSuZ
z>afDZyl66WkfSPO2EOj0MvNoMiOH+`g%0fe+}5bJ^>MvM@d#ysJgSHivg$`e>(v^5
zwAD#v?(;3(>ja^qqh6*UiLx`XLQS_V{pCPq7Z<TzZYUT)L!STa?Y_%T)F`>|{!E87
zFSRE&Dh^TC5H+YLJK%yeKWv1v`_7SYNRSSkAtHmnGZwx#;2?qDL^W|n0YpGN$i|fR
z7Qn^bxepSIAh#~3iu~4@!B==>VhJbXaJ{^??w!-yZ|a>9{5X?Qx*fpjs!nDho{k3N
z1z#RYK;p<Mz|m)_<u3O;lZ8x1NFn_LHO!A6lKNNnSK%Ph6bs|YeR-qC9l>bfhCRPK
zM%hQi15Sc}<2}lsbGSfV0jTSic4NB1pB|j@OWrtNq8qUGq4$5CMTdO#e*hB}5kT{p
z^XGjQC7CKQ_NE`a#u3^2JA$3P2II-r$F1QOK#z<+y~7A~?N%txHr6d}Q2_q5+bi1q
z^eIziR<ZV(nocd^Nu%qwN0fFMYDO2c^qcHW6QpPyeaYeiOlxa*>Iz4yO$hhW@3*9j
z7-X}QHy6X6AJMmeBX2Jx(`S!Mz<I1K=%p;-UHS@r_BxP|a^oA-weGTI4C`CTUFlB`
zlOE<JWC<x~)}fRJ_M7b>QP~S)wua?4(0H*MGkxipsStr@pMuW+DooAfpnbnR4pKG8
z2dRF%_3~&^+^t>qqE!e0oD_Qb7&AEww=2K+IYuKVM`ucG>gViGb2VDjJW3eg!UE01
zlY|b!?p>aT`NT81@7kTmKZ{bIZiK=^NJibw-2D2lSu8KLS$8$j1Wm(I;kj&ZW;bpL
zE~Ga-=0dha?^7D3jWh_XA|>{CuV-xQ&gZBEGwT8*$HJ~8r<Rj$qbipt%Fg8?UyZ?r
z_wu<3VHYEaXXg4KlkO-Z{zmx=<Tc05@=4?<KKS01F}T+kfGGw4F{P1(5}M$mCH`ku
zZsn<OpT)ZCp4t@xG6Wk&e;O0O>O{rg?9LWf$veKi?;kUz%S3Ni?fK;cJTQ2GF8n_{
zH*>74N?}t@6<F4p;hlD5lHr)FJ8EV2b&Mj&WbQgNZys%2u<*vOObT)-HU0+soEU`g
z+y;%PWR!fP)o9BAz+xCe&izk_aC*XW7JFsLl$ZS~>df#BJu<l@mT{o#@$v*E@dT=_
zuJJoZeenZ6&jSWI%7OYz_w^;RMCrKfXbHE+4fM@OJc~V6zf8NuUeCNQ-}vMg-soNU
zj^UDy_aN+Zgd;uy8zT|e7{0*9I081tLy~FpPs)ZwJkM%+hv>Xm!N2>49I6YEW3nXU
zq)G3zM-pjhi>?(<55gnA6%iU6Hlod=g<nRkJuGFr8Ze^*sicen{81&&l+?{oF7}-&
zxH5UrOn(|UWi(UxaG7fDpbzSPA7!P{X9R#N?zPRW4dY0N9#0geO-vfY2*CUR8PEHn
z8Ffc$1|?AchEVu~Jv$7|6PPnro}J;FbVNWKOo{4tC2A|}@<aP`nu9;n5oIoPiu$}*
zo@|a<GdTi|_wBJ&(_`Pq93j^q{pjtuw}r`6cW_^sVK*1>%L2>Uvj5=dp3>z+bv}}{
z6|9;zL(k@gHAp%pYyac!PeY>>A+$E)2b44iNtg}8dCuXaR>d(hF^eB$`0k4Z`|nq-
z*X<5(0tJl5+FEW~4$_H6Y||k@<<y7R<fDSPhoIbIBCni+?*sLwN4o38lSE#11^e~O
zZd+}>iQlzmT~<$dFLeb+y_}f3YED0{>b+#VzP=xs%YSeps9e)}&VD$Oi;%xV$Q43o
zlp;FAR{_#kuojg9igvn{QpBb{Bv9^_1yM!Dfmt`WfCyWs-POYWy2eH~zSJ^{!7MCI
zViBS;hM(ZuuQ&=EAjTbsF^I%TAA?<6{wGWQulE`mKN%LLaZL8v>NIxzYx}45-sbEg
zi|${-{rEXlzlG$982AVFJ3)n1%-AJX)~Plu;%WNwQxbR4Sw$A{1;R1&4N?b5W<eMw
z#Cia-(uVw6Rr%Y=5MXLw|1zxk?Udat1~~u(41%ud836EJPY%%Ujl-v0VB?!88!{3B
z<*IRS-T}JFTrz9Mp0AVqJLryvb)yL&VUu#6FJYS*VsRhI=X{Ut0OX`z8P%uc1m~zH
zk0(!aV)+H=wO|cEz>?qE`T-#;736<NyCEm`CJRjcfUR2A=eHQ`WZiIi#&!=vvE09y
z9o7xtlbw=dMYp$~J3(`#U%<X>|GA^OuAi-XIVm{u^=8eept*rvJhcXk6fstDG2A)F
zd8;R}e^emoVfqWRG6^w5Ws42Iv+B#jZ#!X<O=zCzq_kTogJ8^?Nr9Ze7(p9b^ic~7
zBquJ<M@N}=fhfbr{`bze<0dhKXju$gt^=}=X<^hTr_}I$KKI047-MHk$5@@u`47VP
z74{`4zjB{%i-)C%OBe4eXp?0Ys6r@B5Y=w<w?4N-)l+bvl5N6#H7*ZHFQuHcR+Uo_
zVdrvM5`}pPBKY39L=|*7ERFp%X*z<=$s81jZ3pHE-}7gi@dz<mI0ib;9N3DfxFkfo
z0JH}54!M*&=xL5MB&trBO<YRUyPdG5k^K#C)pyWq1#4H%Kh#SVG_jo8;z)!r>Ak;F
z{~-Z+2TohIM?JxQd4L4C@EQ)_Lgv2CMN7XNo2p0a`m%yzpDaIAwavJ*AGUvmq%R7G
zPk`=9(B1S4Xlbd)DFSqp+f*?=lHbS!U5O}TLdsQ@i$`t9BDGa@pD@9WCZ_Hx)J%!q
zuL5_mkj)b)VRK*<F$Zi0Tre|s;c*8y!Mha_T)FI?<4zDouoc5;srdK^8}gN`ZaD^`
zQ}?`%iT8_npMR$884YQ`?;S4j50Bpm9G!iq3Kf0Ni0SwHVUw7%lZe<6{n<Z^iURu;
z!jQ1t<pXQV_A~9BF3ir@w(TXcBK++^dPi4EZvx|lY{?Ys2MM4(@M)H~@o-vSXg1Z2
zyp!VDjUjb{dWgmjq(~IYB}|(A`){rutTf{!<;t;HE60<|nY~0kGWs!|WGg$V8Nnun
zKr&X?Oxxl(MZ87+D|xo(yI4pJZa=R~9mb`ka}4OcBV|=;n)Ob=5(@W<1$K#^xeI;D
ztuO>#zkBlEfSd=W!A1#(rnDQEMg;@I+;u34Jn6D!!lZ7hxPi62gei97<~w`$$2t$*
za>-&B$7Y>bsgihcqgkl8j@Nqrmmkrc$n#2hU+|qQxaGpCUbLGQCD<R2ZLdXbV|AwU
zI|yDAZnJVz4H-vp7+Izygi+Yb1ch3x9|xdkEiyZGxv|QkdfClnVuZH_Vj`cy81t-i
zg<S^Pt|8a^V1o$H;uMHww|Hz+jo$Tg9w-GeKFWu36aA2ThE}o3`yw08!mpR3!@<0`
zJj7-m6Ys+=N{L(<z+-(3-U)dY(?Ex3crYMHc3AJ<q-2%7@&o-reOdb$%62A`7!9^2
z!3}}pRNNH1L@-P;ph!_L?w*hsa3K-4;I>>D7`%;H^f&ve!EIlevew9&c>;Lnd|Tih
z<z5DShE>!(1ox_JzX$WIBE#LO)Kc$jsV*n!gT_99&|fyKZ!W(FyR>#NH{6ZvuB^CM
zk1*-coqMtkxz73Y9Q-%8O$%x(R1v08%Z|-DzD5_%7<F@sz43t3L{|D<kr0H%(=2Jn
z(Pyw`4c1_5KKE;q^@8{bg{J!q4%fJ31vXd@tI(Gzx57&k+EYdD0e#;p4K6sav-)9D
zbD$&f<gD3R{|D703%y7PGJK;f^aHp*+~#qSlM3&=bmt~|0GL<X$S(`AqN~2@rWY`w
z;!yoycHpBjiJwgYd{z&fxLsAy3{@>(*)$7+y`QlnB4nP{MamDX!AU?)rftCXpnrL2
zxx-P=rBmiN;EZ>neMrIal#t6u!_{!vyOkw8Sk}>7UmU13mW`?YTH16`WzSm_-sNGV
zs3<8brxCzA9zHI6(i~AM6cl$>``x^~s#D2HJt)7RJ@h?SQBULN^ZSQyl*7k|5pnz5
zM;VIxM^M#Z^^DlPzaZlnGQ^4blY_*hSvo2;x)q-$)WF*lsj2Co?D85xw!I5ezUrq<
z`htFvAJgUJgYBIh@A#$Yt>QAIEO26kRmX70dAx;)^rY#|xX2KXq2z^#<^D)-if)Rr
z+L4;=Ja4}K&(i`D1fuGa&Yn|X_ToYz1Pb=HK1z)`8j9J7e8m2>WIqwA0z|AfrxH)(
z-7X!E-MWUM49V#O84YwM0u+v#iXz>(DY<Lq)`-cUiD-9IWAk+=;Hih?ZDi&L-|uCp
zshYEf8`zoB^i+5a49T)-hDX~mI9}v#)PNIp9TZlPIQFh9ES)A=VFuz}u7Yq&DOf+|
zUacT<+_R3<J(hBi)H_ccCs#wBrDLNF&x?+Ez-5McowUAafv&~H@S_#+iINw4^W4A<
zo)cjMz9XU3uh_579K#N*L!7-VUDIU~6TfdMOybvjUAvelR6PsC&L_Q>=iLh7&|d}W
zi@;3_NM;wawwM_lGDbO`jKjTOnr!9iOz6H4I)|+FQP+_Oi9cj5;n0?~4;UQD%d0o^
z*?Yrhs`=yF+;gt$dMc1dB1z$-=?s}avvJcXs<!+#c#D!z&k50d7&_w0>IcJ&JJF85
z<K-v}O#E7xgiA@$iH@_nFL~qbs{g$%SQpu0sIo+i(akKg|9q&kQH*a`F}8J$3dZc`
z$lA4squ>%_ld(s>!0;&o^@<Hgy6g9EqG-GW$-ilp<GmzL&rAlZic)5)4r56L-)A?`
z%ETtQe#$IhJ4op!lAaw7ck2X|d^Fhq3DSgwG@i_@OqE|N2RQ#>TU`TeQ!^Q{F<Jvm
zIt5{eM-4nrf<Bl5*b&H8U|jDas^IqT;IvdhCq`jO?W8Au#MhiR+nV;lXY^yxpa>1H
znxM)`u=Wo$TqcY}3T)sc58?eJUe|q1o+$3eep_>i*8xXqFEA2749}m8u%lTDvG(-I
zo)=y(FudIjeiRt-Jn6o;Kl7uV0*a>yn9(ql@8wr#4d_m=D0+;WjY#4aFM7*acMQwV
zUj^Nedwj8at$g8n3(*EvYhuCK8!)&8$-^5oDWTwyJjLLQ(qc*3z|Imq2KZLO@HfI}
z0O?rf%eW}{d=#GSr5x!w3r~Jkgmh7aIiSbX*7)f=_&Xm$vyoNk6zp1AXcxHBr{&h7
zhVRG$Ki}vvWrg}0fEAgQLY%yd%=TL>jKZ!}uN8g&I`%aUbRFTp=&+aT2)XT^`&7Q!
z$NiJK=Qr22B6nXH8o7V}-_f1;dVwe=3<7e0>=ZQPk`l}T?V1ue@OBz^u_rO!eK+Py
z7!ZK-4zcn6RT2ycdxb~@+FsqXFMX7x^gsPGf4V4{y#M9qBrF;-@>SPqsQ)k&-2IM0
z-iUWCMHlZX(P$@W?n@W{$E^{E%z!|^f#IeUM~a_*?SZ_GSO7tRfGb*lW3KfV%Xv*<
zT_;yyc@6{iU)xR#H-|R`PHjng53}jEJN9M$uN!XV7M!cUW;NXMYihfjj`*IkZR_tl
z-MClurG?d}J%sXmnvMtpZmg<0t7i&(f&2&1V6(c~v9^;ss640UxqTDJmIK+zKMhj#
z_oK@MLfW%9KY6Xo%-XtV!0ok>ADamJw3p=gVCPoH{M&bCMAJH|$~@{5vVO_2f_stc
z;GWecEsIzwRzG;5JljgtwYq((eG$?cTwUkg@Jk%KX>+U3uM2YXFU#Gx(+yiKO~=b{
z;4ePc(+tY$K4LX9p-UfCZhU%%XUd6vCseK}HN=;@+YZzz+c&dm5Bf{s|Kq9Tg!q_j
zYxe{71A>P>o}?kw|GWqtaR-EO3dwWRK!#)JTHilPu>cO}-|m<p{swbAbH674H6#ev
zn9@@<-!F~10B*nXdj~SXC7>W&98|-?Bz?w6aBr2JQ0F8*fDG_FK+2?^3he#pm<S;>
z#COzdTWGvJ4HeS9aZ>B5{!uId_Q(>L<0tGsVnNO)8M?nquq<!eoP1A}QhdQ}AX)H6
zV7s-SRrO25E`Xm8ErE5(K!1X-`^t<f5U`cLItr~!%02twqNh)qDH))TgWoanN2lXE
z+FgkGIdmS*iU2d#eu9L%f^@Xv!YGwt2CJd+(2>t8<VOExY5a|?|CB1PZG}p(2!9Wj
z(S{ENBhl`k3B1{n<4$t3bJHni{QcGaJAvobMiG~A#Q1B58y_wfn>~mUK?YN^#3u3@
z(4Xm!Ps$Fwu{Y8xKHnsI$>I@mvDZt9*FnVVmBj1wS2`)gYbh7&DHm%g4(llnYbgfY
z$@%ZxvyY%8r-?t!aZNN%f8HBR2v-}i<+-gxiI=an6snxf7l+YFej2)jOLxe~X_DoV
zmqm}OKROfdM#C&Pms#|qRQajp1@XJq?cntg4bC50taq*+_IAXGrZ`&L`>?$IF<7NW
zElcOopdf#6a*ciCMtbha%kNEUmKZ3xB2;q_PQ5!#DJIQuCJN)jO9S0CgX3Ip^;L(T
z;iX$n?IiY69iMa{4QHo?+&S6ML{S-fBP#RDfNnC{Mbe)X)w?`|5!{UD4DwUww>pqn
z|KM>S`QmZocv5YRe$yRK@Q4*f{DEOO{0$zSCLd3ElIEi!WB>cJpYA%LMJ9Jm{Vbyl
z+y{*N*{#{#HpMD($Jukx0ZyULE7Yp2$b;a5V})FIgaDMY5pX~eSTcnW8p#5)Q`M=X
zLc-Ta_;ik2`wRX9y5lvG_YUlrs=x|tqbj?CN|h!;iRsypHQG`7H*X2&uLB~koTpOJ
zP+u*XzgkkU(a(e)L<_L5f4)@NOdDtabCuBgP_(iV49)EPp?;h5G@sPax!LB~o$a7k
z(a^Sy?m);U_KMYdop1ZnvX?*j!|MZ87~4V5G!1z@lphowGV*+mnh%nUN8?muwUL0f
z(BfJ-<MA-cysmMQq}KM?OqqI@Ar4{p*{)_*#7x~gMlBKz;ttT{axAnpzjUj=m#@<d
zQJh|4HgmUOwYcjh*;XiFgRyqoslr^-c-7<Ca*sCR7Z1d<d@`PZb!gOFg*4{c^pi)-
zOCf68r(|&^nZl)GYE-;cbc(<^(GJg^sDvEF<#AROogl1SEd}*o*r{z8^M_)!V@XXC
zoYQKo-FzrZ$x04)GZMe%Vi0E%Fr6s8PDQ7h&K(pus;*cr$23{mCs#`&g%M{jlV>2(
z8&*aKaQPMvwK}$7b~5<wqA}Tn&6X{Vs|Iu0!gaHK_>~{Dr<sUJV-Zl=%MEk&g~oS=
zLW4hjrR2Hsvv_}`zmnJf<@Hr|Or#$yLw5yA(3n=|t4z5tBQ_W<6_)Bpf{{wHdbNU;
z;-p!^!7dzbY7e1Z0QdOxL1yJ%m%^TJ>o7a;#iO#IE@nmvS2FVe?bk{KW&AFrfy^Zu
zu^?QyYIiZ>xbAqMLzh5!)5Ru&tZuWh91S!gRFcVs$p2yLEr9BHg0=5+AZT!Rg1ZKH
zcMb0D?oJ@s!QC~uOK=Ur-7UCFaF;;xZT|PZU)`!r^<-xD>~ff*<~RLxcQiIU)2B+~
zy%elp94=2vbjjt%DO5q9i{6ozd_)wI!y<b^+3|PE0k?6X*ZMBJvNUG(xrz?v$Kv{9
zQkHsT!+h@lb}#K51og^+C=@hL`(zpWWtt{5j&?%64Ugq%b$>cn2KK6-j_S#h;+>J?
zho_(tW*bJB6>fNL+JmmJ?GQJogovtxog@LG9kIDOvzb#$?xO9}MB#^G(|7qWiABDi
zeAuVak7%$HkNt?$c${mW(dxYCs2sW#;Hsk$TvTh)qlWQdtFlR&JKDXGt1X&Q!mm>&
zB%6~eWKFfp1_X6iVg_z?wY$*M(l*h3bf0>=3mMD4T^zKV@G8rnKm?eIDQ=o#5*>L$
zrV<8!spfj@l4Pc#_l0#-qIs4fZP`3u@?N`kxT*-0>;9IHd?yPb@+l83Z2G(vN$)il
z4*yp`wy6%%2@cd^n;+-w(&_YR^t`n^j~nyKGXF&PXSraCg95&+U6f}Mqwm=Ty@EU0
zpLj<sZJ0;rs-wNj5q<hcT|E)IKs%Ch94VRX9op1KUi_LMk~{kjKN$=~(;aFbujT88
zKd!{2r!4<94BQX<*&`6_e<P$l(;#Plo=f=8Bw6JJp%}deHeDq4=4;hs^BOrXf49jK
z@Cwh?K8(EmQp-x-|CKzNoyq}1Kj(K=EwNecF6P746JLqqE}h<j7JQMRm{&S9ht&*T
z9)w%BzYF?EBP}VV6*`h3C}|E+sm#{B@5JM7(a*M6Uop)rq+mDD7n#t7hj-Z}PN9a!
z-W}{Jh>~Rxw&S!Tt<U5WgI}${FMX+(-CT#{Qohglh$=c~M~#XwKSg&*Vce2_6*EGW
zlt^)-l6pzL=p}njo|Bb-CNFU~Ym+)`;=k6EFi>D&9hImXKK9{!z;c1n3(91fAZ5|Q
z#@*oAqzi+P_LBXARaQLLlqXKPh!RX~v97aTte-Z%%`&VPmu?=z8PiU0_PU|hkY=_b
zywRUgZ}%Mglu`d#H@5Rpk9~;HX)uSSFm5s2e4G(Tx?}I^-V<w5@6%8fE4k8jyf{QY
z(Gr^l3W|+VVnPZXh2X$0g`UzO@h3d-VDoS0w(;?jD^~%3As4JshQUl-zydmp8<{WU
zCs&rg09KTDwGgMQ98w5kRQFYpGfzrD6q49eUa1{)`A_1}`6XDDl+nG6=3p4~KQ$wL
zMty#3pwIUX`h-`O=ZBN4li8fE4$i=R)U498F&}acVRtyjftzeT@k+NPl+@{j>ul&7
zwnA(g(hd@KMlHNu!<&CV?Xd2xf_$A1q;WR7nIj*r)PHZrYkMubfUjJMaX~CV1Fe;7
zC4u+6kS5XK|1O;DCD@srlUB23*ef@tu@6(Y;mu&>&3dl#9bnNcv6F|eTdS59Bdbbw
zMCd6@RC1@3$*ze;Txc)ad(03=Q~)o=A?eUt1Jq5(;InWLNiHHc;}kO|Dz#sNO|Wg$
zeA5_;Wm-nT=Wfw1J%&us<Dy02K#A2NTYpg@Gn{x|nbC9;!KKy?{n7nst-%gjFJORm
z`Nn5!9im4WEq7f}KyuFhtfWr}a#uDY6lu{bPn?gDvyD(VW}Db!`_wto{6k=xjJo~7
z``ka45;k^5u27ukvMQ8yp>Cs)Jxi&T@jm9dRfQtVjN30OO*ds!(V7Uv9w;@>5p00U
zq4}<*x~86uXC8x>{5_1WdQNtU4?nqlqo+jLA<^}hyV0%E3GZ}9n{7X%KZNChq`0V+
zo>_kUMBtw9S6s0l-v72`NB<Md5Ur9ixhIn!PsdQ0oGhBOebB1HurGM;ihNm-Znull
z)-ra-xAg_uJ!Cg=Ncs}Bn%^nxwi<_pTY>kAVZVpzFY;f+uYR`g5$8834p4@RIpP1>
zYQ9*@67S6I^7b8cnPcS(GBzN^+o<3^BBbNLeEW32=faW5cR_XQG$hCQeXy-ysu#us
zmKmasWM{6csJ%g*Hc5*2?HO8}>$9;6m>(fpvOMU@4OI?#Gonj!Ucl!<k8|f{0ND>5
zGs1eLmqKSFuAbO4)f5M5Ks~r_PKKMg6I(-2?uYQ+r$8&J5)whd!6~xbP*PH=Eg-_5
z6gT&Yh&7ivZp~xK8;D}KON5u=mJ~M>>a$`EauoeQ;v%u*!uXgr&&2W*DIa$d`J3Xm
zax50OkBbQkf$y4egUpmBHk{GNJPEPovJxr2siYpU#vjR?lM@rLToail5xSaMJ)cst
zS%;EGqU=zIjjMeBI?s^2FvaJ0j8rgEcegg60HLYF&SZ(8srxzDZ4B}I!R{DM<`}K9
zPM?USJo=H61Nn`6(~hg;KwX2p-J6$P@w|MA`vCdDi5?cZ?XO~&55>+kw>awkXk7<4
z7Flm8H$YMZKN}ukkq)w+sC{ozu2f(SP>>JC%3V3jT@MJ5{<S8_$a+h-uO#6$Uvg-F
zqyFNop`S%|)`9T>X?;h?dHh{@eC}kd%~BNv2XuNs=RD(ll06R4g8}C}wOm|b^c*Il
zZJR>SdeQ(3Bxdq=_(0Y>b$J|mMdf+*r7TpDpO4JH8R%;P#yo&$C8F(2o^6fK7k?z4
zMOCpH9*6ZjgL`_UKV}!vYBmz?9S2&yRWcrnGe6Qb;FQUCiob3#R|T#~^*M-tH_&`L
z41{}6YoZK1F)jhEVDsN3?yA63CocCZ3vsx|Y`!P<{8f&l?3u8ltp$?Q*T;lN*-1H^
zmdu~dhF3E<n3+PjaY9G@q}vlMo{FNox>QpBK_7IW*dvb;khY_wV7-w?K}(+rM?u^S
zwYT6Fe?kM_&)IR2;Gn!Tyo38sD;|CQfI5*mK-v#idRIe|t6pwjtpE|N#XVHnhn**{
zL7aap9)mV6iEzY^<e+;FDwHix8h;x70xuDq7;nDoq1;F_apj?MWtCA$KCx27W~SU!
z$rja*xZQ<=S=zo!m_<%~U0t~jVy!7-V=^{2lzsxu6L3RGZIXa^suRI^uQ(U?fze8}
zQ5(2y)``x3&MacP$du44#U9FP9G$Hcovrza8&#Z}u<M21{A<)EaIoOB1yj#J8rLg#
z8*@P`LKS{sO$;=z9)tDEq~g~GhH}@WhO`HY+_ISPiVuj8sIKSC2i1R-R76#%2XuUO
zQ79%P5Jtn}p&Cqj<z^a^81FAJN*gi%OFE!Jr<tJA@s;fg8?@JO8f#5Z`O^d?MdKRR
z_=nwAlu~+2FK>=2`J3{v9beU|NLW^l9W=JHV4O%$H+?ziN(XyiXgu68SV<JjEh7-#
zZyggm3YD8G$9B@R59y0q<Y5B6h9kOy9Vr&MGN<J@)9bYele)J`JKCmG+4HB=Uan3*
znU#Z_!P5Is_yKXWGe2<c-?MwHl{M-(BdG4m%XmiG7=$rL|44^j9G@^^7l@nm<lutt
ziby8zbr}?a-eW@wU1w(%r}TFA%5oVOA!;=)LtW4tv6OC`>32z*M~8L^@QN`9DF#Fk
za~jX92J`=PLl|%PT<w9l&9w;qyyK8vI+>m2`CHE_dvEtw$^d^fji2GS;>oNFP@4mx
zgLJb5G%L0dOI7W7R;g$*hRqzF&9l?{D$}{Yp8DTcT67~c`S^~?BvSLu8+&B2N+dLl
zJ}o}2uoguV=VAbAC_dDN5<NPvmTAn*<<zPoy$y_xGNkN>nG*+Hs{P3RLWkY;h#vX*
zbB54_&8E*tT{qsHOm+U3vU-Nko5?L*H`e^EdpVfo-HH~Ug2zesER0q3bXzhF<Jkh{
zT@g*W^65&8#&jEr145PFAc&ej%-bV`%UgToY+0*4xTa`-xYuk*ec?SK(xgsl!bP^|
zFixn%MFI@%JdAke#AQBWKlH4Fg2{b*UzSf=Q#FOZZsfM2Wv!qk$dQbDrUO>h58~@}
zgTtYQ;lBz36KiaI5vlEZK4_K8A&9T}R8Uh`<3C-k`lwCU)g;K#snA6}E_K_E$WWWx
z1+K;Bx7u4x{?4ouMPmO#vP3A@mFqWQStcbrQwh&<yYwAtG2>Nfzi4o*vuD0HX+i`L
z%(_qL+6f^4j48Kgr=UE-(3!AZ{FyjPQkm0%Dtq`tZ5lX5Wg`)|N0P)-mpmq+EJ56z
zcNO)YSIrds6l6SR7HiMLSw9RxLUq2BE9`cX><I}hWIfw7p1;DMCO>s+rL+??mE%;R
zesfqg42Ns08zH&<j=6C&1#jlP2fa=lK03}p_j8a_`CDm+m-DDCS^%}-J{z3(1h_MU
z%Ln$*7vJnoPeCQx8r}bfn|9Bih$be!@youCD3Y`)Kh@iIYoYQF2J%New#f_`ghZJi
z3f$E-zQ_S%=W@@)(T>b-ySGG06)waNIXq>%)|!bXj^Lj=I528k%Fcwut$~E8HY<be
zp=!L`2!yF8mX>cVktf!j=-2#crM`XSHqfKS{ZwyK<`Yrh%mD4t>LKw!xerB4UN-yC
zMW$(KQ$LJ>wPcZ|#U2^+N-Vw)MV7%QiZaa9K)gME{_u1BWCd-L&I9}&PDg<~u4&T_
z0n3GRM|>-6W&P@;eGF4p#rcoz_zJ}z8dAAUFKF%2ewY0~_mI<RdMNVinu~)6L_?mG
zs;l86725CijQ;c4qgUMw$DV5khUa^!(1pW1YMDMg>m$0umxOk482%W<d(DZXkpEet
zX_LMhIeK~|8OA;`@s%i4oTq9lZav;jVkblIC8C;ZJk%oZ5N5yB<P<$h#cqX&bTx9>
z<3l&rh3ecs`E<zKH*2eC+vlBvyxb8NYB5Qkh)N2P2{L&GoB-X_)Y|-XrCfU#HV7(p
z`SD>ZMU~3S*D2fgE9y((Chg^fni_B`To|r*PA|#vk)q@w^odBlH70KZB>v~*WW7sA
z9%4_wd`Py0Kj+~x+yr0FFj#eYZ-ACHRJJ<44s3*DctP9yl8_Sl=4ln`X_zXYdqU?7
zwSjOGY=hM~fAt>FHFw$n3LOupH-Pmn|I#Hc{#~C-{e-<P3C<a(!cr$y;Fhcw_EXBX
zZ_&W$5!o5`_f$$ekM+-aO`>7~t`2`-Y`T5G{R;F%v3gWV$lsZ3?*45Jgt+0Enqd|R
zHU5q#FK?e-I?K!ys})vW%8DNlz%NTW{;|moV2!y^kkWezMbu4o-hsh>7iLWonL>fU
zCMRdlhwLR(f%w(Mu#8b+`8E-!JZjAuCsy{WeHxKQ*h9f9o4&43&$kKRVki0UA-}+%
zyBXI4N6aoTy?5_1IpPCHid-mt|A?JZ*Xb)LvYN$Pon6OtLmCmjBEGEBUhBB9>mym=
zXuH6A|94Fcv3Ij3)2E+Np6nMtK_9KU->nb{&aVhOXTQ9wku8-Ra?lvH@JE0%f^f#=
zzA}wsh|M9mToYh59KayCQ9U%Xju@-IFPg+V=!rZ!gAkef2Z?s+nZ~`{QvS9vAevRK
z+Jyw_Vs^TKKcBL%y&d%{>3_I9R}Ssp`E4Ww#&!EFZ17BXU0~Z)*Ciq-DfQ+s#^{w#
zlO86U_=TaTgt0(@KObIt#l*t*r#|&P^ic(N=FgW~wn|pC8VO7)b;Rsx=?C9R*IWzS
z9|Xfm#`+DC+`Y<lEq~v#43_q!rav-K(t8UR%<grMxF@Lt{0}7^g|P7pU6=CK!YEBU
ze0bstXFU<Q@n2o+24(HhyW>QjBw>=_JKI4vim2myTb+0*`y8oF6OT@XrPsg#m>mNA
zDg?svNUEoAWTJt4E3)vj%zN&IIl)R*ahXyK9}IufkVobWQ04JlrYK37ujGHDO9s&9
z1=2uGf#@haK6h8}dZ;k@(#1Y$*RR6}?2>&t?^wx0zRngZAP^QV@P1g0B|}Ud{u}DK
zt=Hlm+j3Wt-1aBs08Lpn8HbaW$=WyZP%Vo{h9!$SbUt*Ccw3}WvgRehG*@%+1)UG1
z$EXHum#L2-3U4Q$R7Q%HIYi6RSPo${6m)$I{gZD#UL#bNv{}B{pTgd;=AGkc)lMjO
zYSfOIE7k76Wa+~u`Qe1*S={>$#%lT%pdj;T+}OKzE%4Ib53}tK>qxpDUhwQ^rlsq%
z<{84%z*dqdvaS9ut*}tkI3y=MlfCU{OW&kTeD>uksl*s9DkC?dX^_3`qMN*{lPvZT
zf{`i-KiZqfISLzn8bBRYam&1(abmAH{zPC9_0vW7nN4R{c5pCEcOdiYriQ9X>Sw?S
z`7o-+JR2uOW-*Hy6%3v#FAxfPuYBx)WV9v&U%w-pi`J8sCm~-IdXenXou=}LN~H0L
zR=#3L<qI(r(v`4TENIE>Pm|1#S)EU%kSaOydvhLM!HW_a<?OaEZ-jHdS|fiH?W_OV
zM^=N+(G>0p6&8#AZvNsD+w{l56e(Y-Tf!FiWmbOyJ9AU3o({}aReERLM{SlJ)EVW{
z-BuIkkemm^x2RmQ=e63gu8!y>x%gb#nE1s+R{16`D-gMjeleRHo7HK5K8+X~XBzbJ
z2)TpR-I>m#<^NkO^UY-sB9v{SW)nrb$@cl8e@^wVe+(U|cP|>jV@0B`LwegGUW<>u
zDlX^64sGrQLJs@1LUBBy+!vxL2~&SK8%iy<WB05o34e7Z4s7iWd==24^!*iRLhB4D
z-?ibAht~b#l7z1>Wm1=VUJMNdWv^NP7Lj4VfIdSgK{V=?fxn`c#}*q(z}x1b2v4w}
zgl!|Bhw_gc2AuT^d%y>3P>}Uz4ck1R%>@sDSi(Mqv7jP=U&zFsbj8Gisu=y?pZO)v
zpw@?<K&WE)KeX;KwUrU<^57dnUn`}>f?}0tFhn5{1E4pR$}7&OP!N#+_NqBN6jT=h
zzf*M}3%uE$tgaILiI`~+Gw^&vN?7kyba5H<NH7Y!DLlTYX;4uNo>(dHdK|zoFXf+W
z#0}h(nMsg<WAF#m50I7QBG{|u5{Zgd3$zk^D!H{3+I!GLIQ)(sECP5*5NAv`kdsdJ
z7bm{Cqtxj7sf_o=2e*%Mha?}!L<|lsQzmM(*e9xJ*dIgDdR7zbb0M>s0HaCunUISq
z1D}C|V1>N<v1s6k3<Ij#M?f9_dGUegAx4zkGDYG{vd=I?VuCiZ?Mo<w1o;^ISe+u}
zItQdD1|vWkSeDlaz_Qe*@)KD8Fv%{L6-%+xCYoiD!l5V92NS|EPHW>C6AChs$&Npw
zl%w|;d4{<C()JK8?;fSOh7g4C2AS2!{0BcI*5;h%>U`vI&abMJ&;nuRY7%<%i4L*?
zcVv=W)H}?u!7u7%u!blf%2k6M8C_75CS}^bh%%Uuz^0NH&7-$l7Cyf70*@xRNjT;p
z)ove(5$3YGhA4P{R8t*ncl+`8Yo~&Nx8xtcY;PNO&eRUHYMNnFKDTd+Xg{n|ESb}C
zJ}RS8=thE<>6%yJc&bw|S#N+iB~c3Kt{C%i&90NR>r$uTY@s8?{M-L+kQ#RnDc;9$
zzwvB#MVY(L!4u>()T25Z0k>4Xt3*X>8ZP(|xq1vwx?L~Dr9fFm;UBa{fNxC1Ekw%w
z8Ym&Q&U&O|ljE1`;z(jFAb+UH_;W~`-Dx=KnJ0}%^EDkVZN2})RFV&W+Jsx$#9D*-
zW*pV6Cu3%-*=QHB{Nee3bA6_gUQ^MFLed)>57LIxf?9>kHN)3p)PA4yGz%+vw+Ipp
zcfWbAuaORSheT=o4)*h6g}6C=Cw_czyEt#%+YIFYA5)Sj9A{oJO!xS(=JMY#V1$nh
zTavvmB(P^Vl*-OH_tf8~!CsYqTd)BCDFXOtiMDhKN<!$e%CA@-cIrXb#WKz9-?bF?
zvGJq%&I#nK5ZlV~oadw6aOO{*scIi0Lj69NSo>f$=cTydMo*-i+z+Qk+m<|L+h-rx
z5_rhpUvXmZ_YAEF*a=)#Hf=Vt@z*~F4{Zj0zJ@Y?=I9N7|Eu9?5O=3YcD5aa%CfDi
z-{)p)E`VHrP?$zQN~oMJ%+=M_psEi2Bc!1rR@C3#+taLn&#b=@pHTGtTq?qfn@^x~
zc4tw$p?leS`v}F<9EskfE717L`!q-OAu9tD*;5(%OjUs!RFA8Jx!r?E4<(UC$ipyh
z@QG3D-En0BIGxS1VOb8JWP9uiWHnJpY=+`IL{yKt3himnYdoAL$=^Z*F&l>+OdEt9
zs(_BwO!5k<LOGiWOf7waBK#7HIEE>h>|`hS-kbDsvA~K(WBNgKTFi$$V2EmAHoTG^
zPuA-072o8_Tl=H8j6j@TGRRJ-{Js72Y;~+sZ;`D#3dp`2VjjfuwdI|&Tw?beg11yO
zqBltql>R4CWnxiV-E{E9poe2!YM7;QCO+1!3+y0WEVy)Ks8W8|#W^S$X}=)&Stbxs
z>gI^mI<W>Dw%p{ZxHE%J*hpE*wSsb8D4#U00qKGQzqgR9BU<9G>j0=1!661Jub=ab
zh)oa<7Wo^yvqWI_&q6p*o?6jwx**OMd&#o;f(QGE31Z4@L#iPni%LR%5pqGo%4X?Z
zSSk9LIa!AksJtJlh*uu#o4&cI>lU2OolPb%EBz)gSB><vw>s=|UpzzO$sDS|7k#O|
zxNQ5dsUP+Lfzx|7X!-n)4pOSJ)%9#CJ7%=EyzGGBuMnES*?(Gk>6?l9{aS2wU}xeY
zYP|vB`*ZWgVf3EAp_3!OS_yUD*4W%^<VdAC%_maePYPT@<%fX+){ZdQmOWk-{Yy~G
zx7b-lzmxx#8fWu9Dca;l>eYW1sEZZvmFGbL2kO8W{9(tBK)9BJ+eVq>S`uwh_!qkh
zoPv;uVy+&-^`~(GD(mRgcgWsyiZePv9=J`3Slvx_gC)cwTG1y`cAG-Bo1loMj38-N
z>fTfO<D1e@8%1w$t@w_{aC*i#%NL>9;!&L5{x&l4R#&JJh`k~&Ik#nrfO-4PHuU<8
zsb>O=WWiV?b{KABAs*m@B#~-1%gEp-PTX6XI#Z7+SELX2!8gujW<A%WNN<1bwomvz
z-f-iEO7#lpG6PCN<jwP09Q8W~W9?eoT=pK6mm7#q*$AQN1Q=lIrPWG(NATZCn+Lc;
zK4_CAA0$)gca)=cR3$1P2WthebMy4Utz1(Yy>-%V8aSe92f8eXb^Xnmc^%1r_50&5
z8$>gvo=Kj!!WMm_p_l@_DWTf)%$hnZ8MK(C4s%9Vq5CdFP1G@Nbd$UnRxu0gC}p#x
zfFoU!fze{8i@WX7Ov_X&EH=0nl<Un9H+XDEyBVe5g*?-oND<{O%<s(?ESqnda~GLT
zFX^~P3-wBl7|rr+@Ka(`$~M-=M7k2P0f{jXHr)@Xj1eqpEWc{^A7J`VU(RXC)reI0
zf9-&Jr4->gl0p>YMhv6S=`f?J;hjm$rW!T$(YHI&R`}4R;%G?{8s$Z2A=n$}gFASW
z9t5Kx=3P_NZR$@B>;|5oZ8Cxr)SrC~@H30W*w}U@&p|cl(fS)qtB@YKL@b0vtW@#`
z?HD-Ub+|>pxv3O4SD272aVN|=cXg$bJowEN@O)=m#!Ov6&Z~E62<LWwSwzZ5CfGq)
z(GLS^oOoDjN-y1IOU5}V(8<M;Phlg^pyKB*)JWjgBKoDkp=OJCY7CK{f%x6(jVR{#
ztbxdBC2M&vbM$!)Gd3s_iXE9K3MPK>5?a((DW)qz*{tQr%gA<v<(Xb;X=a2pLxQ7a
zaJU(NLM%<vFV|e^VCe#yoelK#i_ISwg>Wjc@aKM))N7K(^4jY4CB^Pq)d~r@-GgK1
z|9mR^^;w~kBuZ@;Xr(7t#!rpOx1O?#Y{+$FIuvZF7sh`5YdKHP*R8mAe0R_?L%iBs
zrOsXI$efPFla9sMzCSqZ(7qqxV9^?k_J_jcqw&Dxg$21UQm1tIc}8*RqUi+r0Fl@m
zgt(G{A2|K#c#+xP^aK7c*E;+2W`|<^!C3cw)`OglzBE#`8z-yWcBw^mhh|fpjCVZZ
zui$sBDhEL2XY2*DO8gYLZ0qNa<tGVWHyyTQU8Kn#`})2tQ?VGsz*W_?&7J$Mu``KM
zSSN%!WMqB7m8xmmlDlhLN%QNjQJ_5_=KWRYY@_kuq~esS2WfzS<w(r864|AJfLx~a
z5u0yBlKG;?0`t4wE3QNLCGEfc%-Op$#97Ag=<@p2O1Wrn47B>0ODkYt$D?#!OkxN>
zw(-smWM+Ak24|+^J5qJ5jY^d(T=moMlnE;!A%ck&O2k^_<_^5jWN_Dp_872L!(!;-
ze_JbjnVTG+lvnvK2Q6*rd4+`}Tx`mdXv(8iXpc_8(;3vF|677mPu;piMDIJDyjs6L
z9fRde<36*;CnV-lf6wLVZD<FDKTmYnw<QNyG}+XIRkGJ}l|M$>s6GpQ(($|v!+*{6
z{H*XBiu$x?)Y*YuI2(U8rIR9x!>xbn3q=&{@3bE>9%(VZeTLoy%slF!F@$pkws5Lk
zV5M8lJ(YJaR+6hJc@2|@>WDfo)Unmt8I{?`8Oo-HJg=Z@-DaayIuO~bpN*@hLKx|U
zAk}m`g1@YL<^AYr^>$R5Sap993EF!h4mIgGWfhA?MC;j5>Ku^>DtL)UJL6OlbN)d$
zwVKoZ6V&+nqyrS@##nB@ZahSY4!%}X$u!@09KY^2F?5rF{eZ_B@<#6aa<lIZ!yAbI
zPHa&?qd7(zZ@MkgTA&{N-CP<1)X5wNeDN@z@*L$k=DWFDh^Vo9BXQ%7`z&h?GeP*g
zWWRHVHJ%bKQ~3O~^1Sm4LM_rutWrS2jbv3Yi!QSNtnGHRCbUtLVf0jP+Ad8!-Sl4$
z4Ql*5JYhO@4*Ok{>%xY(o|+f;szD#Z!ce@lj^FR{&`nEF12gyF{7jWHi%FvOps5r_
zE5^MlhRHQ3QgGbNizd+D{LjrhriWYUUXXFOwCzeK91?<w;ud~hO`zMPg+9Fzv{dq-
z+DsZiCOF<MHT0wzN077{T9G}~pZ8XOLfE+^*3X@7QyY<#ZDMsOgbwxjb0^Bf`!h14
z@Cjo^szJBKPmTDW?DBc$Mcxx1v6B$&h6RgF7(x=Y8)Jl-AQL^}KA#d(^ScLA>t^OQ
z2Ly~+-^Pj(soWQ~`O8pfd)zmSealmYw_?o+VZTv7-%`l5Sk$ZBjpa)-OX<>LV5^-`
z4;4w(pkv_o4-AbYUS}Na!Miw=k+LksXZ_460ug%-+zfPF<27FUyDp@-oVtDCi#069
zja}eP)eKxUCkkmxuYtg<(Vj*|hv&6fA4eW94jjkV&^QJFb<D4L>`FAn8JY=n>2zC3
zz8_c!|1}%0xSJ>Hgrx4IyRfTDeL?mN>ml5JknGO|cTsLAvd9w3TTfB+C-aLV80hwW
zV{s`%I-wab&MLJG^uaQ9)Q|b;iD|0*$3KYsVEbWcLs`m^jVjDLw1b^hAU%5lUPbqy
zWd(bL=sT3nU2czo=EQb2rdwFn&L7&3vt=RK)B6V4xG@22hAhjZ@%Ei5Z1bVsbc$|F
z_d-CJ8hV1Rn|nI1tpWcQL5+)s<`0{O3Tbkyq$cD<it<|>irJkL34~aNcfR#dwHePU
z#qlK=M#L%q0x!!YaV62r{)i_=z{&ZPjzwk8m~wnI!-q87ea(<eNAvhEd~$Wx0)9aI
zP31K)?!N#_<_^;!yi?LBeRde9i~r&`XP7s|V<u4tFEk%U^1D9*F_%YOyH5963%NI@
z)JjShGEk%}f^qUs^suT<^{Q|*wb~^^@=$jyf;f%r^m$5mmyg_jbwnbMyB@*_%NNot
zy%;Z-@1L>LjLa^@tw0z()qtooS1}54+c`Op$bS;>mE{7yvS(C!v7kXX;Gi)}LM&()
z0AO2R;f~$3`scTQ9yQ<;^5IeKdoP+ROeFXr{8Lz+DCIkzflpxx=#;QL*mBrCTnT8~
zo`9RomgG|?=#*p*VW$cj0qpq?RS^-uN&pYrp(B8q1tsiI$QWdhoMX|&N46MDakrU=
z;Mz#(Q(tT~LqS#9|4uqZ#DdZRj$Vuo1$6_j77M&0P^HCR(O(1|D(5%I0SW%6q-jtD
z0M2oVc*eg><dDb~QH$){+6X5gWW^|v;H8hI@HP^rL5jc>U0@17z}8a{<9Ex*Vz-y6
zGZU|Z=vlxvuT0j~GG*Z%nRX!u!T=H`gi0>?AMnD@)kxSRx#Lrvv}7e>usV+-Q2E#R
zgXpy2=W|s0v?lvybi`Lz&O~_oT$1ctJAOC6U&p8`m#uJq16Mp$J{N+{>*GZ~G_0jy
zF+NGO@D;KuhsIGL%1bo8^Kv$qKd+e82^xDps1Sy=V<U~Vg29m~P~p$+Lmijhq1<`r
zN}5~t`;oG%uyiZXnA^T2FzAH(e2jNTMEcI{!LGf9{2De%G<&&HwuRJqIAj%DFS0YC
z`c!nRnQ0j`P5!es6b|p5evYQ#N<Q_ihjVR=!erdB6Ah-bGiB_x_+PY4)sTlYZ}2G2
zh(AG_jIS`Z>)XA;_Ek6ki5UUk;==65M|{VY5;MNWmeE~${lQV5rVa~x%Q5VlYK9oP
z#vHoF-V{4j>j;>i&QnnKv%g^5h(|%5w&uAp`Hh~hIR~#f&3i}H#KKm*|6S)#yzc>x
zX`BBzl!8qkqvX3Bif<sltY$(U31t@voNcj>xUnM-I#Un!U-dI-ha)Pc{IdyeO9<(1
zpL_kgFU4EgF$|Y8;-{&4h;N@gCys{Mwy2Y?5hhyAgtp?I{ipnetp028AKsp4O#lDA
z6HuPaiD=wofgZ70apW!mMY^sFALH(VDEzRbeLaaze!3J}4JR5BN!L=~AIYE^3;fsX
z5_iY*|Ayh}mG(yXh7$9L|98lotIM6<gDViJBEC17kU-gy6?VcUF{9C}H>ZBLIw!Y!
z++}L)ocm|JLR_N)iZ*qgu&d`Q01tK7!vcHpImDm$cc1$If;_*3{tL;-k*w7DHsU2g
zYE;pz4;}NGUPbeM_mi8<6N7ifz7}5kp{WunEC$w-qmf=6SV)S3+~}!ApMm}21iGy-
z5nMH4%Nb(>nTjZy?A9RP_qwY_@hQ%qlNfM!elv6c1&4nr)d&)N{OUy0E9tNRWoRSO
z${f4UI|H1(c3$?g_THib3US3-SY3<gQj_<{TP4UN%%*l8p?c<pe^OC|9P_`p{AR%$
zkPJwSe$nDPRzc~4ZYWu2AnrEz=Px|gV>*a(k#A2SxRDGp$T9~B1e=4To5_Ub21Mx8
z5V$$nd-<a#U{<O#O+l@;;!w`~a%e%h^v4x!?9N}tZzV!g@Ra(#4`+b5n_Qjul%s!4
z9W7zb8_?NeV#?Sj|K-ZrpW^!@e#a{0)pU*EO*(uegr6Trd$*1&c(K&v0_Uw8%a3YY
z!&P7#iE;#AH^^Ew6gybRh4YLOF+OY%Je>~1ck$%_6W=@Qp3!lgx3D)N*NXd0pwr|C
zY(E1l2i?%bPwrRo({jaUAqKZ?B<Tq+f>?xzKWr+a!V`LwYvhd3n}UX-7oC|D1Y?`c
zrD(E9-WNd28gNn-I#z$OP5C(wIZxc-3WW2xv(g=pl1JXl=8z~P#i$>54A%ybqTvrD
zTf%-jW&jkAnny9O!pX<M_Oq~T+wzY^ZUzX#)qtqo_i@kS<#!QPUqYz}v>}ioiUC#P
z^d}*Yi4)o)zcG~Qk(<QlRa?OfJ1ezr_OMv|f$<*Z8e=1MOx_?pmHj3(%rJ_VXJ1yU
zRuV>66O9;5&GPk5eOByt<1tr{?>tx(p%1KwhB3rND6ROX5I!`XO!ChBxDoLB%m~+r
zr@4)sFKt&IZK99F1R&SB>Hs7N(2}dLvy?=t_SAlUqBSEpc@+9WWw`AU3|u;pIxmF7
z54RHerOfOOmapFE=}OYaCpH_lv@XPQS$xz*H=s@qS!i!f*(`zHWmT!}seM(Ff~rWg
zUM&?8a85Vrd_1}kW)>e*+aK^<-1L4TDNVe}%>GH>m)ennf>Afoz1xq(J_#TF@S3C*
zE;^1y!AY%{AAFcaZa#=?N@d=2>3Q$ZYmUW@TSQG;M9F(4$T1Eqkmgqk$Bnq11N#5!
z$S6zKt3GtzAW7^LIG#B5Jq4@-aMlEI8%358`5c}05hf;t;${J=P`;Y1X%8x=Hv@>1
zM%*U)G|3h=1^mh^5WKNVw&;@spARzzXV`TO(tf_sDnIr?*FZ)-Nw?8abKmMa9y;tF
zMtV)kDKg@7zdN$n-VIpiraCJWcK<vQY`NC|qEzUzjHde(JsF-+I;a(CpOu1XU?Mj1
z8UTBl<-%D`9TxLYtAoiOHnB;_BpuJmi|G9dCK5r-ap>l%ie#YA{=!Joq(gUbrYXl8
zG{35nVM#$PeLnw!NR@|hokpkdx#IwFLfHWo06<nk!jxjwklY3HHI7H?*t1dJ9O3kf
zvLPq0NF5i797m;59yNjxq7gY_;UK4bR<_Z(s*;x|j@99Y0w$+H<*)#M`ZH+9=y@fz
z!e4pCeA&2VKBW?i=dz0~Ru-j3g%1QLF}IqnF&C7{T#5hUpHA+$m`dl<*Bo0Tq$oR%
zyY7iNdwFeplZyV74cqhn`unQ#lZj%0y<rmH^XC_zz2N#B*H9;wX(aB56scIYR8#K1
ze@3!Vfm9vt>N<8Lko6?la#GbD?#-vRI}o>e#!_=>vM)z1#j9X#wN%Yu?TEGzqH@qQ
zpjVT*LgTav688UGy{1H)%B6P8*>!EW<orMMcWlQR2GAdpLv}bzKGI_-&J%eYw}-Tu
zca7~f{UXEc`*-V8BWpGTrM|ni<|#C-5EpRZHFR0qd6&&7Z{>v+X_U=XmAz`}N0+UP
zA80o0dXo7;#Qe!@COy|N(Ryx=%46oGY!NnTCu#z4do?*eJ$9p$iIQsX8B?$u@A~Pv
zYn|td8g8QZ59PNlTq1MNxV&}N6NGzQoT}3Y1)p!dE@SV%X|rhYo<Hh%>u}&NC=Tf-
z?<~2OE;g03#`CKI^{MA4h!e{Im7Ei6I36RZ)#%C|z8^qkGgdK|JT=|InxgQ`CL?Et
z664#^)s$~tz~%Zj<OW}9O7YmxKd=4XgTRNKuiae(buI9E0tz4R9D|*xx92y9Fs@3%
zZ<3~)+;W-#3PkJWkZX*ECMtwv#~j-c)YaBTrcwdUlC-uYZ6c1+{2hfY7tPX$uw%X{
zD}US%me#LW>eLsA5)su(P85b)A0ifsRMG6Ux_g@|pz3UbNh~-nEN}~Mn!WkoarrQt
zpfwi)xzWxWB1C6UY`VmtT1RHWb+0l8OVPG$iS73dIAXe@!xOz`S#OvLq&6k{M>?(X
ze7KnL`2(}0HkF+%`jpW5@ll%zyvrAR#cN<mY&ow~s)8eQkp;~6dKzwNT7UjSv%`S^
z3gN}XBO08W$u8^aBBxWnfP3G~@DcRb$B6iV9CAs*$aWsOsqd3<qHw`?)e>kjI{fg(
z{2`(rI0@i_t>`jO{5==&QIdNk<SkaOKAxylco}DYv08tkBkpe?Sn7)`j$#YbJ44&s
z4z|wY9=h{Zh*u`X{+d*Ky+ZzQ1GDA4J)WL|Cd6Q1saE>^QKVQpT28e>?(jCrL28+S
z>CI(x%$L_xyOhu6b4)b;lgo|01U?~oe7<nzwtuf$7NrDw95;=!a+TO`9e!L>9t{%=
zT5QvJ;)%<nh^ybvJHAEIc>z@e3KTe|3)>|sDr~-4rh+$+$5c#!D69uMgV6SD)v6;(
zR{x^~hc;p`Ta;phVNlk8d|{32zs)|Vt5!|bWiWKir#8_W^n>WTc^h0D9;yX})eTh$
zpQ=$zetc|%(zS}zM@2~b9LI7fp2EDq1j*Qk=ETQAZ(8WZns&M=@t@4?D<*i8Hb9b(
zc_b|rc6+&dyT>0Z8E))DbD2OA8O4F8PEzVwO~Z*~zZ^6x1l(J=0R$<V1EsEy5;_M*
z)t~mLz%P?<dxpD>WQA6a<odsANAmyH@-CHJbi6(jPBt)mpdL&&lR`M8X`1s-6Op#z
zgq<t9>zAB=jk)KI9crud4B7~Uq9TwOt6+AnYqHi|I_bI=3@$gkTZGAeL#^LyWb!Ud
z<FATz_R||)y(|2x$U?BnF=ndf<+gTLO66tx-rD%yfpejCQDuwvRIGoJe)~B)TfY!W
ziEbB$^`b9J4L?aP4BoNJoXR0&gOvf#aX@17H%aH+DzdXmr^OIUrRQJ7(`7BbbJvlp
z1@?ynH=F0N9_eiMVxvz?*0z=&(5Akm5RXKD^3NpwcK$O=f1iT!aNCp5eqH0|ns1za
z&oxRi`<;Ge4hiM-D%|5kz`a<=E%`5)>=hT-^xa)(s)IIs1$mzcYKQg4F@W-tJ9fkf
z;0wT3oo_^;ZI^gO5RHzqkRpI<|KSo~NdSDRIuu-iU@Udh?7t}o#sVM~`HzJFdjQzQ
zO(2GiYx7?;8zBZ%7Z%_TMF+r)0I;Vr@IY}kcq2U-cohynAi20+0ED~!<1r+F$HL(k
zm;GjuzlJVeBDa&J7#RSbQlLs?Po8QhbFWFvduK*0+@2voWT^mjasl=q+x?S3ws9{s
z-BcOojvYg<-~o>@0Un1B*b~3;G{+C|j-3XI<e=<}0m2hS*x(dZs0wfHPdLcmsEf=e
zwFN)L;fE@QBV=Qg$gY~FG|~0wjc<IAWS5H~>V~5OpNex7g&(K-CEi4RJ^xsJE}vrW
zn`~8_`>kXD<vdGPclU(<+C4mU+{?CAlJX(-?D9LaNiN3b+YCO%{c3<_WLaWN^jo0y
z%`Y!Ag<cOiiAQMr<q?s6+-BBZ3OtWQ_X3I+@Dh+N!HwcN17qs#Lme(BJK7|_3~c=$
z63P%mC#|^#Qi&@**kB}LEsQ!+^X#gjKw<bYbR?+Ek71%842CWTn^ueur?Kgzd8d%e
zNie;vX>zFYIxv-S2Cp=hH;!>nE?BEz^vAp>qxYKWDEGP!!F9R0kpfc^B)yuk{2;$e
zQ5u=hx-VScOc|%c8@}+#toxznwNNGdImd>w6~H0Et2wDez>cMmSjokIEE&$6gD$oI
zjw`6TL3lX7Eg)#7-jiRjq3!A@qnx*#fqm6SY`X~uab>d`{;tFSXL5CPjPYp8{`ocg
z;5EB>@4psP{^v%Q*G`CebZ7~*Fq@`8?!o`Ln)ht}U@1@$8N&#1Tpwy(sBpixT5RsO
z_~!inO(xwLi0pbztnBzon)xQ}(^=2Bqpy!}v@6GhtJT+jjDgs8cCo(w;$u*Szn#f{
zZCVhTyLt>8Blf|H=AEmHm@({V8`?-J%R5(n_<c~vs*GnQ+DNVjd``f?(V3J#v*Uo#
zqSUJf*RC7uZq=gp6!;yPN|bDg$PA|f(!K~1hpib2YgBknuC+0By?dcR8m#5!Vn%zd
z5<%#t#9v*nRc9NvIQgT5YX3Aw*EGh}2J`EsM)TQ$q=Q?d#9N~V|33_?*G97gpC=fd
z=!ApYTYj-J_0rM>@E_isOB76NT{122;yFsZhra0eDPa2R)uraP!qH@_M#x|&b3bf0
zps18oTzJvug?^iQQ~6X^7`!R2=0yClsfjjOPCpU~*Tcjr31KpKQs)nO?oSa#JC1(X
z?T)oshuF|P`VqK{xp!3Cw))7R92HR^5d)*+)FR^^6eFdCtM~sKr<>hW`z4TfrVnKF
zT|O1sxa?P@f0^hrEAmJFqG;t<<~U~-HuMV?44-rOzlfO2VU1CziV6<NHH<e_20CqW
z<+vb2P0<Sr>X-NGcl>?LI(C5n#v2GZz;A5t%};eE2?5ns6+rz9|E1lG)`MWQe8sYf
z&eRfMnlNJ^$sa4m_=(gY#NP*}UG(J!w3bjAt0)7*M}|KYq4EA;9RsKao{9MStf9XC
zg}4b;F$&};MmIN5ECb&Dii3H@HuP@A1CF4Rl4!Pg1Rj%%q?b3=K8|saXa`Dveq;#(
z>;d09t7iA&W~$umh0e_y;KA~EaQoi3XCs#6)Tl&dAMe4WTA2}hhK}D)_mMZe<1Yl&
z>m<ts>0xKSzlxF?I><AsU4LKv9@C$fU$1feAny``3|B!9<F_^XUFJ5!j7EkmvS;Y~
zZ}qFjUMGDT+FIgGJxz6CK&phFaI3CW)LFV)@{>HZv85JCw!s+UEz?Aac3rIkv1bP4
z`>`oJ51nkXi-n_vy$-Zas~N>((E3ZJP(A;A;xcU&iQvs4q?SyPacB;NSc`QtsAF5#
zcUN}?$3Ew^^%hiD^xoVXQDY%QC(S7o5xRKWd%h|266-vL-#gA?%LI(p4wpw|p{3g*
z6rc`HA$SOuwk?7Os};)6iVTT~-?1o2Rq*zuovtxtNHc!xt_Z1#-V{y*KfCcDiPp4z
z6_tgvis14DdF`&8m=`&MwrhcJTWDzAs>rd|aRC`*KPyGN?aP@1`|Gj=--9`~o0!e`
zqYuAn!RstXuk<{KSn)@>W&dc6pYoj)9J4O0espHXLJFV;G7X9^1$WMJpmAsMHO(&k
zz`=&rGCQ2Lb=X#KT>K%j=I7*Z&unWFy^j@5;ku?N?p?4>rk|(;cT2yK3hxjivMsm%
zFmRL0CS1EYO3d`l#3+e)w0Koazbk~#Sl|3$#-H!T6)&)fZkS~od|>{G(orNZ(|k06
zng<lW9tNji(v!D*4EkPCdS3=2u~P+WF@SH??-jM#a|{LqkjW1j@b0k5J-#%GU-r19
z{z0Zv$@2}delFqq*^U4^%B;u=`U6QKRSqZ)Ca5twiAkp8wj*cp8u=TMT_^?}A8*ZI
z+-qkGBT$di2t_ilO?0(y@H7z`I_XtJbFDWp#cld4&d3U9e5-@>Sa2^-V9I8Y=a1e@
zAI^yHEIRaWO*NxyOND@Iw=DVegu~d(;0N|$QL5`EaH&;pktl(aO?8LlfW4T$F|iTi
zsqJ>Q&TaTTuY<lCr{Y0fGv~ehhJd5y%k>oMhJWBO*92<r>EEeNC29u5yy#jv>N<_B
zP*pT5P9XQhB~@*z9nW(K&mWPWECIVcYER;iM)J$_FHV={7c=8NRX!5aRr*Tpf^ljK
zJM=4z-bXS?LOmJhei8Dq!oGLIWSoEUm%jOkLWVl~q~hjY=AK#yG>LrrNz8D!M)q2N
z+zIL^Ox0VQ-0rXRXoaP%EE!luo|N;|tYf?369o<!?885n#j#e8F)lOLzz+8MZ+v?d
zP#^|ZSU*&ww7jtzM<K9rq!Oph$A#muR5{o;j?d)OE{yx0Ds|ts6LoJyXE}bIwas3f
zsI33m)t_wlqYXsb{)m;|&&|Xuy%@mRQHAkq_&!{FiyYI#KYPCEZBQQk8Pkeyx<T7(
zXddS9B0p_(!W5;Eah@bEWcKut+-TuO@dp@Ss?>i>1uMK|%7b89`2ue5CwL+fGRGZ7
z5{j@pi1*qeIdyAO{qs6=-XIiV@O-;{&Q@EnJ>67dxthT4Ae3q8IiIyAaG}u7ZyIEI
z0Rd;VQotf{ofA9G$BkuJRWa}D?{GV?>Y;u!@Sd)?2*b5lH5!QfOFrI`zYJUyech}J
zrq`aH=*ZFQ(|TjuhTb{n%~EZ+uz3KpKt26j<DCAWl5n}C*NIEgC8*oTM8L7eCO_G7
zvGE$Xu5-`sChL`GhrFiIltVyamo582?e&p$)9|os!<*0Pdq_0iIimNmr|(1=Xi!jd
zkg1p1@Y*q_QX3huX{&jjwdR$Ubg2Nu**2g&V=(xEhvQq_WT-23oiuV`?E1H*sTl0b
z=DQdE0oVb_{-8E%JTzQn=-omS5q%CMNOU;ZC2M)>tJj|(Z)qI1vq#U+d#|dm-}R8+
zHf)bCHN`)-61;RS&TN(W925J{a2-B-1)?i=o!nr`mlhIVyE>ypQ1*EGRbw_V0mSMU
z??K)|^ZC!kd4tk`ZApS-_n!LOoV&<^JIAd1+0@~jw4{Vk+?5R%@Q*p}iV5XL>L~HR
z$DAylqH7CbUc7_s2BReD6Z`pJ$gsg*it(k8cMT*YbrDvY1e2Vj*ID}o)DhlJu~yZ!
z;mCvf&{bcMt|ye21ipggn<?zT{)Z@v$)USKS0r}#pOky(4pH1w_+*vOepR0h>XUIf
zu>M+xa#Fxvv<n+c{;uF?#M8%Z5Nm9kh`KsCCTPE4y$mhV*&a%B@gv;#zWX4iCO>K{
zV{wg3lguNbW{26c6p4YOmw^L>t=mTjOW#yA$@k5%8TqVUoj))C3*QT#M7*R8VORHK
zo@kX*X9z>Be@14iy3hpRP5dd@&k9hhB`$J*H4)76dZO@;{xh03_SXhT9Dm#H#Peh|
zrCXpK=apVn@Rly}>yqtut1Fg$x2ABgf%~7b3U*mVwK+!>g0Zp3=c*F)_6}xCIM~4I
zXlgz$y~`7R)*}Z<5_y2tlWC2rAtlUryDERnoo-!6IjlIk!<Q2_Ox+ky_s(~0D3@{f
zWt;k%6QMZ$l3KiI;tRtsm6x;(mSWL6U#(Cess^N|{oQ5N83;^6tb8g#cv+3_)bav#
zfDb@AHx#UHqWNVOa1%d*hiMgs4{v?=^0A+oV(6)Ii#M5D70WPy?E)A0>36I0EVIy9
zN^EKo*fL6eGIEE-Z27%_X-=Kdn<gE`EAnUE(ImM&XchE|GFepX8Ahg7Pt?DT*)~7n
z<&0VT*A4Q!VusskWQS{LRqdb^ob=|ORGa1S@t_A7;shLHAs?wCM@S-<@qgv<c$A8(
ziSkmnp|2|axxt-J2nG`2ZGT2M|9&MbuwLv06N}gKWi`@jBS>jiavcMYV#*<8Z+M^_
zw@Y40e+gCx?XoF&8e!L{1&d3G=sRqu)_{kdioiD=6~t`vO|6hS$gpDn-33I|P%Ako
z%#x_zjP%2V-l-XB93K6@FO4lWLhnPk9%*N;u;ITi)l78IpJ3tdXLYuGt^-~*pv%*7
zYTL;4ZKEN&3CLc{M%M0llQ*JDKM?ck!WCy7>{CS_l^^sycARGL?T-Z&3|Q%*pvV@%
zNJEslceE@)u1_mpj2;0u5z%-<TFkNOVEF}G0F!QK)d}FR=D&o;KlJ)$<HP-R#_QhV
z$-jpF=WhEfg${M*EkzUhPl2lW7%reZ&eEy{^dX@4Ez@E^<@~esfPJ1s`}*4PkX?xi
zVy*zB!fRjKex0_?G`56leU=A=v22v@o^G6W8YM8MK4AAws<>Wh_+b<0$@92zs`EZK
z2Ze(EdDof&wd(x$8UP&6oy?XnS^(l47Z(cxN@w?k1GuLS*jhjv+Ydk{F$I~(H9uLz
z_D$7`7ZB<90Q9v3yl4x|83NpX=Kni)66ik%oOK)jEO76?%qtp?CN)$!XYW&01DOD3
zEdjb}fGPi`IsjAtxgP)D)J5;7v!Kw)JSF)5Xp~jL+pa9ufYZSoghH>HPs{;%iNUxx
zBNdgdBHbwzGDEx9NiLtJRsH^~x~}v;gNkxrtg?~*&)C*x^dDnn41prbCw2^GLP~Eb
zS!b+eo#eJDT9*JopX%X~%LX|;%MeAgO8FoJ_#Gnv$LB9!oHtV8@e&g$*?uyr&Trzd
zHW{jO&Nu*;hr?@Su1r8JMEFS|KV}NKZ>|kX%N(x8i&y-DU0Dk;?4Y{ytLNBQ-mVfw
zrl|YD8q=}JdL#5@a|pS=To1V@cdHjOE8JwkVJ1T$$YA<7)WF`|8+7U`ZjoYy+^vn@
ze|*e!%$+Cu{Y10KY=?Vxxzohmy=vA45*iUcJ6j_)TyE;?w7|;Ov3SfQB^GpI1$aws
zHH-S8S1<qq_oRGR&LFfQcb%#65(B3~>a+oS-Va^=F@XCs4MQT<9IExma);UAv7+Fr
z#(bH@N5NR76iOqmfOi`evMVoy$Jjc3R7g;9Ij`j{%PiMTyPt5k?EtABLE>M)d$4Ti
z1H17gN0NQIXt+*Mji)^dAI(b+m*o<&8@`T~+}N&2E<~INePQjbdCN_6y|2MYFz?}}
zUo}ZAzjCwYT_4&Y5?7VQt3t1;H4&@{>5xWgiZMW1rO*xkVVj3kd&y_=N0z~hALrHm
zuE|qV!d31Z8womQeGmMoV2lPYq;}btVtZi_&m0B?_qBSs8|B*oUE-u%*ViyGVYOXA
z&(zC$h){$fQ{pwr!|JF${=OXbcoK-Jn}lbCY=cDm0P>5Jhc(Un!AoTuEkLMz`7+eX
zP})0Lq7L~roxNtMNY`Q8N_m%wa*Z5Gn|zPxIFlPL)EOy{ocR2E6gQK%>k}O#)V3hi
z-ZxNu-jJ0YB<B4@21aK%tNBJ?<qPa1`)KhwgfX`PI{ew%+ZE+C0)1l<T_?zFbsLYu
z%}v(gTS|g^3$x^#V)oZ1C+>xB!~+;R5XMEj5PH@k@idf?xnJ9@eP%3e#d7Z)o%3R~
zapgLA(ECIWM%$QdcFk8{p<`tZgOVX!XOOc6{9%V!F0SKxSBaLNw(t!O2T=+6{~ud#
z0Tf5m1!}W6!6CQ=cXubaLvVKs8r&@ef?IG89^Bm)2^J){ySuynL*B3I{<rE@!S2~J
zr%!jE?w;A5ex@4>7g|^8GHk^jP5yHR(o%at^)YsORV@T+ds9TGDB)l?LY<;Y1LqQP
zJR2Bc5GqwP;^|i3<P-3yCG+!G)YsVpIkvkV!L;O}5V_8P83PU}h9B8qFqw%ci&SF1
z`w^NIi!Lrdqd!E@i+KrS3{~bGQgj~HeC@m;;2@KZtd7A)eAmV7KlSO8pM}V!eVAXn
zlAa0aqt@`Fq;`hlVt@D*dUP3o`Tnl}cds+plpt57b##1$Q%P?wuwp(WPx%OH0Jj4=
zoP!K9vj6`6XFJOS@`a?NUguvzW9S6~=t5vc1trL~7&8c)zkVoH(=6f&n15sObA<p*
zl|l)vU>ThWjAEw<xpa-R;!2J0wPqSn&gm<Z?g@;nYG5jzKmy<c^R4UBV0|Y!;8j<+
zet-zY6fj5>BZa`8b|x8?8rgmwfyZ#6m$_rR5~ypj?+)O2iWL&$ZA-2;TxRPETPHXp
z$(LYjl8`NE!k9_%z!G{FOhURRW=D+GVY9+iZhlf%j^v%FRiI*sGz;4grVkqNP2A=M
zd5?~KEq`~s>=)dPA5NzR_`>K;0W3ULlB;+4;RRRu?%Rdz($6~Y4{Ol)HPjD#_~6|_
zZk#oNiuXHV=j{~eVb@FOD~j1sNt+<s+q2NzAR8TdFu`Z8Rg%)^k9fw124fCt>~RoE
z5yn#2#q6HN{Hfcc*-C}oHp%RBcm#FDaA#N<UJ%h%m%}>4OYDUsf&tVHC!nUV8}9&G
zyAx2PYJ#R*VV;qSv1&r=n8vMVN_2(wCDK|c&sZb|rHUbH!Cx(4!M=3MJ)r<#Mo`RC
z-|PS(TC%#izm&Wc@+$)=KRDU}gw0t)mKrNtYdO4CTM%qljWAe%sY0TQe8|Q(3+)tY
z2j}ggk3GDJacgbdZmZ%{nKiC9Q7}Rt;O#)XZ+t0@Z4|;~3BfhOD5rzVUG53tj?{;n
zp?BfpgfOhysbI(DnIfYXh2#)J=4|YiIyFEwf3%^fEl*HDiJHz?Gc=c%Y6<a3Q{hWB
zb*c6XPGL~I>5qg5wox*bacii9oA`&s5y~253yg!!np7gJia<<>ukRHp!U`UbCU~Xm
z-cdXw-yy?=9a~4BCm%s2rWtmVM%hYkP%<Jplw#ZjYdCFC@nln<m+5$4ftJ_?USSnp
zxO-Dh)IU`u9!bD(QHMp~Vy@xaYnR6jQjqo$Kqy&HLa%Moe<p6iXt$l8>gJl~s`;bI
z<|}4~${Tt=UX>|YE8}9N8e(kvwNmGu!SK{q#2=7gnJC*IjM5KB*c85ty$nTvyyDS1
zOM=hM#f|qOMV~$)@>3kb1M|t=oZ6^!Vr(&k50GGUVBZJzNCXEWO@c$#TJe7MjK@lq
zLm%PQxIv~~T&S3{qjBX({SP>l^9w0h0}0rDw?q0Zb@1=H-FyW)4mZcmgUH(yYXso0
zJ~|!sqd&)QEh(PagLrc{Lm9xPQAlU-iWuZ(bO^l!{Gpo_Rr>{1Vs3<QcX$34Vt^xv
zg${mG<@j}c99UpPn=@Wt{QHn7O`+<eg3uZ5F3GRCq&Oc-6%2~``JUML!JF7fIld`i
zH=%cA?DyU&6|F6XB2_v2%2l@TA(O5$=DPqXWtvE~oLD%TI?%g2nfLD?ywyK-a7%W{
z+kA^#B)M?x5%eQ$^&#B7=NVm$+I%t_?jw%g6aaH8clyL5*-34I-r3<o^^LCxi;hmh
zc-G_`U*u%M(OfBjVosP_Aou|wL4tyw4Iy?H<7c)_j^|__#VVW<{>)|Kl}q!~I*N<F
z5}hr78b+g7LQ_za12XK^MdD|AyReg?*M8vguI8qHANaWBO)C`c;&FOzFng7UDM{NN
zyFVeIVtf@VYSI#An!i(jS`XU9U2HmSU-~0ulA)<&JT;u6Jj5C%6S*lXYBC`~O_9Uz
zB5xC$CY*xc{}W+COjf3NoTMNNwpb27pJ_zQnxitG#M1?Jw{e!wyWE*)?Lw-N#Oa{%
zR{t@>_ojcrro8=TA^d3l9ab8&GHq#bY+B3Qekh_33TI!+c^z`ykT-Q=B5GbK=Lb8a
z4MD+z6hF63ui?wKs(!hM4)Q6Yqhyj+!6#>>GxnO+ZsFH)Q_Cf#1Gk%a#aeUd!pL^g
zqLOi4Nqh2V6vObJh~{jZ3l{QAY>6(v*PzDg3oYfBGpAA+@$pn|{R<PYsIy&uH*as5
z%P;#YE=Mlv&!qTHM6J+r9TWvcI4@VK&g?pVQ*NpFlQjs{C&#gIv>DR8;4Pq}Qk)iR
z@=WZ?kNUxHVN{Cy(lVpI^PYVr#$fkUY2r5LfeIHoV}%GAxyxy%((<gf+2Ly+RIrgh
z^Bj1fXa#}b?pQq-IkF9k>ug)8-OzUJwJ9wYIg-K@N*4E8OiE9qojwvTwmXqbhIZwf
zhG;sO3^Jv^ekih>Z^MtQ^21LYk8<-L`txi~3j{aQFq>|g)kAs5vjToyh{dRhy{|U7
zkqX%)MMH=GX%KqoX}&0b*kGYt!ys3(%dK2<twt%RJKN_Y?}PLt{g~oezIZ~ra2%_q
zZ`MdjQerZ;O(kEQ{quYKFHhM!TN;8n9YcHGp<v6QaIxT-Wba%v<s`MvOWQXenJd!i
zvO_P@S^U;$cX<ZQ>|TSc4SjH5h4~VNKRK_`J}Z*B5d`*g{3XEem3!PGc&Ow0m^rr-
zuvDTp)?_H8Iyi)yIUy{2ei_#A#V#~6yk^6d;&|QsH=dN2xuj&)H)oB8Y{ibyS?nzv
z#EW_uJJ}_tE6-=+8v4J4y1uN4-AN8yszpIImI9yJAWvu)k1)fJKQ8*t96>LvIApwx
z-Re*$mVerNU<|&aJ<7Z*&sOWWjz{Rcjz_)I6~2$|n5J1JxL&rp^qTSW7~9pR!cdw-
zPb(sNeV09Ims98I3+5W1A;}Zpm~{)-^*iP$P}*%McopZcn5|{N45Ka&%JQDDash0w
zH~IKRPC6Iu+_NX_JcKV9@*-K8FO+GOq)#Q>L-(_SP9QGjMI6JNJ15!AZ|UdHBa%cJ
zR!hR~x+Tns_2qbCPAD>@#Kweh({n67s1=60<ND|p9k=(NTQN4=63^-*M}{O>olwUN
zyqrO)S`@-6*-~Uvf|JHDwTDq+H8BM$20Myzs^%3h!<G{s9}q1Hce?xCRDX%~Y2@Hk
zonMx<=`ttG&Ln+bBTAmvacW+*Q<9LeMH3IFQT^~V_xFS6{z!FH?h6rDR0br1f&Ozv
zTUz4|*5j~V>1SrVxDkGMuemv5KT(Y4<x&?V1tQ675kuR*%~^iUZPtJEYHC_|esad@
zCL#EGi&b~WGNdL`UJlAqc@~W|e#78?fT^WI=iJcADE>Jt$B}A)fkitM{(d{p3+kcx
z1y>(Q{M$1^klT|hj2Nw)7#)3YxIr1zV*Up^MCF`DMlEzcnrP&;c&<_$8wu`vJU2wr
z9Gueb(lIH;4cU`=qw$5h@F7gCY$ieAnWT(~h%MokJpmT;irKX=yay(*+!&hn5+n<z
zfPGiT{yEI<wos{~p?{a&tu}H=m8I_ExnPlopJ$^1P31^<^BR%dFr&3hT~Q6hFanu5
zC<WOs!<)~ENXP)fV%2zZ0EVQiv~)F5^KwS7dTh8n{6+;E!ezJ1$gCi0*R9eTds!K}
zIlfqp%S{Tc7@HnyIbaToBvEZ{;dt%bg5`Vp*S*onY7xiQZ&ayXR0c%TB{4O#dsEQ~
zoe_?dMOo<81Swk;iM_2I^7{AY=Pc72)T^n<rwI)!bP0!kRD6;SROTvOuX38tZ7v#P
zsB}MGv-A>o-;;JyevQp$Q!gB1N*>0+t~Xiv={*sqWa=&Vyzyz(wcnrJWIF>L{o0Am
zMOVH~KS2pQ|4Y^{6UbghVQ0}g{o4ZC%S8O!a$0uf%?`1chKQn(E6L6V*cDd9_PEVE
zQH)$9cG;Rd)}eK@`g#eoo(v=poLODpB7`KK)ntmYm8Dwh>!eGS&c=*J4X-|5De*5b
zlok&r28f*n1swxBZLvW#Jv&p_gT*O7--ATf&ljUDTfHn57j{jo$j7P{Svbt!i9x-d
zioK)yh6_({u57XuqR+B2ze*>iF{H;ro0rj=-KD_?lgRU4>L}t?5d}JyE$ik<``*Wn
z_87_SzE)`>k#tsk>3eDTr>{T!pYq#FKDW>f(qBmnl)TW$TA0h&)$;uGk1lB_(L>Zg
z@$*|BoLjV_{+4a%#dhPSLwIlC&sJmM(DXNY(+V!OC2@dRCk02r>F>&BYRx15SVE#$
z@rj&Cg+bgYZv6lLLYqAAX*_xsr>ee0Bx7%Fk}<s#3y#Tp5Ay!iJ=5>U^5Dqn+8A8q
z);p4ni<y3f5a54H(YlX_b-%f*<oG<>vhgcVLWI|e?1z<9*8Q(d`$1<#5>jH6U*tPa
z_C5oiQ*D`jMFM-88YrIb{2_%(+-9qnIIV&W>rI#57HS<U#4>~=$u2IleV5%~ZOH<1
zW@=i8VjYUwdmT5Tfu#uD*M)Iz>UdU~iT{r`M|XX@Hbe4bLBDG6#R<l7Q#;w1dRoDm
z!Yi%xiT~e+B|GKDmBsI+zMTdc7Jsx%kLa(bt1ZFXl$3b=xfDIj2^$|Y@zE@2Uy?=}
z*BrCydiiki<FR7AMTJff?whD{UF%oYlwlqR^twFd7M?<&ydUfbJE$AC+7^nO4Noi&
z2=3c21RpJwg<K51_d0S3e%9AQRUh*ZJw4I+)(9M9=B(r%ErDs3-dXWw>&7MAdqq8R
z=nF~=?th(2=dd3Tvl|*@=(4v-7Uvzrk4IB~Xx^tqU&+;mMT)IgGA~ID<PmdZLM4)5
zrIY-S+p$dFt0mmOeOaF+DqckSII1*HQ&>KxoW;Pu3vHu*%?Dplgm}{;o>rrq4FA23
z1n4t^@GG@cxzRT32Ik@`Do>k!66#%>FE85YBpboIO23v{JeDvo9F+$8e>?O=tts<Q
zUGR_U`s{qaJ^Eo~JL_4mwA&%@o!x%m_9%VvBIj{IjB_+}#vo?pMe&hPj2MwdPV+%D
zFhB&yr}+4*AX8#-d&*FL^ycY&KWBf2?AbNLc9V6f6AIQY3ezO-2|dU*k3sEACz|)F
zVNHk(USro(n$Dw4rVGhk5@vR~|9s$uInh}Ev4MUPbF6s8#n#x3TJK=W!)kF!MafNc
zYJ(^BasWAL<Di4XVl#O!yXogydb9n{&L_{GmR%F222tS%p4`WNFSPJ|%l_cYG&7Tk
z?B{pUtff0!zqWh7OE#~P_S`0I7VvuLjKD~EIX38+7p&o|q;;3BDr?KecraH^A*Gc0
zphq0eztB!iMi;a38*2Q)ZQA<`Wu*a8ak1u3>?+IH)6HC~!>dUwBML7mB<#DAYI?XN
zv-d;E#H40oR!7Ozm3l!@UO6n{sfbc%`srFj0Ofdto$O)*t=(c_on89G+Xu<RTe;H>
z_t_4(Q)%^bK9MgfJN`|cZ0bP<zhzbu4>ZI%@HE6cJNBv~c*Jp?Q>wTS;w*>QEXD>E
zZ6*c#F?K{zAw?`f=`Vsc7Xgf2o&E0gq|-7%0fMBW`4#A-Yx$Huo)!mGDw8=I(&eg-
z<#6(L$00&yzLV$1i(Q=^0_bZ*4_aWa$0JA*b7Ux$`1f1=IDMH5ng$30VrGaN&Ot8e
zC@}t6ZU=jEzd-hdvRwR`Td532^z;Zz5|phO2AA>;{l)nW7M2c3E0;p=EB0Y+u8@n!
z1>#|rEX}}h;%+1lg?l$qr%xL``Ih1KrH_hNx%2AN=Wb^c{A#H4Ax?+qV&nP+uA)EQ
zSt}Sk6So)b2zsHOI+FJve-Ll<*a>7)($9?$5|d7^li?~pmpML<$7lDT^n!gw@z#7o
z94>z062?Rt8=Ff4+1{0z#{^_%Z~MG2J`{&f@eRc!<9v;!gw{hrC##nY3K+@EKr8-}
z*{~2G$VHE;g_0<70E-R@;5~6VCs!u=45sPqaC7#$#d8%LmZMyjjn8*vBwt1|>_#ng
zE6LVA%#|&D2wlKYQa$YldG-kVsdnr+f^DfKuMXq2cej-r%?c9u2>rfWz@A}Qx516e
zt4+_O&&MwolU*M3F($Avb2UXN4`P;x>1QIZe`B_NU}z^!>0pUrw)G5U9fWWnAKr87
zSYX!%Z!0qQi8}XNecq0kbnOp3$x$_(d10J-k(HzVJbhIi5yC=ED0!J(nEzC?t-m8Y
z@19w!rXFI7M@(l5hy2OH(|la8pzKoJ4`~r%b`C$`fPdM5p*ed$Ri*iIi_~ph>x+1A
zTBOV!(X2M{8KEoFTFD3<#0n`Lm^>HKwvY>yZ$a0~sp?A|b_uf0=dyaws2R(sDLvsd
z-4TCV{QzuVf2&1&(B69x^|kFW*39MG(R0`VbU#y(Q2oyKcf@|ykx%6nYlh)&-!pd2
zNZY*2RG%m~G*-JfqNG1(C8L~Z)oGkJ_0d(e1+tsdk@Hz#kCW8MSAf&rdt_*_thwTA
z&6@Is@+g2D;&Bfx<hdsX=pYSD+u;RddR+JdE+gfga?9+0@^*}=e1OUhB?SJ7fwgTZ
zcx&5c+Dtl3p0eEn%k=N#g`B435(9r$y?|4rjoIZI@<Ngcx#GDDefM`tj7ob-O{NKw
ze96^9ANahBRCgGjK4~9e<Kdm5#2wRY1htyj1jhCu3aKe92~_OJta6TA1a!*fZi@!e
zJ&$^SqMRasPs1#-EcBGcrO70d*k(Pvo`-v0sbhIB|71hXRFBX2qR<aNEkozDF8E7Y
z-E~12cqDgUAv-ZMh;t1?230QlYA?hK@$5y+5o5ZIJy-2~Fy?c48`nHN$Fn`yxGQV0
zS)OC3H;N(CcT`(9)kh3<IGPtxHRv|t@hKtomt%I}BW=zW*pfWClCHH%$)8ISvjV|!
zmRC1EnIPa5^H02uD+>AX;NFe=^e{rPMzO49dAMb`a}oZ<b_!{B8QJuymjvDNx7{)6
z>X#Wy@_vPS{cQK#umdqH%b-#dDlENoE!SP0_jIB7&8J!KKfuLvNSZqscl6WKKdP|C
z#az^dEb}*0;8+z&*TFPC&WpvxGyWFWq3R!MU>vGw0pBsz-mc{-)!nA}WB8|krM%@z
zEdiYhSQN;DTY2p@K9*cM%E5b_Ix2>$O=2dYRV@+Je1<OeZU@BH7)&ztliHvFXW;a;
z6Ncu{o{dT7I`stsq??6gM*v%VL(NF~M!FRfh{HGGk%?QU!-G)8f}}Z7|5j*2w8HX`
zs%VozXCR@IaViA`KxOX+Nh|oRU_hP-jUdD=_%8sGU=KoE%PrEiD+IIPAA~q-zoZVn
zfN~(eA#r#fBEV%L;8GNDDP)NNYRyKB>L*F06a^2Wk*Z7rnGymP5%8eX@9=ik0~nAE
z$d01<g`sF?0Cra_2xRS%g-KR_-$n`DhDj!VaFMMe3Jw-V)~5S5g#nyvLV$A(;0%~m
zQQ-%i#R2789>iQkG?MxX)ST%r3*wqRD+gAf+B1vY0*r$f4+rtTgv7u}%9>%^1Ib92
zc4}6nBpx0V0+dmoTJ&wEMx_xbfB{edC^Be5W@piSs-Yw_2X66DwM}?mR|sIQX;PJ1
zaril*A%wUC-1?vZIiR{Tp=b_kav6U!UNcFIpV|{yoC2=3&7z>35XdblBhBfJBbn(j
zBu8a&#WWmn;kN#Xnq>kkC<By{8Hp_K#I-(Ayb1Pb>&Oz_1KJ3i9f>S`r~jp~(;&wE
zqWbUnPN;)o9E+1i_Z(R_<3Gc^!6B$kh47%bS`0~4^c$LguFI9QML#kbZ<PgA+rxx7
z{!cXhKcZ65<G&<*KN8{klHYrhSZ;rXZKa8UY7p!PszusOEI~Y=?P(MaU-aKW1+pcz
zt*;r0aFP1${UF`%qCE`K<!I~SWT;zZ0-rpx3cD{={-yW^&;4HtgEx1I&$QIy)>-ho
zSY4!+Fd>I-*TisJe|$!nE*rzp&S=C#r#M@O0W&O7S0t4v2|4&Vovk2gV2Mj3F5nmm
zIwVRkd>lT|FaZ9katSmt{(n8j9q6XhTB+uQXG1JN266D9MxX_c(bl8MV7ANNPkqYO
z{v|EKOAq6UW*qWQ#i0;18U8+@R^=}W`U#E7r%_oEdUB3t$R@#VpfdwGq$vYqXp;uH
zR+)BbtIVNRBq+ceXxU+0$8ZR)D4=69Md^xyN6%xGlw%J_MZt+ciIxqkfPrBMU;a*{
z<YQ34>|3dP;`&S>ygLUF;_%5t!G~{S59l0>Ky|3lAy<&m$y@=;C}s!I{4|4~<~#wJ
zfJI9fT9r9j@6k84#~?~*LSV$HlZb*-|5s;ppzkxGLlOg_u=X3rfOKmEoLk@jpoBiU
zQwe2}zQ!P311JB$yR1Nk9qxOFevgFPp^taL7+h7jm+BK$3+q88yz8Jcl98?`)%Okc
z&*UHf?uJ_^0UMZuZb=AtCoaSZm&Qaj#N}w|!w+8&&jJ!v5ivn+BHFPQr#GrHYfxlR
z3<85oxP-<t?7?_a_}7`|kV{4q!=m5FBQypAiptM4AljZ8;y|cAv|eBKdK-#nn1%b=
zxFMI!bvr|6I)PUj-A?$XL7fkGKkRx;q#)pE<=mtl1(oG+K-Aipis4iYeVoR(&Q~yF
z!IW~V?hXS)+Y%oKApHV<8aIkf;U*i*tz;)jndb5rbN(4cHd|IakfOG;T=zVG0G6OU
z!XWZGx!EjZglx0noKyyP)@ncd@6wdM5X7eJ7xXj2c+4JDJ}<0=9&R!(3Z1;xOdeZZ
zJ{-tN*VPaoqntT6Y(8c?NB#nIS8~z;n?!KONVNj~RPVb*<6o^nFS_(>*H9~r)$U+I
zmri-}uag=)2XMBy#^wZsVZ|!gCVx*N65LOJpQWfmMR{et8cuXRcJ2K#&V%ycySvT3
z4==Xr@Ht}N(iwQ(BnO@N!oqaO!pso%SnNret=y|_tH<A0X}qV~XEM$Cu)Ko&%!6sR
z^4G7o#l85~Q|Rw1)kk#Mp}-sR_wjbeQlFvG?!=<1PLay~#?*fO+{#_}1dnjmhf|OJ
zE<Z6EVOvUC+5A{aS`l#}CN}A&{sSo~XUDH=OO{^*9r-@t4YL)|=TpI|3)dT|ww2vx
z$yij2h*aJY3VFIRDgP9V@q&W4N9s+xE!$aewi6Aox$BtU8W>3OCA0avP+;<6$2_4T
zn~#~FL49S{$vbT}vwJYZEPWBYOWhYNu9jLWDgmrA&tncd`G&iS{gG>{lvr!YN8Kxk
zJpF&HOMQ18w0>Xop!u<u6{}saI2KaPL2(-*A>MYxEF>#hY;&?E)2FKK$XgsWt!Hsn
zj<pAYI+IOPrI+ecD@WRcda(&EbjQWAqE2~TeOhz#fTf%qGc3ti$Hz)GhZ2O$F^VUs
z#dE!5;X@$xsxT=KLwOyS_=cdZoNu&!MJeu(#tXl-*4+o!^KLLX_bU|26RuGz{u(L7
z=S|-^vQ0A$s$kp0>_Zqz5$#tZM4><RBO<z96z;$`k|*t~;>r$St@P=ph%e)^|6$IC
z>JsQ#7_{%YXsuDeK1x28@MD;4EP*BDJB=KjQGwYzErc_^bQ<vGx2<Mi+ALiiR<Cfs
z?ns^*FqEenODKC49j-f<rya~MuKN^7yP2x86hz7|)6CiB@}@OAmq%c+*YPM!FjIMZ
zk)4uIK=9}DK=qhDAEu%DU6J`dFXer@t%_|p9!r`nY@`Y7dm6dXfN?W+BMy7mqq%Cq
zcOL2A`PZ^W4#osF7j_>AvK*;@f3A^XO|w;r>{AF=(yn<?8vJekP+-Px&M_~K7nM$1
zDxPFp7)g~*n>T1N^!Z1sQ{2wCg#N&@&x(F@*AST)8@tn09Gl3d2IbYB^`tw~EJi(;
z;xmM6Nz^nd0h_S<sm9<tJYI&Vz#b<_6zcT2o`Bk6nkKY0N*lisCf<s#S$MF7uL6k~
zz~VS^N$n?h@4PH<&oFAG^xYzrIu!P`XL)!DEi(j2*ubsBJP2)HxZ7(Vqrd1DP-dfk
zk$g1VKH~Sb@EECXzr)$*lg+UFu1^##S56?_ux=~%7$QQrKEvLF*Z&;3xNH$RyiJ>S
zvzuzHsdw$lDRo=QA<a6>&?L*PU|<t))>0BX!q?C|Bu7+9XNZS%c7%Ix4|Dc8l2bb1
zuz#><bUys*kc)Wb;SyLt*z$B#Gd;7NZ43!&#nM7-Z8-TC4xwp;zh-eQoO)^jitZGL
z=J6CU4km|$x@FWU8M}P?tR=^^o206prGacW<@1EJ3yaV^<{HEKU|A3KbBzp7fzq!%
zFnbz`K;Ax>UB-0{uN111ovVdtjmRXAABEuh4;kwi?!HriW@uamPvjJHggD{i6+%3V
zVm4YB59}T$6Ai<eeSpnHWEJU$od`b*j8PAPi}x$=k{(fxO*Sax0w+l%)&20dgc^I8
zRL0+hj4|9imeyF29KD0k$#Sa2n+)%Qq~%%c;cPnw;467nQ2i__H|;;s3ZAftyk+s?
zCeVoCz?1!Vo9{!oMzA8|2IZE~B|cpGEYF;e3JO>D6b5&tV~%GO;)spjXCYdgG-_4O
zO;K=2Z!iiaPFkbh9yBa#c7n)o=N8|Ng#5WD|L^*J0d=Dw=?oUR-D8I7!gqwRKBBV(
zgWP}lPo(=tFexfn@I+HBFWs`D`p0TL`NwqTuB_rNZH4v)(*0$GS7={RGG1m|bPm<a
zq3Sy(S|koZ<<<3W(`lb<%Jb8q@K1T)Eo_mTeR_%Y{5{2CcyiQy^d+}hVg2c-A^fs-
z@#E;2y)LhC-n@Nesc<Xf-cw}X(OvEX`-1BR%(Z1BZ)WzghV5Tn?&`WUdEO6j%$@P%
zoi*Y^_a1C{vpl$NsWtiGf?4vviQ&pT!|@cdoUZrJDUjyaH}M}8x~=F(k^;uOEc7;O
zWN=F?`{Ju6hl;3-3bXK(x@85~vx4F@9@LEUF4P={s8M3pMWkTP-4lqc^f22v!{(9;
zFPxbFB$9GEjwc%s4gQVMEUx2AoAXhYb!22^JR6HoEsja2!L0A4NEj;QEVk8&A1aKO
zHJ{X=Be3+^&Q&8Til>X4OuOSM5Bu`=mZ|2G-mtOArJEd+Kf|4=c9`CvvkEfB#tl=j
zy{ebNvRf$m{LNMx1;!(Mn{vvfu)MIA8(%OBI5#%^Ttjin{uEEV6nBbAmP5<QXlN3|
zh_Dsn{}q|&sejUH=r_ZhMeWCj&MnrO<hcO@3^`3=hgip)E`!<73^-fkyq1D7*N-DM
zLf>((h=!|i$a(+tQLr!?c!G~D=ZeBdQl7Hnw>vp;^B!$kP9t2IQF*Qe2%^SXZx#iN
z^j<lC6b@c17~Mw{W)@B=Z?9G>+T0DiJIzzgN*Z(Ce)0Y+zhbKV_3NoB1w8m7o5Tj`
zjOkJcuETP$CSbe&ml;H3>MqBbf4$jrK)joEq_K5fO)==na?2L6$*i_7iI5rMl^@C{
zy&MUg4J`f(7D?yi+T+=OFiwH=8CNVZ0Ar_f&R}f*Avpag?6yXTel6c1!P6H5Qe@x9
zxD%d_Pks*g`^Cp1q__V_`~+@zp^O#GMRfqtY3%O$u<Eg}yoU#6Yqr=9R;X)4oU^X&
zgJ{LggYb*L@dh>8&ET$?n>!a@YkP_0J{MN=)b0z#fh^{zocnl*4^sV_PX%U<Gmx(Z
zUo%X9W(`6%%#W0^g4q@~Azvye4__;st0vh^1Cnv+Vf?0QCj7vp>71~0;4Or;kfRf=
zSFzDB#j!{Q-mKxJ!*i5GXj|2wc*WAeNY|a^@`e{PUAyOiC|0I~L@R>YX~}-k{tC*4
ziBm(TK=HeyygmEw7|@DQ_cZb@IN$Q&cwT15I@?iEL<3eAqLQ`7W^}wyb{Vp1a3Fxd
z*5|tc*b&H?$FlZeH-iQRi}(|Y_wl0`71(ZTX>}*a^%qhq1XInAh-kh2R6j6(<WcmT
z=TW7jqP&*{l0)n-*i0?7#6*gK5P55ulRDj`=YYBhUf3pCwbIePLd(7-Uxim-8|12%
z<5X7gVdPQEU+^Qy9T)Em6h{=Qnqul$bLC0~rPrYS{3p5>u=%LabGjbrnGr2~3rU`V
z8UCsj;T$>6J}<Hh&fOv02b}0jHXLTiU&(hKx}35j?&{@Q_CbW$Y6z3?{*I)qmVc4^
z!O$EDhfq^OC)-l?)Jbny$nG%%HAl)Ne*jfMT8tXI^;=-gP6OlaEvTN6(Q2>`0fP}>
z3Jq)!CwWi4TBTPC1-yWiJ%0fA`>)ks5x#(<H2VH<y{l&ScdM@43-|4SyfvE(T1&O<
z;^p2?6)-|xd;w8~u_87NP)M$|Dk-<Z{AF23Zu%b7h)>$K4GKv)gKd*!?VQ1ovF-^t
zNAc;YAlXhWOUSzjfO|6j$}`o|OS;BHRRQ6y?MS&u37sjhMiwuI9ZdK`i7I4n^0)rc
zXF`Vtc|{Bp*HI|!xf*!AhEmH0hMDE31gCt(iY!mCg+-Vxc7&0YMwthY!Op7BDb98m
z`fOr9yY?|dm>%B6pvHFrBRJE0@D@BT67DIznv-v^0Q=He0R>Y+kBmlyKb8S?^nK^p
zwdt+y#J&qvrp!@fB-YQb=Z<S~z5UE#SU-_?#$+Lxb!#Bk@X4W8e&X1M2InqaX#F_O
zWzz_->RTu>J%T!x|MSH?@Y4f7KIo)i@+v@V$m&5sPNNT_swW9zZSi^Q=&0;{7VVNk
z-K<)cW8g<ms#aR;aJHXrDSkh&-+>hxKG}u`=OTFor^0{TO&x*o2xCM9FAsruO%~0;
zynQx1(5AGY6_f5$M$-Lgh*1_9cgcY&az{3X>SDGv=y;>AF$O<dNW<YaaWey}6S#?}
zHt5|0BNFr$>n$a>k~C#55}hzQE?Ohg^JTuv7bzreQL3v`JO0?TY^t%*ViQz^@wC#M
z*-oL^Pu+*xM7}qA1#_q4=|b6)Hq4OWZosc$(<8KrQMyBm5rPCveq6@I@1`Eb^>EX(
zr5mM_JK8!wIJTJmMb8k7k74iNV%@Y+t<&|Phe3ipvY>3uBa*1rJ#5V)&8fa}vsoQ!
zK#c!FTovbd)z`82+i2A39)0kx_AoFnhGKJ%oJs07waRE;o7*hBQ<k4qRe*hBTm1R@
z-l?wj^&Je{O8AY%GSQlSJCyMUjxjS(J<P^C-X;U|!d;)4Fu@~Tsk|}V;fZ}{Fr|hQ
z?Lx6zCjVANKZC*LOiN}a4(zGGnt35R$dEJ>q3T<73=~S$52*2w&(yH<+9L?NNI8b9
zdzjyBT&B<*A`+KmUGCmF#4+vwlc;|`V!%H5utE6>rG6DU#orTTCp*5pe-`I6Gms@F
z|0A11Kog0`@TF_;Qr=BOYvt13$J`&zhsH<aH~V}mE56m(rOR|V%imp)rIyUvsfrAE
zaf}^tF%vhFdxbdrRILs2D{8Y+7wuRom7ogFm%=d{lyFtYmyLz-R6#yt%tKK{%d47l
zN9yh|3_}s(vp*G7d~3<4E;r~;sVBW!WmVSH8R4s|ifiIyW+55UV;y;pgY_avQ1)zx
zFlX4>%niL2A}h#GN0lAjYOJ<BLhPzAXBnL8X1hV^!kzD((X3)*Ar)DELwPtwa!?xI
z4z#YDKNS<N`O-Br*QNN>Ab%AwqMtMgSS+iFhoN|;&K{n~hI_kdf4c{B8?=+)&RI0{
zqv-Cc1vYC)wt{e4$GHLi?Y6!-AI=$Z+;N!Tw>BHRjX0?Rq=aQ@v->fqQFgYq0vs!>
z_g)6X4k5O(0RpyIXM$vM7=s6Q2YYpuGWW09lCtw3L&uFx^0e0j4o`*FSAK_*>!U^(
zIt*V$fo^d!G9H5OwxMTjGlZW}v)vIlK29r~BL>=&7Ao=NtHs_g7AYV7{)tPLA>V~$
zZ-C(EIF>t`hH#0s`3n6?HNc}5ftfKB7gbxR_7@pZk~1<2;rnpw#@921AWORE4g1nb
z>g=`4lPp8?Jn{j&pSUKM>fCJQGJ4y~ScxUhftb&&@2QWTuSVb&@w3tLSec0DX!ReM
z^GhexcLMz#^%I+8E1pixHv1b)LiarN7BEq|NZ<F<Rd}wtE+s#0Lm5;l{jn>w8Ivx;
zWvVdrGLW4^_NUu6gm$*Kz>u%4o&Uj>UB|7%z}6xmRaX4B>oO-|kW)WePc^4!XNU(=
zsgH=ZP!vvSo*|yCCYnVh2WrL4C4D3In!3C+z}QA;E8v=Wfbros&KB1ov~DMtp}_q9
zi(wIaooA*6!TkPY2-*aaVTjVe`OLE1x&x#~1Ty0qztXr+{aNDSbBbvXkA_U3`01om
zK9jDTh}Hc*#etp7rSPIRm(FvB(dHM?(CMB4B3mt2_;nB5PtIhdyfstD1Cc&eu^d{m
z7E)t<o`DQHsTDYGS43PxdV|Fm1<`B0rU5I|Y+#;Fhp_|*Ve?uqVak{Tg~dEC#~SVU
z!*~z@|H~h<J;QZ5`#B997TZPuOA?ixhwvs$(i<W6eqafUp*P0BIbILO;yTgnWh8dZ
zqa}cGjf+~9aC{bD#!<O>2(#~tYyEA9?)u7LE>YYhco<py=rH7@q0pKed*hldJui)+
z;}V9D+xDYI<zt3uBCD%X!O<0u$+suzAiGL$4)eyUO^#R~k=D?~a+ApIqd=J*%;hWH
z6ZWf)RBjU}B<J@RT0b;XB-2n~?!l&wD;Y_gA|<vy9^W5vef#l|+=|&|Q;rW5rZJP$
zcwaMw26?sslTE3m5wL99tNS|SbHwY98gS#wN8_(hs7Wv=Gz<>Bw1_?%sDSo$``_!?
z7eJPJQBc9YJB*<=|N6mNW(YFmwKbpN%>PLo&<gtsjQ?b}kP6Z{oi-aJHy$92w@6{N
zav=5Jx41}`9PIRFy~tFzWZIu^u^5U&4_3L6a@r-H9CdEVidver6?nMEix2o!ldJcm
z$n^b~_cp^+_IFewk3vI$jM^7rin6tCtml<YwR}*%NM@Gos67~d1DulLQm}2%4K8XH
zC$jccre*>;693rCeT0^ARn`kuN#f@<$0Mp^Fm+F=chh^X8^3UA&W~T~Quw2PHJBxy
z^F5=AUpEbx)(p+B+#3XblNdGclpBP`QMHMb8_RCXe6k&h7#5)znNAW{10>#e?QfZn
zGyfiqs7<`G)%P|8zBDB~JMR6~a@#qPbY6V2xVmJg0x5?JCVO(w+XH*|xq4bFoXpWi
zo?UFNPsXAXb&!muNTagV_h=H)$Gv$o@d?Q;&$m2m5m)r7`JL3ui=T+DNPqKNaG!#P
zUjU?x<;}#;@w2J)&&w}=A)h6t+{KCkDDjCrt>Xs8e)zpqzXTtCzh^#OnX#FA#)`!=
zQ%j%5YnsA2gncQdRz{Grd4u^jtK>FC_EC(DQZVX_q|0K0!!==iR*H4w2*RdDXB~U-
zvfDpo?Hb2K=cvW`fi8DZ500q=#`{WC{y*OAn8cet@@J<fmkL>hi${?_cN=xg5uG=-
zQcz5Yl*=8FrwfX0J#9x1D&c0!TczAL`JevbXRVuC(+oOC6+Fbh+?o!#2A`2roa>Ly
zpvBdXnuj@1zunbal81z|GAf0{6iK-(B6~_#%iwxV+v~dB2n$Tc{P+-Y+VC&bI2~w{
zc8D7!g*uPKcq1QqKb5;S9bODP3pb^=?fvJ^R&y(D2^1&DyGQ5~V={cfP_qQ_7q7N9
zbr%TIQ^?)*)xRPgI^tisI<Dv(H^7*;I;+~l3<BN7Z1_9oAM)Ju)@@$vW|=&$m!Gwl
zz*p*oCs&`%f6bFd6lL{P#zSAh^%7TeDoD>gXSPXABFj$gjlB<@Rm{K<bQI&eOZSrC
zS*`E4C31H7<yEjOtu{Tp^Ai=1hr_uN!+Zl9tj@RW+M5AUMIIcj{7kG#6m=`=Uv;e_
z^--#JfA_xJ4u?KEjYT${-VBFsm{fXD95VOG?Y@ZXmCJsq!pUwx6<;w37Z%t<<|DuO
zepeOvR25iO;~}MQCWmzn?h<k&r}dRWUmfQ{^W3*o(AOp;W7sPsh%5%->joG$<Xx0L
z;;C&VKQpio4N1go!@W~#b$0m6%v=*yEBB}I%Q%giVls`C%-@D(OWfeoo{0Sj?@U~f
ztP$JT)^@}t@<v^*69$R@MMQC4B^{Bk`u<+2tdyZT-^0O3{OU`V`<3_8hV_qmaqmXj
z<K@CS_w<PsJ6Z3>Wr6$S({an$4nt<eM@G^Zt(XBI(2ZMi+f7~ME4hg;Nn~hcaKf*F
z18!I~$7{QW=<``Mkwmb<+yZX7OFt#vjprJDHvUkT9+zto{YX3(*<5)(obreb2+Ybs
zwIzQEYTmDkcjSa}9|_?!hw5Yz3+y5A-P{M=g>UF9Z|9advC889#V@2N)fcUI-^1X$
zH}Njk-E_#m&{Pe<naG*V9kpcjVj2h50CtaIHHMg0K&AMBCcn2XvkmQMbY&lz@fXdR
zv(*ii|HI;-S)}_*$d^@r`5-Go>T+nq6?qFdajJGDZP_U?&)ZjAo!sw8UZLE4L`1fK
z*-gDimBlDevMu{ivRt9Aqne9ew3^!S@T4j;8UDZvFVK;%*8dK!Bxq%-@WyvWZKOTl
z5n!kK;)WmJ$YbRLud5(Mi9T*8`~8belH<I!8AZK49@lYrWJm)V(NiQ0Un@H?URq=@
zY3n%*x^r0~gU=alrWYw2k|u?eP&VUk?Y2)thJY^d)`HW7p(#rQ8=LI!v`hu^6a`MV
zgUAH$W%xOAC$6Z0d5*w&wFXto-l&ez=#1IPF2{XDqp=^A%GkX>#fG{WbntWg;T)C~
zGtmiWPO4Qc#Q{k^lW3^BxeS(nNy_2Z0jzn~zIl8N3+;(A_D+9bCN(*aYMX*KkC(b(
zZXbdXzxlfK`FnFxj(slkb%D{EOe6BpSI^`cmf3@2Xo9W`-6DpJW5HYo!Xm4m&umTn
zZh)6126NJ*opMKX^U%We0axlXG(@(9oOX<isLy!}!^0v&-7@pqL){|t$U`jzVDE%r
zL@-nP$5mV~(@^&yBD)9_dq8<YF!^V(gy0lw=Y-&%I>2TiExF9tFMm^FR?0kI!XY~@
zzDa4*w21x4g}rBV8Mg;TW=9ii@Tr6>)li+{vh=jXY{i4gCgTtO?vML>Ti&;rQkp>s
zzu0&kxk%pGTLg6ym<AQqS1V`}EGGPW+eErMeX88|X~-VC@t>$|zX6(HEa`II>0N1J
zo9ah`G86TdCf^!VJv)qC4&8|TUk52jkR=&kSPPHkDOHoQ^y7Zs^=8T^m<W%lRN38P
zG>1Cts#?;enowd7!iLHn%;eqH&<hV|7Mm3$bM=<{1}|=W?+ElMvTPVrWBV<;R7)Ab
z|Mg?TEKc*i_Wk;3s%)VaLVVuGY>}|e(+I~Lj-53in=*0J=)fG<_HzgS;c-n<Ho*V8
z#O5ESIe4hw(q3j}c;G%i;ALvynWhnMk*gkwWb!Vcp$<*mN}a@M`h6Bu9ehteZX*|+
z3%wjuMr?Y-_oh%DRW|DX*(>j#&u_aO@|8VNK6pre*8}43&ncS*mlICUqC@#!_!N)W
z82Mmg&TLbh_8$I&WR71DtmD&&>)(<*fdkcW<y*aW^Qtbo4H~Jz?1|#Nq6y*c0(0!m
zCu_<v%BT<)_Y&=1&gC$u3mac}56MgC&PRwDf0@`q2y1sW^e_L35~3w<n!e^ydq-U%
zBf6E!uhhg^Uw2Eyr*`m&fu?S_B*<$fW`{u*Z;c#%UN3~jUU6pHugcovwnKaSLNO1E
zck@_C+~~wA<d^GndZBvaN|+rvr#R<3gj|v3PG0Cm#T-K`$v1q$H#=?PK55ffYol2$
z^*~+FbIK=n#7U{AH8G%HQg9EYo`>k_{(G5zs806dR%&$7GKuQ~$BFB&sar~ti{Tth
z6;5*lj&XkDpC?r!CpN1Mq&2j}ZpVuod^Ez7$mfTaEt-P&se`59Z!Tk4d8c_3OxY9m
zX%kc;JHEc&LuP@EzC3r0L&GzAcUn{>X{lZL?JhScVP2YQ-!iT@OIPx42~n%C9iPRB
znVU88e_kuf-z7A=$#@&cb@NFf-z16Os!~LK`mitZT+s<*{K+d@*@Ukr#VzmW)2|fa
zEXOY_Q+J!OVg(od(Bf3n=w&%XV|~Ad?y4W>alaP(T&&M6P>4_CFlQ1r<Z>Y>|Fr$g
zt@!ck9&35*iT-#7Uc32wys79k6)9WcY?x#@#x?XeX5GjH#3(!@Kf-Wwd>psMb2F;@
zqoQwt*$tTR4kH#=5RJl7XP;l!%)gM;%LN6zO)f8!12e)XilI{lD01*T#K5fc4|ou;
zzX|8f7ED|~?P!R`+<b$o`fG08T9^XSQFJkc|F8xLB9FK$zWYIb#n@4x{?zBNb|Q~d
zug}_7pA2p!R*n&Y-{PAGs_Od3Qx?I~7Te1{oX-ldQ~r{u5KDF15^eV==Ifj=iwF{p
zm}JB09ooJ3EfG8B8@nfqqQWLy8|}aZA%2kG`!+!rPU7osvcq5r%M1^y)&vKZR@Grt
z-4i5-F|+gxtKCxLT+-SDd*fdVGKbEo?RzyTm#(jC%kpfgPvqi$pBCWm{fI+3WEh$7
zmzeGXbl3emGxnbMORy{t=wv<geHZda!rA(}POazY`6!(+e?-W9ydu3}3JzHculUlF
zD%bZ~FGPs@i@1=W3X<oUg$N2|?V!iURpcNR9>m=W&=H(5TB2aNn70{jfI49UX1<Z-
zQec*T)&#WX)Noz%%E4>B^1g+3jM83jK7$v$9kSn>Gm*i&m~p7@vehZa1rTGq8P5}B
zYw29{aMJb6S%oVxP#53*p9+1(Hv`gRjJn%|n)lnDnySz`#TpOuP=Z6WhesfoKWz$z
zTI7~AtSkvMXVMK<E?VUP--WvDB4xACXbuh>lIxzkwQquJHxMuHy6>5=%~-)UH>H<0
zqnh4Sh@oG`=khFtbIu&D9LHKr*+sgFS#4fDt^ErMFzc)zJi0I%VnsP#Qx%5%cUH|`
zYVRwYlS-^H(}-ZqkA8yOv{x$jvM_`?Q=`1rWF89&ilvtRL&YXe$f;4Q5&PM$f)Oi_
zPl8T)%sj#0VFiq80aok=4Qq`@88oV#4xz%1wUK5u#Ptz$##cY+I_?BB?-WeIsF}&u
z|H_|J0E=hyv7JD>oi(-<OR}-&0%ICMr$IGa=hCSsc(XO`Q+a*J?{XcH(MkXmd*qG@
z%?>g;UTsc7nfrAvAWS1hr|?c*&ve<svoVua6>pri_Ol*a^J3Zl*Hbh^Sb_YnuDFvT
zy;ko6%6lbrO<Uq5HPFwPfIE3b#$IS({F(V5nEN_WGLMs5|A!QNQ95C$<g84o#C<J_
zCMnf@$&Vpa&z2|pgZBdF4K-$uYH0mVK=dCdW>LF_(=%c+gZiff-4Em1wM+19-{n74
z41X>Z`h?{B+&JZL1oz)F(4@fT;J?zEJoQH6I}QW3L7Iy>cTN0!_5Z`gzLj>%9Netm
z)-^lHlx(S+qQvxv`cL!yvD{e2aFpal54R8I%;A%fU}}TIDlSocoISg*c1}?2#%B?m
z5X&PMe835X_8`&7EpgluQTJivwB0wZRJeJk(7EWQRb}bKgsDyjDUm$-GW0)K?4?gT
z<$b)gq^IAI{8SULaWleBmdN07$bY=p2LZx7gxR2`(rV0$ZP+y>VBvj@U6u(yyydK7
ze1V93odP<%dOEC$ib<sV<^PKpTlLopz0TB++bmqD7$X`Nzs?C~@3vr#e^=pA_CU-H
zk0tJUiuayR+L2nuR1J1kp3L0*BOTR+a@I{%SG=54+zoM9!<yUcL)^e%k_nkzDIo&?
z_y@z&{txjpv1CFI;@&a5uiml#vrt`kEyuRtVa;+w;kAOw@53}AB>?BeJO&I;J_{NX
z5r`syoUsECk~ii_41lg4boRnTtZ!@p>WLB<yL{-7C*R@Y*bIwIQ9-sZeAMD4QScyd
zAQ5AmH3CS}0C}2Kx*U_#=#+t4{9u#;Mi6051aLL@<<nFW#HcU1Ss1EHa)%XwoplZ(
z#OVO2jV^$^@EPQZpo6_D0kEcGL|YU*|8_<YK!<GT90dR*&t(iq?2g}Wa2aEGE@UA0
z8+7&Mjp$MVT+?&YSja%M+5=SpNU<|}K$Uv>i7*ag)IS6O#^i$n_<<a}I^{&vAbDPv
zW50>U@==I_AMRsGIi#0UiYCQCdI;!b(>H=??4YB2gU_ST#f#$b9>M_RwRpQ92I&0W
zVvqq3dJE1nz~a2oK5v*D0l?x2p+nAe;#v2TOg~V;ki7ec(3z7#F9F!jbi>CHOz;T|
zfD$pILnZ+il5&6>1`0@f31yNGI=TY^F~UcO1fHpnYf%UaxCPvEKJiLKAshY423Rw%
zP_!yE;9~O~9)trVwgVCaiv_4W0)@M``0R?TvdnFThqCqws4+n0Hochw^xE46iwK?6
zXp;<R9OpPlYM3g3SDT_hha3f%AsygS_U5D&fY$DCa`*u7uk+`CCTRGr43a?swLq+9
z02)gJaLNy4gi9t~vJ>*YiawxS7^&VgHVvr$8^%<aM1!jX;hrRVjGK=VipFxe`Bw)w
z-^)+bnJOSSJ7`BfR!6TPD4_LEjxlzA!)rKMGK|B6B|r%$W-Gf?L%5X%Y01VOXafbP
zx~~)y)r&oNu}RYdz0pptned?9xB6oK3)UNYr}xSWgz84O_Xe`*6&t9RMWUn<1c9cQ
zDycLlVD`TT@t_APs!s+j0FS;fwHkYa4*uR5=IkZ#>dlh2)?ZGQ0#$ZThsTAbz+%bS
zMND?2%+ZxG4b5M^qH&=1PizczkQ;|~*1&923cCHzthq9-OX8nyiKH7@0&`effyET7
zO-1sb&X&5{?Vqk{h0deE>p$@iod@N|3WS|9swSx*?{KP=+O)MP?t#6s&w;$92wd7Q
zl~eiuL;&#np8IC!0Z?FiZ>}9C05>xK+?>^@pUM8GJzLYgvX<!jqYW&OkBl!E9++JF
z&Y*O9QMUY_xWY)*RzTyyTe>!)(_YR|`cEv!STD(4+b#>_Ho9(@2>2(uXTzV;zcU!6
z^SIRLq96HBJYLN!{`oJ-F);4ifxbbc;YsI8^Un@boG0f$&zS3N|9mvc1f~C%D>^zc
z?LQ+sjW6^dw>JQjv>WSRF=MV8eiSxtm#s921QA4k$Hq1KHnoNN85`E&jpP$RAEo!w
z9X+sX6>lotv*Rso<b2^h9;f}M(<U3H`zO?j^Za+v4s*RB_syAG3_NIL<P$$^@k4s=
z(HB`5W=pKLw`P3bmZ5%T5$YhReCDLlwfIIuz6EQHVWML*SM5!ANY>5tUjW}A#(xQ2
z$@Db;B|JeR{dbNcClgTluS2{9YK8x67ap0Q`2X4u7TumE&1lp*&|AEz=wIW_yv723
zFx?*)Lnu&<8r_YK&UCaS5{8U{=ASUBfyn?`(b@n8J?45#uI^5my{B|gNVt7!ZHxI0
zHAf}ZGMlCApK^2j^?$nU_RidW{EwHle_funwKmIqTp_rD^MSeMuV@fMS<nIQzlRRq
z09|1G&%Ml&I#NkrKXE#~lh7T}wsZXsZ~5Mi)3SbAolH-?ZaQOH12ydI)3}DShVHRf
z1W#~o`A%7bY>T;7&o~(r$cnS<gY~*+;H0Dh8P?}lzSeq9FtTBRk?tqEj-k<NXphi=
zBq*M{@DY5}H70Wra{QE>5KxS6W+9UA=hQe*B|4r_&umJiRzP~WkSg(=j+R(S8(7)V
z=XRhnxE^mTA)TnbKor(zHQd_#<A9#f{Oz(m2J6toex0)xV@F<+p+)(5&7!iYBhj>o
z8Ij`Zy%M6sI#&1#HQyJ8ipz?TPvT(lb~Y++b0n6I=KhT|@4lf7(*QJLU;jexp6;K(
z6mBDSC{haF7x_!ea}Ldrx{c>CzUr@>j|C|eT8|}yGi?tT7`hDvkAH;?8=fcOc%I+U
zm$>TG5Fd!4Mk&vvOj^-idQqQcewmy+fx8P=AAR^)X;*W?gLEdbNaPz3g?L0>B?Hx5
z3fw~8)aclMY$E@5ZywiF+uLmnjd*Ay++YsE@f#i@bG*ampWQuM{Y8VmuqLgZMZgDg
zoX8OFanRQMF4sxO^gQIC?GFd+-i?y%XWrxjg<2znqIbt<^K?w&Xm;-?j3nZ{nqLEc
zTs1Q{=3i%k47X=a-&@#nZ``Kyoc|D1AmNV&bB9l$6$>JzSHB=36$vfgs^@nKUxf$x
zbq&3LX68`|f3=f-3f=SD8ekM6GD}Fyt}V4Ba_lv{BpU2-uTx?fU>*?hoA@iV{gX;N
zmm)b&g-ts*!S*U?%SjEgZA_BjEUtdVJcjU4U!u@Y0floGWgP&}CTiu(0(?F-cY8?a
zsr9AO^LQ6dRUjc6A;p9rTsZU6EsdazCD>Eq(o8Eu1;4)X*KJZ0sfbm^c7DTEA$JtB
z4$S!fID6};JYx3G8`lEGDK5pWKyfQhahKxm?(XjH?(R-;*Wysz-QC}z&+|LG@1Ff@
z&zW;i<Vtdp$=pEl$v0K82qnnu`NANqng$iv8{^7{LwVc#J1NLr0qj(;?Z&iyOG1N?
zLrf&zOAB9k;jODkNAEaz_%grLAo8v2VJdn~CJYLLF!PxOsxunm?uWsp9D8i0#8?h~
zDyq?+3<qIhid;D{eo8QW)=^R1mv9Zba|Ep+ITq2k{%#D+SE|*$ExmWzGVdZg*<LAT
z``u}C;&LzX;?TseBX^}LQu=?NhRSOTJ7f*6i#SY)p^lUrZg~ZbX~Bu}{Or?dQ?P|R
zzWK7MfocpEH3G|(Y7Q1fme!SL3l;_Jn3#sY$VXSG^`>@|iUKqJH9C8L2)T}Q?WM(p
z-XV~e8V#0C%J@TaVzI%jhk_6jUY#kxNEp<rriP@cRU{4uDJ32kUt7#BT(&}c^vI$0
zo_m92JA4&Hy5lF^32*QoNd#}Uu||ZLxNnTUmna{luSv(Vvi+wgE2*~$4oOr|1N?({
z!U_*{sgO(kU(e39lniu5eQer;G^mbX>e?DDgc!*-U6uvZCc9YDjke)t)FQP8y0|iW
zC$rnz-j}#;xZg4dBh9$x@!&8|{f8gk3!)^EzT9c03Xfsq;K{+#L~>$h8HHj|q;@#@
z!BVnnI(+$sT%B>tX&r>F9*S32Nh1%@-Y>Rhdw0kUgkG^Z(_d1l%`rinl3zicpO?{8
zsl4Uab+nF7Xxs|f&h-_Cs{L?Tr;ZD>kAFS$ce>pf|D-XP?zDg6gPB1(LK280c?z&q
zPyN<#XEw{kPe0iOhA9z-VYmrpSwuqUea%t^(rhm7S@7k7k*OC<%O%BEu>-ep-nDQ8
z+bj>uHT{xw4NX(UZY2O%KK**80dmiiPt!$0_6HYsRGdJ2Ptj2401<_B6zvJbYOx$_
z15}T^i=d(IH&XSgA-cNd7Sj#LWHr}DXF<_xMXxTGJV^Ts!u%GfXU`MpE%)XFs7oP8
zbH5naJ2=38G&K5vY5Syn_Fk{n_poBi<WKkubpfa6*`-W#eGG2y7I8bOAN@c%1-j-L
zVTlQ=%``*dLr{lpu&x(58Dj+J-2^OTH<j!x^JCJ2oH4Y3Jgom}$wrD63;^4BX;OK~
z26>Madz-#Ax{?5`enn`Mf^5EliclZy9%h2<(ojNa{>#C5tH_Bjok<BIwU!;*#aj@|
z>!6<f;dGx8)5fC}s^62N^VGG3=V(pKGYMJO<Pu~hf%Oq5+AFE|UYofG{6*(0-EHVL
z^KJ^*1~E143pLdv^<cyZQ2&GrMhsmSy-IBdCT=IyBpS#);4G3_nc#X5o(MG%FG}GC
zf1ss$O#Eg8M9|zAE!fcwaR({2{A}Fwx#CtG91FSRgXK*{QO?p_<SlbS)(eY39l!as
z2*8X%x{Q#nQ!9)Ey%#bEIS4tz<l(IrZa#Wxb|pcO{b<KBk6T4Hc>|c&A`TV}1G#bG
z=F^wPKrVofsM)=waLqt3ddAtn4c-p{xeHiJ%!Ah-p|WuExl7IuJ8ogeNp_{J6rL`n
zM#%Z26DOBKg6grMk;p+{MGGVeYbkcyY6r+o?9>K}-^Td}f{{?OW%4B;qjU)gL$&kk
zQ%9CXceb)=@?{=^o4*m^c_V4#$lv|-uU&v{?i=!M3i(vMDRKwtZNXB8WF1-zV&v6F
zyanl;AO^Np6zeTH&$tAwqLN$i&3kmLu!Y7v)x+C;`#N&lNI?}Jd{MXV3A74z&cVoS
zR`~$D{byUTH}kw+3CQ9bDoY72ec^}*r1c(o-wCj|Tnuu**z3*2+dvBH<|)?B>y0W1
z*({~tz07Oi=nb--7wc^?|6LsfSEcav+TgxV8q_*sDP_SwqXh|=Kn7iSFCYa!X;6ji
z>d~q#!P@vj1?wCp28NG<t{v3ijRxYDoCD#!RaI;P-YiABfM*v<FTvhnlrTr;on)Z|
zi15gQ(tU&HyueR@XxFs>Mh2o`&!P3pA1Z1W5M`xcdRPHz(EWnH?;NgX3qbBqVU|Pl
zQ`f@DTb^q*iY_NwVBcHlYB{w&xN}hL8O&gv`y=fFgkto56pAV{ub?5Ea`(dcm%(~P
zMNvgXMTHytzY3eI_wTeBar?xt@2{fcg{4PdN4)sSQ#ev$z?;*;aaSXSdYOc}gbn|I
zSQ7g|X+IiVrNC`)QM1#Z;OlvFhJSisz42XV+e6k0@~FOxVOZeVqQ{LKUS?7?xuip6
ztMtvJ1Y6T<ymITQkA=k5E=1qp`%4Xm3$Pdq!Jn+tQ)Io#jgOuAv9v>3(|=%hkPMY=
zMi>J#bM#E3a2Ez<!o!*vj;Xro8HRql7HlpFNpPH!$kyJfYTnT04WyieC*Os-p38SU
z$S0YWo_nO^A<~T;Q(Zn{E;>a(%Q~b!_r*Jzc1NSEz8*{`T5=`7K$KJFpq=MZEo;jF
zJ$8r_1C}ovnpa2%==15hIHG;;cP-UTK1Q|PUkqD8C!%rq_8b-t<n6(u9~k|%<2Qf}
zqBwOIAWf?9(v6affuY`<<vWodXi;P}0y^kmN`TSI2U4T{k##%P1Fmj0&c5WTgF^*Y
zSshC)m1$H<-NT{)xY?NFqJuLcwk(5O-DNJ&Wncy~k{Do746`^u!_{T6UZ9EGm_rPJ
zZ&!^UwOf4Dps9zEX(pu^KmzwsDn`}W8>dr*FUub&)jS|p$?lRlTnW1@!;oT8eDF7r
zN&~kG&-T|E@_a7wMgi76_BtH?298y&fdY0=sLcS8trYbDdr^!-u`#ZAbkzyR{u&kT
zF|>|Z*d$p72th*suHhoo=A{1qtX#o6ZkZ2n0B+q!x2ynrb9c5=Xf`~Aq1*-aMSAdM
zAZWfx5;VV%q$>3Y%RsE?k@}p=4Fd|XG7u*^rrg$!A<ZS#IB0;X>JjrkMVwJBE6Nf=
zsJGu3F^KvbgGXC6DH<pe@O>vh<w9W&+ppi~PrShaOm;oM4&(Q9$UvCuJ@HyUOPdVJ
zEMkUw17}fOpd_fHumllnqsrg;q*X`~!ixg2jZf6DT;ilg0eHDEi``=oT^aKr(Whuo
zfk15l3dTpu>hF^S<DBvZ#9OUA11KX5lmWhm+XYFJ{HJn~#|{904fY^5y0c>P={_L~
zbwL?QfppaK%aSRp3kY6{h2Il=ArAHapdmF}yESyuDZtLC_8@BU&_J!ed1-G1WW_y@
ztNVv}kB^ysYTl(i`qQK?E{JUHlK`Pv7(3bnSpkD(lmTo`rL)PE_fML@g{G5+1|35^
zT2U>u14oLU;3l*`(*b_h*e<XK@24<s5RriM<YIy#su;LBcTLU9@44Es54>+M;%(X?
zg*{5}rQhHLVyu-KZ`#oyIcKV)?BN-#GVSgPdK&dkpPM_6gc!*o7yDQ8v>zYrdWwg}
zd8&577LtIQjU<=mf2+Z5_Up6l(oADsc|JAv@eB-!W8$a6g_=D{hTMYpt_wF;x(L;|
zPxrPQ!i6$7XwOyr7TC_s*)_!C&uxoUon`~NLCdIS`5WB>#iw2B+9`n2jxB`py0?!|
ziV?O@4qe!WDsSa;T4$F*YNr9i^)>K5F@aZ-r>Xw_HnJNxe&t@Pn(1I+kvS|KvXmyx
z;&yF&x3{`<9Co4mWVkBO@`k;gK5{F8f5Dh0+NEp^r->~84N1i?m7%&2e$B|`jBi#<
zs3S}NZVwbG1&oCCd!0A4gj^*um;?T|QT@sC&)=`TFKI}$MEl^cykE?Ba$s5#q0^1(
zFr7n&5>Xz)2`0ORn&(lk&(JMzR4H1X*>p@hShO5S^45!D88D|G))^{m*%kM|o^Sb<
z&p5RbMkjo9gEC~xOOiT?PV?15A?vdjS;#-D9Wft1&y_hl*yOFtdgGu;(^&eLDVv+M
zh0dAF)dcA%A$q7iF<z#ac2HNyhlQ?|$k$MuQa0wA^us|ccxxEqFFKfmQeF?Ib!kWx
zoZEhXhr?3`W%;sNn76Nd;9d2N`z17QPWd1^xQU5u>g-zx9A4wG6+^39WTZxp-yPRv
z{l1HcV&xy5_1`fz8NwnAm485`nOaSPI28}7Cq4TPBGV)8;P9+dOn&bg+`r6|p9Z?1
z&M2he2F$;&flM;Bx`=pG`~fverc1GjSA2J~Aq=0A<SZ@ml624JXk;j;8=v|{ZO_K;
z*mZ!I9&rkX_q`usU@d0_fzrtP{8b(QE=7OLeHyv{g~j7|hXnqeYpja8bnfz<V*J`q
zQkVR-!#t-0_5H+<Z1BfQiIF;9a|p`{ND<}Rru`UxdShJSX^csm*53{#=<U}o?)pK9
z=AX#Nta^9J^%glK26G3s&kT>1$rd;k0>aCtQ!KKri@BgH0{ny<X6uC;NRjw^X%k7E
zc)zc6PECy4(EsuXw#yr8W}*^M(hFw6wu|idfhH~SH_(L7yL1URzI}&-cfhxfj2VZu
zv&X*(jscB3Wk+fr!pIWR*%${;T>2}IVfdG8Lqix!f@O(o15r)Z(f?QpzdD1K;<U#w
z6}o+J$b0xlDl|>qZaz(Uj!V~a_(|hM(+IfXl5Q-z;{=y>U<L9Qor*DlVyu<iBuVJp
zN+$AvRlq{Hy3fFxMh_s35m0cHxwQX<J}6gL*$`W0tZ#{BgZX{(#sQXz-(-}5?CK9@
zkiLbrB9`Z0*UTGq<$y~_A!K|GdJ?kmA@Dj<7nW~;22$GGz1m>cCR52*vdDNFhr%$!
z9$=%zd_#`#s>gBtdq5-whYON^e?${I7hUfZ*I8iRrP}8ZFy$0MnvGVW$pNs5>i+K}
zzMu;pGj-hn&%PTQ45fbWFewa<uPc5O9ekyBzn>X#wcLd<2Zg-XbT*iYaNRaKKc|7b
z-*m>A8F9@ythD?S`Jm}6&<OlhQ}_6k6#1~}Of56wrfq^^L8y4Wm3=bs>2xPFHF!+z
z-eXdDZ&feejrhCOYP*rZwNzcd^RK?W3bhM!^EJapLDsO1c89u5go(Cc3RWTewbu8g
zx^9N8Mk%I3%Mp?ST0?Rsy(7;9RR<bNcxt_)MD8+~zEcW7_=}!vbgZEw2OFoe+VXE*
zj845VgL3c{`Xu8X?SNL3U~zA2mK$r_$>z)GpSy6U#&<c&r^#`*1=Y`;N^=cfSL?AC
z1X5Z4@BjkW9y~+7DVoj$s|8SU&8S7vJ$Y;%C{q20aTnBpiP?t<wLPR27$N}9T`&Mi
zX+RPe?W`6o8xCN-4p`F-0$ChD);5sk4ls3_p6^uY<)s|UUYK-$ye!w;2z|MUgsREW
zkj=SEVD1QbQxzbdJ3V=Uuu*500)*R5-cO<G_m`=B;zcuppH#lw?=e8Ih$mJ7qU=dj
z4*BGq7YIJDe<VCx@q82?U6-cv{k;?q1o`Cw3lRcID&JR2J2~X?`_7M`mn2Z9*ZVW@
zc|0DH9L+GkZj;x1XEr}0?4mAX2@(42JaaOp!<oS?INY=z>TWcbBJSE)Dajkze#~az
zl}{2gQZbxKNr5BhXX~VN#zIC|Dq6g-^V4Iuya|BECK#M1Z%kHMD57{rB2*ie$<p!g
zCU0_f#^;8dlrmZXgzeXZi9{HBAF}k4g~?<&rJH-0ZIimA8W^$OQ72yH`ez%|+eWU;
zqV)b5Y%Tl~d8teE`hiZ86aAlJfE!KbEjmkp#5{6e`~1Uo=%9R^^=I6~h%E2oP;RG`
z@aO6Z-p0@DU2=w!12ZxYIpLkTw-!O)WHIvbWHMA#joK!dJSZMVA3_{HP&TuLNj)+Q
z&#^ZyN8J|agl6)?Cm=xyESKs|y^*BAJkdDaUPQPv#>O$hg=542Jmlbl&gGBV8fCHL
zgLhrhX$nvL%fcm|=fAopZ6$*4gL_X*gC?mnNttZ71s$D%pUINbMw1x3Qx!`401lfF
zXZ^t<vNzD^N#-hQ8|VEWX_iRP|J^eThB1ew!>v3di#z2>Rsw*=7!6lpUC^f<+896g
zlrBQb;=E^WpKg9Mx%@D|`vLMf&`Sj_qIToY4s=$XG_Zz%V~hPOw-SO6lrv-e0h{~W
zILP|exIGR0a~1!h@Lx!+^|Cj4VEr?n%Itua?A_b>sE6g!18i{kl8vvY(D%2@@CaE%
z?2TXU+XNh*f|-W`!<bwDb@jC~+~mar`CY)m{XU$Ux4-wU!r-IHy-?IL+T6>k;R{k*
zYGsR;FM~^?A04f=7HaYG56mmt!uAsLH<rcmQnx8lPwIfIy+r-|h3VLTF>D&gz&z<t
z`(`{do0TKe=A%JnsXsWA3e$BCv@eS3YZO}x#Sxu(&D6AF%AbU+xKf6aaiqTf4j$;F
z$CZN9W}Uf=h|=bh{O&1xHThppl~Gx*F7-TKhB_<QG#!FxLjLv4-XB<Rtf>d+p8jGG
z@nKW<Z4yF7l3^N($GZRa=<S=dF7|r|Ohy5VXWEv*Dp_O~6)?7jl3B=6^aZzpQ+te~
z&!M+*2#97YWz4_FyEArNPAUO@TBwAYxW9;YuK~}Zu(|R+xKRe17c_<;!funW8abkq
zc)K-cYV<Oq^UyiNtq_Uy`ZB`nA58fx-N8Y!uTmbTQ<)vrhHw?*Km9q)+JhWIg6+iz
z1?TU+j=ug-HX#fC@fr#IPeHl#z_zcxM5Vyg6t4AB9DebCI&>EzHWG!|;B$}aCSq||
z>I6I7M=6~DDW!lrnT6tmF*mR-(>}3KKwe2~nkf-qdf?3XqX|Vu`ED=~)r})}*-?Lo
z*TpFEuZ7!$4g5z1LECMo{|4(aZ<tBVGI49pUkgh?GW;lSmxqymV5A0lyqn-Q>yUTE
z6&Z2EB|WE+F4s&@EJ2jje+B@3Kl2+Ya=e^{JL@lOBoc<py5s@r9||c<6^w!%?UCXZ
z3k_YDPHAUyed82SZ-kC{x8|e~?9omz#sUS(Y^Ip`e)Ug34fcm(Ki(bIOM%^g?sPZl
zy2A1%u7|F2;wvM1(hb#}+ZKN%6sy^<trHpvL9W;-Z|~mBL_t$eJ<j;^hK$EUpI0n)
z?*xFg>DLw?L#;FF{Ng|8sIo2#52jGQibl{=;wM}i5h&egJV1yMfOIpe<Pb53kBoK|
z;YaYrH>mGya3(hT4IhiCyQ{Jq6{_kf(n7kcyd)GVt|CyotLj)7`6ozQv|}(7NKN8V
zPD8CueN8IHZ=2l6&O6c}rIYh$NF#kvWPf-uXu2M^Hh<4p(>|v^e{<a--FfKs^OT&T
z^rYn}r{OK9DWh4F#hg)sd>rz9iS;!v^L4MmYGHO5C5Dhz-KPEi$MTOi_{;L~h2qO!
zPbddBhd_g)sQe(Z+amR}n1!jq7UO_z<S~vM0j{`(Ew8U|CqAFqCAGW=dvC!tgjh>^
zaVvvs6KF=nFbu}xbIYA%=i8hgn44mSRDa^o*(TKH9&wWkFDV+tYbgHb#;p@S?r|Zq
z1YH|C*9~aIH2sZVGnIEOlRT_wOp`r_?K}maLu(*-p(=cxPl#EnFI|nkjowC$dZ7P$
zS5FP~xUtZ58hbrb7^Bb3C-3oKAl_I}erVA>$xWX{A!vfU+VE}v*SBA{D6he=M;(Jq
zkoU|9H2bufl+E-Z7dGLp;<6q6P{2u9G>vbP_x&u0XIuPVNgCbBomX+tijEOv;}{+z
z86Iu)rWoU2nspv+Sa?==0>b0y@dv^%F^ChwQd?_-nK5e6bkc99oxxwOMkUnw9p1C5
zNTYKk4yKZtzZM8Gszt`+JH!022FITe4_gf|l%Nan`1AfJHbRROdBsF@5-pyZ%xQNw
z#<*Xz7JWl$5vo>pvvt8>q-U;D<0`hlZT)i-xn|M=@kA^+`I*;gJSH0cSV$Ul+D?M+
z@j8kVB;t@b$ayD`<$YSx!rff-GAmvBDbc-$I#rvHYO`9Ss%B}^qlS&zT68<q<k0ge
zhN{vxPx4Os<YVC*4;$ncmT&K4(O+O<I+Q8kV><3B;hj1(8kH;1tvi=L8*I`wL5}qN
zwrGnF$ler*H}K8g9A`BVgtm^ZwKiMkGT01kT#gS|Uc|;2PGI#0&`4Udy7&N`xkgHO
zpV4#Kc|H)FH(z{$F8q-m4^yW2-8BI40|8xmgtr03URBfl(SB_*!ry+~KoA->p1MnG
z2!G{Ti|vBBglj<L`M_e(q8w9WHi*58r$-I^vA`9sf#xW=2IqKzYO}hK-M(ygU$iw{
zN#`Q4U@_8Tp?;s#&#bnv^Q!9RMM*b`9o_*Mw(2}bSk?5ah(-`}`B8O8QR(DwsmqA(
z>IKEqUn)nTIfRiO2L-eE0B}P*`_CZz46eg#rvqO@(B~$S#;!@P-G{lf7$^T53|D1*
zw^>t8Mi)2Iq|0z=vESRBHt}<JS}tIUDqvy~zq|)){-LVEv3$yrGC18L4g|?NfAT$b
z07o*Oq;Mrpu(V0-)!45U(9mSmRmns2X%DOCApD}q;I@*%JpozE`$%V{n17A1Znm4;
zsj+wT4APwq`KY~asxr=nCIfJ^pw1~1o5MQ@2we}{3*KD+{Brn0XV8r}r>{K2byi0u
zgHc(R%gh?Z+!Vo5U$Zw+!+oZGSl(1-(!t<89zTcD#WHgAIm|(mZr-IuWq(&UBkBJk
zl7&ufhu`FcC!<uQl5(w*lH`T;WkUhhuoMDVMietKm>5l9r&r$NQrg4*66bX}NZd?W
zG4|+-dae*+F|w6xXh8FxktH0+U_c}e7@u><N+bjqh}p}LqELo$w2mV-zR=(X$3x;3
zB(QgG_7NE{h;Zt=%L*hR4jHh~Cv9>iZaR$gFs_J+jIADvEUpgTdc|4Su~CmrD+5RD
zDE8BMC^Cp^DgLkMEkTPahg+py*74##$6ZUL$A5x`hyUj@e)&P4qT@8<`zL4_&7)az
z>i@V&+lIepzoSoJ-e32>y4&z-txWz4zW!P<`=4R*zl|7)qr!kV)lvGv3Jyy^&(=v3
zQEOy-T?R%vnRPupL@}n;-~pLZeSqnrVJJ^6vnAa>7_nUQnF^25jr71rnK&v+(UT&*
zL_ahknN*7*-Z+%ULiJIHk%GalG&W&P4N=T|DR%cVd*_BaMizpKw;bSeLlYJoNC#!M
z27o;tVAQ<kSszKwM&frledEfy!l?{S6CcDbmiT-pZda3LNK0dXvLArW)}TZrme*r+
zjVluiY$|vT{cF|OC4g=cabtoyMj2hfvl-aCLaCJ78yk_^M`vJi-fsIZu01?p^TTau
zqSod#BZDvGq(rQ6sX)(uN~Qa^mh5IF=7jpygZ@#&4<eO(HkIffS=A`UyxQmYU*6~K
z6WI4{Fvt8$T%PaCZJ3^4tvk$L27cg~xG>w^6rDy{6cJ5NHjjuT<Tgt4wNm&=%fghP
z%r9uP=Bc*es479AA2>7H8W)~MWfT#KrAV(yTon%?ojYUlwwE@_D+pdJ9tjF!B1uJV
zE2sGvKW&W-%YHWlWFfWM-EF_k{=-R|q&nI@aMIiUp5gn>Su&uS${z^?&a{TaTZ26&
z!8c1(1k5P=Cm>h97t0)WGT2F)gDXQS^^`4*l`Hv@6onNBwZc+f9&EP03qG|cMul4B
zUf%x>DK#Y*Oh8AB_CL_Q9=6H)PooaDKjwi($(S**YWFmw)ZgXr1_O+9sW1XA2p^i}
z-9K~;Dox&4SqH(HO|K*`<Ioh&pmw7)qwvKrk0NoYcCSri0q4_s9}xrpIlnC3A(r>g
z`PDcp!4gS+1rM96oiGbi;AdPqzU47Jk8vy5%SX_P_jzQrFkSBm*$7S^_1x3ZcJ`ec
zp7dt`yLWj?`S!hQWW%WS-uWrzc;dH*XQA7BW|qs}^Wt)lGb4qom8y$#36&Vk_}2Ao
z4WXkTFUO89q`)(G??&vo7m_Nkk$MQ`*QW1(j~tjmy=X%Q|30&nZ&BmUQJ#xHE4=2F
zP)?}ZLp!udLEl^qS#bE&o~jR}Fuq@+tX(ZDj)b|w|K87UblzA`M(pey^fbb_U~cuf
zX5OEc)}q$LY>K&SSwBnZSPzXUr<heFXvWqkK1Rp{CK8hm@?nEZ={4COG4}rTh0Slt
zF=p0=pFkpArn{Ofz_}lVWstAG$^CouYs2?K^JGM&9c&&~kRyPZgeh+{!~J^r6vE~9
zW*S3Gof_s!T@{?HfVRHz3tzsq`PlBpU?N-Y-Ns-f8}aG6tB5tIXi$ci_cNZoni@zH
zhc)#huk%ux=$uzzV-UFWArpW+84^RBzyLUyfWLPbfKCBul{L3uv5f$I0-OhDM`aK9
zrDSndCmbZ(=#_U?J^B#XS~dqQhr{%P9a%9#)f8PB@&(>e4rgxARW1FMrIs_98zrAd
zX=z!;-;<iZC%@CG3Of@vQmm##!14c<6R)jYd<lKQ>2evd<s{PW99uuL>p07GX~{Kf
z^vvBmU2i+=puN!xx?cMeWr@JgOSR?1p@RGBH3i?KO26Vb5Mor@1`A!s+5aLMIstMo
z!E!9Y`F_VW6|Fi4PN{I3fBQw-1zdMxf&2U)LtLGfdGEchWi*}S8o7He*wB11nO6$E
z4)=b3PU`B_YC4(HI<jW+k0Z`x99+g*Qy*?4OG#U){U454p9fWSJ&-A>{AQ>hDSUZ(
zx+v=L)%BtZnCpiIv?Le*#ORiNkweV_wAGaH0h*?PS05HM3Ls+|UUEnw%-;n7QV;|n
z1z(T>EbKmthUnwmo)Qy)83Ve!LB!wt8R&9=P^*5^0XV$<UI1jI0vIF&zyM&)8u<Oa
z%{~nNBS5Agj(IBqqV~ZpTL6^J2k9O8Ul<L5gg%%!3u1_NbRZc(k?sLTjhROm7Bmfi
z6L1HRDKi5M5P^pchfMq-Z07^8RNH{`-G^isfcgEy@5uPO=78i6UhktC0KQ!20Yuh-
z1K-AvK|b`&QUNyc5U>Ewt!)P2yCaPM5SJgKWC0=q>BOQHykY=V_`&dr2*Rk$WQ0x;
z$YG8LP?0fEc`=jQcwRWZ*EV_Qu{y}C@p-4wUgJaZc3ystvEcZ$%9Q7A;U%iCy`n*5
z^{s0=F(qmZKD(yf4lTXiuNEZeEf|0A%I4jYraMGLLrR^f%qh9jNLV9MjR<^=u+}2}
zgt(SA=+@bAmJyQ^K{zda_&h~c;^5~<s$F50kuXC+;0Xn8hT{ORfgW^$R|Fj#zdp|b
z&H7IEE+r~(u--`6DV?w6QAquJ$xP%>bIjs^@YbD?@03Z93j2~MO_s;k#9iR#xL6@4
zONkmE7tv?CBC1YOt4~t1vO^=4Njb`(G=Ozn4_=yX{v#m{fnsw!xy4v6B^vQX`(f$L
zh~nJSJBmk-bd7|eT5K3fiPBOVVF0l_7FVSpQ690}BQePwD<KvkZ#tDRd=D>2oZuJf
zk54sls%5>?R4%sd2}*dI-CllJegzYPde!mfpAs=}3k!ec(4{I+d8(I^Fj-1yKGE!g
zvZ_i_!7my^s}U_F)1-SyVC(=lM~Q)`PX3h#wXclIJ|)o=!8*T!aSAW>Dx%HH(PJYT
z_-kvFL>cGl^5woE=>r6J$@amI;=^97UuEXTpjOK{%;7fnNf9KUQb*0bLE>0=J~eke
z8SvS!f74!ZQrf1DGQz0iB)}=teTy_{NFa<084gK{(2$q_IXkSbL$;nWL<d#27*<a8
zX<KpyUlBh>*k~N50z<5=1oup62K$g9HB|@w-7+@}<z&<x#Le^xiyXtnuvz?DXs$k*
zkTTCbLP*aO<BFT`<}ktNMC*PE@di2zp-)yLIOB8uhM-W_7wkqRhA|T#F*=H|pWA|6
z@{TsRnNIVga7(m<HybG@9d&`Og$Gn{Z$BJ9fn`!6_LbL%(OAh^_nG60tdQ4wh}hgq
zAXmpR3{On9JpFVWlKn%iFK0vvX311*A%c1@f$@QtSJu$5!i$czCWotHV&ZE2<|kt&
ztZ|dKi*Xdkx-ZF}F&Xa9eGg8(?j1ojn=ss-d(foccI)!%yNALf+Xu)Z$AN8c&X7US
ziN$i{E(bueBa)PwKp6gjIq@_Bn->Qo4}e6{^|<UOK2}JjE@aw>HTAe|QhSxT<C<d8
z^~$<%GVVA*y>#koJ3o&(^=W8OBbnJ?)f!y^GYj_YJ?aHn5MlT+G_GI2gyH|}$>nAO
zL;TIxO0&_Jo2-x31W`$jh``o26qw!)hlCvNuEKbQ+@)NyQP$(gL#+B-O+EThE{8Q!
z;c6cgvubm)m-z*<+-L>g`H$^0a@Wu4N%H<_hFFQ$5iop)S`r<n5kq_%<z!?N)S*VQ
zU-rUKxNdd<=KLx(wJJfWSc6cOWCMtz@MG4skcRq0suC}2@E6!i-{x^s)&QgmFMI*q
zX<8R-@tI<ni6QJ~`h%Jq!xX<vTzG^PQz9n$XGg{f$Q4O*IP1<hi1G>JFE;7BEhhs;
zMxbYgE~~!lXmOWm#1G?WY4)}v<<2C+95ZCP)Z-aS49B6BpPXU?OAxrRjfA>pA`@G~
z%=7bS4kcz6e;T2rj!KbyRoCMOyZ8<Z3w(K(K`izpx^5`_T2Kp!mI0f^xXjPv8Wm>0
z0Ew{edS)>@c>~AVy(~LYsg=#_r&yTpeu&}4V7+2h!M|XkHTJGBPaa+RhQW%{I0OMx
zOpAkBk3U43yMt}&UNJc(PDO8hhw6dOcR>2sY>=0967pM@^oyM$`eb||Z<2msR0U_7
zA9}5a&bJZr8NRDZ#I2NRDKJN5wq$EF7>3Zen@B+kl1L3StTqsQaz_R_`%s-OZY2~p
zJ(pgJ4blNc@3fFI5UIcAJ^8)Ha(lam8~N%6!8Yg{j5g?9*o;N<Uu&z-T2a0j1r_|@
zO%K0ClQOdl*=Gu1<Ef)%6=KeumI||M(+1)!bv;)~5XZxo?75Xy7BH%;$0M!oalVbZ
zb#n7~P&9FrEi@|2)%q3zEh4!ovWcH2RJ+3igHUWTdsGd=p2BLvH$la-7nW$i)*9-H
z>z_d|wxF5D#BF-p{UUl08N9`jluT(d8jR@kXZC!XhYe&H;?Ot@&edhVUpemfR%5Lj
z5jd`^hRg58u{KobVV%&`(6{YSs3z3@jzpJMqr2S}ri^1rsdu}BwS+{1e4huj?2o;)
zuJ6uQ`>?O+eZ9=al~d_)-~Baq-oeb`Q()k_ulx%un6z5#Nv<i^^RV--MhIF8D%n=j
zI!7*1v-zvzvYj5vzNK685PJzoyFb}ovEB^PC#-85zIG<8ugt$ypDm;g&vLQ7**s~C
z4|Y?(Q5(D}ck^hTv(rAaRXp<Q9aXy4m~Yfyw{7OOvfuGEvfN8LseXSyU9~iOtAt+K
zdY3S}gvVT4xXeiM)p_H_8r4X`Hy*{Fnf}sPNzF%dv5+yOn>uz=lrc<ved6!F0+#^k
z9#)>z<FM1sGf}smNopgI2{#5uU5CwXStEajYL=EQOCEm!JKV_I$RTZ#8^sod&Se;}
zR!ye)mwNqASwnXs8vkyjFZQOzvjpi(IYeC@m7{FMPDj0l1Dlc(sjgOPg7#BMZrBJ$
z>AOIU1F2j7QjA!9%rODeL%JC+Jrz#XuhW_cw~+8lipNzEJ@WOXkF^C6ed*W;yRR(i
zyCxm=MuBLutpX>c!TUxMz%+hs<jt3<ho;>DkE#`1W#|l&O*gWzSm^=Qw|_;Q@Iy>q
zID6RnEP$;7>n12}5+4)Jr7zVq9=2#j$V&uH1>i}>Jx5~Dv$M#^n6&wTFk|8N-`$j{
zQ7;PawtVUgl<X;{5%|U(_?-!*-6Ge95hq`Ayg$NkJ~yRvjRVY3?MVkFwfb#&uLa}E
zjs>_Dt$@-yNiBDPIpM=2JMpq|A%WvhOMAh{XLt+~DA{qa!p9S1OO{mnFuD?Bt9yxI
zkCv^9<CIuk7G;`6S^C5(+M$JCgX5Bn6`KvalR}kx56cLduQ*2m>%j|=TRy1vv0&>p
zuf{uFRbeJwxi7J~=3W1;ABVOIO;qMbkQ$Z!2Wr{p&@YfUonI90i!^BDz4BqX*{)NJ
z^Q_}BAN_FqZ5(tnam>%fm%3ax1fKn5an@L_b6H4g|NmD}iR6g7qVS}m!Oj1=Nxw8K
zToV*eUB4{^io~iRzs?ojD5p(pS%`TxQ2vX&G?-JLyTQ+SW}C(t!hg0KmvMYA@K-oj
z>6YK4K9##Nf%ANQUwS4;7OSG>``o$y42}f1+();ZA0!n#E-g?tRYf$w@{<WpN+qq&
z{^d=ZwN2ybn`;zr0zX{iPi&Lm(0tJ`2^9xbVbgp*Fq3Gg2C=rj0UH-66Y-<i9#b(+
zQNHDdzp=gp`I3WQ$<ku^2j?!2xX)VlJ@?bkJ4XF%YiC|*F!$HaU)uIF-OgLQI-a?o
zs>TRyBw?a|-EI$lwvfk4-Bfs4?7V`B&aca#KJ4Y*WJ|A)JFhFt43EbzCZgh!0oI1I
z1O2xr@I^x7h;q!F6%xg<AYqxLMJivCDTJ6@!4ck|s23^d7b%L{F<;5FDteV5Cu+OI
z<-B8Qv=yLzt$0zt?B$ypE#>6OwxmIeq;*|^KPbPCz`6Zs(t7OY*V_@bo5gW+>rrwj
zsQf~^%E8t&sDUc&pE<<r1@D{Fw=Ho36Z|{UO3Aink85&k2LE!Jt!zdb-r>n4M~atr
z_OK{`!=ayeyR(AhH5hW+n5Xw-m1wa|pxP-&`y8=*tx`pIFOSx7+)CVf<tVYjX=;A4
z+f!5CXd*$&zWkCeRP|WA>C<0|a(X;>x>{7E&`oKfc!oM%h5MEvpRY1a9?_AW8a?n|
zr%R|04PXu_v}dCwcVUW(z?lULV9vQhsAGq`PV7!5i1ibrrV)!f42x&9^x*bediK8W
zj4>G)+<Xg!oT%<fV5vHg5*b9i{2JeRY!?%XR_31CiSxC+wHGr_&s0&q{8wac;ZI8*
z^p?-K#kW_YKkFQx1`T=7<=~y(@Lz9K`%JgX)`{|*f-v=?DpSbXL_{#<;w;ML_Rv~H
zk166#?h+W6hY(~6BwVeBw)ss<t!D!W6g1qj+%K=E276EH!r{56f|^FOL|@y=O^6})
zd*G(rt`vDhYXr-0tg=nR#tEm0(!&E#5$fiJ^XL{;-H**>4ipcCEPOb4g+g(Quj6{k
zYV7bmtPcIGHCt_F`o!MJ%F5*ALVT8qJ5&%>epRz3iMhwtj=B8YMQv3%Tu+_u#M@Eo
zn8p?9H48k4JSe|oFpFO4FiJAS$h%gxWm3(i`_ZyD8gI2Ejzo#bzJHtBHk(PESI#r@
z%X7Vb06K)RQfcsc{GHX~a?gt?sRXR~0o6{H*1L?ihMqZamRS(OdgFW}_1cTI6(Xd&
zv#x}Q`O!(3(VOWUI}k+EV?h@t#O(a<C!&U+S&*}|^6%bB_n$Dl!`u=-iLUT*fgHcB
z_4xJONh9EU8?Dz}5Zc^w`$22Jb_76&1bVbfsQ5wRAfa6IvO0sTJ+=Ue1NVSs*!lAA
zTu3CiAN0m9I6M+ci53=6lc&zI5cza4^hSQf{&sp(xSb(Ly$2=9gB(=XZzl^u(cf0M
z#NdR+4*t&Rjn|d3^za)w!y^Q6*hY{Mb+H4geA_hMv;)l7Aim1DQ~XD@mjztjjwW?4
zuHA&%1^%}2QZ8l>n@)u1b3RhjBJp=uqLkugT7u8hl=ivB&q|gBm1d6~=NtE94T}L;
z8<>?T5%6wf_5tA2rQnJij@#F~*P(NP^9Cza_iV@XX4^i8^!w#<6Uee6$@PhS=cCC@
zEbiZ{C;Oicbhe+3QLB1LU6XiFjbq3O)O}~QQpHA{u}g0GcpE~y>nq=QwxJ$*7>U`T
z=eae~!EuStjalW~M60^}heyDICs;mZGItONR)sk?YboMkxqv?lHxgTR<8*Rrm_$UK
z8F{igR4MVLOLG;RRSUtNF|>Ztn%hW?;aDltAc>%3tmsx8Ys~=<)j-wz)O4_zGv|+L
z0#YQQ)R7r}<AV)ly{f-^$VOlOO@V;9P%kh^J4x!(XFLYIC_JW2R|=SjKdfh*Kid7)
z3!2ZbyozkJB09FZGy_CoI%aPpZ(G0+tWv&d>)+!Y*^-p;=Fr+ew41Fy48l02#9+*$
zh|H%rh0B~%XfWh#u6By_e|KKiH>iA%XIVrB(PB{j0z%(u<iQSy0=Z2~V$X)wbgx%{
z@ySDeVO^EL)o%~dOZ?o#)OlCq6XDN1oAO1fxooq%L%fHrAvRB&os&w>X0z66W(~zO
zULCt0O5D=!t<DwHW;yhujawy80mADFo6#nawQn5>>x5@Y{4*m2$^1Lrag8(rmJH{N
zL~cRo(BLZ(19-C=-wju1H)z9o98<LRG(25;?SHvkG^0%*|GF!&OED4Pj>JAL-yRYm
z@Sz)W-^L%s0XKsjXySMZ&w$r<H9rba+~bA3$SPxlZ5AE~pLQrM_l1+;`^}~-S~o)R
zW4}65wLOmFK~WeKDvWOC1zx_q0Mpq3O-a=N&Do%u;!2bB_e%zwBhC_V=I|#fgPGYG
zEbk`AmKLW9szn3EXiJ?_olk#zu?#`kOd9fkD#`1$7Y<a`C4L`Jn@(16K`6f($SypR
zkc{9HKk6;_oNpe;=CMj6^7tfdRldcrwl?659+su1_U9$ZX1XRPMZ=3X*b@`nNY*Cj
zS)$r5uE0|8fFy_cOof4<<ak=`CBL@7l*XdK^r11qDNR9^e@+RqFc#ZC)UTU0$JES^
zRFuylvBOd*_sqZa^&L{Yi74O_SK+1M-aK(ZG+sHJPjwYZgUrEB5Wb{8D{UnTQatSI
z1pMr0?~r?oKK6{%!IeU7SX@!O#pdWEwrX^c$yWTHfcU3?2>6mUt&c>c&AWGB*OTaa
ze5;7h`EH>moi~?EZV20!oawZqgQw>11p9TDCGdYI3xgK|)_#+nkyl*Oz)yx-bxdZ-
zD%WLA;ZuK&ve&p{8eBTjm!mW*80NuEEiWd=euZ((t>QgcMt!~Y>)@VB!pCsUmCYf4
zI))C&G>*R)%;T57SwIrwmIcnEmi|t4BS?$%lUsJKS5A8NDth*#)c-96n2y}vcLg0)
z1mN*VIkux_rou7NziUl$Zn9C!n1HxRNH~Ckt(FbM(ErGG8-!@Z>}q0V$o;F&HxGGn
z*Ui1tpIZda<=Wb%mkn>UWWELFtifb>S$zP86h^0Rs51%)6GWF*z1zd3HrWaisqigk
zIzYCu&%vivCYw%1I%JV{zyrE0_Qjlbj?F-+;4N#H6_t$})OP58=kgas)IwzUb{jHR
z2lcfm*2-}q>+g7!y^eH+WUrb%mDF#(iOsih(A5`+aJ1FfD4LrEOb&<44}D55`Bc{z
z^KBD~F~G9+{hChL58fA(onOwxf}CbzkE^pZo0#(3lq1#2<Sv)(g{pi6frjr^cj<M&
zMv?EtH0r=GpvnzbLu;N@&W5KzF8W@jD5zR7;DwE!88EL#N*M7-i0&SJHSLL*Es0Z4
z<6ZTNrgYumMDef&!H3$E$ug2u^q`$4{SvUmT$D~zC6Ha{j;8SkiPiJSx><<eYw`ih
z@s#=7xedg0-qMwuxy-Lcqh84%J9A{yzOm|-gHM<lpi^EAQQQHEGunbi*ugB!RGxJ$
zRA~GbS0cJe0-u<4>PIC%2W%g?afX(<#}CI(*tqQ$8w$}l1~y8<n>{}dWisM-^-7_7
zI`OWyE8x=?YVIUuL1jRQpM3@|Xr-#;8z!d-EHboTE6ObVdl@Bqy7QYb=lGl?rqqlp
z+7zqE|Hw134Q?>3Bq^nArMJ3tcC@5aMETLE7v(p09_FrR$mp)K94%vhvun!eCpnW>
zHoR3wlutidU<Tv<N;MG1X4Qz^90$D`nDbqJ#nczIxy{vvFYvX~v^*D3ZG8xj7G6s;
zD5f^W<Hyv{;X^5^8bc1^lVlB1<oT(hgjrIC|NG0fYp4}WglQ|~=!SgxY|mkaY~WXQ
zFr`08B6;lS5sGZWEf2)LLD5I3aI&DRMs&J5x0V5)7{VSe1MiYOiX};deG3X02Uy1+
z3qjjWYBQlPH0<Ixk1>-7Yn(s~J#LTsOYa5>xKSDt8vpiR1Ru^!-X3C3g!K~7^XYGw
zceFLcUrpuQogHP*BFNGDA~ODpoYxRUU)6{H))x(luk}pH>0|Twd#JxXUnpdd-JK$V
zWA*{5+3<(c2npp}KEYc}n7p0K*8<nu-u5v0EF`&M<Oh`ObyuxES*?KyJLS13Ri7$<
z%omCRJrvtXsQP8Lui(wsnaoB({4Yx#cEnY)WI2cmsnfy=lM$hmO~7DOMQd8uD?I+|
zM2C5*B>1I{f~M+lOOs@nt33It5s-9i8;#7Yc<pOpie5yJS1Pedc)GYB<2$A1h20lt
z5Q9$-?4D7m&c6%bj*_3y$K<#BB4YW{JRZPjdqFINsr_gKZeUrBijH|S<fxKOM^h*8
z8S{ZC7~X!LLI(2yO16fa==n$gTcE|gAnoaOEa!+nw8&0@N6)9ki3M1fo7mQ&?FJb9
zDm=eITZpJ3TBxqqDg4S>tLr%9DgUOs5!%!9X(mk<5cszFX`V77oqjBT&2>APQ!V-^
z1p|D`Q+D9cN#H#VSNgIDSK-;YGTl*_vf7Y%2iuv9EiD^3J?&{yr!=F!WB?7ZzG`<j
zcl`2@XuTnJ^jZmYMH7YP=2Qp6d`+<UGb>dtjqoB~tJ#<B-;!G%gRY%|Df{s*ydz*m
zG!L?oHX{rsZ6GFX2o_LX9a(BNP~ToI_9Hj)26Pwi?cDJK{|K`!(0VE*B0=a9R?9OO
z7zzEwAh1_dnc&e>P4{T!k~6WALJC!8=xHsXetCDyT2ZS=zDg}z6du8oyo^k{a_x_A
z`rZ#JcV-fLzY@=xAlK8gF?pkX#WZu2BUR`*(GwYQuc0G?hs3Gg#-nZ@7&hU3@E-05
z6Rg?4bWJrikm}*5blb@`Ux{R##PWA{T5xk(j8L&9emLPjFZfoabOwgfJ=0(%5*ODq
z(|sjUf1H!Y1WLImv}tiYRGy;;w$#$WRpn$!3Eq3~tkfDj3byCo;_c;+Ql0c%M-Ph3
z_G5vXTqloIX5s6}6;3=f>6P0YQRFtBiYJ@nN!&IbG)mKjpsiuRyZq|onL>ibgc`_x
zR3{G#xt&VsqNL?#nMAq@qWq~go(ysmyy;451IVB09gHHlt=~0xm0WmrOjzieGj;P9
z^A4eC{E({U;O)lo1HYa;*&hdS^V*#~*%RccyN4_ah~B~m6nm#Jkq6;8(dxs{><!}l
z?QP?^7VOrIsAB9enP5fGjvGFLzK9y*nds{$6|H~uJ$b5+siw7EFv>i<=33ZyITO>)
zdOTQ-ENxR0pX1?}UD3dc=MXO?)m;e6+cjPlQkYU))vZh$h)=*~;aVGDfj;MZtsdhN
zlE)?7O)PwnO>q(Hj}Q6`qL<{7P3d`9*e=hot13C=8y}Rq1<q<9&>ug_YXskgAJ#aM
z+t-AAmCkrBqPh_eiCJ(vfnS6h_so^8(c6vPh2VAziS@QbKXL+H@%d<rkl#2j5tgd3
zT@Kk`EO(KA27M&0vi`d)5Zh2g>{+r(5}|U$hyDF(gP|oG6mUw=rqmrq+S#qiD>kF-
zrh7EU=UlT7ey?<lvA@Tsic(047=xlo%yFG5zo#h_Pg-Xh>gpavF!G|ALc7~p=Fh14
zw=gIT@z>=Ubn}chKE3OP6Lz?0SV@BHfWlaC6P+I@*}TCwu3!lz(UMu;0j)>QeHoaj
zg{j7iNVka^c^QX<--?s=q7Q_Srt-Y)ha39bYXU->zh8{-tf>2tzQ6gj9BpxOzQDcz
zqOYfd-vr0G1iw2%@BA?+EjSJ<h?X*EmSx=26up60DSoE0p(HsK7GIaT<z_kJTbTSq
z%otI;67%PiebCf<=8Vv$4d^pwbDd$y%JQ-Gw&eTsJRS~5=xLoH_J!->317?eK846}
zYdTLmU(i)pvpr7o?PXhXv})fi)sJi3zZ>j@YMIn1-IXa*7|m3W6H?7$IAU`T9rAm{
zo?Ic2-cFBiM;;<gi2FzbUMLmd0-+^$1y?E!RF#=g&af?i!;B*Om~IPTGLOPvR&Vx_
zZWLSSQ{1#b+YM?v;5OdGFHH8dpbkkzSA~CpJZrJkgJilb6$Z>U^GSfSh17#ol3;kJ
z1w(Go_JLVn<HTr9ht>AwQ%V}jQ8)@yI70ns3;!ZNAe*Ob7$1KLgDl4s%q9T$*+$V=
zuwsNc4bpl|e|JBC*bultPnbCNp8ZqD;h59#FvT*M3p9TSf)sUH`hzrIIiz98WfXc|
zgJ5*%knqFd5qaT~h#8K7vKiIF+4+9?xMGWTAkucfrtKy=`wd+}$%0tJ*EA*@z{eWc
z`TqCwu?EvNPnd~8{jf(8p;PBd6K|EgL+QyEl0o(`7ecOB7k{qPe&KiE`w0$(Un%{X
zq}C@T&B9iD`U=z3TPy9%@349G4ODA4xGUje&Wn>fq?{Y`hFrOKr*-1du29d2BOE!V
z?@4vySJ=2OT}4I_Wr)%yk!`4C$J)NGQ{NV!5e*AE_%w{M$~_?KezZkc33{66K4`05
zOX`4Y679xG8O(i^h$&BmM`Q{>@EiA^_`@s&oi$?|sNH2TwgpAw4XXUj?6*63d1*=I
zpHC%B%<r$s-EZRz89_g~PhnqL5$tY=DmOkWTL)8PJt{Jwmx7N5BKqZoLRRYTvcyl?
z+2qlxWSoP^bM=DPjL{Z8xK#dcmr0hm+)L_|@dNhdpXMja>Ux**4$I}TDm8W`EvK6{
z9=`E}FS9*x!p4RIehUoLPX|$QZLQW_T!lQpAqsF_IQIB1S<2gw^N0Gme(mYv)7IbA
zv`~0}F@qg_PeF;W9*wjf<*@49v<)<_sc`)5qq-nnR+5JPv*KqShE{<lO-3cO!%+wR
zM9@v=AFr}GCppD+c`t1VKnT1CVoF%l7}+S|AkXhL8Y-c5j#`BHN6}MN5bRNkRMiki
z3iJy3eFNTEJMJnc8K?;_Hl-okS2AJ^B3Xx^kg$s+rSaX;%|yrx-ZbIs3|Gx<)sSUE
zq6)cn3f1UXfsS?urk~9aR0yBQB3^EA<$tcgr09$>rpIP&7nedCB?sSKs*u=_UUF<;
zyjC-(%F`^3L=#h$i<8{s**v)fFkfgMaw0JHT1ql|Lt$%w(n7}S=)r<wC>S8?Nx&*5
zDz0Z2(T|2`tudyCtbv_KS04E)fTE<}VSmLZR!Ej&#+WbosUamrJL5^;zDP4+t6-B3
zBW-W2MZ*v))|#<Ppr{#1j!}`&&Zr~{?y&Bg&Ugg#lz~}fYxZV8<F(Sn)DbP6o)zDt
zP`b?4N%nm%7f}{t<k6`@@Nur9`$n@ix<d?e7mIYH&xlN*&j?N8Ib@W1wDzZ*AL`?d
zd1SONxys4)41C~8!ID9<3)E3t%_<v)kUF&{B`W8@`MpVoCyZTZ2xG2(3CD_qoPjcd
z^*Ygey28!#B-yt}F&9DQge0~O-|cb|YN#Vb{lECT#_K7-V4>1dqpPOA{v5TPX8d(C
zW;5Z0!>4jzBp&DUWJ-Q4x)kbZ!A0XT^UE-wUo6Z1tK3OJk8hqAyB;1Tgz9l(xdSn;
z%%P;5ty)2n%`({cR6eUq*<vZAI7QP5A`z;maG4vs#C$u6CwYk{?!ut<<!KGG{Cm@P
z@l^*}l+wG-%iUR55~s_8gFTy0Or^_V#WO+Q-V4j#qL@-FTBC|kD`5)}GTKUyz+-0t
zf|#%P?E$Zm^GPHNrtGoxtHU*>iZ2(BL+Ew{nUo<$HyEaURu`lm6q}@V37<A3;}k)x
z&kUZA`J!827(FHU{H}=vMK$;YL8<~j6Ey?`gPa9@CUWo&2Eh;fENM#Yim9%(gj87U
z^#zF)WX0PS#GFO-(2)2mV<oEA7Xn@-^x2?L=-BtR@?@2ja+V~*Z?kXW#)jVK*##gH
zI*<jCiV+ow;2<j@@fr9HcvWSbRHldL!{}8amqo<}TSN7*!#G7W8lag1NRZZ}`Un=V
zr$s3gN~u^V%AXXlyBd-%x3#cW`e-gHmXjeh^T~*jK9eRq7RwUHRCi8-3Tae_!d)<8
zIHaIEIEU3w5|ef{MPFf*-2Xto!xJ{`|7+&3XfZyrt%SWsK3;KyCudlwW0S^$A-)mx
zwTr7vi3n74kiW8yfA1A8rK&!<U{65oYl{<enMo23#&t2lfFjjkUlL=<iyRqFE^505
zUXz2U=@NlY_TQz+;@HY4k=fwiT_(n9G7WS0Ox&oYjeBne9xN<qHYIKNn_^5~cwCiA
zE(=RVfN2To4hZz`_%wW5>+L&iF1!^49foWZ^=Rx@F>aE2<{fA*j7*mJZ$kn8T&}d@
zQZZB9N23*uh-{fVkHtwr94GxWRDv+JaRff$&8^+fOIM=Py3u`9wGymnx+%H^@0`Dl
zoqn>B&N)n*dJHb;2RY617mYnt|5Z5UAsGDim@GtjKJz}H*k2R*c_G}ydPJw_|D)<F
zpyF7Xa2IzA?i$=-ae~9*?he6&y9Rf6cV}^T2o^Lr1WC|9aMu8DbMO7%dG8#Sp4sJ0
zv(r^wU)T3l&+~161w)2DH{Q|XnbKi$&oO7bpIe;dOIZTI#tYvZWr0#=42$Fa9O<$4
z&l>!F-)S|dKzC!#u@8VxPszPx2vz7IneZ0?8z>=3W<X8>PzTVK1<AFRKw>D48C2%c
zPzf^;m{%8)$iqY#nDqC^qG-*!7NDWYa`}<T2~%j_9^0tj-v}x%SUrWrQ*w$Ogkd+C
z$iyRVk8!tm$E1|vw&+*~kx&Vkl$utk=~dL_QG7NANo7rcQ@Ta|gI>CWUf%<Lxk+re
ze8<RKKyz-kc;9RR_s{RR?_@ldlhCUlo5BGbXmjGWca!i~1LF#ZLM=)xR;W~g9-AK@
z=XEfLi|t@e43QrP?~Fs6mFtcA5X%vW)0V{`<)`2<(6pw2L(TS^HFa?3%&l&YH_>Z?
zKOR-9B9iLR+x8^nD31Fhsek=>wARPX#ove3=`JIYb&pO}`mRUgI$4~PEYnBjrdj>y
zaif;H6}n3qR^ElWq{S;|nCA?t${)YvQ#FC{Z2cc&tmy-f6>A9V=!8Evt;&B`Lz3+d
zhcfcU`!*;{>>=;m$ZGlG>sB7bXIywiQIF3ux&D!C*l>{f$TVoen6}jb6;XF#GQ_ji
z4A0T?PuiyBjx|*1>t{DhN&HU(F85HJs3V$3pV{pxUg#nbF9r&9A`^8QFrkdvuqYeN
zDWQ9;sKtv%Y;6GT{@=wzhdaU$FG}MOqi$TaOu0ASa>EdjGTKvr;3U4@^Ee&GB#?Qu
zUHVUvKFO6uEZO^!@2)?5a5vd~)(DF`SEs%#aWuwzD|^eRO@SoB!7upa`oW8n1g;Mn
zD&kA<<k!{Nkd&NeuXY)Y#_6}C-fHS1+n-hU)sc{Q`yr<kMYiOBG7By>gWYE54h&9y
zM%Sg<5!@M@W395oYLyUlB{b>S>4?#Uitz^$*rD+@vC~icZkqlWL9VxgF?=bIydSFG
zR<1k{>e~ys4aL{$Mo2%No-WPU`{>>}XeU}{$Nx~tmO;?TKv*fZEH2Q~kbm*T_I|)c
ze^|z4jw+CsUPm(Vu;DA?F%sGJ7oRUEHJdP#_E_ZOQZaxZ)h1YC#Y0pG;IZcx{AFw-
zol`O$hnNQts~+qHI&2K$J5s#gABBCpA)k@yoHadNFsI{Q2=q@)GJ;~6nfgK)re5(_
zk-2)qV!nVKwu{+A^gHOMmho7-?oNK+^mCUKEnKV7=0#_4vdK5o2o$hd%y%~Pxx3g{
zehZNaLsFH?+&t6s)~K1+U{(*fP!@2v#drJve`Xc}X%TwkqqW9ig40ztg}?acpelDI
zg;0(x$^Yq_&g?27uVL%*Q`z0<M2Qnk*1R8S$UUMmTPi{OG%_r-#dTQDHc!~>lzNPu
zLy8g+*1H&=hDUctQRhE{c)DmpZrN&G@!Nw%Ve6d8JX@q@kTxaF!OZ3AR#K_(>RI>2
z%xK2BbgIUfkwwckbcAg;%SrnAU4P=uq2N0T%kS9~0Ke&@+=8V%uGF^^$le`ZxdX|K
zw&ObQIib_wm+y;&&#C8!BcGxz8(;T9Z&A+_Bk>z!l`RoW%qsPHJx2QRn)OkLo{Zk)
zxA|(8y)9ER@A)I(8EdQq7^~f8;y{eG?eE0u&hjU1@b_9!T-M<D#qsmIMsvd*HGfDX
z?V;!Hjx4_SkZ~m)dgrJRU#0l+Fq&bgNv;k>K}NRH8Okc)k>X`*U}&pj`~E~Ot7m1?
z9HQ87vZ%hS<G)a8Ymo=nw6R18+7O+LOC1-c+J3Z_cp(zXaBX>1`%^?(gSAf6@OzBe
zWY@Y=j?`L<QO{DdN*ON8vuV}(3{&_dAcb-7NZquG<YOr~9Em+0hz2eg0w3sHJ`($k
z3%oSUm>QFp4rur)w{(QcRd%p{I(TfzbKD-P+TvI)_HRZPe(H~8)3bE~P*?89VDh7x
z;51bYz6I+x@brh*NC93I3r1=={8JxFTCQugo?t8_Tw{z@Hq1t5Hd1Lxv`di?bhuj<
z7E+w2#Ov0xd<CG4bS6SacXR6>Qo9Z(d*i()qtn_MrY!0ZT?zHJAb7W4xWCh3e{Meg
zNAK51=HRE)RzrHbZk1(^BJioW?s`~L8;XTJ{=^#VzaL<J5*^p;BY1I<X$qr|ny%9$
z;4<})N}{sVCVg@~z&B)zBpN$;sC6S~k`|WC=pb^`DPGgS{~dG9#@H7+{X7aK&gNdk
zvC8?wXZaD{s%%6Mxs}fSoX^o`{7*T&qv^6e+VbP{;uFC_5iVMtsbi0HCcLdRBeBPe
zC|b}#{T@kuhVRX78D2ekJ3)&AN)gV1jSL4IqK%^YXBhU>)p+8<8z!5#Oz4kpI-CNL
zv7%)`x9==jux!*6iUe+l&RVD~uSJ8si5P)VW<^H494H3AJ)S}}^CB-Ak|lz-W+UbH
zLr2GP3&x4lG{M*qYg6DO7M8B{Quxu4>mjDpO;KT(NUiweDU%NEQkGCEI=e@;C-W(u
z-Md5wE2SOk<-uT0^Oge_uyf-4qL|$i_wFFB=A4_^9@C>t;fJ6y=NNw1g<?68qg+r#
z)5y>8x-&c7jf|x&k7fST?k}^_9=gXdnLR<xhJ%*KpF9$lT+*_aA2OOPXdNkBXKX>P
zk{I1wWyp_iEfnU1$&CXO+3?FEqhRvpoon95l$fXO;-S6|prER|Q}FIp!p>e?!k&a5
z4SClzg5mw%X)e0zFLpeb3(irq8hnJ+q>Y<=_@B*RxJZ*W229`v$nSMGW_~|B+I=In
zyYf)V?m_cX{&812zFuy3wd`1r9XucR+l5O2@v`DX%%*I9e4XF)if4=8dmWqBF(-ap
zzrR&ac9IxaR8q#0_Xu`^Tp|;438f!*p^!_MLoNZytu;+x3mE;itoc1OIi5pEAMZ*l
z$JZ&$X%&9Zs}1kjD~OQY=k&zAXbGU|mM|2{+XzUvR<X|G(>ZGR4ey<D7U9>=1P^s0
zoQ>;4Oeea(-nL>R0R5amA>xHwMdF}EUg<&cM{2hDCm9c*SK!O#psU6_2qOunGO6oR
zhcK*dC=bFVH4Pbz=(zjs?%ctJkDK`KRc{zdbFB*ai`<58c=+$aqcg-`GaEiCU=ogq
zN`(Bqzt}cAX<{i)+c&Q9qBAf^R&Irhnm8z$c{`f^XQdG1aqCVlAoEJ7(&%~1B&ro}
zY(f{3;b;8mnJO<(+Kw{6?;Ih2PwZK(<~l|AXrXkkQd%iXITBN)9SUipGjUiC$6~&9
z_Ry6>i$WfVJ}H;-MRVuP`BrXdp7cvy>bUPq4fqsM0_Fl#Mk?q-Hj!Sw)YY}X7Y1lZ
zbXTJ5CRo#^(}9W4#0hS8H<d@=!5*{yBe!Jtr`#n)Jn_3VuwJ@2Vv}4w%#SvVqGTj_
z?#o}RF&+ZfH|~5+Q%2Um9nxAUorPgwUowis^W<jO!}@}lfGIt5>71h}p2rXVN$fpo
z%1Bj6@Nlp~o~8!;Kr3|pjn*x*fid2(?EM80X8V>?WCBZxe@BLYm?7d1{q^6x8vg`?
z%nLnAZqtA-Zo$2jobmR;pB3lu_R2@r&T_#O;A<S4K#7=_AIkS{c5R>c&H8IDG5QF8
z!yz3ve&N*~5cvEEHs1<qSBHNp?kD(?SQ_&E-QW2B>}vcW*^VZEru(R?;znkvd`cJ%
zFypt-Co?6r;TXyF0_`kKlE9SiSAOF|m{_l{t%wY$r=E2G!g*ym<z>LEH)w`&0oznS
zp$E&ToJMbWSG8RO>Z}<Y=DqxYgLY@4RS*BnVJ8}boe6xLcA|v)#<JO;1wwqE+jIl#
z1%I1s`kon_IFG|n#5d8zm0B@ZsY!3`gxU<qZJ~$Cf3<|rE@d@BDYA|8znDh=`D0Ym
z%~WWl?I8D`!^#8AYUr10=#Od1aqRaDnugO8?It#z1IQ_LEdg>LW;B!&uz+Q>8f=Tf
z`hNJ$7B=zI8b@Y~X?V_=N`?v*38d<D&->csn-IE@)UZ8xlkKTdem%6hSLM9SsxaK}
zNHLtir2uDi)m1N}XYPCn=|ea9lJXmLBW>BGPpVsH+523>c}JPL<5=X)(>j@o0wE}S
z1w}iscEcz2tLlXojV_$31U1^z5mI^Gh2R~AqIibM!~Lp-JslERd|-hl34wN2<R!dP
z7d^cinLOfQ@&}M}>l8xB73j*|IybFw(Z#!LYl3NQ4<_xvUQh&&6hq<jf-{T$Ro!Id
z`<w7zypO9eQ~J)K5d-Ccx(mz=44~(-fT;)Q57p^S8ZfLdb3-ndVmSdDan`;245#xw
z;pWVN?GvLLxqQ@E*O`Jw$mxN9!Zl3-+Z!3%k>m&EYtrNd<XlP=WPjaW_eZCzV8hC0
z^zjxO*0-f%49DPc46LY}wO;+18QvXrv%_l#npI@_BrCIl%|I=@LOUV8$+B#ZNSf;^
z<c;_3&7L>+o5D^z+=0Hn6V=QhQYy1WC8~q0Bri+UZ~l@SbY=#g(a!w3vPxRB!jr^o
z6q_FSPM+HGt3Yc2*;zH`DNf|QXX5~LqlO8li*GylMev94)ALj}Jnp~`PkUU-TV^Wg
z)q97|rmxAI$)&Lr4Aim{kws`}@BZa1$0CRdPrTZ}bE#`jX>B+44VJ)F7erlefFQa(
zj94``7Ssv<O=D^8K#?ki>sK6lz(eLZk)OgW1NEUsqT7Vm@0*}G1{9N;ZNbF}w+WDd
zMVyi$X#M?RDz1B12^^C|Zr#e(cZme#ACIS+?1$P>(;FmAm#88ESm}{%Yy>+bTJV9q
zNlby=ly!+~5|RK%UtS6o6I4Zk(Z5}xXa6P@tB5UB7n^6;En8SYO@WNdETIEO9%r(W
zZpp%j`7;y&Deviy(X0W+?71ywOBQRVxeCqOw>w+^OW1HXSMadmp9d)&ajL#zj^){=
z6>hK13d?~|_cxP7s9YfAYaYA}E+eR+L?UiYh&;5(s1(kzk8^XvAp`m>o8XPH-6jwP
zaB1>5jRgGX*~g(FiPP|3nM#DR72r7=EE{~dyy8E#vb)^oxbD^s*v&q`)q4!G*8GQv
zpL(_Tc>{?K@o60~<o$^9py31VQ3^c|gAnX}J9yNNph`eBMl26t+26ztrm7jwjF5wO
zc8fPNGnj^!I@0-vJ6iE86VH2qCnW0w81M{;6K;aXmYz`&SD|O3rvc}EvdLPn6Ifls
zxHkYrJZ<M)wR#`u!1adc7)go0f^;vyq)J)$E(HQ{#&32q+c`HwmiTHB0js~okCrf=
z4L}DsLt^;z9RYmX;@NW;R)!!HNccwi9UTDK8KXTV)j@fE7Q`D+>r^H;)Q%cr3b_A_
zHaYsUw*xk6JyM3LDU^<t8#8=FERbKU)RkP6y2o4v>JvNUZswe=8se71pQWBwe^O-#
z$(Kd);|f0~r=$urgyekOsm*xjWXZ^(ONPG-n*5OG%^DR$rMZ#8=TKq%rBeD9@7O{0
z0uQ_;))5BOMI1q^5l14L9FfPJ0eD_Z6j7?;KM#ME4A}&sY`I3lnFtJ{tHG7RIlZ%i
zGLT{h)KlOEwg;FuK=K9bdocp7S4A0YPrCkiHP{2VDVjQ_?kQ<UwB|>@@aCbdwIxS2
zB%3)z%d<2kgR~?KdifyIE?3I%L?X!}F*QM%$ev*2mf(0uRtg3SO5qLuPSfbL?#SLC
z*zF*K2L^=ZM=%<GvlUTU4R3{bgj#jH%ga)^#Saz$)MtW=n83lVYH(JHa0NhVLII|h
z7I4)TPe>+Q1A>ijsAU>%_7Y}&E3>1P1fVZW2ViDLDBwVx^>mQ`d(o$y;!E3M%+Mmf
zxor;`b9a<=+*D4uZ=`#4YR}@3$}nxoFDIr2Kb>X2ZCLxU>Bi(Ut(}go<61v;vmpIG
z%4$_G*BF^xGpiTKy2RvGs~`S1fvQ^3nZT(a^VeQs%^Cyc<CW!3*(>p!UD_yuIgD1=
zusCc{9KFJH%yJEP>9>9kcVYGOY6NR<eVrdHT0cx#eKJ=9XHQXGvHAKh;8+_H)&LLk
zu^$0KJwuG2kz2FO)^Iv_{(z)51#C2-)s9%Zn@F~EhX?KaqTPSJxsD(+vpIFwxE;dN
zd?Wj2T$8Pv$dvy(DPRmOd|}^g1G)Hnd7^AlX@403@0t1Zo``;PGNHsIl9@XtyQkzf
zfeYGYqTN^JNu!}VaW<3(quf1YLqHf&TqO#HKTh)~H(#7Cm%<pzegz5(v-CHW{%S_8
zi4wHnOU@0itoBH&k;R(L#hO6sTc)q)G-qmiV)6(b`!RQ_BO7x>x%1qznb>(Bp%?W6
zpmCVcq~mGTK7(oBp?nE3dogsn%-rs~OE?rxrZqq*(2M_#_2iXaFH*OU?K28z#uE@y
zvqIco6pe2!kE~IYf*AFHm{ykz?}Sz2+Z7cVRi%wknQKP2xbP6sK{xiXUjUP(TjPV_
z3=8)GUQI!g7Uv$UE$o1Z#BTr|CW>3`7v?j0>Zah$sf~lq&Tp<B2h`EThu7o%MWhxv
zgaNz?EI4i49p*)+i9H=%ZgU^W3h$vZpJu<nNU?oBTpOA<e&1VuY;sPn>Lc!2E1_LQ
zty`8b9pc=@jBsLxOTRhe>NfbkQCZymo`)F4)FSqBf?zj|W0W>6$$!q8>AFDmOr*qM
zl>VHFwxvtGKZ?0NRD(W&23Qq3nC)x=cggYM#;jLU>dj}G$k`+j((LdOevh3%xciX|
zy9@oy^La~*JpJeN3jKN{@|J03cbG;9r_3bOiHg{FYFvr~fpj=N9-{ax>7Wvl3Fv;N
zaAQ2t9Gwpdja3|;iC)Gb{lm;v#SR(@otjt{%+4TNiHkzXY08?WGqx)f2R<W(-mgl;
z6$DyoJ{+32^!>ZEDoFN6%{pN{{N5C}5;R`Sd^$A?gP+U>GxYNMaJWiqEjCAUQD!qk
zDj5Q`6||rRZWFH(*C1qAJ*6PvUSkWg-)41b<AzPSVL(XZWOt@JVaq4{qSQESZMkWi
zSX^ef)LRx@zEKAEPP2)}XnIY*5KZWQR7$C&J)V)v(r*JATwq3bSqJsO^3m0(I$tCP
zW3s9qD{@gT<k(vP2~ZafFb1>UObLvN1Smmz)DGs%N2^{W97YYSGz>`o+aqbQ6->vw
z)aw(YIF87&z@|PDzL(~Dvk5n;RK^eEjA9p`qEl5imF4plFF$@O*O|)~F5$p~iLi1l
z_46*h%12xB!>&cx%1b1cK>qbzip#En!IE0Mnh+AA<I^xAJ8ZiTe*?&1?^fZej45~O
zLpeVx5WbUcRS>6_7)>pL!_p7sl&q%>K0B5!JLxJ^TduqbOiJ|^O{DphHM+w6TMv^^
zWLO=Cp}M`?OAS_Ix}li55G~Gms3`ZA;FxdBj*D(I4p-elTaJ*=pnKu>8c*YvdY)1N
zGOCT$RE2KHPldvC0BdMV=pq#rbjS9ln%EjQ9?C$cN+ZQB5mg^;Wg3Sq3-wM@Vfw~{
zXdZW4MT;o24%>1?!Tm__?xk(CTZ@wlnX;|2CMr{xFq(DjTxPRyT+`ZD=kAzVGqBmj
zWi)+EGj;?_-N=NZJ&8jTo~yDw9&FFyotvWhrZfxGr^t0Z@oJ8E)nfSWoxW3~(kec!
z7Wm^G4@mz22n50u57oe?;z6<<KSf&n{^bs~P?5Q{f|%$$yhd2HwDL~!a_>&Ev3Pw!
zF|P5zLD?6~<FavPR<l~4c~wX?VV2^=XQJO@;Oo*MtG}_CPXyajdB=T!;A3<1&AC7}
zWIDvM5qqFbOtWnhFh))kPYBRQ9lK_M9*gB2JHg0`r%sO7b&Tf+<iKBwW)5&1Og9#|
zlBDz9`MUa%4M-0)&eA*i8Ck!`m2t!WVKG!M+ing?%25wm`{Sxa&#d*1*?Dv-DcnCX
z+%HkuFLCCXB2JnNxKPR4(D=#j0?-UlC{%?4lev9DgKSJkhMTMAo4vGMAVVai^85i5
zRey+<Q7^eHSD1Y>^s7EIubOnwblZ7Mn~IcCh2;ZC?(}n6GUMQ>E=S8!?=kY-8Q@js
zq#4S9S2s-JFddt=MmMCEmI=)S!3=6OrvU*2bW3?!2rt8dGQjbXw`6cK6K+cm^d(4%
zl!_{_s<hJrY2Z0IXsGZKaG*MuLJ-#)>j8VwH9m1}cL7$lLp)ivY~r+^iuWFmCo~^3
zDlIE#@h_1Xda>3A^arN`(8E#rL5xLi#?|2~4LFbpN!14Ih$#bHP-q~haJD8YH$;yE
zbP8H*D3{V>djy#9bhX=ebZ7%T8*EM_wU;LvYn?SiR<KY+=_P(kobOL!51U6h*RJu|
zPWlJ^)XR`tRGA1pdR60cEiEx1f0|bm4AtwhsSrprYtgjr!O>Uu`D*oE8LkRRQ4q_@
zaLmMQ9J>m(M4|G`DklRzYX#r6^KL14k0c`(yK85-v^*2_drx5$vQm!xO^}?rSydah
zvoxXhZVgl!i-ijtlaf(6aI<Gg?br7U_F-Rr%0F3i53ZMAACr-{w)Z<0=uwrE2@EVj
zx>d(UO9?BpJt`Dws1pbxt3&3>Nd=2rs9KnAINF#o_sHM`RE=y;<UeK)T*sw)d$kDh
zboRoFoZ!mZ2+1V@R|HD3{)q^2hF?KSUTkMgnDs~mS{Nih5``#0Sal;8q0)IK5Y=4M
zO<8t{3?@()ChBM5oL&GoD14{MTt3oB3OWmB6&8>yDFS<8JC9C8aVr6VRlMH0Xe25-
zOaur3KD#Dlz)XZV41~2CW(sa26kA6P%%L1sR15z~s?{*jKX?Vh7uN;@ho3S-s`YSd
z-NNq%zts?~tCEQ}1%09S&hNJD_ZAVu&0MA+=>_MNuYHRB6x#ypbkGW^Btk>YL@Mb(
zKI6Is1rS04qC-eQ_gcoa?4k$K7F%{$LV#*baH*#BY&C^V8i!t7Q6fjVbr6D{oQQ_z
zS=`5HI>QbKw+!z$6QkS{qM^BJ%i$i?dxR$srNx-78Qhp$M|`)faXQ2h`Ry=*OZxi!
zs>&$ZY`kWigsrNtrkV`*i&3<WYbZThd6A}TTwfe6%GPP(Pl+Q;$gB#6uog?2_LxvY
z+NZtk1B(+NTZ>q|X=y!pQT^Ij)fxmWU)a`(UXLN%Nx5i?I5Vrb9_GN$)=fqa5@IXh
zxm*5Hf2CQVuLAZj8bw#>1s`e_ZMMoZ?8OOL+kKJ(f><@yG9$GFV1Ff<Zn3~J9?Fx>
zHCxCO^;9_sj(_^sIPXo0rP)pPe9AjPTR(jqcYK^B39yQ~j~Z3+asy#gxnY>rYW)`*
zj8rTyko<($5>HX8zJ^e%;t8{hI^!?v&Dtf48I)lX`-Y|OEs!wzte2<cu93eBY}T?m
zjtV0=cjNm(tCiZnGSIjt++eHO^D3WI@cA|=H`z=2b7EC>N(+Ivr?TdT>aafzjWX5X
zE1K;T5=j*x7lU886b}<?AO`~JH^n6Z=Uxf^2DP!JTBDWjq*(PRe{WKEWCv5Fro+i@
zw8i_8Ch10ZN!W{i6YM9p;5yxs<7d!wU!mPyChe4L_OIA-yT}emc=+eOJjVKK@RR6O
z#@{`N*+**}52HDqbSuR=#Q85iw9y~2(%WX}3=%z80&~rcp=;T#+?B6GBlz^*(;`|7
zuV&;@c*J{MD_5;v{<#ewqj2dWIY7!6igW^dV1V^-$z#bR{b(v^^5ez!Xq|f_#Y%VZ
z@b8lng`!|NwT0IZ<+nYdfnK%nO{0JfaHBs&I`fyj+qC*53Btvklc{*c33yNmIhL*{
za)&HR=c<+>iEMHIE)X9L=gV+yc)Bd0J^{N7t#REZi8g8N(5M25TY0ET9U!ZpXUMHG
zMKb`f`;SU1G|wCH8KLa~47kde!ANCOS!!(rs$qCV@GjzLIDg!JBQ%&?9vcf71wn+S
zK5>s<R|nkHiZh=kp#r;SD2(tKRIn28WPG^PK0k5eF-?=2Evv0F^L3~?5e(GO9>W26
z)fyyk<HpO-^0PRzcoQGu;d2zw&?UZm*f9qr@`?7qq~B@+9Es;YXXphF7dmg$$1kf@
zyfJ#7o36BBIX(}yoZ`zIzwTJ)`AZ%`g+qn5sk(-~3g3QxciQktX+tb4zm*cLNUU`6
z{nFi=vj2lGm}3ijf~26Kudl7ZtG;Jy{L;)eo~3n(9n1)%t7{%fc>ymq1U!@BsvDeu
zkLKN<D_WD*GlP!q#MF**e+fD~yy@?nKI%=SSR*i%3OB8nmg`A{EK3yls>D1O67?9y
zSo^i&XDUkTb5VXpU0nUJ&89-@zpAZ0)ps)|bUJwp)S2G;$y+OQmNC92{nFDoYQ*;A
z{boW>H1pipVhn>EOP)quRjp}@lUCNeOr9xgdT;*tTYLFbH*n4YM|m{G;9hscy+Bj$
z1h%L>9~^~B6nY^_@G}OZ{AQQ`#<1{@bM0<zUkhG-UDO8|RmG%I&XL8yfG2z-ofP0)
zh|MK$S%I<ih>v^3(+S}LO8f$@YC5e<wizx%5!YL={x9*7)Y~qPwT5&PliscB4ne(n
zQtc5{nmIxVe<SGDu&<mEx(BNr4C%ky@VO{c7cfMAn;C19jjxHU&`J4T4$}t;dL0rD
z49%)~gEk?OiJaF~#%@da;%|gksDbWpYq?`^v%fMKhAxx0Gkb^m(B(;*e~`EW@_~?@
z?{N8k_3+=pteWr{S!4bKHS%3aQusccPhY|r9o5T~1q|lw7C`Gb^2INski5B#kJMip
zOSC^$2jwXIFlJO<OBKzzDy_x0J{GnihFybKUZV|alPwM#?T%6O%V;_H>dMGPWJ+dp
zKxm)u2`k>-GW44!3Z<Up#n5Nu0{Y??(|*emVm;-lT`UjAR;@P4TKw;b=lX%*wfeVj
zil(Z}D#QlC)myx^zQ^__tx&n(p#=@1-0Eh02z9R(A%g_$h;9KGLHP8e&k~TwJSE}{
zjQW1k1GR3NV?v#vP>LV%Llgl{e-#1v#bJvCRM326;-QP25b){q&3Ptuj<M6Ung(Vo
zl|wOzSY#;9I5D;WE4BdgEW3Fl{J)2P-{2TEmK>HEWS#Q`9S;L*7ALFu^ef&+_~|iz
ztuO*Ss=DxIZe&pH_2DFUi(Pg8J!G|&J)SF47eWHXSdqwl4jLNGI$Y1HUe4-J*hAuv
z<FwqMLfKk5x+ui;j6UJ3c?B~U2VK;t8M9?YU4{Bh5L}gY8W3-jR&uY%3yE!x&~tIc
zsx_RJ^Q@LrBgfk}D`|Tz*vg1(2xI#X@O4fmQi=F_=$9;-M;&=<@~AZ9Usp~?d#jqE
zw`K}(dy`^wQAcKB4NtLih$&QAPFJ8IAe(}=SP&1hkBgOeNA&nzje_h^WiyYx4sou<
z<TPN^N?;hm*W66W(P{HK>E=bM)q1!$NX_$d`P=33CEoeqVdR-X5aW?ECxtwS(tqB)
zg9$0u>U^+gk|@8Q&gWk37eOVr1?06)*9%3{6rvRO_e=3rV{1^>y=Ywq?ON1SUW1|9
zyj@T=!Z}ejEc^Ttyg!D(nj^yP*tQV^ZMHj~3h)-m>q{C_JG9JX6d7VDxfhj~>T_U4
zM}&xuzfRD*i+<D@{B$5}bZ}0oBsc)=Tn;zW0<irI)q9OnN+UjtXH&0O7f}G~d<V+Z
ztdcJifRFFJ54|qq*!YIbx-hd*Q;*oWa)@EF;9rz8=yo*s44K2HA=B>*C1ercQ}FE*
zl!mx0p{$y8Vrmi%Qif436d~8Ww5Pr%8AvlW<qsb9Sjvw@u!WB5xq0=lMV#}a(Y;_S
zj<TO&64iJ;11!qZ<yG(8eH{&y4J8r7IN!L|uGf4(EOL65k<dG3@L>d#1*-IAsrcV=
z2Gy=g=_)3oZ9wNH?J1L4M6z1Ck~sE!Wb-6m>uepy8Cvf!MVp5WYCV`fs=EmNwa)er
zak%ptd=jqqF0XmwDsL8B0+A`2^b1KKMSnH@+guJu)qQXIczZ3;8m$Y}9bz3vO8_Ik
z%8S8a_-Ma};|*~#`?yGyh2M1I&0OVE$s&lMa%s_j?)qo7B~LMEjGQlj5$Zjm)}ET^
z;`!Rx&1G7`Hf=S${y8tlyTISir=w6+gpg`S{!qj!#lP`78zQjLr_@XF0XRm_nk>K+
z@rhM*VPOq4Vp5gTLIA)xq~#$;jPFKAwd_3)=$R64FdbdRJWULGSA)>th%J}P@%}X<
z@_{WZ_@jbYUqmE;RmkM7ln%;Bnj4_a(xPdWzU!}^rccYHOKZo>1p$9}XA$@pMrx;T
zE>#qKhRb}L@biv{Wa&UM4@e?<0}Um()P57(c$Uhc?;*#Y<doTQglFgPcRPr{&>~kl
z=cC|^Y!Zz-1?}__u<%BjIULS#SEjK9dFqcF!zlSccV(1}jRIahd#xJ1<2RZ!lyPFi
zUtOnChdhi-@4SI{ZXZckPXUp46Ze=As2WcszvW2MoV3(|l)%7VT02C7c%pC#^QoB~
zw}zz{!WBCu5d-f5LP`bewuQ=9ZW|M;rI;g&+pjT4@6&8;9iBtdMTKtw1wN&LOT#Zo
z5-p)L)o|34&{_-7s`4%Pvxa>?HJuyRpPZ57U`%>npH&(Qe07DdCMnd*HwI4HYBoq@
zb!L<>Nr&aRg%VE&B?wsICp`A!=iIk~T(DegMh``IJur77mx7m5BH^ZtaMmY>k?&6K
z7UEvvza6zUH%pTQ)>zpaQntoN0*o*qvt>VId8QBX1AA(!Km<rTLe3otm=QkAj}W^Y
zosoXFbBU#Rui=^Cwmm^$KDx6ED-m6jQ3?~6@^rcQos((sB1cF}DlZ^SGA^rGa`GQ)
z-G@w3nkcg(HL=PpkeO_LmT%I^xhC&xa{D#3jM)9Rbh~2vwci4><WML6vzs{_EnfoR
zzX=oc?!d|q&7Br9ETRX#h|;%jEm_L-cH_B?>Cm}Ge2uTkco<36EX!aJRlF^1JrTbF
zYhErkKf$q8*S;{@x}b8ZrN`nVsh;oyGl#$=NwoG3?~iYW1Z2t}n)6X@A95kBc0b*c
zH<l~-3(LwU3U?GNC=HCTBSJL{LP-Fzcx0ljq$EHP()z$dOe)~(CX2)+q%Om4G6t5R
zTHom7RH#E1m6Y3L&C_KXf^fHm1xQIv69MDLW_9$TYGf`v@CRQ(<@3c5hRB~@Hr@nY
zz@Mu31C<M(MU0M8?LWd*x=Su7t1PN{#)IFVJ1)1>Vr-kCGiXZ=2v?CSQxXMckh^$H
z!-Z?<EN?~YTUG>Y*w1oqmfA%2S~M-{iwF6TeaS~PnH@jF66@cOn7B{Zd}8~0*!=MZ
zi!ewI=J<1h?pr<x+jp`hAT!|WoW2hQT=^5Lh#UCF{F%$^$WXXQU>-(99sYckktA%x
zo2lQXW(W*KBF7JrnX}SBsbwVL4R}KqcTA9a#J>@>5#F-`8E@6O!_FmwLdv~bFg9zp
zO06_f$=z7wgV)z?brv|YIpErrpkYZ4Mn>la?Tx%J39BUoayeWWeI{OUs6q^uHX9G~
zTrdDZFZCUQUMA#~dkFHw6uL3BlIg4@Hx}at)PF#Y;r`g-rRsl_vO_QjV#cZDW`E3y
zAT^xQRAank3<bz>K09^lbQ-l!G^0t=2eP1@S@4Ey9WI(EOME{zASDe$cE=g$<4Q$&
zw~;4TWxizKSXA<ps)=-nxU$nc%QxcC2E$ZCzhE2f<B2Zk-M`8U^UPa<BwBRG=j^4|
zq4@1-2+7<xKffj16KA)m3z2&6t1OAx;$lJdMC|}JkRUMQYV5Mj2aVNF=!TFbPvB37
zHk9b&q;$}fh1g@PY5*G63alcR^nx)2&PR}Y{>0%KN*$N+oMxIswtr-F6E2<oHRivl
zp%B6X?lIS1aF^U*Hg@F@vz41RK>vlE*FT0Ft=xfIZ=E|0zv9ltaZNIr`Q4=2Y66(V
z6Srmqng^g~f++!SsEvSJY37CvWXqs^4-PxykaOz#`z-&wjI50yRTzH2Lj)}o!q(Q9
zGm2gaM4=jeO3emv{Ji0c{onxuTxI9g2`B!PN&JaGV`GTfp#hb5wPBXzcBni-@T@8@
zVtPz0*)X{|T8MpK!^YivQPITPy*)+O4P*KGa(D4?i(yf-)I@uoSjeVEE?V6DNRWXM
zSU#$*5$;yUo)7CFJZBbzA$_}xB)R@8FN}S13ByVReS2YQNtE>2^YPyO<j*q!l-))8
z_yo)YnHf~a+w)x^6vHjj4J%qc2Sl2A{K0fVyc!A%%0Su!P)CUuXjm|O+zRBokkyAS
zMTZ2G^m3Js8g(v3uRfWO`oHqdYsIvlq=V`Z)WB|9JL`-kG3n}%*s74w##xo%|DE_i
zLKe|?#T47Q%M7JjDwaU2xWR}SWMB#husJF+M|}FD!n8uREkQO;^`Jjv1hEiGp?y4<
zL#Bj5txc8QcRAG`5?fl9CRn8ku($h}z?67i5>sk)9rg4TuM#ia55D3#%ojXaWv>IP
z10k{>xnw^LT5pN<RxOJQSACX-!KkC2cHcpc4fmA_@_{QcHMAu;@!!7}PQWo*iCkZ0
zacD+9LU<;p!V9#1dv!M)MN>cF4*YD_^hBr2w)iaqzK9w(6=NVpW)5i}zC>}K853}A
zgflNsFuGWV<8(6S&|Co7{&w6<-ge={r@{C)<rjG?ovMeD`i_m*Amm!<Fa@T$YDwi=
zXdj#Cg({01|1Wx|R(Cj4KgJXD5B><=49zH~^6zdsi!WU8eU)&#HN>*lZ~l2Pg~slC
znV<xxlDDZCpTKg<^%F0Bq<r{CuTcIUwRIc}W3RVwe-n<OovX|e@9?!Kc%De^xB+*5
z^Me7|jrd>GM6+K)cV9Fp!&8V}y8^%sZy}JRVoK5rxeCm+Ax@J#0iG|}7GKD6CZ+g<
zy9)dK&oA*ecvwcZ$QnZ2a4M$rm5F&YdTEDMMs?`6G4v{Kvxb(+KhjYtsd@(<f6jvR
z3nG84GQ9ZihL&%WrbZkdbyKa;Zpah}nB493k)R$$>=wAWsc=oTm!UM?47DkD8Oapu
znE5(<1c`e(r&A)uktGs|{5DVzjC`G)&kMJib3{<LWx6UD8Xq7*O0?DJDJrU-g8jth
zW8_7UEvl4%)q`33=UvU83~;8mcWdx^$-okm%I(&qwqLJVisIlz-!&9mPqYPs6NV-v
z7x@t#Leo<Pl5er2n;cWaqYQ{}LTdNVh14u%w$m-!Ly*t?<m~Pl+y=U2zNnStz58r8
z*VYjxC1g}3)-H<cVApWwhFY{(o!%H%^dazbj1-^AL|Nx*%SoYiiv2=|v79O;2Qa@_
zE!tZnw&yGSyXEYj@=yI-zgAApxZceJc>It>LcrhMgm*3tXLfN<l~R=X1&Sw=S|rKZ
z*T9q@{5F_Vz!pmia5zo`mX>e`jAZ$zDDrk+wCb1j;B|qSnomb6+SD2&n-0ey{d*X-
zzCc`n+AnsyG^CkN*n`fuo2rkNSgKC>_-x-|G7d(tKk%-UceeR6KB1if$UFij9<xNk
z>H33y$Tk$$B_ek9D6p=sWaNDW&9JhuzU1Y5TrMoJdb2egJ!#yGA^uYWO!s&M6;G$w
zb7rceYJ992WfV8}%y9n#gQHx{9FC)%QJUaUal7m0CJ$n#`A$KiY>TuM4Eg{k`@gc^
z;cfzYwM9eJLH@JN0JJz&JacwAB4_*%ilwn#Y~16VN}ck2GTZDZ<?V=K#BK;t#x+V9
z{S!>M#I2tGyFAlJypVe$G4vS|`Dy#GB6ocq?i=Ujz!wS8TO`=ZEo80|0&S#_hLuRW
zg*q}j5@6S;nQbzNO>2i_HygeVGRbb$jT6B+{X7)*b+##Bpy?A58V`-XD2~0bg~e9*
zuwx)ww>ZH-4%JGBS-1$1d-lqZj72)UTaebUo8sG7tkInR+SU?RxE&>95TQU5?^3xj
zCShTudpX}f;564#aDGy0k*Cwlm1e2+5}AgS{B)|opismd^LmY_=_eUqgs)Q+;awE5
z0G=KC5G|RZc(lV<5wEMUGKZ*wiEAIa6LK3(Z;lsc(KC3J&RDytDH-KH{}lPtW=ZDu
zdzFl$C;S%w-wKQyRbMG2wG@cZ;r&O1t*Mgy2p(>u7}F#urwi4VutL>QYwoZ}_27rt
zhzG49s`ZIs4B4IL;0H=szZ)55L7*0Xc74o}bpEn*;d~EcDBQNuOT(M$LG>k4oL5Fq
z@Si8a8|cpnKajwKOX#SGz>Z~8`JhEj$kZ$dSxw~7!w!UxNz~u`*4W*BkSl=iCL8lE
zg721SNo1s;3N(knQN<5utwvKUsf74)SsY~w1bu{nQ#DHkh8(QMtiwH5F$`^HCWdri
z^ro~V;2Qz15g+woHn8h8No?vhsj%kRx5;23x723F+9xm)A-H4@w$&wB@59fOvWe{j
zy{h;-Ufn9iq$3_@m_PZ<dx2%O=i_R->&2Dbg_V|OaL2w)i$pW$<KZU&`(A=RF_d#Z
zlIt#{gF|09&98M@o;#b)xt2Nc8H+@osV=p<US-UAEVJCrtF2Hr=erhlk$H36^0Nd>
zWkU~sI}2s?7plZzWNLPs`aaI61?t|KV4n2aCe~&mxq2+9Hd!B*6sPWreMS5B{RAfI
z*Z4CT>WW{~$=LL`uBf^02^rqgoWBSXj>tUwSwe@!l@0E_z9&47#`Eqi3LCwq%vMY~
z=cG#I*SP$f(>y<o@w53R<07~7`+>#{hESL)eT5{%@_zSBS=<){%9j*hbktL4F?)mF
zQam|=+CXVV0s)0gF`+*BLGQ|=<@-|I^b+S0K_GEO5@{e8r5>mjGO^kHT_*@_<3_sZ
zf5el;a`&rJ?+te>*QU1^O?AP+l8I9K5JdmqfVdNR>jDb6blHUH{*FjrYzrGoR~L+G
zosH5ww-xs(`@9QjupYlyZEk70GKE~)5MRO(K{R@lVp4TV2NZm9@9?1(g<PCtOz~N8
zv2+wJSTt2{h%j>Wli-PtFip#T6&+Yv3v)&_gnl4C-n_zK%sJa$fNXUQRQ8F_l409Z
zYN6iTQMY1z#!LpD<bWf_E)Nd_%32@#4ejNg3|Ob8IKAmV{aGdU18-!JL=h8^AI)$O
zzWu$~SD{omi8}<-wL1|^bF*IreVQCr`%pchoAcQ+ahe6y7r=$K9W+eu2kWFRdD^cJ
zhzSh1uCZgk=?pGw6`4_8Z4M4Cuu(|;o}#WUPcNmLZm{=%mI@fgqroay1CStU{u-?j
zx@RiK%IhQp>Pxrb_Jgm5I9NXgMt8F4HZE%;Lic28Is#U>_tANv0b>Q+g1G>t4}=0M
zHR{(8AC-d?sZ=S2Ae#7B#35EmL%@6$wxi7QmUSeanmOcik|vl77szo;-i+d=b%_Pw
z(+R47k!r<!xFanKeF4XWGQ|$;+&CS<um2M8WYm!DfC{p~_^%qXKs&eI$QFD!!_7hV
z6>d74Y_4n%BAZSn$QTuBDXC4;5tL7uf@R%XVB~DoOOGfW0tcP42{w_#t1j(T7Y$Vw
zVH<;SQPu7ELbfHTK1L1EHA=wgxSOTQ>bVxq-%4f^2&AXO=K%XH<>B2}T$OjWL<JFS
z1`_$<Z8JGh7unB0h32iAt^APp=`Ri@CVC|vVnf^7PKj5Rg|}7NYP+W4<q}~f(jKqg
z=^x<`gd#mj!L*+t+2k;a<)Lgoldb%HUimmY$K`N(SEhvKDK|yYtZ%|IQeCB3S>99+
zWqriA_HF>Z<$a(s1atL9jvRLaO1^1M?P#){*N^Q|zIvohbBftuHU#Msi;uW$+kALM
zR4?>`zIlkoO6*mFg;a}l2br8xh@qH{9jC^;#9qrGM}LHsdKKj>2k#i6i9Yd_Ux~^w
zIE{a&qt<t~cV<<tW~;OP@DZp!aZ_}6`^-gG$f86-GB_)0)yWV;O+a|a%xmF{Is}uq
zU%@;U!wWAksjRD%VNN}mQo&5}uc2s{R51S|Erkdl>5)i_m3pLQ6fy)i)$uTp##2B}
zFX_O2;3rr>xrq6WCjj9CcGskI#orW679<682Wdkf?HOb$J!)Rfv1_<*E}GnNug1WF
zBH_|40mMgGQvz>w>lsjZ_235t3mS<<O4m?-D&!RUjne;2h<uTxD_}tR&!2(BfBl&o
z;?E3!{W$>6rl0EYD8I=`(KWf8zr<$9>e9~te-8aEHH<NW3%a_5^iDlTuR`zxu?I|U
zQwvs!zB=CjI4fnaiK1>L(65}?Br2z15FK}mbOCfNSPDd7M56%3<Tue2_OTGow#NFy
zBOt8tODgNqkBOqGhX)b;%2OOpEepE|kb=Vp{vmG|2K@LF>pC&d;?#Xd=wNxDYN4%-
z`Uh>Alftz><r`;5>v{%JVVu9T34E4f!S>WlqpdA=b=5|yg-p#Odb}7QUrHbPfnASe
z0B?Bb)*x`s3aZ&_Nw9)B87B50i-^>X`OhLE)$wL`UBfxM#sAvF^;K#Z-k1Dz71sT7
zW`m^I!mn=+zB{QS6;P1B!zfLK&LDY#{9oe2?c9PzKx}@Cs>Snfxq)qb&Q7orc?B$x
z;fJOEw?!R-v?3P#Mm=+n->=lu7xoc11VoOroBrdd`U!<CF8`S@6m)%L4>36`oFx@@
z3*41;h5nLoL9feQw=$vKal0^H-Nf~v*{wW>ZWht%V+P1naj)*RtRB*={JkYH`>&Kz
zX#Z9KX+_92gx+oOhywVEldpvDHbId03(GnGaF0uS>%XZXI4J|}f=yu=<um2q5oe`5
zO)jkQts4MN|HIC~C~xoE|K9;O2x5#V;#-=FZ-)fbYS9hA0rKwf;j%#x(N8?7O*pA(
zY$hF7I9s#>14@T=(|+P-4r}ikWz!$HUv$yk?PJc&VeqrB(ypdC$YP>UV~X!(jSQwq
zXe$YfdsAd2)G<k3$SL1-tmx+g90mg52bL=?c2$W!HPb_#Npb_;->#?*2sD!jZfW3(
zR2yq^&@gC|gv(d1IgUPv5{Pha*vPp^HCD|Zmya*7e*f8q++J`3`atXMrn1kXBdgMz
zAiVFRD)ftBmbQQqpFlu5f4pJ>E<FB&=T+5J(Do&K2IL$eykfF3W@|i%atu<fRjqls
zFA{}{>QA!*5+V)SW+tSgf|eM&@Y-kaG&!WC^nQml?<lW+QgRKmdhN}{2w1)M?iLoc
zMaF{4MT687{$1<-5t_LNb`V223NlCr`U$R{J{g|_X6wtrDJ^mpalx3A`YeOFn}Fyr
zOmT`b&iH>^^2&z<`30gsN#j1-GXHR<2%zVn!WzNoz3hM4WOr(ocGmx~rjkh-{HXJl
z@g6kN_O`X^*t`SuSMVHNxKjT^IWT5$Owpyw^lwL0t3}7x%l0@XH*7jTzrKiPHa{<o
z_<sSagr&6jG8&-s*W!GwZ<m8(KT1W&lV)jAEw{=)BCO=r<~%nqlC-Z?8+nt^^U&E5
zJS$J{!_~!wz4RKG&T4o77$gt@Rw*Cm3)6T($QsfMPi$L_%)b!-_;3nKta<Xa(Y)Vx
zx(lt&iye1VgdePe4ApE|J6#H7sC0`o5xK(F_D$Q=;%0wRWY2PD`j%Czkq&D^r;%GY
z4AP&g-lzJo7NtG3Mp|N=*K6OVn~mX7j-12~SUg|vTcX4xn*ZB2x<gtklra>lHWA~1
zHm5EUe8hYq{jI+RbghhixWf7u|2Wqao`<XuCWpRLs8|(ShZPFhyJWf~(a(y?$67bs
zKWIw^gU1;Ge0Oe#X3%+E!I6+;g&+U}f>ygiA^{%4yFjR|Y^$zFahY0lHNnUZ>cdnH
zf%o}?850Fa$9r5*|8p#RND|#J<@QVWKLhA5y>j9oTz7^9_%G%<Q0<gM;;jl3UDZAp
zRN;iFpQ3w9h&3eSuF*OKVh56%x!FOB{)dbx5TYFv0hPcBHtG=48Daa)#=`AzEB5*%
zr+6djGb$1oP0Vc0{R188vv(RoGFLmczbM2;9*(9nlDbK>vf8cy`6Cd2l1fQKaQa>h
z>xDa~MS8?562gJnY_P}KR6~%QDlHR6r*Zm*CCN%%P)<`|v8T@ZeUJJJr;FYdM^#A(
zqp>Jk;L!_)vLKAaSYX?|Tj#(m$JL3jAuGGvO{cGN1_o*ZZwKW31G|u6yf$J!3Bi9D
z)$!Toqsbw4r}WNmL{yA%J}fK(f$*_WtBs(de^3yp-$BtC{h0@_;;aF1+9mw!K;&3Z
zLa3DDj7u?-vP9tH5ziOk>QB1`aa#byqfTz4sl2hc4j==dh@)oMOW=SkU=gbn63GX0
zyNaUfG}D!B1gnClzfM9wz(MXmKCEH0^a={dS8R5PRLbSQK-Qd;Zilxxfn>W+)9P0Y
zswRQA(U1{*SHdGz&9ehfAmssxVyZO2K9=Y%lxQLvt%hQdZQRx5SCa^)Wp)%rx8fBa
zu4E?<HtGUu0~k#{+3o`7pB_V#UnxGXF)nd0FklF5w#+(k3SVn{6D{jZ_9jOO%SaNN
z#FhUuvAH<kPW79UlU~5ohFwg7r1DRT3Ykj4<it7^9An9EZjYUXDJ-gtq;LEr`pKNX
z8z9@xy`GEhabDTTUFk}H*iU{>j`c;M$fL|+kN?FBYc4dMl7+e+(-=wPmDV-ptHsBE
zT*VvXTtrX0PA3$nSr9rS|A$L6oJ{E4g1$rB7J<I6&*V3}czns5oAd&fT-Gt1!4xZ$
z|Ii3Ri51GfXym)NNE8AU#KG9Dn^qvslL!$@gwCE92XO5dJNp3eE9@&G7O%Kxz5qM0
zA>=D7goJ%$Iqx3G(j%0GC}fUDxgCBY{?&s#M|QAPYO*#R{1<c3{=(6Oa%Vc}zi9LY
zcm7rG|53`+Nb8+d|IanBzpL-FJCzHp&2h9csM%xkHb5SwP_m9731aw*M#0$3!^m16
zm20=7Pt42E%Vje>eid(W{u;rn?Au?6ju&v+67<Cq{4mkFNcb+_OvpeJcSpCu3okQQ
zS(}+I3q&(94kfr$?X}?A6;r2Sq{+B%SO+N)UM1INW}sK}6@cYWb6IQ$hW}De{ako8
z5P;u&)KZGR5E%i_&1ced1&G)4QMB`#DZ~XBh+4Yq9k)4dTVZkY1?s|-#;O{7DM;ei
z0m9Zt!SJ;*T-B>ma_=gkD_3t=hUZN%ETLA(YpLGerPsut>v#j0NN8~DGg-|p=gY!3
z_O{sFf10(jn>;2)Oow<0eJ{~G7Hf7v*j9hmXi8Tj^T$khH(4;AatM=FKFk56_N%K8
zPa0i%uoaD}S&V(q9m;$?M~u#yXl826T2T^NsI|9Qt{)|eM8KPy7f(}6t#2ybKTCH>
z&Y7K1f@8Rt_6DE0X73odS<tB=NqgT6O35*Q4sR6DWC6`MjT070fS9eL!xD4QY>NkN
z?pFx-{R@#(bzCkab5%!|rffxR<g>(w7)NKa9X4IS?#nS~mouP45^e6+w3s<hH-rnP
z)8c>iZeWhmmPHH4qcQzRc(|jN^f9Xp=N56#8D(oHqG$Pw3#s89Qd6?<B37K~XR*Eq
zXUiOom_HVV@pS$st?8yx{w6@x*69tghtLJZ4`BJp9`>)Lxp+H3C`xgEx1UAHx3COf
zS_$%RoaG^TB{me}0u~$39`B_)x5ttAh5ZiD#oh>d{L)#FX3fsz@2?~1<m141%423@
z=n&3_*@MqA{7C<71pOb--SByV$dybG20+aAJ%tejH2l)N$jwIpk&!~8x=_zv_v+x%
zzltz_X}xk~6(;jVB8g!RvD&7e$|nDrd7ZqMtx^bo%B?s=2nMlpl+qUzv6T}J#mp4$
zX+lLowrxZA|3Ryjd+bP;Wu{5VvDvi7;qqlHfgSjc)j6412Nn;N|B@9PW^i_mA$lc$
z%*Hsm7aiAGc2C;N@c2%b{;~6%Cms*KR684Jd9N-!!N7w$+_-a2{(?FkbY_o^y}-Pa
zk$AcNL9+<u&Ue)w2cN5T=I6}Dx+p5t;^)l}_Q@-S8rb~SKTg{~c0fggYyheVA&tIW
zk(b?8b%##E6MgCkZDvNRGyD=~g7#w=oKqTWfiLK_jjYn~>bU!yO=K_#MpH``#T6Z~
zU`DL;B5ek2^tr{3plg#V>$bsqJ*{`hOfkW`)i(=?vGemyk<^Ff;FbMj+unvX0i-O`
zq>=_Fg{d-^Z13ZZPPUR4Qu%BfLz2_+1nC>k&Bp3fqL_L-+Oiz%<*Ve4fNi2e4Q^ec
zl}+pWHOw}h-DSBH8hR&ypF%M}U-^*szSDoMHA$4p=hGM>53%7LGntTp4NR9x(!8}t
zkIoTvIr2*A_whQAF3a4}<c@Vttmo-T)5qKzj6OwrN{b(?f-m*^PjyZLBkUbY*oB-M
zOX4V_Vn}<RoQdWNMRPKG@C1>k@~+!~m5DH3Uexi7J=9Y}>@7i|J>)oef={xol8|u|
z@@@<<lVbC@;qt^>=74`_U}f<bpx}D8|36H919T-%&~Kd0MjP9<t<A>X+}PSA8{6F2
zwl}tIJ2$p%+wboG``$b6oI2g3JGW=Ld#dVJ)m6!Xu5#Z)Y?rqYN5-IN%xiX8jVS4z
zf0Bd##<9xzj=ugAu#DG{cNq4bJi2j2ARu$nwP%<2SX1c#p3HB3C#Vt?3B|M{ZW9C=
z%=@}||D!XMPb0*o>h$AA8vWq&8tD+<{ZB%rdY<>uLq^=>iUgr>T((9({RwQA&S3yL
zAROUPRu#9~;uHq{`@Kmq&WZAF`V%2Yci-rzEbp2A#*jY<(k&T4c;Or}$n|F84U8#t
ze#;(&P0)dUYYwWtY_<{6aPht9@*CwVK$c~je^#4yHAIl+ttOJ3b*hXD(m}s~%+I)_
z5Uv6sC{PCk2{M7|RU3~E_wIE@Nd4XPzZ`s-(p{l?s^9pDjrjE;P{5%wJr~ZJ|Cf&+
z%DqYY!F=BRt8y$Bj@(hqn7+2QE}k_P@<`2QOxNGa;YWf1KhQ*yV#wy;E5&CFRU{Cx
za0X2x)2t9Y^=vm%@g|{LQE8l)aWp%uQ#J*VtsHcQW3<a1%=x!>U)T-@|7&5xh#YtF
z>r?0D<a9EZPrujmn$Y7=m)5&odns)yd-k<ZYn0%b)x)Q=pzHj?V+92qB652aY#uxJ
z1FyHlF5*eF$d+6BDYyTWx8fsZr6O}ME_ASF&C0YBB9XeAK<mTgI~cOFnJr2kW@tFH
z`R`P2rC1!70unHI8;wn+`K$6o*em|HN*13n$mVGEiB?9f${lcKL`>O*sdAV@P*fAd
z{uN?tjADLYzK{kHPuibuU{#%w7CpFYZg@iPSDa3KoCLDusA5Io%ZymxTp(d(+O5}*
z``gW++G&jcmB)?q+c&`9d(E9n%(^VBllaC^-$x)1D)@ER$?98Wf(z8WqOV>Ex9<gh
zoEF!|y*fX~7AzrCzegf7chn*dYg!SWwRc))4rmnRiDad1xRm>IWq1xY%9mk5G~*Sq
zt>@Q$RrU^#2zw~@v=UgcvpiReVB5F(ZHrv@dl99W|C~pf%gD?XY*onD4d2EDS`DI0
zN_(IklXWdYo&j};21D33o&cFkihyG?ZYZJg*|5eafY?iw1AHxder~e#nBNyxl?m)>
z`}9e7{nQ|up>-W^8Y82T7JJKSx8|?}?e#^N<r3yt7{V!wuh%V^3|+P&TgbZNQPYk8
zO0o^#V0l!_1hU@^tcjuCit|UtX4zE5R;G|~)AO&H)tawKM&SHGQ5=K#7U<oCV>MtG
zVnZkU*JBX34T{NC6`Jx;S1Y_5g*|Ibm%H95HIs;#`bAACB2o6i`1cOOipe4?eaWr3
z&NJU5omqYGou2bnr)Ls*HIFm*PRt!E^FCydJ@<pst7qlZ<zcVzdDrnBTK_Ug$i{c4
zz;si>BW`it$$<%(*0O>bLJ7)}UCmtN2UU^Qm5rAL>*#s`Z{&Q3rpks=)R5cSasA)6
zTfe?81G)y@cspnVj63Dmq}=BXUAi+|Q-Y1nuC_VGf)~}Z(;iNhg6W*@Qvl!r-Ed<^
zPPo?E(S;p{*r#w*p&5oJb_=G7CUND?L|hH0C%Iv+U37nEI*4Ks&+Fs_8|$yVEX{X6
zE0-QRqlX*eR9=OIwv6Y$V<dG9PW4`fAqtt$->2XVn`pW+%@kw{`l}=2(^X`9L)WCa
zuFD=5!EZ*d!Gxy=j|~ZjHLEAq;L>*4R{Wqf+~b<-NfMl3o!8JVgt#(@=+WnKz{E-l
z5X;x-JY%!PQnk@OWqn~vp}XfzKP%eQuUobd(x+2f+_2v$`Wu38S$h6M$qFmY{1vsq
zj3rv4=DcvMw{WU+Z$=94<z4CKPpMC1;QXKRV?foeF0q8>Jn~{E(R0o3D0HQ0hUe;=
zi)z(RDb;Vv;~Z+xiuoxg>Nf`aR<HLyevQEn7R)8@V2{^)ON|CFVIbEhfbmnKCgl(D
z-;uHMxgha=1GsP1kLnElj2UV1i9DgV)kX&0i2<OlYwX5^oH^AT_>73x1iO6mWq92j
z%=8sxaD1^^yKzk~<?dC%H;C_fZ5jrMgVtf)^m*WeBIy1q!V?+<g~AQrIUZztw5*{>
zh-fG4Jm2>xM3P7Z8!QEwwmk<$;~BIoH;)Lw(>7dM4K>9i{tih=lTr)}cT?W|7t8cL
z%<Zk8Msn$+bGC?%t!sSOWpqaR{<kosjVNcT`T%B#iuy~|Zj$ap&g>n=Q%`~cegmPY
zQ_^8WEQpd<Pxb2qj=7@x<O7#<`qLm+68=uGcM+IiscjNqm}2_NCZbf1e({0Um)(u-
zKsjc(Mi+}i&T`-{v8XgrSJZLHp=^oFjV)YfC;;pZCIk~0nPh&(gwS;O=4~G|UB9>^
zI;WK1f;r<@eVh*zR5q2I-L54frTXRZ7X|?EbtCJI@8QN1Zcu)DK!8g(91Z!rHRf5^
zkf<hP=+bbAyadg_!I(vl_^V#1<#P&+QA=>|hlskRDk3?I8c40WEs^$HTc|0uzpCz)
zF%7`NV<-;Nhau_$*PAl#?F&dpQ+k@t`j++RqJMqrkC?&w?+{>)9valQJ!57sZYdW<
zLl5+#6nZ-5G-FhZ^&qDt(EQ?2i`5^1>WWsPWdzwoF_|s?e2FSsR&4yGJsP1&y=n-J
ze~=q2e8+2Y4PkE@vN@w|^WM#J1zI`uCwgZDl4u}|@ads>J};L3RTSFYrESy@1wdO)
zfR;UINLw-eb-`Ct-)|=8HEpC7%<q92zS~PF<x)p`#q_Jrw;h=v$E@fYec!uPAWI|D
z%AGu2ktft#*7xsbYSLud!kWx`9yWZ3${90r_aC53XbX`7tr%A7k~S0<BMwG0^bYa&
zE7NYm*JLDdgH9N#w+aXnXF_54ZiD3ChJjF0Y&Ke{GtspOb4Q4UPsM9mn+Ab|+ku3s
zCV_<4isY@907PYZg1TbOn*N_Lc+=w4g1^f{SWT{8wZWye-13_>RywZVhly#d39SiW
zX$lGTK(nSJACz2uE6!e)<8;Qk^P*VHb;${z+|56wZd6q5r|I1vy7B@8Z)Ka5RiEbW
zDC@e5rbb59R%gnjFFONWbiFLab!kRp$SKus<G2(ytqB*(7*QnTl{ZFTa*n8J-S4fu
zcfOln{xQD-D1a7&@V~#=rrY|;5|TZ6P#-v<y3EEVkH|-60vyr?dQYPWZB>NYZ(5CX
zPzkL&30p9d*pY4UVWrx=rSv)I1C@P)Y<?p=#&P99jW!#2u(g^ERt)ilz-)O`^__ZL
zUr@T~tscbG%9H#=+~->4snFYw!%!NG^GLJ4bZY-m#;+>cw^UYbZOzs?eIsd)T#k@s
zn<aEF{_70nDZrZ4oELl1PRN6<k{;|zx&SFviWrKaR60n^!(OGTLR+av7fH2yawPQe
zb?zH}V}ow7zgoI=#-N4WmC0<x?L=Yw)k4};SlSg5PPVQ}-}r1<^|3U3VL%Mm&v|ie
zG)C_~&8y;P!#p3QDR-DT<fH=|Rk$rZ&|lIOPq)=H14e9Q5l?~xorbQ!k&6}x$RPPM
z1d-zSJ#AHYu2=>(sPQn7q;9>Tmw**~LCCJI&)kwX>fIWl>mS;I1K^F}r%`>(SGJ&|
zfMkjq)bKiW1G`G**4zEqT$mWT>8kmqOOmfAYT`JvUa?n%TbMq`Q<u;}psdf8W8AGu
z?1lNE&>0r0Pcth|$h}o3uqU2>Wa;}iV3DQTQfq$lVa!SoqQ-@FpVM~^LJ?eYn@Bli
zvxnP>dmXaFG5s|x$Kl)XB7wAV*FJG9#m9rw?Jtl=_-6_kFOVnv7h)qyCR2Q5o(LtG
zm&ckv)nnGHB>q3FNcqA4KC$i-u1lh@$Kn$XOZ!vrVFQ-3_H-Ogps6&c%&Zl!%?xjK
zX^=DOIv{llsm?%e39)T9of)mRL`$V{IpFL{cir#A+S#9gbxbzJI-e3P_lkY*4|=|^
zUy-nl8}1#9S!_@fB}=N+F$v-fF+<G=6b(5tjif*OZ~uA*#JKEI?ylQR51@;UjxANH
zS6Y&#_hH#(#^vNQaMR<W1=af9^nLV8zH=x_^*cc(N(s;folHNOv;eHg%PlsIM7-OW
z7Rh!Z8LLFV5Nhp_g>=4CoM<}s>ZpyE4A8KdXJJdB{gDL>nd4-ESm-EYBUSmVG=#Fe
z16?Q@;fp3Ho=+KyVr!;jDr#<;X|jk)SRv6NyN*PRReekFj!Tg*u58>)CL7sSI(Qh0
z@>8vBZ9uls&`iFj9$@)%L<Vw0EuZUxt+g<*(ns9wGh&*<OB~CDTaHayNkMANH9`|d
zyaJ&}H6c7zcE6r!2#5D18820^K-*s&dul+IENHd?bms6hcifgl@iqvn9<*l@pfiqs
zk4sUw`Nk};C*-W#l>(&m=8aXEKY4n{A()4ez8iBNcz82Ce=g`pW4D%9zt7%`z4DcW
z)6haJ)x7m(n*J8-dPEEe#vpyxAtRJd9wVz&Vc!Gysg$JYp1!25)PPe9sb?~{@wii#
z>J=unl4`ycIRBE=AKdRuzCGb`Olk+G7Fy4^4HFwh;VDVp-KCa~u7A#}<6nP)oRM3J
zdQlbJxo|M7mDn&ARG&57;yG%-`81QBB_5efm@rIRl9y!J_(+Op?qC-ATSir2|IB^#
zZ&p-@<1b~M;||rl3+Wf>_NwWJiqWyZH}WBlhI6LJ=YUXC_LT^g5uUa<hauJb{j-xX
zE9vH@%8m~6dUxyV%8N|lL<WobI?E=lIm38W0qw*JoIc6!MfABYaSdy>dt3rklTdcL
zZHU;jD01j!<l^w}T^%nSF{aZWoo946mlSp&-%Z}@6&rFPS9fb&)Xi=002}9KqUqPS
zb-wZF2f>PtlgI(IH|@RJE{NcUulS6cSg;%uzu)Q0c^66vp91V59*VsmFt@sKJB|?6
zu61Y;U6u1vD_ZNP4ey7W0J3GAZJPj9BPgbslZc)b6q@fRg*K@bD=1Cl;ySzsM)fD8
z=YOZmWttMD*7B#*${Tf;SXX%K4jmN3Pn*5llml_N8%!gD<xNE8%->mU5fMu`#8vom
z!JdAO!DRrvob+ga?DOSDpUzBbK1XV<FLCHpTeN;FC?uH1Qk_;V@zRoo1rm7nsb_G%
zPx{Ov`Fx>FZO7-w5>oJ5G;4ra`+mQ!Kkp*6Ri1?A8ftPVLqhO<$fbnrrIP2t!&%wY
zG&0N!x98k$gAXB;0QXg(8<znT)UcR|r438qBrUXJ`D?#7-?vvG*<?uBI`~QQV{pF0
zX<w=ZGuv3(Ea`NvA06m6D2DHGf_HGcLHvwBrtA&Dd+MDwsc^s+XV@htovlDO0mC6M
z4X2qfr%3W$H=nUmNSc|ix6WvJH5$G7oobWKf3D1<>5YE@g{GS#(rP4a#oc-Fh=dpo
zoiX&Dnq?*0^(;RlQ#E^qhyp18I*Ascx!GXUsWmnsR!0!>M@u5KpA64ol9xz2r1X;v
z(@mM(qYab?TF8jjGOZ!4v5neh2jxMc$PbUqk+cXVt+NYN8>eQes+_e{w7pVB(2mC@
z@yJ-T1UvInaUn+6I>CMBd1AB$S6eGFv1_#O_G3s;cD7|2wdQz_&~Enmx6ItXV=2iA
zNf83z4@*v<U|cHw90v_`7iR{^rfOxZCZ~uV95f!;Rx)KUCN`E;Z<uPej?4|U^%%C+
zBG?71mIY+L(a=~*6l7;bklzPg-d0(nhV8Vnr+x)D_B3~lK$eV>lsKw;Bhyf(?3}Zq
z)`;dlea>VV7~4;{(rdgxP_bd)vNvuMY%}2H&uGsru`<m}1ubyku1q0Cs>+}Q-ATuO
zi=dP>YjhZo%x-S(%BWr@+&SbJXdJCp8OyFhS><&&$1E%^X<((QZVAL$oV7c}?X2UJ
zaSRxeRi3!PUR3!VC|9M?R+hlFwJyK+jP$(4mt@VO)r8-5)_C4(eAr=ZVR}A6UItSR
zZ6B4Ll>5>;0@YnL-KjwkpzF@{WG=iy_5ClMaZnHXEYLZnqBhlKjEh+7C5V9V_U|dS
z$sfZ?eh9xKHPR&?Nc#nKJ#J763Z|uA_(t1?OOPvdugEEmaL<~|ujr)o6Gh4P!GL}X
z+5cB@s_DKk36Oh__#MA8Lyv7%M09E4_%yM8SR22s^Zq+Iau(i2+hbSJwD4e_a&z8e
zG`lnf*PM0S?e2TFqM$EQY5L>i_hdd%rI;HqU7g8+rG$o^vNMalV6b0*CZR`19$hA<
z-oHV=M(V681FEf#^=mwuOF#=r`K1^T_R$#*<xj~EIyDcZ9)5={;CGYra{-g0NIo&P
z;j`bX9#hV~Lv)5aGsXZ}kCy=}^;J5c)|$0V0IX~xg&K<?4hl*b9V0?9wpTpb{x7q7
zyae05^(l9LJ)ks-Oh#o>Wr#XN+MM^KZX5z@_y<`eObcYa5^{@?sNW_Y$ESow9J<eO
z(g6Aoilq+uvJMq<Eabw6`xq?R)e5gA?@Fu-c0wZNNoWX|6L}*vPEBCSx0)D-dZWvP
zR};J8*zp>dQLj4gJ?5PyzWpu@&qk$W&?%vfkKZz9>`zb6ofA%E5Ne4bRWL+0(WK9$
zY9_<i4`#by#@*KsF%EfSmjR&T#D91CB$+?F^lrR~@SyxXa>YUEOm}K!%TGkf%|8Hb
zow>r4x-+2!tk*c1DRH5(UGxsnAs?5&)~jmC0EN9#lHf=_*@9(^+vKq(<l2;RW<_KG
zUnifEW?Y1czRC!DT!#BK<3776Te&8lUXILzFIbGXAFQKJSxHBFt}5;*r8Cb3>X&b$
z;}L31cy=nNRvf$Vu}h5V1r(w~rspzEmYt)9c8N?HbyqT&ripudjGL&TP9qKSH$Fp2
zHn-Qnnk7c`<t2-*48)Pz`}Zv_F}m)0lyPN)#QxW*gIz{OG+<JJ+KTf~<C|Su#Hy?y
zP%@l`abxE~3JqAf-bh-H%V=t*HaU#T+*E%fZbKjHaGLS-(_TSlJ^nd5;gU^4HP#0d
zyJ+5E=p8ckar?0$*e1zt+>0C*Qz^-flQ<Qrlc-qKZl{)Ln$klPMYuZ<ndCdS##p48
z$9;4Zmd`UEjFsR=lyH3byK>L*@}09;e}JmT0m5I$;UUyDR<2*NU;LUHoTSFjevvvl
z&-~Je$D<X(p!pg!%&4-2g-QO#Mhb1!M*0|HII;Tm&?@kDBB}Q|2fS_GKFoCN$`VJn
zjG}M1j5`f^rF^Heo1^ZQhrMwBs6n9V>is(xhL2<>ovG{?%7wOkA(amyuaf+IiRQuP
zM&sK4N+H=M>chwP#4p@WkY3M`bKh7XD!Yo<Nbk1<Uhc93<}XhpB<I@|PT}CR&_^KY
z&z=Oen3UrA!ceY;hl&A0`E?ek8*k~wRUs?h4&Y9!I>xWp9*&8;Mr~!5RZ2mvzO9=3
zx+o18G7ez{iH5M!HSAlPbTfE9lSgT)t)2Ofa$WsLX@Yt1Y#D_(1;>>Dy1KFAM1#3e
zTXQitu{q_ajc#_QIlVe|FX<Mf2<99$(P+dXi>i<`;G$US_K(~X1g77hy^Sv(V(hwZ
z?({B`M@Z6mC8#c+KVMn1`#VZC_T3{*27u~x6B`-FKBSNAUCou?2bru7;wQ|gi6<E2
zVLQrwp#uTUdl~Y{417*Q^6f?EG+l>H^^*RXtCtpsg;SW$^-AKXP3HAyQJWG4Ouf?W
z#nXh68FREaPo?%hzg7o%E+AZfqcLu-;Vzb3$`O-z-Ass12}==@=f(N7>zwiDkpA^D
zD0@P(b1g$!f8mb39Ihz<E|i0E4z83*CF|74I?pqrydKoghl}W%joZ_Sa#4WA=W|r$
zB#|E{j(Cb>`NeK4P}=QDDE7;R`Ti<|0g}$t?{0r{`eAT+Tc-~}9a!@17}9%iAR5+I
z_6)+FLgc8OD6kw)VlOSV^q566jm*Bd0y@&Fr&w5GFIPn$>B=-L;U#sthKCe(cz*NC
z{etgq*c_Mj9IFe<x*1)|w^=%_9|iUe^QD18S4Xdo*Vg^2s0FmZ8T;I)s=JT&{q8r{
z022Vs;tf2>yM!=Xi@qx*rS&)l>G1T>k_pYJk@<Hy@D1gB{tS*95mS8fGjhE1N&#dJ
z-VaJgI2GQ@-yt33os4makqlLoAju7waPW#^@6k*ohv+Gk)~dWJ;I*uq6}}0p$&jk!
z{zKV|${_HRCJ|n}u1sj3-vaxTM9au=7fz8QJ!CFcukn4CJ9<gzWemD7`EE1!N&3(y
zfpB&#a;J%|ag&yo&`aCv*g^YWp}0%?*djrow)w10{z*=2=U>)7q|%?L;J9hara$hi
zu+e1NHZgA56r6f4&sw*R=tUgL9v#VQ$^i4De&+1LeIW&=W^rd{sDLOyyBhBgO<|`^
z?Er#A-ngUlW{Pb>5VeV81S>jkZ%g-B=igtm)sMJjhcF<bqSCiyr=SA)HeS*!vn!s}
zQH5P(<8IiAW(x>AoWp4njblIkWpwOL%Po0cii$=lfi#5T2kA0SKO(4tn&ffv7Q)Hw
z^A`9S)T$4YP$=Uta(9vek19n9hy@9}D@wKVz?}9-A{fDdl3du>+TnPjDPTGY1t`av
zRmUY2iK*C#R26n^xaD6wA7B=`bNQZWG-Be;&Ut1^iE=@6cDbh+l?g2jFDNR)s4*6z
zm&|?|E}77)E%0YKdty^5`2b;i!_r2z#RcL)Xy&-fm4Ek;yL#cpryu_a|2|#ST%cYp
z!2J*03Z8tYY3sW8_=W6f?V%60CuP4z4X#R>7Cw8Y=_4dn?29v_4SamE9%-su_}KeR
zhnnpESSOZq^L55RvWcZCusxG)E0i$7J$_{&UDYm22j9c7b9r>x^zc__L7->FWg<^8
z2T9vA&PqUPP0(t&K%+^EMC24;mBsMExVf~KyHi~2+XEp&TeS|a3lPPKZ44!gC;ZT2
z-|rhi51;nR(YWR9QdmxL<)cW}FK3N(OD}Ect-~H>f~B#Mw#fD9-#qsiN>5n?YR89T
z$6rw3-A3JRbeD`E1lVp<uJ$^ri+tQo4#1a3Jocj*vd^WqMm!9VpA0(#SMq4=*0*-M
zhz%UpL%LNccG#@DQFccq<KnebNrsZHw<=%Wr*>sXCRw#MkcArYg?|hL$L4(Et;fIL
z5S}N?G*=hF3IKeBBYd?$YU>9b3xxb9`^m1G7DKYqnDLxFPlLAjf1BA1=_mdD`lxYO
zkA9oeVQR#ON4iJ(>LDB>)twTLaFW#CrIPbP_hsYG?TYMuT}C5H?`Q=?TcZlU4?n01
zDc!W<a~KRILgMvlAjyrjde^hn0kz}>KXt3Cq2kf80N$eHl4fr-1SySBZID4*-IM#b
zegdoflbn-v6GplNGNYt%LU4iyCtE{l*#X{qOFO&K#|zln;G6fD^5+V<%^BA=b35D;
zD+AY6fkM3JJJG6bVRY1`4^%x>EP4^$j?=WELfKZg1N|u~*U1c((kz&^jUB@F>~G|6
zF^wZbDj?wp%V?bB{8#*23r#ZxIX&eD2`7=y*9A;7m*Y^AXCnt3y%f*0KTh#9SKaPq
z1nbkdX^C}?pLwwyN8POq9Mb(%zzUn4HCBaVD^`W%(ez{1u<-Dj%oH7BzS+|lx7xJR
z+9dY}>+n%Y*>T}}=VzlKg&)YJO%nAZSq!4zY_~<ed;`jjMbbF;S|azxifaql45bb#
zzRO&31l`T-QkTu4OA`>IZiSFyfDI*V>^>e0(g!X@)6c8_c(qb`IX4f0H}}SUaeKOT
z=fM&CJ|FyzxIgFZ`9ncOR}zn18}DZY3r512W?4TwXr=l&o|2Zg-DqO*M0itZy^TWR
z`Dj@3M>IsR^6T?U7IspoU1l>0nok89$?;Dr`&sllNr^if^{~fVha=&!Bf-_9PROyN
zPU<kI)j=n_!%2c!`-!*#=3l#1f4M|uGybvqzdV-)ZVDJaDMD(%+jqQD?(;8H`+5@j
zVDX8>ZobI-o3kAJfMxhFlxnsTHqr+53T$w-GAHr;1$3jY%yt^4qO@)rED$DDF`TH@
zy3@C$DoT0S;K=5V;`#C+D7N=3*(<E~Ao%Qyx~nz_WVx{$_|kl0BwD(kW(bAfTnLgL
zVn8>v@S+%1K6e`U!tM4CiV4P^#Qe^fquW$jx+<d5bU~u@ZwptYiE#^fuRd%d$1^aK
zVQ5yclm(zid~y(T-#v_|G%Gk|lU}@Ii>Tbb1T3Zf2gA%-6{wn|E7J89CvMM$-7p50
z;CGbjpA>gR>%Sz}pW_&OzXagp$}esdFlSbUv-Smw&SUFNf%ZC3UKj)U!4Vbmf34DY
zEYR6CnNRU_`+;yL5{4tg)Evm{gRWFPapd(o<XR!Q_s=?^4x0B3h0MHlc7kU?>Erj8
zSr>pj%}P4Wz$OYIGA+&814X4AYQ=o<-3(nz?LsmWnw8RyNTezQUB~g)X=~}VylHXr
ztm)rnsL|RKD-r!=xK>&_1Gu?Xk|3}IDT0_bvnlyWG!J~J#2A8-+83AHk_>RT`>{n=
z$xOjN$Lqhx;S+;lmbo~}^*-uabMVumPS)y3M?L`v#bgLSq^KilGf&e+^{I>M?^yiu
z9W}aCf4d@KF0Tmp%_uMQxIYs0Q@ugR(UYoPD}UjfR@ZtQ+(p|&dNmni_Jdm~?bvfO
z+DJV9_PyD-p<U}u<45J?d9!QU@qyT&j_LjW14YRQMNpUGOLZb;N8OAJy!qS3WkTfN
z!%|WLY?h;t4-6b@i$%%CfVQx?E~agg*oA`V#)PUDvStOM{GfstJu<dVRjVjkxB6+F
z`G&)Z6&KMBYg@Ov!qft%L?=p?Uo$H165aSeP3sBKj1E7bD>x+1SRR2(MkXAZ$g|-<
z=8hvuP{r19RM{`084brTMRqM4xxRc6<k;AuIrNqP$L@V|z^o`l#-cq06AE6=M*1Zl
znjhdDTc91Jd%zX8(Jv~RQV`Czs_-2E4t^6}ArgG7@_e|?>6Ocnr~L4v^7g>cESG98
zru66OhLz>!ve-s=`zeR);QPYAjfHXV9uO_XUt*HpB1L($7>QF%X7AglISv_J3}g*1
ztjVpZz@8XD;i*qTi$rWzY)Hb_hvgvd2H$~rt0gVyv}CW#mCQ@zAq^H+%`@bKU6N&h
zu1;?T>ynJz30IXF2lozc?lj`)$KT3ETg=9@nnh`OkKyDhnI3m*A+s+twM>I#r{XF)
zF8IQAa4ZHlNZxVR5q0_zbP=+q9w4qWfy_|blJKF+nohI$;jMxgZXu=^jP&>Zvs;H&
z^L22N+Y#TKeTx%A(Mtq1iVd<m_;{Jd^93e%e007o(=qswkWJw`Rp}(!lu^BTQX_5@
z9WZP=7G^?ut8pk~(vm+zLmO>tC(~<jVgtH2J>kb|*@5h548&Rn6NTvfFF!;N2h7B8
zDxX?A<B<k{GNr9lT%CuA`JuyeLBZ%&qUjUw{x9!Jh(jVKqVE2Z*x}0{*hUY{)SA-3
zYRCL%Mn)yu_2(yeuBZ<lyL9={TQsTRH$3+ilbE9}u~5v+&vur)<ZEiOB1&p|+C544
zm!`X*^G`5=@y~gThTvz##k>mx%(fK5!8#9YCPU;~|4QW9KF^lZ*ul_mtAn_~UPhQg
zgivfc5xt@|<4Fgui4Rv%2I_j3_H-Hu)9`6%trq^lyOa}f=ctcCf<(5AP^WGp$5OLF
zi`bdg%)IORj;%dMj!9g0a)=6>vQ~AN^jRJHc3r<+wO4s_pu^$0UsD?Hh2EPP9an6B
zC>Gay)u@_kmvby4n@e<Ev;x&ln?bV2am5vv9S<@Osi~@g9ik;o_G#nX_`K%Vec8Yt
z8_Vy(=!!*`k3Z5aDFnVX;K%-1!`TmsdGt{Hl}^jLZXy{P`YN^B`6@Mxqhvp06m)cR
z`M4lM!XWM4IPkON4x+dOUH6V11Cn4Ak#4`XFQ~J?UM{k4<I;*9ozBT$HL<#im0i=)
zW{G2{eRGxg8E-^Dcv2Y8TR5veT>`3r@hvWK2L3GPXQx?9rdwB&n(Dj0)fSuhc7z59
zGVE$fK4!{|#Ma*UO_rm7BYt{pNW1yVnEq^U>p6^xXMQxb$pNOl45Fa0*h)@gz|Gn2
ztR=%Qv2GGLg3l+?*)#f+FR(e3>bjmGr55J8T)?mn^qewQw`t2e#%0o&{Gxag4{Wdx
zu9+?u8FYi4?sh<f@u%lWvCx1J_}A79uidGjkDr}NT6^@$tKs<k37c(}LY72EgpE~t
zHAIb*Y{;uFRV$#v;tclm^(9FqU*f<OJ*xw=@t9H+B&K&;HgEa#_AugK8Jz~k1d2dW
ze)j%NUxw@#%>G!5^k{78K07xcs?yTp)~B7Xbc*djd3d;!Dyld{ETB4<=^Q+A^q)S4
z$(uzKFRG)*mqk>dn$cOP!<h7L-0@z%YJOmj%`#~ArK`8~Z3*uT?909H|3LtKa>sxl
zb5a-xi9dU$h0Kn3VIN@XUiQ}8a~DHqud|TlY2D+!W~iD&W-piYqeb`iT5_p(n@CzT
zlMz2>qWwm0&{-75el?dK|L5KkblN)}Ags>kzwS57Z$a1B+6xpB{)(e`Q%4pgU4-T-
zLNiV*H}E~!-l^Ue%yJG3sc_H$K3G_!X6BZvOnND>FK6H(NXKEk*WmjNvMzO-E%p<%
z+l)0KN<!<EjH)z~t=|u~8GF7u+i$fe7QL8ACK*ul_(>@rq$?pk`;nXwUny<svlt6+
z&UL@&aD$Rk%t$fNnQj1as%?D%LWPa@MrGWSj8Qt=<?1}IXBp%5*v|`$2^!pvW82+%
zv){5fLQKz5(sj7cRwdL@$jG%-44j$ek*m*@B+u@Ap4NEKq(0-}&*_~Mu6lb|D5V5g
zxuPgBhvuzACD?I+>Oft}m7p^sBtojR4vEh+-cSCDX{3ri%&L;zNo4a-${&;U=_`Ds
zrnHwK_>Pw<R74JiX;H(en!KbgzX{fWsl4{FW)mV-9Iqhyd+>!|3ZJF@B1EfjmcVX|
zvvBkOl91~HGi_vwf}!$Ln56erJqAM#@>pK!tctgLa{YdI^1GwD-F;d%A!j^JlcPJ|
z_o5~*-bl6Q<K3Xj=+LKy+ai~H)y{-+eDo^XhBl_xx)t-TiPG~g3bZ_F2zSoy5VE?=
zO0tQ}SqKQdqWi@Zj8AkahGMJ@Wwx@A-qQCFo5eMKv{u0?D@bLIF>C($dXfcC<|7`3
z#8Yx+Iq9UrhrFk=&@FnEWPooxr3g~XjRlsgfc6M;89xiG!<B*MWHe=Y87ev0p@5JH
zJh?v|@s?5_&8Vn47<8CQl3SLNg#rU-7ZerUC3V5RHgn4&-CQSUBwKh+J?nG<m$cg@
zIx<gQ;{TVlTxCOyXheQ)3Yb4OIj@R$?&@Fi)u6T6w$)yfv9Q4BQ1glzluAZv%Jmu2
zdfmO}3f(mbC)#V)D5us})QE5;)x$Tv1FTqBY~CcMXb1yKNO|-#A;z!a#g1le75NIN
z*$B+El0&*1R<;sh^>P=q2$nnMHEnGMuuLDCB*5R#HB&!SpQNqk#)S;!S1UCTt0@da
zqimzkHk>LvFT>(*O#UzrtKJ3yX4$<NX5KL3yQ8)mwa&I%N#&cZELzWw887=QZ{@im
z33+hb=mxl?t(SYpjPJtmw>EZ-sj{jK<2FXK>l4O>N4iLHe2kAXcO_6KlfD7g7Iy#Y
z60m&rN8^k*%W;?l!+vcf#WrF*?@x(fZr4ynNJa@oW>52qI_GeTs`&UieMa_FHDR!(
zKD}TU@+ne5utku(d@8CH>-z3Kcb{byPiD_-7AsjO1{#krpbvl7aXOodizskz4TVSP
zx*HS5YLUrs)yk3|eBawygDkBzAw)YiytY_nUJ)?~0uCBM;G#(DqdX;<=a318^T-vw
z5PqkZ;;mgW?<S=@sHSwQ$RL?fw-#D-q=eu&{@ESf0r$#9#nPv4uyU$i=dW4Y4@fn7
zDUmO{K1$z?3fZURV)s?)5rftYnar1yYOQ3J8==e9(-`0?buuilhRW4df9;n;NkoTK
z;6?hM=Wy*uul7(3&^9s@#&q+<$if+$P#VC>XRe2O)d4U1J2gyQ3^x%pYQ8_gA%6Ih
zzX_844`t}p%#GIK9o-v*ER`T0L&sD#(mq)os(0u#>ntN;qSYCO<|?5VhV4OG9JqvQ
z)qGDkIk7tvA1GJ1v`E2_iPvd9Pc{h;P0bbmpRv<o#KWXN0O7@3TE9EYI$GFpNE*^T
ze+qgOlTb|?4y#Aivc<7-_3@qY4`<$-E}afS;{iW_jroCs7Gkxr^}M++0}9CE!DsbY
zS+?(?2D%c$Ag1B~v7pfG%{(6m`#`fp<u6^5nTh#`9I}-~;W>^r^Q^c^s?%`gUr=})
zlaVEjl0JxvXz=99#EvMi*7G<tS>dSRo{h_xh)Zn7FWSNM%cwuX(mODD7p$-Yd*Eip
zou^uyz8Gy<LK)$|;sZrAATG+OgL*_lEy_YwZ8`*QaUHUIEKaigfMqMQWIWgFQ>s+W
zwT4>oLTef|RYH-q8^>N&Nav>e2xVxq@)CQppmZ;66^^1nc7O-0fZe=%i<>_teegn}
zFlZP}Eq`OT?#Qp;%W;rv5Dy5;?#M;?yB90ZK98V1mhn-RJd?)sti~uQ(g45XU2Cu1
z&TDF(>+Q?Qr}joc;-zm=jU~}gTq#3>*MgD~7Ebo2tuRfTFCpf1v@?wPje_dKX;fQ_
z)&=*fOE))|$N4D#d<sq-HWGWk<o!pU?9_x`pBmq+_;HlvUwz?Q2rUg~12!9sgB6}s
z4%zrUn^yE%luh$~>eUvPVIn@JKz^s=`V@%MCW%^vSTPaj_l4!m70{PRp5f{FYd->j
z0YTI7g6$tYIgLC~_yl4JIIKrV7lM;+J{81J(ZtJcCv6rnP+m}LKxO7KtC07QR|X48
z{o%Y#E|1dHM%GAPT3|kn(`d6ju*)6jmlY*DLXYlMj^(HCa+P|z(`XSzvld-#=Y-Qs
za4k7&?Wb2f)i@|IWf_ClPEHv}71(N@hD?JFu9EqAQfeY7tvx5JQ;VxF(~nB9od(U@
zt3$hKWT<0^`NiLo!-kqeZa0~9qJw#Cr4zlC@$Yh|piTrYN4*t)EtN?IUH5`~a+&af
zzlAZO2Qe~wCAv+fHS1_ZdOhJ1``H(PKFGw?1o;w9kpwdPpSL=3H<c6=ro42vI%J}(
z>XshlHOReKe39Y?w#gc#M-S}Vf2@ee4k2_TN4012GZThRsXG?^katRQPs|}Ep9kim
z9Tm`D32@)m2n!)!r3CgY1(bl&=P$lj7DeU9=PeFds$kYG#uw!?8+I2BRW7x3U}6-6
z@Fiexl8Yua7{1x*y^i{HU_5xhgjp0)O#8a$n#-?u)#Kyy%R}=9T!yEqsWN%dWqlWZ
zf=(yP)<c4oNNsm3K6-Z`tZRO2S7=-Rf3Ys7<?c&(@z{*LQH1BtoYuit`>iq>mUGhs
z@5{n511H>Q(tk#!YI$7t5xGjrzgbH%OE;yw)^JN7rBf>qfR6qz+y_RYCn4D2164FF
zz71WJKX5Zjp3(qo(EKw2Z4Q!|)Z2_Xj3bd}rA`zqh)boTz$Vs8X|~EyhyO~*1!}bd
z3v9K5G2HHSr7Ch`u#pTwU`7P%VO_#wT~eTzFQJ`V#59ia9XAUEBf!pArXRZbm=39g
z!Enue9w{>7Yow7OzsZk2Yq6+S-ueTT&&{u~+0wEUF#!^E;d|rC5XY368(fLZ1Yf;p
z%eI)*S_rB#J_x+UIGDN-#csfw^rp4&0mvXPmQE>C(NQJDUP%1h3n<%m8tJ;A9Z2bB
z_#=+v3XBqA^H2YX{F@0}Q~}UqG?z#|%MGfS4XU^S|0}y$PUHu%A#>SJ_mlVgCXy2u
z!OMhlPhhGq$lS$<8^j`fJwVuC6bPEBP9lY_j)g$3eov$Z-)cIN7$wEJ`Wb6K)uC9D
z;GYB=wnvB^mK_9*Zk6-hLLc2}a?2aQiKw18cT{GumaTfRNjYdW_-+QG)psx73iR=c
z2o<vjY4@ergniZUq?Qu$5C1~yp-;Llf1}qg4Qd&Y1X?WS^S_UkY*4wBwm7te)7jpY
zc(E;bsMRc7{nIg26G}`AnkFH0vf5?IgzZaVMpPF{avDdvl10P3p=xA|<>V+}B{Ew|
zewow4oeWD<<BlgEJ(ui-peWA|WOwS0resT}W!+dnorLPpOA=8V-ztsRRBh0`KmFOZ
z=#rg1-|jK`wD_GcX@skS02W0Z2g|)t{KzipRD5s@UZ}f(6MIr%jcyxp10fGGe$0$b
zdvL4YX%uwAFXc({90|&i|6Z2UF>3nzWHtmXMipuor^qgiY)Y37gRhd`sR()x`yc7j
zk)7!gud^U(e0>GO3bFW86Lz_+KV(aW6*T2|ynlOVizt4M;ek0BrdTE}Gh{%XRdAHm
z;KynDQgr9tu%EM*vK?7>XItH4^bUFQJ+CTQ#Qx6&)QKV4Y~P>eh2lrs)1CTY$ouN)
zlQ5*n9Nu#)X`FEWprSY2KfG79D)f?i-l@miot954OtX%!8Xnxs9-Y)}Z&)hiU{M{C
zR^NL^u<k!#N~}PxP(?dnrg{Kv-*Bem0g`)PZ15%w8fe#}vG6%K76?vu@k=tNXiweL
zEr<tN08-;5DqQ0wU{I%zplF?_d<8JtsuiJ9S$jglBKWJ^{t&3S`b+EOR@LgTWksH?
zA+yPX&uY;*tL&UzY1OU!J-L{>k11*xQgwC;Y-!3hYaMQt1_uO|xiS01OZsYsIgUL@
z!c@OdXktsHsN`!k@>zphQv*!=;o>8{#*-QH8}^dllJLhtgA(3-*ip*X%BI|{%8x(*
z=@MTLQ<+Ct4Q7y^n!*y^wFa3q_LC1)@_%KUl2VLCtzGpDhigB6rNhIWWV2T~K2nt4
zWQuWRZ%(EWU`cijZC#=mJLH)?EWpd4$Wn|NTfUeOVE#chYO8BekF|~;mg2V@B>gxp
z<yk)MyE~T-3Ft<*T!&Y59O|mT`sMQOhYI0(<tO-ym|}R_w}D9<Pm5oppLhfU-{(&w
zF-68>sDydq4TN>)H!=Qz=n{xE7V)?;@``V}U&&}Zn~#6T)Xl&YFzQFra>1$})`68c
z8$z9to`QGSFYrYz#pE{O{;reiU58<RsOjM$M+#-C4|WW|jwu&GJc4L1=~p(iz1~o^
zr-eSLe)Euf<q%5rEVHKNng2s1vA20@IG$R!e05t)D^pv*PWk4l_t9};ns(BUJS)Aa
z6m&9EH9J@py{&d<rbJ+J{sbSwTDj(_8ihSsIto?pp?iPn8##G;AFlid8$8%ELh>Aq
zY^w$YZCc>nwM%jUt{@t@GOTdnw2Bfc7`MVeFg8{8>?#(ZZjwg4`~47v{YE7iT%Z`G
zlp$FB&Y6%HWPU`5cC>_?^_2)q;4?&!WrH~YyVq1G)3gD=9HgcE+ae+vj6JkUE=U|h
z9Yr(yzHV%`U#n_p$)Szu&dWEhgwwrpXhxL?_ZngED-l7s>x+Q);N=S&mcXN*OO_{F
zq2z3QLa+1+G&RSp-gb)^*}Sl3wu}rFx_}{^dxAk!3imAhD<-&QA-#IWkp~F3?9L`{
zRKRt{Tn3sRoksi>`2VT#Zxvh6!%|Qu5PPL>!owdS(=93e*pK&>zHS*}r?;;2eD7p-
zA_+Rrv>3CgFm99n-Q5E8Me21(vD-+KmY=7`?g-Gs`w5$M7>3X6>8avr?D*T7HZ@f`
z3u1Qr<17dC@=QmOxflgy*p#+ZaFNsyi+&3TMaDpT(9@?F8Hm}XxR(GgFuoQNfD;k9
zWTbeR{i>Sop-M#ljxxF3QlpmULLAwJCCyV$)SAr}4pE?He7z@_MvidA3Q&^Dr$Ssl
zpcWzhUgEuxoi~jwMh#1CBp$`mm!9CyR|NT~5*%bx|D{iDY3msc*HIy2G$j1h-(iP`
zt-c(ERiA$~f#*Y0WmwB!X=F_qHGp7VQf6-|^4)arw#Za@91=(eK(f8Y*@Phh+=Bpr
z)mVV9-2Hws>}hR(r0G$JU%=|*?=eVnq%4{?esv$s1D~`;dJ2A3a;)mKHL#^C*^~{I
zV9_)F2|-NH6+NKFLm*aG9EFhB<UNHf?Y@Jrlfo;e4J(IugzqefOJNR+_?9V1Wd9Ob
zBoYu)IHTZKCP)6cIIq&mNsG}gF0Q6_%&VZnH3<rqp|QxmHLc`$5jM?H;V4IgaYG}%
zSU=+=#!{$;tut%7zyYbACw)<6U`U+jm`OYcC!)r~Ov01L4GIQao61I)4qdKF@u<Q!
zYLZyH+s_T8)r#KJqXwSoF^`%oLstG|>1kZx&C9r2z%`AOh)9+vR-c$>^Y3u%7v7;X
z_m@+By&qI}AumGA^xvGEZjd!w>()TcZZIdCToji>zcyc?2y{^jhT)cdhuI>x120{H
zKZ_*EJ*26G368V}&fql-KVG!+7GQ4GlkS6Ioj8KxJh+8DtdUz@r3NU&FC)3$mK=4k
zIG(G8wfOdh?IE(Ywn{G=8$!)FIVDz3C_7C=R9>Vy$w5X@1H1$Ny@7R#L7jgupuxZO
z4M}|QF4buQ3`h(3q|dVuKh}IiKd-=HA@(pL$19n%`IRt{p|MQA6+wDG0ealT+6IN`
zs4r!f0&!hpULQ6rqc<Ha${FQGlSp&VV>~i8YlZ<H$B_K04)^2wOts)uKSlIvR;twc
zTFI96mk2lTny|06UVz2@9^~GWrIGx4cpQrT4xa#p;cnL-aL{Y2<j7ZBaGPj2shaKp
z76?IC0LYvZj}7jUoj)XqO89zHitYwo-Ev{+(Nle|kYK>L6-T<Cgsr7xe9FQCVJ-O2
z#FU5N;DX(!ZJd%*smUB9whrGIDFew!2k=g1VXTNKQ{p`YKh2)Qi8Uu3ETpnx%1^{X
z!Z3P?x&EQ)_BRRUkLDo!am(#9F=TU@<a=8LGV3TTo%HSp24xDHEb}9zH4VUIta<_E
z-4{6&9@LWZLr6=dI$yf5IoP~*DzjD1UJkL=I+G>0l>&C+7U2x$yF(D`;Zds4P^lm)
zAUVpDZ7`WMJ3aOF2y?WEE?HPqX{e-)w5g~);9S0UALD#<0<JCMIOrXYd%b5IbQ+|4
zq_aID4z8`Xw@fs)G+8-pZjF2SvpgaK*SLUY7wOJ<47QOEa)r~Fs_G6}mJaZZEjIQC
zog*o)l%^NyXR@#dRsuZ}#`@nK)|X9rl{tgTXRPcOjxyPXDrc6FLWyRYKc{ek4l?Cz
z@r`T_>Ea5Qg74R5UA@I!B1V{VLy}4_Cxrdeci^_EgN4Sb@3>m;p6K^<^aBENWLs4+
z;(9e88!|^}IO)a*m!ponMHOAF?^sv@q;^N;WKxW~WQ1=o*N8}I5CnAf^iYU0$m;AY
zXxA8ui|`r+0KP{Vrwrj7um-th7*w*Br<wTA2N^_NfoX-51=frjKa%SYT{ty5;q8lB
zy;3_}^FqUyd*@91Hqr1mA}XLCW&~jx{8b~X;{t^GW`-reoKY}#|2^G@04H@XKJiEy
zZ|{n2NxgR|QUpHBn{)9qW_t@%mP6vV6t3`W?QyJ(#@YHegSk{5TML&~sDc`{a1tR|
z0pevzAYO*-=@$F1^&E?njtk#iMw1hjw7V6>PKY?(95rJl<*2)w(UKltz&$MP+a)o~
zkJ;n46O_dBIWh9uMxF*#ym=@GjmDVX5AUUMZRKL^Eh5xr9Gt-lz}qZ9{4Xf6x5Z!(
z+HBuXU?63~NIOQAQ4$ajLyolvB*IN)(mJQGNl&j?mC3ST!YS<7Yk7z>Sdk&T`a^0=
z$SglXU4)Oi`xgW2`Ie8ug0DcIj{?3~N;^GBY3~Ga#JRxsZ|1dh(zP`BKi`{ooZZCo
zn^Bd0zcUp&<*#c$VUX+RYIPd6SL(7(3vYr6iwqE516r-SYle=^!c|b-O~eueo2{Ok
zh%_Hj;cR_dm%+z2-%o>Dj3@nm7yaOkAPkfj^sRkvc2+gir)@EtQUDznV%Po0Xr9yT
zFrfk(Ek5dqC9x`>jj<3~<8+vFQ-1l^TA&BAlYVhzbM}k&8_vVCldagQMm)*jLeNW$
zvL&9*BPCxnT2k2&@gt=%#oZ0TzdJ{|==QIah!1>wOS2<}3J6{#CHSJ@BP)+iloy&C
zFcdw_Ol`o?K=_@#F{Tcc^%iJ!rV%>ywlA8VdOxb|pU(;USQdaMhroZ6hMp8BF^pZS
z9{zP;nm5cpzQS*nfab-iN%ot9a$5w&=}+R%)OD!%)Kx3a=ag`Gf}oD9IVekI$nLEU
z9&*i)DwSR-(g|Ym(7Wy#Dh$Du1>7Bi*r0rHQg9^r`a<DrjO(4q7ZfRMstr34#Q}@b
zGVkg{q-M-!;7?AFrxM9+R&EEU%WrgSv<e5|dBdboWJ_nw4`8n^tmsO;^5o4>v$Pgz
zkWu&vBy#D==P2ke#Z^jD6-6>pvnzg5wl~67jh?iY_CkU>e;<si>VyHd<QHOQZCrJs
zxT$EVFiRnrmc?kp045EE3@!v_rT9b!Aaxx*KGnz4(NU~XE)HSIo<kbT4?@0@`q&pP
z+cEz{a)MVJwd$aj-v05c0Dk+98nLz<dbPMYgkW>7j0DJb?t(4Vp4Jg(lr{&Y9g$D@
z6`S<fmrP9=FJyv*ManZif>?J9W@K7S6XHR91{In;-mzO1bYI@kn)q1sH&KV@+OtE(
zSu|U?Xr@=fuViAJ;0t2#-!!@_<Mu9C<FqNHV&wc{(LWLzg)!qO+Q8ri+hTAj#k=8%
z$N+WyUz$C6PPD<y3x?rn#2M5|I7A~vA~Y)j7D3pi*bTXEV@iSfpcKsY0E-OlA)JO8
z=?V%%ZNs^*KEwQ~416)5n3IytO6RLx@&CCtU9*s?$R&PR`qqN_ccC@zppwnJMY_Vv
zaLshiK2cMuw4Xdr)s^BxCl1+a7|!=xkcxO7qyl$<gbNtZs*ZBr(xx0$GM>M&ieoC~
zPN+syc}Zn+xWt3t;uXI)%t0+##s1d<Lc=qIIcd5E@ld-2MLGhh3U?LB!YoC)JW!OU
zK_u~t2*4Pbc(fwj5rSy&+Wk?OVl^mIem=sMZMmm<PQPyAI`nvK48BsXR-x!<77V^}
z{u;58;ZNf=&pp*-QjtoeLV~mo$>!rJ2OYR3f)3?;q!5&=rBG7B-p_d2?stU<ay6+J
z6qb*W*gbLPgkJ^VMAUJQz9`wMJ1*3hNMwTLIC3Af@7ifLWBV>t9T|}7GE8*ff(kZ0
z;GFzr;Xg_PvB7Nwwd9MeXrA8Py~ak<rTwba6tq-zpNs5EXj@`+3lhLBTk|a;EnD(W
zgXbVX_{KAKtR|Uwx15+X_=QdwfW-rAzcvmX*0TIYKsC8U6{M(?^M>c2(7FRBB<&OP
zF%2yZ$OEH)(a>0(<pQv54{|FR0pXy&20=3anENB6xE1723uTO*DAs=+1Z}9T|F47a
z`kQ--F($NTvCO*S6zMAFG${sE{_Ff?Y!{q{-l2En<%_7e(S6Xs9*Zq4Xa%>t0WHh{
z$%i_zbSUNov<+(_{|1qYh?7!Z@jh*XW@t^KB3(Nw8X%bQ22<Z=hRZ*(L>S~qa?3)>
zAs68rJ~GVL5my)AK0osBa+nZ1-+x^%hq?<ID9>nPKP!YW5@0M9UJBb-=S3m}A`s1t
z`>0u>SUK|(5#jrryO+Mr2{NCk&MG5-JQ-Yk&ru2uscV8Lb9@!zVyIG4-GuV^M>7ss
zli8}1D3cnJ{t%k#Ph|+8c+4@*J~mpIsY0g|ND=5)+0+Kifw4d!@tLCONz4Me72?FR
zfAzOXw}W&WvW-aM&cwokillp<ZfjVNYdtk=>HctzMT-#RXXm!+@^R0ZZ@VF$Tt==Y
zKuomSM7>+OO8tiDO);%E--#1DkWVJsohwT9#G@-pi9D#QXkPJeM8AII45o1U$9U4;
z)VDO;+}RWYXds&1{w$E8TI*d^Nc=L-#s-gOoYLO*>q?KVMx&WrXjGZH`~E{A*5212
z!@Wha0+np5735O5Fe(|GlB3i{yJ*$qc*C8kElw3ZJ7Vm3Gn#=PhtsM&Vg}Oe_u(T{
z%?jpGSr}O~3lde4C5Itprac`oK$i5B2-I66!?zj|O3F@wae6ayH5uc4s_wj-*gH!<
z&M^vY#eDoN&EBS$m=g0a#%@hLM-ml16q;7aGKvDfw*KNRS`1Fm1d)ur@ongQ`cWEH
z+7A3#|CWH5_J8Pl3!plJXI~fz5P}7F2yVgU;1b+}ySuwP!QEYgySoGk?(XjH?!3+a
z-dnf6@71fC!_M^VIqdY#&bIuzXPn0D$Zf=j;GmObhcEg@C+$jyUve>y>|EaJ9H)`1
zyCGaMwDtpISN!(}sFDeMp4!aI7a<=^m&*>^*lR055s4831JHI6V!n253C&t3HVrjc
z4TH}sM1VUZt6&<$msuW@_gnXqt1Pi(eC8ID*M6z5@Z!_Ohoan+-fkT-%~oE1Krx`t
z^GciI#g~3yE%1Pj@jSNU9b@3VW6w5DQ2y1+KG-Y%C>c2EC~KAml^-(hfShSW%sC<K
zm~^GXCY7vIFmmGCDv(n(E&dK|-tTJw2wE8tCu6WB*!rI|LqsiI;;LfR@iv=@?;@GE
zwaC1auuQP8tUp~5=8@kpN_u9YW*he&a9sUu6QzwS`=z;|*Rsy6rK1^;ACnT5d{h&?
zi*nUD<BxKgV{;cWD_$-Y>JhhP()-zUlLon@=Mp7(Z=$Rhx*5aFtBtPZJ?#tF>NUFW
zztFhzgv3u&xb=6{e+~Ejt!Rh|Uu3PxP0U1bZR^4?zM-6#Rvg%jZDb0XZ#3OS&gQ%8
zXF_IlmYay0Pd&Kem+Yc*-Wg?HQ5uVu{&ng9RMJR;Y~sD^Z@p{|vnrqeieXS*7Llpk
zzh8u1r)i|zFioQ~hPBBAy_<&<Bfne-?t*r7k7&TJj?HhPVm-kGou3HaAW^l_5CLx1
z@4F(0aHzO!%vJI2mJJ)SR;t-8J_1~gyt<v#fIo?`EA6!(;ui(E`hIKV{B{VqDMwX3
zo-ePH#HcT=TNlAk_ecd+CE|Bm%1wh3nf8(W_0VzrX?M>2s65AGI9n}ziOxFfjBP%v
ze6h%q1^M$&1JIw=iUf6hrBxUWy*#!EP$WB429qLOE+xvvBDA8X^_IWngR2~QwJP;b
zvly6tsC^#;V=InNZ^FUiVou78YVK3RX1lBJ>l|lyk9E2|$;iW06TOM=v!gOw@?JA2
zfAz3#vp=vB+v|v2y(L~g6M!`d{RAaz4#`E6vEr>ebl7BcyTbHrh5a^Vv|95&1vVwL
z)_bKYXC1Ct@+=Y&kK4GE6|BL0u8kSe*Xg(+9oEEJnLH}AO8j`S+!4RaLa;)pHWH5^
z65gF_xjhdPW6d+-8XRc~vD(Zi7Qy(-nGv(z;!((K`4zcttksO`#Q-vus*F>re=5m6
zS9e<j(am!Aj&Y)pzW(zP?8sCJrIeI-u=3Z!T!tkwGR*w$M-8%V4;_T(Z_VyaUYG76
zn(0)wqkrvRQZV>@>-kb3H6PBvi0&@+mt^4dv-0s%C@M1ByT6e18}*{)h7W;NQcqVX
ziAV(@JB(D8s~LzkN%WcoLC{E&*5ok@wV4TuAT!!^(z26S;jeT^R}S%ryduo>izBYA
zmQA&gbh!N?YkLU3y@j`pCTKm!9#MNj262ZK(0=Wb*}(WLPo@9K6W9~M*1wrNLK?%3
zSgg=_=YS~@2s;CRKrgY$W@N39DmV-4K<uAoF)+`zGJlpf(CI<;ijOEU>!0n2K_;_K
zQzy*hC0xuax?$IlU_Cp-CI}7XLn)Np7M_bS&0E7+aYnLbkqL`fe&H@mT|LBh!MnRw
z{h5ey10H_{N;qR@`API%WE1ktLCS^p6fbNaT%$tVqGzYDD#})ov`d*JIZrts&Tfv0
zScP(xwmCO#H@eOHC}C(_Dco06(<CU|2t~tS;1EoyYcFa#-Hd%C>KKi(8B2_ShwXAS
zguu62nNLSg0JeIoWfnE7Ofq&$x_aeRgi?|f{fRDGvW5ndEfiNMvEGJ$Lt#2fXSzfT
zfeQaRM){?7e34uMm-qPZi1(OGNrXLkDTh9odn`0$A#@ZLLmwu^0e$jAm`|eIdG@wN
zjQP1KNbgKFxqAICR4a@S1m664UQpoOvG)g;FaCsS8wE<08O!FCds_R@&RFE}?oFo1
z4uc~jh3z$myh=ARaiq9vRR@9t1(}|o7%B=cseJdNv4$KRY@HBJjBT8l@8h<%oXVz`
zK381zfw21VR-6AZs*lT;eiLFzLirlv=O}zxm#?znLh39(%2iYF4O|w9rZM$Gvidl0
zD|KA<W3YbHjDaK5knw(kQ?gkvUq>NC8K8$^(-hr3GmdYP9$q>7Et0hS9CxhScLC*8
zjR9)%N<K~CbC!>_`YZfnBrRG<u4{K6t-8s}`{mZ=yh(`=iM>>eqbqb{-or5exD5z0
zHo(LhIJg)mnp-X~5&a@M5k?XhFoz9<AoqX-gDT4v`(Lbj2l|i}-~24A`_^q>zDx#V
z+-ww%Dz6kgd@$Jb&XtJK7S1`M?$7;^p}-(*7bop{TDaSeG4~V%M6f?OfTcq`A{fQF
zU7Xn(w$A3*E%q7!%&rWCpeZTpTvD34k0En3M`Xm;Wyb$<7)-#Ef(?xcSQ6y$BpZK6
zbn@)#$yT~C?F!B&V=K5ns7F-YzMCj1_Z|C4TlDqN?1MgR>D^b8+gXab+Dyp;6*It!
zZcOeEDpR^%63$h_u-}mHWz-xmxU<P0vC9lC7%hjL^XY~Ktk@n^@0Y;>;kW~%s!=Ug
zT>Fh{8P<>le`Esj)gq4?mr}wkofTTGKm{wtz@~`xxYJg3M2Wm$mMu^B^!;Nl-K*`z
zEpAixH~1@KE|#E;(EWX`sa4Mb=bKDZ>kia0;EckaAEe#`8^VfVANO;7W%=jeh|u`!
zXHOZ~ymT`+&}*mP_(8aghsLN-nT!H;+c{HH073%iw^JWa>Bn%YIe_RfKMlz!DJQWn
z%sL&{ivJGbQzq1I#%^0#M-N32;&H$yv~P?SqNa^VGrf<9V;8Wo)KkjSs4gfJYa9h5
zjKlen1qxv^cU%-sTjFw9__`GBmqa_pJ8pV!H+`yuYPEG^&vt@Bdy<CXsi}6!pO-Tf
zuSA$#hkG+{uurx=YpR#EUtu3G5HVON9d#)ckGGYIfes_u^G(#XkOv?*0EBr464SmT
zLxq*_UyT2vj~U4eGk0NRDeCSVzE!><dNMXU+8~xV4R2={KVbqi>z_$37h^;X;%fRu
zYP<@3FxzZKPo4iLBp>8`s_h9zhzUG%L-}Ax-}fgYKc8mdqN`KAuY72qo{XwP;VZ4Y
zSG_sT+O(Y%xir7K!>pBiPR>P){!Z8XJq*$ZcVzy?&sQW{2<gd$zZri7mMsPIXvo<`
zF$2z<ig-EX==)z?43%oUOAR>Q<JONHGpGPEMaEWWynX|jqm6zrRT*IW1Ju9jk{3Ah
zceY{qD`4Gj@(=Fg;eIAPzdBr9tyQVVZVbR&GS;wOO6an5NP)JwdhsK%YMT-djvhHv
zPPUF7vHMI=M2zdrH(5yJ#_mpqYgDOcpS)(G6C?2r40U_O!{va%F3VG^i1-elwMPbW
z{25F1OxpKPn|Tn!N1@DG{lYbHN-ot|>~x#UK}_q7TLHnQfAm#h#VuXgf0y&Mmd&A;
zfGr~c9zli|%ghRl0_`FsgDTw$lozy>BWv>goO$&)5>g({@g4lqcU%UX;HC175Apq0
zsNq5oS!`|^lMD<O5ENmb31D@*AACQT5CJO26=M|E#!<*=8sknLT9mB{?SN~Bf#zNc
z>aa&Qd%seY+3yMVMY>CN%;pF<?r|u(9f*ta!Xj{_qp(}S{#zCU_cUgnv6L)mQsJAa
z6EiK?(Q@WABdjr|3}bAOx`;6O4Vc~-_n;0)=*4GJWvLDA=7nKz?+E5XVP_62$7M)c
z$=D9l14%V0omyy+6PI(<RjE@!Gb1Q5#azf;>iv&uu8$ct;~W@DCBHigUu1|!E^n&)
zex<7&;51T#336+{m5#u{^j@nb3siDyIKGqzES|mXeo;+D18DJYY3g`31$3};GuEH@
zU>+>b`wmx)s@fByb$8v$=lyFjs}C@&62;hEB`+>wmS0>P*~Pkdd=5_9jm)=3SV9wR
z??!-h3rNuDB%9;EFOb`$&eq{h&BKXO{HdU<7AAkj@?~<+_^ds<_?g_{#qAEBeW9>L
z&iD4Crn;tkRc)4rj0iy8Rp0CNkv)NeJs7IG+{AJF+9B~rI2;ldGo+q$Yk6hY9Tv0W
z2MU=c#dJ`BhY)AXWr`RD3VG0>UuXb=ka^tY;lrRMY~6=nuG|kB)z~j6&L17bcM|ME
z`N*(@-jTT?+Os^j!M$X9JzCR}-A2R};_M>G>_l7evHKT^kqVA^HTv||N@}p3CfHm;
z_w<sB{P!S)6*@ov#_?d62?l|ZB+fZc^r?5}2Rsy7i7Abr^(s{EWebyk63~|~4uwd)
zZwV(e*ZD$}$kUGxpz|wxTv+e*MjAD$t&+tWi+BWy-qW$O&g|38)G$7DtOcrGL}eIO
zerXWlwno+lR>B7{Gz=4R!3YxIu2{axKQ(p^gogSssbqyymHuFKT0@i@F*cC?{ub}G
zJlWawTyJ%}k22l*{5M9>JdpmSZGam2;_X)#c>Tb>b@({`YPE2~sakq*o!2)#dZ$LN
z+CB2(w$jAvs|P{DS=@pfA}yN}UFL?tbr)O8-jXq!C((FnWF3U{Skri6C&WNA6Z@KF
z>Gm_i-}>92gJFjnM!3SKCP9OFL%4DS_yjAKb%f#Li~>Y#R*jbzBIzzXU4!j-hrJfn
zu~9z`^7kc8x5^k)GNK+6i~OxRTaczm36d&f{vdN$&^I>`;X-3C#eC;Pc{hb$UB9Bs
zzib7?rBDWaVSIzJPrHOMXEmp%xGyk$Mc9zmN)|r*@Y^Q94;vj5nP^9Ae{Y}^PFsy_
z;=SMPEjCjes{<EBAA-aqoWlec8~aMK*$$|$d}Ktvk_ni$iOpajuRfv%!3f`A-u^oF
z-^%Fw^XiC$c8IpvFuUw9&BNe^R*1HNyOj*{t;5S!`m1c^2*p<4QyL~N!Pq$dj_m5A
zZ+`NfB=<s!Y!|;u${<<JL*sRv*%VSUyI5QepK1}b$v;XI#S5O58$jEfq^VCO-x{Rp
zcoRzfmzCs6CASZ|x5_)f8H4Oru>>j_`GWfDpYJII$(smUbEVW5ZPOU_Oir?SEk8YA
zcDO8-3oQg!!Klr5Mj8uZ0BwG+MPmJT+yTV8Pa+efY)7eyh<Pj%WMw-}pF(M$*m<Ws
zQ~_Ai5VCJu)iHtK@#calKHb(;)swS<Vd-8T;JZ7^1D?nk!bnY+M(|22-vMku;d0FY
zr!)BP>S)YG3~}ae8+2+>XoRTUQgo8msDfN<h1oYUBHaWr17s=KSS@liG3W85Ox$n+
z7+p2Ra;mOS<7LWN+g3Fd=#u#T!7XSzkP-$a!-`Y|+sL3pVmrbx{38i1^Q9j>v%F}+
z)8Hgu^$-`_Uv2e|LpAcBopgj>UR$YQs-G5)KKlh&b)H+SGBsS`*2hz9&D;21;obmi
z`tlRP26VX;Lc?TMK|mfYFo?V=VbCbk2$ZE<{tq~Vq_WXvd1G{TNKK=zYNp=|qyIEX
zv~I*duiI#gtvOf^)<O$IMRW9Jjp7R#6*LPL!{cRI$7<g$1f2a|KT$#M#)`u(Oze^l
zG?^i7S#{>nqr?&?UKdIfMHDI*DN;7>=FzDg?@K#DCKVG^4ln(836mGS^4;{u;p&v(
z;^s;+cTwc_iU8!S#8#Kz=hU%ag!MmVHm&qmdME^JOu3{%QacwZb8?)WRvf!gXJ7Yw
zo&HjGNc0}~&|m)WQ<h9sL@TWQL#FtOT44UgRxK79OhxC0$0oj{VnZ>)m#g#W1kAAX
zDVtKHYu+c9nRu>H`zKC_J9jTzFO=p_QX4<UUZo%wO2KyM{;w+7)A{gMX;^}qMuWT3
zKx~!00^o3an+Zd<eVFNZIxCW1NZ`Pgvpo7>Kv>~y(n}MM<~?joD1>a3fwWYi=9+2H
z1tHa0TYm#FBN}O9{uR&ou?_Od^UG1N`_6<GS9OccnJF*bAX8Fkyr=yo*gU`2_bd^7
zg$A-wC09{l)(2_#AQhxhVq)_Wph@WIZ<^JM#3#UYbB&T5&*pxAEnC3MTLPGtfaEO1
z|HA#rxW7%;1PnP-Yj>v$EyprkO`w&?b+Zw#CD>+(4WP`wIpEy!k+twbwb_hHyNG=_
zPR@r1XyET=t@)5WkbNZTOL~dicW2Ax+dZKl4#}YC20JW<zmiO^jycEuA);k}IuPQD
zYgPJy%LPaJkeq`DQ}GU8j025*9VPj+5aRf43mGsoo`DjPuK%EnqnIglYZ2cK+7kRk
z&LVuS$G&~SIT~=@n|N)#-SIZrv||YtM-&r{FdYZie!_GVlkN@{^0z5XoWou@hA$_0
zS5f4>B(3?|uV!Qb&DQ7{R3FoL<_Mkj^Lpc$saI8n;-p33{m-`!YMgZp`f<O>S9(Cc
zw7OD~;|sp6PSsltLA?8gO+q;YkCyn?+kJ-i7X~25da^uzyRSypP$FJO&P>N&8g>0b
zKOMzeIEbHT7ldhMUnk5a@vuq?I{UPNqYJbu2VGa5q!Ngw&p-D}AV=A`lpV3@-eD?I
z`8McG9#DxH0f@5!z;EZ#ssE{csfw96@q5OSFOHEfT=R#GA`DV7?j|*)dI!J8Km>Rt
zlWuKvQYK2&!wZ3)8uad>nt`Sx%<~_CSm^ou<!!jVS7g!iee3VGFl`4hk5Zs4M(IHl
zDN4744bxMuAa?zxJu94cz36=XE7o)mMoyQ@HBK_H;0ie}zOXcWUW+kKUQ-L!%Ww;Z
zo?dqC4uldfV$qO7W{xW6(wqC|@$+`DNEwRDh9qcVY8I@co6J0h1ls@;^RKn|eVj&J
z2^S&YpD7q)GYOxRi__)fqkIJ8p*Pbd+E_My&Br&gn&A>pI{DplZgNB*dF2XQeCKq4
zRW%v*B0RxGYFj)Kn)^nW^##)NcXDuVR1#+MA5p+<XECBBOF}TzD=2#tkztIu8w$;x
zu)tKM%eyQZ!CZU3|H9hOnz}d{DrR|S0f!KZ<S0TK_55ohypOmKVq2F#{8#le{+wx-
z|1rsvu+JMO@yBO#7aar0%5yo(;(n`&{>I2sCm{lKjclY!RngrsciP(2IrZ7G;<@SW
z(c;eS+M!}9<GwhCb=N)j_jHi~xym%oj{GIctEptgPmvouOd(NXNN*bA&rJzUPcB9c
zAC--SZ+s&h6CXe7twR@B)$2~fH5`N>v&PI?zmN1L^@niI0bAC#ZpiQ36%zO^JhO_B
z%CPjK=4sF}rX~K=({4sy3>jD8;z2<g?rhkmjeXrbGVCcU==`{y!;B;3<_Xs6B>Uhc
zA~(($HltX&Jf@2A>>TB6PlcPo>O|b{W{pyR(z|;-c-vxXE;VUXhvy6I6j~*3X$|Fi
zl!V6sae4Exa28(zlacux)_Ky5xywxW7%~I11Ja+#Nh~6`ADP7s*tvx22(tXjixds8
zUZ1jb2vPH$lPmD3hZ?;PS!@dz*cQbdmE^aJ{*<C_1tor$BGa3z6$nPAfPO1~9|Lm_
zo4vq(cM|$y>(`8dbzq#}U~w4Pi_^p9SH(PRMdEf*_$-kEMBl9)3+%uBZL#h#iW(G<
z=B!9z#z%jh_E!P{Az5g&4hlotKKo{aaKcrXK45wZRZ+8wC`XW)S?Ll4SmTmmO}&cO
z6{Jd*kp^F2_6m3CM<RG9tsZjqDFV!UPITbRdoWxAiqBcsUmS(LT#~PS@|<Y~qM$A)
z6>hgWR;70gT#F*aA_0M<9uP<>gqC1xe!fl|aZ_$KKPxXaA)QCzmJak060QnE*h^$g
zkriNzi)Q4L$V^XRlNw=(BXRtvTtGLe5k*DP*Yx!f&J`oouueH0_>S2{((8HMRoiqG
z%ZuL9s@*NAR8mcd-9_Q!X!_wECOLMIKd0erQm&aJW{+AtxI@xU{dstt-wEn(L<T86
z<lfD?3brXF>ZE{pM-M_Egm}MALkfmBH}jziZpS>L%rEf5X^B|%_APiQmElr!*yV*u
zc+SiRqkeJz1C`;J#?T?DLR1(BprX?IDV|8(mLEAQNFAVduJ5Jr-tIMi74V`2oU<qX
zb;=x$T)sOv^xYqJsMFwE>rd7OmNxooP-F9itx53LAM3WOw=8{40jU2B;8$9yQM2Fo
zpvo1REDpeMvw<MuIl!6o7M1|<{qdUEsV=J@5?0|35CyRNQXn)v@5{&Il2|DX)}Tk^
z2o5M!IKtYu?X>N%t6UpZG{<S^cF?15!phoz&|Qwdvag4wv23zymGF$SlZ**TyU(}A
z^XN=GQdGRoh(}~bFi#I-XWsP=0-XV3I6o%~Hhftp08>mU;2!(u(F~t}J}(q{S+LZU
zKM(0}gGHjGLyEAaak@0_Qo_&}lw@Yi*P!g!Y!@H~k2)46zM|cGZc4fslOCRp8xIru
zWnZ^KlOsynwdMYYKfgmM+U;Ufs+=jcG&?;h!H62dwn3Y4)lgsO>MrN}SShjDm(WLf
zB&_rWHPdu%Bv9Rq@Lf6d@h>4XKE`e{DA%FxLWNE8P2?9Y>p(AWltnzB3r(Y9Q{qe{
zL4#V0B~FRl9{4$xJmO`w$VGQ7XKuSM<Z+%EN7vQ>0PCX#a1mU$e_6X&b+q%14<&t>
z`wzNguw$R2Z(&)w{#uye8Eh648I^Mxat!a_?NN)ys&M~@mlOA4BW`_0|6y^W${^JG
zQyv+QzUQ||<R`CwSTl0<Y2RPNjj!K!lIyQW;2FmmWW;DFMyV-wO|U8QQzyk%a**vv
zu@a3fsYjlp$SjN0A%(`0-D#NNCvQl2M4t4PA&J4QPXN~K4BSTHWYgg(-nV+7WKqf!
z>P|FlR_^`~zzFPABGyJ-6=Yf!C5dgBVA0WzeQ-IOgmU!7cVxuVExLf_$ZtL564AOZ
zu=h>xXcv29-Gjm_&h!4+ox{mPFTYL2q}nYBOs8^hiHY#pAq5jh47>($%xNq2sB3o7
zmSMSN9)}DS%{_E`zk!x6BhAevI$Mr^ihO&WFfc2cn8pGGTf=LZ#%8^6E_bOiW9JSa
zL{}4W<|d)ss9;UdhM+Wk<Sky>ifcJ>@<}s*;Qt?)N$8<`Do!_vdmavDObwOxMPM#>
ztHr_ON=R;9vfKq%cY{Loea-^iHazG|;SP92BBVWZb9Vwy#|IAkh{O%}q9Ni#)lxY0
z8htI4=ON9f!`h(Ia*1BdUtBUl9^9M{shlzqt~0kp>RqU56yW6McQT(#NWG@fZ508J
z-VVS7ukdRKwkfMTU)l}}agFj58VBExKx+;t&rJXXJdFB}2dpwXJI#BP(GCe^c*5FO
z>{ZRfG`kSd4t^ueU3FTU_H?$`n64(_F@X8PC=E8)G48)uV7nK3<CMYN4@$z1tx6I$
zPDBG)c*?fSZjADSu5sH}#7X%*shSheL%A02q8!8uMJO@Ai~bFsr_~<)^1_jKHD5#2
z0asJySwlAAh+TuMhh^^W71gLLdm^>Y0opMmGcJc82eW)z6Rqh{NNj*ZUr{YF<N?|x
z5Z*<@@m$PHpla2EK$5xwd|@^?1_q2!^VW%%>F$HFA8iwH4{G&hPq<Xc%hw02`Ymic
zM6q#yRQ6hL<!9XfR}{J_in3&^6-}cRHb!gapyuJ2o)I8H(JmAIS$y@;7X;{_7P~9u
zqFU$FM=%iD&|0;pePx;qWTlQG($f7!CGLAjINy4wg^Cl7t;$5Z#ba>-c4#9Fj!C-F
zJK@C!D@|Lk8^H`ygqcT%nMZ^fc7Hw3`2UtaZF0G;Kh$fhB1Q-$OCpoeV5^T%!m?9B
ziE8*g=a{~VDp~Ghl4=sk7b!Yx_h}L^E;uX2DwCEMA;d@FFf&zT1~)fj)o|+B9sSH7
zt(VX-5$&_mn$4<^SXC&%Cys9xaNAP;wN*ikdnv6Cc{;b~PMf{%FS|83O+`CW(zK~~
z@udb_mPT|Vjm=ZX-P3~OBkAl_qw%KVL=x4u<L>H&p-92zD0A*ee2<(Sd;1nc-+~cO
z(_L-i(l~Y=dq_6xsAxJzc0_K}C6w-&0zB%5Xy?v3<>Z)k0lX(Lsu>~Wr}Z&pyKSg4
zO)TE3i!zLC>Eda6{d3@o?GvLNI9sWDGs2>M;%u||{G8S7+`G~=L~~RlDLB=wO`eEC
zZ(=R=(tG7MC3_<>g+4v>wsPu5`f`0xeHhexZ0X``bh)uTZcJ-ghv}Nq#+c}&Jr3&v
zB&ZBWLfB0D6kNV+B3O1Hf$&0?frlJLsziD15MT8N^8nZWC?om$G1NI}qnib}6U^VH
zT&Z@*8BWDjTS5sm$lCozC8PBk4?;SVg0GTF@0*ltBqU!YD9Ugm$x$3vOXWk*Q+*Qk
zE#~O1iBw1(Dvy6;zP4<Ys=HZ2ojDEAb=gLGuyTT!^A<3D#;#Xj1I@qCZ@!tcQb3n0
z`+0YoX>Ci>K8`h0PPgWhuc`bZVJ8qL3Y$3>rD{KnrjtC4<k09xP_|>PB6%JyAJuCN
zI7W#j+^A_LeHZhNzX*Kh_}W%RWP1rH#fK&RJGXqCZ=@TV(FKyjvjvJjCQaME_qc^a
z^LFi<<J=p`l_i((h&6k2xaJ*p4+{G<DUxl+|3z|Br%%gF!3``K{ep2YD>ExshPG)P
zsD1@bpm;c9lwYY_+U`pWyn|mq*?~J#j8szPY<T;tX9swo*FW_f9#FrDN$m<!H)>4#
zN=sPkppvjv^fpredQqn(%m?QRfn!iQ;+h~)NC%>G+ynqPlU(Ww%wik>%_Q!;4YbCP
z@HnPE{G1FVUhtm_2Jn6Px|d)>pd)D-tW)WRFn^+IiQaUGXj1i66D~fiM;kQ)bT_dg
zF|d^^1tRFhtBiH!m^4z6E)D>tGX4U{0n@*)A++87vYaJU-~2DkiliFai?1QPB><E%
zKK-*}Qi<R&+~Y$6=4CIC4z@M<kTf-*ic<bd^${8H4yXX=O_cPT(!lGla1OuY$!rHj
z7szs=;<bQ6@-IH(fp}fVv%|Mk33(HOjYl-y1%(Y2Q<uiBfl2RxNiVssXMC@F+^Cz*
zBsg;<Fmoh8YaEd)8ICI%wk-qSnGVyL4%L~1>r|8ORFnMF-g&V_bFoEgaSzM{eJGQ)
zdmNdg%V}HPM1LIN3Cy6yXXqeTXo*i`xazz7xJH9`8OF^A`{?U%Q0i}Wp~MLJ9&<Of
z_uE=x1c_#Wd>*%}w;|DCkuX{kn~}j4rt8LtNh<r~@16WS5SyD0s<K{Q<j~@%^fOo3
zu$VgYk1?(fM(hs{fD|H7()kk7Z%)s;V3{nerw^~$lp_C1_cs^*rXSPnZS@=T->m|!
z0qv_`(Miq~x+!FiI)2gJ(Q62u)B5m{mA<{R?H?9i!WgaMUL2d}aO&tpSIl#)?G2tb
z=VFC%vm}u7?ZtaR@*A#X`SZxvhh_7{a&EQa1oB1P-!@p*EdVQ@n)?I|k>sy$*lrpk
z>q)UqMhRLjKj!1A&~xH*7@=&B$Rd$KfdD){$r?HZ+}UI+tm9<+9$#8OJB8%MRYn(D
zOp@@Jpvk@;?uH(``O&X~5XkDD>0TOP47)NS%t_B~12?|nf77_xPTOo*aHjXDxUJRo
ze84(EbTxeA{#HMzm_7`I7azA+g=-f3h*uHLfHh9ziG~=cy{MJqKIU*3%6IRNu5jFF
zI&^b=BrpeNAXFtBIR+PiT1}lp1!#q90y<u{MvNc^=;&-Plbgcf;DZ^}HgS|l?JuT$
zAzX{2eS(7$0$kHu>PzLZzbY&Xs!FY<Kz5XTzXsDYlv<TdQ^u(KG36E6XhYejGfmW6
ziT1K{P@{J{zo}SjLk-*g_hylgI(8}2xMYKSj&}A0p-PMkh@T&tS8Ez&th8_S^_l)U
z@7x<vVTDF660Q~=ir_69l_^O7^RBD)Z}P8)t(Nva?WIASP4)kL4U5%u&%x?JYM9VO
z=krz0SZ_#rO$r3Bn<hOrH%jQ#bI3Elr@ML8s^iN4jOUO)&5%*cP$ZdX%Mq{oOZ}MB
zvSHLZ<}9yS&svuTz0|p{l9YtZjIvqO7s0-fobg(R{j-b+9rtq2lHY1zs`p|X@V5y0
zc+a)grJAGTK_e3^mj8RNQx&<ZNn0qDCn=`DEN-DtP$oQuvb{jVid=ip?Ij06g)ZGD
z8}=LWyk~2<FkQZ=$Kq;;w)=4%_9Et0oSru8KK#VS$F<hn^OfJVsF{_1-CCoMLqwn-
ziMvp@SY(Wq#_>hYNs$RybQl^zmYktviDtduCNYB&Kh>;_!%T-<DY#R^qHrs^Ju8ew
zTs6zlAmo#@vBX3nKy7q@{+-pdJPb3f+n@uNFIq-R%dcK7328Po4mEAuu=TjBh*Hnf
zCe+A^b71^)4RV<gZPSAqO^dxz&?5pdLrJ|)^kS$Ir5=yxW&(SCdPzWIDh$RuIm~t8
zTF?_qIK}&On&Z>Q+^|X9+3juPn!9cqB=_|iR)8WdPbt)CzG#DQPcIa^atUVeEC^VX
z`U69vw{&H2c}}5D3q}mx5&HIm>kUi!k#ON6ax3K>)3AyVgnRhBO}Tj1#)}h_si#QR
z9brhQyr9LgW#mP~&8tX7MCA8ld0ME?7{!&;XERx>YhFwlsju{7J<Dd1Qxe_eTnn<>
zOGw3<`HET<p&rp^m7X5Hym2a@1_|gGI8<RvcYn|n!@xRbA1{>b`b{|!B=fzm+WDO4
z>txVe<6*-<zV`iEmj7FZ=nix9LO3o>CNRO&xseHg4SCi779(wQmf;k0ftUJuTOP;&
zojkCE2<}c~RqTf$TG`vi7W2dfy0>E9>HPRx68MaqpDNkL&IRJ(r{QU^XN6^$LaZ>G
z%YQppclx*feIIU+5|h;aO&bOGPC{a2l8bNO&nmSL0PZ{^E$f?g;m-A62+DzwS)U@@
zJ}?Ua;QR^QBQcC_lYPwvx>(XVad-Jra`>A*e_}FpxwOzxH?UvGki3U}$9Vk!L(OdJ
zzGP;JnK{+Zn}QTDSeFPQeHkAp^qUu&TZ@t{f8LROXeY*fq#IAFQL?L;u`kDVzPgjB
zb}tY5Dxcl)Z#-&5!T*qq7tiahdhe?s%o5O9L?iENHu-IcY`0teo><&gP#D7AY2;xB
z9gct}{puJg>9nX9>D+_qXLai+4;Crg`wr5G!wAlyI5iY?{LPt<_FHrSf@i0J)9vk-
z)LK5~K3H7`=%cpZLs1U~q2LlJftPMmnllx;`N)IbW(H+Pm@!kR030TvxEsvCT|ITZ
zKnT4RYi1_mD6sA*0sQ;q)sTPA%uyfB4P!o6Vznnlo>I^hwGUfGtuK$GYfbQ#qVxEC
zN%RcW$YC#ja6*9+#fT-F2u~Xkt5|N^L)aQm+~+!Zjbr)-vY1KY$uL=fHv$f!-kB0<
zu?Y!$GIPF6qZpi)?Z>Wx-n4fTzoY9~1lII?pq%J`TTVu&Y=j$tABKkCU-S_m-zJ4e
z2=WURZ2@eeqbpll98CTVuenPL;kAm9mL}oPi5-J``vm48u(6xK_Ci5h{v+FF_)mxd
zCl3<4h|M=h8O?bQ?R@L$kv?Co4wuSUoOb!j@D9tcdrP7$EzMMmR?hO5QH6g2hH$n6
zE|{G1bLP&jaMf%;R<SvW2;Z}sx~%Vk{hg8zAjt8Vf>Ym*SimV1V$s9EO4reX${fja
zw&$WRcA?<Szow~@x{^D3W}!FgBskWWIG(4-=$j5Ct1`o_#?<Y~V%ki(7M$B(<al;c
z=%dNCp?(t8|A}TI;-xSom#4mavC(y5jITvCe!dac*`^>~*FE}*8^mWG-T+E`-Ipo9
zPAE!X(YpO)=jA}JT=FPY^@p<T5BnO;dj+?XJ{6=lqhR-}?Z)M!QyPEPbq0BKB*Tx3
zpp7wgCj2$aPnxxl9!HqW=c92g=J?&g21+TerE3Gjjx@~>-a)w-wo0+~l;>Tr95!+m
znzLGD+nEm#*?V*93+@|X)2Xv1-(<n37bw~<t7P#2i&RbY)#70d@kZ)n9QBgd&@}ac
z*&dVno>Ya*i{BpBbi=MUzx>@@9aS21hFtzDe4c6AldI@^jFKadF&BevYs5h5=z-AS
zC<y$7iu;6iWP^KT6vI9p%DA>=+p>7+=Yf9gtH@Ee-3<-J<I!D7zFJ)hN#^^P<HF3T
z*LxxPcOji@cICQ|8LSvSLR>a;BmV?jh62vFqq2vv8%fXF?r|9ThSaM16EjaQ;Sm`5
ziqtCh4c48TTvx3lGnHg!Af*+KeE8_n`KPS$O$T@9@y}ye4r54%-2`3acZ=*Wi}D2z
zxME&eS@b^Zt;OG94xg@xS@|P;1p!2OQdur{rafK_9iMJn39n%~gp_yMc%y{shnW_Z
zJP9Ddo&#WJe=KklUa!K`+?@~@`9FdMcF&WO>~!nuE>f9B4?Ex1-p$;n$@Ge{2ty&R
z(BXecdKM1F7~p2IMM7JsE_`yZ;FX^E>36~_jh_`@fU}a4lL{m}mKSE*JdzF0kThe_
z>}9D>5gQ_e`IY)Z8SJ{Xo3WJ>{gP<S@H1AC1|_(~p}$fW=LS@nSi?{4F6Cjk#dAPa
zF9Kc=EPGHHcYDI-QP&UzjzXSco=HBJh9E8EFDd!Bs__xgntLSnAp;z}N{B=!Jmc;v
zYJ5W3I$)Z&UfAFz5WpXXmvUeags)n;h|PEHKrM^2_ZXb+d0pp+d2y^nLiN-`H;%mY
z@o78^`*b+~Oqwgl0x#mL1ZuZH!oI~zDggG>C<}ytngKR3NdWmh{SUrW=syX`eHhZ3
z%OlAjH8a-iiz=IY<7(mBZF+8J=fiCbdUVVPU9AsWbqBUwC?+975TW>r`D=%<4wq7#
zZRfqdi6DAOOW;{SYPTrWIUD-)TI+Mf?4?4QE2*+qx!7C9cvx@l#SV@b>%2v|Sp5@k
zm7k)3iSQ2_1+y~gMAg{Ip8eNoBxJg9YE7naXHzMLoY<`&BzZr8bhkZoszD_+@G1t_
zW&L=uTgNnc#}=7b3un|Bx@DIi1{YqN8Y9E*7nu%BQh3y;zxnZo3v^=%KHuz*q8$c?
zAa6JD$JSGr3}(bLqnfeDr<PQuS|n=Ie$5OME}ehaT?d&1K3$Z2i9kvv5)lMdGV}8W
zl{}j}5rm(N{Ouw|56dU**;!9K9ws~%d`n9QNY~!$=@TaVZTImT?(=o??)S?U7rXff
zqg1PmABDXw_+H8jRwj2DYvq+I<HsCrYFbU1N)H>2p{8|cP3Z;AW8eGEjH#@dCGFbO
z!d6D*SFMw_m(}(dx1CW@7RITfk(+Q|n%V9NNUTBEcIg(1tJbSKAWt^69iMgU*NK&g
z54W}}J{#uugR}mR_OZw8Cftu3Hj^Q@^g2=-kE9F`MS*1&*+Ge_o41Y?=VhvceO8#4
ziNgB5C8rH@-ocsiZTnb6R#W=ajf%}-U1L$!lsWEhJ@395&RUL(uCjB{o%Y9t^peVc
z;b@*w-zFCoj~oW2T=|pE?<YdrJp1Qm5{!WW&1uwHtJEM#p7hn4(0=l)tss4I!Y?$v
zP(1%r+KR9&k7s?pY+l{IdHh^Pw^4O*P+W!X>~|e?oga*s<$c=KGRfw8R@~Z)C)jD3
z=#YrhvH&Yq1%K-|=wBLu-*^-{JTIc2;_}#Jj-30s?s32CLz>g1zW@GqIw#0hTNL3j
zD#^e63<+z-wp<i3H%Zs_9sUrxQ#pg_{Ex(5>m3O5QFu#81k-o<rq6py<7J}hdG1Hc
zjc1vTB0<f&F%i1xKsg4LK(~Ri(zAv$Y?*o3-jukKME*WpMX7X>rt^o?IK%eoXrqD~
zHx(O#3sw=5!!`vY)f*Zz#y5A2(Mkpa13w))o_+|Y-Nk1L3xU^}-zDNFEP{43no*dh
z9QU%Rg*7F(?uBu>;CyS3?-mEW*c<UKT6+uJd(y{3x~u!r&nhVf^o?%u-W9*-oQBgg
z>zcP$4Q}>1BmR0=t;6e)<|?q+M0KFNc@>PM@2ME16<MvX`d)RNkBu)FeAPC&*{5zJ
zr?wGc)Tu*G2kp5@q_?GtYI;#9jgLIS)wjc|eo!XK<`1ZD&KxjeJm$MaK=CR8*DM?J
zkF*Vt3|#>d6a{Uq-vbt$XEQJqLc{d<9k!kM4%2P6^W6K&M|z#Bsja~q+M7HTPe(DI
zuQ$#+VIOZ<Wh$PASQj%BT33;Ed|t31$L95e{bfFT5<zVz!C<mEgo45S6#c@UGsgW)
z_&vrxF8qG&-_1Ea&F1^!pP9+F8_f%QuGw)Jm}Z|hTo>kOc$rvUHk$8wm|thqo>kgS
z{SXD|^=V^>u8HR%u(yHguI{3e#_t|#8$Wo2bqMU`cBp4;3{I^QBz7fGr*fv4GkK4c
zN!<eh1`_rm3*Xd0<>R4Z)mk3#FCou^;6+PuId3;cZVi7Id~)x|_^qZc->*Hi8bkCb
z!Dd>&t*AX_9+UHKuDtUZ+8}N2+b^HAxz9acvz7h#XmH2CG}d(YY4Aop6Mrq86Ku^M
z&Ct!4Du^6XC;r+`G_b?zJ37!{qQ<06_4ZSnrDq6#hBA(=bsA~!`hJX=BK!tXSFEFp
zaR)a_EbX$|p7#GGM%<J9(T4wXzzO3$jW-osls!?kjWqM^B6a0B_@sUdua2!7!HSMx
z{$N|r3pmi<Bb_*0Rr6y0zYcmg4OH%&@r3(TTJf&^uS>=CE@2m4Gdx19xqQ3DYUF&m
zUxYNh{UneM-sYp{J3gS6$AtM`q|t6vuqZ0<)7PT|@5^jcy&KGib5t9pSZM$FSSWcS
ztai?`(B`SuNTsLrW>z(I-226jsHL-eF<_c9oFtV5>d!7O7!e;k6lk>1<+c3IHsn@w
zm;vUC>MLme+2>4hL-?L6a&l&C5DuLgA6k2G_0wXsynt-5)0|W=!rUnHC*$F`$8ex;
z8p$oCCPuI3BQkys7Tf;KCPVX6lb&fY?WA6O6MvB4dN<Jvlz1If*1V~oyvOO>arKt%
z@m#qcQ?GW#Df^)#rLC7=CdK59LtyUTr)f6?2f?77g=*`mqXZAyGJ&ATg<70fOTih(
z{)%=P#;R&mWMglp?onB>l%ssS(BhVe9y{QQ1b~m++~|aL%2^{jK{^es&Y&z^DDyIs
zZvQYP8|@6*i&;~Anxc$)CyGds;^Z@OF<Kb*NN?RuZ)(T){>SR<!AJDH-hO&2XW91l
zM`od(N)u-i!#9XCBOIa=cZbwg>o>zCqht4FCM%2N-y_a>e`OV;?bJG<wdSh?lJDTg
zjc}G|9SrGDFf&Ga5S^vlzGxK&JftUQj5sTxgj|Nt8NKN{xh=v?5IqwxyzqiT^#_^c
z?4CE$HkLdllsH4wT3OK^zN4a_D9<I9A>h@2$45t^U2ChF78sb8t1&rRH)2k6AhJra
z>=0=Rzcot(fZy3a;@C}ijlDv6w`;RXc=LTy?qc3+<^)+3+Ke5M5STU4x(U@fSH*?X
zgF8{@FI1-X-TU2h3kN!MH-FST;hY?4Vx5RDUKiZi3S4aYzay{uuj$*r(c^?K2Q&on
zIrga-@Tt4o!;WNWt_)6Q{G=;&bS-bqVH|B2Vw~BUmP~PBDsLCMk_jFFp3?}gO#MQ^
z=gex<3qITJO!(Aykc=~(q3V&(&aS_fe@<m1fAC8?6jQw$oFV%*?N15mwY++UF(w4#
zEGq_ue(6pTC;y&B3)K`uRnJJKQOD-tyRz?jIYs4&fvH*Wu?#0?#PE{s(Adgu2;OOv
z{M8Cj#vR`#9~XHXYg%3oEM|rR{f9N?CwiR8AN3hAXT7%^>7w;>K3qtTns&-{!f^!|
zO;b&;JGTf%u+tw=O*~CyEIl=W4?@jHepF}SQ96A5t=ynTMf8tD1%_vgU)SV&r_VfW
zHq$*JuYZ68h1oh)I_QYGA!aSzQI`J&Wp9k!8THS?QoA^i>SD2-!`0NdTxUL0k5Ald
z*|puHH1MAHp_Mo9CHCTF)~@fhaS(!VFP;Vicco*3{LiyVJkdz6=!C)dOU4^u5zn_i
z#_WUXJOm}T(JP&^99}*aoFYcR_vgEtFqK4oA7yD(1Ex1k{3sW;eQ6eAB(r%Qdqk-*
zr>4r7qbhsPg|QxGsXM1-nK9?7Ey$3ax95C)XwwI~%?zO@#yxc!0^eA>U;SIp^@u8*
zq3QwcY4_y6Wtjw6l0E57Xk+wF_sRpYu_WkK)PMIJkEj8+$hGD95G*)Ppbr5b`qwA|
zwy}R0E~k_o54Lg&L6PezK_P|UF~Pi!I&9(j-o#Jcko6IB!=+^bS#(>~{iwm8J5jBc
zeK|#(mUDioRoo0Wb1=po5D2cD-+T(0#@?+bsYo0Xhe`J1Uc|tJw?n@(45{pknx3U_
z7^E4?t=39$nLIwfg>-oH<yLJ(AD%prJpWho2gxGS!iA{1<xg4n{Hmkq=BHxAN!903
z0e3~hCQ-B1>!cE2eY@%9BD4m$jlAbBo>HXM|KFhpVKvX1-kj_<l(*Hb^{S)8CimOm
zl*)3uc=p`nFYG<()`FsRh&}1$zfEWB`O#kvYa*}7d3tiBJFm&t7N%$L@1(J~oNcCy
zM2G&}eA$3Bpi!4|WmD}If8SdMG;Si3*3xeUl*sjOj3d3?l-v}uw(M;~CK~b=FsOYN
z9Z_BwM)0C*x^DV_+yDIv3yvGa-48MG`5$T1@M6Gt1E6#8G1jEs15?8rc)w>W0euJ8
zh9e`!lR%%_zbVrQd?!0Ehafd!aiK=G@_Q;xM}dm2musL?qDJR^2w~8iit2M8O-KLQ
zB4~B&*3fjV;_yMcKn8g&#Gt;es^CIU`>JYZfxXt!e$$M!T;?nH5??ss>O=fq<Zy|K
zYSV8@YxP1%G|_W5X<;<UBs1cG^!FIE<6JCG3!Yn{8og9XKjy0XtkT?tnJV;b(RJf$
zK29&DEtebq8My!k+}aL;DE;q3kTuqLd3Y>65(;+D<z#vGz4d=KigPvVO6OH6WJ~4g
z<BjQO#OJS2Q`bg*$tru6dr+vz9P2O{dYQQ3nX&0rerBYG))9t{yVE?=cl4+#XjM>=
zWY=gK3*W52{NvLW!Yz^}!it=muMN7+YFc+X^Y8b+!#es?=NTzkRPQOaBDDF}M^<=;
z(NZ)R#z9|lF#>DM>9xFIWrqCfREZiip-#wZ7Vmn0Oe*5GuQbp5wXc~2obT{YTG!v>
zGQ18|i5U#Wz;NXG{+URn9T)^a5d5=?d)}Hhk4OJyBeTCV_xMF+S@e`p*)77+&r4<9
zTLdkb?L&Rt+(5tvC_Vd4o`-}HP>>0lMHHPXuh1MS;Xd#BhdyfKADQ#Me$BBy9aSKM
zmpPYGN5epAoi2Lzu~}c8&(*86hv#_NPz|}VS28CDJjGaS(r}90CMCsKABFEZzw?^Z
zeoz<Ex+rQY9#6~NrE7}%;IYzkE7s@Ao=i<F3G<ntzGV=2Ez>=7q#w@6$VIF2{bbTd
zooJWlzOgYFYkmu!eFy1_UW+*R7dIQGVH7`lOA7bhf$k@;@%JiP6~9ye;9RcfmY;ec
zucJeMvpKGk6s1Xu2~&|$hzN5lpu@*+KjI{aKK{j8gruxaSkBS*H?0o4ynao0Yzclo
zgICq;zX`mm4$i+=O_){9TzZ)K%x1FP>iEbc#rodC_Q$}!7=ztFVZ?iN&oIf*&TW{U
zrI`tdY#1&T=g4PUVeXk{OSfC&K%%r-XTrCi#ozp5J!8ah9T6lmdqP-TZT}1J8}?p|
z4i@HT`k^KuN(KC?OIjfodU9f`qhjr`yqzfWv>dZL{vS>j4_24rJ8G+iGLCfZf;;W8
zr91QSLKU+%pms~mQ%s0ZM|h)XDYEu`tzls&_sZQtyO{k3`ow_(jj%q>FRTP~EBgii
z&kTyZ-JHE>pA#_t#0`eq0QuX@1&!<(^Qoe{!-Lb@Z00;!jqZAk|7H6}9rhhJ`pZr#
zXh*Hq*e#URfv3~4HZ*(SSe36?xUUPOfn@g+?_>X6JU34zy&DUCL|Kd4ds$wtrm{IN
zPq2&*y)7&zN@haU1%;AsOcfUnZNsLdxS2O^7bmJx{Reea`xPhM9!oy@N%8>oa!lb_
zkmESsbf`^ZR+gz?+I+C%xV6}UWe|%MDBoc}MtvuFe!ynj`gMQwst%gwjQ3=}WRZ{H
zX5Ten6mc}zl9RzE9`&ZkDmSw!^~{ZT#d;!-j({bob4uzPbz$dJE2@Cq6>cIIG9Hih
zTmir(nx~(hSq)4IjF;|v=HYo%z~%M;m%DE6mao5DD%t0vPE9?peQ`Ydn-Pccg#(lu
zDYtAL0l0#P)t%~=u?p@O)9P^ZIMNv<RwAb|I7Av2kTMtDsYipYo>^?}&H7N}YxqLk
z(nHe@Q123cW|z6~s#v3N9S_9YbaLD&t};ktQ)9fo4GD{C09;cBW^K6|H8ma2jG~;~
zUg{g|q+Ab*{FOr?l}KOe0sPe;#j+9D&bv=IeNHp=)z&k69CagVb$5Z~(z_1EyUJ2@
zokD_gbm>H6^eX`@Hq3B0o)}pu({eK?Yz^o6XRXXO&PC?1WtP^L8dmJ)>D_MB_h>};
zfmv4W`P-v)FM*C|O#zDefAM23=P$BcxkbRN3dc4H=yIE%q};#1yuFt>{$zBzD6R%?
zF3jVVO3C4onxac9bUDpC#ATIMgpW*HuT?qv#zXBLb|~jP7`QCKn{G`{NGNN5R#ejb
zVR=Hw63Aw6tZ_sf29solw}a~zr4&D`tUnU%&%?93fb4o!HR4|7dbIc=_56C;OVGAW
z*7NyMX<>cPy;A#1{>wi9Mne<9jrLVs0e@oTfR}9Bw%6)Iebt@z)p8_JAFF-^4b5oi
z81eR%?G%3hQQWJ-wP15SuN3SL$0`m|B(1AI6E1zCL479E2igno7_fWVS88D`QGhc9
z0}$3X>(KwKJ#Ak})w1!31T`HnGI@*^^t6_F=6qU5nW*RO_Z&Q)J*-1x#*cbPJpgn(
zTV+-X+vd`=boSHIj-yLerJ0;7%M;Y~fpv$wuxR*o6B>8U+q;tuuYWBPK;U_Mdv<~K
z5!3t9gVIpx_EHXN^szBWio6D{Rgh7OwP6ig7t3_w<NHj3>?<sxwAG0{v<><9<oH_2
z%0{Op{XB<YJ9pW0S4mvSbcJm4u(&tG9Y=}xGh(1OwU4@fAEb2-k0q&KQ>UVFgXHxk
zY9kc9edhK@pTAkFR9^+x%Y%XAY)yb7w|syj8q*FytF8^s&nqUw!*f2AX-yc_dO4Yw
z!#j}ncn+g?=o8I3XLz~nv5yL)DLl$SXZuc}vCcI|5W=VCem0CB<UZwC&EI#LS&!|?
z?ZG<Iy2pr7oO7JHoh1Lp`3XVkNv2gl2)JvRuPVls)_m9*@u0z<7laLq=!E!$_bZr{
zkBCdBI&G9M1UFh&v1ErT7MHLTZDV_=1Z?Llve6CTm>Px7k1AfY+*qJ>%ZhBuAmg#C
z0)1EIAvHYd_C7Ru##apCki30JI%^2ZT7#21bn5+4-3@`h$G72uNOp;Jn=d8J<)4p=
zO<_ye9ZGb>M294k1|-d^PJM9Y-&{a-pPL?yPfql(`WjhR-<z887O^E$gcuD{Z>OqX
zh=w|5f<)bFHwqY<jA>VrFrK*s30%X;cI2`aT~jF72#VGQgtU9uosLUvtKMvPe*bi+
zYqj#4f36*|t;u3FkVcI7SkKvRf}X^w=V;5|Fv>vr_`~8fZ&3iB84f$b($fvdL}+J^
z8Wp`iuD%(2nX*Nbo$y+KH_P&j$)H4L{sb%~GMTg^2`#?q>u`l;x5Vccz=K8}#xr6_
zdSyv!#-lFE=s4tl=&Rqau2zc#|7Y=3m)&^`IZUC(eEj6N8B>r&KT16#EYGIFaGPh$
zH_2l|KZ|2Fj1_eAygE9wdYavo_0__GxoTppo%cVqlmEN%8X39l&ujkSGiDln^N8Sn
zR$If<!k6B;jjOi<#~f*=%{rrZRxvECjm2Dpp)l&``c)z0aa^x<oa)#LZ+|DOB}nkY
ztxvOWE6co4ExSe5tTwpktcmIv1Ca!_PbwG}woe>9*hp!uS5K1F#qO|E$L>ck^8<}J
zXGEEKRt>{Vc_3<5%g<;cVG_(a?QI4(Ijgum&RMIZ3kHSpm$+lJIt4%PJY+zT*EBJK
z&A4O^9AzIZG3H$L;79nm@;UP!z6lFK{kL*Q-!k|m`f;yFk!<sX$ex-58JB2L{DS5X
z!C=l}y;OZO{zN*t_ZPPa82?en+8VX~mO5mRkpa6-;n>Ltq~jO0@B>Ik9AR1o>;s7#
ztHRLnc*X8xBLpK(8t#6`SE=U4KhsIu4hes_Fu$w)GP-Smsrx^aeR({T?fbTUUy^KD
zCJBiwEyywxibq15kYz@ar?QMn)|s)UqCBNgmeGocX%Sgw5vC%eh{@6nQ;Zp7Y%`ek
zy*=OW@ArN_?|<(<?!|py*L`2hc^>C+oO9iu@IUj5Z-2R&e|kpK3g_B$pz@V@K+00s
z*wH8L!_i~U+cLo+za{s3_{ZF@>_xnfDt==`8?Ssn4XKLH?Jz1c7Z|Y|`o;TCyg&bt
z`_2mN6&(8dXuuYL?C5V$H-G!WoPXd5*L&|zlIjs|=(v(eL-+~5b38@3A4IbMo8qR|
zM}hsg7ES877%X|+NwR-&sN-wP*T`kblDc<n)rZ`5u>J#L-zneev+1OVLwomoKXi&c
zfAQWeyRxHS%N{;@b~Xa`!Yp#9b+DOhN>RGzZ@YWWJLiL6sNH(!(8?X$dghM#`uR^_
zV$rn&{SN!DrJ&CCl6M@4{UELL>aQR$v`uKV=ka>@6Ugx^2zyt{BA2(7=UrH>_EZOR
zbC2^<;X_xJo>Ug;SeTof_X~d}sC&4c^sVvF=;1F-iM`KeMi0A=Sf6NU+O7E~;74Cw
zKENjI9;`Yw=5Ug=J@#E&@$Bg+3i+^Q3o3W+EkCMk?DiOL`**gRtI+7#N{IaxmYeH{
z(X-I}(wm&B%1i2u58Q2k&V1X$!W{04bg5~KP#-nbexR&a_u_rMYt77Pb~AXy=w0vr
zRO-O{bIr)bw0~y)Aqk|1#jQU}zQ4739t}N0!rre$Sh(^}q;j9H%=sMWChjh(MAS~c
z+4%3RH;s`G;}G2E*L$%;uSnP}q{oeWunf!XeCyetN!}!^PbxR;`&;(CN<_)ZT-&o~
ziYbD%v3WlE=07K!*x!Nsd_G1|o`;|jCCO?N5#x(mcM&?k<yFxXSy#R_{b!OJ39Eb`
zAzuuXs0@@i@Rr>P|Ib<AsD<-0DWYYr4bFVamLff_*7q0R`h@KT{xkfRy(fy&@DNeL
znQN<$rbGdiZ)|`<nLm?KfP4OXMB&Y~xrB1Vu$-UOi09|Jbk~6r_`pq260m7vBVGCP
zBX8NrFJSb;z*XR0TqR;-BL<%0e|CY_;OF&X`SA$u1nCOB&ee!kC-1s?o_(yJwTgHg
z2~AT&UV|C=aemeqq}2sD=$^c?-1R<3rH|t}H}>PiqG0E}0;7eBPe*o^@MEqOmLwf-
zFtw_v)Q^r`qRs^fC6|NC<olxK!7x9rD{Of0WWBFhc~i=x^x^3XOTlH;pQB^<c%pVJ
zsnGN)LtYDp?4tMy2tS@bqYM#;JYckcF`;#^W!Xt*Erio26qH`Op4-6a6{iRv&ZMMH
zKeTI9n5k_^Z(yHP>|?%2yvQJpll<Q*6TN+fUlJ;<H4iL5f`f?-2Il)YKExE^_XK2%
z4{`m?dtI_?8Ke>F*H7W~eqN8THiuSvt<9u7;i=+gEX}{M^{v0L2Q`J@BP%rz>8rCh
z;}FzS`!$8wm&o8Jh9?G&GWai=d<PNtd5XQyP;zi|B`^Bx5T)tdeO}vn1|@K?|2luJ
zUk)*Hl~NL^H>|lfS7MyWzVe{L=<_r&$xC`V>90WxZorwsyD!+UxK^5`5yYcCSJe-*
z%P(woOX%C<Tjdz_uybesnHP??F7&>;F?B2I%wfCuhqrddg}m5vYk%)4uSNWxrsD?t
z{hwcz=q`;qQdRo;Xz-RR#TQh&!+H-<dXI!-dX&45U&%Z==urQDw<e<Pi!IK*^hM*b
z2fH;*1BL{rBOYPvDw~epKOemJ_V<y8o<`OC&I}Cx?dJbf*7dgb%Kz`dk*DuCzNdgY
zciw(f?EU`~lIy0dmiTnvTFgJoE+y@RXY*o@bE*5@XYW!k(fXQL=$qLM2O!c(frXcE
zET8$$^+~Ulo66Z!Z_zuyjM6^1`5gCyCS6aAF1gq0Tt;v0`vCy2u#}qC)Q{JgWb3Ro
zPX3A{FY>1)c0~)McX2rI48k6VMX^9%lVhya?R{FmesQUHZaX<Pt@2~y0l70FFQL^~
z^-;sMwdylJqp62d<vvHAs)u|$v-NlkI2-$6O}&yF;KT@W-(_Us?z9!R>=gNEF!IP)
z_rB<!p*K0Z%SxwX&TgGzc;D4J%3eM-zTcN!b@s>Ble_G#0zR6FQuc}(Oy@?sAn`q@
znB2?tiJuoo#v<1ivn{6!w{_LDTo6*_wR}jk=m4kD^aj&IuUA3=KvX;P(0!L*84yB#
zBrzK=fw;H#y-FLq-n=z=G&z0s{@bHYtMQkwe!ryiYR;7yIw6>~1UrqR)Lva*liqpm
zZ-9O)Pj3LUlYuJ__4ge5AAO{YPf1?=VTpY(^YWt`s#h*g3*hni?Gbyf@>gC11-MM5
z?pdoOPU)RL>2eXN<LueZu()!srX}em%6|6mFPEMlxD^qP`{#~*T+&{aLgaWsOk8Nb
zRjkg>a^G_o+CEM9eVS?xS&iFi<~wMhRT9qz0`=34IfEYTlRbm0F1k;aEP6c`S9vkv
zf)C~21`&nf3(X($n>nuc4<1;1hqXWUi~hDdxOz@Z57pGT>UYzpKKdYv4`pt$cR4Lz
z1CXRkE}Vxvrros1&Ys<xT7%Sy9-6BEuQbxbyXNThrO$0|dh(Zz09wS?-z5qgvLCm0
z@zIY}-Q~nB#E#SH_d(ylA)0^u(6_(Pnjg*=AM2wGufA69L2)l2&>mIg$&Z2)HM>1}
z4|PAqK00M&rwOmT^>}Qz-h*l@J*|(;PzwEce|@lZcfI58=+5I%vxN&d?E_!F0Zv$R
zy6dYcITYNROtR<_&!4<OX8rc$o&OqVHd`?E`r$+j#o*hiQQsR)^uEQWu6gO(C+(xj
zPR^)u&pi{-Z9hHs)bJOvNY%l>^&eGH1EHfcHI8wQrY)u$o<BKDnmaRW1$y|#QLC`y
z>W{Bm3-xSXcu-=mCUl$!JKJ9_b8<2==_g$-wDY22R`;E*K#v$j-a&sv%)Y+tT-WbK
z<PUvasg1bO)ru$o`Fh{?*U^V5SJG4AzsP?+)fbzboZe$k-*VuaqGiDw?0r~FCNwrZ
zZ&Dw9qdjUW4rs`**w>GforXIu#V?60<Cijz{d!gzH-3JMA*ZkK+#00u$9L;i3hVuy
z&qwv1diGsEmU5C@qjI1)TJH9rhi;K6=Ldo+^<4h%;R0~DZ{zT}!2It;;q5!`>E#`x
zk(LF-(x*=n^uK<LWPdm!PZ;Zp>N<Y`BjmGrmW{FPQ@kEazr9+ok6z^#2K$&n)?Gc@
zKl502Q~O@m@!a+HwrN&#25f=9dWu129T4O-Rma%$A4P!`QTAd_f1Qbl@^BG&a=oa+
zr>v}O%dewp-Ks?u^zyfKHQLH3?JT_2$JJ5YG)Oo7(d%<$v-dCF`Plnj1#H4LHS}$t
zvPoKWhizNvdFPB!;N<8(^2d@c?9I53%lFscQfc<q=iJ7%PTQ|X)4rcy8RfCMY@b}|
zf8ty)xO=^CAZ%2II1)BSz54Ay^hPL~ka9M$#9ot0EF+A~_9Y*6+}rZq+Wp@WjL~|n
zK4l6|llR)g)|)lHI_J;Z`bGcl8VnolW3_T~evjL3FC*ohbrinI)|Lo6zjtfv#tZb*
zrWyxlt;1a2l<#YPX}7Ck>#%(DJ}FP}$30G8LK16RVt+h88(iz-<qJ?!#oM1fHHkbJ
z$9jT^R|y?%>9gm201CN!&<`>3M^$9Z&)HvksxP_T-}QK3Dvx;M&JsYg9X|Y*SE5f)
zG^y3av*4B?K+RQ7^}D>O#GUvS{pjo|gV(1{83a^*|NgBdpybv`fc@~a($b<8-@0W1
zT>AWEKl*IYvMuxRzM$v&TVvb#6q?7l*a*}pS{)}QoIhv~E!Xw$rr{Rl@M5{s57b`?
z&wYQUoKe39O!2zuiLppe)jzGKPtQK}ABI_WS<vj%6E6<-^#O*K8x&C6&U~EqfLOq`
z4R7zg{+nCf7fno^vp^FaQC-*RU9Y|lluvzxUmiO(xE)74|AD)rYP-6$kLKJM)^XuM
zy&gjS$-`CW0%9Kyape7lI+Ob*y~Q`<N&td6Bt*A=%yVwBJe6V7ovPAS$y}`LcuArK
z@9h_9OdYSFuN_J)xN@rgk$M1@<{DUcW^HC=VOHhH!|1Nr&jE`Uzx=RQ=AR#{bdKep
z{P_wy{yv&zHme_-_CD?&lD2o(GHh`#H<cY7z$1JkjWWG{@*}A^RnYbNF9t16&nmAn
zv#_EA=k}B3)FIK0ke+70_O;=g>g94DVRE4|f!3|d4xPzQMXH2GZfi}?M~)!rd{3M$
zcpidxWPXQ+4%jI36pclCZa6{n-=IFbiy@gL+H$z9?0Il}qd9+jscea?P&5-@PmspQ
zzR%_5p#y(P7s_-jCY2@)j1dHhbAP~e&x5#L-m@~f!eG}}@S<pk?$u!Q)dUQYu^1@B
z-RVes1D<^Y%lkoV+%aci%L0yu3HEi>f1KwmVf|5v?+@@>Tg>Up7#;kRUY_X-%9R0|
zq*DzU2jE(vnoFjX;~x~`6nU}aReXgFta(K?0wpnF9h3l65sO)oZK`|^&4>fVwATAO
zNwedTZm)<?LwXyG1QdKbQ}(ofNFfX)DYRx5#cdsjao%whxZbvO;2EZ1+M%0QG{{e>
z1--n47tqTCg-8uhW7ZgKJ->5}09NyBsrPRUhUfnn>`~|1>TXo1xA90T31m&!_b8#t
zVB-OLAq*lXgt}uhje9KMTUD~}+9)ok6$xeI-rx-8QZV1U6Q5jageKOShh@H2D8|Pc
zgWm)aE(gYz;I4%-yaOZ0rB?|rHi3RR4;40yTB8hGhKd?`$xoAykt~PI(<H_jFIg9v
zZ9cBEJ-S4~Hr>sPB3C8t;5NbjKPUWK^?HJBCCzeq=SW#~)JIjoZ>UHD*C|OIf>n!D
zgIzIRjV#?EHe8nQ%QD`0w&QRvZj5N&U8Fg+y&+p4R@v>n@^s?3cJz(z#HWkiiwoQ)
zPX29&+l|lxolr(m%rAWylbtI#%R|V!b|0543<@1hWu8E1Ar$Mg`B`Ar37iVwDJYWj
zZYI#0qmPNtY=a&CB43iqhQKOhOkB%XT_c3Rn@{M{9Cc+p#M|m|7%#$X<!HluQR`4q
z-1P+QqZ!^ngGASYT${pngTffz&0Q@j4Oy4m)6dyt6#*w%$Y0MZua*^rP}PF8r%d=p
ze-8U^v>kA1V027|Jj~}t;hgJ0-Zjr0?x;2A0C}0Z26+Mz@0^R@xCCaEWeN`gE(x$*
zD7@G<DjEh#+u!2~2gN8Y-tF*UKQ(L|_?78{po0QD@jD%*U*Lb3!;M^x$K%~~q-h(2
zCU-68jDH&?Cr+ae7-FqbEi1rruRnblpIE~24t&vqKE}L&rnoiB7KaX-he;oWJRYVs
zDqRi0Oap_=3AUuzR9Q?JFwEEuTt34$|2?L8(N)B7L&+Gm0p%&exr$9jsP)JCveH0x
z)>588d5eJq&%wWe4&I@QbbnPn0X+^Olmas>M6S9LsEr>&-$Mna%Cp{Vg85MDC`Yw5
z0R9yi@2q3tE{}%?xh4a#Ss~U;wz%kv8BLPRH=j(8;uU8jl@m@8Trt*NGu>=pp<7KU
z5AP(7DZ-}qdmcKx3VpUzZkFBMpH=JA$ze*SSwptDpu3V(%<-EX6L<7M=J+t>7-im1
zF|ZJZ170BBG|U#)UIxWv?Os?wDXn^l3;5gMQspw)Fx{hB7i^WM30uj+=t)uLk4t+m
zlGqWT=tUV>#2UGBF>;cp#y4w`Eyf#StcJ|n*r<pOnZ49KK~hBYA%VXVX+#$FS!`O5
z!ZfPRqBghM>dHpre=_HY#REpOLJx+yNY)9iv@xFLLZt#l-M^qx+#RJ-gVgO$uOYHr
zKVJ38!b+vlphF@*Wg$zD|HYcFxw4-e0+V;yypmYLyYADW1LgiU&=SFEN^=`#MrY+-
zoU&E6)??9iAH=Wc$gPxbD%l!v&o#Sq-X&6Rsc(*<hM$9{Pe3y}l!o!GRV9GwQ8rTM
z=v#C6)*MBF78|I4ZzpuM`04?;p_KwhCyepdn&V4W$7?6=q#rgE^)VE59b=(5+6hWx
zZ8d1n<=o2i9Hz-H$O{Os5R$oXsj8!L4rwcKCzD3aIfnDN)<yGGy%Vo3EXWM*(Q7=i
zTU_M>jTV~Hcf4rNp8ZYo#;Hswaim)dsz`1n(JoRt$K$oeWiL^|$uhk7x6upsd~W{V
z(fV_HP@~I4W<g_G#p3a_sLWBGLYk(Fgu4G2u{w+tp`H-}QyiB|!tY@^a7?a_y;^L1
zCI9zK>F7rgYDEbp^Ibkoq98ND4X5Ospc)DSMr3;xC9h&xA|})DF;bmNW$p6lgc^rt
zA!Pe9nOR`<w2IfpbmHRbj2Zrdt%@fh*tY)@^qhZ&Z;!2L`lS2Xn7=pujk|CQBPxey
zahkI67F%g@rSi?saD!ebH`SFaFkEIOJFOrQBRQY_wQ=is<xs!w)057zo~-p<%Oh6@
zmbn#z!jF|zsioD5aHVp&x71xNa@u%l%<jIVO{_!shh;;eo_|=4RTZiiL8#naW`g}M
z%Y6_=t(!T^vlm@iDYtwOI!;q}ZR3hy|J;tee*5V(=$Z{PS_&An#@I>^L@eqKVp5VU
zRhT0@%S><)ODVGhKFE8b@K}-E&k+nIN+pA^pU+Dm>kv%gI&+ysccDwqW0|<@sEG6(
zVTT9U1Z);Aen0mIS0(c;toZfH53b0Z>agz_Di(3Mw)$G92{&PLU@k9?GvpU@=*O!}
zeOP#nKWEA$o2iw{Ypa>joc1n@2RvAp8%0atB_lMRGXw_PULN}K9!r7Z)5yozz=12c
zu7WCPZpD?b0Ug-P_?DG1%#~{dBgb11$QB7=4#ewJCU&`Ca>bZjO|aFKd`h({l{rb>
zOxsf`9Z1L;0LMFgsd)v(urstUz<_p2R=9@Oz#W0;N)Yk?Ea<>%CiYxvH0#pOMeEth
z^$=uAB?AeG7>Uz(wQl}VV{uT&-RPG?;P~rt#oa}lc$6G;w(;zH>@^`UG;Y`ltjeQd
zs`c5bw(Bu-Ptm)_K@cB~7ca^Uv}GmO4V~Q~p-s3|RY-`>5@h=n=#w^A;@+h0Q*-qc
zzs;+o$f)OVrPexT?BE9F22CSHt_s)j7u?WU6{V6ovcm0Y5M^sc-hT1{<t(g>b9C^)
z2+Vw#aJ`D%Ip1}6rY02C|CQsQ)}Ntht7@IutH!#5D?fw88_9TBsj-&L$Twv%JL&mz
zLSMMgKp<?UzDV?etez<epZdTRG3rHN@|Mx~H>)?p+#tEvDs&^qQS)CpC6W$!U$}mK
zMnE1nGD}=qMe4-LSig0AH<MW}l*X9SL*|6`z${P0fHDV3Z=+XII+st94@kodLS;q>
z_o#&o->f!jWtDl_$4tYX?u><XS|V>RHGXrs+*6prQ5m^riiRNR*<v1AV}LY8ZQM=P
zhbf2hx7Pbpzl|uY$`7!!wBYJiPk!0ANS`(kJdj0=^61}jAwna4(07(%>IK2A`pSKk
zazEW5j!JU)gvVHQuEvY9O+e?HSYZ)vpj=nkYX&@z)_tXtB|*;e?!qW?AbxzLhE~Ta
zWOueo-^uvb@Mua^<8RNH;0O!44eWvoaIJBPB-vqt8CgmPnvu9D+qt|mucb){%10Bc
zT?;?-CkN&vSCf-BN9$@9c=v2?ksc<<wWu3qxGvmSk`$_E7{iqcvKD9RmczALNc4}%
zYqEZ}*Yo=HFN_~h*F%&R{?w^i-Zv-MR83e2%O++ANv~Eyl3i{*g-OI@@YRH|w^c_#
z)oT?~iTdbksMP$Ww#1T0kX~5kpTa>wbP#_WgnFgStFNNuAmpu-7oX>@ol%=v)^HXV
z|6Jd(?!2XC>KK|?+o9z~NxT6aV>{LR#}2biu3>#dW-?oCbVJe1HdtX(yaFd%P52FL
zlZj4%XT6FX<tTB@k|o~bJuuS6;Wq?nkKtl*yo-_-0guzD9N9aeTPkV37}&mt*14)v
zMFRlLv_Bs!H&+Hz5Z=PVG05D-ROSqRzcJQ#8l^w3v10ndvPf-l2R>^PR6e!enj9&5
zw~l)3q(-ALT#lpyJ$6S?WWnAA)2h!*tDlInl?UJtRjyQL%CZxyI1eD4K-k*hY`w^%
zd*0)X9GA|zm`fKzt?EnMU3&6|cqiQv?EJV`K}6n~dE5#9x=t<YFu@cfWp6O0NSR7L
zVpSP2R*3y88EMv~sk!2vms~Lwa#jf6N-~?<jZwWOgZO2PK93LXF(pvU80>-M_8?A)
z#L1ChDBne+b!$Fl(@IncZ>v7~zK3`<l(83@ze+G@;Wc&6%+4YD6XDWUS!EtP8mEaQ
zAIhU-b$lU5jF;m%r>J+Oy~3aD!3W8#5}uc+-D#F7CfpiOKf8P>K2{)WyO{V%6Rv8N
z@uN|H9AbfG<S^oC%$(&(?Ny?MXxR56guA(^!xf_{_YJx7Jezi)wR=$}{AJJH7=DjW
zj*#l(B3(OyKG4P70xjcwyx<ZYQJAf0Yf6t)TR$bQUl41ID_VG~aDFF<kgZ?eh`_3a
z&6~coHm3s~`9MVao-E{#=OTQBD<$beoGKH=GUG$GjDGmZYN9r(ULz<hvvnB$?nFHq
z56zblR{B+X<2A5fjWB5p`Vu5fgPpih*f3Zo)s)`dicy=-C@OM<^pmf!qNu$I9r8NR
z%ymgGb`MxLR5l5Zuw6wdtPb9&-oOl)%KZ^+><|`lu`#h36aLX?>j|6N{?sT&@=$mL
zMO^G5HWfczK<83S;d)kC6Z$Kt4$c*r6lagSFyOIkxc^1m4c>#jTu#%BdQx4h$wE*m
zWt-q=<{(VBAZxFCTEH-*TC}e!9(|nSlZB)JFxM;kR0W_;_#lEmt-1uATL&6q`3-@o
zjQV=et6cUZ%!qT#U04c47RBK&7|+(eTXTHe#mia9pU*3YIooulRtbq~KdTn2THGiT
zjMmh*0v+AFSQ{za^UsqjUIPidyOfB`1l!)>1D|nXC+5kHgwr+&MJxLn#%xY5!*vR#
z+Hd3B*F<WJ0O*Th=kqEuui2Yg^iPd>E3g8B(}-%U3#5+*qa*XAZ+FChE{0w;gdlSt
zMUSQy@bX}fevEJ}tvSz}kq@^*&kQ7mG75vm6}(IB;}w-xFS%D5$p3J;I_hwdSx7~l
zC}jtbNARjWF8TgU^{H}+Z0dbmtaq31(aZ~QjZmo)g4Sc)ePSY}cj-QE7f|RW*&hf*
z;DAFYBk*-$kh}xlB}mE=rsX0NY3vdx5luQfuG<UKbZM1ehTF_jbZ=WcaD#6x@K<C$
z@JOEpkd(^lxXbN{T|Xtt3bw>g*JDubI4=G$y*LNC*};(4hO7`K-YOiulo{*f$)8BW
zx-6bDoSMyYg`>OQ$~27sUfW{@uI9d5*5h1r|2UguFgn;!qFX3!AD&0G`(x45t9)nN
zBorqzQBwuNc~unZ8?v?5g4>8#ql8m6?9=|N-|W|gA^B*wc_^c{;=Aj`P)Wd1ZepD5
zV5P~86!j!kyh6V-@|1ObHKzHA=xqyl&%gc(YhL~7WS`LZMImx3oS%56w|Rh?{36I@
zRH%`LLU-#Y-0)9B-f?u$^#Q^xd6UMjM43>T5~xMJd`+NS5<w{_O4KBDm@{cSHLEjf
z*%=-glbI(a-PnoUVwLF(`xDS9Qs4k#>_E8xjgryZc0IY=GZ<3)nJA^cj9|E4XhdIj
z2<-OjZUCAtM!z89RWXjcU7!(*O$LHXe4DijLGvyXs*0|(ChT5<VyJAhZe4*dfOxWh
zj=&6{Cgo@=?8|Hvi+`+<L%yt1V0&?O8Kc<|@jxT<<^o)FBMPn_qp<jnTH+|=>?)CI
zKna19Kx1+OYfuu-uVvp808@UAP?-&BMz%MeJYZ%kWv^GLN5o0a$VaM#MvqJRz#hE*
z>}Zq;v7Nz71<Ckm7*jOF3iN2<j13q}loH-Z+oFO&#w!YU7-gAgG>K(BSt<D*d_PeW
zM@IC7YNac$3ESF-C*7mkNKb4qCio~@^8&HlTsiRVL}wV{FT_tboT76=e$!J{QgG!C
z6GqDgQg%*?fzI@|Sm7NH;o){%Xa7h={3b3DGeeN-O^QYJ^rt!DirihEjY%`D8lNxk
zr(^tbb9sqf-_Fiu5MgWj35d->V$TS%EPsctRJ9Bu?-xo4yAA+u8s2onwqhN~SEf_}
z>L>i4^|9oRg>{2`XV#_}xqQ-R5J<gR<nOrRztp^=Yp*h-OLyZ9HXqHLbx`5X43jp~
zTJeT(vzM3eCP-V^o+d>0e2eeoNpF0E#R0#IoLI%CL>Nj-i~ZJIwg^Kcuhff2Q+s|v
zxAd57IInujQ+LQsMR+a;&HJOtqYYt;P_eF_fajJ4TpSfl&OyJYHY!d45POVjOxEh5
z9E3P}J^46GBrN>HQ<U!jU7Ol@$%~(U{g1b>Y$$<dbHQjfowiJWkNo~vBzd)>CKY=}
zIn@c*alg@u(lp~g*IvEcW=;2YP`&;$#iXLK+d(C~`hD)Y63r#w&Wvyvu5Z9UpLQJ=
zoE&~DRTi!}zPX>hLlARd1Je1*zbBXsIAjZ(@qz-|Up3HkA{93h?N`!`BEj1A6(aFt
ztvDr5<SiQQ6ckV91<5kA#A<V482MDnjl|Wj$=Jp7ldH~EMUGND%1!})FF6uM^$n7z
z><fY@$`LFGsIKRz@1}aql$v4X0~i8X1_%gCds-SYV{P{XzVuJ<q+rWbSk$6iUO^cV
zeb~j)3VWeTQ#P7Fu15&+-33KfSPR=#v!;%O$D-|5%Y)%J*9V8yhoRM?zc?F~Ys=`<
z6pQxbh9mnY1!u0*+Pq1BF8HF9`aJ;ORrVuwbai)WCAn%@^fmi{lwVeenpI{%Uh*?;
z#psnKf8<#FDdC}@4(6-I*}PB(rxh$F?yq&mFbI|SnH@3!vR%=RKq<GW8$|rJc~iIt
z2ZYy=cM~+nv3}xHxE(|Bc&xfnmZ2Mnr(M{&5$gf;iE<A%3WKva9WPe^IONYYEQer&
zy;gTrg0_ig?n0^a2r@L|gFIXa0P5`<;lEN)+QBtp*t?J?YyEWz`v&6p;K^0V<AupG
zMuW-iT6{ww7Q_X#P+*+&`d>RrCDP)vtuq%>Hwop&U^*^Rg@kG6Drsk6SFWSv?g)(f
zW+6p7ADFBekp+Uo!Y}OshN}&>q7*t8Z$14pUli+_C1jX%;?U<g2b%a^<U+j;yEzlQ
zw=Ja55&wBhzYSa?;T5o&`r^{Hz{eq)0>||thEHm>=x?TCkFnB=yN#FPH7g;lLpC1G
zYI6UWM;Jp-0~}tn_i_rl)%pUuv1KT*%H%Y`EU3qkowXl82iX-V#<=)5kflLMW{`Qv
zOzv_w;Fx>LUosVW4S?tMoEb_%YfKZFKwwQZ$oCj1{4i8xy{DStDTDX~T)B84Kxfm+
z@siZ<QFtx-uneLTIQii~K#9&uFmO@}&q&$d*u=L4_G7bu@`sR@RwDrqSNF9x#Xxfd
zxtY-0gCOZJg}Jj7DnfxjrouJVGe#Yc*RIDJuIj|=fFZdE^?GM|^h1;%i+>t3qdVK`
zm?`v9s0ZIlyt$}r5ZuL+k|Wd}24cRp-SXlSLRI7NSezRTuC^@4BPo(_5$c(oeGQfu
zB9M>Eq&8yBgQ1b?HOMnrxZok5ELZv+S%gySK6(hgJp&2f=o#ggP>OSoP);z74}kmX
zLf$k2Or&J_!L}mUrgAA0N8A&t3NVoH&oHQx(FvDm$~=bkEQdSJOIq?maxWNwuA|`k
zGXaMkaW&zEO9}~AHVP!K2>)z7c|_s*%upqYm=JE;pQTr><8xJn)bEG%=-EoX0Bqu)
zu^im$$I*%$>z(gDjty24l{nD`qv*T5UJ{Ca?-}lf%XzEpG#Kp(qoi_g>5NuOzN5O{
zZSj?s<Q4!1!V=z7al79!hp?xh-%qxgM!39V>sLX0sY)%{I^g)M4#l_#&@sec6Y^^y
z?RiKL!jFZNx(4BfJf-e1j1*SN5WgYsCujgG{3Xi(7^PFVr^%<lX>9}x`Ln6<8l+(6
zpe0N#)L#J@md%9SYZKanqBwc0!7JvN8;IfQu>eS07S46((uwhbSBgCAtF8;WD-$*@
zs2qfL=#e_s-!qn157_22yBJS|PA^%F$Ko|ZyHl_h<?I!aQ_EzPIqnBPAnfq>kKt0y
zhAXja4{E;3&k>Y&MN+}Tw>{v?V|J8+Usg-{2E9tFxcUk?23r|<lSr|4iPr&Uz(t2X
z-pJ-*qJn;*w!S(GsnZIuT{<=jd>`_NP0dVjz^C}{u^A~CiDG&?qK#2)y=Hm5O=k$P
z{<x~~U|>hpuaYLb{RYJ_KNf&<C7_A~CtP45K-Yt^3^DRXk0&BqQK84!nty{H$?c^A
z4m2=F_;RQr;Tv`$V(hab>jQ`VyHIfS8&Y<J@XLe&ZnK_it_>GFX|*|`#MJD7NcTI@
zX?>9DVh9Fw4E1kSxx8P`ydJ9?_$u)u$k{LjmF(d0!08;m&-cR{G;gsTt}Q-L7^5IM
zF=X8>9d>9S{)F=o`(3O5H!jMWlSn_~ok-EtUQsPc6`L052N4ph6^#ZHXYD4}%^A<F
zYx%{yAG@Zar2CxdCxMFJgYpoX<5H`5i*##yX*ruZl4=b)k_tHHx3J9Dy9!8V`PI}n
z;BKh))J$X8F!UFMB~oa$2h3bHIJ8>W$$11`{gPoZPPEGWTEHtmnHK()apmGj8aclp
z1g14E?eHz`!E1}IkHUHPK#l*HC7%7LYPuyalaJ5NW1-6~uKG|IdVj@2<oQ;SN`23M
z@UQERlJ+!YYjkPJ7QxQkC}}QBTp&U1@{*hQY4rEFfDZL-rwLnw<n=o_90{Z#K5$hr
zWfbC456&ALrZlI?-NTu|3ikjL$<~McbYdUv)+Y7UvK(vEwS*<}A0;atc|$XseCzWo
zh;qzAeB^*-IaE~OEcVe$G&G*Ln~l^9l?=>Hwh!g0yVUnvhB+|QcpHq)mLAlX=i*N$
zj8(_K05Z>upl5650y)yU0$HqS_50?SDi*?oJ9K5Lb2w&G-%+CDoGZ59*9})>F$#cP
zo@-gb;cCF<<`bpaSVg0Z*a%m4>k3X3%eWHt-Pei!uScx(dJxKk@~&|XsLpn(@uJ|e
zp<0#bn3fe#6yNWAx53I@0I})xm)!Re2a}!E<}$JDgGL#euz}3Mf_$n{Y4o^clI*<Q
zdxF~ER;u$h03y}sF_-6WZBf&f5vt8~DFIql83rUs<0ow2aC*Hx@fEkF6Uf}_oW_ZG
zjLYPD6#_|EaVtr!PQUsEci6Mm)m%L2E^PmYWC|aPLV^zbUdD*>IL#j!%gep>=0mF=
z!E$~X5w=o21SPVJG)2)cl2x&*tRORLk~cpPzF^kuC90zunKbF}{3392X+byg0X`1@
zgWZ{^aMZY8;GD-S45Sy%f<iS%mGPwC&NvrVd`1fVW;ZR5vdK}pC+>Lq0d0y?kc<Oi
zH$0>i<sGQK5-=>*XOVOTN0B86*RwMfogBb5jXvaA^IK8`f<Hi@(U)GbHE_er=JHO(
zbKCw6E=Hn|7x_s;4%df@{4N49LrzOIL7`Nl2&NqaL^uq{K_XdX^uViN(6Uqb#3OC5
z!w1(Tl*D_z+K!*%Z7#ShSL3e3p|Z-<;UrqC<n*TK^|b3uQqBNq3FpmHVEKL|^{u9-
zj8Y_f0c}b%ivn;hZ<}{wx92y?oW}18l4f=ad|DB1l(RzIH&M<c@RN8JQ^PCgUn*75
z#-dFxULq00fVikHsV-riAmM1%<-^g&rNLb<q?cJQpG?Ev<k37B-sVl!tRxMGg#W;l
zAgNxeb);sDvO!A8mmf)r%e#jlQiT`BDN*baM>*^419{wXfjYC0p;sTi>1f7<X|Jv7
z)w~mY@M9y?t2bO=(9z6VOfc4K@dWF|O>-Gx3#C2c32u4%DxBplD$GeXS+GoyE0>Lg
zZ4TYi!kwQSEfSdL@X9bgR+(c!z$M9)QqPO=U&2`qfe`A$4m|<3HkiKBzFMoSp4GGM
zx+S>4Ajo7qAgy>%x0J32-m>{Lb#sr|<y}pDJ$mOzFyt!_A{nMz@RoO}9w)hS$)Mmh
z(&oSly1BWZSOj5TE;R?+l>3RwS7hn8U`nm;swi8Q%q0+VeXj+25wxvZOScN&a$S^I
zKP>!9AuPW4h#qv!iT0GsmA%L}CvQw{^RDWz4s&G%zt|sFb7lPOjBM|?-bs)uEAT2*
zUeDw<<2ScR7ZX0Rg(ElP%eqfS#vsv0L{HW%M}l!*c{tfH+3{!&qOeZ5JEIJi&1st%
zK>hlqu-q6XHdvzLGdCVh@=-h>FUtyB{(;CY{KI%H2#%(m(cE~lYd9tG+kO3gXs+-H
z5Pe_X&@mD+M`wr_n`}$!=;}{mH3IqO*18-~&m8|bU~<`)d=v1>8$9=Z_ymD+j~Xov
z#GeJDLWN5u3@!X-@-tCG1WKkML!bJsaMDSFhcuY6pvy~B9UUe8G6x~n<7|^V9<~eN
zp=`X%)XrCm{I~4Yof~?(48XKd=T?<xl<NR-5ccReA1rw(k70^e36dyde-vsZ-$-B#
zIErO@WDVra@kcdQy{UUzl;ScrtXEbDtaj%daZ~gx|3}JB<>ds4Fr84o;sYjCE=VFD
zVqD(H4p=^GK)aueUJ$C#i}BOy+fb;3WON%Kl?ppv#<}Yj0*G$&)vj2Kob?l=-;KsO
z05(pi1%!nUumRlIupAx`xOqh$0DyZ-8?5MUz>a=Y>&vRu4YBp!EF%j{1#Yk%+%Jn5
z0C1$8ZDzZl;<{l%?JCV><~I|63u9y@+&1hC*JfS}Z83WAcue{u<YqGJG6vhTqG8K8
zh8{g2SA@$*G_V3zncw!C#D5LWqEUbIbJJn$JiG<K?_Z5@17(Ii;jYWg<-@f5vVB{v
zBLu~eET(Lv>bNwMDw({dF}Zpsn15JaJStM<T(<gk2kvS*v9+b2Hx?oMQR#4SMAiYw
zAi>Y&X^`@AIfXxFhKAoJhBoR}6Z#8l`CZeby17ibsfSXuf?(rtV1WuJrabT+3&AK)
z&hVQU^%zue!M0$%Omc8+7XT#y89Y;KA!G6H5VH7<qgumT<SBp)rnoyO_XLTXNSbzW
zmtc##hWEmkW^6$aa{=GsG`a|P3lpfTPgNQgHh}`iOwI87f+Ujk^xfOrCk*LdvOwmj
z6NqZ=C2FOIxQUb5-wf&$2(~Oq6`&Mo%f^%Gd}GqVrICGeiaq-_`u>MH^@B3)n|uxm
zL=xCPcHZ>gu;Nymr;yx*&?)`ZDI^wSAkjcfvIc{kT@l$%OR8iNL0!xB_rBELTM)`l
zCv9mx`1x015u_ITth!|oQa@k!9j3`q%jI1-jXv3i%I?6o$PVM>O5NHn6_mNVjK{0B
z1`z&pJ;c3@06M;^dKhlN@4pZs);rt*XgX%dLyn-Id<)y%^rEb|;{(wVB{g4d=9~-o
zu=W~obgkA8L?v4%08j?t1}a$=wxkw*ekYGKbtW&)V}bVD|0R0}8KA4q;s+0~G8649
z(*^JNDfAwP0i)s1DlJ)w*TRD0Yby`Mial7iFYpE}YW7HNev~H~?mCTBf6P`umJ7TA
z>G|%I+;U6*ef&0VZbSr%3<KJLR0LZU)c{hIOf|uJSWo=^OVy^r>7=nRp)R8vP@+V~
zBLpytT=gvmIGFFE-m2{=+FK((|C(>Y;yctNsaU_6sU8(t&iPQ^WQ$6Hh@hc_JfibA
zx)1@(MgH<d+&iXz9jW#<XfCnGELkSCkt#UUR#woq(Q1;dPpHJt=naHFJ_yrXbu+}=
zSzbCwR`+|$D<7S?gt6IUoh=K`zw^405*4GsN6aV5x4!w`TYTY~z`~0b9B{2^eWCA0
z&wvTwdx3fq)dWBTHacp1Jy$?Q607ue{$~uN>6IT0_sec;fs*-E81z}-{e=p1V+Cz6
z&6q*E;cq6MI1Gr2Y#UgWf%u7@@$OYlsR_L1OpseslzNUsgnK(hlAIkE(I`SVtX}BF
z`Jl$4JtB`Z<7v=it8WcQiO54yr;?4njHw=U;A*7(TZSL2Bu8`+-R#yZUHmio0*M*X
zn60{SZ~#Ow68N`3d%*TG4QIut1;LZ+eAJT4Gp@jp3n)i{_+4CCKICzD^ckuK{jkd*
zK-LA^aQHgv52Qsbo+p^*tu?LZH7LwyL}A>K8yP(X(G_!Ihkp4~Yw<~jlapnA^(p@y
zC?hHUmPnbSnfcV6!;=<0!4ZgQWcEPr|GwWZnIzlFCiE$Gq*Ny-wFsF1V01PD{rWIZ
zs-c;x%hikMX~Br8$m*&x?f+>;XQ?|=t$P$3rdsdmG}vftw7d}k+f^#<K!~-y!8uoK
zw|g%B17+vcz5kiL-u?;Ac-<a5;UL2?PLcK#X!rFxuVrrJE+Rp}QQ7k~>94&F3Vii>
z2gR@>{|<MXS&Mmt(oXQ@*_Wx6{z@}xcYe(LZgiQ8>e))>*>SGm42Elcd%_}wQ%L0j
zE!qEc7Lp%5gn+~4nce*`p<0lfrMqbU!wP6E<59_R`q}>i;-zQ+5DVmoNH=%R*JNV>
zZFIMBrD2Ka_U=T(XDvl)sWx<JVQ1?8>F;8Nu@MfYkb8hGr0#Syo1>V8@hH4t&WByy
z6$t|+_*jfp*U7|L)Lq1Un_3vb4Gj>HTC>YBB_ef{-^5I;TQjYS4WN_1ZV>ryNg^8P
z)QIn`v|cwffZxspQQlY!9l$lnJKhO_1}l7E04gqC1>k$h5J}SOv3}Bk7l3sw)5A;P
zv$&8Gt4%%we+*Utsc-5ZE*f-s2DRwHxZ=qRKg~AD<^(UPHz+LDe^{Xi{^6D18P0uP
zLEuSa4zm;%S3-G(;&xtWSx>^me`;<4eQjM~M^eU~xF|c(z35jAZMPvHz0bv?c|S<E
z>8*PhRTRK=U^n>#=Tx~Juk5de$s>%cGRit<0>-R`{;x?7FH~G~q;IefT441%A6B4I
zBn^u=wvFoW2;LQA+;xTeT|DPC#J+oCoCQ1yKz9~(rrt}Kh1_t|fxNt2m@pOT=r7}U
zKcK<(y&J9Mb$B*YO2423s)a-=FKUk9H-s*Q<>N564#C&WpSv3asQu2c;2P-Vn(7I*
z9ZCzsr~*=dR*+X01RVVLMk-I7P+%S;(F<gpjCTvSPgis5vS)m5H5#u(qvzBX9Uw1y
z0%gmrei=<wXiXIfyky0K{U4_i#*j*!%OHI}h+>*TxztBMs4@n#ME94ZVw~y98^jJK
zc{B?-_8i;2lveV`fu#8*8a)4TI!Rj8hI=v$l^h{d7z<++c^koY4$rkKp=&1xdh1Hy
z0{d`>L{PM7xD*nLn?43jLrSOp(+$;G0oWqVplCC~CP(4%$#v^FJ2<l>;Lh20bHaXG
z_4D9{H+cF)z(cvcF%u7_^N2d|8+rT@E`OnDttQnKv>r8yyvwrmBy*r`l&pq@<L~3P
zReHnE+=$ob+-L*X-ZzNb+;mm$o@5ClCEkmwq7~N-H0jC8P3)DAiv%?Rn9&t;J>gaM
z@xDu0U$01p3R}JyUaLUEXjr+1Y~T0R6MqZ#-mvW1+1>cc9CUKEE-gm<@R>`r5XxVJ
zix}yU-Vt?jWK?3gJz;B$&F}cFoEre@2tCWc$l_adB2#_Hftqc&`f#1IFr}lYba+~b
z!)Fi_^0_c`{Y#c5ZVx%$bAkPvWMTBu;mgua%la8V=Gzehnwv7(IO%eBJfc2Jb%4*@
zWlpell%CJf>XGiD-TLw=zNXJkTTdSb<kt8hq?j(HQR5LYw%2sCakZDVLgkYPyIP23
z=|cRsmtO*UVtbs(5^VvKskhf3Nk$WXH!7~;Fpc6z!t{$H4#v=3?v<O&a|G0s<6EZN
z`lcU{;*XXRjr7G%`Xue-Aj5HhDX4|Ggd3qxrfFRh`C^uD_tXlR7oD$ykKxMD$Hwk1
z<)W(v?M3}MQ@fl&*Ys9p>`{YYQqxRFy=yoc_u_TsrjPHi89<^G5PoP)@=fc*4UT5$
zd9sj|O&*+k)a^m_H7V{wu$<5xRr~AO;fhtRd5&=REMDrXG(C!W?>+Qz$41^K!DFH3
zNkdXN0fbY7FO`TL<{EV_%%<Xd?l!h{DcTy>6U*EME_Z$~>p_}RBlGAWREqfBa$W@~
z_FC8=*P)X$<nTN3uC7+Yl@n=LfAYu(cMyGy^DI9*7=HL)RjWXOudr4Ak^E=&OIss9
zCbSdi2A9e|i!ZWK-vMZ8YekO^<)PPhugNFL%meWU52cT8%+!P(+R%*#al1n)V#sFy
zKg~I8XT?Q(8DXXes(k8cN~pB5RloNz+Z29yLC3QLNakEGJ1-gsK2)Ke?b<y>*}P&`
z!c*;fD4$<oim_U$R!YlXv!Ek&Mn?Q;t-K49luK3N>M`k?NBI6q{O1(Hx|%0J53YSQ
zD<n;q;ySr3Pah^cpnRP9n`$4l?mC$w!T3`fwgQo!J|2Iv26|{i!=BJ^<nbM$D5xX)
zSfd+jWB{D30s%ipYI2-l>idpC7A+o>!Su$(_np`W-n~t!V8u>Up_V*;BX<aQ>ekiL
z{u25raXQohiM=iYD)W}Q8Ay=KEKB?y5%vi}-!V<d+T<_G-Ae9C854y~@(l-Aca37c
zB_mG!+5A;M`NlFvzSy?Vu3lYl<%;U~nskA5kes>bSX6;s_eO-&1)9_ymylMix4F$^
ziWPVof_I2ezr_c5`tDot_q&N>SC(+n!g<h3o}C-6SK#m1tu6$wdv$oj8FI`^=w^?k
zwY-<syXa-soVXb@srk3f{%5~t1+<wEFGt*Y^14ULQ<gj&?0}?*1b-Tx=HyXTcOu>C
zB;%!^C(qa!uC3OsL#r|!I!uFa@^_T@CC9m7yKQvh&(t&P&szPTB)$dQ;Vb{T<s&0^
z!xkiBzO`qE_kE;;RPIDi6}=QEPV)BAHbGFP8mmq%lGC}O3ry81vJS6$qH+73!x(NG
zBk@>12?%u#U@+D5K20+qYfhwNV>bH4YHb?MA=!1?`_;J-SsMl^OA)hp;lXatGyXTy
z4TGcRM0by{mLv0$%XwZLDL~s(;vlR!?XE9%&T&rX@BpjX-my(zhn3s@-+VP1RU<_H
z-HgeAw@MZe0+ePVihmIWJY6Ah?|kj*UGQYOAEB`;g0mq>xAyY{O>$`(D(u<<ThH8t
zpr874=$83`Uj;s5KIY1Ir+cuOubY?t*6Yixb4RjXb9~Nvd|FlD8V18D5eRShk_f<<
zn&YMsJKJo&f&HULET`VXg^%3B^9UAezQW8_n=ctYb6_`T$}yWBhPkY3lfE?ZSbRA*
z7hog>();~lJ37G#{c@oV9r*lg<eURHmwAA}%G9q3T(jw1-a)@164zhe%y~iB-xJpJ
z0CM`Fv@-0$U0iZnJC@tNIpGCf?rN;PpJr$B^B_e3zS4D4XF8$s$~F#DVMX}*ORz1F
zF&1VYK2*3pNGgP%O$*W6<9GJpjUwIcPbT)m4g0dkV0!hAU2T0+Vb4=!Kh`u`4K*Gl
z2FqRoVthe4hhh=_y%}#$)({jyzvPAGEob%|_%aOvl*&IR&~65YEYwd@?R$M#sa;Fu
zGqunD1+PJkYGFLcbyp5Fp+dS@S6?kutodLJM)yznWjn09s+UH!qsPAdH#YzX+&A~x
zHUL?7H($%mXNn;DecK{+3o;dLrSFJ8d|5y%k3b8OR0_m_iK2I$vJTwW>1tw6TGs9O
z@`T&3dvve<6k|M46^u)Ki{j>e=#UuEBi{&=>2JvEL$sX*tMmWN_-ND63679t?1}M-
z7mpy8)UCbdu|h9?nn#cKQQ=KQdDmw0`NiGaD^0a2V6qI5mI@>hdT^_Irc?!=sod2Z
z!3F1`k;)M_;;gin=n$uRLM*!Jg!L1e{>zNYh<}$X-Ja1zeRDZ2I`y^reHG<eEi__8
z5sSQpCW&fOD;Hc!RscG&UsSu$-v1nh?3fxcXYr4edY#?cm*E41K~mE>>y4fLKP3v?
zC}I-<e^)!@yc4d9l2nV%*~quURGIUwf&|L-%_w65-<iHtrQUkn4SGFJr#>UmmRsUz
zBRUbJURAUKGemmwy6SNGgwvw4m|x1ggW}AEb`l_Z`tH?MA4)Jt+J-j2*erJ^!X;W%
z=GqJ7S;$p~e99|^Bb67cg9VWu-0T(=`yfF=SHRiD_d)F%#=j);qovBFfHXjRQ5n1=
z^Uk3B9l>*ke_CZXua|E!`xG$wnoIf95$gwIqaXf}zkQ|mu}}p_a=o-l9C-Dbn_u5y
zl-#xC&j-sm1D$Y*f{RG)_gyk6Cplj=QZ5)sG3|?g(4#mmt?!<8F5a+)>FIk0G7z_B
z!y-kp_^<(%B9mZ8JK^*En(GsnYHpRjEKQ9gUE^gSO(ZDVZeNL3Mw$W(n`7J-g+E|^
zd;ILC#k`)WT1>K9&f<ZV?nNWY4skw^hbwWXYQnK}ok>`9>`r*Pcqqu_<9i4<uv2v8
zM)ZjR|Bdt|(Cz4RpBDQ%u__H2by<~#A<8j(?<jCe7DZcIh=N4IQ(P;SH#!r6(IF_+
zRfj=B86W09Jr)Djc5!v`$}U^wh7J<ac{CY<t(GyuqMgn+#(zXAT$ADE@P2_hXQrz_
zDuRDH!oSPP3ODkcRr{1vy_*&1vwnfzH-fSeC3bw17PO=?^&9%<-i4Ww8F8xcIpOe<
zymj^mkmyT2x|P72)vw3NrYVj~_IA2xbU-d&5dw=#t*!Zdsn+;iBqqtv==@nXYf-)v
zM`oJC&{9B-X^UDh!EDrZ%jgVe7tAmw`xi)S*qkg4XfQe~&N)&B7JVpOc)tTsk(7dD
zS7pV)YoCFbdUh92u~@e*Fqh-EP_kv^VV%Qp_~%zhO`4=Vf##bg?D3CuA?zZHE~E*U
zNK_X|ADA#YhchircW99;hQJ!pKLIwpFEb>B%bP`ar^=kibI?sAh2rs(0P>-JCjnn=
zRG$(63gvHk7AK5MJo2}CL2(W-7{dqWBuc3uK7~WGJCwP2JZX&C91))-|BR360P>lE
zw7k45WRyO0N040E7?;-##ivMX6BssRCJm4bB?1ZGZIqawz5bC0*rr8|2;sP!QAPqh
zg&58jo4%9w#IM*Wj!2Wu!MFIDaPCtsPkYV;<dH@lBF=HrFspbIczsMGC9^{nNG-tu
zdpR9y_V~&wC|~QhWQ($q;1&jqGDwk#%W5hdV`{d2l7_2}|7sfXLTRxwd|;D-EDizc
z;S88G;iC@Z%E(=L*p@y)Yllde`&nsJ8o+!=NiIGf7EbsSPiC%u7Ab}n5<dHrnU)wp
zd>as#0jWFOjjT;Y9%t8*M197qmvF@T?sw9~cwW5XND0N$8Q>>Hv6H+dXP|C9E76?}
z@F@?Y3=4SE`9}5h%`*<V(j{PvP$)QeS-)Ja2)((1jXF>2fN0M9i~B0y*@W>eADl^R
z@wd+YH`Un0mJ{qkkx+-^&Di9v89d3JSv8#GyDSU}nanz9!i|$5=m@k(1x%F4MhECc
z38%)R`cQs<w1b4@2psUK?mcsO-N<`)3r|v&v-QrEpAQwKO{SRMW>TnEv<Jivoy!Si
zfF;+}UO5*p{z_fU&*+5#Sr1VW<?+MGBap(G6jYula@^dRyZqXFeXQFtWB&j?nUtXz
zA$Y1=Qf~{shb&(7WJc$#*S%?{Nb9441VXzCfOG?Ldf*#5?l9IeBmDv&N`Eiv0i)k>
zG+LGZ?Ctf6h0FuoY7eDm9c)Ukv*xH?LoP0x@>3GW$A=pohbT!kjjWOQ@9U4`9pKnF
zQAH|J`??FHiNokMr2ND35}#gMedX?A=LY=5$OiSp4hh8HE)rwZh`=?h;^?gKRqL-f
z1=bIP;mF-!dI+r3jRFULQN(5sC3j|FStlrwLent!0nmq`!IV+iH0s|W6M$sxxt6Zi
zx*@v7D5GZx;EB^CpY<XT3LYb}Cu5)onO`Kya&1(FF`bxS&xA!{pTEUEjMg`HzZ0RO
zsKeh#F=JTN|2Br@GE*|h*`S^h<pgjiHktnt><$OnB}3~2U}#QU+pB5f<1IE<)2t}k
zvciqj2DQ<baX@l*7(<=B-nk4}J3Kc+uz+j0h@Ln##0f7kpZW;*jiL?rRAPLD+Wq1%
zjAEG2KuIX0Zh)0^Y61|BKMa8mj<9N48>-?z4CzB#4lpCR$``|5r5_Kov4p;X+IW#u
zYs2EPeT%ANqBWfyexz|_RTcW0UL#kqnPx9{CtDM?Nkx$s;^EAPsnRg!e@w21VHQm}
zF5i~EJqP61yEZRV(ss}b!x&zV%LLm875P6he1v8pCFKobQ~Iu>Xzi6TAm+Z5e*A~`
z;;Askg$j12*VPJbZs9qQus{g*Ycp~mky=dvr79R@f+t0f2@L1iv1k8>rEiaCy8ZvZ
zJ5f2^lAP@>l~9hARcxPfmwYPjl5jhWq*XFoLJr$1hm}Jr73Hu>QOF^cF^nx!PRseU
znGwS_!`STnd;5HU|7{*`+qLU`U9anTy55&Gy~Id&8E3uH`b!KAV`}kMd}AbTLVDzL
z=T>?XSTA`ox|B`x6$>sYjGse2p34>`Pcg%++WD<HQtWWNay7biNdb-6_s{DS&n&%4
zPVL|J<wmz<{-un6ZEy5{@Ur@Q^FM$6M|EB4DT{5s{WEhN-`pp;SEuLF%ezYQqpK+&
z^3(pUS*^-N4WR8mZG-oJINyG0N}7WXBt$Z5<IE$TiRF++5tOECQy$qB)m7U?le#mR
z_CnQ}QrlC`=4Em`3by~*?X1r>yEQMIa(V`=7gm)wR;}XXe)C5xudWhp#J?~Bw%5KC
z&%7CB#8;O+!TQXjSbrH;Nd_y^#^zsSIke@H5!2C*)@m=XU!<G&&qd}zK*4&+lSuLm
zw7YnGmv~3IOxkVU$R9hC(Y((X=azG5Aa}R;9g8dqfI9I7IjsVub~$Am{cfnwJ-^DW
zHNiBkhgLo^ZRt}`wJCYXWK|5~77LHKHvi72i^$ac3z;FB^QGeljls8?g28be>%4<>
z2Uty2LoT$qOyzZulC2cXiybu_VtSd^W%;<Lu=$(;q1w<VGGVE;8ry_0dK9AP$c?Gw
zyp_MWUZJ~h1?1QxdW_gSCtU8pm0)EfR(lp>TsaB>7gt%@e1Fb{hWUeNI^iOD6Eq|W
z(Ysftbe5hR35B5=W<QsGm?VhIttV66TB2GYbHiFL$ls3!CKFUugnpUQX_~*LEKjJ2
zg$qv1?_+Q3M4vSA)&Z`4tJR)L3BX03s463T0!QX))4sQ>?5DJ4rpq1Tc&-TS4n_Nr
zR><Jp_*3<oe`arz#BX`Q+N=IciMB-*1EGu;BzRv0bHQflW<~wjG;3v%i>)-ePeFdU
zPLFw$>Bxw-G2}s$1IlL~iOTW%Qs&ioforB+#Ael?jJQG8uE~n%cMYiEj7(dU^9ldf
z;3WcOvf*Z5@yJac9*%A<-y&}t<^5{x6)u;lk|u;QuPIpK@wP2reS!01DsGmsqm~1P
z{+Wssio(ld+NpKsblJmE8;yOagUGY-g1SSbil(ti&CGaOY|{r1iTNkFAg{Q}@3C;v
zBBBupQjU5;Npou-icgC5xmjJm#f-GY4CDE^k@CfIFcNl#7%lH(;7`umb`=jD!pzOn
zibM?gz(#s<gX{d5!tw_pqXgam_7&WTnKjP-(>SFNdPvdutc2;z<3D|-CPFWXxZX#<
zWZxQi1Cu)m!f?V1?wkHAO)nK%=qvtPcK}>IQZwG$h*_LH!WSsbkm{$rBt<C5m!5MU
zZeJ2J;<*(;e+tPE@Yca0(erdUQ$PAVSTh8<zDPtD_=qqZnf*{_^ZpK=0aj~W!(R&f
z%<OcrKleq@d6Yr9;nc&%D)tM{!)>LPy>YtSk`#I4GR>qsptBPH#>8955QIGwB<6X<
zte+Pj#C$htmDC#?>dGGwNA4&ujl8^J-iXt(A43B^-eB<!M?~T&A&T4WwVmcz0P4HM
zTNLX_`f1gQm}@puNpHS*xPA5Ly#{h~+<c}4oeSY{^hgDQ4bgsWn7&FqV#(WQj&q)4
zufFqWbm`lpd3zZ$?HX8UfMrcA>Fs3YU|mEr-kzT1N4-;Gp~Ny285i8QBc#9C!?0-J
z<InzZ;(3B-;!5CK&A0GV!$t~?gg$JGo^$O95$~!;V!F*0P8@@1uTW?R!y~BX)4r+B
z)o13SGEd~cjKVl7bfv>;V0-){Xr58(F{GAe!T7BnTm!=z7rfni#TYpgnCH3OQP(Jy
z<>^mFgVoqUW4N%&-LoE1FL9d)MTAW?tUJF#$8aZG?CB}TQq4rswM9P3$0|7xoWnct
z#zI?_ETlJT=3w@D@Va7Mhg72m>(W$W>OE;)+1Q|uvXAgs;g?KAD*Faz!>Fs<=9}v5
zlm|zRGg~GZtD{M8;%nyl>pQv?XOK^YzKIQA&gefPCv^wLuZ~6~#ADP1tu;c=oV#jm
z%1yGsiwc|OUH<pbt0r@mkabi1?~Ax>JU=`i_QSk^osgP8t)E^ZTh982$MJ?$;qSZU
z*e}tf-|^;HNw~^YFH+nX?)EiO$-w)(SH;eJV!z~2*#O8lCMhoer5C5=)#boWrC)03
zA((f+%xDgY$tV%`>R=(W&WjZT0x+hyKkjQ-2R07$`p8C{hwTKZQ%)J%G9Pz94l#C0
za6a%M%453u5FzH(vGPx`$S!@4kX79<plnLEd;%8QrqC&@Hp%;$GGrB$YzKb8q?ioA
z{l$J@*20o&x)?bE`~vi*=vPMwua|mhpKriOl2rLt|76Z7MHK$dGTpH|(^ogMoho}V
z|Euu~uhhH`;tfS{FR={M^G;(azThq=!shm6Ka=QQWpD@x&SUQwpTCYU{`3)D0B>kw
z8swzBL=?(3h-JZ~@m`4NHagn^MtCa|aLrFbtG<FpKs5BNwfRYV$oq<eV`hE@wr$Cu
z`386S%C7qgHDfeAL>!&XjKV7xjI;{wv>*b9z01T}#Jso9yn$kp9(R&uOuz4y1Ad6o
ztVWs+1fR>Vj?eLyc%W$Ux4IsKeGheoW7svug5_QQ$$LT+1;r3GTP-yew)?HwS{wea
zG0U3OFw2PkVyIlg8DxNRSIx@yVVy-&t0qT3IxClZKQ=sbxO0IM$C1R(3)X7NF7sMm
z?dy@q&TAfSj?qtZ5$E4mOG1ukz?~t^oQyANpJ4~NEeOB!ZGOuZ5n9BVpIpcB9cAS3
zp}Xe@s`2r3aCUrCl_wqjB+suf4?eIMriP&8_x{VY@)ezFpn?~jR!24Bzhe{cnVxjU
z9Q{($##0`8t_P{DR;+MHuqf=``@F$LvVM;pXx8t6sktR*kG1Y&{XWd8C~)V!&+E@(
z2(6lS`5*2%Q};DX%LBgRT1Z)(eHhWBLD2@6EREXs_|1ODXK2cQ+FRd3uA64Pt-~(m
z@$b(&<LKGu?#Jkjsw%;-Uw24-!3qrDd|A5LL#e`u=Om4Y{DkpHKy_xb#v6`x;K4V^
z^U`jFC@dW0qUTNqpKY=LYj~c*=vac>vXdNaHQ>6=?D#3y3*slqVHYwn++dBvEOO!u
z+$Zr^rDiTtYo0Q%s*_o%Cxi~ILjEANA;pSSHPJ#T`yN$tTVkgv4c@HTWNUn%Qf$P;
ze@xiT_{;cSq3zq5VXP%o<vC~)xkK3fD6wbk%V_x**aP8RbS3Cf!9%F+R`c=gc`4U(
zoO@Rln@Q6iG151*nap!sOQhPo50Bw`jH16%knp&Q)MTxx(-*HY9klaGy594^UQg_D
zY|9NihrQjn5I@lq(F4;u;-pMJ{|I?<#C3{^z*wD<|IM6<lxG@<D}Wjqom)B4iz!$Q
zGTlsBGDuHz7^!A1SLqSErNroS6bw)~tI`;-;T0okuO_brF{daG$P9*dziAkH&*zV<
z7zlr^{n@lD*fC;=7JUsyMr=SdTb4De<Xy>gH<<kTknwB75G}Z7eGRMpNnlUQ_(CE*
zmR1ct2};%m#s7>^DG#m*9cowFG;4sQPU3%;={B#uS$BTq*Bp@Q61EOz$l6V&ZK9>A
z-467)_C`4P_q3H@wQ|{pb5%>795|$^n!XZ6TPSW_a?Qp%3Iz0;kU=f85`{#Y*z7<T
zrs@l0hMS)NuS6Z@Gvr}RcA?hoBWm8`^hE#ieZo@t?1zb>%ZGp43;)cnPE||&Olvb(
zeEhZ`5>60ISK5&}Zv$N<cJL?W1mk(X0=X|(MMvQ?@G2MSb%~d!NLo|{4cJmEwKvEv
zgqtErTL*)FKHzt{3tVBzMwK^*M9^h@+y+~9Ro0)teb+kFWeyB1NA<P!TGv@>G1XeR
z6tcdn`F4&nrGfnqh#*6bsFpWxD{JE6j27LGs7=^R-KHFGdzcp@!=&EcLs(anE*b2O
z3Eps6BfeV{H28<2Sp{>LWlGPE%bWa`%f|dLhmw{@Di}yOCRWJ)?Vu?&Jq~Sh+7BV$
z0hRWI#Z9X%A8FZYOlEdh8mUeKGeHL?X!D?9UL?RXZY8(e8xYsz!n!|H%y3T0our>M
zd1p%Gx8q~GjNn!Hl&NYr>^Ia{6N0sWu$&cwzbN!eK^qc%!K!SUePgCA_f|^7YQWt?
zBUOkma1$aLY!c0GA)D3OVBVpa{H#FeWxWJ_0XSMG1w9^|Kb*#BqWBY&f|;YhXv%Qv
z_?ml|OEDQqV}Siz5tK?0?-%4D<6z#s>%hv&QW2bO$%(jiSv6jzR+$uny!?xR-^tMA
zY7hl?;n+mRj<S+v$?$n4wzU<~L@>FhrWGSv_X4d4oc0zX6UF3^hB7P=dAzPHd+Ukc
zSr?^GttAnunA2o~96JfTV;>Bx2@eW*&d$cW^N+w@!)ehR&zgZ!U~F4sqd7uBo=v5d
zA&(zRGKg-S+QI32R26t2>Kfi<aQ}zf8fFbcpDd3J>n%H{$`ys`SaeVPJkFFgA95wY
z7yFwf)Io0Bo4)#L-d4F6Wy2+x8wr~N@yqc@7*$&cO!$=T&g`Ab>-19+QyN0y!<nyL
zy@(gp<ExBtb~$%FZ8y0-%=(~hb2&Su8tE>s3SZ4SiO1Et)=9U^cQ3erH)R1;N&{Ou
zLpG$}iz2AyB56M&{HDxi4Uw=O=T~<wE|*2LWu`2dovzzV*DuNsmZ6qG9glvMBiC7z
z*JfDI_3wA^|EaYDpQ(*Ro@ztqp_uM<>UoK3r{cGFXS25YAL5>bWeM+v4yD1?T08!i
zv7JoRPP1tcTCEbgWJ}*2#LMbWm=Si&COhz=A63r%WrypDWTu*W`QL5--aG;fH8tdv
z)AUDyKPd^7lO*?e4e_uQwm&nnlWlX?`f5#L$ci$Ae>#WsF&zNl1}z@(t|^8$9LbKi
z2d4ydRDx!HVb&9W*Omv+EAiZ4kPOEDj;13y$pW^aAkCw0Qx5J-rFw2A90RFnkY#Uo
z7VVs|LTbEFmwHivfrR(wJ@H)m!u^_$$iDw1aO672Kc*l}Uq1XeI@yA{Vo$&7&xgKg
zSQeNRWiMR~GQ65DwpHYW7`s!p=iRH$JmQ32zt;<509LI|Es*YePIKyL-gJ_tXfw};
zD>EA<`ZWQG9tS6MiHCgd=T@$-2`)%@kuLj=P#p-Kv?~W~I3;mj^qUj;^jHX;2M7@t
zqP-^K^t$YzzfB`nnQt0ayR}q<^fk%neRd%nGgdQ#90fix4C7?CoWs<#cYb$kgJbfS
zI&c77FZ(aQmUdBzZEnSEYS7f-p6NBijaHBkU3WB7c4`Xrh((wG{WSU6M(e2uX~dgP
z-XnRlc`$f*248f(5eb{XEjfC{V#Kq{1yYaY?%*0o?kPp$+H@myV+ur$x906en31Fd
zoM(pFY1Gx5YlW|&t^C?hOcd}cIJD+Qr_I{cA3j?d2-p5E;Oua?q43FC`Ty^5xPef|
zWF)i7rZ4Yq8oQRQ?h!lVmg6;B<U4qQDmgrxHKs%QZRQ_qFHqa>oUBaAMXG8#^}mNV
zdWpkVf3w-l!{UQU??$~9NgCK20B{tE3iGO2e;At{8e_fzfc1_p$|kdhZ+=Oe2<yXa
zp;U?5Agwq*cw+s8O3}Ewe}ambvWKvKaGdIpE=5hTKff)OcN-z)v)?Jb8H(0&j#~%F
zBc?Z&sufLk)5mQAW(`u}M#TiYKhtagE}j|2m)_bPV0e{f=#Mqzt#b_CG%(9X=M;kU
z#`nrE0*qdTgVbBAvpB~2Nz7JgJ96rJIkQ0USM(@So4AJ($i0CC?sv}ZMC9g2B?;c?
zGSQFX+(p=5k6vWlnWI>5{NF9s9&&*sA~P@+6ia$-laKO;xn^Yg<a*=10pCx9yk`$N
zvtbsl=cjp_=BhS}77CT?vneUiqs&0A#QIu(CJb{aj<lrrj>OuwU(z?IL-U9p-053m
zNR?C#zme~gsOSClNT+fgalxkR&bcOwococ;u^f`aGc#Z+d!PopkApYjGFHBxKFZn}
z?L`S3V6Yw#HE&YTLk?FvD&AGk)Y_c1+1J(>yz!B9f4=uS&{h0A^(Qx{U2GQ<AS~lQ
zbBtKsNx$ps6-X3^>#yiF7@{~?Und#>fKW>La05z<H6S)T7#%wwrl6LO&e+J+OYh{T
zSmdPmx_Q(#+@No9NUc-$vWa;j11x4r+V9$P0MdU>@34&DM~cPE4k%Au1WrNZLcTgE
zcc?43Ld5X{uD3g{=XZTzzW$d9^o{3o(%bYx$lRe4aB!bD+aaCt;K~2*l;WVRT|O(`
zlZD88M4Qjt)}Zawbn(HlU_~yQDAoT6ml@zjy~lUZA<P`w(GIL=y`$#tE<H5YsB()a
zLlO-wtd>cKMVVx`oTT1L&P(g~1aJv>nqtu63z{C^wZG|C^#eYfm~QEA*+tot7}`>I
z`I<2)iRPTwo~qkYqUA!1Jn}(b6#Q@1YoFy{7Zj`t8Vz>c4rnBx@_pr2!uoNfre&7|
zc^);0bGEtdi+QsM?78>K{Pu`Bk8*5`4tfDT4aH;P8||>hQ>z-z)hpnh$)AQc?X>7t
zm#R(_$|EBarT>nx3%Owc&kTh6$@A?bqZJJ+lY@!^0ss8Bh%M3G)(x~UhG_xcAYGPZ
zg<Pqn@|_=j#&Rn8vAh-0gE{^}#YgO!66dej0zsCC+=(ez?HhDZWPZlTk?QVE1Xu!T
zA;)D_Jhs_cUDd0$K>i}NSNl)_<%Uyy+p#wJ&)*Jye6wZD+nbfU1iJ*|)I0H<-_G9x
zOQQY;>OI3Bw8#BLx?(vjLcaQy1joid;~6EYAuR^#&`yG{Pw>d?r!G^aZG~Ls!TsNc
znV|%Y+^YB@Qb-B<D@n3gTEUhVddQubrN*J?Y}O9?^=d`hDa;9)=;BNmGT=F<7Ipy@
zwi21CO<E+zn&uwt@^+h~@4opX;b*;%Q3T&O(gP2tUaK+qYIAf%Kz&LRH&rw^GdHY$
zAr+G{Kcgc7(CkzZ6@O=<_lE~q&4G&98}m#~+^hIH%w&|1Cc}jS29KY21I7aylIDSS
z<`1Ih_`@`lP_!#+dmhl5#8a5WQ%)IgTv-ImK>@_CCA?-t^?U!SFx>_pZ|{LM6kQCU
z-9YoNyocS5H6!f_f&7W~>JdLPj}Aj_Kp2YC8V_I~qX$|AjUb{S{d^fE<@{Jc-3`*F
z!usWnlUi5DjXTIr{s{(?Goe(;foK)y#gwtTS$f)dJre{;({a4$32Es0GXUg7`6!A!
zAO(v5Ful_oAE2$L(kTUCJ}g)eYAp&LY{6v@9&FQ1*+=qtK8V0P9g9?)0%4x`;UQ+q
zduxUI;t2mFuBMoski^(cCp{J(<n|7Al7YqEH%BiY^V2|H{UE<(y}$iPjBbNU<d@#d
zGNkknLDMl^X0?XGHCk%*i2lh$n<;wqoA#G#3{>{go9{pU=_}P6OObvG=;YoLr0=X-
z>y<%U2DXcWB^Q<wn=R(OiZmne0fqUu<7b6WggJ=nfZI|Z-V^6G;mjAsvAzn;Tzhvf
zG)2!)YQjB;8(&Cc$ecvM5MBiyrCU>{c!6FUpe)*hRH?1p_VO~0U0*Q~tn$M8mb8ZE
zgU_z&^}knY38hJJf%p6_ln2|a7(SOY+v%fU8f6|;9L;c?ts$rR(H!C$Kb9<Nd-Grp
z(}@j9oNU{KXNrf=qgWcotFt&xA?Q#Jh1U-qFb_$uu?J|;`qEQQe$i0|dg=V#Wfu@8
z^W?q$nMC?7>u<1V+B5!3=#OH~p6?do{SAHR%%u+kBn?OU12F=iA&SjJRyINU$}Ob+
zK(P6KawxDe1zzsZYAfFe5NYnKEB-nnJ0C*&YEoF`#&#sfK7>@>_G#aot86C!W&>i@
zmHXEA9>~Eq=B1w&Ey1Jiy3gyeJ>b)%OhY+-7eoCl#W&~Pk)ftcGzGs2(Ci#B%Yiq(
z<30~A=hgg*(M`085}mB0|7l#87kz0BCK2g(pv7(H^u?W$cTD_EUIpfRd731O)c2{P
z9M48?jovvt*z_d3B-*a0-RZfPAgurt3iHO_Vw=!p9(4zHa{krXYZEo-OIxj5&3U2T
zywdI$sdi~G3_iCYi^A}Vv_3BDw)m5$9^X*fmyu1W!+#hjQL<|>K8o9~@Lu=_C9N+?
zXm3ksAG)!ddOo>H$=mjq-g06$7vA(>Xm*~_iol&ObiQhRgc=O2^2QyoTX!S}fp!x%
zt0CRG9k6fpSoZ#Q+ylqjF(zoiwwi#qr-0tRtGM>V>BGRA584$^yWRytyUkKj;NpR9
z-?o5DbX!@s*gDwz;L>6{?Y|MjnbN*i2Uv)s2E1=|p(7@n$a%YZ{^e16;~EeTX;6#G
z!QO1+nFG(;9P(&#%dzDaAL}6TQ$vhX#y8VRuf&sv3gtnib9e$j{v2E=2XM~BAh^uj
z0Ow}bSee$m1*~EAEVqt&Am;l%Y`u&0Z=7&qFmIw>OE1`R_!Yoj97-4mMZpH7Fyu<j
zXo!~`GQS-GdSq3!T`vfhD&BFGWq<SA&oLu^_hx4>vT#wl9gvFhT#s@=G{w@sQPMix
zwVEGMpGMC>z09Dj!)5Ysi;&5EQj*pqfU4R~oB)?jgv^+x;!<uz@JR5+<&Pw|V)43`
z+&CPqIu1^+@x|t67O@)*(3>?&Z#i@NqY%dC>6mPB@aayi0+CC4@067$2p1dT^xryw
z4_Mh_+v{U9j`1@M1lV#H>3g7VRMcIj;O<#5qJQmg+T)Xi_O6+}%e5+Rf%!C+I}hk4
z4idS7;1j5SQKr-fx#_RWtt?^!7bf#23bdIRU>3VeDUldRn^5x?Bm_Aj8Q@LUW*%D7
znJ1^%;Ww2->lB)lpNFN;PZFp&Y%b!XN7Dk$K`HK|RV$Z2R$v}|!>A!m5aa`R3C%#<
zX&_9S*+h8P*6-oda{b>7{yRfv0S={CzqEkzvZrRh<0PYzo9AsKME1(}IW_PMF|qp%
zdhjbiH(?>ElaO@S?6<_L1_<)jbbrRHNn0HAB;htXp8gNlQ*fboCW0iHE$)@X4e$%g
zJiMqjE1SRhk~GXn8X=GmZ}?4hmfp}F_g-()G2jW$&btG)b~VN7@6qfTtV87;nuvYt
zBE5nW9(k!ZZjU0yeMLdj8Qb=^5$=UO^CJx$aD+c20d4u(D+3g>OCP-ZKj4SFSl`}a
zgujU8w~lPyu-gA#_|+4j5aWNa%a2bwm9%RM1Ns9c7?9G5ZNyC(w*^E5q_OZH1pYim
zowx<OMF+XHsQi||z;;Q8_`f-m@X07!^5k~4ZERFnQ6Ir4kyCj)3N8kPV=h#Xy%5k=
zmT{irNZ30U>7pi2tqppPCRJNL>Tjm$Sfo`0XfTB9zhOLEY!&Cfb;c<SpflThKM9_r
z0+P?=yk-;yb&r>HH%c$iu7p98o3DgnU#0S<Bc|BHHkbA6N7@AqsW)JZ0zi7HdY2pV
z1Ca0cr315Liw-reoPE!^#o`d2T@lv#6lJ>q<Klca>3ilQGlOh32+C_|vDF4j6DP%g
z*$Gy64cfjJP`_}C*$yD`!94Gd`uk{A<Jdi7gR@pIVAuP+#k~mex+M-~s$u}Y9n;a|
zdvY;CI7MX^y3h<){wyck(_gX1E*C|iYXVWCIpUQ*@3soykS?fOn+IvakwOB9vQZl|
zX(_@4L3dFgEU~2kxDV2qH(I<h9M!2WP^OQXlIA4mvLfP&qK>lapEQQVx4q20PQ%h<
zJ#QMGW#Liswq_^)gMdES@{-c)%Nv!ac1;Xc7ZkRRe906)V;{kP6noEA-ROe{cJj&R
zeC~M>G-41p8?1dfkFWZpN?eplv4m^&75}=}7%AeWRlStJ=#KBwf~@q@4#xpYjmk|j
zdT7N`m|Ll(*;FZuc?IzAmIEzKr9VN@6yT9=ftD{=3;U(#^b@y$!;!+T%Vz!^|0q6j
zp=|#htfTuWCSY0I#O5MES-v}}Vw4&X5yZTTRHp`MtBn0P0umakTRkFg%o7G*LY+hf
z*yTjMOlfh{<|B*GMK=tG`k;JJ=TT>Rl!$oafA%-+<>opHnfC5Iyp~9zGL!ab!r{%t
zPl0?V52^wTN9y(s%bt4N^UoCR^;90-*#B<qtm8@f*$eYd`=9Vt_CH35cTBVV=y&w<
z!c4S&)(QdWs=SSz71qo-T<>cYV8|a}uOy)kq~Vo@b}X<|ZrAgYU;RLH^8aVW$Z<}b
zdx813gm1aOS;Hqq*GzGMSQ1Ps9O<n<V;H=uOepyeOcdjChwIE_xP%|e>;vwPL+qK{
zl|g>kF+l4sia?E413AiP-33prqtbHAT>-7T&~fsSjdQ{BokcqADZ;Y1K>o}lR^l53
zBsKT=pq~>JG1?wF6;YxM@0qCfCo2t{eS;Cc_(|mXiotM+&2k?83KZiYj}t^h%fB-L
z^<mS=k2LkX<Vd9QY7NGr1cO$#ue5)Z93b!VPq9LV53EAED*@J=TO$9a$R0II2T>er
zy1d!^S}X@J3m($xfpRDIiY6d^Kg?waU;e}Mw3R)-o#jZJov_UBZ%hk+r223JP5O5a
zZ;W0bF9+KC(~w=&KS*GI3VfN3X<cy{V6@Z@pavJkRJN0uV!7!x3#MHzPmzqON`wC+
zCcTq&HgT0tm5jOu)*tGW<KTo+JHQhxOhI4#N~<6?ZfVnTZ+^#OZj-cq`qbV(6+co4
zSY~kffDpjJpfxM)A|h%uVyio4tsfDb0btO}?FLwP7Pua6H4Ddh!#1nWit+u2`7trQ
z^XTw*6zRXidLB#{QC5~{L4IY7P+VWkx2j23j9#w>irEpoVtEJ@s@xIe*_C@r89RUl
zRyL;&1A)t%&eam~{7udsqhxKcN^9_bDJO%}5pi0kdl5S)T<V~mijN>SYmRzD3u7G6
zzh?NyDT-^-8a;Q)uw%{O*iq0qnq>H@Q_K9DJ4<;L>R9UdD@$f%pq(thftxv?4A#f>
z+G<oI$BG*_oKkE^k?)J!_{ak4#Dtf`er2Hk;=oURiYREk!$0<(P%<Pn%s$_OYRS2L
zq9Mkp{^!((%K=q2ouaN=70>TQ+Ln%So+sqo$!~u*Q9ohtpKO%smrAT$2e<+%2<N<8
z?h>yC96d=lindc^$w=LKk|cWUb&}KY`$O}CxAd@f2<8mR10_2L`0l-_1CZOC&QHVd
zr!_hOynP0_;nH>va?q#s5bl3PU&VZUcRD4h`5-XJ1o@pd&E7_w+zuO{I2a1wW;TxG
zdstGXT`2B0+Y|noetf-j@jn2SO~D#0hx%NB_;wm2psLlj@ZY4NU`0DMVQl4<aN6^w
zP1F(BV^~S2cbt>WhsBvAT1G3Qm?)0qp^_6m;4<hcgQb*)55PA7qIU_*bVtG*u}H?e
z+k9BAgT0g?Ux>zuW5;Mu10DW@38;t^40@1KjTi+l0GQEq+zk6Ljaus0O2phS8FB1i
z?U`(KP&Q2GxD2aGGsNM4^C(x8Rfs-j1Znyu^m)Kw84)BHjnM5^eE9f5q>cL8nB5mQ
z{11oq;9vekssVnbq*t=~HFJ!A)hmu9;mDtrlVE6Prj8Z%wnFkTq()7&#~NWj!Y>jE
z1t%Jm%Vm6sSo~g(Xs4fCl}nc+zn`{=22@yT@Cg~=<BH<jM`6u9M-zr3lC@8SclE=+
z%vD#eL_S-2nLJ!r#<afK<UE;hY<?2|%=^&5Ai)D&(gvfUZ{Su$r4`RfYeLM!(e&?$
zM?rDI;-M+TEm3Dyirg~#eXb@`wabW2FF^&Ck=`^2-r%8i307DulE#t+vrkgbt!1{l
z`*?{AB{H4`jSV@@)Vm4Tu1AL2m~Avq5MJ<&jd>Y$eM>ocZ4gwd*Zg*psxG&J^hKdV
zEA=g3bMN+Izuys?O)^1d0XD|%+HB<0grf8%shgu>M@^n_UV;%ybU37O7h@w=j25Di
z_Y$_IC{aC~lyyBBP2^*DJeD*krMr6$H0_;T-xtF&K|l%w`(_UZuVz|+ih_li8T_o%
zH7h%6=%(QR)_r(_@f+cZey~0CVYag3RYCD7WmdUJM32snrtiTwK<y;>+mp6W*(4U?
z-inx(t}th8q`$^nVSg8?8O~0=%f&51+0Kss_e-&eW$5gVAR)kJX^*W#-obV=_R@h<
ze;*3(R_!TNzGseqNzMIhR+6zi`i>K8HK|VY)lblpj*0Z;9(933%3=il$`AP1J`(VS
z$QQS6Awfb}a<}qb?p;c(<D(s?f%f6e826uf(65f?b!<T9CWMKFOTDwsOq(F@BwdTv
zN*WM1h~`8@@#a$GfLnXnJGRu17D{OZ){7xteg9WK2X4*LFM7m=n!0GC6!e;`#ratq
ztxLg>fR}1hbj%HXVY4RB{E7(<1<3M9m3dq2p>(k|E?}KzeZF9MG~>>9#HRn<xprh)
zY|+)u?4fWrJu1AzhdJ>jt?~x}mUw<zte@UqucZn-EgzqN5j(Ky$`of1+*D4mEASFe
zLI7P1er~E*t}`$Dy6C)BnjV{zh1Tkz?Bd2{63g#MjEE+~HlG!u?dgkY0XmxhWF8N}
zjAbV%|HKA4a_`A)Wq||FMTS_uDG>$!o1SU7XcLVhq~U=lNp0a41#JTq?T#if=`BOq
z<^!#?BLA^6XE*2F(sfy5UiQXL`9^Jn+862lMbY|SiIpPsGDVs$_2KUSS2zh67)QV0
z4|20+$k%fYa{&XwB|Xh9B%x!?K|GR!ORN0DI~n`4PLNHN>Tm%;i{P7F*rAg}P1rdb
z9lT-Q&EGa6IbD2)8>je@F<PljlA4S#LyPqfc4f+Eb~vV$ov{_2A5j)kMJ?}iG|4*)
z6S{G%2U^F@Rp9Mzr!n}&j365>&TFnAqz~2=4g{>ikgA7+1UB^84gth%BukoTFg=`Z
z$4q7X7^S0u&GL9EVh1o3fDFo+I#J!^k4R+-gE~r&y!O)v_Ptyk5O^;I2XObrwC^LO
zp?&$IjHr@!ef;N4qZBhhs|r#_XzP6y8Hv6Qbv81bRa-OU0h&beXaMnDuub$Cq(OO;
z7h#=a_Vw1#Nwj&iMowI2eEG^38{V**V`Ztn(CiEG>P4RPx9QuT;L)r_Dx{hdLgnk8
zuGu;`esq8HRxUhHO)o>BAHAa#Ir^aZXkE)k5rOAKhQxCdshH>SPhxWt0gpeeQigGK
zcV_!?_ajb2sPfSrbuIIvTIuWj%s*iuyOFfp|66W6meA%XH)D9lo%z<T%bPXpdvmmY
z9oTzq@VbvrsByU=M{D*i0Mo`d=H2%aHXoy6zz_3VuIJd#Ia=|q*?Kg*7*}6u(_hIo
z&j&1_MgdZq_t~mx55ZC{45o5$8FG{8P=X>bCV!y=miFDetTKXrSeO~iJ+*^@zS>fW
zCnHp-Gp!bd(8wX(@iEmLzIyx-kt++l2K_hb{is-2XJ%SiopUdeigwXtO#Hz+xLXz$
z!~BHb)1%9>2c#S1hAxMQ=?rmoYJN+&kHcI|8UmFW`yoxJQH{vZm$oz!D{+iUz|o%x
zK+v^}7NK_;zln5o_cv|j<?N)%vcxQETuw7$Q<r@O&4BG!W!2E0Z{ACd+df%vWxYE9
zbMIT^h^<6p|A9IT9nhtte}1ciY7@N(&5HWVbY^?}OTa~zYNU++>F@U@Pj|9$6A=tp
z?~~}qGu5^m0PA6zHH~|q)G`1b72M+W5yzsb)U`0Q2m=3SXhu>Msq`trXkc8kjN<&!
zeDcaqeH&*!WcnYKU_LQJ>To-)a5-$d_4x|jLd@j5_WDuhn3VLzUD35MM8VvLDpTF6
z(#FvMb~Ir3l~VdX6ZuQ@8d57`u&rV7fgK2E;7#5MzL{RLJx=BDgHf~@hFzsIJ-)t!
z@}7ijy@xa!2$H)XY70cc9l2*t2y6F*kgTF51))ZJeI2i6tb}L~qX=)71YD8Eu>ef}
zX_EJC(aI<YC0Z$vx^k(kjc1#>y|UL}7AvWWS@zgNBRXU-Vu%?Erwht@0bmyI=teT<
zFr;gGTue&7HT2pi96ttN;a;LV))7!6lTqVQQ74U-FDu>?ZPb)si8cbRUS)1#1}Tau
zy+gH%u5N1-*HEQ!?h+E4A(R+}D1uCTjP0k3C7+2NYUn;jajekub7rCoFzd$kjd40u
zMVxfQe4U;+hd4hAe~j+T;YKVtTw5KbI2~I!E-Hu~u4IzSf%*SG#zwIYA=wiq%Hx*;
zkv~7cwh@<8iPl@aS%v^xFe8~PeWa++^{_8%h(TK1L(_sS%WgS$du=zt$M@$sER6<(
zF5ol>Hd3AGZtI~9@fqSM6=w|xq$$wD{;~%|>)45`*taSiz$6%la4#3k*iEM$6p#V?
z&kHQEn2>r>MFvCRP4;CJNKbP5vIaNl+{@yD47pR>=J^O)rK~}lKjaHA_EWKwGj;$A
zPC=V8-iDGkry<|FNZ$sNQmp-Pp_IVoa0?v9%1~Z2{04olO@3_pxFkY-9{ormt4D$U
zu4^Pkw)-Ax;{f3$k6|^bvdf40>p+)hg>eUEeVHe%=sYucN&8XLc?zi84B3IpFA{OF
zzYYw1WLw`v5GJFqWXT*e#19iLjsG?2w4Q_CiGYOUWqQSRdJ(SnMQlKi;$}y4;2*v5
z%Z`}xee)EE%=CUCKGe9`p7&Y91@^k3F(@4-8@|yS5xn$m0JF6e*|gvY`0?xM-}#?3
z<rVvsDu~GTGuQziP-QPS8C_EgfI@Tn^fw%ybQub8`R_kqOJ65iA{&btF<$lR`iqT>
zH*#alW+3V`J^uDQs5^Un&fLGeISO!3@wQ!~mZTo&muXFPY}eF_%gUm5=aV$K+SC9d
zQlu-lRnehh3X6KefGAvd!MTTN9>!f0=5)f7sDo}$`1a6(vKI{0m%7<52kDKxxOu&W
z3XTp>Y|(*z`xQpsML#UlnB@OuoD#O`H}^|<cPU~*2N8>=%C<GTM*;y#jKuAOa6#bB
zEe_gNlr9rM7FiEtMq*7aU4+iSYh9!PvOlA-J)spqiESSCsO?B-W5DC)&m=4f&Q!>s
z-wvt#yY8Hs9ElUwIk`EC-D2?n+V{8~`!YD?1}M1FgOmJTs;I$aB>POd6(N;T7fecH
zG(JWRtsI$DXcC*u{aU@X)D2OrTF|M%{g&kx<yP~Qx#EAT7cFW`+VIh$DtTFiZ{kT{
zS3x}DMh%2~(#Lir<Wr|)06IK^rO69!fC8{2$?ALNbqBfiO~6zg&J-^fvl|DC0m9|i
z#*=>utGNMWe~XWN0GH^W?`Q&cDWcBRI+vxnAlD<X1180Zc_CSNeg_Q5Ea~&0607n|
zc4I4$u2TS_X8kg!m=S$eUvah);So*{1mU%rm*I?K7iY4=3$Z<bi*V#Qo-Hp5E^dd}
z_Efyi4oZ(ZXRxAkj1#!?JLbl(A!bCdck&_N8mG{q*(IY>lHW|C=#N_!{ZcW72f(Q=
zLw3eZoS0uKRYhx66?S<`48-a2U5{^_z(eVf^{wNCDp(%(AXavkJcj+9u#ic;L$-dy
zm8!@8bQEaKJ2wFY$s$B)El9swVK?SEb24Y|BX)4Xt$~cCOK#@=fDpFPF=OducH}<~
zW6>`2kq}OowBXJa`ZSb1=GPz8%a%Exfc`zMpANWy_Z@82j4Ii9AJ=ih#DHGFfUc_|
za}m;7T(4bNe{v~6GQqHdwS|$<CoQnc_;i6)T;GBxctbVv4H^B{*(e`;U?Jow*1gTH
zP3;UZVX?r1^hfr1-jey>joLsRAnjF7KgY%r)V;?o{T(ID&!e_ns}e;_4J7fm!-ebl
z?gZt@5a481K*+dsomV4dR>RgZg)htYk*;MThC;q%zDx7g^nibjsHLnf*DLp;E6>GO
zRksPsB4D@KE+1R(p2u&w&DwsJYyj5kg<Z{SqAK?=N4lpf@ayYZ_V^s^sd(#`erZwl
zaN`Mx@&?@z{cttqJ$9#iaOK=*y_6EyY`pncRj%x5n70GBaLw~y&h{q;P#{2)hC&;E
zkMInHAJ^O@)|v8v!R!o?-C7!85qR_K|HEw9EuKU}It5%)zO-l1`sPsf8nn*0sf~6?
zkzc|I1N=H@wwvRFLF$xzW$E-D=Yq;KGD<%YkTW0ISDefcA9$F5(nI#9;&g3a{9HS3
z6wY$;w_UQi4a9iDE#|{(XRnOeI8=l;Z<?lg5$Y#z>6SNdElXu&E{a;Iv0I>)DR{C8
zg$X3SiDEx-tnf@p!)@uEu}n87W%b&RYC&wLl73>=SyNUb3`Mc;j1qglxTtikF%ytE
zV?S4^MYZz3dqx>7D@eT^spP(}LOGnRd+-DU99;ywt5(rrzHx30>A=1ly{p^C5U1uM
z22PV)>W<QrfrKQ{$Mx3l>TACTGxAT$)nB&;E$1SPeT2c_&A1Gi*_w~mo2rJCTOp3I
z`x9)>kwSI%JbK4S1yH2{?+6g@v6FRA{VVpJbrw{Ykjg9AvL>g`^3WL2tHV^~Re-t-
zu6_=y2^tza`UUi{PI}G2RihAXIHa+p<b07fE>o=Kn%U!9ft?6|<QS77espV>?N*%>
z>}Njz{{K+a=2MNWjjVX;D#iMLxwMoJq(b_=Qv@tr(boxS0WpaJik6QDHmE-0FUEer
z8ngiIcxQt7p_s!_MJ_|W%Utu82(UY8PmER#6WH%yx5NafP?Z|GKXhBU%xFrPdyIdR
zY<LsXnn9W8e}>&vLuN*E71~qH$9?XNBGb{o!0O74@jx0OSXTU9<dMM-|LCps_8asA
z%lZdaeE+%Wh_wRZ1p36Pif@Prn!<#*rH}-auzpgV(n)l0Xo~ft+{n8?U<#OYdc?;7
zA|FLY59X^nFCM^9OnkD1$x_>s^bSMmY|~-XM&iT5bvb(;Z9V1GavI)UUGSD2{5&>N
z6ptG%9#_vhv_y+u8&sAmBx=HG<EbE1>k@D&IclPA*W$U_hRWR7*m2c)g2%qSp)#fU
zqDFDBA%bk_FR`JnD{DTgu1Jrx2QorHj!vF;>ydGMrSje(A3gcdhO4Y?{weZS6XYLr
z@I;}tk^C?E7=nSRV~lhHRNuj=a+Gmc;$2}r#EYnTq(u`PavZx|KLg)P{4sdZ-$=Tt
zDp&C;Y%pXfjj^9jF26biuc`)XMZz2!;iqc!cb7|96Zza?{=sR_9^bOl4eHn%GdtMx
zuOYUHpd%E#%4|~ng>r2zKf09{;1@NU3?-F9ks@?~bQ4!N)i}pAU{)Fln;9S=Lq-$*
zJ(NK?LJe5we)wfYE>*s6_VSugvc9Y7<dW~<r86P$?nrD};C*@e<Qu*z0<VW1fBHoE
zUz|8Cz!UYG^M(H?{?Riuw`|09r8M@sUW$HA7BhxjyECU4pB?lVePZ(?*$@MFY5eeh
zTkEvX)>U0s#(zWPYQP$c_&j#=XWVwMkNH&=fUg=163>ITOjb&BHmI<GReCbuUE+1H
zDuDF5su2hDIfK^nep|`;p_P>Zxx+_b$Gq$l086KaRxk}wvKd#dO8RQA$0`R=KX+%D
zOKQ>5_hj#;p^rw3D~OZV*7g$Y@)wsA5%FVMm*FUlax8;DI$krh5)$M8e#ko%gOHh?
z98ntORr@g22IT9bDNN+xY=Bw8j@_`tw8{mI!iHbToXRUh5w9c2$EO!J-~5c2Z$=O4
zUUMFc{?Yn26oxxTV7@{3R`M_VZzcv;*aiNr#V4@45Ft)NASw9Wx}jH6a00qC7OJP2
z(Aywd;o<;&TJ$Fn>TE~qAh5j|X{eBfir|_JYf+=`nGsc)yYMDvBx`O8E3YifmRuXt
z16KaGPFw$8i0#%%<V-Q5QQ{T^?-oEdHEecZMzS^9A!aMdf>R3dS{N+6<rlBan^^=M
zpNL_^#(C%GdXFFVzZ_`wv+if(9@W9&><F^S&|N9lvu+r_{8?)j=hD$m0bqDveSWfE
zhv%p*6%ukm2+B*uvHp}kIIoX$3&B?HLEZdPiWK>M8Z|E-`M+BL5Pl)4zYe-$7VUh>
z=}u!z9U}ucJ-t9+9c>4eJ3AtrMczZ9h#3B&xkh|dJ7a#V*T#VNe?fyf2H4|uZapPK
zYB4}Fm~^T;S2urDumfdx^*e58rJoW1(RZ?OPey)=dS0oKK%=hmk8E}6E=lUD*fXX;
z!@+tjS9?gP=e1OIZ8(B*6bP-s9J!)j$<oSEeVeyoLVY26#?DzY7F2Wg*!<79udNu>
zXv$yQ<PEm8T0pF^i$FBl-)zI=5KL0E!5B76A;OLxh**SEW#gVOd6~G6<l0a2=x1i(
z&np2JCyG!yQk)yT*?_0*xso>7sxNR!CuBzoE!oo=g!l8Yk!2x_GT8AUa}lw%j^nSs
zm(@`<@4Q&l9Nu!2{(K3XsnxU-JTO(jVLyTbm8Lm=(l1kVWCR{u5hcAdFL*}^#dlvt
z-zb4-5X^b0%ES_kA4H)ndS)}VI?N2fI<b8xBDa(q^Che!nL*wuxt5JCmIa>{551qx
zz=SAr0F=P(VMdDr{HTguKqhP>b4y2aYMp5AGRW|tu+XBXvt-%tl=AcuwSNW}Id+Y4
z{UQ}ICIs7avre?%6B@(!bz+0Y!d{H)qn;+sPBLP@S3`F)b^-dGCF#SHz_w3KWbGJJ
zVLh{PGUtUciL%<zXEGnZby)Rk`pR1*j+mKO-^*}~D^T8Mw*QFFJV}9c9kJSU=6@VX
zf7TnE9p1DJ<#~9b_+dZ|_t=&E#IVXM@9=*GTo7sx9WW3k=ihZ;_FMlR<Lt`rCbSn#
z$Xcv%+pJx(>+&##?Ex(dx&G6-)dFiZCbD)ZV}QXl6Fs`6+$pF`*BY+*=5Crp(n7@<
z^19m_Y|m0IL~xehtD4%1{+iBK?Nw+Y!tv@X5I6qEI#<x;Axd5e?elqjc&+Qv6Vj$%
zPX>e!&8&fv<WBkgB=FmFbW#Y^_--(`=cxaNv>5<7mZr$B=uPVH1#)IhE#(8VA)>c1
z*8V(_cbN3n<AjG<_WpYVFR?Z+KDnP(xn2~nMZ@|n4tf>*CPnf$4DcCs^?yw*=L<^@
zU^Si9*j{loxg%imNq*a``~Y$e8_oG=WKA2-GHRkQ(qe}K37AIaZdd@7lh1)ENf(nF
z;N6Hyb&jo~a$rge`Yd(}HE8|(Q^>V<Ob9M^oV9Gu#Q_z;B{PUl)&?(b4pD?VFinOo
zPMvO4JEbto++9AtW508%FuB)dnYdv0Nnmtn>CAs2Yb?0T(&l4ZE+jkF@I?@hPLaRV
zzjfq+{7+-ZU?(#YW6tcET+m7}^@sy6bqvf7y5TR)uBD4@98bmh)ZM*99A8)xf;iTF
z)rG+GhB5Zh$o(g<O~7^;4T9u0m7T+ZnH&zHiGQo<Ahi+XaQ$LPFLHW)O=C0sPw&d@
zd&UZR{mcqXug4S#KRpn!`6~Y^nvXz#SGwi=v*K2|w5+qooytm@*qvuTVSx)w$*qLv
zNtyz|>S;Dj^T{1Bo3~>~K}$ykIa^=u7Mn(U+ej+{0WPld=mDt0SfaHfXp1I9?^qkH
z$wKx+y4t(4KbvHs=zk76X~sNHSaupHWb254jTS-1?#%}Q(~__;4LRO|aNf1*yiN_-
zTMUU$Rl+{PHbQl5xAfA&!)@Yrbh%ez^R9&hfnr<gs$aqrBky*b=*j;|8$wq>IaiFE
zO!e<`Y(n!>j@crEIo!iX0q(baSuYu-U!SVf!m;$Z?%%qgH-AGn<I<OIc=vcf#5Dik
zx0bg_rnVI}{&x6-0;ETqQ2My4QeVfQCBwF40jV=#Q}tjWWzA$Hs0?~?BgT6)zU%sv
zo+y&vXIGau8J1D@(s2O}-}Tg+ZS(Hvt|Vt&r|RY<98zikDn}Xf`_YYX#I%y~eDH!6
zI7W@PK~VWeO@y6rbh&k3dWm8VvuUaxINV*`|K83yUH6*uhzt7^mdY5|=m_b$?7@dS
zzIBp?J6rr)osK)*)>hS7#;)(8$TU8+S6t}&_RO{M<d8?>hSY7?0`^fy&_iz?ob&{O
zLc=GUBQb>qiAa}`MASd;@pTU<f#8L?0kIpTr`#+(bC>aDr@pInjA`ThPT6U_e7kA3
z5#yHUD(PAuCDL?Pd2Yo`lh%Pd#+N4Tu78hsv}}d^+9^BC+CjfWPi7681}bD>{?kE<
zLsa=*iROM5v+Eoc6F5KoJAq?OnU+uQ?|6Vuk?#QPHlM_EIV{KpNQK|HDRP*gMgLt;
zrI~w+e{Bf&$PA``q(DMGmvihMs^=U%#z??>_zs5x$Gq(hG`G{jcSvq;73baHRy>n8
zeZ-AMJb`UE9Q>mawu^b(dcwQb^?-rs<K@9Z?qSxxsgo@5l)K@S=oWTZOLdJyTI5_@
zUTtldNLn-vx^y1uLO1(APX|bFepg_qa!{N~SMy090xW*kEY&p^mMZ<_<e$W;d^a=f
zaSL0gwLt_YG$V#KP>@Q+CqeE>8_GGt22OYp&C)a+c$NpYy>dMeUQLAmNlGoiiOw7c
zZ?4w589vq-|G_rB3HYRd`iQv{Gq}A1m=Mi>iaIx}>1*U+s`$y$Ro0)Pe(jtKBG#e#
zDp7`%>lD3-P~H<S8T^1<x8tMoZl7TPAWa{0mb^TS8}wdc-1q$AvB6ycd9C95(|qhI
z#^5;~7U!0YL54xsFDb_N*A#5&*D5@v&@fYeZ|a_^u|b`b*y-cs?~In+n1{xft_iZ@
zGH`T4#z(@a!-PkV?g>O)QZT;RT2)}#U=I0Zgq+)n@Hg)RSNHJ$TWi^Xk$@&%n4#$U
zNNMfWbf*5~P2O3@fTjfx?hSYy%J2fudh#Om_{fY$11-<9qeR3D7Cuizo<`}PN*7H6
zj_211-qGm=(dbfOd;$9E7VFQXj?X0j`%^mUf}PT$-FYb%A<*X&@&#ZI!OdSj{9nbx
z9-ZW^H_1E2jT2u6q#r&kDxxxF@fQ`oIf=0$(7}&rV86U3nK0t&UMe}TgozbE5NKz?
zJr9h;Vr-Cs*JV{!k^Y_k1)QcHQzyj`RUcK;+$e{@zi5r?2F!R<5mV;U(g}l40uS<5
z0jhJg@st#la5uN&ISnHC^_pvQ$D>9)vA%)>g48#<Jag1E&sZ`yoq54*mE|V8bi@P?
zRKKm~vz?I-MBfC+KcTqa4ZFBga^7x#=gjy-?WOo_Q-a2*c?)ht!9*hyNKE9uGqnH<
z{!@dN&-EYTe&cKMvqM&29;x`s>|~M^TYiiFp4eJW37xB1KiTK7A-57Iv8J5!@#H;D
z;+%@_Td2@el1Wn%;+rK<>g^Xwd)~LLgQg=#F{)kBle@R-nR2KxcZF7`k1d&EHl-{?
z{@s%NC5tUPTT4N1?9!~m%n$<pnf!Dn!|`F5iJn(~W)H&Xl=LBJlaKN3*5`*1yRF}Y
zqKM*_HwbT&>^S2&@TU@RzuX@FokvKux~><du<SL}9cmF-r&VrIT@4IXr?Ma&CH$b<
z(k=}mk9g%v#TS?W*l3CWGWgjeKEsH&hv#{(Uvo6<aa?-yzP!6x$oWNTEDR0*Ry@F}
z|JTu3lr>Y>)_83w^C`BxVx_JWe{#zE-{+IHu$J<2Zgq<M59XUBfNl_*03^DW{<G)m
z^~dZwJ~k+7-ULWAL9@P8%p;L3%XWj_6iHmL%bc0tWFm$n^Vdtp_obf@Ynq9TC+mZr
zjh<5!B5%nS5^8EIVUxt1Eo0`b!G_l4JvqP8w{(O{1$VY0D0|fx&|-D}WEUG3oLl2D
z{Js9P(Ng8smFr6Z#|H%pW&l)-u~65U<h6K3(m#o;Z<4JWwPx?hml`$$Tf~w6=*(Tr
zH$eUqT-<oZH>n+|i)cCr(ERbnRab1w`0lf0z~AGl(J?PDc^8>bS&8(})=7w*8w>g%
z@sQbk<B(Xey_nmIjW!pjJ}yhDB&GaKpGF-DM`)4wnJhfK_Tu6jsi!EDE!!nJMsHPb
zKEGmGl`FdMa$+8SDmY2{(qIJxJm;V(cs}C7Qo*0@NNg6Q8I7IsWm-i1kwWyxUZ(QR
ziqb_d<*T|WiK#BgjgKtjgoCZMqDx2mO$%0XC9T2h-9Zs_c;O)6m>3D;X9B*!9l3TR
zjt|DPT!4LYy3YL3U#>vMHreSr^qf()%g5?HoZda4P1qswGz?KiATd1UH(Rj;PcWp)
zucXV?5^(7X6CLQ39AAfhF1;j1_uQ?6oon_bY<BFA$8sPm3+$n$Cof1hj~+&zeck>4
z>iX`eCc5ZbX@Y=6I!IILMY@7O2ps_h5fB9dQ4tG8Kq;Yw-g^;62u-SD6jXYGRHX%i
z^b)EGAbn^d<<0kg>%G6;TPvB#+(}OM-DjV3=4MUqy$w6~>>|?$A9vCYu!kvbqulFp
zX^`c?XJv)w?mnvuVD`<pLrRFqxGPWjp!caPY}X0H@@gO1);-eXKs;pq<FHo2*iCR)
ztvJ1gnKp-<riW>NjtSe+3$UQ*Mm(^feA9EWXw|qy3zDaxBS-}`zzLH{sx~?%4E|sX
zxC1ZbgdJ)C%mO6A*g0<^L>*ujY&vuRektibIsRGT0BaD?o!sl|rF|Y&p&4$y{@1$W
zUlhDVaE*Ht{P02lFL#@jJtHyN3O{OBM}%g~PeYlw*paqM?X#)%L~V0a2{U?i4Q8@M
zDfdf<%n*J>=te6lwVWQ79y)GQ*wz7hHD)#LXcYCJyZYs|uLE|k-bv|3&)Jd)!*SjL
z6!KrCzuH@YD2v7kEG<p&5VP+vJ3x2^wAD`r6&EInp7?)k*d4UMrjv)u-YXduUMjpq
zsv-WQy~NM+4zUp}j%X0#qvlParmYeUbf2ZI|LL9*1a|Tz^PqlOXd!QE2r>yhd;u!|
z$BpO+d$obTaIB6Hbf-~T_(O?3*%rF>#e}e4ONJ9Ai$?xN@2lRXxh^4nO7Us0IHid}
z<W*x7`Hxeh=}^y+**+^tGBXW_k4L|XYc8P)!nY7U25nSs;@MZn24519MTXsX;}DmQ
z@v8?Xt38~Ah$wpdVXUFI48@peVafp*1M9=$J;FZSOO8Vp<_M)Gvaj=EjlwZwnkMB$
zME39xgHzaoh!!%;G#6Z51HL@L;B+8spGfiXYMl#5M=5T!Bs*)()oj5^r7d6X7Zx)&
zK>*n)+9z(ATnxKj12ZyK5pnTBz6M}l(&xgOUNApE+~sF5NhA9bPLg)Qb~(YD8A{xT
zI+ByHrKp*8JuorH5&bHJeg3AXHSO%pd4={2SrBKJ5t8tgZ{n6Mt#r`g;LhWR4>+L#
zcm`MYP^QrJFw=aW!)JgkJ|f+iCIz3TV{X^kpsD?)MKCv!7qaRsb%yvS9He(>XNVDT
zqCS7)_=~Z{8ovmqfp>KfKotGBz!0mG=l^6f5JqAwH2IYpX7NufpmP=9X7+7wDZvUb
zE#f!1A4(71i)JXk<npqp2N~FTthy9R^eg>LWs*HKGtK87LX@Dk%}ikj5bbwih_#4w
zrU+fq(8z3vbCPIN+W>(=%y4fw_9*5r>4$uyiNc?d^(wB>FNl&696KG|i;~0yp)}1s
ztOA^$%~FZ7?+V-^>1`QeM4+nc-5X|yB~WkObIX03u0S4ciI_3o1nP~c3<H6_?2AB_
zL+gjtP=5RKvJ+Sl;!o3RO8<xE!XVazpAeCWt#jD%Vh!3~Jv>2RTM;l>jjyBK)5nIa
z>D?u;{q+Q{ujnb=BAZp<bVJ$|r3pPnX%u;iMWd1db~_<hX+Ko5i7d%`?H-M;iEPY!
z?I(uWiCSwehRJp`b%9?(xW*~ftrK(jcXOAHRLeBtX@@IH1Xmh6(Eg6>HkO4rW*S!N
zUMfA}H+)*i3p55%FL8MDydZKO=e`Ou3|wn{*Mqi1{N~>xz7rEB-b6PvvWNcFT;nCL
z@atiShceV9f=jVR#gRqI(eY~_LTD#0OlL#)8&>|<!Xm_H?=i5DHnM%>mqH}7Z8$l3
zh46iTy|kxyh_u4{7t(b5D7Ux#|5-s8N%v1yTqbC@A$u0#2t7#Q>fb#P;9^;!?^J|t
z32;(unoVT^DsfoTwBkNyHzgA*nUiP02QaFTw@HOX6*=fwq%{dv;+{kG1oClPMp$_Y
zT`MzOf7Os^Tm};gHD1jvLCJ>lwSE9#dP?#X1|n}6;(Tj0fG|YKwk9~+ld2A(Lqg^-
zwot28PN2=uiBd+KHOJ6FD*=s?Ls`l!@nRXOI4*}O3Bp1Mg&M6o9f}X;P)~uV#NtG4
zNOi-~Ibo7;gVj2sSsAE`G5`YNayG%rQ1C-_<`@QO1z=+(P0gXc1R`<bAS{<?bjgWG
z=*`tVqU7ur(XEUo0yjR?hTE;;4N<FMTjJn*9{{nN0RXhDXNZBJ8b92eL)8L`aQM`@
z3II|Xm+fo<k*5d|4MFoDqSnLzG5^1LlBHY%Kp^zcVju`)Dv2mthM<Sm0H_l8Y^ovf
z31<~_Y6k_>4egmD<UpdbKt$Lglnmu?XgnJo?Tp(u26=KBl5av2?aB(_r+3m6PqzJr
zO$W7xR+w41iCONA$M=(vw@5<6S>`kwAR9;H1MMsQXWt35-%MIHEsF!q!yv6i0DlR8
zPS{yeA`TypE(c)xO0pF1p+0j|k$pBg$=Qzd74kvszwS2S#M0(&k=TX~v%{{y=UqQj
z;ec0}QVBEYVzAQ)1Bfg|o9J35ws+yLN*Rm=>~@-AnhfQbXk8{f{K&k}u+WyIJ<M%R
z6M)}drTwQ51n7sb<)57xoLD^4j-(8?TvY*Da3}*M8A`xVk~!@W0E&SJbcBl@2y6O3
zPaH<?B^}wrVW2b8j8U?bAmZyXmjn=44Kdgp!3>}Gu&2EMfq8?#oK3fENClui3U|&e
zx~!(@i`^!HJY|P5!Hrf?hG}xpG*BOMqz^b)8c5d$s1KSjs1N3RGqOD8K9Gzni~@1-
zfVc!fT=-PyTO`x}a0!ESVPZhK3X5~I!)S3_G;=WnluW2FsN25b7v>nI*3UqFu|_u4
z6_f~q4|?v-Ap}${-V`F&>K%S$PbwWUG)G9m@2=(+fxKNIikoBq3#D9;ECd&{9Pk7s
zLOTaaB)GsB#8M231SSYNk^es@P808y;S-TIq)Tw;Rk8or+5<I0(<UW?lDtxeC%FDc
zX@c_|k^tOz^$bvrbBS@bA&HfY=TO6dSR5=0T>+qqnFp;2QXo~#SSe7@EP!qqj2HR=
z&;(Iwlz^x%gQ#eJKs?SHq$-pRM733FB}Zvc2Gw~E^dX_RBAaRee8Zviu`-miASl`y
zkSatJ(jLwPD$5Bd!KFdtz}`j;k7rW@flQoBI0$MK3~`JoNR=^|k;jMD&1upgC=59C
zNe$j?Ug9UU(*Ml$-|0H-a$A?I2Lky?G$iikPKhOn>gS4Gg0Vqk!xEDN0LG>np^9M}
z;x5B@eJNpRr8zsTn16T$@-KVXg18$qRzLiLxGQ-FE6xG5#eAkgj3Fg`5V+}Z2Y=H(
zoQ@Qa%Oa}0I=;BGRU|#Um4_b!Ev-zN4*7wforIO5iuz6fu_AlhMraf>+;B2(IEufK
z!le%>#+#z2_0#Sz|G@SQbAxUBaYVr!Eb|Z>e`DC2VGDEGY52{RJ+)WIwhrV*yf_3v
zH%u!<5e<8(A;8m_lsHYe!6X>|r2yVgsndyuk8{3FIt}M_qR!*&ht_)wPs8WkykG}9
ziByAJ7<um{z|ut4qX`ldavPU6%>i~TMEvFLJ3uRV_&Hp(Wg?~U$`0XSz}$q9SkuHt
zk9V=@@X8CUSaFY{KZRX4ZzodG<)!X<Xu#KLC2OE$S2`6GE)V?Psvq$RAioS1fdgFQ
z=xAg^=RQH6_{@#w1pJfS)DafY8rthc^S1^j2*C(Nxwef~hA6p{+#(G{pQSw$;6eKa
zUZXUQ%PWK`NJ<C&D1K(VP^m;Zn<_?p_A02E#0}hNPwC(uEW;05W%>!iFE0EbTmS>7
zFw)t)!ACRI`OdLRva@k6WCEoR267JZ^{Zoc${irK7QseB;_wlo4Sz=QQFAGZg@jK<
z%sG^v;gf8tAdrs3#Eae`T_v4sB42#FBx*==Ui;kV3iOw4lF5$&;U@Bf#cRYEi`o5^
z`eBRQrk!Ir&|BuE!#}hxM}w4TWEawyp@Hw#3H3vutj5p@qUipVtR=BN-38SEvhFD;
z{GCu-nh`iPg_W_D^Iwvfp_S9$O?fWjvlZ-XVq@P-P#{O>ifaArT#WObeab1g@o`<M
zb8Ejyg^M2QBb=g5LiW;5h!K6W$Hl>K8(L=uXlUX>-)zX~p*Y2WX?FoIGd?16=FpOc
z9_2Rgb+{3;%rT<S;#~|AG^laf3loRDy@F-~^}!3|S8sU|gTQ3Q4}KC8i}r17RwN6w
zejxvY3sX`RVF5uBO=R1f<PcT(%iaN646#@?pta$2=+oZIhjv79o6W!=HMmFbK0%!L
zPBy>=j5u<(HpIJ>zkFtA7Ygv&p|poBY&OY$q@`ztvh@XG5zaQpursa2{|eJY8`?$E
zMu?&I4I7}5Bi8!azr%6aR7)U3eg=NI)D-n{`gn<W=G8Hi1uwL87p$zoF+y=L6Rgw1
z;792K(-W74)I&8e^1&RvB0qBwA_d=P4bVXgw3e^Ez5+M=-XTBCVBbW=76-Vj{skG+
zccUo+x^9?c(I(vG!zH4jebZhytjP59tLchZWCJdx0}5oz9X4=|F|81u5e41E46x3t
z2V14XesYD<#RSx=>1(mhwxku}3ptw5utl|q7g#Az@TREytDj$N8KPXkyL#%2x13f}
zOO;9jTvk$hyo(N<R!Dd-aC)J+1-p*Pr5|T}#Ugcsa)j#BK<}?~cL=~qa`i6AG-PA1
zXB;E^&T$YFz93g0>YRr5&(TKDfjZvU&Lxh1oC!PDgx_2(H1)3Z#U#uXyjtHk1TKIY
zO;<zeHA~L=2TQ<JSI0CWk!DSYF#96@%+1E5JHTxm)Sh|`etEU~w;Ws?9BW9y4@bRV
z;QS0*&&RP&!1m~-CdmpY{y0m8?j-b2+c*2{UjQn5-OoY&zXv1F>s#I5_^hO4guTD<
z!-^G5yY)r6pZ&M0bfcYZ4ruYB4c*^q7vaS78lsy<5SOJN?pT?Pmnn{TW{_B)r2}i?
z*B78~xJb)ayvUey(AO#2c;_f&bGK*xcqvMz6-?MGVdq+XQ-th=h~Hn#Xwvw>WW7#|
zcrojLbOv6JYese+HI22}2g$&X9KiVD3nl)yV}|<IXyq15+cj$ZS0<zY;JX(Fa~A4X
zqwPEwhio28K^$*tm7tpyp{w)FFNRkFv}lP)o&7+<VGhhdsiY5kKNuNOv{l@P$q(X#
z?+0qo_J$2x!C^_+i3GfQ`a2?PqR>BN9w9mp3!e+k3@)Vc0$*^5R8c$9HLGH@IoOwv
zAQ${OR285Whe-vmBxO0tu*p%d0GMO=pw)m5Si=x$V1Z8qYdUPN>Iel0z@5O$#98QP
zsy=8eV5rm_w)6~aXZ!C$k)yQ|Eb6&A&ITxXN-%Nu(04zgVhIBdDy+*eXP`k!8eTN|
z)-?QV-xeJ#O0)qVF^FBD$8#0<NMIn8Gw>zdp1$t{n!tF)X|BD^Ed_Wt2hAzSn4(Ap
zRKgC65lU&Iw=jk<nemeV_S0X}WKJqlcIHz2H5ZqcDB5SRl$cg~1k*9Wfdn41qfU%<
zot>sUX#tKD-L8`WE>_)*$y+q~W0&~~;;xc9!WQ5@;vZTGm4qk4y2LSYl&d5Tk`wLL
z!ZBHKtCJyAVxGELKCv61amdQ}Iba{XcTWrzFy3rhdg!#Z2~pA$Yn*F^gb0$B_cue^
z+2L#O0Q^xiv2lHNe`l6x{OULff{1bkr{V^)YT<O5v+QB(0(RI?cAR$N+=iA}`KuPM
z`_6Zouu81Tc0{oa`}I;!0}p#=r5_Jl$i7C!I~yY^J0bA-SOzC*`Z51dhepF8xUS?^
zp_vdW8#FYk8QX$Y(=42u|FL)Nzj$T=YbuQk*c5`iI&MBUUJNNNlsz#7ehbYW1WCi!
zOb&&2T!DWnUMIQ3Ng7QjYY0Q7S>k~OcPqSfnnT+78m*daNDNg9SR(8Y#lfAYaOm!e
z*U9}@B$#tKRF#;<W_<Eee;^T?=eLx$o?la9!oDVyIhK+wx9=b4lHTEmGzMQ23a5v}
z)2@NPQ_vEf4Yyn|<NG)M)-Qkq{U7`W5Z#Pp)&OuI1YOa~#awu;LTYDXh8u;6C8Bwu
zLwmy4sVvZau7CF)=q937gFfwPkDyAu?+1PY|ID;{kL;x$R@CQmOB(_W+=)QCUP~w@
zD8h!uH!H$uN9XHZK6mII<T0GMkr8U}`J3MyZ*~2?xp~cEQDV<bgLVjA-`4z%|D$C|
zFXq3r+_4C0BB!2M5EIgbiL#lLbFI6>3>TBars}@ZrWuOOXu86oi#A{+^^sJ7KX`5k
z5oO?VxsIa*!|g<^`ndSjE3_2lNjVv5aln@qjG*iemB0B>>b!L8p(n(t#sl8^g1#fA
zrp^rxIPoJhiPkYy-%a$jWez)N4NswSiBjoqQS4SY*i=O#dkO>{lQw69f|i4Vo@}=M
z`1$AH)wsq;2<2$T2|sgu_wEjtgTF>QU3AvDc*%UmTi1mz-P&dFjpB06IM)wp7r&6a
zc#2NK<3a+rtMKT@=4w)Yo_;U+EtT}=n%!&50>8EVwYBG=mVGwosh7`;yMQ<HCBm_X
z)4iYV)aqr94DmUqz>`5tm?H?+XRII*MLaTZ-%p4T`*VcP+CBk-7g^E8x+>*Z<6~T+
zuC!_U{<SkO>usShnT4Jlk%GH+JN;G?<Q~$p0Tb*v`n=2jsYjMS#TqvoB;%k=i0v}a
z==#wWCR$rxsw3r?8~h&MGYDHk8Y{I;UgCbC`!0%=diAxfYxT0<Y~F70xJ85R&ztKV
zSUku2LPx6T^U&rkZ%^`g&GG)mR6rZa-)AaTsVeOGQI;hXg4xr2%6~qrU<5mjezG)T
zNIH%RXs66*p6&TKvK4t!x}fxu<hS#}v@c4X>gEza-aC)NoZY%Wc-3k=U%yv$$a2JO
z)l6t?^}hMJq><1^+01i*`GA9dJLu-I_jsk9;-PSh(x)rvKJrO<xXbXhW7aDWIZ6n;
zCP?Zb)v1+Z+;2%M8CIvbj+i&UhtYL^BJ@+5r6sKmU%ZA`?o^RiqNYc}0Jjy?pLV=-
z23$97d*6<c)?7`kuhOv~Fu{zsQ4`?{N^`d;EqBIBQ@Ph>YKK2ve2XBY!!I$0p{i+%
zDbMHrgjsdCe?YHhsUpOx2!1T&_tnTAvD-UHT%p*-Bh0O%3KyxJ{o|`jXohZ#U<5v~
zjeqMFsl3}5^~n3uky8w9k6=b--bdRo(&{&#KJ?w&8UYO`)vpH$R1vl~kE}S4{J_5^
zz2H2${Js_zYR|zER<b?G=Aj*`5lIVUq-wK}ZK|mw_LDyC{G4R(3)_gP=nWv3g}V3S
z!O@FzNBwX95lT~M_;^BI8FjtW`mDDW^syZ=kFf{|4I8AeP^0KEp~z)vTd1^)+X(@C
zaX*AN0^u^cHze-~^E<wpOv8DW!R#kU%C%?v5PVexQAX-N3)jHdd73w47>u4KKu=Ta
z8aIBO4P?pPI(orKQ(>g~F;Zvh%&nXs_0*5cA9bGX`9!!-kBnJq4CC9`V`(v%-_oBy
z6yJvZq3AqY|81Whrdz(9hJQ>rvAPH@1i>*}@7L@6`3GUghJ{+dl7DHNH3H-K{Ulv2
z4Rwih92P^1UlP+z{zEfkq+VmBe)s#5kBFY9(MP!Wi^jV6IUmqE{X7u9;*p5;AR`!O
zh_7g>qc0<EfQ1~&Le^)bR<MxS5?xx;i?C^wi;*-Qdc<ZyE%NSYDb~Ja)$%db?npXY
zcYTjb;|duwxn~gjXOAxi(UBy9rm8LlbCMzQAq5&Lp$1x!G-F08v0%G_#{Ltts5pux
zRKI4}INXff>Dh{0cQM*_No#9n$*-b@%zvmMU?RSqoQc7NmTn-Z^i{O2b4RdhxFxmx
z6T$mW<nGsIS2F*F?e(qLlWVE--s0OLjDzQnw72e%_6$xMadA9kPYsI(E&nfj_dX!w
zIFB^W9dWZ@dR!n&E^%!%Hu^%7`92o%zx5p9{FZ;Gej;+)5qePRQB6$hJWZ4y>?4hy
zo~A`l6QoCU3#GS+M&P5{Xw38&hKK-s5gCb-Z}nc@V4((c9+}P!t==CEvL;N?NH<=%
zj1{hvP`Udbm*Cni`fJA=^a$YySWH_X0`d^ULVkVtD~yVL@fb$Cy;Z8W-4Q&03?MEZ
z(ZnJUED^MbHEii%19=qs1scX&Mewo1ieu~d@bdV|T{QQB&e0mUzEHlwydO)5<0vhB
zgoX^S$8KQk7YYNvc8(Kb!p>FEN?FKtEM$vnYS#D!7B6PFU1&5f9iN9mdiDsRBz|d~
zis<?1=a=_yMn|<>sY1#t)%;B|Pk|7Jmi626W%{$hAKuqz>}Hf0#=5>qH4-r(buiRg
z+`}l49!DDf{vad4{n2$&Jm~Fk$5;Q;vx=7?J?s2tgN%#a+u{9Z`I&<{GcOU;m*@1~
zR{ssh&3>CWGs3Evj4L^x&EjU;na4CHeXaGup@-K+3xSWpkP?q*x0SB>nV&UrLC#;&
z@s~o=vf`^UQx-^r@1J)5;&Q7?&T;(oZ{}S6@4xNpPGugb_!kC27GvN%4!n22NN(i5
z=AG`)m3*(B9CziZXZprarUJpE^}g)x?4Dc3mKW}Mx@u~QvQhKG1vfkK&u?R&IT*$L
z7BTU2gFO7Xiwg8ktSnBseg4f;4b3b3ly-filNNed@wCb*=FK;H9#OoHsvjiP`YFtq
zeNQhffl1gEnnd$T$S>+w=QP3k6W<z1o_$wL_{4tr?4I=(L+5<HM=W`lHKRCF@QT+=
z#qVUdLu<r)ZP?m|4<~zZf$rI@ce**@{OsSO|8%-cO;p-MYS*xSZ@L0^m5|#tZ}^>I
zje0va=B|<ZqeUjE&T-nWPF{ZbAf|Z`<vr+~F&eWmJw`xWxfIhXD8<VJw{Mox<-4_Y
z`1DV60f!QgTT5531inUCp}3mA=$>mnBqT?gqU*-8n0?z^RZ!XvQ~BCLZ#?E}Y}Io#
zeKX9ylP9Z1S!8m3<E8u6wA{UDSw)_~%&R>aALKgnUgf-Lw&k-;4^CmWo*iA7)LHQ3
zyf<&oaOhjC@cVYH)!r0yO{~IH>F7aGA+BTCgyj1BmXFno_piGej3!k}Cw&KhJ-n-e
z@!vG~`%PuJvyQhaQ^ThH{!@qLW<`bHg7<@NXH?20(OLMi_9yoR-GJQJ+`4K%a4Zqo
zgfW_Yr=M9X;qu}}rlEa|v=i6Q80*L1d!Cy7z!_ja)%mnI#d6M`DV-~hM3&t1t-PIf
zGf}oF!RBTEPQ1`m#>=SRsx5k?VxZIck8J8a<6`7a6ASWF$}$kn*<|JCFG21|PmcBJ
zX87GODK~h0qYziRXz4R4cGm7pAukmEG%iXHSh(Jx*1{%LE?)hxjl^Jb(5_>-o*>BU
zZu@xV+p(?IuT*7|$N*709)p$E&+yFj#GGj1>cgKr3u+I#3{1?_9|s$!-X3)lgrr(Z
zNSzgZqVAKI#3dlpGM%ukANN7VI)kH@{IbPXtHSUL*UCq76V&jJt&hM+Y>2eV`B(Wd
zks?0%6{%CDv1eRO?J~E@ZJVVxFXswg=FifpI+&+kQOHnEJ4nO<o|=kwu&4L<Ru*uq
zfwA#_@|J)2TzoeH&LcLp$inLug??jwJK?(0>E2HQ1)@Xo@g`}@8lIaR-vjP@dCthO
zj(j1HUMIFP<e6d|wC_!9Ngr<xciXN>j^D!0Je;@xcB4JJN60jf<BZvEv`E*F)Z}Y6
zfc2K*+21vN3nui;L9hh4Ebr>Omk~xsdfo$SriVFMdTQr+dA*hI^c}uTNYQAx_jcJx
zVGpqAWy@;dxUM$o)c8g`@Wv~DG`77!SHATHqjGA_=O=5uYF9T-OuKJ9;4ukSmpXCP
zDiV*7<Me5ii6B;(46|Ae=rLB5`$Wp7&+}L+pW(VO&$x7fPBGes?s~Wy^o%Mr;s3R*
zdN-F5M0c&{CtGaCDARNYnyKEgtxTQH{26^Nj!~xU%zbn2qHL*`vNywT=lyr0x|?wj
z(EJ5x{{OcEzW{+j;QzCIbxKua{s!}f5xT+u`!b@35_N-Fb3_>{I?D23mPMzRvu%nq
zQ2lDS-PP^d)bzkW!2+NAOL7B=zVTW;&+>mii#AQW``oJ7kq{A7tM=ecz#M;)5BeNk
z=NE>vJx_J~69me!swyMEgw(@)(RJad0l)r7g^#{Oqy{OxV!t}9l9rPC(?pB!=stHp
z+SIPc#Pz@w`Y)~hUmAQuEM`({{|k(@4z}is;PDyI#j^(&2&M%MwDDbA+QF)Qi9+rK
z5(OuWv4O&)?EfmC==`%1_sfb4?Yww1c%m?Nvhd&w>}(xu!xeG<31X^)%F|EH_VxnX
zcfY`x>R>Cb2-YWv-v8Rs(vocR`3l<-Za-xuuI_w+5Zof9RoLeH6}CS-q04{Igj`k#
zud8dzLNdJ!<GVq6sP;D0Dv_`4n!~&q4xBwa)M|{k?V0`j?`C?<9af!p_R0~R<)Q}*
z%ktYFwCM8J8JE!K1U$MPk-n@1vy1%*PGgILzU_(lN$p!obhY~D)A>d0faT2ni$D4K
z+dc_eY5wGF+i}%c+bN0X-ZwI&6F$p?d@2)OTHMBcmg%KBPhd&$1D=JhtZxx(%Ly^_
zw|;S-`5BQe%@Nsg!HS2GSsy9DawbCO1(dF3f;;d|aHNk!^ZwH_`6^7vWLW{jT{uMP
zWjD{!m|8m1S$yK@+7AnkBYJ#SLOz~<-JP8vatr>*DXqWU?Cxa&tU1rq>A>t6@w&yY
zc??mv38L4s_^iDzrg=VQa$7kUj_Q@xaa2$cywy^MJWsb`IXHVNes7!8;H7BjH|u`p
zu+t5bhl@M{C+h5#J0U&cO%N0KAgf_$n&0i*(qx(BgCETG{eed-d@7Ff)t@98m;y8m
zCL|xIZMdU1d>goHM9y1s-dNdu`qd&iMFOfSEvEnGM=X{%sH<1MleOZ3uI#hU%+TlZ
zt1VMTU(<Vj6bmvb#|#C&J*|AY%)!5qZ)B1FL4fe5{?DUL)~CO<TYNW;{2=P*G+26R
zJx*cLtjZSkJl*aw5H6ffNlYG#ueYhd+;s8ukvYn%(tLt<`bR2uvx3SPCtL77d?T4S
z?Z^?__WX&Jm-4GvH$xp`rUzzdi$ui?Ruk2{jiK60qZg(=?p%E)(7f-73p10?tM5iw
z=#<rWU2uKVFY)Wm@g1JOK_Agihy~_$5l%H#Y>H^#a4&{WA6&;iJ4Y4hvMSq#+B~rF
zz$#wBbU0NE1zC>2fZ=Q|yx;shIm)}<U4CJ|SAquhA|s!M3CX+;=|B`d4-=X=9UGxM
zO3wd`h<(1qC2LMiihVbQ%C!CP;gDl0{?gO=E}+OtT*|*pCR_coVtT|(%#@yS;QUOc
z$1Rmw!}aIycjZcgZkRjpuA)_zVn&tIGD{{KC!=M@rZ1A;WO%9kdc^gYX?lq}v(=`?
z)IT=4>Fj$e!m*R{vKdeLS;n_A5ofsa1WH>kB~<!N12FTB-o_=WxU0Hak(s60rK=c6
zN5f!CiH93X>#HfMWptI&G7MLh-zLhcGCt3R`#q|3%eP%~izLk@(m5EO;}5cV&Sd)M
z%=A;Q(Hnb}@dFV{p#wJvH!q*mn%?j-`6j6dQgww%{bhEoUrf$U{NL;By~u>OQW?Kf
z>9@mvMDPX}TxobOknG=h#m?htWVAyMgJr+FsN0R%51#~NOMdAKFRN@wUE8_>nO?`u
zp8hJ5_5GoW!s)2;27jHgIg@8U@5|5FWj#Nee)4y1T0*LHDMdJ|Kf^zBpUn{Lj@;Lr
z%+6lbc>VkysinWpy~qhW$-fus0?g22<z}DM%Q-9SO7An2{k?j&{K;41sHItliBFyK
z@09l%f({<Cfp3;gGIm%CT2%T~`L|wF;h7pfTJxMbp%cM$d!LW3X({t2NKw)S>CT*s
zW7w&m(Hxr@+uEr*$@I^9;&FtKxz43sW4rv6&SJ;>9aHW18!ZVEc+D55hQfXzcjD_$
zf3J(Z^Wzpy`G*(#=BI*us07jWmZ4#v)F-tE?e61;IqV~O!RL8{`klIp6oR(hvOhSj
zoA`cs4dwFI+Y!{3+YMzH9<Y6J{Y-d6akQ*ELdN#jm$O1<{m<@R+`67L<s)?WrStx?
zC35uM_nUoH#zsbeJu|oNbQP&Hxd%Pv+swn5eHuac?$RtXplq5km*#6(%d9#d$)qk_
z&OTV~dgf6u+)I4#_QSWY9{Qg3ZIENSLVuipf!y_1(;~~QEe+}G_NQ+|{V{%?+i3SE
zZ9rcrexNf|m;G)oW5q8^w#=z?Db*icilxrB4>s8=-0R^2J6sjTY-S!t-2A<r585Xt
zXKhY`InOc6yxiN(3ZxrP&);##Zryd~jhCo%YLk9G)e_zJ@xb$a&VH~9qo=*A()`cY
znwlybqWh95R~5GhO@+>cR-7|5#=mZ3(a}atOANhFihI!H{V3>`qc=y;%Lt9kkcqZF
zOI={B?}_g6n6|y{@<HEyQ4b<iMGSrtswMX01c`(Mu%`BfN~oERcZ#>FjY=`#PeIv7
zL*j<x+|g$jI_mJ<I}cNv>5}<_cZs{&Q}3U9YGFU}crriZi5wi3vEMvj!M|12{cU|N
zOYZXB(FF55U-j#?xn4hXz|Dda?tD!)eeQc%N)ZU=SCQ{cjE;)3w0%s;R+YmKol?H8
z@td3Ljhm)~y8FtPk;_4+xgoV46Bj!hvbGxER=UCj6SN|^pSdxN6}&loUXy5=xBuS$
zNyJ<G4K8Fb10%ghDR=GH#xJd*{P%R4uhzG=piSauo^XUqyKXbGi^lzYq^x=B=R-r~
zQ^?q#FEL&1mrlh_3P$~(hv9@^%)2;kfwq2T<vqIoknlfe)x`eK!KwdVcHBtq_@%tA
zOi*4@#>caEM6viW8<=X#JsbT|GbSa+SDtNq=1}H?X<Uw-1Mbs=Mv~{$kPTnVwR1Uy
z#iw~!pJXAv_xa;4t*r)#b>S?T?3HD>n-7ii)>dS==gJhO#3|}GeC=xNbbg&R2vs+H
zKX<n(IZNiTal%rfaZlxSn`%oz&UdQ|f$C{H=A+`LKJbOBjBaTKJ<oktviXb4)TKSF
z@bA}x8;&fL+W4n-f>l496jCo$x{dQiYkdrlbN2kQd;^1%BYeF2W^wW9Q<9UteMHLX
zn>^pgD#}W7sqH#9;=Iep-Zr=?%zS5CCKIZ|n$_ie@2r1uy1$Nes$`~nhO4b?m2l_1
z9q@5fBF+5#otGCs3;mh+Ovizq_PL%K*<j7i<{=*&*d29Y^=I}vgQtXPP<pk;EZtgW
zan`!<&Ssm8CvQ$teyVkE+4-+J)ySy?PK7ROpQQJ7AK4zedOCOZ_}KkPqU{CL4189^
zzGk`Spl!kDWm8!{;O);c>0B^kWFf!q{>1(lX>oC^{putVT34&5B{)z*-3C_6a#qy*
z9w%c-syu%(v--k)2dbP8DhmGU6?E19;!9Fx6GSCjso(M3?;|_zD)UbhY|4?9iE-LO
z9XTH!?h1b|rwfvs>VCO!;gVxV;_wYck7nLcEZX4!KPfOMeUpEA!Jr^9M|PlK&|GJ*
zxU%d1-Z^MGGj%&J@6ppWhWXB~9$J~@u2M+!cO%m`_4a02(jKV69R*iMg*<Qeu6u^H
zQbB))q-yS3SHoYFE{Vt|MSgesgu7IxKQL@9d$w;+{hue!tE;QIwI}DL#bal8zha`g
zbIGSGvVK&fb~UT!$JeZQVt2K}pQOj+5Bp}BMAe!ftlocHUXZd-^6Spggl~}B<F6m8
zm)_~X2Q+uQ#LtRr3H8L+R_4gf=d(11^NK|41aML4Y#pCm1Hy-OHa*yLyKGccg?ch?
z8rHjiteZ|6acpW-Gc=Je-sVz&-(z6c&n@rkAeFH;bR50m6H{#_#6-t8cf&$u;_J+r
z+z737lY8v;8GEkpl!Ujv(u1mFWZx~&=Z-e1g{wShN&RlH*=Akum|e5(j^>qL(ii)&
zR(4I*YNRPumHYM8xFb(?`@|6Y-W#HpWjz-}0g-|`+-V!%*56#sdg}f87s<7cuU&I&
z@Oz!gG8BiM4x;zm6R|=1YLq$`8kBWcxh72qSjkrcGey@ddcIxzbuZJpL(NVh8Sc>c
zAyNC15rpeSx8BEZlPb>)Qj{EOLo-7C->f0O3RYZ!%4P>mDLs=&-B}_@#QbK<tAQ>8
z%Awz)0pXT+LGC))$(}_Qzb57cWjC^x1?XfnUUGNMwEwQ=aaRR9Wb<O9_r1p$94k4_
zRSB(#Sb97BspQj!qQVs$mHqCQp-Hwum>a%hE0pD3SVzyvRR`RU-(xmeuQTx_zSffU
zsogJmyB%DKr7z!<U$%=?$w{<T{H^(x9EUEfQ5Sh^=bm^8T!b$Ft2O#@f~wDr_dK<4
zt$}=~yobI2!W^B*&>KX}<&-pp;6~0Jp_zcovCoX_JE`wEE;hd#{K8UYr@y94^w2)Y
z?siwL!mOWsTh`ATb5-fWj(kfnS-WV$et*E?y*gV^n?m0C1KE3*7eBne)%9b-gg#^1
zOT>?u{zEp#j@~5~QoeETtN+vI(OrR#H(!nDfA3*Z5Eyq~n?>^T?@qTrPqUhkSD&dk
zh#p|*VD}-V2(qG{`S(0*xr(n*Pv~r@|ER8QXZ3CQzKGwmh0%-e{JXC|m|BsW|GG%J
zXrR`IwFz5LYrWO+{nEI@gk?=#$p@0G*KFg;^Jd|AWxdKSb8Fyq=p45O&z<rMO1SfP
zh`KjNZ5{0^yNv^GSp~NQv`E$klwW!`nXmov`Pco94_71MQWqERntEOsu&ulQOpG_6
z>5`z2z-{w@tEkM`{O;b#%3g@kJog=2yUIuh?FL-Vw}<ZPJ9qQM*%}ky<aX^??p{M(
z+usrOU@2@n>z)BA$g1`D{^*yR)D6c+35|;NFJme@=kE<Z?#p{oFs{vhdGh?fUmK_7
z-nkkV)(h5ZwGR12BO@FQXFOWJm2;I&PY<Yh9Op+$<V@(4L0Y+RnY>#<BcL=C|Jg@P
z{hk^tmXzggJsprxd-l7SnQEIf%Rr#xoYq6WfxcPR*LwpJ;w_2Sv(hE1RFZYLW~<cV
z-im(Pjr_s$-m}5gZa6c;>+Ofs=h#uJJ)u#?_U+zy+^kU-PXwPZ<j$ReyD^aOa-QFd
z540s-<J^>*^u{iRZpJ1v?Kd{-a8Alp@9T&RzG=>}u1(*c{4)Dx2JYSzS=Y!OzampO
z5Rj-ZisG?;>!5<VUNdJa(a6Cbz1{S1D_?Sc@cNbhyA30PRd;1k!6bWUWv$xx5EK8?
zX6G?i6SNn-(t^7(0^izq+;F}pYw;@4Yc9Q3?KVz*IeyI^=2pOYv7fWMbtL{5#H9BU
z$Gr)`;^4K6Dd+oF12PSC9kX~y8WoGYY1uJE%eRu&?vLvqEEam)9BZ+$E6Aw))hUI~
zc)Q8&Z+18KSg{81%nV3sdg@;B;e=%Ak!*`$>S4WaM5?G>g{^E!7FZJQfzR8N)^`^F
z*3Z^>f15&xgAFdou%;m(&E=uXegJ&m{+*H^Mp_(`>Qs-|c^e81eLb?N66K6=`S&gI
z1*u8T3FA{XJ11#*QvX`3pdy8e*t>GDf3bp=t2JH+8p}OR3DuY!&x)N<q&rHpdsmJi
zN}Z61SH6(d-#3=PN~d9-E--&LLz+Q2Rd3${!E28o7`mWzACu+doDoX)E?dDr_MjYx
z!O<L)(tzpl9yFrgf~E+bJG6GO62{SJABo?|Vs@`cQ}6c=X`vjg)Xgtw>OmcO12#WI
zo2QA?f7bY<i7)lT)JvlMXNabz2*`2O(gmv9;J(_T{6K7&EU7Q`IxT1vaTA3Z30XV`
zryROn@y~NcV2>S)Q5b~(O!4^A_UnpJiU>iBysP<i+lz+Tz`<&Wg>L{M?Dhx(TU;2{
ztu|`M<s5=8q>0JDEg#2MgzXw<Qo9X_g|{}+n(!UgfJVRrS_O*6ab&dPH2y-8^4o$!
z-P^TzKq_08pqS!G3Q80<PLkN15{Bh?C--C;!D~RHVy}}B{%D5v#kr6(3K-g+_w9~3
z$}<evOMeP6C*~wc!S|qmADHkV#PXoMImupl5BDD3K^B6hs~x(n8K$)S@avhP(tJk(
q-tO(zOHiII=F;p~C_igZeB(71WPnC@>J;sNHjYMYBk9JHr~VhpP+xce

literal 694195
zcmX6k2RzjO`{oxZitLq$GDB7lm7+=6dvheD3uoPtBIB~MIY}WiEBow~ab%oL4wrd2
zj^nuh=YIcQFYkMv_p|5CL}Hj}sQ>6Foy|ePm&d1=&ISe~-oIvb7Nx!HCuVqG+PL1m
zbik{%Gg`&Q^ogg3A18OzosaeQ&+XE$c#aqkUT<*owAnGNEdTX_o6%$Ioodl9Z-$ua
zgYjo|50<X=$}%zI4g*|=oYBIr$I}b=IFZxI<zSpT8iGQTkhrY$R}#gmLyfvA;y=%B
z?3}Zgt{-?+eBSQ$Oeai$%e9T>`Cq#0im$3#Neeyjw=Thq@y8Tx0h+zzr=W6qX{^W0
z_k7>Khgb4)29BROo=PYLZFp$pIfe{6G}~;pWS{40(GMLcpK$AE8<X$E!+j&8KH8<a
z>U5hGFR-(Z$qz($pUKCCT=)sq4_HeO#TIuWFrEV<cls`<zN3U2A66vcDAKRD#_<%)
zc1x4h$<Uzum$?sWekrM8x(4hI)j92Vc33cV=OAN(sZRvXBcI8cP2@j<p^fAFTQ8^^
zJ%PNDy5j#FJ<FuqDvr71Zk%Fgd2$8BJRm~B(-OJl*J*Zc(tys<#L?dQY!gIB1EZ%=
zpqcFb37*2>Xs)o)py^vhXciwtv@p<Q(k^n*O#Vj$X9&g6ETU<C3eot{v|7>Z#D)C@
zH~7Pq_s@3b@bc#HE%td{lKJAOS#3H00nZvDn#JynWG7-b-t@9LD+o(B1$jcuwi6-`
zWnCcH9b<~Ws|p1}F%3dG+aVCW^#d@h`f#jovTwB*Zs$7_I&#Q`Pshx09i<9Rrm9hT
zC^d`Ok^5`f$9ro850$bsi<Vp7&>p=GZy|qlX}Mn6%xN4~aZcGWS@BH|)5&L4;*mzA
z9C=<$`&GFHbaxty%#`y-H=h}3EZk@;uc~l66<DB5T?5Yw;I9-5TN)>rt3V<9o#7NN
zWaGb`g2rvsD+4bqdb<IR@u;<_Ssc;pQPs}@HNCOi`}@F3L`|`Jt+{qv8g9R*LrKlQ
z%*!0Wy0!Bn{;f+<l>(Ffdqf=8!rgO^V#@Zb7Q-|>vrs;Xm9N{}^<p~dcMc+t3kC)6
zUp(<)d-IbL?i|;m*($7!HouEIYy2bX?IcL1_{M9Vfg?eizB}+AI%hq%mt|>a9;h7g
zOc9AKZ+d5>*@$4lrLs3W^lSm2G>#~elh{X*b>QsPIZ?DNQ#R#~gD|Tg*-ZUk(?l5F
zmkm3$ZV!JGf2wBZ|8ZtDJ||P??SXHZ=GjM`Gs<!(Wma^XoJ+(WYWyQ{Flmy<+9-#D
ztGkbwv`>WgzT6%-31TB&V>^Ot3}DS8Ne!cIXxhl#>ukZ4zxFL7qG)!tSiLueL2<YL
z`L%R3jj1m#wjOd6gmmV@V3;;oNk>zU;2ze87oEg*v>>!(TDOT?F=RSjz<o(li6k9&
z=CTF<Ta?`VsSn5A#N#w}enW<>lEXtPI-vjE?riR%ZRu)*S9LT!eUrA}71<=@_i+Yy
zv9?<@r=Bekq7h4QVIqGHr#y}f0mtgh$-VBScneKn?U|Z7Y0-Wk8{0&^2||0p6AmbS
z^;n7{lXj~5BxPJQhw^rZ5Y_?O_UrACiM(Ck=>Rj+h%M-I2nktj-MGr6x%svim(13L
z^yfu;3oU8=TP&Cq&0!KEFDyS_kn`=Gfkhsi+>=`hzoMY8FfAGpN7u>JA($iGfy$mT
zIB=e3=YO^2qAsD8_Sf6|=rt$2+mdHWqRiI*7(WO;uv6Rx>q?y-FjGneoR>sv6L)7<
zZbt+$kedZL4cL@-xg!i*u|N9y1krI*(EPK(&Vtp-5KrcQgM_HVO5C~8$PB2=%OyO|
z%{fJFWw?ESJ+|c&q5yoy6=qtwTe}SYv@l36t{Na$|C|{Sn1pI&xlPOeLKd8-;bmi7
ztXI^)sy~s$2F0#W9&M02mLwu8$Ul9&9L_X(GLOo6=R0?l7YvU#vR}Z{a(>9<e3%HB
z%;34p&YBK$#AViHlF+UMVS?+DQz<#NH>*c-5^5>;TM*1b$Px5d5>aXjBY8VC3_7T}
zkam~Bs|3eYFol<sGQ8Ba)c#!p6+x=c91MzH+j-`y9ZB+MAJ`{o4;ai`ld%0wZqkZJ
zRNd)=e)1I~j4IuP2$%mPTe~fBrsY_rhdl9e)hbS>5MQKksJ4>}U%_xUgT)D)9ILxp
zDI$kQPbrU7>~dPNNVD6I^WhiYD!xa6U*27X!rJ#2U^PFM15+aV(<y!`cHaliL_LHf
zT~`ajyGlh8>*sS^kCehc$KrB*ifu3SkLe&^u%kn4joZ38od{Yne@}Sj5o-l4Rsp2a
z{uHxR%y^{7Mt^^9Q&B^a@NXUy6SKRdnzoI89^IE>wWj0adN0E<Jn}ZSLM#!|DY^q5
zM6=)00v-RZG*zz;F@H`im1%JZ@O6fTc<Q)lelFdQ+_<V;SSM>}VJB>D!5LPWTw=oU
z<8T~<xi|H@9+A8PxvE@~@cVVh_};q62an?7BJVENnwpi#2G@YC%Ga7z_vIlT9;p~b
zdcRBb=&1LpayGVoUDxGWDsGz#lvz9S>8(ribo}0_{JxUlVsdbhFunI7;d{a{bEELb
zv2powgfq16*EWB*mjk~%o4n1-wi?WsoSkczN-*ZV$Ht$s!PnAP#}Crmyjm0T!U2C0
z_`eOwk-t<{=Kh*s#=w6B!@dcp-<SIHYE^F?r($Yr)$FEDADyb(UbA-hzal9f9(g-c
z&N9SNs=VDf7wMP|W#0==#8y=AZ--VULyDv}M*3<F5?pXk2gt{k5N>EO>>`-1v`C77
zT`4~g-inFbkmk`_|MJS^wU4KG(`#5roz}ad+*d0#<3J=C(+@+w{Sra>u|a~iDl=AU
z4w}%UgyXYTjJ#bhb6UqUoofk!f>H+GZW~&exU-bb{%wydTIUfE>hCxGTK5|#Ylr%l
z+wG_&S^0UTrw)3$_rWBlsHFY|`z>RPnd}BSbfn{H*`x3Zg-A8|%Bz*t@JT|^y3CBd
z&NIrl*K|)t@pxk`9wVNQ#wueICZ!*57ViZl>_mV3xOB8yUQ!$<!x@43i1aEcE3!u2
zG#p}hM{j8x;-UVMujQ{yu&?TW<>@QMwrV0~(5c^!4Bj7S75pupojx8KGGFMw+Aozl
zKKXLkJg;r~zhX6eLdMRYhPM^=A!VgH(oJ6VZ1>w)%_`r1HZJ{WJkxuAZT_M@`orBG
zGk+&voAJ`|gb%ToEl=$qeDfRmv*Pb;Ub)^GsNmuBX_5<)2vr&wCpQ#nh^_DyRZWau
zxX>?kwPpolDj$0*U$a1i*RdyNRqgi_`6kl}#zej)ui=(;t(s1KM0fvsy$P)2&0D``
zp3wAbqIvp99m!9AKN0I5uypUFJ>(f3SbKJoxnP%89w*Z=P?Zr~x>0`>%=Mg{@q!pD
z&-c*ArEZ#GJykx+xS;<EN5c(6EARwLWI(>Wxa>!1QJGz*38g*_MEQOEFgyKq9>=%w
zUI=G-h4MeEx?$^3T>PfIbP7+NqDeuBPwMLZohQ>D)RkA1r3Ly^)42+Z%7QKGiW+9^
zExm#tv40hBFQSn)BwHW$C@Pz}ra<%N&40_Iv<zFIq<bnIC2gH)>i1MKyD+zm&G<DU
zzuUd__nad~L<e%-WNl3UQH_-KCE~`%V%pXw9)^(4sn}e7ZYwDf+ke&cLq_r`;d<<h
z@fD>N-|&JYDT0051T3(pf7t9B3RnpFx%0x$*av6*fE-xaHvXwDEiOmAPfgY<;;EFq
zE#^w$kh9`1i#_6YoXQcYZx%JQiAt_&(6To197hTiOQ)zB%V*U#DK?E+j|9^YI$b!g
z%04tziOs+k|A;b%;4V02oQJcfnyJX>$g>G6Aq1g(RywD986F#AH4c7zy@htKcK&`h
z`FlH(*Ejj^_rI0}F{X)UbJtTpc)Tns@;<FqIsNo1-MNmWYVCba-t*(@B*$^Nk>n3~
zZ&Osq4yB`eii>!3i#&HUinu4_wRp-30pGJ&%_53Z&CE<9QjtMF+N`<VNsL#`O}TYn
zBJzw(Lg4NWjMpj)1s%-a<7CV)D?sHM@_rSev~|`hZTdxwdB%0Go+{c*KBr%qP~~<L
z|5YK}RVPzfB4?Q6v+`@jWSl$n<U-Z0_!)t#7cQ0ID_5j<{6wwIcz%@1+g&cRT>ojw
zV<L;lg4{5)sSkF5hp71@OO&_Ys&9R6nZ(zWq5RyxS(<}B6-R4N9)_E<7W>Q(eeg(?
zuWjbGt&5ixYh-;&Qb|o)>XOzSd{~|)RU-LIVj}tni`lrVb3?AHsBn)oKeuf3n4{s2
zOpky}yFlTdOTUNMs;O<H?)a&xsTYr|XQ9>kC&f}P*AX3*@4o%=+0k2%$zK0`9%!7f
zvxZH5Ur2YKOZ&aqvadb$7s9!4K2@mfHziDO{vNl?3T3hf{#*B$vIajq|4dsoYCX;c
zYd*pDAr`HEW0ThIM0yiqPgkZeE4FCb7!!i(YA-m84@pXnlB9HMEl4Z|G_PW6=;qHN
zNHq^y<F@Rzb9i>foU59RTK#REe+4lHuiqfteWvdxAw1m;Wj&f!BxD}YY5i4BiK9(F
z5+p8qC5C#;OyTAjnl`Ll8y~cCTCA!$(IKaQuS!dDnoX${oP+ik%XrhlVi8I=7Cp<W
zd|05E`&F9mUv9?5Wgh2TTV$P5!>}G%<|n0vifHtA-&jNpXaSrdn~>Xd$c8qu#I?mT
zf#rSnbLzpTE3O&_tpa?u*B6bz8J=;WXvZUQS~ET^lh!AET2EU0d2J<*TgG0=U+n4F
zi4Qe!gd*q{bZO%T6=yO+y&aD%X}z7GF`?crM}f2kiXe$a4L;PP))~HeiNzp3lu4`6
zd4qFMo{pfd;L3wU)$5%2=68dQ06W!9L~6RHNi`*k^z32l49e*j59^VHYl~^Czv2nE
zPnK%tLUj~O&Vh8PhvY=aY^Fo`7ftC$sZ~X`-4k-c_FdXRGHw#u>5$H61<}O2giJ-+
zh0aYLW+-cw_vM|-qxFCX@ZamPfH7hw0|*aZRn_RKGaB$~48=Q>)-LU+xGqR98d<>3
zMKYhTVK*-AbPcpfO)E7gpMwe$TFhIm(kT42c+#bl`Y)lWij)n;rY#9VW+~l#FIlpy
zZb0kW;+BlI4V_lZnmV}fd3oCW9z!r~KiZf!r)v|;0zE;js<JYGBBvr5f~Bf346_}Z
zm~&8pss-^yO&M*^C1@IQhOsGToYG8(JpVHX!V2XRU_Z~f-?xvyv?Hw2lEeV&+BcF~
zl$w$M&CnDxXod*IyPOFyg5uUZn?qA84tP0tx~(Qr@{1c5Au~6+U9f8$JN)^z!V200
zTJi=v9eZ}y7p>AyWoQjxnd5L;GhEfN{G!nmlp9F%D!eolr*K-$4AtldXNK1PBztr1
z91KuwN3=5+KD(ibV!U#j8m6Z_J2e9oaawt&;DU2U;;wcQi;q;!80qG_k5r;zlSj(5
z^3G>Ybf_p25S4O??bhWT;o>t^sD_oiCY@F?3D31-Xj*<wkGal-!Wf(a98JST6uSBL
zy(;t80?PxtR*#Zn`Qx0n^%kI+HhhXh3(|xW=}^hzIiEjP9n4%?OiByUNBz`K4?%{O
zyBudpEyk1rQ6L6jVWIR`0U+RRGtM1Qeq;@uZEttWqt>8ONJ(f<8pV$m?SMlAO>@S*
z0nu+iO4qDo)VvuK7wTQPZNv~PUnS4AV=-z01nB2#CpN8wLeQa-rpkF<CzImTCnX;Q
zt-=dJCDTJvsioIsBL;{u2CcR{Z>?24v7oc<CKt02MMsb%JDEk#0a$6My#1M#;N}cN
zaJlap&knaAY!Ya#sk3AbA3v?I7sNw<^{Yec<Knb-1N-VGtxlUwHWG{c0%$tg@`@n}
zot6iGF$HMk19g?(XQ-g0(DGW~cD{Xc2B<coK(88n@}fLcweqy^XX_biMr={N1X)NY
z?0EKsQ7}!I8|a)-9mL0~)3WcaX8~P-wB8P+DXB#d3(cqJjwFiDV(O?)bxn|3o)3#=
zE`We?o?wh=7y9;;p0w)7XtUlAQbERt;%=fWb59A;HFT(XYLT4A;Y=rfv<ttFwz+^d
zK$!_j3TVf26NOY@aiKU19Gup!fAh(M*+AiIi=w6mFBz;|Hkx0w3QQeg;(o!AoSZv?
z`H{<RC%AhWjKLhmz^IfdXznu~(G{P?UFvoRTGDP{h`kCJjMXPxJ3nN!MQNE_fw?10
zo?<O8fe-a$=}@hKXJU&sB``0po{otVTUvZ`+BiHxK2sjc6L3VXA`M=8jaUOGezXEw
ziRUK81?U1Tc+;I$k2H!dt=+3^py58OD5*@G1*}Sp#F<cfrnT{&JUha!3u3^gTCk;!
zvp~a#s^DImmv$8M4GusjxWeyrsL(Y?MQE)#pwwiw<v}YXZGM6knhLb9U|NV_tI>d#
zFY**}Ag93o3Z#x>g{5f`fYB#to3sX%;MVC-6F~aPDi1g~c7D8qj{w8F0x1P%j5H^{
zs2=N`3CuCp8z@K#5||G~>K1B#MZT$TUO=6<&(vBO0x5zV1-uWXuPVRvntfC!FBJ2W
zTp|Ld5Mt6o4=V$amv`>DwipR&kHRr(CpqE!AJ5W5=AkD!RhQ2}ZxowV0mUE|g&zJ4
z1ZG4oAJ^q*y+LXT#oPo&{>XTPEDsD8>{m3_nNVW}goiZxO3AU{l-krA(9&ylnjqP=
zhD{l8?Z|c4K5d1R;3#yqzln{ywBFQio%hhB@SOf6zv2M$*kaTwsX*DHn;%-O)oW#)
z3f$z{xqPDTnrqfeFA%5KDp^4;1U6<ju*f_&1F(*?><TCRwB-&bPBH%?|9_F4WS0VE
zTUEWWSXDx32?bK9{S|I1@+O*r0yxrHiqn2T)LzJ<?gAvR-hUhrjA-$WffEeDMbunn
z4^Sj%(NxFEfLbzuI`^y0T7xFZ#B<OX6N>!By}nh9*rM_PEHSiJiSnIil0vS2+A2xq
zZ5lf!Rfh6dqT%<oUp4mtow%2NIiO+}e|e|of2IL<a0(|)EbYMxln->so{19~TD(i3
zDPvRQinjRT)+=ornZ*yWcuQJL+L;xwRz~5Oz@8#n32hz%b*M66Inv)CQ9iV5wQoY?
zs%vw^7jL)%ZIU!W5E+@L_O?|iV529kSz^(%#I{SWnv&HjL5r_kr+gshK-_qIsHI{B
zG6L+_DIWdHOO?miOFJOyt>ysA7^n@Q#SOh@B(`XuUCsci&RR2WO+uvS(68hAwe&{B
z7Fib@u*WHj3&*n`LW_k;gqe>VHz3azIN)9`Fs&kEU{FHRLp=iWPaSE!or%hHXR$rx
zreRB3bb1f*8LhWQ*Q!OUe<fP1h6Vc08Fsdj6?{(ZC)#M`DaXF|iczZ$lerdS)8Oxd
z&_hA+!JXD5Qvi*flIMPXV3}e-Yarxs0K6JVr*P9op33BW6>(jVm{y`_Jg^-=*$f!4
z_qV7a4O8GFXq*g%hs9^AUe2IZ^ThlNSbNm=%g_gC>{ardJ1Y6;E}p54D&1=Bjy-rn
zvzFEUlhO2?yiE+wFvY+p>uHWAFmbzw(E;|}6Vh2SKqJqKEqZ<?aRLKoC$%&Hs{nR1
z5T6zT0SvUx0Ic~R++!7IaI(Qwh3D8Alb(=|m_eI;3dPIcB4Fz$VJHcfy1?cik@2DU
zQrDAr^tNJ)HzHK2uVt(R$tC`+PHbnY>PJj3VJP!A7I*{afTbM=L1fQga*#CevPvy7
zNUbTpL(=DnB&e0#A-}X^A*l7C!-Os8_uub=XF_c9*d292RA>k84fJEj6SZK4NW1>O
z%G4VH^`@*2Wj1!mktLg5=U-VtR9XiH0#%OeQEQ6mQ1v<55}fb;>nn&#?#Nl%5sxfi
z-pLk(sYcd9>bn01sgt$X41A7G`Em|b4`dn#{NEEdQaW<5zWsm60*2?*v*7sR$PSX~
z6aA$f+9oe`P$Wh+QZHcc4OFh&icO>wU}hpTtn7#aG;$np1YZa4;Rt|>fX^FIBdbyg
zEVi|RNHoBU1+dvc0MOe5gusBFqw7@KGGLDppk<Xi0WK*3S6UezjcUQ?BM)C6nX}<n
zb_h_?6L&JE=}bLXupG`Ng5JpKARXQgP@C-sAl02?-0QQ`%qlf9oh?OBD-5F@Y1a!7
zB=?SSJEedW*@}AjQ{_1Td3Zd)VX%6D{+k(a3OVYc5;*|LGf&`v-2gZ+)O#1|{Tr%A
z1eG5L@GC)2A!-z@6*;z?KEMEY7cd|VJ?(cVKc>ptQ02L(79s!%cpPvL<Ykb*|C$j1
z#wkFb^$MUx3t-!(s-s#CW(D|hXmw>l*aZNRr!p*1iQZJ@8-T$h5LGuFKx{z*8oieQ
zA~oinNUE3YRE`|rfbszx6j9({rxLfQy0yyT*APrpHUt$Fpz4SMbWlD5hxQN<0(<~C
zys5d+{!2Zm=C!fFQA<@q%>$ImYevPWF%Gpjz66?pYV?1Zbph^dyQn&-LQkmohQJjn
z77&uBhG9T0f+aPA1;B+SY6Smto~!B1#+}Rt5ay}1!Y>27@I~P8r^Zd826;#|`ae@r
zRQc<G_x}sNm>N(sH6Uun?0NukJ1W06)m{r#M+;S(H`Q_t)hM-osu1Xc4cu$X=+44w
zgl~wy=fY>>--kPj>-8Jx(k;d63))uq_HKhWgagRPUEvk{1RS_zPc=!D4EGsy0~d>z
zfAqi=iKEdqkwxO=?>yq3Kbn78ruq0<fIvNwH+gw$aT;r!i0P||xrzGhWzczK9i-Te
zn@)8ME(_rU0HvE+7!(H<vQ@00g&{fxtIwhS12DW3K&J=jw6W+K@Af0>6IUwGc4Xa1
zhm~F<UZr9k0LBk6TLOrgJs=<n2pj@HGe5TR&z2qaN*lOh2aKKG1b{dP0AK)smM*{#
zv2OI^+8jWM#;4tSA|9|0V*#|KQUNXizyQE}*lyM6RxS042e@hh6g0B}fF^H_2Za*=
z3;_SPJCEr9Y=r|?BHe(ePXKpXr~uVc0YKM^*{%PzDHiaCt@bSBe+fH&h|KX|KS*dg
zSEkvnw`U63dZCqAo8S?*o6sa=9h4Qf?E7ZxYOHp=6$Q|0KviZ4Xq5+?4f+qzYDP_;
zG62A0bNWl+RD*Fq3>N@qCTc>dabyBcqZk3;T&(uT|LIwX*sb@YO4R^-<*k5HeLxZq
zBsEC6TV&vWdhk8K^<Cilf1xM<Kn|6$7Lf4nJkqH<0POe)0$LY<3Y~HQ%78aEWv5aA
zP!0gi^jP+l32M^u)TFBd^8VDEF#!^A>J1A(%I1ah)}8_GX~hCgrvj?s2moLKm<<5t
z5N<5QbIM?E8RT_(^2qiQX6PUZq>T|?mki*t4tk%nT)H})M;7-M!w6#~12pQ0YTA7p
z%hL~d;cEZWill1&4rsLl;w7F3w3Y*Hck&VdPI=)B|KmB+0{l<~8bpX1odiJg?mlvD
z#Ft^LG+f-;lx9Xqh8qeGqE7->6Gz4D=Uy-_DTK;;4by21{rTt0!ZAg&&DJG!7|uQU
zCPg>y#!bHK*?fs6baF>m#OYaRUp=}(+8qJA-}+uBDUyx%*lP5M^x^J=D!MiP*}Z}^
z{8q;>UH0GOJW)OlA;oI@P5o=yNW)nld`0~-_v1VVi)*$#!534)#B=@g4HU7%TKtT|
zbo4Z{4%{c7qY&|ko+-;Kkn`m=mb-CMWqm#HtF^*r-;P)wMEPHT6HIwE`6~}C$ok1!
zsdfL`dC#9U??Kme{5h^n=Eg=Bd`{Ta?-DBC$Q#K!_jJOX?H1p|0p3gvRBfCtgmzY!
zLgb+PlGu;_Q~2LaS&{12KUKG)od%dZ??3KSed9}(Jexo@&O1Au8d1y#eeN}F%OLK3
zdK{7SeFO;O<Q`0MhEd*&iMdELJ=VW1MnIgo;qJ_V4$UDnzCn|N!RNdXN441Yvz324
zD0O6B$Sq5{Mg6|vrS0q|95gK55A@`uY>jlgukl$n<>LSOAB_BCVO$#4<3y*;VrN{E
zq1HQhE8%B)T_Qam1@3e>r}N4u->l>RJ->o7c=t=6Wm-z7zCk;sIFG{eg;BWRR)%pP
zm}qCPx(?(0W<}D?1Tw3TUbTDv&uQ+{OglsV@o&`#-%>+?ZzoCNZ+YCpf}VR1YY@^B
zMfA3I_=#CxB0g~+^6`Hvz^z<xvb~)8*sphZ$y-`9`MZ<_;~Rg@J3Dm4bcJ~Q;RxMW
zgMxo}XmCtv!R6MJZ|7xGxTlZZj2YAXCO;;LXy1N#%{}|90=}*NITu`eUbZl-Cp!P1
zq;&E`Qre+{l;{)dQq`>QFX9-igk>|nVw!F4sl*zw97}6@tlA{o_s7xB7Um4kTw^#P
z0j-zg@{cY1ds{+U5KZk=`4w28T8Y@X&YH0JBjbqe3p!Woa(nlqjvvV7hQ;5kcz0yh
z;b0@*&Bq*NqWJa+PyrdJXUF|yakoH0uUMrQ*Mz|C`*n0lN#M1&W6oM`jk*roG_%>~
zIxj4=Jb$FV9&!i&bTfR*?05in<6pK9UuaOW_2h-Ai)0TGghZ7+>zjagT|}Fb#O#j2
zS&wl0Cr?BWM7zwdiA+CUbSz~su*60Yc{|`Kx=xSrPpjLAoHDNG1HqSR>iqlTp%rnu
z%6v7p7b%`12qe?uYC!CNo@SzMjsGbGU-n?XxOutkRD43VZ|ot{OaH>hP3!hT6Pbba
z>oSN>44(Jp@6cT~D*s~cQFilenvegKsWs*9z4HT6kyAm(TY5b+L&N`ALhmQK=h(HB
zg5CD7-)S%V<qguwWBJjd&#R2?csXB=9=^WKnbz24zVRuYaH9B~@rH{t9HC)hG5a`W
zz<sN6LpJ{~)v7+k?TubVNmYibx^GxXPFep;&Ai^-p~n{5rPqC|=?hPdqNVjemmH<r
zfop{`E-WLo_~$-uxHE{yYHkW2T&j=LeUVdfX%*z;l@MtrkSh&#yQM6cPw&<k2-q)^
z_Wfp`DwvxzdaJ1ZS))AqXW%OLCWv%wR^UE{jaZx3To*e*^EO09-q(<|(|(<y>qN?L
zfg>GmU*1Y29k=L@x+#j}N8Xtkhehb3?X44->JHdn2aDMU;+`h&V~ecd>?iDzYZ1uL
z6+ZOr^#`^3qu2MbPESFr6O`Z#-Ek1Bi09IcTGWM8_VBgrg%xs;?t113<$2n?dS-`?
z*a6S5_R@-=u)q%r+bMh4+7FUcTL|1l1mRfv=)$}E>v|G?;G8}s6=sg?%yCblZgq#Z
zpeen)0w36acj-a`jl>S(^fP}Ioo5+X!4IXKB_`Hm(r_OMORB_?e>WJHgjqO5e{tVC
z7yr2;qNlq>?OC3A=IgmVjE?&1fx?%qX?TXNk0-)mV`eY}jvP^$$f#I7Hyk%OJr$Cn
z%Ub2ouQ&B`rGob7O1I$Tk}$KC7VyV>r`;<X1<;MINwo#eD*T(Cm>#_qxYZIh_sBhL
zt|rcNCyqB_i@knBg!vcTW$W;|?4pN3;`2NrdG!`zspc{^D={q8r}WC%q&t5|%pW?`
zP+{{}p%Qy`{)o1b<wYlqqvFLaaa#dCyPyo++836snDlQIs*TuZ1@3Q^Y@M7&E?=>?
z){uwc0P(g$Ri`D#W_26Y+8TVBKO#dXxrF_AJJIT7oALC>z`7KknhVw$xqSLBxJxZF
za863yB7J;XoNxNvz<>U#!Pgi|k2jxv+9)3s(9Z-9WjHJfhk?HpT$@wt;hz@aIt<sd
zyY3$Lc$iM$&dfo<D3mzrcg?#vjSE%kn6kha$YI~0%A&oGWD;{V2%XWUXSStVL|*vG
zfaX~Vc>Qfn<^qfr?aWav0@e9*&53=4?xM79`ZSaDnyC3B|0ibey;#wSNjn|8R)77<
z&$k7+r2R7B<64lvJHsERr`=%i=ljUC+?e>M5s|%r8wR6pk%=Pmbe=qA-&qP9RePU~
zHBmskFSKaA%ITP4kKAdIzK$`?RZVikU~JvcuszR9`f8g(%w(HPWxZQ;*;YJ9p0nFj
zmChdpcD4Dc0=HY2X})g9b8!1D@bO;&sLvFUH)eN_Uxea9njii5M%y-%wzH6a=KK9i
zh2q!l3UoHzUM*z~eftI7|1|TWchcjT%?Fv%VVgSIk8b>>t5W%(`@<Q*x*y$dTzN4R
zs`;Sdulys|?UdZoG6F}lt?8p-#;Bc_2hq`Xg=X(7O_mq~_BIJ$xSg3J@Mh(1bZIIp
zu|9HFI(A^<7)<n`i~udiIk(2gQ#FD#hX<P{G95!rwNrt=J7XJYrNZEkqCyJXFQfM>
z;E&rH5MSW;+-X<22q63|M8v%5!#xqh_VBZc5YCGSB8K-Gw{vaQ*&Xe8#Qc=vCv9&e
z1P5%%`I>BQ6klp&WZq2X`0=a2uWe!yV|K-qR(wC<^Ua|`5rKwzZu&IT#^-?5(O-{Q
z#_mB2AKwIX#TdVlUPu1n>k)U;sQ9Y>v&=0PMN{4C|6iCuh3^AlAv_;mN0wIn^=9sj
z@t&D#39AYHZf`vA`NetjTU|eOG>?Jyqg+OG4`smYP-0vDn^#^(zBJjB+-#x4Gdi$N
z&yJ=2;tNypFA@(^Ii#U|%$Ykb<=#P*4|M~(Ukz>nT;TcgOZe$YKrDeiyj2J`SuKF@
zi=%zyups$#05RzuR`}8LR)xbyO(yXPJ<h*%Q7c!8L04KGEIu|fh`){CSHCMmu6%rb
zsH6CfV}bisa)W!&xeB2>G!?baHq{*QbS&9lqjnaamM~S==swebf0$;j>PTT&y1U8A
zsqxWV@?vSKL_5>768egcJBE^g{P(Dk*h$Qtv7}qOqGb+zmd3+=r7@}Tn&qh%n<!mD
z#WrsK?S(B-`Yy(TxJz5}dgRL&59&r*aF=3m7RiewG4UtjZ(}8XBA^@<ucE}`{@i~+
z^eu(1{wR6gSNsw8nBmi(`_Mx4&$%}ly6lUVlnjYm!*sU8bX>H_-}W44<k^R=<zCWC
z<fmEwqId;m$9It(v6t|f?i+-+j6&;Ef=h<xEa-41I|Va1nZyzjUMIwnQ%Do2uPkxj
z7~8*kuNE&H-dEzr2MN!M1mERUJ_`#xuWq*{W+66adJTg)X6>ioE@Nc3nbOb7xx2T~
zf<esHt+)2!X%bqAxw0#0Ob9SUEY014=@p8le?^wx2@qiIIpx^d#fA%ZSTX6r17*$)
z@8$D|BJkRP%b9g^pk5hjR{J5l+48yuO`sg@zuj;%O7h#V`SZg{d|$v(-tW#r7Sx*0
zeF@>XgMKiB#z2Cd4md)8+0j%B{XRjS`Ayx|q#Lfh_+@LV(&0E``SmGXDDg3GF}}2S
z!cLgE6zT;%yyvE=#$nk}e+NnVHP%1~{^3ix_`{d^Q`~U6xj+)FNWBnx{QXepuD{fW
z-JNVL!{~!b9`(!J1=+bT4CJ%<wgtbP&`wv1|JyAl9ap)~@3V01Z_>M2B?%Uo{eoMu
zgX!-!YHIu^5M-DjU@3V%#WIK)(av&PDXTPbS>BkVQwi@Qy;=x8x+_wDbQzKVDLp`1
z&1rUF;JoIhnB?bRCy~t7ZPg_9N8Nmy>N?kEM2HDI`XhybTooave)PF7n#y|u7z|LK
zf*6mdchll#9}G-q28I$;+x3L?;8k0vHhm{CF2{|@q;NZ*Gl}C~v`@<kvbiPdy>2G(
zV(-DI@sb5z?5s`d2Gc*bCl{N@k3^=jPzGZaBHNdc+#)Qinf1M{TVKcQ=Q0IL`tzQW
z6KV_{vwgIYBHq*g#3&jJ6Ms+5_RjSYQKJvs_I3ECGbc5h4*5jfMcR?2GD#fdsnJcN
zi`r8jpM>!Api$#@A*i_eOm}omV=A`c(c*EF5@zHoX87V<G26%jpZii{=C}Kt*mX}r
z0wUI9^G#40+yQ$NDiOS_(9P*pgCj{MfPuHA@i_m@08}qwR%$1BFdbJQ)~PP^H7H4E
zpNSXUk6(gHgg94p5oU-Wk);6CnwYi=NK-Tjc^C~^*iX=WuR9*I6)@jMn7y$RypWEo
zx{4lt4%i>ZDIw#=AfTC$Wy2U;?PkDyFM&L)7tL#M&_e{3a|OWui5Xl)vu*{z;&An5
zi=+xA^flZ7?m3W}qBvJjoE#RKAG|zi-#zMqhRC2HEpcxzsGPp1BZ49i{`|Y$ZIqdt
zm>;fX7zXN@As7daDz`39UweHzo4zpyS$&(fZ4$YbQ<v`Ny;4U!>Q(7B5%54O`zB%o
z2lQ-z*4cv52OUZ6S;B+_?@Rm#vA=K)1aZ}ZW;(Re5Xj&>4-Qc9jBPZ>0VKlW18Orc
zwE*c&6M{eC*7lO9rk&6PmV|<S1Ju9oFAPwcXr=(9`q@)t_~|E*9cMtq-rMqwf`x9V
z@To$N653$Z68LVDVEvo$_N0$17Q7im1nFEgsLgq$i`3Z+_%8tYfeuZ`3MkV8YZ2ah
zD;nhdh7RSRclVF_uEgN(1R+y*L6S!-LY+f0N}B=tmjm>7l9GENp_*s~5c&}v`bkzm
z3Q{Sj!?*mlwRRhEVvtZrXm^3_wO#2ps=!SJ-BXi)N=Q<bEi>Az_sh9hr%y;K4syRN
z9#octT&x@7sIy%e@a<KH+_pZHh}?iXTgMHptiCPE0d?0!9B=0IQPvn#3yN}P(a?N}
zDMIjz<sZjUtO3aFniUdImrt!#W9hhUP*}n3dxwF#|DMI-$W!Sc_{&|8JDOmN#DTPL
zIDv9|kvO5N=m6N>_9OleSRyEO2h`7iybDIg#ekf|-j=J}ldq`OkWK<8bP+ykqCEnT
ztYqiQ*fl;6G$H6Jni2Nr9jK)eM-oEf3>cB3VC2eGgI-MYk4wiFyOk)FPmwnDvEW)w
zv;zqJ0k-EOr@>Rd6(A+~p3r_(yPhQg=87gP`}}SCX};JnmcGG|;BnpVu!wXl=l3ZM
z?jwQW;Wax5)x@yJL99K<&f#6YA2l)AJs;Fdcath4-EWP%qYrAZvsn|YAc5=vVPT1#
zr>h(D<|q_$cNQd?1kUav7zH5>c0hPyk`*8N`7fX)9w7Zs9`&&BKMQ$<hA5+rIH6@e
zt5Xtt`*ptZbq7|wXtGZ_sQf4NtOE)Dh^wD4Kn+4)UVatu-vgw_>9T(>Bu*1;h{TmM
zAZ3R@W*<Sywc8i!4_IQsHg_cqZpZJ=dZHm$(U9yML80EE2hBuK&qol3)Tg*S<%Nb^
zM?;!h36H=?vnY^}*Iee?jmW9_1`T;a(@shkp_~ZP)^;6>{sk*j(4Knfqv?n~7<Hn<
zq~%!qz0*y?PebNHVzI}ut-eW0W{;MOK8-aa6OKiAG340+_2wL(gC-~RL6_5PmKI*}
z@Fudag9ysu3ILGi9`{?Md`)yu0Me5V{ay*}9}#`>@8MiAVoZP+efwGxIK2zfsEO8q
zBCSrH*|6!;U^FDE7gC(l1WZmX&SHoV{A@A(?J6m>ms59be(d3CV~QX8&VT3^+-U7-
z0$CVMc&6Rw0{ROF7Kh$4DL<#=F4Af%z!q3v|G$8O6Tohtw@vicIIsbvsHaE~+)bp_
zW`Gn3?WgSyeAE3^lL#^p<{DycBrl)z60QXy=k%z{<2bj~w_FKxFTvx@=WPVy&w?xN
zV?()Oy_dc9Uv{Fkzwk;OY*RAM(wfqP-0;x*pnf`O5Fu1BGD#p>&wP3V$>4x)`>&Gv
zF8YYb4mUslLW$m;olEW`n8tvM|F<A)V0)b1Msx0HNKJ25zrh(SR@Vs)tc5lL*?Msb
zJ3!z|C@}pJq{A2(y4%#Gl!U95MH<Wy&hLTZNKvV~=RJY+NbP}EC0lfn3PDJ-T~H7s
z5}Xw<FR}NO>)*U{m~AgqYp?t%Qjh5-vZVs29)V-&S{|nHlM5V2;+`i+UQW8X7u=34
z7$Cgm0`Cpn@PnO6?isWCmKQvyyx%I-(|#XIXjh2=k0HV99)Fu|)}?{Gedb=FeGf5o
zn6@tGB?bQRi77}3&f}8@vUPlG;NZv}2zIR5GWYBjHjuQSh}#$LRvrhMX{x+lT~<b-
z23U3hLDUgvjp@Vbxf=%!BXRT~G=Tvr3`W8)2eiA*WlD_|^P=_U|3dYzOF(3hhcg80
zc0!i%Q&$CKA9yPuB?ctPm6RHfvkXEK0+6Z9pn}_kR~!K^^L)MCs<pcQcqt}<%eo*4
zO*DQ7RKS%~HMMEIZxw{(iKb$@%k|SpoEs7+6NWPx0zJ8p{4vs?s&1)0M4TX%yY9V0
zyMpi)xPU!oigig^Qy;WFklGRN3GZ6ctPvpmFC6d#7$6yXi<avHzCU|Sgz|zko%YT6
zFnTKBHzA*Wo~cYjLJ+vy<!Q5EpYg5wUqY915L}!q*AWq>laP>AX3DFli+pca>pkMl
zW4iy@dd8M1AoX(4%OuViaH%GG9E4`<T4stZz`=r$()W?9(S3HP{E_ECJTp+FHWxGk
zcxK=UXg8nB<j=EnazCtpinNWv83rN01FNpfSseRg9@vpm3AlF0y^DKIgGih)66Y9(
zGXx`RKZ10efTsmhkpZX|OezVNE7J{0&_w5g&>4<<<uZP94Kv6BnZ1%55~^3xAArHw
z-$8dVAQ3|#$&a8UCtvSZC8(Heu{{yo5G!X)A1gOHzJt&roM&474G1zRt*fRDxuK!C
zR8`@qxaz@g;$49|)<YIcytcs(98_8FK7}K<KM?k>V{cRb4yc#9SUaiCKth@#;VPz2
zxfPI>HNa%tM|#9OT4zQSv2F&a?1JFec3%0cl9&<-{E*uhvI{7&yR)-deUOwcB{y_c
z7OuW5&AJ`h4ZM6&w_64fP$Y<+2zmlVZZIMZfX=uWkUuoq+(+1FmDxJW!tzN=fNf%N
z7l<JF<p3?CrzpP)$P3`f$Snb<)a86*FAG>e%xFkbD<J@kT;K|b7{WBKla9f!yh|G;
zlW>{bXdu&bc0Qn)=sweKr30r(9Ndlt_aQa9&!v~ZPsP4_gtjS*zMfkj;JRPdNAUID
z3_d-K-B{I7te@|xdkG6F^8^8JD*NCT*7QW{9Ma>oQ2^@`=07MTT4UfYFg95U9gV_O
z+;A&)q7?nLnZ$Ks?IZh5JI1dj?(J7}@m9$E2^XR}XcGTr&TGPM(_<N?r!Y0AllP<e
zJ<7s$;kexGEl22y4$Cx#3o+u|P^|uwraIIntEk-Vmg%hrsk2fn{qdphQjciG6FI8!
zMzg#6-(SCpRD7xUK6-yV++nW!>y3tWQ<mQN_&e8Dys(4~k%u(mGHodWEni2%Xtr4c
zW6^iLqxyz_*}U`fE-a+@D_Ehvj>x8!zmVc%e=VL&85`6#8Q9&fpCLcR1rF1R7+Qu-
zK08dClzGHTX73=DC|1}$Vr}aG*;9Rs$lak^s#0;!f>pc}B}mkh?&jy#nV^%m0zUug
zwyky~zYAG4o}fbmczQPs+-2_Jh^XYAbUSF4N1S#?j|?3BwzO{^Pwfz{a0J;qTDi#X
zd>KD%yXBX|g%#zTk@g5vHeE=$_3L+ZZk2VP<)VHuzQetwExO{<%AFB9Wm7vgE5|Nq
zEES0<L5<wv{^eK#R)1dIYEX)bE2t2$P(a!P=$+Q}lZ{(`&0JVj8K!9N>ov!3%qzIC
zH&W;yuv&W_Aih^fm+%Uhvt5?GIk?`afOrOYGk9zH4_#6z3jM8uwUifKVO?Jx+Oyv8
z;8e<+X<lY+Y5#e=RvB@j*0Ixqiv1ivY#E)Tk?tnQn90dru?n$!=oA9Bh}HfH2;PzJ
zAikb_5iz%awLkd@Yq0x4$PGkD_s<@cDuCJwEB3yM2zl8x+5RT^JL4HZRY#o8MOP%R
zNIhY#whB?-)RgWnmNB!iT=Xo)i;PbCNq2kv4^=M4=lq$JHjTwtlvP%@J~3U;E~wxs
z;hnKy15k-#`AALAE@=45l_#v^iS-j#{-D|DUGDz7zqrl82O$~=P3JCX<jNH*)>-d^
zIiNybUC>l2>IP)Cu|IlO>wl~c2d5tVjdRhvswv^Gu!qNkC`uAAvyRnD7hF8T&K2XC
z+&96dv2!wJQ<nB&Ks8sb6wZd;B$qOJ{XE`&<b<(Q&~jAg{ld6v9&(spF=ZMH|0#HW
zn9j^Hgp%H!Z>6B+N~Pv!n9m5aHKsY_X}PnNSZV6#Fk0GQ?Jy0_I6Gy)TUg%I@nBn=
zf6EgZ)V01!v#pJw*-pjWVtO6tPV+kF=mCW0Fu{`MF!m&azRpZW?_?F=VR|xh7Pd+=
zL6)k97pjN)hFqG~o)v7JwuvHcWYC-E=(thLAv7L4=wVn0gl1!N(2cSIu>TRsJ@p3Y
z^5Je2V}QQIJ_6GL=<^rcC{F==#@CHv4d7-sroCUX*&{Myh`WH8sP=TruwbjDlE4-P
zcno~QHQh2P*qY(PIPLAlW^a=gMwC}&dc9@$iD;EcUxzCAdRjb4Yu&M+dx8O+)|bpX
z%>nMYTRsqHfX8`>FQ)<k-N?2YUaTIv;VL+df5o;q%^O3+t1vyMd~l<{AT-Ka99xtL
z!8<~6cTU(d=nKak+*%sdLjwh4iEwYWFRMFQkfpp;n)P$&BBiq_!8=>m-6%c~nu9Q0
zKRaT9T_Dd2_f*#54CS`XbE_dYZmmF~G+C05$Q${9kEj@_Iq*|ckVw<v_41*Uhb&ys
zuN)}vc13slDQxC(MCl?-wRFC+Q5qpz>-ZX1J0qj9P3ErHtRq<U@;@;;wkC2G%lpeU
z_APa1x53;<*dZ%|4E(SF{o-1R_O{?kE!hX0kGD9hBaF!OFNm!{&?~_GEab;ZoCem~
z8Q@pqlz|)Mqi<kk;j`*4vA}&&Y&F>j7YFKJs9J+`UFjF`FYEmU=wa^L>&fOB%5pe^
z<!CWwIZs~S7Ti(p@LD30<#~y`wJrV@XSR><Gbb|eS=4FNO598y#esw+V%cTkefwG`
z+9}#zIU$(6o~<9=fJdiF?xd3^fp+9PfRo1#un@Eu1F*CN&F|GpH^-e00h~?(fLq7|
zfqs!%?b2HEsdO_Q<mf=joc9-Yo;>fhP>+soD_v6tyWL%|Ih)8M#8|~qob@;Qe%F^8
z_x(wFOcHLg>j*Lry?0tWSA9i7hZSUZ&p5PGUaNp{AfL%T8g(~9SpMk<IGlv~azU{g
zib;vTdFQKM!qSzv1t&0`5nBFlplA-&_H1xo38nXoUR>q(@X~_aJ*imK8~6hCtADbF
zt4jYcXJV>d?&F(tyjD+GMrb&?52tV0;PXeCKkI6CpKgDaKJp(l$1jl6{?MI;Wa%!H
zUSq(6o8^XgZBuF~EoC~N0*92Z8)t8!H4ZZl^k1kKCZ1DQF|zeWiQW4!739bvezR6U
z0j~Dx^bXku5|u^&joJ8Wsd~$}o!i-VZMCa)@p9tF1KU3Zz?Za5{a?0<f~(#`57F0>
z4T{7WstyHR0~Vdixg8}xOrD_!>nc^AAJ%^v$0b@K6bd;KRv&iq_ozlu(w~uq3|)im
zcQ4GV-w{uB>?E+Ct@@z8R^Rda(P>xY`fp<eU3%mm!l$kG<_AO1*Yn-G;^0Mc(A}9D
zop&lNDc^Mlf<IMYA^cm<?cY4^i}Q}Rzg@1p8BRRmx`txMv@2cf#PyA6a9#Tpf<MjD
zCE*klZZ2%Jo!n_LtldR@uqjX*w8Rq=t)*_9E9&Gw?6yve3i$=o&&xi!gNM@ZkBxpo
zAI}Dtr|mYKSFY7v9|Y2St`oNAebBfVeva=U4w?)KOw-k2GD&10kcNuFX9?M~@ysE8
zHYbW9gQ*vyhB31><)fG;i+JYj#j@;&c1hL%v{aV;*lr_U^wMwQ_i~pfYcLM+_9+R;
zfppb~fFMYciNA_S{s`Rvw1s{2`g-}nO+@~6*`qlJ{?m_t-htUi|1DgXg&zMT$+6=z
zrC3A?q7EC}#~@kydhmd`TNxnTf^^7%Yxl`Sr}~;RMA0rSX>JZT)HgVHi+^44i@*B7
z;CD6ER3B2^)8AQ{e6uxthO4vIeKw7T09st{VfG{)g2k1Qz7N#bM>P5ks^(+{P<mzu
z93WUQB(Ji*K4WmuWOf!BH`>|mh4oKH)VGnwhSD=Jp1Az0{aKl41$=$he-OryPk+l0
zm-f{^HL9=)LP9<G11trZSky0;OUp2E^wYkXdmSwy*It2CtTz?Of1&2$^9=7pKH2Bk
z)C~V=cddsI20DJp;;zQ*98N;solQFFSt$P=W)2zLaEtRm{e7|tDcd5_zT3h`xgSl>
zPh`qYBA-9%U<sO$NVN}oeC<NPrl*gv46xEOx5N&nINTk5m7SVgvz6zQp&${0D{5og
zKPMe;c6s+gPC8*{416mZ7qJkmn@7=cZ!6c%8xi`<4LajPc;!Nofy$@0<&KZE1H+tA
zm}0{}2G`#-8S%L{^%t9k9X)!WI8PbLt;324=D%oiZRTV+W%9AL`S~3Z{g})lZpc&o
zO(y}%sh#)2WGy@D=w;~pbE{~5W17U{l$TlIN00|ST~h9J53OmWe!LBX(bCX%_3})K
z()Vqxs#W<j9n2m4`XSb}|H$P^&h+vN!vUY{@c#IR&(wMFHwjwpa;87hPcFUx^R7N;
z#EtzsV;AsXMj>4(#rZ1k^9CZ<pKOp6*R)3o=SAGpL_?G`fsd{)m_1&2iZ(lW*fIV`
zb+l?hkDm-Y5|p(J;e+seT%HXv@a${<7{ovI2M*ovR8wSK@gVq1|DUR7Ly$WD#1p(n
zuX=D#;Wvi?RqGb4v7t8GnHZ{EZ6_pQ_mmzhz0MLK)REC&CuFv)Rwicco$)FQUVxo^
z_Uc<$z(oP@S=RXq;f=X;8Mz5>AHiP==@DIN3XJ)Ax}>zw$>enNhY@Rq>cUFh8;98%
z^B%#Jg`P$`UtxUedOh~kQq#XlatzWF^jo53in0c^>xV{`9Be-yb9frz=R|IX^u+)r
zl`@80xpWlU3~>%6L8d~wgJ8PdMvudGVdK);PI$sVAGu!fll1r4Xz)a(>Ir&tTaMqi
z;S-qT8#!=zD{yl1we{dD>o0efIDr4!{R&Zh)5+RPMNXELqx)2xf^0Ba4O;&s{JW`T
zSbs#8a&g{0^3XKz&dkcd_nThU+V}Ik`SAte!W-bag{`k6!;fy4UaYn`u(|acS7y`~
z*La6ja9gp*0-E9F&UtJ%`yg-q#_g>%LtcDEnfk0#jAiGE(v8AIHZ$~7J5zk@@H45f
z5+q-m)fl)ira8_~VF7VHoOD*3n=^8KBHhV#8{xn6L+;_zBvBvlUytwI1%8*IsZ`QT
z`mS>;dN*@YBfUb{lZkMe({wf=@|E$cu*QxxxG9bVybjipXxZYZzOwou_x3zHzvX|)
zP4HeQ*p18+>9!BIkh>Y_hJSWJ<<-dc{nUWD-%RtPR~H0Kl3%^J(pEnHjX{>CV}C8u
z?Xq*)r{EG$=kiq0@OFe8|D30ry0+XW%AOo?ik^joRFdNsz94|FM{OXUmB0P29$4dW
z+if*XMALa23;eomE2pEMNqSI?X*I}T<tQp7akp$?URC^bc{EW!rOq;HDLMzm+w1-y
z+9+f0F_^y1clgKU&cQ>$Mr@7EE&e12{&{KN0pq@P(Rj5ly}RL$Vb-*-TMnda4snX&
zj$aaYulTCI;13q)Mn%F57fe`=qvupAFnj*2#~XR0=z!FvuHJxxwkfP33xmnmm3-GM
zN4&A=8)L)IPACzJ<SYN+54W~H10VQwCttrXUlJR_?$qtoSjmHTcuv96df6?#`;y{8
zyvxP~UQ01~468MJxA^_5HxC28fo9)iZ*u!H>$~m~4U5<<u=_<qi$TIt_HQ@f4Wt0@
zp>y6~>FSx<(t=MA=^{eHV6>Cs;=dZNPTa7**r`wqcB9m_7YKDH0KW@yk`w5`Uzh!d
zcERVS=dV5sDhESbR?Cn6!`cS*)=5skbDDbW9%jIIf-EZhMrf3pf@ap5o&IU!uAQPN
z`1jqtXgxTj7R|a5e)$kDE6Qo@I)BIoQeM3g->AWg<gYrnNL2r@p4}(I{5U`={X(9H
zQTUZYL~8)A4Qsflc|y$bP3?_pP1bjRbEQTizRJEexW3=KF16n*<#PAtt$Wv=i5Y)g
z?juy~ksBp}#~eDBC=6rU?#*9*9W=}l5{@kuHA3{Fleb=6E4F^!D9Q7#_|2l9GS9nn
zg)<VN4Hr&6xG<+QE`H2lYy+c>MCPHj<PDLk`rDQ}V`*(PURbh(j)8jXmX)onXuLo6
z#)T^%n?M1o$aNa#rG_CUS^MVVIZHfjnC=<Vp#PCXm1vl{M`CUd#gb*$OG*@bce`7y
z*tu?w5oJ`?Bw*kfFM7R6>Hh$lKxMx^f&TGKcDYTA@i3-#;SSJ4MUoD%=85gb`%T^P
z*#~J9`~8d3g3?3gyXX&7TJY8Z8uc8bGx9+j@gcKK9-z_GQ4_<n?Q9rRyJiRIO+}LK
zg*8w7fzkp6)GH={dc{lT_bVrWx)O2hgK@TV&)bY=he4HeX7$dHgDTmW)ia}rVHH`u
zGcE|K<btf88K|X{1VQC_mF$xsu`ov^PXQeHLV;jq2#j}GVqJO)pj%ZSSkV~j#rwC}
zAa{o;4SGNe7-s~{)QU!FFh=PXV{d%3#K2MoPmMA67l?Z`^e=U*XK8Q)rCXkYf!(P-
z8a(6zeY`ZFd%FxlU_PfDqy?SyqZyNOR5D(IBiB<JED8a8uPV65OHy|VAXwZO?#2Cg
zJShER!kptg4*+e~MQ@gnIgPjWHn~*d4XR|r89JjWsFLuRlQYJHt2;$#Fzb1hWSypo
z=W<l?DZr5jPSfDCT&zzqPp4?`X%_1#E>@D7@08ylLp%TX6Flx~i1GZU6z_%IaoMP^
z=027$rS~xFImm2NBk}nxf1QfktSvA~hm=`ciVm^&(R2Oy=fODd7{55El6zgr8FG$F
zaD8dG&T`<0CPA<q;K)XRM6(P*%g@e(hK_cLzF}VRMfr{SaS_iiRJVzkCPVuM33~ED
zd)TXu(jj4vdHVqxMcw<Rs$_!#39qV>umTAW%-(a1ogbTIXveX8cb1TH-1j61A}?GU
zf1xyr=b5AI3}n1(_>}ps;Y9~%bT_317}x75(62mYu66Y+-GbwIpVESFAEZ&H$@KWt
zg8q8__yO}i(k_RUS;-msIjZsQ+Ep?f!FgLIL2y;JnbTFdaHIn@>yW2ax$t60HtdbR
z{eXEps^ni+caQqWH_0h}pHieawv~glz>0HJ$$w9@{ePR^9d`L8W`2hrFy9?*<+qb$
z<`>V{e?Rc=^Xof6qpu40=eS>4e>cMe+O8PZ#4Jc`$Tr7;^>>Dv{#zIILxG&Ydk+bE
z@QnEUei{uact*@;XT*{5q-^rV`ikdc{$3(!oEgvkdl8t!zwfvITM|zlFuA5ANVq}U
z^*N;lZX=eRpOJBEEMB(Xq|9@%krV!W*|(oY|H0`^VtT`xtmGtTNI7`UgZONKBONYC
z{8fVBY!@8yWI=Ft4jgI1eH@A}@-#vm_muHTPdDya>3xaSlN@-_WA=TqLrH5-w6lDr
z6nM|_7wa?5MAm$c@Wu-I*YjWZ)93+n-wBAmn1(a3lp@E22h9BseJ4-R;CL6jDD~0c
zH3w)kd4}S7eMCE@1>UJDX<{1oaT-p^=V~}CA!m2|_i6o3w)7i2Y3lcu{igOT{a%)-
z-w~TBEx7Oijl!7>{f^-EtM8}L)^qd=#(Q*8!zWP7iX8uHKaHvb%)f1rlvUD{ZR$6P
z<B?UeVkq=$+IW|`tdfQi(68|s*=c<r+ef1@7q4%(p>JF-Lk`ergOaIlRrs3^nz6r(
zwAK6Q{WO~K-uAO*uJVm_aBiRf-EZET;yM_~-eEtItvS)QgZ*tF9CP^rv)>+vb@1K&
z=5sv$=Yv-5HGY?Bno2ymkZ=uF$^L=J&wM80#WVO$^K8+S2f=%DRT9GeKL?I<$q=l}
zheXpDb=xWzya);yI)<JS<8130#M-}N?K}tur>SIJ4kXqLRmq$jNNgC~`wHf%M{%+G
z`lj*xW>pTn=p6<@ExY(4sZomKxH}Z-JzQTf(DYk@bIxLEa%QaUXJ~N4;NF)*xhlB;
zpt(~~;&}dSbwRLlsM1_FSS9@L7NqOD`E0|N)%!A@(^Zg~(cfpXc}~B)G1U9-`r#OG
zZ}$&Y3C@9ek5y>g+hBbc?IqA2#yw}yesisO2AO9SJj3kTXP!}-*xwc6_u_l^nR_wz
z#c_T_X#t)~F;DYQTLZyZV_}vf<Gh%Y&JnipK4983l^i=wjrqW_Jad{RR?8}>IBNdQ
zqK@%E@Ep}KUM1?l-dDT;&1m}wJ4@sJLKo94oS}&?_8C9(j&GDzqOxZwNyR+V>y#FB
zDw6T@Zk(4VDJ@u)14m+D)|O9L-(RAJ*}N~Mv;fETAk(!q-yt^NcxLRM^Dk%+*8=+f
zx%qcijPcLfXWknihZ?h%?pnkA{?hzvyyw4y^~2idO_UHXsHAEijcRA<v^VzADE70~
z*6M7PcvFQsBuk9nTfzB#Y(I@wvvFcvtA;lsukprx@HE8R_R%Qj5HX)o>&*3t^=*p`
zZCi?_7(WxTYM(q<B`3!MIjKl-%uj5FO7<~rY?z@E&tR3LWFWg`AoHcn-<j!uE`#^R
zW79wLL_Qu$x5O?}GtSMcxpVX7XU#f|XJezDaA)J6>^GmAFWYa9WA_=l<#>O6d8NO0
zZ<e9$m?BR;U6<8*chMB~w``=z>7R8eak9kKx@w>KEU@XjD%mgq5~nYa^;3$hlYNrj
zsf>+x7=N2(bbJWb)9<Qez<wIt$Mz~5Pt$Cb$j0vvN!{Lw5Ns+|$&)w_g^+mizfte!
zb%Vt8|C*_PaG~y`_#~|V3QSA=vZS@ML?u7%q|qG!Zj94Zq7v(~Av-QIbA#svc@(Zw
zIo>%FNZ~#j?VPC+bs|hxaV!|a1s|vYM4M#RQtxXe1U8v*lV_-T9%S*<P8tmrP0@)m
z@;YUnO5PX-32bMzsM|KU;C9zY2!`6d&5)yR8xNzGEE#Ctx6KB){e6I748Wa>>%j%X
z$Ah%wHVJ|g0Ipke_nbj4*P1~U?Gu{)IqJ4@7`^1LXKAoQaZN_M?z1$A*qUe7jQKOT
zmb{P+!8Lc^{YVI0{jsEM2;Q-HVK4hVC>?cHXZ)_zsCb7`5La;B%uva<I@#|q$&heQ
zf^F}0(x~0<PTkm<`P>=zIs3m&@)vUt<$RcXXF+@p#xmA-e%y!O|C|1u7sz^tBI~Jr
zl77!V8g0me=_%tGVPU*eaZkp2W&Ga!Y?a(G3=$oKN?RL>rs)6bpwZY3D%sXcr^QA>
z;<<;_ZEv{Xhn<Qtd0$TNOsV~XW^azVZMGsU`Ft3j5w*Z7HXpMA+{<zxxFH*cmxHwA
zuLB@>BS_b6x#z|~(_N1aa<xxyUSsriEqV7W4R$IcC!fID$c=UWKGgTf$vDo967=9%
z#UC53Lu$0Hb(r-wIS>-xV>L6DgL*75IBjK|Hn4po*8ewXM#hhKn4gV!sFOy+MN{<E
zGPL_Ql@QM?m3Zf<WDCw4)8!K#rY;Rl4mLGO6!+wjpam>#&h4hbiX3&D3$(y8N()>$
z>NdQN`bK_R_B=Y~Qy97Ai);vPxaaOi27uJuX>ga9c!oj{$KYM3Zu=CZC2BSVmG%po
zJCy9n*uPVeCVO4*!-a0TNp3G{p5unr*)Vd+JW7pzZ@XYP>f<B;Avv&ZVhe1uH2Ndq
zZ|Ru&8yVlyL8Ca=;?E6zE=Z(`ZEyt=sS=f>4%5t^86T!w!no%u*^_w=9a#{Z1=4V7
z)!mPrKn)$F3A{d_eR}i67IoXKb+FAd4~UTyLW8KOH*h{WX!IbZ1rK!4=qI=bm8fLj
zOdv&rRkFC#oa22nRZ;;eQ3tC;`{jVvoo8_kjE-CN5$EQuP8uzxv;Z`1*Ep<eoiu^9
zJ9YyQPfbZ*hpdtU05UoUws~Ekci?&X`_MOt(gGY~oYDgJxdEeog+8KNo|K`j>Ay<|
z*1L|GKo)k;sPVk?EG>{1hkFYadwYE>H$DI&eTrI><2R#D&(ebZoivIybMskRfOQc4
zeUb5bHS=$tDLL#sx)1bY>~B_8y3Eh$#blU<=UuG=bUbrBWUhh9!&%))%CKd+0@E}Z
z+HkLjttH02E&ubP^x4b&yGNZ5YJqTcZ2<T6rzL2QNzh*D8KXmJjQ)eOG<uBE0{I~=
z(6oMS0Da;bZOS$OE)Sj!tox;;42g0=qfNhF8xZ~YAJPI>oi*>7xStUTKT~;^-7mP~
zLpsc}%HJt1D0)Z>bUbdx{wO0~>|QoUCEiKt&ntOYo<gU5+s5a>?RY;L&Sjq=bDQG@
z1rq${ftqA!Gd^Rr73cT=A@1MfqbRaIVEoKXNCLzJ$)y8CnMnW<FQ^GbE-Rgj1a)1s
z8F5jcbpq;o+kIqF)RmPU5&|o`YetmzwvQ9MW^`9}=~2SX33o*?1PCA?lc2zguDIM%
zB$@hsPE~cLdu9@Se$V@U-oFSv-BqW~<y+^RI#p#0u-eHaqjr+N)266OWBNkt*usN-
z$q`<AXl^fmnyQpsxKKIs6X|s(33`)Yw%-nJq+7OuyPK}HJ=4|w&O1H7<7rFr<ssG?
zd>G035VG-pzoJyC?5b8a+^WXNZisJ3SN!-|VWE<*s4?RUcKdH<3T(bsQOhHFz}L?1
zY?GKTHzG{698i_h4j477Rp_k^g1eKTsP!g{<+B4e2Na!brCLieTxhJ9=7#wlv(v>l
zYJ}>ouU09`C#vzf8y@2GcSYlj=$h?zM*sd+s)e4Gm(nnA%b8@-#h7<({gG$67F|dE
zd83_bt*=!nvHiA9R26TRRo7izJYKmy+%rve?^G$vf2Jy*Q7V=EPnEJ^BHyzc<?n}4
z{yKW*@7cpq{`QaMZ&{STdJKP$ALjgxgrofRUa>%#IVu5vJ$b$<3Hi(YjlT;1zTGQ-
zKkk*kKX0d+_o@X-Y`@D#vHc<m`AZM?OjF6Y1<K6JIDcEOT%ar%70ciC*7fuDl7<jK
zQ4z~IS??~cY)kQZW`b{y;MqS=u679O5jv*Z#>9Bo_#L3<wo}cjD|x;J52;Gyn>EUr
z&X_ucPJZX?_QO<brBrHMUZa#gq$*huW1rzX-_cH1%P+a!s8MD<q$=mS<Bt!z_2ujl
zV0Ypgu@rc~SALk!9Sg!#lN}IbGVdpo>?A0%55PExulE{pketlxIr_D7T0>x!X%xRR
z1AmQ?gYld9{VFB@x&->9UgXm|srD_4L;2id&cl6tj%wb2#@L#Ak#FX8s`6H+RTnBd
zxGv1=frduCN?CB7svJf=SW%^vUZ*MtO>6IrUmN53<rMrHn}}bjJ@e~}a8LZ&*3GY5
z<7nl-x#R^(+hqy(1sD77?}cA~I7c;CS&Z$##lHN@RppKz_;pneG*n){Kq<YP^UGVZ
zK(SwL@N2EbUcxLcx3e7kEPH9gOgo>4X4-*NrNWq`!=k1r3v|y>nbg@~h3mbN?zplo
zlgE`fhSQlW_qqb{%~f4N)MT-Kp9=05(`E8vD!=nq>&N3UV0U*$V>5HEQD*l{=d#*T
z#JP9RQ_bd($yu@XfZwX=pijThdd`J<f%Pt2e;UszARZvDbmu|)fo{34vLDO)$KBtJ
zJl^{yuT5EQgQik{zHhJKiF%F(>z;c?$^UzdeTVXW|7LfQTF<3`E{+cyzvOvw<dy4q
z1>=ziz<nv|Xetz;pXMAOH-uAi$Bs>sNx1LGVl7=J*gimp@9{5<x);uykbP3iIY(9i
zc~g6sYRk^i;O`IfGb+%htg}IrIiGs$OP<#qyX+aIo8QTxBY#>QIiq67Qu=pQVfVM$
zWrAbs9*?+V``It4X69w+43F3T_+|9|cq>nH0t>#R+RH2smICv?q#Do3<p$<`Nwp<t
z<7{kM0UXyn!t*N&5mTRiMrr$-s=R@^%yB$0lTvB!^Uo+dMPBcrFR6xO!8t<$wfUcv
zN~axCU?bE2H5UCh?v5`V2*G7`Sb^hcTwTF*^3m%`2#)79yX{1%AGrPf*x4YAr?58O
zN4Lamsj;}h??^_Qs1r6~pCbJ66(yu?Ah#ooea{U9z1@+`>eKw3=grJs7TMa90J2Uy
zG6VDN63Zjj^^?gY$T{&@D!4PBn%mxz3_fwszOT{_L`Q$XJm-oWe*TxpJKj!f7j-YS
z!-~rF6~rm(uAMRCLAx^BnKKo1<SG7t&iV?1Is_@)rVKm7@5169*yJx`af<V!d)`fp
z`Vr1FzHh@)b87>=WpxF4^g0`P&7O0j?i5>hS^@9G%i(`0mA*N|V<7VwkiMS2v0#V|
z^xcG7)=6Zs&bj*#*DcgV95?a+b$G`ip4U0;um>=HeDDyfP5I$B-%<D30-Lz+-R7h7
zlj?bXAX@9?0JZt-msATSK~cB>`{cDl;Rvf8T7kHOHe4zfu(c+a^Fm)H%lpb?<Y7+F
zy&`A)-XW@O6@S+s;&xSdnCDa;q*TIpZQoWaZMSq|)(So^7qB)%=c)D!oS#~&mC{?d
zUvi{CCbIy7_-!%I5!WuaF<e>EO;adJlS9xXi?vIy9ct0$Fiu0e%bZw3=G$#7r<r&?
zLaaBY@_I%?H;kG+HAXio0raKU*$Bqv5964xvypEom0q{Oith2jFyHd2s#3SBT3K|S
z<8N%e6!wL*i8`X%y44koPP8*Kon{-c<OA)X2Uk~+7p}9hTA)OAg)ELVjR!;y*dO6o
zI`NRnPE6n7voVLLhV5gY*vGNhF{;CS_Nl7k-Bzvq;ymA5^CNgyYr(tmJ>p&M{}JzM
z|G&n&qX*;guJ->;y!+(fkKkQW4Bn0J0q@3J@UFHey!-pX9`UaB|AKcf9!!jP&mFYl
z-IWLbcX+q@P>*;Q#TFPIhj-r|vf|w%2cvlRn}Zzh&K<JiUCE*<#Xf=IUDQ_O;jGPS
z!tt(TUX?O){7=9;gC-N+Z9ViOcz5mp67P~?@NRqpyc^H)?kXJf_yl+t8t&ULPE}fe
zTczAYdcnJE{~y4+@jrrhNj>8o9PAnI$N>}HjZc7g@(5r4I8|w!Riz9h2HvfU!@KNo
ziVyYUhC@7;w!jXx?2hVH6{H}S??3avq!u*^bo`ygW2StYrw<h2_u~#xt@9xF{hi5t
z|ENVSHqg&HvRF;hW2H8Z5jN|73S)d54p8lk@K--NVBJ$;ywi4@s<g@rl^h;Nnq)h|
z*V3N&o66FKihX*Fu7^hWK51w9rDns%_fsm>l`m9Er^n_4t@;52xa|LVfNE+g=teD;
zn!}&JcYyom;S|t4pf+E7P~@RfL0`~M#`&bS73Hj#kTS7XuMB|9Y_ZkP%>j~ki2Lv;
z<I|`crnNP-JN`~oN0k+reIRi?7CZm<0FQB;5x%x-w7a{=tAuPgj?(&8N7ksB{aAj+
z%3seVzNg!xZJXP5qulN+t^WbB?;5Z2ee7C|ov+mt6?&B$#Jfjh-a%Wz81>OYuVTch
zDvRfH0u#kIC?9MC|85cZHs%1;{v&jp)y+Cb`wUrS&g1(fvXe@PCs`(0GQaB{$AmHC
zH(wZaLfPGWB~-Cj!f}vlnIhMB*C`(7?OymycbtdxBCi&JNw3t4eGt0DSJW=@%n9tb
zub`LLgz$dv5&Gfpq(Rg-_rhnCe^Dy!IM7`iSc^D|&&@IG_ybfs{9|K>#AAQ=3#zF-
zjD6DqMh_eNMaI~ljvsqz?ASdceP_<~JoZn%h#&iK)7aflKcgUK*T#<fY3sN<zu>rL
zw$C2Nzd}wp{)c)Qf3<1+hyKIIuYXwc<FbcKeZgMF|4f4Me|;c2{-O_S*!XXW89zQZ
zkALm|X8i9Z9{**%jKAD8{=XXIUs3bp^7mird#so7-<V+hZ<@!yf{%Yd?D$t$$3HJ_
z{5*db-UYt4Q{Zbo!gHU^`>7T#RvT8~SnbjMQsD_|!^$s2EhCO|lG^b87otwj!7+RL
z7gX~kgPz%BtIy5?5}U6%o9b0s9XX>G*kXOCQNAL<1M~Y9AHl)TVjbJptMvJT*E^u!
zGPkeSnj3S(*ChtQnxpdoueUfP@bHKIyuJNm9{p}V_enqK>t&dNed6ysg&e-#PqkyF
zdfHR{f$ZK-waW~-7`a~4npqpDijBsM+ds;8_N?$*;?5`FZ9^7cEBtDI&u!<Ys!Hq4
zUTfRV%Y27>Xxq~M0N(zmy|iynRTbNmnD+gb`L_O)_S1O#dN1v_rKpOll(k>$w?QqZ
z|8n2^y|&*Fv-g(gp6A-(<Qaz}a1V>8SnLo8t*#*Cp``liB=FrkxrE$f2l5fX3Fr&%
z%I8WO2H||Nth6B?l5V;ivK}g(Cogrcc>d+AWC-eZAk~o7|DI*`h9Xdv*TD9W-vMqB
zEAGTtvCam11Ay*w@MkUu_u<SrOQSBQ>#42XwmogXVcUZOx9qp(IAh=6AojS68Ur7z
zF)+t@19+T=G|ruDBl{?oo|s%hL_G|v^>H}F83#%Bc2{WFlDGF!&AiuD?gu*Z19`E5
zQps~o3F(;Ar~XwtG<gd~vszi#?lP9IFTIe*-R%wt{PIHXTTR$cwe#qM4FtUsu{A{|
zu4<l_ZcG8UEkh>W6woma7}DPq3phlK;6VG0(xdhRy^Ynp4PiAGYftl<3*rE_&Mhaw
zPW;~44|G|4Cp&<IQa~r!po?~Qdc-r29ZtGZWCHs{EofhiPv9gx&;Q?g0k~0y$Y<m+
z%F)c@x@6Fu{biB_s?ss%`ubJ}jB0bhs3#}ei03(b!~A9ThDSvH`QSdP{f$xy`C!h?
zmwrJt=mSNz{yaDDPs$xTE=eY#jFH7dGFWb&?MbcON44+;IM?v;I~|i+aNL3YR2!GZ
z$J^n^4H#qgx1--TIIw;n)fy?4*6yR)JVwiqK!bRObRi#u`#2x#DV6@YkMFk#J8XgX
z_fhTdEN6~=<_56+_fJs``+Y~~>0kEoec7Hg(4B(6PLx|el&h)`M{dBDA`{Qc_6BT!
z#25Vi$0?Q2&h~_Alt&*{l{QD#s8&bzD2vVeFZX4Es{G>&)sVlJP%33N)+neG_{|`m
z&*A&BBYY3{f_+rOdEnK8(Z1*B%VgOanXMOP%Q6|m>)RPWC+=f&)0kFAPIrB~-#)1Y
zV~*SQQ*F9fulxH+s-aJP+x8kI>o;oDuRhQH>ihOl4d;QP{d`>n^`|aoKX2VWs+si>
z=bJMdYLp#}hl2z7w|gJeKA}_^0%~)W;O*3XRC}LNsogPzy|aPIBB#5){q6lcMhcy$
z!9AaF`cPhbHrFWn!>aNw{w<!T?PurxB&6@jeau&oj5T6oe~c05(y2hkrphG$5(pkn
zh94@g26s^!$5X_ECuV}rYnKU~pHk1(?vubr=cm@w`F-oXb|8KCQw=VGBFzp>XY)t1
zy~-UMZ9d|#`}Rzi$$3`KIw)Z1_Um?;%s+2yKx}&54&=?fR6`jywv-Vg*Ee%G$D42k
z5P5h^ecDB!hbPE{R>Yr$;kp=o6`9Zp@xOU5;`MHHQiAXDK&NFa4m*i9jPuI;m+cK8
z_Hlk>hZBg&Vd=HOLjh*LVJ|uV#=z3^u1s);QlSX>gZPQOL7rIX9Rm8J*Vu@;ruY86
zR9lcNlW_iMAL6TRUl|*BTQMJZs{;b9Q-Qdy<Y!pfd7aNrI{+yiB*rlnNaa{t{CP8y
z;6YjZIO}o*?-KC9n+-bh?Z@UGTQ=w+_KuCrzY)ik$?(GlQ0ofWd{^(MT0TG)^0F$K
z<L`W&e+$4(@<;n{Jo(4UdY#*5j<pd3tMOa!XmIz&W7~y1Z-9J8TD%Luchg>~Z4l?x
z^wd{nf6yCOSCGo_Hg;Bxxt_{$9!p<7-_E_xM*fIcT>)&*UO0#6bIkIY*_WLmp`d=^
zoL*UKv*d^&)#|hQ`|veX#K5p4XH<NRMRwqpeN+p5OUGh+%luwtmrGUNutDuw8`Op?
z;%hivr~@~}Kd;ONJv=qR``H+;<cz9v4)(P<GDoQeSNL*39eCqus*O31afXRru^(gT
zUY1L;_%OT<nbR%prCJVR`d+I2gHkDTFV)@@KKOvWRQrfhDSa>1S}SCtQ!4e}OSPet
zN`3cIErU`iWiQpTD3$u`r5frH>dfycm27)?y(ev<nj3Mgg=#lZDs{9_Z3LwfX`$LL
zDV5H(P_1>UOvX?uoo=Dp6RdXC9%ylajyUJ)2X0rI%xgTS0$I|+bJ5?90JnjCr>Dv!
z6rs||7OLeu>s59+RV5qLW`p;2lu8fmqgqRZN{D@-xiT4tcy<XC;XBCBQkSaKz2H^w
zedOy`#XwG<qFUQ5yRWs(?h6;#ePh0(+E>LgabD71+_I&Nh+2g1y<Oew3qyEqZk%1G
zad{`gL~nmCb9z(!Z<YN(52sYrpK;^_+61QDu#al%BUJj}W3RGuSX9qY_Z||t@n!w^
zz8kdBqmG=wn_}P3n<1MI=lJC~$NR7Fl{&|=eLy%T4Fk2=6}rOLcOTVke~k72ukg)u
zstW4d-%e5OI!YzvQ%wu!%QW%-1>*m=iT^(>{(rrQ<z}{U+e9BGEXCNF9rV)ze-^ZH
z{6T&t!i84g{>^E}pg=*2Oc)-$Y;QOap;BcF)$sdv(dU1)@cqYkws0SCMhn&6pj5iO
zg=(+hI|<~~n$feoN-}zuS6w>j=kiDUP)^~wGWj1IZ+2AI^7B=t@=dF*%|Kl%5V|(Y
z?tA%L&NDT;y}0emGIsV?Pxx5UkJB<U!93&bC&n-}o=(I|9CxBIl=KC?Ev2F!$By&Z
z-}X{%R)k90US9KE8le)7@zm2YIrkTyo5_)7(vlMO?>6nBnllakJE=Q26B4<ZLoHOB
z)(`Yk6@0B^%)e15Wb1rk1AT0xSIIQ#w}IFHj8N(L9;&qqtonKn)e6|(c2<Mw-9t66
z9Zs@66prkG>(dfev%aQ<(~npZPKKS0M=8Vg6A>!y-a|FyHR{Js{GL+j^F36np;Y>8
z53gO>zK3e>Q7V1BhvVheJyiRkI~T;qnZK9oH>)!wH26WtItHYF0b<dIUS(Q=_4&LA
zs~xI!$(cTUeuVj&*#TE5%ZFH0?Hud7^WRi+?xSPt7I~FiN~O6iJ^Q^!kiL*tK_B*m
z7re?em#S3T;N+_|IEk2ox`&uDW-rySe`dE4DouaMtITonHM6;IdX>Wb=yz@6JJgFy
zOy5;RsMJ#LRi@?h@2tKo1fY}EQ(x_IfE(;E=9I{9vGtfeC>LHwzkUy|>yuk}enK7q
z!N+o-2yGqbFg0Rp@Ytd0r_|CvZ@&BS+vr_Rt?A${JXuDt|5G{Ey=j$pXhMB9;$%4k
z-1zMI{Lwy)8=pU0#-4)%+$&o!HsR+KvAgWVonScLQ;wX#X$Q*1v`04?^eP*iRBdpQ
zuisqhYkN*rT)TO_|Ly<bYXlgVREk<LXV=iNV=x{~8Cg6xT_&p7AN=iZsyVx;=sSnS
zPS|g93)LRYwC)XtB%Tkr^E>OlU%vx%?7va;A4^-|e-hVh;<Hq=m*-R^_8Vg?!^Bu#
z5%$r!o9FqF4zfG(w+0>A;@dw_D&>IMypd8V_TAE@s#3C#zu#B9uTm;Gvr0+6I@IU#
z4E25fgE%Yg0thDJdu8)t<@^s+`yHjyW9c&4bCR;W<lKJIJ=*4Z-f|aJUw*$8uV>2%
zEI3<6o)EIP>@)qI*A1-QO|_?b*sI}50sZv1R4X~KIF2U^ma59mA9~rVVUbH#VEJy&
zi=QDcu9C@^tWvg@vViTS%nlUv0o^0kY*!v<@n}<<BRk-Y*-M$)LbaZF_O~B+AHyh>
zrthIzShVAf+26f!H`Qbz|9QKqrYDf&%%!SQw|}wnqG%KS%C0?JZu`(5ywhGk#8lsE
z%at1tQzj+BY-b;E<L{I5V0O3<@VYVQXkTWvOtM3!HG=`58+LQ?ZmRhQBwjNp-b1xH
zgE?<&W6rvk2gKN}JleP5aaHk7U!*+n1K)>>^e5PRy(06L$-VCDh5<5B_lVll3|?#N
zavFDqM{&!R0q&yCGO|0P+izm$1|UAECd`5hIc6DoE`JiZ7w@5(C&{QS%?g|w0wnKy
zs-1IW1$e$z3Y;4vlWBc`t>0n$r<6tAb)=!b7=L7risiw~$5rK0F@8%7mBiOeBfDZT
zgpb*%g;hI-jx9`*iJCI9c$o>`bo{P^jxp@ZBV@E=H`V5(Tm444k99pk?xcF6KFw=3
z*9sl;pXBS6w&{x$lxOVta9lr}<huDsq01ldqFSPNQ5W$2uf_X+5O}w47xx$N@724g
zwnyOFX2gT3i<HvGRi%xcEmlhM!$W<Aw=Pm#p`pIl1fIyJslG_qb77L%o-+egDcqj%
zz1`m%_MFM=8QVd7W_ArS$=pM=XDOAC&pF>ywpNXLVAO4g>^;|QhjFf8XPo4)I-#F^
zPqhu=%othZ<ig+aoSb(T)gGo)nu_*+CNVaw-9@$6DU~LpJ${?`ot3+&_A9}+hj;Py
zva`E6Pd1xs;EdV@wl*`(R{w`x{2etPbbq?c)*7DJ#dG26Akh5-dG2h^E}jbw4+cF1
zYBSv>Y8;%PzcE-QFWF&*vtYFE^?ov00O+5Vv)sc10J8jIncR~O<Q|ZTngqUKNiuo#
zL3{lZgIRu&$RLwh7XztsN6$N+nGeK~9UkjXmPH;dJFq;9=abGlAdu4!^heQ_S67h3
zb~q942W}^*&HHzW{lFK2jy!J_bu38B20M_m=|E05i?NvMzn-`VbQloh3uJ(P%8?sz
z6&QE)mq+pCB5+@uT26jh!0Y*qT7D0x&8rL=T%a#cmdUt+(fr(7P@Bup2fI631Jafb
zmOM?XVy_qT7t0I1DdgkK=d``}rLEp3>im}GupA$oUq1kA%|G<xc^LFLt@R<B#rh;P
zK@-;<c^B2d1x3iuCwEcJyV_b4h&=vau*~@E0dOP#*H9|?F>Z#O6Si~I{lUfjcNe8@
z<d?HZCi!XQ1dKaDv%x)nKsh;|)4kr|lLfyX7X0#LNBJfH6kZKPJdf5rp2`6-!{FB-
z&aaohv~}-yfOEXw>WyYTzcSo&<OclBR9htK@c-IOwfXGtoWRS?*4mory4L3IT-HUq
zd0zW2RwEb10FO9F^pDLZ-$1?C2jS7a<)A9IyS=RD=FRVUT%b`ZO}pExSa2knpWlk_
z1wmCL<OyE~+gauSGRpz_D(KcfwzlB0gZ?2{>o&m=osZktp7hL71}zJ}r&`g!sea0l
z74SssPIo>i)?8*Z^SwG@$Kb&9W~zO~>K!u!*)~<#b)Q$^=VD2Lsm**{dFkC=c86!8
zF*p9ot32>M)$S5F6+5=;nyI#pQps*p71w=UCAN(_zUTJ@Kqu8>f5UGY@AE3Re$Vd^
za84{C`LfgJayosv-;48jkI*2}9!Hx^Ra*bstCW6Ewe`lgs?+E4IDLJ;=UCWgQ<b{M
zyo#rT>eB=da?y{msmiIxyvoaB&MBH$Vw!WZ0!M@oiEXUz_93(4e8|UlQO)RMgJ?f!
zQ<cI;yvkzHcCn>xDe$_Tx6Rfu4;pPtacz5c@iW_uHkZ!!Dsy7SFzs=#@&KjM0|Mt!
z=J$ztpgDm&H-M^?%<?K{{>@_oV@;c%3t|h{#9nY?zHyD@a|?0U`M%-npvZr|q@iO@
zpZcL$FgrX7-1F?vv~*2{#iobm!tAgO+(YwVwsRP`hYo|;bvAJO?Ipxx1HG%6V~0N*
zg6ABWfx4#_GQVQx3{|<<23hRAEC_0AD#*)rSW%ZO6B+S*icD-p<!oNraJ^~&RypWT
zVJw_16VD>Pw(1%W?pM=g(m4)v)ghB*!Us?t)|kiQXI;bVO2#yceWc?+F9o&P1#0uW
zbRZj(Wm1`LTY|PbGu^)AQ8_w?I2|&%HjSTk<#Yg<kp{#)iTUMh@6)wAspc#-pLdnR
z{BorK)@G^|m09O8^@^DNV3%8cLKp=)$^v;TkK#P`j|MmD2J%021-LDIyO#59!KCO}
zGb^tH{i#J2ERGloLr$~~1^1)rGSP?fzKl3g?IlihN^I?YMF{<K)4DU_HAqm@DEwf5
zPA>O@CygxL!~I~!m;W?T4Q@1Y4B5;NCJqRsHB)W>jn*-TvaLJ`U1VJoc4mTp?Rbu@
zr}<j7d9NPBReu5K9doX)x76%pVoa19=&2UsR-v!qaWOKw2=rIhR1j((a>D-&b^A+8
zn2q1MlWOuc?ZrcrV73jP4=y1Cc8ar`ZvowZaS2J=Nwshx5QcFI=>Gf?lCqP}gZ^pU
zUt79UoGCsH^q1{WTT(FE=O0@_#!cb%yZI@mbGdie>OBsbOhcVa<+Tm_n(g%m{_Ut=
zSsK;DWldBI-)3Hy9@HIsyuXubnbTwRZW8DvhA-ue`cicYxW^7FCu48#exI)ulybat
zT`QBy8$i!bl1csz7+XnfuWE+_0teinSEiVBb0q5KkbwPHTsKkvgMMYLr*KYW^%N@_
zlVt+c+{T^%1#T78<{Jdx;Aarb1GRYwsLgx+vQT;A4plh>98dg*sD5~-kmC=O<IbZT
zckDA*tka}+@B6;mhjZM!-%;&2Ko<HO)lF2JEY{7vO;o#&t(EiK)PfVdX2E=Bm<K>_
z_=X1WV&7*49&Mu9xNm6im*W4Apd5P9Iiz`|pf@yvpP7!lUERdb4t{q8xZx6T``c1{
zjXSAk=6h=a=lk-4DBn@f_Kl9&8`7WKLJ6-MvFz#85w9FjWaQ~W_5ovyl4KHcjx2u6
zWWV+%s)Yu@7@IgRPZjo?x07n)9H5_NdGV+|sck%lx~hq47g8!A_S|;tdX~pHJwB?Z
z-+s>UBQB4DZTHzpwHaMJuKjlt+DK*q^~!$>=xFzb4xnsbczdDp;+?8;r;y{oCaPr$
zUnZl8Y6gbdTBv(@KR!p}I7*!|G58kRLxWkOy)piU%C&d$yIOG^k<Y32a)kS(9iLNe
zX@s}k{yEit6EV)ylme$e=QSqogW@iL9^`JJAumdUe`l12$NsudX}^Qt)oOWvSoD2o
zQ}q2a%NHt7+{y21ZM}J+vSB)}9na-CQH$RH`&+6N?WMuJ>`WT9`K%)=FuO^_jR1N+
zsLd$rpGBx-@OhB%3A0~XsI0m}RV?_C#B0^eIPFOSeGSCecM|ApfzQ<pml3y<m=Db8
z<9FU?k22`o^exq5eP;Bdmk#C_ohy7|7DL#%o<G_|gLNWKsQsL3UkH2t^XL2?62zcq
zKIdlvq0AP2Zurrefoem3J7}<$J<AKs|D2zNz|Vx_c=|<?!0<*IyaXVN>C6k9FP~8=
zMa1vBx~PPDi~4HlsF|Pm-QOvd8s{%mme1gO^7lrlL>!rc$6n^`8Sfi%Ue5f(+`yhU
zd3*n$RB98l>l2|;K@-)`PMjBkj_sK3#AwrpHp%yHuJGERsniKR__l($)T?~mHc-D%
zS#_tXpr86d6V)_vUS>xGc_9U^Kf(RcuOj?8_RaA2Hym%5|58=nh)}8ImW7J_c3#_t
z@kQgU3zhua`B-0#PzmSF($B>@NfDnnult<OiOwQEXO91zW3RuM&zW03=VMgI^Enge
zn7XkgWS$*XWKH4q73!J_7LT$ueE?GVxvd`O(>bzCT&a9MoqNn)@2PUspSnDXNn3YN
zO&*7sG^D$x%a}XEpHpql#2B3(WSTp(OnHd0;GU3MPM#Xy{XUzok?%M!8uOcHET7-b
z{A!_s`r3XwJ7*;TdBAKN<u^JehE>1gwGpTXdv{Rn0de+X<-H4){9mfd<Or4O1W!Gq
zt^Sp>g$92R_OWdT)$9=}p&g-oIwIUYHte9<#o`Ps!-u#?=$O2o24gYdu|*4&eKS-A
zzdz&13ET&2^Yx%M4`b(!tIc;5jP_NfJC?kiER*W=q$MSz%gMs@K1<}na#E9?yaeTS
zR*vQmD%1G-@JneB-Orf@mi+UsG$0@JkIHQZ%FSiIZ-bwujC%7s)SrTw8g6?`{k9$b
z!$E<KM{!P+NuzI}GV=~ztH=D#^~m!<f!0~j(DvWZ@Z=7vwa$_o+WuQ^_@;}`2aoQc
z+6l3qJ9`Jm6_<CR(l$d?TD!R2JpK*W-Bn%O1_{q|HX%<zMH|fUnQayAZ}|?Yp)EbO
zV4;$GhpON=hHl`y9fdNfix}q;@Yn-!XN9nvm)@ko!U&auRST7C?@*PKluBo+xy&qU
zX`^^<1lup!f%48__>m?0SQIh*AwFNfDB73L&|oJ!;~_g>VAYvg?widOI(5Yks*S~X
z`KuC=?{xWG;PU03;C8<3Z!~E8Bj>l)MI}R@V)cy0j}a<;vqRj4aDv6wD-8Y_c~|2b
zqaEbotvjeTEkdQ+o>{28C~(zi_vQ$vOBVO$;5=~;%X6vC`Qi-IjzS=<g)&joVacm&
zDhTTI@FbZmNVhNXI%I<S9h7B~mj*;0TFx-W>j0+jccp>lejQJYE-y_3^1=mCU4H8`
zsyXvuOt?^-xzE-m__@g+?Vwt4P<+h^(k60)JNaHnes*%kQGWhKYvn?v?RKuuY@gTL
zd`-{L=gpr*^?9t&=g?=o<|OQ}1=fAW^|?aG{K76Oz3|LJ<!_Wq2hwHIv79oT+tV+K
zb;7>PYmhw0o(;Mm)MmGkqhA8O2Gr(zL2WJvwYdP)=2y~z{73j%1{Qbj;1~qEY4EWb
z3zc8qt|}i!m>tz37J6;4BG!(Kc^7q{=`*S|cTvgERn$+^Q?rhJ(nTfLw1vt{#Nke!
zi+Rk==d>4ZR~1?aq!4*xl1<AFaqrP78brIxuH^3{mXD-Vx^4%z`S4MuueC=1NUuSw
z*=CT|H$S7=+g(%&-nLL#b-VSfmQXtAv3|j;98YSoP4oK0($B2x<?;?{@t+O;{Hcpd
zXQp$Wer?!k$mw(WoxUptW=;5n25on8J^EWGl?)kR|F=b`G&e&gAAHQ$WGeed<Hgp(
zn0>mY`7_*y>%z{@giZGWy&BZ!S)ewTg4*l^wRu@O5SO6o_G6ruLzGI#KciZRuNSd#
zBR$60kuDtnw9lw^WrRwH(56oDch7RnU6E<h6_i=K_-68FR9hY4zMJtJ-wj6iym|gp
zs@)=d$#b7lt%-6!d61aL@qNV0;x6vX;ctkg29AzleqlCyZp5&ccX1yyR<4IXrP}Z=
zV}G<BSC4Y$PJ8{(B)Hn&7u-XWV0QRIa6e{;lXXVT$SqNy#5)1ph3;~)^yavFky>-T
zi2oOC?X@;2>P7TB%K38}xG&j3HIFS?FLG{{qkhdXjA7Bwg}^C?6xcnVuW?)mkY&V{
zYJ}H-gvWN*fbji)pHfYp0dX}T3qPaUqyH6i|J!A}2IPy_v)?ZTz4SR%DcROt1F}Nx
zK3n4&-#`BqyMFsAi^B{);TW{!5>hy^oKSn_3Ahy8PuQWBJd{)q2P(*sWSPuNmRXJP
z5$UzT$V>B`L}~`O!{Qzy&n$kw5dN*=-~D9L)=wrcC6_Q6lw^S0lP;6in0tx5>Aa1~
z1oslvUBK@pa@`N^u(+4V^=oifihGH|5Au77;34b1M6Lb#y+nS9-b+-7cF-TjoN^2b
zlz^(twez~I3v7^O(VOz9-js|7cj1(BGOeU{z44UB=*=&pdh^m}@p^MbjNUx|o1XQ?
zGu)~-hqhBqzA;{J&>pjHw(5;1m+Q^XWAsMOVX>!0SM1NJig%-^|LH+*kY{%T%>H6^
z1qlzl<Gd%8-{V9aQou9tj`Q9j;P&T__DOO%ndFd8_)k+e>QR1*%yh}5KPQY@f7Byq
zIk=sfLXT#cbm|Uphx^GSzrReD3O(|sf;*fplY$Jcm-h%gYE0p6v?kD_)?}_njdy_C
zc?s8}#u?yl6?z1};(Db1%Bn}MKJj`~_bIQ%Fze7ffUIH}ZD{a`&_HmvCCh|31_zK{
ze+jsG4r5TD6jbH2?INDI8T46psGVtt+Q!utWY*dWQp)bMa-29Py*8M#JFQC3Ck-e$
z-*_Xq0Zi+_H-V1)kp2tCFn)Wu{f4gx#&5LQ-uMj{M{PAUHOlYsRDPFO*kreLnc$w4
zE)(RrncuAgc^irNZ5zn>-8waTpP1{GD8IuB=eK8?mER=;;`x33r&LojxZPHocs^9*
z8gJW9H9N0Iv*@#-%d?MD?PihZxN$qxCW`!6#dfNdCiu?4(pkr;Hc5OpaXZ!g7}JaX
zL+nfrIH9upDN5N{v#zYy2A`T`^WpoCd>XBZd~!RliR=(^_Y8yJ3&WwPWpxERqvo}U
zts%r}F>(UkbsPz756A2TRcUp=DAjIn__{kcBQd=yHuTC4I_ebSk@=pqs7{rfPa1H?
zdD|GPPKDC=o?zQ{sy&|8J~j>?YE{Mi7UxagaelT6(sVY$>tSvb|F%R#9iKnn=Th^1
zhs3>D{!KI(+a~hAb@O5+^*GhO68RsT?-56Xzd{VjJ|Ul^?%V?v#F-+KI<}UR%XE1X
z<eq3{|HAAf#E_yWhWM`ox8Kn3pYb!33=BcsWp_Kc!0k_$i7O-Ko;(+Cr!LVwc}{Up
z-gQwNsrwnY>x5pb*KxhZ{w??9UCi}5Jd*1*>JaMoU$*mn_ZjK6!5`USHtILd2dGQP
z+xsZjIi&mXpFt7Z??S1B-{W^|pU^=0yniUW7i>22FFa5_4`->{sB1>uSn-L_J^N3`
zoVqJw^kXpBk0(E&+T(-c^`o>_Rb20K{doRZR6l-e=!2Z^b2;;UGlV{bH^=J(+Oex~
zu~L1EYMzK#zqZssW(AI18LffL{3rKo#rpLM^BVKk?Nqx5d6h1cx&ILLQnMWOkM~e7
zWu7<v1)v96eJHP&T7E}4IVtXw+92vf*;?TWp6@UEglcM6VtO5yM(LflzGr%0*-o{!
zg5D3-{qN`vT@*v_FUrZL1oZmXa(Yugp;}uPTSK?-f2L1WybWB21ww|AuEce(Fbwpu
zZB+BFT^xs@%YCYndCXe(+6sxzE&jB-_VvieiOw75zX!K2R@~3U#DX@^jeW0)eBV<?
z6Z<guY}?0F`+-vF%!b8E)^jR5^TBLW&P@4y*uiZI=N+`E&?f3mk5I{FnuDH>P|2XJ
z>JzF#M>Hlg$D$`c=KEZY{+{@RYJS4cz(L!-eIG4C+s8H^h)@aV^j)hfh%v7_o46m<
zn#{4v)k@tc@BOPQ2;$^N_CY7$bB>dKfsyJC>gIVd?svTZvA_Ta=w)^|S!#!qu^3?B
zkbwcMV8sBZ4Rnkb_C%<J<HdQcQmhMlx@(Lw1CM-6wLKAv7*VSldyoW1v<i$^ax{t&
z_jXYU$3NW;C-MIyBUF0m6Sh8RX<yz>gSSWc`o)oLR8wE2W2cMtsl(f-=6RLx;lp_f
z=d0NMvESc_ey4O%NlDO$F@{MWQ|+7{KL%{K<ZV8NJ4|CJ>Y@_TkMmI@)1i{{o(<HE
zI^`c&a=z{qb)zo1gq*(@aqsYt`C1|Vo&Pb_+9Le^(0ew3uTtC}y1A1|Lt*gmzS;o3
zu(+pmT_?{|*C8L?qGMYql`c*&9)B|pJ|}p#4Bvf|j@>T$du|)moGa+qKa1c0vW;r6
zf{y)TBzj-zd!5nyO6xm0ZAeF}pzW$IPTR1J;Byvm+D3|J=6hA=cg27Ehb}737IRZW
zgi5~^e?Jr9x#S0tz72HjZ^c^HecPxeH`1{WqVKbMv9iFYDvL~at7djZ|9-eDO7{h(
zzwZ-tys-g%b%KryBk^PCYvMshB>H_?Bx=Vf`vWEn!2cWTSnE6a+>Nq+w99%QHOuAY
zmJs9Kc($i|PM`YL2|(6u<9QzWa?m{&mym{SR6B}xI|+18ehE2R3`F0?>!6Mn%fwU4
z*M?AEkBDc$>TRG2oTGh}V@t>kJDfDuhZZIC^#<pf3UWpkYee7jHKO~D+v|-rB9H2*
ze_;g6&9XgVM~Z=5w~cB?ie;j*S|5jH@BcXm1g3w?e?RBKIZxmQ0Pzn6-IH8GU?AJ8
zHf~Zi`a0mYCCTF|FNC5MAM-Uec^c?Q*UX&K2BfDT349I!ayQ0kE^wc5K;Z6Fm|bE6
zH{uu4i9YTbhdp3E$E@xmaZf#{&3m?r`pZ(z6Pr<+|41~>Z!H6N!K3A*?1pZ-eXI`H
z4ks&<qH9+2_2Bk{+KjwF{5dP`P?4Pw90F?dU{IR}T~(u;n#J?%tHFAfhCdbb*CB>C
zsqt&Wp40?u$k{mGu^N7cN3D)Qe7#uZxK{ji{F<>pQ9Y(3{tO?d19Tm%x%IF;zJ@oH
z5kH4V??*DuV3z_Xw^FT5)N6jXmDgyZJ%6*6-${cyb8IWWr#<W#9ANz1%5`TId*%on
z-pcQO3_J1y2e)$Hs4`h5hF(89u(W~I*W6Ri;-%%KyuJo);PqHp-*1w2Ik-nWTuzdw
zpxp@H3V^(p46~s>xKZZtP6g?R*`F4x3w2k4dtRDM=3T{QH#aqL4W3!np36X2L2X7G
zp0<tW&e2}gt3fyNzAjLk*QNtOJE%*yE!mtbljZ65C9kJDmgurfMu;^PISt5Drgg&S
z$3|_{y_IVI>&^8gydDp2>^Iw}cJ1VtJr^Uaat<Hie&W+xsg@_!OrP2s@1MoXen?>U
zR;o=GGW_jUs-fL`!ZhfkRARhc8_(N%N~Kv_`F`}Pw{a|BIFk>$VOK_NZnmiH7}vi>
znN!K_Yy_oJHy*qbj|Yv1Y4A9UmmS^bf1u92wT;&xVPBz6YOzc83mW{K%`J)hmq2YM
zNj1t+K|>!(B^+0$!x30$%HzAlI$E+rCY}sfQkh{}GBd-zWJ?nGk{v*1WjL1Ho6%=U
zja??WX<Y93Ta6t^O^QrfWSJDD0cjOAsI7J&w+kKcnAeF-Yfiy5AT2pjeQ4T3HTg30
z+I}8eBS!rC*H)^{z0!&`{{B`x3iac-+&Y2#pMC(hr?iB$IdTF|ZlRjz>h|J!Z7Du%
z_qJ{EcjI_QLeUUV6?QL=6K4C1!0nkYFa6zCK9Bj+L7&x+-<!*0n9RVeTz*dz+OsD;
z21gyBV@#qBl*yzd^@KAdpC6S3Zj@hs68NgqqZnTGgsXi)Kj@Y#i1S3BN`VW_G&(!z
znEjJ#l+1fowk~GK9cBBMNED|UwouLJ8}-KM|FTZ>x4C}ddsDYkZD<l)&2(!Br|qz?
zi+8pd`ziARZ*JlD)1vJx-$J$JVojwty&IQYqpYk{6|>A#8|afuIHnB|^+AYh;q7S4
z$&99Fws4HSL#$07eKxs%;TEbLeReWCJJaYlQJ+ty)F`_uRpp3yFVQ;<soW;N5NGjV
zTl**0D7)_AHZn27pAY(3^jUF)N`@^D>1E9L?&WM9en<fMhI;(LR#7kW4GnH)`M~VJ
zty`$}S%mW$arR~$U$IP<M>zg?#XjpHVht>|Kcod?9s^svf@c>*qGK|?X&6<b>=JW*
zp9qya0^5&F0&-wW6yJ|bl8L_v^s^2}AYZJn+dyqz6rqxHMH$KW7x-Lifp4I=vl2#d
zf5PZ%+~rZ9;zSpfjyQ4xX1b9_GxBPbT{BhXDU4;)WYV&l=Md(ln(DzF(K*VDbs-n`
zA^*OG`<`$m=x<_74QlgDP@7A{dgR;;AUi}}X6%YGQ=TIy;BfLh2ij}d2Q(<NJMeP?
zUeg`;sDox1<G7I5#@Ox<KEOY_jG7K!gEMifI4A29UKiQn$PUEv0A)AmV$K6>tFDVm
zPYOL7VzT8|y5i+%d_TigqhtzNd|gz!aVz(!zZKsk(#<EOXrI+gHhF=Uu8GPEzezT}
zqg0wPzD8MkPdvsv)+KboQ{Z#S1<c?6OIvg<lyjp#rkREYQ~&p19KD6d3u+eVNQ==v
z(qPc_A0b2RV~mjFFtNwDItzW2Ni9c3zmq>?vSj;=D^2@2Vr7{n&fPZnVy5dWVM7zU
zsI-4fjZ&Ck{A0Rs{^W8s<d}%x`0l7KDqXTg)KGlS>BH|TO?wcLK5WluBU{jC){$p6
zbGmZ6sN@+@LVmTG%Ud1*x@S}gYh%V{K1VSb;PWd>h<h`)6XO}$&f(3R@A%9)fY)=Q
z|LGZ9LJCDq`?xg~Y`&hEEE87O{wG_#(;<^GQP=Kt0Qurud;R{e9Q9@WK=+9Kw20G(
zH*p+;bQp7F0?I16yLQ+kYR}JZ=I<Q1pa8-^J-^$xWphBt0eUD|CY5$rG2S_v-GA%&
zInL2Jfs&`nNkM;ZyOrY1MYT_Rais%DD?582FW}k2&v7%aQ5@~$7<*<D)qaRjY5o?@
zI~zqCfWSZ4@5zDhHt~D6xQz0wGI}Ms-mnqWO#=&tp&VYBTt6j3r3bb|`TAd!O89qn
z7oWdcHt`zOhKd@c@Ln!chsoxyW%EUHcWoGA^Q8jgkWb;WG}z%t4jA9eFty|BjN1I5
zk{V^2c)mnDpHW()%n{FOI;r$hS&gz({C`0wpCk8|^Y(HgRGPDyYVR-~F*#uLW3m5E
zD*bMAG_IFBxL)Hs_zm*SsM%n8X`&VRws#ZP<yoB^gE~z3XpTwmH0T#J{x%Yyn>g*T
zCCpDO+eEcaQCsP`xP&~niOU9V5xI#%Ab;LOwXbmug)#v*w~eohfk?t;j!Kj3!?$t!
zF!B@GQ%W$tYRU(hye;w*u&RR9MzZ|GDUqMhO!<i_M}5nsQ5%sqQB8H5eOz7#iTHWd
zW~x0gJSLtl;5iA5t7CH#-Yh6uvRTylJq$Y1HZ!NR0cncOOQ^%Zea@PfXfpB==VIaz
zn=6`^cz>g~bNBWrR<KyL+ElkP1Kbl9my<g^)>>Mm$6QM*-^KG1>o*DiVHn>l(nshQ
z;%C*<HOj90RfU~-jPbv~2S3IR{o?Zt;eMbm2aKtscegtG$LA{KT%MO`bvQ<$EM}oR
z<U-#p=U|qXxUiLKu{j8Tp9FRDed70tI{U=uD#A(ec?pj_K7Zk~gC3WEx$vjtFLDB*
zjYe&JR$$#ms{LE!GFES-TC>PSez=ipyG1R%zL9FidGP<($T2DG=o4rw1ajmdXn1cU
z)s8$QH?$SX<SpUr8^672`t1#I4$_fX(C`{QpCvcE5zTurdwDD-?=kZ>p7%i8dg`_q
zU7Bagd&~g$2(_Gy_?0#9@li6&_VBz%6TDMFI^**m7G3j}fqQ0#OiIhRZp`f;-6L<w
zdzjCQ9WU}8{gdmnH}RPJX#dIeo^sId75*^B$!+Ppzt(iylC8-yX-ju3L7O|0-e<{~
znB2!aQ|x=@#wZSCZ={;%PV?DSyha9X`N~aH8+TXC-E?DO_JoCb?qkwMs@X+;YU0M9
zlKaSGa=Ti{ZGw>V6&raDBz%wt|03o=SR2o0)QkL$R3i~8o!rQ=$5Y7b9nE%Z_%f2H
zyL){`jWX>%ZrA;I9;C_0gT&%b$w3-CCiK+6$$K|(ACu)j%=oyM2Af12*IWPSlg*k|
zqs$RB{3}AG^Nt|_9ABb5$Owl_)C^eS&9E(5Ao3t196+iv97`5v^jY$jT_%IlxE|nd
zZ`pxNPT}`2x5zRXgF4_4d~*Q#WrAFYd7bpbG$3<_NA=^+8>r@-g!+*u^kZ;$F61q=
z<I<SiN3In^!V;ekke=7<a3UmfA+3(A0LD9GHc$;J+KWAHDZX$qkP9~@$cIdXB5WfC
z)aGM_z+%w6RTYHgM@GVIIThSIACecB4?&;zSfNZpPSD>*ycGBxMq3?d<WaKXzGHi1
zobi|l?Cfc^dGtm;Z+r4Nj@F5F=j8)sc4rFehMopwQqqDG#yqrU01#)W^!$xEIREh6
z%Nrv1g7eD4CtU5zMeYUvA5P=B7o-byq?;eZ`Q6FK99aS62lBwyPTlB}Ke>U^g<}ri
z!2R;CCjgnVf%_Bq{Obwgw<}A?Z#Hlr#rzz7kaHWjuVOq8-C*_6(QeRBFI&ayr%<Qd
zvS|<M^R{}7nGc+_*RwsS0A%Bz9Q9dcQQbn?k4^w`x{+$w&(R4oQ7cf_k^|@)9h(5e
zyx$M$?7NX_=qnwYAd`s|R=+*`Gte7N*pKa_P89rHCblQang3o;&V6_6&nx_Q&(GS6
zy$&GWiJ*szWrE+K@BZ73+>gh14V*shNC^yz@cGKVfod-@d`Jn<MymZr;9qAW)gBjr
zlSboQsJy`0MyidYRI-cO-5<k=*WESB()(1!VqZ4U-zwwd&NJt&R`a~o*Zq_0kIaFF
z1C3NWGDmLsy8q<*rY_$9Q7O5;Z32)ZPeH>j{QW7p0sYIi2{JihqN_KWj@(wGth`TE
z4zT=iAGXKi>p~!RZ{Yd6uM1`3FW~z93(;n8?G@b4@pvnxl7Y>6KY=&c?#nFikrzNd
z<NqTY_&#dHCeHyH{13}<Nr4v|`JN7z!|R`1|9m6Wa6Y{xLM4=Eo=F}B&(tVOAK=)$
zpo{zb`26)HHOflyd|nrumsa!<^GT%*n!00+S<sLteE7j4)`%Sgj`71rKJT$RMT%we
z>n=VI7_=1pxklL~`tx)}_gBX9rQpdLWu@>_r+0~*S|N~>4Z?3gd0YkhS;vsT^<vM2
z4b<lUbWzE<wv6P<!+b91FyEvvxi9Q-M)ysd`+EKNQGa+M%RS@-63GbVv+=<iW#z9`
zMWIxh^=yrD>VfDUojyW#mv!-d04=ZcyxZ?h`v5HG%b5KladuHtBgZV~sKj}<Wf?%O
zG4gI}WAbi;xcws*-uW7f8Mz#PU!&lB1mOyT@^nEClO@X0h#AdeMPB@VgH?uSJNe!%
zBM*1S2JV-@2Rskg>5u|F@eTE&>S4||w%*c7rMUvLr<?S!C!08OZ}i*UojvP|@y*8n
zu2D{j_qTPTJO>9H-l&ZGh@61=+b<(jdVNuiGA%})#yj|3uv6$24D-3d1-|-2oCl!+
z@iCT}o`U<L^uN(brKcLjI&>Q79m2k2X)@?tC48uYzi^u|XtRsFgjo-U2|f6#e>87*
zUtLrWkdFV29vJkWYor>J!z{VM7zgUa>`p3`Ro5t)52(sYN+m-F3|aRkQ*5KMlS<b%
z^4J&t9i<b$kHsBq`)iiR%L&BNiEUzkFNLf+dqXG3#i=2xT}r96zme<QII%u=btlI<
zGykzq<b9>MlNtL)8DXDCwd8v2w`~#-l+7PRe@C^+^=*@6a&v@Ap+@doEEoBycSY_C
z=iMtp+!siX@Hq>gjTFxY3A`@TYLv_eIgf{!=o%ZFzY;#g69O*`zrnMf20I<e0c^|o
z{>ZXun@OG4dExci8l_PD*3}XH?TD{NnI@i}6VD5l)+lqtv;T-^`1h>mdHWYcsI*p$
zC(QPkaXO6t%^2C%L8W6ulIvH6gikkQa=m<>>j1uQe2elh%i?R1Yi8%*J*X;qF*5(O
zgU`#g5pMUL2{6f={|I$(JXzmi>@NyN@2f`}&EsbU8M&|X4qKpOPM`XgkErG^2OW7Y
z7s#afBVMl*x*l}-5}EAyh|f{-6prh6gm`SFa$mC+eYi$mkJG(hyT(+Hvq$8+Y$D&4
zc{rNyf+|OS_9W(Ovb~abend6-2J|g+Ep<4EF^`6*w)<*p&Lw;m=<;PUc~j5`H-IjW
zmPy@5;w-9bK$i<;@>ek?n9Ij-X^86@JZ>FBwxHiB_M5*Y_M3YTbK3Ws_M5->xxHSk
za@3zIjnaSFM^p<xW{$(M17We(vpht#GjpwRn0hUXTN;LD!EDbwa6ga<?x9YY9eNzx
zeFyO~g4A2V&0+_Y-9=N|od@~Ww5R8{;GTH0oXqQI)6MH)sDoZpo+FfOb7Nfeua87M
z*2@q~F|9{tn$|uL+um7Ot+d^&DwHPIQ<_pwX=;63UC&t1SK6$5beuL`Z+L7fkha&M
z;rP4I;QWYcZLiA>$KRD3j!l(GY+g*hG`_A!y(B&!^j{A8EE_Z-&s!a-yj}>3SYGb3
zgH(&nnaRWA^KCFJJ~znDY$=vW9q{{yy7%7V^GWf~<^1@3ANJKcA^zRa(D?kGJRJ1a
zviNty*hWSCa}}T8l;C+@eEjQl^_COd&hN=eh1ucR;I1D4?xATg+cPDqU(@=_4NS-0
zG39Mr!9DT4a&qt-Sahs#E{u`IJ@v=p^K2IV^ITwaqwjmH7|0Z%gU5<x68<X$d(y$<
z&T1w9daDlJO{p|A7iK#z<7bw+ehu!zH5Eiok=eOs7_-kr9^VQ&;upI&w9uxTYe?Y(
z(AhWr*%}fFJp%ehwBIry@^~B5XPdact2GGv?fuIx#qaJ;g4xc!;2yuGg4~@7v%Ne&
zz5?T$5(m$bpO48=RRRP(>!~L0KZx4!?kImN3AiWjD<^qrRvV_tFuU%zESLF{cr0hz
z+#$i^@7G6p3@=-GjJ)0UbhVOyli=+nAjsQPjDxR-qM=DJyYen@BNmqQ$9aikx*dQ_
zN`={>$>5%ZdNUi`*atiR_>mZlsx{?mcY=H3^W`M(IP{KD$ARfcXg$@!#Xt;v^8Xfs
ziS%RJS5-<|iK@`~DfR4*p__p0jqu#IV?EWLh)`+gdhVO~OF>VG`F@D-=Z<fwQc5RT
z_3U7TN<F>5?c*vXU$(x#J;L|bf4z=sL&RSDwslmqiM;#abyPbf>VOZfquOEd{{D4T
z`%cho#>`#oteCk@)HIvl`6T9@_r+Nso4WfN5@=jUwU0$#>(^23Q&Ib~W?gSN;O*UO
z2me^dYTw!Se_uzned6zT*HP_2gy&Y;UV(<=uS3IINY5*B!|~VUhGpG*{`q`P*YkKG
ze2QA<@kSbaUgTevt)tom!S~!Ac#r<iJE1CNW{kWZF?}cX^6l})DrG^;w>KKTtckaC
zVt70GC(t!=W0kTzrtQLB^a#JXe^b2fjffaIZSG5~5IPL&Y49BzWEuL}Tf64=F8vYO
z7jLUl>@oVB7ok!jTt(mTiS-;;{V7&l^*>|9RrMF3|7JbMRcN>R385O$<wYg+Gi|V<
z)SvGgvYy{n;s2c1=9Lu64YyCd{!$C}q`_?UHE>Un!Ht;Xe+}G-M|ERu?h-qkWapHx
zEob+WwB3~Wu9lKVSibvYH%@(On&-X*_r#`ha_}pN!{N$uhQqaqaCm+)%q}tgel8ZL
z1tveUj{BmB$!Z6qqZaY+*I(M|4GaW_%^e1{dHy<a*2EvJe%fFmyD4{7D{WJv`2A8>
zVtIv&K~EF%a(015UY@6|@(Paw-6rJaaaiZUlBccnVEC_b^I+|d&4d55md}G0{vR}*
zQ@94)6T{`?u3ho`FDdSYzk-k5zQ!(K^Wc^1sFuR&4Itorh|ht>{CC`6t(4wuo&TnE
zQR!OLJ#5P%lj#L=gB^9x0i^OucE?WxSu6IXo(3Ix4M}Rl>9r!?72#_S1J?2Ri=6`q
zHimbFC)v5uJ8cdit-?-b^k=znGUIB{QQqN6K>S@Xd)})-pXMm3rxSo6-9sVs1SIjh
z^V=PR0xzr+Yir(kA3Agm=$>Sm{K?RzMTvdX@YVbdIDY5cpa8xfdZxWt&XCERQt)+5
z0D}Eic2ako{QRbQ{yexRzEMs(yR7n?`zz)rGTEK_5!r<(U;F=Pt)ThEc>PEGN*!3O
z%q+*bpU?aIJE?@YVa7M?YY5Ay$^_+X^l4z+nNBKUOn26i8JO2aB?ChyOe`m&cF0#5
zbI)h%DjNKD4b?XD9CIzwR%zNFhy4s@_?uF1&;hLf)Ow@^=NRW&su>uLb4w%A{(Kq9
zS1<9oJeT-3?c-xVP=m4gkiefid!9p5w^u2pG1&c1FYizJv`T4<nQxx$q|&w>{CRIN
zq0xr<+ow9I^n{R=`g`tU_4d8dkGYKpc@8V8Q(u`dVIH_A9xo^JUWoG@EqWur0xZ70
zTF~OZwD<Tn_1$V^c}#pe1?fnUNocKz8`PM&VueZ9p9S|sy`0Q@uXnoq?{J^Czo090
zRbsl3ru#3eRu;s>I|YI_#$6)P8__$ia&Bh%2X>A||20$#{VD#AE9`UFTB<$uKNuGd
z3H)If)iCzmwyIh&;$Jxf^!#5$WgjauGd(%6vU<@Zt2yAF_-Z+s_m|#z0?%_<ZCN9D
z;_6*i+rFz(@=L9JIn+U=NdsUuc)&d=3ub%ILevM?R!(SF)V3=k(ZBa~Q3+DP*Io?d
zHC{tq3-83w>9=%JsUQh_r^@&q2Aunh8Yx>XW%Hd;mr&KqyRBQS?~d=K&p&lWe~X>t
za13;6N_|}~-+$TF^Y@3lsDv^{9XS39G$5~6ucjLE`S>exgIV5&E|~fKVh5FQd`r7{
ztn%(^sy!fLfp=C@4gK%X%cTwBXXzM2Kd`R}e<~+`i<q$0Q%>sHnM`>Ba~;Lk#WLBH
zER!m`O#ErEWU0)3hblXex-{F8tTZ6Y)9g#k`$ABU$B1*hQIGFT12S!5)FvjcrdoIz
zjA<>FiBUUaoB?_F8mbk(#q&OvoKGgt)eJV)Ztc7d!QhXXC--*naTsIRn9TRYEU?R@
zGQ+lHjyMZ(fgK3aZ>AmTo>mm4b;xR}$;-_3eo<PB)=+KN%P~1CTRferjniq&i5B~v
z1Y}$Xj|nHP=KICNqNeiN)%>pU|I1i*6-LK$yn$-rza$=u4aY)g@Wg8FBdI$<Kga58
zasoZ!&;9SkWA&l)|2KN)ToI*rZ3ERjixShjXEoKPou<K$1ikXdptqaoO%!X6{5~G9
z{&7Ca?}H8eP8t^fH}G>E+8ucT<D5bpsLe?!d>km_nHhFw59V|5$EE?P%y29*&V0x5
zxrHqxl1Wtq)#N{$$C%qa##dKUZC9;TzaTZnmrMqIut~Qb5c*=K8SNKoR%2*J`etP~
znC%vsXuK^A$gk6YtmLv_d%I?!EEXh|#qU;A?bI<Eyi3T!x%$U-=bilc9O5s|Q|YM&
zsy*Gwu?)X?yn$-Q*sc+^Zog~b_s$YWUf>;2n-_xGY(7sC$9!pwoQ{_9F&CD|BqYWi
z0z+O&OYX_&v&5)Xyf-72@oKW*gIShlKFJQ5ydeHBJAkZC1G4n8D9_RwsOEge%(Lh@
z@xxbBZO*coTG*J}bqGL5zMK|0qoM}mKFdJ?<i}OWn+hP`MyTWz`$=Q{`1CH$r+QGE
z7boCTNZ94qWl=pwej$H;ozZuR-@>ERB_mV#dzmHdK2)aj*QWt_{C~lx^JwR;D4#a0
zqMHBd#C$r?K($k6X>fCcz@_)m_Z}2D<roq$`zGCf?CbII<0`_>A^2())jsYpY7O{W
z=cLslo>@tQiF9?!s%i!2U9+C95$!dtqMC7M$2%ST*>=;jo6qxSTTIXTb@FG8;u-oU
zJH#0cYfaB~cNu%ocuhq1YH_~Nr!<Im6+8Y|`$`SQuM^EBM(q)A6IMshOzO#27atY5
zT+zn4Vji>2B3AmoYY=U1rNRG+SbsYzehY1(!G|JTAGd+p{5Gh~)d^}hH{1D~fj0YQ
z68JXTf$8Y*6q)3tp<T$`I(kn=Qn%fXKzq$dS<+e|llwDLm!SVJ4RK61-RXq-o(81#
zCfTB|&ztlWzdK{xLjpi-7XUeRT~uFlR>fjrR9{CoP_3{kW}mB_+qK~nplydg;^!UX
zv+Gt-t%KQVZk!C5ER(C1wz6nUJ%n&PxN4Pger#soid9rQ*kR@SV!?M<LxZn&%Y^5B
zz2Z0LXEb<>VRddmGWFd(XI>E>`+U{T{Kh8c(}&7QzYf#?SCx}w^Zz%M6MF~Gfgzoa
zRo!<c`rhn_&wnmXsaEW!{6V<gpnDLbdzzqIZlS?Q#QNLM#c!THG|1<lLEZf9o_D<Q
z>nkhTsg&BcTFEbukF`1`@R|UFp0({9Yejyc`z~EN0SLZh*dxm=4DDNQj+s(d@miPe
zSi2b59sb9r%H&zmZlxUv;`sR(93Rxt`|nc;m7Md+NWOfD&*i+t_tI{0rff3LRSfQ=
zlJn<fB;PaK=aPr}eB$>54*vV8_Qbj9ZSTk9$Wut`$TE`eALetZ!+cNg7TDZ}*DO4O
zv=o(*{O~ZJD>TeESM=4<hxawJGjU&w^WuF1PY-mBd^_Ivye;NkL*~baS1U7P+P$%d
zc8`bS*RCe@^zOgn{mG(s?lUe*FxRSLuI-Z&#U2C4j5(9fvnfl=zF1qa%<c-DW5O~S
zfaD{NO_D8V|9aDaWR^y;>cj_B3*VF2zf4+1wWYtdVwK0n{YwL@*u6|5elgoYT06&}
zj1Q@HnnwM#{vT5945gBmA(Pulgw+!)>mRL?x7-_LuFtLH_eQ<_p~zXy1>LAid^`il
zvmzHadME#VXb0El%f$bGL8;{YCF<mGpGzI?+rNuHUt{Asr*?4r7%JW$PpO1+JI>pv
z%Y$}u9iB?#b!hP=@ff)J9F<<okjXD4zHVlW5ga{_(Q_x?pYq!ed0(N2K|kVvfVl?q
zi8LSuIM&5wBp)vExxyoSZ|$<$PyTssU*C$mC`M5#EzOY0u6roUQ5&>)df~T!I_LLI
zg5RNENBKP`1IT@yiEZhf@zu(L$tL`~3CQE;sN{U4jO2$#_+0)GzTXRaCnRxti%j;z
z`1wk_k9OZVt~1iZ^r!30R6d5mVho;ptU6QKY3=v^C*!ey$~o&CvgSiEXKpa&#X*7C
zH6G-{;=8TuJVVb>DbJAW-)PX7BT&b1o-pbS5myYJvN>XYD$7S3d4c1vK*O<VK>qLn
z)sDX+H=yr%Y?@3iKF4Le@;{NEEMxg5u5ZVRf$aPsT6f^Q%X$tB%KPz7&i}`6=lp-s
z#DDWWpO*Ho=k2c+Z98wXwu>?->g0A=B6Kwm?ev~9lCO^NxjZ9$-#7E;PYFBiPq^-n
z5$~5#u3J}&|38$#KHqU$WwGlll@?{l<n7BTt5bT(7z^+_=8XI0EOlR{poayoYD~P6
zr-A-4_L0C>{dESA6`g!MeFc3xSgmSK!0?+5T4QskvHtY4XK~)(F|(1UNJ)@)?J0*e
z|16b^nA^z9nEO6SsdP&GZo~%W_~E#LA>VNQddZ|;J@RZ^lxO42`c(n?Hn#sWo@c0Q
zgF2(M8hHRSt(z&8Zuo%PlK(|!OKcBQiD^%_;cppZGW;#Gt-cqeTEdt}_*~bVO^k7=
z*H$Yt4UGGo%jvqaDA(KoVuIll$L7Ti*}O!lH0T4qZYaOdJN-y|uE}4-c2Fn&V4}S{
z1}o-tC!M8|P4LILoVSm3S=yhUQjhc|@=48OofV{-F&=FDyEE1};qec|IjZXu#|egC
zusF-Q?swpfp>Kl%MoezjH{>bKwXwXve|oiIzaeVNAD=OFWl+HI-Oaj!?fi`Ly95&Y
ze%Dkh_Q^3dL1%h?f6Bep%JLhm?|;<G`}Z%ZRyN#ZeShVd#Or*ENtI$RQ<Zj_%w%G`
z|MnR%_jPf9=_M2P_GEkV#h`;tZN4)o&QiG?^y8p5Zw0majRbo;5Q|6kFsI-DV6|eu
z(W>tY&Ln<!@t>-d{GVIjef$iS{wpZ*u+K;J9pzPGI!^#~(vYRG_L?i^JZvB5y^nN0
z@3HlcoA}%}MbMHc&#~=%m6D%;r}CMeYio|%s+9#8Pfv~d_>+6-BegTJ-15&*$tjnS
zeCKeV3x@k93g7Z6;B(o?1aZSVX;wQKd4@`cpJDhEvAD7@!uxqd+;f6hZ4>+sujc$V
zY#-Y~ejDwX@sOQMBF4n#%lRqw$6tqrW48lodj%RidbCdL*zGd;=CttR;ivlq;l8|{
zJE#l2%mF=7o(J`DZKpBz+<<`}iPjp;amVJ<ye902l~nVJ{dxahNwpt3`QIm2Qtd|Z
z{P;?$4HJKVy^?Bsx~Q~L7d2A*qqvFv8+wX#ARo<q!~V@OGkAvl{HLgq!#VKNl~lv|
z@Aa<ev#sLUzf8|Ih-X)e`nL5esdj;AXU$5gt)MK{?{UsJmtf8_c=i2Co@21&*u{J|
z_jK>=w#T$<wuSwscDvV6M7y5T|Nqmw(bR7DdXi}O#-7@ppTg#Sv_Zo^$F`461!B$x
zzqgWV#@vJLjXllhaKk23+PSZ0o|g`ti$1&IjP?DBb5si71Y|n%1)_1mz%%^+#(RG_
zYi;+Mn11@7=KnXouRqPdUw@WLT~B@Zlg@9wc_ptsbY9EPNV#DpuXPGv%g;!;ekDKS
zB|MJX<Ia_0KiPQDe`$vmP{7Yb$(m9^oZ?IrSjG2P)QCM6uDyJZ#U9fhi-{-f_0B3s
zeefF4Ww9T*`JYttOoTD5B8D>W5kZXlW+m00zdWWcKNs}>A8FqnA4PTc|IBU(7-P8P
zG9f{-8&n{Gs0j%QmPrD{zG`cSQCqJYQD0kaUoBW|wRUm?0-{+GJX{nuc!4ZlKxUPA
zsSDU@y&`yRYuN-)5w(Q-fn=ZG=gc{incZwc`1w~hGiRRjeV+52=RD83JjZulDa{o)
zm5ceAYgyoooXgKyr*9JbQ)hBMRtvtB3NS1lvK&18-I3SjGjYzP`CHCM>kj*zOQ71_
z@^YcgL-UJB;Ii0UmJz|jD-8et#GO|d4~8$Ll$J?wpfatLmId<t+c$CB5}wX;zJ!O`
zIbS?OK^tO-GcnhK!SGfV@LVtPdnus|v^&n@dnuJtzL&D}*PuzGCi<tm*2f;G^TEg-
zHPJ7XC=_ry^``PXift93Wx8k3%%67iz~{MLu)W!F7jWQz_#UsBmM%?%kXxLq8ZP?m
zoP%}h{XSid$?KX2#%s6ny(O7q-pHI|Fmqgw2=0~#w$#0dWVc+=(&Jo2Zh|u#!@-Ep
z9mAf*=d|^V1f$KJUeNB&E-07a0BcM0>`9==zxYEWYz&E%DCRm^{C<LPX3tzMf%F79
zU(yrgi%CzA$7Wc9Gc9soXFmQR_Hqvo{^Ug@%!iedl#APbz)6*?O-4=hKagM6`rvu7
zd04hi=XqFIA6QxrhGgB1dDyXE_NSm-e0)0n;__~}n*QTo2EsjUBS7<r+#vCD$g2m!
zJ(YR(`@ISF%kG^9^sg`S99(;+DHN{Yy3F+GPfhlI+0rSXJ)Ne|0aJK8u1m4=HGm|1
z2dR7gpX<?ud_H0KlLK4!RsenKMUnsP$%>Y}6$*t*z_``nL)<nP=zsyS>%6xPPFnP`
zqR@-Q`VDKtYf^#MqyjCOYWMeVrU89wBa&~XDKs$CIX^nc?DwpnzV;%2FIU9v@fgp1
zZ?Oi?cxb~A`|iDsNK(W-uDQatTY2RQU#(M*-=M2`9``3!pSo0>LHO%NB)5otAFpoY
z`wk**Ik<Tvzau;1&JBh(BDq8CO?Yu5l3$2*VAi*u-^lw`p~wfcdkWAN_H2s6@6vPU
znB|@l<<3Er?|G5iRbLL@KadFXtj%?5_6@rFvB>4ZXfz5MN#fa~8~Zx1z;%4u5V$9t
z%lCsx<-(4=J>AUl7;(FU4{bz}hSs?RK8AepqKI!#Vr>4V4=_|H>b`p;lGRa^hdcZ<
zC;s#o>(t3N@VNO&kz?0s%X;v;sZRZ+DF1dewtRfqMx#!>UzB~_Q8vEZ&JdR&E4NA9
zZ)c4$0nrA^`xtryAj8AP<pgUxIf(M4jY#SRuZh~~P-~s~`3<`IYed;<x8B;7VY!+6
zm}Y(P{XE&+_mUZ$mtYNJz(9po4VD%$dssc#W!}kY#RN5j-DW>5Nd;OpIB8Ms;N(Tl
zK4`6DSnC(&eiX;P0oKQg9Q(#rrUE^ZYW7+4Ea&D8NWwYJvz*yM>)y_fHX^w<FZLXy
z#~r&@Msb<8YD3QE3L2TB&^*X7^Xjy@A=vKD4EoAS>CGFE_`E!?&eRwA-JXZsnL%sJ
z{GB)x^w9<+-wU7pgAF|2IHO%E!S)=-U8(W%XKllLRn|U98<BKHd)kXRuhps9H|pxq
zD8EayH{IIwdY!uY23^gMqHOl5&C@CE62HUK=~3(Vo73r`F1w#N>)W}dPW|PLy85pu
z%7tN0FTS6QNKiLKtsEkJp6L6H;w;Qz4DEK02p(}~2jgiRI?R2CjxLmcv61^qN*)-e
zs?Wl;yGz(1F+SYA0f{v>{9f#lVRrpD8@SyjQIuhAId!?m_@&*W{o4D&cifC2tFFc$
zIHr}XY@tH4*E;iFWCv?T@Vpo1c>9tWGj3?-@#1!K4|$}5dLhg2q{Z5I%SI&gqA0(T
zrqDly(DZpWr`Y*9obhwaJ;_-jm*EEPgN28K@l1mFdBtF$XCu#BvU?iPFE)s=l8wp3
z!T83V8JzCux5eh&(Sy44w3>MhKCe?Z-=wRHMLt>9W>y=;w?}PPPdnSVgMWWT6y@cj
z{r{Cf&o+HoryjpaSIf*c8q}Q=jJ4Ix8@W%++AH!VhEBM1gAAurCoFxK^G{x1Wf#g@
zHi(?w-|;qK_y_Pfu{*cJ-oXP~7*Ez-f2R(fy8+4G!4)k(>q6P{R5{HLkM?^5qy6u`
z$MJa1>goGhICcuYr*)xRc)U*C?9)}N%o!qoO371BJ(7dFQ@9?n*yf8(9J58g-7TAW
zGfG9?42C<$fw{Y{ih2t+a_o7I{5EEL?Bwr<i<~%2j+V?4$&-DP)`jvnQ-J<f=-W3_
z6dE}ci;vM^GA$Lk5*R*4-#MRT)$`#C9NY0u-dE?pfaD5c8!dYAZ8Y35Kjp+`_4`)@
z&E1_S;|8v0XPf)~Ab2_BbpwwXgCh6F8=Xwovtx9~id%McqRgKCMEGg{?&P@{czy;R
zd$U;E%vCUi=VxH?w=+M(?_NL>84ZRxcFPL=%?rZzjRix=Rp{+6a9IW>@V<QT1+o9>
ze15hJJS;{lr5C$kLsndVgEy`F^mp)>waF2C-+R#2;;VMIX!-V-c<6Z~z6;rym>zQn
z1JmKu4M?sX5qoY4GQd#s6nd$^2n^FGg<dQ$dNO#9iAgVrd9o)s4_jUk{^F`w9<2Nf
zPdV~StQ2u~)j`ff<3H`VTd#Jv<c_iNZ+jkz@<i;t@;*1ullSizkQA?qjnTrnB0qx$
z_neW&&z_C&O!PO-SLo8!{0v5hqEIbQ>aHWmWVBv##P&Qd8q<|+FCfYNyJVih81WWA
zgHfZ^bf3ZStOBEKGQXeL${}p6CtG83vhb<m^DubQz}N(_@(-jjdmfvAEijD5vF-wf
zx13>CCYgCn_f7%&uXm9!J>5H{XMP6Hpq}xnC()fQgL=l(>{)!=9U0j3tePh^aSnz^
za)KNOXYxDI`;K?hgVoO?Vg4td(@XYye(Afv5@3jDoo5k1-lvIV%>01azp7TZPS90L
z-cN}*iOK1=&m&<ndQHSp?AaYL&vMOYvtynO2;TfWlD~>r>W1f$ghh<?tLKrtE&RK$
zrT}e!bnsZ_bIf`kN&BNeAN$o5g)+Zmf!KfNEb~8cWontN5&cPji09hujmMg6s@3-K
zHjj6Ty)~1bN3u%9au+?%Vy;ukIXT!q2U>Uk1zPu(13i~vnxnMt{)^JOw_KsOq7{p9
zyYc52#JG17WA*hv7-|%;S;q57yohpNeZk6^RDM;p>T<Nz#fWmUnAbnmw>7`0R`VzD
zn2FitnEQexFh1FXvG>aC;dkvj+hE^wv28G1@Zc;Hi7WH117lzKwyD)>nZWmj_@=M&
zZjHAoEB}6XUQ}-H@`PSQKF5$#KAFAHoPATZS}p2+MYKh4b&vXGwYtX92A@Y!w)E>%
zZD4)#uGm{{=lY$|J<sGVmb4;$2Gt&vEF0|?IguNx9P^6dr98*Y1<#9pB4IcsukI7o
z>efQer;c$L=Gqu48HW33(76xvjY0W6$1qr6(4RRqhS?p}YPG;{b3BH-Yz(EBN?Os~
zGw8?n^^E~)IEEjd6LNU&)EKsXQ>~T>3_pp-aI1}>ZK|Xd-7$mC{lC631XPaUeG9`~
zr^YZUQmwiKhO^@_Om)a%nxqveGpKggDdeDY49^M-zDN6^520#x>xCRcXS_}pIplDT
zq!mq`L5-_UA&09thD8EHprIf7@NBhOEin8m9>aKtPL7bYq6=owrd#{Q5cxlj;Wq*U
ztm%h7JXx)l2@J19`MKB=&+$BGo{5s7oT<>gB|win$9>|xB?=AuBqIi^$HrRqfTR_j
zGlL#}Bo?b8a&eYF$NfS^2cD6PX6CE9prJaM&lfcVnEZI%3cW3j=XUVAf&OtAnDpTV
zNz(<b3k08xmi{K^HJ;DeE2`D@3pjt(g1@cL@!Vm7j5t0XceJ}t(ux8z=;5lqW$t;1
z=Q}#f(*G9{%iNOp?z|e+HHqW7DZb4gcF0kdw4#O?^sw4@{rYXZ&A)$E=-vENw|V)Q
zHELNA$8c#phFXW-Wk_1lf*Ca9!c*w}?Ht2<0s|~RHHIf$HL6Qs7$Mr_2BCLh5PCNS
z=(W%Bd0XaVDL*yat0CV74c=EPD2O{?-*DU${}hy+cxp)LiRQ_mDH2S&_|=M-Jufjn
z>rpWFx`zj2_<zdgf6MPBt!Uj0sy&%Nm!|-2cvk2#i*eW3y1cuD>oU`6OP?#j*5^t9
zI$P+oZw=QUM(;r(KSnR`Mq+(7b6Z|eqi&s~s~>cstjt$h%0zCJH=h-G`>4pRk{g%P
zDHZO4zkxPrvRDiJ8(#~oJSk~jac(yqboG+grqfcfCRiG`Cg{BcV*AXq4tbSGTG56X
zwCToJd2N~mMIMnC;;Xp1;U4{|S~AxRzbXMb`C0qU6W<dMa_UpJF8{1XZ7<<^w6H5q
zmv3;4C4(ic$Tx!)jX1?vGLh@@a8b8XdTL#+`K(&qdJ)I)>v#-TIBZIqq!nE?gJ#I5
zuqo$o49C}tvt$+h=+l3%R?7s2%i=Liw=qcHfmU?c3_3UC6l2LH9K&Y<L!hu9efsrk
z)g>^Dj>nMUXbXlRdj|b@VqCvEQ*T|lUYy7AN`^96Zzb!+yu!~UGv~^t^*m>3;5u##
z80MV^>~+F$H6I_C{;XT?(4Q5t`qN_^TvV;P#5i%hGY)&IL&x`lRy1S=HHMtRCT4T_
z%@-Iv)B52L{JC1)I+0`eOyoI9l$TBS@Vso{JUcI2;B0f9)yACUz}yB}(V!Xh@F_5R
zMDD)p)^j@?`AOfHXV0xxs|DWmj=U_^`y*~J=TIeaw;wBK_51dd+~)6EFKpJ1IJ?s1
z&=-%S6)l@VGs;fklmCR{FAy@<@9cXlo}F2vt`TF<1MzLHIpUHpK`Z*@4EiyJzWYok
z&v%g`>JOiD>Nel~LA6>f`pk74Lqn;^Gc!Qs_+>Fxe0&8$rdAwi#pNtUuMYCqoYif`
z=f6G4=O@b7^Z5$TTUfk%bd6d)De+vCH4k<3Nt6@Cbx&Sbt+qR2!K+WAe8im<>??NN
zeZ3uPp3{l46?^t4PR$ba4DCeu)1Z*=ufaIo7+31#`9wSqi+m#6;>NzWr_)mI6Pfun
z;>RnE#k^XLnO|e~9B5^Ax3?fM^AOKbTH|F{Hkq$|SaLe^B+8$*Aek6NSz1}vTG@`1
ztoo-s-1}Y}ZySc*Zb32-QT94=Y#es}KXp1iV6L@h1g&)%w>Y;R5&IeDD6!{YO5*l4
zG(K$3rJA_}?ruR6xm@aT){FJ)`XG|bpG)SwQ1SP9#-I06BrxLJgvp}q1fNG+(t_lW
z<ILA1E&L4FkKrSIk;#X7X6+{}NCM|3=Hpt%#|aFT2D#0Hha_{a?O}Izu&=or_Z#+D
zch|`uhjr5*ZLH}nNc5j1#yUQTBy<=<SpsWhsbm~-VC`)VX7}f|e^UA*u{J(pWBq0w
z5>I|&tWprk)&IrN{ubfW_fxLr+iiQ8^&_z!T5Mx|eH{{gWMZtWKOWhKp|HRj`Az@i
z`s7=-&$a)=kHmVXjdjU7B!SGtSl728S-J;9O9fW_hW=sQ_K@vcgauaTK8)mnikW|h
z;a!vJTC_6(-sV*IBIi9>*Esf8Oi2Y=c!$jci_d-Qkg(XC^D>|ZFZZ|b_n#C<F>49F
z32`~V$MHQyPM#PaAJHG#?|x_Foy7EGL}Ho$jOoYc7@90(?z^pjGN1jDJ;yZrN9sqq
z18d4UBoRoAbrjQ&oftaH(vM&CuitHZ&Yp{!{3EgMyurr0Yb_EOk{Ijpbx0<CfT8wv
z9INs`Kd~OP=TXo4kyr~ISdFzv0`A0E-(QF1leaPSvcMYoeLrnPsy)}z{v-9Z@p>C;
z{aPepDKXYH>yX^L4MPtLta?A~*{E;rx#5?8B-S~%+E{O5ay<bFvEH{1N#<WMRB2(I
z)laNX+w+zW|46K}uCuWgGPxd4jP;6jNJ5)2R4lN1F7KxuIBBmvRQ^b;g;&{F2dzco
z`z|q7?>Zz`Z^F=-0;_L!KmD2{dtR=Xa-XbVEzchpZ-4JO&SQ%FwMd%GJS?$e%DI9!
zX3H6GR;~flrn?k6*^%4I;`dqyzs1a!Tx0Y5-ZMx%E~!VJ6vpq~wMdqxN<DH9#Owo?
z_&5^phfWi@2M#=A<sKLw{Qeovb9~vN<DAbK4n9Z4@i`|Up9A{jbJmrP@t^T|6cX~e
zel3zC$1${Yt*}F7mJSY&(ZLuS<hAFVw;V?qTyP-Sih*ycR#}Y6;-gZLe}t7w7cr)_
z=4;-il{=_~#aQ1y!{f^w5noz*u{Za!mKGtOM0Y3-bn`qsOjb-zUnhZopc`m*D$k$A
zWOZIDP_M{maogYliwYHmCX$)rR_Gt%a%IiB%$8y4Gf4CkiDh`*S|piWv3nYnI9>5b
zV8pk5=or_N+n?b%Da^cCB|vX^#y)ez%CA3$@(FiF@P9$yp@_S_7zVEkwomm;^xr-h
zO#Vv;Dkk6hxEW@ip(2H^wZ!a^Pvtr^NAPON;xmUVj-~=VJl*Eq^$ho`eALN*j=4vL
z@t?Dnzdu6ba&?>;yZ<75hV6G*GMIae+b_o33~?6J$=htfn>0|Nto`&n&KqmTM10*I
z$JfhoeC?d#=>Jb6fsVxXZtpWlK3RmJ51$df#5w(pjTYPUekYDu_xJNX3|FibbDwR|
zP;dJT+**ywVtgyUPd~=@RP3Ds^xse0cGHsI-YE(lCG?23_0FexTdWcB?o5YWvHA&<
z)9k^?iwaYLN}_Kt`n~lH)-N_Ku;up9(|pcH>1C{V>>2+4lka-=38x?KlVbgF#?yhL
z_FkBPsK<)s*|U{T$BrGjV((G=QFGp6L-)MPo73rT8uu(bo&JZSobQ4SWuA%tLvE?y
zy3Nz+7c}-vdHXZsPU;6Rbh`2IpO3}T`cTmF{jq<voN?7}j#>H8I4#z`uL^psjU&r2
z)af43=NLTd5B8kuHF4P130nGGM(5OHc}<(W&R!lzYpI~+`F;OrIeqR6;%HS{^8dg7
z(Q?k6oE=B&|1A0cwtw<>`qwFOv~Ccz;LiTha>i@Nj>gjZsh}0OqkpuVzVx0rTE&8v
za(h2z?}*Jlila43(2C6Nr|cd6-CyHq4YBmAvVXLkb2aPZXmvd;^y}t+%HH84FN>q~
zt)LaYp`SY8n3t)GqxG4f<-4w*?dXUzet$GJx6hjvt!FJ-{qw<madcj^WEHgJK0HS5
zF?eKq&EjWAx&KY404;rr+ukeV^4qNxv;&)a(vH!wtL$~u$#F7UXvzPoe%e>Zn0jtE
zEq-_8eNWr=(DRywDW`{?nfB{(d+$d2(Zu@%&HB!%QOhRTWAH^sV#~&08(gDS7ujV;
z_f>XMjp{14%Z@mLvgem&G+!U<_xi^AKMsqWVA)_CcIO6197EajO&QIH@qTY)oc}%X
z{(%wvJ!>z|gJm>dDe!we1^ze1`+p7K?^hr19n0*T8nxYln;u5lb88vR50CYG17rOg
z1+Cl^PU~}4*T32Oaei-LoWDi9KRJ}Yzk<ELg1sN(_XfuJo5lMnY5e^Y$5HkaF|1?!
zUe6f+a&h<J-%P9nf*r?u-?zD~mD_g<>jw<0!sIr_@AZxG&$F-&<aKRib!}(w$NRm$
z@&1Rz`|F4B_iXI)yveYP_j^6#{eQ6Jn#teaz}`18UJCr)K!N{v;{8g|E?G1&)|$Kd
zSlhk-_i*n#)vV(-*ebi6@wAy?9_RP^#`%9?wWY-C%sko$tv_;~!J;*<k9v3S;p2!^
z_5oIJfXQN<-|HFYFSP0%%<IkWqux=~ykA<h?l|0gpBm+_R@XSn-q@FHzURJyRaWhb
zpVi!+T4gI3KX<b}Q{eYT#`;m*8JC;N`5Dj$KeGq&vEQOq#ArRsXpQrGBL)8N-iU3J
zx?_FF<|rS3ELz?^czALr_aCjYS*+d#Ocx6LUSEO#gSdJZ^il7&Xtg;WTeRGL)H{1C
zAJ?q1#}D;hw*24R_p{1=-$z;ZyL=qC%C`4WcGO1hBUxoXJH-3um*U=wT;#I&Lj3;*
z^1k_r^Zm1B^ds^Aa^yDgeewV6QIs3g6guZQo;Pe+ik&wsCP$2O5BDQHZ{PSQMZC5f
z3}=3@H;!|fg>LLOO??rkDfdG2BFgRWYJq!Al-szK;{ShGe7w+qK9mK#&J%0I{)M*K
zIuB7!^U%T5kWDQ=1HX3-x8H$xVsq+kN(EX)xvjtJHC|?Z6y?X$6x#W(sCoXxsz-PC
zQO}<__IEAp+imO*4hA}ua+(i*-G7>%KXIBb37Wp0u{1|hzE{4_wf~xGHDCA;uEQL|
zh>!Y@LBEe<SSm0me~ZOX$HuPga+<GC@Oym|{2z+@7_T2=?>FkUeV1_`%j!FW4)ONf
zxw!xB>6^px++*R{8ml8qY40|D_IWkxEy7RQcaV>{{}p$$oEzoi%6{?xT~Y4Kd@cU}
zu#4O2-QxdcQSJ-v692!^)w5pH?_E-@Zgq?!?;hlS$4BD3Jzd;Sd0+hhc^4m7{~`V#
zA4S=%)u@};cZb;+Ki=;RjQ8Iw<b2W#p+r7Y%~0+qTlGG7FxIF2WR37crzq5SKZd>%
zer<2Ed-5W_=kgwA@1UIK!vw!KGTuK+;F!`24)+M|_ggp?9Tc|cZ>Q0RZ{=-%xLLIM
z=GZoGJ;wEVYQt&tSCJogm!KJWCRVR&MSmUf=l;_S`#8;a1WjKsmgaOp^YIm@LGwCJ
zGi34pY%I+r3#Z<Hnt@+&ngKyme<GIV@5Fd9XL<kI$a6KPxk%9Tgksxhp1^s-Z%zZJ
z$f^4Wi}#hWIA>Df!+Xa1y)f2XbARD=dr$noCPI&S%km~3Q(5}>bqBX!--~+-c0^Hr
zs9CHT{Srgqf(>2?wzEEH<seAZN6IG0?n47m=#58FX8sQx;dZ(=8~tQ$wOS@@^m5TZ
zc5V@QLsNRm8|oZ4ui#_ccp;~7pl3eX8!5LRn*^T+qa53RkBG6Zinq&hN4xY^pXaB%
zz9Ck9elTux)W_Q90m|(J5%nDx^&MdLBek67D---)&jfQGx9oL$-}jU=xzG5&W)3fI
zldSnND@N{3j!b?(J!pSt%^UUSyD10x`Q?Q1e4RapUMTFhxxeETTi0$A`C!d@AF|_{
z5vQp4YzJOzKB+%=2OqTSv*vsHQ=fD&@%XrH9JlX`Mt%pw#OG<P`PjZNnfre_9PK6M
z*!siAmmLm1Qtf!=RD68s_|BT6>d$vuoZo$G$Cju1Zj<9XYp$+8-#zV+i#3PbAGr``
zeJ|ND$EoV8?+`xnpHIVnh;#K{l>p5R*n7q!)nGiGAonS=C+{Cm?0cH?R!#Q2)ol(w
ztaXR}@Num}Zq_`0zxsa%w=+*2L^(BJpV`u{1><zq9!gmKtHn4l9*omnZy4Rp_wb-K
z_nF+wK5PqnP6x{K(iEEfi>P^?eT8VdF!1$WYpvJWcHjZSJTF3$Tb^Al+K$X@3H%9+
z`JnIcIr0tNJ{aig<Ca{92d%l(c)7;oI($Hk-KXITMREnM5}@-|+d2jJaa^~Fwc&g*
zUTiqd#|1VXq_o=O!GqD>V;plne>}Ha?+T2s-PnJOK3T+uQ-I#M+OE@cD;T%Ojb~pv
z<YvtkJLMKHv$Y3MzDwv&<PuAN`Zuq=>;TF)if_ZidVbs6y!FBZj=r|op6fbQUwiO?
z#am9$nsZLn*R1k)A3%B1YJP6PTxZX-FrIoIyYc|aR;*#g6zP4m@6`uT&RH$`@f3xI
zM}pDcSY_q`en$P0RY=b7<iAT+A-SfD|1MgEWUTmo;VL9UM49tfAt@KX$E`wgtN1-;
z6_SfY`EyqxIUt_ruR`*<_?@>3$rGZ?h*d~l62FJ9LPABEtW{P{-Hc#5`}QRNJ!BP<
zC&llxRv~#^{7zYgWP$k2`cv{MB&;trio54o-<Q}kGP9*CYM1MLf|na9&gvh3g0GR3
zqqzrWL$X7E%=|GTAB{N&HV0ZeMNS&#(|#onYGFFaWL~g}@Aqh*!}Ch-{)^K3m3&#t
zxBqp}6+TcRx`%qu%?`45%vi<O${F2kLDy<iMt_HczGZ9shnwpPlSg0lUvc6WzT@f8
z-*XE3YdHOeWXBqvpueF%@_FwR^cOnlTRw9l`n};dPC@_o4*FJ~?jQXelm6ol`cA#M
zLC|IW+UmPby4D^nhLh1{G@X5a-V;c&6VRRMz-#$Xrz7vXPa%)<9rP{V{dDC0%Tv(L
za^e?0=jq^APC-BVgH7M^p-+eYm{ZXI%0b^6k4}gFkW<kAz=>aspZ$|Rw`0d2x9JZT
z^ex&iJ7`<}TmP^RH?g<%K|A1-i|~n0M=tL?-nU#9IOQUITAssxfO#I#S&ws%Bcs1J
zm-nrWkN4c;xHtE*mV2DEMf`L+*jJtc`>&jG7xCcf(62cK{Za>gD;_(YK6~dW=#O>K
zx8mT_p+D;s^oRby;u|{-IaO|t0sScN%z;6_?+1NHE}8Eg<xh1+w*7mQPq=~csZKn=
zz8fCwE%tEciTJo5n4EcC-tI?v=b81_PQgQb?wSq#pzq8v@l=1xJI=2!bCmBb_rat6
z!0bGaUh};z?^B%xzP}%MooBW0>IW8Q&KsY=(pN5nYx_add3N~n{<NVZ-^{fB$j_0Z
zqtGm$6YML$N`au6-j6f(dEcW9N$_*${RD^IQt*%)g3kL1B5wC{kx}}k#e)>ObqIuZ
z<v>SOE@&6)r7ijTmZ@HS>r{`vZEE{KUe1-I&{9pI#c;<G@0f70G)SS-lAyzLmYM6K
z!<P!$G=Pp$35;<gK^y%z&zH3;88&VK(B4>y#5Vy#S)ea*0c2!>z9TY4p%&c|xMNA%
zc$;n@h0`_v3c8n%0Bz{wJpUOAx-Bb_L<%4z3%W9+JI$s$nc=<AL3fa#JIJPcXAWp5
zSMs<sZy=}J$nX|JC|l5F^7gtF>Pz8!t&hyQti>C5mbl6dMzc$yf4oj=@#QG=zFS-^
zX6_wVY`HBiFsfV%y*CG_ZzQKz6<4NG0s}x-=Z*v#pFhsZ9k*fyl0As>vK4&a{9`Nl
zJ+oOOlvc=ATC?uY3a(}UXDh8wBg%5N(%Q=YiudyUaxjD_XJ;#||6qT`^X&VxgMUMm
zkGNgIU1`vv3<mAtvq0OG3>`ihv|TCCQ8@^->UpIt5qD;=ePD7+whInqt>A5Aelq~H
zD_x+m=eveMM|c2eyRx9eD}k0hYNDTgC%rX;=BFz3GS-F_Kt1EYIF<|_p$j^mO#_X(
zXSUqJa4{Mw&=HV8D;@xb`F}EWY>A?oqny$58l2Xol_DSc5KgQ6{bv4t0((CNXn0)Q
z``7sUb64{Fz`|qV-iP`7v)TJ{o<otne;-l)RDw{%?FxRnob%7{S>LfT-p|X;Z`0Vf
zg+P5LF!Wf8LV0YG6+Bmh4e(S2eL67IKT3iP`4ViH9hl%R^A!8pSkA`yH<|v0C-|4H
zMB>e@Qdv0<E9c4aLu8VF%^+R9<YgoP`mni(GLv-xKx6%y>9fb9P$px2q(T{fH$Vn!
zm$s9r={X8zJnLBsWwKew<M;;dTV(mcs4)GxvK2i4d!lz!Rv<aMmv==gkc>x^B^PY)
zD(U`nB-pUqofS0Y3Yq@)8p&VlDfW{Wk@yZ^aaDGe`nI6OWW#u6vSBh}a$)jebujrb
znXo$Mfxd&u=*pEyO64kb^J#v6p7{RKl}Mz_Ds>&A>`hfDYgg8uZG}K@674%1Q7*ke
zq0PBqcol_K=7Qk?eg_HUf|2Qh1}RCQYu>4#)4;WViwm?okNXpkrcixCxL8k7Xdbgg
zNucEof)3pcS{^`$&jrSvBS4F|0HZ)$zcYfLtq^%Ao$HpLV2HhYd^wU}6lJdj4PKAz
zzx#P{_sYj;uzJ5jlw;O<Kjz;(vK+~iQIz%T%EvO>5JP(>hW0TVlB2YqV7%v4ssGFP
z%&Agu6Z}?Yaelp7oL^=y!<k?lk>Efge)Bbj-r@-tOJ@q(o5XD|<CodqN*5U8vKhbG
z!Ii>xNN!;R-9X#6Gu+uh-*P0i4t|TC=eF9j-R9T%og}_fmm~Re6lLk=^06iN%dxaS
z;QY$DoL|OYX&UEGO0(NDa8~d9vGxq7hl{IHdgpJ^VBVgySBQKpPMN>Q+hxphB)2&D
z>wHeM=exbM=ezv7oaIQaXYF}Q`B-MNV`#s_`CBI1vofbjJrqSbBEf-kC1@BWK|@@h
zVEwki*(aV6ed7KVNTlp4b@yq0f4lhpjul9%vZ~abr}_O%@%=AXAlZ^xrEZI&{M>RR
zf!8s_=$P_SWRnIf&*bq{7s^j9M*>?Dml?Vo$r(|US1w25`D@}bgO(%twu@sm-#KiV
zv>Zvy8docCi<g%nd8?Oi4lj%S#`8M=Cb*2_P4vyz%aAzrb<1Y1(@!izvaO5fE{9Ao
zBt@ZHGQeQ;n9iDaG-ZI%{7!}G1KkYL{x%nA%0PumnnFwS!o|v&-2NzTZhrzUZhx4M
z696#oOlLZq6MSho*IDP;HTag{$O%5M49S&f>+H{;<9Xi0ofu-igEE`zWCx=B%Uq@P
zzsNBwXK~EZSqyV_(CTM;YER61GRM3n!|r1Y^E82(^)cq}H3Jyy&*c5AUf5{nUoqJ+
zzpC;}F7KZ$L-LKIpXG~w#xOJgNWZCkEc1yNW|CuL)(3FRr2}j^vpT{_JuycF=F*gK
zaU><NoU??S_q!QpIe5czkz3Z0Gg>iim>l#jL-H2~<|EH?{ut()5ao!l<qY#tfqBm|
zB$00u>-H~}A-M`|on!vEQ}2Gd49R~G<(<orz;}shD9e!i%0WYpqcM3Ik^rK-br}-n
zo5VCGE<-ZKK_fek#^`1It{q_VcMJKunf&Eo_t@hCBlJ#%nZJJ;WbUt&_*inmi@fhJ
znR=}J*hhH(d7mJ8#-X>(BDbFsMKd;8jVL#9{Gk{bIk3YrBuf)wv-@CTY&pR*UPMyr
zR_HN-jrFO3=u^)SB&q}3pPm(Wu0_#|Z!Slae;bEQj>Gl^K~gHPDM_NQC4q5r98gvV
z!)NY!a>wE;HSy&J+cqMpbSw0@z-OKJJ~>XIQHLJR5_$Z5Q4Fznto@FPyFKO-B<$J2
zD9Y?F(-&}H&W^+UEJ5;h)XwjZ?sGosdH~G$mBp;)S+ma4Ru;>$_%$yHE`*_=<t4#A
z;cU=Yd<&rO_|IcJ$6eqjV6YgMN^syftMiQt+AhI?zz+&NIcGpi9!UG$>nmuRygH|B
zvzcS;o+Kzgku;?2gtr7VW>eb6!K90=?+z+7dwm7XgW>yGdG;Ou=9lI-l|`UQBcbS(
zgNi9*XO73Q%Xr_;OM;F1??H3g(m(|myIii0@qYl#{8oYkM<qA_4_DCAfePJvkmo-;
zhvBN?-<tQD7TV{t!v`y<dB3Ox2dF#A&uq&XpznasD@<SBd|nO|nkq~mKT@dB@Gl^w
z%vW04OB9+1uKmr|f|lo&_Wx!UXv$!Pj=2B+<JkkjFLLCYYuzmXhDY3`<&l8u7lOg$
z!t}>GS)tMtFh(aS^sP(4Fz=fYdNyTN&)oNL0T>GgD*SFA3HApr293q+?040*pfSu<
zHQ>Kvph8)U&3Iw&lqvij<Awdd<$BP3HQ?Xp9uYk1&JA8%4t`Hf-to5(<qQ{WugVuW
z=iYYYUY!bB;d?V^`t<I6|K=W+HVF>+k`?N$W$i5O_ssx}J!{IJ==Xk8L7R@2^XC$1
zW0oQDNc=8@h&w%a#GM{|Z6hB`GS-4|$ekG+3XoBmqEOEer8OMQE1s03(7@O+C4Wd$
zs7IV1{@r6pd_S}3WOd)gxPTxztj69)pq$I?%a_k{UxIwMKt0-|tKB}uATY<crH>)`
z2|z{+|Jxn;Zzq9P`0)%nr?_wa!zFS2|7?0U|KE_F{68r8pS!wu{(at9{?C65NuZ)9
z|CbRY+7)s4F`Ui$e?stoZN~z&c&UT`<7l+IvkKbWazO^@JD7jT>M`SEU$KAACM4|p
zt_PGB=X?sf&+&)dH-DPz*i-HTeaBNfN?VW4cKLU^hX>o-vWf2pf<*Z_6t%gtf}3vv
zKO0Z#9y7<|f`NqFYS17QNKxpu*F%wOkU}|cnL!1neX86DMQc)cKWER~n=2@LcUh`J
z+uiOUNYg&mZ-AoaPfJ@_egAw6Nt+obX9w?m%#?4z_m3gbZ-CI@8=<I7)ET)MjKEPP
zc8*B~<CUX8FBWBV8H~V**fQRkU@$DNoB;a93CUcOkv3OQW>3W(5`GT=jcJD=V8q{_
z5gFR^E{nj>p7&0K(|H@lw}Evhg4Gr;|DaH22e&ZWmaLe1r%&Yi=zW;$XJjyFP^3^r
z0mGH5P?y4e1IgU~!^hz3t^&jId!^aJ?*-_9GBDm7V)|qoJ>}*&vaz`oG$mJQ?R3NC
zs|Uh`fuXUsS|1Mv!`0act)F(|%Gw_}KNgpMiNIAVaFudgUI(s!UTNcMzSG7PC<EiJ
zG>$7QaFv#Uc1^C*deohD`L1NRP#GMH3&w+StlZ^4N}yGXqTFoi3>4_^VzKisq`A02
zz4|d-Jp&+PnJ5!}JFd*p1?tkJy4vQ>C}?+Q7Py(MweITl75mq`h=ld67=8FJ^Ig(|
z_bo;8CvnHd+@(l9iSpm~EJZTRe11mocT17X5qIm|xs?005%-AT9ZQkiE$;rfZ7Gu9
zBg$+XWBvsDYeZ50?9c-Bnx(orkd;eOsD1$$C(@Ld{cClI^3_X`lrj51rCwdSLRa4x
zcX9lDY2yALuY1g24`0Cjb?HLTO5NpSJ@-Sf(+vfAVb6Zgf02zr+a=cK0lC{>ePAh)
zWYITAfIjRVM48d@6$@HLHm#$Amfn$=7L&)JrAWfJne*ktYLVaJR<M!#T;qh?TuaS%
z4C<w^{ZStahA%~-w-00S$GrUzo_XSbrhs-Hi*1v@|LZh`{yho&=K;`8w-ogL(R2Kc
z6rf|06gpD)aQmA$ZI2RnN6iJC_Wzo+=kJGb#ff(=0d2H{_SZ?^9}PfH#?c-c<!$j@
z6OyeghRrCW`M&f0CEqSky~_E1HlBU5QTT8lp^+OEWdi5>kNvPf_3G#QnazJsl+m}N
zp^AIFCS{a4?(xbD?w-o;@nYo)|6%%`+uPllK_+WP%eoKF978~%(;h=|cNAqdK3(%R
zn*PeY);>vB_uX&i-GWa2k4ylAjgf6)KC}8~)9J4_@Ud{K%k;rbpGSF%^^>gNb4^G}
zdcpi;iH*7O)mY3-Miyps+y{jYdkjgr!2HrH{l^>_6NmX|Ih~pSbD))D)|-&L)5UZU
z%=6~^DuA*$qSFn*eH9Azynvy7g+OO6MY6BZ9N&#L3ATGbW_bDC##>a-SeY|K8K(_X
zE&$`CJ1f}fJ|oy(u2653_i^7)Fd}IR&4Ji{zDVfNbxlZCvKYgi6>K`IUd<%B>ZI!f
zo>%2PQJ($2vI)uCEY@&K`@cPjnld<h5%YCNq$<?u?@sUH7+4?PHw-irM^Y?~M+M!<
zP5ge-WBa*J#{8j}dv9Ll_uib}gygd>lwUr;eV3zRzZ`fb`ZFF>Xx4Ux>d6YtR1|vk
zC@?_WfxD*>i9U+?Nm()XcC)yms|m?9W7rsz6};wIBuocB&a78Mg!@KjPRV1u9n+eS
zY(^XBKbw#QPH;Vw9QU>}-KuCp@&VddKWsvxPz)W3$NagCc~YK@`Q=6=zP!Ykw>Keq
z>|Bm{tiXIYuU@@(nT<KzfuWsfx4}P>K|3)lR{j&CD1Xt2<ijqMS^TFqiE~FoSPYUI
zWaIAeChq^RnAVDCl{c6?a)a+QA~`1R`){iN`u9d8Z50aL80EQ{Gsf1dla}l1dyPn@
zL{YvWS81jEE<cra@wWFjnR(Prd#?Ny%`sd05Ve{nB;gOxcp!?hW%na)c-JZ$c@4GS
zF*^YIj&quLj0k5j+*u~>{f!*=78l2D+K|8Uc6_`M$$z_0J`DBhy^rat<-4-DpW)WV
z)vH%8*VQyWeyWEB*4ueKX8nQJ1=jaa`z6ErE*i7ruv%r6*HF7AiZb&<c6IUbfywJn
zLS7F>9Xe5~(5$y@o%kff)`^Q6kw9ioonUt7@+KsQJ={NhYJKc{seTsk$CjUR*j2AC
zeN0zB?LwLPv#f7f^De%0FtqdQ)uqdIb;)`p?{{&TSl=4Q7O0`6x@ykVy3>O{ZA8)_
ze3hAvNM4De+;l;`8d|Qaf9*oqxUgRRWVx=s8b?Q?3)D}R>S~C!Lt(v|xk6W86f~J^
zb~Yl(OM(lTe3TT>*f`6^z?q#WH>YsS%r;uMVKf+ri|f^^SLo`k>yfN>&<Z<f`38Y@
zQqa1z6Xl|d>(zT#=xU>A<J*M3N6rBQk`xMeD>PCF6wWnsMK3vg5@l^jy?Qm#)sT5N
zEYmlB$Cc2JVBkv(X~Kp)8%23;PQ9ABOjldt%3mkShubhTSM=Y2*e9H*y?$7N<kwv&
z-`~W?@0=*g_ln=sg)L=c#GWOrA7=&GIKjpPHZDBgi87Pn$3yGYdx@^jGwr?<Je*sv
zPFkj`)lrl!%uh8U34fT_t_^KOa$nTC!<y^im?l2<dA`F?j6W=JPwhh4;%{*ylE`~}
zZN(U0uim>{SBtvDTwsov3(R49oMX=u4+o=Dg6*y(g;u>=Va^pdJLZa;^Tb>+K!=_T
z#=|Zi1Hb?t1GFWB7RlkUiF1xPyn@dWFI$3SXD7-guO8Wd*IGVD3|$zyzKi>zx|oBm
zN&>CT73<Ubx)S@Le_w*cSs%3U`W{?@WCrsGTs`d?oJ8$=M7c9ZY5j!RZ<l#jsA|#h
zE#)-sT!Lg>C%+d^X|!!9P;Qs1PNK%_g>n*&U5N6;MsWwuA-i3j_cxDlv=_rpmLU0{
z6XnCAzgsr)xM-`$Fy2<p!(!XYGc0jiwIwSwUsLFsv%<w~DW*@;v1K4{t7(H^qn>Qu
z{jzaO5@<(rc)Zpo)*#wkK)p*i-xHP~dBo9HlB2EMT_{gWf{ut-<EV7mZFTe%ZFPNo
zTdm^t4PAoddm-nqme}^+bCS!sxeK+=mmu+Vp>aU0A?(1|w(X8rC~9q@O|u+rsxRVo
z9rYvmRVT_#!ZunmU)hDSHmP2nv_e;Z-D%&2dw5{IdgL)(y_MOqLHxJ%%_ChXzsPVc
zb@XG$oN?X~Bu{ms%<RSH_1vd~=WvqcM>d_w={+dc$~<TA_HG+wuOXQ8*Mq=d?QE^#
zREl}<)aUp-IOE;&8}ttDH@xOYQjc~UHasKF5l1n!8d0uYf&`W%#@)fb?c_S>6Ke-v
zcPyrW3ykV_t+{zuH>R(j<(N91n09eY#E*nVO-$PvraK*&1|!NhFF_J$Gcj#2%Q!H-
z=SPx^C||>L==;QFw)v6V;qV<VbNI2$7NnnW-p~7rId?A&;`j1ed(XUM_;{zJK#{L~
zp#Os<NGi>-Fg<9!gA^z_Hrw5DOo9!SCrVonzfwV+cY{nD1o!xoK<oZ4gMVkPpSk(I
zDr?=ZIT?(2`g#@=`A(F!<_&^-N(X|*d{2+Le<v$A(~soX?D7`&+nOWjdf@Nkp3bb8
zdpxb@N8K60ubEtCm$$Irv%Ga`2IxB`X}ao`U_0;_uAt4GUcmS26#K7w9?2huLMWq<
z<IQ4rOknnQ^0mrQek6%;WCTa}k-Q`3Nap17`j*bp)ji_brnC98PiE;Vvz@-2QaaAh
z$GE`RVE9Is($RjAzl{B#UrOnnNi8SG0rmR%nJCX-es=RYKVKh<j07Xc1r4R6Ci;EF
zrL^#}Qgbfx*eez0TE{JHECZmhQ)*%MK~oe8gLwYY%&%Q7@-BDF+-%bqH1GO-p#e!?
z1oH*6WA6H87~l3Ind^zmk$DyvtZs8Y`*X(~Ho2gc{Cfs18PR>`u36`nWQ8iM{ACK2
z#!RP7mhE|9DB_Oz%sg}Mb3>c+o|`<-j=SZc4*HIgt9A8vek6^Bbt;ob_zVce#B>9C
z-pdOEz_?!mBNOx;PVBlHj1Yhk|Ghc)G)|%IZrRiiOJ6KK`TKKRADwF_z8`oDu(E;A
znH?I%+xluvS6SKFB1dRr1Crh14%3DPB%g@9x{Di-WS_(kv*X7!UEMjRPL0`{kPAkJ
z*kAgl_+D>7(i_Gn1V)ROPelE58jv(0%D0Prw&#Gp!_9ogQ4{^62D=vx9H`K91}7~l
z-93YzJ9xk%<?9*ryurzf@<E}86n-z0dB1il-xs+w)xP5>kP0z2;p0@Gn+DmsmEC|O
zGKlHc@R*#eY@EH&kA!5z<s^2+>RQ;v?Q!)wKBhJn*Qt}Pw#Pe=z;N=MEM!~UfaC{p
z*KuJ(tX%l{x$NMC1|<8$JgKGo3q;@4zroOO(033`R~yIIsYl$ygTF(RXPsB4hD7`B
zkH+o=@(tnZK8>Tf9(<<hYDNQ+JIy)6;dcH{Kld|~;}~LenSO7YRHt5pD6{&~3+mK|
z5M@?>hIz--@Sug`N<`VSr<CSL&i5CdU#EJ*=lhvFz7=~B0>{ueN9>g-+*9h9(@GDz
z&*XDjtlWLO`PkC#P7kv2h0(I+v`qPeLT~iP%I$?H${QMlO*&?eO$?vq`&l^6d+r<f
z-N&pS&zV@KUVF8!jzE;J7xvDDD4$GI=)WRp&TAgG&auax=XLs0dJ;c#{2PHI0$|J&
zXN{+eJk(PL1N|wpwQhwn*)qG)o$vQQe2jknQ6&F0<CctIwvh7)MA>SKKQx&89~1Iu
zo~L;f$+uCiUn?I)@-IaBT+yyAh%%$c^nmHWeld4`WfbME2U=s-(zBKBwRF?&&l%9d
z#zXxa&<45qy84zp(7*)^=~vC9&UHejw~6nwe#;!6AQgVWzJL2{&`wCOp}9bz+N)v=
zAH@6XmSivj=PPvHqdfM5YrqIxq|oX|#Xgwpzz7s8^r1(Q>|yPG6CaEA6aqb?LF6|o
zRA}UOFeDc=1d2;($@mJ>PP8Z6xv+g7N-eD3S&Civ9~xaPb9cI18h>uvi_}Mvz^|P-
zoMqEqus(Ti0}|uzxV5b^FqBs-V%OVB!3YdfsAoJFfsqRRxxgOqff2}8D8v3gk2<hd
zf)O}Rp)(%k?Z=)ew{SkU3%Rgo`fWCklLe2ift<%{Uag?NQuw&*TOyg`!~_3vwJ=`I
zeAWMSx6mtXK6gBVBzza+Grij`dfd}KWjek8Q6$R?;?`Wpf-&pW3R)@Vpx86t7%;AT
zwSoo;%snqOJRXec4V;I_FJjmGB9pjGrZxy4Vg~2M>zU|ZlcThHiWCZL98ZONd>4Y2
z-#LTd=Xf1xg)o!utc+cwX8oelc^BY~VBSesEA+;b2_ZeFT1^u1#iX&i8kr5PPM*Sf
zU}TB;B<rka%-)1yU~Ga|IY3U&wM_Obe$A6Ti(eaM&z@q>#63JZ8^3bEXq&CHI{ia)
zJk?A5|5%UY@Hl=SUb?vJ%bWwt?CEdl8DP8&-F}a0s{*ND9B;>1->IGNeR|{(=2M=c
z|GJ<7JQMxtwF=E_Qm8Lkp&5!oKR(;mBZbkCnI2`v_-;&RfAuJmO<8RGOb@>J43d~V
z48y<(c&g1dxq7VL-A>u!E^}+_VQs?fne2jwHfs;VH;%hDM}t=U-3)qkO!vMLzTT0g
z(0d*c>qq05P0?Gwe1y-31%_~4TrT<`>!(bgwm9z@90%qdsRth6<1xq(@_k)p;<WY#
zTzwwbDGRexcNF29?I{6T_z03cB?|qm@CPP7f@FnxrXoFfn<ICI1p1Drk`=lojo($W
zHO;lC(Q#MFwlw!5UEEi)C5_*8p^JQ3n#fHLBB#>*;(w+a7pDR}biUnYI~ODI{LDG`
znrYfNCadorK{D%Sv3qpF*|Gj=MDD($k>>}AyVoJIpYc9Ccw{k>>qTCGgNu>O621<T
z$q$RUOeTmmS@vvS%(Gnc*`AnZBg|*J9M77W4l(~}Hne`R7zvkgQt;EoND2^TW}B(w
ze!-8UHiq{F9b|q~dzIOi_nz0cE*_7f{HUc9ZZJHaYW3%Wuhzv#DtXN5e?`<|EJpHT
z6y@qi#N5tRU{H5fP<Pq3Da%pUC!@JeeaiPoZ(wEeJ=H4n0n9U=`e1+iY%tIHG9I$U
z9U>M^)|VL0e+u6I8AbV+J15v2wfs!pPk#`7!?PPhADTW=mU*AZt#S8>tSv63$MPro
z^)y&il_o8!PIE1)O-owz4JfoOZNQ?h4$h#127vz?06J)(LI<V-4TC}pQ-P+JD)c(*
z&IABDFBRyk%s)>yb<w>4@Pfri0y5wC<MhuNwx2$NBz;7zt_8l}G4V}{k-QT{IsY&p
zCrYP)R(N~{ZJgR;oM>>46EKyJ6DJmn`RcPF<QZzW#gQ>w{(p$_99GYWx#+URNUn<V
z7--sJBntAq3sV;(x!CltGrIk2B4n$az|bD{d|#D%RGb~ob)1RJaM%#$3yxik<e*qn
zId3uFckVGtX})iw->XdY4-Im?GuMZ{z!0=mCDc_$lhwuOUMJR<3yoM`yk;`@#Tl)a
zJ~jQ!21d)>R;4nZocZFC1RIz?zI!&bGF{6Rx)$FrSbe{Lgx}A}bnen9%1WDUD{~#^
z6y*fGv;Gkl{m+9a|2s{gQ$I#??EJi!96K@N^f>M-)h!lhB_{KnQnhh8r5;ZMdWEpT
zmVY;1^kv^h3^Cu7`Dx5QVSSalGlI(TDs|FmTb{{Llzl0-zJ$iu@30GHI9R2!@8a9#
zY6p!YT_`*C!fG!|PU#LAvGR9_c+v9Ja50ZPU=xPE?_P)D{rdP~;YaVl&`Ebz@Q^z*
z7#P9vW;y(zzjmRl97>G!USWemT_|g!uJAstBMf)@zA9#qHaP7O<AdqQ2*<s-IgWOI
z>0xe<CNW!knAhv9bE&9vSr^LTfz>LrSx#I_9ddrU%N{$YJI2m!X-SLN*vZCFHg=lv
zx?}wO{~bFw4YTc4(!)sL?8IZ|*=&saJB9`>7C8&^!Pq0(KuNDwEn9Edm>XFebXJ+q
zfAwlbcfUH~(3RgXc^u*LvffV;vbwShWxcCP%@*IYcbN`3UC+La+V3Yh-f7IXd|XPI
zjGxS^R`cNkzc(_myRRQzhlJ^h8KaaaG`tB7#$$dL%8ZuPFWC2o-NU=FS@frhasbup
zQMVkl@~Bwj+omp*Z%tF^t!vQqhpoLTrcd0<UKP`46tUmJhq?V`aS`N#5q}rfn`uCw
z6Z8F(J}!;fTQhs8y|-rP6SnPRa%gvF_G$YjiSe~qjIXXPlovfL#`eKrSh7hHddp;E
zwOM!n?~LuUXNo@SGcYt4QMUYpPe$treFR41gHFEJ#p>Uagb$r1-v7N5<=Y<Sac6iJ
z=W)#l(~sC-%_Fo6-Yhy<4j$iG#Q8Hi`8Zd-2+3MDmb_U?^TQMU-oQlvZ`X-D%t;VZ
z&f+%ah(pI-?d0WOc$$|xiYPyjrqJ9s`FzX0j`@~e_b0h|o2QBPj->FmcKRv*N&_m1
z+?YvGW?St($MEDj<f3;9|F00}m5j$ih2DuMe=6u-YOVh-Leh>XZ-1D#%^&#r6jM*i
zj`y^G*}@-V?aXAzWbnsDNSHn_IWj%CuhXVc?W*oUgNk^;(lx8inI7CO+T$uggYj6F
z-jfF7o6)e^lJS47__nkYWfsFQTb&da!+hAu<d+$=d?Cw56^Z98mUhO`=Xdfo9_M`0
zQ3)EX90OZksi3P}(th7LpdDf3>1=n4&f5E2FdEa8n0cf?PTYRwTrgPKO*vrh_o+V@
zw8mkv-!PxfqcOktjwO0UxY#H521RoC+P0D-&e2L>jJp&x)}{j<j?EYF#3CdxJvLu}
z@ZUeGbn$)D49Ck^KpD+_qd{xT>I28+HjZ#E$KlE4I9LpI`9&PZ?nO2ZeKbEm>a16?
z>P-WhmkJ&G&I7G6r}uh2SK0LjvU$Cb&Fc+hg0cQ$Uhm(W^`6(W-nMj6?=YZwL!e_H
zll#cHwn~X@tF~dHtx|yIWkAOnOh)-}-;9j?rqudoq}je3J>x*j%Z85kQ$RZ=!GTEr
zM85>nsV7OHpefWdK2jV=R;cSTzE|d!^ZDA1J^_rFoD2D2G$$*ReQ&Pyz;v^G`#4^n
z_2cw$VEB?1Gp6D6(t~ZuGwChk?DZh0{Rs^M13Vlr!`Lzow5Icvm^Fts2^s>9^Ag@+
zplwc5=<%U^E#c*q9&^d2KN7PBbPgD8?(AT@8Ar&$e?865tsQclThm9y#og&(6#g-8
z&c_=&UlsO%@#!lS)LP5j;!?~U5-djD;sVOo6Zw4484Ho*i&!>!AwN6j6Xzf=L6q;y
zQCcS>%DS7cc^L05RCh``ix&#o+!+OKW{V`)Fk2t#2mNCI@U><Rf*tm{<y&IiGClZ1
zJ(3DUSr&WM*t320NPObib%^rbdL+LV?^s=J^+;HKtnS^2@|X2Ue&@hAQDB_lcy^h1
zHdEMdW-pt<3stXYvbmn!C~<q8wvg{}WO&OLiuDnRwF#JeoKhC@aiC4if0}!4hJsP}
zPYit=UZ^$-T(2YF$9GWz8nnJA4HyE(rY|s5wAH5ZEQ=>4Xz+f+^~ocFmbM5<1g!Hh
znZaZ3%;1`*IK2mu?<4aJQCb1>iVKqzstg%Z@^YF&L7cC-hRHV9`d;q#S?^wmq;WXc
zD@L<>E$Mq6XV=yv`Cmj?0eweTeNUd=Ou$q43@~PWh9Pa6&C`9%ueo!2i?R@jN91VP
z#$qYZcYK|I?(+%g`UZkA>vIgvebc5}Dd-j~L=qUy>AuTi4A6Iclz{HCL~Sqtj9Fh`
zsOfJu-OCZ>8TClM6aGM1Jrazf%zTko6VR<rK$rP0g`Z>S@ZW8^lSKS^em#<V#P4zS
zNd6*zkEutpQT#r)9?6^HcYZyR^pj`=Sgb6;0V(c`_)YalT0~j79?6_eG}c6UUt+Y2
z{;^QqBrs%%K6O?--zUPpNvTJ2P|R-(tVi;th&hw$k?eNVneom-)f?u0XOrkV)9U#;
zT{MdFTwxQ~|0h^Gh<?McEEaShSjgAko{6G-|3V~>^up8FdL%M?2l|eignXII`F_20
zQ$8$qcdkjW_f0!7)b!p$mDyK@rF-5IxZSem0N-DL<l`tB4TA4~EZ}^+*9)Ej^+;|<
zlpn1}0uqGmGWNP$=K>^bT#Z?m1u*7*uu%QCm<wgUpI?CFb3}RW)`hCmUh4pcr7J;!
zll{L&V0&83=lHV4exYoBzLk};&O-ZSFuo9ZD)Qg$nWw^+7cK^I?msYq`wJ0q9zEg)
zW883lcDhyQd8DL!?!_F36c^vG@O+oK$H+VbtUkflbr`Q!o(fiGZ5PULGq=S~8hoEk
zcJQtRNLaa*tekV50(c#dcX2(uMU-3C#q)H0FV>iSLxmiMCXmCBo^oh*$N@&#a!`aE
zbRh>e#;qU5<#3;ngA*SJ89eHc!B8QC@aH^N$Jf|5?-K-15B0+P1A_NaqTGEB-kY{9
zRDX{s8*eUD@3!(Oq=+-#DLrMOoY7MjRW8uXJTw`7%VAt9m&2q!<Z!1$4j(=)&e8Ae
zpB(nj=losQiyW>Ma%dCfW;x`*{$IZUNuU|+{^;1Nmc0N;au+YxyZ{Njm$+Qo0wlkR
z@^WMW68-(e<&qX4xvdxb&@~@PjBLK)Yi*kZ?meA}zx!|8cj3SD@17Rl74}kJTl{x#
z@$ZQEZi=uKdY0IWoMq?PI3e=&c;8K&8>B6__uL?|m9rv)=P`I;ffx^+XC(i_^BByX
zkEA1N>&9h|+qpqP%&)lF&a-i?BR5DmjbpA#v+@;WckhV|pB0On**2e*(`0D4*e7uN
z1a6-@7WbKF@jaAP0(bm<%qPbwv;u9+xsQwcdpdc3gD1uM)TQ%zZiA`J$IMk)e_(#6
z;Ag+pCzC~=Ozz2tGN5-psxrgHl_FPCSnL7zxMTC2EK1^h{9N!+DRRVAx`CDoK6W}}
zzi(wMAF~A?X9_;vj@tOY7d$aO*t;F`c^;8OePY^to=3!b7oP*9WImEF1fB4FB)(qg
zOqh@4iazL^JD=y;cws)0@SempM$AW&*9VP^`ADuwn6D!@CSS+J-Ft3_cjxOkySZn+
z4$lu<&tI9xV-ZW%kF1Q%*TH<~s`)%$M+`Ox_V4E*xv`)5I-K~dd>uyud{6MP1o=9K
zJFxxl%Gi7z498HR3k&9PT{ug$mo}g0>*x)0cpehh|EE0v5$Gw;$UZL5+vjmzurOZ|
zC(jv(@`O{!bNM`;SLTRYHhr!KyHM_W;IA#)BsgH^!#oq{P6-aoez=0(`U)EpllGsJ
zq|n+S<tM7#p#AhDl86L`3(P%;AGrW%z63_)D;4z6nF@`#rC>hT`xCn!*lNbNCG(IR
zW7zd7HQ#0K{cT`zm>CyGF7eNLQpCk)D&5~O9$XSM)TAo3Ou5A5!Q|a{iJAXu#e5`f
zf2mTxLwgSw-%l-d=kmnA3~0eZpv8j}nm-XjyV9Uz%Mj2!8T{OjN8d8FB-M-)X++j9
zHGKh1p=&C_#TkPXy4nRDngquCXM(mm89J17&{n5Fhj%<^86qEK#{C&V=0BOa{tFe#
z^u;`XJKM~Swmo2;B~1^)pi+9}JbuQ&bHVYFm^q0dU}O!2qEP-sf8c*gX>-<0(*~AZ
zrqJp_d#<K%HW*vta#2)zLAy6ip_9CPPr}?3d*0YNClj-0C!57-nZb55cSA<7wi!vY
z%gza8&cDcD6c@(Lubcx0YZusDLG#?OKP-V}>e@hs!oz$$*?SpiZSHI{C&cR~kOU^i
z>PveD-%D}GofS0q?0WcqnArW}d|qUA3TzA~o3h_n<pC`tTWLM)&bYkkA*GQ$t2~U_
z-Sdz{E{0Hs$WIh;yMj~dkQ|X<Lv#K_|1lAdnz<$?mzudI=df?a0rhww^oJCMvi1v0
zu>C7{R&X!C0W06+Zh!;r00+!`lll}>@7e$k+$!=-(s@WqpIoTs1HVs$m5;FUOs|!x
z{wLP-+*4%n=G33V?u>UCKW*Qm_8y|l_`FNRq<7RIx#qt($piY1?`yekg?|BtrB}D6
zDbzJ+CM^er&Q1b<IRLE&ppZI~=0Cyb@Rjpo=fHFi7+aDR%4m$bOrhz6W}17z8NKpx
z_MX&hNAtNf4=XR`MYp(smge!8^Zhy=Zz=^~giJgT3=Eq|Kbt4^5{w0-#%1FAsKy1f
zd?XlqTne){+h^BS(Ap&M?{NXm1NZ*G7|^yzu-%&DiMT;qIuA*}&DR!LOn%rc2ge44
z3>@p-o@_AE2SBL#`Gqn2wIc)g{@=ErLu*zYlD3~KtpxxXOs>P~kW3SMxChrEVfOQ^
zI-a|0Pl`fohA6G&oq5HLNeXq38dGvOO=0n}c~<kST6@it(YNM~+Uk(Z$^~PaOQ8%a
z<9nM6=&1DAvlo?O57>oIAi2e*Q0;|<D(fG&xPaa=l=aPwf_Pop3c7m68YIqhQ<4Nm
zy4YiuNXMAW*!$0Fx&3v@*CT;;={#!=O*V7Y9CoJ%KU&S(PC}F`9dl?!NeYFbV@mFI
z$f2$liD#JgeWp00kZ$hBSXGCl_&*rZHZ4?-fUeG~LlPKd&Jk>9eaJaSaHy8&<zYJb
zY;Es-#ytO8i)2?6<v$7CWBtbaF=|ost~*z7R|<4Q&I0W{H)t>ILSt7lba>lPv+|X;
zjRVST!$q~+M`SjF(e)N_+i+JMlE_3p|IBPgNW5>ph`+zJj_0Y3jI{IdKAZ&FG53s?
zyQ3(xF{b%T)L32K1*I)*XAWqo%u;AuA<#@w=ONa|*DX|+f*v#1;R7)9h1^+-grAG)
zsRyh*=Qks%5%$4Xi)60Ydvha`BX8#eUM1bX2jIYNp`%{N^0${u{#t#CKj{f1`Uxzq
zY+k5-B<56pR*U3h6y?wBc>lUh<RZDO7RdlHk2a$gNmQH<EvrRxmYBbpR?B^pOwf1y
zk?GA#3)Ohs`I4^ws+pf>@7}u^Mfs3BBWUT!>%xAs_Q|g;ZD}7kpyllvF0)mLa#3)h
z8UkJ2geV`ZHFY<kKHXd^&ds~!AhQYGc48ObgUIZ`uv%^p4)a)YJ8b9Q-c^glmkyI+
z_AW|b#PhQTbhRqD(6sxbnz@h7Xm{2iVejJ0TV=DGkz^ps57lwL)<*f>^nFp3wPzQq
ztlw2VyHNcgit>>(h2Hxan&bN6UdHv9wT>ZRw3~K3(`@rcRwH@R#n()jEqapK;7@tJ
zg&j3WUWlUHyk?<#RTO3K1qzi0^Bk{RM2=T;4L%Kwk0sd7e52}j>^UQkrqDoIxS07H
zrk^wbjQ3oof3%U=ZnIw|fi^eC9<yV7kgYs7&W0K!XGKvq+t4HXYnO?6%`J9*SLS=M
zSdaN$RT5}EwR|iaH)H4-7-GJl^^T3Hdqf}kzgn>mioJLCw--5vM{AHYbfL_!?&q=6
zcIF4LHgx7;WxfEz$$SB49#-ZL9A)|xSg3Y&@$XsLQ4ZhL<WKmn`)iSuzO+y+5p}h@
z(}U*w$P_=kC(bj}BDwiAv79Hc?5suN4J=gu*~R<qwKY8d(7Clp^q0`?Gmh9`NevQf
ze@I{;k6S7S@^Q)|)&V2QU{t*m8=nWnIc@L2aIqnDp-2MbF5X@nA&KikX%c9LLl<J!
z`u@vxazYJ~`_R?}X&IjvXYqMVyKUg@=B+`ZcX9n-z9`cVNdhe(bl_`5IpEL->&(~w
z8m<q!5M_qxOGNoUHAq-JiDYv*dzUb#<GB@%ikPmcJ7;8ui0QI|Pd|ZVi)o9vZyo0O
z*i1XrQH|uU4u1begufO=)1Q4AQQlnB9n+b(GU8&ob6C3}%JKH58gzBbT5fYruI9Ns
z656m9UgqFxBtIl5)6U9l<Yo4)MzYt88J~09p8!EPu22?l9cQ-tdRNO)w-jVLVx6Bk
z>2?RpCM$Gn0T^Y>juhB2&CUXI9(KFu)e8C-7wq>;G-HbG<{s70c}x*LpFjIkHTa>4
zKWn=PH2tVTnGbfX+SHQ*{et5qc}Z|j=^3CM9p(17xpT}o<oX&U%H=#aoqh}WcUAK^
ztg^;DTOSPk8A4fAP~_Z;>fB$%V#t_1IC%;3yyb(@R;bWsV7622{RW_ckv-2L_(p=U
z8Dh`Xc}Dik1sOTJ=edT!**(u&_|EQm-oj(%1k5Z*e4b&a=})m3fQ_{QYk$Cd<z^h<
zn$FwD%#Be7##W|#Om;^VTJ~B6eX9zIZ|?DuDiK4N-xf`$Y|OdkkNjIUwjG;m#*5pX
z=Sa5{fVMkLp*008&QR!HYtIvtmB_0XfY@=(m(A~_-c6EQwpa5u+f8P+_{Q3IQ`ZdU
zYcf@XrA1FB+4~Es2fG$AxlB$4dcR`tuev@J=;RB)uzcCQB|tx_LbA6+p^?X!Pdh^F
zXB-d&H|J+xHGf~SJhtt9`Ctg_ADP(mW7`|@!DzP5YGlu}^KJS;n>u19ow}6Mlajz+
z#m~f2j~9$cp+fUu#C~NmXx-mmW`AGxI%rd`m`OX|==ptQjQzdmw~p^`u)lBK3fffP
zOgiFkJ-=6q9N#Ymt+&1rqXUz<4zzFMI<VIb!Kb%!9gu1(XdsE_E0jiqwkB1fThC+V
z6lx3-d5a*{w{gl;A8F2gY}b<&YQ-@6NYL6#fSy@{q`gF;Fp{;K%k+KN^Hq=Y=S*Kp
zfv<_OI#~Z55s91IsEzB-HDF8vzIRU&enedrpWBPLrC@axk`&<=|D_5^syN&GU=_ay
zg7u?6Rv{Vk|2X^d@F<G(|F@?n2?7E_LWd;EOu%DN*Ml6gxTcd}#&g|m8#$E;AR;Id
z4!KDO&`AQUjDoFzn+c*g1MZ@BR)X#_0oV0hSrm_5S0@RF5D!AmnjH0es;fHPlT0Ar
z-yb|r=;=D%>+`;Eb=6z!{OglNMy<c3z~Ukr1BUqIz``Pu?_AhULwrhLP7$roO~xa3
zFtZ4&#0GwY>E6kCFVVQ^t>d_2q=P?x2`I<nKsgrMZI8WGc7!&0Wr<YrCq*I{N7}tg
zFo^LzNOai_+8%;m>{$rtcl_=(Z$&$aJrhX2ax?@4FXHLBEyr!%1W=@@f5K|Raa{2x
zs~_cMc}HRq!{B|9YZL^(8u*kzQJjd1^mpR|XEFheF2d>=Vxv0$VgqN&V*Mk@v$8z@
zm#mgzauHUEPhV18B2|<rQeSyNco1a!V!CR0g)B9^UeWPFKQr{cf>n6EXT2su%lAcC
zz4Z-(zbS!RUc@TVtH$*u($X?kla*jb8;Jo@0><;76|8>A&h!v0I;&8uG0wD}Qt0_u
zf=9KAp$jR2kb>3bPP!kZgy0u11jrm<7pEEfzz=p}p)WjGvb{t)?o%Y92d_XRrujI~
zM*V_y%+_T@p6P4-eBjicSpVrPKz~!PdTLLe|8$m!7GOG8{kLc0{C_omd&cGenf*p=
zbiYDv^b(Tyu=R#eHLZ#32wao7ldd=DJSXqZW$!EHhOMV`@x7>s{x&^GaRr#Y2SZrD
zgJzpz*l$YUSp};H7(WfHCw%|0h~{OwA2^CDPVp%LgLix{yd%2v#SY55H);O8-@qu5
z2buI+!+cB72I&L`D^A@`&ko+kb?Fp&??xtf#}4Zm!WeyRh0u5h>!;lY8j({Y9}^(C
zVtGHxJ4c70uhj&%Uz1re(BvKIdj#uSd;!uqwpZWi_h#1b&JJ9WZ1}<7bDC9e2>p$V
zOQqxc6lpobL{TBQL+w=Uz(V}S5~-<7k@6I}cdoCt*Z5qCw9ThTp-wEkT}0Pds#*QH
zs}-z1*olQItFLj;HA~wbGv3I21+)l%G@JS(+g{TjJ+;T;i$`00@!KF@bxj_cbEpgd
z^fOw<n5WcOzuxD-Y<=9EAnmi3-Tgi5@4BDcUv4*Jo$MDu-ZM}{aW7K*e24itf}t!{
zqkFxre(sO-e(Y0avHsdDKwA}xkEhD={IyxS?6ik1d%Zn_L7yLqdmf1s^>_ywMfB9*
zn2oKXh^}HaB67Rch-iJm#IolKvFiShHRegyW1dhZpnVEf&t{6K^kk%e^c6?On~I0v
zU4OkEbPg!e*-SwHE2Q^nllJg6Xd?3$BJmfSDZl>9!G7*t7b5ZhA>iur_qtGxP?j_U
zprB?xRPKiC@a`dExV#kPh!|^QbXn(|q;fgSLttL5Mb_7uvaYHF`ByjQA^#<u;lsSd
zhZ(Xyb8TFNtPdko)@QDD`H!^Fxo5{%;@ZO?=UpnIrw>#8x&0DThpcg}l?O^Wll9ec
z{#v1*e}p0Ht6lzD;SRs!6VM*9$ogp}>!%0DZQNt0u`bEIh|Gzse-%a6K@#VFZp!-P
zctAoSy^|USb3NkRRvrR3DD?MRhI0`z7hj6>3GSVs(Y4=1UFP|PSS5T{F5@C=hU}vJ
zBC<_kvYx@E)U^p^NrgNVOyIJ^6D||OMLv+N{Bi69ZQMI9gl!}0g1_iFAgxKm@<NB5
z)1TF>18>cETF0L}FG}I$2&`aooSDq&awIe!7{Tdt(!X7?{zRbt8U1jUeo_XAh~_yI
zcXF<#eUW^<IhE5Y^>yOm0q6KUbl(eD9SKlS=ip?w9b^|M(#iQ^B^t$hYsQP{6rVii
z1fMd7=BFb9{Ce>Ic`a6hH*smz{0Kcq%_yXG-wqVg^JdD8T!n$3t9Rq{BE5D~d{>=B
zqBr7fPD@d-n)Y)^M9j186-6rTz=HD-t@U%YF~2lUcD7;JnMG-GvgdcFbFv#iegqWh
z7{-G02yHil{l4*5PIh7}J9BBfVeI*}x6*bVP^9-T7P@%y&k3kMduQ)`oXnB7F51>^
zJfBS4?g2%rAY*<^$81;W?*k^&F|P(idL3gy-drLj_!Oz60}D&Gl}Hu7zQ=j4j*I&x
z^4`|xsZSr@L1Pmuzx8hbD?lTBKlD6S`!cq?r9_(Oqp|i?9a!inq_IXudvxEntJL&u
zlQu`kyP40KzU}rGEO_^OOP*K;^3`%4a{ak0j@NyVG3M!RzHQw;6Yox|dH&qjd-}Gj
z1t9weil}4(%>xYIMsTz@-{yOW;@uhM+y1wf;@uhM+Z+obeOt+3KxABkb8`&e_O46!
zZC{Hby4r$wJ`3heUTNapw`;H(`g?TW*0h%TwvYbNE%%!m>Dz)+diu7j)|$S}_jaUj
zb3fR-Z)+9Gl1B1SVE8p|TBKhiJaXum2X)FzJuxq|2TaV%G%>I0e-Mdzlc^4^`^u7w
zAE)zL#c+6>KChIz5SbH@IZX@i9x^42co>sCFLGYuQqV|joy9}JiMX<)&?w$p%O~m>
zw!sdUg|YypufZyufVAo?5fKavxd7SM>i9M0>9uS>><>_Z8X+wjJ|Au{=XzzG$wOW5
zHo4Hu2J_CBsu)h6-&sDU>nx={&lf>+H@J|E+MyK61=PL-Dzb}2e{HUavVgCvUI+3F
z9_r>j39@*ph(;`5**Y~2ylkCKKj*p&B6A4H1I=A1K1XCf*dqJjGSD{k7ZI@)`t4<e
zzW#7>Z>)dAKoKc~p1pZ~w*qNaemZ^&+NwCXtcD*E_?mr3dwdO6zi*>4ud((pcMVpn
z!&q?a&PA!A8@<lpjo$mWQ@c^@P|+9M+4@q6)I{*H9SbC%F>;lQ<uwLgu4$*=1#a1$
zYdJTX7&!7Y-77%mvU9y@L%(msLVqT2J&)L?uU~Jm=2D=z5E-``==saqvRJ<{2LKVB
z*%9X_b2;gvXZPl<q37w1x!0EE`OoZd`A@n;G_e=_w5>7mQ&<xnKWj=%or@{9;OA@;
zKe^{XzG`kBdR6UPZcwu=GB-H#oUY4TB65RAS#I!X-*bbY7?~SvUK5!cgy!|k4am3=
zxdFq^?zw>#KVMj=<EMVUd(&#HiU)h*Cz0(dYp{CDp-Ai$$46qP`!|s>;@7LG?Ks|w
zT>pj~%A@~su;pTyS)LV%O^!QF%ybm%__)Q2nc`0RtUG3AzaJelQ~zP{sYmF%49s*!
z!OS)u#_S%F9j<z?8<x+dm|1uM%zSJOR+Wz}n0X(dw^!?X`^Jo0!}g8;3n~u&J3400
z{M?-DKaPV&`1c<Uw)pI#j+fcbxb%Ch>_f7{MYYg{nK%;=&L#Q<D7cBzH~^Gm`3){q
z?E(Z}xDc^Z(!Tm`K%r@XLb)PxKSi;$#zpI|R%eQcQ}ungbsu>sp2jTCZ*>q|&Wy}`
z$egP0W^2IDgS@Msh-UPIdZ!oUgFj~bt@Z1BvjInx^+>lJw7meDoB3cj$sI&`Mv-9h
zsCQh5@Z3I-#&BoHgO1B*$BRhZ4rvs>lNf#{(>-wvyU9Dsc1Ww^lLM#uq`)Dzc6E9@
zpt@`O`(ZU!PmdQ--L-f5|AXl|W!-o{XYU7uR$;Ynyok=;FCv2Rj{UhP)qS(qDc<a@
zd4byQPRn<sq2a!*muU4RQpGEZv@J~gOn#pB^%IV)K|YS*LvR}Ilb=|^)*?xKy0(vV
z*;-g4rL#5#WIpfaqEr~`b%t*C`lHZz2KAA~8%m{#enpzj`mEVz(r9f@d_vkHx+e99
zFcz*^L-C~sVZoqB31cB*J<ti-Nj^SctYvjy<I?M%g{hp0zxS-7abkQY-Q#j?8(q66
zzbWjuD(1JzvsLWbfi|`V%J6#WDy$k<?P<e8_G-G$<!GS((K-*}9}VAliup#}FJ=Mi
z&aanOVbv->GRB!K5nURl^`!TQ>Ao5=H<``t(+)bflbL{~t)@8^@zon;kV6Ek=0oLf
zeg6IRck))zHNoc?O*yNu>SKQ!@%(RB(RFx2Uu=iTqf9pD4IL(rZf4I&9^@uI?U`8r
z$t*x$uVOy!nLPi=ED?#{fY!#x1X5Y8R1TD56WXwFl26uSiD>%MxTi!~TCPa<g-se$
zEi~3W403B+SyF0;N#7tw-_Q<vpHPU^!<oC9u4y>t;)*kTN`Q=O)s^0IN6k;?@M|`Q
z=9O6O-`BjeyhNH<u1GHt9bQdy#1F%)2G~lhUdPt{t5;(6%Faj~`*x+NV@-V=FaBjZ
z*CNEupE6l2WwJQUWTE`4rz~D*$HLvrr~AWHF1?M_7%q_#UR9(%W56Fvq;#JmO+%&}
z_ph?ZaV3>w2Rjc%e&4y0%JHWTEIhi3eh&zBi{*nHwf{TA`u>_NhMgJv$39z0+gaNv
zow(wpepc9~k7Hm5;a}m($o!wzza@z1FUGvb16sF==0PWk&)J4E(gv4G6ZiDQp5A1%
z6H#3?)(U45IkR=bUzm<PxDu-=42Q^=Q&!S-ykX2vC$7ZmUprVXA>QP5I&RXx3uLKO
z&c=5I5~t^cBkkbTRn!iGPt$KAhW%aayNK3KW&T(<nfKO4X1eHR^b%h^mdTv>;`s|f
zZi_2RY7SGGlix?K#47piG~+|^N~})Q>zWMEe;3&A?HyR~t)lj{uZ{A7(0}(<lm4K^
zzw~OKY>t@-3!7G9)rj*k>Z5%(mPk#nDAFsfjK+<zeudQ<J-ac_@7RPZYWBwZD~TTN
z&GS1r{oD5z>zz^gZ-PwTS<T+Du0MplpfzWSh{U=iMjXEqt05QNE8|#6^>Eipy4Q&4
zx#M}Lm=b_A#M=Va+GLlo`TcVRR{s>n!XH*qJD=0myDY7Arj0I@w!KEbCzf80wQP>=
zUC!nJahKx?U7y+aL6YaazQX)QNb<VxTO)nLA67>C24!DQJbJIakC@j?^>RY1X`?T$
z)XxFwHX1C)8EN;HN=*Sp67WU*%`K%;g<p~0YQ@3~9_j)OSQal$+Bh{1ydwsR$hxj@
z_9DE~@9JQDdka(g&s-blugwK?8KeKqwJv=vBea{~SpR^_QuC`7u{hIrv)8HItlPKi
zc~ievUmCe)(5oFX{;X|{#DU!_**eaazWGBP1AasKGoSH#><X+NY{$aiR#ICW(MOqW
zy}4A{=2xVzTCm{b;9Nw!6mp>&J~2=Yu*C_(yJDs!OWf4mzm%-Rs<Ad=#7w~!EU1jn
zAGcwF<Vs|Wm|o@;|5k}qQLadLU@VZFYGfN0489mKKyhc^uutEQ5uk0-FcwbpDFHQ%
zg~cl=#++93{4cSXpUCy{=S;blGTgc#|CmfKX*FZpqswU=Hny#gc9TYB`D6<g?p;ao
z;LWyf-_gedN@99KY$<d-t{}7!US4A1K};|D@`Xlu+R%xGt&ATTY#+p?<&<Xkquusc
zO$M!neTO~}#=^W6Oi$m$6+~C8x=Q@KF$bbA$;MqdAfg_+%Vb!)Bi4Ufjq{&z0s7~1
ztk&+x^Pg5-{xdESRkZYtcWHm7bY0zoh0Yb!pMKTKawc)C*XbCm+v~J#rd+4<eY965
zmuFk39)8r;2S3KzJk>(i1@CFY!q+QIe<rojxsf@od)A!OfARl8pF60|DV;3tP;T-%
z-8XrOUv@G&iErLHq$i!d+1wJw$N8Of-ny-^IK$}U^{zV^X$*1thW>sBTPM+Dg&Xej
zE30tD>A%GK&+`5J-z~@L>A&Rp&*q9q;Xo_r;2iNmR-fx!39|lvE}%bI-naT*m`8mt
zd5`$sYnEd*bRYG-*~_W#J+hqoUeZ3a5Gqh9q_yz_0%1NbFoMxIrkU9&nfo#tzo>0k
z*vk01r~?acET=lIyhU}~8kZ3rkF)5wb&XZWLp9D%_<G7kadGH!tPbxMv*~NBs>^@M
zC8G9bEEuwhxlp{vWMl8d!tG3#h`$=!O6_;&GG@OIN7}D40HQ!$zrnQM1csq0tysY0
z0c|FJwI9^qBZ9ncLhIXv)){uFCv*~?!A?pmp|cj?oYQxicUF+o?RgdyZ6~~?Jov5m
z^qyFKUHPmU=f7lyN%K~BsnoPrkqq5Cy(iCqR(1K0bzp(W{_Hv8)47c?14VRa8y2cv
zbRElgBgjVlKy>Wv3_u?*$LcADeMHaB&JdCKK;*Y`@lMdH>>>*Bv4K;p?X3$%MB0;B
zFidRF(mr@MXyje;TU)o^91obkwRii?y#y*wS>`sH%+31y3aGH|_j5c<;<DJT^{qRW
znd@7rEM_J;xz=mi?qyN%Af_9R#y?UjCG1nAwH+6KH*IdIl)g`q7WXlKZ5%{%sed<N
z;kD(|C*6*S?@kQ#8K=fmEPR0FlINeK^o4GZT&MPp1+A6oX;TZ;>C^1p;O*UX`q!pT
zf7xP*3s^j~t{n^dncuY{DnBctf@f$yj=Mn{^9<cL*tK8qCeY+dN~NY(FaDidzay-P
z#t+2j8vgW>K42?po6v!Ut&AU&+p(Z7qj;t4|Nrx)))>(0N1L9+>aROVY~6P`EvcZi
zeBFcvt-_>>wEYlcAwHp0I=)AdUVRd)e<g8yCZI>y{Pq0q9ZG{W9<kC8W5G*8!^vkT
zW}ezZ@lwZ*vVQ*epJd;o7;jHLljlFR$K^j;c8C8T?M6J5(6z7d%VnnjY~*7Cp++po
zLaEfWN0Bz+KI-{BEFWpY!q3a7o_~!Zbtv>lwx2c=v={#vsY9Vu&}3Jsv@M`WPxNt2
z?ebD->1&D<ZoKgO`uzS;A|2nQNWU~<;r(UQH(k{dIllvJexXsI6?B_lFa@+FRVC84
zU5ezwmUibw6fo$z0km1&+WC?}i~qDln)vdCZG+75gGMaG-(M;%-K$8KKZ(`rF&1_(
zUe0Rmxz9tN>#sn|`y*CKf7br3ealIuQu=F(w7(Gx#&?bUkFe|;D59jtME{2f3-ZKL
zY1>{!8iKKq_C<-*bb<MjxxRD(p6fpA-z8GT%Zl_|BgLWrEhYIB#haFvUTDb%ZP>+V
znOrIz->XP#h>kMb`DZg0{=oP&2Sv%h%<s80*4Pp2H`d6A9i84obNtq&EOy>QbNo|{
zea!u)QvW=;(Hz^bS>pdm96<UYzP<|JTn>wKoWWc5xfuPCc^LlwtlH1tZy8oezs8)-
zs(1L0w^4qUSonF4#V;Ey&+?nGK*l9wcE>NP&Ka@Ap*C|J^YD{2{wH_<W9fagDGNn(
z>rFIHNCM?qfTWEdw@`mHXDP8KI_{)qETq+yNE2UC^jcSqKa@!6uPD-^OR@SG+uuxl
z#gwI3UDAiW-;MTCsp3^d;u`6CPfaGEyOz>5&;@Kg(Xh)2OR?%^>(9jI#HB`!%#?tE
zE#sGBbyBBEtH(ksvHPyOcXI)SoRnS;lxM3m0ReCu|J#a%#xF{wTZ}#A;{jc@G%{{^
zqXP?Hd|e`??^dK6^cvB&Kr}kLVv1jtN=>gR(gzKF;75?s`nLvpHaFrtgab4^2gm~S
z@1-mU$P!WT3Lt*v=ovmKP!<dIvEB5tik{&-N@7zzE)8;C5}VfW@c~0;Nql;$jOyx{
zy>b5hC(ZaY?P01zhL6(MEB3nlV@OW$4dug6omg1%zY=NbZbdqK5xHw0lt>9LE7FEO
z@FV_jCDO!QinOAkr@r&i^4wW$t`}KT&=O0fgx3^lRs$B&Ksoj*rus+t8(2bl`}#%J
zhPHk}abM~K9be>8{dD!^-F`IIy0tI*l2a;83@Fk~4bd@|*pZtDtzr|!UH!a+rB9-}
z#+qx|b){0eUy-h8h>k50YZLQJrKS56X_#e>x1!!{f%Lz1OsSOMSEN|hW*fpn&E8o5
zum4Ebk=^&=^zQAu$BPlNPNnfdvE_U5+hH?TytxevY2Q(uyuA|(y6p)4{6qi9Y)81m
z?|urWUkpdP)}Llj-Fhs1@ihn?d#BO&-QoYkngwf<)u8*Dqwod&F7)sc)7}*h(q6Ls
zpJV5d3~UH5Hh*jEB(Z-|z{v4qEw<Am_hELP7REw+O^H;oTaj7_*0H}EJNibqb_JD7
z>i>c6C9DnC(6dd$`HR@{1Eo^MUPW5i?Y*r(mPkuqQKWh2>3#G@ZE9y6Xa-)^^2vdi
zKKSvIWu_mmWqv$ucByn~Z$JO=rPPm~EX(uP?s54~?Y+Zai=x}3zV5<<_V0~YCH;~A
z8}S6;g|?tns@SJUhE9_C{N_9sLeoTD4{8@j`l6r>(vp@$KD)LZ3k1vS_Qv^_EvDaO
z>-M_*M{w_Utz+%urP8*2igd+!sxyQ))_KHqlN+I*(ES=R>d(K?bv9e$;AjI6f%OMn
z$f${h=G*;Yo(r@sj`8DXF7eks)8AkF%m9DwGXwp#&s^%ST?Qz<pNMR?L&c#as8?oy
z{OKr=4_yWI!EBH}y$a+*W1wES7UV;}hWh-2AWs@AqFd5v9i@pkh-muNA`-6^Q79A8
z1EWMVWu%CvC5uQDL=+kiNE{}jP!^yGgGID*CV2Jxu5tmTFUIPLToE~BNGk#nxlhr%
zqly3`>ZNmI=-yBgKY-%~@9a~63T?JZZfjmwjdVo{WhizL#ppH7?SY4<k~kyl%g~g_
z8tM6|pgHt9EVjxbUPSKLY&s?%IcD`$pskMOPz^sUK<4Yjc)v4vwfB?7SS5P=E(b?z
zvqS{%y3o44E>s9mS9H*YjD2FWAtyY0NOstH1<1kCkggnbp_=h@e<AQ7i*{N^fh!DV
zi2dk&_l{Yhy?(iV=VX28W?H*3J0D~*MXbzD6e}IeAyCWiA1}X=)^RPg!%c7#$kjYQ
zhRm~lF;>Y~g*?>xEcFz*5>^)ypx&Ji+T+P=oSWEP_%lGx=jlD?)ohHa8}xhJZxU~$
z_39p9LTM-T61oY!Sv+*@jT_D9ghvm{4(E>m*?j|~?>Oi}-`kSwLUAC6az$NsBVNcu
zS^V(2U@XWlb8xgORz&WvT_`n<uDMnVWl3281>z7fTts*`l+1a=B6tF1$1wW0_yov@
z`-{jifSqf;9OSA&B619-eT+`bK4?$OK3JVX+dGGe$Uek&f9#N)&#xR}yZ;c_=W{6_
zkA&n!&IKR`uOjV|7damX*?F~y%Ir`;#whCt1-=51?I2cO31TH_mz@Oi3_H{Z0p#~n
z#Agq$w(Xd;7^{R9_XtSWbp;eDV+pN;O!!6qUz;hS{9|0@#q_0m7|0?(TH!ISlC(_)
zMJn3sLNmXlZMPnDp+h#4=eup$;oU>!aDF^%_a#?ZZ4;6EXKG7&-6-qb5~D%mco8l8
z8Ib!tyC1Z>?vDa(`FTK(FJ|{-=Y!^Mj=aNw8wJ{uW<ayqJ0Uk{?r`Kg&Q#FgRNM^!
zinJsQ$lVDY(a$}9rk{I0GzjW_SAe{k1GzR6(4nDF-^%lW7M>3@@qD12=L5|=A3!`G
zfd65c;LNE`EF6l3dS4vKhx$W(`Dl=PYtzQ_f!b$c{oj%{SI}C&hf<-w{5g;bep%ZQ
zEF-w~iJsT+fkBJ08mz_{>lP_e(IAiX8-VzZ0<4l4d}Kd(LmZ~t(;Fe)7O2VvSxgiw
zYk9ak5!2s&@$~oX2_WYui<Q+pclWQ@S@D)dSXEBpjGV=aR5ZdPjRJ@#b0IkUS|=8)
z^QvX@dbQj0Xmr+Q0eZO;3j}MA6;Q1Gb0-!)E5Pc9>|Qsbn^!N!>er0UFBV}He#9B;
zmMBuuwI1mRz_}p6IeNA`%X{LFdhN!c7m{O$PY4_)G}YmZnk9<lywM~5jP-T(0>`jv
z;VRLB2fjS?y=_FDcrC~T2M))IXmlL4YvWv?GDHmfMuWWJpbMQC59GH3$FK=uXO5+x
zowOe%7UcY|T__kU>X@R}mSeUe4#^HzjWaPN_y-eHLVo}`*k44cI!4;+vTLv$93&#=
zVA==46F2C1_(py;?!uLrA-4NRGfXKDVI5P7=9!pM^r(p`!Fd!@Li0e50kQHb5G%ij
znEBP;VI5O^0P=<u@!55&Z99Iq2&<0ou#PABph&5UsjgXlL5PQs4Sx{)49h+a_E+gS
zr_fdJ^@Regj#`9OaWYi!pbUMo6AQVCV&$SvEEsrC`Y|wHIU2p6rwg!p*&?jEAAkxD
zl%cCh`(&|lxkZmYT!hv27QG~~0qVGjo@N4S?!dyB0<8Y06ARZAV70mv3s)7;Gw-7d
z=sEai-WDM7iF+u>n+AhSutMwy@?*sAW1(LBEwz7+2fY@XUQf((iC<et_Z*P-H;)9F
zU`l8--5*Zk32cM<*9TBN;vDS!+Uh*L_S?w<tOjFg-M7#zKsNxySLijnZGk_reyd1a
z!VjnQCO@Gy<Gw1uYUn;dp%kc?I6y>%pGN(jLu9;bK|TU-^dA66X9aKbzT&&gJDXFE
zog#JvaFp;q$C07ed78cmtJUpKONRmC$=rz!iX%l7ngK{m7WIAF*&DO{)f+F-zdvRR
zBC4JQ=t+a_B&g3G8cFZ<_HOhllwN;<USo~Y`v^TtV6@q6>(*uiZL^c`=o;2$KA;#f
z&nuwb(TR0ztr`+J_G9e6pA+lv^plt{G>OKDq4_j^Y<uKxfAivd{7v8A>u+5qq9q+z
zAhD>(QNKW9QDP?~7UkxE>_`()Xc-`JtcXI30f{$=DD;Fm5B=R#s4tpLF`mp(yjnzr
zK5>+Yh+Ow!EIhvutGfym$;o@9Bb|C4NNs@K^+06zkA+yZEm9<BKaX^<6AK28_^z|y
z$aRsi3HM(tzsF*eGJv`bEH=sh5AHQK$^VApi1Rv2Y;vuMBT62_5m#hvQvMaik&q=e
zxwSx#P4)-B#ObtdZBif`6lu^RtbP;4Hfvc7Kez)6)eEtj*+KoquRE}CeGJVD+({t+
zbPnsXsNy2!dv86C)RQe#Plgs?)o19|GWzaMzhJqX#7E*V?|T48YxO#IL?4HHYi8NJ
z8yp$l<HcC@{fsk;TAtSTl@YrM61!pkD78S5vNltnbcX24AgHejVcALK-yiBl8^sEx
z9m^FpSR+{BY{#-bejV25uFo}>?wxZ!M(2BKp~V*NkF<sB&vv76A#L-Gwauh%_VYux
zHcM!mPpoaGMYj3rRJS(EX`4d}v8wzB(>5~zecDO)d%v+z|NgGyxLAhucq9KaEWf-E
ztB%jGwzd-sJSb9AJKbCS%0jFfxF7V<_nk+vtdco>hP4fyB!^cdt^*4smLJLdx7&~9
z5Ig&p1B&$h6ZD$_4AJ*d>`x`R!Cra}1(A53hXOlfhwVeAg{v+F8NhOP=^)V1t2ixB
zzsGZgE`QSJM^Dgm(2oAJPol#lZg##)>ueZ#f*o@7ev9I0zim7>#;BbYj00`Q%Q*dH
z2NsCloCMfED|DOpl_2LG4a%|I-Nt;KjVbms$2>7!L{@r?GwhU}3E`p`lOFx<=NQo1
zPT+LC7N1pi#Z-2`x61p8NO?d0RX2HWqHS^)V%2?;$$K%N(HIN!7Sg?oPF_T0o(|(4
zbiJnNh`<9+P`giV#TmO6D^mUy9%*w27N%dM-5so58^Reiixr7W^+<&sSoqySx|gMj
z-8B>Js$V)hFrM(O9%rO3QKa%KJ^FY2nM)O^I>RF^?7+ghrHWK_i${9A0}EYsS?>e%
z=>qDbE@$<VDi$!T+JZAaXR+~q_DtD=GybK=kV%WKJOW<lD9-DIr?ziv$HGWRTJ(=p
z&Ko=oULPpiH?un%%UN5;=Q!h2*56L{EOZQKe1NfF2XWk$AdV|(@7eb&oviP};0>m7
zUVx{zzr^aKmM*}m<Igzb2<!Lh1z3eY<BUVJ&lOjKxME2=tsxjnp)~}{Q$QoMJ0R=J
z8lu}NRL^R8E>Jrj(C810dV+TSE{d*uT2g`;+5Pm~w!W$#Xg}KY`w-sn#n5=PDAvq3
zvRVF>P4cfoS_h|gF;pH~fYsW?Vr63+7IeSn5WKIf$10fz{Ds!uJW2R#xo@G02RR#P
zjA-BrbVQF2YsLfWSb)`<@sa!J9sB4U-dupyhdQue^k<D--C-=(VH%enWi??*e`}sF
z@r?BAKoq06b}TP=f{x{D!`cZ<&-)N;>)OA+%%uG}M*G`sSg2W~NcqD&(nsxBNL{Q*
zPQfGnlgUY8cWz`4GVAvn_iYe4)$p7?FT$&w4`^*vLr!`f`6PB{1weguoGB+alM@$f
z=6*AIS|fcX52$7dnQL;OdNEYaU4Yf<#bV_yi=4)<r}q`W?npU7ER|C>-*fGzH#u!x
zfYpfen&outyB1)zUq|$uz!%2yPpp1f;uEIN2r+q7wPU&e6IfN+v33Syf%MNYS?IM1
z7nt<j$mn~ljph%3x7grk9X)OE&Gw!)7-%<b>~IGbVn7^s6^P?rZ`c1`aTSOw$U7$q
zt=skeACwQ4I-1e~tbWptg>Q-7s?p!Ma{*T0U}vF$-Lq6RgxYXT7U=8CCwK_dWQqDc
zcGcrW6k`{W^8<R8)yadbuywww%Yqq-vCel1XxGuZS>6c7&~<_GSdbNF!wRz>h3IiL
z;hkOAV=`vwajMH?%ouFy$eZivUAN@9yB$}I#8}Ypw_<m|l=C1Lb+hGQd!&w#{E+C0
zG1dte=zNG<V2*jhMb9=CMX_TsjO8CO7S<<<m7nSQVh@}c5a-{xz_jBN16+P!dPCx{
znqhJNRRlMNx%|YI$sB^1#wmYicgO&{3#7_&uSN~K2ZZpPXFM+?aREp3KVqlf6;oX$
zIFSn?avPX*f?@;F$4!q@eN3Ue+)sEpV;#lCU<a;9$5^<Z=+P-%N4DtiSnvOM9IMx1
zERgZ;WcUYPM}N2Car*m#PAsHz$}#fJ5rF;wAaP0XHm`9H0m%i)`>Po)xntNJUonJ!
zd*DPCpc)s|ziJ)=C$dCT<I?@IR?Bp7mac<*T|UX%crH*qAkI(Z`6A)T0GFT0gUIqq
z5Rs47E){<yeBpFm%X>Uh=F=?vA+!!(r}H*I<OUsBUt5p}ABM&G;|zJ$n|vU@8@#aU
z*IbMRoIC2@9jl=09^EFM3(&JFfPAqcV&68-6{X(bZJEXUZFkUGvmrh~|E}TuBp21>
znl)zc&jGE-IM=`1JlF5c1$p#qd1%9Q(28h%Nd3O;BJwX0v_hM`4n~07)pnnyUf6Vy
zNAJ%=CuV|vUpL3TQ;_x!CvB_Dvb5DKZJi*GK9Gm(-kxp6t7%(@XlWa?)N*+q<k9ct
zq4!?s+1C9VHs`69wjWsPeI5XL^e1`f#K9<YPN8js&sf@iVQKpX$fLi`L%SFCY#W+L
z+xoUy+J-Fk6Y4=8eIgIp8=}x#%*H)nY5RkPR}CPK{xJ{DZtmF@wy<%(wzNHG8Mg)G
z(T#b?-Vue~H)&fDTiUi-_#Dg0qucY)gk-KKy^qqiTs$X-GDVaIiuC8luxgwu8E*MD
zn#{hfM%1=U=vhD5Jv>Sc-{Dc}{|<{%|94o=+QE)tJ?jpKhW4yGOxlL{_%R);M1Qn3
zT%0?~OV@DiffM5aO?V8eBnKk&XP?G$d8~*Oqb7lpNADwMHQ0#%IZ+E5`CYhm0>VVj
z?*Q>JTS8fYitMyTLrtvtt%vYFWaM&*;!5{mkd+~HEyXbp<dE_G=TVT?^%GI3Kdb3B
z2;?G?OALzq=EDu5?W>21h#z9RKW<3Q=T{A}-TyuC^PQKnZ$9^OvND>ktCZi#$<<eh
zsL&1t!8M#**bfTCEu74Et<UoF^9RsxKJE&TPp62_628=|w(U6i7(J&*_|qbkC0YG8
zJPcZ9e@L4IiWIg%yur_N^C>?YJDGnR52%hkBR<F>=AzVKy4UGT*VjJu`|I6M(VMPm
zYdliLDn)AN?fSh$)qMOI;!}b^;?)FNlhv2yjVF13F;+jX!&-c|dng=rw7&X>^Xc7S
zB%gVIK2~S4`n5;qV|6ym(Sq~o9iSmz2>fk6R_C(4U<c>ZJ0XaFetSMvf5+<MYF%w9
zt@|0RM>?@k$-x%Fzj5!lkTPUSxZDM@m509P>3!Bc^ev7v^(}^@`X*9+gZn`aWr=;$
zwZE9Urp(~Fbj|k|7olrKo1^Pm)u!Hct$HKXwd~ENu4Qks=-M8tYoWIzb<J7IzAxSr
zscUy#K-Xv<ZVybEk5%<YoF0v5wiuIV_E^R<H{;pA`_41*9gBU=vG8nuB+t0tMdw-e
zy}k1+{~pS-s*NVks!C0si9TkZZ$$E}{4U0`k0N>2F~4`7DR+SO_MMQn3>0ao#XkEn
z{T$PYh2Ct=uJ7^mNKGpgDHUVE^BAqgT+@LC$2GYqRZRCf9qHba9%{diq~7f}ex^rC
zSV{K?N62jxm0QmHCbqu!p1y}>OF0Kys`)to+Z=3xcU`C^;L_KYiJY7V=sMj7$kFS1
zZ5WarF5ehwSD~9htGoizu?tYdm|N(WhtF8XJOf%a@A8u|$XKL*V=OX`J_h83^>O|Z
zIgXeC+KA1N7HtgMtrmT}m7{TOE+F50x&}w`gA=(T67x7YG9Lmhi?`KZCv!4@a%}WG
zcD~5XY0<{XnM21R`SY|noJKH*@Gw74M5zrfc8{5@ZuAf_T)mZ(i9c@TlLNT$62G1w
zBR%)uLS*J>aOr2KoL{?8D6YRhl*`j~;~9Fr<Snq(MeF9=Cn81QD!BEczvg~cH|K5<
zRb9d9b#v}Y<YX8uqGY3P&fSsqZ@T+?$3cinTWTVuEzCpUHv*@LaU!bblLK&zh=SjP
zX0wZE-S@=bCk2e!l}5kAlQ~Vlr}X-sF-P!A(A=c2N$mUSX^^X@(Z8#%;dFnVzaG3b
zxfCys#EK{zK;P3KBI@r6FUbG1f6d9&xgrX#18<m54j_Jbz+u<x_2|5-U^!mqHP%{V
zLg3{$Xst0_KmJ1Fb*CNvoj`0XEf=LK>0YNh-8+!km>Ac)jcr}wk(RDfq)dy?9W;;H
z`R_WgKyr+&sW*6S`re_0K+)gxP|c^N4b1+8+TAW@d&CZMUW;yXjm+lqlOk<Fxg0bS
zJC@m?fZ!^LA&vRIJP)f+u)A0?(yV+K9^gMU`7rw<8rPCOYud43#G;-@vHD;~bo^M?
zZlR+Sbp2OIzT809(S18WCNw!W(f<dJfDCCO^8F7q+dvV`{2$FZIZ%!f`_%i&r8V~3
zS*+Y;@7qCB*nXp`7pgK8w%;i9J!scGO4mD}nyz;geGl^XWU(^LC*4irmKkwyQ|M8U
ztueCW1yk?CA48>;u9^KTF+eP*jcafrMZa%gL>-iaT*SdSgC@r(lqT^PN|WsuN|Q4R
zP1DmNX$rk+(!{-J(&RV~+Q3DOrY1^LRXxZrCX1DbA8~gUp=VJfJ@6`Mp;5eEClP%H
zmF1muPef?wl(2XJ%VbVQ%}Ju8C67{UBYGOz!)b)3b%ZXae?7m0ObJ*2oqmsKVc$XY
z8f|-N?RnDY?;oXl|8@Xpq(AJD<dswpt+`7?Y>@<-)us|-Bl8I*hTdWQn@6$wE1-Tf
z^HHph`xK{5x5RxnvvL2-*3&X(N9uX*NY1qPBvS^n+s!_%pQrCN8bkVVoWvQeygjh(
zut$;=Md~dNi>ON+###*@Kc<>bATjcmAix$QKGyeQf+Ah_G*-uT&@p2k#p*CdgY8kQ
z-rI=<D{ma-bZt(L@#kW-2ac@EL%TMZ_P2WjMCcZXpegKrO@bwk`#}!caw<pKp`c}W
zSrW1DYF-#aY&>-yRw*x%0^iTY>T{O4{LId;5FX8*OZn`39%mF=`2P@lu57~@>)7*8
z=VDdZfzz*M^nN%OtLoc0Jq{o~T6|eG7pqZY%gan#+%TBMmeW~m`K1|KCKA7?$Cin@
z-j0OCh}bgtlo?yXG&8mgPU#kpFX<&7UmO`*#tzB({OTdL`!R{f7tz>~d&G<_^Jkf{
zrDHjbEtNGiw!9j|O480*z+%hK=r?u3%fqW}JLWuk@pybG;qU7>JrfjZ1>^a`xpckI
zkjrCCF7LE4yAUJoVpPDy{|)DG1<{upet4jY)xCg_3!TUW)ZO<H4CtOCen@OEQ$$PK
zyZMTvES_Ms_4RmS57o_VOTBFOGLUtBHR^7^1^RkO_ImJk&c!Mmf;6jN8{W+pbsF!<
zMX8PquM;x7mp?^)H}Jjt?j?sjQi7sLcUW*>B;(l{gJ<_d^6ce9me}EMrp=9Qi%z%g
zh)MVMDoS@~JRoA1GkB;AZKHHsc>#Oqvm8ARveY8~1|ru;9L!%Gg|7PHPaXv=G+xyE
z|K0|5@G9-A%38znE&A;6I`G!G%>JEq-TK$-LM8-Kt1b61ea~pf0#qHP&#royKbn2j
z^cPXh-9T%ef6MX!n`zg(xk$gLY&K~i*rjakHZRsk%?PuP_YyhnMGnqc<B!mLk-i$f
zr@k8cbGolSd<kd9ANMg|eINDJtFMWiljAVGgC(?%e&Zf#hns?<xCkHY3wDd8**s@D
z=sfipz{%o?I2uogpGD3w7-n-E%;q?V)5j(8gi&vP`8AQX^nL##b4v_VuA|@4$=n>H
zI62}@uur?qEsgQ;GP92T*Fz}2rreT;%J{^(P%On)8`I4q%ihT>7N5>A@O2i*VC+-6
zm6H|rH)L_LZGearwr44O4#@mq5h;U3J%*pn@U`e++J3_@imx$4az1~W<?iLPDZW<!
zj+5bP5tWg@@8#s8tJ!+T@7Q|B!xUdfgIHNcaCs(l?R|VDMSOPGYTJ&%bFu1}3F$6S
zr0M~8_)qa8#+-OgtUSplk0E$dyAHhH&B3Z;7^mZn6=QaVBYm`Q8THXaAHnKDf)|r>
zQK~z`>l8D*9qTWSKU+WWNEM1AUDIab51vEu=dm!upUIK<v;J)hX1`_PPimO<@yi^n
z-eu{pj`i2k5gnh_{nf;$q>7&S<lER2pTu(dY|47`4!!K}qhnLfKTT|E{zoJ>xqUsc
z$?+HZ>|4wIeEB~_xBr}4GybvHfF8rD`us&yodx>dnreOh!d6GdH1^kQfb8&wA!4}v
ziO4+4{Um5T;;gB8sOGF?4f-r-#3ot-E|mDL3z4zPAhC`+VD7iq^E8;GuUk|XMUDX;
zGgmtiSC&-ECy%M&Q}q2#8|-jd%fna|TOxg(RR=jHXOdeek5GFj`9)|k&N!}kq{dY}
zWA0HM^n0!NBs-7sB*;bVTYT8~-u^tMvLL?S@=d>N4pzrJg4NKkxQZlDhW@2J(gs2S
ztdSUXGRZMPky>~d6SUbX=XPMhItQZrdX3;H`Ebr&QwOK+?aAL6d{6#P;3tJA49gCe
z-v+XEJwy2eXti;7_z8arpGiD(LMTi6<`Jxl@AZr!h&}E@Sa8hFMXA9IuhW;|9mH%m
z_$S=^+W3DwQd5y4jSFLe_#Nw7bLcxP8@ZSAUC-QW%p5cKQpRx_$-9W|=Dh1d&e!N(
zFcSA+o3R&cN|+0nd%^Vj3zC_4oqw3x_#_EuOq}D9cC}M^ht^SfR~MS{MuxmMN0;}g
zIavMk9IPtWaTOy#8Tv>s@!a797MZ=>6E~nV3T`|f1vmcPOH5<IjlXusjcq+~L)qUG
zH=N%^$BkY8wyawm{lDWz^&^os?dSzJW`1uO=llN~ZWOKVwyvsN7&jiDgH`u;IDOT_
zSe2DxY1`(W_+ba-*k+{b>rtz|D$kkv>UgfFzOH@P)Ysr>U0;tDad7m4`dS{Tui!HE
zHIM1*vOJuzZJtNk8fBfJxy{76yg3$}yANkHm3ky?b<Z|uh!0*!a)3;)6EeLiY~RWT
zF#Y6{t-Y_k%hwc3=^jOzfM`FH3u*gvxc4@Vvpv$pm9&26&N=k`FI%zTC?>H$rq?NE
zdc#FM=P~O7^N4?-SXx@DNU5k>ys?GG8zkpznvK=AHagC)**t&1SWx<j$d?0}GEhV*
zAR-ngdWj6KV>~@I8>`o|S`4+bv3eWnXLT-0^<{dUN~ZT;QRbU>f%$&1zF4Z*tVqqR
zSeV9m@NHY~?`uzZq~j|U>1=BxeM$zUZy6}k-)3X=$OZb?s(7TPRf_aYD;92JV}6Dx
z9cS0l{~sm%(C@?+0_6bb`kK=k-%aA@(402diiIoL7)!$D+Gy)+tPXFb>n7gWSp9XF
z@}FSuhra_^mw`P}2GB;|e|$FcG5?BOj}NT^EzH{kMRpP0+Kz=6n5`!2wmLbi{9@SZ
z<gnwHp0@hjY|~c7!F{pS$zkqDq^&BeO<SEdo7!s2Dx6U<-y<bpEI792qSR2P*BQ+8
z<}zJ5VbPV3TBx4gGaIWPgfCz_o?@wKvm(uHrMf82#_DHb%AY$Qrt5KzDxA^ECj}Dz
z>XDWdMy|y<+OSYPUSBgUNI&30Fl=I2<U!WYbq$*s4%tAa^+xG^5%(~jyZh<uokt08
zdSCCH7|y<m@}<dG?<6*O6=>;y!s*-e`=}BF<$s@m=B#0NT^#{A`z0)w-$wjQV!+Lw
zZ#)iNcVN{Le|mU={`+M1`}}jD-$zxRL)%I0dEL*@bqCgQ((ZlQ?k=NWOxtZ`b1BNp
zL%BxV4(PfA>-}~t6n#Y7jyHY>^A4=Plb9~`1~1`>lkgE(F8WuHcg2cGfBv-#<;o;y
zn|*!)iEAqeZxaGfJWOjdy-*3-R-=y}TxjcBde^D`9bhoX=?`PoJs8qMe0-pqPYis-
z?rU;f)@={TI+|y9tctA51cji*Z!VT5{;_BLX7z8!Td01XSwm$#m0=<zfwpsCq%Hn{
zsIKjrh1JC!7w`**J<>!)k^bI-g;5XFexF5D$Df;p)rMBOuVKq9tlo(X%o+ZF!W`o}
zQp;?LIWM<hp&uLTMTCVI_V-&Cz+tV_BUP+cq^&I%@GWzwzuMS>g>%dv-fzJI!6Op8
z7x5y}*T9YMB-vPdI~!-ZTPUw)71Hw<F$fDJo}X^`>H7fveil|w+$SP$n|c4La*p1=
z>MOe@bL$`x`Pd!Vm(0Sd?`=pYx?sKUcGPUF?)(K;TsoWXOLqJm`HjG!W9g=1N&cfE
zjkI9yuSS8qb4a9&cOxwPmC^Z4iy2egG@Grl=89<k5?Tj*P5T9OV4g?Xwo;LP+oI<+
zQZgvgzBVkBvA*|*v9NQte%DH%JLXySbIHdZsYy|!Yg_1kmb#g=jq+yXel2koXvzQ)
z6%8Y_71cp7JN(hJAZPO;;_cwwFqodN&gKEN@kxR0%N?y^oQT#B0JN`_()r^|tlra(
z1rnDx&7wHoL}bkFuePoySI@-i#BXp${E%Yl_*3S(2bnXpU;)_otovtCxe&g=4$x>_
zRC{2=ENajBM1OK=|N4DrPP#w)!<qDqaDQfVug_%r7yRA6M=v$~-=Q!TunW+C*?k2E
zW@0t16${&w#mWIlzx!DlfT-^%nMLop(a)JW=pNvr5-hKpg;lWxYxfZhwCq1O-gS(`
za!xxI2zG5-E28IXL_J517e%yn8)$~UJ~$Jr!F|>{n(2MFp-eze&Z0K^-s@}+Z6=^k
zSJGz@-!K<}w)L1tT3Qr+9h>m_m1deZziwH>d3u)lZOXTXew(Ver&#);g!)5k3{3Ag
z7#^57lbttuEpjhka8Xaa3Y38C?50;v9#AtsBJkpJM=Q~(QE?)2wwm^nKg+bA0Sl=8
zyu;Sfe>W4W|7@f47|Y}wDvO*)XfbHbOwJF6v2ZVu?N=V@_yu_LP&54&bp`8FDT~~b
z=vV|=i>1&19~?Hm32b9B&2GlRtF!2M_OQOjq1%CXrfCQ664MSQ&5Ujbjv>?z;+P$*
z=@$F?zU%CYeLM59YDc|e$kzXPr1W))l+=ucLaO(HGYAW-**q_Ar5LrG#Z`xAvUOpi
z?}OO>cm>PaOss|qv1Vs-3*}?=cNf6Gv~?aSVYMQ)H(}w$WU=z0)<~N&#()7>KEvYN
zxAIxc^+Keb`yMv!{3mv|Ok5j1qjBmmc&k%6uM?i${zj8gdpWV|%uMJ^XT?)9=~*{D
z-mu<fZ~)}HW@0rWrg#oCf|1QLMC5LxXFi?|f>&{HUVx{!Z)?JWL2tqikF<4-B9*ja
z;TpzUvBk8-muH%`2<xdWE?rqH#c%Fuiw6Ho^RXIc@q#BGt3M;^vx2ur&(mrU#ejot
zv|exkVHpN<8<Pi$Xg~`VPVh;AiEN(NF`F#N$7*XE7TRV~|Gd_sKUUq*>O4~VdPUmU
zbOAYU@JQ*a6=_`)7EUu;Be9R7pHtH9>1dzh8n(t=HIv%Y<4qJ7u4j7Tdnyta#F-{8
ztPNw~pKScwFW^(tt}T|9dKBq_CM>+e{OP@6is{N)5f#;l`h5_(zj+EYg4qwR=!wsv
zX`scQ@<_+m^^QTmZK8VJ;b!@p+HL>zL#AHe-bVF$MjICNy&ZO_zf%NR87!hiyNH;M
zdWnv1LUd0nc4PH<=F{5USS>{sI*y5G)e1^qs1UTY6~wNG2O|9EB+x2e_DE@KBXcDZ
z7cXJF*%Kx@loGJg_(g?BT3V<`F-$MI;;eNZDSkDr1)tbmms&ki!UjcZZNvick1ad|
zT3fL&mC4N6e1UjslSewfT9M8)TIl<ah;kWyN(pG~%X`x2lR!KEx<_j4M&C;<)TSKQ
z_KfofAuLqnM~`nq6S21J0i2o3<VtM(Pi`738FHN38r_!UamCWoVnsU8h=t3U-Tf1p
zSdqy3arip*b=g~6EVP~#Q9q`Wp*2(|gUfsBq;C>vX^kG~`1<JUc`r6%VcRB;^hK2Q
zuq&<OofpxM%h@-n4RpNS(Z+iKv@ftn+O{FGKQh+Z#{WMIFxJY0`E<O;8nN()-sJHR
z)|Sn{nb%zapO(z0vG~+REF5AuvZ4hG@3Oz+S}4ZEGaL1->V`4DGcjgy*xcW;Zw8eY
zJV)hqv>6LLJO7u^*gO6-PA--zN);)i5eqx=ss4@+n|km(>sNWPGvmE57KXa9+W3w~
zA~x7m*fXCUZP>)qA}abwL~9MXEu(VFh$1(*3$(3&^hiysFPtA=+K2_>v!doy8$43l
zYDM~}+2qM122ZwjW^C(*sgv2fLXXjT4T&-@hYK`qY_XJ3+&iZJ&_MAnI0LJF$??B!
zh{U3;vBgsQQ;PIu0~W?J9jIfqZuic>>W^0ZjR*OKVUgH-eH8m%;wqMwmMBtH0~W4g
zeV%T;@V@Q%=RDHHHHxG)M8}KxM~bD2jf%9dLDwt&ENNi_76#>0?06qh*;KfSr6o~f
z``OKr_|dwI`Jm~P|NECk@oBe$_C<EFlu!~KKS~;~@Uxr7vY$2f^a}=!Teo_orE3&v
zO#{mX?*nvn28)636A?@@V_>51T`}-|W(@3Z>eOT4ycu+zU{4DcK4Uf-h$e%3ilyTv
zisWvH)VqU>Zbv?)dr=g+#ovOqB)?dixUqM=yQ_ibm8mnZdS!dh@za(TOBI_GNo>Hv
zD{P)iSpIq<3s5|vBg^y?!&-XAuR9xh#+zFkXda==pgCG-gu%O%fNKU_Pb2wQSN()@
zoqGL*)`zfK#A4B=hp>9FTykhPJCXYpOB0_`q=5}sC}8y5+(LD3>C$3J+tgF%{@G-H
z$JN&_E-jX}J*7x(=ds{+)448Uczg6AtUlV_lLxOw;eoFK3*`N+Qn56#G`eoqoR8G^
zTbbNNnaaKK$)0jo#)G!?iDGHurs#csdY;ae$Zz*URDOmpc*nrKy8*pKe!E*lMn3sr
zvnluIABvRw-&(M6Ipb$+l(;)>WwDg7S&{yH9t*?V)HXVsv9RSKtbQ@NSW56juD9$y
z-!s;d`xi?~pHifk&SQbtkN9n;*2v@;QTHA|OR=;i{XBb~;;T{X-FQCxA*^mZPx7lI
zUH4!HR!7?5CU+LdBwrHaL^Oi=3!}en{fZ^|DMiX|!ouhoSPgyKsWtU4mX<sfxmRXf
z6Rme`Z^Oa^GkWp$w_<JCZ*k@aO;o4Fhp>9F`1`^0R1WD6VKuJ<3tJgq4q?+*|HC5V
zYrDz#(H25)LZJE~s=E^V-r#%)tMfX{KDY)`-bvl$eP63l+a)FN)<cwM!3>a_`4NFp
zaU%MvA$qKk_Aif=UZhCZoj3E%?mi@K6ZL<iEIN>4iNp6dV&RJ@YjnbS<Gx;cPsF`5
z*c!?F$UO{Q>%a^<E;&yz@Fs>kFdp<e5N=*X&V?eXz7KTWDjElxURV8YK!0d3<AWIw
z()b|sN~ivPXmhI>_e^HL`F7Lao^FjEd!$%mkG+kw{ofwM>V@Lo|JIu_e)GXd8F#jr
z{x#=3?a%)pR(p$UKd7hg_#VV+Ut*|t>&^a`vHraeV)bHi&Y$bCV60ouXLPP7^SXe4
zF0YTSOIo!@+O|%SUaY5hd%6p6J=<#=u|V=BqfPpsJkl3y6iIGm_t8wpDjeyIy4L$t
zJr=b1VkzP2$mfOi6vI7T81C8rej~+|@1|ol6pY?qL48j={Nfjnv~9g2&0~Dec@V1?
z^VKuzBQbGFn@5_sL6N4^V<G+`e(?A8k^CU?ocNkY+PYSe1~+2i{DUlx$rMrO8qh9e
zFTagK&ywF3OUH{9DWjh9mtg0m4`Q`>hKSy4COV%IIL_?%r(Uo@zM)t;?op&Gdy)6n
zlN1*(??y{H%k}@)K<hb(Nwl5=mqfp#8Ea<B2z{+=i;dN@m;qc}zFyBFIdJWAtddwQ
z%)^+jSZxlC)&4sjt2Z`ap`6uc_)7uhmDq_ZRyI@l9h;8T3;Eo0=P0gT4dS?*Ml6&;
z(xReKoOi<!@H%0`_Gg-?Zp9t}FN~t`fv1VK84cpN%}uOU#Yk4GVx&nM$+dh}^hR4!
zpm7;ivw0CAMw`e30-d&`!0zc-z1~9G@&dNr*NH0*(cEvv)gZ1&u=v0fiw{(y#Q9nS
z#jLl^_54j{cE0Z%7UU7d(!_2y_Ubt-EJ^5Td%kltE<esNvU{F?Z9}9^Ol0dLlY8?+
z45v!ZVS(r>X<Jd|ks8-TuBqJ7fQ93JkEC^5Ysu-Q-}ncMrG$-&v?L1cY4eMvgiVU{
z__=N|DZ}JP&RyV}CBx*0y0s-ay1Y`6>bk{C#-5^+=cCWF(M_@Du5SGqXO_M?kA<J6
zV^uuRS)p*SrMz3Mm8sLQ`c6|%8snJ_r0McX4s6@zk(R76Wm$EeKJS`8`~98sRM$p>
zxZ+qN78)-vmbP`%fsyC15TDdjXGV0Rf%sWM`>W@%@X1oF`dm1j$k@u)gcs?!N6(wF
zy@A~^=dhq%(Q|zKi@x?ld7%u}&oqJJLRQ`y7)f|^*>oD4*IU{N#(iFj3t44s_(al<
zpN`eQc`R(6j@95h(fJ>qhSjf{u+XvUKv#YGMiRTUih6DOW}XWe_37Id$M|j2vFf;@
zHM5C_F-llOhhm{1n+KW1InG-|#5qArwTtMmgXCeu14gZvvDbrUtz{qz`aZ`kaKMEM
zZBVBO1Y;7$M6Xx;fnKk8oqnErcp&G13k{rxRT$HnSrscHeZQfxFY%LHy*}jOF=m~a
zVPin6Hfo9VbD4EWZUi}fpbJgB2{fOL))FbV0rHW5!$B*wCDcJO$X#uRm~FGif}9@j
zLQB(nwpHx3t<MfJp*h{Cv1J1kYQ+`CT@WFDSb+RCaT-?N1<*)L?<Dad4~VmY_IwN0
zs%-RGl?@Qrg7rFncTU6V#dt+9J!=|Pf6>n{B?NArhSmRKECgdk)Y7%La(JM6P<B^M
zo+cgwO}U`Gz`>U79BlE$ipbXBLfOyIy-xNa+2Nu)KqmCI@d>)^;jxV7M9_9}utopI
z-Qdz|#7=$2rLScwU%B*q1wvy*Bwh~{`Rhf0O(s2WU49G5Sv=I8{WZw$!6HgnzM^$p
z9C&?HSG>9`^t~@hb=fz7ysJOG!z()t<ahs*?YFK?vvo;tP?rO{(~;;JAEmy^P|$Wm
z<T*cgB53RSi-_)XiVx)U6ZLZ}zBEXq&xc1mcc($x34VBh#3UawK9g9zdMb_8YxQTt
z0{@$eRjaO7{eWd9oLvcaxJ(Iim9ScT&OMFRCJ5e4&oEc>!vgTb1T=3t{TAT9InsXM
z3ebrCkvY}yLf{TE#@N=(h<grC5`7T@f18TcU$OZeoQl=EFczlVULqy#P^4iNOeZ>7
z!zYfZ=0}Wq8DPK9sNX7rHvtssvt?L)3qZ?fI+<?+<m5ohJd3qz_N>|lsQe5aw~UQN
zc(8LSR+}-+t6q7M(%RM;T^|qMWa{Jbo2Wh(S@e;f@1gqWi~+gaCZZw|Yc{yh!I|JS
z?%^2e;E$L0C%ThZR~-*>7L2I7_g5hM28l>mzM_@!%1e0Fy-rUsmg+(?F9e7_R`WuH
z?8SbNM&|PatDi#TK8wkH9^>_lsaPG){@yo@-3faey=QC0LJ@tFMX|%s)1Zy+&xr$w
zr}`E-recRQG8UPWgQsW6d}BcSYbTDZG1N(MB5NvEe>UuYDpt?1+A!m$VwLDCy0=6+
zz;vJxW1%vyM7m{%BCTfU9&eb6)mt$ZM%-5-eZ51Gp2S%AE7Q}xomgn%69eB&E|G58
zsqf+G(jhBN1PfRFgf-n)(zCnAtb20^%^I;o)<z+1Y@k&@BySuXXuqk$k>9<~Vm<bZ
znTl13(P?9PM&fNe#h^Jp&^`sLb?hB9g<_$8AG`Y&?~A`Lk(}Z!-qsz8RP!WOiQc(S
zV@<yog3V!7Cp|-S%YN$_qQn57O3x6HHWi)vxz8;%d}4t3S<)|rT*wK-^}h9bhSRV*
zn%TrxQ?NQ%ua!EYZgV`ylU7CQ<TT9gp!VJ3T`|2xaw@lYC+}3GN;XHa26ypjrZK;F
zBj-2k^4{l1`ZVT8`X%!lGYzZloyI<aWL>Wvti8Ve@HwtHF&5BrqU&QtT`t5nt@{SJ
zF(8w7#<O=K_F|2oIM&SD1MPfbz`!%#Ke0x9;caB>OuE<6JxGrU^f`PxmExejZ(fMh
z4R-=))v*LW=sHUJLJ=8z;PmyB;Uvcq^nG#7?3p{se5S9XB|!ygo5O6_odOjR_n7~S
zVj6kp(JAzu`JMFs<9+=>t{K?+wwv95Tn@11Wq@<A(}j#Xj|r`_plCaxoA8;uGj2AK
z>2JNucha2T<EdD^iRc3lb@Q6B>>fN~Bf*}8fg-Z{!&^JCP&uzedV#eg*#6D@66pZ@
z|CLP7v!>9q?gu-u@Zy~%(()aO^ptM5!va=&CHDUf`~5OZ?Ye~@9<cJ*7Yn+4j5dXx
zSQvK~Z8J>27fJ|NZQOW|%*T$gVEFB#W~}3H%4E@hStk~DO{KbA(}9I?50yxS7t=ej
zKzP}%W1XGo>K2`s!CSpKpd2H7Gk8XLxn?R>Ydf*<4C`xgCl;niB~s!}MY^*S3r0WI
zc3*W;9_e{MC=!`#!(^<I_p7F0HPnK&d=Ab<?1#A&WP>*wreO5|<8%5{n#YF*ftDXf
zWu>q8jiu{-`Imw=0+eU}+Cks{W-`^E`!N<~vN_iiU1EO^XZS^I=wFkm4UNSn9pB8M
zbiCS0*M+Tm>Wc%7wA(U;wo?W`1>t2`Y;?V>;p26^)OiddBKk<$U&Cy-kxvO2w))Ln
zI<6sS!pF^>^p3#qF&1n<YvtMiP)-bJWL(lOkr|O48JF};#u>u;5A#Bxi60(_80QgF
zPD_cLvgrL@b&PNBPMkKH*`UB`oRNOlGhPKT7Tk-l>N}6q4S8Ah{hJ4<ZamP51=4OQ
zYxf1l!nhf9Y^(m>(}@M^{}I#EyiP2%kU02$+Fur?dTZQEcZl^HYQkx)?C+N_7D((o
z<^B?h%uT;9Y$w$}()UelPB$)Mv>eCjhTJP>ntZvglin+4{NsSzNH8;%1NjUtlWZW4
zvvId%63igFyPgNVrqLZ3%MMT^k|X5yOCDMXe1T{OId@>n&<O)!=p&#=g$iF#WC!^a
zA2+5S#BR)jes$|PkVonHE5uJov=1nR*g6LXvTg3HTV~n8d%HbpXihu~Jp{G_z*q)0
zMp-*o5Gu}D83K^Y+D8_IigQ;g05To|1q$4`^21InhxmShZ!i}6^#kvOAuyDT$9H1c
z1&WkMVp5ES+##0_Ee!Gn*&SG(&<}=sK#{)2CJ#DR{VgJY4e?xHL#)f+Gz?G^&j+%=
zUKip(-T>UkWnim&Zp*suHT<x^yh&J9ZX^0NY@>1;ptne@0g9yOR>MTpvFeDPPmyPZ
z0I2(ObNs(|jZfkuNEDGBMC2Zn<DUigj{)o(3&B=5ivzilw*~H*gw^~cQ6DQ6L?lD}
z#x&M{$Ew46-!(iR$eD!InNR2Vfz2ru02#k`AG49?b-JCP9GjIv^^f>*cZP_HY=Asd
z=swesP?lsJhs?j0hXCo1v?qPe8X}^G0e~8Ko8I5IlS$iQ`Z@K60V1-t)#D_9{oot#
z?Ro}KIRO-DG(hFcph&p@mDcx10@Oo%+4f_Ts0_0J>Yedr+eHBFSCffNbAgX1nervi
z%O+#N=!5)!$0YOrR{0ZN7;6_zyiNDFdcAdkkDaZBpQA}w1s*h_CmgG>xXUJ@9Dt7%
zn{DGagy%LY8$JI9+s8#VZX?OT$@6mKSuD4a<oru)OfRP8_zk@<<Yj%<vFcrmj`D%0
zKt!`ZM1>GjC&qx>K<2C0)wSz&bz71FweYq;3_$#KL{E80TW=H5E94*WAJ4Xlh~$2!
zY$Vnjrr(e7KG;A09%AY?cVf9lzw4aW_Yv%W0ITa6O@!8bonHQ9GCwESHnt>_XNLa0
zr_Z-*eIc31`@JqZu)brpzuLuxZ$|1P<$VrN-p&BN?sWhey857ep*G3|vRey3e|8ep
zS%(d@S(f>dxu$|`<F5b5+`Gp|S>1`l-{*NI$&iE)!oVOzG82%S-L}evkb0Su00N4E
z43A+~+s#aZh}y0lvDFfmJh>=T{8b;dPQ`8$z}qu*cdZ7?blY_T-L}?lS7O`k%{ns)
z7aOnK4<tG7=X=hXnI{*}ecj*ZegDWOGjq;!F5mm@oJR$U{D*CA>E9jd&NdZn>ram>
z?qC<|`|&7VQTW<Ww~P7JC_ks8fgS`w4-EhVaR7a!JP`YCRngv5q7C>Ah&WFTD6cox
zvxt$Q5qLdKN7W!`1;;?xw~m5!BZz1GpboSS^7o>=-d6?`>Gj6-ED}_qyOBRfXkVG2
zKa}~cqi9l*^Mru#-}!G2WoHP0qMeO?AHx4vjJY%NqX4L9B6OdS{GeWK^iD?}fgQbD
z>RBXsGf>1yR{?ZGF)@P=6j%V?=?!fJdN;OTC);zN8$M6WVD1D9x{TgX0O%dq{(x+E
zKsSKP4CYR@z-jb`9tDc<3Vsi0T!U@}6f>l{ELdywei48F7ofm@&o@KrH2zFI{{ADN
zM3w#9+!lP^=v|Ay{}QO7;P1I+sO=I9JVx*J`1|j~{6-FRtKcvZAC0*)t;+yhp_>JM
zf-1xipXc~~2yNL`V6`*?JzdWtEyGSL_yD0TwLp*a@5NT|dxW+OPqyCY-=|o?e<8Hx
zS)hOA-=|u^9}(K}3eY3?eVf|~{*us^13**!`z2QJcZ9a|0{si`KZDEnmcIbC%U1i^
zP(SVkcw@JS%e>eG6HIUXDiab{nT^wo!0*?y$WZgE9G?gS?K6b7Yp}0cg>K{<4d9Wc
z_$8)h<XFm%TuZqc^+*q&2gk+nGGhlJGj`h?Bha&+MK0JUc(r+8juF^@u|9CMxo3_M
z_}BH~U5kPr#af91-Rfrut<hkgq9T6ak(x&?HC0@v?;>kVWY?IQYXrVC-u&r4#?@x|
zJR|V%#rnY2raI3EJRsMYUS9$PEc;a0w;O3|M~-!2xG9-6l`k*?o5zKT>=V4kY+PUj
z?zmVVxZ12)U<5)o+{OXA)i+3Nj{+6S8xXtTTH@KYsFxdowd2i`?$dR(S$??@STO<s
z$Ury0KUvuT1vc5R*yx>HFJ!~!n^+_`OY+tPDI0Pf7J)~4Lkof4iS3`2?GEV1-#q|3
zgSoka|GxmV5&K*Z)JXGx+XM^VFnYgulTGfZC^u#Zxr5Jb1gc~E9sIpK^0|qe-)r&r
zuZ!p64#Dq@xsxm|!|l8^Yb4(f^0gvQYgWr#pl5GFzRa<L*Av>Z80bm-zHNdPyqVCJ
z0MHNl_W~<;2g-^<>s|hRq80o)p)Gd<J;t9e5`4XF6kprsP71z$QR3y1F62|9O8j4A
z?)i)nNY;<!ZHJT44$0g7jD6S<pJ_Tku@t9jY18@ro_4+&Id)fe?6xW+@XLBm7vuLa
zt}zc(8G)XQ_3>O|?x`{Y`)zCFJnhW#bc(SLYvQv^71vmNk+pfW%-YnejlkaV=1uo8
zt~P6~HUhgY*2i;=S$?$<Fl}q&{Oq*xvs1Ay46E#VYOXZ`E#tyL%kXpCwMO9U7whA>
z#%#RS2z;e}6hGf5`T4#P{5*0DaAej}PK>}8$D1eJr|TNCh8Tf$^;v%I0_gSwgp+xl
zGnB2u7RNQD$H28@#xb&U9jG<})%D_h&}=8v)gV24Ang5o+YH6{m~kK{3%{jC;B(`w
z$J^C;v(oV~;{>zg99U)qF0B{usLSkU$HzP$x2@wkBQOzlJV3Yd(8oMSa<lWUFaqqR
z@#Q1hHQeU|5-VE`VYCO|Q9v(S3t^&yUZz7hgf?O>p(!2Z1XwNG6su*MYPD?Btd?yK
zYlKh5ePhteRzf&9%=D9tx$)UIbruQc6ME<qjA5q@1K`7^F1Z)aT(f4C5%|?jNP}7b
zF`g&)@VA7<bSc}=4r&CtPfy!Gbr#w{{QfsZyiZ9XiW&MA(5F#;K2T?2TZl0o?WO1R
zk+#xaeWb0_sgJakp3+C!N)dgetrYr;j0-EEd)BsC<pd5j{srj&(OD#+xuQD}KEETG
zen}o%P@?zq_9;=cYtiOLJ%(^<(8rOzkeAV$2WA?9wwp5Vhwe^k5G~sZT$d1lShW*k
z4O<nfVXJC2Y}KrWtq!YUYmU|Md9-K8rz?(&pqwK($E?wf!0k8j_jU8SWgH)QOvD8s
z=HIGV{;jIz->O;utq#k-HOKOQ-1y+kj$dyC>Nu{m`Tg`e=lQ$lS+2$WK*0sw4FDf;
zzf)79==Yz}wCGvQv2eq5axUQnT~VML6r=ZR>%_aHgOi{;sgea}G*`4$g#|6@)B(>V
z&`}S6c^!-Jx?&BYiHWGc9p?GHipk$|e^4=LpJFD~<ym<EE`@-Z^aI^o1E%Y%V7;nN
z8Gszn?@<YLO@!{Pxr7c*<nP0X&Rr+`L;Sq-Jc}6l;N$g6ncqvJ*PLgO_yqjj75!d%
zt+|9gwNBIv-;)E~BuCtrj&!07qOUw7D(X;YMy+)$LLA^r_z7QAdVT4&Ri9@%y>pq>
zS4n6tfD8TF>H^TcXV^Xkj9v|l-nX}b)hO}!_BPczphE1wzXeuL5zyb4L+tHsn)UWJ
zhxPWh9P8~Xv+;v7O-o1Q@o}Dn=8ob#p4EcpQ+}XttP?c-YYt~Zlm3x3|BH2kC(`)+
zDgRy?J+O|ygEMfU`ATK{9_LLlapo=||GUBHeTy-7pPcXK<Jm4<lJ*S0S@T6B@RB~B
zK9qeDezWn5M!*`?N64!z4XZaB0i>JGi;V@>n&q<Jw{;eY+xWFz;$i8h;aM^vv!3!s
zBd}E;DL*|q(0x)<qCJ|Bqlkm%K$cd&bB^n*ifruTfUMJSMNi3o9>%&+uJ4iSZB!u^
z$^|-F&bMsKv0APi87mwGmlvB7a=ir1#tlYb?RYRwWcO6F!3eC-?fUIU!d@zbZoAAl
zqiIouabLcOpPi5~w$qwpA=Ppgp3`y{p4IXeR`Yj&DbX)vU@#@R{v3;d3Kdgj&Ix~;
z#p!Ztv{cY#?~HNi6KQd%`DYSdQ=(Qt)=CVq?tKc*Gd1eT%riB5%{i{$`8-Euj^?`o
znb#d;-RCa{`UIR^jC@rR;OB)F{%IR|48JF}nbE&NTxsBo=fY&zN*=2U$oHmdC^OvA
zlr}T^=Q<X7`;M!YbZ!HyN8+n<n`X7D5PR%*U_J4^Vm*0B&Vuh;39-&?4y$upj@3De
z&w0(x<*2j8-thCkjpeBqn}YcgPhggBG6J~%Kd&1HpP7DhOm!2&FpD={zjZlKlozAp
zVZ6^wpov^TyC)@1&uH30#A}Z#aQXAPEIs#AUei*+^G}*9`a(e9FB%wyKU?e&`yoA?
z6m_B9Uz51|L0uMizs7Ngm=8aHPT~xP1Yaa2oI@(a?)e>9_ui~6xDa2Ao_j3qXJOU&
z4@O|ex{*3qRX(K-HVQK1AGq5He03eli~l*y@36sq`zV;NkubmUV_^PP-B_6GHkgNP
zFz>A!33IRVsbKyH!lf19Lxa~66=vnl*NnjB>ummj-TwKX!Tymn>@)Mkv-9lvh7p*&
zZj`N?YqQs<LpYcN`YN<%OCcOYyL%3VTNPoipRN-&_sKdIL0hG)5W)%U>&n{n@70ZO
zkB=v(v466TMeb3ntxgpN$PnXpw4oCEcnz3;tYZ<Qt>NtNao!@->8=4U+SB=jzAgQL
zLvl_3CHwqm9g8G{+!zV(;KVE(nvKAJ1;+7TP<N$m|58GKgnJp*EFKG)3-pz`k#Ufh
z>SP=wceT|L5WYYHKv%jHGt>z5fdGqOTgDH#nb2qIM#f5Z*Nu#ogtm=i*KY$FsS`HL
zw{f3eCz*a}8|PvC{nzMQ6j?3XfbOi5cK+g#cK)q(V_@@PQ+#69C%nQ4><A!@{BQ(+
z_PZx8U@XsKD}Z{WeT=dc?O~LsC%E3zqRU|Ex!o?%`I&u9i9+1yePOLQkBENNSrB&f
zb8A_I<UzNZM;4sbAgVghW}Y@c3WUwvxt2u|eql3vq|JP8wrZlCKG>(2=QY(#taD~<
z<`vRr*1>vPoibn)3Y)omB6NQ(m(ZIEh0XkTYqK)s>t|Uc&TZzY(RFLHGT^IcSp@Qh
z&3tHW)@J_oS|JZkI-xu6L>^sfvzcc`)92m(yp~1cdEiT|AoLH6xzlwZ)48m=Bsz!V
zW_q+7|N99|t`Id9hV&ydw(Sa_mq<LiZGG){pIn!=Z3S*7)(IP;pzcDp!)u)PaGcrN
zbTj2AG?lAb$va6bc_qY9)+FyDF<Jx`ZB(q}Vu-O}&0@n2iw);k7a9-u_!?tww4Z-&
z+cSPYD1Yx~<ItX`C}aPs+l|0GbzGN^-^cKqsRxWeVpJay=PJs^k~@rmy-xc#7aJ3<
zHQPFj0QUQ3UD_VV=1+~hbi9{Pa0=KH74%b6fV$x3{feO+nhLj^eLNTHz_|HrC?6=&
zduKj`cQ{1N*7IvwB%~6Ga*E$gJIwS`QwZI&R>&+aFY|$ZZ!OBg8X*f6(9?48J8Oj;
zd;<GVv&q2{Ld~_GMBW}8ql1LMkcR!0X6jo;;KA|W+LeWC>LDY5`!<lq6zJ~bdc)}T
z1B7o>K!-vj&<KQjw|bsx;&qzJPOqUH;_p-fWv9o}x$8o@O2iu`W#=-Dz($FWI6$`@
z{+{BG87G(>=fGn|0QLJ&^F9$XF3Q^Q+{S3qtUZO$eOlV@CpB&18O^b<)gf$-8`orQ
z_B+mSyQpHi&1S!1t>ER)tsTp6L(Q*e?DSXH2s_;~%)04pppSE#dup^|jkx#cNp5pb
z<$gDgzvc{&Ggi>qgdSnc{W8EKyH%ria~qiGcN)?jziExArHv1>?xZ#~n$j+bo~>n(
zvOBAmoLs7ytR=_tf)R*6NUY9ns)crW+6GUqgV>3_9E(;0J+m2N4FCf{4fME5Xtkl3
z9n-2U55ViVhMs(&N6MC4*Oh_=gUcUV=2EP_6Us|XH+}o~1G8$Z>q=D%wrVpwrY*IW
zxiss6S<9^JN*z|mwB^<^*GRdMhRcC+FnemiOlZ@h53ga7uCvT{AfM3D`kUi4F)3sB
zs}UoBF#OBfap*N+qoF58+5NMDqC6jJer1Gi>$3T8r!{q9t5e|q*R@&P51bbEX4YSu
z8hvSvkj*cy8HxL$=3i#;UM=yC_9i%u-gj!HO*zcETOTBrsB1txIV=FhTna{@Zz;ss
zHq~O=G>dI>SSSA5VX<vFR^oF&Pb~s^`cA}^$j=)RSFQO#5g&*z#7Y0OY723MxH?j{
zOyF&+HuH$YRlmg35s9b%(RkvvtJp_|_EKQ}gfVwpIhd^+Z?33!4fikknE<3qd@eQ~
z{({BX+`vB>0o?aLtWC??Plk^>Z1~td4nArnK2~1@A8*y#@KJ2^-hWYisAkjupYc(n
zjKRlGYCj=95?Oqd?-lsSUprR+p}g;Miu}UF9MDf`>O!^92xwf+mp|oj5^kdfLD|^}
zFwm!gzQ|Ax1!2n0(5B7%{Z0tC=79dH3gN$TfWD`w{Hab*2M%hWs~y#rA5>mDS6&RJ
zS}f|#Dga`mYs=Iin2G^BhSO2YBEXoB*U7__ok}sGAC60NlVuJ_F;mYOf!;Oa$cuEJ
zxMsFJZv<YuXdl(AdEN-bFV+Wj&T~fKhimNq#ZN}iw~;U4`JXwU=M)+NgsFqW^RlN@
z2~Pu*ohXm@Is`lon6k4K;aLdbP@aJ2#9YvKmt6J~(%#-2&`)dH!WIy4-cXFcJI2D<
zV}tYG!h+FtS#~%t{G@P(5(yuNx##;v;J)$TlkStqGuvJ;0(V`sPp(<>f)Utw(LOn*
z`hpSo(#86qtognX&~3O#*Y_ze5DMMG9t*0%?k)$Od-TmIB((7!!td!n2%wic3El8j
zLTjMdM3}bWZw?Ym0aW+_V%{!MSE>wW>q%KV9KyBCaaCJ)fDxEqOlTXxhZ{?4Ev0Lw
zdHa2Y)_6+II{;!RtNJ5gH9CN9ELE-B9h$Yl<*+u*2g=%k*Ac4Sgy->z@umI9-z5H}
z{RTh<&evdEx<5T9+P2Fc-^S-$X*8T|2l#MqX|1Jp%`_L>M`)9$)LdwrbG8HM+)~wA
z;MA-+E{8SWHfI`M1KiH5j!gt3&;?Kt{05<+y4D!(`8{{%jL=QhF;UkA73tc(gjT?7
zCmSc$TB(OsEA$OQlVw2f`azxb58o#ASB%F$eGe&<UhhAuzV!5yPaelH9vWKqSfWx}
z(6o=xhpHS;y*mYHf279R@c6aXk<Mys<9DyIl4XR3jIy)o*h)G+>(Iq}_tQ0x;+_0z
z)KLK4u$oW}NL5oD>O!SZ;-3TI9fhEy+^bZ?d-MtcT>O2ewLs@MpnG)xUpPQNlM5ep
z<$%7Sp3n{l9BRCq&<*uKLtA*gx7m0%(8u##1zrc3p)Ek~akvT;AXU{v{>A0anI#RN
zh0(?;FDxx-Ftl(Y2Xt@or6p=HnEtpHCSdI1^AC#mTYJIi{po5J3Fd+?SUYwP-#pKB
zl<~h&h3}T-XAwsQCz!ut%>C>vVj+L*%_r2`RcdaSR%;<WZo+kwOU>KC2p~;tn5J4A
zXF0gOxm|@=V=mB5xti6q&|cRm$1VhOA7gG@<5RdsW&Aa+R0O;b*3U?t1mmprqH9cK
z*O*=xt`*mY>&5l`K2zVge`Ni!YV?X4SYhv<)s%(k8&XY+qJ7L30c~H+B8kg^-{;Na
z3GF#n*;cTE^@JLQ(2e^-Jo-Bz3=YuCGzhmzU$O?uOfY6~`2)pmyS%|NvuO*VO{!*X
z0wa*PoX|}w#C|%BSfN~?Xya~}=CC%-s<k%GQmw{?NaMLy$`AC?8(BobXEbHuSYKP@
zrTVrnx5`~$wtzbD&UDaK2bi-RVD>En+E~la6jXTts&MT{pZwf~q|abI@OyZXPLVzn
zCD2{T+IvqeRm_u3iWz~#@pJ8piEwPJ<+Z|9p8IB$fJ3Q+QYb0g0O8jhpnJMOeE$W6
zU&{j>;o_MLI_~wpDd0=PDg^vIbX89Y_<knwdl2!PC>x32U>V2ng>ZYMGuP_#1Klsr
ziy_So-@qc|1gpR~Ut-MN*S_2W4i^}BM+3dbv7|Dwh|p>Wn3{x7s22F1lurtuGg&@N
z-M}KAGh)6ca2<2wyNt7Wi*a6s&#MeP&tpL@84H>kRaUbIDF9y@maXUgi#^VnC1s$6
z69~t`(vmVm<8fD%11JNk&oe!}Zd|Y805iELyKZa?)e?$$Pb~skj_a)j>iu78{}Jx(
z0`q@(k+!6e1w1}pYs1syH?T<JT~_gg#8Dbn3kpELAa1r0+E_2nd4=vKG>EvkT%4)l
z_(7R_H?G+Tcr>6sCf*apYuGL)^s|h)Q%#DQY*)<0QpN1NLD({BJ`PP<l99(KgVXZZ
zaAfhI9ASELk$@Azr(D7-&0qhw@lec|`(pDS`vmQF82mlr;WXp4NPtv9-jc<Nb7qNO
z(xOsWTH=?q2*sC{l*P4h&x!wUX>r@9phaxkBw_T!Vf*<Q`~41%sNG(uS48aaZ#`hH
zCm?DxG&PF4;{4_uYo?)@rC<acu3D>O8d$1MXt01#BOho=h3=<S5<?n8d9ne(*9pp<
zUzq|r>ckcU!rmOvZ><-1p*P)4=rayDbZb4(CjMQ>9PF#9;=B^t0{=0Tl|en%vq)l)
zRg4$gwbw3ebj~b!8?-Rm{2L2POWroLFesom6<=DCTMTAPTnop+*o8ELHo_77UkGMD
zWA08(x%0bwTW3673>7VNAe<-$y~PLN4b!jR5?4WQacbfC6wq6CXkns&-Z2#_eyl<)
z7^sewLFt_Z(@^HaWaP))D#U)rm>YF~AJp*fVWxwVRF!q9BER&s8b-SrdA-2_AKhLI
zdUZSDavbf;Zx(=#^x*+gRpx_mS1#yf^C29^|4uFJDF(f4hZar%@G*jU#4>WhO5@}y
zlnV}0RR(HUVNCZpNfiW@$y|3iAiQaq>7;;U=nm<yrXWjyIQOS%Z`lGgq}E!vHk4hB
zQonGyrWRShNw04{gu7JWYe71$E&w`BKHpR;WMLD3rq)W!Kpdl~7ATj6YLV3=afkGS
z_<M{ocePv_uE}FtPi9Ofm|iECHBLD6F3JmSdQ_aXpAijQ&mx|atRgMbH{kf7-1*NR
zFdgY4^a0c7mJti}_ND?tQMb=7Ak-W5WORE?!egd&dfL9U>-CG@+c70t4MwlydKL+O
zz$%s^jUudEYS?(6=^Nf<zKH-XkNi#fkX;;pPB34Tdg5a9c4`oQcbMs3X@?;VUpC@=
zU3W%)Oo6m*>4=J&5H(|4qP#e-K{R<A#12;iZ3pO1Xj*jtDiMQ1yEL7*>02f8UB>67
z{i!*vvwezrN>j~~vsDvqQ4PTL9`^ez`1&7SVWoJy*v0R#Zvw~bEih$Z0%LkhE_}2=
z0sWp_IONR(God-6Xp`KH&#pk*+qE;X0%&kOp~1g_?%zP`qv!e*^CbJxajL22+1aXj
zvgO$E4Qmjmq{`Ew)XnY?_Fj{;0TbIhXSB^dxT^-Bq-7AoDyR#|=ZzWuvq~7IlP&Sj
zfS%G;3O;@u!d(;i`;!J%X`p-2E?YrpE7J2CDYsVupNsR<dO{mFi#s%e&B87Vt>@>5
z&Bo0@gUvuU=Ypx67w<kmx!AmlMT~Q-BH<_W2LP^=c1cvc17=3FYZZ%-%fOf3k9RO@
zg9W`=8!X|?>i#6!U>8{<wuRP6y|qH>tu;2i_9@$6Wz3E6`UM~yvwQgp;&2xDPAyfr
z9zvg@-#x*K=M&nM4-{cn1K^r-zf#vx3MHK`2p`J_y~atZNF3^xJCr(SDU>{ec)Se4
zT|1U<u>f?^A?<q?gf~q9-TNh_&Qn;r?o}6rcT5Dm=Fd>KvJ^@HoCVmgv<NCZt|gVp
z6+*t?9y}6v8#WU<A7x!Lq1#c1ts!)|1I$h9f!?+m=&j8_bAVJWpCokLawnMEonX#)
z!lB?ApriXeQz-h?6oT1N2&T7C^h281uo-A$Gf;lUH(%<^H9$*0U_QSSKKkZF&>PnX
zd#CJi2)C-BuX2zoZx7VX$x-UOrBKo#{ZwPe@+~V*GY+d2_su9lcpa7SI$8=P2s`G2
zFv1SLxoXP<2k8CoRTfjZFZhN5@J3Cr+=PVJL_e?<;Eg@#>%_~=re;E$G|jpVWs0BB
z+cb!6npbOu@_=rdr&=4_4y*BU^aJy)R0GhbR*j#(6>{oVLQc6LyfP1T&s$Ij5?8Ms
zXL@yqQdjduv9}uB+jI!8{QQm?Y21DBIP)ov86~KXy#=6uHxKH*#h81Ub7n~=Xko|$
zeOX~?NvENOyYfJ<DZaGCQ4D57Tnigu?0TLt_jAsfB@BeE_*`LW2}AoL7xZU}FD=O{
z2J_W8>SSZrW469%Tc`U59b@}$lV|-yVDxTZ$s**q;OCz(=0<u(dTho0;Jyc#z8>ug
zX}_ZGOxv#pewKXf%>#Wa7=e0e=iDX#-z)!zq}|gX|KBG6W527x2&`nx{Y5YW*WubO
zAP)*J(l#{A+~d&)(gu$eBxajPBS=U0rhOO<Vz}>?v_GXmY^#I~e_!`X776wW*nFLR
z%=jcbKJGDb8;K<Ve4Z~Wb^aG24EN0{L7H$(CtHkOroXJhzGPZ%XXKA+CTFW=qE9hz
zT*)GdbIf<qIgL3c%B2JOgw~)<Q7O*&B>m_E1HFNtw-h-a)Sc6yI`%saDl+k!wbikc
zniBQLJp(tYJm(N?%++}eo8*gJLF2Pr-oz5k<fTp(2EL+-v#H_?)3k-7b3gcfG1uqQ
z7TSLw@3#j^iN#uSEW=6Yk+M81^q`1c^{s>0nWc)!wkcL(DbORGPAjnn=sf`?7JQW7
z|MmlJmx3}7p8$I3TZA4ys=n0p1feP@uRrtTlgDwsE>(Md15ACrW^mbK{H}N>?5ruy
zc?#a$`ld#dLmq&gHBNP>7qp!<?{0nbkrgZwe1gyo57b#*D!iVWwA{jHj?JyHjAGd7
zC5qWUt=dux!8$T)spW7fR;p;3<(#8hxuu$=7K(UY=uu&Bp>AnZbIeeAju}ij%)S*6
z>z@bovxwVM%!hV--wG1zpGRouSwf#i+Xs{Z5AqdJOdJQ-fb-#gQbjm7&RJurg{qY*
zT573<8eap>jdSAsyBTvg)i}(?HisE%beO?%hxv~yW!&&lLf;vu{c9^lJ`3Alkg>xD
zIQ@J-V}tRUAPu7R=eS+9Fb+_W(57%25c2Z3;tcdHs)aV!x7St2I@c>P){<|rmI8~l
z6k4ohqQzQ@EY>o~GFHeu<2s=6dC(06%*6J5{;Yp1Sof`9kwk+yR|k`2dtPCt{j1o1
zr))1yKR+?kz6sm!1?rh3Y`w?YH4|+|wDa8Yj$X7M_vOOmnaDHRB&!nQ$CC#YZUYAM
zg<sR*uC<btK>OW!oEG~dPRm$NXjvhAw5lHT)-{B-H4DFK55T^%ZU`qDK`+}6;rQQ!
zUiJ`#$$HSgUSI@hpK6}fG_%Zr@FwK<x$#{oH&mj3Ww?ZYMW%rszX^P8T6L@eAe_qU
zoKbcR!podwi*YIFXoIVRP*?UMgi+`8yE|tzoQ3eQ)#9!U4Wh?2`0Me;IS07S*aqst
zn$=K&W48iuzYKk}L>=hO6QCk_FQJJRk)MexpdUV{nf-m5*|%3SQ+ri2c~CVI?W#E$
z?Y;u=C3e>G8n;9X@bmTGM;x|apOIs)O#t0kBVs>2`AaI3w+P#-ZH<hZ+>(u(7|n#X
zZkBiHH4A^Obu&<eZ(|X$c)T#5(6%D5TJ!OD;O~I==FI}`GkI+;sX}^9t`oA)(8Srw
zXE^N;inKQci~zd@Xx9oBVXVMP+({_A4d{3Ad&@*CaWA24Gtlp>;CbzgOtaH8j)m(+
z|FL=^=r{&`5Bi}Z)qXvXwKae;u<APQlbgv~P(K*~ZiDW;LBQ-b0kgj!1+yKenQn*m
zudn0sf#;mk_6Y6^_xKuP?sPoOxWbm-@Y~{=r<i^*xF>EQv^8xL-y+)EY&P);1zhD0
zQq|y6!wD61J1sW8&wNOGj^g?)#%j=&`(~8*?@_`Y0(#lIN;vc$(}&Z~qun#i^l~Su
zYLIb=hNsnV>k!jPsS#*fPw1YN(0y*HX3{3jJln3B^@<TFn*-sLyK@He37Jl|ROf+S
z=7X?f`t@77@<lu%K3njM2kA|#js^Qz1=7>2D%?4-kLhnI;5yf?n&%IyoQ@Oxtj)~m
zVQqS}f3{}!X_rJ(i-6v;l11VtnJ=}7P;5WiKq&S-+@zWP?V8!QR5Op>2DEM^ix?-E
zZ!|6k5LX2^ir+Si-;P`-?%+edZ9UC6&*EO3^FU9|jqmDN43(aKR?)41D^0WO7;|4$
z1ip@Deg{PO>5^qzRxbw~d7%UGvsvC%w;s5k*0vdFM>EiJAXTYLmQ-@ySpyXPW^h0^
z;um@2pKWoOp3@>OV~+`WPcuFTf47PT`kyrLCEIVz(B`UXg4fb<p~Mss7wVcU@i0T+
zA?^@sC4=JK!)QN!xSU1e=UGLXhLL_RVdBp5YA||_EoTuAW4@;bS;c6%^6l$TH>}Re
zl~L;;Q^h)hE*YPiDc5l+=vN_3*Ax2hw!M4LkBv#~ILGwFW|E<Q&JUYyzT;*apKKn>
zC!^a309^eAYpfa<n4O>w+^&L7v?Y}&Uq{T*k{turnZ|9a^uZCwUWwz@W}pwDZFf*J
zlYN?**sGa8L%6-od}(;Vkbki%WrC*|bXCfPE|)F7JjnEmtpnRKdubVGub;C0XNdRB
zB4(7_EMi8T%|JWW5SpR!yjm{v5eB&bjx|E&x8)UCH`wBLJwr@SO1vT5J#s93J~N((
zwV};-=sg~9%lh_TU(O=IcUZ;q!!}<mH|vWT`N9{QBYm+}Xx)XpwJ^N~ml_WJIm<Vj
zjxhZOVe?a@J-)}=fS*-Mui49(o|Nr;-M0bl<?GVS<ZR7M^r`0B<t&mo#wyx|ZSx!!
zG<rd}Il+7h{THX;e+Abu4xXPt9r-DA!c^Ou6kOA&z5Ws9ol^_<{8-8u?DrF<Hv_o5
zg<@@g93Fpdx7qnLH4dL9#eC`Ka9&lyFhhU0+17vCIQ023?P>Z!nA+tm=fk`r>-)pZ
zZPy8Qef`VpSfuL!^NrR68<w+(GR)klFO@f#p5*VkffxJTD=dJ^%pLP;t)_fJ%bh%?
z`=Zyl%)AYZz>ayU)!}wn{qABbwG(Jses0$w)|v;jUDK?#%YmXi{g0tfhu1bKk6Xd$
z?O4VlhQ%r#A7*a*{-VoRr0d_95660Kh`Bw5LWdYqhxGijI8Sm)bC|59*y>V^Kwl-H
zuWnPUd0+&Nt>gC=#ZtErdUU1|!~NHQ^Yvppi>*ygLi?6F&3<=@b?hmiiR~+`V8@kK
zTRx$w=YZY<;M=}liJ|@V`Q;<+x6dpeX}`^1&LXWl2{j&*?=5!-KWdT9j%s}jeX6zG
zr`jX^sXfx4+9Um`J<^}LkS)k<oBa?D?UuI9eh4f0xsX&f7!Y1H0rUo^7H*w@KD4l-
zdODfDpD}m)Qis{r?l4=M9HuebVY-(KUn=1MAFlg15+A5PJ<C|c^Ruj+e`Scd`P|(Q
zZv7`YcQ=H+|HSm9<iCVN=)v75q}>5(xcWra1|!{!+hDto3mdF+D65Yh%LE<UZR<A&
zMXW^F)l;KCU(O=-IGHgh?oLIzMw%W$&xy-S#5L0S^-QiEVevlGTZfptf9`=@8{W^W
zOg+IW!i>2a&_{WK37DZQz|StRZqIvS-L2nd`o>KCN%zS6<JXE>sc0VPCk`rRdyRv~
zJx(uG%~N|-Q`V$JBW)VbH|{ETm{p26lknX(hxt^a!*l_-45FCEqd<eX#A<t%P{RRM
zFt^$=9E!EP7!Cz<Yb?W|TEX0<mf_H>VD2)@a5yXyZ`gnTvp|i25-U6C8ThLT`jJ`0
zYS{)>>w|>;Y!+A@j}rRqEU*&!grBkP$_E<H2TC_XtP_+0FRyDT<+dv7s=i8~-&)3N
zaDB*A`26n~bB~TyX75N7F-tEPfzf?hRZ;Jm?laW<iZ#K|%+WPn>U}((d`SB$q1QRU
zTsVQyGF^$mYC>;yfO%Uz&|~djZrlQN<E&ci*1Lh`PY^NWBW0>}I5!(_-Y8<uhk~_0
z@wtt61HE;N=zFU(8*gqBF=yUyLp{)@yMZ=t5%J~&Iig>>&OSA%#_HUrSgA>QR`~=%
zlj|UsLVYrU(9}|(8y+MS#|b@(eq^ncde~|C!7%`NpnHg724!5OyinY$&{kA!l@}^j
zTTzWwUZ`4aMN6&nLd|L`T4t5YxJo)^^{mYIcIANnY&zd7W30I{#u^7>R}W+E^j(*6
zdDmr&p@oC0uq`xcTLi(_^-IRw>2W<;cHB6O9e1CMo4zdn|C{{(%s4R}K>4A758-e?
z#$lh5|M$xO-?!D0{EWwY_Stw!S%~!T$5Sj~08|J#h%*HtwVt2JLVrx@0yFdq(6X&y
zDez)Rqgov++p1V)#XuWCxijt*b!l^Pp1Zk?JGp6#$jt|9MSb6<E#gkRCI^@t|673G
z+NPO}suD{b1ao7(5<^-G-3@f56L@^#NSS7}Is|Q;YDe10wVrkgz0>p{q5bOx4V-L(
zSdEj=)D1w7lr6Q6lsT;p(`qfGk^aa8%MTjA3o%O@*JWs9kED$~k~a28+Sp^G4N*TW
z;4<5Gzv*m=bC0Zb(PZr*;`}!@xM$Dji!mD8a?H@495dLMW6oa6BJpA73%)|=v*X}+
z`%)3N!+pLX#}xPdLF{pf<Cvt8AKK!<nHVrs$Kn9K##gxAQx{Z~80msT!B>zE2|e5n
zX5-xgM@{M4ty+;I-!!+@IyO(WHnwTz&z+(^v+-_$yOw$-_MB7jZ=>VF{CmKe<=;Kd
zi}P<>`}F*q=1JtkG*2R*jpoVUN|?Pl4$K!W<@YLZnEzSA_%$0o`!o9K#SySh*F@%?
z5@(S_{M5y53~^rP4ZcQ%oyb{Fu-JN_i)&aUu?8raDdL!@yY6k%%%qlYo!cwpmGy*%
zWQ|>;<gKP!fv+R^ga+${JVm-k9=fi8-`7~xAIY^^CoHLKk~I#&OQ0Kd=K0HkR<ZWp
z(@m;*s$Dft?o~~+37&++@z8j+iq4U>inkYlp3qb?#cMEYE!7FM-|e)nnhrj{0pa;>
z(A9WHZ#l$|*UahJb)XCuvz7wu)Irrut|7E+4TOU;LGO=TXCXgdry7COq?Oi@mmvmD
zLK7{x2SSq#Ktssu?ul0LQ9_Sw2AX=fh|8v+TiAa-Faqg&4@6A;hEHh!xfYH*PbKh^
ziN8(F#^2&o1&=pM9$yOWyI$b_orv=_01SLn13lzeQkhs!XvhJkD(k6I>jf@8X{}^1
z54xN4U^3$OpU`)j7vI%21s3C6={Tfw2<?b;-NLkJteQo-CV&s0!MT#Q`p9^0HaAc5
zvT?-S=b4^fYo_kYwpQMjt|?nTPR-e;Z2yU^w((2VED}7+Di9ZGTqf2KdU*|txOi@9
zEFWEH?Yw5~0&TrEK7L2$3GH+8yw@5+Q?|7&#<k^u5BUb+i@d|{)OTv(-Fb*}QssB4
zVR%RQNl4pm;?9OgYCQ8y=$dP`^1IO6c6p6?W?w#`o4^Rv6o`7}Bc0drdgcw&RI5o9
zH9d_BQI{21sV3m}cZ`-%N{x^)37PY`7W+8C%wx>W@Ap|l=nwF>LNHav+{j~RUxpa+
z8}ivad!45?HTqhOu=~?+=;e3WkHg=T`TRSyaJ3@$4QjacEYm|yQswVb!-)jb{ZFgm
z<Qb+r&?gv#x|&ibX*etD*F#|RD)9XAYKR|K;Mj5RoCCX(nm6hNC{f;KK3uc^7=(|V
zVtP3ky{hBDan(p1ub$JB>DTiX^F22zcZIf0I)C--iHqm2I@e42dx5-FFUjVu$eOWv
zt6!3A-l}Wb*u2#NlFeInO&y!J`VkR%tGG+Z`}DcW@3d>?nS+X%)F$zod3)@zUB(X4
zcSBj8S3r2|ti4&}u-Y~QJ(@4##r^I)OZ}#Z8BdFM^dc=TMmcO$nyE^lJdRulA5CZw
zxtz9Uk<Zx!u+QHO;owft{re#t41(VJJ@B=zC)DqNk5)|w9s3>DAbNuBDnU8_jstY$
z123<i7ychy0(v(<g?|TxAqRB-SCz0)4SL_s>v`<71=NApCV{@Y_+#=%pCES1^F>p{
zJ`RiX<yE+@P3M_@U~bQ@Juawhb%C$@JoEX#3%nkQ*HC^J!tonGZ(C1jc@VlgHjBDK
zgmZ@jOyv8v^*|dz+1arfXj{5ArfW&10?N))n#1hZZm?KOv2}Evut}W-gu^xjM!*NI
z8(Jan^`})M(61@6)T9;G(e1@na;eiqe4U)B#NNp#G&QNjdgm#ia~{9aI`$mU4>;`*
z%2<KLZUZ_%M#eynl94fx;C&-wApaZjkI}g{LGL4TZT~?=#%g*-t@9@&n`^U=ZI3$@
z5*F#YAAIS2;_eT!XM0G6t(N?ntj-F3@ab}2pSJxLTYlq3KZ^vHi}im2<<<@@-19CI
zd;n@Vd6enusN7ifQO0Qw;n=nsx;s?}FLfA!euoigf{qz}(C+LSVEUdfLpR!i2$%Cq
zHS=7PW+GkFcFmkKebttm6eAFHit~1UAB5*jzkW-X<i##8=(ra2H6L36z7e_2a5lGT
zY#o`~eC;1UKDRlKun3O}tta$@;cPu}&*0d4Wba@$hCU$|^vzR7=APcUB%4ddJ)k}3
zpATV}D)teaCHIjFI?5n#4)FIUWu7r`->bGLXPN$T5mfZa+ziT>2~N<H&Lx$}mQl3Q
zlBJbaDPOz}IAo;dtE`Vi`C>E!-95<m6#%%>IA7#vkvL@)JRWL`zaY<4*kXGN{PN7_
z8bW_-tK06OOjn$w${SQBdrP6j?||@pD)Jp8*16e6)BnRfRfz&Fdp_w(KZ|%KW%(?0
zCd+3itJ8c2rCC1no?-gMVE2DJpY$YSZp2T!#1HDICW#-!Q@c$j?~!pP1E2qZ?dwE5
zjLJ8D!#^tDm_L&C$OJ)q$Wusrq(snO&?RUO<!kl3Y~PMid9JB4w}4||KMnVx)mmPe
z=fZWhuK|kdZqte^?_b%zd(-vT^C7(Z0=cftcutWU_B!E^aWA1YPA~_!-;upr@<-RQ
zNc^y<CqS8fvn@8&H6iN<cNLEHgAryg+v~woOn>Yztm3l@xDvOCeW!Ck|6yBqI^VU(
zmhU<=D&O_^wJef2$twP68^0$xGT$|Ioc+F-=9jcwOUna^6ORk@RD0I%TA+aLodb3L
zA1mScC7>rN35CB6-4_BV_B`*|2~ajd@B9O<s}6kkuOW1|gH(OQvN7;w!@}Q3xO{~%
z_r-W%&Bx^2zA~KMck(@v<FdoEN5&v<uE594^%<KCX&o3VLyrAb;3NIK9WNQ4{olx;
zX|)!Y#b}dBUgYvpE3&HJWc%X77l(;wn7Qpb$C{kgIZ3H=49WL-lJ9SocJDF=nA_I_
zy<gTw%t2dsg0ORuFPdaNxK-wr(=q~W;<n0c4aMdm#Ie9jTm^kZebf6)N54(@YYR=U
zv5@;fS^=TyT*o>97sB5!>tCR7q~2>CVtU7VLOY%C(W>h~Z{192o76G05iW9Vv-!Km
zw4JDDx`0%5EniaEh2Pfz-Mgu2NsAA{UDtu$G9SWZwm2_j+#t>i#l4`{tc3224BG+W
zgvInlAnq$YK9tS-J#Y<+#JhxVjrt08)q_LKeZO;N$*X8<Re^qgVQI;$h88AQf!<Mk
zX~|{9V0Ol}@NQ_`WijSfWln5&r?hGIL%140%beJ2SBspO_gc_ZnG^GVkLd_AgeSrc
zVT!PX;CvI|=}pWZHy@f_=Xm+hFAj~&T{d6CBE}-%xyyfG%zdHyw!cGt{NHR$ecOp^
zSmakj%sqw27=-Tr!Zj??bz10dwAB#4Par&RA=InL+%(!q098}L=)GU&>QPQ>(pN!R
zZC?)@-{?P}pSBlB)zV9rR6gU#oE75qdVjhOLi#kj(H5R2`eECt@38JNm^#p22KsK8
zx>ExqfcD28AXUraP)8g}-S$%8^~Y=ugki_>Ew@h@brxY3=uKZPUAOFuN*#{d4qAa9
zat4w^Ob^18g5=PvC1rzU;YOo+%gRd7Q@8N<6_zY_fY~yrgq@dwe)txkMDpkTn+a`S
zL#U<Z>`ZAn(dPhm?r0`72f)=NbzTEZ7%*I*r|X%j!MU>^)YrX`^Lod6vDXlgs@7ru
z;yJQTqiZtgb7Y+caS3~5gN(VgL;J43aye)O5EtKL%zYCWy}KE6hZOM}+6}wq=O-9*
zSIf_jp*<l#KZ5-=@%jJYc=GoLQ3iwfyqyVr@5wVtk_AQy;+dbXy#;L!;V0PX0BN8F
z=O_@*-z%Trs~IJ!Nk&OezER?EfZ2ZwP)*Vewxce`IjSd#Iq<h5jJea#CG(9E{Ouz-
z9`;Gg%Q87{2-lq>=KVX|vxHAQWA3Sn(Tl%*8;sudjJY)jscJ#F^%tgVPEyq(<yH&I
zt+$xoelNE*%r+++LOI24u1Q4}@&(F&4M^3&IZG-56fURU9%gQ&D^6no`m#Sm-6qD|
zcG}zVF4G%rb&ZKaTU@nR;CPS3@p8C-*HXsZ8zeoD0?;?4&rnPf=PsX?=PvJu`*(d-
z#=SO-lY3usjf?{oi`@I-LFNXS`ud6US^J1gwB_!Kg?%(z+D9R1-Sy&m5kp&Tv+b|E
znnk*P%X}zjQAR{?To;sV@Ll&NfLf=NLP^VDS@`*U!80A8)GZr_W<HyitKASz-XrB|
zH-ua7VS1FmFLf%v2XWffEaK^9++G33+(Cd3LjWIg{REef(NEtW&h8KL$J&4P{h>bm
z*YnK%j1$a14U7MM!_0l6T{Y=m)jWmrQ=1YM^;J`&hc(UQ^_6|9>A03ff-f-N(FQ`(
z?bvs8ZRNRZSj6-Fv9*<tUp=<A^5LslWYZvXKT`;1&#?HvZ&=hn-FTk44HuN$wt6*(
z^D)*La3HL~dFOnGfb~%W>Q;<`wPPIE|JU%yx`%IGldXF=agMpYg<xKBK3jLSQGPx$
zl#Ll<-*nyXE9aRzxV2;*t^o+tp`1*(pakV8u63!D9r*hnm>B=fA@Lu_uRVX^`lBeq
zZ}-^xqh(jK$n?RH`tXNWu}HjA)bdOmWbT7=5A5nYm{)lq#40Www$V;-zUeg<jG>*<
zVNs`19b`g}gBngYFkO{(8b*(()2MD>`h;QT&U4NzSqerk11;?N5!3SuOG}#YJJMT>
zW$F|A+?~6cPHubi7ekWf(f9eYlsAQ7wiUu5w7Z+6ABVCB<qpc6pGjLL1V-;V++R%a
z0@_&C5Obr=GkI9Z4D``?z2Bdh9+Kyn;+l{fC^M4o&RyP<+unR*coZLXjpd_13`u$E
zQp3BunI0Qv?rM2XDyV>7EypK{;Hw7P_-D>BH?H>;d<Kl(6Y~2<=j`WS|Cz_H6{wEc
z@7rkws8GOol$_ytc^~pr?|b4N!>Qa(nQA+i^Cpk0@iVhcs(D|VW;WFmin6J33-_51
z$(%gT>!J<pC=fY}CYdvAsaIl+MIvw5pD%LnsfQ<6$(h2hPCdNJq6bwonJ@CTsYwMq
zmhCM7%2=Vr?gE-~6^kHW^LI1Mlrish6Rpl|B6pdX4&94cd+({)nt5`mW<CLl<L8<*
zem_ccEukUp<8zJ+ia<Yk8=;B22<=p1Ao2I0`wa-MoB=w-J9<43KMr$xcEvA&#fVpa
zub%NYrg}AtKpFT9l~k3jRl?p<(2ZPDRpwB_Ju^W!@<~-$sS*z1=OR+&nF$q%?W-(Y
zYhrsLUq8D6DDHoEK2Uzv0AODfz}1`wW^*mjgbTWZny3SJOkcI7dJgEHB-e-gPTKA?
zicibx#;$2H=Qu^^##`X2U5B}kePhP=U6l*EH*ZNL!X%Vu%Q@a9#{R_jvz*A@jj-hl
zEaExADmbh)7k|&K3yj_wVDzp)JZm$f%lZEq(WO_3dvlR43I9BG;rRE_3p$O@jqf6b
zuo(A{_5oL(8+q5u17Bc~-~{lc>B37t{;rqgS*E99kjeSkV8GkbxyZZ5$yI*J_UF((
zxWN1$UZgE)%QKdKfkhHWSj8T@t)yh>Ay_u{j;l*-dA!GMpC6TV3zKc*JHEgo#!La%
zn;3K3dC6ENW5+j&7z<eqdh#&y9VxrPLOIFn3IIMt`3S+!nC0ldb^VRG35>ud`A&(k
z`O6|J)eQ75#@x*XU@pf0lfd*b=04K7ijT|X4#0=~`C{B092c(O<Ia>cmmVL->u(0y
zSfpCF%6T>{1o}nX<0yVj^D6S`EE}H&wUK=4b^O2MQ#)Sb%J_VmhWoQsERrY|a8F8D
zyd`1rC%*R8Rw6IgI^C|Ad-DlRYSW?z^MR%o3EOMeyDX9@g3O&e{{0Xpp9MXmzq(3I
zZ}79`v$KfxbUvX7Lxk(Ujv5==QrfiWPxFEHEfr&X!3gBOC+_d&cXVB8yQ53S*ITcY
zc?S7C<N!TXPiWKKA`T?=j2WsI@gRF`-yS7<|4K;QKV0>`4K@u3o80W)j@n|Eke9Vx
zN#5Al<$!H}<zNJ!%_sC{`9S-%Y0<;n9#t3OJQ^6iw|*erzkz!sKIqQeg(7p9Wlk;J
zx>%gQD|4w_&K&7njWqg(q<ww{9Xy{Cu?zC~Pel8P8+ffPr{lA@*INiZUBx2*D&vel
zV$7XxN1H!=7aaaCA7*YP-qGuY_;K%?_^xVz%HVlcak^bISxb@C21cMSpU}6rDOTT3
zpnaOtJa+@3sXmAyKP2*st@F1KdhUZFE0|kr1v{>=5_tudT0m%d0nk(gXi(e@#c}Si
z-P;$^1g<hUmj40H5q}4U{EL^%^X@f>LuoT{Ii`UAsyqX4=aWA#5$B0EN!a{F!r{-1
zx&1zIKFvQL!hLz2GipG~_df(-PY&pflflR1!!qyH<pI5?h}T|4pQ>V!(1U~qAC-4r
zPZ9aj3R}&1wr;4F=S>gDyy*d%H$5QprUx>4)3NqfdJo@U!XohV?EP5w{G6vy$k>D?
z)(K9~ljoT4lfv}?WO=D|ka7IHW8;^EGs`b9aV)<aPsfm5YB)5=xZEpqz()%%0X@U>
z^C8@&NL?^fth48o%$b844xJLQXTOXa_@7q8Jtvvom|JV{J7UEBI)|F1{N#5z<`(fh
zX6v-<`k%DLvz4=B#|)jx{^pq|eoGW0Pp-0#bQW^HM4f?riG1iat}s!5Je?0*{-ya6
z<={P%o?eo4gt*u}0kZp_Y}>yNc<l;b+k6ODQ?WPho74;Ym+#Xl_E_Tt(<Ajn@asUE
z#;MhrR>ki|UYIBpwK_pb*WbdvQuj33bWhVL-NSR^&a^GQ+Dc8zwNOXwmG(H-6;hs0
z8ekFQE#^zhh(`1mwy&~KMxdPOd#r8&%7ujHH2bDpx&Y-4$`F(pC__-zIUc{l>UWQn
z6Q_qoy;EX>pb78cEKT(E+j76}F_HW2XZj`^Zy&B?5%Qm`;>W`8dIRx>veeu4IexDK
z%2brMIDgdMC-@oDoA?ZuxoC5sJ%W8wL$-6WPMa>CFxEzT*-mTkGyM)*KC1OSre8av
z7HV4bfhrcU%Z8^1#XiuFd%2QDy546Me%t)PT$_!SJN`YSZ`pD|)qi5T*9M#KRkDcj
zI;;5FaF##4e`NaQjJbn(@@(hJOb-?a7<-<SFn*coKO2;N&_{iV=?4Y{t$&>{ci9dt
zoO~^NPNem<?D^2de~K}ZzhL^8rQW$++Kjl~AIRVE^S=zI>s>AGucqs)pgVo0Kv}35
zU)mo6@G0>x?e|WEiZbKU{XQ@PkEd&`o`V=;6D`JyEXF2Tj1^n#VW9U`vPj}CQ7aWp
zpYhKt%G65Th3(Cvoxi_?*HTT&wBLs9+kuioQA>q>@Z;^8nbam*XZDKwp6q%4bRCr;
z>!`Np6P}wLT}P$z+Sz>Tz~pRhxu-<b&hlERG9xhi1*mHQ^^Rn|s3Y>f0O9t{{2sj#
z`DzCkCH9<ko2%pIR13toeN>VifA`Ho=T^j_ZqF<zX_y0HYYOO7WxPM5i>Hg6^e4%U
zA8^^mpP043)Q7fNsYxZ=uE{eR&fX420Qc|dnrZH67IJk8%2iLP`AwOJ>2Ryo4o$P#
zCONF_mjfMH-}B$1cIYlbAD4AQKjye26!FgMhVBLW!%7xmEt9Ooc0yS@P~@la#=$W@
zV9afY#q&<k{c#9`F5ulRYqmP%{@d0Auia{w`9a)kQqS(c@o&ZcpD8l}^Im{D203@M
zt_L0QmUMT{@B@T#oDQM44k=)icpa@bCtDzv&e^5MZMD@Lq|}jhDNopK*c_Wqt{tnB
z@36&{zq^=4;+m*4#j!Tp+P=M*MPSI5!@G-6^f?g@tOa67BkCaAchWX@u+|paZWudv
zljQeRjJeZeqTh%xPOKaW<5nAty%NT)5*9sY{EIW^BEFP87m@hV*mDsGuWs8KJ&FxJ
z%Gfmq<QmsXomqPkTM&vtFaNBt1r3+1-&h8Es|zaRU2>+8PiWhuTFZlaZBn82TL7Q2
zt~yo*{NBKVsa@Zmaq2mU9eeJ2>#U}lhw}+NH``&Je@r!x&2w6P+Vp5j-ZjwA>n}>9
zIR!wkLA`q^_>A?0dai};#6itG-K3eP+BGw=2xy{DGZU4_GY&Ix6;Rd;F{7E#<Z~qE
z2e@<h@@zdy^>XmN3{Zi*gFM_YU-)}{?(3|Rdo{EFD)bRu(G-ujPm7i>VUe!SfG<(7
zM#P8PMSS?ji&^CGQis{!<S_fR8Bu$^_*Ar0F9%;@=UVa1!{V8LUCbhxbNJFnPPsd0
zq?#d?zN5h?5&n{qC-00b20bwue0>GAnfj}5=7A0cODYrhjyex~@Bi#<e4;#i*FnO@
z4~HsPr0Xcl)HK=cY?vkN*E9{pr-QD1$b6qvW;WVnzTM7FpKmnsLAUSq7aEMH#s6Ie
zi+DVcIoJ8`HhY5<gWeyxp4+cG<_W*DoyR^rJpPP!>}_BK(z)*)^Hi%{(|CTo?Q)>~
z?h-5Y6wu*e=1$)U5X{fs2@ucE-U*<bV*174k8PQHk9)_d2l<rkJJK*i+v9ZhjH)4P
zA(N-%d+KD3;O#R&Pqweg-dQ?z<ed;6c{c_60i6Ei-4uzLB0hn<%6T%EWcU>Fz!GOI
z1)r|_D~pi+aq9Q(B6Qs_bB_nFpR)0Pf5k56ZN67m@mM+b6`SwXGmx!|d~KHC`*f|R
z-Txw22>Px5W7gJA{$Z@IRQ(60x8>FHTuJ+S;Y+ly&-!0&dBXql&dSpDPi(cD)knvU
zx%<dC^ZYey=fgQ+KUV*i>HjHZv=8CbPH1(yMxtHh+W5L;Ed}Q}ZRFjn?dg1vR%AVF
z^U+%KAp<9*g%NP_L3sD+te=KHB)?z62`0h-_lWbNpN6nV`)Rzc^Io9;IGmLw|L$Xv
z#GhHkR{I?kl<CQKS(n$It;@r;XZB*d^Yz!b_k!!J<W+?J&c`C;ui1LMjZ$~Li$0VA
z;Z!q;p&f@dhZod^)rVL`ayy|Y+mUxd3RI-DS}yA|by8kgCv~r_Hka4!8-Y{{p=p`#
zuV9h(;cSiab{~rb53`Ep^1O;MNzhd5&$Be;{W;SgwB3EtbC~HLi$|yMUo-bQ^pA6|
zL!TID1mCpV<VU+rezcDxUp}TijSpN8(o@<t0ZwB@)}Rf?%Y7{3c_pha>~`fh_lufr
zw4qWzVEgtCWuL3`u}D`Bt2ib7q2WR9o4yzVcoAi`mt1M0{6^W0avf#*BR2TYleF;Y
zkj)2ugXs$xb6+OwufPTRWwQRNOV+&PNSmn(j9qm@g1^oTW_`}ClB~~3ri}GDk^X-=
zl+`=Rex~;gGdJ3b?+<48#}=_j@Sg=-ux)RdxVH&mH0K4V>jdo%#bOy78TBXH+Z99n
z0GvQ$zpjs1nFFo}YM`HN(#+HCnt5uk#^0Zm(x!=efj-Ub*BoZwLCri{!6Lz<%$IB-
zF{E9jS-(TP7gg9N(_{^SE1I@j22jrzf)D)#v{CT6lkE=k=v{>FMtt3i>n^bt!IT@S
zA@B9hZHo20Y6K7$N4J+)$#$oinzY(FHd~yxIB}H{o6mE+F6*7|11*1Ok#+2cKuweZ
z=##Wevd}O2KRy;Qb`sk9n7lhp6=zcyjXHO4@beY{epVIzm``$6)$Zqvu36dX6E!PA
z03XiX$Lw_qu4qHW$om;O2eWzw@w83S>6ZtY+isKmU=fQLe_}q=WAEE)To1{3!T!PQ
zZ;OYrb*Zlniq9_&W`Fyv#67O*b0hA9|JM=cVO{Z#Ui8O*Xc)cj;^&UTBZTt%8jh+j
zEdis~2l3->=s*6-lTRK;xgPqKfc5SLA~pwk(EW{bB=(2TfUmKh&<g1Xx4EG^xP{Po
z4(!Xs?S8C<cLV4?B^$%8c4TAN{9bdlI@SnK(O6#{E6;@r{~QP>b3S=oyJpD0I8#@x
zW%a$Gjn(%!zju)B!}X@)JaZQD96pZ?|IrrznYD;T;%8aKB|Nu($vE#TIh1(^%`c@c
z`31`Jhh)9F)R&1V!fuGmxUEqNI?nOLVHWWWF<(%vj&%W4gtid$-J|nAV3FV;<2ez2
z-{BGw2gP>WZ~2wr^Uj5R4Ua?ESPObXH-zJrp!2&?E)(w~@$ZLl>wFNl!hQ&Q@pGYo
z`KqW`&+g|zSBhm^YaZz7b>JElFdohQfJHoK8LxBr&S4gbpAnyXzzD4QfJMj|#^a{<
z*<g0)N)|Crj~{0@&ae@2c8?SEo-_Y@adxB7X6qGwe4IUfC;vM+!cMiv+DV>_wHHZ$
zb&`Nj;ux#=TD=lGa4egbfBZ@oNxaW|>34c`!ASZ?8?^krZ2uisvPjpvtl|z^{4;rG
z9J}sJ)~@SH+jZ|}*Uj%ylkv~ZSF%X_uLADaj&nNzT<N~A4Kq%UUYfPd(4K9|6*gaE
zy@;Rl^XvF0a|62_S(wKeb2rJDdyTwXB>h~IwBwp&ynUavJ-?ma<GZ#!4yxhSGfbED
zFPV1+gzg4<pNy-wPS4I;bDDKuBKfP8G52iS{T}I<2EurBOaq^N%;w{T`kCHtqk-0s
zm>##`Ak@e7r|tFpA7*h9KP}JCe!%pXZF}nZLv~Ne51IbDEmnJv<csh2vq<7C<_rD{
zp^dK)S_UeA|E&Tfwj02wIS36sL1+so1Mpj>Ll>CXhriDOj6m>8B}O$^cu^T7W5Vkh
zbBEM=O9i8(F`&fw`+O&gyFyNB8ow{3oWG}_mfzJ8dX(_{L(=z#u$DqA*h^xsZd0tp
z>kvblP920;zq`mvGz0CAOtKo!K`gNyaj(Supbc~tX77jCQ$)DV{kZ!(?i^<BhA%7p
zY+1v*O1NtQ=neNM;ov;b8%`==&wS7uUW9PGOvtyc)u1;F0zYHYa16qU&w<|XJcQwX
z&>Ox3VNVC>4ILr|+3=wfCiwhW2=5Mn9#X4g$vW^YeF*C2fDvdag_4%D5KhiLD9<iC
z^1Yw$n1RpDnNGHZh?p~UE$HCL##?s#L2oRo<?p<@bqk>xdoxjCdX2><KQpeW(W9Cc
z4dntwy|HnYsEI(_H5NInTgQ1PL>h<o`$x1ZStOVT{QeQsPV)t}`%NZ}PxHQUa$UEe
zjB<#(Gms}+0lI@<7k9u0hl{MyvVZ$~EJA)E<ozW`zdvU_q#vXYg7ovCI9rS3B@P0w
zQ%g-MvXEYoPErp~vXDkvIE^?4ln<CbdQFS3<nK*i7(6e0GLh%GFpc9{TEXaDas`VR
zKW7y)hGiXKH-v))ptl$h-jM@($J~RvmH||@f5<Ah%+7_1Z`4=EzL5hJ{Qen!hGdb6
zy5@-Hh#u8)qD@E_D#U`hK>0h%wrSReX`*I88P4+bTf@xVq*lk8rb7jv+ko(EQ^gsO
z<d;CyZoAa*?su6U1#qSL^1p^<u1YZiIq$Pb@F&c7#V~W@bGxs~K9~F})8Aywy>V8p
z)!(j|NM}dNa?ys3-tPq32Sz{z<I!WsScLqWz|Rl*SS0Zy<~zSRhu_OWm#RD`y0uL+
zN7ov56c8G$S7Pa!!*s1-y3Q~)X#$t~a|(dA`s5uynr0qQi~!=kGJVFT8^W!JS;nTY
zt`z!Gxgu**wDz+xHpNHpvWT%yth>FBMLhB|`V3!qk43t=nQvf7z^b`V(1)k{e}8YG
zh1tEO<lc~;QP!1DBAk{tO8MAUAo97h3kXd$h+J%cB;V?j@-Vd>s2_3%yfa`7jsN2n
zlE&wVcUhv3fpq?5xyPD57J+{jFbF9|;PiVeV!Xh7QQ7_lY=1$*NHGHMWBd1+Z;xzm
zRg6IRJr+qsneU(EZ);DnNHEHLPY$6jsE$?to>io4icX#7cMbZ`@8x{*x3Cy_BL+~x
z`6981zuTtjA~dKef(BO{V-e4DVr|8JEE0cK*s^IHA<oixDgy{3p8DOLGlKGdoF*A-
z+EA~=5O){DSI=63uWzZ~LjIe*I?I0xiUt3LR@?aR4W^^6{k#8%ySI;zsyY+LpL_3Q
zG9)1+A<2Z{B{N9~5X35-K%%xe6QI6SyJft!-MZb(B%n}S^dh#3F1ZO2k+kSob++g_
z6GY{v-PYQ$Wx8#dfLbkWw?u2Zwv|ahLE{VWaPxM4pXZ!2nVU(l+ScD6Uq2r|WX?VJ
z+~+*+=Q-y*PZSOk{cC$j0Wcm)>af90O2{Vbex&)pVI@S`HX4b{T!ZKh=a1}%SRflr
z)^^_%BOv&oUT-*GpACH7c@3yd+lX0~NlXtY2Lg{0(=)X6J2sFH)B_w~IV|&vAFFrB
z?d08iUMX`(?Glj=20>~M0I<CGJ)fdsd>?V#^e8b`b}l!TfN~&eCq|P)X|F8x8BgUY
z?brCE5aK*)10!np8Bv>L?5eCcc2&rXCc7$^7`rMIV^`%;V^@XEKw5dG60^ktCjR^N
zhrs;vQ5udf1uxPgxt6F?Acp$6N!05~o_A<-67&f}o0BwI2PV=qxB<)~PEM1`Y%rx<
zP7@EqBQW{t-48KOHZg<QV4@r~P65N3SE_XiG3uv)p=T45WTTzPG7=4lQ(M2D#r+8M
zA()&z1m;KaCB8DmdAaR)=HjN~)N4oILI>@orJ%M{?%VE*XD&iH@a&`2=tKB2b^p>l
z--eEE;S1}atyZ}H>XtxF-a(AUxqm(L7!4;LpxzgTs1s%7yRwj#sF%sg+7X^(pkqY%
zf*@-?>;1!DaNoUSn5xHzsZ+1)-X8yX=HiZ@Q|~cKoyeES14tW`IVNY>T;`DO_p*Fm
z`a^4u(r|PUc#;2;G;9W*vm5yuc^Y{c{j&B6e1NZBLc?*9m+ooHS=Oi}rvp@vk6CRI
zv5sjL{dL6<x4q>fmT_#Bactwqc}n1^`^S{q2=uw}??UclM}NzG?C$5Nx^9FzH&u3T
zSALthxc4{I8ycSY>@AVTe@7LumivX>zEAxAg7|$c+TAUR*78Gf*9v6KgMa6Udsn}p
z{NB|MIK7Y_&zz&-cr*1b9iq;L$3g2Y<!gA<sY~Cd;lxJj{fsz|@@}ut`5U?2LfK(*
zcLOnLv%}!N(j=oLo0y(#?jx~0;M4g!pZT1}ft?$3XA*Xf^2{bFRDt$KDeByr1?FLe
zpDU6;_utb;!}=8P4lE%iQAllR8)zO0RFX+*6YQRXtMiqMX_zR`4#yj6@OdJaj~%sx
zaaeJ6R%R3PX?8}lsPoNoKDG?HAIBd$Lc@9vcoR#A`Cp%+VFG&32N%<DVhNb>Z0PbN
z<K9cyo<MEym3(iAOonQlbKeqT_GUW_ea6@`tVS`Hx!?@pXBWy^qL`hZeK5#;w9=4=
zT*A&YZ_4I1UQj-2faP!R`K^E<nh9N{0JYe*Lc|j86S0Jq0PQ!i+N98a^9^9G6lb@(
zfz<Y9*DQVkpuI`l`D}B*!IkXnIF6Ibg&AKJsDVi}i@9H5XR?a;>Hw)d_ysT#Uz;85
z+yy(+ig-i5_`wkxj>|mvR{%(D>3Lx1S1X)^`JgPXBEW+<Kb-3(R$H!m%=uOHMVsW5
zFM7n8WAv>76LF35c=e}v&9f^%MZ+kYHw;o|lCDV0Bwdp<O~QwC-Hh-J^ElIYDRtt%
zZ0?qPc5P^{ZUD0$r1lj8AB{k2Ta}u{K{5ZWl<#@^K<{C9CC<{(T18PMweOj{gYyFs
zV@E#Pi}HMmrtS{Nsk;LSXJk8^-uOzGrtbG7{>uHHKT&?4=Mi=vPw&|xe*d2G`#!JG
z)S0o$i)mOtLaYCaa(y5@kkSVo+fw=fe!}&Ew2i8}hpDq+3uw}BxNSf@E=B+AU#a&q
zgF?3hEXH*``a*Tjf@X7&4S~0*n)E$%S@$C^u{HL7h#@T#H>1CkYalPM^T}5dGqHx}
zWJG<9_7d$R&&!x)B-dAHH-j&ZUt1lznCqbE@2qR9qR!odPkud+irF1mK*QuPtzIK?
z<@g3tdr%#R$L}plhxy(j`d3LG5B;pA`q%cf9iZN4hJ}7@v*_2h6h6t1g?`;c)$lNN
zChf{I1LJMhe_c$&?q5@8vv!L3_Ytx0Vm)gZx7Y;t1U3P2FU#D|w~KKGMXbie^>s6?
z{_L=@Pa7@vX=BPh!Iy=7`gf}C9^m$=>4wb3zJI6HKN9#1%DO+$Ps4#PP;X4M`DERH
zV?PbYucO|s0qSgU@R;~$4vL>q^_@X}zpr<LW&iJIDcnoHpla`6^1R<KM&tQlhptnK
z)Y)x^uDW}G<zue9M>6W}k&U{06r=7Qn;{L6m`8zX2}rD0hHB{&U#wRFufC0#EsqjY
zCQ_(%8<=tqF&cBhKwnVK@fnS|lF=xWn60qhSWzq+w!$UGiekmE6)t7^sO3>GBMYTi
zg9EfE@cL9d=jXoBT*xgW?95q}wf%9V=@6|xL#cBKz;PeIaRTtWCb&H0A&WzhxI9$$
zHQhh!Q#5RO{_N;;cV(#lYr4PqQ#8!+5wqr->*Vz+p>yi1#N@d@<<6o%6SG+^V!2Gu
zDN2=D4yLKtIu(FIY){Cb24#M)>h^jF-H7&*;=0LM^#>bNqt4z0x*z2e;qkx~q34Tb
z!z?G}ei>rjb};w3#>RGr@BSs5FZRK4zp;Sj24wXtZ(l&er2r>RDbU&GA_Jg+8n@qQ
z;MxM%o)(1SZ-D8&7L4?Ip2=~?#7WADnQY&;&mQXTvxnk4>>+Id4M!!u_KeGXuj*$D
z*xA0$pDq|*gD*Ko_Z!4KB=V_NNN~JOUl2;>RozlS44&Ux32mO?Gm`sCZH4s)xb>bF
zXGsR)rnjBfG-vtzZUpn#oXJM-MKsLnPECQX;6h(a23x3aQ<mY&1uxR-&TYiJa|(2w
zQRGk|=&V-Mz<!yZZQUe?2A`Bevj7UcQ(-q`vwcp@mkTOPAu+JQa{T?$WKcoUdtSVV
z;~R3IOHzFET4b2lxQ*|z1Ro{l65FypEbja$n9UB*8n=Pj>x{U9BM@s|D8)`9?(E=Y
zFxjCC6cUqiV0oPlv|S3Qr8%I*2dN5~^~}~fk8-=KfbP$nPRwVrxKGflIN3ez8z>FC
zZQ$+QbPdnp44|@Fs5gS?Tmi=au{(s*#eKUOo$>-2j!)(}G|p1$EZPL20YwfW&&G3o
z=K~Jt!nNWN#nt)ZEMkyMFv>yqKb6JjxGWpYUd7(or(||6rZgNF;pc0txyg|q?C4Kj
z+ia8(IM{b1m|npj3-RCUiP?K2zoXGRf;La;oC>;s{(`YJn?`egDpNamBHm8WYNX#W
zafZ>FFCE*_9`#b{#J}<R8<aY2&U%9Y9G9k}KlGVUtEi`YB%E#Z-khq(fa5fZSY6Ns
z=KrEiU(DjMUHESyfZ2OFF%k9_8M+XDlq<Il)V|A!NdU}59r~eQV*gL0Y)H^$9sgxY
zod^r)SA-BQgz3+eI^Vm9hLilvaz7}AoyRV+oJ+rbnekJxUb42~e4oPpbu1QQA|4UO
zIso&JmNEa#@@MWDtsQtqkvdUdql}$ZWR@44QpKQi!0ep_-u2sv*=2{W*Bs#8B$HUc
z0n3puk4*&?c{(}?)XlT%jk8OnP@9XGhs&i<pCW~N4+HZDpU(pGt<nr5lhUwm18-oV
zFQ#YmaZgLorOPB%S_mxPLu)RlPm7C~5dBQ34e2B3(3mS5NQ=G)>_%@Ln2Azi?m$`3
zT*`9-OK2Y&&i^O2%^@b}4d=Iu=N<wFd*|@D3i8;)7md|R$-2c$ZOisFJ<9U;Xh)n8
z*NPE{HQ6A9a@&M5yikf|ETCcc2<7k((=NnGAKPo6+SyzJT4I>0NT0!rXxM$0R=*|u
z!E+b!Jhwgg8*TVjDYkbb7`;kSC(;sqwY?i<WA8@A*t^kY?A@4Q>|F?Ed7H8abxK=t
zy|MFA#Xy~cc&>1O+4krX18IP|W@mARao8DgwN(;x=R&d1HUcq(Jt$y*9(~o;FEe~W
z2B=aVgjS%R{=^dFt%%*&R7uR>J}_ID{|>PgTcsGnhj4NjIeZ9DMVqqch;tc(3Gwzq
z7RTFc2bf1niHUld!DR>YNI5ZaO?hMvF?Z&I`Sh#|<^v#(pIiv$iZnR4qwm+35emxo
zP+(t1=#TSh7&5>c*hkEye=XJ-Jrd|Ww~f%Seu8>O=Vs$`v(5$Q5e1I-CgAa;3Q@cA
z!*Gwh{qz%xvB^cuatD~mqsX5-%OJKRH^b;y2rU0l(g*%(8tle=QGanCG5=)AK^z=Y
z58IkgoXcbKuEpW(oOzxsem4A(2Z*`55V|^K605rkv}ie~?Ee2IUUM34+0(P?jkh8W
zV~2~FeOX}2*(iTmM%}f%##h}Jfz?(k7IzP)f!=dD;-QJe5YD<9&=QrP)~TRHr-{6b
z3qY;A1Xx|V#LXn8+re8m12k9&YMmRj#9~n0N^xgmD(q&y3;AqF&SrY>_^!%&14v!y
zNf$A<g6@ASa+Ogm?v>-Ww<>`8fS-5GRE*7~{JiU1rIU@m+rd2cOs;Xb8THw;&Zp<|
zJLfy+^E>D}*uTY{(fJ=%>zCUN=S95sUb3I{8Nv>^0`~Z4LkHPC<!s~dVL7y`UJ5<^
z#1f<LW-wdAX!mAx?x^JP%&vEc5up&<@&G;qGxBLE_SP&g5buW<gE=sthT~=6MY=sw
z23=8^#Lg<NPMmk?wV>&xpn5;WbYQL94&KN9K+Nrjh}o>T`q6(cl%VkLB@n{j?lMpV
z3P1n->-pSw3}h1Xjw%`+U_M`Q=fLG)YE`@rI#HlKv6$zyd_38w47!4u#2mbwnCJ(5
zwu*-P>iE55qD*hU4BuT$%!W1Y8pQK80>23Jl{gof)FRIy|CIu0gU*O+ov2yTDQwke
z=F{+NBXl?RaS7g9O{o)c_*A_VO2=W$PE5q%y%rqyWpSSE#Chg({1xR3zDNG`r1%%d
zU(V&Pr?HCrW9~d2ujy5$cJ@7RmGKhj{`>axIu!}UUiEe!96TCt*mM7WFz;)ZV$B=D
zXx=Cr%^MYCF4MOPzXRvsxgYwbTw^rmW-z|G>vb^J=Yn~66~t~@2(jQop0^D7?dy~}
zJ6t4&b4B>0mBdVB@w0BE1l0eY0$qs1(l*e7+31gxS_kNU#3lNLt^0}jrZTnjMOLFn
z_g|R@2kYYvd+ys0X6q=N(kQH*E)p}g5u^11Vm{rb>_OSO=?TTKXA|>j2jcJ=<K8ea
zZ<>{1e9pFP&+2WGamWGM+gZfKd7!-rmSxQAutDhS3n8|8VTuNuD8yPHNabY1`7NZ>
zi7+BwpAs;BPQbYN0x&jjv>DACGmPeiV9st+_Appy)f>C)#C)=nm<aDO+p;}RyNFro
z;4-$?0UF})O=rY~-(SVzRNQ7XEd=vk0b3H*97>%@en7o)#**Xb<Op>-L_BI2`dpIk
zNBEgcqc2-YOub!-q5f+YHX#XnS(~y4`6tN_NK?cG@&)4W?gC{V!nJZ?YF(DDcjk(3
z-!Eif*N4c!M0(`yDsDfR?tg>s#(DmHgwGfC$WKT3xHzY{r2DONS}JIS^EyCzJ*NSs
zxHGAn%N@joL|q8^26gkXXFkv3g*di{Kxk{)U4#qi=I@SBCytBX!gmqx53@X0Q#%8)
z?k|&cKf?Gr(&-r8jr3T?)*@3oGsH8*6Y|5oY4YepKO=mVvEot1kSsLtC23H`Y0zYm
z!!3vtW(T<rABT6ejW>fis>fgda6P`oLW4(o=x&@V&hy3*>I_);3FkS=Pd9UZx`lGw
zpzgX{;Ai#-`rtnu6H`d$06L?{RcQbBDc}v}gZCTTh#74CXXe+$3qVEROA0{f`Qm!!
z3kG|@v=zdrAGqJea;cgq+ir^w7!bY{`c7&U&nYz42Y!+9t3;_cxQ&<|O1s=ZVx<=W
zJNvX-f$GvLK+`io4fJqZKDVOYPy%q!{`f|t9^kl5Z#Z8chtTX2&R-IdLSGkgX8hKw
zO4(SMr5JCO@_Y$L%8`e7E{~?3lnf<dDJ7sm4yZ}LE-;Dvb&5EPi~e1&l=Sbo4~}EV
zp!;!*&SC0oe3Y0TB88e+oM>uiJ+8;Mf!QeVkzd8n9pao@&WSk_(1-(6oV#a;s_46+
zkKfco%#1uZ2=RtJHc9t41>oSyePE(biM)?<h-?H_11GXkHX<7pBeKzEL^fs^k%eF`
zZBzC%q3>K+Z?rwC7%Obc_8_j%Z(imAv*O_;hNps<2y<I;hJpTZ%R+XZHN@5;79Tks
zSBK{D`^m^(>(hKt$Gnse`mFFlLHMCM_HDF>g01#Ypxz!Dp3C!BBaK%w87=Gtv0f>c
zbU)6o67-(WLHs1n6X!kAT$g-|xo*yd(fK}4CzcJAi9T^hvO5#JcUa`You876ofnV`
z^gj__e@!;NJ&%Ut7THMR*CXV@mz0Yd(BckI8+(YkBmf6XD}bE`M!rYc_?(c56%Jz7
zC!`R{3i3VTK+@$9j-Ql`q+DD`CXz7RG>?YKd0JfrdQUf{&J}_$QHLTOHs`^?ws^yy
zoA!Z;Yq!6~kIOy+jhOsYd^CPc!in!OUA7-W_<lK&LO4b}Tk|Pw|G6Uz%w{o0QWh_s
zCt?KKhzS|c1p?2ulB+i)Y$-jU%j5NcX97J?CiK9rp|L!^bS|&EhdjP6O;$cLm)C$o
zSve|v+eoth7Jf^H7^}4=e*Xuh&K<eLI9o1-I<koAmbk2-Kic<z&FIbo^JjB-U6Hs9
zU5AyzPV`NYF3*GRFJtl}83{$MO44Wr^W~Nro1ajO=d(E9u0Y=?7tGcwh_x<+*ydRo
zM%zMQXQPwyoP_W8zd?q`KTw8#HuodS5cwD~<W|PYP*nMwWayE(6U)%D|3_r#YskMs
zhTKAiB*J6Lwk;FOQMpBqIwp{#K1HcQxLz9^D@W_*q~u6TlcP0r#>>$YX>zpPB1hpg
zIf_moNAFaAa&q*|3FK(qXuY?O@2f=%|1rMW+jBmKujc)jzM9*X^3|fYzuQ-fPqOgV
z<Wvl<Tjn@T=PO0%XY|+V2LHOR_Vk>IeKoLyigUk^ueS6P^3^_$Tw8Iqe$H55t=zV3
z56&0IW4s~uiP-#+C&V~6;ru@k^Z$U)U%qozK?A#=zkCBxQuvSCQ~2+Yb$>L?&)ZZ<
z!$ipL4QaA_Pi4wqd?3wVY@pOxmQ!z>DVIW?5@MokMrGZPx+p2HAmo&c(2p&rJF|#+
zAsHoUaQZ80*gZ%YoG*-tr>6F66aU0>x13U>&fpjL9`>0D_OR>j$uR0J0kd$3#9oz9
z-bhTBpgOwM7c2c2V0-?hUjfY_fy&~9ZhOf6mB5%<6JATbI!<rC*BM>tiv<>gw*&P7
zP10><LBmCyZh8%<9fEGrC7f;@=+nqaT|AZL$5i;)Y`=AUZGbvQ-(8w|*C+Hi;=}qr
z;{Q0MPK1eE%3%r)2w7SRTE~1)k+;t(QfS9GyTfvzb)qibI|8vMw}H9iQ84!|lwx};
zX;`lXZ*&_m6X)nSyF=<ya}0bY1!s$Z6KzluPP8|_6fn9k=3|mGw2SAul|ttgDJ19A
z8+}u3h7Cxp?|}?MDj{ZX7MM~tn2{3DqL+Y*^oYJj%#Jts{-Q4NdsyzT@V&?#Z-AL!
z$zz;TDrq>`H@QzF&hhv=wo0)U5l6Acwxl*?Pv4ZKEIuS<6H{`4naDz!ST-6jT%QFo
zFS}y{=3Qb=Fqh-K<9&{IaKQ4?JkVY`N!92+VxDc1LMUUXzijb_Jt$LL)-sqKd}<$<
zJGV-)%Gopw4(RGrrZO2r`1XslVF>4GMXE}|x`f41ma#a>{w!iHaex`f1v6O1VwkZN
z#XN@cMattgNQZP@J9$3!4Ee}R&Sw^<k^30CGZ#ae2j($3`5mLv0~v;`gqUtUBZPSD
zkRcYegSjJDHg>we{InP+Udr*(`zGx|9I$gt;(eSy&OIu0%+U(w$L&U49+e?hCdP<P
z=VNpqw(#^YRd)#6vUh}^Q$l|3u<$R^-`z*~_j?6h?wnPCb|pGUQ@lIh!n;B~OFjf=
zCx$1+S)!2ROn-xRu{gD)`*&=WVoM~>XI??WiQ=f`ZOR^YX68}FP)hi|6yh0W0QoMs
z5X?751U?ElK74;l;e$*A74b`C9uvI~>|Y)n54-iZweOLk3y+gCbm4KZ@B2x8lr8B0
z`_vk{CG&67M~|Uw6mc8}Ug7!(Dqwl38?-I2QPtzsd)yWA?e5ny7bW!yk#zsQTw)-P
zb!TyTLtaC@^7#rHj+T6USv#CX*tvoW$=mu7>SVkw@tEk7`}o-ko22`Z2Uh06!KQe_
z9+defw|;nh-PWe;sStcoUc!A#lpnX?3)DehVfTcJI<KEi!_m{US{1+lX*LZfdTI3+
z#qZA}{`zV4wc_`c*#Eb*`YQ2z$!r=X@6qa|;&<I_o?nHC-<Qv(Vf`gqeTDeFcs32k
z57O!y@%z*Gy+6=uulW6`*);4<(CSM@sFTsViPO8(0a_)ILPwnu*C^e?8AiFx)@waT
z`)5WV_Oyleh$rNY-uYnurJU7&*?o3|Iy=N!G~2^V3><^yjHuvyG{`?Ywt?9p##lE(
zoqtVd$T-J1*BQQeQfJI8U@_A-Q#vEzu-IjxGqOk6*%bfjVd_Nta#)$#iL~W>G%<aH
zZOWb<+lYy>pXnemly`dxF;|E^c=S#2S<r#=Am+_koX>E5fpfiSA(&65&GXe^>fF(n
z5$cfbq3FJh&~P~o2YyezXoucNdv>;**Pac$%AZdeNu5JM9o#)koyf;Yd0IfnzW-M8
z{T}}Q@6*PAqnw8IgZx=n+Pi-!r{U=D__OE;JJ<I+v@dRe<4p;B$U`zh5U2?4DB|Cr
zGn<|5V|@s~gQI;Cmxo%5a6Q6nug;uJ!^3y~e9ZnkKSL*Vo|y_JuJLA+)9_rnsplpc
z+TT>Bb{<ura|<L+9)hXN&wdg}?TR~H1#LEIdD{#qh^zo@wG3)g7c6IYL0<yxejBKJ
zWzdL#3EY!H9^we~p$^H@x1)dEDnqQrF4k78_WXY4KOUBA7A5PV#AO(*ZxEGveS@f|
zi;@BNZb$#-5M=ZR2dVm<SyNej_K|wA2C<B(%-+9!(_rSJr)&^9O?mx~la$xpK>u(I
ztnti{hh$C&>+e~t>3>Gg6P;D0PJZ^0<M20SG#t%<F2pV43k5p8-y~*DGcik*!v2H=
z>LYg4c}1Q3%2*DJ&R(UM*#;_4?Y|#DMV)(lIgd3wTn{09FE~O~oYSI1MTWI52S2Cy
z0-K{Q6Vv?+n6JrG+fT_;4|JCCbqV(K+{oYi^p7ojcb0c?t~hs(J1bPCK+KcL*Tw1m
z_<G~#<KqKU!K?<kU2^+kJ{hVN+ft)U<PDpb11hff1C?Nc4fPn*+5rj!mApP)uoBFc
zVp79$_|Njizy|q&SyF7TT-dMU8e3jEnk(yS8>sC3z)0O9Nt|Ji+F<m2d?F)tJ|6ub
z{Kmrt5E}i?z6Sms>$iI*XzQDx?IdsegE*7(5X$Ia>Wqbz--4C=j4I2YUkRpML2AkX
zYOy`p)@moUD0|qxk5VUtHP-^`$As%glscOq0@FPKJU5rqaD0Gz@%!ntc=7`AQ*({Y
zs0F#b3BZeVmGZz_rxf<bZJ;9W-vIhUXB+mOJloKF5_x@(P4_$Py8jWG)OKu^mPa3g
z<sMP5t8N8oz4t|2rSF2~aDW=GjBf{k0yjXFI}f~88s9I2TBOu0{%ib!uyhPjH7N_$
zx$}F@FOHs}oP+X|4PJ!pOT%@GqFKDoLNo)^XfD4ik+6fhyI^L)-hB$I^ZH5f&hJpy
z3`m;0glq_&r|Kj5HKVY^^HQ(?{$0TNxcfX+1EBi{=YzQzpz!1J){p-IytRYX)Jn<p
zBze3{TWRwR5d%fKzyvheU&hY#Fn&aT80UuX4%&79_I>X5*#Lz}7)k(Yo8+ZNaF#FT
zu|a-tmK2i(99L(6x_6_j$u<b}KJ=Ii=kCe-QnvIV?@Ura-JJ^s_|D!c(D0q!g^#&*
z%Tjhx+B_n%t3RNCihR>3FEt*v!)UHD#~@!bKUl`jgnJQh$@6;cWi$+;Et&g$bD4-U
ziGE<w<Ad{w`4ff*VqU|}%5r-Dk2q_GfA10R;NQE)#D9J^PIeRG-2NFwsXD9Js>Hed
zs@WbI4$IK~A2#p?%6u_mgKC^ta!&V8=K0qU@5%gYR(w#ou)h~=a;1;O74ImMVs!vo
zZ)U{xnk;2~qcRo$<LBR>AJvCRe$k6b4f2bXHaKozn5vETrG`hqg1Wv%CbgcCR9%#~
zr7jBCQ+Jy_X<hFuOVjle%<tpKWcNQnCZ83s9rw^M8KjJ_LQI$Q`z+E<VxGzdlld4D
zbjiDjnLk3qQ5n3!9}u%whOWlvNb;VYzj=h+q0kbU5!b0~v>p6@iS&J9wn)(B19;Yk
zK2bC)l#HzfDGj?N5wEwr<4*e>-1;RW`JI&`G^~&Cd+wuS#`&1IKE9Tw;CO@0XFPv<
z9K=MQBbmQ-t{qfK=QSj7o%@JPOkILSD_cn{c{Urr^Hd!2lizvsFx1kcP<sjGH8Wc5
z#B8oYelF^V98f(rIEeC94y3kEkvj4B3Y)7S0<spMRBiTxwxZ;k4ak$t4qkr?=i^Ca
zg;?!U2fx#b-%WnA$TGK-jpjUrFtdE0cAoFEWiXY~+%uTUX&x~7y|I=7s=kD}!bWP7
z-z^onm=Nv;DC$R_**DZs<F>g9aGWTmqj|LABL61(Oh~V~EsBPIv@e;z5C2ZDS1>?T
z)J=gZDTd$Vciyr?);a#!!biWf<Xe=^Q1x*EFPqajs*<#POf6@r+B15mQ1C_~#TzeJ
z#(p+AR-vo~26=9u?=gP)`I!7{P~nTMmwmB_4BEpxA}$@ki@K){3fH_RkM%DN2dIH<
z{2q*30TtKdWD>ud;!}X>m>rVt_er{6u|cS*lGn+^c3H?d%H|Zb(=w>2V_}$jdlh&t
zXz@>yei^>kA@WZq-wn8YF$v{ymc;e03+<4!=DlI6BF`7ubpIraeN4AmrBJx0N(R-c
z*LR8d?wf8J4#?aFec1c+NAO$3Ow!^HZkC_Svd7KgXEtmqF$aY{^QFz@Hxtm~G|QuZ
zosnE`vNJ7;*uPl^W>CiYLk#~7O6M0Rl%lHL0M(7HgxMS)NZCPo{2EUM@UCwqvGp?F
z^Gbi-*r<eptx70RuY_o+u*K_$*=ISY-amo98NL6u-g5u#9&!Io=J(%{_ufd_y|@2#
zTkgF9R3lHbb)`Eyv`^e~o5-Hv`@bkn-EaG!(y{m3@H=t)Ke795L=yMgHeTp{+w<Zc
zn-c2oQ$q0_N@#EC_<L+wZhlY6;hyLo8y};4Bll;LcWRO`1P_oH#|?DW<$#uuQMUlE
zADEnTd<r|mAS)1)GWopu*!(_<G}jlycW}*zbG{7W$O5m2$G-g1_aJr(^@#)z0=byq
z=UF0!PAhVioI{MhDH%r4PE0w+XY9z83^}LX*pVw6y#QThK;|{rK$C2sChxWFLV3<5
zCa&M_$|B|>x~b<;NSv%wfZeHBtRNkooqwD~!+kQeH-NL>JsH%5IMW=+5c)ov!(s)9
zE1Vy$moGHOQCvi`LrMQH+4pCZI-|M1^JFq~?JOn+;(+fH**g1_jLxr8c2=$0x-S1A
zyN50GBup8#%XbgcFv;R}`DxUXB2PgSEc9?s4xt~~Yv*+U>Ok(_p@3RGL40SPG&a7o
zI>RzfbaDv&86~4;QNU8aE+G6gw2w`BGYi}zZX-d<c5a`f{#`><b!QT@c^0b)&{g5&
z^HwbLo<Z4NA}`Xab_s+^VOl?&qoee>%|ai~DQcNtPUta8o%<{IZ+~(ibCJgep~IBd
zH|-U*Ne>D9vHp5)D2dl3O}>nN_IxRZFnxW5hDkri|8h#5T>xHaCb9Kp{C>d0a>Ny|
z6B8WJ1@nEe=p-)h_^!u2Wz<F@eWni6aQp=IVt?62V#u2$hvSs>4~*@fiS#^<K2u5O
zRU<T<_<(xvkbTBp8TtbbP;UTu_O;e2p=khxT|)m<&7xtRKcDN6hX!fb{XX?}*@?Nk
z9$5ZbkEKsJ+s`fO93G_M#Jl`k3(!}4m*c(^{h|y|dAzEm(+c0AAsQw_wECYZbtd6r
zd-C&9heI{~?j4|Np#t8ZIH#S&HOe*OcxZ&vg3TYs&i|J<{xJ@d1LuE~<BrkhG~JEg
zJj!fUNhgf3`hwokv7%$g>KdZq#G91SE;`7^JcamulY0M;T3{fl_nsM|VfSfT?GgO&
zYs>me`VV4CQ=kj&9KKr*@GR;^h4^CifxM7M&tu~>186vwFRx`g-%sN9@WCN=c4(Y!
zUB8|CxOY53%tz#+_J~~6-y(tP{fMzMk}=k|xj$ok>`c!{#m<mkpLFaj9Y*vq(MC5<
z;2WVWip`?ozyPhrKDhq<xa+L{`3J1CI>j11761HiX8S6E#F9ROL~J3XWm!($yoy4Y
zcW4H`E4s=C>Y+l=h#k~JC7|`9{n<%O^krKXk{IMdS70NFx$~hK*U|36h-)Q)w`qef
zw!{t9bvDo(vq25meX-zAi3x6~4z&7W(Q@!gZrHuDoZIlmJn*(uk(ehBsso#SG2H`R
z{bCYx*MS%P^}7KI4^@EH3!tjF-pRD`+pnxK;0Ha?{7|FiY?QUnGD^c_gn9$TzL+k7
z*Xm=gp7r6egP@-<8kgn4K~KD4Pop2qU?;?^<1e6mEsM1O0?O$C%DFEVwL>-HDPV_c
zeHMwKUykelpnR<XARQ=;N+-U}awd>iDdOG+YEYbU#BaPP{MgzdwvW!ngbY4r+?E<M
zV7tJW6`+9vYKLXaA0co3fS7QS?$(P5%L5ucL3bk#xn0Z~#Ut8a_bL)Ab%W*`<m<Bz
zNR9PG^7&lQdd2#!*Yf;Po`1!^atc(-5_nrKCb4b+cK_T1aJ&rk9#7!%P;hIZ5!lAh
z(!Gv)@Hofi;2;g_;_qZW9oI0oBY|zc7_M*J-vRZdX`rHS1grSkr}uqaSHW@AUsAl3
z`4>1w8Sp)&JBocVbB)dT#yd9{|2jy+@#ElqU3Rq}l3o3Q4?vv;d|#Kvhb7(rWl8rB
z-kxC$D#e{MK=&^ID6E?cTEZD|p$)BYT(^Pbin<W_BER!IP`_IR)eVpH9O_n{n|C0^
zbG;MsoJIe=T*K}Z){={OY`IsN-kDshlogU1T*nP6QYXHTa3g%pmD1=~4a)R>I0kA^
zVex>fIvq6609AFRs45O9cO=Hwm9XadeK!tB1k@&ZsWBR>yaa9Mg}-?PJ9joC8^47<
zc5s6))^VJA%M_?a+HXZ3*yxMJ74UW_(ADY&uU<uB#LZ<sA%Pe90p-2#1L_4zol+h@
zleFr6ss^|EVlBA#wfkaEfmHRvd(?~Lw!Tl9u1E|~_MKaVtbBDQ4JY2<aiuIuo%MgA
z>^p4z?Tom<0r@Lgy#?U$^3A@Odx%!=7@*#F(Z5o_UkcLK*&4SR)L<DgNB40Qjz^@u
zZUeQY{IAf&<%?O@!?mFM*H=pHY<jXToNpTEjbzQ}Rl|JEJ9j1xlX>7xey?MQj<Jhd
zfX8WO%@pT*#rmIopUXhtdwl&L?F2O)j=M8?joZ>Z(Da3%mKFl56@s#XdH}~=|Jn_P
zC!RIN2RVHum=6umu)7PqXxq<RKgsCbB!&7OxQgY(!uPxmFnxnG3_l*bKQiyRRE&a5
zk{FEfT#3OLls<Zl0_W1Jz;o951Rnwu{fxjANnIrFi}QWV;;OGmx*ugdCh7iJD7Owp
z3y6H)?o3eiT&QL;F-6oJ*ZF$GDi=9)to&X*B_+QT`7t155Md(ccsv+s*yoJ68ic;+
z9;9kqhAIH?HvoLS_kTGK5MRi1EUu%Z-o>?vZ{`K|m(u8q`uCfaQY=BK6a9(?kTq!%
zsI6JN#!o=h_z613@}5KR-u*LZSbqt;$#45Ez<bRz#`2!~e?;u*r=0in*m&N1*bbpT
zioJqnaW<i4#8OKUaW85qlA}Dn21luS*B`hYScEnq54?>EsWnE#{0e0)Zc-H_UXOnP
z_Sq-k7j^m0IwLOYTybsKo6GU}ZG>lpR*%6&E}!G)X3(%Z&c`~9x+%GT8?yMIds04V
z_bc27y?biPcMI+x@23S{nV{|P1Z}5y+ZM!?Sf>Uau<R%NB(<N=^5;+H+rJfgi<KGT
z-hx7Eqi1ST{&;H&7lFqtHLm{mlYysEz;kFi4ZDAts=JrG*Za-k6t3LQSa9`%1y_Ba
z%vxc@N~fn&-;V$P^zFtnVvg1&`aY<^ZTzff^m{zE74HPKE(bK|1T`pRlkI1@q}Z|%
z>Li(Puvvlr#9pd0nbbkk_j0}P<pFjc%^OtWwa5eAJ?9s@LGQU+fp+u*-W;Y*)VoO=
z^3A>*43C~a#)h1`5=_aYVSOWb&&wt4=Nrb`ki`x#pEYSX@b77R?DwQ>i2g^eYZ8Bg
zf0zxSa!G%n4^;FsPb*Rt+Qa{rbpMwm-Ou7@qQ+h{o7XraIegCpeSz*<pn43fYk15p
znq9M)um7B>^<N=h|D98S`A|}t&xUZcSk4HrwbD9b;#y>hxXa%tOR@AdNz*zoV?)&0
zCv<*rkg9!YI=_2h?0)4W8Pq`5Ux6`AhkJw{^P2FvhFvrqSOH#!qq(593{Pw?PPxX~
zi$I647dwQ#=ooJ=&e<V!gi@y!=GC~?K)W<R)%U2FZ=tO9o}%i@79Ab$u;`^9rSwwp
zG?%|~7WwO)K>m6skiXsu<gZuA-?uH_CXZXb{XI*J;>;)W?J%Xz^{qFs`)I*3vA!v0
zd5YV6C6=prH(Nhuj$Qv={j(2W|3>6#{ecWnU7-7`#hU0RlJ5VCSQAYbb$@i3>xx7c
zuLGE@*=loKw?P**0RvOGyaW_bZ=5k!Uap?b<2>=)3!kCEZ@JQBrA{gA_Y6^$okzHR
z*=T-;=7+#sNU5{MF6wv;QMDy&?7m>{;8<CBSpqeh`_X)?%R%?wA$%<4?JHa~96vz4
zx{!hH3&_C2G#Mb%guh-Q{B`HVJ`>77Ty|AOm9cBK1xm_qjm!KS@13XNz%MEDSx`TB
z+*Y&rVHw&l1Kr<+vZR0?=U4~w*IV+&u5k>Ls>wNYoTDnrc$46lW{~>tpER-Wdl_2?
zy4X7Ku_WFLWv%--RiClQMWDdqH(g`#6;6CIHgTQh+wMHenLEq3J)h9GZx_6=dm69J
zfOw7mFy%Kz?J0Q3<tcbt&U`ZPJSyM`O{3xH5nBD6$ZH)uPs7o}wE73bWBrG#m!<p%
zeTncN>V*GLH{O3(`!~coH4*Df!s<+ey#%24iV6BG{u{pa!N|vdM`m$U5laf>kBcRt
zK15x6SFta4=W90@zdB39(SHSRky6xNsucB;Oi+2Auo9Lh*lE}OXYIQGVTIJ{t+1Tc
zW4u$++O}S^A)X0pBumlUZcz2Jz-u+`1Z@(w|F@z=D?p9>RADunBEL}By$c<Ew0C8V
z+y-jt5MMv(*`yX6salV#XMq~nN@DSu;Kld4i&O9Ep0V-vNeZa1UY(``ohdoTIgHu{
zrKrE#q$<zpI37nb=>E-TY1n-Ocu_xpSNQEGN@zH+gL)AMZz65Ck{B7J)vuP+ERIxx
z*5<lyLmWVjtdlfi)BSA)WJ9kF)K{G~iyzB`kkx*@Y+Z|IPhh_mfkrL?^_U&hNF``+
z1*nDt)X2r4MK1$2vJkXxTiW{mj?|dlIo!VCxI@ZxM#C}t0hBr;t-$K#dK9UuJ1wSW
z+y5^Ey-j1se|dogW(#il9ZreqPy@%U0!?~g?7R1`wZJx6_rH$)ie=4xIjDvWRLE%a
zM`TzNzZ6ur_`4(RT*dvjT5Nun?nj>~G7B{KrJzR2K<nO`7O%V|)!&z+`+v^nENdML
z$M&0~S>l@6y8p-6Z!2hIHm9X0Ee`tjO=D??b|SJCw3hqQ;JrE3uOmnI|EJJn4J9<}
zevrrdn(^I5$UE0;h`&#n9Qh={=ja<AqwMd83tZPfmJJ~&gn~jS%>Fk9qrz(S=pqJ@
zNISp1`W>q3;*4wji=aMSFtZ@CPtjVAay|XHWqsQ+!TPpkg7t071nb)tvA(UO)X8AE
zN7k<DqpB{>+QL8z4m|@@U7WQ|csRZWl^LCdD1%A-vKqV>mW?qq4p?}?&ikhGx((sV
zCbg(%f^SguFBUkD4N&#yh<F~AwYWGN)qRH7GI}@{3LcvRp+>$x(9^OeP{Znm6heWw
zq%gYyV9hO*s*^_b`t%Rg(T$m;c2MZ(e-$~l|Kz0Mz{9C{z#S%UH&6$ChgJ{#1NPNk
z7#?ejO49nFZQ407zE5P}<IgMmZ+NF^;P0Q~Y*r8V!uFW`7P@>R;(QZ7Uw}BDW_~i?
ze^dA>jZT(Bee^uZ@Oj?;FW7!7*9EVLzF&6Iuv@h4G^x|d@5T~~PRrH(TSmq{e|eeZ
zxlQ-$V!riG8rE;2UR@!ziJ--oyUeoQ`+Ulm^Bw$Tbj11*j_13lSYm4*GmiG4Nu3X8
zLBV5Ff#q3t(Xlvq+h@_wlXQPw8jjxnOzOEONB1vI$Khu!wklWme=6<yJYpF?SNG4c
zJdcbh+Eo{W%JlzL7Tq+3>m~xa-+C4sY_Qz5e%AFl0ELnHpeZ&8^*#5ftEm#q#}zqy
z20-msr-C*{pUvcZU5{73?s|L*6eRb&9OB&JFN<l|{WZ=%{b{(lda-40lXU<2Vd_lk
z>5ku0mCNmn5BD=ON$rr3TO&=cOq)RN77UE<Gk4(Q`?S9|dCdeOYIV3DNY&oZFCSlf
zLmT?|-}saH_w(n0^MC&sr6zTL7x=!woHH~W{Q~tSV+C$;2F<!hj6UoCouc9RzjHfc
zu32gvK9{-|g1--)OX;VH^gsSK2FCZ<DeTmx#WWnahV#{b4DfuHl8B=uV~nhp#XaOZ
zr4C;2q;!j-xox11)}gE(>!Td|G*v?;b&`yl#V8Z{uYxu2QR-}!<@V%x<9M2%Yt*FH
zcW@bB-??k~`Yup2etq}PCLeE!P1HvjrfR)oY<$t@1yvR`IB=aJi`pzcld7IP4%aV5
ztr+CJjuEPQ9K5}opKoJ-|AJCy(%*h-Xe{3s1Js@!7~htDKKQ*+*>HX+-}c!Fi*sW8
z3xC5q4+vNuxA5u5)#t|0-)}b$olp5^Ee}%lj$!JI+TmbCfqr<L>$ICr)3CmXdUX-o
zkCuYkqQq;_p7~rnp8vQ4?YI`%@(+ON|ISnAVH)vAWM$2<B2eo<?r)rK@#k~7KG)Oq
z`L{;b>K|Q){!qYs&I0epjiW9b`1{Am7IMD0h=$$sxtzZ!>VhpSqG7#?w<Uz1vY?2D
z6Z3f6{i5I8A{r*5ty{E}7twHZE^m8Ww9P7_VGwQCi?(S+G#r@2+x}O4qp*mE<CVOv
zMf973@QJou;ooE-e6xAmkm#3z@Kx}(C88f7e4;ILWUPLCRruZK3TfC~&ilMC;5b=G
z!+IHSyF-lsULg%9JmQ<fmiT>6%BOPYq<pHRU1~J{ez_|XFhoz$aN>8=+akwnb(z$*
zWOG?~ScdkT^VEraTc2g&+bqtvAdThQH!ScIOMEXd0sNJsKGk;xzkIKdh6BImc$hBu
zF#VoI{G5QdkcLSK?;9JQxbNo#9Ueja7W2Mk={{cOhsRIM5w=&~GdRLw%`o|I#hm!=
z#Jmf%KXi^d^<PnMK=99P2!8>G>3fzKE!w(KnoHwxhV<Aa?D1tLhY8!BJjda}zoX}<
z6KxXwlJav7FHyBx_{+aJ%isB>fa42=Gz_^Mj$eql!qtU5X9Tv@jHK-Nv<s|-7ERFS
z(h*+sBwyg;(*xX|t#6}Vn>Y*GJV>4ECEcH-$FgDT{m5U8yFXU1K(z-*tj-NuM;53-
zyDuhc<}VN0rPzv%B(^dS4hG{5dsvM-S&CIS@E!OayYrMN7<1<-a)O4zZaq_(tl0#=
zD`#f`3qpO0Qibn4e1eAKBV*6vEk4ETYy|ASSc^<zvJLVZ?Gl48o(XDTBVl!at?{sL
zi+zyiPqMSu-eBw1V`^Ol{a|*(`22<$EDznjT?k9LfdBJnsPn_mXQt-E@9PyXKQDNK
zpUuaycbueQI7h4Zvime+`+fNY4JS-my@%yxlS9E)ITWauLo=s}dpLf6CpLKx=ZBO!
zgX@SHuuCy_9vlp;1JfOE*b|VYSj2M2aSTmuP!0E77*87zJ{x#PX$Vut?5AIhG*n;|
zkE3^z{9sDbh4ENn;RExuW$rL_^xm5D1Pzm6I*vcAxOlxFg^NB*jg3=j^A&ffI_o9y
z%6Yz6D}Wa&__@43XT+7PqlffJ0C-u=88@&RqWG-lWcqpY6m2WSeY-xzR+YT3dF(h1
zM@LfprCadQB7HRe`tfP%Y+T3r>!a+wUkFDb3yuz1_~p0s!{uF8INj6f@}uMYK3sBc
z3CrBNKO)WVIZd61Py7{}!qhQ1{Z1NAgF{rc&hyKbdH&hL3&+sk4-k{(8x&`qk*-(C
z{On;M1Ju$I&^!vLWq116`MG)ts>>cHX8A5+x}POxJt*y-J;Vf%+5zPDQjkw1?u)qC
z`SuE6vEK3(gq{6v0{K95R64PMQnh{+i8agxO_xAT-u=UW)BFBrSoC#+796Ik`*C8H
z?INb<S?njb<9B6%LTn%N?GK?}V^Uww1udBS(e(9FtG*^v$LQ-%AE#lrou8k+pw4zr
z9o5-$j*r*bzdCUNojn(rkHXHYXN=WF?+O`wfYPu#BgJ?6q!iyxl-qf>;JYJAMpbeS
zZ=CwbI{R6xE<XK1N@rK2UOvlpHd{}hpke(S^|EvE0~BS3-|-EM)s=@opkZ=0#lKNG
z1;6hj%FPc>F<m(Zw%_n^s~=0V6W_@f`4s%bd@JqQxAM8{S@U*&3;jVq_lGWINA9BI
z>pv!S>plglnckcW8p+@^d*?U}>oSjjlu{ZFWLj*6JvIN{k4V3@r+7XGE3G8`I?fN7
z<L|?=+W+$T#X)ut7P4^;Nf@O;s{XC|wON*8FQnmgaXz<|h{IoTd;TobV}Y@HEcgMl
z>l52d`J?f{MW^uFsk^x)6VUS~NY8bI<-@STIXR!pWzuG*=R-~9E|xl_e<3EU;JGoQ
zw}Wbn^4jPtZUS?CBQa%B8(kK)(PdE^T^6;`<s6%_BX^l0=VTZi3yCRR0%imX``x$k
zx>Plw_mn{ANw!D*g_fQf&~?&WV>713+j?ptezFAKIXOc=d2*9XV$CzSU)Nj#><o2t
z4ruPlpf+!uY5=uBO20IZ6dKJVMMm>TvC&+@pI>bQ72gQ}f5#((+F~bW2S8U+CuO}y
z!wCtzEm_3$Nc>(=0H9iTai0kLEq{;YDrffu0-Yp=^DbQqnjr%__fw2M%xEpc;&HiM
zn+t)}VsEkYyb-7i-hEf-LCbi%hN+4?<N00TxV*7C6doug%88szlq;nQ`2*pv1ik0p
z9eU4|%k>^+3+96M5`Y?a$G4Y4#ycJf)KbWNr{31;+IN<EJy9tX0g2tYb_0o>rqo$)
zgXKKmBIh|A*MYj$q+Wzg-ywwpjlklso%uApzTjFTBHQ|dr|9T;_lfIj@%b~@qtc1%
z2Ix3ieV<Y%d!DeJxXv8^{9%5UXAI5$^IaMyrzxWuwlhCJ3##>EVg|CHtMwtD(fClY
zu@r3W4Pfh!XMsw9)RuOE7QY_U(mkL>vp}`afT{5|zK3F8#n*qZg0KHFZV_jMzKpUd
z;?cK)+A#xIJKULSci)|ACo4f!@@5uDx6Ld#sz6n9T+w_0>Xmt<mO2zI-kj=-?_IF(
z7DbD%0~O`Hdj@cLa83Ws)cb)Apk|8qk10?^#rs#~k=oMx6)mv=)EC9Ohd|NX-vITg
z8Bnkn;S}({sX$eocyC!Asoe{p4LBpN5`aRMuj^eJP8_4&bey)Fp=v^b=bBrcM)OuF
zb{VBkpN-VMsYq3IdqC3z9KQ&EoetWuFM>LIPWSeVFT$eBK=;oD-T%I#R2@|uRlSPb
zIf>W3@n?bV&jZ~*8Fc>?(ET}}`?Ep!qYku#?*9qsJ)Z@==S!Kozd`8y{2^Fg`YdRd
z&VquI&WNjS0JN7}pytmxxcyQY3YN?HRX=ip7yT254$B=gp`i3GNwaOaW<vt_*}%j+
zP#vcspFMjDw5y6ijZdptv}!Afl}ezk$-mFV&fHe>SU6PiSU6OGivFME1l2C!#JODx
zdQZSrv)BXq?M&V-V)9m7FaxHNikiij+DL6(D`>0BL9NSDH0cUZFLjVw#7$kXthr69
zvOY4W2hO$oJXQ1Gm6ki&_#AM)by=XDxG&;*XwFO9{W27kN|H8LE~v`CH008N&l&Mt
zIs}?6?@Jqe^Fe+69Q7VnTvhKYuBxA<$^FO>4F?jm`d1^VcGOq45gLvjqSeo*wVxbf
z_noSLF*0_Xjv*R$zd@__r1gIc$NvkhelD&5KM&Dx^v|^V`)U2J$MOF}tDjEmzjT;}
z-G8Fh(X{@b9j4*H>$G}%TK``U(s1<uX!XNs{a+lU;lv+l^|le}WPU*&Xz|Y@t>9Tm
zObzu4zO?GKpr|)`?+A5{`f{JMtnWnpAcNh<=ijpWfuF&3?eA%|mImXUAJDM=Dy?3V
z2IIO9XgK}~tzIc$Y_5{{8T1+sC&CE&)X;1EtQh}I3PU|;+q)Ev%tf82XwkQ+TKY3Z
z>umsau8q`|z9(yePk~xGENk7zs5;j{Y8{g#E&~~$%{@ld`C?xPdHVr?LX@*$HmJx~
zrQZVWgfrqQmGZw%-lXa%uZcaRmbWOA5!AnxX!8_%74k96#P35W>a1BD0Z0Ee`S-a{
z@640#b=jwZw^GQ_F~wema+G+pZc)BtdO;!TXj#z$`Jfi$%qYmeWkx|mtD@;{Pz&;A
z7BuWr*m*LPw|E|?m(79#l(&XW3cFYA!an;IEl|#%VLMc&+T#mS?SWcQr{6ZS0G|!s
z3b8>2s<0242WoS+qQP8HFP{Yk%{X=qsQGy_3kFb^?o+hDTu>X@6)oTg6`w=x*yqtX
z{JDEEf1W7k@SnhM>{GO0f~uG1ky;7qcMP=d(;T;7J(H5#XDD@E1Y8Hswn6BF{QF!H
z$msvC{QF#$3V7dC>{VwKdlll)&hra77tT4j-S6W1_eUetX~k(Y4^+fwa{e7>sk#C5
zp37HlsKNftn?PGJ{pt;YSE>3VN}aPAeKM+E9HCCeOaCrwTMB{k3x2P(NM`Ff{5L)w
zeGt$XO`Q=}OuWPTNwVglocBsQWG%1&)Y7M9?OXZxxv-7(>5w&;&fDWIP+33VzkS10
zP0k~!dvQL}2mC(pa?pE{I#_y@ssY&%x@ChD>r>!4NuE-5jWoGRjyunLAgf9yCFfhv
z&x<?HUkBhtyY>zIccT<*-UsG9DZ6U5cwS0M&R;A3ULyKj{6p$(Zk1x+97eeVt>f2J
zZBRg4GIf*d3sbkb&_+5O(+f%^o`2JkGozriMbV=9oImE~K?wQ7A+>Bzmy4T@^19jV
z9D5a)C$vMpGnC7+Bx}8=IUe^=3x13Ey#$oQiv<4BUcKdvxa<;_$Bx5Py##URfY1y|
zoyQe>RSBieQG3)1T7~QC4f^v`t*gSnuiN0pzq1rAPzh??Rz+(8P%q6vdnL1d2YeUX
zrC(9?;aN}+krgd57u4xOZXW`@2YFwIl<c0ApV+=|)w-GnS=M|<DU+`siGFe5IP!zu
zgE%?}de5cuL)$N1r7`}jds@~y-lXc_Fm-C6_mquL=S^El>=1C<eIrfr>FRE-*A9$O
zX9)Bj=LmHotU*b@jo+6*ea?M;G0usNzeCpapK+UvbYOGaPe=QA?4#;v-=}5GvyZBO
z9H!3gp!a;r>Kk=|=KBd%mpMr7-Y$OL9_<2qwnfpTE|EVBWUb@JRP~85m(9@qbvtEE
z`Y~01G)$dyb0CB=JVr+6ql{j+f&7H3za62@q&%Puyn*kaj19|LFvjQKK0=)c^U-1I
zL_P?<!ujB<xc&#d$G0k2gRosDe7K5|t2dD6s9HBnodZAi)uKKeke}E-`hBOY1^+<R
z?Zec0c^;|#?-A;}ERWRwT>QI#ggRe5PZy!D{rO?)T*UK=IO`mW*5Uy+Z}zQ1S?m5D
zRZ)(b`s7e!nGy=hN+_^T4*hB}4WCt@Dn1juft!f=FGC#1d)eJ@66*k{Zpk9C?%7b?
zt3Xv?1H=NYqJF{*&{hNRTx_in3v4E_MBe$ujjbeBYLnM|yO7`S!u22PvkhW0=mqHK
zHp)`0xi#NlXVKHnvrckZ&IieQfdo+7>d*@$hh7k<B<6?R1;h0fi&J(&?CBxuWPG86
zwzK5w4RHn3y<YtLnhgQ`8)bhMsC!ZFBb+yoPkNuAsxOb!GG99?YaqkuGbzfSF}x!G
zbWqhZOr7kxL(w`OqiTzwHR9d#7-jtE93C4p0D*Us&*K{}40HPvM%w0(+J<aJYxyNr
zkrww*-d2Y;CqWl4rea=uK<hY0*}4Gv9c`L9#QR<$_QU@5T^bJDOTBs)t0V6XRQVV^
z+#-J-_Gy_+!=#OR1K%KKJ?Q@6Mq)O0LX5?Lwo=voMP9q3aU+;zlX*R8_hcHz{@6EJ
zyW{F1t`ks~-XLTFeQ(d}RDFAhIsu+72yBMf-M9t?z2^#=vY9wfv@=BFI_;+xJ%v8Q
zjiC3Se7p{N&sUYlQZn+StdZ?h#dj00QTFb+VexHQ)&eruLGmzlLYD5w@88H{Ne}Y<
zm$7+ye)|p$C+?=+W`UdBcX@2`^+D>qG%ux(qK|T2_3jXLdS*bulL&uY(VA?L?MqfQ
z)v)t4-=ZqEEdjl!o7v4x+mku~`O5b#&KnO7O`sp<qJFq;0|`;}GefDI?@6CIAVVxR
zn2O0Kl%me?WE$=o<aE!OOvBMT_@3v2B)_0O+)CB!1pbeR_AjH(*rI41e-U~VWX<=N
zl&(ZrgRfEb<{`o7TNJJPUM>eH6Ty3_+5vjc%Q#*Rsa;~}*Rna)&$F5L!+DO%&t|GF
z7dU)I;P9v|vi-_cH`h>*wU#!H!_ST4aP#)#bS%z;w#fDhD!y4LYrQ(h>t%@74G?>E
zgxiaxUASb3It!%pi<7n{a6qgL(FQ$0)dpe5lJ*qsB-+Rm@)OKH;yclosrt2H>SX@B
z7c~7zs$M%}-T&eF29>W6lRCka0;xQx%^<OSzMzv>LV;@3yNv)U%F&VxP#gc1m>y6L
zNFW_(vga7}ARSoIy39EIB!qORdo3=5x7SHbd=Efs58MQ1hXlLXK2$66f>g!xp7I<<
z@@ULa?nggwMJtKfhN(A|AC>oOT1(8OJRVwr^5F>-g;vNA3vL6W(FL(FV}f)bp(vfj
z*)-gg^?4&GUu(QV$IpK>|K&x*goV&`T9G<~tt95lf$G2w2vcEyV-BmC7K>(qH@Nj`
zBk(yMA1%+}=Zi=gsMt3mL;uyKpa!z8HE=HaWKfUNh=20P-h#LLxBI_OH~Dwv>HdDY
zz2KeUy#*QiV}3h4=5OjDv84b9nr*;*!=QubBYCM1)QAmEkXfKMJ9z%!K4--Ber9C*
z2hPZL>8fCjd{tvjnOn~G6&4rNLB<-G2kH{!U9hjw9iaLu_*hG~T(`kD6V%{ZVjfnM
zs<nQkjnZBYN_(IY%%-(qKA!<0-wY^d7?QMI*`Tgq`+HD}^9kO->mmnl07j?a09Bct
zwS#wbe+BKFA5h=cTKgB`I?@3r-krwx2!fP`12e&kcy45QgyaJfrQT8-ocMJK&$Aln
zf!I^*?8vo713-VrDem8==f6Vy_nqQ7KfeUhfj*_E^SfCzj5Ly=sQt`TVg|NOVl_D<
zIdI}72^ib~7vI-P((V3y4%=mvhV>Hg;+*lj(n+emNU3uQOli-B-1go{r1tqqq_)K^
zWmgmy7epXqji(gU`ikP~Jrz*k1F32g;)0NTpDr)2gGp=VP6HM3{ehxXArB*t5!V1y
z+M8g?DE>W#P(Zw&d&L7X%L(5wRH_}z;B)|xmdBA6e&J8}xj*q;N}UqVy<63Bylzps
zV|qa|C@gMXo-?DMSywbt0BU*O%!1~)qIHyjig>un$?*W^sTW~l@{}kJCFKj{itQ^T
zWy^x|<er3&kmYqSdCltgSRDJorEEWNdI-lu9SDU`u;kinUjdNWy|V_$Tywt+YW+P0
z*W;Y(2`t|yL2XkZ6g2vY*#z?Pr8WrRvn2qv*tP_HDL<G5#?Kx7R_xoP!}9$SuzVRz
zUQDX~6X-qlc~EdznNsBey~hqv*j5My$dj!la&{d|=}+W<YFibo*=BPU9Fk-WC{+V%
ziCG5lAj(jEz!~xYw6lF%8Dfo_!C2vfSO9&`wZu%EYkrR1*XgHfnV5fle0oR$y#U`?
zA>L_nLF{@;orrJ!UAAAyaRt*th-<{xPWF6~@jluD9hTSKDQQdft2XF;R9(yR?UB0<
zABy<vKw0BK9$rh#dIyAjp!*ve!2}0{f;|umtOfHABh<N{^1j5z?)#nyyh+u>zlZ&G
z0BfW-MNZ)%S?f5$=UkryAy0CwoYYv)kMRAsa>T6zPON^Ps<$F;b2x4dq=Dccu9sb*
zB))<Vao#D!xe0iK6TtgDoO2EGQqG!}-=gZ*DRrU_3T&xo@miFFz?LN&(AG8QfkxoU
z4KK6Yn%UWPL#0~1e$9rL|7hVsy@c`LKT+y@0AY1-ST_p4iuaku`h1R3XOo~gqhFvn
zG)lW|U<6$dJ2FC@jcbWn0q`I`Ym2%<I2WAbimklQpGK&&9AyaLK{vpIP3{>XPqZim
ziK0+_f$m5BbYC_NkA6Sl9Hss2w6iOu0J;<hVYc{i9&{DnNn%}7z$?ulrd&ZxX^YKZ
zvG80_BX-dA98e=!puJ5a{-e&w_O~)4+vOT!P6jAs^^8!CE5RhI=F|i(BWA{`%9>#7
zQls%QPLsyVn9lBxW`H^yNbSmzx<%1sP7w*zXfmfrCa6(yKF*y5YDRMJu@cO;MGoty
z@?6)?b@2Oc8IX~^suIk-Flo*GHc+1;WO?+Sg6p5WC+m8M!g7SC;~vNL2$SbQSgx$9
zWbgrGwo4AE<$v4TGaOJm3U6Kt-i`sPHpxCCcrmUEqyqt{do3zK^*$btJ?@FloFGRZ
z-_MO+an&nN&42>7S2~NBjazLj?*)z(+-x_jeV@vK0$hIwK<_CBzVBACs;Q>Q1|ifb
z_m*U2Hv{xHQK~+VdN0QU&mi>%XW^JOBUuM>bX*6p7?2Kn&pYD$iuJhya2)3Wte(-#
zkS97L1Y~AtpH26l&Z6N7pC@L7cGz_PyJMd}JNg_x6Kb{T{v%m5Jbd?F#&g4WcZ)pL
zss9=pR<B*((BNLTa{V3a)~;OPUVH1>1*_Mtch6ma*KI4^voBtF$tAbXyV&hkSFLmh
z8&}`5di`DQ^|y-t?%-PY>b1A853X%m>Av+QchG(N`gN<D*1K=Nqp|6h;O)0#BaXKE
zcK3>vx2;>*6kNY@#YOJm+7<493*O~!T<Ko7^51U##>y4$)oa~B_f2=Kzhm7>_cvCq
zyM6VoYw_hT-nD+!t!poahKAV}dv8w%6x+r^nw;0wYuB$_ciXy^>sPLGH?0b;y?Ld3
z#me<7o7S&f;a=cgziRdE?ti;=#T~b-bT<Xpx^G>33j^ksTZ1bYEbDJ|-@0}s{xLer
zZTSDXTmL`y{s%m&<GLHiKYMp2tycf`3azvlfiFlx!WLK<FtPw!`$tFu0Rn_A3`SbC
z3tF?<T~;d)HnwR(8WKAxDH4(p5R$kFdFv!JAqh#Gl(wWHt&`FkAqmM2Nk~fjx(#ie
zgw)H<@0q!CckixtwNBsm_kQ2!(e?A}oilUh%$ak}oH=La%5=E8yO&V8G2B2~n>?Nj
z(fU1Zk4vcqd;#}fx0lxY9Uc1|dzB`?BjEA|<@#V}6u-M?x6D^tx62Xe=xp=&Ivhc_
z&)Y4xZ}U2Kdt6ilZm&D&c6i*+yClE6W1q+E-7D?!1*9^D+2Qc8nzAiYcc-t%<CHob
z2V7C<#VO9}=yuihcDVd>s7lG}3rb~MD4l@A-R-K8TuPfHtF^1AJ4glQh|zQm6`5b@
zV5gf2S!Tz<6)O35Kj-QQ0voqAHAw+icaJA19drjfeLX?R6$tnO)F7G<ZDMF`HiyR}
z(<|$)SS0QB1*NVYPtfi6xTFIPPmimcO?{v1&_Q3oDLDdrd%9fSpj2MAt(^B`=25Xo
z!HG_RTC8_37jKll!z=Z8UA=zUWRg<u@U=MtdpmqRRGBjD_jOZyim9gc`wmX6ruAN`
zVo!Gj?hZOS_I10TcX4=+#}Q$V!W}-ROMZL1gWW1RjxLuP?|>r^t)g@SF4qA^AOd%|
zJRUXdaeG}sYF$k4F2Bdo;R2<=CQFwvH4CR}kK5~VM#gb?%Y#yf&wIcX2ufbpUPsV<
zfGdSsDV;}K5ODJuGrJ4A_PPR;V8FG%#~q;5lny@0;|T0!T@|9t))je`%Ze=L2BdJ+
z-Lt#9BjEN&`0sFdY5g8IRTb~TmNjF*>FQlfIddw^;E<!s^GF;0UD6@jfmBh}T~p@d
z9!1seKh!J3OJvwq*X0fdU4bR8F1NyFOnb8<(CrE=+3O0nd8zJ_w0Cs6I`%0T3EBgW
zgKd6VMDq6T4u>}xeYta+*VP+ra~*KWB29{yd>+w3sK1g|kFO`t!MbdaooYGjQZ98m
zx+RAv;Bq*re|32!cbDH62)dk0q%E$+iVN#z9xkd&KgXeZa4sox#_*xocbDJoaRuF7
z(e0v)IU(-W%gdH5Wm<RoTr%A*N3f$)3iNp6Ix%{?d)%I&+Z$a!%uTg%Z0e^K4B1yx
z)+H5F^1c@%FJDj4-xF->ba<T}x;4mjnUW*oPi_YsB|*F2<%&{BVrP*7WMV<zK9_g;
z@i<Dd@e~S4#)}M)$X=+feBG`#r>}!K&p5mdj=;VpZEf8_x|t?gS8Z+Gu3&f25p=b2
zwIss}xSTy5Dy+o(Bp{a<Zz?%89-TM0qGa`L^72S9-wvOrr^~yft&L*0O>L*nINCb3
zo%t{of~wu^ooaT8=SPj0haRq8M@P_eD7sGu9s69}QrVK~ZmH~fr{wo_yXhizcp`gX
z*^;HyNj~qC_PP(ayo;ucqv)l><4fpIB6@Slg*LYFPr>8%kw6(N?&@%OqyvtCo5e-t
zW!>dcz_rH}aCtjiPHDGmk1ybo9NpdSy<WxkQrT(5Nhjgg=XZHO2%T=%{vOJPn&5Q!
zT@JtB?cJMnd<CB^?zW(>O$nk>@zLS%I07=+M0jlRCa1^cuQHY-a_M#j<bX7}pXhdb
z_j=R<NxJ{USOZYL(dTuw9P+zT?EIaMZbvW}s901Z(YJedPtYZ?ASO26OE8bNHvggC
zwjM8wrd@4x+RRn7F<-&)gFSv0VALs*VcC+Uk9AkFkWpSc$?P|Q(_#77ltH12U*zpl
zo<P~wl>7oTg6eX34=G`B&?ohHY3d<WM1t9}=be!}$?I}Cr7pTgf}IX8Tk5PQTilV(
zN!D#d;ZcP;f>M{SJ4oLim!ms4oxP}SDq*{<X=<4X<CO@W!`sp63&gA&B~(a&&)S{t
zZn`$0#B9o%R(zG(mJ{2lTpts30f^ZQX`ZLvJUPBPzKYqb6?|1iOi;-2)$@#BRB?6(
zwogz$>Gtw`g6=ys-r2K<&cW|vIj&5{>-PIy!3f>R<`xULsaMcV?U%Km(C*Uyt>%Ae
zKBno^tkD*04Z8P*dd)&jn&vhdgmU4RTCLy~z9}HV)9v!?S;7S3l&39m%irx%5&)Nz
z8e&}L$nrfU?^V&;<LmJ{C1;P{<L+<-U6O1XtE4^dKzC5`b#(Lu*w&!nM;3)clEo+~
zQ3_2!gPqJ@xEx&yzJvP@$rs=)65DTMvzh4A=%rrR5p>hti7B(Yr>k44sOl~2l@74N
zvOSLFD|SCtDOL48y3(=Iv7&<(S9DbEaaONfB(0GuWMx%KvhphB1g27=I;~{Bp;F>{
zT(l@ozRk+ffNu}wx2Gd0b-B8By8_)(cTY#B<mi@|3iuWr@sh4yDnWP9bBImL)lFqY
z6LhK8(G&Ew$xf%DCD7wq6su3ZZdiV&g#L7O$#Mxg_DcSMYmd8EeTEP<DB3QEE{WTB
z_fXYS9Xq_fV5ch}siR7je&mGG-7P5^PQ)KIv?y<KeoE~n@!0gSdVC%Gw(^aAYtRu0
zwy0LSlE)_Pj<p`&!D+h7^f$<XK%#be?mb?fhD#2Q+tH0!`qOl0@=eZNynL89jIn2l
zE{g?a-3w&%lggZmSxPKVQ_ru?>x>^>&0nHs^mzAqeFwb~bD2``kl%%b?Xs_!+Mdi$
zMe;hzb(`DU77RE#T)WxcrhZ~{Q>Svw{IPRuODNp<_5}UAT^&BJGl3(DoW~}P2b4#x
z+XUp{^-0Q7j)|X?$LZ?saCx0=0av%rbHFvFeJk^6$z~VRo@jWebf2(&i_0Hyb-Spq
zs!PP5BEN*j5!;@SzRl;A-JCBm{bX@ito)hRbR{C-^+|Gg%EjyU9&mWvPHvB7-SOi&
z;>5i*vc6>M(X}8?hpqoQZ!mC3o__qf)9N0tyTj*H!q_KN`xx`rG*}G;6+K0z7=gLe
z=sHvl1G_um>Ik|IxHxQ4f@dy-NL(3I9Y!*FCC<wn9*^%}8)ug3h2<g<rSN%1lpKGK
zB<n%hFjez&d7WxI+sI>~tu$;<*%XiUB5)vTcM0R0j;P%*c=hf>LA8*#vK%UEk}@1M
z!7VO_Q*F}m79_`vQFw!^%NIDLf@M2UrUMJxhguSx+bHL5jzF-jE8-raep_wF2Uu1_
zl_JCPK|6Rn*tR?1a`66psJgm?hdkUNJw^91)e2;=YC*{JkFX01-G@~83|6hsp5UIv
zOCMXTkXPW{u6R3g^)efh`Hf~?9S*P0>+W#y>0`TPLz8-a($r85tJZm2R36d&!rdj?
zQ`C<4#^5XV7Fl0jr%Kus?(jKPy9>{?BkrQbu{Xwlt#=)Yfn$;p8aHrT?3V2q++jrG
zbMDlkBp*F~Cld|ZC%f7DVNq&Cj(i~oT=Kn?yq~apr*8S4ipGsm=SM?I`94ZcIh7W-
zv#e^F6JY+Wdusk5$4kJ$fSYORpxYVjRN^46=W1rJvT6Ap!H!PmN1g0uqRZ`NI_q*g
z$KFc5qHJDmZR~a_!l<$W+S-DyZq<2&;+E)qnV)uaaX-@KaI2iWk_WBc<Mz0opzTg~
zhl&ohD|tQ2x(+(_a{KVQ4z{%+#~|bJ7jhJRTk6?cama`Hdx3I(5w|Zq$=@0PwE(J?
zJi25B^_zY-yMR#iG+!<(eu7R+b*RUZ4!UmL@{)?+#TlkzH}iR6@e@o_5lZqQHB{}f
z1S*1#y=_iqbLf`07ir-_DX!k-buN+)AC?m1uUV4_pUXE|z4!^4t*P~L%7Cc7DfSg~
z?5&Yc+XH(mAFZl-w5B^4NL=sQpRm5m;b;C+-cO__q$)Z+C97Ec1hdp7@;n}vB6zFU
zOu-5I{7Beuhtg~D(r1^j+v+uIBx-4GTkAG&tJ`R+YumWVUdPs3(AAZS2Zobme13+Q
ziiCoegbI?(gLj)UjSZIO=EjZnky!xyT!&KeKv9y8FXvGyD9A`jX(;|eIZ%w=n8((4
zyMk@<p?Nf8NZhWhwj}Kd>f`qb)~=j)s~C!@rycq2k-|~3c7>xP?NjUH7@E=^x6w{%
z=NrY8dhYnA)JH?W#PoO!!s_LNXs65L3c3>LPu;-k<xNlaG5l0qt>bt+x`!vm;&_S~
zO+zsjFF8eq$CC5J2r^&t!F<wjA{PiL_=(`9;77S&m_}eRc+&_>)+1}1sxL*qs+L%}
zrILTNV{Co&^mA%`z~_s*UyrssoK7z6#N)AcF2rQ*TqueA`~6f_5j{{3Jq?~BU%$hx
zFeHB_!=gX=JDF}8p}MG(<nd*X$0^C5G<cnnLoKPiraW=~GU}M6$QBxVe&p&623%b(
z&mqa<^X`q@g?oFtc1O;~6OA?%amu(s$6ocQiQ1FXFP~o?BM-Xp6Ox@ucQ;KarHGRG
z8KD$(?3Ow@9RWv2&=rslcDe#C<r5HZQ2y+o+wbU@a#9#Sep!p9e(Jnp_?s%XZCe^8
zS9gcQ?{Z4Mj-V?T;fr$6;R{f5lE>ws4q4jPvUYLxG<d;)!|jPjOe{w#t!-Nx6UoW%
zak#zla#DTi#0@I3{DPg1pmf0P^EiU8ZnY4njN_G*NG-8_d-=&_V*VW-f2U)&E9mZ!
zd;w~0u7JBE%15Gk?eFo?p320g%u98w?{s%Klstb5p3CdxXXPxPiq~`8Fp>WJRFWxM
z&1mBJb-H?;t`2vX!=o%EnT~Rrw2dF~L?y3KR{YzP`NysFWd0(8CdnC+lJ88BgV*O>
z994tE6C?d(^K!cPx`R|@<x9$AJ52RYu?s3Oy@Q?Zpo^`~$oXXoJUTc#nC5XstbXEW
zpNw9IuZ!7A95KYK%cuv5n3Uw&-{bH|L7!B``Q>g&$r@bVV8HF_mK*^W8<riD$zQ*+
zZ&Eva-k_^Dh)5j2&vobnU`O%!wQtHEG4l>~x>P>+iSnuX+T#l_EU&9KD5>u^WqHJT
z2!4ephw1FlFw%pcZ^$3n0T4B>;Di6yt$79CN!sI*=FfgFYSI5**Svx+XkNjYNdND}
zP&&n+PiS7j$2A{i<)fNEh#TuA4!@vz1)}D%rdRU{4rpTX0o6V6eC0hqa()q)mnOc?
zjNgZ*w8w4xieFLPLdqC1w`R%K!Rm<DWV(D}sy~$NJ9;A>-@eD=JE&?-GLDxyJ8GK>
zNAYwN67lz6(fh(_##e=QN#c&ma^|(3Ek~00L!M`c&*Pzj^?9e4TlwPhxP2xuy=Y9C
zn2r+tC7G8hB%OX<FGl9&=imIL(7U|-EmpJ+d>7xsSMf2lU?Dc45cQf`%_hy`n)RB8
zu|l&%la5l2L6fc_xP`xq%iGl7JFs0}Qr(jByM9-fKX@p5|C$tGN`GoKG@@a96^|6u
zyHz*)xIY2i57<$4Z<?HIVE$^voc}H6?}rsRCtbnH`KxM$CWzhR@5SR8h;NsDFT1d3
zL3MmP4RfNcQ`<kNbmH&x<M~>$WQqJ;Jr6XNE?LUprAr=_>-oXy;>C+&zsIm|vTfT?
zx3OjM))vc_7HY*?Tej3$HY~2&Xb0Foa893vk?)w?>}vqZkJlHFl=FRweLc_i!*0K;
z!@b8X$M*~3&S@j#ZnasOEL$oi<z!ACzf$5yTngw5NS3BX%T`5yJNUbjzn|rA?#A%~
zf4>-a{u>=vo*g5fP!96ERW38w$y~u6y6wiu=0lppngg0Wn(dmcnhlzIjYYFcvqJNT
zW|3yDW;RMRMVgOm<d0UOSH$u?LDVlKId;aczVqkYUgbzNVe%5OXPU*Uo1&gr>7OvE
ziJ|Y^8|;+-wn#>a&C`=c%rWaK!pG9b;xJSZFWV`40s-G%_Tf;#<w)2+ilR#2F+CM_
zzZeYoVir(bjHd9*KPF;-3gL@AZ{Yq^zWZrYu3+T-A>a<G^_S$hA4!h+<^C#rh&jjE
z<LT+{1T=HBt2)zxHvugF&HE&n3B2~3_sL);Q1RRM$s3u#_20fv?qmX<-@Q*R7=UZP
zd!Jl40GC7WlhfJ2a!rWb5`p$7L!_z{IQnFW97zW*J{cl?>A-tWhRFGJz+M|7Z>9q+
zwIOml9SGKj$h~x+uQo)oGl288AtGe}S879Kc?K|68zK!EK#L_rIx~RlmJm6X0aRN<
z<UFmnhR7QkfX)^o?`8ml_7IWu!1A>r(xL}S>qF$29vEy0k;{7Ey~YsHWdfb+Lu7R(
zU~dYM0t0ZVDMT6!K<9=KIcxyT8$-mH1&nP9k@hU$y-gt!%mQ?qL*#lEaA|XhRAdA8
zmJqp>4FsPGk>xqS?WaSeAqQ}_hDdJ?aDID;T+RXXJ3_>m3z&C?NNX-|_1O?PmkX4(
zg~**;;NtEOS)B(Q?FbQn9&pheB3JW(+s}oF(FpYI3y}sR5cGt|5hHNDD@3jvf#tps
zsSp93KSY{EVEO(K8599$AVkdhbbktwzI@<%Z-`(P5Ihtj6|;br=R>4@7I5Xo5P5SJ
z;Cv}W-kSy3Uk;JV0^sP85D69l6(0(b+XX=BheO0@0!ojD$ZGojNQiXO_aBBxp9$#v
zXo!SNz?F}NNJSw~dMrd*3W1}?LgYvxaQj$@yj}=Yd@@7|ih%b9L!{IU*w2K>c{9-Z
znGh+R4P5#{h@77d9Q{s+9DM+2cr!$bi-FsdArhqTUxmn<#ejaneNs9XIJ)#cIXoA5
z?L+s;^|^raQ};>5Jiz?L`=sSTp!AFPN#}#W#S8aIvjph=>OOf*0xpi+Ck+dL-W&Hx
z?*ib?&+n751;EkyVNz8BG}MI2u@a#4NSKV30JlF8CiYU`_9w%nwG?pvQJB113XJ_x
zn7mO6lpYV0TeSXonCQxY;PEgqmjQjp!=$ndc<p$Y)RqBPj)zH08F2l0m~@r_w~vR(
z;WFUZr^4i78Q}cmFwrjrbSJ{3b|GNy3zOc3z@7duIkyn#I~gXI7Xr%%!sOOM;L1Rl
zpd45}7$#CVaAhb=n#+OCQ(@vS2Xw<>a=aYq8xE5T6h0j$*UAC==`guN>raOXDuC;!
z!^B(x6r2f@stTaxOqeuO0Oqq{(pv%8KOH9LDuCBM9VVA50NuGTxmE$Z_t`M<F9KRW
z7beFR0n1+tlQ$Lt1)mR-)eiv`UkH=K4*|!%5GH*O0k548lj{!wx-W*wyAJ^c|0_%i
z9tJA@G)z`M43vI3Os+i)G<+pYvMYg$UkQ`aO5omC!en(Np!;f=T&M*4z7{6gi-FRw
zhe_vRAoz_i>01owE``aJ#lWRYVKTWGSpKard2car{aayDumrgMoiOQL0_grSOfD?}
z?0+35rH=r|eiSC2M}Vt;7bcUB0M2*9WUvZ&?I&T9y%f0g(=e%C3Jm@{OpY!EbiW9b
z*OvlE|2a&KJ_^`1gdAH2yq8BvXc<r-5mK-MxV@5)_f`P!RTEPA7|>Ef$fd`CD{BbZ
zxsv)dLS9`7G&B;@Sq(Uw2zjF#IKPRI)sF-3Z6V~1$AQ<LBE(n&TyH1jdJRypn~>~P
zKtTr~o>jmdCn2w`0$%GR#J(E1_#7d}Rs%=(5ptQrU4*>58nF8asagZP=Od(Z4Pf3+
z$Qx^b(gTFpp8yJa2|4xzaOE?E)LMYS&k=Ii0vvmdkP8;z;-3)mt_A4(JRy=52!4T(
z<yPSK7YR9R1up(6Ay?@8&k1?e23)*M$Q2u4{{bO7J784q$DiK<UGF^2oa_f#of$x=
zIz*K76(f(i%#Vl2YULY6ey47KJVYAU$0)hd8Qoc}^@OnTowwi0rBwwqCZ}=E;~}C`
z-OC$!OxXE&h?rG%$7zflSN9r#BaeqjfvWCOf;zfi9#hp71GvTOdS(8MXN0qw7Q;Jl
z=faXz%s&jc{dkBRR<&<awM!bnUK1itRr@C1PRFd(0LN;g{8AaUXn^B2A#y%eCYudR
zD3+{dr2v4+_oxOit_qPp4a2WJqd%KrKann2Wjt%vTBWd+y=k9I8o<9gL{7)`u}{<I
zT@5g{CPdy<@nt_DJS$_`vg(w=23dQ{>HGzt?}-oz%Hvd>Nk5xrJ)!H<+WQ58b{Ki<
zI-QED$ZVoj0Ioe5BCT@2_A}XMv#ci!eVMj?{mBgbK>A>s+wjiYqhljC<X+FjKy2*O
z0&u7H_Zyq`yDk8w)({!P)PByy-Iy(BYk^DezEAur`PfbfeVV7=d7I)<oGLA#`<M60
z(RiGlGEN26zZP)*%lqVYM0I05k=~bP?bn^uy54zPo+ZOQq6KdM%ll+dHAfrewO=@?
z5gZX*s=wE@K!r6#f(hoeIXW2|FR?ziv_PjdL@p%g)1IVHfeyI+d-S1lY0v=||Mh)&
zove%4e3Rk_ssVU(z<dAtKDjF}y3J<{XEUuQ^nDq&{`8Y+)&bq1);1)Z(g+vcd3*e(
zVhjMyXU|jTVGEJVvG(4VMnyUx3~F}9*iU^7^jxfM(RF)I2l(yLb-R=5KMm-$hlnxW
z-WvOb9flE$tYJ%*HB!v2qRmWa2BmeaT(HV*{Q_+Tn(6%0fQq^hxu}w>tzWS9X;0`j
z8Lq!&edp~FMj=wnt&;oO6i`hP)J`v_0mte><d`heBbqbDvw7ANxqUgd{_K-kwgJOn
zrfo=nD#JRQ-eGv>?TM&hEm;TRD;nb~rgWiedwDugeD{44)Uh$oY0ea!on<|d-zVDo
zjVJSL!-mtDbpyGBIYZf}vb4FHcix_uRO^$<qBkAbSsx-5LY&<n?iU(I>@o6{C%ko}
zE+XT)e!*rKv1HjsTKWa+h~od#f$GK(@oS>K_!iA&)<yh#biFo3h;5Jy0L|%*8Nlsz
zA!64g#kWV<NKnV^wKW5{wLV1J<LNX<FxMsMtumu1Mamb=t?o7@uuUs<6m15@QOF&Y
z@;X&np5NUJ;L?T=xe(9S*2s8`k<ymL^P_aC^?<Y~;@_kE*eE~Gsm5(e$`7@JBQ!T`
z4w2*9=(@Jib?uCd*cR1Pq_jR#+S;$Pj6B<~TQ{<^UuPeo{_DCP@NW%~H`V@^`U&PR
zYy$$F*JzZF76AH8AiE_*D$-e><C-)1XGQA?V_%+aSbsXh+Mjze$2yQbm}MI>oXQkF
zVu&?rOV*|-HB3(JnZWJsAyT1HtrZ(xD~<iehLMJ-)ccLhq_?RY4YzT+r=8CP-h3uD
zrm&w7HYlM)gHl)*4K8TETQsNM5!nlse$7+*ZH@M$dNCV-cXveedqH!i@T|$&pMO%c
z4HyUW>?aEPX0^w-)paq@_E?uI`#%G4Z)b!imob&BjY`%|rTzQRET#U>0O)o_bgk?=
zeVY2%^>fDnyuK?$s?>V0GIvFl@pO^})UGyIN~bCd=xdA6;r^DnTIzH^5FM(Q-YlT$
zSMQU`Cm5Z}g5^x<*%E8Nbn-#li3NT0Z3FWL=W37Sz5PzqZ_*g{0$s=LAp&h&Y|%gs
zeAA$2K-e=jx;`>mZmoKgWUFg*tc8|cW23Fppluo*YoKMDVQkcrg-+^Evw^F-L&UF*
z+rO=J|9(a_McbfuKzDF#v{6;pO857t7`3|5v3iQ}G=tWSjW)5pUxBDz2eW}UT_JKh
z)^7VWQSZd$csU!e?+KAxnCgeNMPro>>R6A?<z6=M?w<eu%*B}l+;yj(%d0s+=X1Z`
zT&PW6$pMV}LZmw3-r!X6-H^mD10EXx<N|t6h`bh0XYEN%ztCp55%o-UYGB=sk@ayK
z_DK!f&~J>e?Vy2TXEm{3EBj@!@8MivbytXlRP(iSz8$JbQrz>oK(;qT?tK7Ux>#;~
zKwRVj7k#O5X<S>G2ORT9Vgt7J>gbxO>q|S4zDbVSZm`uvYiaZPNR6_-Xl;Yx`df6z
zpuaZuThD$W=LCIufOCI{w8r|h`iP6?K{ds_oCoy9;o43JYZKwVn+II|fVgHO5c&YP
zR4#TSP!$Lfdm6*_pUFL&V?B}Gmu2fWoXoTj=m#_Ehtf}_?J}t2dU+F9!)>Rv!#ZK@
z<V54J?zDE-#H5wJeTK;iOIEf9c-;tO9}JN<4e@cOojUThgE<4ameZNTh7G5(hO&jf
zx;egXY}7J2VUN1Ga~g_Hv6c9g2CI~g{pR>yhHd#E*lWjc+9<qpbZq?Q#N_(O(2cbA
zg`4A+iAl@Y=yuwV_GzNk!XF!Mjx&!z`&en8rm<0rn)VJE<L0<!bZla>N!_&7aC6+6
z)x>^*BLLnIfvZPCq<KmlUVk#L-`I3xBpPBi(i#_AdoK0bUC*jEvfuSLMmEvO`qT(E
z*3`;=TiCB{<c5V(WBXBUKG1hGL<)3qd71U3wqMtAV<Z~UHYh$KW-aU*5b8!-)g$gu
z1I;pL?AJXYJT<yyK(LMS`R4<b$3mn%UFE~6`?gU>UUy0}B-ByYEO^I8EjPziX3$I#
zC?@sQH07jSg^dP=7d3z^`{>xFo8uM*tD9=BL4iPHs@hqA{*xhcb(YHZsm0sr0-*M9
zqo!ZSO#8y*#JU)h&-E)<v<pR~7EfsieG`)n9}ss3TOq<TlN0qHut)2}<a$~T8YU;K
zS)16e&?1xB%U*pNptu0IcP>P(808p6bH;qO$a<o%&t&f}I613rP#nl#J2tvEX0xPq
zr}Bo3&odj|so+Fqe_2B*Pyz$_gW{0!R30TOtYwxj?3BCFrfp-Rjj6g(wbF7s)7)02
zNw70&^6zu3%}F_VdUR|XeYdminQh>zcuftd#-rnGQO9-4C>t2B%?c=w_5wGeEE@wi
z-5hVEYn<b3QCipE9IvMpFHn<;P;8)X#ds=j=lD%Ig0QLj+Ha1_xynToP<kOmP8;KM
z{<Sm^r71tn_=nR^rwJFPq$R>jQ!^ErZgwHic{xNv`SEn?r_jALmF_2!(RCIA#<xPG
z^wIcSqK>8!G@lsCJ(Xh}&OV(b+@C^4o2i*fnbLiu5SY~6C&9e<oNX;lDrinYlQo*Z
z3I9Ho-%H8(EhwTt_ldMwO_!3Zqr@p~O4rH=|9C3l?Fk68{HF-G>by@b(T&rp=C@wW
zui%Z_7q!{iVSTe<!jiRi!aA(C(UN5XpgHB`B4By<eR8o#)>*#g%sJugrv+>OY2oCs
zP<P_2(04`{I3)}Y35}-)grPxU?dg7D_@p2lqPvjrN;Jcu-DP~av)pTFP&hR}JDlzp
zWZFVIHSNg>i>hmu;G^W$s<E4BO})CNB~iy6j1P|*PiUZZ8`M?L(wgQNq_0jHQD~h~
zrFCm)9bGE#nt?Yyc0Y0tahv|k1}=W=J~^HdJ*T!s&Z*Z8rVXUGjg6|dj&|Be+Xm7H
z(<rt*){EF;(yA%gw$ZV5w7l+=c1UL#7MR1EXc!x<r?qyv+|vishIFU2!@{%NSxi{6
zo{tvSMvEKAZ%*(`L+;^=wh8OTZ%)`p$M|{Mo!P+7<M&BZzG|PMTf<tqN2vFQ%~K8f
zS5po8oCa9^0MPo``{Y7AO&0vE9n2We3%3koqxGt!V{CLoR5~&H6Yag3O{QsdtdZ6<
zGf4goQps>GEjPzo;y{M8js3Q(%Cc}=?6;o%I@qsWPTfwW4W&QJ+;ju`ZIq)gL)3j+
z$8R#MoeXMD)ZR$jcO+@I-5hV^JjT2?uvYbNU|6@4Epht8mU!Jn-IThuG&XLeKMfO`
zhjn`?O2jkhxMx^5tlK+&b3#7<oC7$&cAs2{jpJLCIKD}B7qt_Bu^71bwfn@MlPH#_
zA{Try$1n$CAYm{D?2dt`Z}k@g`oFkO2G_`YfpBKw*)r>i(!LVgfHe4^wSU3M`SziC
zr{)e9pPnPQrrP2^CEg3J76VP;`{at5(Y>oVGw<wN>xtsNIcxhLI5~U3JXkbTc*<lQ
zE;v0)TRwF|5%y1|+XO(G3tTD;lgT<p_nK%qb4oZnBv|`T3Mc!8x)Xy!-+)j*&?gL@
z5QhF(IQ1!E__%QTj|Abm;q7-~39|Xm1?)S+<YG?3^Lo2_lif9y%XNwNEb7~?&IKyw
zgosgfA38Y~7<7l_+?L-p-kl2^eJ-rrhsNCPG^_5$l)D{jL#6Y8YtMz1d#C6b+vZ4Y
zU$2~@OLPyN2NdiJ$KMI}X*Ndh(R$|rtM`RTHT$3OM9xI&mHQ&f|LJ)^>%K6_R?X?c
zJfLM?IOcx%$~>Sw4sUE8urm(t-FZM~93CD7oT|FzbnAamruP~Wou}+lg@TcNf%({`
z2Z1;Dg~|2!d%t>`3)u#Q?S>m8)=^vJ9_hx2Wz-Ur6|n<4MV6G8a}NS7p0ILu6ul>j
zrgoNop~*1P5CPeF@z{gF8=f#J(8Tdl*RNY2)$>;MSyCyLi3ALGg~>HdjPBUIsp2P!
z0aQystuG=Yb}!zfx;Jl?fH!>+zFGS^ReP@lH2K5ixT?Kg)jlWzZ}`KcQ`Nqfw^N(E
zBmvp`!{m4@pFxGqU2**0kpNF1Ilub(z}-M{ek<k!p6=xQHp~YmyA$(U0HAX|P#Fx9
zTJ}F@lG|zhk@-MNkgt`7X#L=P;MD~97v=*O6VzX&;|KYAvdi_%|IY_>J>eMtZ#^Mw
zP4q1S)BgfsuqUkCS47wDi_x=6I$rex;PinoX{U5IM)_!70NjqNr!wta08}0fD|f%L
z->av7Pf0DP$J=o#V@MykIo?XWoGL8Us1X(SNGVuujz9B3aoJw1Kb5g%{AQzp4rIw{
zq%SrfeF<>*P*}dd-X!x){iRd_Ts;(7(@}Xu@1i!V@5T;O|5pO|pAVBs)wd6}zRVK_
z%gKy>y@ke<RvP|oH(Y<qa%04zoI0>8w_%|zrh0-m&~06?ymfu#20K1#jHPGc;UrcA
zxLyKWdm(o1tM1C5R^NW@ioFVBvM4A8UOODCLrS-@6nOXWf1R$U6uA0gEM01IM@s?Y
zOJSmqx4B(W$x^)6OM!bYMaGZf^+xgN`n+BW+<rMs?g{GrtuOC{(Q-1UKX>h5)<CxP
zROXOj$LWk=y=P*wJ%J)NC8%Q=pM{-|*x0XJ-Xb69HB!13O4mZ^S|%nN>0AExp|cEV
z`cRmZs?XN@v?p}+{X+A|GuPjehfrU5H;y#+3si2el>y5?%zaC9bgjKn1|0ivnAmB3
zy<G37^DhG~emG3B1y#On>zj3=z;aUT&$kZd4H#RZ)05{`H<Y`6ylyCWr(t|^TvPpc
z<4~?*dW{h}7D~r5l#5pCx)uUW9|@CJWA4}b#1r}KtZ*wIPA0f+AlE6wd<fM^D?5uF
z$ZZ&1H$eA5O8d2iz>z=v@26eC|A#RbKN=<tQ@_7ySMQC~msXYoW5>eeXrga*_QYJL
zFnixw4pe_UEPwCuOs=#gSFR711J^&!<EeFWJ>5fIrTDLe$vO5v#*x?8Gjt9B=$d)G
z9JusKM6c0Y)yi_!f%N@`(Yh!Xn^cLHIuT``VvVjJNVksKW0<CE+*koPKM^M8^n~%L
zl{!@`^`c#IhZK<S)tV~+`-w2A)}{C!#YWw-duoI`^}y=cL@_V5`8O&6^FWx`Gvd!D
zt^EZjXITgG2Sw|U@l>95IQMjpwlKjl61(@(EdmP8hDoh3<!+c7*;YgJW+%&X{ViE&
zk??P-iLD*T^^aPwzh$A7O#`{j)IdiqS(``Y?-qlLfZLxAlfhg$rx4CObas*LL`7fu
zuyp#t2F4|i<xZCMFWfs=GEizeHGgP<5TKrB+l>)x1SR*HKs)v?JXtnSI#@Ea;M9Cd
zgi>si4+Csj0z0?1DeVX4dTW+;gGMf{rHKVAZB*0F5-f&@2h5VcH>!FFxbmeisnx{G
zy#C~@{sMOXYde)UWVD^m8P4sBbf271!rlZYxl}!j&Qx@|MqhgfIR51@DNyUjPK7Jf
ztM^_SLtT3a=)Djow_?6qI8o3yEBZmrQ~mi~)mIklRUa1B_vf!Oj9BIUrubnX`>SEn
zsfoW|IUMOg;{yA`K=aqa<cNI#bwoHLoqf=HVqV`|>%aqpvm00v%&%ci6%CnNPtNHt
zwhR{r>Gm#5oVVv55okBsYsh@6h|*c#Uwm@TaG|j6#s~`s>f@1VyV7B}kapQPa%24F
zgpD@Hl~&%@M!`Bdx^=kFHF9IZ#%`0W@(}9`9E}N60~A*R_r4h>mkL#OYNh68jW<*m
zHB<{VRN+%&qZ<=gsA82*B{N+GL1?0;zK3xp)J6=@nkD?h_|2Vk53;GPef{{&2Ks(+
z{HEYA(60P;dTi91wO1~z&8nv;8^>>Ib2SvjI({=qYud+e?&2e4HOd8BRx@qcHhz=Y
zyR;a%_@gj+Jy&&JVLMUUSHg}e)R*X%!3PH<`>DA@^BRVWg&{*Uev2IBzNS%XH$`iO
zUq?^vKx3P}#lYQ(Ffq&L`*(#iOU^E~4ws%Tv7M;wd)PTxK2Xtma#8<7`>8axsnoDp
zRkrp&baK%^#bCL2<VG{au2-beJaWS}HX3O^aH?!*p|F4aX4}xhQ)QdRZ*HS+VY5o~
zP2)GWQmmc4ar5}i1`2nL-?UP=jVfW`sj{B&n;Yr7j#?lafYEFkzxgzMzZ@aCDaz+Y
zm5;G=diCQs>*(9Y-@qi@|CRvv{y9wEl+U`43uhLboo_uM^*v}CC?1?+@1J*a?%JUT
zPR(X+A?5^K(!|vW{`iXcK0@Q^qG9v)iOF5`9hjVW!9WY!vNq9|uy1nW1zOlQIbk0*
zpDtQIF}aDpw@ys%U<kwVb=roB$t|@0IR-XQOj>Dc-NfX2T5DysyCx>t_aBb{cQk}#
z$H%vO5`1yU&nu1rxbg^aSs-MmChp9R9md)Q^n)2|htjtg#_QFmahCBG6&Qb4NNLz<
z+?xc0wl~Lpk458_<|?31OXTlrY}^+zS7f8kYRlm4fd}fS6SST-4HpVq6?eZ?wUFwf
z?(DQFvLV=Mt#xeFqHb+8M4Gd<M9P+|CRN!QDO<Bx9QR%o(4J1nF>S(cxL#HVMPoEC
zUJ6{!B;>t}c>ivrJlLs2T}vlsqZ1P%S%b<4%C4GX)4prt8)AL9j3hMEU7He9w;nQ#
zjjombbXHGf;ZTfcZ;UjmF?SfoM(Y`-dPjds)xVh<(4)YZk&t3-qVM$8-<9rGm77)N
zLoqQV%YPpQ&dnmk9#6B5=Bt}-j6`$ib|ol?#HZ{^W#on{f?}neo-y2ro^Wl7d`M*F
zpA&62+!(3PvfUVA<6nOia268M@ZUH7jt@FMm1)Z|plUWD=YKDmZi<wxaWcIO;QTV+
z)nY=b45~HWmvtiBdNQ-$urnqF+7<)7Fqko*_l%A1kEs>b#ekj|s38Wj$3UHwT<h4V
z;Gk}xX>?3rcQw|rQM-XQS+jQ0mxXRk4U{(v1=(4qXE|`Mj3}{VvcD^6QRiJdY5Ye!
zmlNeXvFLXm)*+#;FXM#XGN>KU(TvtUHfnw6?QuCeuOAz=Uw_M{z`4z|%aA~OH}XpP
zj8(S+I9E={^#tECvp>QaiGB>PFm@Wi>J`B1MTA_OqURyqDQ!Kq8#}waef3)#&)0T>
z7cW}ey?C*rZE<&Z30mAWKq(YjT!K^FDeh8Sg1dVtF2VKX^L_q@_lI0NJCog+xzCw%
z_L?~&VR={=?a2AY5t)VKc=78yqW5~O#Vcuv{EJBoSaFql*Rs=p&hXZS77Jp2c{C1p
z_Izds4-rb(GtfxWoM0}jRSB2WW1)o}ePcN2#!-GEBj4xFaeqTIZ+;rXuhcAFBZY%!
z3thW^ch-;hxfJgwMZ|-_@4OgbN?C+!GFj5g+P{?br|#&ud!!&jQ;Ikb?<;QV2etS!
zC+!Bwfij(CB6tv6a9#}Ft|8-zlLzFdz6EEsdCo06uFU?uiCh4HrlpQWh)XF*p!6ab
zi>da$wh?o`aphfg^nA(Z2Z)B^Qs+rO+DK0L<)PD0-TwI@t6<<Sa#Nb+CibWoqqQA*
zQwIi`Q@aIYsO3~|$KKD6je(o7G#7hBdY(NI4E8!4Yb|0I*TPNA0Chg+OP9}MoRKeq
z0YR5Nm9qQ$vT|n`&_e-z6)P+&0c;rN&XTe<HrY4nKwqK#n3v)c<bs0e>qC&yf{wp(
z^Iyt!v+dp;<$I#*;&|yO(nE%&mCA{F)%ev!Z{fp<{2X*nH3Iu@t3|X&o`dU%!+ti8
zxB6;%u^^LW?t3EnoZ#!@%nX~I^=s~<&)0+@MsoZ|=p<%r3UiEy{nG5`Uqt#CK7Ro>
zF>aROCkQWuhv6rX{WEy>tX5lFoL!jYg?f`3FfoSJ*O}(!xwFouGcgKGdtn6Cj`Mo5
zRfID!CTOe(a4*WPSL9jXCwOcN%$JfK?)<1M$V_Z0((=f&c<avAlMQi*l$0n9o}2FP
z{~^aHsDMyi4WFwf-Ej8nEt0X=r+AC6)fQ!B)pfDnSrPw|b>sM$8swKh@X>=@dB9#5
z*>IWSoNiKVnHItxw?<|@Al!o9wDKwOv?DJd`!&nUkB7ze&PoIkW!e`bRB;?XH$v58
z+FrWe$wi^#3}IT24CTLeIRTtBPW|Hrd?6%HrM&VFdVHB|0MAO46L&mUC+*xeOW|J_
z4*%_kEtk~&z6`L)(-w+Vxd@23f9UI(JTp!*5-<Isxm;5hRJ6IiSSmaZ&-3-jJd2U9
z^7Zhz6l-$FqNZTvUXPg1oH*9>Z0kn~@~cf73&L{V<Dwau-oB>44kLasEH=><rj>lT
zmA`fAG$o0<a(+G1dNTVQa(+*skN@~qZ)W0PJE1q#8kXt<%KHCyc|py#Ur$_@xix6X
z?q7S%Ci*Tw%zdUn9{sqCpnR9vW7aD5tYZygJI+`m$3DD!06z1>ueX}6O~QY~bevuU
zPkRTr{eD#5JF|Lzsp4|JMcPxjGx^N?!hs;uLqV&7CusQhJSj*)JhU^4;PGqq)c|q-
z#o~R$<JeC!PDRV-C-Q7(-MDQd>~)T$&2<-Vb+~xmUgU!<Z$Ea<un;`UXS~gN?Zv4*
zDf~<(IN>X?R{Cy06MyCNh1ZMqW9hjuI#MeK|H&=e-P4*$AlH2(rF=|q6^H!G)8lhc
zzkKPF!AtFfB2PQHee$leazq7Z!1l}3_jg6a4}_FB&wZ$efkh%uFE+PPw$<@19{VrR
z#&*rdKV5u<o{wLg{_ToZreLf;fPM9Dg9?eaRm-U}UV40m`k!X~%t+??>TfQtF>df1
z*O!>*|M8=9p9enjHoe#8XeY1KXXz}vYfbJXyKVKcGWXHu+<dxgHJ9`4J|EK>IfXw4
z1b1?t-&j3&46o1M`u*&5I={(0xWus>*SK|<V<_*u5!|B-Yrhm5KKJ}*eo@9u$HPRN
zeBo2r)jE8BBAOR9#I$`rrZeo_zHHUjM(=H*WoS&!Dez|Pt=P$`cE?)6h7s)Yq~Z0^
zzbua~ZQJDI8Azu@jZxK^Ef9Zh%2T`nUa_*MA>QrtXz}i2hCY8z=QdU`6Ye+0!r3y`
z=t7Nd!d!(pUWRe&)6?60&c4K1@#i3hzlT~o83?DO*-m_oWf}C|p)1(>8qmhHZKLJF
zC?TeZfoZok)@U6FlFF7hv0xU<n>8b`b$gbhQ|udsl*U2tV0toRUaA{A^oQ1wD;KuD
z*A&Qs$I6jc!i5VMjiHb9-lHogeqQ_LV}6DIem#U%6KvlnUByL;b95@OoN;i%9=f$j
z#*-w+wES1#EdNLdp9*!U2AUsHG$yz2-zjc-ow^7MCWjdFX3I!LdbsQ9b+W+J{@(Ex
z<#=UH!;5tHyo7@0)fa3Di{@j^GX<OjG>f`;-FydLrx5wt-o-24e;l^l?ii_e{uFw6
ztX}#QS`~vHZ7tjI;@W1xa#WBIvz(5A<4^faf2flh9(OpJ5z^@=GA1;z|3+>uJ!^n7
zl;y1JJlaj<D_$FXh3Y56@1oc;<G;r-+qUtWEG|aq&vrVBF+~$)T3dYtm!#VNmF-ox
zCI~Lm{#S3Wy|qkmssFz+*|w)|#;KE)+*xT;Q03Oc?knE%Z2>G&D>FmKyW}xFJn?-A
z{)R#Ex18pvBh6y!w`>gS?-aRDT%xTNx!1Q>POrrhygSgd;<Nv0l#h5a1TFE28uQK@
zxS@+z?&!Tv`UX-{Rd^P(CuD3L`BV{km?sn#)G@rb++lz3Qgz{S#j@qe&`G997+%n&
z@wm?*7GuHkZ(k_rMlfi9XbY{QlR}{Yr?SzrgM*j>uH#Q}Rk)!t<o5a$A_HfoY_$s2
zrmy{Kk~bxKP<zIIJt%FtR?2gmIEz@si%9(Cz3^`23(H(nd(?j=)v1|SOeV|Dz?I9+
z;{LAdx9$4EiS*|051rN;y>AU)X>15%SPmi#$p0h0+Xiz)_v<LVJ*U63>lJ6)6Jfc)
z+07{A3u`Ced#>USTc2<fZb~qx-0*Hx-(cC(n`MEyL@g^E*0Ma}ri@e@O+VD@_bF#*
z8IO4-K8Xy86>sd{iS(;O8xtPtVFcH%F>o(-<aUGMW)pPZICvMqv+<TMyiqy(g>^6d
zMtzrxyvl6g^3YHyysgo~_a!&Og#RdGEz4eLZMCRS9JRUUxYT#x5`M<ESIKfz7joFh
zA0~FWQdz2gOG7sx+!){+0N!3*<POLv-t#g3f-WAIaf)%{sqDmw<=^3@v7zPcJD(*l
zf@4LI+Pu2HwYO)VaJwoj-;v#2b#>vwdFB?|EZ6^a&-<Bv&k%hL*%5V=y?Px>DHU~I
z#^V)Z^{uhF{o@(vE7L=&Tmwzwx}Ql2#5+Vuf<#o*F8&e(%8s8$(+d$t^llq=dNqqh
zChP*qtAxVD9wW0AKdCf_7t2-$k|nxj6FitAo5-lMc8=T$Hw4`K!`@NNHwD~3$&T-n
zB=qW_uZcS9cr_};c>OxXfNA>BHFj203|%mb#SnPMiDYdXDSfKqN6z|unjBxnSUrtK
znX+C$aP1$xZ6xcOMe)06#jW5hX!vO{j9|OLRah_^;WXOyG`>6Q)Kw$^z0)OSoLKG#
z{<75W(Tc;p$B^QOzukE8Ahw5tx1Q1fzh26w{hcA4^l)aC_U-AZ?J0uW#gEe|NC^*b
zYF^;{VdX^;x~>(N?RW0=<4)m<89q?ZdpUl7eQiST*x9vw`ux%5!D?+SBfq^tt+M&b
zN!EMKTWRyuGycJ$;AtJNab4@SGrj3aA93$xwRbyo0C8#@|3=`#^JN^bQDHbhWWI_c
zHSo*y;Z66$i`0{^;0sHKLh)+(4#_lU6N;6XrLXVkE2hZCYy$>aA)TIKYeCaDgqay@
z6;9^*?JNBDg|iCBD4U)6Dcn^Yuz;w}Q*VzK_S-9dgI}6zoi59?wzjkJGAZwqC@Xy3
zZD*&fwAA~EQZ($Gk$if#3KWPpe?^qd3`FcQXRqyYoQx$}SaLe;ok?MLQtkz!HuJ4+
zQzTVgdY<f!Bs}aD<~(8_n6G;5;$J+hI#Hjya0RiFydcv5f}g4+5WD{UGQCM<qqKKB
zKoxhsF3Lj@_?$xcNJnh>Xs|oIsq(1#*NJNS;xK;yjFV${<F=m7>J#}m1p7t4A|&Ye
z4T(52eZTmpsirrF?VN-Ni=6wxog9UMLJcxQdsL{GK_;4rri-)y{(ycToIeMrX~1?V
zi#6FpcM_8e0ROM&F8r>VuXXZ+gB68Z`|T>K%*XcZV3icuHA?jnATOce+ted2#SR}^
z?A?KbcHqz(%RqB%_J=EmM*U!D6|YU!^Rj7Zn<DBRf7xat5%&hC%}sVa!uLwOJ=?`X
zR7{-@1SLD+yWq`-G@K!g+l+8eE*tO@gCM4*)+omm!2UBQz+$m;GUyASmue1iv2#?g
zYilDkNy3vEPD_~j&lq62ZVgt;FhaBpCov@os>dH>#EeCMws@oDz=v7NENF~wX>VCv
zx}i)G%RZ>;@wYumqCxw+9mXYtgl8HiAHgjZQq8ngadVD0Vr(YOmkQ)gU-ZGT8G`3<
zKppYp8Fg%C0n2SBz@5m!k92TslI!^iS(q4cF&7gVV`&b!So=XJJD*18Q#Rrt$JCB+
zF#~a%9ZJn;TAMO}iWTzes-IOci4VMW{@YmzsM)i-xTx!@4#AeU`ptMsP!A1RpZf6p
zRtdJZ|B(|-qgej?7-7CG_^5!#y@NXabIkBWSco2hej&FigE8w_gv2#^>i7sU&K_`)
zjn6lMs41k&q4eA43Lh~M5Oy^FZ@;c@ePVc==dHy1yraNqISJ0dRV2%x;5Z)htY<$2
zt&g*Cb30LYYz4a=4Xr|FZG*y@vClvLkPepcX!sdRA1ZXT;tcBPEADEV&mszqL>51#
z7_y_fYLES1mH&oKebZArU|VEuQ}oD6eWQU~=P<p`k*I+<6TpVA>$VE~2QR%cnL^kS
zMg_N}DK0Jr+5j)Kxh2AV?qh6%PdK@;F8~&v=Y;Hkz9$R!dEEO_PzTnK;?5J3XDhW<
z`H|qJU##VNGCj9o;tFu($gd=0MUc6%@Xl`iA;T3QiBgiNSg3i2o32!3jfk~1N(^+V
zos32O5Vf8Ra8V!{B{7gHBE)S3RShC8spVE7{S<=RPPKkd>YKeMW)>b*LEIu0BeN%>
z7K^*`X~;}`e8BF47(A*ig(nw04qS>`226n;lkS|V#R9M-0_$%Pd9`+M4uT&CqzYxv
zRdHfFBY&r=U5pk1ER4_53ZzE}YilkGY{3v1638m*=hFA~N@~!q<x8KTMCb2xgyu!@
zG>mrwf&mneq=5;jxdA8F$l$vqRrPyX(+@;C1wd?lj{OzDJNRhw2UDeW{Vry~E60y>
z-CE#31F{9^uaP>bk1}V|dO#0Mi(nUR7o1}_9BYQnVKV!7z(*yCzjJjsyAxuZO~E0_
z<tdR18IjhA{UKYNg}}ciqDo#$8rdD6#)VVweTo)^0n>70_j_=_G{E8$o(CBVR}2Cn
z?JBQgPd~el<_iN3uy9&h@5Lky6*3mlAyWDh)(74%zfFBD3B@25s-$-#YrdrV0jI59
z2QG@A8`%*RgVc+8fyY~%#DK!_bSy@@h$1q;G;!ol#xBlhX9m;z>6K+4iK^QM46b&L
z=pBGeuTwi3q@%Z(0>A16RncVZbR01{ismg>0K?0uh^gvhFd0`sea-|@2EO<wgATE%
z$}0Gl>&IiK8e0?G@z?QtU6lMb#v^M1yygWc{%uTz#RuN!?E66HtmU75aUH;aY`=xQ
z<f>K9gJ7|hE8TV3^EfNLkt|q*%GI8#LflJno?R>%l-SvYv_hyOiVO+NFfl_onLQds
zR-A`?|6Oudv<H}8->b;IpPM;?BNhe?I&mRLD~&QyA}TuVHogPa78ceKa~Y+0<d?8O
zuprW|%fBST3Ssav;PkIHAf0MK$ztkjwVQ}^j=l!`T_5>KfqkX6Mr}DZ*RNVVej7VV
zV?>B!&15<spM3+c@C{16ogKobt`9>wo=T&gVmOdBkZMsOOr;huEsS|#Z+F2DEX?L2
z+n=3z+%)gHto1)wing&6n?-;));3tArK!GREcMs(tzhM+ALl+@HfhVbsB;q+yWQ>g
zKNKBH!u*tK3b5yR!Pp?8m#1?y>L0bkv=U*uoOu+cSqD^<mH;gBlqeY;De!B)HxJ2)
z(!L-cZiI587iwXInMkMdp8(HuWCJ7{TqaK`Fk|(>BHG0Jsk3B6_FM)!gu2Lw_is&$
zyziaA9eTPHupzid!g=VxCeSl!u<?1GFkRQ%^B_J+u!VUOF9JDnwmvZsrLS|y9I$#g
z{^Rs0%GueNJbACjQ}sNG6lH?_9#5VNhl_~liEh<Q#51RbS>+`oxGaAV(m?yGbjOlI
zm7d7o1KXqI;YdR5`SGDoQ#^YGjbL;*;mYk!DyJBHcaH9&#HVV>Gx4=XUBnZ>%xc+X
zets61Qyc+QkhCCH{UCfQ{Z=&$&#p+??Jp2<Vw&hkx~RWR>V>5R>j}=$)mE|L=Efr4
zS%Cyq;g;Z>`-%Wn8Goj|n%L?jK!913V1U#b5xE+9b96<1qe5FrsDFqb0-zL_%!IYt
z2p}eFgFytSBZ_9EH6;>s+-jJg2#O3f-qwMsE8MS-BY=XQ3xsC8J>R23A4n#sVdJP!
zpwF)#h%o?|qtA~YFDuv(oIy54L#Y8FW=^j2^ar3@Ra-~zBOmy#FSlyE;Jb6;wU3Yr
z|2Gd{*CXoBObc^;Cevr<EC;ktOMA?4pHOpRWU(=@+tvtn*P~sb1DY2p0M4YFjj@&O
z1BCC@vO~$f>jU7#3m{KD|I`NmxT|K?$_!M<OX5{CV@DqFRXLj~`Zoc%f>MEvy~ZE2
zt9Be`5WM)CGP#11l1?LW)S68Q;87*K{<pSWkH11rp;nIN@$#4H{VC`WvWGs;F8?2&
zX4BGi*Z^=G^sjEIWN<ZT=g>%o0tK;rKM!F0D1>*hE12I)Aj=`kC|2%n;ZLhI4k&#=
z<j>#62O%g&V&*YQ%t+Lt6f~Q(@8_>B2VO+zmW)!@5o(i_e-ko9G~A#+lz@56oTm9!
z@*|gDWfOlmX;0E#@FM)3Dtn*-A~Y}-Sid!o)#dQRWdiKu+X7Bj!-nnafp3y%O|Sir
zt!r(uR+qCsU>K#&z^fUUyxn#gZdN%Y&W4V1Eh~s{AD4`TB!(J|QNFQ-6}=mE6Y7$e
ze`XW<fR>M4w=>-e+<XXIH$w~hP5qM@jof~kT;leyJDaCGNb}D>grDXvny6Unfw3u>
z3Tkk-;3Q2ExEmeX$ULBXw!070j6^EO-yjd|GzHj=qeMpXS%HJ9oR{Yv#&`Lw6$G@P
zbTUibaklM@h`(D%FJ`FJkIXmIm{%$UGp7t&YfW!)pE*vQ-W~8EUwJydPp%}zt=wI;
z((P3HV^d6R!5ziQEePB^g`>lnwOuF&^xyt9*R+~pvj=XrOm?dt!ojQV8auz3q$J*P
zpP2trUivo@_2*)a4(!}>iD3U2D#B6zJV;GU@`D!#vAg((U330NeBA!mxH`W6N@j<n
z5Xy{OH({WeNDO-A&awh<v+#$$`p_|}1cYnViazj*+^Ze%2kI?~@D`xi6g{b)vE`1T
z7KsJ@*yr2$Fj4SXgQ8a$CGJ|>NKpylW3QxA<xV;VU^5vy5cAro(d=JAh#Lqxu<B{c
z$NWN<*)}KGXZ#A<xKg%7v5BT?C)p<}>Djkym}t#usQ>g2Z^e!;!avg(S)fk4CmL<?
z(cE}ROZc|O!y4C}5jYjZy#S=;cKCqJwj2sR1croB@P2ihe;l?oQFClcB)UeqyTll7
z`ac4yMO273>DTfvd1yy#l%YT41&+b{E(uX)NBDP`Vnlz<3#8uej!ql6g1^M~*D>;P
zVc@RktEJ7}5)uhK9UFF8T7Zoo$qO7_zcmddzjS{@fk?@)nCg!J<Q~Pagbwxo7|}e>
zVL(VP#D>UM#Mn&jEG6o1736&>5bgRnr<%Ol$<-r?>APln_0#&Q09;>9^9}k!0H#ZW
zU{7ut3<y7Wj>gdnCM1nygZL#O_bcdCg$}xQ)rF}E(>{}6MK|)u_$ofC3z^!Pu@Cgk
z-vA1WbhAI5+b2#IkvJ<qHlT9V^K7)qP8&>nq8Q>He<1YvK6)81Xp9B%{F6MgCBVF&
ziP^;3@p;iF893itN8VKz1+>^=vWcGT2OH$>ASq&_th`+>x*K;ySs^6bLo9r~FRQKu
zC@SlTr=<z(0SZMOuzi(Ac@t-q^}f8Wc^k>oWUc&9Kb$a3eU%?%XwNKbhZ1a=0lhd{
zfWk`h11}o>QzS*>%HzE<Kmup>N5j0PHB`tWCRdb&bXT2;vU*<z1DM4$*Rk<)d7hlS
zfPD!bRnBW7G1({UdR@g53e$Z1zU)H8!qA`ki1M&$_gtNasrM~TsafOYMgC8BC|#Eb
zdn2WYis3>g>r2QG;|wX$rnd|aL<of`bz#U7Kaxo&-?|w9>+N)af8r}YwcM1oy+P(y
zQ5jK@FT}BWW}sltW-OorsekkSSx6>h6&HDk0i2e3XG-vr%-9(OX{`q{4At5$U8x;U
zB5cUz?OUY2D6{Bg0Tih?Ws4Nl9xa(nef!$fEq~nJPyrRI?1G>R4+_@`#4950!AXaU
zr=7Ly#O{}kAAUVQtD*`r9(5gb@*&_r&6M|sB7fE?cK&cWBiR?B2`3pGWL_Nj9NV@k
z@qJAq)b$NRj2MFDj&1e_AVWh>SBB`FHmPuV?r!^C%;W`+{t3ZIUDrWbYp{@*4_9V`
zID0$pf^j^C%{b9in<5jm=h}o5P`93Jc1-RN^kggXu*XyG16WQOL#_+z+gx1eaAC`7
zA2#DXvrKBBadV@|{(c?fV;9><`szt;Hk-}{{A!XVQnXD7z8?KKuQYQB6GyQLN>q5z
zQ5BbN&laVac-B>D4ygI`pbfKTKHp<LKdjB-$nV8UyhWokW_aG}0edDQTg+}zsrp)!
z7Z5QJ&m%6SFGYXe@M*s;vVGA-Yuh-Z47s*;=<(n`L8=oUFS;5tss$b&`=_x83ftTf
z-@T{}Vpfbx2E|mb_b|3x)`<^g800&9l-=_FEL$`JU#F0muv#i?H4@y*9G{{GTOY7X
ze2<P)G$@c;*G7^>9d+OT<qP<gn2v!qRn>_2vE2CfovMSWJe$uD7J&#fu??z*l-Q;U
zB+!iP%(=s>xV2Q<xple96YW}gL|w7%I`~1&<&|t0Xv51@CEI`?my#@}!CJ_cY3|BE
zBw=mZoJ<n6UvqDj=qUFb3g%FFn58wnn&8>^i{RK{YnvJa5vusWSMfnKYHrlrm?;(%
zKhCOpVZ#}#U5qvT<1s*px<F0=!cqmyzuc+-b)DA}7fZ?MrDkg|D=e<$K9`fmUNlLu
zHy}*CPnL)DxnWE25KeN$-<CN@ux4FJ)jFt^K^@G}N{k2*rwqTAk?00M0Xuuc>SIU9
z7uG{>HEhIVoy>m^Cd}@Wq_SDN@lRc4{Q7N9Et)`a`mQexS)zr;L@Ysf0zKb)cSPuv
z%?*5c<bS6aqKU9CbkvrI&fu4VxZk{#4GHEu5m_>}eT?9VZqj9oL1d%m7<#yM_&65M
zd?s6&k+LI>8lffRKu(_QhPKrC4G%xX?rZI0qDNQ404xPW83<0uGU+cmn@{R`46`kR
ze0g-WN8*ZdmIlbxIYs~ox7xMd=E#fa69P;7o?6gU*~F&FfTX=u(_*_KyH9)6T%93B
zZLJ63yD0DBLtR8@P()GN$UGvP3dX{jwEQT~*l1jRZ)N&?Vc7C6I_LGo3<%e;6&Frl
z8VNaqHYVzE3~tu8dE)BErZbISoFjLIw2Am6Q)MH*=ep>5P0fZ7_e(7}UVI(t{op*M
zA3(RF9)MwKkzMrCi0Vy{%+JJsX>x<Bs^0tg8qb7IRWM3ui?5R%2n{ota!N&vaJMB0
zOwG3J)OkY?SODh#*Jtt-6`hl-E5hf#pzbgZH8`@nibQ3y^7I2RjMzu#i81Hw@FK3G
zsS}m?5e4ybs~s=rEFIa6Bs2cB5EzzHSK$VpT`vR5yWM_Z<Oz=NK?S-wt|bZ8!JJ@c
z5m(BV<|dgvblO5~{x!porXWvl>NOK&NP%7*rpq@JJosp$oG7e1Z#O=CKcCo!rG#(f
z8W9Blysf>&`|3%l;5NLl*|7cwl2V;O+g^MHgzZW#H7B0)rJJCnMNx83@pE%hFzf4I
z>Y*ObTqCJo7H8B&&9h5P@>DL<GO5;O9A0~{sn&&5Gye!h1?LVd+-V|{6&I)d(q~vJ
zLynw-emu<~awq{tW(_8)Jk~S-rBp~ejsQnnopKUt?85P-_(3%o%r!g$a=hLjt9<T#
z`rM}rG>m>1?DFMfbEWB!&O@zk2*J(DM0vM^99@Pcie$xIif+O2=5M(K>}-8TgGAoQ
z!mj#NCbJaZE8+M@X4)H_AVA4#Y<sKLaWC)8)&>D|%Wly0pEZYBMeCBbmDm6nh@E}h
zBHR<cptdLyz*tsYy$+1LD>LeP-@YFt4oI}D0D`PwziQ{Qp}W#9PL7H@eTsosT;Q5t
zApKh3G8|_6xDoL(q~V5<T@z2B)%fskl3OrOxM5%(A@eeOiukMe@EF|f-@SdA^q|<#
zA{=>Xyje-ki1q#Q8Lt~l&Jp2_oa|>O;OBp`s93SFl)fp-5;Hl>x}T(^q>x{Kk%VL+
zgnvT_FZKT96yK&4{d)+i^#i#%#@+<rj6=u9o;|%lp4Tf0M)~8a<CLheVhW;rR>1vQ
zc2W9H3DIn3gej+Joyl>6%Ts#56J2KOP%r8wDgxd1PL-n<Jz~3WBEni1Wbh{5wqOhi
zVf%gduq+S(zdU<LeIOYj_(#8T>2%-+ToUGAmkq$&YX>BRguHzcH8o0VRmL}I@^&;H
zZuZowjv0z5(n>~y7=bxF{t{$eoj+^jg0xNaPgN$Q*E&T2?_|H~q9K9az4;1O<NP^2
z3;V`dWLGv_oW>nnN;qVfq7*;t+K(8_(9c||o$<Sj9Vh6EHks5cws(oX9D`Q63Ff=!
za}w}$CuGhh=v=Vt_|y>1JJ#0&1$V*bLj%ya!U($;)iDwij;MA@j}UB-Ur$qdOiukr
zZ_#W9>?pB;Z51xN+C+}#z%52E@>SbT1m~N{R#BiI+ISXHHyk9~4G#@JYjeWQ@<{=5
z<VWkhLAri-9%!1#D_6EawI;#3R+1!Md__Ze{1J$qZybk&Wc)$Cq<bE@rJHRtMgw^=
zlr^!T5Zyw15dBS<#0I;Cs8-W&Rh?Tde+Tr9Y+X4*WzXN}q55wJ2bjk%*FXG_=-^I7
zIUds_twT7-d6{(XI&?}!|8}d=1Xg{~Dgf_yb^_4gOce<Fw@e<u?x!0L1lmUoYe3wy
z6dRcNB_5r6DM*eKcl*Vhdjl?xkJXzypn=4#`EL9!__K9R0h(SK!Y$DX0@9Y0eGNm-
z1eq)zjey!GaeOrTC?rneIzk#@k56eF5tx>du@;)tSk3KP8*J?;XqIflQQfx^S!m}C
zyZ3kRrT6`FRBv}?9zHT629ME(!T94zk2yZOmc+Z4XMKJiM9;n~UyF3b`xZ!R>2L5|
z71~n3o5b~P>Q>^Xv*<F>KhZ;d>Ir#>h6Z@e12I^F%<MI|eg_Oh9m}Ce8bXLsI7d72
z2{LoMHeZQ?VDwGS=r|y8X`fE<K=o8`ieD9iM8IHH&^0K5@zypU59vTPKY~se91~(^
z`sWN+yUJ-AftpKEGEVq50Fe&dg(l@871PN1TaXU3+fQ%AO39eB+g=^`l05?nTHvWE
z36ZnZC{n5^v9=p5Bvl_Q6xkjsTvKLBA1<R!Z<(Y|_sti@jiek&0S0SzM<^x{xm2L(
zWe*d%WHv+$c2(r|C1}RBCTD0`;sz_v)|TQn8L1JJb}s|Mp1ZJUcbM>!>D&_rsS!HZ
zEit_!(CoSnm+KMGRtgGZh=|cM!^XPWY4fE>b0Qn{+?1sM7=1%3mQWu1vUG8Q5EB`j
z?*5mfEGHqOfvMb92i9Pq7B{?d&FmI+Gn+thtigU4AY8m!M3_{lc&=v^nQGaIDmjSS
zQk@b)>K8_qFoDBL7$@IH6DM!hFT=V<KvOZL*SGwMH5#czkTicwbn@DzB=-a71hZk;
z)Z(`)V%Vc*&P~r@aMx=0ib}7}JTUkn%!fbe*MphaR2M6LpfcnGq@Ake4H`KSBbMoD
z(mZ1Dt3^14<WMeygpuj52ocB_qklm}ncOVn<L@(7@%Q-83q1N(-Px>m^uC7GNND~X
zuLM{Gi+t^FrPzE?Kz$S^nEn$)Db46Vqrm7N7Mh$xDdZ!u;S=uip5h<(xI*<p+zcxq
zamG9NqDvV2v>ZSud|)HDRBq<K{(DY2Y}(A*6EwjkpTY5kc0@x^G?Mfi<xO<K!imi%
zI%8McApJ2DH%T#Ez(=Jj<B%@1aQ%rSmiEm*+Lx5m%!J<4X74e;j5qi)gCzik0N9^_
zMtp2P|A+3s=j>u<6?syJnAa7j<Ry~29ao{bZJErR7#Z3G1s5|npMy5+Wd?Ce^<~(O
zRHD)B$V<a`v2ESXXS!d6^vkE%Gu-kk?d&#Hr1aP`bO`Ftz;>JEbl<*@dm%Ott-t<%
z%x*IX+cy53`3f~!*f87rk59lpS2iY~-NXTa&?yMjWF?Vh;DWNreKPZ>?so38<SAs%
zV|Ytc_)ba>VooRp=|<pr$3Rj^Ys9x`V}T(ZDCMK(I*rM*!9{oBg2!juVnCWT&frf1
z(I@%J%+*)cm1yp56L9{(IAK{pa&V(#@{fQTS5@;j&u`D~t24Ej{8wZ{=ECn#J{_L>
zGdBlMZv9eZn}6b%9(JbNN$~G{b}RHp{Gj}-kP+WH1%`G7{T$3X2COgnQlHhE=^1aK
zQ9H}4DVs2{KKxbPk9T7JbSL-ehh&VAt;B|P&#fqaQ#qHu->M$nqq}fd=ZWh@i?GO!
zM-K;075v*|_qi%EJNay;?Iv@YG=@x$06V$c_sMRxxh$e+W2wZSi8JavTfEF9&3p;*
zaTdocBzne@LugCtJT<@5;^S0bE7_JccrH}L<)xn$h9WxSuM3~0;K72I-eKDNp2`-^
z!Z|y;S|8Aw#|A^L$(e*dYB?SykXQt394lxw3JWzapH}5U|Jpt-D(mZ3@LHPr@hA9N
zFCQk<rz+|s&NtfO;X+D^W#w^7Gb@*u5!<UWu#iAPqqMYvSr|yLk94GRUw(`KS=hf<
zv^PF*C^2uEX){!NHPWrQNs5fTT$MX7_@s88zhzf6lHJETC$!yZ&+}qWXjRgrtd<;!
z6&cS;>CwVkA89luNc)~pg?ae!!I>V}KuYTV)lz*Sk6GWHMfA7U=zfa=o9_@wAg=x-
zTV##lc}}k7%*QQvis_{2j|tIy_0L(k<?>X_k&lf<X^<B|qs>LbD|>66x7xE#gjQNl
z%4(Wdb)~-j`=sS%&j$`dO(h3<QhHi1Dr!7-w^p;_nU(b|2R=ojc8__?Wvqtr@$C+q
zuE+C9w1#pI=}S@SiCQeuYBQ9n$BB@VF1fe=wtxByqMl(D=RHo4+<dRwdXvY3>ORcb
z+t$Iu^ZZ-6e(}8G7z^n;8%E4cW`5WXUQrSi=nmY)tW{N36)1-LE^j!}zo#n4D33Qd
zE&U&vFbbNc;4UZoZpRoL+$B;JzVf?L<LZbMiKvu_)L%{qA$V39M=v1HiH{-Bo-p~i
zLpWmT-(_s|sk+>z(wMG1ddzL<cR;W~(vHjSk4BdFOaU>IfyaTf-9p*bXlM>PGj}V9
zzY>2jqto7udPta7O@A5NAZ#{K%z0F>9VKYq9#Ct@{RWqGETW}8OPkinMs_D`P9g($
z9hSQ153VX$TqV;EM6Mi_u_(Cs4%RV6uDpCl3_i`wim3q$(R$H+WmFb6h%@4gToEH^
zdvW&lU+j{OV@pBWyfBQ%av*M=SAX7g^BD}pj#$b25a3do9J2=)K#p%8w^m0g3M-Tu
z)})?TvTBRPx?Gq|1+?h5rCU@WtnV5ALEos+u>B~}xr?5ijBy(@UI1tpj6%3Hacyi8
z4@bBxrbnO9!)KAu;mid*9k`-TnCNJLPlPiOE;rv2<nV&jz|RIK|5~&Oa!#v?0PW>C
z$p0vNm?dI75!L?1Wnm))dXXSi_O>ISVLa|ft|VdHqHr*nxahIPV)nf>l@r>0WGHbi
zQ~gO<Es5Uf;!}C~x&=2_mH#PC$ImPNr&9-FVw_cLh2p;ged^fl=qI6R^bTMn8%Ip2
zQ{}QhM@pzuhXLyPnB%;a&r!V5>h;F*>Q|f&(f<m|s|5ZJ%|>2!gnf>FXY4M^p{LZ1
zqPN&CZfC!6G+T{i>Lc~N$X?gORb&l9kGqtbX-*0IB`U1h=m$mf0fHC#D_=`R)@)sy
zOX<1zmE<xzYA74Oqte~?{52m*x^msr-v2db*?v{YrFHVSMO&w(|0_=D;p#P)cY7-f
z=81bNw!0;U_YA4qI*$Om$cZdpx@-FRx7M(GNc#lU!nP;LT^r5%K+=|9Y`7c4-S-W>
ztl~Nc`Fkxr5p-Te&SoPvxKMUrnAV{GJ$2bTu0&5=?N%|@$*#l5i@TGG+)G2X^N#zW
zx?Oe6curdaT)|xC&S9IF76T3KtnVz7nZZW1xChbxe`0&Q>Xs=x0vy@=RT#dUx8loj
zO*MA1;mUf9bdjAd%Lv~hG=>}gt@8gJv;2jBO$&Mcw<8V-T$0dGrpe0L=%^J$irb`k
zH|J_1D}oEzX+ZGwT5?rXo6%qQb!~N(;=4yLZb$dJyx{Nh&BpZMU7@VG`Xxqk4r;|8
zL~nfHv1LqY79D^y*Nt@f7Az-B#eHu58A!H5$y2GpI=uD|24>&BVUKi=Trnu_Os`<3
zc3qxA_h_Z<kv#drEnyl(ODE+hQsM5!GR5S&OV;T}K*H&|E8O`&kV@~`Ivuf6CEGdp
z6ly9`Joq8bPlE(^;rF0o+ynpJUV<Y|s%O^VSGnZ7kmWDZ!m>O4SI7thuN@D3jC;Uj
zH)7IU{Y5MA^Yb-vWSicOu`<i1&dGuddhjT%7dzi&1?#F^-}C7z&$Uz0!izk1Utnai
z=o;ok$H>>%AtF$uI5`bTCRo{x`q`O&=oJ0qXwlw#Tft1wq+2#=DD-=w$>Zib8u6r?
z)dZvnx9EK00^4T+X?0}Df?Hn`+7i6nrQ88DnxQyUbRc}yTSCNakP79?Pu{s76fj(K
z@u4G;L!7nIz}~gdBSp}7ZhyA9rw+(OK5CK@L}k7@9S$((tUY|c?>rzYaino{7Htb&
zaQZfh`@PByxMdsFRECK={;qoF_{@nHa9+Mimy7s>Ke>4STbKIrkPz(s_w1<(U)7a|
zk{M41^VB2L7EXo{;e~ZIT{y0V9Fh0^5t&#0gt(WRPP6@xCKUgaW%!iN5C4>nRpVpP
zt;Fm|!la3Rad9Q&!c4}r?2EsxH<Q;U(Mu1zF$}3!M_R^9$8Iv8zk@&b8U{FTCL>1J
zBKy)ICB)<^FzFCbHj^yuidv4)%OW)=^h)b*{zZdA(JQG1;9KLkD2geLKAcDg=bes4
zd|YwXn#s5aHa_>I*dY13$+*@~+~@qkbc$wcV!)QQl%r=(K7FKXu5M8Z*TcuDu10rh
z%v0&rH<@oD1f_fesLGKf+jw&u$UIIyEK0L!5uHBNAyVUIye(^;bf%=lijdSw-uH_*
zU=X5f@XXshT0+IG$b75fl{aWj0HD=Vlj@Ms2ju?BMY%g@RUg~N^eH0yTAHxyt#a3o
zD*3TD`}<9JrO0CtGS-U^owy0DgVgnH<J%`o8mvz8)1Vn@3cO}I8|ZV<_sxhwLXE+?
zjCg;Qok9V?XTgFqm$(O<UyWbln4~yp0cOk>iII5SC4;=L%y<MX(9G1Jk!m9JG2Ss&
z>OWMYCvQ%@0-u$(7^BLIy;1#kxN)ie>Ngq(9(0k8IC144ly%Fbc|Q3-)(i*6?P2b(
zW#0RW0dXlZX*62O>cA*6&p$<8jSxP)Q0ukG)->7+locmO(e8M1FA9HG&_2XVjivXq
zb{*0-n!2R1thuq{2>e+5ZfFg)MQ{H^n4cWA1qcF;DjQf^^R(h_HxWwaCwIzTb25<4
zB|SgI&8n_j#o4Wg?Cm=edf~82*9demXoRpWO%i*cLbdP#Y8ywNw<*oZt2YRwBO48A
zZah)_$rJ$R4GK@p$9_2!)N3v-{SV|MYj0Dk%Y{`h(o?jXyo}Z~G@a)0&_8Dgq|_Hs
z_xix?33Arl3Sx7Jhm7q8kCbRG5OwY?R^JRsVz)f7-1apaC?`&O<a$U--M$wWDliZ4
zR9u^pf17k{onYT=<!-dtj5^VOjL!Wyr{@UUwlw&<s$I7>Ji6l!lw_^-;$G%P!L@~o
zbsfe20Lxlmzl~ZACdw!F`xjw!=8e;}!h?wm^ui?k_RjyhH1XBdEeJ*PjATemwua;c
zGOeCGZo-#M?a5fSVWBy?7qJ?>=ucYe6R~idIvSpqHV~27cVy&Aj^U>-h)JM%g9J?*
z0mL0g{|><o9Y5ux3rEOBEZf+&AEh_n<MOLDf(w@~28R&Kx-kyHS}fM$(gc>QUd;7y
z&;zL#?=4+Dyr3rP$tt$IodvQ>aew(1v@TDqN}O}4i-=97v5+J?gukPI#uNiDD;6ZR
zffwD5ShZ`>IniP9kxz?YX7_>e<eFX2MH$_>Um?PB*UQb|e>>4WlEW8wKSA#+>@u5$
z#J-Q0pJGLDl&7jp^AgvgNa`fRdQPC*6@bZKi~bFeX8VuSExhS5?|E8h5pq!vVfc~I
zs-b(o8u$EmUIjmc%r~F@)~zLy&jNB&{x_BdD=JexVsuA_MO7Zi+6e?T|2<W&?X%Qm
z0Z#3m$QNE#d|W9gY#TVr&jS88;vj}KVYrJZDGs8V56^kqDqeecB<xo4Cc+#9SJQ;m
z*EwLC@@GF<NNbd;cRPsv8-NZ1dnG`pQ&XV;?ubSIqi7#a_JvTNxjRiGx91NMm}dM`
zzV_F-yAI5?cMiI|S<=q$YVRV{;kbGS&LH?uvMXLqWVsxg)F<<|rbN>RqTLi<kZHb)
z)z{!y0aE^;i}_Ez=1Rn+Tl{=mE;*g^mZWdW|1zgJBtCT#3d2VlowfjSe_!;E&0Lgt
zGpZ|{J6^FYA=_X5fl3(USm+-pQhS&9p7(XvlaVVOCzHn-ir6a|jUKmDXk*l#xahB0
zaktGQVc72=HaTJVkrKB63JX1iTIwS+a;J}%@TyGGD}wl`)-AL0Ry@#SsMiC{uo)Pv
zpfH6u(33hUW^4Xz563kU?1&O5j1D}?pSYpLm98?(_n?ZdJ>($vZr(pFzYH?EH!06X
zGCN)q&qZ)~j0(v_LCjtHZ<Z+8C3ZyW_u6@*!Hb;}D>E002MGiUws;4+Z>S8du_=)w
ze6dOVm0K6<MX3w9(_>@==3_$@tsCZ}m!{W0f6d*%`JDNATDa%`-u1|Ag`wMkjIREG
z2z!G{4QjDK&wrooYV#2UFeefi2#-#6*+H#M9kmWmrD{a#B|mBEAO#6X)ip!s1pfNZ
zP~pNM6`ZWzaq$~>(7C-yFM1iHE{A}}$BA9A?w~_}ofDDLUs}*%kDl$nzFiUI&?7pY
zoCVT2X99Ot6li7-uzKPD#$jTs9WTydHhS;fi&dwkKkN_?X?i#W*6nu)kX=C2S5H1n
ztsaZ~fI7w65VGi>^j+_h?WQ~ku0#xql9wnq=QnXM8^c7DM6A7|#Bj6Xlqd)Bo5+~W
z5dzJzYVWk)xY7K&CWOL9XrS6aiE=BpP2S$o<DGV$nh#X<Un@^BB3=P!B1<P50B+fV
z;Ga@qW=o`eb~mP;3h2N?$mqNZgl`wz^vW_(-xfprAM`=+%}Ef#SD!h!;YDgG2!{uH
zsGAmJ_u(|x|Iqh@VV&CYgyv<n%b~+&;4#X)M;Zhdx|k|-WUF>yMMplAN8{W5D9~h4
zOx?S|D>JIE&+KSP=%4uePM?O_(R{{#J5KLY>cc1$hT#iUSq5wof#9P2FmiOaMxOMl
zb}lv+h||>E=+UfYaC&N{?Wy9ZL>X@!^E+`|uJzv(Ltjtcv7&L)UU|nFtdFsp>Qskn
zN#<<ut52ph2zoVHc*+v`qb3LiPbIQLVP)1(dHLWIOaApsv;N7zM-C7?_#P&Gk=9B=
znSJ9RW(P25Q-D|Zz!vExR(g1Qis14yR-u<eEXXOCx&9gEXYK#%?Dag$jaly?V1?S`
zk0o{yy;V9TBZ%o0%s>#lUKWH>fQQ4C?i9*RtcAGs2?XC|g&`6kH1MXMQgfT+)On%S
z-VMKX(?+4DH0RHDck;D0xc$>Vdc<D$V|9qG`{oKVuZkA%O?Z6ZC5>}Z`BE(zreU*t
zyDGXs+G#`J@D39~rOtl?`JdeC*dG#UAi!;fj1mi{!daR`#vD3O`$eP-=9pf|hz?;t
z0G`voE^l{usvdY@)In@zx-IVUoCO5e%YuFV4PNL8*eT1hv<6{Tf874^H=hQaDuc0S
z{69U?dQ_9H*T9EPD%U`vG%w}_1+k3CWT(H#R6B^5ZQ#3(VqU<DQbngK?{wzKqe3_f
zV4h&_ehPS5;;upwG_EemFL^P}lQ8qUKC6B%bpW%eSTc6R-U_!SuKAg$H3-WrFl*8O
zDRHqMD}op@TI4N1N~Y^Zj;<XC<9yQx^n#+Wj0ohVa@V<c4ju`463XaFiJ%+P65gn?
z!sCTu#fcQQDNo^6_^N04L(igbaXDKpp5to#ff0A+l+?y%p7};n>t@N3k_7JL(q*(H
z^JV`>y7xx#MP><dOMa>!Y+B`3gmTQf60E*cuzfx+s6I>U2uEv_RhjCaB+FV3)Lt4d
zC<lvyWy({c)n4v~Qv6p6#E6~~h)ThG6F7radk_2K2Z9W`MT3ukEsy_UMs{2i_CEbb
zNZn@L*fmlw*$Lz`%gDSSq<!$qnx$u!QQvO4IRM>Gt`BMHZ`*Ekv*GZ?n`u~8B6s^J
zXW;FYgqw&J>gm5mnYs4QFp{Oe<YxRP7&iTJ>Fpy99mo^pGM^4!HN=!SuMZ=2G<W*x
zEw6a4SVz&iV)f;F9O||Cmeh7gzPKsB$%1vDLey0_6!vfjMT_JbNFAL&Pd&Xt>6K|o
zff`F%TyWRk)rh*;f1nndbf7H7w*Z`%%#BXPOkQvEg5aY*FlG6CvH9)MDGhso%jeD@
z3;OZN5V!b6f2=GYh;{`hWL2xymh+0C_AXu+&T_CD1R3>OO4VRadWl^056kpP>^_`_
z!pIJxFLa!@uX5y5=3-RxjZ;0|$u7GkZqX}mj;D6wJ_vuseg7m>p}%gwDq<U>(Q+Gl
zB4RMxg9tdMtGzoAgli3-tJtspToy;e6}K&`!M^9~Q~~ymLt%a!Q2xZ;j8}LbK*pKq
z5hj-eyeCSF;9D&PH%{w$ge?IOoWc=iU&k(7<~O7i{Tun&3oF*cDW~~S90U(@0I>^g
zP%V+^e$4(Dq^yE?NGU0|5#+(C=Zn7itdY)m<4W>%<;9$TJrksy!y;Cd^yjiY6L8*`
z+~7#StD*t9lX+n9diJV0eX;G_X*N`0Llq%cfrtitq(*ubzr65wo1R?hoZP(abut34
z$Rwv?t8ZEIo2Y@L-!At#bi_d~@s}$+cprH5D@9&u)DQh=?)OTfs8lK@L|Vz(<{>G1
zieZNi5vYjNR3WJLQa>Ksg5LxS^h_n!IN^}o5trYSI!YXrs=VYRX~VDJ#IP^>DtU}y
zIs~9x$Y`T?s<`?Z-l#)I-N+F?5iU0rCfowmuoM#$wG|1eH~_qT<)+|~3|Wp@b(|y*
zaPu8+U#Z}#0;Lm<RD?GO?x7DGSOreX*DlKWTZX=Q)gv{phUNaWwRev1Yk7rC<0)BB
z9%Yx}8|P|!l*TBqBP>C1DIM5Xg5zZyVY6$6I^MIxw>!o#^?yo}pmAB+!Kh_BezrFg
z-bHr&UPW|YBc~vvI;yFi>X&l!|GlBm$Uq`p^e}oDS@Qce#q}MNt<uO$`^>hI?9x8>
zCQAngD(-Rp9ap?s-9OMP(}(cf7^6oxe8pYy5s-?&hQiXbp#B$k<REyTG7L3eSf`b(
z_NDNba@GlU6}>Ys_m!2B8R2H~32={Z8{<^!EeN?1+c4w8M1)+`ZP4}38}PqghYqtL
z5v4^V>tn1H1#yp#s0RF#UAbYSRy*O%^XKrIEk|Ei^AI5cU#tDP*}nY6cS<O%H3sUo
z4VcsrezSbT#nWKCMD1PdnGDQrq|^mjPhL02WKo<bkE%)#aHm(X@TjO>FX*H*BKrH&
zP~Y3aH*IB^5hQ~|g)#p)e4vixlW@F9dj`MDK~2WG!(~Tc@a53Eu_gT*OiE2BB<Ch1
z`yf&~AB%-O*WaHRl)_K`<?@JYStWH!RTK_2mPQo*x#(XXbH{^Ru<1Jmp`Z=gny~0T
z8fW(Ckc@eQ<A7R|5C?_X`#`OkUsD|_T|j>3pZuJo8$|SrO>W^{l7j>opiuW8q*{AQ
z3rPH&miN9JKgEnVUn*SyqV@sJL!#Gz?ik4HGTDLOKQX4l3Ve}#rq&9ux~*E^AGOsi
z*=G3%<@MQtz4R1wsiIk+K%Uw=7^xeg)B{V4+{tchqJ8pys`WLid5XR5T>JE!|Goqb
ztf4G*)|C^Pd(G~u==vq2;ZGNWRx?_@rm0VFQUmHwuw#apLV;>|1L=z?35aucp{B3l
zH1#tnKh05ms@13h^1M3xJbn-r7U`qX(9N#Q{N^D;jA;Jdm`ry_qULXEi}3p=RU&GT
zZRgCGC?;;L$4@KN^4}36G6TAlr>$QA+&Th7M+J#=<I}5V*Vz{W=*Q|%j=V&hU~FWl
zm<)i}j(@u{_qJVj4;R|Of{FV&a>@l?eN!TP3yW(!bI!?qBAnS6g6`ylMKj@4C9-s@
zk9G&D5~)+JqjP{1;MONm;c`Fh>PGv}jq|`C$v-KUydY1ayP-Jy=X16~zixVb+pcuJ
z?W72M?4^n(d6LA~fT6}>IJhwf-rY?G9!R|wAMd$ZDXP6}QD>SNtEuJ-hmQXC27X4>
zc->t&Vyged)ta@?di8<J?@e{~6x$CJ2u_5kZ}A5S^V3<2Tp*rbHa0RTb@k1mhcP1k
z_4JbRYm0cE8$VX;!uY{%_Tpj0Q^qv~XkGef&w~h5-Q$J(fZT`uQVYOEeNS75i_5A1
zE#U~p5H(1@Wfk>LxtA@H>n5SWOSHpEd2tn2S#wFl?zn#80rG^P_2f|AC+1i!j7y?Z
z**U@e@}q#_$veBqa7oKg;V6J<qSY`c*4$XR`M_x#-z|UPx2HDUxO)G^&FzA)k*i=v
z+iI5de$O}Mgw{d9Gz<HOLf0qz+&dAej0eWs%2;_7tFwt|2~obk>iT;yrFW^&yEmCZ
zvFj}qf7nE|D#fq46>J4mKTdiXvS8`f_t>gcrP{EB&1(yDX$1*dwb)Fb{gX5qDdDly
z*E0zZRyMuWe7cGgis<gk`cdI4R~@i2NR3WBuB7PS7u)mJZg%V+lHo`_Rp=d?*`1~N
zp;e8i&h%FbxlWPb=U?(j_ZTvoCe$x^VG`2%N1T8)2)g8v4HoswS8-fImYC^VbJm~`
zofS90#;u}c_H6m1mwGUCOzaMohww3l=OV`P;)N4&@O`4xJ|T2e_z3Z*!mn=@0AKAt
zS#1PNvHx&u`l@>iFXRT(vycTZX4bV-oba3s(R&;4E41&yd}*1Te!y5F+AskfU8Z?z
zDz;!xnu;IZ(XU~;P-wg3L&P}AMg0h3Cu{kVc1`r&)Sa?aKWe-DEsAKMdk=TS1XNRm
zQEQhCN6Cp!pgP}bF}3IzGpjx-cy+zy%njGk4_BuR3P6aRmDeu8C=F@jK*2rKwy1BI
z3fyA27_mkuk*l#WU>Fa7<XM)oh-;+B9(3G`ML-R?BI2aNL_#;(dUw80Melb51N0e5
z1A`U9ZmZ+PKaW0m65`r85BYJmX(hL5dEUH#H84mj*yp*!vN`t<qjnDc;$C8|{X94%
z;hTK4|F4u<@=H}T$`tSaqv<Qd+IpUF6M__X*HT=IJA@W@cPsAh8le0N1xoP(L5df5
zw^Ce!ySqCShnxQIz4<WbJbBLUj=VG3oZX$tv(eTsdg6Nye+nQ5$WPegl+;a#?Er-9
zu#22sN;h9bkWz`)L`mOV`$Q4*RU9RHeKMoM`EiVweboKszOwUuog&NkERtuNnTWMQ
ztoHvLMc=kq-9!jpSqnnIDP*x&Gom$qson@R*d_85MwFtz9}_~sc^`F{D|bVOqJJSH
z3=_cr^T-Y`-p7gN9=LTv8&MKN+te*W!I>ph?eb&$zBFnj^Zgu!MWNT*D~Sk*Uz2U4
z)6u0fwliLurDl%_6#gr86ffHC<{EzN_}(Y|iwZBFtd|l2+_i<97^V73v+!v7_I;fT
zU|@l=z3RUr`ZGODoQ(2Cebc<>95=%6S8dy?rOkffUqicYKQ!F8Icrj-#iwQf5MNZ2
z+fDPzuSVo@lnsCFD=E8TSGd5>WHFmwP9GM&x&h_gE>cOsM+~RmG-$+VZam8|XRp*r
zacuKs%pKYDG=6Rs3DQ*cy&K-0Hpu%lx`hFH^ZA#*&%VDz0Rpb-VMtOswgDjOEK<<^
z92JwL(wO9XJD7B1gTecTg+@eYfCK7iuFD3XXtpnYwKX48M51s?O1Nu5&og|Hs(I?T
z1npIL9e-06PxEP^HVZ7cHqj`$!OB9T>&SmU_G{}s1GY~Ju`7YBG6I5!SZ?*Vek-9-
z%W4s#H`D$-I-|Pk{B%jnOYi>jZDDhVc9FyhPR4|&65x;=;})e~P$z}Z?&4PX?@H(m
z{1p_QK+j)eM0w|ensz7QEF_u67Spzs2aqi!tJ-`pGi>rhT8~t>P&XJWl{8t<=!(xR
zF{&sX_%v`PjBo3gorC10DTY18wcpGs5ZZ(Pp`uCku!UaZY&9N|7ap1645*xQAb2MV
zHjgEH;JG2jXtx&}6C#qkW>L$sBO5!pf*8deOZM@KXn9S#ueJx%w5J|!uG<A3dy4E!
zhg@HYLE2z=t}i!S;7#Eu%NA#g>n->;397KjpI>wbuELyiC&Q~=!`sT^!3})Qamwgq
zhfhnbKzXj3{TVy5m25GfY<kIsv}^3c7<%aS{{GXUKh3Y?w)DM_sp}lEX=GPH?M}R+
zs~Wbw%9kS@a6j(EeYO#TCk2Oei}Kzo24&qFxm)SDj2BMD;Yc+aF$VwBYxLBVpJSE?
z2cO`X9m7knk5TgXq}M1%VALHr1FLUE{(9EtQkz4LTP-L0UlC|uZE?RtS%yQ>oH1wU
zwu3a0ELFKIeGEq4RJeCw$Z3#TvJjTXH&j=!f6w~)An`HI$kT=9G3jGXKhn{lqCSA`
z#ZFGzBcooO1X!m&2%F*YMZRKefh@oO<@gwr!?Tg>x06kZMAs{WpS#Bw`DD-dJ(;QW
z+2+3$#bbHd55VsoiVb(2q~1$epWCDrLwjy#Z0TSaGA%r)=Z*0<{)mKwA6?^L*WS|%
zbAnEb(}Wp~ML=?K3H36jAI{BpJYI5lz}GnUfnxHEy~w|`P%RtHX;@8i{XBO&M-I-#
z!8$(rFMmg91hjYfEFfjhHSuR*LtKl5NOdly=F2z=##6~NjnEs;qo;96NM1SKKKGF+
znF0rB(MI0skIezo<pTi?i;6p|jom^<5irWZl2=cNm8oo7RvLhcHtjU}_0;GM9b+lY
z`{?G6OS=dM?77%5G_0a`_>f{H<|k&t2?@Esr#z4(4nR-Alt%Hm>j?5@Wd^HI(6&Mf
zcOE`XpW)8S0{9UvH$Y)ab)lI6C(Dj`x{Yg$<wog<^L9fc-X~pjiqDQqYJm5?-#TsM
zwinPXz@E<XnfeE6<h&ib14eyz1}RFuCmARb`|!DD#zyYUJhxyqKMkk<C<vxUWAu`_
z(|=QwEq_(A_c2g|lUx#>`>i18mq`bbV6&<5RAXjk>xu?9v7D!XLcBTNM#c>OnvdMB
zl!hM)gxr?%b?Fl^?0Bv*?-aY^S))yZdeQ-l23pyQ!w&FsC=Zx<OAI^RL-!tgQ7pL8
zI;i-_;fV`o1V)l$HLEc|1`*y<iEnos0L$VJgW)$lMf#Ky7c<{B_1cf5HEwU;5>w%K
zVU<jOV_^>#zQfbH@DGai@POdpdGYBL)G>QU#(!f4_$IJ1^ycI@YrR+S^o*Q%E8}Nc
z3gVCf|LlD$6G5^XTr%)hhP*RM9gFL~7f`;E0hs*t0r8U9;?#&QBjB)AkyRgx5ZQin
z`Rzmg@<)7$ToY>@b5IlqP0M$x_~X%i#C(h!1lp+tu3g}Usth34IH;J;xdjpDWJa1_
z{^pvAlCRCGX8Vz@I(kI7)a2zR(E6^4AF{7Q&2f~?m~m=CO~s?y@g>J(GVexKIYGth
zfiHhq7cEk*)Z^VA@T7Ea^qor72$gE;@TS`&lO~=6;6gVutiy{c^;LUL5lz=d-aLu-
z%0KeT>+=16zWz1IyEA4*1HeW}T>Rnp1W_EE&Y53*oinkoIs!(A=(mHL@(Gc;Jx0Hb
z9)=c#ZyH0HDf@t%?25`o_u$80Qa%M$id4@!E9+5{SG%MC`L?R`r6?iz*1`G#akIUH
zG@p}>rhpeEGlR@24Z26%`b(u=E0&_F_f=sdohp9!OIM+H!G+t`Is16Q{<t)!rO`&R
zJtb1|`HHk|Bs5fI(Rz}#sk{L?d_A>ZmlzS}R=nL~B^94d#SwAFW`5=Iecv?sFp;a{
z#q-zQ>I?PUQ0J3Yd1f&@bDjgEy{7K|>`R`40cRv~PoZ%9^BOLs>6Z#YXVEgvpIRKX
zpC^t^2oVi2mq_5I<4NjzRL!k{$qFUMTu2O`!Di*+?B$~n{U>#BA3ys>S*@ZT!FM+`
z#kw~Mwm<1r?4qVym@+;~<FYG)ywpPkk_`x$=bIv1Q?!d(W-Z>9j{H*mF*nT@jlj*|
z5Vb5Eu*Z%zpjSYTc4$y(XFm@gA)robET`gT+BiU85#!Ay7x?JTKrse>^Wo^6%{&TK
zQkcP(@}y46@B26Ra*K+T;>ze;1JZ(?cnzZd)~Ol-g)i$Z3%L!$=R%Wr$}!XUTzMRa
zqlG$bUz39C-^dy8dLj383zN<y5J|F?L~CL(Q-0FUY<px2<Pz#GX=zaYHm<hEC@Yt)
z+YT_V$IG+VSo7bJkVm(Mg*H{FAd}3IqQARmD95~9-Ap2opz)q#X>7lA_g-45Um=3$
zfOYZ7fA*I3ub4e;kaci!4yc>mZRodOa5^(Vj^yFH^ft6O)7WXSv2WpPJ~`uSpt%T$
zWtV$u?AvXKoBldG>Etv0HAXCYq3|QSPpn=UCG&u>p{>tJF@0{>GM_^05ea)d4qbc>
zJ&}FXG)<Hid$qixXK8(Fsk9yIfxd%}ZZs{@y<)RNP<cgAr8d#r;>rwMp;h#Y@nOOe
zU>|W=MU0C2)+lKp>AU)#{hW%}S>uc%dWCS$BzsB$ho}-7N^OIFDt0a&xqhYct)>(`
zf_#hkS=`zrdYu^-pXUJ7*3#bJcUxyB%OB^a7saM?<;JuX7d}>&CqHssj^EUKW49N~
z?*43?UKG8aHOTnlT!Q&`Jiy`4oGo^HrH-HNs`?B^^QXiwEd$rJ4hEWNE`g07{FJ<v
zD;eSr^zc{Y1C;vHy)*0jJ!=9+eE3rO1C8Ht_qg+yCXiX_1f|*~7FUzU!kJGtF!zlO
zVqrrYXwp!O!A>Blq^Fw3vy#NKGT2mPudb4Lkn77B_7!Hw>LaF7|9G=fhhF627Q2$n
z_Vrq;d|kY<>S5VVsBuQk!iWAJ4sD}mB=c$v;)d|p-K=6)KEn~&^ik1>dV253D?57%
zFC)y;aZ*^tHmY1wxWS&%97*x`&1Ch*Be@woRm20|4@V?9^jW{6Y7VNH#Cpc&=EeGQ
z<$iY%9&=UB4Dc)rSYXY}i|wwEW%RchT3r3e<KvGL(!oFG%AOmTYEJ5h7OPWv^l*a=
z<m&p%{Nw(XNN6`kK1n58xA+y!7vjoM>?iat^l#5Gc9|l`U5~|&oKEkmqnww4<l0)X
za3pk#aIfe=^A><8=C=t8u_dY=2p^%~dF|f1GVNgtF>!YwXA`8#PaSesU|_O;UP^w~
zhxz%26eH5Kbf-MKRJ3b{sw+_8rOAlh!>u3FYgaC9Rkxqn|J(gyLBd~F|BJ}4zqE1U
z`MUkCgw1};D1&4#?FP%f1vdh5u**OlSAc9^z{R%kx<6;tB>LxsA8uxp<06Rr3a=p!
znU0M|{g<5{Ey1j>t@DDdSWSG0wiv+0NC(IzLXIcldbzNjQ#JFe-P8e@nFa8DGw{8z
zDaaEGspcba?`vk)psH_ePz^-q=OF=37rRJk=FhIbYKv5-h#ja%9T-R-<VWVK@y|2B
z33ew7`muis$J6JJYwk>S^aK75E1BiW3mGgDm)y<RxmT(z?NzDzjZx~qiIkjqn@L_4
z^p}vKsvEJ*MwQ<wcf-wquTKY%%3Eyf@kdIa?NPk3N3PZ88<O3!r&&FoM_FEZ-4@y6
zN0ADowrKXW148)GOV#vi|Fzmk=P97eMG^mI<jl|+5AdugTOb(#d*w&?BfcZaRD|`c
zPI)n65B_lk$zwP#ME$H0h1-c`ONmVP9}t;d`?(vE`@T!R3hPJyj3Yf?bjhfUhGqlS
z4=QA>FB3zZSo6fl#|-9O!s~PI*NfiMBps6Q%mRhBca!8f^ihl^5cEFuXdeM^v7R_?
zo4I~|F}_n614&$nkXM&2(r;q7R&h`?2^+OrFN6$4+>JF2;f9fDZynYl<5W_*f6^7K
z;-Rp;s8xochA?)yrM;6<IlJBH64-z+p4Ao}IMvFGPR~Fbe%t&$Q>mC`_rOGv@kWsH
zjCFX|ND&Em!qpjO+xrmSzJr9@1%1=CWaa>L)p)=7ON8Fk{7IjZCx9JZH5eg)7V?D_
zz*UFK6ou$7i;(N{?p%$|l@pheJTyfeB7pXW9!bXQU6llyuOQm{T|NZO+|Y>$@N$Vv
zsX*mE!*eDxX|eZcd-vgJ<3v|TZYas&=<b*w#Xa+2I{bKl2*!5`P?L8Mm8iGwVf9jA
zSbqi7Kt%gQ_;)#GB=Di%)q&CX_>Q^5&tb|OBD}B|6=FB)(RDbta|5YP+50Y9rS89O
z&{f;jy-<s=|I_kAOfUUY$uJ%!*CDS1hTSc%-pwQ{gv-IJv?4>o#XfO~yj<t)UW?3n
z6V*}dbbzk%0HhR9U5-0X05Xzo9w?NdnM7#{0y9OC#t9(k-a)j*yL>xveP>XP88=<u
zsga>$e5-%@J8dKU#v9nvXJ5OoFzixmh!C2Rvc}<n%I0Wye{#egs%wDoQ%m;2$(#ZQ
z-{$^A+pTL-aM;DL5A?~M1-jiB%jjFqocoum%zH*NV7pScAEcXLnQ=xI`X5KvEGuy9
zQD!~fcYVXRE7>w)w$^=DCW62FNcHLg6k(V0a>BTP;T`{SGsBKm`;vFjg*&-+7%sEk
zM*qY5MtqN@>n<Pn?j6;g*lG>S9<k`lQx89zbA^sh@-&*9Es}3y2fX^JL-Y(-D&p(?
z&r7Syx`P!)J=PY4&5#-P1{13V&sQCAwvLYIe9_Kj%i^)GG^-hEz2K##nkdbTOV;=X
zR4cEr*R;&vg>_wCCrGMv)mHaek#(K-7ZpMNqH;;+WJ#y}?xzpabwB*;XOvnIY2N)N
z>(p!^4Zh^N9l}NJszSV1@c&-_RgAGRw2sZg1IhKz%#c_`g1C$dx6JnMKk@#`NL5?*
z&wY!3B;#i%8`)kky|ixr6WTTvVEZpsEIQ@GSkG7n%hS~vp%J+%{~&MjQ7<WT9DL2z
z$4gOR15wDOO^G18#F;*BJPCDEbB6TNRy~d6^p}oL?7(MNRWC4=5HtSob{1R=P6nh$
zErTNW2A5K#hl*3=$mAJzME3QION^%EnUewzKhfo(!xt?vJJ|6(PHD-_@R|0^2Dg67
zUOS)G@YO2!z=D=WpoJGy6ke%Mv|5aYU$;>W)pIC0-}BoH&sVaNQK1>i0^x;SBP9KL
zp~^-7)F&+#_z}~YCDS3kEvu!1ndjmYUq2>eyBm7EmT7&1ptR{U#nO2?^oNlL7TWFM
zhx|kR1lw{l5+MqldmRv{0=Q`fPYJP-dTGJ8e?Rl509IS~fv9)_BbC(Sr}Thlvs%IM
z2DdJUR<pbB@B(Dth@I1SB!_M0DVYc+KJ)h7Ht|>Kr}py^yxs=!)%y7Xj5SSK%~__K
z1o0zu37SQwF2CBOaf4^Y>0O7=p86dPIvR=p<N&)2fT+j+6s=!C04zoTCnLbFmX$_B
zi`sw@p*qTuL4W4Mf8nvU^REqk8tH~7Ut4A`r>vs75~Nrus-XCc7ET?_e7H@l@nH*P
z=pn=!5+B&-*v}JHdKR@?Ia+5GzL_c_nlLEGzUB_{B%tKt>AA6=4af@hFvaiT<VjN*
z@vy}o*<7l`QpDNYtSD;U8zfUq%6pWX?of#42M8cUVXLIlo@^Tq(XF3J(I`9PV{6Nk
zXJjE7B_MvT9|HDlum~0U)FaO}B6l~8>s)#DmdPPA(1Siv4yvrGjSwe>%0@2CBjC8O
z?1no*$QJ>h)`S5UDdwxED6@~DRr+;<freZtMF2`oNL8n8%9{E}wNq%YQ)pG29Yiqq
z$B9Ph4=tK9;<WqLucWESQu)AzkOU8Dt!Shx?Xy}|<{AFdUb*PEAfZ&W=j}aa2mO=7
zpiC>8=t&5Yoeqs@#nJf`(!mU+U6+$x()0*+)}~Cmuv--9-4*~>_hfOfygdn7bgcYj
zy8NU~&mp7`xK~`Sn_l0ba(hL%LMCz0E7Gw@*tBZjtSme(ykdX<-T8jJ*MLI><)Hvn
zkvMA5q0ktp(HL0cH(Xv~Y}mZ>;F*(R_@dDGG}CL)Ax^2M%ATG5>T)W_o;}B&?Xv3r
zp`P_q_{?SELD$wYH_^VQ<!@;N@hq%BFnd4e8)yChIL7>kj}BQvpD_I&w-&6ouorTw
z{julovQ*i_ydP?vlE)T4S2&j(qh`#}g)}OQFKveSgQ^;%&e&`22;PW#U8Q#q6lvJ<
zj%N5&_fngn`U=1t9-R7WS7wdw`WWh4_xPOF#46_(Ic)JR1MMB0_hnqY&z>h%DR!6A
z(Q6}53DBHIW9!kY*IsOptKcOdq5~{Lj{1FF7Q+gu-Z>bC3^8f>ioVxO9+_apdaJU`
zEBAGK_$+ubv~x04>RzaKwIsObm>AH4ENFdNny`l~K@9kd45_kV0-RMQtQkmI0<tiM
z*FvC!vrKVc{R@WX-NUUyYk43Cq$x=LH?-ZV#Cq%Dq+QRXkl|Ms#rVCcH09dsX-wra
z&vuN^!a<}`=Te1w!^G&w0Tc})pQ07H<OkBylUVTM0^w97kJgLP%YYm_x5WtRb}H?X
z_P(;gdz8(eB_#Lc-r;wjHJSrT3?h>(rZ;|RUq<7r2fV{Eol<n)j+nY|cP-MniAURE
zoj@zVVXjO;=ysWT+K?goTROuUe8eI@K;5=!>Xg(&leXrVGeRf*3pKU8zCIEwNj=}7
zhdL=VU%%%$pS^u3<&#P=p4<YsR8i52hxUbmCQC<YqNW7QZ@8v{M}H~s!sRzTv&J&R
zc@T7#jv7hLiXR)SrJUvcVzC2YUbu~)h1?Z#PyBGlcepRC(Mu_4;|xiztHWp`wUy|6
z$K|gUeX_SVb!E2ju&J-%o+MnE={{M?x<gAP?vz5e8D;zYhP|qvRr+YP9B`puFkl<P
zgF`iekK>~|q)ONw;({Joo_uK2k06<-%PirEc~%%HNXv~^yjipX@h#Q}RwR2VpiS7>
zb4nYcGbyR#K&jhrWNYt7nN%<x%(kmzBtNk5@+9^0<e!+lUmVNr7e6e;h|E>6!q-O`
z__Cy<a7FRh!Mzz37Ic@b3^u>@WTx%>`XC7M6$8m(WU!~<NBYS!xH>U>Cn@+*-vgb-
zBALK?BO(%}BvrrXjQu39v=BQzl+x4IEH*w*HLxl(wbHJU6k@g$Q+H<aA|Bw1dqR21
zY8>QJ{dWab9~?-8N+ba|4mSOQh<B_(Dt@N3s3;1!9z*cA0_I)<*HhTcK)74ffQ}&q
z@iBxCzrIyJ0dr``_rGJ398m#gEkVPz<&AC2;Hkvm;m7RDJ8YNg)ys}#%(i&tpId~A
zY+l0WA&q)xo>;E$F)3`ibm7??3YR^Sw$O^FrvoMv<e(}6m)MSOEfcg^Sy(ZTb3+v;
zDFYU@W$%L%43VL+D8}=}D93Lw^&|_9a4_d#;T%utn9xB6bn*QUMkq85AR1?({STE`
z;5aNW(+t;NO3$AaAhlJ=u{rB<Lf(Oh<O);g`rRWll=Wn+<tKi2J*luv7Gscr{^;vC
z@U9|!CeRWKC(D9wO$dc)1PB+;G1wl<)$W^fuuUT2_gPqSg-}M>uIT_UYk1@K#MJJ0
zIo*8y<jnwsgW`oU*0~i{`5S7ZCfb1^n~eXyvG|mF28|_8xrgQ(b<Ny_qvMm!nU`)l
zxogM_5$48+xt8rT^k(=)M3x_~)P3mDDN!xA1jm(^jk8J(E7X6uX3xpAma@uK?@050
zNlsu%F|{tdvj%L=q17WB%kHQ<55}+2HDn7{rbJe=&|d3fL~0VcCpRrTtO#hxB3@x#
zdNdNmoAR!}tEeQSdnOvFXk*arHi?><Q9a)K5Ki8|4uOJ)w<6Em&2_vH89eJ4T-Mb8
z-XsFQo)T7IHR>ncI?1jdeLFrnqujZ;wE=7veLZJxH0+>C!~VQ$*kKZntu)ja_<Rw#
zz7gp6DQV}33Ggxk{~`gw%r$i9=pO`D=1e<AFK?F6A)`p!N2Zicmp7a)tzC0tlrtTt
zZJBG6$oInVZKy%x@bz&43Wv*^j#q<)`kVRQpcQ49w-h#s!~wRHs%}$O$BKI!F&bnK
zjjjK&1aMc=<=!^_q07+r-l*t9&d0YR;a4O_&N+j3&D}TsCn-G38gG`>;6)0)8Sl$i
ztjLCE{(SeHn;QW~mR)nSC0zN&Ryrj4&mH_dnO|vOGDnC>GOK2Ahk1;Wr2iz@Q&<g8
zy=#ZsTV3e+Rvj{Raio82&F`co=5{{~{kG~`EblHxR!f!1VE-FD+J_6>->s~hv=)P!
zWVUA^aV3qzmw#iC1BUi)fh+mB0W4_p+n#UFW!`>g(o78?*u2jSb;}H`irWObRU!m5
zp`U9J(;P>1K$<E)1ZUmL>8_tvfESe_od_>}R(B;igWUwW<QazFKmpRHPK5GP4SLr8
z+CFCGPgT<r<agJg=gU+?A1$fO)<m7zg|3&=u5YJcreu<KYY<NWKr;Z)_kE!&BmmHP
z4S?QKc-!%DK<W4<rbKal5Z;badP|DB%}1b$g}RA_eqM9zrh4vq^;jlj;Nmz#Wjm3F
z@^4v#;wd3Vr-(5ZwV{+^p{)T3GCPj&9lYZW#OuM&Rp=7IT@ANeD5J;1-Udg#)0L`N
zt>;plX1bhRce_>SjQ+s0TiWeE;x%eB{1LWxlO1uskz}@{hXSL%&nm<DvbV@G*T_ao
z;w|TmRB==0S-*fCZJG{V()<qc&lu7Scz@sCni2EexJqw#JpwjXksS{(dH)uQ29l4@
zqv(yJ;BYNLkfgzWxHK;<*u{tF81Fs`c~DmsQmajjrPI!yNKrZE6Y1VjH4TePQ(vR3
zo?_>}TH||fSvpVEd2%9OM(@;3yMSbNf$~0}zB;Ea<KC|FUT{Xl5+u<N{3e-g5&20I
z<4GT*C)mq~`T3xtP|Sa^U#A!<`F6)*$z`UrSC0zw#l3KJ+zD(VyFOSB;c_P*_XDU2
z0$e-Y#v|CNYbc%Ws}`OrEB0TfS0H!SIp_r-h$0H0uMx%AmIP2n0igR1bmQAXK!V-9
zw-dR=2Aq<cEx?XIkdGkC3juh|@0Ak#Fd<4{bz$x(_H_QmS9A$%fC@ICr#aO)k{xKS
zP)roMy2`twQ_gJ2p0lC|si23OU#?D55i&>*7XG=D&Y_=(>&y&vo=bkSJ51k&POs2l
zalmgj_vN=l0!gB6iUQ<{e)eqjQQR_dkMX(1%Sjr&8Mz1xQ3F}QBm-*+!b2H)dW$e|
zzXb4EkR<+gbRf7ID4e2o&Drr~c0Zg0gX~QbM!xcpB(XIXVj*^2;Z{@Dw_P-&UnR8y
zScv>sbq~!xH0McD+xfeyhvM54xt(?0ov9g5o;2qd;IEGNI<0*)>mi`>P_cz==6hwQ
z8!E(Wik{@+--nW2(~>D{`T*T)^KUcTbGLd#RbDu*b2K!c*#MLQP9PP&?EhAmARoga
zy2$!dt};FwN>_Gz&dMNU&?^%LmqQ~^y8i}i(Eo5yn}y}+tw<yA?IXN$SuLg<HAem<
z)zhp~SJm&XoZsMU$@DJHNDnCE_v}l(x#O=@6$EK73&>^U7)J62!Ar<(q9neb-kW`1
z#x{H78eDaQ)@k%^i}4xe>Kjpd6Qm<|B8<2%`nhIn>otK}wdRL_@)l06NtIf<C7~FD
zL|%N<5;JA<y*#6HoOTjN=a>O5BQ{Xsiy9avzIxqv^zHF3Ru{GNqUGLKlVMlP?w6x6
zy03m`;4A)Lx7tpPgCVl-+~3?6kaUJV;L9vsA`wb+Hy0Q6<JNWbQ<F07^bM|+aWewV
zKlQ$s_w+_EkEi8kqG1@N{c`zBV&(@*bs4QnJ7}P|Q9*Y}p>lmvNx_tiHG#=zKq(#Q
z<|Li);DDAd%4fI`Ep;CeQInhdSzSjfCYg!8N&&q9QKumCe2xK>D?`s(vvNTAWSzU>
z3dYb$ONeYYWu`WokY~x3iGx=&>G_U!<dobgL8HMkosnyG3%U>(5>PD>eW?$I$d!K&
zF~FC|N5rusJd_nnt3*or@i6oLW2k+m40#*}VQzgRC5^w%o9pKv4a#YnhHn;idSvMp
zS?cX7lZCYDL(y6G^-ohb<Jgms@@A-sMuAeTzZ!0hj*7lwjDf&+xWx6`+E^d@sBb|V
z4u=4BUhN=>AEX=tA3hdcF4L<OG;ZT+m*8>#k^Mf9{1xMjls?K*-m&7lRDeTd=Qm&v
z@s9lqzgSn)1@TUM2HqCukZf_xUw8kk<s{+|{fdO`pv-M##>1dyd?T?pIE~4}q;ewT
zPb=dGly&$@DYPfL50IOWkpJF-b19mZh5~S=BnZwiky<7It2*LP-_|b(OJ5LnMONh1
zn_rsFm6Gxk@3y*cALU!xZ`?M>-uB-<ySvSP*a|-TjxIoLMhy49IeXRQ)&_C8XOZm>
zXP>}hpLBk#1Va8GO1S;-it+qB@ZL}e<A<<PV~ufRO}ig!z>x9ji4JS*A4q9aa%M|%
zCb7d#{HLxz%H^V^hJFq32ZoJ#nv(PWK;A760au1Xqw6pG->=_(dYI$hi}ugVKbe)?
zshDdpbQw$h0z&;$PVLeT-;3D&w=Zzh)$G`{tM#rIT^wKDKVGCNUMs}t)V}qPM$ne)
zy1&lJTnYBPcBc@9pj648QE`h}srbhd31**ivzb#|h{flEmQtOQxVm2)WWZ|*pl@lI
zR=^N8Z&0w?*td1QzPB>Nm1Vnn+<B!C-B;tj)^&(efu0MlaS7n8i0HzPQ0S1~@6@vS
zYeWS0h2dS+&ZU>alaQaA?mdn^cc&Cy@;2X)=3~lLdGI?7nw=9wFr9%(=k{AdJ^bO;
z3)ZzBcfzjHeK(B$c{)XTv;q>^#qOGexAY{&S(OSQ{D6&`B<iZ9)}huKcinpc{e1j~
zi85}&l3Q_%p154FK&w*3;j2m>T^XB3ijhLbWwXv;<tNAwU4~Z~(HB`Xud89pVx5g3
z$ux{JmRwE^ud>c2CWje<RZd;6>Ffgzj_6$P?lH`Qd`(;yj!sPmgMQ8Rke^D$1?vUe
z4$Ojj4BY$@7<Ae&D5$z12IT3-MnlEopsc{Hy#cGyIW!hcXh&>4BWH#%aXP&1_<1V%
z@|5e^&q<=_P|_XSvGS{y-ip0vAd^jS9M4e+r6-5mOXU0_s!q>fYy1)qj8Pr=C^PB*
z>82qag54N7p$O#qVE0j>^a8SPP*~{ItHNJhVMUqoAy@!iXGnLtzl@u2IKcaIDXy$$
zvv4j>-^${ey#JW{rjP3=jXw!BiD5YVmB?@n>3VnPQ=1~qMYf8D)XQ;|7h;tyB2I%1
zDviD3PMm-CH)IZS)X$VO)|uv6X+Q#1c-?rbmYaf0f!`gh5NB4%dq1z!I*t4O`6XR|
zVHC5=VrB*1I~|0qWbjdz<>%ayfzu>VWEHo?F&1kfKLPMe6ybA_4pyX%!j2l73F?Re
zs&9yq^)qU}QdeT*^21hLTGy%U-JDp{5c^9WPexHeyvGAVs>G1#HI$QYnpkYl{rG>k
zW%z({578BZ;XkvkF<Xq8FPagu<&8hr$`Lz^nM301dj<-P#Mn3MFx2z9uV;FHwJu|E
zEy|pEfZ`1w5uB(jpc{#7(2Hj8|6PMcU>;<9&AWns7)f70K{rYvRob6<F44$gBdi?%
zUCHr4`%(AeJGvamin86jF}n|Jpwiw@#>#Q(JJSh_qL2i)6AL0(m^N58>IzC}v%MI-
zAv%SzC)6Dk+;wam!;|f%g3+BeCOCW|h<%Z2@F2f6l5I(FT;r-@gcOr1s9I6KA?l+J
zB^UcGC=dV{XbT1}Z^hL9aO1%0)*lfhKNj>c9u&Nn-(t(M4D1%vEkj6=hkmK3+Yt5J
zkv^#<g#~@CZKFO9>l4aybH?iaN9(ti-IIekJ+*nDTa2W-qRty_K7>`;o6AATn0pzz
z#?#^%8=@+L0)IjF*=A6$7!Ok%m~fw8*Ef%onV7_EURaB~%q%_;Y)%JQsQ@*sXxLZ|
zy7}K&9-ptk5;U9gea%U3RM_2cnpL+2of!DXpONsOV4q-!5mF$hTZL2I#`2`E`r|c!
zttuyuUm<ms?v~M*;26>doW|Sy5%Q+o+GdRPc&4*hNF;(4Bh%!Dy2A8q{xo~9{6DD@
zy^F0{N%xF}gLfC)RtvU@C~d|ZNEjvTpgzjn8a{@CA_9O2yuEn`M?o7S5A{dK|E>f#
zC>E&CMSBH(4(>=ld!&BL_J*d-ajOJR3c}m0nn4RNy9)4ZChGa2_?7L&LHvLGzPa*W
zqfku=nwmr3g}Zk22r@3Z$yC@tpYq*0cn9HWJ|k*>0`-{PtScHf*bG9rps{b^cKQzx
z-}(T;|N9<xOJZY;1E+fw{~tzc8J2XX)vl{+fMrHE850{*fy!1ASox@{Gb5Do5%fAG
z*!c;HDfy4a{=?DK(XQ91YcS8CZ<<@jDu5zEaBKnI4nEXl`i3Z2@LhB$$}Km{Ll}m#
z0Z%K}M!A<U$Ma95F=g(;vwGK;WdJlqu(M_LzpE!{H!8b-YG7kQ=2++#{K#l1=!3L@
zk?FXxY}4Ny0Q#qM9?u%w+Oh5fLrkek2B?d3)y9+kpI+B2`~R*mHlXlX@lQ7fF4#v&
z!9<chToD*M`Ati6H7P8Au#YFEcF8^`x~DlHFKA`imkWyd^S2=RN9I>H<kQtLK@XC>
zK^mw~%vBQQ-Xi&Ri{D2cs8C|;&@&N?xinNBZ!d-X_-GfC_)l{)DXjeSl^oambGttM
zo`0xdGl%ZmnhLl~AMM7Dx)Le#j}*Z(iIgGhC_)`v>MAn?OgzQx|MQ^U=mD(T#Cq^<
z#T?uA3#GgDExD<*MY&xj_6hmdT+nSTcaZslH=!Phm^NF=#DDyXNn!6k^SA)24oLg-
zdj)yIU3Iu%q9U-|4AOr{(oT$>v|)p~lq0Wx7i3&@{3Eot3wPfIj6LRVeR07472B3k
zk6?6|D~CBW{8*63W#VX;ebkjB-H~L>KrqA@6B;iV?Oa`%(P)IR*K93Ft~4Zp0$8($
z#>RM<<G^J4^qu=j{Yp&)T%7)^b*s5}zZGK$>KU4{;&!QrH!|U^<jL6a`h3*|F#F>X
zbLHJ9#Q0|KB*vqfa?daJD$oPksLJ0bYO|4#>FN_T)j0ScPry{KtFz009>g1>Jb?X6
z(XHh{LGp0dQ%flMiD2hq{%ewxCJ$7EkvxP8_R9gn9d*@4S>$rn>q=$&-xbcrbt-_7
z7q&;bH%kK@<AI%c!vQdRw7Y99n4RsoeA^arRl?V05Oq~L`q%3!S1?ZCk6(i8H#T5J
zaHt#AC+K6CE1aUhW71mT+~^V<pWF*14`C5k8+=_@QCFi&a05FLk4nJfi>x5I0%RE!
zbEVklNB3qgHRh^`axZ1+ro}IS2WqOqA8Y}YodvikLR(!L;i@p@eZ_D{3HeX`MIRxs
z*e%NnS`_9Ar#8oe<Y#98+%YTDaoMe_`~Hz^T_DQih>{=rc-mz90=JcSw_gpS-VN=R
zr)sq;?b^2~vEJ^3(Z&sEZNxuh9Aueahs1XRIuIf|!(92Dt2drPW?`airJK*MXOBV@
zzP^Y(l&MKWLFj~y(>;`gg!t6omEDJpxRl*u@sND9{_lr{g^!(Yq`j=T>@Kk8Qq$T%
zOH0RqqtgMFmc~Qj+wpwW%E2jWla)5N%ww}^bNc9*n6WkSTDPFzbBsX&;0=(SC#5^a
z;IOgzURB#{Z!^L#<l<brK$=wi%yfL*OtSxJKCMkTQ=rjrI(`&ZIs&T#c72(IrF6qM
zc8(pHk1;e)FqSy>Mo;)f3>oZ?);7Gq8Dhk69mgzGz%rJ^4hO9FoUCmw0cJ3}Pc}ZE
zY%GODTG2%;v_uTgaJ;{=+cC1brY|)+a(#E6U-0>2Zu5i{Cw$p>Fpzzp4T8wne9rtB
zk%>RNAfz>)R<@|mqdU*ske~SxzuqMxlamt}4MW6mkH!1%=uPpvjLiEH*e0;c&(0>H
zil-i$Dc=pln1QuU!dksW67lK@ZJIK(*^tG#kIR}hGX;G7{|Q8E&Db4!U=xu!h9*)w
zyl`Ju#iLt)wWuQGa$2`=@0dHg!Pa>7*L+>|53IE$lh4O5X3Nn#<-N$q?oi>q&zW}J
zux@wnLR68s5^s}5`n^%(zeV|Y^_-tGu?v7Vv9ekfCmMUoao(#{3;KP>N@ysnDc;Tm
z-X=^odorJFs_pkCR=QQH=}(q_6tj!>pB!f*e<t-NI@39Bt6s98AU2EMLiq7YiX|Fk
zGM~nI+-3lS1%BGYoPjNi-g~8r!X=I}D7{*S6-_}d{>zlTA`pqb676&27x75Tl->Z(
zpm)OrA~GA{aurtLQ%?JN#6bma=Z^z<)E}kho4GOdoafV8WithCegBC?W#yd`0dkQO
z;Y1Y)7cTZT!ShBg^=3FrzS=d($V|nnzb9_WtSkgpl6YGmYwwM=Q+Zj|)_z_f6~!S5
zQlGz1uHwmuW}2dkv=)2!o#Fqp?w)ScVjgjGW_AHE6;s6KMDy6Fc`WZ6T!l!0Pr*+O
zrXClzz0zH0&j1KC&ueS+Gw-@ex-a*q&cMGuIcdF5xg&Tv8+cu$HJ!_esN~iFNspaU
zHZh<=>{as<$GW+Q@!wHEUHyG@-A5kCTSbVtBH&~iV|^BHU3jUP7c^f*pjS&U{=x&g
zb7nrj(a4#&AqBgun*C`7r=DSIY~*q@#>D1D2Xb8bXDB0Bcb2Yx@ickgL4;4>9K>$T
zOhK?yD)gr}HM#O)QhYbui@>~HV;swse_a9_+CwW=z;NG=acHZBP>OfBp2Kv=VA3a_
z&e-|3=fTPb>V0M$Z256AwBdl(;_HZSvXv-F5noW8O^gbP%s`9~w}lxAn6uaJk5pg%
zK^IF}wVXAE1*vJ&l!jE_?PTZ`n?-cC(PxdUYOR>gxy?WZBZNayS6qXUAHcMaMlA)`
zdf8oy0CwyCx8V^(5T3|2UXB3dbJQJ?GjY(eFZNR{E$n@ks5jYq%%({6JWQ(N>VfAN
zl7Aug$_%bmeA@3~RFn_iOz^eoPOGF7i7OT99l~l$*LwSz<9l|A`O2jVbnKTRB>H6f
zz$juJ!_e$tB(3Ch`<KX<B+9PgMzoD4DU`nm`%2KUS!^Kj(l5<UwBLIOW9MswU1D|}
zs%Z&ES3zmV_2UZ8R`e*$gYD(pvkI3?tU^liDh&x1N!y;ReqR&XRuojU6R-^j^%XAZ
zS%pmHUuG4=E9hRG=!sbeXT-k`&LwT{>eQ^!viiMObsp1d)e4p^sZOv;Pp4OIi$BFL
zwA45MotLyt@vpNdVbxPWwif-pG3za9R@+Ob@czf6wht#1-}pia3|db}DG4-MEAQ9d
z|20LqGg7yeq#jZT%Wky&qh){+K05;{f4m}cLg1Xm^)LCr!}4DBQ_OUQJKlQoA#MIe
z*vlJ>caP@KG2Pzd>s9pe+2%K+Jdi?CNW&j#l60U{RVD)QCmrN-M`X3VAJOZHgF->s
zz_#dn5p(lT;&%jME<tLQpQ@k2AY=4dS?vh>T5O$fHWHKUH~u3U<}?>f^z-lBIo3+B
zm$Y%WMP5%#vzOG>iwNRi9beJ0f;q5UHz2f|>6Zkwn@N_R=~T({T_d@<;}~AztD5%M
zjf!uohPey^YIp!*n-O2nqDgajQ59;#JL0AikoHe7))7HFz6i!CIm6!LXKssJz?KwX
z;2&^77Wjhm>!7KlJkBOxe?P@`E5^A#@_wz!HDD+yM@d93dJY*~ZOIDkfIJjZy=eo)
zRGWytTu=~^i<_%KwC&+G69gsu)-VNDSIIfbtKImXC;}Dqkw>g^@_VVk%y>!WC^KK@
z(u2Dtmr{U+q)Z;wUkZ0PiIj&M!w-8LrjYhCt-!b-Lcba&I%Pe&2D)OmHg7FRhbeMk
zKX}8A3M`M8WQoETJ-5$|a?g%pGz=7@AN@GRJ+=L1>Ntn!Vvz=D-$>yb6M8A8Pf#cI
zzaBK(8cZO|!=X&bX!@H6=Zb1gl+%1Bt+e2)RFDTLlU>x8!U8s2WyR|7mR<*C@tvII
zoi1<Wp=(Rrl%dq&)J5>d#Ud|IxRpY16fCJIMj4EXRvnJq@8I%g9D6vF9D|@^`r}kW
z%8+dSNzU5~GV!gP5>~(~;qiGuO|h1NmOV;up92Vq$rEWjE3|D=3__NV{(U|n=d-U<
zCLq=TD8-{@+w!GQIzPHldR{VbtDY0lb^^@|2#US3oUpQ+uoAIVXq&zBz*=lam>>LS
zAQMsqxMpnq+xWF19Ay9)ms&UmwlezY_o;YF-ghP<v|x#HK(J*_BnCDSWhxP6V>nT-
z12$sugTmEsg6A4WwO@$Ii;|o@4jc3o(|+{h@u6)gezpeTR=IZOieW_k4h~36!Sp!8
z;Ge^ydP$8+dPz1YR(%eyggL}I2xC0sZmK!Mc%BPb2Go^e57bzTt#|_#IU1_USMbS2
zTJtjUB2J|;ZqBU^0x@avZ+C2>aw85l13Q$HuX9-FY6}YMHpoL)h%5;?v?8{uZQiC3
z`*H;PGIO32cWh<WL}k|6@V~tdpqF9ExJrbU_uoAtiqgCzpmw_R;4ho?N<gx9G&!>z
zCDoij)S<@k)yTP*cVN3x2z)Hth%bf7WjM;L)#2ZI9pVCiOFrrXA4!Tw5~bx?ca&Nu
zk%fsXm5Fk&b%3cPOjZSqvWj8cCppm<i*JDsL4@b5pq<L=ZQJssZz+`5CT-rTkT4xk
zy>9KFv%%bRZTCWBD^PNe!*ivpTHFj+09nCc=O3EBQeI29HON5v%8(OCm^_jhWgU_|
z>yC3cx9ahL3Z|HBpK@qbi6Y8Ucuwre_rLg_Y;Xz{oAJ3qLc4VXgrEN5`I(?n880VJ
z2Sm-SHe|2*ZPxz4c0sbU$DtB^Ji9d15F-iB0kXrkQfnV_3wh-VVa|gCq{U(Wmv=0R
z+Gj*KY_K=$gH7Gk=E>Gkk;xkSK28yp#Zzn6g)>PSvV*tg02ZW7!->)+Y4G)dx=;kX
zx-lf%dor5vP%=w@K!k!?F{Ku}B>Ia18+{|PZ&WBPw-~RJQK9Xkph&Sy*xwj{u?Z+}
z1dJ}Kuf@X7QXd|MUpI%i4<lQLFIyNK9h_Gte+enaytWPd8wcPULDak5|LGtmWZ+Pc
zXNAHiKmK5{lOvu6=0qmj8_XS^%pLYtdqi|f1}KjpGQ3y&#rS<r*zay`0ZfTsH->1d
z%}^B<N>+9SH$)=b5Ys}E4%ZS`{_OZna724$QLx)hxQP_Igz>9G#K#cDt#XF5z*cx#
z)+m^A<0gbTt!Z6r7~4i?Kka@W?Ku2*<dhSNy10gLeQuC5VE{g>S)Ed9HG$Q6e;1KF
zy23=cF-5<&f*U9Y50#}lT!!A370LF}V4W11<!YMOCgsWAJOz^=H7AG#oaPWZgFyh@
zu`3)+;3=o%<&t!`V@IJhL2rYB@3X+tcv_Yy$|~boL^-b&ND3sybi;{x^cgzVD9Xy?
zXh{3N4c4hZLIS?&b^-%w-r<<MoRY2Yz_D|{xH1c#az?cd#GNHcbo{#2IYHZXVKV@T
z(CK{J*6I5{ECz-(e1H^|^H9so42$X~)v3ek$enVMQ5UU%2Ax=X!(e9ee_?5;E_{~G
z7CWe4Qg#j~OTrYA2ghRGKP=XxE+PUS+$qnI{ui9h6QOnj3*aUEI$gwp-$~V3nf3yH
z0QT=WNZ#Wx#FGX9pCLByr<^ins&x3zO2<2AloOS4f8)KJ$eS)2WZ|vB+;K;tDeEP0
z1nQzYFuj`U2Mmn6Kn32SvxQP#`-lCF0yr6ATXKzuIbtgh55c2*O*j^#EoR4FPU9@7
zpQN}eQ5utfIL*5j^I9d0-vm-ofzn}~Gd`My)%g$2Hu!a^NOEHcb!^^u0s-!I{ED)}
zSi;#k&-7sSTF5R&(#{}lCA)j!iaE$wWxU(jb-aqr><x%-{(s@UnDW{$tU(E4Z3P_T
zR_h^x`xDVWe|nW47bnUY)$d|JHdr6b)v#0lMd>LfSsIcUu3`=BCmnDoMNvD~xv%dm
z=N}(Mbb<ncGLW9)LR%bf#_I;kbM4~2$Ky~J6%l%1_p9W9pj^gig?wpx@9`7F6IGyn
zEzq_XY?TFuQ2_A_@vc?FX0K2#CaN*PbReWXUt5DziitW7@9}m-_K%QVM?jWE&H#lf
zPkCMO0G2zwJvFKt4A~4FZXSeWd9^gk?d;;2$M|p+C%~#T%^p8o2L1zEr`pgG273#n
z{RiZAGLYB8u3g~@gN=bmv1G0e4Op8Wp@V!u=?GPeR+8RZEl=tM8;G{>rp_vdTUFV^
zIrZDDH~IdC)Jc>E7Fjbc$#3xQC9%=Er5z;)lzQdqNhI4<8OZ3Ye+Q#lJR;$O<OyEA
zIdHKWcfJoyzXbQ@8apd*wJ%cTr>Yd5*6+@-KteunF#Ev4`~{OBr8pKhCxbln3?66j
zi@{-N$2sCri;_UJdBi&>cxcDMR&K5N$b0gYa+*`Ul^#sV4?H2+PhpJi+ZjsZpF{TN
zRzJGnLFsiwSjMQMnFBE?hSePB#78Y^01cW@e~f{VnyJ#g8FYD1VkikRi-VZJt^B}d
z4A0&~X<QL_XrDqROD#rvrqwx{M}%7CxQYDp2Lm${vCLvIdT>DogqnoOp$P5{MgQEv
z2Cp83pv6vJoIZ-x$r$~?XE4n>6_Zy){m~dAZ1v~7=Q`5(9~5J2!*?0%SB3?dILJwQ
z!RX$8?seYsa4e>07qjE$Ogoyvrz*ZR#lM{oY)=|Ox$)|;5p7lZt1?1A_yho?71Z)6
z>uA+WuUJvqGcb+Ja-v$rc-g%g1Ifm)43dlKQO7wKx>PZeP6lahvY>WXjydd6i^0H>
zX42x0v`qUeQAmrN8nKA2Vea1yfY%C!r*+PND7JFO55{!<39QBVVz0;8a6AFf1xC{0
zU@o_vdK#tH_u>N7@y*dLbd2rgt-*=Kca-H~{Nt=qi;oCNouu=_VB^2O?sb3V;6nKG
zsh2*BptN_A`o@Ja_}3Im8EBcKWGYR|ppUy`gmS|}Afo#zJhWG0da|ew6XysULJSP&
zH`b2e{jyTBi|l*m{w)P~ts#iQ!0`caEKTOpiWCc~2Rsp>h}9#JjDqR^UuX_WC}t<h
zDKLcaBD<f$Bl}6>w^?!W{VA!F1OVkS!m&*b$D`<I-QzYKi$RISGY{e6UmF3`@5f11
zb6D{_d$Ark)D;PGBpLvnJmc)}nZ_`&GQQ!g#mA^cabQU!;hROY{n#rpWAgYMI+6W3
zsd6QVzcZ5md$q5OYTpo}*zcW2TB8i+B!q02b<8k8lqHCkfkY=CIz(r%5C^ynmTnne
z*%oWc!4Eps0QHVL@8gI-Y{j2#ZG=o_$;RdR+_ep-m4mYW`c8|s<+G-34XTX@)KQC4
z;+)Mh^CpI1to2mT{zavBO~)_Qb)%z<-Jc;BWA;Q?>#CfOygzJ$L<7%FFG&|pugZ$-
z8D9#-%P0`C2jHoT8WoQvR5m2A(vTe=6@wwujEO})S;!Qx(Gv9n>Y~yo9&-2h=ocPe
zpYB;+oB#5zyG(q=xTu|K?($E7F-A(5d*6PfRCf8pTlV+C3-ad{82G`YD&@&<lfQ@C
zN*v$sfk!h`UdBH^JFx700=*-!n#bbPAFYUs+-|{=_a+rxP3qs&%ihD7V~UB(lifR7
zoY+f~e&)aWEg5w0-$fHKu7B%AHFVr@@$cWHV?9t^R-X+saCBQnEAmTE4oUBhQlCs^
zfhOA#*|c_}8kz4%<hphzU1Jl#%IJyqTDqIdw>v9c(>d!W9bTQ>Hd76t4Ize52Zfgx
z_$B>7$3M3lRkcyDmJmiy|7suMp)0>u>iU734JIGq!SrY7HLbh3F#om8H7rFRo)(Zz
z1;))9@+X81{&f441QE(GJ4`Jiv0-^gLUMybdy<$Lsu5AEzCl-6b=g_w>YjY<fwp&v
z7JZf69i{&(CL|*9XFkfZwrBO^CU1M`zIihD%Na|H+T;ovqf2scTA^!trA}YxKbaa?
zp~<D}Fx&`Dk67*(LKRc`=az1HeG9i!R%olj%i=AY%8?Rl`-xa|Vv?QP!<we&&uvvL
zLB2VIgIYqBJA>$2gAF5%%QJ03pXBRAG)BwJ-g~7D3WFjz6CNMsZ#!Jv$jTZ8G0zO4
z%Qr)Joi1))ldpfG^|KCdDya#Q>JQ!N3d$y5$D$Q!ZM2oSCI~QXnQm;e9GEgghsoJs
z*=UT`dE775OmOBi#ML~j)ze<7^q?IXNf(u_*31V}1S&5K(Y0FebU*(SNOv-h2|D5!
zeHGgMt687)6|JZ;A=q>y-?2fkUNVIv>B%Y9vm%;(=svrMyk*|p4UZ7UNB`;=fnTRB
z^vVj2EGM$5>}J-v%+?YdP=~#uG4l3rK9#wCW4Ui1++0?hBv0tIs~X+(q>WB&RsPq#
zo_uzWYg>aMR2q%Zq7|+|m^%HlRfJ}VD~uVcFY=Gg%cN@wLX|<R-d8t0=$(<(lL#A3
zf&LlwOE2?~_7io)luyyWc5L)Pzq$w4e%(o+72R-HJ+VT4>7PLniOq@^Ap|O;EB`dL
zq2TW{y2&<QekYOME1AXp!WWI7o6pDsb@TiBn&;}wbg#<_%@G^AH{FmrR)_bkS+@PE
zv|(21{-P`RGl1~5UvVNLq4Q^IE;@aCVrp)5(7$Gvf0^M*H`0N_io&L2^OXtOaj&Cv
z-jKGY%X)FM%Nbw*lx#z|TSgEhKEFmJTDD|OJ7uYlO!aW#KwR8!OL4qc_~qNk{>S$V
zAEvAKf=iH%A+hOoGP-G00=P8WAIK|M;U*A5V<#NKBOl!Hg2edqMPw_6tz9n#CIoJ!
z$T@1dz}MUS!8!%GrZD4*){NEWd^duPWI7P)<}p&aQ7dEqE@j@IeB6_K-G}kF9PjKj
zv=!6WIpYrC^?|}K=tOan1T(ZANQSp3GLiv*8J0dJ?HfdXKE&UZ*3FYe0ut1`hiw!A
zp1VB_TU)Oih@RYyr`5TQ#WA>7{)Ty38kwaFq@8uYG+{P1E1S?MrZnayI1vlvZeHK&
zza?ryaYjLC0QtMR-**N5YEp2O4@=NP$KSek7PmB^-*2MaugWx~$GLCY)`@Vyt6mBv
z(OIb9R;ZA_Tiz{?4nUT>eCy!GYszl@^-XuX@5F5uf`)Hl!SP6nW5iRMc#1}@uQ2($
zvr;vW_Yd~}ho`R$YqJT~4pQ9RrC5>Tl;RXGUfkV^hT<*_!3va8Tm!}3olx8f?(XhZ
z?8|$;>zqH?YiDQYnQV6NXLqtQ^U%J-KHg!_upF7|dH(qeMr%eQ5vK+wX%bgP9ubYY
z{suw)dDyqGo45JEuuyCJzom+Q@p7~?c>o@Q5<3AAT-JtkH~~16wFO!&{p3gPZB^8I
zP1Hp$XgPiv)dX@Ap6e<}_d{25n^V~Uv}J_*6TqQbrUfIXMP#=p07>6sR90>iL+50S
zx>F}<>Au4cSMw|M1fb{@;enhT!6*K6m5X#giJkL!(3P`c+qzENwWGMhe}HE6P3$(J
z@74iva>_+B?<j>#a|feN_BR;t#LJgJeC%Mhv19yRXW!_mj^9{+rsT}sTDvsd@(3{9
zb8K94@>c6B34(fUlQ6XFev=qFMsWT-1rUhCv>Mb?{`w5Sh~-NvV;8e9#Ch9)^0w*h
za@%dH=jadTi!iI)NHzvuZ>s4IE&fNO9Fb~&7v+zV(98C4(*sPHga27wG@hBi&$D{j
zh1d;XEBYwhGKQ-HmCV#Y!s5ju(7c^rr#qstAJJWM-A@7u##x;_tlDEJW9^ZLU_jw;
z3w9yi{5?}mLF0V;Q8HaF6)F%9ZSM>$l?Rk>LT`RS%W3l=Gpw_k0Tw?fFx1jcvYFIw
zQV~EEQ~D^DgKKAQAza@=`f3Z9zyIqaTgy;eLswoy=T}9!iT-+{rb`z<${j>1k!>Q*
zYDy~hRU{iH0=-2mY~7)3)GFhpBI`G%fAwD~nmmE4twJb8Ye-4!Lm_j;=lvPBAy$_G
zXR~$ZPI4oyQ%%AVoV}&X_kI$=D7~UYr@9r+(8iq|vm|rij|Ri(%nnLDjzgT^Ia(6=
zr<$!Hgk`5WQ6Aw#Z^N*}7z<WYFFm~CJ(8=jq%G^@UfNEBJduJTTUwRWtDqWQ{h~R>
zH0xMpdS1Uc2oA<~t5W2<o`z?{RA(~>d9mUq8lqYX_Ye}UyjKXBiWJKIf@rG3XHLrW
z?iBU^{D8>!OpBRxoGR;kDFD*hE$f64+D=`rf-7ZL^a*|w<xD@rXmU<zIwPYzXcJ|5
z$rq`os+59@ma=C8jAo5TcxC$S<k~0vg7N*l+hqw5J*pGy{erd2Rw-RdZ#FmT=mGV-
zJ2J1>be0=&Iy}3IQnd@a>kbH#!-exUL~d%7KTzvqc~mj5e|>UNeq;Xh+Z>=BcQNjt
zPzhs@^(g?e4jnSz4vTd@h!wopr{qJIF*DXMk(ot;aS_qAb1eWRv<!2Y!sl((rs0*O
z{9m8ScpRbhrd$Ie=f>2wtH0Iw+rAp&9Ye?hw6zh%o+@IaAA_$(KHVAsC)l>bq{34#
z_=i(GzQ`|#=eW~K4s#ybCE(Us#FozuCQ)!gS;HmRXSn5DNELFF-V2DP;>zqI33#$T
zxHmKD4(9a>usIf+tBRi+iRUDrQ+;O!R)z~H$aO1PEfDy1Q}pf=BKmZHy9{~%kZb<7
z6gO0W&r+4nW&Xf_{ltHj`xy0fk1|>h`t^OBCXwA(fCEcSvx^gN`r~Xtr+(j+d*+Bu
zkpi}zR?Iz%Cru<z$Lo}%#QA=pIL$?p=$)Mn$(7DtAf36ydfRi7Fbz^PKb<}ztw4z3
z9a1`SRS0s@R~r(f`-8xB1{4l<T&xR3)z4;@gnBmsb$IMeX$8cDwh@k9>3P)PK-3hA
zAtbl<;KP|WRgvgM{s3<iKptb&{P2hcK#d9z%d<Xn*(pg)#vY=gvTlkRy!M7$A0Aen
zFZ#jv{!`BAr%rthnv@cxaK@@s^bCJI?|*ct6~8;BRz@tuk6iKQ2ZQB@5n`BZukstZ
z=7TGVx2~)`cuD6UFX_&EKYh^2hMHMl|1$hmHXC*E)%d&Q64ySEC?$}kyget+2LV<G
zfZ^1zRs+b4=nh8%m5|k~N2Ygq{tZyHtuDOjtbNlLBV;l)kKQ>=G1(j^+=B_#lNR=k
zXc-|CWQ`Ob+j{DjAPm;!2sKG4lo0$IC1bE+-f{eFXE~bbDnE+FI;k(Bp8)e98HTa+
z(SFnd5D@{4vn@VHmMM292QPAwQ{+BQxan&wDoGwH?FwCds&iHKe`H!mR!YMOJ!m!x
zLciZ-x}cuS+azLa*e>oBWVW+W5pp7@HQmxLdHd@@2Z0B>)(UJ;{M4W9Q1ZeZmSY-O
z)UD@7Q66Xmxrnl}Y)}xh_Ud^0K63RGwcnpwKWd6X(Z-QcnK&Uw$k_%r-a3A8*LEL9
zFb=`21oWG3ln*7a`$oP$@Gp<Vq0lQ`wleZo6qXDDSj##1)ZbfCX`{)ITwVk!NNLVk
zcj=HK4r49|ZDnF4xJGhl48V?ZX@w0tPT6Ztd6Uco>PU>z=K>&j9~lli?B9RUQ7K-!
zU<1O}be_eE$(aIb5rrgWF6B*$afS1q$RvUV`3E@%q1@BcN<?Fm9goM)>hT75$GRc5
zrq;H(aF`l++lLXbFcG8ryHZ4JmRf^4XLQ0qo!Z1}qf|1as5KgyNn7{uWkY*ixU}_;
z#mYsE0<*MBOvO^YYI941)k-giv}#=v)1mVd1>O@yrC$az1gzn;=^%OR5M0}2u|i&>
zpnx6RATKCtRG4v9uQ8iB!h0O?A+z#$E|}wsO95!R<R<Wm;vAv$ZeL_4vod_1)v17$
zB?^Z(vodu;40I*H=lc`bVIvoZH#S#hci=B(%Z9dP>;#C4xpf&C*A>$EU5%TX`$M1_
z+Y~jUGW}mPpOT;`@<-h2g=I=IUA2#<mU+V>|Mwwe%F{2q)SD!F78f^b?9m*zDU9_I
z7n4@j>PD)dF_ou`^X|(cHOeB@uJ}-0cPCNaZ-+mzk^MW|X8FuAM|=9kIq|}?v?#MQ
zDE3cO);qNgWr>c6{4JFETl?ng1LmE!7~@~~N#2zyb-~kIUtITXjU<+kuFZmUKPXX1
z46kk$=H0aB_L|b5bo_izq95=hh{N*Hx2@NNqf?^GaQO%gmcVo$A#P!k+G?_6vM{t&
zqD!)gL{-5;75sSujKqC`#(j!LTO@R8#`KV)KVlmY2Uv;&jFl1Y1kliSwsrtiKZNMU
z0+<lJwGg8NMmSKaZYd>i1Oa<Pa3o;Cdmo~yY_?4)*+WU?4TpjZI2OI%77WhEO3|T7
zIYho>0+yhQUZJQn23r&8?eo`?bw0WPg80@$FFSczfbxiishyniA+Ws7ZC|OZ`G8Rl
zl=FqW&bqu{Hyt0dUtHWpApljukT>!n{s@koA*mg3`PSiioq||o9=V~qv&J9TQdsHf
z7j12jPN@Y%QTRVHx7D0}EAwoOn*rHndr<%@%f@+f=6FsM#oVyG|B>Ad>ChtS&=B5$
zv+zvxdH4i`3|_xXKlbsgdn8S;JT>hke#O-{(P!kMy8gMD$aK~7K`~ct6@8ff$QJ*)
zi!jmKdRPzlTClyQblF9puD#|QT%bEE(IR*?^zsqq$$jK{=$}00@K$UfVMO56f0e?j
zKeaB1g{%B(Nl5p_x9`_q(hGD+oLl%uR}pCfqQ@Bo;v(HN+1%>D@~A6*MHwu!_bKN+
z82Tt)?%iPQd=}5-rImch3SqR6&MG10KQc+dWjO~1pW?Kddh?i(gct0_YR5fI7X)+{
z1Y=D-4bgOk2Iw0{AI$T$cCBOp>d+6t@?}opHm!bA7ldr+n<l-I+c6F5PyGnH1dnRk
ziarb}_1hlF5@JxT{)ny4s;%JYe0%of!vRs8D!yrk^yEW@&HNuXj(M>|0&TI2V=$Li
z{;h`I-mOj_AsfT?6~Y_`n^tM|x>lvCg;NJ-OIf9YhsiCQ*2?BBz1F1+fI$Y}seQ@=
z9Y{CjJvM!ko8wNMpb8*V1#l*n2z;KaK0~fbPh>N(PrUq4u>rGBmI$cT>K9}QuGC{q
zDtWHalFv(!d`{?O@Jc@1FKuXzcJw0kYi&ID?9V`6X0dJ^=NW%wlUT*Q_u98^#iaeP
z6fom>cf}I&z%uG-DzFsr#0b1*T!#u8!-wKqA>dk~F*>&3sL74sev5J4qIhw^ojP+B
zWf6*f@1?Hjlb$cv`V{b(e?)g{+qcv?-6%W3GUd_s^Z~f;BuSZBvDM!gayCEq+nw4t
zIyhD~_=BKv|MA;({f1h8<NkEn&iJ?M@izy;B<F`TgI_$`I#O-wp%jRPHH7)4hsWXQ
z?hX{^w)ntOG+^wOPeF_&j^r)U(O91A$x|1d&)gR`6|ZWa>4o7Y(_i$uZi4>;UeJOo
zQl3rpAZzIo_P3A3jjpwSHdu33S!>rSo8+ql<3!%bWFtO3+U^sqOEU63DK$o0@VZ-N
zBi5)Qz=t<x9CmTQy3U|;nBZReyHTI5XXosZ`pD~+<(!(#q(lF@(Vbd)6#=CK$qskY
zgChu4!BQlUTsWmaAoXN=6!ztaU;TtXM_?2NcdO^V<Udyk$D-DifqLnB{s`py{cO^M
zh3=;P{D8lDMyZN)q=q!cxAX70p?%Gz=$Xdm)=$s+`Nc>&SaBo}7kS~ISY!3V8Plma
zM|b2@XZ4f~G`Y!AANm?Vaeu|X9wa6W|9!Zzb6%T_-9@D3_xL2k`Tm=T|9Giu#{h%2
zfY($-R+n0$=BI#Ut9`oLy+ppwPx|i0;MhsN&KSPn1_o*Q=-SRaTZD2t>Hdt`PUQwS
z4(WbKtt9=DP%>oeR)2j~e?4A}*WG<@M(msH0?$8VG7ap(k)QSzC4>}Lfw*F*brPr_
zDX&Crp#A4!3uj}06`{I(kL|YB&#N3HIm0$kRNaqI8$q7O=Nh5at#JgNy^%nuW9;4N
zUNH6^;5B5}9X`i<ylXp8a+|D$#YIs4{c(WRT27n1)B<Bj+T%zs0>3p@6)f^A?*C~f
zSPO%*P*E~bjX1O&pvwJGSCapH*5k8=-9bfrbA6Xji}Qhj?HdkRrsEl?t3q5$C&|b#
z{YLz#l}&SlNXNSo8=KbgmYBrWAPHRmAQPj7k9!|n*o^_ZrreofSEn{*3gywkXR?9T
z4EuHGGd)Rl2f3}cc`C!QEir1tc;T|?XD#)zDn5T&uijRj<erl={ibFjcMWvKzkhnW
z-Ue)u`a?+{4Vp&Y|0QB4|Ior<y)wwr{pft+^2Mv%E5!aR>L`QYcj>Iyv9Z~CYjACm
z#R_YU0*`dieuW`azxkbCNSR0#iDa)c-;l{IXO+x!Ivc%t{cm42C}!K};V73b7lkmT
zJ0cAyH8Koe5PGpN@}oYkiI%kb7XJ=_??CG+AEoz*-3TY9^%HHiiy;0!yX6u#f6VY!
zO-$P59u%zBUPC%<bBK+2wmB$C4i-79CL4Y8!=AG%M5+-VXW0^JvN_tu)E&Z@48MWH
zvHmC-eurRtIC#mEhWU{$q%y6O{0vERjkFPA=ly^MoX5X^FTjizso*y%iVng{eCM3<
zy4M-fD`Dp>0hvxOeDg~g0GNIS0Q)k^@Tz_f$b~EbVJA~fZ*Zw{B>-}PbciJJ6H3m5
z!8<uiwl<hFRUG$#lsg1mJ<kBZc3>w`(iJVhRs!$FQ-~EYNz3N&$XQH&+VB=ZeTes;
zk%;*lj&K7#1SKLa|LQP;s*%k|Q}~88m8Cp*M=d&MFQbgn>?;ptj^mY9de6$E>o<;-
zuU}C(7EZG`%)UO-!>*<I%mzLCYj_uE5mRZ?5R@7og_7J~rPt4JNAVjMs9cSsL&kb-
zI%|4GHJON!E_yd(_jr6P(|j&km+MWP^*PP($^G&70q@3*@1#>9vxqNSqe-{H`2!?X
zG6D$u;qh_~e6(I<P+}d@@_+yWNT5bZyfpz|>mRatJ*??h^W6BRjKs%%!u1C=fCN+)
z@cePoPUUDkWH&pycQ=TaFj@k&FMyLI{nh7B>6`Ta3V;_B@U&_j3H`zU$M{t#XDm5*
z%{oc%123Hpl3Wn_53@+q>K@b4j7BK3b5#!|$Auu@#a3l7ZU^F1pk*X9y<XlQyQu@^
z>9nTD&?fgzuyf`WA#n8y@UL5$<DNwCp<M6vMJ+-9QDpth!Q%N5Do3Ga*<*s5)x<dq
zg*xqu-iZO%{Vv@5FdA=RuAV>SnjWO?kCqK)32jVKlLXw&fRv$YTgM8@-{#D2)|wHX
zT#?XzIBrYoJ8Wt$YBh2_)_1F{SEn1DB>R56pW#nRw&s}@zhOQfQIX7^U;1+Dn$9#E
z<7Dy+Z$wem^KsUxn^tkjjc`6dQ+Y{NG*8-jko8;C(wq_amKnHF5TZJagd@fY>%BwY
zKB;Kg<w2w#Mhb+YKe-d;go@^@;Rats#$+Cj^@*BI;dU<40!WeU_AY~uBmlZWfVMS}
z!eNZE_dYaf`~`uf4ahCuROR>MBp+!JP9EKaZ=cX)UeTug?sBz9^byvHx8+TZrY{c0
zJ6R-<7H^`3|GgqEzob4J-6e>wV{tKLy)jr$$}t{8vUx=r`4@Ay^kxCmV)(F;#|G;3
zj6MI9e(}|B*5$KU*n8`;wZ0$dA6gDF*MbwEe~&vKp$I{*eUHZ%Yay!8EAjMak@MrT
z;ArBCv40~+K|Y;C=-7dhIR}<c8uNdf#$%_>BoWwO{Akp#NbtNdfz^&_XEbz|B;5NX
z>((P@VzLfz$!!M6#9nw_9N}&@ox6s?fyK#rU4Ec{h$g^i#*5D6@8I-GvO~fLm&yoY
z^$}^aHgAqNCAQM>o!POdf8x+L{@*Zx%wpy<wy|xzCW_MZ?AoKo9zZ|wOZz8;``5qn
ztM?MY6G7)DzoAto{#&@~GZOHDC1V(WR09NE#<Q@U#~U6FED?6en@neSCcsHvhiYbH
z+5X#+78Mu(o=eVUgt3(khRUtA&Nwfu{>Oh`OWh^&XM)B{=EnB-1982dXhaw?XL)vM
ze!8puSXpYQUaF<0Z6&`8&W8u@ZD;R4HCD5{%lGU2>-X(=chFqtNs_!Z`3#{K-iqCZ
zd%v>RPUA|81|9bk+Y<ljnSJmaBJ2szFcafWW+_-FM%%h~io|kuRlRhLa6W+4?dO_e
z={15x_kuvHWV=0&ZJt7Jd7X3X&(VGf_;?S1DX~$u%D(o`zpsi}@!b97Z%MO$y!*5I
z7m`-Du|NT82<I5mix0s6t}`N;3dT8(RPi172KglDD%duHI}L4d{3`e?@|+3(@QDw%
zXiI?h+{Pp!r*%82t#{cr^i21p88va8u16@s&pB{KhV))rqeunyw7Gqs?vL=m^)k*!
zv<Dnsu|`~K&>eY2{Hs4541TRsJya(^960x>X@}0c_JVp^<sJ8c$wV-EeNuJQJRNNw
z{x5#`#VNL!Dj9~H(~bwpWal0E<y0Kxax?MsJh`S~{A=#4tzE`p*U}{i@t;pJ54jRG
zxzDNXCLjP8;-WwrE{C^N#&h%Qg10zqA{rKA%@b$-*=54~GY)Fe4JceL?9!5KPnK*)
zwrC8;)WdVWq_+EJKthpc3kaE*2$RI8+MoTNLv4s=<sE-<4E1!TSC?gZ+LAq2OvUlO
zA)az%E<Ha&_aOCRgk2tV@?@U3r~<1^>#*S=rCdV0({pxIQM=mF%^mmh4?0^{L2q3`
z=f<Li)9#34f_DKc0ey{M<wMURqlNeDqlH@@@o4Vo`5%l2%jnhJI;$tf$>h`?@Z=t=
zoQsJ^_(WGHd^JSE3)=;#$*lk2-pz1c6ISY?VgvQgFhG~o4<r7r5<ZFD`&ZlxZ_G!Q
zUsa0!eeqh|JMu^SDvnJ0*b7rZWr3t79PI|MZ2X27tfpNGrrLsXb@cnI3YXu=x>si+
z9d_hRyHrde#PJil&cz1ga0(Ml77gfH?(T{&+}xx?U<~q3hA9>#BdrL#m6rkWNm`q9
zx~${E@5+l3yEB_~0zL2pU0uuhi=>M5W$mmj)-G+YYE+HbuS)PVO7O0?J9g@S(bs(|
za`C~RJ{YO5$-^)=B!&=I1}56=C=+*yX#dgSMTs!?oEe@T`Ze~{^sF8R%v0Pk!0#n0
z-?qo0IvlIln2B3I>#v_&iG!`iIWRFAVf~g|nI1AUZqhNiVW7HZXqx8&>zw|>f4SW<
z_`0cPw>@58Gm?ECDlw;M)nq4A;%v`U9bJ-0`2sq60r^7NQw5rt3Rx>CUjb5y0BOMu
z(cxNS1<ors=H<!JMNVS(EvmBpf{XQ_36)>Ru~IA3qx_I`P6W_TKxp){#Xd7j@K54S
zkF7FAN$raC?GjL=Hv5QR=;`}LEg`IvA%SaGZ7El62*kBUuwPrl&QP}k0xcnUDH;-(
ze)scSoo-HjO;YMi5&}_hLCp%vaIo{G+enqHfUsUFD5F;vK}3w3!BL3lEJ)2@XB2`C
zY$A#wEG~(!An`E)B7+!M2gRpx9Ii^pj+At7L#}I_8+J^ITto#kzdKVK0rvY6IX!h1
z`=ST43G>v|0x+leSe&_uKv#u*qJsjFCO@(ZDi{;H-82T+K{2QP{SdS`(+sY_CZX2d
zcCz39Bv=6%oI&3zB{VuFm6nz-O}Mzug+QRCgn^}F0(Chk8w(Uh(qm{75!|$z(ycAU
z6#tr0Aay8nKL^SN-?xJ8rx~?MzuKXR4#zt);)JMqgYqG2t=ceH8JeuLKK^Ss_=iKo
z<h7N}KS4tOR<Awr%`E}+OnZWBSNxrT9^w&Ptlh|Cx}ly9&%s@T8FDU@oq@k>4ciWU
zYs%b~_qGlMzx3<FyM}cg{5e03Q?EB;Y)wi=WvF2KM32~&Gn-4RgpTiYkjz5EJ?vXb
z{|Hu3-sB+-rJMU3OK}~YEMVnXCbXdQt-A-?x71^cdH1iDes1bE__%{E-|KQzRrFSt
z1jjt=sJV0&ck9Av&H#i{Kk#EuXZkINxd=zieGSQmTSNET=ze=bgK6d_vd)M-k{RYd
z)69HXO7Rsf^BPDcds*uj%lV5SFNXy3@tZQ~`}_~77a8w%4H4)zo8R1^T^(L%j&t3h
zi5$j9?8%V7DwYOqq0@}lJ1f{N{2cK<9R!00z&%^d)6P3$!6jloqREp#xm)Q|FO1UM
zU#D7pBK8^t7#*$Q*{+n(6E4J$eDKFJ;Yktf2XGN6@J~N%x39M2LzEa+k62^SYANuI
z%BqOR^TP&nR=@VSnV5@aiA+YE^Rka^HZT4K9sWfo9k%IlQ$rzq8#+j(u`t;nRY*R*
zvOgF;9c$J#YZe+<UgOQlKH?^tOray5<=`?}nfmRgk@bxLP}hk&B|AL`i`jpO!y1}$
zvD^((!o7O9*^oyUkGp*E(6f~4?<3xwQzjp`)*(o1r|R3AyHG*1OpkaFP@;jADPpW(
zZe1N+GJ}3F`v(S;qeH6DvrQ#jr0(k?Q%p6Dar{@J$16=#(7n>n9|Uy!+?o@6-12-c
z9y~NOyLt-zf4bNy>dk14RLVBsC(poHp@K|Li@$SB&xyuoj`chC4cqUZD5ig?x2C3;
ze)rSih2Gl9?awNYRhqQ#+@L25K^yi*<2L4PK!s`A;!t1hAA4Q?)ZW|?<CUqSXiDi9
z5A||xp|cs|m4VMP{g5ajXzYIX-kjzrx{Ck{9BulZC}5%M_J8;021r2XB>sWVO>Z`&
zFvX$Z>x2X?Vz<EO+D2jMt<&fIm0$gC^pnBUY&xQM%1T{R?_-4Og~rzpEqmRXpUZ^m
zWwSBd>{BSldtVJjNmtdzB(;^H?%i~&dkgQ;*$sK2br^FhTRI@$@+Rlo`nQe_y&hA4
z1R#M&7#A5iet84qKlWah!X2y~9J+RArP$x*RW57PPv&yXDSmP28k{v^7c?NOXxueG
zx0611V5rmB-IGiVG-6*_#1pRDFo^suMzc_vtCMuSW3aFQuFAun8_NFx;&TG&{CZ5J
zJ(mq=)-h;c;&)MkY5s#xJ`AUj#XC3+T+f8{mAx+XCDG1W$FQr`DPJcF1+5(PkZwS}
z5J%hi-U)rdi5;#(uQw-bJcJ06sOf~xviPmsE)M_2ez;zPTixBL23nj*{M-x=J}0Ml
zN%prlkf-i)!4fna=UT3gwlQXD#2zh;<|f^w6NNgIGrcygxb#w@^MXeIMAH>8VF6Ey
zS@W2CvxpzMNZ!)iS$lozBBWyeonu9G1{&&2f~Db}AhvJn?&gt$<$|QVB1-Q*RY?tz
z7a>_i0j?ao$j>jt9u?^Lg$DUmq=%iLkJndnuc5UxE^F+-fPgvJ+zGmA11Uudv)`2g
zQ&<7cI>qIoB+z}G!hR(LR)aJLJI4W;Q-i=5NK|Ab{~;rixhHA`M8k(s5mjdz){9^y
zeda~iHW%WsKaK;c!I6><`99<@z@Fhyr27tH`|cAig_emlI|%&CQPwcb4O<0`=?5k;
zMViI1jh&tBJ9GV_Y4tI>33F?N0`Q0ME6aQPcN>YYApyoHRtiN7;JP^k@=LvIN4)}a
zNR5s_-3+d={zz;zGYt!ezcs*~j36(@|6YpV22V!E!vTS7S^2I)IG3;ITldo*0e3AF
z*=B7OY%vk_8Q85VC_~jqT0S2^UaZHhPy}DqgO^`xpq7JLVH59uS$nft42j+D9WWvn
z@{|6RU_4P_D!MdnB5sZDlwoyWrfD@YCs|GltL)msP}G)@hWeW8ug>>R->Oj9{_4z(
zf!H$9eMfSlAPm>Pf}%G_27DN0dT|bv_vcdAHJ8V`0{I7osaJF+T?`I<_49d*zQdUm
z|1_o!jd%}~$54!jT;-2}p3B0LMSFqPykK^#Fj^1YXJ0g2I%iL2|E1J^;7SXgu;<1^
zPYEaJno~3l9$J4x!Z@WCZ@{vt!5DqC^^&YYxn<8f5&4TTgEv-V4!gODE=~9Id}37|
zd)&s56_)NUJ-Br#^W4iTuqAc*JFF=D$N!M^Z?699K=*^2>qkGZwF|A;{4KcEDSAUZ
za-C;6jJvCuo2Gju5p|=YknFUOyDQEdu3yrIj%yA<_sp>@+Ho)LCo3)~8LrhMc0YVx
z-wP8cEE-rq`nMOukY||~T~>e(+{z8=2d=iG-}zmTIZL^8rL2w&miJjU8MmVgwfkV{
zGFvwNw70?1<p$vvoB9$49;?8H+2AAe8b?;qL(=V`emdxptjnVxpt7u8*>`^B8Yd27
z4nX6)jpixDIa9KmOCB$#y<uouj2ka*N5P|^QNPGC^72uu@asLeSb+Ge8q=!kQF5Na
zrQB_^vAWy8%hrqo6UKtBgl_CVZj=JW3lEXd7bW36z(}p(7ee*Vl2XGVoBu0B=mui$
zuR2PjF#qu<?&TB`x(oL2yX}@_T34R#`-~yx0=e&KzItA`JVtJYSa(m{;)S=gGW#M5
zBgK%!USI+$eik|7-gIQZwpcU8ZpObU?m(<LoVR7<S`Qg)QN?%LB|<=9@OUu`Dn1VO
zrkj2CUy$ebhYX5o)76Ah^RZ$N@RiUEdnho7`#=2Ho!-C)(c}O3r9SE5|J|E5kVex6
zp9|Id1;O<%5Gw2-FCHsCkVaDipOdLt&En}zMQx;L;9&9WPN-*Xd{<xx51+Y==1Iuv
zq{y?B@E9#Zdx7yam|ga19sBPf>0IG>;#5-b?LO8D2Zf^9_Z655j5~CVyCOZ*9JFjs
zZ1M5aot(ydKJb!whC{w4BR#){ovhV$qG5?nAjMcc0qJKl;=%fwkH5~P80Usw6uLST
z;Cdw?(TWe&U+OcGKik?d$=!M@zeX95-!slB-fe*T!`;e7#WJ{kn_!BHua`*TC!Z@4
zYrD}4!wIjaUuZ0v@*38U*AtA`C9qhQ$vEpasnjE1^>03hz9wj}H(FzP)h87vwlLhg
z9^ErSx)Tx|c08Hxw(W&s#&%3EpQT3NJ(sc>%ltH!)qV<EAUePSoTRsY(jA%J8*~vS
zP?1Q^fHox$EZ_b?XBD$<@Rdxqh@9z^WuS<mzM(jAO|Hmb@W<P-Sb{r3tL^n`yl(2)
zw{0}mt7>?k)PL{r=VR5mPcfE+I*%3cEYHAKb|`$c=`BsiNbm336G0fGn)&LRo&Uu$
zy3-DNXny?lQ{vYV^MDGPyKagLoRw7T^T%5iqB)qTAbsz9{%Ofuo9~Jk^^}7Gb=@lS
zySo&^XUrKMZrF(}=n_pkV$H%h(?B=unMh`>=v@kXjyRbuMT;hFhGsCc93iue8+LgN
zb6Erl1qQ8NAjp(#P{5rj?R?EHlt!rP7g=m1gP)lX_H$PhZ-_e920|%>I>Df#97Wn@
z)B;V#;t#lDkc_i7witpeC;`Uj0e#|0bl5lOCByNcy5~%Du(QE3_r;onDe-`wd5okt
zX5rctfM@01uvdQ2`%_B)H)*gvC}iy<q8#jQ-$`A*tAM=5zV#P{S99B{$w;j1i!|#>
zAQjc1v1%h}!h8ga;R;BPo|JzX1j3kQtzJjmO^nsRf358P2AjC}uD%lIC7Fy<IxUOJ
zN=~A8Vp-mZO39l(DQ6F>f)T7lZS)x{{O>D)qwL_{G|E57hNu?ke)`&}NbJ!Yh~2Mm
z(wX<-Er|UXl7Iq9>zb2mUCt5Js`Ba<^~q)K?LOYtJVy4}L6IA8^Bc*H<`C=;XK5&U
zMfgNxVS=$arZ+_0D#x5-Ht}UZ2d|kGSJ7aFXa<g`EuLjtSJ3818WsLH7Eyxnyhxu5
zkp2ZS+`huI-0R(S;7!x5^82)TUgLX_U!FIXE=!0ydq_WUiU2K+1->4MuF3&;Jj>t-
z&`sXML4iB}#=aeScO>siqRtv$Qa@0j53eL<gU4u&2Q+3WgO$A8?vK^T3UA2k$0O)F
zCv#2`MXPP`i`ba#!!w~`ux#3G2Z;@OB$A!3lXZ3QJmL9EfX`3JR*&LhnfNJ&{Q|D_
zq?YwUqlp_Vn$*!p%N_cF>|1cWcj7Sb)`J5(rBYLORIQ^N)|>|wr28XHci7#pIlaR)
z9;0tmv>HnN_$E~HurnQ!?wgYxAu#5Fwm2BG9t=$La6A-}q<21%$nD5=1#NAijn!a`
zBkv9Dvw#v0k1K?Q<Gq$wTtO237u6!}qV)cvXT8f8p!ZuoTrVH8)P=LwEdZ9sw`r35
zA41}czl6jsYoLx-dy9L{Dbtmub@rdmpo8X^&#TiJ^7^T8E$`YRLD7W03})kafm!eR
zE8Y>Rf4zC_xvD<mOU+T+wQL-<k}4gvINn|8JB>gV_mo#=#>yV)ckZBSeaPx_9<u5>
z9{hG(Fm!>huSVV~!c5qpx*NV8JqQ|SxiYEb3sbkmIJ?2uMC&f7;*%5eIIj3@DOjH+
z<k?O5FmEgpR^^C6+X_{sf9in`Ro}c5Un0zrjkdLUvZ2d&cit&;pntNh7_^{??t8VG
z_+usG)$-V8zRy|S;g}||f0wPaGTm^A?ofn3QT=1$I@WP<tnr7ssGWK2vNHg-yRJv<
zZg;Ue+eUctNO8p(cfZ!&S5V0mn#z0%TM~=bZ7Z4lTp?kF3TfE9nSHYIxytTYJ<b54
zVm`#YY)HXtCQuFE&WHpUfU;3aj!cpGrbk?f?3yF`h0NZUWIf|EaD;J6`h8+j@}j(T
zWp&5byykFW3ug0s<qb%ZVqR~OChPT}-6^DCgmENmP;7cR6?DSa9PaDPyn)s2<0K4N
zPGV?C5y*elTWe!Pq!tD|eMmUxlRlOJ)Md-siAS$Pt2)`Xd$e^1xLALF!w43uMH8{b
zw^KnlU*YH?twrNZl3g+d^oYwx_{KIqH%wnS`7Ig7;V7zXI*kX#R^169+CN;7I@J8?
zX>{6X8$n%L_&iI8@%!u;`2#Q*CGO_gg@9IuR$SiuOemDEIaxSj9$zIsjyJqoL#%)H
z=$c3(LcA9JpJSl+(in4H#%Qb^5^6~;Ly7HDC000AqDfe-!a#QwEZW0F0hd)(M?0f+
zQ9y_IsB?P(#9HfvN;1ZLY^`1GD2MtXRoad}+{-M&e`f&EfZF?zbv1-<56@=AoO(Xf
z_VJpv6bU!+NV2<)>@&N~E>lzKdz$XiCEoBVR~*5!S|QM;5VCGH_t^xIR34GD$q#<6
z0)neweGx3@nrN=9BW;XXPP1e_iG4nhHlO43v0uyU;Z!*j&h2(s5^Y~uLDNK`9XZK)
zm(~N5SwE9C^ft7ePvWbe-fSeWf&?`qTJzM<<cs&|!*6m=Pl&qS>mc|Fv+4VecrzA-
z1FeuKg(bI^XD<7%YQ6W3q?Vff-x>=i{}fKno>bZ;5YHM`J8;^=rx>>^%m(|veV-yf
zFQO*;V@6tmD__1hb%ZB2`{5-^zDX=j?N8h&izvUT=#SoL?P35Pi==_1H+Qz$pG*=w
z3a%=ezD?^A9fN>1SO2#joQ&RF+k{`2!a%c_y)tRDc~3HFe6ebOzF?xOal#wGTCQ@q
zxP%AGVIU#Q9T{IG@iu~G^;88nQi5+Jm(oCMdWaSM*-eftC@tE%vXvD7E$M#;d4c%c
zxL~;t{4A68TMsh6Kz#G@x8m_H?GeCeV%vouk?!+Xppfya$hv~Icj=3;425jUaa5<V
zE70+te${H>X38Yeqt=Ibif$F?QtOk<;-F{*N7m>eeOtMd&f3(e{0mKGUu|+Wi~o}-
zG?0z=F}Dcf@q7*M56xnMWEft0|M~DO*rw^`9^FXjZ!rj^*hr{x`<~1B&pVb6iR-FN
z`?bEh1S#YJAeL=@nqz?2(JZd=dO#gh;?GpY^HgG+#IaP#&8_`0rGV+H=7}w}h$$Ji
zJh8o5C@KFdDOv{?-u1nr5osRK@~a{}yXaE6U|<?4%{d|jmz`>%^_Sa^3j}-pdp7pA
z5#!dishtjupUiy7632jYcZWA>R~1ILh~^uZR^l(d&2io#nvMdEl_Kg_vQnMV$a}{1
zNF(+=LPH^1I-~ZDB;4`3d=IixUC~bw^`{K9f4pUcEXI0~D|?Z}iq))L`kAef1h>;|
z&Eq~w4xTo3en$3%`+>B=Z)R8^ilt+hnJVk`0#!H<Yknd%m%&bWI-;2g{2!|z3lF)m
zl_Z1}95yPO<g`_8(7X6r;n3|9?rJ8nY!S;RQ$YhSo$w^N9RA(4x<w5Bq_B#be=jte
zS8=vz{C4ax;TYI&>(grDlx#U~&X{KQxQ{uqE^j#h;E(;muX8m-sAK{?I@<Q>nB5a}
z{bWLRsdQ^8>s<Ur3J;fkK|8=!>Y>_S!vwl!8YvmJ_29=%sGZNlfx(}fRP|#mbLLAE
zNWBV_8A;<I`FK+nJIMq(DtqVOa`i1v73DH(12dlJW<y{$YF#4RU#={pOO;fa{>xMH
zzXSwZIocfz&8+9#ff@11fC(g@YVC!0xFEio^fwo*J2lzaZ?4n+=w#88(4MnyZ@uhF
znVm8^`%S7l;3x8TtVUgUBpWqH*!ZgrcOHL!`j+Ze)V57!v#{X^8(#d|owxAG&ZeVT
zO^}%|G|PKPfqYOS)a2OiSown|82f|gqzN*fRa?uN<F?7IQm5Z2g1vLc4UJjb!CL4U
z8P`?gwn(4SQ~5*e#bqGnmG&KAEC0E{zu#N`l_zV|`?CZH&a~IKCDLbjb0W{?K<Q3a
zT;_x)tf9ZOo)Et%-KTW*N?k0_`Y{#HtnHnI^`DDe|0|Tf=!+?N3a&n+(NWX6n6iSW
z7V|%G59|ac=ZO2I@A9VFz-cR~$6VrGRj$~Oj)`bfS!^?X6iz00BgLY%M<IrZ`?tpa
z!jP}RkeBsHxlQGy`$OKYC~IViyftVnF9k(=D9r86-|_v|(l4sBuWIFtGL?+?<oz2#
zHe*m70&(+5xjBDAYxmBK8PG*(WDszD>0MqlxQyQ2Q2OaR(%eYKGcWoHZ)8x&hDgGK
z|9i-Vfz(m!C%_DKahQA>wsX4^jpU8I{nxh}4U{=@4E4&ZOd-WF)L>2Row?6|l^-SD
zEq%Jt+YW|W52Ls_w7Dgx#?rtt6^ypUo{+DD$P%w1fJ8a%xS3#m2lUSl=z-SK2>)2w
z>_SmQn`2>K)Tt9rX1_mbG75TBam1Nq4+XT<c!09!@Zr|t?g@wLEOkq<IA__<EALn{
zM4%j@>`FuyG$v4vF3YF%yVW^d#4kL#iq$i+8590;Izpl`lB1ZxyOd}uf_O!N2;A;S
z^r0unMIu^&kwr=Gq?2V~G{*(WfmKPEFbRP41KwD5=IR^C1r(_Rl+cb}a}Os(f#Qlu
zroq0Gx~;-m`t&xNW)5K~I5-psr7Fkl8q3pJf_o*7W7>Xhc2<dX2W>)eE{yIA1L+BM
z@jsj51?5kFro{-@9>_^8%B^NdQ=(ToZI3qB#H-iD=b*;?d!5ek3|7OVjaex`6q?F^
z-I@w3oXf_b(wJ<O*MHz*J^1oP=fy$s9|zNO#V?a0pglADP3(5^jQAXnVgcnSkubOT
zb=r0gejhLY7o7x$WEwLTiTyb_17P)H%-k;_$sY9swkn9JgH?CQ6?)xQ9K4!Hm^UH(
z7(3xPiZJH%mTE-?W|E3DGRQ2NpaP2>N1$0%E~-vd-`k|h8S8huKl$|OF3IrQ>aEXW
zvduZ*=42E^n7;G=7IJBC%oO(4_B@(v&57B+HPzJrVoj>3Cd}0TD>MwRCM;M^UL$zZ
z24^H7DW^RV@yDuE#Ohn;YTU%e`4i%sz!sgqSb=`$dGA5Ejpynot0Y~tKa3ksjOeV3
zPC|;wk;}V{%&v8$x^$9Gq%hQl%ly4>1cz?}F{(V+&1>UFT{waKHKHfxHXilOoeSll
zDY*t(jo{(<9qL+O(n&JWdU!dAlEbj|S99kHegmq0M+PSHE*|2yl)e6-(d@1lPXl4x
zcb4Ho0W`4p;V}B}9P3e}+g-ed?TE+FiA!GvH&na3DG%L|?YlRI&J6r(a`2PYkH=6o
zX9ld5zB9~<B{{w3m^IQTH_DAYr>BnfCc6hmTeqtYv$IrtDuHhz<~^P?@{uDH80m(t
z(`_f9-zVTJPay-J7ayCj$3Xf#qDl^n=~vgaxJU-s4|i;QPUBPBUgKMv^U%yHClNR6
zbT`+!rB8PC-=i%LaHI}#IAecNgW|l3Ho3Ee@ZDXA8h~V$t^YVUBMO>9ea%vM|6`GT
zb1@C4{A~t>G#laZxuNrYYo`0KNAO_><CBroM(5&Q6W!_{Q^v?ns6t|UI)(8UJQf?*
zPs`&>%cDD?b~Op-=c+uDZh6CT*ABJ!3TpG8BbHd*-Pl{6=F2Xr=2ZTvcKynf!VBTq
zc{A}M#2GOqf?oK;(eV%JQjLoB!n_@{Isq8K^2vq9GR6~Mp~2E1Dxx|PbTAM^3K`-g
zXhC!S>oH+Y3R&T-i0&~)zJnJ7UoK}=l{85UZQYECPTsaPM<3)e&B-RNAg`?$kwRM0
zoxI$Pt<IROPIp@rXqY@ECZ~Hr3niQ{iz@e)f>6^e4s1Nb+s7U3OSGHIACEhPK1n{c
z<+k+|u{G|sKAvw@WO~?IQpp~<T0T=Vxoa*@POD_VRG^|#<D&onFE;kLD&e@JT^pK>
zCDDp>XFoLRJFOHg<P}5b;%~t54GM#X@Sh#>cJEYfZQ%CV+mQ_lUmskE8SWg+)(<WD
z4v76+8xFLMgQ@GWql&9+P}sL6<FzF_*yW27u*+*t<K+XfnNFA(Pj@I3*Oc_ybnS}F
zw0y7y)ZlXbxHfuBAds}`omy<A4T_fL<nw2EeSQ9NGbOW2VA_gyV<JFGn!drYvH*yU
zy(o{iCJ$@vNt%NZKp<7~iv0WmwC0E6#gLjLBkA;8{MoZDihp*r8_xko(wY`Kc+S@L
z1GY4CKZC^ovSdF@l{bMcuFy~YD<JP5KxOda@c|@p)eP3@8%m}%NTm?w)}2xB3Y1z7
ztbim=0;;X&V9}50#gEw7`4=24dqbGd;=R>L;EoK#PttQ**gn0_!+b1nCa>3LabT;3
z0gq!_bN#m`EXNCKuxJZv;-r=7EAO|2xeD7{ezb`#M245vXYFd~$$vOcSlWi?d-K?u
z8GExCS$|$xFgA|9dz=gG;(A0Ex6LiDF&)<=xsR!ye65-E=+XIBObhgtWz(f-Gs%`2
z_#JD&St{iHCn#YCSy&{J`xao{gMgT*`qo`s!TXvnq$5kF$W#)BiPk}@X0ht%fLbS#
zfOcZ~cKJP>-D(2**GhN{V0t?NW<nGHMD7#qP!iG9sxyJEqB%5!^g$3|I65jWVO>AV
ztHkV!NLz`;BW=GapM%TTX9PqDn?2rkOcVt%JwLhteVF@(32S^T5reF{0SNF(Qu<4C
zC>arPdlA0+moIsAh`A{F$Y^*6Op<g6h{*S1wRa=OnF+vW(eblK`K)8U+QpGF{n~<Z
z^Z93{?rc-IZ$28>+>{68-zz!DK-L!ocf1zFx*kCT%dPSJb~4MEU?7_f8m~I{LrLQg
zHTUL}PBuarqWTNlU;(#C@Jt5<Aa}P9%X1U440YX7Vj5qXA&U+D%~CFYxU@n^`atrr
zCVm4ZhY}Pot=Wfo=VD>k6d7Vdj%hUCbKZD=v8%U!l})bmG-Ae?bX^kXZiCESBbcUF
zP>8${s_Cr=BmevLQI7DtAfIS$YRGfdM2|>1`6`LTtRsJXW2*U*4N6dm^aG{J@(reR
zw<*~O)#u6>F_8pHp(Js8R8bY+;cuzYLIvtGc=NALaSGF3iu2zyl7VUgo-%afO2y5d
zQOnYX=a}73rrR`&@ch6}m(h0j@;fwX&0!%<@qTs>Ep<4bY;m1-h=kJIm%Cu*m`H7d
zti-p&pj6h`odLq!wj=@zRgd)4PljYDj`5sjh#$V(7j1QoEp%}k!urJw<++i?`Ys-|
zP!>Og(%WKoAHG)>r^hQ4{6f2B7Of!~uW8-XlVC^|i%Fp)vmxhNVix0HK<nrlWg8_`
z(ve7S#*SogLjL#XZHiqxKGyq2UXXL*@Z9LuHCy=lgKt#7ecps2dDhC1S%X?x$?M`q
zXnoTH;*A6=k+4d|&&tK2DvfG&AW9UiTlr7g)ghpIRfKYxeb{o;QO+>=zmKSfNm6+Q
zpPB6IVjzD%pw#k5>iQnf*f+bsHz|=cNgz1y=Jy(Aa<NocW;RqsAe^M}GC1vZ!Xj+o
zVH#6>uiB7vFB|3aIWnO=#(d!eii>})AG<97tgvyn52Aw-#!4n9<+~utZs$*HCF3^~
zc<+VgUx*adl5g~{biqeURsn2FU$A}N8{haG>Vhqy7;ztqFFTZFaZHfK{{F?#*st0=
z-}eOjH7Mawx_`RL0=hP}Wo~SGqPW>=?EFRVYfo31{tRnXFaN0LA4Pu4i*(en(9;d&
zsk@H}sb6t?dmso#zSxQ%Wj1+=G4FEe8mQmQ=^15SeTFORqAccqqN2W{8}K#YEY%{`
zS6^puVU27IjYDKnF|@%$>h~X_tF2^fhna^=`h71HKIVK3%xjnworaq-;lLnk{RcH$
zGak&4?KSe;KwC3vQbdtJ+xh!epebno)d20s(|7X$+K~@d@djY2Pd1%7|6G)l!N*Gy
zWF7a?6g3n+SaMk@-x_{_9c^g3e~W${AR_N(O12!3Q-O2AEr=7MDAOnJ|JtbO;+iWR
z9j~1KUh45l*coSLK&b8XI;c|Ss$^QEUbByxM$RuR?wAx!v@pr$G-NPC{l11XLxC|(
z3n>@UJ0s$A1Uts`dvc4megCVh)I18_<Sy4PMtm@3-SrL={f64j9U}TJzeZJuFz-kv
zMsz~g2j$PS@CWJGI(9Gaw$|?p-;cAXv7pC4zaNVP@wVL-QdvE|_Tt@<eoxI(_xV|`
z7I5%koS+NmGtb%R&n}cRtD@$FzZq~3@CgEs^t`Z9;sI&Rk$o)v><JNa-(#!E7N<$J
zFC2jI!sSO#@KQ_ui4|G9rh(uaBW#FytcPC!OLuOjvXi{?TudrO-`~DJqR(R-&D5!_
z3FgnL&D0C-q|$lD-$cH(aypu%v{UN`6!?jJ`^O2sHpW`*LS8!=*p_Km&eHP{sku^a
zrheGq1mAfTpA1aP1PB+$v{R?@C^^gTo><H`z{}OzbjXIYxyIta$v}K7Irt=LDZbQ`
zudUV4S>9xE6lmVK9IJ(u!FA_p_41!E7!4TpuIOaoQ_H&xr{j|W;o5Cat4kX2y%^TZ
z+y2E^qo(kUM6ubZ*&Z2Nk;@DH#0CaFYtLhjxydSZM;D!32ay`lUV#U@^Xb?5SPqq<
zChB7J#Wcf$L@r|@OQR@#VI}+19WkuETW;@AqclIeq(GZB$5*YLQ`;D!Pc6<EZzeKX
z`F$Ix++H%rf2MHtXV4j6TsRq9j)DEbHxF1@Bo!g`caH5~=Uo<Ek0b@4GeoGcamTDx
z<DHsoN76X(i|gt0@6C*@-DO)Y>9h8(%)pY8301QS#c5k&<ZyIWn;T_)bC+Xly?0f7
zrH6;J-$!HF8n?{23R1pc2)S@|dxkh_35Z9IEx!FsTZTWNq=8Zw6!urmU8gkR-<f4m
zgPNzto00gbvC}^eyepY?SK{FF0Ibz>#x>PNme1%5EXChg#Nt^+4qyRT-|vc5g_RkI
z8*4?rTGD6i|Iyj=_n_@&e<XX7ZI}@fJhPmyQ}Z0FeI!#oNyxl<z2)Oy;1Vf(d+gsV
zvUe|3<953?4)cN@W-xdhNG~mAUR}XyV~gY50TSP#1J%N|r-5MX$MUh%tZnzPHlaje
z+oTb3G5K<W0lt=1>(3Qq&BB8-LXC{iabu|&TH1R=mg{1)v1STR<K|=5IWr7o6(_b$
zZKkS}QCX9^5i$t!`S&V*va#fG#M~f~qOZ~inkCHB$u#Klh4<x}3hfwV8ps-@mGa!%
zQ6&#H$lcS3;A9M|>`z=X1aGs&k}d91Z{A=XVSsS|RkHc3w;Fz!OGoTQ^l*$4a<4c}
z>V1Q?M-;v5n<-rPz0`14tP{^)azxozo5$%~1|HLub$85TX*4y7l8^G-N-3ojm)oCz
z?u6bNG0Q@TJs^<rr^8;2{04e_U-c6%VVF)0u;}o;0U8i$c+L_3z{(K9o0^T_ttF`T
zJk=9$HQlAqF1U)SXV-pr9F(p9y8fl&xtO(6^Xkvoo8GTnKk6@qmcJw&)3q6pf1<`n
zJ@9+S$kO}w5yB?t<d4Uj{SB`|>u<zUf+q4Rp}6;vk$2q4YfwMt!A_m!<kQf}N6hmw
zuZPm9-C@~gCNbm3ZvDfQ=)#AoSSnL(*8YSfs`mlg5w07Vl>}S`Y!9RSq$buGJ|wC~
zQ6DcwJA|b_DV%ivJyn1(RSpqiI^lAIsLjqvg=QneUQo&Y(fni~A+iy`)XdZy_}Iy9
z%m4?!%{(M5S{h)co_fT~KP8uowRov+lLW&jD6QFiprrE!{4m<&4KI&q9R+~>pTH=n
zJ0wB(pTI1*@EG9}sN`}qzYU+Fad|mJ--#aFzq&Nsp9oAI-!JL-zxA6g?4wOHK)qiV
z0EaIb2)wAb9(E=l3d*m+!U3}k3%;U7_rDF^=ob21u30tJ%IaeNnL!0K&{_?M4FGNZ
zjoEn)wA^ym=)v34SY8!=eTr1B62VB}WG})!cx3Bu^t5VjF1?^q;2tTkB#%MWz7^C1
zz)8fLffu=^3efuzaA|Y7h9&)?)9-3=!Y3?^%O~oVGKl(R({X@0oP0J)=15t)4f`PI
zH)Qb(Gp)?$D*9}(p`RQC<$OAko|`$ASQq`%)euHXvCWUt>05{M>NNq5`;)F<!v2|R
z2odFFEg=@WD!0$1y%KM|cO_}(s$v02;fX=r8vBD-s=>hC@6eju;3LdwKPFlxL)3B&
zRo<RVD>SxP#2V6~J4GE9L)1#0EGxZ04IHW~)zZ13H)Violvqp_^06!;%PDfL%Ykin
z?ZTVd1;nc@tMS=4-_+Y)iMn4iEiO+&uc!W1k57rK`92FSSkhmM_Tsrk9l&pY%DLhO
zW2+SuU@{$47m{U>{+#{wY5uD<wiF2KjA`!45z-<7jM|9N{5EK|#|m!K#Cky-G2kt7
zP5b*=XT*y(^+Xjq_UqHFRI?SHPa5R$D~h+9^-b%n_?8-bKpbhV|4*telIFdXJXO9Q
zAK&k#T(rz;=4Ch~h82?6s2*9uj@;jb%OG*Eq@r;CvV5H@B=7k6K3)AUxkB{+<LD}*
z>S%f}?oiw*rMSCmad)`5ySqz)3lz8F?(XhzaWC%f?rtCN_h)A|XEw7ZXE!sGJW1R#
z7wNet96lNxMj{;2jsK;)v^qnDHje!5l=PbamTB1X8R;<MTXWCTC$GCD9MHj#ibA!Q
zYmN(pus0$w?3L%NN(wswb{1oD(x{Pi-pPt&pB-na;xHdev`e!(z=|Yhj?0Ikd$Md<
zTc3b_+_#i^M1_RX4?)M6+NGYsi^beP8=o=ex(*y_<LXxLXKMb_D|^4aMW~kLBW|gX
zwsocHv}wN?YYo|r&HScAwg_{<HKur2k>Mu0V6+ckPzUb!*nN@Zh9oe?bVV1$DFeYX
z8$E!p=G$6K^sbjY8x5FbG09S!jXq<QZVmJTrMa1OlPtmr2##HiXtr`V9DD^d)&D2!
zG(R@(p?^;q8GfRf#z%hg@`5ar%mvvAv)=}Ko}Cl~rS+3%V~`JVySR&sh-qDwK*6el
z$Z$x$BJzUK8OB^L(Y^Y68nZF&ldNof_Hu#?GJMSMf4uW&?u;YGzkh_hHq^M5${c)+
zfOzgp^ZPqOtR^q0J~CMCp{iLT#F%SrDg0zRg85c7SD|-^7e6U8K{I<#vejTl&o#yL
z$rqHWuNpjZ&zAVY<;r&Tlzu`~3$;y>SR?A8KIXFx`QTN5Q+ky8n^M*(ngFK5pqK1r
zx=hmd={fQi<+$B`RBJrUr4{o9PgVt4XvNuK3%%m`*U#q|X5WoT8=qt7-|Tf$uXQct
zNXSj0n$#)-f9!~Z?f!Pma9{ZV>P~xZ`A4d5M@jy>L?!4RCSJ<9WdcxSDEL|$z<aEg
zZ5DMKO{o{{hq1nZ7RBTem3yM#H>aK<`jf2BWm=Vc=3+($%t1=y|N7#~o9GeB5Ua)G
z*id<(3|te+>u2p*B5BQVb;o<EI!3OvnfnHfn7zM4h~moN3N<D%k?9y5xdjAV=z$!r
zAo}dCcYDc^))`s&JmUgDNlZSTaoe*INcZjZhD>dKU}qg=4a^cuzCT*c-n5bE&LOuh
z&_iIzk!-eLg|y)N>UV}zh`}}!nS69XTZ|4CH?TeP=ppgwFlo2osG6hyT2)cP!@*lM
zMre5BSGFQPOHj26kr1Wvwy4`qTtJzh*XO_q2f2rHB%P0#x;d|Cknr}so-<GWS4RBn
z3AmhPZ8gwT`@u<ddG&f%_e!%%6?FuFj^-@aB<(Yau)2%d^r=o2_ue`&6gfs1GhxPl
z<7G2Jx&D+r+fQk&&)n~r*SZdcYlG2>edGe?Q?Kl0Ag*8}Pk%{w+akW4mQcaTH5fyx
zs>*?7WFAYNytNHfNd^k)j)vCgnxK{#)hcQSwKl5(h84nbeiRlW4HP1|%gZ;R>!XG#
z=oon%#h)N}Czt?G-zEQ(J*EM))I6U4=+y&x2qz=_IWdChoDNMx_q1|IoeYv#GVakw
zArdPit8DAIP-PNJM(4PL?AuY@-`q>AkiWD@_q)l`=Tq%Pjrv!uDXR5{tIDtbU7)Kz
ztkU=UF<h%esdHl0!B{Pd2LF<|k298#=Fx(OY(`@)HHt=k<{vn;60eI42`ifqG$KoC
zx$l(K+$*1lb<!*P7Z(1<bu^93Ef+H%4X4o$oWAYSPm!k#=lY)S#0`Q+Z3})%hRN|3
z7he-*w~qdMqzPI+^uk)HMh$+b_J92v^41pf!1?E9{$q&7@-qnb0&J;$dZEKHLkB@)
z=GXBa5g<{%i-2FzCG>U?Zv!)Ild}n(Qq!IH#8Gr^yTy5`Q+?;>Df9$vtE=$&q@Z$T
zzk=vanFQB|PYS7lSW60vD6DPQw;X7hBIqsxgqp<Z2OYY|d~IBbE!M!1SGS#2BCa-<
zEjS%!v6d&dot{a;xm3~`WAER-xI}xMuz#YrQl>LWuN-`TSJq*y4m!SVB#ez5OStX4
zkVPj-5eA$NEIrlAu~Me)R+>cjz-JE7jmYbygKB>Slm44h7@x~K9SR0>f82q?^e1tL
zJWDtVIVR}|)+6+f=zqQjdu40uJtXO=?&KD@oIul1mh&i_R<HKm+a$dIoIraT1!Eql
z!T8Fa=D0aa7?2=Z>2F6lc{GN$m`v)BP_o7DW+X&2B=OD-Q9X}w3(L!FhAOck6x{<D
zF!9gKd;&Q{^Yn2;==(z$=r4suNI1HDA3)>M8h7q)z{vK<+D&GQ?h*WiuBkrjSJ~w*
ziac~e=-#M`En;+Bdq+=Jd9t?|woc#@j}Wy+_^d?ccK$9=+^QqL&AAk|y0N{~kTFL6
z=I*wWqQEWh2ii|B+FWHz=-ztrqffR^`!JxadQaU2Q7~+>O*CSR`S1RDiyGsU^Z%N8
zbHLG>^1m@AlzuHSyJvdQJ(GDU1o@RXYTDlqxSlvA3@RkoFm-P$PlQI8qhq2Sp&qcq
z1XsiMDY?Vtom%H=ma#vcsH4@2TXd|R$XD>;7qA^88F!pY4I_}BZ#|=z54p88Nc$G0
z8m!XRFE7IVHCzJ8tZLQ9MFdWc;fYD?$=5MQ=YCGspJ=9DMOZX$dV5jO{COmRs3<5l
z&y>cU{bqo?!zV_wtsm%R7N5GIPr)}sWbjB1jig0|0po(XA*(EO>~W!W^F$q{E=a0i
z7V@x%`&p$m*MetDZ*|u-9On}^CZUn7gm?j={#zr&Zd)uG!042M7gW9kgE)FTKK;($
z`1i&((l!75F@jK=!3hf5b(<@{)sNVC-J!i0m~R-im$nIT#HxYl-*92v##ILyCKao@
z&h`73hspWgcTP_d+K5EzXFl$E4UM8lyUVobNH1>yY^6&WJOAG3M*6DwTEh=9LV*7|
zUgzSwWQEc}g3wTkTuuNJq_L*AkBU06ql}1uLIa(dSU(!e2sWA)b+P5=;W|gfU+BO~
z#2J|NSHsL?0VIE|w?e0M#|I#5AhS{LTWE}KGddl$&iBMCM+X<K=?y8R5Nbly%YDK)
z14dmlFbWC%lbyVYiucK*|H%;kw;3A3^9|cwmRbAWfc0ff2(OQ3wJ8k0bqw1Lk|8Wf
zC+VfAHnEcFTlH>x{U_n7R8yCX)u=<Fr}4R>p8L_#e_b9cUa){2%+go<N;g%+JES>K
zz%nr@@EVs$B&q$qfwogh9&!?0w|kKjEKnJPd*KA8gLJ`|(?Bt$9sKgo{Sxw0&-(8X
zk-x(yGMrmPwOO^7V=#9*2TY94Js8{rXy@;bsWBefKK*0XVD@{e1R`^&fx_`z;=Vav
z3JFVX!X^L42*2qZz)36Yl)Qrn`9d~m+Wa1F^qMFlDO-fYjoUZZg`Y|t_T3zq!pmb6
zh5uJn3w|yTyPx8cx;rpdmR>=eH}&{}{n51qhDh?tGITTM#_1WJza3hZG*qUAQmQy+
ztVYl2zUcJC<V)+D@-4r%Hmg&*Et}EVrooEay+~yYocLwIsY`(#hvT>V4WT=I=;O}Q
zsfgNG!nu}!d+KgM$^MxhA%>u8Bj1GD7<Zp4JtA(L>7vu~o^)e}O$y2lrBHD{OvRI8
zQvNztGzUPHzM8Pe%CpdZyLePfz7sTk8Ll=Kyvy}nr||61QoCsxz-6Wr_rQ9J<@>{h
zuvv)i^?4U7`m)L)Ww)-ZCi@rnE|-}_8yY`-yU#nq5SEyGY!R&i^dGUuFqUYEF|P5v
z3L20o)PRHo-%Z?1__O1T$3s;P*6nV=wXCakaC5gnz~W}H(ZNvaAz);MP;HPoPu5}}
z1c$KF;w`RP-GsfO1WN`Vbeg%ffN;0JRBft@LCNl+0j;^%FNG}cJciFBJyO=yP+`5p
zCnFeN*QGXC+aKTfJQiKitrpL|DzTu3ygh)_T+!;wt@o)BQ|FijV^6pHR24}|RX{AU
z8j}d)Pkd<M@IW;m4k2!`jGu9DM2?)rDQ*81CDv!D)6)}U%59~y57$w~=5b9`*c;)C
z_^F#w*&Cz3?{QaF*t=}ZJ?U4$cK+cZ)8zj}J1LuMxWQ{nj@rlmQ)n4c?PQ|6&lIFr
zE*-?2Wc=ih2Qd|{DIEoTN!oNwG+tFh$sfVZaVg_q4YX4fc9{BPshKneyJSb%#fSAa
zLi+cNKa{Y@)xli73I|;**Q3ofkJZ?da)5x2rOFk%`_Er3^@LKR)BJ`#I&6`v%)fI$
z^pcIp&-zERPzBZmW3^*NE5+D4rCjzT-X4#yqEA%5<e%9(VFD5=#z5l>tHNp(bdyc#
z>YV?#qb{e`1sB?JUB1@Rfq0!-P0qKcgcDVWz7ttnN2h=1yI$HhB=nsLK-#Lg_Rz=&
z7Vly4_v=v0&2==xFLr@v+A?c(MN!j-Mng~k-5-X>v+wgr#FJb5g^-@UXRG1|`I<~v
z!(9%i+G*axIO{x#-dBE7X!u&6xPHAocc5^nL&tU4iFP&xmv6a4<U?|(1MS#_wkw6&
ziT3Kyk;O5Di>q+Yx9njjo6gDWG1vKKw`e6_>tg$DL8+S8h1OF-vBh&{4?>9;g~ab1
zvJEEX+LKD<IwwmZ%PR_~>K%r8>&-i(+<9Z%<8w3;p&hk^g8pSM3x%TP_7l{HDVhwg
z3pJW6mRK&;WHA13rDxg%W88jJ$-bxJ+(YwDD3>7!zO-gZ<@Rz}`xn}pmV^oiOmk1n
zL<Y_1l?!m=MC3G#rCBK#t{uJCPsk|7tLhj8gQw1MQ_kQ{fcz=kw+DOnZAN7);!P`>
zi4_68#=w`EL~T;)AKR?UKMCv|-aLY23VbGhY~qxfDfiF?yWGGGIR=<i5)jQx9t)Rw
zNr9gNRg=6-I<^G5Hf_)pd9-02G5`IYYmtq$ZG|iGOCa5%2*t}f-u+oTNR89#W&UfI
z-L?}NIm?AILLZ9HErC>Z%YEXe_nT{`rpLHbytqS0a}vo_4DZ0*Y}M&BCwErch+&2%
z++1otKEF8`taXN}^YbCnxIfy}4t?~Yons9FVgNxi*W|_y6Fwb8+T^r5nYd$(co0N{
zb4n(=Q&_YyWt}w4h9g&KFRx>mv%wm#eV7b)2mN77wTou*$j00^hsXm1WSD36R~`QF
zZ=ly79sqjBc@I~mcw~H9HG_EqOpC;yK(q@pljJ;JQWsMbK(#PaECnh)%1wQlI}|CB
zITWkIh@fiqUk(-G1Wc0)S%jsJ)|rSrXa?%au;mb0S6K<)<1o$q0vMa9j1+nU;36*g
zJXA!LGiLmYRc>q=8MKQgDea+*xW*9N#xG|dNas>9=xAXQllp?+I9Lnd;!CtONuAq+
z=uzBuxhUn2gs|3Gs;vG|HivVZceR&?XKou!A-(AjA?2B~n-0y+FT(D;5dtjsxn1xk
z3HBS7m1m@`+$1R&<DlT?V^TLC(#iOXf(ABTsqB-Hp8Q8n^Aa2+kECHMJyuK)ugXR%
zYr5e~E#!$CwZ4hI76iOP`9UA|!9O|NJR+1oseF(m`dmkinkDP_LLV|v2S*+V=Md!C
z;WWUFJW&`OK)B$>=fPGY6d{u5+<OinEBPz4ZpCTm;qQIdX$LPg6ZdSCgaDmR#u5jY
z|8^WY>F6Xtvc(=87eZyuML*FePPC4RV)Z>O+>z^Q#<`Xkv-n1qhIqJ$FjUNqpxvUR
zV|wkPVkBV&ksI2h>Olr@TA?$@92mpQUsrbc8kQOBGy3hS5T;V`o1eZU$S$?NxXfb-
z&2L{$WuUuIrv2m3$aC8$NS4Tcd95h_xV0?o*CgUv%ARJoho2cshS;Vc87HfOmI<&)
zs2L}FLS%ZmRL<!kJL4F+m<>mANBbMOh}`15h*PH^s2p{r$PRI0r&#>fWpF~(iAM!E
z>C!^*?br}dsK2%Bq@XD1z}4m59z)=qDMLdqkMqqE2geBKZLup*Bb6-?58siJW8RZO
zQKv1s@W!HIs20~KqRN`X6v=j>va1k(n$Gj^Po}2`&wAk2c(;)4oCq|#!Nw>_>YNsB
zH7n~nIpX|o6sYA(&iFU0N}NkC>I|_^jvwgFZ=z2Xb&u-hG2A7?vnrCZO_H)9fOQ#v
z62xwm_&1gUp_Mr-$%p(KiOn5q*R5nC;etfWoI+chP;4^l5qXMbX>&U@Q*8`KSzuog
z8P7XbQ1+IAU|bP3tZM_cc7CAdo`_>s5to7r(&cckpL|}{Y2i4tp0IoMU(ed2jD>0P
zTV6eoKX5#O)`<yw4^GDPR-@F@1o3-%0+qxy)dPAsW{g^zL{|C`q#w}C4~mubzUdK~
z9Tw<ZqaR=Luo&O>Lr}OZd#~n~GaRzJqsE1Vhm3<phL+l#bgyCiK`afIjZ~gvxJVbV
zVew9EF}F!8_uK>J+!bZYa;e(-G%6tid#FyYp*8xsI-$`UeB4KTpVCC`(u84>pkdoq
z%}Qt=;Y6;gGu&~1ZxgxF5@)<fm7rnJj$#pazq^xT%Yi}*9an`y<qoo2L=d1lt{4%e
zn_^l!Tx1MP*y1-n)Lou;bb8+r7^of`%2~w<t6D~*eE!<k^~j-jJ2OSgwkxrGz8nIM
z7IIjxQUFhg3s>k0$6&$A^(&IMTF6ppw=w6-7uwji(LD3}gERI@DTgV?muv}g^Q2sK
z<E=L_kY;LjPMFuZ#+AA8Cegzm2Ho%5-<|m?`73qGuWwPNV|gB)5s<tyF}pKSF5JQR
z*Q31*<D-nBU;Afoliw+n%mk6<alD6{zA4*mu*a$Kg>7T6ZAi5m<zF>QUhH6qs-kWm
zW2H5fAO`@lVSKr%9Y=uQ3fZfj&RMi&odYDKcIUF_B0g}E9gfbsK5UyEPGlfvku%++
z62{OE8KQF2#z+?#g#T*|KLPTUdKG^oIB0*!qig-g&|W7yoHv~iiRd2~S&ZMWMtpvo
zQiGh<sH4`XZ&1b&h6!oFL3a2Lh=m=kO6**3IqS8P7w~^w*=~){jX})4-~1V;c>c0c
zWLU~RXoh|~qQ_s5Kk?s#Z!sEFvZ7F4k`s0%pRuCYrlEef{i&^i=GL`lPN?@9-K#Li
z#CQFkvC5zA2ROFrV<I=8_;{1|iasq?$Jm|WbJZfL%yym{O5po*I*UB`*xak}&~eJ5
zIDOmPjbx(cnNoFgS4DUx6ls3*SU0+9Bka)`);`L~M&dII{BLd=|3d*#?$>`@jV+&u
zX!UB$cj?cl?WImDEKVEG8X1;mTMI@Pc}@7C$KSskex*bksL7Ob(_=1JoF6CB=2+9m
zZ1(S)6^a^1k2_0!LG~-NwHw)B<omBWp6PH0(Ha_jhjf`<Ue{*0@GXNw<8c6{)9wPW
zT?<3jc*}OLVpiW3L>G{OW&V*Dn{6j|L>{~Ptqs|!P8=nC&)^uoD2_Hx-(F7RN2~%$
z6@+F=9bM-N4r441*}NAcAgxYN3&YQrUQTm@DG*Qm>nlv69)ly5MNSCMD)co8&7uA9
zuVORx4?(*D0jaeqda)0AiYg}irHgD#{ok>>QSBXPI+LB&i_WZYx0O@wzI2<EkbJ?e
zlE6mDl_Y_(d1wUN0NeIMcczQNnYgE$hbjT+io+zE=%WI8`~ANT!^~eaQ+>_16N$&=
z?bs$@`)WLWJ;cKgzVIM#jV%emHq(oRq<@8#e>K5hNd!jYo|l_|hPJ`udiG_P<iqEX
z_t^J6qsc!a{Qefl>08UBFj{C7$KAr7{Ml4`ARqo0b;EWO(gb9;9TA9HD<ayScFWrp
z9~q1Nw3P7ZBw8+xdu$+mBk|+w#yt9$b>-n*r$9;zGnxF#c5|1#XSt`ailN?2>51Pe
zghS3a+J*G|uJFaM>H$b}4*%ti<cV6Vfh5TZD#27Z78=s|{!}_+X;OVg130G}+acF@
z__mSrtLikCBtaLu=5g=Sk%)z?G5j=^L&`ITNsYI7n$X5G{&`mX9`_flusrNBCN&qv
zA4hJnplq@`ulOx^SJ&G{0-`Zwd$WN|(O(svW@#9Gz3ODC%^aguQ@rSQ0#Z!3Gj`6q
zoD^#MIM~CN6sZa}@xz(C=pY{S4vE<{@fn2ro5(Dmey5ttcq;1zx<ddFyfyEr6NPol
zl?H&D(S<An>u)C{%>WniT_j30t)zdps5#~_Y#;n5PL-K@noCpq-IfE0bsNh5m^D#S
zVXoj7>X<mb<aH|kj&~ba7=C9WhtIED@EC&O20w#LBTb(X`U~<dTulMR&0O{hI5Fc{
zvKgjWpWyPn$n~czsvz*zp#a0spE9t!r#9oypGjbJW+BG4lsV`%v(Q!zX?S4N@h5^`
zQWJX)VsAAfc-9DH#)jkjq4cC^()a<Z<KjU$;JMJa#^m={B3$ZL3wo_u-=VyVE9qs#
zn?Lbi9d027FtOluqFv2q%@bV<98jMw+`&VcxQlhY>}qWe7s`Vz`ufUQ7Qy56^R{DE
zYpuI$Fm#Sp;GCqb&m5qnY!O+C?Et5gm|7Q3N_RNgI;m)+yc)Yp=}rGcIAtk#Yoe^>
z0Q0Mo8lU7PU_diSL3q^`>8z@-C!7J;+&+9Q-s=c8fOu)~d$US^ZFeGo0oWNhbn>fe
zy4R@IE;efceohb;IJY^vMX8~RbJF%JB9`*z+c&rd)kZ^r@OqW9no1iwdK--(phuJD
zMGF90t5Ozgb|ZgVQ!6X^Da~*b9WK9=_r8`HL^$tbEJHp|r@TMe!>LW<Rr#W7SGxN9
z@%tHqcDGkneks5{$gax!{Ncnhrh22d>}EdsyZ$$nk`1-FB3ykX-N<rRnA7zDC=@pf
zAtGzpLOY;#9?U?>31eMFZG#A>aJ!uo9noA=?224;;aEG`#tFrcve?|SQ%qrcFq9Ep
z<Iq1Ct+fg$Z=_BtuzuW=uTw!pEyfiP#jUJsp-I}<43PTX!vO#TSK4F_%6w7RGk!Mk
z)seYEibURMm-C8xUWemtm#VJ)<t`j`0p$;F_Eku;9mC8$*-E8K%pHzLZ#Q|hz;typ
zv!=QI3cvHFX1d9C^6l+NCh_2q<i$c=@h7Y`Dgoa$fcksPkF_&~fm6a?a1lTLzw}lA
zgv*wYycWJAp$yF-)f=r==3|W)iWBa@Mz?vYj#f$ME{*rtWoxt{(aT@jdRZ;>p#KR!
zL0afRN(vA86aHgax}%#E{`HHn+u*TVhFYx}_9*!cB*G8$I7T0DUoY*9EKT&e@Dy>O
zBPP+4w3+Q)E&M#8d;{<T_fgr8Q#cD|>H^l6&-VkB<>Y*!kEsf4AKzPa<w+8}QPI7J
z_XBafQ7P_X$Dl9oesrvhFyPpn{CX-4)q-XUp;_UUBCOD^(4W{O>r~-~qx5PiF8HMc
z?4b(m{@wV;mssrRdm#WE#MWr^i=Ly&?&;F$he9~1=#bRulL(=qZ3f}+?hd@}&esAu
zR2T2P3-3Q5L;LIik*gVK!!*#7-@T@O^S)^kG$He&BmM`>&2X-K^7@@Nx%IMni5?c$
zN4i&R69~!wpW>pBz!CWn-@<FB^piMVRe+DtpkM_Y8&Mgh`3NE1&xOnRP1Ae-ETJd5
zUfuV03^-m4APeQ#i9bV}!&i;D#-uc@+#GDIQ$S8hrf0arNhw0qa)e?&PH(rO(rXFM
z_O;&R3rLYau*jiiSVQpkTWgntKCy6ufR(Rdff)e<*sjq#&nHP|T#5j2SOCg-q<>Ym
zlhS&REg%E+G_@$!{GLP>XBZEIw%TchphKjQfHpS4h(G%+7n@SNZR!?xJsXz8LfsRB
zhnwRm{P)Fs2X3y)SBarpAv<CaOfQ@A4h~8%Yf!9Dgv<OEHA)itX)B|`b*4^0HIsV4
z3z%8SZ$AMJ50xx7b#Z-&7ir`9M#fxQ{lIRp`pEf3UwG?R>Gf}O5_m*`(Y0D}l&+hz
zF$ND9gJl6wuRo`13kg_gmS<Gu=mCE?zqo9nP;d0T!+pC;*onH3z@1Zw6qW8EeTRd6
zk-AoH^e9#PgVQAv{%GM3B7G0`ASKthK^aOio2oLAp+uQ27w+U*il~(n+*BG#qRFv(
zIpt_-P*hRTUrAz!>a2dru50I;&yHQwUzw45hi809ZgLUx2l2ia(yy;&*OYeG6%M4i
zWyQL9R&36OZ=`+zRo>UvtKDdF#miDM9^=<96IF#x$}Yx9`dqgLHVDr;HM(Ok8`~h^
zdm-27R#3=*$e4W&_EP8P0l+TEMpHW;oe^w?5?@s9$1VLCmQ8LTDxav<L8=H`LWtzp
zcnCTJGRYGn;TQ`eu5=2os@4H07w9WudP@uQ{e8b_oai%t;&Y1$^xg+FMIpG*IPmjV
zs~f-WYc$RJNUopN?_GHKeo;3uX2#Xzxqi-+Hs!2&ICA^Z%LB_Tcg2X3M0C1nRBRLY
zWC+aaTa#n*!!<l(nuhv}mx~pQtT9PxDn<@Dt;GCgD^{UDDsQQ<D}m}2t@yyERxgM1
zyWHp<`{FN!BM1((ga*ZGGHQEfnI=AoHcUL^)kL*7C4nk{_v;EquC&39SI6E2v0}dV
zyK{0s4{M-<aLt{3WyhiU^1PZn`+ItjFFFBXv&^zuoYC_9t2jD-3|R_g@zc`0&QR6C
zF%1IFUxBE5+2z8slNw9A+)6cJdY81{0=U|jF}fFOpj=Y;Ac-<H;bP^_^9uAy0x1vE
zf(_rHdargl#SXO9nrl1Gfhh@e0ToOvCXz)l$45!fWSrOIy2pa~hcjU6Mc2K2-F@tX
z!(aU|xtM#2ls_ouEa~BKP!cpBH}m0!E9T*Y*{lCs^TB<B3Us1W2T8-SCa1W%xwc*h
zX~edDKxOE!EnSn@PW0Mt<469w`k`scy%X$l?zP})6w@w$K_F+rqO}kPQ57;*oXHc0
zFZYMA(wbXu(J3kC=`!oy9FX(0W&xrSWBwvFMeOWM1B0;#tn!jn*auWM>$>OaKSKDC
zWal0i^WpX3>GGoyM?`Z`jm4*6V)j^TUYk<5xY87vw4TKC%0!w|N?r*A_$Aylid5H2
zes12z5+xlkIRi<jsL4(z&e;MvqcWs6x#)EjiBUMJ&99Q5>q@5z(d3KK-b7ViBhFUx
z!p<$j?N%Js*v|8O8aWg>b<O-!F4>NA7HOiMo=NY$(ou~~bsR?ZsKsv&;pMWE@j1^t
zg}V>Gl;ikJ3*;2W10N&1eB3reV6;Zexf+E(()I_l@NTqp&4oA7wU&G(nO<vA5^4Wf
z7$Sq(4tX@m9U<v}Hdjb2x45jtUyrO>C=PYGs78-{wLi@wVaY5>v1|)z_+z*CLk~P3
z$}0`hI|HYyaNEAzOKmM%Vy^`r2}9@<(TO{@xH1~7>XBK#g&r}{q<mcR=M|^U?<l_{
zIvRYHJ1lqMR0cJ9Ptoa&vsJt)ivcIqed47bY2^Ld#EW;AzKL(-(5iC&>x25EvvYIF
z56KS$>x+ingeZV$(hgqv7a8p#G(SAb_rlv<IP)PX|I$eh;q&WJeVVz3-B-sNNJl?s
ztWJ(y_{yR7(8alHpup~br>&oEE_~Zj*Ipj?(F+k=fm((cn<wutsY=@r(9sJCD&P)u
zRTlve#}Gu>l3ZL$ZC?d5(c8MIbaT!b(Vg@$6K4HppuJAWh2LampkFR!fRB30C@&WK
z5T%UGh;yw%O(mOTf#&fJ0cp{0IyvSDG_690`HhHd`8lH_W=|H$kZexjyI_@-_}}Z-
z8EGayU>{-g?|n)IVR<nRAGg4l1->c#Y)IL&%Px=t0;NFN=Zvd|#Zo{V3QPZma%)Pe
z#2}*RTkj9BpzNFj#pg>^kc3JwMj}n=8gtautE%#M;esS;9Yt=m!^dOr<C2tFcpIMH
zwW}RlpZpDcZn+=X;kOw|!$idxEAV@2j2mWEsoYvq?9ex<Tnc?bqnu%$BkonL{iVF%
zx|le8S2<bMMbg<v1INJYK+A|^JHf@Zf_wZahnjlFEa<e$lVl&?JYjm%lHXmlT^n&h
z7q$1R$H401vD(IerQ_xqwT%uu+gmRDTFF-7mVrjEPaz6~PAY8Xs1_jw8fDZ)?NkCx
zLH~S09>PY&U!O#McTOJ#RC_6{?lQ6x5Q;E%f~pDQIXDbqNZdjiY7xy)&8ASDXUq$t
zDwBQ*g`CCxXL@q6Ihz!zlb|q1MTgc~KR`d*BN-Z8@GK0B!m1=FJBC62dg5v8doYr0
z!$kuU2#A#13u!`2Jo1BZ_(w`P<>toic|LUrVmRY~Hw9*yx*gNJyO?1FgWQ)MBOunf
zwAbV(GDlyT_&d*POJVpX``^M?R_sEty(X*4ugx|~ucoRXm0OWDSr4~eFM5CW*C4Aq
z^CZltaRya2=lB5OdU6OB>2<Y|rOzA<W-6X0|2Og;vV-bDrzX(dEUryPxr#bT@UT8Z
zpOE<GVbke*qd&IcB^`SV!W?H8Q*4lK*yGzvbJ=VatB<$5GcpllPW8Z|jYrE&OX+V(
zf3@$NQ6K4YKufFRz?J(aZ*c@G%XGP?h`%cd9O+H0r9Y4nXKc_dHj8S1pRKYv{f?L;
zbA}orxX#oQq#KJ`2Bzn&&7a7FiCcxA$iys1VVuAa8XA0Zg16Xn<c`=tG-iPHPf>`5
z6K7I@5tv~tgc0*og2}PMN3p;k^fw?}Uw1lhBU_#zTNW+sG<a+WacRs#b<0Z>I8Ka{
znV6t=^ijN6IYA!2r1ofKpz3&tTHPGTf)rAf6Urw@{+c7meJ5l0oFN1~aVsYf97X7S
zDTRb?-k<EAr-UFzXCMV<q5*F-S6ara6S;nMXHgPu|Cl^nmYZrgfG<>$O(GoU1tE8t
z7KB25z2P5xHA#DdnvPxVi?wslO*2628SJo)MWR;#CBu8tl6TBX6P8?9I`9oU+DG_m
zeW<|0eVlwQop#{$QAhYqXPXZ>Y3H3exyH4M$E)DW>nGfCD&5h3fOe5#PQ)K?z#hZh
zn9NrnPo%*vE(rFeoD%=J?A1!^N`tG->Nh)z1r44A_tXklb<%Hl(GL|^&v<?(@yT)#
z3!NlI%A(Yre!hisK9mBuOz;U$^7-N_&&m^ldi`Xs%H4HlR#{_etg}|<Te)K#Y_n3Z
zk>lh?Z=Qikw~e&;-0Io8*mF1NZ(o&Ix55W4+;B&G-N@&N+=Scm%5hND8Dgs}f`WlP
z!82I8jj=U0xhbFD6044kBjD(<r2u#PVnC?~lL(ssb|h|M{=5v@F0Vg9O=2J{BDMub
zv507ZlNe?6e3eBMhFV+Fv9WH|QA;ur;BKUBJ9NUeHLunAvlk1QxO`DdH26Jk>v11`
zSpWwcZIaQcS)p?P$P*!EPDrzAK42uAKCprnHP;wqNO(2{)qR7Js58x(go@3GHqS4s
zZ23kET9j#^P0KY!z*2o6dursSM%D{zhIiedNJ()a0JzkO%VQ0DWAHIj?e#aq^Fuow
z%X~?dGjbl03c}Mr(7aMO>yd**<;P;GPx^e@xx5;}ULbIbfHKjXMwu?#^mY}PO@~LZ
zzQIaAYo$j=MI?E}=OG<covY$Aw8*o2H<7eWSm9;VNnN}qAK=cNyW(_=No62><S<0-
zVZpuKyT8I}TSZ-j5KfOy@Szl7wBsb)k+-CyBI~S_QIo;s*ZLr<9eH~#Ym9!X&!^VQ
z8bw@;LkTsT8`g^`FO$&j!@XU(KeP8;M}Da_V~eqeE+PF6h2(*V{gt@b{BxHkeQmnf
z6jt{dWjoWoV!0bC-EW1tb^n&evnYs7mv5{$gc63Bo1TC6{1TO;lN9qsb9pp(83<bk
zZ|3uI&Ob{h$E>R8!!fOL8fmqE&-faBxZlQB3gKmL<S>b+$$wi1pSoP<)ntz0H;T=1
zr>V)GsgAl*sc6laX6cDF&-xizk+rCfdQe@nV7EuqiDjN~BIR8<^9QrQ9^nw~+Km$C
z>Syz4h4wFvdf~E22#(m-ihLGt0O~`<zbwm=B3z!0A=dQ-+?h5>FAGip>L`F}icM#e
ziVoX|Q1%XqLD|*IDan2cuQ)euu=hj0qP3}HhN<jJH?0q{PRz{-LpSz?J*x7S^Qpw`
zcoe0!3H{XdF2atzk*(y>$dh8Y-kyl2aI<n(U-*^a4j;8i9`?5~uFluq3y0k8yPNvA
zlsp9Wn8lbUxLkXRg{K>vLK;P(@9(CnRS-(=8<sDB_cTxzczT`hD#|_tur8p#9IE{^
z$dz3#bno`@R67}byyir9+Wc}@(!Px@M0WMudvfIt(UalI3042*lB*C|b8q*Y>mW!s
z$zA*b)JlVN&G3fPQdwW=o|G}^Zq~P{J;btK2&Q_y`e8G;D2E~sH^?JBk_|%WS|%*8
zSoF2E0@f&)bB;a3-lp4ukI*;qt0ae$?woA5mv~o^!U8u8+p$95-Ff#|qI9TYLm%$6
zt70!bWBy(72c{}P*YS5x%-pWh5qEZA>R(ph&V)yL#4x?_$4j1KQ<2>l#v!1edPa~d
zFL(n1(DB8s9ncR~s5zRouh($^Fol$Hx$g)riLH3ZbM*?_zB-|o6r-ym^PymU5%=#Z
z3Z=52Qx-qgDSE$$O04Jcu|sR9(CIeGW+w};<wo(RlMT+~_B0tCmI7Qe*zOfD0O9ii
zm#ZBX=xqPuiUy&z(}uQmi%`~(VfiFNxtL<4Qj)Gr#*8rlArPGms(iX!+8gVSd&tfX
z61**%eMD=}Zgp5}E5WUz7k;9I>~YS&*hM?X#eNTOFw}qIBk9C0JDc!2CQ)%lBzTy?
znU5sprx`J52)fqxE~|hZZ!q~z*-R%QE{ZZBJz@mD`nuJT<hWi+Q=5FQ;#`euk2`{M
zPD^mbbP0^=G%_8u-j@4kY=8&O#ClfUWp7&ZYB$qlwaJaW(JFmq>emw5cD2H@HjI5e
zS=BHV)>P8Wv{c2LZ|n)Yqth_}nFc@E@8?HDEAgvG>Pb3$TI{%7#lM@Dgp}bIWXQqH
zNBo?(kS+0F957&}Mh`OvztJR?JY$!ML2S%VwPG3+>L4Ghp9oy=OLV#PX~v&Rc{43g
z%VjI;rnwqt&dAbMDz9=%4N<u=RV@AcR84A?*Ss0xHl<c9p<FkmCOo8(@x}}5xr}e8
zt1ba}pA?P0Nzm*~xsF=lfif9+$j|+xv}@<2<el_0b==!^ZVA0dT>blIbx<-9VIZ9u
zEfuC_ozhftzCeoqxRO$B1t(0+B8s^QKOLZ`<=x|Bct;9Z3DZ4q;}JAt%yOOX*s=HI
zDi^NmXt9IM3&&5GaXs$pNKGf{Bu0T_SY_++PMx%}G3M(wp_hos?D`7XfQ&l;Bkja*
z%Gtz^07L<WBK-~1ozO9)`x$|n*ElCQ(c-V5*>2v<=4rlU*J{>H63y4}hyo`JsF7&E
zM=o)-v(oW-QT%Bh%WZZEW@`zZy9%|l((^rWiASHlYdC;Y?SraqN24UJnr99_>D}JS
zReRWTNW>H+pk|Q};`0L*A`4kl-r%pJ=>?+fFGQX58mj=vra5GFPVZVB1xKma`lYy>
zt?Y1A8ptzDUa0Xaa+HA2;7Hh@K?pjg(eT7f=Yc^jfbPI(m0I$c#&UpC>EbF_=mu$p
zZ;VOBSx-sWc^M?K;18b%fsv=l`TPoxerExSyO$J`-v{_^I|}9SDgX=!#59PCBH6dd
zt21-5J`LFAFvvyp4}1C%u!+XJ3aY-<?jL)8zgUEvYcjbGWQ2E;$spMlYcV9MDaooR
z@p4+L<ecX@fjpbBNdI)E<kzxgBuB}=$bNsZI9pfEgnP{5!P5vtHA&(*?MTKqg})ey
zq$?eBfJSV;7;PHPzC8gzh~4o>|9pxwJsvngfbKY?e`~|?NModP!=!jQ&kSF~Q9#o~
zWX8;!wyZBF3Lswp_{aetg}+!4&&}O%`fp+^*v@~DJuNA>d*tJlUJgZPbr<RtcJq#_
z{)B>aP^{R*ox;{kPJ@$<2;9v4ENAHXnFm={)!IkK_^0UY)CrvP5H8eH1iEVM&ll|d
zX0-)!(NuKghj*~8PQa<t=$)`^>Qn|b>F9VX!=Y@l8=ACRT;zwggG%-~*C>6@`aa9c
zSGhLfpmiw!IAgKT%(iqUPtIjT0)zz8*Ak+4cllPGr6&hY!vVY28l|>$MY>@)CTqjp
zZGIr^!*DRN*q}q$4xJ4Wb#i@#p*Nh!1FB-PMqsDvh3Ka(3GEWmJ3wWO_ayw|b>%x~
zjsI&7D~V5Ams5Z7&vl1ew`u=+{Ab{k4HQ&ivQvkT$Uv1gf$2citLwMzLw=K?s<GVy
zGTMCueNpIdtt7^a?8B6EBb2;ux<&%I<^sLxhOxA6x>cghMvFv=f@e#vo;chm>#EFA
z9HN@cQ5&O_CI@3&GTi%C{0cn?sHXxeJ)OY6oi|;1f$%~WVW(Yr?!>t^jJ*k-eW|(|
zZQC6&>Av~lVB~P&f`he(Ni#>J()kMN|Nd(t*70=<*xQBy`7xrYv-Z+adi61}^$M1E
zd)hpcL(F#IRc++#FFgXFD&POaXz9}a4&-<(6sMJqzS?aP7xa~}y32V7`hAi7yRxrF
z{HB?sWugS?vmK1O=Pdp&LkpKB`qJq~EYvhixTwi^1LkJJD3tPwX&JW0hFylJXzCxL
z*r;z}WtGzeAI;*$8*Q25=C2laG`Z6Q<b+aN%K6q3+W7qCznMCPtXxu)=tM1CGLN>H
z9JKSD5#b0B3dHqkf9Np$@Mur7ixTh}!-|?lY!(mA-lsAo3{Ynq6rcXOJix-`!b*yp
zcF?YbW44@wZNEaANSL1a%IQz=k3kRX3c?3`fo#zHV^N(Iaevp}DDHrQfSR!PFZ(st
zRsmwZmWAF-JX_&8q<^b6NQ5&*tj_H+%(y0TO2u4+5GmqTh<-M37c7*|u%k~p)(quC
zh9C+}FT)W2yyF#Ra_qdpsB!xzuBm{O3&Bm+c1;P<y8m;lQUpj2!5umMiL`<{i5126
zYd6b+*JAfuDBLFe8=L$mY6J5g<`8DWSWc9}lAPl`>h>^6T@Xi=y1mrTBQ{uXmNqlS
z9k+jj^}#^nV3sw*nN8qQ_ek_ovpf#NX#-KiwJ*ai_aH7!`Beka_@&(B_Bnk*rGZ}%
zQZkAs=Wm}tj->cJG^at7m6q(W@TrgVnlt-APKoJ%zX*^gxIZFkEsQ@lf$RPlZ=%$J
zVvRIHBL2ZtriuXs_8)RopXml1>_^!UoLbwkjs3@g?#)LBtz_Em$A+NJQ1}Ciyw7gX
zw-t$VQ&UGwL~+Aua85~exjRE)paG_^subn9<Oh1{U2>C;Z5{!inZxSM1edJGa}5G+
zs}yNzbrAwJACEyiNozHa?30iKBa|8uy_lyaA&D4ag^Wv&SMb}AA*dR{Gw*BPqF6ps
zutL{0T(*@aCmU_`vwU39R7qc}CqBS^j-9(hZ?@3aRkr!TG*;%7Z$#OHS;W%ZNzHeH
zMYVBCG*1@W`Gj2l#(~na--=Qb>nGJK;ShVmSZ%jN1N*}wpD<I*aIHRf=KPN@Od|V(
zf}n7UmngLL>>%T1#%tIMDeyi}UDFfGa1s@GOK3Tdd25mWyiW>@2!9^6_6mLG`@%aO
z<VwKPN0(9ArFkBC;@q0Ypob8Wdo-_=pl(eMZ&(<;V)=gGXM*+qL31=^wH7_ud_zU@
zO4WNA8dXG;czLBH+^h7T148(g-zoBHi#br!q0q@ffcMJi8mn{J1sKGSre>WNx*C8J
zN=%9*Kmp0v<sNx8$^4&X0D|$uH?rn2<qiQ8Z$|&3CxV~9&R&#|(uJ3yBT(r02I<Oy
z$b-3{qpT-Fy&;>WQ;@CzDT1Z@N^+mrH{<HeF%ZwCGrahLen{d~vlPP9NVU?0F*$cS
z8bkd%;J*gt`+tB3UbYo@;cAT0YigC<RFQv<KHu+0e||hdZRca;{YgcyNKZcH9}OhH
zdZ4OYe`oQX6!UPY&mV`@(`*t{K=l*+#gweZF0b`Uj?XROAvcsizKP|uB^CHc)~n;w
zh+tAarn4AD5sM?PQb3#>cQ235ll?dCw6m-^NWO*5eO3w-k^rSp647hyrz7a0Rs805
zjgJK*aRHCgM3vU1nvtIM6POX-OB!B%8m00)Kg{VNx~T#zRzQ=re?HIqL1Q<sNY_Fi
zT?F$HzgnRJyi=*mpm*gKQD_@&y~QL^a2W2;5^IpOo~kKlh<Q<Vs$0yr%-zBENZaz)
zN}^YGR?$cH8GAUg1d$fQo1M&;<&h%n>-nnDK1!juk<hdl{#L!%D25*?p2xz7JJ(^>
ztb}%h;~Mo@&Mv2=I5lbV|DE4Y&-HBAVE^yV35ZLs1WpRkVx7-_%C<c}>y)nxPB6@W
zY}4THm{#-9;HHYmHV{}YKyY5DM6wJ%bGYW77VEF|oFUdG9}$eZn9m0bVd8FJ4#z2~
z>t(MxO(cqkZwZ;n05g)V#J&pMHumoTDfb=^4@wa{;o}AwV(AhocM4DW^@^VDp77VZ
z`rLXpj8jd+1cg}!Nrz9!7Ne8Jj2TAxB&q-xX*DsmY#)d%eQ7bqk5}YLjTBzta|ciO
z8qY~SwrP<L5n2YDsEbljUHko~@cPeq@|e~l{V?<|996zGpVGSS&4U=QNvv*<*{dR=
zRo!xRo#vTU4EQ0YF0+sc*6=S=!}oYuL{|0c=44GEJ55t`m@58Ir5O{=DPr$=F3B98
zesc7-bZinGJDc1?ThD#6c(lfD@jlUn8DU7m^8t`t8RHDRsfVh6t{mkUahjvBqMlDa
ziKb&7ooxsq!*q-OcS6`Z-liv}!ArYRN%5DwAca7#-fH;cbB!A`dsxtDSpY}@Md&UR
z-Fku&4ucz8HPtE<IAJj?2MBHS*fLcKi?S$X`53u@8*?;=2Q}|}h7nsePZZTVM6R5$
zf|v*>xB1j%MSENH6jw$gx#b6_PQ3%$rAER=%)J>t34rS#jp-t;{rX!5)#9^W10>}s
zOw}4%BO7T!FJ){HHuMy4KU)gdD`-B-T&tRO?x$UPZ4Ff&hJIL*M?}Dj4U9^M+YCw5
zuwDGz(ijo{wIc17xSabdIx$0IS$fdI%TqXVKnWZ%aP7U~8Ctj=aYmZP05TYdkQUE7
z0M+-G_DEdX&ae|P?X#Ea@WGGe^&y=f1-gprEOJ3Gx|ofq`>pj!s+Y}-sCwN(S9ETg
zBUX(KwDx8!Wh-80NvDwRfk(Vb?D`e^46FBuz;c`dWTl?T<m!8*R>_vvyrwLK@o&q4
zUT$;iVvPm&XKr!-_J95t0=M9NCkCpCnDL?+7eZ9goT_F-@0yVWd42Daq-v3zyjdG{
z@|7%Jdo280ay8g!IxnCq>`^0{Nnz<CvMJQMozHA9Ht$>3<bsYN19uHEa)P*zPhAcS
z>O_}2wI1ubGJ-es2|Kezm=taDK6bK&->ydwOx0DhuOCHslSvfwJ+AX1oIkFh8B0Y6
zm7@D*3o9h;%5X2$SWH3oD$7|Vqg(w&AIHrexzQP5&N|+QdM@OC5pzEwrsEb*ME@y+
zH6$nN*iVj<gtPCd>qw|AjjJYoRdu*`8!Lhb&@f#y*Yjg9yJ#}dJlsr1=lH7?nmv{g
z#2FfN|CWE@#+{W2>%2Jlz?XBOl&VsVQjI!+oP}#Sq%02cZL!vJ0*r6BikHvm#DVf9
zy-}u|LsVW4oW&;14-@k;W4~4b#pEU9s8pMZ-O-br`((|51Gc*&|J8ckBsB{FZp@+R
z9y`uW<IECZ=BdnU@yn{wDOCW6DWa9N7Lazo)kg}xKnL<_YF(mjem^O<?Y=~xYtpa(
zL-KX@P+>s(U{G82oA_CzrGWky!>>*LW_$HBLh;+?7Y9l#g9%dn^A2q?6Mh_zp-ixL
z!JR5+x!=t#0UmZgwgQsD9)v_8d!w)milN=^A(w*CkQX_?yV#IBOz`1+NaZwac(2K;
z1BN<aASOn@ys1Dd!ZP2OP_YbtILtzVc`wN$l^AZFpTI!8^MQHy%de@f3Qetq_+)U*
z$!GjmL&I0Zj!nRd5{8q_p)-Jl6Q8&lgLBRBhvJ(iK@|OYKW!AUtd-4h)F9<qfBgiK
zjg8q?Umb0sX)WmhCW(`CPu$p=_xb}CS;x00mLSRyZQ;T=ITQ(s&*W<y2iii>)}91X
z0l(4LT@!~_lp>^f35h$x>T(!y2!09$dSxc)E4h#ScK;Akzo6N0CJ2SYL`w!Tjvl#H
zMPnuCqR#ET>OLpu>Jqn#W6Q~&j6|3p0NAda0>a(v=vpssNM3@O^3Nx85W}M#+`P>A
ztSyfU^{I!foFguz8*MTpI%q@MT}HXsnr@A#!@P+_H*(%+(L&y8<2f}mYGj|hXK8wq
zV&F@D8u-#eT5I7wpa(3kfLYu2e7O^4pop{yEEZQ{+kJbzni*T_x?|UbwDNGY2~z&8
zfSq8=)EFYS_(&3LfOu)T?@LPy5w7PphHn;NlHe^x%ht}zozpwf4CT#6iQ;!wn%8g3
zFY6Bh#BkE<BQ=#I$&68V;Wc{r&#jFC#M%UKqw6DAIwFl+50`M(j%VuDkc-*`Gg1}#
zA@pAeUb=`4it!!{LzwY6<Z>;F8Wiot>8ggFGotP0f?S*D!#*TF9J66q3D8N&gNnYE
z?gy5kAlHp}O2EKZ*ifk;3tfxK*RNKX+(&ctUt@`N$D(*@n)59m9?h(rx4>mH1n-GQ
z_Sn>U-Dg0M1<|1=Q<*U)1dj{XtmjLkcs)xJKz?hC^IFz9HGNZP(p%_InYdWRm9!zf
zzj^0?QEy=W&)V6^H#gYx!J*8UZry347p#Z9PI6yos113)iqL6O-E-k`=VWf$c~(|h
z__;STM!AY_vAOWOTe9)qN#p7>NN)kY>wGdZMz0FpEA<_x@3*)#WATy~cS~h}`3gQ9
zNFGLkv@rR&Nv~^mp=YK^nXx|5RmU(__gI<nv5CE=yb}BiD(l6~tx-+-InYxi{uIm+
zPp@B|8IX4VSI_L||6(bU>a>}k6dH3&(hE5=;#!il75ku_SwT5lo$Tpe!Fy0Qu_N*Y
zcff)4=BZm46nCP%nQ()_Ze%^H940zPdRv(M-F(b{5xT9u=x8f;Fz+acl>CY;a-&<;
z1|zCv4-3=4xn*g;WW9#>Vdbp*bu=6kIbYZiDt@SwW_`bZ8RHzkRxEDhWGd|hzkJ9E
zkHH=AAFB~@CbD&Yuj~w9#9Y+zpO^eU=G*_mU~35FD~tC8`@1&IqBaqd&ZR-m__s2r
z(=G?tzIS)p1H8DT5EqY`9t;I(keu~tEHiHkw2?x57TZ-eW$=EP{y?CC;zc$Rqjg)m
zP1|cW+f{O2det$)7Ycpac5zzhG#X~y6uB(z#ohn=pX=Gx&r`gml|N~#7Y7f%+1EtK
ze4Eq1zfxUXy!tFm_xSVTUs1qvKl+m8BFRzhS;M&T=b2sc$16%nKpsMq#2KS`QLXj7
zZ^LxtV!^{>>7N(lghJ<9#hJZ&o9KHmto4*Qi10kFvKu6U-HE3$Zjffaa)OZQkT?x4
zDs(+z?7I^R2EJ0cod10H>m1^5f8$^4d2kTvO4utdUe;&j&!>auboeDnx*Pg*dTyCJ
zc}_}9r{=_YWRjytDN-lDu!2Pc)-I;5faF+z@oz+^T|R`rR;{O?+lR6Vk_S)n+~mvR
z^FxkbP4V*k^3fqGcWvhSNYA*uk;iAqGREqBCX&zENDXBZ!fXxGe7~CnC8WOv8FOvt
z+K7-PWuGQCVX>wed{SJTLKdRZhpIUwGB1IXy+ta6@Sh`ZQqmwC&LnS<OkM(yx_ZM)
zWVs6)10(ZXrcD-a`=j(pm<5-l{3#aQ*|9g;OJx34jc5T9U8J>ju}Fba@};>!or#|D
zo)xUekOS@*r(>^SG-dh73g_C|cHcHv=6{6|HpI|66T#}WzFFr+1}UyY^Lc)%0QKCQ
zEF#VB(@wjSYFB2a?g-V6{I>guZdXiuT^vYjn{eHx6siTxK2D~ZwPEc1i+#7AvQAy3
zv*SF>Z{R%Wp<rwHnunnX74~k-id7o42Evmtp{@y4F!=8C!SHjKh|mLwarf5jjw+F7
zRyp1PDP~0#IyWW4`S~8Wh&-&Y^0=asuDchN%J1}ToN>_FOY=hN0JWN5_-xuO^&@DH
z45dE?0lLUOx&4Yg^Rc&`q~gB-kgsQfg$&><_b$1L|0C+FquOeozl#(I#Z%lZXmR(V
z#ob*>p}4!JrFe_GyHng9io08aySu)5zUOz&`$twjJ9qBpW;1tZc6LYQn3&yv*>BZ9
zw`XRotD^Gfi)4SXJra^T=kaeSY8dqivZb&p)Na_2vKP~xQ)O~2(8DS4EClDst!6Ii
z>2nx{V)IKjq8o2l-}aifidmfWFz~q&y_oY03Ss?6tEn|HPPkQ52DXCMpo_JBgB@f`
z<ZhAKwXXHkpQMOSP!xnQYBWKV+d32kAQi08U<UDR4l#M7%`a_T>I*_ac%nulMDvNL
z{E=;7`M$T3Az$FO7C=4yjtc!gg5>CP*!Ul$<!}v8RQPn_ZOn~9zYuf$q2qr~O-Da9
zkRYGX9i^zx)F*B}(vE7v;ci4GmsD@t7ikSSQXX+)@BVz+#=5l658C;IH0t(Q(-z^w
zcDC4B2I6HG%2l%XI=(f9s2aM)=ee8rJaBw;J#CFCh;6vmke?77BAtF9_PmjKcJvU_
zZ`PY^{;_Snb#q~~)s^1rg?jy2O}m1Q)W=F2@*`7-3MRt(eG6{SroJJ)ibD=y;;G=5
z&mFIeN6sWY0;Ws}%g5ptm33t$e7P`=^S8WX!LBm;mb;DCyW@NU3IL*b%&%azd|>Q5
zxY&1c0L6!olpkp+<l?F5Y2`F0S^X)b&N;tmXv`L0Q+*ak`2xVAftOS9{xd0|`ZjT#
znbO+Kd-3$<NtXHT?3DkT<wgqUUdB*LhDeN;!Iuf!>aq6=b>plV#S<*?j|8SY=Evei
z<kTcS3e76N$79zlTPL?}(pj#zx4`}}^7yEiPLyjThr<WrB{z#dK*CC%H%=$wdVr;d
z4?DBp@E`A;dO~ArKdkwtpAT+<#TYD`Ro?8u>uZZYL{6l2=A#UYn}~CY)0}fCPQ*WV
zuxK=kv`zxo0Di4D_|x<>mMbi?tuSQ!6dbm;)5n}<Xl3rv<FRH3yKmE^{EeUCFY<|!
zvn}z@(J`zF#m5iHJ$mx951-$^Eg6yFT~Ck|wmOvhCg^62>0!ETRIP`o6d-qxGLH3H
zY@Den4N{c&HkJwAn4Uf<-%?y3c3*qgdcA1ponUmlI$`#3=yrue{$3(!0N`a;3?0{w
z4qp`$9CMMO#f+vMER<`yJ$b?abZ?x|xbCkRPsMU5l9|lViOSO^nI`a_4^HOE5N-J+
zE#e-ZoX$pEwO*piM}v9eGY!BFcG_0(QB~!svIc<H8;7L~hvxuCErZroj;2nTCfQJ2
z?#U*}%|yv7gOOE!ac0i%7~8&YC=47H7CRK`c}8$rSdUsTUsHKHiBw+C^XEKcHoSOq
z_V1<a$kBOC@B4+h%7iptwpp!H<0OQI`Xw5M>Sh-dGHwVCVONx7Pl04G6BUAIA%2cA
zYjBwvQgu7NY3;L<NAs4<lykPKLr+M1Sf^&;2bs!ze+kA6D+tN^y=ze0Qku+XS_PEx
zo5<jlc7X9s;<%cRBobEIk@y!0gwsESUC?!y0s^@B#OTOBzu|SFPNwp7fkr{Q@T0T9
z*9=Le29q)$^Ye4EITfEI0&uh6dxJpj>FOtv!JxB3-GPMFS|~&$&fLs|yeCiu{5^Jq
ziF;=7-H#Q606p@aBQ@>mXIwv&tm{9l)7J-R6hisiLzSm+gk6~;VDhKm?L4Z~lIo3E
zXXv;R!@4s;Wqv49iHfuK@o@QjEsiCB;5=&4vgM4$b&P|5&m<pt!<~B5p0WPL2-BJU
zRm5fYgp>OeE1X6+o%DM)Y2&uVh~}Cn+mfgD5y$d+r_pdJ>D<fs$Zo~*-5q1Xb6k6?
zAyRcGtEsWEzdowELs{kZiqd9d`%;qQ+TXD78P32K&G_(^a8*W$pOT2>qwnD7zrCyc
zN+@>Y4=#N{seDf;7U~baeL>0LCk*8K1IJa8+X*o4KiW>8k_cwu;(<IeArLIZuqo&@
zC&HDV%G_6ycaxs8JC>8@WRqVoY`0h*$`uj2k(=#uTQ*i)BT`-ig88$<&rB=^F2}s6
zNl91yXMdCX*@?!slh%2lVX1$fC@<)>J0Q7KwLz%tVHew@L#fF6UCzDm{_Y2R;6@yH
zL>X(f-#ifM1%UemT;0{lp6NtEf0Zi65x^@}_hbG&U^w|&>+_y_xQvMuT!n_Ib4jmE
zu$4vS>K*=$oqIvj_PuZgqtrp0#-l@J*dJx=*sNHfHvcED@ZYx|yI+2gY-duHC+>cK
zibDA7-ZGh20_QQw2Wc!q8O)?YSyFG+P*JUn@c4`#*Nc<t2=c!wf;q(Po(e#$dw|M7
zmHI<Iie_=yo-1)6!l~X?pmG+-*EUR%6j|ZY8Tz1R`^aZ<Hv=|I)Vby}aZiYy=aH*f
zbm~ed0wjH^2^~a;&?y&*5T-J&yztB(ekZ>8PJC|vqHCCub_6X>t!67I84g?whxq2E
zN#fh1uxHF9?G>yt^Nq&eh;&BSf`rZD9i??3w^w{SgJO&r?76R!5E|LZtDoxDB4Jsg
zQGkb)a2W;Fi;pEcG6oH>H*X9}YQ4XGDT~{JJ9h2%`!4jGKk)qFUGUSPXV)8HPdgl9
zDjU(i;!25O7JLH-I_>u9(ZHjMDY0cvaAW45eCMPOr+3l_ok9}#4}`&jeq1Up6gk6U
z!A~PoT}KE2AhL7vaAoB;vgzG+Y`Cj5*zR+vSWgv#*AH<(>rKKPYApXR2pNqrvn?>9
z+{%*v{zY%L`pk|5{n%>2mrWZE8c>zEC1C)qZ+|y(Wm`}~(jnISho$WGY#X&AzL%F+
zvRL#N7JZfu#@hi!&)?6-=XXfh_84ZNXMZI3W4B%JO}R-hs^qXAhYwm^(rSBI6{*^?
z@=0EkrEhc?<YZuogCdo!tXZgNk|bYTABM3%8>LmX^Zg>Zq18q#X~&p}_*M7uIh|WX
zdim+md4+y;Zzp#$n-81dvquQP7()v~nOm-9zYFj9JOCZEN?cANQX?(9mo^nl`Wi$D
zehU4<exMieJ>In<K~14WJBbnuru=T8v!l7+jVHv?#s)rb`)I>B_`{rAF8afKGMfVm
zbd6F7^wCT62%0DaDkm1#;RHhhs(!jC@ag7lC!5f2>S0t7trb+IV`MGG`pj2JpbY+e
z4(VmGb5V;5aKFzrJU-u53AUjZ^nJ<!@8=w!Kh)nK?*-J6zBXzdpI4#NMiMjn+{YZB
zH%kDPB$l8rq1ch8$LD!Jv45hgx79Udk{maX`b#qv^}g{%R=W@gKD!yhx$T^sOZB1z
zpw*JRQbjP^7u?C;OG$f@_!}~jho0d;9q&!C-yr8&g??a+yuXLmLvZ!_oEa!Si7FSm
z!MdWk9|f@cc)toB0Wh<^8%Z=PqOQ~(*ZU-5Jur7y*`vp_C+Yhb*>-Hb>SsP#evVS(
zXrF@)rXpDk{rxMDHmLcsCnTRtdt^*q9^c9FuURftizRlrRUp(g4B9+A{tcj?wbLv&
zvxkByI_Q$nKY_jO7rn<=2?eiATo`=qbL@dYSLvp??7l3SPiU@3yWWP8_5xNyuMDIB
zX<yd1QpyZSl=wsqCNw$jnyUF@_ZV^G0JyP$i&no~M#Z4g*mmV}J*$?rpDDf*7UFjn
zmX~tFliErk(R_5y2d5!0`_Sn2hBAm*&Jra0xysgySVh5Kp2O6IBPO0M4$w)fpANa^
ziBS?O>Hqd`b8QI(FOBsqjb+fkq97y?JZXh^VPN8|!{8F+PmSUyeQsb<nfYP#lMT!H
zAxaMzJJCiX;i}E2Ej+iOr9N_(e<PF{g*+0%pB3wT#I%=w)~PDAw;~c;ZHGAVFdjpZ
zPTIZ5zzsDQ8+%}kq=_dUTC69Kwc=4TFLH&K|J1=2Uh}l@r6-P>u(gC55LW=Oncp`q
zh}Yd3qy~)0aJYZ=KFq1~wTx<&#&MSM-c=o}8?Jd1j%g8!b+o3L$m_|Z)9_vAj}a)_
zQ~f5NBEua6_0nkF1N@n|5;`2)1Jq{jd1>rkffN3#XI3t?tL>^n*@Ya_{W2XNy@GWa
zR_`!}ES*ZO=#QpktGqPSrOGaEgi2K~kXi*p(_^+E+HN1A9jailhrV3RG->P(qW-$W
zANVLCMkaciJO2fXP||Z7<&PO&xGH{DE0pXUWUJ77p@O#J<5n<EnwxxPkQ-a(s1UfM
z%7I7~Y7SVzOLJC~@}{0ctb}8hk9vaL70SG0K(54Nb)_npzkU>q=B-<g)O~-j>iIjh
z3iXHqZAWU=p?1>}jvqECl$GXV^{9QU7`{oBA+;H)V+8%cO2`F$ae~r@O>Uid26OTK
zV59#rr1EwiJD^u@&cVg`gH8AcM3i||_GinFC#B!ac)W~l7BN1}q_s^64B&~c6{&i)
zt>>|4R_skL3}8P7Z!$N9iM;3pj+jfE3E?9xRH*c@=p<u-ozWZlRWYPpp^VCiO2a42
zdJdd~l4oS5m!P9Qk$1aPSE|T7!`P<KbQPN}b7HPH_wrSIAt^<x{e{DHeng?HvQ2^S
zjw5t3KGmD7exguwa9L2oYLh@bhFzg7zFObdYo^r69L0P<r;ag2Dty^zSM>+Ca9yc*
zIc9~P=E~=?%hv^=?=3&6{j!8(QgcaO^Vq>s<}@R#gRqFq%#;?)g3pmP;34xRC~FjL
zI?<8qJwy*9RJ#DhZ|8dLS;zf8a|>l{kRddyLN&uMd>Vmt5jqI-rWT4O^*`Y2dD>cp
zHbzt15*F>Lda;Zi{=*1xB7t7>x!-fGQCV~Qk@|l}cE4}f0!(c!L9>XJzYtZCh}2rj
ze!I^{5Pas{0vN|=V+2%L%95|m1d+ZLU4Wl2mZ3HYuJ_5&$LAh{Kzmrbaan$iH|Y|T
z+K6)2TS~yU0tdr*#N*a{Y*2cRQTHK-)Jr7s9F_7Eck@SFO}(5hAK?wE={D0cR5P#j
zI$;JHA?Q5eeTUoAY5ag3s=aLaqW5-u{^My8y3j7JbAu}QJg1Ek(AI-NURK0z?bXmL
ziZh6@;R&DfiYT7#YsUX<14OA(FbUn@3##^p7xX;|12Y1bpmEnis84pG8#6-(=jtFF
zkfKGX@-*%jMsu=yUn<ij$r0#N?Y}Uk%mZm@yO>_;@j<8z|DI~?+kz0Irgr;~zt1=<
z#@B)5sigS0WH5iHJHu5mpnfD>reelEu5N=priJ5=qbXH4YgOUk`cJ-zi2nJ@RZ&Q@
zLuI+<tq>!h&KYUk*OLR=`G~#8MxO+%8^-QYdONb4Z64q!@tZ6?j3$V8k^JH`B0}ZG
zibC5Xqv>%O;=(UGkb8&R;wvMiN_eyJhGma$)cIW*;@zqp=&?h3|AHunY`8G1SK#j9
zW9{XxCz<fHG4=BuH<_?|hxFntQOU%0=pj(lqQZy=L21xsUA;gSJSnSItrQ&wm-D?^
zDIwT=G>|~|1xy0817YhaQ#Iu}E1;!I5>NyPrJ9>9)ASt0p#-T7t_cqIh0B7KLApvS
zHbr5k%ZF@d_yjgc3V&!L7p=`EXnJC%_q#GcmC95G37}E8^hoc0{u^G^qob%=nGf&1
zQycVXZ2a2fb-v&uweMPpCk&xI77u~9hrnG_?;pd5z%d}s{YDV5Qb9|i0ZF*x<7Aqf
z<)ok@rE79ec1)_cr+qlQutdoEb~gIsOa|d~y*f%+5&h(XwP!5Ga(2K>%4boYAC4BN
zA*ZQw_dcj0uag?$Yb9W@67!(fdkyi05~6EnJMOZNlT|Rb>V-H)>BHHq>2jXRsca?7
zqCp)-E&1b!_OWNdHs0S{zT>}|pB9#Y(bf6a%rnNjw6sN52$U6QNwVbFt{4*=mh=;O
z<o0^;ho+I-d00!PB^iU%nz?9Y9*2wSkV?Rz>VVyAxq<{x#r9F>K>?X_w`OD6!xwEb
zc<&+{?=L4ub8>|67Mj2t4)H{dj-|Qw;<Dw96uIPz(iXXi{<#EY%?LF>z`q{%(1iNV
zPrCZDx0zFP?$(_}Ot3fP0?ZCaCz7z0Yh;4*I`n>F&#=coV6<9!$Ldai^3v_E@{Z@8
zTaW(bATaA)s}Y?=CrfB~mceZaiRK1{hHuERI)Cg21)5g~kX#eaUPd)jo&TrEfa`H9
zFUm&S=Rk7JTN-fNMY4zZKMCmbVscRApq%}?Ep;9$MnTM9WxM<d)Sa#mcyk#;lv-uH
z<>fN6VZ%v=@WEtzTCAQS=QG5Nilr(a3gx;xTM%6}g9AD~H$5SBA8Rc&y67$z9lb|A
z%AamE>?w3LKPFF={*^qi7y}FF<3(itcEZ&&Yz>B;v(j!O06paz5OETK)*M9owHSrV
zRvkyYTnrLE(ar!OisX+M_^aQJoXC$oe5zyiwHOm0l#Y`Gs+E~F*I8>?Ld7FbcjFr4
zwEkMtSe5m-g$f_TG}feWV~=l>e~W+}S>xH7nV(TIyR*?VJ`-?BxG(miEr)WVM0{hj
z3K*qG&*;uBfnSZz70T8;9M7&#k+l+54{i`#MbNuC70Jf^X*2og#)?~43mxCOE%Ome
zQ*CJrP(%hqls{k&{?jq;L0uS{!>JxNd{%PP&Z0<@C18t#bhf5K>$AB2rmib!jD7fl
zVaTX;)J^ZpA9w!ahq%NzZ-Dj3$-2<)0FJwn%@x5=1VbNBP$DBX`$1sXh48FR;?2X2
zGZ}Q}O<tz}FCz_&<fMD7rnvQ+{sHrZOlk&sc-DwFLvK*04`1z=rS67{Kk!_hb?+h7
zX)N>S7I2Oe?hSW`g#7pT4!M(XR4l)xDgMKd*cqMw-M#F#qlvF_d&K%gXIs(YgGfJ8
zl83ETNw;X`A5k+>(dS(xAIIkT+K&c>S0eebP4`u3PRXq9&*x>>hY!z}Az?q|sIJl=
zO&dI_4%s*Q{p>IG4_z~1<4H-ZDF#DVuDN$Jp?D=$ulCT0P0_H-==`7Gmv|d!7)OWq
ziGN@~Bi<wy1H5quJwg-kWyeCjUtI9f$|i)kOOw_^j`7v!%uPI5HQzYUKK?zo!9Z9b
zMbdi4M6iteE*;iB92?8UXiU5~Ga|M{|4x0%M428^YJX-p{_EWAr~H;rS^LPGpvNDo
z2Tp(&XV@K!_E|cO!_QHw_%x~g?<bEHrVcCpK&C~5FUgv!cih^!(8HaM-NW~*8#F|Y
zQL@#;ZZ~J<6swGu3O&DD?E)|7S@vrHu;g+cW6KGUxOAySxb+ZPpXUkxR_%_XyiGoj
zv8fFMT<+@;eUhr`%{_76sv91acFE`QHW*-M-)&sZ&##x<0)6CJ-F82<2W70?EMKdx
zfc9w58-}iT$L->-a6DJGQ9Gg@cPd`IB7o&DUN<&6t+|OHSn`f5nVrOucI9_IQtR=W
zU4H83EN3Z0EO0abU!X2{&=R{;`Os#Kgu#I)S<%y^VL4E^$N%ll61bkJNKco>8TAQ4
z(ehoTDqzPz`Id)boyH(b5hdP(I`oDI;_oq~aVOu7p6(M@y{8!LBj<pCyN5MAM%lD?
z&2#=p(nIlJuIhj=umaxL#aSi4<2hdy1P`uLHg%rZnM`#8T;3EN9S-cWm56fmh`QTb
z8-tFydgv|(C)&|x-!Li9MV&8aSGxB8+aG~lY7i%I=S}>tZ2!`Bjeo!aDjlaAII?fx
zrE8pF$6$TuhDSjo8}ua5y7n@Q1{D^c@>OEd)Ow#f>aKEfq_!&@>=l!hbkC(=R~r+Q
zztlyiOu%zyPmrsksh#REA<wq;#C~Sq6nOp*zMhn)I96>q-R?ujC89&<Nn_xo3mm12
zNKHd;AuGkR2b@EwW-3y6zGd2HXniK+q*@RktKkzYPr%0!#~)^><hojtqi~|kSrISf
zA4cOZ-Q;_#CP%(+#KW;<rJ-OB?q?K&E@7ng-yNS+<5u`}ET^_i2PmoOn|B(0xmTMX
zU&bXKG<&ONn!nylJYV~$uadJ}xY&c*#!tZ^*>2pI7HIQXJY$nCeZ=zN0{|KCGAlKq
zS}cxNSpI7xK92pT*)#;CeRri;JW&M#k0MbAjN;l~D(2V@7zDMy&Y!8)NwVY7KFSts
zQo;=>3-BTz8%r)W{(@wU24{}J>G}@Bw9_;M5zkm&<W&R7rj9Rm7>gANI2*zB{1DH8
zbrKa9_MAhrb&~U{ey~UcAV_U=ndE%PtVbro%caX90x*bowHsJ?1|({mNJG$o%VgTy
z4cvW!wdLOdsyeE8khiTrPFqy?6X0;Q!1|{1Dgy1j0|Z@$!T8@lfwMLmd63gBgk>u>
z4qyQeAp)XCQyV@mUBdomCsl;~!lOoY+vEioUtMs@N}}L6g^3ZiyZ#o(9)ff)xh22d
z1qNJnO?v`zUUBLXbUImf`H&K2<xzl%Sfi#nm1@pU1t9U8MIL0wPs(igZxKU}skC5+
zg4<`cx=%ajDs#88Y7bk8S9ApibznzT#-h;2XzTi~V)AJSzW4EP9vb8bG0e0=b@9g+
zJPo<0q0`4t065L8O?JC~YU0yso9}<I;Lh2UF$rU_$fE4$#9Mx%9sMm=A#lg8!iDVU
zabON9D*#U<aRmD@l^TJvM!s0TVS6(`x7ETv7pP&?5nIPr+V>fBC1jc;`lJ#wY$AwP
zV0unT4gKl3)O8Je3!FSa&`sB-ss2gZsSwS%A&M+?U-!D5w*l&4J@BUMaL7vGLO-9t
zxV@I{bX!%YVF);~K82*j*r=Ui7$llBdAB0q$1b=^aW~|L*krvLyX2}Uvun$J+KuA~
zPdS~mWrMt_bu)+V)*`&Je#PVG5@puBLe{_Xa~S)HE1W8tRLWl!$w60LnC`bq1R+tf
zd}qpZf8aMk@M!x-6IU1=>tXcGDo{wK-^jnPE}XQ6sbRL&Og2F%l_~2%v@N!IIOm|O
zesErIv*11Cb)r0`YjEY+cbTGpLSidU=()|TZET{I>zzTuCey%zmW43$`saD3LBW6C
zo^50GpZ*#p1n5|_6TMac^LCrB`R9%PYU(#%1bVBEx%%b7cDH<iu}g-1W^&q&v&zj&
z7{~-#ubVjY6kad)5+HL#kLI;gd$R~`HG23QK8sARmbKU;dx-F{<ZPl*wQ7h0fv2WQ
zC3rEE(ahK(x#6++Z>mAhVczg}xrkWxABnWg(%yxr%D3+f{N0Zbc^lLC1a%Z~{j>54
zQT;DS3;qpbq70E2mjoO8{%zx@%{X^%NoBlWss71KjmS(LA2$>AYd8E@vOJDNpd<Zg
zo)bxnl{(T$`acnBO`(h{jzpB4^x2a)1X9U8+2ue8=Dw5(2}08H7r);I1`9f8!)>XH
z*F0m3PIk#;;eh<)9Ph}iOnSb7@kObdkkPqR&Rlv3AIxXP5R$ZUI&@_nl}W51FI50p
zW8f+$GEwp6Cuk2Z;$2%15@R{l^DAk0hRCE?2sgM>8(8YgKPi^MjetHIRcBl>o*0BQ
zy>cG28iZ6Sa~1P~fWF;O8!($#k=BfTe}@HnMBoA)$_+Nk07nNx_&e5&<eTcXuwNhz
zsfG@J-^cxAo2sgfRxv02Pg4GR{cwabQDvT6#f9Ey|2M2-19ts~dF<(V_Ng~NQfLzw
zbw6{iv5Rodp*QFeCL_yo!(NBF6|S=kl=mBra9&!NwS*SW&r703Bs+5&3M+koz2@J5
zwHKIjHwsQfv0e^tlN0bY@urk9FCHHiQGhSoyN54oGzw!lhv@{HG>;?mKoNrpNn^l=
zeEUnRm-HL(@lERf#N0_b!zXDvg=aqk;0x0cU~istD!>^b=Lre)C^sZ_Y?-!yM|4Q@
z*i4MVPmJ;!k?I3{Io=JgDQ2RZ%Hod?do4f*e<1!iH8CT1kY<;gB^VjzzY_(9L@8W{
zI?$jke?f^i!<*V@{!?v74SYFQ1Wzg|T+7%}p{@5x8skEmopD}>dXx9h79|%uWU*g-
zqr{>A-I9Dj@-0RYe3ga*lY>&%#P*=sHCybL+A(3tw**tzBS<Fi6dX<4&-)RwUuAPf
z@%V7^7PMbwYZSY$%+!pKtVd5o_ACtfo@F8}G@{^rYT0u<77J`(2>H2Sm7@pJV)XdJ
zmZdt(p9T>9va`)oIo&w!F+*GQW#<)e`e}m0r{Y2wx^4;j2Xn&uva)GX&T3B?xhl>U
zv6ArD{WHQIoVkASdPe<w$NFEG8C=7GHn&2Ml~3TvPlyZoUR{CA;xVvjgkQ-Z>vB!8
zQYi5Pr+2$>&H8{12ihjs5uT!0H~|zI58h-dU)O}($7G4Z@|nB1zgaCF@1<8h++l)6
z10b^rvX5hQ^^OUtEovUbIpaJplrd7DuJhIOvIMz~T>(dijo1PX=0|eL*9na`_>I`o
zy7M*;8ORo2;a;+MA>%2?%<Iyg9>m>#j%1Dw#L&WLRX$8l#<WS^G)M;*<~>(hwNM&`
z{V`jOTGD>AT9y*2o_&`i0!ya>aIhB8X)(eOuc24O)HtrqaA{Z|xdIq)KX8rmNd9;0
z+Efw9WNx*O#6Zy6+t<4SxXI7{9o))o*4i%S=qFS+{Iy`#Trek1qtyEwnMzkKW9wm%
z1;T0P9vrX{Xtb>4h&+aj+6Y7~Cvw{`r7A8cRShqn8pxrHiDH8g)%8jik%&K$1nV6A
zb~$3YnOGaa{heytRqqlSw&08cblKLATsF;(<*BUvD1F*dnN6NQ9Zw3Hc0qZAO|dqX
zP0f5TOw;OAl(eeUWWG|mFhP`Df9ProW=Zg+NfbBzquiR;79ekHWLms=zyRX9V-25B
zXgm*5o;6QbO;6!M1X_C~BS^uPg7?&tf61UNuRm}K6(uB$h=$mN+e6N`F@DMp0sMBr
z2Q%1cGi{_`4-fieDlP@=f-YBk#NIl4WYaN>p9e{#;5@;P3X^P7&yc{Of3y@yrole}
zU%NF}lg>?8dJ)lq!@(u`EYKQ*p9kL2VJ$7MVWRIU$0SB7V%emQ+1Oc<*aVUwrA@tk
z(FQ$Q4-&_0s$O)Io^&-~U(lsf?Q(ZMeKk8)>WL6sk{nkOpI72h{feK{!*YN;w~Mf*
zm$>bVz70|F6FGlm>6tY|e0yd7^VkTupF1;o3s*oA5I&RTi*Q}lcFId9Nj{Qc5WBP>
zRS(swMcTn_MImhURC%?-&vC@Z9KL(`!WKY-DEFYkPaitmy~v5u=xxzqH@apbay}aa
z?hutD5+VQh{HJ<T=5J>R9&y2BH&0iBC|BJh{VRsvzP<RQ{g7&7_bbexum&#j06xDw
zNZkusX^kt!6PcubkqG^XbWPr$<M3eL6WR)}{2uSH%0>OKTLB$^L6{Mep>aANwl83l
z`}1D1KU9mfxBIBa9(Hg&VbLca6yr0~bfZOif{r9CdN=0u^6Z5Aq-yIb<w-`{f)K3+
z(z?_R2pZFX2>dO3mPU`gg{6<Utnh<p7KVo0Kg=IX?%AnYJ!Ua};K8;}NEBwRgPX^G
z;DaYuN4ZsuRnM>x^;40ayC*)r{#|UUD?Yx85o(KFC&$u;EEQ`}<f5aBczLf%q3(m*
z4<z3**OUobjNjAM&6BMx^YU@~|4CS1R!(j=eqWS5k2;=v;_m2uDHY9Wd`9Qn3<KpV
zG&f3SVU%N<at}`c<l8dH$Eg+z$6@b3A#q3Vp!5D1O6nL`17s@QB~_KGlF_8;<B_|n
zcLQ)e2?#=mjQouq&e1L0GFQbb`xH6dpSce)CI^t~Zb{vcqjpsr?>>ufekOA>=Kn(A
zp%T@S;ytT4>=fA|kBPG``Y+GEkj#y9gvhOtjK-G#|5ugCY0`!EQIup`Uak4v9U0$n
zdNo+GuzpXlG4SV9rL*-Huqj+TfR!Fl3oX#qof+816ikz)cY(22goOcn!1Zx$woh|x
zJN%}43Cj08S*CiWrh0mK3Zi>Jj6F^Td2R*yk>G<W-=20~8Aqa>k~a)Nz8mi_YWa2v
z@Drw!MT+Mywp}cl#8n9}IYtR2zO?&Sy<%N@m4eVUkaClbhaF1SGa_0OmLZDW@R}by
z^E^)r`-S95(o@MnT*3<H$_^)JN{RyB!75OB*wY5GA-ggYrdz@|6|L~Ng;MhgyTRfq
zo07Tik%ON1*f3j&F@f`BAlSg>2#NExdS9d;3ed)IaXd5<`^5@@xN7CaHTPmD9U1LH
zuHE3EwebHLLEjhoya#W>2fxv8Kt7U{>=g<gLtMAMVkp&!0?qtE$+d#<IO(YRNoYzA
ziG1<vM$7^nlVXxA)z-|ccw-9+b{+Umj_+xbm1Cg&xd2h%z*{+9#NX>wIl0PD_qRGm
z%zC$+rb81PzjiLoruwr0djY%sxy<c4@hLW}c=ZG$5mKfyD7ew*W>deZ!9g-K7R_xs
zb=N4SQ`kn#!_yH`x&_R5KO%SfbF-qcE@QB;5+}?sqi>k;a35IkNN47w6Y6zb?@*w(
z*!4OZ&u=w48U*U|W>dCR{kdHAI`OBbt2l+(V1b=MehH^ORq={ElJFVs6PDo{@aBCU
zSV`u_Otry&?^i}36En1cc+0DXeutj&fu0rb#WlYA36?X^BBThO^ye~crAJ6*#9(j6
zU_W2!d9&iJ%_wLY^5aKz5D!L3<wavllc`5Yy{66}p8ds-h>qOr&%KMrhHV1Dk5D3~
ze)f*UqVF&7&t>Vv5_s*2kopin+4l5-6))rEhsr%HFM$`*9`Dbs{I3U4ZSmEr?=|$r
z3F4GaN$omZ=0dD^?dMFUeO3Rhx#%%JZff^j8dvn^{?f|q&yBngiI7sfzqs3K$B&@W
z=f{gs62OaicV#gWV1OMyCCREeU;jOL=@^$x=u}YYTu_M(Ili81R=YQgA)$;eIWNKa
z*-0F^WHrAImy-Xo;g<$!xeDVOlL(hDs`@(rAfSqLZ>rITlCtHu%*M<Qu<-|&CO9bJ
z<&#b!<lYl{36eg1e6dnrZvo1Y7`O+Yj{|N|X^)ZIecH@!06iXbTsxZL{#Jii3fs2i
zb%fl5RUmfk?-(#55(22fuZ0W_kM@v9n!+~aXX*W0V)ga*PHbm?^Wn5}!JM@-1uyMq
zrTcx4!nR&2&B1E}FZ#27z^GBxi&E2NYi=6@(ep>+f`3nRf7R|~#dqSuhm@url`gf0
z35Xv1BrX5iDdXhUtCdD8mHg?r_J~#^a*qA&sy4Mz_b>L^V??sB^G!rH*(vtGVUi)(
zNp5Px*02@iWBcgysJZJlql8_UX=apEvBEDnowP9Lnc%fHpbow%`dGD65p@=Qz2k;p
z{MAU?GyMFBVb^WfI{2w>(`_krq2So*yhTO{c$j4gyV}dpUAL`r&szL$X7uPUchv|>
z#6py?qUS?h$m{OGW6@d7fkU$_+Dz;W7#1i9L`!#_04!9hVpl*`2Hs|AvEf=Jqsj$Y
z57?loUs(5y&7i4|ae@!OeN=c)R47iTKsteCHo^8^CHSuik^j&0W5S;$V!awFcnU5P
zSnC2?*`0%~FCll!*St<RE(>$tP>i!oPY*p3Ap#?-H(|BlzS{6tJZm-_JK(212H1`h
zoDP8zP#-`1cug4H1h#jk`gPKBe7=q#i2Y^FJGy#@q+7HpD(*Gfd2$t|%Z0irF-E)&
z^wWz?-wN!XExCZ>_B`KJx@2NGWg<hy_W&1ru))%y@W@22cg?#aWV-ED*vY>K*vR_!
zC`cjwZR5E9;B0wFA>hcE0(M{yO1v`jqu?n#wBQ5cTXM9>wTFG=xa5k>%*Ih1KT1WX
zn2ukNN#S6;c)-&@e17MQ??DxA@pGP=`+-OoH@%4Kpeu$(fDwg3M;D);@1N>>s;%pN
zTJd&yn00>(pdrtKy=!<0&~VFhtJ?U6Tq>-dZd&k64$c<kE2lT*P2KkDk-HK_QGA;W
zk^?+YGE87-)E5bS61hQ!0vsaXzIf=QzadkeV3HPJUIuy;Ib{o+BbzRelN6`IVoG?Y
zAk6iRfZ3DyRdx(O&yFbwnih4=3=;`-D($=p=HtdmfIF5lG2Ei=m@Ccj)q;33da709
z{CP_p?(~|c6NsxF<6sJl6c|i}oBk+M)-fXrdy~#7e=WcdN14EfNqiDR4nFiRJCM5U
zU%$2bx(^hvp^|@4mE_%`)NWV0t(T944jWp;t=xaetQEA_B}qR;w;ZW^&H7!Sn$F^K
zA6i;%5l(gFovvw+x$PNJw)w#5+_X__DvMP;Z0Qu^Zv~~-j4QFCji9R9Lrpgc6U8<L
zv=GLa7P(=U9nQn~Ryoh}Qfj`6$s5*H2jrrO4U=SV16m>X1XDF<abtc{M&At6RIdcK
zm(pMc_1<`0R0X$nljM#jx%*?r-gu9M>N{A2Z0|>>F1VSfGO&#{VId8=x|%MVW~($x
z=Kve6b#g3h?)btjzG4#%sgqj}y$B>tXKC;LL;FBv`j0!BnYa>L%W&%-j$;O-qcT{%
z5{Y_@XX@_|7Z3Zhfa$p#PtB_UwDriA>Kv)NDJOV_omG^8Cn{uSkr<rhfc4BOEf}J%
zLZ^(C$~ES4Xc47E8#0sT?EDFNouvj9%Z*#ss|Zy?-X05Y9RhbhiQdyqEc9-p^)r3P
z=YoOaLJn!KmAXyMZAJ0gG?J?IX4zz~xGhb!a-$?clfg3R48IZX8clkqENlRmd(PeB
z<&1p_ehb&h@=U-hi?hO9zF;&L7%W?Gzy@tlB`?(!^p(BV6nt73b?jqes;DoHIwYx?
z_MZR`e=91pL#z))=lJc7b#M6-?yfcj&9+TS$0vf*EN=Nb=AY6E9C)Hp$W6LUBZ{_t
zN#vqMJ7ZquHI>Q{IFP2`qme?ffr40B5;7sZ5K7Y^8pmWuGL~U^2mZR&O~At{?hs)O
zFaod@4%ltS_-fh5GB<}lj%>gVuslggS3g%|haQ=Y|1vDa4@hkIL`{8LWG3FhY_F-G
zbQXQEyn{^mYYcgOoC{LP_pd9fAH33!rtc^y+%)2iNQa1)GK5msrfB7_-;KAf)LmG~
zWlITw`;aiL-UxUpP%HcO8EN_o?(QW7t<67;?V&-Sy*MLSQN-g1hb^%Ka2|I4i`3WN
zc|~nr<x(vrwyfm-YQt8=Cg(I$b?5vlUy~1=62-ouCKxu_sJ6<((~c;PH?oca1;bVW
zp;&&Q#?)=??ms0kT7hR+1G?@jNtZ<aj6ho0sz_e#t4w(5un<2lAxhd<8Dj~|_?<_3
z5<m6kSyWuQgRZMExb&8nd{80OufSNJOytgPz1~mLaA8&XAZk7CZiV-fW%MbHThtrl
zJYXhnGh<;OZu4a_ZJlBLy&Va|I-zQ2kFjTMU5|dB{*NMWeE+qa2kVm5m_*GJf|%Vf
zHSV{sNe@38LG?FQS^;HTV}TrEMziyApVxLj<!yh1Jh#+c3HeR$9UQx7s%?C#pIvkJ
z+w)8yN*qrm@7x(0HCh^<A;)aH5q&hT%-hfAFTnMiW_h$b!#|x~&m+_hFC=v?x2vbU
z9v|?&E{xaP%;q4XD+!UgaxosmS=wL{^!yr-L{C|I&4LVh4Y-3h$QoE$+W4?ndVHq5
zRepSS&abR13epK%)MC63=Nr@-o7f~-+Q=H@|J$iO082U}T`U3uaQD6(y$X!~na?2n
zuLOdX{J5ieE!HDl^18(zd`k@X7J)GL1~vYvm{<KBN!F-Z=Um<mN?*TFl{N2_0w?96
zw2)Jr%#JeWT+!;Ic>kp8eU_ZnGZ(b$ZzJ{=vgQX)I|c&=2>y2{0UNYU_M`0Qhr&I@
zKF&&H07<Rn5x_L}E|KTHviN-#;$5!`y6szBwbZK>_d?f80JiumRg>Ttcl8@<kJ1CR
zQ)N(h0Pyie(NUChp(~*i@NGNhj|+MmBCyxA=VjOcq0wX$M`1QaWI+s1yLNoV1%37f
zootvhDU0CCcZ8<!O-6FR*1qu}TxPK^aqx|st9BbuN3QX&o9~l`R1+#tE$W@XdA%$^
zWJA!Xq`wi>6Pqo8KKXt0RxQ%0O{LMa;&!n>(0f>NKzgRiosgxM_Z{x-_nOa*;CEgh
zaqCJf_n5C99b1Id&&@xbBby$^MPslFy$w&~GlRXG5n}pvJFZKsSh<@ho@D(sejhhJ
zY@9R1U$huYH#HmY%Am)M-?W<Mrkgr<j>e?Yv_jG^L4|AIa$9z6A5;(K(%@%^Q;KK*
zN&c>X+f<2%C0mxD&9s#2n5b8V@R%r;UGqFl8QnqY4ZE+K1zI3-VneJQH{0t8)p@{F
zKRXDoFWJ}j8vAKC5Ce4DpNjHW41fp_eSO$kxd1)(rJ)e{ib4cn5o6c-`|8I*!HJ4U
z2Azw%Wy1Ek5O(0_6Z3ZqRjS>u^+CKo$@hO-!?HI@-&Jnij*%*-T0P{4Wk*%Ls}z6Q
z&HSdo>@^@c*>Vwh1h%V{jt#pCQ9ykEZ}<&Qv)~)zq|2``9tj0Rsabe~P8m(bsCQ(<
z->JSAhh;Yc;TDF9&mE`&&rLz_p(!Yj8hEaZ!_JQgy$ZImycIJw$}7B2!r#npYC&1i
zeghr4NAH2^(kZ?Ix4KWeCF~%9D0XaDMcCxzcC4W)rTC##qY9yEe1%tkf&*K0MshM^
zIPfUguXef>q&A~~*bYQ)Vp--L`NUP@5;PPtL;JMW$jnpYUNaPGW86Tyz{;+A<rjy!
z!19+it%B>%!;k;)8i(<xdCBWW5P7BFoK{uadLOZkf{4LW>ZgY(IN%m$vTxJv4gHbh
z$;6f7^#t#O;|a0qJan1;JxImm61vQ5mzEKoy6D>{`TMu<X`-ErcupAp2SpL5*2NCp
z3vigrWg++DM)Y6lx0TM6#k;g2I{S?pTBdXkr^EcADU<K%tx$ijDURhx9fv2~UUv?m
z$S9tq*Dl@;9~4JgskD@(TXY}6$$xwvy&if9l}k02tIEvYMVOG5su10}I0u7xL+FT(
zOKj}^36cS_*_h_xK<mZjj@cNMTQ90I=jLjS%?WY0;x6&MO~*3UN0O5UUc~o}PWC9M
z(e5k6!96Q{(FUiN6^|$pEz_L25UaaySDw;!dv#&t%4vu6=VOm3`42y7n;b;G0ay9$
za`)@PV9Lxeh`?{4?-wVC{C$V6-wW-gaPKh4(;P-)k-=UAjkNv-j2E<_f|Q5By!*cb
zT}5niXLRFY;5W))pJSix%j}1A#q&p9p!!6rm=1PCREk3}_2UcmrC+qcxM;EH1Wj2H
z2Z~lY_a90d>a%5Q#DvQcKIbKnYzpzPfGvNc-Vj=F+jlX?bswY#W)<`%eQp!UFr?KA
zqUw%XxS}JZ^wYJ#*1R?9jV&Z*A)C#G+EO@W|0-nxBNLrq>kmzEBN?1f5xNaGI9>?x
zo`QnFAbK$uy2Ynz;_4ZA`>v2Zg=79fbONV!$*3z3d_nSDpmGN9MW2_w*w>#VnipIq
zeK4wrJ;mp}Hrp;UJe!)X$&I2EW5`UPA?h{nDjpw^<CYiD=BwSdVJqA>{AY6nt;ddX
zB<Az)UE)iD3?I<*S=7)yWw}k_aQ>I&*TU7hB3OFyLJF)rLVkRI*=q}9+H*s&Jlg8Z
z?}A}fQmcXWEXl>b-I6ffpBobY0c6ykO~eNK-p5p}aMswokirk3c>@R%T9Z{zn-!Hx
zxGwtQL2lSBz9x(d(&(*S7w|(f9Gx-O#j;cxobK^}xH5t?*@d;3t@gYc9zPM=R&JQ9
zF0t2web?g2+hU-U&G7fGS|fBF8e+DqrXZh)*#pRmdFj8z$D7<RYJ5cz(&r|TZ?8@H
zmF&36%$qaay{sw4u0wUo$Y*{-k}>k2=PL&RW#kE=)BEMA)2;ED?inq@<R%?b>vrCO
z<v$POw7^={lw1BaI^L416**l7Gu6GkBn6U=zS)OkkRMMkW3NO;?<*VjWhj7?r!yXS
zf|cI9+@)xE&*}~hd1bq}CpYli7<-Idocl>@hP!_KH%vOI`TRBQW~s4^^oMA`Qs4Oq
zXtXIf_DAOsT|7DG<d&c2eSPwi1vJZ$r$&KLNjO)TUer>DDiIn;1uT3HI5S|NgF_m8
z{SE=z@m5xRZFKn)b}MDu2uc3S^tIsE*Si@i;7Gw*(}x1zCiW()KS5CWgtQI25&QK5
z@c;76eb+0W<*_rb)`zu*(@EOn-N6WjXSMuQAt4!`Ub9}DNP}T}GS_~vlazO#nfuj3
zRkG&^YHRZ}mrB#3`_%{e#W73+_L?WuR<DyXP^oc3UO$W~z>s_DjIp(uLn6A=b5+O#
z(E89;23l`tTx+9@Al2V=x+3a)Z1P%XeIy<^6I}J})dbpDzy{vRSV+K&4DZB>QDRz=
z7VE)oZJE5b&xY8`TPaec%^><>rzFBa{T7mfGmpu(2kJYw0%Eqxj3<bieOH;b;zvVG
z^d_sM*W&CxMi_dF3>$w{DJZR=4L1NU<k<$a-aPQ%e<q)$hS+fj)>>4V!sj1FT)pH5
zjH*h5t+Hq#M7P*eJqYk-|F7pn=VO>naH7rjR9h{!T?x#$-N>0p2Ch9taMVistOTr1
zT#(Eoko)lRzgBkyP{#crlESK{7DAyHH-u^_@P{bzmzS!`WA>A03;BmNHfTq8rZA<k
zS3`UPRpK{~Cez##bfD$rklH{u1SF5{`bC>`>-Ql61FgUS<s3VRPjEnIjeWq|BU0jI
z75{C7)O-^iShcD`YJR7snDcdle|DTSb)0l7ju@1<{+obhCtCHTFswRll|8;N=ojX3
zbj^#zDM6lns^=-lBl3n<vAlzU;Tn0By>gAq=>g<{_CK-U8W|(99X++57>3knF-UJw
z!%gljAbrb_6|H&~UzkYFCm_9{55jSf)q4m!B<NLoF&{)(*4G-;fzGjWd>#Dq(BHM`
zI>*jf*BG+@3Fxq<M!HpeNT8+_zDSPN`IYJ^5m4LzFfAb6=Y*hLx2CaDscO5)`jz(p
z|Eu<}9QKI4LQU8|GvMxxnuP486M|vVLDS0m;lHg2#WsUccWvud7$+Tf&IrZwc=r(2
z#LJ)yNE;^Fs!pMR^B~6RpKnR~|40QLWt3dpw-wg@aJCD=;M2L0ChDwDJWef(h|iaI
zKB@bo9KB^Jf7?<S8U>!2NUOP-OYzgaSH<pPJ|e{l=qzeA*==^Lpss8^7K6gN^D%fD
z3?0&bb=vjVde+qO$TM@D*EIMHH3*(Ggp~}Rf`LRU;=MRE$Mzj|X6<$QjwQ1^PgOxi
zBe)GIq=YL{wAEwB{}u}cYubxz+V`XEEM+|YIS<?p*Z~*p<!zBk&P`UVn|T|&j27`U
zLf;B;7A^6J?rocUAigpmLWn#Rz#FD$Q~~M)Utr?J^t_K0*nXDGX7j8{)NnwD*2EFN
zRwStFK69F!Ty{(*Sa7WOSJ~t5$!Uu@mCW**YcrSa)vFC;1nq}i1>b<X6u{P|pS>YP
z$@Zv9ZLyRo3WnZ&AdIYVT0lJ23&TPdUi43fM%m@yH+(DW4Y>PE*APZdbiXiIT6v;r
zxR6k6<D<F2{LL`*patWq(&mZJV=kt-^5!(vbF$QCn^M`3{B5zdQp(8fQzgb*TW@sB
zvW1GvM4OkhK}@B}Gka(xnTMi~dy>R}zK5bhr_Fy7o^tEl5Qu!n$Z=m0E<_fR`P*sV
z9D|VZPC=uIPC^<nBI8MiF72Lm8G=UWj`!5a__3h<TbCyL^4cR%>EExGZ@K-#z}>|;
zS^@O-G!eaGUyO=%NhQHMsn$WJ8~!_m(cgzlHp3bl6?2?BzLoUL?Rq8Tt=~53<o)bY
z4qrDIZX|~+-o77oRL&B=Sm&;1fksV<hc#km4y9sc-0b)4Um41jA7=UxON><9chu{>
zQzIMRpRBSn-S`EhE;7uu`WY8K7M{({vgl05-(#FQ#C!J{gGyh%_KZ%jsJH8s70KS5
z3A9ASKgtKBcp8;H?Zua@n<cOqPDed$t;STE+>pO=)X0`jtZNo}hifUv9g=RXvNGO;
z2c*&8HImpgB$l!i)qlU4jS?ym;T+Fs41S~GK6U^iyzN45`x*T*{aehxKaIhhGvcLa
zDn1<vy||Udchbn&^D>RE9doikdp1Dh#s9YtPY5OGiPD6{P=DU*vDFQb@)x}1box*V
z{*2{G6fF9sRG!{7v6=w>YzRlI{6ALWhT_$cZw>>^4y8C4;wD*)(0mq3_mn)aGfU9B
zq(J`fb_^fh-O6aX0T}**VJgdu=pK$hE22Pi6WGj9yrmYrU<e=g6#$%1bT{i{?hdFI
z(bi97qZ@DkoKQVQTdkFVRi{V(>*`M)n3yGq=`Z-eW<)?B_a{rvkPMQ6%hoD)2Ly+V
z8<B{>Kpf0MIi%ZzA_38r=u*(vM=hw8v&xnK5=Yxcx|f+Nr(=)eTP$alBmd7i@jQa^
zyq4KCK^st;6D+y>y}g50z8IfW&4m^@jL|+Q+};#9jBX8nZ4DmgRfLMux(3hxAH=0B
zrTv5yCTQ&VyI2|?N)uRJz^vt8K=-AOlpdP~X&gc8yG>0jvoHy%_p81V{FxNIo$Mn2
zFFVDcP({-{3N3tin12z>mDkU3Hyi6-6-AJ+tt?B7P86Df)*)w3z}(!Mo?}|1Euh|*
z^aNnO0^Z&k|Ig1p;Ei@cnPO16xbIvDU8THE#KTHwHA(3x=^2rQ{{NPuRRV%c0&-&e
z)H%>B0(xaPNuS^AJ$_gp+h+a!Dd6Kc0umC65H`gz%|-dUAauB%@jH<cd6>mIwvX3$
z=wbctJt`t1suB+C<uxhHWIZBRBAYE{E?;ti0lecHy=zP0`1y1GCETU+={@T8l$=hU
za)-Y8Jx%1BJVQGXJ=<qSUBK378@bG_n_KO4wpZQkF65vdC4!h{<?JE9V9p%#h5c?Z
zoU|wj2`#^|lu5x;;G%n0HD^vjy1p?#XU;@Gf68RQ2HklPm;G09kEwyV1WsTJbRivJ
z$onN*={JnB6$#*qfs+pK)2fml^tbio$T3F4A;6_MR<NQq-)G8F*!TJje<t^kMRK`a
zeVPDhXZd2H`1_nD(qraE`45{N5s@=joT&gAjU(5u|1%1r4p}6Z#sg89icAj6Ob_)@
z75q2|3zMDURd)yqyLS+g64cog7g%Etz}A-hK?gAKfT-}`YxlJjf6&A*yTS~&!pul8
zLsfd$x^qt)+q&^Wr%F$qmsPXghGWCsi8K7dFhFqS>EaUpV&_N3$&0^N(8JD;N3uX9
z>P_H?<Vg3hq?1=r+0Ig*IWFQRV|5rUF5<2xRytc|OW`)9*qL81V9T;PP*A5!G>Y~Z
ze9^LkmO=2k!<)%E*2j11qmxjdb)b_NOd~t5RuIOEfmcjED&hLQx~r^PNb(F5Z;_B0
zi+*Qhb%KUm?*VEjj+h#XA}IR2h83hs*)xvWnN;u)#LORHwO{VQFS;tK@h%4*=Jb(3
zo=L*U#;nmrE=s)q07bun*U#Z{wXzbsZ5(A1#l+RYW;7YFyD6}+#9j!z>iwkS>%pZ9
znDU;qq5@n|Pg%}-81z9^f`tECGPa80L9?31E~po}!|dF#I<%?=<b0|Io0I$pkF!0b
zg23UU7=;dV$log*t3#-9-}{%+r|iy8F9y{j0%c=qJF)lNt2S{;HE~cXY3}JOBMw<L
z4;kkLzdfwU!MiX5?u|W|*VzEw0w+~}lR;CI<P~N(mo~IP)CtMpSyW*0M-XgHiy4Q5
zRRMCs2BI8}gtF~ZQmSjS1NgB)jzS8tzbWw28iyssEAj7t|0W`{iG9x-fkE2-NA}Ck
zFuX>J&;7$NybPlYrg9b4c@`r~6bw>PX7s#Y{>ce=U^6h0ZNdbUv?>9cCv0&ppTE;7
z@?o<$3Z+{I<G3F&IiymQqN->rikoqXNo6h3SbPH<p_ifx86;FNnNDl3&jZU)uZv4%
zzx3@Pwb+~Ba5R^8C6_9Q+iT!9X(Y)0`!I)?SusFkVay$rF_#RcIm8jxCc~NbN52aD
zKKH(-j0uNBOxr%NN^M)GV78-0Y~?UqnZ_nLZs8&J_ryF~7J-(b$uBLUf+^zq@g(qb
zY5aOQ3tL$W6(w*!frc{2CIwtx!czTLAnx}rHzHYO&X<33hOMI$b~w|Pq%sQ=HYmPo
zA$dn~Yp+ZT57G-$HvBEGS`yjSKf^1_>Mk^oeDjWYVc6r`M>d=PN77ZtMb$lhK|o>w
z=>-Xq?(R~M?(XjHE<soXq`N^va_MfD?(WW|yX)QO_x?4XJLlXv_nw+LG2d}<v)5AH
zh)bt$xfQ9bWfJ!MK5xK<=rgwiEj3$t9HME7uB2mapqA96+HJlJ2g}-^GJ+32lOMUg
zP;^vDOHKKJ4#Lvm*XPYr6Ek5RajE#_rm3ehxU}FBqoGS)6FOEr7{g{ByI4EYIHHVd
zqB=R4P63j59s0fqs~!O~Z<4yjDd!9umI_Qk&Go<{UUXGGZB~Cx*^LYx4D9%dqnz7N
zdC}xbOC;y=<Sxbf)Nh<%CZ$epj$ecIhz2DUQc^)k6yw~Jmv!vUbq!s4OLl)?&SUM!
z+-y{$Mt&h*$O-0QRW{4bio*Aa+=*Yb>ursn2IataN{m~_j#V%OQZOxXkWu<{HXG=!
z5Bo9lJG2!~5zNV-X9Qk*0i=IK+6;|0Utry*Lk{~3nGR)7W%Q3SjD*;4?g)>w#@Ot}
zl?tDAtrKE%qvS*{kC2ZmDE{+ArQCV_fM6s1dBgC&6%%D}q3rFsb&8r?pNCz{>lQAk
z8xuJ-<2G4TRO002jf(vB=mtKO@sD@iLj}Fb;(K^mvr)CN{9XYQnR5(6ux|PM*I_<`
zGia<q2Cv@R#gDFs54?IjU<Rc|aL=7A#{BRRs-IE{q@LZB7vS^HeOsOwTsec+q^Aiw
z(!xJ#8pHv|yd2|zaq8<Swc9%;^XeO%n*yNUf@CmV44bZUVd9!u%!Db=C&l7p0|qx+
z6orCLZ+P_r^%XZFeS|k#-h4*KI%^>A^`m1yd<wI>c72GIo@{rXDp`bbHNY%NB^?;^
zbVRv5mB&s(c_BB@M|k_gT6ZeB$Dw5(75|{18}}xKm!Yp08W{7A^8~3HIgt8?s;-<H
zK0U<%Eu$3(F*rtq@%#!#{~o~xO19HWzeRLgjNligH!M8xwA=2KU(y${`|Kni;V%;}
zSa{wkHmND#JM{UN&iw&_TdbgzdX*Ll7XNm~rT|?!rhxB8n-uhVm3oHkdX6vI5ce?(
z_zcobr`3|6uNg@6dIX0{h=KNDN42`V81`15tBT<I^F&u)Ly!Eol`5Es!@%4hX>D@1
zCbaFJkA2p86YD~^m6Aa4#^`()y_~qeY>KxgexUg{JuYE|A@Se>XJWTw<DHKfa(Fpw
z^SZ7<#9@hv`$IGs{*y`@wV-Gxf8}|R8(RTA&4nRW5-ZxOMsi5OPDqE#Kir&NRzz;>
zbH@Us7O-)P0jgYW4X{Y^6AGtI59^IR<wR>-a7iSHZWv{{M*_Z*(<HUUDzzmMaXRo5
z3Zs1wtNSFYI~`h)eH20iw@b*8iT>N4$`hwmUxxmr$S4E_o-M6qaP?O+)989f9{ki<
zt<a-fbf1nC>#(D{#Bj7IL<KGj9D6c6s~6e~uYKj9w3t#SlIlFOrnTlIi2Fr8JP#S(
zxnoT?A@~Dt@a36q)+Yb69O33tVCR_2uv^H{QwFk{<3F)$S$PBlD;S-ZM-aCE@}JHE
z%wOi=fy+4YkgbO{ecV)oEHhl1z@3IyM{=-0K+i#to53RZPVOX*5jl)``3%_qQg7tA
z4AJP_tyazh*iW4FpWpXSIgcV3*iaiqFB!@-fvex%c=Y=1CTx+`flfD(+=eTC;(qgT
z8)(|Kl>6-8O0OiBzMU=jJO3mNEEI}Bp-UO9ZZ&ZYLLKGvxU*)SsBiw7i(6~r>EIef
zmhO72VF3vHrg$ve8D;9Ziw~cqGq9jPViIV7)pIKULAJ+Xk#nIKD`^&ojr?a#v-MKr
zN2_Vk&#>#L>C_dWUAjyNBkHX}@}}Ks);ZJ;y8>2`-LT+u*rpvRqwfst$ekKOf4oIh
ztg%wr&!APPlo`rNMV<hr#h4He>&#NKZRuEZ3;+8XBmO0o4JBC+oixEI8}$Bl(*ty{
zsR4hZBb_Qyz3_8ch_#U5zKc_1Sw3Obmz~;d&jVEA$q?jFVFvLZW@U1uI{(H1=X&s3
zV=Oa|Ut4}t3v``^i8#}M_tZtXSA6XLRAl#}A+BO8CD;4c6<EYwfvD49kxJcw4_wvx
zTqV_gEomE6TR~W4r|;!K$11+ZD#sQFuN;S6B#3{Myd6}sd?rkXG|zJ=q8MP=bz}E?
z{fRF^K@t@Zfy+vP*7mAl7i7||50Uo?i9aM{!&^SyXw=1{izOU%^b}Ir@GBrr?bvSo
zG$~<Z^(jEWyw3@E-KM`w^6X)|j9l(OvCbUdOS-t}-Rf&8+m=-jR=wnqT)sxbb~n1H
zyp``|j}Tplb=wF^WF<cn5K|S^Ozc|M_!E&-6kotZZGX9?ozwT->|}#8DeMozp+t$u
zK+F^&RLi{UM*a7CjsS4yR2g1BA7SKoen+5n!<uoShQpVn&hV0RH}DmS#dj3BNRx=N
zkk!YbjI97ts;VzThciE2<jky(q^BMm+3Iiih@1*{QWprQs%T^`U(}ISDtA+xNU5B-
zWH!3>1%%SgtkW?OnxjuSmAQ0sW$IM;+o!*`S_P$ANfs$)GqaDkR%`b5w0N?Ih~*<9
z$qLDqd}SzM$Re$yD-tVENhe`q<<PlN2yFjQD%GL)O>SW`Yek?l8vp)Fy6^t3Rgh}U
zl*-6q7Q_Srsn6-`dfvD8S$0va-iGFG%+VBq-PG)?yvL+jK&ZV|#W;M8&mBccY&lBb
zzRR7G+HQ&YJ@}0oF1jC?I0DP5y%hnvs*x+H%NGp8w|g}~iJj9h^3VkvpttXrfjn<C
z&`Z`V2{g|vbc2rU&2LP!jzjei<xB~+_TO3fXVZiAx8(4ugq!n@(!U(}Fj9ZECGgx#
zKS3yMz+ru9e4r*;_<(dkgjC74!H=WbJQp*@yi%F<HOFHmG~ot}8lyAF{A?o-gmQ9C
z>=e9ag2hmwX{F0m7;=NTjN&&Dou!A;8rRgfy|Z|N5KzVBF~r5DuPc{=PiDXDbrIu|
zo@u+KClJJ;GDYuGf<KZF9B0p9NUQAja0~zKq#0V+0^O+3{*%#2V6|k>DF@m&pCfXj
zs;^k`Xq+~AyM<SzjU>!Yan{OQG1#cTeKgnbHjvPfvtPb%UVUaKt0$0htZbvwcH|vS
z2+lhZ9T7TAUA~21UaoDt??ruHHTVqMxL9Ks)G)GQ^z1il$6{_yB(du}**k4w)YyP%
zEt05e9q&2BG|t?iLviX>f4L*+B`t*tHix}`1ZxEyYX!lMA5fvQ0>~lmA6YMcYJOF`
zL%2>_GWk;noE!7=#k@Pv<VXH}@R_bc@vCE#c)NP(3~G4Ef)fkmTK+>2ivX(}EIsq!
z^M6KgYW5Lr?2K|~8x#MI{Y5C95euZQG{38nq$0N8gzL`7Xo$HwC?r51qsOMzyT%94
zl-^*G#o7eP=}&&wW;8tb7r;n~CMY0lhm+?0ePKe^w}<Uhm;RVPyIr}wK?csjkOO=n
z5q-xlE@P=e3g4`(D}&6gEM7c?Mkr(5P4<{~VB6OdFWXS_??|!rYhNdX{{zkWn&K7I
z<P~&(a7dDB2Lu~{slT2`5PqHXdGA>uQ428gY3urQ0WS)wIetI%X(mbHdX^lE>}<R0
z*1N4M!pm5)&i?}5cMGv}@K@1HNDLg_D!3m_FR6vSN?rbAar|e)LhEIK(Oppd(U(&X
z!mq6eL8%Bq5$vE{GNtTdup1zQvmle?8XEygms=SI*5e!R&8?`=!0}@d1)c*3p(loq
z8Wp3gQC;)V9tPIqYmiM`;40^r^tp=tTbDm|e@{0;&<o0QgN*z=FxTnHJ`xAPf%<%T
z?wC=jz4oR-(ehnrSi8mDd-fmES%@YASIgOg<!c)H2aQ={jsk79UA4*bi5b~&GrXmZ
zQg*R=-csMYh5(<9{E;?vlHuB>wKpop;Qxcmaj*=^9GmLq1|q|tGojy+CX_x6CQ3+P
zqVUs`Y*Yd^BrJnuRbF(ECMqMpRx-Pgws!vz*f8B#Wrlb3#QLc5dZ4WC@2;+?-ud*=
z^(ugr*24p9VN$$Hjy|+At=i9ZZ2&uKQGtT<=xVz1<Zn%6*@*s0Pv|AdKa=M}5~Y1q
zPpqZ|@vgTmxcvbbo=$9s_=nUeST{ALkA58dQRW1gC@AX^(?^8g#ew1Jbd7=G$vp6!
z2x8#4g_zHC`VnD(IvX#i@N}z)r6JLXhiYVKMwp&>N1smgB62#W0QW=ZKgcl7yOI`E
zb0rm}*NgVj2NwQJjL?eH?c^2+HB<N9-~y*rr?T~M$gXj<rc}FL#KGZYKB#8WuJtc{
z-RTig!#o=pL?84H>70uG{)lb&DeN;U{2!i<K`i1Rc$HcCGj&|+?fLhh?r`{G9e3g?
zU)jMm{<mB>&kE<R#&Gzw<b@gMuHIED5~F<F3}Fo3Oj@S_>`2lN<-9hD_h!$IDvTb)
zPAtkB(NwqRUPdI5vzFBcm%BtU9}cgve?h5~xO@bwo~#DhO$*eHy>eYyg6<9AUlApR
zGOUd)E-LZz1<@Gfa|l1+k}@@W?2@u$c;%&ZUA32|MIXzTPU=6(MA?BUAZ1x&``I@+
z2JqJH2%_eHQIoRh)I7edkC}q5LWN1s%h%>+4tKmhYj}*RZU^18BWT=VI~kH->K#!z
zHK)9j2cnzl&jyhD-Y*ZTL(DM)Z8^`a9D~Aq(GZ4c{sYxX@IjM<GHoc3q1zoYRY|<w
zyKsJ-l>FR=`Jw(_na_o10^B?dROb^W-_NBPVfeS08kU&xgZtM&k@3+iZ*1jouDPP*
zWE~>P?{?(4h4wb+!JmH#c~H^cYT?N0+9Fne$g5lWV{ISK)i8%0Qd*c;=jV6*^Razz
zjpJ&CMse!3BXB3F*>#+c<8CC=d~77sQssk-0##L!jQ6}I9SLyG<D(v<bKF-2!z$U^
ztJ0X!mNU?M%&5m0!Fs?Ta@e@){`~=0_MWj;@)c?7Lw<P7?1R<hO#yIRK}5QJCTP>@
z1Jdf5v#`$r;*H$zTK+k^sS)M)bZV<)n;st7^kxzuDRTPwSj&fF!1{m~iOUeyfFmdU
z+@s}X)Y|F5xrO9q6q38yuR~fSTQb;6SAbpbP^u%2(zNlT+oObfK(gjJKbzVar5^<u
zyzP1IG|y%0=H90Vx)!*nlPYx^HM=Xk%cvH26Xdh+9h1EZfWQ24jx)_1Vy$C4pR&$I
zoXR;KB(hpr>rO?drKWDbJ_bzl_&nCS6A7LEJC`K5jG|-}n+y2sxI@sb#4h?E!D|$D
z{u6z@*cw3$f(%N=Iymi6w$H6QkJ8EXtXG>%8Bk0IcAq;VJV;~9s8W^XxLtmEkhc8-
z)R2tLaia|0R6_8^z>aFhiVc{0K?eC^6&U!pu(!?4PB1iL@>jQC+II|43D_->lYG-B
zJoGTH5)vrR_tgY}gF`m0LvzOar_-mBj9oM@g}#gpOEbzkWY2-X06K|EB^@svU+aS-
z#UFzygGc;pN#wN*-unOhhWTCZv^KCv3%lT<jDhB$1E9AR>x`1fmEv<d7_<r`a-&!i
zcQ=JD%3mmKdF?LyEf4p!60QP^+$q-VPx`8~V_BaY#8NIVmdD&oc~_&nQk<nP6_Qt;
z8~&~Wv)x=D?UO1?KF$XDy);~|63TeebXLfEf)rK>+x}o^y)<;$(jNzOT`%Jsl6Tts
zc!HWvcN$j@$6_fa5K}iBA0*imBPly8vJN8|wO<<8G^J9+zq7kVn@yO4ck{_~4WDQ_
znKshP)-`nL#;ppCrh0kQta~blk!U2@<$jwvxwXa4JATSyrcnoX`P3>`5Am7l2mUf!
zz!}`2S_1~?hLHk{g$5iMmJ{-n6fc*-*JiwH(}#__*){j}HF#hd4FWq+Zo1ircHrJ^
ze894oyN8>fuvFUOPUFd8Z|q#;bHi{ukoopY=ZQKCD5bq%o%(qxeSW~P469d(FXFku
ztM})<n`dXmkox5^zBn7Dc%0L5jL8BH)l0*Uo2FvfDvUpLYeBoJ`)I%TR}ax>2F4Ke
z<={MEBB{BW*CVOP&>SQ`n$O5{baWXwHE^Z!xTNPZbM@h%ytZ%>Y_@P8sHtogFau?1
zZMWF&3suHtq|Rj+w?dOP8xal0`yHQ3cpwjJLyp7hH1=kLhmHQuQ5JJoYk<I;*AJcY
zCP&fJZ^w;@eu@FQy}|&z$JllJ#W3<em=E?0WDJc5zSEAwEeZk4Q^J7AM`X<n-^=BI
z6NpnjEM5JPy=^V!xna?tu;`lVXR9Kg$mT)OI`?7A?8e&3uv06`gZ-1*2Q#|Lbq(J1
zJf*tL#uMsT?fI;LjDDQI>kXSN8SBZ{hLP*ZkL!UK%PyG#x-AEdcw^*T$~5WZpVPku
zUM>iwmKypUA2yCUPsypq)5|n85?!ptTg+R56oU7z(H`#Y*OA+I1s9oOw{@+aT%aGX
zwyZ!sR{YdVn{GQry3x`(zbyuSTR0K(?|3-zok-Tp-~S|OkVf}!UH_aCduKZF7$>_>
zLngKz05E_baYC8DGu4`o(G!*Kb0D``d~5l(bmSufDtif$ZA$4{T6Jm(sTglQ2`qf0
zrICn-8u*F%KcJgr<cs`l7x@{$_EwhMw_5d+UNY(H+1f;7xBO!Z^9v#W_20^;HWA44
zE5P93@~G_tYZct3!@{?EZEx0`m&%N5_f;g;?*P_Q5Z1ynPnKcho#tJuaYXufjK_ix
zC*#oRBwu9@93TN{f;_l`4M1W7{rK%52oQ?I?uA0UojKnT1TaJ|a5dOPV#6id3E(--
zZIOP+_Z}O5jT~mtK{wH2m0Cj=D28E^ju;Z(0Zi^)Vo@V=lmM4}R@qk(E_ngoA0gt>
z`tZKRDh7v@NNjDy1!LZ!q;(Yg7+F`PT&a0mM*RCXt45%#p9h(m%j5uKF=*y|13BPR
z*aTlC@$8@49l`yZX%;uLqs5P)zhXOll^;r7F<0V((N@0{T#6A6VI)a5WYckr2tWhI
z7_RY27HxzR$<@f)l~#P6Ctfn=f#IA+v|^okmzgQsv1K<4ezLEr14<x1F<5!^#(>?h
zL05w)j1p<53BmoO8wL`iC86Ks_COM&c&BuFZA{i`!-IFzKaByM=m{TS{)<~o7|mox
zHZQP@mn36KX1pXur97GBPECScJ8xljBX6<0?^N$L0s3LnaMUQKnpBPN<t`wE!h{MR
zQYjO|LVdE|%N>Prlz(#I+n?3B5qXaF9y{u6440<?ahL&UxTSfEWHh*E+vM#of0<YH
z%W#J>aEI<giZ)?cW=#m!BB;3iKMqeY!*D+w!IwQ1c0_o?tY4BBD2<OxclwG7s{uK^
z*ctyTiIn>!#{8an&Sk7D|1j{8{3=s(fP}xmT_Bm9CK<yTF~+EvBN)Sal&G84JVbCG
zFF!R1vd32`9p6()0R+c<#=encpCOf|#Fk+1iAmgV+rnsm)Dt*^wTp-(`%bi((};kX
z&_3StfOk5>RrHmER=*_T8v1et{=d91rv0{|XcJnt2({}CWx#uhxQI2u2;)&&V@Aw3
z2p`ME6z~47KziPU75_e$6Q@|^q}$k0n+|P18TYt%MXPLv&AbGM9`WdZ(`bgxY(Hxo
z7pNQSp>>&$MNjGWp~`!VVV`+%a?=!u6k|N`a_KB`{rl>zbH6Q_zA%Ua*0s531lIGZ
z8={T1SbUN#oWBxVC$lD*uGP1F^2VaiH%ZK$Zx25UJdHaE;0A3D0&7;gO$lwH@Q!9F
z%vu|x%oli*?Hd25<d;rs?*=?X$cE47wTxTyQI2nghTBhv9V|6L#2N=Y-|vt(>6Q+8
zQpglY`jw1{5ffn=`w`3XYsoGzsLFZhS09-M!~1W}775tHdbAis{U0glWQ@>x4+~Ox
zqm4Vh#f6$frBrYeE(4xG)KrQu5>F$o{cOiXH2y_SNvtf_#Uu?M<o&|dXgUlD`_Hd<
zw|o~b03F-Clp->IibUhAmVy^TdQ_Ka<23Kreec50=KDCzVhH?VD66vXn1rXfcsgQ4
z{&YyYDcb5hKRszMTa$4t2q*WWL`yMK={Bj|n1XmjH2iY@(psQI;AJFV`WqGAzxD&{
zsd~L5Ork@#24V<J&?9C69c0e>%uDG!H)yz=h>h~hXBu)B;~&9>s_U+pzlMi}E$**P
zw=N4~2o(ZHHmJG)%z>;yc{d1KmkzzVs}Hc*5zg6r7Xh@3gOD<fay;>#CWXUgrO8kE
zf>OiH(QSH5J)rS&CkzF!uJ}1yPfaj<-05=X76GJ-gPTG|3k$iswN+Hu*Q~_I8Q1Ol
zMcFTxwn&#2NzSa8OWB!^hb5)cPRHcoj9HI4K#h%R8e@60r~{o;<}L7xSXlVfTh0J$
z;Fq5%?>JuGc#-fW^^(nwHG&o1-tw;Bwt-)^5K>-Hj!(iAn8RMT`gThtlk&-1Jd3O+
zn=$ooxwnASy;zE{MpY|HprLaH*ly#dh{ez!e8hFlNNze5W#fq6EH0o8;-b{075;7N
z_3^KpRMQ_|_T93-s4TAkcm9F}N~CpZ(J<V`&j$lotF$CKE}(bi@p%+p*kbL{0E4Y4
z{MbCxS4z-n0(2q0#|@a;Rz&EQ#hPaPY!>b&pxS>h2q>dY;4vYNQEtEDvj}5iooRGo
zM!yN71FS3L<-Pi%LK5gq9^8I|d}h=@d8)e?K&~0K2S7bj3g|Jc1XiVZVnXR%GCMj5
zhtbQT+zJ=`GH#Ut#cMn%<=c*`gbwoN6S{gswXvg0Xp3sIX_P^0f_14cnBH>kL}C-1
z{}IT!HNZgn@`zNyv`HYUgIV2Q-$vNbQ$IjI{{TQf9c9iRB-G%if9mKUz;h7c5Dhhm
zoG_8hnHU@GIsmj6O^=Oc9RM`{PLIiV5&~8&C&r?D2J}Cyq;)%4BO%65CB;&b@OU~*
zy;dn49B>d8jTO*kfkP-Cnp|ZZvj?l3i<X)P`5pR4MXdIzZK)yQX#gf6c18gnLhxT5
zr+?AqBG!$4zW6`q8J8*u<0<;plgpQ>aNY`5)A?(G@D`H}@+sPYEQ`tLpWjU#5Oy5o
zR~SJkwY0@87Wj}u?L)O;Xr|w-PV|TgFK6T}+LlYf^HBV<!SIVV;Ld_iu^u6_YP-vH
z$?!tj$criHR&y#)8SdI}g@+eOxacLx2L%v>Qr9^p6qIKR?_cqKdKG!#CFvdkq=*f*
zou^?fmsR?!!yYhb>A9l?FD3!+e-duEGY>1^bRZuAw2qV6N}+y6Cvx?@qm_cnk^?tO
zzLjFLmQXmA3E?=z-IG!aOIpPEH2T<2w3Q;kg5!4@EM3!*Lk}AYKe9kVClr>~L%c+S
z()l;>MCficu2)gY)Q>Z46T%00jP<LLIyyPsT_hQ-I*mqHV}PnfDuP;cSvodXm0nf2
zc>^#YP(DC(Dsfqc1Es@|5&^Q}lCdqxkl3r3R_h+C9l`4F5jrEW7E=(vGG**?7=G(D
znTjpu9_tD$hFL|Q9w@?<uni$KZ*FeHT#GGbMn`himFC-Dou@;Qf;rMr^Lu}=lC3g=
z$FYb)J^odfd_^y9%iteh60u0GH?op?_A6k-7)3p|J1Hc@yI>AxxjDI#mek)~5w2w@
z+MFyu09yAFbQ0=>HUfv#Y-_W1X4BW<LGfr(71BnaAF2xVb6#*_5JZ^@@vNHdqrU}n
ze+XE=GZ|T>ZK>JbdRI9}O0KzOnZ&%wqB48KK?u;Kx}|Ab>9z6nb^@ilNwmA1tl;RH
zp3s1&OrPUo)DHNsuwzljXyP{Ozhgh-eh0OL+sLYKdF?Gf6TB5N%{qhwu)^yKiE;+c
zrT?r%M>nU%M6ARP#Kud>P}~-|csSzceu<%BH>2in%&$Fba**u2A}ASN`3?#TFJPuh
zglTp6=4--|;dp64Z-SIQx15Pp?Dw_=tC6T5YAMRn0HK6mo*ePOA}YEyY2r%1jLzrZ
zUX4`Y#;VvC%nae1YVj-49lkVVp--IQo6^`9r`;rj0@^OBP38pbi3V2Z;8dk1F*O}H
zZ5vAEl_W=~D2N(O`r+1a;A4AinokN!yMO@|R&3!rX<IL{v-CF#lFX)9<6F_G?i2!c
zJ-q?B8(ZC;a~JZGb?;Kk8nv-M0g<mU*E&DN0XGC}P`b`$nh!HL0j|oOMH6Y25^sAQ
z9QLH{8WGgev_Hr4{A%nNZLq`&tn3Cy{Su4gD3z@@+=7U)hVG<yb|ZnpI0Gm=t2jGA
zB3@0p5xpQm-kHWH*Qu_30yZ<IFX(!HY(G=(ag0Dn+3l&uOD0oY%?itLF-RBz3Pkt&
zy#NAyH1y}-t|cK)n~km~2LZ~pG<u-(5{9my)g;eJdb8M8eaL2DB;B)z9SWpTmiC$Z
zMims7^Pd508b-On0csS<CyDpYVWafhYY<ZrR7LDp%n+bVGStGmEExwX_(}Kzv9(kS
z+kAmBBBuA-9QCYaaU~v7H6tYPCCoD~!j`lTe99?Zq@{@|KHKAjL;<HO<byTuxkp#X
z!yhuq4_%kY`Cj=To8#7D1&=Bq8CmNvvsV?6HjGlL)k7KiJf*VRb4Q~iWeEdxU<emW
zC1drjlBi(VQM>`OxmSmpgU5GTZb`G2v)F5I=?oIQ6t;Vo1gW?P-?+3>0m>ZN0*zsy
z4s(J4C0iOe;_Y5`iJY+cxA6q~5_xmo@68eRX0aNT8)l*574nBGN7NS{ow1K?nWAqD
zv-g!FZkR8cFBzh5`6(Q~^_a!p=pwviihQAg6YIE-h7FmUSG%~6B2}5j>n?<kF{%R7
zyrw8GZ#9{leJ-dk{Uz;g+Ae4>0vfDUc({)#N@MZ5(9S(n&>;h(0A+^S+xxLp0m{O>
zG`qv5U~)giYUzJ$>NPb75Y3(<ZwBCAd90m`s-4Vmm^_*xR)z=IXrVfI;d&Ysbj3iK
zVS<}sQeo%Q5xiN6*HZ-SElLeu*y)VV`zK?f`rAZR?wg%Wb3D0Sp?R2D<6+<>p=%hW
zO4Z<7akMc5p^3)St;C}Y$WaqU<J1A!Wjh$sAXSDm%3uvyY%xtXfR;FAhhgveDE*hs
zE5x7MXw72rSqC<$<KH+urKtV7Sq*-yjn<vU3J$oRhOC59pM<VKG3R~HuXcp)uL#r_
zugc8>%~oMBZ5^KxUvgN0r2gMfTY7Ck)Mc;<&oAhSVym!Pq{fR2@;qB7;u6ROiGtC~
zjbI&?EUr6Ag#}L6KuZ2Ja&~P-!m+8>fjBb|Spwm8<}jimKmA>T%fop3Cn^tPr{C{C
z*a8=bkUlVaqU5f(Y}AOED6$^E2&TMXL8eOA*#_|vTe+`<7-`XDpT>wlhqeP#7>1Au
z$Ed10%fYEN9f*^CR9)TSox01_gK=VgZ~^N__c?ZiaxO-uAb<1uOt{id4%Jef+lLm*
ze4Eoe3<fgOj7X)!Iv@qxUAV>nvG;u_9he{?^$H1pY5UM3!bfG$-SV0&m>@RN)u2DA
zW_ey_Opv^K`mIk+f-$`dlOvAVxd*@RL1dbZJKyvB(;qbMJ~O{{ByX<iY`KiO1Cr+0
zyiizw4%^PNmFv-XvP74yMsA<#d3b$Hah+!q)U!M`_^8E)Ns}Vx*zD|Gw-x^8Envr!
zj+e7zyel1!3o@bWNtleFf!og#M3FW|R#4VcP{Pee5a(oZUkWv;#08PYn*{#>+UD^J
zg&NyLY+bgs>D@XSY$;+AF#n}5DhQYO#C@k<jFZw>#A+u;&b+Q@+!Xike<rD9g(bAX
z07QY8qI$J?$(q&F<}W06=tDs)ZKUc>lQO*O-Wr(-hHeFuH1v)72Tn>eJ-20Vj`$$4
zT=XfSIXV~>HwAqgZ&!1238ING`H{O&&}@(%rvt1D%6mgX>VFvaZe)E?D4vM#I$U1y
zWTD_Lv@?=g`)b$H9JG0fgv0`8QC0FF0iymCE+7AURdiyoNRhCb&Vd3F64iJ6KFHoe
zfjg>mzptn?!XX`M(7D%PkhxG7Kmj?7GTETa$aXLrSRKf%9AVb-m7tB_3pRP%^P#2T
zu3zst@1{nQY%TL%<a{kaU41hPv-dS!KgwL-bi@(+M{P1)Ee{ZJFgeFILdsZM8#&*z
zFiH5|+NQ>ujD}m>(E?hlT}7AORnwFp-{{a%P4{gw3VT)7_V_9K=K`lE2c&$|WFz1U
zH_7VAIm7}<=pYy^gVD48j^0N)cx|lj@#6=!k|})9d?PEAC17kH+_0fOJ54`98ymxY
z$Fw8ec32&ncZ9z+Tgn88Y-IH+l!dvQ4sEn2c~K26Fd<~MwH$pm5VtpnHmjf0$95U;
zX13Y*FUxm^=4hl91T;WAD!ea9vo-8FO&K6{6$Me0RY-3+SxZ*K8X$Syq<}~bTnJ)s
z%Bbv#Q=XR(14LSyO-K26jgntY(&l)DOlNQASpND@*hAKh+oU5(1l{1D$qm+ZEQ6li
zni4>vO8D@qDxt89`G2*OQmaB3U5K3mTXf)DZeD(X<w0Er4%y@A8HgJBw`J-@yN+kX
zm3qZ9wA>kMUHmlA$PTeLwQ7j+iZAsFj#S9*u``8s$~*JvE5qDR!tAxQO0YxAarYff
zQyJ)r7$WlUBU&5S3hY(&gcDPS(f-LG5V&k!GW8~UO+xor*K^RYQdsOwo2sIk^n3)w
z;!ghCHrluhJ^`RChYvU6ra10Gc2`4x4KFSeGCLCJjZszo7FA$=dfTJE8^>K`oNTW!
z?wD<pKD{9URDO@?`6PBKaB76S-ktkFk7*%dW<bT`AfBXQhP6F~NBVV&1R(3d$}0%o
zSC84$zAS@Bm`h__?`#j3xAbJqT>55rDQ)Uh@V~(<Uu_K#n<|jaC-TI0t2v0^skW9S
zf)sIf7a_y@?$|q9lQvb;$xKEOtO^k9eKJU0aAS_zEP%#&nO2otDu7T02(L@|5Ow1y
z#o6SQ1j&lV8RhIE)(1Z}CUnO+to~x<Ihf_L)>cui^h8@fL!G`mfyEM=Rj6)D&&-1;
zt_I&W+wr^;GMFBb#nJR+*ISfMp}y7!EHNAVFfWg0;5eR{6t@gRU1wB)L*el1!Ak4+
z9h1UDb_pr)`krilO_AN)E_6;d1Y&*6NHO##QUMx!DxZapw!Lq;(6fz24-YL5X<w+s
zN?5ERpY{CJyYK{#SN8m&TxGwwAL8>SQ*ghbYBu&m0>?yTCD&O9eFEto&whQ0)ihCB
z)C_a4Yo!#RmOYH^HS|Zl`a)zUiFqV-A8%ZgyQ%Dt_%Y9cT3o*xa@#4~yNrzA)(C%p
zDGRDFWM3evd>3(IL0h8>9A)sZ(${!Lc4}c&oAE8u0M4&E!??r?SPk!0m$5nKfVAiQ
zT@#&G)+Qtns_K;lRS&1&Ut5Pvc*H<wA0Yf+X8#sM8oVs@KgGX$zNw0y^aYySA%CLd
zzw9?AS-xYn!z$jW4$-t`Jum-74wtRt1FYBjl5Ie6!xn1VQhg}<ju_>-=-8+$&TY`;
z;xqYK@6SwD_lvJFh2K&;alr`kX~4=N8Swq@0H$j$VM-j&JJyvYNUmX9f@19aM_R7o
zm)esmbgMkWgaN!xlj3u{pTaK+!kfFyAKWSRHMFS^E{7!wb?|46KKUw1?q~wA4A~Zt
zNM|k<H35+w*#ENa!?<^IqiYS>GVde4Wq2w{CRGv+1<22bQ_4H!DNqoWr4XN#rOk&Y
z2aZ-<+b*r}-g7}-D|@Sa%nzlS%Q5W34Wed*G*K8k<wz<|%+J>t-Z79)R^Qc3HEW(!
zMNJ8jp>=u2K#N;b@@@@~bbqDl`4aL+hIvLqQ|nTUw+yOfnry=6UVlZ``x3_A5pBK3
zu?9uh6zB5m+?7+Ova_m6?iqj}!Aj$DB+-t*1s=eJ5L9U|^mWc2ZkoZa8qUd#Aw^6{
z&PK(~jt#wG0sZR)4`8;_xawy0o!<jG#NuMY`@Pb(E+}Fh^-b)W!{L3^sV)d_o!zRI
z=bd<m=|pFOb$m_XtOvKa;2YJ@nT+yO%*8sJ-zCZWroaYO_*YHNN`y8-smhaSWpHZU
z$30BDCHoV5I48~_4;lFJKZd(c9;_40f%gP~S|L<0Fo@pNnaxERcf(ppLlern>Tl|s
zy))okxTE3|(|CA#VP7~ATg910nO!aX%g?^T(&Sw0m(DX_c7WtGzZ02Qm+*f|O73XE
zAMo>bvhFp248rqdr6ZfZBD%^~v5f!MTHi|K=YBx?T+kDt%}L7iW9VaXo$X#7seWeB
z&CUxT;da>i#8o{l8padW$SiUn3INqVS?gGyTJpB!6x~2x0GPKN{~6{w1Oi<fzFiA!
zxYJ9D%1Kl=aQW_vXV{#*KQUQn1iq@a&BK96gF{H4Sv%>3b)yzgZhlg|@|pAyT?J5C
z^;nR?@Ed-7!+fiKN0M9?(8Oc#xpR7kL;TB|*AL^Iui3A@9T59x+LER1Q7q^#5kU+2
zWTgMN(vB~iZos(ZBvoumu_~1?&v6yHy<V}Xv}nMaFNhnS5EJcdc7QD69D<9B>NqL3
z_w5~E8o^~MA70?~dtN^gPfq$}61LEjFDM7WN1+>9(wLNu3(Y6;Hi(0s6>zA@T22VL
zpnZ4DYw$GI%e2|kF2c=Il(+na1I<IsCu=E7#)EHnavcX_zlicftb>F*jIR9;dF2wn
z-l1OU(NC7Wb}3zaKoUBQ3GUaU>XFBW;y?rglc6|)MnH;*PeNmut7@q+Y6i`c-nbSv
z`Pgd#1*|bIU9lHGl~S*uDQipD@7J!UGq0PTM>~8Iejtme6nctW=Oz%Ipvy0GtIB$%
z>_n~q>4`~u|06CwSxe@8E78cY=c7@>Lm&RTfVdiSM9g<{&77x_bQBoZA8uRQ!e1vB
zD<n@>9|ziXS&&Wb19PRUX_&5L-rdXaTN;#!oGWDCxjuK7S@1eaHL$OLy5qsrKJ-n}
z@Woik2%g`6grfsrL+3nwV?up<-!N{qUp;gs{f!^bsYpF^X`b{J?6X2|H&JktmS!-U
z(*LT~qTiy)&vth~p?oA5Z$ohP^otv`o>SJbUKm0>81G6G2dDA!(N54+=Ysg>;xb@x
zRGa=wqBL0=JjyRWy3JoP+Xp{?_y64W{=lH`UqII%_PK9Sg**&M?{r6aL<uh>>S`ws
zlcPu2<9n%a@ZUG^Z;&ump0#w6+Ix=<x3p(ldcPDs9jOf;C7)JuFjnTT8m`y3W$(T6
zr?xFCi2cCpvt@JcE}Z}5t|2L*%{MO-&_G&+n5bv@x@`RXo-A;2u$~w`n;{uaGxKJA
zh`*Vx9Tw54!bRbg;HxmhvUE`iibD>{`LD9EN9Hjf$!GOpt-m@ywveTeb$i?`U*cU#
z9UY4X$R2f4*)r`J_7jU1J}HDik_~p0UZ&Cb!Aa9fDqdNCmZzW*m5h3?hMnviMF{~(
zmkJj4Ee8eb1#O`nbwk0gMxjdYZbA$*)rxdWq^=l?kDqzy^Bwt0h-+2iJam*Ej@CPG
zl0y|HQStc|8Qs#=?=|`N1KlsnZ4vhYK$m6q_Zn*++}w*xshnqjs!!h5v^Gd+vhp?f
zr^e9u72mSPPFofD#SI!K;*bm{tS=usr=;8W3#NNzBy|G5S?+aCIsfi(G}ajMr<qh^
zP(Hv!{-gOS@=MqW+r2>8snkhw;|$+FTNab+3C{dE>2dO#0t5^<R@*$Ag9~S8FB-wk
z2r$EIOxvVq2R9_4ug@vney@VVzG{OzpT`7rzIAQ982fhJ8b}!jr94wWuE_}7+C^Y5
zjt-%HAPnFg*m#-k|8e49dwER`iV6d^O^d@~=k1PA0N5mfZ870Pm?$r_5Kl?MHd{?3
zyG?RG#vl8H08e&c+gTgpf-owb3r1JI9Ec$euvY8dHJAN4hHZtfPf55K-$;P?Pm&|<
z`-Kk7Nk5bQ_ltO3kE0ih<oqvtUiwFl(c>7C2R!{pI_y~ciB*Gc>S`*MXqI8ntM%N_
z$=PjyW;EJg7D2oL=EB&$j30&?Ge$=VsJsfS8zEY+BOmHEOTND0048Zt2`!USJrEe*
z*`fP9+*C?A&-LH{Y890-xt<Up;@>2G5IWDr(-1~v7q~Z2ZW|v&aEuXY#I5w5CjiJY
zIsZ)}%oYCO^DcsmwiC&q8q?A8Ti_69l5t~c(p28g@5?d+y2p3R&fw#b6+U5IvWQt7
z5TD68!9fYXL+?hfb)rL8=hpb(e<-S8S5?F#oyF4sU}7ss1?Feb5H@6)oe#>xFKJFe
zKim+60!4}g-zXtj35n5v5O2i7e&BuHI}^(>@!H1y8IZj;Of~KH)81s~Jv0ja0G@-c
z$JK<2=!EnyuqDTYH6{n?X^<^}ic1_H<VA$6s>s%pW5PbRl}D|9FW8lgud<_K9#Ly2
z)LZq6+pBGmZE}A`7g5{hnZCI?4YP*(f7Ol%j(!YG-(n<C;K&qas?Aq^pI%63nMqa7
z9@QC$FBZyJZAU9<l!Wx&pT4zM8y;Hk&tH_`cru;n>d+$}jPmbSty<CKiwA3!K;S)s
zNfMT&bY2+zHY1bFK(!P$;EDY^gKnsXazzdBUk&iOScSWB9h-+erH9_40BwhYe2Fs1
zPmM947D#PAsYa-;!i~+pewh&2JI0F32gx00I9Tce6jH|HCL~<ahr^LSg6TQ!m$Hqm
zTqUSM0ZO7nR`Icg-sE^fYju57rsJ#t0SXohY*w*Lc+2PKX%0Z-c=5f6%#ec_N<<Fm
z+CrV~H75XMd`1}YrYStEbjsNKMiozz7tXr%mcL%t_x3m2{Flh^2Cc%6F=YQ5lT=1+
zitCK^0_2yzTENlx5VC)%XavE@OQqt)lcREo@DU@Vx)wJt@P%0H!1cei#jgoWzW$G{
z(O<4J#@Nb*B(WafGGQBF#Ntr%_ha!~qU+a85fk%*<4P}WzbF3EG5^1z>AR(in|J1w
zP5vzSGsVmFJ2YX8V}#G~I}|g?ZD{neaplYP{=v;@V}Yu8@?xC+6dg;nS{bX^^G{Z&
zI?5=QsEF9hRP)qR^A<+{@}x=Wlv-y%_U4p#`eB~UNBDR~)%HC^kPQJ4hN=2sEl$Cr
zEKMh;EXu%)HaV|JB~9!UlvmkhkcQbX*-kD~_{f4_mlFzYBXW1VK?JE26#HV2y;nwK
zS`}~$+LWC9>PK2=|C}nAA|u+Q5j0ycN7r?fAhWqfX{5zP)KuO;f1K-mf>FJ^WNYxm
zIe-4sl*ibEh*E=tD$C4cU#w5b_k^qR>{4lSvoP})-{~*rstf!DcE>le$5Kh0d}`)6
zkxvD|t9=FD`4HYNe6z>khSWx`dqS|G(g5=2W4ncy=Zzf9gs?wrfU|SVn6Sk=UnXY~
z4>i=2+%~TAVr47Cv8Y9*g59j5vlGaz@{%H(L`diQ1#cI~Lu=PszV@=38yW<=pS4Na
zQGCYqETB6{bomnbD1-oB#~SqlnsSnDSPD`SVU~^Zl=O+E`1C=rw)5-}w>Mk7e%;qs
zT)fM;m}zObQ0w-S0b2=%rYh!Be^QLw!;v6Vbly{aK<S&_=iX20EO)#ws3gojXYgSa
zG(yP01nt}Ahh1%TliE2QaY0^Yp;4Q+J_w&2&TK)gWf_igXSV_GE1ox<y5`D*9QZq8
zh^(M&<#<MA)|aD}gsTmA3CsazWCvUG<z)2felIj20RrF<H<_uL#IGT30>UK&GumbD
zzG7l(`uAYgXYaJ`Wh4KJM~N6kJ@W<sr0!*4u;<8-VI^B;Ti=E~K>UaH!<{>5d7iK>
zioC>LBe|vfoIVVeE1lnB7j^<9vubwE4Jrm}FCG$rJOhl+xh3c)%8%V6^JbZl98J4|
zM~0j`*{>h}6Wr)yVZLP#a&Cml+AMR_aA<?Xdi^J>*QoaLsTJ_)Y^YG`z3X%Iy6OFE
zwq8WY3{PLdnIk|yAVD?`L|w4&58Cf!OGk?u86sjq@N}4;_o(FhP|!y|xwZO8#I4j@
zJNDz`n?F+)XoSY7oMhhCmiD^;a~Hl&XCjbak!daxpE=McGOyCmOo|MB>7RT;JAB{b
zroPrM>zGIJR_iXv6CmT1!)rg_-Ga~D-BBgn6B)am@4!c*j&82d&Hj2$FCG?zg`yc2
zav<9?7Gy#a@c1#9QDCOTMGS|#X>Dz}Y{D`PDoe`7hz%Wl$U7VU`Dz#{y#D=d4+}C6
z|Kb+_ZH~8RpWYC__OA{PIKdKY`08ml@<GU?;;1o389FTI#+1^XJe=DP9{tdM!#_WE
zrU5OJzb<VCIKq6<+#hoLD_regsznVQ|8(XIPiW+_3}OnoC)ggj!&5$L;P{&{i<N&B
zsiPyi&XfmN#3(@pU@$SRgu-~x@k=p9?XxAHbkVn^@9QbU=M`Vq8`nryx9_n?Smuf;
zu(pp)Of*W>bU7-&tPPkqWit?iojtCEO`1i3g0H#90Bltr)?JdGKY{G`&vbDPmWN(%
zilAH(`EQ#+oFV98@aVPz`O#O5HzbTV8H{4W3o3@DSvUddg|8_7`?exS1LgM4x0(Ow
z8Lwfre$s%^M_-)(H~GB7`me0;f(b8`&zuE~`|i9Ka%(XsybEG$K&4@moFjU}{UOmm
zQVvdEM!ly)A|zo8;Ahf5Wwug&BdmskZeXzSxG9LGSM2DJ2rOvPL`f=IYFi~_>_tUt
zqcMLzhXbNl1lqmMa<#pM<W+dlYUo3XX#f;G@5{i(4>+L0t<B0tuIKZRP2Y?2ue>yG
z#!W9F-Lh_Kx=Q+DNq+&3g60z%YV)i&bYhAZRV6JTopB(&py|Y|+Pu>pAw>M*+|(Ui
z<h8fznFZ;@%^iI^hvU02EcQ#8E$?}-@d+BziGe%1K_G{q-=NZ=wL3bVq56Dm!<3mC
zoh16GUcaGU(d`@cf^ivXIahgEw<_a+T*~b!`wfFSe6B_n_aElwy6#FKydfJeQAI=c
zFWY*Ab8T>qF><*@w|L(N>nd>;xV{b(;B7>A?GbjDY}*`&1<u8QO)o&4!7UuDjU4Ci
zFgJfS-%=-9i4kqHk!YhC%&zXD6$}6VU`C6VSNI)|VpP<Jel4e~t_6Y(ExG}3zYav&
zMm_s-g*wQsgW<SraL*}I7n>6?T-g2|)7MSu5(T3Veh5{bi7{A7msQT2Bi$Tqc<0!a
zzpd18K1u$Hnyyr2O7Z+L%;YI@lR{YBt?I`>ygje0csscoFgvI;>9E|9Ego#;M!mq>
zx5P^<ZK#F06+Rg*9fv*`KjgGr=a?4sEuD|I&*`MWxnPkuBI4WBw(4c(1M>Y>=1$`3
zna)o?)e?)d4h_no2IEHd+OfmO5qjWLLzEwD-AmSsZ-2R?Ma189TSvg2lJBPR78!%M
z_?x5-e24@oB;FbP>Ej&$8toSw?@w%Z47kR!bq~mxnnjN}VYp<HG~ji2%x2i0j}TJz
zQAD##^e^+7oUDw%+-SCu=bF;kmNvUD<hGLwI(O%^*d=5SVaoZzRYr)fuJ2kXuf^pH
z*+&13)nmX>clG?wqBD8SXkyIt4!!*ecZIY+Vl<0b#N~O#cfeFj!!d?D{>~L4F}IgT
zB0+Rr@{yluhYy1;^8#~1N46HF`#SuR=#z<Yygt(e;Q4tA<SJCt9~k`ol1N%HZ13ip
zRAljt{QKT*yGK_eX+hY&Msk7w`6~PfjfT@WAZ9?&I<YYga`~iRQ68uJSUl#ewQu2Y
zK=eu95nTgqZe(Q&(=B@44MXx=Le{}L>`lVb!CD59NpiYKW=?IwHrTopHx*vT<RHlQ
zl@HO)i@5N|ttqka?+m(J0`}+_LLSwxf9;i<bE(tlas#b$yIseex@2d7B{?Fy#Atjx
zsv?FP#D9As4Vz#6KS<ht;K{eu)}3)qQyiHY_b1ZIx1A;?RwZ8f4K^<Uy@)uIQm^l9
zENpDNlQH|)b&phMiX)O16z1qo?f1IkwH<%nyzMcpTmwS@ialQ(7;G0OiNYsQ_)QnT
zD#vl<Wa#Nc?CInc&I4*Az23R+OW3*5XNi_DpsWmQ<L$Vq89H)1EDUpYb&QnRVq0|h
zrSFBDmL4lg+#Om_689s!)GTRsmYlMz9o6}o_InL~*~k9hqLgLJsLpmwl;&JEH6%V1
zqa%me`oFgA$Q_1`IeMQgbyv)9y^*stk4{G?XEQRu`oTQ?G;1onFAXgbs=Xk}%<*=<
zSN5)u;(iBryku^4>6sTaS2bEjb6)?lGC)5!C82|MDn)r!;^whnRKQxSnU|7rbm~79
zkRz5>t~w|I)s>M}j{UcqX7y7$`QUl>KVn1tJtwcfI#-Z=2lqitM+I?g3%(g{^~*-&
zs|5+p95C))lUgbP;|#X0;@ac5Xx23fN`1dAu~$^c<Ij0sqIL;UA)i*_^}4|#B}eP>
zH1Abe+)Y}Q5QuCWTZljlvSiK|%9X1~rxAM5e=o(z{q3+vhQ_kmo{J)<MteKFQ;;w*
zx?htwz`yYD2V?U~K_{l9BAM7k0&;<;>8Q1|cQc8?w;0D`YUrRf{x?O%CxUN^%U}ed
zHQZ}Fl?j3;C%G%EU{b~4wV{;!G!~Rc8N=vtKj{gwN0*hGdQ_i#j7a0;3Rd+R*xglX
z%Il~Imk`_}(N5h9cTZs{+4R_nJLaLuGFp_E<3Gf;5%Cj_EJJZRYN-A`Z6rJy@e_tj
zL(X7WsxTMzQ$s77zXJ~T<A4eAYDC<`ICCFcb1LrR@d@}+vy=|yCDMfWje$C}V-iC%
z&v7a-<TYxGxRM}6G^Yxp4t?UH$_s4dm5kg{fvS2mar0Ng-q_e8evhanM1C!-3Jv>=
zkH0U4i;nUQGs~pEx`=Yc5O04$KNI5Y9H!oMcS@_(w0pj!Mz`=~g-OgB!<=BhNe{LW
zsB0q7cjh#vrkZK`H<tGbo45g+atw=#cPZtw^O$@BMG99h?tb>DR3=Z#hL&dVf34E<
z5J<(Fo&4DugKiK@E566uTsnGOCZ6}{OwEvc7I&Y0w0z62k+T0Jo^lL!UQX4RV@=zu
zT%1TgCX9eRF+x9f<-y<k0I_h`YP0@pE;S*}dvT#Ux^9$8|7gAfA*-48dF$v^NFmdY
z-3FP!KP0Db)lgDs1Q$FcU=;Gg%Q*82dT0fb!0mbbdecbSOL;W@?9S3VDgBvi$wu0w
zZT#_L=Aq1((pNZ!nFynFk_N|M|G%AoH4vtyE{^GY<5VJW6%9qA6#@#pP*e82b}iKf
zC+F~j3Qifd-3K&B^)(QJN*RJ4-W?eiI5i~iE$F4=jx|paTgoK-^VUe;wze*D@+(@t
zP)0k7$elz@5)TM%{bP-@*YV|--exJA2}H`Y%>b0|M_3Ywv8#>cM=J67SDY|<&%D6I
zI;Fov_@hLGxe;MB9PBwQ#Zvs-7D$(jXwJKr6u0*MC<<&WAU1f+45=;yc;m!*YapQO
z#{O$o18wiK6GsD&BEDj-LmzE9Txb7%)?ottxzYyuEpM&kBVo(NJT-=PbE@$BXh)}*
zOC9`X9G>iCq|5rHb~8LREnnzbU8o2AMI^Q;$S{0Sz(|*|;X>>_ByFx5Z7R*D!o96J
zOa6RNRFk$aRce==vVC7h%mjdi<ykox3k?eNjz--@N5qkR7tWN`&y`ciKRbMz>~Kic
z)xv0X=Qtc(csTuHnYtFd?ptuM&N7ark^R5Hd)t3W{4|s>kzCrfsT&mHVT2gnfmbf7
zYnoxM{aM#oD#w@^4XI6*^xr%l@2y%aX)waI8Wq7oKnenPD}4VhDrFUErR#zrO_2YS
zdvs}~Y|v<yv1HoZ4!N68);45*P)tfAQ&GX4VC7H6fY`!0zvR%-4tZuk7R8l2UEV<n
zn0+=EPuhww5JM#Jfc)OxH7T`NgYr!Ng^%b-_FMGQ-XZyjjd(Ee$@padI~;7H#!+?A
z98^~F!rB);i-&|n>RszA35NKolUL%BSK{cT<#H8%|BTkeIeee(9`1QZPPabq!06gP
zl0~0~gBnWW)noS?iWaX$0;4To-!^!p?Am)90`Z{>gp?CWYa6t0NGR7(9$rv8dHXLC
zde31w)!e&Aa+a<0PsHn;<bE4zlncUmd<JDw!K=AnBv&IS7Z~VW{B+_Fmj92XtBh)^
zX~GnOgyOVla4qic?pEB2Lvez8@nR|N?ykj)OK>Poad&tBc+dI%Wbd8K-RynN+3e0U
zvokb`g=1;ok=@h@%Z=7b2QO?SFUfrp2r1+}+mX)XK!%AZWbPP)`&>$7zhs?}A2zw{
z#e`N{DYY-r<zXrIzSSIh8KoUPV-CD(5Juq6RrOscQK3mgIm)jvW0E?rjPKF#<-EX_
zx;|m{i9CFoo9j&s#A499j5XYrF&*JPoobSQyICh12#i~aoamY6VJ8xfvDjxrIfW&x
zfk}k)P8H>Sx!+t+b*G3bvmyh;>9=G0kokTEMRMK$#5#Q`#)4+bEsyT~E@OlC41=<2
zBSXkiB*SmZG&Vfiktfn8hMr?dXC<=%?A@y=jU2K9{gkZ!AQ@g%8qH=!v}x}T*faK(
zDow9fF#mRM7@gWHT^~=XdTPs&6+88Y@mm_m-wxbMk)abB&2m-AM$!+Ca#hgPZ4cFu
z^r0Ie&v?`0^ks#ryK6;A*yhGvzet}R=wxlvBI}R-tjQ_z-L}_R)AaffyNg`eotW!k
z2*2a`j9Xf&y2FYd$Yymjfn=gqtxhwkLiWb(Cyv;!L%?yn8dxc*V(8jF90%Yypa+tc
z_$b9D*qK=MICADYrciX3-NbX+**|9HMNtm!Q{PFTs>(dn&<#vgs2)Tl5b!3N9Xocs
zY=7U%96P?O&abC_zxEnbB_jG<3!z`B@2SM;$_CAj**dzHfuHGGjm?7St9oKvfEHXl
z`5&clnm6fSspaPw9JBNQ%gQ)BmP2VTV^>xCMG6qy+{ZoPB?XAqnYbL}PL~s{+Isof
z2MARkdVCNUnjGEsIMdv+QjNwY%=<)`cWK<~7C^bc(o6vDvR*cmR^x=g&r<T|2$5Ph
zQt_^4S%bc5Zc*#yz~(KeiGcr%%<?cH-)A$N6XP6u#%;Bi4P2<Xh*3i$HD8p|?5Lqn
z_u|90S~qr(2nT2O`jy}&Ua3e#H+AXVB@p7;u7t@S6R9Lwa;t303r$xDcNup0uX5+8
zG9^lg#@>A`U-7obm1b)d6<D}n+arLJ=Wu4-k-^}*A|$zfF%>X@S;dumLz8Y0zcrRL
zbWz7$wk_q%Fm%y6zrL>)lyFeY$%8W=GpyeAIpve`AC9<9qLS{~CIs&I&Ck_C8wT;|
zMe9RS=E%D#vKLIDU&SC7oV+GB;Quydvd!A@TRw_tVRsfyB&cP7WX*3=Om}<eFECSk
z*&2ABt)2Ecx%T2=@4BVt6Fk^+nVL!yJfyOiIQ<Ut0tOKzi+m}gHCvC3>vciVl3)Lp
zUmgDzd<vG8WBx>y-Qu=T#6b(zSH<E)D8z5zDMFGftx6c3?i)xl+0l^u1IW}s{f$V{
zV*3T5O08ZKhLU@du8}6oY;KcBKe9KreW10_>R6qw?f}+C9*(i1{o^8%B+k`wjh#)7
zFT;@and2WUGl$BdbZ<fX#9<VQnhu+slNjyjwGFFtw6LuJLe09K2rO+VfmNqmh0~d1
z6qdHKeoYkRukzWfwyw+XD!+ZTz$mw!y|pJqX(QNhJfR4KEeuAe(5`B(Fy)hHqM+kh
z>z;9Lq9AypWe^;&pj7PxMD)};@r!9go9TH)&@5}p*K~?pE?xwz<z7@(J_LSiXWQ~h
zP|(7I+e{=Wl(dZty7+G!&!wXGZxtFZ0?nZ#s7xFpTG<NHIEpi6VU}!s4|pRAdL=Rd
z1r=KB`If%Vy$HxQo{xUAslLGhUO_=gLj9Lhh^Uk_F4X92#P)L0CwJ(&xilE1qhzGE
z?)~Vk+uq_<^-4G>Xv>w?uS6aqdL#m&4wzzXF8500Uvohzb8F;7_;0Rhj@--A;6h2~
zWf}Tc$WKqqTv2Wj!9KXOjK&pU6j+>XR}_;(Q;ery5YhL0lebw`kGx0RhAtNrp<^*f
zcclm<Lj;UM3HnNPv^TM@01<5=g|LZEv3le#oRgDqfll5<^`wv@(QUkI^v$1WamPQ^
zk7W#voKSWVoJP^ep`>cHRCVv5F#a_4#^6PWjS!55=S9E`<Qa$80l`%yzf9;F@gYRE
z#%R3p|J>5S(78GH0-eoLly|feL+iYzSZO;9Q-dU?S(`~^|5QLP*1RM(dmlk|huGoU
zk0ALYd1%g|mlm{(JrD#}ZG;wf|54w;6$Q4Dhv)}4c?Lu@k`bN<VIy6ATk!8D-VEAq
z3BJOxiz5rP%cxWVUOxa5;PIUYK|YWd2M}+1uEzo$GkS+XJ@O*F$n;zqz>9D~;P_|h
z$A7DO)J`1&D4T2D@wcNpN)p}sEB$prv38~U2yXZQEkx+i-P^;HuzPfeikuhe*9|Aq
z6O=6G?9UmR*&3p6(Bg<aFXH#qvPxV^cM%Nio`iy4QLnhU65~H($0?Xz{V7kcjTK3w
z`)p(z7*9nL7{3y&*lDk6dgUq(5kwtYka0xkmiTU4M+nxpFNsprjUx&d99r0q<}u`?
zG@Z`Jgi1#bE~s0Ns&=sAr!NeE#0lbSzvt?@BxMZj>T~0oVps8fK1Bl^?<);hd^Lrj
zMi<tGt5-yijzlGNNCvgan{FAyTbzHh;zm)JI5jg;;@ag|)h0+G8>;%-DY-J#C15ie
zyOe^WP)!XoNRxq!ukga^nB-uor>I1r)`@li*R_SVudeiW*{bz%QMK93O~q=$#jgf$
ziC~wiW|y3Qo9g+4Ak{Ig{>2}TVvSE8o-jpyw(~lqC_wf|6k%5h8}cnJCO}r>kMh{w
zm4kF#fM@#`>4&1Ju47Hxg-mq9vRhKP>AWw}S4Cz<2wXdOlj?O8(zS4r3<wsYUm>1~
zLtWdnjoY^LU0ptl38t1`*;sfZ1bLT`Sy*t>!Ot@@CPuequZRq6sG~2$W<<8Rpo#Q2
z*L{rP3qRU08g`3H5y9LP44XWJ*+bb98*yIEP^`mv6-ZdFnRXiImesNXK~jd9R_|0X
z4SrJi7>|%Wwf?PHxpAr`D=D@YAL__(Ac}mTu2T_X9bQty7*B_lR0Mk)K6J-I%?Y^~
z7B$l2J04CuFSOjkOuLnPZ+|iaMZQkgY4?3RBi`+UHOCI)7p~4|?=f^N42H%ahNxc5
zJ$r37uCi}K+O`BqI`1kz7y}oEcwrqJzl>AANckUhR`Yn`WOCjTA%Tu}MwQ4WyjP<?
z5SMvTXlHn%(@9Qn{Lm_jSzg8aA;~K{xNieSQR!C8mK&K`z{@dC2>D&f1*-jxcEtM0
zk)c-L97)&TtRIHrD(B*$JX6-Y<7Xb>cYKmvZ|@Vyy84$heWckC3Xf>2LeW1v0W{O%
zVkqa9tM<}GJk#X+Cv*ISj$*U1+^E~Ggs2-P0%tSxyLUzD2tZ@dbT7}JKEkb{?pziK
zobmFX@1(4$0bd*l?i<%>m&M5Oxlwf;e_M<8_<GZS%EOH-86xoISSTxkrPp)xnG5XI
z<ofKf5V%$4;lcPB$!-X9Dz4W;9v-J*JB5Zg%NE|gVY_)Qu2){=Bbpq%Em2T<q(9L$
z%}he8B}w@ye53m+OU)8r`Uiv+hal(e%P3v%F&nq6kHIAmvQ9?t<Z^=;%qOw2(2xM0
zhvN|95AiTd{iIt(It-&rp^Pqx3MS2=b)33*q@si{E<VZmH*FyEe!L|ngoaM7&mQMY
z(v2m{D@!FHZPcy~P0)y*Q^Lt>tSaw=s>XUd7wFZF=MOgoV4EDcYCj7@yPVWJm(=^z
z=JewP9OD#3-_8iN%$sTsbfp?>4&;2#W1VuxOI6ZrEtd4~V{7**qiWB9oouY{)BIT2
z=?3U5%-Mr*{u-?CJD0@C=N>ccj#JgMw?be!%hbRd?W`^DvPfs~HwBcCh}VGnslR}?
z92*MF<T0Rb`)sC9{qb=0Leo+ydB~5GjKp=f`ETlUNGH}!1Hph`C-|m8f3rzhiNTRe
zms-}NGAovHW10yRZouOsCJnQdXC4Pw^OA}S)-&L#a^2XaR<&vS!^UU?|FdQ7Q@1L6
zpt$n1tv&E!G)FDRV0HfnGez>ylUjP(?k)fm1V_$8C2M7tj9XzYYY=-^YDq1tjnU1j
zOxi{Bo#Wh1cyZ^4m%fXqG5|V`ba;ua=%&+!jFCU`i=5{)lBsFV&c3R1amQnjsTdW`
zwnbDo%x`AL+JLvrWyeKNr*0k%1<`ir$j1BeuiZ|E0k4;9VU-LIkx(yVQ=*pZj`m!l
zIC^6X4K<7255<*sTt@Yh>cm53#^>e4tqj}lUg|cGja_#Wq4b75$m^q?C<$R9OT6UA
zUq=VsF9v~r`F59Ou1PQ+y2>PT*%by$_MpmEC!Qqj&^5|7^;k&;qo=B@S5N=Vjo<d5
zudPmxJF6TwA$0}I7veX=*%&fJA?Rz-ra>ZX@zeB&9|9jYyju5Q4yO<7LC}60+zCrL
z0(^Di61O}6Tlrp_8H~Bg#qoHq`<?|tV$CT?vCa8CG<a)#c>5GY;$F;8kFE|SSy*N-
z8O0MRrciR(<C)8ZgMf+WY`+}uvWOQC0~6fG`41lqKXYWEz`gE|U&y$OiK_JGG2ZP)
zSK77xami-rC{<~XIP25aa;2i+jgX#7{Y*kN`n`5MQNLFPf)J~})29L^q~C6o5cE|=
z8T+#@1IdczxT4HJoRZeISUr`2oWz2>LXTLiK0?b;{#}$!V+^;N3BD+yMCVDPLpmvV
z?*%?SF5>Of?+17m%%{SCt>uuzU^Gy!7Kr)jHxsn=LJaZ(XO*&Q)v-!CQOlBQRcYBC
zi_jBV-mRz11})GA@Wx5=EjG6!N?W5deL2;z9mV>zG)tefA$FmU4q=bmH0+N7eeAas
z<jG3=6k=x1^ZAgri>n~(6)F-}aVf|<e48K!R*hCDfdLsR``chR<w+_-CbK{gU(Igw
zes&ig4q3ybnKUo!_A)|12pvA(rWaUYe`suNz;Hg^R8iUfm7oBdk@>>||02{2Y<68h
z!Rvp$?J*NSf<on2_MrXuVDqNcfj|sjj_!Jsb}=#?U#{qOGiCC>3(C0A3{{KJxVWH7
zd^xa}lm1cvMoI3@m<m=-sf%2icW7K=&=>J=;{IGor(u;T8P_TQ->JD~uNcEBYV;BL
z)}Of96BHsg@o@V$sJfz1sGxZ~5G38d^e}VjaP2Lrxdq}55Oi;6c5zt>^EQI-r}%RA
zC`Bk#&fd<WI1=yrxrbl#q~6CdjGl`^)#l}Fd&a1~Xf>>InZpe=2tZy{b+(}W&e6vx
zF3Zt=Dj<<{k&`e9AxonYAHqhL55*#RAz@1}v#G+D`y~4HqTt|iX}aGsp{zO)Bp0za
zCItHY<ajk{TMz~U=)}$EBw!uRhUH6>pb3ss2;UX-BN%0c&8)QKHH_axG!RIICt*E0
zDxCC=Nyxu*iy64+ncOh_PvAdu$-VOHc;QKpw>$fPlhebK+-`PcPUJ1bxN>yTz|^{O
zL~<6J=HDQDzPw#u1>RXZpAx;i!uIQbLU5hv4Hm9iz_MvUhVUd47t6fD%ihb7Z+UuB
zOp0&G67n>kmf!|p8mn&ZuZ`K{y*a}CIl^AMdIg`5lexT4>4|K@zSAwqcpLY7M6INT
zZSS*;C}1Oq!-R(%!lm)Phds>$t+?LRGY*t}!mvlm8X0-SE0{XT4=a=eM}<G4te*Q5
z)!3o3U1c8=Fkwg8qDElTf9zZ{i3)2N?;|cPQg)!eT_83aTBxNMjH{(!eE%@DjG;1x
z{v}17UE+kX9kQtZJ~3t}9FJ{j9u~_cEDfHNhAmL!kRGvmFY@3Y7laTo%=;JgHJ|q%
z-ixlO8+=HAoP6B1$PW=2Af2tZe{-mCJ}<F^^Fk}?{A44EbiE(Q5Vm0U#|A-8G;!62
zi!dbUh3EH|UQUVIz5Ru3aXl9O-rQHvQ(tey1_3Oh;|yMxs`a$vSVBX^9+<i?T&fdD
zce#TU*N_OuBSa`tck2iPUHL$1gKEli2z7i9IuxH9=y#0zNv6Y()f-DJUPnzh$)Lz<
zKIQ-zN;?yQki&&ktWdF#+1yAs5B>Y-WtR=9qPSF4+r5BQ(upiYB(tf%3d>d^wNPXC
zqE(smLFx+C@2>F`)jdV>Jo6!yUKc?Vj5DgRL1e=0zh)A?%*G}<$OTm3Jm;SAQdzeC
zy%G`kiPPi7zHYx*MEqe#In@6etHvaSplDTi2^(D((Suh`8`Tie!}H!WMfAXuA@3o=
zHh!Q)X1<K*kv1)$ML~L;9JFDLF<lUO2e>i!gQ(PLHZvmFmWWo8Oe!KUhC+4<?nB;t
z@yQUomtYUnO<Go&(boWx@>q)g<7@%7-UU%m5Q3A{m6Y`)g0lcF`iPV@o<K_enGu>@
zuMDadf^!DpsOsTJEcmulrT*J*cB+!W@xL5Ty`hdA#A5Yt(`2A<ajV-kP>++{&y*Lq
z@3&fb!yDWQ7H^ZeAh^)s#W%6BSKQP3&TXrQX*O}*4g%}ZSKRSM5{`eq|Ml28vj1%P
zCVzD7e~|G~e;JnjI>q<&?RDwcztp1BXyKalWWy@$Wj+k7k56auHu7xoCck&g%)h(#
zej`vXJYaV_@09*ByA%Pu)5^h|k?XY6%u;a%Z}9NaydfXc_vKEpK(OAoWqa3{uO>OH
zFG^@z_r@tGB7*1~yS~XAAfnI_m>Kzc@S-C`LiIZ!=aq|I+>}?$gcm-~FqH!r3Lb?d
z#!{x#sha`9gv6xcY>R$VLDo}P-!G4;&B9|rAyVKOmV)Z9F*v@^XKMDm8BUpxg~+`c
z@#q9#0=Pzd(SPWsLmKj+Ay#+F7Hcd>Y1}tMEk;vHXzcqU(?@iN3GXi@;3fgbYx-U0
zCD@zgBozVil!rzWDC|`e9WRb<_yBR1n<2PkPF*vj=}-8HFAc_A9*$G2)QrJIi5^W?
zWIR>M8rtpy1Jg8>Kj}J)5s4S~yK(r&;!5s3J5|J8S&C)mn!Jt@^*i}fN-q{gM-Ah{
zo<#ydoYamUXAej<iWOILB~7+68KZwa*uw7q!F1thLGk7siowTe!yCT!pN!Jgp(%8-
z(>&G+Tj#HB{6<fG6#_z$rsoX!UoveqcSm=AW{+(6uA_G0IA{tfZ{Kso_IhjM=8laH
zqbEB)cck<_*=p4qa?o2c@09#jAHVvp-V$fJDaSiunUYvq&O=ufcjZ&0!)rx^I5*@e
zG*VH~9&UOeh3}}yLVsqvXVqqapl_MJ_Bvt@DQ`3Ha)szDen*#17X+>PM+~=6do@){
zxbyt^_H)>idOOd7N6N2vV~iT6@qyZ`?Tn|&cVuHl-)9#V8~ktwlJ7{)OSaO~RN8C4
zY5&w-z!$pz@<0KtA}QQw<RF_M+0}N@MsTVISno{y6nkjZjiwg6Et;K;<6C6t@t{{3
zIaJtKDJkxX2xs$kI%!Sl;1Qfm>u7c}ko%T_X(js&^f@=r7}HZsrQzuCgj&VQ*arc+
zfTDB|SuRz6-LI_J6^s4F_o5XA@);lWe#SetW8t0Tq6?a47MB{4w7&NryYAPZRy#j=
z=NN`lKlu<Q53$n4_sajk?{3OW1ud}+&B?M6CspwTIoyVu9i3W&mq)fm!leM3;5?~v
z5+1iZXZdf-VycmE)l|Mte@#KvL|f-r4Hl1^!TbIS-!hiDl^;!baR#a)K_6IMCVr4P
zv9Xb;&Ho(rcZ|xvVMWWnw*29cf#S?vWh1fsUL@lF8Lxj0O|oR?k{ypUROsad4|-w>
z@-j;Bt{6d~ER-xsXo0OaHkgRvAvlSE@;?6>8GK$v;<fO;Qi_#w9UJs1-vTkh!-`Gw
zw@5KGLch~my7)))eh~h&GX9aukl@bZL-yoafHbnruW)mpW66-jTmC4mU4tcD14d(p
z`(R-}qYruihM2+Fr!WRwr)Cu`_Wq4L4N!!861GUvOp{?rxofrr3IRC7bkgYy+N-a+
z?n)T-dV;bHNJw}*)+6IT4x?{F7|KgbLgN&Z;ub8#)=zehjTMGW!}F{Z!-FE!&AJW<
zd(Q#TXZ!+$aMH+tDDlzdwK6u>pMc@LH`pL8Wh5sg${M<Co_?}r0}#O%>)Kxon_Wua
z1?6{EQTHoo^YJ;K=l5x*G^nm()A8>Yw2d@WY#Mo|!Kx$rfs%e%h!hR4&lCsY^Si9s
zaDL%t(J_wVfihg&&EfOXoGrpnGPGaHU;)0N+@@2l7#_20&F^9GyR)r-#>@y#4vTrp
zGUGO5X7wPc45eSdl}y|iJ<3i#j>8Kj$S;KV@~$o7IjpJ08Jl>n5&1Red1X>%?G2sA
zKk$fW2#a}#vx+9lFiU&#{Pq46VHWcuWbaO5d+mnTN#lcVWM2vK2$}WH%p3i#IiT*v
zr8hFOt?yBrQb%W&PQQop=JM5#bmrzP&7BlRHYby>UC;;Mh`GZ)To7saoN#wF<|)O_
zc>J5aCyO-o#|bkvm)@%iZDEd^QmxZY`V=`o|K;*MI615TA~`4KP|CO|k5pdhaBt!0
z6EH>W6J6HExp41>Op_YRu6Wg<XP0l+tpQQx(Wf+YyK%?ge7(RLeHu<Dz<Ms<zu+&{
zh>8`@WptH^R4__&U+P@xDxU|kHt@iqntsaTj?ZrIt@s4^T9Ez|)K~Xmg>NL*H%Zg)
zEOQG<kfzd@rUjc!el9V4LLKYvY~0DmS*hYVke}By>P*2^@1Y@o{x<dAs_aJke0Mle
zAF7lzSuM?N2@?x-b4CE+Zbw#}Mbq&N3}Qj{&kra~i-bHoE&Yk2m8Xs51@pG%cp)}>
zJhns9E*wG=s!sx8C({&senJyY_X1&!cRwKsA3>2!jyY+GjcfvI^M45xrq{pFdLheY
z1&XN#e7`Mf-VUWJU42%Oep0`+m{JC{`{k{Io>RAuvP-!InZUo>W!gQTu)@};77085
zwDW39^FRJ-kFAd`jXNBR<<ng}2)4Q2{3Q?SG|V#`Z6Ce3Fh7*+`wVff{%NRfS@Z9a
zM_1a0&0yR(KR@xxjiVld!{7b`l9ntvLrN_SV_SS=wNx~H+3vz6U2BUbSZ*Uk=p@zQ
z(|-jD5U8$lle>Y!EEETiOMAc$x!y=u!9=%~qFNcpyU)-1TF}B!6w6rd@Bo+GN~_*#
z@aHmH_H7|Ti)`=GFUGH#b`QkCnVDm(^m=yLQf^6Od&q}ca19^Xt-kwkr&DmICk-fj
z$?@nQ54Lfjb&g+jyP}1CV=hlN<-jgX8+s65$QEHVqUK~j<%5<S6?Er+&X~x?nc}Z@
zw#6=(aCf2*Y^?_?z5;CL;Tk04u3wHo?vw`?5iS*pE{PxrH<;&ondw1C|F2k}HJQ%u
z80?Z4CcXW{-oJujx+%rFgLREH3}IW-Aha-wp2{ow&))?QY`I|@&@C|!oOwaTR0n2~
zeCxF#E*pfPEN-6bYXNMRENjuKb`FVf96!_<w_%)r%j-yOqKp|@jFftM_s0m(xBTPb
ztvb5aw>xn5QKqQ6KCO2Hw*-LLLtD}reFWZpnUh<cgF$iGor*KRu7{icv-&b;@?au3
zU!tF*pJ)vJ4i)u|s&dWpG&6PY66W^dr8~^?RM2@mHI?0RJoRDK`wdE2;Kq1r6(QTq
zuoTlvsUNLQPwfQc#dQH;U{%QjJ&a=4{Zyq(Bl&(O8btQ`u>h3|f@=_efEm?@s3<vF
zN+=G=lh5_#em2OZ_^3iXsEzX@gOv*azpBK<*y0@p)das#n(5Efs>+-n(+L-vBs!ku
zLHHHKEapu*DvV{$ldzCef(c`-SCm@-P%5Gi$<2UoU%H=iC40K$`5q0Xauv^XM{(g$
zfU#;~qv9eh_@zZi!0*W}1;{|xf?$dA;OS(S3?r<#Hk`X505zGeoQx%wy<{14aIjpm
ztB2t(maaU|Qxj;%d}QUB+HbrP8QwekThHPli@_MZQb*{9J<F2PV2<^LZGydy`DnpO
zCybwh{W2<4%jJ)!B!GYo+l9?#7k^7=D_~$x%f-j5e~_JL5jT6Nod;Z$%{fuif(nn|
zjvfCctZ;?XCaL<W1zGnyt@|!T=9G5XzZ>7q`fQ-3VJs`pv;oG?IG9a(gVpLH7O4X*
zmx{K$bk;vPY7tZJzMU0ADb?8QZQ=0TQA2+9MH5Zgdh_AfS}vfro_V0Cg4vL3=KWCw
zq*%)Z^Kjc8`>2d|h^N7O?C?%#uRG*UgXpb&I4H76%k__QBJ&Z6{w(W0-M6{;>cjg>
zx{nI@XM1t(AEy6UDhgUt?=>BiK~S|^op-qIGg`_h?#j^IrEFNP+KcjgIK%l%{~7Q_
z7XO$kFIsiC$YtTKXtNR_r}$Z}bK(E(oaOExC(&N@1xwSGE74f>70X?ZD-pE%$kEa@
zip6~rmFUIcU1yJwZ*FaUjs~EfKxLEi<U!rkG0g4y2OJ;LqPmi4d`kcA6VRF8HCg(=
zwWG$*ZwDK5_x9MHS5En4FUoc+vbYmu$t#CWcpjJU!X=dVnJzD@cBZ^2>nVgYk8PlE
zLy_plp>FgIpCmarozKMKuu7j63qQGo)3uZNf%a`L2{PPNkq>f}m(JI#XoGLUY;w8o
zEQ}OS)-L@@y~R~iwE8Ab+|V9doiEpcHpbmp(#E~27Dq}?(>z{wpZ1TSyTqmgG9IO>
zc9$nKU(>+O=0R_yD^OWV^cJ^gh<)W6HGxb0x^6)B_la5Lp}a`*g?{y3@_`R$SC6oh
z=9{!;$A55gygGG22p{U`1-%D3Go7B=intUUpDr6AsZEv3T+4G8TXsaJwSh}JOMFVp
zNz0%(J%X(w32T1%CZM}ZRGaBelAAO%ke_dP8qn11?sD9^1==MhhaEFswvA0o((lvW
ze4AlCS5D$UW^#U;xp>Hqlea02-*XoEOVI!s(l4%oB_e~@%;dw}-`DQK3EIn8ih?CF
z{a7Gha}z^GzIFSjh>KN6<nQTW30SLO&^V4I7PD2-`YQh80|ZYt28twO_7GIxd}igT
zB|T$s%3pVOxZsrh1Sz_EpA^br{N<+ikjOiij1H);bo>(^!OC8TIFe&hMMwTF!zq79
zYxP#-)2Msjt>YsEtv=!&5-VsHAplO=S%llFZw_TnS?Jy57cj}}F#UdU-SWcNL2*LW
z(YsK5okT<}2M*iLPD^_f7J3hmKGODIbHx*gd4*N^Ei*=jq`WfkblLG<a#N0d$Tavg
z_FvB1#ZV+7U)I`uZsmai2L~4&4Zq#7gUH2C_2kIm8{++v7m=_e%~42fc>C!WxI2HC
zogkT$7!{{`I3ggr%d7b_XB<leCR$|0q$AfGo8K@T(VD>I81vSeN6ywT+^+Cjz=OHZ
zlQ@xsz|6ap*`vgCT%4$J?UvWmTILD*OyHMY{b18)FEr!yLYAH#H8$%@VCY+rKT5%i
z%f)v$sJ*g5p!k?ZpLHz*MUndMgDt$YC`LQLeKFxX)*0S;8w;8J<#LsNFHL+fXe=z2
zn(tMxwLw92S^>FGd@lRt`n*@m)DiA40{%>O#C_3jdF8Ol?N_l?32l8)e7=YBA+X`-
zVofmgb6*H^#cB;u=WTFX+<h`77)T(-D)kjie~M-%KDvKqMOT~?o{N1=38QZL<(lD9
z(VIET`W*Hs0sZ#NJiAb?&=h|joua|6-ZT5gKQI3bJ5ySgzVJS=s#5;v44r?khOAef
z=>T@s@IM+pP2r6)kZ<1BIW{rX%ZmgwpQdNdIU{I10q;GT&P!;z&GA<v!R$j)Y;Qf|
zI$U9Z3^OqPWQXld2*Qy3jJozM<4PUc6cuF2JWn)S)-JInDJ$joO)`m}oafl5%#?o%
zLnT<8Xebv_j^<1;qVbsI-2A8xH6I`=OFkmr8#H{+dePvkQ}FLxPYA|5>wxw}!2`mv
zsIM#;P{*Wp@?uAZ*in@HOiD<xfTd$U=e`^;?^#4~jPJf4nSGFQ6~%vE=6_IfjjJd2
zx!+|y{%wl&mie>`{iV?K?Avm{#}BOxIz;zD4lQu#epM9vyw2-7?HOo)Hr*vb_cw-@
zL5U5W^*I_Tv(CTtCr2LphXa(*Uk!nunb3bXJFeZmnkPHEF&od+8|eKeS8IPE;yz@W
zaP1Som3q;KM(iz@%;NH83GGP<?u0;8nfp36j}4io%`^%g2QrdR=*MFRIG`Hov$2Q4
zy!z>#hWpJ=fj05yO^~~{-G9dqdeFws7A}Xk{QPlYv2=AUyE&;cn{Q>&HBD-Dlnt`K
z)Dv6g492tH{?=ZQRE5wW$pxh7jsm*XF*-)R@C+G@lTc`^wS>6wYPHg}lBu1r-I=##
zOze<)wSH0Yi%_>5-&yTdB)caBP+I=DIY{a3goE{pl#;B~6_!4X-Yr#u-Gfm@79|Q1
z@$^NDDZ(hIBgu09ArP`2EVe#=SmH4Lfv*kow=;zR_Zg$})hd(0t=!wN;nh7rXH%+X
zFuG<rBR*u@d6$i7flY}E%<sq3_u#A1qMSO)u}V;?lmcCPNGI$j=7v4F{9!^4J9j1M
zJ#w9;A%s`TlnGslN|%GVwX_Z19^&#SLr!3iwJ!bCfoY-zv@YpeM#6L<_@mL^f;sh#
zYCj*#%JuP6y`3fA+*OB3u%v9q(WTRv^^00_YH<m`S;K@tyGX7k=*7s?-+-#Q0t|Om
zi}^e+1tXZ8jWhOwftPIJQldskSz5pIHD><dmvK<QLk2a9R}j;98R5f@?qokg{>2OQ
z(}f~*u3tzreSU0clhqOvC>SqoVvYc7SXzcXW#JP`7q)g24JQ`W#(G$BuXaAX#l5PO
zn9gOW@j$o8JR5NwPrWr8zLu>!`f~6?sImBKZwqxa)`x0XKhMgq39FUK@f`FTE`>}{
zKTEym@~RA5s^ecj6juXJ0(R<#U`4gawWqKxx~d@UrmM;~pK8j_6+X00^$OV<;*t`G
zauaUU&<olkl+X7EkxmA6ZK*JfsP~{;D^1q{Hq3!glfNu*k(?!<04?60TJ2Nnod{&W
zM|uoMKOK<;OvHc&rAH<ChBgEG)n;)u7NAp(2d6yB(@ElUpjP>RN;ZbaPY3~*2pdS{
z;9beLLqN3#4aity_0Pg+GHJX42ZrY7(a7Rs0L5`IMFm|NuBkYZ5+XLFrp(OHM=)+Z
zGVNXbXB5Y-RQ}x5pa)a4ItBOS2Fb8mny2SbqrNp?NR+tEinM|*J;9CuGnk7UWPFn*
z`>@Rzi0^<2sd@Y*`(TV6cu)P_OIZqTHYeGj5iV-5#w-h*v1=8tsI~KdU8W~Mb+MkS
zsoux9iU~4qpo^lY7!E0)NY}>HJd-SOO}m(6cn~-zR}_(J408&e%@B);J23_sCt8Fg
z^l{^!YA2YbGzu!{HK~wR{KJT{7w0LUB$IkP7l=RCelMHbKqm8De0}^h1*yCd@b;T*
zSF^h0Aap?hTkTTzzptsz?c{lS${4$UHUdtgMkU@Q+Dl2yG=b4$Wf9AV(el{;J;?p9
zZpVy|hA_Qo*a6SmjRE$HY|?VvRRvPH8^C-Cv$?*Ux?o#-RGy5An3X9ej#pDgHVxj`
z^}|A&jELNAaO!`0e@~DE*qLF1aDl;n9q$k%PC?e&+<a<zC-sRx8U7G8Vc>!;VS?<X
zMNIyE;`3v}_&T;@Jydp#n!m<?<>ZPYdVtqcOPM;hqg7~NN5MZDtSQ-t5nPM>6WL0a
zM<6#6UWSfm8CVG}G~tH-O?OK<sWxW~I(^p~(&eQwUS`YHP|o`(T8;(&U{{)g=-bQt
z+uA(WbCNqlynL$i%E;s^>t!D0(m!tfl|L!&D)V@O<E$pc6}I%Tp)J%KsZ>713ejYE
zB>!QFceQSU(%ph5gf5}TEs@E#*R3UgFW`|c*llz2Ab_`=McN_wv0UlGv*wRr_vWn+
zF%lP7B;B|tiw7_p(eng2-e7rUL`WmAzZtA)?n29kUPsv!{58ol$DLG#ALAX&T>+2P
z+rq1LPr_u+nkhc?smv?V4L(P!_i<lrAp9=-ju;q9ge2fx1xJw_;dw6F{Gn2JF2G0?
zQ3!qWUxa6u6@GYl|Cz|SG$L%=YVM%G&+qi;!a9kf8;{S0J}KW$WY%X@M}zFaH4?J_
z2A(#ki^@c$1HCE&fefwBkl;NK;-|M7@ISV!^V>6-$zqBRqS*5ZsT`PKiJ@>eRQh>+
z$CR~L(h#R}hMwHIZBjWlyJ`~6)34oR<rLl3Q9%ya^9B4x;S$SiW9ea~N68mTEwi!f
z2sZhmJhkCI=pQJefM0(x(I>djaK^H~0CHT=>9wrkm0RiE$!V9uQ)KV{C;`|P(UV-b
z4;3&LQyEEU?yC-p#sN0`*z5;YQz1D%xc1LtKbYj_3cM%5_Rs8X7(R0$A>E~l8M5wE
zm*lc{1Jsv&<~QJx-k%IHTfEne)Hr6Cy4o?4L3%vw=Y;+9b8$=0@>7|U62z*_jU|#P
z{~SViNRGtL#c_$>l27E;=MtfBN3B>sOYg1D3eublg@Ct$)#j#$UPx)Z)*ps3qA$_k
z3(C3ddS+mA$FfcVoo;*oV%&jQ?tA|#e3D5Y464Q;#DEcRB)frD>uDy18=VI>yWsZ3
zII2>`Fc#NqIh(1>m3SjP<tj-Z=D-v~{m7wqAi^z<Y|}br{3*ova5*s~?)0E4!VT@~
zUA2$SR3;T7Yy6_`FP6lr&7u8kAprIhh81F-0Y>aa;r(wfCVnE@!g5d*LKPi==+cf(
zlq{+Xv#Npa9X~M>;6mP~&sC^~8c2ExGwOLNsm>%Ar!Px%N2wQuLIB)HjH^*?jH9}3
zFAD_|pj<!J2i(E9#~s$wT1@NvI{|q=<|I<uq?Cm`gi82KTKHy@NVFS@`*xBK2aByp
zq11X2Lk~fW?U;x2Vx#$ffV;==dzq<?s1R3ee^_aM*b~|MO%<R*PioPn%mYf!b)?D}
z67cMf25;e8!IPR;g+|ZRE8zPJ5b3+2!~^UQUux|sN$x<!ZpFk64G*KXa7+bzWd%JH
zQ$2!Wl8%!Z2xDeL9YCWXrXSpDD6@|tJ;?=;Cmk!O&1jHG!IzHdqcoFB4*rET6c&+E
zZ`%)1p|9M)s@p>H`;0{(102!>8p0tBqmxe7r6mF;zB4Yx3{j#)s7QYVo*-cSCg`H-
zlL5kO0<+Ob?^9$4ziVRs{Gus$E(FE7LgLhtS>XI(R2+jrL)Dj2FXO@bWBp6KW08(5
zOwPNpPac0R8m#NUn0&q~5|{?p5?re$)~eA{695oLz_OZ8fB!kzIIPQ*;BHLovX~k#
z(r#oj<D!Ih&sFk`VUfU(3OyP7o1{_<nyByjN@qMp76~*vUimP~JET>11c}RUJ%8m~
zc{6AVPMFS`o?(J~elgD*v!y$-xeSyg&R^{Oqsi*x&+0Ej<w<=%+?T~(Z-D7BKDY~h
zgY4My_YP<4TZZf@xX85`^*B>k(E}!iqHzFu>VT|ifvlYG0<68FqJ^Id-9z?9?U^=s
z6>h6ovUP>E4NhV_0?{{H%0Kr>B<UNRyln#Gbk<VjH-mOf?69ctPYi(NLPv-lA`am+
z3!f%%_t`H1#aj<k`&>U^g6^mGg@5KCv>9cTF6L1QgnjoDR1jvqZy=VK1Y^`@^#8(>
zU~$0+;Lqnwu_KbGvBtnuEp-14dW!r3rcjXf$~9tT)8!xy!2A@ff$|oM7#Y7tgZCnY
zj^ogw?0D)+%m8`&VRVkjK-4lA)USnr?SZ!2z3CkUd_>v(zb#*LZ^zfvu@VGyL$&BO
ziMO(>Y5vkKQ?tORn>CrC(9~nMebra{Hwi9H?j&O)_tmua`ojt19(&Nz+eZQE-(n$m
zR3a^(i+(-SB5iK&8U-E&0hjTkS(&QQ$!OVwo58t1&GqfW4%+;;^Z&Rbb)S;Wsdfkk
zug_t?-f4G_J&D6kpocGn{)*=-WVOHRacQ~{xa2)26TJ-s=&GmZRZacai%Lk8ZXGW}
zG}fi>9^^{svZD>)Vs8a_jI-juZL=^6q0LKG;WEn*%B>5lr+D~%d<ZQb`Ee=Re0$`z
zdfzAx)J11B+Y|?eqMC;fnXld#iUT`{=-T3bCwP1rIH`9WbB5c~6b{I-4@}gvg%v#m
z?9#zE=>P%KSd`ojLyWObPvrVXjLq;U6z7B%J98FzqUFYb)9}EhZDRnimy&xeiTtO$
z<#JqaLm^=VUgW%EU_>u)c^W?1q8E6GlB}OspadT^GQaUpFn4-!1K^L+bhynG2t$z~
zkFjhGAuVAQYYpCG-2UecuM*eOKu7q%^1>BJ>K!b@5prq&(>(ZFs0}I?&Lxo|r6?ao
z3X!4TAoVFf@h{S5!N4boDg{soZ^#!K6bnd}uA4L5=rCQR4SdLNKAV)rrp<3T!+_18
zDnH|?i+zHi<pWKm*w_A+7EZe_uW0wV_cbM)XGEl{6SsW!3Z%*{?04t+$Kwm-@1K_L
z*Y*jk-0JLdrW-=TrfQiu_iS$Tz$OW0%?C<FyAdIv_vynY=xqG+6HVbuGs+URQZOq%
zVC!+{<*Z9pUNy)Ex<RNXvzq93{~~L8wpL_}(@g-i(j$hMrLYCe6F=&Hj`ouGjQ+sX
z^ojkg&Zey@G<j_p@8Q=6>u9nP-cXTf5ZpDf_+<2pl>ov5OQ;d!(_c4~oM@_hOO$}5
ziPS_^;cwDHh!?k1tA6@Ba+PK<1L__4Rf3pw?!@wwehdLgb7goEs`CZ}K6<j;e$g!#
z=g4sEJStXm+JO^LENogAKZb4+(^Q(yfdDa$0Zfl*3ThQvKal7$j|prDU_$L@y9I1W
zT%%*o<faqg;{YqJUo>3Ecr?Wz5sjsJrY2bVI1Tve(J9g~YYX@c#YX#N&8U~zizIEO
zKCv#6+qebP{YCTc&+GFDG(MKzCq{K1!1m$K>Uy`&e~2wXv2BTz0V=do@Af~vN{J)_
zBC-KUIR=_?yILHeL^?@>Au?jGfk#Vu_bu4f)tZW$tqM-guQ@5LJB-d2Hoz42L(B58
z7qPtn?4m9LbA@I$(#;u4ERqr_9#4SuLZFiPjH?YfPXMVMY(UavYl{9b(st2^oxW<^
zUdMD#dHWOgU7aO0Mn+Z_9IrWfw=lK`sb#i|iYYnz_M<Z8K6~srV|VPy4wI7id=rmU
zg8WOk1F%SeGKD|(hl1@{YblQb7=sGmLh~oByOQI*E4e83R*ZhIc-eN$VVU^sPw=X+
zGa5HFmcA({snLBUY4kfY(HW`;@TZF2^XSQxGnVM0Y>#4YkismUu}ARZ>qLm=M?J*9
z^FvWNh7v9CdJopB{#c@8vOW#ktl^~QSl<|}6{(T36y6O|yz+kcc%X&iZh8OM5WqA3
z!I})PUuR~(Sd&<d(_V~mozbHiIZTvM-cP6(S%DM#+{j0tJHxN{(b#*t!z>6b>4v;9
z-?<%6M=WHIi1DLTrqWv-vuAtzx!U|v8^;$GG2h0-r9GOjNJ42nCs)6|0Hli@pKN1g
zRD@%f_EsbU<-<*AR2*IWNI1n@ZM_$jj5>Z7`DodRk<S#^>8Cpgk>5X4R7FG8VVBga
z#_mf2LB+@keH?*u(|wTjpj#&Xz*x+~L%R?+Kz17)2q!nox3s5+T7D=_z1bp|pkt-g
zHI*~kXo;iBs?P;>?LhzU^fVAn0e2-7jY)R~qVnY6zt~|GkA_9%iLF8)QR3X>yvKcO
z8W>B09g~4pWt0Obbz&%=Wf5~|2nq_|@>i%iHAO@4GDi>%!3Uwtd`A#H!naLr0b-;4
zc0v$+L~-(35=Ai*3(GSi%_i~*T}~B^5e|YeH09L^BGP1;+=Cf9(FUM!7<m0~DRRn3
z;{1;2P&`iq*bye11QA8Hnow}0G4jhM6ja-g<l3)w`zoa?BkB6~P&;H&E0IELiLi99
za>C(tv8QK%m7aCtVm6vwu9}QZU&U<t2L46Mifm;r6BRVLb=)0%)%r1Zv#TVv;wJY)
z(Mz7D%Oc9DMevFY);NA~3aIm7U5rG(k=R?!ym$au@Hm%rnjg=DNt=MFj(vWWwImX3
zi~d^9&kuhonY}RQsWXxQlNNP5KBBQ>t{4^QkikCp@o_?rp#sSDgROoq4L~sh%u$$#
zgr$wg5NP%^Ncw|8=|ld54cI-c(@yXW>-i?6s}JQP7Yl1OCHA(z<htmy_PME{4^O1g
z8bg2!KBldR$hg1a`PMvu*tfiPfpVeC(acA@=9Ccjmt;JQd4lJ~iUZK3<8w^fUyGZX
zGo;hn$T2$DVZ5u&@D@O+GrX5Yg(oXpVvcp0$V3!7a|dTOsY{2*gaQlm00Ze@HuEGq
z_E;ndGxhm5hDrAL(a3L%G&Rh)`>8{_{q1Ym3J-=kmPIMU#T8WdUX>yflxesxbC}QW
znIaQDW}0tyMBSIJu!8Kfe^L^ZCTR`cbyH`B|B0|z1;Gp}a5MWg#IEN@!_r<k)qF_s
zbjA+wjfWW?W%+VuPu~1n7RKB@w5<A@-7sZn31pY-2bftRGsOgcco|*eO6@^k$+oI1
zmI?-TEz~hb!HbbzWPJ$(En%p{`~#AH7PEdL?GWDX62{4P^)kCpZR+~f7%VA9o7iKM
zRX?duZ6q9kjSIWLf!fj19py(Cy&e*s-3H7D)oD~<g~f_c;<WpP;(Svh#>`3&w}GWS
znasa;4r(w;ab8dl$#12{pwh^+zKopPpmU+$fRPR9b+t$TL`JF6DtS1Y7>>854oSo)
zZ#!vV1{>zX8%p3IKH&7Y42ZGNxLF7jFiem90U$7QOj<u({;hhy$ff3)sRYSmw?XBc
zT)qpS8G`4S`ic)|XG0Rm*QL|WpfZBB5kqMn4MhoTz!#9p?hqN+XZ#%0=VQN36S#*D
z(4Cvwbh})<r(uYB+N;>TBXjY`A-Uoc#+-ST&4C|a!l0m$n^MsXODRb;6vn(Z`n-PD
zqPK1!AdXre<nQV^q@`cR$UKXgtUD-Q`9L+XFn}x+pKL0gd7oPG>94I+uYKx$>a}FZ
zIr~ub=b07yBIuwBBzuT~Lr^Ld{H)OE>Lnn9i9jY-H%lQtE8XU)rT7v~dO^b~NXHz1
z_RZKj8bzc0bZ6T1L>VyRNB)j?)Pd@wCF~=6HgR4NVcsfNF*H}u$4lZ>0ps#rM)IP-
za$pJTE@h$ct5O)-_90any?ekywVzjT?s#K*Yhwa%=Wj9H+daf~moiNOB*m93mM+*%
zI&U=hQeTl%@uW|$aELs>Y&$NT-s+wbn-*8}>ahq(OVAFFcISsbT{K}+K;mR!KeMOW
zuSx7;ug?r5xs4cN;hpIkwOx{{@ubg2ksYCQtH?Bo!HW;Dr<h#$_MSbTx_8k0Qsvid
z2430T=?=xR2Vu9~QlD80E%g0QM@IpfGnXB%3A4{GeloStxloZqJ%<wU-951Tuz|aT
zB(x$W!nW6Hk+SF<0#c0w@4_di)A1ayNY$h}4Swk%(*h5=?$mHJ>nE){S`vy1ZN+fU
zb4oXiVW)X>tK}3RmN(UV7JJyylr$S`m$>c@C9ARYWCzaHJt6OupzaP$;IIUK3mR#^
zA)HWMTUAoA<eyMwZ^E`+WdhF-0do0~mUW0Iq!s^(vUnm+sLo~rl-(WMaA93^>UK-y
z@0{95TH=lFm2h?&v-U<+-B0M_@(0G>--G_C;_Tv8{a6Jp%TjW@KqrR%`}c8|*}bMs
zI-BX_XZgTGL1p{=mPSk8nzTzoW#HZ!<-I+PGLYnivbiPRQkR__NNstkK!1%JXx;f!
zVZ=L2zNmp!`{ku6dB?jWkK0Vvx}I0N;S6_)w-dwcg?xO+k81EC(T3dzS9F=FDq0IC
zAd3o19V(CvaMi2%=jERZ;GELfh%$1$d`<qsfKr#hARE$zP%eF|hdnc<16Z?klGHn+
zw)&k;|F~x#__0m0Y1V1hM7qYB|GW;sDT-!ttcRRXVbpN(A*<Q9G0f<Z7}jq0Ij{O7
zYmvjIz{ZG#tkRlz_f8Sf`t;pBabUhTlFXEV7Gey8G~;4oZ|OR?4L)qo8!3ww%{jtR
zCLT1U&#RBjRQxv1tG*_$V#oYJhj(H&#BAhL+0@|NvWDQ6-<^!{4ol+fGt+i}3mJUW
zxopk9*E=yLz?aJ>0#)QsR0Yd3LCYagi}EaH%<g39cUa5+MhphmZ3CNa8+E0eaO2_?
zV=~7KWKMhm5Z~nxr2l*e27?W2EgyAie;F+b?TQI}&0s2+=_Y6DOI~w(0(?M>6eM*m
z(B^6>Vg`Ff+xJh?Ff|-IRq8xAc<WC+R<(@>v~?f01o=$u9#h=gk!1fC?Zo`^N|^o8
z|5>W$j#~(~@r*{h;oGTG%Xr9BciCQU@~M;T*J1bBUE><QdyILDp$~x*=#F+tFG}Yt
zXZq>mh(H38?SFqff95=r<thf0bNvdMg=e1K4Y)=}*KhE|saWMVyFvf#jPx5+)n5e)
zBmp<$jG$qU@-evo(<fT|)?KEhw2{fBCHW0dKIUw=E7qg79n18Qb{50c3v$o&gc*n_
zt^G4wlcS6^fcy(MJ6q$GUc!L-hSg*l<@-K<74<hkb^gp=%R_W&q&Z?TrbKm}IHg?W
z63tVVYL{cAZcNRgu4qyXq1%y7Xl?GQIGUalh4L>90ihlzia_mTDy`)~|6f?@f^=kF
zsA@Zls9S#Y>VhsQBvu@Pa+CKZKkQ{0FIO7{2Dx@<yMyxqx|zS@jFc-20Tb?@XdiN|
zdnxpL=JEmQ5HN<3LfLYqGUEpOmq%9E=ohMjB!C;?m%@IQ?@i*fA!53Ntbtvoux3<+
zRPRnn<!9DF9_o$mp17JHvT9;{@s2d=8W1or@)srp29|}~fAIvC5X@~hAR<oEbz`}@
z<u6X-EMfJNFO+}4896;pOk|33Kdnt-F`P4UZk%wEm>2@N6p|~j@s0vjTqBKM7M%j|
z18<~;_{N6$j(9|=O$FI2k!)&f^T@+${V>X2_wX!F+yd8AjWU^aytx}{{LTQPYuF4+
z+WUcFCz^78X7(MR<s#&Su-rolGLtJ{;0;YP(vlBvvnD1y4bo-m&(x3dVv`ziSW~IN
z(z%DcWMt=*0c)~MxpfIKmWdedaiq7D0bG{Gvdjm_F<1iWUsQ<0%2c5(!SFP|T_6zc
z3t3sJq}Zu!ps7O7R0x$Z6`>69opFj+ajlI}AxqA&WlF}NqAJj#`aMqdbDU~&3O6bE
zE-DraoDy7|TXq6SW}!$nDvOzvl@oD}3?9`Fv{MjssZ|Qvxjq1gF;=v|n!Cw7P|<iO
zy)h)Ot1?X-9A%Ot@k{=<if6oreFeNTy<L<myct)KyVv0~ecaJXn9r`m9@L@nV?rB!
z_yY{gf$R(^%p1&qkrQ~ycGmcYoI(p1UTD<PXf+zUkjgXFjYWXIO4uIRyDB|2b@dT5
zPGZ0jyt52_%J>nShyasqchnUD+@FbTp(~lVYOlZEi6ui)>&Q5brW3KI{b|5huzliA
zs8%c=Q>$^U53{H7O4K@;SHOPLK0MP_EsKOVdvX}tmNGVq(3p5Coj*pxQxGDi@T+Le
zHaf9{i=g=AW)zaS2~KlI3BLqkf}UD%m*$)j7>*_LpjDvH(xJ-Lyxlu=eS+P`{BvI`
zLrYafbp}<5izYc6x16tpEHR0Bn0mFJ98AwR){NlD5`lM8&YjNc9KI#6D0|1wz&FWg
zR_BA(NZcQ6T{@N9u>D>@XGT2$aYA=P>(>O<vatO6xD~2}LnZ~1kaS;hKQd*L%fN}1
zOn+gqr{9k&z{L2)bIy`y;M|_4pW}l-_rVq5-Qyffay?419|ye(n)L*XT;6jq#Q18}
z<XHLTWbaO&s}gqy2_%s$;P73+bxuoO29<p@_nX}O?bFqYfjsP<OC>6!d#ZpjkgU?}
zTu3Fpe;bF={S*Cad%#|o9)36g<K=Ezz^fb_u-@>|q@YSZa>6(mQT&?D|2#ILRb+BM
z(6s<TpLE|ppeyq)0R`tCtmqUxux%uHc~UnZ4m%GWYk9Rp2E+C5@JV|l0FDW(nO!$%
z=}#me`+oq|Kq<dnlo(CNLU{_zxE&ACm;b>d<Yt!$-o8YjompDU>8KG9%F3c7F`6es
zwCjS=<Vyq-FA<PV3thjw8o5|LEWyOj3DwG<;eEK|62YQNgxlxR#j>**;fm1mZ=dD%
zdGHd!o=e<58(by`xy<eJ++~6zmkHci9m75cULlCR!tHa@6@nkGaQhSjoF%J$t~eu3
zMy?Y4eTCWQ#>Gzi+;gUgeP%C~TVU7CyKYH^-=USW*kYbBOP%If`E0TDnaeHKi533>
z2##4S@uzLr5)i5-pXFv!<0?V*t5!2<d6gjgDoga+a5I^5m0-wKX>@}nw?xKmeyDa%
zaBFytp#C*0w|>_MVy_XnCkk%gT_gDTn&g%!xur91X`!0q9Ou^gIzh+lR&Eon6O6mg
zoQ&X>ew|>!b%{~yDNUn*aZ3r+I-lb<^x+MH!8gP_OqOE9+A2_%glbEK*spI8%(`I}
zn{k6+^9>eNwB=%N-yrzohHONd<d(p=Ef3Z13T~@!60Evu<(6}k;NVT>e+4(~7Qy|S
zM4Xo-$VP~gTqzcWYJTT=gLd5__~n+^^+|G03Z}xMP_3OHym5=*nk1Yf33C|X(ok)z
zAS|0t;E^xDn#W|L&`yD}DpcEap3mZ1`2^wl1X}AQCA>@Rva^3#<<+6;JyCgRKEVg9
za@3Nd58oIa;JZXr7A4sMXG2y0Jg)AFe1c{9BAGt6L`+ptk}H3?P_3t^bReJLH(4o9
zR?2g&^k%3wOH{g>Pw=O#lrJmgyH;uys_hY#Ub#(B={6B>0+Yu{q9jA6Z$qp3ToB9u
zZGyVD#qxifp!aRD{NE;+ep@X6w+U7;-g?1YCpe<+1t(@=p7U~y^KvJ?&(JO&7;0SZ
zK-HDeTz@h$#R5&Kn(Acn^#zGR5qaH>Nx=RK;+vIioEVg82J|Dz6^YVdfs@_E3*tp8
z`cli~rxzqZrScLdK&A3U)$+b7mKEs2E_~yF@QdaOKJAGLJ#CqjUGznX70Fpv_?;>>
zfuNa_0i|=G0TpTThIv1`qJWBcm$PxGNaw%-&Fccw?+_fkO;F{ek8yDlt5^3C!O@2V
zRg8D4bPoKEUEK1Fpw}}34+B)vCD6b-r2b71`!|6{$3zw-2O9X1t_sC1P!8+pW>TKj
zD5hzY!#cW~7eAyFJt^g|jvj#q-XX@FBE+3?SVvFu;(^i>>q}D(>*!@x*UD0KFGD%3
zqqj-9t`f!4N|eJo`f%x96ivM-hjql77eA;<v7rj(u#Udw#e3B$##W~s*3r+r2s_2P
z0Ll>@{Y^pdJ1A;9C`WL_1sVvBjUg0?A(SIH2AGrq;S>+TC`WK~4OUH@MxS8S7GRE$
z3F+t&#33CwgVZD+erE*%l&^!-*AWFM`-4=^oF9N&m&KuVZlG=+S{Kx`9$M!H>gJ*K
zlbV)8>+C==$wf)-&E*E_t1t6O9#xZ~QB4ZyGsB(7v1c!<E{KJdo`n$$>7F2!Bg`5x
zYmD!$Yyr}*h!flMfnG+(*QDrQlfpA^3()t9II+DLSlajyUrmaAH7S3ZHC(94Xc>vQ
zM;1w;Mp9@iBTD*!jHsy~fz`|lEdALP-n_RWDH=vnp3DhC4e5;VLSSiwC@zwsA0vYQ
zt}6m!Ff@pR5l+ZUEBGbPoMpg&uZqj(gPdT5u|D!u4a;EMGQbF013#tc$Mrm8Rsg?U
z6~i0t;KNG_z0)Jw!H3t=`c99T)y43Nk{sS>hyK}B-u_P`DL!FM(=P`*hj-gm*Wt}{
z8QyG9kdYzQ;Z5HRq+Aoj+tXnT@5V@qHIWpao?C#ZYw~k94r6#<sYT&gOAK$Q=ov=K
zNX$2f)uQNAi$Y6{C~k+z*kultdsCa4M{txLbd5JJr5459T2#E#B~(6C8|u<0y&dLI
zXV#+F!79MBAQc#VT{I}&VIT~y)uOn>)Q*`Cl)o+-w80#MYPBg|ugx12?JZwyJ0Av#
z(V!l+DZ19C(3biYw<%{N3f^+Zkk$Orq1U_48}xN;idnTqgBo~?28ohv(0Yf7FvzG)
zvAMR<An!Dw;SJHC$Y7&EH)>P-QJcauF%7sV8}w$d(V*#XQcQl6H)vutdCZswgT!di
z;WsIMf0IHR>068q8x4xDCbzm-&04{F=^MO3v<`({M>Hs*nv4vqxiqMDu-TxHIus68
z!L;+FHw0@@sw8SO4pQI0ArA&8tpT3DA)zU$fU?R_j^5<EY@O>+w68<WUAAxPP<&p8
z!kv*ByKL@tDQtDAnLY_NZWe~lUAC(?c>2_>E=8BR6!0Q^be`Q1pWOl37EoxHZP7jr
zp57Arz|>po@P6;6b$@13U5W{HskuKRh)c<m>;BB*x)f=3so0;1m)zrBjb*>1+OC`8
z*~hvRyX#UjK+CU7ag+Tpc9QB*c-Eu*SgjsKt$I{oV!UO_#4PrAhn9bn4{*<V6z>{@
zMrtc9Hj@z^b(DWSpQpB;)}xqGkD94%>G~8e*bkQ4eqWy=tv-c2t7D|L)f!N|)_|I+
z?X(6IlN#``St@7UQtzUv?bKU*Yz{V{IM9Iky^Y?^)OOLWqN%O7eAac>E$dP1G@06Z
zTVF*V;7o1r7f)ZuZb@xDg8wD8O_n_yy8uuQIkXS*`AFSwKykMLwPaqE8&bT|kiwnO
z8pG7NAw~U$ROWG#TN>kb#G(Bpxb<#C(X)}2+q6a$A2p(IPZQiS8&NE8M8&k8BL_2w
zam#UN7xVe3?|X}4?^{%4T2d?)0?KiR_Qq|VEET*(k^dHjHm8^s(9E=C<uF$Hq(ki~
zDhEbU_(f4@GyRHrAl7(`gtPlt<y?n4S5%IRqKIXcql<CGhP#NYCf|t0Du)D@t8<6D
ziv>{>^P;%BI2T26EQ-RNks0oyV`GXojk!riN~h*z=yVreceqI|YD}@PF>@DDoXmd5
z=`I}hBJLu(ntT^HQ!hN&`?EV%cd@52MOI^q8uu;48VVLVUBs=%6gL_h0~$LAm?=4?
zGe2D~`1NxIDwHX6fXZ)Elzp2*89oP?^)|&PZ&TQ6ut-C44qF5$Px{f;f2yGGFg4!X
zr@`$V3cN%4H#@3{oza9vfSay(H2Tx3v;R93HQwPm3u21IMNXYtzeCZI@dR1Q3I1W7
zQfl*V4J&0|i;_HJf7-9iM}MkN_U_g&>>Y}sjE5~K1=uK;r*zhWXZ<SeV$E)u0;Ik}
zG5Z|~rC|zyCKONJp>StpYS$DXt_elYCKPI13Xt7|B9r|XmI64MQusEdC}rEDNdeB1
zOsIe9SLRhF%xjN^&ze#sHDy{I+pQr(HU*0T<=1{59U0-3-5P#uO0l*ng*&^W-rcR?
zZc~bDtSa;a)tnA(c!8@!^E$(C&n&Qh0&Y4$E?2X_)S`kcUMf1gWG|&9^JV{wIk339
z>Ei6{x@<-mYexNGwf$XwcJ^U2ir8j6y0|X;$a9J12)ulA3bi?fzR?n0ynR<d<v;?0
z3Z2X{R!^iEr!4`LM#1Wrclo6MzB$G6<`i01jS@Tt@sS(YtnypI>V8rAa&wA2RyonP
z=ux)$DHb1j0Js!TS_Z2R?sAV<HJai-(UkW}ysva>j4(D>{qP>|l{V27Z$<N7arnrP
zV5y~7ZbwsGie|lH@m<~Ssp4c*iw`L2v{ck6g)o+Z^b1yVgyi@Z6g^vT$x%LXzipXC
z@|_kGH(Rg{^erZQEtR%Q!))0Jq9k{>{tl`Tbzg;YV3&q~mK44%DU_YNH1ump5zBt8
z-=*R6mK2|~q)>BrY1rM8;+K{bS{i3o*F+1OA2+%9A+Scu6D1kgP)Eh7_c`?JMN5jm
zT2hdWK33=%<FHM(70UsoqN8GlsO8&=!lxAl$?|c9yyeJRIj(YFcT{{PIJ9a-(SmWv
z^>Kx~J@=8PzD%y&p;vz(zNyfPBB7NCn;g~U`4=Os@2J@6ArG5UT2Xw{iib_NTTxtV
z#lxmXtto1^W>M^N9yX=5rkK~7hfROBrnu3XuTesPE=$(1>8A&LjjGp%qD~tYHZ`d3
z^fI{*iiAxu{I=UPJTvbah*tjG6bpm8Rkwsq$wAJrDez&j^i@MF4k;$&-#%1XUB3O>
zwLL)&J^djMdiuAa=+%Y?yL;MDq_^S0?zXlR>)Y~Rw^lofpmtPzsIt22YdjtL#fLBb
zP-S)b(g9a(LLGXeM_ij@?I@PE<J#<RPqC>z*XEZF6k9rQZR&NT2<s?9?||wO4arO+
z!lCzhB#~r>Ppa;+5Y}?&Qy&%nhNNqY!X5g?M=xuUkXlNXWQ!slI(ckG#qI1!v8p3)
z$)-*et2^<Qgmk9x?JW8=z*UPk9eTaTFN3`Gl%wpu0#F({^f8aQuU^!dVt!`|EiR}S
zM?Zxv?Nae%R=I<t;_FXTC<{`6KRQ#K>`bA|N&&pOP?Yb&qPrD<x;h2u*oC517d~@R
z<=CdW_Qb}1Rqj9LGv}u+6kEEm=q^J{wI}i^BQ4iqUfYu5^lfGgnj@KJGA%nfDsFqi
zW6-=V6lc2d7_@3vidVX_9BBoQK?ilE7|@k#nIpB#sa`Y&o%=+*gT5=pqOMHKGn{Pg
z6IJY{kvXA-Vo)PEmwY`}0!kN${`84>`+Qf5JzXiZi9yA@@PY+{530)tl33;L4&Sa%
zt-+vMHwtv)`R)Vhp&nE(KHv54Mp2_170Xb8uY8M>uglKBmw^@bKIO|$+inysyYXcx
zsT;+NZhRTq)Qw_oH@*ycb*CubokDx=TXY#R?5R=>xw*hv6BJZ_$TMzF?YdL6>dx)y
z)9w@>cV}*SCAX)&-6?i<=OZQ9xLFuF?dhFo;&U4BQUtxrMk<Vxb$#Zvr!;$U_Eb6r
zh^Zk#P%DiPzumAGDwNk#fZp#?#JtO+dO@cmW)-0P(U0alvqtp~-=(<!E(M9J;TnU-
z%NB@|bUo+#mC^p<G5CLaP*m<AV(^htuVg0ge7{Qnea>U>#yuz+_TVx2q#hLGda&8J
zipSuadQfcW!DH|<Jt%T}@EH7+o)i^&@)%qQaF(nwc*<Wq25;MwqIFLZgO8O>$ysH_
z;3xm$G5DyS6vKK_xU)M(4E{q;iq$=h7<^_8=j!<AuOcycD!*Osxg`c?i`>#0&P5R@
z!v-u{c8uruEM@QKZ4B0po)lMlQj}rgL5|b(7|q3g9!6+Ty%)tBy?AKQrx!(!UOY6I
z+l%6xUd#r+=b^#TUKEFV@z9`5ZwlI5xDIIvIW>xg2FIRrgKXNH;+@{cPO_!(_n#LD
z4W87HJ1Sl;tdCSn@H+e~iHL`v<$0MV!Ol3L!;9jO?^>s@l0yTR5ZDcQth@RKt4Ck(
z5ICVXMSO1_0#^-?ki^xN5cqI!ir;%vXd?rP+we3Ht^V@FVKwt?!D_9)xrEpIQ0RTQ
z1VLv*)EbKf5=&u=rO=uLlmx3><1cqg*8s}9!RmKHLfcr1MzLH%y40k=D&g-~if2qh
zOh8Gf+)OFKdo7^!2v(m82~mA1BKvX)SyDpsT8o5zeJOVLrO<i?lmx3hCM9Gt2|a_=
z9{+F&v>(MkLPD;T;JwZwVM;%W3H>Ovq=4ek(M{$6J?(Pic^#m%2=-aSBy^YqZ0Sd_
ziPfHIcX<lYTfT3g164_aupT4kzbqMwlJm<>ffeuk!(;v{{U|Q=qagWq*R0`zT{QZE
zD~Bb46~kaNIe7G^aPLn+o)_U@3ltn|t|xbE11k;}9BTHb2xlBT0$uZtFnRWu$hzgH
zKs|-kVgcd1{VBTj7r|v*pnRVkBm6Z`-v*oYQJeTcVZh!$0LuQrinkS;nV5XspJGyf
zk(l(SxYD0{pZ0MSE#fHLSslasY>1;+8^^tm+W?B^aoqa|0lF+%y-x=wjCr3n11MSz
zVBTkJpws&dQ*5r@XJ(*GOujbn@(1oDFm86B_1%SGPKUFrczWLm>rP3;za%ED1BEwj
z?b@ELfqDx!o0$rX9zc;WfTse72T<%9zys)U11W|K<N>t)9>re+MF8D8&}CuU9;i=n
zv%MsYkCCPn<EqWhK>ei9=Ii$;K7EgC;~7uk7SFZGh^JT+&$Vebh@##g%JYtHfi8>x
z?m+#So6VYc#JVc{OQ7yhU#74y$WpQ-70wFO6GdG^(G!CxvIlWRC%;cI{C%#d#|ISn
zKy+K2s}_3$_4OrbVMM)i<RGRotN%Sv|5LS@QSbjgp!o6w3N0tNgsAtJv}n(CKsgiW
z+s0<IM7_U#K#~0ck9q|$l_l4x_s<U~Zht_9PmK$f4~H}E-GbFjo6Yp8RR>d47|eaD
zpwm#0Zt<z#45s*eFom9IQU6DqO>Vc5nuWI8SpPi<l7~M(0?H%@Evs?EDK&(`HpF_U
z5Hy6sK7_)Z(Heu%a|lJ-Ayj~Ky&ZB7nsNKY;q_K2?opl&p}0GQdz1kmQgr{2dzAYh
zQe69x!kyJIJj#Tj6r+Z6k8)rrMb=R6QG|d}vQ+5#UyXZ|zyykb1m;n~9G2&QwIUv+
zi9^28@QQg??x}JQ(b{40C`&CNj8~~*=?{ci!H?npazgZ6c7M!zK$+s8UzFnA-!6fo
zO@g)iM<!4VPoQvTwC0m(2^8NY$TOWYK{6|5+$K2a=2CoVXfTYT-Z09=ddP9gVT4m1
z)TVQ>eTPx>8D<qbV;IHsVJuh{Vz&&VST#%@OjVWKumMm$cF+!jTif9jt%qB=jTlZb
zY&eBGqcz`0I-KI$;j$4nhum{!+!7shg3cRJe*{I{5tN@EdrCr4l1u3{2Td21Vn<N)
z9wAP%Vx+FIjQgh!dRynS|C13E(?(Ee8y&@*DH)$}mX(uP<<A{@AmNpN89}j~RnBx2
z^OT-}9&yNbqO;0hIP~{K<)<Sk9<$16juQ5!lS5=A$SOY%q)DXETAm*wdu=12kRY$E
zl+Qe$krY)&@|ibsB*lj#`OMojl4AQv3U^k=n0a2KD9VlEGcRrwMek93<_Q7Ll6B_&
zm-3nS!zhZiqu9)Q9^#yN4QY{?=NT$t$Fb&J^Bqr?sZ=@CGWFJ27V}vpREV*z<`X0S
zW$vvBkw<W>%l;0eio4DA<+8^|Q5+pb;m&Bx@0^aJcrr>Ff0pFpy$Mj1AlkermlmTb
znvZ5d(<aVk_-Km3qa~MI$t9L?u?5j@-1!vRKAK|dXzLWZIGQ4laf=n)N{^w?#>gp@
zA&nuKar-BbZg#g>KeZr~Cdgz2Zb9_CJD)CH#!z$`BOJwbsaF9b)PrbnX|C6VF%;v*
zSoKO9L$P2Cg?oX}Yu^}(U1KEP<BZfxl;n)nf@r_eT!l(wDJqN=Gq!4|?BLCS;vPg7
zmge)O{#c4P$5Lq1Lra*k4p}*dRrUzd&x*=p#!?Jpm6JnVp5aR<#cM}Pa8e?xT{cMn
zj|Z=vHJ0L6Ry!fInD;^(k3WQp$V8On7S=dNjnN*w8*hxIxHguDXJyAxc#PvwPvkg?
zh;cmX={}C4>p04JKM5DSMM?607Fgqm;5~U9#l&%(_mXiGiv;ie<0$qD-r9HyWjqDE
zMsi5ZRS%myyv}^X0=td%c0yI%%h)(vl_dCBKgj6gqzU0PwV`|ZIxjcnmm@*y_*$xp
zleHU@fXQXJ&*)a{*BQxmYeml*PRQ+2v!eR(6BS<Ze7j&r8S85O3E-8_@8lM_Q<bNz
z_gwGjJ^h{f{kQB(_0tplo$ak<(kc<q1yq!=7*do4-wY{=P_7#2WH-I6?9~UB%PD0=
zuj*p4i9Mnr+q~@dDPH+@8K8u{vc&xNgYgf#Fmp!yu&iiv3B;E}odP||**Nf8D+n))
zVXg%Pt?mFQ`E~=tob$+RM;%3An7=G9FwFV(LCxy|ZN^j7A20C6x9tXG*KYzvr3nIW
ze8;?acLK$w2?B3iU|vj_Nb%`Jfj7QuHz2#cCsDjRNg#gjnHN(hQOuqs5Wn~B2IAK?
znd12*f%tu3QVyO>5jR;Ne%}t{h~H*`YW`!sk{HLWkL6bdV*$k;sMh!7ej;Zw#evBb
zWFn_=K2p?Euz+V@K&cg|#(8oNNTyJfnj+4d1z~AKF~a77>K;#?7Sx(T5j2IT1%j?D
z()wD`f>l!}mQA71k}N97Q(wJ+j|`hS=RD=S_wwM>_xQDGfR``7R;s+briVRt*8gvL
zr{9R=*Lw{C^lkhHv-$z$xz(q)kXEm{>w#`c2i5%tx59R><y&gH)Uwi{+Na@wvMa!_
zHsxRi8!8*dwJYF#W?W^@^<-&gfMF_S4Ve4x00ZV;*08KS{ElH!*#XArmo+SDAOB$>
z)_>z<22y=L|6w515AYubGW~b{!$71T<Ub4(JjA&frk4|7m|j`K<PMv6OjA2%S6??w
z?TlUZpHRWZ(a0Wlj$8hrf{g=<huQhN0LQ**1r`sp^LGIz^2-P)Yd}Y*+KpGw1(*y!
zwi~aS0}!;m7NBI9{g>|TW~LFkn60aQ#ca(8Xv0X#CsLfBLQ!R6C*$G>cF}h#h4)m7
z7Dk``WHuaS*i_HrEP=F>3Y2XDWt6n?HheXeqSsUkcXm}>Ti%8v(<v5Ar%-=pcJc|u
zkr@=~-tsmSBvD*VqEL^Ow_(($6n#IXP%o6Xq0?s+(VtPMcgow){c{Sh&neWu%G(h6
zB?Z2uP)P+FCMHw7olK#6Rj@(%nqt@gC{&*cHl%z*@xeC~YG?%;)_g}X{W}V^K?NJe
z&ZUT%OQE)?U_*QgMN|sKt6eJC;M1pq4acgvIUlrqz}u)GGgpD~C_oLVB;u|&;w#ut
zkgH&LB^xRXsbJ$65nf+2?y&(jG3Awf+=@YH7;ZyIw3Ni&hh1G!iMx=p^C>*$3l|bA
z#dx1mpq#a<)x5Y1X*i!Ed_H#}f{q~Jl;t7#z4Iw{&Zp1^S97XW+RG;PwYAE=ZYAt>
ziyCf7W0KF=)vttP`vQvU3#j=<jWg9m--%LH*Eed6T0k*k0fqLYnp+94M97d_@|d(!
zcJ;21wqOCpoCUm{+0_M|_i0Nz^A}KDXA-8nwC7{Fi5%r4YKoGKVI%D2YreuaaD5k2
z_$;I#(VWV;1svledL+h`Lj!yHQG!FOg%m9qhi*kU#7YjLB*VXE_VQZ<hv5q;5*UXB
zD+j|;XZwiR7;{>I(!s9fy}}J=?m~+17K%;eEZN*NM%cryDX$hvJhOd-5#}+1ID7es
z$~^JRT1c^NAx}IVX%xO`Jn>9Uqex0)S=DL&yz9L*iu^R5cs5={QGXFnJcR&VmaK{A
zcdzoqbLJw7&la)7GnbRG#B=kjMH0_^(RtI6`>M@ygq0-H$OoLl$U86BaFcl_sa!0*
z&EL(Lc82jEC2k_G;oMbOlI`ha*S@UGWA{yqD1KPPV|Vw(6j;n-_nC_+CNJi(d*~91
zYD>g!=o%jvkI==gWmbOKo@}}_rF2(qy4kg=uW@aTEuqL-!nK*Plw#sit_@j6@oXvA
zX7w_P`OCy6a)ysv;Z5Y;cI~a#3T+~1x+?sxT^sh=%M=y{SxT0q!oBR;?$@lF$Ss#s
zL@nov9#~GXV>wrJ=n9IyD@3<txoQz>*B-z2vQ6YCau8$xP@oL7Ymxuq5g%DeVOvR|
zWw`i|Bmi%)wLJL`1^cVmOm`koU9>`!q&FC5*GB(`&&sHk6pdC={{GQ)KT*m1jA9U`
zR<W7yAN^n@MgNr)?(B~7{?UCaDfTj@CRu8_A@Pj){?T@<X6hQ?-b#x6l^l}t)+&nn
zt0>$VnE^=|w~AuaDn2O%8=FNHCnUvDg-^;2t0;b4#WKq*P8L<g#u4=(-T`i|?;kxN
zxuu`6ynpocDvA?K8+O%v|7ZcHEaCm5sr+`)*Yl>oTKH+Gj8{2Yr->Yi0w#Ncz5M%C
zdDm3>p2G8c-Zh=Rr)c>-g?oYMntk6>?E0Q}jbP(uVd(6d=2dyuyt<mgYc=bd7*5us
zs$5S=w7;7xV!T^*(dAKR6)02eKG{{RM-L5FQ`B3{j~)bZDOqwodg!~FqR(o1^pH_Q
zXq~{gpRlWeuk(d-_G*ghtNFs2BwL4bmW8wF8j8kiD6}TUEu4mgIkINhIR(l|yE;=y
z_-YNsgf-$=T`tXeRtbaFQVdv2p~bjJa2|TEkrF)5D^POn>K!3r(^`s!Yq^AtP6_8N
z66UX?n7fWbt5eLx6$kfHLY@NUxLxh_UoPRoI*Oy~L>T2Oy=tCC!t@^~M*l!TBK@2a
zv;+Qb#hkGlrvtvi%S2sJpe(WLtN+U#a+P$7*V3)KZ&B$KjnXOH8Li>uhNM&UPnU-?
zzBL551jcQxz2ccS_)2{-o#IS7U#TO1qzL(uuhi3iq?q(0g*&Tbtkg$-q&V;+U#Y9D
zr>L@?TfPubN|vlEb>la<<quv@@&0<YQb*QsuGFz_6j`aGg-uSwRP!!>(}a9EYfKHx
zN*(RzT&dR=PoHmHsXYSRUcNyL*<pFC!<O0gKyTjtv({65wcgtOo7YopT+c!p(fya!
zQ=D2aH)ZpDrO&>oKv`thJ9=~H-f06xhYe!S)l-U%WrQp3`XV8A+y;s<8?0g%Y@kTp
zK;h144YB(-Q2eq%?ksytZpn<>YP<fY;MQOxMZJwyZhbdW^w~(^o-DY1xshV}M%f4=
z-9#qiw%o2)uErbj&qj(D8^z&FB}phsa#>qt*V~9nzMCj~Hi@m?PEywb#{CDo{#iA?
zs<zrh(R>qywx&kW>2H3-PgeH6q(J%6uI&|-Ki)*~5v!b2qv*^wDo?B-TtW=1yuq&7
ze0b%Zn<%!j${8+|KVj=ROT?2eDfr#T1~t8c4No^wJlsUh?uzx72_a)U%}$&9@Ro;f
zrU>0Ex+`8f7EzMjHQi1pib`EJQ*>gLYHw%R<Rt~_jtVwR+DtKSGxt3s{bfeUWPWTn
zeb1K76dN{EXq5wsHiO4jv;D;qBT6!_SZJ?qug>k}&&?FKH}hby(iVyeTX>9BZwp18
zEj-5RvxTD97Pi9W@VvNTb?3Ix8Gg+-4(MWDH(rw9mCtXyU){3r#M8RTmTRr~wf|X|
zifsJGB;dE|+@WL?dHuu3uA8fgJe-^RA#kC(++3Yl-Ff**b-B6vyt-3Lm~V+vK5><j
z=Ig8%|Np2bj5GF#hHuPzZl9E}Kda63cXQo{1*)xx2b4IzIaa5J*c^)s=x=O}8QV1j
ztXp93S+~IAty^G&tlL@dTeq`5ux@7!wr*!F4dB~ZD+5#nEvy76-A!c@E}D&8DGV)j
znV;Bc>K@RHk^FB9#ndfgr>T3uV0N*22E{uWVyEd{vD38L*M_8v!iyKwWm!Q$8D+b#
z4PRzZBxbO%tuCPc=4(UfPZai_DAbd_Hca`6Vgmbd+1G~cKT&LAKkoY4(DrAFW<OJ?
zfBV{y{xiiI_M>zS8}fgqxXyl5u3<yKRtn#(6h1X-*l?Ze;1go`VYq~C{D&J7>H*5)
zfLA*BiIm7|Ccin*&uQmt__guQYufXRE}Nnm&5GR=1*%0?0F=}I=E&FZ7bAb#e}Hr3
z|M0hr{8@j?$e-gsjKMzdZyD@7f6HKB@V5+hGcnjL*kB*14=9IB`QDfK=ZfWE?+g%w
zeaJuBu!pS_v0KGpAM*du_~y+vifY@$VCVSr!Df~sSlW=zy7Q=i8D)!~4THB)^xno2
zhI)XS<!3{=?G*ZU3iYs`4P&-b3}rvg`Ppz`JH=7<<CdQd2X;{G*+HQ`@w4IeofNO`
zq);_~8^-LU7`Btbr-Hu?*<7qo70VA}d^<^nVp+?51GI>MLT9gIB|#b^s2iYmlmuQ4
z_|5kMoK9`&CFcfvVt~a{Zsa#+JBhV3ms~6(w?xaB+YnH$`I(lHY8RGq&2J#HjLJ%=
z@nf=K87syB%5^`}OisQIC^z^IV@PiLSqv!O&tgEg{VcBIj-O@s{7=8K@2X<=yui=m
zRPOp&?ChSO#m?^gS?nyspWE4Xf0b`%kMcM7#}U-e6Hrc?jVs9K_-a*{9U_F;o%CzL
zNG|TA_;n{mmA6M37yBAM<`;@Lf1#+-D&Dv_#^|YEDIWep;bHVouBrFjUnxHQRh&|t
zGB0-AMbUg0j|4n!L+qoqWs}TLZ6C-N_0zj3a(A&9h|LCHPN<@Q5uW!eb1>8f<y?Rb
zS{B8NT@=dU02{_-QS{AX?yN1K-U_hctKAe+b~Doru%YW7iu!w)>Dq1hXfMU6y%cH%
zyA5916f~PceZy|Uk!*@R?1#f{!?Jx8)AmuQb?r8I?5Dtf3bmQthDG}+X0aa~?Kbo{
zK+*01g&J$O;m!eyi|oe`yA7ZHPBHm+idV<mZFqH>-G);8_h@j)wu_R?3!?lzmjv0M
zoY|wH;z5e?2PxERdo(mUNKyMB#eaU==VV|j!oXJ9!}vaE>OqQmtnSr)8ulKf*m+RK
ztdX*ISPY=F_Sdq4<cu_4`pgM5#4>^%{;HpYXLX^6D5@V4&vV{^_#9q)%eM5-hbT54
zqR?9ZiDI7HoU{f=l4{4a2b5U<a=RUTYeCPUP;>a!Lem_IhB*}OjLg_tSe8SvD2FFl
zf{mMnp>u0tv4baA=W{5|=CHsknUigHI6;8dxt4ru!FU&d?0__;-e7<4I}UD~w!;)|
zhgq1)Mlw?>km;(xhyJe&3FaedKTP3&n2%(q!xXI#^O4Myk}^ve$@PaR(hu{IJbRep
zIFpVyX4-AYYY$uvwn6>EZbQQ(6m^eKlri4t%(>|X4f6xW@Qpe`G2#dxJ|VF*JUdv1
zZ^03YIY%h8=eLVF9_3&0lolM-0Z<bB>y``Q9dzRe#kC_Mjwg47t%;J1pg;H58-z%^
zGmtHJ#8gjUT)*(w$A$2u!}BPG$59F`&&8%b7F!XO{}e-!#wzdhSN{m%M%(%*MYE&g
zO*VG~U7oeobB|Jd!vsYBSxl=9^-}MMvGMK*C?5V=`B1Lj(W4ZHj#7{_cU(`kx5*xe
zVYM9oT104}R_95D5*fiFe|4x}Tjm%AJw~A&E3Vaydx4yS>8$c<e>GWh_e$nBmxemm
z!%77%>tSAW@#|qBPvC((#{Qz88WzSowfQlMcaHH+6?Ekg)ydMSA04BZ#PlD02gU4y
zc`XA5|0x6}vH<6dU-YeT8<fV&fUU<Uwj85SB9{S=k5SxbKm3;g?;NLi>o|owt5c`#
zGQe$CLY*GQ|FN&eF9UprEdwHXTW!Ys7yc9`o5KW!_bdNv821koj#G>~&K8_0*-k<m
z(Agv`%`{q&tzpq|iiO81lv&vt_8q6#%amYb>gsF__l{E(9H*jbX|icyj8V0I9&;EY
z)_^xoP`rMEn(b_Ig5vEHyq)i#pol*~;m+z*U`?yQ+T{~(VfZR*oR-CZ$qnD=CYDD%
za-!u(>Y_zE1_Qr@TXFw0oCy}omAVzUuuLd{rPh<PtUts#ORBZ$2Pla=fchdr1W<{7
zmeBemYh*Od8W~NuMn)f7<DVJU_~#RA{F7vje|Gut_-C)5ilFr#%<q}X#PW8f$~e1L
zqzHIM`5AHcf)f<qo)B^NC_f|4R!&m9I3dEA(WXvOCn@Tkq$tCJCc)W;ST@Gv{K_a5
zB5e5jB*o_^Dcspr^^FJ{o}Hw)caoxlBf^FXbt7z0n?=|#G?$`RE(;_gY=}HX5ps$J
z5)n2eouZh^ehi7Q;o>QZGp8tg#z)w2hRgJs7GcB80?YT{6QwqyBzH|V`>E?|au*$O
znj-A9*ksBmkYF9wghhVZ^_txO^gd1T?r92gtia;dyw>nv&uhw6RD0s;S6~IR%=a_E
zER)=dM&03k0L6_PO>U$x8aKZ<!)T0eb*k3b+Ge$&QdSGntrkSA7DTNU<ZiW~(%gcU
zbY%&epK6*?tT3fGW=c{2N7$9eRaLz2=XCG!aOaG91ylrt%Z01BqvEcKWoczeeXT6b
za7$EF+)+_+-%xQ)%L@HjxfbS<yJ+T8np9e5sHCW9nrLdKrN7UdGc)(x3)CNcK68h6
zo_EeO&n#!oIrF9h%AX#iinz(Sl2UrTsgTm2p7zXS<!J{NofcC1(=(7|w*AF{*1rfT
z-SZfgoAiqVV}5a<Jd>mIrr^Z+Dxf^@lvmov+i~p|2MT_1fUsO!=Xg8D<vTDW-vL{X
zcsuAB2Oc})K;WQwI|9eX+hLm#Z^zs-4vatJfNgQS9SLV0XmQp7+sb%5mYj89F8lFW
zydCy)4m>>TfO}WG9bI?@++W4pkt=?DYx$4)fbOQ4uS80UEULO%rHR<XJ?Fs7=fpZ7
z{-#i7ynmrO)zx-Qd}hQ1X`I8Ds9#;3*n}%`>^TQUopV6Vxrve|EE!+wh`OSH75-m!
z+geejE$1BAcuu?mA`HtTj<tQC>NeVx&uur)Iq=&#KDP-wC$e6%%x!H79B5hKfV!xZ
znxIlT&viBR_L2OXetpDc?IZ2XK9W|lkJR2%m)#;&GdGC(@;5sh3IW;{2mzj{mdrX$
z(_bAJQQ$z>iUcEbN>~G6%2fx*6$j`5)*;STtGX!~*!!0QTmEwJ;JN3j883jneBXh3
z_Z>WVZh@J3;ei8tA2>ie)CQDas~P%T`i}#N|2RN@VwvZw8C_`w2>O74Vi=%YFfIGo
z2~;})tu_Ww3eC(<0tj9RAfN|o0m?-)b1o%lK?$fs1C&c<W~`Io+X{pq(t6p<>>W(7
zEr{@dyhUc_J7ENmLJ1G@d&SJWA4RYzitr%6SIv6XtWKa-Cp^gSZ)WDE8U!n95FXF>
znpwPAO@h<01axH_yMs3^BkB^|u0uc{c4c?+re%xz1mD*qyqDiFGdndRXxoVJw=-{=
znFAXWTw$5U$aTxi{IeZFm3D-m2K$GZIrT+?*)I@&8tiQ|GwyYQ&@P0Z27AY>QfP02
z6TJvO4fd{?`D!x3!@dN%@$TK9X1goB%yVGxnP^K=2!0$u_*<cWnFXE02_73x_*<d(
zs~Lml*5L$eS*9^~J}@o2jUae&1VJ5R?EJxFJKWD2xAzy1ExEs$k#KLU@8@ZKT8LNq
z_C*+P-gPqGCK&7gDP4racnu7wktR!=jWCXNL_+RJ-!q!OlP0%J6XS&{VdYK9Go5cm
zXl5AI6C-`XsJa3bjA|*~EYu?Tn}tO_N0w@l{LR8*>yf2&koYJ>q~w67MXIe^@*(No
z2!gvK2%vSG;XSgnUrW2W{t}*y^_Rd$fOEF>u+oBN3Ocm1^P?~yk2KzAj2cN0Hj==Z
z&|JawmUey=X2nQ@<<yY`{YMi1_1tWEaz%5+Ffj(W-6ILMk0ekFmz4HJGP}sc+46IK
zR<c5*qjD>LVRuFn{4tX7qcFS779To@lw`vhX@=4b9Yqi_im(ext)}4jR)Y3Ug7$kp
zw09D;!zX&}Xc@hBw4b9+k?LkqyEdZ;S~F)_iiP%qR-E>GR@wzV0uK1ljur~`widL%
zYSNxOilFBx0%uYS1-)Af+Fv(m|6&xu#!;O1&6zTkZwtjRF=)4^5g?5~%`KDm>`Xy>
z94q-+q+?EN@mX6ML5nm&`|3=2fLx{@8(lc<J<<r?N;7D8R#l)qA-Yacq$Usg4HzMh
z=d7w2|1w|7Oq*8PLBH8m6?Bp~6<uDOxDhfM8pEmR;y8IzOT)>ls^I7og2IL_gTl--
zf+=al+~r7?c+8fW7}NK)G=icuPIJl#d5T%6<<*1gqY2!j3Di?#OP*^FIO9SUJl94z
zf5LR$do)3}(cF2abk1y<iQ)XnXo4?CbLWes^CYYD&@lwTV_4T3>-VWmLOC;jbEtyi
zHlhdgaq%7y;1j>OkBj#Jr%w+UA$!0Gzc%mVQn$9@Lg_n(pwAfA13EAE_JH$kcn=Vs
zj2_^WJz(=<YY#|jtzch*=m8^LMh{pphG5nh0%vY(1#c$^21lC=-X25n`xwqnhb3}E
zZmk$520LxX60{ympe}u<tR4`*L>|+?N{(_l<|Xh88$Fg_)L792S}l=>3NP_vBh6*@
zfDgtJEFWw1fb8-L`nDCc7Yf=#d}uEew7aad9~~fQ7b)qe(52RG%WL=LSb}}bnFh<i
z^LkrOdx({Gm!$phEGz9<Efh3+QqX?gr2X1hf=gowoW(5^oM|g)FE(j!nNH9+ozs3|
zj{I7h4Ijmv_8I8}Q_>04&Slb`J4b%9$x8n2a+G_LUs!HB!Jc$M`{6k<it`*lHg0g*
zFQyY*NH+(ba0O?d6tuUB;<U&5(B3MF(;jD~y&z47gh=yq)GA6{C2B{;5d@55v=_|s
z(w_Gur#;q6dz_>_b*`0mS4#z-Jtb&=D$1a}@i>CI;|QD?EfsWrO3?mHltKGD;|S)D
z<Fv=ml_yTOR16dI9L8}31>*?R;xfm3*Iaq<2P@ew$}#RKeqrI`2|~vU+GFPm+C@sT
z@pP0)d)x5@ZN?k4=LRbH^C>Y-FN^Yy)A>VW#|%`Af0^TSyUC@E(+NQe+O!im`z<&D
zL*>dMNHP9p;@qB83QmoeB}RhVT-nv=BeOb-tTdUGEV5?HtaP5`%nMR*RAy(ny>-fv
zbz(N`U*^(pX@<|z55WqCJ}or)k(+BW$w!kPxw$5jt(x3CRA^G9WGj5+R+~M|o9^xL
z1ie{HXfx(|HQD=VuE`{;CX=Nm6X#hqnb%6eQ_l!Z9(Eg=oHw3e=6C{UTx$hIPYX?c
z<2E#Tc09qU@m!NR3*{Wf#?f!wrY37oAgD2cK+P<3C|JHwPOGfs5x1k_GyKAOO(5to
zL1=Q-LZL~Kl5BkKHZ?h80>QKih9+|!S1|h-(Qb93z3nz7MTRqYTrvJ-YN<=9nvAQU
z;0KBGiUlV};xHTbFB2!DG@OKj6yI|{Dzz7wD@{z}e#PI4{gdCXIEyPNcvY6#YN^TJ
zDdH|C$*CCsGL>i_=z9}VQNiEsg%ZDs=1NTUQQ|kzT#0E`CDs`zlqgc(Q_`c={q1>!
zZJ0o?j`6Q`%k(Po_x4<gsa7SXNhRj^jE)Jd6ddayl$alFDDlS$1bGt(oY}1u4DBG4
zcrMydq9=nOGDD1xS#oLEN-<0fB@WFX7?eSvrkANiSC%}Uij_PQ?Rc*Pzp%9#1gkUT
z=$Iu($1FcK&PJO`Jf1;tEW=P@QY8hIo)zuZI>y^>nZxA5y^>=5%T!QGsY)!Uq~J}7
z^R@+No5W!@>|Z9%qEeMuG|X3HA4<$kF<vG5Td{u%C1zJvP#{Ykved*rTqx05MKS(m
zDv=KNQDR;d1=F4rO3aVpO3d(4Vtx!);tZ=2<A)0+ij?F&KSu5N9B;7O83eZ&|JwT5
zUL~eI$Ca32RpJb(#B3iW=CoAs+VgUG6k{l{+C+jX6A7HoRto-pPA-pP3?-&aBzSuw
zS0d)gvzwWoiepSAZl6f7Wg>x^T&5DQ$$7ef&C|cfI6Tku3%fay;KoFu#M^S7zU@Cx
z--t1lSa}jb@Fa6p8m8c%=LPM}J)HI|AKIIHIPFWVw0DrpqYnPdqvjs<OHsR)lL(qm
zGL}cvy|mwWp3|OXrG2TS{hrUNG_|>cZ#xRw6Fdg(y(bZLpG4ryYp!5eM?w2j9)tEx
zlL$6U;<OjbT?l5&ObpsFnc(k9>^`l`<x#%eg~(<l+j<<!JMs%_HkqKwWI=nO+=VFg
z--US6W77WSWP+}f4cg;01;bwuw2v3GXZz4TUeLbUN_%oYLAyvvN8>$eix+t9CQT;D
zV9vDoQC`~Leu2}TZKZv+q<xzY?TO74JpH1eeX2?Oy2%6|O(t;WG*fW(1ws1^llJ?Q
z32sm3v}eqc(`qxtFfnLvKZW3_DFo`#GHFklB@csOC8v2DK`-(Pn=pl7+!R6k@L7U(
zk&<jo=d`byLa>q*Fpsca)K{+RZ3+}MqQcl0`8Rw=rVt#OLJ+XLum4eU*?r|9-+ld#
z>aGw`VYfiIF@@kdLs(w|VY5UKDOuC15fvT@gvwJ1f~OJ$?CR@(7+ry^xy!CV@kH2S
zJ8@E4PbFwMm2g9vEN3ldSTDl%Y$u=Z2t$(PVd>1EX+(uFiTvw?{!<B(rV{h(grcbg
zXW5TeKL*~MM)2A+0>a7|UnhJzjo{;H#QZuTa5@2*PRy5Qgab{ctY0Ub>%<?9r%opr
zG@XewHracC&BIP5zD{VBEDx}8C0ZXc%kKi)C0mZd%ot=j3Ns+pdzj6er509$NBzfP
zbV!z`F8N<ijR@P1iTq{lWzz{3PABHe+P_aHxWs-eKB%J041yPD5c6g2?`9AjnnCyn
zaY**tkggeF3wY_@KFhNw%X1C=Yg0SI*83%1o9AW{B+TTs**BA5`%GS&+Or6vX7Spr
znnm#LEK!>P|Ju}zur2x5+6c9klPOu7xCq<Tm#iNNhRr4jn$2r5bvD7+*}N7HXA|6>
zP59T00!c148bsL2zwGlhW3Yck8%5aKy!>z95q6M`n4~IDnn&2uU*?bghGh~A%p_3L
z29*+tl6BuM$zm)MDcOD7MO4`HGVi{7G6{BN5(FeA`wsxgvelCP5nha_fd6rXi<tx$
z7(!|Zgfxke=8w=NqQa8`fzBZya|i-5lKqE}RkDS$83nx~Yy<wshmb~d2pY^0L&ym^
zgcLKwff2UM|M?6drzHJx<rF9*BP#6f%!iQfa|m9Y!-tTAa|rg#;X_F5Tmtu80>a7|
zL&)g41ViTXA>`a#f|GOk5OPWmA*V_iLfoDC5Ry2L;Kg}t2r04*A#FRC7()I|mZ710
zb+(>0BSY!h`&o{_YB$6?YAh_>zHpS~1gzoH|6>T*CDpgf|9akzuvL9Ue04OBVAwp~
zX-~`}I5>}Ymu*=Dsad?c>{>`Le4*&HyZrk?a)j;qSN^Tj=1M8$`q!p^gzXbi8`nDo
zX-jx*#=K9E@;<Lk_YVjvf52<ga|J=@3ekBF`*+^d2;0}M_;lVp{|cu>*#7?43ZIap
z%nAPr500=UzG@w1>Z~G&Sj8*q{D|Q2Dqhjx)dWXB5wxA~uf@;^+oV_jZ3qeIC+7i8
zfsz(s+xsdXLQbqD$XiRG)=4cT67CANR_P~0`mn;2Jnm|*SwAYJ>j=m?Vt!OAj2$xN
z|50g!bp-X-5%D_RVOh0ohJM0hoA4Tc<)F(tg3jysqU>ltc~Y%rd2Fy?9l_jn1nRa@
zs*iHaLw-Mbq8Lxb3*t_CY<~%FU#}xLypEU;Mhm1jk&5#_Y2wB@g6qt)y?<G!L_7P-
zup<Eqlpj5|u3fmd%IgUN*Yj%&?k^u+1z4^vaXmrD^#p3S!DR(|iIE<Xn1`P{w%x+R
ztn~!bgojw^A<OFFz<PpQ=AqeOrHs#6n@JD3%)=><E#!6X;o*9M`@%yj>7m%_q1gt4
z_zeUB*9QBXD{4Hd>Mu`ib0|>qJ+?6ddgum%K^w&5DhZwFut2ZhK(KlPff_JaDdVV*
zbXoZf=HZOTmM=V9+CXq#c*u|*a;zR)pAv+BN}vW0R?7HdIZJvdU>?qTY)`zwJ-qQL
z!K<H&r(V*7lUO_~`jjAxdB_-C)*;%fq=y8eKso2JtrQ;eJ|*~Ccvvqzq*^^he@0O4
zGXgc!*Moijwh85gk6qG7HuF*7v8i3TkCC4dq<+SI9FRWptUeBXMzD|ha1Hi*cGp3=
zIN|LJx&q}_kFBq8Q8|YoFo(N1<?Rc)wJ+olbj%@8hYv36Jo6%NUtk{2du(3|51Bax
z(}ag&Z(p!_IFm#06Z7!*pwb>d8ZIzEb_V9+g2z^;8+TD>BSGv&?!rDmb_T19w>J{>
z+(@A24le81_h9M4MHMK89@{+OVdX}G<-$X_^pHp`9{$)!aGiNL>faKH@*?U;7a7dO
zMUU;4aMA8_f+s!~+mF&kj@8BD&k5#zPN1IhchN<<XeV71Fc+6RwpZR1{qA#u0^y>g
zbm1&-anW=WL4!>MYO#M)BuN+Dq>F^|3Y5zp+ZV#cv`qw)HgOk8(nYG(MeZhoUChN&
zzowXFG{s|sfl~wIGePFzlB;6Z?sh1_gMs^-2<~noD97yb<zr5fk}uJ`+CQqbDD%u_
zf_9sUdH<g;YgMAmYyBTLR~%-@;^kxH-SguL`)_srUo*nW0I|GCWdFVDa&PZ$otslO
z6ZGHA=VoCXAXENx^Zd;O^EMN)>`qFNN@3`gqt(;heZEs$Bn=9fL7Qmxfi!r{K&YTV
znG>xBzU5OcKSe$?Wd<vvwMM=MC&ozaITa{dqP5Om14eqYfpWvSq5|bubj4z3z=$>)
zB|&cUi<GrdzJH51%GS*Un?<7tOQmEPzeaJ6l|x9yl8w@3plFm__TQhQ-7h9t8zp};
z!D-Pb!Z<*t{2N8tLh#7jDBA`K&WjoP$_RCElB9;Y4;duZYe|6$6g|>?%*TE8Ed()J
zxO-vjkSTxn&u<}kc8k~j5P5DaL!TU_{+{I1bl0RoF*8^nrB>+SW6)}-jBF94K&kCk
z<9rR$<io;jW-!mKz21Z0?WJxZ7{n@Lh#=SdEHzkx@|nBhogP*Z9F{;LWfj3sJ-7%K
zZy{K?g^NH~DkaPKi6C*T49XJhD+1=bV5nH6XS4rqbXQ!~ll$Afg<$&@K6(_%Iu?~u
z$FZVJ`K<){R$j*<S;wOPsAGy0YMyT$jhmB@VPXL$Qu5|xt6RO(liy7}yOp59R(?0t
z;|qdLU+|lhM%xHH+xSh&PumENY!f#ru3>&RDcjs?jb3Hlq%hsa$Y(#Oq(J$~?Vj4p
zs@uWa2?lQGx)sKnO!@0}(RP9b+of)khsndQ8G4Nv_2XVXs#`7%vY0_)jC!b-&sgTH
ztU&o7Mm_6Wu5g%~V3@(@G1?<v1IRW=s-i$S7^As*`;27?!{yVJ5VnSlskp1RRmL6U
zgCdc#O5}syTq4`I6MV6qOGH>ICCm6pq>ij!LP*K6ENQqH%Tn2Yug17T`&b+0+;)O9
zqEUo#fK2%}ihT#cV>@J{>>4iDoeX_jq}sBNpr%}<QNUq&8HfF!ksXZ;TGhu6rN$_r
z<_>}yI|yv?qkz|T5WK*Cv>gSU-a(MZe!Mse=(3aG#hnBJc^s^Kit%C6DBzT=Ndc?L
zkC8#z+Z_DcodidB5)k$u!^1y23GVFV9{TMf=&_4?_-+@$kzE7<g;o!IGj@c$2_NCV
zGZd-ydYkvQrn?Cm?B=~~=5B(iyLoRrvYTMvZr<A(>>;SRNAx!P2*2KTF;ZLnc3Hj6
zIDBP<j0{p$f$|_y-TJnVDk0wu&I?tb40cs~qpuh+_YlnA!v`??NO3XtktNmHN|gC^
z55c)TT%E#FDOtu(oku51s=`XDGkm0sb;|xb%;nzJ*Q!o!FM+z3t5X;U$dtc2>+B_{
zwbwgjjFc}UF!Z?*AwTz(>NMVJkvN<E5S23#+T+Q5(t2qxK_>?5Q^+P$Qqnggw5LR&
zk$VY-vqHv&c1{z+T>+~~Yma+Hvh_mW+e@%aT&OU1$dvzu=I$lfV_qmjzb4TW!xbnA
zQSL`R=oj}AToCBjB>J^7&`B;qKrRtyN+rtok24theow`?{(Q@|aV|mKT)yS{elEe{
zT)yS1>?8Oqmw>P`#+GZZeFSgr<6Ewq_Yth$$G2RC1DnN_cguBgKfdJ}xSznep8#6&
zXz!Nm=6)r%T+>I(fFD2hv!3QSU2LIF8Ex5e4VdiRaxK@tRQt|zEL*PGbN(gh0J~+$
z8ZGaNs<DaCqYmuPck7z(CuqE%KwUnzjOa5MBib^D75-nO`<wpOwj8pbVDNt4mcrN}
zQ~qtaWIw?oMw%&Jq)W4OzY!-l!hr!?ygT<3Y~L?7<zv$2W*Vzf?MSVrFf7<laMmzn
zqgX<^+z^UTpwx}jMh)PjqWUF)?Mq@ghpN_>1hHQd5N2x(iCw=Wc;QQ_yOeaf&SYru
zkwNQIxb7Z1Kyd#{uDd}82znmix-5NlTpQ2x{--Uj1%jkSiWb-6P^`GSyF+m&NP*%I
zio3f@gIn<y4^D6`6jD4m{L=UD`$t}Px3{-<J3IT#=5C&u@4?cpC;xk4ZjG~M9VE>O
zXQ}Hn?V%C4C0@*R-Bi~1()}2IRCgy4nh~btb9iX7HZRXq*jeKV>|o{^`Wqi;`+44#
zo=v%xaq8nxH8LT6s$7=K{QAQ)hA&i_PeP;QB|W=FXMTV7=4}|t6eWaD;*UhA1Ue?h
zcit?sA&Jm%^gRri1fK+-R5fX(H2yBz^DcGhSE-`C<kA%pn<Yk#x7^=4;h?C3DeCH#
zaVeDVcm&@>w!E*YL#OckP7F&8+W?HXG|fKYD}N&~J17{oFT4)<z(Bs}xgbhLnr?E2
z4BrfKFJ(rjjd8}j9r{>e7m`XH%E8!tAtl#PV*ETc1z!V80uGQg9!u9uaWim`<xoWO
z^oD>Y&p#oVUu)d8`8}f-=c3yfElNDtl_J>l>t;8t(FlPl5lXPKxE@ey1iP0Z<AQhb
z?6w~Byq83^djyjrHbr~nJ-Qpk;$uVsf`3@^#La|agHr3f@>-yBXEcnh>M}yhk$<vi
zn|$o%R_PG2tWSbVYV#Nw0pBUfC;~86i@@^wjFdQnrM}(7YbzD^P?MeE5@`ZRXGb<(
zcirO>*!2<OI-`!hr;IOihZx9WS|k`ig(&EKw-{fTx1hmpiczEzMqhjo=PQ%*GyQsH
z=cL*Gl2Taai=|{4g%$C(9`S-d<gC)jmN$XG7fetQJDkc*O}61M+Am*o>Yvb|3Ha+3
zx5=jCJKx6rslzV^z{K)UCd&fQ4mcs}YqFFq2{%dP9x%x(P>^bu!>6QO@`#K5@YgW(
z&xU(q-EG?DfJ>&_no$YC2&N?1BN0zTW%^ox)V>g4Z_Y$R!SglNbHy#Rb|h2I#qd+d
zXF1G7w77JdHNg@ssNjg9$pi+_#gCVEi2Lt4OLK#e<zaBt2UR{rXUNMvwuA*o#`O8j
z9h6@3*3mzWA}@Cdkb2Jke1Re2r%{4RSesFJb!qn&6_zFvs_dr&ne{^{Co^ai_Xv<Z
zRm}q&VlHRAe~`}Fg|g%BVP#xU^c|lJvTlI7aJGR13)_hX;pVHS7bh6*JwzJ%A58wv
z@(e%|B`^otwI%~(UC)KtQxO|Pkf%IF`fE^V?Z)>?h6u&dGklb*;7yIp^H+U0RBc*c
zU%8AjrzS+WRgyo4Y%bv|F;@?RO5M%$Fe^V_DD2HNXp|;7rjD9dYZ0<(L{pknX>C6#
zG6Q$4udf-^WIj1~L|zPcKfda#rK*WHyh4#kB|`bS{3d>73q_)uNP}6QkS)5fRNCS8
zCHw$0v|d#Y>YVqkt#3LBCF_Vz;#8g~l?j=zS3$wrszk>PMfXQlG75_-R^_1Tx0Ui5
zEO~VUY;)gTy1v3>NoIQ@D_<L%B@Sl0A9C!eEAKJua(6Z4?-C0x5{#JngXr2$Y2QLc
zjhKsrXvofq(ntI9G2DZ<H3;y!n5wnTWn3$@M5NWWQqGL~QR=mv;~1$^_lQcgn86TA
z4wlj;hfwQ310U*zU}?_zj>bKxtT*_TbSmGVzpK8xy;E5En8fd#tch|~UK77^1?W2}
z$3P;2s=KH(=Tl0Gf=hJT$n@POdl(~l;lVbvOw174@vJlrx0UG>&wl3V8_eIUs)_xq
zWQ)ru{mI^~c<_BzIi^7lNo?QNj1vuy5_o19yH!+$sLKoX#~WrJ%2fUja8{kglpFRT
zp4l{OHk^>wVu<S3mG$1&mk-k8P1U6<<Te8D6j;cI-j6Q#zE*k;7hg+NA7<@TCSf-V
zN0+Hox9>XD?R|Z08Ln%a67bWR9o0J6b%<HbE(KxqrhZ$j_qE84^d-7(#Bt|%gND}h
z60}QfaG$8{+%H(~n<^)5{x$j|PKbNN)t25m75C)pIKhGYfioTy*~!zVcjPI_Opd{f
zayyUIm#h*$^%tnNxw{^>)D3<uWdfVTKE<<p9UNzv1BHZb^&%$wE7vEX-E;kaDt(?D
znHVu+t1HF*L==R%vlJ^Q^g|bHYc>7^rWO3w=kr|H)iCf)GrQAYrjn#HV3w*TE7b-L
zK&x_SD?BG-7XFY+#Cja7XcXWI$eu0;Mw75Zn}7ytDGRa%YXY*aYv^okU*0u*`C^3)
zDaXRdB9Y4!=Gj&IHO>6V-ebfSmxB4-O_exK&n@trrPKf`1sw__?LRem(Kr8+x@D5c
zn%^p7&oVS-*u7EvHnpI?-sm$?Fg@873+c+EDP~Nt^;#nd>B{B>%HyO*BV16m0WLzC
z?W(3yR$~D&XC=+vc^Tpz5?y=!seVagIPJ9|>=RQ<yQQ=U4^^YJ5(KB`J!{xW-VB_G
zR3B}lH1>%_ty=eUGcn`yCr9NOzp#Z)akbx}%@WT(A)BSxN}rqk!c;oMInP6NKPNqD
zMMRJ}#fY=$%9(LMissqrD)fI2GEA>C()l*3jnay{hLJ}gI1N_5O&UIarj`gQBnz-C
zF`QE`5FsfReeLW-ikT9t)7nUiS!HU~D(uy^vdB&-60C0WDd$tHrJX|@;#dHT7?Tdo
z51e+5-lUd_C9=EXAoygOWQS>@KxQBwhX9MOct)G;(6hiQ6;Z@YEK)E&z`6TgaTpYR
z8Z)=^kMmY9nCMaByl5h3`_0`~o{lL878mx(+>9Jc+SHSGeIfOI$Sxs)l<Jw7;F6K>
zu|D&I=Yn=YN-Q)BYXB&XGFxJfZlCc3hl0x>iE~x$Q$wAcl96T?gi|VA78Km&+gTs=
zu0Be9O{6g{+A)zeX9BBJ^pCyz%^3^IE>?)YnFWyA7M{F2Ny(xln&tGeew#-Z17=K6
zg_TLyC2-W}wp85xA;d#;6HB6(MW^n2-Rp7dp3K_5t92HX>^ix+Bc-G%b}|Fh1U{Lz
zz(33qE7ko@!iRj3K%Gmw$ncfjY7`gK=8jyCR5OJ3!eBqVt{O#9x718X0b&tBvI}Ll
zb%lK0z{tCqh*|i}A8OLun9Ul}a=;%7?3IUnh~BTN7stG|>qa&B$s0PlSYuaPPXOtX
z5znX%Npp{XcbN6*hz3dsG_X!Uw2QO!$eecK8<ZZQNGvYDW1EH<zqj)?E}~b2utw<2
z7n{?_3J2tFZhEo6u8vT8xge||Bu~O27e4I-+3e7BGJ~)0EBfd@CI&nR_o4S*L=XCf
z6|CZZOdRi$;M_tpR9W~<^lRWP%C+-p^lrFCC}Jpph5&E$SBe*nK6j!jonkCz8sK|0
zokx-n%`$i6;HM-}c@;V_WmYc>J<(rH4!<(3kZ*Usk2CirE3nj%Jgwm7pV@@W`N-tF
zq({n_EBXlJ!__xw!S#twet_IYZ>U(AB;t20CRT}g)dyCyh(b!IZq7Mp!V3QItr@2C
zWvN%Fqt>n78e|LY@@hwA2L?ywQ8LPA5xT1emsaeF>CS|n9rmd|e`cc$xcplr%Izj+
zql`KGZ!l-l)MpeLdpT0P_h?mJrLpr;Y@0}S_Q>4gZAH|%t{jm_BpB+n@;DPHbxMo7
zhp)g}F&5U6Mr(Mq5q1%XR$;qqK;5|R^E=-&{JQZ~F^ra{zSQLhK8eSb8e9I?RDd-G
zy})dii~JRo;Pw4cz&{yjXS!*&aSN|f`|jgu+EiDXSbJw_NM=TBmU2fbF==NSml>o9
zP<wP)7^!yz{<Wz0eHEJSoB9h=Y>U3D@a3LQYnkfaSNtw1&P{OYDXI@f(_ha1x9<JD
zT~ZBuU~)ZY#Sb4e3RXQG>#-sHe+fO?9i_8f)6G_mTRQ9pq3(YPYr0sVFRd=<IUy^~
zaH5cfC)LpMXGl@$gZ%WfYMDd`;wc~H;^~sTjm`i~>VCF%jlk~g8sp9S_oD8ggw19U
z3Y}EJM2GCRAXVlLIcA~s!ZlY%g4wpB;wPG@2Sr99oer;I7PY^f%_;V)aGqcS$o<$K
z?;oZpk53kwmLfi#4;-QG!Sb!aimjM9@H9h1)>Xa^)#=TigM+%trV*|Ikh4<)=dpYK
zrndb-N<{nkDcG=+6=!7aJsHT9RjR`enNuU+V8Np7B6YCp9%cD@S;4{qIQ9*ozcimw
z>s>rgS>*Z@7&=?yx<ALAMqSCX_m;2b)FPeFQK-J?{L3aZu<t4*)7``};-n3tIV-q0
zPxX3Gq{031;Z>+DRfAt`<I-5LIOjnKxu}XfL?ohRl=$)<=cE7JeRjd!M!==-wF~n3
zV_l-3s4<=+CmiE%4-zl%`(VL02WJOVp}kK88-x>p;z&7t*#rq5WZ|k*C?0;iOSFx@
zY=R(<LXhGIO)zEt1fy5$ua9Hg{)6nNV9MVLt-Y;-!v3ycU3neuEJn3;FZ)^>cQCpb
z9ofzF=vh%D3N~ev^W0aDfCK72Qhe)jBQ~fz8O%MMPq6^k?-S=uBC*pi+ED3)B`lQ!
z3cpVckBP?=u{NXS032j4pp_5F*w$p8I3bg3`wFdY%EXLR9UrVod^!O_Y2vMIYq%7`
zg<+hA15R9?08Y-25eg8xh?bdBFG9N$W}!4@9f*<i2&FW-JfU4MqYyh|M*ssY2Tg2Y
z_sPtR%~`DPGZ)2)XxT;g@~auOlHHNsWp<}9MhLRBz2@6(<uogkL&Q^~Vy957&tP@J
zVcTT}Uh_Z=x4&ByYn%;M$~=4X@MjZ&;j#hi*+TD3?a}g>xYA?&^LY7Zm!j{Y&}3VW
z;f`g`F7w%m>tY6&r;?c%nTO+Np^r_6B28(^BZAqJjke<?OEmPA6+mF1idp2cmsYdK
zF-j-+{V}=la$Rw2u4O&s=;jA|LvH4I3C1(gUWb2?p^f|TtT#nD3WBy19E{?Pt1Sx|
zZ3I;at!tqoFrx$esX%g8m%=YWnN>R!sg@_|UdI}O2zu=izYsWcIc-<Yk0%iL2MN<J
z%;=aWDKj6Y@|}5ia*&ZAh2@yr@iR-grL-V8uq_81M%Z~_6vC!K*a_0|EEgod_ZOt-
z#XJ^Qj?~;)n)pDW`~mz}R#sfi&|vu+^K&9r`W50+J<(F~2MXYuk*80yXNf;PmL1;6
zm~G5>0u+y(^<Ns6&>>8rP?%BU3TZ*H#{Wi~i3^IQ|2Og%SU}74#Znc2nu}N5>^B==
ziDoa!<*2<Fgn4}RLTCZ&_~fN0Iq6a`>OmWA!&^bmIUkJUU3z4DyVzdX#!wI{;(w9g
zAUtsH-Za-@Ut_C~=Vx!%V^eaWAe$u^v}gU>qu6AsM150I_wpj!@?+OB!q3KA%5Gbj
zgO+4L<Ri;g_{`+eVyI@<Yq;PiT9lHDW8J$~FRIzZAdrytm-ZJ{+S}-U-+%kLso*qj
znpL2_PkTN{!6E0v>N;+yB^l{-^vobV$+@1%(r-FBKQ6<_;2z&*7&(_xr25OIMysfE
z-9mpK&H94s^_b~QKr-88vW%X1xn7W6_H9D@s}Ow~`;`a0Ju5vaK5@qh8GqxNP4+iZ
zipm!@E*JjmIW~RxWbo!+Q-oFy+oH`SC)xu0E4Nx|{^MM10db@QyrzV0o@xA@hXI(m
zA6K#;w*!FMZ0}~X*G3!z=aO>&PO#_gOqd*?9ttdGcQ0g9e4NVecImNGVB;Fg4jj!6
z^eyDSN1Jj+<F$|8Cep9PRJ->TD7fTRt(xo@FQ#JLF8PxcJ0w3JSncJqL5{&7L@DHX
zFf2d+Yd!~E^o!He45p`!s`#NTrRwpV*OC{7C*tjwnT>Iy$|Jpg?)c&~^i#{kO7I`8
z-?D7@9}?c1$a>Y7We%&4g^eru_)!$@c?Hd#n|;4oI2Zb8lQ}H-v$AaO$B5UZztQjC
z@9?>%Bzm6Oz}T#_0_c7f_JTE`;2>g8O7Nx}Z?@mlS))VCCC%82Ka1?KobPGqbvrt%
zmOEH?6;n5u585;&e&>I|)O@)}^yS=%ccm}<fvCZ(96XZSam!VINvBEuM0J61{o^}U
zDP^qnmAi+Yczu*M)lb-Df}}GFl)W{_HB^~Rm4kHN<IZdFT{@X-jP!FQNp<JzXvs{+
zI=~hA9+i(Euox~D|H1xb+A?03G8K$twEMQ@WtJ<&?AweEIT@@47_lF|{zh9A{ttP$
z;@dAQUi&Sk@}73`A_-oXhTOezo1ur&LGL?26x~*|u~oqL9nXa~xd)W<v;Z}}$ZRhB
zCp}gR%FlTGmXu_<=8A1lAms@;3Zvn`#0_e7re5!+SR8v3+bZE3b5I-ohyF=dMZ2%Y
zTWQl6odaxz1c<MOlC;OTtzTt+;<lnJ9vDsNuq9TuOYqL)#7~!I;Wqm;z-qbbQNs84
zyb>SRzAIf`^KQx5ef<(6^jFY}@{PH28^IfMA8CpemYBS*g__j?<O!WQ^}Kjsog}cR
zh`!)621h-_=(FszIK|pauh(fSH3Jr%T%JoN`k!UP-%&Vx!!w*3@*c;V;mUj@>skUE
zN(jX)C0q`9)1e<7P}B_Yc{EZ8_6apDC(y^je^!-PYS2@(JR5$N4I32_N%dNCCs}Fi
zZ35RGkNh3-?$VJSxzP4p>M{8|62>g#tOZryD<AUKV$%B@c|U3)oI}b+;6*|lGnv1J
zrDjrZlYI|9(5DtE`+6G0ij|sNN%-h%8U^mA7Mfd%ExokdNlqgF%O+mdg&wL?ZDu;!
zd)EdiD(3veFLuLdsvTKe<s5W+7NAW5Urr#EeKA}8C&NfPvLik$m4ADX4oykw3k$;!
zZHnnX0RQ_IP-WD_FCn<ry8`{fRu{)y>~7JvM-8_CbjUhM)JOVv8a1y&l^32r>WvED
zcWcl-pzi9eYBO((A=rsq@1~te{XtL7rO(g{>FS?(Cs%h#@gi9K{!iAWR$a-IH6zE^
zJoitQCow&}9OH!6uBI74>(eo`FHK^|qth`?MIW)(Hiv)F2Uyo0)iO#usqnsk0*VmY
zM04MGWmvzvVHoFrO^*8=2W6z6^;KV}E9INLTvr0?2F<o8?u=y$HNGrTUDsK$(ajZ>
zA=d`3@hEQJx+-wDwil(ft7QhVqHzZJhBH?dxJqX82^c_Dwxg3VS&S3pya1AK1KV#|
zY%W>ZFzC!e>#`<&FkE5^RNLzt6M4oFL!ANskCj>A<oTt`QJKn3!y-eW&W4Z=H30!F
z6bhZz-XbK0J3+h@3bWSUadFd7QAu=jo0jyn<wRg5t*Az1?LD`!P^aeykHZFBJ)4mm
zMhdB7&!w5PWrBkR^~u@+KCeuQku{+nD=`w*@0QjOaGV`Q3x4|Y*6G2`dznb5M{ePd
zrw18FQ1g|ZaWMP5muF4gfVXQVMX&av8~E|YJd<M9@qo-wN;Wmr+FPr=DNYuM(@S4x
zT(Zke`(gD^Z_;vB(9%nUvO2r*&|vtF9pK;2CoT}?{|K_3^=rUBddrHkTI5mljVwBU
zR|kL2MAyGkxN>b?aL;E9t96c^_5qHY*|)KIv<sLPl;P<r_Y7k^OT~Sy<7X}2Am#P?
zTvI9K<keZj7-ruDtNgsRMAIb+zxGR!0I^Y2lxC}=<=2!JOS4gY%>=5W=`PHiNwDSi
z^7|;Fbjf#WbB~(+xDT-9?o9*F;<RX>@nZ*XytO`^gA=Nw*~-0i*T2fc^zjNZJ>Fed
zIEyj|vSre;eA_V%!9&Kk@Xc?vx`GK=I9#L!RJMR^9WT<x6Z70h?S4%;94)D3x9%Ro
zgnH^H47kr1xP_;Q4{kyzTEx<pp+#UYgO}$8#zU7O&FH)D<~v{f3gjs$D!qI!FcXBf
zI}EZ;x`l*D7NLbEo!T}jeMXg=bZE~;z83^kuA%JnP<1`o&rfT~21HCi>ju@fmh)Hn
z2a=cg(E0CV4jZoURdkwl6JrW+htOQtiuETTP8-{+k4^n!{Z39|yG4O5b>Q+p=he=L
z$Ob9?F>Q{@YReZMuRZ<=Ff%x+Mg9PdF};6Io$CD0-u%29qz?S0IQT{uX!IOu_AWJ*
znY51mar$@Fg;jV{X5W(Qiu?=3KZlIEs*(Pi-bevsTak`ihL=aI{8hMA06yf?t-Q6K
z4jOUsRti9v7U9GsetGHA)a;PqB;O)XQk)0=>Yt-!uKPmX#Xye2RCR<*=h-<ph1j}b
z#c7K(+i&U3!d7Xj$mnK^zYyQz?8E`6_2`h%M$91qg>G&UTGfNsKbk^e&AAVzA2qvk
zqF&zSpV$m(WVyNdreiwt^G+y%n-K@@>cx*6S+l8*CRR~z=@+;b$L-tD1AbLQIR0;%
z7WaUUuDsmr_0MMrJCW)_RfnuOu;cl4_;BB=C4Lsl05-MV5TFR$_I#}~%rRQ<zYoPY
z&OMJV>S#oHS293=F62FGMdLZLciwFm$Wpd%4kIh2$Vpy@U(nS@suo-Wz^>r$XH`e*
zG|-iCLH^ciS&Cb0j`Hb_?#d&*9%pAep8Uk(>VtK@E~~9LeX8JMN%kE<VhN~vFtl6~
zi5{oj0u<OggO94^oV25x0|FG+JA>Q|&>GDnG@&fMY4tp|ER-e+U`_lpsg8-fp}nlm
zD+-=B2k%%H`MgRgg88Q1ibKFZP+8y@53Z#YEmtgXIs1y8_=wNcjWb}hc+WZKK@vh1
zcm_;v1O>4Znd+V6ShDk5MrajziNI)JM|};1_7QCTOryOZQ?jcpt&_oKMNCz6G;&n&
zmV>gnrib=-PV3SQQCUx0OoEv4j#n2+J?-WX3dfYby$9VX?R5+X>8BlqD&A071*hfw
zqZ3p0U%}7OiBt|T`_Tzs?ark@e#JO>n9Vh{QxOILt=A6f)AfZUsJZyfj0chx(h}jw
z17n=#Prx|59d$HA3?|XOk`k_{lW}H}jk5&qwre8l(i6#ia|Wv6qYNsJl1pPdtg(Qi
zMleZycuEgH3x8oFSUuh=#nye$7?_gMJn(D!d^AGa+sM9VN6C`n>mJOzrpZ!?h$1ZO
zpn<}`I<mMDEUWB^lBZ`ayIEg--0;{l3SL(BigT(OK$xXc)Mg*r!IUD|Hfe=P_-47X
zA1f{sDHJ>?@UsqGJH?ucU)6u<M96yYMp2!mJ(JO3x3lcCBqq^-URQzd^#YvNjbzLB
zEht`l=rZyQ_o}sXdcj9N@>t}2n6y+9=${*-@{lg$UF7O&$K$<sM$Rg0;}AOW%C|Ni
zK{Ox#=TNsZyKk|fLY5{=!}FQQ=ItG3{z{NbU2%nA{>s-}B0>4I_F8RhiV1@QwenRq
zwox;zsa!;KYXW)q(V}cqO(0$WF|DiuA`!NdVdIbX=A~!dma3Bp;mc!nslAuSK)X-C
z<7tJFX%eCSelshTL+!UwzWTDC-{+zOj*0CC@g79AM<81Nj+|_II3-8Iw}kK+m)=i*
zbJ((@FqSzIq1jxq*`LQ0TF)rBi24#ZF<xOWM4~e9m(y#-<DpgtZvO5y-IDsh()>(8
z+eEw-8j4FD4)H@OyUW4RlRrN?g%U3Ke?W5X^T53u#NF?Q#skd5!F()(Y3J{FzMsho
zvDd#g91WXLBA;`+{<5T@!pmd&Xd)Xck}G@i*1{&Ov#9tqX|nhlm$&*7E+&NcTzqj5
zI50lGgYWf8)GF0Bb6{dSa8$iUlWCkRh*oJVb&siOOtZ&FbY{HfOkl_@%^pX-_+>ox
zp@eiy0<%VsPwp^<b`hC&^trsVCF4ftI;DeQ_hgD>yrJW#<1g<+$!&Ity=s5{c{3Px
zM*sIJkYUj{3kUBUZHGu_JtZK5Um!}B>Y#g(|4y6=72&llf?$$(5J8CKUo4fQoLwxb
z>Q7mkHfwgN(`dLGWe}DGb*Ejgs%SHrR4BZt-F$!IckHuxez9~>^Sd$sTqaz2hX~y=
zBsBSG(C_$rSlq?Zh*l|?L27?yw|HO1zt)l2j&HS@f@%~d+{}i7KxAc$jEwxA2n}CJ
zra7D5bnmBPxA8lmA0IwTCUEzr*9+-o{8giiSmD<1_|SH+nvjNmIfKY5Z{#CeiUk(S
z|7?w@P%Rg+VF_3;>;OA4W;>3i8IvxlX?BhES5BdGEk}Ovg>a1;^GS$Mc^3rVXv&_W
zVa9~c9{;pZ)V?qj{1yc+mH~MtQ#f;C4CnDF49z}5g^OiD__2%a$cF7*d~{?)3@VTw
z^>EDrMurIWin021Y0#?vZ6FnkAI(pK4vDVbH!_VpO4IAdH3h~cbZ_4a!ha7iV)f&|
zJU}dM%@WflTp6<_$5NmnGnISMe7(0x2;X2B3tIKcCpg3vi#G?F=co?aLQ?@XrXoN|
zh_;th&AsKDW2&fdcqlIHZG`3=maRjus>FGDC<4)k29ND$+K=#non>p?gJR4rrk@-I
zhJZTV($-avFzrfjo%2Jpkq6b=aP3+d_0p_@M}#)eai@yv?G#EjL`*%tNSjv^zJ`2n
zq%_^5F-<u=sBo_!(fK_(-21o9e?G7*Ve@zS(fD*#>X%3#SRiQ^#OF~7W!=#Nw`=j!
zbkKc~YE-fhG2|x!#D(8J-!R_7fETO$LKOA)M<U1xw>?Llj9c@Ya?#r=k*~3dt+BJ~
zLZL-|DB)S^4DeifIO++rnm3B@OZS`b_^1Lh5^B2>2K$qJ)q53{`%VIYBCS$$Z)L$d
z+36>_>A&ZNkBJ5U{P<6l|2fKnDN(DbVqx(3f~AQZ`_|ygnWsR!@-^#HQJtBflblq<
z@emfDGXRoaZ8aUl8@e5U5>BKD=;~0P{##)+z0Q@iohhdRLe!s6x6=QUTn}rKg&SSC
zfzkfE<Xhx7UgyS_($%{e4T+{pK8b)4T2y#!5HTb+#fr8dN&bFKE@mYW4Ib^n><jmh
z0Cg(lAOxsjE85!-{_is;r|me<v-W5G`_wsy{0mrkJ7ZM`8621<vA;Ye2zS$gW&7Dr
zU8~;*pf+Zsz^9Nyu~X#RKQz}P-q$#V3g^gz)O)Mfc)G!M_EJWXj1q}^3eq8E((o+3
zGMKTu0$WDC_@Uk}H(evWHO3g2dMH9quypuNwUWaXW(qEni{rNAI4Ij(Q4U39h9Xd?
zV76E=VLki*lkK>|pCaWh@8Tjx8BSY+$XOGZ2frJPs0Qhi4I#a)5Iv(nrE(^L*k(fN
z<BELwWBM~Mz(~I^R5-RW4DK8giKOZ5{kFEs^Z^VE7Ch4P4`DlFH8&_VPYH0)jx{7*
zun3|#@00S)Ds!!|*-Z&?Y~YEWj10e2xi5E)xpLNocN2?rOHV)57KlP45iY23;~L2C
z&!kAndR{uwYj5;BUWa9G3-2q%wpMf>lBj@+QW5M)$X+xHld@EFX-@~ulspz@Z`Wn_
zXLjiIO|pd|G#TLX$auP+JYd435)sSXL}3VAD8R7@8H{MGq&t(`ics$t6^kI&P`Ghi
zS=(ziJJoMtN}<p1E{Mu=2h~spGaODz%@%beKx)<m^2moO7^O)<-c=|GA@l@6*VcLO
zL@cb#1@Ow`iGSKIeVncR@3fVC=WHaR3l(cWfZ7hf_Ve_U49?IP7htk29P3RGwOzf=
zazUUj&d>rGayFA&Ww7yZ+4=Y~Y9Z1M8Q{0>-(Ii)b(W!5*g@t_q5vn6P=uu5Prw~M
z_g1PhYy+Woi6DcJ_SP0a`6NK35}+!4xG@UcUI&Klg9(!!eLGOnbeCSS_8EUjX<um!
zQnMnu@@Yw&1#X|@osJK$yTv+QL4~_yLR_xY0{#@b+KlTq*kl)Um&=3XykdU*$w90J
z0JT!%r$q(ffmNE96)J@-EFPat^EvQ|ZRwMlg?ly_)>-RS&P=={?)L+L0OpN^c*-2a
z<2;jl^;<|eLZiXEv*0mM0u+G{Kf#9C>e-uiD<hG126~@5KL_vfM*1EZSxrKu(;5SB
zy$NWi6z*~4K{@#FA#CEfHEKIk>lsSDu+X^zR|a;CO&GP^^I%D!FK&zkuK+x94^H^q
znqmJf6ECCpVu4yhS|wuQ-22y%LXg(-*)d*_dGLI}&G(3c!1OL-*j{kwC0Ds9O&X2J
zLP>XaXhm));v)1P*I)`8mTq7#)~x>DbKQ>qu~zRaw_t*C+Zw>8OkiQ&F=T!^uyh3&
z{=HJAzCM;S8~`!pvZn$lo_Vu|e-}{fL#7CXFDk(<ESP%0dysOuW*$Qui)oWu2I=`M
zfI}<y{JM0NXnJaw!E$0}vgr~FFVmB*=5!w2eBN$7VnYCK>7Y?E|G`d{A5{@KY>rw4
zT;~CH_3F}tKflkc>(8t&=Of-|&;9N6g@3G(Kl|uW)+c#iV@xBHmx`EALVU{aoNJ@U
zx`UHI7ORoi?xh^_$jg+YuLuz7F`Qm6h>-y08UW@U-C!<bOsW6rJ+zroX0Axh*m}m~
zUHKfHPE!!E?Cjb@Ki@*pO-))sx136)^pmE85pgnt%27S1!g@MyURxquG!y}l0D<x0
zOrZ!T9V8<J1x`axQL3e`8UqupkUk^zD6=-y;U1+_0fAEyPV1?0_;6q>0B}qI!RN8B
zH_4_c;tT(7mKa(ILV?pN!))iuGPJU1*Y|Sb5=J9p5_1sA%}hPj%7uB%9^dSJRPuI*
z74Yh}Z#?mP8_vBLFNH!8;NSo5xlGn)@1hq;QwNsltga5V2cg2>qQcuhLR<h4s+O5`
z^_g{OJ|bRw4h-^xn^a4kVR@9H8rrF@jM+~$&jjhs1dZB$lQ*u~Y&Md(=SxP&dod2r
z6}s-TX`f!3NZhL=Bl?8^wntI54cO<byQTktf4zWRdaVQCkjp(!=_7%*ZAIUz>*niz
z8-7)-2yLxf#p-<5+RuK|*cdkZv6Wrg#yHH|HYqgN9To0_3ita6*&v4GH_hbrN=H;L
zZT~)SCjQ50QTAfuL#kPfHN6L|?&k-j7Sh{CPNf)}f<s-dF=5YK_F{(V+sFw0lV3}*
zBH%<2+Q9<RLQ3gae~TAPF6sY)MZRW&g^ehdm)A13oL}dz6+M-X8|%gh$8ohkz;q$`
zU!m3kQu(81gPJL&)kVV)$E^UI4GudOAPrwo;Q!wssWyoapR@9A>nNCoSiN!h9boT>
z2PSM_7YyoMx@rEm{@K_sMy%3f<vnRkKUqadfMV|exJQ}-#wUzz9j4Py5c&J_JAmRJ
zB)rPOGXKF?uSWj1MIe@!M<!%M5f;0=^rRI<d!Tp*^&pqF$|>khE$L1bgTp12VENI-
zcBHn`d1o!58$AFB(h$W4+D!o<8yCx1$w!Fwrz6DpYp>#pwJ!oOLF1We2Aidi<LMSV
ziwgIm^7nrvS>SqQW{WQ*?j@5E^lku;9mX8_F~Ft3J3CX0nII1EwoZ=TFTm(GhOz&w
z(IFbZ>8)DD3+s9-EbDPP9e4F8%Y_$b(cZ6O8gX|O%GBztupXE6#_dg)ztD7sw4dFl
zh31)J!mv@`b`GW8;>ab?T*sG`x4q>L{6W}~b4&GuzqD`}dn_g)AQG5x@Q^)e9?m~L
zt7HIQ(DyVZJ5ROgpyiTBomVl{xJxhHGeb3zt<`5ie4ORZETmLGJtevS%}Zijrgay&
zLbP=GdvkdZJBvPGTMh3V`@WreNEH{UMo9<}WSo6h7!_a1O=qD5NF^zh30*ohzurNF
z`tn0jl*3?kmqWD?DjicqwEAA_8+A{oPXyoGX7~+)@KKxbqP>qzQd^5>%PBf__uym}
zP9qPs?oCU7bT9sD&s(^)pL{6NTa9YAtd3px#t|D_f!aHbyj})V1YayW`KtDXNfl9`
z>+r(df@xzY;u&+?#)z$`2un(kMO+MdG&CmPX!5f;k<j;zn=a47OeDOcYTSGLPWdli
zLsD3k5SV<Mw1pvWJJ}ZsRtzSBGioHo_i0afKk(&kGqQYnlR!nH>Nl0`6!k`(`>5_`
zOu9Z@ifwbcK7q(sCQP#rCv%N+?rr(g9I3lYbvcq47ocG@axL%Xt%`aD#=wQ(6RQ#h
ze3<^IC8FHm@MRR_`X?BF{i9ZQV20+EtjLhE_nyHI!Fn_!*}++qYBY;dG<S}h&w*Xl
zn^1zn5ca|dG@3V>TFy#a<G#9mRkV_?jHPgKtv-~I&1N{71tzZE`RXEBeYoU~N^T`w
z;aM7GXlW$BYVmc>uhd2wX&?IM7yvB{lCPGf&*d&?#Q4@RczM;TF{N2q%w+z8O=+oa
zy)_Dyuxh4n94XIRG>KwJv(!)^20K(A_|4;2)r@woQN3);!qs1ze<F%8$0@YL{5nY}
zQDUW>j-s=~{(9X}vN4X@({P8%n_p@{gk3$PiF?}n$x&srhXDXu=FJi&bKL#=fyao{
z?t9=4k+;vvn_D;!&l0&_;f#8a*6@ikBUZNBMMYdn89+2!1G$5(%oJp=AfX4`sfa^N
zFv30*@2dmfW~o1z@;LN-V<)%cwiac!T;_iWpN-lFY)xd!;n$y0rZ&Q}31zK!vCqpk
zFZma~zkff*+2P14D_-i{Kn^%~m;*V>{0e=Dh3`2Is$-5lvUD*|^X*m$jFbsVuk6n~
zSloy017epFhS0U!4Af9s3LY|$ISLF7)F^RnZr}7S;ZUK&o=y&W!z(A!41OW%C;o`9
z(5h$erU8r%&S76$id<W^oAuXYESy<PviWM6-ayKb37r1$2Dy2O;X>LIZU^Tl&gxHL
z;)cI1pLNU&+uXV7S-PmFTkbM=>;5h;0Nxv1#4w0ToShSO6}9jIeDYpHoDlWWDh2S%
z#^Bg$L%O$IJM^fd3*v^UF1PpYRFFbFScIgqsVTQe4OHx;mLP0i^!cfsqoMz3<NV35
z6nAKk5AZ_oXk*~j!sx*6;vIDWk=~YQh#GZBQNT;-FW*rlqdsAr$qE4Vw&KL?lEew7
zUK=?+jzoDoqCU3Ag_^!{+5=y3ZBL-Y)M0An>~-l-CZ9FE+)Ma@rF?Ponv*t!hBgHM
z#SkVy8Z!XHx0y|Pqy_Lbl`G<lr4v(+!&u}OG*ykcfF%4E{UHpR3)E(}ZXZ#`K}i;q
z$-`r4j@?o}CU@wk+(}l)hckB;<Y1b+`jd`q<$L2d<10sFzf&FZn?|@5jPCcvR6-Q>
zS@I#={dH)tj@@6UQcCsmj(d&V^y~uDErJO?Feg=wfG4^Wh=i(oh3Z)k5*W6>m;0Iu
z%!O<>;}vnx)n4H<65DmAT)T)iwWeseJj0CeAfmSv^%I4pjFeux&3=c(NLtTUv)_ew
z%n@>sDvX&(dZ`_fk4>{#LRz*q9u1vP{PwIA7WNGa;HN$dXIr<ej0U|!j%NmhLwl{h
zY?N2Xj1Pu5Rxjo8tQKE6^#=at`G$L4e-JNj*nEOyYU#7Rg<grFj^>K5yxq8<F0mGi
zDSKp`yHQnSH;nt}C23+v!;(W`;I@k2r5gWNmaBy7M6(xBeAABHs$Q4dt>uR{aLeT1
zm52?+JawtA9jU6X=3iG5HF>{RIMf{4xcGSW=YKJiuk`XeYz{SvgBYRZ4Js<txIqmO
z3R%o|azBK|AX)7zE3y!x4S(UKf*EY8?oAK!R02a#ZkN0z;L)_AV+Vcmr0oTu7+tL*
z_=IUsq!=ElO*h(KH;I*^T-dTi^q_2Qh&5F9VlKeTW3jwnrDXfDR|!m|1a;*MH#oJ|
zZ!8JtCl;)4lGdnjN;_Tf;v8}eyJc?uUZdStz3`(ejA@?-e}XTC5Nqvp8k8#nLhz!F
zrm3y)Zf)I|#khQpv^u2T;*CX@Wey*G>TqIY+4al1{5C4`8MnDv?3buWssfZD6(pBV
z*;Gq8T&fYLQi{R2u0~_j=6kphA%fOTJJ%v39-OGqC@=1kHa*Esa*$mKSk&LUSV$*U
ze*97sAW4ckI;ocZM0>3U!jO)q-d4}Q{N`{qZHpnDKn-x%x@+ne&QGFj%8WEFYzgTf
zh?HVnC!#zrjTEVl%#T#dv7-E2%fVuF!+ZFmo<+?&5{8G3FCoRmj6)2no{?HTBEjdt
zDfRVclol8Nh4#b09W+>Q{T1f$I9OPYUz)*M06*G0%GWsvlw$J6FI5ZUPa*CX*7N^q
zO^Jwrafe5uOEEnGC?!iGEvh4j2N>Vr6svjgr4Ubk)bV%iE)@TT+r0LgG6JWVj57`t
zl}t&vf&9iR7H2_vu?bVNIXyx-qzP+ZB6R>A0({in1f*}bwhKc&6D_^Y9$aG(159(q
zZxv#doG!nrS~tAd-?~s+Vc0VN;~Ep)AJ)L~@1ETQOy1o1h$)3m3O-4)-#^LvjhDsM
zhm6l`9RclPk(#SO6+es}asuf(MU_MK-F{iMui%20qNYW^xi06J|Mq=6aFSJn0Q;a9
z^!`D>1DAw?1Guy*jB%Q%gGtRn*Ny5zB40GrqD-807%%f&b_ytQR!Q2eR`i?mQZaR{
zS=A7#3NE;jC?Hk1?B||7NhoOhEv@=wRM5GuRWM$;n|BySDVS6QlLNE=BQPecJJSs%
z)6(DZM&}Jp3v0QXA|y`ulZxuaku;9_)R2!pbkb#{qF%}3vOcIWwMqAfrZorIG8&%&
z2metb4$5UT9_)(VCXn!rMTZv#lh@$gA^+8o$)A1Ee-p{(y~K+D!8W2gZ2nd6X>&OU
z5bg*t1+`E~pItKc{CO)7WAOv|R&10^u~)m8u}Mb$I=A#*B%*^subX`pU$vMlOJ)eu
zeWqLPSMz3v+0}A@n}z9{Az}M2X3z|ycj;LbpiDhSbq9O80SbWGF{i+#17ely`u?h(
z*Wx_$Wo?hz6&_C%UA%W<&o%!|7Be#9o7$}pF=dwGz;Ua#tvQGvQTy<QHl<sixfAD-
z9~spAtmt~3hBkxyl8^eY$;ShtVYN7-|LbV=uv*P!5vly;ARX%HBlF+Dj|Z~DYUG3m
z(uCa=IF}nEYDPTJeBjH=b!Oiwvje9p9UKwI$Qf%4HEUMsp+>;h$B_j`jA>g|>4ZkW
zABP@awu7<qs1kPzMK7oh*JW(V>ME$NYGJ>|<>7#17qTK1GV{GED<DnrB)Jhl6;Ish
z$~D884MbE{O_D~)j%Wmk>Ubu8<Jf)Z!vX1PbL8)JbP1+y59`&9jUEE}4vo@lXP691
zG?CwbUfcG1#<b2<E<vkk)uk1fdtJ1zDm}Kz$30^-4_60@J!68uqE89L9Jm?XawHTV
zaH=qhsn7_4nAPrdz3K&Qoi;c|)Q{hetmu-ZCo?@G*xtyx+2<UuX1e2xh7?j&RQ(nE
zO>}TwF(~*avSPKe>d{Z7OO7i~l1lXvYuQTSZ|w(+`9FYDN!$_5!A41$xxH^r=TN-r
z(eH)C7g)Y1dy6BQUEFzD>gfY}WnFUm#q7cCqcvozXIs7w&c@jPsC~~BW1wB1x7`Xd
z#^4Qx8)dWSK>9i36J1A3@;9ny^S<k3|DW8q1M`ik-m%tQ?^0H2zzLML_9?^nM_N{5
z23ODj$b6R!M2y?-<t}Yj_E1&~Lo`a8?yK<q7cl|#*#B1{4im7`eb7ngPa^f)lhirj
z$8sl2#Q3CIaFTS;IV%3_|8mIu)tW#%vw37n<+H4kc^@%<-tYIiYZ>BhfiHPg>#8y(
z2vQ^_lB=_nN?eso_J3(lFsQe^S4Z(&GRM?*7EoBF-f_GUK1b2T>Ha~Xov%c|lPUb?
zW9D}IuT}NmOaM&Hw&Jgq0IxC)6wfnchOxLg3U2pbc)daMoO%>~65}hgjFM$%)RsdZ
zVs2+|zMU<2#-x|UiWUO_!78L68GGRew89%RudDE;77M+jQpF&sY{(4Xl5yQM%%5tq
zz&9ApMby0JS4!{^MTSIUaKzm3Mw2+R)D*V+HA147J8Zk@|Bxj(fB`j^DY5~X&hgmx
zAW`DaoTOkZ=e3}4IOz8ZRtiw!FZRd3ZzoFZIFmd7!y=yzYlfj}lj|k=pDJbt{%TQ=
zMG5zF#{GfpJU_AAuDk5K#GDz1^tMdMgsnz59!E0)%RKb0LxiGr^)E{et$ph7?+P;k
zrkIx&(I!S{cg>jqU0hGgcP_2E8Gf2Znzdo%KJ4cqUE8cNSl=s5sk4=Sef+>ESM3!|
z>cAaKV?vTeb0)1&bshf>&Zb^*#2T|`8*Lv9HMy0f@4Ru>h5-9HElGxM^exbzewb7e
z*vM6*IQ5SEVDpa`-Sp}Qv^Mm8j;UA<XgwYM9FuSRJ=M*$$FPkx*&>KxgDoIM-tB$z
z2?^ylQ%<TSL-$tBZSD;=rCcd4J3Lef5vaQ}yp|(<iH#M;GF2UX<X-uEiu9!U_{a6r
zWT%8cz2`lVF01fqwey3lcs==YMCC86lrPL#I)jlVLmrGIlZ9y>D?a0eOMH=`oQ9Sn
z9bA#y<K)cK?(_zDQnS@|^%#&V52l65=AuCU^z9oXtR&j$(TU<VQC&ovQxg|9Sypij
zUr$u)UHSzhVxl<U)n%UN(Q&!>;oBlOD<OKvRB_vf1WBh<!{Ly>FWR~L(O6bFK6Ssx
z8nIGuYhs)Ow_AVZJx*h}4$<2(Ooddibj7SSF|Pk4>>nRb<<}iQH7PAfuXi_BnJUWo
zHWcpnK6cxkgmi!A7Vv%lKYXz%Mg@40x|*x#izoJc!PXQwEvxB&*v2B=zeNS0VrOus
z|Mm~R-AP3@_$#%)%coSU&}r;3c%etQD`p$?yteuoktUe^c18*t4aHst6({NqF)A@H
z<2x#8%x+YS(3dX>Q`jZH;YozOqd|*~iFrx*?veyRfcil$o#fpm0%UVCew_5lFK^@G
z@l})X^*Cs9vg`Npv6d{qw@Kd4mx3d_w1wyLnsNUiC`FW@nzo`1KCXdVN#bKdK@wM{
zME-G!2K*Ne?|UBK_8RF@?_{7!MopBUOd+u=L@{yLK6*d1-%QD^Xg;@J4TQzv9la2Q
zB^ApQlL4&ahH8d+Q_n<wq;^>2PwnH;9%j3Cn1A&PRaX}HOM}ymS!%5^iBi6LzFdrS
z^)>PObxFZUwI<Lci}|3@o_XNBGL+JOmdqr7c&)L#Ad)LrBAfjHY9k~y>M4O=`J=~u
z#_}3dBH^Trhc(x^_MMT_>`s5Q#-&}S0hIR6D)aIH0+UF9%;WjvFf|-Po5sie4bCVI
z)V-R8x@nZdTKGowyfpGU_;a_e4=1sPa3Zp2fn7#?4b2ZY5nq8Zlve-)Az4Ez>uDxG
zjVqjpZk`-F2_7J4GHK_hYO&-(n38k?tcv@)pg~XybTg&ms@I15IKOf~h0!12+DEM}
zBg{l55=(8DRx&~zesEGM0pe#CxquXmbblwSnj*Z+;E6TgW|c_TUB<bdvN=5$ArVDP
z+T3`x6v)C^BdYX6DI)=*c&QQz*ySjq!`57JznaoCg%1eaIxe9*jsVd&Iqb=lPrQ@G
zBZ~qDiO;dh2|?C23rD$~v(TL?No?PcZX)XkKLf3UB-V%_{Yk8~)S*)klIv@ebFv{p
zob)DuC>C*6Z!4OUZ;JYTocO&1-awL|3S`ZL%zI*MXx)%f^od{~RWODUq-D+E0WnvX
zspfH)xs$~)4Wv6v?2w7?bL~Sfj`Jzm%u68i4n~%>%j6~wqf&vfOf~2Zw(c^vV6vf<
zfnqiXH;o0dpZKKY_<|o1B$s+g6Q_PH1?c<SMw29$->{BZ-iy-2pop5}k4<~mH3wM5
zD<`1GC_pVMl@oNNt!FI5lPPai{2^=BvpWOaJV&{IFWrGnGPfWqT!R6|9ht<6>Fa%N
zocyDj>2MDq$@t#Wx~$g0dOMEcKC^$Eu3bBMty{|3v3>~OIZ?#*N4FxjyRYV3@4J@h
zVNa@LErCS`T$0*0)Uu8M>q{{fhrmmbh{Ovz(Io?3jEp)77A*dKxxO4foY;MN{|_eB
zJznjbL#L<k-zcI%*&_{>c?BcM7eLA!jsv&P9|x!|fL$U9(h1iet;y~x3r6Zxfh|GI
z2h_w%x+?x6t}4?zPpCN2*fr75j!ynvzI6amjYVevOEFyr(T-ZLNhQOhf)SaKvAt?!
zKb8N^G1fKe+=5KktFZZ*b4ZEr&R<68VCN7ES-luo!EWolCMNDc?v7vsM3VppShAh3
zoiD%HJ>SP|?M>y_odgVX?(&!%6T+*f$o7NE4iYPvdBTcw@%b6@(>Ii`flsY!NZ}UA
zvXdH-IoEs(1!4o&^%)OC0=z5$qz}v@4@!*>HU>XAT?&y(o6n<lYc#!cJq6?ooZQ^=
zWA%?S9^?#2EEvg@#)%}w^p`_Lq$X2xkYM|l1ofTXkuES-1Y}bN#wtRKy?csAQY>U~
zI~kfW2_7oaPef>@q2$Kb9KbSx-Yl%Yb9YO{RghC$Tv(Co&KCB}POq8oN$iTq6Lv(n
zDW`Ay=S`zE4&+D`Vz_G*4qeX{u;KBqr`uh)lkM*dK>7ALYo^Rk-Sx5IGI#^g<kH_H
zrN3!`5z=jqm!Ub(jtuj8i)HB`<I0Ks(Dp5vY3V}5Pm2ht*j$G|Q*Pg$-Ho3bPUq=3
zUcFilv8k|^V1#v>`ccv6F;;U70~)b~H@~Z2LGB!<docN7rhpB@<}^+%)Beq#o?l$t
zE_)7j?)2wI8xcoTzl?IzIU%O~1t%+)9H#cb+p7C7wkG8EpTD(C==XDiqCLZn_OO=I
zoD#RvIWTpX+P+e|M7xHgwd3%*m$K|~fBv;6J!{$~`CL!tA53p#zNU-A(o0zPt=fpX
z6-U<>p5z+-wH{a%;N&#3>l#j-uF&4kzC!%5L(8UQ_4g^tbzy*PNzVCqI0<NMyyip*
zgf9D2V?ODw49!Wt<ZRBmuh7PnN93wGS*p9o=HQk$EPc#?eDo=c`oeJ!LlBECyEu@-
zUMbOTDqvvx`0aaxd>1nRz=2rfqQG<9fyfO;nMvJL{U1<w+W6FT=~{l%(bI7aAd_Rg
zW-RUcOo3PI2e4dUk0S7nH5CcKD$T2HW+y*S52`~c^%a3-ti+e6L1V6g$QiNi0{r-t
z);D&ccWH;97}(js^dCp2hMDmRrPK%s+$$OR#u7@I-ecKzn%nH^maCkwtg8T}wahIV
z8D&9Y!MG5*DEFe^f%*y*r`N#7M)XDnUSo5VQjb4fa254I$ds7aU<(w{c9Khcw{(q@
z5Hz*9*Q67Uc+M-Fy^f)D0vK@19ueCI&_bEnEGrtuqY;DL5hH157U^~_Y?cR2<9}6j
zQZpx^{xWaw>tYNNo<j;}@RKM(0MVv)GaE>uDN(5E(~r|ZWZB=Vs=Z;<a_LC^Hui(W
zr&m&~R4AfP4<Ut{=n@HAV%(SaiM<qP82(y%ldqeNri&NdBPPdCMN3}ZkIE-3FQSOH
zu-Yy`a%O35x|I{C>QjRf>vS)dd}@{a=L}B@WOuIc{C9;+su~x^N=6#7eF|h7tEP`b
z-azn+;|Uh`qSwcODjYsKcDq;+r^Krp=rLGMEuqx*$oYKgf2FZ+r&%1IPY-J+#*t>p
zv4gSzX>`w#ot&z%vV&+qcRGq9gTJ9UxkKFG9TivGsW`uN6#V1#>KO>#`@Fei=HI$2
zcI1;41t(qVRUIVup$d<DZS7z>fbPDJ7#73y4|pURc*sW)HK?_)>xlVpG#L$sPN$e9
z5=PF+-t1%gvua=J8K8*<bx|Ljxls<}h^Qn4po<3esv`}`XMdwkbp}za+)IJ|5?P*+
zG5SNB%u6zl_x@JZSjs_$VGAFJGki3)?1Cr<vP5jdDW@z2vPK>so%}xCJD{~7&AV=)
zwJSu0Ygj+JC5Tt*$>BXLdLCy)_X63&)CJBAq<JK%8Xe!Wqp*l;Gb~!*uQS){m6@S+
z3(NX7ikctKm-j8Se1S7Zj}~dkB$QX))<`%KP^?q=f1%`Z1U@(-gI3pCleOtg@8ktU
zoZoiw3g}JKisf&W2S_CR^umFtOiM90)aP8@Jf;=M_Ilw2F6tkB<zKpN3#bN&%6wM4
zj0!U$5gm4MowgiBLl?!Oxb$sDE<fUhp~bgodna8#@?!ZGPG5e<YcL++bjtlMsat2M
z*8{%4H}m@f7mDcjLTW0p!NY4@0|m&|A_}bL3WsMw7^+iitJj`KdjC4a+gWsA;|Sia
zRmH6-0K0(7NP&kPMIB!a)Zivj-UCFr+sq_Opb}Vh>pvPC!b;FrD)!^u`#>}U@6j>+
zb5?)2+JzO2u)GCkxd1NP8WXq1WzaaLETNXe3=#PJnEvD&gRW-D1(8~2rh<oVnTA7$
zP*0wL<ZMAv=FgDB|Hsl*N44=p>y{$HiUf*=;wkR#?ogcK4ut~69SWpKao6JR?oxsk
z55=9}?yisDd+(3To!Qy5=j>)@_R4p^iv!9}&X-x2mWmD*v-n5#H7|&4kOXw8v%9<D
zS@wFHXTMwDu#};V5|)aUefUZWz{O8%OwAdvwEC&MFv9A{adVTCD}KSl!MI$$3tuT7
z3*E8iqKx!5K&ZI+5M0lsTtBEsNNWf0W1g6KWy`h?7fLFpuM5pv27Rq}4AWIv9fEn6
z<qxDp+PFOn5Z4>!MZ(p-?`s7Q>d^=#(e-LDH}mj69vF*7w^v{cH==n>E%#%0DZ$Kk
zxPu!OJ%S!VuS($&hCw5`SNYP|>5*H@{pSg@FGQE2?>}6A>I$N83u(BAiA5uK7wp!I
z7s{lsvF|zlm5Yv7_PPaKro8SszC*uv*^D%;A6YRM943%mRC5Le2+8K*<*+dULjL2m
zXJJK+-3SndncJt=Wnf)GdK7KF;Td-A@m9hq09axBR$>R?^|NfJ^|q%OK`NS5Gc}de
zPNkkrl%Qe79Ne=ZKqItor^X=CY^)y<%Y@W+V!qq@%FZ}R%VnCFBNiTwx=KX3%Vq)Y
zx&0kTCMLpxcY=3$dubKCCvt)88JsP1&Vmu?hjW>7iQY43g!um(4l+d`nU$Xj?-hEH
z%!?AYknYcf+<_FOUu5sZhw^2%X;FkMzd6CovNwh;zNV&LSrVLxMkgo@t$GG%hO*I<
z<cd?du_Y{SmBWJD2+5ZEo`fVctQVMr8{1x07<}SjTNwQSVF$JDR22qJ7yks=ePRy0
zs(mg5y?&*Oz5Tf?SB6A0HH@^vG=gmuyMe4Oox-LmKg7Ro|7I<)g{_~S?)KC^IK)lC
ztA45cUZ{Buiw!PiFBVPKMx^GB?v=4Jdb;yEMCxKwe2C=v8-ngtztVI1NG2AI?@idb
zLiPU|R=pFt*VNtboSBmhvftc`m%As-QqckF_(Fw9ehpD?-C$H^b$KY&XI0!(Gs#RJ
z9sf<dZN7YbwF$iIh($fLgRWg8&O%?6$M7zW{Kw;R*xN3S_B(<9K9%@s7Xm%ytN223
z_`1w858VBPEU(%8-LNYx@B&1Hu>YldZ8Xu^_Qm*iAIqD#rF4Wc>RKt{tU_kWtKTr#
z{d(yAAG`wYGa<}{TEd<!d>fJFVOEDK^`q?$43Zo6R~5&2Yt1lN-8*r?Qr?bU=7G7t
z_z2%d`_SyxG3)RRY0i|TQ#VW}Pk^AkMs=Xu7sLO^40gfuGW;!)j^3GUob*E(OH3-m
zu~q2ucs9W|=8oHb_Osga5XwwG-kCWHrEd*c@Pa3sUi0wtY8+zDUzjMs=a`x-lQq9R
ztOp{r8+8AaOK^|3|2Zx(#beI35r+E<&7;Y#5r)Gvjf`SrF-|;F!BbA1%5Bd|7op$F
zFfrS_=|c~|h|XVjIrq^dpi0rteQ}+XZGIh)+!xif*Zr!$J`1>p%6yBRR_jG)q@MA}
zM5WJ(fo~fr(`z!A%YHI{RoKGi?a+wQ@ag@Fb6~hKHZZ{&=_E;X{y#t7DcA3#5SD`0
z`h?Z8JDh&NQ{Vkc!Pl@TbmpX*(HW4eKzSL(zHGV-p)TM~Mz7VO%783*KU)?*H>n?8
z_;YZ+q_^d02s}Cjcls~B<C3?dkh$n5j+85|aE*ay2C>TzIB0Ho<Z)WRTaOr1W8EU}
zxj;$u)tkOyB_PGK@}WBNz95(A3Q~Ts1evEe#`t4J<6a*L{;fXGrr+#GWBQ$k8O6b=
zo;@nmdwNCzUbvUQxC`+B#9Q;cXCoCc_ZOzC*N?hZ&NvH{Ty#q@88!hgwDe#|g?P@(
z)q6*=N|LEse?_YZ&BKi5*p{tlkRfCSIp%8e4}FGzDvFo1bxnZR<hhwIl(u`;BiqSl
z)U4nk=^qhFK-u=LiRA5&2}tn?{OB~ApTY+S(?CG`t_Q-Ndo$<}nAFN+hxf&WkZI{T
z)}N60k!s2BSp=i*8ONRlA5zRvwAh4+Z~xIVkm3>1{b8h{aS`i1)7JGx6Ma(_P`7Y#
z=bLLgvK6mk(Be>%ieo3TN@nLIZ!3Lu0vmBXj$?nkpQ=ivGAs4(?=$LcK#Z#2#;^Zi
zS!UsHV~-n1X_0biCOhv!HE&*%(Uf{}JjQQj`RKhWMCX>ZHphM!y4z>D;2Q8&8Ljrb
z_FtrdUZS?gb-S}GxnLF*_FZt(^Kcohip6#GbarI;WDitwJ046Fbv82Flyp{FlXT&r
zPSeBjf^Slf4x~}P!s{_8%AmQpqzf)A@)(T3r@1($3$9lm`lw4^uNZYL1F6x;brl|k
zoz(;Fmc9nF6%n<k;@Ta34el#S)mIad%-M3Rm%xGhCjmLf`FdDiBC<VyQX*?nTX&X)
zQgnqjIS!zuMe`1`ZkA`?iC7V#jiaS0AW`fO$z6blP}91+qTv2J<-hZr<~dJ3S8|Rv
zmC#&KA#@=}GKgK+y-%B+JF<RBW-{8$_na1pbZSsVN)l2IYGi>HgP4DbY>@T{>}2%4
z?C}MA?s(LBWPExS8E5+@SY*ATlPE_avj{Y)M@u#k-XYTZoqXn(t#;sV6m;zlVN)p;
za>|6m?iP`)!-)j@FbtV(OYGD}J~!!<C@mKvSMe@91I)@a^qvqT8qoi>{Yy0FCt!?V
zWtQ#UCLqjgA@8s)F<{g`m4!I^L%zrO5fI+%8^hw=9>d+Y%0`d`FKPfC(If4*2t7N3
z&b?9phJz~N<d!Nsi~4P0t<r=HRFZ?FoqxWc2G*Ik6A&#C+}%uhsIp@jnHM{&dTQJK
zOd6Tsmm%zw4RE`p?16_XbGn6f55K(96UeZzEqTj%YAgIq8k@M6gz!Y+uDEXF_Dm>1
z+YH-APN5cXgJ$UWV|M?pD1sHP2eh6k256hIp$V^xl%IlK@(N8=#tIjYn#U}MHc^^E
zLuWzb;z}aHmwP>%Hm|Tp(3kBZw|+O7MaPl<nyigTHNMgjm7^s0`y_cSq@>#b<O&%G
z8?!u~e^wbrM<su_|Bz-dR@M2;3QF!RkG{q2b7`(;1bw_q)C?Q+mR7#H>4Ym-cy?+w
zS}lDP$y<t0xBj!h5php~t#ZR~72D(YNPz|o?|b5&tl5Nx{3Dy{)I8U4RvT&b298P&
z#Wv=SvQ*q&L`>arzy=Ln^ErRd`N2>psB{{NBofNCE&uS`IriCO`D@k=a*$sT!7$=H
za%=bLE@t0ZfPe-HzRYk0*O+X5Fb@$~`<|rt6RpJJD^s~f821%z&uRK~y6$|^=mc#q
zF&o>tl5cp<B-0(XS;7J(GcVuFE-uy7E9aldAyd)9k{*W9$~q=r$@MN%u#r98EO8ZV
z9c%+D><?Cn#;?2r0#*Yg!9~)=`Ko^!qHG|moPo(ZHTt$**e0gfNcsoT*l-{0Fu6;C
zeA_{WB3pxKoXY7%DOqP6WAmeGgEF7jQi8gz5-l@5H5RQizd%t0+V(j|N*zN<4&Fm&
z>%>mi?;jW}ioL{NjZd}mSOSLqueIT<VImUb#AR_xn}L&Nkt8*g#4o#)K0B1V-AFIE
zL+<lS>#0`#`;qIC+ol9Lp;l3JpM-b@bg>fj$<cKUORhxmHzI@`p-T(hkhE@U_gL*z
z-K3GtFplkEMW#ShmSV+ajY4}G4p1nUUvlaS8tr8h`xj?{8@Y)y8lHZvDCJ@!!x&FD
zRufBBq@<HAB%t3qPsWr?AZkb;-5;wg<<ni<w$CO6Nxgmo^d@n=%2TMWt^v#P;P!m<
z!)|_)80P9aSEvkH+m>J0a_wdbg#jf{S?<u4-=w1VSq4lRKlh9sNJLqE5Q0qxh@C^n
zZ){gnXd{4t1r5ZEyKu#=ft1xDKe2;@0f#CQfD7vDZEUFY&!ZRhia=)1XNjj`hziYh
zDmIiZ3}k{mM1;^5D<;d1=q3<!nnqD0KzFE2Q=<|Bw#G-g1_Yf}QdEoZ0J7u`LC7ZQ
zz0BNz9lUF{pT6bP*QLdfS!%cPbnK%KbJ5MHk;@2e@#(N`rs{!K)VyU}?=>S_Z{xwE
zeXu0>k-VnM1?WV5&0-H#4)g6(YNoDX@C4us;tCx7=v8L$L=aOo7dNK~c!GqSrpOq(
zUtqU-AYLP4nY7Co`)^SA6jWc}xf#kG(#N9u(p-~anKbow!YTCQ=THsB@vHvWZ_@~F
zCC=gaD;$Q#wb_b*epf4*-kjrlc_Ceg7>XBa8?#*CcE-;=bU-@L+R~xNTDT7lDG+b^
z;mS`R-wFp9EXx#c1Lwx?0OR+F*CfK?ttzHfpXV6lP5p6FS=CHcZg2|a5AlVe(YOx|
zA9FsNl0;;4Yzd$wo+K<8iO|x*fAm(40=QED*mnb1SObK9;H;P<2!!KUzCKK}Hg&l}
zqg)_a6v12>kx62&Fcc6%%}o`UjCk!U*_^BqA(U@=n1g$^Ih+DX#ckul(T)2<rU((E
zuHM0gn}u~`0`AZrTA`hWxB{QJ;eoxvVvr5oMF(6(bz>e@)GNh+r&77wEV>$ZQ2gAv
zydC$crM`GL{W)-gy4?)zP(=wU7}haL{Vi@z`cpSPeGSJ;?A$rMxamohtPW$%M@$+)
zQu=CvpSb)Gw8OI;2wP6AqByE8o?9dkSI>~{@EQj-vkmcj^fS~o?Dra2;|%@K>IqWl
z7a;Uch446ePVc|BZ%c@oJEyMKa1YFQgMQfc1Q8EAdQSy`pdRv@Ky*#oa}sH<v3}2!
z5IQAKbN(a#Bdc!?R%wjiit;ECIrxiCjnWZa{51<f*L14=PZrJ0M?$B`h7E~;c=s@F
z{UPV`%WpfL^U^Q+dRYt<*(ZL4$)G_;xAT~)!_9|7b00e}PhGqWZ`|Vi;IYHuX4B#3
zS=1($My+?5to`)6?*#nz5yT2d7$Wn$PoTlBUz=XvcNksG`<fa@@F_0dL}19&c9n`_
zJdY_?R>mzWbvo<J^gEj239#4KIHvhHfNx4l>!Yv-SzO-H>I|}Y>7%C)65F(lj9r!d
z)%++OK;`+fB5w=J?VQE!oJ{6i#LcPc<B@qqntbNEY*YztI4tywJ$Tht!NHYUL{mvP
zN#N_xJjwp5Y74JVL_rnx@ga+$RM+!^9N+eYqBd#VoGzZ+&b<Wq7Gv92{Qx&vZca5!
z%QLZuZF)2W{Bb9>@slsL@gxg_zu(Ud(z%_p%Q$HZq(0e!yUf5v{BcDKg9@NQKDXM3
z?BDG(%Jv7c&ppbowbPY_y_@LcO=W7^TIE+fMwBb{4f=9%UgicdOBuwqcul|}MR8Yx
zGEQ#@8k7s)E)251vW&NznKn5oWx_;S3k7pt%;#*CNDvI506G)IELZWD64ow;x8Ie9
zK>hu$Yf8(k2b_2Bw*VExICFHF9<(t!`cdB_z`8PU0wmm3OfUup*b(o!h4o<VmIMyD
z5S-vgd+{N!@kgX!3hY(A?F%?OmW5hmTL1p+PeI;7A9rd;9R}QI3H}0}5+Rl<{wTE$
zxmS2Q=&B0YQl(Zd_V3K#&3W!~s?6A^c0a8mx7Xj7_iYi;8oM&U<U68BJN?WVri5Hj
zOwbbjW<g;~U-M+*T{?za7;V0^y77s6ft*2K!qUTKx;0dL0#V3FcBvDdtxobb8bNp1
zsZv#K@#6$!c>-_l-{+w_xc^iR1!eGBG{x>94X2JkJaGsjo3b0?_A1b0D>4-IpDtn~
z!V<WziplG3tm2z*v8LFj!5UBAGHcnliA6UAdyn`;y6Wwe9BD~czamH}%z-xYE`+I+
zkzLX18ea1!W<mow<&fMD%nsjL$d9Cwn>yUubTx=pQDDT#?UJ^t3NjH}c$hu>--}q8
ztgP|ABiC8*W((nwr?kYxH`FxO=x@T`I4cdKli~1uc!>X*(sw`58`*a~@Y*{E_p*Fw
zOGliu(=GR7KUMfK+7;45U-+HdpP*2?-nv6%<fra$wKo;^YjSE>;lRX%t}boud++6H
zaK(na8DP8@dkE|6SDNe1u$&r1qw>p5?|1zLy|`(8xS<0P5k3DT&`91bJelN=mY0}G
zF~Wy+0+WkqnTkvFa(b?mlt4!t0G0t9eNQge!)U6<A&184sfm2S997T2gXlDVKSq_?
zs8!M}E`xyYQLA{fQ)li-&`LDKWG#gOZ+z5u^tk$#Ody;@z_C1{_MI-jaFt|AkAuzB
zzcYOcs97TF#Fgz{s9%0kR9o82zgRy>7iY(DdSS-jA`d2_4;&+|wT+kMLy+afpC5-6
zDfUYfK86ecq3fvkDO47>H4Ux_FQI~{iiRaBIin^yp#9x|ioCdWRLpg{YFCXm4`|ur
zcFo&A86HqYzl+B=Yd0RRL~JGzZ}K=5a=h`D&NP?L+%LBOm@GDN?C+W?to~_)eIMuj
z_Rv^!S$))<g*FlUBlhHnjvkt68Bjcl_NME=6;d~lu=gMRioSt4hogE;<zXvi;ym=|
zZhWdEXlGbgHS^=f<s*(s(oPfo-koU0_hTzP#bL8JTSO$~C5EDv7^Z@OZ)^e=#;3mc
z;yU;UwyRjM#<b}N&DrX9<QywZgvE__^>zWh^bM$8GnCbKGjtP$ThhMAG?FU{#w_gs
zYXO8X7C}*7?=F|-K+)VYa=84vyZuMLm^scc)*G?cE=|nbsVcNxX0yy$oBZqyjH;cE
zJ;$7RYfD}u!6B~Cf$$IyK7LQVEuvt3$ru3I2<t+P*TshFVbAepHV@QOj#nlF6pUWA
z62Y^ZADh=&kkSeO<EEYH0~Psv7gLUs-rf2NiLB42Yv6<HYu8FQ=O|A@yh-D=|1sv$
zo%(Si0NcZ8;AhJ(8zg#K?1x7aX8$2i%!Q{`-kJdrz4BqI<6@Z5@n=U<mBx$SOf=WP
z&FvrSL&9gm8b&dnR&JtQXgQBZR&VI|L^mER3K1&jL8UJ~S??<(-oqL=a(t}<lV8^N
z<KOu#r^YO%Vhc{iasUSVi0gxoOoPudzVQ878G{%J0PDl}L?f9Yr3L^)=IwhylwH`*
zQ!fIxPI8k#P$8hqwkiCpcNU@1-+l3v>7PIT;!z~|Wic!31hm=ph%U5}X}x-rW~6fp
zoG;=Q66?rpTnV7`_LwS610UtbapO=Xdt=1<<Nx&;V$@T=0g3NU?IdA4+m+*gx`zbr
zzOMg)r%dZVS)Q6b<2MKEvU$I9W@4pZTqsEQ#ZL(grdikg3`oD?eY636ovLPl2UO;E
zZ}^eRlBu|9)=8Fs7A$3eFIOV^%Bp=P@{ZICkNTNIeC{zOpObm`AT|0jl~|q25JnYQ
zS#}?<{fqgvj=2mm=un;)HqHO5^fWa16vf36Z@TsK!>3ZZ8^kakKr&neDJqw~o#n45
zp5`_iW)=Mp>n=>z{6fSv_D3+f=y)eju}j|AM}Peu!JqMme+EnFh9ibgvk-VCj?w8m
z@)||9nuCiD<YW%uJiUW8O?<l1Z`ubMM)s^VPvWQIv`aU=ZX;n{xy{SV0E%Ugzr%{P
zgBPEL3^GU$1c_}^`CorAn52=3KI#(szJqz4&$9Mo@0I}#tvHYKJY40aV9%-5lZ`Ir
zBk7bmrPJNdag0FbVJSwkr{%~~E1tm2nd%7kMh}e`YR`l*=T7(yC?4y>>~HKzgL7+@
zxXsvhwStN9lR9?6h2N*&-NR*C2Dly<L_a(<)y`emGh91Z)Ht|&c(_Wdo!d%OyR29x
z)HKqWEfL6(a3@-gBTGnCdzoPD&OoN@R60~9T>ibb)unTGq~Q(?JErU$%n<u@3&vhu
z;KDv*Dn;pDmFR7X5&|4~owD9VhdMZWVOw5fpD95R1r%#G^fq2E@-!24YKuj-nucDJ
zfZS>mamfN&)m^X#lb#(}VnH=u-yzK2rZcQ(1s`-)s)}yA*wM=HKl80|DW^Ltu<A9j
z!9M)A%-qLv#k28iH>*>phe2`SWeEC@#b6U@mF~V=<hXGCq;MU5!HM|q^<XiTJ8kA;
zTk;ki4~d}0e<ueo*~Lc?PVq#}!9EF0^WTFEQn6Wx1nC7hnd?Ld`9sAN;i`ruq&tef
zRT`5FkuVM=KkDeJ9LiA&Ox-)y*&exEM<IsDm{i)#=H{e&fsGh5u%ACmU=x9ukt)xw
zk#Ix-a<r>kz82faRm~Kvk^t`C0SUfcPz!pgmgreGgp9WYN4f^eXL*?j-PRJ<7AH-A
z>K^71zp9XHb>^_4GbO*Pe)Ucj`^lr~faQ-$DURkeYY90ddQR+$QIr$-m%_hS6Lfc|
z$j)1-fz+-^>BCqVINPfvjXO|RRuFFn)c}2HInC72N7$(YHS}Ev>Ww4hKpFB!YvHDt
z`<?&D(q}Ux39%pAUciM*TE3h;vc0Jm{qIWFyh7BL1`)?fgbR8jt*{5|%Bv4`%)yrw
zmnRah7>b$laHudu$hWsVyyzcl<fPP83>t>(R)*`DG!+h4rwZ67eawjMH$+EV#aJ!x
zA26+VT<ip%E<L6K@)nPeskStz#~a16efFL|=aAH>u{793n`N?{`N@SGM-4OBmlqnJ
z&5^zd=_Qmk;fF`Nup$4eX30@D;$xmlu5PU&b@mE6g_2M=J}RjtQeY<s6W4wG_p*^v
z++WK%l~}vo_IV?&e*2aL^5g)pMZToEJOr1YU4fVO!R4v*S*K$Dao(Sn@_aIRLi_++
zro;-`HDmEMl!#NFY7F9$A>VLpi5v#Ox*u#VZ61wO5^{-6=xDO6J&S8}w=pAzJLNvT
z6neyMIp8L>(`9b%H36`?Xok58^6^D}67Rf>{`$lIL36m}asEOgvNxo!JQ?JG)7UNr
zQ%SOp>|j~u(Z<hcS37=ix4tF8Lcifc#=d-ucvI^wkNiVWv*KJHv;H>*rV%~PJ_h;J
zIzUf>;!qXfEx+)cjq@>A(wgtbDW%M(_9AnDW0~}?mtth5zYZFHl8~70cYq+|zu5np
z3mKO+m<i!nDxMmUn4j+eA2G2hHje`!Xz!!|cOK*>`=Tr6eDvb7Q{;hsvXGd7Ab<l#
z+(#`g3&2<XIv2p*H4cvW%zMgmvR(<<i!?XD{FUt973ca+c1`nbs54~}KS`aQk^rPx
zd&zbHrN>}A3XCPFt7Z9g?+=OjvmTok_wnqJqkD(vUbs{MtG`TFy|&6`5as<f$s!rP
zp|2A*{4Y6tTBTjd`nK`(=d=T`(_imaJg*zl+x?HAbcPX*PT{vPllQU}%Vq9Z!e9}(
z=+K_VSbk^83cu)vrY%SS+%a)x7>ULIl2Mk+5z2>x=qpML{t;KL-jd&SmCI?Y>V(l$
zP;@zx&l7#D4aOBFr7sWl4q5Y;(P6s-LFe3M5!u7?5mNVf0zbAf#n2>jPMz=&3tk&h
zP%CMg(pPPL>Y6xV!x0w`#t96@xh$~oAw-UH(Xz-K;F!HUP)`t=iGm;N*20sZB%>m?
zWtkfYHUp<J!8pWNd4HndYIC2pY1}bRcq3qbge6qjHgZ=)q(Y1%)8~#8)+9U;tTrju
z^)w6&>?*v(c6U7h&&NBpq5D(J4E!R_O-IZvsQ#)P<{1&BOiiNH#^YW^ApK_#Y8DoF
zcX%K1X;{@_PhR5uE2geT3d1&PPPa$$_wUUxn9)~RkqsE@qYxB!1Gt}QeYwV<N(esW
z5Ip_avXVr6-6?bXER<ss@$d8JO&H9EI;T%I&`{@fYkEJFmczMLj?Bb9(x76K!W(z`
zESp22@Ksju09O5#+5|NFS^xF4D7|4-VzrjwV%AwIB?$8DCn!@1h4$CKE;b$>cscM-
zfyd0Mlh>)fo^DFcm=h+IscJnxR3UzOkYJyJoWCXTGF3=l9^iQ4202j>Hfo?JK9Dt;
ztqE{8h=+ltaiZj{3p<(A#`v<!B55^<lwi&Zc+sxedVtxOV$Q#1XzXt^(40H&@?qBt
z*3h!NK2b@b0wu#l;!qEFPKqE~dqaWZh@h2nSHXtq9a4X8CPtTT_4SHY4^H^x#CioW
zU$CfIuin)t8>G_=V3;}JRp!SLeA-8NrWHx5001$pl&S>`=M4Fk-Dl!DOi$H7W(Urj
z_7fJa^%}O-3tj<17OIh=7k{c~RGLOAjy%eu96L2_!3$L*u_}A7wVb>zdb1bb=XZj%
zdl&Ib=Nt`#K9Fwn-zJ1M<qhDjkSM@5hC^kvoJ*uZUkJJ6uX(*CdP=$QM+-E~P#Fer
zm%>~#Ff0GQ6;%TbCgjHfaB@t5X}<#UddyH!243a)1|ZYXbZvK^7h3Zwi`RUiDks3D
zL4*;0XX@|u2B16IA%>akzMm_uwIv+qDkLf??1qwlbfmeJ^3u;+8>k`?;D&B<(AH1V
zC-*LJZL0MZeiZnT&#>`6Zl8X<Ia^HNFxqGTYq!cc3gRqEVAhccdHucU>BR^NB<Lgd
zE5fR8{4EgR3kLXAW{LhyCvQvNA94?GcRIfaw+zfO0ixyr`9#vE8}3?KzR>wKR+I^o
zs&G$&21s6=x@ohnKD=74oR{>128BMRaT`5sOmw?l+E9IMydEjc1;Z|@p~>96DPzi<
z6-lS^Bo9|gxIYl})!*Kr)2~9^&JjD6cG!x`l$!Unck{?Jfy<7n$^P4VlpR&Y0=In-
z*X}cIj#Z&}St;x_9`d#ed`1+ooh8W%=9}18p%i2dLm>*AvB1q4rS79>%9SRQS=_mK
zJR$1NA&CdfHk%t;xfOg!=ClrZ%pA{OXcMOH_21Q4yp({(e>|sbp`LpG7z5joC}<2E
zm5sViUR5Wb4pydxnctb{>7f=nb$2~wGN@Irm_wi9x1eG6L!FAu9#bb@Ps;&xRm!yO
zf~o(Jkh#3;9TNO(F}9H!{SfKLelax&krTW~!A+GJvf9h~L}%2?0S+PlGL8mpQlkBq
z${5bdplT!6UM}V>ICZ=8MHR9`3;abZ5YFm_M&X3!-ZkuG)J_MHR>#BIW~hJlqf<}G
z+AzbI6)7^Z)+NK!<wH~DPYV_5cM5UIGD~4jc&`CeZ~7@hnh9nV8vTrY$ui!^&wj++
z=?oKUg*b6VboKcEMaP6dHivQ6vxPX7iq5%xDqxK?<<k#x^~r_6%#=#lIiBt#KITGQ
zPQStUU`fp+>THp~1g<4^=?M8NO!eoC7c#trh}vl8F07PmY{C$L>A&ZRgAthu(c_S0
z^>L=nIZ(vG=&{1_srzsBp#?jPQC_Cf1e!cELRIP{SrgEf_J@ctl7+y5CcEDdMz_1a
zYv+P6{JkqRSOt@c1L27~8Adhx<u|#KGOYR@Ss;uP&rZd==PT0g?@}ECJ_syI8l7I6
zK{K3Fgy-!p-Sd!#I}V5rXuLFYGtuTp1AuErh(&PUzYdjUoObuH^B-s;0C;;Gzbaay
zZ|2}X4I#*=8g;h>29JEGQldLl)uu5@zpw;ukI~LE=xn^bQ%lmeX}qP%LG3Zbo?75d
zul8%al@{ho|8ClN%O5#H39$&Pnk1+Nj9U(V*UahMXKpSOOJBQT^bt##-erXTWh6pZ
zJ1ApOX679|Y59b|V~+E|f{(9*BfOd_{1q^jG_%GBS!dj$h{V_BmKnbEPRj?>(>Mdd
zcX%h<MkyWzL)J!<tovmk3eE{3msKnb?J;?y=Q5r1;vRo%qX8`+2bFW9QQ1DCW6j^P
zne+`HzJg0UW#zfyso&rfAFY6vmgrcqufWfukjGd`!Og61(3)?@6jb|*WKJ{%2_YlJ
zRf73G;p|2)^H-qJ`JewaLRbsO{|aBxC2DyBoCIoz>s^&%>4!Jvb`-xvT$ls4`NO+b
z^r27Ao@Yh`eXFj_@U52p<+)yFzbNj(6TW%z@5M`C#20X!#Gbs}<15lov8!kzT>K~~
z3wz&xU1RYY2xZ7RZT65T{(XyTG6$BoBPrninWuE-&ENTHiaSk4HVw?TqJ(Psy?f7Z
z+=Fh;p6oS`&k0pLf*6vZZR6SF@N6@XUqQ8vv+^69>^Vy1!>z)6@mk~V{{(MQbr6aC
zH_w9Vfrm0KPr27AmC#I<*Au~<|0i5h{&y6SIi9*r;9JJw{jRDrfBQXwK-}u*!Q;DE
zVy-m#tdnN8(wSP05pOvqr6hHSC@iGwF6vPI;w0XBKxTq44X>>CMDCg$I@u;zeSe(4
zooS0lZ~mfbiO!X@@UqG*U9G7g?PlpwSm16jX$X3Ya=6*Zr1`cQ<!I9nO|mN!&t;Ku
z?_M-fsQbsYukrho#`=Pcm%EPnfwY&eO2fJzQjQ_?1V$+Jq!d27s5>c29`X@f@$3VK
zCgTVOj84Kctt8nNDfymygZf04^x6Rf3xbH&?-c(XYrUGNSpe&Ai|=8&Y}ZK*c!dp*
z9r)gfJCR>bYVGg85L0C#*UyZwp<Y>hNcn6tO7-y3Sy9|qD)h@mzac))j89GDdVd=D
zI<2{8JEVj8O}VGZQ7_AkPqoH&O5Z{zpJk1kanzS`P^#Gn+tR&KUVacvi@jqVIQ`~`
zagu?!>g__7Vim8zdzdnNhv`!IkLyoF_^am#3!?1w+t+XE$ILa#)sbNLv8rc-=RdS2
zT{JJ9;m*{BeQs<9)2sGOJKc}{<wU?@oMr>10KKVu3S!tXTEdx{5UZJ6nYQw~rDX->
zckSUqL(UoLDt}W|KE2$gYpo9pp3RN}7(}QN{2S8~=fc4sn5YlG$Qo;L(IBGj&Fnxf
zvWD**HQ!0Gd*YZ}Qu2vZ>Sn`ie8q|%e`b7icNcZqA%HX({Y8Dv4GVj62JG=c7G}-f
zRM0uMd|6|&8TTZCWm;C!vcsKhMZKe1lz*XI6?LML+UNDSClS~(eHi^Xw-Km4!p%4E
zrh*%N8H9<bM7+!70W|I{(MnGA?n7c6reGYRsLtJadt~@wvJa`fJq2dUM&S|OV6DdV
z$A1`C&Z8jmz1^x8D2thPL~rEXlirVmT`y1@0g#)SR%5Y!aE!=w3nR*8VMU4mUl;Y|
zvzjG;t=zy83u=5<zUb*Z6}!+Bx<_85P%3_o+dZ$0SA;CfD*A1&^6X8R%LUIs_zW`<
z*)1(5#y`W_l@2DMN;XP%>EHV1NZjNp-t~-o*!ibL{+X%+oS=pH3YYe32<$tmn1W3~
zo)t5^Q-8%~N9D?t0rb#CTmGE3W-}`v(wOjlizJYtA~A|g0kuQ{RW3+(50I7+$2oMr
zNc*++iieAC@qTf%p*b-MT>-VI`7~O~)axJe!HMW>r4~Q3zk>A{Q@3k&VpP;BF!MHZ
zjel8Q=IJA#^CQ6Bz_!4w9ej%Ij?^@R0|)X<=?-LKI|8S5W!jCFH0&$Pvhd0#bY<*t
zd2Y^(FdQd~8=|<`$AJ~DoE&{h7c=}HTKkmBX88FB(`WS#c<Dw^FVP@>4bIk4PXGSV
zH!y0kvyqO+Zpfh_NEy*jtqSG-Q}Gd%$8R(8XAYleI(Ey9NIW{TB|Omx|04C+P`TNb
zubYDn<@7x3-34bdaDkbCNh($7?_2Y6v(~Z5btWlEH=xLak!Cn($xl@`;7(yC#IF^~
zu(r);B3-84XEmrjj2fN{T;ggU<52OND>jSp(#1fm|Co~bP<q&AsLb1{e`ye{?G*M7
zB=mP$3%j(OyjlJC-?zJWZemWmA5)KQ8H$$5$=h4SMOieQQk8d8835{hE=~Vnp7aW2
zA%<g@%((Z-_z(~-ztJE*U(Q#W?z*@&duM@5b>9FpdIdrMFG%XU?xd|sM%jDvP#}XR
zH4)?w#Z`|sZg3^_?vqdxNX_9YJM>8vQxlDJocgJ$@t4C)1eHVubPK^Gf6_L0Wu}6<
zeA{iTxnhO)PM0{2V}_*lgOp_l?O%6W8u)^|obYp<RA-1E<<yIuatIssmv7|hK0$`+
zn+o_M{-<e5o!pjR&*|_){6m%$GPAZM+FyVsmnw)iP_<2xs&d)w7Bb4bv4dRV*(XVz
zr}*N2Ma|$n2Z7SF85M{vDPJC^#D`MGdD2!kA~R~29!<!78KO&69K(0<8$GGrx?gK!
zjF`WxYK>X5g%tb6P&+*E;m)WXs)ID|-9$ecNb&y78CZI6H#*EQ#SA9BH~1H{xGbGS
zna-$hOuZMm5av`FCsUjv^WADyYs{HvuXtbU80ze+0GC(@Q$`t|O?S}{IKg(xF|MBO
z#y0-J8$4ezX784)lja{6QMC~E=B`T+I_z1y%HCJeC`yE2ZS|LzK63Og6$ZS&FqvH|
z_?VpfTz~dcyGdzXi1`;Xc$**^;j&zbESc%eufuVw!%_7t|EJ~a=bIl|D^mjbXhA_*
zz-nD$LGhd|r*8Q|VJb~RpK%-UhH1nbwW4kcm2XqA1#5LnG(IK4cQEcKm{VTVbs6eW
zb7>4frf{v6-SyjwVTe{_$j&rGwG6dVlB{1F_@Ron_pCo^#4-Vabsv#f7_0@1x@d17
z1=a+w8Rh*l&!OKGf6m8BsWd!tpjtq)$nyV`&BbbPu@Igs`$fXKGk8t8wc?ofkXaLN
zP*A&eZ>S687G2Br8(q+(wNif0(H4-$`z^O=vs>RUdL(h!xq;On3?y0k$ORG1Eb}bc
zjoXcNxEIeXE8DxT4mwpYr_nc{dej(d!Fh@5QOVL%@bF?1b6B62zlsXKLnU)Xc;{f`
z&SB7}*0b9HxtSTdLmi6yRunvKi^|Y~?2d|gT|cdOwTYxJ;XQdJE|UZA*M-uQnEaAC
zI^iG5fzSJhPx=IU3o?Kx@LkSXpN}kBKgjLI-a+7Z?BevhF5t^jAE?v&-&(}{Dq>d7
zyHSM-C)C+hn?PpST^}TaHHe=v2)^QqcoVajT_KvV9}hd1N6K9uv7VB<bscww93KFR
zml_)0o4*0_?|m<5m|?R3nLznX#L`qiBq?tX%EoKg{_sPeT@gF}J~p+Ee-5TT&+txh
z)E73pyMpXqiT41qyk4w$Gi#>3#KW)J<)jOKu_#y!Zo;}a^5m@emQ97=zNo(|HqSF)
z=`+9?$KBh1uwjiP%J)ww9KuPkN=%3zuGi1F@Q=qo{5;;}z>xz5wz+qQ9^3dVc)wTI
zML7lO9pst}n8VLkZ+TpdpF*>Sas{fED-@+{GR@G5%EOB%czCey?P6lR2-IWK(Cxt+
zXUvq8=62*GYuthIQiy78rsw*D<|BKQnSM9O&~cL9$yur`r4#<lm9E%7+_+1FIR$8q
zEkkjS%-KTH{T8TCBhpZH5+s*jaSHC@(Q~qY*I=Xa67K3>YWXfV%-g3lMPKS;PxBzk
z>P|??yTc@?eWd&}^%~x0W%StXDArXmR<hcvD`DvXSDwN16`9(0V9T2A=3Q&qr;}tJ
z9K!|4@3ZJkUsn2tay2r`K%T|v)jt1dp(yE)t>i@gZSVKPP2VWLt^Ku=C-}9hv9tp#
z+1#Vexf(^ZtNRhfdUP}gf<@cY3f8CkHzfpDR@C-JudyWy+R|KRk3x88Tyo<Sh~WAK
zU8&U&3HLTo>mUO8Xu{U-?i^Q+_U5*wCT9-#ttH#z>D&jXgkJAy4}=NgsP~^8L+m%#
z{xhaa>Xp03o(AH8f8<s2XX~>CmdImO8=>EBeIm@HjO)>OAszkwp`q8U*dr+?T3xGv
z)ntTL4_2X>b2mlK^>$$TaFPho{+vGS=p}j-sp80JS{?5c!8u)el<d6Cl)>auEASzP
zO1kGX{G_RP?9YbKp%j#k^2r9At$@{HfW>2%G0n&Efi;b=aip1StfTB5`^h`$cI)o)
zV?>|D9ya7X#{vmwW@k=wDqBDBS~6J^rgnc1=GnP-1%dHj=3g5UZ##;LgDuBb8o&KB
zU`#{xa{mKjp>z=^=2^0`dNJBNWYS;h8_}IRWU8s2x2AJaHhP1BxrvcB6}iYuCj_%X
za?gpms{<OFhy4|3V>p#ldC2=N$agqMvzWPIv7jE#=na)$h?i*;N}xR?+N~}kS)wcK
z$<&`*2`>4%07AyXeR5NF=NZ66@QtnoPa#Dh)?1D=2q;|&RW8fxbR_;4Rq%}-XvB^B
zhVL8AZWWrSel7HmJJ2D0q<0a1<3L4ikA5i>OnQevpQmj=BNuJguaEAv2ea9H!{R_y
zzaR}8+Ib_<goAuRGU=Je=kTlR&9)uY$g=eJ>G8L2_Ed*!JkdLEk{fZDzftWDiWlh)
zCD}WV9p}~W7pLDB6u241%nWVFt0dD^RNT>e(NEeN>75u?4<FFC6nBmZ;QWa-<lpD6
zg<2;r1^jTEAs}Si`==LWlyT*Hq-`KEBC=ebZgL&d$CqWc8ey7crVkGsXRG`^u|ufc
zyy+alkTQb5`@}M!Uwq}uAu50i%X-u|z6Bf2NYDImnQ!v%y&)wiY4{ye{rmF@`(bER
zU4yQR06gdjQpEHw8u=T-*+4=}x2zl>@H#r0v!f|WZxJ=Q5m-Om;o`C?X5AIEwnbU#
z)Zu!#BsNzYv{t&LHz0%r`Gth2eYC=#^Z~nblLyoL05C82M>+7IWQAYN9oKMPuKA!~
zh2QDtLfZnreYuL=S8NFip53Hzj;`nnbpdxUeE9dex*l5kCwYKc)<V}Y^<!<kdHeB8
zMjDzP7eE)=`DsF?_uxPPHQ60^2|Wv){%oEX%1oFUUQ=xAyJ?jd%k0;#rY>>kGTd#j
z(||`N^-2(9{LN>K%>7#?v*~E<4*psF0ONuMPvRtRm58?K-FCzdC}Z4b#c=pb0Wx^q
z&*4YRz`eZq@r~OygcGan?U9PZ54Rxow?{0F&f9#V4425f)@<+}vtrXh>;3y}0-LT8
zm7r^W>Ded`P@b&}QW{sQ+sFZ-fdI2T<NC{nEA|UyR_rm}5aq1tK_7po1H)R#xAGT5
z;O%Ug3I^n9-&xbYs)`g~yIc3lMRIlWFeKIA<6{c^8Hkb*9uacaON-_$$!>$VNuY2C
zUHq>#QzL6|%0#ZudWYoqNm}w6doQ3vS`O=R{-L}<rEeVa;GeYk@A2?x7`S*$SwByM
z(&2}i0M9Uhl(YeQJ9H>fsGM<MzF)?1a~sH17@^L(;j{}*b1@mngs%cL{ivF^3l6NG
z1#*s05Vh@FqugJ}%^$_SS18V&U44WgJz6@qMm2h)%6X$!uKsgfT9BD*j9%kUsN7iT
z0wh0EH;)w_-0r@CU%f+|9d!XEV&Tw}Q8xSdx(fP+p7v6Rx1@CP>rdbB-)>`@(7)V0
zck=H7;3Fo12NRwA!62G?5&2O26>S+8hUe7-U)QDShN|}(cq(5jkny8Q!xFGOB`<@o
z55ShdDnV%-zX*TUJ{y`OhZZvnl#q5c^gqnr5?zS^lxUpy-yxxD0DL_0pK$=~j+|ub
zz#ZOh-Z7Do-++L#6dkS+C{x#-Yu^pQ>Zcnr@DyL=HmI-ky&^Lp>!9M<v{G_-140lT
z-hvwx1w<w#aHbI!R!(uwc+HeV0Mn6z%lRq`HC)w;mrWJwi-UYBvkH(i$n~FP><zsG
zVb_qQgiGq2T}Vpg*)1J(xoFcRo}%<SD-rB9t2NE1epUszkhvWg`Qa^xsfCphB|*f+
zPh?COe6Jb+Gc-hu5L6=cOUvdmLM#_h((y}sb>LJQhX2UtfOuH}x+g(8WadugXeID3
z4tua9W`q@9iCy1UQpirgUm*#dzZ{s0#bt`LXr8q0rB=)7{Poe?`>f%B^3ZIhh2lIh
zoE$@(?%_Utqi<6ajiIOVv6>l=Oq2mW`$L9(iTf@0g}0(anv#Uw&Ob3m-`1LHV%dHR
zQ~La+)E}y6y0#Hc3Eh!0B?t(lgkDpkMfmD}qRe2yU6uV(DqUx)5bcZMtB}d=nS||~
z^aJc{!4>wN+}#Oj;En8Uwv?!2hGd*}!}R-&l0?B1mbg5zt?8yMJkfBu>DR#4s>|`(
zxf^hSi3Uq2h%sQ==*djskdExod79+ZXm|>lJ{XfRm8W-Sh?HC<Pf)>Qv)tHWrw$Tj
zh2*^|qCn`aWuNDpbh`Cr&w;3vRQ<Nj!>5u8_v9}hG{+fX+&y!RkLC1OK&AOc&|y^(
z=Q+tQ6L#LdpGua;IJQ=7n8o0deHwPw2XX9kN}Iwf@RJ{uF%#Av4}d0A{X$jv^^>kG
z9JTFL%!Z?Chxg?PxdeQ^3v?L~8VVJ(?|moi`-^jZD;%OlP=EtY!~rW1tF9Ii$WaCB
zQ@8u760+S;!Z*U9p_l}y2h2mB#ssJ@`U&Zj`C2hX$Wlw8S-zD7C}Dn~e#rn3%d0fN
z*Eku}kP+!!PDVXTM)j)urMt(3UOtm1pd5*yh*VFVCF~d@sK3RYgEf9s^_ky&>#~#o
zaq@?6kW2H*VVT*W1#~BQi@%8Xj;Yte105RJ?wR`ij=dYC4{sckSecQ{M8+T~4?nt3
z<QQa_9uOEQ()QAu>YdaEC{_LSm2;vmneDCrVLW79!!k&s4fv{k>+MU7@DNwtF0SJz
zb*Mn;jGXg_y~$vtph-%S&*|r94=Kq6luF#=jv*ubSMY^RRT<=1TS_OEwfnvLVRh|+
z9gdc8oBZu1{o7bi@x!^r)?LbgMWcDXdg8H<-}1!cwQcrmmh#LGG@;vN)Qw<14Y`M#
zqhx86g+C#PVEL0y&VK)gV}(>doR&rU+P@4^S2sTQ|GL-j#tdmPTIfM^T*{G&%2<Ho
zkBp@(`@|IM#BW*jT*v&$4kp7<RvQsLWit-N$<);LWV15aC2waXW&xO0s4wyz(jHG~
zr&X%60IEvV7hRvo(>pFtEs0>S?1(r{lC4RZ_c(53ozlD>N=H;=V341WewZ%V#w3<(
z(A+D&rj>Q~?f_y{i5}E%0FG#7#u(~S{@YghLG@G6KhLl2CzB_jeSI09Cw_QoZ_5EP
z#WQmEu*JJ{%q4O`PYEvl5A+HIN%bzdD*pb()h@S~&}tIsKO`Q&g#!R{(E*!#6+5Zb
z0XNWL$YxY?I&GBc30A}cqW{HkM+=WlcQSER9@I_WoQ%eJs^Xbpx45p2^DMf(99WH&
ziCd<2X{Q?@bB|};E@TzBp@k2pLl2D{aQ#~7sBEN>ro}fcPp(_GyQnDX+oYO()T8`*
z2e-AZF=Ql}+NI{)!?OvJXP+&Y>^n=vM-b~*eJW#2#3hhYLIdfxk&6)&GxuPyceJg4
zAci@TQw=jf?d>e%J&u5J4#|8)ma1U&;pFU7)2x+mDaG+B#*`$5p$T;K*_)#nfX?3(
zlv^KCbWnhX&*AuVd7MC;G@}1z)l9X>)wBk&W6xDbB_&2NB!|w@!r0PKSqSPVx4cGs
ziC+)J;o;M%4}~W1goMckk^_0TfT4%fy+anerVS`d`0_GCoIjJU9b#*BW5OWh>XJij
zFZgsahzKe^1^(d)9P*Mw--zf2l9T(WtMGnyo$vWu{_Uv?ROCcw-%|6QW>?I>$L0(U
z-#-AF=MoTL+`4)a;SwZCzVsKllQNT<%g2Oa1&#a&dc-zg_x9@nZB~&3AO1T4X;wsR
zQN+P@PT1n3xvQTl8jnF1T4$e_qrueGGW7f=7u0#N*Y__wiWzuh0L^A&2IlEQvsnyi
zonD2J0j(Q-kk+Rltpv_p?<~LZHYhn7Hyk|)*-iu5j`1rDOW1d_4VwKBq(qI39%T5Q
zdxBnvkdt$+cg@%Y_Gk>8NAr$`uBdk+x@+HGzQgr4styyOZY)f1rl~oZP|}!0a+6t>
z6j;XVb~2K))xNtty?M5CMj^9LEBTQ$CRf+9LwuD9;Bj^Za=7By=j#K|toWdjWTxxE
z_E1?@Nc!6oKK?6)Bw|o}u9$2FrZtlAEL%yfcWBr(g}6mj+;GOx=N7)+-g|7I*U_(q
zu0!sa(umOwVz+z!@d#|<$6!=KafwWu8(J$qD@{ULEn?cs+g}CIL4mP&whn$Peh^*6
z&ug+|pW;q}R2k!T+z|^Sn|(#mrH6S1Cf9MUxo@I2eFQuuJq0|ge(SHv3iF8DHM6X0
z4ul|Z$^5b(9Uh}d7+!frb5%Sab)*L$UcvA96JlAa#Uk_}COZo5o9UW`o#7Vy!;YJJ
zM*ORGwMg&h(=GO`*Eaa$<TuR{4}CDD6B8X$5>Mc`LLGyN3K23(N#L=e$+c_2H>DA_
znARe{3|Bq#%&ShKSE974s-`QN1z{D0yKJL3t)DFpNPaX*Zqk2lN%F|58DMbgFtz&|
z8t{W#6A%)S1Xb?<eZ!y3pcmezCr<srt-R?ax<$O>yP$Q}sR3t3u{MC5BG4@LmE@My
zskgSxvibe%nU7qWoR7@dK9u$wX6RR0*}i_7e*-goO{G(%H*#H=)moTkM}v{!K~*AS
zp;%t(b`NnG*IZ5uH!+i){mKtyZVR&-3pb2SRqwh=nKZ7|>21B!7p|vcuN!XOr0D@Z
zszU7@ycdO|Cxx>ng}3XYGp<vWA58Oo@tb{Z`OfS;5a@db<P&)WN54JTdqI2+bl)zB
zQ9Rb;3hz25tWrb=i5CenYw#_Q!mdO09ZK}Q1*0f$4N8si-`YX2ucPCkRDxBy^kZjP
zGG3$#q0*kDTWtLsgqws1ju=i67rgTOzR`L4{obTBR{;a6YGp#X`P?3_7Kxm?C<$Km
zh(F(2)5Y}ll@<7}W1v{(K>6?eWm;yULPA^*fo$P1v)qgU#52>-u5!0h2P|s|q5Mdq
zvJHvoumCckVdj1szt(_LRTxV<t$tR-^u(%FZumIF7B$3JKLB<1R}H_9`8s3QJg1h7
z(xha>S7?KGc@%nK81Qj>O$YQ&LMi`e+IRfOX~(8j$%s|S%g7r3V>F^7Dg_-2SGWSu
z_tWkh>q(&;%oT#=9V9<s`V;L^!%xNRhm0M0JUTH^8PW7TRHgWqV>Aw&kCxEo%|`th
z_cr<{$xPd*0j?`wPhp3YFe|9JxAmGu3)AzTVVbet+qn(?hfZs(D@=|Fuws3PB_uTk
zmv%wI8>)y03A_Hh;Y7Qi7=J_&R=gnLEK~_Od$~H}l@vORiSyj?)bHs>x3x^<V9U#>
zw$$VUG7O{IzE9?Gtj?(J|7Z^d+5fT}Wc&GhD4cqAgP+xqQ(*<b6Z?TVjYdsbModPg
zj+$ku_t$rzR|kUyX@!aFfCW9~+3z=YIRlz|?<PR*TuZ%Dnck}w2_2fr`M*f$1TWO0
z%l1&5=)56ey?{GXHC8+#{qK1LS9d7ueD^XbyEqh?5<`g+s^9_Vj0jf8Pf$pv``zk$
zimy&m!ZM~-qIw&SG>X{7YLrTx;dsRP8BvF0?=cmqlr|;LwMz2xtphuz=$j-_7vkB~
z6SpZVJu3#d<ZPmTvBRU;-+5DEYB-&jiVt?g@=K=5MzZIq(B;@^7_UTlc&*sz@pjv9
zgl%el6<tAW$Z9o&%ZI6>TnpOye{D6QcU=%ol;(QFBn4U72U_eZon6-Ed81pooQ(CX
zZ_)m^HYeAH-!y#`$+0lV{M54^Pj;XYU871XEuCt5dnp&~S~_t5322*ZUhYGmEfLP`
z$S{O>2BVJ+>iZH(_D>(^x&*Y#)#ZHI-#PmuqAF8l4Fu&XEonODMw!MAFKFwCv$__{
z@OEv7p}D*{H%*xj?ebX;z^`~>w_qc6Y^t?{)Z5!F>l}d1-12pKPF8w8w*Et(8O1oT
zlvX*gtZ|*pO?Iv89;)jIaCQFU_Y>r*#{z1<{wg9$g8TWm2iK|n7t5jAr5639Eo^tQ
zOmDyXFt&+8on5}(<v4I=C|eDGKOVYJNOMJBC&PxK52;n)ml-TqJtReZMSVJlz%MFi
zQH#TNLYm#Za5UPKE6yH-unLAWkIr0FOCe2Zaz{-m;Hoy~S^bqu&$|@knT-yT<}%em
zNgo<@MjBt1(-d_2RKh-BMbinO>FT<I&|zKL;&lc@6tncXueV5(nn@Z7mxLxoR-Uy_
z?VphSY$nNALB4;p0S?b^1-TcOHcS0@1-UxTZw9o<aZ%1P7nE1ck4;Q8zN;WF<CX^N
ziL8g3;G;>`nvBbLO$`~Bk%+)5aEdA49^!wayHZ-RDjVcN7t9vsE{TmgF6Ow?yAV_P
z+00T}H*GHXt20NvwKy%zR&(@E0&}W*lhY8LL3&y0oX-F7bX8$-G))(0mtYIQ-Q7L7
z6Wj?9+}+(_aS!em+=9DgaSQGa!9BSDyx+xtvAxqZ)$`0VJ$<IS`c$>T|CY0=t*I3?
zIL_$w(i}$7)VzvITwf3GP_h|IT&r7G`{O;bg6Q-DHth-%Hq-wQFd;f>@qkp<k>!sn
zbk`-$j?E2awN{U*^|$|X=}=T;4VT%ADRthya}`$xef)GWxr*f~X^3f#Qhf=%iis@>
zRu^5PJhRW{6>O`SiA!7CBVFbPcFPDR=mtq>YQiGZ@pqgu=UK1RQLcE8xa5D%vlf)T
z8wmdK`w%0J_{slG@y-@#VX?08%qFo(|E4J}plB5PKD6R7sHNf?5O8q5-gQsSLz4q1
zLrR(aS@y6XB0?pBydVOk65L42bTb8q^%;vxT}6eiP(9KWp30I`6kQBcA~`Uh6i^l+
z<0oX{;eJtad4IpN4ZqC6Q93^Un9JAUVUc>N)_EEy>FCi27tA5*Ug{1*#`f`N0YfGz
z>V6Ok2XO(yxn=fUy_fRGnt7P(tY>Jq^AoJSSxlUtDv<gnk#<~Lz--F~|L+>)m_RHH
zGY=gq3?1sxbL6j-0$H>j96X5$NixdU?*VS51*d=XEBSroJPt5h-oqa2`Gu)46e&l~
zd6NKfl*>fXTj!M2pq(UBkC`8Uc<PaJfi#KqWXg_f6%3=V7@}_U?|JRBP>$8zd#j?|
z9^DRzj~Tk%M1L)8_eNU$_F8QBteXG*YVqCEZvMB@{EtxAtD@TX)-F%5%XZJl?o4`h
zlx5@UBgFT#8lz(+<g{aD_AOrT?0CFGsCZ%8IEw~q*8ZDMDK9gLWB37+3YohSR1FP?
znF{pMD#a%NjjNl*`jcCfj|=*tg?pPFGmRQ*_ZU5FflOj88%lzgW>osJ#C4**-X4ya
zaO<c+L@4;Z3w2wJs5>n~waj=Bg=1=hHk{5Q$akBnk(sQO8IPs2u}scVGcCqLkNp@U
zw?<B6J}|O3WdNqOt6B`00qE3EW9?!V-Ayq&M>&}forzjO1>AR6iy2s-FHo(SFL#bo
z&QtWyQ{?XqVFsb_NJJI|>o(-hSCxM78@%D}v6pvV8ldQfSV1z~8vo#{g2t~eB@Fch
z#h9aO4BW`4o;1Hs%ic!zPJ4qX*80;srx%bGy(0t51WBKUSDpXaFH)>kNdvaMK5aiD
zZF@y^S((fp05w|V5u9;=jCzG)kGAXy3G!vB^2+WC2>Udc=9HM(%Y8v@9@U8JRhNGQ
zqi{A<$n=R&=gO62DwHmF@y#|Ix9Xn2%(uYN!tLJdC-7p%Hx9ywQlV{UKlTm(iKc}n
z<5Vx31d9>=yA}f<PEuC~k-^p4wp3`XRKUsEVk8P+m*DbOYegS`NH-joe<RT%99ziL
zuV20{M^00h&h1z=@dB3o=>dDA=|^fY%+6e3uQ@fZCO2v4X5e*vF$SRmK87_<^43EY
znUS41Fs>vP;D*2ad;4#9`V3d&oAP0|;6FWJ1XnDe^23^ACGf6d;3swOWPo=11u7^@
zgzJx$0-wZEk{aV<R&a7dC*BtH&V*v16X9bLTQfqdn8w;quh$1g=+i>i{bJkB8N@*6
zC%|mx;f8kFvmeO|pTUt8f#V`m#tim;twBTIf31j%=1dlF_Zbz7j2=_~pk$@D;;L3;
z#6{;S0FD$Gznd~Fv=j<)I$k}C@j0kvq37DD3Ng!b6EHicB1vSlep>+lYK-h3_)QIl
zP-EaEsh@B{&``ejcd<B4H`8qgmB0ztOgpi4(2<pv_YW+TfMXS?m@7)q$yF(tu`A4J
z*i-RZmu~eVDUMYENvgxVh4uwzfnFN>5$&HLJD-UQFWc%zuI_#F&X8w(TOaSc*jufB
zE;}Zbydv6bR_>o1@Qop_`L=wEd++`XsrejCvUu2PH5HSvB)_x&Y7Ty!ptNt?2lG#i
zGSdHVT=W^uK4XYyOaNgsvv5b7q&Qj#sc&H;3l_65^=+8h8teFs{9Ganb|-*C9}2Q>
zGFyvilwot&;EoBZu;y<Zb;XT^&9IPXUsATYBKQKIPmu+5On_b8blfimsRC@C+lUzA
zn~kKOn@P(oOg~|Yvt;2$&B)gKzXtVB?O}sAKNO=DM}I4SlM|DX`y{^3bwYX*kBmHT
zKzZ=XOHNF7>>rzH{W7b1r~FpK0EW1q4o0pu9ovn)97LCiD$L$$0pvk~hl}6(&G^t#
z4ic35-_vDNe-#oN_rnl>J*N=x%j;L(_5*i5Q-&3OUoeU!A;A5oYdfS|tqI1jrVJY&
zjB?Y!7bnsMt+dRreWuP**S7VSM5sYdLleJeVh$;oW+n*RZ+}BW)?-$mo?#b^RS*{J
zz1}u{{Ol~j0J+qJ<C@U8>vU{NWc>TJ5vf5|+&xh#=Z*F}d#`Fg<#uN92zs!n^|2b@
zqRrIkEc8J^qP^EF5Vq(vtEN*ki;p3R(gg|GNIHi8rg0y~Ft9wfWC&Q-s$td|eH=~x
zavj%Niq~$E*J^ZTX3Bxu-nUSl7?<NJO!nmeU(fzNx_kxKo~Qk`^0R^LEU@!-{ev=E
zgEb4D1u`TFs3`thu`5Sb%vnYM(!>^`R+n;xoz~ZA`XMS>MVD$${B31K0O7YYbzGSa
z`_&bTmt9hWp8isRtQgQt_A(=dP#Uc{=u?*+bN@#bFWX!|#`8!NFPmFf=G$#PUUnys
zTuCvCQ1b7iZgsI}^<e(P62aX)$JrWn`e(Rn$6+t(l!U}lm9I)rvQ&fKTbYTno^<n3
zvV0y@Bf3Ts#ldKMf2$R!s$`jj>GzT+Jd@Hsjq6er%@nIcSjySy1#i&{X2sd*6+&(&
zLQ|yFpPVvcWNX5K$9?~GaFObII4}}ztc>%o5hO6&Or734UHRcxjBK=F=)#9~X2&>j
z%5f9boD~CyenVYwIfEab!+kTj#_l$TNB*Jk&y$&1p<=t>F43z2-UW7LM;k+I3jYY)
z&`mSg$qwlMy(px}oL{Wi9fQ#83_!5*)zLKoJawMPj#o>kCw@gwv3qv^0X$0a=!ycy
zFc90rk65?BZ|{k4;F(;~6*&>gCK}4dw7|oe+^M!MU_|~r%(YNzVESAxYjYQzL@rmm
z7j1_QqCX?_m7NbH_YMPnaRsxckq25O=7*g9b37F(@u5g-53HzQ_>an4WS1s;CRye_
z3Zc}>+dx#XKhgMndm61plYcerb_yysa}?HzOF|{e_w1K%e^yJ005<%|@zFc=cn;(A
z(CkiEdWev1R16$hX-E$dB{Ndag3;lJGPpLOb@*HccR5k5a~=c7z=QJikk-kmj$%74
z4g<$32XOY~>-TIIolV<sCR@g1&iu>^?&MWRlv*b)snGixNApjPG?3qlPu6;jS*LpE
ztC1UWx7+)Wf9$Oz%@&<5?+m+L=Z%WL^i8%(9GeK=J8}T;uH+9+v2j`5@ff+j>O1D|
zMc`oR3I2gUVDFr<|3{-oq{xC6e$0(yTjRr2uFRHEqbG~d{;9Ma;OZAS<ky)D$C8Hr
zgaG{CN#@37ma)C}3{+v6KS4icDZ{cg2TvGjcF&qsjSu%YAvc_n1#6s;QBF+pt77&I
z9!*)~b$N=HEGgwAIkV0MJri@fh1ieQ#_i}8u54_aI!uV-Xl`TzO9PN87=~Sxr~Y2$
zHG01AkPdVNH#!pWPow6YYKwp>9VRx;j!)aM%oyT69q33MGRRE7F#as$;o^E5H}xlU
zF#MiQ*&5;+oK3C)GwV@>?YmKRE^8PcZq|T>+hvjM>ShKzm5`Cwb<Bp8y?Mmq?J>l4
z8DX2(D0Xw!Vp;35;tIYmQ(88$aCMlCd7e}=KQ|88^(ogs3$t&Sq#kJrvHk0NtTY?!
z_(@=-!V~O0t#P+2W35siqs6jzX@KWIF{Vwh&algLD77?V&0n!soVoa4XINI#vDw(+
zUF59;dfX^lvmrF@TlfZ+)>aI8I}BPO*?YbuGJ0<x?TfM&PL6B`$vi^QT4aXK=W{MC
zJ^qI^Be%HQwdd@->;5s0Z)|wkf9^>Mk5s66GiGv{84R+$4l%ENeB&|Q1?&+@ld~4$
zwf9&jUL_DpUE(qQy}l!q=DWfak8REI=1j4!BP+7yAt4(ugv<uIicPxWWve=5;yD~o
z)Z<;GD49C8rzo~2+6(Ra1uNeIIe2dwQm!=rQ!Z6PUl0;?v`8KC<d8M%Bw84ax$mF>
zgy*qxY{)M&j^|!&cn3S~0vYJ5o7p$2lw!+nmUZ~NoCJXyKB*)rnrRcB(F;hOosv?;
z7Ty@%cgZS8B1(|BTz2|f%mu%PQYrP7Jcgo~ej4Cz-rwg-B{OxMf0Wy=G#>!t|HJX+
zD_)AK4@l?khl*9jFR_y^6!cxmHu17@J|OJ-A9xq)V}a>z-7zh{aE!EA1b4fv$2`;a
zQvEc|COv207<TnYtHh5M@fbWBfpGyoAm*F@h68GxM=p8iRWh7(Q7Q0BNzU=JkiycP
zYevjsa*ffk_Xp5imBUFaZh#v%s7c4eh)+gQBh2z-MPg1AaA$R4c0xA5_ug_Mr>6=J
z?JdBFwObgL+N8kNnXF4)2VjI`_YszvmQ9@^%uWz8<P{GCebOBL$t*o^7?Ub(E%k(w
zl-nGA!2*3w%qf2U%b<!g-g$>&&B71|V2J$#WQvQj=b!8mw%x<fa5M*_Q4p9>tCFrY
zi_pkwCIuZ;xOXRXX`nE1&Ysa%ZWCK^7sFW_<NGDkSq4@Ow;)ZTJ3GcC5Eeh)fmKqc
z=^H$;T?<NP_FS?XU#T7PcRWb*M-^Y2Z>8|#x|%gDyW}-21v&<8Iz0948&dbfo~yT1
z0&7|Z)iz_)1~vE93u8G#YcH+c$o9?492+L@DOV*reJYK=dnXRE_8#Jo<#5;1K8D>F
z`?x!*(+dWtYeQkNXnzcz$|q3j9YaIePaQl5Yrc^aegeucm?zAa=PX=ni&*mx=kz}g
z3Aol%c?oL<#$^@(V%`BCCd?}^=~=fY$@cS7gNm`GSpX#bl`3qeDnrI4bzn-I;KTB`
zqj_2VXz&CjmI6&3CdDsjY<VmdS+ETY5JyCx`}*exuJ?TZRG4ZNi9<4OCVwESPhez$
zfCV4!lP#3dHPk0@nyMHckD{Q0O9f|CB~;QE-h5x=9NMg_LEF!s4j&ljL;9Od+4%4(
z2+Ryi6^7q75yY@zX;{{09$65NfPsxd`5&4V^dMj`qb1{7XMZhAqGN01OZr8vW=y+o
z_o`Sw(mPeG;Eqg%Og@KC$(C%7XQ-btI8_t^AVNICl}%D0%+hc{`u=H62w7wGJA(M*
zUCjM>fLZ5q>JeX7%!}iodB#;7o&+viM83Ua+UvK{%su9etK-oB;3UVIuhL6{dRLDl
z;#br>vt#NtmMYhK5Bo;fLZ)itNa__afdnnSgkw&fS+kPuRcHxqc&#tE_Pe0UImgD!
zJH@UW&c<bq?Ll0d6-B)rT=wFodR^}*(1g1|xE<CzphoQHL79wK>eQij@L@uc@!tlp
zk$mH*O5Kw-<ik04Q1-B=4Y8uGI4Fz2laIiczm)h}hVIWt?~O`*gDZb&@+kXGh}D3I
z>5Pzc)qDxV&@yiP8ql6nke9++=22i~$jtMwTFv+>?>&4F0?b0dTvKV0&3o^d7_EuU
zsQe+l{G8zne4P9ZW(fHjHQCaSXa_={CLXwI`)uF@AoB(M*6WCQz)XEu7}pppqV!`P
z@W2y06afF^$!_RZ+6#*$mc+>s1hZyJYPCeCTJ&VpGSd&6<zB3h{+`^64sH_%<RO!N
zblzLxRw5Z#T>NizFm-8(OC}4_2Ci7EJ)09{&6i|!!MVG_{E<ToJ#7|#zYEP&+Y}c5
zVpOU|JbD9nZ+BWUmonew5%PX(QVZJc*n)p%r3&Ieg0RuFoIl7^*~A}8{|KZU(J0D9
zJ>K3swJow=HJ=sByEK<`Y#n%o)i<UcN}ETEHaX|4Ku|A6GxQZXv4|2(Emv>X?RNC!
zy0_DEH%W_@e(a<>v1!U*x0``K9+*F&N7}EB=zg_dElK|JU(x<w;r*X%#C{bu<>|iy
z;lCp6zv9ilP24O(S9Io7GcbbvOM;JXZjSw#az=x=q*<4=iv24;+eA1h6Pd$cAkO)I
z58~7ZC<;pykYm>Ao+s$tHH~s5f7BM~Z-oWdD-47gf!B<((S<(!gtJrIPUreUrSqPZ
z^P}uN=O^cS$xf{icrzT7JZDGWj!M&ruc+K^t2Rv=jh-c`oV!s1;R?RQ!3=3Be{h4_
zeg?r&`D8^cN@L`bd{r)SP*bt{Oy>JpG^0yl;7tWgR0IH#*s6g#e6ymCJ&<i~mFCWy
z<auhV&~jVc5T*R+gjM)`IgJi2#V(|F1L^EYa1ry*ie7r2fBl{9k*XXMa9{N;*zBy|
zpb6+F;$2VXbKo@kW63V$^E_Y)v5^0Dm{kOPXZ?+z8ArxRDDL?2y*Z339`3B?ru1+`
z)Mv+v#TCaDlA`zaKsMUIEk7K^g*ce}EaWx;GJV96Ey~em*2#t5$F<cBel%J5*_Lv*
zx~G}CYyxzMNzv85i=jFtW@xE@VM}%Ns#+UWH6kRl&HhkMwxo*JTOa*-_P#inna^+D
z5+Zx;?!ho5Z=(}K!AU?<J%TIk>7CuUU+e_7+WpB@ISA5>;o$k{+G2`R$AIR@pm#m4
zmN5jni%nXU9CxSJL2I^~v&>bnOi*w%Tfh1^&agP25B1(dJ$KR(Pc7!NU?oLpPeCc!
zzi$9uHx%z@Xm%KP>~}1KvzFnS4*zsDL(=g%;ZUF@N^~RFjr_xm1q!Y_+sMokZE311
zA7%(trQ&H!V`<8~JVuw_cG&AU&$YL<iT-WPO+WoEUw*R5OxkkZyt32rvJP*vl2qtY
zvv!eH^x1Sb+Eoi;8ar3kp2I{JZvSgOP&*EIEvn2S=4*+A?N?%^_;!4C@^cJ3T&c|#
z`mS*d+c3a=`C~`#G^XD6aj26I!k7Yw2qEW<L5iSE%U!#`TN9okT08MRbzTfj6`=#d
zQV6pj!(iwY*kC9t3m+Aan@W*XJx>I%Md~;2e7_(NwAlvJUr$6|PlGO{MEc-VUT+^B
z^^qSePmz>%)uW78DCm+1)5oJMB3%ZME2G@KSy1>cAx1*&zg%E^B?0k~e`yjQSdIj%
zVFK$OWF^P-#O<nvq*`<S8DBO8t};aq<-*UUddMkk|GT@(*<sG@D=|B`Y~d6^R%5ur
zWw`LICU;)`+(ju#5@Fjtcb_Ze2F9%kb51HFdkq&gEf*EUg3?&KB@eO|e1%FRhku0x
zTMOl<H7>x%9t#IYa^|qs<V{(8&w`FHuaMq!Ry(V$2)v{ZOWyLuiVR7&|C341B3z)=
zJUg%Hlbp6lN4`M-Pn+dlA#>Vy<2Rnko6e$kJ4WWaEZRdjkfwJ#2JKs}i|*9{Pg;WH
z2U0v8OUt<(GxA-Q>meLV3%MDCHX+O9!I#c8ckt79Wv36jx>fTIT|q-<8P;U5KJ2Gx
zuW!KnGOgzE%6vM@5~ZB;P!zAIJ|D@D<W`ugD1UtnKJTBqq!W=(5?IYTmZ(bXYn+b^
z3p+$~6C?3`qL-q%v7e6jbKSwqX(d36I3oW(w5mG~b@fA3;+6>Ysy<?Cx_FB|FrCb;
z`D!sz_RG~CAZH52v+@0xKYC>-%~Nb-;5TNNska>Jzy$&Iygz;X8m`C-ts*U;vn)X*
z%UgQ(g0<}xO*F@#bMN>grX-3sLX9;A2ADGo5BSE1QTW6_jE=En>`mFUR40$mGzDTu
zU2>8g+uF)DTKiFP&kQbJ<UR`0-1^n)Vp_d%H4D>%_-6rlh-LHiP84Qgbon|I27TX(
zj0SPmp)IPE-AASVEYZqEb8wH$?8MCTgbFSQ104rLom|wN-Z7vX^ImATstga?t)t4P
zmKFsdmilKRY9bkQ<kX?Cvg<Hdi2*~$RFUm08iYu+wb2NQ&=U3jdu~_x&~a!dFr!dL
zhllF<<W8R0IGh~KZY)ty$(*1!(Bv3;!xx1)t_lV>*kt#5?;!1UMb5>8?^@3hm+vyt
zr#?(jd(g}74a;}X({t!e=A`-k5oOYCPy7vEq#9W(N?qZTk?Nlu8rp-c4!)h&XlaIH
zjat`M+4uZH+LC4e;$=|4mQX`!LaI9mQ?p|9J%;|g$}#_SMk<hj*%$WH7;DzhJdgTO
z!Aucu%@@fEXU}Abw#9C$t=1!SZ?4*tL}a8P1?eW&!G}KoFVpE4dak5j?D@qqdSNm1
z;0WXSA<2CuQ$s|+K`o(8oWP<a3i&o$O*i&Ru`keZj?(E6k1lVGR*H?XryQm(Qb;ns
z`8>Rlx`vz`3@@jVYhkqhD>4q{Nsvs-H%z-3x7JfaB;Exuor%Y_i~#IV<`>^(HYFAZ
zI+N#5&?1A3@Q$50C5+rz-CDZ$k6`TY8)6PC8@G&G=@w;ggSNa%JXJ+CUivP2PS2GT
zP($)23vcWMf2!=pSNsBZZ_&Bo&Q6A4;;g2}i{bnz2ox(V#{K#}_p(hVs18+STk<+)
zp{#2d${nrOO80ztz}>V!Jdw(77@~y7HRL831&frys%v@!9Z3KOC30}LZPHd_O_grc
zcO-NN53Q?PN{GApTUkdGe-fZ2J>y{9^eWlxEx78n+K##w;h!*roz)%jJg+o^6FZqZ
zJ06YgM2>tqUq;MzqrE)!_bkTAS#~PkDu!n-o%r*_$tnUtY0FDO==Jy!^T~5Mm+ZSh
z%z8y(t;&f99T-Ui0;(b=Sj1BeGW|-bsRKU9?j)%HMF*xdkHUATe@6$#q!c|jM@(6B
z5yMfQYR$;lg(-+z4M?X3R7@o@C$5dlMhaY->syU7YXGy9U~ns?)Whb{c;?cG+guy~
zm4uWoO>#eLlFo>IyXlouCG;3LRMCRsau^}zE!nQ?8Z0?I>J=BQZ~8e+O{z+&fxWNO
z<@c<MRcQUQ_s0S7(^5pgOi(Kh0K|eWu`3fa!Gf;YC8De&jU;eGzWs&+lns{&f@i_l
z@J!q?UH(+PvG3#{EqLzt-_1-}fdj2n-QTUi8}h#vVrM__oZ^8kzGiFE3M@AZAgjvX
zKlZJ3LFsP#f|E-VO>&olBB1tmY5GVR)BH7^I@;o4lvqdEd)QfK%Q}N>wL>ZNn-~mA
z3Fb~IW<Ng0H{qO1HcVZa{4+T)HVY`Z_UqQL9QalKlp^RM4XB|{&8zJ`l(V0pw@oG|
zd%yq7Hucwy8N`Q0ZaJVwzI7bV#?KOAI|vU>cz+tJlQraW4OtApP_}GSI=}t)>`V0L
z$H1<i8SKG1qsOqZFNRR_S4+z1mZwo->z0POgq(Ev@009E&)VYdHa$pAR@ezVA-~KJ
zMAx$6DZ9lY{6f)pa#3iv8-lX602~I1!#o4D3n`&5DX-+KXKBOl`&eSz48A=R?L|`Q
zvBu<3S57_Y6wex--*UoHE_aPXvEHtbwmla9L^Ulfixh$O{VKf7LaUXYz1+{VwiQ#b
zp6CXNs0#9oPivUyP<=$uW)pgHMax-#1~3egwMRaQWCb+@q3x0GYb#B$qgJ5rTEI@|
zQ_Xp&km_fmJoHGlzS4_oa}qq9azUaN0i&7Ay+1R+{v5#3gNC4^TFk*tMP(#&ShOzD
zvU>zkJ^=#DH)^sg1+o6}<-l|fg4PG>?VBvhp1h_p<R&$*Q}0`~0J<Od*W%8ASLeT&
zum{X8*-;d>_m|HufDRXcb&=k^H+9|O3_2z-g66p#5AkPMx;A)NTeXi|PF(Y+Lf@wb
zK$1D=yRI$%3dv>H=q{tkvX<AHq_ZzS3hWvUWkEp3ek!HAFl-gC;W-~`_VNR3thlR-
zJcrOH7%h)-_kMKJNlWG*+ke)~l7zj}6yDbKgdTH4?tci2k9tUBFLhRW2TgW-XZqwD
z+)n(`gQ5_|zfKLXqh^LJ8T~;zHdI6OvACm+K$s)B#1WlutBYXzhx#T{A!4ZuSw^=5
zS!6}^&0yRBVJ%akl~;F%qqJ9N14&kp+h%FV<vhRtpn?yK<uY!Nbby`C!QVnyQWE~R
zc0|$z@Vq~4kW@QK_C1RtKp`$yu1p|pJGUSJZQ^s<80vhX(iA;5TfMSmRvUQ11z4bF
zdzQVBa{H+`Z)aWuHCygbSgXR<g?an7O?5A<4eVAma|j`qgA~r_Sx(a&hAoF)9ALy{
z{_7Wj=&9*Xc!7_v0cGBfc*=ypM*c!EzINn8&iE-K;(`(3da1T<<aFM6R%7Ck+CFW)
zxN<-Qu^$WqacU2<UZ(Ve9kD2p>bE<(Od$&kBzdS@Iy;|9A+k?sV|<l-dCGp>d=>|c
zu?M3@?T+8vTl;(=6xU|q(i1c>=`8%6hC)U{(Jpqhmx4cC2-!e?R~Vv&Ns#AwjfEo}
z+g}<}zo@y7Jc-im{l*|k_yIx)Evd#6_)>eXl17{eG9U7V;9Q%5*;e@yHKwtR?Elcb
zaOAP(x7)$-Da*i0BO|ycvpV9lQZ`L#`FyY46UhrBel-ofO*&RT!8Ei}6^3y(eMPV-
z{#jIUWz>l606OlG9Hg23w?Y25TXGO_W{`<A=9|dJ!5uT{UnbI@W`3rB>gd!zyv})F
zvz~IYcZW8q1@5?&WOHq?d2k=LI@t5R@-tQv&DQO9{Lo9w6XYk;RVPMnt(7YrQ#O=&
zvES@}E9W>#TK48SzqM-Q_F@Q9*B0(GdM$DN9?IK_;kj!E0k;5m{>mE8@Po%a06Uv0
zy$u%_-koyjEA;v6Vq(W)!2mt@aa|cte=;&EbF8iOlnhnr_pFqe@9$aFjUT7H<3BQ$
z1kd<kp+7-ypFe{mgen7<EVQ7<dJ@r?q^n_`&Jz27YKYWR&M?=2eMKjpWBK6QPD3wl
zP#+G;2=BHe!GV&5J-9mN;wS_4Mkgj1iaFRIVr|Opn<sJzLo~pDO@3(ZToRnah^SFo
z3lmHaO%q?Ptgi<T$4u>sjoH`^Pp{)|qS$jG8+ZKN#n3r&tb<c_*p{BqolfRp;hZ`&
z$G&NrS)b0Dk+F7EzpSU<&g{SI0<Et13u(9<Zv0t4^xqx5;eat@W&li0Qf*ucogA+P
zy@-wZ#u=+`YNe;H^G?&nQ0&igyQn8t*45AHooMFDCyy4#lhMvZ=4wRku|%9TO>$m`
zhjR95HJiVx68D5NW#iZl+tU_{)gNfIh7r8ffb?Jp-0q@+Yr4!*g=V0g$N8ndonNo)
z{g@^mxU{=}g12yi@dUG}5a9M$SZy}+-e9&uoVNfP+RNh9rsAqpyH94X)}xzUfjg)?
zq`iog=2t*(7Az9$->c;91Ycs^w`zAsDWzd-=*glBUTgT?kr`cmBzI)}m~oqdZ^r<}
zrrl9mLgY7Z5v0@ymBZf@Jw5qE$A`7p%;1e)kb={*Y6~slw+X1R4=T&re<*uVZNl$W
zdOA~WJ5dWwYF#bJLI|mm{%H{Ed|m4Kk+kNE1*!zRRRTuKeX+*0KpRFos@+k4DuMU4
z)U-U;8lH>j_N?0*<vT-MU_l#z?1Lg!p0C)q2cT%=db#nA4rHncu6RQc%c%`K^*wmT
zxipHz8Tg#xX<8b^mWT1=E352%sy=N;RB-ksc*dhNisJ+@ls>#tZv5g6$-f0Bf92N@
zMDHqmpODR{eV>T?)~+UbdYnTa7n>ql?9z=y#l&R*KXbgFWkKP9XT$8G#sIq`zU_4Z
z{=RQ*M>@Ae8sN>b%2!><Zt>e~O~kS%C?7jkGQ*<~*=~r@uC2;06wqp8P0$p?>KpQ1
zJzjg|AN?w4)w0O9-}p5fYU1O(YJFG>zob0F-e|e9*F_$dPve*WSm{Zop2u%W1^ZBl
zD&Tq4uA(;#2Bp)YqC&1i%B$a`#ByR)SKY?wuPeq6QC4JdhgX8@$J%bEnwlCLi|d-3
zAlJi6s=9xqAo6Ou-<p^IbkY}9J5m_o*i`Dtu8wt2y6di#)Hi?MUbeOF=uC9{J(p^0
zCD)zStdj-c;s(vRFYjezSZ0S=T8)|6<sm7>CaJC#WdY83zS<En*%4h7pA{>Bt*WXG
z?z$93Y%Q!9%<Vo%)p6x^6VwnSHQkb8rfdC`KlbD=<0~cRn<ocnajDJumLgR+#45J_
z%0?W&yR@yd%&oHAS?tQQfOg!NbD_nJ6LX9B3#sN_?mBb^m;|8~h2>sT<`5Az7mqRF
zj?GUf4z|?erW4|_1>0DHwR)r`FDBVfSZVK}bD>3c9*vdK&l`IWgNBYu;ru1-{3X=i
zL+kI73VJsOn!isMG1fD&bt)4z1OMgLpTpHGQF01uh>6)-N3wLa+AmWI94Ddk4bm9-
zeg%ed16iPJj!k?qHrO-UOSN;X>@aUMzKRZTi_Su8NoVC>_?4KhQ1U9JB{)(w^$+2G
zFS5g+&uflb8?XE7+4>W1N$7wT(~+r#i%7fPDxtQVy)p+uE4TX0hiX-7rN0}YHEuZ*
zJJlB7!RCp6tKHb<No%Bp4lPB7_4|2UcZo&-^K@g*`VuEf4X*AgD%EPq>S~FNWAV~T
z9K$mA>;|`LNM(-g^8%@1?zCnG`~+G1<=Soid<~Dyy7`%<Horak<?G~KJl&)z{2y&m
zmmJ55gz8*ExV6XSJ8kp$A9mfkCpxSP9&&{Kga2~Y>bm($&86y?JECib9?btyMjn}m
z@LBkHqbgH!ba<W&9`!rWODqs>4Vyzsvw+4kgrwITVk;JKW*da0CoW?92XJO1gj;I|
z;GIbz$mReFq`MDg#jy{C`dWP%?K2)Yn<>6y<JXsCapn+uza}fQNxzB2L%^`0anu4S
zwWX5Zkln}8&GDHK$sCxmxI+mj0pFmtV5FwcObjZXR5aeK>jL51Zz}lrp`r_eC=N7e
zJNBWpS}>UHsc6IZq2e7VT$iPkqYj`>T0jfzSI>l7_jcgxRlv$7JUuy6Y&QcRq1+P!
zA%CS<E0V_CLooV1{ALoXn%h|Gu~~*HjDMp1Sr2LBGo&-|>xK=gi?dY;+H+XrqvXag
z@_R7roUyfOtbUOyEP3i}EUpFn#A`5XRtEh>I&9;HuJii0+i0Y{b3(&s9Poqz`sa)9
z`TJ>LdV_z0Hl;9FMNB8k@aVeF2qZ5Wp@(|;J1H!{*&a&EEW5MMC!;T=t{`Hb>r-as
zx?MSlJ9Z5Uoif`9hETcsV#+yWH8&%dLHTMd4a{MHk*xJe{lS68vl$b;cOT_(L4CG8
z>WV(lUgw{?*!mfG3ci^e^<;E~aY+L%G6kNVcvbOm@T{ky$z$c`*qt3%I-5b6&4{1O
zr{n6aK}cSW>AAr(z4;d9?LM2ZWMCC|VVBlt+C2L)O=F$srwKoLJ_8r6P8ekxq0GiO
zhgtRW@yUBMW7>aceNK}uOSM2%%bidB{><7mMj?<*6HYgYU()G=GCL&z*%IKB_gY}x
zTenF!KL9!Z`^&1gUTj=q7Qlu!i{l5YldDB$jHGTmL18;i5itdW1<enrA%ZKwDm!cn
znKD8A3W~1!9Z_BpZ7DGD`RWlB5=Nv7zGn!&OZj{?rv)DBHYQZh{A5cT8gffWOFs#Z
z)J=Z+@)6*l#8k4O0ew%t+><OXvTjH*{+T_nsBRTM6q(!BdQ&#o<S5So<o_JCwJmeH
zy>vQsOGX$i&WrGD?2y#ohS2bX6X)=XtKei2j>?Sr*Om=rycYN;TpB8IGgCaFFBA11
zCF8e~upb<Hl2Tdnf3&CK3xJ`ekdd;`Z$T|*EVM@M$;LYczE59f78|a49$g=2eIc2?
z!C!V)>**TsDL=jAS^B282VHTp*i#1jIagL++*b>0L<~{{Wj%rou7QOUGFvS<U=#ik
z&w2-TKF3fLAl~1{mtf!e9w!{5SLR0s@P8kJ<-Ak04pNd1qD@KO=4itgLPKshZLRYe
zVZ^m{$<{78A^%DZkunw1JaZ3vQdinv{-~Ea)?LrC@FxkP#FLUP@mA1A@<DAwje(cB
zbSyoAml{Ej(Nar7V;Lq;pf9wB>ypbCpWwmQ@b#PK`~&Uv_ddNJl6)~3tjt&LEb9f0
z41XSGN>0XPcOeZK&wAyRM`N<>N3qIHw$zpMnO9Vz&!qloulo8j55vh?>M~0fqt6`)
zmpEfC%=o~5-B-n3|8NwfEU&MjOZ*sR^;ybRJfgNFz@Hb?t`^4YGKO#VVt?#|Nv^@Z
z!We*udFnB%;r3KK+U%mh>kgnr#_eXJNUQ@uqbIRSc8k_<h6g<T9iIznI2IaTU$sCY
z9ww@XEc+oWzds&^{+vwWlni{nTueUjZzg#r#F3UmWYb{Q8m(ZDn7w%cc}@JVAzb+=
zYhB2^3Av$d!hDt(5+>+eyE`HXzPLXuXyCYKw=pQU__1lO`Oi^UaIFXZT=ihEXw=F>
zVD{wb3lh4WG_>12hV=!Nn$wDmVJ#QdfPgO+LMUC#;x<JP%{@l@DOH4p6wJ^)2I>XX
zgA<3@j7<KY7I3QraCD3!XkZg#<2hB??M{ZY4gYe6gg%*%B8a4$itsh{Z~sLLv6%)e
zcr$-XTkCIs_yq;rMH1$w7fC^%5Z_hp8AWGj{ML{_bL6H&ToLnF_CwAyfd6hJvZo{7
zan^L6rhC9&Z1)umhg~P)E;P(tQOZ(D>tH(8$i!C9afhkDGD)GECrB^3l4{Ewd8%!5
zkEwZ<mg{COyq)%1VsX|YVDm00z>puYWk4xd`4vRgHhfd{nrd;zve{6A1JY;wk$d|U
zWaI_X?x4NpHC2#fMk}^Z7P%HSC2ZG|Xw^0yEO^x<TruEA)oUl;RX&9l8;52<J!{#S
zdh_WoXhsB}5hXa8JU~OHVA<`*`9;$E3X!${_x`}{;eE~@Tk#LP45d3+gatR0FkXlT
zZ;I++qdn<=O7xNIdsHluCb<bi1m2>JiUvH977U5<9r{!!wBHjuzCDo|{Z~yx#qj5&
z<rzOhoYATK`Ab~_XFCMa{zeCD-69TV4mY)+CMJ&&rsQvUK;I4#heKwCm$-&(P}^}O
zPz{;?xRu)-@A>P&7L5w}r#*N%FVfQozUljyl+ICAz*J-Ii_tJ`@KM7-!}RB46pmaz
z1r%I?P~qnP(y&Prks%9{>zRh_jdI+j`GvAPuv~j?P=Gb00RRKqtoetr`>*3n&nizz
z>0YUv9~K)88yYd$XCgM?NH1gIx80=lj1RV|)?M1hbn{W>S})Nh(e?!ecq5z!N^K=K
z6Dt3#7#KJeaNl9<WvE<LC;V2w+;Le1o+{eE@NZ#sZAwK^s~LT?^G{B2R{wLsAq~Wn
z27b(P^8Tj9W0a80Us&Is-PHBYS32{*rbz=U<44bK&dD*;_f!1%U)TPVt_}elh?0cb
zE^v)j*<dRC1wgb>@S5K>66?LmNuTfu_Exb{;B2Qg+Em`oE`ZnFJUpWo$us2+$-*~+
zM(_9CA<fZ@(h(uuD&6y&&e`H|n1>I7s2^|HoeAP@phwL}?7y6N%rAs#1bYU2is}Aq
z0+y@zKg$2dD#cs;EA<$>3qBk2(ufGDQxSSZ6gwmNkQoW1vj-#)?4iAhJnSQ0=bw?E
z*tdSUiTwv!JVj$V&Lf@UCnM4MtAp?tJLP?<a0n=NkNFhD*kYPg-4{f?I7$rb2Gwkm
zkGhqcwG*3X&d8Bex$0h`Bp`|#5S*{iNPocAnyCi%u>($K3!z$4&YOReS$?TSx?14f
zy2b?GE1`R{OndOw%zN<K6Ii^7**kwp{C(Go;7$KVk?8zS8WJy@DP!f=+uo3flJ_W0
zKJbY7`zlF7_ACz&DSTz8=oXpGEDZYc{*%H?jXOb$2-i_Bw4RF~{SnjXR0)oTqWBrw
zMN?-HN+K(0TlbA^@>Jlf=Mm*@Edp}HDeu>BZa<1OtN4kBzbIp%(!8q_a1x?b(NZ%q
z>_3k|Yz==0{dlJ1;{Lm8OZxDcZ0j@6GZVp*V?L$zv17y7a<54#K(AGM-lVD#VQRlU
zDw$;Hq_^sV2#t`TSPV#vHvUD@Gv{&YZ!u7W`F>{)*qf^c4pxIRJBJeyR6sAKlByy8
zB~-47i7tnznSE1>gl5toFXw8z7LYl$)7U@wcNXkaO2w_1L+u-&V@z?FpRzK~`D^;p
zfS+6EUEcDxp+9W-TV0K;NzwZxxLf#S>CkN|JhtXN^|#c5C;_)K>Kh`rDkF!>@_0M~
z{*vdd1tca9Xgw6NX9%0|ECo$M{9{s?5lX;YH<Xqb{`5WL*S>|=#it@%s6}ZusJUrs
zD0xL1XB+69_@G=_9!jVmlNiUjT+j(V!=r;{ecc}tVt%<pcTE_>f7+1#hEBlZ52$a>
zslN`ZP@xuaNok4G-PJ;Oh+toQQ<WVxVMyN-_->+i_|PrF0^G%6@>goX6+IXq6mdk6
z!CLT~fg6-O9_(il`bX2UhcG0w72K^*7jXH(QUgOAGz2xRKQbDnoE_ntQ`|3khr2o4
z{JZTRlSaqR4Hkn?rGG$*#}hg+(Di6({Uau8Rkygkez{u$N+L<%IuY#E?;ea(`vL{G
zUSdhuCPC!Pc7oWrp1D)+ow-3)0vYAu6N%ilzAf^w46lA_il-+Bz}g%d@MVA4WoOuB
zqZBv>!I&ZbZbXFxHSJ%gOX>mFN2(7InEY&_Pqsoz-vV;;U-+;eb_KTYuQB3uQM1&N
z5}_g%IT*q=Qsp$eHUUlk6#vnP#^8HE`)|}nUZ*^e-<y<-y85J??W9ItOUD*Y!O&w4
z_RB_(=kSnK97;wsU4(S4VxtU?pvygYqEr=W-(La&mB@@q@k@po?tg_1z1G<|XhG<F
z8UNB&KY{aD(A6&z{~0dt-(!iK>`Kk+Gpy!#YlXIUz?8WrZgtC`Z={G^NkZ7D>1*It
z-V|HkJ%UwTs4hn?!14YxyW;D7L)Bb|p5=a5b{xT|8>vICo-CjjW>9_|3PGGMjTI3~
zQ&5YU)UaW5xPql;r1Hg&kHvK=2r2c_4A)1teHM_|5^*f%hFvPrzDDLPxp~-qc?Wwz
ztyc!Rn>O{$g+BFo2P5W_z*vbSN(@-PivjaVE)8hGJO=Kb#Db`4;ohQ{ioKs>L3FiD
z#T=rXmf)T+o@PBv3HhBv9S@OcZo<tPY&?8{g8sBgQ+dCBW@xb$V?KSvT`$(A17B}<
z-&3YKS_oUZ7K+W~D*h>_hZ)jNjuk=S8y-p_{u=$A_CTf=kZ=aGwo`ck?XdDm<n)tB
zY6UKcMaACbTSf1c3P-OKX(1lPz?qH^oN{&z*Nb%PP%})nUEAPx;b-QVdR?~SnhVr2
zMYpM6)5>esdfYF4+=1*3JC5D{H6;0+`WdxcEhi}FanE{(?4`fPJ#K%<>y>62mg#>1
zkGZqqx4>NTKBP`&eE(Sd+^ml5WxLJv`3ZZuxsI*;?qqgM@{>S|K-s}-zfR&^v@XzF
zmnQgyfg5p-{|o3SpbaN~V?Gl1!oclOQTtH6GwqsL16RHN{yU0@8?JiPy|<c(269Ey
zA`xO)g=o{Yxdy!YME*>tN)FV#nex%bm>|?V1$~tp6yC=AF4VjM_=?iZo5Y7u85V3G
zklLa}B!a?SHodWN2F;}o=NL0__vZ|@3`G8uAh3KRBQX%44#o$@^SAD!kVrM{nl4dq
z^oCq4G?xzCxf2ver=Pa00_XuIknlqIRQMJgUTPHNKMc;aRgUhgfSP+kXj(fls|XU^
z^A^vrrhPevTG}DPKrV|#;lJ+u8Wgyq-ipQ>=nJR*_p4{xi!)}Rj9Xn+$5}w^r?f+H
zsCRtZb5%dMwKsx3=vxy#b@a7!;P=CY7XAhkM-rGUydbSS$F7@XZG5B_A0Yp-IGVF-
zq~W{k+cDIOjsUQ=$zGHVY0H3(c#8NMS5dVRKVPs0^CQKZFwpX7)NTLkDH5EO5`vpW
zt^!}+ojSmvPk0I5vdayE(vro+i!A}G6Q-&Q9sCpn{r%6v>5iXODh!+wG6H(`4HRjx
z(gG~u?<C#}u*os52tgsTVe?tMwyn1Mu<fLl1$Qx1L({^t_ub6$@kf@$t5KivRGl&7
zED4aJ`3c0<%ii3lm8Bt8cJFVSG*d5L_A69}#<58t_S#R-R`BkgPGD*gp(a$1RZ^gg
z-3LJi^K#PwZ))G`<WL+d3*PdRE9C55nM1@!izaw$I0Me|QwlE)y812OSZ@5GUNg<e
zz@2SH|J|vAp$~KGQZ5D3Dn~ty_@C)BK9SX*HzuGzv~v9xjcJmnB*Wy6!qGC8<3=l2
z#-H=gl!eU08c>+ReA_3G3*k8g@FtMgsZWqo@S#^)M%m2M=ZB4XWuw(edAnFRKJ%D`
zxnnI4H!&>_^K~r^3le!wZA9;i+6)sRzk#7V97B0~F@06xUxE$1fB2bbi}w-`a=`-t
z=kuTQx2Q~ldbilb1M|1)l7hCjt|p<#e&<xe7W^))5BjxLO(w!C#$6xjFLqTXQl?f(
zD$t?c%kNE`FBx^H?VXJ3W}^b>`_g6i0$m+dHn(0Cft7orDd|>8E)$KDTY<kdPsFF9
z>6zz?HDyhZOi+-hQ-A5YDF23F-q4#GxF7>QQoE=&fS<~Yuoh?$t!iw$lsBa&`o<*r
zD~_=?u1XVO&lGb7Fo`h+R#$6AEeTh^gpfBW7qsh%Jp5XOsxG`VD1zC}u!F9yxIEYf
z1h_Hh&!fKyz+p+<;{mGUJ~nF&@3|Am=fZkho4*XHI`H3~BtnWew6Y5oCWr!DB#C5V
zlLmk3Sb{rOPKYoR4s6*`7V(j2UD9m1ubvKEP=VthH14#6g+5aWkrf^8{zGU1hTKVM
zrXPxT<-0MHK1eY>s}Dt<s-gJQDZQRg3N^VwJ<rWqpQ<s3IbU|;pQ??#E|r=;Hz-wq
z{o65{@D&r<E=t+E%{AUr!85K+KHhWvUj(ULH=uP4>$ZeVMv{qIx$c8VF}1-)i>e`r
zMan6aMI|t?9;ii9z*mTkdC6>Q;i&~z57WZq!JgmcAa6jqW{;XvplBC)De$|>`!?LU
zW*M0JX;P+UipHXN&ue6b2I4YPF`R;hb!(+dQ@ZZhf`Wi$+PX^Jw@%&_vJ~Hpn`zw1
z@a^INL1W!<z%Gnou;G0ls8ltiey0I6dn{pJztIbeAQhJ=h}dPt93;O(QVNjk@5UgH
zl8xZ~Cf08R^3lZsrB+R#9}~wPK^y?@XQz{u<}fRW5Cb>ZZ3}(GMl(oH)2i#a1|$!0
z!Eu`fER1IUFv=I$tov{c6()R-kWU19TN9OtAwn~?W{Jp07oH6*jRv^$A3>x;qo2w2
z9$H;>`a+d()$zsj3DGQtfuU!yzO>8E+bF2VTZnK5GG;h$BV)|IQxnWDg&}GA3GE|+
zcg5o6$B5uxbt|aS>H)%}#(@OGQ+NDpdAg}YuIh$X&baZsF-^0-W(!(tp08Pt-7BK(
zwd;*a$MRRmOuu@>oy9>BUq#Rm|K02C1>KaAC_6d6Uro95$H1>U77L=b6^09pmG|n0
zt8O9Yu8|PtO1+s^k`UcJxX&2HJCqWd`$o_CyTKv<<EeAo01bir7vMvjwFm_TKCN6J
z3}k$|7vz-UKe-&YSdiB@V&Q|)=0ir&B5a?OtPit^3lvNZJBe!*6hh%ambGp*Q?A-p
z67SOp4-cQ@k2Z2%1@Uf{Zr6x=jL3ioEQbiK3m08$XHnlf{6!w($^-Ah`vO{p(Kk|U
z@*hYHp+5#(e&O9+CO13-R(b+=D1LGy-CF)qiL0<6t|Z;Dd~{Qk>O6LgG4g0^1fTd)
zP?zkKo&E9Tte&V-T_QWHhI)mwVH78f8rQ)5<``(pDYxo4O6d29eorZMb%`h!`*&K=
zx(@Fj#_dnGcS~QQASI!`M?<X2Fyt_Svg2#KP-Wvsc4n_pdZNM!2=*SjuK~=Fo;_dC
zYhSD2CIC>Kvk1^D+LGS-d(zNn*`j=1v2EwU#y{mYP;E!4`jSb(e>D*s$D;m;K%p<w
z_KU4+gl2-!Uq*SQ);pM`^oIV#d`U~giA$NhgiQAUSqQ81_PolMqj2J?;yN8~6#s_q
zb}wYd2nZx3C9;Nsc!hJ562&94W8|$TMgYcqcwP;{G!*`C9|EPnrhgR)6hCspn^Lx3
zV2Xrp)fEK-z<;mlbGFp?;h{hVO537k2gsRX=Gj#joX#e-xoq67$04L0>q}Pd&%>Yp
z5N40|{q$K9DYZb%uxB5}>j+`w!LwDizev^(<etl4>U${RW>h`7P-pq4_i(cv$US}}
zoD?}m0c8i~NU+&*$GJqIFbE&CTvlxI$}hJLZU_d=xoIRJkDd|zhVuNAAKZE2)SF?g
zoXEIiR{CWb<0^{d$GSw6=S2R`h(#3HD9_n^S5O}BynviU4M#AL&NxT3txI~A_X%G;
z;od)vAPYH4%jl1mXNF4!50mJ}Zt5oAg8!k&8oQ*49vM{)ms2BV$Rp;c$jg-UAy8#>
zbI=moyI)VqoLQ89Suz$psbXImda4xtx^Rs!P&E<rwR=Zhxc=L_tLDS-koSB(<q22F
zOkaeWMc1~vl6F-~_8qJ9P(CGtdd`dwUVa5uutJFlR}^sMv#s(Ey1D#sB+pLjmL&P#
zEbsY4)(Qge3*;4Xb3ne*@E5y!d~~h|*IgfO|E%e$-&Sj{o~2DNjf!Do(%#WtW=E&V
zKoeEmd^ffS)y@zpXdRxSnx>Z7XkUV(s{Z4duJsP+6%NG!R8hPQY6@t(pR*bwBIW~c
zeTX6iCYI^Pv6-lrll*$`=$q5RlNno_eW`mJ9vP!f?Murpv5Zb}93M<%a)+L~K<-UT
zukpbB)i9=kjV52%mhmaa^~xCd#ytc#hA$2Xr8Efepso+Ye)ZIq4R?+FX>K<=0Z(;T
z(iN?{_61^@%~(j#g3t(4YNJJ(KwkLV4Yb_EZL%Ww=7^tfL0Hz4SoF`B#V(E3<JXgT
zmkYehnw_Tv3}a05`FdP+G>|{fBZK^erLP0BYe1qRaS;oPfP!{SMCdWe8=LF|a5?i`
zo&d-%p_E0eTBM+t4Z3ADe*1Voh32OYiAc0&N|_-kWebp?3}Fr>WlU^!ihT@*d{U!@
z{H}!_3k>r+U~xAhC#N6uT;l)y@IeMx(ktXOrYUymKcDQw?{vYCK5cmAGZtn|r?@+p
z<}+Tz9|S!&6W4JtIQQ#wf9y!u|IBCHaySg?s2ue8O~z#nwX#_O8I-h4g06KJM?nI>
zcG}UfYO1$U9@Ra@(Wm|Vo!unHVay>0$@rY<%&RV~+qr)<j^TPQJ6Cw~us^Z;xw@HJ
zt*90OMn{h+8)uL-u8)h$%{3h_{KV=l1v1XNCc?4fXc@C0p~e%Qksv>P`n#pg9Icy)
z%jeRr_%YalK%vVhQfB`2_r1{svG1zY-PWo;M~K7E1p~E{&@6HUYmJNqas<3&WaJQ(
zC|Fn}JIfeuRka4Dg=rm$=6JU%(UI01J7sozC05$FRWhlk$B%fv7C43ZQ>SP63F4Mg
ztL|1oakWWp`C98cR$jG+@ZUU~2Dsm=%crsA(H<n?+R`rko4zv*rz^a6o8({{3fO&$
zo#wXsNLqA_>K8roc{vzl&wdn-+?;`_(Z#(9kL#8Qh+XWSnIoZ32fBCDi7EZ^$RH;^
z?rr(5TI+!y{V<ph>6CkN>b6%-+z?f|5=<AB^eSqH(n%B@z@<AEWy+krIgUWGg87Ry
zq4ddFle5nw!W?bWC=+?pZ%M_tadeG!_*ok%f56InEB3~ITlXm}Gr9oX#BkexVn8U@
z7;X_YGdhQF9Z(Z*?d>>m*FC!YO$k;vsWVqb<fM2ca6S7%G?%-~Y9j-=134sf+iv(N
zcUlYy%dkWX%}bmU=h-_>E8erON%k~!tm{f336o1}*Aey1+c2l5E%(#GRE=~G4;K#q
zA|J)*pM~+j>Y)oSgrm>X*R4IDOh2Pf*L8|@nI!0gy4XKYVdI-7M8y3~Irj@e#+-hl
z=p8`7qbs}(50pb;mzCf-0BM{5A7gI;R7np!4lc0x!|maVySpr~xVtRw?(Vk0Ll#}!
z-Q8UlcXxM(#a-@w|6iR|-PK*ybkfu5?xbg4NSGwuu`Hx7#GHG^K^2U7M|Us{STMLu
zd5<gtOV*5T7ba-Bf#03m4~>d#sq)B(zBGuW{oY_v5w$-kJS+H{PL|h6P^W;quY>kI
z+PR-it3_YTATTUzFv5?+3TI^bGref&<AC6`JjChz$O5;nnQ|-45}~~UeSdu$qO5}z
z%b}AJaz#U1^($@tT+Zk+4#W}Isq}j2Z}*-Kx#`c>_#oXx6T1cJ>$*!DyTYL!T3Vcc
z>?vDEyBSU?<??=L4#hAwT#0y}*R00NsB_PrJ!;9zDhlfCONEt1nEf^`U#dhqKkPj3
z5mUPp_4FJ6Xl7e3Xz;v4Zo_L>5(Q8u$~G>DcfdVmVnf8F@RzWDLihYDm=?Ql7R6P5
zalVBT-zbnab389B4LB}B*q}SZ>*kWH-(>M%KnU9_Mc<eg=T~$6_y+z5Hf--zc}90Z
z>2r)YIQ!$9>XEk}_%`|YP7wa$gS`L5Jkw2Mucc;D|Lc@~uwwCXZrSE2D|y(^!l;*|
z5R&|aXxr&aIlAIpcH*5X-Id(^ba`->27IHRH<||*!WFeAROHt7ZnIP$VmlPP2E|{t
z7je^XN(G(?`vT%~qP{ZwbCfe`*WS`{m>WKIv8b9;L)}yR-F^xmeudB4t4}o2H}<Vm
zpKOKCY&LH(X>Ti!`%}~d+3XX8)we|`-8lBu${jfr%rF|C2Ss=p=U-~q^uLIz^hr2b
z<Ik>X3fw4S%}Jz{MXg9=_+wP*QS@J=lo9Jyybj~|V{m@Rg~e0hogwS}!^=J8*dR<R
zw>q$xBh*T82~8>+Lqjq?Brfk|>+Z>TzI3%=6ReM}K4Qx={l~_3x$ycLwaHW?F0eGH
zZ*imFO66~5`O(Me=Z-a!?XB>^S@;xRwe*~AUZqB(XME`4aF_Z!B)*uUi3MtSDy21r
zT;xU8`jB!Uh3%+#@i6uE7BBY+FZbnG0E*;of!Z$a6UA^&Fqm6!HKcoWzX=2Am^uC0
zCg2QF=2Z~E<E-j*2&uNzL@OlMRf+ba%ujpnTwi$4AD#ohMjN{Pg)GAJ6TRqD1}+Md
zr0hjVE%j%(Vq@LE(sVdBYO-4N9T=?OwE8lLykDm`>d;v&KRmW!a@{;cghWfgF(U$4
zt!FSde9eYxUQNaf%k$SV3L^ZRY|wc}f1hFn7OLG_I&{F17mVE`|AT5;9St46nfo3f
zQs=`P%e<=Y_jgf1B5CR$1T{<7jaXgB>z<IQ=4DnyaK);?XP17Gg0a7YETS}~F5%p|
zq?Ychzgv0)Xw5|1ZqM!WAa=4(B%e<~j9Whp!f1)r$KU02GCp2$)l=X%N9K`)IiXut
z9~Zp-27BfaRq-W1@dhb<iz)Av!eo(mrcm=*Fs$9#q{_LfNLlKn^QdO8r#yHdA559N
zt#?$=c}6DLjXvQwk37=eyF`WAoXI?@Q1PuwJK^u<rh6qq_^pp5%{#>tgdjXIt`)%j
z&*i%^l7(Y3s{4{l)>Z~Zrnx&kpMn?sQR^ON=)p3%jm#B~f+NS)J~ri3#!*}4o9M48
zsb5CElg@+cM8s#-F{0VG4NZx#6fYT6x=HQYWVzfkNBr?dWA0fc1)nRPjJ&Q#QcSqc
z9*Qo_rC+IDMbAB=dCCFJsp?~~myK@W3e|>f6SU^&?Gv0|cSXKRH*4CqObDQb*^(+!
zqLgPwwKx=#q1F=yf_pA@?W(7s^>WqMU1JJG-etUEzdgqu+_0&Pz;grZ%+nI?xxY>_
zyvxP%8dG3&5f|A_6saGA1I+5x_ZQD9u%rk&?{EqbjwGJjhZQE+D0D)HFY`Rwfp<<v
zL*a7}ph6H2^(R(i?1*mjw5xSp8;mU29t<@42+Yi?`%S8E>LyKnL0`WX(8o2hCdT+T
z$5+`lb)>xO>y`ZTApC{qi{x<Fqvy{orL!!`{bwxrd{bLPUWdUt5+y-ZrWx)~5)y&G
zN53!e#M6`SIGIkmp8nv&ccS}rEmwi=hK9YXvb6#JvbBp-8Nr_`$y~|196qU3a*qd+
z+$&1P`rdKAi!@%|fs0NBDwP`VM%HOv9n+f0zMk=PsM#%$QL=?U<Q@VfOG!q8dp`}<
zUqOy>6j8>WZH|dMCKI)q=egDRgM?L<l2Z+ld^Wg`ZES&2zg=NTX9>ev-V^V8i`E~Y
z+`nx)$^4!=#_nrqIry}@P6rK8TVCVN?IJkT@wjT&4ESb}HiKM*tvNiIHyfI&>#?=*
zx8Z}YzUG<rTL&EftMFNZ?l^<*=Z|S<(&pFpuIkRM)4Sw=bz6i4uSfVS;!Zkr9K!cA
zWeN4`SMCH!{i-jDNl_Z>6`DOwE9C7k9q#1ipFFN9B@BzHgO94VrBc2SmEemrB>RKB
z^p+j!ZD4uv;&2;q+(!sQ6=QB=toOB3oO~12TC&?tY`3p*g5(h|j{C15>dr@C7+(rh
z*cWphXD-xBq~Kj7Q5^}CV)sF)59>{#jP2gXdhQW61Y>GcJp|G9J%X&D46oIH#K18B
zmg#?%oi%tkdPo3K#~h+8kqj%zU$|K!GN2>o;<GJ}t1_ZX)pn|saxduO3ke0Zord>g
z8q&-giK(;?f;l=~T{VmV;vmRcK5A5s<oZuFr&B=#brg8fpOW8xSD&jcY47HrcUy#6
zyfWeCMW_gjmg`30w3f*)Im5s3#BkiZ(himq7k+9>enSR*9d#{CtF0mjLFbvJxab-?
zQlH!F6Y%ndG`F!x+!yIN8~j8sxaDGQ5Wv9>t2GRilnlRx-g66YtEcuul^hPg9e9Wo
zb?%ht?d8_DnQBU8YHpm8x~qi7x4B4O8@=82v6jwKkbl$D_Uv8Y*3bDA;Y=%qebKld
z*yi{~(h8bdIHO8!Uhe#Na7hDdPu~kExa5%jQTUYAAt!T9%A*-w_k8$y#6SJ==IX4z
z^Gt_~*dJaa)ZbiX7i7+dPlBUD&TXsWNIjB)fCL}c6tNYF5ceyXIUQBPRs^*=TB+$q
zy0KD?U!YGtE7p|kvic%@&_?@tuhDmoV}euKe&J&(2VKJ}K_i*yp!AX8;IvSp_3|uo
z`yW;uhB2I@cJ7A@;kV1m&!Nq92@N%q&-`rXe{z=z1@ebN!svfu!)3YP$;Xp%p@e~A
zVo0PB5fQ&OzQM(@0BFC_!qJj~Q*c5`OB)Zw#I<RN6CcQJw-my+)doi*%}{wn2QU9u
z-Y@>EynltQJDcBZv|g$z({-KvSm%4*OTxei%o7ETi#E=G4vZwfEMeesQjR`5m8B5B
z6yCjkPhG`p)2EU@6*ZHIIxfNZ?vf`@HF(_59c9tkV4A|A%*d0?A>ba-=Xrc1o4Gya
z4E6>SR55{Bd+Bm>&?-x-XMV9IBb|`y#tUUqbW9EkBX6uY$JS?vlraLP_upyPI@YZ$
zj^5$qUWW?rIVKHiUgtv?Cn_?Mi1>xtMeQ`O7OvBpL(??Vg&WGCi#&8t1Y8%yOI-U)
zn*rl1gkPyL)l^dwdt+mJV>@^3^w=aB&gBf3lk)PO7AEgL+X6-=fOeKeyl)N14qncn
z!wFoccnb#q!4Z+`@CjTytEyiQ9C^&&6G=$a(hfgZS>>{0u^#1$m6CHO-*F$5TRP^m
zwENi33$IKoePlrwc<qfhj#|$wN_Gjk28N(c;g38u{Ynme4KsxeB(3@ot!HdGd9L;j
z*N*{|dtR1#U*XL7^S(?rd`7(Wia?Ps#<jrDsFR&ZT)2{J{d4-_YyGUzE1@#Hatfmg
zKN-^}v8aHSmNC`IQlC>&c0Wmr3`@SF9L$~;P3q=4u@>hdHR=O9H}yYGeRDvo*#zfk
ztjQCrzgH@0PLs90JX{S1KNo~~j(+ZBkj>)06w@7b45Zc$L3^+PKjN!+ebSGwUH~8t
z+)<t(aB#eF6Ylifj9WLQ7J+y}wIX&oCFs<{bJsTKNjE&f;VdiyD?@K7*Vc>gL)y!F
z%H@gKmWF&gz{)p`N*}G(gAB`)CYA3MYD_ZC>Atz^ZoSbbZuP_#2fpk){*7bWbdRlJ
zxkOALtyE!Ns+CYab7UR%7EOhQuaTTaZ_R}WClVFcC{1d6TZ5XSds{^mB4bHbZ)*|P
z_NfCsb@NZnSbLw^*nQ#juKyG%tazP(A90nJgk>3?^XFU6K;$E4lP$?MRX)!K?-r~+
z?@D0Z(&hxBXG1$#vY~O6Q?{GDpUAZpQD400s4p+vqbGH?p<|a*c66_b`~e%mn8xLt
z6lT}Yo-5J7w%B8O1bbSO61oHdwY4OlQ^ha^-3xZ7*#ZTz!j+)*oY^j7NvV2R_eOQS
z1hdyk?8**hx-I=uo^bUK-@*fHSIgCRbA0XbuX365oJ}cSa+wH~KH-$b)#_b(@odsb
zQ@PV>@y;=7@=7!V`B9c`4G%3Ir>VBO_5=#`)m)pl`TDx!wWO<OTFU~LHr{{Be^>QR
zEnMZ?M_}W8m-uDaVH7>>am(`u21hQS;vX$Uen<-0P&(qtYbCUgYhoH1Lq?@#^jmrC
zPIZV?bc4eK`P9}znxV7xK_PCh3=R&<x<)|<yUNpMI4OuJLfB4#QwAE5zw{yHt-Z3d
zi@adfxVNmqm1==#jla@Is?0VYzpNm0{C1UFd)czybZ?>*$9AuRS<i&93pCl^n{hvz
z@i2vqRIYv)iT%3MH~`SVERP~zT?v2Mq%-qq|Ct&O@60O=^rJ&wA;%dt(=K;xhl?@}
z8AP;=8sdd8E*H_+qC)&ZRXOMHCQ*2;4!cEO&1872pC|um&+~NR??lsAqU`#zb+`>X
zBW4PSADch<v{iai3^243a(yDamU^l`0H7q?27S0m^!t}B{P_GXG5q7xH}v&qV_WEZ
z&)<m~9q7JQ1Xr`Ioo(}nV`)$}-BYS>G1)H2?R30rEH`__o$rqAl}KVZ^<5;iy(7~N
zynPqUnN5q^RRUOv849k*?B<U2o7lhRe~Jfto}9mabDj}eY61i{0idfey;+`%GTr!z
z<BX<)w$?0bO(MRd{8?K&z-V|WyjYOJgTB{#-_&~kh3UPiV>~vZUzUhtBU2l5glJm$
ze3R9z*mH(0YH7E${P9cT+!*=N%eW$39s9EBNO1L&Ari+_q##i(&3_8{)Z;@RRxs<c
zoS|=PjdfptX?)X2(Sd!1^EC|lv_Df&y*xosg$yCdqTiRWVGX_V?F6~WGt|2CrL7N|
z%EY)u?KEBg&e2Q1MXgRc9cu8_h&7oaG<0vRV&ttOKa$e9ofagNsAb6+M$?!VVQ86n
z2ab`mzxShYwgh^YR6Q*@*y-=|d+7f4I~4|_GF7<(N{@%C#d->670Ywg^pg^-KC^;4
zOGb&&aMsl~1O7vcreSzMl^Ia6vaMFx#n_Oe@7HN8G@F=f{`qcut+Wf-z^V9lJ#K(w
z==9G*z3fJRgm$*r35|3<0-gpQqDnJv<;vb(K7xaRFIo-87K_oj8P%c~1T?D79(*9f
z3!syIG1jrX5_d6S-@Y3F>uDr#T^Dmm&gE)<+3W)M?E=?HM&^t0A2J%a?e_=3T1l)z
zNV}-vEi%B75IAZNVp;jyy_dcaXy^nBlT%>z&EU=vD1jlW-=yv9=mJrPzY8A!)_~iW
z!&lCsv1>^f`TMpqT6vs7pfk}-@dmw2pxF!PHmyrMMX&KoLVt8lz>;A_LYcaD86%Zi
z`oh)FvuMS|@Rh0r=sW_VqvjTw>dI9DWK1ZcXUr~rQi(zlOoPq;uj7m!)0)7vn}{nN
zf+8+FK<SYAw4fxXQ13NIxq4h_*!7}6b|##}`|n0aY`1A^6-Hl}JV|mleu5VrlU}D&
z?k3EdogT5lK6m7}Gv;f*GQGsItp*k7QHteKjVGG(&8v$osNOkjBZ+q4lu@r%CwEy{
zyH;SokOn!QMbD4Xgod-JT$z4ANho4tGj%6v60nkgc@$zRRh!JqR-qChcOo6JKsTTa
z7CjWMeNiH@#v0kPR%6vEkRQRQ4M00!#vTk!ul3|Av`xqlYmmF_McoS7-B0&0<ol@9
z#sRG|Dr;XS3T4i!Yi^S^M4_!Nu9&@L{mR}#B4ZPHyWg~wsojcNELi5#1?v6F!=B!X
zB5DZ0hQ@XJrOa}DA)_eG)FQ89qtc8>Yd&nMPqWlU(qU{oId%rOCpN;y?)hm6MBD?1
zb5<YHdQc>ME&lty7x%5t_Xp_wM}t5%JFCt_fRF}AT^F}5eWMpq<}yE}h^{ZGibOuX
z+RK}Ia?#E85%J+6;V*~!IrWp;o?z8eXm;|aEYSaK+`;;uhw0x5vtB|<!-bC_(A+2_
z7VF_<PDS$!F+aG%RgMevcLP}W>B+}*ekTIBQsDyqYYSNicqACUSP**G4?!b2t5P4;
z0@&2|KC5@9`2A~ugIivP>tgtaV_>cH1-8z`hV#;W6-@wVcP7)6OmSS?!_7;;ql@|Q
zrfgO7*ftFu&v&4*7qf|ddkD_q4EBpS3J9m<Dihy><dfm<$9G(>`vl64W}GdO>O@K%
zVrzGZPDYE~?|JwUgwRoV{)*R2naTe4U}M;7acp~0`aA}HNxttO8u99wwDg!_me_Fg
z<78i6eQ&Md+V5YpGMVmw)m8vad9#`nPwa*ynyhhl0;Roa*6cXi;%$%aj9Q9uL>P(F
zY{f~DCU*1y*>^@3o%);$KV14fSAjn*0PK(<H_13qeMPrhIlEq&kuIS3oCiIb>IHF`
z+42T1k@8JxFs?mo?Q0KO=uFfrkILeg$wLv5B`#c=6X!p<cOV9NzcOR)w_M=o*mkz+
zhS(9jQgvrP04WAq17-|>blM<&+2$_MXOp0r2t3KwV3Jex6IDXS9ml|q1IF@61YbFx
zx)@#u0gEf=X|RVIb-mu$Eh-trKC60ReU-`mEr~Px#)sp6w9F?p^w-}3K5R1niA5O3
zE=GCcs*DN!RDFT|cS^=TWsH9gZrBF}E}qH+|6WEtg16s5eX05dpolZoF`2E9N(^9;
z_88!#<iZ>~^{-S?C#K*`U`u8u=q5Kwx9Ct8Jo{W>UQEBqx}&adZ@55rHN>6G|AjFw
z;6>CWn)wt&eU<VMq;eXVPXsNt3Z)<QKA?wE$=@!{Ixms8&3o|!Hp(zUU7%pF%Vv1X
z!YZgim+IlH-!YRrAEWB$M!6A_*SPp^7V8G}ls}CPDFC)eEo`EGn@dEK*P-hnXi<KR
zzAM!z1S1fxE=`!!<yg-PNPNobM7P&wfbvmo2}vVcp>=0Ax1!LQ4e{*fhbNz#Cy<Fh
zE7&84{1Lh5*c7;C)GLxo{8D;(&+1g_UH`%=ds;4>x+&g9MI?DPWbmMpD{G&hqF$B!
z%ECXV@bJ9k$Iq<c`(VMlwfOIsZ<pwC=lrT&1p5chi!O7*3I5<#8|S(iH<P^_usWq@
zo>(9dV}}$!@o9v>7C^>E$=_wUsh?UCHIpX$)0sx(NJh<PZqP#FdLlWQ)yK<H^6k5l
zrnPWn<wbt7-n5pQ@LqUQBX~lXt?%{ssYn<6<7QyNv8_D)uSc~aFl*rr1|MHN6-|9H
zO-T}G!8J4T2i3mg)~)>!G{ZfyANpeRCCE8o^{g%uJhNIvGVm}Fl4R%B(JW_KU37E*
zMAV{_u;5>>Tf~jp5){(y&G_5~cUs<q-O2^pNSwgSeer7};+9E5Kk#0Lvg2=?lEpl3
zx(s~_jkLUBT(s1@%c^5Fx$2tqo5$kVzX^u7fy1$xG7RLvT1>PDg5hb?Z{YqDLQWPa
zzOxeu_zlB~$v*r*#R=s{<RH(z$8QS|{!rGmB!`Z+%_7+m{C!4+yC&Pvps$VCaIpHB
zAvOBx`>k&ahPB~f^m85LLd+Mov-$&I+j=SZ_-&z^xc`bG(Q(0lCoP6(++o20L|gS-
zt#jQOgxiE-X3;4yi)=<;DE6fG{Q$j(+o+^G%f~v#G$^1+XEn~|52pc~$Ro+@04vP(
zl=Oj^wx+JKg~6QNH^l*{^nac@x5*>`*ih#E7@1kOoNy_*evY-fwG#16ZnE$(UZ`iH
zC@w)UsvFllEvlE}e&MJRop=+8uh{?_(qSH}ocpYTD>`uOY?9C;#Oo8AV^`XhNTxVP
zhd9TzDAz0fPV%Fl7dUnJ47abL)VJL!5{Faxqp`f~`&v}g#ZulxJLl}2;v-+o+qW(!
zF@h$M9HQ~4m-m|UBbQ(;Atq5)gA^)Y*A!8)Oa-6*dZB_Ny<7xZ*I++e95BF?4-W<Y
zLR$^u#OwQ7+0i{<kYf<|unqdFCD}kB9rMd|H%$I52c!E`RJB38;6yY|ydewKcgFa$
zt_7zysm6`ZB59LqbLF{r3gzE4^DW)+YuenFJ;2n%kXmFds8KaZ!4wL_;zB$)-6TVl
z*qB>a4Pqf67@Q8&m)=^68pUHYF6oZUr9VdTO>K3AQ@jUe))N^tO#8Uw_JxlDZ>&uR
zddDnI-)S4Y%W-3ZOU&B0%&xXmi6=XD_&l?7rJn_z57Lp$!-yuQ1G@`f*)%>vb^r<h
zjfjudKckG@89TFMsq>cT3UHr?P9P>G^WlHTb1qiq$~m4<PbL%iAA_&m^L{Li`pL5X
z?(M&F&k;aP&1f3B@QD<<BdDGfB5PEhn)bA7{uF&~v}@v>_#>V;(FQ33zj7}KW-ZB&
zZ2hrBM$`bd)!X;0N-M7#EFI2RA|I%w(eW9k;Tn95Ui=~%LhXZIJtb(?-Bdo+{uU{$
zx^mdz_j(god>jK?RCfoo96A%s_g1EDT{;wx9DvVGt<+29k37Fa4uDFP;jsQmt=y7V
z`jFn&r+L^_H6=k_+<sLmVr_$dy5SkV$ZQALNcmJ1)<BFUW`cH5?jBH+Bfqtg6>`B?
zN<Bo$JDR|%vyc0a3YrYrT32*#U3BiAgJxqTWAPm6sbt^}4y3fLOdjhWkXSA|?Rq~b
zr>yNXBpA%D(o&BaUd~Np(@kJPr&BbBnA5cw{-{a(RyURhA6A?bx7C#D3M}x*@jBYz
zrwyQTL19zRXa&G=jujV=Oesp)GFMY5tz_T<@5oWrMoWJjzwBZK>~M6se4*Odd2uDH
zPsp5u;gNkrPKIbd18!CtA8)?0eq;WV>p?DpVuT<~d4>WVWQPf)3x)a~u6q?lIN~rT
z35xceJh|)Xu{6$EIEj{Cq?owhxXkeC#4M^M?o?lgqVEd*=%39EK)lGO_t=|ohVHl)
zPAz#8=~QGfUi;*_8q5l1H!*%$+xS{nyH+1kQ7jbY4tYhZxW|IrQyhf%N?yW3_|7i?
zZzUUi5}z|DTJQv>pr!gjTgj?+=?CIrs2ys6$!f1yB`iumx*<6z%VPc)`RqS3(j%SX
zUNM1CCYUq_7j+#PfcGjQ6!lJ$Gx&k3XzUMHQVTBWKK^3%gjI6AhMe=47}Dw-1%l(@
z|C!Uj=SNgNc}cBCAf8IIFZz7S2T0);UOY5^7g$@fc}5US<{%IFG|>wxnNZY*Pmkxx
z4>dfL=A#*AMdRvTwrE#K0m7-}CGxE6X5^mot4MG3n0~gR?wxp#!S6hf<!iUCAoKNJ
z_!?CHy%YJKeUCxPAvR8)tXkX%b06H=kS`ej$T*Q@ZJZ2@;-N6o2~w8#d-^G1DLHwV
zYjF`|eX=pGXbpC`akl3I!+m*~YpbOUcBiDWQ4Mx;8BYV!tsMWaa%R-bj%|nrBt8B0
zQeXcM9sGZQ!U5s>6fpl&4I5^P2MbH^7Yuzgh?M_ZeItS4a{n()`Tr<_kR>P&2;Xvr
za3n}+5rDj+GuS=x@r~N+=^r}|grvMIB{IR?Os;_CS%gBC_2CvKvB4RI^@EnB_hF5O
z!Wa^z{cuua_?og@9S|Oh(C`CUcAZk0#E;Iv$RBJG0W2jETB+)Bt_fIe76LxcW|#*R
zx};)HKbPnic!ZRc@wl9T@R6_KV6-h0jFy)FN99cbqf$!bnmzq`T&3Rv!$(lIHG29B
z%7?(USn`^@VEr%E(Q05?_1fH$)aR^L96`j@>K0N8!Op@yTs5VH2M2Vob%n6UgcDRP
z!j5YszGNM$-d01y+j5-fY-}E?UhB#m!p^-QQO_M+u*PiNcr~it9yeGd`YO$Yq~qfl
zMp+nD?>!f;`akhx{C#SFM~`y;vc)6h4JFLpa($8xX^9=UYU6Mzk`DAh%#bVT1S&Bw
zDmKP_|2>+lgON-fOpEFR>os?NTi}kqYFo0}sUY*N-sole^@rh&mfC7ZVx|{2G<p0;
z1Fm}P9NW*`r1SI-s%0nv+JN4H)ewPSD6FI+Ts6B7Jh%;l@L_v!)k|K9^0kxXqy_TV
zzy9!2AVj#d%}$uxrm^k%{pQ$6joSx1hlW1*@h9X8fp{CNwtyULCP&oZ61W{h9wVtD
zV53Ojs{KN)MhQ3mcbkPhC>D&cdaa#_rz2C!eTAG?&(d$Zhq2P!AFgeixjvJn|Ii07
zJr}sZ^_B~M-B}?1b#)5X?YLh2pA-sl?0*k`2Ic?q@OgU6N6_@-qOYu+f;HmFI@12n
z_wxU@Nab6{AZ_qcp}@BhVUNs9Sg;*xvW2L@8r{Mki5u#0)yYq-p&Q#bc8_#ituu*Y
z!7lOX&<EFa!Alo@JBIJjZ&wx?{etg8zl1$Hv*Ez+Lcs#zmqKiKRoE%@!l-T)d6jtt
zq&pU39HcwN=pCKIQWk+eb97L<e3R(7Yhi4tB-$-Bh1fbBHO;Qy4@b1AcG4y-QqGn?
z;jyH8=m|sBJ-Xqn?+ELOC73PW^=g0FI*Yy8z<Ui1*q;>ST>SbocjNox8mnRkO9{O)
zMZm2PjU@E}QJR$y6;m^fpC4S$rbVsafpqtb*}J&npL^{eXx0)eT~xYg<qV4|RRs&2
zXSm?~QrTa{D)wm{3D)ncvCpa*eW9P_6#rnMW$boFMu$m;Daq24M!}6>(ov6KGErN_
z=x{H<xJR)=bVIst41L!MY$w_m{DBU6d5QwzeoyD1QF}t`ps`#207kvA!8U7H*|i9M
zU0(nj<Nh4TLPN4$<p+KFlAkTl`9G-iWY=GCA<cu;U1&i23swu=iPJps|0tA0gm#xx
z*{+IzCgEkkT<7=?<O196Vj#<+8WbIt{sVUCOX;fb>ylu$#F-v$GI04HeGZ@{!uoxa
zg+XpyQIGDD7?gG7e|#VH6aVokQNp^rdgu8za8DOul=tYS4}FO~JA#aUO`qG*`Sso?
z=@@e#%?d&6nE+ng>@SQLX|=~9iHs@geC3o+aR69;S>MYzpo}$~#c)J?PJw6t?DOA#
zhz*N`c>F>XxYN9$ia$#^3_d6N=I-znv~^9HWj<L6%a5LQC8!$Mfr1-#AK=ZuM8WZ}
zKFD@zHqF>;UkX_({d25VHO<5&CJ~9G-0B;uXR9F~pR_C3^fE_UAv{@ErKBa?fBO)p
zKDAqELoM$zUQTuFY7%li_3c@GGq^Bv4MRd)_s0VoFk~oEi{MaUezeOQX8Qt-5RIyx
z@ndI;+F54b=Q}L3m)I?3B-LJk`tE>-3w+~3gn#5ZT^sB@LvkK`z5;tTRV$_}Fj?|f
z6Jb6jZ&n7`;|xsCF<m$m*p&`B<;2%W844vqeC8Jk=a{L3trTQbQ6hh=-DsBBTL_l(
zTf_^y2#wW?Tbwm;;!bs;MOfTM{OT!6ue$MXN%eicy40%&4AWp32E%f7=}W5qTov!?
z@KhA#<!lM2z}5il_E>)1a0@h7-%qqeb$Z5Wgn!>gP{Qo!ZKwp-oJ!C7?%{>3H>+Xa
zY)ka5#aZczMyAuWO~bSQX;0~m)x2qe7Pr3lAZnwnEh_=Y#91(}KLm~y3K)40^Em$9
z1bv{dibqr%TR0MmTqin1>>18PVJxxufNw`;t9nMF<?q*O%n6w}pD<u3zZAZ<L25*r
z0R_@>ZM-$IGF4uzG;$2t`_5+og=cM$>EdiQ1mN#Bw%#Nlo#(}`IT_t`v|KQF5MP^y
zIW4dmlTeOkM1}|w@Pi1Dgv4Uxo4%yCW^`l@l9<2J_jn9Yt?x{Qj}q!#TTZ@2#PC^{
z>&>so2}}@jzOuV}Ocb~Foq=yQuPiTX#Lyq(8@POXHM!#XZ0;?yUX#dQ;+JgV`{PAB
zF6KJSlD358IbDr1&il>PsRo~e6^bX1zJB_(VlBP85fd+}>nyDKnzCP!!Wwp<W--lT
zQa(Sq;wXCXlwRV<u}h~vIMDf@ZOA^SZ)phG`thXgTv>n?nZ^%8-Z1Xc&TxM%u{9hb
zJo|2xIy~M3{wb6A*JB;*kr*Bz0YbQ_sUmL<oT)ORM*04=#2wo;6m|JP^{wIqBRti`
zBV+9Um>L5k2ALanbd7r#C&ki>8xIcKHqBMR0V$KGEn<*pxhl!HF3x`QB?1!cB){4b
z_Bp%*L3LCZBXZU<#L`~{i27=*0U{^sqB$2)017TvRa?F@q5Jgko;fa7`mVU#jVjTc
zb92}-cPdCkJEIg23=!`%pm{r}6Efve1|0R{SV)D;M0$Q>+~I!0NqW33)o^eEa4adz
z`F0*~ox*f5Ly5bzF<v9i;^)HF7mB^7WTdkz!!u33mzs_%Pcvv{jQeMZH7Bpl`<NhY
z>PQiqixgfBo5SE^H-M%0=pupi$P4`CjBp4vabIhUYlladuF0OX<7Y(~JFOX(tLttN
zVPVCHI-GpaP#KMNAdZ@8#kW>3SR;h)js#6~=nBJoh<C7CKGBoH=myJKbeswIjk*3e
z!;xY{R|NZ&TCi#f(yFVUZJT_tl_m7*29$``GQ%M!qHS$nZ74$}yc9KkL7`!&Mh96%
z>^~6cf=RiITD)y&a~S1XQY`>~sLZpmPg~AsrJ1>4Gp}e`-aaowxRQ%u--Sjl*Rz>f
zwp(l>X+uvyo8Y(AfC-C_xKd#TJ^N$?v%}36GVrx?Q+?uq+ut9tuemum%K5YsFw#8g
zNaRG<m!pk4oho{7oi8fZ2rtwB)Xe1-fzEfL4ienLqkKr!#?4YT66{Re!9d6VsbbhZ
z0yV+FMN>WxG8M)5{<&#G)RcKXL*$43foglf@+v2gF)(CHl#t$9W&=@LY6yu3&UN?u
z#2U#BlnCK}vJ+q-mWdFORY2@_h@O2K>;MOMR2!#J9-8Xh%l~d7^Ed47@z0O#9j?<I
zK@2iWImEP#m)q(ldupSSG$n9#iu?Ty)*k%(^FR(~sh>yJ@)`UmcB!ZoWZe1e)>peZ
z>60EQ2OG(4e~N`B#HgQ+(V^!(B|DEVkBRjAJDb!~_Vg}#bzsJIgZJfan3;Za+Q!k&
zkErD_frqfp$j3)xl*cpmT08kWa#AkIwLQO>V;}!C?Q8_$hW%SS@asuZ4^KLU+)+%*
za^W~o_gqz(Q)*_(=v14iq6$HX*0k`ogerEX>3Vsz1^Bl|<)#cdDtNY_MMoJg^T}Um
zDR@6sHJ-VF<eJB(Ee%`K@bB3t^zO*%El7^~iuiz>n`oTG(OZ8V&XIYDcL&*0_ENP{
z=@Lq8$xj(#JQc&s@TR8Cd{Rng_Hf0clJkgwQ#E0t&|V2^(Y{4uCB_;V)JyKLw8HX?
z7cYAUEl83Ydz_ndlSIw%PU}zUcksPNl~2F#;Io|k4*oa`hQmv<#AqA+%3{@))u5r=
z<(0qM!MU8@$ZwsqhzZP?A-9jw9@fsx-M?^bZtC=iX)pI>T{&Cyajn*VqP0IEYj&Wj
z^3B(N;#%sOv32_Ox+kC+1y0<PE?g;y^2a7{h3q)wD)a4_o_|~-;>BgRH~dgsdl#yb
zLElY3_4(^QN@#p5C47_VG_>qfyv}l?eV)NI40k^Zx5hv=-!3x(N8OQNHYR!PBWcgl
zBx5`;8)jE%)+_n<>cayhw=c8qmA~$&#|5o}Uz9iv?`UaH*OfPIkg@itjI5Z30Xv@3
zb9Dp{C>(JVddUR9yR)h)H5!0-`j*QhxgGl3WZ|8UeOhGT5lnt^vv6>yeJTkuc))%d
zpER6WI`(+Gv#xtniQGfdW)5Ff3$nTBV#9h^1yl0FX@4KaeNma7%Qx;Gn-?KHg~&$#
zr(m)ypd=s8hJh<Dr&@nD{cWK&f4;SICfrtgbY;N?UF3!wo3i|o9F!GbP{BvV5}7SJ
zXKifnebm-axY`Q&+PHgmzRRX{ZPL!28>8E?%vjYfin(P5=`F^xQo9a3)^TyMYGoO2
zJ)WL-GG^ASSqJXwG?;0%vdp(y9I$_-l-|@739QzNSkVQ^n?-fzyN%9-OJ^SEq6OY_
zG?moRQ_$8F4{lyDj`7C0!Kpsh^VKrTprlb3;q7ZRI9QpqvMjUUbRe1+C*g~n+~JhW
z0o}8+<KDuY88I{Mb0#0_IRwnCJA~*yRv7i1N;}~wO@D*1ODg^IA8JVV4S67=l2;+E
z>lgwB@0uB$y_*^UNHan#qCx$rSPQEQMB{e69vf8)D|w=ssNw>2kv>kekSZ`MO}y#v
z5?M}FwMl?FzQ0Zt@^?TR_YP`_e;yQ&WH4)1NRvEU%kI1aKW|Ifcz5vfc$Pm%+*DAG
zf|0=^Z*DFu(A4J}v-)IF(?Jj8Z<N3Z<;|L(+ZFS6KZ1f9v}@*ntTOyO`DRW3^H^vA
zxFYoU6RQP+hl*zQm=b4ovvOW|ZGxc+`{_WL%iX(6^J<_z^e2DZ9@V7Hh-b_|DucR?
zBTC%GrGaykat4%zqr24P5rcd(UoyAYfux!zedV3LM8qgn#i+i-4OvInUKco2-yZj*
zC#kZNfb7}?`p624h9hJ6{!Y#^A92L|!(=Gwz~;yRKYjncpYSMSl<ZEmv=ai2Xs7sS
zhT%vDCF@cWk8(2j@~l+80J_r3M68&Gk3`Vd4(uNrIk~V@CZs3~4|e~~R$(@}O-R`y
zi?C$@F%C`-a3=s2aUNw@@)=lO$yQe>KiGwXM|BSW!pZ$F$c3YE=CVDuE*xK?Pqij1
zvrRp7Nj-D@@0y}Xtsk~hDHuQYp>UQK#n(REXdAcuUzZn6J+m3nr!S79DZ7$v?7jN8
zYn4(2a*)K8%6Xd<K!&PRXg30mFSex&z|9E#WzEmMr-iro(MUj%w-5mI$LYIpXGz#p
zhpA}!ZFr&!P*bg3TW8JLjWp@3YsYTo?dYDXP5L#87C+C4%x$=ixudOzkYFbV`{9Vw
zH$?t2;PTBJLFASOEXUBorwc<GIxF@~`CX0o>IM@8Tg3cT;d+)#C8+yWFj~Gcdh|=0
zg6Y$N9q7~yx99sDP+Z>lI4vE5T{a2UHX<qcC*DH5xWD789@AH8s$wYEQ(U)swuBAZ
zbOypy<cgNioi1-+nQULUfk<0eSerl!vTW?H=UVUE4e6`?_P*#1GX70AXjZS%lu6VS
zBBIX7j7f(H7u?Qu!OWe_6WKu(!SO#&V$!RqG0nb)@z?W%CjcfInxP^#0t%YI#Q5_o
zQ-fTruE@-ajZbV)7C$dd`Zdya=*WZHjfY|U(NV;nN?IELdAe6O4FYq6f+)QX=W<b~
zc@&V-W(|YN7erzNBO)fDX}hCHVoE7>&3k62p8eon+#=wiQ6eQCS5r%FqYQI(4gi_5
z0lmiU@~rL&ZlY5G%@ZaidVe79vInLeu|vIb``r6<t$<uWd7xmcF(VU<^idH+kQtjx
z)`TK21yYM2a$gP)z_hs#K8CuJ6RD*<aOVXEROS_m@i%lf*dHca76W;~RRpi5R__*1
z449%we8_R-h4{N*X@1=Fn2l@QnsU<gX-<b{Q(?;V=XVXyiD-xF=gB=njroG5^Q^HN
z6{%-W#=h>Oo1l}8hk#9OOt(E&qco4@cHAqgV-csYmF>UdGo^3@X=cAyh#4uVU*9xI
zw;7RfL_PtWqoYwII@^kVSS_7;h$;^jq6Ta9?S+#AhEykH^;1V#Z!J5iR+)tv^1wKv
ze<}mBcPF>N*~5_Zt}T90n&+&A`-Cyr31!GgM33;F#LMdsnGr7^qQ3m5ibCPV&|9Dz
zo#toi&=p(qffOt)LuXT5#olE~wM@Wl)rruI59sb0P?&hqlYEOSkUFK9M72~rdw9~b
z3k^U*+&^gHVHhVn^cX*(kn;+@)q~m7D^(2mXi4Tb8dF^Z#UuwK9aP`!oLTm`y^|2P
z|7g(5C-qO#J;^|jD25CSS#7)34sTl*GbmNhQZ4)C_*LEdfTGZ9Mrix#dsCIKOrJ|-
zmK|HvY|5f+bLwed3N4;l_K__PWGrGuvrZ5G?;$vwR7==4{RpQc0NU{+YT)I6S&oqV
z`T4YvJ15d2T!hJ(=~b+5(XUV^T)OM`4rMXCJ?ff>KZ(_Kv=U-h%j*5XENCOQz7g>>
zldhQgK1_alJs!)uZ<}hv#tB&$+%qhFsu}*^BY*qsVzTL9&4m?OgEf=AwIONISN3<W
z&z8M$LF;4FX}{O^trSSjH-;S6d}TMUI!_~tdtY90FI%#6IZ$HtT(MLFR6AlxTuDUG
zLRq~R7DBd=<YNOTtQqNQPUiEI$3Iz4!sx?K*ta2gP}2v5&QYOiCjy1c?7cg%p&8lr
zepEgXFN#jq&sQ(Zc1S>uc9iSB)gkf7SZ*JV9PNwkKJ#DmH{;eaIa~*dOwv1rubCV)
zsUNKAP&`m?U82YN@9>E(gpIC^2KUlcs-`55EnLmFc;q~d34^k+Suu+rU?YF*LM7jb
z0Ze}b%YJ>j<)n;t&n8Nb>ePoB9+QG15(2(M4ZBm_;-pU;UFqAQGR>N%jf(RnRtj@$
zDwo(XnuTeNn_#TuA^Kvo-D!<a$1_!$E>=z}AOjbwFuN)?>r!?O2Mix8$8gx_wdrwc
zGk@a>{FF`ine>->QiJ?84^+t=cTbF;qP}~{8edb+GZLg<U5l?spkyeRm9JtaGI$D1
z@C(f*7<i1==kK{%fdX{S5g~2NPpJyIRgb1hZOCZ$#x?}!l1eQ4w61FjPRGmM_4Soa
zA(CY<!*Cl*SC@RT)9;-&gcpG)WK6D7ceUD(2exM%rf>?KFjWS;5*ej@po(C9hi`K}
zn9vihTBiEN;5-06@HGNmM`XrKoP<A^S}Y>Mxpy&~kW81p&irxB+=qf9qfJE*ju<f-
zAWxV*d$^4!HGS&TF{>v6i@)$Tn(s&pX`Eeq*56Qj25|E5N2zT6!1caywQ<fZ)p~pz
zkXLij$s}<aiA>KFsArfqRDnTV?wZ$o*Jzk=uZH<%AYdfu`<_u;b?`7Ja>QRbpY?(H
z(U52O?CF*{+0X@>T<WOdPt&2WCtv*Uu;~VK$&N;3LD@5+Tzk~vUYQcbK_n@Jcsl@{
zSJ2K!hu`5!R@xXecdiDV;58bcDT8YkE9r$UOOFxVgSBesSlUe=(kA*upr)MbDucU7
z9rD0n`ZTP3JiT|srvwu%Xvf4lQBLnm$6M8LJaZvy{z90vFt2YaJ#rvlpMyvJJpuNu
zAz=qV)5?b;sXaLDgDcWpeG_0;e4M>?yH8C`gSM!zUTiM@^ij#X;fgDgY+5&GoW!Ej
zE$jL+TzBjC($CsHSFw6|r>Xf7J!#YcEln-`^Qi<c)Rx_gi+e(&RNHnmKx_<n$ds?r
zF%)jMG5i~5m;?auU*DuU(vYzxLSN)3sqmZ+jNpjTZ}{se>hr*IhTU@(9Je3g)D(|)
z9cK#2W<ZRo@{M8kAc{Max+eqJ66c0_h%?q06&~D>TbIwROVkmKLyLd!bvPhvQ1Hxz
zt5TNPK(s1dBTeS*YP0=``%oz<Wzw7HCRb%=FW7sPG<%pX0qi2Rg~Z6N!71lj&20av
zRyt5-bcm7Lz6bEbpJBmSekf>cQL%60n^0JVDtvbiEI9yl9RSqs$UO>ACx8p-e5Up-
zA<aM4d8D1}qGf>_dRp8y8M!W=Eg{vKlMV|`_YmVwAl$K1g;a%AvR9#3#7MjCB`RCQ
zj+GCTq%(x6Q%d?CD&tk!!q%6uw8-BXhegOvtX0~RHD;|Dkx^r~4~+I+thE0<{uh&s
zl^^nh#K~+KdW>KZ1kfSfya~Ow>*mO^W8y{>7UB8Gvb~y0d@Yh<9UTtP$aUt9$FSp&
z9fKFLP{JuNiw@XUVNjAs_1Avk+h+mHN-EW0g;9T55dfGDt14Jp)b=ta?dmsaDIm&_
zcmRQ@!Mxu5E0>)QWx3&(A(?9n#!40Fqm>>7?rU~~cIxcRrG6!ScVqEpH?nfjP7($R
z%F?!Jaq6s;)m1VUAT$wXFdxv(mHQ*J=&yYm%wF1j4u+zW0^K*OO03V=5EQ<Nn{SFQ
zLUcLDN}vo0nhz4hY8whFIbGW6zTH(Jool<TKt`dH233RWd;n4mYr<w60=d8->N`*b
zOAV1xk^+sY7$*5za8e#gAd@!q;y~4tr-cD4<*FihawQcZ;W=}83%+DC5h2n)a_3=a
z-ZikyJZJJ>@bxb)-un8CHW^}LkK@{_($^1Tz#6fNy&SPI_kBv+eQ847Y{EO0M}GCc
z_5HlXb4SqrP+`Jm4BMSg26jNI^~LYZkW5$Y<e82v3Pv}1c`<_tt=ITEj?4>;=j+CY
z%*mr8$sB)}TkAd&on^(kZ@ig0<+}SBy4G77c)I<*raX`;iz@>YqAVymvssP!1k+;K
z_45H1aa*L}8U}R(FXoNj1u#)?HZ%L*R|`jw!(?c*KYNnywZ1G<u&b6Yf9PPa5R@W+
zMPFR~H~cX((8c@nC8HCy7@7%l%g*C+-Q5I^V8&>1)xcwY#WB@)8;H@MomDe?m{#bF
zn+T^mnrY)gR71OO=>649z*5kMZr@PiYtnG&%yZ9=%2uSh4tKikA%o*%5(k~EA5G?8
zW^`?<FsyB=)U{e=(%9OtraP@$*q59i=Gv-A$bJj;BJS?oRtB_-5V=W+bv;b`O-D_}
zr-O%=T-2kHZa1|fDaz>38`zG_4P@Q`b*^Ywz#L6iS*r~ymGpD+duLZF3~)<w*=0p5
zAw;vjKAqRiZ_h%?>5SOC<-`%R__n);FR`#ly`7Z^Xs$46*>A_~*|B>Ydbh{oI?ANw
zl3eaV_{J=ZK4csSz2T8;<3s4Tx9Rbl6o$ul>re4Yog$0a9@CQ2=+wbGV<gT@j4<^O
z+85cD5_^t@%|~j)P|`w%7WPI0;PuzOD=J{w?O0%Fmch@r;12W@BVG8EPq&_wW9e;~
zqrX%@0bkN{>2F3@LC%Rfx3uakU)5Q@aA0y}Bvhvcamu4|Oe)Bh13_r`(8&I}16L=s
zpluyob`1htY;>eE;vZMdJ3+d?7iE8cwW409X_tkeSj5sSCPG!32&2LU@sEgh)W1rB
zxUx*({1U0Sl2treDW7x)zQQN#+W_@MRO&)2{N_(dY>Nv0C!sF2CzxG1L{7%}4SG}n
zx>-iYO<`^aL&w?Xw*i01APmkAMpsim9eb8B!4rnlPqHtf0uuqnxMjyu&7WV7>D@zo
zGb~=HArfM(LK!t!WWnp__=Y<2WpSLzf)mW!mXvpIcb1@yc^GgXQ!et9O+C~!O{>??
zxq~k>>OXiuuMjTBi?DX8N>CYO{prONc4gYb2I$N-B&}I_0rcHYF@NQw39(8LPL>Mc
zwTJ(bs8RM<amr+!{lVJnp61oT^<}*kwDZ6LC;{^A=E0_57lqV$`3BE68x!ZaXwz*^
zZ~&&N45{C1uxd;g`o<dp8v@qQ38+WWXwvohCZE-0QT)3FqfkpMcREACDfWvj1bRb?
zVhg{rOASsPXlu-a6BBOAp$22(y1MUSq{(IjUb9V8?&(ENR#d-Peebgu^~px)=*lwe
z^8(TCmPX4!wFwL<UJ-~elgV{KG5+~C`Rii;cT-j8YyjJm1+hYQW&P$K#kB>!e<ho&
z!KY9BBCkh%A|>fr=D^zyuZ<V}zRoF?D`%5nLc{fiH7}(!&#3p8+uF@jr!2~6*{~eA
z!2G4<_Cx&6KE0x>&Ou}*+M@Z)e{!ll1eP)GHra@JR#7%abJafu^Wg1^kfu7+`Ij>a
zI*jMP<gn*sT}|EsnBsUMv><Nv4S=7JBF%35g#9Z=S_gzr)j|GlbJ^UbH={^^M_U8o
z@h2QyJCC^Bh%)FkntvXw$j9!Lu2xiNP#Xfo;ZM}a4&D7%**Lh;Tj5YiUHvuN;J|Vk
zy8#i&xCnYhxBMe~c>+3b>b@;c@h=WDxJ<qSk;z@Nq<VfWKY=LcUa5u)V*uUq-9YdG
zwVy<hu$*s8fgBt{u1g*UvvdHBuHNZl!SBx#fs=P8Li{zZ7=3MWfCaMMK&)!k^~bWe
ztfzk4#ig&^d<GTKR@cuIv$r5yGhiLh`mLFrSxT3t*QQK5E~kz9U+;_l8XT7?368NU
zOI8oTmed^;3W{A0m?P^3y*J+6aQoU8{VSNkb-cx%cclq4&JCd*Yru2$2n?uukU5fT
z+TLbZ;!e&-g;HzPM|=6jZISprrbxT(l>;<VR%oto{PQ)9RWe2}^yGKR@o1Nvw53m!
zVfCMzHETfkpM;)e>kIge=4y^y9E*Xa)q%6dT`9L~qDqfkwe^#J*Hwt!3V9E4>we74
zpCuS{u10+p??LS|O{se?nU8Z56iaJ;x~oj*YeOLX^C=kb`+5O<8=&!RB*M{3&i9Ic
zI1h!UL-@9ZStstB)s#V8D;IW+YjW)?hXRWVGOIhpNjJpf2sZPl9!%f=4J8oT&)xVl
zBE8<Qm}W5S&B{z!w{3I32938Se@qE%5DH9Q?u^P*5=9dhA9U;BnRP&~j=#~r?fl`h
zHQjy9b`Che#-pdt?driwTFzrx%!r9g*Ys5$z3BLqZ-*j#)h6W5#ZqYa?f)JRo`k(m
z+0)J-+pDn0UzuxfB5Uh?WM81Y96j&n_OjKM{*$J&h)|WUX&yO+z<Kd&xKxm{jTc)2
z*~KGTq!-MYyc2kan3mbzROJet98?DMoB<g0&8a)PupCZZLB`c=F8B&-<b?XzlS*qQ
zMPu;!Jr~xRbTLfUTLvCCND)!G@{XYA10;}&{V>~jSgREdu0+Nuz<CZE#G>8n9$Tml
zBw8g+ZhLHIw%O`^V(N%{z&|Vz@}iI$b;H+LA#P^&k>Q_@dbVd>f2Rab3*e(Q*6w8B
zdk%RP#e9P?#9P;vK)jz~kcwT2B<^$~CtY6+Ue!TM;mcWH?)-k|j%hbsNN}UQ3H-R6
zG{@M#B#5JSKWY(e<ufNA-DssoTYkjui??S{ZI=0p+&yu1vj+I9*D*R+x)6jB_~MQ$
z-Z7@An+#XbJ#+>B4qnwv4taKDWoR(}z9@%hnSJ`W$*yQOIJ9NX{ovO^vnOD{EErn^
z@avg=hH89dr-xtj_PY_Y2QKe#vb{iol%z+Yh?(h0X#z!@&u#a>`)2K&)agEY8Rac&
ze)~5>@Y!aRU!d{1?8b_Jjh?Efl4<{8IEHw*h7uYgsM9LM-$6r^QYn}KyX@%$ZyBqC
zAK2i1v9O)_LvEn=t;hT3a@ff@%v$Mv9-Nn0&#bhQp_Ozj>7gQ{)L{o}$(fvQ--cmo
zfJn}+fO0w?1~M6**&7>KL49rQ9|GRjt&R?Jxjxw;O;SlnT{TkT^iBBdF7iRYFJNLK
zLT7oQ3SD8O&cI&$+>f^0+{=h-3aJ3_Yc)YK=b?clhH?t?L=PzbEt=jQ&MnJ3D61&=
zy*$l=7AQ+=A`MgQ2SsGv?|fWwI~9XZx6i;S!XtTC6iYinc{18xD4~ZgpeS-w?(5i2
zwMaa#+{)fthhue?coko)Z{;ZelMHcwS>l||_Naz*Fzm84tS8d^R-<`#@O@>5zc%9T
z_2AQ}{zKnp@e`c43AkH)sg%Njoqj<f%xM&dvZ$Pa(6UbZVllxBo8vk;@TDP|8#d>@
z=Mz6*5!NMOasLxq=&aWHi&phhHe`cYHq<olXAFc^wIG;#j2Nmxzz13AjN@|%qT#aU
zi<bGxmr7^$fW;xOBpy=Ez1siO@h%K&Q3($LuIr1|o@>Bjn&20UPGKkuTYtwdm1O@B
zQ2&P?iZI8u0(qKO2G+t?77S{z7XQgcEkS6lg+ewA9)GD^3I;b30AV4A{2xGDQ255j
zQ-XH^g|%)V{cmi2WmFu&*6qw-L4&)y6Wn2N*ANI6G{N0{NN{)eU<m{W5Zr=GaDr=)
z!8N$O&b{Az-=DV@HQjyc)IR&{s@21EbysI}S|(~-W~)lP;r{5qe-e29MX-t~|ErUd
z#5SdT?1_V%#2ZhF+Zl7o+Znge`ptgzObl6d-kdLv$2b?5Cq0haIM)W0X7Uo2vQ8ds
zs_iB6tGZ+nCpc1*S+5VaG^3+2PR1RP)^1^m3W$jQaMw>-2$auZt-*r>y{9Ezqd|BK
zV+75^r={MYGw&bdcCH`!!vxp0UL_x}kF!PlubxVL5TB=}dI4KV->O0PT4H8?4XmWK
z;mGntHWV)qoyPNM_hn@cDV5I1CEB^qKd!~vyR)9ukE!_k(O2%OyL;&n7TLpBwKkbb
z)Hr?^PH}pX^JKI|+_Jp`G_+S_`i4yrH?@Pvbmn<_&8GojL0`!fy*<I$w@n*s>b+-v
z!GmQO&nJ%C%j2YhJeAHHf|!ydyk;v1&@J^I4P?~}Un=a|FB@f8w0j!KFz&=@Ot*Xh
zhn?=$vvIo{1yk@+rsdRX$|e+@3P*>-+)5Qf+xaS|*onBRX55RrsoTVx-)Mt8KaNdo
zsB8o6-e083S?xvDX+<D~o{%u2p3rT)bEwH*WA>_3`}}SKiKA)fP`f9P-VGY2p3qwL
z1{(a{!^o`2-e|)=GDtaqsHt1#k+kX+zvCv__?&Yn{1!m>0kFLDOa=(@m<+uq%bY`p
z{0RXUt4%bgN$1ecOS`6S!vNAM=SY(tf_J-(&Y{zv`HVLHGE?YfFp~jgie&+4bT4lM
z_{lhjHim7WIYmzWYkAPrEg8O!2A2i+IlI093Uk$~FCRA0s3MY@x~+=vRcW51H_@JP
zJ>D5@tWG|&8EtH78kx!Fe`50&xO=uV+Mt;P5{46F>NV}WbPi3HaS5d}$FFh@hzVme
zqWZjvhWCCGZEhfB6HSur^9I^=EI@cq3D76=UlT^e|1I)81XbpwKm|biMl~gl&7V<u
zfI#A3`?WqkBQsk2|H$-DDzhSMgt+g3tY**XMjIy?VQdc+(=MTrwLqa&Ne%~$x}{-k
zsv)s#swqIh|DG4C+tlp=*o>_9|Lw%F88PW6a~N%G1GYAPL_KdifRipjX>!InluV7{
z-;PTt*?YgOZh(`h3-A&A%uwZgPPLB41Ss~}4c<eLN8uJ|v_WJs7SE<S_OHWk5deLj
zIjUZ%g+=!hR9QVE7@4^`VCvn_qyHpe>;xn?%%*ATp8NN)B?(~02}QEC@kXt^kOTS#
zMU}M(s!W5{`3JNN>72t0;tX`UTlVeZIP>HELtyI={gnh(mMMj<K*m}E+}h)R05X`F
z<PBaCeYFZfqf{wT>SzA_Vk+n}E^3Epa+J(-B5^xMM?R|ex$HTixFJj4Q7nQ%WfO`s
z`rno7&2hQ4(UjfRwcdP`fW{I#2~&5%+thtqr;tmRiGWBb;j?_Tn=EW`<r3Ue`jWU-
zNM1iZ!d=9wa_wi0FN)0U()D>a1Xs5ynZ|)hMnJ>v5O-2kAJnsRO67h?ny8$7`#Bfm
z<j8XHwt@0hiyR-5%a2y#kFCT8F6$L+v@w@lXzi{<ce(S)pe>hI74L8+XNKB{_-LOK
z4trDxpuue?>_&z!a+XbLq;GOxaYibhGC;mba&E0n5wx4Uz(4#jxHPKy*O$h5!7;3`
zl|<8sKD%skT)DoNP|t4r=)DhuW}9}}v|>E|_Sk}54pKi9emFV?u}E;cLS~8*9Jbw}
zO}77jYgm5{x&5Is5|sE}65l3V;XTr=D`9^W%Ild|0lTavW?7Bd8&xY9`r$j^{&#v<
zzjr&r3wtQTD!qt6{R&mTwpqH|{D||4x`F9ZEqunH!7d3)W_{^Us@5#Y#BLW#w<oE;
zQbbg(`cyoscL_A%(n6aF(c#Wt{74@BNd9QY^i)NlD!IlANK6xXZgSmqJCeH$g|>(6
zG@dn&tT03d5%F?_2ch1DvgLX9)A^CCu2n1-(Ra_E*Sbe12Qn2U2a_MC#6_^57v)lM
zx838&xFlA}yRC=Qzn_L!)M)8;b$ZJ`MWi3$u&r|;qX}Wl26GQ`Q$hEx(q%3<eYNeD
z6A{eOEctng1$k1Af)*&nH@qzbSO?JMh0StY`o>h#;^0R0KBU)e2c#rb4k>w!O^Ie^
zbO?~%Kx>P)!voh<^VefIr?zxGY|34Fu^2&g;J)`<L;0ieC>@G~RlA>p{}3#GqUuBV
zOxmYldDiAlEz)=1`G-FXb41&n40$l@0#-|BFfcM^E9=rNZ@BxTVWKvf?1yrdp1rwx
z6hGOpul2UG-{8P9rE9u1&wVt@`G>jSbHkG#bq%p~EYMKZsU38^z8){vqHB{sFf?ES
zMbS>1@;YnI@~z>MxLRDFwrctZ<zMD{z$3&6RhFDP7l}E8e{P1C^{DVWqS8bMh3`<g
zFI#1)X5Zpn?d$NH-8Zu;I?hTUk4uEHb3SX+be;@gI7oaLBz5EB+B(8`4k^6DL*^Dl
zj<_Pd=B->B*Yti*Q)Aia+7w!f*Y8n<@8ni+iPk*D!H(!C*5%v-4x8omF>{#gm0sUK
zz<5b%%1mnbqRk7ov4ViXOixz*JTctIbG!7AVyL(UXOXtFKs#LlhvD@;I-+%9@yJqH
zmKX0kbf|zADJ_{L2NOEaWR@-l4<MkZ?@OME`lB2~Hh$7+Odr5p5w38X&uM8>)BRl#
z3+&O2pYkM8pReX|C2AN_j^>7=KTFg{QXMMy^+?vkgZ#f*f9RL)Fdu(Aq<2W7lFOV|
z@W!tCYp(mL?PbxTKFay@RahmXnvT@%k9uGNfy*%KYg^^a@6oGTo(-h#@53b)so7iT
zrCSg4fB1~W?Z@8c^1gFf)yOH^(tG@36LpdD+U}zM_2$FmkZ{HMjk`<49;7};wc{}g
zyFMuUfqm@!DBO^FEwFDPjecBW@YPkp`H@;tC=nJnyJ)e$Uvl#OReui#8y4HzDtp%2
zB}q^Jc(GHy_tKpsZ$Ij$jMcE7jakRzq6zW4N0khxpbMg~>L=O&(X$sa4>$%?;cX70
zy+PCVod-8@M_xW0PlG4>tKS*iZOrbCpIQMt@42gpGmfzXq0LoHw;VSk?Cs9vBdb9v
zu|;XjKNx1V+!4H&QaKbn5!WKWsjsM8z3@J=N+wVx7<}@kmccX^v|>=AbO**k1ZnSa
zQRq-UZ_JYsrnwh)1YU<J@kJ<UZ(h;uhoJX2kLY2`n7<;gNT8^CRyCRf-^<guc=L>B
zcc*xGr!s3K#qBdu$=@?eu%>5b$MY;Zrxfy(r)65j@rb#k&`8?q;f<&+s5?BBE%mgU
zmWeMbk*HyM!A?8|*V-;Vx@F(nIEU{K3GIY%kJ+qd<Ls1`#qs2bk?xdbn(!0{u{_p4
zr(-;J&`Yk|1b@4EP12D5`?zN0LhrDx=Dyyb3(q~|-qO;bBE0T%gYWJ!9@QU-QI2b$
zj}ND?!6RXo$A<822}{Kd2^8`-^gd7N7>z++mf;1T8f(sodn^W0?#bPquYHc4Ff<<2
zn#avhoB}6Y!uB^Yn$azCGG?@!#|7iCuNSU5E{7yJu&l^Y&p3LP;ic8YRnN*T<NMXb
zx`BO~nM1|*<d0Dsb=Ab@jh$;D_YbFe4o9;b4%d5U9Y+!}hIw-V!wHhdkI`=VCXE$&
zGuj$C>TVh%udZz#`DK32nH{^`&S9hnaI9F3&0*AaFkX{1uIN5Aee>2&nJs*vIWd_C
zFhI6hiX!+N=w4SI)PJWRPUZT$d_d&fdZy8TwC323fB$=&I^VuZr&;+k@XLqoyidqw
z^7$`n7y}b=ZAbn%`s?!3JSP&zd);Q~kItbLofhS{aWqz|xLu0)T*S7WR?N3~G;juy
zX!^+R>p)ZQE0nOD5yb;bt%#skhtHximm!IQU5YrN;m<>-i;^VDLb_(WD4kp`oVFRd
z-Dhao!Uho^Q>T^RnRKC_%l_Q45hgn>^`TjnuD>Ocx$2z3*$xQb@HM8;D$2RxQJ^5@
z^g6wEmwbxeFnKm-zHGzEYU-ph%yp@D<*OTSN*dJgmXX}V+Ok?+{$<TXsD)0Y?Nse~
zYSN08V{RP~MFZE5OJhN^$}`XKjVfe+J$yDn`KA;nk9>o!&gR6oCl6J)NX&II@=M|Z
za+JcLm6I-Lg+AWHmX)$Xyj@=`HY5CYkaZoTkMsas6i8&wI}fAS93T8{@r?Y9{K)!U
zrT<74(WE+YqcE<_PA^j#@l`HbHeSC?*qX+Wu$FID;SFD?Ofy+gZpLr4!RGG_rpud(
z#W-zud_4uz7{YcoZ_A>)gYrJy?DNUoiyKN0D8)>&D_~{v!;xZ}o-lfTSY??GZI~|A
zkqcjPcYWo>h|e_}bQzM4y9o^2m>_w2v~vuo$E$A8W?I6Gb3dOo46<x`QV4q};()Vj
z`(J9lL$Uvi2hWasYvMS+{~fLnW-J+|zn@M;GWNvGk$Q$F6P<5;8R5GEe6JgEi@EI?
zm8CY0|2UDGsy~-%9%j?b`JB3zV(0T#KY#9rrcJc`a(+eJCi7~+Z8xuhMQ4ZET#!md
zeB<HyCr_WJUk;wl>@v3l_0QzkL@xaiVn5g@Unw6MpTQ=lR|#H{_;U<z9`u==0n=R7
z1mTz+x?5-OH+VmBp}+C*pUr<Yg;ei)3pJ1x7`dXXU0kx)nLlz6;QYSiw~{b0{JvLM
z)p-_}mHhPMh>}wi{q)tRd|$gD^WCdt16Vl8!(YF1rZ7C6L65dy>*%ML&mV|Soqo)|
z<6I;QO4|sl!(e!bf}?#hIh*)OWJRh+iX(pU`*Q4sOy_FzaDvlQZ|K<XFj4XRHg@LO
zzA{WYvt%Qp0XbnDc9@Zm6|t=(5&8+n=aPZ}_qT>Gm^s%`7B2lgSa{YVByy-cbFWY8
zFeLL*y=cD$ei(epT=ogyYUjdnCYbjkLHJ@(@5zBiNc@Q+`mVrxfN@EGs`BfgmqW+8
zz`L{trPh}$(~)r^+_FrBwnwQBvk`xCMjNK8ca^85dPQQloLXzlx9J9nmXzSpTsmWO
z>Rwl#Ep=WAV{_lhTqyBk+R=j5bI#t<oO%55ANbfidkf4G)JUfis|B5@WPNbPF&sdB
zc+wiww;Q^RFsX6>GqfEWi9!Ko$}?Pjt0*xMS(bK!x2<5qzdSH9`JKS#hw;u=!>I-$
zH=CRT@z?|LpTD=y48ax@aMon_B~N~qLcA_Wit~dpVPxhxuS|YE$;Y<jgRftbsh+|&
zem=i)FBy~21AFIYI}xF7tPFm|^!rAC{FW((Lrb3ksztJJFNl2Ngdry!TF;ds^du_7
z@SC;x;z1zVg@K!q3^h3#RuohM;UZz2C1H$;D}yLu;c;W(rRsbeb^6k!6CNo_&e(E4
z4NJ~P<L=qU-!nq|8=<^eS3w~+Lh&*JO+BaBlh){iV)3C@)~SdZ4okYQT8faGj`kZ$
zmX{t`#D{!|RASDK#W8<I^B2cND-~}J*r|h-e`=!SGLXBcIZx<s6)=lsL$-n{YbAI#
zb6&Z|hCsPBQ>HO8_W8II`BWT{`9#zXX}jkz2AwmlcX+gv#2g@_FjP)F3nNC~4}q2g
zyL}cC4L?LJ?DX2?r$xTb&n~*{($<&KU7TsKAJR>UbSvJl**sbxugASQYaNlDjKo;q
zd4cztR#iv)hd`X_x@kz{OIp>x=9yiSLQI~72;#p~CEoS@zW;HNUpk+Mp3NI{Q&uQS
z`5e`Dx<S~L5YJ9FAZpf2jQY$9juQ9*N|VjXAhId4c0i|Ibm-n=tm_w@+*u*)f;2|5
zIO4UF8iFp*)E`O^cfVJM1`uX9n|%8nOYhgryK$COQ}@;@K9ZAi&&<nDRrNfhoDZ)!
zynUbhtad;)u;+<!%-l|**6-3b(jgIv$Sg6elzl2zoy&?NdWJ#BEJxk@3qJEX99$;O
z_@qAkl!oqpk+r+auch>3v3Lvo(p&A<b=K}AYy47yg79;YYBr}2$e(e{Th09>9c4x!
z><{WUW~4=<ER<i@nHihBTDo)APN=sQq%v#Bqou}93ds}&UGFtMr?SgY2xU4ekZAG=
zzq}c=GH)E0o&4qln{%S=*04kID4=<{dn`EF=M;6Yni4P^OQtmJ7baZ9Zhv}wm7Q^z
z{;6@;$($k5PUq8g@LI25Al|Lb{TM~tgN#}Wz1sceeae%fdpGkd+>c=4qvs95vs@GP
z`)+2uW-Zr66QcJ;oWrsVXQwuuw8Oo0TD5{Z1G+^5Lq;1s=m=)*KBB|DhJevTAyY{G
zPr1lRtmI;d;G%5c@POLi9ogj1Qs3v%M&dThx1Df1O2=|IK&+qDQe?B4?>aykI1Yb~
zt$|@)p(aan>QWymKFR1kUuTh@rJQ{o8Y*s#S;vh{cxBm}VU1%ERRf<Q#tX1ebuDIe
z2=ri`uwJl2uvzF<+<k|Izmkil8o|vSXBn%4lo!waowHw-;f)<H7r~84fA1MF-Ys4>
zeg_{x`I9W>t`_d<GB6rZgZK#|-ZQrSlAUbPSy%t?hwwvD($^mgd1w!*nezjx_*}n3
zs#zQL4hT>V&*zTLAE-FZ<M*1OSxH4Fc}vAeEqn;R>WQRfrC{+n#Xr{Q1#nL#%hNS5
zYgJln_x)Ly;#teWfoftoH}Dg*y6(zT4!DsdkL?vQ@Vcb)1HLN=Mdgms>}6pkZDmo$
zr|>u5owd5Amc~~19LlcOr&nR<P7H4&#rmRUY2$65Cw}9i(DZq1$mTJ+c^j$ioGuq{
zpH8gd<SCBRiiQugN5C&*M3}-A7*5(yyFMp*$qRw1RaZ&+e$H5)kNJPyP8|}J&3KpD
zCL<fA$9RIBxc3?`Y~Skum6Z2iwkV3e2C({smltR-oM8VRC`<B+_<H%z9QMzJ2SpPO
z_{WRFxFu5CWbWcG{#7yF098jI#yg#J^&rqCP{WJg<({v+>N5=fbqaWpo+1NB&17BD
zz$O#j^vgf+A5;Ip4L1M9cQ_5DKLJp%_L@fl>+1TDXkcdBrq+<?j03>FuyX^TZ3&JC
z7@t0%%lcNiC7?_QDJ1f0QWeRatJ70CziTl}?Wdcn<74+3Xpi6ex<vsze>%KHu|dz{
zW2K{bKF0kNy~5*D#(OrnMe+2x08n5$(~3pb_sV8SR7sthk>1Cu7SB}7C;V)SqCeT|
zt@Sxp?w!RdsqOdJXrIXW;~^RWD<^Yw*9JCu=Y}LR=oUSk+#G%AmfNUTAYtBn?B%Ag
zWDNY_Ro+F<e-GIC;8tuNirWwFZs2#~@PP{WgLn3?+el9^H;u4log&r$^ZcJ?(r$rw
z$q@-T`D*kZ{|f|I2ytW-$HoPFyW9ea$8XIFg(Xj#K)ifXn@KNVXNZ{ncznbf6Q*KP
zpZ-4wZ{L3Gw@Fu?XySmJenE^KGWggpgLBTbPnS;WBTM~`!5UjG@OO{$#Joc4n~%si
zfDfi^*XC<f($C)W#CvD@sH9AhZy2m&rf~V%5@8w)*6y>od{37DuHp7pAYvY$Nu(A?
zrR<?AP5gt`^5=hpN-Dd3qw}$!okMDqzv8=>H0e?mDFEm%_s>HOAW)qa(N054DkJMp
zPHWzoc!^1r*oDVe<$(~%DrNB&F`*onPZzromk$dU_!z7Kte;{s0plPH*xmdwn1C4j
z!?CLjmydIU?h7toITdBT@<hR&-VqRGMH-J!(d3^v8D#$}$v+hs8`BETDhxFyh<CNJ
z0uB{vZKh)KMS7*-K&xxNp%@?vAKL{$(XkN7UK*Eg#~0?ETJY0&5{M)p%4ltLq=ib_
zD*o^BSMH{c1Vl_AYDNizbyvmCY-5}~?bh<$JIy?xi4?vA?~GSsftG3|07@DTsAdo7
zSM|d{=wPs8)^USKYKSn90RP9Uxz9jW{{JK#1uS09>8er?jS26iisgfhp63J<MIBVq
z#J{qD{$~cLq>}m~eIm($wH{GKDKjiun#I$SE38s<OJ#4LsjgNLI=<5SkxM4~@a_%K
zpOhrIn&29|;PRoNPnpnRpZrn9){x3+y(=ZfM{TMQMd0Pp*YNRUQNc&rDIB&aS_(ok
zTF$Gg`{$g@=IgNlAJoZ}ljrNlK#2n@!M03Mx3OO~Zez>MR%q6RW-;t<cqAv95V9Ak
ztSeJ{8YL&7Jt?`SK?P@SVg{glgjkxXPqmU0UD|IxJ_d);?B|wq>|ddf3h{Avwyd95
zpi^F_JVb9Q8X91BnV1b_<AQ3jcb^bp_J6f%sk%&DS8&6X$>n@<ON^3UB;2V9vkn)l
zmorOl7Zg=u6n>Lrd+88R2DUy3Hx6zH-282QAW0t9(6P2{ebAT_Cp{m?2Q}a4!l!2O
zki~+!?$gnMwYAIsf)&+{d`Mx6;@O`Ma%USjK+j=X<VK90$kdU~gS~W-AXFw}q^_V3
z24uxJ_is}DQPV#!KsZ%g64HX@x@`iAEWJ@EpSh(I%DPm1D94C!XA9!eT)vSVa3ZbK
z<egbVc*GJ$mt4|P5EE!RQ<&kA8cYz&K`sVXpZz4n%UD@{D=Yei^NCn1)@0W0!f@6;
zhQXKQwr`Z^fsJoP(nHsV(3qneG^dM!moEbEjnXF}{ZzgPkvB=o0x@-?z|B8CG=zK+
ziC>G6?p)tU2g}cv8v2V_(JmY>cGcAsw7x4;c0oPAh*J7WkGlmY(EEbRnIAm^Cy33-
z-3Mj$zkXFZ1uLycqU=$9lXL}_A1f8kb=)Zx8P#T3v1wo(QjZq)V_ZmsG4YM!l{y=R
zG;1!WppQ?B>EHJ65eB8zog^Q<9MPN4t@ZnpW#^Sdby-zQ@<uys1m>HDxkqs$GR9au
zPw4pxQ`%r&O(5c_>`zw38RIWm?CNrD>W!a;)-`WfM9sGPnqE|Bzms0o2l-d9>JRs~
zk6uiwr$g0!`Mb2c@tT_SK=gyv>{C93E!7FsowYAc>-Dy;A3kYnvaceOMTMlUfV{ai
zQk3&*{$PMsLkEgj-zpQ`oxV*ub3{ESi+JtBj&=ds{**h$JAsm&;(YNQ^Z+R_)MM(k
zLO6}qu`!T-X%zBQsmzP_p>PpXr-Tfzg}URX7)ASqKI-{Mh%aSyt%RUdV8*L3IPh*P
z)m>OlPPc`LMmJ0;@Y$InepD5C{;TR1Ic0RW2eV!vhD&xgh+Z%7gG(9fo#Jt>(Aw=H
zTEcP>2=pAy%9yx3@UZJuQAFLmK%DWQMu0%CCvy0*++1KNmGfTaYlecWAGI8%mR$5!
zV0e$W4uOi|@liVHRPO71@K#6gU31Jpk+ojJvTDk&bZ>UFqak|13M$ZAzl9dLLc%i9
zzH_K<06b~ASgJ|3;tvJ=^>8%k21RUB3j8X6YfM&_s-g^CvFbr~^VPUf8mJ}#6mQ5v
z1gcN7ss7QEn(-Q6|ItN0`*8m5W*iYJwr_aIOi;L8*wPoL8>b>>kTuU;OHI8KF9_+4
zE2%()20miI=2eq2O7$==f65(x3R$-vu35ZC(Q^ecSN{AUj3|{CGp?>Xe$@}cZ;N$Y
zk9v!0PAoxQO38^23bh(Vj>t|98F&0?#r$VK{+>fA=P7MVsuldUk#-5*mta++yjb@!
z-Q`7mdE&97h&KQ7dUWHE=%po_tFj1GOFg&pORv@!CqBitnR{BFAhF2wGQ6nmP&nUe
zd_9MRzbNRePlb};*@hBi_EmH0%9T3vjD)r3Md=t4wdf{(!#%mZ=w?gPyk{TDf67%a
z$^2D6OQ^LV#^g%1Y1H+lpAb|0=|~{#3U}zyg+F3Tgl3(Trl1|MnVJ(_s=oyF2Kr(b
zJBP_>S)<F5`-0I!%&Dr)$iyH^rxTVxg_I&-%^oxcDZfN;Pjb>0O{_EDQQMatV<gBO
z6uyDS7eka^632!U$I@jv+;lm3Hlp(8RgqK+9MRsV=u@=>#9Xmu*;EV2c-~xocoA&M
z&XaHJX+%-8Ahp@jdU%?7c*^35|0twE$QmZpwvi<m)X(%iN|2$iS`~phxJh6)k03o9
zq$r>B;9mZ=drSu@C9zV70Fh8I4v|`~cbhFTc)d@k|A(^SpqW*Sokc8nRWyHp6Xz`P
zX3JZP7&7x%ZpWB6Q>>vj$*j;*bau7h^T?L-^QHY^#`e>y|MySLo>$eLm%qU?eH2V>
z#cYr1_gBqyOe>~>$6->Ot^qPxhKTrZNOb4+iTC%bD`dnr66}e0Sa4PT91;>pspSjn
zwM%u7t8S%{h2#kKsaY5-&ea=UzOj<TvL2%f&TaglePdBNTAKJhiGqTmbi|w>+Z74X
z4Jn0lt-9aamlS%hYIs%f_x<ONctewhf$}*IO%c;-L;Vv0EQ&?=tW4{@*0V1&8pnJ|
zUfZU>VOr|@*X0WK!rIoBRWNin2eeBad}Uj@uDSkFO%1t1ZU;o8)qX~KF1Z*A2Sj#z
zx&rqzM=$I%{o{4yLvCcEwsS1dlomQVYawo0-1l4~GZy~P6294*5AV^K>J7t8Lm;nR
zplh5v#5EUnN5WC_*xf7I)a!i^@R6WdXZ<`zy&9YdO{ikxgSUY_uqKc=3`X#_8By+)
zvC>bFN|#L<?8;<3F_lpFX&Tpg0(Zhis2ihq*r8QP3ap3dfcw6D!x0PZ#!eHu2Nl;g
zDjBXNi2MLa8G8;_DZ;BYrYQ&3!+NoZDS!3!YkTJ2)=pr~>_ot7U(!u!>JAr-pn~Ww
zn;!A-)&C=v3ZlR9N4mSgzM91@vFFdF8K3-|i}KliZB^K3d*xqXx$<M>MU7KUj(;P+
zzolzaJ=e|qbJL1N@$o*P!!Oe|C*MwRbws4~V@*8Ce~L4VMdobK9^|Si=hfHl9CmWh
z9d6ApF%f$4eIdLhAy`9VHuT;RkviPnj8EcLmdLTY+st@A>h--2QPoc-1@{fkoB>IX
z4H3RJ1&@vVh`(;e>+^7Qij;<fc--sytcQ=eQ8SXFUIa1L78j>Bx=}Mi72jZ+OK8mL
zWmf4dUne{vaSa3$XN);lysE=%8=jD>A9dR&`f??POXwLB@1P1kl*hue$TG!+6i66{
z%mo)8RnctD>qzk{FIDB4(M8a1R20A^3Z5;rt&)1EJszMEm&F>RJY?w7{AKPI&b0cL
z{g>OaBiDQBJ_aTT-=XU<^D4nvz)G}g&NMRhvNvs483mI6lor%`IT9pX0;yF-f-aC+
zu;>0&x%C|Xb7;k;y?8RaoK1AMwNRY%4e?-08~mdLvN+-ftRl&Bor*Rel}e12BwYC-
zcx6JVD@7e5V&1E`!*aKif~v??x968#bkfEH#v4J@`GYSxZ`LVLHCPNiwhEpS6aRKa
z1MZ^{|0YEPCJJ{p;Pvt@WAONfqC6F9AWpcou<t@sk+e@E?1RH56b!+)s8oKc<fr8z
zgc%i~6E`LW+wS%yb$-$Tf8;XXvy5H$K>0aTnJr5lPnp*ph3jnp(@HDlQ_ESS`es3q
zO?nS6$Xh~Q<3j2&X;qsnqOajdx9ISB|23gXHt=M4{d0y>-L77K%9R`q*eiTOXs@BE
z+$7_qDpT*k_b)%=c5C3W@Gd^5_^ya|^o6+ks&vl~dUo6v3UU_*4rs*xMB$P+T>#FF
zJfc+_SH73D49R}0;GdhC`G6F88xkln=<^g(J;k4_aicE9s~>|Sp}#-!^F`;42{WF?
zZ9V3YG#QUv@OQKsQ%@nCQMURoB7IEhw=CNb`Bd~><_(k03%Z9f0*EUsqI(KqgVuY}
zL3DI%GjQq)i_$PvQ@aF6=84L45vYJw=LL4Z<jYVbF>FGRu^l=%P2^i)1SIo7rCNl-
z@K1hv4@AIB<;8JNWXu$PS6~$6Gd>dajllk2hPzw2u?rP{<CzQ5)7$2|+uvgsZUKG!
zKH}O<>46=CKC2@{o-E5FUbO}hJD=Sfe#bV7#x7+YT35`2f9k&wmJ=*ZTM?2|s<O@b
zb5KS)usL<g_9m7sr@wP5&T-Skro?{vSUjZ7kpG>tPEhmW<Olc`Pj+tW7b6G#5|~C0
zWKo5=)rKm>Rh|e;VvJZHL>7EhIOQWe@uq943bI(8%gDB!=V&VkrkZ<U9W?c$ww6Qp
z_=t18?-&?}cJHqzlq=hs%3xLENIJAOSmYjKf44NL^C!BvN<bS<XyBG>T<j$k=#3^#
z7fAr(-xIn5+`hGASu?OFZbwKbBDi}69rSLG&eVenyip5*q2HkieXEAq+UvTRgQ0<v
zV1;|Ma^W)2ddw!$!-h9_Wn#GMw!67(Gdd#rPu>}-jRO-UmudIe;-Z9m8w@2bJ+g^y
zaz6HPN|-TACD`&FH?J%5a2&xK?hVe4Bhrl3VCC*MJS(|)&n0l&3rUUwcaI~2szjx_
z2JsL>h>$@d`OF2=k&v%Xq@Wk$SfH7F=Jj8ANIDh+Ssq|mygIJ)qY}h+6$7;FnFae^
zhFZRW2T~L>?ivWf)@<2VnOl$HJSWZ_=W^)(_;^M(XVTg+_$pQYaV_TV?&OWQ@9;S3
zWq6?TQm5IB#@*z%=Ry1DWOTUR=fJ?EahrVo!&xqTiL!vf^0luAE@Pjfvvcd1QmPd%
z_|LQoUA;)VMAzmqvS-5}dt;Eb6i|r8G?+1u#<ZIR(k)pE7V{2+-M+nH$E5Zzh1K%{
zob$7wB3;o|sKj1ruq;!Nu5CD)5ZnmNU+4}qe5N;@&qs7W$;5gk7%wf43RQCufnI{Z
zNC=224x^4DEmL%BO_ky$#S53cJqBmr_T5ZGx=I-Ga+5nWTP{V@xnHXoeGGJ(S#y{f
z=O=zH*6M`&H9mg$+_7r971-EeFH<_An0`}Mj9~d}kN12bhE~jmj$e=PLPHg$T*L&r
zeGBQPn*t-}a;=N88)aaf{=9`W<Z%^{-p{CNpxit_z#1mh1s~K!y10nYZ%)m@B?OYK
zh;7Z^!eIzxS<|uk#t=?>G9~EE@7$ZLhT~pQ;!Dw(J2E_@kN%D`T#C-9xN~C+Gvkqy
z#ebbarca&Zbx9h*^%lXriwGgnyr4f^IHxQ5NFltuAZ27UW@6?7RtW^^2RD#uKNP%)
zT%<o#rujM%>^w&eZbv~a-%ABMJ7>T!dk|-4-h)Co2@(Roz_h7cP-+J$Ol>l?I%muC
zRhChY`1U#W8=kw%O>Acd8odtYG>OzF%JXd$b-fxp4!0_q5f55=USba%CVLYg;VUAc
zhfG62>G9ak`!B#|CZP3~>8L`NJm5ELx8UyZM^K|Nqv_#$$k*?$)uce{ts_YO-p#Nq
zbug@YAL+1~XrkQ^wEjyPjmiVDe2)?|FQMGkq6M*4#{h}(8gvy+HsK?I)Jf?I=7_=k
z2ne91{ukahF|gxw6i}%?{znRs?LGoXBaWcPx)N4P!J=jVvslRDiNdJG(yHmwisbUW
z{G;OMj%qDn;nZh^&rg(}14Fc)Q?!D9Xm$3L=iALZ_ml_Cmp}h3H!+(j^Kd^f;oTP{
zy+nz*3zUDHlYhLG5AZBClpHJP;@x-R*}o^fd<nd>I4tKI-#!uXrIQDrfJG6>U;3RY
z!{!o7KfVHCzm$O$i88^pfx6$uKY;}>R91dca;KC}mYW=Ur5<wvL+VY6(z=-Xv;+#W
zMK*>If_s3ug!~X^j<4~v(KqhEoSg+?$eSV!iBmT?U#na&c}ej1Tu^rq2Vw*n6ZMB2
z*y*7(>|y{_$Swy)N$mIngGc>u<h1A>waioS#Kic@St{m3H${p#YIFOmAt{?@*9M}F
z;@~pTJ)wtY7f2pSnRw630aWjx98kHe*V8)`X%q4x1wL#OWNgk_kaj<M1Q{1~ju{w(
zl573r8AKZWSMcav%U+efUW{a*XIGqDje<4xgDXu}{~2VKc8~}SJctOEj3t^tKqx|*
zXWzmLVns-xNqIn^x#@<c<A-8RaK<Fwix4RO9o0LOSnmx*7hMYO6=7XFGI}KiT|pF0
zc&qXI{tg-Jf(cnnA5TklmD!3#24|BZro@eUAqoAcyKYzEg)F-@AAd5NIQ#nYF)C+4
zDWLMif$~^(jDY~#An^pvWse47@7GRZOBP{Rtq?^VBWvIUiJKDBt%LX;edjkO&{0RX
z^`p96)px1iPyANTyJ4=`MqX1@id8L<5LU*;trnHUgJCvABmYp?70>5x<0vC9W0v(D
zHYA;*xCiojgiSPzm}lwN{b8W)lR1cc4n4Jy64bj@e_k8i`JNsusD`V#!xon@pvxbR
zU`r|b0=m~OmHt*R3?trf?j<Ye?fUGs7_K|Xxq3MP2CB?ntlY6sAR52I^i+u)XT|V{
zc;(_GMul&n@fMbqqEE%v=gOj+`9qHW-N29LPShGdxLoG%--eE^qAHU?l975<8y1!d
z=KZ{DVHC*@R|3pe5&@|&rYc-b->k4G`yGN(;Y!$4p%14X8mm#&aw0rw_b}>%iJY%u
zJ>59N<R!sq5;Hr$dh+0~q(G!Zf(Z#5Zfd>Ok)#(!e@Bg45xO;h(r#G=qQ7q{a6k~L
ztBzA+9p&(fQ-_|^?FUSyno!eMi!2?D!K`Q7dQ;mB+C(5?3|!E!clq*)ZJAYyWyNgW
z=iQafPo31q<(+vxKQl^@&1Y-m(60gQ7f)Y;Qq}4NbdKjJ+YP!5^_KWXUh|1oX+gu~
z4J*&_N5j+zoR4+DC3I*j+=4p3)^$IGxy(8y;Xjqd$J6OpNM^qg5w(15E#w&%dFNX`
z@q@yT)p$wkL$esRv4NFnn8ERUi`S%u;eO0$ZtvR>g0#Aprf#0maw?k{E<VuOTnWK!
zDa4nOoAFdPeHIl5(O68ffiL*5fKBq}*B#69N>*=sZc(|8Pf>~Ho*&}4{=DI=Xy`k1
zj?o$AoJQPIt?N6SCT95nH)dPEv2)<Q=aY}pKiPvwPa~yN4Z2wUXdSkT$il0886$CK
z%+Ek5!1Q4a-ef-e#g31=V%S62&tFgP7vpw|QA@2|1;)F*DI+g?^p=LMk~hdx1e{Y-
z6v(ikdQidP#j?dY7xM&Z)td*p$FI4ch`9-lu}($$N|VfQ)#2?Kw5j7P-uzkH?^{l+
z%T8)DSQ}4Ve-kaP_>qD33P>gW6`MmP;O9H%28Nm<y@SR_O(c+x97l9z1*GjV5=h)w
z4N}Qx+!T}#Xc^qEp>P|0{HIyGf={aIi^8R#;Qn8tuiJGhV-n$<oz3c9_j9Pb%x*^R
zTH(J1jkwkq4v=&>2N8%*Ba_)#qak17l=8I^umf3Mn%-bSI9sHkH+y0*6DRD`O-x8j
zkx3^U4-VYOi?)SP>giqKgs<uG`D!zKmD%((76M|u-vXZZJk5zT_8lnBU!kCWfQ!L=
z1kswnt+}Zvn$F3v!)!zyi@L0l3sC7Q{rXfk;*9z*LU}XiOVgoI2;mBQ!BvBpCf6;Y
zD1t%MgaU8kq8bVj)hhe?WA<giL*om@R=M3%%XKrjuGFK-{Kz39<5(??d#fDul7qDS
z)DRKFgPPr)nms1uRVb2UBh9jFG%VZx1)CGjX%0f+NtrtA!Ui!UQMJuZX5K3rCN2<C
ztPjEcuz=k!f_-R`hG`~(r@z7<a>@?guHy?)`GDF)Op~&D7I|M=*Vd}tN(Pc%qY{Xd
z*9q7Up!59{qjlk)%w-Gi->ni<PQ{S1S$}=K!9FfyG$7&Og*iw3(#0cZLNz5Xp!ewF
zN8@<h&Rq(*i=bYz?|eYP-+H=Ze`Vh$xCE!jpN@60s_<YL2@1QvEnU0(7ZLXj=UEZ&
zvPj)xgO_bEEJL}!c;r>hDHL{DIc_@nc{A6P>ZAGZ(5mn4(MtR*ce0v!$?t45G5u*%
z(@ltxq^7^MW_TxPCqS!W!#;PS*OQH5)pw9^i+2)VoG|&Xx&}uZuN7*BBl^j?J|s<f
zL+!3N_9ULTPUyBKTDXzWpj2z2Jzsl#_BIxj5F+2H@h#AW65%JQ`>Xh`$>qfzvkgxQ
zk>6eY)&J^e*&2Ny-0y!W5=(@;xjriGDkhM2vY%h|W9_%3!{=Y2Zx4wdddNYpt;m<5
z2>YJ2<5~ohyr4k}*~QBu!<`}NG+!$5mk4{lzuguG_-LoHelNZIxF6{seZR>L4!2qu
z7?a2GN!j>fh$I$R0i4E5ZkeZWf=fmTu_c!zI(WhcH`$Uupc6-@@`T>LO^RNT%-}G+
zw+FXdc7G;AwV7Z)wtufRKZ9QIwiL^bn#a!PELpzLzJl`NfJqp5>~}RU-a+_#kZ`NA
zUJ}&EiG%m$D9&jYIR~#3u-zeN;q`ryY6H@B(u=N(y>o0g)+a4InEcix`+NG}rPAD=
zyOR<-mq$3Fa`o(JAT~&^#dPEY>E)PN5}&1--sp@&yF;lb!?`8&te*_5h^d8=Iy{-Y
zTZ%5imMF#sYJbi|g1X{obckF%tvb08E0qZ4$jtcNG($S_EJR6!i&3O+M~uLNV+5L!
zknc_Ns|1<4vcYfZeUzzSUpr}(&c-u*AjqS5nz8YAlqZ-8F4?g8CB&J^UCf#t0kF#V
zn(u;LH%mw{?Z#ElChrj*Dy0TM_^+v@lBT{<LErddK{K{NVs5Q4Q70lzn{7~p=T$Tk
zb0JjV{O@)ExVvl{^xzr}b2`SxK2An(-p++^w!MZn@t~Lv8AEnf82<e)oRg1$EosuV
z(~2~MF%A}btcLWOAkC-_f~kY>PP+pjwx!!3|4wMvS0sq7<0v@eG67acg{ygyP7dqs
zME5?x0rSW2fR^huyGYQHX4uEU5dlVB2l1%o`q>E1E4bh?P8`h(c`T4ItLaEG#MToI
zGP<vaCFc=px-p}yXKzCUIEgeb)UaCCAQIlXP&HLf=p!1KLia_v(kPP9H4>PFi+V%Z
zP6eMrz8>sdQ4L?_Pr;gbdEo|@*gFvUH4>}dmcPJ)QIg;2K}C3dA<f=e-i|(*_FK8$
z!$QSAkQ^F_pNvoCi{Cf{q5no$^C$=2=r@45&Au2kp(`NGep7TSremuzljVs&h>OcC
zfwdxm*rMJw;jw%58}b0`r5}W7pPuBZUvUjEvBoIf73b@o?j0bh8dekd@A-l?Dv3bG
zjqed+zSYy@EaVNVW^BBy1Fsr#nJ)Q)-;=e-`=LghEumr^+swN$pys%UL7R$6yE>(y
z=g8oVN?X`ZGDM?#seEqH>AiXaQHltqtbiQKtt3nc<yrwsv)?CJE*T;;-<cn(ojUHO
zZGP_p;!phz;wD3S0M6*l8ja9REnRbbd%w4L21J6kcW{>~Z2#51Tx!YHZ_mxcv8BG`
zCo3B^jsdFsi+_K+G9YUtD^uhiLxaUsAgu|y2o+%URp#}kSV%Wq2VuEgtE(**qMV-A
z0^X`)^xR|dnb?1<Ei{fJnNdoNJg|J(_p}}H3yeD`D&@AhE)PZ#uyu@3gJ=tEWSuH}
zBS05L_$yqv*Tf2(7301RZSlZ<PG(~q?MgRuDkr~6dFKGtCvG32Xc@xX235-|)X!U=
zkMC*<>@vo`0To}yqrH!xEdCm#!)$WEc;5|z%Y`TD><curilpGK6bBJ>1xyyskgCnf
zhM(6ueoVZ+*D6e*c$LK$3eq&FzI`wyg|0>(F9y+9?&m8Zl#6PqENU~@*rgP=tBNGL
z?Zyxw4(qym6z*;|VzWafIh45e>eTDg|I!~(4I}z16?Z;NeK~Ra0W!RdJT4g<J5INL
z4UCw-3-kpejE~6XON`*`@27zrUFD+?&Smxj``&@SZ=I;`o-$t6=-jU>kPo~BmT%Ms
zLr>C?Lf#Q-Mjrin+OtP61qJjf5H1{b_~>^{rX#tJ4nq`O7bD5hw#ZDhZ*JIOn~g7a
z8|9!)BIxV291wZaLJPvKBSXaH7C9(?L$xq3`g%AA<jM(0lQC|J`9xx*<Ee7*R=ry8
zW1weTzBjCx9YnR9e?))fbElp<U*;5RK5dkn;dAw+<9T)BagD6yd3<%^$Y?Bgwq>MQ
zlA8;D>|`{yveuT<8k929e35N5Cf?4U?v_8d<$B!slsnRFm7VTZ_8d3Td@azNbHBXi
zE9@neJknh4bnAL7rN#*ltlA!FcCvF7zD9aJ;Do<B0T4#pa{O9cgs;VSwwE7cN1F2m
z{u`%#8i>;gcRhaU-(F_<S83Rkb8ocidR+CbHRqo80;tIwX}%{*cdO>*f_KaSI9Wdb
z#nAwGobYkM)&FtcZ_g23ZOgfbjBhU!`EbJ3uYrt?+jGbU$jH1{`#P=JXdQ(m#2fe<
z$%!(R+~vKKcH4;UmR<dQD}6>>g2p)pB>OTO$;<p4h1H$*(l(vU4gE&W*uHz>=4J_P
zrfoiP0KQd;vSkuuP20ri#~cH1U7dvcakE@<T9u33G;&-<xM{tdggaIhi!S7Wqcbv>
z9gYE~UI4VSklP>6j%iZrT)2^Z4bN)T^#O2jfqMhE834G2Wxm_UnW&38Ztl;sevSd2
z@9}OU-&GGcmt8Ay?|b`=cj+fH@tl@jbM~6Ig?Rs@St!186iyR{<rv0Yh&7VOM>rjE
z4D96@#!a^?xjS2raSSx0-lc6iqF#9<oTs;KH+f0d0g;nVTY>DZS6%(3rIQWg?C_oi
z*IdOUf3|IV`xXI&o(cb_TDd4-<Sa}UpobX=B=IlP)dXUnk+aEvHsMHs<4v#Ih)W~=
zKV^Wp_ke82C(YYUoj~F#|E!Lv|I@HP$q#TuyiVKvtpv2INd9FQrw6<~k-S=+$4U5I
zZn2|qoR_2U6V0C2vMaf=fTM8#N52v7v}MD%?;$B23_m-zy)A12*g?ySw9UjJ0G7^U
zZc+9=Z8JPM)-aArUBF2=P-vlT`^IdAf2DcbI|%T0DTSwPssg>53B(M>2M9r<eEy4y
za5rm@Zw9E&8Dki?c9#oudZY7*OA9>BLUwMMW1yN|AZX-FFmiOwHKzM`)m5xL6c9G(
zgkzu_;~PLmX37Z|0dh-C+fA$sZX?{osQ|eQOCVM}10aL^EjOSdE+GFFA|F=Mu23U6
zyoJU69HroBH$7xiL~CA;to51<p6|i|wO3rF7BiA<e!j^f0l6^IuTf_;OEtZE5&`iT
zt`<);X0Q6JkBPgIFpF4xmt%R7czgpMXlLz8TJsq@juXOaXEnXAfP6e}8Zc7oep8M5
z_8|*a1YG2fvjp`{H?a|%{^`hNPALT=&c#5eqqnU7d^RD{1m0wbTM=#>>gJ#_mgc9^
z7a*z`F#>w=HH6OfFPjO`s}m3K&w-QPmWH>DPio-!4i@Sg$n3Xt3Ab}YNZ>pxHS=_#
zeZqp~(`6d$<r*$_%ASCLviF7q<h&8pT2FFEnL68Y?ZFGNx08<g#w(<e1@Az<gKd4;
z3#q=9eDK3wA;$vedhikC<D6+l`umm06V!5l4d{I%4|wd*rZcoANZ7A!E%mP&$}V;?
zQbMx~)HEE11+1(1caf%mi4e;Qg0V_tN=<n69`b92#`FpcJb@#{<qQp44Tk7LYvGHh
zc?&eAnV3#<SYT0m@8?CDbt1BN@LY(<QT@j6xy92v&tj;y(h!(zbwLy<r}=eHt8W>s
z!qe9K<srWFvpVL<XfEWP*Sdqp`ly_@RYDS4XV~?nI@o0Kbny^3p-!depj8EWVobWa
zYYf@<S~%Ugs@?b|<^5SP+(w{n$qO~3QKiQ(Fdar9(DvAhc=%(3;e;@uX(>!^YN?Q_
z+fJqOn?T#}3WU|u&KrJ2=zQ#md9uF(sapKDA>LrvC5^H=ge6vy0%;C;s|)S%b8Cdn
zIe43#5T2G`a#_X0D#b}xmHZI@uF-*%OLm1$$7H<~zHtjQ-HAgump=bo`JvE7;m6lR
zboJt`&8K_Icv$@Pd{6csEIWF=iiUw};Z*wyO>wbe!()Msx=pW#tVXXZ|H{^T?u6i#
zTQz7m<n*1}x`UiIQZK8_+t&;U1J`J8>-C^kh)K}S{PM+Bt_}MYwsp)9gu?fkpovI`
z4|NF-LV-WR`Fl05-*?d%^$51{Z<L_l9*1q&uNIVh|6+)TI$fdN4ChI&N`Ra1|Ki^r
z;Z0cO=XGZUK;)0`Km<gW&WR6wayqrr8o+WZ(pLS`O1_5<L;7d#A+Lo*8IKzpw#eri
z3K=wrM1G29iQlj0h?9Ue$WBrkS(H>NuDv_G1SS*FhNqr{L(;A`0w9h{Oa-+o7$6=^
zPFr9;Tj|qzKy2*TQz|@X759RNUzl@=%d|I8Ezaj2>DNN_(Ai-ic;wp7)xXB1>*ph+
zV5FUNo-R|U*$tTJ{`j@lu}VCwDyW~tUCZlo9r|?})|#>jEBt^bG5SX1ck=SsO|e0T
z?BG%Of!d{}PnJIEqpi)@($>&#a?er=*n=6Fm1NFx$yHCIts~#A#iYsOS!d+&bN24j
zvu=?e(}1|0aom0Thq(J=d7%8;YPl|#@ejEK$=SIs=P%L^JSNR<HRZ1YJL7-X23<O*
zez~k2cx^Ss+a+xVE;^061SuzzUu*ox*$mVLc2Eq*T%OIR$*-9n!rhjirvaqQ%*`h>
zx`9VAUZ7~i-TR0P1W+*zJlX-_=EQ`LxuUZ+^Mr+uB^@{i+Q$L-l|dKDv47j-&5l;4
zfq?6^%+0{8#Ld9w%>OYEx-Lt;-)egPzg~Xm!pAR30Vn~t<^1<MO`S`>T%Li|BA#CJ
z{s;0OT<3E3=93w~0X2{Odd<gm`TBgT>0}#7zy+Y|XPCPA#Ny`nBszZeU;{8~2fS9q
zg^!)C{&@|#tW}hdU-KH~Za(<~+!=WRS^x_T-UfJ36tC;D#m`Zfcm~0NcK>OR(U`Hr
zxYsMUWhWp)(C~a-=ln01pzlDlJ^+;H!2g^#m;72VTliSi+jW_W&vm()$8C9>*KHXO
zpoc9u@JIv@-~y!SJOz@Jj^C@P6E`v4Y08HWxkz%+4m^?reyo6$|K#hm^N72D2LQLX
zEnOgu0-a^C(_~@?Z(7^lYU*rk1|mL4j<|G=ByR@(JOPM&N#1-a0JK^Cr=m5`ll*SW
zT--o$cUzvz6h3bCb6xhj2C_Z|vIhDhr~+_)2SoD&<T$wmK<9vQ@K4b(05TUyO9W5_
z0(4YS=BC7C^8XescvH|kFarLZ0KEHtxk!!!4f22nV!&|F{wJaCPSf)+(ADjsfZExk
zE|QDD!DEovz+?R&`L!1y(fg?U53b8=E7EcIpMWI41H}U<dJhV&%UovwncqM<5P)4e
zz-}7QL*t<{eKRl$P*K|{?!G!uCGP&-02mG-xxfH20ug2iA1javA6I9BvHhgau{M;5
z<NM#0gpd2(dxFe|5YiG2Nw!uyOA)q4@X~crpN{>Z&_gg7$(5`{5o^CM=!N$V6$EWt
zz+DS%_EM6$U``4=yFmidC_(52&Kr2FO$B(NC{rM`?X>G59?*)PW>^0wz(4JpB~z&5
z<tmZ$dH^`om8w*IHZ_o%`UC-tl#U?$W`C{YC1TrIFo@Y#fP%WZdNr^vNGQMNFWLhg
zX2H#<J4~1gt?5z*+;=bye)pi+g-(SA!!?n71XqJ<rY>g}GxbOf?I^1F8fF)VzVZ9%
zYHFLiclI8yep@(pXkS^%HFZxnzJE7mG>7Y?x9;*1^)VMO$w2;g5BnY}0=>UZWD4}~
zZ}?<c+(}NdAm!+LtC7G13Xz(pO1@ln(Fbu0YA|6Zi=Q;vgABH3@6VOyg9P+l$VCP1
zpnq-;+hqTsm<p;f(Z_~pjprcS(2LJH;MxiPlwMYwMlHWOi@?uiaCIbvniEW<P)3UD
zU-!O#;9dYJ<)QJ1Z82Ja6uFnc#XMa>h|+Q)HbeU^v=YZ*=%%T%2k|@xFla3p!_cby
zCta~Bz3My{YH})duqE%y;~ZJsD>@<jJhDh?9GrSHHLFxTB)+lGr2KV0FtcK)tiEAH
z&F_>-Ea>ZVT<}L4^G5r8x2UzGEza)35**kcRf`=E10!K<^SAUo*N~%`7$-?ivcex4
zDQ+hTiXf4lgT3Z9j`w+mUguaZmaaxS?wiQ%4R+Mg73MM%UKh)Td~}ZL6vHW4mhnT@
z#GwsvRrUUXt2tlF11*`RowT1U$xR7nl~hvIY5(3}SIe!t<?w@+1*(Spb8NmmJLSe6
zc3jEQ?CWhA3I6-*?`dblu=grcnE*;bdj15yaFi^6)ap<kXTV?L%ju5D-n9HcMh*hI
zc=WwYQCaa0L|i;SrYU?FUfYaz%5HTAs&f%9mRfAGa}l#F(?O&yw{V{hlmEN2fkbPx
zg)i^A*(}Sr<GcP309`<$zx^TE0F3lLJ;5O<z!_d)0yvZD0iER|G^KYUioHvivqKQc
zX@GM=;FW)XKdK4esmOC~m1jhMavq}co|iA#?+Wt(M>iR^KHubaVq$V)QX<ac0?+U?
zH80Hah}uQj0B~_MWw=WX?9Y-N%<XZBWJfZ<K$F~x*n|8)Q*ge6QBJXDh{+@+XhV}d
zQypd^_lV4JWq~yjE_Fz9JKD7ou7v54j`R{9QC;S-B-sF$J0=65-k>q|ABFvEb4I5q
z7yzTwNZS;DB28(Na&A@{5m^9Zv=qkyj756~Fs>Z{jCTzfz=Rs9(+v*cv|vp16B=h$
zT;T^Ahr_(mM<UrYNm|ZifXRMh_PHv{qlHtFJt}c^1|S0gu1WS-yT&Rw$&Ur3!PKS%
z*A$#aOff|vy_Psc0+>!*wLndsK_bnbhkY}NSFErOh)Yv!j5Lk$T7T*q3ZJr$%q2Qk
zM2}S@j<c7Xcw|CCqybBeTu_rD*UV&-Zz;B&Pqpp5h^F6Z_L`RNHK~5D4G(zrEW>L|
zGrj!DinMvz(Ns4la#_fASA#annaGRO*8Iq&sv!DORp>R7HxO+pt?27kFq#Q3YEc}D
zqxcggQI@W@UN5O#6z8fv)}7+7%0Y4N;QDDDP5-Ub@D4k<zF%3S_tx3F+K0T8@JylH
zcGW7}#V_1~BT*T}k?EqG$f^kA)786ndB9YgtCa>*Q`NMto0nG}7~LcJ=y}>B!GVS}
z=xHvr8hEW|Md}p^PTBw7-W9r!cbV<$nMXD{4$#b?qIwX9>wkjn4ko%TtMnr5rTN52
zWB#AAJhsV+Lz5F9X>t-GO-^E@$w@LzPO@!sQf!lx8qMSg+vKEqO-{Pk<oLZNC*U<X
z8D5i<8EJB|qM4lRNRyM}nw(r^a@s_ioV-YrlkfE$3nIO(!ss@}if*Zb(Hy#>X!fYM
z8JkuTEf{Ibnm0QD?afF>g&5vYsI&z$&?$=LD`SynD2km6MGa)j4Lzt}ItU1xrmxa4
zeO+ABR~5zDc8xTL)n0R0qs&z|BfRcz2O~Y2Mp->oq+A>6u=a9|bnj+@?>;Ji>uZNK
z{p{%QI28sTZ-%TVxRF)=D3SJwEv`f-xz_t+H&#8xTvY0sSf5k>Yf%387?kJ+qjj!L
zRKLct4Z#-lxG0Jq7f0%GNfbS9>(!}twj0sjYh*gOs@l=e;L@m8pp&inWrjKEY+8X(
zq-vMDa$n)<W4NgnS4K0CUAzXeN*RW(hGD3V@M&t$PIimp19gw0vOUz`0D3lKA8MmT
z_r1IxMsHh(0s6G)@br!1QuQ+pz;R9Xn@AHIWLv8Ko;dYH*QA{EZ`uskSTJQQxNR(A
zl{txvG#Bxa<{}}|TqK(2BFQ!v$+o#jiDoWRZF3=_sq`^yNTk9aBQR=WMO^!kt?WZi
zq<zSZv=42(4o6<3!;v4&BDBtWG~=8^H6D7G)2lbdUY##N9ck<JCEB%MgW5;2K^-C$
zy<-#`RBD=rPKJ3YbFEHi+c1S(^H3heX{cyMMZ<<Es*Gy2y0{8jrCf!sQEWlAvMn`+
zZRr+u6TG{tYds=ej-C<Ls8+cVy}Y)#cZ;4vA5-7^Ht`Ai{nsb>zvB~l*ZIO0mj^4#
z@(_#?aTl3OMzO6uC9X!bH59E~Rnw@teUw)(@-2p;NgbnVQfbr$s#6qgk`6*%GC*hB
zWe7RCl4yh!$}4beM7V_=iOQ;oNWP2v@~O(T9bKa>+11`9yC$;De^<%>zgEd+R3k6C
zYUn-U{3xnX5Jj>Jqo|8zs!PyTm!f9&a*7QdC^03|qg1Z0wQnj(9lWvz10SM5A>ae>
zk)KkMfe=E}<%neRpi%WuK4xq~`6VMqHw+s;dQg4&kg<~+MvNKVxl1S<4po(p96h9d
z;?QB`sunAMa|gSH>NtKx`OslkG>jQjKVeuy=Ws>&_%UM|$|p`3UtT|QaQUS}hLjH)
zG=9j4>Z;D;hYcMusG)QH$k7ugm4_>A$RHcrXa<jLnBc9MFxgx2+sA7+h5C_$kwgw8
zxCD!#AxOM2gD)F4q#-l{VgM$N9yw&p&|yv$1!$N!w%$`wKXO8YSspd4VZ@lBX3gNq
z4Z|jw6%!hU4jnc;Gy;484U@+Xn-CfS%>Bt_i;-hOBOn&x54L||?dS&ed+g+~W5(-Y
zHjErKO!XT(8G#HPHhhA5GHT4wiN<hanhY-nVCb+3L&lpG^<zd~I&yTw_+ewmtMQs+
zM|!AVV<!(8Gk(}5!^aPj*yFHfLc^d2=kef)!-o$WuV8v<5QVfFuUQ^EW=y?V_L4p(
zg7i3(kwZMJ7(Q|I5YO1_2TkxWV(jE0gT_vnSU*f77(Zypu)%|dT&{{^Cl4Dxe$04H
zN+}^DAl{s&Y&2@vDD_iP!UR8Zl*=Q}*kS+%4W5ALbZJ7v_>rS8Rh%6&__C3s#@4F`
zR}LCKdgSO!C)mj9M-Cr0WbzPu#6yN%F-W(p9XxSleM9GwqkGHKDQp77#~gT09aW(l
z(g~w});)lK({u1|d4N$GPdM?#FvjUG<A{$iN@u1JmWg!%I(r;pj3yG6&WRNY;bTq@
zr4W{cmAQUq`5E<d!Yob)O8A8P*?3O(CDdZ6tAVXkfYA&a@Dsx$0q1i1at<*8PH+HT
z#OeKWiG-L=XMEI1qQUmt^Z0VCn#Y_}g=@xG%fO}P@Kq}Dv!slODU2cNC!ycoLkRmb
zrzw^~`pCz}K)Pm(Lb_Hcq;HLGiu94RmXW?QpAdEl@2ya7Iu^>mYLp*ol#8RFeB~G@
zmm$ilIlUtWC+hdJt9dGm4Kr>r#)B+@lMti4gmI4Gf_|3F{Vc7JB?nnrXGVEB%T~w_
zZfn#Wjpf8r$nRK82+NnFrAM|ks?pwwmAR_&Q@ipmtSnNMhwaL{u`)+heqvY7$I1eQ
zbFYn)6NT^|e3;5pd@(E?f#Wz*5Kf5sgNzg*)fz&qJtr*QvRHeI#ap#(3a9HDLu&d{
zT0i|lbNYXIR}aNUSb)=gj}feor4PQ_SgWbA=P{QW55KFYvllB1Rpmo=<vyeGLA!GQ
zV=grwuqzKd=2GL%cO$6r4}6%y1@i|bK^DB*D8+)%gZLyWEhcgLnoWyI$Dl<bCoGfK
zO5|I%M<8Fah!8~_Mz?L(!+m0rJ%<3@yxpZ(3YU*0#opfDXt8u#exJl1XaX3glbVe7
z&z#<xW-;dX#jt$3V;w?7^&p%se31|q&k2hQv3MS2g5!+4up~|_HiV;PT&XSNoD9NP
zfDPdS=aSFqx+RSWl%-%>!s)j@Y>*XT0Xe&5y7qNqvA9A6EGM{TiJV|Er)%COB*c;$
z7@@*K!gch;&}ZahPG5bSkm0<Koc_9{IM_@*M3fr(^qVBa2u-joUkr=qbmP*-kP@e-
z@JT;TH(ykTR-hkG^Tn_f`qft1fYZ585{vcAw;1Kck`za`YEqcPmxJeY9x@*p$twJ(
z`eIlv-RHCpa2mv)INE<bAvxlw*S;kciD8Z9)W|AMr#(rKA_tBqdTB|{w$~MA(L_sr
z7=WGsT1zCdJyDTe`y?U3LJ9m|TOHuj5jd?N7R2}@>UjLY>37;1V2R$eSUu<1ARw#0
zl7<0)X6i14#Yq_WC#1Vlj(rLK^5Y-*D-zYWCaRm8qWZG6sBS(cs&7nGw=_ldMQc&r
za!gcTo2X_rMfG`WQO!Cgs;^8`w>Cv}w6&;iJtnFzO;od+qWWiRQO&kdp)%nQEwv7M
zsY*Wi<RO$%*}7cS6sl5Cmy|Alxveq8^+JFXQ5MV51%##{l`~%<BSGf#^h7;s@&{Gq
z)2pRcOB+Dg2#E2;gxFC0N11JH0txk77VFFDQ_{M#zS@L5{<bzDJC+cO^)*b$qi;8F
zLUt~UG$D7r9Zjn@FVQAs<=fhXY+j;G2-avVe|d>CA@ly(*wlv5cni%)2+hc!5y0Vj
zMA?x$qGH^##IYmKxfotq65WnG`K}=_Z#~vTU><+Bl>+nDW5<%sCrngtH%0YWYf-&@
zOjJuuRNI=OTGU!p+m4B9v5D%Prl=OS7S%h)MD@6d>fNTO9&IhEcaMqcF%#AHrl|hj
zT2$K~i?kz3YNOeaPnWdDjy(3RYe#S*%8od?Ank~P6lq6P&tuz>9ZQaFM|yGkoU$Xm
zv>n;IP1}*bFD4f2W!RCO+nTo{k3OpGNO=>@{A9bqg1Z+rVZn#nTgigE7afb+hfGxS
zo1*%lwW#JF6V=Bis(YHEdcU=(?pYKmSZ{4>POzR>><E?|lSiID-riVi%M*@Y$<tfg
zOnFiO$}LBfRHrDi^Y_Iq%1#H1_2zUA#X#QAdUL^&`?B77C@L5=VpPF;^Awg`!m@ct
zy2%eaVP!fewQ8JiFD5F4nDb7f^xWexD&RpDpf5}{oazvZr5D?==r+|Uozo@KOQ7$d
zpvD$Tr0JZne8mU)fQix8G#lfr-+*zugYhxtm!#7744kQ)uw0GvZ&7gWuyNk>8*uJ)
za6YPVX3<>+&MZz?k;eJgC^&c9IIsT=IQKX>A67V1=w1V73MVW_<D4G_=RO<fjNgEB
zzk~Auh0{+D7&y_|6lk1xM#1?H8|SoR;8e|DTC9RlJ1|?j%~hJ!`dP?)6wS)|qyfD4
zMS`IvO^~IDa%8oP(1{`ZW#KQ&{Uv{fEQ=SNu119VRAT?c0Vi|9l4`M55qLdDuI7CH
zI@PN`jMFtQ>e=7jn$~OW)_1k0^*Ri@6J@L&#8}(Wf5vIHRV1s>sS8QNF*#(n<pGvd
zU^EU&l)tV!CVR{g{<1D|gwdL>vzz~X?B+>yJx+)OLz?w3uG8ypl7ypcSFdZdTsHUO
z^oz%c+(co$l#%P@HFCYYMsCkLO^w`N9@nGX{BG;j;;)a}YVqMa(#YNWcyuGT^PQ$j
zai5KG!*9U&HwWWEiID~9{RYkeC#+E8+#Utz0vqSr-+=Q02j_kp=Y!4Q+!h7rLpILU
zzX9jN4$eLAXe0N?<I#=W)+jjtZsUC6H{g8K!MXDtZR8d{9^J^j9tGzj8|R95TVv#I
zc-(8`et5?<a@RlZF>>lrGe)ilr;jfpayOav;DROgWj(yo--D;H#1fXNrT@Y0O{M>x
zMSASFzSnwsy}QV!*W=31N~YTvx%5I)nXTz{|MsTzde6pr^KZbp!@;?5yOxWci=xZL
zy-{%PvT@$<UTb)?Vv(0eFB{(5bBjDYdfD~Se1x6D>Aj1zNjirMM)@DuIXsoc6|-~l
zEyj!OEnbVY;T9{9oGOx|akqb2J`XVq7aUF}TWX6hq6G<C7E8#t7|F0K_9sr4YNUVC
zNdKge{wV@!KDQ*~C`gNVh_#LWsD!H>;UrG4!0{xJ=2}GQT);yt82yoV7UyyLpq|Bf
zdKTxYS)BJDnMENFv7#1d(VmA`>AyJ(w3b;R#{BqS4i+2802W7+EavZkoh&pcA=x`l
zF2O}oPMwN)Uc!?7EX~hyIjIY=G+re4!=<$SWmTgUO=bz*xPg#bEv~CxXbf?^3a{Uw
z#I+Xv7<yKSWpZLEpGLV2B{&{L-|P2{Clomz7SGFV?CUmYz5D3}rFZfE$mX>XEq`vd
zWk~w=H^~XnTC2{OY;AOOKEg8Sq4mVVv0E&=mZj2x7R%tY$YROGEIxxJqjqH~$0@$S
zGlDpz6oTLggE%mfIsJI@-;l*DDZp4(0Ba@^^-g2Y>c+Y#?=-akRU|{bIQrx&f`ZsV
zZlJxfUPgiRr>o=}Q8RQ;rO&OBQzD$MQGTKGdPLwe$w@y;rYS`7C>v!fnODj8Fv+|K
zO-wBkif&jdw+0L7s@23|$=dUKX|3^kM7|74=5+OHLTmskP<?E*9Aa~CY6RWBil`Vh
znNUCJMbniner0WQ%tR?suKG8tm3v2TS*tb@309FPRj4&|K#2NfzYOWNUoPc(q#RXQ
zh{e-CqD!xT`C>SIZmpJ&G)~v9CeB-UoRX^DzLpR^iCJ{|RE!zaj30Q(4b3gOXAL1N
zt%6wvEUn0+yYal%!s+1eR9SbvdPv%ZELK3T3b8gJCh~1>Jf33=LO8BZ0)r5OL5Tbn
z&)cyiI^&uK#&Xe0O(HA}qn0E((fS+9=^*i{_iI7FpCuBh!HEM{Dlby(q6HR9rGqUd
z>R779O1Z^Sm2}7RUZ};{X#et9af$w$%!4d3S;4{Z=smD33wc8qPp!?Q@)cq}J-jx`
z))GtPf(44Ci+<NiVzEJeSsFi^6Xurz7rKXji>2`(%j3jHSuUrqND=n?Wk@d6FCSs$
zbUErn2Jb4(dMDJ-a+aKlnl}kS6r~}!a*IwTtdyo%SVylS4z4UJEH;AoVHx}k#AdN9
zNxqD71gLO7zrHaP1$Q;wfVhi!6=O67X}Ca&DWA^iUXZIrDh4JNGS8xChFHF3u_Riq
zD_IV`q?Tpi5RtfyriNHH9gkB88bjfdsL6ySXE26KPZFo`)3I*J)X;AvbTX&;mV|Nz
zf=P6SS3(DdSP&m&;#e;Vv9z`<gSTOwII&5Ja#C7?1bHX6ma!Z(>qx4&6By%RUkuCU
z^p@uvNr?G*8mfFg9j(WdP1DG5WoW<Ms9!kT^t>_*-d5WB-?)hoy@vGi`~5!3^5|jR
zp;Y;1N%T$xMOhxlM<M;leu7F-f&8QEq*3<!S+VMfG2#Z<GncN_&vZYmXUV)@K#nI_
zyYR`pEi0E}IYSa5BgjM{S|KU@@w|_ZvJ85s0>$#^8G1f(v;rp+W*M|WV)4sWA9YaT
zi|6#H8b}7c<M;IbT=mYPZ_3^o+O&l2fBh`1#pnuroROg_<WwKsAT4!;o?)2vLGiXw
zMoL%(C#*VTu_PW~sT}{k08Laa3(zc!ks{>$eN*dLJbfLApA~AyphOd-h~?6QiG=z5
zQkP?cEKsQb`gl1;8Fe`P`x?}eyJnU7qP<Rri|cXOB<+zloPPFvV;zeRunamz6X}nd
zYfR8iWPn=E-y?+MO3&&2Z>m+u!s*aYCJ>fnu|Uvb-3nRP5dKndm%PwuwFDQTz7B+S
zRa8tt636?oh&q{J*Q0G=8O|d){<#~7^d0DD33cdBpu~T-%$E2cuWCtI<LK<y<ibWc
z{bZSU=~mD5u?9c=wk43-bEwe5J?AysA2<{NR6dg{JIke)NPzJHmP^l5dZVPN+}`)G
zBOt%e$8zcVCzJ-sH-2A(>XGhf+NP~&p4B-Ifu1CyDQ9_UOmIKTFJu|q!k=jRq!aTR
zSZWcm<nYnkOcYWO6U!LmZM7pow?b{p4LRYoGm)%J$Hx^cAPqYwQluF&Q6R$!T`zIw
zqq~6uEO;AvX5@36T7+BWr}JJT$}}X=VM;G09p<+{2gd1_NQYGXiR-1sm?aHJAdMw)
zKg%f8YUXFz^z@L0%X&}A=8lr5@pALfPp2(!odhM(>l_LCvI(=VbD2Hze~{TMJ`|nT
z$m)>AYB>F*UY_Eq;b|;8$Z85h_>aYL5p40qkSNz@dz6+VfptuVzLKgK8<Ho9@OO@U
zl+FuSd<M6M%NmTsSzk^+Nv>rqE0d<Eb#$$wu#e!gM_-j1lR|ecZwy&Y-j4O93peSg
zVaH18BFE8}HW9t;8&Fi*xV+IrrewPERYEuo4!7OON0v7dL?}4j^{SLD4EfUhi0^wq
zPwvL4Av9!XOTquU^mpjK#yVVr^Znf7mK1{p=;r2fx~DND12_6G&OV>hml|uibXR+!
zmvJp2+~Om+948%5{LG@?F~Vpd;Lo(j^!Fu=gnsWMSpjvj?RD4teNZ2j+V{46Gl)JY
zM<Z|P$X1>@vl!(aWIfZOd(V=H<zABOySE7$j^p@nGODF=-B&!@r~<Z^w>YLQK$ksh
z#v3wJti^GBppCsU2L~rB-!|7`ahyKDLvm9oQ3a*BobH<(VvIh>Emq6vKPL|`dH>7P
zHt%aW{q!}>`#YCK<9#hXvRU)~juo2sGhUWDmrie3)~Ge&$Ja2ZqTPuShF6|8+>K<q
z{B_04lm^90B45`Lx*z0ei>Y-im!GD1`5BtKTu$$pTB|CKfLyETA8NIzRHCGuF8ez_
zGdMk&IARi#9S?zAz38|Qa(<alb6#4!C~Q|p9REjnzG#Ze^RJg{p3i#K;Q7(zO?V!%
znlk<GQ%t7s^+huM!70e}eLjnw#_31n21tE8jf(*+v&b@HGKKVCFS^Gb(>VQ1y^Khw
zx36nN<SfloWoeJ~yS0S)e2ma%p4STB#xee{Y$O;8el>+e3lcfqzeanzDl8-{uC_^3
zC~ewxJ|%L0UmbBYk<cA$NyvT$vS_s=CgJowS<4FO4^wnB8Dc>?6Cbuy(c0HjLP*E~
zGKTCyk0v*mDslT$wo3Hi^xZeKN<98lG?nN<w{OuZ@z}FkB|h7tRpP#<Y?b)n4UbA3
zSn5%UzrE>I32EJUZKP6!v{Dcy<abRC8B)$`k?D`hS6|N)as?7Encg)O$#fLerdd6b
z*dWG7YwZI9jEC^A4sDC2wcHZ(|Ik`Wr}Xw~T+O+8nbw?dUo$l4x@E1gmUFLBijzh!
zv_hym^C^kYomtnQ?tC3%u~D2Z7>~Mx!RRPlI#?1-sbiz)cp2BGgqo<*$`{=Yb*p*Z
zd2yZAouexq|012!w<*@Pp-)_GpAwsEueZ-N)ltiaYR8Z-*-$?_2GrYZsLvR~wV|wC
zCw2F+e_MCo(7L<##m1&@JQu9fL)g>gDWMOoBg9tieJ{EjwD(8v<nE6>xK3;T6R!4W
z(p5hFu2;RMu#_p5R-jI8CDqYq>2&4V;(QOhU>kutPVe2Ijlc&lD05gRt5|l}br<D%
z7=0{;ar#+`^2qKUXR#pNmqHlz`)Rz|2AB~=(mB0#8<AA&t&GHXiyI>y>KnJ&r^l5i
z-BJ3fG9;I(diywJ+bKvFiRZpmP4T4BuQ1F^;Ah+Fde^E(LdWQn;y<mID4d7Cydd}e
z@;IHbfe>dSJlVqVGFfffV7~-QhP{Lqge(@IgDs22a(Y85VM$$CieJ9&IMreq>J9r1
z<LsS|@|Fgy1RcjKsekLLMy*hK3MaHQg;QBCj#8h?>76e$TFtrey%ew{I%{pCk_)+=
zik`pTpYU{(G|c7nSD%hW@??AI^k;EntN7#95$_L^Ii0f>jU*$qvs@KUs*^)x2ydY|
z#7`oJ_^Fyw5Zls6&0&4g?65vFhK2ts=OW6eZdj{Ug|1478bZ?j*{>KM&*=kl*Cfc|
z3oVPEsyAbk=y`P(hArnKykw$eFrCv2EF+|n=O*Oa5{dogmm+mmZZ#*-ue5!<c8dDy
zDqiWAK27pJB_XX7^2%~nt~O>Z8Bz3-f}UaXJ0mBAYuw|h@)M(wC10@Wk5Sb7H>xFK
z+mq((Yt@$2*Urr4#ABruz%docP%gyjz!2(BJ5E@g#WLjX&cU&YRr6DcdKGiqIKtxn
z{}J8qNbgRSJ4j>I;xc<xV=X!YbQUE%#4WjgS@hdA1pSaSI)a2)M|yv%n#OmF8?BJG
zR`+kPtyLY8G$`%ryDzve3X<qz*`xs7nSpcl8>2dw!F%&!l(WTCFo;X(%SfsGn<rQ3
z47nX5&1(=x<izXhXx{n=2`BW!Rk)VOmyLr$ED6JA!3j&1rYPNF>2%*Ul2+O3JG9>)
zi96x8teiw5qVeN7eFj5szu(V}=cz27ZfUG#$J6J~iJ@B>L;83ANbM)Z`&klwQK@?%
zU~h5q;k*bvZRagyJP*nMw@&(3G!+M9u>@Ws{hE?m*0+xJLQkc*7bl!PKv2-$XtY=m
zDQ<E4(S%liuA~h6{3IfGX0bAZ6INR*S73SQW2GbJGG=^YlYU|K_R2;}zcowXbmb<Z
z+%CpPI-?4z1F1hZ5|%2Dp3Wo|%T$#=pn=4ne)o^=Kv;oVcNs618)HeF4hz|K$YPx>
zmTs{`-iP`5=`0XriM$PqFJ~eHRV$CDu(lRzJI<ypb`P=S&Mc7^GDZ_ZEWk75yR-zw
z<f@Rx!icL6OEdhw&sQ`yId^vbW;FPm{tN`UqTWVbWgEv}k?go>MN4n}Y{%z&JM`YT
zqNO*!g#NghD4F}yzXhH4v()K8`om_TJ*MFUPGy<&c?6Q-&(_nR!lD^O`+gTlAYZPq
z-zUe@hmZuhEQwA+5FJ<$*^A;nlUO{+lIaiH%?TQtZ^%atJ;|~;daB$v%h!8#`1p76
zRas6#JX49!lFMW~pP{$&<$*2p#eWAqNlU)GG^g1dX=UuObQ2+JW*IEr?`J})=*5o2
zXWH{u1Sklx#9~&EFW+d`l5Dw>Ttt&C^tEdpp)65C*(t<2VEH)KMIQ$$qUWdpuA4k~
z#sXG|b>fArL~h9PFl)mD(q?a6A%m#``s8L}vAja{!c?8PTj7QrZ8%-JS+7=GS2S9T
zRA@v0xh*_LqZ7n(_A!tm2REbQ7ppDA6~{bZl+5YJHvIQi9P?;oGN*^^=G$9tjyjr1
zzuP3&+xD7n(j`sS9V)omL{}nFtj@!<V~P2!q<|I4B|x$^poyx_Sp2Y}(K&vGGk#<f
zA-s+c;1<W&{Cq?3xYVnY2%>VO4gKm89$@VX@TcFexv}5iMhU04+uZm}ZN`<*JCT7!
zg|hO9U3vRvf*u_~?%2`aBIH2{N>_#yk%y;}NZYOUSfu%uXSe9Kl^BI_OEU3$q*|6H
zQ<1U!Uc0i1i)Yzb?|Gi66*0tW=^aUgjpg*+)l&y>!Y-hNAvTr{vY4QSmimPbRHgfs
zx!)g<r-WDszdGcF*7RY*YuTejx?42fLIn+3>~tPtXCpz+veY-h${(Ypmi?jsPd`LN
zy@~Y4>vTAM{f~{7KJfR`bvWWIMim1N{Ak-X!s%->31M3Z&8)+g-9s#q`x!0d=d&b#
z(+;CK{d6Xgx=Rx+b`d%Y7Q33)v8m{-^C0RtjVD1O|6}PilNcY>fApjNR{5{j5i+qU
zhA1{j+U{A`xjSUv{HVj|Tu%4l#Eehx7fqEP^-F*CE<!t5wXA{Dn@^I-4XPy*8h8pj
zpXP^{uvh~fqWq~ui&2{|Wd>ia=9Zk8<cg%f^i1MII3Z5AE}Kexgg*5e5O$#=MI*0e
z*Q)4ffQ4+MYanE^Ys=HdnQl3;Bd>wt)*Z{HT9SW@U)MG7JU!Ls-;&os^6I6jggroL
zK)UJ`q4TwA4Mrp&cxI}d+reV<3GEPKS8%$qaR63!b0tyEmxc6nui$hjVdv94Ntr9?
zQ28b+&+^hh9x8A{16mUD>&-8RD9<jJM0xd9&_}G7MNazQt9pumTRv62S9#JV!&}SL
zq#4ILB6r7;Xq3|f5VFPS0f~Z9dca2V^f8en(hW9}Rm&X8Zm^NuH&r5S7eeb6Z#7|O
zCz@_qNc^*<!0d()k~_qEHN%6O4IVs1XnBZD<n+Ojk_R=C2NQV;OQXH(EH;rIhe1tm
z`OB3@ziTTx`}Oyl_&=>;=(QPr=@5(NTkH&Ov2*lU1KNT3SuD+$CsbEVCG2dA#TC(x
z7Gt!7#p37y{VRh`v{(u+VhrKN(+6?zCLVSMuWJ$P7&+|E6jd~rX4WYt{nC|0Gb+EH
z;u@iyRiuukaQZI@xnr>O7#O7=fwL=nr-pi@E5>g}@4#g*E7Q;7k@?B;)Iu$*;`FD(
zjfB;x7tWtGk~(zvQ57%dgauraRltKRHo|1R3ncn9CN>#<Oa5psr)#P`=INbATPQ*y
zb~?SCgwRSYnOe&xaJp*50M|-QaD-!mBODW&5stEEg=0d5aGcI9Tu>soc(&r=S-)F2
zPUm$kf*l=2IQ}(IQFVG@RN?qxper2v@>?w&a|bD?UlgEl9Dckx;gDY@{U?OOn8w5=
z!#{>_Y%FZ0aE#-0`es1suvy+!8|`tNjv}>a$O4vHof2s+PAVYRsg+afkU_QVB5tvP
zoUluDK#s0tth95jm~nferp4%tzi7Mr>xbZ(?=SaEJ=TORPS<_}_VUcGrq556%i~&z
z>T+m^KEm!IoWA@aSgfAYO=s3A+1GR^)pV%m^m4*dX+|xpr<aE;{ApS24?M)q;)I>4
z{ioCAlsUapV(wtcHU3t@2e7$Bo)8S`?QOLP$T|P*6gB1dtJO;L<jLMtESqbHpCw^f
ztVe#6ZPzIMR`<EFsjY}p{u-gr*QleqoNhkZ@oS!~(V`*6!D6H6qN#Gxe-lEN8dS1z
z(I=`c`3cfhypCPdj3?IB;o}@Vr!T8LT)gR&V;<XGSrZCb>`_9`39&l}9aPIM=k&u7
zwH~f?)LgmT<;vv-S5D(0b|$VV{{~m?(Rz2NP`|aj#LJb}tO%~m9O!W6C*5bpz~;H~
zl4Wyc-6alJUa-7esc(iWHZHoX@V9W~W<96xytZWKz+-Y{wH3*g$(+78lX%$TXO)^S
zlR3RiQmJr&LNR@}8<9=sblby3zWgau?$Wip8!bCy(AN(Wg5!6+K1(e%bsW`A2KssW
z>y=c!D|aJC_^sZR`y;2{Tt?V=F6ZSw@X_}oH_SPw4=f}ys!O5!-%~-Ms*^h_sm4Z3
ztPJbYIemSXI{!_VJwhy99iVG>MTAkYoIdl24!_szir5f~<@DJ{B>Uv^Pj*GV_KW58
z_D2X|G=t^qH@$~<HP-nE%cpleVr->9y1SXEN0K|A)4L@YMQlY4l@6>4$~;d0qT0#^
z|7g-6NzKS^aAUKWS$qib%g=3rMBkfx{t-oYG+MhFYwZs)etMV?wcec1Rctsxs&ut_
z6*GIc4*tG+m=M#}M;Qz{?3^xtM1K+R+O9^+Tui89f%>>>w;h~X5aWxX_pBvqhczY}
zB}dlHUZua^kCA0g<X<{xs{BF6s4d$VPN&N+|6}TKI=?o`{fX&>u%M++KzzBL5FclL
zx>lcP?#Kx%x716J)f@HkLW`cDj~8;*hJLJ@mOC#%@7XA!<j~LT11I)wp>W#F*=TEr
zdMTa4NuAtnm2C?w)<$l$@Zl&YhlXg*#?wVe4lmbgb+GgFBl=8`hZ7T9=7in=Pef)|
z1~c?l82U}5h4tbQH*nv)t1-lDIZ^*tv;26i+DjSEhSFaK%c^HGYW42QX!`kO`jeyY
zuy37@GePHHO;j?Bf1#$&Ae{dF;i(}Rj$UeKVAL<JRF=hOr#i-sb9&P&px^O4GgVoP
zn_kgzp{~iJH`p~lJTukOUjQE3f{|i+uCayV_p@?kQvJ@}%vuP^m#*8Nni~D3E9G>V
zJb4`vHsdgTgnqR}N3{1p<Be#O>3gq0NRDdJGft5F-YXy%x})Hz_C3$oo>MOU_?7>U
zyf=@pqR1A<Z|9^cTp>ad5JX5Sg6MZ<Y*29&y{Ld|P-ot}nfIdOFf(u7;L40B=zwsW
zeP3k@VJ9JMLJ(w02wB+oeM#8&ML@zDc7C5aRn^PwzR5+L_vZKg{-NY{S65e`I(7EN
zXUdoqCI-dSmlqi2n%>v1@d=^wh7ak$hI2lRGw*pr3@&_cIOo$zwPaEi<_<BC!mm5$
zE64Go?3RMQr&9iyu$Ne@oiMSqJKs6Kx&>TOd(m&cG!|T3Bd-ixU?8DvLis37F{A{s
zA(bc+pHGna@GY4ZW=kj>-r$pDn#0aUgDO$j!9iH{1=2(&n%?-%LZ{zTxUSHtm)w-!
zh--ukBsCR}I4t%=fC64(A#RI3d>5@%$0)4e_cqN(nL7sNu9cW^&<-P(A{frdbv{j=
z;rWJ}_GhkhA&93$5g?U>kHkUyD`8-UCdHts>+TAvOq)5;VBH#@CPF9b>B_|NIZYv7
zNa3h1+M|dRM;92(6>W2AjSr7;4UHtj$0F1TAYPq7+ku)b4%9YvpbA_EYN0w%Ypesc
zP#&nknj2o|OOoWEx3WB4`p$6k;yws&TlLrM`BHP*s&=t31k)?Sf^~8^Yriw?Qw!FK
z<y4Dc_atM?QY%ZdBc0uEfPMj!ga;U@6lVr8B%!}@=^CG?u0!fr1#&nZt+>LK@S3C=
zmt<)JQkh9h|9g1&x8;Q^M^qW6=ga7Z;=CZ&Q*T8x5%FFPX60*q9{7}zIEd2-sYQlq
z6f*l7tqFm>SA2{%qDta8SP*ou5SuyvGnh5R(9qgY?65XWRNz0f)-o1MP!|vL^IDm<
z<T_}wjT>5&bf88ddyP-ny}!BQ!?aLRlVOG(sg0|hAXa;bulAP|4XShc7`m6y)nRr0
z3+F*ejFB(k&*D%17bA6`uG8$FY|@0xg>vQlR?EGfzrb*%`4_G6DJ95ho1AOfCi!GZ
zDdHsRI{BP3@1uCh>nQf+M^U;vRcdhA0z>#)357n6`v}91%+z}t*v%*-)CZke?bE1E
z-=P|5Z<f=u?4|J(DyP`&Akr?1(OU?r_E;&I0z>~M_;s=VwF~VeQ?CD;)q?5@>aZ{b
zfDchvxZ0=LfN*@FN4=9#tIdxDzb;Rz?cn!bB){zXDs?Q?o0K@Pf3+_}S-r5(@KQ~M
zAN#~ApU8<_?h8m7YVI7?c%8dY2rX48Y+LR7=Pd`tPstP3ul6~NStCsplczR)k-?#w
zOkw0|By%yaQm&Iw$hAX}k%1aiwlJlR9aF9<OzA5z#dcohI-|K%2*ppb@G{|dZ`wt|
zBToqyKJHB+5FUAo*?!l7L-O~8Hx>0?`qbUXf;V3aD+&&L#w`hc_a^6C8=jJp3@t;r
z*0+rXm)O)&@vLtfhsuBjElm-ysIdpL9`jbY0$|ot4*Bn5PYvb2f!Bjve7V?Dlk(qy
z>p_(N&iB;rM*bVX=kb>RrnC$Z|28)ku%FXX2!9*oUd($_iGG_KS19>yd@YRNm-md2
z`-Z$3D)wbJc1V4bTH1xa?TrP(eA7~ieA^p`NPK<XEKlH@-#Dzice$ky_XaeU#ll*;
zg}u_oQr4T@(k<%UZXALJKU&c1`t)6(j$O=~@{~);`;4ZL_Fk+d`%O1z+4xk1GTwGP
zDzoHKITm_UhRUOI&O9nZ8;44F3PyI}?vR9idP}!xcet^WqV8xZ=+QUwnd2!TV%?CZ
z#Ue^mlu$S1=@6MN>^@16uFKQ1rc%ovE6|O7%3Gd0JwW@Pljm+<2yzLj+dwU1d9L^M
zpqD(iQUZN(V{;!?$V+*RJ!LtQA`Z|f^nFT5a$5&zUXt83vCiInol=tPcOm#sk>u9C
zC04!gNwLFw-gJp^W1hN8Deg1MypLM?TkfNF<VlwdH|{M{ggb1%i=Yc9!7Y{_vhqnK
zzqJdI-`YhYzqRw0-%8(di*LQ2w4}FVZ@GlGp-<Xnw*havMYr=$lq<Q-dRu(a_9x`w
zd&?;&EqXFUOiFt@ywFzkgj;5l`-HMk@moq{oAu;BWf^v1E$hkhWwpY$rKnc=gpkzE
zyrl%S;ZNG-v;pDewDEG;N1h0k(!~0rHS#44+vH;=HkeM$FDd+uKN_E^<6Af~Rb!-|
zMq6_wLWvFJ9Smg!3Sa6nUWbuRRJVdvWGF{fs*zt%9qT~wM;}Tc4b0V?$qv<QfWpwt
zC>+O7Sf7pJ=7aFvW=?=;vcNb3Q|3rHbnhl9NH53^5u^(@hYHd|=6DLyh#_+~`%Fve
zrffr26P7zRd$Z5!dIDMAv0<p+RK7x3UoUJzbIT+RUPnLG6T0`%$`sCQk|wb2*~0kn
zDh%K+{S}4n`9`YMD&<!m$N1-R=aOM*k%qSJsuY&w2eHIs5r*A1lNVmL_AeO<t<eSf
zL4F2{iZrG((gH7N<W*}ldXrQ&FPkr9qwGHut?_B*RF%<hn?J?C$odqf3HV174Z626
z(>uBJcRQY`J9j>DBz|(9o51A_eCuzh+?R`=;@#iDz^aZloc%P!byJ7J;HoND%1kws
z9f0=SFB9QDb>d3_cFp1ZQcgR#ZCGqMb-ykTYg*fY!jkN&ns*o&x$kkJC9CnmpIL{(
zpnuj9CFhzcTLcYj8%AV|*2pI?uquacCAj#h62HEw%Dhlpyh~vA^!qjSIVqG&#lMGJ
z_X|nkXG}dXqHXz}(?3wSbHDIubZx6%K3y()xO!VWoV;JJa7s^ynQj-0fx-+2K*S0P
z@7Gnq!LDtY8tGbv0gE!Q?jvdD6hX){2?QP_1~vkz3J)?y40xZbYY*z?U#O)me9*hl
zRUGUu)U0Uqa+4uzQz&Z9cV8q)oZMqik^mTyDSbqz_n1i%Kw%QPnVjOwy9znQw|Cha
zOvR6nr!YQKv$K+kdqoNt3|OLJaDW~lzooFEHF}BhBQ=r;B@gP#Cl(+<3TOX{RO`hM
zaB(hEo8NEE!Bv|v5`@+qNVRqIF9g@Qp9WlgZQ$ZxVh7j03<<7`y>@V&%%~7tIW}+|
z%W#0J#2Z`#1-S5YIk>*A?F85S=|;Qo=oPe~SI|VSpdG!Y?ezU50NX5rcm>2t(hLX0
zGEevf#P+5cHi*qR;j0K@=hF-mVzW*-g1Cl`HoPFVoi9X!3^8o&PM-~CohjU$CSc}`
zW1Vd{*4f0d&UPF-_!Ge_%?`7nqn$82b6mn~_-H%K%8pkEvl*i;m|Z&VfZ1Aan2j}I
z)>)ug_g!|FeN5rojlp&yt@3OkDh;jBp+EAqC+kcnAIrZ{oKp)J)=qrg50y2-M3!i1
zsGm+6Q@B+qLj9B+!QiyVSe?r#jVau5jXvcyvmD*E$T?cdD9n^m9!gLG#@4?(M33xh
zrs%Qp@1df{x79R+24zHpmKu2*9!7KA!{*1Ael9+KXcetJ1|Vw~P8Uz1&=*j=>ip;B
zv%j|~WLFWGvE_5c{x(z*jHeVIR(yZ3yn0St#ldgG1yr~=Dp&Nz^1?}g!Y0S`Ve?`n
z7BOinXae)9XyommNkM4K=O*`benhlJK7(ubA@h96hIM#Ue<=~}GYo%EfI0!GJ4i?$
zmS{GivJ7ZyOc`#uhPeZ8Q>Ys-HK3~Y6S74<Ij6ElQ)p8z$T$yMOH=J4ttj*yuUar(
zceh}yuB2>p_S3RG;mB%S?Ebz$2-2-6^m<2QqzYVbz!+)8f5{)%S7Zc7@0W1(7t=IR
zes|!Bp!o$4+TL(jzF|VOFzf%T+2`<1nx>KWD0FNszF<=%Uyv>vNuH?6zhHEs_=5K+
zbQ522n}5N3{FnT}$nzAAb0YZyzIFU){sq6IaQL|Q7YvneD6LxI7t9!~p){txATyFL
zSR?0OgkP{)e!(9o+)l+W==LaM<PZFp{DGB=7V<B65#PE7zu-S8EDZAnh4KwW6@S4F
z{sjZMR<p!t?Ql#akS8RP^V=Wd38|GLf*D3x!3_N7Va^ySJff3<8vI`7Po!bo#XybU
zWnu18=zUVf%#1Q)W^SA?;~FSmFO0(aF)M?Nw18ZVk*ByO%Mv&h@#7Qm0n<p<fMH6m
zNIQ9*YNS3>c{r6RB=L9t8Lf;@n$mgh$O?SpJ-?UAdd^6rqKrKa`h4%RqL;3XFhul{
z3})t2nep0a?Ea0YxPEnn)3HyW%l8sAT}BGs`XLIpPx&;??WBEb!blI_;(k7cvy#dX
z&&b2@H+)SCU4=H{lXFIzTS#H!DH)A2ccg*U7>T?VLu$Z*uMI`hVZvFTCKH`Ej|@q-
zY5|*1`E>F$e2MSN3hEf*$%r4OZuRMm#6ig{1A#DQtFNMrYvzpYES@C<1Q`oUl3~k9
z^vIAZR11)2D9q+K`J5Fki{YRB5UBR>&q@?}o%RU}^!4Ea<tpJN5<{C}UP6ql)$Lc&
zpC?Bdq7Y!(NuO13XYVM(8U5*}kbY7k%AQdneqld_F(-Xy^k<K>(2es`xXO<asX>xt
z^k>gBgKtI>KM>5^xut34VQUhFn>dX?kUOJ72P9IsB?cfC3uuW_)?Q<~2r!$)Th0&n
zfapX8(SyTH-z>kTvX~zY;InI-&x$QyZ5x*)$jhCPp-17Gq7uDFiP)`V3S}o9M<HvJ
z$5GhD$26c2uc5UMPlGP4kPSHTkjUz1(J`bpOdn<o^*W$De(3KS0780TBH*(aO;G<g
zMvD?cTS^TfiNeM#!yA{F-E*W`O$0DQR{c_yFsxwB7z(ragjm%6Im%@Vl{=yi#<5Y3
z#Az89J?f<32&4fOh_+55S_7DW8qWq?+v3xu|0fova&qxE_=QNN{5ncR{}+vv#@9kY
z?+6sCD@CU;mgjx+|4@zm8=UPd1;njfWehRTSk+r%DCBV@!%t!q`tSG&RI@}1XJ;51
ziIJ*V-YC0j76U~mrD|3%%5WHq;wjuX<ug+QmWj_xr0_$bW()mIqOc*{#v&1c+b4XA
zgLN0IItl59crCxg#Kel&P*RP;nBn|%;!`K(d8s6*O_J~$Z{*MsRi{!ZoSz{BIzMCN
zw~!iOjC=-<F-8($I3H-PH=e?bZ;a5-0?0q5qT)s>n{)?QlOQ5E-a#4Wm(>ZWo{&H~
zVD0a!aG#(fhd&U6e?m=^1>zYNOCl7C-`5hNqu{a+3v^bc@NG?vBs@W4Xh788s4i=6
zV81w8oz&<5J}7=BkSg|H=KrdTn{lF)M|I@2=wI#gF@`6I?s?UjoHSXDjQ1XS!Wt<i
z#>+IpaZ%j)h4@FT$82fW>tor`4r#3TAkh_1eHUD<uE|ws=BlXrP2nMiq8EYK00H=1
z=YI*v?)-@Jta>oKhLpQRse_N4yb>skuc3+R=5>=35=ac(hqSND6peG*E_+0X$n8w6
zqH;9J_Hr~N4({v@YM8S4ZzgdO9`=ty_yeObvW6y0oBRyEKr(WlZ2tCfMRHyeg^Bod
z0{K5lCUYJa$#aw3&y9`bxydy&WCesKlLs&Zh_Adlg}fXMYi=`Gwlb(o*|#>#<(EAx
zawm(5++62f8Pu$#98s?B!w~K}<^i#_$38@Q{4j;l4`}33llAua$jy1L)etW77_4EE
z)G{G~_~AZ{Lbps!BQ@am9xQ{>jqk7g#VB+sce|_61ZU}?1h};)sF7dG<Yh*aNpb>d
zltBD)%Rgi;A#2nFxTwk;%f4Wwo|uoLpV)|xD%yx-3X^e;1oHDFGZ$z~B+q5IpG%MA
zxy%PN%%JCz>4Web-xImqQy+xv)!>?9ug-s<REB{yHS)N*S3^E@@737{G_3B09&MQq
zTpzuugi}WFr$S}XAo$>4-NN6uwFOJw^j9VNeOp^osiMCO(0X<Giz(cBpE)GrUr;Ek
ziOzO;K(jt@Cq(V4DICXDWg;=IBK@y!F|w?7s1&*R{SeSht0h2F{JuittXg(7E_>e%
znqIXuBy_dyf?^H0@fV>Ik=nGDTVRaVApIdOq`iRpv*`EbTn#{>TutHoxKR&M$gibg
zQnoC2^1fRS9bb#n0ioOqt#Ri2Hc#7w6xKQB*!n)=e>{ahXv7co0@hSB?Ng!n5zELg
zsBn8XWNwf5^7q{i@0?ob1g@fySZL44gO8)DyE5m4531)%-!EUc-c(B(@xqRiO<i)U
z<M}<FtEI~0|2&0tE2Uj0Rmb{!d!tOP{>uBT;^tjz<l8StGI*^Vd?}K_>uPxh6iIMY
zGOf0QEBbzWD)gpWnrXv1@s;JLeV&<)+EpLBItmA5!?6cpQ7!5JT>ZYg?=ZPvHjPb&
z)3v4WH{*kF{fXtA^<d-!a?bBR)P;#RhQjdbnuwu1@xFHuYYc_SH8sjNts%zo#63dl
zJcRI!ParWhlqO!2tKvGT{!3A5uCYdHs?d>G3axZf6CTE(ti@9>c#Px42NbUF4r+2(
zb*LuEL==TFA8RPz9;>d2q5yHWLUJ)&*rW~7GJanQNu&)?Fp(#C#78VNpYu=+Q=!lQ
z$W6TRYsh%ZJ0G!%iF`o~7jw8B33DiPKX)sV=Zb{v^MIz4pTkF()k+w|X(W-$%_M=m
zN?~6Vo~i`fp+dr!!bm*K7a4UA34t-Erl!QqXi^)6%Z=}A_L_AZ2k<)Lfm1>jk(Xko
zMN6b^tv%=*^q{CSn_w5jcaq<Tr_PlGQHBlwKN6oT$_TtmAQ6QHS@TDr@5YZAS6<Ek
zi9MWB6LmWhr<3PJJ2vtH3(;A(f8e3APOGUUaMpqBFCJ!oAS!dNuPFj|g{U?01E*Nr
zkit#}Ph91}6BpD(_Uz}HAkK3?Wd4=mxm{aZ&Q9v9QVpoE<$NGw^O9kHO?g_^eV|*4
zyIHP_d_-aB1M2A1gzB1F$*4$hc&b~#85s#KPIEsuB9iB(KY(4G{2KW=XVBu)6Y$d;
zDjOaiX>7@xLKq%tzdF)GKQx1Y{1i?+AdH}+KSYlFD1~DWXf|nb(T8r6-HHb|{S`u_
zFynq$(X#7NSor|In?N47o-2#wxmE7xu0-<OY9aGJppnP<N#_IW@srN@Nsmb&1oAR8
zl|CCoVe7u2WzpC>MZ0&4MjVXcYT557BZ&#7U1Q(}%%zf@t0_?7XK!#+&{V>_ABHMc
zgp~!;s%sXbVA!B9t}fCre|5gwjI>TARhTkj9Qs(XtL2Ja<$YKlYs1oY>x9;!rI0w7
z$k$&D4o;EYBmA98HS%{xeh0ZmYaKfr-R^{SJySWheJMK0mrs>&j7}0^)^ts?OdfxS
zbpC=5U|MHg=VJU5d<^<TNJ2~U8ihXwbn+1#@-dwxQg}`$Ox%u1Xi46n@LoVCpHWD^
zfU%O~DfCEvW{<+NQczUojhb8_L_XUfz*WmCQYpZ4Fyz-Xh5VL7_TO#gU<j7ps4cow
z^3w+ptEs|er!EIWqS^=a(?nSNrORfSxq<yO%_cCezhWyhm)1wt15VMfRfbR{imwE_
zIe2j$3gi1~nrZjHb1~>vRE7?ak>}?w2BqC!UP^}Zmx6qr_K?;e`9U(Ayo415#TAa2
z+n!~FptV<8dNIFYu%V%47frajr$v`gxV}u7KvTIIKjAfHeV4YfoU&jz7xxc+t;Pad
zugLWK?7o_1thC9N7UcXeu}IVZ6>P|LDC~L7v@~A05_G#5`iY$rB%#zbq5>$m;{9Cs
zBRgc2$<QaDaP~()mH45V<;jbu@O@uL{M2?e&+H$wWoSMv`AU88j)8YS2d8h4+ec%Z
zD7~tYH-vU~$;UirYVQfM7|8FVF>g26zALifbw*!X+leh#f-X1Ml)h3j+I%JGa)V{{
zwThrzbM3aDLU+Umbb}E>-xm?3Wfc{h<$P-%f3lS*O%<dmq6D8;ZK|K$-Ojc5LI>}X
zlf`{(O<BsUl9LzuI!jI-3R)#6Yr&c)xFE9oZH&d4@&uOpW$>AHkCnLFp+);`L<itv
z_g!Fua2n_ir$Mng$$q|b48dN`NtmV3V2e5H-2s^*7v7yCH9IUwIdTCeN2?g}C#^i1
zHX31ERrvzia5j{H09oTpCHE%?OR1_X^zC|I;HL<m!xEJ$eD3fd5Ar?zymT~;8Z2EF
z-<LW|pbZ^ti>5za>eGnUn6G=RkrEvR7x6I|RO-{H<b6E`8!WWY_JvZBGO*W5<+SG2
zD4Z{qxxdp4odW_(FTF~2q!Ctispu%!B3?MB6kXLcg-a&^={Eq%KT=2S3zX*osOX*}
znDFrPK8p$W9pK?A?tMwRim&xo&Ub!E`Bjf^_67bqepMS6MqD0|Z74P@PV2J4MoMS}
zoFBi9V$P9+4OU()zgg$)2^u2ao<Enp+4rx)y|-jrj>4ORB8|?|;M?<<MB=9~X1z}~
zocbMwb^OevB8h^ky7K6aR&YI8Dm{85O@RKL!Y+O;fI__P-UTlso7@e-vL(Boa^CWb
zny))m>b0?6Ox7`_NISGu75WpbRYr{{hz*cG@IS;!i9*Z{2+Sod_`e!?RsO8yi;9kh
zIct1kY&2|MU@!n=K%2ijSJ9$!gt(l5$0HgU0{-Td3$F;qfY<OLEm{)~3nn41k!t+k
zhS;7bx;%zK{y<^l0wX~DFn5iQ;X&HCz|cqwjl|UVmI_V`lEE>f&tuxRkP7w;atFtZ
zIWPBi_aJw0%-Hi*a7_2X9>Fo!N}a(mJqF9*n46`x;FzMp<(88PV5RrXODs*R9Z7_}
zpgGvwMib@zd@anCVoEwtn6OJ^DZc0xkZjLOONJx)BE+u)g{y@@jPdJJpamG|fWO60
z8EQGUNQPRP*-nS#)5rla6mWcz3<WgD9I%a%5swp#q-DH<M5wcE?1@mB@%#|9k@?SU
z7`7S9j2Etoy=~CA)qq0Zcr!U_@<)Q=;{iQhLv-3o|41m%`)ZiuCVu4X$i<bxC>=*n
z?udgA)i8sb$9@zV+<c^lz>TAAY$=^0Q|oJMF{3{U-}Xx`59{2iNvcyA6vYL?3!U-P
z9;GnCnr)<O6{l)oh&5IofUYwH&>8krt%1_S&BAb*&y}D@E|S{%gu#U1-HUeTG)?pf
z|1E`EJA#<kE7GtMY$e76cuJFL04;#F=&nU=9IAL66v|yKY@@7c`SF@4eW1bF4?{Z|
ze*J)y8(varZAaRmy%R(K#>F%H%l5Ug=dmVIn1EBO1HQLSNFxG5;aI#TO!Rx&a0w(U
z-XsTSK5;4g{SpxJo}XG5y5hcxw!zgY9FMXh9fu?c8(--s!W=s?K>*=<{7qnp{9XD9
z;=?Nx1|?YDgDxM5_HyHlQ0N?%7LQ|}I4N5L3PTf2sHR&`#kXt)#LR~%3{TM2piv*%
zDovbJP*0}J{LH!uYV5EN6~4zHzB7sNnpo8j4+t}J$tO-?oJ?VywW>j`y*~edCfhFf
zp{R}KDs&1I@)N`dcWG0u{ZYsQOXH9QFPx#JVnc1w6-hJ_iKlR2Sx~$gCgo|G>KA42
zWF%u!GxD&5*l#Ix-5GKK2sGrJtU5_dG>ubS<Zbu>Nt89FRik6ul`0R2+AAso;u%>W
zViw}yb_)md-8i_YTpZl?VOSi@PtZtQ15r|5qFug3yQL=D<=N0~>xbdcZb(g;aOp<7
z0&9cMd=UEFF!|hfA<rdKSZY0Y%JtmHnwtDz-2)qseW0+>PvNq{#{LQ$$JS&fR*h_<
zc{6AgH&}(jmUxlUE}oduhMCrv+5(6+b^1<cD=Xr@B%(FsFPt|+lO3Vai&eNQXcaPT
zQ<1k7C@hdT-n)%GspV?Ctgzy^dQD#K>9~45-cy+D+D56vV#x1cY7m#WU1JrlFvX()
zi$m#Llwe<A1#aq`1pB%x7@V8nP<pzyarm<Nr{Gqt{6ut4SezidPb)rQI!!Q(b;QAy
zIE}mu4O9Z_(Kfow%sCt<%wL**Hz0PeN!`31Z>LhC-Apr$2AKB_^JPB|#bObY<RV<J
zd&m7chHjbA`VHYAhL*alc#W$;uWO{GFw|}HG4J<v_nu(8Il+HXjkMHt^85>o)PjCf
zxhMdaii2oP>W@EvI&;#6;vl{hpuQc=qWLoTnn->4ZGb$__)->4<un*p%BAG|#7kLj
zE@i9FaVEt+&Wq==Fz5jhADm@ckqA|lVt~T<lAv~P$QG@UEDdhTq7-%=z)GRX(lD#@
z9jKkc2e)RV8q^M0f9hfTrC=20YKe<8X4y2SR9Ulpt4}j|7;qlu@n=I0zZc}Bb>*T$
zYH|OWGV<RX#BeOg$X75%W8_h|-iiO+3veB!L7h+ZjGU;BZK8N+g+oq6i5Mb3^f=~Y
zq$=D@H(1CoMxom=-`zy|{TGEB>4rxBYL)*IMy8Wf4UcBB(~5m)tMjhry>f;jMBv;V
zKC7B{?hM0K%{y<0O8l8&xT<+C*<q=yhi7<XA7t<F33mB&8X&rrypohak_AWKm1VJX
zKI@wlrk3~+sW1w4hT-Z<&RJ?vevnxLq$TpjK|zt#6<I~O74PtwEPY#+QEp@8Z%X6`
zj|qiFGKD?1i8g1sgpq8%at4D=`tGT5avciakFsn|g)=;|Qu45!h5%Cj43A2x`8zCA
z=n}611v_MkLu`!)Ob<}lAnMlLIpX75Z`ZMiw|9;p-r_Gt;ntD6!rMPn=rY#O@LbvJ
z(jUz-+;!<C@b8E1S%xf2{|#b8xU%$1r%Oc6-)TeS1=HP#T)0zJ{G9Ga<f5GxBJZDW
zxFb%+@AP3=dIpP5^Yu8qp!_e#$4F-=xgTx^86(O3N8n#Q*99nC8ZP_5jh#_mhE;6}
znL91)+BMw+yQbI%?DQItwNs)WS|5kbkk-f29X`!badMJ<yGSLd$4ET<L5VLrcKW1r
zJZOfYc_u!GH_&d_iKqp=JGB$^|6MBjy40a?9+6z(#DZ^JIXPTB-zGo7R$nhbYD4Z^
zferC8vhHX6sa6!0Z}3@LgS87uGHkx-vl*^PDuwLsGARW8cEW(R(mCosDdg}`RVb{w
z>EkOGzim(CIiGlk!ZJSMJ^Q?v+EtJ0*j-q72}uHlc#Xus-*n+^Svu1&&0`4^R&1Av
zl8a{=W^;Qd!EH$4yX`&<o8ok`Y^q_);3r8G`W5rDD(+sKYJ@8As$;&@++LDsc@_s1
zOF1!TroC`fT?$KVul>RK+87GMi+vdG!yxO_y%Fd{3R_1SW?)$HOv9a6ktx=~m2*wT
zxU?1-CZ;bb13??cmlPw$Y~|Cu%Kz3dZb)t$r+tUcScG`9t*vrR$X;&q;i)V&Nst-&
z4TZ7842}HG+H^mKl4CxNB*0W5tCVozME+tFcHNz<@+%5iTvqvwGykN(3r=#+Bv;6r
z<`!n|gYCO~NGj{5VrFwg8X!+njl2;M*=>V^jLT#%ddOrp;qJdEL*XeN#u<!s0?x)B
zg}I&i-y5TFqD8>$?P$uT8&0Lk-F^WxNOB`1n{_En7F3ZhO(=f*ryIgQQ<uV|us3T{
zShLgNCnFTbc5Ejjzf{u@%a2KF!;JYR5z>)w{*3?8io*7_K0AYep&G+jddQxQp3kjY
zq|6piq0hM=hho2`aCwNKk$+d8l0Dn)228P%Nps9(Qkmg^f6n}=(n)tI7Q5Gj#b#J6
z_K*K$7F$=aSdL#9?s8>{fe+TE(0_M0hHAQP7==X$C#Z(PaMw<J`F8+M=$)@B2vJO~
zh^&!Bojep^1oJ&L5(`s0>f}-Qf|0s#jHs-}{nHK03T29!mK4c>z|7*c!!(*oMrsth
zaCBtk(IhfUgBe8GJx0$koSjW#A%C-S9WTu`%)%tAl=OCGx?xvG`>N}gr>nXIGFf8a
zPU-RQX{4&<4CTuiE|zmvEN7+$!->$Ze_<~BYd&s-7*{05eWO7k5sfU1JEGeB1JOeY
zG?rDkHcje9=eEl;rZW=9bzPlnM~uY6=&w?U4kx1d-$TA)<P|857F2GiU>$IKdIhx_
ziqv~=O*bMiX)RU5Z$>nHnHqj0qT$PTI>Q9YB6@0d$aaSruKM$=@qjdQP;L8vA+PX!
z#vc2cN}5ynfh%OMP>nnaJ-*UOC)gUz1lsiDyivF&u^iv=6~dNZ7c#^vD#5<#2KJ_g
z)tiy&>?RDxc4Xu$m<s%im2~2w>U(fA8UuM@&{qt;<Y>qEm|aA^spnDoCQJ}s2pV}v
z$MI!f8%!KkJ_o=3Foi2VMjnEdr-c~!D1}vnjCSO8xInl(x9YS{*U9S?a)ui!*d3sn
zW=Am;$h(GMlfv$9A!wtncMri2$}miz<SR{S*u7RrCo*H=-u2v|xET*aIGbw+Kj)wG
zeP>46!N@2^K8F!OoqPpVQplt51_o#^^>N|3@Qx|u>L@!GbaBhh3+{x<&TIIncb%iY
zxf3ccZ|m}7<mI`uRdiAe6=4B8w#d>AGx@C;M&dmLXC?&a<y$NX_QZ@(!8v`0B{(0M
zao2+L_#IMko<2K7aNb~h?fw~|f^+5$B{+{fbI*eF;bE5Gyn42WK=|F33I*q3vnv*y
z4{vb_&Pu`*N<*lGxof+SFdq^U<{OOEVDkSBDMM)!C>)JuA(RqcQZ+j#E4&Xc1Padz
zb4YtoH}uFoO5ye<A0r>3FC-Dhp7RCxL61;D4-h|1pn(7lp<*eFw5G6=t1TZQW1HHE
zkvP}|EQ!Rz#7>NK(clPh+<y|DM@slBjy@EoPnDV;n$}F~n@0SwOR8cNN@plF5uXv(
zI6v&=1NbAEd=hD}^Hv*MQ0T>l3BN$YDN~*1wPXsri>=!kQ_C^q`6+*~fYj+wGhSmX
zQDIIrG2}gd3J27)Cqr$XPf{3Udv=`r*~7&?jh~d=_h<uT6vlIwBQtLXxKyWyDU_n>
zBy52FymYGzLbnp(nSEwDOK4o)E^ArzpD9adG^Dzcw+a+C|D>!S5TZzZ2Isa36HNA5
zUqCr3{S@YP(kN$)XTCO4Bu^uLEIt$<ZDHC-L)fcUMzIPPDGn(M$RMiq@;G4kzny7@
z*(LIGIMkVQ)248rXl*|y%Jf9unQl}Rd+h-;@v*5+QQ}n!lli{BA;i5cUj@jYAe-}S
zA@mNLDWk1oP{*0Q-G{18sxK;<;|wQgl{E5({P`z5wVwx=*Li+4iIb0EXSp088imGE
zE-L864}JO7IM_JS(340PtsV#OoKqaUpTLQcqHlcfDCYhg(Mba%@8sH|Q^=E$-C0W^
ze)@<=<egQn(LP4f06z@aimNzu+Q(c2WW|-<Tdm`k>Euiy1W6viJ<4Hm#<mJS<?j-P
zt4p&)0i`4g{cMv@l9N+8e!rUMlsS({*#sTKxSeMy47ANMeuj%898wb<pXH_|Lu}8E
zaX))>2Ral=PTw;znK0ZUCjDo75R>y;EMn4kc4!DNqi}JHjhOVF?Ib2wwn$>qZ}$HN
zF;Rt<Y%MT8gh}ZJW@$7)gBi#FDpVttmFpmVCYqdU!13)qCNEcqK{G?xMP&*nx64-#
zoEfr%l_{LsZn+K?%=8G`+{cNq-E75ZGN&Z<638RM2R7ZtMpC0S@@on^im@%DpTe1w
zX2GD=6pjy*{JRTEseTF*&v2E3a#Gn^XzIid*(bPkUzfsWLE$LV$)8|d5KD$|`mpsY
zEHzXl2<m;Dek?H<X$#AI{O^1N=k9S<#Vx-|A!E2ATYq9YNrc0veYzwpG{6<=uMI`Z
zh#!t3t^ORA4wHT5W{?QTX={o1*+rU0Tk~zd7=grNsaADi4=PJd;YLUPuOOnyEFu#6
zC=4(JOnYg}8)rt%mN;`t$@HUUqi}>*bQ6pEI|S^?6i#oEDAX_X&Y3M1{>+o7%2lp{
z)1xgFq0uxO{YYT~k9O`rJQ4)E6%*t-5x(Yfya@OuT{H>@hap!$T<W6Pe+pAani0VP
z#z03HY6~q+A%B8#!wsDy#F5h+A@Db2q#7JJ?K7F)yrn_gImW$25z)uU8(0qONhWmb
z$+Hb6LRX%|bH!zJHAyDtoT)4<$@vs!_tY?8`AG~|{?w5PYAgErn3W64$ftZK0P3Lv
zenU%v`!Fp;Dtmcl!FHihak+hLX_!YYd8A>^>MzqUw_Q?cnDSCG?6{0+m>uA|eliVn
z{bdxk#T6_^-{eQ8VOA0OAA|-(&B!DQi(fVCAo?lfHA(pw$+;+d)pURFEc3{i%<5yy
znA~3GkukZrkCkQB^Qz3Uy4l-1WAaX!En{+FPt1_3pUR;q`q0;=us)y@@}T;dCq!}0
z+@MpJB()$;YbU<($_h;s>*?z`N?HQ@tTY?FHRUh`QU|`55Bv;iL=_mZLSy^}<#+VZ
zJH$^LMFXh~OND_xK{zLuEZ4MXAoXC`VpBGf*J?wN9E#H<!ekE3Dlmr2k@TtRB!O}!
zL6d7@>lZ)$72i5iBbii7;sP(yL_d8o8b}QoA*LdA;8*hNDnTOz5vc*~1g2oV1fj{M
zaCJ^Bqy`NCF;AC@r)$C{e7c6(6ZLNbd4i)+O$uM|+cj#43kb2P%TW?<gzt)_Plzl6
z#y`A1)yRKS_@TKv60j}6NG-^3fro#YmSQ{khdoaIaQn&cd)edU_f{wWntAejtCN32
zocy*hNS*u(;^d1f{N(Rza_<S)BK6C0><|CT9Q!TSvA^kc?7P^H{q?&&_O2*Y_pz@+
zVNugm6rZcmclp2QR65gKdq5F_l@=k0jv}>SP;OA3<;yFyRByV#MfKh*e*${I)Unt8
zRR{tzrKJBmDZ*bUTxzb7#Omt6)B-=!gHKazD8VY`4dvqizdL#*Lj7klPd6SeG}lN~
z7}OMVZ5N?Th8^&e5Zdoas6R|<!{N$~I){&&bq*V%8JcTmhvo!RFv}=!nG`n*^MWDm
zml7#t^b$EeiIl&KRDyX1er_F;6HfjA-2ou=OpV$b<E!9xk_g9IFely%;wS!n<o`YF
z|8EMzTA2KBHuA$GEu_SqeJz-xl1mr%ab&>vR;2ev@4KhRqNk{>(8NDs@@S59-*8;N
zpThGxmO`^)A|47j&w9LWR)PssPzgpTie1ENYIBYy>%zct^psaIYr~8!3#|=P(ns3F
zr<Mg(gxl^uj@mFTmZgh=MLjjqJf#*ts1L(`i)FI}QX7h&XEwqSV3>gymUJZj2-0Du
zjQlr+bPm(^g}-EC6uWC)EbD*-L<lk5>aS_eavqO(&)MERmnfdlt(T^olzP(tChhtk
z7UuQ;Cxv;Ys26EOHJ!8X(Jd7Fu7!ot5+O+^wcyWqL{b9$Y8=11+{Z{Im}y`=>|sp<
zoC|YJxe<zkwJ9txQvRtN*nW%(Y{%$^cK63fqcEqp7H}S&b-swt4yTV44(4Dc&6T&%
zgxB}UpEP;p(p$1D%Ohckcnq`(Q;4UiOcvrP;N(@M+|Ms_7vd@EBSHOLnY$3r(mqxp
zo_%E=g?J|PaTnqlbG5=kJhfm#E(U6C7J$qCX#uxU0dAcyEaVm$VL*36fo`-NbbCBN
zH%5VOw+HCP+CbO+st4$<^>%}<sAAB8FrfVi6)pyD_reIrii;ne_1&E~(cVjp@UDJT
z*3+tf)bD!GY%yBU$65VoUP!uTGD(72QD#TWaaY3@M7uY`mbo&s6j*q0CsAn57?Q(p
zpJxton8F3Y`7Jb(1o`|&BJ^wGY_D)hm>7~Myo=#VbMQXOLc?A`O`{R#55MLU#UZBu
zEg(buvjbfD+0uduZR4lctx%^Q)<Wv^m0&u)aF=-Dq<_K-h5q)><sRzbP241W&BB#2
zww=dVE64XQ6jpFf(^@cy%Rh$Ga7OWUFAe>18&~^MDtfu_*Yrhulun-2$<sRNs=?PS
zbRje9;g--c{1W_daHFQ*&1X-veRg`(kNNB>aBis<A|>!cks?E7$6O0C8R`I}289Jd
zjrgmR8t`{1CH+>4ZKN9fTubFcV#^(Ya67OZ;f7%nqpE0;0Q*@1?5A~|#9A=dqk%v6
z0~foV79!UDSeqb$|K#)6P}iXYieBce8Wffo_xLeC#RwsFmo7G)zE)oAvv95w|6~%Y
zBec>qnE$dSJ~^i>7zp#pcMS^LBmWdA`Gpzg?pB3WfqL}SG-!~LLTW+ZpiV|=6pDTq
z5YDcUB;AAr@|<*f@nL^LWAfHZz7!P@Nk(cgtG}V8kSeh4l8=d&WE=X+mSmXMC&DPF
zU2=p`{yT+TeAIt9M~%0Q(y^HAq5iTeR&CD2_^6O_Jq<+(ABfi&0r;B?JIl;)Mq5^e
zBYUN1c3g&6f)a@d6MXq|3R`9MxM-q5$ppjEcXZl8pIMt{#{?sM(Gj5V%|RJwIVQt!
zHYeC)d&A}l-Vtn)Ezdouf-d_Uiah#*bGAl~=ntLqp3?D#nO%^Z;gOBER4gn(^u9=d
zhpcoOnT!Wj%mnME_;*N}O|cKV-H|_19n<lv&_}G^58EcGzzMNUP2ijTJ`w7(eUiaQ
zys~y=?8j7YigLnz0g*N|$uk2G%>(Q9%iW$o$&gNlb^Cn*vo86h(5fwY`+b5VC(;1+
z)sQ)<BHC1xDsF8>n)aJiPPxC@6wd4ya1%bCIpe)ju@4>+F>Vi~ascTn+MmQiYJj`~
zk6|d=L7CrPHbMET<0zEw7ggWVWa$5u36TWPuQ{k9+ansjRt>)t(eQO@_{E5ZuRrKr
zP3~MoPj6N)`yry?Th#Eg5e?s}hM$RO_%=2C^n?g{VD38T(@b%G#sniJBoRSY(v{`B
zVHj5!<6sb{XD`Bc1|ER**lZCl?Dd)V7=_Zkca@CydkO>jk#A*Yh^esZb{3w`o?L!e
z%hme?!A^!z7e$s@eUzB0Qy88d)a_=>`fzBoEO9*{Ta>tdj=~x~L7fEQLF8v;>jd{%
zsRa24u?^)r-n#3Y$+FVk=6$v{l$n#=mG-volY5mh*<ERG+deDgX8mN3Y;RmF=fRKD
z6w(NZMMDykK#~(kJrQfOWV|ibMzn-3;>SFxx(cJu9Uns8J<1f=VyW?p?g(a#p|IkR
z{ETk)&rqSxDh^TR4_?}51@SK&Z;NJ3qOkgqb#K1?UJQk`hkP0`n)3(lIl901L@T;K
zW3op`a>+icxWlB$ZWDl2--sVKE9239lqBaWDwlIHF3GIDDEaY-Y?~pYHJ+{dVj@)%
zk&DQXJ>Jluy`GemL^{DnAJXUE(c$Pbp->i-y@(>^Q~{G!X<=BEEmS!bi+@}iZx;V(
z=)uYvsl<e0bz_fDOL~Ye{?SD8H%P?g=Y(Cp4hxakbPzGB6T{<KKt|0DIbapR7-Or*
zrO+{?pvKX|5{HjWG+ec|hS}yylXHp16%<)f!)6~%HPyk;sTxxlX`5<<yHMEo>e+o0
z?Lyf@6h_+~{Cb>Wt37vCJ+r$Uu&`87ZfvY=n!)b(mmbDY-VOWjxi*NvGO3MD^y+TA
z->MCAYodp=cW1wOW^APkQq)_4LOcV1fJ=Apa7~1fPBehEdE($pChn^c4^ebcCk!@X
zlyXSJf1QzEQW!hj&`1-j{)@=74CrK-Mwv(uwbf3XInh;ZA(6rs0bf!Zx=*z=sU7=;
zfONbG=_7ty2j!-s%KASXo;E++rYxF}+K}5`Y~yNR^3>g;S~MXV<g^#_);3+oD`m&I
zoG(<_J9%T3pMO9z3RjA)zQfb)fLGtJ4ZnfI_4nwCNHCkKA;k#NfG}ESa2573_!~>)
zz`i2Mm+SC~kn1fI4Mug!Y0V{>c5}qfqN8AX2i2o=bGfh+_{YH}(62e_WdZ(0m-rXG
z%z2#f_)e55xrr3Es&5g+=_VS?mc@H(k58*>QlU0n$c?8kE81+Mbag@nS*)v+v{hEF
zv=tDM=1dRh){CJdlW+bzJc;da-(&Ely4C~&OlOSz8YYRFPS<^5h$CZUmIg^U=xW$O
zq!SG3%t$P}q?2l}@eoE(PaSWl_W^}n(P4HF4LAE$ly!3o*^@+`sepH{Nthq4V>2cS
zTb78XU$e(!h2pK^RT<+A9a+@|E)>Dn{AwroVZ6ae9F#`!Ym@iONZ!kn4F^=I2)LcU
z#}^>a!YWY)p?_33W)VYSbWrCME5OL(lyTuGfK9KW;Epd<g;_`O;~?rhzbt>o!j}Q^
zdu)$F;Z9g(rxDH{3pauczBO1<B6$sV3Cj-j(3p1-ph1&l5ugkEZAE~(O>!3jy0l*+
zRo6-GB0!gI+<3+$k7`yY_E%KRYJ!dKV<_^Q6b>B55NuKCdchu_=v*5O(=x3>*Sq%o
zj~BX*r7$kjXa@^AGxB@bhG?>zFXQ)+m5Hc>t={3nZlB0M&&o73(o7=&cQoe0AwPuy
zW|Gs(6#8@W_ZnAsV_|$Skd#DP!BLU5RT>t(K7faHojjIQKG7qwu(=Z>4PYsv|2)M0
z4sct{zB8&ELGAn9wiemPCm9+n_X$KxN+RuHj+kN!gqcDo??Fq(Px-d}>XhqP6JR+o
zoiu<~8Hs%uGt;!Ns~2T1E_KGFgcP$rI`giN9t(Sey0uF32l!SjG9%m~Ng_<zkEt1q
zyvGqaMVH7oWseV$OO;yh!No_3fj9R4Bp4`e#D$<?wPbOEoxaT0Bo_AD_kj3ewt(xF
zN&M#@U@kV!8W5$Mh)5`O%MkV00W!dih^=4;?o<Q#sKU+ANh_>7S`Eq$_;ef91`0dE
zl57*cDyJ@EywNR@_~8Jjyse<;L_9tvnl34?I6t1G7bs+NKAH?$O6{razo9UDu&mKz
zvzx9eb=Xb+jlv>6>bG{gX)-J+4Yk289c<cQ@5Z{iY=U7gjlTS#Orgu0P<|r&&ne71
zXjwY1j&a&j`yRDysh7rtO=CBwbQ(qn9+i|KcS4ADHP80WbB=fN=Y}0s2GyziB9*}d
zT!^$Rs_$DC)h&}Pi>j~{hsf9&VlkXB?ndPsvN%Vs273<qbmHfSg2ccSeyuiz;zO2A
z=Z9R|ioRZ9h7<`>j?z}w{GhNcW*+qEW~sDY6C5gJ9STzp%IYklTP}gV6J?#Xs|O?}
zOrKylt4srhy$3}%mFilExy~$w<W9H~0?UaNK^<=jVTHElG-&!HtSPmNpKZr4rjshL
zx|7BNwx>Ba{&xYsSm+qQZXmPv`2v<IykoLZg>@2JH<@(8Gu|K^$!6peco7d^aXDh%
z$FN4|`5VKFd2L{u7_+>biJHJZpCEQ+hg7u=(h0`#eUANkGJpKBNC-<qPFU7YMo@jX
z&xd6`)=xG9q*FZ-2ZIeoTLNK8iw;xwBMeh@Wb&`Tg{bmP&3r$&0H%=<8ih2_EoV`P
zx2TD<{qu2uL`D9<IpHnhS0)ZIG*Sf)p5x0Nq1k??2***;5Vzy#yK|vLYuymH<7mdY
zP{+}ZAzqFnog`6KE^V7L-a*@T2}@fHOdoG}6Snd^M=K9ml;>EwliH0vW>LFC>E(Nl
zCLWWtZR+?C+P2B|hP~<KdXBP=DMB}V@4XotYEw9xVbQsj<2~ryf<rF*+Y3L=bJU9J
z<j<j=qXT1|o}*`B;t}aNIyjc^l+qVR9dUb(){PBsk1IGL?Qun8mFKA7h~+stI5yOC
zH0Q`&d5%VoE#Gr=@QB@WlsDSTbF}@q-E(BB9qLFYkyqfNIMb)(nZBN`&U7sLEOF)g
zq$qPOJrXy^%43o<T#ab>DmA<;qT#F6@GB7wUvtdceRLtBr#GmVosVevMm4-NqT!p=
z@N*Fj->ioJ5Yg~0YWUfRhHq8F&!k7-oZ5K|om0}JJ~Q12xXWZoFO|;!mnuyV%1za6
zn!(5mA#SSMyL{$7M&ahJyLD4_omP>XDtBD@ZmPV)%1xE=!;f-PEjb+GrrMwG<))f@
ztUNbW-Z<%|T7KB(rkXR(?WS6(49wZ%+-|B>hb?<V@i-4R6)qN=6hBUNZ$H(V(JnvL
z{NoNk)ymO#;ipmse3S*;vj|5Fg`DH^y9SM`*l%_6u;rUtHrna8$~$h|D;n+eTjd{@
zeydx%@7Zs4Bh&I*WsmdlTWvUO`K@M+E6;DmPol$bB}8^SWV+pRHNRZWiJq&SKSb`i
zLQ`Od@?4=oaI=tCheU^C4urxyX)jqADX$Ee%u)-(EN#B46cpG`W;hDhhYAyx@9Nw^
z>AO<iE1^0s4f_E)T#T~3R~N=q?7ix7)N<2IO{>s*ReVAb`7v(qRd3r|nQ1QXm8rj)
zVx#?-5DI(L<Y&gX{aO8NlTS)>`IGjmXHSg@@n;RRJvcti?$0`;o;g0IVt>{U+caa`
z?>~A%l%^@UXMfg&EX$wOf2@Z;>--VRpVfD)hYWi0NICwj6w{v->dcCV>ip2m>BJh6
zc-SPI0qvQ+IIce+eO0Mss79G69$JSswABXhF*ZEIRqiW7A@`_HOAwwPtTCFd(bi;~
zX6JT7>KYT#bSu?#VVa$FvF|X0w9Xowj1pCsZcwq+J%xLyK7}i`t)4%s{Qd}QPpYyX
z=~jKEN)&F$Bh<5lYLR!%HtXC`E(F?e(x;KyaBEUU4k<rv_&@2yySdMD;$@8SaN?C5
zwVZf-D|Hg2y71dog0~pa;Tr={X{%4+68>zelVsR_I>gL3bGT{dGYxoaPluZM<_|Z`
zd`;D;!qcG|bHQ*^V{Ync=4<My3a?BL4WcYMCUvZWbgv*v?*e{5r!eQ3rKR2&>C}UJ
zowD@cvXSNM!TnB2zPBVjL=Vofz2U;ha`oULr<5K%qxdciew>}WAfmceZGr&j>l>$9
zny}EoL#WWiW2VJ#-(Ix%Wn`emZ~tCjfcTTth1wVgT8_ETpMWWPmC$e=V(^=E%x3W0
zo$gdpVJ2Tf9SUFSN`sE4FgIP={5Br*F$#W$mcRjH<kibZ<$)fT?zRM$91FDsD$OgN
z!Z-t?kWER1Lh(_%Pk6!@gUJXtM~Ub22bFVJxrcv-?%@TNd-z6r1@7VHO5eGjUXgn^
zC6Jn8y;t~#m3O$Yu+^=eVyGIvoCI9oC%oQRS1-Mj^c^ej@e52RodoMZkMHii=(8A;
zVOXPp!eOa(yM-1%g`<0g&$l&cP9Y=9?(_Y6tfA9@E~qG6IO5aEObu4xw!?sMdcID+
z(_k;)pe|vJ0e%YK^EY>*a5w{Ph~xL7xA<^|5#Zm$h@Yb?|DI79XnZ^+evK4gM>@eK
zbPJ9*FXJosIwdqwgu4OEJK|&HdDti9&`Z8>i*K5gM4p8;!j>^SD%|p8urV5{Jf{0u
z_jW(OB;05%Z0=`aGI<xai`VoC`<h1h7Rw2pgl^~(jp-yqgDFwy>Kke>@)#T!Uv}EZ
z!b{jCQM$L^I(@A4TOU7S^IH!Z>-JlpJfbSljdlC2PuV2#1!Fz@)_aar<hP!g=Js1}
zJ7M!%FWqVSt;bHc{MJWy{%`oLhw>G?3x1A=$N380h4kr03g2XY>D*34%~e_G7=9Oa
zM5%$eSLxFYjl6_A^i5~xiM$^E>^qqu{%rJU9~ZvZYf<GWSaVCH&lzp_yR#flXLLKy
z6|>BSFtb1vU3j~NyBnV)|9~z6j}JtJB?<3AZ$NkTff7Zc^rR$oST7L{>t8Vv`!HPU
z#F7Lc!lE&ru{oM<KV!|s8GFU%s%G|YBk#dH@oC?L`!tfs35+h)*R%{HB}uNDkq_XM
z4;MK`h*Mj%aH|tIx~Rl#B7SwMg`>TT|2J@SBwxXMa1e<lHoSQcu1rNFooFz~L)tpK
zL}99cmmijtNGJCdE^Rc&Ph20=$b0Y|qTc3USd482YmWFdoxxJ{Xm{U(9&L*&0fmEM
z_t)G8{H#_Ku4N*7=)DJB+Sf8M;0S*qXGq~RQQ*IMIV>-*it2~d==4)q1Uh+-!niCW
zmH6RE2?A<d7QXyQiF#c?F(SOj<h@j6-JNU>Na=s1jQ>wK5+@$xlRU%s3%)HDZp0KF
z%@SLu3bRCj#Qq|QbgF0bBYGUB2GAdL@(En?IlPG;BR_^g(YoE4=rN`Zq(wWNi5_E`
zz~pFMCspA3ULRvRmpalj3=LNc6#fqj_h6y`mUJX`qOg9da3mIEFhVE(n}0O%!-8U;
zyr2e@x0BJFIo>*ihL`agp4n7}d^L%@0+%ZAMPRrm?EMd05?X?ngON0r4kA80RU=j4
zR+^T=$S@7Mp9rGm<z||O?nXWWui+TR$m<kl^4~3;e#5nCsy#e*hkuR2d_F40IjS(t
z-b9|fL7{+;dec72ql>(UM)g{#LiMcBl?q<FOV8q*XDx-Qg;SpjSn5=Z^0ldeRHj}F
z(WR`pFSICElL{zBs;73Z4#kbvtscaCU-QtSo>itCk_;oP4bd5SmBROYKi+WeT7T!R
zy+Yv<AN9I(R9EMy*C^a}VL(KC+xs=U-?&Q?VfN_qT162t=PYRFId^h}wUdil+*MNt
zps+@6?(J8dn|sxI-Mkhdp)i}&exB}e&-*#>hP9vLJofW|wV$=j4nd`{<KaFnItupY
zV9%*3D}83Ohjt;&9?mW*r`ZD$WBRPJnmyRPH^UZqd2ep55xT@fsWQnYfX<Ux*z+la
zn?6Pw!Swr4*xK?bgAR;K|BI^f-)lbAAFhugbyY^<IoFq8-aRK0CtcnumCjTCa1qno
zI^?0Q5xpZ{4et`s@B%gb&Z0<$7p_8o>^q_U*c%Z&y<ENQdPKulsNvTl8op8uzv>v?
zFr4FB4KIsm_-Zx$N<@oUqlRCOX!f;g_@#(uU#Es&jA-`tYWRhShHp^A&qp+TqZ(ei
zC<52>)>T|c)wwPPX>E}jd>fq#_hIk`)YZsS@E2@Y2M=)qaiuw@5B-~(<RLYLJoIi}
zA$9nnsYYJ25eJeCrC)2xJxr2ml828?_=8KEItj|m0xyDctWXe?x=2t0$~1vp#&psM
zh7nFYPIS;EF_}#H?*kn;F##AQD#Z2mr+_q0?^xmtdU+aVER_b?olDGgX+mMrQrY=h
zbrfZyM^P$eRu?4GwQy>Q*p67$vQN&EwN!54H%knMiT!EVwp4olW-T#H4?vig{*E#X
z#B#p0Fw9FgiCIWP3JnAcJ&<RxfOH_wTqechwRv7{Nen-Xfx=}nAhj^hkPj9vvtoD-
z<eBDCtV<)`JO`hG!Ap?!Tv!^O^-RpGnDy*f<`c!_ZP?X!pdGs&4~t#9mdR)XbX<u*
zpd2p*+rH8h!B7A{_qk49gP~RU-=&}HiH}(*RU@D<YR#*TjeQ&zG!gr{_EqK3oz;Zz
z2kiE>i;jYAuX5PTZW0zWM_;KBGDDwp9y|Gk{aSc@V6Ud3966T4*3Mkrm>q@D`rCsH
zE(H}kE{ei71)cRr>Itjq?AL|D=WvG)x*pWv3w)*yc{GW1f?cTJWE=X!^`VMxzxPM@
z0q>>pd)Az2zINEKbw+jC4*zppGy?!QJ+ub^n5nDTi&XDKrsmN@do*#iluO7V-f~M)
zMrXO`@q|Y0{m*E1priR6N#wtv0soFai%+bR^pJJy&(Mh9`cL_V;sa?Q#e1T^z;k@`
zTP|27ktSFyFBV#G3g)M9t*0oyBR*j04fz3`pc&t~X3mFWAH@kt11Q2t<{Q>7{0WZY
zwaJDQv<AlL3Wra=<RFTV!>AVpO+59IjU*0w(UUm+nlke5F5-0aB~RKk>_u_A;H8jL
zQ~07dHH9xJVz|)zb#GDr%Fx$sd&$F-oA;tH&i2!2DjBFb`nZ}toB=PPD)1;2a8~m;
zyvs}$$!Tmsh*g+SSWqbFYYZf|6LVw~7-%tu(M76j*WP^P`Lk@z=|z?~xo3fgIk|rk
z($Dz?NI%yXhNqt^^DCyG*+o8KNd%J=l4O`VI06d#5`~;1pG9`3MDkEG3X83W;y5);
zrcAoe8<M&S%4K~f*9_>WL}AhjpH!<4<f?el5i5Kw!6Mz87kiQJ!sU{52UMt*kPWKB
zmCjr?=!cYSz!%u@@in;R=RbRVp(pY;<Ww=SfB9mkOwbq>FPAdGip6%BVD55n_WYle
zSv?O;lq_EC&7K!7momYa#ZH-^F&tekWrDGbO_^X%n3w*RG7R)~zBD_`OAm@!h;GUR
z8*?q0Aa8|~3377FkqNe}kTOAbu96A1tgvK)jk%sOK@mO$w{sDvyRQh3(}Qy>#_8iL
zd>VP(DHB}n7nw|Oa)nDKn7PnX=v-}=2}mQIB$!SyR9^SD<p?$Tev~!aa>0O57zetL
zwS|dc_sd9Eo`&_$i}3gFUKYQzo_A1~c`rMCQiQ^?=R<d#!AX7sJyO71Q|MM26rGFA
zZki1CyM`xF7*L9(4=)WyZ)|IM;X}_poczNZFuakJpyC9PY9r`kDO^_8u>PH7*x=F^
zS%Qg)vtAB~?;sQoKQGmp77oOJ83qRg-k)z_wlWQPU_EI>b@G%8>3h5!O8jFeTzy_d
z@l-(<LM#+~#ga%BSQ?E+bH9!qf8M4k<loGWKWe@yFIN~R<fkw?AYLHm33$vi`sJ`X
zo^75favpwUtEAxKurTC*Xe0@K#yF^d%Seny{0V4f<<Mywh>n8GE%=EV5YRlrd3&|c
zD>_Q&0uJd~aEBAaBGcZk1)QSi<d;0o(GM@$kC9~z+TSq+I`9)T9ksWTj(R;*ximdG
z3f8~IziR%o8mT3#N;n1VSh)HON;NQDW3Wwz&W?Cpq+6FhBYqEgUE$p5CTJxu32OBT
zfedNwJMk(XU!ALYjPXUT{8AYE2E7`P#y-x)+q+!CH=CF&JmXc50*F>B`M~QzM*MKG
zC+5}OxE2gN1|3;aBJo47UU;qR^&o@x3~HL=I>CDWl<*0zx<93y?pm>M{nLP5%>FZ6
zMFDS+hX~#Ty5SpppzzlT`k~9Ko1w!^A4?+D;8G8~-}`#ddMLKR!}Uob+~yLfP3q@Q
zz>T0T#&v=b_+)8Nij_<67mO7q35tKP9Ev|Tr(%k~j4Nm!%1*JT0di3|1LVZE$^dyZ
z79BBdmC4{DlJP-p<@$3dUq8x?Z_xmXnwHcU9R=gjY;vTjEj1<NtFoI__)#lg5NZ4&
z-?Ss&>zh!ha(`1*_)jk7{2#vh2_1zBhl0)(w1M>RAU|k*Rr7-wg$Y+Mo2;C6_6;Kn
zEiLJ5Sp8x)FS7S6Brt20>{+;NkzooU{3_pxxt}uf7;HeR?{r}WuJedkYH^gro&KmK
zUkR@ykF8iqE_qHk&_iInw7Ca}H#YUgntq)*#$1U)u0Oz`C-((@?P@3e;riGnAj6*`
z%RuKFDM(x9F847(Z8k181i2aXqP%k9CDGe%+4E9gnEP_MITXTMv39ACiCze%`qC3^
zEu<k#S|(-319?h{PFv<<Qc)4&-2zXO4{lE!7c@gBzl2Aa=rDJMoP47xqEBBDGWnET
z@5w{xsMp6uFeF;zB7uO_xfc4pPA7uv#Fu;{tgL?6zDRr=zrx64NqBLGxEKrDpJ9?V
z5;%s~JNHute`62VCvi{|Bhz%xzNB0I_F^cEZK5T}92Su&%z4qP$ogSw6S?^_UlqC{
zl@Hx$!bKf;I)$^QW<n8tMRPTQmKh=;$=u9+hrjNZ6c#*ZW_(<3W;(8<ywvXn!PS<$
z;@y*#$>8}MYmy7i!pAemP#7p@%zecv;WnU<XH9ahnIn8ThQg2+xCA?^yLPXsC+lto
z&D4_vuekfJj(g5bJlXe(jey0%j%Q?Q$?J-I#lpsCw8Z3x>yt+CZB?Cb%u~Ytx2W8f
zykW9>LUsm8qXfw9?~G80bX_M^#+8fQ*$i`R&)#r9+hZMO6XaaE=S-f0zE&pB=|vuy
zJVRGmnLMW)EFmmJAFc--Se-`_#o<}-IvySo*RWka@r@AW8bSU_pJu^*P|i;P_meAa
z2~zW2u*+L3;od*T4foTwXA9lW7OX|M-@YfflSF2TUb+rnXo3Q@f^JBGx}((62)cm{
zBd@-E?|`{&9ne{>1G-fn?8`5^fYSAO^SK$W=XT)1KG{vXcZf)kF!(}O5J^LZe72L_
z$n3@>MVcEy(F>YIUi&wz5N00Pdv>7Jr*QfO3n7*m<<iCi<rwPIEDX7o8}WlR=aLHM
zT&m{m+050K|GYI#?h+TSu2_n=diC}_(}*rzEgFFc5JDohzF<;_Y0aD+9ypEAAF4+h
z!5FGrJ9FTkcjlKAMp>UfJl~a>#zFvjx<~?YuN#o*)=We5oq$ZD@I#SB69(tI;9Oed
z(-H`S^>=;>q7Vl&x)@kib9V=mE_{c=|CSC;SBnQtMTl>DhJ|=}8o}OWsBVb7ztY9V
zU4UPKQ%2V4jzFFI6nZVUz%yl0h5N8uxxddY4%aAN7wLk1Z4*zfVB#bS`)n+8;v&~J
z9Z>H*xi}<X{Ff94*<LknQTZqGu$t&t=tPYv47E*^Ucp4i)I^6vCwh#+aN9(q++TBY
zl|Z`f*Y5dr&+lWM?#nqI5<u^jmIQFoH6RwYJ)_ysO=0C$iIuZ0tQ2x_x7RCFiW<St
zl{S1mU}w}W#0&^D9A)F&!xy-)B@jvu)+ln2V}udH^>Pxpm_X5V+e?QoC}+Dl8Chc^
zBMaPQL@j7njvGHG*xoZ>LHTHPQBAZx$BmzpZ4>paV4^E(qAfXY{G4K&sF(X|uB{RH
zxvcCbAc`p@4(4$zjfK^187GKK(7dy{t)BRpgVI^P;Z*XU6!vl9_FYu^7ktW;q($1o
zJ`}VvKeZE74utpgfKVdK`4Pi^U>;-0Z`t0>o(8e3uSkQyB7C3fmiev~timPaf9iG#
zzf55hS90WY%R4K9h_r%D=>GbyvtA!M>ZtJE>8UaEeZy~w=lG2?-89|2al4OL2x$a&
zI_e~b_7+C={BjbT<-xjOV}Cihjxu51)eKgyP!V|f737yEQ@CuKeL=2^_pVuC-Tp2&
zJP!!NY}Toz++5;fc~*odUrId+*KJGrHn;q<u~AKYZApj{@k<J~Y!l6{V4^K*qAN?>
zr?tycYoeJIOtf81bTM?IdK9|bCYqM(I<31_h|_xP#yxYBVLdEvGAiGLn;a{$xXFn8
z^7Ki}WcJb;V`2X@@=QQSMm~T|(fm~8e5KcOFrrY3@G^xtT@3SpY`){O4oHu#@}#Da
zSm@b7gD;WL^oij!-}(nXr7;w4RMH_e1p+A|VY9$Up-d<7@SY~3OS(O)iFJ_=U<WR0
z)>nEx`}xL~<@B*uv8v3rifO$Ry@-39%YY@HYkU>oV6;*RMk~Dod!zZSIbZ1{0aoEl
zvcKYFg#+WUdXgsS-rkCO&|kyKkynLpz&WD3@Dva~^bpRB>(_#ebb_Jy<7`k*Mgb@`
zP@Zj2xs|0+G&|Q&Zk8=8tWXK*SXRcdvCAa(hOuU<_%%6cVV*f@;WBGd8NtRUMQ6*z
zl|IexZFx<2TT<jt;gOm7WuTlfu`s-20B-siNG}Tc6O2aEeNqHB;~Zn6^a|gz+UI!B
zD`L#+=6j}hcE0D&a0fkU-8xFwkMrhsWP!8VD!-7982dhKL|tKF2hWElBm3CbS%0Kn
z=*>UE_jq$uXJLKFB%DorjBwrA+)Mrnr<YA^YSNni1?5)^iJ@?*Q11M;=H;jZjVWYU
z)AlKFF^aN6n><nwCed99C+d|Oo0rcN9-%PJdTaLr7va3AW?I+WnG60fg_+iqUEELJ
zDHJ4kNtb)Jh%UZkSwzn@cT?PfO-+J(ws|D>JES8XB7F!Mj-haBrA(D|6?HnlNEUS(
zyvkP8>DVH7QKz9w4LZ8WUDWC8Ro3YqnB!5@smCg__een2bV_#Cbn0d^;~@sTP2uKR
zOx6|IkF7AxF$MoV{)MJ~L_x8WdNdO!_GR0tj)q$?0epb8g}$1)xZ*QiT#SYDoi$Pw
za`8~+bwFp{?_n4IoY6sYm5EWhHxN(0B4C*IoCU(YueczX{+s~No>yG(8}pnAz8<f-
zp*QfkP~e3W#JXnL`vMYnJzvmFnl`U8vqR{00il)-2wiL^ArwR5T;(w6vLHvI%i5JT
zbeWOkMwj&~CAv({aihzIl@_{e^+K0|l@+1ODi3s7D9|Mq#<gXN(q?LK35A29|G-!w
zgvWu(4nFXPfXACAji1#n0Bv;gUr>hr>VBW`N4Yv54g)4i3^-`RfZ=WoI4m(>m>UC*
zSQwD^iW?w1o~r;J-!^lBW5Wvq8ofI+{xyGr<CQU8x*h+TP+4bG4=K_FNGx1v&!k{A
z=05(&_wDsWk_f$eY4!rqD3r8?wN<$!GW`k$KwP^P#FW}zB3P^Y^`J)la7)N7x32|R
z;v-ygQL5d7Pff9=E$r%Rpf`8=7Xfc5_iZkqT-MZr@~vhrC|_$Tm5F99C|_@CLU~Ga
zH<W*9T0w)Pw0u|Lx#LBMbTJg33DcW+UNf=m4KG;Bp6XuqCTZEvaxZ)H3+A#nHFGa}
z=?fJg$MPkvW#=ySB&|_!D#}4kn~SsYii1`xj1E||_*`dAQPElLI2ApJ=WXOakcz$s
zg&6x;^o5?t*V_C3Fh{6wt|TpGD{Q3YmIrCMW@?Kbq~*Fzc%72#L0W!TQDJ$(G@GHM
zo!sR$HgJvkO2CV>g25ex?yr+-aIU9FUFdy1hz5*$sQfcVTEQ^%kKF0xF-&>kbkYj$
z+|N~p5pCr##>CS_eGO@uP}lLCT<mFtA=Bx35|+o8*<d*+&kf6yN}wN@=Z57eo6No-
z&jXhGmQ~bIZ2BS>D0i&lpyb~*wxdqs9w*gc+Z`W%YGRF0^5WErh#$I1$};eJP?vX=
zN@Nk5o1D;C)|<Rfb*LV&WbXrrpjrRWNgS-gzYG4sIQ(x>4&mFkeYioxZit|hhw538
zSQRf$tStavIM<_FW})oPIwOgkM%rh*b}g7HDW@crwy*8ZXXK0bLqELK3T|^1*-zo-
zZPA+;sd&MiprszK?WjrByA>=$9c4vFy`Ij0&b^<JYOtov7hog~76_x=rnZb!g)=d_
zd3x)R=V2=z-+5o?h@sP~$SvD*%_mBK^t_INt!en!rGJ==_aj(<pxuN@d3Bh1A0Ke2
zy*c1BScA+Zue}(MR|QK!d~ObC3%gOFp80u5P+b=dPJ<|7q{AQ$Hwh)Q-TpAdWp=(i
z5L=6E2V!!*`#@}0{-;U#?gO#ImPD{N->b!5QAKjg5}R44on+KSE2P{q><jbb{|*-r
zI>Xv?EZvQNf771XbjZI!ca%=Lea=UmMo^9UoQ2?O9EC}}3`SZd6F=;~7RsbWBqaZJ
zr>DTH$-NL6ia+O=F|`WE!UN*5E7yX$Y2`Tmc>r$s7*-Qfn{pX9Wr%H4<Z^L93e1jX
zB%X^Rv2gY)hN`V&il%S}XXw>QZ=_WAYtiM4YQw$?NK?*V;5J%WdVHnV<Lex9A3w~e
zZ}`w%H@pYZ(2MPvESmyl(UOWMLeH+4T&1dn4DDgGCVn_~!{<R;u3rn<B%_n<In2`T
zW9Il){BceFL~*(=Kb4+%*`<X*%PuyF=2CMPQg)LP&Bf*}l<aOvG-F%15wa{$0X`14
z>AbB4I-V<31UimGa9I}(A((e3$iH|UCR4d}Pv?L3oHYg3oI6P2R&^1LYS4=Hxt%z%
zdZZOBB1{enL`OmP(x9d)pQ!&?{Y7QKZybf`T}1nZJ3bdZj^j52@}?3>UFI{(f4ivz
zx(s^v(gJtIhQb-<toVr2og$oB@(?F~^Io%vMd{ksF|&=A$P=!~6V6G++&+e`d^Cce
zkXA6SkHJVISn`h)&IJCG@gG^0SZMSvZ2X)*yA@+I(}>P=2FIz+7@Xl;ttwpUjE|1|
ziaA0!AseZNEJeV~?BTN=<=@byl8%K);Z!virb7dHR#s3MZnpD2b<Nh!d$<N8dx>`5
z-(OShychIxcV#HJ7FuJnu$Q|l!+htc-%(iG%k0WfQEd$Z@Hbs}QWsBi^ki7SOZH^=
zZW<;yRZw7K@h+=0WND_e_~g(%R`JO*na14~*%+}$7I>RGEu<dha@$K!WQO*f8M8-~
zpqz00M|dJq38BeWsg07+Rt3r}(>y9r&fMj*6;J7REu_@w<zDWNLS39&_iq&L^fF70
znxn2<4Ml^#y+hHU+zpnl@|#l~8{EHGZt&%)KceZzbsOlv4cYI_w*8)!S$?t6?P_x`
zP7T@I?#0#{re&5}Y;?D|(+7{;bJLBqbZeu(_S)$0Z5z#>o~Y5*BtvsFrI0nnRcY~O
z!ZhU|6t4Twj9{e*Iy!KaPH`pxJ^_Pw%Q)-vQw$~xh4$KQYrm10ichYdV(8)1R75*A
zlPAxg;!#>+&u%L%!`54)EVKOH8h3WvduxoF?A2T2;y%yb8n2{cDbig6eXurnW(B24
zx9w4V!80o?MH=$N_nDDY``Dp|pNeSsPBr{wM8kKf;U^**UcASrwYOD%Ig+WWd{w3}
zTFh06&&51Sh6Lm!d(}Gtb3ly04@dOQeQNljh=%W1!w*I@{D2yMAfn+1)$sk95tKVQ
zx(7RL=&}UBxJ-kg%*RPau}^dL!|}u9Lq0BhoEUE~@(c_%7(BvkT{cD^!Y&(ln^72b
z=x)1g93Su5Wg|2{Xh&8#Sx<E+Oe#^WHuB4S5#?%6F0tim=SA{RGYXj{_FQe9BvaiZ
zSG#+LJy*NiK9#F|d$LLdxxE+Zv!Dp)GQ2XFCSlQL+SFSC*^ng_<9Q`E#keTTtr*WQ
zkqA<l<yMRrlvpJ1RF;Qg{7s3px-pyCt*KKL**)21rOe#t=<2a+a=2dF;p0(V-RGyN
zCi)Yy+z}YNN-Y26_Q@{y<xE>M`mK{)-ojb?WbckaM<eH!DYjO8@5oksi4?vcV?}5b
zW_d(t<ds+v8u?kS-W|G#=i9&2rzIuTC66YNkKu$Y7CTH<Ks;?yxh52b3%S%!Vb(N{
z&N(_0?Q&9G<w!;wOuhkoa|q{S@iapZ=vMg<PG21TLv%&}`UH^(?DmOBjm1-pfb6s9
zEFQ9Nw7b=YO;!x89&+^mWA8h_qq?#EEgwr}029oRO)%J&DS;HONj6)une2PJFT44#
zlTcFV0Rn+!8)<|T;F{ihF&Ho%V+g(X4x#sEnvLl_p?ChDj&#e+y)$ECNcO!i`M#K$
zJG#=*(b3V-(b4aSPQy1`Qq>$1IHwiieL-!kmKbmS^lzwyKh-jRg0IytAHxgy%bV&K
zXsLd934Hj&|DfKwaw5V85i)$JBvYD&XC|a-`M3zhBqa8vy?8@!w#m$Y0Vc?64WDbA
z7KiaCaBJJo<aVNL<yKZ|*g#DUG7g|!Amapfj!P|QTz4Xau?MU~2wg{qj{Btyt{X{;
zw~Y%EP@HM2xYKAyhJ{;3MVrS3AiKZFV505a_M=1Re7I{=v|(I;B6xwpWLrft9ewbM
z+8S9WzYDA=iNQ2mMR!Iydeb2X!~YlN6*%F@(hMu%h_vnk5{~peU?m(mGtR~S?tj27
z;Ye-jVceELU#8r=J5B-ZcQg!#-hQ1|X2q!kfk^wxva;}V{aiUQ40@%f))o?OV6sm<
zfmp74(^HLa8jTU9P_O+PzK=j<5(5KMHDik2R(Qi>6pHjg(`HBIvSPoYdA9%a-Ny4#
z_UAMPy6qDR<(AG96X`+%Lx?#sW1w9sPlS8&D);H*(#6zQP=~a57+gMK%Y?o%L!#pI
zX0*PjB>`6DMHm;2hKSd&E)8z#1ewsAD2<w)m8zxq6auhBhu^>73Vn!Vg#MR=uKu(7
zTF1u~i1eDA2u%T<FB)ZmNUzTM$w8#+Fjz1uwFUb4a#Z^E1!7wK7ooI*JEHvUaSBns
z(*YZz{KaujMENd;FkTqvM3nD(z%o(>k9UCpy0t$XqI}QM{@&6z7+gARoc~VKxj&9s
zZA@>fb2zSZ`WkGFM7ZPnkVgb-io^1}2p@`z*cm6nO`RvwFJMHZ<lD$2c7*j!8L3JF
z>8J8iw1>fsqe`+c8u`L71?J9aY+_{^1DS0!+5iqlqL>XnW+Gv;7TibcV?sAE4y*Gp
zXRQje8<t8!CcHn_h9|<^2o1a(PUxK0gOQQw_Wm|fGsNx2;fNIFWj{2+61Oo&eh$p?
z?}p1H+zXFNSn}biDd^Aiz>++CvL_=IyOK!j!6@V`j6b3j$bk_uJ$wv9*aa;0GGs=g
z%4q<<<C53KAx$ED^%cuA^83mO3#&So!O3B$zS2dpSn;j4`X;`f7>0)vnQgc+ULF{7
zEQ0%@BAIl7`)SC*>9R*>q)9M1J=F(yBk<Ar<5E5L6q<y#h8_efJ99jO`}}alMekH{
z5DKtkWU8<ddJEb4ix2&?Gj%SJtutOru_IdtL$q#0Xi>N^O(9x$-6j#OuTQfOt??O_
zk%-n=+nk8jo2LaLTF>0(M6_NtEfCRq@wOj@XuZBc0HXEMBx&cYY!J>bJ0;0<qTQ?O
z=cVgV!F1Bys{5cm*)A2N*KT<Of2ZACtGTOn1N^bQDkvx2l;H&iKHhlL0zS@Z;It7k
zl5D=%A=3hYtWR!p0$KN-76@eh!!{?7b;oIeK-Ran{U{*o?hWj|*t<#6y6n*40o}0Y
zEPgNZAKsPL@Ghzw(gnL#jb*!lvAk;4J-2Qs_v<EOU@r_S@W6IIW)18pmw`QK4J?JU
z$9xL6#3#0zD|!<CFn~+uUDhq&l1o+na7%hTFU_2*RV~z#9?y#vXY(frdc)%r5u@=I
zD!uM9d&Y+1lEveyp;4(Af1rv&396P4&)4whW#KXTDV(7SkIqlw5zqVi6f>$>F2$TG
z(xW)K8V`X%JVv!PJU^|CRfUJ;r|>vccxZkKk5`4$^HVre6&{kG!V^^C!PWAC$eg7L
zr&SB@pq%_X@o_U1@b0Rd`I@06znv45Bg95M8NumGP*MvjPh#!-lX(DbW;*2#(9}Su
zNV}s-UJb7ZeF>fo*^apxQVx@>=WYHHvoF{c32qwbBiVY?39xEu@IV*IUQQBAD+&{7
zV@Q-q{zH(6uMHFIv)+4OLLj||=Oc@YYkuhQ<Ew=}VHm2$b6mCXsPQc<MA!Ws)18?#
zG=X0W8s65Rhz4I;&tHO9#Ph%5$@rb&b|}~0#}un@_lCBUFz@1JDzM&oz<y2F=u@y6
zIWi~J9Lz?T_Uk1`2+gV1aDWq99A*tiw6BhqI0(Y-giv9)5#9U@kzh;{-z8B5_B|66
zjA`LJVZoRdJ?jd_lv~5aTRdHJ2V)xdg|G<^7RJ5Egq9fH6Q7t!UxPCk2b2B<iogwz
z0+G6abPotl_x<p6Uwg(i`@#6PT<AVq*`4mwNcUi*@mx#IB6~bOIxNYaWsp6qrXYLE
z(?Q8z{cc#YXFMaX6a|od#*OUEAY@N%DahX8L3Yph(#Gyw496SW66wBBNYQ-*>FySs
z?rt^1(tYk}8CMlR_q4ZN=sxnCJKdL&?p{dawJ&Y#9)^!jNwNnqMfUbOg6!!}1tmML
zc383pR3x;jlkBcFUC8eGj62zzz7}N9X2|ZX-`Lo_5<`Mke2sK(ql)gdx`OVr6@t<|
zp-x!3w>;$vt+&~Y?p05_)7=lFXD(tS&A?VRcHhNEoxee{dl+ONK(aG~lYK5c+1;M<
z$Awp9_pjwb_Pt8(WbZ+;CsAZ~b}JjZ=TjMChIFSznc#WvG9Sj>SZILq-0WSZsprWS
zO5pr@qMPf>2S*89UpH(&Cs*)Snkpl4ig`?@JgsZ$`h^h`g5?#A%a3)@iY?1vMg`LY
ze5<DIM6dtT#3&iyQSS7#TpCx_^>=ZVWiZ>S?0U^WZ*t$K4RqZcw*i?U2P9te3)+4R
z{*pptU}q~HPhW$x7(|)Y3Wp%KXlOvjTW<+gcc~nl)ji${%jz?g{h+c9k(yD>r3X1x
z+(qi@XF{ZU#BdqCMq^;m=e&#%sdNmIJ@Xm%=er_mDvW$b5T5sJ(5W!}?XYyOdCnC`
za!+*^x)&z9(>=6>p!-A-oC+CV*rvi2ysXow1=8K#p!*oooe`YwtKsQx`<(O?2hcst
z%^tWK#2&~&x<@08d0*Hx&oq3rOOic1#uT5|nU7X=nZd6!O+7beFpY!jqX?l<2(wJ1
zlW57x_&1S8v1A&}NQ$VtYmRP*D3-gj8UZH|(F}HLR>*b@f7GLBn5k(fwd!gIff6Jt
z5<lFjAw7=-I%)WCz#rD$;(4zcVR?Q^^XGXmb<(XyfI7LNNo~@z23OxT<2#oM;k;%l
zgr#rVw9DETi20_!c3JU)<VWWk4(;;2RoS991GUTQ7fkH#s&3HT&%0}vX_y~!&SyMc
z2*{{n=vYlK91I~c1eAmc)$KQ$39ShGl4Y;5sv8+TwkE5L02NzMFN42oG#dV(oI%&B
z@sNnZi>sKzakQHAKwyg4rNe;gV$NMi4m#(?RSP@*+pGBNIGO~#M&$$U`F9L<RtZE-
zU;c&*_qYApHJ1u~43_J-hxwEX_V+9<=I8Z~(E$t-3vsDemedk`TwN(>AGd@zASXO6
z@014Ul`C!r<nSN{<oqv%URhTN_2HtgZ2E8y1|v`T5*5oxl|KW%t1akWSTQKw`)Y-y
zJEM|3-w2@l-a9UI_kY%%?v-B&x|c>H-D|$K(Y*<8!OZ&#>E3TxzCF?My&Bx|%?NM#
z?yE@Xn@+k{z3W2v<{*}D7qonDqLthI8=D^Qf@I&3WJ`Gcs7P2}Uywb&Tu`$2*9%Mb
zu=0MEmBh?XpWqI${|<xg`*az=jp{)b@8ecn1$-ZHl*cGgE5s_v7Gm{%Et|&7sH8l&
zM{6mK*RPU26~?aGE}UIl(Uu6qKZj9z8=D;5z$*YfTFZ&IFH%js-tP&HUM?Gyqa*8w
z<>;Prt{eO{bzI2Z_>{XKbi+{n>waj<lJHJQ_`TLB36qJLx?|IO0cm7rm6c1?=JyQM
zJgKZL`O+Tj>9@gqdNO=ZdzW+FH1(?M($fw>db%BZIt{Pl?b4OV)7M}zK3UsFv+(e@
zHV`DwOfvECbKeWV!@tUTd?Jh^91f`1nZ6CBr|cr<<?%tUh6WsdT3G_83v*-PdxQCC
zwLpt{%iE&KS<eNxsB^+w)M=GnEz?eJmT8Y57WMki1)Js-<r3^X22Lx3dJW#>So%5g
z>6oF2+oK}BA6yX+2(O6qD!D4O1#XIXZxBU%7Z;EYxLCCP+NRL@;iF4mqC2pChD6@E
zorkw<I%OdK|N5hNA!pujbO5$RpB?o;#|(MnCJ#Y&wi?-;XlvMrpJ%3W`Uxy7F5cbP
zlW_VHTsf*^WW%n<e1V=p4};t-(r?Q-{XK)uIXa;)i%qWJ^32aQb=Z-BSqS}{gECOB
zbCT$2&s6EJd>_6?hh*Up4oNAI{kiGI#0VKIubCMM+NEmp6uCHDA0{sjbv&w@-tw3V
zGy&RW$eV>R(EX?`9j6-HR)uVyQ@o$N?y(eMkcl>;;hGE#EXiPDHJ)#H@b1q`bnt6c
zB{+EZ=eax(!lx4($d2tv;?jMaKq)Lk183#Of+sga`B|0AU2PN6%LZVDmxQVBg-%Ct
zv#e=6X1?c=jsoGn$`bfj3YO_-R41Vmdpu(UR6hRhLjYRs_l$*U`BrF1%gQQF{apu^
z*+8q3!EZU>EGvt}clUsT97bYr>zxZ07S7bSow2Q3o-;#RC%^57g|kDQgG_B`Vc~4$
zBr!2jK?KfdXoJGpu1Zg9sBo-zR<v>bX03<7^}7`<5V?0kW5_+LAmnN}5#%aa0CMjH
za(&mcg6pRT6&$)*&Rd@bU&<NV00y9$_rq73;7uVLkoBaRKY};@uuQ*Yu<2>DUpb*g
za+DIu2{j$e*=kjC&>@mzQ6z^BEI4yat@fp+n3IP~#+WY!b9&pEbFt<_5S%Vnx5m94
zk~asQle{_S<V|<0lF@Gm^5*b!f;Tw>ABEs#Aa710Z`McKcr&}!!w{U6)`U16nmK8T
zIWwHIYK>LN2?ul1kvZcAJqp3uhqG!j&MH56_}ld!26JwgGy65Yc1Y%It*CNG*K;uE
zo>j?|+76WYih?<3(;o$M`r&@!a%;hyg^@P2@m2L7!mOHQb?ZiG-gHsCSzbQ`3jB)<
z=2|sg4P9e*RpXNSj-(q4tV%99xZMl6J$)!C=$(;u$E{^GufB6x9a_#@R&(nIBEaw9
zVuZ>G^LZKLmdq}#{V-&9zO_tV4!unFRLkU|+76jrWL5ILW0~xO%jDFwM<KHkt#R(x
zLS}DK+l1~==OM`K<)_SU&3`u}Z@zm*Wx=oG;LSCwk~!}N@@B&`f;X4b9>q$~4S91L
zc{8T4jW-A0c?i52_N>{hzBNMf=Ax!@f4<}3%?PWKUNr)Fb4e4t+1US4@MZ=^8SMN*
z@aBgiHs17n`(aF~GtZg*T2U<|bC#-zxNdJdm~-B$WNEcP=B%h9m~*G^qnK1}(UH)x
zg<#GhkBvE_-hCL%*<<Zwc88XnNlJ1uoZF#ntCAfK$(e$Z(|5q5V9q%Vm>AMhFlUZk
z<E*RmFqkvd(iV3^tDN>q<*ae4oEcUnw;U>`6RMo~gC7NRR%4jJ@^1ulPTEyY+B*+}
zIk}d)*jPOzb7m(iKu4#}Icin1u6iJI<|PZ}bngEsm~#zvPH)sXlkGZZ``ZseACI@R
zMd#4Gxv6-w#i??#tV%jKcykANv!dUl(8r7Lbb5UY&GZ!*egbLx7>~J;sHh(XXjPL2
z$y){GUpWSgDqAK@)sXz_qrxNSzZE)5(Ne3%^Py|(uWFq0mSaR#Se2Zq8aN_@o);sM
z)wjS9$m71Z?9<L~IqlPHl}-D!<6DjdCObGO6U@z{iC<_HNQ=?T@j6+fz{;Q;gFc$c
znc<<?dsMOaSdGvF*59fzJ#>vHRE<Y!I0kHxRY{s-z)s_U?dtPT)k_(iL0K41bMP}i
zH+nZw;xkTLLod8hc4HX&)4Lwi&2KSqFHhH?EB=1V_Iu2;&=IdjT^}x;&TWtC8jnw;
zRiH<4pNVaLrE2IL73CPTf8J!t#Mc9F?(ccg{BgqT;gTQidr|WJVpWF(g-`g%m3zmc
zX58zc-8-tab5))09jlVjp({D8Dmh)%foagos$|6LfueHcMZ`Bh(6hjkJL9r7xqDS}
zPVS3U%*oxOTHxk$3)kGI_EzP=ouQ7^HglekM61C0C=F3ie=TR(rka`)@Bu@7W<RaY
z9R}3pVX}B?KFP476|AMZW}qO=vpjBVYla+>1uBTIcU?!Kpi@>0t3p?@SXI)au0uG^
zT9quX=}3Y2G>+@t2eiLjoC>#3TH`vcu5(;BS1`wQN?kXnLcCDSS3%=qHdm1BUr{UA
zcrB}>#;a?+VB=-!XqEfsLU}7uU#-9av$+x%)e6b$)s-Z#JJfRw*k!AQ`JpTMPF2#@
z>2kYfRWhfRV~bu12kg?2hoQ7%q2ozJYrNaaFblh5T<5J;e%B#t)0zwxiHTcBo{d{q
zt<;g`OR(&d@b_cP)0X)7@@l#oH`S}ac@3}a{mJP2pf?@KCd_qM9h;p|5o(932UoyG
zqB~0(l;%xOHrd?&&5&btUNy77x?`+{Tb1;A(~$)11(`~)cY!C@<R7fbb+5W}a^2I+
z$#ti?tH&-u>c=?^xxArd4Mk!CX4jwpm`1$}M&L1QUWA%mTdMh|Jswbnh*C4L)E1*u
zUO=fl8Ef}AgD*unk8$U+x~*7Xa;?0xD%n*GO!?C1cDmvxkgqc6cfx$*UTdG5=h*%R
z-hJP6T)rYibyXWpzC#<pMhxnh-$o|kx-;CCglob%vz1dVZLLheo%f-ZPP%5CH{Uq?
zh3yT?%M<v<fHUSBcfPW{VI8{#zR~ug`9_}>J~wAc;2T>`n{TZ6+UMr841D99)$_6T
zo?AYLz&E;CZFK&|_J-yA3w&eI1@nzv_I{W<FvlAimYiI&%ZYW;6!^w9Ydq5J<6-T9
z1K-$ZjmJFucvuHEfp4rnWxlb|-gC<Z5%@;d_vRZXKl8a8&VDcKvW9%o=hh3maKxv7
z?zdNsW-vpduEEwCT<j<UGG~pxtSXCrnZ`ig#~Ri(8iOK^e(Y?#`$>EGu*=1(4DOq6
z)S@xawH1$#rw!mfmhaR`nD|x%OH)`GBi4}lpNG3xI3$VSTcYpHU}#bCR&I+2d21Yj
z4aLN3(?1LO8p2#;Rv;l@r6m-`Od2W^lq{3c+ON!;vP^Xoo_g#zK9j%?;R1H6XN&Ok
zovjc)BUV<FU)z6`W&Y+@X8hOT`*2wgomuO=?lX;o58)IOedza1_&!`NOTxB&v5+rJ
z?w&|kl<HUJzhs#|`<2NHGY;ur8-1YfLq??N!T~+M(iM+kR)?v0YgnuB9pCb_U&m7<
zF>jj0Z1~b*XhS%G)C_naYCeD!9-LQShNq^RKQ(ViYO0yk^!dt8&9@-x-O?ui)FjZ4
zVO*4WYftM3=|dyvTv)tyx#fer)dbRU9CGt94%46V>v>h#^BQK)Pkm$cydLZ>BI+IY
zMfiGGSMsa(by;s!v))~P9Nmb$occh$Yzp%ViMLjM6`q=f75%7rRZ{bsNzLJ}Eo$mO
zU+m@SFCK)N1~4UBytV1;2YIU*+`&HF{qjNH`VcN*TU{Qgt&d<Vs--<))lw8>Jgfd~
zE%Vo`iSYk-hMr<3!b*<}0^HxLri9JB{IrFd*{-GoH1n$3y|=CDfXux1v>81(v8EF+
z^VHK}fcr;Sp-?^vmYG{w0a0b^K{62yt|h5HUCE-lM=b}{XVn(Ado2gm=PH?0&#L95
z`f#N%RA;>%NcEoQti(DS+DKTau5GL#xEpK;zO5rWv->HlGb8IbI<xmFN$!X`j?V0R
z%IwT{b)22q@Kl)2EPgkzGb^7_Lol{=kRdo*Us64&oJDm`eFxQp%PBP8`VOjxlryRB
z@}86G?&ZQzeW!LH%4++Hj#N;hrhzmF=MO3|8fO!uZB8-DRARK%DMk}4F}mR*M(N?i
z=)6OW`aP#OKfF~C&W}}`KV;+lU?=Bu6z9{NoX@p5zpTEK>K)-YKf87y)f+0x#4nxO
zU|xiZDqKC0Hix;m+1=6_L#Y=O3X<4nhtfk+ZF*>}Qx8p7dT5PP56!Uj&;=JgG&Y<b
zI_l6v!zx>u2fIe|5ZT0HVA7{N5w7bzk=BPJj|mk%<kQfKKbpaiXMzZ3hj%46?mlC2
z<N7-eZroQ#+SlH3aHH+BCO1aD>*U6zXToq}V2wa-oYCYEA8pBP+oCNo*uS=*xrX=4
zxp=TJ=BI=SQXRrpBLCgjO8$GzSgB&*QY*C>#?y~sI$C2JT8Cc?=a-ZJ9$>P@MX9RB
zPvE9GhUZ#oA#C&*INpM*Jr1o0nYhK-8D{6^VbIer-}4W~p7L)r2KIi6vHT5SdNHnO
z*yz7UamZ0Wi-!7e3u(Cjd00WZ^;8f+8eLloQcgunkOtLu2+|Q1@HeowLy+<+nu4^X
zwo{OHRSY9YGv5gmq)pE%4L2~@^8USA5&PO!#AD7CvA<dok2+Vx0oIDxv#yisPT^L>
zb~OX3zWcPIx<^zHs@JJWJKr{G7r*PEdZC)Mi{5omz33T}>SHdGc1pNOo9&pi<26O~
zbrOW?*>6j#H$7)jo%ObZ>MbfddBWQcs<%F8QoZeMC)F#S3q$pqYJpTQsG_Kz@l6n_
zPbj$_YLn~zPPrbg<T~3a*BO>vw|B9b`h=6~>khf@V#xKjU=ngu@w$tR*XNzQ?q-C^
zJ9*vR;`N|+oK)X=HVoC>s|QkjC0S8DA~gurOW%=HuYA^`dZu$RTCKueXE+z5HP&LZ
z--YUV;i%r~pn6)ewKQ-28kgo4!4jQsZLJn8+7K4vin1ghE6RmrVq{et+sjJ-^$CMH
zmoZfq-jIud&c}4aO-Mh11?Zn#|1qbZz&zt39R?qCJF08YfpD8;v>Yv?)zUJ`DjLKx
zI{KDme@11C{d?bXuz#ewce3X#2m41=HrapwEhqc?R}RDeD^&vx?e5RJ8rs<rLHf`~
z_2CCwA38Yua9Q=Cy|WKjtUi3}(uWh_`Y_7Thr`di=Z(D=VOj~8W#8$l6MucQ0Sv{h
z{hhBgS{yF><D-?=XanfPGzDJd{2h7|%@l=~VFQZ7!q%E1XaQymjA|zSaM}QN>Bik<
z_omVdY3fp_%kNl$d3)c57R%F3>tL#AV6Z#V)uI!P?J!QK9CejL0Off_GzFa!gqS-f
zButP3%T4&CAO%jD=wU$$Tr$zz+!;0nubCeHB4`C0Ou#H>0X%YjEQqX+s3v7SuZkt>
z{i``-{g?`5?pMtr>&GoHkA>BovYuTfOs?7~R&Y#hm6>z<i_&<%|FO)0_ZVcM#O=gW
zkC$N?o_eflrD5L>n-CT5%p2>`6bPEz?*X@KQ&iZZ{~;z8a*u5^&n=Obad_Nx^0R=p
z%BW%35*1_^meiHQu&RPJ3^VFFhG9(w$>`~I9mBA;f;kM?E;i)C3gOZ(Z?cR?O|4rq
zpH>+uk7AnHMV|-hRyG9b*35dcTU*Lo-O8-z=+?IKDsyx_N4K_@H@mf^p0itP%7>Az
z6;{Lt2CP+Ou%wcuO7D75mttORAB};u&xn$^wRjGQ@Hq+eWw;%Kr}{;L<w&ogvS@3z
zB-+)TIkZ*C`<?2}4B8f8()b!K`LnffInv*Bq)2~3jouxivIpn&#Gz|@ROe#k0z@CB
zI^Yo0RwfpPUDkaX9&Zx=<4qL(&ccoqt=t?EFvr9syd8ySoyDQ!5W<aL<83sg&{()B
zqh}n4o0$K$nCJwj#bIY}tA@k`F*!S_$r%fie$Z1m?q#{Tmz4*(ooYCf>pb}X8snPJ
zOo*Cd&xJblvaa&|9+zysm#2$$Hv<i;<2`XGhDmGexH7Zu<msFzV30)T44Fi<+fh*s
zv<LCl)pUDJy^LqLZuK~!+lsV3s{436Pc$pjY?Tf1U_Rji_R7W@&qRUI=a4K>!Vr+4
zmEFQjv3Jw#m33n3nJCcVG*%``gsp6Sw0LpqAbVxIjAz)*9cOe~k&xZ&h%a9DtE`Xl
zOcdyKMy8D&6qK?CObDSU)Mbdhn%hxaJ`>g0N^lwrH%?-n*RDfM{0a`=aBEN-Fd>%W
zjXk~5BAN69!e8LGSePik?d@&8PCd|8f?wRtLkeBwV;ORMzTYTpFrFdf)}7XEMM5&J
zcOg;o^gw%M>BcirVDMR_Uz7+tq$e>ebKm~<$}Sntkh1U3>$V~xDVu}BwsNq&vgO7z
ztZeBi-B!e<vRDQkP8w75j^C(u#!<a9MAn3{duEZ4WUavj-81{zE8Au~69u+hM23kH
zCd0~b*SgYU#CwPP*y|c+Jd?S>zt?R=kgy<i?ZiPF=Qogtjb~Wb!Lz!pNXSkui4-Ll
z4#kqU^RPpmGR&ZI>Vftd*x9wmbz8}9QiA>C%CY_q{`DV14K&nGE1fc)A+aaU>9!&v
ziT$C7DA~E6y|O#TGpy{^1>II8WMyMeTzC74@D$@2CS5s?{TC&|&WFiJ#YR8M<{8gW
z#xKYndOt^HRbUlv%1of#;5fN>UCj>i8XV&lFK^kwrGsNj<5h77coTPmH)%5cG+MtV
zC}?m@P`r6)2V4%0w~PQ8c8I#*2z7W7)`33F-O#7;UZ@=iG&l|@0xj6F=7K}bRe=%3
zFdg@_R33o6SOrde<#QmvaW~|*DzLJs76=8!U7?^5=fDml792&a3JgJ(`(s6OH>~I?
z(5*OjV>y~*fe?lgmcs%1#N9xj@ZPoqGMT$UCgZg^2gWIP!#J%1XQGh6zi>AMT^aTs
z6bX*DWH8`g8hwnxV}!PZPdNov$4amB+me))^omlS68acC=A)D)OEbUyCkkTuF;0sz
z_yfmVF_gjf=ENHn30EVCS7tz&UtE~&&r>h+irs>!*UMsPtf=faUK$Sv7D_BVC`K@l
zdBtoDWTwT0%}y9xiz1Yke4?aEuTcn=ttB#PMNCO=R3wdqHS!IwfzlZR3pNtMAgLKf
zcvA-BXX{8$aR&Q0$|OcbIgRx)&bZhE{f@!G)jFYnV1&LL5gA1^`Uk`h6SA?8_z*L%
z#~Pg=By2o`{R;{IxrzQQgF}Moml%=MYV;+8=&J_NJq6Lfl0;|!2N3;x28UNGz%idB
z`elRYD+bZM*62ja*_h8{mcRQkGR(f+XQJ81AtweiiI$}0OHuIBqWJf@l2(50o1gk4
zw<a*S8$)P0GaJgN&s;Jh$Ear8VzW;`w_@m2^Kb@_6Z#~yP+#SJ)=&MnwVc8DVuV&O
zo4E0*vx!c{R1^C?6-_(|S;g#iuKv`#Z~zQu%fhhfQ?9Z(&MZdgQ)UBaT^i_LjL^ai
z=BE-`3f4tn<wdwm<-w51Ntgzm66RGq!nvQ-W}Gu({E5N{`x)y9p{2Yu-s>Zb(>PX)
z5T-FA{?f-;N%@=D0os0c{t(Sz`D&eeqoQaWbp6=4un-4VWX4GpwP*(Iii_7htPw5Y
zrDYhQu@z|<_!_+k;*rNI{zgAeV<k995|)NC%}UZ3MrhGyv=QR|ar&V`RE}m9XkkV)
z`ZyFL8jS|bb@LCid;?X!sVeVb<;~yTQ@?%S@>@goTeI-LNy&~DtCj~Rg3$#c`#?SN
z%@2GuhSQ=cQpnGJj3Qea>wpc#Wx7RzEJR4?CCwFHv{yclRL_y6)^kaNn5MF(`C@~P
zznAhaR0<Q@5wHBQB$nPo-;!^&-Ko0)P}}~{5||2$e<=PIW(aJZs?iecbup0U2#P_C
zeu;Y63&uC0TI5Hc&`)WLh~Q@|gIB~XXh+CLQa2x8r4zYQaR1*KXLY3}JRyth4_4&&
z3{I}X?dhjn4pv|KC8tFgU|?j=DS|bnyxvkm&}d1vhyE9XBRg~=|D#2qxhOZnwcJ*#
zoCiMDObM>QX_?YS_tm(g=%P3*T}<#A&vi;Dlq~7}m7zm3r|1N3M3E;-qVCJtEZ8D{
z8Z$-53qFT;5Ta%_6Kv&_3C)@0rA0&=z$&TyspS#EGJT3}$FP)ev)6Z^o2?jhn<8(G
z7Q#m<=*#|EaC4*XwlXskYOzRq2#bYJPAfRCvT4qms|Vs6VnV`WTV)J~1Z~Xw8gmO`
zm&VVMH{LxA4s9YqYtbac^}HCdrrZ+CBkC?qwLi%9O`lAVG<_YBy6`LLDi+z6$rx6$
zm}tKY>d!u?zhy8V2leKU98_8Gmy!J0NAmX!7T`$U_>m*|4Rl|l6IAv8#x0hs3O{LA
z^%y<Y-?iKUdpV5u9^zVVw^@#9Vl;QIL<SOC1O<V$poLg$m<RC;CVl0yB6=9K%#TWQ
zTQT$XzT$a2?ihZ=`)c-igf`@lW)6j&L`v-QHD$u?fbubGT0GKOBMkDhx@OA1WpF=A
zMfD4le_`@Z$K*l`=0}t8DzGJHlVmW6J(9v62A};W4fSJ8Vvx_Dt817edfj?rovr)v
zo`>Uo9P(l`(`>vDi{;_3HA-O&<F!TUgJ1vB|3}b&{^<MfQ^D=W-FvUDaxa{#Ys@EY
zN(Lvl`dKD^?4UgfgK-N}Ti7$O`=wy7tWvOxf(;3M0+MReo&*|l3Xp^;8a73w&|;!g
zVbK?^(FDe6l9?w~rCXvU8FXA7!BwWM=p_0W++LK5siQlH=a`O*n~AuRXfz|W1*`8Y
zN=5HxOF|hGMt|3DxK-)mRS`s1w`#GhZqX`PT{QEmrmPxM#OtdUrxG<v;Nc21L$dq$
zW!;Vl(yymN1i5%w=SG?h@eqS!j0hv?H7^OhuITo3xSDiJUhE-JJQQ9BBx;Iy4-UMS
z!T#@c?!P^FnZevX1k)B2gAL#79Nng|1U@F#uQZyyPE~a8w9C3*=8&qewkP2<7Nd4x
z!DVTVzskg8LZiL3D2t<o;YE$c!e2S3h2akxR1)7tq>68O5!m9GR816?5kSc((c8Wc
zkZ4*0Jfg{>Fs~1q;jctd8V3h1>Xt9?w9OY-4CV{si?Ay6aYpDLnG9$gYvX()20IMS
zPra;Tx|dq=8U27z4o?yqUDAjmx{7axOxPUFV0}+QF#Q{n%;38hxlD={58D=58ONW1
zX{&7+$30wXog|r0gVVPe%zd5Enr1MoLB;8OQL$T5fvn8%XC<!fve*^Dp~5l%yrK^a
zU%lwmB+(3p_q9qU`l6!g<8btXZYC=)4CDI|5*1C0!hs8jOIHkXBSb6Dz@onBt&*;3
zFKlveU`<~KDdXHrp0|^df~549q~N|#5HnIVSr+yXjXncks@7={n5c_4y?8dDbKF!#
zL`IR?R(hAAS9L9DewQ)~4t6)Oa=ftOlFNR3YcI9mo^i?8Z>vX17+^f>vM%cS0>A9(
ziLhPrmr0iq4#@h2Vq`mmLBCV?hn^J8;?KPo>nZ>qzax#24Em(X%hVqeSto<`=v<9N
z6?#ucn5p)J&?F;?-mO&xwR&xu$l%cb!~RIwf}y|jMKRIMg|eGZGeVQ`y`r#m4Ql%&
z%HdTabKEdm8cwRB$!4;>^fiP;F<J`FFVyY&sT@kWEYn9+W`lw%h9zFN67Hw}jTo5)
zXJ6F=#65w*Iyov*J<haBV6v5s-HE~$5@TD4YnVP<yjg<5{yxM^^qq(Eq+}F<f!zs*
z!o*ELu3QN%AnkkD1Z0?-fLt{Mq=zXWSM37QOA5%R_~njWKsrhRv3@ZG<l=9CA_3{}
zH@kpb`R#v-fGo2Fq_>-ZT(ApB&j11W!4Qx>N<icZ*x^1nC=}%aEwzzyK}n{N$m-Cd
z=K0w{LvSd-*gi^8ANbx<kHBD@@qEAk^YO;>Y_k%=V4`R#2Bv(|B9SJ*YBAD6j{$?t
zk@B7nFz_@(>jD^*M(e^yt1^wgC0J5Jluh!|YD_FeOubtPQKM*Q!cu5AqAKCEE+e!!
z=X4lh&FBd0IUag}X}eTqDWY<-Zq;@r`Rj8`6N8G@SZOa!Hkq>yt&V`x#W|vXWwC-J
zL7__x*74*5w;EPUzLj8*E{CTSoa}=>QLHeL8TRw9)Ish=weA~?zbi<<1K)r#jA5|1
zo3aYlUd0(#1n%@9>Xh@8pvGKvOE7qkP!E*zS)?5e5P?u@H8409AQ@qb9}f_iP{j$H
z?n8)Ao`x@KC4<U2gL%IZ43);g;y@J@%i!`VrJ{N*)-?%HCmzwl?6<~FC2g^;%)}T5
zw^!l(e9QRp?jjtLGQ#F2k~*<*h~cy-7fM0c@Ff}H8mIqYFfoPDf13&9XdDb%9^vPd
z7%(G@Q{w!3!zlqT$#YD|ogV0x7$G(&ajYe}eXB6&w=9*=U)${J-B(;R#{{X*1y?+T
zJ}YLDH0L=?`V9%fMMg}X8EiDU$R80G=LT}I_fNvb5rJG>=f=g^ii?Q>T$Jlbp4dsr
zL~?&*uu^QB{)G2c=IA^jiPnQnXcK!FEVWAhiNP%)@UO~zd04Umbd=r!SRKWky88=P
zon3^%C^@G*437BCZo4PS7PhW&dklLNqs3uJYniF}_i(N^jujmJjZX$E3|yqUMk_G5
zFGu(4Qd}yN=@aN&k~_qcOLhM%4KWP*tRQm4C9Q*&=_<_PuduWak$|Ee1}neUIodaI
zQd`KN4N92TM+;Zxl!y_Y<kRTm42q?g9yFgQKSFdI7D@+w6$TTRrV{$1ict8q5n*$F
zd4w-NZ_jmkn=&}}8=sJ5j;0uFc%6tHnnqt?oc=c|s3ht!H$43=J9fJs24{_JRvhHs
zwDEU%OFwy~432t;<<)sbt_5HDZDKuek8#{gF8o49POJl?ox6-gQA%LJ7e*V!80?K8
zvi!tUqC6#QRW{KDEtR$~e)!HK`u;Zt>7AuAU~v7SZr-aFdzlcOUw+B0^NV|#o$vF%
zqw{CX&S#3wqx1q{M$*hkm?sRhM#>Ns|8V(D*|prbjv1*C;vywNT%>so_$lp2zWyZM
zTUwcH+`U{{ougSF#b8CUd_T%dC7{n|>Y5Yo=Ou>4O5J#d@5pTHQ4F${2sI#|(c<FY
zWLil4lW1-8#RwIZ0IMZf0`)vj8!=d1-A6sJI+@c(u(-M=KcjWNxH_SKB{aHxkn81F
zbalVHht08f{)+CrVctWD*SRaY^Nx8BVqG$K*wP*bC()LE98E0BKE#4MuS#3Q<8@b_
zQ3jt!E+ocPu^|?tPyQT?PD4hYK}M$`qt7Ttr-f$p$g7IcN4nb>J>aU7(MP*0M)tqz
zWc0D_7NZxrF?xjyqi=>~G=n8QQK_JIO-7SJ>{&SDv<OSWy^~mMV$sxwIV&Q3YD=fl
zdJHx!P2~)^uwK#j!w<SYVsBaK+f(|Lx4o!&Q5Q^D<nDzt*SPckYn(I{F1oC7UHsR$
z46(+EpZ*OydWw-O!JsSffGxWVJLJ7Vng0S995k%vBi6bPS9@ThYzpfy>h^HsVhons
ze1{tSFDAn(hg}XJxHg0Rg4<1nBAxgm56un1?|V_ooms}<$typaCyB78yF4ctOtpaC
zB{JyT-LPtIUkzr}U@d366RDHOM{?0&AMO#Va5qqB8ViS)+dP*c;q*Dfgiao{@ji9Q
zw(*8Ry+nuL>?NC5#@4F@IQ3hNmPWhJ%bJM}E&iJ_A~{WfmG~=?J^Kw}l6@lip^)9b
zx<&S2KeA6qvWH5t)m%QcoRHAgUclI2^&k5mVe@eY>##=<BadZDFsSRZIZ%=W!I-99
z*1m3;^LQ06UP@D8YHxWod#V+oPr#5Up*1;uf^ik5QUWHsxXNf8?Ab^-9=ygp#=xi1
zSg%HWgh~7I|5>rWDT3r_Eec3+6rpwDd=G+lXqL_stI*~!DT?FWs2#8HFeIo$Vs!VM
zouw0l0nrR@iam-~iP4tl3ob?p3?@}2G+K$#{mXhF^7-KIL`z7b(QryFQd=T5G4`}I
zOQETLIn|k$C$c1SEZVz`#d5-6w!HQ@x)o2N9SQUnJ0~eRhpy;c?N|u?mcW_bV#`36
z6YvP`{Z*v_-}8-pa~STqn!|43lD2)<b&h7cCM>$aoe80Ds5q?a7j>T@N8|ewLhFms
z<>9;Wii`7g1hX}B%HB+-(ac|Ab$=pbpW#|-PM;vO93%8i=A+fk6B8V}Ro~mkZn4-U
z(HEIUf5!-oO`x@4RfHzDmPf1L&N7A5x(q>y-eZKe;ItMz?UN<?+e-)=L6(r*9eGJt
zGd8U|;pU*Cpmn$+9lb&Q&HEP+qtBEP`3c`Vxki_13Cc3))06n{;ScJV?PItimPF2B
zdxRLH7VtV3nsIp*ZtBez48BqLWOW!!tty9x!Z^IVb6t$}=WvXOmroI&c>7{9N4=Ux
z;C6K)dp_Zh7=E=r^5;Cs$20W-ZG_4R2wHgro(&I!JQbGGX;yy1Qu?-$IxPk>6olIw
zd&IB=s~uB(GZ-)Q(c^Gwc?5SVF!WV835+5%2?lOb{_JzJbZ$g5*ei{Ji7O(wO-m*~
zyH8DwqZkIO-l$DKhvPW<u<v<}Zr~no1zJ%5U~r<lyp{UB&V{`VhgU{uzlh3DEh;nR
zs1ElZ)i?%!4Y+25A|%#=A0ax}$Uhhk_faw2X$0;>Y52XPSZ+RqzL7!?RV^zXU1-A-
zF=BO1gyt7ArP1P$y*QQ760a+--t^@W<mVTf6hml?NSW@lRHV$cO}2fW-ze}fV~o*g
zmm>pW#>6hW&HvFJ%MNQ{LXs2V(85##Px)wb25G523SRoVlHzZSn3%0tgeP)3kBkui
zLHhsTMYC7%_g1VJtpnvWPFulyxTF@*FsjIkCZfMq!9=a_aHcqv6PAdEmWaHC$I*jd
z2hY7|Yvwb5lDnv@GgAG0WDI)9R5B&RPuw_(X}2YUfQNX^7$32L7Iu%1>WtHN#I$^j
zZGN|zE(bcDw?q&(S~ymW-s}vb8B#D{MyhmZU)ZAN@VMy)wb4>P0fQY|#f&NnUenmP
zg{Ay=%If5Z8AobcRgE`gS%eoQaB5QosjZ3q<8OT$9YVmX(TcDrm5a}7<jugXL~fAp
zsW;UbTf40heol9Th(aczodVi)J<ZaT*vYfe37aD{6@ivLGu0>U_ZXP8IfBs91fJlu
zBK(7kkG~Rn=<k~N__TOh8=qD}YgTBbB$&`%o=X(PeMe0O`|heFQaErzh>{?~DkK!v
zyA1L~soMUf2G~jorC5u>IZ>>xy%^ryN@5x<Z=KY{GAJPiu(>9)5T(yZ<+j)`HO?iV
zzjz+aX$doDlz+0m$_x%|!3`(k7j2o6YUQWG$hKKKBDnGE2K8%HBtkv|F)OudHPTEe
z!+zclnNA7%8q)(SF3sSCt=TpH%~A$Sc0_P7D>>Y~5K*A)d}SEi?we|!^iP|S>O5)M
zENKyY4P(~bnx5L;Z(Ci4!5u6n!{cD)*$C13Edw!u<IJ;S6_wvOgXw1@%m^;&gj6(V
zN#tKIEoApJzQbViz*ItOS=$~N3z9Z9)kO{8+8%+M&-mIH;^*b`HE#W_%(!^0wiruA
zf87s-mm1Tk?TplXoFOkWir@F2kj-I?lr|5893gJ*uP--Vzc)QUt*zJ^p}A=RPf}2y
z)Mx^o#0XV{%v7AT`y&(+ZqG=yaHj%$Z|jcu=~FnrIf5u%F>t1ndp;``NOjAFPD_=^
zik44LO;IV~+HZ}Jd37<jUxz8Fwmh1C*#PhEFjA3in4ap)2N(_QcSgup?oCcL)4Dq6
zxuEn<3?^f{a>Cu8oEn%au<cIk=ev_rL+8cbsd%?$daA$w`eg<)Z0+0%XeXLMC*$3f
z_IG{KT%2ut_qy}lt~;g8H@kp3A%Vf_eyL{ixf9b<o!RHo1Su;0+_C8{N@EBXP=1;`
zs|1Dz4cjVZ4~|byMNeglbX8jNx7d)sb~8+gfqPs0r=+na-rwRctW3kr+@FXvs*EgH
zDV%=5;J#3IAL3r&jLxYJY0@CL9HHf>ZZV}9&T0Ay%uCg{Pl|As%Un<k?8jJMcKGm&
zR1}ksO|@V?DsZpe;M3QMfqab#Jyey`2Jiy*^%*VS6}}AD#e}CZa8Ji~yG8PR@~I+&
zbDJVW({qVn^xwrSjq%Y28l{{z;FNNW5&Ehm@JU#AHbSEm=8ILL1cUG7DnU6OT?Jb$
z1gDE9`!5)dqp1cA<_=8tQ4eeol{OIHH1!P+X6B0Z<yFD$;{_T4F;Nqs-x3SnxH*Hq
z{jjm`FGL6~-0X|rx?GIV&<Aj~Uuprz9G4i`kNKi|((4tiR!!IQwky+9<#}7rtr6C)
z<W!)(@-XOah~&vYh2&w-XKRFM67-$n5;WaGXn~M0!X0eJO>GGZd3#3$k*@6Dn5R<h
zXQaBFN<|U+nrK9M1@DTLz_!J9nNngi_22R~MgthQHA3h+SR#g|G<O-Wl!q`xmM+5J
z%!R~qM;3w;Yh-rPk74YV2n;;>oI#)0xw_V2yU^jK&#O(?=L|j|G!e?A(9humPC<O4
z3<}qdiiA_mNECteQfd#-RP!4&%HVD(+{a`_nH!nKjqM#+9j}mbt)~Rm$BRC%Y1LlT
za3jJ8URD1GmfgzWZX7XCUM_y%x8ExS{YuL<_u>aUMH14bwA||zl7Z(QPLp8$9Q*F!
z9R_nZ=+g2-$&velWpn&?4{tMAE=tw(FEwXQ;2vYc2DQg9OL=jslw+JeWdW9YarY1n
z&6Rzz=mT@};AOC>wA?$){ve1kk<4IGX)Bd~BfIUM$e>>$H-0<U=z%s2(F_J9O65D#
z#&)p}S#33V(yzg22E!87USZ^z0%!8hK4c}O-Tr~oEch1bFq0R^5;5vFhNgBs%Szh@
zU2GYz&kh*$t{a_$etx!nGbjeV|3-7rlZ{eGX9o`Y@Qvo6CtHI~%P}p~n4fN9AM+7q
z<e29*aT#+O9c1^I%%E2pE5Ul8ARM&>VW>k8RMKNPf+y9e=Qi;l^)##YL5*BZQYAL$
z4H4Kpy1*jv?O{s<?l*CYz+FEPxYxuG0WNRk7&o!X$lq5q@lz8OVQCr3#Fb5qX!$v1
z0@VZ#;A@Q26vthj-Aw|6yC{Q&W#lsW7v`h?&+qKaD{3q()Kg21MnhrF#Ya2@+lBTZ
zh4D?~cH&?evD9JUozJ?vFt>5=s|yJXmd6WbsO{>(hK}88VVKQvB`sYWuT&*7AANxl
z`ZrEr;Ph{r7)_sM=;^hMgGFXY&3#j8?lp~#Et@aI9`cqdy}EHeHk`Lr;Z^x5d`A^t
znV-UURpAx+DSS^AUY?)A_v8Kco{NLOgP|*JRle-Djk$GWp+ka-CdyBP9TV&;XPCmB
zRN)073!A1)9KK=2oeH^rr@ig^CQiQGktC(ShwO0-hUDtPI*_}!evSPP*#XYQBX;4g
zR$4rK%@b+G#6;1hwNczAe}+A=&`-{cr;Gdqieb9qais_pCQ*^F18taTrOX-E!kTeM
zn})nBG$0NqSrTlWYhP5VGMK(zC$xs$b;x1V42f{)r5;gTj2GiVIH#{O*sw(x=BUl7
zNI3lq)9fllPVC!_UEENE;^iH^q!d2`_%%+ea9R=ir)u;yxDX*@tM`JPbJUaUl!IhU
z;x5g|7X(wOhrK5w;Tk(q;hUZk<@T^ID9V{)H(4q&I3_BTYsq&F0<-XQyNAQWV1AMu
zygo+DrsGAG7nS~j!AYyq)eVCCOgs!0sTzAW_TPb2WN^l+WJTyoma0m+1yu3}2Is9x
zmNxKnoOl?lND{JeXJo<FM$X_)j*iU;BBnMDnDb>BY!S<Wbec@|`x&W-aJnLcJhz3<
zYXSeO>2)?<Iu`~tM%MzIjpxR94a4neG}Oob#|b+e$L;0^Tx^lcn-M%s;Z`Z>9J%Kw
zpF#o|+%7|SGmR!d+9=%aa@rgQ=jzI(m);l`ulkx;f<&EiYrJiVDjNp_ge}>Yz+l2@
zY<!YXC`;P#MDb{Cq&&skJ6ggNUpSzP+OrS~`^-opzNF>qJ{kkNTk&#Y#rDAPaTum^
zRFtilNSnj#C~lO;o%RGt+>g>v65Db|X_;_rw2}1u9R|a5m91I@v&}@af6AOXO-%zb
zn!)xsDXWLxH>PBYA-iZ?j7^Zwr!_UU5F6u6+b;KgDVI3Cm#wf(Z{?gEnP8SZ{C@Bm
zlE`4RRq|k9t)_p~@F$K{E7Z8A{?n-(gB=!i+3yGXN;9oS_P!tJq|8bn(iH7Kw!o(7
ziG!9Yy1J>G(>t2M)-v+S;rGgp>*s36wQCZ5Rf$&DRLjUzSU_lk*Rtv+G;*=(PA7)4
z>NqU|eGMmiyT+RB;!9xC{xb(<`a|@W#lD<KD?-~;o=6)&2lH~u#-<w6m_79WLMb!x
zbEL|N7%7R5WSrI))1(GBmTp=fUY4s+_b9C(^FxNC=PoeA(YNO4W<2`zQRJr%NRMGK
zLQqg2l7$|aB`By5n{)IO*?;PR<D*b#49wA$6;mI4Mp>+Jv(V^&CQOt3DUkm72xgQb
zGzO}1S_7UJ?Y_Yi;TzTRNAO3^X+tO~bTj+4yWcLmsdU>-h_k$Qo0~eEb`#@d<C~f~
zTy~S<Opo2wrcQ_5n7A<hx?}G<QXvgZP%%3b#u6i(uNi|wLcjl=i4|rMVvX<6wL}^R
z;|Ui!ertq8U4d<p1(LdkaH}-oK0JdX1*)kz%!?D$A{O02T}_bYuu@%sYYzpgz5!e-
z#eFn3F;UFocIGS=oJ$)kR}{&)X@?c(JPfv*Yt3I7v=wX3--I@3r1?1gH_U0H(Ku-0
zNASP#Zl73d$H=TWVv00iaO@yr_zxe8i2lb8VoDGE77IrY>M4S%`<M;@iNc?_Mn8rH
zVj$z74&wFe92@x<_J~H_hoOk#`)>?c8rMdn@59AN$*x@m8;uuWdKqL+HT>m}!_-uk
ztmb0u8g8^eBRAc$0{b@%X-b~w>H={X3wO9xW1rA9ey?iW>$Gr3T9xz+UCCut$u6gb
zJI1P{Tf;yL_Zk-#?suaKvgFbPj+R>^n4Y5x@oNt2bhPA#sp*ZgWuO}V=>?nCufT4c
zjMdDlUx8fQn*AI8h<08Z(ezZ*-`jQZc!X*>vtTWM3>l?`n$9*G_!w@gecJGXRUM71
z^T9F%5w0UO`GEU<(`=8_8{GWEWOn69LSIu~<6vEz6roSoL~vRh#)~;02R#qzN+%?u
zvb{o-s^tYCKMuyliIM3b16236;R*B=_%>3-94;j2nlo=z7co|?g^dZC&uinkdZ@NX
zHVH1mV4Z4lN@M?3s|bVj@#d<vr?K-|*P?iJ<ujRSXlZelOg&y&&PyxEWou&tzf-2_
z3}z(}^QvOraIsg%k9YDco25g>Pj0g`U~o$&uIVfj*WAhgoj_v0(^LGup?xC0qIcm|
zo~{lq4@DGcY^_sE+?jDhq++0#E}qHF)dAfQr-!k0`yE#QmBE}GxxCRhINC-t_lD0V
z(c-XsG!k&?fNpLPHH|ic?L@4P&>ju8MsQD5kpP`WSxa9d2Dfr#UL9fWH4@)^@|&iq
z@5Zmbs7MCWR;tTja=LCSgT{1<F$rB#;x?4_M;0ltc8C)D6Y(!*D-|7h!hKG4Y9i;<
z?K0M!y6K!#ca@+0hI3BcD`U>7(M_Cl>iaUpZ}TE=QQM|eTEoC8b&3;4<ggUOQQ53U
zWmb-K3qac@n(cm+-%+TC$*UQTV^VZD0ikUPgT04vZcH2_ZOFZc&<D^<H~0VYAvemz
zL4Q#M7!3N+#+!7$4vj;u+!!O%b!8sLnNW^;VDD(z?!?2okH*1iT^LjY2~VOP$d*!j
z?0}Bqyav-%i5GkfvC^jHV1Kqt!JH-qQ+(r^{LZcKufaC48LYyk`;Z&%!x!+1liFM2
z_l*(u?;{Cbpz%@gKTZC#I!zY8e?%yQCw+7zfseTOsEPUg0_AY<Ng*2E$MGiK<WRT^
z7{hUBDUsJi4XKsqL`$7_b+0eSlmZ_yNdJ(~I4><NAq(YpzQ;ZnfSOAa2%%3h$azv&
zGowG0s5!r)9Jc3&O27MpNUF?pkbg?YNlHO%_tW{$mKz6AUY}<$q9LI#GD3eNv$ecv
zU`fp8J_&5pP=zh*3%m+lhQaL#cx_7Xb2swyTggws&UHTxJEz##+4tvX=LE%0P_Pa+
z_PVgGW0uLbO-~Y<2(vA=E&FNMHrK|sE<ZoprU$U?q8r<KS!`SNq*$SsSZtg7)39xs
zsb-!v)y(m|E^1~-mQ*tfkkIdJYUbOYhSCitrJ70Uem6?TW*LZGJ9g>vy3y2cC1O|H
zuaL;iJA)AUTLz21B{D@7uw(;!EcsVr&xaSCE|#+H>#kbpmcXD0D^5$6MY&qC9C2tW
zh*|J8q4e>nNVvP)cJamoUB!ydVWj>*(R^qN6e8+;v^?@+!;(M=qYPGNNsyo&v10c>
zwYgY1cf@k_nKRfH`yfH*jTlU6PG}SB{Ldq*5Oq(-x<z%xlV~hVlhtntRlRY#E9?Fn
zgK5pxImu!%Tku%*4OpFp5&20*H2z#QlM0!Mvestd4qnLOy(fOOEWVOoS^Nis>mL$Y
z#%sbaPTl1KznJ%}0_7U9%Ya`Lk7zV|#odkBbFYH?xRPbN6xDXG6Yk?$mNHTA?{T3r
z%YysJ+Uo-Mu`A1j`#|$^;$A%k;Sly_5$jI;iM>G(FVId+WUx<iU4q^2b;07wmIZK_
zZR0n}t?WTtWg{I0fWh~ofP&b|+v5)o3@~sa;j~C1x}nbR(dB)jQ4`gHZtfo4h+G&r
zk>G4Cssyd$Ufn0ti1`Aui1}f?mte56kr^7eaj%8LINKPD4K55Tg!DBLGK{t(ydcrS
zHtbbsVe_&ST3DP{MKKg%#VDy@QYUW!#K4qw#5fz-IZtf}oKHnhM1u@gWvL66OZMtU
zAoUf4)b%F)P2}1wt5_nL5t0$+4Nt$Pl)=J=gz==r<V2Qi-n#EXTv;~9Ne72+s4IUQ
zVuKjmj~JX6#@jy`q3wk};S3Hw=__EBH~g!VNTx?h`3j1Hni38LRgA}1&HfWmPZJqT
z`p|u*a}!Tm9xN6RDn#+TU6zgKK5567HSBoKU~Pd%wR@NrmK3;!0rnQ;?7D!nD~iy!
z7|fN1pI0m*I6*wHcCXGKA`?eA2{<YU2+WMHiuX5)$1`Y)7Z3t+=m?Xxfm|={?NzXU
zA2G;K?;$qf?VUO{-vkCvCdOs5?T%LE0z7`D5W2@PA6f5a!W6nxisNTZer8n|@~USu
zp-NuPuO|71L3^QXC6q|4X1PlS6(UKp$}Y`p+@}<BV!06;YrtY~!HJtO#FY~h8VHTG
z^~rDwOH}ttkTLoPgN=fD|CYCKpW*g?U_8D&1ak(u_)^TvWdC5WK~<tsWA4>8mLdaT
z`>!MJ<S%G|Ywnm*MtDDKA!hl+AhTSHBCubuR5meTudXsNWE*SD1hvK_m{tJ=C>=O5
z%^575K=2mJjR+nvoWYQ_l1*eSm(|Myoz_2^^mX~jeeu5_>lqK8^(G}m;teb1nI>(4
zwHs}=K!{XkI9@4&x9irs7O)~WpJ#AWtgUe{murtWXVL$S!6XG8%ttwv?Xz$!r>L=P
z4m%qX4jy>~wjhcBCl0IcmthSztUctgj+4X6-BMn02j~WWh?xNmH4zW#ZdOTt-bc}l
zhrU1dedK`$79?rE<Wu`!nzWAppJQ^!#93z6EFZ&iaSWyz*+u>L?;ZyIeqs3|V0lmn
z3V)!qfxqMp{3UPRPmwq8mo$on;D_4iJh*&DN0hKXAqrTDQYt`z{?1FGlmyuMdw_}g
z4TB@UBJ}rAiqmi4LoPnaRCk^Kp29I%!>wQ8ITD5rwqTroY337@nBM<#9uA)N5_yYF
zdA)P~>F4w&aMR0a5r~&Q?lb>Hm<3=kxFnjbjg?ON_FtOx>GmdY!iyz}^AE+i(4vA1
z%I_?1%GD<7BAv<_@^?{ZLx$ux<+P!XHsze|CCq2~cpoG9wtQj3zXWM}34=^8p{WdV
z`Vq~{#VB}6OM1og7Ggw;HdDzwN-*>|pb#9&LWoi*%NdD^5|wt};|H4k7=!y+c#iTs
zjb$Y{^(N40mh7co7E5Cjg^YP=X*f{MZymWiGt4^DVVwhyal_2Om1Op2L_CLLEu>}_
z8XdjgtLtI%#t{_>Ed_bCQRGX~@}*1}vVj($D9M|4xlg%Ww4;Ay(7le#O(KPa#=(so
z*@5B=x{N~3-^|f9AByrbn2L!(=TVl!eOI<4qeB@6S((c5sFEtJkKo2F$&p@P=p)EN
zn(ef%8H2<BQjzR3FDA~7&U*s)UyMQbNoxOfZMWQi$w!p3SBzwp>K?N?2|Kn=myyiF
zC*XBKIp_E73pfdjW-wxc+QjVL7jP05&0ypN>m;mgw(gAUzk}R(oW?6%(=HoN!s6k6
zraUjkSC?joIthzs&{hSFF#kz?(=EWHgDi{JtSvyl6lC7f-7cHgDF*X)?lv~BQw-+C
zGD0&6^U;aK|BNknpUV;2)Crd2?w_p=pe|-A28}ftXrcS<oIns2qqr$mclKG%*A52n
zZ_9^*qZz5vvN&e<S{70Yt7j(Be4NHWMtP0Ku{Vey{f`W`*ORjTXBn~cC+UaxFlgwb
zCA>8Hae2!$rW}oZ7LQFmB~g)o#4$%viVSGqEBC^s@e&jCm?-!xJ|kSZ_yBiyt3w*%
zl|MwPAMkA0dM@+GhzT$2n!iL{-XW#@3zfo9R^pXEmc-I~=zH?575~KhRKfqy5;(OB
zv$7NtC}(w~?ky!0%$V}cq=rc$m{Sxs)id+~OfT;<pv4*No}+-9%P^Q=pWHHel+45B
zL)2>X#%?)G9&l(k`f(|YnnV=7Lq@jF{U*`V46-xj$t<M=4(?V8G0r?Y8aqiPkNt1v
zqyOVCg)6h&^2aWe6(X#nS4{E=|KijG*<P+bmtfE<L4h2t|AK@GPpIr4I6SAY5wc$i
zu?^t#`|7A(CK}1s?a(YoG6|7CEXg*b3KX5oGOZ)&#n~=r*2}SgROE|Y6uFQ7H-o8l
zh>b0RQ$9``F>Z^YkQjq*Eo`=t(9xir7Guz-ja;;j8Asf`vUMZm<C1vkIrW|wChu`G
zwT_AD!5MTbtx<}{nCb}A%LpD@;*lkuO{U~4VdJF_OiD+)b>%>&6%3GwV|>^;1L%+)
zHmeITSY+s%_Su#ax|?Y!wGM_-yJvgY-gtOlYB~?B+^1WY3q@xb<gCC`(*K0B*2zuX
z8EHcbDZ}89O)^Hf@%wP5EfMALZ2v@*M>5sH&B$!s2J5h7!h`UVarU7NNJ6a)L2x(<
zLnlEHshA?w*41pZ>I*aIXwY&e+YD4#8L+Y-*_=W83c?F4u8745U-6%9yak0xYQW=R
zXH!BGU`m{3oW(U0CdKxq#5fpkn=Rv681%sP(_$b~i2#mm5IWe)IOA%yNRz9DPb|r`
zxJ(!_aZiwFsAvYcS;_-fRV=t=7@@HhXqnQeT8$MLuT~^c&#&a-TeKN%iVGd5|5Az9
zJgmI=TVwUx-_>u?tb)w*nE*wEO$T*^5=d6*4$HvToF`yFU<t1fA@i@X_(!uOhBw^5
zi;zc%14w?=hxX9ahmhB`dNT^JkZ_jdlz!<y`V%*@{w|nc8RRCF;&<Gv{xDwc$cy%+
z?ag@qKKpfdSTyr4fT6lHzpQ|mmjl{;D|h1Mc>cTPGL790JP(8aCelJ~H-T_GKoL?^
zLM&{hxEw}9Xq@B6X<gVSvE{DW<vo$Xx52a?-kyhphVCAht>EI5na0$S^M19o#51@M
zuhF;^jI_Gc*l)Ch;{!dI)(a~FuAK9e3t+JLCuvj2n3eGZ1?Bz<nG&!rOc#dRH&tjf
zd(k}{v3s@(N4%D4bG+Q!=L|=@VeBF9?sJAC-psT%VVT)3;fQ-O{lgI_WUFw*>`YrY
z;<2EcFr4GKgmorxdpwa_hh7!%%yCxK!**sB{K#=)D?&>L`ni>VBFK?r{+$zXtR-%%
zY{?=n&d$&AOlB+VT=B>ZU4fl1F&rK#mcs*MNL}kzF_cp`5GxfD7c10nh%F$YVo<U~
zn}1|Dh%^qSmzU|DiZEDNPY|=LB%!pF*IP<R0WHb)&=dw!|0!Kjaz`ZA{yiwS@5`+-
z{gBi5ed2F6VJW89Dk)GcM-fp#?shy3X2xr*y=Xb(ebMq7x0bW~TJ|tVH#E1?+bWYW
zjA}(5jZi+Yhc%Q8J`5jOLB&vfE}0)OiD59MJP#02%o+PdP#LuHl@wyInEt1ali>-!
zGFy4Vdv3HTWIz7!Fl<$x@Iz67p71fPG)m!c6t9gS1+{*X)d_*_G70}b*VbafV10kW
zP0x40e<l6Dnt4RTd)37VS4j~o@R7>q<%w;JEY!Ni1TxYHp-(`6ErpA(7itg<zjD);
zY6RvQu8}tw41bHzYL>qiJj8TDYBH?|O61tnF6-HaG_{`fKdl=ZD)CJ1cp$-t?{+-x
zkY)zG2Fr3$(X=QGI3=S8;rw8E`~G<!jf1N{$oGWVV0pBgFzD7hz@?=rbXudIltF29
zb7{0X)95?my|>kjD};FF8+D$D|4Ai1@w^@^-N3hF)mS13S6HmV$wu-1e#Mi66rW-g
z@0YLIry9lk=BxNLqj;Zu6`yVt@13vWGmPTB@>P7MQM_mP;soZ5B}C&~W&hj$DJrbq
z6$p)mOLaN*K<^5g`pg;htneTgmR@J@LtQ&yp%;uy)wPw2RM@EHMPps+iN<c0=jt<O
zaJ~G4H1+|5&h;dWz8@0ep_6Vpe%25?#H!<NeJ?trtnW30Y|4Jx8K?FAoe}6Y^^DW{
zUN^|HzW1JSIRaTYNG7AyXl14;aHC{@aHCBpbn{NTPl6lGOeZF0-vE2FVIURDGdL<5
zR6uC!Y&E-qDn>Jymu^f0qZtd((ZYjP0Bk30b+572t?F8sj(6=kRLVErOA4i|iXYyK
zCU%@xYncdZa~w?Na!8Ck5VOv>c<0s+vfOtw-3n|Nq<qT;DqAxPmF@m%-3H4hao7|*
z8yA0+i}3m&6W69BWS$9hZ|_k*8(MTY^|`cl_*nS1s4O~o7$Nk3Bov%^H?AafIv&{a
z^`ZVPp9Qy;FXZOC<t`(MJUsGmdC-x-mQRkbwHyO;TKI5bpv4&Md5oKBdWJtCg!kA-
zh@bETSD!h9p-()BI%vY+=tqP$v(y1<gLeB}*4I9nQk;vy581|sQ9Ps3DucE|LF61%
z3S#tFn}XPR(5WEC8rpcrL8pQkH`Y=Rw-35(&)bca+j9=P6G(vbRebVGHl%#8v>4pe
zIj2eDi%&UZ8KLE&J>fLTK)NtIvgi|rAxp7CMd8#6b(WLyz5)Y26v~B@$e`0$*PDh{
z4!X>&u4ApKciF#yksBJJKm+c{*ze15xx%SX3AuDh<6_f6oim?L^>4%q<-L>k*HC4D
z#lR<8Vj_Gg&5{J#49X&MP(!qbdKQ<E97FT9(vCOAHa%a(GmYXy@>P7oSWHg-A%#Rg
z19+hIHaa??(*P7zNYLb3@@K~BUmP&xgU|V$2hw72t~D|p27!cE^+_1kD1<<rI8Y{E
zzAp?olU+%)6v(Im_#bYjQC|D>LrJ4Nv!<0s`TAM=p-D7!9;gl~Zk^R_iQ=LebTWRq
zeOA{rra7)VMKf5S)>&FbvnSl5F>tYsFOgP({*j1@(nfZZz6PTeaM!6ADG<Z+HDu;w
z9~Qbe^(3eGS}53=pXUHfF0RFt$*)#d%3yEUX|L`D1!99Xqpvc!Sqq^-HN{M5sR@3@
z(*`g#(z?QV<ylRkf?{S4d5QDeA9;y0K(lcM8&~1-T^vo7cC7^y?*lF&_gjS#)TAI5
zh;?e@6Dn_ZQzIH^ZJf-he-q>g9&{POvDOGSeAFYD0ApJdT3TgtnYI$O`qM&3`)Fd4
zO0ITL_lZ^ateF3Dg6tH##8P-vz-cKn8+;6dGk)`*Hie67eHd6la|KF@W{^9G5V^q>
zzl<&~7Rns7??;#C>N96Bvit*XCJxt=n+d7d)Mf$(Vf|;Z{y|v(Sy}&p2de))250IK
z+Q_arnNJu-HcZ~_e%7BmDDSv5%M?RYUJUd`A}=D5{mN_VGiT5zA4C>U;u?LE!G(In
zmib&+G*?gPE@;2Q(osz6xFdD#JgrNpt|@86!s`0&wC(`wnwF+C+S=2)1Fma&nq|IR
zJndq>WTp{`f~V1B#uaAQEB=^WxyP-oLW%_K8X;`dq>=`9<RMi;*-S$f+VsKWx_cr%
zk0`@Klo5}T7>p6ks5TB9*F&OQVyhUb709HD40fhj7418&2O?cg7)l7@OAoAA0IW+*
zNXxO>CYbwL2gA!Un44y84OgFb*&NNs0$vo04_Pz%cS8S#2CiIoSDtnR4RHnw)k|@Z
z_j^L4FusOHC()9LE`Otha5Ca!knx(zjNwMeVp%6h`0~Z&#PnEQUrdk1<+%DRnlAT%
zb9hz#aC7*^sql07uG<`*k3_CRBIlRW)Mw6MZn^x=;qU6Z%;Dj#bNEWgIehDsn!}w3
z+vf0vQ_eZub+D4%^QWA1xZ7ZB4yU=z;rqrM<~;Z$?&6%p*Zn7PN54sY*O<f|f=}YR
z#w6|#Y7*bJP2%=pCh=Wk5^p%=oWzp{TNT|u=9t87hp9=t=&1rZFgSxHb<9aDM<iep
z_Ze(W;<Kk*=1#xC_DNjZn#58DPM>m{!~+H!lenAvB#vUqV&bMSxTYrVNw>xa4K^mO
zbYRPUF?gg8dfxHC{dG|W`-dw3b>?y17z^>tfZ9<0>mkRTvp|?us$^6&OgJVa0kVe?
zOeXj|9&z1E64SDM12HY{C2{qcGq{uVAiCpC2JIU7%}r&U!v14{eJadg-Z0gt^~ZG6
zT{a94F63rR_G!^EXP=@O?6H+hOo@u7kHf^H))7WDgTuoKiHfFikag4+Ig}G&n?xf;
zKfI9BK)T}ETZG&jCJ$0aC#eExZaLTyMS}C<u!9%E+!8WVo26g|^k|lhT}XgfE-dYv
z5nLuSdz_ILDv_G%VredSrf)Hg))Z3tF2<yIg@JkSE0RbH!}w@)275Sa?_Y5rZA%!Z
z9f*nZDQHMihN+jqtk#@9SDt!cJ>Y(HrtbTdpiiT97^n4_&<<6Ez$+TcaQSO(#+~Fx
zGx$V%Sg&gjx%D!Lf&K~XXr&=^>52&SSPb^F%%Ozk)`+J%bc~c}ynoVY14d{`PIZ<d
zv(;Ne%Djmz$+GpA>%^*&M#DA<sys~>1G`-UpUtRX%jS8ikzwR_OB9lJy^)xN-4eO_
z%o%h^d_W`rS|c|j|89b)zr*{Y{<{fWedY{qCp@5m(Ej~!2Eu}4;SGevVut-Cz(BZ(
zM0P<UZzgE!GiPu;A^!$K=l5L<ghNN%41`%DLKz4`^`L>UW|+-Dn0Cx*AbdB>IK(*S
zG!WJevmIg_b1@K>4hwJOugi7V2XjaI*#~QK1J-Vr!;C;weOta7cjI8;NNY`Bl^fbP
zSUgg7vd1x7l)BjMpB-k^vOL#e87v#AEQ32qAuI#gZ2y(&qSb{Z=xzyZ?caINO5JqK
z#ZcHX%rX=vA9Go&w+#zv?N2)9W+?0!W*7<^ejUQvS9X31gE?;~ygN4%b`1+<F5Jj<
zF&ENDs-^X0u4yiaX94CycCM?rFn^?JE}Y6ib79CR!(33xWNy5eryClJc{(?qtIwRl
z?Dz*!CT}rV-<Z&Mt(+uru;hhMwiPY(GL25+3|79W{DencSaxK%9Dv7}*d1|bj*7g5
zCMH=*u!Ys<zp$#`D{<B3<z+;dmp2hzUS5W)&z!;1G7o4ZEo)-ePdE~pIf0{Cg~6Fo
z#-U1DjxJqBu>?LQ)~~3#RQ8D5M*=QDy~N;F2F^QV=Bt%yG^;2h?(=lp#in9#B!g(Q
zBz(<jvER^WmLOiS6rmS}<pjtHEg>vB@#;CuwZmS)D><2mZHCrqTZndXI6n#($SU*+
zM(CfIbO~QLVx5V8z@W<rmE7az5gl)X)|JobM}(GzCkgeGG}P$wys*w>Vb^95;*}R%
z22^%la7m&6#bEDSg#Ot|E+9>(6q-etkA5qo!sS%|;fQ0Zmu1ic7Z8jA$D8Z$x>(%3
z(xW#z&$y`}V@}WwyJHaXhn|lV9Fh4SUR7UXU{4#KNS}d`kt!#HG$`u9!br|F+5kS|
z+}}f-n4r=gbgQVTOii=unMn^emH(-79>|k~oHaU;7p7plnKwOI@MrJ4S|atpq-O;E
zd)`ffmRx+FgWos2t5v2RnD-3!Zq2*IaC=8HnBu9eW@372F%wUIAZB8^n7{a$GZ<X@
z0WGByAGldcy|DhvSbs09|FW#VN9hN&lrDV`&Qe;R8{SfyEcEfK0hUrXB=R~E*{!su
zJ_~cPbp9=+Yah5+O6L!`SxRHagtC-2<|<2R&Pbc3v@F+YDa|vCgr&JoOG&Ie#uPu9
z>tZQQ9U0zI+IP@lDP@lJvy^rpd<2%#q_LKbv-4nROUVqq8kQSiDIKucTiXsgETw5<
zm8H}(;o(_IC^qNbH!Y>5xh|H{(vg;>v^dvg&0Rh+q)TOCuA8N_a-?A??N82^r8K^}
zWZZl=5>}54Whr$%<YFmx8>=j(>jzCsNjwX%lujRXwUn~PnwHXy186CA9T#9Jtt}<y
z>B44Wo~|v$)n`F$sRy)_7Bma6ls0RjEv3pdI!R+Nvxa2Zw>d5>+dj%}DJ2%nQo=j2
zPhu*&5AjaylU#k~4E8?xfM!zWhYmAo*#Q?bY5O?COqzDUX(owZ?Pk)z!%j2l$Y`6H
zlt@boVS5To&pT|llw#nARcI+~dyms%6=@7iENgr%3gyL`)w3*S`h(rL@lZ-K8Ht~L
zAgC3!a~$Eccrq=PNMl$M+EUB*2eqYkjdQW3x*WD^k|*HW|7Y(_z@sX%{^72ioJu-L
zXX}I|KvEr0K=CHH;4+OeZll3%oL7wt&gdx0ye<d<+~~%Dpr9-Qq9}rjf~bJ9ZvwJ!
z;;!rpxUz4`&iB-*y0>q4-`nYoI5YqGULWk-t+rpCI_K1>s&izUF4iwkY>45tw{rDC
z2dP=*O3jL@I4rt~w3D6|U=NL^ofNHAb)H!ly=gv^!#?>zHmN}8U|sIVOn!<A@wOqJ
z&A<4XW`FA)UXC(fs!H4GwTU{JKIk>Akf<Z;wj=3Ut}+$RUY%+uU4<po69>O0xvD96
z-rAUqZaMTdty?OM5yvrJh3{$)OkTrMB&RTL;B=<<z^~a5s^kVYg7jnQg!_iG_;5s*
zsBlD=t6NI`%y%K7Pqw@@m@x+pu^p^S6I$0ZqCyVA*QHEHBdp{w^+rZkG#`u!+l*k?
z34WsZP|t@A$g^$p!P{WDGMY^Z3tj7#nMPctFIJVl%vR}_zpbg#x50``r%L-^QdJPU
z!?!tVSie@+bcfpse!N+$ojr3zO}nhrA-vv-)u+SZ^>h$Huj%{XxsFO{{ds$ccE3c9
zB+92h(%v45!)zE)@s8C|5~<RP5~;(!t##U<3SB&zZoj%gK$UDKdSSZKYnR->6wX3W
zQNw-=1?^?2EiEI>0}yx)hnN1u@I1~i<3d%{g+GN<%q2OwFbpeFv`qL$+>&unRG<$I
zK28$_yb_)P<=FD@d4^TOq^rylsDO92h77AJE9~*Seyr5dD*YD(&<EQd*9OzS!3Z$-
zk*)g4JlzXpow~dc-VN(hRR4`>VmKcWRcO2B&<%dn0j1}n5!+sw@%rKlO)Y1_=sRey
z(l?5l@k$t-PF=CBo1MmAV6cGcxOWRL5EeGCUl)bV>~Ab=uo&K*&uF_ya$A2)_Ay~T
zW4ygg^JPtGf_kTx+9*g4NCrhH)(isO%i0&H_NS;_E4^OV2WVbuL0v5jAsaOBYSp0Y
z4S_9Sqr}nQQ1<4Q&I(;?JV@H2?Szpy^(uf`kLOt=9I@fZvM7vk(_kdf>FrUJ^I12G
za;B)>*wD==fv!Q#$bQh>JM#PpmG1vjR8MUC(KZYmW02|iYd_pdli48sNSf--O61Iw
z%D)G;%c8PiSQA6Yw*zi=CfWUxwPteoF~yLwHz+4MTIiKwDIL=y{RMM$WSAljJ<5Z6
zYo~$j;Ka4c?61!dZv56kC41!+sgg<2lC4f2gEvUIUC%3QidUIZynL{|%1|A~;fL*d
z+(l#HhlzL4Qjfop#=W?t5#9`YG6bDPe*q11YvhO;x7}5e_tket#xoi8!I91tjzhIa
zy6VfP&$g4{#6L&K@J!ekk{o|`XOl|}$r5z%ZFa~=O+_Tl&E`idm%{;@QHeHfs>mPT
z#w$AmULj?NOMP@>_ZTc1;wlFFGE@x@JRHkRG{Fx~t&F4hn23Qs82GTj)8Lg9gPN~e
z@>e*Krt+Rt8j1S5`;Mr=paxz;{2RQHWpdF)-#GTBJAH1=RQ)+x%BDg|kI*ObsTbCf
zirV{T)9CVKQ}u~}&RRk}-BdB<_iknQN74}Jc1e>6EB)>^hNr=tu&l`D$4!3vofIj4
z*po_u0vA3i8B00(Pm2-}JsG?PLKv6@-!_&*O%2Wye~TWR10QAtVpQwyfnMnf82Emx
zmeUEP!|qJgl)(*bKJ?!QCCG&Ag84U77Z~VoQ6|*@l8>?revys29>#|a8t$K=p(yMU
zF4M{BZ~!wceR2C1$8EtR9KM?u(G>g~zNxGXpch6G?kjJIXbCHBFjUba2*+ad!l<Sq
zSb;5Q!;=3rInE!q+BP3l+dgb;*w|bO?7AzSCts>)^iLLzj;azCm%SZ!Wm3m|<&pil
ztg~Tfi~BQGXANi&=`2-**;#&=|9JFhGCO*v9Pz4FPd{eVBq{t*84TcQ;1xEiY6tT`
z#Z26rY6$eVkexA*%gzuLHs0Hs3oNxWUlj@|9fr4%P5b^YbY%9$7KV)xfBzSQyo;Cz
z!Iy7v;Kc90RvS)?&|KF3-Ht{vk?9ZHEi%2HmV^Wr!|{M&qlbg-h#vZs%6cAbC%fSD
zZc$WWGmX+(i_##M-M|`Zu~{iw_^9MM88+->?=1onY9G)@%jB^2ZkC9Qk8W}!V?Qh!
z&J4+lr)LlYBhM#=w8Sp30sKU(cF1^3#M6;AMr?$v1N~A!{6*JFaHf|Vr2JmX8p7w<
zLLh_f0Z}QlJ=~65CBnOFV>$eK+f-MbaUHiV6jYP@bGSJzg`%LJCc|g*_INI}tSx3L
zfp&O9oZYDjhicignaUdR<J!nJ<~lI!4aTrEfOY;r6jq0kU_YN57_>50Pg&gK95P*G
zaX3I5Mf6stYq1D!k_gn1A~lHVM7;3g?b>zM-VM<w#LLXNp&D>&l%f?GaWga7g_4aw
zWRx_-)eN4>p%L80h&)}(U{H=A$^Y6TG(LUsu{k*JgC$<YK4v#E*+&Z)eYeo;+SCE%
zC?1!kB-b`A6)oCP8%j*t`RE5X+R5awWjISncyIscmiTWJ?Vfn>p2vv?SKw`2;9spg
zlx=b4mgsOFm<jK_tOI_)$6ILcn;(|F#A2W@h}TQjQY->^T2u5vKXd$C5AS3da>Vv8
zwvX5!@1PMotk{WzH_+l+G4L0PMNoFkjGGmQJe_1r1luDdWy<9z-PA@L4n4R*)?V}q
zY+!C8=dv0f3Sq9I_&LnDIf!0Zaw^#qZ<btQvA(WQrJx^nfY2o>#$o6s6)oT7#Oc&Z
zl7>Nno#2bVN_b#IilM~K*3K5aO!FyvSy|ttmrM>l+cWnbS-&Z+M_wJp45G-l9*d>O
zdtgom(eSiK4E1V&mc{qLiBwf~uToptpSMd;cE2Cv%HBIn1+axR9&OpYg$rzF(XozR
z{zFVcFRXq+CiKJXkch6BmkzeX_Z1?%R9{3Cj_3Z)lG={t<M3S<S>j6>vb;fNd8@lA
z+rlduYU=TBs*#Kh4l)d^&l%PY2-&x<gqgrD@M||}OwXvsG(bP>2P5jqJ+K~4Ewuj+
zA;W&w!OLNyEGWrV9e9Xg3mBCpN6I#4woP*x^g{n^)xUe{8L=^ptRT_NIZV2{61}jh
zNMH#}zFQLi$|9pePJAcbt*xmoVEW?~F|>ORjF$N~;9wZA)s$1Eh!-G}zXq~$8p+qP
z5@ax?Txc1kL=?i706iITJ3|KF1%&qh_TKCevp^wpATT>fKA8ACYhR)y9euFtF@{A9
zPo>aT5iVM$7F`;_fK3r8Q~<k2Np;~|F7N_vMH{`D*jNFq9ii7)-`pG$2KU>G?F65X
z&<=zia3D@f_L<rXoXKJ0%Phho4QC#S?O?yDckkO0(x<~z`aQ#RY%Un^qpS*<^FMk)
zW(x2Bpr4RQca-_zH=9Drq%`kUmKcw*>+E=ZHCo|eSa{6Ys7xOPF#lEEvbh_T6Una7
z|3w|Y3-)~<65QaTB9&nmct<{`F)$*<*3ROF*a==#itxIJqgYT0c7@L+3(AA%GYmYH
zH!~HBUGe5=4$msR!jDC;B4EjUI&RmD!^qo%*Z>xqWJrpV0W)rwgtjCgkTn*hHFZ<E
z6RA!jT6MxqIHZ)PC6Y1?c$+Bmi+~7XS6F`ojq?&};*9Q5Ex~p$2&sviLNQHj2UAi7
z$%j>sRmx#=4g8d?)Q9EK>H`jEFeroISet6-PCc?AM8V?y(03SPQDs)aL|JAF*vF&A
z3U-B_K2^lKG4cSr!eB2Y8U!(k+QC+>kjx1gjvS~go&$YZCHd;OOxoA1F!91+nl64(
zB^sd@#%HS5e_mBtB1z%h9E!NUxwAn6d^FlB*hoU~Y9@Wqv%6s!m=7~jm{iO@vkVJ$
zVJzkUb{A!8DS&S?1kIkOG6tV?lYO-&B`6F-U_SItmki^BhX$6=r%MU?7O<&1i_*v%
zN}VK|fH~6Lh*j3w!8rL&PIOA8K2TS?=BuCyk~*S1V0MTZMo{XO20Zf`W6(v;w}(F@
zN=(8sunYXqjS1{}Hg(P_7CXI@)mW6Fx^8E8hsj?%Sdc+Xb9EQPJQ>;odSwLdeJN3V
zBAdu@R~PD&;S6SjlG2l#t7WTWvtox>7KdXCm|A5i#0GFR4W&{JQ*RfgXf#BGl>uSM
z&iv@w$`UM<gp58I{E)!5ut)Lq#Q{Y_XEAKcq0jA%!Urtzuw*G}UPnn$^KxX)A9R$$
z=))X^{c%xg!#;>U-nNYA1x+?NJH&)CTf8)wRTj%OPmy|hP>$qDVWB&t1lz(+S=UE7
zJadJdVB|ny5FdsARZ**>z3;Rluk?Q9lN)o$IX!)v1BI2Pa$1NyAfJ1gzVg%GT;;l4
zZ5DX{xv<(S@X-zr&2+bTEC=>q4-DI<WoaDV+v$;$z>!$Y3$Ucva+yfK#oBa8mj%T!
z4i%%`x?h$#UIx^fUY%$+*2(^G?NOT-sFlR}+QBwv(VAh7>2TXxS#-}1Tc|&jKmwbm
z3Q(@URVl5Jo27DSpeTCY;BZXn-|5>uYLCg%!C`Y(#MJE`hNoD^)qfc5a8UYr`ArUo
ze1`SlfuMZk6$F#I%2DR$<6n6G-wF5)9NyaQVSeqETD2u#A@^(?a@$PghHB(WIs7D1
zi9~{*?1bDh`Hck>cq_38KHThy-Ahpxzx{;VZH@>tGx|USVfTTLMKE`xC(0w;;P-0q
zNVj8IoJYEECdPWCdu4TW)P^AA6?hJZO{2ofevZ5h0rG>k+61u(Uj3KU#$Y^%XLC3v
zYjbX-HU<{K&)<3y9+Z+G4t>Q1(4Z_+((toic!DSkQ}&dWv{j++%-G!&^&n3*<Eh28
z!>%42oDnitgnn7X)KR3TXF9m}dU3H8&b_tY?@tA62tVr&Pvgq1$IwMg$QN9`F=F4K
zmzSr4q$C}*9UEJlw&pBkjNZ-H?{qr(9DV$c1yp?>85rc>Q?QJxaxJmw!T{!$5F1om
zk}gUGEQFydD{KhY>gK0IIiZ7vQUIV|?|(ubu(m7hQWYtLA^%M3-70lmSWT%5&F(P&
z`mv=XthyY!%GZU3>H#%%%tBg0F4rw=i5HPGKY>2pgfqN>!@J|c+6Rg<v<gW8Iq(M|
zX^Dc9Z2iW=usOUuGAyt_-U;(gal9f}`;8m9MaJ(NBQ?1x?^&m7CL?4CbHDL0flXn)
z{3Z?N$s(G<JbMvS;)<}-^781+o12*{BiX=M4mNI==3rkAR2(e8VeBps!_zDdc3_|b
z2YYIlNAL0bVjzj_M)3A7kFF#on{Sq-5=_$xV3{tcn8OrVP*ba*ADs#sD!(a;k|`~?
zLF8G)1K7ZiWmX1j2ZlwwI}e#bDP<6lJl!FOQ>`3UIOXuZ%%Oxs2E$A!5Lh4X6goGV
zVF`zB^j(1<xdsCtC->Z!wU;EDHPh4`(x9_}#p(4i4IYt$_2PJ~gQn?wws@G{f_6TK
zS(4dH{p&_;40&^KSOvkpn8O$;M|>Q%ZSqLn?-mM^=F7z*ew7)Vt{<40wdOEbGP*XL
z;VmMFX|S)mEWFgJ;OXe)*GH<`&3Hu>xo${Us1<J0apBhO9-aTJ&7Pnx;6e_sOX~Y0
zXLu`-!XRecOmUJJJoC6v-md3vu@VG1ER_l5NW7V>)=NJ31Pf#rk;|jSazJVhy!-Q7
zb7142<iJ@RPE)lI<ey}Vts0;G>#E@_2!zS+SuG@i$v@-7fSS+f$BkjZtdMqhq6NcQ
z@q$6>M7aXXB(0tmB_0B_Ad@AFZ~0#&A<)OqR084$OF%FsAg~Y)Z}3!Dab|*&M8*)`
zo2kO1p2Oiusg<118J<V;vmu*2!RR=WL8pXgb9miUuFj=|ziiYAk;9l*!;I4y{)xu$
znbxRnKF}Joa=7y7A2oMc@UurpG?+dp>>APFlN}!Isye?~`=_tjJ-wGh!(ahsk<;li
zY{ZrKt86(YbUcGI^^~Mk%~VcTkL{C}G`Ng9vyQM8Anb9A+8Zivk&<1{Jr|}f)Pak>
zmQ%x+z(o^Cww%PkMI;VrUng`8Vx6-PPr*73=ocOph^My4zi{aPURZm$mWUn<5u90u
z86rZ@ETb+91m-oxhR{va5X=F+P-^`1P@|U@{PvFeAL=Nhf^rICT{%Jv%CO;C*x+=m
zQ;LO+F+YH5a5Q9KKJOySvFIlTfwXhc%dblWjgkrz7{j{4@<aY9*u&@TP})dc4)eB=
z;s9@c=?S8@kQ@9ePD1n8TVaMebn(V7J;DD-ZCh9eT>fj-?d37*wgKKC7w|GMG{~s5
z>qN)D^ss>HzJs#+z%OU$yH|PCI+vuxB@@Gx@PhV<sroEU)r}Piw}=`OX}nM$*(fu^
zigb&7kT@C{mlO^y$f=>YN5v(RYSe(RAr+s83(T$fx>{ZSMML%9nOZ&aarpdOkH9>?
zU{cr_=z~j`!6C>n&u`eDNp<AqZmhsG9!(8bpchtom>)}MX-*D|CVF6$Vi9c4j7)~g
zY?C3fc78iCR6)_HW-l;LZO#tGL?1*BL#4n-R|S6hxyMMp!~hnYfvLQ8Y>AjoMhcRL
zuT&){dfg6Hw1IVC!%8WOnqeJySg60<ghAoz(wVJF!5S+RH7l$Q5C^T=WO5kZo&8&=
z#mk}3R%;66<?ym2fR=xD72WIx4r^rXD>=glVQg4IADNugBA;I(`SeRVpGaJV8#oN!
zsdK0c+q(<A9A1GS<OFH{^X_BJJwlYFNBLmv*B*vh2A&tha}3GDIgFnb3Q7&A5FXUb
z{C~7~!CW|<RmyLCEYTNaKHDT&vzc=+6=bb;N)CUH;^x_s)qDN&R%)rxhMmkp4Lrv%
zRH1upg#sCSt#Y;3pj9fg`m&Uh9bdZkF=#4cV$clk&afyp{)e`2y2PMK-nd!ByBhi+
zj~V>q$w~2hwA4a&bexKT-6K(Gew|=Op&7F}Itq=U=Nzw?a}M5~m+F}2k2)8q$@?4*
zPsjmM2+wcw2%9-rhi8}E{(KcEM9zqUws<wR98(zvV8}|nM817eOiU`XkO#Se4?r<x
z^4TU&@b@4F_Rmm5P(()=`7fgetsW<)gtIw}RFrUVV-zKrp<+zQ{?AZ=nR$_%_Zk!-
zh<L`g@BeO$O4amZj~h=yFVAr-+RF>w*;qP<ogc?WGD_!paUpa1c4xm2c^fwJKC_09
zIh8dL^T}AcNs^w8pesGgoWjAx46T}%^9uRNOJSCPO-XtqPNmlDFHsYYZ#?YZ#A}>7
zgAAhNpq|6ilR`{jfuz8shrcAkeJO?$4GQ(3j8|hC%#lzv;Lwx;L#ASpwwpK@h<v7P
zq`u!zwh(RnFiju^;;Dq>r2O9tNjqJ)sRfkEt#aQ<Iu_I~D=qK;=?Y#_2~AWh?5I{m
zp_&J`8WaKR1z<KPB^f@`-9Uu>DFTb=dIICHcyzeJEuK+KNFzL3$1|Fs;u(2i%~DU5
zzzGb-Obb(dBf7cHP_IPfRW7Vu>Y>{=r-g<3Qg9fv)RW-wyLr}1>9~L9@TJV^f1*Mi
zIYgLP_iVVv2opsdUfSznI=+1YRQC_tV@fpSaCna=Dx&^0W;m2J@|mQ{`f8u8ti{j7
zmNj)>bXg6ZiaOpesiF?ri+UrjsIOv*dOFpqtlfQ*Dy#QFTUo=NiY@EAU!%)f=y57*
zOmbzdwwLu$pV+d-AB-;R8OQE=zIRe(eRIfG)|}q4Wz9VlUDl6|7{2vH&1Hf5bmei6
zI*0@ei~Lr}A3qUW@;k?)Oa3XvspMJ5L&=sr^9iO78%3AA`FJR%<l#@SBuZX&B<YgJ
z_KLVUw3WR7NNmYZ^<p&-j(3tTcv-KA*C1QLpT!mYR<F1iWm$Bb$ty4mx(T(I4SyxE
zGwpt6k4Cn?f7mS=+0I_t*zxg^WCB0zGCyCP)aSd+&p%4)^F8M0tCISBulf1Pq(0wg
ze!e29&-a_3FF%q*c(Gr5F&2!3Xz6<-WN?}QHRN!}&b(2XaY?i5z0@Nm<Y6g<yz)+%
zcY;H&gwiO^70Znr4oQJ@vlX4jT#x<gV~>&KdTdoqtFQExwuC+PJFLR~-+r8$76^p7
zLV)E`<NXVVE#t#htf6hshU0?~4chCm)@18JfhJL@nDC%-O`-Ww3VgQD6FHm8l^952
zSYdg*J7IbQxdVEq&<2Jfd1~w5mq(()V7_GzpD*-tJ*>v{a*p=%No17K!3TI-W#Hv9
zXW<x}CFl}9$reIszhaxRTU2KKj)a72aTbU13mB=p6s2$T_%L$;5jhOr>tS`sL+=tA
zv^}TOpgp#P1})tQ4o8;McF<N&cO0}IB|m7}|KFhfe{9fR&tbc5&~AP<>|{GC*0TcZ
zh$=Lssnt3~fNv-QT&D=|4NZV+YE6KnoeA)r|0BTvYN^qGLWBV4IZ2J#Hrh+$P$00L
z$wMb9(LvU#PxpAVu8IE(#md3Xgry$yaHSF}8>WS$#L8t#tXyG<mD{vb`71P6S!`pb
zN8h&=6S;pigUJ1@#YFCOC#UR-YenuiaQJdYSgkv0axa33>pTga8rnP>Q`J_F)^ei%
zGY+ur+!ukZ1Ui#mzSJWkVWPfXMC}<nliKt3B5Dua2@YQ_^3>Ab;Fy_V<#5ny&!)AW
z#2yFb1KK7s>J8nJIsF`3GIxKZC0_Vk*31u6RJB(uQs+<T)=wvJU|H?z{y!Wh%evnb
zah6DN_DqkVX}mSnZDOQuHkXtuW#!WRmRrLTLnG{`bH+hDCC*{&(-L?;{Hj{;v}(_<
z8u&i7uKX|2l_$=(t4}!I^Wm!pJ=*i(ras{~&xi7@-SgqXzTr5}hwmNmke@<7we@Uu
z+@x>RbUX`IAE4%4Og<0&@Q9oiUMQP*u^}(N_b8W#Bg00l%fqeFwYIxFeEpy&*5%=@
z-eEVFhocXAA}$ZxXs?FT%m!(fhl^!BO@D|J`i7&u0NujX2lrSm4^0OIPZJ%~<nV9G
z0S`I+<M72oT6cMS7IpU*3q8WT6C6HUSX(hUZk864>ijh3!<rQy<`g--E=(W}T#9vz
z-6Ew6yn@5%$zjb<=k}#7S#4qd0gs_eQ0~T}d%2Xu0!0fZDu??fgUUjU3U&AR=<YV%
zM|wGIk^QG#sy0<FReQ(MhWfJKp~#mdL5l0L|H-hW|7XFF!ycBJ2HT$u%e-4a-@{TQ
zK!zF!D|_q5;|_UrI20BBp|@jclWnCnRq^AeIDfg`UN04I=5<@WTEIH07iPg5R5RHS
zfi2);wWQ${*hHPoe=}rY7WbRpx+Ql2y8KE`&$Ykqu{1^h7dz|@T9dU&F_X1RlvKUk
zlB%OZmcPmGEZ2P>JrmXwAmp&?SC1)|Uiy&a(sy%cyu9?G9QXmugROJaka_XL<gMd3
za+xejtt^7qzVam6gkzJi8^&t6)Z-}!xpeeb8h6k@uiL=glCl~IWefAc`;Ukc%!0*S
z+r(5KayT*H>cqh_BAvK>@xQ4Pk;D9bnp|Vdc(Om1FD3!CRp~u1FIEDVZneN2UOVOI
zCJtMq@^ec>;0pMbHdNK2F*Ra#?23LKhkXn5ivF{+)yDTcdW0GLQgbcp`Pm^Y&wLz?
zETE%>*PAbo%_1j<4LS5&$Ra+;eFC${85Cqtv?UQV@HP%7-VZZ!6=Dh10_YK^W(f{Q
z_j$BS>V;o<e&0n{sgA&pW5TrNZN(Hh-p`>{$91i|9EL6?alBvl*BP>7)69;2#`Z>V
z=v(Vv+!xo2pZxQ^*y?xa#Q~GzdvUiDUeD||dvWsb-HS~2;=$Nn-04)S{<>BHI*fe=
zbTd@vsdFzcuJ(w?*2`e@Mo7c9@31_6-(iXSzQdZgLq;}!{Ds4Sy&kPQ?0J@Sha2T1
zfgJ@tsMuf|K|bOzpTmoOVVc>#I+7^LIdJ&VwA+1Y8RUY_J|?vRPIKiQk$I1**K^O9
zlSCy$N6utSv)`BJM%eF`dH){v%VCsWuoi~EvpB398)n#wGXt+9zX)GFB9dD|`6<TI
zsSXV)GiMhUGpF80_D3B9-Y^3r@6~%fqD?{+F<t`6;f=i>)r@t|k_uJKVc=e3Aeary
zJWL(RmUDDvCHh!di6$;F#rbM&C>p<{R^ohhw3SFTW~h_h;0I+lu#8p>Doo3>m--^#
zTDUT75|7&SHK`_fQaGLmPfHebP7r-T%nBOXXnk;Y$fCG`dt)eW*Rx^6d^s!1a(0G;
znZs^p(_j0^!278}ZoES7Q)OQpuVMSR*7mh`o$YI{|DS#BzuLe%%w}Jk=1O>rZDd*p
z=7cqwA0<i_=Gsgg1D$NsUswF=^jFO1#po^M?a>GCO$#&SjrP-}<ct2@X<=b53whzA
z#U6u}hu)XU%Ae$T|1Q;B_xyCe8et!(5jJ0qun+VIn_pW?%)1|GON{1C)<m~gIDUuf
zmLnde361C#HjnDcXC}MSp+pAs3df&2tv(w0PR}lnRa>)54t<Y#n2Nq(PWyc@`(dM`
zq`0I+&)J4@BcUO5&m)#4bO<-6Y$KmCr)+VQ@Zp>YCCvHo-#3$4e#n|g&YwrUJ9jSi
z?)-VwyL2Zw%$--;-u+;1T<`iL=SwT8x1Q@6j*nb>;;8QFCwhj>W1aF@Oyt^q)nTW|
zwXYmgUy`w)x|)P-1{^=;p&6<bIOgMvWLqb;kxl*hBB8GZhmS6*O*{Y0VL}_Vo6ND9
z6;#z%s~wuT`<QO#z-p_RyN|^+v)Z|t1CHC8Ip_)9%w5OLW|9lV3uPN$_@iv&j~5Dk
zEjWCCVQt#@7Y@Vz$neJafx7Sshk?54xNg^^C&H$FB%j3$)Hj}R7^vHi#|_lMJ!}JY
z{|S!@I{aLZaH62YdC=!#b$)hjkFa?HXvhg7bxi<=TI<g!{%Px4DhItUj@PO-_H@vy
zUO8&hs=Tnjbp`ri=*8r(u{BLD<&8EB{8X!IRB{+{v5GTdO(-WW{EspVOq>-zp<Lb5
zVe0noQI8eg>P#Mtn(M7{N-#ks(4D!iwVav1L9niCE%deEu%@<%j*dli)WZLeDY_vf
zqVpUOo$Cb9oCJu@>FKah;?twFpaCD!!1#c${IIpq*Mh^m*0tmsb1shM8nU~z9^GT{
z|6ld!|Mv6GH*%OcBjQb>gg2$yapj?g!my*c;wR^jRa)a((b*^|A!*?;lH6ZGx*3Q5
zbjs3F&Ms2Q*~OM}Hr7<mZiWq(a`t5(SLLkV2NC6L|NMW4a>o5Jvt@d<>si|pz|`ZG
z=Jxp?<dA*mQaNNl|AWxig2ShOsHM{O_N6uIY;PP7#Va%0pU_Nj$Z;#kzkC*>%=A7U
za#CjcRkMgPGxS(UDKp!um1jFkXWMdtZ03l|WHYy1AoR81@a+Y))Y)FXtVW$}@-c^I
zZm8DHeEpc!%nj9X%^Z5nv6)Bh%^ZDHH*<Z@m}c%hUpBM<<+7Q3&lmbyaM*o*Ewz+q
zFOONuIrLH7QjU`&KIG8*J-w9k)rnBNR`W&=rk8SbotIOcr&67lpRY|;Q&hE=o}aYA
zs*=N$%as7O>io$^o|<D<+BQdwH)}q@sphLx&CyR08H?co)3)W;4fhHaw9^OQb`&Lz
zN{C&<XB#}iW^-IMTG<@&I&vMny}Pp6!s4~$0X^~I!!tSb7$ei`<KpM2v*A)h4Fw%G
zGD;2wZ|?PwHG8GUAdg@5prOE0xJy-E_@!pCJS0j=uoO0=2o&0Cw<g8hk8?t;6F#BV
z2~Sw-ggx{+;j!AS6ZVK(C+z)o?K<kv7~N4@omLB9h^!X+&DBCbtrn6uNF_3!f0X<n
zt10^Sw5Tb18zluUv82GThqV;A1$L$ha>uZ5nO+mf;<x+`YXh!62_j1Z*K>HmS`zqC
zEeYHp9|?Sr%-M(6ctkQJHPD%)UhtW0<@@tw_YeP*?EUZ06Z%?k*m_<qg~W@0s!>Qx
zJL14S*Y?uf^UWg`_mt0KxaSK;9J%MAUN-JI=CJ0TYo3hZo(ImA&FpuDZ03P;g}xRX
z_MKZxA<_4W8imB-!w$_{@uY6%l*3jt<+GS(jydeu%%7jMHFN4A-OS~^W188Ent7C(
z*^8QaR5i2u+*%5WBUi+X<9;iX6%zX==@I<XQ3qB#xMz%zSl>$4dGwXC&g)xg_VfCc
zRPD8`Y9l0GzcNNhY*|q|-t+QgUGw=)HJ{bfE+iVc2?@P4Tt5;>#0Nj$PeKFh!^`>P
z_HXe;|7H&J7Y;Km4zt)?betKz=r}a2R~?nCGi<W%l{cbf-JtG<#c|hXSsXWAA38`^
zhYrl>q+cn^ln*}J;|ZDv5Y}bs4W_B2P*<Q2#&uSkQL!V;^QfJq&%|y<Jpi6SVZU}c
zvzK<cD(y;JX+Iqg#g_IrSeB#m8~>1SG3uu>tiz#~xk7jJS!Iv2nfXDf^Q*IUg}oe>
zUBvvfuWrmN=TO2NPN-@9jt`iMVOUqiGF0&mK8OjU=i|_4K2uYD)mJ0thV(LHWb06`
zUMvcP=n#1-Uciw!5dI3&@)Za}TL~-9-3+x7K%hU*)cZ=|vf`#zF+Vmjni#>zT(R?U
zcs{Hp?1L~OMQ<ry9My}du<c5wFwEyLycMfqS>mtITyl%Im+DoCFQ$bVUM7)yeW}L`
zStE6cD`WQKC<u2R3F)w{o93|^`iuN|r|KDWL$lXfC*Nz59qgC&^Xqttc$sCVF}MA_
z)+g)|jVX)6g2n1oOCnwo{GFAN1s1EAV=5yHOl3ro;O0DGr@-g{cvRrpBOyUESP{L`
z9B+rO^Udk^Iy%o|55+4C$!>lf6UA<3Ju0LMp2cC)CrVcfViqrVhR3MMq1A8N$D!xl
zKSmal0(HombrY|kZ9OHtJo?Z_z9fVjxghz9yo_Eoggg=_9gRBbgPXYcJ(C-?PF@5j
zLiEwkX$IyIOpQ3aelXPDX=e{-9G-hj+c)z#tnZ_#?Db>hg&<GPkR{3RApX^plA6VX
zcqjd}<hLp#0Hc+<lLza2Gec?x16m8jdZaG(*S1$b^pD>Livg%+w0sB0Ln;IvV;C^k
z2@fw&;XNzxIu4sJmNL;STWwW8;-Cbq>_tj|8u;Un#00NGSlx?BF52sULm#71{B2FX
zVabROgUU^(X`+jBHDSq!1JN=<Ma=raf!hp-mJvgxj0naIvySjKS8Vas4^8fC3;%41
zlza}a%w#pOVA_L<Uf5->3=f(SW_XFL*$<0tJeWBMmiu653OyQT9zW~|%d~v&8IkW^
z4!sML^onLEm4?h>H!4~muv%9`7+3&rPd9gGPwTCBGI7{6pRrVqeweRK!Oc0tGVKuf
zgGEf4Yz17Z%%!Ou8^90x(=uiEL=G=5qFn03j+r6*UYW*Jb@k1FMLI-7x>Phv$w3_Q
zwrW|qSYQKUYojMBi0~h9G@no{jy{d4&CO#;Y$YP07_oIAT5KgjNTeG*!s5CjD7kU3
z_cS+7zfcmyLx$Ol+hi{`f;C>D{JA2BK^M9cLvcw7J^%-}3NZJ4cOmO11YX1iUK|&*
z@U^~iM@KR_tks+0u?Y6qUAMg4HEQ=Da@gW!7R~6>D2E=7@(%BX<6MwBFtdve5CUfW
zwPT#6A~KlK#VjM6!&e@rzJDuhE(I*k(4ob<YCZ%vF*y-yZho-DE9c^EEsyeE7|}N@
zNGw`X&y3tPF{F-Sj9Q(XC%zjwd@lu&<n5g$Mg3SM^>V@C=tmv{5q#7I21P8sMc9b7
zOlD;W9h{~Bmd<r?8A#q?_8s!5NYr>K7x<^R*p$6{yD2nzu=<!a?RYY*LbVog7`l=s
zO9uLKI0OxwFReljSJ>SdrE%Esj;T)x4xcQvMO%4wZsg=f9&DV)A~H@6JKG4%p+`3d
zl=sJC4r6A88K(IaVO00A2ZNV$a5!?1!u5V_?f@x(pR;IW{Pc0u%;=r>qIVwlen^nL
zFq6ajRH1@$IurOOPdgF#+rL-@KI%V^!1H(<VXskyolU&f^lUi!Qx;($dnZ{8M3KUd
zqai~Nfvty4+WI3GcxfDM4Smv$w$eCEmeg-fy(L4NWOi45_$-Z-@z+v>q8&5)XkC1I
zFSqRTIZT?vYMz@6;ZiWp`%nwUd2`Ik$@C8`!6-OPpoz&z8IZE`7n++*r`2MXX3k{O
zfcnk{)pD+;*mCc5C6SlRvm~;egCELc(F0WnX`B>d@hbj9FfK)Tc75e*kBD;yPioPU
z_rnQ!%8O69^OV`uYSoj&fD<932G^XK9D4lfVOW>TLD^bI?+lOuJrd7aE!7rrSoXCi
z7ztv{Vd|JLQx2S0>Y7zQ9b=ep0z3A5f~rExpAH)}`U)Mp&%>nr+^J)XuUqJ`B6Hf*
zAjM#YPmX3VFFZgDM&UoXe^{uE+#<ON?r$(i!2CA!;Am%qLP>Av9gYbl{f_MjVG!?x
zV$-9_yuM*0vQOF`XP-2KMs)u8*K`$mznd_rXr{IwJQuMa<ny{Uj7VDEMKAn1UysPA
zKL|6tNOHq5X+|PeGq#5t$w}>K4s+IL_GPI`uKj~elRY$7QFm+<TrTwZ{{G1riQ|P~
zhe_hh?xtComqT@~k!Xy(eLUnkM#eqK)S}#l#_w$Muo<d?dQy?e;lu$?f&jvYtT80?
zWGfST{o<h|w~rp9**<bu9+@2w=7O}&g(ygUp82RK!LIO53Jr@j-HnDNC3rt<@~ZyW
zd7(%+EqMTrq$o}FsTAQ})3FXU{X*CDn6gWFIlQpij5zT-%<^cUXV+qCbiF!^fH!FC
z#*efknM(rM_Bb=t+5aE*d(4ry)u$l)>4FH{yV4nE1r2-<22Kd8I&4c932FL3uQ-~1
z>Il*FimnC~bsHQ{p}y-y2IMpjLo&2My^;&to+~TQ7kb5MX5XnicXpu;&*yUZ8#OQm
zTJ1wGd_PY!h2e65wvkob`i0i#lAU$VGH0DWcp+@fh4$+i?bk~j<foUzn^z=Mb7mfM
z8_MUwh{ftK1$BiXl%Lp*&xD1OvsUWc^?N-QfBIINzPFzj*SRFt=1BPxwS4icT2QSI
zzaU{Us5|vL-pVWS_V{jptzTTXuiH;ubntO)7BNoIQD<k%!FnE?kkgZMl<(wUXVt(e
z5A}%4zt;)Me|0CtDlJ*4dG$vzR++OK${t#kp@2BiI^G;YHpn0T1@mkl{4kLu9(IJ!
zvsHx-p6_6fFTo(Z4=QHv<3bPAPjiKK6TI$dNVxmtMGm88S@P;S=zBTw$nkn^;^i<p
zJMmb4DjxI$3iOQ+sj-Y4Rz=M3CVwW9n+;0m{a^)c^EzotuaoA0o#1G;8e*ea;x_d=
z9*S+#-Y1AszI`y3knHv}>Z}j*RA==)*G4_smS*Fuqy(;Dzulv};4tz-7MU{;ctIO@
zfkfa%pYThA!=#y6vspPHI>9<UAoiF80<VLER}iJlQ%YtjNz^AZ)ptuB2M)D(YUsDO
zIE}+6)hvb=ecjPqN*$j=guAtdP9A<Nu9LS^Qz!3!fC!iRjk?&@Z|H@gz!E=k(*ubH
zf7ax&*;-pm<FN0N=-KIqw7Ic9%*&EZTijVl0oDn&%YL9;8_-3V+cxeaF*P$iDgSIv
zCqjj$0b%Oh8@M?R+j8i=%fs**?Ku6ZK4C)$HH+J_-$QEEh72KerTj*uQndQpMJi&z
z;U&L_u~%};g*A^cp=|_xK4Z00TNc{X7FvCxGlB5@VIp5sHI5mkU18=?57UfscD0LK
zl-=H!#r9~PCneQuE?0Ot%s3LNkVMVl7iT~0F8Lsby<Qu>U)k}U);nwno7PoQELEYt
zX+%SZ%^gXPz>$11UjO_DiSmf|!lD?v!n;yrR>8h>`SE5l@Oe3$SfR9*3fc<sw(R;_
zNhMkTFiq*P6TFp1s1JWUi1it{)VY`kX*tsJQPK#$RxUz_u>3IQpte!&=&Otdei$tE
z_*Ptx`5nsF$@%iJK!33m<_A}iFvkaBmQ+vB2a7(IIuI$3v!wDUpY<o{AR9C%#he!Y
z+E4dypCi=2T1|8up{jTLr?>{xpd9-!ljChwSt>2jMliCtwfpIvrJks~-+eZ0B$GMx
zJVD7#?F0V-$MOxcP1BBq1bww%eWk_a+0-ew!<*?s3yB52!Xg<<0ZnQ9q!NhlNvN|7
z><k-cgd+yu&M-GqQpW;$r*i-KnHud7=c$+_=fq}rw&ZBH!Z5GN=wE&^teUjv3CYJS
zX(^@1t*~Ftw>rU;?o>lfex&i?&9Fw+yBNkU@fg@ZR<U|=*oe@lm4r&{m2H+dp$F|4
zX~JRqeoxTA`(R+0zWuVhp@AIiqtUaslOp#jSd^}&g>$<R|C*4hn9ja0J;r~Qr+dXg
z9K5r~L<z8B_P98`*H}F>Nu8>O&DGR9rkEp|9%rNJlO6U(=D*6rTqYr24o82d=r;ce
z&=a~(zMm+*j}N}s>me4tF@uPAY!}%xSOrtPM7yiI3U&XwRA4*9yzcU=S7=CA!6F*c
zbL5>I0Q006IITpE^6sLfM2J%)mG?l(x%x3fkAnAo!Vm%<f~{TY%}!-Zc?iB!9At#N
zZ>h)76S-86ULExS+^g;fKPX5)9GszsSQjmzy1>(FLQ<`^I^%<|!b7>XG3dS{>`?bF
zgw6VlQdw?$Q0Ol{lwYKC_<DmUCSHRNetuP{Q&li1PY&kmU~(tQZ}#J&M2LWtnhQYa
z8Sqa}yYp*?onifPV!($wD?EQDJYSG_LYATH|BFY+g7V?#6w(n#Kh9{aXA=mj_o&C2
zWUnt~N)dd(6GR{E>#RlalPjqO@Wf==e{y04*&BLH4vUgv>;z-e1f4`%=n)khHc$iw
zczvQ|%dlZJef!!(i4*=q3V!+RcR>-9*v!bbhf~4c4EnaI(vcMkqGBpwxsIdIn{l|4
zVLrV3OQ=G~B%eLalrPX<)Zr%i1wEs0f|T=Vk`>&-VfWM8KY1P<(BY<M2LtorczGg6
zY36cUoQt$;IGnhK;h$s9M{d~Vu*+iPKo(g^XRtAa_E&z@y;^-%5%H@ur8&bqSaG97
zYf5uNUkeVCn%8E>Yg-P>ZzTQ9wz1dp1y8ze#3B3-J42!-hwu$K3>d_i)y)38qFlfi
zbJ%HbBXU@4i(n8_;8V#JxYJ(Xgq^Vkt{N06P)UltJ3~gyG(l_M#I1fEzznS^_1mrX
zWl0Wv=s7*tShyo<4l>JpzF<c(9@&qYpMRM6b8B&1s5A(EWZbXnRlOrrZ5f%<ID9oo
z8M$XSld9^%n<QDxZbqAm{jlIBqKui%Vksk)IqfLEn!|#d7+x3c6!Nugp?If|JBR4a
z-Op_c8L>Vg<x9Iy$X|Da;(S6Lr+TY%nU|EHKY(fcR5g8#?nfW&S-@o5c3e%aA+w;7
zfquA6a*x4hs#)gVt68j5$YI+;ZcZV0521jSt!Yi*wVy+7?jZLJVe#%De>U5a%J5DO
z{Zyak!+{+kA-m*e^$goHEQNYfd!XtZ{yF62v@i>vA4-mP%2Wk*{T%HADwD%N`GH!o
zI|u7>Dg94TbI2VrR<=wIQ%w?^>+o`p`Ev7)SPs-g#XBDVoIa<=3Sy$4>Y>S?|4x0z
zj}@rc$O#=cPJE6rzh&WlW@jh~XOHj8G?EAZjWetxupi?U*k1>e@(TUfz-JjZa3GV-
zlRC}p9dg#8V%VF9&g~3`PAkwJgvQz*77F<B0`l7BN3Vp+M>`}X>%N>r^<@mNjPmU&
z@Dg5umq#BuUbHLZ;NEqbEIExdHO#2MG_7GR*yXs1C5ywaYMiSq6LT4Ex?Ymq+6@K{
zB%Sx~hWz$;iZVy6jLu?`nZ=6e=abFn%cGx9F`qBnp<P087_xvdwQ%s-wT>R}7bV36
z56AG*giO%nbI9S9`P%5DM*P}qmD9)Ok~4fq!tkZ$n(J*<^6<sxNproeH^y<jC$>9q
zy#XfI+vC9X2E=f^FL%asy^)&hrPWh*{Rpcg&eVI5ROO_`-<!ea5G_s&VnLZAQ&sDi
zZShLJkHbr{Vv?ObvCV~@`8W(wwa@3UeOpKsI7qU>+%l|NZZWuJJ7YM<%^cnt6vffZ
z@%+-Rc+*=thj|``UT7mCL;CeWwjn)$8FE-ZBZu_>CcA*f@8>&d{OT^}a9q;0yVd6B
zZ6TZ0X6O*c1h(P=&(~9&6FWoZ7MY%dbbSv+OP1aY_6<<db0RbBEXS&wOfE&LA2Y#E
zi@8b)zqKnAwA!qKk-spA7<m9oi{c@YU~^bAke;T)m|Y=35JlqB^2pNhP4I;p)31aL
zyce43S?+hcLP52I;BMGRoQ=b*=0R<19l&7lO$^^-0{zfUD(;_!1g#AoPO-e_t=dt8
z_q@I4=v=uYDx3w<@DFMW*z6E<i%}E9Xlja46T^RM`20W&TdJ9N*#A#eaw`RXmf*FM
zmnzCpicoh#-_aXKpR`0-LwALYpmkh+)J&$&yptZTPs>kk{x9}vh3z;jyHQTUrZpGX
z4wl_$sB1FGFT0W9C93w%@6vj$k3)YsFj5go?Xc}*@xjYOXwHx;8N(mBk}30J8N)3c
zCQG8fM+3{@e1W$`;d+}Jt`{p@FSFq~b*Ivx;&2^zlZERS&HmN6-o|0<O%m6yn+d!P
z#@=M8Yr=KxO$;w)m<ead8Mp}2_*c4G8J2Qk+g(*=?yfrehp5d}JuelUB--bCH`}|>
z${Bg2^04?xiy^fQs>QL#wGcXoo9ZMK1^rl$%SRP>p454GnGzuduwh4>#?pktNU4Bi
zD&D%{=Lm1D1CwQzr2(vS1~sn^qkUr+a06S@MiH5@ekx)g=g4PS9KLQTB8M{0!Xmgy
zl2RR}_LQhSC{wRts)Aqahz}I1DfY?dlqm}Hc^NIp2e`lnu(BlyMaH`!HbT}|{`z3@
zH3lNAY$@nk2-wkGmb&RIfvhowtRHrbqW^)>^q<S&kWKeDtRb*@NBj^N{G1vB6B&n<
z9<s|pt0*ljl}Rd^E4j}53>IrG>I|1}^fYf*$e=afzrp(h84IEhE;UMuu^r6!h@c?N
zpjvaoMLVM?#+u5q61){YR6DA|PU@kl)>R0DcI!^Kh9xr%feZudbB1*TYQXeu#>}mI
z_rM1?QFu`!2usXPDMf5ifj*dd4YN97jqHSSwZ*BcE%~M!sjUN;p+40H-rZ!c^l|uQ
zfOZekcXvoH*Buz3K%*(UddA^J$(UUBH?9jtjlj{DFs{bghn_?lN53eIWB(9c>ZqL|
zy-xIvEYn&i8nrW|)``B6N}a!0J$-$r?$_wGd~2VKeMwys*mdyob9A07uL+*Yo0((y
z)3_PjDICVBA?(K@7~e8#d|@*Vv#&9*0gN#_WepMGOV=_df)K$<%!Ad}s7+7nTPmtK
zHY>K!EDpyOFf}zR#0GFR0aPs$oyAmu!9CYFlAIxeK`i3+&<k~yr7tTexn`N^{-ytH
zg@J@NA6^<H$3Wd|^uZ>n))c@PNigP$)7G6KM!|9MI@mObbf;k<qokyqHeCJ0L=avL
z3+nqbgSH|oRFML&gZ@{One~^Dyy;8ZR1SnhiD6(q^iE+|&{hrYUp&lt+@_>>7{e<(
z-jsRwd+0xyx=h&={dfh>!JNi;MI!@q8dF9AWz^@VVkY-vnw&~O0p&b+mZjWi1$K*a
zs>Ff_yopSwT0MN0OI$InF1@{oF=X6t-~}Akcnq281w0oEO7VhX0}E*QHL)KRs4!Af
zVDF5OGKfL{#dIvDl&ZCThNV2yiUIZhz{PahtX%EIoar<jps&?57X~k8>~v&J1P)^y
z`rk)Z*<p<5RR*zcKrL>VI$ai5p6}_*oHE#89eQ_*8Um~0H+!f`jeB1&xnmBwe&+B9
zYl^w$)Jlnm<TT3WiN#PU>+HvSI5cJz*b3SSY$VDMxxhx&LI_>TTAeAGMlLj_f^IkH
zP=%L+*Wdzkp}y4W?-BfJeV(W;i&Rfp0A5-ZBSCUu?fXn^X3+;Utj#UiDi@V-{whb)
zft&-p&#Z%(I*-=&4KnTJ_xc*st6eWIQgftLZc_xSOa_bJm&5UH4omW77ZwnITszHX
zbbfOwvmMR2nOLyk=OPx#WDhfe*{wt*x(N9}???`~lv<)XP9TFEhG%i`SI~hpGmf%+
zR3*X73gTH%CA%a`$Sc_kS%!5bi)d=vo3kkd6#kjFCw~@RE)zE3v`Bi6-nXF4?0K@6
z+j4`<<B>|1OR;C*wcNn#=|K~9cJxYa;8on_vrZF?PdB`oq~I3v$G}q*HRn*sC|MFT
z7izQkeO%y!oM9dhD6QizZs0wfVS(N$dzQ+fT;<?}Ye|PWTeZq8t0CFs1p4IP0Opa?
zHq7HU)8XGj9>4~&uqrOFTjYU(|KJAR&l%R^W%2<wSEZb44!$Os!{JIgNPlK=@tL$U
zN}|<TkUtN-@`2#3Qsg?*WMU$riCe0#i_GKLGb3|O5v(cMaWmQ6naNqxk;4fy%?HV+
z>9JU+nUj2)Cl)gu!=A(61r~FL4GheI>m@<2^cWRVAa9u-3Zl1;Ud3ug9_GA|QGv~%
ztL)wkBjzeduVu+nb}3xzN%EyrSpg*>^mU1nsIiZWogdeAeq7)AaiQ~LlBks@>9Vd8
z&$<@EEU$o8p>^BqQ{lq=-ol}g?IY^BNz93*3ELt!-U(9W^>H{wsVn1I0xqbg2m_V3
zYuN1}&7&?zjo{8k0_!%$I~!pefu#cd0xvJYGSZ_?Q(2E=H85BXL$p_xx0u}s<K^&W
zNT1V)eesokF(&rK*ZRequ`kx>7jMMASgT)*j(xF?UZ6}tn+n(K4_{-+j0+Aghqc<J
z=EdG}Vpw(I8WD?E-81b^q7bE<HWtbS(9pm;;VvQH=EA93`JTuO7o!kaC;#oQ$fPzZ
z%&L%acxMt5dTF~*-apJR?RsSJuz_i<<X?fj8Hu5C#c7e3-9zl9Er)Ca!H-!mwt@C=
zDWu2>peUg|1qQ#_k9m?Q<)W82u7mY_^0qGbV<3Q7j9GHn1^kHh@pLLWy_vwQa}k?M
z95aJ7=gWbrAZ7y%skVOftEG}cY{YZWXpFgyFprlJTk`UzTm<=Tv@s7kOutL^@Z1Il
zHn@_cND;{xctprt<S3L%EiAi>jH_5^U{kKP+MlMhWO`bO=W~HUno%gW)S3sejhbN;
z31!s&awSc;d@xz!nJHN(Xa=x+rA_P7+VSK`%-Ukmj7&8QPmd&-XHP=ePMxGo)%h|z
zp>vsP%O$9DxhRs$2Qj%6!E`H^rIB2wPoj+q4C@KJk_)=LDw50Wm|W6e<|L*vS-di2
z#66+;C~*0V79Wt4fn{WapjlNfhYVHO`sL^=RztFk#-r>>n%xUhJnC~6z`7-*mC$1Y
z^OPbazwq&v)LDMXo*NUb5ECvn2fCM+b2V`qd8cyfk|!|7z$RQ^Q{A6=lER`NNsXpX
z5YOU*4$UU}2*#xdv%$#EqFSEC4Rv-9dA7NkqC$?Lc1m%nK;WlhF|2ru7TQasU}z-u
zIf2*8WN92GkO_ogMkQV=DrGsJKBlY-LTZA7;#W3>NvYJ(j~=Te?XQ7>S8#!Cb!DaK
zZD?Qx7kIU*to*(hK6{K|>jJffC7(0Q4dQiNkZX=+@LH;zg}|oADzR8^bCIJgKWLqy
zkrPJ|{mMKkXMd$T=`t?x3T@U1_z{ZC7k}Y`4)mBW>bt$LGONI=<;2<PRS+-Xf)+|0
zUbW!@FL8c#4HvXqrgpDPL>*rJi3_Z7ekF(5RZg#}Enef$<k(jlze<Y=;_!=o;Wx9o
zlMB4tp_FrZ1zr%9KoZ*U6uuQlq$tAiDh_!wZ;!XdeK}Zu`MmnFDSh_><5l<)i~Dkz
z{BpR?b7_jei{Z=e3`GHgAI7FIyc{-I_pj3ZR_lIvik#5@)SV#|`2E<%k5Hh7UJ%cL
zfhxB8{_d59>S22t1A1u6%T~M&p49};ZGxvl7lCI5@bmzlRU&^|1+YZ`Tb0mn0MDiC
za|8053+S5*0vHV79|9OGk-z5#Fs%$*QIIl;%~=hsY+E(fg`@@KgdTX4LbH-qeJWzA
z<|i(64&{4}S#T>VxK#j~Hq_NGlzFxyr+~@iOn7W&3@?VaLMDh`FbV2J>;5CUpJv^E
zsvTjS%`5R-GF}E`=cP%$q$;aU&aHH`4K(C1UrGQ_9;X@J$E#_E>5|QO*KAfrWpg*L
z#(UkfdCfJOHD)%}wy(&JuU#ubMr6lVzS{96e@&-vz@hhK#_)W3tvysLf7cauKV0W4
zKU_h5tLrGMeL1hB4IS!{@~p5j6gL~tb^U&l+IS^XR`B-3VQeX%b5Hq`PD%Y<X~8nk
z6_#xYVA+raEHC^fSpLK-iAUNR*VDam2W_xi#Ve(Vw5ROhp7Mw@EXP;4!E!7CEGv?L
zW!!Iq<qBR&qTANEJu6%r*LQLRmaBOsiA7t=o$e{0o$Lt9c2`&iOm>H5MiQ{hKH1c=
z$-QwePfkcJ>)lh1bcSWED=e=jfMrY)uzd8JV7Zc4k~U#$+$#6Rjkm#a4X-4{#+Guq
zd&>8mVOi=5%cNLXsv@uqO#+s0eiJMXeLl;*ar11j{Fzshk=B-Sx_in6&ag~%g=J9!
zYU!B-EPGEjZ+XkTai1pUEpNJ~{K6TQ(XOz3l>nAK%WH<E*OcD^OIuz^26tQIhPgLx
zs|}XxcqL7kY$=Dhr~JVgmgihy`6&S`o05R#`6(xP5IyPMxL*<vqH6b)hn!*Q;R?%<
z1hA}10+z8;PO>E0x7@XHPffAI(mocJ-R>#-O>u-}=W;h#o}J<j%d8||nR&8d`PRL0
z!)>r!%PVPF%a(GZd&&{cu&j55Wn=<a-bw<Nl_wjP)$WaZCowE5-BV6*hGn@cEbk?N
zWmpohY&_Yp%yDnr2R2y#!Yj!xWJ@{IJ>`67Sf;zevLFF0PbLA&?voA6+wP6~cuGQ+
zJJvnrXU?#^=?cpiQ{2_LeamWwrF!Z~hUG=~#%;F2QpqdnaK0_&^X@6XbB1MzD=a@G
zpq6iwfMv+ZhNX{t<M!KNxrtYj(`j4EUhXM>b%v$d6_!H@U|F36EN`A{SPm?6ZCvlE
z3Fkz6-BUh2)e)B6%iLh;H`N`MIZ41W{ba+k#l3MaOif5F-?*oI$r+Z7uCR<q0L$A+
zz_R>g!}5uH<Hp%wxskUg_rJE3AGxP|*BO?TuCPo<0LzO>z_R{i!!p;sakFi(+`ucb
zGCJjK_mp#;VVUU)%lrhe^hpAiohKWXcikKJkqwsr;guA$$(C}Qd&*CoVHxWR%V!B-
zIk2>5Sb9u5$*{cS-negUus9g7UT{yj#Tl08U19ky0W4dRfaST94a?K+joWL3#la-e
z+dbt0XIOf<!t(1>cXjTQBw!hRvSImkscYkUO-pER+3%jR&ooC^_AYgU<>_he)G{{-
zSf-wASiW;_-1E~CP8B!1r+m>FmTz2Pc_{%b?<N7u(vuC#XYP#~J1yZL`q(|?+s?3j
z<O<8X31E3C30T&iY*^;IH*V&%gbN}cxTl=s49jd+Smq{x<>@3~*?zKNnc&{ImDB8!
zsC}#?ddEHGYG+u+xx(^E0$6@sQZp>aPc|$g+#9zsF|`bLPx-AgEHAjivLyj5-z5Rd
z!09I$mVWMy+dVCzz2zzQl>3}v>Fo;3fdsI8mIN%XoorYREpcsJ_4I_2=oj~tPfmA)
zW&aX4So%zNhh=^euuMMLu>9cOxFORM8ZEcFryS-C%Vt+tUYzc(&P_-Hmc=I<mM`2J
z_vZA3gXmNDly5o1^06x{ZzrIZ5lO)E^~r{1fqUboPfw_~%yUmU%NdprTw$4$0G579
z!1D9ShUGo?#x0+oP!f%IPr1q&mUmoXS)BluLyK#M<><+VWu$xK)+gpIFT1DQ<P6Jj
zS6IGH0Lu?az|w!lNrvTF_r~p<o^Y|XuY1Zp&agb?3d_C(uzZmOETc{~EJqf*Hm=8v
z2rSq0O4=4|OL@>eWzQLou>7*v4VEWoxWlp_30U4g*|7ZN-ni#xBs461@1Am~Gb~$O
zVHuVHmiLl?W#NpIyaDwq_r{H$kx&wS?w)dtGc2FF!tz!ESVkrR%a<n`mPPK3n>r)m
zZm194Q_gUPWu7Z6vu3!fbI&FL%a11;mPzi7TRJ15fS%}{a)mQ2<6U7{MG5LtQTOwK
z*wK9}_-NNmzM@QuD3cc4z_O@Jg7!>aT<mzz|00+-iBU|5F}%W3co)}rdR=NxGt6^Q
z!t&ml#>)`zWrpd9)T=xq4q8ly%E;j%?3$sR5pZF-Lwt6z=?<}uPQsL1M1?V(#LD0@
zrP@31Q-|KO?xmAC1>}-M2)r7;dZYp`hpbBcoBX--cDzIWz5I5(Q~v!^<o@sS?-jRW
zd-=C*<o(_9Z$;$!9rnLh#{9iH=Kb~h@1OPGD`M`i(|@nkf3MMhFVTN5(|;>s%DF63
z@2KxDcd1`&y<*eHzP~C`?%(wHf75vUO{cpGGAi*R$gIS>p!cJd*dFqOc#r&{t9#|o
z|60%fVcyEW9rWM(t#3NXpNFh;bk$M*JScx2kUxKyKX+Ssb+B&RTW{N2`E`iSKJs1U
z*?m@4cSqM8I0(Zg3*xB0ti*o8xjB6QK4Su}yhh-yZ3W)ZR$v=wQX%kvt`hjbRRS-&
zN?=>atf<6mpb@#p%c{h%{P_!HRYLy1?H~4GkXwnD%T5$9;}JT7_X)4CH$Igi<1l*$
z6C9p>xV>Z~8Jwl0dKjD5(BlCQFpnpd9m)22h@X2r%;RBY4|c37>vV6~U3Yh_dho&f
zI^SJ&M$7WDP7gj<Ro10*r?UGx+*x+d-~V2A#~q#ies8O@&**gbUH9Hmb;f-i9_aFL
zS<CXW4iEhOzAks&?V*qLP1&6tsyatK@fe16>A9n02jlM^kH^!w>aM%)Zg1Qx>rwSc
z$GbZl_j*$3afb(udp+Rs+}Ghw^YW29?!V8t*OMyWck1xKJ?iNlojc#%sY+d|=Vw}(
z+}Ghw^&)s@mk#$;ozdZe3&|-BGLJW<BZBf!vzH<{(LqY&fdb5ASf4|E@`iM;AWs`P
z`dD`h<?*79U%MZmBc&b54@$9tEP&+T0`4XM%t1U?{%Jxy5qJ}N33R@=0K7qROQgLR
z<d&gdO2n4r(Jh5H!b0U6&Z}L;`FNS+les!%WiIBH;^_g*Ey0GTA%k2x&Du?1eeTDG
zC0M^4Pp4mBBMPq7MV3?-&ut)UuY3fzfNqAYhoEYqyz}xlbi&Fj>q_-x9F9F+p`0b<
zA@Zw{@f>W_7+E8M>5b`pX&(0@@-}63oDO+wIzTJ=J9(LrrFS-DMn2i>&dO5(<B%nZ
z^hH*w96RR)DRg#IDVk3anAZ~18zFMY43=U;iBSMgD>2M$b*^0SQ|PF7ZU9+RG~i(~
z_xc<*DtG5r*0SRHEh*Fl;fAKK1%WJJaCn0SBkiQm4fLso`Wg%TgZ^xZf<q$60{l|*
z8nxFGDM{&Fne~nu@1@F=bA!|*3YuSxXYvAyp6@kXabdQ0T*7#Ow~9E6YfRoqSisDO
z@w`erqYSSV0?&}bwA^xFRLl*5Xz+48RW_~(p4t$L49r#{w^$t(&JeZ=lRF?mp}P%a
z;1xoUcQf=eSyC<*UZvf-XAhBRm6u>+g>z;e8k}LF!0Z6}OX&9u<*oiKF0;|THcGL$
z7;^;{3wfPetbfg-4cRHV&_$M>DFnYB(O*FQl`iqedRJo|?Ig5JeIhBNn}K=MR$Jo@
z)nua~78{X9`q3!CV#ih+Lc&}~g?Vq4MOcIl*@n%deO4=E0ToH)VHK|+%b?TZ0e&Io
z2^z~K6h>ZFpsXS0n50+-^XQH>5z6lkbTF{KsU5Y(67I(aXP}q2q?&noDW1(4o>`7(
z7fYaZM)FzXpm}#DXIL7Py{f%7qG(Q})KFMN+?toRrPJNs3e2#4NRi{5V);|5bhY3=
z{nD_%bojnDkIX7!mi*IL-8E7^GtZ&B6v^HcJ1j#i;$<aeWhH@_f0$K{SWKP`m7CM9
zhEDv5EwR#S9}uc8jKgkEr3G6V50sVSDZDNgHNcWGJ*Wz>w8Z2-S`qF_YI4wONd-aU
z@T?@}nJh6c7*k*oXJ%>jXsqi}9*!yHmgw7?BDXTz-1afqO6s!mdi1x{*eC2+my;VZ
zGw0KyzrQ)UQkhl1g(fddg6t}4Nv6@%))HxE3t8I9nxdSCjbz9!j^G}4C%8@#Fu#u@
zI4R@;s{aEdPy^Up%N4(!9=aG-V+@Cmbb3+Z^g`AmU$|GI=r<5yY}*3A8xhv69TAq2
zTg!Te>hRN5x`4VnL*LoF?a}iq)pI{(A}Et)oZ%k@76t$5e1eouIcHe^w^k+~Mfz{e
zq`t)QH?+kZ-R0!H1IZ^_VO1GoJ!Jf5fe3%67&*C>Wo3wv!SrLIh&v3ce+PH3wDSsX
z$RU<lhFF4`0TP#)e?Yv5x3&*K_1+gyK3&R4=P*dy@bW-_+`i<Xj|;7tlq2JmLJ|%U
z8QdSCu=yZaXhAtQcsb8S)<F#bUDw7@C^e47<xlE)p+%|%vaptjjd*ENnHll<<jH&r
z{e<<S4AUT^z0@)b0=+F~Q>8kxVnAyU0la|wu_@_EjrCV$e&x8fLg|>wnKXkOq3+?K
z3T42990M<<iz-7u$x@E=fXh(|eu@SO@Q@0c2ux3J^3cc2%gU7dmP+*T#`epGoVBJt
zXsBHSN}Z)dImVV#ntbIHC!gG7SK_5mB`}{#<`??06_qBNk!K)60bvg941T6^V2d0|
z1ZMFw5gYQ`cs4S~uP}sE{N>cgTTV1_YJ?^PVzyLZnT;+aYnMDlsrH5lR$via!3->I
zCJDG$yAy;5h^Y*cKLa%d-_KllZ%SFT)9;AwQ>eBx?(wGdDAF_0)+~x<P67dvBAt!c
zMz$<ND&?3S#EXSe^d&xzP~dHwzs$y%#idZw#fvDx<I42wRVm+;1)5IrY#z85(|Hxq
zV>VG}RuJ>y5pv1}jYV0RiM0?)v%bS1hAxMBmad9P;@Qe8UOseIpJof~Y0Lhp8UsXi
z20h9!!$zs6$lIDeL0jwTeko=ttUK@=IkyPPs$@yHSu?|IdOP7JTF-EMQE39>@urMw
zq`TKp-pM3HKE!ss6w`TSEIyAar>Vk@j%@LLHG-pk14ezKTXzw)E~8TBrP_3_s~(|i
zJ-JxdTCkJD$a2L0L#;0tC%N@X9MD7)FN%_rjjGDHoGK%SJLo}nMVazj&3G4j(9S5s
zYq=kNC78!A!cty>c>x~4!WNS0=5Z(rLX}ZgW@(xoBJ%8=$ExBaYK%}ViwM=)%2MK)
zrSSswfk*}VpcLtabxDAAl>#igQVKA?lwcX$5EOe%RlGDRniBca|1Xki1{T5X3`^iq
zl31-oS(%bR3^NU)+ZZY3h_+2aNm+Qm-~ux^{FNa>Kw#E2QU+c_GSD9+(@GIsDh#7S
zi?4b_@B{4P>poZU)ixRNHSrWZR_0Nt9h1m0lb72YSI8MQ6j(@&<NgvXEJ3d%<Gfa7
z6tfJfY~mR5g1of2oV-l=C2@IqODy6#iLXT-BG1F77b9{Z39u*Tad^n!W}7;)2rrhD
z*Hn%_30)zkH^OK?#4Xexf7G3!_28>1yGKN=72|A!RO>S3t}?4Js?Vjsb<4_#&m~u@
ze@d`+lfCRUc;FUH=M|XIghqq*K5Sq<g|j4WD2jn1hYp6e%eJ<xWj28+FjrU-GanuZ
zVuqX@rmM)jT~wftEW=fb$|^_}z<bh4BbmR;X(9~8QFkrW-Gx!_N~7Lc>1bt{-%FSP
zuW!XYR6pkI+^Ez&{=Y`8rL>*n4{WZfxEWK3*CoU|Q|SE)f-4vYcp7vQnBPF6)4&e7
ze9$o-@eJZ<hQ;m33c(B1eG7HlLfz4fn2)m7Q{5rGAi+Bm#9mP#s!t?M)6=HtgZm8A
zZjnhNJxJr*6qlVU9Ombw_DRb4Kd@>8Rvo4PT+0Jw9STNs*dT9t3q3dZMaod72ptTv
zRl%9+t|78hgdPITEA<|Xhh<4HR2J7?{ygJgK&dNd>vgEJ9$|=o*0nIA8M_gw#Z_i)
z`~}I@hw?Hbmv*kOhV0YURS)xu^{}cJavG#5%)?mo3p^g6rON++rOVELzvF=i?(X!P
zmM`ViUpsc{(Djb0yN!EQM$QYGPV1Hf%QT~UHJw@XRCo$09EKb_6qPt5h-XW2kwuYw
zef;ctQb2ZLXtb3g*dRfidnT5ijTb5Qspq%cRL1f!3yNq_Gmk@8BH({8EQCGX1^Ul0
zl$0;TLSBeP0W55UMUACM_cx;XRy_`Hq{z=VbT{;S`M5}}k@*WK!tb~g#=)Q^t@Er^
znH)@~^`$0SjR&uRS-b#?tQ8}v6L%5XOLQT;o>YYjIDAJH8j+wv+hm2Vs6ec*M~JVP
zB1x>HV*qFqF+ZF5RF<5Grb8!+(V$i(g<sif?q`?{b>)i=0_#Jez_YJJTDc4qs5y(E
z#hweePvEI%;ROxw)KjGD*H~UuA*;h-cDlrdx>(MsGtNdPXGrO{V<yd9nNZ5rHS&Wh
zhF<W?@t!N|oGZVezoc7r7Ai8VTIHpr-ln{m7hs*c&|8W*Eo5z|;|*H8_N1iJjx6N2
zP(ElbPihc?m?bmK<W|PWAwO7``pQ?V=hm9Td*LCn|2<0Ug|N9w7|JdoyUVXTN_Gl$
zR{@O7lxpjDRiYRRU__=sKYUxImhTFAL9wmp0=nnMXEL)Kk_^z<FwOrOE6fa{7czrE
zY%D9zprM{yKB6l1dE!dt!n;(D&m#43A){OvlSxbG{Zh=;TFkf_S))qy2WY)gi8f)b
zLa6c9#+v--Pt?X0sW`*@PL=3|xjun~Fu#+~1^Y`7VYg4#YG5aUg)On@jM5fCC1484
z8lysd%=JmZd^!u5QwJ5~qtcMYcv4cml1bNVPZg=h|3USt$Fr$I_1a)oDQ1^qRtx!?
z$y+EeE7ami5RqT6XJb-BELD_USGBB&WSX2B5yUUcs$UcZtE{vdtbvM{iu*Wx>tkB(
zL!~g+h7ej(zujrbapXx!O_kO68mbLms{1`etMw!klYd*skS;<az4!xvGbpHu%86A}
zdQws|B;EUHB*~wA`uS4+RC`iVvtIF}q~=s<4WL66jgk~@m=*P#6(u~fqW~_He;}_?
z)eat1Go6aqF_TTA^L{}giGk})mK^G+AjJUx(6j>`DFUEtrPJHXx(<}JuGUlH-0H+B
zDkDv-!VIaHF%C1K!kXD-gXB(dtB_Z69NlVQ&eiBG#+*`NsBlW&I@FH*QY;9dQGz*K
z(SnpN1!Zzh?Biv`oZg||0L3EAHCappv!9yE{F@63&abAgx7xT<rDT0)QAv3LieIDo
zYPP9Hq!L%kG%RCLp8ng&48c%F`y?_?!NLa0n&e4I<s2T8xTecuB-h|)Y8ymr-Je+!
z#2i^dfnqa)x2E}{keSh6xI>K)!Rt__b)ZP*Sx@F!BtiD3Z}p_4X3KlO%#Pg0!vmFA
zz#EVRH#8iX;3FY4Q?|SkPt!EfQU`>utJs~uyfQt|{IK}}fkjQQu#p2t^Pg_<uL5`}
zPcqu?9}v#+@cleS*elZc|CoCd__(g}P<)O)ea9L}BWW}<vLs70XGZcCTX!Vc&gPL5
z#a0rH*V;}P6WU=c&De^i8D(Z9Sze?(H-)qhsKZkB@PJpAMxlf~=0R9m2$T|NC`&2O
zLZGw+C_8<$@c(_^Irq*TElF7ZzgPeK8_m6Qmvg@J?c15Q>~&!Ty-FwOIEgEM9oq{e
zumPGbGvnv{pRLY*Kp}!o54}n_nKVNBmvCT6@7beV1~qSADWi<&wKB-ytqq&g{pPgU
z%+ikW>VfXiN7rD}4lQLBHuyPFs40qSw{bA|Y^;c%FlOv9pYTC|Ea?DQzEg_7nXe6!
zq%TkACTyhdzD@e?whO!gRsvgP02}+zC$A=3nTJM8%`0C<uY3ucIkr=4Ia3PS4y@DG
z)9@i;j`R03I=5;m=aYBPlVOWW*_u$3gnEJP1N+f8j_v)}dK7mlY)&}{?UOnP>6N6Z
z(8D?vhIs=SnVZ=yqw>^l8AabLq7)JiDD(!~3@P+;Qe30L_8|=Ausx2x+p#@HY>YqU
z0PoTrf|uNtOJHZf5m<lUL;~x9yEKN9C<rH4imZ<}2_(s2R0zE{p|Wrn&Df%OT$5Na
z8)#A5jD)6yLT~ti2e1ilUqT-N_fCcF&|%>&@G9(24-F;J3vDXCeSh5I2m}GL5#F>Y
zG=KL?c+68K)JR|mel~4kJN$98;_oVHc=TU23FAhL+f3SL&Jamz8S&mlwOmNFyQJA3
zcJgkw&>yhh_CM~TxBaR~@pqL(AN)m=c1?<YjBB*<>pyW@B_-p|?G*P}h7qDy-a%T#
z!*`Ju@o|3Y!}L^?@V8BZb&bXt)`wa1V2DdnhaBsod06kb(u2*?GP(16^*c1lfo1%q
zH)yla;CAhG42oJAN3;KIhv1y?S~#Wc>00Pu38t_Ge%~T)-@{*%{EfwYJ|Ww%^&on;
zVf#t43xb-;BIx7nLsNNR4AMU^?%i{2Xx2T!<EYUQ-kKakx;eGtE~vL1#j||hWwwGz
zc-9Q&SOVUQ7301B_ZbEPT6KuAM0yl_vq52d7!|y>tc9R}&o}VCdc1Ldlyd{^FSa$E
zz<L$enMKd&nA6%e#Lx$R(q>Ov5v<=tEQ_F4P<jnxoG#dszzqqvH1^6p*sLMf9Hq}q
z3I_(zE3f9CJ0WUe7&;U-OW1Ge9Z3>eR;QV)LPOZGC;E2mhkDlL>r*=Qj9AA33_+*f
zzony$p(u9t@xE%lo$NGht2=<LVQh<G>-EHTf_j@3c+aAR2(J)HtcOo6C>$nb2i_%w
zj7P8q{<WwO;pIMMV*N74V(H1END_U%rqRMs8)xOVE9{U%oEX=ouv_YM)TqT@`=r1D
z3p?aa^g%GiBkF{mmvN86P7C*N2?T@%?tzoU@ee5U!<EH4VzYbo)FF_-&KPbFW9I-~
zn?OH|vAq7A=dyv`CW`>~oTT1qHG$hL+^Xo)D`9(*FY2{0O5=ogE+#N6g@xUhFdXfR
zj$(&Nmh7hAqbJY@nH)c<gG`!!vM&1)*sri2ZnZEWE%d?9JPQ479QC?ZVFzh9`v@LB
z2tG>p!U=`jN&CJB{iHhvd1sp&%_ewTc(Gc)#6EZ4PFSIz_|XQ1ZE$-MLkaZDUUPNq
z1Yh3!1#I1no!bcdXX=(P6rj^r?!Q!*x&*<cYf_2d&t1k46mqy7rmmn*?y0=H^Y^ef
zik*=J_U@-YXL9<=&g-xho|`LUC&Vx7->@J4_abq^&v@u}XwG5pgV-7Q8Fou}_u`{^
zb<5Zt#aJJ9^S(TgrU4J|YTb86TN=A93^ZeBZ+N*?6q4}1kidY1kKActs3%Oq2I0pc
zVve^G6691Fo8T>rmq~oYV93IaC$Jx;Sf%{FCnuGBne<`ZL(Fh{b;!|VrVyS=_+C+O
z|5&e<yUjN0qieKJ@g4M$#AbN1!NUGX9DRE(8`1HCvY=6Xw$Y+dw8XF(UbC3si@XxP
z;z{B*TDi}nKLPJqR64P(7XGko@A4hjdwjPTZ7C$-ON~h>;IHpggvp^k>>RRi8@x3{
zn$KGnlQ_unKOy0s!soF8v?)6yuoW7Tq&hX-gx(inQ-1<Ghp}mc`Si*&_U26u5@sy)
z4)WH~-Y{8>-mp9%ThP~!P1a@0WYc03%vlNE(^SY#CE;ftBK{VB;WXLNL1MC#!~)vr
z+nvgMZMhXy7qK=ORM@f|QRfpoS;Z}qj^efgBPX%xIASk)4<W*=lCicnW~WUY#O+0I
zFV<Vwco6HmQ9O@cGHt!>flqA5dT6v#h)_<%<5*8@&ugN5Lh{C%F6Yc2XqnLE#9IV>
z?jrI3Hpg*lVcjq`E3DtZne%2Ra0zd!5vVpGZp8KQ4;ShEZ>mw)GKv_-mfg4>zI>7Q
zpw;hvVGU_GtpZzQn}LJYdYruW78yZ|?!cz2%<QlW>-m%55RuWgHrcewtV@X{tcTBB
zWUZJz88k8hZHoBLM=x4sc({gse9)*_+ASDNB9hv}5rBk*&(LUf(S+F&vssrV5b&Bc
zEQnTwg!k77xt@m|#g;7MepJ`cgaX(i{fN<F_sY#F8u`<#90_CaK1!=Lm!PjzYxYCo
z660r#822kn@rv>GV!U@8i|^Oe3g#GCPv%G1@ylo_+%kyuUD(n~pNxvwQe+(5z5)|1
zv%_%X9<o3LeB^ur8{q@BF85gi8%bCnVXX=!c$1{Q&k3v}b+t{QKgC81!82fC9RYJt
zUZ!*JI?rqdK2=Mr^se&?z4RU4b>3p&^kV(BC?2wCey^`3aJ-Y=as|Ee6gEjeHV!#y
z<c-}LT=aWg?$Ya6b(Zk`k_rUT3vX=X!8IqOiZXsYa9*I;Oco-%rPeBAJ(S8Uotk*8
zy$YKWyr~&V*eI|U?ohN;-UK%GV;k_^#Ak>reWjG*=M($=N{KyOfi4UkT*W&iX_`;0
zBm8?)?Pb_*!EqMFJ(f&iJ-nB}5s#aI61=@Oxh7EimoT`5Z59SE5q4a@unKmxs)U5o
zE0E)EuY(-z7=UxCTEY8m^t+ZDv7U_U!KcD0QUPgDg_K*v>t9{NBV$)zutmE|Zp5qL
z4T3e6uP$iQ&nM4nHGs21$y5*TA~FAvu&|BL#b>P7W(n_EAW<ul#LWD9XWSOe{6j35
zJ}nZqF9s!i(xc>udb_acTEwu7wGn!pMC_HlvgtWdPN>!b^Zs&`z_hS&Bi3(4@eX1z
zUuz)Be$z!;N&JTzqa?nP^lkW;hGk0PYs$hRP3GtI)}^}gC2V~O3&{n>mB+>Xm5utM
z_D1Mlsl7?fQg6%INxD!AWG(%z8M4at&8^_|B#jB$%bGw7fpiG3k^+MS%eYpIE&jSu
z3fxNi^-jXZFI-IFcK8or>uJ8#^)#RSlFmF)yl5x2%GPYLkTptRNc(SSrC|MKz590?
z+@(m9+r<_pN@!2uE;vmJ&KT=^o!7x+-4a76Bwym_jx=hRQ(Eh5{VMjtJgxI)4VP`#
zq-eZH%~9@tYz39V5FAe6c9^}wAW0a-xMZzR``Y343por~*iLW&Uoyz`1R**a#5TEr
zo1cSmMGOAsMZpXuB;lnsigd*`$X>!uxayKo6+=+wX*6H5bwr=M13P6iw#;E09O74e
zXyH=j6>-j*-pF6&CwA*_mG2S{CE*OEL&8@*{Nj72L@XS`&Ug~r;RUU<I`{BZL0aed
zC(sM;6PKMlB~w<`1TR|1Y2U-AYRIDa^2H?fLwacleS73Rtf#&@ue4ikyZ)orP*=Mp
zyePox>XVZ$b@k7K3cKOE3yK!{$pwKOCus3sRHIWh{AE(*TKhOQ*eK!uEOO0|FA>G2
zjp*AzQ~cI~#n9+exOD^eS!{{4OURRX_DzqHO1^)$jGndafIu62%R;grqXJ{Ri)n|v
zT5s)`!?2}Im|@P6?<aPCPGMvd4zlws%KQ7VOO}XZk0J~R$(>vyKtoX29>ES7=jw+(
z9XY#%gR;-uO20`}XYu~PY}iE=ZY1NYLqgKB&(MgRuTWn7y!(<<u1l_Roxj?KP88eW
z|12up3Xge|4JZ0(t8?U+5F~?blC%lsdPvZDNEEk*T|j<lQDBrG*dd|7L!kEzD~!S(
zK3T6%Mll+u!(siTc9^4)c-^o5vWMRN=Zi|hcD2f6Ho{dFoV6_U!y6a5#PyP>OPXc6
zjDDCB4`2uES|Y0ZpEKezBHZV-umheDOBOc420_T&DdA`mhhz|UMxxlg-C3-iT#Hx*
z6*64kw;+bF6aG>pu_J-u9yZ8B623oaXiAYW{VTtKUwN*?EeZDsLA0eXbQ#-JG|RiL
zw&^-Uzl@%c@E;4gK9T^RT@W;!zZVwnv&R$0oiX}cF{<`ui{%<*J={0r)*0YWy)>qN
zYd5yR2Ze>(73m1uwHos;9)a88m5aPQd4)szL6zx`Xn5}=Y^IY0@y8bg&-#}lvC>D<
zDX+n9GWoxC(bDD@uX{+sOY#om@xed&i6rAopTM?{v2h;7MtE4zP#;}j{J&RRp}W56
zfR^8Vxs~R0sV0ej_~peV{?0zFho*Cmx>E<QSR|9>+a4w1#fui(EkeS#J%WEz3HYvu
zbf1lO0F*#$zdBD#7h47_RPIV(i-hmjD#U(lxtl%}{ONhi=t^I&)qb!*n+EU-_4p78
zefT#IM_`HX>0;;leyt%P${V!;-M@MyQb!@1?VX|b=`p5wz5ZxXpjQZ;3SQ4uPfddU
zNhK}U2eEC=JK**p@C{*M>xP8!r3c!uRW@N=FM0<|iEo1pS3>G>S(lRVg9Widvu1va
zy^{0tI)qfjGrzN-ur(Y*gqH~=qr?$!6^wpx<s4}<A45Kk0zP_9SQa+I=P_vqDoHcH
zzl`<M=uHqEyl9aOqMv%mcsrXQX-Sw0FXq$Ft6|qcW0)7}=L^CHQ~f^l$`dSw-aDgQ
z;qLDKrwPn@C48)2NCm(2h@^zSSP=Y_7tU78GI~l39`Pz{RTzK|&ngV{B<%Wt5SO)a
za4LYEGPGI%$}8dCdI9@L>#l>Bii8o1>$RVI^_9RTS$9HD8NG3~sp_RD6UsW+>jc(c
zFr!Ijh|Qc&HE3se-Ti!Nohugawdk$}xlg}|v!g#j-^19{Z@+B_QNBYzVQJ+P<b4dL
zmy}n6>8XMJZw;LG$<p>?7a5!gS89}u#yRAZRTjqJYZuvt=Y`kTu&MXWi$qgzsj;xm
z(9kA&*neCU3VrbWnjC}ME8*uC1^VFLnuKvNcqRPsqL6La+C}y?eaagVp;_59=#3l5
zdu0S0{0{Kr*rY-4?L(A@h}yiga&sw@$5UsN`=qvI`w8(sdhThwWFsywnT4(J227wo
z5yobj&`xTFehXWYq~&}<`<27!i=+Pmnu<SR$8IGt!+hQSSpO#u=Ko~I(%9a^j$JZ2
zd$2QVp%3n^*S4;uo9F0!c>7Uxb_U?1=R_HO@MdK4`iaNFdig=bn`JL8x`lPR1;UpW
zgltn7gKQGLWI?o6zFk{^vV`kM9DPJQirxfoD-LfhJ0id<;e++;!+XS_Z8U`lKdBc)
z`7d4+9NLG!JGX}OuL<6bNnW1#`>-CqD3ZiLh<>pib|xQ1gnmKq|FK7qn0UdWu+R&y
zS=3e1|8+5Giwg;Vb1sP(bfs;<Lr6>g*g0!?@>ZwG5oQO>>ruEZ=|L3mhwB_mn$X4D
zg@Fx@G0nVy)1U2p&}U*m|N5>O8j4xxUK8OW^Lu9)y)oQ*JAYoUcXHSHQ<V+g2}bDz
zHc0ri$6CQ2I8yRtQM1TbU$mTvJWY;c^o9+zz{~1LUH;CTvUAqf&M^}3#ySoj{taOw
zJhGs8TXTdD+o6*O=jib9I^{BnADR;htcQEoS-ekwJ@hL(iszMk%&d0Gpj7{-dWs6S
zDE`z<4`|hWF}(JA^vOLk>B@)eM}$Wf6IlOt^d<(e33gk?h4lPs?Lzva7RHNz^$^%z
zzDT2(BChq$MfRY;r#za?c;PT{vEmZEpQGFGm4yTow@+S8Bb2cIe)NL(3Zne>({UQh
zcz_OJlab<P=lo%XEs2U;c+}zAt+0Ux_~gPRTG(HBl)bP!6Bs9!utmFEwy+<`M~34{
zlgqn9gSU*{C^q%cTL-z;c72kg*3DuC1EYtK0e=cxr5{^{h?lj(yB43G<uUg8<PZ;|
z9v)u2!kmiG?&pPPDBmS9roU|wb*W35eZJg@95(UaZ)>l~{kTi_2$9g7z+G?`-FK(T
zp%31%m|Mwt6E4pCT=c<RIc$Q@d#uZh8V@g~R`6Kj)~you)UlJIY1b3bknBMpyk^nD
zPUy3+XCroQz;;Dnd~%S%(xQ!fHWm{6mGFL(g}wnvm<}Cmk9*<$i)7Gz+;izs`0+x`
z7B*}gWG52YMpwOSQMoa)9=2P=a1dU$$QZeeb@bOxJG{6FUf9CVs^@k(FqVYpEWzJ+
ztoOmI7n9foAMsf3S9#f@Y=pn^5E*z$F3-71Z9s>b?6Cfj#-{tRE{08Er}K&N*Akj>
zo0nm!Qt}PjwWj@Q@0eS~uQr0>Cafo;T--}M<Q!r3gW3f0!gtpt;oXZ#Y=a+otR!|s
z(FYGN(xm1Su$koJa}&-%6Flx=5%EAF#kBKXkwgJ6Sx^{<CxpU5c<TaL7bS&F@IThk
zY(F?pIP*3^m(0=W*P=oJzdFn5m2K#44;u6Vl|TVa+|kQ~On8uWbk`f|6mExYyimVq
zRUDx@k#4Jnn+U3{NfQESmR<U<!mBLY6vvy{gI0G!yFM-SC)n%sR|K(y!XOj`3c?`x
zSRG;M5qnTx%Vv!}rh~tpOWKwZ@elz&t<k}sIw?|c&qW&d7Bl`~UX2jE2Z-~1@`BQ4
zi{?BruJuA6cY)Ba3B-qp6?o+zqJVz}p$!rN|FYnE#Y=?SJWFCDeC)iyL3pmhHu!0s
zg`q?k12Vy0lz_sJg~23Q)Su9<oiO_27<zyM`w8P~Bz__-d8cMEGR~oPg0!+Bt<4)7
z-c8_BIxl#uBFKB0FLEm2CZglePW1hWe75~`hBukJqm}o?WnC-!VRi|(Le64N=!M4n
zwcDCFxew~C_a40EAZ~@{Tt*-CmJ<^Gcuut0mA^jO!})z7E*=xQY_cB{ehkV0cEs^!
zPfe}3m6I{a9@A;>emhkL8jZHyEjg{mPGhDwf3Ysb?&F8&NSyvTuvy!N^|B3vU5*Yx
zjFA9QPk>Mx5x1bX2kR9~Yx3;Go);kYqT(Qy>}?CtZG?84#1+Qm$1ezjDm$O%?~Y}E
zpYHeSzr7a5q1Qt10v-Zy0{h~)o!1Uc{$T+A^P+O4)(42y1#EpJgrPnR!fu6~aI=#_
zC?tHuBd`-b$o$h*SoR2l$cG_C`tpx!#TBfF*PItQ*rdV!o(pu<UxI_uETlKc0CuzF
zB(qPz(xMCHKV9vSK-nYP(7OjQjP)`4RMQ0Cpjnl&32O?t_X2}^bBg$R3-~Qkfi^?j
z!d^}~<<?E`M6Fq0J(xkeTbqwf^AP;Yyt0&I&tj)+!@yOnxUQ+V5i|Nxok+m@&I)8U
z`sljLj8cDgRuGjXuo2$2C~z};&%<E(S#3_sT#ofMs5Up3QBskbYa+i<Y#Fr!;{gsI
zJLg$LmOGN@gAbe&6=w3CUyGTLE$SgY{;^sI^97lgzsXn<@I#M4?*WoZO<edLk<qrG
zY{8~3#2aZHIo|#{DU^gao}+bpbFCR}Wn4dE^AVolalL-c-@oXwZ1BEik<VPmCoF7)
zTLkvPi-Z#>ri*^CKx^=0k45HyMu%6UnY6dfg$bkr{KdRr>+Bz;sI1jy_d@j$Ytq2!
zqt70W_UlhIQWe7QTLG#Bu7{7GV>O*|lNRoiXj03rH4({xtw0T<PkxeHgN022Zj)8F
z3C^iMfOBf6`FjM;(TF!yDp58Qdi5#{!*eV);B-a{MAY*2TRFfT=)DIK<`r9E?PfW9
zc_H<u91Pk#Znt=pXziWzf<U{OdCheeHfT&b2=xlD>c?0gw)XQ}%_2Rrz!{!DkQOWM
z9ARVNf9|YEVk`V#Aue%rqm|Y1_aW(z>M~tuZAN6@$2ki(6W2>&J@~8~>=wkSKgfQv
z!%G;12j>YFAD1LVxcs~Y{&k+cr)Vu<3*3EPpzjJ7%fbiHT7tbI2}2@@o8jLzo^4vP
z2mIs$!|xTs$uqWbizv-2;ZFpi>;tlrBf^wK$_;$7R$$#Ax68nm9#rt2^GV}O{g82{
z2HPC>lA}CBEMY6?Ub&HRqETTufkPH1EZo7MX)w}#34L;-)|P`7qp~)yqTFi1XYB9w
zI_$UJhI!oBT4B=K{A@-AXbn5ug`4P;FQ&D5qUd&B{B5JKWwg7jKcHJq$}jBZ#ML{|
zd$SzW(<t*anrvdz*39cltHjKnx{l<PTmZwNRd{iUR_}X_#(n1Fu#o{sJwzFdhb#$q
zJ@GKKT!Fim`k;mIcAUK>xEa1x=7rt5w0vE^&W@C?HnOX*UbBrT1LgN*8)<r9Id?^K
zyVs#&njq!;%jbw`!0U*h2l*mPGrs%cY;?Q?+3Kk8U!sw{wk%esetKyFH^YPH1Yz>?
z8L1zaTrP7dNiyY)BZQ|PCiV}{vJ4)3C0y@t#$RZ}yjwVD?p_qw0PoaIEWdT}hpt`{
z(ZM?j0LreSujm}Q4r2owDUB9x=*Pw|VRIuff>T<gM|7{%I?f`QCPD~ty6;sS9&a4r
z1Tn9KyDTS>z|<gAmx!LI9M+&mhzG+S4|sm%`EOAyI-Mz&e#=@>cV+0xy3wbr6}|iI
zrdITkdR<ty-!uejA7nx&LfN^)bnVD-e8DFK-YWah7scyk1bu=#X!<mv6T@fDhynN|
zCx2~oic8`cguA`U{G#1g!lnOc7t~9<LMa_InpQ;mLtG+GJfMx6h@y%15hGls;P?jZ
z4BoV?8vr-DFdYF%ojPvX#l%^akH=lj5ZE>s68>|6JC|{zyFMDeVE2grUJp&A)E3zm
zv&-A>61WZ;E$oCDi?3jF+E>-Fl8**-r&{etiYbi1Q8IQ1EKYZXj4+&bqt5WX0Ylrl
zWF*RGhs>|NxXHA-ZPuLD8<D4^AN@n_jQgmQao-@}Svr;HTBTi(x}|87gmw#kfdID3
z5boN}WgpD&E;$WNOqUXHs;g>L%1RiT^9s9NX^e?+yL`alg{~vqVA(CUtfy|Vg^i@f
zM@(;ET}@O2ON#`dnS^Cl@M_&cg^VLU-eMXlMlm8`PH{R%m(n$xa|#2yu``B3Uc)Ru
zh<<pWj?B6Me0I*_C~Fk`@E}{*(4!ott&H&GnxCl7sB>~Rd~ye?3O<vsLrkqsmr2xx
zc?81=PFtH3DO#bg)rmtg!7!|aKS*$GMs1WU8+3UC{}R#Xx#+%DvM>$`9H#fgadU*<
zCg9<-NyLEez3V%Q0?sOh>vr;BecC3C8cwTy*PYzPPb$1x21z<MC$x7-_H&<V3!9=C
z95o%1{B*<`UyrGV8*(JEPGQng_5%wH+EAQ{LXK$YYJvF?4ySU%O9`EV8=Z04TaCa$
z)3LficZlJr`c|f68RtGZ4e~m~9nng0FgunMqjo56ntS*RZnqfR_Q^0d`<bKoqO_>Z
zVH<tsO)nZhA8paC3}{W-g~J3|I1_m$5|0e^MI$mkB>mXJnQD`2SslxI-I0W;L6-x<
zb%xaT=pUus94N}40X@i_`lKm5;o`h*W?0U*9{#4E+~<Boh&vEff5>L%z6tu+#!t|%
zI%tYoW>tz!#GI%!!HTU~mUF<2l*b=2C*uaXd-QRb55CBsE&8W^UB$z-aFu|PRObDs
zxXoFu<rMh@O`u6gcr~}v*8l9*H9qhrQIOu~18<_T?F5=pYZbP^!iZEDR2Z@NQ;~W~
zGmFR;u0@s*(B&zuaC;Iv;p-k<O(hL8lu}^Su8O<bPHGHTj6SV$SJmGxeIZxT$zA%;
z^|K$EEQ?)5weZRdx=B#&Et-zudtm7k@Zt*zeNhkBxz<MYQMWnbB4xV<>YT3Ut!<-^
zz$za$7&WtiZ<CGQ9<TJv!^Vh05m(Akz+(%B1lq|=eY?=rY!dEJ9nKtxZ0}i2V2=!<
zuOHhY*b_ltj7X_1Of=QrO+r2(1K2i7j3|ITvKd1?8jV)cqqY{>$<k|uV`M4qP`Yf@
zu#u>78tx3RDcK>Tcq5&N;O0HpAtUG~f|mo>A;fN0F6fdzDTX5UH_qaT5X<Y3`<Z!k
z$X;p5_<rt(-67*~Y0;qRJt5<l6}swN3f!t06CXw@jarC%|Go;u(F;*sv9y&_aeNZq
zyJ%q>K`2U$PXi`c4VY*E+hhxdVrv7Y&3HFqEP<WyPab~bbrx3|`{j_y@9gDQ`(;!H
zFuEK4QEczQXcu8USy}D!_2}=G2W2z1_ax{Ew}?Q1U6`E&yZ!u_jyP9@*XUh!#3~>B
zOD#8bsAUAyw86z78bzZTZ~dHw$EDQmJ21*=dpbk%&aOMVdb@hN2D^H@WUp-MmHWvC
zXC`}@Q^^E+qu4Tl9bLFyr^DP6J`nET9>bO>dbw?0EF6<@&30R%q#_X#pRW-X_UL5O
zs8n!RL>N)e3N{ja8aHG7$-Y1h-=MCR_d~x*V(0bP-i!XQ+#_31K+M8+c&<XhIw5Z4
z2uldgYPDgM);mB`?1*D$nCBWcYtT7LlO-$^dTIS;X@h2ITOp~G>Za%X%A>>D{uo9g
z^pwtxtf58piekHr(U9QxEY5T3fv;b%FffXt0eB54c;bT6Ne5LnD>H^RSAo(iL0~sb
zD;dCT5sZX!TMWAiP&9;Vg$&v+4`b5qEFaR^i88+us>FDvuF-YMq6=p2{dB|S#RPWB
z;E)ZQ?l^txqS-R;+tBHh&DhbiI)J)1U@K&}91!jkikpw?;jJ7)y9}Z~j9cNLMYOjy
z%8t}WYMeHSIrR71N|~QS|Axai84gdBC-rF~s380lN863m>(_O<2hCx#=Ai@FK7;}`
zn{H_-Yq_T7l2HB285}nz48R|qQ+Pf60xb-|^UhfZFtCl5xE+3mWJ~<XIrflu#<3lK
zj=bQP&MDW53%G0=`NEwx6D4+9rJrkH>z<PUUUM4Cw#syavl`|KODj}-mV~f#qdCK?
zby`V_3kV}jqaC&ywtR(&zbYP3Bga#{S`MSUS{r*YY~a3r*iT>Bnu~MKJ;vKVjKm|+
z$WSC2kx|mXM8C4twxgEmp~bxtA!enF>XFtnuGQ;a8!@^@)X_Cq6^Wz>R_&Gy;0CQm
z2jz3n*EP{S(B0F0L$~aa%{>J1yLnd--N?fKoC<!a-yXl*`c~|zkW9BlgFDv7v3k~4
znq>%m+l)#SlJNL>!CWJLnxyT6wPb{U=Dc#V5p03C)iP>*>U=e7z0Ix|uYucaSbKTb
z8s^?HZ0WCXZ+ofY5#_8E)ay*9=dv1Q5yKDl@h7vGP?#VYkbVpOHufwxQ0?x#JCruD
z`d3G7KH9bhKCiFB=LzSubH=>elzoeo!KfB(7bw#eq@Dg~Ex$Hw6s?#(%Z!X|Gp~gk
zr0!k=9|vJ<%-{+mOa^s0K8B6*AYwNL;T;!pi12ApEWqiQHT6$`(w@|)!u1iS>Pkp>
z-bMBQ95FX)#C-NsB4%(UVt(tK8!=yngqYtrw;VBFt$E(pmhrq-ql1{oU5FX^wGlJ@
z+au;cR5$M!`2QU-CmqD}|5}I%=ae#H!9mS`sQI-}^K};qHUGKBM$Ok<WYqk}nzc~#
z@}l+sR4Dgrv^<>nwPf;jER(-?R^fH<;&mjGzkk*xlV7xsWb%*BR%G&@u4DZC&e>}G
zeET}#bSF15Ij~$N>!of?EEmQ-zmYIbTfdnwZv72}v73-8(s<M+L?7>i#(f+ja!C3W
zhW4-Np)pk&F*Z(2!A6?~kVg8GNgL^}ve;|(A&+Hn&V_OegNGM|wAl71gGs<1VWYS8
zROl^VPv#PLm1uK0hmx#ZUOAg|hc9k?o}CH5(baW`w_%HNH|UxOyZr=g5{N;WNMQ>c
z<7^-X%s+6%`OCQK$c!5%ie9<j@yJ-%3V*?cem!KoB~idj&srFSC)a6M|HlQL5ZIdF
z61Jcetk?YOc|ydW)UNTSI+LNt25|f-n4c?yc`bfNtpA|%;(z3z`!|FMIIev42Faa+
zH}Gd&3^#;zI;9yD%<~3$K4trW?Izc2w-nz=WNV}9C%Il!rxJ&;F~&f;dw~Y^C=Y6t
zA?=hQtlP$=oE_ZF>1UX-a6SC-IUU~@@Po>d*>}>L+g3%U7I?N^?$4g(!psB;I6`aI
zPiMPPdqi(R0e|ONV?=iHUPy9OPRN_>n2DKab)2N1Lt;Pm2!8Epn(V*IHJ08R!1dh4
z`4kH1bWbbpWYAQ6p!$j5KFcjs)_7#QJzQyVQ#H+lmLrefZgbVI#XzgY`0`&B7`<wd
zfb=cTawxrcjrUe6>>Ih6y!@taQt6ZMPxCb3pW;)XKT6`h0jb!1@bB}^Fy6|;_(Ih%
zU@l4DZa@L=;GaLuKNI&gcfFra|8@0UjY<34IilSE`MV{@0U4yX<#B_w6#UR*vW(z=
zajDkU<p{fmZ2uC=_BT7S{Yw{FH)<y=VJZJ2m%Ap89buza{YZzLU|c2PEf+)*eug3m
zpIZ<~c%cwUxI`cSM2FuzFOu+FktD{)4xsNW2xqFJ^xXAv^uc>cH-JYMEQ^kL-tj;H
z1w15H5FZchP3MFRU~3;er!}H%I3*;!r&j!$xCr-(goR!3Zx{96Fz+VA$=RfF5V31E
z{Os-hVRlPxkMTw)jr|In;2kKE32cQ|Eb7U<wI;cmfFjm-QQ!v2nJ4!yiewW0Q;1{&
z?xjx?HhcbAQ5~z!Rv+fLyYUMLJs$A<_`gTMIy*H{F8}}9-FUSq^>e>yqSSxdAS!#-
zgr0+<OJS(jY}E-~p?iSD&?k3c9q+Ja_k2v4CVJW}3g4ei!F^tq`rn=9W+Xug_j&0D
z<%%%tko2p(!rs|YXM|QdOmY;fMZ&oh_ua=WW^1-a8AKI!ZJz0Kdd}`pig(bQQ92PQ
z2tS=oJmbMgc%#?7PfF_<RY{aUd6;vbNY&b9cY5x}gzmxRWzRCxLNJbg3wQHux^dKm
zG?uk@mf*K=qfXwjb6jy_H}7TVlTg&X_BJW=x*+z&(BF;0LEO~sxMBOk98KoTM$yTX
ze2Ubf$7Y3|D2Mffeaq(A0!v;3eFuZ;TQvzg;F(11*F02JHh0nbBX?5da4H_64`p{K
zuI<7Gc>`CUnXBna_IP{g_r`?XXOn+uO43J)KJM2#-<E6jwxZfNtAlyEj9aHRl<9*G
z8<L3fF9X<N_J?(%mrd?%`FN52xs|gqJAUf-HOOA{%bTzbd`X?<GNrcx@$W$22J~}j
zzJG_qEq1U+%VbWq+Mv(?aG((6#!KadWR@4URvD`9EqSMvcn09n-31>&pS;m{#D$wK
zI`?Q}r_Q%3sJs&HTH<|u>~^er^)BHSOFJ5Dz};a0$E`ZnbF6~!wsy!JFCSuUo($li
zj;6Ocxe60HsOmR1d7H6Dg4#%_T&FdAkZ|s@xuheGeyOlc25@V{DKZc0n*;+%4D#o;
zgoRsRLRbmxgdiu6yk&8z!l~McQzfyTIh7QvtoRC4X2w!0=MV?cBBG69hfWr@q)1d4
ziv|;Fl&oHC`XhJ$252vqDj5INC{Gu^g$p~LIPbKw-VjF-QCJsc<njh9eN=k%cE6Rq
zZ(2xE@>>ddS0u<0Y7U?md?sL>!ysv0f?KS%XwK2$?6TWrH)ZLulL3W<7pzN=)YUB%
zh3;b2?b<d#w;9$I3Ec5DhT-e!vwb`36xi-$K%nf!E*T^(2xUy~wXAoLIHGxFKyL{n
z13D_Ku~EpVz0U-{&{X9(U58D7%XzcXyNDXwECZ(`Z#TU|C9oR~^J+S4R;Sm@^c4*z
zj7wnNMDlmZ8+Df+6Q}m;0fzLS^==kVL-Lz+O+BPW9#WHK!q!FS&Ff5uV;=!Lpj%7y
zVH30}Y==C%U0ReGdxFN!2?=mq4^u)gS!t6D?FkG*hSaEt(%(=*w{lP<VY~~o32cNW
zMyt16aL}rbTS%ka!|SkFFJ`w*KK<25p0FE!H(2O<0Jqs0h*#TOZ@}hyhJKhox1_K^
z-hoYW$W4P;HwkId#|BxF=4cykO_*J$x5A7*S;vEa$&9nxZv6?S32)TSRnxs-4?5nF
zI<sdDv*R}ObumjIO}w#(C|?ZPz3A~8gILT!YIU3P+D$rnz@1T~v)yL2t0t*uWXgV>
zieDk&S!#{MKZUzCn#{kXlleEQGyit4mHCGPUd9y|%r}D(mhO=iD%CGMLOC0|{LYg6
zoGpJi!LR-468zpQ9OP=+k0OF~oV)yOk7cY6SWgV+>lc>Irx9KaguqW+Sg9+%8jP-(
zw;O8hbMrsWOpjrEnE8)x^$gEjRKyrn3O8@Tu->Hpa3E-VEcG(Im=v>+=0W|qiJLI9
zA=^d9k5+&`$Uc=1&(rt^^lh)@+gM!;nJN=0D*ECMTa${Tfcxhv6YV1cf2fA0`PfBk
z?P<Od2}B>5TLz+bcq`xg`4#v2CA_&t=*6kpRoPBD+#<8+7uX^L*uEi2)B3W9)5254
zu-dr>`0vqjye0x(x$Nz%;C#DI_sJqj*&sMq&um#|+XG|^2)J*>&0Y!LuM^ntZVX8{
z!w>7WG@N`A9+@{e>N)hwZuH6)jKt6{N!9j0L%3^jzj4Kzeej(+f!;xFA@rhvKUogg
z;O=U8@|a!-!lZ^eyIV4b!GnudfYB)E+Wjt~6_}Wl|2f*vS^ri*-(2RU7_#&Ehqc;M
zuIz1RIraM?c_X&T7#Y@c7?jP})`LB8PGQ?7_o<MCIm=I0O}*gl!g!m)HpYh27?dqa
z+amA>1{X&AY4n{o2|>Wp^!Ozp1b^UyuzzS!nxuNL{W>P8Ze#T83|ZKx+;cLc-@FmM
zGHfo5*-rZ{iAsH7%zc+#+Gy$^{2cw~gPh^W_LBs>7&&KH6W0JU)cRf&SMlcp)(>Kx
zA_gFO6*ocUIzrP>`(3q4cRf+EpHQ|*4ygnw?bSNml9f!|&u4Kkz=kF(hDMEt51%KU
z4IZwwk}6lWl1tbEkDM1Mwn+HaMS^3i*(D}Ah@y+JDJnxcdGs9V-i&bq?q>%o_K^YD
zp*eCNPisra%<mxo-B`8ZqK>n~da$t@uZlV+wniOLbFSV_{@MZ!RuU2J)ulU)#7eki
zFKD{3C`5Qd2=0{19`LPXj-PXxj%uZJ3Bo_4K(UcYqd?DWcRkYOf^z{CQO@uq8abIL
zXfZrErJEl!Lyx&``C}?&h5W>B3w?16!_I_0JAgi^H*Gkm8D3)#ws-5Ic(K;aSFO1D
zSyeapaepbD>KnkmZuIq-^0P0TeHyu|&<CG0X<140&`q47N37?sJo=a8%YN}n_^Do#
zX4!&uF&ciC&XVTxkQ=y$erptC5&ES0DEo~P-nQVHX>7&Uq_$+>kGU3F7sC+1FOVR9
z9SZD*Z=5SD42Eej{tPu!4OUhmj16+5AwvaWGGZgx0Cy(POM<kC<5L{GNa)}NG$ajk
z=;6O@ww0$%JGx}nF{LfbN>~`|iJ*$mgMI9zY=Aph2%F{}KGO^`L~Jl^vxzoK(XE6|
z3ET+ZoM#5srR5ekKAN-~4(v7L8&nQ$RJP7Q3G)dqtae2*x5RZt7WWBh#=0I_jKDSv
zo8W;39h~`?5a<n<=Wj9(y}gP~oxM*OGJhm>-9ZPL+UFE@Y;vH~s!TaHe<l)i{eJc)
zsfh9Q2wjZklfxD8k%8B0m6w>1KXi_%yp5Y|eP$i02X8;iirB~3Rjn)DiuEzQy1Gja
z)|K7ZQ*U8Mo!O3Hi1YDmDesj~wj!utgT>1QGfCb)$F7&4OZzNtLh6@?D@&E&eZ<}K
zX@KWe);P&)+@UdkyH5RZD&Sia8Yuc9D}dsIl9JGH$=OA-3MwtEIt8I%S=b6M)sm>;
zl94%4N9M$cLf>2?xM_y#N2NPV@?N;85-hL$?Ujkq<7VwUpk6umv{@-^g%4j8m#t(9
z%1iVI+hA_#^Yo<^LQ4rcex!ykz*d;%OP1&{AHAqmt2SEi;AVQwE+}2Wkcx9O))ABh
zf!{~JPL}!VIpPGc#0&p9z3~5AFZ}Oj-BE#G)4x}4cZkz6O-NnZORJUCq*)<qY=FCj
zw3s(PG%Gj?zP_87==unTDmttY3?bP}{MZMd_9}UgYiZY_jIguj9LcnA@ZHW`(|HZ%
z41j$S9@b$pg>~>`t-@~jv-1qDFVrf#%7VL#6Dfyv7eTiJ$-)LXhe|>yfvtVm0Fw!A
zzd4xzzO{Lx1EWMjt-|@9E42Txm;Hx*x=lB>!fBe=^IeQ{b!w;v1WfBLwW0X_m56f~
z{TrCl^feWZG_Zmr`6bLHs;HUyF1FqXO>W@25xkX9`Bs-wH)kzFYM8&0!&dN?lPU0~
zaxhoUkwOU1JI{#xWtL8FK6lv&r^nHa%Z_Z4+yzBp82;U(rRggdh3&d(ve0)wefHds
z{<yBPg<p9RE{x*YM9mUl1N_&5K!oRugdq?MTQ^`2+`X8>>nz+9#U6#5<LHwI$oL5G
z_C3t{+OSKu5%vXL{F#JZ2sYfWTk~7kX@N>&D2hP{DeQzh6^7)H?v1lvm^RS;rvERQ
zJ>X5P0(c+%uSG6@3RsmVqYtK%baMCQs*@vpvLRV@a)wXtsJ{ImpWIe`<!yYj$9-ih
z+>uP-CYTTejZF+yUkc;09hJha7<R}m^aldG_wss$TV)uz^Wr8b2)zU;*AnD%DQtqf
z7niUf>JtfUg{B<thFL=4tAmwZCG?(WV<_YrNf18mNn$6wW6=g=5XJ;HjpC;LxEp*q
z?ApT4HAM@wTQ(6gZ`1?xg)tth43Ee+fo<@<MUg9GE4-#gBnWZC2L2Yd!GjkCY5cA5
z5syfwpfQz$ayeIqBf?5z8_X;vv2~Ay_3-{0k-!#s*DTTQed`kR^Iw?XzM+46!7LHO
zpRP-!;IBO*ML_;Xk8sT`B#%~(=<(Ny&*xH0@R<c3#BS0kmrswL@==df^%OXgtUhj8
zc6@f(aX%fyK7s9!u($-Iix{DWk^LBs@HQ_YvNU_8z|9J`Nrhn<OJOLC;TZ0a*W)(3
zRd5u;GJxA7W?L2Aq*!6t;`yEw?g_TSH6oEK!;6GqR??EnmC+CXenDKpR=68Pt_+{0
z1%UFB#cjm`OI7<VHF7ni*}AbzO4jLeGL=eU2;R-fb#d0b*DKxi`VLzu^~pg88$%M#
z=?<}US%lzm$OWDD_h9FJxITyN5pI#cK7s8KTp#C4gYd+HBI@{|N2HRe9C!&gUbQH4
zOV~#C9xYoFeEp)pUGPIsQa99%SF>ee0yoGc1~;-`Z-tlZ`#L2&w!l4ccmbBLh;B8$
zL8I<BJOm~065j`3TM$rA(f^hdoaWEQ6a-UnAaxwJ)2Wn7fD*^yIjI!-;r>NI<9(-~
zar-6wFWnE=3{j@I@9xJJ#HwTPLr^Ti%NGPT!Hi`kupa(zjmTjbzCvnqJ^aGMM}NGi
zQGUG}<NfzogxyK3hZog|9Bd&9@#QQG!x!mpKRhhN67NPx)L2j{_|QdRp&uR;0z0>-
z;Lij>KE>_0pGQCW;Ex59^*?z8vrWeE8<fFtA>omkl<`s~urAImpOo#j>t}dxh+=od
zl&o@odxzx|usSU~$`~YZtFz0!oL$}|g-U48WULZQ(GHKg9_;RBGt`(MZQ63_vb!Md
zx77`MSNMvH*7j{Tx^o-j`Y@u8qV|zjLP3*v3zvYj>)kemgcfaipEA7{Qf?29&MY=H
zjk+c{wYr1bE8&!~I|_JBjZg<?q;=SRTfXj5ZU}qjMx9zz*=*2q2UuP4rnTmN;F-?7
z#9L1&9rl4HWx9rLORedyZ&)_g7<S75Hbts-N0d5hq>CMutJCa0TbB;<2FVcAPWX9i
zxw^f4Mu(p1jEYIUxmXXarj3hHn~1z@M>X?q$j<iU?z#56=XzbDdalt5urwL`RwJED
z+JQL%^;$KvgNiFww#Hg}ln)4A5|corqbRMt+K+Kw7ePkt=!jp2QjALoZMuV(7(|2<
zN|&dgfZNy+66Vs$4pJLWndWco5Tdc}wDcVUHuG&0^!2dow#{_giK^Qy34O%51Mx_d
zlyS%_-WZBq2oSM{BH^bO62CKUL(?%~tAoELw+U5o8+91Ftu<?x4>>_JlV)w{6Hr$6
z8C5ysl`y$F!wGAKb7BpK(`;2ZUa!5OalKXPL-UMAr!fb@`Y2`}c_o}q+6+x6LkAh<
zYG9TVBT_nS9MeJLu&Hv2RjQo$89D1|SlyEzt9p4iEoTfIv)5mLCjckyP4gLDf+65P
z&T}`k%AQv!58C}2>*?)m+H>R2|4}QPbjfGLRW|7NeC<3}hbX(6;=Wq$!f^HPX0htw
zE9a9ci9z@y-cjin=QViiWyH>8e;vJ0NciSCo1D;ls=9-91HY+my#ZNB_e+3ab(w!q
zM~0=qUigtWfg!jvfnk_UU@s_(4mAgV)2uMwQw~au2^4To0|VO5N!z&WZ<PPW&<9(}
zyxE3nnZ>$Pf{jLVHm>kyi+d#6riNF-N6Tc!azfJ|5eE!P3xnK=^H&SpHtSx_8yGN&
z9=tB!UwKcC+b=DO0AeTeuR3L61l}g}L_WVDq=oB;jmU450&kH}P<W6-g*12L!=<0s
zn}TU3<X?D%&Z2LGPmwkl(;NMca4R8`uwJKIaZTy|jVPff=M2Iti5WjrFzR={Y=$PX
z{x^IE`iR^1thyBD>=uPLkT#-s%@h(|v7it`K{oaS<};`xI^8lBumimW9pjhauCcoU
zG{#4tSRxI0<}!w%LGjo7^;a$^e^*7bwp~Nd^o?HGPru=yY{BjQL~!(+&FCj6@8p+T
zNiw+q*+c5{>lXF*CG3TV78!0uWk=?^EH>q~-GfnX$<d<h7;ck={!?V*`EImayKqBH
z?=#=E4P!k_o6>T+m+*$(iOV{Ay=d3$^kYZ{W7~1t^D!F5Sd=I1?9>$JJ}DTD;HH?a
z#JDo&AlJuq^y(pD*=HWpXWm;m^9g<CZIv^Br_Vf4IrI1W%v&mFzNpXqdF9NP^_e$R
z&U{s$d0pkqKkGBEshoL2pLu2F%)jU}f5si=?yV7aY5_{<A`)J@;7$dAHUW1gR|!1-
zImhPyORU1s8>J}2zg^(hT&}$M-}Q@MSUK|}eMUFC`-n&Ajj026%+ZW$JN^3Iiz_1L
z5<bggSXx;AQxm+SUZ9ViY+bPB3T}g2EW#ikJHlJIyQzhnx>$~@^_9*(arB0q4WoJA
zlqrQR+~h<KaDlo~QN|fky)|PZh*$>G9&}?`GEsM#cjF$hz4`{3HVrB40B&i!5hF4X
z)0wi0Q)-NhtviY_(gIr`r-(qhm1SL0DTT3aY=YZ(VoCJD?<<VKCX39;XD2P}IDxI;
zw=l*VhQlQN8cd>he?ldcA%q4AZ{WRkzu^(sCxh6lv)lp!?32xS{YLEDN}v7RuIO$w
zfCHR9)$2Gmbi?1u1$0FV4o3N+kh8;MfPZMloiX>_D<3yd{Wu)7Qydocl5K((%TlOd
zlS*JDiE3!&LRhI3c6C?4f*o)NKP13=tF#JifqW7p@z{0(YEV6q`21z`-j18$HnQBC
zB1!ZD{nnpSNy|#4Fvu;v{Z>3d=oN-~mBR=;=1JiuXtii@ykTsD<5m(kfvyKS!#(ma
z5+`l^or`n{9H;NwHLFXNm8DsqmB2=L)vUlUe9LQ<O%~G&XGIw|!RP9=xP9K7_F0+i
z$?IHEL!W7z;FSa1LZnfft3BqFX+?TN6#dHC%-Lu5IHL<Xq`>Z8>>x^D1n4Gp#d&xf
z1^k1z68qL65Rz~)iwlWjQbe&Wf?=i4Xf9zNF(ZZtdFMX(iBKjltDhD&3_n~a2rf@B
zT&zn3_~Qu+>)~_r;u3bied`2)Yl}+o##FB)l$FCQKQIWhiq}E|REyg$oE4RXE7NpZ
z?lPWhd(LrpPFAxFa+41yEvuQ^ZPB;~6>?2kEGjK*mQ5TgZdM801g~6|;BfiN=LGsV
zGm`YO=hq2K3$-66ITQphofG;;6OnZ#mQ<(g(0y-QCm17gOD<&b!g0cr?UwURrLZ2}
zGB5NlCCcpS`^1Gcw)Loozi;53G1_8u`>PfRnD<|@%Bd?U1MdjD^epe?@g#@mVg%9e
zc&uddGG`ztR2=cD0gn(Fug3$Pul@HZNGWDB<G;fWitc`iy7uJ8Yif1v$yZ4<nGEM0
zx>aQ_UPCI;28DGS?e>;BZ8%ohMbsC?9%4+$JK^=(y)FCODj5(P*|0{r-(h>9N{`DS
z$XJYp%IV78auo{Bb?|c7%9LS~4rR6t+0cWbFa~s0MVC=BH@NcmzU~p)6t=L3+qrks
z;Dm&(q|;>p4=UM<&9bWbJj!9GiRU#kfa@dLY}>`+vqA3CS$#L+EhgjGWS)iKKiLtQ
zQ@A~b9nlD01<zkpyulw_uQuxqJe2MSh8tuXUf0EXZwS8bNd+J*%&vlDZ6;Z(-XF(g
z1oubr8n{Z~)lsr?L$a405$*JK7e*w+1h&H;Fh{;xYlS;>=#`}f!DdSYqnmLH0iY{N
zM?MCc?!UN62Jk9{EfMyF6L-Ce?+q!uQNk}T5^uXy!&~D2@?rwL@cbIf;hVIo!5GHE
zItFDwb;u+JeD8vC^P)hQcl#w9p`owhdC~cAWa{b;Vgf$u5!kXH1$>Z8u;KBG+5@wV
zD?Ouej`{73;+`&I>wCILgLy=#Hhz7#cGd89G^~|6=^D*)6F1;$W(WFvMS|PbBqDfy
zls>zo*dcql*<lx5v5V`94l3NMFaqNWx;Q#fuh6$1yaM+y0t9ipo!$vv3!}2bf%H|I
zaFbdK?yYTjy$s?&B#NQ!4(taMf!}Z1=5FFW8bT7@wO}!Jhh!A@O6U}LE#%bll9Z5y
zrUYY=9Wo+V^qQ(FHfk^=0}2BX+|a{KgHi9ocnN5ke`V5rH&nJXdM9vF)z2<kXu;!z
z;9YVDZ{v4C&|^YTY==w0l=Xk<_7DgE;T0fo*gd^nc)gxbWrjEDT>=M`nP>H^mmd)y
zsD@AoKDeNTZN$R8(5M(Fy6>HYsKRUYx3nvpyhf7pa*b(^#+l<#Ql{OePw`sTNIDhO
z%^XAK(hk|rDo6*HOb}#;7_uSw(*<Q9(F;Ei42l1#Vcjd?heBWgUbLX97*(%??{Ry1
zc<F*-&&PKK^Hune5S3lShfu&LF9=tybSR1&V%P$22ZaIn+Y4$9{?`I;1K!~BmkY{4
zgph>CE(+%{3VY!%xp4;k%|)|vUI{N2f|bo}@T9P?BTCx$|K|PB_jAjtUT&$?8^w0+
zYh@}*1lF5`y?SoHF3=z6qU@)*#lj$$jE5vV?$JHX_j+n-*Fj@~mu?-eriAASi}&ah
z5+1y0BQe1t6vi#^SPg;V?HAVq#TNLR8Z8RGd{I30aQfhLH9|94?v1-u^UkgPxSKya
zx|#kf8@DPZv=DD8XW**f`8A9KKe1s-bE@Y(V6NqFIp#h;*Zb-|;=1v}`o{O$H-@z7
z*AZZbFC;wRkg#*lX9dmvZ7cEXQH@_$7{3(!t<XE@3T3eN^%rUVzgDBFz6%Mjz32$p
z)dAWIUnYR+3g4G4R4ROPG_M!veUtBAa3h+6UkaYVfAYh*>Nf+VWIg`hL&=&ePW-k-
zzbh51&+IXZl@b+|;|3WW>gR&DZ4vA=JN;B|SVAWGZadb}Ah1zF53ONi!g#<#>(RU3
zDEc>|FUTe;$(C)#)6*a!CD^FouL<<_2Lb_-S<NPqd;7|QMz0*MJehZYgQCK1vV){y
zv<E|S1GiA#rZ>+~GK?Wn8Az|~P-x(K7amVSi|HK^ol_Xa8}z()Md{P0YyDVX=;Ob8
zXt)Px<U4uf2NH;Iz1e<{D<wX#s8GP|Pgz<UgpH&DKITyhw?o>(ZBeaBt{0qkqWf+H
zutf&(nlNded?@64h1bAg3!}iT>&f_HePpAnwhY+zfB;uq0hx%}Wxh>2&;z<mhv7;9
zqQ7>tTy}#eShM3cK8@PxxI^!F#C<h&!=1mQkuMvGv`p_6_$vLXsqa;bOn6+P`K)E%
zxEK79`Q!7`+4SDi*|9U8vBK2!OgTHAo}9>MJ?ZrH{Mqzux?DJu&3h&b`BRENCh}!Z
zI(=mRZ2HLjXuh1jxmcJwHgPVSrqf)yK9NsPWv9lbrp+^^bLpL2^1dt0e|GBAGx_O>
zu``p|^ubK=jOWPwNU@l{C0iajJ2sln73jp-vGlQWVS2QjEoRCSg}f(!GCf&3J&`Nh
zPbT`SemFl&kMEXjdAM9I?%0>jWo9PJo+I<=(L;NWj@(RlXT}HgpF#a+hyJru|Jh|8
zF`Az!@6C*z&W_)tXIAozXUdrY{v0%;IFp{pk7pgQ9Aj(hc;@6tzFeGlt|?`U6Pd}0
zbJ?Ofl~0$_`zDInvGT-h_Bcb?xwc%)W~OMsDKp}+LVBz)o=s=QGt+dvr!;f2kjs^_
z<&r0TWIlbUkk1|~7iY%Gp3LNAVJtV3AM<2N^ZBv#scb%-o5-(t_weLIrZh531J|%7
zR2V513so1D%f*S4Gv%ru&ZKXiEX*Ct-ZhiWk7Y;l<9hUCg>-&;GBc4M%T7+tW{M@x
zk@;iU{P@vqiNLSB9&o?^^hAE5tfApKF?{eq`rz=9Bcq3INgq1AZ^ZTXgPG~+iTtTU
zh4Jh%<eIhtdthh!WT7ybJ~@#uOsB^S`7AT#bUrhcb%tBaj?au`)7i5tpM9*HDV8-9
z@+Z@o{J0*_k>R7qM$$JOIJ|eiGr0XDC(_4`4<8>Ph%?<BC=|}jOnZ*Z-<~NRK6z($
ztn7@cf5otP{^NzQnW=2PoG#IO(^-148yZLE)5k`Rr;m=@y!X&?hXx(|($mQoY&d3J
zt1@e&4Nu^}=<$)G!w1sG_6{EyKAJvu{KSEgYP!(ZjT{_3ZsvJx<o9kHIka~qJ$iiP
zpqc5B`P=dnjCn-oHy4UinX>0(VJ1Ib8e^t0HJvWaoGgtMC#DIH_DzhH(}%Ki_L$0<
zla;e)%O1kZ^qIMFO_C*>j_0b0c-LwiqOx>mo_aQW3*%W0dnQyj(Jf~@*X%u_!M1aJ
zqBLD7WnIral`W@dv&GUxA)nU%5c6YsI$bVi=%;0z#yre3J)fpoF~UtvYQ)pr>{*#&
z-hiy~qPdCj@@e-msTSsVj5u$;um)7F-8-V2kEE~3PE8QBY3{@0<Hc;LbTpGcmGw;I
zOXW;{ESnyi%#=!cg>OD^_*s>;J$8Kf=<)RN!}~`Ld5+8<DCAG2hfBvwnt|tdCZ2NU
zRGJu^gK)E%$(d|=YNk|9pUkE+Hh@Z}Gt)HJ;bVJ8M-Bd0kZR=6KAT+hW2V!k^h`OI
z9=JMvGV96Y$4(cD>B(&Vlmn0QbUL4%TOG_*OI0do9H32Q%cl$DrPc2$-IbmorZkpK
z7qin@XC-FS=KTdX+0Le?i`m@7Sx;$VYI-u8K9ikKj}`J|!d#x%@Szjc6h%DG#qMlk
z*_Wk1p6O!Y<Yaa#tvR)83O7v_#?IIblv$8wq2=lHc$OKsn+=T~JaS-k@96RLzQcQO
zJ2-OaxLHLFT{mB4xTFa+M)T!tak`i-XN$)eSp2+whi|*-z)1S{ZaaK@WZ!b$pdnxy
z+!z!-R5+NODir5E<s!jwf+RDk!ujmkGULk3M83RZFl`GzW(vghGR1kDp7aRw1ecQQ
zyOs!XUN39RlOb`GEqRLBu^CN<#q3mOB444z1J|zLsakl996WsVM0(`t(Zfge83)^4
z@?<t`Bh4yYqjJqyW->!?oS)3n;^rnMvqqHAZMSAh%sNZia;97^G6Wn&iKxbw=OxYH
z*V2H9p`~{bTR)plGw(^8ODFQ>^mSM7+Ogx>>vmNLXU0W1tc8siW=>Ap!#*(3PrNcS
zc4i`fDxJ$rOlHR&9Zk>DX8Om<#q{3EY^JzOu=B9Y(x*$=@(MOZe~Vg>JI_3pEsvJ7
zQ=VKlQ=Tc>T<_*=dF-_FdK<~pdkgt;W+GoYezP;`Yt!Z8d^(#SCsuazOn!`%JXS-h
z6b&P(9X(@$P&=QQ)PpW&Gvn#gnf&-<wwNxvdCh2^G}=sg;^bsjBW7u4s+8_On?9SK
zEv5TCGo>u?_Ax>+7r9k4%#lOKkDhRJfC^I^n<-|`j%n7o5`0EtS2)6O>9*rHUpt&1
zCtcZNm<mydOX(w=t5SzFnUCB)a_Bg*hPiC!%;ZF=>}F5IEaqsr#|o^sXNtwlyo;S_
z1~f$i)Np_*7NVc+n!NM--ouBEo9kE)sNfOl<7R!2W+qD6;o_<C%=Bb-G(Ve}oEY~^
zrAeH4G&83QPo&Z}4exU%dW40##=EgX`pjG*KRKT%o*FC6<lRitW*=HiRq0pDMWZ9x
z2d<mWX3uE7%J2fs<d_poW%PQLY@LJ`BY)D75ofEE-?2=-ke?XKOg<$UU!At~%dz?L
z=|bKiWzzX4bDA}e8&z*Clg}4eijEcXv&$4zbGVk)k|uO6l(Ok5O%TjRmysyxzALcq
zm|LHrE01SRX;L~efBZBNkQNb@`vz}1aeO4bfAr8kLv7h{HhD_r%-ET9xiG!PIv9wY
zoXO>AF>KaWo=%_4l(L>;p-@hb<%$*EoJMnu)j5|Uo=cz1jGb|SW2S8s)@q&Ht<I#U
z=hNk>X``NcPG?G|2l#W)^)fB?JuC}K9>*vfXJ8Uu+%#X#mb6vNV6#a!J(Hg)Wyc2z
z9Vbd|CHD-mFim31nC{-p<m92kaPgGq$o#>=_{?N>UpAM%DdT9KZk=ed3MPhavgxD2
zH!;R!HCC?Bh4W0;oi2`9tyoNDr%q;zrPYzFqFXv_%xzn&O>YBCZ{;fUb(mr7Hfh(q
ze{eu+44PoGQ`6=7G_$ys;)_L%ew=LyYTZP05_{!Xe9UD^>C#>4(&WTgMV8Q;&A~Vk
ze+7=CQ`3bazr;Xvf;f#9XU7QTUGF9s6UlhWQ`3g~S8SaUo8W6Guv4rO&Zjm0JNo3v
zp}mLqjUKv%)+jfbIaTtEXZ3SdlgrC_(izq}wA#8-L$3^(bq&vCVJtIgMqQpx8#Siz
z)ckF%FgY`ocl4B%`eyd&?5)8;y~@n6iX=1A`Ru85VK!ULO%~=HU9&jF#5i(xEIZ8(
zAD5@Z7|tX4@sSnG-O&HjSWN>v9CBYF?rnZ@`|yF=Myk!0r`IDY3g-M|MU`X)^=SYz
zU;tA#+}Lew8?HS*acZJm^4L7zHb<V0E_W3(b9$9lV@jS0wxXRWPG?AGBYlPh$bj>0
z&{MMYx5|qh!GBwxS?vKrDoupbZh|<Iu4rz0%__^8t#T)6-m7t)#pHN)GV2(4Ycr2s
zgprI?%SE1hnC3BslXos7OoJFJiEKtc%f;Wv3geod*eh7h7H^)&Pn1qqmVPEjcB6f$
z1>lS)Q#{4iL*b+rfc68m$aCOA{DhPsM>8I9>GO<7+U1cRBV#2!T_{zCc6NGlVr-)9
z$xNk7q)MA1GDjmcTH6qKD*M^xahYCIR1BtVYc-vw_h<4h%v_b1>?9S{;Uu>lx=rmJ
zxJC{1TZ7hs8tfk&=pWe8ueKb`j;mWUW%EPdz`$13H#Ip?E>C9rvib3eOkVX(Wll~E
zO-^6EQ}vxveTR3bzT8|fGd-*Naz{q@R%B7d%jxp7jXNu)T^m(i0K(65wp8)Axp<GQ
zHjSJeOW#hnE_axgNW*jVV@=(qiTtTaGM*ii+;e39&<u&=^l1JFX`aL5<L0SHXY%EV
zsjMy39FM~A@nO%Ad4pL`Oa5t|tfPvuby|(*>_RG>OqWPQ@|?_;%FEr190nMhDHe$$
z-4cFwg%mnz%T@gjhiR<o<+P{uti87mAJvK`3((1IwX@_YxcN0{qE#({mTBHop5jbC
zTP&_c`7Z1}uq&N0_KRUk<!K(ONBek<*^xhK+!5nhz9Lu5W<AAhd8U|8+kS{+$B&K-
zA7m3z3#6H`(ja~8T;Xc9#m&v5M~@wMIhI|fNab~Apo4=e+#l8K#HH?4?1~KGRr)|S
zGn+lCJu9<WmH?F@t?E^BB!i8`rI{(SxSAD_&b!LOR@B^40^-xjznv8^WlXYt*-4kS
zbzoOIYik3>%C|lA2Zl!vJ%xLF$I~jhjy9l0$YiEePO}#(J>lXH#wYA}b}B)iDZ_bf
zrakCkzeI7~<rZ4qIcW=?u|mF7PM^yb3!aH7Ht&nsoKb%rBb2T&+Tcocs5*S1l{}l_
zI~=BbxJVZCvx<fMDIJVqCApX_&)QxT7sbvKC3s4AvBb|z<V!A1(HX%^MJDQXTjBn7
zuxhy<*j#;OR9rpOF78mIxVyW%ySr1|-QA^7+@0d?Qk<bUEe^%q-QDhazx&-kcda3u
zOmecHJlT?D=1it-Rc|{qzkPd9C@rTFEDgDns3eO;4#iO?=@I^x`Dat^FTIc<L;KTX
z_Cs?miYCkId5pJQM;cWNHLW&YP9{t4i;AVKuFhY=dc6gmS{}VA4e1JdR>!r-w-dT3
z(@wctJ|h}}zk7$e5NUTfzzn!FD`nqwcz=S3-;e~7CWtMMSC>v<GL?Sic<q?M@63_P
zY>>fdyX1j*Po`Qv0h{hil~F+z$h1)-pT>$_l*Utr_Xk%}pPl7zOy~)It=md_pH7`j
zBjgplIES!{^rYQmGvE<FQVs!&=|tu>%^gkNq(8k%msNb7ohL`xRmFDErzs2-4_vho
zs{Ak7DWZ}iV&4w>dj6#l3I6Sk!`($S!Odxd>|jc!1jAW0_q}i*PM12KnQa76$3(gN
z23E1;Pv%d=m$nA*YspMm#Hh2+X)<ZV$1E3xG*}m<T3Y1|u;q^KxZd{h%@*WWsO|C^
zr{#|}<8z+gth5K<{F(pM41J(C6X4Pils@=EET3^RHx%v9Tkf-F-zI}(YR{HK>pRSr
zl7czXk}h;CzRYU{&P!3ixH&l<QO+Vgp7p>Us~oF2MX65bGdw#tB<5(!rqAP34w+sV
z-7UTk3*%WwmTVBp&#g=Ib#51<8DkgIb+_GH(p({Rc7G@K9Eyj9&;PHtX*oN_P;!)x
zxNnU)c_+MFO~`I@8}alu$}0~~gD}6aHcfm+x?P1duZclHK%~)SOsFfc5PKU;LPOUs
zJu{ySL4|EG(DAf%?B+Pi8qZb4ufI4lIj>yY2-JVa7fcu8W9z;QzXs!p{1k1HZZ4Hm
zsmd0Nw~{v-Qfuob`)Cr#&LCY+!;voAyJDHjg6AI(I%)vtN3KuJny{^MZ@h?M^D_V7
z*>2CvQDZ>YS{|d5T4H~Q)9%=1D`nkL24?vzynkZ)8VBN)V)HiiGmA(&Z6Y&P_O~n0
ziyehW#-h;$Bl|1L6_NIgJ!7yk$-grV4_lWAmmf~~&PE*nHDv!J_6vf<U-Vf2v19c_
z8fQ_adcFAmttbPu?}v4Dr_z(2iWB9Ss?$XCBgW=9v50YHX26+)Js0=ZY?xg<S`JR4
zHcLuzUdnMv%3)s4VLq~FzXuJk&;o<f#0~<}89LQEHPdEEZwNyLTw4TQ1B8JJ9?0{0
z*1E{&SL=3=n7&#vgM$@hRnXeEXykX^y0}4o7_0DPpk>8*9sA3m7%>>c)k+tlml>*P
z7j%i%Fs6`uCH32zmfk6)5c8}f1oG8L<^3nuAZEeS-vmEGO)NF?vIhklvK%^#H)wen
z=@ILTme${2aB6ENf|P@^x6l6|kv3h9iYRCVOl9^ksKTQW;LXn$a#Omg+mP3wC<>Hw
ziD9N3a;7Ap7BC2|v?p=5Kgx1@&v&!)?leDo)9H`%EZAPBbhuLz<A@I?o*%mJxHG~I
z4~p<xBO+&GK9n0}UrE7T_ukBNaJrOK%kjKI2hM0mzt8q^Joz8aO%aNa({O4i?9mOy
zY8@tE+C>n3T?!yhf4BST-Rdi)tI|J~ylFRJ%Rq>3IilBDaS!Yuwv>P6WI{PIJT_(I
zj_1O!w}KSwS1Q74;0(K*9fWsslwE|Vme?e8Y~oS%>!gP!;$hxX(!Phv9E<BGTR*dS
zHQkY<qf~-9XrGz)e&Mv6rO|d>Sd&1ujHhw%$>7ef!WeSpje@+ZxDL9-sGu7t`!zYu
zMAA_iON3lVq%+TFXMUCR^RM!d#+lcQ=(oFHOoF=G6In`~$;xSS3${!-Re42za5onS
z3%68KJs#2dHECsBth^VB#vKY1OL@N?Z1W8L`Bi0gzJU?&6%AVjyS!r<``!`r`LoRS
zi({fcz_#31>kQqLj;J52ADd2OjpoV4m6vyq-I`D82hb_f8|UIG`uK#F+6HwR+^5zP
zt@Ria+8kpCDn~BwIPA(8+pXoGwA#-RURIlK)5R4KOz2FlEaxuZchTBSSDi!<|MDw-
z<A^k61}(CuxxiEIZ=)Mhy_TXYviLTtlcDp0Oy!JAZRZV(G8H|}CfQoy2|FOt)N;<o
zjg`;2q(|g>dk+-ZDzkTU+QQ=XstA0uc#ikC6=PP4<rv|6qB9+?@m?!uVE(kmu<z7j
z2fQ!wu<N`e>Zx?q69_o-a5@`bm4*z^$o0^Q@?sv0$WhOlX_^+22p;4Ny!YbKm!{_N
zftHSfVX)4>L&pp;m5%B8G{FebOnO)GX;o<w2C+L~J2avS^J$`Q{?(8_R9yc{!>9>5
z(#pMZrSmoWxF7RXPs0)|{i#)R*I%^QW_zBlczoVdLmdMQ&3H~Vfw0^(vkAx6*ZD;g
zf5W(16wsU$eas!kl@}ym7>bIm7u@{&mhJXdNWaEr$N(&?A0@x~v`IvZZ><I}2-He`
zar%^WmK|D+43wIBF!lFUJQGLfJPv6;59)dce)jxhw@;O~{Q?HxV^L?EJ^6HM69j)k
ztG;01(1g^Z`e23W6ju>TdU1R>Uly!SYf(kQnK~_kS)EX!v*fvAsu&UP$EPWyjaZ52
zk@q*1itQNhe*L!fs}o(-N<Z()!_obP%eh2lI$fF@2Jevl3aNUW(Jm^%UGlKadQ)3I
zk~K|nB}NJ-W5O&(sb0UjiU-~}WcYWLecIv{NIfMLus2pn|1BrP5<dQ#L#0!njQj3Y
z-;aj-H3vaqbuY+wn^LvsSD6nc-#Ysa;;Lm3w`sV8H%v+9hGVqa507V0-TO_8g`f=0
zPeZMDFAv=*;->t9w*1<M6^quzIxDgAi%AvXi%uiW;o(Z|)HG)D`;7-f#>_ja74HuB
z@l7H*ZFP+C)F{92v$6@!@|m7&YM#D#J6JvWVsW-1=MF6Cp#j3vKf7vC)_e40O0bC}
z{BSuC2?F#E-CNV~7xM#pk<<m`*7#eukQn}bm;J--k3U3}#%{S4AT8*!KgOH`^E%>c
zd;hA^(e;w_ww{N|ueY@JS#+J(B6uuVn|&8p%a#S%RlvHBlIS3?nfj9Z%Q2u=4eyd3
z_aNK?QT0IS1%tJUJ?s^QFHO(3L=8_FEsb)Ge`lcWuL@q?jqe1io7i*93LOw=(i;bO
zH8n9}`KUz*+}<ss^m>X+PkSDfld}|IN|_rpLEGel4KcT~unTG)BAmqrED%Kf8{MD&
zo4sMu@3YU%+?{VqxzmtSnePyD_TLkVwESWpLIMvX4EXeE(}ri-%pdM5Z*@m!DzIJ4
zqd8$}zHbzT#V^iifL;q$MqWLI2|H)xxgpt0Q(Z@(tn^zG62@miApwFR0ms49(+?!d
zeSEq#Sb}ksyBdh4a<u`jMS6dg_nOYFPaex<f*iK<Bj;qvKj5@|%>}xm)w)~ji8+l<
zZR~P=qha21rTU%R1oE<L4w{q_VMk5UQhE)uk^X?9`>)oGYp?&wb^7;y)#f(@FXQ$^
zouwtBUcis<;vaa&jKNqipfvsy!CFqxU*+7bHcsL{jGyKi%}&{Rt#hyU9ic{#SCiHf
z0k=VB070>f5&Dbx1#_jFRBKf+PlFa6EDCf5IeM#W6%I!Ot;44TWd;%Qqb#36m6H)$
zFXIZurvV@P2_p4oPg31?!QoOag`T(vQ(Aoj+EDub-hp}@zZN005M#PL8BJI6tZ2P}
zQ$=Y@q^Y!sTL_O_1n-M-SB%zio6QiRh%leeB<%HoSJ(h%l5ZwVK66!zuFSCi?zZRp
z9e2VilU49rQih`Sys8cq{z-M#a`v(!_;kh#$Kech^CVSa)--Fxd$i9~oOJ^GtP6+t
zvS{WA#ifa8{P}g7sobYJwK_!nwUK1`(Z0_h(2Te=O1UozGQpCt_t8G2UYRO3?`s7n
z_wsW0p@v%(4iHg-#%W7Swxh?;s5S3D7KF|;tr)lqQ?pZ!<*J~{@!#{Ff>$Ha5vmIB
z=lPNzxNp)%1Ya^^VLbPwl#?9BuI@!(J#v5pdyr%*^p-dIkktj2qX{k5$ZsE`(U`yO
zrXD1myc7K)n#^;RVyOOWJ+2-}z&>D(a2&%+A#Et_z=Xx%x^+4kPl~bedwF&PYJrl<
zt)+Bv$dKbnzu9+etAO^JTL>bG>7}#NAz_jwqoFv;$o&;Xr_8a}>c}SPo?mE-k>^A|
z<Bgpl>-XLu4X-d(k&E}uoRH&L7d*_;&h&OZWEAWx3V|S9j(6OwnUhoGrQqCmYUJYT
zX1_Fp&h!Bc|EUbRu;F)+SEmw#&wl;1J8w5nsdW-(218X?gg<F(vQGar$7}mYOBeJP
z>N>U4^i=t_>359fkEO(8@YYH(>d|UXBX%VI37I97?@H5k<nqy0q2GqTpskUIav?Nz
zo?g;d<4zGPe4LesKU!aK@Z1KmrPcmR6<>g}uFxPT+>E<qO;&X{ihZq%cW*-CE{QFN
zw3J(DUqRlnu4@w(wBgmZsgHHp)K#-NULXSwde!DhhmCQ+=;B~2LZPnaOY!;r#NTgO
zbE#h18jKM#@L?n-!8=*nTrSQ{G%6ZYuq~ily-xdPVt7wz`F<aV=af$)zmO}Zgc-Lq
zIDTwO>3pFHJ^waPnr6$`kWm+_-b<qOI^8O#*8oPRuIHOee6v<SgumKapIom8dEtEZ
z6NeX$ecS-@NGNPm2fXyAM3^qLiD?T5Z|9a@Y^sM~z3=kMWZ-#!j&{efeo8f%Ouz*K
zGi1wI<wp<!lJ(!mbJGn0zHEL&Ml|*FZSp&rhHkbsMK5L-zHkRS<@(yP8(fcbDP_>Y
z@28+6LNH2V^LizF4-c(Xbt~EWJCBIx7hjim-tUvvr0TxYnTym6^loV}!o;Zh;^CC=
za*rl~Yu<OM4SvNvp%56&e7>crE%wIa#I#E0kn|*fDwAtWVxh(1zbSV@F%<TflIO<W
zP2};ZIMvM0Qn%0$!DU`aA9J!vI-S>l2_t04|EsuUB-b^sqecCTq?1{cn!2eYX(zl~
z#P3!lAj7k{Np-PDK|`E*bQ*TFpWee?;qY6{OZnk=x#$awfmAp?>`^VAx33L{Gh@UG
zn;QR#Ew?R2sUY25^luFhHg#h}k>bxQ($j*rKR*|<gU%C#ZaIa@y36h%401>adt{38
zXt>AOXW6>6WVI1jtSC9t>z=jrc$90oTLrPCmVIV7E#<8=<9#{#MHSKi34Yyve<5{S
z|L(`v`YAINl7T{uhm>2)ewerAos=;nZyQUPIjUBiZE*Z0DqmC!-#B@B1xE|wqto&j
z8|S*%ciPyZXGWtgqJ~uMrHzbQ6Ymd<A<P@0i<6{LD+A<S5@8K4@}~4}eT+^%;raFD
z<pl>S$;`7a-9pjwiPNVBMkS8Qm6J@N!V*_=y&Bph?P+ql9`ko!+u7+c1-L}#8}7WB
zTK`<+9L?nvr{moJ)85^8FDpBh{zb+p3}NdcAbZaILDVyK1x~yfu#nouMLXpely?wI
zf2b+YyT@oW@Q?Wos#N=W%vI~|tnxIEHT(C2T&YZbqLL5Zb`+W?{|VU_SH!4p_}Z7j
z%#a@0_uwE|oTu=eO1_=BvYt7A$19xJHT0&wdY+_aElTM#49f!zzaG0t6gY8JWy{_D
zpJQe9Dc_Qk@#q!z82grFTh~iVGniL~)5a>@cUoto7gJf=ll=mkbjB<kHfh>TNv!jQ
zeScp1c#vhkltm#7T6Oo^rP~hof5T5b#S`xAXdy@8G#T-srW)zN{LZ}lE<Sny=Gs~0
zt9vdIOFMpjr(wJWr8IP`y7w(^>y!3JhV>POW+4&P^n|7_gTyOE6J%BIpJ?5#Sw+qs
z)&tfX@OtBZ^>3-sGTP6k%lT08FRw&x=M>J)Lk5)K;G|L+DqVX~^vCM9Q4wcnDTdMu
zxN>=}v#om2b&Io|k$fL!u{e{oJqYxBv$`WorC<5O64h6$UdJu&=FizzZ;ke+i_gPv
zf*?w<GBtJKWyE2X=n|Uv@04Douc(wNswE*79lU3u)~BQ4N!GgGTKHOIFW9T*E4u3X
zd}~xK7>*=<a0gcQNI%}W9oxpAZDbWk=9M{k+7%}_lU1I)qGl*{r`PRyki*vH6$%tP
zEnay^nlNJW!2NVY+kFjWCfoob)97|P46j*j!-0;&%$F=P6XgVV;`H;Yqyg|(zolnB
zkJ#51jP}IuOzB?`BKzT1^V0bmZXqIJ)#@`Jd`@4W_zYe>gT8x)CR^=YgrL3N@crpi
zC3J>6O6Z^S-x;f!QU4%$xKwwcY8rCc_t2Zy<6YCNL@`J2ie|%FxTCUAHLTnFGFA)=
zvyc|yTuQKvTrz1MBHq{$qaNCSDovyH-h(|>wsU=oc7*5#QLUvEr!Dt^D#Yasmq+S9
zmME0P6hE^+F4O*k<{pCI+J@U>f9;waHjd!UgKR~;V33MXvtYWxzt<YiHageE0jktG
z<$u{w=kLlEiaWG<cxg&=Z^dhO-ZytHYA_U0R19Dat>AiT*qBx>O!j2a=FhI)p5P`$
zH2;j`ykofwD6jVRvhGZNgpIYx8*%YcxisFom!5YQs@j)n<<K45%dNV}(~N(ZFFCCD
z4zrw^SvwwWO|@`auB|&%#OQ)+WDHw6u=M{HGTpsZLA%LTuX0QOU9<@dKWd#`exT{A
zm#c;K<VFxOlebEgwsMI4#nJNLG0^f~S>*!l&Nf!Z*Wq_^y@<IeW4H2DS{WN>$$FEj
zkO?=Zyr;W4;*FlJ(=4V7t3N&4VULFj^Pz!_-i7vYPjKjuAdSO174q8<?Dc-_@CCJs
zl~sp=-#2*;Kg@W`?TP#51rAmh6WvB)K6(mCuDY(WnVYY^Fm$zI*spicvCJ-O3QF;=
zl;<fI2+uBJ_<oioYnN8s{wgH;^6y={t>KzbZJC$V30LE<N~w~r4|V9T)U0)T<uGO&
zS5JO0otNhy*&TA^<(CFZ$j51ATLx0fug`O;70;~ByFZNjfggV@#kMV=(P8^}B#@;>
z^wirnp@sJ$cc?*WsHB~W<@n8GdkWj^SkI+MeG@NHb`ex#>t9@b#}X#2s$D3Vs{o%d
zO}Dev8)hFQymu3}<z7^3sRAvXH~kby{|n3GlRVquHUA&=XN{<c{e702t(XJzHKKP*
zy|1w{5;B;cFyL28?l>)JsXP6*0vSEh%zc`MpK~_?4m^~3GZZl+Fy?*ZVqtSMzr<!V
zRkg<bKB}}$Pq?Sy@7Al^Q^Jx@S@>yZ%DIzYo|q&1;^`4#?;QTkra8wbjnnAi9@+K2
zMd&qvMO*z4s<C?9EJah(-APubI>;xUbus(L_Jc)p;EBg2yK3OdJUw~p{L;(2pS1r%
zYo>?X{#y7Vexx9qT;9(K#e|cHwP0fR;x8T5L*AKa${IfOvZa;33Mzx-Dk7+lw#_>P
zh{|#TI0Uyl(|+p99F4c@>!uzB9IMCIw`=4zMyp}g*&*kqBjBZ_9cpp$yg?|Z*2@;A
z^%Vx(H}{4qxM~#sVw-h{jy7m5i}bc^f*|7GwNX~qm_yTnb$M2<>-dSMU(1vKTEhJ^
zRaKfehtJ>GdKw@7A7}NQ?KZ22qV9c3=e(?;ktSV%lIEWdg(@uwMwKZkqc8$hQzk)}
zN2GZ|{Pl;0nvWq^QSw$H9eyLF1tp#j!CCLrp{Ba+3AUxTl~|K?Jyt2h+IQZKCtW?d
z9c$yDd-G28X@|iu^(uQv*oXT}Op;8GP^Lao1LMKi&yfs{fR2=oMsiWjJi}DHH3N1d
z)DGG;WAR^>-<}Z-WVY?*t3p9Wat=7M$Fh^cuCa@{P|BIBRxFUz??(z?BM7kwP}-n$
zDXIBJ3%iLp{qHLX*aAdH%`Ka=L_vHTzk4zVc$aSsSdOb&`3aI-zTwId3b>X~d#k4e
zT#4RUjHasbw8mmlo3aE&IV;n3kx(9Z5ZquP@@rm1-)t#<D>PzCgqeXlJ;@t?3RRlk
z+d?DKrv?X~P&ij#v^9IUAG%v=GqTMx)Y^GUnY4^pW%buW!g0)xy3F@hBRQ%myb$F&
z=+)C*Hu#-TS2~jF!Q6h%bFztn<7>1o)Nfy47uQLa(GKnYqBI0<SJ@`RC+F$I=YSkf
zP~r3yDi7CW39}hoKfm|1zi)z;JMCJSFl9KRK1gRxTTzUmJRnch;aTIo5w)GGsUnr9
zz)vZ*gs!8}pfh_e@W=j~`z577Ka<;+iVjYte@rHJ{|+k@WUnT1)6z3G<ocI{-k%3@
zFN?^Y%sbUI%1<ibxTGF4?gFdSe#ud*eIUc_tF`J0uwofIZ(fNpkE43(CDr?DM|*3F
zU-(8|=693}rmJDU##Y;Gx+q`XwnHG@SFl23W8Tc<lS3AXTRZD7x+)IgQ<myGPf)I9
z9|}>_&JRMytx)#sw_x<#xAbNL-uk_|nf?i<o4e-Lh8mP-TZWWW8;ViCzahfBi?HUZ
z_}7J66j?(~s3%dbR*(7zM(bpG=^ruo%M#FtN>)@V?TVlS;UK$u*>i8W@uv`5(yI2@
zqVRhIBC}3DPyhPUdogujj?Z62Y<eH{zi68zDXqdO61@UgJed*+h$1i>s2V+?4D&Yn
z?P3{bA6O+1YAuhbXQ#E(Bk#d#O(qNGhF}VgL!i^001FxguiZ)26S?|<4ugjwHA-ox
zx7!wvn+clM2&Ki(13$AD6sUye8as>a<jiD;^OgD@j8RUL*^HvhYi*u^%PwOLubD0a
zw_bUrG7VbAf2ri(N;4N1N1vsh3~&YP?oa;obvF)r8bly!FA-w4k#7t}&r2}X$D85g
zM5fg3@%IFI^7iA?Rc>8riyA4W%E$Ju$Yw=W)xT<?^)-s4!2a8eM#|gEr+VE>XO8JZ
zE_2jHs8Uadowa@n2q@n2BzW3ONr8V63SWo#YTNwGk}dxCc+$VFtZw^H*_NGVJ0Zqf
ze%8HY-kQX}zNlZ>)wxJIQ%jgp&hI&&lz4%cicfKPJN864sTarZQ`$$_EC+%##p&)u
zvT-zjlrgdNhf?;mg0_>f1J<1{Jk0*G<bBsROLr#(Tw+*F!h&T8HIsm<sOJi>9}L|b
z`<T5X%*JapPPc*0m~13o;Y5C>y=wBjllc!xE+u3xY2jzaUWEr@h!LI;hRS7teAP$j
zN(ilQ0rCFK&%~I!gm6NMW=tLzGD#jr?-rW3#EOd*_!CMDvpi$}<gqAk|JvvP3dL_<
zt0qn3GorsW8?e3>U4GXbjH2jK?ik2Kb|>qZ&<4e_S-wInVf)Sq?k|om6k47O>Rk8n
znG{Sn2gplTa^~iT-A{1b&09G!IcKsspJw>+?eACg#T*l7-?cB}z}}@hIFi{Jekp39
zzaRSg?RDaC9`lz_njhc2zi$n~@k?W>vaX6n(Idf8nmFBI34O1`y$8Xm$3&su!*E}}
zIw3F{#EkP`p!e23m2siVP_&rmCHMg6;WW8}5~g5D&v730*w~jF+fAsc{Tjbd);lHL
zyTO-O{ZB5<U@LNWzHU0ttcVMwdZWf$Oc3Eu`FGCS#VMA!NEr7naQ@WRUAH=bjngPM
zvu3}lyxXD^_-J1uK;QLnZkxJQ`t+rLQN9P!3wsn9SAqgA;|A(cs<LvQVrhgu!rkRJ
zZG1To^8kzRXqtqZE_fDF!(%{!VUPQ)<659z$g0OsYiQ7K?-~tcqDSPOdy>6X_7{0I
z(NCPLHvJRM<{axwQkXu~ug<}37lNo>@F(|8l<Crts~&se)FJixD&<JWd_^g=wq5n5
z(^DV=Pzsy&C64fq?CZt~+|QWo>)MLazx#ZZR(GAlovKOpNo;w44}0YtDayI#swcfG
zcWiDe8x2}d;9%bZ{Azd?Q5KO^#`8_f4*pHwMi@%wO(-TMr2Ent{_C42$(tDWBF;=O
z4yhfZx2e-pJapT`S_PILYL)ARAxwqbdZZIfShJLCt)dRQL($pKYKc+&x=frS`eI57
z>F??)t!iVI3PIQd__5T-E^dK{YJ-n%W0dAm@g@1f5(3Oe-2!;F4{plkMk_%r>YwYS
zpGDk?pzv5Cn|b+h!Jcmg9rtBi4$k$lWmQm%p;DfkIv6}A)|S<%__6l>=d0_Cn*`MX
z=s!`fj`(%`ZU_abYW_WBpgO-7xa-f+2f&V&AKY=mjC1Y%C_UTrUapC|cYyyu(>%gI
z=Ml+MsRDN6A+%Xn16e2AdrWwCIITN0kp1mdH$RnYFfd2Fj&fO$#f77@$0G=`M&_sl
zP&$O^y)lScD0<>*>%y34dc<w+iz)~EPR$sFN-mMZb_p+K+{aa$@i|%#<TgXmRl46i
z$Q<ov<X0K{(7L6bRWLmno8mjqWO2*gHg;45Z4Y&qa450$E#_KVw!a}YVmTk#3ey>e
z{e>Pe=NxeqM_yu?cvPuKA-|S~t?u%mNV*8ou)|cwMdm$1Z4X&lf|*-pFgh_BpLgYS
zL(!#ORp<2RNpd|=mvW%*<byJ9d--oO1@*I4&E<Dv89!}SjqCvKR9r%a(uvD1V_TS)
zCa(>-e?)f0Ke)hy4fXa}Z%jVj(42|y($C1XhA*qSdUw_1AEu3WKg@<OPShtBVm=+5
z3o%<%nGBge#HglY`eERt*t)o=L(kP_@I5w`?rNjf7%95N;~qOa)vEr{EswETG0ugP
zpL~xz^DJeclABSHAm3wwQq;cZ^my}9GX53!+IkI7-;v7>5oISRS)!&cT@g{H`e>~9
zQ@dyLrxw$mA8S2uG?^Rd;YBUfK&p0UzHl@IGAyh<6B6@^QhJj;br^lPz&4U&A~u(U
zWp&4_qeX8dA4gsp>U~MdwN)X+pLd*Bljfi6f-7GN;>(hT>joH^_8WhzTqh4z`AIa}
zTLUigT^eeT#B-gOm`iGvoU+dGua8bxg(rsdF*(+>YRlPu1I&wPGU5=Fy{#_BBiF0N
zmlcYSP!7koOxZ<-qOoW>8+#;!WL@xpjOb~D_r(ug*bl8%gE9`T^toP&wySGbxZByC
zvFM(#f*?3&1<p{lDc`iBPU`_+2Z*l2MeEf)(SxV{Nn6;C8_8%TF=Ii`H<s$Gl4)Ub
zK2!0)g7l8Ip>l+Grf1)8RVyMn1lzy^dx}dt3?HH2ZyX6XKX;rRltG)B@osl;Z}D~_
zVyvO>N;J*CqoK1f>aSI+$+m0JVbR|8tra6nyn_Tb;g1zvhdbw?+o{flxg!G%J;pKg
zER{LVObA&lxw?J8{+mu?dUeSNK|uU!{cmqygk+{gy5*wI0V)lu7mGh%<#sKKkF5EI
zPPHsNf<8mJr4O14lVe-N_q@NPVe+Uw^XJgtAt#)KEgTE@qot`o@$R5C>g{v9r)Ct_
zhqf^w@8S7IT_Tp!b)Z=XCWNw=OOuol&=hKs{)X@F$7)CV5rpg`kVpHK+Er`<GJvq!
z1d47V?S53lbh^e!`?;GZy*inhG@=ycx?SV3GQ33$(e!|=6`D=;hrN=Um%IdD;B6&8
zV>e~w5K^y$NMl&cJ0k98M1v7VgeGT<{=g0t{*0Y}D>hC^O)8twtBvR%SmXDzp78gf
z&Sk$EDb8HMG;y?160>jLk%u1+A&<jkKz9pz7Qa(&7F?Os6<!xjOW9iuB<1+GENHtI
zYj?QIRU>Lre_~}Xsb@!&r0TGZV5jcb(06Tcps^Uh$wzJl{#d*-8Ddk*QDVND{r2@)
zo;FCuTSvJETrOau__K$PXBhpbjB?3{QV<)qia^Pd<uvv-OU|!+>8!D)2gJ(5Hn1od
zJ*{LMTOxVP7}uUsEchEe5sfRUxw*O}q&L4>fr5q*Vv-v{$+xB#&6#?W5PWk@x)o8E
z!qXgMMhLlr4DYm2t9o^|4tu5?J{P_SM9TWzQT06A#`=6w$m94sXjo0uFv`DGPH>^?
zXk->_DZ44aqEcoT@z#=MVT+X}??h(o@wBZ9zn?f1bTvmz8)w0~J>3ZQkR6?@_Y<dM
z%Pu?Q0&)N8XBKG*cc_FE^P{@f=ZQcVUDu#-h_dY;vc!O0KXdygJ?E=o^v3dMGR%!)
z$I7XYm=3v6Se)ORqg-rkVw2x1!)?tJejaHy1@Raj@d%#D?Rrq+;PYG|do_Pmn?N6~
zFsIRxPuHtsySNW;<ky@n?=J0j@Si<^y{zRD{TlNe>NK*p|CE9KCN``Ok<m@I&>ng+
zrvja(WLibLRr`5`h#U3c_*we-*!z*=Y!J-f2QG>mY)CZ<ts_Mjtp4JZ0-VI~h%S&P
zDMoz<J0y#@^HGxaE5r7a()&bQEO<m=dd5s^BhVoK9M1__YR-R?%+~ec!M;zUKuM-1
z8jX{0zaw1n02WDbCEd}M?2CTT(Wl^(xVl!bT{Wr(nD;fYwdd9RV>~I8_coy%obsw8
zzF4r}FIrLokIxj+uXKqj6SFm+ks8IsTZ|Z~knKgETs(vsU{;C_Zatqz1BF2xqKg~`
zLnOhI{FzHXnLb-8tx>kl94PevJ&`82ex?}S=3-p$-V=f?-F`t$h4#*MUj<QmXN!sj
zV?%~tg<FjCoxWYW5<z>9aCm>jgN&pVALPq&eS)XOg-8VqS@Kd~y%|N|lo=yUZW$p4
zh&Yk_km12mHp;@ov@WS~1wi{?q?b1WB1gUjiR@w<j`NX`FqAC6bMS|&N9=<iP1zw}
z6{3FCXq#2Hb`PE%$niW^Yw7!#f7yhOzX(tH6%{FM$*uW&Z1ucEtr?GQd+%K9X7p^>
z`YT@9KCz4;$H!C|ra|zM7Or(QExKDw>$hPddbN<P#d1XUNH%QadRZ4JHlZJ){vz=#
z+ZPd3cY|nY7%@X=s3C%u67kMH+`lbW;jB*3CVR=n`n;j-ZJQ8$AffM(s}nU;%xL2@
zj6^ECjWGoz=$telsPPC7LzzbPc@`OTpj8!qyPhYcr_J&8;GQuAW2^X!vDc7cf`UZp
zDqM%n133m@wsOQ(4$Bqt5+XA$dzE@;+(BTVI!y%(zJ1`S1tbx>`lK4KCbYMM#0pg4
zys2BY$B`e$H<@)T!8(6o%5z(aeN7ZtxJCc23L{OBY<tgkN&eD#rL!vy;tb$wNV(nv
ztF{cIK77$~$g8zJrQSGuj~D#J^l|mlQS;eolYiN7BE?J1I(V{W5&KOmw4~ENIB4Vx
zD!a?r84?&bW7}|2`4nHnWvhhfb)0o0hMOx*{i)79qie4boB_XVk^X25d|CY>Y%NM#
zltMZ1Wwt@HBz%rJm4@sw>QhF|Z#4T?K|(lA_kkj2t?$O^7M;R5v6vYbuOfcz@=v_V
zFnY*V?{P4FwDHQJ?^({d!{Ji5+b>sYA}&NR)nCG}yf9lkZVd|e-Hgdf1eQtZbHY>h
zeawA`Bs(@TM>JEUFRIdN7hw}GztTY*MtEcxU{JRNASPbK%Kieo%7u3Y51fIz2M!|7
z*6RZ6i-Zj2mJn4*$HPa?$3E#Dj5%LH+DZcNjot74>r3zSn2yb^B+tdkm8Hr}TpTtJ
znt7VjDN=4m-{<)pyjY<uB*FGZF>o9tv2_j)y>=lEgVS}6sP7NIPj6^L|EKyp+eQ!<
z+h<rZ-zCY)U=R0)x=)vq{TD8z1lk-CbolZa8|O&(za|9AV2D)KU|UQ4ERjaa2BA@S
zQs<ox+86uyHLlEy+}<@!W$uNvGYSV{>L1uCEvv%_TVkh1Ad=v3|AGpf@uIvOZzPfF
z>kt`NVosPqpEt@3;Ll#%x!fzfPCUQJ{S4(UEb`a>2y|rZQXSsx8RX~Umt~2Du73Xs
z5u0@<PPGbE9Oc&43!%eYeNN*8=84*bqE)meB_Ez_JVB@Y8y7VOgZwm{9i;CcJY{di
zh&#8Hi;nOs4mlPgquK3cKW-K62iC|=K%okJIV}pBUY8?D#{F@3!dkq}EAQm*NK@aw
z9KK<PSok<s7QU%{<RSN5{_Kx!ezdX8TICX6Z?Wdda8f89r_d&_dd2CykfX1!RL&SO
z1LT=wXrx0QDyO;Cl}(voAXN+wu&W~Yaf2CWM>4TI;i+AhcXF7d#p=12`)7|dQReU8
z9zO#=Jk;fb{p>7}z|X2B?<K_t@4%ne{PXOCtPLuRaklh^Qmym`aFHOqLk6L`_4;dZ
zkuOdEav~EOqk?KRG0=>iFz4!R1Pq}&?gzUvwoI^gjpm*62OZ|l|EVHs+Te-joRQkF
zfn*tkL>8eeA~|wLNGfJf)aXF#Wmim~9x570hb_}Y4au><NDm(66KBm`Npu+R=X;gq
z8G?RIHws#iHfv?I)=BEKRw9ydlucWbBQh*2oL<vJ%Lp8YIV_B*_=7QO%ZdT#JVmd~
zx|tO{E_m>2A}^R{&QA!CRnmzr7X*Sn<HptOWt&t4^)K8{?44`joG$K>x*G>{m?xnJ
zGLaeu7g&0W8K%-jt(rsyFGWX@PLD*Q6XW%52m&(m;AWY03o&P?E$qY-#2RvG3e{mh
z2MVKl*2n-;Lq%5Q6S${SotOINS^UQRWYdnCyR3>?VGFrSp&`0K%OS?oi%t9zwP5WA
zHLxJ-P?*5cgP#l_FV>x|8qTI`J#zeVX3C`Z63tb&lD0zzQKga-2pC44bBb(UTLVky
zqT?3{<h^@If@PJ{QrmD%Rv6VVA0K`LW9nS|`)Itsf1(!PBrlW#iePS=TCq-kBsu5m
z8Io~=C)oWX;3kA?Adj3?1WwqMy@TvF1Jva*L49adpm6d_1G$>G_MiDkKdmC746!$g
zlQXbY>Jz^DHA_mb^JMB=B#>7U!d86r_k6cpKLJ)Fz7SSZ)aAbZOPhrkzp_Ly{az<L
z2;<X78>fLeBMPV`Y?APDRthK{OyK|X<%lOqC_*k9<`Jy-wI7e2&C|cfpJ|)c&;oA(
z<KkBuT#`7nh!*GE7Vl?|tYcGp`w2!ok($O}TPKgs5oBLIL0`G-5OV$?L=dt>2u6h;
zhBu)|q<hF^n85g0L|)59x=F&k1mT2%VJRg3;TOhebq@FJx)mh&7yQeV^Os)Df0G75
znFX_Jhu<!*H9OyPU?y88uiqYv*0c#mI;g%bI%2nup^>k`uu66mn*E|vX8M!zXPBrE
z)No1C+&$nrDvA=e`DFo;D=O77JOg;e-%H(E%ABk`id9b=zuf+QB(t>3k-4DH*N`%T
zB*(7x;~6@!paG>_N}j3p|9QSg<>blB*rCAGyQaUi8#>&*<GK0we%UD2BAt*AgI;~n
zvP|T)Qp0^e@sY=6{6<){g4Y(bct->x+$^;jm?Hw{!~kf7K!;#}h1)(J_bT?<1-5A%
zV>Z8B6~d205WFzuscj#(k1_Ze&}jD2E+C;#>OjZkm*jA0;!{mqwp#yo0rw=={I!r<
zsO313)0r>7lm*6miZn$HdHlr$6=d=^`!W8fFw+rI#wU||?o-NgZ66|6JoVF=tG9_~
z-F8Y=UXei~PAi-|(@4snAxmB3-(HPw8y39gq*1+>kzAVxiL-H6|GnT-a49@aFUf$1
zrO3zsQ76B~P-D`~WpI!8vifBuD9{F2t@l;y!EK5dq8e|m@?hI|&qH;9!ETnhqUB?;
zFoE>J#k}=^NgE@5Dr$aPEsj{QA4K>SM{GD)IWQS=KZlJ(-TM87hE!l3sHFdykN$gZ
zqpyAu0~tA~$9eTmOc;bRC$fxEIQFWT!c4lIJiYf`HkP9`-PG_qr+bsbCx`UR2}7@G
zvt^I03=TL&8#TW!JN>T_W;Rgx{I5^?Hh-c02I(K_OqJi}uqaBcM^d=xKuux;){l{H
zmWm4ocu0R2Xs^j&v>*|#t3XtHu-2~PYc_bux5+Q2e~ZV}U(SsQF_b<tHHX6IoEBNO
z@5C)8O{p*Evo2V(9>qJD=V`tCLm+1@prKJfc}@c@`W<$e{;@D(_4Y&mV3s<?j<&WB
zwT+{8zF}Obk0~l+{&d3&5*aQ0%{&e2Cx+@$g%<P6Ee|=Ym9q8RxM~XZ?3A@}(u*s%
zd2WID>-YYe)Qgykt2Iz6gNOjzWrCrE<-J7^Z)RPd$7A}agPiQ#G)(}F)OiKTHBY{@
zXyd!eWc<lR*o-^^2FlB2M+`?Ky{so$)?NbnxzWXP`mndl5}t?YU<LClsG!{By^2;C
z&Avh1P0~G}sAuk=n$&Na?OK-IqZ4zp*JeDh80Fjam?t=3T7PlG#No_etP!KgEzTW?
zUm^cnY<lKC&!qaB*EU01APNk*5zDdM2El>TM@9lTaDnNMJoPz0&nnj-Tb!Q0H3@K>
za5}<I0~QA8U?m$y^QsjyS$|H`n&TD3=5lamdmS8y*|i3ezsL_zOa)T0>WfN+b$Mcj
z{1Kg=2p;EOPgZE>Th%M<%2oa=NUo)s35M)=7WOq{Y{aZ#W}<nqYn;cbINQKHaT@f%
zwGOtB`(@c0Q**oIP*fzv`btI_TTIw*LSEG>x7Lt^sl(_G-PY2GxzvfRwS=67STn@l
zJ;Xks5I5><k^|TQ7lzsPLaMzxUfzUq8;c}4q$1}#7yacvrWU#y&%w`Bd(Z4V>WxK#
zt;PPYA2oth;TD+<@d&DaFB&qL2G<@Q(S9WJ8s^(MMJdhmv@!P)nw)_ZbvPFd^U!jR
z$kIOV<x0+PbvL#OrIkcc9G)C5?(rbIxkS-atL74L^<@y`MnYRECEAzYN2}P@OL=gi
zuE(F8;r!3NjnAIBXICDE%cGs#N+>xS@+djKmUv~5<Wr>ll!x0MzyFZ?{>W10Ci;)S
z0N$`drK!^`>T8FxI+CdkZ0#tiSj}aRIbtgG-!@PaCd`oYdlMzzr7e8WBWz=?P#d#t
z*mV&tBFK-b0_^I8tQKDY`8^Gog1l)1c3TGgCV5tT4#XX?mBqNc#R>L!YR33Hb1E%y
zxk67F7$n$b_Rpj)u`C#cEEq*C@-W~koGlIxKY*{5UI%@W4*LXycQQAyqXCCi=kOG`
z_ISTJFb&r<VMR&W<v1Syl`Z9LhnN3SEu*gKD$bflDbsf$(!`1^KjYKpL{s*7I$Qsm
zi1Z?ik!STQaJ{Q8^E&9qN^mQe1v=!C?}`j&@aGWVbS?vCRlo^8nuA5Am6wIt!@=wT
z-;*sS7HsvOr$K=SH$p=FJ!e4y<;@8!uND(gx6}Z4;YdOXN&_Pms3ju>`Tei6di)Tu
z^|XO=gcu7V78VTj)le>MDn8Gc;RE*`VJ?n}itGczJlMlK+X@8-0eLid{_jDsKs*dc
zZ#3X9j{@cih6?7&iIp|@k%cw5wl6dq-0>At9LAZM6w*MPE%*=)cS~3N0K%X@6D(%~
zlo_1jgu@oh50ATLLIJ5mZXR3?=%q878AP|VDTEPl!>VN>lJjLODWrF9BKRa88}=5#
zFqHQXV73-&4n~a51|lqAH3#z(5+`uuxL`MD0^Q<ZY<Zw#T#+S%cZ-jL{raGLnXqZU
z)s}s<S+f{52v!Hm38LY>iN?T~FxWtf1w#vYk+lVs2K6poq;BArtW=;|3aTw#3dnYm
zQLs$_!lbS#!~%~G*5f~pGyWgwk^{6r^Bh3)3P8CSTd)^^o|6F<RQHXY6&&RgZy92S
z=Z87i6aa2932BRs6terqt{u6~Wc5%*#AfN0Hx|DA%NSTXa2vf0%oQI{e#d(^ILGqr
z^Hl}UGl0kp;zEiocmycF1<DafAqAWO;C46|#;d$+0XA!alZoJGqySfmNL##OFy0RY
z;~vP`EL5PfZ`7`ayL<I!%{J{RiQq&)E1W?2%c5$XUHf-d@C|ZS@Oo0<6pB94z0TpD
zz7SW#f!%N<=Lc?;Iy;^yR`9yS%wX*#q@TCYWH=lbFA(uU$bRs+#*2v^U{(Mzl0e7N
zfsV@qyylI}lmlPlp@3X-0Km=tf2=wc87wy3E0Qg8ItF3vcSh>Q!e0phtYZPJqq2b>
z69E}HC9fPxA5;ML*FX&D)JS!Jb{h&v@2o`d-UxHBOEjQfBLP@f-**VPfirAYsx63Q
zZ~^I2FlI7bkbXGQRTVH^ZBs?TvkgvIW)Pl9NXBuA;Q7FaEdtb)>H=Rjq6$I;8aC{c
z1iHHpaLGdo=?@IN5kTHy5F&u<e@J!0=%{mfbplvh0yIV$Ajl19{miM@V9^=c3_>9g
z-VDO=Ihho4Npuv<3K-I_Kr_PtCm8_eoB$^Q6o4^?z`?}5GHo5rIcFw<GZ~1G1E*>N
ztRMir#vB9V>l23x8#e3<11L8VgIRhf1mI1YDg^%kdQA!RIwKLV6hq)m&o`!Hp}4Lf
zYyjT>PwO|S4nU1E;1}(>*8%y6K>G~Q@J|3Q-Abci{|#-~4~d+a_WdGSSdm9E1RCUW
zSp|?4peLAs9zc(QZ2%^AX$GtxK8b+B=00hF7-&Fxd?L7!1Y7Vgz&sZ=#Q`C&m&E|D
zmygi~i%XLKSB+2r;;7AoGXjYLWMlF)i=1b@;jG}7qHMtf0ACEr;JHBS_5ayuKrDR2
zJKHc+_j?n-8lW!9<hY<)pc3?dwm*~!mJ%caNM;NQ2IxQ$gZa;1$^qHz|MLcAEWC5v
zAe2Ax7+Bi}Y0@d)<2xy!B~ier{w4+#%Nei`15!Yh$#6vu=_Tsy*6uL@;vN8n3H#RH
zqmRsNtPm^@@QM!%IT0!3S|GG^L8PJfcdp`VA^?Cu7%TW>N@g%{|9^Vqe3RgOXS4Jm
z4Ybt#o&cDF4k#1M3Lp*}AkG6I4tWfW>zx$<^6QNi0J1JD1zx(%0T7P_5HAK0Pl5~b
z19}$#c!7)h|5X1<bH}sl8VAr<Wk6qnaRK;$Y6JAuu|OQW)Z~%?O$G1EBx#i06Fjhv
zbw&W3XC&Y}1pwzMpNRun&D7aeb|0(TVKW*K42pbBz;k@%V+FH53nb)ZMrMBFZOV@P
z0c;w!za6T6bpMMVR9@{978PE?z$0754~}y2gWSr6ABQ|6T}23fbry%%^1(=jZBNm8
z0{7a+f&kI}my2841OHVxL%h`h)by7zg>V#O7X%prMcx@po8a{(3c-fMU-Mzx6&MbJ
zwWle*G)(A}-hyF&zs9>F!>b49!sT}*+OjZpgb|23umt=)6{vYo1nEft?>l&1=1&0-
z9_ukgzElbmNb<inb8$?-t!Cg5oi7MniFJIUuQ8m7vlYSfKRxz@8vdZWQEoADxI^T=
zAnyqw>qqaSI`d~!fm<r75d9Rl4+u`NR)AWv3cUflOwJ5m1Vq(wC%tkQP<aZ1=&gC6
zmL76O1MrwoG4Qt}IU2zg@a(jSwlGb<LJA~EvHs^dw|Gs5Aq0L{G6d5%j|Lc1lSfj6
z=B&LT+Mo1+>@ryy8Az7{6Fm3T0TAyO9Szg)W0)|wnTqC1Ll}-Gm{&0`%vKA)lRf1F
zGU(h|1U&Pd5U5FLngo_Bkpc_q-ITnTyJ7-t9oY=xjLR}Y0Hi<o0_Kf5fe*Gifgt?l
zijNfv%t%Ze477Ji`e@@F!LSZKwL43=g$IPQc!oCcsU1`Nt?^6pM;ji=^pW7Hts9)J
zWI!ST6`~#p+F%+Yms`{)xW}9nerbr32DB_JauLSKr27JXF)T?AIu@3=m}^L@`3?4K
zm+gyjKh!=rSCR+D7M4LKxH~}Nmf(MG3b4x8gv3{lZpnW#!P+ipFb(es0FB*B>GZ)F
z&K(de&zeA|4o4v%uQUye!MYQGkU?b!p>jU;39q|g?Z2<AU<-x~*l7-6SX_V;1T2*5
z6TdOldhKCTrDwJwED`(ya0lXmE&QkZfH$22Yz&A|PkhPX22_CW0W1X;Fu6YkWa_p{
zALWDLr7qaX;AfQP!3lti0Ai&;m^m0T5F&uk=bZGvkpPIKUjVoJ4~RD10Ynp6c%DGy
z4ge|up0*A!u4X`<B;du;051jvWO^VgNCA2D=Ea6@+kM`L56mzC(1J2B(}0|2;J%nd
zaG@wb4$#aZVB^SujRQWq4salfpOA|Jcx@kF$W}NvqRqh`0oh?PFb%+5;Q#qB%>SJl
z{O2zLm-H$F!}82Yw#ni6iZ{-U{GTKu3P>J_QLqF68asgH|9M8BgBAc4D9PadKy$wg
zB%eJwtwq#Af9NLO7>mZRy>RHlMBtmVb@eM~LuYQ1U{jKsn$LCD**D=&Sk84e;VxTq
zJ?X!uUNk5dGI7?vJC`e>f-Y><V5glC!gA|jkpp)^!qUIN`;NuH_7LeX)sW3N{OQx6
z=rrLCijmM}oKi?SD%$6wMW4_SiX)rJ+;^ryN7ma2CYvGpqp3`>V)8r_EulXJowv5<
z*eEa!Bx?f_MLFr0=`!vUt~JSBLpQ!a;wt;!6*hWwB!d;vb8gYT4Y}8keHe1DKTfa#
z8WKfO>5$Pf?jtuBi9p>RAi4SR-<2L}^rRjUG@0u1%0))k(8`bh5*qAiPra@svYEC&
z{fw3!`Ze$0fMh}!Nb=N^tov8~eT`<)_ltM^rGp;|BwZe4GcI=YijE3`(eFD2;Y#@M
z<vl{GZV+{^!DiNB<t7Mc-B8{#p8>Nz>x#XvZc}gmH|qsmP$47NrDjHA#-g9^%9Hp?
zL(iN1tCkpJ@m%6C_2sf<o@n^<<>L5w_zTn+kGA9abA##j5tO;$!52152UQeIhVx&r
zWeq^uifbQ!cwAX?UhiNj1>t)}%5a+}_IEG}5>$%{RMMm=4pb?L%IQvv;r!R$B%q<W
zqwBHclu5zUj0j~ZmbhJo<Hi4CF|R#3?SbU`3j$#JoO}mGfdLpmK#R5|<-y{;ublP`
zn$CJ|x#;<ZvUt%pT=cT6qXA$3qo99Bg8j`Nle%+gO5qyZHJ2E8tm5#wjbzF(i8yYD
z_WlM#IoCSolJe&4;0c~4Ukz4xX)rqS8HQr&LO}RvP~CO`!C}OzC_DI4@8+!R$%jg`
z-DaWvUb{Fu*vSK7Act6ghjx9pJc&nj)oS^JW~wfsKnZwfCn}ytbxyafk`9SB5H7mh
zJ+FWf9cX0m=4|EePu;g4GRFwQViX+Uo4xzXoX0~ltA}K2d?U&TE=7{Phku&&cd4Vo
z(f)pcaw+2NRsGwnzYQA><fq=@#9}X*5XE8(Akn2*gg3~67Lu{TafC0(V~qo2q^%)(
z6ByxG1FNKQ`rjH*s84otHU+wD0=<E}FX^(UP-w-E%go!ernlI5meA)J{6hE*^VPFZ
z)Lm&8pnc^fIK`_RdnY4Q)3?DmlEEiYJf)Ul?z;%+;K1egp$Y)OALk;>3usWY{7I?b
ztNlFO!H6jo>98RzkR*)3k!KbJqGboa;sZDfBGCYddt@BoUTUZS#5*zoVtNFIqT3Wq
z{<?th>VJ9j2n>r3eyAzObYheLs%HV!9}EAh4m^-=?BHqhx?VxG6^{)dgjEA%Ol3J2
zJutI7A?N4)naTs?5mRqVjQ#jK6lS$Jk&y8p06esCoJT~o@Js-*pDIuT1wh1~0w<<`
z-?<VbYzuYEP9lck{N=0Y_iJ|2-*5-gf;=+<Ui#b1wKv7YK%Sb9XNKX?V|$tL8iNSP
z!*YjHZK1IJ2Z8s$L9l{T1ohbd2gVNQCh@?Q1e4d$_Hy3#2wON>O<d}^Hre;ij!%@S
zI*{_W{~%VO0$^lw1A$w<=>7*W4>emvUpu-y5ujKX!364-934RPNGAIIIAi@=9A5t$
z1r)X3zL2ay7go=@tdbPm0|elvFbwCJu@A_`2fcJ7?1arwDRaY@(+P(e9hTC1Fgr>a
zB~lry1}Hx-E0ebcgY7Kf#=-qnB9X-E3(b%3Axn}5gd-r}4H!(`>#TDb%y719%Tk#@
z{QKW0AS@<kp#pHQw^T9agHkEE$tWLGu<L-e=@J^D+i;cbZ<oR{ZFw}UW6bxPcvAF>
z%cuvNFU;b<J9PVovUgBv{dzx&&c9sy^?(&B7x!kt&NyWqy@N$52)cpU#N0$}d%M7t
z>>$n4qDTq9h->AdRq{ximGi(|wQt{ZmnZ1Ua`Al2Ovf--XuLEDgIo*A1$VZhbuA#z
zG)Khs4`!V}0to@326YUkw(7g??H+l3de4i)=VhEz4hMLh|HvNF)ub2AZvPw}I)pzC
zuuXdY!vhNbQ`F?b>^a-r_MA%pm-v7X5?|f+SD3toD+CzBxhpIf(b^B(u%B<2rYb3Q
z<Cfhnt&#&@OsBb!KiOegZJxdr*Vztj&L+ryde4nHY+$q6?#4y(<HuC?+7I#TTWiox
z)#Aq-?=Meu$R6p_P6_^($=W}oYsgHsG7)F(5tzEYCUNdeJv;+Gy74hutj{2a&29hD
zRhW5m`Nn;>bAnGr2BP2OFaz6KR7^y?TH!u^3Mr?IMZD?)hM`u(z}xq`3%Fyi;|_#9
zJMdZeYW<=%%-QCevf?{NoP4LL{3aZxW8B_-(?{2s&%pAX#tyo`=8IHCf@pEHKfORg
z<o}`SEr9B1f_7mbIDz2q?(P~0?(XjH5L^=6-6c2&cL?t8?(PJ4g8ZBJtN(uYR!yBc
zYqLGwz0dTt?23E*MwOq>3KO1huqqOqp}cuPs#LaEqwwgo$^UY7Ocy1YReyQ5#IQW|
z$nommg;Po53w)b*0adJPGtl&r{WbNNe~lAe1?2tW_9bCs<|?<~_RprGY-4tb!56ZX
zvXD#BBc7JLv{CtD17L=anr<$*r3XAOtPm$lsqvr5M-4=eJmtGOYdX`Si9ZfIQKaY7
z8p6pxSmY^ur(=PLd-W8BruIbi1eRtnD*`T~Pkq%*mfqEepI476!uCBBEyd1>9XVu6
zE3yS|U{<jl#M_*R{2OHn1-UM&bHY+qoXm<SAvHog3?vl@=k0w}g#An_Sf2YLBKaFZ
z(QZ`d_y>gk=@-X~YPneO_J^fFPZc2sz+aOI_-k4}md^CQ3LB-=_%yTYl5LSp!!@UW
zUeCsTFrJPJ;rN^}1E>g~9T0$a_(uviv-{xvROj%4`FUaaG==S|(C7brruoM9*JM^G
z=f*qvQ7mfJ<HzpmKRH+3Ok(1yjov=|+o0s(g7c+2SgFfP)6db%(u2Z8qdG<$xVynW
z+!Nk*rJ4FqHFD;vnIw?7X{K)RB4|Foo@_?a@^*J@u>y*Lg0>Ig+9fvhg&)yGHvrI$
z8vHN>1uVcvUTvrwfFKFwc&&40@b&x|1oF>!lGLz0_S%Pl*SDyK!BV`^Z6T};z%>@_
z1@<gfNznf?M&__9TcBDM)zAG+sQb0&cKkjJN;MiK+~vXZ%?pX=r2Qg}$&b#N-(VdO
z^PeS_6y`%Mg1y@rPexlnu7;=B%`AsF1bflP{0?^1#oAA&*k4!<lVYwx$NWoxro7#q
zsgwUi(T<+1H~Yr2U<)z;mbh`$5(T&Gc?RDrnas(Cy9AcVFcmrD+XHr`;1H-Ysa?Sr
z256IT<{hte+>(#hw2wYePT#>EUn!Cku3Y~xA(C|O`Q!Xk0K)Co<G?tTt`X4C{`?l%
zJ~`7b;#BXJ00>Dk83byHuFID($whBVj8z>9%>jh)lhd@H%Zp(3ZcD$AJz+B)B*W<K
zBOStrJ-JzriYGGVCclE@J#@4XI5zjWGr6)H>hg>Vo{jDMX3ka^-&*lTz#bOQk;2+x
z+Du}RwJu`9vb;~-B~ryeF@LnQLS2VKZtq)7egYQ=%xvs*mcz`nwG@DM*4x}9LW_sf
zhTm{V>Xr#c!m^k|57+0{ZAm{Bwbl*7Cw8f?x9|8QhKt@p-};IKf7^!$|NMlXa;W=u
z*Tl}5F_=pUlGCZ&IwpUt_2QR0B@qkpY37c$$bEEJF|=x6=Nh8@npj`dAjTaC>jWdW
zeuFe)_qD4lX5tew=#8j%1&y>T_|J0+vX=Q&SQgQ|*;F}ZQ7hsAJc7{_;?Y^{5%ldn
zaLyKSJor}M?0R`_&QMO=Dy@{=g7up?)o%^csnX#u#&s515bQiU57K|&oT^E@n<Du{
zd9yj+xOQ5=5Zr*vh0I7Fg(yT*R@g|7@`ken9@edu$|8d*YLFk+9XkoV?U@a71xRj?
zP;nfIQi`knya>HTti2_zy(<<SToa}u{@`HX+*A(bIKfZv+dgZB3y@rJqBXD6I%&4$
z{B15k0;?&ns)CCD{;R6-TNwSBHVV)8`Gv++25C2flw`NCs>U530X>_4yeGJBa_;up
zy213iwDj0vV6U?BIAGAW_h^j>0;~QPBs<ipZF2qvwxL<9k64ebI_HS_^Ve5{0pj5o
zKJ13Vovn6^^56uAH;)FzpG&{n&5Y;8aRfNg=f>s^<e1pYTFAQoJ-7eD;=`TEH~jSg
za({{HFSo>iST@OeVFioL&n4>aahMYfDWM;P(i~_3vk7duV*lv`?gzdH(f&gf?5L~5
z@8`#;g4)~VX&F!2W<yBsyF2;R#+IV28tz*w;>fS!lKk8C*1R-p#)axfQk=W-+GGCj
zr%M}Wkt?u14L6mreIPk<Jb6#$A3O7u@Elq0_3%Kr9RJ0A17xka_97U}DHNaq@u2AO
zf`kg88)3#BoK-wc$V;(5@8Fyv(d$V<wc-f>J1TwnlZl9FkK?MNcvly;-FsFOe757d
z7+vUcuctuQZP$M8XYG0a4j&F#KlC5YV7ctVjNSHy5KkzD5NTqx0YgHIUth3t%mvM1
z!5N_d&I+PJ*m|Y_fwvqB;1TTrJSyD(km)-MV>hS+@cvu>{Y=u$_7{lJx$#@Tg1ZYz
z!0mvr;K1eoT}+D#@!AR`kZg+528;#nZ=d{|@O%MqtH~V<E=hk|_QYib#0NSP`v&WH
z8Hsq76HElPH-$HN3FEQIZ1YgjUGWy8HHAkwo`aRvxW#<-jogQt*`~{AQNPb|ML&@3
zFQSG1R}p|OL01hCLFEt#k9e4!txL!d?Sz1BP`GnX-);AgHbgR#?pnZ)&j9%Ii@<hJ
z@dUK2?(Q;Y>S5p>VGByOqH=Hm&p!{~`PYcMir~2M5%E|xhZe>pCSZ8$wH%QyDB6lj
z(UF9$0fnOWs*K$NammFaAScWYh)Y%i^Gt7GMly7np_*lP-a?U<p0Ch>Nzd}`V-GGa
zum<d&@|I_YIv8<_zMD|$`&eW$@&v2K0aos5udoT=jQ;&`|M|eS04L&z069l==p*3p
zw*VH&k$?{Y7w~;Y0j^$u^bs(j?sVK=CZcK~QzJM5^@TRiQCZ-}{E?<Uf|FqU^21-d
zv#E>%ELdp6n*aHJ;S+i)1RAhLzHU#%Gk4#L!<v6xXD~tjYC&XVjI1giV)pg@97u`z
z26zGYB%vX$X#sBq;>cHgL2}c8wdkx-u=Q*F1aNVwjFTF6qy+@r*!UV2nK()yHvl2%
zGvpyWoQ_e3DD-yBo8)5oH8R}ZEbFI#o_H-!tdT`_p8#Pnf72hjaoN--khcks1|n|~
z{sLaykLf5mU7#I?&!;nc)l;8GeAZlgI;~xEJRWB=7Q|_<qSU-Go{)n+z$-pJMQ0zu
z*$~d}9ukKzShjn_nO71KPInV@WT<#a5$hE3O~`v1D8f9Xlti|o%1i}E{-uJ2CUIM0
zPe8bmB5O8paz0pYq;ih^e3g2)W$sYsWnEsm>s2^wyxB!hvO|tbU@<_eIZMN*Q2saQ
z{6=7B+;(HX>jx%HB4+KF)bROk)6>9$1Cyq8_$iF#me_2k`@JO6dSBg1hij$~SLoDW
zW?%7ch&b=#1qB=GHYhgVamFzv4tz5L{$AZC1<0DS8cj@Jq%SHKw#ks@PEQG=IbnpW
zPyGo;Wm65c0CQ9^VAwmdOefsvYeZ8IM}^?188=EDSg(ZYfmC#^mS+O~frwPxRhtsB
znN_mmPHGE&`E>wYv{`0YS0;-ptAb%d&BDruU<8w+Jy00zgDT=86L%B+Fff$-v#3wf
z#qR;9jEvX74^wWYPe<l(G7z2NlrfpIsiO|Didp0gAi|FUlcubG+itC&@ma~SyA^-Q
z$8(0!<f~HMeB@7`N;^*@j?1ZpMTM*`8dvB?Qaxv7ZYyNqC&?~Qr&)@cVh9I<OPlno
ze-zr^c?OXc49Ma}EAU1~XWm1iVt-MpYwmeoF5>Q8DoD(D;YL{dsg69WkEMy{=el7>
z-MGYn>K@s+lcQ<(1YV#|&N&~VlQlR7)0irf)l_)rw3;+KWThkh;n&PEK_{>C@j2k|
z5V6rMvHsx0k4K&EZ<5n$^T^8VopVKsopVzQQ`e<khGU&mhVshclP;w!rfyF^9E!=I
z$9NV&eR{v{8+9ZPCLx>AXzP;_`i(6^^YEdKA1K?)B|1Hf7wSy3ghieaO^nw*qORj-
z$ubJtKu}^Mnk=^#pTG`k>7ayu_aPNYqfHlj#`&Ry^<38j?B}QY%ZY&4#mYY>DsMoG
ztp^F>SOnO6@_!}zGClO^Zp$oy7m;iEj&a=tFB0}KeyP$j%xMoKFzG$45rL<W8n}fW
zrR4eu_C$j=|3Q-?k#iIuEA3BK#8<GFHBgsrHe%-CY`m1S;)tQnKD93PNQB%$L#Cvs
zrM2%}ke&L}q<cg`-D?e55LC46B(-|HN8{cvJCn$*{sU005~@4xTe9k#!!H%JZ-=(?
zgd^U6D+jW@>OU}5F8xb!+@7zaUeH(z?8Dg(wFzT?51CwCr+KTITzt|wXQ4W8lTrO4
zxN;RIcl<*fJrWkn^GuClzvbH8_XuSux}>A~vMk1ppiw?xOE~(8k3N=vii{}vU0k}k
zaBsc8Zo~9{C}*@Qh0nyDh6!4hV#m5C<|0^fOltviw&1z)((c=E#ZKMs-Gj24%1-%2
zX<7czcOq!{W74`MKzKXNr37ovOZe|lyWx)uOOHIJhMt6qGG;y+gTx9BG|<<yFhf73
zz#2UGd~F~z;%5@_TUc-8ucl=(ck4%3c^nzjtJM_=Z_?{^zTp3>K`nh6ZlnM{Ydyh$
zsgzjXZ1K0~#kH5`7o|9P&L;@0Ty+~Tc3y`D{kqTq_y(9jcwM6yJBJ2%La8_z9S<`0
zP;|=;vV<p+8=B(KBF3z?^x1HEe|psn_O#TNjVEY6u+2E+{-AB1A_F<A9;Z#%xK|+3
z$O60FL0IQ)6;60yVkm{-WV_lWPyrh}hC7)_{5?mi6(ZFYig6KMw*sR@lg_bLJudSz
z`2}H8i{jOofD)=knV0gAWuF(sYqh|(&6BwEoJwDmTO$@9x&_`zu$?*zU@CGU9TPaT
zRooGvd#wq-$H>`nKe<V-Nx?PMi#wC-F_}!KYPDhfAq^WM`)>IXlj9hvjGqtPrGO^P
znbkY1J9p(ppVRg#c%`e-&#m+mAp-V5DbRwVM7K?rcA7C6zF`bw7lfzJ>gL={n}%hc
zD)XCGdqCM<R2|gL+@`pT>13MD8_enkZ+414I!}`XQlUo6jpm|wtm)})<#`6rl+20d
z(fjGbIr14PN;)Uz-s7|pyK9DL%{t?h5>eM|+`Z{OVd9-OE>>c=h^ZYT;~TuF_^#aN
zIs~#<QAQUVdN)A=E?o;UgO{r}@XYK<_&KL25e{xFjuM7D@v6`}Mrbm>^N^4+%3(co
z*5gJ3S?G>IvuPXF-0n1N@p$Oxt!-udAp{hG>7o;FuW#PnxtqjO9ip6n8b^hxXxhFy
zQ8Et~#O}`wot}!!Iv7psRJ>H2piWfzorEkkvLK-xPbwBhrk#+T9Ty|NE8qBQ0dE#>
zKRW4~lv$AtqA?os&O-GN%oh3ASO(fhNbn|+<Xsj?;dNZiw2T=ITvtS+<#}vpILvG1
z3T}U^=g9~y(Yl@-kvk#5rS#dX(I4Vx8vR!698N&RRHl15uy*Jdu};2!J%SuT3_cB~
zPGUM|H~GVEG6vN$1bGl^!@Z~>G1zSV!~PrhYRL}qA=n5;ob*kGE56~DI{vd_nc(Li
z%3{MXjkV=y-j=KVP)`>KHO9|b4aO^l8uW@;e@)4^nj<8kn)TFQkl^($%9*ZaIFO~M
zMfaf%ZOO4%1;d14wA!Lq#p2ZIC#2q3SFl(R`iZ5H&B@kLeqv-mVth+G$;^T-QDTNi
zZ&B)|HZ&FUOK0k$urp4}^?)wWd^Xt`qFl(Nac6H;;SP*UscS=lzN$e#VC&!?h*_q&
zKviC+C~ToKkJ$HE#=j_AIe}}sE(UN_jv;P!UP7c^jyLuJMr&aMF8jH88Ls0mTHE>W
z7qo`+-#>yLiJs-DD|QIqppO=RdO)l6)nh}Nha!<B*Z)dl?+7R%;b{LU%&buD{c#u0
zy>~w{w0D2);mfb@k3VQL26KK*`^+b)+6L(#ic>5J`*(vS40rfSt2u#uFuJ6U$9UZ%
zBLbZ(XA!ashv4j0e|>5CDw4AFBl3T7?Yr>M?<ljj@q{tp{rmo*2zX_^#n1^s&)`@a
zqW0R030_c*Z+6<0mmVn_Y4u?P4zoWB5g$2)QTf06!?ZMzTMha^hukpR5BDhQ_x*bQ
zroHLE4tedA8D71flln?zzIgrtCR+}Xrv@R9GEGBwr~D<Zb?mMV%d)D{)nORZ^*x&y
zCKy4-)~E!+&Zz_<Z^!t>YTkzTncAaaYY-hp*1evl)%Vq!q-|zC+_!vUUdpF@1b99N
zlHzBrnceOdt(n{$n;iuFDDHL2RV*tlg%W8<BRp-~;42qs8q`aswX;S3-wi20=4sk`
zB|qkROr<m__Y?}sr=Dfect7S;hMrP<E!&w=2)mt9h|J|mg?ysV`_4t3MB@k1($;O%
z`9$M#DXoT`c5~rPLU=}<cFoen&pqU*y}CV#KQ!httSlzz6AY#up?-pGQe>{$EWQ?8
zP}LWwX!<exw9?(x0QLQr9t)7aHC8@rZnFX9DBqz3H!z-DHR38qnMb`HSA&)Hd5}5I
zrPa2|Ol*gw!C!@tL|=LW)Nmr^#J%z+Xh|E9*3617e@%NMRSlJWrdXDeu1VxbK)^BR
z{UuYe0q>3?s^b`1d?|>$1B3RnG!OjE@K@oSCZ=I^u;!n}8~qgo0vX#2jRIKdPg*dl
z$=$&&?hoLVg=Yhroeb_M^H34$aL3~x0hXWK-(6E;TVqOjNFU`%{!jZpVo(&yQn_7i
zj28S{zU*4p6(NVgVMnPODVE#^$3BLL+tTZCV0%W9sr2ntjX1UEO5GBP1{sHqi+Pwa
zir@UHfoDP)>s1YN85`qO?T-@Ob2&LG3;aQc<($ug8T9wf1;?j7mMl&Dqo%`Yq;G<&
z1$j0<bOVOs;b*IjrUzoz^39VXGveNquxS)?f>Z*e?|<$87-#h3@2x*5lQ%w5v^3}m
zG8;T1sS~f27NH_+le{BHvOC>7ORxC_$t4A6U)SVFvS(4NkYhH%W{oAh4z0HcVkC-K
zhK?47glA8xJNMm=ri_$nJEq^&{$2W&FZX_m%U%C;_8T1?)A*!S2OGjviOMk0s1EUs
zom*U}8v?Tr`7o81N6(OCWF13l!%4G@F0^dtj(s}sXPM7tr<&pQUOcU;0w9-q|9?yb
z%9U3I32QTGk5f&EVm0NWYjZx@w?BUh)()di;<B-P&=jMB4zQW=W8%VIu|dKfG>B4k
z1kH^ix&{Q8;^Xf!Ff9_?OZT3o-D*Mw7@Yka7(VL5B2!G`+0|#Y06^2St<b5EYu_mv
zXdFKfq&{GO`t`4hU1{r1iy|n!)3Su2h7c|0Zy*ImhBFe&zVa7eR`+6ELUnp@!DDMt
zR$p<{nj&@$RByt3TXh!jPv&r!@IRvPyX4bex>&l`&_c6+OSMlp0t_;Fr{=g_dy;_-
z7L|XtWDj6e&LP}ucqT!u&qIJJ-`1YWD+F#jE|c#sd>#5aE(x5P`%*vN+<)icWjezA
ze)~Oyw{__$<eheDAq2ZMmBY0vi^(2;%y7~2PQ@~~l^8p;wRipK@!CPOSAFpF;VJP=
zihIHS<oz?}jLf4&KS?jsUWG<@{NA7n2%p8CUrq!tJj(;O%3^%6d^y41neM2b4gMGB
znv3@YyXyoD|Hpo-0_?XsA-Ef*FE?`p4E~pSf|C@L&k4$ODVWgjIIm@2qI6-nDz_84
zxYO8tm@N#MFT3&BpA09jda`zY^3>}`qpucrmcxzfua%aEZ)onkQ>{I~y;D6_;(UW@
z62e-dF+02cp)y*tpL9b!N@Mnpe4qI2p{szQV_!9=B4+==?2plQzp&F}vG-iFELZ)i
zR*~}9yP6w$v}DZH)|#VpW#fswv&5=!zC;vzbY{%;^x~t}yQ=fxv2(sb)6o0}s&B1L
z#qv@<ufuE#dvh~e#QQt^za!sErZ?-FKRY;FFJf=xGkE9QN7sglI7AzTOEnK_ip~H(
zA_l+PmW>UdoV6ar=~S+I?W1Qv&F3J0n{jaqk{vWx-P%(l5W>R-QnsZ=QnM`9p8Lrn
zwh`gy$CUJ$D4!YXo@X&c2NUFOjyk3H?hKt|>{CSf%-VJ{M~t9E&mOY_+HsqfEB>4V
z^IPx0sY@uqbgU;+{q020K!rmRjgf$yo%~E%bf5QUYJqRo(VPSYpU&VMA8%``5(0Ps
z5N|a00Wc@`KQOoArbqFK;+T@+*gSe)WYA#XS9P5`-Le?+#GE&~@6;^{-)EMvQUt^l
zH)xqp{LN23_&I<R=?cH2W`K~&x}QN(diigjLuHBSDPH1_jGI!m1V<`-kZiU{I^kQx
zgr18oCpP2~ekS!e$53&io{Mdn<Wd$%<aM$GBKra>V*5ne`9Cmw`=;wcoVqu)<Til=
zPZU0e?fUnbn=F26hK=5>hr=R1+NXzOC<Us{Mm|c!lL?xmIvOWFUZ{L0_*<>6i#CTA
zI9Edn2Y+Pd6_7LrKPzFy;T0-XuEbc`Tg5nyVJEf&lbmsQb0wc-GpUz7-?!OX#S?et
zOR96BLjkugVu%sm`Lm9pYK&v3r3Xz48hfobI7-22nr4x|z#U~D51!qZb(Dh&I(}x6
zV`TepH=Z13YRrt)@gEW+`_|i>BT7Cdx9k-X!L4=A*jvQ^8@?<fohPj7!+KLZ?dVy6
z5l}`rPORA1Mmx9s?ry!itrSU(04Ujx@v7ok;~K5e-ThKm7*q~Jay=H>+hLDy5rYxP
zbcL!&eH1L&l~Vt5&(q!twS9m^S`thn{;;ZsSlyvG!~v7$437XaqC4>G>|Ubd@ocU-
z)}#tdg{j|hBCz*!d_1@5{~}gAg{P?&SxekquJLqkojZ!I3;c^2N&e0rG6nDnKtGaM
z4vV-mh~9pp!;C%#C@6axW&p3^*Te&nm++t9-<ffZx_7^q<k-jy5AgsZbGJ0<jWfLQ
z)?DHUEm<Zh{MS(U1{g{HwW>54%B+fPz&o*e65M*oKMG-Q9XJo~O$f3<B7Z#A1-s~g
z!2<K_@*g7G8tnR*YmR2RTp4nc4e#+)5IpQ0T7UF&G#G=iyGYz%<yK4GPEj%u(O*u9
z72D^=%kBnNlf^0$QFsoR@w<bWGuum023pL8jNNaPrT#)=WK*}p5=C9{v-j2zSYwBE
z`>gytwKm>dy1_UTZ1pVyP$DM=r@qIR`7tih$9fj7?i!ERb_)bk3xB7H6l%Xo{%d6J
z5k#oUuW@m^p~l5&j&<%oL`5$=swPW55t)H=`GYC9wH%@N@?Pzd<=$Qh-S99ys6KdX
zI+F?pV*UKCO?W$LvKcQ3JfShKG+grcB*I7OCJ^drx5mhxOq{%)!%lm0W--`YIgqIU
z{c_vi<%e1Wyr8<73MOyO{&y|kR<Sp3v~sBF4Agv=-s)~TVqgMm`LEe9`vWk!h)bS1
znu~X1I}mj|#g@A7k7&^|&R64|L%Y%G^}BaIH%?O@LuZ~(8*|wYg(nSurTaK4g?<4B
zv;T_M9R56X<fphzf6qm5D<JP>5Wbbo;CBJ5#b)ewFZ_YTkcl)QY{ZoI$7P8_x1U&F
z^0BRA$Hh5MN0UdFS^};}!1N{ih?G;{*Y0Dlo;;8vE-E*<soz;Ua)O(+v?A&IL&?rr
zU%}oh!ol7P{0lcz|FNFzX;14*<3Yh?t#<+*qw~#H`7ncVG2)~}f_oLBJdf4UPH^pj
z975rPp@L<TK9*hdz@X2WI<{eg^l!mDk~d!09>E`aaJ|=OET)m+ThZC`6A7;17h<$I
zkqB2_9z~h`vK>_oF88eyliyB9LntLH_X^@!tt7kTjbs>3TtABSWrWxNNL=TGVJ<<n
z;8&G$!a-R%Zc46#MmU1gz7a+1?$6(y(U6zdN(qqtK3j!hK$VAXfIC{5PE)YuE`GNT
zW<2^M@yrr=zMm#mJ$UhcHK48;K_K#9t5xyQmb|ti87QIHBHLh%EBo~-EUsOGuw>r^
zbBE3MfsFVNzeMxQrV@3QCf^?H{VRy;>(bEaSy`R&DxG!S2POP&qEp7sr;nY?9Sgrj
zd*~4`awP!<?0`QcB<xnb;bK7suKLyJaeIS_Qh?TMw!jbiiS`+Mu*=PopHfzeqR9`+
zv+SqAQ$9+L!O}Ds;jC%m)VD_&Z#k?fo^#@*v|?8o@}q=GUdQ>J`+OG2t#rb59yBpw
z!CUZW-&AKu_<W8ijpoo%iMPwkd5|B%#SFXsu}*Z4Vs4Q+Y0c;N>Z6F|#=TCyBx&rL
z#|yq|%dFdGZR@u?ayZfB0Gf(pYaMF5<CmY@)30H7WBQX)wWzlr@ju0VM8RA?9NxW6
zM>x0{<dtic5|=usprd&kLi$7ynG$g?rqk~-#+|<{(#JVEb5+t1@9Yy^eDPxx7}xA%
zQ-{9!6)I(K=}-z4p}Xf~=1)M!rtq(r=z2d01CRXRPc-&^<%`+hO-ZS3?zKn3e6J9S
z<{q!Ifh2iTY$0^kz7~@GitzG1`~f`5n7TSM58?iBv(T6wV_AJVzm%nh!I+MCI!BKU
zloiVxR?OX)0qd&+FIxvQC(RPqWp>i;N=Est3kr|bLtLP?2=Ei-@IqgcgF=q}rTU}5
zfirfA!tI<a%7h>ro}(pAdy)%TCJ4@vzkyjGkr`OEc#&TPGQ8bw!@{qVwe$Ryb9uLz
z%K{GSj*IpM1JQbIF_C~TG0Gwy);RrB8<s6|koT7jUQ|1#VERCX`oCE1noQu|!aJ4N
zlgiKk3bOetaeMuM^iRg_O%w0~c_BoizMqr0NJvUR1p-0u<!4I|J|OaNUcDW&O_w$D
z!X!XjjC+hWxDwEf{RzxlR<TI}+v}70v2Xv~Ot*yQk-6s)($(aIbT%KctG)W^I(VK7
zjK`5V_^cov@(VrP{Yt>Jg%)TEy5%%Zvj3Fgp5wdCA1-bOq_w_vgf(kK1Gl?nTo56_
z=TRbpff~&6w*@-}b(L~&-bzZ<G3klNT<(yQ6^7%Pm1qi(s)y94`ElW#wmiUP?+k4R
zzV~oy`y#nGS>DQ~AMF_heEpDD;RWWZlI+Q9hs?eHyDmigc`1p_+!Ye^1|M!x0bB`K
z+(WbgH>$kwDWkU~dDf5lp8=1!M(SXaeA9%V;7W+^X|}V?716;cg#t|jjDAU${K|CA
z_3+0Cc@X-B`w+z;0opq!u8oNw<i<qbAFar{=24z-iTchbx1b{>0B*9u$Fx#luzM}%
zI5_{e94LRZbHZgJnwMzaosXFv0#Ovjs^~})l`Lj*rB4ui0hN?`O{Ga$jZJm9!sRgL
zHKCTEWMnaXoD^v;I5;=i`q8KlWM(mhry8sAtOTgF)59K=w$$wA&GowzIKWtUgMH8V
z^(t>uXYVSQ+0vjf7TG~f1)jqu{A^>3>Hh4K*)>+Il&X;CDaZj|PTl%waz=nSd8X5>
zJ(`czG&jqFo5j_%iW@8e^JEh=sSeN2+x;;mBRND_M4n`NX1I@uoBNIQ&Q`UARfi}~
zo&LD%nq5y=4I@dJvT(0y;xM<f$%;9GVw7+P?HOX>LQ^%HrL>7Vy7^0}z8*T&k=#gO
z9$vpHR?M+#Fg^lP(EhSvL+GMLzI6}Cedt$2l}#3VN9$(O9lo{($xv8pMtL2+a5xjJ
zv=8`U2wrIomc0{2Co%OklrRdDC<3)N)bUn<DZ}~eSD78vz$Pyc#5o1v7gUq@@RPGa
ziq1=3gDRf0k_qyor|DC@C5TdV0Rdk|GUNK_PjXG9$@b>XQp+-5%7<?g>nlcMl4%Iv
zk4)=E8Ng-C%;G}G%&|5*WPoj6`i*S=1r7Gdn<Z}VIt<eaiAJxZN7rHdW>z-PyyByY
z_n>K|IOY46@8d=;Uwg+o{F6T#r{iTU=gsj)dCiVbA1Y`5NVZI_b9s&RlI@?*;<}H=
zABT+|txlic+&R`Gpi_~6>I{dih4%Ay+}r#CniMs2u|7T^h`Ai;;+@N}L6H?@W0vE{
zYA7%1M=J6uj4V018|*fZM)TtrM&k-is6hbi^XK?`<ZY12>-!hW#AK7}YVL;0oYP)C
zy4avSk=d<*Uzggy!$a}vUJjOP!(_C8)C*X8=2)C>{zCo4hV3z$^p20o_cdP=hk;j9
z$`1woo^6bxK$*+WE^X~O!Oo@D?Rh6fXqHIdE#61pL-b>Mg0ao7`TK6$3VnpQ(<zim
z>zcu1!V=<7#B_#youU`U=R$965o00j5$lLS1e03n0q|24Zu5A(S@ZXT=g)C82hnk~
zm^tXP)V#3hgKS$vSgz~kZ(^-^OHP>VW9wc;7e-ZVQS9GCqXn=A^)JgkpaT$xvi99~
zxVyV79I3yVe`khOCiLbozI0cdvoHX;uo3O^$X3Yosq>VgHzA-OJx~stMD4Q-{_~w)
z8cy?7y!h~S{jM-bF$m`#M*c~y`3q{?*~E91+&LOG%l!xKv^=Xw|7v(y`R7V@HL@;T
zjefyVbguMy^WL@ztDM@fUi4?2lr%?z9654>&?D|io^o%z?5PI$w`&}!UXk_Nods*m
zx;UONnF>$3P0AxS5>)q0`QkUVxSCuN)CabBRQHmYxohj7{<Q*w3ttZ7hCgPn*Xim?
z&5M`S#>QZ&z;d(=3uk4R0Z~K0(nW&M@l?##S@IAQdZS7xCV76^)Ph+fz@Z)9>&l|{
za`<PjY+@d}9bkDY|ML~l?>nUc?LS`u1N0k%O)3hb+0;qu5h<=9l2Y$gpR$KLVsC#|
zqPtng$I~i9-;zC!_j!sV>-XnVnpM9a-WBsb10Cc%87-;g7T}Kw`#9Tm8}dS`tJ~jK
z^oxnC9rQ*gg=YQg8Z_Exe2t90Xf9u3Jh%t@>KaXP4!&2kn;^Npl6tv<ubY=;2U}0w
zW&X-;wXXu1JhX(ENTeGK-wPjtEAPb+*z_yxn+ag*i>DeaqH5`%SJdG8?ZWNGNh<It
zClOQkET_Lfeg@1;#l7rL=6irNd%(#*`5*v+T3goWWElC?aA7_M`F!zV4C6GPU)SGI
zAL43t30L2_Yt<nBO9Mx)D@QS(gdzXz7<$se-<^}H^@!9VYg#vWB)QBHiP+BE%`JJO
z)TD+_@l22*=Z;EIsbG>Clq`f|64_oGf2~A%RXwg`)~ghdIw6S%PPr!40>fPv8+5Ow
zo8l;LOL;pSFlLYX4(_v7vohS_R+n!2kwalrkNJrr3uQZ3?6Y>1A*dy)_7S_eh6%|C
zlLh<R?;IhKNl8xjpokTy*}nnRx0@v!7z<oZk0gcaWlQ8E*lNBI{3aPmmt6+eAt9m=
z9p<to?4sP(98kC?5Z6l(K2S$g0bJ7^nE&PdBe_;VdEi?#)h)oOPH*+t*#$g~K%;Dj
z9`AtHtc@q)1k6?_F`Ie@{L59Z0BThHMj-D$wMV$HbyFl@Z)c_*ErNUBjIQQW?wI}!
zdbSlt=4fiaYLG)rgve}d(fb1A#>30X3<H__+PxLbN-K%Vy(5zK6F->i*XN%W$1J^P
z95Id<1CS<#z?`H<2Qw4u?mMut*oh35{BvDL<?DRChd$DM9*-D>e|badzteU?3T|#P
zwFl*F@)5T~HkurlUZKvnBh1Py%`!tUO=+o!F)PSyLh9cX*%sh@aD72QG3?%SGbvo`
z#n=xCL2R+hZT9-MvdKZn{{u-=_H%RqcB`y0L}v)gIpO^<*rg~9xMK}b@+ZVt5{zyd
zAUPzU&_M>SEdCFLk$3trHn@i=*jd#MP*%0>UJ&yzbEk~&#JVd^{hL}|+}0@{AJOE5
zl@SX_5K$+Ux2;Wd6#shagGMpVwIXc+38dEAeYzOTZm_3xV{L-pAJ{)DMzQK_PJjNy
zZIRf6%uBx<5ZDt(PM>X>mCHxS0&YNV>k%*K!q`pjtn2)%^CipC*%!s8fk)O(KJ73-
zYOl<at~VlzmDy0YD0-RB6o~et*R7*xevz2ewBZT&$B?mXM|WXqhVgV!82^oaB^PC_
zP<^UOmuaw}*3^j?&Xvw;vod8FVi&gT49%JRbV<3>1@pF(CAMOzzMY;O8(=}MW^g*|
zb#}Yxb}G^=wQRS@_S-|CPd14tDo65umAA~H2}x8=Ng=b-lj*HS^2I0~)Xa07QJk88
zSX#1zyd{Yxy+KiViYX~XUo*0uF5`sNKmM1iwXfmquQ*>+j)F%QU(6v!2@K6!tc=1e
zt6hVHe^U<U+IoAQ;F~9#|HB7AUaAA3|HqISr+hUhkB;E;Y^<C=@aO$c5#r<i2h(bd
z{|@jbx?7=zl>sH4^9RaFXuYUM!pJk@_QY1mWpiq$$1Z&V>Zy0`)tUDXp`C-rO<hQ|
zBO}-4qfhF**kCMO?#t_pEjRun%?PJ%!YxXUJIs8Jo!r=-seK%na|bK~9d}UnVd%1<
z$~knrgF*#gI4iVcJJCHELx)^FWi?j+)|+s09~2U(b?$sIuELM8jNy2@>DdVr*uxfe
zJ&Iqpg6bpR`WotCCqeo!xI?iTT(5lOtm71tD!h&vnzq4zxEVOS)~naaf2f}P5!>+*
z2>R1<Bet^|`t9+AGh9lRGCN2ruJ;kK;Fq`55A;G|CjN~@L<K9FzhHKIfF=j^@r1g#
z&-M?(H92MWFAs7y)qb<BikfE-C=`~K**R@=jh{`JX_KrjigcYpm?cJ>C5E!{Kr6JO
zIfhyze{0~nFIV$cJD&)-Xv&5(-+f=;Er0*hQLe65*=U`-kb7#$^G4*n1-Dj&AI~+h
zl=5AG_Iaoa4egKyJn^Hi0(4SW8Z-VK@jdub)E>NCK^+PS`{jedXNY~UTai-M#TG5z
z@MHCy1+n1vNG@`rWx&|&+;8sByeSJ`c70klv`NQUkmLh;NRM>ktlv8t&g<3>t2A5V
z15r&>2J_C?U9-XlsPYHo6lk5S;eGj!s9AP5f^pN1^&w@|ATmU3zIt(N^ra~K{B%y)
zo%DFIc`+`bFqR|^S+x}0U^&@f?Tj(;46Rq5<>~L{a=sS1puC3ATQ*vS;_YHe%$SOV
zMrx(=3E(ZQ+U#@;83P#SG6ei5!GB1$tnOGM`#Si`xOXxm_+v;BoJU+w>QV~(5pXuq
z{iS;8niy1Osd%GVOw$pa507?aOB!?C5Gt+W8!GXni`5Pw>K(L;CLI?YYk7x{khE%A
zVVlGS#;d7`oq<}^7K^oBL>5HnuR-m?5=dd|h*Vw(-<OZ38?UYGT6YvsiU<knEPI~G
zmhr<AE}9iy)0?+G4kAuC3~Q@1H<H>gHN}N_>s^`W!pUWybj;1ACRVH>Dmd05OK@gW
z3I<eM3B>AS^0g#pD*8xAm0rv_L*VZ9jw4K0bHQD{pY9Yy@a?)lPv+Le;jEVC)r9>0
z;^>_g=c!*J_Hib@_A=h2rGem?Zt}x9Bi2wWX2)*7&A7z;^^Y6DA!3o%-r=|g;U#za
zub8*xR<$xJo5LBJxk0O1q1}O|Euy{9oEx*Ynik}A_!Ys-9lsu95T}s1TQ9C`kr*v(
z{FZGkOtn^pt!75@ar}-QH^v)gS)<s-j<dQIkx^id?flh1V~Cm_`+E4_mPtNiMMn(;
zi94rUn6p)s=SlY=YUXY1q|2BE=cJf<Xp#`%b28um#G|)RbQCPFe~-egoCAAZERno4
z;vBD|rNi;NTwLJtBjlZTDQV0a3-vJ(vBkq&^MRmZmpEAaEhO&QV8Y$2#bH(KqC2yj
zX{SfN+c28v%sc8JUayi_%>k~m0ID|+BCF4{m{6=3bf%J$N++ktR+gP=onfg7i|lRm
zeRD>ws;1nIh+MxN5#?A~9gT_t-jcWR>c0>3%H?B+Rdey3_#T||6)BgGo0wds$Zh}@
zu$<XQ-4e0C*ei)QQX@Q>S(6*qFXsO-E9}h6xPaJPU&Q%R)hWNQpk|?(+o-l>1`@O>
z-$X@Kb9of`bowDTt$tMSMt+P!bV?-^YR(hdk!^l{4%V!w17@RI`R2hfAqw&5l>ozC
zco!uaTDMJ3i{dUUNP|~_y!&iTb=hri;&DyYC1yEks-}eSzI<^pkA^^-BBa|D|2!a?
zGhH+ItKrT^vm=+QD3M{}AoRNICE-=ZAawgz+knUj)ov>5rJSm4Uowdnk0-royHwx&
z?l;w4tNUVvxj%SNm@p6V_&X5x1MRa756;u~mnc)w#U-<|pEB=Xr(+LIDZcn>3XSue
zt3fD~KBnX{>zg?(9P=}zPM|0@L<i^<G#|}0N|<cfqd44z0QVFwN@pXz0~Mp+H9U9^
znxtT&37FH2m_V12hEo~m*0WFL(1cC(hcs4>Wi4i1AEVgWT{cMOwp`?3mJpSzPZ-Rs
z*7UBnPW_Jm)%dvHxR`^fw)dgMD4)=vb)+zRlhO8^^I@Yf`}k_$joPSgEil1ii&LE<
zY_UNGt3tj%v3q0gq|U$tpBc_Dp4E3HTflBOVK-GuGDQzhI%aF?9d37X<S-)wmH(=D
zAEqu5he=jqbJ)Q9<BC_sn7OZhl|VSI{(MWcfh>&9fBa2noJzWT-;%A4@+-sa#6z6K
z*h%CqMY>6{;3aip9ZEJf52saN_Yp}s?eK?Cr@ON#QHp$DL&)GLh|LSdhxDn7PksHJ
zZ-q^xq%S2{ujKb&0}T>G5ydc0m3``seCF6PViP{EsFP=XOS_itrVk@J$9)?%<tz7X
z+p?ekfX^sotm#yG;k}4%^6OX^n$zkV#`CR%rPE)$0`YQZyNB;PsQ60Ec;+)TyMg9=
z`gCtT_li^5Rry(=-X?0=NOl{)ov(ITeD||@2oD5)KlsP?cLv>Fp8Y*2tz?0J%BCeo
zNb@(?+9W;bsKy3A+KOF+(SVu4o|~@E3wh|wEqq?E_9wUnv-ox{()0beR$g1*c;YYl
zYe1%IkFTY0jATHcw){5Az+p^1rPki(nn8A}_V&Z=c^+>fnwhdqab1BD`+CB+8j*w-
z`7Lu_E2kHsJMuCs1BrU;=QPhT3+WrVphi)NyITl?nW?eJv_eJA4BmJx%^=3lp7P35
z5QR<m>4@Rf_8T5m?JG(A5t*Js+Ft5=AoVRYr>6W?(VwG>>ipvn0=(PnFj9~d@J|}3
z=mEdKxC#fVo_qox*~gxqAFRcB1i)Z?;tHRs7-Hj|1H9-R3#{#k;5)yPcatzsUDX)7
zNN6SQ_M_v@m0sUueDXbn*-6bpHBhPMuF6qq){12;PMH7x!g(eWIrri4JwM}NU_Ro&
z<d8m>W`ql65fvaE!Btd<iAh8@k6Ac-n4VtRj0vZ#)B;=?faDNS^k#E@jZIr=!T~v7
zWU}HbRl3We2+*qNPig!Qf)8I<e{K**RsQbpfFguZ)i2BMHH26wAW$exLUfP=T>=94
zTj?%@&ykXITig}26Zq!%NiwP1gEu;{e6P*c98UZysd)Fx<yn*@hfnS+A^9IT7Sd!g
z@$O_~GG+T*V@TTx;E>$@NTg^l2-p?b51V%KMXV+X#P$|};z-^fHjmB%p$}ZtC>s?}
zP9k2I0Uv>KMHjITv6y_E;tMBKF3Gr^4lfWAG=b5fT=)=%!hC)bC27VV0ZU_~6NUmr
zXdzNWq9iBK$hPl+8(h+gV==#dO2)b>B>f%01#P7$*}_q}6reg6d%PgCd_$Iv0^&4=
zqz}f9UnLRm9yiHDqEfLSD!8WJX+|G`T7P5l^pd9bLyc&pRcRDbiVDC2I*&#n+cpL6
z<z@`I{uvk_PB9^=(YfPsuXTE>0!wSaeG=A{2sM-P&wf~Ld}Gm5UKR*W0T2M!hcvjf
zsGR&5@Sb!kY`{T0V^Qm9Y;Z21PdC9zZ19Z|H}S&3FqA7XF=z0ja0EvZReWW<e%KZa
zW6?6dAi>BW4RH|>`Qj>IbnXBFD;DTv+Y1)1;)UwrD2@UE_pT@aJ@b;X5Va1(2FLmq
zCFwauE8ZOm@K2wFv0Ll;QtEnewFoWyK2><xgY)j$tjt$68O+0-9lc7c*ts886P|^X
zLp~}X5n%md7>c7w5(i-rf>6<MAL^lh8CJwRz~9MG?D$rxsDL)$oXPj7pn@O)Ap`~n
zQ|l;fa4KLZdH^GT1H3N>2qy#xKj3N2m+Eag5<x4FMFdzU2~ci<QGn1Q?g<RtGk%p^
zy!#wD|Ct4#U9gyqltUpZ00HRSPe5E^k-WlF{{X7OTYoB26@~@EJp?;GgF?LfpKiE^
zqbRl`XRw%+9YR?b1l|AJ1<=gYAEtU48G$nGtpxBP0vp@{ASxTLL@^KbaA?7C13rWf
zR>MHKJzz=SxShBHg=ri52#VyERqhgXu@gUI)9e%&<U<g4yf(3T_W(c`S2#+|d-60@
z0;pKSl7Py{0T=)Rpt)aINZpdL!Bc_m0s6P~!%%2ggmczW7v+OC3uG5i$PB*$XR;VW
zwgYUij>iUfkYxsa>6P1sT1Ui)P(3S0|0>e^pz&=@FMSk^?AIf0IYE%rE>sp0M#MZV
z3q%#b=Q7Xekl#U-)xi%*tPA2%0TzHr<$!z5+x+qTnntDH9lW&s_0taTHH3W-Za|Vp
zwpT(>`qDS=&*`TClh)5F+>t}Vu^eessg>6Nar7ZT<@qM4^P)b;v+5%shG9A8-2SMM
zXb(8y5^2*&A8i-zmFaB-hJ4=-yNnIUE)h^lV3Uvq0tui77wGdE*h~a;7Y!Iv_W$T^
zI2VXYD$SE^KGC!+9UEL{%hZ=JNPib<JQ!Y#7LeshZaou{$l=i)2}Q-5r=-`YDgg_`
zBG8{Tm3VhOAT?>AKj3cG8Q9>}S4ZGR@gCp~uUV0%Qks<d-5C0euqQOiagv&BMO>I5
zOaMd>0LBCQeG6PV2q-=)p!omzrBG`DBmDZqt28LxpvD3wFWCcp&A(?9$|%YMoQj(X
z)}<eT`y+DtUA*|8n#6Kp1`Rf&Ga26ML}C3SSNEu$*cO>-dr>D(pi|Zkc*f)b@x3%l
zu}d#MaeAu}xAY?{k9i8G5$kt@npac;nPu7oG`5f!KH@Wq-<gd1*y+&!^>YW@s=Obe
zWzthv@&n8IXAs9n@HL^1a?D4<a=PCeGE{zijs8kH{5>Y0iuy{rSF#ca><M`#9W0cn
z2>BipL0MfZZg!Me6>OYZ8M7w2MVrCBxME;ZwPq!~Zgg_KbX+1>JTjZ6{Ew`s@wm<(
zSuHaQ-Zcr~NP6J3I=1LTn%D1}4e(~kYL?14-tdW-<%;TB!BuE`Zjox#<rN|yh1h!C
zu7QF9K~y7(klZ4=0aK`0hEgjr@BtXCRNzfX7+Bj&7$Z>l0AN@E7!=h4<`$`<u9cO+
z4<BV-%WalC01CzSrVlBsU?sN$bkSj?33B=GCtOBULD43P?!m};Jc?I70KqiE5U#lT
zp(NeQeoV+GtGSoG5Y5CjFN5kv<rie4IxzXv)K@@FVNPSlC8M-_YJDcI^?^YKlzbT5
z>`vgF-*f{yzRmN(5#i=@(Hp(MogSj*`21-79keD?jMqe;Qd=>=s$QctSU1YbDI3*?
zIi{(uHK-ouG+>M~Mmx5Q!~$`;SXnX9s#c@bT!(q4-ebNoN_(b$u5vdIY^iHCQ-(Xu
z8von3$jZW~Q=y|}w()YV!rnk`>z{GKU4z|TH@eLs5#@r3ptfk7N4rd~s%4h9N<4@d
z8BAMFuR1rSh}EQ7S~n^J%vHeW*45OtO0^l|?~<<0QYF25PepZe24a9wR~%6@ZL5uX
zFBq?m($1;B)!(&}j|-FoFeetJf=Q;Xj#H~GezHR^UQxkn9F4kHI>4E%)&#;Z)-`IP
z(Q1^ve@)u&9AHjX3jv`R<JV#r*Nrl}0Z-o68x0SUWQ&w;Cg!c0dV00Czqk!?<TGvg
zxCU82w=s)>S@QEKG|Og<W>MWJZ6g5KA7zq^hI=mT;aavDT4rsuC?+GuZKJen3-~OP
zTA$Ul%t~9C#cTi4Ka^C|2~D8xRSdi*sXdh3-Le~KM#*WJ*;-Q!sz=t+lt;-i0!aMN
z8j#bS!%S3FPcO7b-II%yqAizIo?}uBNBxIg&IX0h+VsG6R=8AyPLV}4<@9o?0PcIZ
zXQ_{jKaq!~%T9EP8boO2>?ar$1Ck3)&o-rs2MHKM&fCdrnYpxHnmN<N*L;hIC%|L_
zZjxthkVkWaG1r=;wpirS?=fkt2S_hLA}VLVGD%ImfWdgZ4m-MT)N;O}f+g5IGMuVh
zmOrz<#foLkG<oIl)4(yrL#Ol@tNE|^4yoe7aHn<S>=D|talY!=RfXQerDG|2_q2+-
zzAOOd96H2flu%>Pmblq^|6p+qj5EYggPjg0RIsMpwaeGTv!x8vC>Ot=7a(Znw+HA0
zvpp8grC8sUat)4t-RM=Fa1`G7RozsW>KM7)#P})c-*Q<!l0mxhebOU|^i>M+uNzSb
zYUW8XT$Wc_6=Ygw1X^T+9FgIq<+AAB0QSC^mu?Lw{iPfcja(rqA4kgUhb`5C1$1q?
z`0gT@GcuUCoF0<LcwCDfQp=1ajd&2woFuMXJ-t;vYAM~*Fc+AK#Eh2cU*0QbAGuIW
z62-Q1)n48SjsMgh|E-ta5|WMzNH+))Pmx`qY4pg8IXNiml`akmcS@r<IB=FMHV=1N
z%#WX<jef;sv1f^HM{i(N`@m#~OXt-OVN3wI0Fxhp!T;&~o0s~@(%EM5Qs3R#Utpf4
z7_685%{bI38;!QtBBqn0wtAyy3>nm`Gs=+OT0FlMY$N-|ph3ynC=nGf?MsAidp1cc
zZ;`ayfWTaWUQ(1L=CoRbUcwMdE#Cbgft++GVG-cQVU?<!*hJG|4w}dZJFlbuD#Hn7
znW`L+qvka+s}%{+AVc$2126^WO4vvjK<K|HzUo!46y0S+N+W1#H<Z$~CAB*L#0LLP
z$4jO>A$_fG-DLULn&e)citWwtzOOf$>l1^0L~q^ASOlyVqXHU*W^m$9U*S3kBS%YR
zKvCjhC^dfEcW`-yN?w`DXetN8oTT@KfR_4twk0uLX3Qoffw>t?7X<~D40^yR62<GK
zerO}oZUj^%AYd$!VznmgUL}DFceP|GHZWDBpsonTPN8i{t0*H2kDDYTBIJ}^>7-`L
zAiowZkkYg!7h0-7{F*hd4REDH7>=t8Pz|BSjI*bpIZOsC9oHcjYfeDFg)*j3OUT!e
zityslrMt(JnyDlgqhfK_{_p5qKet^x`i8W!EOm!Jl%mG?ce(+eO639#Ylett`=T@<
ziKrv`|Na?}3}QqYck0j_rY8G!KzQ5_0UW}UR?%Onu^eqnE^a@knx~;RuGR?`h{YC&
zEN<7a8chvz8p)@*Y_c4s<HHnQwL>Yy$Rs{j|KXYmm_j-8z!JbK0XjA4Rspcf8E8A)
z&1Uk!F4f_$?0|{eL)${MOl;&zI#P^bvvPj-TR(SyOvoPq3#FnGQwoSTtY2CH0aQ)}
zK?ca`DXw0OLPct~>wpHZ!kyx2x(^iNKv~M#8qS!(-<y>^0P5-fgbfOkDfdZR>ESd{
zSGFb3@(M^hYxTA&0fxP}F=WMGt1zWvUVrJjP?|(D|0EEHv2HzeY+Le8i!jKB4iWRf
zsacuuD2&Bo2JSmu_7zT1W+hmTx4ebuDFlmtjiq;6a?|%LU|@qHKV^#DlTn)?G(UVS
zb;nfaZrQ6CT376gG6^Wfzxpn%*sZv!+qO;GH=gm!L|HKW_b=<;p^*hUEoU`bnJRm>
zeFwE<W|O+jXd!wZ4gb;&G{)<8c9~q{JyMsmTkGPH&sJRO((OFxhXlT?^d>)BB9x!*
z`Nh~Z(T+H9u@VHMa|3Rzbn~I&InxEEOM32_xl!#+=Gcscu|#7GSs7aFu*B<Sc3y#0
zjMN5BmU<oJjHK|QZLdp<KF+#rP9^tZg!`nl^zoxglZSF*bp|x<VgKxrRANU^5|oM%
z!mWsS_cj`2vRMKDlQ?QF4#LsU*U)GR%d^{^c%)4)a|*b8i<$zi9^XKwAURyY^Rj*$
zrjW6qfv@fO#eH8Dr;hK($&r&Lkn$j#QDxfuZXQ`X{H6_-X%Me=B?mAIzG1|ELjC1}
z*n%6XT&?rLYZIwD;FV~^n^bGD1v@vCKF58mh{CB5d@>FDz{-mrU=lS6Wj%eF_NQSp
z-F1n4t7+Zk4@RR-Uc`>v5Y6>qZxPLqKiGvCN>Ek`gq<pyEwVFW2J)HFBw7!c8A9(@
z>bl?@g}w4-!)~b^sJtSMM5c)!g5&%sKXjrgLipz*0$?-e`!RLFh&$OI5SyT9{YF{Z
z8XxA+b&??iJJUKetAnz2?p8?bLxvhi2Ycy|D#Oah+sob{jUa^c-yqZL%--3l2gaUc
z1{LCn;|Nz3?#HD|-yna3r{}#vUe8#*Lw>?14|+i3vOdWTNzcE7C>qAjX7^h)g(f^N
z;pfZA@A_umKjZgf1=>RDE@%8R$Et#rx#Wz_(``-Ox4+>`@2~Hy6ZDX{e|c5L&$3f#
zCL42Gl0dCvbX=0P(cpFhB-azHrdM=<pT&K?NODaJP3BLO42(2r%Slq8==S_ILZ#a_
z$){}r35bgms3Sw!nWIu`eqo(K(@mnd4iR57bcWrELCD+AWd8r?ddKKWp05owm}ufm
z%$eABGI8d_wr$(V#LmRFZQHhO+d4_^`TgI!*8OzX>eZ*Jdv~Ai>Rr34_O9otQ%D_p
z4}aS+Bbl2@(yS%3f6OG+ps%Xjz1zr0kY^e+YcF$4p6}@XjT`Gvj-xo}M>xk32lOM5
zBm9<O>=c@HlpS))`257keK3oZKMa?z9yKJLGBREG<3x+E;7ds9K~jOJyI7kKaU<X9
z!PsmcCXv0%>TGjd%aw2=!!U!A(s5oLrBip$rI3_Cn1HWhVb}QTjpzcJtg9$t*SMt9
zHR0V8hq+C#G=E&qIGY45VTnb=-=po%YZNFhU!`cV&#W{>ADg44Lx#rwd_D%=ju3QP
zq=20)O>yQxH~#`XO?QiEz{1vUT-A@bcaIxAY1|V`F<DBTuT*Y4A-6Bm_pMQc^u$Or
zv8z7v^z?gdj=UOq+^LyXu#SF|SjrfAc5XA}E?R62N_Dpgk$4|(Y|c{#nZlHuT~e-?
znF8(@^8;+ZNZ*62j5)!$U3exr8anK`i2qd1ttqPrDLyfp$&4tmK18KzSuaSEi&*fl
zTY#9_(=(;AKF*JGgxH;nRsd-UPFmuh8U(Uk(pbh{wy0s}_+H?|`XLShw1!KBWOE4V
zIRx@Yj`d#xXjdq3YoSfar<Kf50sMRiyxuDAFiA{Ny1&p&?h%Q5HSO&Dp<@F<53ttj
zotP!xCr_+jXX_Oem>rle(znnpK|1lqBeE9`-wmi|^ZSaldVA(60*Ut-<Xj@2%}QnO
zhBE6yyfB1JettrVuZWXQywdR(>yzm-#O`D{gUSQw8W!j+-j6=&3O9`kr;(sfoLY8X
zS6V<XTXX2o|8np>_YYOpxE-zqXt<n3zn+A4ifk_amu@1pu4#fkq?ti^FKSS7Ms`_?
z^pBoYkn-mf!q_R2v_9g-XW-BX+W>fMxi=*7@+`DSl^bHHR=>r3+FC<C`(=?e2g;1j
zcT2W_@L%G8beFbPDc6ZsoYL4gjpgzjn0%B;iq!ul>uH!=^?{S1)mK|wrWy-sKzyLj
zTYQVGoJi-OyrXtJ0^RW*)##X*LhXskb?YYwmWZHD%<BPkhUCO5`%i~ljEgWbos<Ra
zS90=_;^@~QX#HFDfB*EH2VA%XO{#_-asHZa&y*eYF^)_Q?tV&|dZg@3@gLpcGG-ZT
zr1os|;VV58rJtJlZ?MtQ23p_$V7$wm{v6g9gz)!hNh9B3MQ6o4jb|a9bn7>+myF`j
zV)q<#>p#@qua5?$bzeY-?}K7EN|H6d9HY#-!f%7ekIJ!aTdepV-Gqhs>1FwzgV$o*
zv`i0Rkr@o+rH=@Yo_`ak#<wP$$h+Y0raIP{PK^@!l0@H_M1@W5+xDXp`U)KPsMh>E
zjvf*`1G(o(n+*u3Dt4TVd0r!XZk7$-eoCRh6?NbpsLl*Y-Lkvms=*z;yXdlzO%{=R
z|CGEtV^h8HINvS^9?5mJ9;=DwNOidpB;JiOL`8LmH+iwuda7$>-u#OI<X1xW@_QD@
zj&c>u9%_%1-S-|XzMVRlceA}S@8DUjGCTT!qlwv#0C6({iHG+8IpTyZFZNy&_OwQ{
zq`Z>Fnwwd@BI~*!lsD?q>&CsXc0t3wtk6~^r+aznl{z_xN<eq<75v6Q`_eu|@&G%}
z5`fo{r`xfl?AGcEyff!msp~JcPcPA-*Tp#L)}ONV-2_HW-@VzUT&P;V8Z8sKuLGmH
z$7L;&IeAVSc7xjrPFwtvsfu{@^23*BVH%emWMbJ78&!#RxTG(gmG_JdAhqO4T?g&h
zA9EP+<j*SjSayP7)b4eO8C1GeS)Phcx_6aMl7C?;@&AjyLric;s}`8@+TvW)l_i?R
zB&`CiYoZ@^T|Uz*gej(-&II^91_vY-O>&FnO6Bf@%xHWGPGE&Y*2>Md#b{!734~cG
zt91F>EeM$G>c#9?Tkuxa3<v*`m_)p)R`a6w{hn0gt?|x`=Bt?bY1chUOwHAIzw#Gl
z9bKXPIYOkqwX+(m`FF)q(0%ehGu46RV}@U`zG|8gk{z-04kWdy^A7jFu<eEr`z*N)
zwPYL33z**gCrB<%L}wD;qCW0{h1!@q{A!ylfK$KPfj3J#VJ;pjRK}rGzuZGaY-?)W
zt7bgLwS+Fj3owzMmYzPL6B)e|HE@z^vh46Q$d9hzufea&ar=+%uy_4>v;$G6mRSJX
z?yuW2v@6kvigb}WIG(L)e0kmqpr!JkC<B^yX%fcRqgPtFZxwWAarHf}sG>dAmHgng
zr9m#JHLpwtmL~L<(UcHZW|`4E5j=S*1>;<K*vq>|i61#;^^TAXl$L@_RjLZu|MDgS
z{%JN4$Tx6dKq!`k6YE`>7Dai=QmsVz`R_SFX33Kx-@HXAbp=MC<LSjxl>sj^1LGMK
z-^nua=3f=1hz?<q8S_mF^GX??z&sPFTg<2<fA?%Pheeq4K*B$-dzBh&47{CkGR2DU
zZv17DxP>T4kn&5A0#}eA7mxs8{VX(sDEPKgb?UP|uH}~iW^2adOh`43O4j2xDi<D)
zfE5~b{qD_9m^g}BxQh)wCsO<Z<_u#@SUZABCg80-VjF8G0w?FH3pG^^f-Ta{g3&V3
z)$*I^uzL#>sVBez5)!DW{y3lex;Np$bB|bhg(fpw(c!|<3CAeyc{T{(jrEam=6x%n
z5n_+Zfg)U9;>uG>7T7!so#Tv9MR~cx{$7a|qk_^xk1bK95FEtSbgE7u53#YZ(jv47
zdPYuNG(ZB_^7dR;b}oPhT*mw^?i`0ezU}R)H{#_znqK(YuK+ZCF4;cLfefJk6G2>E
zjGPJ{kem=?6jukvStUMZFRXwWCq5>`{C}rLNsWJ{7SNK$|DOal!^U?%_R>bdTtl$^
zL3waH)gOSO3#tV&H0mHDp+Xc2C9!lJu*hW0Afvgwe^MIgabgi|W`{<LqdfEk8VOF=
zq47wT66gpibNWA1ov=CEoUp~n382BOiz0Q{F4{d1#Toxep&<;2L*VW~+6!kyl0jaE
z1;6+y1Zh6;e+gU1w}CA)m^XE29NsL}{33(~dt_1RSx$&8I>&_<IXT9cCRT$6+b0_W
z%b7&Wn60R-nK>&`G~09fnrmU<v=6vpxyAG^JL5Tfi?#AgibtHO;}RGjg*JOVfo#aI
z@}p*$eQ{TBwfB%UOIHr7F578Fz7XRSAxw+sKMId?U=|hUS|!z$VINJ7m%ckRitlh}
ztXL)mvx_(t#p%YB<BNa$CA{-hk^x2phVLmj8lRqw;vnzZFSygMkMZjkJU!-<Gs3>)
z6?zCB`LL6tuu`ImT*E)1wK;qm^SGi;UtMcuLtu}W@8M&#jXZ}rc(hSe^l0rp=qWCC
zL>-er)evFI*U@i*`}Wspg$h|cwLP<?He5+KRXz2nk;>r-b9tPUiE`X%g#>fzqukN3
z7AON(BEbx<EKZ(7J^D?FEY+`!^oLxc5ky&>l)!HzRJnFIs0HEw_YA(afbu5-)WTIP
z6uMIQ-DHU{?MID1a_Q~%^l)2c2aC`J5&Odze7>?W#>exGud*`nh-xCz*+w-NW%dWd
zA!n`@F-G1-ZubJgP78^zeF%5JHsdc^iz@txiOzo1D}_i3VVQca;}imJMgw9dU?_VL
zX_lh=_XxjoT)dk%5~H@{8kzKTzuRjn`9w<|RN_T`i6v|}&jvIP?8}4_++;F8r@s<l
zR&yDgewqt<cHryiqy0d&@~9XM6LZ(Vh+Riv!*+X0*W^EwchUFyEV$M~u+1mnSKiqZ
zHnb4=B)kIatlodp<Nxw3EL?&=Sy=V7@}{nmZp^PRJ8(~%`#^v|fU2xbG_-M=GZd<Z
zK%}Np5dHAv9|Wy(gB}d<-*h7V&SB@0YfhB*ESn0DZZff5JPf;e#F;Q!^rfb1?X1+(
zgi_{!vcIO#N{D`r;Sbsw8YpReO_lgfCR};nPAsfio=h@q`oJq@wf^~8jzYoNiLewv
z#>91_?j(WY*_A8dewi8wIp$%{4J??RSg-c|_iFc-=90oYNkp?JiFSJc4Ma2!a}}Q*
z6O8dHSk9-Gr#(^~AFWQ^9!%?7xQ$%Q?Bm)wEnqEqK3P{TW&!=qSd6(yy_|cr9XMX2
zF^%1iT5Y{4CQ#0_F{4K{4Dlw7*nL@Tg%{A0enE}1?!kfGap8~sfp096k0{P-2nRW%
z4+kkXXVycw`Dzex!#cfp$d%WEx~~>nv{Ga)IYDt{wF`^Im|wZ}_w<`7T#dBh`9HS}
zG(ii`fk=&;ztmT}dPg|Y4L{3zb3l~sZYMZzOG$ooo@m)hc%j!2OK03N^K>nuP{nDH
za59IXdpIud<AS$kR!k+qjVa&zhm>jPwLERjtT@!fr~&A%bXzn(E-XIvQZpHaFs5Ro
zHHlei|DD6{+}xYY1iLQc%wBhm?{Qva)6{+|Pcy)BCPmaUhKE2^GT?a*np~f^$bZ@_
zUiGozuinMm$|KgvBzyL&r-e-->4Hz0cQ`^i6lKgk%-~Fb{O1EA2iCO=(~jMh4V~E4
z-Yz-|q2P6q4kD3&N9&SwRq7Z=Dt?WShWirG@@2HCyGhfH*n+k-Ye4Kr&eOXO@SE>v
zi^6QyermX^GvyZ5hv_V-1!s_rtLEa7+6%oNYLQz(z&K#o1=m?z@x$86kvG$Vyw$$9
zg1LOwq)YmjQRmloWFLd+9M+!$O4@6HJCxfcY6kg8SW{onU&7l(JO;s}IR&P(Qm$2q
zVt`i)*VncCG^cKI?Z7Vc4$S3UVVWrwtz5HrO==%(Y&FMY+iPzmua~)dK{m$^yYk$>
zAZgvM8iRjQk9lxTuL9&aLPr#7C>j>R3JCW?J{+&gOm?S|b!eR7qwcn4Lj^%yxC_qZ
zm*-T?>}~{y__tU057U2|huzN?$2M?27YPIKXTw-0fD<NeqNXKyj6gSZcM2flLD&wU
z7ajRIc5gS(pf84?35`2tZ<kMjR}SvQenACdJ3qw7%DDYzCT4}Md*0UFbOq5Cla@<x
z0-dV(4Rs(fj*KFdhfGoir5aJqfqvZjNMm(w&AJKZ(Xouko>XtC-pl7(yf*M}p$rO#
zubw$wDCZi{n7iN=55;0{D|k<8L=sHP(3ImAiEQ^rC*gn!ug!Tt+{#N!Vbo9JGJ%(O
z$-OxgswOfmoVo^kNwjI+zeKu4M75HgpN5js%d0MI3xB%o5udS|f)EeCG2Q==oI-$q
z|1lOed4ZuhMPsFkH#Yj*oSWfQjCaKl*J3^1Iw^!0<ZuTjoSU(NRLy7pYM&U?2af^2
zx1gAmp-8K@Wj>qd18F^&WFK@He~rp87xUAF*E&9k_DQFt_UDlmmm}?*10@CWHWneI
zl`Y{I+}_zdW^Zo*O;C8IDU3eBuEF)@Yh+M&d=L@>8{`0v<`fPlQ2k5B%a@SaIYyKm
zA#u$0I2ya>sAGNz*<hMXQu-&-ngdeZ&FgdM@F@W0*qZA&)#T^GEcfBow)YaTY-`<5
zCE5mP4r_k@Q0({I<8QUj3+zAY;Z6E&Lo?~0TuW*FTtbOHH94%=HjVU2`mGZNin28v
z*lW|xgt-Je494Aqf}WN<bKM24q3p(0mN4h*1G{Kqd~qy@`<7_GCYpTon#Y5U>q*0p
ztyn5Zmv~J_;SA#GOn<beurIW_-vr8GLCw}<oYzJm3L!$+4<<PVZCaN5f>8II38;W_
z2SfH-nlOHOem-&j&p=Uvk3cuWOSDSs+^w{F4BlZUUHwzqFw3S4OWGn&N{T+r#^1K1
zt3y>bu-+^_?KW=VaU#<y6~k9Pu(CICoQC6E{X$bA$s}<tX5+0R=zhC{KNP<OJJ5^o
zoxvw{!7c8zV$pF;*S32-5<;&9((Qk1U*~w(GF5w7y=gX~9+@!|y5zizBRhsw6bSZ&
zQ{)bIaCkH{TQjbG5ynCNS$&8x9z!4DRi6BPErX6E^t#Ic=kGPMH!0rVpSJ7Yw@f@F
zJ4NO6eDwS3)csT(jryLp)DLtzl?Gx?-52K`?F7!#tJTXyyrOECX}Rp7?>EkqCgJ%@
zG2T$u#@W_mc*CVjWWJ%bJtIn5=8kH<w31P171&CxHU-cQ=(zbO53qFC92|sq$jSIH
znY&riC)zjKYK8}CRP{fROqEA>S-X47jb~;y9R%)KuRa+DDoRGaT~_Zh<f2s?spb*n
zeAoPHDeprwZ!dbUoc4KttGdi1J8n>tqDve-6h14_80E;5?sF7z08JEQrQF4i9U{vh
zn^T6v3Tq(Ug^p#9ax<sTxv5}))o8GM%C^;wX)>D6-|RZGTu!=I(|km=Ea$dfqek&e
zq^XCei1~&0bz)uKm1d1gi^4PVt6;yRtnRg&S$XwnUgZ?bcs06mhv4XC4>tL|GjI^d
zLc}1wmPC3LYdVpgTz6quj2xlt<Nb}gBLBSnvqMRtx!M`G`S2i(4A9~#o!#J6fx#`%
z4EZ>j#htK!MWCGT=;}l&=X@}#PVL*=K;(I0@C(plvZJ>gX|<CkkD$e3@E5OLRknd3
zyXnIW`nTOA7>vyT5|?O+1W!2H=i$|r;`$-<Lpm1a3bEsyoyczZMu?3$K+4aOFc+*G
zc$U%QsM03PYJQCFr}<8K9k{VpX+i(lbDD=qnCyNC6K#gJO>3TOefa0PxncL6&QZoL
zaJV0bJFlk`-79VbXYxzHQ8>wMA4Y@K;FR}9^3ZDMGw$^Vr-7bIpS!5T@xj$u(a|*0
z#!U;Rp_<0$m#F*qmao1HaC~{2<o0YG2Z?DM7>Z4rB+ZRKh8xYUY`8UU5)tvhhh3Yk
zOb?BS=?R36Xi6&<-;*7yK&?Yy0Qcp|CuBW?#V+<4tE(Zc5p-isuL&<S$5m1D+%zQ(
z2M(9PP8#~=S5(2Pui=;{03oHAR2$#7L-3Zc<!liZQmgnZ6r8Yb1=YAp%UL9~T&dA;
z)3O>bx!~XS5m*N6{J}psRLy(xpk=)^MF4_bW+@4@os2_>SQGqY%hZA|1`~aZ#{*6k
zmh%AEaxk~SPx|O>%1xub#@x?iV{SRn73vxcPy0`W556R_ABBo%UZk0g3#D(TB833y
zRY{cH)BWjvhD6}Pf%Qr3zCZu8**(q;E|jXa;d~a!l<fHGRk(`@s@s)(+%acCwb(KE
zDT=|T7CkrgBMcWejzKV#PD3!13@*5v;$Av#lqbWPqN_I%l!$SCE6G%PE%=?*S9vy?
z)$Eb$PBa9S8|ehq+$&krcRLYdp+5D?9HJYqSeY0xH|^M|{h^}_7c~acj0qa>CiCL$
zHMJB&06Ms3LlC&#2eJ|m*gD235TnV<PNb0Zu_}K}o_i;ZsH_jH7~_<em&mmtW71)F
zR>Bgs2R__sE8b3;rwpb;kc(qt-cxPH$)fn#@3+PUShSf{&wK+I1aKRp6z`_Zhi3j!
zkR@Y)nui5@;u%fWlC`8}+B|}G2R>#tmIn@iehP%v4Cl&YrrGs(X+UwiwGX$q%wXq5
z#+o6&G$_p&Ak$a|mqC)xj;;B_Qw*#1_3e@U{)AY_T*{KG7-tgo*j+3~uNCu$ZoW$j
z((J&%vYD!tdj`t{@;QeY4r(IJ@(-w$k#yG*1Oa(%`GR|lqIM+eLrHCb(o5MAD#l5A
zcO|I6?E~$<Fd4?-M7n;uhy-n0T)-~7lrrfO^W+)8e@8sL@OBEn;VY^}#2uEU<|d8_
z2qzJN@QRi2j2)zg+jM=B+<Px{hg#bsTZbTQImP+@NDZ2*bqZ`wIdl73qc3_z3_X|H
zFDLS<=oA64844Nuo}(>}KlBP>a6Y%>9YTF3OEw_JGYY@|lahL9QD5s_V1lY3(dxOT
zoO``aaUG`9*=xtWbjVS+zGtx<$iv(5%-)f=ZYSF5R+I@i{)#Sjd4{@|oy0poTJc_q
zwp&guVjF2E`O%EN?JiIv2ifH)b$benbrbI5_QNfDCFf>iamD3F5Oee9I3iFs{1V6y
zicHVwtY3O*iMIOsW=JVzQKSx{$AND%&a-j%HEyCJSsRxBf&65*mIa5=osq$hQIF0M
z+HJ|nB-Z9s;(cy$6B7Ive0$TR)}39GH08a7XDYo(IKCNJj`qb;`%!N%T!!V^{@SGA
zmedplnSTua*z(5<iwIvS$t_ta&GaDpQ_>0jLGprL1mFfdqX)G3xnGh}+J!yj7p4do
z;9M@4O4$K1qYzsXuYAoLzs(;VOAzed85Tz0bfol1b*oq%`%WsME~O(w&XU@bP*LKp
zYKKPKX}eUha*kPRJ)MDn=KnX+32TRu=U2zYVjDxfLUiF}RqLwNL?GCOFfo|&hjwih
z-;f-OJ551Rg72RB!-Xu^$Pi>O<@0p*Oq%A}opt<7#od=Ffl~EsD_rKM6d0aE4eS=C
zf>dx-6twsA&=*u>pv7(rwCPDlw!FqXdpJ+?2Y)G;gL493I%?>!4ts#x#Psg#%YB5C
zPO1_9(x!rH1518y;I{e&iK<0u2uI0URr-A>)x8IG)7pWCzd#)#I5Oq;W|RX>_VUw-
zd(n)mh-=ga&$LB*zd8srDe}x^b<&WDZueW1tm3P-H6E8aue@w0=&foL(;uaZSC#gc
zx=*2t^kz4+t#F%uCnDT?(JY1Z=GVD}@WKc8ItkR_uUey8RABJkXK*T_Ka?dT{8*lC
z{FP#Q=GFVk6je#`b*9sMUw*=~yom$sS)+9wW)^z@OEg9J;+%EZVx0rk{X}ja=aZS$
z?}^L-)XjXRUc#^9HD0GLS<EjcGdMI*2k&djiuj!a2G5mBVdD%j3L1EwuSB>`{q1pS
zP(;6UR%MHA;<1-#d^%O~(8J`+RfHpl5Mj{p7z2M6v89}j>96I;9R#P?FB%x#aGkYD
zb4%)-^6FW&roal38^qrd-)_EFB7i+oWv>ICx>Jk^dgw^sU1`P#M5GEr{p{0L75tII
z0tutg+_WceFnT-_qzmv+FcUsvE#Z#9ysXpwXX{>&1bYa>n!~I;)3)0eCMgaX#$I`x
zdls_l918i+(g7Pn2CAB3V9R_$Z5(jJRNN#xms+;w?W}h3edrKbvnmj#YH~t=7B&2n
zCa@i*aB<F|C1{YB@TkEU?55rV$L_1%%DAQ*J<c*f+}fJayaMqGrbB)%_*(~TQUg>!
znq!7bApA=C!wq3hRT%WtN9fgf17-2w<}gIYd+g2Eey90f3-LWy^!1PH8t3t@r-R!Q
zwt<YQ=s|ydo%EgK)q-nSWIOfcvLWdkHrew?=GbNId#f`(0Uim}qgKE1+WV)EBzI5w
z$@QutVW(8+IaGRA^~dMP33)b@cqwU+MPRfU+Ex`GA8`EdSsiK7G{wkpy4hQZ?9SD-
zDKJ=$*N-j{rLP-%6SSi3tf}ewY+)W9I+MFul4~?$uV5xt8w}gRBY2j$`pQkOoO-YP
zU+1|%p5)mj=$`w1BkqKoHsZ~g#=l*UFrS$UcpG0lF7q-oqgK5|AzQ4A&^@YqB+{#x
z2;!hJv$Ljwq=g`F$o$GUjCOI{zxJ?AmkbL2)|+m%=Etx~F4-R6Pw@86Xd9fhSX8TS
z$ng%g<0065H*RjFoIa$Yen1Ga83AK{m*7p7@z^)Q7HFP3znW0DmIX)5t>n{<F{3JP
zApP27PI)?p<1dtmYA%$p76%O16Qj@TCn5*Q=vJ5Rz{i&ym|QGZ%cnK$-$%HuF-ur3
zv<US&W_)_;a@%v+o!E0b^JiUFswS{z(3;HHGciqi>;uzdT0forCpdmg<mC@9Y>=||
z_$n8`fVo-)XSYo5emYE{<vV5!s@es@s8yFfymHz4rapz^+{6;agIw%pifuBQ1;?~-
ztE=CdN!b|nlk2Rd_>y4E_@zo)3&khtT;AqU>376p`81jEM|te-|Fz^99R*-C;lX|b
zcM8f+Tfk>?3POgUKT-IR#cMuELOO}`hr16d!z06HD`u9;<b=9Nia0Z`t=3#9zUPOO
z?+NVnm>n9%P5>sx&(Uo*x@%mXqhr|SzwQzzf3u6T@`jV`R1MeJ@;E$Cu~*xT)Ss^-
z)i7Ug=bi;49<-I_Tmj?l{SW481l>mVJXxeooKWj3Vm!kIPBp>?FvY-Y?0l#Bs9Qx^
z{5lfe9+oxS>};63=JE^le<XwlroIsQXlNV_ojr(6F0O$zI-F`DSRG)b^yP!^0m<qw
zv3?BVtVW>Ec)r$0^g>Pt1Q(}LgI=(n0B%Hr?$*KnezVW~sc9Nwgn#>!ANNOx4Cw<M
zq+Qlj8`u=J0?v&t`f0DP{<8=4c=*F~ycxx~ctgC;mu!y1LeZa(C%hd?+gWQ5+n{PB
z=YfDG9tS_wQFqV983{hKS&1sr1&O5nhB(cECSx-)B6QSsobn|mA=OlFw|N$9mq~;r
zIkfD2N$}~~2;TC6@oAka<E?~f%4X){UIA^2+e8W{4#s_#D%zhWIesze^$niyBbL<@
zh-88)8L^jz>(4v<Y~rM_3pDvo``Ll_`D^{ewNhS3Owr5@u%@~*n-fNRMKXc1lIJad
zSQ*C0kXZhr-P}6<1h)^z!FXC8nG2jLXcz7YGSH!z!i)Y<Y@;3gF04aEImSY(<I>Zt
zZ$XDizuN(T9K{s-Nyz}gSJem`sug!pURB`OUw7w9DQv?^gCjpg?HMXoG~8FJnVegl
zGPj8>l^mqloRHB{_0FW%pqskX&4xDuKI`CiEt6RviqpkP+u5RDir9=XZg)Sid!!z`
z9*%3n#n!}&(2PT@-%?qoe~{WQMzznaJ40QAkdMI@xi-vZu!YY;)5KJ7fX6~(G0`An
zAu^t#-r8W0;dwWKx=$zJ7O)X+gB@@Zl_;4c*pLS;KcC)^7iae&9W~7ys$vyjCW@G+
z&KAlWnIg|-z{|4Jo^BX__BkFG#$xgP5e#q93}?fRRv09etL|;mh>)8oxzsAXzEw3M
ztMiQZ8@+z|j3(!oN4jtl&-kQqWJt(zB50grJ9~FQcR%H@b@#_df(rkfT57j>d$aMf
z{<4f|J;~#bV`Hj5mUH3YsiwKJvTCMFJUU|@IVgK{HZB%rc???5&oi7w*&C<yWu4}I
z(d67%F-Woc)beb#kN||%@GVu*$UvG@LXP~A0LtcCVB}BDbN)W!O~ow!T0R?Byg+aB
zfdQnOoZA{E+Z7C+0?HUjl*@4t{dRj&Kq6fltt?ZPSATmr`Tx73*}_@XHKd93Qm=fq
zfpb&0a;e_lqvR_)%MSl7J1VajVr;mTCHp_L4_9Y*h}2x6^Cu~RCJ6J>>HL}h<k%TW
z+Nll79sif}0_8q*k7b#^JAING3W5^EpI;t%ZE2sT`6s1*cT8B<oyT$E&qUr7rEXuV
zt$};Leew3Zr=+R3irYcQzt%emZa;lp$S|(A-((bSKRc~JI}z8ssf%jPBxBb#x###N
zDk4qiQ4^wRbr68&-B<GH_OzflJt{=(6i{z@Ql~*^KY%Jqs0G@s$ESw0TL;}{M0=DS
zhLCJdE1UtirF^!$_&HWY+lxgK&3I0dUIkt7iby0vT^Ea3+sS%tsTEXX0+B&eju`<s
zmx<AMiESlLF;<~|1O@s{?cKXLL#H^=OKk}%D~=27^^7DC({Peg3D^@i6?{?0(%Ax2
zy+nh-FXB)76JEcEa9-XoqXX}cM%~8MHO6aI>NWFApzg#N%Lig4gGS;4PZ(|Hyl1w`
zO(x!*<F_Krn}~uYlZdy~B|bQH!|{{4S~3#i=PTwevFu&U-I!HM@ac+mO?8g2i_$T2
z<6F3JxWLL{G899l9*j4SbR$rEcfdW9GZ^=A)nqg@kvP+{(M6>{e*P(pCaMPhtRww;
zyb@njs;tw;u>V$d^|&JI(U8$g^Y5*pQ!@B|vDp`uhSMc7L!HHxU44qwIco+161_ba
zKD@u0ABU=f88CHfOUQsvRg983+dQCYB1MuV9LTE8p3kcmeWN+0l^zqEr$Q7FTl8YT
zU%OJ}sZA}Wnm|<_+MoF9X71FG@%O?65J0fIhre6B-)=KHlFH_25`QSALGg)MDC7l5
zEoj>zy3M$YIq~m%O&=4PXS2>YI`RMBs?%9QUnS7wV)0^KA<xNvKfXUaNn!9d6TK<}
zA8%z+&8_&(W(c#x8NJxXNe-`rvy4C{W@V{zcWGZ0@=-RZ<8+p!pM^xbgJw$;WWBZE
zl-*`*X7wSFQ>U$bw#wTugE&7hRM{k0z-wsvusDv1ny}U_@I&Ibo?+HfM4D}0L|8f=
z6d5V`uuNL(cHyd9mr%xAyK&~ud2n8$1-NO!U&CU_NzKb!F3AAg%#QfyE=#}6)Y?0p
z`y($`)9}~_hMNn6akdHMC6+J^HwvmW`NFu`XssEOZivO@l^2(#8SE5A_Rk+W(d!=y
z1O<~K-t~Rljw?qpqEi@Q{=IUNK8)yJfCpZ+0{2JMPX=Ng-!}E0#kk5F@tusGeyxyx
z$<S#N?s3Tya)E}{X(WfNE|(_w9FpHyB~M5sU-EeHQihw{ZoVQ$9M@xTnbuDRo?hAO
z2lvG-N|*XJ2AB1Gesqi{0!WHm65e7BP7m|DCR>y`Ki_^e&VhAQi9waPGD}RxLscjj
z2-V$bqq|H$BdO(SCAwFYc4#lF*)JL}I_`}Jbcl(wZ%N@!;`mb5*#IiWh?a@Mm6nys
z^c~8Y4`MW#$jJ2XhWE07txphPx{9;b>f<FD6bw0v(bmdjrG2PSI>G~{RjoaaZ6;Hp
zIa4!l$mJd0a&O2~VY9BvK5LfS5#Exc-|J~s$&IqqAG5Ynx&yUj%Qw_}W;2FNb@QY)
zM~M|R1mVwK!$(+RBW8QQGr1OIP|*$7jj0PopK2Af4OHL1#X1x<;NvY|#2T_=tzvv|
zt41fV6dta$3j8fLj(*iLLeT7<nj|@tGUsAOR@Bo^-S?n(;76|@{hyebcZxsE7`|j{
z%4H%78#CY|*Wt~#YU1|aSgLm7(m&s`n9YOW`{y!XkWRiB79&8*gpPjakFSxdm?n*M
z7#4HK(tjp`+lu-|3AeBnc{qFy?)85Cp-7L)YgzK9=%25|;j}D{Xq#=lTUYc*dSi<p
zN5@J~gSxpyq_JD&r{=En$~L-0x*KQP8Upc!t~;lKTc%iF0_Gm74e2>w%BTrv1BS5$
zk|JD6*+L9rjL6t1^`qhaZVK;uxDqgNoBstBxH(jgWLbO@hIRUb;ZM4R>Z)<5Pe^E!
z)lCF4!LG9iP5diaNc0Wv!Ng2lK2H(p#No*D3|g3Fkm!m_U~(+pkmusiY$u1jS)?_b
zuPl!5G=w=<9}mrLvw0I32qNLLn@7?yc@p44L&j~5<Bjr)OCT~Oh86dI;@|(CQXNLZ
z>tmVwHJLAL)1X@rIp<U(*fr<ZU3fE>j%H)7v((d`;Fv5L_r!1G^b#FMw)KEr3ofIe
zA0P7l?$=3RPADIMlT)Nk&?Pkwbfcg=5-lJ5yf3m<=ddmW(`3>&-8k*26MmF-lvz~5
zZs=K5`flJ1D0MgU_2(i_`0KFd9Pz^i5ihscle9w*F6EDjU3I3m!U?P`+uKCmq1Rr8
z3!i<GHpNM|h)Y-wNjUIKKzA(#HRqM>uMZXvCt5fOujEhkz>uees*!XPjf@>=zZ6c>
zOed4hdzoNCrhR5lpbKBO1Sa9+SJwqOAHXeO7JU9FEMmLyIFz_sf7+LSIxWi*SoIs=
z#*r`U)ifs`s=|^|e~54rZhtQYcSD}&%<{(S`y=zqDx7b^mWzzLnt=Q;`IM_~U-bku
z>0|$7UNV}mbG8;DDa?|KTgfk{o&+fK8_)tI|NYfE`O^Wo#0zlKaT+m`-0(xB>j1k!
zs=X8eM0Q2(*X^&JYVL4RBia3>*49%!=jzjpK$@I?;w4xJi!Lz@8{e1z<MTTURG?H@
z46u3qiVSGW1`n}%bZOI*CnLX`0{VXpu%i+n-{9J7^C$r=F0t)HSfLIR#Y>d%tXuJZ
zjT7u}+D}TjNykdi3_;102?zqBz#CUq8ZV#)d_RW!jA3R)$>`-}dgRBr=y%cW!K+Y~
zCGt4eovTT|kL_yo**|Z6o|=arT;7Up!32KH2n*;WzHp1){js~I8*4QldWWva-`R2w
z6Y|q#6!wde<g64cv;;*JwfxSNmYM>6f717u9NzALH(5l_aD~yJ>v!~Zlzhk&?*=D1
zCPNXpiu9s6cBuE+%I)0PGV)sj+(Jv-qr}op25#%)^;Ka32_EVL_P)fdpg?Bx2E9EQ
zJY5z?e<+6piS>E9Q}1B<t|Rc1JuFkrQ3Os^8A)NMTKtF{6;;LS{`e2<Ee+adxLCJA
z)zPO-2o&yfGoeXGO>BzchsHp<HQY06(_8Zk+(6uWlKY$QD(9JQnIQ}cf&7`*dL-b8
zU=ci5w9hsU5@KgUUz^;`4-C)(*Fl*>XP$f(u?v{EN$GTFi8LBTV`08mYrvFMt-NUi
zUc#1-=_XLD-;%?tnJ+)P)q!J)o4U=KY1*$*R+%}%*6^#3dexz2T|m5M=10@;htF~~
zjVi1Yh1oB#q()=J`|5{}HW>~c)EeBWF}YWy@Ty1=(vZhs#1Ds${{I~A{x)bN(Yn<5
z8_kp6d8Na7#6j{O-EqSN6QGUnpyl<0bNNr9qIxm+v(#nKZb8YZ>Y2Eq|2{Xt>q^E<
zqn6vkjFi<g;0S@cYvML~EOqeerfc`xRP_kIG=*+a6tQ*>&4BUJ9>fwd(GGA7WGQPA
zs@ce(Svru~?`b5`Bl$Y^pF`DO@9}?Q?f~;+VM0OOoq7qL3a6RMwAnL}gc%V)uif@x
zs#lz&uJloB^;YZ%mU1O^#iS^6rjiuTY&B2`ttg?b!?BSePCO{=hh^O9vlHCO_3HRa
z_sggofi}?jn-?%htvjfnx*M<hH;P#u5El*O2#%k@0)JV=Qn9o*Yn6N2Die#2Zpj!g
zT`Bg%1n+%vdCoRV=mId9FT(6eqVwjVD@Bx-&GEk16{U?W%D+Cm7kKDHYYX^<XA+<g
zZohH=%C~UE(kthqoCrC!VAj|Qve`MczKd*fP0cRjcFTYN^07)k{hEo+aU<Q$5z{4z
z%oGx#+y*C)StOx3wnl?R1>T*pZhv^9WdVIAMs0q1{I5;IR^cKNnCaQ}Wq6u#IThnl
z)QE-~eA275IyCJj!pR@5c03s23TP%#H)((koq6Q=6wzElPH(1Kx8aYD%jqBlpu4d}
zQ{HIc%L|b0jjr^|J#pWe5V$YQ3iKg5FYvkVFr84TKdn2dJzD2$AVZmqT!5|I7)|s_
z8xL@VUvOj>5XsJoDWXtUc``dVl$H&7j`{MNTr!Q@P&e9`@^ZO$Y+<?o977F&VL45j
z(xn!3C%n<%bIIfM*xETMHCmbH6)H+SqbM`I?}$FhW^efO(UifFAJyvlx`Hv9*P8^$
zg#S?+G0NRqcs84tLY(w*W495{UXy`}yoh7%c@?%jmC3Yn*I|qr;2?X%SxURAuD0Xz
zuH+x}^R5^keITbN!U^0mbi85^YQyKu?>?_%F2U_rzvUx`cL&n@AC$t&$Kmi1X!RS_
z6Y1Wrm%VwoE%ZAM46|G_^izl?lw|dY_dNZTNVUQ{i4QuK>P24~&}HdD=7>Qnd~8M=
zff;PqF;VV{Bm6?0#siddQ1}$|^_a=q3V5r<ZiPPCdyQ|lLCgBSij>wRD2kWSs3iA)
z15z)J^(XUakM(~r7B0p_4UUNFXwdZUT?uhjN|eX!F%&hrj&hl<bSxoFq31W0or)iE
zfpb7!PRT@=3NSmi9G*>-nw8&k+eZ;iL3c=7HQU>-??$#u4kS*5dT=V9EUJ+l>k;1{
zTCby3qp1o->}0Z?dw;`h3~XYaZqQPnP+}B_iU%Jvu&zr<(qk$61sQwju}I}|+8{ba
ztl^uUAfPkb5m5J_^zaz^rXAXESSyb<!k@5MIGPnl?l}>GZEJWzSoIsD{(oCTv7)lh
zDeIc!)?8L%=%#^8Q%+1#FyB&(-gQ8DXKf1NZ0X1_O=^rPGf{P*2JR4XW|wT1(5dwx
zHVwAP?vcSk)9euXA<pNoFE+yIsp0zj+Y2vV9^aFC$3!!>0ZZbdn6Lw@-$@z6arbHt
zgpyOp+73kv%yn!s4s&I0fkwxHR4P_nv4;LCT_|Ed`fKe`IgFyMU$5bAQ${x4fX1-Z
zw!d+TG&9KxW`GrO`Rb7~x-n!kmc+i9W7*X#;ZES^VIbA`X#9ms%-RD|4eaq7jsJ)y
z&TG!u<Ta$JR3J0r`9Z3Ys(LisL3O}T3Ji*qFM#J10rl*zjD^QU&HUU8scwaWm(RK}
zbV5F)a~rg%iq;Tc_a_x1>k?U3pWjU6F%j(`iW=T(U4G61Gnd9{DyS)swP(P#I|9ma
zHa5_^!NgmHII|$W{EK=-c!Ho;w{c;R2AzgoznAQ_d=Wi=Ay<FpFXtH^LpP{Wy$>cH
z=OHtm>Y8{EhY_YP7d%eVOb<S01`_;~F^p>K&OPJ%LR`w&@sVRaAy~}0zpi12_UcFk
zN4=bo9oXOmty)P!<LzfO4LNj9b^B~NOOgHkw+`|lo38b!S0m=5Q~s|TTA3>~;tZTn
z5c8CjtCrIeVZ@Z->}zhsRKnRDB4n+mF~XtXS(dZOaQ&f3v^;LmN!>Hw569amlzHZ1
z{4j`mQ_X$~x-onj$Q7w>G^--iS-taA#?1<E&7%#R(AGFs@OVYKF$EfxXnHC*#hbFj
zX<bz-b*Bec9qF1((NE08?iqvs>K-bn?!j}upMkHd>y&n99yY#ds_KMz^F++0jWI1Y
zjT22Lk+hG3sCr}?X?&gXQ_JEQxs<tH4Xf}SmFavQ@=|5i7SQ9oRi)tzp@bn4?WmVY
z&`4!7(Krg(;5b49;SpGz7%_`=&ri{56P)gyNHL0qTu+=zs1hP6CP>{8i@)}Cg>&TN
zWFKe|-B`P?A6LM;$pe@_lB!Sy2a>8OZoNf55o36b|7*SI_Lwd0!Pk-RybluJ^8A<2
zBA|3aw3Tui*cg_wU1UGK6b8%2i038-P2=4N$ARXF{K#UWZGLS3HF`R%LK`AxiXbgw
zO4|LOwLsl<r<Gj4H)t%aqJ8=0p$H3pU(GM+P#iO{{0`YRKMb-m6F>edoR<6gfU5`n
zL}=Hy8jX+UzVpzQdBBmKFUZh@+xI?$Ebi*FH%R@gE&fwKc_8D^X!2N%h)sTm>uR<O
ziTnfSMq-!9k<K@;^Iwh(6CL*=64=n=n3`i~Ksc8zD&{L2B5L3a4s#iK#JJ-_C{IYl
zA4OTM2ms<wL%5(gTKX`u9kIF|!X!$<q#itLhx7z~tDPuruFB?Nz^WMbHxh{mIg${K
zW8}up){FE24WdKs-r~znJ)ak|Ahc?6JfeWLp{WZ8&(Sum4C?WUc7r8trt_+tD-~r|
zsGIe0r_c2YE~csE%Q~oS;IBb+{U~@Kt-Sqs1Y8Eg<o{<<<`{;|n&mtuk@toEjS#W$
zN6y-$O1UlvorDbM0o4+|1|#m`EqE72V#*a=?bM8;hZk>K-o}YkmDeKIBuOl{F3y@V
zM&$F<e*_qPj;ak;S~3sMA?NZCB0CLZ%T0ptS4A@J!bcl#`jIkRAkFP0@!bfc0x9l{
zXF<zLdj$GlNtda29hsU^z~>*3>i*Yku>bdUJhPc9h}j=I6nqt@EfI-9d{r0e9tkSG
zOiyhmdb<?r8mF^h43u;3A_K2vP~+ekL|ij@Yop(Je?bQj1}T^V`X1C(9^h^j3eI;B
z)sJjXEVC2Q4mGREUe-psg{mzEL0X_i0%~ipX1p)`swZh4yV<K3zv@7()AAp4j=k=u
zHlTX|A-vtWLBS?9$U{a|OW}(iz+_S@^J;jlcfhu9zB@_;fF=>eWo6eBh0Ue5KU*>u
zF$7!$`*BW?zx%mGO+JA$nQQk}B`ITk^J}K1aT9$aTMki-*=JxkT3v=|%=}3`iaczE
z8~_#7LB2B{Gn=`62ix1uFU^P$+bwv=z={phaq0hc?6zJ`!TbNIo*@hCSlS(Pl!Mk$
zmS0O9HfX%R{EzM@T?pmIH2c2+@K?oHHoqmP472|CZg#*{$cFp>*Dn93;Wgb<2}_@9
z6)rvspFpHeDiO$QA3kwP=~UY^zLAFiEVJZ)V{W~xSI9T?>V<2?4wbLU8*Wg@ehfc8
zW>86!hGE;xjrR}gRO&?;Z9Qd#3m>?m#>dL7n^i+Z@JYJ}H{q99o_3Ar=#Ncj{}yiZ
zHY7+_-33K#z)NDo93kuOA#7-tuB_)kIUtJIx8>h$fD=2Fy4TB_QSA1vN~4%nGpg<f
zeF(oSCN|JczNd4Aa%bO!(N;3WMpMeBMY3@=8uMM7j=Y&{?I|-VHA-(q@u18ZwB89H
zd&A)I!3@!SAZ75)jcmTBYtJzEm0;61on&&lU~vt#A^Fdf{S&*((v<&gIlmRF<zC?O
ze;?CbhSga|j$raiGQX<l+mn5Ekq|iD>XB&Z?Dt9>1*l75Q=V<?Gm#@qSZ2lyr!Yzt
zA>X1qxqZLj%({*~Zr^{ssy6T9DLt5K9p*<@l+6I1@+R>Q-yN%c0@+5hsjaCvMA6Ka
z@t;7ogh{fT5jJwOm>A1MaKt#(Fg3|P6_sAK!e>&GdH8ByKObjcZfYI|Xa20ft(+*F
zsfbL^p)CC%M*2U;&vz-DyW<daP0aqcfG|?RI%eH#6!#Hakcx2q&w9?o5X|f(LKD_i
z{GX46nAgY{$@N6QP(!CK;baz!0yGb#Y9AQwK*@=`!s3y`WF3eBn~x)LiH|tXqdqGS
z2!v249p`=h<{mA1>T&x>nzhgD`vw=T{_%}r4yxkUe^tfq<uSlOrCuT+WwBzZ$1!6O
zb(f1?ay{aGt+8(9jlzI62QEb+PxN!;O{5{L!b0Pdlc1l}<nTF@D5@d<mDpy}fg<nJ
zP=9<?Pi7&>d_Ku>mNzrh@NfSuSI~;Ii;4XTuZbB`!Wi7wkkJE{xNba|mM2LZTsCK>
z9v#mYOsmgZ05wvLvuY|onCC&a`K{-0XQa}&Cy421?>7ja8-z?*7Zqsw1mdqb`x04}
z5##)z$V8=zEmI)Jg|j^D2EobQl|jPo5+FD(ITOSch?B)an&wZBqd7<{1{)jzVnew^
zBhmA2oC;OyYNMWFeB1@*9s}#oxK@4HJ!E>99P7%CBSD-q5$)&~I(@;<BPSN8y6TJF
zM`5TpUvi`%W;O3YsFYU$2BcEUvUbcW^)^ct=jG_%gRn2zApReG5_*AKKqqGb_ovvP
zI4A1=ag_W=!a|2evf}`v2Vpb#20Z4EW62CmAAsU~FP7_MUi6X#u_J8F;lyfym~G^X
zB@9I@rUaK6z-)rCl_kW3A@mggdm)<eS*VMg4nN`C4zZ8GI|vy$ot{cLoq{P!K}9gD
zvhQqiMcg2ol3yU6x5k140Jt65|IwV-1YtKLgeldC7gWTFO-c}Bq^16g^Iq4AD^f5o
z3Ck27!4pgPY0)$Q^4`v+B)<J5Vzv-?2AA>48C*|#`Cj|qY~rO9T00Oi+dN?{_;gwC
z+;B+#^w4lV$y?GY<Nd0i<-){D2v?0@R3@JQ0y{s2op@A6mmpk7Sl}%vw$^igx4m;l
z&3=SG3*)9}*k9o(?7Yc0Q7v62`Ka&Tk;5&UZQPyl)Gjt7C{vcdvbYFHDX}7e$s}zl
zdG0)+NB#PUFii=4UiCW`zksw+km<4BgSeRC<F^xkj58Shi2)WOW`tY|2a00wd47vN
z^gYOI<V-KY!kmRS4I3!z-h$^5pK+~=#?dMt@F<eSi#iR7C?mq$f7`W^7^l8%Cv6Ak
zKrd|>^sqx|Omf!Gc8RV$@rRb=Ep79#k9K~<K0ou>u96`~w{8C7(0Jp=6#ZMIzBl?T
zK2Eti^<EI+l|8<!kl__YB(;UZPU^2ZjVbl{NfpcZ2nKR%{LaVoG~svx!)mla*vNa+
zhO5zz<?X?@2aiL4lA^kZ8hY3zU*wXMw#q~kgAKbMNHVp=0=NlVC8Bw`hM7_xBj9m-
zuIr5_?J$3Dvbjwk!lV<NC!P9%rzalEE0D$_ag-syw?7HO=5SfVLNK7LLuk%_(+^n5
z8v-42u`Ym^7f}wcaZ%0W?3?NQ0r`-D8}++>2#gNjn-$Y4pJ{c5h7`{O%JBqaFL>)q
ziA4-qFRG{6!>~qY&*iV}q9M{Sp(7{e#I9NmB4B-`K8kwXtrihU^SaS_k@REE*GCbN
zv}~4u<@#26T9rW-S9`y_46njc8`4d4^yM?{_m<|{>-w`~{lg3O*H^j7Nt)JUGgU}`
z67czlft(R8F3%L(r?+0+zk?xdAh6?;1$s*PeR`S9UGmdYf|nudN3X0<SK``pWOh+*
z53_IIOxZ_|2GO>n8P{vk-@|XMj?*Kf&#1H%+x#`zi#u=ekEXQacg>L=v(K6b-D|Sg
z5F|&kNio?9+h1neT~}h;K2&e(*H?dh-os98zn0&iWM9*t_1ubAs&w+XLsGuEb2ZnF
zRW6dt?||Gi7my8;jqSLIY8?QMW}yhZ)VSiXsPS-t9K5pOPZvYu&1uyo9~npU&1te|
zk~gq**1w1wxhq;dyoVDMS~xl7o@>lKEKgM*UYS+Zm=>R6EFpoWtn53`YaQ&^9#e6x
z@|Q3jMHnuVa$Zk#Ll>saCH{1Vf9GuJ<=#wFugF4E+#_gyzfWk}@)KqJy{2>NYc|{V
z8P@`@lmKcPywhodzY<9H2@-?bz-jP+%{LWpvn`2({>y2GFmnO$;l~0Z@0yB#GRv~Q
zBAB(kx|H;@9B526D_=lfDWjXzi1L>A-RLsQS^@jQJ4LEuA*<dFQt;ATu+@Bh#P-bb
z>4M=7U(!!%;;px`J`MHhVwy`%*BmgR_S5cCox>`mYhbcqdXgAQTo$Ah{3`XTwM{2K
z_^};kzFYEM1sBEM+b|J*0@+aoLMBi(`3S5h)K<;<HJjtEvO6td2&l%7_jHmTdZvoG
zip(xpJ?n;{-eso!yJoFW{isKykHvMQ`eQ2W(5+yo*7C-KpnzJV8ovNgw0`U3(WuAi
z_O47}ukC6S;aLmk(pP$kqbpI|BO5%bB2QBdw;t+Hxah#>G_F!r6ojgWwDzJo8fuOc
z$ap`T#_n5}&Pj0=nMGen<jll`JNv#<GQ@6?vh_xR0Htzh=dn#t>7|$Zt&s*{Qk6{R
zUX;5symY=Sg}YKB^1FLbiwZ*TWtxBcwvvM~Sh|=P2aZF#fisC@p}(&pYJ_Y1z?R+}
z9SSm<YYEhi0F0uEa#(U!r`MDkI5L991YJ=B&dwY;C(X2|hyW|#3v5Ux{;UyFjXIMA
zZ3pVrcE*78ZXkq-U4)cx=mI_kJn}Do>`ZHM*g(`+uVU)iD!9`Ker(N=8VTB)86b^t
z;UpijDB9VNrpn(W<-^vGrXGTi)FW*Ah)>h`#GS9|*?8gM`Hu}_FX_=e8*cpsShlg1
zVtDrAh8@DqZ-4q04jXwDu`BsS-K~+;w|`WBVceSU>K#_k=E)HpSMj(Uy?OqX?hzuW
zZ!H2d)V8C|SPvZ&$#L73{{0c=Xg6?aF2`N>|MjE(L?db;0yk=ly#=*ALoJEe^us$m
z#Da2h6LFQTX=JfDq*4nQX*Ie7i<Mp`pT_PE&(~^;R8iIz;c^vMWCE5&mcM01Y#o>!
zrVb!)*jY5QB&N+AYOJKbNzfQ-QM3Y_!`e#X+mu_Zb0#&k;-&DyXiuk1{dNSoPvuX^
zSmfPDrId8MAA5%mJY#15UP)nT{H&iB%A;4}^uVIVpF=Y~H)qk1h0My&VmEzg=*v7Y
zk6L@Hn@xFymu9+x;aT|Q8o8y)*eL_AleeX+Cbp9=hsWnckU#j_O0~}0YyJ3akq<<5
z#;3aVqBY2K+qze|CEAmv_86^cz>-H2P6Efu7fqSQT$mzNgdXp;xHE2^XQ0$oOQ!IP
zUR^2lX#XLGaogg<Uc*e%fKR4-^}#27D6APck4kVS<JA44?K8S@m<(oHTu!$5G3Y(>
z&X?EhprI7?b^MXWaKD`Y^<?iZ>rAA6jl<|U-7|bx3ClFSkd8@4|G8wGf1W^H_U#2q
z^vvH6_}v-@OtZW!PnP~_WbWKnl${jAVh9OwD1R|^?)$r|!bECNYHacUL)BXV*U|If
z!Y9n!FmuDq)G#M)n3)+G#)i`{bJ8#~Gc?dJGc%`QhJX8h_uiR*=FC~o+LmQmlD+c!
zS$dxT0fQpD7Ale)KIa%s-kni-uHP$~ULdZEFWW9i(LkrY>a@{Tk<v*_RHU(G(3{8e
zD#8k?ZOgZJm=mNNarhWf=S|934B=Sl>oISt^{ydcPhDGTNy_7^VecMUQGFt_*_bM(
zwz*rk*%25EAD{W--JpCexoAh)l*S_@;U4ve)HzB5W2@SdU0BOI5OSC+vK|*}n}af<
z#W(g+gsrFqSF)U~5c8f_Gkm<S;&;U1EfnUY6}H|V9w$0AcX?{h^`^{>W~Fp^<`U3K
z=7$O)U9oG_|J#A*U2!|-@ZqO_C%}^J7>Ko95uulees39ngUaX7wHRk0%jMYoT6tW?
zrZpS9phFVBoX%M9rB>?Z^kV}qyNU6cXC^)2T=GMWu<#MbQ|Ot$`q}aJZ7Ja?KRkQL
z=6Cc{p&XU+_zMSHOW>{s{dv|D7lOQGOn*TWQYL#-h(5>tA7QgDa^x_baV%~u=?*z_
z$J*q(8I^GJGqRf^uixqncnuw<Q$?>II;QygAGX3nGpST~YSWZaW@>MZqxV0;w0s#5
z#TC-AzI^_xeypMC+>lxN=@H*JJp)U+g@DEINc^TLI-5-(K~DGQ^mKU{Oq6%>6uE5C
z&d>t%q)Kn<dI^pryCi-A*YTIg(q#HHTB%X6*mz5Krsbl2X;Ciw@|gv$qUgkWtx@5T
zH6s4mk3y&W%S`H+%vt;MwKyl}YE8SvZGp1~rP*#uD{e+fVv|jk0&pfKGVlAgxLFQo
zEtqThgPyXiPK%X@3gt-;6v8aY38r(xPn05OBWt)xd<bFS<pTx>{V6c2-=S44nzHA~
zdB#~HIX7NK&l(q9iiWBN*5}(2xprVo#xc%VY7HfjG2;!49%2vo&e4O_)6tnsfW6zF
z8H<K7NP#mFuEyn!kENQgzioIJ6sECYEFy$*GCiK2FeGo~wO(TuBlD?z4!$J_-uzO`
z;o;8wB_-Q=>Q)x5!do~puNwHd#f*vfQ*w(3fKvUXDsQj;1g_&77CZoLptmyzbLB?U
zKt(&ADcGCi#Uw%GLNxYCN|gMI<U-`1SdLW(-Rn(vrlN8x0~s2av8V?ltmQq9yr&Co
z{*|cA`Mdb;_qQX1cInj2gz@X4gVgx4^r%38Xk}h$Y3lgIy)f6n(oG%7ElIBQV-s|$
z4>tBu!F7@P&s&Q^{&b5=c1gh3qqW{kQP{hgF0^n_J=OyK|777*K2(X#o8Igox+)|m
zoO5>Hm+T*{R}C@c4)L=Y@f;cW)*8+tEE|-`NRxIl6%ocMMNq8gftO3Owa!M%a0^q=
zSHKKMxhy#}lx{g%|Jkn(fr@q#+lOW|=FOYwH{$2XbLxd1GI2?(P@MBNzRi@gtQPho
z{9GIuU?N{bqIu6yWx=B~q5L4$2)Tbd)tgERC;9P-FMX1T=8(Dpx$ajZL?L2ng=ziF
zMqpY%=?3gpB1it4#zCQTe775unVw8fqLO3<^sWqiy~V^6Ls3NM0NuvUmMv_3g0b1L
z8Iyd^_md4sxrZQ}26EG64E<zd)sB{Q3K!q&iG|}ZP4a_?(jckDQIXRR91Qokv!N@P
zX`76P{Qd8c3YeLlNk5fyw<^+H%YFqub!(&`GTtObvxm~B6?d9pWDT%x-c`Lia;dsZ
z2|n&Vy0MWz92BdlgN<$GcTpHvM-h>sm3kww1l+;_kB-BNGtw$>_P$EMgOpCC5#)Dk
z067&Jz=EU!9+CjO)gqxn01E7#hW87d;ZSjnD?XF1L?6PwMA@-m628NoAV2~@ZzZS(
z5Noa85#eCryaX|R#?dGP$Y%dAORYiyDANxK06z4>zC;Y}0YLbS@=XT7ig$C61R~`)
zG65vm@qf6hD*!auTjV`vY>R@o|6R^3f>_zPv&yd^!kk&5a=BYn;w^)cF9jh0V`5CG
z;Ve541dC6xsicBEbh$s{(g9%Ha?c-9YZQV#x>+dUgOhZEJw=n&-cq;d#9K#)chLV~
zv1$V_mnU7naKI+LNk3Jn7U2QZc!6$W8bM~h1>Dn16?~{&fi-<p>X9g!hoem)0my8Z
z;sdZPw*#>x@uj9lkUCF!3t|+UVJHr4DkT2_fda_0WpA<+%M@pi@e^TlVh{{x6q&YD
zxF4BRP1Pmg3<yh}D8YouzynU*d2%ab`9a$~o>9Y?izdh7d`T;#zH!=VomJJT3Y&7*
zEbF4_yv`w7zBzCYC~KebFUwlZS+{GMwbFFHq3Pao0JdaOO_M{LqqLQB(<H63E_s>O
zKBKbEs%eF6kYUs&Nwt1HGQIMe4Y*%!R{lJxbYu>PFZ2&2Q6!Q)*^;5WsPUOiCC^lA
zw9K+H2}gUmp=mN~j-O>h`=GHReNjtDlCsXj7J$7=!O<P<PgccPMP)&*4F~R&elsF4
zWy|muVC9gHoV6KT0R}Y~M|~-=5di0VJ3J1q=aH3YN-F(_jVGrCz_>@D?WUT}jFd^2
ztI4xGX^j>nsV1mFuyATnRaT@on1wlp$ZN4K)UsIb+t#b8jcXD1FBzsa)>$pI6&*ys
za&Y1fyLYiRDny<pFMlpK`wx_GOhS_bzp-@r^QKu^6wvq2_8C!i-`Zpk@AI{rM&OJe
z6S2%UQ^kIwKGo-ZrGR}X(qhnIO1Oyrd~F*!X(n@J#E`J~0|o)|t~eZ8Zl?{lw?nyD
z${#6b`g>c>c6$^V#T|28NZKVbxUAF}?Ui<>$<890IHOmfs5JT^yH@nD<_8=Fzq7=R
zzq!%^nz+=2bd+s;xPs&-Qe-b7Nt<1pPC^}Q)3Aa(8t<Q|Y;<A)nW^vK;(-RcT#qU?
zpclo<=53e!$)>)+*iA&Z)9wP@jDCsOk6$*A8VoMYEE3GfoQ<_$Yu<RfH&N5Qqf%LX
zl@p{OBUIIJE(s<h93-Cr8AxAoq{=EY&PW?$s?R9-hEKD2j%i47TQBu2=*-t>XsA!A
zuwmYikYa++;AEZ;Q|26Ge@8usvIO#3Ch9h9PKyAzkrFU8-TAkUciY(XMa@IaYUBVO
zLy@<DcU}{tGX$-#R-B9He((#cwz^*3!X4Bw%krCbbA)l1p?`mmKTMT+!fC4z`&wSI
zqO<cM_Pbasg&|QKF9_n#O7j@`KR8PwQXKC`<1iP#`_tUP$iWF2$UK5|CA#+e(~QB`
zWOb%h2EAQtez^7fS3WG(V^)(xLodtBp+TUY%F9ThP~am*<4Cc7dTqvHLp2K@=R{0i
zY8yp^7?ud3bQh;en&I!y61_;&Zu|!Fj-Kl~j0{!;VDT3k`Gn9mFkz+-DfE=rJ5dlQ
zl(z2WrQDOG)RzU-i9hl6Lu-^*#`t^9eK}@xtM~EdDo6RGj`Ty&d2t1XySg%1ZAoFF
zOYj7u|1&(r`)1H0W%SXh>1xAP&BozlK)!vjt@<tFN|742&k?W$x!4`GTt(kbL{+6e
z*QK34SCmv<G4Mgnq)v2~V<09X;2Uqx!(PO+jdzoE5sz^j*jg%_#_lxnnTD8KJn8Y6
z$L?&|_sT!XAu^aPKF<6VRQWTJklhSq&r@WqIL&MRYP4qOFX3-Kfq;Tc>;dWSNbY~|
zX|l<h`4E@Mj{Ms<o8_Oa&v@P3CS%`-3|<NL2W+`5Hm>8xwe=*&42oOF>TOl4n6rM8
zcVHTi+&m^?2i>z#@!M~Z$^V-E1ve?nx$WU^yAou+dXSp%tJ!Gzz~CeTL!-FR;Abkt
z-+(DzDF=q^qKsn1UR9p9EdaVgCyBeaF>eW;E`+|EBEd9?TT|`9vJGCoZ(1=SB|gZQ
zVgp1i-7zrCsx^)kf6M_t9^z1*+E?lDeOpbMYK?X{NSiV(xgcK7LUku-f$t~7OLXf8
zL3gTLylT93olGXhDkW#thKm?w8b$foP(=i*{;#Poa^a`y27lURSUuEv+B(WBD3ne=
z#fSBHo%O{)sf7NigU?p93Xt59r*t0~hE#l_UG0M29f)N$?Ln3w0UZKpFQOwYD@Ui{
zxP=T_L*VZ)^R;V!%$|0*4zi<guU;chUim4>V78kA7qau*SF_T?*Mw5$u}}p*s=iUn
zc)-yr1*;sxnMbWB6MZ`3henI)q`!vuV!%uOj!b(Pu&ZM(d@sjuA4N)T)DHDTBlLzE
zY~CeUwto@VWW3CK{vm6$8PP$QHK>XWYOp4PRd3`Ee5AOm=Qm10+|A=fDekP}IeTsV
zy5roUI+650r+@`bTJijt1m180!X)(@XNO{vw(aWe#$R@>yj0bCFo6?fKl)`v$yR^H
z3tCnRK`bgAHl`W)YfDQt;+^m;&haLKVPDJ&M)pUHu#D-N5Sc{(f$&^Wf^{#623KDU
zR+j@_2Sg}hHOQh80Dw4@O1#y8!^PmQ6Xu_p3u{AYAto$<I6!*h^)v^KX^)|8DM!4;
zld3|~EA0?NcSu;2J$WEyS^sH&Q}&-^)dPfP174P<WYZp7fURh`V~u<c>sdSp1bJ%)
z8xh35&03cX+jh(5<RmaIjwX4|Uf#ZSqXbLT*cs-Aq;b<<2mn6QU;owc%5@FgWU!P!
z2Plt1pLd<cp5xR)Onc&+SRwDbzO1G*In*0?tY`?e6%}?P;xre07xM_$+y_P`ez4lc
zQSpJg&7e+J)7V-)IGV5&>6UOw!uW(>hKg_Nc=o$(UeF>3=a%Y#8rYci4e=##f{AU+
zl*b^!y(MHx(6B116{B9z7-`V1vJ=yIrL;iElrf)Kncd>$C`1hYOAi{up;TTc$5wPQ
zhI@<?a9+xcehWIi79<db<bEy48*eRV^X8AV(hu#eCa>vZ9u;0m>>vTCm25gXm^$XL
zcGNc<_IOu+I>g&3N$LEgNZhFi=TwWi18Rfx75LP;1@<NmV>~+0M)bvvYa&=@^0HAZ
ze+-zd*Bt_dH5d%QIH^%!{Q_hhsM><(hk3Z|`^~h{T+^=I8@i<#2Dj20KB>U(VukOe
zTouDK6}#B%cnep*(|`5x`U>Y868e3THeJ0M7%mjHRYAcMZ2>KnAoWWacVM-6$P+6#
zMvMQrN$MwONoMm>q(>xjj8K@}6y9JB9Mc{{Th@fDMuYR}$S8Jj*+3v;drlgwoYX(a
z29N#&Y$uR^beexO^(Al3ba+TtyioXh$N54!O1*JQ2<35|#WCj2Un)3zMTv4UHu2l$
z)FqCjOy&}k+GM{}>`Rl#S7ov2!7nn05XGNjiV9r^TOCQ#D>e(6d!f=W;0fA4#WAgl
z0ASOuyAjEmj#=g(6BxxK;nRFQ-Iv6w9}Zylv8SY4w2rp2EwU7k1)H+%w_chtj$*!F
z?aD*{7FxX4G$!o(yTMED9a3bzB)XpYNK(0e&ucv#$?!bQD>Y|K=QYLF_g=Uq-+0g5
zW?B0(>gP<Omsyq~JMCFnYt34#S54EsS1kA<9(7eFH>RD~#npx5fy!%8`Lp9bp3tqJ
zo03LOO=`cPZ!eM@{>~{%$DTzAsl4#JWh(AkdH-X5ihP3Cuu4&)oO;2`^~cc0M~{l9
z4qTqQk3(*Cdm3Er@ZLpg{}HyYwc4y_t}S{(Dz0(Hc#T%U8;Lr6xus>?qcfAkoq?IV
zy|%q}da@jm91-xHv?g{byKp_*QzXUNnK}$~{h_5U*MwAVie665-PEO}UgTQoHE9fd
z8Yz#q%}V9sF6RmL2Z&~_v<`!1LDh%3Qoln!my@|t<uPiPune-g*Gwt|>pqYf821%g
zxhaO+`G}LOaI!Y2&Ko~x-^($F_}Hwp;d%~r6J-9x$SJGH2(Gp*iLKc+K6d?PoZJSN
zBuMRQ5*wv6RdF-Ykao&s|1oLV2fFuI70HT{3K3-fh!fPp|MuPJ&h!e~VlG{Auo7t)
z-mtt!Z%|@Q@s)+pkyybk-7co$nfzOkK|LE)(FUHK;Xu0x^+!%nE8X|{@2tan$h^yz
z)<;jn2ft4JO=ebD<?3D-sJoMxu_`!a8?B6+<rJzY#~2cP5S(*#x4ECZ`*7SA=!1Qt
z+?Ofmh70>&pNWYTjbF$uMIzepU%i6h8bwDwn&isYi*_ff<;f@LS05b@Rt96(b~)c2
z58v`<I@DFSyCq*@yKfJ>#fh(bULIrlK2+CGo~qyf{m1!XK8U_s9M)2+lx`@qe-iGl
zzyr?nc{U)}9&71ylnXzU_ZQHG#IKqcJnx_L&$arkzEsrrk=-NX&2qCm34@gCM53rI
zr^8^tH0Z%ezYl;BYg&S*w;I~{X9Q9R1ZCVldq{Iasj3a%#>sdVRaUx0mkd{qJ$}Az
zPZ944+fsyujuY4WQN07ThY4!dd0n2662GLLTYmRFt*8lGkLc(N4}X=G#qx;5N_xVO
z;cR`Z4~(f`2Rm#X#*Gw%uzTMdJn_|2+Ee`O@gzklFuO3kO7O}vJa%H#U2S!*D=y1z
zgC^)0%I0MKBkAmbvVAuxQrWz*aku9t#}A=>%sxZ+pxbnjC|b9!1W|#w+$1p#nx8*I
zfn`W$jT&EFYK<DDH{0be`5EjMYx>Jmwo91(*WmRd)XgYlN4{57t{Rjp!nxS~Qz%yo
z>N{<`k0j%ypeq=dC&BMNhsKG4V4C9CmPhL2=W*Lo<@C=C3eVpvAwCvNzkBS@a=<$)
zhfYLnMQQkXeSZ{;c&|w4>MwT4FehM;FnD_Nu2g2sq@*mL*Du?v{&3I63iS>jEMWA4
zvJQQ*&-uRS8<!ZQWpP!qBCs3S=p8|xn4@I9CJ>QP7xd`cj`u;5?k&z=K*6#ojZ`Uv
z0TJ!5f(tXu#{!~0LY7H_IAcW?mFdq_Aq<T-_l7{Fp=KGN+#%m8C3p~WOZMKQ(2DyW
zuH2lAWaBHIqQzR+o&qaOSVa&<b+soTeG(39qZjATsmF`E{3|FfJ7bz$l@MmQd}Uhb
zLX2E>Q23g*`joi3y-e9NSEZOhIMSHJLzUxs2oJjuM@rAM^SxFOkH+x6p!KNJ(uIKH
zF@s7kD;v)rV*51JMQRPR@{uQk*fE<<Y<@;jS5jbp()#$YG1V*5$8T>b{7bNNF##SE
zd+wG9JTkA{LYP0U!#>2B_pyD}Jahjr5?JeokkcUhQ1&KwF!FIl2-rrORJMj`A<Ppj
z;x!e@HE)ncE^}9Tab~;fqsKZA(kpr7N#A%zzf6Q(UC6rJ#3C<u6V_QM2eM!VWtSPa
zQelAc)s9foPc1szjO{o=H)^QGdCp$!@A{W>Iv7<$vYxc*Trq3>!j~s{hgLcP&HV9b
z;r;SmpWQj!J44pJxckdd=cJbz+%*~A=CC*0hNByAZ?v9EBkJkhIp$mOQnu!Wu&hSl
zHZnNKBrbjZvlatV=9wY)IKN$jw+`0@s3)|33;cJhM;jX;ax5$e9_S4T?Lip7HLs#>
zy%wPU(Q%O(BGvl>reIVk&h-TII32rMp)_1pP^RLLQaQ`pF<i%|qBI9LQJ1~bT>Wf5
zno@xronDX(%A&&w1yvBXH%^~8Il_2X#8X@6X@P&gcCU3$(T7Ubs&lA__bWL|UNRK9
zek~%+Omy*GYSq+Vpj?PnQPO<K(E5mdYVo=LJ%L1`W5pXm*_(149mBi14G%5Va!Rqz
z5`S?d<)*Z==qyok82NP)H#eItPSA$<yI<Z3THdZE>BR}ND`BM=q5#U=d?;BQx?^m>
zc>ep-ZD?#gyZb|^!KhGD#e2|YO*XqzMdPrRtGv8LB{Q#0ZJ6k>7=et;JR8M!AXEVr
zc6>jLH{!jAx2WMDH{T^onDBqul!790K^I_3=aK~1G#e>sfsJ>h3@u>4yumL8JLnvU
z$+__4%jB{MpAQ);Y9o?9NfhUM<I~diVXv*;N^-oDx|(`}J;}8s!YJfyT^*OAIXtiR
z(>pvhRGCdnMP}nIPZ@ANPpHm~(^z~QYmH{bge<_a{;0+iG%}qjrxK>>+`}=M@lO|~
zLPGr3N5O&@Am=Grsgk)Sg}{3J2$^=v8~iw?y2kPoK1fFLa|<8I8cQtW51A{8!Wvv9
z5CY9i@u!dN9<;SVm&t;Yhh4I0*+$$S_bB2Kvt_OUiC@nNqi*)EDA*uH%T#s|vPlYP
zlTIk|N|k(QIC6{`uk~eW`F;yiZQ_FURvm4qg>wvH{j~W?JBUlOEoQ2Ok@Z$13K4Q*
zhUDf$Ga#+I&@H&5R8)OJj4%P^6m=KFN8(lQt<w^qk-3G}iO!xjK<d^d*bxLNVw*-!
z#@NW&)1Eam-e6U;Zt`?~_q}oCa-R0LdO4zgI&0k~s&_?(yDDz_oYr5h*8&9w3o?)I
zJ<yl6tHKEHN_Ec|K9N5l)O9V!;$1pD!`Uwj%5>gRRy-1$=HBJ6xoi1!YEC}a2w(oV
zUFXJit9RU1L{+P_K&P7)JW6tm{kr`_V&0&!2kVeWo4#AWNh<72Q)~Pb%G5vpJN;Fn
z1<B><laa8r1XDCuf>C2`lZ#hFx^|;@Y+iB_gM^%h+GnM?x*eKE(WPHX@`VR9<dA93
zHt9tLrckgK5)Vx>70cuPSj|_aP*Nl`hMLFoLdbJ`a;)mNF|v2j)>N{4`6XYK`&R1n
z{oYhNjn7*d9WeFPpdVYLoaz+n4a>mvH5Rvyp^Fhj19GF9ENk+6pFXuIU7}H3?!vIz
zrb3wzkdZxJv)Ah0UO`-*^VtN#VBF3BC<z@r(-_%Aw*18~VJWMd_a5{vH0QWpw#$nT
zNi4M)sQFOih^B*j&r$luN02879dG`){XOtERIZXL?26O@zdBlS>rWC*#K|iQ+3%wy
zW#Wb1nxxDLpCF`Gbfw}P|NpkvG>g(Ev|-;Ov=Bj*B8dK^BKgghBnfs+*#o>}QX)gV
ze1`;zOy{E`0G}DutvlgL8%5BJpS@e1arsvkhtQ5I@;}2GRz6&E87W=i)`(a24N?89
zu?(`DxU-ej88Z7w7JWZJSe%4hFp?D}kQwGqv@6X`EVxRnDY&Y5`ds-HNAZgc&;2y*
z1omhxnQdD;o+I%?6R0bcbNvCQHP=GP^n^dC+|*qf?+ZOm<b>f9XOL|h{<E^8Q9~C$
z9O+gmnpNQS94x>6eDqcAmg~Ff82IlQ=nDhk-)Z62UF)%tO&-G*Uea}wKh@Or>k4NE
zq0<^#S!_!20}7d$G~k)w)P#pu4iVJ&R~EMRI=4#}#y1a=)iM@r+s>jgAZe_OTZY5n
z@I`;_)o|G*pitM49cbQ0F%?2We>#u);!vE~>G;x;Q-L1MMMEQOQfZy1T~+_gs4MR`
zlI!qrLhMYF(s+^i?!vpjWURn;v3oxbZyym8VPijLJ-E)idX!rf6AGnsxjl)FrarO3
zJ$z*5%HHz85=r>m#4==5>1Jh#Oz_K~sbx?nn&6l;zh)rSxxoTi%7RkyOj|$b9@H~7
zWVD2z%i^<8)D^=%wP7)nJXp&mLda7dP4G`!x_@d`*Eyn{MeRNhUB&Ql=CZ^(u!KnL
z*J>F=P)%Uf|4m^)M?=JO;8E%LTp1lPq(^9}D@;Ehb44Q9P?TR~OZ;76z9_^pbiUFm
zokYA+ZZ=YbOF!+iQsMLH=Y)Ow?SdXuX%Ct|XOG-j=F=u{kW9W6k;6{+Qv4l{j-kV>
zlTvVW$|A}oZ!OlQGeY-%YmKbO#LmQSX%btD;W6!q8Q4o)w3$J|2^oSHYcRn2nkU?q
z9&~u&z&jhw)-Vl4MMEZ+d}$b&F9pVmAQ{j4<A+L$lyN1<mo$199dB1#zf=*=q8hfL
z&`~b=>yT!7biEC#H_4km^JzC=BXY?;&qIPK!>s>I#PA}Tl}fg1%A`bOw{(ntk(J^%
zR)20iSvLa9pr&Ym{+5zGmi>OOJaBkOe%lUo^D*|*j}~oj@3}g@ZbuiYoo2U#eq-n2
zFeXXtv8$QYNibHs-(NGLpdRxiS8F0<s$oH!oUU{K;J#NmE4_bNn|v_~{${slI`)-Y
zDq!?Qb3;JE(*N>HA>PBmXudQiba&7A1?Cxm7*yI%LIk3EZ$XT3a(bgGn<P##oYur@
z_?07xd8AnD4u(eW85ei+V~w=#i1fH(EN`kIVqfF7=&n~;eG3f+`=K``IG^;%F%}YQ
z{N}<@2C5GNjb3Z3q7R02@;3;fk~U^94V$6plpxWFL{)>OtFoE#aa0kl{Tv>{h0Yc?
zacg1=UC$8AfspB-0se3Mbv8T{k5Y0_TVxAjz?I0E!;TWS?biOn>iPoMFZGy*+|R9l
z=#&~5vhlV|VSZ5-+cP<f!>2ohk{&{YaUf1di#OTjG}^^B+oAs9*d!vvEU}7#vPQdT
z&04to{u&o}-s~ae=8?^WaJ5yqb;$nJVvZl8)1@LcK7v4c1xpd>vJPS@{@CdTQQjTw
z@Ci!oH)@PO-gFz3n(Kcg$6F4bSR;Bc9CI9{-G7RE;);2Wi(Wt#9+i^HOeu>d>h=Eu
z)n<Ky{$$cmW(G6ziX)#bWM+%+ACmd5f$KC{aYkZ4LK18Jo@(rxtU<65w!C~8v(xVd
z5yF5Lt`=tcI5aV8h`Mn3clrlpPcSrd>)Pe(lY4M`Vc)va_Q}a5QD+l7IJWh+^cUhD
zp9Bt&!OrjOd3GsEAsbXMo$h&wpt;^kXtbWzRU0uW-Oh0m@D{zpBwWmPzK{8a&X;a@
z+rON))hxDup{J_CQ4Gahj%_m#OcG`6$rHDJuQH=-i4m&Ip^&J2x{6W{t&FX&H9PS;
z$|MLuwQSx?E305!Pq`}#_)t^%>@tGD`JR28$6n-2d|#p5g}(Nk?!d*$y=Nq2?$VU5
z+QHhL9UO)UX;JIORqJ<z8c~lvi|95)OHh7&Rj=;Y3N?gU=4SyJLM)8i0fR`f;BiE4
z(-tP=a#dAHf*LioY}(~Hog1g#^b||ODtJ7#1@|1xgOfUD_3}O)LRjbditQVKWCFK3
zXkwfG>j5(OO?=uzVz-ppGLe=Scs*Wr)3uqA92o3Ad}dHyEDx09jt<6@6%uEU?!oEb
zV&|RG_Z97@L($@X<u~WP$eyD`4G1s?hG=X#sTGsE;^i%r@c{x=oZePm`m$bC1luIU
zhMMc_5>ADHo|9q~Q}Jb%i@L$bfSx_t!7yk6N5s<pDF!t?1pJ=f76{lg?p=bp-d6Y1
zc+EI?&w{G$pO9Nc!+1e4ZXaq37XoMSDX~R79yW%FyE}NL_leJWcSH!K47cQS<tGL4
z1yH%fmf8wx^|SosU)I++&QWvWT(1A3ON6yOmIu)|;$T)%j^)FvXACDx>4{`@Bs$3S
z^U$GendX1a^yX&iCJ1~{xMI2Qcn}zLwRz$ux7{7Wwa5Q3i*A#DXfd{*4P%4g@P;lc
zvx83gIGh~Vzy5e_ZP9u6^Sdx}enJs^@NIeJ%ZcC^3_p=E{m2jaxIi#Q`023yTL(>$
z?sFeo09gm^=RTNbC-IhLyfk-O#*%u?@@iQV6%%Zz!kzh^l)_mtx}W^IC8V=QrNS1o
z2~_1T(s|}#!VUPirD6W3U(I)4DuHKoSC}%s%v2n)jO2>1yV6=J$Suf})_HVa%fe&m
z)rkyzSMm=_d6AWl|I#l<x?6z+!y(4<>Uz*TBQVa2@o^RJoCDsz!;oBqf1MP67-ieM
zEklqlZ8W~Czx};3exmfti^WJ(GtW&z%Ov-zn>FjwZ{QEoWr)~vgyypFMz!z;FR2V3
z;`DQ9)+Xm`$CKfr)JT`<sbqRE?gPCFbudy+Lo0?FeW~$PNq9DQ%?KGDy^wP=uO_d!
ztMY&kujU$gQCF5dYw$REHO7d`#sO+;mW?tUbk-sMy6*<`6%XuZ9*2VXY!<Jv^#jxv
zmRP$%{quFt@b*>jVUXG1K_<;WABLt<RHYOlQ&h0bm+yZlN|ohvSi(RPK2$*^%EOa+
z94dh>IgMzfjbULRERnF-6)`ao%D<~ETNsGyV@@JS<va&Z40J;(CWVQL)^nD#92VPl
zZ4Ov|_{)Emk0RfWw}wC}Qg-7T2y1Zv{&k+WF(M391|wo-n6={7Ljs=a&TOK(P&x>M
zMCLyZ(9x9;10eucTYe2Sq#B;K^%{G(_MWcw5TAMmfbNwd&;+mfV+Vdu6ik*m%CoAE
z#Y}IGW(FQo`O8-&i<$+KCy<E1eiexOBUAB}>s1f+l@lQ#5S6TE;O~H_+?9jo%`C@n
z_qFrR?|)Qz4`|;pZ1yW5s=qAKyg?I>9%H@Ix3lwKT3QoVZy!t=WLIxjBym-44^J9x
zVD{Ar*T^I3TmJ4yYGUq&<|G)`%kr~oRQwI2wn1w6`xgVAUd=V=9p-ncpuc*Yx;jTo
zl;$Gb3syJUxVQX+CMPNqiiU?KQgxH@hMiZcW1uKE(xirm`d=m{&T`raXLvS`^>n0I
znx>X$;M>GeSiVn00*Vj*q${5IowcfLigc0ERE5?ytj<1Wz8`v>ZuY<B(TrVs1Myl_
zf;XFmf(@#ZC(MN?8~&C=RnLp6Kj4CWlue9f5K}WzFj7rG3fY~GrBA}&d*UQWSj*uJ
zbH53fmfcqk{`wO<86rfkX!<3c*eIE~2E>_KF}B}yS$qI24h)~ZItv$-xdwL65FHpO
zA}L^)-Km89>_(jzdBPnU@DW8hjF9;A#1xOlXqWGD>NZBr^QU`8c!k#R#WA82zl==(
z$J;M0(|wwh!P@W5lw<6fHIQ@`*j_nxkSQUn^oFuY5j}FRxQzbw0ibLQ$jdwue-uct
z4o29m0#T5D-8HDoNCn~pewvh@Bi1eKf>BlqEK`C7$p8!Ll75;sU?2q6NAU?EXw{a+
zV)UXOdAZYY-xmJbTR-+tQ#kwZFN!siaIEEEuHZZ_c>Po0KGcJ>@l_@4jZ=6`gqC-q
z;FjB^<HC-y|0Mo=Yj;)fDWZxa@`N~hhe_h`dzGT|yph6JhG!!u&Z9njwGHUm7$5BV
zzZxEVwkpQ=y01cpIPHD`SDu3dr%@q%FZj6nY*#w;X=I3}rM@H817@fLJT1RHFqT{v
zNAf+Lzr_nV@Vg2GkI{y2$apnYqiWuD43v@hs#kOb1*)ge>p{hNTkJOum@G8(RInkN
zbuJq%HD7xVhKe!@s$hlE42Fq1;;_g#$yC59eZTSh?1c<=WHf-+5VB&UK~woWQ&d__
zNmM`O!k?=!K_!NjSMDW}_1cY2X6*Cz)T<RKxt~Z~8t~MwLKtSP^6Q8377#jlNGA5+
zUM&Z2D0zqLH-bGL&FjQFW4?dxc5`r0mTY5w!*L3l!o4)3q;tJ9r*oB+32LN${b+4r
z-TpE8rkn`J_rY2uhqK3Oco~@ORye^L=-B_{$AC+#h(vHSf1qv#cJhu{OY$?hlS+cN
zFAd_v#<SZ+O`~7%#|x)|-1mcDlyr0M@mNV&JXUF)nhpot<C4kR@CLqve_gqq`@aNq
z<JKiS%z-QtLfzQfz2ED{uu|KY2B(p$3v<#D`2QF7x()Pf^v(&i{?#Yz#)s^j3uo=d
zH~A+?t6P&CT%z+1rRJuvn*mrmQFHYVi@QgCne>a2l<PL*NF|Rbyyma%l|i{i!wI5V
z%>5k1i}lyJCBEm;ZtXmg{_<vFy~;9-H)8b>L|r?RryY80{wG`;a%dqz;8!tpiI1@N
za>K2n$YmJ)J47*s55sGs$;IqzA_YTc{FsKv&rJ9gYU+r-;o)BMr{Uo?2dDT~WnVH@
zYlexd3EnN8-7}w8MC0zP97B^}w#e5vyU9^^217OiUcA()`f2O?D>vLE>!(?@Y@(;p
zoL>H#0sTk%1ImkHs{!4Eu$p7AF<^B=Nv9}2%vW2OeNv3XU>4`<Sw@_`9HOuK`|TE|
zA%}BD`K=);zQLro)}4*5BMo<B43WJady>v`802MzGuYhQ;GOD5^_wqYJ8M{ssl~Ys
z!{hD4>TZ#?#Z1@}{7Lq?$Koy9LGboCdotuEci3%%c*3ofM#s$dxjc;XO|?Xx?jh(#
zT}oTABs6}0_e4K+u*sWK$DixIx_{8~q{D7SM|KZKT@7sJ$)W&WblXYxmRCt&s4QY`
zc7a`H#laK>z+upTS7A8JAe!J3KyyL$oImlSLBhy|drGY7#ddl8l&h!m!=;y3rQO5W
zCtQb|d|_PHiR;Hnx#y>93B|0kKNx~ZE|PD%>49)%3ph%9uXfgn5VscKQ|X(ZQu>u?
z7{fgpcw$uQ?aQtnG&xY<=J_d9ZcwX>L`w1Gse`ZUqh;CNHHBN#6~%L6)#n^{yup<b
zrI&06ER_ig%1j82jfuqTfdd1NG)*S+;?;`t(i`{_(U<^aHYZ~gVyX64|FvydWS~kC
zB*onqTvfc4St~+uP_w*{fu<I__Z8SsFi~6{rDoB$y04x)2oLByv|z>IkOe{c6#4Mq
zZ0p-lKABfm>6s84ILrOaJ}H6}nD?pe=%<eo4nPY+zB0>Z8867{#*sCItSskxUcIAd
zLYH>7ZQ1<x13gjN12v{{VtCJ~ZHy;BQx594Qa-{0F1RmYK5pr;Fq4z}ZH95wS*S#I
z53fQEFPRPTc?UF1Yx+x8{)%i^FA0T|<DWxozhLxdb&PyABGp^<hBi1sWpUSGYaE@z
zpB@esZpVUSf#Vwu16DN>4O+m7<4gY}nAdKj{T~matAVMDrQ5fGj$9fYirFJyQqYg?
z#JyD3+G7X3Xhl~qN)c__idh@>vqz>vB<q+O)Q+jt%7%|2ZFOSd#$Waz)QZHM)D!rb
zy~3~j<NQy8U;3VG_{*DIhJhC-e5ZgomO=?e@z$a48W+}geS`-w<OzmiJDvf$Fy)yU
zJN6mMz%_`ij_rr;%6*KL-_#AEiWYOoA};YVUmj<FlH@EvKQ+iaY>1Q!DpePImpEO4
z9he09+<0tyw?-3`=Vm0F9_$6_{^`n|d$YLshI#p|#ESqqABerTd6Chms?4)c!0fVH
z79a<{J|RzV(=hhGa}ESAZ5FklzO1S=AO?=CI$*78>?@1>-``F&Wu@iA_GiXA6wz4l
zuZ)BO&w2xz3Ym(o#G>e~^o}c^U`lCQ{|H7IS`L9%4zK@K^B*|sRB(xZkXRZv<#7~b
z<O!iDDPdUwb{|S<JxV*m8PKdIgS{%)Y{yL*7I^3!3>E|TUFj3^C@ZyE8csZG#-fAc
z^RJsIMK)XoaLk9mRj4a3nrl#MJh~!${Kr{nJj>dHWf!ZiXE1?UB;UihZXzwI&b`&?
zkr2OEjy`a^(Vqrb(Uit@aGmM|Ch*GBUCuEV61Vb5H-?M`ybDwzWQ)oZ_aN+ZQS-Hl
z)6A0PsO^>dTI_vZU>R8<tmRqW=ivSm)y_rD+(p9*tEsfs$b<IGrPswKqx<@)GX%Sq
zjsdm$(`nNJUrP+k<rdhG@EH|3=C&`Gi(S_yFCD!R(=R$mYN|H<sd!8)e(8vj3v4LY
z2t^IO=Epxy%kVe#mo%X-;)oRWP|qrl0YSykJ*3V1v+m*kIuQ*WkVCsI`j=YI#|(&y
zcfdYD{a#&O@iW(OqgWg;1t5iv&$ts&3+f)wDf&KBMZsF6f4K}i>e%qB#S7tXB~@VT
zdjt3MjUheU{B4B;a$4Q@$O}m#+9Nkun{Ya^26M4#U1Kuvwif(10XSzl<K?X}Sqb(?
zS2P^ClKNa)967h^7lh+?x~R52u}v8JtY*&UrNnBT_7E|)>e~J8z&nqeT8j2C7?jrL
zq^jAK)AFF(yRc_LVb52PJq1H5VQOOd*|edIYw^m{ku3S2sT38n(w&7kg#hjvcSR!9
z2s{ekzHv-?sw0|{E`gKzPY_jfa=pZz)${T~%{*Kg@4DIq-u`L4uQhx1pfGQ)LS{gY
z*SDC8+4VAOH?4ekC`TEsl}<)=<J4T39u(XQ-;(4>XOx^nBEiYHg%WS;7WA)Ymg2FB
z)`8wyraabjyrqlE?^LH5lP?E1UE&(~O&Un+nL1q5)EfEF?4>`{hNgiHRwFU%Ighv9
zU<(;cRcxI2Ku1Qa0!qL@3e^Sy3mGJmab&sw`ZJ<7R0)|FPj^;zO-IKxNfGY<{6-f_
zFm;D`qsdfikGT^n1Dxn8qn&p+01LV26-A%h=eGR`I8hx#D!QvTN{ewUR^*QoNb663
zqYR=}_WGY%Y*;9IUs3br0nbntpJ8)JR`G2r`?PXFRdC$&Joy-kyQaB<<EK(Xfhu2$
zTIYVnw?u-Z=5w^`Caz=-_>v3lb$fGSgBx$A7f^<=(yfXcUrJTyej%Mk{%7GMRQm(m
zS-F*`4GmtLBkdBm@P!g&;kd*^iH!{8ssVBGyQZXN>T!#p)}|WULfz(EjFeG@8UCR@
zu=$Ct$^+aPL&ZB$zrO>#7p5*^Hqw*Vcm#VZ#16>6c|;JQbCW)~;bsTDHx8X5mYquz
z>O$n%Ko-xRDV^%xjB6dXo1Al3S-203?53#xH4+Z`>EUyB@u90AskEY?h@@w9l>ksU
zWC@bY9uULZ6OMv@(Rj@3bz(SfSzLkpGLUtj{X>n=WZ@Xk&aY-nf^3OCwykVlA9@Xx
zsD6QRSRIR}Si(eAUOeBOTHGiC*7agBr^>N$$_*9qLuJjUXR_FFM(YmL*dz%<%i}Ui
zqbHmhFM)NW)L!%*#ovC@IxC0``efUi#E#tzjw5!lp~Y*q=1YnD2n;wz3-GaKs_>UU
zN{Nb$luu3Im3ZBEdPAC~Fx#S6l_33(C9mpTgSHe>@v)s2iPWa&--pZt`%-g;Y^a(2
z)7d7F-Jelk^GfRUXH2nbnwc$UQFsLjKf4|44S`)_0!lFgE{d*l|39V3G^n5<A`!Jt
zzA)``A=7G6qxP`pj!>m{+VR#&#)<!xKVYG3`fsu(R)&Kyjlx-}_pIK(DMc99cs>?K
znoLq%rV*Fb8vE7o>y}K_Rc6B78$ErnJpt9V{OpU%_=(`x4ht6-g)sO}F?q#pG{TB5
zlSwH7zv`3&rbsu&*ox8`Zk%gBWe5~agwcAL%T>xcjO?Vx9<__p{^v10{P|@^)XJHl
z$sJUSQxL(3d-kubA2g#_BMQwm$zO8g{9-ixCRYe^haRo~#i(lHyL-F|!a?lAR3f;h
z6wo``oWIV3YwLqxJxBNvvBdnP^(;q%NJKT2m<6OF!OONSocrv7-|xTn)#)18x5tQM
zAYOkKBPcMK9D`8)aoyq9Z48;Kb23Rl4l86tLhlF(Ox(b8zawO>$tdt50TsONJ&=b3
zA+4E`xz5r~k#y%y`8&p@sax&Y@55RG3Cf|@1PPSths28w`8;0=P6pnBDH4?Exeh#&
z`>abO4u&?@;D2dnMv*)}E@t+U_6q<J<K62I@%wwp)4g~}(~<Z6Qp3jd-#Bt*>@aIi
zSkN6g_YqLYp}ks{ua&X9wi{%B%C$U+;_wh>MA(4~U7;Np=^a@OqS6#azJ!})Chp<1
zv8J{xFNWS3+k~66+mOSh3Kxwl3xP<V;8vLRKzc_q19P7?LAp-6F^qOavsMf|FWL<B
z{tTVF4UvlJf+HZWg^v6xV}<YrdskFQY>BYLudc4?0lAR-ia$1fYUp~MnB(60+5rD-
za@n$4yOPjAD^rJZviFf3HlW%&YnJVnaN106I$$|KtODa$Y4`rw#-+ck`}PrMp^YRg
znt`sGB{?%z=P+9R+U>@Ew>yd6?&V{g9|n2rOej5N6>Q9R-j|d>>8To5475m8i$*&C
z;sOLYE>1bg3MNR&{INyDVzq?DKwL!4K;CVTFr>pN96p*7Ul{C`XD<*U?NJ5-8VHK3
zVX;b!mr&kFMO8p-LrV{cz;Fs$lZ%wSX#(U(gJ4T-#UN{r`2ey2O0gJ7yBo-~I&TLm
zue$*B>L*DbENb38fTaB7?wCc508oWd4D!+l7EMVu4Ax)>;U7m`20)YtmQ>_~3>axN
zk)Sy+GH{J<w39{!4qJn24tExyR?%PbJm^JEQQ{N@TRR}IQyq#*I)51taDGGiKh6zy
zU;tuPegH87zX6~VXLNr);bnUN3;C{<|6>W2tN<Aet*4SWxXU_AiSH59s>XQ;$OVys
zr+Sf76nsCK!3W9}0_ETVNeBZ>BH8bZSxouO0`Vj)G_Z=N+9=r4L1KI{kaK(P#L--<
zZek1GnLFL>_>sy510a*b)m+E9(yL}5WYj4H#HU=|ivfxv03~anyF2EjzH_B3Iix~X
zm$(0<2EEbSy0E1MWM=>k9-or_<emRd%~422tdP*aY#v*I29tAu1}8Ua&`6Uyf5_$b
zuJ`~wzIy=(({(ohF|aGyK-eu`fC$Ime<82GA)b}WrvSYjFHF-j$nKAqx6O~mk1vYq
z5;T9I9Sq^>purmMZte1mCw=Bgz#nUdufgO5jA}q*LPiOJDy;UXVEm?a-k?<?4h_(T
zIgm1sA`;@J`~12tvHigpcm&ZBZVI*rpA<YNNCy5$6c54tlG+RIFbBl9sz|Z?H$~||
z+Q~>*{tv12#62rRK&m+nNHtMAkZ>%$2d&FX?E@h>mV|wXrE3aK`M?MMaQRsS`CbFC
zM^fPCQAXtyiGNB?T?TY%TQMNX<zmr_GG#ztw#cbQVH_^-SR0^;yFw7hn^XfqRaHw#
zB4y|J+<kawuOWc61Ob)Y1Xv*=!SW9!b&5TCD-wphWRgop*<v*Ud!#S|)A)$&1;0cF
zn&OVu0KIb<fwcr_fCK|HK-s!Lm*4q-9Cv>p0bdJRdr9sEpV|O(%OJeusjnr3yz~YH
z4Fm8}oju^mvGih_35N7O(Ci4!{(p%qRBt0%Tt;&M8C3ue+Sa7Gh02HH6W*vj-7K1d
z{tTM~)lco-9~-v!f6K#KWSVX%#iTg=CP~2En}MOo6sHG$U;sRYYJj=|H9$p+fB^NG
zfr_VLP`_;bk2s;joF_>m__3R$6H!TBFwwwt;7CPipZFQw@hUtv09C~&Yl5SSvNN7>
zpCWk%O&Bd}_Kr;3RuG&I&N0LOvfV%8RErkk3KR6-)o|5e_Wq9ldk7t{0YK?aSSlcU
zR*-ZSI9nJBR+mKZqQZ?)zc9P}YX}()jGq{=PE#>R2O7X60l)12xGBo2RXoudrfThQ
zH!ww(r;Id+$Odb$YbF(RJeLJM4dZ}53eJsBi%|M+{P^P`958D^ItX!rb3|kpa7Foc
z#=LDml0feFl%GEE#=1Z4pc)y|mRaI?F9So!`3~|B4wM&yy$VohBq#Gnc?We<AswJ1
z^jx9xNZFE+`QI^xreZ2-1Ez4y02oCC(1sN-KC?pXVIaMyTtFSt)xYA-8k}JMpIjv%
zH>M+CGzA(#1FOe649XyZr5y>}{aLjgT8gsyo0(OO>nh+AY*$OJtZI-(!Bdd|JqH}q
zKj~OOp@DfrpF%mH)Pg#Q$Y4rW7Qgmc)?9D^#ECfod79VK`!9dh{4eC31h|pxUKvn@
z2O*C{pnP>`7gd&)s2HdjaK6uR!na^@udv;)NK}3%DZwi6fUN@_unZVX8z3ls(nY+j
zpcI$|u;>@10a5_e=um{?%Ly&u82=S>fmyBSZOZzZ;d0VNXj2dUQe#70E0QuIa>Dw5
zIK@Q+Tl-h?9?8TIiL(n$tLl3h3L4m0FzUaUc|?F_$7<>Tu?IwO47BxT|AIx$#rPCV
zq4GK4r6d6n`Mp!o3gPjGnu2A*0sRNsZNV2|FD2f^zBIOr{>ypr2$<RBKT$&g+CT|t
zgSl@caVPX5AOP*$y4bSSf%O(><@Ve=v0}S_n)a_NRe)qn0SBxD8<+D15&V(3Mh|2T
z3??05r7J*i{a*n88B-11U{~=g+_b^0qKJ`lF%{q{{OkcIbO@A`{Z|qQ^*;bIl<5qP
zR|&kc4{pHBYTIR4^RRLN8wKVMK-F{so|pih+-lH4Nj$H(kj!_kVU6EU*vY_`2mlRU
zx8FTb4m<>S#TGRsZHx{BU4#JBNmD3ZDD>Y|QOC+&!G3TD115?p7urBmFoK~v&_oa*
zTzEhXs3JisM1Upy6Yg<wNxfywQ*mzYLMbQUcDR5xae=n~&5WjEI#|(<ZR2SA_vW7&
z*i&CLrL>Ob5Xk^z_@513k^rTUo%^|fS%Z)CG)Li%)QFfza&ER-85`*HF`zyNz;yt)
zx&lJ`4P33N@^{>_a@1WjZblS<cK87b2!P7#0OKGV)<Ti#@0x)z#Q@|`133_4{HW0~
z?c?7p4<~Ec@Xn9`1tviIZ>F_EM+58lCkepp|E;a&T>j1D*tw13#VdY4XrrO|fT1`6
zl(in%?~n)VZ1&&&2e4wm2JVjlmKY3h!)v!S<Pu11<dz|NHv7^-WKm<f2{<2YGVmi{
za!wK#12F;G<^tG^4)Xt|vws?S!V5GBxRJzXO2!ntiWgI<zw@P^09V2buncsnh7P!b
zi9s^|6O#v^WdA156hHuU01FJj;$;-LR+8@EIm%B#R4Ff_UA1l1OxY4(q5sVre79Q)
z6}CR(oevKKxdM$R0a^tEu$=w{m_PxhIHJO41C+&^9m_Pt`&D<$zX5F!0Yh@5C-vmc
zbe6E)5_K>1yv1jU+~oxtJDt6dx!Z58?QpnVH;(Swrr`UM6y4}GR_l6#&spYxyktB9
z_Mlhu^#Rhao5*<gVzuGx3*@d{49i86on}d8KveC}5{{dnMXpF+6Wl#chQX;dr)uxc
zoH4zE7bh)+P5ZZ)T72E5+OJHoRN+L%@hx`wKuL~U9Bt86d@QRB1KT5(g^*w_hB+w1
zlnrCo<8z^=ucVIeL!7h)@a<Su!b^hpsprP;)SMXb?M+1W)`910rImdf<wIwkSes2>
zv4aI<W0vdvCw2Ti^}hc0io`>HHuL9Yut*n>m|bi5Mw!w~ba1V<L!X5Mn~RJ(&-#TB
zd+rZWzC-{t)-MIvHuae4PGp-o2;tHb78%u1B!ousDKXDTs+r5|VEFKj2b(!PGDZlM
z?F;$i#-yJ=uV)zJxa<5ozI0sD&Ef7k{PiQe0bOu-xUuQqlM%I4>U-kdFtVuMBf4lY
z<$e3OH6m)stJd_e9up9Nh(0>s6lVA58~1PvY0Jf)E*bJ*sm^|kgi&Ncd$=?r%8a{D
z-yKD~dqVz+ZhrO)qd%)HRZ^fh!UN7JQgsZ%?<h?j_=?G+6!u|gn<&gWW%lF%|H+=t
zSpNIiKnKB<6yw3S!(D&%upCF0n6^(aw_)duI7&O82^xYQAz|V=!(Qxr==*26aD;Z|
zw1G<Pz22z9m|JLQs$==cEdVKN;I3UGkPrqE6LmlW8-Gq#rQRspT`{I}{5IneB8TUr
z7T$Rm-k?QUxwI>jxO_3&$QtmD00iqm4}{GXjaY^|ueUALFBr0-gY=}<8mz7k^ahFF
zp_{d+!i)u7p<(s?rQ~09rbV_cJ;Z{TeD|TotmpN8heA|w(3g?K&Svs*A6`;nE?{TX
zHrTHuVPWm84u8C1qoElzT9R^}iWO&hgcDrAq>&`2>({X!YkJobaf9i<{17OAZs2=i
zCDWU^>>IrwJL=C3hJ{&;5^6xj*N4+bq#^4AyU9&TnKK&q!@N1djP)n^)BS8qcSFYW
zj>Nj%(zMMHv3I(iFalzcR-g=&l>JkxZ%HtmrWKn;xndsMDqCd^$%Q@qL)stq*<@C+
zLT-v+UR%v<b#>bsyKraaPsVep01t1ii8)bhIfn3oW!6z0TW?U?C7aC)SgRr$2{P)b
z8QN9sQDos{!qQW~7(><I{!mZL{0jnIeM)Nc&pUe5c4dDJk`uk2t~~{@SjjW~feurn
z85;S1-=!sV6FriJC=v`Y-<$Si8<Lk-5Zb~IAHD>;p2CQ_4VbPk{=cd<2h~9Q?TC1n
zDNK=*q9^E{91!lN%eU5!i0BJ5wR{r$ep8x^?`}h1=1??th_`^x0(phdP4etNT;TlK
zDtB*=meE#3`cYxKD&}OX^M1klq%HQT|L;XAiIv+>i3S5w1&OHJ5F}3v-Egn2H1b9C
zIND@12?l!TV6AaUg1gwK7w71RUR^5ah%gc;>Z_kCh-i`Vi1c^q@V!b^Bv5XYG%a+}
zKu!1y86^kx_<(j}m@{b2T6vWYC@Yi{yY~3+t4Rf`Ky$;cLy(pYbkg~{R8bVY%2w?p
z9<Iwxjbsz9cU%m{3&hPPh!mWc7h-a7^+$=!$pNk0SjvO+(Quv{JE^~B8KMUg*&-bG
z$MPu5v35t(#HA<bWt_~u#j`~i2iP?NWlQLJgGa_Puy$Zb)UYUP>pq7kiAz_|%NUt{
zL#K=QtN8zt@fw<m{Udo4YFL{&8k&1Xg>`kej%sS@e!FjlcLRm{)D9nrm+9{xG#ueS
z%<u2i*i3QjwtT09Y}aP6xzMebME%XjIHJCx!jvZm!*8wsg}t*s60lfpyVJFHUtKf8
zDGVU1A-3R|?g;m|h4<~j>-XYWx;SBKGkA@W+}^!-B+Uam!~eVcZ7GDZvJ%_-Tz8P#
zHIZ*N+Ae`f5Xb6GGrF55a-0+=!L_zbdS~+gBkL`o;s}~{;l<rGxVyU(EV#QvaCd@h
zaEIU$+zBoT?(Xi(;_epgZr=Ah=icxC&tYd~cWSDK-s<Y=nth(a$$-D(6|fU3`m*EZ
z;4{9K+JW=Hj`+|_kjFkHS_GV*Z;x1@c)ERiy+6)YC9Ya>wrktU5Ry(G34>COYdPV+
zXm~g@;kB<nz&~ieuu#YLE3j(8IIqr2<1bo|3n|}h7`V~|@!=0V%w83^&=8d<IY~7U
zxiJuiQN}{q1(+BSIJ5NBR-rWZIM`yA!F3cIu*LiphPjIpRlkC)2p0^Drd0Avh+b&I
zpCaTfP)%$c^RkVl;m+t|V#E2H0h87zKeTGvl=s92ZC1K-J0xi0t`>^Nj%0qC!{12U
ziOhQdK0YV6q`qHbzc->v*%ku3ejOs<57TSYDNw((#kF2PsNY3Lh>ejrWjM5Sz~ts@
zUd;F@iaeSd3n>X%UQlrL+!aj!K|kj}`n09n_E)#D`Cvs!&f8?u6H}8DiCuYaWCcSj
zJ}>-?KS+&y>S*m5e{*(#;8VI2kfmMLD<1e6e;F(x)JaWn**tPhZAl0X<S!84Y99sN
zUr32iExS!?ZVB=@-w};%Ga?514=!AIgJ1}24UO@-ZWO8D*>XTIe+h|Zn*#|kAiB(d
z6q(kw{%kzE065i9awe%rLqK7DQeDHcIi9hVMPT5El&r+@w#|@B0o3MhyeBu&Dx=J|
z8;j|(g%~&4Z-Af7WAwtKGGx@mGZT8)w<T2=^#k%+TTKr~9qLRD$m$)<rjp0?gCWwa
z-3IlzytdS?0C|#JGtUC8lu}MMP^DOS%-$2J{X00W5tUq}Yq){e+&`cR6!Z&;fQ?^5
zKb2yNk}ZFB{D97MC#G|dxoc_IS~G&&Fn63pZcV~hmFiX8(1&y-97v)bF`!h<6XI6b
z<%h}E1cg%6sFzHV=$6Y(lwyq<z9N3>*J~~dH>KQ&(RJ1ljL^+@y)?x&gbx)UXE$58
z-jN^Jr)H}^lBz#o-lH#U#<TNcB(jpzvy~Ur0Wnb4be9NoFT_+iL^JhJzeFl2P?8wn
ztn@KC*V(KzesW;-Qzu(lu;J?*#(jorXEN-PC*{9hNm{zYR6id0rD_zR=*)N;R2tJZ
zx&HTaFVAP}NM1i@K3TsI$N?$LPgQg@QMcYf(uRSMgJ1eN%RMJB%C0EZP+d+@kD6a|
zydjx6l=HvZ1l{t0CqGlTbx9B*Hl3fd#vPJDN#wNKRerZt;45KLma2+_@U;|+E}jR7
z$yS^n6m5V>Ga%chb8Q3aB%G)Z_YI7SBWL+d?K1$!vw~|=Qh9Dzn!4}Mk3wgfMz}!X
z7K)irwj!_BeJrYCk2$Ran`f2LkV48C9anM&@EfEP<X5rhVX}Y&8Wx@HK@ZZ1($KMc
zi$#qh$SDNGGJ?xSn~o-^?hh<UXvLBw@A}BZpO6O|jc~`m;xDtfYNXUnN_VNkxrQ(#
zk?z_`#8;vO6K7bXBuA5-Bg&It7)X!E3y23)=P|wa+5mLlLS+wQ0`r*PF{*rw^cHW;
z7T69d4Df#Qd^%bp$iqIfO0Ne~vHf8<cMi3s9qE)*-pAIjck4UJA;r=Hb?8Q&PPk_M
z_lT7u?{}Y7O&vgA-X)+qZlm*7LrKT;cCI0t6f12-NdGJ4(p1NFu3;k)$#-t{X+Hx>
z-1ZLLGoSMbqXx(?OrFp6G_GPJM)gyABItd|siZ~g&uYHz6trj8tgDfRdvh`>D8{ij
zW|Mn=CF`DnjLJrO-Zy5K+u!#&qeK_U>_y55zQ-MC^b6sQsH5B({8i$faD(7oB$Fww
z2=`|3D<y!|WnW~QwveiqJ(JI~Mdv!IfEClvv&}dp-2-3s5fYtohQxqM{1Q@1@V(Ze
zQq1HDeBsoUItpaqKV9!ko+;NLjnEz?u=<?bQUXWuj9HOipRtF&Q+JawKZmiK`m@F&
z#CV%3=&&N0^+9SUE;aOJ)ZJkhmz1&5Fd>Jri|yf2B^l#m?fIH2ppU@FlHpMW8{lJo
zcQRE-{0So)fI9^3qMbNk2tMlomKMOFI@U0mlYIawA0>J&cZZdk1AcORxn)(MK_nVS
zu)@AQ0zyZ8H@A=WcDD}c=jY%E=H&ep`jvz@1n8U`8?-l~00)>-r(LQ;?n$v@OUBv~
zqAHF3lbc6jRZn{_2Ku-|n6_@N(ocgDP_+yF6B&TTw`2E3_>rgV^a3phWMn993t+9)
z?+hMDvD8k4b#};I)>AGdf^poH<OBzulhRqi`i%CJZPJeO+;2rC=(a1o^(HTkOt|)e
zFO)lQghGpG!2MeNlc;c71(}%u=Ql?l2%#4^vWYSTz!KW8QT(ZV((hl=>%HzmN5JJ_
z&v2^O^ZV1F=AGts0SXWUCn!G@P#!bsM`r2akuUc^g=MaQC4EN?0B>Qx#xBQw+!zF(
ziT55<Y-4&+BVK;eO3mOwGNE{KS!$Up_t}!ltq{uCNd-|5%Qq(FeSrODr039$2I}W@
z!meiHZ~QxWk5cR#%|fZC=F6dNjcH)zEV|ZL^ea|43nk;~`~X&dzdPYnC}$7GHHmEw
z*a`mE3*pq=)`YCX3agAV*ZaO%z&#G5>m`q9XUUdX-WavnQ@l3=oXNwa^)x%U!6x3p
z1&Imu-!#2-iiShgV4mfDAMxCg=(8)HN4<PUi$TR3<$em*wj&Ci$ckItB!6x%lLFOm
zT*~{HA(I&b<=za-)H)Fr<5}Q4`^EpdD3l5{!!x9Y#`8~iYyCpmr2228UJ?1u4Y10X
zo2fS`emZ=^3R;8uvhKZg?Gw1eiVbhi@v2PzA#aA(4@Ym&4*`QeN;&!I1E5#pU5?{P
z<B>1B%;rS^qk3G9pl=i6Jdi+}#>6;CuiDX*uJqrK2}Al9V2N)<*J<suUgMkA9s7=4
zTduqWPQMA`S~ueUoi-fb%(eV|+LclhR3vQ(!J2{NjNK!P{3<ZIG>QS(L;_lOz&KNF
zLGqpG0q~I5Mj-XEq<3qgimsOiX1(k{bU_z`j#OJ;!8+>+`QQJ$k853tgFG@C{IXl~
zwdh)_KFO<U#kxb&exW&fF-z0F_#xfhln_QmuikT8s>>>7#X3jojIzyKQ<K=A_W^>{
zbU&@W(RdJQNoRbe&hC@EX#6{ueK0|E>t~c<{rvD<W|jVH-0~eSqy=Yi6w0>+$xY-G
zOb`z~J-D8LLK-N_v!`dp(|YyBhT@pX6c|(UrT<#1XveE+*16*xtnqkt;3YWQo}0k4
z=F2nb&TT$e`M<0GDF^*mdBHBLiUhck0&pXBcEM`{5qmtVS=?uOjh@#QzYSYr!NNn~
zhT|)9tj<C!V?1Yit6JAle>7WGP}*_Z3H%y=g)@8h{~C1s=}XqG)gs!k#Npu3^ugTf
zIoeG^{n+}-y7fl@)5(w+!nse6c$Ybh5^%tDcueFH{jdNZ1eGR#2XKjcScvpa7`efK
z^fE=k@kMFT6%luskhX^YESL=6b2t&r4+->6+5buVYave#s_pL0`qEZ84zOa+>@v9*
zJEu-*7@z7qJhnR}PbsvA(Y?D<k%Ze2z9zDIKNQ4IF-QUNL{tdj^=?5#32HM0ZwU4)
zlH|qVQzX7}-7mmza=?;w3~-OBQvyf?4C|$f*=PZe<X|`@%{VEU(ng+~8|g)oY$5c@
zln$QDhiocfJ?urG5F*2$c@3{hMltjhm!PNSOCUZ(9m;kxfX$&{&c@T*0etTw@=(5y
zrr*QulP;jWZNI}!+UCJM{cw3v`bmMhn|d;yo*AK2uZ8OrBN&GRlj+=<`8Nq?Fcx;1
ziIw9*O9Y&MODNhL6Xtf!6XGFzF2?ar7s4|!P8N@7!tfatU<<>f<yMZn0-7APdIni9
z+&R9KpA)*h!fQU*i@Le15<*-#rlfXdKV@oHva-fr(^(w(#iuuaS<?Y>bm**^C^1L_
zUa?YA-?2b+BnxXpUt1DXn&-O?!{B~Wio~QX2`L*6$Bd)SN>V%Bfb@nz)!fr=A2%2P
zJLYq2;Ch^AR#z@vy_j|dF5`14UZ!Lud(-DBlIWs4P7+h=tml%1D}3h-*4j46E{Xm=
z?rHT)59PR-^3)ayUy|7y$<s8y*Jz=>uM^ya%dyOoMX=QCPMuIS(!}C)R41)QdvN6F
zm>$S?3-AdZ!~QTajQc1A@4r^PtPIzrxeDvyDB{b{23fO+8dkP0@Mg?Cf(MuF^2*}R
zrEI(RT+++OO;xMNrFoL^zPc!l=8>(Kb`W|7JTAyM#X2jJ#%<Adke)8P1iqlyy&u<t
zDEI5RJ_>g2-X#FP^cdb4)Q=+oM0FZ}Axh`aAiPG^j#=4L1K>Zm;)+1$pN1Eeg~!*1
zp$*RWMSyH}B<|T+#C&Xzl6MiQ80IBdEdET>%}W4KU(pwhT_p<2-;;fl=SpCdQ3mHH
zB9iM_WKn-(pJh74`tPgMT{ra4L`(FFSYe-$1EzP?oenbz^16=NWTMvYRD>LS=<;}k
zq4V|Mh@;EiQGYLNGfP4_6aK_px0G`w_}uy+h^_oWZ0l~&`MKG1q+|)i98(})zpz$7
z6Y(dyo;Tcpms+)o*wv=FJrWj(0=5G&7AxpVlFr<n3i4%cS&e`Q5Pi2q08<V4;>9lO
znK@QWDc&O}DqNyvnix&KyBVn>6I6(&j8Qq!FHMX2OJ09Z(1VgG1R@T$f9pgaCCX#u
zes1F9WsV_j+Et=HsgfYB$DS?liat^il5&Ute0)J=n<0VswIW{PT4R_z{bc2eWJ(-)
zk$q5ec)RV-q1uH{oNIbi*@i`Y?S=)wzQNIhM_3}Y9XZI+g9%HSc)V?ay)`e@2IH%T
z1BWmpRDSUU(<ciWC=(LyA|Z9}IY24%IpyS!AIL$!7=PrA0gjfSIRJmspA^ihHTie-
zQrY=5VL#ja9@Hk_1pHZ^Rmh2i${Uk09adukDVI*V6kSVLv;Rf!-qT^bhJ~$efU+l_
z9MG5HyvChVAYb~L0Ws6*V*zkymH)Kdun=S2S)W#d9CQ&zwW}wi_i())=R(*Z<Iw$T
zD5LyOiYn6!NtR|x{AT(rthkaP?|w%oM3hkZ$|`~32`(o_47X>XwOaX1-<^GANFTWY
zAg8v)+|>w>o9(omc+AROjq&`9-ieZ9{1x}}BW+sTW0ZxjnZKYeV3Sk|_cL#+)vk*#
z4{EE#D*{l-i(o<>swXNJ_Zy^;Nt;`cYlg=7xtylf2`j?;AofR<3B5YxS0ycqLG;p5
zgkSEOWHr%1(%<2(fjB4M9?{G-i##S#fHb#>2BJYWNGQNYSY{Mpbr|dw*gdvc7C>|a
zTNCcx{{f!PiQm@75h+4>T~saAQ&O=6E+%IYbj4fLo|NU|c3Y0Jq8Ptqi9tD^+iBq>
zuC$Ip#x6tnCvGp3h`ACN_zuvNVXa4gGYoC^KGl%zx4MO`*;N%jNyw`HRXcB0lXbYm
zUzL*zcO}(P1rJOHH@~zzi=`YI@z0MYWQM!jI&b(8!vV)5Tj0?SbgTg%@UsAg6;_(h
z6c+r+kOm2OF97?-nY9rl<U9fx=S^{aTJJo9%>^KYB}9hLhVAg~LV*W#4-^t}K@mq;
zUR|_p+Z)0>3}7)ui^>b7Ro5FJdRGiCXleDc>B~if(w#0VCWHYU@Sf~OMwN|<AYeGZ
z1j0UW3}kzeo^6Ew1CPYv&#F*~=jfRJ($(MjHn*7lZo#?gUSCBmf}SZmtx*5mqvnx&
z8$P>z!x=E72n{G)4Q24X_7mO?R~tO9h~2S20gH}z)tPXc<t@oZ%yeN=ybuQ79V8}_
zR<UDHcL?4P#D-p@*%5-WOfQsM&2}@-8v)7NuL3xe_x2VON>)X0hIEPuF)3HT_B#<t
zx*gj~juh$^ju-wl$-$)-bG%sLmQO1p@ZnHV7r?4#eRZ)J4enf2+|FOUsHZqg#{F0a
znH_gbzBFj0Gh>tlLF{0#O0XD20Icu^p!%hY+x?2pc=@r&co!UU_T0w9{Q-w>&hs|{
zWz%ln43m^iywmd$L~>||M*|^Y@K^VWL>?$4de#vG7Q#o&kGiBT&(%%>Q}9rq6j2d`
zQyst7(_|e&bYTgDeSo8Pfl9@N;AjzGEg@J8d7himDNYFepdtsmm;^X~g!wJ&Y1y0M
z5b1ifrzD_v4C<-7aGE&Cj>gVCj&FB8@3HxaUt9jd4+e*A`UL}!l4cXv^#vEvJ*x$M
ze&Bga{n$+$-u~ngw=M-!JQw2C+dbq($i<PdCPZ9@YsZ2MIXSCQ=@yXZ-=7vDQ2#yR
zo4hz5H+=>}PoU`qa`8t<$Jb995K-e=x<MbkKkh$*MGttugx$9qzf`?Og8mMBk9`|-
zme-+?54tA#gV4?zCVP&JdIieD_Nfv2i)+QEb{IASvfD!pJ;&g&+n+7lm2)vL+oUHw
zUjQCnU!C3Vbxvcx48r%}USkq>spsH1YH-0HU}$4=AA9gC@1N)j5&Jo_Bv^ajz#6J{
zuA!|XLrunZ^n>Vsb_o&0Mq}Tmh)5HVEp-t37j&YrKHnz|p9!bJIuq3ottviop%E`k
zY<)%{fQ(`eXmlQGxVdUQc5`1huK1`>)5Hi5mb0WuR*)Y4fI96BdjDXy6&EfJp;ay)
z?D<Roj58@@Y$|FvqdWgvW|7<67ic@%64pZffW^(NBPxd5LFZq|C%E``Sbm@sSb@w<
zuTxxZLoUfs@$D`y0fYgr=IzS>Mfmbw%X#u<K22JPy6*nL-oaS`M$3hqdkk}^eCVfk
zT+vEF){(v~E7wJnGroOSVek09eoeLIzL4F=(x^N!6X7h(tzb-lyKvP4`<NFV{r-p)
z6%)lNCY5Wx3x<{CZ22>1qUgf%n6p;bIeuPRisqW#vz?&lj=y|Z5F*^#4+{{g<t)py
z;1*vxYZQ<3ZZKy2mF{D85GZ{lYF>JMU}F@zPGe`1y`hZ4?UC6*c~LP@y;Xq|%eV~)
znyyBoa`mC*xh9%oUaj{YQ}!2qb!{u-z+2VS{%LGSEYpdt^)8%hLo?0iJqEYj+WlNG
z(+4?QF3gRb<tl7MF02?5?>%;iY6}H~NgK@0hLikxr(u~z=aDxS)W!X`bVj^w@%KH=
z3!+$*?WToju$|_c@{{tO<dV8bPS@*w-b@fe;gimAD$4RF51mlf_vAM!R;j_T5uA#<
zqnOFnBbe~DteT$!cbKz->CsTRB~NPXzZ$2me@^{QLqz|}dgB4n&{E<Ny!PY#{`*Rr
z#6H23k87$B@?ix8dRv0<V7bK7m^$SB!2FKYp3uH}yHSz=UQdKxP~H<w6?%hhH@!w%
z)im>C7d4wbVaM>-%xRzIjU1jEH<PRZ1>{+s1>8L9arA}a1R>>Y^_gBCl)p6N%685~
zjWk?*ak`uY20hhP1WYDNm9XE~>>j)4i*!B&ZtWgYc}N!UefxkG2c~DYkLR$KO+-2V
zF#R-h(udKI665jR0s8oY0Z%9Wf^uFnC%0xQfmy`ff3M0hNSyxOxqY;GXwbb8rqLJ;
z^qOWCbzP-=8^nICs=nb!+r;E6{Sgr3K>_})2Gw)>w>HG~v>q)fPd4yMV8ygx)?-B7
z2EeLg?LNO-!4)))ORx#>W<UW3hkeoJQwBTo`YDs+yiu^sFf-R5Iv)mqNBX~#-zEjV
zl$;ip&AAIR5xe=twa@gdtuPY#KV&PaXI;cX`XnATqJDreo3h67gYc7(D~`Fq+4Cf@
zygv2<ViZCZQ;&8%lhBTUS?(Q#-{x5{c)71z<^c$VP(B3^(XBWQVS^->M(1*MG2$3d
z^5oPl$d8z)JZl=R-p^|5&uT|gn#5M4bfo=Py$XC9+}95)xHd0fn#C#Xq@)0R5vmw~
zjk+0t2$!|UqK8mwseqCSBb8n?q3#u~;ZLw{@8P}XDTTFSYD#qqXZ7;7h3^qYs=3ar
ztEwyG0JP|D^&fHxna#`rSoEy{+P?_60Cw7n#@fRK?q7R-D6xPJ>O56lIG%>L8n``8
zC3_Hl@46eWNpCISfA6PZLuKf4wiIf-d8)@DiV3{cP6Y-)S>M`!8`U`db^$$T9(S!F
z{1HWupfHG6@30l{2zqu%TY(DcM{@N$tuRQrvV5WPE?xyMrk3;~IsmO%=iO)~RUYkV
zz?RFMFlQ809c#C3Bx7)Jj~)br<Y3%i#*WVijVWrEiw`9fW1Y_3W+N<s=8TfJ0l8vz
zeDA+UwxWI<vp2!ZN3d|UbL%xz+N*aOga<?w0-i^D^kl=Z#YFrDDCtns#$z89PYR4V
zP?q)N$<1RKE0-Jx*An~K&*sN5abPLp_VAn<-~(;kSaNa$*p+4)FaU(t&~5BmM2+?x
ze3rV)P+4dMO?RQM4$+J3KBK+rx;{B)6?dh(xF>><52&j>sX5v1h2sKI7Zj}SKH%k?
z?s&-f`FD>VA(!eA)|**(&tS<=`Tzuiv$~5W$XBO{cuo}HU7E)fG{UjSS-;MMX+to|
z9uJyY7R*(O*YIx20E3Q?ixTaWUaQO$$uY-yp{DD#Ou8aL4U}Jy=rdx=W9rpv;IY(~
z7H;W?AZm3_^JAQVFg%4UtD4ZKMrp+C-T3<SI6N~}Bw+6P5rvpS6?LZ$?O&#ZAfon^
zl)NaM2G;hekb7hZoe16#h@84#c*;b_EY}uQR6UIN&sI{AuZ=}J-|8R%*+#7*7&1*d
ztqFSZ*c3-0nwUU`(6mjnYeeaCr!a6zr)5X6bV`Tav+)&G<FDlau5G{myqbN18$rNG
z{xjM&p6%gKG2wDML07Pa(^c!)!4O%!4ZpEH$?=p&fA)q$(XJx0nfL}%$Pfl=%;(Ra
z`%v8%DtF-G1j9ebqWrP%`f%Q?_lN1aM-(}gElTh}5K8BuIbue#xkPOAs5Me~r}UEn
zZZ0_^O5Tak_}>>9+izINK?9_odfcq<hIL~`CXe&;F$8`S=FbU9Km{>%FQzG`pnLr2
z<MP?eGrY&++>U%bnKSZU;T?+rA0`c-cx~FONnO>n2*gRxWIV*sQtKy1udzEESO2a(
zR`&s<I~P`{Ar#I<o8OQg4a=DGP`)mO`IZp&?-he0lV`4`X#%+34C{oHwwi2eLLs&f
zmKz7(q>U#by*NSo-VEdY`p^6z!u<-SAVRGYLMBiunn~Y{Ib_?C*OzBN;fKZpmrEMr
zgyH4)U0i6=psTgpjg?7cLv-|5EPKY!#XBuRsU>2lkRANEA>(i}#Nd%_Qo9da9H$_C
z;<^!2VeB?Lkylo@^}1RO)xp5@Bhlwwmk;stW*9c}dls_xYx!Kr?8P7*$_$+=K)CzY
z?&|kEQr*(0bU`-%G`RPh=Tin<lE?7`yvOmfE{ERpq;LHY#6qdN*F>)@2dinsCXV(2
z9dL#XTzon`dY56HD?+KcQ6B!YK5f-=Ze8ww3MN78%3nu#9nOuI@?#=ecv|qQiqOE-
zX}ZJ<dp!p9tPaL@e(;p_elRXFcZ1nC=W$;}M~VrFmE-cL5!=hYK;(E6oB21+Koz|X
zeb9Bch$14bJ&}mm7xeN^=*<8{&k9;=VR_N*<U@TkVC=RwE$^=(&U&PupZ)*Nj+~|s
z^IiWi{L<5S4rDj@OoHUw=56a0MD!OL{9xFLWgRW4A>!MgZzIPl$D8u53aUPrKXg98
z#6i4$>ir9CnrbeQ^o%3Lp7~@cYmOlbwj2l?$9W<n#ez>{Dcv)3in;gl*rPO@;1BxA
zQZBl{b7vX&sg}CczYXob4Y6Q(P-V3k%_2xHp#qb*>bq=HAz8`^548fQg4l0&L3d2O
z-+hx=m`^@!kSyhwSBX~gBGX9msoXKORzoaw=7Q9?dOw$=@{BV>-=LKN<MuH9?^FH8
zt^&<tLcP?kf<^Y7P~B9K49(;J?~b^Aq&r^o_*5sgD}IqZxJa8i-YAvNM-z0U8TFqx
z#PT)=4qTOv-*yFmjCOYj&^X^!4$M|zO4rH}buzg8=Z%?x;xTT<w^a7aj|9QT5f^EB
z{M1y^^2W$LLh@(cCjG|<h$#>yKOhZ>5cBdmn;c+QO{o_o2xhug{pYm-tl+f+*3v2(
zI3b6T1pdxrp0<u-q<#7=mD-NJZ3)QnlfJR6G3EUNw3!ks+DnQmHMWP<PT5OEq>k;J
z=Ka?BwjF*Gf23YccTir4&lk<6$PNe81g}DC^SM9uFvqf>foz8w9w1+T#@Z~yIe)4d
zC7Ykpw-mQ^ztf2S(u&xEsZc)&fq%=)^Np@*qi@z|AhX_HjFV|fV+zNr^3yhjgUCZa
zKc#{H6wX&&w=bCWMlQFzouC7#qkz20gh!!lw0yhmhynwxu*8mg(LD?|EFbg}XNkG7
z3AH}Y?BAI@UuxjVt!8#d+*+p>gXBHiiF08A2F-r7fN=ds1P_jMwr^J@FSB^nI~|`v
z@U#n~q6!&6U;fib3TcvZx$>0mUtF!9XsVSRLNXGtPRy0RlBi)VE%S&KN`hGjmj+%{
zp`?D}pM9|YM#B5B`|zE&dM>Wac{iXJ-+y%}TQ9}1+H!c^o$6AgL`7S9a^dS8O6W%;
z|I3@i`0mZ8>r+zyWc;#?23#i<dT$lQzg@3A@)F&CFABtcTo1fg-VJ!cBaM7H|G0f|
zI$>g5lnpWTW+1L<aY}L)$s4n`mag^ReMyD5;@QnwRIlw7RM6rLQlw#|)c!Ngpy*Ub
zFb7z2&<VF+4MFT&88#xS^~b@j|3)$ll#j*N*R2ZsFA@v))_PTv`^SclP(ui?KbD)j
zV}lC8{=htn7_)SAEn&|&1`_yV^dxf;7|5Z!2{7slaV?3co^z+IA_vcembz&{MnnW?
zcLlr6wP5x`64*x2fMi-eb<DhS%oq~{^|w6d2FZ?!oqa^A$lOqBPcqOvFB?x6>?NnJ
zF#5w2N#peyY~35&)T*dK!N44#C9vpK@^mhO@vJ1Kh`R)=aSM?opY7|7WJ>a&Y>5;l
zjSuxkQe>3Yb|fc~TCbGDjJ^~tKO0l$6*!uPWL%w;_Z(*YR5o=oV=9SQH02^~hUH8f
z*6Ts{yI2aDa#MDoxIcZ<EcJ(Ylf*;^V}f*El$ULWU@vOutS6Krhsnc8H;K0au)_3W
z({$qg)Vepq;X>1|3g;m);t9TrOV-A+KE;PB&i1liuJ6}f2ub!nsR=yB(u?YmKXcxM
zSU2heCE95v)8EE_godGbKTiWjjDVk!CeSm=1+SW;1Uk)}UM-5<D;tiA!juYG;a38Y
zjrZJGKImQDhJ945NMB%p5wX*b%5tHt+0~8!LSy>ISKdasxODcVMA*8A)P^d^yTVVt
zE*%e=Is@-}+4vX17+7JSm~{;xtW~`=gOV$p1gPErb+_JVi6X81M3S#m9)ax)Y8Ua7
zB}UN4l=*#-`t^2Z^+h*jz)%uX{Ro31?>|F%=+sK1&c};ciTUsMh~_09gN3CVlE$PY
z%FNIR{UgVBX%zFi^h>ho)!(bw=8ogtvp=~bIJGA$)Tvoy=^?rHZC@^o^rodfK<cW1
zhwSRS5ZGF9J9c}U6*4><rm3Zbx+pdPxGlQz@R=Cmv%%{%ZBq>2dwMPn&aV`NbIDR^
zMN$?#-;?c>`B&Mt79#D-r)#W?ENeSkI`=L6%~GqIwhFVK$bE56uN)2w{W_9Uml#>A
zp4O1~;L9E;6tOjjSt=GNejBj*Ii@bPFJRR+L^$a`<X}1flidBrN!Q$i;Pp~Ag}`Sd
zTk;?S9~{{mBwgKp1;8+fAPhVpirob_Vbs<B4(n@UzfXK<LR4F<rbwj{LKg`qlkpwi
zCU@@SfOx2B21RxC<KlG6kTT7I%L2|@m$YY`#!h7|Vm4d@48Ef0mL1Zh$~QkD&Be)2
zTJ(`3bBqnl%)i?Dyb<}%A+}=?(#HN~5h4zs*apF19wJ_s*oMIc-s>c_^)i{qd`AzW
za(sfx%tx=Jay0+9U!Zba0D$-JRF1L8@0!|`ayv<B@1752@}hw^Wk2;Xit&v9KA*C@
zB@aPUFDZ;}NEw1|D3c(hJ1MY;s?5VQzpnov3d7VUjcQ`RJ~a^48bz!cc*pdCImO&f
z;A7?z9A?lpO_d42aq>LHJS25lTSJZ4Z0KW9O}JE)h&q<0!0Y&$%l#iA>me)jf`LJ4
zipAQmxhVhn=%@#;4g9?4s+qZBD$OhvdEh(CbshaG$|Z`>lV4`o28*cG7}^wj@_YYY
z4WTm1jh-K%J&(1KVqPvLMx>^>?Py-WTnbP=8Nl73H>&zk`K8;uP<)eH*?5HhpjVKJ
zSlQGly5m%JA`}l&jn#CEs(mqFS*W`&VA*do`!4*#@b)$Q1iT5EG`w{Y616cFPTfg>
zu*fefV;5&RFE8VmnTCdyDA~Nz2!Hs8wUkx1uqG8wEijA~DmdtDG&01@6NrAvQ`oRF
zIP!zb{OW#L?pd4Ssa@5rAvU2j=QR>Ra)#aa+%%ZTy8NfYZk@Y1UV1@*q|&1ued=&~
zCAqZieeq~h4~L9dic%9FG21xKJVf$dplWK8KI_qHf_DZA7|2CoQkZt@igvh9GBqxo
zlkQu%J|}MbOY1`fUqerDZ=U9}hy&c-{Ltqv`%AUTn5JQM5mNY{k86jW5BmZ>y8ne{
zE;Hv0ogi#SS(0nI<RZYBHj6HZR@O>!n&G@g$|#9cEn1h=7nSk<EP0w^O9ILFOGdMz
zV9|GRDHIzhR?gq^?40q`(<mY+W?^P=QFGbIS<hkHC2JRGwEwC_lFkV<3RwwqJ)h;=
z*K~IU<*@(3Pc|Wpn=OszlZnD=XNp9TuIyR53z%%KZ16WpehhE)mde69+?^Xwgl=a4
zlFa}jqgGN##tWh<R`GS!x>Ex7{5VG{=XdhsUAt8(wU%wcPPgBkO;)6lws2z*=SfIU
znq-jl*f<F|Q6!nMFo3tl{D;L;H^59tPah~@mtp(ASiIek7REEJt}pjG##;BS&?Say
zGrNon`Ud>CTsxH3wfgM$vyW9);-UIK5$z&oPS(=df(GSxDsvb&yBzJY^4K9(uCa~s
zXKOyV{{r89QkIf;`wyfYc2J9|go&&4a%ytgv@pN28T|PABiYcDL8f!hiwG_NQmHFi
z9v57p#^n-{Fd;D17ZaY~FLD+tIlR@&x5DL-vFK#)Uvr#}pq6&Nw(rJ6Djh(~t$0?y
zP^fQPh;npK(xJvpAL<d;{pu<8CwsK?I8l`<FQ@0)QwYI5iw3+7D77kLCc%aikXJ)S
zRE#td!v5QPatrQ49JdFKydC0RW}M-l;KpbbpL?k&kD+v8bUJW9V7=ej=3*rnYgCLC
z=Jft?Xe^Ouy98y8k@m)_qbYh}@AFC~7{0R{h#|LylA4mB?RhQ>eV40hL}n*GbKN$)
z6(XAhZxE*qZ?BkEZdi8-?X7<br3SN1g0T3T?!mzQ|38vHox6YGR=a3dWLu7wb|m)Y
zirk^xjM|=35gG&a{OrY%?<Y^Mh4%3b*Zgx`Dzx>_H%I<c*&>$Jv~TvIfC~1@m2^N@
zd`G{}+)$;Pg0m7OG5#J2ATU*W9pSKrWXeG}XPp9tI$f4JpLy<oQ2b-A2Z=&pc(RDb
z>I?3l>$<Mz4kwI*L>w&%UfSi!QG^3@<CLr0c*9HG2XDlK#OinUL*TDUA_-TvDepM0
zh|Qec*c1?jC&i%DnPhZ~PWsMn$gdrWDUg)b^ADB({{6NGwN=_2x?uaRMv(iht6bP_
znSyjc1JCA%pOW+42mZ?h!TQ1_i3QhWNj;rL%S4~S=j8;AB^?Yl`i8zl=u`%<(eILJ
zQVYuPP0E19tT>&75%c+-22p>5&HgRdl?GLAHd%|&K(D4-eP}>zRMop3liX=}JIV|M
zsMObb)czisaw?wD?}aVA*x6Td>f?Qk2)+hgU?AIjh%3c2z;Fi5+af~YC1wTjaY(~$
zw=%!eU|1*wbLAz#y_53DS(~d~sz_N8CbYfi*l-v~wk)eT6=rKN-yTw{Vn7aMumQAD
ztNqGc+o0#_w?a{RMO3?>+CP<$6CR^0j{L<k20Oy<SGopW!MI>YU@~_<C$evZ=?0fj
zp}-55fTf+=VCS^J8<sv-(hG9Eqt`BQKmF@jM1kLW(bIPlut}~2|1(L8n>O*ifDA3Y
z4YYZ^7++&>YKRopmN|jMRP;;&tILs}=*aHz_aW0EWT$3M0MxDDjifJoLd4%LJCY0b
zxb8S_A)iaIH4gE@W_Q{JWWr!FcaxU--)O-8S%|;voLd4jOAs1waHq6@53>JJO#B8@
zOzc=Z_RpN?z7pjxwu(mV#Byi&PX$oMDkvp>dQ^O~I3~Y=&y>!Bf6=$LI(OUgTZ3K>
zc*-f|f3x=5MryLlV{9e8Sfm~%^*EXcT6ifp6Gg_J5<Xc$OK3bH!t&Fl%;jNPg#yxc
z$G@2V$3T7fTBR-`cu7#SAuC~O;BRak5|yi%T1mGk?|sH17^c5&cx>_hd}RJA>epj?
zbg=h_pWjqes6tjz<Ya|nvSC_%1<iO))X39Wd(k3%&m>1Gt||O<ZLKKQMa^J9skkjN
zSH=b7bPbL5I7`a~=6^xxUv?Y}he_f=x(}xC+dMzk0~YE@xAwtyddW^@DoRwQ_zxRz
zwOU4g5mCSmm(Z|}AdmQBx<zOz+A$q<>%wm$6C#K6KM?xdGYa>C0Q@y|GvPV}qKqc-
zdnh;_W7byEQfy|M)V;aNXP?YBHfrg82M+Nq9^-^YQrOC7t;dwUTlmRkZ?2DjcAC34
z*ZjM~Jq#=dPYjwAGRu+`+-5q8=x8{oRX=C_%9-lNl9xrO4Flto7ViyBjV?zjzbqJn
zn!YsfHxKFZf`+RT$!qWqvSRGF3b(b-@!?gk3rA1hnAquXT^hTVd_0=|05;FH95J^-
z$Ib>?E7n&w4t_Ax1S#$xq28C_LDORsLY)?*T7&x&sMo*<xM$seU}43hAk~j+m_r(G
z<#~U!?voCd>lGw+o>7$m(%PeQ&Sa6Gh{!>^YX}4Hf(e>Tu&q*oZI$pV*j8m>ZGC53
zk(*JgD6d+x@?Vc(-eQlnubR~Xw{}bOOc<o_<nV-_@_js*a{^Nne`y60R=7e<D%msf
zNx#0SE2SOHQ-4t$b&SmBCLK-yj9G!*H4}JjfN_r<xTHN{t^v?Za}@G3df=tdX`(J<
z`Mt1KI5iDdp9Rsr?pv;CtQuj@_;jj8)F*NDQj&5bD&MV`?@ck(K?f8(xLcL)Xv%`R
zU!~HYNE)C!N*-&$McAqHUkTz53BYZ%{TqLzJ$DIXb<j0UBbZG~pgV9Rl?Je7Oh{!f
zIk)@%J&HCpe3;{+7ya8~;v*-8E~tsd4NYVdLRt3JmUn1I;u%*xpe`)w4#Hl7$tVWR
z1Vn2Qo~NZp<fCWjl3_!9GXvE;KOSFOZ}_p&Oyq6MfdN<1CsZX`ch=E}kRWOx#`XTn
z#H#C|xod0~e<xoR8@iWEcSMQ=W>LS|_2E*ZKrK1p`_VDx5l)3n5*Yu*PmQ+1EMn90
zYovz+SKE4vS)Is_TJC)~yHB#DJwL(*ZLc8);J#Ao{M6Dj_t&#anzSM2IE8B7+ue6h
z`MS<EXA>%f2<+th4rrmo?cjH%C5hP>&CAEFC0*wHO8I(yl2ndhJ6EFT!lNe}TD6d#
zy!aCzt}xE4cut0(hW$4)+M3Qs+ikc@`a8cvK|LPLcfKI>9hOJ0JsHhmv75@NW727G
z1ow}lo%TK<<<|+zF)6Ds32_$<YO=OR7>o!u-QedNhIBCRaf0A3w}l5&L_O_Q30`O7
zmadW1eu+PTR$+;Z_6Ta_Z0QUA8>mdNV)Uorj|magp#^^>N`pZ@ycfNy4{qB>08Ji?
z9aNhPd`JL-23j8CAu0OYqAiEoC3M#KicaJU+rg5c@+n&{7`IE}D6p~FtPP?Q{bMkm
zQvS*Ywq=L^+Ols+&W!{E$`4XCJM{3F1&o5%Bh0d&vDLW7e{Gg!IF<E`*#3fErf!$|
z^Zxp0`JY;3`_wd<*F4_sILwFrl+uSYZ2pO1D@wT#@TL4MR^=u0`DpQyclPmWU4AAc
zg01adqF6OJOId%vg3IAY+1yO2pz+Y-p)4nqZBs5tiNcg%`PqCAPn#HyzTEi354F3%
zt@u*YmO}R}iiwoXMh;(o6H<q9TKZ=aohgxSI!HxssGxWORss_=448YkjaOmEM7m)I
zR8Qg&n~|}hl7`~{NOqy4Z|+b0&JHL(Wfh348h$&fGv6JzIH#A(U6OG)5WIotm^Sy=
zmL}M(P+d!lwBs$?_4|QAsusbrYqsvUgl_s>(94c`ma9s1X#9yE>bC2xgOMQ56EVb<
zP`U7NP4DTqj`F@qt8XMT?iM5N*46$7(IXlGtP6DrEm?t$;)8sP-5L_JMYp-H;kWlI
zZ$_*Te=FYViC>p?+liO@nTH-<*QUPv+Gn%sW`ck0st_qI^d7ybl*`w|seI}?`CjF@
zdmmoE!_DZX-98`Gu9i4TiqO5ke0zs-LY6Y6o#-t~Yx{Vva3klQD0|2=Qmjk~m&xli
z7HZWs5)1b}Y2Fv(?cN1`{RtfpH*X33wmo9Ljy7elmoPI^!E!L0iMl3DBfu9*b4%2e
zso=(*Fx7B}>35~Vow?hCm!kkiUQIbC(h5N-9rAi9undhaFLwXj+}>FgHnlt-OPNLT
zU&Q&p4C%uN;Tjb~ctWPfRT?J@x*ZIQ3buJH#$q(-bDZ?1*-+4UKiz9g#3$?16~zwC
zi=oZdx@dlN?bZ=|_J|1&1tXGbL*DNP(}{=A?EVg)ryI(xk(`n`rIvN|4@uqO&Q|Ae
z{r!$+@`h5D>GFYx?QnO8Qkf%(uL~?%<Gr-p3z|5lr03~<m%v)>X{CYiyT+@t%97Oz
zEKFe6yox2|vfTW8vMdXwTsgKFSn=~m5p#23O!B<SaGK^Y?tcitqoBNK3GsS?Z8fs?
z9~7=Y#$7V+aMBYez69%*du=yjQOQ3#lI%G~5h5BrGU|F7fp^U^{aA8^5{71R^rAZb
zGJgR}<hZqiaCJM)9O1Oq?urm7%1uj%+<C<wBjL39X><c@LM2>k#=V`e@^)2C@p7kI
zs{hYm`BdPUzH<y7Ez#S_UF*zGkgx^MkTx21w52sS8d*GJ>NeK%wAaEJ$_*&<>3G9W
z2Vb~+#dZl0Q5&_9i+e)y126hm+hXp7=gz1V5qO{7>mtgaQxe$XH}<eX)i_W~^lj-%
z5V=(e;Z9@ovF;iWVRm83Q0(~>tT6>|uO}MGIQzU16-I_RVN1-3<XRV0<ZirNnQVl#
zb;J6+Am_pbt!G`rAku{1<dEGAV!oX8q~HKPh!Wi2bGU}oi<+1*4%*WA`Y1q9mva_A
z^$wlY<bCkpu9xH}+&&{kAz*XX(Z0Pt7EQX~lxu$;g^?hK69nx&vc=eo3#S(OswnRt
zJ<O={|2d5@EegdAV{$2+Rcy){<n<kF{X#r`CHaD3VV{T$>%#ly!n-%jUh}GM_kl1E
za)XJu1`>%ybCBei4M6WgNF~R?;ZP6WKt3-(76IN?<T7I;tkfXUVt8Q6EjWD8D=7%>
z0=oQpf^d*x|JFJGEjn#~H;jPan&aN~8mtdq$I*#56C2kz@>peB)BS*!==TuOm_w|q
z(e;CCZ2^#MILF4SogzC>{Z^)~X1z28_UlPkK_<$Q$O^!fY8bj=v;%<Jj(jL6i@^mD
z1a6BQ)JD`OO>qcKB`gyC2ycPqlunCDR-r(sV>zPF02hNN2`tU=KN~kF5e4M`;hP7B
z-x|h9y)9y2trv&zfF{x3;{yn`hPzupDtZa}96;oA_uEL9uH%atUaI$w*IYECH8|&0
za}?JQk)W;@AGi|Zf}xZjS@!io$uY|5&s&HDro^2IOYTfjc<iOnLF?0L*Lhis7r|(R
zyuBCH{*8x8yr7Ps1>=*3{g0gZ;3;$bKNA5{hw8-}vYO3R0Bl7w-$YY<<Rhnh)T*5{
zJeLbjR$WNz5zC39@yScZauw9Bf=)1|vYlc;590Tf<#fPu^>`49=(7CCH2Y=sdqyKK
z8=ATMTbGowzWZ{*l^X1M3OIdI(usnMDyDY{4!%3U!S^|MnOF*r#`TSgr3j38W}usV
z&@L0is(y;C1A;uZTSedn_)B_X{uuupep@<}O@|U%Q;7%#5!g^b#|L?`I3@PP6eC=~
zG5=VbasT!!jF|YFOegJvMuU&u8<M(90Hr~YmObJX+E>|mgZ2ZTGx3i$_eqRANIH81
zx9?>-W{do*AeAC;dF2a;s}CKqbr`D+lBqV~92Z}{T>+AIYZ`8C@Fa`x@W0Y30Y8o#
zQ~sZ<N<5#xTqD6B{@;#DN|BcJHCC=KS&TgpDG=gZF;H*21)-m+P(LN7OxwD{W!Duc
z=1i*@{827$bN?yhax9Vrn%jI^k*fLCiec57#QiUk@?)l$zCc!8JY{bL&*4v((!%l6
zA$24Q-Es>k(r>mm%5CV#T&C|A>;L3Q0BZfyxk;?~+{ZY}m}4z`V1hyNo3MWYyDTS_
z*l^7MWL<)ObQ{s!z%<dehh#GXdqnK|VTg2EjahDBO2GLP5th}HhjGcS{JnDfi<rd8
z4_4nmDD_j9%{b8QS?A7~n*zaFa>k=^@!WC~^~X%On}Tr>L4^!CJGcOy6_m(Ue3W9}
zdq`)=8P!Isj2L3FO|0E7NS`D*d;2=HmikbKN(vZy1DN9yaG_BSHCYKPS2xGLno$&+
zBa}yOwMf@yQp?FKt0kev2!FnZdSf%{!^a7u#sj;_EN;85%IG7@gWar@=xqrBlU)Uz
z<Dj@SB4XUrf~>a6HX4zNP<T^#n8MW#x`qneE;+Nhxq+c24L2^}+IMRC_Vpziqrxwj
z^wo1Er|crirWzbm)u8rwUm_pAZlW!>EcIj#R9ix!#<O;v^X+@>x_;Nh7dW<5I2i_h
zJqHNIHYqIb;+b2wB0L*oQ&?^+?ZRxwt{Lp#5orlZv&6WVkS~bw3Mqc$LyT=6pKuLG
zUPNP26Zit%S|3TTg2yj!t;oBb*u^5Aged|VBI?{BEEA(kL69A<ZxmSW+_QbqhKh^6
zKyZhMiorQv2eMIR?~0<nO60dzZG?}|6CQ}7!eNCuMCM%aeYm`m#=dkIynEh2eME}j
zvtVyG@zcXz?@|PCDCztG`2I(+0kfx?f@0ImfNf<S+80@g?SY=jH|bC`%ft`9*M#u&
zW9G=52KM*ejNlZMq_WHB>FuE<{arzG<7WP2lxyv}BgXF~NX{q~)(k8?lV52&7bTHu
z%1ZUD>A6w-Pa#^V)lVI6No(KCuEg{SDa!1BezZ9O%_a6wMr&{MeT{Jx7yB;fo{+NF
z#mEBUB7atsGZ_YX$VjQXK(yes6H9_`%*VDeEKO~Grj^9G%4adrUihQ_coFy<g_5Mc
zG!|%&LW8)D&TpFjaRiH%8b#_G5;avn{|+%Pu;Zf4>LRi8WPG(q&}FmFAwsJ)4fltJ
zJ*2dizZ%0gZr-q?HO^4t@HpW&`>UDXNO<cB>egjvPwTc5D6U(Oh{Q}qxEs;}SoVa@
z-dz|-QhTxux`Gd_d>#yA_6jx)={|LDO3>I_t-8aEsKSRX8`rvC+u4Njc*qG~^&|>4
z31N?OG|!OcDj?(^-r<5paiMho<nSbcYPXGy9bX;?ZRn*OvXw$MzrfI+{UXmdQGI>l
zcaIWd3JW?^l|Dp}#{-h7&1!6D%VNPHbJ`Y$nSN1R<iz~J1$hwxWap^GT}=@lKo~L_
zOmAv?4aDZ94bV6yFy*QLl}pd+%(FdExqS%v9P_bWctZY;dEgrbwxnNVIEsUBFvl1W
znzb}~<v!et;@nj>M^z+k%pJD%!~v;Tn$_}7;|wPQf-NO<3E~-*cpWbYKYm$kp(?9)
zm&?8t(%i>nEwI|E@j4&`3XWZDC!+Gh*CNTn!Drr32}@)9;Vm8*CYG&-<z4(S94#GI
zoGfeMl#)DHGUm3IX(eNLJ-_~$P=`iLZ-KUv_{$EHLhUe^;oD>#o|Jk*u?$a6Ax{oI
zA%$cX^Y71GwiI(wWEB;3DmCv^USc6O&=DFxP|DoE66<7=Ss;knmgm`YH9_Jb`&XN!
z>!PdWiKw-}=*JH?uU7czO~vX$re;P1tU$9e<RclDg!wq{Q<_h+3w82tRqBeV9h^&r
z;wL+<nW$;*Wr<ECMT!Fx!Mba1lPi^mLPHW1mdMoucU^;tDA(;$ujag_$B+vD`VJ;z
zo0Y@7DhfB;o_n$Hs=Bm*v>{l3*=LqquwV9|L<}kRZHH98j2uUBi*N(GYLkm^-krsE
z?svKDVIfT}(Ddm`I_(`#`miZK_os;cBPK@aG7WwPpB~|E5*ZCgiM=?v*F&2#DnRY8
z@pUKeOPy2O_;~5hi*IHUNnFhm!<0x$hxU9@POAK2D>@}8sTX{zc~s>U3}gg|G>GiE
z3*d0A+;fX9$7ePYx7me>Ps)KWw^oJ!_(Wa0q-xqfIlojS_=qk8-uQ~^UPlgRMirlM
z51NwiH`EjS6ay*w+20Ud99g&651}Y}rR0pPwNH$BaF>M=TfN#UQn45bs!F_5PB-|=
zk`u_0A1etc%zY~m3D=B7hlIb)jvjvM#@?cTz{8DF_RYbJbWxUDGhCbxaN@8{f%|L7
z8{A(Rzrg)<7`!fa#dk^9p1|nE|Iih>j^Fc5=Ytg=)=}&M3K<GcS7S}B+GhmOv@)g|
z9d@f$)#e4dt-H{PphW|Fw7cKc_JKG}-R-h2C(Aoxzx*4kbf+&r_aW+d#iwPDKZVaz
zGk#XqU7TFopRz8IC%=Us2uj@M&OXM$=8cbU2T!6J-|+~3POJ4_CPmGBT@4mB7;cZc
zwSS2Zd||uVdUmWIKCkqe2*1Q<!GtTUyu=@p1<u^%n#2@#1XHCW&Cze>m}@6`0{kT0
z+h*m~^oX09As?U<7+=R$KR}u(V_1EfL+B*t&Qpx9#0QY4<Qq3UN^-zCOz5*qLkju<
zx^{evveoVNG2JFuUJfKft?#;l4|yLe4(RC(j^fyK2>ePMG%|w2<y0E#n*4f-n)}wk
zyiK7)?vNU8@#IhQRGg)<mJ01?-?DBqhqEBW@IOilpu{_lfdn4nZa?@Pdc4JpuR~Y%
zM#I5Kf60Md5hC=y4JQAHSQ7k{wJ}va0*3eksj-};aZK{L3_)CPu;WaX;xs?CVlfGX
zpPv5vt@uUJyI9tSl0gP|^+DHyroB&RlP_Bt9R4Al<ln|1I1|O7tQmodH(M|<>><JM
zP6eJ<Is1#Dc=TM|b?lRECw4#tx5cOw-^sBfEpH1)O7)&h<D{f(@`b-XLOXz(xWsE>
zzc5R88d{r;!_>`Z+AYy&O?E%6Mm>h|PeX0+BV5sW9TqonLHa67@ob(1s=95#@PA;G
z-cVBGI6bm4#}k?#UBJ;An5ABAJ;vDU$J3qVk7?wI(Qb)TAXLlNXuk$sRy{3>?t}<-
zbDS-H%v;)y?h?OYDKUfHDVZ+{-iGXdW~uc2iYOm-d1_53Ff9Y6iS4Kv(QAsSwh{NV
z_qkoTa4N2(k}lLoeQ(cb_=x^IP*n7a;9_ij-*?s1!E@lo%f&vO59|`o#2B)ok?Q<g
zSK@W3Rh^`(lPg;pmBIR?nG$xoEUh~s-gjsIN8Kvjhs(l0b?cTrVD6<BBkn+|(?|Qf
zw~!}!ojYpqkZB9i;KIQ(*)*yr#*-`DibtYe6qm2Cfj(;kvf~;t-hit!(enAB)bbw+
z>IDR68v;mP?UM8>J#jqu&+1cFJNp2A9+@F+7=C!Jp^WQ+JdB&RB)gAN6Zq9E?~BSY
zJVJ5jkkwdXvSTwaeD(oriu=aa{HfVp+~k(`Uy{6CglQwq7UM3jd=WgaWTjB8zD1MV
z*r?-2)8cq9j1uq5N`*Ba+YkaXdna1n5?O6OW>%&`Ux(IfBeR{%mfOl6X+>Gqrnp*=
zoF$>D=_T-h?+J0|)i<n76=RCqQ|NA2fxIoZbRXWjiTC}A^eNlSH_j_Ln0N%J__6fA
z8rj3@E5w2i1rCt5{+O%}`7PdNhdBlkJ8ACl`fT4j;Svync)Q|RJi*<x68o>4@?V^!
zxLUHT#muTIeDLb%Y>w7R+7`PV@tq9c&0al1o6W`ceo#LpAVAR)QaJG)h<@<ecZ!J!
z_^(=aggx!*+_`{N@rC_U1(d13*81OJ1|fIz7UYM^@&D+lxgpg?$+3^@AkY4IMY8WC
z=+bz6;rTyIePuu-Jrm~O&f@Ow?z*_Uv$(ta;_mM5Zi_oC?h6bo?(Xg^+`Ql2kNYuQ
z>7<gW?sO;Vrz%zNYNVe+Sbhbdd6kIlzqvu%&@P}l+p6esQ5}J?th~rkaHs9v2i5j8
z5}m_tFR$CT@(mVQ2Y?@-J*->3`p^tfQ>kcd)Ra!*fM6k`SN=?XKgvk7-=~m!a3d%Z
zpyHc>4(hRst>ITh;}dW@ZbvKC*PrazVLt|@!^WJrW3=T2bBzdUkn?H&nQrJpH}2}H
z*jh^)!-mi})%6~IYtYcnf!5mLjmgqKn(wn;yVV(y+Bv(1`sqJejadw9Yrm|IsiTmY
zL|G0?3g67UP(wy3vS$VnYzh6es1$`O4IOVXJn|YNAKZX(G*X6~#q-P>hv}L(FOHsQ
zB}$PUDBdkz47bKHKzG~wy*QHO44#UvofJOm9$NnkPZ~0fus>+&MEXNX%XAtW<~}_z
z_CQ<`Eiq}AJEjqT*N*5nw*xUL?SWNiaE7tW1w~yqg&D7Fpg+;<&y$&fPfaSD`gcPl
z#yH`E`e1U(F@_J8@i0e>?tQA&>@v&<XChO=f_nTtR;=J>TM5zFxO?k=U71_YL)Nw9
ze?khr{T-d2&&)=O%1=LX=CazbiTw%d8TrvKVIKZVX4VEtA80F!EM`~hqA$Zc-S?1&
zE1k3JhYlDL{<byYp_poV_x?L)Z?<g!IcJ|Cz2DIb8_!=)kTA(stW<|vuY3du_fowe
zX`Jq9v8YLBX_|J}&YPX&l_slq1KPLf8PakoZRz>q{G0JKYt+0C$?{m3<sx$5=Troj
z=MX!fdBvxI$vvWMahNbYxP^OIvk-$qpK>cnMr4xF5sw;O1diHzP)6G8QP?ReWQZ@x
z2@TC5p!sAH6ocbRF{$=vMRE#DPUc&WZnHt5ZmWTj6Dqw7Dtb#K9L-)djR`nf1Ez%h
z_XYdkC3+o*XB=H>2kFWg=&_R$;WHTxkx?4h-+3r&7@b7MuAC(~O~Qf812HQf*Fit|
z9$8&EECM~kJKQ<0%wrK`tBW!{wx}=kjFv+kQ^9-ow-w;Ao7(!-#CP*`a0xu7bu>Qb
z8e_2hYlZ%IV^li6t3Qi{3_>Au3a2jGJ2wFidw*B7{4}x2vEC=7{rtkILmx$cu`&Ob
zKp8~52eCaQJmy)!oBP#SWQw89<SfZQNWAgQIo;o(=iVo|fbPdD9G-xH<iU0vD=z--
zl*d%J>eG&Me8X<pF93FcN-0h(p^K*bSB7}k%>F-E9dH4rS(hMw{#|3q1odJ5fuS-2
zE&>em)zP@|B5sNW3!-c0M9Kki=XBeRD$f?`q(SkM22e)T9)s44?Ch=*<pNm!Lx1cu
z8+h)&gkpw_7v!tn0-4eq@a;U4XGQFRD?>c(a59xGc$IromYa4R_v9Gz&xRqrz!GAo
z4!W1J{n>%#6&Og;0VrZpUq&+0flZsNL>mA#2HMh|IDrCJH%~>db?UK~1Uy7fP!z<)
z8wn)kJ%OU}976<VdvqZka*m_KC)1dq>I%zPi7L*Hw;7C+3>k!gD&sg{R*M{WN1uY6
zN}L8`r46VG1(uJFxyWC^Q3CpZ2;$+)Kx&DyNAO%s5vBnMTB@DO%2<Oy4YF~l4th+z
zYa)x?My|~C9tk?$9VQ0e@rNeywp!^lP}MlqEM1|KjA~Jw)PLC+&}G#bx`a*;SbZYo
zw$2iN3I48^pbDe3%Fx<rq6#ZTV!XO$BCt?v@b2^^a$=LnS~Cy0(;i8>-$FA0Idv&a
zP7dcJ-&Jvps1BHl+9HO~G_c&OYraQN7S?l7unqjs4glDeqCq&Ir=?kuKW6-WbgAsO
zr&w>RTyWXQA-?@Nps+MSfos1w&Nj}{oi^EIA2w@K+Mr1%!&sG(T5s@ulq=Rft*NTU
z6|dL0x(rJ!A)ygr8$L#;0p!A$R{nAa)x(&wwob4$p+LD>)F=6^G;B6D-#Cl8@#bXg
z6@jZPUGK<P%|FYa4(gRVr;8_`?eeQVz+dpP|K+&t5)^#7>*;G<xSfvObQuE^@5Iv5
zE`mL_xEjW*2KFql{s{sV;~k7u#fSD;Y__*+jg_~G6+eRKAuZiP+T;mAeIqriMy<wX
z8f8jqsj^FBQkr*oqjQN>XIDydsV-(!dJJRcMTDDVXCRanox?(u+evJ?UTwrp+#p9q
z2k2o#wQr#-Y#8kuxaPq}FUOsF5@v8nv-<hi4vlvNRxfMxH`Id4{BO-4*x^nH`#=2B
zTRzs3;42!59dOxckmeP)N}^R{#IW+sH)8m$zc@7+(k9uI*oGLUja0d-vzi&kQ-te1
z$DH6jzgIZ1=*M7Z)z3GD4sVR*g4aFXetWUh&jyzYr4vHboH*nX-@6X^q>bh%>7|0Q
zwkV4xb>!m{U67vRK;wvmR1m9p;*B}`hQ|R{%I!#YCw^E9Pdr>d?Bdg`Fv!5!kl7J*
z&b%%#`^{<eAH-mNhJ|<yDVBGveXNY!lAIKHW!%U&ya?wP?^SK<H`>p=DmvdG^<C77
z_!NtXF5Gqts>&1?B<`3@<0>8)99PvW25aE-d=?sGIh0COK$_w4*k@n7*0WQ`69wcW
z_=YzdMd#~I%{y(6NbHax>LNm;HFSn84*|MJFQCF=0OpN53-={6Cn+VYp|e85E^r<6
zLU@I$1I`Oj)d3L_%FF{QrQlw%>Hu;rD9iz|{~EASR0gv{0oDJJ2w(VKTL^L)jJ18d
z<Maq60_CI+*$G(22C*uj9)NGWbt@NIIOm?HH*1huvIg3cRT396ShA8@LMZLtqDagt
z!d6v|WMdffl9t|~sU04MqV(a3PmSS4jz2*7B32QRlL5aqzR?jml7SK|OrfM$TA{lX
zw(3MCfC%5v8;yTG(vU{?J@T-IS3M+<9XsTq4JQaMSJw#sDgvaT4XxNW9F!63IG#UH
z=TbUu+)2zhJPOB8;C6MQs}z;_H91vRi;^ah^VB`8N}I%}(+KgZF6Ly+BP8kgE7i*@
z)ja@uqScfV%1Ww*O>1CIN|0qw7`K8^a+Don)V~Sw;I8ImoFWo;Ohq!mwcm3=QqY{y
z1~x%@T2b(nrR*S+{%$}Rj9-p|tZ+lyC`#Hv&V%%vlZm#N82fRoVFp}JAHF>|#Eyx$
zH&iii{$3evOe&wo<M_1z{5-nH8cR*Tt9MdflqHp4BH7|!lhyc{rCB}a3QgZy)*Gy%
zPt2!3!q8_+Pel-=r!>OQ4@#+OYPyVsu85y^w;D`NPBl~*tZmmls`_7TJTAt(JJe;k
z&YwIk%6)9=GSA;1gNl8&>K<J_2gA;*GNwUwm^NIdK;@sH@^*D~J*8g6z8~jhWC!-e
zw-*K~*h;b)S+2e>h~b3Ew3}g4LngAG6lo`s)5Y+qH&7`U`h8p2CSfws+)GTHhIe@V
z3Rh-6IRc-Wk(jjv4qygSm%YvrtN~*tO+Lnl@whKtkG#9>jT5z_t|~9dVgNCoPbOvd
zKNkFa%wWjTg&YG#mPXJwk?ic^0<fpf$Q6nB1J<S4nz`^q?UGlJR+3*d1JfG5DltPF
z8nkr2^5ldAI$6j<M~TQgXyx!AkgbqdshApbCmU84LN7p57F~!d2^p{bA8)M-GK{z~
z-p-CI8uv@46ki|$8=>z73E_Y(h^oUsOW_$U-J=ou7UobO@!5*Kd@caEkIO1=ej5yU
zP7N5}1&hNFpBTwFqV`AqFq1;(*Cfy<eF~EuXpd>^uTt07hvHib(}0Ee*sa0Qa@WE<
zQSUb=wNto-#N1mz&Q)8}X%`&M(!kS^Ybk4K^eB-@Z7B_>QSxb{>Le<ox8YStW~$h2
zDIbqZ2ckL;So74;=qr03P{Omhe7N1%{|4*Z+CP81V$KWlEa2mQuflIO+;?ertxt*S
zR|w1d*)ZrN5_o!{KwsU1sWBQ|Jr+&pAaSUx()vTC6|3ToAXd{X#>4DBl>wutxVaj~
zANicHaB9)AkE%{5FdnF(@BVwpxc6)?cgSbSoG0S3dI~cP<5cuo<W@tU`XI78$$lTT
ztkBrwlN+yQNu_cB-!XsF@AEIbuV<`u%lWmg(Qgs~_g^_#*+=P{Ek|SeL|!b64*^Jj
zjE7RZ2ss>wCn|1^_8|Yb5pfeTICTVzyf^25)lxZI)xsQc2qWJQ{Nk;0$@ao;6R3$w
zIu3$ZfHa9|e~4H9;TLyrvu}AUy>E%{Eyo=-`p1H2+IS8l0?3SG=#(@z(KhzVx;*xa
zDTBwrUr&AG16@E)X$NVe=V{D|eVpsm{L0+mm5FPR;+j~k!&6L4Ywc8Z1@&A6Q-FSn
zOfJtG8Kz+15+H#3vTWN<`UwgyQ|}w%8RaM)G=uOl9|Uz8^(*70PMldL)b_)4zibE1
z7v<P3-n6J6x^x!K3$`0<z!^0az(Y9#DG<X7R&O+o87HcoW<gpjb849%BQYNq#-bel
zQ+0(%B@s?T#AhrW14#!~O{4Vqmr9omDPrnD&w+aubu>@|v%<5*{?|+HKTSK%CYH{(
zM|`yqDODVGt@eWs@Z2nP#i%b%fs{@W%x*djyQ)@gLinvt=jO%Y3!kp6^E+W<{p7Ge
zInrcbYWE8IF=63b`>pN|?oIZ$vsuM3jr6bDuc)jRqlE+Bxf6g7_^)RH1Y(Yi_wc@c
zpSJNh|2Tm#E`mH`*v~aJGf-ro5X*&KwsE(^{UGafedVYJtyz^Wly}ioCbTN`!wZD@
zyY-V+*RVi5-3qK$3`SmyFe-~kByrHB?kc*)-=@h}664LMGB4xEt;8N--R@k~JH^oJ
zDlodR|H=PNL=92M+`mMQ5N4UTpo^N~9#;Obtm2>(YMDI4oE@<%;Qd~8XD=q#MFif>
z@M!ddUUg@&*bu@is2YB5)-F12=;xXQZFq%Ts_Hmjt-dag>eS9DXBljMZ<}@(@=xmH
zf;9UZ0>{E~>zd|5VDCS%$U%mN-i_pC#S!#y#imO2oFP6=azI0Wb_J4tuR_&@3m5B0
z+TA*bqyN%fb^pFML^t%O>G}PLA#45NeKvnTDLh!Cg1k3Xct6{iu;zicGN<Fi5fmu;
z_=DlQo|BElAfZ0NQzQxY4y@{L`3r0u$VMNLNmk#DUxE0poksqb=BSWP&*rG^5A<nz
zPMcb#11g`tC}6I7i*0hE<{JX_q`nm47im{14Pb1U_xwT#`rgO{GCxMFUhRj^wXU+p
z=Uz1pQ#CVr!{2%b2G5E2spwm1)LTAsww@7a?WAe#XlOB@F=ub`9dU+TQh?WeICj1(
zC^Fq93JY$8#jflVaCA;Ira2o>MX7anI6O{mrbbR!J^L5ig|mr4>;zzwTYnd)O5Vjc
zCcH0C-qp$ekw~11Uc?Mr)sm<iKSA-y8guigh6+#jX$zJ__hVOj0GO38!H-`~*h_4b
z6S6&Yq(6B&f+xZ6ef$VDO7>4*AY_b_vz>hs%|zMv9B+s{`;0q&e)HeJRDF|}`R+du
z&};si14{cQLq|AKEWP6JR+k$dVe>J%5;icc0cVeGFHKLqrD&+jhBqQy>n2=MLXfW(
zA$6ad6?P{*7fQnrbmnvZK7uESJ%FVXgnXNzlcFiedXD7duTpVrYsiXx5+X2rG8JU+
z!{#8?Mb0dD&LBH@w^Cbf=(`b)K~;u9m4-oZ1iruhlTsUg3S?^dFa=!^1eN5IEkQ2M
z{cBj<*SkJd>TkFf$IvCMq-I)`XWlfu8)7pt<DX>H&YiXgmm4uCb2)gGIS%_M7N9&(
zo$QhW>Cie1#}Z<R9ch>czcOE?Yyv_3PzEt@(FT7GDKPQF#_3-w)Y0Q~S-#D+esZY=
zz>Yj?&i-Rpc(&IB2e3N^MQR0+4d#^f^(Gi{W_<oJX4{Yn{e9ep$kyVF-iQ0toaw~5
z2u&|g2Xzt7>Ev3zWN!kVjQX`Qk`N*@$uxnUPm=#N$rH>rRWn7=Iu1L>jA+nUTppK%
zg~=4+cZ&QtN{V}EGP(D6Rd!9^#$b%<QjF@<|J{YL&si4jr8{C<q(?h3jCpN2{ZyJ^
zQ9Nu}7%#cLFcGZs>h0x~aX+P@rZEg(g&fdvLox+)%ykO^9edn<+>yCMFju}e3HaWs
zDlzKvOD!S(d@i7SWelxa1^qf7Pg19SLNb%J98uJobT^QE*pE}wIB)fS_luBM$yN}`
zXcPk?EQ7ytxp@V+Q|T6%BuBjUDdmy>u&Vw_unvdK&~jcoxVShHK8oStM+h@GzI;HR
zhcN{_A6lE^JB~SY=1kuvv}V{5IU3oi?p`!rutv;hhzAwRsv=K4fpB65gm<Yn7U?v~
z2y^$&lOvfUr+m1ZdxXM&#6asWHl_D5UKPpgVDNCXNjxIipFPTY??YXfrK}|HPN^KA
z$K;%w^+bV^Q-PAl4y5JlGQ#m;j1(nZnTO8O9WyH;T({z%)pz8VY`HstGk>6r6K!AE
z^eNv$dy`YoS+%NfVn5a<%A+tzEK}r6qZxlKUkF<<#XHWC#XRtJ#mUh)Aeknr$ycHL
zjc`GF`H<;A1%`MW9P^`GVU-~$xnq9yH=l9Y{8?+R*pOWKE$LVQ0UK)E4RL|jMB(CC
zT760XpkqiRCZU9=B1ByVKrLU+gnla=vJsuR0BogK+s#3FOhzaeI{@HzxWfC%+Nf>k
zFz_x<cm_W%i5wCb=WNDvP)img;j58ImGXXCEKJ;#ti^6-{CST-SBgQ0wUpd7z|(8R
z@<soekQP&p#559xV@su=v@L69jD_}367P8Zq)<o-#yxLb-uWHD<L}@TJWFR=v|abj
zb?%RSJtI%|Nd4>}zdz^fIMDbB_{Xe>T&kRXfyRwV)t?fGuDn<2gGW3Dse|(Tqf5Sg
zwMsMPLvJJ*FdYiIGl@fQiyu6otau9uj?c@x9)cLGmtZZRO*jdGi~FT_0FUpr&^N`h
z2Fa=W3$bFffQMjV@Oiz%#I#N7-~#I=(qu_)gWoB|#r%NJy2PXg%_i(6o6EwbHIbTD
za+*y|$|RR3L#4@D3dmg>8<ct~+80O$?cp>x1i?J1x<M!lU9OCD#vRl(NEuSeRgi~G
zzR~b_%n9HnkU0daHnYv@3Qut{Hp{krM!&92lr+}kyg?J_@NemCXV}&oUP1d=f#Oz*
zGfKEx=0incFJWO=Y;NcFbcfd&Hb7CjRr;VfA-g11kkmy~5bubh1WptbUqVMfi4?zh
zoR`D|n#|B2x}xl#o`7mb3mjy&>F0=vB6eEI;%=8!L{7l`PBQS9nuerS;AAFqF<WNB
zd7}CU6Iomw`@J|GJ|iz5!(R!^;hwNyBWmWVO2ne?968t$TuXz0ejv@U5GX0&w^yy{
zerw^#Mim@L&VQx`Gqs?!Gz^L00sQS%27T_D+1`e_)Fp#@ppd5B2(O){3|Ix$*c<|^
zY?dv#gEHMzr<pFaP>&DN43{pP&7H%-4&JoxhgzGtEXv1iHa{~@C*}<V{``(G27eTD
zLt_<4Mbv&N<1%*rEuZTwo+lyccjmHJY=MCN1|pJW^(YHfuI^hFFI8@p?r<iIz$mi<
zvg+6B1fv0STJuWI&bTqKIhk=b%t-Mps;)<eT~#Uc*Wa`*;mSBvT12Y9%Ld6lT+fzT
zy>@4-E}u&q{Gdn1_qW5bx1v#la`S1U5N8JRxf;99iJ~kKlH@{Aa;M9agwg{^gqrK8
z)40WRk1)aATN3ua-Not%jBgf*n!Qk{pELIYTzgQ}0LK8VIv-t6!j>yOt4%1~M}F5&
zaU(Ys^k64WPFSrJ28$(Px>LUCFp7ICp}D5c7CSIa!JnE6|M!WB(-1C$P5xUQft6d(
zY;|R>*uogu-F7VPss%*;w`8+c)UT_+-!f5cxJzrlM|qg@|35H%HAHwHPP0}^Lw_!G
zika`IYVw<wwI9b)J1q(}n(2~8W1Gj-RzRw&H3dIHFoXgDVU4>g*Db{L<OIy@lD)%X
zxhi<6sv&zIvevB&YK?(;MRn{YAWh}ADNf^?UQOAaBf7O+ZWYPGiq*ut@h|&o5;_J9
z$o4ahaAlJ0nHaJhn_YUla0{5xjdII4*}1>za}4VXNqUA+YO-jD7px5gm$`n}x<i2O
zm>-Xc7Z|!5HloPqA;rEJz?VwZuJ1KMVrndnw%qGW<nZj3p_-I@p};nHR)yC!MtJg7
zE6$CN)eHvtmEFe29t@Bt9T_wLpTA-gfrws7GEJ~HSC8F3rl#vbqtN&qnj-d63*p}i
zs!LE$n(yDNO{3ctJSs`<tmmZ>bQu~Eqdjsw^$3IeCI~l(2g(aS72iQ{Vv(}XG((%t
zho6)_I|Uca6l+NTIIBr(DeKd<-Z&e0Wt<+&R?6Qrc(x4Ct_*{soPmE@T9bkC4_gG;
z{{Mq7x-g%_9vqh5iK$8-_^R1DQFGPJB&J(+&6G2jsS(P6YsQJIV#U^%m~?}Vu^Jn;
zQ}Ld4O=e|S#7PUbiNjF0EhPcHXFENkzdH6QvZOdC1gd2uEy0;+$gqsS2meepixV5+
z+sJ>PG%y8cQaR!%nF^I=Kl*V%YbU0T)hlV)|JL{Ibu}}MOXrTRA^jpxH~u_2JCIJQ
z%2nO;SosxdD;;3RRfY&&pi9f{E^ZJU%aK+xWI`tvF>=PxRi;icJt?7}=|;XLggepV
zu&6S%n{HvB8XxlpucMVrW0~MXzQkfF9Q_v*I0ieqI@5aAp0NG23N%kbNxZU^-<p@X
zWj{~90IfNoAi8&rJX{#-=+js##Uq^ZewWd1JKYY3{)s4-dw?EB>KigLWqs*GY5+3M
zkCk#ba@x<qq(t`d8)}+J7Uy@mSm5$r|AO@3U(l$35WVcL+91I;4=7rgMrC&EQ*)Jg
z&SOvA&tq>RV7B2g0QuImno$XedkLT6eAkV~*7kZx@jZ{5)cI6U5CPfSJ{=bQWV_X*
z9Ke$jV1{d)4~nP@IPGA+amR%NdwPN0wXLchH|^jsq$e|E4Rj~#bjzbMWKC*dqPSQ%
zpr^WP4GRT$N+{c990<)Q{)0Kx!9F|%bWjJQ0lwk%c)l)^O+g@sD<sEK1FoV9kpuUQ
zML0){O~oO>Vx<~w_$+qlgF*ojexWy<(V>8EAlwNPdnpsZqfUiBxD1O1u6Kvpl>B97
z>sC*%aotGqUB`-#Q#1wgr5yGQQk$`w67J?%T$y?Ry3}TlL#o0m-htxc@Bb1q6uFE4
zOYo^o$pk){vyu98f-rFl5H{{kYMfCX#4iEyjeNHelsIi<Boq##(ldMExY%1S>Kq2c
z`|1tK*6LBOx+jX?=`c7b{l<npMndQ62RIfTM|5gEx$y&tz+j96lt^(0%%c!*=#s%U
z(#8SAWVi$5AZ%{<GZ73He!SaFG0F9s(MiIe@GnebE8+ye5KAEq3@2lJ&)g;k8gC?C
z8Jb2JPNR_ENYz@la^ZkwS%c4G=jmqw0j(;=jTMpf-$n|Zq2J{1#js~k9gHKP^X8Mk
z8)?aca09(%z`?$Si-Q(;63WEm)?pNqfhr#CfP1vnT(Z<HcV5s}8YH+t;y7|}8C$R_
zE^nE7y^L|-GgLRmfUFFphzeGcLE>VrI5ZFQxZYfO2@Xf~c!&RaFF9|52$KD6K+WpV
zzIjSg1oadZIVT8zK*g%7dq;QVj8MC{3n;M*<@~Jj9BF0?{zS&78NS1jus!doNhuPJ
z<@wD~?Hoc|$rjunDEscXYt+}}tt_Gt5vzap{R}7Z-L%RS;DEiCXHAV(puyR!h%~j=
z%V5UQZAW>lqderEEbv!C-IiGlDJr(w(0#8Gm@ATkGsB6hnptH)PoV(bfyW64!UPtD
z>#MZf$LSNDc`R$s{M9tB$yOaYI-;F2YihIx6pEXlxM@dI6~%aJ`<IHJn5D0f&Strm
ze0$aJ1A)carq&Y0Vs<7@+G>y9VuJl-bSzKszqqKN?T355TdKYC)fAy<R#n;L`1FqG
zvacN37{aepKfQ*@YfDcSr#48KP-4?eAosR&wBNZ;a(SnpF6H)L*VP{@ePOTr^xYYP
zm**(pnJcArNE)9Xqq<#;D|_HhGL^7X2I*{!$Lc~Wmt!pg7DM2L_Xa8$(Was3=6ovJ
z6bqQ1BZhgJqfVtQ8do2d7+-^GS#xoM-M9B3M;YjOEu^DK6~IU(b4(d5L%;Ogt20q2
zvN(e8(U(FOn4AYVjOO7m3Y5)$@u=)ZnDdp*$%DK3ITXD7Fj?#@)(2aoV%5iEHwr*6
z^$8?ug9y`)JS?FT-ppGlf@N9vBp5<-8+XL!Wf1Asresa!=o$zf7tRv<hYn$WPlvqI
zU;}O8SC&WE-}t=E(h7FJxD^s)z}D<0=*V{PT*Sk`U#88{1zZpIC&gHqm|aETHJ|zz
zJ2Wb8L`oX^`<k#$YC0BC@H|%=UbOQgJU)O4UXAI~F;h@LS273Izn&#Y;-VvM-5EWm
zJGy<q_#ghFhp_U|KJxi8&ia$JnH3&xwq$sDQc)Vr27XAZq4dWJ0n<VX$YE2e<_n1j
zWje4KmnTK!!hE2%bDH%UdHRM&2V<FG;s^0e&fl5kNmDZxD#qYZzMwTLPEO3v4I&{0
zB#F{Y@|LbR_aCE+?qCt-SalyF*^xdfIKYlRw^=$TF-E-PwAZ@Ab$N5_#&3Z~61p0L
z9dP3lUOGG9Cw+BZxbPshsc1_VgQ1Qbl7|%*HYkHOaiHf#0PuWRa16miT$K>28FeFu
zc^};$^i<Gb$j1p;Egz_*FhRfZgGCUH5{5~*APloiMPQw_q$*jf$VX$_-q_aM?Na`+
z?J99&6fR|eg78X?@Ksa|pZuD;WDh)t+&35(;f4kyNHhT_!Z5pPOs3TTilNJ@O0il>
z?ZpmEeS`f)rGj7XHfw0f2O8j?n69`QWv&O^%dw5ILH;zFWlu{h>}~LxrGWBW_Jb`1
zgz4(Id<<20z!T&wTrtw(>0mB%r(hOYtnbr5m}jH`-S(>WkTbI2D+(qkOHs<zGlo#*
zI#zkIHHu|Rt{=zd415ExhCgU!75_og!3PTVKUrgZroD37q#6QK!7<I9B!BqfUcR*|
zJpHkbM)}uTTFz7d&iR)nViO0_>3cMs*UfTec`5_$(&8^+;|6|u+Mk=R%b&8yzvPOe
z6;5;eXWe{lCdqmcma_~(^<U0G@<-LsDwsZ5WlxkVWTu;nD9|Dz*vRf;gBoTJ7ZuNf
zs-jgyk(>aJ^gb`cg;P~4)%#B`)tK|qDx*O7E(hYP<xBH61)lYTdgalv7!7b0S!fXW
z{zXL(_EPOFh5~-!FGdyG0Eq@p@N=kCQ`7`=4wW~o$BW1(-gbL{WuQH3STE37-f%{h
z^e8d8B2dHWZ*^nJK61Z`{3ilqd)49_BSQd2er#?J7Glu)-dMz~6wPf;7csf)<@TUt
zsbx&s!mB?b&X_k@zsN2i(;GrU*SHq-)a4iE$YM07>LytIh-U2)2d={U5~6}HdMxcF
zUz9Z=>K?-8Zk9vL0fZ#kRTCqppEp$PqFyd`La>1p<Hu=1TCRU)m`uO3c7sAY?XrZ~
zbz{FT_O=@^EXRT8qK{1TCqQ%bP%!Lf31=*g4A~JIq@Dfs4$>bzzMFg8EIn9@z&0KN
zK{F#GIq84~Xl6w6lSBb0@Ivv}k~f=VCg9~{M{&6n5kYMHN18?NizGk+3x@m#S`i?@
zfz`i*C^{S%5s22*NP%wPl?nnRDK7;y&-X}DGq@<Q`sbIs$$pPSlpUsBc+#Xl@Fszn
z1!<jwTF7u<$p5V?;Nid&|7!(w&J>_ILmi6fuZRLc@SZ!3*~gWHveTA;(&tYCs~?Ej
zOU5)%ZNSUq+e$(@zy%VtQyP}#7^IK_qk!bO0#PIi$c{tuQ0DXjN@HYlxGa=Dx+D}M
zdr^CkO{lm@V6#yD4QE0q02{QvXblbpG`xa@CZ&Z1Yojt3eaV&-4U7>IebE&Y4OF0Q
zJwRDVOV%0CqN3CWOrv9=u*D7oq~KUX<;hqFtVIz?5u_1s@JPcG%Ukr&Ud|Nv3kQv7
zrM&JDqm&{^S)m){5Tl})W)gAG#mJC7;5Lo0(L?lSDxAgIEE;2?emmg7Rd9yr%OiRu
zIe-R$GZB!ee}}(kXaf=5SXt*rhzBX*kSqRM4kd)%X9qD+L3i0odnvHbjSPQZCX>t(
zk74u3Lm6BqK%1o<nujCxB_t*N?oAUNRYY^EBfwIM8*O4jgC{bGY97i9QquL{AfS2A
zoS>nXOu?hoTS;bQ;^-qMp%e<F4i77<GCz118?gVEO#VI?YC#hfRb++%C&eiyBacWq
zCEZbrD+_9ERYWwf^}kyR9mb@DXd@Ysi9`4|$w|ND!Bq5g86GpQa*5_&rt+Jh^h$}!
z8*AKx5^PyPI^6CQCOqq|4F=g`O8B7hN)e`0WU+c!MkjU#H`qP}N%Ms9l@Kb&@Gc&7
z5Ogj&9t%X5!@d8(w@g30Wh>#!_Admp!hb%AwNk%6d;hf(FbhS>jYRVrl7O7YnYn*^
z<t!LtyNqTvjO4965sWYg5XqV?3jI;07l7cit&`#tl9)b2<jiMZl%Ea6(j6w5<1P{9
zH>=#tUZpy+3dhUO;#$~bUzD8wj$MyM$OMt+ju%q+!@(5AZ2)UtpKWf53Bi<HY^D&A
z(}QiXbRuxKDNKZ)fGgTRqo@sT)63&3_gVM^tE)cw_-kvBh$ul`lF0|TRw3l#dZQt#
za9wP-M*{0lhkCVhG2rbx*nx!ObqRc-5@!(nG~f?H*&K}Qt~41xnQYM?McRi|+Atyh
zvN@?V(SkhH6L#7#y!qC5K$|okfaNS+sG9%n!cB^JiO{c*KU<id@DIsbspI!71?=(i
zsQA+ozH+4{)~ykb=;T`_AC(q)(%9-OA&nWYWk@tZV8vM$_-ZX1rknP5aPiNcbgk3`
z&uCHHB?QqD#M3P>-r~}?%H*>W+3EzkDxvECoj_17C8vvr(=c@n(Yu*0!Bob3%eY^l
zEG3n<iDg&Ex5&5`3MT!nLe9%?RD-wXFH0<!CAF`>Sn&A2M4h(uGF3F2F03U_ReGH^
zj6(zdv{~bSjBRT0rweJKYl^g`RjSfz|EsBx_WyWE+I>?aM7bBM0cB1kv`_;P&+ri^
zr1R)9bLhB57|H5N6be2jnkP}EU4<m;$QF5tEkHP#YV>3eK2qz7{}CB?(FH|n3XQy-
zJndFhco~prrLv^nZL%N+jAW2_I$f&LYqVh$8t^jJpcZK<KvJldCAO%+%XAT4s=-qC
zg|XkUC@%s0wsO8DDHasx37IdSs#RP*G=Gy`7;r8**`*C^7mh^8COArj-vQJUg6E1>
z)6$nE7t2zbSE#E}m6`k{p{*8C^}wSrUm)S7omSK@Rd?UzyvIF>$;FWL%cM;~j*`v>
zb!%E`o`FoBW<zG0bTnNOh6WjJwYX}bI2H(o-;N=9zK*JvQPD_I6{LRiqZ*z=(Si?i
z>`;_}g-R~uqcmQi1$KnG>gKsnoMH_0Q>U9>L1=F?BEvla94<!Jy?6vhp$G%7vGMV)
zAUf`F%_NuR{nQC5FBVmTt4l)j_+(S7<KZO=-)M|063{Gb641D1iQ{CA%jgS2WnNQ@
zt?9g|8)S@sR92Uxl%HjTjPLD0M$m1vp{rJLAV1f)f3?X^4lgRQOSWgHRs*oIA+X)9
zAyycJ-@vGpodE(EB07PUsBd7%F@+2RtfhG5KIFC)+;3G|C+$G|)rFZ%|7xx`1shYj
zMDzAYs#D<~3JU?Qw#gSdwrDoZ4{AAO1#1ld7A;OI&<p%+;vUvd(hy8=IVm2$7^}V@
zwni=!QhK)kY(?;UUzPj|IQ9P;9$@DTv4rk)ON#N?(QSV2H`M)yGy!BA^Pch;n)Z+}
z0aG;G;DB#5=<sv_{3x4*ie)0!vRdd^WHhp@nk(fEbP3C8InTu4lH`i*Ds=K>f!%q5
zAX5pnFG%Vl9Md0!b_HXKEF>5(rKK{;H8?tXXo4`pRt3vVfwYac+R)1@HUQayx7Ji-
zr`GWzPu2bKE^z^zQ)=jLms~AQsQj!?vXgv#C=U}k)}OZCEpgGVUlrx#XQ;5TxDHp2
zPbg&>Nb3keH)@5Q1nW@&YD65mP@aJd%GEiq^Tc=|1h>h<9#Mp~XAfX%Q0N3;8igpM
z)F%7In&!GAUsrj=X8uUdq)TSZy1Tm7uY);3RcWSzjs5tmDw!*qd1gy5E$rNyR6>l|
z#AMn3h-GyxA@dW$K=KmlW}WP0vK=$*N<sCy?1-)MI=8eB%rQz0pe29yQwn}v<?j=L
z$6=*7cb}GKQ`L4^`5C5it|x4q*CDb=wc^7H4G=s}Cg)83_)^r}pfm5~o!Vzh*4?LO
zE=9|MvIc-I$cJgWP~jL>#ZMhJlT;^D--Y6&N#`U1|ARE=Q*Y_*arSq5<#>-SlM1Of
zxS26_|F_;x>U%pD)+L?xkMoHyDbYb3q)j8vHmWMtft<=wfWH#t=DT3^C|ltE!kwAk
z>dGM~iViF2tDC3Z<ZAoe@WL(gr_o%BU~<!Wr{N~!R>f7Co3;h8akEIYdDHkiJcK}~
z#Z{sS2|ok7#a#JNvK07DZDXPuz_z>W3iD#hPQ;LEpaX-Q=wf=jgdJih5d-}Ob`-LM
zHu!3Dw^6of5^T9x@Y_v-#9VJcZRQIpSCXOfY_j*Oau1zBD{8y!;Ev{Rjg!<(x`$r3
zm#$~zkyllecMmo}CorL4R$|hS4e<nv#Hmc^PCDxruvj3hR-PnJZNrvL-g?;;;qol~
z#X>K0{Y086f98y=ap1Ajpb>i?@3deY^|7vFBXz}`fhB8S7Bo{tC*GH%!T#5b?MMIX
zh+4dPx$}8Dh1eQ?&Pm)RHEEGrtb*l%b-0SH6kaRfdbhH5xeQrQC$Mz^pem<Ft%IYM
zO}UPLlik?cY<r-r8jZ}psz7fmP;)iEWZ&nit+`o3|4o_a&P;*)TbD%>e}N`UzJDN6
zG9AoDaCJ{uheZ>hf}&0~&9Oi4Zbp^cvu$(obgvq3(OBoq^|XQXGflk;9X!HZ&a=S`
z%piT7DMep|$!bnSZ-JOXF|*csp)te^Fu%Lt=+aRO-?T`_dy@!d-a|jKK^Z~PRQ@WJ
zKyrRf8lPPoS2Aj>Gq)Epev#PW(8N`bA7Q=}2MxtGfZy?I6hhED9(>mzw>O(o>Vrp4
z9}a=K2r^uX!*g~KnuOwsVx^uCp#5<sFk#H}_-t0yPu;EEL`{uw!^Xs_M>R|6(rL+y
z(ClI%fWbBlA$1j2b8tUf3OwOwF>&XCG)RX3g)&7;E2)#8*BF{env@{`@`f9r%)$Ia
z)*!L0i_04!XFOF&@^j<o5TpmKxG;IN6Gk}k68Hxf#z8paNi@3k0u8T}fI1<-bI<C4
zXiTa7q!52}dS42LbBmv2^k-kMS%GTAXho_wy`L<1O7nP&#6zusm}AD&m>HFncGj<$
zAm>%rFs4C!nSanXzhJwiFE|_gJN#FE0`kc8=m~Za^|{Z1_ClKW(W2GBNfld=SK#Ne
z%J*m}l}K5~A*Ur{#cSCizm_PDCbjcBProfci;8X0BK*QzkFs=#>8mkwIOKb;7OH@+
zNBSOz2{M>mu^57#0BjL0z?JlD8oY#tkCw0wgPKo<8!C)g*C(U87pJN=5^Je`x4Z0e
zDV-K*u+p&l(8RSna2LpFR<t|VSg$j6x46I}T3IEtutVl>7R;ZiqPDP$&;A7pl_W7~
zZ=R&Oh3c8pNZYVc&Y*h6J&|VsELlBcqO(mlkV^qGCR3Wx#5Tgd0$!3?*v8WoMqbcw
zrs~y{^h7A^E^-!c?3C#2e+(eC9603i{*|k^@4du=`L|8?ZoMP;ero@#K<EWI)#BAh
zQls{8dn@Jo`QZI8KHq(x^IKPnVgWxV@c8$$*@qymWv$d|%|Ro*$e!LG1ny8F^}vM4
zLgbZ`r{}@i*nhoE!s72PGW5n0Y-o4pC78`By4j>rt9e$fDi%zSmJ6Ar=?T>;?tg|P
zCP^*)8p}@X8(XU#%IiucMyPiiF*Z}P7i#4yHwH<)cM(_3X}cNBE4&Smvg~oQs#pnC
z$`8GacE$Fj^v-~hx=WZ}swO+G>aj~MhirlDGJ%FzB7`iCT`-5&MCKCTbCN7(O-@{c
zaN%B?=0AAZwD|S^ljO34Mk&kM+#pUT(UG&-;E2@X@;H`l+eBkiB(7C4W0b>|Gn_J3
zylWhx-tAVQ8IJ->Mi)35-&pc;^e}BD6=>q%|95UW$Lz4tP>sS`r9a<Js;ePv+LzkL
zXn&U6EB-DCW@*H91Do#-MX;ZT#Qs1}i>aI;^z=+NM_9~YlnC)?413~FY=N%{c6|P&
zJ3exnwPNBUklpZ~GB<w59g<?W6<MRkRH@z$G^>7cm(M9JZMl}f;ok?ADP~E@iQZq?
z8Op~m3EL>F#0K%oO_b(h9+`qY)vKv40|E6t+&90peJxbmFXugoiyYcBW|_**kwvPo
zeY%r7hMH{Fkf&_gWURQja;bJH6nJFN6-5VseoK<m!14iam=6@rpk9tz7v+~xWaFU5
z)#Y))-}M&TRZTUI#$tjBTlb6HcxKr~ueAA-7Xf*GjpV=ghdOzQCL3_wp#}SB0D1TH
zsw5XgRR<CKlYu(hR3aYs#N$!yk^&J3=i@0txk@1KVTF01qoba|CyH<hYuZ9i0E}<k
z67%TPdnZ_(R|VP<6mN5eu`-uw(5jv^(tB>yYz6SntI22zQ~R8ZxS|W%I3pNW%ky7M
z9#8xd7oc`wSVdytw@S5xtju(#MI=DbSU5$jtZOqs#Mi3VOK*>$DrGEr7{?-f7t7Wi
zHt>=GA~0L~>{2Q)_mrN7WpMP~EXd!s)%zU7I~;7PXS%>GqgY!nNXw;2>Sl8+ER-gt
zQ^mD#%w*mj{8{C13@*7Y9}MlqDyeX4%Fde%;jlFm;5YoSaqT=CK7RX&a2ud>Py9A$
zu2vQmiyg;)b}q5y7p1r1IKmzkVb)`nt5WcF8*iB0X}Le0y`Y>=o;EFoZ@GBvE#N<S
z53}`K*8Dy0ctC@Q^Tt6<WsCVHcW<(WdkgJ*1D^-yY~?jP#vs?Y*IypBx?0Jf@ur8y
zfIr^#JzzU!HG0q2mo}PPCbvwln)&*-vyU_lH5h}7QtATK{A2v8I6MtG6bQ}y3U#xg
zcT|C+Y8Q=Sbo6VlOxQzUq?gZwoLFBB4s9J;*z78*(}@_S7(Z7yiS}QF#41ef8cQ=t
zX-8WkSHW0kq2ARHgk#e%*eOP|F<4#YCWn}_6|lpIE##tcpJJaBT(o4uw=|NAJQJ<9
zhqjwc%IO7$c?P@pNJj_#g0$4I{a5H|L9nYz(6W?R?BP4OV;|#(liq)SS%TG2tY6*^
zJX@$`_>W~?oOz6(m)WV<;H9YkKM5rHw^CtPsjk_3*8XU_%CL&5BA%`>HX>4Ab9db`
z-Q#RlM4$4qj@yQ@zB&A0@S@WRsD?qAhdk%(L2i#>o;t07u_-2fa#B~|9KKWGMB3Dq
zpaI`F+Yg%H8&nnO5%yZP1;sc#BqPq7uo1&Bem8@wFX2hr`X{Y3Ka!sar6T^J?HaH{
zf}iAN^|Wd-?RFa#74$8CU(VK}3y;gkVP8^d=xEYbGl%|1N{}f!!D%4B@B#UCS4eXk
zcL^GHTIf<sX>{g4g3g<N3~j0TOx(2DIg2{^zy<nB9;GiZjA9t+zi%hx0)8Uhyw<;y
zTa5PLFBN(;@E2C(Amcsy-@$g`m;L8C-&|x<nT}@cd?Va)?=fw5MK9!*Myfb8oTm6&
z;0KeP4&%JbSno??@w#CZs|fu0lvjrK#>OEk$R@L(Zk0O^fX2K&S3DJ+o=8+9AzrkZ
zM@`H=$8L(Q+}Mm#lzO|jfyOcsXqdDN;vEz4>j14DVHBQ{c~neVyP+BF6<2J$n2h}%
zL%EIIIFBsLF~5PicUqMs$!=eEEG~*gnL`K(P3^<M$@Yg62jlt8;D&Am@tLC83wWq<
zCJimjx_W}TdfVQL8vJc=ewm&Esx3!Pmx7~;Z6{wpRvkC`O_D#08Mhz%88ZHA9IF_0
z&|R?C^q(Y6B_m2Ax9q(^7n8G{rN<AzYM7C2lv*D8(9aILvr28K1%(>dmg7^C_!Rug
zw~Ev$mDWz;qaVIh-644>`Cg23awUiv6mddkpm5Kp9h5L>mDyKuQ-KJRGCmQMr^q#>
zSKg#9d|Wbr?2<xDQ2j86Ny12zMD3)j(oo*dWyy3^c3S7`y*!WX>FS2ky@Jm-p^3RZ
zI-L26Gm%j3-^TecaVM?C{@ZB9!#*<6A_nIcb-Gh867_&@LPM{rVXoIft+e##U}~Jq
ztW~OA4XlY}+g{rxmwLfkq}0{_R2vG*?=u{$SAMT2g!a4C+g(U_7}1H>O}R8^K(AlT
z)h+?WF0%OMXfvMu`X?aBY&}~r7UJW0;twR>_J9LWzq+nleC6rMAY`vqpp?j$tHXc~
zzm~rPKebI)5@Zo8;ik>(v@t+JV`R@am-6$j{SWUKIQ<7U#XLbHzanNH{~QCgRXTd&
zAtz!mhc=(`V=jOHcZZv^rS&0_??CN(>oVM_74h;9t_3@Rm1)hsLsSo$3Ho6tlkN$d
zKRXBR2-+!<10IOrnonHiap~`imW!>@&QKUbaycZYnm!3YDrk}DrBkvWU=`Bn1`8aZ
zQ5QX%D_5cSa0$m7A1I_#lu60CT3R(hrJ#__WjfP$SQgb6XB|PQp%avmD8|{B&*0C)
z`mz*x1f%2)>?QodF}Kjg_PgP@rr{E{x<?_j;KgiYs;0m*F^sFO@;Syz;{g9F;T`)1
z6K8v2|L_aBL(FXZVE&BCQTpi&W2SXSO6VpSzAmSxB@@*{-Z6z%5yK2**C|{S^x?|a
z>ty%%0{t`M%ib@QIoc0{Ipomk()48!C1T0bnV9_jzs*2e_xiyoJ9(fz2RvI$m4N!z
zsf(SOU1liKf%5)TxLsRR5bXLN{QB}A5c%OiLV!=09n>(<eRy)C5uhUu!{em`Ld2~>
z2<tfrVbuU3tVbZq2%>&Ev%J2SFU3R4M3OKa*D=V3FnuRC?xFKwe|=R!b>@}eMFZ9T
zLsZ2@1E)Z=`ZJXTQv0121S0Atq8QbHfL#y@X>>sJU&b|RC}16gcpie(vsXV4*1{Ty
z4BcMvMo$1zpxnny5;rg=W4%E7zK)yLc#y97KMXepq$~Cd3u+(-aoV^@xCJuSgLViA
zf>7bz|Az+egQz|Qq}Kt6TFIk;*TzhQ-lTmO4TJ#6vnDDUcu(k3_Iud}h6^I%2Pn%V
zj|b0Hd!CjW$<SRIwy{j@2-dI!bXA;T^B|NObg8w>e7=lEZh<kN%+>?YHPhn|?o@*^
z>s~>nRFW_&Ylr9eAM{MKzn{RTLHIWPw#KljbJzR>w+TlanBEso_WpVHE(cY(8V(^s
zYF82)m82|A96TsROC?!eja&*Do2*-?PPsHijk*L*>3b=c8fdN)hpNM<4BmH9655a}
zo&|(;l83!X7w;@X4bDUf&SxsUn3oobl@4;4Ed6=p^oZ^&{TbRaRIra~>}vKqer1RR
zXM35sgg$7<76%eSVOdbR%*yy0gQJqDD6UCa&NR<Ufjh!A?|1%@6V9Z!MZ=X?#)?f!
zy5G7w0{iBNbG^0@Q?Mq_#u&*7+5KR;yqMvNRfeLKlW(lqShVwLUdS#F)5W-(9xG#S
z2`fQD)RCN6Ow&}yxR=glN*sG&P7*_rn_5H}3?{<d{T1pvvx0pW$BMN^L8`<10neul
z14cv&8ZPJf!s3H$NYY3spu8$A6`D296s6U9p=8)iCM3xvP-HP*I^?i1PK4!w*a!vj
zj<XoO)R^ZF2&+xoRh-7gMFqO0$^nz;kxJ&lpb39VGlZvb5JoS!%@wV~{K>ojgb|cj
z{^_yCvE1y4(>3JLJ>qv|4%T&5OPxEW8WkTUG_LHISoB6B7BM}FJ5Wi^R!ELa*(6p>
z&gQ{KW?DhcrY>c6;U*q_78#otKdwxe#CjTeq-5gv<1`ZSB+@U+uHYn2zK#w3{>q%Z
zi=yN#85~!G3Rfe`3+5ifey^?*)je5dDavz8G0OwPMo)!x%Z6~C6<1@-3tN<4R+1=@
zKGb4dS*_9;nuV?eQ9}~9I+jfx*SwN#QrSGUXp%<Ep7>0f{@W%`9^kF;&U8WZS3=br
z3EZ2Jf!im=5{yiWP$oK|U=<LiYu0fYn9@=~ed*(q{Pa+&ucWk)pWkwRD%1V{lZl0&
zJ`45#<7#^NzXfamt7iQ_{!&3f84yExMZtYrAuo4J#aLNBa>u*r%K*{o2i(brEAd#F
z@4_p3`K&NKUx3LB%VZ9}Pq4>BsJ@iaTzr1x`3c<GJh}&=pfPa1H(2)(RG_4^^7tTr
zDkx~Y3`F-36jbr~Uk>EuDcl+m9VD=olG0p$ej$hf2rT(D@VB`4Yi)0k>CHplqg_i-
z^9b=eYx(D;>aqYB?aM1x%wF8u<nrT}c=wpBcdW45R?K>9vzMw*_o?Iyd1hK^JS(mO
zddw5j+C{jnr&g_JzgwNP__-BAIHvC3G>9j@YejznjcLz5>~dA|3XtW%I6Pl4E^lbp
zcGX&jD*j?@Tad~i_frRNT%)!o7Tb`PRYP4vqayS=ZMEYP`Z!OGl}YZu+>Omg{n_P%
z7KupzdCT@-Qk8ui{9`C}2I1nM^Ezdw_*(0E&TyNUW~jKQ(1$FU9l}WhU+8{n*9xD{
zidQdjaUcAbuiji(il@wE%sy2SLNnlSlIwJgmDVn{w!FKLtsR6zj#G;llSiXH-i_WC
zVL;<(Sa21cNKKIUQC7)o2>WE9>EH_M1lptN;5)}z>{G5uBTrr7x7eRo+(a8AM^Lg2
zs0B|$@x-uN%BgQ|kyfL*x3>&BktD5V>FMC7OqqJh`Ux?Iff=AF>SG&~LKH9^HYzM|
z1UkEoFU%J~?BJ-z;Yz}Az%*02-moQu$xEBTnZHgM*YibsDUr~WNR!4QlQR)YHo4(|
zY<)u1`6tKsTGQBCyex!SdG*hLR5fz#FR5pan??buX{E_v%Z0MgUO(_1%GF!kA{ERe
z*DEm*_`JU_Oayuk_f^nS<@GRz+0)O`MCkJ}I7idj8d06fyC<KqWUT$t`c4}_6e6T_
zu@W_{Lt~St*(X)`m;RY1x-0R*n)9({{7QrEci#9(i|6@|N+<WVR#nxcKxe{f`%aOy
zR>`wVPBYJ_8oUmJ30ZYT17aGLi4&w1xEWMshu?VuMc>+T-wK6%u@~nb*J86@3d7GR
zIUzgXmXy(dA-;!ACYjXJP6Z;%K?o#+Y<o<>^@;EKHwlhLg|TXZXvrqBEj9Su>}Mw3
zLksxOhCX4V8TlE5fNw>4yrtTe$Z`p|9NU2$RWJgtaJh@FUL;9i@f&fDa4udkux9{m
zY7k_8)^Z7+%t#X-3cgC@Oi+G75b<xZb56L@j?q1nU+&`6|IERus=H{rv=qOrQPRY?
zyE^Q$Q9fsBA^4}RutX~cbO-da_*&(Du!y^?eQmS*dRZgB`Gq0~MYNn>$)g-~5FP;9
zoCKfB*N*wy2tGOHRZW(sygs9H;=zHOdLq-p6oP+|p#mG?P0hvHq`NSk_|G&0l_Cpg
zsmJ}}q7ZjfWVXTcv1~fgcL*FXFy8TXDb<=aScM7yc7nabR(WDP2g#dpar~|5LK5xA
z;7d|@78$1#q<3?-Oy|L&V&nUV6y2$+njBc8!U|!BC6Xry%_snZ0W+>gV=rttn)C3k
zO52=|k1=NmOwheGIDhuWpI9u9hI(YmrQM5%zp<z;vgMCwGVF7f;zP1$%2ea9)c@-!
z%sUqf`;<UNFBp_16N=59jWA|Qqb_TdX)>+_9^`aLXiw&~cT~d{p!^UZl4J|KN6S(S
ziBT|3wtyCh&c@wY7FRxA#xU2HCN1U>5UhY6lOyy3V~(gnTcul7xT-d=xfbBlnz_ct
z>$(5uM(r><+Q^K^GhAOVuH5ZU)-1_=WYH$;L1Ptf7N*0?e&x5m9|U86GibM!<%Z|?
zzE}G+fEiwlLTuTVhEc-sM^RgJJbzp+Ux9C4m?k?zfs%O~jqBUj1v*)V)b51zeF2s~
zB<qKZ{C$aT;AHb%7!1SV@9`FrIC%uK|3lYX2gUKc(cVaKcZc91xH|-Q_r=}a9fG^N
zOOW91?y|T;aCi5>-F)9)-Mat0Ra6~%x@V@DVp;mL=RA!&E+&7H-uz&fzUUeY0JilJ
z>^J`q%Z|$H;~}zI*;v1b<+>2or5U~io~X_cQPQ)f=NJI1{G+Sq&LxRVBu>7Px;cvL
zTHol=ZU6C?m^AqVeh^$Zu)(oQIe&GaC{_{weRL^+;wR+zwQjyj90Av)+Q|1dz)jhZ
zScTPJqBr&q)<Wi!df)PLFo_TbXK>_g@%})9;>}FTkYuib5N3M}=!_QXb@}pEj^bLR
zdX~ers^~Vbbx_QD-oiqjV8MX(^3$5?2)&-O$fz=Q$80g(%ZL==H%qLlqf<C3!nm`T
za#_IgEHRWvMJ;v>*m>glECa1KTa!thSU>9v&pWN&rZp9zAVuXkEehJ6Gnq3sB$yZd
z2EA$Egf%{kyllAdoNJ;A9%g0~!FL^_BD0f19ACTnI}w)~zdw`@53aE-S5&!`x!w>j
zYJU{1FRR$+y~;C|ys^#JwA&O;`Hj!cW2#U(txet`5aRsa2Qj#d;5**ey_G+67yPev
zi&x*u%&xo@hPRR&hgnP>$gU&n_-caH_);OS^TZTkT-}DjmR#_2M~TTRCB=oiZKB)u
z!>3Q?5Tzz(5H6I>?mfTC{V$2_JxF$d%6bJ&wQUJoacZ_E4JbiS%nX4Ceur4~)K1q;
z>{88fiBl}aZ>Zc)j~)Fu)eVi>+8K%IfN-8(nHhPv_RZYiw$EMeCtiZ?)dx8!)7^Yk
zCI^kSRMnvy@eFNJn9ja<yq9lZu#)N@stbxy1(Z%mffC{L*>5UlfC3F;>@PYozj3_6
zxj$)&W@@z9g%vT{UHW7i5+TRy32->uvHUZ{W&7vW*1$MOul;`wtYAn-orI$g37T5W
za%sKJ>jkw`=+NVsy$p>Kw~>a)XJ{oeW_I?->8y8Fw*6@XtPbFrq10HV{?+|(?xw%q
zl<Z7bZ+RPc<4u}!nyrFUJgT40AndF#kXuvx!OEV%OgDN&$?~VY-VTkME6<9ao37w+
z#1O72wzw!tiLV5f2E~u%8rtkx`*6$`;mN=!YM(;RS=jE!>_)5OreZ6FX-07f1}Jkk
z(*O^L;>+@U6L?o-f?*(Bilq1xMkx^n%Mz|3?1}6*p+}%s>g0&WAE!g6k_<{FpjJz+
z%37FE80uZ0?`~_1U0PqxDh6Kr0sfnOlI|AX{Cy6-+*U?nzgM#M3!en}h!U_lIGbSO
zYJ9UI1x&;=V4)W)a}TWJW8XeN@`EyFUw`iZm8{GA$4{hpg+IdyPgY_ow6`)<BBFj-
zY`5#h30qV#?;Mu<EmGt?C0Pq8aI>Ea^jN+%>TFHuhdnbYNI8n_%faLYckDp<B_Sv2
zfT^ETaoBlLc@3ma&;Fzb`mg$ueaDe0NVE^i)>j9}2Om~f2G#Wk1KOQOzz4A0*)?Um
zfX69<Z_7O1VcP=b%`SVB6qYB$cn^AJ)7Yxj29Gu^-tTGOy#0g@x=rk%i|MSqI;d0L
zV)^|k5^9GtAc3}Nrw{#`csvI`4H&DPaB7bv)T{qKAQyb&eD``$sV07S2abodZpLyR
zq-sy&RO;xS9fa(W(;&W=S0(ZjUKP4Ec$t<D=R0a5q##HK8?}-bcacn;G;~BWZrCUP
z<8NH?Ubu0Nmkc08cMkZ6!=l4m<GyM*rhQK7#>^L94;cP;&<c&UqjF=jf*Vu&nG~Qr
zS<A_4L6yc_d}4}d=`|({NK3$`HEZt|i6-vMLNl`Q<-2Yg?nklv?_BWCPb4Fqx7M98
z{$X^=Aw(%=@td`B>wBv2x|u=$wTrc#d+W2TI0cYchK*(OzMJjTBy{ef7PZV0<my}U
zEzYA>Nt(9a`Q7IB^0t$&iHe->lx13hoRU`fuSXgI+IzbH_!~U01&Uur&3k{bQ&gC^
zwU})<*?GKO9fN%F6SuPZ0u)L8*T`@Z>vc$&yzoJhhF|E$R8b0ah(6b4R>}>)*;?yb
zB6lQwx6?(fiv@yksMGVU!_WRdV7HFie=H@|T@5ZSKLbGct*kpt$HN2r4MVPN_JCUK
zj=b9EH>QnB3WZ=!d>%tFM7r2-x^iY7YVMb_Lr*VQu`|-dKZso#JQ$535!f6;2(*{^
z73hc<@!}$M4mQt!P{5u_3`~g`N=3(vkcUg$CEa=S3$PgmyH$0wrB$F>Iz=kJ(!nhU
zFxRjhg3%NWM+P{<z4_yPJ2$-9yEzH3HxmkmUH3S`<d@7_)cN?LGRkiQ`n3^b(%Klv
zr}wHrp_fQDFFnNwJ;0Y%Ev}ta*hmhkI#?}#3*O;&{dc5^)7WrYw~SUV_O838J*#0B
z;OVv|V0ipDxlFRCX)`(m3C<P$uV})eN?Yx17is$&gNr-hlp#>jxr}vKIIvu1aZ$3u
zI!s;Tjpl6lQzB`4cHcSvJycSlMaXGE$~ifRkZ5}eC%}*|g78w+nr;-=m~Mpi)sqkA
z$x}HL6DS?2j*PcD_41n{?A#)yIA6N?3eH5stvcqOIwlJ?G-%Dh6+qf3T~YpKge9rL
zLOl0T7R4=WH$HYjgTra{$GBtMl?VJh<Lj5|e+g|POStSgy?n3zA%sTb@Aho*M1L;u
z!x}aX9a0Gqa;hTr@Qd5Nh9@&%rtZ4z5MiSpsUbqN`n4E(QerMS$k2ULV)v?_oPT!R
zFS9fX)QQc`H%~ck&KdPoS71ShG^2Hg;Yl3Vdhr|;=LZf8JD?SAX0B&o^`U9R>2$Ae
zJBE_{nMWJ4375<zOPFYMrJ>gNzd+9@Q1HnB&YkOh?2ouUA3st2uTsdy5(!IYa+_dc
zGJ1K;VoLF!S5{&lS~<&BgQuw)0Mk=`6vM~scC)9waHl{2I9@qv)}f%jSiLQ<Ia2Q9
zPLFP87G^2`(oXHquaf4Lh)fROAAn5OO53>tl>zYiU=#C|+z-U@1b`EW;6b@-G8Wf|
z3B^l_)R|Ldfog;~>fh&3%+l3XoYtq8&U`;#P&Ld|H!Lk_zik9RQHeO363O(C(yH;3
zg>mHlQOBzoOCPqn0<PkWWAxd?GdjK%H46!Bw{|*Zi|Ra;NgU#&xrEBA&rPFHbyo#+
z5w?a?#91*cF-zI5@>1k+$*mrFp7(WJ9Mix5O&c>E`^&p8{qBdVx@4-8lbST-)mn^}
zE`uM~1`;Fhw@3T6(C|)?Tbk5hNw-Y4i=|@A7Am<8tUvQhjtxr^_e6=)wQTz?hL>Nd
zYuqsf(Q$qB-wZ}*7<pUvNQx$n9^0HPFJ&3M&Ry^k)yD-voIWMXkDkEjFepwN%MZ7}
zeJe<kE%QAliRi<fAA$pG!^S^J|LD)|nMWI17;wJTK5!s``XFpz$NEJ|2=-cAVfO?R
z`HuA`{Ps=sBy#tu*^QbzGHXLO%*4yT90cJLTK_TwIt1S}TEE8P{7+Pai+{$=CJ;0G
z2iV3zzDRJ8FVYs&wgu_MSJEGk(I6y-qygf6hZUfqNT4nyP?sFY>&Xq$DpJy3B#??7
zfl3CAbAw3S@Bg7WXpm(y9)#$yL7E8C!f7L7?n<AfG>MNzP}l=QK=|e%8^rT&{#E5z
z1i`Xd30QqwN!aUp(BMn7V1{18VJNQcC<J{ONmz#=P^Sb4%)S1rBtk!pARJ%|ny{6G
zaDXG|?)0Epu!GbVq(mUS0O@gO4b%HX4o)zbH;DDIhXsSBfz&l17%UE?Lwdd3RAI9?
zK0G_^FyZ!5;AGIXrhpZ0e)>!_GAi-#1iWIx*>9ieiXTV~lB@Z%AIyb+`E&6fNH9+Q
zZ@G)J7hvsVVK1vi+bR+^(&INyjuM;z<QB}N7Fc(ZS_KJF>G4rY5l*V)xXh%uGow(_
zx<Mny@3e%?K69A(KF^Mpj9epWbwhj0T*Q9p17LCCwKYTFae_4brlU7t<6?ySMpE#Q
z@AQVegJ9LtCaNCz=3vx{vb%6%`S7dr;VOh*%*A$LJah{o5sh2ji6U4$aE_Z(9M|s3
z9M1K`cr@^QyDDU>6RF}b&gR=4>pZpd;$uM@G282bsu;OC_s7em<Fg0^nP-?UG}~t5
zDd7VR;Z(BP8lI!6>mJZ&c=nX5AoaZPNidqqT*4@Ih6HXdojXrC#RyZ&RHKn=)-d1t
z4I@a060eb69kMaj_!3mSS|r3>xOE@67AFR0=Kd(lKwf$Zr-Sns->A$yd(J-7bPOx3
zviprMJnI(zQfa(Vaf`{Tw|-A9zd?yd%y0W&+lS|k9!4LLt+3j#=RUX<*IRw#g1=gJ
z!AJ17O0%{mvA-%%d@F9@$oIpAJDc^uVJdlmTLt;(r?ZDHinmA@exfwHsFwo1*L1)!
z|49P1ZM)do0{w0w3g|T{Dbk`D-#!F!f^8YVuG~^a`iIPRnSRdg4;hk!1{q{0Rf()+
z0M@ir%QI~fao8^cEXXN>EG!kE;Yk@w&Nai5ni(=^1%ICKN@j3gZ>f@|E5;I_jlP;{
z)XGceD_Y3~oL?xAj7Wr6=An@~!B3c@lRTM8dQJzCNHaO*HF8lFYwAQT-h|0h(K-2#
zdbiuOrlg+AoOjcUeMW0)e=XjZiPL@iuu=Ub@sBAOz8K`W5Z1t9JSzr@3sD-l!iDb<
z%CvQmi3{TPm`NQXQg&dR`a^Qt8n$bsa5JiuIK``~lD{K;%fEwxs+G@iJM2xOmq%`@
z$*KKl%c3Z-Z^zdhE+f73vHu(^QgD#)nSoU5a~~zhOa2M3_10eO$+h|8lchIwL<|nB
zIh^~bs3}0B*z?<V)5r}`!N}h`yf8}e@jbRIb@u%DS+%iZD85_FL`N=~pSxhCdHqOW
zJQK^sG}=m?wk27}GS#%zAX5oUWUQ;^oXHCZKlvyaab$k<ns;ZzqlTJXwj<Vb%~L>I
zVGe?p%Aw-snff@z?-_MMP(hi=d?Rrj_@Nz;o5V37%Xw}%n!CrlnW;mGux`^Df-nxg
zp5g}~3JVxYJbY*nJ~N?-6{dZ~Kw=se^>035LSxwg+p-YVp?#t-jqD_3nK^K>B4ku#
zncqQy1Bp!7ghqoREH{#Kz*b?(-lW2v+89bBKYw{8eC@<Ju+AW9NQ0>37w!Or#GhcD
z!SE1Yy&;Yk2|1+UA(&1RzVx<=Vr!UjAcGdL(k4NX@J{InwPN@TfN=HkKy|D5dsu^P
zi&7a4PVRXND|I0_H7HN@l}i7DNkhA;`niKz!d|5@{4ad5%;0uXYt~U^zl(EzOJ}}Y
zI+y(ht1i^ANcq;7%>$lDujqo=2G&8*1;Z6<Vvrnb<pY(ayi#J+$wP<4#Bh?<TIdXl
zyAvjX@?vCo7F0<GcLImr^0@l3_gNT2pV7(raBh@xU>+pweFC#z{({{lQh`O=okwtO
zGe;m_Q&>ey6*9kOs2yFD>eYh|j+Yh(#_us0s@y|nr;UQy!?WNRAWV$_FfX>pf(nTV
zmr&M7trn2~Qe7}ng9zUbYm>ll2@%hcg+!g}qbXR<VQpy<!^b3whmm?HO4(<~&T`!k
z_yx=$9Hk2GcIy{#$dC?|o=^$jThXs~4AV-PU`sPE8`g$}9|V3)HpPdNl2JPF3SKP*
zJ%G=Q`wGsI4G9q)neP{nmT<~a$My<-iF=g(*TppPy!nNG0k#ZB+M^of9<=KTCm8Gb
zqO1}u@);x-{Rw2RGp=*&agYG7?@Z|_WY_~ZU%VMn0E(#K6{N-GLN!mIn`R#H`m$Ca
zAnn(sn0Ep1wM%UekvWksg2`fql8t7c-in3@b{D?6&K$xU7y}-(MA(DvcX>jESE;8{
z4E2r$DXUzK82gqB&#dkR7zedP|K78^=j-G-%FdY2VukyJzvHuIoa4WdUGheVA?~OY
zUZ0afNlJ5z8J(<P&Kxx9uqbmC^-pEveI(=j=X@;u8plTL-`r5cqQCcU5M6~_u6&EB
z3&_e#%!S<JBAulSC)m~tXux%KxG0}rJ#Y^v_Pio$_zh!0W_&u?z8Q$I@6C>}FVqV&
ztxQr%_r!~RS-S<thwK2LM6S}HZ6e;rp7mm|osqYgQ7<n5(-$u~VX^F(3QAlrSDBaR
zFL9gmY}U@}qXy&Nz!KsPuuaUgA)n96w!Zd13i-N!J4m@{2`CpuJ6#A@guc$E5OyB)
z-i7ed{o>mFQTg2m0}tfhFQ|4#8a&#xylo>fk`3tTOYc$Qy9;3}Qjgq(vfyyhIh9=|
z`W}AFzRaekts7bCrJ?H7`G~n$t5)=U|C1_y`#dvo&H7Z!b-R<R;gL=aDFB6%XYr-D
zA{8PBNG75NC(T!+4XC~I!EGw1$s^%%6*ve3N&{;rix#r|YlHDG>AOO`Wq{Pi9g(_~
z%(2@wVNa7{IwMfe^k@s<*elkBHN$%346|$p0;5`$d?e`!@r(pP=`nNvpi1{WA2Vq}
z#-lGTyV<`5nd;v+Ce(%_&%HM$5%onP2f|>6T+P?pG2)i^PKJg@Of7=m2qEP~ZSZB^
z*%TroRximf@a*9wUu~72(KHfw8@-U*4kk;GYFu*O)$ZyC9YY|tMW%OEq&oY0A|RgS
z>g6ljtcw#Gjy;z=9;nTV(Eeu%3!AmepKKJa8NMeLQ!YFWAvRJMw8ng;syIcqsswM(
zF4k&frW?r*Ea-atvRuss1+0(Pyl&&LKZh-fjLA0_=Y_y@KGqs|nIo-VE9p8jljjcK
z?@DG<;K;MqlLj0Kc7M3;$w;lgACdU}c~({q=JmEBY4M<uI`UY0(Q-vr&Dm3KF(}}L
zDpmMn=xenLO5e|eUL=`~pn?v`>_vKmX%@SV^`tl|l0V=j6mWcJ!s`&tQ^eA=Q!(Xi
zaAOU=gB3ND@GrRZ+<S^(QCWh%z>^evyGqBbR1Sad<P@cjEG|X`WVQeJI8{Oh-~8Kp
zUyQbIYqoToLvBDv5ZH{JH`b}0_bY2#jw)}<T(P3n=wV8QT_Mp!rdm#uQq%91hqC+p
zaM~!o^w*`MD>$H%ZaQl6uuOtm;x3PX8lkTZyxt{Co9qP#Inwi9t2fdT@|C(5k2yxj
zg_{)ya(1Ef2HLCX{o6qro3fu2`Trw&=bJ(8SxUiVoc`Dc+OU~Y6C9R+W~uplxy)4C
zxkj6$64R(Z(K9}*>e~09`#%pVmRdV!Rs!dJ6l0L+h&?wvoENx0U+hUZHwoD%{QW*0
z_kc=g???OuMM^Dik}dq=?)#E0wxTWEAmWy?01C%pxN9mms3^#-8A<`G8+wDK>S;1<
z;1g|2!mPv(BR4A)r#<~~Idy&0DYEhpBxjr`e#(gh64~gb@TKQOr-cmqcXj$~YMqZa
zJS9=n@>IOE;ft@pexYu^<;7Quj9v~XXlF)`0yyv&_w<FJcO(0LBy+km0e7#57w7R4
zKi&&pk_a`L-#`hyRTCMcEQ)lx5e?h+utsYvj-PHjn~F>}=+ikR7%5$6GPowgmr2Tz
zNSMpH6yA8X$-a%rzKY`_gfaQauC3)@(%cb3weJhT-thU`pzz&<G}19==+C%_pHG1j
zHny8{#aqj`^&m$|%o0}6Y$X3xV#$&2+&y0h4DZvHniHPqa@vgjFtJs%^><q@5w9Tw
z$)ZMf%i=02a$C1)YvS&THL}-gMng@O>|zYw%=7sR$%$;g7r23;y6ZgvlhUfErX4d~
zM|J}#ycE9}k7hCVZV|z(OqAzs3DqE8ZxAHYQ_6HkxqFa>J)1iXqpr}-k<!LxXQ|Es
z`nBDz!GB=Kazh#JXusJE0!Hy_wI$Igv=}$4)gIC4-Ga)YujYEd=D$(wmev?Jfg@%y
zS0W4`%hzPcb*7Wf4W@f_*%7L%pWEllC_4HqK4G?8iVG`T9E*Ulj~|ore_k$P#=!vG
zdDh`0m<o_FEYYZOn;inx*l+kb*i_`-r4eyZLZ)e#Z@+YIt%8_TJf;W_KjLYP?-FPL
zPFw<)nruy2qBXqn{ZF=m`Pit^_7~KV6TJa;o13FZzKb#{d?OTzMO6_x61Djm{V=!<
z>^wHU3lGt$>X}j^BK5z??NyIP2~u8fDyM<XACykxg(OSOaSon%*k4L=$-@Y$`4!|@
z8Z)QJ@3ZPxs#pDbirXZ9xLfuHn6>Q29%lCdk-2@FGFqAecKeMR1(ppxb>}$=6L-4%
zD=EX54PPT`DeF;AHg`q6M(9j`c?K=~{6^;2`IzijWlsOBiZ?uoo#%`9Y|t}hC9klW
zW7~cyBEx?dsQXvcz!0U?XF=WFN_p8+E*2uCMs=T=?ly)_KX{*#?iL*;d?<JH#|JUm
zOO&9nl@S@Fr(Fi)qk|f~xgSBUTDz@yRjNxeCS{d-rwFqZGegx}V{7mHzC4UNOdr9W
za3T3Qzv*?`K-^m?`8c-o)n%86my#wX{8{~cXqg4ld5^Ib*ihS0x&}VRF|Rqq!3<i*
z+aGg81%+EAm+6_JyQ<8A<I^1Rc7*6jh36AxXH9vzNki_AJ)&PE2TTVEhfE^Q>C8GO
zf!wnA)mOc|c@WK)cGvg%BjkcLNtF?pkGTjOay~<A9-$irKZnpcQ&gcEXnA2O4|AD2
zH4ze*Z4-Y;C)0L^9wcgaJGqsn*)^)pz7;q%j&kR|y|Y3eC`8bmQa;62rx|itd`9nd
z1B6Z0m<O)5BjF;t6IkIUL3^H@;tf11N}DKo?p;}wXHx$DZY^S>#Mp3UQ2;T-@*X{A
z3EyS&ju(`MQEd5$w>MCtec$@~(Be14Aw!pw?8cP)A``@-?!(s4QX<Qi=eTtZq_}mR
zJ;BS&@W(N+(##{QqZ3n-p@{oC@o{PAUDMp$T2u2o4fWy8sh;MoqtazReN04yV)aJO
zUT2X1XXO?K#1-`a)lvJd3_khS{3Y<q^Y03bU@(GH6X9nkkQHYNv`P;Gt=0!YiU3;5
zXM&dUp`VJV5IUbCAT$7qV;anpfE+aJ_Y$qI6FcGm!vp^!nkyv6<_Ao#Bi$OT&l=?D
z5H^n>M8Sy;A^X3KXYAqx$g!iz2>YMi=uG?Jc>c%%X%AxKZYYHDk+c#Pxk8WvqhEs_
z9is9d<p>iDUMJu_?{5Vg@pas>MhB%tL2*rMaFAUIls!G${)}5k;IetHtr@tkNkuW1
zIH+9*O&Sm6Q~Fn;6bj@|`sevE1?keZH)g1RonYVaZtbmtkHX*Un(q`}jzL$cK!5{x
z`<GmW`TvrvXSi_S>YwEb`Og~bdAmc2gl?c)(t_MZ&LCES4{{47ktBdDQ<vl*M^z{2
zXHEq@k76Z|)oD%qoQUwhOe`WCxH!Wr*KN(Qm=G+}6=(|o!m0nJ!VQ|rF-S{fJWy!E
z8qz?I8~}=(VzuM}I|R&`Ek=g&i6AxaV2&kb5gS1vP`h_?Ay`FX3**c{jy<c;p>$mA
ztU-%3%eiPbX6Chn57;ZY#s9tql7q6Js8JC@mFkGx835o{Y>XgHUi4;b=(=>=!IA_A
z0BiWr;MZo=IG8&2AWd0BBQ7IT7jkvkXic<&S5~krf&B`J4=joPRx_rEh&~f!xFfb8
zQ1+8b!iZ@MEE&sH_S-2C8bqfu;}m`V!eNUSsT&Jd*?|(LS{OsYRKGFcsZ>g5MVSjC
zs1h8Miz1AKG1PQK-HXNl_2P^63&l`H!pX6LlC1c0m>8L559mA+?3v%F*k=EQQQ4Gi
z4y&@fW@toUdOzd3o=_t1dFDl?m;d~jMyzjJZR1o88I%m7plD#hccxXr`pCajhAThV
z{OjfBB)0hLyQ=HF%e-xctufsCs4#kBZ7{`fKYF!;bs2~oms7$?t<a6h8`V#kt$Nf`
zX>sJ5ND12zCebz5g>)rlmETr<a7}woyKmkR3Cviqbz^_`&b@nZ_WSgj_MY;bj>Y$l
z<V~GDs>k;ogjyr(>XpcwNS!UUz_?@79(*s9o9w9^e8(f3(j0D>u;R<o*wb>{Bs&BZ
zXZf%t+iXVkNn7ldnDd^c>e5%A;~iTQ%c}I%LQ<I*&2C0iNn2!cElR0;(-O~{u)1%P
z6aAs9*Il`PV8>pD*+I{8WlDL+!6$w6m$LG+Og^~cq{yV~x=1Iv%LdIfDhJ#1w%#=T
z`&wxEgjM<)Iaxk~ho1UR^La*Pd`cS>w4GB@qc}0)u1bmpLNxG)oAY}7>B9vN^)Cxy
z0TVtW-x3hr3i$`fvNiUGF87^DX3vqvrq+Lnh7~BmjSzpG7!PIJi75Cv>&(v_Eblf`
zn9-5=td5}dlz8o5rhxZD|Dm1qzJ_73C-f_$PN_mXcsubDu^0<>%c4Ea>N&5P0xo{M
zL$*Lc&qkp_x*ZNlfrKl?hL>o=5867#Dvxl^bJEJ;L$wJ)083^qb?6Kofqw!qN+ReC
z;Co@)3~qm7;VpAJ3ALd$uNHS&tuD}9BptzfA((A}*6?+&T5hh_tgAFL{}EM{=b7HK
z^p`Q){B~@~-~qx~3xb&lFtb74;a4pCCf&AcOek~=G)_9M=Qq75))0Ab+R0n>boQ{P
z-wKVB*i}FwcjjNd1J9k$Wo9?8N)5JV%sefAsswO|YC?+g=y6HQjv}<E*}KLUJW+04
z@_Ccse6^6kOn+=tpdiyXtLO?L@CJc|Jmz901rs?Xw&P0lEi(MCsaJuEKbn)LZ;4Zh
zSW{PWM<EJJq1-}|>XtCHoRMMaC}ldu*?N&4XnG98yBE2TR@qxu=x+FC50S>2q#^Cp
zy95!!!AY4+=p17$0`^W-h#fLD16T(kbf~enIqJYr!d(pzWvY#hci@=Wcy4<3rNj$T
z-)P*n<pJLA_1x@Xb>r-?P<v_2@ScUW#*;CDa^w-~mdr>i1p)`MXb)2;`rHCO2PM%>
zjt<3XQk5b6BB)h!0ooR}>sFPi{7PWw%RUeasJ3gG0^WrN@`ruL7IeA%N}3#0ciX{n
z%tl_IgV%uv5+Vp^5yCyjIz&p18{y2M(2O-)p~87fOC>I->749?LHUk&MH)=vxDdij
zb&?x0Q5Sl~l6Rt0$>cu=L7Pi7Ijw5?dXt$)61*Pop02P@LbLFgtV8M)#w?TC&i|#X
zDg{q60f6Z&v}57OAskyikho_Y%fcr}iV?$L8;Kq|L_gl*?=$G?H*j=G^3BOELm?w+
zeM{FT-nHa3wNQ9I{+k52+VV<%f|q?KSmU&)D{V@JS-fvvx^0e$Xvj2?74rsULD;oQ
z@=cP+01yByhsockvxRJ0zKOD&c;?z#;j%8tJViuGa<;g9lF$b#x%%kAer}Na4<G%y
zp6<Fe_t8W8eD48)gX!n@rZ@}iU6P8AdZeyset^%WDe>%no=@+)sgR$R-&af%jVq;i
ziys&COWE6Z`gY6%Vqt5xb=Y48{9B+7&-FV~vZemks3$#Gwr$Jh&pm5vdI+6yshqq5
zi5L%q@~K&RVht^2&I)?V-^LblgS|7kz<r_`?P5?wYkZrV?0Y*J?O<$Fezy@C^fX&R
zFzA1kdV;{wlx@;6IGCF0g>sG?bZ$I^(fKMy^th*SjIlP+jlI%cpn4sQ(pnZXKeNtm
z1({VY3=7JPZHO2t$JK?PnJlghfV#OP1dfO!^+<><wveM^kQJT}86*tywpI?WgYD<-
zS43H1b?-7~pgJXaFQTY*0B%~Mbn8yex^HH`CHQtAi7nW+wM8M%RmO+t41}u8^=+ZM
ztEwFB8`!I_0DF(tThG{@*!3&X;*hz&aGBm-GDo3hWp>E);c=FUe(J_O0y&#o_;;Qf
zOzn~DHwzCjJR*GTxJ3KwMxMV2{95V~Fjyb4AbinmWa5@$>!pota=32I8^pL+*rCWS
zX}V_9MmU;ma;Q~IXpO<{z6iy|=QB5}%&4gFghOG+cX%ax*o-pF7{q9U9!bnl?{4Et
zjH34GrN13B&3Lr#Esskg`_bPXCy{G)_cO#n*@Fx)?twBGZo%CryS;k4p_k*RLNob9
zo#8)Upv8-44c*dHVfozGsaFF$>*WWs6-auN2^@fTG?f#3ocme%**s2{5;c5wKO#MI
z06$ttm`We`wktW_rde_<H%nL#vYb4fRpfDCC4&-LESY$s;W)0xV`2AkNFqxE*>UI=
z6T&WDk4jgf)AiXNpZF8Bo4zqk<^*n6*A?_#i{{cY)t5k!k9PiRY;trAt7z<}v<qjU
z1kT6JrJKtB${ocajww1G?Z6~rvp$rF9?GY_4Zvc5KvG{Td>~{KL2geTLMpytf0DLI
zGGiKRh~XAIn#ru3^{iztQJI3gv=n$+ag*KrWtTDA4Zfw=VD<s6@*M@D89+4$F$*s{
zoy}RglwVQzSHgcPT^q6-uqzS?7EcA_+m7V0gji1EX%QGk#7hoywCKkOy0ZzL%zE85
zfTFk|e%Ua7(>xCyZM(K0S^5&T9Hu7T|6q}68d6@RiZOQFM)|#Su&!d#)s`2>BWpn{
zz#E^Qy0plV=MAZ~LckRKtx2jP52(o9%Q1n-Ug%2@v8j<;{Kvdk4M=^B|MJDAkdoFQ
zD|21X3VL()u!D$W3k#gLDWWndNB!mnGu>G(uyF-Qk9#y5q!dRV;7l7UH;U~0=)+W5
zelKb`%Qa=B4d!hG>j217EL|Pvu+B1;SP4G8gJVC-q?w*?^!Pw?zNO1dD(yyX0_F;Y
z95%o;dA!20x7bu#Rou2ZUQ*Ul(m9d?>tbwT=^>`91Ojm^3p$R|BegBkz^)AeA<aBX
zZ7z@bz3x;_%{dWh&3oD|7tb8?na$k8gT#nR=Y(<gmk=;Oz1{UjR-Y{3r<k8QnRV{u
ztQZ7<%^cXZYtU|dgx#PWE9RWU5y9y@xq(N_cI2gi2r*?XaI~tU|HWpZ#Aur;v#zd0
zZ^@#UR@AvF{v^E^Me;~EGT^VzRcOiQ?#f<i&T`b9tofE7l1Gx8FXt-7RCMh^1Ke7A
zv~ALxql^G+vGb9<2b-zL8+4~w(h9c9G&Wd`H3s%|L179q(dp`Zwt?db<`$4U+01qU
z(yj<p`Vc9YvbRd2s3n(ADbo9ANSygE#}Rq!AP)TNx*>b_XnNm9()AJbuNt&IP|Dl1
z@f9f^1Im`POP(o-GF_Z<Y`xWSO2X{|*yayTO%U(R_y_MTF=sT3fD{KQ1SHMI`Cl_`
z&I+}EGuy6jM9UW)okCL?HE4V7e&wNXRm}$2e*>I^)^VRiAZ}%K0>JH-hS~1;VyLBk
zf;#~_<R);}%ZsIxH4Q1#i|~TqRU(~L4+YWybo9I5r|F6eD@w?$**Qx2m7p7uGLM>W
z&U~V1D&83WB-<Wmd4KbITgNz<w@SZUfIXS(BIGPvrKs0UL<EOfJMN4Xk<_MK`)%ys
zU&7cXpM|!Z(Oul>*x&HYd##0^is+?!&y~E9nW>+R^gt;raxcJ#xOUI=AX#L%&hl#+
z$*be*PFO1sk8gJ4ZX)lcTAji8b1J&|r^s%sOGxWT$p*C~0yRH}T8$i@P5?tAZ)S|#
z;je)>sAV^lvA)U1fv`5dH|N>J`>>p=l*i)I6L}6g{*C!&CjMwHIk}^(i_*S#MeVmc
z7O%e#`ki6oHGRCiUP!rq_xRDAURpL&Hn<al72J4e=)kyy5hC>a*P-K<x@jwBHV03i
z3nP=)(<)09fwV$juQ39f)xKt0t5dEqBX#fbl@r&_o2GI1EIMzdSRhuS8=2nh?wgh;
zaS+c{4+fD=4ED<7h)&>*2+HW;+6ZCu{PK#~M!u~~Nf5o|t&eRV0=dx9mr?WBx5?Gp
zKgQXh1mV1j<%NwKZr7>F2=47=h+ZIxT5UFJZ8mi6xxq34rwD(-(dnrVFRv8w?3zQQ
z(Sx5`M^s|!0oBj?W@QNjm8o8j@*<z_PrT<rYAa}{*5z9t;g-K?27t$0vS(WY2@j=S
zMnkMi#ytVX;+d$7B|uG#!bFa}+N>oBixxq2B3pdwJ%UW~iB1k=8cKK_Q%AlrKfDMS
z(>gKYpk!4+c}`xsjvf1gj69*{9P}>JwlGjE?W4_jHopDoHxSc8gW$-rhiP*&KZEQd
zH{Uzx8&3qEr)O?w=RrJ*f{b5So@_)iz{F)MKl1}xMk;nBVb8JFO&e!?CC1E+I*KJ#
zWEh_~BG=^<bwRjcqPyhXacPl`dyHpo?Xx6i-Z^*Fh{QYjv68y5rOtkyny}N(JH2Uq
zD5+VR4t*^G%ij6b#g>!iP|J6aEGNJ0NbuWfks$<<YxnBQ)Gf9khcUOj;a%H=LWDeS
z7%Le?wuoQKpi@<!dI!;Drg5ltuQM$AHOcf3ilzdgu$-<~iC8p>Ny&<z!Fbkc7EF7!
z2<Wg?dwwH9Ui`NbpMDZJkwS$h9^<WNdl7`3dPxn0;(=c`M2<KX+TR_+g!YcZ@A!<e
z6sO3i?!xI2*hE`#>F1Yd=49DUWC@jp#TtBi?trxh9l^_eM6}n(T$ehlyY?~kUC=M^
zR`E6Y$-<@A&&-bxW2f^i<=XyPrd6YNO8YP0#7~Jd1?oF1>o*b=v1i@<7iRf2R=&@?
zQfz#0Fte^;dK)#F9`tVSmxI;$SxM%n&BQr?LIOa>ALa!t4NONrT$2lR9$OcOD~Uas
zpeK=)qbI8$Io`?)<Bf;E;0WN8gtIA_`3g0h1YQeiRpk4yIZ<0D;w!OEnJ{+@)|Ao8
zNYT1n&zoYECuoa(ZxLVnD+LvlW3HgzIasWK<yfnV?J6`Oku0El5*BNz%d0?Jq(fad
z+SsM8Yvb5~U9?dhVtXB)2EVSuOzum^_d@~XRcyeaXN2rOVt=t$?&Q+LpoZ@Vq&*`G
zc)4#=m}sh}9QzDQZalzbY&p9<+5-J`32CMQZPYirMAy>jFj2lEY%*>oTzY<=HNBUb
zmCK?1<MCz-aTddq^@qYf@S1QQ4yAS!l8&tRb>#S*P2PduZL-o^EcE?L$`S_MoXwuG
zSz?0@-#muT0R$_m7@Yc2%9I3*hI`4yPfy%>i!>{x*_dRg-X13*_LMG6^xI*HrnuRk
zP8JgLMmz(q0IxrWbJBv;4Tg2Xzw&@tFSvrAW*zj_ymQu<fh(~^t$72Y)zszOcN4Ro
zcU-O1x7x!YWgaozhkqlVDM|=`n$adLN{eRzv?rmRn);J;e!OXxC`_E6FD;IbO90>O
zq3m$wa^$p1_r9N1>grbI%MKb-nDSvaTk8D+e?qM~Vs_r{0Dxao19}XnJEixQCJ|U|
zrfUL9vWpbBm)cKO4(SX37$I%C0hEa{S4$P%DiN-`HiH}1%3~P;(1B5@LfeI=sI3-w
zUl{&>nj+5rAD53q3vXDCRZUacS~>2Tr=0`JM?|SSSG5bCVZWw$>0CDr%kPk7{%_ZE
zp-le6CARPD-$<@<DQ;8q<mP5(a~<IIAS%hPFdYH^Gl-7cdtkFM2?-#+TRr(|G7`-o
zrmWbSQ5E$#6`rlZbdWqlhcS|EO4otPLgnL~IvLjw@~d!Ar=`yDz37;ux50;TY)hes
zF#7IdBVML1Bw}6`PPYB=)vY#X>I8*s8MpK3yW?MTLS<=IuVm#k9>Ho^q$>g8t=28b
zfzf)`lyFcL1o2Fj#zxM0^w|%4);xhHOIy1m61J^^S}hZ|mv`JDxV&Xz?&fKBDSg{<
z_YxqiB4~Rf9*H+<XK}s+Ut~+ZPlHLE(d3gpn6cg}!{>1fEkfW*z8r@gBI`s<rnzHH
zNfzBDn4YD3^lwS^oxafrUE#l)o->YCATth3n<FFZL$hf#u!euHQ*$IkutJZJ5&9ip
zZMlXyZ^`xPThW0>KV77%iN%6i?fu<z#BEMJ6`fv$<un!FzLiolV2#a39IvNdo|JA$
zi1^HaFVAs~wz2f9pY-B~3U+$aS_>}y$lm_=Nv7Q65@F4wDp|3r?kqe8U=jKBbLMyK
z9JO805<pw74x-_O&zXS|orW<3Rgb-`JeViEOO(np-}$0|oKq#WXt~Pg(`3^rrF_;1
z8TzQmywUzJNhfzygYJpQn+{vX!K>|KZz_XVPu(`B?L&m!wS4<tF6OpNT;XT$6PDNf
zfVx5ToaLgp&t4aT0;Vq1toJNG7~_a^4gE5b{}hJ#R1P;xp7!@(bRXn0ROx2Iy?0-J
zIP+%VTGQ#&lm|_?I@5#BR)vky_Y0a&QyVH-n$H88y%emj(^R^0VqU66PUE3*-^aT%
zwiD?=R}=*}TmRQ^m1+NP{vRZ9To3Owo(rEFMe_Xq9q(;Vv!kZaUv#p7NLg}FS?oSp
zCvV@{R-;ESC|NVDXxWTzM8}*+xcmsYi6#DfL)s^kUmlC!D)xS{ua|7#YYnFdr|@`H
zdi)AOsmU)|d*5m-lixd8E=uSkl+`M13weDa!G0l#ev5EX*Yd?H<|xJn=k~$+q1}`*
z3&@a_L9g>;xyp1!*0@zU(xqBOyKx1nR;Ps1zNbUm#@;2Ws;yL61Yb_S#PCYVtS@FR
z@yOE94ak>ZZ-7S9(6QZc=sY{;!vM&f7L&Pav#=Dvp$8rn{(8}IAzpsmdV-hvqf!o6
z5$0Tp%}dv`Vpu+eEJN?6X;n9%97U80a4C1B$+^;R`*l^mK+(i)Gn)a=@shpH^Fg(n
z!Brf5YW_ZKR-LQ;y*d4ZKPO`gpPg*$AUtU|^_;pz5TB-ERg(LO`$5|#iw$QQOpNag
z^@dJJ6iJ)O|4_U6uj{~uW6Pbca~EFP5OnL~j|uMtYj-PXPb=uX)$gvjgmOggOwAI*
zpA(J0ZYSt0#Xj8BnXM4_@Fwn}4-)FYbE9%Bep%Y$7bL;)PYAi($EarQDI!u6%_rDx
zMG;Ab+h$a1S1T0}r*W<k?x9c<sgOO`J{d$%h+$ZhuW}U|v#h%?f-+#4_P#DaD%BW{
zCT>RE{0Xa)I6AXf8-X1WR;{japo(+O=r{l8J^_nM?MjI$EjsQs*>7u<9;~7Y`;%b&
z2@QPWsEn<_t$-c4PC%U&Qxw+^N|D#Q#t8&TOJY%vl&FLu9USRx&)bPR-taV7>Y|{E
zauLP1II$yAn$-Q8ia4VAfmC8vIlsfh=Oip<D>AJPh9H0-!_)&Wc4;e3(3;;QbF-7O
zXusWNdGIeaV*7UVX7hz#t`^(H;R{!P$``0rr7rjn2^(gx8YR@}P=2q#U_H;$bM?;?
zxG?M?MS)8QBtJN4H|w1KY0<RjOEu9bxy^q@@)VO6OH$s&ZsGCgqmdr)rhWaB_Ii9;
z?fPcJB~L)G*6=<y+w&$UwD=rwAc$ebE8jmWD6+P7^KR`Rhk@q6AR26)6COYi`MkTo
z!rsauvbiI@g<ef><#;&h`!ps8uV7kvGyUa4UTULwZU^$QLZQv?kp@LlEO9SmT9;Fq
zgm5wSnQHb?%grNBrj*`wp(X@Dr$AIaTKX0QOsZeL<dWvGidT8|=dq&W&HjwrWVr5p
z>!+z&-i5R)?geMGWZPyabghfTWjmwtSRNZKriKP8qikLo4cYO-&68Q$CL`;G`CPX$
zw*R(CL8T6CCadX?xhcL<=JSeq>-^(K+CHe#l<H@dI0XeMtV|)+DIY^8*UroCb$uZi
zb>2rZx9cSFb@O4%=`KO_FVc&>!POqD`sGL|-FEQ%lZ8!)b!2#eGbx$Qgy@$_{~y%-
zi|+ws5X~Xs4z8$ZwX~pzlNuf%N6&*+eTW?i=<h~Fs|F{7hzxTnbmA`#4?qH)Sta^~
z5EgCcJ7|298t4L>zrzD`Nee5abTs71Aj`a`biALc?EeNWJqex7Q`CtL?mh1?N@-*K
z?hz~)Ug3z~Rf~BGSg5?U_%VNPxn}Vr_qv5*gA#j9D(JTwNv)FaI43?mna8Hu?j}Mc
z^fT>g5(<}8<vMzEh1GNsW%O*RC!7X}Y90qgr&!($3y&)QA*0laLZ0F})+-z74!AEm
z%7hDlrGTsCid-JpXXfiZ<mT6<lHiBmtNR2L=fw)mP$f8g#s^ve<R0NRyJ*I~C`t4h
zt1ZPV;YADNhurQTjcgSagr~oy)MSxS7je!TaUXE9f5&@dbVBGYTP$nwA1O|2-&;<U
zz5WPgITeV{)jBwu92fNZn5q1mt@Re@$PuxuHgu?1$BS<prsjs6@<%!kjIqgTj6D=R
zE0FJj7|hE1N5yL3JTg>(F2JhLjH7GOc3gC$Sj$eoA2Vc=b_eU#1erAV`Yrkqo9}Yo
z2pL%bFp5;Q_*_3q-Ds80WJOC#+!N|$;bg*E{=gdDiL>8xG>FiW$XXuNw_e`;u37)r
zLVl-!1UU9CvPiQB@i+Dgfn)kxUC(2{fkemJ(gLezb)+eZe11Wb6;jp1v!x`7FLt9n
z!f^OL+^0!{d=1ALm_BJ<Km}VnxZStBBw%m#Qc0XCxz7e*Q9KW6Bz)l-)l{aR1K$!%
zP@c|t1-`v`(DYU-mN^;f#39;LqtU)M%F2fpoWZh@lA|Yu3DItTwAD5`I`>-!r1AAa
z+$=f2k`)W|M1Ggl1~xxSiPXZ}5W|QMp8v2Y<i&C(u|sU8-js!TF7B7kLiPq)8zZ7<
z)+jHd8Fu65vJ*#CCOb%1xs1nVP7mre;s~XnfR6zm#Zotp)-n7=gHCbw6_X6Ri&BdL
zlrWx;#8P_+asV#`agiI_@R}0Zb?V_=Druu9Sz5P4y;95)-~-IsPOPB~O5DxFdnps`
zI@&5w1OX+}Xaf~zFBI&lu{Yoe3+T>1uXjOEt3Xa;-!{ZM>$Kct-zkT!Ydg0HHcc!T
zoDrj7T|#Xei~&%A$Sn}(8USd3*NRx{_7+8Qu#FG52yduC05-yZ|LqT-ZHK@U-Zd?x
zAHlujQwnd9{&wxQm$v%5F2Ibn1`4`UQUJ%ekwF1-rnP;cw19y_85>L@oV|aEGQ{I7
z5rX6!f+O^}vrdPj1Zck?Q>zQ>pX^kh#W7<X+LyDvFzG5)#jvg0HqJu_yj;^>g<K9W
z;w6?B>y4zHp8cGroa<m__OwG>kea^P?0Yo$gHojpKP(LIR%a}so($eOPMIjDJ_O-P
z8}IFY&r;bJd6y2Z_T<#c@`_Yjj!?<!TP-#isjvDzIq06+ll>W!UL5GkQj5AQ8?jff
z{aClOUVBJg2)jJ#&gvTQZMjQ$s<@isH#+H9b)R+TC8;A6I_?pyB#Lf?NJIR9tnyjo
z56*gG4e`TR-b}jX>}N}Ge@za@#;*D+EV)`();^}T%bZ-7yK?w}OOr9<6}l<1WGeKB
zf*%b3{Y%x0XR)wN_FQQ>uWTfa&2pIU%N>SjgDweiyr7^I+xmkc9Yv~zEt;$JTJv}l
zJ-V$mmv&loJB!iqUc^tl7;1Rzh%K__kvQ^+z0q5)`tYI@ahSJWpRXc*VepSc*p{)>
z+~yiSU;AKCYJIV#9b&1|1w)<8f@qk?5bulRDiyK8dZfnJ#EbXVQRZ5XEv?2_?&t`3
z$J${9u2Jo^&ae$z7u&4!KS`mm0N~EL(uPrt3TS^x?VZw|@g24en{A4SN`Ah5@8{1D
zRavZi|Dm~KpcLq36i=;OPAws29AW8`Dqv{XEs+<WG8~q18b8O6n{#Qp^vD2M+Z2;o
z@364+#-X>p+GUOtq~D6d%4&Z~l5Fu@)*^D#Jgps24g;-F&TAJ6-WZsFZRdW^zwgQ$
zEarIll>@ieV0i}RT!|OSr}ZtVTP}%X8)cz%Lh?#N)r*zHP^(t<g5aF3KfY^(9FHJ5
zdVVNl2I5V3PW!gkN4tUDmr9h<)~jhXNOrOR=vD-7d3BGVE^_^_AuH#{_%$SNtVY_l
z;ATMyEzT|>!Yzrs=vI8K7>Kd_0%}$qSPmPuv_;IcGm1)N4bOs#W;E*)gt=gvlBN8X
zD@G?v=!fNzxpOZ)58`L@uK_HS5n-pC1e%g=+9kXe$gLK06Hc6Zg~6uHg!;Juv=y*E
z?KFAt*Q>vjmD80Y64q2E#X|e3z-!Z7xm9n$ZZkA%KdY}whfvfygk2il*(-0GoxM8#
zjdUtJbK9SNH=B!ms*GvLvNqJNED73ri;M9z0s`J<K-uA^8FunArA!+VD$)?UP@W=S
z*HF)jh>fP87Qc|1lCkzHA$8uP5bW+BFu@4)E3UC}6q`XVSI1)I^0u_3bj%jgPJUeO
z!*$7_V=T<k#sl5Kj~RU5UG2>wnaZ2;KSox<VsC>1#ze219kwJJB{GdQ8bH*hFOLG4
zZ8=1qeVH&C+kIGcZ}E?zTeLwhSUm98v~<u-XLWB5`;E!5lDes-@-#+Ig-wi2mR}Zc
z^JOqo1WQPwv$<?2Bq}gaHW$^Y2V-pxTeJy@N`;1<Kl&tTro^508+I-aS!pu0d=Gcy
z3AHS`JG3Orpchbe5#ZEbfz>|BC}TH+jDp96klP}>J$-i;Iiw@cq=lw_;iDX~h}U~4
zsm@4z^3Sw0HvKY{y|LPwI62RrA<(3`p`_Z*c+9a3BX=3-tnamlHxwQ6*)XPBN5JcW
zFC#?p6+UOjTN*tfWKZB43!r~K9_-;RJ`i=zM89mnp{1OyN5X1;+UCG&kfZ5F5UZe>
zgAp`cXKM^93(IZ-I}yf}qjjkG_yfb~Pzj^2f2swd87u$;XinTiS)#WekCUp7V6?px
zZwa>0-xWKwhzm$=ZiZVNYzoNcfb_bb-ZIyBNJZO|MUP74T#@Edw7HZ;qkKF1ob?v8
zb+AoiCWtjl9aC5R_OH6n?4OyGPc@1h;BVzO;IW~vWIB7IU$PO<cGf7#w*A6km+9TF
z#0%Fk>F3R!8=o#!VK)~$uTYuA8LTU4S?D9Ms-)2#q91|Ll&zz-qI*`zIf?UfVs&IY
zuCI+$J5;{Ao^`U{UgfX`XWlLx6s~MNi`SC8W8h(9(9P7+2LiNcNT<ynYR`CX-#YmX
zpWm%_YDxSDIX<%C*yoX|AOb!`Q<e|79$YvU3~a#*4<81E9EAnke-@j`&lMMbAU_^-
ze(*0EfpvhMu)%@1m-$cYknn)Lt>p*@TOWNiaQo13hYM7+na@CwdEg4>`)UA)e$#E+
zjWX&W!9>EYc;sX3+(y81p_1ix#<K=MJy_Nn(CkNl-&azj2nz5bHCH8l`~Dde@R|0S
z3{I%%iO;7s&Ioym<@ACdcgnI2`T!ed#VP;ImYZpQ5ak`Wv|yeEjee`B1Z6`(%!?Wx
z#S*!3Tl|%u*@9~GH<X~a`k(JV#=V=8pX!s%6K=b&FpxZgy+*<l2o#<Js=s*t7S`^@
zSw&7Xk25>QCLaQ{Ju0;Uq-T@?sjiz^%_&twmUuy4d$B^kS2wsWdsER2syy$jpY7N5
z0oXF@Lg15DTV`4hh%p3h@TpYj`pRk?3onoj*kO}4UPcznWt!R;75wc~+S=CKmD}SZ
zk&j3oG2d|<Bz(ugmsCQ)o68lrf8>pSiI1c?`d%WBKLXZKF59j(cHl8~u$!!-D@<Wv
zzOJS$2f$Cbq`x4*cUof!__NSGB%M?_c&c0tl$^)AF%q%${@O%pNxn6(Rz?=<*O$iG
zO5Kn;9iBFXKo-AmN1lDvkQaY?^$`GNk@lG=M9@h6kuW+ah@SH-ap|&K)ql2X;^2wy
zKF7z1w}B*`$aG~z&brouXIy+eI8$kSZLw$k7QNISaAa`^u2b;QxNDKd)_Vws@@)!I
z;_MePJFG|kYye8R`)2BO=hE;C*tvEK+^>ub(-E+yUy*D*rihACH**ckZYu%VTZVV0
zx#n?1v}J;{_MwzX<@3?Ssg_PEMc`XhYqn8ejiw$rW=A<9H#8*f0%#8$_u8v`AwQth
zveJO?&6Fo1?xa$ZVcodVNzEu*i@W24Qi&R2;Eh01uB8wf>^^1*B428NL+9V1Q7&ai
zbY*WGbY+#aWP23~wP!C%L);6}HsgtSUdVwT7PRtO=bfZd0H~TD<dzW}dYH{>+r`YE
zo@B;T2C?M&8!exq%>0&#Xi&%gpiMw*OT6iJs6p>Up=N?3P<csPQQ6>D3mdJ3f2Pn+
z*s02q0WD08q?$$5Ic3b3Jov_)!3$kSaOK#9{rU%m?azKDF-zqcNmK>dx^m6K5t6p#
zY5n%%Eo2IEKN~A+37X8#BKxu&;fvNlAN<k(h`*jXUZ4s#N2omU$ZPLx7Ih*RE)aa_
zRza<Ywd}OfIy@7r+J21@GHHANE15@vZ7zQ@e;2HgDg{`k;-9qfjoneve9y%i0}^vP
zW*Hv$48cucaI?amLAB6~<td-|XF%o2W>qF1pIWxL@zscT(pfRqlGeqdO%tM7Gtzl=
zCLeij#!{~$_--ogD`6n8>FiPTLQaLK{vWE&0;-N4TGUu^DO#LzaCf&B4sOL=io3hF
z*umZ1o#IfSKq;=pwYY217Joze-@EUw)pZ&&JIPM6caoXOmtk^vfCqe=jMp0_pEfpC
zmDOkQPZO4_tNGwv;_O;+q<!|l7{Pl9-TDdv>M0fXw^NN_;5z!wUTM$ciER0UL_U6%
z&@tpg%O)wz$vVIdlIq|+0w<wb%5LB~fH&#3QSj}um`8PW#vDBh^`JBtvu-?u#)A5B
zhY0B1gYsbKMOHocsl)N`^mO-x#iu)RSqhRE3yP+(VE(0CWr+viTfPua&`zk6#ADt$
zRH{mjQ$P|~h)e(E)vI$9UP(XbH)4M4i#K`B_wUZrahaxU{zl@9<o=GUOe3=@f0H~=
znI@(9*9<wUEs&0!a3v!?lf08{h|#g|6#YCJ&eehd>ZGKS;zT-%dk{1ZI_J7=z$*xf
zHy>9AK8GvpOW1a*N7Ik%UbRb=u-FiR(_rPN9VL1WZu$}bq0mbAj@zzK)tbYa5X~dd
zf~XQypG+meUZ%WkFCET=et>N*iQSaIU3Orxhpcu=6TxQW6cuX@b`A1*<GJTI;6&c1
zY}^!VlybkYYiq`}Xl~oe{mXp1lcp}AvOI14uE!Td$B4E#>CtS=xdK1&nuGJ~sjYM9
zr_z@!d}Wp$C}x})9pQi}Dn%lhbt?u2P_Dsjm_rosNMauwxZOTcqz4&pCjcP=5KJ{N
za93et{+@mQyE+^MgGUbp*g!CLK@f*ul%U+diNJ{dr~-`Pn4s<?3eXxDn5s}Qp*6(7
zEp}L#HNVq7R2NyFbA%(daAK8<?zal(Ljr<JM9F3527pw&Z$RCR@4#KX!0r7K7|zC1
zo2GkPqzV#10o>mM6QC||f3HmgT2p|O>K0r=wFWU2<Z;T(QDQ=;h=N<x!w~1M_<+fK
zb$1U*4T%RRb5Z0AB%mM%n0THm1Ogr-{P&ol0+{gcJ_E`+%3(q`_q%{}1%T{*sHeRO
zt@jDU;g0U|fs0QO;fNj=T3Lv5*Y!YX-xSDv+f*EG85MKgDq9uYH6{&Q!@&e>=U?%(
z9XN!Ag%#_vm(-m>wt&uAV7McHahh&5KXE`uK!`gG(c?9!n@Yb(V~<j<vmATfiV|d~
z0YOYr1a}<*DS&EcW+Tg|PjZPAK>~)q1UoV5S%0Aet&M1W1CGJGTRXKwQSp~WQX%M~
zqLM>n(F!Vy#427)isW3j!z^Z(NnHeOB#WmG(S97#$RDq<{}-1|z0vS5&MFFGjrWnh
zAgD}%>K4^q`(I*-FkY+wos_<cGJXBO6af&}mlT#D1)YEL_v0Tv`G=sW5Kzh4VmmH@
z<V+J;w?)Lsg?odab)g4WYW|Z$5A(2yi({9OI8ehHb@(DKF+@vX83{4QBcLlVDdYlG
zYnc>A#>WN4TZ9C^TnvY(yj;Wsw1YihSC$x*VgT#b4oDGDQRpdu9%40I-E{@&q8WSu
zcV)Befm?RM5L*CKYb*y8R*Tq6P|6?g;+XEH%Jh<;>E@DsF(vf>$*m2rDj#*4Zdb8E
zsUHE)CPKgYEKUHJ2-9m!2P(isq96f0*;8Q-$3i8LfV=TSa7(&AP~O-Zz)CW}aDvaB
zpPu`g>L?wNOLw2pQwbBg!~k`aW0LE?K9pxsn#OYLz!{2k0UqtuJU*LEJ(hDQGz;)N
zD+yTGkbt_MWw!w{e{KfKqsaK03~IVLJS2ev$|Grzg7&{Cz${vDfy#;XkVMdCE9HB9
zi?0biWXkuD2-`@3AkG8cGINhS6B(rUB`7`3<qB{x5pYn&wi=-$6PBBV^t>}TvtDYR
zfa+s2-FHv?4=FVqGTkdwAj4ZOK%;(Z&UER$P{=>m-~;M??Mf&`rRyt1NiQ|Wj|uI)
zf;fsi$#o8YWsOt<G*mLs)C53@tn%3LLB>;n<CB13imMO6Eriv|5UeI3ryIcBfgPUd
zz#8@HKNr4tvdE6BK4D>a84Cbku?NNqTVN1zgCJ@=WK8Q(*?4nI>lIZbKmr~B2jBz2
zC;-hAMi5^}X_Gw>=Fo_V=|BglmjnqA0IuHwJ@_{qaL#=O&JCG)pefbJL2D+!I0Jea
z2GD_)IainZnOGg%EL9xqzy&nPl`Y`Xo&wWfiYjs-0oXt`|F<Kvib|=DvS$7b5WiUg
z(Tj>{QmUf|D_Zb=Ita8T2f_d5(s8b}&@UYEwl2c}k>OD=E{mHISJ8x~u(Y<cFvjK^
zx$3;a098VF#Mksw29JgaddFeb&ttfh#7t$1n!_5?{Cpa0c+)do0Xo^L4WvlB`%~pX
zOP5H)hsnsV;FqiM2Kc&OMKu{#Rtv?!_I&1@Z|_r9ukv*6sO3cm-iO}3tD<)1iJCEq
zZ7TT@_1%sC8V+|-voQBlbCRFwYh3nXdXrd<fwybf>g3*)qVU65%s*-L$pcGYyGvuh
zR9lI+423)VR15lLbtZ@iQFC}l#Fg>5MkVHio*m-3Q2E+V_|IOSLbo6L-!1-Hw5myN
z&7!0amI>vPGNlbfIX|uTu+7AiH`Gj!aKFmsc)SE(3n+XqzEuG(K(T#Rv)qj;YNe40
z*f$S@U(TQHrFvJ1Q~^9rZWLyOHu|Itycw-15-(fT)P^J4?4$3-rg~>F64=0Y><R1|
zL{Jpv80>(X{}aMpNVs9sxU-6g68vdFLhSJZjO1{~ln;GcmevY4|5wd+KDK4MLbbgw
z()1h2vFG<Eg^T9585d4r-3SV@uTJ>RJ_B1KiS@p4xGM+#si5pQ#}RA?lNLuYHU5m*
z8Plev-^;#d(ez2baM+Vn;lWaf%`ASS-*DeTE@HRf$2h#;vqLo;le(&--*oTsR)kwl
z`<&0L@~4=H5$5t^IMqC}aT3w3Bk)cU`Benh`jB-pSuLaGQyrBi<R+MhNksH@r?Bx2
zX7`^@$C8N4qXxD2h~(Zq*A!dZhfQSU6f7O4H)kLG+HLO~wPmWE?Uz0${i@xpNG7vw
z7H9m%q2wIO<Dr|NrL3#xi#N5PDt(98-*Ef4@1WkHrT9x14|NUh0|jw~qSgEK3+=8*
zj`~+%-r2^FG)zV3UQ}7;P_-8hiMIP)QaHpD4?dbpdJksNJfF;Yxw-QBuHnGEtk-aF
z5TYFSAb)i=VF@9^eOREk-L-j`qi1w)yFZ=Ld2sY-euC=}7lS2CU0|Q3g2s#%wk18`
zxE_WD5#zIewv^lW#9|HP;{&(5zKY7S18WT3=Op-h*|xGYFeahzfUhRREb^7)HZ2Ko
zM%}UzV<M0)ln@hNb~6AGp%0Ra9CZeiIFT>Ex&!Qg5ilCL*oQb$x@t(o2DL02qraW8
z-}xK&+WxYKK)Bp*bfVyPlvuEQJ<V7$>5chb>3Kkgh-|xCn85VFx;s9FWbCh!zi%<k
z1xs(EIEdle@eAGqVyu7|O+#(hw1ldsW5{QEmNBUh+r0#c<$`M@RpUJP>5T_G^}`wu
zefwwcwR(Z$WA!s1^|yQXPk_M6bKuDQC`%~GE2ix$P59n6w$+SI<W!!J64+lqU(tt8
zC$c${2}XZ{pV>jdbs1#%-j^Oqz0_MH@<eZRN2ULdi6YLX%NG6UM9glYQ4MRqOK|TY
zn^z@GxFi4b&us<p(+d0qRA=vp8D&Omjao+fY1y)~wH5(ayq<sfpMP$*w7heCQofzT
zVLPOl!kpB}b?LFutT7M6Et{qVv@v2kXpA7W49~=r2v=;2ZD<`d*2_KVw|?K<XVy?$
zDdziXopE)dJYw0(u*3PwRcPgMY5QQ*mL(xSVthc4&3vmmmBUFRQy8dlrf-|kSO*Zd
zTAf;NuQ9UF%%GqsLUT1j*H#mC8rCD^(lI4ev3mm#CN1cZ(z33^QY;J1d`xtVox=8f
z*DM&jdxzu6jIp&j2<zEJv?$!$)YE1qIk3uQ7p_{*ygqN<&{)#L5xz5yUqVuGLySbG
zfoj()?W4D}4yCVR{&>%|*&0Z5eo!4)4B6v2VO6c@{SXdM#2(VojqRzTm-j`1I*i+r
zcn&2!v=(v(CUv+ZsEW)+s<;azHO&mX0F%BpU;fO{)R)GkxOG#r=!f=q_F|ea8zV;^
z#SNJ<+y7H^i7YSwd(O4}H)V_q_`m!{b!F6+l7kQkkGp=Bt1fX64K962qxed5eic1h
zC7%y%*O4!;(}xSAxCKqrsE6uoUa;5_85Q+z*fdk?986l{8E!G!7gl8Tm7qTfMj%vW
z-B>Dn0G7MGx@t!s!@k4=gyEsL^pQ>R9!@`sLL_@2h9K0tydlw1upisgnS#0$IH5j@
z=G^Dex|7?GxUek5EK{eJuA;o)M<kzYlL3eMAbpg4{PEm~^d$BTo^b;09$6ppewd(P
zCpXD8k%~zp43%!`47?g~;a_^a3nOfkJFYdq{3{}Jy3a5-<zMxNtB&6rHtm;otLzK$
zm{Rwst%B_C@En&AvgfELO~W)SKzeM{lU5FnW|Q>ept3tW>0ixK2YzzWzYsc#Mr-yJ
zheK{HlhC@l%^Tw5J(MzxG^jchRE}JY!_j06xBhC?4iPoVMOb5<TDAKYFLoaEr!iCr
zE}8776WFS(Eb|8Qm}l;wPYT*G^HtwE?)2qSQ<2V4_bVAYRi1B*L<3H?&t^fu5;Crd
zkZ>-$Q~g6tWDHJgyEl!zLeOxoP#p-(e7^5Xodx_=$yT4p_m?2G!;HvrkNTB$#)1Rh
z4425O<L%)I?CJH4p2I9QcTJ!ev#NkM#*5|W+D39x?-vBj3V&#AK(`ea0?wbQx}6sI
z<cqmP8}`RIe7|0f%{Q5@n59^vWSm{`Qfntncvx`ajdS)Mtld+?tP|Bqu4jJWIJR$B
zKkD`K&%AF!30dY{Knwxpoe_GxFB`(3@Y<#IBIg|;QP8b!;LoGO9uABP1m`b3ON91I
zyu)Nio}J&}8-?d`x%1HEx*|APubBFXQg4AAf^Ln_MSbyus2ko}e8v#<?P~g7lmH(k
zd?DrddkBs!==Ro_Heo}m<+$?8{B3X*#{6Pa70J?KWtH#ZVt&=Hg~ik=p@qe;D*5??
zRrR?hug00Ys*WRj$<QZ$Q+dvT^p?{-6C6?nc81=+3zcM>=Jn-~IiriLe%uV-fd~vB
z!U~AM;`HN=C|eg2h;;b8;M~RTjjm}n{wcM7H^B6oxMn09HhIDM?amP&)N;XS_NGrc
zagBTuTS@OHcQz*Uo=iLhBZUaqCQG&*9NyQ?$ixu7S3oQb!b<P|{@Y056KoS5>y8W0
zYx7oFIQZmEVo81D+t_PsA~`Wbo$Y3WrDo!_O$KXi@l%mg?YKqtoTenRyGH${@<LqT
z=tf(n$=Tb#L$T^UUa~qS6<ycXKCY4sEZ=Z{t0jNyD>0fr$%$BmeKRYg7&h(wwSsG8
zyd2fIa&<b<u}m>lNAt&7Q%%TCT=K_`U@l^N6l+ZagQ>#yTTJIUOZ?v<vnvzV_Li%1
z3252)CyuE1%v6aqA$t6!54-yvTNjSk??Rwc8Xkl0PIwyZ9XSQF@!^lM!cW3yTHW{D
zCtVcz9|%*-M$vVuEFuD|uh*^8a=hG)@qZSdrsXoUb0c}h+3KLeUXOueFlTnSu&Zj)
za#6Cd*)F-V@wrcp7vbM1qW<Yye2>o^`pMv@o#bTh2hv$E(vdaBRIpq`1C0qrl|~kK
zgucF?a>WYG=qA<i5Py`lrXUMkr9;0O<uB||glN7IF#f>(%viKHBYnDKIE9)8iL;pY
zFX?uvWH2-l%3oFZ%n9Zhm~pyvjCoDU9IR-IDIAADt2on!fs92i215he*Ga&uewYa=
zZr3DWn7jV<SNa0oXu%DEZH4NWQ`^Tk!`Q-a^*Weft1TJQ8Wl78S%w1i(xv8l&Azd(
zWlO*cf8Zoz1-^Na1RXqU*{ibiX`FqH>KOiz$}O;Q+7>?%xqP~YWE;u<d&}NI82cLT
zvB?1Lk4qJ<0<073246SrLR8uY0t5WnOhKg+j+43lW}N{;Q_q>2za}YULucqoiO`Pr
zs-0qs>=Lg)>+oq`dm1N&jG)yA`nD54?hRslcHv%?p?ZYb=)>$xm$0vq)<R8<D-#)M
z=v)Ml^c)zL7$66D_rMSn&`{KcsL?7W+FG^onLU(2wa5!Mr~Ot}ZOTi`Rfk_z%?S^n
z97}@UZ6pz2W8$}~H^u*a4koDa{5;~Pkov}dIG~^hCX;HGQQ)geq`One!0EdNgC%x_
z3t*I=FGat=Aw+9a%BFSaZ(_mNqrHa4b|1b!0N-(4M0>lE#yV&eK$HEfRqRT1)8RM8
z_c;e6{hYJta4fssOHOuC<uvML{j(J|sUEpB_uj)c<QuhOA{2u`{!J)}01H%fh2pm3
zkJfU4glJp*UaIHDT8?vSsEWk;haL^-2+M=iK?}tutx8NLfQOUtH?+8e;gO`qT}Tk@
z;-pDHm7z=kg9_&e+mw=LM=>3=zE{)<OuHHBJpElraOv9&EPG7bVcxlIU|Q)v<Rp~Q
z^vJ5#m*OpAN-NgqIaW;C*gF(dg2Az>Rf8|Q(wJ!4g%Xqr{VB1K^vJ%3T&s?Hp_)zW
zyrk;c6>Uk6+SJMba}w7tWIWZ$uRx?;cIgcDD_nigEOcck0L2B}?h^qeE$oSk=G~Er
zE<uf~FTG3c-CNTRZl-i=6~)Ax$%Z}tnwm;fiKG-Xp)z1))Fgg<i7NlbCQC=3UG5$5
zYS=zy(Jsd`A9cQD;&#3<1xw^m!-dY;9uuu*mnpuTGE*%Fx&Fvb&NE3X9+-$LioEk~
zY%iMR(lXqJE>r@={rroeTEt14QB@SxKECU2((-csUURVpm?c~-)EmgFmMUS~=CqYO
zRNBPzTqvnsqG38SWeSXW1=6Jj-`qM|vDyTZNXBap3Kh?4;DbC2Gf!!=PlH?1v#prw
z!dQKs-Gh@KxX?Zd^^i=+7*cgqR`q<+u%zl3Qs2<(Lb9bo7Zhi3?8?}}W~~CQSbi5q
z1U~%{z=JcoYH0np@}@@Wt*x|R71O+J__oLJ$$RGoy&_yxZ>^c4l8;2g*jinr$9rZN
z94Xtd+!n|dYt;P33zr1Wm^rU9f2!|d+hBe{ceVre?AYep){Fb#)ky2~@YFsBbab*Z
z7~B;9`h3rRwd|j+Q=C4XyrG#rZfU*5XGTUh{H9LWaGZk@kEl2bR=&O`!@xyLeF#Ru
z;`T2=SW1I^1^PE%ZKg|~uBu(>74zZmmDYSM4=_k(HhihC<gAzax~{B>c8!HR#0#MR
zU|0Erys*9eKgTny+lt@07%xRkM6|dzLKvVIt0$_;#pUoE^d^L-JXALLY<*$c|02^7
zE({eHl1BYZ#^{olX&;BFwovAGcsMjs{?KhE|J&B=ycVOyWFd$5X9o!@Uo)JC{!$+l
zsagZ$S|%{|<o-lY{hcAN7gZ0fydhfLX~9Now6at>h9j3hLaIFy?V!a*q^LgPM%2W2
zbr_9pA15w_#KT4Sn|q>Z;njd!gxVORp?HB>>QQo*v(5Sutx|czkHU(hJV!OkpYMFQ
zZ0aic_58WUwhwFsKhmRU0&t3P_)ZL48pE(Dv)j=hf3~8k1Wmb!<nZP5_y>&(hUNZ2
z{ji?0LQW}T>vT@|_V<(X@Ckh(P~M!Ds4a>UP62#T@VeA_Xbyp(dDg9#pj0b(eTS2K
zjQ7OW(>=9)bzh4%V52Ru7V(#qmF66nEk&28nx3QL(A2u5BhY4q#ECw`X?_WF>)MrW
zfVCl)EoG`jEk?J+$B0pF>nf4sb1ePwk;OI12L@SQ0nScIbp5sA7m2`J-dyPbSh)|x
zFh?^zLMb+qpO;^+L8u#|YHabyYWAHMn-b0-seU7~-%{3LnPV)&f0~MIpqQXFDXqi0
z`NlQG_o3is;~#LW<RfY~kiUViO?P()`~{w0SA{9W;4OATmoc^>GP3A%6t}d`G+8>U
z;XDY7KkOPv#i9#^vc(e>plPsiB``8%EvP>Z#LCs#G=R~a>v^{(h6Rg}#_W&i@DBSl
zAVoh94^^*;dKenmC*3@hR(+!ZeaNN8>QE35<NHn-lmcbWnbRc@&JE{LIv5iwS9A!Q
zJ=ajv#V1ZQ)XNXgv8DV&;alF!g$t@@gZ3vZ{fVF<2D!oVYNgS*OeBl?=~gGTW>oj9
zzZ6;7_#3w)SZfW`zQ9HmCFi}ay!K3ud^5{zI+jo<9WGBy58c5CvCWYhi8l5>9nuY>
zn(h&yy6zDSGL^*T?IgaFiG}0jU0Kc2lP2ju$h-9AC0=Dy6S$`DBZb=Z6Jjjj?vhu-
zTz-Y{Z(%9z<0q^R_e_v8N8joalduQZi6|N^ORL$bk<VU5JU;c`c(6RK1S4bS9~4uU
z!>m#&UG2ou1p=FCI0<k(B29j>74tGewJN6Ly|s_FKHu?Zs7)mBQp0zUzW9pcE8tTl
z=l<qX8`t_I=i+G?ObU;$%I02}sNnlLL*)2RNBxx2tDJpgrDACNli0yXn@p?k)Wez<
z>l76qi}UTXdHmADOOL14hauU&p=r2kUDy{_hKaSpp>-#Gs=)@vt3U0!U{@!%^w)6G
z8f3(Ys)U}jY^^>Q$k(UO;Mq3SMW9+<xe!R4f8N$?kZxzID?;EcyUC2?9&UVR_7%$B
zYNP$e=v^a{Fo|S03skigmhf-a_~(L<$UNSY6w<G&wVTQB*_$Dh`Mi6uBKgg(h01{z
z;h7J7lB}2o)oVVln9;Dl82Q9lGS#OGR$GL)hC=RDm$<D~%>X(hz|{5s(m=e?Dm+@`
z)sTjr`dG-gR_?Y76K<Np73gJa3bmZeIV@cH6glZgnKBxP%fz{+hCJ$%`BoE;{gn$+
zP5uPE4ci9nwRJ??<D1bRa>+DCK7Pq`hjqKHCE_*x>H@-sGCIdlB?kHVK6H!9mqB)P
z=|s7g&|j?mzHoeN#qa>$K-y!YMN~2!OT~LW4qyu#YU@N48L*AxngTRsBmVEBiiW%s
zR_qB`6qYV|;8m4;gRL8L3EX@kQ+q&$0Y%ZY^?CvA_k-`6xN4#4Jo&a{jRr;g3f<hc
zxKn1SzyAb@7=C^4^5a9kclT-Y@(9<sq3W<j$kN#>>f;uSJwLR9+*#0KILu!xCK%>g
zidV1R{ShDx#v9f%RQYv;)JePvui6+&{NNr`K6w>4+_-J`$Vavi@V<j(z<(+qv<M);
zFeqZ3V}75s+C^>?Z%{^V?h_xJM)b_*hrQQ1iX~HTZoH4)w7-H8d&o<{{C!3=|A?Ct
zzhaox_NV^uw(NNd*AMtT0wqiq$Qq6ANPxJoOfOq=!x=&H^+3UmHd4{g8&xFX>RKpA
zd+VGBBhtoVMl$EH<%Si>_o4?<QDxmZRcX?V{a?N96oeBqjR7d`(KcbK^TT=eN>D$m
z8?SM457OztTsWZ;g_XF>qt3&r!u|T^unsXN3%;z$KS+N3ul|59af{@mFp?g&5JjT%
z4v)TQDttK7;XG~mnrpox&*aU@hu=?cL+F~3Sh-YuRI}InCwu$g_}H<!ML}pBgLp*Y
zHw6st@jO&vjHSF(8aMY7_J-rt^)!UKD3Y~4Dy9OqS2RJSCy}mIuzDp?Z_eZJ2!3m`
zoZ;9?d62n&`EN_z@_ZGYS6dWEhZ<?CTA*Ld4cdj>#pXe`adYwaW3xY5WEu$X=Q!hx
zqr%8zDr~QW<x}@KnieYrGfdY>&Dc^CgI%y69g8k9COXm{PFXTHAS-d|jPI4-PgDO!
zGJ&{Pm^xdxX9x5h*7Ss?8GP`npn+mLCl<<}Ao0yv`!O+PwR9C$5`{_s`;h;g`IO#6
z@}!>7na=V`$fWtPMe}sPI9=8l_HN|yXh9bD{@%1ipMo2&f|kfMf~<{$n^mAGjllR0
z?5wph6{{Zn1@v&bQ~t<_sSvb9{rr-+Kwv<{W%O#fv7)2ms*eqKb`?hQf}Gk1_Wt><
z)1=*eMb`=2w`4VPZJyhj&7WkL1v;1-_UF2*9|b4&dC|E=50$zk_@`zp+NDWpapoho
zsNQ7^CMdM_O$?sc2(Gu**UEB6u5@sF-5rI5V6+rWxJ5#LBTNs9x*gN|gJj?8ULo|A
zhIM7hj_+quNc?cLeR$I<)Zugq4b<TB!wifA%gvE#3So9l+7eXu+-i;TUBIH?t9C_(
zJzux2N}T@L2pXB{CD`UL_`fLj6L0U6J&}(OXdM(X;GK_5(lJ`VF)GZp5eSMcl~>IZ
z@MLRW$`uvw%N>1=_axF?P%-TX<}FY?9DF``7_hpL#ayb{_b;Gas??5E+&ET-d5UV~
z5<6R<q${vp=r<9tLU>^Hn??d~4O7%NS+ZG^%*CC~zmR4Xwz*AifrPy99Vh>$C@3ZS
zmaq&9%W6gUNte97%0XTI`3Jnf9DZ|84bq6&{wm5a?y7uCB8gl*639RSJmQrou9iTt
z=^?;R@K?*el{y<TT@-d>;24+P{n-LTrWJW{A5IAmsGo{^aqieVV6U6(>0k=Sv&P(q
zYn)_;5&4GVynz?j6Y@6CukbJ*Q!5{#ZjUVs#{Z-os`m*;FEOONV}E<#wsNAIY;%1|
zU+dGZ3go=Z2V~&EWARXbUzB6daGGX+A$i*xTd#iXNuo1L8y}n?X*68>n!}y>9XUE0
zEPmVr7=lg>g~OQgxbZ8leohJ_B5%Z)mLf#meRrQN`Tn}g1Ct^n%bt%P!>>>$^_9LM
z59$<CoM~I%shke8-uaX$CP}iv_on4_Mv4|kcQ(7)?axfC`jG=uA?GREy)EBQVst{z
zNq+2w6@+nLSa07~YLl-#D0(lPM;w}x2DX0mvYypyA_<utA;o9WF{!_DmBh9+Z9ZX=
zciEo$C?FVTD$xH$L-Dt4m+mCfVnp2PEc3<M5aO6S&xENMlEq6S{Vp!Re>1Ok0b<E&
zQVgnM5yvy;=sYm^cs&(<e`yG2a~g&=CDkSP?)o*NHjwF??I$hmf~{r+0WU8G4sS!c
zzUa7`uO$OU%jV{gi2E8#wmw%YI;5Hm`+te#+afSOaq+@#_Cf?n${%mxSo*}wX1kRm
zg+kcMfJ8e@5`TN^1UuVt*-jm%s7y&STQzdr-fVuVP5Aht-d%YC*9m(YL$YUyA-+Wf
zV;_67Sp68f^6rgm1H@>{%yvkyh5d6yON8U{ykQ+eUj(Knp=U1}cQk8;V6stWT*Pr_
z5&Dkb0Tzap{^Ko?*oV>fI<tjw%{Y-K?g?&2t~v^Tyn{-+KIY8B=Gn^%tELLACU4D-
zZRJEyj|toP)yQAiuQ;3(aYkB%lxi|l8;LU-BqOET_NYl?$V2fZR8hauen)|Rz{*N_
zq)M(O9@mVfN$Yi_t}BGcTnj>Wh}|`QeN$TMgPQI*o%MdtC6w(An^u=LTq9FgD2hcA
z%W+X`Y-{*6n-vv3Bh8@RL5W)x+6Hf<?3cnUHg<(J;8+hnJUc$vXyr_PCGQH)PEhf;
z@x+h#J=hD#0$17FnC8B2ZEV97V-n(-MrvLY%0+LOUjF++lJmVywXW<BgAwtkGIOe>
zk8}&@vV(4#GEJM>s)9IEdP9cK_!~hYTxX8nT5~cA+EI3G(G&%wvrM8#gPUo}^ZnyJ
z<%FHKMZx*5d03NiS`gmW_*_iRl`XZuO^Aa{vH`P}es078g_&SBZN`L0zD?goSY0nn
zp%8k{+kp?5F&|&E*$9*Hy($+W_z*8g2(8Qv@2(k-;2DolQ0%1h9retl;%>3RB{)M;
zFbHyI5S^%YIJRsu*9?E0K&d^>-w5hDJ-85vzmv@g=jaUm+%$Tgq$siEKB-gUXNioR
z;OE-srU>7QuOjN9;XhzpJs_uPpP2gfK;15#U!KSS?_!c<gk6oGsOH|%jHgv-QKG?Y
z=7xH|L&+;8+bpX-Bje)=sVQ{|hVUCp{RJZ#t@=<o46BqssMv#e5uJD!ZRwcWUhdja
z6m6W*snkXlq-f4HKs`eYgp_tt7>6=KzRds|vFD~O7w<Tj3cd1e7C9U7@vp$1(=|v|
zwVwN7b(Z9l*rtBR0cqP2%Bwy<5rp?(Mf!c$NPV?GpQa58bB~{DH780FCp#!#)xz9r
zF3~JpnH?CvTIomLGZxAr&*;Tci2Cpwi+PG>rGMU5{dng9+4pm$bE#fn(l1+|M5Dx-
zGiMWjjc(K1po&V{oRWysK0Q1|oE>5N#VeLInL$S1MZ<^2t~+b!-80FVq8S()f+qhs
zEb?_c-|pHebvyb_x!L0zhYxFt*tib7{+pic9~nOu5ON~7(6qkKX-(C;ff3=-UYj*W
z_JN{bd)yTE?M|JRq@j4r!=s?AiKXz9MmJQeSP?&=X+NR$zBHr^hVhHLPuPO0eeouD
zi^Wg*99E}Bg^3wHB*{H&JDj5_noK2I?<m5AAmd9UF+C2RR~-^LO;I!r6>KuRVmS`^
zE-}L2@#MVH)oZZEe$veQewEH)9hglxvnKvSOeH(Vd(0=D<1p(SCH&E)LpsM!Hq|e|
zN~&A-66wc{?d>$`1v7^#iAPF?@H%8~S)=qurbRMGeIZ&VFZ4K*USNy|P(m|%caE-q
z4|}9?IahK1!7}%oyPV9gOC+Kk-%BK&p;xy-OtDJ0L8D1Xw>|FAC?|aOqj@bA7U2RN
zGHn)GMS2aDlg!%cmT#CUI8!E1$40Wrq)LH*BGy<|2Z6%B-;@32JB3|e>e7iuiwkce
z?>4VQAC8>)m{!Zr$e|u;+UI0j+}_q%h2eFG@a@XHp}AOO50>omQ_h8O>@@dXgT@D@
z(b(f(Swwt~lq&%GR>&<mDfETC*~EhHHBC>H%8eXt$MsuO48L6uWzoB@rm2y;g!Y&^
zZXy*TnIcK!K|7n1td@I)G1)X(&Cc42+Z=f}duqZtU3WwNw<cRR^9LANCFfeU1h1}%
zU7|%EGV6P_grAccYu^wD#q`lo@RV1GMCJ^ci(b^S%7xSx#UO3hn?yM8s0w3~i_C>y
zwKY%9RSdbqJKRb~naf7LmUU+z0MnLMeXJ`8-MB{#2KE_HP8?b4b~-~-HyB>4qTx(<
zOXfrhV(CAu@09sai~51Xs^dvyls5cn<3O;q*@7p?OW(6lSo2;vcYxh_i&Cy=C}OBJ
z{H3yn%t2cvQS9qKrsm45pn2%9JHDx=pXdgJeR%f^$B@j&HvtB2xfts1i0-HbC`}al
zN+kf6xBCyQ6=FbW4rRJf@Hcnnt{}XTAS<#T_~K@2exbI~1YNgxU}5Wq!_Ta#*z5*7
z4OHe|(SVW2Ap_iKj)9hJi-aAz6;`d7+UIR^c16Hw?ZYPJx=R?-$>dLsE)7xo+D)Lr
zkTopmO_alp1|wuAbQ`)F{EOdc!L}%-zwM9Zg;G+#G1;0`qTeGs0V53YPc*zJLZWQR
zabkR(?C<>zACo!%^7b;X3w<QqK=vp;jxVq%G=5;f`$7CA9y&%NYP2lCT%W%|;dF4o
ziOwfP2PfTa9(l6r^zWB59!uB55;HT`3dSq@Gn&`MtI<t_PWO4=`ZUMc`g~Bv&u<Aj
zRnxZL2-ly8sr|7a9B-(h3IA*HT%T;r3tWn&*Sv-`m12gd@ig41!=*@PbeO*sx~L=0
z%>ArtH+^<Wj>Oy73U220eoy!;GXKRFLE@I3Y@)fbi8)@-pLJes_7X8tgk-SK+7J6%
z_b}`)qLd97Z`NAxU*clnYN&q7<i6l?rz2hHihP497$;7dl(P326Ql?TSExuF2TNF|
z=0v5O48T7vsB~@_Hhv-H>sX2M$VTpLAYz}e5kA1Zjf>GKD;d%7w%s&I_+A&Cz$OK%
z1^MfG4&{|~#aK@iwmNG>cN+LoqnDj5Kb{pcjrEX!cPM@0d#nsTE`w8vA=Wi*oJWpa
zgs^U&^~3`FNJvYQ7vwN6bfZ6R+tI|6Sc_D0mh?vp>dh<m<QtfXhMqtMajLH|H)9u+
zyPokE5M%m9beTH%R~!Cgd6IZW=_1BPo)JOKz{km)G)MTcLn(vsQI@cpt*}3S{c1hp
zxQZuoof&z_v&>E_=<`Vs%I-jsv)Gn}b^|lE5KI0E-f&M^^zhDgwqz@xI{F;nUw-*o
zmD^}CC#Z(thf5X}gXEjRWzF{Gl2f@8+p=_(vZ0JuYhi*Lgua2Ko^0Vg*rwo)-0P-u
z6bW*1LXXtAvrc(?ua439<YV*iwU1hFhGs`Jx3KrJ2S7SWJozb1uE3l99aj1Y8h>JZ
zXI<aTLSrwb)o;Hdu&f04oK4%hkZW*4UE~&UPOj?SGriGWm|b$;JJuFtx{EWng#D3>
ztrLrA5va{5lXs>ST1~3{pfXNup7Wkl_=myII-xTc!&(tRo>8)~Fw*>yR6!+nipgvW
z+qKik)|?g*=^jr~$85<=$sX@Z%NTKDHdMF40l%<p8emNn&1f{ADr|-iCT$&H85hIz
z<aI#{L@Yle=x2o_C%84fRiOXc>P6oQZKDDUCAhWVHD?Q=8>=6|=p*O5aDDV0*AP|v
zeq)}=(-hYuEJI&SFe<!B{A;a1w8|`5sKJ~d{CDcW&Y9Rm^>&i*(w)N&Mc=JT6H2{f
z2#AAvSj=Uy&2Z6p@JxS1=zo;Nrcb_yi{Le)El-K_P1WazD|9jO)^flU!#w|>=;ujV
zH}IpwnpX5fTXh~Hllkz>XWqdDQy$}QIQE{n57CWbh4UZN$Rfp@cC2?_)Enc7=HT;C
zw78GxM@Qj^ue%X{jNeKM+e>-4>_7H0Mnf@^o0;SQmE*zqzh_+`@}ddj9e+M?;{wtW
z6%x#i=h#!@peJ$7MTpnYHyOtz%j%^0j<h<#AUl+CJkV70-3JZ>7gQ7rKJ03|9_g_Y
z4$?zt&0&sW_ey!nUe4irL*jT2gQ-*R4y<zI;?6yMyx)bXPe-+Gvyx2XzZbL3xeP=m
za`-Lpodly|2s9e+BTEI9>e}m_Zh6!ck~3ix6`%+Aiv_;^VhlDdbjZ=Xlh_A~AiUjt
z;_^D*o70@En*-X00<n$@Xq%?G0rgY0e#FnY5;?AyoSb#S8pfN2@j6-Wqf$r%na?D%
zWzSY*y%d*JmA4G(*R=ZI4oUapy+1K8Lc}UJa;^s9e>}EiMc<!yBD`6kqnUmjs2{`K
z0r_8yoZF<0?$R?vbZ4F+reEy|X3NV)NvgkXIz1~*f23|Z-nLIg%$Z8kv%hFgC>Xa*
zW%JB8k=P20Cs1s>HT^AcIX@MRS?|h)N%CxnyO_I}XLv&SHNBwdR75Wmlg>)em48|h
zg+TvjV+wcv#86TImW~xCH7js6f5vnKPn6vT$%y*&hL|Os7}_XpBliM04yIo7ggMbH
zfeRu_Ete-u`3BRz^m)HEkgrtEfdJiKvH#rtTvdIJp^(TFQhUi}3siRx1g8zY<8^Jm
zkIU2GE%D)mtCpH3PHgiQ4&!t1VB`S6^OGtjz8<|t-B*Z8&H6zS(=tH8d=80#cxd-3
zXPRM3qPiQi*O{voKGrjmEa>Cu_BezJM#eoG!#S{Xvfm*zw_0%5qZgWq<{{HqZi~|V
z5A?4|DD*ODC}6ELAuvx(Xu8ZqkM?9v9Pi!Yeey5{c+mR-27>{`L+5C=xP;6!d(V@H
zFVk)We~NaAojGXuE@u2Nwkl-%eq8{MqIM|FJ6caZ`P|sR5k>>G9PUKmCvTOzbB-1$
zxA4~+=VMOFXZO`WQZh5Aosz|>7T(pB`reNv5A)k`ldu1qWc%Ri-*#jDt{7VyimwP-
z(n}!zwZ{ui=%HJ^5_+B-oNF+W4z@sHHk@Flt4%Jb?AN#?sg86xnYW^ZlUc`|@3@aL
z)r|kjME!GfuK>+mz@A^bOQIK*ka<J+4dHx-hJw&zg^kV$FnZrV?>dm#^M@{~RV*U6
zMl{xa$KNCyTNqZ1Tg$Q#th(CrnR(OteoPi=C;3LtZd_jdEfR8K(<?5iyM_72vqv1<
zUS&jQR}Y~`Hb!BuGth{;?Hrqo6GyeK?`Q0f4Slu3Pm7_oMZT*Y9aWpxYs3k)X}NlV
zJ_wW5^1EHE?p+MN?~3D+m--2C%gsyeaNpv^KFM}_LS;tX(lZK|;$YB_aPr!PP(w=S
zENENHzaRVY%ARip34F^#Lwv|^-{K00Q`LF0BqR1!aHoCt8#Y}jo>TC1<nfwkHJ&_Q
z277iG6S#=~UuAtFgnt=fN=9mEn3yP*N<GkM^8fSAP26*b;QMnyleo~}FT8yWa5LBW
zV!lCr-+0zjU-Ry#X4kl~Tn82Ma@r~DWJ}k@MGqdWe@k0vh-_OI57iu$?l-|BJ*gex
z9%=zze%VH|PO_!h`kZBFZu~^U&>L+@x_Z<sG?pp6T4BVzoVkoZFGHDGA=CpQ&0rE5
zxY$J+Td)WWf4XC=Kd&#fqo2gu=t&_KdLuHH8R>FF4)3w=5gaWq1AyNSt+^Ugz0$nz
z%rU7=vY5V!YqKC}l<}Xfc@x>zKwr1}R_Z!qp9-~$)*&g+6<2+wj)Vll7TE_E@QwY1
z5TvNTwpD$7YFhoPjPCa|PHeiC*PdZ=QE}un=ad-2C?gjpR&4AUjX|FIg+5zCGS@J_
zGK^>w+|BmF5J>03o{#b^oa=>bbf7WHd4DeppO+vF$x<Aip9H_MvZ>X!EIL7KLNwE-
z-kdlrsnRpY?=$eTTQP?Q;SC9<6eK!w)*>8ero(%R+&WR2xCMw!erDRp=}+1&6jG%_
zt4_(-XfaWOOW(fmx(BZnMD#uCs~aZ&iP+tak)4QHa#l{%BL9tNxn^LpUcWWh>dP#7
zCl@Ad$!m12CP^x<ta|=EL+R5E2jjg#Bh~7<GxMUk45w86w7d%XRh@LWj4;4Iv3AA<
z+cWuwj_=S(?%NNNxfc^h^;3#dk+s{(^l+oBru&4B>uH?Z4;M*397a#_NMCPV<oaYQ
z#}ejC(>aPirh5NUDyAOHrX@|JQhJN48)lXC2Hd*p09pNikyq{OQmUPT@jU#;rNRlo
z_C1WDc-q*$Vv?}MMD9uS6&KYU>F@)rwd0DedtbbcMp<4T(vJN-tXF&}(Vg2;9ny6)
zIS8h7DzVi0($}5)r=$;U_j-)+zFlGfeU`c+R=)ClvIEx%9mr4?*yv0I?5740g<D`p
zH$JeVTNK>Y_<Dl7-#ZLUdpe+(`;{kN`(c*Ju@g9m(Y_q+Z-8@Ru{eeNETICWrtOgx
z9n4Ar;i55D;<jrX*I_rdpKRpi^z;lt*}|N1{gb|gynhAz-_>F{SY+Itw?=mPiV(AG
z;k2aJA0LEs@xKbt=u>(-o7v=%c}IGPiKNpZK3Hf~(iCxn{=R9fDVXVwo=^~6Kkc&_
zF?)kDB1C|;jP2Jsar{}&Lp|0emhVSA36Bu$Vl(vY?s&(hUc^+|82tYEiNpQNqtE?b
zqoNJnpD|V^K6E4Zy_#n<*4I(h)@f7Yvozw$M>@A2&1~EV?!JH5`pon23-20Q7>%WV
z=$m*EDI6y}91l%crby5ry_qh7S(~f|?%o=u!Ce`^2JMuN0^t0HRbT`773M_J-Ua;z
zs$mYEe#q)i`65y12ER}%+!npwEL$F|eWX>nJny|~8QoF$`XHUMHKWAs(4=UhFyf^m
z8}f6mt7AtzMMJIk8!M-;zwk(~`AR)Tw6ry}+)<J$5sYUHo`F{)7o2tqB@pRUIO~rZ
zDvpRPRs&Y^ZoNX2?3fh<N@t83aZ`s+pSC;)3rmq6MaqJmr7I$3`<k7NJ{M2QN|a^e
zvV^BiPuSD`s>9P<_=|^JX`>oSI$u|$>zUwijYSR)y?jV1n}$X?P(iN&SH@2`3B_$P
zQH6%DteSF3MbVgNecvXIMsBG#z2J`+;Gsa?0v9BCc8fqJ7#TsmT9mY=r*&QS<*Cdp
zeCZE)*T+Allw>j=s^3(UWhXd#_ETC}rpUf7k<TKP$mE<Ip2($k`);}-{{5kWPCdU|
z$h(g=vy1qT`@F-C&}96=22F0lD${^UZn}CD1o+X>$B&Ipb{8b>P`rPb?@9kOU;HTW
zw}1L@Mb&jpHgV6q-W7BC6{q?Y2u6Jc=!~l8ZXtTvK!3!KIw&$Z<6Ih#)=~%@eAz7O
zw~i%3y{_1O86#GXyng@!<vtmwbgcaq9fP_qt0Ow9$8nOtb$X9G_%>I6fIw|P?-}Fl
ztQ0nddLWamw*E!eiCU^Lux%|^KK#st60hBm9r}$w&C6l?|6<1Ub9_ve>$xFQnnE}!
z0)4{{4&_9+NR9JTL`@HCUTov@R!5{$qS(&T9um+Rs+aN{7g+RC+#tS+&io&ibNq?6
zj)ZcYG^{<><=p8w&#5snx2S<Jy|KQjWE!)?6!jod0RF1I-}vX107q-)lj9a)L$N~8
z;x{eq@1G4eq>q;<E3)&#<0`u53wo-`he8(7N41IB>-WR*m<o)l*dO9VYnr%y-tEo%
zFalPTQsxBB^IQ>IBWUh2m;q=vr8FpIwr$<sX^BmILxd!01ctA~EMIjq<11t#1y9j*
zWnN5CQh!>n(a>&Y1$>~Ee!@3uTE-`7sxYZi$eZ^>pfw)HsHN~qX`e{GuB6}Cd*kDo
z?9Fa{6X~JV{`ND~RL8wb#8Z%}|3&O83xh1mKyC}gdy2R)e@gzdnC1N*9j-R>1j)lx
z96Ss)cTgN9RYOIToW&}2WL!74SVHvog0PrlY;9SX?EEwYhflXtp9}ORp)z2X^LX8f
zt5W!<->yZ^=6-T7b3ZYToL%H43pgIvpvHQ?FfIUJ>Z(?F<7ylr6P}X&t!WT`>z+D;
z<wDTg22<Hzop|5!bJFpkr1CK5*W!tQKVePwnBbAGE7XJw5^;A27NibEf_A!hi#%(E
z<)g!9uXJ3kUtmtWnEwrP4*myoo*}zlj#_+od}0MY*qj+Oy%HQWJxwJp&&opmLUVot
zJN37cyTgB>kj``)GNKcUZ(vZFTHLD=Ct^WfqIZ~1eG-ggGiMz>d$3r2tna%ll$OBB
zeUdk}iK!7b56O9*)IgwpMYOsZFg`&hJ_f~QWtSOaXC8LRo}h|Q<xRZ!x>6}caT>pw
zIEqbQ^kC&8NEHQroyAG%VNEiQOS{Bu?7?F4>xXWx4QlI6K9#M;j;zkUWZc<|`PW~$
z7Az<fKElDv{o^^C{^L0xpLtGh$!DJPOXns|5Ths|%hLPm57oH3ooo=sKb_e77e6*e
z=zP7hf8UzMt2anvaOlJs|HZ-UG#9Ts{4yN2gevyLq@bBSkoJCF+r&xkykGU!!0bEC
z6g2}?tCw~)$#?}OOT;3IjZ~#^4~JyWB1!})%eG~9^QQE*XpS3>=X4JYnnp03M^{;F
z`K#(qad6iInE(KE?oqInjsGU7{iLtqp4=W|iDozQcPH#95!0k6uBX+QUC0fAT`xn5
zvf^APGjUFR^Q%KFziIT?bY49vNk^?@c<c^vAaq0`SJz=8d>0pR5H9=#ls#||GgG)>
zL=uSzv9mg5!kFCrMy{L7HHJ{f9~BLz%&CyFFT9Mhga3felBdr_aq6H&NR@Nmn0i^F
zl1L}fH)@P05-Fo8#YBWI24HA)Sfe5TRqK*8z_NyO^C}bVCfNFdX6y`h(E3AzT;TeY
zFBAf_+&x(3TMgK36ztW_qq4V5QYmqr@TZWHX23p@U6y#iE#{orl1Uprz?<$6;;mW`
zRX0!%@ktYA>Zi@yTBx6iu1Zpj={xb98+7c|I|L>K;bR%Qf}N5HT1rI|9Y!Saa{9&Q
z@HpkFQATTE6GDDfU3i0#K&)Ij&L8b~qlm!Uo&}NLHleyI-&NNU0h+V^h31SNGtL&q
z@ZV?A%<ia}POai;8qR6+$k2+s*2<`s|AT*Z8g@imalj~I?3p8lEF0LwxkAK7Xdh?+
zAxQtbcDlRvW!+wOv&&ycj~n{v9?jMNwS&pvRPmdZofI6*ntOKuUBmVdwOf{@eXIu9
zsohh6>U?J1K0^X_pR$3N?NeZ-q6kn_xFDEl0P|$R!gLS<1OO^46d3LI0qW644*)|)
z0Z0y@u`13^6J}tMmYzBkf~=z<0Sti5=u?0VnUu#q8NlV?K@dHF<P}$BKtXdN(*Ruu
zU|i1`ngxeTb_e4E+$1|Dw1A%qfayJD00^Eg8i3W^NKTJX9^Fd<aM`jw06h-a2lJ=6
z$OF0<0Y^Hy*2pMQNT)vb1DE6cD<J_YK&j0D?)6&{s2{@<_ysQ0y9H>kOMe}j?nXuM
zJ4Yc-WhspZS3v*gj}K6S*0h23*pi4Exa-6p;4gvmq8x+)y#fL151`xtDvkD0i*{~u
z=Jz<za)8FeG$2EAKmZ^|y@B$s3<_XUY96ffN{gPO9<@uWiw=hfqgt?5&@tDso-&ym
zWLy4@1C*jH7_R+X0MNB#RSEp=tSt{F^w1sm1!hYFnAXEQKPJ6`Ljab&_XebrR}09+
zyZ@V7i67qNrOCGTJq81(VBG_aTygcs(jwV`15hLa5@1XOBsfC@>huu!6Ng66*8knN
z58b_ALJzcC?fmsHp%0&ufR4E{0NPL==u}}$=(#6W&T*-^M=~s>?n@p~ifR`wUolMR
zC16$B3LuH+{duz#dI|n=^`C>Ho&Z8}=FWcbIyeXxs4`#@CxA(~`X@}%e%#I=Uyy6<
zkw2)$;{Nsj^(&wi!apO3F2q3+c+#^VOs>`k2w@<9Gk_e#0#>~W;I1qH3xoy1%s$<H
z_>ojy?5|iQ*)0ns1C|#G02f#VbjEWPLm>gpKxZsI2DMfM3Hf7T0pMQD3kHl00J1<w
zYEy&OqJYe7K`<-GK))^(bIR~GS7EPf1JK@kpocH~bFXPXo`?X(DDh&9))|n1(I+-e
zUnz|{|H551Dq<vnRRjz|6lfu2z!)D@q^y#wPoBUO!9fXtQuP254D_khJo#72?%AxL
zm*je|0Dbr{PM+_gcRNlQC&P;eket9E33$ab4cX+wz}Y6F(cg@N>A(q8BOb6Rp#Dt&
zn0$Zyp&+*U+Fqp~)`1eZ^yy_4^=!QjM1)606}Bl7$VfV!*yRNK=bd8t6+za320Xz1
z0zi3EJ)+1<VKG0Z#LAKD0qC;eJj#`I%OgWrFqXpO+y|7DYD*A|+f(z;e9>0CCn8H+
z%4I<BMZj?9azc_vC)FNR#Nmja$xNWtt{#5QQ|JlY0Y0}3MDYU+Fz`ogRIZh}Q;|ux
zJL`!wowMlhcc%)#bUt;Ge|iY)#CR0`c_4#(VxXk`3w4dEXojT2Wa7XqQQcj^(lvCK
zQTtcq<Uuq;)yeM`@rn#U$gZf8<fO^Ml|!aNK%vJmLY=3ep><TIk$>6dU%EM(eEXLS
zK0#3Ms_Y~zUF~0=g}fwARGvjIdC5}&+i@{}W|X$-#1qI-_`fvCkouQ28HsgnErTxt
zf|$EZ|MY00H9dBSc*#l}#H`)WN>DVDrJuJ^`%j;x%Z$Xd)vbS`W0;O(|5Dpsh~%4@
zy=e4~&N>v~rTCS%8)z@O-vJeAe<{8>Ke6!#?n`tiSg_$=u5FbKtv`lev=VsM>c@*#
zq?mtRvMNrhbK|vrDIpFL@gk{{WaZj2^P)jCgzqKKL$Gf1OP=yQwl7gvG6({?|COEs
z`Sy~S2Jouqd&&1bXc4zO1=F4TUzA2Qr#lIX9&JBp|N7V!-S~kev6>kKa|>9~5_q|3
zFN{M*QSfFQ0F8wlCHBJv{6Yy&P96S*-61W;6WHd7*&Z@w{-Gs|UK^2<*cg>lQnh1O
zJp@HGc%70gL=U8M|3tzdvM)K@CEmK@fA|;4dv(X@{2=@ykOmq4Pax@k1RfBkM;-$X
zpOt6_Zh!$_fA$&D=gH<#mQb0p{gFjXCDX+gm?&5P4>>rTrtKJWT_7kL7N*?D6Hm!f
zYCQ_^7tb2bA0DICyY427=e-Ek{TD3+n7=Otr-AI;3J-*K{W<Gm`ScJfn^n{(oXHu$
zLr;Jx1^`b6j?j5NA&?mGTYwIq0b=z4iutioA?R?jlln}%`*|jNK5GYXjn?<T@&}OU
z^9SyEQXb`{APLpLH*07Bm;Miib_IqMdH+J}^@AG<aX3a`1OrBbe-Jq^f*CPza>{Bf
zC4*qDfjUM3lNdKpE#Q#HHlPSJf4N_3-Ay9ElzIhJm=e5oCjtQJK-PAcm>*W321_4u
z>K2~};4^{I?HQ=H0tP95%sD0j8G^=wE&l{O^JJ2u$VH`A;OjiTl5_=biFo#t_;w3Q
zL!~4|@*q2Hw?uX;$+G>`2@A8ANK(+Xrd#5p$n_&@aoy$!cHg0{9Zz#x?dV9&6FI5d
z=Z5=LDkR4}?yy0|FCiMDZBids_;}|78>D_zIJfBD>RS>pk;Up4zGa%oB`M5nlp01T
zl+Z3*A6-Lh8&;S{x(K1{`Oe*x7Bo_W9lw^!OKH}}OHCSYJNV^f|8_>DIh)@Vqh;yD
zEq!2rwd_uH#yMN%N_9p>QD~;hEzu0(&{tP54TOLO`SlWthWs9Q30XZwa|WAAmgyYR
z27~c|nzhbEPqJe&>%4?WF;BGqg_JklExUmxI8Yam5dzN}zl1iyy#K|?f`Q%T|E{)y
zTdZF~*jB?^w?U@%MLNe-nON&(FQJk90PPsl;X)nTG}Ys&{O&r_$*LwfYRGGcj-c0y
zOJGC~O;Jcmxkl-M#$Rf==Ea~i|D;OfWW5l(#$gB1AexuZPmg!N{5FOqDv0(3Ngf3T
zYblzZDG(;Jb`wSGj9U*irrk>j{9tXO7F%=G7_U#8;}!PWp#>;q3e0P}u(qd8M9ct2
zY*7QsqX5C-h%giAZL2)Q?3+^BFp>ADuwcTVr@Y><Oh<%%Ba3*}ApL(>dke0*V&#1p
zE$+pwxVw9cTcH$pcXuduD6TC|ad-EkrxY#j?(XjPZrXc)_x}OjwOA`T*^!yd<eAAP
zdlCqGpbGTB45^Ect-Ah1)1}OS0d)_Q5KxPPHvm$?GCxgWPCw`6S=~*_27-JMfT&qv
z4zo2^ljRK=Y5<2Vz}UUw@ET7On7_Y!Td8R)&Oi#t!k<lw1q$^%Cq4$ATgJijFtz9{
zS<Nuq@DCj_rD`r&aad=<LzaG%)sqzFA{`r$=2Zd+h9!rwd3?aMrOxDk$uNV!yiNot
zjf96Zf9>uC&4iKFZE&+OQBh7DKG`?d<Og{s|H?ZOD&$v2qys^O0NH<tCc<?)gEugZ
z{k{KSkgbXX^m2!xR~-$-(j|El_{32kVh+ax-6p|9D!z7m&#@nbdHq;sf=!cY225o>
zz)m5+&V^ckVzBqVPsC+zAO+B|7L_RY2$+wlv{5(zz>hRkrD%7Y@_`^_;MqLz>^Ja?
z>nUwo2h;7j)dVk5Q5lfJtJDE047TbTp(QEm+Q&tybm{;U^#JqM01N~$(xeI05h8~X
ze3j0W$T*BlXRsgR9>;lc3_N5iz}e)7K#<RW1X2tPGK598ss;4X5QctQ1oW{U-y@1}
zpdd%>cwYPi9<t??DXBovZ=gxaJ5lf*(4-ulY*h_tat$<jO-uYfa6=$G>Bl1<p3_l^
zg3n&N1?o5f&$vU;S)T@Cl|BehJ;ri&v;1@q+Tyj52s&N<{d73-5@I(4c|8?;y_yr4
zJ>N{yWp{mxxdo#~Q-gv)IH`C2uAvb(BReeu_;d)LyD{~dBL=du#OLq>_^V{_(J?I3
zYn&buLhaQIyfU`ys@#b(Oj0cThAhIwFyxjYVk>nkbcglIP~;ZC00lplX~zeqm%gcI
z;G7LzdS^;Q5=eNN#}1FunOr9-!%BFhjEO7`YkGqpNLQqWZ}-OVQnQdU**%&TAvjIV
zloCI%pE{2c&peS1!7N!w_UkXI+(`TY*7CYfn31#_@i5N)I8?t_on&QL{at7;I^RVS
z|Bi>L?IEK21*(>jVO327>R}H331o#Y?IfrA<vUuXn5ovuC;Rnd)*5zBtizV-eI2G<
ztE6|ET8Ta*Sq1$v#g^#4=@rr>BuJ*sBwO!3VY#n)a)2>rh=8C_x<^%EI^T&qOg>FJ
z$>b+<|1{ngig1KXX-AVdy6CcE-W=!t9ygcE68Th<?2kD5S(Wb$%_5wj;>P=(^5eE-
zX$BG$5*gAN)%i6mTxxXoOn(0V@PIMaoL^xpPquhjt{w*a?G;8ClI+h-DNMSgR=J;t
z=yP`oav2OskD3W`x27Mz5ipBNY*VH=)28iaAcge!yM>i->1c#ows-O62c5_1)46Vi
z+TpS*++d4zNftwkzU|gDIumT`y2$@S|Ji^g$&Ma(V!Y?M8u(W2la-RjJF!xUfTZl{
zoEA8gHXI*~u*Q1M)s2pPH0#|CT2Mikv(`M3a=525og~j&d@Z){di$boqm*LY2+IPa
zNGK%2l<H)&k{+OhFgHsm*eR0Iz@iuUMUu<P5$wxY@B@+EDmyqh5{d_(o?UCqyYbTE
z6B~+$T>4Evv}giOzq~GigfLsY<>V@gEkU(;(M0I*XrWRr`&+9^f}Vo+)t)a+mwjR}
zHuJ24UchI3k7(j=77GTGJ>Ms1<lxxPrU}Nt1)5S}?kwa}V*?+7vq5N_47z;eSEj??
zxof-GYKVejpg)onISo#!65b-f*HeS;QwFujsifG}@xF|nz6}mW<l+>B)yNGFCd@S_
zW_Ei{EwH3oR<`8%vWB^Mg)0uXc!7J_P>M<V4BLM!=Uv2iPzB{)Zj^F9GF~Svn6)~E
z(e23-eIe->^}Kyt<dZ6_KQm53ds53_pQ@HoXJM)&$w10qcOELiura%MRQhh~46Ppf
zX|jV=VG3Kj&E7^)YG`hjC%SIPx?sIytiv=dBI0WX{=@g??cPKKl?+Ecre;pL^^qc<
zmO=<G{X(mor~u3EvRNv^F-c6D&>>69SquT*>GO6?EA{9vy_S0jbr#Im1Lx4a-Lv^(
z`#yqDCWPEhvNvc{+JeYGanKgT-JUUwLRm<HhxrMJEOQ}GtNHcTp_z*UD8)eTUxcz5
zp6P#on86ZjsD@wwxtVt2K~08y)uIRupa~|4M7_D$btv39yx)b8cZ(rI#%rG5p~(yB
zvOcTz(cOcdDJg#XZcDTZmmOjw1}*YN2&Sm?k?S|)Z!EE>L?sX@3rR{HG89~}yFX1Z
z#1)&t%B;Xe*QZ#+>~SH+-50-+OqzNW>bki^Iqu}m*rT$oVUgs`TZ34E1B05H982mj
z^{KwKN`kX>!5HYY``CgIstmQAr$@_;)=U~F(2@0gp!7Pb>C?GDB$i!9U-=4TK=Kfb
zpY$3S6>AoV0}mbO%22ZAIq@aaS@Wcn_VjatabQ=8jQ$7ghGJLSq~>)gA@4$$Y*m}m
zV4Ak}>v?i^FkHYvn@CfqF~96X`_Gl{0tX%omHAh-x}l4$YY#TsK<wY0nmpUjqi?|}
z(B#k+x!>trgE^cj6(}NQtH(*Z(U#-pSA{Hj%W+h942uuUU9xM}w)Vo(_&yyRGz*bK
zFU}->0b{)-hWTU>z~jKw{RZ-IrVk_)YSVQZJc;YK$3ts0K$w5*s>I=4I{9H3i|_p`
zYOcpluzdo+@5Q{V)3O6G{XP~#YF(H_+#1?uSlUa(IaY)`pV*cVn-Cs#t`W;=sO-bU
zGNp5{k={(6p?WU#vRCjv?}>blMh0I3Z9%%Hx*UfH)J}Zy7#z_Zrm7)_$hrTM<cX$w
zK?RjL=aE6cVU%9#k65%!o-Z_{kqI3&NJ<2-_Ln3Xj$-|0&69`mZD3QI*fzX18#f68
zkliJeaX;RaHSa3!9>|qqorqBTwP*~lp6fS;5dDae%^~}vDg~FPmfl^VGPi_?X&`Rc
zHYKKe$(1BX^Er|GV#SE#C2Nk?M3?e_i+YjHQFW-^YEp+`l_L!_Vg@BIQZRW*VZpkX
zYJ1|#=O&Tf4mZ<lV$+sk<Kr##qx$OpZl-tU?*8^(v$xK(JnX23>c|x=P|vzGbn&Go
zXwUWiP58x^acmlbcCRImr(exy0X255&wBT2-`iU=Y$QC0PY>nV4nPgvnq28_(1+v5
zRk~8!1jqbYUXE@;bL)rvS?&9s$*Xz-x{5V!%{f2u<L>pwCVAWo@j&;>RYfPd`CD*V
z{kU9LQB$F#jNYM!TkEy^*CLH9>n*)eT^-|odzVKqHqy)Zh0pa{wNHf;U0WgoNfr8+
zFE0?!*_n-&y+F96Jt#`BM8aFBijuUK3X&!X0WOHeYgko+)e>36p<39n_hvr`o71Wm
zccMfuT4QJ)4Y|>f+0Yh0U4R`nA}_#tOyx81+IxTxrAPr>|F}jc27Z3YK_QXslT{1^
z!4cp)9QfrYC9&S<*Y`(ZREz_DOpGKD(CG1vDA;hQ&0rQ@Rr76HpzC~((o*=I6FL-$
zg$bMu2OSLZON$vl`&Shl?byH&pqtbh)*#zpKW%X{jdVc_sObtTRJhXZMPV47u|BoP
z)%Xl}NbQ#pZYoYu<uBwgIum`<k>J<Dg_qCTi-d-BLKslX<9#3>Y+rU5o$1G+q#qrg
z@VsRx3%_k}nPCK{`#^h5^6<BI)8a!`Pa8ah19>?qvUOExx(tOffCnR4ULXqo(p*>A
z9Xh`oMr4pFiwJoWhRAxMYQ=%6Foq%wVi1R&m7TePxGv2@KLr&*l&U26pgW{6A4BR;
z(1X9*9r-uDGy$z9T(Hm#;($z27@|W`5yZo84GB2RyqG~YIUC6XBDF(iUbPcD2Wk;$
z<=dPK=kS>-2&C%r0nK2*Ij@~khpI%CLNJ#`6bzliZ@5F{1ezL&WB=|TLxn;{zrjpJ
z_PkDK3X|sRzxau=Y~`~GNPymQ_r2%`J)J7N$qpb$+9Fj8ly{pQ2KFlX5^0?Uj5%X8
z4NEs6r4=2#G1diP3+ir%{JlaaMY93CBf){?LF*6vo4#c>DHCVOqONsb$~7`2Vgg4@
zU_Kk3xR$zmP=5x3u*A6x#icI+$M&Pjf~1EyAbQu89N@oE+(wS=?+l}hoFompjP&Ci
zf{N54i$VdhbT<}5`n7OU<^YT^=j^kulL1moqbkv)z%x=Jl=XP80w+n?wf>3P@B-Dx
zjsp3$9$O9phtWHr-XdkmM+%77qLh>GQiT{#RYfRNhZH64C&|kM*#p|fK~5E{Vmk01
z5#IcE_{`V9cmi~0hBOy-$R~k?Tg8cQ(h73bK=mm{Xiffoz!#qE2F+OvXco1U3Ko{&
ziFj;>4;0XP)a+oCD4XBBs@q|LtNxO1VAK>L*Fn_zZNp8QY2*~Jt@xW=YZI`K_#57`
z7|3rJ_^Wl2+_pp>7vdS2?q1=fP{XC5*c1fpWZ)i_yI-q<$Th}V!)$IEyqR5+2VsID
zOlcuO4RW=uZq-;_o_MzATs4|*CA=ew*gJ+j<<o-|V3%>=7s1Y*%!Z(dW!er+)J4_4
z+p%S$aTwBmXGN94;-M<h45bcDiR*?Ii{d6kX}$6nFc8ER|GVQz5`fup;#`(G=UZWm
zDURzbDZk~s<@vrvX?Fm&>F`#Vi7%3&Bm6=QfhWu=P6D_cR?Sk<-k>IG$B^(uRmQN=
zakm@mXFrG5s8n4Y#<pidh>}l8TD4oG?e03cRHwF<VPmqN8p-r+g}MbgCo>cS>eo;e
z8I_A3CWCH-&_Eh-S0f$BZD64k$|4FxJ-iN@Mp44IasEo^x3K-$rn}NvR?0(<1cG44
zBlT)SY2NZ9IeCtkvq!5OA0YU^8mKuf@PghF-a(TA*&_iFdNH>XqBLP<0o|Z&TM<Hj
z*wGV=8dVmc%by5GMAq1hK_O~U4K3Fst|He{U1Fro`FL;@r-tG(rxAehrjC~@q3T=F
zeI#BMpbO@qRz19ZTVbP@KWO(AJua1djNS5hfRJ%))mAWfj5YLzq)J!#7{U={z$ttc
z4oQy@@={DYjHyJ7g$b-|#0#0@2uq48b4NQGLqer`d?ld>21*2}P(+8YqQqI|d2|s7
zU~P<*+uKUAju=H@Mx#%KIy&Xdf@gmLibQX!V+vO$2FA+aXY2feqdtz=FzSy4CQ{m(
zt&ThZX~$!HYE@v`x%!+$q_{ahSKYpy3Py@|_J=(mgbb(P&v!DhQx66)iBB0F8sNCL
z2EyjhR|yTFJH+UyLe2m*eB&0oiS#-Pms6^eRT6>R!;=FdUf$HPa()fP>D55!4YOKw
zFgO>7r|siP6qrK&p-`XEcV@dl<{Q7wkH((@Em#oQYh%v?bJ>qO!}Im~E0$81m{LF$
z1FLP{xEX&EUSuCY`{bhFsM*}^N~Se#B}fu<Yy%2dEZ96~akACh)XN~`q^fn?PBx01
zc^;@ZoE>!FEpa4&3`W8v0RMtYLxf~90DOcu7JY10CHMvu8i*)e5&n{nh;TxfQ5_#`
z#t5q`3ZX1hW}Xsrr71{qh3A!xp2?L&{tN)igLwVOS73Y0Btk=2kKt3tyA$gWTx1qG
zn%nI!-T6AL>(Kz!hn}ewH9TLVaq5c#H^jN@#EGr|c#>BckZc-TkJs(=0cbOd0xFhK
zi(KvdapoEYa%T#xDoAio_NOh2fidX)x<aY79<4B$(Wky*$kr7}P%V;`5K}~3C`FLx
z(f*t)jCz*?Xp?qmNq6WwEh1>jLz)ub-^8`NhA|GYMbuHV+1*p1z|umO(OA!y5D=Wo
zv_A&dE3+u+a1b{4uvd5p3%(x;aei>f!zbs~I7zA~0qoU^b6E$zeWg`K1>hCdL!N}M
z_i)n$UgJTIf9Xt)gJ0dkZdF9wjujhwix@kc)A7aUy$-(jPy%FAk`DeClnz)$WC(5x
zJ0$SO%?1eGlGqwhgx0Xc_R@FQvhh|z5aG)re#7A-D%u<+q?*v0v-vC}?}tcwnovkE
z-4KG&endfKpr4w4nC(yighvR}TL{1+gQdjZG?jUxLsX6;r~+Z>M@X9@P%|N}Elt2=
zF^~#Yb{$}4mnQ70j|&KJc7<_eM>~QI`v|0jYgbkR0@@?jJ#fIik0*U=AJz#F4}(9R
zVA)O(CO6c=K`e0BHO{kcbf8d1yl_MCW~axevoe3b=z>_S*=}qdd`yIcP_O%r#lW};
z6dlW@xB#1_)M(*vqHGXN*+*h_c+q1LVRF0`N5s*!QKF;{auf?j0ztwC={RVW(YDz4
zKzs$p-fKi3Fm{wpkS)$VXk9zy+OP$vkt8|Y-GJl+){L@AJi@&PT$Q<Bje{s+q*Zqd
z^F&ccc=sS<f;qee_De_}u9}Yx=DX0-7E;C5vjy2`vz0M`TP{ZGAVZ;Tv=A)3S}gfS
z{vlY{prwIgc9<L02h0atoqB|M4|*V&6JDUcgiNjb*jmuR20e5yI9fIWB(oTYqt{)7
zC<2PNH{m-SG{8wW4c$0K(Q<pF6<B#CYo8fS5H^!-(2@3Si2FOD+=2YZweh)HcQ{d-
z%q2D<8Ppt4KcW?kgE769X9ikXx)tJ?Gp-J}(r{l}RmiklRf*_wdPGo&*09*d^c&!2
z)q;8|7zb=7;gZ?)T-N>5A0&klM1!jbV?_hUUbF_;Y*v~UlNJo{tNdCYCh-q26p^{p
zA1L+wGrJfd+{Q(7FCw-v^I5GJrE<tXx{zxvi4=`>b=re83vlw*zy%(gHb>BEmZga$
zFJ@nq9zePCC8qH|r5-@|wtTU7NE6v}aEDVm-@Sem)}S>N-r=0Etr(G3DLNCpK@CH8
zkf*|iXyg)Ex80UHgjTQ~$gzCQs9DQp?RT(0g+5)}V|e9&mqL+-%w67OydVyhMs3B>
zoNLf;P0MIYd*sEQOZ7Y*Wza&b+g<lHy*s;Cml4Nw^NvbOi!5CL?gX!cJzQ4NYZG3z
zFXCEM2I&&IkPzbWluJGQ!EE#m;QtzEO;6WhrqgvC2DJ)l3Nt7qmm$*Aeb|lqVzVc-
zJLVqS^u)Jsj%g<-#n$v=$JVg72}(%oR@hw9p?M5R=SFZ(#Q1JMOfa#efudnk?Et!>
zG!O6>60vTR`=T4yH|VF^r6-&bc=Ynz-H8rt$H$upZQGYH;+}Y>O3vuszf{WDXe22p
z?_OIrFfu_LV@#1~C*VL3c1V~ZHPABE5y<seB)oI1)VkgBnv1Q5XnL=LWYetyAxK?f
z++e^6Z=8-JqqhF3yy2WoyAWFkHN!gIIf`isQF|rqTkPHo3LW+Ku%-t(@5Qrb$w#YY
z@3=wN5xB*PzU$<Z476SAc2{BN$qPta&KlV5;vHx^z@c&dlTZOMn?=k4M*_G&5>d#v
zfqe??q#bU=W8;#^gc%~9NvJhDb#+7+=@*c_T<ojm>P4h-O}R0Uz^mQ{D1!|&E=fuf
zGIlUq6tYKLA4F+g5Em=o=p6`!0RQx~^b$coO21&nlElvJZR0w!ey2>7P3+yk9mpE+
z@)OQ^7*wih`G<J?d;7a>)9z}qA=H7RnXjof*8;RdbnAfApmI6uAv}YZT*MZ1Qmt9D
zM$V6)Y1k0fSG1d$?j*5ZY|c0I5O$V){%C0Zc)uUp&Oz-sOE?~BX>~n67}S5cY>jW^
z+CK#@6K80z7rGSpD1IC%hg!|U@kjHxE;MmXa0o$MFm${}q*usP!*fVI2h&3+ShQ<{
zy~G=CzIYpiMV^QLF;BiwgRF`wntx3l0*fSp)Nq|v*x?j%OVFS~3l^-kC6`cX3gk%G
z!;Qv9u<%!7C4ra^CcstD_@@XlfWNiI0ZM)G$8imANhHC_e5^+V6}qhbp}Ux&&qLWM
z+hwfjvbG;xjPx|ehB%1sXGsP!1jy=TMXEBbQhYbbEC2y_AIC8VaZ5+dnp7krh`ZK5
zS18>vZ!4=p)CGkusxT|uecZlMfv8*3u64@kmKC6L<qMbe3F}^%d|Bc4iADrHiBF9P
zf)F1uiB`6b#h!VCxVF7Fpkv+T4U_qP-f9o#=4VxOJy9K<ve|$8Y8mA%zL<YI%f@};
zt{gIOp8BP-Y*I(|OZdm&lWC(T;gCH4wl5mB{LtTG+rGr(=RkuAhR{)Tq=I+(%|cOQ
z@pA%9f-P1qJ<i16CHwR7cKGwHzS#zIvPvCrn;Bk9VR<xqkb}59Rcfif)x3WvyxN4*
zY@8->`x+r6_kt2>X$?RJ$sJ3axZiL#<B`K)TN4*MW4B!h)^gZshyqq(;nhG%?q8iQ
zx1holRYG2|We(8WSPF>6G2|ry#_3?R*;4#wFU>L((keL)7wDVs*)1XX&Cp;?rX5D4
zjy33M%WDS%L?Gj4F>Q6huBiyqA2|=nV+F^Y+i-js7o%q0RTbI_kG$bxvj4p)m~jkL
zOHYT^bgPP3e>e4c!=;*awR1)qMcPB&%=Z16>lY;i>;6C#-Wyl`g!`+{8;vwj7d3yR
z&1D4ZKMaX=TGbdpPnYIFpugEG`Yk8;#JJ@A&TxolkNXn>VY|$kFqO>%^_3*T3?0QP
zw<(NZUL+{!WAmj-XZ1&`e$3$_O46!Cn{80kNKB4b^n>k?bZbGrEkV1^m>TWzqqjfx
zd(7eX_eVRh7wv%%qh@y`UNL%qPH)HU(*&rX`BwkPxp*W?WWejh(AZSxNW~8cCV$}*
z{@Rsu4mH5S-dhE68d#)|tgitvTjD7P`R%*Eci>NBSkQrZ{cvkF6qugfS-pA}<wLsR
zU9{UbD!Ya31P12>L<pKNt5{E2Sdf5t{coatC@??!x0&i&#1C<XY~PTHG0pn~QKg3!
zJ{&<`-1-=koQxkXgKNDevnbPm_fX$Lk*g#*ETC@~THGO$C;C9@VaQdoK*2<@D`}NJ
zupfKJ4u+081f^@=C=zd<sR5hvuSRN$i&PgLafxpP?-9#sC||ezvvW?QRa&nN*PKXM
zC;LR*nit`8rux+8&YVacv?+iWXQRuYr<A3ZOk&m>sbO0ZG>8^X_EkP|Xu+vIg}D!o
zqz<|q-zqs6+*kSQm*mxs&D^X6EVz(YV(#NSGMt8MIp%-m{1!&FcAxa68jkT1>_ydv
z16_!7jl8BU;`IZs>68g#rCCUMfY$Fx63t#JlEO4lTuAk=)!a47bqaC;et9RjbhKF+
zoI3?K7=cqiOuxC0g!qFCvu8UHReBtb(2cDM2V!o|d?)-bf(m@Sb9X!7R$dx{NJ=1X
z^EIMCHW9?Ib&u%;v#t&`p4nbe3!$5(B20lMKRYtsznoUbT52=~TtlhWPI56ntFgEg
zl2h12AN*1;DkdBVCB+lpBXV%S`0%|01n&iP2itY1{IJwvpB)4|v{T(-oJW}au-qZY
z4njj>dyC%fJr4vUx~f0%D2gO<i_4`Dm0i}r1mUdXB80=&B5EK7w}uL7xk@iSJ6oL{
zp4vk2Dym$(rpXg_t|M%OjU%>;AK3pUknhs5u3D0#1Xj82G8dYl?KZBDBquE`ky0qo
zdL=AZW~n+v7EMOUUfRg1%~=NXQbl4tca#QfyY64;Cp&N{WlL9%gG4x-s+i=fn5e6m
zAgY+=E1BvlnWF7gLJU#rBzEhAHtM^Vqvn^A1`pCx>>KdfOB&Fd8$5nCtTx412N;Ie
z2DR09H`T+|)k{>?O9Vs(yHSjm+A$1h2=b}7{~0oPO0h)7si2S8*q)#Hd1mDu&|<=E
zX_ulcX`s5K#+5x+Nf4P;98<t4nkVVR4VAO6kjyl4mdaAf#GN&<v(ZNBdZEzPo#=cZ
zVds0MzwJNVQx~+HyvCe>scsKtZ|$-W+@TVK>OaI^m#-JH#;TeJoiVj*hVreLoEYi{
zf-N>pB$r_fYLis%0h`ee?7b@b#i?Dl4tu==M^z?B=lOZ&UWG>;RqF;}TefNQCQj@<
zP!d<OsqvUv9)OTYMRnCy4C9bDRxWKlHRaN9t$AZi_y-Nr!<b06#Z<^01wih`!bPYu
z<wjax)m=W?5~-B!w@|Tk$a`HWf~6SXRs6VNO-I4d`poR$b4fGW7nRhkZ#AVfmCJ!I
zvi01>6~0TYsE7L>2TRmBo3XdcomB4}cN^n3m$@q`f0k^&by?k~Ck*p@(n;+vZmIc|
z!asAp-}19?^-w!e(RiRn^hiP&rD&;h)^D1yl)wJ0G481D4#ZUIo%~$J|M{GA^_HH`
z(cmqMMJ~%Jylph(GhD(Y=jyh;)y(YERtp-I{lblt=ML@x@k;oLSeE0Cr2PnfBi#Mu
zH3+RqOz#?0sHLz<KaT|AZ4mi9)uQe6P1NtW`l3cL^QyIMVRwf#<7|JkUTj?ZRB-A|
zse&=YMb`vqLnL3g-k`}u@_^J>9w@;3!(F##9e^M1Jp-F0v^g>R8)`rZg;z!;j<ITS
z0@P62e*VYg!etqr0(Z%p;cO@L(0Ne(Op@i)?_JFc_)whZ%MKBby+W+NS*(5!U)m<S
zg5vG(#D^3girtu_cvsnE>w5+x4U>Js!_upimcw^f%h9Wf=NOMN1Mqsh2k^dyQsN8n
z*9M@wDMEu|wW1)ubN{`GB#G|Lj#gsZqk=u9qL=F|DUsbV(oK@5mxuRJ6Pa5Zm*z|x
zm!|=GPg&}I-@WS5k$QYUiL<%4glp<<2I?(Q<c2g6t=5S?0?c$BZz(sqie}pzm!p}E
zzpBla)v~&YO15p|@wuFF4db<pQTD>R+357|ez)c5s0hp~8lZ~Eu})&@K&JxQ@wP1#
zD$KdzwY<IVY_d5^DPQ>}^br49WZae+XRZOS(TLx~>rxpfe8r{hRQ%Z6(bH5=cl!|Y
zoIquBWsoJkM#6Av_-{iR5!b%!z$F!f7~3n^y`T!zx$Dyh3`WR{I0?yyfy5OsI?(2D
zD?p#uG}Ty=PTNqY!DC36-OO?By83{k!r4ElC%qYUPT|bU4R!A4tWHhQp4;4cs<)_K
zK=^?0&UE8N&u~^7E3<a%_8>#Fo51f1vYNUDpA9YJ5SxQLD%JEF$jk2v(m2G6%-X&v
zYJJw9&U$GUj~cpXqZ)8~Oe1D&T%t^)4pCVmY#t(0^NDNHHygQrIUawXx2+L?JgnKe
z`4H6l#`WO+uO+*k$aGV$zXa})^3NY}whaCuUohPuw+OM(zC+Qad8~;uiFr7x*>VTH
zw&4MXdS#57dSK5YZPavIH*~C9G#(v7aYWdpMz%B&*DP(|4wTE9@f0mlw;28c$aB>N
z$aCkNY%%q+@reJ|io|<l%nog~%?oFa1h3Igzy!GM9jlA7HSU!@LV!M8oM2!q2Jvs&
zD;0!#qW{Fj;1%uG(rKq%*XK6YWVKATfbAQ$_6DgoM$Qd4Ot;}NrR)1lmYu+lXQ@IP
z9+VNPe_V0R%o|26oms>jRa~YD-m;jQE)1{?9InksQnfU80R$480|fHq!n?OH;psX2
z8|taTZDHgXv%arE>Q7xqtIf?FN=#F1slQ3;VF7WA%^h((S>=bNt%(!6Mw(!$)PJJN
zw)XYvV;%*_)7HYjNgVjo5U?WgXM|%jc1h3#(7_{4KnGi*rk84txLV&H1v$>GbG7)c
zS~Th&mZ(M8wB*Tq4Gc8=Sa~-OhQip2T~fw2E;Zx|1SSG&I?>B_!O(+$9;tTLiqhwx
zlvx|4#bAnjL1>TA_jYAq<ku~6#bc8K^PG=7n=`AL*egrI<xN*d)oZp^EQ9QDad)V`
zyB3XbhvC{0HeUJizt3xI*W8c3_N&I))_C;*bKZFOI_Gh7)!H;J1R1~nO@wWQt0rMf
z_$>Ltr(x@mff0MJJCqKM)zM#7*(UD!-Gf*fD6cco(*XRt=Ph!jnU`Ur=hwUw5r-kH
zS=c_YM84!YCX)C@HoJ4AZ>6`k8U4pcwF8Oz#YE=>qLZWRc8y-aG)@1e@7h0i$*%Sx
zE5xR<?wxL>+EjH(A-egkGref1GWYRFl5(h!jNdJ;X~zy{$7&*}*C16(?&!179d`38
z1z&et9{zk?<FjXp^iyozK0Js%;Tt%9so%|}|M{kjsRJi%Ylc(%xbCA{Kn|cQ<hy{b
z99!79ean;^Oqx`~OJdS<ejd#Z*`8yX#u1t%e?of>Ld?6Cy24S8d%WTZ-(TTzDj~T$
z=%6k!)7xlzbXDj!IcTthUOEm=T#$&>TQhW4VKx3Z#~n0LUGGKC$}rQ}F!kw>ORkPn
zF21xW+_PR&MIfhS=-jHdsKM<=(K=3M&7nG-#&T)d{D<d;fJdP>Lp3aXFnH(WV$alM
zxCVU;X2iMY<Mb_A)P%;ONiay0h>#t0FXiZQA(p4teSXteL*!HSInJo=87L6~BRTmf
zjaIgJ*|$0h$ocLm!}w<?LKqrf-=<tG<f5%>{TO1YNnG+MNc34-HXjpw$HnsF@DWP)
zqA!^!nXA2=<_+%(blQnOO3x;Qxf8_mXUpc**fU*2CwbeGl>8&z+PXID#0K}F@#~5u
z7dhK!y~nCOugva<eZq<=`&pyAV5Y?XB?x$*j6QbY!p8r+(JX7S?cIblXDXX=5^m}d
z$2b|aDM@heh>ZV5p%1>jJeh%|DNPXZOYY;gHB-KGe!=}SJY?f8x?ra$`F>d9NK~(j
zdlHSh$5p$QL^05etGm8fDS}3{7IVPcUj@3-6f~2=jC)M!nil8qHTKil8d9~awk3t;
zl3xz^_e+>#>`-;mz<JU@&rs)W>DFE8)|r*h3rkQ!tV43_ZJ>30w+u<uh~j9T(_|gQ
z%PrFUB4X>)87|hxrpufwnItAe=Q!i9`6~q>(JO{$X3I|u%XM*z!^h90Ce>0)-ESov
zJ^xfFp-Ig#?PT+de2jAlw4BSK6t_IH>_z&Z<wlFZruC)Y?+uyOH7x>$)_uPKGNe{X
z->2YPMuGUiQ$`_^H<B)iy0W4UiMs6LtEcY4Hb}gaZSQ452gjxL-og*oh|7cyjLQrE
z;2rk?vVYhsJ&EL?twr#)Fyc%zW4AR8-sN96NFV*+xt-%8V?JWGiKC2+XcEL&&nTPd
zAfr+67<yqkDv+L)m1!FC_!?V4rIVFsioio_soe=J`&H5Rg4st3!AEvK4w#M}%CrK?
z+oQr48c!J+UP+nL(Un3<-evbEVlFHMb2<d(>!}qgbK9R7`Vs<OvurvAlsc4)O^P*1
z4uP=_t9Lk5h9Nd7+y(^s7>xmuKg~Xs@s2FOecAWV_>xsfvRmw>q1e_j6TSGe<I{fI
z5lfdIQI77*hkF*#bLta$OQ`WzoU&2B-guZNo-2LY&Ah<E*X)HpU2svLC|wK0y?u1-
zAR$j(DQ8K78B*3u0Ug5q2@chVm-J`Y7F6RnyFSqKg8FNBNH1_fCGifau~{$8yNO7<
z9X%|{p&9_w2>14Xdtw=4snmF2aAS}V&{grDn!=+p^l8l2HUCv-0;2VDb(w*I+K=*%
zTEbIObpP<qWqI%o7d1YDJ#hOtix^yo<JxWNA#)I4vmT_<amg+5n}v9opk+y12p8#H
z<<FIYWK@pzr0<VH-ZqoKi5Ai!?0lG^Md<w?@RA5cE$1OB^J({@WwMWIF^{rnKjlSc
zNWIfd_Um;<4yDD3s_a*C5nxjZRsJlnpM!a=gz54~PPGQVi%Rw3XvQz8vzk0okZSF5
zhn8yXb_a@T?Q(~k>Id1L5XK<>+D^ndyXcS?Ieb*rxkUPf&_$hI6*$cSnxnmi1`1hA
zIX>`=p-quMxl>QJlb2gk2CsK~Gsr&Jjm0fUT~;jLiyUM>by!;MI2iF+h_<bC0@Fh$
z0;yeGX4^GZBFLsI@md^=M)~IP`WI-06Yo?T7Mh3(-!s(?=evV{?CST%3vQ&|1#w3=
zwx&iUOd=Jhc$k%GO_Hpe_}JB$sXpk-<BT5rE0tMEBcFvp?Qa#DWl}SY)4A3-2V-0j
zSGy_QUsUY8w%Sq?1T_+b{`*Izn~+bsTl`-oI(8Ittv1<KzlCydSmo%z85peWX1}nm
z9(>ed{P#0Wxo7ExL2$GPjdLG5>i&IhhElE>pnLyM531Ro;Bwzz`Lwr|sSADr?CJ^I
zrol*Y?)u|)_A!e$){e+LR1aKm6&iupUj*3<)HcE(YjG5jlM{F!Q9X$vD=Ai8VTv|(
zr!)>q>frlg8B|e(->IhTFz#$<EE_Y1q-}k#B|7K#*l2?AKlCQMZVMNg?E6EwhmD$V
zRdOeL$l!sULHo=?)hci<Ql{?W*Xue!76&^(hSe2LJnj7s1NS;Pn&#c=LD)7<SS@eV
zyeB=3clyjCc_ULrEc`7!CyN1$x9ucU2l=YCB+_Fzs8U($y*iAy?$kK?>D7BVG4PBb
z(<uW~`?MvbF2<>=*lUR~6AGmMLfvXP{B6nvP|p>((U@b>?(L+S)g(RBC!ltNl_mTw
ze|A3E>On(dFsQPzjuXcFXcDTPeDxsowctXF0IJ>25~%g11gK>lfwSp4h6k5pZ-)${
z)P^}?4Lq4Ig7uXE&#3+#->wa(QbVY^hp=hr1?7oOrLAT3U5mmFM|FrsgvezYgSqSg
zn`{amAL0nFtJ1L!pR!goUBbnl(2tEMb0cU$96vk(^<j&{1U_z+;SWV6OZl^Lf!(BP
z!wDSuTeGTswSA6tZx49%9}O@5wxu8-`z|JkB_jG3uE}{z-jc5illW5-AAM$+P_5qM
z+U?&;DO8BE@0=%vvAmX>ZpH5ZmPsaXgk;-p{g}Pj=q9xqN#Ib8E%XVi$b`%#Rr}Eb
zNti*#{-9EGH;kP;9^PN<-V*Ju<webnX?+%g`XhHoo{yn!_x!DrFegh$m8SkkdhNNa
z{oSp2QY^Zv-W&s|#QtZ@oIeatTgE;B%By&8WqFG?$jOA#S8o34rE7~1EIR+AbZ1fX
zw>~~I>BS9DKi(n+CuTT7V@oC5_mB@M<_YlP>800sS1ffX55pkbTh{f26k)cfJTu^}
zwkGQXyr=kYu`in@eL{{sMPjSM7d<=-c2?i(S?ej@B%IXpPA1Yp>vh<7W4OYKTxSOL
zx!D$!7l|94JiHGRO5Za#TBYYgP})ieI3EiJ4q=qEVkUlTbftSO`hBi61{5_Pd7;b3
z?QnJ<{YtqUi5EJf19x}iEQs6o1Uu%|MF6|OWlxo(ZKg+6%VtxZM7NoF7QO-{l=EI{
ziA&98{7<64lZf^QDQikO^x|{%r)p9^L%aOI*yrD1ocsjNg@%3f6&kp+l+K=`LW%3E
zc<-SUjcfbGUY|4F(ri)l-W7^GW<FNL&WFyeIq|c|aSxX6XbuDLO_bdFN|?NlSi!Sj
z3&Mqfjqbdnx1MIBm0saM$7uHe)0+fa>%UwioX31+d1Y)|OIYnXpHe(Qefp0SXGeVC
z?$_p(4gF%TuP;IiPNj7O@-bN2oY?E*0{dF}$qKn$Og|~U8nVg;?r<$u<aY5}iUsjF
z$6GAt6Hp!FCq;{gVL3H*NfS_|BzcL4aoP8y-X<m{b01TLVUExsKZS3g40+gxlZUSu
zOOrR#{y`5sQqX*&pK&`{R#QfdiHcitoF6nnpOf;_eD3qyR@Z}~TN`M6gx=>?l}W>S
za-Xq04tS2)EFT%?KHhS3SX1BC?XR`fXrF^3w*QSZJ+Zw^(t=IDI>QKC^m9LH7|e6O
za@vA^`oO@O{!qKJY~RAR;uPoJiBz%l@h)TQd_1|#`jCZK={^=+_owRfb<<xpWK8PV
zIQgrizqcsJ_5bQ<)8i5uppaoIA&bICx8cTd5F+>bjy83QtTO}ylHHMyj&}^zUM!Qj
z+>~Qs4c!YDGvl|nGxOd1=ahsB4H64|nCjL%8zJ`6Lg&HOrz}q#o~Po=Ccm&e9at-d
zC%1Z03IvrP6xRzWvojNG_QIf=biBlr%JCz658pK34Li0wuX=6LxCp^)2*9iWr!mg4
z;!e=LSvo$%Y~!z-%^=GPuY7vEx35yin>Cw44J?cHzm*Y6k_G2uzNhEoCkqSzMvH(w
z(t%-5RU{rns2{dOQ}QX@aB7N<SE>Cm(3G$JN<sMmHcee7=%(X?dZ;UPiw$NDjFD!C
zUw7<h6oV&*;dk{Ojf2hf?Gl~WR~nkC7JU2Iny7q_uDz0$nU9VxZDn?uv6P{b=zN3H
zY!UXBDY^;~H1&IDfpsCjnf3G{avLbVoKOTn0)a;FBdm1Q1fD7G7vD%_(1Nntj3w&L
zPc_sG1G;@MPlb)yHW|0U>wVv(12}NRs+xS{apzfaj9o6m%U<Nd(O%>t>-`bbbjk>N
zT8=9w6yUw8Ay^V~FOG_gpJuZimF_2-#Wr%nqFYkvY3NI}Bu6I435xR}8+;>NhIDPb
zv5jKG=u!iV%3!EZun_Vl&C_+<c`r;%lH-Fb6Q?Z8V@=LVQ=qe5-jS|M6Txrou3Fbl
z6=2cr#^v#&)DO}3oY%gA&VV1h7mAU(O6Lr8B_Q%7hY-V}3AgH8t+sh<Q^k9w+AR64
z8qW#G*`PXVJJmL_8=Wzl-q$HNvKudbn&klPEvYY9gV4gLyL+Fr^`J=Z8d9$;8mW1w
zD|_P8mjiWTew2@O{ZlG@N^>Mj4h4w~(o8502}rAUob8BXon7%CMOD<Gm~O&gKJV8y
zcu!?dsBL~**m9lsr~D9F)E9HTFwT5wJ5;U7KZ<G{T}LynpS@!)<4Rz4@W~&zFinWQ
z*kJl3Ot566O>!*+B^uB=F<lX56_AjK9IqmDM0t3o4#PhY7_C^l@K6}D!9*O1<QDT7
zvq=`J_TQ5#dEb6xoqjV|xjt&?F=G~v)T7S`j<|bk2=B`IG6?W+?=M%F9d_LODu9LD
zMnC}3fB?dYC0uz3^@C>3js8%R(KGlzJ%~fmU1{Fv@|WwM3trdP@Y`y|zU$FdVsY(H
z0={8F<&&Pq<w~D^M-z_~Hj`0wl)UL}!@3#<E?dF!R1r}WP3Pe~7l#P$u{aknJJoQ@
zc!Pr`T}aG|BQ|V=$~gR8A=QvE*uXJ)I^*~2%s0^A-Lmi1v2aYkA<%HF=0`bce&Px_
zgl?UM$8|}vJ_;Kz?ARW)w8+7#DEJfh=X$rAqrOhY$`Vwo1L2-~rW#5|T>z|!8qDNo
zMau7=GhO$sQPb6^JnbI8Xr@n7%OrB92g~dvHe8FFfYm-0=I2+l$+t3mo!@?Ie8&gq
zJ&f5?HyUlJEp;|G;a{EcF~K|H@L(*R0I%1r)9?&wAoE4=Rn5NVFZZv;`zn!n&F|e~
z6sdq@`V<h3=J&mt`@7jcjY)ph7{(#krOo+Y@Aqu=-FG=T$IR4~x5Q1oTsD4a%_G!v
zf-m(sAQz*0)XB7dB-a3&B-yMh;h6WbKGV~c0xt6@kB&D72-ki=$XtsJ*_I4<{I2uQ
zEI<@)Qe}diR6A=mZpL&pEbTe)FZ-gbUd5+3#`}^i$@d?r4hnta&OCE*y_dg4je~cl
z6=_ktE7F=q?B;lF7qTJ>QE-5hVQ{^9OVKE6p5!o!r6zvbTwTC<Qk~<tC)*YDssjR#
z{+*3*{TIh;MCggKd4D>!5aW&{IjYsq2=5Z0_hE`We%P=Vc?_5qiv=0|&So0Bz0pkv
zVF{`F8e{!nJaW~rt`r#QH#;TDPnTxQP@JrIYMHEH=!)?U!Ahdu5=Y2$c3F|5$xrzm
zBgfy^Zr9N14FDN=>lGwA+5BL6r9k7aY>wt#)icDG1HN8Ef<G9sn4tHl8O}CY-{kIp
zM%4st)KC_`1UIlTyAPXPp}2T@U2Kx&4@rw5BeQRXe3(>wLZM;<-`kH~mnn77oEP~%
zes?=XjuylKW#{r(j*PBW9|n>#7Ib{rApI|rk=bVbMY0!a6t~Fk<X?8`HP^ZX`|T};
zHQcPf!y|}iPAhr|QRm=1s!5o4>v@R9@MQJfPz)_{kpAkTg8R<!<oGnOi0qvI2{keK
zpHL0<{s}c7r8lrc=6vxks)oN@G1kVCzg$5pHMM?-`tYgJTH(WKvX!(=vV^TQ<qp?B
z41UG0(#?b_D~HW6D7+Gi0dxbg&xP-*n&kOyfBZu)$FQ`oiFgrY8fDbKZMa^S|Hr=j
z7mc&E7dB&C@FP8Hda%209{2F;@*j#*M&Czg{>><R@(?TrEdTretfFCH73l%1h%Z5<
zDK)B6^pc&;G!8u>;r)pZxqtk9S=)-kZk_JkhKy%=VvIV)T1nn6y9Qsa?wCAY{b%Bb
zc|qH=o$-K+qgVLd%E*u6{U7=1oS$3(_|1U`?pnCqT4CO*E>nPx@EI8w=KT+V5e`kv
zzcL_r$M>`3Wzhs+fotHN)GtvU6EGqYfDuvn-Euwpr197d)vCb})mOB!x&yE^&N0I8
zLXfh{^lwpd)=*kodQFZ)eCsQ|x8rU{j4}HUhF#X)guLQ#L8j|&9m3tlW38#{d^qJV
zUHcg5?`bY>mewO`mP$m^gEi^r#HY+#01THZ&Gc?T67EX!)%q%KD)}7uUi$x2pS#Qn
z;mlvgbM-VDgS5U*_&r8_nuGq`?WA$+Ca*{q>@tu1DupANY2Ww!M{px4WhgE+>qf2w
z%U7G4uTZ8zh<jNDfbS)Cl7bkPt_zo{f=YwbNM><<)F(OUv{k4kLO=wJ9REZBKL00z
z0p|2+M$hAWGXTd}WE!~AgM%*p3np-=4jxhzek+KZ8>I)&Ps<D+{Lk{WP)_OwP$<F}
z6r~3u&i+s-^zX(Vw`7Ry{$8659ig2!(eOI$He~73of?s2mT@)DB7oWO>(n4*?Fbhu
zT+`jrtwB3AlG7QTVg{!Bp=0kAd4>L?GZlc&&}(@@PWz-H{4;yK|1o<$|IFUC&qVgb
z_2#$2Emy6CR$bi2Bb+Nt!L&pdDXISZoPr6pJSnpw?N_76P$b}U0s9YrGx~DxJu&xN
zf5p&1v8r6*_+&N8dcNYXQO7#X%*a3d<rU+%4SvPnGaOf!SNye(xf02~J<T*ILrK=}
z&Yn1}&}DvIsTj<=LP;0gvX%2L0RAdf?^%?j71?}~Of+G#4bdW4g~SCfS$JcU|Nal@
zKZYK}UhN%6Dr!16ouAGuFtQqz%!YG{UM!1p?jC2+hSpHV8<vZNF1XL1w2z!k=)5Z8
z{nxb#ue`{=?U!19K+}*jBVnx*CpnXQ^Uc(iK%*=tYK#6qTEaOuG5+dl3{UvSd%n`W
zkW|(t%YQWWF|OX9<e#Qz*zuc?u6CpP4#Eg+k6Y6EOyy6EiYMuOOu$Mw8bdO-va|)1
zyrl`^SaPEjok3oHj#Au|s>&%-`dz;8LAYFDy>!OY&Y%6dPqBv<{3wJZ#`Enof|pwL
zo&?B#KfAnOifjWmTMYpl{Z-TN4Em2%s%4f1H(;b8k+0%nYE}SfB!Se>p-OM~^Iv0k
zQTL|D2p-34xnPv{)k<?y9lR)ahrAR5>l2xQSq)H?q~fRxT%=Q@`n-uxQoReW%k%dR
z(W{d*^Up~-0`!{+&~Ke=-Hw*ITY7O3EM;y4B~66O6&g(G;*t56G_gWexskSl9pZ8X
zKcQHQbx)>2f8_a@XX2q8YKrwkOaJB))2eo6CJR!i3)_waL64+<;HFY)q>R3R0Aj?M
zT4UC&Fenczft;9Lg9$8Hho3SRn;!$tV1Bjmu85_bke#;WClk#Zd55gFNU-rucHW}?
zx@k6YvPeH8J{T0DzI#ktpLrqj3i7v7I|9R({$3j#%ExplhWY-7KWJI1`{Ua$q}VJS
zTca68RXd)&=`g#<Oce^h!Z5{)t-|fw$m;dLF(;#vYY)p=4B{;&%@>}%S)E~+q4`hG
z*mAO5Ah#q9@9AT}%wzTqcVwD|sI7~fAbSV9r)InB#5r7e7WVQuF)H~<MKA3TH-1k4
zLu#!@E5O_!gQ>%>P1J1=$v1U~8;UiP9TkqQpuD~zS7dt)i>PDt*V*c5(u$pG7~8Sq
z`0H&E(8?khD38DUVBn~A#=-g5YY{W34wCG^c@^ZrTM;qW$nK_ql$z&XxVu@@e=S8t
zKnnZJU$><!80mhJODp@b0hcHjJH;ZswAd-9rX+t`o~b<A1;t>(J^7#ZMa8CX<LXGM
z;w#<dmi$}w+|87uf3#jjdv{TG6P0{=q^<A37`DHazgDgt{TxWTFf18wAXpfFL%ZM~
zxQE+su8U|JwTaLq5g^E1*gtxTqVe%JkK{Q<4piDZ`b8_}5>e0&<U~bQrN`4SQ*TgK
z8f{G3ys$yde%xS)c69V$7-oOT2{d)-R}){8f$R}pC2~z{;ZHTP#dcG;D;2vW-yLP@
zTJzIKV@@~<=R8l1rcyo@4y^u6ZZL7scpirx4xm2bi@k0eMIJa4>bfI=TKUSz`}K_Y
z>j{(+Hr@)^t+1Lm8Zk$^@sVIe?1+f^<GtUoo?%vmsz4QRv0>b1q!>M9k}O1V+Bgbj
z5wDaRiHi3vS~bN}H!?lZiql|PFW%S{rFhuezF9bVe}ghQ8$P?1;8@}XCq0}<wW?uL
z=hiKqVTxW<AGJ+%7XEe@g=gN!9Ak|w@v!!~Pxv=<6vuDN{eG0OAEt~6+BKiO1V^jO
z%~r-DHtlSKgc(;cd^EuG9fj*uHYzf(fr@qo0ofp1d;WNxZ{GEKSK+>xIe}1zcUeg2
z#s|sXzY=ikosDA0sE_6;93sOhQpX)Fxnv}jYK1?Ve59=L%Jxs#c;Mf8;J;l~me*S`
z_6`9}h4&v!MFP869(w9Z9`^PPDW(3MOy!$fXTUR*k}|7@-j;HW&e5SKOOk~zwsFA7
zyL*^!+iP-qiyhszJG!%b^u)q1&zVM>ZMFN9Rr-c(ezWwd$>o6d;Vpn$2>F8dACjD8
z>sxgm-@eNaejdY3f56xU5wbL!7!QOIwM^!|+nrA$PA}73j+?oU{T<vH_Q%)PL^GQa
zMCiixZaWA6{tu|$MU3C<2g7B8dSvOnAO^Ux?!C4I>_(38gXt)sph-k+fmnbqGvPxH
zDNpuAFT8`#@kQWR8`GADyg6h&gG0tVGm*``k!@B($2$y_k?r5!gqcK1@^!I1?7_bm
zF=jI}Vx>NKA*!DnVVizq1?)|nAzBY2<*rNc6`Vdawry!}=3Ztb5lJ4o-5Kx5F|$BO
zsx*)`tk67t3f1aYh?B#*lTQRV-V!=J#$wB#q@8?@H3mySpXoa#V|(+l2eSycXMLD1
z?0XbW<RG=bX2fvz)}&FHE)I-(o9pVUUm<f%#}5h&q2IF{H2-2z0zF$AoAD-%k{*no
z(^+O7ODzuKuqyU2o@LjLU;Nf_*vuAzL6!13+P5k&;WLxPBvqNr-NxiV1z{7O5_y<{
zZxv;@9UPraYnjAEOj^aEvR1B=Gh2Dol=3pU(R5+IO^}J3;^l}_<PPr!AM0}d{)j7E
zj~Li7hrm2C#K1cZiZYroQb3-(G<Jj~?#&ZB0GfJgNAC$se;Z=1eMV?ffs)SuIE9(D
zjv*`B{o9^@TUxp7X1l2dRFmdC_cIb^LZDSn-Buterq5Aa=bhA(8>6vk-2kaTgYis?
z=w%<Nm##S9oiSMkEmOgDo_Sw}v8FNR+?VQdTJF8(qR{R2uyG^(XOB&zKa@2b-4Qjc
zusO!K%0eq~rI9Cm$?Rc=@@F}W^8U1s83Dx-cN--Uba8#dZ(06yz73t$kyrK8Ct&V4
zscJ|ScPsEv!YO#K^5O%hoc-uH+Z``sVjhlbYKSOK!CZj4^^JzPK%QJcxs?`4`5nJ2
z8`nMbPpUg;snq`)!{QtcwE(fQuYZXF^?y|fyt;o)Ha|KZVE68D{FfYyg>IE0G*kQA
z?12B#L*Tn>Ko0~<cVsigocpmZp_vRdRuoapb+=LQ|4`ikP~Ab#wOkq<Y=_xRtEd+L
z(en@Kfxau9;@!q+Df5;k`u~+m>BxU1?kn!{x865G@0QoqP--ZScyxRQ|C(gFGoJcJ
z6#IX~7u`#t7PxJm9ps9I<h}AKI!0X5`6#C5o8i1a=;^&%^(-&fxE_?*b6n<-!+ZUK
zrxfwRT=P!tnwSsQZ{MIp>HbZ9+pz^EwGz=ombFsQ9aEV%!$Wl1QKi7_O03B7&sm<Z
z!^4XlMkWIBhcof(j;r4bFUJFZLTk|6k1#T11_z4ZDeVkDEX8zj_*rEjK!Y$j3=t5Z
zVS*9^>KF)0u?K>O{3Zu)TPn|zK=0|^s{0mU(twM9gyAec@y%mlI3%e<gvUIWM~&~A
zO1MuHK@>?-q7_sg%iB|XjN}y{BC8^lFSCjo!Q!Olq^o<a)xAKxYKOuQW|d|FA1I}T
z7GcUpIra{NF&KBxiY7V=$5Fyt4>%!|@_PJjEY-}GN+g=#D)G_6>C<^`H@pg2l*w4f
zE#g$lD#%*8ol8V!I(dj0hwlR+5S#Tme(WgRMCZGFzmAa&&6c^AT&kJR^ZCoxlKl7&
zW+`t^_onB89HVpn<%UD*^>x|FZ_JCHbl$r&SX26rkV|#Z_mo(wszF8Q)Y%m$lJ#{|
z6^pmD@t|F@a^?tB%Wpf4_ltZ(9nYjo&+h9|CB)DL`eL6^tM<8k1b-=W03ScShVV#)
zhunFM(IFeiTp;y!VhL2L<+=2jX3MYp8N6xz|Izgpz-<Iuo3<flX0~HyW=<S4Gcz+Y
zCuU}*n3<U!GdpIGnVFgNE8o5Q*X~wr)z~xLt?ALUx}}<P&ifqgku*>3MIu=OS?_*s
zUf0UY-DsQl?&NC<G^+Rma_cl`*~^b`eT0<dN{#OE(})&l3jMj`RP^u@qZj7W+~rgK
z6i*2_Mw^Dch$^kdA?Sebu)L+;I3Mt3Jc$fsAU_%W?q}FeLZ#OJh*hg+_33&AOx@AZ
z4Tc;8>6@I*14Kn~Ip=D^;qav`kjnM3^KjTt0KMNkK&mz!acwCho#CUu2$lXZ6Dizq
z7R+cOlcR}1@(1)jIgn1a=bI`sF5@x=sRJ#kkSh-G*Mg_W87$L?qi-PJMarqBSdW&H
ztNys9S?=}6@;EobMDi{ht~8*N;aW!;S3$iSd+Xe%sfjqKu&M1mIjyW*Kf%q*EFFUS
z6>+y~9RzIIsh746LWqD`{$TpTePa`mPWO0@@q<Un)S$+`&06YPGTL#L+YNlfO3@^f
zE-6#@z^h|&I)#Tal;eTkKBIXr+2up;<1pZdLfm_6+kKLwG$j%k(^!B*+_C4luPhn_
zcBZR{Kny3XNZ&jN03sKliw40JAOb?bj8J2e8ajYrAR-_k=D%qV4*DQD&VoIyZPbGU
zyFp|T_*&&f^jO_RxEl_6kWlF#1BFziuN%}2r@jhEkhS~|>@tN;x@`>V1w<-wYz2`@
z3ghTS`XWZ${sSBF1+^@JI4F&vmQD~MM;o-vGO@*AR~8E}c4_}hF!@Jai2?O`0YbTa
z2c2M#MrwGN#0Nr{2$jQvw}K{>D+v5T4Z8lgZ{%xp@M7K^+|9zb;J_(Rl{HAGRs%X2
z2_!Z9$AKvUy^nIx)d)a~`dt(*?za2^P7Idk-}>eR0a$22H_D0z5!;kX1NPGNw*nSC
z?cb!80|{93mO#B;TfMUV50d5|GNm5WFCz$<;tlFo9>kaV@BoeF!+R`f!01R#W%i|=
zZho;rY__wa7V4UQOYl^a$$A;JJFmQ95=gC+kFh0%?%bmqk8rX(+)Hkuym>XDvuP%D
z#25N*IyGE(2<p&)Jc|Xo`B)k{B94aM(1ktW2AuIrRgbjk;&A+agyRyfZ-G_CAdILx
zgV7ylwQ>Yb6Gt>FQJl>c<xTe7$xccBJUO_qenpQU8ZyBvH(wV#R;8*T?1PuAl%kEC
zv{|sCVNUXb*)gR;@L$e(1=L3IuqRPio=xd!aAq{TSMRIRlL3O9=JfgV>Rj06n9F}}
z>B@t~B5!t;Vg4>sI-x^FaB6X)rMam-F0<P<{HY=T?x}%PhxyE~+xEDs+cu(s>dfrN
znD=UYb=t-%6Q}8!@*xQD|6{CUL2)?U-_tnUBQ>9KNh_2q#%KZKhg!8c5Knq3Ak_0e
zySZMI$Gm*gkFXG5NsUNVZ9pCR)mS>`lM<uc?m=9|!v@=#VNh2PQf_Y$Qb%Y#vPCI@
zs~cZ8H{}^$P@}~;)!wu{TX@Q7sCbK273H~}McqXDz69x`mN4Ermv|u=UdbMAESVGj
zo|5T+iJvX1qZ0YR*XH8ln;xEUEs#fSt+U~i7gn>_O?=Y=Ch1}I`+s+RYB91?GR^W6
zZ;yrzJ%Xd$n+{nQ-JRBH^$%B!)d7%KO2AE%5B`xikIVNDevi-39GSIV9l{SE(TA&S
zE8d7qEEULh{&HxtyRG(zZ#5IROc&l?JuDu+UA}vNO_N30Pdxdl%O)7V_n*>qEsXQn
zJs2RrD_vTx<Lv^Iy$pKXwc<hOe$-9oD$6%|E)Yj84)HH<DaVqW5WQ0}{cS61`N9S}
zUFp09kn-myV0kVOWy~IF<pzxsr!P0|>rvhUWS+mMiZ8l_WE4bfIY@ONepz<qKdIXC
zM~m~Uhs_=4ZTRSMu<s?sZd<uUMtcpt5#vh@)?`GgyYVq7t~_umQy!WLRf}y=5Ui~z
z0i4;OnDvUu>KTgj<qik2_$s2$EaEG`8EoZy$vW~t<atD2OWPWYc}y-WG9jd74*oZY
zJ~_5W`vxN_M<n*eyaI*S^2Qhea_u!(f*9Xr%O(-iz>&exdZYFSkj$@%ONf%75qgq!
z0t4KT2u~9{D;%ChLY0?m2`Z3%O_O_IxI<vL!wsZM3Y6w&IqwpiPEX)QSrJhUB+8>|
zeztP)ByvQm9T4TpHuQWD1zQm**}&%7hOPl`{l*I}K|{U$MM<tMA(J=N%swu#RiX#p
zt)abOS3b_!!?q-#su(<PE*xg1P`ry_`zKciI0-!)Nu6AbeNZ5jog277^=K&e9umBb
z>dK*nOd1_1PcEQ&wlOCrS1US~e(e~pt2&h#9C|_A?i*CD5~MY@iLHE=F!=meg7ly&
zYKUcAK<#J)u0kmz_8+wdSO|MdQwikG(Awgc;mZbU-#(+1WFm8Nr<yffH*&Yh$4r=)
zGJ<p}35ERy=tizg2#rcPBa%8T%8(i-o<it(2E#Dvaqu<qGb#KG>WpHlBklYgbUecp
zu0x1<uuDiTYtueC(a`1`1t}qdqsBv?s|Z4p!^XfcRqSmvtrV7PW}7{a23El{{COQq
zRC^-=k{~@e?4(>=j^)Gy=tDt9yEvq!&!6=P=$z&zoFI@$dpbj+QE)So_Ql$YNvs5j
zAbcha=s!&yn4oqGgN6W__~uyZ7&KX)qPEGE|LBde8U@35R+^8OdL)gq>Xs#eW-^hl
zO@;2N;?M+ZD;WJOb1&r8524ICV@`0_?l3=1?<+P*T=TVcx$!V*uYag2+8Ess{>2Xv
z{zdVz=j;pQnO``QzmG$%4gm8|0v;QG?7ik3llWBxJo{Bm=nC7Utt#prf~tr+wbz)=
zNR|VdUq>E5r`J%Qkj%;4KQ;_nr^;-kguv8JEDl&VK|wh}GSYxqs45dX>P*1>(^Rb}
zQ=qJrJy>s>H>-j^S*wRW989k?zT?>ia7U8zAfXcETSXWNQ8&{nR)GW}zjIsZ0lU$O
zJh$b+YR+4xYS!Z7Df}9NS#9NAlV-M2k}dF%MhTPqT%&?J(NFpFKTY%N9XWOr`+5L2
zE;+YXDed6Kb~oa>(8F2I$x@mbzsTFeCAs^2q~fCpfjqk-@Jh}U7}+H@;fUr*j2F2P
zd-)*c)KzG6{0YcM3^n2T2CuZ#jlXk&He>y2S)+<6BwQ__WHV#~o(B<KGBHWrw4hYn
ziSMlD4#r2=6*UxUT^<$<CIDN>iiE_9Ob_-uo`tzUfLbkc6Ht0e0N%s>P)U;QPIBTp
z7RLnN=+Fd|dGPJ#mS5|&jeVW47YP%I=5}D&+MxE)Y2N074zTyPwK9at&WNVlSRYWs
zE_+U`y%u3)!hFbScfjRW7yyy@q~@P}A8EF+=XG`RGjE|&-v-W32qruKg>ajkuKWnC
z1<A(**HeTZ$y3P;349r(!9l9PyoRc{hceOEs%m0PK<XGNR+VVxLKcuu`s2i9hG@ri
z+$awnU?2zW<DbXK;SjwU0Y|o)=w~m34DMHb2Jti}WXlXVo?7GbW^G(Afp5teYqyA-
z;+#2`-u!KawawK)*vgva0=rUq@P#-(n>;S7aUr)cR&GS~gq2<H2@KiBMQa=D)*0r#
zLHhKC4ItUW3g0DlxG!h!dg*k*$UPs8<M@NpjC*C%8D$&UY~85mQ4lw<Qb?>jIjh70
z@$UP}aGj0f=E5<HtSw09G5mKYg1B!IBf0rxy>mkA8^DvP=_h15m%E>f3Ac4OdMj-M
z!}e7`W-=r}wLRif?kr_Rgn3h-LRnERwf{)A|2i(z<?j<Gn5=~0KvJa;+X}k~#cXse
zOyb@_!*CPGtq|^%XY$#1&BGiC2ji9J#P_GfXWx$@fbbvwSK&Wd5{MJBI-vnGW;ZWu
z8TWfiu;4UDsS4@s+KA27YG$wRDpd1Q;<fNod_Y<Rf?-n55AGsA@z1w-&xt!=#w%V@
zp0M44)+|%6=?hX)cEFpJP5t3hMUQhS_n(cRhrSJM@OC>k$nL8hk&~bX2<eU{r)n+#
z3qd;rZ`81-!u*p5VN0hgg{U_WeP9Sn;{2(wSd2XchVk6b%1C6vuWKP^j18^hW0`7*
z+aqS(*9-}$EeF{N<m6wpi)dIHh#X&wfhub}+E~h%gMagDc)sgrAXV|2PR5;1*NU>5
z9Ct(G1=I|we-&j;tNOsmu9KU~9zq-1mF+KW=|I550;P*JQ_{6~mwoxAu36p4!d_as
zd6MewHL;P>nm(UOd9N45+UWM>8F0u{jh!}cN}TV$>Rh@SxcoaC_jNC-^Ea0J+$ml3
z1a@t^%o~YrOXuXCM<BxalEhRXe|^J{vEi@v9B`m0rJ&XHh2ZRm!)gXT0(lRE@hO~z
z0X5e<bvnY$>Zz<%h+pVqqo<MjqR}Bk1sr>&o?BBx+1Dk>DZz+AqNn=DHl5BPu{U4&
z87xYnd)1&JINf%&xDNh)*2bI__&rdhoYysNLwntfZ(r9Z<Ap<ZUYT)p#htuLY6dQ{
zs5y;2%=%9YTH=v$69!R<pF|>vFHzV5e7p`w>)k9^cj!D*tFomnPVTm6d-X@^f~2A!
zye^lx&}r~DFM1Qm13%wi+{gf}@j0V;K%4|3ZEqM|8Es*70MtndAE4#eRFMsTka5=G
z>NLi!T~phdU;;P&ljvqcp~GrW>$&=f+GHis{$j<z_FbNFSl3Z*_{Z@xL6TWOY)}7@
zW-}?gZayr{yWs9GP3<j;Z3lEmaA@5?@Y;0Rh;bP~64p3H#5GPDZ3F&pVZ&=Q>t3t6
zx7CqmQJ;i@qV1u$>#uwx8ea6dbxpgJGN5?jrd>A)diR_C2!XBWu`EI>IiCpb3%Sjv
z<-M%O5T8f_zxk#Zr=){*Q(kVZX}MIFe}^;ua?-kuO}RFyOD<D$-Zfg<Gn_JK?e2HB
z=-#!x8n3y#;vTivt54STzO~pB|NAaA%VOuGJ5BL0ceg}@Adn+KJ?e}+kCc&sK!Nt=
zMSW9a3CSY_G>C2!U#v7f-yz8WP3<S6W<~=N7_#xUBk#7Q^R^O&w%>_u`6F&NW~(+Z
zermN-Lp0hed`WHWNOdW-DCZfWpT3DyGer1aLZs?@YZXSc|7bu{Nl>J~KFWi)n~j(s
z`=Kxboz|gxYfOqYvSkeG;PfnN>y(nFi0NfKl3w-qZ{~3|nDCvF-5R7goeug`2!8Z@
zNegah3;E+!iPi1eNV%0Z1i5DHQ(mo=zGp98NkT_L&gImPb^d+dY5M8H-FfPC@(ZIx
zDOK{fzsn3HubBrw3>tlpZBkJ#GJkXQwBE}18eq+%ZcXlQ7$<l{iET1sd$nrrUt}6`
z^tRUKc=giN{7rtvtxc2<a?x{y!`2HkYh{B|k_PB4h|FpJ8d$lXeQ_=c*4TklD4Nq3
zyAgf^Dju>BE%CP4x)}So<Z$)Z5%7L5y{yM8caY{X*dvHXNJScTiqd(>HiL8?XaJ9h
zk?@1OU1<PcHRaXauv!h&ZPLsyVPvu(z@Au095V3b{MlUbT>knplD_xrh~!nI7!`*d
zhb{`Z3JgQ1E`wVYVn5H}#|+x}!|lhtr5cXL<Q0|t!rhJ8o}nB0*$70ToUTZ$B_UYm
z#>^0546A54drk!f;IA3KltiUE@EN_7+@(5nSiO|sO>hg=`_7wBa9=d|&Qnfs=YUFb
z6Wn?&zVi=kTds*Rn`CByuYrUzuBhm|_JW6+z3{9aHQBU`BOT*f-(pV{1~2Jx&UA$|
zrjt`m!n&SzUT*6Z2JP9g&enNAbuGn(A%(-K)8i)fXY>k1qKoa$B@04wGAifelPbdQ
z?cqhNTj-`E*ke>y;h8IPkcGscSlUHTW3Xn9YXY@*^AV=6DZQdUe|k=@2s-b-7K~p6
zB(M@XhHANXt?*H4I*~?Zy?%*mQDC_Hc8)W=Ld5s;;;iOIQ7Uy?-1iiIq)>t8sbPlu
z)_sL8;6ty#+I>~O_+XF+14D0q!DjN*o*ExUp+J-!S1H+2oGu)F3RYOD0MCJ1nj^=!
zKy==0#5+gzWqF=lSl0I!NmF?XVeqU;=asf`3xEu14FY;izGJn&s=Y-=h{qvidb`Qk
z;l1k77@bTZ$FA$)#+e`_?q*NF1x(r8RTqG8+(~ENo;wPPWF~v7QLu_@qFRI6TSs)X
zhrTrB5$g=SNPB>ZL=iTuD#w4_jjCkus{S0&yqEW8#G-5{S={meRiI50MbuBHYBMfy
zXsMP>b9UL=DntxWT{l9#G(Rgx<xI@!@U*}oP|8TF_Bzk?U4<T#pEp4^;iIOzYe0J1
zohVVAsB-dK#a<!}O+-yekeukIMdR2CeV)lv&g&kcMDuP|@*bkaZe+EY;2jsytH^>X
zt>H6YB6n8IQ(>PI-X7W;328(NIXEPCdB1mRxa%K7UdjccG6wK>Eh;yfSWiWaM;h*Y
zqWwukYo0NVt3yk{`ZM=I{)=<$w8Oiz6cp=#^=A!Kb|W^U134wps<xQP`rMa8DJ6Rt
zL;dE8<8;26+huyD)-)j8ZPIJ$h95AEv`=XD-)f8OuUP;k8uqzq+=mFNKu?JyP4@@r
zp>dg76sE?SVjsf30{$qsx6n3csW&92j#I@v&sYdm%c}ZTOaZ5dp!mfmOW$lLV>$)Q
zqx*SW66c_C6g$6iR;4=R9$5*`-z^G!*s345BkR;eE-v!PjHT7D7*NA?gOQG3Jbu@G
z2p*yQ?b|}WJ#ie1z(~RR4)`F4;9YDE{@W5#WY3abuScdj9Xw!jC%RO1?iVjMKDGmP
z<oI<}5M!+7XI<qZuNF`ap2Q`ozQo${IfpHjsB4Mv;Gh<3yE#+ng5~^oS%Lx|B7e_&
z{Zmpb7Aq)FtoQw`IG{Lr=~|Br*Swz)6m+RBKkyWnef{tze3DLQh>0JYrlP$tzHI4D
z<_=86SRJv~Pd+d-V?<#Ymyr(09J*#u_>X~|ZfcK~^<dX4C1rQxvs$;UJI9*>_z;Y;
z;yb2d&xj7v2+<FkUQ!Xm-);e(viGchIYTb#FFEh!?=<8RDA=W`+4so{aucgZAUo<%
zz67?0!`Gcgs^b&K*3j_v>F^N|_tS~N@Te5e?vOs!6+jC3Y8DO*z|Df^R)AFe*Wn=V
zVt^<;5=xXPOk2hL&QAO>SY;(ApTL4TJzpPJ4l)XnD9lRv{LUY0zCJWi(L@x6r)FM@
zPqd$E6RE9&v*$9)b4_`wnBZCxM2fRSY`wcJL4(*$+N2ts=Rbw?faIz~LFXbMk!Kt2
z(S?N_Tc;A}wajgbIFzEy>{WC2M8DRgL?YA?y#wWF)s8U#YKJzJggq-TCdO`v@$U$6
zMf8s1NpWr$*8zVwyi0;&TK9h8y4AYNJ7L-uObHez=xx+y+>pb(BS(G$ta7{j34Qj*
zNQ;ddc;RPLo9@oW;Czodpy$sYJ82bd)+5Boxk&tZua~)?@02_8r3(Ef+Tl?NL}&dW
zE{?0;=gz7+B1(l-8C&`DzX6{riXgD?R>Q4Tg~yk0O-y9FpkDzg!Eedn7fLjnFyQmn
zRrrtg<`h|K6?@Nta&%UxbuVa)^qIFy<n^}tbhDH?6}|6D52^V|%Ekq2s$gP#R1Gqf
zw&z#w3Pm#|%W=$rdp_D)mJI0DV{5J{nOnMyw>`DUF{~1o1UZk;j5%U0Q;mMa?(a##
zg2_#jrdY(dNgN8nQMU)F3o@^PoG7GLWn1YnUSu4ls%tCSdPKm@^j~=|uS1Q~4L(WJ
z4eYN1FM5-uaeLG=oUcV~R6F}G@-xY^->w##o*`LbrZGp30Cov_bwSw6ZVAv7hNm%*
zP)h_b_?l;mDuN6-WELzD2pVN9a44$EsUB-T;~)Nl_fe%JLlw#M_hpGKWfN;t{c0JN
zO-V^OqU|tj<T3zzOo?vzt10r3FLSld!LM%n+*y_)^`~_#pf=nnq1?eTwtrS#ZCqWW
zJXteHH7f=$g@Y_3UD@~Lna)A4B^iH2y89i~?lkCGMR_4g`c=qVq#L~;Zg^dXi2t+F
zO~Q$(QrmQ`fQeQ7+`1aWq2-%4vRu7XmbXbfjipum;6H0o(`r+j@2pC7i@41gr+A}W
z)I?f$R*AMu)C4f#>M%HeSpY3P=E>b%;Gs-x=D^_2{&Kw3PrCXky{A*}SNW}dnxTIN
zpy?qrlg`@z2l)mSNAK>1h!0ZreuQDsnyvyCoR-3ElS1v1I_*Jo-ah}C%P0TKp9kk8
zU-z8N_vcp!bBw<M?0{dNS*v9CTa)fe4ajWTVW5)u{Z>T`a~W{>aP`@6$ZcUL$~xC$
zCtHx)C(P&4Qf)5xO*W<a=yP)*H8-pIe%+$NR`AILW!3w#ILuD)DT7XD=40hY%fD9@
zADJ`$|26-4b)29nZ{?y>y=y3{i(#?Gr$E_g#|<rUJ9=llRNDT9hS!IGVcWk4mxI+^
zd~COgx=D8Vq5PbWyXPSnS30@F^ulaEwh@vJ7x^6iqhFKt(!4)1O#bG$+^q91o5d21
zN9aGnTxJs-O?%O}sH!z+9gI?1%y*dWcWGw#b={R|Um+UM$+dDecxSX`m@BX+ZUK+E
z%I-%A1InD;3nzeo2F&oeZXea?e8fv;Xlhp?ry%SY`Mp&#EV4I^zdHjhZXD3Ww32xb
zX^+w;Z+M?PvV=UQ#WGA{oaM&|15T&gT|pOT8(})gj_3Vc$#DURMWVJ|G!IcZkn)mv
z?K{@g!-}5NdZ_J&_Ky7Nh=1($I{Ds5u~Y<SXv&E3!6i_O@5f=pCN||+ge$FBd}jT4
z#Bxa_2C9b#w9W*b=*o+_E0I65=b)lQ-CQYVR7J{M6+{{v+1ws6qN_w<&S2Q9HPO3d
zE6U4e3++s6F{+sgG9uKIeaQMwBg`fu%51pL&1s$ztDqYkBd=7YruL)n%SI%R=dZ%X
zwa3Kwg1%P{yQ;ZMSF;znk78(@$iuYu@>F@<CJ~t#zfYIRjS<=;V?ZZ%bxs$%97O9T
z{~K^#GMD$QOFr)D6qRs)bB6J?Zos!Xmmwp<2F+j4wpkD~w&&wo&f<G@ldM0~6QQ*}
zgabxt^CMi2vXgjIX)SUlZ;U*qUtErKQ+Qiws0Tl?F0*ZpCfg~q#^h66YzJpx7Aowe
zo?|<mxF^>5!=t#`k>55XvTGNdFSGU7B!mynK?9w_Um9?k&6{Bo?d(2A*n2gt#iJol
z+CuTM`D0okEHAFilOdeMgWa9X#dMUYMB?xn(qnqw<)|u^7awG?pS%gX%;r3rUZrqp
zQkhmf#C1Kg74ncLg=d@TA6UC=o8-v1a~ufFb+R=>u!#WK{1EO3e{1Q>4%%aKJ+T0G
z^80rM9L#dFC{nYcTLanARn}oAvJR?Dy_|eyI|Ezk1kS5m#6G*eGlTt@uS6N~UyhVH
zp=+6#fa!1Axis9!mRD4!l9EcpoV`+?)ejKBdNI462;*HeQ(}GbVda_(!${Gxqi280
zNN2lQ{`6_J0{{=7lEbLBYu=w8)fsai{{iU(PJ_p6PFofis;&8``b}iyHn=LKI%MT^
zJUXei)aN_nH;0aU<QCX(e6+Kf3JYlJ!jwwn2Gp#>5EU=$)Q9VoG@OQ+cYYPW3X?Zb
z!llvD!u`mw)T!PWt?Hd-WW2zpzX8^{GVgdDG2Jwjr2{osHx8Yf5*#-Z=XY=UH8eBS
zD!Ss=NSDFk!Xt&FuV*Y?R8v2_Zg%n3g^;a_0~{D%o}}9z%d`W*as?{*{kBhzK{;8N
zc1|2lf;}tB3n`O=tKC3OtF>^{YY(+Vlr~9KP--DnW@LqGpeh=KdkV-$`U@7k^dIg2
z6A+17ch~yQNe1$HiGbWou^?)HQ?R0-U;4T_Wz}n)e0XUr3O`Q#^X=6_Vy&8;m3-&4
z?3kYmrlN*KBg;1QgH=EDo{UdFjHsY|uar>?irWn5eg_QFi=X8v4zq5XWB&dol!B+V
z*v?KlL~nk|q<^?Jv15ug6}Vxy^mzV(Eh<*#RJk?RPiv;rs6(*wsV|m9ImusEYTZhl
zBGQ^TNPBg}{kBo-)G47Xp#_1-&d4$X#l`tplgdl~h8CoRC6ca4+^XAa9qXO66asM(
zsUzS?gbRDD;#q}ysQb0y2*N9JIHCP%SaX=TLZTKB%h3Lo8Y~J4viKb_0H?Klk6yP5
zvUM>`b!ML7PJGN}fZYx6K4vdZ<GVg;mCOm8P}T;bg%9SZgi&AJcmfw#1~nN{qBw#j
zpEwgPfvKxGA}Zrz4HQ8Vm|kB~8We)*>?<K1GndvN9T&q!U*3Nd;}2kv{{D<TL^ZY{
z=X=W0&Rl&GM3a|p`zB>ha3jh?w!=dS{uv>CJ0*@0f|dF#DO1ViZG*|Hy9>#9p}32|
zh_uo1=SHcf@2ZC9p$9hr7M3JjNU8cUBJk`4W3f@emB{h?n`oa*Tq6Br;UOZat`EoO
zUaS=fj;BHM(pjJsAh3pp3Q24y;_N-hfP~fc7j;eE!x@*Q0aDvRs}+B|)y-MXkuA;;
z-ikw3#fSG|*hFhG-G%|~22W0`4P(D8vz)dMxPAWPT>qL3^0n#&oNtu#rtzLwO%!K-
zb|u_}r5&WF0w-xeTyw?W#R`V`=;);~Hrvw#m*#HT%nbSZ!}Pr=){!ie=_Nvxn8RbZ
ztzsK&)weMs3Tt!T&B^z*FH`5FRjJIn-&8uQ3z#BRDFp$o;LV3iC7k%%Ox7HFRqarL
zE$yQfWD^jVARr`+D)_bzUHKa$S1A$4QIk@(Rs=#3Izp8oO2=BG5H&<D$hK@z9y8Ox
zC3I}PcL^<+E}9`uji7n=Ab~zrr>bK&i%+VN<Zn?xb#ZsdKbm!An0T0_)bH?K?O7os
zQbdPo)+oM8=Tw@SYTEH+6H%h(VdI>Po@WYAe|v4V^`69SH*ftpE9`ZrpF#TZ`bMX<
zp_?h%&*z6Ob$0(0IT*0#m*T0dE7YAWxx{MYEd&Ph6ln^KNZd54zGY|@?VTA-IOSfz
zeR|QBSECO2I1*KJxUo*|eXRUh7Z#xPp3V;v4AyZlk2{g)3>}0|Q9;^As8UgWmjkc+
zMP-{Is!p|n2JrNmjpkppV7r{mUT)i~+c%7a`cvZ<u7zA-89HgeVQc7i%_60}JX4SL
zp(Z2IYkhL8!ASIRDyK3%!~vUmj;)ciES43}4pV(V=y(2eVYet1-9(vdufoG`sbwU3
zXdK7NYj*sRt%H&G;M6LW(H44gF^C#^y2V7~w&lXESp8W$QX`|;OC#^f%xPK3xz_i1
zx_9|UuaFG`#e6|`<BqvkNAfedd(qx9?xNU@L`D?QHeq$YMu1}iyKZAWz$O-fDOWNH
z<!aJg3S`tm^w5D=Tn{6x0TkYjur}N$Q%gsTI8f1!JJHet3H*MC8IO1$=Z$#^4o286
z7p_I}&0Dg5ZqpCNVxyi+h8g?W&@aR_T9DE){Yk=fD^cLR+g2I&AJ?PJDn#L(=Gz|G
zYeZdLmg=IB2rer0w4w5w_}&BL8$A$io7|rv^kLR0E&yxN4?)!*8j|fD%57u30k5r!
zlD@2G_-nyf>BQ13q7}!0a3A`G>Kn84megQwv33?f>rly@w?$L$;s=RGmgLHxbe)kL
zM)`1eEz#w|dW@fd0GUv@L5!edy|^-_MI_BPqp*QzXnHye44%dI8~d|=*4Yr*=`NPa
zzNzflb`SE(3s=WiGH0fbmOTtx=P~EcxBaJ+fCbjxkvNmMVPrO(g}6Nn(gp+MKT*cn
z8u}FOphQWVFeNQ#T^M?A*^p1Vvc6KX#^+IX=TRo>>+WCk;qLlnK|m+T0S*h2Hm>=<
zv{yNP+v^B9j&|tm>;hTT^O<R1p<s%xF)8AqX(fa7LI3v!i^xJ2nn+pY%0e~Bv8-xT
zi@wuk>RP2|4k}nQ`k(3eR6ATX{&Bz6=j3*NuD*I-di|{G^|@$%TDr_8#Dn>*nWuEV
zP?%q6qWtESY8i-dd!?2@*o)Uts3lK%+(}pxa$fT#i96TDENwc2CM)gT%j{wVN4l}C
zzC7E%Cmn6<*6i)l-b#5i3k!?+6%2x%U7xL#T>T*KEKZ!Ecey&zIKFLdJF;PeHtsv!
zQy%c)>O75d=mnS#>G>FuPl&85r~f=jIIV+Z<8nQOJTSXcp;@{p>Lr`kX7m|3?ji}Z
zIN4YhdmP419w$~y)?!BcmQcL9H-7!FJ&SuNqjm&jThjX0tlll3wC;AcO>*bx`iJfm
zS-4)rVrS!2)-vRPxD^>sH!fFmDtkz3VRBrdYBVDvQ#0&*bnQ`L>@}l@n6-X)<lqd=
zh00&I9X29Q^P&K{4Qce??9h$CV`BXgZ>Yu~E?x6xZ&*z7eY0C{0n8(#(O=3#@%-^2
z+zDU!Qa5-I<<MQJiXV{XOilY(?du_()UU7IMdF_vIc^~w?cSa(#oNy!!CiV@m~}I4
z<(#zrR!yG37f0u@809lV;7U>dS-(9G7u&{eCZLbXhC4z(3ICmMr?-Uiz`&47IXi>K
zDJ{0bNWHey#cF-%rKo;PIeF)FUovT<RXsAK4d*DUJ{p4+sFsrptQHOlMcghz_X?~A
z5-lGJyRachHh*~hOH_%Pa7qcvI{8i1Iy*e@4xCIm>R&2C)C6tvf(=8JpNh7*@M_?F
z08E5F!ARV%$-zPb)AmQpdS&p2v+X`Uz~A&#<@Wk-us<`G>0muW$e`NfZ*+SVIf*R~
zAW4*_3vrusssw}`8Qy!ZHm~K3yTjCT;}#+?m+>8}hag)MjRN<ilSwRIXL60w19BHF
zBV$Lw9%+?`8SRrrEp=olMCi3C(K?ZQHxrf1ll>0~YTPY{!7WA?qYtcsZL`83`3AeR
z<Gf}Io#b6F;a`bRFTRr5`)S9lDV^qVcjzRThn44TkTAADxryNIoXpySJ&sDvIJ4o*
zjIEpH+;_(9D6Pz&f7d9;G*U8e87PwU&^q<YFW<t^9<fq!@9nU>+Mb*<u(r`I1)AgI
zJ+Q4;p3_|GYi6Ni0Y}s(rjyH_mli|3Z0u>Arw+ZRo8{5!8ZFv!Yv_A-7`|>eM#AH}
zW5++^avJ!Ut<nU%N7FeK<ZF^O+A!c1R`47yQTY3EMv9tcpYB}-piEyHrO|aDapdiv
zYcaQ4SUQPLtD-xp+<z=2pqf1L=wuGs@34u5<W}MO82HhBdSKFDRn=$1zm?t37BgnF
zz*w6rwhY%rx(;;-#u2T!q-NY@z5|Qe?zO|TmKUU{9mEGue%u1LWV+o&F@7doeQ0$g
zcVF>M11$6EPnpHB#AfCSj25+<*!7afM)V#D{h!{iy00oS!2~{P{EJajUNp_z<1!{E
zv#7=s9zH$DafT1j9yj8eYTv<41>fx>&i=#)!~`&35xjS=nSsmZl*{q-WwL)D!ASl~
zMt2!aoSx`-a}){HRwatpcW6L^Z8*YwOiKyp6ArZ^!O%DBG0Frtl0pONnH>9i&H_Z$
zv&5xV#ntPJ=`AgFp<I9S0jb|4FEG&RZe*#+7M;YY?V{;;sL42M!!Ntk5Qw(}6v=Sv
zw4vr9MeVX}zFCW+>GfHSBeW5XcG{`M!SIxbGHt`xgYjd$%GAeK$W}POLl#*75Zd$n
zgFgjv`e&N$&-B`#X~3Uph)WC`;E{V>qikIxxvXiUtm$2#fl2|xHbcF6#wchzY#(Ja
z_-UFObH%c&MOYTtTWMNrF}bOjoPpF!^J8UJ=;H`K=GzMjp45A@fujB(oc)^uiq!js
zN4N!aAh5%<F3X|(aZcFm9v0Xsp3~MzT{dZ^^%?nohB1Jt*30N%+f!|?z#s!f-%+40
z;cvA@DyCNMqMH+$Zz)NKs}u>ZBi?v-w>(a>NGUn{^M0RYoV@Gei=4@&-NkXn;ICmm
zS?(AL2vHYP=BbH~7~FU2VAzs;y=<#mtN1o)8%ed{Z|RsPTk4E8N;Xn`j8~ST6rr4C
z*Jbje1wW#wSk?*^M2$trArwwTDOxzlu4Cmz$%;8Ww#SRaIV8XzUpAcsE(ZhBWz=39
zjF!2vcSQ}3M#{hBkd!jH`e)P4zBpNngDQUaX=E5L%r82>lr-!D_j1ho{9g+=)v6DR
zB7xN1feRy+#i*rg$_2YX>5+=M<T6e9k%|h?TC(C(rz{p7GUro&C=wmg=2IU6?SL7v
zYLsKn!P+QZ*<uqF`&V<f1d8w3m*z5>G7}EpwCfS8q}#qT^vN09;YXzxc}^KEkwVTd
z6_A@SGgrNxzvd^hn&hOQdQ=7i2k^S#mvybMydL|v?Nizh8ODdB7tx=rH$?GMqjOT8
zBV)o@fc-Yk+Em_?r*Fnl))i23T0%NLkWK<Uw<u#K64}}&s&^uUOVlRynZ|Vm`a`<d
zGA^qr^pPIY^GB~ZrsdJYe{neZ`-!8njO&H)g0L=Zve}|~T2@qgZ&PM*cPa%X-pv{Q
z*XiWw5-zM{IgiF-V!^YxXlOo6@1p-#qspVR?0*}lfu8?YBmd(sm4A)+XlpbkOlLmn
z6R*UF4LxD)x>rU_Q$FYOB_-}vIqxzGE|qgQv5p#zhw9<X92$1#2exf+uaRE&lbcy9
zpCR2Sv*nB+`UCz1Sra$wS{CkwT=XNAxDSR4ElPD#0Exa-f$f}Ov8Ybx2Ws2Yo=}K!
zLgFse8@MCKgjS(aYSgmNxWj^GXKj2|42E;#PZ9eqhLGX*@bKgi%_sZL=<c{~BRdK9
zuzDS{dOHjGXSp=4iBO}%9B!v7>Cuf6_SIACFY2ZrQ|Rv208>G96f`^SmZ^g>zmn}<
zMwyJ|uSSjNX0ji#*L5b`A_Yo6y2-oh*~aKJ3fSR}YAE^@_J{HI-$nMXqMC;FI2x#i
z5W>`ZoC6fFwNslAthX7p@$G;ug!^a|qLM(yb9lq0mG&ovJ$ydGgzvN5G{@YCcJC_R
z8^Rwv`g;NBVaYtb)u+eiIkRdI)}3Ltc<>Hj^H(k4MIwOGt)eWX#U96G02kNdo5(zv
z|0g`>pDi73hHD1^KJ>FgD(C$h$#0g0Fd`n<`OQH~2jl+^=Hz?IW`lOwhhHvAI)(ph
zgBKjDksyhRRej<v6MMi*jO()HZz)!#0glLsOsGb&SCP)3-+kSV9ut~VLs2)HAAPyM
zrmG6hX=!Fn9{A1S@f$J+f(4;?S)--H$ybe)4<gFQzudZpi4m8j)~QFZ1;z}XGI7I%
zfcq%oZlmbt%l&947dWmhVTB&=m>9767Ck{$G9e=T$5}|>+mR~X!wT&HvL6!*QY5>=
zw~_1;lj&Q|pn_VZz*?<KoqU(^Lo>9yogS*ac*iFQDk9p`J|Fej^7uzL|A48#y9jcE
zI3$O1dY>?gh-zXP<tGJ@9o3}~v-5+;5xlPSNR?*!;MiuB(6r~{CW~~FpRUbf(vdsy
z2|85-Q&hD2l|~i!&G;qK27BW6m~Cj6c6gP%?m^8k2jrDBhr9XusecuTS)I8xIf3}>
z&I4sTu!WIn^bJ}~<+&-~=RN4W*;`GPPzwG1Dc3i<zORYm8%3Yd#scU_2DGbZGZF)L
zd6km%+dpm{GCUde{0rkq%8X=-moR=B{T9N_N*%^4%P$n4S8^Fb6oD24l16;~jg<LA
zTxN3+*NpZv?uWCg&oQz_nlY8HIgfmJvLxGbF|muDr9rCq{G*%Ez1YdmF1p@FF2CQp
z{o?35k)2`oSKyDcq2EZRvnJ;fc={aX7d^Lvo1U`Bd@t!y*poN(Y!*U@)>8o-tp{9G
zph#eyLd1<Sf2W}0Pt6Rf!BNnoPROx)0>69l#=OTRKBpE;V;1++`C&%QOKS(x%=?+i
z0BeB9-|Gnj61@nwx3(e;x#<7LHrW8BPbhwFm_meKRA=@1mo9qMkV7hgAo>%}sE~kq
z$Z_h|YJy+>Y6|EtV`Avc?||DHdlLB~X^IJ{LD1??MbdR&iWtw$1a8zhB}{C)S}##g
zP+`kgb~K#?k$Zf1r!<5$)^3E%NV!RqRrI;oOpQ}Y+r`*z5VTjONo7^8Lb;xsHAJ&<
z0n3`AN~0j!>L)oo56W@E@n4ocw2%wcx--6lz}(Ins%Z#5dlx>}ez|bmyXf91=73yv
z4v)3bF?-w8m$R=l8H+8Yfy?PrGQmi!QQ9y@0wJ+pawA>&188`dAE;^rKSH_ei72qm
z&?d-?!SREN9BdPfM*6M6iA?1jJPUc`dY)p)ux8^wmJA$L_7IGew(l#fR1Br+rWxTf
z=j*w?+fBSb;p2zC<oUCo(~ZkE-oyFjWc<yVcWM#m&C106KejfcdCtlMobwpPB+M2g
z>sxf=#8nnfEi{6XEb&H#$T9p9HMu2*^ow<zH6j!!`;bnZVQY8Md?EF#hNC`{N*eQl
zrh(I`^(?q*DmE**<XDV>vS7>9YHAg1KO-M~<#7rhKXhzMX7Ko7EQe`)4FMnBn`Z>q
zraP6)>EFFG#O;UUptXBGN`|aV$t9cbVn6`-h{S)-JIp~d?Z)G}KJU8T=sWfMm{~cn
z*RtJVOOu{IQH-#dtY*L@zRn0fDO2j?KMVID?xZC3ZWgGg09V2U^aD40WD$O13iHxY
zz$gT*Tnv|Eb^K}N9RP-z1!&nypH6}%4-2Oh=swFE3>$A83|H0olm=93eJT;4N(Kl5
z{@0Q<2i@Wne{@!g85;RhxZ2%%H4|>LI&u3>6LZ!G_(cJDuIQBth!n~XF%wuUW1C)}
zWIuo5fJt5!rBNdD=pAsw=u#7p5V)m8P=c{TP{Lxa1(?+3LR^3`nV;i<<aDjF;#;cv
zYN~h-pzsDnP7wM0)=w*XC_|dZrI2Wb=~l0voyooKu0v9J!*A=;{kfLb7oze8&+&TO
zs%4LW`1i3dI5>%-9}CE0r;MoMqg#t}y}nMT_X6pkSM!dbDbT&IYdDZB%h+wUHe#1i
z<ET@@60*T|ao8dYsj$0KVW`uasD1RPG)utT7H924)RMF|a$Z!!!e3r8@+xo5-I(NE
zHYV%wfs)GBSy|F}<F3JL@ba-JWFFuavTD%mXJ_pDzi$VRx;t7E05qQ(Mrc~w;=jgN
z!{_apMTtH&7sHa<4zZagKbbisAPp>IVGed5L|$Stp<HCI#}3QD8U(NYRK&KLT(q|U
z;X~Pd7JpIuhZQ{P8i|rR&$tbGbBq22xO5kluefX^5FLb@Cnle>H?Q%`es!`DnQbvm
z<CWAmoN-%HKFX0!m;U<`YXCyR)03kkN0dGkJob9B<_vb`yd889JE0Ffl3wx7mn@7z
zpUH2#AI&2RPf5O}k9*C~SQ}ZF!*`RW{Fk-l1ee{Fhb*WdK)fIiZ*66uXzzAJirN^7
zAP95aCB%q7b`b)<45}%VJF@yIU#W-;zhUcDB~-At>EK7Q*=JHys8MgURS&~l3Dt1P
zQve^6!i+X!9&eF#V*jJA9C3i;qN&(<I}`rYW-oE8&Y~#ji);Ev&AQTdB8K0Ay_I`#
zTI6EqIj`dgUF52ZU7a^OyI8ZfoawJsmlz{ek?4sfc9NspvJJ8=tpvxIN6V!ur-SLA
zoHgt9BPsE5Sif^x=UJdW=pRSjP@CnH$X}3l2&9jm-hVghpItqK61@_d;A0-;lDKkM
z^WifZu+zK(C|+9*gj{I1q6O#51eb9s&fEKooRnX4)m-U{{9a66@wq7pyUu9;EF4@F
zu?)Qb=_EX~6O@b2r4m<|%-69xhIK$Ls2cbhq9^618N%vQLq%&m!)d~iRrG9)q*829
z4f;i_Tpx{r=p5)~G~pbvuY3G0V2?Fa<;A@pmsK8~;4@$GQp@I3!*a^eUv_8nb(Lk<
zvJlfT@-m@TvMqs$br^@jNEr?0h*FmfiN-!h^Zk+`)8VJLP*o=NtoX^zpI+-UVUI-8
zKm$n=kH^ZL&PG%D&LtZF62`+%K$98}N!&r-@G6zzc!}Y-<rjzn;E;HnrM?a=htX!Y
z(m?!TqA)1$O_*57$yMz(XbDei9^pi7o3`9@`j~E`|5gA1G}L-A5=nWZXx?}B?jB46
zc<*kUvCp$ZJb7WxvmtMs9|62?dk2%Nyw%HEeD$03s^=tk4ewZMup%$ZGuhXNt)wqH
z4q-4lZ(ebc4)H_&3>D9iW5V8mh>r20nNn5X9EL}6&zrHzw?`j~^N0SPk4RY?nkW@z
zK6xn(tdlk7{w+yS25+LYj~bZRMa&?qhtvod6RVotaYVnk;9jC<7hWA8p;{hz7Z5?!
zbp^pE!Ar)>y)}K3sS~%W>9Eqw`|;EOb}co&?GvX$vhNLlilI(qr8ZCO#z(l+x9@3m
z*C!M!b~Ho$d085rJKksmJyvmA32s@kiD?HrqJ^?cqJVrr%3Snzt5P9Pe^x+XN#IM5
z0`X?6z<mXh!@HHvu8|ycKncxRZZHf5gut9LL>}tY8b}y+y!G){k8fTVLSE?@e609g
zOb@?sZkU1jt|jfoQ(xQU8Rl5-XJ&v^b$ru->|w*hUaQl@{p3$0s^t)3Q)^Ofze+5b
zfPq!E@<q0>UifBP>t@>y_wQK{SB23=S<`VQCJSMF6)Wz9W_Hr5zDz_D@)GwF86KE4
zf9;bV8zj#q-~20HSI@{Fn>Tvi9~>e$#~I1`2EKZIE>yD?g<R^Tw?Al#A-$SikvWKD
zk7fg7d<phE)a7}u#A9BsLnNH^S`Zd}?!ejmli>$_bc~%+%aePT|0b)NfSx2SCX2>3
zNy>lE<(}B}8pneGe7T6yNzW+BD`KlYVv(3u$z2Rw9bM$k?pxDD!L=~*{mYQg@I!Cq
zkR&mL=7+?XLJI5x*jzpoeD&B|=hPm1SmsxliB^S~Ry1b(U1FHaOHsE+Y6aD4(|E_*
zS7lUSD=+fpoUJ*l2W;#lW7la@qnoeDyol>Hk(12?Vz*&*<75I>j5|`&pZ=7(16U)p
zQ4OsRIe$xzw)9=%+m$B}*Co9PWYRo1GgR{{=cOyzcau@`8km_mxZAoE37UmGe^)W2
zekOz1<^6dznrYE)+AuPjjrtX{q%Otd=jv=38RBUoOQ&vV&1i{{b+vqRJ+~YUk+4|L
ztq<LIy}%P6X{7DXCs$6%ZZXlmpsSQ<oXW8Sj`nD(wE6u88*mjF5ya9dh<1liYUR=P
z2SGG9#{-ZH`RTy;<}DI&rLNc;$?z_f_-m1NIP6Lf7Ik6=c<DIU(*h``#d|RNgWs?E
zF*Dm+o~(6EuI_5vafnUTgF^>xuJ&v>Ei)DR13NR@@dmCOKaweVHN}+RMIBbU=W7j(
zKXq4ZtWiuiY>edkUZe@(Jak{Zx>fN4-&E<gyT6r75}~18`=29!fefW7`jH9_GPjhl
zd{_)qrPYt^**cr7-czbcVqXX15BxMsnpjO%<04YoG#M_bQ)g%3C07;0K$lOnl<$Ax
z>8^Ow&^WuhB8#7;)Guitq-Ul;*FD4<(<~mfmu|x<HAn3qC!t{j87dFJECPN5f))tT
zz|;IuTZQ`rwbjCPZ1A?hr)iY75KWRMR`#8^+Usq-MX(Z~vXu+olmC0^DV0qx(4`;M
zsd*n%#ir0(;>&*YPm>ImJuIO3n>BB~FhSty?V4rEblr-O{V}^ti57}HuL~wGwmEct
ze!qI?jD*+p(a?xl7y*s254ZesBWHUyRod*nbLO*;PD$!6JR#K529iMv^+Y^Iz>i-`
zGzeDtJYepdNZpam!2APyB_i-8Af6~>AU9AJg;n`N^vgLSYQi{;G4yrtEkrK#E!jag
zX}|sT9dWl*4m?Y7vKQ^Jq6XetaX6FVD^gClYEHvA<o#xN7x9vZ(?i1E%<&wS`n@IF
zwh%n&b_Y6^JB7g4*>a;^a`=*)p<BQv%Yg3o42#t;|52Fo_OHK_P$l6O+l$%akh#=r
zT?cBtCu*#vC#eC{vb*ElmX2w4`Vp^ZNC}sI)CcEH5OXsQLjXpHD;N-IK4Poj6H4>R
z!nK{;h#&&BhIGnm8;4exS(`Jr)kijW>z147=SNuPN8i(!e_yLr!gb5yALqIN)kYG}
z$a9!%rGoS5MF?jcJMew)F;YkVCC6EU&5uK7zz3h@`7zDL8{y*KB<bF}PFg5u59;IZ
z^1R-wFe_lmCnz-}I$8d`y2{7z53VHG=GGqt3k2>lPWGvK`cM{5H(@UbF)6eap<I;>
z>6x_i5CKL=zgky;+)P%D98BO$Dj32E*U_R=fTL@60G&x^FdpSNxHmwFp87)<5piw4
z0@X7w`b(8khd>{JsZwM9X27H7?#abp0M{Y4gVDU;REZA`+wT;SIcunCC|eX!xN@VZ
z=bgD>1XjD{@*$_|y=-mSrVl0;zKz}bkSQ&Svm|GEZ~adm5+T<T24(3czfCUsAx!fv
zfRSX4Uv~>lfNnH$@Q}%*f_71n=b})_6-8<c6ZVJHsN2{Yl>vBwWG?tpMM*+!+BH?g
z`O?g$muMWn@4z^37m*VVLHF))%r%H@Y#J{@W`9FCYql5(dT7SU2)8lOa1A?9H%yx-
ze~^&UrUp%i7=%F1fEpACNx{1#I%dPSypavqxtM1ae0LBqin;F%@Jb1-oH7oJqS(4*
zR^<jx05J$X5cb!Dj-1Xx=^PA&)}7_rmVc?jRtf~lqb&@kGgBm<UPy$kyPTO_(Z}^T
zMJ$~da_o2?ZZmmHZ)F}Xt^Ty+F6zq|H_S*{U;w*Pkp!m)ia5|pUVMg-K@dZQOXi@X
z)t!d%p_Px3%yA_IM}fQv{KAN}kD8kufuJy7&wkG{I){;Dj3ATf)|%VL;BXNAZy`c*
zik2E0Tmy1YZ36IT!Yd0(pt!_!+%rpU^OBbO)+f4E>)-+pZ6>{As-h$3mDG-o%`MC9
zlxxPz#%CF-tuSS|*|A;G4HEuf#qOJ+>IR)EjHrO2$YQlfigN4*^uiC&5vR<c7M1FT
zY?=KXWJ(ZomC5&t>SUba!m|MRG<tM<npu~?EbGD7@#FpyMp^nDCbJq2h$9Q}0{J0E
zn3Xb753nq?rP>ml_~Wnot-(;};K)i#N+lkfC-vev>qWDiwb(jy)Tg~vx!URM)&;xo
zrFp!UDzXyY7;X{20v^M&*d=uJq69AwC!I7(0fi3Jgnn+`i$2&$oo;Ig8x5uzt32qt
zoScfg4oc>XXLRFqbk)SGOG>?lheBz?V|l0^^DUR1ONUR3k(KJ3&Q9EV{wAxecR!}>
zlfsEJ0B;C<lV5iNNYU_@UQx)+pVY@3KB5$rZzH94$>^7l5}hRPG*fmm$)Ry#@S-xZ
z-b-%}W*+vzKwe3jJnZ7zA(}i{^dl7!h6#hM@S(NODD)rJ+wRE%%0e6kRiI?14Vgn=
z3ccuUHeXdZnP-0~_1~nqk|{Tee#r*8j<hMswhxcRQeVFxy(YUb8H)2Bnc*Jk9_Ti+
z4ON<FyQH|xi)R1No*v{?LO@MeBiqHsfZ{gCq(LsEL)Pk3!V1e*B1eY1@rH3sVKXZm
z4;M**77%NqC5INnzh;|Fje*6q>dO*^T*sxvzb;Ai>n7JH>?z;<3&rz_#R&^`dXX>F
z9L8t1U`RAi+@b2jL$OP$;-gn@!yHSp5oj|W#~<ipFpHxP@*OzkIkoBV`ihJ8Ey#eT
zXp{4^d}f4fYvkk?H0t!+xoYomGBliw|2g1818;>CEpiWsZNvFW)~qn-S12+QA-O@m
zD_D}*iL)u!ya{oxn&Q}*R9>x9(K0B*@!V^=yu_%clOkGWYJHYkQ7uI#&(`cFv$%wg
zmX^NOQEY7!6iy&JYR@=`G~*JuRu^v+8X~(6k!JyaZUlcGK_@>!pWa1gzR8iqO~mei
zmDEaSzKKueAh*yAHl9wBpQF2NrmYT^>mP!BH|)6^j%X+z;cOWmRhS=j^W|)z!W{LQ
z3h&D^^i-sSCKvW(>_Kmz+%C46DY$rU52p7FEgJfp-<0e&IUC0H)#zkz<0N4?Tcdo^
zqE-pYN(oAG&wbF%?!?+-_n?}!TmrbSW<&!@z$!-%@OJnqPG=%oobzkKkB|Hj28J+v
zj<7(TQPRFGvM~P%XPN-7u-m<*Uu8;2+53t@JwNcKNVkQYVI2br@#_e0nXclw?PW(l
zmrWVMx-7%^Vh$<-{(j$;a)!P>+eb9ab2cB<9mhh5YH&_l$}jFm<}d9L83LQ}54mIx
z7>d6Bdq6Jm1)#vO7J;=R3E+=8DBL=w*!<eb9ZgwGetABGOY#7g*MsTb%Z$hRW6CBK
zyf)qpWJDl);!mw_eX4HT>hWE77>RnjD8rD;8GfA>&Y*JQ_JZO0|0sLQs5qK0d=MwN
z1^2<--4Yyv!{F}j9te=&?l6HsaCi3!!QI{6-E}AL|F?Vg!+zOws=KOt8cuapb=AH1
zdG0NzWzr_B^Nx?LXsUe%oOTG%7)hT4+0>e$i?%%KJHkCx$UI+53E^KLnBPxe+mE!W
zRiQl(5~H?})XCP_v-ElOUJ8LF;LklZRARNXvBM8S*mqbV{Q1FmZcHqZzuSDdw~Ccf
z)x?<^WAIo9Ci#hKQX`~tO_yy5gGhem<uFABheIxftkq;<yRCa3ziU%7HYOEn@1zr;
z{qn#8;6+3hcsyacP6+xBj1m4wRtrH7!N`q0U{#E~cEVq76S5_NUeU}Y*%*uMM2VR3
zA42h#_ko@ko4N*goXS8}f;@=$6b9pyKtu=F@Cyu|fnk8wFKiEF3Tl^iz{GOq`XqS-
znR<)FS|18ofN~X)IeK<I>sVQ&e)H&^{qXA+kU&wI@8Ne}K^tuf7b2_=mB?=#SaG1{
zV5jXu&+m$L`t9^n=fbu;LIa9b6nuKnJ0`wNEFEmY2mX}5o33O&w^ZDRV0QG2q56(=
zvSa6OU$n6z0mXNf4t$z41Y}E`vEO*U429-eLchBs${SVG5=(hbm%cGq<r*hzv38z>
z4KhQJ1ml4g6W<m3Wh}zwO4KyBp`pVw9Rbk7oa{G6Z(yY4YplQl=Q^kL3X&#t(*V6)
zqil{*p;KD2=vDD}<q#3qi4=&i4iYg(F^st^4Q9fw1Y|s;z;2t)S56m9kgyxAZl2EY
z=j`(UA2yjP9fu{pqt-^Vl<A$e*+O!-guDSEr?hEoGKF1XF$YEdS21J<@?D!{;x++V
z+SBgSW(6H;OY;a5bpSephsAVyyo6X1^jAEu15*T=^Y?J`Fzoeb)rVO^qg*OZ%b?hS
z^xY5=wuY#`zb#XdT6CNjC<vH6<lM+<$ZRXu>I99=MzBdYf5HoPcWC+c2*-UMV#GvW
zwB%*rQrvgA78^_NvZ*NGe1XQ$<+-(n&&^Y^t+g?O)<_1~k**O?E}@bxnR;@zw;jJ%
zE7|2qTjC!rhWN674domo$YPIbobaAq@a&le3(Q)7)MPchJtm+TBXqq(=GFXYS}_>F
zTtypD{sNWxTGQDlWBVgKP!F<ZJ3$7C&?iaxcDc<o_S-@wN!#%7z`st07lM*U%=Fv(
z;7#)5FZU)?A7Y(HKT!9ggut^Ru;Rd`MFo|aI?GCaTIJc3TR_~1d~kXApilNg!!e~t
zEY0+~S*DtadG0a6<+&Ur3zV0pIkd=D;_z9K3YIbzgYf2NulAS7!_Zd-Ipa(J%2{a2
z`OVmqd3h@HH>4WeNlBF|y=iL!jA`TCrT{hTUl@^zPDKCS#PSQg7PUv0o5XRbIa*pX
z!XYG@c!IZ5snXnNZoj4HRZ7s5N#HKenpi`yhu7c|CI&-h_B;*zwrs|LF>8)-?Hpsg
zrwY81W!A3U{?DBE^wW=pS8Xn{olRI0=PCDwY>FRoR1+kWP3dBOU8ufijkQ^g#P6#I
z36O@K@(4ux%9wke*rb7sPq(ls$pp3@4gPuu^g5Kd<j^YSGJd(f)~BoSxH}=5&ZqL-
z+C8akbk~j1r6x^r1G)0*vlazxfd_^R10nkiqH);v%NfiW@>&W1^7UgludoCaN$hsa
znta^%;%fs7l(DCgj+rwMvZN9Y8}EHDzg4Uo74Ap1azYr4ZN}xy?7f-RFQe^ETih(K
zUt>D&Ff4*u%@J%*pdL1jA1Y52*ObI#qm)iBB2>_9AwbfRnUj-V&7et@LWsMb0nqe@
zSJWvOe_VZak^I_rwWbI?sReuJeW&qKdm@+Yq?ab-(4|iPqrW0{m|626_3K2l98m|9
zR`LL>K8n5s;MRah7V2Ep5WKxGpB<IhqQJ|d$GfYL5vjF^?U-Oa%t>!W^zmte7luQ5
zOtQKC(sIWU2KgD!rUAu_4*|lzv6JIsdf!@=YjXuvus?49$-rMm!-7~En6npvyRf|H
zM-4F=C|J-!Fp~L#5g!&HOEQoGuptYX+32yLtso0^r=lcyuPeG!SDa)Fu%+*58Q<Lr
z>tl)A=cl?(o$`{~N%G?P19vX~YQ4PnDmRVKwp{*t&=USpye?AZyN;abVmWR6XynzP
zB{0ZdQF^FhXmvu6o{2CnihIMzM1A+kRGQOQV^2TML}{R~!p2A(bv_*-^;iF|!81v1
z5re5C|3UuWBY|{n3B>Dqc%wK6g#m<}k2K#e%>|z|!PXzyU?e{68ubwpys+4U0#q4X
z@zGYXjJCr-U)t*Zj5tqb!~$(}iTAhDCu(vJwK@JXsjkybE{F1-rJ5|3QdgWwlh}oS
zcGb|Ew0nVhSJ9%H5rmRS8Gz43onclRPR4hRxq@-TL~+j04s7dzc~S0xS;1Hcnt|Sh
zZ&&t#u6mKIfvD5iB1x384grK5NezVg)u8fG#%R!>g4zhE{Gn>OST&%J{g|8KY)<=j
zpKFxp24qS4q)><FU#Jr&I$bW8Z8Jwh%TdSsiaqjl^QGEXLBQ|)Z5TztOMl|Q@#4J-
zVLayQZ)i4;X|pFU@NrD&y#4y%d=_IKO3bDqoybMYY;87u<wU?rvQ+=$@V9PTgWau4
zw*4XYZSBmU(NDBJ26xS)B9G5C$TDXOk(ghDrUCumHHm1UxWpndzaH<7|BBqZl{<K)
zR@*P(mU{_iJg56J8Tku+_~j52z2KX;Ixf5YRFQD=<bBfAH09W`giJwU-qgfqIBMh@
zAfnUS+N|g=BP3FoGNAA;1Tp{`?JKkLkPe0PDqAo;l}y2T8%5LxmUMtSEJ3Bq>ORm;
zjH-Cm3EF|DJuo*gMDawq?SXlaX3o?ORPTYwq{Z7nt$~_{^`y9!7(!Wi)tba%glT`8
z4oC8sr3g_hF4Hu*L*tL?Su0nNtdC&HQ+$|CTx3k#3Lz?ke^97HgB-Y!gA{Vm7}s(y
ze>eKRNc4g|a<{=Xinqx%$_qI(H@OnDSD9Q$bz=`4UT?nRaFP3UO1w#&`Idd1oY#=i
z<X-?4YT~I^aqk>eU~&lPm4CR*-r*BwQ(7!MM!JOIvKSvSdY4H4E=5If()5{hVWCOu
zi1S8+b4-@Oc-Ba2>{bSEv@Gdj&nTsRES5kZ4n{ifp%v_nj5e89-sPTH;J_etmYUNx
zB4#k%Z)Ed#!hvODIke#E>Q6nyoq^Z=#8%J~jWl-P_rdYUwc}7;Pn#OLsD<SyZQULU
zfzk$z*ID>fJcj@l{FMMjd_3&Vd<X+45yC&S3m|Q7p-^v=gnMDYMf8?t2786WYd>nr
z1#I-P?;_}{<_6*RnQMU*Y!T#3E;T?pU<;ZfBg+|cLY`L>+dgWK??-UXh7qpx&e@V5
zOphui{`|q3_EbHYjd^)Y-ty8ERP!5qt9uwzfAe-YxLIwa)U|MUam7U}JCA34o|uZ4
zh*5LFs$yPik0<|H^CBztTw{}xU4vqFo&*xWG39r#+&xdC+}|^j>Dd8SR;WpAx&O%2
zAkt`oY>`{42Bnuh+b@>?6#ju9ivr*wF8S%wZYM5ywhM2cl^JziCA2M&Zv04sOwCHZ
z1*O=I@%1OK^@;{jUEpZxi60kEDKk!~F#dmM;}m3IV<Zyr?z<D?51|Hmb$p7J>G787
zf|W<%-PiVA6S3bi%yBNQUj#(tB*7Mp=*}V9fkHuB@k=yYXLX*_2WpDjqFCo#ihsW$
zX1+HrU(5UOJ~S!pSgCO_P-9JA<u=>VhPeM=J<pZ{LBp>{Gd|F0362k-<X9cVrUfs{
z??9i4<lXb<D@A<JUjB`faHSD;0VQM251nZrK3!q*5U+Ly<BR6&BxRfa^v<4F;@%W0
zeNL#mFWa0a`AABu0nw&?SpPeNk%*LN2@tp3k7tW^Z=UKS1&w!QfU8h*ei~ID@;xIy
zcoRUH>PoeBlh%Z%;Un1B);q9byhp@9f~=!J*cCc1g&uMFI7LoC+b3W0EWzZ#r!FwZ
zV`k!rKw=doI6Hb2Mw5Z-sVx1%3ixmz-rOH7HXJNw7uH2y4I*;m+6Jcj7h$}}4!bf*
zZFegWz5h{5#(7E6J9Xv|KgDHZKG$=YDV+qMJ<#&BXK3b)f-W!DVa?#_wHzdWEH}_I
zsg4hweS)J9`TEoH`;7u_;;6j}r9(mhIVRx~R<}|L4_6WynHQer6bQtfZ+3M)o7*{}
zASjkZ#zh3QxGWO8<Jz;DvdsUE_u1DHA7xT#XyHZS>GoFZg?ydElyt@>RHXHC;r-}n
zSGC+%a0RfL4*3F-Zi9rjIcE!7ixAU&bRldunZNWKaJ%rCG<X|B)0Z;*-ZwrLohS=s
zk^&2&UjW*R5)x){CJ&Ebc!{D2{!s!VtKhnrQJ7dJ)pvfJw{qlwHqN}RUq}I|NC9)`
z0b(22HK_zu4_N5mq9Nf5FjFgq{XtljW5puxD2AHE4Yu{NuvtZOB2GL@nS|u;zl<~k
zU2&wjSvkA^AjZXD<V)NJVWAJw@Z#hT-;R7h+?4JR?RJQ~#zLRk_O+uI<RzMYwBEL2
zc8!*WXZh}aU{j_Y-g(2#)$KnR?x9jdco!Ax?0VxTkN&7!k_yFt`SBJSsVIA@pE&<6
z{DXH~By46^j&|TM-wk9W0{|OY*cMQ6us#WbQ~+ZG{}&FmxB>iR6jtMG?A?uL;fRfA
zXbWNXZc6g=l+;s3vsHsWCM_Qi`5yJYvIjQ5Cja4Ye@ah<wU%`X8?QYbtWKB4+!}sa
z*a~5IpCjN}_4H!-faQM@K^-5l)d`s(7NAuBmLywQr^MQ*#9nQrnu6E%`N0}ZeWIDW
z?8)y4>&T=!&pWNqs=*~dxrGENtVv0>Ler&K8z<V(t}1X5R{xknYc5tG(>DJp$2YBj
z0QDY)?eUIJ%eu<Qs$85p^$Itw*18BH<{*GXk}%w~FnG1FbYvu@l6M)CG$Y0!w|Gg*
zly4W8IElo)&Lnhu2gyh5YiziBdb{aKPe*Y5(jtD9@(R;c_;Vuhwrok=Sv44##QhUi
z?FYj`BmUMxY(Sgx(B_kzpfug)WYSY|Q1b6USWPipC&x>3tiSmv&R23v-;<p=ev_4W
zK)8?B<|MZ&qB+RUbOef(Q}xn4Jkshn?$erdS_K|M`d~(&BYHLM2DDlQ#6V4b4&9-)
zCKS7nTIzLdT_@N5L(u&$ViTS^_IPV`z&V&8aV9|!6?#p<7V;gv3@P~1!X6gCJjdVJ
zeWUenvZNK64khp3S;vS%vieiFx$go@&9~sj{^kdK>%gNPb>9fnu{amVnR@q_d$|4a
zfNQp-kf9^=2WD%8=`?PTaGOK$24FIZW9x@l9w1(2l#eV4M}mZz&?+MdewI&$F0Y)v
z1^|^~@T(inOowG31oQknpy!i|q4-~$*Sg|=LV^!MpNr(+BnYa;w$MeJRl1f}#`2OA
z_OGC<Ox2K%z+};@o&~$G5A&zP&e(~R*>-#uNVhY#g_QiG!_AZzD2Geq3yuzUw11J-
zmLuzMVP(X`_daxske9H6kLaxFQf%%F7@^3pL};N56za|qh1GH^sR}*Z8MN$@jSP5F
z%U;vm8i=dUkVXcp?q>))X?y0s28QvhRd3oRSPAOxK#S#<pMD!Co`Fn6(~{5in^p;)
z0y0h<v3H#Rue21qW=e9}K-$sEzeMaQ9^>YI#^G3ia`<94Vu=#`B@VtZiD{fqFEu(L
zM{Olb?*06&s>y09o>e3kcmEW0qcEGuArDs(<bHruIY3F(H{TPrO@+dBSP8ljV233e
zLASA6wMc#Wuzh7#&k1i>bm+YLA(HoM8daxyzx%rY{!kdsscMe#6V??1O_-y=beE`E
zpmG_(CjeQ$zuCBv7e!2$)(goJhDcn7)aR+9T5nf!MdVO-QpnUeH67~cmP&~muOW&x
zqUtmPNQO;BqUsOEQXDcNEt%ZXB3$&_ZeaJj!%q;)le-@&j?VY?@cu09$jf3EiV7O{
zG>_#2hOCfg$?aQCVV;yJ9Ys;`-Bk@gE6)Qn5cM@6wvMY?Fao7ogS+dOZd;lmDBhXW
zPT_@Q8b_ldDrD?4gLzhrc>Y$yt1IJcRnWWYQf=}@Cw5C<%0~on>#?dQ9f?}aJN;L^
zi%DYv{6&02Ur9(qtj?#gS459P&j}MXdnc730bs@u!ev=hgQ4chW4Z=HE1X2cy-sL^
zH31L{`Yf<<jtQsTw@*`Ru~in>G_Y`FxG=}OF-YZp7FoknW<N@gb4A!US6=I(h*f77
zU9pI=yacaZAWv3oy7Vcn)*~`pJ+#8rRNPgGqiv7Ctc}&)p3k^|v85}Kqfw7gNUle2
zZb6s2t1NwW-6Hzb(x?#`N8R43f@3J+tU_+ir{3iq?)$8PNL|gd3<<U4Z_x$gTO+6M
zXfnQY)dDXT6RjzPF=#7_M{N~L1J@0zxH28Oo^rb)+`pk?r<$Sp6`4N)zvkp|XxxZ)
z&u$c}j!8*xOF!mEYvql=WC9`Ws}|$PpazVa$jS)zfKH3IrCx_#CXWy!`a1`0k&eP&
zD!E2)R#s+jKm+*g2+2F-fL=*8vmMnHI$#c(p*W64%an?Lc6a+xM!jY00Vgy2QAqo+
zf_-R+(yi=I)f(r7#lPA~6UXOqB;IoG&2#m68Z0b0f(2-fvdyATHTyKh#DxImH4U=g
zLi=9E+54{YI21A~O~%n@;D%cUtXHhL@3*SCEj_fx?N8ohWN8fZVmmEwjjAHiWLn2A
zM0~j&xtE+0(EMbNF#hi*5V>c&##&?-%}s_mV@N>szDWR+5`uJnv?1nQvbhM^Q%tOj
z4U^VWs?FC=hAFwlP;2Ea3x@1|uc@vh@DNFK1$n!y%&$XP68tO71EBUi#Nn0gG6IZ6
zA}WR7)?Vo_UT$IDD8=5@BHXVXY9X?4BdfkMfdF{0Sj1$FdGSD1e$Ac}4xEtkNO2xT
zm|2C7wJ2#(pYb<>u+d1^IS$k~wAJx2$~j_MAaST*1KZ?h8tlA}!=b_IrqGa@96UlT
z&pLv6XpX|v*Z$T!uxy56qd5|M%fevrkafhtiG5RuXbtGouxl!vi<|s-!%?W)#&&qj
z0+yg@^&ikUW&u_l4{a?Um$#vLcC0n7cJ#J<jdHoi+dr%L()yfvdPX|7x=-MBesQ)|
zzuIBe_Dr&W<`&&H?s6vTCFhmhB;*iuTtCkBtFgMTb=kU2uX@!#%kAE$Z*^b5E89v-
z(AnvpYDE_TeWkqRK|XA#FL^frZ{cT$+uq7<_G$b>^4_buo#1#y^&f@hKO?6ER5~|T
zbk=V~W^baSI_%_JG4BA!;=Enh4aQN$vhqh@<KrX$UYbtm*Pl{gwnQm5UA)_CyxAUA
zr+4DVYW=xy+9h!M{|4$)*zGK~T9G8&#~>*(HQ<a2)G@>Y@DpMexJ-y*nb}z2OK~~l
zW9b(j<4AKE*(PyIF-xf@D(5C~3r1X!Etl?NN?T0|Bu6B-{Mw|dw9*-;mL{eU18?YL
z!?_`1OZHWoI?_(*Z)9<y7ERr}dPE?pd@}qA72d``*cTqS;)8<Ha|_PvOX<A~`*xvd
zS5_~zwlj&Vv-z-OuRt@5l5gnzub2)Na?Og&;McI5YKmF4its?vSqR{u2!J_bR7JR;
zkH;@j2f%3hKZskQ-Td~GgYShW(aH^Sp;Fq%jhIP}j1sbta)PR^(jAY|$oZ*6Mfh2O
z4$zPneuj>NuhqK?5&QLA2%GISY6FSolb4Ni6Ah|~Rq(2dAhIM+De71ZC*?pXCJCeI
zT|Clf%@7Jj1EP5G_%^@kgQvt<qpQX?1J8g#x7UKGLpGnvE_aSs8jR)wNdr9vl~xUv
z*a&a?hNzd_A5#v91;&U4#Li*bLeeTbv&4xNLmT2uI4O>_jPT$tVD4F$MebBZuB&3m
z@8_Sh8ptaep&z(4>m(YmmZGwb3$J8EC8vol2+&poamaJqSTv<j({VQgvZo@?p~}yw
zur@H!>LfJV5qZ(PzGT5qDuvV&QX&8H3pC%CSkj5e0o}w>iix4*zN);(>wKi<Bj+6Z
z{%PV$<%0RcR7lwOR+LcvLso){bax3?<BuWSx|lnb%Sd9#fH+6$ntE|?qmA<#ujwxN
z=BHe(hIsv|&9rfe@49MZ?tNGS3(Gj7fnlgkbhYu>BIYC?f;Mh)v=PO5#pv-P$@4>U
zgYU&;r+){h%zTBKTm+2C4~#sMn~%%;v1==}r|4vl@F-ZqjzR1L|1>goMn4{8+~JR*
z7PMSlL{fXIbNf1ZnGa=?jGwhkv9ltZ@wFLJ78N-_EvuGE_*bA$Nrqo6Vdlz^j2}|q
zsfi-ynK!v3_9mp|>Ma(NBC;IH&~9S~#HTSMpk&~Er>nhHg=aN{XyKE3esQA$^{4f3
ze>k`gG&$L#n&ITyK!Y$+PPS3{rGt<r+c7m+EI|)b0b#i3j{Mb9xunB4j&B5MT{Na}
zjn<+U)unIvMmnEN^;4F39MiY2?SHi9+I@ZaSzc*Z>I3D-po;Fi|8vbPUS4aGfeERs
z6aw*iM5aUAS2E7x6Bnd9)?!vWvpDWW51m-1kGweKB_Ud@Q;!D5%x|Gm(r=u6E+A#c
zoru*y1L^#=-Wt_Uks=e8<wGP#CBk%|MP8ubf=swG4OIV-G-(_s%WU(JL{Q*x&4?s4
zRX(Zn$>&)_Y!q1q9H*bEJ$gEHgul#bjE$I?RKbc<=nEu}|BHwvM4-6o#jPbq(cgkG
zLF$Zj9zfx&PQY-5R84CLn*dKjuXqNXHwgR*_ef2kIO%0`Y)-klgKtc^fv=Va!77n4
z6MjO_kR!ycN_b<<(C_gkBd#erRFWkB<!+LhW+RdKEXufvw*+;yL*@U_J4=fc9VSVA
zlaa{IL19$}#CUn#2-#*M!iBD+5-I>p76k7Gs?osA^;SxzH<Z-3WJK#!avqamopV^W
z43%>OO@DGQwPItC$MZSRe+aAyqM(?CsPdgqSS2O^7$uFq7`&0vB8nNVe@~+WJlX%{
zlmK)N%ibu>C`Rh#?(`I(<t=ti8V6I^2oc>DznLa)s!l^`e5Gz*Ije;xG1f9cU2C!q
zL@ezqujayZaGlTN`Wz$G?MQP3L!y}Mh(}+eY~cm%mQUTEe2_|?P-_JpmO{@rl1!jU
zczWJ4|7|#43$YHp!jO8!<)E`N_-m{oqneB)T>E*CD#q@+D(=RcjC4{NcZXC@6M>>5
zs*Ic#p7WQ8b{1)W&64$^_UGuQVn^=Rvgo?5wbZnA(i>-VV;+%mxCb~9ctq{{^h)Fs
zX#h;4nC4KSNXdiP?2(@4ngY@Hzq(7cSMuvA!x{rIH^>&K#(!al_`rRL?$7bM5S36K
zV%9~#g7!*=ID<WW%8V3fXJlg<bOt{~f*m|SwzL3anO-Swpyq_X<G;%BVAmu}eiTWv
z$Zw1&gQztvWvwl;EI3%sR1lBGu<*bzt?fJLbe>9Nmwv)JeT#o^EWy8=7psY|ZcEDU
zj`39Mzpg%()VCTLVyr_C_Xelqikw#see+7xq(oGJ7mwB8nME^}2n_$v3T>tZ7!lO8
zZ0Y~k-(`_Ug^?V?KuaE+8qmM~R-X!0io`QE60H87@?S^8h0BgYT;K#qzZPk63eoG5
z{`)h#@NkL$@}J?;(K-dn%zx_zfsi?zhgAD)NP`XQD<OI9P?!rKmP^z;1>=jPzNz1b
zWAbzlCL0EX1%)Uf@EpMxj$~~q6cuoo+~8k@2)|5KGK(=+&=&!1MU-LN;m>hy?DnHs
z^6m4K)Ax;KHbD3V#VA2=C)gCJgc1M~D~PXdBr&W8R!)-2ww!5`?~sv<Q$6ofSyvdI
zvK)RUF^>Du@gSy2AWa>`GjCNK_r%_{YcXGh#uGbm&mQZ=vS15nyej+Fi(7toDP$8x
zeo@#;nhyK&an%sc9%;o;vJ?U(b<mtkWXbiOYY+}wewZSU?yz@E%}zRD)Cz?<)6Y4^
zLb|VntCTT6BEy1KuAI=_ly^>#tHEIypKDB>y!s@r9N`-H*TT0&wgS?d5X`c)MR<;q
zc44M;$U~1MLwM|e>@&g)dA}BTO^?#Vx<GiEA$)?e+M!ZhKqb4TMG8<a-+Y*pn|!^e
zQb}4dP3@Xb@`YGJQM_GrNPkLJ)6Az_2)uojdgB+#J4~am4v{XT8J%w_)l+6#p~_$@
zP)e3+wJV~^byaDbnWB*@IZZOcAv~63#B%g{wtU;-Av;uwFKmm(hq+U!2K8I}E|<fc
zm)Fe?7NCcan_vT-E$G?3pv^Wa{kG<4`bQ_ZEV!p}xfG;oU7KUXaw=FTy$JXPQfnpI
zTL^6ilLEjaDGw#1?h*!Eqnp2DK-B)?fLfiT{VQ6z@~R{(T;yMF!;R}3pI?8gv-|`N
zCbInvF;LrDm5(zXKZh^$YiC=OkN4I2ODwLz%W~W{r+aezcV;LHjo=@tPdW%gHaX0x
zttXDxb<eV!Tvdn~b7N`Eh%oX>W;q^8)eCHuNQj$~`$p<v21bH#sFdh#&w~GB;3aZA
z|Js>VkAuzB$bFNO?kJlX$8pK}H(uW3iicmQzW8UUXIsqd3*2tD$;2eiO6NG$iJyaV
z*bIZs<I@#W32KygXto0KP~^eW;8`j)s|aiwGWqUxY^)1<6@Xg*Bu(W|_Iw0FGuH8w
zr+V#LJ`9u>EIdU6ME`$H{Q27=qmir;G@@^|95ZP4J~+DLxHO5dQUcim2nl0m?s^{2
z$nevVq46<siH%3UAY$_aw1|+}aM1FxYyo+`y3rhAoT+F25sZ~WysZ!W-cX$QgoNHH
zMBYwbx5)HJsjC}Wd|}>BEn6wo@Z4o0MAYvK^3zA;99m-D=)_)Kv?3W`L_9bd`sLFX
zRPOp)chRHhrwhd}zcXDWEa}kF8G0F(uTV7Xs)E~fAt7QbD0H^~k`W@7_c{UUFR3NB
z#p5RRNI2k_@KaJGs*9vc2y1yT7IEaWT}lhZsr8U4jgmbRfAO}_iVEf4*UJ(2AI{)!
z6bdGbHrr%E_S4FjRV?mTL-@Ol@UcTatP_g3(qzcj{}7j26DBUcf?#~(QG=RRl*9^L
zk2U}UF_gF;M;GbzO$R~t5P{b&QgU3YG<!LzeR1z`7#l7wfN;3*a1JbZCz_f+vDF3b
z;YTH@O_#nl_e&n`ub}UYEr$>JBeooVt{3`?J(lzVAqyCWuF2ojVR1-M?SZ-=h+t0&
zd+C9?B#7WZ`lB)SPkahJann~Iw=c9;X~$$v9>z~gv_Ivxw<jZ*#xcGpmP0z}X%Wvo
zcJaJx8ja|iH93~pi%RGqrBD%4ht52FvW9^8E9kfh^y<TccbkBSkh^LS`-{7z<(fBk
zwd^uS*0YNwLYBIL<;Gt6YxKoukDk`X3(7iq(}Z*v&mm-YTJ#8p!v))55I=QW{!Jn`
zK>(9v?V0C5xzu<gMgYHfl_K&lH|G}rY}Rj3HUaF2&4dfk;zu{OgP&1s$qGr+!zzBY
zcN69HS<HOgDm#SH*UDW!j{eCiJ?hX_yB9;cikz@Q{-J_7p)Ypq!)aj*ffRL58OtW2
z&GAC4gRjIH$CgtvkCN|<Wp<xczu%Rw7W#RS`#tJKykjdFQCi&<m18sR7d?tV(jXSh
zd`?L?zpN#WjgK{j(TaFJ0NFzH#5C6w$KO`a=M1XvB7L*vt|^U7Ps;>ab<t(7jb)4b
zG5%;WH_BX<mV{c*RF=v4hqeyi`}~aK&c?Rw8D{IfAnv=AZ<6Vha(Idoxgnl*_Uj_x
zOKL(+$MfrSN7p*5DVLeQW+p)05k!SfK8AG{>)#45%2g3d@YKu657SaE88upf#fxT2
zLd*=qFD@kGG(55QfQTh2Fq0%Fjvxv3IUTd7gdgvGUgE;SauGo0Z&YU8BHHC5M=SSQ
z^bKBz4AO;UM5t1<*Wn<VSi6B-N4xh2XSxe{w|viIn*zGcZyQ1>vbW#3Z>|=c+G_t4
zULvR#oZilAB{x3vxihFy4TTEV1H~$E^vrFAC`5b(truI8IaqtRWl;aH)*27ggRvwE
zpSHGM4yRO+3@wtMio89hM*L3|wV&s{Xd_<2tWse^$J(Cfg@!d8y}tbjbeL~g#fjkK
zCcH3bVOiU`-1GIg@~K|qM>QBh%KVl&lHwdKiGw{?>hu@YlA1Z*TE1HyyCB-B5w{|~
zIzv(dTPf)SrqK%160%>MH68Yys8pKoL*?(Mo^|6t4+{D3l(=P57)z%%n5Q-%$zf?6
zCOpfgn$Mn*sP*jiS-V8hl>sNr6daOO+=!BTmp<0a8XZ1$zW!v`_fEl{`Z7DGj!8`h
zL(8wf<x`jZB+#lIOy((hGnPBQcny#X6%R~a08A`qWwr^7YXx9W9J0rMy^s1U#a#Z2
zkN}(clqm|J0xp+?2j2doP-5+D57clg$|7YT5n&pW#n$vZl+2IKj!SQCE#O$&pAfC=
z{CkGs9`^ObpH(ABv?2Z7)4cIW$^Rwnt63$hl&wHnYKC*w9^NnQ`08Jhfl*Bmdwgkt
z5*D;p*7QHS$fb67<GxKVi^=`9uVKD0M015myQ)&RVdLK|XGjtx2I%<(g!l#E!t@9K
zq=e%oa>~$$RrNfs7X)E=-(1_0qIp00<TBK~hwwsuX@6wX&;)06$#8ENYE43kq*-Up
z+6oJ?lfg_sli<>BKDaFrE!rZJZOQPQK#z$i3+$IaHJrsH3&n2tw@MmKZX+tNY@&+`
zmiF4pZwaulyJ;GqEd;fgc@+r-(lr%V<CJl&atNs>Sb7x*d1|$qc@~%|wNXKCCB8!&
zGmUtyWwT>Qhxq8AT-W06eHI$|;hB!O9pb}on2vbLj?ss5ZQKrdfF&$M_SMljoF4!E
zw)edvGZYbyz*Vy8-Ux0tiL=9cU=$k0wGKzZ(NlGR5TBb(DJEzPOJEw>f&L7*tu@BI
z47o6s*-<bfP2f5;hj?(BV?F3mCWic(Xc!YI;g>r3`C#7{7>v7H3~=yVh^G4fhYa{y
zv-lGb$>}CaKg9lUFDg^(Vg_a%8kq!rMN9A}ww|p$!HKrWrWpPfXa2<~zDy_0e6{lM
z4_z{%-cMA6toEm#@2eoOnriyXSlXya?(-BXVM}RVf7f8E)}0UIH^uw{MCbzDT(2&W
z8{3c@p`g#hWB3_Mh9sFf5Wj9r9Md_uu50VoHc#m8m~|=UP%T59Pqs<5{QEj@I;Swf
z%gMXS5S7t3td@GL&aV;jl*rIkhZbJ^Qd+>YDd5mbCvZmvjgt^e6-Cm56}0M>CqCR8
zU_c-1VOb#_Tk7!I@tfp!`3Pax!LfRcl8=epwE@7jW67nmOY8vcTKD<Wx50EjDr(yG
z4-tcW;-*(I@&DhKp!xE25^Yj3E3cPKLL`};5ej~Q)zf)+rU>4SLKSI3UH|ug#gm#q
z5Z<vx$-ia?O61_IQabu$fBnkNo6&ZH%M!{qDb=`;r6*cYy+l$l*ycd*Ug*GsaCqR;
zGD|dd>LY;Eo1|fG<gFsJvw4tm#&3s~WZ;_ZFGm!Fkd9qN4*A?du5VZjB4_w!k%dtB
z$thx&GoZrQ%5b~4u3O#vJ5$B{d?>Rf$q4-~u3*%D7^&<*v%-g;Hcldz|KEv?EtqYs
zD4JdfU`4bUo(XY_buILT44GB?E<!$%xOO448nz2fCz5#G+-r<L8Fx?Qi*FkZ@ArSj
zL{teMRN&NRZ={gGtx#ADpVz6N72q8)DS5;t!8K4WBM(Y4Cld+;<OR;bZI1AL+c4Xu
z;7rvuE?V|VWCc?HzCY+e{UKlr@eLPBXAq`0zJ~~kw?dVyn5F(WXQh?Ed|mXh&L@bR
z+?B<f(p{<8SIY`XWB;9J<zdM&C5{CB5mBojP4qcBI&b8;o*y~JK+*y`^%FK2U;~<`
z++S>F32)$^D>KVA&(Sg!!&1}T3buu0he(h2rEKp%Kr;%YlHTxBe;;fV+5xuHpkubE
zA_%I=#Y4fomE#1kWqxUOu!}4`lIPj5fSOMZ_kkf*R#v7@d`;KIRxYUgz%y0&_x#6K
z-sfU5-nJbkr(G5TAF{HR-!Jed9g2E1*y!tX{X+TZ@8Rf(a^CN8Fh80USo|aKYOpH<
z<RG>)p7QX(=f6REC!8J^@&_t<_TLGc)h0aA&~P57LDyIFt76C^W&828GLBmOIryKC
z@Y54>4gj$sLfn63`K5AzpI_$PJ18~*y|`E_zdrypL2d3X6r0!)n$#=aLE>ziQ&IV<
z-HO-_U%X{=sgTZ-4ivg)KCH4QRL4r9VQ2Y;tfW>y)7Zvf`{v1O#8>aH)2n6&Q&AHo
zUEHjzmL;$qkv$qk(3q?ao2LbrQ7^?if7jhe4tAr~^(!zJ>Sg~)9}6%_O}W4wUc|Zz
z0Co#rb(zedBcawih<<y7K}nXkQJ+nlTrxV)`IM_l=t~@W#~|T!PuTdZWAfU`D!EmW
z#-7>fn@q3FH^Yi5rzc}HcaWFr)U>$_9dRQ2HT3ffAD6Ju4zCRm@BMYT`gj(HF0;`?
z$W)@q@NS}E^MhL5ON|--R%4CgHe1R$oJ?l$!;ZKOp1KAI;IS6LK3rJC`t-h&&U;l=
z!Ql`W+LC-z>B+wpue<r>&t{D{HU2xjJIrarV&3KACaIprP(nix!ZHievvu`qnh2lN
zUtmM<?K`cwOogi8dcK_lvAtRziGP?3;Jfd&qcd*_=HT=NX#}2*M!#&b2W?b?<59>4
zTnc7ai^|X5MxA&(qj38=T9*1)4%Nm9KR)I%w=4wn8T;F=hy$2CxD3o}L;6uu7B0HI
z;0HRC0v#+mc|hU#p7ylW=B_pA8$q?Db%NDLG^wlTNQF_vd|6WZysJX^97J**oLo{G
z9v2c^)4TN{i|#I<R^Huik4OnoK%SR6pM~oETZO3;dXHsYg_SDf+KZP<B==%XlPLOb
zcd?0nMICg1$^dL8$vhiO{7)*thAG6R(M3lS$OPdK{rVq|17eMG3G_~Y(kSa*v1Ni1
zV1;7E2_(UX(t;0cABC<=SmWu_)ADJP=@I$69KX~DUw21H21cNJ;cU@{=ZB`Kms&4L
z;A1%(;>i{HvMIsmp_IvV>YqXCQs7WawJtkN7snr4oEJ+7PO!4(QtYm=f_aYM<bfzu
zy;fTdT*XH3^ry`72PJAKWO-}ABf1Fw!D5U63c_*`;3ov<qM*BCniabV1998a#RXX8
z8O7pS1Mnh(LJ$t}@soamllGw-w2^-*C#<qqnU%CHh!eI_gqTjPv|siP1NfN`EP@QT
z@u$wWCtmQ0rxiWz;;jna)6Bf|(k$}B!WGA_@R^f-)A^v&Ks%ug7xd<6ShD@VVgCOW
zxpsxjWf6NTmG*2X_Eq)o`{fNs)KzObN~oxEj58&1IP@bX400Lb&oV27_^`T218d8R
z3Be^9^{Rl)6U9}6{4vKqM@N<U%G&0@RlbsWPp*G8&ftXYEU-WjMK+f{3g*lvxC`_2
zv0@OG&meCbfH|7qRSYuH+J#zs@emZJFd42w6l_v(ct<$hk!yY?rs!;ZfXwR8U04f&
zDJ2QgOLfW4?Wz!K``hJ1td1ju8ziq`ZNB1~qSrQ50ka=iMnV8Y|0w;RCMiCXlXgEI
zxJoM}Y#-^Q4lXs)bV#ZYSk`o$N&cZ#R$upN^2ZrWFOqI3JzyH!(U4wN$#|M<Nbj3O
zm#k!@!cYe7FC4|Pu>y8`8VZA&k<pC3Q2ku#U`DI3|0N|-8VMr&k%f1UrOm}A1!9fU
zLvk#%W@V7j2e)}SxaL_|fuQ?v&v51Myf#9LiiOudEIl6fn<@fPm!M6Q^zoy&m?W>*
zUrsSbQ#nBV`H6Wn3NNXgJh08Bk`jT(<QOYXNhPc68W2r<9TgRd)8je`(uXf{5SS~<
z_md6%*(K&O7QVAwL_19%mX?585y|BdfsFpH><`x-J7W@;6sqad$PdkPl{g7YFQig%
z!VkZ|Pj_A;6UqF<swao<>+bgVQ?WLz9rrPgS~`N}%iKNa1+MI?A26=ziT4DNxo}iy
z-8sJZ5K@2RVkaix#oY(|rFfLhHkodj;Xc;4)zv)8aZZ<(MqN~e#HQmkm!VPO>3waY
z5gTuxR-pPiT(oohr$}~B&hLp~36#d>B4C&EmF-;{VS8GBhS`KKqK`V0cCtNKhPsu_
zq%|cn4I&OdV;8<fV9$P85YP2Q!k2S5>i!uZU-#xDH|O-{yf9>umoS@m$v45dDW==)
zV%gQ`stK3nT1NmmKr@1NSL=6?kZjOuW**rNdD7Wged3wJ;h#k@n#G9vimU7dRPUSY
zGDoQ9JHp(8<x$#n8Jrc0$%J4!>eA%SrZR$^XX;G4$ykVc@KMUBk8H!m%fNYhjHnUK
z_Co0vXg%4beICn~WYi>4f)mqB*Ew+hjgV9==^|M&T(RJ)b@;9o#W3!THw8mjk^6za
z%J1ZRTue3%Q@+zPX%1cTcP9@*llHQNTYb8BLo6da54P|kJc{PWahItR_)81bw!oWW
zkja!a=@DXG%x~(toMP0w)eN#l>&qr_YQFQ}HDN-YCCw1o*nX=zu8hU3+^Bjza`m0g
zNrAj5?nV2ATTbEAkA*)k0E)bNJ3sB6p0i`r^9N%&UNbicyyA2nVKv`68R4s+?r%Mi
z)m9;_6Ew^OTT&HC@EtT{G_^XLAeJV>vTk$)lpuJ2T7}jUn0R=u_ZZ>dU_>l@KCD&m
z9t;ArFb@ZjwAm^|W=%BDGfYl|a_hZ(EAggIc(%k~bq@OqiMM8tamJxI_*H@4=iSKm
z#$SST(!pN{f$u0)1JGhpC*dTwcyi%&`~U^L{QKz}o2}<fF3&OCZ-?25=Xn$92!5Sb
zj1qr<On4{?d=-`B1^P1^SvzLb82-g<D!dc}Gr=)NW*&RAbFh^zW({dCg2lkhc{n9K
z9Z$^<^5+Vb)2YP90J$iH4NnULJZD*t{rMup(7}c-WgnC48d_LU^-2gS!DwcvECuO2
zD%neX%SI7F_+F~v33g>_Si;n37-eOt3@dG?VK=A<N!fgBW*R`129oeegpS*37_rli
zyTfr&np@oplwOICa4-n(IScg6p}b5`lH4+<cxl%LXzG0uBA8nGtnnIa$7%feHsQ^*
z`WtCN0EX>-mNabT36NW3J4@5-tMsfOATF|EG)$|U>dLYM&&IL=&w<N!wu_zXsLFfM
zeCDHDZz5-w_pbDtr`ZNQP|+da_apt~AbBw!_v2LrrMsl(j*;ACS8hAsyNc#Bx$X1h
zd!7FE3mf%ug136oYO<M&TdX<wT3|F42wIp8FIMlMLNa@}<x=Lng=**cjg`PZ9d6ZE
zeS|YAPtRr4jI|WOsxH)ljWOIcyHzRsPcb>uc|RBXb~kt<6vw(TUp3f8j-~FV^jMx$
z`Sp%Oc8#qLec4SFZ+m`IzrNRnNvt%hiwm>jN13l>S#P-djYJPi;;h8U1sjL9z2}=K
z4?^()K=BU#9&Y)do^Yca`xcfp5)AzrBuKke;{vDH$vmT*d;_ZqFNz)c4{nNPOBjl4
z8`P-MG>r(j;<?P#Z{|8YQPAy_QBh!O;Y(s2$={qUr3}Nd3Vq4FJcYSQwgz);9fza-
z<KLxkc$REvPU1uWrQOBJt&*3euR1c0m`q{^pzn%_K~?B%Hw2V!lIWIGHocjI#TQ|C
z<*k1f`|GXs)8+8rxs)Xg8KgTNVBv&(J<KhqWXTV&RurBFJ{an*;Bp<d*_19Y_G_Ta
zwc#)i+xy2aZ%XwlA<c&MrgcA6_r^|^K1c71k|sdg7x6(i5wjtroqHuSJUJUxu09Z~
z31F3Q{2!jnX`%dDc*y2@&h_uWq$53xD)J6toAj)YMq<8%NC%goOCAeCMY_yF9Hr?&
zcy14lpGpFXMVW=uX@8%~G4Es8YG``1HA*mQcqWd=pq*%W42PbMOy1*F3t|t9YL4o<
zG_<mk_Ex>DUEwS9n(|?JC+26M`VTAi!UuEj44pP`ea}TYZ<{M7A)Zf%hV2PN%GP{k
zS13_^VUHxLfkQ0V4uqQ2y=87l)Ugq1wVii52i&$)3~$ZKx2<wpibTMjYs(4@x{oKm
zC<2Gv7Jg}!3M2VW<N03E%2#ri<(D414136Z!^>@n1Wo7Y&t}wcB65sBhy{TJ4fEMe
zA?UyGGFG1sIXZ82DHA<5rS7!XLq-jZKhvx`uUybKI3X1!(<AcZds_&qT_@vLOLrIu
zA!-L0Kmd6RENDasG^PDvN2;_Vbq^Mas{w-Tvr3IXv5I+48q19zCD%Fr!ljQxNiKtt
zQoU?0ZdT9`7Gh+@$4!ff?3d~Vs^&m6uuf8^hM&wE)E#PH6Op7-ZFm-aj(?pz>e7np
z;Aa0r1OE(^8oSS6C;a;np!4Z7+bcr3uL7h3Xjsri5J!kqa+FoYi2L)x%S2b18#Z}w
z$<wO=YsWVzC*I~OQ;Zglv`?)GOZeaU6aZkC4q58XLh%5v+msL+knUuO>`V!Jn?JTM
zH4I6`EQ;ijU4!;L`Z&$dG-xSAhe4+R05xxSJE%x|#$YIRRH+G!KzWGhuP-ldbvhI;
zGpyA3@_qqX5{S=2N%3|T4j=6A9)~ifIxjDjMiUm6U0AO6$)tvFv;|flDjM|+d1HVj
zS5O!bny<Hh0mi26FBL;D<?UoW$;JWVZM$p*1O#|5#HfUJgu4Rp$QZ$7a)}~(DoGwK
z-ym^=H^W%@`zchYhIG7okdyo2hk!x3#oqcF`m~H$q_}BOk;9U`+qqk%#VQ}#hnrGQ
z(l3KP$?TkSd>-Jeph4j;_Z!CGav3ab9>H>nMH1J9H!*~#6dQ-59OjNGU*$F(gWH~p
zA>Gw^_eatznS)ZjezUgVg^hlZRaW`d+$aSAi$I$0ZSTj^rx;~?bf$n+38eAlV)E+y
zoQs?t`OkPEUAO=cAv!4~p{JSOUC7+9-PNnX^9>AS!xdi+5@VSSG*?-VDX(b3)3hPz
zGsp|x((b~Ol;*gobSDsru&HffxoUU+H=Z8Dv+zsmWLOE9;cUYUWt+_4hqhsMOF!A1
zgZ}q^!mMztI56YrLBs#4@&@H0=FlE&bqa0+o}7l3pw@AiERkFsov)S7-LN*QxE&O1
zRGXO)4qOI?o&P%&P*Wl)Iar+<M!$5j7H~-l<YTMstgU8M&tUXIxcD?4<7=&Q8;|%h
zLq$}jMf+6jfKUChM1@tx-;ZUgfQ?>U87HqLmd)k$vFw~*T;WSMqfWam?tX4Fj_G1b
zhmD3#h%8wMMhNOxA<<`XSUSsgohM9|4Z?~fDD~MVieQbOqKC-*m68JB!B2+yozgzg
z#0L&}fiXeziM+a1RU^>fve#UZn{fxCW|sa>8zk=a%Q2~t;nQouN9Jz1sJZ|(=;6rl
zVbYL-tir&%;v1Zl7p!yQwRO>HI)wt})Bm!wx<EVfmKCsom7m!n)}y?RdDGOEC-J)a
zU4Mqag0zc-yO1ngI2-)4P6EM8wWxFKzzjiy6j(=u?`SjLum$<SOAy0psv@TW%~0zJ
z6qiiEpFv}idgOaaMN^hN4ytntMa?8lRH2AM(R5*r)O(Zd0Sj3Edv(^(f3MChDm14(
zL3jU?ZfeLDjCM=8LkX@Z3;H8dxTeyBx*@s?FN_MAHFW#~13pyWeul_AUb7+RJAa!J
zxGN~B^>dUptJphRhMGhGXB@H3LkZg$^ni^;!~^T>U^I*=bK~ZWk6uE_O=Uf>E1CeW
z<;cMTTS1g&AK<Ea+dX8fp1Aynr;fDK(lHpa0}w_u!6PWa+DFB#QTr_5b#2(v;(27a
zd9JtFbD+g@;QuK=%KxPY*Gx@e8j+Tw%;EJk-D7eU05}v;<z+@6CW2-QI26iXxn%iG
zuA2wjL)Hu*m@%9;+5o{zd64XE{^nN<*@NcBB-Hd{bbehdh<#+>s+gW%RCQ_7YWP})
zeXnU9Hb7meuG(y1C0Qm53)uzCI9vL-&eWHfLyF>6T~|}ZiK=+*ha_wkFsM_+u4k>w
z-wyu0k@RKR^P*xttq{}icza&;bJ65foAtyrqk^Fz;2=iQjvMAgtlUbnj{Z0tmu@^d
zDd1ol`Qx=gZrLBH!0q<oJ6}3R_XgdAKrC^Y6=;PL_FGs(pTJ5@Q~2h0NH{W0hq{0z
zBK$Loo%;xQ?JC<%bmMIv&h4K%T3#wz_mv5_V4iv!Bw59GbX#tT@@U}Tofmvb;_xtt
zF}8F82&{Qk#citqLN;SBHRW>BS=~XWK+}4?3@v-RyZ^mEW0!;2Sz=3%Q^Z$;C|kin
z&hbmdg`~&aH(S!VKn*SL$3?Ja?2o-64$8ATXfI5MNnJU#+{+3Ee8f%N3|qdHFznv=
z@)i*w=*Qi`-(6;W(*nQ(f8^?b^@q2?Qs2C&VA3W=d{f0eqoT$JM|__l+`-JURyC@C
z%C^Ev;nMC(VQh#qYoF+=nmun_?mXL@<B${GN5&E#==CxUJ5#Xy?1YiSLbA7v-HT-#
z{g7Y*jmUhro-=3a=NYB1YhQMIz1?+fGw|$570Wj*4P|aJbU=UY8F;7xVx4A}fe(-^
zWIO5X@F`A8g1a}x^grb`VK+^`@4O`Wp>(9O5KiND1y?V60(tihem+1sX-?I%Md`jn
z-6A6KiD7oCx?7ysI%}6=4z99=7`pNq@gQ>Wp_laFGLMz~D#_C%1pnal=tcC_C^TZF
z@~F_?g}495{w;!p2~J}5QABz^D=5B~^VXKm5R3M&tc{!L5zRLZqd{5tJ#)v$Zd)hs
zQ0Lm*wHWysuR2CM5Of9hAp<Q@0yb`NA)i}^YZG}jM+HtoZu5<dBc6PK?a;x8wBS1G
z@ALf-mS27!gbi<BE2L>w%{M!Q9NLYXz#N=KUcZ1ZBu4P$1SG>1C{U*kWQi-IMOe6N
zUek*INekHc4sl_?|L4L`2Jsss_f9<Xl-GVV-*7Ba;1Mmjf_Y1Y{Jxxpyuhs9pNxOu
z0CCpF8;H^vMH7^x-Q<Fh+wGfk_N7WeS1{i~uV5MxA!}gS+Ga*Jk0HznM40s5Xy}o3
zfP~*+-+PW?oBv%3L~({DCMy~hLUO`JsRn6}D%81wEYs>Tehu>orP+82v@N#i|NpoJ
zo2doxTC?_qh^CI%c1bpFjy;G3UtYh6krk!9#-&~{*)gP5EY$;}9^W}eUxo@n)w+@?
z(dzxSe!6cr_1I`%niX>;9=D$B;!^Dy8e`ilsGN=mmIVQ61HWotU}8Q5{*BxAJ&N1M
zp5VUaCe2Q8ezb`R>&X_4+4yF0n*vX8>qS0Wd{?j+N?OZL-S<Z^DtXfjDb<3jDj>2l
z``DZoZY5xUf$Ps6mgg^rw1e<Wo!?ZhmOeQco=d&Er(0K^E(r~tv?!}NH6#}s5Lfp2
z2R$C{6$5{ZP07M3ZUC&NNWpHXYLy6%>aq0|K^bqcx=-yFvgzN#)Y;skkm!_}I=<&z
zSZN3*f>-~mJiX5<k^xhYVeseBy^r7&Vj_%)^R<a_HT$6%-WZGJ(8q5Oeq9-f^Coyd
zuk<_I*D33BB;09HodrxO!+|?3sZpXlB^F?xB9h*h26sc3HO<T>+<k{$A3c{rd7+-0
zl9{%^24(96i7gP_&67=X30{g2>_WwUqll}?8?5hZI(l`=9>4fXTEn`c#}EFMXzk=`
zfosn(;rU+|BVxNF6jrNTGzhDzgfU9G2BvDmDtg@u{!i`^p=S7LO;N+ky&=3|NIDw`
zKx$X=sbCoI^6`NF(9~q_ARilGiz`J=d01_*wJwyS7MV|=Gbg2?Vum4JUH8P-pC?%+
zAKw$vDbe$nx_n@WrM<$ere3*hKE!5$-xAm?`F<AoM`<*%SFyDMPBVRk==7{aIQ#R5
z4q?8Pv6h~P3oI`|`Y+Nas)zTR^4KpbWwl#y+h)<<`^}d2Ue(0`B5YkDtF^H~ejfW>
zx6=!SVe<X#=<pmx)0t77{CH)udHL@$j2wE|69nPP%A~2fj?4e+UrJcnAIybGD+k=%
znd7jUL5*!nQ6rQ0`Ac-CZNyJ=C`qKQxJe1a^&Yx;-Kv-F=G7<vYKN0%$Yexoj|(+K
zNf;K<85{jqdrl%HYIf23FeUVVV-(Wk*in%zUy`Cs;r+4Es^z;riElm0+|GJ+C^V=!
zf;~m}m`S4z{fGU(_%wN?IYPlIl?Yh~fLjo6n5^>Aney)Uejrj~7qVpZIh?w_7jSX`
zWyv)*n8A{&S)Nu?h<%IY$dA*KvkFAD85r7&6t+H4_f+Ent;ftG`IPnz*Ppp9|1Zkk
zJFJQB+aCoHkgg(4nyB>NJ9!ZW0Ra(d(xpq6-V!=0P3gT?>Agch1?ino0*Ulq6G{T)
zj_>)N-?`84o`3H1WU{hW*4}$2v-T>V*^{|S%u-bfyOWfIdn;}Wcb--Y-TEm&k&lfC
z7VM}KN{Fbbo*X2eaJ3#ME$rvz=Y909PCeA_*C?=Fw&>mk3g}p={dtq*!%dslOG*pE
z50LtAbv*9PN$g9=xHi}Ev|je&hL*7^l75-zoq{i4hRi13UTlal@OZV@Fw$s8$g53j
zDJtP8O1U>K{QK7++(hk}Kpu_WGpAA;zP@07sSu|H<@+4ZAHtLO>(1-={Rcrl&c4nQ
z5zgZeI@eoYP;*#N7g`uKSujf2+~-haEVlUW|NC0u&^$Yh7}{R05irU>I)6Qk?LegY
z+H9oxLV^Wr-o`sA%b(_0bk6W`E-LFBC*Bb1{uHDK{{F7`u@C4arwOKnZtSVb%+#Xx
zYVbBWdt8Gg(ZuX0zqjfGrGMX~i}I~*4mMWob{%*G*_#ixkA#`TZJ*2U6<Iy&e8thj
z)K6t^!CS;4QOp;s*%C{eRP&q3>3TKNrbH|DopHK{$(uMI&L_#~9P-m16M9oGnu{me
zlg8gn{nFnbn3<R7Xu0o&P!)A+3kaKkwCw+(3*2<~sHX#_n!T?kK=k|h;n=n`<E;ht
zSrMP^g$$5M#6Xw*NasLtSXW8~G5DRrQfE{!frO`NWENyE<H8cLw&;@iA$E?A0JSpk
zuxsc*X8uX?wOL0k{Ud*P9Zp@6mcVLk$=WR^nx@>rs*<egTc^cFEI-k2zsGAF{$opC
z{R5h{<<g_J?mC5qb6*OZKUWwUl^HfYno~{?q|y*iD6^_et0-?uACUSO$Iol{WVX|4
zsqUb0<kfe6*SNM{ZgDqB-<oXm?`67;l)=KZKdN<Ze~wq(M|(AR=7uFY+C5vqP@|QF
z)y|qA=hUsKt|pneYaM<F2KEexY*&W^r|Wo;?~nJBB~=GZA)M+yB{}qJSqGD}Q}(kz
z>wlrr>VG9lqWNCuNJo)~Ovv_ey>~uf=gmSOs?V}DjOzpq-4i?;)u~QxM|+w2lpOTx
zB*MN792`oV=Lm#bQ5l})RB>6wc^DZ-)imd9SAFwbNcK!8Y;~H?4V-uOU;J$<QXa=o
zq_*eeFDE$<3r|i6gl*giWW@LlQO!A=G*m=7&Mv$gwSA+*)N}<@qWJ{gieI!v%DQM%
ztsr`lFp#;!tLq*n_SFTmn_u$??M6&K8xQ0c+BPKKawo$+vBDmbqA&Vg)oap2cjhVk
zl(TMGL(z7E^Hl%R_cyD_#ai#uvrjgrUZ@pM!#H(@OELsa4G;47OO575wWIXu_)X<k
zN6MwxOJ-8&O8Dhzx-BpsBO5yKm4yA>uUwU!;~O@XC5WXUV*Gap2_-}FPH$4PMv835
zHtwg{DUb7YwWd@&5UbYqrz4PyzctrN|8yv`aa{VWB=)?#)3*Hn{AOkAz`N!H_TB8)
z67z9<Sgklht8;|I0m$Uu081BalFh2{g_3tn#cESUKwVkaQ+14~f7EXU7rlo@<X=4%
ze`}ms=XF|D&u4Dz>gX6W26TP)zej=I_f^}NF?*y_=W2F3sBUDr6BorTU3EPo?qq%7
z()=9JU#^*+^mJrpp`)1heaD!b@_-Y}BP-r>-(;&{W;L7Hw8Y9qzy51eMAFyz0u$42
zLp2sq<uc;cfHnG!m)ebdQT|%;8>iZ0FIlr{@8iB@<MmyWhR*5}ox0XmYG?N!&hFLW
z{3BU*^TvKf?wS<j><(4i^Xc<J@_G3F&IAv6K&>*<o@Bc+-pAn0h4;vE%|2;)(Y7Y~
z-?bJ!H`Nnh1?BUc?4|CYYw9R`1#>wZ?QY!i)PxavK<BdOxyHym$6>xC&kXFm?ZC^k
z1GXG%0g_*mU0;%vJ?10W|HIZJ54V-SA@aQCtK;ro-_!d^PjX>Q<+C^HE?En7`=(xA
z?!afD$s((WHP-XT)9q1gmBbKf=dG^7{N#9Rn3&Qp=8Ja$i2Rh!Qf%gwJWl_Yt#4<a
zLua*jU1}KoQJnUhYs~XHbhQ=}7aKccdQFdBMJyuig0gw-vp2oz$XrKyjgR<`&bC&{
z3hxQ8>K(8ekG`O<yGMLHI}G(|U}dXty<aw4x<TgMwutO&Ig{f4@5wpT+9OwD?AW(H
zXAJzfh7?hw@7}-jMCa3{>hst(MmtM3I7dyTMj`8AUMBCzkG>VT7iRbmyb~2YL1f=C
zPr;x+NBGmai4xVc_bkl4<w(0ykSS_w-BmG_k?$_dsSrB-Ru;J_+rB#h4lLqkP4n~Z
znmRRM$vKxvF$RtNIa#-tenZV2omrr8yvT5tsVZtqJe4{sZl*1`m$#OSo%4x^|KmQg
zOXL)&CU16=c$^=?pvKYI(U7F~Ol|bTvxRpc*uWHb&R7|e*wNvDYQB$);UX2|%o`ub
z>QEKkRHycGz*pm?5g~h_)wX5!=z~Co64G-@lQ>SQwEm@0G8)!%hM~B)CKXU|wg(%7
z)2J3BcaeH6QO-7S#~w@lL_){JQ>R8TZTC=Cow3*4%$U@7M_-2}2Tq1XbEsD}vj(|L
zt_-3Mi^yvP>RvSna7JV?7*4N{;#Knwm+P0jIWg!Q_!_^o!=IQ){++JkjYwgqc~Vm^
z5LzO2P1RyQ_}cF(0ZbIIr8IOjcq*+Ittl4%DEV!wFrA>YLz9<CUMg8b#1|;`=j_|g
z*TPCA4mhQDr5145f11F0*H^dL^&8EUb1M@u*0<IA5R-g`m4@j1o@&nBjfO9c{0~wL
z5)zGPZor?LY>3}}eo1KusZllxJ@C$nPaLKcC$o3(|4s9z?!pe3a<eR+;fZ^=*T6?*
zg*8%c!|AYw#^SI<_$M(yZ;GP#DLd8UEYk@;lHa~)8)G%v<>yiTWbT9#OYK=Ho9)9S
zpn0dya8=2V*u<~#*KE3~AfwxDS;GNzW<;YOHrycYjoF7HDIo(?hL0hWB8QxSU+BD>
z+O*MCUgo#J<?v<!<5iz1q1VU?%dHIV;^20QwgXiw8kN~_JBf{zsak4gsoEDvJ33z<
zvxN_RXB42*9~tK|c($6)FDB5Im#4g!@AOmP-G7mXPd3~I7W#JcWld?=D^isVYAFA_
z@V*0ELL|1dILChIk@-&NRPe4QcIU-nDQ!i;&h?_iJ<G(EChadq%G}P3MJ?9<Z$`L0
zKoc(U$jwsoGP9-fa8((B1?c8#vgKR&?BVfZw#Ijy;5-HwU-Z8b>ty4);rM*dWaE#-
z)<3e?Q@C0$&2^j??zC8b{2Z@QUuKu3k;3=HZ$Kjdzlk$^w!SIj+%ATCt#E!*b!RDd
z4EolCb3_kUolti;oFI~OkEXJ^aQL6JynnP;K}xHLm1jlRJzDj}piFUsk7j8yWb*2J
z1|78*Q-=D(=_Yx`nZhRjdDSlcGFK|WaR-gTQ0KWGdL6k{8(ghK;FQyl)3$7VQ{VL@
zNi!eI!;zm#p$eNZ)!mBmbvt-!&LN7Mgqyu&nz@iiS4ShS8f?h|Dif&auIV&!Pe}F`
z+{X}ta4B>7#dWzAmRs>V#P{PXn%gr2T81gf_}~4EqcIsRkmNGa>28Hmk(P+a;Jsyi
zu=t|gi{<V9f)eIPaYjJxycEG#Xyuag{o5_81}*C%L|w)kLuw$=s(<rn2JyXa*3fnS
z=GCa%ilfcqTLrTaiXYM?{;qlf_Y;IlKGon&beemG9ZQQ|xo*4Ll(KQ|Xw60(l_>rQ
z{gBSqx+l;t+Q38{X`+KTa$3?!dr#TjcR4tpDaGouJ|cM`thJ~ba|dnYHECvX*11%d
zuso|6DdV*HhmgsQrFM@GDupVwwxyRBmT;V($I>rgQ>{1qR_QnH4UH1gdppTebyH;>
z0qfu7WH~;__6wP=-W$^N&5S>oA9l~~O5o|YzT#Ilj+kcsbrOt{77e%v7$s*F%Mtw%
zIk-7|gnt5v4E~D9|B8?e%CpA`wh`XVV`+b~9MhP*rM=IT2%3*<zPkwfI0^rgAy36~
zdK!hlP{{hTqu-DmJmqaE{7=LU$Mw(mxjEM;_AhxO&vb-sA#2JJ`KIJfRXe|4f8sm0
zw^=aWwJb`oDA3}~lCX4{0MuHXHx%!P60W2>7mvh%XDzHsB@QoEVt(N<?2O2ccG*UN
zvWmJ_UQjeJfEmk!$-gz%KKy+b!dT8mtYlanEWz7BB;t7b@ORCaLoTdl+@nas{JTK6
z66;He1dHPNJxJK45>fg_31;qnP_ZBSUM2kkeErwgKL&yk5}|P-@(gy|!P$bGrOC;O
zUHt~aR`h<+o)0UfGUDo)tV-oaKQjG5M%OS|-HEMXDiHdqB4&FzsQd(~Cz*OlN-S!&
zZr)__#KY6u-=MrL^N2!?s#PTxbtnD_6%RvEO5(5_v~Yyr)dE1c-|55u>(hS(07;LK
zJz&w8+`#8>Vln>@iB3UbCeU3*dl!n$D%EjvzvEV5WeLsjshwSMnLm3voV|;E2F8;8
zD{a!Wu#wPfPj|km3`@5qrl{SG|B=@M4(1o|6`xr~e!J)|P4IsDPwn$YZB?8Qh(JpM
zsT=2;Q1Jbgq7Tg%pQ~F*+oO^*>JHtPw5uzRtvaZG1(L1i%2<jn3fJQln2K4wHKd<P
zCVq}6I_~6I#cE#>8&5ICXACw(D;nbz(2Z0mW6i9eX<5=rS%x~r@=yDxeNA}s5&CUE
zO8mrVQEGit;*zcOxg$k~db_y!l&+LH|A%=cBiYR#Y!=8nlW3^l3l@cBOE|QpNi=(k
z#@$WjR$Fm_4L7I?p120GDYg0bZ_kr3d>oP0qzZ8ma@-Xkx5<M26G3451K&Ti(1?J_
zVfvrErSq0$r#U8YrtYhVxzz;*VvWfAu#`Eu;OsG)6Qa}gqw5NKk<5-9@u*^*0|Gu`
z23iH^$D{d(@AiGxpwhH@$H%?HoKJ=Wp7p*;sN>A<7m>hviaJql+bl3mjRbi8aFqRZ
zY#7@Rzy^|ksvJXS-Y4<3f_F;Dzj4uCQ%$S9Icy^F;TyqVwMS`hI9Reu!qbM{M|)$-
zqFJ>yovyyVZ(m*SAG_<>mObzHvNQPXA^NM#vT;Fixqh-qK{4>(3nNmuP3qA^Ii(7l
z>AvJ`HY}l4X~dZh)AhX0W2T~1QZSkQz3*-h+LZBGJ*cE%j!O5x9EHw^pPGACP7#dZ
zFR*-ER1p4TWst@tebRa0eP-IG$S7Qtq4H5ZjmuESuwJsMwzkA0QSNn{;8JdkQc;1G
z(sq~K_Q>a&3613HiKKf9o|4h;uDG9mc0X{MwcWm#(pG}0xD?toJguFn7kgt3YqynU
z;Q#n1WhO(G+rITuHh0<V1t(0~Q)L7NEWQkWe|f!g0Oy)b(AG_!=w+x67u|T$!m#-M
z<1Xt?)K1X5A2}xEZ|Bw3wWuu8rYsp5b_f;}lO(iI?@Ot44yT73q_LWMG7NQx(`qFn
z)SdJT(Vgm|QyiU~dkv`StYpoIx2LgFqI4ow8Qz&JHTo8%+v4LJl-0rHSYY-uoj&9$
zj9{JkKyUGlNHk6&m3u{bxtcCyWDc8_VfC`xY}aOC*gY`&g&69=%pdJyP9>|vMhS`^
zd}E3ca$`LuB%Zf3c!W*~gE9SHQ@=i<$6&=%1cXKU)4LW_#24>{g{?aNc;tVwD!Y`A
zM;%C^n_3i}MkanH!YRd-_Rc|bX#3hXru(q#(|xeJ*aVpyhCCM$^2vg))!$XvP!FQJ
ze&y~Lrt-_ZpI4Q9@+Iz_*JOeiuEv^EUWaVaYf>CPE5%NBS1Q9UV7xBDujpazp5v0Z
zHri&1%b(q|`Se5^#<GLWqLN_fJP(-C>94>#ePdW2DpBE^ZPpm$xZbEAs1Z3{K9v^j
z7z5n*VVOQUYNZl{8eK2&cF=#=;CtfiMW{?<`?_0%VcMV8W@jlH@Uwf5c(cf*O|&vb
zeLLSc#sX%}w*_ojoBH)aeA|8taM(zL@9!wK9|OK#Xw3+u|J;jRF7nUkcEIG@k*^>U
z8Sadn`6uF5bsqVTZ>9uJEPw;P>+=Z^bwwIbXw&PlPJYN88B_u^_Y?{dGEketuX^N8
zloYk^f8S-E1ib!jSOVJ+Ds`n+B{iG;vx<SgJv%)(5up@pv8SE<<i{*!TY1n3h3Q>}
z?;W{MnpVb5n45N>!}=_#mpcTaX2I{^u3vM?qH7QoJ0E)`xt3N1TF1h_KFuC{78+m;
zj-8F&@`Z`Tu6+@y%-P&Mci+HVXSRYtwpEC+wEtq6(8%m|FsQj-2Ho&tBmE{bMTNZ*
zBZBmrJhkbT*SgkwTYNuWJ#<ITdO+$(-o*=kYSaIJ5rkpC{2@BG>5IffK?Y39%mu?i
znz<J^T$hkNGakd>#Az})^&+?_VHA1pB)hGRztlA0H7U;|vkmi_^yFV!n(*%Rv0GHt
ziYo@$&8vEc?KEY1xRm0QlCwNCGn@Adv5fvrS*Tndn%cdJy6Wx^vg`Mj>35K=$tXj`
z4G5C<K9-p8BXG{+=zx%2@DqsQb4Svma*zLtLZ{q85*Q$Y$6c0vj%fg*`0B2^%|$6D
zlR+W5q@=^~b|4VzC4q)2LqJ2}ovq{n9<0pS_BZxM`qV(d*~s(n1;&5&XhGzc=RARa
z!Zp`Iql_#zej<DF72D0rB~<rJJ{2^JvgRHt2@sL_FsejQP^#@P%n;vUpFjN7?2O$$
zQQrRPKf}%yKQ!17Wi|Gr%ARCE*ZSd|)qK!idhAznv)7XH-{5*2q{wN@ohqJp@+bJm
z;58FU?8NpIJ|tB(ohg)T)dG!neQIg3^C`qV1od@SFFyVWU1Id)J=mE>Nr;E8b!DA$
zwoQ?qW_#r;&H9L(K}S~B?26k4r<!q@(_Py&m{Dg?uOrmt-upx*KUTt*ecr2gIu|eS
z)|tC%zs$F7u-sM&JG@?$JCRo1nJE(@^z7lrD4;j$2_Cx7Za!@mI1(2~6Ix-jKZZs^
zBs-6#XP5tsW-b)-$tznjcjtN-^*u6eQQXE5qDu$pf06+>-q6H(+37z|R}b(4en2cq
z886QpFW+-h82zLveo_$&lk(kU)I=spcAqM_bbS*e)g(h?^_gjlUniXjV}J1EB=FT9
z4lb%Z=N&(RoqUgFs0Ut@L+t@uRDBW89vCliUox&4^WR*(=!Y1N;xx-&sK7^a4l`y9
zx-pt*u}O<4!mBs!-##2i;OWAn4UHH575yzGFN6F#iP=?5rpVa^d1%;I5ePU<1KJ)a
zN8iw>3^XLCH1Qw~=dlUG=TIfp^}tCKxOd|^>=%|~3R^gWC5bv8@G?CwrAtH^T%|Q!
zh+f+3#lS#?lwc;?r>x$@pW^GQ>?7h4Z+X;c6_({}8g$?Ka<>+e*gF^|y&QmY!aEYl
z!THjHPSyaP5>>^mJdh8J=ml~kYgQQ<O&5~owfCA0tE}hX%SvkSoDD0g=NKMUTaa<+
zoitRfujg>g61Ui{C~Q7RV`^xyopc)ee*aC~e6T7kIDQvu_4(3@%I95QS@A;ujG-v{
z<soNc49`2Kx}<MaV)H*&i>DsvI(!g0YSY>zE?)o)JzbV`GA3?iZKI%yAdx&4xaFNZ
zMtqEPK@C7N%se!N)kf`o?HzQ18n}(4uo5%J->?I9n)w+#@x8E8mpWOGeMC=V?wz=W
zz3$}fcM|pT_{xRa{U*!!c(kyfx;OfXlwH72W;!)xV5ycY+hqeOks61>f*e-^I{*F~
zk?Jo6R*FOFMvSccKK~40f5eq;Hbk7OPGLzh&Z(=;RoP!XT;_CI)-veOYC6S?8CP?1
z&+m;D?v7PFTsPDksqEOcVyNzyc`FFdx7s3})?j*yh2;8vwcB;mr!QEG7*rpC6ukvN
zzh4ux!2t6F03DXJJ=ufT9N%UcJi62XfMvGtzaBO@0|)D`049t4xHGAN-l)|mP)}$Q
z$Z~D>KoU<cQ3IS!isoFKNAF~js!@t&i^+G4p#2#ltP;loztPD`La}%zBsw0%sR9qJ
za3<jRkxcaJ-TU`-i!1wu)(xDOcK%r^DlHRI7z@cDuC%L~w)=`A*B1L~w~YkLI}$w<
z@<XTwB+HW0;`8F{RE!)c03p*%SOc0{_c40{07IAorlbd2vH$Rz72UF*xh0I@vfnKr
zX^s=&ap~JCD4bWJZc<3EL1|CUs!%(#>VhWS%ro+Yq(9hC6)qN6{56lyszd*1oCLRV
zi}inqk4s8{vXHHedXF>vsR^_cKVVny*+Ax3(j=wC|J`%}L~qZ*goeGo+NmnIsR^*t
z?$z}7iP2qop@&7^IkX68nC+gDRoNGt+n<Cju0<PRU-hkAhV8bV46LTu{T`Br6%9y7
zsV5|Br>+&a>bx}aWCx!Ar@D|Xx-C(XA4Ve~;iJ#kbY}ABDS()LZR)M|Rxh+dp+}xA
zeBotdFLO7#-Qjomd2BQ6we6(m0p@=EP<7E_of*k;Zj6Th`7p<BkSKGb1=Mq2#y7)D
zV{Gpc!<MH;BKdh+k+t)<a-Dv_m#rz&wP&6h-Pr<yW(PSEJ6dl(ZlZU1#DZl$I-3lz
zKlM&3W4&hd4INaqr<pscG&lQuhimqATLol7Yw-p)d0MaI?>M0q!E&@*&&+^`c>xMH
zrzFqZ_v`82;#B`EA}dIIV2bKyYQZw!yy&i^8mMMztg<p>OMdZlb2Z;x^E~*9=aTZv
zTPmH1M}E`$@wRjXW>kDczrTX{<<DiX{P(|f7QyT{9!fy=J%L1=ywh}QaU*I>^7jr(
zn%gvIOx3CO@nS{$0-f6Hg=vQw%VAsH0zb2oH2eDQ0l8YBcyL>i3m@rluChFRDVQOl
z<st4QQ?0M%W9GBn_dbaH2Ik<mKrXi1?eVt=WdZV<9-C{raMm~U%FWSbmdlh5G3axN
zK10DA_cme>XLxyD(+FO_Vqg!f^@Z~K<JN_DRu5!L-hSh5eOc8++uHB9nK{M$H3}|@
znG`|W=W@-BNiPk({}uu05tWYzjPswAzA$U^8){t$s9EKn!{Nys;Ws}}OE#VoSF4g6
z4^U7xiUd$UOJD+8z^WYp^B!fhcX&l&)XoeJqGYGG?RJ)r*w1&+5+HgLh5ykrYhLy+
zIVy3ut=P7{!bnrgmv!9eQCA&m@3%au=K{ZZM0^_YmKAb+IELIIc`PmO3lG(&l0*!Q
zt+ZT%CHINVMc;cQ3PHrXlRY&my`&iN&b|5<EkQ%zxMPkXIaAF9NS2G(^bT-7L>^4L
zAK`PhuOEHBPs`$3(ytd4%CFOWS>7cNr}qZGuFQEE(Z6(4w6@hkTR->kqL8<6ZHrT!
zt!YQgx8=^GG0o|E8nq2$+nhYBtGct6dqz_!CT#4RVr)+Q+-&RxS`q+Ehf&pCN$@M*
zJB*md9oR4(2wdl4{OJAM%sjo15?Ev<zK2b{EKVHQqgaf3no&$~eu4@}fg3aEH_`k+
ztA3P6sj{z{W-qj4lt>(u><fQGxV5!8xA~u~^yyV?^l2Db7zfT5iJA$vbZIuDa1*gt
z`pl&=PQA3ECYmW1=abV0-J}fZQ96SUtevr$3@1%E9iE!6@R+hln*@Wp?AK&aYK)jH
zg_uMhkS1wl(O9dQ^t?Evfld3<z`XTMbeIPsM5L!$Bt<HnE1xic-z<6jBT}T7Jgmbk
zD6zX0Teqm>rltpX8#%{LypVUU{>43y<z}a@wtqJbzhLv;c+LO8kz=Gbt*~~!wea9B
zqot^Q>`0-sM8d}0tMvabv$l_3h@N-AL1OI8us059?)onIPK69(a#YPtcp9dqG{e3g
z!@d6)c#fbj>(p>VE8`R?iSbW!lj&)PIlew|cbbeI_4L+|5&orD1uTKj%Ikth8nqmD
z<Q<iZ#YCM1UfG8y*0ko8@6N%eMpWj=O=n5-Mz*XqG&0;wMxM~xurzXosR&F5-kJEV
z+nF?%+4Wt2;63wBAnl=$&M<K?n$1QhczNQ}NV;=XtzpQsi&t!-67GKs_3TMzG0m{H
zz$|{{O4`yrsxnc$u4h>bc9>|1c`o^bDl0mBnaic5y)veFPwV_&`&N_U$J}e~*$>|r
zPf=$`4`+q9@b3NyU~r2Q)S7tkCTdehET%8fp1{56#vb<k^r>*sJHr?0HsNEwU&g}f
zr+6*7yIxMTgI^3Z89vWhN_}xV)=XDIP0K_#Cg=U}zPrGQo&3mP=;5B#{q0K*qqHib
zbjNQcs5|nF+CHP=^BV@gF_}?Ded)MFU!J{l!-FGiw09=XI?PcwttpzT>!o%_*(;i-
z4ufwk`y;2cMMJM26Jm22_vnlW{ROJvpLQb?b<(8q1=6XJk2QimiKI~@-`i3nS8(Zg
z%o;&aavp~t4^9kOTzyHg%8?dkj&<5?V-z#n#?d+Mni=0@G``8KDDQ}|TPDBcZv)tY
zH$yM8V%en2U)daKo+doX5$%j!OBP{%th%XeTRkiEJ|I1ZeBLr(fp+z(u#fh<q$!d8
z_jaPJhpun$%H`fk`;VZF&HE$4=?-;i+R`IWcAYm5jAZa3p6^BWh>*IX9M$Q<zDe&z
zR{GX-zjS|Rgy@GVSC|wT@Ny+EIOvZUw5!!NRlj<mPa|1XrS}c4U96Yav>LIXD>I?+
zrdXCHFi=0q9YQi;>t8=2KPr#7_vakI-n4WsMp|pn8W<e3bShrJp?(X|jU^)n{^{?X
zRMTeXA8)v4OTcPMoPu9$PbLo9^Eqf`)SjWT;u=ewYLz9K&XV><1;JXU^rS5y^XnAG
zKoU{ReH#?}@RoY&M2b*>poOwoZ*<q~7l>~nX%i`1eE)vSg`ot{DHXH)`Ym<%<(B#p
zeH*OxT=p?0Tdd$vRrG%&?)(0e(OsOfQC*xPTmF;A*zAteiE}I4iSxCrxGqj#@+|k!
zK$YhR8c|GD>V)^N=q_Fxl!<V`A?XW56)^OFOSbv`&-dO6m?{t2K>dRNl*u1q)Wc12
z#Jvgck?1Z5pk=`pZ~OmYL}CBRL<<hn83JK4QUA>?07E-uy+Aa|vIh3)tNCSSAAZ_u
zcT`4Li(&*a9R7<;c&FtHBKv0kl}&ihM|TYYP5#4Oj;bKmNAnL)fS!irA`VV3GqLZM
z&Tag;HoVfi#%nF%#NFc}l#v;ZiLrrd>&#!aYkfatytuuQ?tGRM^SWa?>QMn>KuMi$
zp=7#a)8deIVY!Z)ZC@XuI+JmW#j<&qd23HV-a5s`b}{3y%~Ru==e>kOOKW7w?E`dt
z-U)&RkNY~<KX$u!A8PV}#L4G1;Y<k|s@EUJM!G*4X>{bUxU#hTBD~RDa_^qD9j-Z|
zaKG%fT0ZS~elDkTaPQB3_Dul^`6OtIKzW({vU|5!FC|k6V7mS6GOyO)mc2zxvL7=y
z#Hg54hL!q@Mk$$7B%*&oy<BeMeWhAGHmNvMWTZ2%e!+XYe-emq-3~-Z2j4um4ZaCu
z*wT8P8`t{pr=4J(Ulb@#o(+r7qhBN7x#0IdrR@Deo<Y>ohHde*Qu81^6xVg}+FL10
z<B<Fh!x5a0^*wS9ek+3S86*fUdd>d91O4Ha35@6ebQl`}Km5u;y;t6#z^RHba^j*U
z{FBERJwOzHLjs!)waO8pcqCo%s^DcTuMX2dp-9oUVICcpfqW5uw$|cTj4$<)$|BaP
zME0M|?`jrV-5E#~(O^q^Q%oK&ZJn-CSMdtfS+ULgz5DB)C*AL-fj>TIq-`zg#$suD
zp9Y41P)g$}?Ss3}aBR2lFj(gc4YgP#cKi}LX(TIP5RJAO7D^ZXVb@3g|C7lRQv2?b
zpKc+hWbsy?<NxmG9lz9c^vrC%V(cj#<wWFpO7$&m*+5qJKwy1@|6JqqrR(VSGPT*d
zU1_CDq(|nXj-0m1K@j#I?dj}S4e!2u+-RG!cWe487FF-#{qu{=rU&bgiKmsGqf!5$
z>&j;JBms&}Br13f$kuexNwY!g`&e6u*lIl!3!i$Mwe>-R)Z%p0@ay^(-6q#e_qI^b
zV~_MQ=hKpRX;|TJ2b{jq@r~G-$xl|-V9dq}EB3vl-R^4=Zr=(L`*K{c5z4+7#ch9T
z-;1`_B01+%&@c$tL2jvLC&4E<xebAw`E^}BCNX|dt<mWiGKt2$B#Gm@(Q3QN;nLTP
z=4cG`_a_$w8F-k5+$~tE^ZP^0u8$a(``*xarOf{PBRVGiuF(&dkKu_-Za{??+f^oA
zy|lkrw!r5^QKZ}Byt)2S-#<<4+|2s0P>Z3_v9rfyDP-Ump3^}`u%6Nt9x204Tebu-
zqBPB3^h#NeoZ<0^Y?sg9Ox5Q!R&dFH+zL_ZO?;h9At4E1&Id<d23)5Lfn_0fr>VOG
zcYUZ&OA-=ROwZfrgw^!g;EMTcditk!le0Bu;nML1H#R`-1z)wE`=i{wJO8}<kKyFT
zeAuu0!jXCsSp9|k&H}}NJxok-pw&P9bTauvl92qcL{Wgoc_`b$)*FeF?g^{Y)y<E7
z?HSIU$mZ6RgAZ-o!Km>i4bMlN<5p4i%JUG9DoQHK_Mhytu>8)E9N=FQ6lU<$SX)Bn
zRGo^?Fqs2F@ov`nR`&zue0>-7QJ{}qn@N8!;f*kC?!Pbtz>YX_xEQD+0|9<AaDvSo
zco=^TUT6K)Z;((Ki?T?FnY{LH{WbE~u%mptmJ9>AIw;<}`%-IZ-^N7w<exMyUwC4|
zq`Whp<{OcKxOi<pg8?pSzp+X*%dg=Mo;T57oTcx_W;_n2!lrG$j1vcvk9A7;&j*Y{
zFlj;09vrY)R);d$KNMelIT>x#41k~Z(RN%;1o^aCBwfjKEOs7-HU_~XIbQN<j&+?2
zCX?SUkBhxLC-pAtHHLEA8?;{6A;dM}$5hl_3`8t8L}w^?S-YuaUu>6VxS6^xYi0zu
zZz26`y2fGdDa*17oTIj_V`;hIxwZ`J&C`X=S4YzD2Q2gc242guHyLzOCRu%-WT0~^
zHgoqSe>lT4J(^<~jiRF&g+=xREGvtDmuVVUG@z|%`s9xkHr@YT=sXz+jwGn=xa?!u
z{Q@&zl3g5FtlnQ^&f70c7Jyq<dIo!jC8wN!YD#G1aE)s;7t#5-#ZoUY?M2GT!+f@W
zsTb(mrE8Y$GLy1tbpAi=62PMWvfQ}a{9WB{c6>5)&SG<<tL_|J+wd2wN4@Hjc9vTL
zZVa`26tf73B<RKJPhRJ2pI`Qcj|ZREcWd#d1psH$C#!LB^QXP}>Bch#_YCS1^tc=F
zevgDZVLtnjERl!odDq8+&fybDzv8XTDU;*_(EOJMWBAh=(QP`dRLA_N{TG{=2bE({
zqiHYFM=!ac%02B_hW!ucA|`1aBmOp_Yae@4ScJW(pi@p6s$l;8SN{_{*ydX@W#NSe
zVrfub$%f2I$zybT^z(t?mj={wm#_51=dJht6VfH^W(TtMFQeQ8mKtSjzX&wZWx2Oe
z*SQ0YgDKu`j?0UQn%=b`(qE7hdk%CPFDE+un4cxq!nWeqiOW5Wf7SKZp`uX@(M~-r
zN*`;fzpY=sCZ7_V`hYKFoxCjccV`O5qFhQuqfo9xAIIf&W3)vMONpDO2{cbfL>73y
zcO)9?0C-s5dQoND{Wl-As3&J@rye&AzTA`IPZ1ZWk5Kr#PbF*Pl2IKataUkWvQ!5W
zwdB#yMOGaSo-FY2u(78A<<(4LP2Yj%WhOm4RnnJuib^SO^(9D=6;%8e*L=a-#J!n=
z$w|F#0Q9i{0F8S9&|_T2mG+uPZPcp~@+Gg&0<L25wS??pL3hUav4Hb(KepUA#~U=-
ze6$)s_Aj}jIBw_as;b)1IN{wM6qxXPt;YcrI_1rDnLLx?>;-FH362?+cTGmg6h2JX
zF{S}42sU&KxlPU{8VAWnH#3`43{&9lQvrF^JqIV3nd<!&QJPVW9vXCq5mQ6O-~U`b
zNnT%oP4{#pwr8<Q%lb|67<#5VKd+x0lNN004peKpH*@#PH)-qqp><vBccQcr>Uwd3
zT~!&~4|d%h`6aJAU4Jn3lU3!6$p7q=nK=e7VbgINy19H0I4EMI`Eeapj1>#Le-OQ;
z*~!JC(YjDqb9ntkmJ#<`AqhL=6){vD3vO}ToGUMkOWJ?cp@vzn8>Mm87(c(U%(_NG
zK~1~Fb2n_R2IF)$wWEYJb9vbw>LFbytr}Ki>$Mz;IdA&iXq9I-JD`bH!da-3o&avI
zp$y^kxc}@hlsF{&>fq9M_{q`Q=03)9ORKaa=R7&bBNWLtWc!nGkF93R5<D3bjOAm+
zg;}r?smN_`n%sh0UtZWUozc^ur{;JVx<;<A<~-Q57g`ktZL1-P3}{ilbDKRO{a5V8
zg3S|DPVbp|w3Tl@_h!G(wC1~WSt8-78A>8FFeu(vpmBZm<9aaIS5XUG9YTh91_7(L
zoRXQ47@q(=>$=_;`6=8OMmiJl`44Ng$?wFuY+qiK5G_fx{2faZ+WME@#A{PJ`VH)6
zcn#>3Uq0vf6V(~s+$q1yrK%)(AG9U+FftI236%;--ClJ<8P&j`G6ila-}Z11cIi@a
zC0^HTC>8S`Kznp>JztJn!M!sUp)H_$WvG-C`xdb|>+MLn4OR<GnFL0Dj&WMRIEnIY
z*zrjz=aTR$3H=2j>QL~`=98N9&`z38(^cPC75Qx<dg2}n*XKuZd#ls2UrYsY(SFkj
z0)6zv)aGvhp?hw3KFopXP;N&x#d<iH&{Yu-@*+vfVNy4~(+SQ=ZWMf>86glW1krg9
zfuh-Q={ZicVi(DmdTrb5x2BCC_NRYUAJ7+YRLUA5Ps#x;%w;_;HH+*dWx07gn`HK&
zidcR}wfUC;!7j22$vPhgy*8WP6`wVV^P3c>k5dGl5Qbe@9TIp$w5wqTE`Tm<ObRce
z$AS$sUx1`6hkarNG-E{jp!Py+Yn)g<155P7-AdrVHt6e-at3!#5&{|EctauJo&qp3
zrvTBzV}RZ4MRx!i$_!7CQuNd(3GyV)b$*we2ijU~4=f*M64XBf*9ivkBERR3`A)Om
z&{U9_BSljqb82@*YsP}fZl%a=q@X^J?PL<BKxteF_(B`UNMVr-vge|`*W7R~R=gib
z*O@A_kU(NM!8zgeMK=^p)PhHg3$HQl%5}fX1W}YiTryqVf<bpS!%jcri1&#ip%yiK
zHAEO((WnuB&Y<XlEm@n%QR?MA`~uv`4EGrQA!I(i@0xlp4!TCWLActRe7E~|GsQuW
z|1;kW!ltZF^E-P4*dF}6j%=L%=5+TY_qKnU0^1fgk1X_wIeB!bs?dlJ9!v0UsV%U-
zG<i1<cm)ZnLKN3_fmT8-<W(WMHM16hhOYR0o(4E1|E$?fN0w|3UA9WV@~G0$9XZ;Q
z^KQG%-%-8CEN9wB^m|#<RVlTgUJnaJt+rY^&!v`JP7~A%la%|Yssn(~p$elqOLvnA
zuNC^x^m6#u;(vVOa(C~c*ybF}F=mTt1SwF`)#Gm3QCn^2svjqp{pHy^+|zsD``%$!
zrs%h0A2nbzJ@T$*zqKy)K2)AElU@?kXpyX1MN978bIprUc%0b%Xe-OCPV`8<_i|2f
zex7rS*g`9m!4)5V8?etUob|Al(CJXG-|av(t}!WA%eM5_E`pXjDMl&HqbJ1BY$HAw
z8YahrLz=-uYSd|sU??N9I2VMm&gw^g&ISF!9_upTnuJ)*S<RVl|3KcMC$u!b^@?<z
zigcZV3^VT}8x_*kvcv#mh=i=q@Vk)7JqBrmspg2!aB904ShG<Aq{#w-zYC`VcYm4z
zkt*MYJa)v<)6<|<Yx)^Bp}ww!fK?)CEh*qc-q64}bU$HW33?{{D#mO(y2otB@M=cC
zxkFKihyyB?O6cyi17yD^TJ&cYu3?uJnP#}}qof9e&Cq>`%c20;Tpa9fHS$3!zCKu^
zMIo}24%p)maClNPQ56}+vk5}LM~2auE03laj}!cS9;}3<Pra>!WJ)C@GiPABkmTA#
z_?(vTTy*c%UY%&#!Y$U;`^?r)sGyGq_ifQJA>Sm>hkFghZdZ|=_$;EJXlzl<W{<C{
z;<!8D{ccG@16{9RwOv8($c1XM^C83Q7kY7pn=%KmFJB?y`(}i&g{@X+rEwjQ81(MK
zl3+uQ2e_E=9%{F{s-E1L6vI5{y;!p;c{j!Up<ExVC=yKVM$Q3!U`ab1%<jru5j2B%
zkbT~GJk<h1^g*g`nog_FCDAv?ebIx>>xittXr*Xvp}qxiUf1ke(t{w*X;%6%!kVY9
zF>VPH4#uvd!hSIsPC^$hwN*DpF4u^uV$f%I^E1hJ=X7o)##P?4RQp%x9j$iErR{Ia
zEA6Z2VJ*mG#Z~<S*N&av-nS)W_*@LQs()?}#KCSwNm^d3bm<1aU9S0>vl}TtJGSYP
zJYuH6dSQDg>9OG~3YyVcr$5IEQF<QTM&Xi=Iw;S;u6LPk_4hE>P{!`BNL?Me1>mh-
zEROKCP-F*P<L>pta9r@i=a;|&xD?x;yq9BF+&HXJIfQCm9IOtbBEhgsGv4<1_Jow)
z$R7n=TEeSUy11k$S@w6X;is&7mnC`SA^lFMJcz9=eI~6G_V8T_-N9?EwmVbnGSg#?
z6V*MYgeBvw?8;v<CLuNM%*N0bn(*WDI*gjrj_B-=1e)<Y<@Fe)0davNyeyO2HM&tL
zo%725Q6hq>56azx;M<c1epl#~_yGjkjqiGgiMG$uQ)}~K3uSW8Ujqy~kwC&|rMgP0
zb^6d1DuEPj@)DY>A>hRVg)eT*#FpkvnYZ+NL=1?%d!Ud>X{Z#rau2-}Vew7E(G|&h
z3Y2{#PPoevlH~?1fLw_Z`%`8Tr_jTCG-__?^~kiSpsyr0sOT|Hf55S?muU?w*BQsE
zAx4{z=!sOIQmYT7C~Tn8!G=P_v_0&uRC2fD!q3#uoY1GI{q%x8IdW2CSE92iflU29
zcY%2sN`QQnYRwnofRwQ$tO%v(LqcYy?<hmdaC~yC7U<KDKE788!GW}Z`!}Z?4n0K*
zSQ6}A3YMnSvNGYXMl<yJx-#(L=>C8y%Ry7ca;v_BhjY?|HViRXw(bJ=y?<==%#U;H
zPd-ry1qCRwK@gA`>7f>m8jP7NZ=4ifY|uS6$d-y*4yD{}|L#Ybg623mgQHXsCH6ro
zo=ymu@{BK)m@EWLa%SyHV@!vlnJYK{*EO_##UcA^z#-R$Ok+?tS4xi?Hq0g~=@?^p
zz$x;6OBzkAR*g$2*8GP34_IRFg)0qtfZ->|oDwM3hu{fFz?iD{0K%{yq9jPRijQUU
zxqY?~ehMU7P#K@cTXbC^;9I=N8~v~gEYA);47y*vfF7vMW2w25+|3~e$x@Lwr!~%|
zTUp&rl{CMfiEFD-2q4(hMM|Y!MwqZ(aO~i#K(}2;$BfJme?-}0dTK-NQq^D~x6r{#
zAhw?bdy&X{bJ&Dua!^xZZ`E_1-eZO{z-p*&2YTV7gB*}&fI29~2QSL}vLxK+g5f7Y
zDq#wwuZq?1xx6_kA0O#vj*sk|)Jqq#41Ut%qxw(8uD3I94B1%B53vrVR7_Y0plg;3
z>CBv<KRMJ@n--v3jOL|J;Vwa)ln3z#5V{ro|BQE5{e%T7?uxBmM3;33`$6xwTuSa?
z=I-y{yCVnV?@~dikMWA3y@&@Ze_YsDp!8DM<}e?qgP$@~TZpYgt{mSVCo-xI-Ksn4
zAUlI1l;wi{bn^oTsA5h)e$D#d2M8fOhnQD~7$Ng=$0~DKT$$m9_g4NKK4SSho_Cnf
zMf)dWA>yhl6E>C`mL2>lWG|wAw^?r=ZbUQ6ic{E-oui_}1-64xxH?gMXB<N2vLDwj
z6Kak)B;Ah;WP-~*Z>J2uxn7#hB%*#6$S{`zy>VH+INP7a7`jppldRLpC3h1o$+WQ5
z+@c*9EK+h=_e}35U7~C}eLZF?cNpxPgV}yP)(^sVJ8Y7~AexOt@kh10Sr!<GB75u@
zA%&PCj0})`>|3ng<u=RzakY<{cUd$vm%C|VA>Ku@__$`Q(}nw(*`S-tT?pG6Dba78
z?_!$`+oLzNyGumxoQ1H}Q0);DgR4D#O@|n4nCMdR3A(G@KM50Q3U5F)`T#G;B20Ai
zk1bP0FsIX;e;62#I5upTv%%#-bj=y?*h)v-*KyW+uH?~mUWa$~pGH8nXTcxztH-mw
z(9OIEDVDsfdUIM}ZkpeNt4OOn^JU*khFZH48WY08Z>q1dN9B(Sm9D{z*Jp>@a0@g&
zY|0V73&}kXb;G@(r%ML~7<X(OIwU|y+QcPrXJE4y$ZdZb`1|7_kiR3#R6r%!&DR5Z
zISaQ1=bL*akZQEd&$OHC+4W{#t-+iKgtcozrBMTAOsKFB+wf*D>y|NI6l6T@ZwUi#
zjp@EhFu&pGd5}sZ3M9Xld_n3+fz{9Btk!eQP$yTFabn!vU3U6gB@3<(hl5U?3~uZ9
zkgguElAbc0(GPVCY_;ZGN`Re$)+vWp_g!GiOA`ADgS@1e1km*M)xD}iDBc_aQO`2y
zgGn~*BN4p{AqUj5uM0HGfL{>J;2Kj)>KyDJ-5+g9F>H2JLvf9xxW+rXk@UxDV<VwL
z4&83@V`rz}M?l`}8rIm((~v;_k8H$4KWv!^I8T0m$3?%ZmL)$+Rfu9V#NC_)t|$$p
zm8au0P(r{HK&|s|Fx<;c37@$<a7j$piHb~l1<NWXEC#EmbVz*jt&jb2bQJ7L-syxc
z*XaGJ3pOqs%Ua_SWK9b!yk^hn7c*<V4SDH}$5JQdB#Ha93Yqp}UdeRU0k@wNUQO9;
z^0f5L^1q8z?zuxxz2V-JCrZ4*n6<5{e-}mO1VkP>5y&bM@bw(fr>PdhA%r!3K3u4N
zo;_<INDy|OB5F-T@P!s4R?Tl^I{c6`xCLWyz?r0u)u<TUSSyZQXF9FINLv;xd^@i9
z7mOUH6v{d}a^tQ@R>(35+#!#DKH1YjiWLZhEVSxAZuV&ODfIyrChbtkRsXXa@YTln
z8^)?2V5ozjb|)X`+<A$VbC6{;i4ePMZ0#L^;9bZ<Tjx)F*DZro!J4?B0`s@yoUxw8
zJ<^IGDu2Z-&Xs#}cv`XO8%FEv*H=0&XwP?Dwb}Jje~!)Jf)*H)IE>fvoWKp&0p_N`
zGjM+pboYvxdc~JC^Nb!*?zGZ6bt20z*mH7v*|^Ms>&w{zQg>Ifir~d*EgZo<9<}-X
z;owsw26s2xHm`#v8B+D*s<S2%s^I$iXiN%cyY3Q{VNL_T<zT)x<_abNN?E{71eZfN
zGN}qW@P<H(7B`RffXadC?v>~Q&Q?Yes!;<NlDN>vkdq#JA^g!`X;<`fJJ29m%~d_~
z237AeSp*cn2UKv)`9HcRn_R4bKLXN80)3qE|E3H95<R^h{+d2|Oin2=lT~zxTd-kY
zAFct*xvmv#FZ3i)oiB(OshxpYNJ7~AG9>4m@CO?qDS1_P;=C@4Fq>fkS5ruIcgXIO
zzDIL{t|*#60ar=0nYT)MZl@B}-%@9u<xI-Ce^T8&nQrY$T@fVis*iMwM60g5kX(jd
z2tWV)uV0FUY6t5a#PKy%Y4Jc_|IP``0&21z8X(*fz`{>r%{L2k5~)H96#RkmT4X6T
z_uPM)(_AZr+f{EoL7qy$17TIRSS6^aVoU_657oE?%X3LSP3)#x!oPkF^0^gpB`J-h
zTPYfX#dn&Q4rN2`oN>Dnf|J{gc7Gs+q<9ip(FS1BHnG%usRX=SB^$LJz%@zd;1lm%
zH|h?u)B8-ffte~5kkWbe7_FYd63H6^;(ayNN?Jv-svTkS9?y;T!HN@E+rt)$*>KEn
z@OV+2{|h^_Pa||Ik1Qi%78QKfVExv&qv4+Z=x{=aN*c&?H|~*HL%V1oflRj<EQSnY
zzx5G`F_DQmW!w6WeBfd4nx}E|@Wd(9^XT;#&P1h(V9!3KngGgca*2cf3%Q_cWDmg^
zrb&C0lJ^j)D-ib^G#wipH2TzX%`{5~NY>wz=XM3VpMiG*V>C;M`-iee7qZAmH;L`E
z2;}lwS{T8>^4?^p#AkP;h+@ew^m}fuq_4E)JF>2>nA_k>eh><hRdK4N`%)ApZ^r55
zcJy<35tX}>A>f&Uu3Jl#=tb!z!J9I_X;|JOF_j(D!NjWPndzS^!ZuT(+h+(%Sb{t`
z?H^b?5<%~w?aCA#>?WkTm`eN^8-5WiKwOo(tjo=kYeZB(zD{@@qH@jSkzxKPb6K$O
z)H)8s<AL_~0Fj1(hYG-SZSt<Ha`*cXjl?K7vwMS^yL_9Eq#oRzWt^kN56rd>!^HRc
zX%+_5BiUvV1uTF32roCFe5rI-?Ed$RUEJl~g*(Tfkj1YR<{gkigUmF8h~QWQ;`8v6
z-H@t#<FIXuysk&HX<#8zphBjqU)^Jqt$Nd*&%EJMvf1wm4gh^{4@eoz*m(`yh{!u_
z>ZKq=MH}wJR|mx2@^Po-@*J085{!5ph7^E!ciMav&CsP<1&}&q&o$;U-mUYF$vvhP
zDmVWeAv5`%lw2cX?7`IO@mQToAVb^3ES05_P0?9`IE*gJoq-$<Fnwfg{53=ecUE7V
z1s;WYJiD}*>xXJ*9>$VvVt=rpSI5~8raV_e6gISTLInJCs-nm+4M0{evm(*Li{hN8
zI-IKJj0itr949=0U8mBb`dQG5TSNyiPgO<4t~Thl$r{)sg%)KIhY|DOJ>PBPGf4^d
z_3EU(TLqJNtw{rKH#37pQ;p~Z_Z<_WCH}!VxS55zr3(*8jTyZE>)VbzWeSjDsaC_G
zgs!a=yhz%X5ue*Ep*^r&rdvPElidm^ni<ZaL_W7L{<Y3RK$&Q8@|(hy8h${t0qP56
zl`}s!ABHq_5BEt9_KA)eSjfF+dVk%$UkjqHz)8@@U=^JPMYFwYd=-zUo<!TW-*5)v
z?H#A)pa__ERKhMbm<XR#)5ONr^#8@vDyS#@zFF=DKN;5lg1cOn-PL+$=dv$xy{LSH
zaoE3%!Rk9Mt?jbqY?_`jvcAL3Vcy+Gu{AlT%(XfEWZZahpReIK2UTExJDT)V_@MTx
zq9!|~@bZS}g5a!+WS{ty4X#B>a$f&ckW!P)Y(=B@nrG{idUTp3fGUw8?``E?(Obq&
zv_K|+Qp4{Sm^p-T+$n?xICnu{ls+DLu&1lpme!ydvA0XT+#te7#}>0Hfo2$^GQhdA
z1jk6;IZeRi2>+%hO6iebi0CeNnOybY^#EMMG8dexWdsBJR?W92c~J5XT?yDHVbr%~
z&f>-kBQGKNvYBs-czjgKz|xI-`>#iOTq(#hq}7{!YwFf1%c(jhP$K6cQrPF#S+}8W
zvKy6SP%W`%mB<-74*}(}40hYAY~Jj~wTB%CXVDV?aXa<y3Fq9+)71MYtFa(MA<ivT
zNwU#U!kXL3-Rg(98{++I|MGR009d(^sj8g|9{4<{hZucEe@<+OTQ}^C&)#jxdBFx@
zJ~IJk=>t@M4OUp-vqIJ)Qi0x=?BGeTTi^XvnHGE&5y}o-TUngf!o`nW(LSnmR1kjR
z6z@-UDkJ?^;ZZOEQn{VbftiAM5fr!{mIm3U4LPWCWP1NqVYOGO)@!C9dm)0+I?ovc
zgoRcx88SXs@Q#dXH!1dSrAv6tv8P)Td%Q?^&NAIE4l9}JX}RqAHzB*5YGG{Y)_P4V
zFW@I6peS@QJKIlPy>Gu+?S{)@7PL1VKmH0}6KjYM35XUP1*o2C=UNC)x##k5c2)14
z;7br?9{^JaepkA_b;XekWp_=>(x<;6-J~P=BNy5-TN3w!Ns5Ygd9tnRXZc$ekm+mb
z3?$x3_+nx^P@-3Lc-=VGt<wLx4syLpw>^HgyVv9G?bY$Up=_+BOGz3iPUMKRpxNLG
z_s~>aXzwZ2*3*Y$qUJfbQkKJg0`(mN>6wUB!cPiVhH}DV0h9?T*D{Wf!7-)UUg|-a
zYl6VWL~%XT;}DizuD^wQC)*mq_2COhH|zkx<N&*6d5@1|f2h`rzut>sH{ta`U2X|@
zp0j(oC@#Y-kiaDL$}c5*tOZAvg>#ZxR-~gr5sXuWD47F;_P^}!8~CKM^)xoLwwYv?
zY>!Y#KFEjBt`Z2hKst~EM9Sdp&qL9~<}B+EdUR1!GE$hk7y@!L=vnw;IRx#rd_qkJ
z&HoAsZ9Mc^)KQkE$&<U0Hb+y({XZ;y3p|tU|9^5y<X9oIC680eA(hi?mCBPtlFED?
zMtjQBQ(*~n*yb3rwhly*B}qNWp~P~UQ&z}|LOBeJVVIej9sO_5@Beyvz1**v>%Q;n
zx;~%lefZqh&3GZOV{N4<g(n3dV*eQjl#K-N+o-$mA4G|annnw=RNoBKhNBu}8ns;S
z<qXM|MngVThu`c=8B4WViNS)W(uLoZgWwLE)SH4RV>&mrYz{r8Gqu+A<p--4uP60$
z24>x;=`9NR;KoDvUq2vA2uQAhy#2S{xuoDl)2m2r(8&)a02XTaC?YWT-{g%iHLNg+
zXsqJsPL!A4y3SBmud_{f$R@RBR}8G<CIC!80E_`mpVCruQ8V1oHO%$!h&7q&>)5;Z
z@SjL4&MR>R@qeztRBxI@Dzi=~hwQ>#Qe1y{H$rCw+(&O9@FIZ4d?%trG7d&az@V~b
zHwS8Rg<LP}IVly5YhNimxsC#>r<U?WXc`4}iI<lj0(dR#zh;6&(F$*dRaw#SHoY=)
z2fa>-9IX|zwkq*bVGFJmtVZJR2sMHhck=4kmBR~=y;P-e#)RnbP(1urw1X%dI|{kX
zhP~-NNDoV214tDkpYbv;YGG7_Hrl$gmks)hrPJ-|<jVQ+2vr!52%Ap0c@pwXA9Jqk
zJNPr6DO0+c8_TYzd>xBfcp!n`k7I&=y}+Tc>EW!=dMl$fHuU)eF<p9S(XAGk%eeH#
z@ljFS@nm6Lizw=j@WBqrt2zsYL-4aAM;p301KY;oUIEFuwE|G%WGh!tV+DwIW=fr{
zf0S^c_kVZ@UjPfmW+@`$SO|R5Mom4nBqZ&Ny{!0#U+Wve9BW4>Z}Ut{%f1TBoh{?W
z^~jUZYDr;dMo`|j#^=$_7I!N>PSnD_#hs-qI?vYE-j111aU<0PS32<rU*qfMytm=5
zr2?99WTVljI%W$vS(-msZ8XX`AGvLxZ-Qo-ijCrn*8NMGP$g*_f3NU-*h1v6t6*C?
z?`P0Vrt&do66BvJcv7c6Um;zz>hFSejfd|V1m0j8ui$dWHRVmiB_MaH^`BRig692g
z=tTQYsZYoLY6Yw0*W<t1-|%!>Hwdt@eT!?A1})E|gAQcFhk$^lJwRe!i3G^9VwHJ$
z*olGOLnoKt?W>7R=X>O$Rm)X`g9z&P)}W)v%Rmkh5qOHV)XuqkE58MD24+mjPUhi`
zUL8OxQtUgCUtvB|QbkJT9%i|*t2j6kY_XeEGXU_rsy#VK9s;M&9&c3)sv9^-Rk_dt
z!2G}0%x2~c=h$HB0u6n26G*|ApxC*G`L(JSZ6jv|fAOvhf%0tj4g>E?p5R>nqNk_q
zdmYGfM_5t^{3ag3a@+|Kb}fna9P-0ov94AA<ho#@aWmn7l`Ytgh(8l{8x0QJH25nr
zyILKbObc0Zow4sc+G!3DME$xwP8uyrdeW+1h5XH`gsUO?KpFhIJaiWNNp%+@%ro&E
zYag@MEuABN7w30WGT+DmYtUZOt#jN&|7WBrJAW@r<EH{7zD;;z=PD>)nUx;>=l@8D
zTlUUC23S}1M~*ZuB+m4T-u+P%D+aK@QQ4^51{UDGEQ>`TIqnS0LP%A#OY4A_Oh1f`
zFM7kUt%cF;`s&$L(J|?7UU%#b@V+t%yat0G-p!2Pd5Qf)E`X$cP3n(2xJcTV>qr6)
z;CH~YIwEeQ4(K@b_Yt@xa|^quMz$>_u2y{)FLiQD;3kjuHXiyYuv8EJs-do{*HzvY
zWd`&>WV6Z0V%j`^S#*bG1_oS|7SxmXj5W-6Ul(K2tkhn^D(Qp~e98b@9u2z!eZID+
zI}JR!zrA0uCBCmz|5bC*VZK*Mkct!aW8*v)gqE{Py|h6H<&7PXE%onKjHHswviA5u
zLK51>qL5bOOjco1U|UbNQX(5Gi?Pljh9f$NIABj`%nuJfc%)dg>v|{8IsqC#u57zT
zS+rj72=#`B3sS|XKzsslO|vv-wgxjU$Ia!(gM>g1J#>J~Jcd8pEMdks`#kjCMY?{N
zER-B-CLd>hT+s*OK-2g~-W6Zut)RSq{tOIpc`!Ev@~u*yAcky!Ba-kGl5>X6v5c%p
zdQDQHlR~Xi3qnp%yp2XH9TdE0)>dIsXki6&wTcMAZH%FDjr~&dFt0LW0B!_dKjXsW
z^mAx`q_Hy`8aQ^J7THU5n@OlfZ|cz*u@<fSCN_x&xV7@?$NyJ395+#qte2Hhat9XD
zs)7k^>$WyqI~7(>-rPkugU*%4mo1*bem=|;=#H+R|4w!3^T(dVk>dXii|rUw9|JRm
zO~5@z9egJ6PUF*azQS`VZJ)8S-zJ`2CsqqTu?o<zZKKeBHwBm3t%P&P=U&*R%mz)p
zwN1YO-ABnGlL7|N@S$gnh!JTOj&W_gWL2EjCvCelD+5WkBxA>uTJB|@W{P@Cg8z-3
zQU77zcNrSIAiGl>c(L$DL?OAYStOU>(h*k-s{}5IDgWgCpaVqkvMjz9_EdZxkYi5)
zuG>G5zn=g@pfLGtQ$^C%V~uyilkc%!Zxsrv)j=s6&|+G!Uno@TMe#yX8D-il{eV4&
zC2Im;5vg4S$xUCDQmh@-z=`=kjAs&N;xzTN7bDa$`^fOYNqQZDpXCxeNiQI9PmUNS
znLWjOA|N4Vr;|4tNx5Rv|Dw^MJ8yGXtD{Z#-yrxSh{ZGwics`^rbi{ABrU;_TYHks
zm@fqnhBP)LH#tDF+L!dvdn?O#>1u`~4Sy(79k(53l}OGIO^I!ZAxq+POd1w&V%k%R
z=Gy^Co^t2qSf%k&)OJD=Dulp)hlcl~gbQ6voCbcRfGn{~zcJnFx@!>9R<FL845-)`
zwW1`02bAW*?G@|A0djtTJ@%^6Jwx;_O>~FnH-IlZiLKJffK^02sa{HTa<jod7*}V?
zp*UvIeU1B**@R+9-)!Pmo+iNtP(t<W^+<XdC@1!~6{cgzzSvH_H|0aNlLz4{p@85<
zC_&fg7GCsBdPRwprJ=`4g?!r?+z|?#1K86goWW?96db*z=%$P`TYvXy1O{;H6&{v|
z(Crk+v=4mqr~^eMJlPVVdm)`4TH}RdCMvHg^e=1?<pYlQ<wxP(U(Em$-JX6kBL&wB
zG~+S8x%15*1Y~PT(PX*Ce<FmQ9IIM=2i#<2Jt=%A^p;g7-(0041yEKttV(dXB~~|`
zn_{)?a_~kc9Lo?XlK2MPG@NA$|0NFmS0Y@l9(qTkn+`uwOC35%RTo=1boQp2NR<#u
zmVKgy>O{CGS??(?4$z88wY`v#`u}{TWnY)0HXU=NiJyT+G&hS|jh6B!H_@0I0heSO
zxwTNqcb*bH0#AiBl|M=CLB49*_<an1O85$Lc~&BQAaXFEH=x0O%7RwciNwO24W4e$
z7i<S0-3`mjlfUXKB*2XdAvSPvv4Q5w@4;`hXhXCnNPF40St+RQh`s5I!7(^R+WPBi
zAo9Ryi<uKI0bx!OSPETKSB<RN#!aVBDUNK8ZSm<L1Dgz>gZnlC(AWw2;bkSWlW%)f
z_r39+nhZ&A>bAgG2WA`R^ASG<4cy%+CQoBku4;=_DnK^wl9xXY{~rG50sih3G87QD
z+(ICVv=;PHh}KQpquvYdNe$!8Paz$Y$YpkiW2odArMEz8B!yy7Z{Onpg~PXvkM2VW
zhY^CTjZ~{BXu&QWaR^>Y1SaULnZ7Xo(_C>P;PED+#vP_ZwLJkdTz5pCbVW8PvfZ+p
zIzho1{!>VPHs(M%^s3U}WMV4}$R-E#<ybF4({*T>Mi5|oDMoG*wjGm!ex2Bm*;N8}
z{=zFbbM>G`QWJs>AVFKJ&~z`TPpKwt6da%q6773Pn|LVA!e<h{Du`N26ClDW#ujx-
zHihX>sA|(Kn-K~gfK8<qo>ZVRfiseLCI{r%B3m8T&QtaTdhbSR?Mr@rZ2fv$u-xl&
zl~2tQww0$QjB_tFk&Vao^b~2W76Y74(PXtGW(rMpa}izX(a7mvS0Jjw35g*ycvoS_
z_QK6NAzJ~{ZhXz|E8IAc<T|Ll3INrYl6&g>lDb)v&$>?Y!-GYFmeZi-XYYD2E87Ro
z_Xw0w&|<qU8y0%d$#o63r(K0zZwX}U_+b>C(CgC~*SQO2{whi(P>D?_(PM3Kz<Gt;
zwxuEd8VOZ{XLIGs^dE$X{3m3FopC$Mal6>GvUHvqP>AvcUd%qNAT0!9?P1YZ;4#+;
z8DOH#4z%9s7NI*aMZbNh+eTrCG<bK2$l^&SKe0g4$-6Q`B!7**nj&if;?c#^Z|4fI
zc0Xr_)&Kic11QD`*Xv2)rQkOH=<@=w1hjzjc%>?K1o>oA(WLmtW=$a*d?m#=#E`w%
z9GSQ)-D;av$de#BaWxTeTk|*dhbV3MnN9<vUbAazqnjKs8SIi}W5YRGct1o|jI&B=
z$om<$2T3jNPH}w5Kp=n0ju}Yz&O2|1J1mk+|HmF|iLTn0gXAM*DmRZSODC0GLl{#7
zLJOpZ-d{pd>rtD1Ic|KVmf&gSDUZMbdcwoj^O5p_u7TG8`B`y9-eBBz#w}5)Mbkk+
zU6pGPB0aJI4v~2*XuOTl*djHZD#Lv~vu?KHV6*7QY>WYXT!S{g+U)A1-XF*l>p?q+
zw6BI=`TX-wup!jD>q$aKg&@S&2S}RVO+&OENDByHoqB-1na+5p;dUz_67H;p0UF`W
zAB)uQ#LP3eGv;-q_m;{<<Ml6expudh=e84)`^VKW3Z^#Rmw^RFdAjvKm!mXng{ic@
zgnJr8Qe7yE*`H+TKo8XIwLev-_OPgrr%!9RQeGFLUZ3(5viy>K%gXKz+dTy~;X_Wf
z(&+Vt0fjTCRq4jReg|yMYdsWcQ0UtD1wQI8yh@O~lS|MqPYOuE`F{POfW60e%X;tI
z7iGxFJ8uN%_ggt+qkFb89mUVRQQ$&l)e!FI0U-;J809wtr|0huKLhwci%ymDpfnZG
zk++7YoR0)l7g~tMqH<abtO^3!zNkyVJ;lF9WX!e2AFtm%<R-{&IU1QZU^t-8jNekf
zA;7{*#c1<2os96Ug}5%<6Bo-4I(WWN0z;h3uiP<G<|GM?LC!oH5bdQXhObve%7Bmq
zbvkP7)b|(%?9qfO9gP;C3g}vr*}2pIM#qWwF@Pa$-Za$ycOoQ7i0+YWF+y(d!71@H
zp|X8l^xe%c5?^UVUgIe1#F`4=Tj{2=qrW>VUWS#3wT?H*>rY5iKe++6T}$*v`BcF%
zJU4Mi)z(FuT|joxm>S;9K8PEv#x*6$l)Gojy#Dj{TXiCTUq!69Y;jQEsL4}#(W2%c
zJ~Sax#NDc3Gc|$21hsnqz6a!Sk^R?7h9=Q^AH0m4r~(K_in!}4vLDd7RC=*t$abEQ
z)PF*}9f&Z4;zaTfo<8fr#<6lN{5Ab56PM$L-CDnI=4-ssOh52>0Os^yI`9xb5PX*7
zpqqdIy8=|xO-I#-AN^XnQ2@tsY<eP}(mV$&&Z(>wha#PoXdpfv=}e43-^Gf+D%%KU
z#qO`?6`L49Bd&CI{q>^^7V!0IR`h7aQ^+dN-a*Wg{y?P!_W{Ti2k2~cptj@`=6mH4
zpnwNZ=eN)ftvBLEe(od!I8n|DD~DcEoDk{(WqAJ>U{iDHS61A1(XQJl_P$7GhYn?j
z%wH-*Htj19`<lBUDAl5a>m+eah0o87IW3=Wah$o4(!6!_!v8pR|5aJ+uUb`X8c8`L
zv+5d^2L`!#{S!{1C@GnmLOIsdFs?NDS}lA-cMMl$`2}}J_<;opEY;N;f>wTI+|>*;
zZVT0|g}b@ezV!$B_y@Q}A$d1ryPm|hoCG&5B(;J!i+|0OA%ukz-&@!XXXYq=Q^FQD
z!+hY8p5B`2D&BVu)*F_%|H@hhI}Ny=fnd!^$f|4PcHUo}`PR>!Hv_pN-)*D^f7IH{
zG)H&s_1_wpHKsX-mM*UQx((p*E0tUEaCz}Q2jyu6m!G;V7uDH;rybyF700HGiK-zh
zWt!dqkf9!FcCoqT;HAoS7niln9**BTC@icf&|Rs)?<~Ap0y*+Q`wm-fS-vO9|0psE
zI~yfJo9yq<nSHon4;8uwUZy_Hvop)_JK6k(K1;jz>}loEI;kVp&}EZGt8tYa7`VJx
ze{(!!3Y_E?;yMF=3rUsvmzO++Fn4XrM$rCS0V}Xxa4S6)4g6mx4hwA)KGZB)Cw>WV
zCNP!fvXVRyd4sKe-gC75vf{)ne<?+0$F#-*P{;afMyEXSG&5dn_5Xq;<oqXO#uJJv
zcuPFX%?1{-X<o4(`7u%aZ)B4~(0^5cijU2ZU%Nl6PNm<o-W-lqWVs-<2FzyOjvwv}
z_4}W-%be=hH<HW>XU&xpB+>O5P$7vV-AB|N-$fC=Yg;oyLJ;BubK<vEW3A2d1H&_7
zVEj5UEk#NI%q~>cO_Rt+t>G35alwrm;BV1Ik+L0OLdQGe{Z)|O*};3_kU29xPk|}9
zJ;gfMtBl(&T`Cd9`Dzd$O(B`R?YPZs#r*$}z3Oxel%h}}NsELjz;6RsL+B%grXZe1
z8|+K=IGb1kQs&`zvA*d?>M#*Hoe!3?esdr2uK*YxD8~C-+YA4+yzO0Lhpo-t9Q#ia
zz00`gttM5;XpP@mx*?kLimpJeygx_}DBIu%ym9C(ZWk^|-$r#K+bdYD*F-`uNe_Gk
zM1wTh?YA;en9#&!_G~%w4%@Ajl=HL<?XT==ZPXmBy_k2T4iHrK>K$nY+pOIWu0Xro
zPV6wgtpk*J;j5!%u1on-sz%6_Y*F0&2Eq;5QJ(CUS%UgXO^QkO0J>CtBViki$i)KH
zjQFDnyg&5}Tp>;NcNK0%`fN<&KNz;N<^EG33jj;?K87~mp0YQmPR<z(#7n?<Oo8N5
zRoC)DYAUkLN%2<em2yk{NCRe|vH<T6XfoQwfDn*pl11cybxYtvYn8#+a>&b3=VM~a
z^3jCyQOSej4OtuFcJc@7_r2uJVgAi~Hp;PFY*KK<RMnY5ZOZ0~<U3?nXsTJrCaJE1
zxCIxv3Fzfx_%a0iOat$j*sgq3wS2Ubx2-&(!^dXx$<`r{H#|}jY99kc*$SR;Y9p~p
zoAfrfJ5=0B(y{>-sD^PcMFX5fd%7NWhECri@bGUy5zvwDf8*2MJAcmK+<y%B3Osqx
zl8)fyhd<;u*uoX4mla*^1n7^nV4H47;(@JPt!D*tc|iD`|AbEh`nyW5C`oo$sL_gg
zSP2o{583L;T49gK+hj9?!GR&PA0|D5|8%hK|NL%1_g#0KSnCoc|MHrbOFf1^h=8X(
zW$Ub*3r_;J5y2i=GX7&GHq>k}Re2mR=t->)4o@wp2q!5Oy{YHR?V<tPtPJGB$Q|rX
zCyL62R_>l@NWQ{GVTU|0l@JPfx7(zD4|tmqa5a{@N8nF!F3-`zx4pQ?BcJe}IzI~E
zHU(e2n;QWoqo&R@rKS{hEy%SK+Q&2RQZs}*LP7E+$8i6+LG;9L!G4|6T?3T>pJCz(
zz7jK^=1GVu@wdf$C`u0%U1l%jhwGGog=#O0(QuPZO09R75^n<t(G8$!X%d(6A~_=n
zS^=bJJf43BCj3Ub*<tQr^}8%l>Zz-<A}u$J3c2vrx1nu(JM&=v-6D-PnA!`y{*aTO
z;3F@PpE>)1+nY1ZZ*h9O*=`&}N#RW%0PeMAFGYSaS==T(2&vO!TQeo@Gqjwid7|s5
zzve|gsa62AfVc_VmicZ^H=uxZ9TF>mu*NRzT*dV|%Bvsvrz1%&_4u~?4>OBT-Z|u+
z_NVb3Z5#K0-0nCHd~^QiJMbF8U044uF+B9fch_z=CBuX6H9qo6YMQ&}cBc~b{<wHo
zF6FrX?tybrCga#2JpYl3FxDfNgl1OARaqRhR|dPfz`t7AwE8RI$SM4uUeu%rbGgVa
zcV!xCsAYe4()n4SU1OU$yWDW(BKcsZ5h3&rcFpPV(((Cz<mC3sNTTXUygE-qWFrAx
zqCUQ%alGk{ua7s4XG6=NXj-95pF?ire#O@=92VsW4!tNuy(0;)4e!2{vtl}`V4WM^
zjSDvC-xD4$x=vE1#b3BmMykpCTZ1NY?YP1xn$NzEQ8(va4&<QLf37ARq5-l)UKQbd
zd1%lnq)4T2!sr72m=IRTRNm8zprK5p$qwGS2@ak6$5;yagC%<H+b?`rBrfR{P>#Uq
z9&&0ZZM!aB&MUud-qoew=^chy4k)+p!(7?fD{d&?oc3xk6C<zeaBk9I598j9GL6@C
zR^um0-bCsq+TojjzFGMY`lwpyx#!)X;Mg2VjAJm(h{>FE9Hen3U=MR8mS7%z3H*kj
zGkMvH>)#W4G!9b7wq3vXnf1v^&|!kRwoH3<w&(**V$iXzS^#PYdcS5`l+W2s%8|y9
zgaU-0C%&u5K1Mdo=VC$QkCt(<zirnyaX$3JuM5~4r%|>|)0)D@ji6+{lZkLtUc(Bb
zf<&I!VU@FdO+u)X$j>*FvSR{&n81KxGUvRT1oPlB|ISwWFLZR?n$ltJN?0!c9ZgcQ
zf|_uQ3G6q4-9mf*!^@>fyvg1C+gK3H?<X8H7W8m<#uct)lUdBN5SZm9w&}H|eYGv>
zi1Vs9H?2;4ts5!R`K9X3T~6=O$QLWFYH>GdRHwX0o&gk_x|AOYj@Gpf5$nf=VtAjv
zbz~Z<aD021d%~0KM9+GU#x_T*G@|fa4)bgdiYX+7?dz{NL@4Y-Vloe13(*k-04yzJ
z2YaYxXG}mBPIb!Ng|V1nR|;3pdL6QZM6QHFZX~8%pBu#%_Z69vO&9)b%9}~hVrr`*
z67L1klg}a_jFFO^d+5(eqc*U`8!(nqchI0E?iA7Eon9%@*M0pl<p8*`C5D+7hZ9|z
z65hFasIaM}C>BJ&3TAo*>L_>I$yqZdaZM}wYnYeaC0R6#j(x|!`5A_6Hxf6mL%-~D
zp$#Jj8B*s8Y-3;C!|=13HH1$}5GEBB9TD*ad-T181<DI;$dX>f<bA;}^nMfAob6c0
z)Z%+)y?bI8sxfQ0X|TE1t_$-yfe?`&|9CmXz}cZ?-ueJt`s@aNcQ`SC+7Yj$ifG++
zcuB##Is*$ufx#BM>d$!PY>g$Mr%c(N0B>wxb|@lU31iUFE{$KCt-HxWfzsiiNv~$x
zk+nDxkCiJ-VFpkZw8>^jFPa#D38=j2j*qi^t{BlKZ?gU`O_I@}PhSF=VT4hGW%je3
zdqzPeJsOuP8jPWxrbXixwN-a?I=^jaQCdtYA`8%<HXBo$tSdbzAN}<gK~~2bdU956
z(Z*V_r5&W>&cRtRH+uv%SC<uI;NH11q8;(hDbG-)C^#M~Qh0Hq-WT*J(ZUU^ifFqo
z`awEM2!-fUL?;r0A5zm^`kh9!7?$EJd@8Z~EV!l&=!LZN<yUwaXRVkO<{3<>3N0I<
z3r4w~LT+a{YDs5?IOpfi`%S*TQ3xc45l=6;Bt<&H8S*v`=kiwTZQpcoc!B+xd)OzO
zx(bqYsJ=!ns|0YQU7>YpwpN}YXXBb*MUEiajmw#~hpT4qBhP<k0o`nQbDovOdwg^M
z{DhhSpS$|;4ibfH`GIF)GH^IWraTY0$bFNrhrz{(8YdkeB7izOwKK$-N(+X!q$}v5
ze$Pd99wqf7(x(W2qCVx%*rfeDMh#u-1@e?*q((QQb#HAjUAi-2h$dGwp-7Cp%^S4j
zJ$Xs9TAXP9%7qb`O~`7oQSk~bld_;2h5gEj2Fc_E0nh|pwpwF{ez><j$#*L5E>FQG
zQ>(D4Z*?n+((%JGSG-NAr%dQJD!MUR6G@J-2-RSn?EJjBJ<w0<THk3ij8WhtcINUe
z<cau^L}S6#a;Ys-r(vkwqi|9dU=CO6tg%#&%=B}hb&zfFlU9qN$_);!9wYIVQX<+j
zMDaC-s7nF%{#wsrYk43xW`%wcb90_vg7Z|{Lz~1?_z)d$8;QEi5b#UE>gyvH3`h-n
zmq#w)&VP`(bQVxjb%)VncS#WtLa}K&Xa*X(9#4qS3cJQ!`nVeH9BwJT4#eEZ+Q*oY
zTy6X`5G6rPhz^SdKpBgeJbZklRvRt=jwIKet)Bk>*s68Wh|OI~0$R-bXLxFhCD#@R
zRVzkq_cy=EelRm2(Clm+a(O+rR5p^gm2zcK71P=nD~!2>_j;b^bW4?HhG0R<@<YI1
z0{1eJz(*qXpudK!9t#<k=!l_;Q;8?;1<&Op9bnREaWf_}wQhJ}4kOc^EhVyejBzM6
zl;QR+;=TBKMPY>Z^Smx3ndwIjtu+4EfqZxIdRO8feIAB`^oScpjG95)Zun0ASyAQ2
zXH!f}Rku@$IA*jwfZ^pdB{KvbqVvt4-OI4g#M48Av*>%#&hCl#n2(9vZmvb|--A0u
zFYz;@U28jlQ?JIWuys9eV5h5iG2(hO@KUAtR}#JhtlhBJch@kx<xSQy)N<o22^LIN
z>1sW-6lzV@9&BGO@MlqlqP2=lc#CTuu%6oyzE)oGY|0aIo4Tayb@|?C1MCc~CBlNy
zop}>j+4M@>MM<BKFQP^?94clp)E=%An3<&wpI)1<n`hMyz0TqO)x|(br1}fo81aWz
zsGIYgcfCVVHY=2dbEdgD#AK1OC8b1x35c^g&!Q-uq*Q2k@qcXG1ebSUIpL8sa7Jek
zeZ&!Y4Cwq$d74=7F#BQM5WmZu#m-(iOB2`TMHybq;Hfb#!ZS>B#0;a^gNDph=Igv+
z@#gAkEK*=05aj-89S!Bk4hwAejW0%6ieG^^<BAJ5A7N8YeqDoFv%n4vC|vs{C0oL`
z=C`;Bj7s*3@6UOID$Wm|RjT`*rgJhS5SeKty#N^=JbGN890iQ|5b1KT-C?dmz);)|
z{;UCJZ{Id_mJt3I_Vx#A$jG?WB2)1+`j(%mO#XMqrSgz%zzWr`Vb1W*jG5WeFy#A-
zdAz3mNKGmVYAICD!SoXY<fqY|+j4}t%;A~#r+?;ks!aok!6AI)qszXDWDn7v#q67I
zm}FxRa|iP>(<|pe^l7<RG~{(uryQ86Qd^bk0_x4>Q(g*^mozQirGn#4SD%d$r4A;H
z#{-PY=I*`>oZ7{;AA@C#&ZIx{T3pLRb_lE;h;kMEnkQ|;WeKfPl?VB)pq*8jV$~^5
z!-=N$wk;=fMdA}p%x7cEWm5)zlMNvIRdiAqX5xNxhU>lXf4X?Px>9ZDWm??)aYu)A
z{~qRKWj+<n!+&koYtcMuBZKF#cKC2qC$`YsrOMC7@_-BCc;zHo=dSHp_-mvcyN@|>
zwZfa4ZE~-I2;7*$JL6uGiD+WeYfM_`^s6nMw(0skp>nag!s~wD#b*$$|DIjP`f!YW
zB50xup9OzrF>nh(4{>TCTZ}84U`-mSdxEqr5g&K0<`4E-&tsqOUqNZw`-fdChPdjr
z>Y3WSDfdo%Hl`K29px^Se>SE9v?F_aKjK&xCu+o@!>+NV+CwB)lzr2{wJW=zTsZ}E
zx`DK$9fn{v_qQF6S;`c<8x~-0@1G9=5Mzr`(Zru0klT(s-$~bLJok(3S<{~jKwFch
z7%=nPZ!`RXa1+tzYWVA%tEImqM2^|ngIWS{mkbD7hdsDur>VFc2h=tafHd3L{eIO}
zebJsD&{>ubh|$;D%frHY`YG9BOb?clTsG7SR$o$c!<WtrGUM&j%`pFdU;p!a!~VJb
z`2RIuH-U+qWBogAlP!8Az5H2J{`T3J4HS@mbl{Y2IXBRUW?D3PH%_ePhRL!kWNO>z
ziqW3mosD}go_>Wt_Pt^E+yaJN{5#;xBn@OAyaCTA?&DJI?uD~sEi|TWNM=3aAhpOR
zX*Rdf*QDN^2CI>oEQdCgURl{P%=deOQQ)NetMzl=6L_%;@!jNyoEO^2DGGNBd&p*C
z=6>@n+MXcYJjwx~1UzWL``=C-&V;Ca-?Xi(b69m!1BG-6+VQv#e#nQTGhtB+?C^D>
z$$4YaLQEJ$ZAi%zf{N$GUGJ!|Sdqhv<Mn%rE~*Y=j#53VPrz?hkz5O_i67cb!uw>y
zGql|&b7WcB@nPwXJ(hg$+wq*tc;^9S_hx5zNgA`$qBoN0k++hEG3mQb_5t^x<P4z7
zwO@F<rIAVJp>0<5Q5VppB9W^dMmbY7Xnmq7uPyhL0Kn6p-xJt96?G`Q@8?*LtV;9<
zz!|PhzVZ+m_mAxf((p5NVSn;^SM(ey!Ca}(2^{b0iK>Z`i>*#m2GAJTQX2Kg9Cq)u
z(12I#)h}cH0OHX6zt6zy{%BXsP};uvtt0FTZ*oh`pLN;$uc4F$h&sbbC23VUPVF%h
z-@ewd>6YznwCBa?h#Y?2%h=QTw3M^!IWJ><fOcS~Ki9qN5Mzi30Ms2ykjeP7Qa$b2
zWyB%jlA-I?0Q@O@C?sR1VGo=Tvb`JsB^uz<D0%Oy^ik@CRs0F(<LR~p%LT3N3wO0&
z*p@sW>_vHIN<f3zncZ2qNP=}~prgsy3e$F#>zQSbF59zsEDL#Kgwo3Jx;A-Ogakm^
zj_|CTr+^%Cb((W1pO!a+0x8)Ld>TVQcb2p(Ba<yh{%ZQ|yPA68*%&T#Q>wev%lT2f
zTbd8SV)i{x&vg%+wgx=-_id3VJy9B{VgkE)8Xlsi!|D?26Wxvno&`?oqZQ_fI(Z7R
zW9paIPPE^th~5Wn*ie;jcTvvS)2N+M2+gUedF9NTarY`xo<xbA-<t+6kN#BCrL^ti
zVYFh=8p9kj{5(@XcwEn#J16au`g~`e`Q8qUz-%4XB$!?1YBE+cys6B=Z_;ZdJu_fj
z+wa#JPM&EXNE0LCQx7ydg4>}xb1*u(wC$IdG#m8B8^+C7^_5+rG*!@qUS%X3TVp2v
z$B$wozBZo`UaTRn*P(eUSL*9qnfA9bQ+;Rd>Zu!0i(e)j?TBC8BQ+(GD^o+hlkd@y
zPdf^529MDn8ShKSUP@fl(Ixgncx9H~q`lC&V?RNKnZG7Km7qk7K%ILY+X(qh(MZ*6
zgC4HRGQ)&VyObXQld6)<X2OCrTWmUQfVd9{_6KOR*wzH-uUGgarkoGwrAOnHvckX3
zXo*i(0^G9(yPo(?MiEM&Ku78$O)HX=+g!`dXT9nT(O@R{Vb#9n*pZ0iAFg7acQibq
zJvV6nCUd4$2%Z0&{;X$edq;5}0E#`KJRlYkEqfMGD&3f*j4sK)d{?gm0Qmqhh&0D*
ze4%=u2t1NS=Z;PpP5Xy!XW+4k0DwQ&%oq{muUnvX^Z&47YBPXLn!Bt9JRU#ZFuF24
zPigc>)O6MJX<omR(1Ryalsd;E23@oNgW=2Hq0{gK!ll^FE)^vc;tCRksZiz~Hx1^I
zH1lYv$<u+80AueUTi`WjZPyQ@necbr*a>Y$tJP}ma$#H#{4)bR-!w`rpmdbk-0@%F
zSi4L^n4G@Y$k53#;Oam+`SBUcxDJ%;{G^jZ0{PFfj=`lZB;bEBJ$TQNY3D~Yi`X^k
zAkBNJuh7kc-iDI-Ol}>*k+DJlaBT^w<tJS{fSg;JE<RaxDEQFfSA8qG6zWA1l00FY
zx2*J956RGPl5Z(AiX?Q)?51`v4i1ScNu-NvI$ex}QkQ8mljE*lwi>-byJ(wt=2E?X
z0$r6vdHu>zH!=${sUK`U^$62L?Ts~*K59C>x1j?91o7oA=|_~ze>Gi0)<=B(p@U^Z
za>l=cl7asFXRM@gka)GegTAy?*FEm=7<>QvF7znCDzE3Q8JDA6g$V<`Bq2>kjN56~
z23_3h-1bJ}*Ut1q&`zb!3((5M%o~aMxE%xO*C)6PWP}^Wq&$2C`^Ky-D^gIwezQf~
zmYQ&FxXq&&&x>ca-CyeY_{c`Gd)QUCpsm_wJ!JS+<etC}dJ?_iTiGt5iR^gQHhrg6
zYYO-_=F?j6<a9;_gcEiV8pdhnK!*hwXY#jd*|`b^j2J12UFARWe?zsp<7VHe9ue<y
z`9sAG#8}m^Q4C$g?i{LTU1qM-GT$e*qh}Ap3_01HD*SKy8!CuJy|n%$GzoXxTsnnW
zFZmrdf04t<W%*x{l-syFPF{rWh(r>suS0*VTN`?ZJ;VQ%@QIP`kx>7hj9Tw2b(!MS
zE(~{i{i2a<zx5JXhfLrlD3|gTmRf389Q=RMQ62(D6K~2}c4{7^ToRV#(}MPeD!#Vj
z=L+2o#bqGxkh3}MK5*O0M{LvAfy&Y7bu^S=!M+4P`K5j>b+s`#@C{PgAOO<*(`oeu
z`{y6*z8nN?`eStBtC@xgr+#+)yYh0~1dZmO_4MmfGrV8y5R%A>$dg5t4~G9FyNo<z
zY<6FFTs6p*5Xy$mPK%2U6jj*#>DYEL@lvE4!Tx&UevYurwmJS8^)Io*>Vv>vgKu1>
z=x?xw?5u!Vfi|!h`CN$*7FY=Nry^dhM1Tax@%FGTX_Ihw#MA?L-LlhUgul$Lut2<r
z|Fd)Vt=hoOy8C$V4~*c*#59z@x+6S0t~b#B)RYtAw)g=G`*a?;fI2@Pw&No&Cg3M|
z*Rx^RH!neU%Dift4Yp2NnCrKCkMO`?(Kv3@d+x(LgR<}rGa7M<5sG&l5LiiBYqH-D
zr9WF9>F341;lOEPa}zjf$JMSx#+lB3$BIZ_Lgg0IkC^_>!6oviwSO{Y_ZOH5_=lRx
zfCQ(`5)W|~<NC1k9j|Ma3k&(yxsu5)$>R&6x|E=Aj0dC}coy^_otwxy8|)??eJe@8
zq<MkH6^Vg!0cV!2&ABGTJnoU4lKovqc-F-+yFs5bAFOUo;-)b07ma@Zo7`%j&ylxG
zV4UmbY+<|0zG&>_tUHd$o?@Ht#!!taQn8@D!UCo-f%2W!aR<GpvE$K==0|^f`;sza
zU}IMaJEp9;ngdtzKWa}W65Pmdsec9nWcapE-^bjQ>yre-dH8XCDu_HTY)6#AJmYXi
zr=yZRrV;}n-Sq}iJqhB{I+6MKe~EIj=|q7F$Q~SWKFgkF;P4z`l_Pr@M~KiKq<M*2
zD_3Yqly9_O!qYjD3^3De&zQr7UtwM7FNSkI9RN#Mx|hSg$L5hAkkH8<rO@fME{WJR
zXytLRq}H+GXGsy(myz*v@CnB!P=j=KvGVsj@fopGQ-?(_kSrWTe{|-OS)MD!kW`0a
zkX<R%lxll=ktOlMWqa5AOZu2XLpuB!wlslKxw0-t1N6J|<rYAqunUgNvaIO;;{8`q
zg2G_GF?eYCV2((gQ<WI@yx~lrvnY@9=K8O!wW0%fVJ1+bVm!=de&OngV8j)@j!(2V
z-VmMH5)EX8`fKvFg2d+w$1pPU0GgyFE*AYUn)*4qIvwCcn{L@;#ErD>S)BM-GS5CM
z^TdS`M(Dx<$ys}XcLJ1(!f7s8j<#bjB^pLbGyx9q_+rpdC)f%-@vhQ1YSa)A2uYZb
z?!hy2@J4cX!bzB}JB}z!rMw}%W8Ep%CL8rq1l-z7p^9wG?{{y+^KsqP;ONiv{Z0ES
zPsNJ3t4<Lwp2Ju5tm$EWeAw9Ox-)%s(9Uk&qnoV!$>w`Lix4b{t2L>uXJS>+5tcRF
zx|<ij_8^xtnrVrXh`8@bCYJ&~F;bX)Z@jCvZPA$#ckmy_TT9q{I3TTaA2j9CDF^tX
zH2$o-)l}@rde9uxoa`a}ZT&gUgW}!1zx<oJ4pf>`;J6*E{KyYY&>2ZQ$eSy>0l}-W
zr3Uqyi|ILR?^h8)uPP;@wK5dp4C8nt7HcRl0J53n5%1aq{8o(<VgWkIwG_U{StakC
z8g9BI1kt1F_Hj(7?p)OFFJ`mfommbrmwxbq!B(<)PLrvt6k91~zVGz3=ten7Pw?Km
zij{u%0Q`H_gQ6|YZK}}S4ATm5D8sKOdgm65GnK1n&?WhawjiS<`C>wxm7QRl=h<GT
zX)xB#qiy>jcGqxze9xDCTiqt>ozHgmm!73&odq&Le!xK8Khrve7u|9gT%7CY%IAUW
z(@>Yjw#>gdPGA&MeV7{6zFKKH#T%_kT#g-Hepr?K#^53K<!`@pB2E%B1EIx=P9*Q?
z%$lvs@o1>YUFF*Ly228`|5)&X@};-d+UKJ~{QWiZ9j+rOUz**#e`@q<=6!7ZL`O?4
z(94nrchOcFTjO0N&-c0vJH!_^d(6FmHSbrbJ=jM4MCZ!fvL3J?=Cj@N356la%L}k&
z(V9H8<KMUVvx0m)$zk@-&+xW*7fv0pjS%oB^G=)Md5tocX{vW&&5PgoF77=>@ZgIa
zHulKKhfEDiK&`Z-Hj$bSFiHHWhi_rMS<-G|Rkm(ErsfSZ!Jaqrss3`tjU1bkj@s^V
z&z@(8Ztm~G-E%D35a50o&qqIGCg>4K+{_zA&@QVm00<W6P`ew^JF5B@u(z8|YoK~c
zU37oH`;3`CQ(;x~VICr&MDWq((Do<Z@Ail4<WZ!vfh=-pfX>eL+9ujB5v>2PRiP@1
z^zOPUox8ctxb{_MU-Nf-mgR`-;HAV3_-ec~+a*e(U;)VMSL1g##!0Jws!pr6-+9{d
z8yWSDtdh4ns}%-1JLUoX-FSXV5(Z|H0B=OT0FzQS)K=RkI}ikDgxj5_BhcUn6&Yca
z4lQQFEdzoZU>Brm*;W{ehkrMm5J&%A*W8CQwIZIcApa+{E-3^!bgG<2n^tu1W|}@D
zKpr3soCQ%bQ|dc|PVz>`V?7!Gf!V?nH72o_KK2#)^_HBa3Cutd`8+%I16@#dbg+wV
zSKRljalh#u@8RvlZi^}8)=Su!G?U^0?C9L!O^ZrYQ+S2%JnoiDL}y!!^P|MA&tzd%
zeDBP7-Jm(D(VU?!UtqzHwWKm-+iO{IQFslMLdgsGaeQsAI6*m~ODbDNuSP@eK&z%2
zs9jM<9ZymYEQk=7n&?y#ny9Mwz-k?lQ25su$;l57De)tGCZjNHPj`9&r8Gxy|7NFU
z>B#FP{%qL`ssjn>$nY#QTR}7gf#9WJ7{E=~Rz(-x03vh=9Yo4mb0zv!y(lazdv5)e
z{Dby$Fxut@R-(QW?fn6n>oSe+Kr<y=0z7cyLXHTQELMp@FDYD-;@~W^Zi7F_dg`!j
zw)9;N2L<gEICw*pF~v1uYvj@E`mMl><<fIlx>|W{2dAt5A>!2qX63+>Ms7^jJ6y-k
zTJDnSCylEZf)}*a_gbidGxBL;<qrNQ6+`g^2;MoXqo3z}uE;I(>csD?7$=%YOlDmF
za0j-6+T^MyV|C%){HeQr_CAHwM4!gp0VJOLxDg_cvC_X)xrV1nM-%>&B-TrpamXC!
z6d!_$A-xg=?^q2R=HKigcl@Y6I+CRwF-i1-9`^e1r!Eb!1^~%p{jhMQx`*=0oXIMr
zXc4)61mnJso-mazk|F4i9C3+0x#xj@1#?5oN}!NT_5r5%yVMf^iLnG!d>w(}D%1#X
zy6#{K9_KxhMA;MQjL<j`kH+LQU!aMth#pa-I@*<^`ef6JG~P^n9!BE7ihZ;8vo-_q
zF_ORrquM@ELtriWRas@Xm3zW~6a)t5dmBtW(mc@CJ3P^fR~UKA&q4RrhtqrXcD%5;
zqd%cibkPH`gZZ!3d_kOHMw{<+*3R1WW!Q+0Q&D9H=AYZ#NetO5@Vq|$@{_~yZ6dBQ
zEgJ;60sSP)lkOM$t(MKhe<I)F|H6M-&0AO)Xuk9<_$?O1Hk{n$E`EH|?prf@<ELW(
zx90QTD$Je*(T|J6vtoiWSMOxSe7PNSJ$uz<=R&;cuR0)?zR6kzVAT+PPlXiY9A4UC
zzahN0G8Y`k2gtEd;8^Pxd^lL(&`jm&MHIF7MCBx^M<p_*Y-M*T;oqA%-?>{^m!;VS
zgb27&j`*B*l<kxl)tdl*Km2oswn+&-9Bxm;!G*_R-8ieC+XpAq7cc${Bq2WDqL6m#
z2^zZA?1g4F!cAoQZ!$GBaRS(9;S(ul;O4v=dc>jK5|B_#q~BL6|I7<1<P?+nZVDxO
zz^F$S#PyPns-d<&$Zy*>jn)-Zl|#KfPdJyS6?{i|e85#6cU~ih7_>aSFEd`~p=P9O
z5%$h{Ir*Pv)|!)0z*a_FvmvQD{(ntv?u{2n6zz!4FLGd8{J|WSmrmH~=bot9d)mm$
z;DZAI{i}Y}lcx-VZ%23PK+pFT+}r{951|34BKppsD6CEmGQpnz-T+v<V>KQ@9oup-
zKh@s`nvU+dEVydmJoFK)Ui5cmdoOph8<4#o=KKANXh&TOQB80lSaSMLz@tw%I~A>e
z#AST9CEL)IVYH&Uy;*D~;F;y#pbm*Z5kh7E!Ce5UbufhsL@P%7w#K5pfm5e{j3Zch
zS^|tc^X%e*)hbdu{r%vCj#?CwbP@F6A_S1-0rjENhG=nV-FD9}7qcGJ(O1-g)13rh
z4Z}Xpw9JZ$nx~mh?cK}$<zQ~XH7+VRJVRR19b#MU#}RZ2aYf5i*0}AuT}8o(wqQYS
z;3Tjd0P6!lje|PxRg;YO!Lo#)4CFD#=Hox9t9nST9{fe1-H7nwobY3p%o+_?LT{{p
z!@A<!yx-EDeR>(d7gqElx_0QkKr3e>o{gOc!Q+~uMm!lknUQ{!16*X6BwdF8D7kg$
zBe?T`y`33U`!t$|^bHSHDzm?7d3E^HUQWVd6&1uBE?xi4sg*uzb1Hg1C?GRs&whsy
zF7A6X&#+|9Zt||K+@N<)Bs%)u7T@46T<YBuE(iX4$L=d4N{{5NMwk0V{2V(mKk=w<
zjL1*94^YnFGordI-Dgx|$dqhM01!O>%-LX?X#C-nMu_%1MBCO2L35V8T&DpZNCR~|
z2j!O2&Xw$+c8oIgOq<5V>{;|Ca{rp<TGtF3np}bb2^!i`FXU{eXILZz+4v49pC@s*
zk+?4cu@jEL`O!)u|H0#tywB`yu%AV-BLo#ex`!R!C6~)PCvJY9E&tK6mO6hqcuO7m
z^6+-`qRU9-@YOV~wVw>fQWw*zagnpuH1X|#RiqM$yW%k@$oszzKpp!)zLdj_%G^J1
z!8~OEXRdqDyicxVyu!O(p%!|GqXT~d=;cePiy=oo;%9T7UYTJ(X7?|DnN^O2Kol6b
z<CUsk779v!F#N#XtRZr=MI{p#)xAuf7#X3xq90bWU6~pjtSkG?0PaW^1eriQbY1j@
zeF6J9ej^g43AUU^?7#LM6uhgZz#WS;9<jn4Bo`CLV(0OivFTAG?)Qn&t+x=m`*QfL
z9Vp2Ns?owPFu&7+-zd5$ZhqL&R90S>l3X^{^So-`$Wwf+ELS?xXjxS7@U~WUMQjwi
z`&$1oJB`Qe8+%8#(-p%PRm!?}$H&#h-CP*GbbW*M<EN{#7Ro9B8Y!dPC)=i9nUdxC
zcKYsczC6nP&S!cUcsJwsFfGhPv>G?>EA$kPgw?=b{alyZ9%84WGGI=~jnG_6n+$o(
zyix2MBHMMA0X=*i?+x#g8m=N>ZsLZV!D<<RlQotUoQG&pjghZ7MfcZ>w2>2-9ao=$
zmh*I(|C;{#R!!bLeKhJx;8y#NXicAr3=j`zdj+0xI+vf7HT=<~JR~jp*wJ!>3tb|k
zMOzrtw%Ppy@xdzgdNEK=a;PdR$k)5Kzg3eysx>7P16!YE(bm9IPVEb3KgC;!f(IQ>
z3i!{za-nV9Qk#_%gn%ypHu*09*1h0RLj%AX4$c&q6NSMR^i|!_eNCL~3Tr9~-iN}1
z#KnbX1TDfvHQynvg-Hz3J5cFeK5g^j<e8e+l1CK4c}W&>tgC5FD0m^IPxmM1^K$^1
z2TXPaW_T|@T))n<<2!XKE@)qFdfZz07B`ByU5BC4)=)mMEAj=%=Z&1{HHGZ&5$m4^
zX|dHAKz#rpaUr$r?HArqxF2I+%3xl@m3SRi`?0RELDE-ipKHLo<p7HXIw&IZ(rnlN
zY8VBvEhi`Q<K8~$MX&#1m2BZzu#)e)7`yB=8h8J?YfnT;S$S+}khS;QO1C<Rm$(~e
zGw5{`8djw0XElZHrdLB;9ZNlm_1$de?%4=bZHeIp>nGjytzS7i<2#=F_BoHmz9W@A
z0$jAJTW&)gzEGNNMOpz8-LSkJ?e`PEFRF2GSO0~{*Uw<lJ`kGtab;CEq~j&<T?FlO
z|0{1|+!iy6#GT0U7hrctlXNlZufo2;troYERH4X_8O9l0&j*C|BK`{>tWqa?b3k^b
zY>VhdOoH(5yj=slv0s)*O0%qD>ho|H^1=#rmNV7AAcM8v>svPv7VuvWQ1$0>_Yd)#
zudj!HjVM4yt*^#T;KHqGys7=eoK5sdNjZOkg}_@1^#zgZ{$248nb!-)w_;aNp0kXR
z{o>fw2ynj4MRVcGoZb03q!ynXUk(iX?}rOMty-sTjeoUro3idBPw86&T<V+bk-=)}
zpv>WhBbgbu@Q@WTsR@`tQGt|Pzt8J`T5v3A0Yf{dA{!Yy2R|I{?MZaf;T1E*E>q2L
z-RYw60IisG7hQ4NME^qEjWxC5sEOk<2`{dHFEQ3-wQZZ`?!ILMOtihG>BfzsE<XF;
z<jDDNj#hvs05|~E{PXNVlWn@rR$b9v6R)oe0yi9k+isZoi@;)eem?ZKf2~Ee)q=|V
z=zkyCj{ttM@$GL0k2}>a?})O$sUfI-j_DV^D25^rIfg?&7HLNi$=GxkvS(D6K&vC@
zQ5=!`fp@-3pwcDzJ8=B01>-O;a5J;V>{VDWgagzgkt?9y2|aMvz|~ncD~{RQzmWKL
zV`7T-pi9dt$r^@itts4J<rlrKRQjSB2d26#r`Yu)bP&_0;|pgA_jWt4t}tvW(VS)H
zi2uZ9EQt933$9zeD_GC`6K}Oh`X#-z<nu3eU*(17<OBF?Rlz@x!<CAP1L+`dXnQk+
zl_T*A)b=$syj=A+F<V^qfw2v}doireh0$v_z~WG3S;KZ`>2J>>bz+y)62``SC%rS-
z(DvTCXC1M}6OrW}@7EUX1}ae*vH4?M*za3x=9Jxh+=5=-cjw)rDamWje4=k@<40%c
zy4CC|Iqn_Cm$M%|Hefec3B1Adm|o}e`_#n6yL5<r9>2jq)?mu%tTVX>Up{a4nFSIC
z?jD@D;bJw|zZ~|fTHq;mayna4mON_@)uH<@$94FS4Pf3+LR9I^eO7~9!)fw`#fXGh
zj0`*3WltdYSvQBh!H<2N48x?Wmg4P;ruMIEq9=gQ!tc|)?Y$~L7GPHi&zQngaeZ~N
z*R_dF_S9q%K6P2J-f@M9epYUF88lcJIi`Ps`iS)+;zB1wUEn%md7!Au3pN@-35uuT
zEYNNaCgBwwkc|SVGUph_z3!4~pon8|xSC1KS$nuqA<~SZ9m-j2-Z=b#qCMHm)!ir#
zxkw|j&AGlnl}9-H>H?)%n+o8N$rR*O+P2)a>m=@}$+P*b`=+ZhjVp#drbI4(Q~*NO
zgw|m%;pzwKyd^tm5~v>_G2d0buk8L3L4o0tT%mr;5I|fPv-9z`NyU}E18yKewgW%~
z-Qxk~mX#f<tzq-NyIv(5@N5xnL$TG?saJYJ<ei7w?LZR>VHkc;mo(?bEnB0x2@Jlx
z=E1d$wEF;j+-BW;FHUBVE4D>%E7YkwJLwh3X3r<G+#9nDCd!Y?C~ggg6U(%<*b$L{
zpsa>c0KhMF=X%o({1jA-5Sf!1g_Wy8_Sw|_WrqQemG<B4dEA)Dw83y!7pCYDTg>*S
zCqj4{;fZkGM}g&_{cMUJ<9#L5NEnz%ehYD}hYmQ>El#703mMOch4EroWcvQT=-ibZ
zednuhxxIj5Qkv!G5}uahGyAWhSnOPuBM})&!a>(xu$dW{Te|Kt9U$jtVVJi*&_lMg
z>skB~D(PtyL&h1lm`}jV097+$FMyHX0^*q<U3c*v4ol?uDMIAM=0%O*b7CHv-i~oB
zop#!P<H<bgcSzGIPt;;dMOa7aSf4x)k(k7pH?p_Q;ryuA-gCIU5%+Ig;u6HaUp`NS
zU#KDLc#U{w(W`rhKjy|YUsz<s0i(Tm1ZrPd!wT9s{4>Y+We)2rN+Pr$qDwOv*Wd!@
zIS<&Eh#F2p=)B$OUNpfMs4EP=VHjaC$g^Nw2~}3ctln9zr*owsUMK7@^>fkSR0Itr
zu^qg(vOR#p{Zcz!Z~0AKdC1|JA$L4%#=9J)<6SMbi@ngiSg|bgu~^?ZeFD44SuWrS
zs@6$?U|?d*!-cAvy7i%r{&`;jK{jw=m5Oo^qz3xIUqZ>+EPyQ8rrDOuG#8d#yBJ7K
zzm7GHD16Ir(pMP#StH44)M~?NL$q%de$SN<Gy88s$>_v1Gv(FB(vNl3sV*k##WaaM
zbt=4j|466iE$WG%mE(X_xF=|{z?SatvmFa<K^2uep8oLK9hTpA@Ul&Y81Z^9^WKfM
z6HOZ#o4+kHzVn2Op;*<u84b{xej~8qkaUK^cua}-e>}Z=Jk$UCKVGR+%0h)4mXM@K
zlJoZJAR#1`%3*n_B*&3ccF38Ca;~sfCn~Zer?5FJE2ovpoHDjp8nzj>+3EY}{rTN~
ze{{R`$86X0Iv?)W^{m0OboB`?-q6f3es{NoLh|v;ZOj6d_yyX(OfPpZG40Z3Y;6eF
zNE&*ENOO{<ruY0S8Xl{tSyai&!JQe50f^VtF>lka1xp?JdC-C-738CAkv>^I_Tz^r
zRvJDhtaxGKRW6q7FO8&U8RfAX2H?L%7p@T>3-nXd6^yvf$g%@}8%F7MQ05ANcD~KD
zn`Nv@l4YRoja7IQcl|ZsYqqv$r>S9etVxv>)BoP5?N9|K)SQ3Xdd2+dB0i%MRcWUv
zc0wgJ?x;@Z8S))eViHv70Z!6A^8<^#oI`lo%R{uS6;|Yw0bdPTG{3G)tVgvdWWD$F
zX@cK3PS*hzr!piktfu15mbqnoJMFhJn$L904k~=*xeou5diE9K!L2U4F<Cu}5o7QD
zxdd9d2Qk<x>RzF?@U8wgBo0s$DaHHzR)drNKLuzQWpMsc&w<f%e+NLVQWXZxN8#0r
z7Bl~IN#Uv$vhjW@x5cfbTzuYYTo^4P{1hj!7(ubgWGAVCHjk*+Z~0NZx;Ku%SOI8g
zP1W5$_k?b2_=^7(){RVYcCQZ6$8DZJ2q}D<wcQLZmG4f1EiyJGRe{qYA1(KQ9J%+(
zg-b;5jA+p*8>6}DMp<U`gSma!a-U5@e%_l4xPJ6yLZ`NamOkO6x10z32E52}K8Cc#
z^n~|0(1_Bt)vta=LMT^QeSA1b(4>x4k5JrU(?9+@L=43mApchXrZ?%0VQaBxg|rI&
zP<gkDVbS@Liz*GW(&Z1kU-r`M=qvvN&ZvEZ_t~z1)+QYJ$fE>ZF@OO_vrXG=aUYfV
zKTKW2Uyp_9{(AQ6qeGuCC7X4R(X}58;v-SSt3-Lnebmuxvfv03J!bWm|3;J6jIv;8
z0#MqjlW!?#!7MqStphwV810hwYfBp?n)Hj<hmGudoR>+>r^uQ1+5%?$!1@2>c^<uX
zqy5wxZ3EYDrognaAJ6urV1BO%%xuXIa%C?70+bfna7|6OnDm|RjT;BuSnub~{wIq+
zw&W5G9k!`F^}eK!+c$s67{b{a1iubXyM-)b4*pHeb80etG^GaD#F^2KP46@Pu@}C3
z)j#%^eB%0hOaHS|)D&rvN-;UD?3Q!$cr?8q$@+qU%*H~mbtjm0*PQA0r`LBcM@D<c
z5tdXc)Z4CHQb$bN-ep!Xx-R}Ayu*(n&H_R}Lf^UDc$hhKuFNwgqw+DzD2sP@L00k4
z*v4o~Z&`&F%bh;mcyOv?dngt!(Tw}ADh5RgTz^o|>LfziCaDZEA~mG})5lxdxY!Hx
z<X?Fo*UV3py;3z!{_&`l68Aao!bP!3FB#xFOD3l&xsVH7H8;*?leYrRKlfBE+n2G=
zuqlz=U~;x|vEpE|Xz1fc<8VgP^Z0qmw{gsfxkQCZ4Y<R6it&1?eObu7C#q=ibN7uT
ze3So;^5qrH#q1mDG{w>U;%)jVO9S{fL|;vw2Gv15M~(W1xmOnNxo4g@L`^$Q1wEB~
z@%-UdLkGFX#=Le-)y8eSq-TUIIhO;{RYAubut@I_ce?0b%zj>}zgEC?T(Z>d-%VzX
znPgjwdSp9Vze8dUQ0rHY&T3e2w%IJPdf)<Ik$B6LFzU})1X-HkEQx$7&0Yk3U%#DZ
zPwg~??(+xS=j+c(Ux3s?RSb(q=#<Zz1jlDVBT<=>$zJR=0%?=B#Pfx858?r=lJppW
zY{@NkmA!~cXahf`9@90h8c`K?k$kSk!O9q!Z3Iq(KR2RlYp07>oNh;sGh|orX64=D
zZ?c?a>!GaLr-#O)u>%;$zsr8r`GOU<5q3)NhYwXGx8C^e-V@4_MUPcUY8O^aNFQuc
z&FO!a6P#97&lqF6wGHC`VzVW=x4e4ct2ayEm(FiBk_{VIh}T^zN&#v4X?k|}oxJ!!
z8O|R@CMgsn5T9;qcn%3c)}c`04L5m;;BK|RJc#(0Q&b#q`90ah!&sAXDUCbiPT)V+
zPGR~Y2(^eSVsWC+xXl5YOOOApECYHXrB<tP(YbFi#~J?c_WXuA%%LUMGi+~G>Kw<Y
z9y6K!R&Ta3R%icvJpZ3qVP(C7pO9MJU|1sKvzDTQ`z*_7U%uc+voStRh(|0n6J)t9
z{vo4>Il?fMteFx@<5=W?ojGbnQDgq7^R9E;^BwO>RDYq$OH7tq9>2(G&Zlr&m62Ax
zjDB9e$dt^-1vGeF2qf-9{$vhQc~8!knbA=cCgy}Ul@#eiHoZ5jIzkPbE((qI38Z?;
zK6*2YC#<_ABc(nj_v8h))qcK}Bw7T+$$UgZFvY4okRr|mT@OaQwmzJp?~1h-O0yU`
z{hn<eUx}+%EYhDW_pJz_%|zx?w2S1f$%R40Q@hjNOQ~~{u~Nb{(XB5IHYxebxy15Z
zgoiqO+SVhhTl7OR21QSytg1427N3|WKI2`+W>dLfP!i^aeaQZe>4#^hT~uYV0AQ<I
zc#UvY=p1RAbje-OL26RZG&jR9`cywlj<EY!+~7=UV9sUYYMC>~Z95pMBfRBylb^w*
zFW;!fTvXkG{EN){jUVPUj(#}f1wE3_vWx3n9%}WAw<I_;UK1VWZ1S92n$y9`J7K!^
z4d!$G`s1%lOEIT1rPd#J)E7vbiK0rK5psSQ%d>zjJb^y#y;!(}?1eW}A=F~Rp*_Y+
zMZ!~BygD_9a%hbAAG>pZye6#!?PvtouI}6Mr@WtiZuw{}-E81(VagS2@C0Iw_L5jd
z*ml-QvglT~1sLbx@QV#EDRMr9{Y=BdRHhLxriB6!+x@kp-UyRRa5BZe#fozDTPUvO
z2Cgu7{JBl=$V~JJ>o@41T>!7~Sg?z$vpI7Srr%oFUqWL>NEMf6|D||)TDBR^hnLRn
zqfk8mFVgyPeB<F&Z+@xnF$PlwTIH-kxGfsrN{oIr%Y4|l`Fe`geo)ns`SW!YGmrk5
zQ)6FSqsP26;5yZjc&&;#x9l4Zw2e$Zgn@K-JeIS~BP+8NLBRMTM<G?xyJ&=&DB7#a
zNZh^h@3FWF%g&}l+E>xAk*QLo^yAD5>Y8+cX+B;Oz_7Qd1XTBcXUdV;M~kxTMF6_s
zKd{dCYK7Tc^V|R-l;I&=PPf^?Ro5RUnI})9)QfoQnyRZ^XQNg=RgF4Q1=pGpeQ1aI
zpdis`gyzYD<xL*hU}A%O+8gs!47nwYw#=zXZ*~&8T8_gmVSVE;<R!Z4cu7S}MD0os
zjv5<T##3pQtWoQDd)7B^p8jj))@AH>@2<*c@N|v4g1aE0>j%HOy@>aaf5+!zWD!4e
z4_Jy|(K1Uj!M*m|CFs0$q0;pX`G&7)t2Z;aJ;VICrUg4Aq>%QO@xk);I+nhsM2Tut
z9qxa^>I+!Y$jV<@EzCwP{B7?OV?S=`VRFUU{HFIT#rf7`q)55B>@oga8T6E=Y>SQY
z9hJQK^J6Amy+Ic{4qX7)so?B_<=ryp5?CA4Oo;adB`uyAgK|68eB>?vY;{l3$kG_5
z;1Kk|yrzj`L)+*3(iN>P^^>L<hFQb{8K!ao`YR^mo5%{AN4ptYE4WAFMq|j5q-c$Y
z%d!I_Dh&u{DgOLOXKxzuGf#)9{)8R#O5V5SUX-0NGG!Ed(t7h10VQ9uZ(+%QVl@o+
z8NS?Xk;%V}A@f7tS3(rVRF@H<RI{aKr#Q!=uJ7zfV!L&;>7wF1KuzzTzoL}G{iW5t
z<U$}1#onO=EU?AWK6+~ztp-!>Q%ek_cwN^%w4^B}L|}LOtV_dRZ<+YBWl;t_*gxJE
zbq}n50mR}RCi}u*KnZg*<)e_z2BWD8JmFFcm1nb@7f5}iE*qmR;NP>FV(SiJ9H|x(
zURqUAxX7i-fBboioB0eU_y(<L&o46(XlkBnILyf6ZL7&VJ|*7s^JEcMZ+gmSpdf$I
z>v`tmMUwDh+7{U-Ujyr9+NmPaaZ|RyQT6OVg`;Q3r^lZml<{NO7W-j@&d=4+z9EPJ
z!-da;OTu{ffu(~V(Wdv*$IJ<-QPV-8g}Bq~SeV|tW=@6;h`)bp?`r^iX7qn$_|qV2
z?Q@db-{I1mq9J6OlXw7ZGAR&9*_DRe(Z8Ehv-;6vHOkNhP@NB$)QDaISgc)_XL{wM
zg$boW?plwqcT7{VQ~}vnG{XAg+@f}d;5mBTHw5ot)<|#C<rw7i=2#&Ur;#aAcmSb8
zqR#6%J&gSicHFizvuH2hUq2K?Q2Y4LE7<p}$4@nfi^lh3$(RphU=tnAVHXfW-cI0m
zWM`YvYo4N=oJ7U9UKEYYoE8;&kHpXqNvC3qh}&m6Ne&114TSBRsk?PK?lkOjTyJ9t
z@jIcPd65abowX&H(5206qK>d;&9dHNTw9LD!RWRFTMJ*2H+ETuZEF5r8PM{skC3y_
z>ZXo07B&}H=+nUlS&z{*Y#wSyBdOpaJHCn^4yz|;Ffb>_277MAlzFXmtacs$7-woW
z)ud2V#cF7R4Pcwb6T_kM??p{qx!wxsnJ$Z|96!xGyD8~w(u)E?$qgKKcBS6X4c`Dm
zJS6(VK*yusZ1!grCY!lBhdXV{DEkRJ{uO{;z*FXxo#Ml6N(Tw+au_tOWFyjGH|90z
zaihnRXz8mSVV~s|zbW(O7R~ErF8f3pegpOg?*gdfPIB)vk15OpUE|ME>TDu+Ijvrw
zNAq?wuMKO9s!JPXKhZ9ZW8aQR)*l1y2Hlg)-uTFCwr8Y1W1Ry%`Fx1eSb{QQ`y4OF
zhvwWJx%6&H*ewPqKA;}F{fOw=6|3=p*ena?FsA7z%<C!o-@lX+ibjDvx_~@bkk)%x
zvdDoRv71l@Xl*%TgB_j{UoW{{(`H?r9)Gd@km!WDZO4aq*uy$B=aNTpa`^BRyBhqI
zKypNq@FsGg)JTRMCSAjf`ZDYCC0&}xxcw7~J8Bk3m*blX-)S2?=KWiWv2tJ5aPgM!
z!PhX+WZnVf-;y)U^3YrxdJldqYzHZ1SzY$s=+zsG3<c1sRQsrB99KOeR+thNSoUqc
zF6!oKk$Z;39xF_@f+bZXz;nsVA0tceyt3F6>sEGQyomC5yjoyIjKgJnsr^IK7x@=C
zVU>$IwzBRNztcX51Uq5c7QR75@~sxEPAGf(vSrU+#+wOKj2lUVk9bnWx2zs!fHTRU
zlO8hoV)a~H9xBV+_H1`#FBh!x0i2iA)v9`i(fSISq}H{K-#05N5Z*;)+07bFnX)rB
zH6}GTrd`{dGZ)wMl}M^X1QKIL&P{u&P_Zv0zE7%1@<P|$$$kJYo@Y7H%4=GXTG^Kz
zHW}Nl-P(;Y(Jv)@#)RqmT)7_?31Ka=xT4kqYVi?T-(FhY?1%4UE@}qgd3evA(OQz3
z8mTYinKpy<zVmbC?Ct)7l}C-Ht``l~jbEXudRhvg7QC}+vY=@qadJhZF?IWFckPpW
z2WhAmVcmMefW_3Q)^iJH*2^({$OW1>NYs)o4onkP&SJa`C4uxEjfbe~MBR^nTM#;>
z{hc*9$CAUlPjASSi}!hF@s97;2TK$hS0p#jew#(NdBtTN-Ml4#iQpWkCDH|hE_2wt
zDW)i*P<}a{o49}(Bh_(A&@bLtjPMJ#pNzxjc1|N`y@W3fSA3;jgPqvQ7TmdR3t7_R
z0t%NvFPv&^(+~amR*cps5+dw!tYGcVNM9lAi?N*Tb6k)Umi^B6!6Uw&<cXxT=Ln-0
z#LRsRN(<ErKqvg=Ma9!rb``dGNP2Ty<g%ejfyAkna^~YsP%pZ@H6p}EjD@8KebFZO
zdL&qkuJ4QL`p}x?K4O@nKGr^tYGtaeR4#QP(~va=)s+*+F2Nu3gDpvsQ$nXq4MT3x
z(^jclB^GqaQZ0IbRj2-Sb7Ic*rKpxLup8H3Yw>=xV($nU|31gD0sj8m!{w#sdnP&5
zH1WMt#GS)jdys#Gv<zRc!F~m1H5T2w)NlPdC1kecGr<I)njN}%7gO2%cf|k^AI^@M
zWp~wf^BE#iVBy;;6x?^R@p{NrO8jUGbF*s!(}Li9`u~d4Xjv~NJIXdpr6MkU`;=%#
zH#=xB*447BG1g>eh_=f|VRXoJsr|_V^gD%X#Ng8<(_p=O#RutKOCogZ8285Snu<^C
zqxqwg{%#kinhK5M5kp)|qGg|27uHSPO_Qog=#$#4hAwR~T<Uqyf3c0u_JQJ5kwDGm
z%WYeVnqzYo_;iw%Um~-lY8kx+X#lo&g8iX*wFc*FV#V~l>|~G0Wp!Tn)a{&bPW93w
z{<zZeTn`rP>>X1Gn=)7Ao}MATaz<<NUO7uNry^hB8MiqXv3Tyr94>4`C)pk>5b^dR
z1A7r8Gn%yctwo@(eERm7dBo4cd{ztqhb6q-6Fk{((}b8vX5CuS7Bv?QB5vCdkx=Ju
z!Rsba$%xyzFm3nwE}H^&b4IgmEi3LhaBqJBnapx;ygy-D`rzDnMVN|3r!lMg6EqTG
z#!{Pa@EEM&HMM5DN(x%%^R+kiMT&Gp;pW%i{ccU5@Bf<x^j%rilkV|U3Y}Xqw+drL
zv3RC~1(LOR5DR`%e^$Y=S)c!A+QY2b2(8TJS9?KLT1xD94H#*l4-j;VxU&~=N^Aqz
zoudz=$`zI#gQCl@a@(6QCt)wFdmHHbN7hmnZqGN&${}uu+Cfvnbn*5SdOg|Pd6uR1
zZ@%cn*(SvEzbkClP1Ed8yUww#wL~vSf!Y&K&JuT$&wr#jX2-df8d54<21@_8IE?-V
zLBW+S5Zs_!8)91}S~TxVxJQjH<DDhM^WLfp!o<b{V<(Am_~gmRcr6c5ou+T~Y+FfQ
zF5b(QWsG(nrfg|yFciIL@f`WPRJQs8H&-+Z5EXBfsPRdyZt+#K)JKiA7U_IYjm@kQ
zE&ttI)GcmX#EsI_t;;}zyVrm69_WgAn;o~AGQB})_83QK-v`AsSSC9%enX~p^1M1b
zgnk&zto~R`G*16$o?~}_cWV&6qQ?-YKw$$Gr&P;vmnu%?Fa61F{GB2xwLh)S-eVl+
zNAw&%J6=)TxUJkY(`u~gEpsO85JEMh5-~(mw=ZBSsKg|;I>*yKnqp2a69&7!k5ePO
z-Mqs<L$`o03Cs>Kt!UKUPy9G8e?y!hi7~hiecu*ezI&byyC5CJm_%U<!aQH$3t@PY
zs`kXn+<kU+F45oiO#g`2Ec$WAJFJJn{8~sx<v#BA`J^cCVo`BK>m$nsHmQI7rp)I{
z`B|a|{qm5K&}RC$zN=A=KMY{vo=Ifi$J5Mt7rg^<2j*FUn&CLL$z0~^1B7QAOkJM>
zY|3@%pmt0)w=XW*V43ibgCVWBahQa0?cYo3+2blQ?jMs^>6V0F8?+*Ywf6N>YNTiB
zzl3s5EA-J>^we<t9QqoWHv;~Dxt2ZqZCcha%0kuVXq=~yl1drtC?P5(lgHx9H15xz
zehxJR8e3F+y<{q%9j7?%hiCQCwC)wKqFl%Ju$~;Jzji{=OP8&?#Xpap5n*y0&4M3<
zfuUwGy0=hh^Nc@?HPFGHpMSQcs;2*y5vz0^(u-X$Q)HdZz_pC}dPc#n;43v5Nl|mF
zJV_z@*lyo?87cfBY{P@I^t37?@-#a&!{!WK)GJfHjw=-YITME+oBCiKkC&8spB;v(
zAI#ap^|tJKb%@qyHScu@QdL~!*^OC?^c!2*H3NS+%ir1nHr(1kt<Fu`%TCJ|=_Ap$
zl7p<6|Jxu`3YFSTIY3uT(;vjoH{qdQYA^=>Kjs=j+mD$6#S_=5S&>_ev1>O2unS@C
zE$80wGR^6lJ2s7(*K9xjZH%K2&)q*e()laqPTK$QkqnJ43)?c<SK@nCm#il$Y0H?(
z-0zESN~)xTU2mmFM@@Yvm%Gah5;gcg%$kstH~kh(onrsp@P|1&a9wwAIC!xAufZ~#
zpT{g(kO7JlI82CcOeC7tN+6)=htp!q^O<)U3Osgi?PxbDh+fzziRsn7s9GP`P}XE}
z&~2^had>|?hKgQ!8Fq)&)f*XSs}dSIl4_c`9eh)f8tRK(!|Sle5fJ3$*|PofMpN9|
z(rQa$FD(dDJ!3B!>oyrZTA$|MI(^9Zm%#FDSLYAAXjwo3Z+l?FK-UU)S^xv6U;fbC
zIrjw%WO+#_<G?BSjhkGZtW8>?C{2s<(?lcgB`&+GL>aM_Dx<S!qn<SN`!D)y<~>F9
zwG?%LjP%_MHh3TJnIT2-kyzq{`uIYe%}Q8FHpGI7o<x&fv6q|;a+%vj3jlQ6UDlvQ
z3Hw{GK;%iKM%)8A+_({>>hUV)r`;>0Uiq#$2p*^U^kTd2*t4Ja<U5+q^y?}ip~G?a
z-!N|9GR*Okoc@r1ih5>%{C|M)xc!+CHf1?>06qTsRyIE_ivsHT1jpY0nq2pFFXigH
zn&qs!hQ4@+X-a9&Vig}ua2NtFXnbAmEi+&E(Gn<rpiG+-Y>k0mZ8jM5{DWM1!s1y(
z`}BJ*6wB^120~2x`yyrCS#s6117m|_6%S+TACf(csr+1lixTbvxb`sJq_00%lf7ii
zxSEdsW7a(C8}PlxaL{id=IDo-Q;75QzBqEM(}x}PHAz34=OU~LCc*>ba^GM{VFBYS
zilfzU1*P>pxpVz7!`FN2ljKG#i$<z_KRj8aqKR+g2xfeDp7?rK`^qm32Z%pzGH>3D
z5ulYQZ^^;C!DA2eg>Kj2OQtR5sNNMp>(;5xwu+j5(P91ZD%}(45hwJX>snaVxuhq}
zgJf0qyPqHJ#>i&+t;78r4wfXUb#2%)2x+*thb*#et5HS_UDfpadt_jGdS$UG=Naf^
z=D<SH;)gjXb%TJR>n*oT+XZ|5R7}FBh%i|OC&3!`8M~6vLRld#F?q<cHiMr;CO)Di
z)nRw5*u@IgX;dV3vD<g?qsM;R5-vcC+M&>xO1J6To8CfG>m1xMvvjM%hxfaFWB1Rc
z23U5MQoONJLBK&1KgG;g``fr&%mSrYUTP)DI0~|#<2lR^AJ<Mp@x4Tg-k7@zV3ftK
z$;HxZ)jTab+Es2K#&W*0yRbDd;`3Zu*=Kq19LJFaJ0wA3aLA3Z$^;jSj$1Gt-3zwN
z;9vU@(%Zjm1m4|gPbj)}dkDek71#{q#L7D30`Z@~0mj6utcD6-Ea3-p$l_0@9(79@
z+7wyr`W1SyORmJ9Z|IE+Y(@c~?Q&7B$&Q)~re(X<pW2+Mijk!yiBZ>f#Y0*A-o8KV
z3q*;@BoP-(HA$_rsbZH7lJkjo?A>v4NSLtapzFJ0)g9rU>TXflxJj$ffLD+e)9g0^
z%KU;}1j4?RE3SNqxJNm=lE*X0okYvbC3h6Or9mRG4Z>A6xl!@p%61Y`x@rDwcB*sS
z5!`hV)=7B%spbKFnqC>KRP@yhycoFMc7DQGd&2YxXPcLr^k%cRVRtE6#Wv;@<*dLB
z-23RhM6$CL++E^M$8Le}s-Qd;L*uE|fH$@e|BifKR5^##@3A}EO?02IZVTD$C!>Yq
zx(q{6eJiu6+Kj0<G3i>kJet-)^w<2>Sl0lPrRQR|`F9JAWm=M7xmY1>WDl_nBfR~B
z@Jpp@12D=<W9?%N5wy0}Fh)x(2}W8IGz;eWfV{QwLjll#vnpnfzps(~Tr^Q6q=`29
z(*N$Bx-6U4gPS|OSoqS%H6l&>{o+-!dtl3X7=na$EI@edA)(TrgdflsXt2X+DRjTq
z>VnlX)m;f<#amJM!%K$#^2fg$MZ6^t;!k?`x=Smemk<PW_XB0d)S?$2YN9dgaZe5M
zI4j9kf*|Pzqo^yq94iW`BnRcCrbm1GB@0ew+svYRV+*D>@0;nvjJn{#RU(b0Ec%!C
z^3?WX%*a*E6;rVsi)SV*j&=!0zdzWu6n?2*WF>tDZphwx`0fxK+khTdo(kKy6mAPK
ztyZNqU^IiM{@&g>@!f(qd4!~&8q+b^x+NR%2N!gyIN5Lc5Y~|3C}?RgJT%V`W*~;F
zxLV5fvaq?)w;zacH^!NdBKC20mvzXo846Wzp@CAAv>4r1{|*}44`a+~^IDUK|2aP&
z2HA}`ZCAWPw;F_}vaV(#i7$E^AUbyQSC({~;?etgoa0S!w5<@8_>Q2=opb}pj1!nh
z?<=P=;QF+^8eE@cclmD2>x|JINM`XblzMN(cwz(wE-C`B;hkU_6o1S?ION%D#9plk
zmaLj*b)&(h9L<TXCN5&#d<h)D>+ibQ#*z94Dv}%e@FdI)xyM7~gfBH^S7o<SG;)4L
zbb>MahHC9581eXD6L3XFcP^SwhVV4r%HmU1Ey?RvU@2UqTjE&aug<-L+O05DCjX4m
zX+OEgjh{v32Tr4`sZfB6(pi4oSxnld4R?*h{6eLv`4g>E^lPA)&#+~uVM^%Mm_+o0
z@vlTDiQ8LyNoRRkPF>H#XPWD5W5<@3%!S$EMavHvFt(hrsUytBq8Gn=A<{W)K+E<z
z+UiKJD2Y6>wEr&V)IK4lK%6-_I@NH9ad$CrtbNzaQ{x$n&iaNv%6B7;cjOS)tmYSo
zq^CdR-7l?vNdj#*|KrbNvLM+MB>&qi(q|j>VWG6U#PfL(aiU_FY08Mzt``Z<HUW+Y
zw7NBX3)wqmhAhH`=6t(<BPO!+5o_X~8MmhXs!c(3bbNBuwQc?#mgV_;#`f$6F!ATj
zvuI(D`6CWhX7WQ<(U<(uad!it&upRZLjNZ0hOAf0>@=`ZW{!&>G6XQzD=?H?*VW74
zj(d;MDsUes8h^%m{X%qFAIV=Tp$b-!kE?yus>vQxT?$&j2*J%%v=%SH8M8pW-Pj5X
z^7Fogr~|D;OM>{SNV0t7`X#336-ejN!7Y}~Klft~z-tLN(cLRzJ||HqI4dNaETr-G
z+8_?#w)4(>uQG{sqn?DaS&3X0OM`*B1O^2Z_y`PpN7#^RI^Dd1Ut1VQqr^{aWryT|
z4O9Q=*4-;{Sg*EuW^LI0T|^VQxFzfjEMuuJZ<Zf_=>;MF`?KUJhtWCK1$<xQPlCs|
z33G426pvaI&s|57IWLHgb!}g+agkUz9=9`UYzz4_+7;QdZSHLv`h}gbAr7}-PiQk{
zpZNuKj_V=1G)L9&)mh{)0dm>$^8}YU#E4H?wlSUi6faOr-5YQ$OW~VqHZ!1KgS=Mz
z<XprjWc>c>1{Y-OL*xPS$BT>40vnzTV9GTOhVG6~3!;A(BLi35>mQF==FjaTzi3gM
zvee2%?i0Ouoi$pe=2`CZUdYN?ZftWQ#01jUbfWONU0U9LE+~23(T1H3qx^G$h;Nuo
zla@=Ohs!sc-+NvNH2DTowOk(Zb^r4KKrd_V{GfQ0@ju2~cSb@((?#X}*j$FA674KK
z?-v46MPzp)Jn~upl#pwPPGhG@)O^7~+LIFp@6J^0qo`<7{8u|Wp*&CqbOsu|DyQb2
zmZq)CB?`BUcxQX?BiVHP-4DX~wH4E%Z3Kl4SCq|e5IToM5mRwTt=Kz+1~vCvVYH1J
z%XWm!&pcS1JOr$3G?GQX)~&?3wPb=@4PA<?wX^@u23cjtBgj~WfE9W{rnq#8<I_I<
zO~$Uq2{DF=A7}fze(VmSiZ-b>e&*|psvV|fUeU}e-cEZ~%s#Ws-C9X+&filH8tt}Z
zu&i{g+W|ZE_70fJZW=5L<k!xS69v*q={$AweB)v*1O4A`xQBGmr3asne;3)jARwG9
z0Y`!0Z-{Fs-n6pqUoqK|6GdXp24_>)RcyBuX-g~yU}XP)i?^|r8e&b<%-+HCNZUka
z*SMIs8CqGjSdT;OjiwZ7Upsk-4bkGq^s9D#D)%WXS>P)*cZ+&=P2Ih6POWq8o|NpR
zrKDMO<p*#mPx5$$eMN~6t(pyp6#uR6=|!5f=XMR@UV#WG8Jrr}a1uDk5U|?}PE>T2
z<c=>AhiNtu>Ja^|09I&xiG2Zb4^~V$7+NfAa^b;8Ux+C>A-_Hm)0;1zU9kx14jh+d
zNIYw4H>EJc{mY)tvFR?hs%%M}<U0$)4<4&qW<Q!AZjARQEDP+QLXn<GFnw}fiIok%
z;lI;2M%=FPg5n(`_CN9`C?_nWmvHkZH!WBYP1TYO-5VNVKqQ}NykT;K#Q@@6)3ksb
zvW==O6Wn{oM#P9!jugUM<{QI0`A_8ESV=Q966(m%dZo+p;=CifgK|U`g;4MVlNz-|
z@L?s5q&|7PmGrYl5*cr!eWr_|TfoRUn~l92Vf#`O`#wVKQNZYT`PwX<^e7~*#K(yV
zlPhP)wDVH@&Yu#Z7T=58&yA)bnF3*N5JhzV-ha7n7k=?ljHfKH_?sBFC*tYGnI?30
z*y1dMtO;3~T_Kb(kVtW<CMAObX=M=@&6>=}ntKM};&%Z=Y&Wt+aA?{+8*4yLGpX$n
zs>lvPt?*>sJUI72c8rxT)@tc0OyrTBCR#?_rvBt>L0b|<cjB~}vCM*A8VRdT?vxwM
z)TB+uPW^~Rr7$w7oEF^`_kL%S!&3lAB;{_(eoQ=mggrOjhUD=-O|$)Jok(8k)uaWn
z7TLr%h*kt!DidW_q>Z^*NndCp(iyaVBrm4F9EyF!m}ZyuNfuKy;XoU=gDT&OAc~JB
z5;K8&7p2Q~ky!zY7F^srM<IeNDd53Uz#qKnk&Ui!pd*t@Rgvj3WOkT10Syg}Y*{=B
zcK04JBC{(punJ@b_LI<3>YEKEey*k_K~IRpN^`wjhX`BQ_4pQvLUxR_I7*SvtU%f>
zT^Llz=RLNX7kT{YxrMz#r}+{2607W@@jwJ3Koip1qfJrB4m&*;0h?~m>WmpBn`uJD
zO+Ni{*;JZ8K5gEdYbFv@_96F_y&Sf{aAY6kZU5Efei7}vJh@|0l~nPYv!8tcDm8si
zF`*S9f2+%6AC>_5Uh_8E*JaXpOAObdD&CM{5^gIg7Acl+VT<=P;h1?exu+$K5D&!p
ztYR#t<#RlZ!i+V<(zx5F#8^wrB$3^S<BGlWD0m*xjZ7<T&1Ou?_&-n;0=Sj0v_Z`F
zc$=e%*}xE*z#<}B@x)%_o=?hTVi7|I4dQESJDz85X<5I1!>+AY?u09K*l$?#aQ>FD
z*49(Sj(c<?19N+~7AH8pXwD6-Y<~Ufb(!O!=SI=n-0dG{JDj}vm*jT$|EXRJC4IVP
zG5`7m)%o0)#+)02t3R{uu1B=R`j1z<CR8-{<0-F5{5WA!8EWPGOk|}8^IR#+t}zi)
zu;d>;W!~#GgmxDU1fgt+NfqN0j5zW}!I*_0Ho7yYroCNvFIH7bVjskv6j0g%FgZdc
zu|cn_O*CWBA^QXtTH#z~yrOi)>jrZJ7H%7r%&)j)OOk2$Rt8VBOo!ZnaNekm`>e*&
zi`$49QFsXldFx;>MogSA`4KWPU5ZPg?pY&qI)Igw5;BNVjOwI65z;~V_vfFmNh9+c
zVE~ZKb^J~HGfdEX=^)r#(#P+b%=7f8?RYOUn9#DR!79+>)Cow{<*=hRcsq6BidqMi
zE4=)nl;Sz@gYm1<O>sqK+T2@En;&-w<0_mq>hFNGtEOXD5l)G56V4=DqKS%35tSl<
zOjeSxs{>R5ro-BU(s2<^6Lln$B&rf|r>|QJbo?I_-1elcoSQN<DP}7XGJagV)z)5I
z$ysgbwak-?ElftFs%8)sq52r_kO>BflHj(LxC!Pc_Td=PTRDOBIDrlwyAG!#J%}n4
z<Z-O%v{Z@;d^2K~)IqSDo9gkkKck_oD5GM+h;&}CkIQc_sEn0uZAldb06K7qR3({J
zOPSy?XFZ)<mKyCUc8bjvG*4)e<R|P%wVZ9-<_S5HY(4B0YDbwq3}T`zGe_kMlmwRC
zOjiey!T4I7-nas8H*76#55_{gl`B7CMuH|#l(B1I4&n+<++{`1I`Ge)UJ-muWPn+X
zdRQ+n*u-t+oTqn&zj(lx<LsnE?@*Ox^08W6^5haprZWBy_(L_W#iS#hj7wN{6Kip_
z>C_GnQcRnCI#C|BA%Ia0X%BD|V3R5B!-u9!I*U#Tn3FvuNT+8yzQZ#E7qRCL(v0od
z7L<;V!|M|?d>v3~zHVZZ$t@&y8aZ92V(W-f96u^1gD)l~R-{8Ccl>!Eh~pfkJH{3Y
zqGKO4ZUX#X1#=aLO{$RK>u`F~{iwSF9$>c-=Qt_n&2jii@iD>v1M&h*E=FJ*0^zKq
zvy)7ef%H$H))P(x`E94eQ}D`Im1<Hfd@lGsmcE5^neH_aMG8xys=!x;?ZQB8Pm28j
zw~GL`5qJ1oW!r(^izB~CGY}h~dKhzCXYroc2eGSRPU0jEk`8G%NQW!n^avYpyQM*b
z!(0`LJ>ckeRI1>DU_bXLAf<VNN2-`mAmQ!+IqgAZ2>b+xxVnIpCFT=}N?4K+a$GcF
zPST1!z=d?M(&3x%2GaAfa$IPqKgkoYJAj}yhZCF!Tp67-q>Coy4if=Spa}sP@HOD!
zb^=P$03~=p3AH2#NJd$(jT<!ijU<{(OIMvVBgr<woW;<INK(Kgk3`%8l<*Mhfgn`@
zJX0932jUvSF_Z=hVClnOWW=cY9!DwrI*WCH<O3#_NJL23E-6?Sj&-pcfpZlASMUk^
zt<XCa>0X@Gbbg0?27D7xtR233QeDAbE~1^B0gcr8`_aif(&z-xkM@cTqC6&DV8>CX
z%QoQjrQ1;10tHSSotSL$Wu<ikcsPBI{$(QP8r=fu3T-t)AGX?4`8hO+x)r+ykiz0v
z)15iD>DXk8t#HY|Kx*t{gN&F?n{;*>f2+lWAzgk_j>JxYC}X#l=}YZn9|))u0M~ja
zM+K`6J1X9Q$`w2;`cI-l+zfLOTLaT<=m<zBLIGD+1No4Fd}P}R|A<AvAn+YU>Ch!b
z@Ego_&vc7+&kS~Q?Yfj+m)I@b=E*t|d^KKIx)#``a!Y~$H(^STDtZcpm>9E_ww|p+
zfR^o^2ljwn3p*t?1zJm;u&2Y5a+Kkdhrm~=wi%>bbp9p1;syo?2+{#jk{tx9q61W=
zVlt9MRKOWXods*S&vpXg5VZ&=T9gQ<QAVhg#!U!)-$bJWS4-sZI?}x@g@U5VC=zx9
z&=n1!E021<0tMadrkn$~f`9-@RLXV}Ah3UI<$=-~0HtM5+SAQA?sVBksDYHm*$BAl
zrVO7ey&)sv6Wvs3Yv3ou(SprLRlpTp;IMFs6ct>O$yV8FpesQfeLC6auhs7cZbA=L
z5DWDV)aT14%}EY`DeN?=5_SWy<xJqPXi4OBlg>O+4nY}6b{ME_A8=SPo$~1{ptkIk
zfDG(5pez(X3k4_(aRY7_VG~Xdvv3}eVv^>jLevJz@&+i2J>W|GWaRsCptiUKlP|Z^
zfVyudoM5#ofo~RawqIrght)jkr12^ShzAJ_DCe&MDFUWw0`X9Qc!&uG8DT?Nfbzq!
z5N;+gpaVc{Z6=a{8{N;f0Zf6W<qRw&<fs7COcd+`sv<N6qUr-)r5V@{Z9PtBzAYew
zCXdsVItpyL0h0=UZAee53@lj#=&WiNV0~CBUYVV0<TxPf3<5R>SdsvIxE|0G55N-m
z9pK(H%k-qyElC1*7x0`xfDk5NNkf}_25l`xnbMI-VyEUP%hXUMg3W*s3t&BvPT&L+
z+*IIpe>tx#*v!2SIHCoFvlCU;r~vHP4+Im3zhNyIgtdJjtnCJ7Y!v>Y)K(Q354>C*
z@F@;hk7KMI_a`7^J#cO&z@^AGuy;u<Thau!z`5xQR&n8g4&0B#Ww(~qzIqrt5KLeK
zOQZ@g9{fZe37Y7pgiCQ#!TyzutSulNI(m26jim*1XxRdDYf&ZqV=D(Z;ww<*$^(xN
zmq+MGw+L?95DEV(`No(-rC2b^d6yjZI#?t5+sGR51`~``GgJYpSC-(`F}xfMO{KJl
zMEiEytgN99fA|-~ee|=L-&ZFT!k4$a>;W+{ESb72-%oJ7*5MDrURh#o*iE#yZ*ndB
z5()yMt_4Tka`YtYd-QW$>}KH1ELx%|U0?XV+g_~7Q6j2>&(D2TY|kVSH{p_N!_p<2
zVaGe5eluycY}3+s^8rY}XmMRf5Pt!q0)jroO^GNE6!aiag<7D6nVfZkz$(JU75;+o
z_Ne(OSszN^JZWk<nmTto_O4)6%PFy<Ko7X?fOM=f@FMEKLR2rV$j8dIJHxq*@svdf
zXDWPki)CBUaSfDm|Da?()h$opFcGOIE(H+^0z3|UJ>Zz8cawg2z0aiEL|p@CCQfer
zpAO>ONLwDsB$dCFxD)md2t0+cJAk`)6|B`nD4dZh!q5r`DK3SQ%RzwrLZ$;uwUToU
zkS2P`T7%G^u~qPmG=fT<fG>9iUZRzwhm;$a3m{VC3{ZCj5?}#toep7BJkeoPVlv2!
z?t<8)Lno$Cl;Pal`G4JgCP@Y8_~=9>iQgWy973|tLHhhnlN84P5wDJofFg*vRQ@c3
zHDxGRmBI7^->46wfJ_dz3ll8g{n!4FlkmwDWui6=0#7K-0WLOBumB^J=1)|L1Pg%E
zwYVInKhRNJip5s!j<PXI5wBs=P9#K0w!u~fj7sorwR&Y+O7~)wrH2J;feCw%9s|RS
zX%EO?r%+U&2`0+W6qC*#3Tx5`#Mw#`q`hD?79^TmacNX#L^8E~_{dIt8!Lmj5rp^N
zEsg!-T~x-NSow`u)0VVY6<hlj6<D|iqRbGab)J*<x!Ni)*A5~C=>BnzBXAFHO0vzU
zM<5|co0#>wLTLw~V--#xqXtqbbKnqkfeZ~oj*9d!#=s*?0d9qW*zN;76FPh<nt=T>
zQ5Rlsl(G@uT#D!OJ2XxSHpXTNXzjqPQe*B5ph*>{K-MSMz*`bU33g>L<vF`Em<NFc
zZbE7H6QTqT0@9pV=vBLYPNlydF}xNBv>EXSL=Sv2bT{sCGUYzUYoZo}S!OzI4bGq}
z!K7`t{?HE8gX92Ov-d7qvpDljJKy+WEqb$dvPr87jeVUmGr=p8_azf@AQbH$GS5q}
za4n&h_QR?I_>NQvb_+^)_PI)RM@2T1?K!4^(}(>v@7<y?6#<AW>+vc6%|6%sV<ujy
z2x9wFRVR~zwbr0k_hZt2TMPCtY-jwL+V(<#k;cE1{QN4)`<^Rt{2q#e6g94A@6twv
zE@3Q<J96?k(Ah5Z0TeMxPStG*V*_34^c2;mV~-Y>{gI#u^JI^?s<H89%vXM9C4cmi
z?=#y>GDqW}WYf&megaOqgXb?7AgU>;+d}I}twqD>oL(e&gqlAIl(xK0veubvll*eG
zv(~Ax(6LlZY&y~8)>ha-5)Il6fmxGi)Rk?ho9RTv;%3zKbRumDE$G;aMX*%=8jsbD
z<B%@TK$u+=C-pFtay?eQWDfOx3-mN^hPVahN=Ht51QJm5DU|0zlpRRvCy8qjt~?%V
zo#p6;oSzQ2*ZIm5i|e3;CYB<rEVFul+rmk9rte0a9yd6Fa$O*L*wCSBhO+vb=WyNH
zSWz&kTU-1@aC42pq`kmC7$c7x5H474#(fov?1^a<7D`AZXiQb{_}fiVj5<-REegIC
zy+y}OY^{39xD?1{-W*fH`RYe#wOfVTIo-oF<23mZG%ph0bC6Qo()fl(nIVqdsgWWX
z_;sCtSm|o636m?CqttGu?PQ2>{$V8P0Zw4O@dlV0L>!{FclM5|N&@wXMqh`)=vRbJ
z6ExMtTf=fRjpHsTuWqy1DkFA?8rH#5G8QvA1$G;96neclLwyNh$86bS3F7gH!xq)Q
zQxNY=!s{W-QqE^dLJlM1&^o-<Ce-q2f^Xp_RI6<UN8#B~0runyQ65T^pSs{YlJS}5
zd38>2$q*)`MxSWNv-cQt?FtY?FT@vW3o!YeO*S>~UPeN##IHKFg0Qu1Eefgt*JxwC
zL}*BDj~LrRCP67BOIThdvxwzIHY#>NI>|((wkOYoV%IU9aro8y-n2_rl<{^xys9KX
zmXgC9@{xs2**1OxuU0lLamYk9w<^OV&)SAzRzAHlqwwYCyue10Kj=*t6O+k>YhK!m
zWNTX(0SP8=MQWUp&V*WY0Jfups438c#cU^Vcx}T{|A5((tu4xyqwv}-(hZoQ2;Kf?
zs|CH439{Td)wMXO`5#rt8g@!W|M;hZ&duW7NI8TbI4f4pI}$M?lxtzkf#=IKKJ5p6
z!vnf~16-pu-e8-vpq{8|vbkhVu6yKoq~n;PfuqgUxeyKyC4fACIy(A~<Jh?MNUUtb
zz-Lqe$>aDk<tlR>FY=T%t8BVc*0Xaa*mAEcvm=Vm{qs`KuGh_A<{|1fnzw5Q=0P&{
z(9}o7+}*20GF~uQ$vjG1lGN$mLVS@qt&73Vz+T|X-(r;lA;jahx1e9mkg93(6}P)x
z3J6AGnmqyc@-$J4dh|Ud#Nzz)+ez87Gu_asgO(y-xhc{EL`jk)J#mFT%!mu>hwp|C
zkvw`QXQ<&TVzO&cBRAId_jXZJD_wlVsRQv-17$pV=W(BEXnr!~)EIb6bZz$ZyxbVg
ztI2b#lx^y0OF1RhNGCE5dAkj-SWK&>7x4Y&6<P#pT~Rj-DwZ=C#0`_o{w*CcwMl$Y
zGEEn`h5P-P?QrD%L_M+326oxDWNh*qL~gR|7~)!%mNYD3sv$Lp`BtyYLLYOMIAoF+
zn?vF+%FkS~%FYK=|J)#3c_ohH-`5i}^`!YEVv2z2I*AvVICl_@x%c8pOzLnvY4Wii
zA<FH3+0g;lvz&)Urmz#%T8_3V8xUCgt<vKgWZ>4gXg&0pU`9bG<*7T0X%2#mc35Ac
z&PGJ7=WM{deY|BEo|f85UuZe0OzBgGJ`lVl$#%}nG^#P=z3;${H_DPp#NAv~C0VbH
z0LciOaPv+U1**lA#@04!8aH0j#2%xUDnlF9aq%!j4!Zy~kKTagUlX?ozU2ytySR9r
zvXyT_*3Vo$vAf*AaC^GymjBSXEb4VfL5vRSZb{6~Tu!_`Y&Vy?8W{)MwGn=ROVKIK
zGvF|1O7z4XcLdfV4@ZIQf#7QcNSQJa#@t^Aj;@d?8wV(<F(SQ5mkc75+makxmL_Y}
z69*_^77j1+II=4kE1H}1gfgXagY1*~(b#%KO+=-o_;bVh$zcKQqcGx$p4eQOICB9h
z`V873t|VL4nK-<j7@aGC8*<4?vT_B%@^Ye{6v$raEaa^ma1>Xt^Gb-KaJ$<F)0vMO
zpA744#N{@Aa68mrlq}Q80DQ=CMk&r9EK9M~H5)v4$`K#WWg2HNizT_Na)7kW<c%6`
z#MY9&DVsQo<&<TklD%nWLROFJ1d+tndh0LqQKmrjF&F8T%5dqC8pLkyg^U<S@r8`X
z4Nq`K<FCMj1k_v(#7X>hblcRqsr@gsS(M?u^Hw|HUH;}bJmI+{-d&QXzHfZ<kV$^*
zGZH>e@TNh21~IbjIc~19q$n9no1?Qvl5#mYPU1|#Si1|Vb^n+#EC-{L!Gxq6MD2r9
ztQ|gz=~ty6R6O(<hcoz2-UYErI4`$_s2uhWqQQb+GLB?hDhcgi>T_j}Nksj>da<}i
z8aL0%<(Mb^i-(eye#c5bK#P)z(PzAKx~Ea0HzNI?@drj)tU{WbPC7STJ?9uCY`J}g
zx;bj7O7ZHE%Xh8Iw=diav_GHe|Li9BzmeI55qk4Ti%0DibJM5Iul=X*+W#zA8$6mj
z5bV(KqwsXU;pOb?aNQ4H@83M#d%?q~O85Jjz}SloR7KDC5#?TrzjvJXFmN0jIRB|B
zXzj*BN=hA~{r2ZQz?a_)=6{J_d|w&*?WZfXPUP*?r00Q&^n7*j`RJeMZ$CrWZ+jm+
z4(ZXH`B8dyd=6^#r-1V5_hnev3#wC<rJBpzgWHtv?V4$+9v*PxDHB~{nooYa{k8AX
z^+n_&W1ZhI{psJKuU?MaF3%tQQNn0gb>Ry7Lo@Y9>Vmb@)$60_55qr!KkB|G78p)l
zda#|m>B32u(GSz9PG9Tl<UY*(cDGVZd)1w+r-nG0I6}J?HC%s9;gG_J@7~Mxqs8^7
z$zkMsrk{uNuR?dgN?X)!*OffW+tBzu`0GO4SCQ|I7}56EQ(@o9ikG9il)7p^cK`lk
zEcuVqXLsFru9X($;MkLy!+sYM<u!jNw9xB|YoAL%R7K6p;ZUoIBR^Z8<o7gNMS6bO
zveqHY!l&+=d+8YB_iJbKu!p(_VV%t`t>3htv`3a3?JF&JjVCFcqeq)P%X#;^VP@Wy
z*cZ~{b^J0czpMXrIc;!Y<$mFj!K&6Ht@piZ$-y_dA3VQx{|-t${k-<}$VJbg*vvOt
z=Q78kLF+<z$E*YIm9jc>!;c2PewFj#HRd0SpHV3YqcgvglFYoIKfb+&Zklb3?$>np
z3Ay0|y-{iH+WF~i^|jyS)TWCVm5WA=xXC4XH?MW<_vg(nd^mT}!M%p_<h74kRo>vj
zBMDRMDb0PLZxP40TKDGS;=X?{r(b-mw3aHl%Rl*Y)bIAkonQYuHfe5FS~t7&g7kH+
zq>z7GIWD~N*AD0EM?ZQ`6HpuP<FMQbu|map%$j=DD0HjeXp8X`^wF>Kg1(r(HY9ut
zYt!hwzRtd@2m5cjxANT2Q)fl=5Z~>M;C%9jN7|9Kg-vD8E}uK{&qYRYM28A@347+n
zzELUwMNCjNAm`Q}KYYq|+uGJ2BXWc93rx26)^$!rPFtsbw(@RW8)6$ERd=zier;vO
ztga}h&$Q^bHm-ej(<@BJ^Jz%K-Jthvul1ao@5FjEK`z?ZWYl$B7|F)gTU$lyL4P!?
zy?7|I>HPz$<jG6gne)UKC$HC_B?ms(b4-H*>b;ZK9SC?W?R|BFHSX1PI_}(S)w}b>
ze+utTJ>jqR)Y$hS`qw#o%~TEl$2Siydp<tamVE$wQD<>_gOl!w8yBZ8AZq^nb5uQb
z>{WKoHp_9p<Jp^i-8G^=--?`?3EER+jFa7S@jD$fQ&r{;xgpFQSA(E0kJ!BVQ8MFl
zq_O=uoUjaG-1NKA`$Owg|E(XfziEBk!mGC9C7a!Yg1mNr9UIqtx;$8TV)yX4vQx6B
z@CiKT&$=FM)+V3Ev_zc`6Iv!M7IUAs6nOjGO6Rz+_l7MPS>O4f8jbf1ecE<DOwGRT
z`OV;$H-^WFx8B_8H(}N#+c*W^W!Bv=NBtL=k(zzf(p*XL(xENitZ%&g>VIQ5bZw~W
zx~`#`ec`qjHqM#1iNo(_ZO%RwR36y$=YDnh0p2RBBd*d=<-%mzLW`L7%-(M9k9x$p
z#BE781YI5VDV-k*U+g#>c{-|2DQ)fPh}CsU-l*@#K64|VaaA3oFWT5u-C%V#eKl7M
zx{FkYtWOWpRIb3iKN(vc3~nkg($@-`ABuk}R}1s0QKGr%q0Be=(LWM>)doTwqMT;-
zTfHw3|2!#mO?BM`e}jVW(|#$K*<kD?m1X)*V(NaoOm=EH^#AJrmbk1v&;FyM!kP?`
ztyen=mz_7j9$aGB1QOF0yNIr@{;|Au+f><STarf~<%54g@cd0BLiFvgj%@vP)K_)J
z$d(N`lP0Coqd&Gi+Vt4_z(x~zM)BgB@87>`-*qsULOV12wI;16o*l3-a(^E(rtjGk
z{+Yd`vwM0ly|}Z;2%I`?dMR3yk=|^zdwwmo!*Oa|l&Vss$BEvt0$8zqWYp%n>2^<*
z8FSvV*T48*6wBwIm#TBqciu}2I)}gc;Knm0q{H{Xl1h&wzo%c<Whvpdy4P~oQnfSd
z=YN+w@4R+N7pD6(n=xs<>>%fADKGu~jPfJ60e<+!p05t)BC1;V)f=1X<{0g8e^?WK
zEwpd=_DG-B7hU?@mn|0?7wYNLgFA&;_UF#;*GV_Au23paR`BfJ5@!^$IGIYl?3nLq
z-_lxo@`G8U&JL}B7CUvN0F8TQ`zYMy!St6M<^!b-iq$4P+~w(XOBKETsA<c8=f7ze
z>6uwGl$LUXRSgau>bQF1g<fYt#533qCFc`pJ+I$u_v|i9w?4J!_2cv)2mO6d7xUgP
zQtui)9UJYK8h=O$%(gA7Pp5|}sK!*lLvzyiJ|&HI=#S&?oggW@kB4l;TzNo!nycbI
z7&7^8*&rg<=(y)^j7bLUslY46bA6om8>RDKM)t7!bm^HdGX{4c!?cyWPTYIH=f?5O
zbc3hIE;G)XYbd#&_}UO|51qe0#jQKB4eR`P7vU5AX2xD|;f~OK9y4!spJwir6rPB>
z^))c_Wny9Y_TmdCV_v_$>N$0CUxvlglaK7pci($u_0;&$=<8aIyPu#_Guav+p6pO)
zjrsy+xZiL2MwW20%$TpR6q6(y*_7Aa;DHmN*{NYxo0$vNSbxJ<MYjr$z6_>AxqguL
zqb{-W{{_VmI`2#(N;kpXk*N&T{k0pGt6D|fEZ<S$qKz1^aN`y4ZPD@a!&^kb<;^%D
z3SPc~Rflim?p+OAB{QRz%#1#qGxdzBd7Y3j#x{A3tz1QDwyPGn+Y#(zGNocZm)2aJ
z-NYKs*^aAP=`>#pY0J!bTC#1gwTDYnchb6<QElC^@&~y2jwXC3XiV;~8gEs@EzGGx
zzR@HiPNYPeywUhij56XVBYL((i#$p#@0~kid|M1>VMrHbc8GsS;1`N0SxI@l@?*gA
z0WI<an#1D)GZStG{K*rSpFA<)hsxV?GD&lv6t-V^viUJn`GAD{fF|Jq@=Ub}Gu0~3
zRI4x#t@64mk6HXuP@B2GxW=XOA-T3JF1l8E(X|STu2o)it-_*fl^0#Bu;^OkMb{$C
zLyNrVTExv<o`<9`4@r3*lHxqbi?u~qtS#~+wFr~cB2Q9F<=S5I?~4jAI`UF(PKJ)}
z@7yLlTwdnQ!ZL4`mq@d)M4II#(kv{IW_gJ;3o9uhFM@=yp(W&*P6#udkY_p}%ydGY
z>4Y%T33;Xy!b~^GGu<T2bdx;OO~On!$ur&5EWYU<aWh(c?=j*gn)psk#LWfq95!M?
zCLZTU49-JW&hSbXHmK%qh=-Qdc)%?n_iy!cE5*rZIATK7oDd%pG40_`sPgq)UR&+l
zlScN;R@K;Q6SkbtUpbKF2L2@%<4Dc4+^lZXrH5p=B~LV$1Xb94;_~Jb7dD@W0ZOQ5
zO2rKSxKHw6(AV%#Z@Zbc3PsJ$4dwOn^Fc?AjjE&S0f(EZnfgI-fkf1NB0Lp#wGnXy
z5$zxm7atNa_u?MaIqn#rVU>G+93Hed+@Qsg3|it5kMrVue^ogoVua2;ryI^&2e~AZ
zcp^%=Nqmk)JZy{e58E`;GIMDyPdW@U{K)xWF5`xuW@~vb!I)E%o<$w9b<N-g?rAH-
z&#v`RZ{n77gV~+v4c!dS?yH}Sht^PdBL?yrK|RKs`9JwOkGF`=(}+5g9THJJadGuT
zJSU5D&&gPUh+~O38)EIkLn5Af#kr?m!HilQM??{EPrGu3h{Q)c<BG?`r55oZD;^Vf
z7!i-D+Jz+)@eHb+o7?2f16n@E79Kg=TNyQ$5Kr189#hBT;wp=H>KreR849|awK5K0
z_*VJcGS<6R%2@ZUm33ch*SpBfSnoy2Sm*K|V_i2s*0FBNSjUnqW9{*TvGyV}W379J
z#v1Fjj5QwO8qtffjOgc~M)cEMBl7m25&2xyh+0)<MBNoLqHYx%QBO{dh=-tteBq)Y
zU#4h8tQV87U^V2AMhy9q0Ym=$$&lXkG~~;?q)$K$*)m5%cK_6nE$1*~PxB1f(;P##
z@WhZUelTRu(G1xtA49T~*^sQYGbGDj4cSFOb~9PBZpV;3Ju)OuwGHt)L__k_Lp=O4
z#EWJO@e@-+{7l>sua+^yi<=GMnpi`)2Hg-2It}5<FhjUN#1JiFG(-y|4beE%5Irq3
zL<{N+(P}S4u&l}uEc-MB3)Bq3Ln=e?#N7})t2G3x2@PSJu3o=q2$r!Mf=7LZU@?MG
zz3S2sJj|(H&Sq49ufeEZ2y0Z&HH_+Mlu^B$#1O26uYR6tR4>yosvoEu)lY(|pP^KJ
z?ZT*9r)yNr!i=i5rAF0qe}jG}!=S5r4LSlh=+{CFI>9jLa~7j&ZbjE;8gvDTL6-s<
zbd9c2)#&+^ss?$&L^mri$O=n?tQ<D@8zTn4+|b~k?i&1;U<`geu0d{|@atX;{#!W)
zKXo?fAe@^R82nNf^8GflkAuNa$PDiJxxr1)4Q>s)!9Bt<$mtPYrfzV{3=D3`y1^}2
z=f6B>kZU0KB%eS3L+b$y+U08*u1rH8oHMzTzH+*Up7DpDiyPqw5C%WSsoaY)LN~UI
z@ZEvXtpOu^6Cw0i!capcTDf}^x~&wt-xPX!R=GJCxmX^PIqCb}Nvyl__p2l4PY+@I
zWK)OgDEL!Y90v)L(TCUjz0c~fg0GQQ2a5VK-<W2PcumP^EU(-QSz9&5%a4&bWHlM=
zsgco#>EEi8w_Ha_+pgo5hKC!|N=CQ!k(}cVnB9UmT`~O=D`Tl6{`LrJ#<grm)k>p^
z*PG^bR}a2LC<vhr=ggd{*|s*O>fV4$8MeJnCsQgE#uQZz{S|yiF&tDY<{HzAUsS=j
zpiAy>GWZ))QSZzvf7dnqhTp^R?|5gN-~gZb;HsMH?dtEpMeW|RYfJz3-MdsZc$6jJ
z7BM%AIU(jIF~^1M-zpYxQq1CX`*(K*EY41oI6F<^>@<n9(<I4GOq_Xf0^{P$$HkeC
zi!&dW#4XNzT%7s1IP-CF=Hueb$Hkc!XEGrUEY7+(=i-cu^DSw@;z|_fPN*>j<0W=(
zV>0TvT3%NjZ`7x&hCb$S@7j97IuL%FKURx)FRhv7Zac$fc&h1d*i;>|a<{Ddy&-RA
z#x~;chwqL!f|8x%Q*Y(-Y<Ly+Vckt<)nZ=DnTVEqyJUtAWIO6qA0N7PnaQO!*Rthd
z{b@$p%ICde@ULUuEPCy5x|xwjis79k7D2|4ZdMtB_rgW31n-dcq7{qYaNjF#aYRMi
zO6!hOd6%!OV0)W#*;N+=_P_BaR@EHjjP0)yT(7D_As6cl#x`D|4LJ0H;UJhruu@_7
zxHMDCkNt(t)d_vi8%T0*1lK>>^sC=ZTc%rX!~EOjw#UE8Dnas*+!>Y4c{2)e+*O~N
zGt;)NIpR0vZKHfEu#j_wl}{5cDo6j|O2gooZx}gOFUSJ1$_!>a)qzOkkwnF}9YI{d
z(1~`A^5lqvR5#IJrb$l9VCt&c+Cer2^lQ-ew;b&5?cCX=cJ12gZ*P%tEY{l8t+(vz
z+_`;=qN>|=?NPgW5VU7&ucE5`JGZcdw(Zz`L+1{4cXxMRSHIfddBct_RVnC&baAYs
zW804HH*8UxysLgN6l5hA+_?#EYkGrB?E6vK;H=xW3f-1n&|EJv??S`HR^B(PPj|PM
zYk~Fox{D`5{**2?wj<}b>Mn13R{4NlUCWFqsj;rnwAwf3xOySD8A2l}->#@S|CQ9(
z)?6hCeZlkt8?gBs_-!|bEyZ!|yl#@z2M2mt_M;6?P5dMU8@G8;SN1wfjqUU&N&cOi
z^3Yn>3jRHos<KqK_wQ6I6NmntTfAvQzkeSrHP-KcSKW^(NO7<3xR#B0%V(jNFx#@+
z>OL3E3QdY$a=pa*)0wUMu)5vM;Y>!aBB*z@%XD?SS5KF0CwD;KqUG~SYOLFzi+DBX
zA71dcR#ZY;JErnlTJOwcB=zsGI;q+!FqkQ(M>TIc<R?PVT7!v;KI-abMoEnYy9cVB
znM{zkP;>2c_Vjlr%T3^hF;{o|HXKl=nei(-yx*Ov+qpCnbaT$ldQGByXr+n;Gu&|F
z4`qkzA-poc-dZ>byh^@Vv(2tiFB$4qofT$~8LyOsXlbV&swFRuT~=@x7k~EY?rydr
zo8#J<Qjs+E;268$$5GkUGBvitGDm_k3N{;LWu7S&Nh`#)gYS3CrO=y8XSY~|qE^*<
zwM>TfkBUF-<+GO2y@_(AV#|9D`c;7z7xb>eGc4#ldV`&4g5D!Fwgo3?xzReVmNr-;
z3R<wBgoHabR*JZ<x*=~53c*W4=oWO<WdcFA>P1^mYhL7DBS23znhxCt_V;aM+Yt5n
zkFUIs*-8o(rN(2ZR2<hf(*@cJ*uxHWi)Ff6&UF0ltl)LSXog-+s|tX>Y6xqgpcfq7
ztv-9XR)A4!YHW9(>X=14XS%~)FX(lyH+c2aquYA*8C354xeYA4(PP+N<E@-W2(im@
zxyJ2;TDM&e>=iq%LBTx_Ti3&fdH-O4cRDN*QJcTPvhoTd7Bs9adEL*re+}&PPo&@z
z?<nadowZA^N9fk_j^5`#DpFK+q`;;ks#?BYc#T@pg?VAJ-T<WBa?rqbAJA=YG{YL1
zf9cz*=PQ@(a!pCjGW7PndO`C>mNqNComM6{oYRpXe{F#1aK5vYb(5k-gLa3K+#Njp
z=C3v7J_I%8*Bkc{!}*ev^$OU}I8I#kM$<ZI_GnJlyY}tSwF5eT?ej)Z<Rl7zEPuXL
zpKjsLqJ2kY*ui=?$!KiYtImiMtGsJ!<vO@k_g=hfq2Hu-Ste^y)$_@MW$WxoN;z@c
zoqoIIUnu=5-eFlrspzGIj{neS2QNXly+c2s=W#JAM~E_J31k-vFLmB0g;N)96yYfh
zy$-QrD{8rNgAUFNuf6-**s{jXPL(a{c87Hv8D-cXfs+iO0qrrJ+=!`X&;cOwQGaNl
zIXWW5z>Ob%ut=)LhtkpZc7G4L;F(JJ+Twj`%0H*QhTrW~7a5z2FGzMMlz%ZXxv+lm
z_!Y)=27TPcj6B-M2;H@cUi|(Ath%-;&pWw}I+U8wj^Dw3b~P7lzs9x-^a~+~_(13~
zmm1rm6`fMK@AF&bcBij2<cg|*4fN<4!Adfi(FA$grBy}^)kVu<@{<&-87e0UBQ{i2
zFw&Qd^UEXUj6Pa54z4c9%5n(Jadg{NhqYXuG}JBKB{R4KRcUB~VW$%smC}KEILGB8
z2}U|>+7t{Ac7{g>-oORHt3DJ@EOX_l27e<#)cAu-S}K@Yc}23fJOg8UaCa4o?pXDQ
z1<M4&XZIe{8%h|c**)fvRWdU>thAO74a+c}c#oAc*#+4z!D0V_Cs)c!qcc`;wIQX^
zaqZwW%l>6ruHHCemKujjxqRlTTt@N#%6c7LV`j{B#tOl!YX|SJnPvD7)m9p9J+FBI
z@vmauRT}*QY;?U2r_moVH`-Q4b2X(=&*ITgHe*-*3XTY#5d}xEe|txH5jWbFpB$}_
zODl~dmh1m7__QGAA;(b~(^kP>+t`@Vhe{)=W^3k%?yx^|UXx&N4Gr1)0rr>w2p9kM
za}2i9?4O9~|I2^pDvENPqA2(|3uS%-|9VN)Z=jOjF;Nud%_B!FcKpf){+0a>F8kHv
z8v1)z{;$7QJ|8~^U4ETBt@61?hmL2zSJnY%$EVKZU++Je|GW+KcNi5#ITA|$OPBDk
zA0p{LioEVo6y>eZ@x@E|*ZNSoZ4l%?gZJ3+lb7<Z1DnO=$MSFD_#4>oxbNX#8&0kq
ze}>@rQKXCg{3rX}6ZX1kjrw=U@$C0#+3V!-<acuD@05|_=L-Dm-QPbt^7y;S@$7dS
z*=y|@>Hi>(XXQVL<JjvJt<mZKTXH=6U0?Q^KQ{XFr^)fF@7u_|zH}}5-4}BFXZ&9i
zuC$L@{N8ZwpEe4^*O1pI{a-<@9AAgy>(+Vvza#zZc=kKU^=ll@{`(H<jvdc_FS!B7
zv)^mmNRDUqut+|i{Z8`gTm0{T%hLZMIez)bF?hx2Z;U?v=j8agjmP2@zt?<Obo==w
z;wm4H-+!LFA~-&Ka&-B<hR=`D-&e!&n-y{Y$6kLg=o7vFevRXoHbnQI$8QiH|DCIX
z;~(lfF7o&@B*z!;3Vvboy7Qwy|6<AUpZi2`{J_A*$m2I}5SQPvt3gej@X_e<yIS)3
zwfCJGl;6v>k)PisIex_neyzCv%A+HX5BDA1=TE;Q=wI*ygBL1_^0A|<`~TxZZ7=-a
qOigeBN)1Mr|EZGWm0WOq-x}@b{{jF2|Nj910RR6J%=uFob0z?eb*~Qq

diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
deleted file mode 100644
index 7354b5a5f..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/METADATA
+++ /dev/null
@@ -1,93 +0,0 @@
-Metadata-Version: 2.1
-Name: MarkupSafe
-Version: 2.1.5
-Summary: Safely add untrusted strings to HTML/XML markup.
-Home-page: https://palletsprojects.com/p/markupsafe/
-Maintainer: Pallets
-Maintainer-email: contact@palletsprojects.com
-License: BSD-3-Clause
-Project-URL: Donate, https://palletsprojects.com/donate
-Project-URL: Documentation, https://markupsafe.palletsprojects.com/
-Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
-Project-URL: Source Code, https://github.com/pallets/markupsafe/
-Project-URL: Issue Tracker, https://github.com/pallets/markupsafe/issues/
-Project-URL: Chat, https://discord.gg/pallets
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Environment :: Web Environment
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: BSD License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Python
-Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
-Classifier: Topic :: Text Processing :: Markup :: HTML
-Requires-Python: >=3.7
-Description-Content-Type: text/x-rst
-License-File: LICENSE.rst
-
-MarkupSafe
-==========
-
-MarkupSafe implements a text object that escapes characters so it is
-safe to use in HTML and XML. Characters that have special meanings are
-replaced so that they display as the actual characters. This mitigates
-injection attacks, meaning untrusted user input can safely be displayed
-on a page.
-
-
-Installing
-----------
-
-Install and update using `pip`_:
-
-.. code-block:: text
-
-    pip install -U MarkupSafe
-
-.. _pip: https://pip.pypa.io/en/stable/getting-started/
-
-
-Examples
---------
-
-.. code-block:: pycon
-
-    >>> from markupsafe import Markup, escape
-
-    >>> # escape replaces special characters and wraps in Markup
-    >>> escape("<script>alert(document.cookie);</script>")
-    Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
-
-    >>> # wrap in Markup to mark text "safe" and prevent escaping
-    >>> Markup("<strong>Hello</strong>")
-    Markup('<strong>hello</strong>')
-
-    >>> escape(Markup("<strong>Hello</strong>"))
-    Markup('<strong>hello</strong>')
-
-    >>> # Markup is a str subclass
-    >>> # methods and operators escape their arguments
-    >>> template = Markup("Hello <em>{name}</em>")
-    >>> template.format(name='"World"')
-    Markup('Hello <em>&#34;World&#34;</em>')
-
-
-Donate
-------
-
-The Pallets organization develops and supports MarkupSafe and other
-popular packages. In order to grow the community of contributors and
-users, and allow the maintainers to devote more time to the projects,
-`please donate today`_.
-
-.. _please donate today: https://palletsprojects.com/donate
-
-
-Links
------
-
--   Documentation: https://markupsafe.palletsprojects.com/
--   Changes: https://markupsafe.palletsprojects.com/changes/
--   PyPI Releases: https://pypi.org/project/MarkupSafe/
--   Source Code: https://github.com/pallets/markupsafe/
--   Issue Tracker: https://github.com/pallets/markupsafe/issues/
--   Chat: https://discord.gg/pallets
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
deleted file mode 100644
index b1bd79c2a..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/RECORD
+++ /dev/null
@@ -1,15 +0,0 @@
-MarkupSafe-2.1.5.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-MarkupSafe-2.1.5.dist-info/LICENSE.rst,sha256=RjHsDbX9kKVH4zaBcmTGeYIUM4FG-KyUtKV_lu6MnsQ,1503
-MarkupSafe-2.1.5.dist-info/METADATA,sha256=icNlaniV7YIQZ1BScCVqNaRtm7MAgfw8d3OBmoSVyAY,3096
-MarkupSafe-2.1.5.dist-info/RECORD,,
-MarkupSafe-2.1.5.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-MarkupSafe-2.1.5.dist-info/WHEEL,sha256=ircjsfhzblqgSzO8ow7-0pXK-RVqDqNRGQ8F650AUNM,102
-MarkupSafe-2.1.5.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
-markupsafe/__init__.py,sha256=m1ysNeqf55zbEoJtaovca40ivrkEFolPlw5bGoC5Gi4,11290
-markupsafe/__pycache__/__init__.cpython-311.pyc,,
-markupsafe/__pycache__/_native.cpython-311.pyc,,
-markupsafe/_native.py,sha256=_Q7UsXCOvgdonCgqG3l5asANI6eo50EKnDM-mlwEC5M,1776
-markupsafe/_speedups.c,sha256=n3jzzaJwXcoN8nTFyA53f3vSqsWK2vujI-v6QYifjhQ,7403
-markupsafe/_speedups.cp311-win_amd64.pyd,sha256=MEqnkyBOHmstwQr50hKitovHjrHhMJ0gYmya4Fu1DK0,15872
-markupsafe/_speedups.pyi,sha256=f5QtwIOP0eLrxh2v5p6SmaYmlcHIGIfmz0DovaqL0OU,238
-markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/LICENSE.rst
rename to lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/LICENSE.txt
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/METADATA
new file mode 100644
index 000000000..0b762b7b6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/METADATA
@@ -0,0 +1,92 @@
+Metadata-Version: 2.1
+Name: MarkupSafe
+Version: 3.0.2
+Summary: Safely add untrusted strings to HTML/XML markup.
+Maintainer-email: Pallets <contact@palletsprojects.com>
+License: Copyright 2010 Pallets
+        
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are
+        met:
+        
+        1.  Redistributions of source code must retain the above copyright
+            notice, this list of conditions and the following disclaimer.
+        
+        2.  Redistributions in binary form must reproduce the above copyright
+            notice, this list of conditions and the following disclaimer in the
+            documentation and/or other materials provided with the distribution.
+        
+        3.  Neither the name of the copyright holder nor the names of its
+            contributors may be used to endorse or promote products derived from
+            this software without specific prior written permission.
+        
+        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+        "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+        LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+        PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+        HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+        SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+        TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+        PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+        LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+        NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+        
+Project-URL: Donate, https://palletsprojects.com/donate
+Project-URL: Documentation, https://markupsafe.palletsprojects.com/
+Project-URL: Changes, https://markupsafe.palletsprojects.com/changes/
+Project-URL: Source, https://github.com/pallets/markupsafe/
+Project-URL: Chat, https://discord.gg/pallets
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Text Processing :: Markup :: HTML
+Classifier: Typing :: Typed
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+
+# MarkupSafe
+
+MarkupSafe implements a text object that escapes characters so it is
+safe to use in HTML and XML. Characters that have special meanings are
+replaced so that they display as the actual characters. This mitigates
+injection attacks, meaning untrusted user input can safely be displayed
+on a page.
+
+
+## Examples
+
+```pycon
+>>> from markupsafe import Markup, escape
+
+>>> # escape replaces special characters and wraps in Markup
+>>> escape("<script>alert(document.cookie);</script>")
+Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')
+
+>>> # wrap in Markup to mark text "safe" and prevent escaping
+>>> Markup("<strong>Hello</strong>")
+Markup('<strong>hello</strong>')
+
+>>> escape(Markup("<strong>Hello</strong>"))
+Markup('<strong>hello</strong>')
+
+>>> # Markup is a str subclass
+>>> # methods and operators escape their arguments
+>>> template = Markup("Hello <em>{name}</em>")
+>>> template.format(name='"World"')
+Markup('Hello <em>&#34;World&#34;</em>')
+```
+
+## Donate
+
+The Pallets organization develops and supports MarkupSafe and other
+popular packages. In order to grow the community of contributors and
+users, and allow the maintainers to devote more time to the projects,
+[please donate today][].
+
+[please donate today]: https://palletsprojects.com/donate
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/RECORD
new file mode 100644
index 000000000..a0bfcee61
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/RECORD
@@ -0,0 +1,15 @@
+MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=RjHsDbX9kKVH4zaBcmTGeYIUM4FG-KyUtKV_lu6MnsQ,1503
+MarkupSafe-3.0.2.dist-info/METADATA,sha256=nhoabjupBG41j_JxPCJ3ylgrZ6Fx8oMCFbiLF9Kafqc,4067
+MarkupSafe-3.0.2.dist-info/RECORD,,
+MarkupSafe-3.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+MarkupSafe-3.0.2.dist-info/WHEEL,sha256=tE2EWZPEv-G0fjAlUUz7IGM64246YKD9fpv4HcsDMkk,101
+MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11
+markupsafe/__init__.py,sha256=pREerPwvinB62tNCMOwqxBS2YHV6R52Wcq1d-rB4Z5o,13609
+markupsafe/__pycache__/__init__.cpython-311.pyc,,
+markupsafe/__pycache__/_native.cpython-311.pyc,,
+markupsafe/_native.py,sha256=2ptkJ40yCcp9kq3L1NqpgjfpZB-obniYKFFKUOkHh4Q,218
+markupsafe/_speedups.c,sha256=SglUjn40ti9YgQAO--OgkSyv9tXq9vvaHyVhQows4Ok,4353
+markupsafe/_speedups.cp311-win_amd64.pyd,sha256=-5qfBr0xMpiTRlH9hFg_7Go9PHi7z5guMzmbbmZI3Xw,13312
+markupsafe/_speedups.pyi,sha256=LSDmXYOefH4HVpAXuL8sl7AttLw0oXh1njVoVZp2wqQ,42
+markupsafe/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
similarity index 68%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
index 30c3ff1eb..eed15ec6f 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.40.0)
+Generator: setuptools (75.2.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-win_amd64
 
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-3.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
deleted file mode 100644
index 6523240ce..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/METADATA
+++ /dev/null
@@ -1,46 +0,0 @@
-Metadata-Version: 2.1
-Name: PyYAML
-Version: 6.0.1
-Summary: YAML parser and emitter for Python
-Home-page: https://pyyaml.org/
-Download-URL: https://pypi.org/project/PyYAML/
-Author: Kirill Simonov
-Author-email: xi@resolvent.net
-License: MIT
-Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
-Project-URL: CI, https://github.com/yaml/pyyaml/actions
-Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
-Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
-Project-URL: Source Code, https://github.com/yaml/pyyaml
-Platform: Any
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: Cython
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: Implementation :: CPython
-Classifier: Programming Language :: Python :: Implementation :: PyPy
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Classifier: Topic :: Text Processing :: Markup
-Requires-Python: >=3.6
-License-File: LICENSE
-
-YAML is a data serialization format designed for human readability
-and interaction with scripting languages.  PyYAML is a YAML parser
-and emitter for Python.
-
-PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
-support, capable extension API, and sensible error messages.  PyYAML
-supports standard YAML tags and provides Python-specific tags that
-allow to represent an arbitrary Python object.
-
-PyYAML is applicable for a broad range of tasks from complex
-configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/METADATA
new file mode 100644
index 000000000..0aa015601
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/METADATA
@@ -0,0 +1,46 @@
+Metadata-Version: 2.1
+Name: PyYAML
+Version: 6.0.2
+Summary: YAML parser and emitter for Python
+Home-page: https://pyyaml.org/
+Download-URL: https://pypi.org/project/PyYAML/
+Author: Kirill Simonov
+Author-email: xi@resolvent.net
+License: MIT
+Project-URL: Bug Tracker, https://github.com/yaml/pyyaml/issues
+Project-URL: CI, https://github.com/yaml/pyyaml/actions
+Project-URL: Documentation, https://pyyaml.org/wiki/PyYAMLDocumentation
+Project-URL: Mailing lists, http://lists.sourceforge.net/lists/listinfo/yaml-core
+Project-URL: Source Code, https://github.com/yaml/pyyaml
+Platform: Any
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Cython
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup
+Requires-Python: >=3.8
+License-File: LICENSE
+
+YAML is a data serialization format designed for human readability
+and interaction with scripting languages.  PyYAML is a YAML parser
+and emitter for Python.
+
+PyYAML features a complete YAML 1.1 parser, Unicode support, pickle
+support, capable extension API, and sensible error messages.  PyYAML
+supports standard YAML tags and provides Python-specific tags that
+allow to represent an arbitrary Python object.
+
+PyYAML is applicable for a broad range of tasks from complex
+configuration files to object serialization and persistence.
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/RECORD
similarity index 75%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/RECORD
index 85b830fa4..df6c3cfc7 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/RECORD
@@ -1,13 +1,13 @@
-PyYAML-6.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-PyYAML-6.0.1.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
-PyYAML-6.0.1.dist-info/METADATA,sha256=i3GoINVJ0RnmgIBLEFUIA75PtRGAhQAZGeWJNZFKogc,2104
-PyYAML-6.0.1.dist-info/RECORD,,
-PyYAML-6.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-PyYAML-6.0.1.dist-info/WHEEL,sha256=9wvhO-5NhjjD8YmmxAvXTPQXMDOZ50W5vklzeoqFtkM,102
-PyYAML-6.0.1.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
+PyYAML-6.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+PyYAML-6.0.2.dist-info/LICENSE,sha256=jTko-dxEkP1jVwfLiOsmvXZBAqcoKVQwfT5RZ6V36KQ,1101
+PyYAML-6.0.2.dist-info/METADATA,sha256=9lwXqTOrXPts-jI2Lo5UwuaAYo0hiRA0BZqjch0WjAk,2106
+PyYAML-6.0.2.dist-info/RECORD,,
+PyYAML-6.0.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+PyYAML-6.0.2.dist-info/WHEEL,sha256=yEpuRje-u1Z_HrXQj-UTAfIAegW_HcP2GJ7Ek8BJkUM,102
+PyYAML-6.0.2.dist-info/top_level.txt,sha256=rpj0IVMTisAjh_1vG3Ccf9v5jpCQwAz6cD1IVU5ZdhQ,11
 _yaml/__init__.py,sha256=04Ae_5osxahpJHa3XBZUAf4wi6XX32gR8D6X6p64GEA,1402
 _yaml/__pycache__/__init__.cpython-311.pyc,,
-yaml/__init__.py,sha256=bhl05qSeO-1ZxlSRjGrvl2m9nrXb1n9-GQatTN0Mrqc,12311
+yaml/__init__.py,sha256=N35S01HMesFTe0aRRMWkPj0Pa8IEbHpE9FK7cr5Bdtw,12311
 yaml/__pycache__/__init__.cpython-311.pyc,,
 yaml/__pycache__/composer.cpython-311.pyc,,
 yaml/__pycache__/constructor.cpython-311.pyc,,
@@ -25,7 +25,7 @@ yaml/__pycache__/resolver.cpython-311.pyc,,
 yaml/__pycache__/scanner.cpython-311.pyc,,
 yaml/__pycache__/serializer.cpython-311.pyc,,
 yaml/__pycache__/tokens.cpython-311.pyc,,
-yaml/_yaml.cp311-win_amd64.pyd,sha256=oMYsA1zRMc4eV0dC2R1BXedhpcXVw1pPNqQbjgsKsZU,233984
+yaml/_yaml.cp311-win_amd64.pyd,sha256=6BXrc7YC-BZJ911z64UDwJV3D0ay3GiyETPzbhl0iJc,272384
 yaml/composer.py,sha256=_Ko30Wr6eDWUeUpauUGT3Lcg9QPBnOPVlTnIMRGJ9FM,4883
 yaml/constructor.py,sha256=kNgkfaeLUkwQYY_Q6Ff1Tz2XVw_pG1xVE9Ak7z-viLA,28639
 yaml/cyaml.py,sha256=6ZrAG9fAYvdVe2FK_w0hmXoG7ZYsoYUwapG8CiC72H0,3851
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/WHEEL
similarity index 68%
rename from lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/WHEEL
index d60b00472..f40c43feb 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/MarkupSafe-2.1.5.dist-info/WHEEL
+++ b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/WHEEL
@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: bdist_wheel (0.44.0)
 Root-Is-Purelib: false
 Tag: cp311-cp311-win_amd64
 
diff --git a/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/windows-amd64/PyYAML-6.0.2.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/windows-amd64/files.json b/lib/go-jinja2/internal/data/windows-amd64/files.json
index 10ebae93d..1983c92f9 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/files.json
+++ b/lib/go-jinja2/internal/data/windows-amd64/files.json
@@ -1,83 +1,83 @@
 {
-  "contentHash": "0e7534fac6d44d48c055b329a90014ccd5d1c9f6798ce0bac3f465d479ee8499",
+  "contentHash": "614cb3c45962399dd07387533de76a173a83f24f1f50333a2776a7e570f231a8",
   "files": [
     {
-      "name": "MarkupSafe-2.1.5.dist-info",
+      "name": "MarkupSafe-3.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/INSTALLER",
+      "name": "MarkupSafe-3.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/LICENSE.rst",
+      "name": "MarkupSafe-3.0.2.dist-info/LICENSE.txt",
       "size": 1503,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/METADATA",
-      "size": 3096,
+      "name": "MarkupSafe-3.0.2.dist-info/METADATA",
+      "size": 4067,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/RECORD",
-      "size": 1188,
+      "name": "MarkupSafe-3.0.2.dist-info/RECORD",
+      "size": 1186,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/REQUESTED",
+      "name": "MarkupSafe-3.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/WHEEL",
-      "size": 102,
+      "name": "MarkupSafe-3.0.2.dist-info/WHEEL",
+      "size": 101,
       "perm": 420
     },
     {
-      "name": "MarkupSafe-2.1.5.dist-info/top_level.txt",
+      "name": "MarkupSafe-3.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info",
+      "name": "PyYAML-6.0.2.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/INSTALLER",
+      "name": "PyYAML-6.0.2.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/LICENSE",
+      "name": "PyYAML-6.0.2.dist-info/LICENSE",
       "size": 1101,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/METADATA",
-      "size": 2104,
+      "name": "PyYAML-6.0.2.dist-info/METADATA",
+      "size": 2106,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/RECORD",
+      "name": "PyYAML-6.0.2.dist-info/RECORD",
       "size": 2771,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/REQUESTED",
+      "name": "PyYAML-6.0.2.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/WHEEL",
+      "name": "PyYAML-6.0.2.dist-info/WHEEL",
       "size": 102,
       "perm": 420
     },
     {
-      "name": "PyYAML-6.0.1.dist-info/top_level.txt",
+      "name": "PyYAML-6.0.2.dist-info/top_level.txt",
       "size": 11,
       "perm": 420
     },
@@ -417,47 +417,47 @@
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info",
+      "name": "jsonpath_ng-1.7.0.dist-info",
       "size": 0,
       "perm": 2147484141
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/INSTALLER",
+      "name": "jsonpath_ng-1.7.0.dist-info/INSTALLER",
       "size": 4,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/LICENSE",
+      "name": "jsonpath_ng-1.7.0.dist-info/LICENSE",
       "size": 11358,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/METADATA",
-      "size": 18072,
+      "name": "jsonpath_ng-1.7.0.dist-info/METADATA",
+      "size": 18400,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/RECORD",
+      "name": "jsonpath_ng-1.7.0.dist-info/RECORD",
       "size": 2549,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/REQUESTED",
+      "name": "jsonpath_ng-1.7.0.dist-info/REQUESTED",
       "size": 0,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/WHEEL",
+      "name": "jsonpath_ng-1.7.0.dist-info/WHEEL",
       "size": 92,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/entry_points.txt",
-      "size": 69,
+      "name": "jsonpath_ng-1.7.0.dist-info/entry_points.txt",
+      "size": 70,
       "perm": 420
     },
     {
-      "name": "jsonpath_ng-1.6.1.dist-info/top_level.txt",
+      "name": "jsonpath_ng-1.7.0.dist-info/top_level.txt",
       "size": 12,
       "perm": 420
     },
@@ -508,32 +508,32 @@
     },
     {
       "name": "jsonpath_ng/ext/iterable.py",
-      "size": 3680,
+      "size": 4302,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/parser.py",
-      "size": 5351,
+      "size": 5416,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/ext/string.py",
-      "size": 3261,
+      "size": 4045,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/jsonpath.py",
-      "size": 26402,
+      "size": 27219,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/lexer.py",
-      "size": 5231,
+      "size": 5276,
       "perm": 420
     },
     {
       "name": "jsonpath_ng/parser.py",
-      "size": 5883,
+      "size": 6077,
       "perm": 420
     },
     {
@@ -543,28 +543,28 @@
     },
     {
       "name": "markupsafe/__init__.py",
-      "size": 11290,
+      "size": 13609,
       "perm": 420
     },
     {
       "name": "markupsafe/_native.py",
-      "size": 1776,
+      "size": 218,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.c",
-      "size": 7403,
+      "size": 4353,
       "perm": 420
     },
     {
       "name": "markupsafe/_speedups.cp311-win_amd64.pyd",
-      "size": 15872,
+      "size": 13312,
       "perm": 420,
       "compressed": true
     },
     {
       "name": "markupsafe/_speedups.pyi",
-      "size": 238,
+      "size": 42,
       "perm": 420
     },
     {
@@ -800,7 +800,7 @@
     },
     {
       "name": "yaml/_yaml.cp311-win_amd64.pyd",
-      "size": 233984,
+      "size": 272384,
       "perm": 420,
       "compressed": true
     },
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
deleted file mode 100644
index 86be119bc..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/METADATA
+++ /dev/null
@@ -1,379 +0,0 @@
-Metadata-Version: 2.1
-Name: jsonpath-ng
-Version: 1.6.1
-Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
-Home-page: https://github.com/h2non/jsonpath-ng
-Author: Tomas Aparicio
-Author-email: tomas@aparicio.me
-License: Apache 2.0
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.7
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-License-File: LICENSE
-Requires-Dist: ply
-
-Python JSONPath Next-Generation |Build Status| |PyPI|
-=====================================================
-
-A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
-and binary comparison operators, as defined in the original `JSONPath proposal`_.
-
-This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
-provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
-
-About
------
-
-This library provides a robust and significantly extended implementation
-of JSONPath for Python. It is tested with CPython 3.7 and higher.
-
-This library differs from other JSONPath implementations in that it is a
-full *language* implementation, meaning the JSONPath expressions are
-first class objects, easy to analyze, transform, parse, print, and
-extend.
-
-Quick Start
------------
-
-To install, use pip:
-
-.. code:: bash
-
-    $ pip install --upgrade jsonpath-ng
-
-
-Usage
------
-
-Basic examples:
-
-.. code:: python
-
-    $ python
-
-    >>> from jsonpath_ng import jsonpath, parse
-
-    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
-    >>> jsonpath_expr = parse('foo[*].baz')
-
-    # Extracting values is easy
-    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
-    [1, 2]
-
-    # Matches remember where they came from
-    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
-    ['foo.[0].baz', 'foo.[1].baz']
-
-    # Modifying values matching the path
-    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
-    {'foo': [{'baz': 3}, {'baz': 3}]}
-
-    # Modifying one of the values matching the path
-    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
-    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
-    {'foo': [{'baz': 3}, {'baz': 2}]}
-
-    # Removing all values matching a path
-    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
-    {'foo': [{}, {}]}
-
-    # Removing values containing particular data matching path
-    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
-    {'foo': [{'baz': 1}, {}]}
-
-    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
-    >>> jsonpath.auto_id_field = 'id'
-    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
-    ['foo.bizzle', 'foo.[1]']
-
-    # A handy extension: named operators like `parent`
-    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
-    ['number two', 'number one']
-
-    # You can also build expressions directly quite easily
-    >>> from jsonpath_ng.jsonpath import Fields
-    >>> from jsonpath_ng.jsonpath import Slice
-
-    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
-
-
-Using the extended parser:
-
-.. code:: python
-
-  $ python
-
-  >>> from jsonpath_ng.ext import parse
-
-  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
-  >>> jsonpath_expr = parse('foo[*].baz')
-
-
-JSONPath Syntax
----------------
-
-The JSONPath syntax supported by this library includes some additional
-features and omits some problematic features (those that make it
-unportable). In particular, some new operators such as ``|`` and
-``where`` are available, and parentheses are used for grouping not for
-callbacks into Python, since with these changes the language is not
-trivially associative. Also, fields may be quoted whether or not they
-are contained in brackets.
-
-Atomic expressions:
-
-+-----------------------+---------------------------------------------------------------------------------------------+
-| Syntax                | Meaning                                                                                     |
-+=======================+=============================================================================================+
-| ``$``                 | The root object                                                                             |
-+-----------------------+---------------------------------------------------------------------------------------------+
-| ```this```            | The "current" object.                                                                       |
-+-----------------------+---------------------------------------------------------------------------------------------+
-| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
-+-----------------------+---------------------------------------------------------------------------------------------+
-| *field*               | Specified field(s), described below                                                         |
-+-----------------------+---------------------------------------------------------------------------------------------+
-| ``[`` *field* ``]``   | Same as *field*                                                                             |
-+-----------------------+---------------------------------------------------------------------------------------------+
-| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
-+-----------------------+---------------------------------------------------------------------------------------------+
-
-Jsonpath operators:
-
-+-------------------------------------+------------------------------------------------------------------------------------+
-| Syntax                              | Meaning                                                                            |
-+=====================================+====================================================================================+
-| *jsonpath1* ``.`` *jsonpath2*       | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*         |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath* ``[`` *whatever* ``]``   | Same as *jsonpath*\ ``.``\ *whatever*                                              |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``..`` *jsonpath2*      | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``where`` *jsonpath2*   | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                   |
-+-------------------------------------+------------------------------------------------------------------------------------+
-| *jsonpath1* ``|`` *jsonpath2*       | Any nodes matching the union of *jsonpath1* and *jsonpath2*                        |
-+-------------------------------------+------------------------------------------------------------------------------------+
-
-Field specifiers ( *field* ):
-
-+-------------------------+-------------------------------------------------------------------------------------+
-| Syntax                  | Meaning                                                                             |
-+=========================+=====================================================================================+
-| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
-+-------------------------+-------------------------------------------------------------------------------------+
-| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
-+-------------------------+-------------------------------------------------------------------------------------+
-| ``'fieldname'``         | ditto                                                                               |
-+-------------------------+-------------------------------------------------------------------------------------+
-| ``*``                   | any field                                                                           |
-+-------------------------+-------------------------------------------------------------------------------------+
-| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
-+-------------------------+-------------------------------------------------------------------------------------+
-
-Array specifiers ( *idx* ):
-
-+-----------------------------------------+---------------------------------------------------------------------------------------+
-| Syntax                                  | Meaning                                                                               |
-+=========================================+=======================================================================================+
-| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
-+-----------------------------------------+---------------------------------------------------------------------------------------+
-| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
-+-----------------------------------------+---------------------------------------------------------------------------------------+
-| ``[*]``                                 | any array index                                                                       |
-+-----------------------------------------+---------------------------------------------------------------------------------------+
-
-Programmatic JSONPath
----------------------
-
-If you are programming in Python and would like a more robust way to
-create JSONPath expressions that does not depend on a parser, it is very
-easy to do so directly, and here are some examples:
-
--  ``Root()``
--  ``Slice(start=0, end=None, step=None)``
--  ``Fields('foo', 'bar')``
--  ``Index(42)``
--  ``Child(Fields('foo'), Index(42))``
--  ``Where(Slice(), Fields('subfield'))``
--  ``Descendants(jsonpath, jsonpath)``
-
-
-Extras
-------
-
--  *Path data*: The result of ``JsonPath.find`` provide detailed context
-   and path data so it is easy to traverse to parent objects, print full
-   paths to pieces of data, and generate automatic ids.
--  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
-   other than None, then for any piece of data missing that field, it
-   will be replaced by the JSONPath to it, giving automatic unique ids
-   to any piece of data. These ids will take into account any ids
-   already present as well.
--  *Named operators*: Instead of using ``@`` to reference the current
-   object, this library uses ```this```. In general, any string
-   contained in backquotes can be made to be a new operator, currently
-   by extending the library.
-
-
-Extensions
-----------
-
-To use the extensions below you must import from `jsonpath_ng.ext`.
-
-+--------------+-----------------------------------------------+
-| name         | Example                                       |
-+==============+===============================================+
-| len          | - ``$.objects.`len```                         |
-+--------------+-----------------------------------------------+
-| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
-|              | - ``$.field.`sub(/regex/, replacement)```     |
-+--------------+-----------------------------------------------+
-| split        | - ``$.field.`split(+, 2, -1)```               |
-|              | - ``$.field.`split(sep, segement, maxsplit)```|
-+--------------+-----------------------------------------------+
-| sorted       | - ``$.objects.`sorted```                      |
-|              | - ``$.objects[\\some_field]``                 |
-|              | - ``$.objects[\\some_field,/other_field]``    |
-+--------------+-----------------------------------------------+
-| filter       | - ``$.objects[?(@some_field > 5)]``           |
-|              | - ``$.objects[?some_field = "foobar"]``       |
-|              | - ``$.objects[?some_field =~ "foobar"]``      |
-|              | - ``$.objects[?some_field > 5 & other < 2]``  |
-|              |                                               |
-|              | Supported operators:                          |
-|              | - Equality: ==, =, !=                         |
-|              | - Comparison: >, >=, <, <=                    |
-|              | - Regex match: =~                             |
-|              |                                               |
-|              | Combine multiple criteria with '&'.           |
-|              |                                               |
-|              | Properties can only be compared to static     |
-|              | values.                                       |
-+--------------+-----------------------------------------------+
-| arithmetic   | - ``$.foo + "_" + $.bar``                     |
-| (-+*/)       | - ``$.foo * 12``                              |
-|              | - ``$.objects[*].cow + $.objects[*].cat``     |
-+--------------+-----------------------------------------------+
-
-About arithmetic and string
----------------------------
-
-Operations are done with python operators and allows types that python
-allows, and return [] if the operation can be done due to incompatible types.
-
-When operators are used, a jsonpath must be be fully defined otherwise
-jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
-in this case it will choice string as type.
-
-Example with data::
-
-    {
-        'cow': 'foo',
-        'fish': 'bar'
-    }
-
-| ``cow + fish`` returns ``cowfish``
-| ``$.cow + $.fish`` returns ``foobar``
-| ``$.cow + "_" + $.fish`` returns ``foo_bar``
-| ``$.cow + "_" + fish`` returns ``foo_fish``
-
-About arithmetic and list
--------------------------
-
-Arithmetic can be used against two lists if they have the same size.
-
-Example with data::
-
-    {'objects': [
-        {'cow': 2, 'cat': 3},
-        {'cow': 4, 'cat': 6}
-    ]}
-
-| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
-
-More to explore
----------------
-
-There are way too many JSONPath implementations out there to discuss.
-Some are robust, some are toy projects that still work fine, some are
-exercises. There will undoubtedly be many more. This one is made for use
-in released, maintained code, and in particular for programmatic access
-to the abstract syntax and extension. But JSONPath at its simplest just
-isn't that complicated, so you can probably use any of them
-successfully. Why not this one?
-
-The original proposal, as far as I know:
-
--  `JSONPath - XPath for
-   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
-
-Other examples
---------------
-
-Loading json data from file
-
-.. code:: python
-
-    import json
-    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
-    # or
-    with open('myfile.json') as f:
-        d = json.load(f)
-
-Special note about PLY and docstrings
--------------------------------------
-
-The main parsing toolkit underlying this library,
-`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
-removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
-cause a failure.
-
-Contributors
-------------
-
-This package is authored and maintained by:
-
--  `Kenn Knowles <https://github.com/kennknowles>`__
-   (`@kennknowles <https://twitter.com/KennKnowles>`__)
--  `Tomas Aparicio <https://github.com/h2non>`
-
-with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
-
-Copyright and License
----------------------
-
-Copyright 2013 - Kenneth Knowles
-
-Copyright 2017 - Tomas Aparicio
-
-Licensed under the Apache License, Version 2.0 (the "License"); you may
-not use this file except in compliance with the License. You may obtain
-a copy of the License at
-
-::
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
-.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
-.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
-
-.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
-   :target: https://pypi.python.org/pypi/jsonpath-ng
-.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
-   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
-.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
-   :target: https://pypi.python.org/pypi/jsonpath-ng
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
deleted file mode 100644
index 57e3d840d..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/WHEEL
+++ /dev/null
@@ -1,5 +0,0 @@
-Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
-Root-Is-Purelib: true
-Tag: py3-none-any
-
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
deleted file mode 100644
index e1985ff19..000000000
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/entry_points.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-[console_scripts]
-jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/INSTALLER
rename to lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/INSTALLER
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/LICENSE
rename to lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/LICENSE
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/METADATA b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
new file mode 100644
index 000000000..3a7d08dd6
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/METADATA
@@ -0,0 +1,384 @@
+Metadata-Version: 2.1
+Name: jsonpath-ng
+Version: 1.7.0
+Summary: A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic and binary comparison operators and providing clear AST for metaprogramming.
+Home-page: https://github.com/h2non/jsonpath-ng
+Author: Tomas Aparicio
+Author-email: tomas@aparicio.me
+License: Apache 2.0
+Platform: UNKNOWN
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Dist: ply
+
+Python JSONPath Next-Generation |Build Status| |PyPI|
+=====================================================
+
+A final implementation of JSONPath for Python that aims to be standard compliant, including arithmetic
+and binary comparison operators, as defined in the original `JSONPath proposal`_.
+
+This packages merges both `jsonpath-rw`_ and `jsonpath-rw-ext`_ and
+provides several AST API enhancements, such as the ability to update or remove nodes in the tree.
+
+About
+-----
+
+This library provides a robust and significantly extended implementation
+of JSONPath for Python. It is tested with CPython 3.8 and higher.
+
+This library differs from other JSONPath implementations in that it is a
+full *language* implementation, meaning the JSONPath expressions are
+first class objects, easy to analyze, transform, parse, print, and
+extend.
+
+Quick Start
+-----------
+
+To install, use pip:
+
+.. code:: bash
+
+    $ pip install --upgrade jsonpath-ng
+
+
+Usage
+-----
+
+Basic examples:
+
+.. code:: python
+
+    $ python
+
+    >>> from jsonpath_ng import jsonpath, parse
+
+    # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+    >>> jsonpath_expr = parse('foo[*].baz')
+
+    # Extracting values is easy
+    >>> [match.value for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    [1, 2]
+
+    # Matches remember where they came from
+    >>> [str(match.full_path) for match in jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})]
+    ['foo.[0].baz', 'foo.[1].baz']
+
+    # Modifying values matching the path
+    >>> jsonpath_expr.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 3}]}
+
+    # Modifying one of the values matching the path
+    >>> matches = jsonpath_expr.find({'foo': [{'baz': 1}, {'baz': 2}]})
+    >>> matches[0].full_path.update( {'foo': [{'baz': 1}, {'baz': 2}]}, 3)
+    {'foo': [{'baz': 3}, {'baz': 2}]}
+
+    # Removing all values matching a path
+    >>> jsonpath_expr.filter(lambda d: True, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{}, {}]}
+
+    # Removing values containing particular data matching path
+    >>> jsonpath_expr.filter(lambda d: d == 2, {'foo': [{'baz': 1}, {'baz': 2}]})
+    {'foo': [{'baz': 1}, {}]}
+
+    # And this can be useful for automatically providing ids for bits of data that do not have them (currently a global switch)
+    >>> jsonpath.auto_id_field = 'id'
+    >>> [match.value for match in parse('foo[*].id').find({'foo': [{'id': 'bizzle'}, {'baz': 3}]})]
+    ['foo.bizzle', 'foo.[1]']
+
+    # A handy extension: named operators like `parent`
+    >>> [match.value for match in parse('a.*.b.`parent`.c').find({'a': {'x': {'b': 1, 'c': 'number one'}, 'y': {'b': 2, 'c': 'number two'}}})]
+    ['number two', 'number one']
+
+    # You can also build expressions directly quite easily
+    >>> from jsonpath_ng.jsonpath import Fields
+    >>> from jsonpath_ng.jsonpath import Slice
+
+    >>> jsonpath_expr_direct = Fields('foo').child(Slice('*')).child(Fields('baz'))  # This is equivalent
+
+
+Using the extended parser:
+
+.. code:: python
+
+  $ python
+
+  >>> from jsonpath_ng.ext import parse
+
+  # A robust parser, not just a regex. (Makes powerful extensions possible; see below)
+  >>> jsonpath_expr = parse('foo[*].baz')
+
+
+JSONPath Syntax
+---------------
+
+The JSONPath syntax supported by this library includes some additional
+features and omits some problematic features (those that make it
+unportable). In particular, some new operators such as ``|`` and
+``where`` are available, and parentheses are used for grouping not for
+callbacks into Python, since with these changes the language is not
+trivially associative. Also, fields may be quoted whether or not they
+are contained in brackets.
+
+Atomic expressions:
+
++-----------------------+---------------------------------------------------------------------------------------------+
+| Syntax                | Meaning                                                                                     |
++=======================+=============================================================================================+
+| ``$``                 | The root object                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```this```            | The "current" object.                                                                       |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ```foo```             | More generally, this syntax allows "named operators" to extend JSONPath is arbitrary ways   |
++-----------------------+---------------------------------------------------------------------------------------------+
+| *field*               | Specified field(s), described below                                                         |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *field* ``]``   | Same as *field*                                                                             |
++-----------------------+---------------------------------------------------------------------------------------------+
+| ``[`` *idx* ``]``     | Array access, described below (this is always unambiguous with field access)                |
++-----------------------+---------------------------------------------------------------------------------------------+
+
+Jsonpath operators:
+
++--------------------------------------+-----------------------------------------------------------------------------------+
+| Syntax                               | Meaning                                                                           |
++======================================+===================================================================================+
+| *jsonpath1* ``.`` *jsonpath2*        | All nodes matched by *jsonpath2* starting at any node matching *jsonpath1*        |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath* ``[`` *whatever* ``]``    | Same as *jsonpath*\ ``.``\ *whatever*                                             |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``..`` *jsonpath2*       | All nodes matched by *jsonpath2* that descend from any node matching *jsonpath1*  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``where`` *jsonpath2*    | Any nodes matching *jsonpath1* with a child matching *jsonpath2*                  |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``wherenot`` *jsonpath2* | Any nodes matching *jsonpath1* with a child not matching *jsonpath2*              |
++--------------------------------------+-----------------------------------------------------------------------------------+
+| *jsonpath1* ``|`` *jsonpath2*        | Any nodes matching the union of *jsonpath1* and *jsonpath2*                       |
++--------------------------------------+-----------------------------------------------------------------------------------+
+
+Field specifiers ( *field* ):
+
++-------------------------+-------------------------------------------------------------------------------------+
+| Syntax                  | Meaning                                                                             |
++=========================+=====================================================================================+
+| ``fieldname``           | the field ``fieldname`` (from the "current" object)                                 |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``"fieldname"``         | same as above, for allowing special characters in the fieldname                     |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``'fieldname'``         | ditto                                                                               |
++-------------------------+-------------------------------------------------------------------------------------+
+| ``*``                   | any field                                                                           |
++-------------------------+-------------------------------------------------------------------------------------+
+| *field* ``,`` *field*   | either of the named fields (you can always build equivalent jsonpath using ``|``)   |
++-------------------------+-------------------------------------------------------------------------------------+
+
+Array specifiers ( *idx* ):
+
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| Syntax                                  | Meaning                                                                               |
++=========================================+=======================================================================================+
+| ``[``\ *n*\ ``]``                       | array index (may be comma-separated list)                                             |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[``\ *start*\ ``?:``\ *end*\ ``?]``   | array slicing (note that *step* is unimplemented only due to lack of need thus far)   |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+| ``[*]``                                 | any array index                                                                       |
++-----------------------------------------+---------------------------------------------------------------------------------------+
+
+Programmatic JSONPath
+---------------------
+
+If you are programming in Python and would like a more robust way to
+create JSONPath expressions that does not depend on a parser, it is very
+easy to do so directly, and here are some examples:
+
+-  ``Root()``
+-  ``Slice(start=0, end=None, step=None)``
+-  ``Fields('foo', 'bar')``
+-  ``Index(42)``
+-  ``Child(Fields('foo'), Index(42))``
+-  ``Where(Slice(), Fields('subfield'))``
+-  ``Descendants(jsonpath, jsonpath)``
+
+
+Extras
+------
+
+-  *Path data*: The result of ``JsonPath.find`` provide detailed context
+   and path data so it is easy to traverse to parent objects, print full
+   paths to pieces of data, and generate automatic ids.
+-  *Automatic Ids*: If you set ``jsonpath_ng.auto_id_field`` to a value
+   other than None, then for any piece of data missing that field, it
+   will be replaced by the JSONPath to it, giving automatic unique ids
+   to any piece of data. These ids will take into account any ids
+   already present as well.
+-  *Named operators*: Instead of using ``@`` to reference the current
+   object, this library uses ```this```. In general, any string
+   contained in backquotes can be made to be a new operator, currently
+   by extending the library.
+
+
+Extensions
+----------
+
+To use the extensions below you must import from `jsonpath_ng.ext`.
+
++--------------+-----------------------------------------------+
+| name         | Example                                       |
++==============+===============================================+
+| len          | - ``$.objects.`len```                         |
++--------------+-----------------------------------------------+
+| sub          | - ``$.field.`sub(/foo\\\\+(.*)/, \\\\1)```    |
+|              | - ``$.field.`sub(/regex/, replacement)```     |
++--------------+-----------------------------------------------+
+| split        | - ``$.field.`split(+, 2, -1)```               |
+|              | - ``$.field.`split(",", *, -1)```             |
+|              | - ``$.field.`split(' ', -1, -1)```            |
+|              | - ``$.field.`split(sep, segement, maxsplit)```|
++--------------+-----------------------------------------------+
+| sorted       | - ``$.objects.`sorted```                      |
+|              | - ``$.objects[\\some_field]``                 |
+|              | - ``$.objects[\\some_field,/other_field]``    |
++--------------+-----------------------------------------------+
+| filter       | - ``$.objects[?(@some_field > 5)]``           |
+|              | - ``$.objects[?some_field = "foobar"]``       |
+|              | - ``$.objects[?some_field =~ "foobar"]``      |
+|              | - ``$.objects[?some_field > 5 & other < 2]``  |
+|              |                                               |
+|              | Supported operators:                          |
+|              | - Equality: ==, =, !=                         |
+|              | - Comparison: >, >=, <, <=                    |
+|              | - Regex match: =~                             |
+|              |                                               |
+|              | Combine multiple criteria with '&'.           |
+|              |                                               |
+|              | Properties can only be compared to static     |
+|              | values.                                       |
++--------------+-----------------------------------------------+
+| arithmetic   | - ``$.foo + "_" + $.bar``                     |
+| (-+*/)       | - ``$.foo * 12``                              |
+|              | - ``$.objects[*].cow + $.objects[*].cat``     |
++--------------+-----------------------------------------------+
+
+About arithmetic and string
+---------------------------
+
+Operations are done with python operators and allows types that python
+allows, and return [] if the operation can be done due to incompatible types.
+
+When operators are used, a jsonpath must be be fully defined otherwise
+jsonpath-rw-ext can't known if the expression is a string or a jsonpath field,
+in this case it will choice string as type.
+
+Example with data::
+
+    {
+        'cow': 'foo',
+        'fish': 'bar'
+    }
+
+| ``cow + fish`` returns ``cowfish``
+| ``$.cow + $.fish`` returns ``foobar``
+| ``$.cow + "_" + $.fish`` returns ``foo_bar``
+| ``$.cow + "_" + fish`` returns ``foo_fish``
+
+About arithmetic and list
+-------------------------
+
+Arithmetic can be used against two lists if they have the same size.
+
+Example with data::
+
+    {'objects': [
+        {'cow': 2, 'cat': 3},
+        {'cow': 4, 'cat': 6}
+    ]}
+
+| ``$.objects[\*].cow + $.objects[\*].cat`` returns ``[6, 9]``
+
+More to explore
+---------------
+
+There are way too many JSONPath implementations out there to discuss.
+Some are robust, some are toy projects that still work fine, some are
+exercises. There will undoubtedly be many more. This one is made for use
+in released, maintained code, and in particular for programmatic access
+to the abstract syntax and extension. But JSONPath at its simplest just
+isn't that complicated, so you can probably use any of them
+successfully. Why not this one?
+
+The original proposal, as far as I know:
+
+-  `JSONPath - XPath for
+   JSON <http://goessner.net/articles/JSONPath/>`__ by Stefan Goessner.
+
+Other examples
+--------------
+
+Loading json data from file
+
+.. code:: python
+
+    import json
+    d = json.loads('{"foo": [{"baz": 1}, {"baz": 2}]}')
+    # or
+    with open('myfile.json') as f:
+        d = json.load(f)
+
+Special note about PLY and docstrings
+-------------------------------------
+
+The main parsing toolkit underlying this library,
+`PLY <https://github.com/dabeaz/ply>`__, does not work with docstrings
+removed. For example, ``PYTHONOPTIMIZE=2`` and ``python -OO`` will both
+cause a failure.
+
+Contributors
+------------
+
+This package is authored and maintained by:
+
+-  `Kenn Knowles <https://github.com/kennknowles>`__
+   (`@kennknowles <https://twitter.com/KennKnowles>`__)
+-  `Tomas Aparicio <https://github.com/h2non>`
+
+with the help of patches submitted by `these contributors <https://github.com/kennknowles/python-jsonpath-ng/graphs/contributors>`__.
+
+Copyright and License
+---------------------
+
+Copyright 2013 - Kenneth Knowles
+
+Copyright 2017 - Tomas Aparicio
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at
+
+::
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+.. _`JSONPath proposal`: http://goessner.net/articles/JsonPath/
+.. _`jsonpath-rw`: https://github.com/kennknowles/python-jsonpath-rw
+.. _`jsonpath-rw-ext`: https://pypi.python.org/pypi/jsonpath-rw-ext/
+
+.. |PyPi downloads| image:: https://pypip.in/d/jsonpath-ng/badge.png
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+.. |Build Status| image:: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml/badge.svg
+   :target: https://github.com/h2non/jsonpath-ng/actions/workflows/ci.yml
+.. |PyPI| image:: https://img.shields.io/pypi/v/jsonpath-ng.svg?maxAge=2592000?style=flat-square
+   :target: https://pypi.python.org/pypi/jsonpath-ng
+
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
similarity index 54%
rename from lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
rename to lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
index 275d5d73f..54ce06ada 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/RECORD
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/RECORD
@@ -1,13 +1,13 @@
 ../../bin/jsonpath_ng,sha256=2EG91IZNROoHjMwKMYQnB0y6prUbkCo3riRYqDYXq9U,262
-jsonpath_ng-1.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-jsonpath_ng-1.6.1.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
-jsonpath_ng-1.6.1.dist-info/METADATA,sha256=vUQZ11cMUSjsVqHDwBX_4xISKfaMNk8qkjn5XC7LSrU,18072
-jsonpath_ng-1.6.1.dist-info/RECORD,,
-jsonpath_ng-1.6.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-jsonpath_ng-1.6.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-jsonpath_ng-1.6.1.dist-info/entry_points.txt,sha256=VRPM3LkYSvQ6p1e61jOm5_NZHTHCZ2xv-2Sbh_qO_68,69
-jsonpath_ng-1.6.1.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
-jsonpath_ng/__init__.py,sha256=Z_5svSHiT2ix7O5PofWaQnQHSorOkYZa_MrAmKXDdv0,116
+jsonpath_ng-1.7.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+jsonpath_ng-1.7.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+jsonpath_ng-1.7.0.dist-info/METADATA,sha256=SeIBPNOSwzieZEWYZ3rJOhSej3WLUbmbudGwGZVvzF8,18400
+jsonpath_ng-1.7.0.dist-info/RECORD,,
+jsonpath_ng-1.7.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+jsonpath_ng-1.7.0.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
+jsonpath_ng-1.7.0.dist-info/entry_points.txt,sha256=X7ZlkFvz1kYSNtz7hXOsRc5L2o3SOCAV0f7IBViZkGQ,70
+jsonpath_ng-1.7.0.dist-info/top_level.txt,sha256=SeYdUWfJ4KSDQbd2GnE6BOd8vMG7Lta9nbIfT2N7xbE,12
+jsonpath_ng/__init__.py,sha256=DU869YGlpMHa48K9X2Ypgb8OwjYU7kEtcea5mC6wv1I,116
 jsonpath_ng/__pycache__/__init__.cpython-311.pyc,,
 jsonpath_ng/__pycache__/exceptions.cpython-311.pyc,,
 jsonpath_ng/__pycache__/jsonpath.cpython-311.pyc,,
@@ -27,9 +27,9 @@ jsonpath_ng/ext/__pycache__/parser.cpython-311.pyc,,
 jsonpath_ng/ext/__pycache__/string.cpython-311.pyc,,
 jsonpath_ng/ext/arithmetic.py,sha256=CvRF0dnFWu7V1v2XrQBjymPJGrxYWIr4ff4efhQQOhE,2381
 jsonpath_ng/ext/filter.py,sha256=QQtK7Xnw8Y_WBAhsQYldPNntoZsqoRjxixQC0Cac_3s,4312
-jsonpath_ng/ext/iterable.py,sha256=iiFKyz_wvpkUREx6iWjHA7tDsmlZ2A2ucEmgQ9U8hfc,3680
-jsonpath_ng/ext/parser.py,sha256=upum_zx8MYeAxITc6pbBKCezkE56qD_KQupw4dYTnyU,5351
-jsonpath_ng/ext/string.py,sha256=IA3gAJg3ykJiX7-gLYoBSd0rTYkJd1jOfIzJ3mHNpyQ,3261
-jsonpath_ng/jsonpath.py,sha256=y9YpSLbGAkjgZqiTxyEgS1iJI6cYW5DswJJQiAN9M1k,26402
-jsonpath_ng/lexer.py,sha256=QCejkzAA3lmkw4L1pJhNReWLyHIh5WP7SeIwqazGzQo,5231
-jsonpath_ng/parser.py,sha256=Gb0SOO_bkoAfx5KgcsLbuSdBjkNH0Iy1BYTac3fGAAw,5883
+jsonpath_ng/ext/iterable.py,sha256=f8PMyfT2MgSCvpQgNc0GNr6ULhxv3kj7tAqA0f7KvIE,4302
+jsonpath_ng/ext/parser.py,sha256=0nkxkF_ComJUMs0jUGzaf5KthC7phlPwcYQy7IHaSxU,5416
+jsonpath_ng/ext/string.py,sha256=m1fUl2yWTyI7I5auWXeM-O3gf0p3WV0CTh9be55Q884,4045
+jsonpath_ng/jsonpath.py,sha256=mfQmaDWfgz_Y6sAqTX-8CUpxoiOem_dg7R9S0ZFyBQE,27219
+jsonpath_ng/lexer.py,sha256=ZXGwVwv8RFPPDswue7pcgCMP4KIlYH_m6xpxQakLBA4,5276
+jsonpath_ng/parser.py,sha256=kirRhGux10hjc5nXqWtz1Ko2P_cfypZciekK1-PrWz4,6077
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/REQUESTED
rename to lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/REQUESTED
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
new file mode 100644
index 000000000..b552003ff
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/WHEEL
@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: bdist_wheel (0.34.2)
+Root-Is-Purelib: true
+Tag: py3-none-any
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
new file mode 100644
index 000000000..105e6040a
--- /dev/null
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/entry_points.txt
@@ -0,0 +1,3 @@
+[console_scripts]
+jsonpath_ng = jsonpath_ng.bin.jsonpath:entry_point
+
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
similarity index 100%
rename from lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.6.1.dist-info/top_level.txt
rename to lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng-1.7.0.dist-info/top_level.txt
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
index ed6553b2d..938f88c0d 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/__init__.py
@@ -3,4 +3,4 @@
 
 
 # Current package version
-__version__ = '1.6.1'
+__version__ = '1.7.0'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
index 40ae1eb5b..c5cd0dc08 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/iterable.py
@@ -116,3 +116,28 @@ def __str__(self):
 
     def __repr__(self):
         return 'Keys()'
+
+class Path(JSONPath):
+    """The JSONPath referring to the path of the current object.
+    Concrete syntax is 'path`'.
+    """
+
+    def find(self, datum):
+        datum = DatumInContext.wrap(datum)
+        try:
+            value = str(datum.path)
+        except Exception as e:
+            return []
+        else:
+            return [DatumInContext(value,
+                                   context=datum,
+                                   path=Path())]
+
+    def __eq__(self, other):
+        return isinstance(other, Path)
+
+    def __str__(self):
+        return '`path`'
+
+    def __repr__(self):
+        return 'Path()'
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
index 756b72c69..fa67f4f22 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/parser.py
@@ -96,6 +96,8 @@ def p_jsonpath_named_operator(self, p):
             p[0] = _iterable.Len()
         elif p[1] == 'keys':
             p[0] = _iterable.Keys()
+        elif p[1] == 'path':
+            p[0] = _iterable.Path()
         elif p[1] == 'sorted':
             p[0] = _iterable.SortedThis()
         elif p[1].startswith("split("):
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
index 1cd27632d..9bf912dfb 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/ext/string.py
@@ -16,7 +16,13 @@
 
 
 SUB = re.compile(r"sub\(/(.*)/,\s+(.*)\)")
-SPLIT = re.compile(r"split\((.),\s+(\d+),\s+(\d+|-1)\)")
+# Regex generated using the EZRegex package (ezregex.org)
+# EZRegex code: 
+# param1 = group(optional(either("'", '"')), name='quote') + group(chunk) + earlier_group('quote')
+# param2 = group(either(optional('-') + number, '*'))
+# param3 = group(optional('-') + number)
+# pattern = 'split' + ow + '(' + ow + param1 + ow + ',' + ow + param2 + ow + ',' + ow + param3 + ow + ')'
+SPLIT = re.compile(r"split(?:\s+)?\((?:\s+)?(?P<quote>(?:(?:'|\"))?)(.+)(?P=quote)(?:\s+)?,(?:\s+)?((?:(?:\-)?\d+|\*))(?:\s+)?,(?:\s+)?((?:\-)?\d+)(?:\s+)?\)")
 STR = re.compile(r"str\(\)")
 
 
@@ -60,23 +66,29 @@ def __str__(self):
 class Split(This):
     """String splitter
 
-    Concrete syntax is '`split(char, segment, max_split)`'
+    Concrete syntax is '`split(chars, segment, max_split)`'
+    `chars` can optionally be surrounded by quotes, to specify things like commas or spaces
+    `segment` can be `*` to select all
+    `max_split` can be negative, to indicate no limit
     """
 
     def __init__(self, method=None):
         m = SPLIT.match(method)
         if m is None:
             raise DefintionInvalid("%s is not valid" % method)
-        self.char = m.group(1)
-        self.segment = int(m.group(2))
-        self.max_split = int(m.group(3))
+        self.chars = m.group(2)
+        self.segment = m.group(3)
+        self.max_split = int(m.group(4))
         self.method = method
 
     def find(self, datum):
         datum = DatumInContext.wrap(datum)
         try:
-            value = datum.value.split(self.char, self.max_split)[self.segment]
-        except Exception:
+            if self.segment == '*':
+                value = datum.value.split(self.chars, self.max_split)
+            else:
+                value = datum.value.split(self.chars, self.max_split)[int(self.segment)]
+        except:
             return []
         return [DatumInContext.wrap(value)]
 
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
index 19e5a9eb3..c2e392b9c 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/jsonpath.py
@@ -369,6 +369,36 @@ def __eq__(self, other):
     def __hash__(self):
         return hash((self.left, self.right))
 
+
+class WhereNot(Where):
+    """
+    Identical to ``Where``, but filters for only those nodes that
+    do *not* have a match on the right.
+
+    >>> jsonpath = WhereNot(Fields('spam'), Fields('spam'))
+    >>> jsonpath.find({"spam": {"spam": 1}})
+    []
+    >>> matches = jsonpath.find({"spam": 1})
+    >>> matches[0].value
+    1
+
+    """
+    def find(self, data):
+        return [subdata for subdata in self.left.find(data)
+                if not self.right.find(subdata)]
+
+    def __str__(self):
+        return '%s wherenot %s' % (self.left, self.right)
+
+    def __eq__(self, other):
+        return (isinstance(other, WhereNot)
+                and other.left == self.left
+                and other.right == self.right)
+
+    def __hash__(self):
+        return hash((self.left, self.right))
+
+
 class Descendants(JSONPath):
     """
     JSONPath that matches first the left expression then any descendant
@@ -597,9 +627,9 @@ def update_or_create(self, data, val):
     def _update_base(self, data, val, create):
         if data is not None:
             for field in self.reified_fields(DatumInContext.wrap(data)):
-                if field not in data and create:
+                if create and field not in data:
                     data[field] = {}
-                if field in data:
+                if type(data) is not bool and field in data:
                     if hasattr(val, '__call__'):
                         data[field] = val(data[field], data, field)
                     else:
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
index b2ad5ee6d..bc86488d5 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/lexer.py
@@ -48,7 +48,10 @@ def tokenize(self, string):
 
     literals = ['*', '.', '[', ']', '(', ')', '$', ',', ':', '|', '&', '~']
 
-    reserved_words = { 'where': 'WHERE' }
+    reserved_words = {
+        'where': 'WHERE',
+        'wherenot': 'WHERENOT',
+    }
 
     tokens = ['DOUBLEDOT', 'NUMBER', 'ID', 'NAMED_OPERATOR'] + list(reserved_words.values())
 
diff --git a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
index 87e353ebf..a2ea6e678 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/jsonpath_ng/parser.py
@@ -33,12 +33,6 @@ def __init__(self, debug=False, lexer_class=None):
         self.debug = debug
         self.lexer_class = lexer_class or JsonPathLexer # Crufty but works around statefulness in PLY
 
-    def parse(self, string, lexer = None):
-        lexer = lexer or self.lexer_class()
-        return self.parse_token_stream(lexer.tokenize(string))
-
-    def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
-
         # Since PLY has some crufty aspects and dumps files, we try to keep them local
         # However, we need to derive the name of the output Python file :-/
         output_directory = os.path.dirname(__file__)
@@ -47,19 +41,24 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         except:
             module_name = __name__
 
+        start_symbol = 'jsonpath'
         parsing_table_module = '_'.join([module_name, start_symbol, 'parsetab'])
 
-        # And we regenerate the parse table every time;
-        # it doesn't actually take that long!
-        new_parser = ply.yacc.yacc(module=self,
-                                   debug=self.debug,
-                                   tabmodule = parsing_table_module,
-                                   outputdir = output_directory,
-                                   write_tables=0,
-                                   start = start_symbol,
-                                   errorlog = logger)
+        # Generate the parse table
+        self.parser = ply.yacc.yacc(module=self,
+                                    debug=self.debug,
+                                    tabmodule = parsing_table_module,
+                                    outputdir = output_directory,
+                                    write_tables=0,
+                                    start = start_symbol,
+                                    errorlog = logger)
+
+    def parse(self, string, lexer = None):
+        lexer = lexer or self.lexer_class()
+        return self.parse_token_stream(lexer.tokenize(string))
 
-        return new_parser.parse(lexer = IteratorToTokenStream(token_iterator))
+    def parse_token_stream(self, token_iterator):
+        return self.parser.parse(lexer = IteratorToTokenStream(token_iterator))
 
     # ===================== PLY Parser specification =====================
 
@@ -70,6 +69,7 @@ def parse_token_stream(self, token_iterator, start_symbol='jsonpath'):
         ('left', '|'),
         ('left', '&'),
         ('left', 'WHERE'),
+        ('left', 'WHERENOT'),
     ]
 
     def p_error(self, t):
@@ -82,6 +82,7 @@ def p_jsonpath_binop(self, p):
         """jsonpath : jsonpath '.' jsonpath
                     | jsonpath DOUBLEDOT jsonpath
                     | jsonpath WHERE jsonpath
+                    | jsonpath WHERENOT jsonpath
                     | jsonpath '|' jsonpath
                     | jsonpath '&' jsonpath"""
         op = p[2]
@@ -92,6 +93,8 @@ def p_jsonpath_binop(self, p):
             p[0] = Descendants(p[1], p[3])
         elif op == 'where':
             p[0] = Where(p[1], p[3])
+        elif op == 'wherenot':
+            p[0] = WhereNot(p[1], p[3])
         elif op == '|':
             p[0] = Union(p[1], p[3])
         elif op == '&':
@@ -146,9 +149,12 @@ def p_jsonpath_parens(self, p):
     # Because fields in brackets cannot be '*' - that is reserved for array indices
     def p_fields_or_any(self, p):
         """fields_or_any : fields
-                         | '*'    """
+                         | '*'
+                         | NUMBER"""
         if p[1] == '*':
             p[0] = ['*']
+        elif isinstance(p[1], int):
+            p[0] = str(p[1])
         else:
             p[0] = p[1]
 
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
index 1b35509bd..e727b6654 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/__init__.py
@@ -1,29 +1,84 @@
-import functools
+from __future__ import annotations
+
+import collections.abc as cabc
 import string
-import sys
 import typing as t
 
+try:
+    from ._speedups import _escape_inner
+except ImportError:
+    from ._native import _escape_inner
+
 if t.TYPE_CHECKING:
     import typing_extensions as te
 
-    class HasHTML(te.Protocol):
-        def __html__(self) -> str:
-            pass
 
-    _P = te.ParamSpec("_P")
+class _HasHTML(t.Protocol):
+    def __html__(self, /) -> str: ...
+
+
+class _TPEscape(t.Protocol):
+    def __call__(self, s: t.Any, /) -> Markup: ...
+
+
+def escape(s: t.Any, /) -> Markup:
+    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
+    the string with HTML-safe sequences. Use this if you need to display
+    text that might contain such characters in HTML.
+
+    If the object has an ``__html__`` method, it is called and the
+    return value is assumed to already be safe for HTML.
+
+    :param s: An object to be converted to a string and escaped.
+    :return: A :class:`Markup` string with the escaped text.
+    """
+    # If the object is already a plain string, skip __html__ check and string
+    # conversion. This is the most common use case.
+    # Use type(s) instead of s.__class__ because a proxy object may be reporting
+    # the __class__ of the proxied value.
+    if type(s) is str:
+        return Markup(_escape_inner(s))
+
+    if hasattr(s, "__html__"):
+        return Markup(s.__html__())
+
+    return Markup(_escape_inner(str(s)))
+
+
+def escape_silent(s: t.Any | None, /) -> Markup:
+    """Like :func:`escape` but treats ``None`` as the empty string.
+    Useful with optional values, as otherwise you get the string
+    ``'None'`` when the value is ``None``.
+
+    >>> escape(None)
+    Markup('None')
+    >>> escape_silent(None)
+    Markup('')
+    """
+    if s is None:
+        return Markup()
 
+    return escape(s)
 
-__version__ = "2.1.5"
 
+def soft_str(s: t.Any, /) -> str:
+    """Convert an object to a string if it isn't already. This preserves
+    a :class:`Markup` string rather than converting it back to a basic
+    string, so it will still be marked as safe and won't be escaped
+    again.
 
-def _simple_escaping_wrapper(func: "t.Callable[_P, str]") -> "t.Callable[_P, Markup]":
-    @functools.wraps(func)
-    def wrapped(self: "Markup", *args: "_P.args", **kwargs: "_P.kwargs") -> "Markup":
-        arg_list = _escape_argspec(list(args), enumerate(args), self.escape)
-        _escape_argspec(kwargs, kwargs.items(), self.escape)
-        return self.__class__(func(self, *arg_list, **kwargs))  # type: ignore[arg-type]
+    >>> value = escape("<User 1>")
+    >>> value
+    Markup('&lt;User 1&gt;')
+    >>> escape(str(value))
+    Markup('&amp;lt;User 1&amp;gt;')
+    >>> escape(soft_str(value))
+    Markup('&lt;User 1&gt;')
+    """
+    if not isinstance(s, str):
+        return str(s)
 
-    return wrapped  # type: ignore[return-value]
+    return s
 
 
 class Markup(str):
@@ -65,82 +120,72 @@ class Markup(str):
     __slots__ = ()
 
     def __new__(
-        cls, base: t.Any = "", encoding: t.Optional[str] = None, errors: str = "strict"
-    ) -> "te.Self":
-        if hasattr(base, "__html__"):
-            base = base.__html__()
+        cls, object: t.Any = "", encoding: str | None = None, errors: str = "strict"
+    ) -> te.Self:
+        if hasattr(object, "__html__"):
+            object = object.__html__()
 
         if encoding is None:
-            return super().__new__(cls, base)
+            return super().__new__(cls, object)
 
-        return super().__new__(cls, base, encoding, errors)
+        return super().__new__(cls, object, encoding, errors)
 
-    def __html__(self) -> "te.Self":
+    def __html__(self, /) -> te.Self:
         return self
 
-    def __add__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.__class__(super().__add__(self.escape(other)))
+    def __add__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.__class__(super().__add__(self.escape(value)))
 
         return NotImplemented
 
-    def __radd__(self, other: t.Union[str, "HasHTML"]) -> "te.Self":
-        if isinstance(other, str) or hasattr(other, "__html__"):
-            return self.escape(other).__add__(self)
+    def __radd__(self, value: str | _HasHTML, /) -> te.Self:
+        if isinstance(value, str) or hasattr(value, "__html__"):
+            return self.escape(value).__add__(self)
 
         return NotImplemented
 
-    def __mul__(self, num: "te.SupportsIndex") -> "te.Self":
-        if isinstance(num, int):
-            return self.__class__(super().__mul__(num))
+    def __mul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-        return NotImplemented
-
-    __rmul__ = __mul__
+    def __rmul__(self, value: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().__mul__(value))
 
-    def __mod__(self, arg: t.Any) -> "te.Self":
-        if isinstance(arg, tuple):
+    def __mod__(self, value: t.Any, /) -> te.Self:
+        if isinstance(value, tuple):
             # a tuple of arguments, each wrapped
-            arg = tuple(_MarkupEscapeHelper(x, self.escape) for x in arg)
-        elif hasattr(type(arg), "__getitem__") and not isinstance(arg, str):
+            value = tuple(_MarkupEscapeHelper(x, self.escape) for x in value)
+        elif hasattr(type(value), "__getitem__") and not isinstance(value, str):
             # a mapping of arguments, wrapped
-            arg = _MarkupEscapeHelper(arg, self.escape)
+            value = _MarkupEscapeHelper(value, self.escape)
         else:
             # a single argument, wrapped with the helper and a tuple
-            arg = (_MarkupEscapeHelper(arg, self.escape),)
+            value = (_MarkupEscapeHelper(value, self.escape),)
 
-        return self.__class__(super().__mod__(arg))
+        return self.__class__(super().__mod__(value))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return f"{self.__class__.__name__}({super().__repr__()})"
 
-    def join(self, seq: t.Iterable[t.Union[str, "HasHTML"]]) -> "te.Self":
-        return self.__class__(super().join(map(self.escape, seq)))
-
-    join.__doc__ = str.join.__doc__
+    def join(self, iterable: cabc.Iterable[str | _HasHTML], /) -> te.Self:
+        return self.__class__(super().join(map(self.escape, iterable)))
 
     def split(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().split(sep, maxsplit)]
 
-    split.__doc__ = str.split.__doc__
-
     def rsplit(  # type: ignore[override]
-        self, sep: t.Optional[str] = None, maxsplit: int = -1
-    ) -> t.List["te.Self"]:
+        self, /, sep: str | None = None, maxsplit: t.SupportsIndex = -1
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().rsplit(sep, maxsplit)]
 
-    rsplit.__doc__ = str.rsplit.__doc__
-
     def splitlines(  # type: ignore[override]
-        self, keepends: bool = False
-    ) -> t.List["te.Self"]:
+        self, /, keepends: bool = False
+    ) -> list[te.Self]:
         return [self.__class__(v) for v in super().splitlines(keepends)]
 
-    splitlines.__doc__ = str.splitlines.__doc__
-
-    def unescape(self) -> str:
+    def unescape(self, /) -> str:
         """Convert escaped markup back into a text string. This replaces
         HTML entities with the characters they represent.
 
@@ -151,7 +196,7 @@ def unescape(self) -> str:
 
         return unescape(str(self))
 
-    def striptags(self) -> str:
+    def striptags(self, /) -> str:
         """:meth:`unescape` the markup, remove tags, and normalize
         whitespace to single spaces.
 
@@ -163,31 +208,17 @@ def striptags(self) -> str:
         # Look for comments then tags separately. Otherwise, a comment that
         # contains a tag would end early, leaving some of the comment behind.
 
-        while True:
-            # keep finding comment start marks
-            start = value.find("<!--")
-
-            if start == -1:
-                break
-
+        # keep finding comment start marks
+        while (start := value.find("<!--")) != -1:
             # find a comment end mark beyond the start, otherwise stop
-            end = value.find("-->", start)
-
-            if end == -1:
+            if (end := value.find("-->", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 3:]}"
 
         # remove tags using the same method
-        while True:
-            start = value.find("<")
-
-            if start == -1:
-                break
-
-            end = value.find(">", start)
-
-            if end == -1:
+        while (start := value.find("<")) != -1:
+            if (end := value.find(">", start)) == -1:
                 break
 
             value = f"{value[:start]}{value[end + 1:]}"
@@ -197,7 +228,7 @@ def striptags(self) -> str:
         return self.__class__(value).unescape()
 
     @classmethod
-    def escape(cls, s: t.Any) -> "te.Self":
+    def escape(cls, s: t.Any, /) -> te.Self:
         """Escape a string. Calls :func:`escape` and ensures that for
         subclasses the correct type is returned.
         """
@@ -208,49 +239,90 @@ def escape(cls, s: t.Any) -> "te.Self":
 
         return rv  # type: ignore[return-value]
 
-    __getitem__ = _simple_escaping_wrapper(str.__getitem__)
-    capitalize = _simple_escaping_wrapper(str.capitalize)
-    title = _simple_escaping_wrapper(str.title)
-    lower = _simple_escaping_wrapper(str.lower)
-    upper = _simple_escaping_wrapper(str.upper)
-    replace = _simple_escaping_wrapper(str.replace)
-    ljust = _simple_escaping_wrapper(str.ljust)
-    rjust = _simple_escaping_wrapper(str.rjust)
-    lstrip = _simple_escaping_wrapper(str.lstrip)
-    rstrip = _simple_escaping_wrapper(str.rstrip)
-    center = _simple_escaping_wrapper(str.center)
-    strip = _simple_escaping_wrapper(str.strip)
-    translate = _simple_escaping_wrapper(str.translate)
-    expandtabs = _simple_escaping_wrapper(str.expandtabs)
-    swapcase = _simple_escaping_wrapper(str.swapcase)
-    zfill = _simple_escaping_wrapper(str.zfill)
-    casefold = _simple_escaping_wrapper(str.casefold)
-
-    if sys.version_info >= (3, 9):
-        removeprefix = _simple_escaping_wrapper(str.removeprefix)
-        removesuffix = _simple_escaping_wrapper(str.removesuffix)
-
-    def partition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().partition(self.escape(sep))
+    def __getitem__(self, key: t.SupportsIndex | slice, /) -> te.Self:
+        return self.__class__(super().__getitem__(key))
+
+    def capitalize(self, /) -> te.Self:
+        return self.__class__(super().capitalize())
+
+    def title(self, /) -> te.Self:
+        return self.__class__(super().title())
+
+    def lower(self, /) -> te.Self:
+        return self.__class__(super().lower())
+
+    def upper(self, /) -> te.Self:
+        return self.__class__(super().upper())
+
+    def replace(self, old: str, new: str, count: t.SupportsIndex = -1, /) -> te.Self:
+        return self.__class__(super().replace(old, self.escape(new), count))
+
+    def ljust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().ljust(width, self.escape(fillchar)))
+
+    def rjust(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().rjust(width, self.escape(fillchar)))
+
+    def lstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().lstrip(chars))
+
+    def rstrip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().rstrip(chars))
+
+    def center(self, width: t.SupportsIndex, fillchar: str = " ", /) -> te.Self:
+        return self.__class__(super().center(width, self.escape(fillchar)))
+
+    def strip(self, chars: str | None = None, /) -> te.Self:
+        return self.__class__(super().strip(chars))
+
+    def translate(
+        self,
+        table: cabc.Mapping[int, str | int | None],  # type: ignore[override]
+        /,
+    ) -> str:
+        return self.__class__(super().translate(table))
+
+    def expandtabs(self, /, tabsize: t.SupportsIndex = 8) -> te.Self:
+        return self.__class__(super().expandtabs(tabsize))
+
+    def swapcase(self, /) -> te.Self:
+        return self.__class__(super().swapcase())
+
+    def zfill(self, width: t.SupportsIndex, /) -> te.Self:
+        return self.__class__(super().zfill(width))
+
+    def casefold(self, /) -> te.Self:
+        return self.__class__(super().casefold())
+
+    def removeprefix(self, prefix: str, /) -> te.Self:
+        return self.__class__(super().removeprefix(prefix))
+
+    def removesuffix(self, suffix: str) -> te.Self:
+        return self.__class__(super().removesuffix(suffix))
+
+    def partition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().partition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def rpartition(self, sep: str) -> t.Tuple["te.Self", "te.Self", "te.Self"]:
-        l, s, r = super().rpartition(self.escape(sep))
+    def rpartition(self, sep: str, /) -> tuple[te.Self, te.Self, te.Self]:
+        left, sep, right = super().rpartition(sep)
         cls = self.__class__
-        return cls(l), cls(s), cls(r)
+        return cls(left), cls(sep), cls(right)
 
-    def format(self, *args: t.Any, **kwargs: t.Any) -> "te.Self":
+    def format(self, *args: t.Any, **kwargs: t.Any) -> te.Self:
         formatter = EscapeFormatter(self.escape)
         return self.__class__(formatter.vformat(self, args, kwargs))
 
-    def format_map(  # type: ignore[override]
-        self, map: t.Mapping[str, t.Any]
-    ) -> "te.Self":
+    def format_map(
+        self,
+        mapping: cabc.Mapping[str, t.Any],  # type: ignore[override]
+        /,
+    ) -> te.Self:
         formatter = EscapeFormatter(self.escape)
-        return self.__class__(formatter.vformat(self, (), map))
+        return self.__class__(formatter.vformat(self, (), mapping))
 
-    def __html_format__(self, format_spec: str) -> "te.Self":
+    def __html_format__(self, format_spec: str, /) -> te.Self:
         if format_spec:
             raise ValueError("Unsupported format specification for Markup.")
 
@@ -260,8 +332,8 @@ def __html_format__(self, format_spec: str) -> "te.Self":
 class EscapeFormatter(string.Formatter):
     __slots__ = ("escape",)
 
-    def __init__(self, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.escape = escape
+    def __init__(self, escape: _TPEscape) -> None:
+        self.escape: _TPEscape = escape
         super().__init__()
 
     def format_field(self, value: t.Any, format_spec: str) -> str:
@@ -278,55 +350,46 @@ def format_field(self, value: t.Any, format_spec: str) -> str:
         else:
             # We need to make sure the format spec is str here as
             # otherwise the wrong callback methods are invoked.
-            rv = string.Formatter.format_field(self, value, str(format_spec))
+            rv = super().format_field(value, str(format_spec))
         return str(self.escape(rv))
 
 
-_ListOrDict = t.TypeVar("_ListOrDict", list, dict)
-
-
-def _escape_argspec(
-    obj: _ListOrDict, iterable: t.Iterable[t.Any], escape: t.Callable[[t.Any], Markup]
-) -> _ListOrDict:
-    """Helper for various string-wrapped functions."""
-    for key, value in iterable:
-        if isinstance(value, str) or hasattr(value, "__html__"):
-            obj[key] = escape(value)
-
-    return obj
-
-
 class _MarkupEscapeHelper:
     """Helper for :meth:`Markup.__mod__`."""
 
     __slots__ = ("obj", "escape")
 
-    def __init__(self, obj: t.Any, escape: t.Callable[[t.Any], Markup]) -> None:
-        self.obj = obj
-        self.escape = escape
+    def __init__(self, obj: t.Any, escape: _TPEscape) -> None:
+        self.obj: t.Any = obj
+        self.escape: _TPEscape = escape
 
-    def __getitem__(self, item: t.Any) -> "te.Self":
-        return self.__class__(self.obj[item], self.escape)
+    def __getitem__(self, key: t.Any, /) -> te.Self:
+        return self.__class__(self.obj[key], self.escape)
 
-    def __str__(self) -> str:
+    def __str__(self, /) -> str:
         return str(self.escape(self.obj))
 
-    def __repr__(self) -> str:
+    def __repr__(self, /) -> str:
         return str(self.escape(repr(self.obj)))
 
-    def __int__(self) -> int:
+    def __int__(self, /) -> int:
         return int(self.obj)
 
-    def __float__(self) -> float:
+    def __float__(self, /) -> float:
         return float(self.obj)
 
 
-# circular import
-try:
-    from ._speedups import escape as escape
-    from ._speedups import escape_silent as escape_silent
-    from ._speedups import soft_str as soft_str
-except ImportError:
-    from ._native import escape as escape
-    from ._native import escape_silent as escape_silent  # noqa: F401
-    from ._native import soft_str as soft_str  # noqa: F401
+def __getattr__(name: str) -> t.Any:
+    if name == "__version__":
+        import importlib.metadata
+        import warnings
+
+        warnings.warn(
+            "The '__version__' attribute is deprecated and will be removed in"
+            " MarkupSafe 3.1. Use feature detection, or"
+            ' `importlib.metadata.version("markupsafe")`, instead.',
+            stacklevel=2,
+        )
+        return importlib.metadata.version("markupsafe")
+
+    raise AttributeError(name)
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
index 2fcdb4549..177d44611 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_native.py
@@ -1,63 +1,8 @@
-import typing as t
-
-from . import Markup
-
-
-def escape(s: t.Any) -> Markup:
-    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
-    the string with HTML-safe sequences. Use this if you need to display
-    text that might contain such characters in HTML.
-
-    If the object has an ``__html__`` method, it is called and the
-    return value is assumed to already be safe for HTML.
-
-    :param s: An object to be converted to a string and escaped.
-    :return: A :class:`Markup` string with the escaped text.
-    """
-    if hasattr(s, "__html__"):
-        return Markup(s.__html__())
-
-    return Markup(
-        str(s)
-        .replace("&", "&amp;")
+def _escape_inner(s: str, /) -> str:
+    return (
+        s.replace("&", "&amp;")
         .replace(">", "&gt;")
         .replace("<", "&lt;")
         .replace("'", "&#39;")
         .replace('"', "&#34;")
     )
-
-
-def escape_silent(s: t.Optional[t.Any]) -> Markup:
-    """Like :func:`escape` but treats ``None`` as the empty string.
-    Useful with optional values, as otherwise you get the string
-    ``'None'`` when the value is ``None``.
-
-    >>> escape(None)
-    Markup('None')
-    >>> escape_silent(None)
-    Markup('')
-    """
-    if s is None:
-        return Markup()
-
-    return escape(s)
-
-
-def soft_str(s: t.Any) -> str:
-    """Convert an object to a string if it isn't already. This preserves
-    a :class:`Markup` string rather than converting it back to a basic
-    string, so it will still be marked as safe and won't be escaped
-    again.
-
-    >>> value = escape("<User 1>")
-    >>> value
-    Markup('&lt;User 1&gt;')
-    >>> escape(str(value))
-    Markup('&amp;lt;User 1&amp;gt;')
-    >>> escape(soft_str(value))
-    Markup('&lt;User 1&gt;')
-    """
-    if not isinstance(s, str):
-        return str(s)
-
-    return s
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
index a3922347a..610352014 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.c
@@ -1,22 +1,5 @@
 #include <Python.h>
 
-static PyObject* markup;
-
-static int
-init_constants(void)
-{
-	PyObject *module;
-
-	/* import markup type so that we can mark the return value */
-	module = PyImport_ImportModule("markupsafe");
-	if (!module)
-		return 0;
-	markup = PyObject_GetAttrString(module, "Markup");
-	Py_DECREF(module);
-
-	return 1;
-}
-
 #define GET_DELTA(inp, inp_end, delta) \
 	while (inp < inp_end) { \
 		switch (*inp++) { \
@@ -166,135 +149,29 @@ escape_unicode_kind4(PyUnicodeObject *in)
 }
 
 static PyObject*
-escape_unicode(PyUnicodeObject *in)
+escape_unicode(PyObject *self, PyObject *s)
 {
-	if (PyUnicode_READY(in))
+	if (!PyUnicode_Check(s))
+		return NULL;
+
+    // This check is no longer needed in Python 3.12.
+	if (PyUnicode_READY(s))
 		return NULL;
 
-	switch (PyUnicode_KIND(in)) {
+	switch (PyUnicode_KIND(s)) {
 	case PyUnicode_1BYTE_KIND:
-		return escape_unicode_kind1(in);
+		return escape_unicode_kind1((PyUnicodeObject*) s);
 	case PyUnicode_2BYTE_KIND:
-		return escape_unicode_kind2(in);
+		return escape_unicode_kind2((PyUnicodeObject*) s);
 	case PyUnicode_4BYTE_KIND:
-		return escape_unicode_kind4(in);
+		return escape_unicode_kind4((PyUnicodeObject*) s);
 	}
 	assert(0);  /* shouldn't happen */
 	return NULL;
 }
 
-static PyObject*
-escape(PyObject *self, PyObject *text)
-{
-	static PyObject *id_html;
-	PyObject *s = NULL, *rv = NULL, *html;
-
-	if (id_html == NULL) {
-		id_html = PyUnicode_InternFromString("__html__");
-		if (id_html == NULL) {
-			return NULL;
-		}
-	}
-
-	/* we don't have to escape integers, bools or floats */
-	if (PyLong_CheckExact(text) ||
-		PyFloat_CheckExact(text) || PyBool_Check(text) ||
-		text == Py_None)
-		return PyObject_CallFunctionObjArgs(markup, text, NULL);
-
-	/* if the object has an __html__ method that performs the escaping */
-	html = PyObject_GetAttr(text ,id_html);
-	if (html) {
-		s = PyObject_CallObject(html, NULL);
-		Py_DECREF(html);
-		if (s == NULL) {
-			return NULL;
-		}
-		/* Convert to Markup object */
-		rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-		Py_DECREF(s);
-		return rv;
-	}
-
-	/* otherwise make the object unicode if it isn't, then escape */
-	PyErr_Clear();
-	if (!PyUnicode_Check(text)) {
-		PyObject *unicode = PyObject_Str(text);
-		if (!unicode)
-			return NULL;
-		s = escape_unicode((PyUnicodeObject*)unicode);
-		Py_DECREF(unicode);
-	}
-	else
-		s = escape_unicode((PyUnicodeObject*)text);
-
-	/* convert the unicode string into a markup object. */
-	rv = PyObject_CallFunctionObjArgs(markup, (PyObject*)s, NULL);
-	Py_DECREF(s);
-	return rv;
-}
-
-
-static PyObject*
-escape_silent(PyObject *self, PyObject *text)
-{
-	if (text != Py_None)
-		return escape(self, text);
-	return PyObject_CallFunctionObjArgs(markup, NULL);
-}
-
-
-static PyObject*
-soft_str(PyObject *self, PyObject *s)
-{
-	if (!PyUnicode_Check(s))
-		return PyObject_Str(s);
-	Py_INCREF(s);
-	return s;
-}
-
-
 static PyMethodDef module_methods[] = {
-	{
-		"escape",
-		(PyCFunction)escape,
-		METH_O,
-		"Replace the characters ``&``, ``<``, ``>``, ``'``, and ``\"`` in"
-		" the string with HTML-safe sequences. Use this if you need to display"
-		" text that might contain such characters in HTML.\n\n"
-		"If the object has an ``__html__`` method, it is called and the"
-		" return value is assumed to already be safe for HTML.\n\n"
-		":param s: An object to be converted to a string and escaped.\n"
-		":return: A :class:`Markup` string with the escaped text.\n"
-	},
-	{
-		"escape_silent",
-		(PyCFunction)escape_silent,
-		METH_O,
-		"Like :func:`escape` but treats ``None`` as the empty string."
-		" Useful with optional values, as otherwise you get the string"
-		" ``'None'`` when the value is ``None``.\n\n"
-		">>> escape(None)\n"
-		"Markup('None')\n"
-		">>> escape_silent(None)\n"
-		"Markup('')\n"
-	},
-	{
-		"soft_str",
-		(PyCFunction)soft_str,
-		METH_O,
-		"Convert an object to a string if it isn't already. This preserves"
-		" a :class:`Markup` string rather than converting it back to a basic"
-		" string, so it will still be marked as safe and won't be escaped"
-		" again.\n\n"
-		">>> value = escape(\"<User 1>\")\n"
-		">>> value\n"
-		"Markup('&lt;User 1&gt;')\n"
-		">>> escape(str(value))\n"
-		"Markup('&amp;lt;User 1&amp;gt;')\n"
-		">>> escape(soft_str(value))\n"
-		"Markup('&lt;User 1&gt;')\n"
-	},
+	{"_escape_inner", (PyCFunction)escape_unicode, METH_O, NULL},
 	{NULL, NULL, 0, NULL}  /* Sentinel */
 };
 
@@ -313,8 +190,15 @@ static struct PyModuleDef module_definition = {
 PyMODINIT_FUNC
 PyInit__speedups(void)
 {
-	if (!init_constants())
+	PyObject *m = PyModule_Create(&module_definition);
+
+	if (m == NULL) {
 		return NULL;
+	}
+
+	#ifdef Py_GIL_DISABLED
+	PyUnstable_Module_SetGIL(m, Py_MOD_GIL_NOT_USED);
+	#endif
 
-	return PyModule_Create(&module_definition);
+	return m;
 }
diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.cp311-win_amd64.pyd.gz b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.cp311-win_amd64.pyd.gz
index 7dcb0ff4cffccbf3c1961fc8a5295abd00e967f3..be94ac8aece83251780f66bd6e0b102edc40aeb4 100644
GIT binary patch
literal 6106
zcmV<07bWN)iwFP!00002|Ll4XbW_)v=kG~+k}wDfV}Zf^5g=pJ#2(plu^k|hz)r3c
zk#WFKHVKi1^$cocSt~sS%w{H}4|gM8)nVJ_On1`m0-2qqv)x&ylhXicXJq7JJ2)*c
zX+z+&ak`o0IpTDkv<ZJ&^7h<!pKJ@rOeSY$&-P62InwXm?|%2Y-~I0QzWY60ZG8A3
zi~vjkR24W5R($xUi<JXrFFiRMFU)vl*>NuL%Ce4Kk)$i0=-rtJ^|-o1u~@I@+99|S
zshBGgbG7{8W>-&dSg5txO5D1P?;rSY&%B>MbE)w8?bo+mn#iBI^vm9tFH$`5b%wv}
z9lrRUhCjJ@UBe$=yp}(6>Dym?S);$7fBDj@`7@VJ#&Q>bt>GCR8!j;%(b}6LUAyQ!
zH?O6=6$pRXjBS0TI}5Z4EO*T`%wC0Z084b*LI4h}x{rfiHvndROaZY^H>%d%$rT0_
z;MO*)I+}qn08vMD0#`K!fhP^q6pjOH0eHN?qJLzMCh7nmH;v!{9NfqA*NVa(5y0>~
zU7_-+brgyV=&VhILt+RRwlSHQjawA)0lr$s29HH|D!PWx-NKixjWb4VjqUoJciu)`
zBAMudZj(-3p67OaLbSJw*@)Uo<Ey`gZ$18v7m|L|UB2ZD{x1;eva3aIa}oL4OVpnJ
zza#Yf!vU9Q_kTFxlmFgtZ+VRv&*e=-euxC*ha9cmY+L5eQnKc!cIkg|fPJYC_V1Sv
z^^`QeTwExPn?$EH&WR3b+$r+XHAAYTP0AYcrZy>SB5Qt{IPV`AH*f6E+V{sez<=dj
zAT7FyUwV^!AT!J0A9&N^&ph;$>imKW2*?wpKbx8xkVQ8k@}ur{A`QCy!Ql3se4mS?
zMYr#$OPqbwN913(*;}p<;}xpuZsM2kbscqyGmrY(>@9D!8Gn&CwaJeWuS(W@V3%G4
zVE_JXX?(eT|8oGS(tD}W|BfnMFI_W;R-z7#KTmBX|12O6kvm=^@)_l?$^c?~!>bM%
zSMC(o5GiLG|KppP($kotj4A(U5ywu(F=Sl1!rPo*UDWr$WM8N!o?lqh_XpF)HF(w2
z8%$I>Pt?<NSzlVEsw%nT3gwr7M)}pbR5j7<Ym-lpAOA>IiE1IVce)`*M@M~|b!VuS
z{Wtl-QI}{tdaEC_Q9rmpbLah<A6N~5{lyX@oicnvCpf1$z*!D>ATx`j9^g7jPa@UX
zxny$N?R48+L>jE7iat`<@@@aDEpPQ^wLM?U0fBVb-Rb|q8qjLgz01CIzxF)XUu3>;
zmidBx{~@iyi6YhiZp|Os)a>}1p!%+*+fD9xO|$bE<<CmBO=<OJhm0$+6GIzJBG!ON
zIqUeb+YN{m4Tu&Ec<Ocono0}Xjun*Ki)Q2lx3JBbVhd5W9>kHayoK%EIX6pdK&v;~
z-IDII5-C?gq|*k?o!<UPRReO=y(=Jx-JKhaSt6flyJLdLKU4l<4s)z+ZSv`xHc5A}
z$@b{z=x9;A`J^u9cX&tc&)oSX&BN|C0Nve%{gMqtI%Sd+>S_vgHHEsGLS5~uAyq=8
z0b|}oqyZLhNdJg^{|ydkGY)I9=A^1RpgKRS_?Hhb1#f$tE7F&_mx<He>lAY@`~H1e
z#VIyTx>zL#+@D$74;EFXw$1C9+&0i{qX|oX)ood=H?c-Fu+kHrI^Bj@^Z_7J&N2QX
zK4!Kb*^5Q2U?RL4%xb1{$8S6ED>n@cv4K5oAU%`wjkg`R`5&FJp`g1%*S(BLr%jrh
z{@0IG^}&oumss#nlYLs~Tk`RtPb<F7)G>*?-b&<)SN0v%Gc$41hwEMYQZ^#LtU8Y`
z0Q$43d*ltS0mUGVS*X*w=~pRrx+)@{p>iJ?x8G3J$;OfE(;EF(Rn?o->XTDz<>UuO
zfMjg$RRB>dw=4igZ!J^)MAq1vtAUh*3=BBBuMDVaip!CK5y$wKjdUoD<o)NxX6ao{
ztfpV{r0bkma-7p_H&~rhVrC%EEBBb`L73HOZSq-)<8}ZvIzKz0HOo1cFIefr;2`NI
z-7f!DX0G=G@_XJ9<rijPf7ZT#7=R-1z<~?Tw77k~7ddHNsFsG;{vXj@<R7X9s0zw4
zo{kXzQ28G-0Oeg1pv>W^1)QhKHADPOIiSq8X%=6lY-H>%l5u{G^-Hv0nMH;Eu7;&~
zzIye*8RdHxz_(vb-J@K!PzSg`q$Y@NA`dI7rlwdPkWZha1KQ*t6WJJ$ZL`Y(zj{vP
zoz;M5qrAbJrJmxU9@IqSC*4Hzna6S`Xhy4i*8&{W<C>KQHIMJWHJSfu6;=2t8yoB+
z(x4}pQ-{<152^s=0h4YSm$dGFs&vY$1bINYZUmH{TLG!Ez6QX7GfLhJc+dL|{6yg`
zbcZfzc9nDazhDa7K@~VSO5{P3-sTFVedXzP2T2p_)-PzA<7<;A<m&<Xz5eqld$V(G
z74VeBn;riL0Gaiwbd}rfBQn2#K0w1CpV`Lct*X;BACNDkA9Z{BFWLA16+I^9)ADO=
z@{g78+)!2dLb}E6p$GTZr+1l++Nc({M^d@e>i%r1J|Lg=o~M298t4ok+MgXzenKBY
znRl=`#n}ZO)tQ+G^s6E-sm9dWNwJO7W)v%l%>QiOG;JLPKGpf)yn@zwv-c83IY&2O
z50M6a{>Ork<)-{sJAvBdtMWx6zb9SiQoQmUO$_8A`R@sJh{;Wt23^7N=RQ)^Y4PE8
z?}+NWQl`Zj)%kWA%~vM0=J3fGCa_1FsFmNMv~<92CDP@l6Z7d?w)1Qmbq>*Tg8JSo
zt4PMSbtRyDM~hl5?k1Av*HuyHrgbT6C29VZm9&pvNy%ycPb(RxkEHqMR#Mmh_mu#h
zc8Gtxl08{Nd`hn!w^G56XX(?@Lq`soI71O#wtcWdQ`6)s5IG{-TyC96GPbA_P}Gl9
z^&pW3n{uPR&0DDfeMEj;b^b(4F8_wUlX+Eo?qxdMorG@459hKiZYEOL-2{>exOWk`
z!`&H>hpAaS0r@l~#%ZJ4J3_a|r8>Vl7f^>J)$rtB)13=GrbS7XI}rIYeawi=`>4_{
z)gO7I=0D#-BVjHj5=n4?WHvff=K)QrRtHJ9PN+_CE+A(~9j$k=dS+ueYZKaTEhm|c
z6J%h_MZB%$#M?SSyaVKfsuh5&7$7ISQ&SOp%K%C9KU_{Hp$Ey8vn0*`YPl9wJ==3M
z?oy|65NTai8Gw{ob*iO$RMDdBD9PArSeXBEsTQj<w#BP}@!3|o`TVj~KyDJH%hk#|
zG^>}aZsl!OG3at=-%A$Fsg?;uHdT5wS0dItPu2{JW!~%rvH!JAp$EmU>RF6G#^tY!
zvhzWCijB1>M@&F|fwI#A$ivE?GqR~Zo3|+6wgAUCZ73b%9Z_mHE!aQH<P~K7iG@;A
zbWo}CCDyPgeHI{pdD?hw4rRxb&_WC)=_oy0M0dIVfL@~k>>`oJl?!I=6qqOdmP^gi
zVg`|4A@Y#w+)DFZxx>9p4!GO(CpSvNwW!5jS8)8inOgmFweodMi0B|0n^MJgV*C{|
zpj>3qdF4lDeS`FM{!nj^zo5(LA4yqG^M|VdPKncq{hWDn&1K40S!0HGM3Lyx`tIZc
zS?t)iZdVme1Yb|>l&*2Rzo>9bqw4-kDL2X3HqjH}^Gq44<-@dH$#`n(vw3f~y_f%h
zX5G@T`fK}B{4y34K34_M=I2<`TLqlvZ>$73O##;<xf47+Fs?(-3(5oX!10X_1KrL1
z2XClqY7gnMRgbAE$vFSv4OJz^m!EEKZv|4p<1=Z}-Rv(<bp-A>Wq<LZG9sNSC&qL3
z7yV|EnYAyFne{SBm$}>4oD<9C`)38#3?xeA^;Y9RU`;k*CDN(t{2Si$r2jm#lC;;2
zKccmgV_e=`pUoRIw=B;w8y$FE$(!i8*Pj(<?!T0>kpJlX+)8a5T#w`mc3evH!vn92
zrv2wrvy^$fc3#?f-KAJ&MKZj9C6JRUS5a;j|F@9Lciq0<sw#Q<a+aQ^uj`R{wVipq
zeCCx^CydlugQ}`}&(qN0KYo^GC%aAb;oLZ(I$xhno$lKTebzG1UNC8AL8~{bI)`Sn
zsJFHd^)h2xuf{YL`En$aQB3T7sMexSI^cHEgXOE5=>B1CF6z?hemV_RL?il-e^ZMh
z^la#VhUz(HoEnjCad!^2xZ9n8Z>YuH!D(w-IGdi0-Vu7Nv{N1*$+S+;3Q?Ukv)N2O
z#@C-s*`(icqBTQ|%7AuSf6INA=4DS0QiE;JP3Ai;l38q_hg@bI%7A<+k&SfiX4RRU
zt>x!dvgVD%ID0DTvsgU#(p+uqt8<IT?*EvvrvNQZun@6@<~Z7U;P7U>BlaUL@<5Ax
z-v9Lbk(kite|jP&3egt%Op83>9nm7M{YdM~v+33e|I_c?C&W_e?Z0WAc`m*2s(dZI
z<#(w^h-7<cF`!mX+@spb5Z}C*{gk^dYvv$Uuj@1$ATC=Mr?8MecI|hnbk()nO-^v&
zw8NIzpC3q;wa9#K1>l#4xt274d<BrVw8;GbT0vi3M*Q-7t@626`E|eak>yFjpYdC$
z?&;PE`Tg|v-?YeQ(i^X)xBSk2@_)}r&h$&ehL$v+TmeW|xhEGKr)gh?T&IgYpKhH<
zZ~qNrKkf$5vS#ARxy%xmrgsvV4=n;-GHZS__R$c(bx|QvXkWzgW}0^_0_-Q>DN9xm
zY3%<D@pV&O%NGIZ#np_V!Y<vx0p1Zica{wN(nV&TCFw0L`^k3}*`*J))2G$7Ja<>l
zt~svEPgDTk8<U2uL;TMxpj|nn`AZf0FO1uzVb>5pSOM@_$Egb71YkT%Wd1KJfR+^_
zL>jw6()_n*Yt2ZiUYp?5U8hpZh|GVv0+4KS1>hsn*roL1KdR7lj#W_06PXt(sM>GO
zPtGFtlN046&2Of2+fV*-Zu0&~Q9i$X#xLi{z__DQg$dG|mNft2GV1mt)c{AXoFgl2
z3pClb(h6-uo|s9bH~)^LZ3bPSGg(Fj68p)qxyc#Ce)9A0ECejnhnwi@06UT#{>QYp
zPR%KEqodwzGe5Qvus@qEdLdLR-z}m3cv<`YvG$Fb^xL3)o3wAU_HEU^FP2QvPnXbG
ze~inGdb2sT@=r@{`!+fKeNr9!C;Bygd|Ox+{O*B`+WESDyyd#8j!q-Hl=|x|S#)jB
zO?5El=dTu+J(MPMvO|l3=?=Fmkg<{XR5c*C#^o)$h`g~=dFu+3<YAJu5#Eufn|L5=
z|Hgnkust`5&&sDNf4fG%u3F3Ri#pco^z}MEs$*Qouju%fI-b|@S2|jCIZJeG(DA{w
z#q(d(+kd-`;Ss%k@+Q8o>HUxC_@Ul!(Ay3jm+QDz$Gz){<;>FcyLuNx<*wrXW6RmS
zUI85|8G3HQLdjPaxBsPz&(GwJ`HSVNH<h4}><Yz&U?dh35&(KaiN{m%WT;!H4JPA)
z5KhIDMRK`+B}ekz-VTmBMt9YHjGeguxBkA*dwV^~b^WS!^yt{6qi>r2g*##!ts8*L
zUf}Z5Pp3~g0OLO6zHfSg2AY|Bwfj~4Nd+)-5#U+`oLdaMvl#gAF5u6W0i(-+``y4c
zH*mrYm@0uSmF&Lum<1S{4`gk?Ta^G!7FMqWz6RjF4IKgPPIsPu&+G1qX-cdFR%43h
z_IM`8FxsBUd*j+jI3$MLpV#*mO_ayu>FVAIkUGFh+Z#4@xVLTaYuDDrw1+kO717!>
zzRqHr#<#18)~@lzi)k9)o+4U@#<#DIU0>@ojqhL`FhSR#-(BzX0#Ov&?k9SqVow-s
zKOZ$r()aG&8{R=ToUGR8Nr+wUHa}Zm5$$2NzUj0M#@AUyV|=?-14rpRdze0jyZ>5&
zwZ&$36|UP{yS*N422HaIG%uxHXfE2DhC*B$GfdJ}7cRU#l&^3n?`MBlsNIodF+%^3
zLE$bQo$QKTyK{GY>a=xq0^gjX)qhey=WJ%!8cJZRpD|&Ho7<Q12Jmmq&^GC-4rYsG
zG}XMBM)|^43_5@z2k;e*4@Ep&36GNX<_S~W*lzIXW8N~sQ3@O^1qSIDs|nWdOyFj^
z!vx2xHt>V9@M0-&wG>eFIc{zjjnnmymjTzyiuEs|>H1eXfodlZXk@ac^KfPZ%=HFO
zAso(eTHzFDz!|o{*<gmVe$LpTN|uQ4DhFOGXU{Y(cP#)~7fiKvS?zO5OekrvqGXdf
zPRE)6JhcG$FAIQ;I<L3@_}&7bTW`O#060CZpSFjl^>Zc;ruD##g=Q>luw!9j-dI_D
zZs#HWhsGNVfQt)(y(<}Nx@<DEb9OWAVGHaHX4vaz#<>|BX6yhsx+e)!+}LUGa5fY3
zk4@(G8FZfIKtZm$6iB;(V=EbQ1`dXHfGe}2ENn$thXrK~W|Y-C;+&I*v*9G1+;NyG
zk7frmO6tvVj@mVBg|oo|XX)&*S@D_e+-;5__KP2|zM0VrpQdJDZ8P9&1`f^#I-4oi
z<S|>@75CQF)$ESMf}x)9>W12QUl{FuZLx?LEINyar{x^3HNb?2J;R0ajkWAQE!(E?
zy|otD=K=OjqkU@~aMbfzUiV4zx)a9szAdpxS8rGdJ}B(Q3`2Y0#@=u$Dg-wqgperI
z1IPK`6w@Xl6z&7!ed4a(n76L3HXM!O1Jfokx*-%7Qwd>1Z%q5I)D21t^!7fUir<@x
zb%~MQSZhp7^Z_P*lNj9^Nr<UXbW3b^Bo+qV=C{Olg<|2T5N_SmCB!NFy^*L$lea(T
zHw)s&cGny36T}UvL_&y(?TOwlA(_M=-ytM=BC(Jt6i7H~Y)k5m-o(8^i0ay&5RyVn
zMBMaHN=Wpz3yJRDL{BKzC2Z(T#i(@et<u}VXq-mv*p(1M;kGbPV!TffH}@q)p{FC#
zBlwf|Mxp|(p@D0OBttu*0%HzDb|gZHz73&hG>HR7`Xod`(a2t5b0Crwi4Y3okg+Y<
zBJ4=*+$kgqT0YRa>A}{3w_Y<jtOy1-(C4Qs(jDmvGV3ION(6&RF&q^8wDh;THy9R@
zVxqS%7>y)F;BNE?JxM_Xwr<$8<-v}&jjeSJ9wu`&f{|E66oo_&8mH<(0rw!76m|u>
zHJb-1b2)-ty|M1d&QwAO#zKii@9tnIvGWPQ%SN&#6}p7j6Olx3tcNZH4MiNiF=0<c
z42sl1z;XnIJwjJXys2Xzf?c!;gyNB!o+J$@HC+j@CXtGXkshHYT31t7!xplZuCXiL
z_v!QD!tKeYEw5~Mo$r3Na7!}ve!}U0xno(6{x`_mr2APtuXfC5X#Ho-|4CmT&eq-j
zJ!+rtU+4Yp_ohtCqbSlmYtL#F<y#c5%>fRrW@sw~URYh64^gD~(yObB^CpT7G+}LI
z_-GkW-pDXo22?i|=Ry=|uGG|sqMV81Z{`7=jSQ{x0kKi@8%Xnk{f$6&KJbhAz`;iL
z4&*5Z?rdUs?*iZ(jR08y3@-pKG%}o62sAV?tf>IPl%HY+lS#305g;}JO^bl<ECQZv
z0=~Nl*tQsWritNySj^@+x){jm^})r!4ZV&fK*JJNr`V>~14{r=uTxCx^{*@eE-wLo
z(8O@jQbwof(d!hysMn)Qfh$Xy&R3TL2VKB7ni#&|Vswf>*Xt85plLa9wuzy*92je2
zcucRqupIc~O5k#n_B#klX&%_D{RX1to7QHAG+#X1$go?lQ{1c9Dbn2S(I$q&D}fi9
zKKt$M|G&a%zekj_f3FwO^}ku)LZ4v*i2h#qpKc>@?LB*XqOK=|L^9GFTUS+A>#1@H
zv98{5B(`&1)s~KXYnrNDNih@)hoZePVO>?9kgU4rZd=LPP%<g>?1=Wc_Vh$!$#qq!
zMC`6)*Dj$al&tBAbR~L|z1?C>S8vZ<p=3|(6LnRto=_~(EhNRQ(`Tci{-7Z1Zd=J`
zn_OHx>~Hpt!{vuvhpP{J4*L#&^YEd=<Vfd{T}LL4Sf6)1U;e!7`ReD{?*|V0PI2g&
gL&_l>{>*s4|K<Mz009600RRC1{|><FoB%Wc0FsPCsQ>@~

literal 7240
zcmV-O9Jk{iiwFP!00002|Ll7WbX(Px?ssKLmgOjNf|Z#3aTDa&c@S5z3^?&mY;1?)
zqJT*pNCSx^OV_rF{zke=Vul$^6_+@7sgrgAFK^n;1j<@u2HtBrLm^4qd2*D-&JQI7
zTJqB=X@|Bl&g+;?8yqOyx6V0Nw&jEw-kN#u&8*?BW$knJ*?XUT_TG2zbMC!fzhy59
z0O$dzDsTw=YQn#Kl?cG>n~u!JOGU3PJtVkZUE0|jh>Ou!q$lPLi9T;Q9FfH?NsJ}J
zVjwKG-n&r@Mf_5g#bUN=GPay_>|XN1wu`yH`ER^>anTFgE*8J(zChuoH#jVQ^T7)?
z2De<8$Kciri(lAw(SD1Y!6h%aFRo<$`!C$Y;5H3DbCJV`Sbsyn*GuR5q&0Q40sb!=
z;Vk`ul*5f<nOLlwU5*6+mTPoNr~z2BUx3!u0Y;4{2eDT(E*tg;Ii?)Aw$GbQjesA(
za~ebxn4r)DoY75FxF2v)9q#}Z{WHEgcstM}OhY(;ox&&6SIN>&89>>MnnDYv){(nJ
zz*80Tdu1=+FXb{Z55SUqx+b8hij$$XkQ$HM3N_czrK_Txkgd_9&3XHE<i+AKA2gdp
zHF;~UM<)d%K5ipwD@Ip;4c(piPkNEThwNpW9%z1mBrl7tO1t<y>O`VkZB6}gS@V@4
zQMNW;8ER7AXtuV#MG9UY(-Y-B;!^G_X>+FAQ@73~bw9QyzbydW)|*-Z>&s@M9!-ue
zlNTgM^|CEFD##_tQJZW?UezVc?a6e(n7%!k)|0v)$IdnnjT+Yvq^-Nc0?_>a>#jlB
zPMVWH7w%5Y(lrnLys$ZS-(#xn0TFO1<76P6xWT2!c0!bg>>VU|Ol)?$w`P>PL^3Gb
zn+}Nb>;p|i`KNYk>-(hOeX8pY(yXi#4~TN{fu?qA>)Y)GKO57xE8B=uC3U~ICf@?p
zd3JJinRVCK0Z^qMp-O*&DqWqts*_Db9UlD_v&v6g$}qX*Eux&temoB#1#dgm;ezEo
zave!#^rL?|lj!_3q97+4dnk|M6;3f+u>5A{>apAN#=br|<_$&17UYdRHjS^wsUC09
zQ|Shx9;eIt(h5~o$t~|wdgUjS{$5J2$o8go<@o5Kk5!eZg@leyH{|Klr<*ov!BD9*
z=f%PSQMMeoHV)cp9DF`?>*rY<d@KOgSIi`NRQD-E;C1Hy;{tGZYL-C#FCL+FNVRn>
znRL39I$b2mW0h3R2XhYJ{D0)|HfNf7yjlQUgMPcGE#;|m4F>JK)>pXy&v5@+ckO2l
zL6)i3jVuP*)%57kLA9)>E+)6U#cX>jd!>{)qRp8eE?ABp47ccI)PW>3rqP4fWB6en
zLokowvFkBBS(<Y-Zl=^utj3t@8nVz7nU|7<5XD&eHDv3qkye8?XS%y}&}SmajF}{l
z>sSc=>SI-PDM5R$OYz%1>kHCEIn{p4I8lC*)s^yK+T5-jpWzxUtfu<Y^UJ3Tspb;r
ziO;8Q{Su2PhYnD5BzaVy%+i3$(tyg+fXdQ<n$RW8Bso+trYFfEo>R!c3G1$_0?=MC
z!t%)xRV{&Po4e@WK8fUFs%J9)DLj<)f)+|gc_>+T^|OXeuAL00asl{!s(t`GYfQQ5
zTXQE}1nQz50AnkzOS*FgX^;UEt=u%gT4vQzj%21}^c8%<Y`4u2aWfa;WMI~6I(PKC
zjDMJu&*<fhA<jr^^4J~MWz5X^=Vq+Q>0YAgUP_Y3^(-X+@?%xKC#BaU=Au!aGcC0(
z`{dNduBMGN5U(_g{X{vRn5)`0E&vA7vdNjIv=3&K7I7%6OI|9ZQD&z<b7_=aBFZU7
zF#2CUQq{@Ms~=439Gp;98t*0+>_jpA&$U#u3pC^wlays-0nKY)x{+30!?)-d&3z+m
zF?X9to#lxe0qd@X0zm34G1i&QJ6l;tV4cOatn)j@cZMjZRNK>3rZPbW(()$fS)z=n
zwudPy`8k0o=MqIkc}=ygqL_h;@)n|4R<316CdwPCZ7HL?MIg!qr97qD3Yj=&K?hx$
zJEPieV7L|&QBJ+ze?Z%)ChkyeW;Sq+F496JPV!J!r>HwL**7rRFO&germRc{lnJ6(
zo^8}rc}ulDT{ctcM=3_h<cYOJax8C5;fY$lxeVa`C5q*SGH(02*R8t()NYEw(MT;X
z+Z|-^QF|>_xQ3)G)i+YFT%OOoVrgVvNt6=hQG2cPB8@ADlHs926w41NnX=JD>TDP0
zQ!o6IdZEttL)JORI|o_k6ziPlDIn*l|Hb%e5|S%4M;)c8WL3`mKT>VGDP}-TbdGLU
zRaLd^n}0piSE;r?o1Zhib=Tdr;wvNBg&)nd`0Dx0;<}G=7I!pES=>H<%Hq|`;$|k4
z8i<-*=H_LKpQxV-n#=R})Ym0^tsZcmWnH3{56uH|x8G@^+-aJ&2s2Sm61Ds|m8R;5
za&+=W&AVSo$`YSX-SpjgxfRQeBxU;|({)6(h3087JZRWZ4`^|`b{=r#_XPk+S>Cvf
zQgDs#n5VUKvvqe{Z`#H8!*!PTYJfxu85%0-et$?+6GDazohTW7x_~Z&?u-V`%Bz#_
z3UVd=nV0-Pkj;k#maC3cX0m^31jY>6dyRBsnP#|l<qU<RRseLr^VAUQmI-|SZK6S0
zLW5FlzMqHhZ(YiJ&J)?+7=c|{j>skqz@BrvTkTCvuL#M8IW#?52YyJira`C!s0!J%
zfpW<AW?w4;vLEPy>{0_YfbD{f+2NE8$j+WclU`y)b}J_rNy_%ueEjQlJX=hKzPN@T
zmzt{8J*To~3xTFxYGQ4+%*36Ltc7f+F?UlTlTzkVjvt{6?aGgcQs7c7%WXij`nqcP
zVGY1+G^Wet2t}rm^QfJ$9K9`bn4S!?rwf6-G){7P)X}u(s$v+Zp$b2yC733XJmzp`
z)R93$um;FJsMjnbCL2Cj4d@bgWFrP3Yo_ZLihyMKFK8v(b1GY0NMo~U&uiK8Lg31|
zg%^|mAY}i@04SNUXSou0Q6=`CCdx4~xLI@!HkA!_l#oGUy8i*@pr&?ZT=~GIyf<(*
zVO?#@I)TRuo$1lv07%`bCMSd)ZA3BbE#=9?Jltw`u*H|Ewi`+T<=kMa-9hi#zX9Ep
z99Q0ISALY;|B<Rr4gJ^YLzaRZS5g%cw-2Nf)h^|@^DG^EPe-S@Vtr~Tdz@ue!+bum
zJUd6D+P-lEFrdnYq*{<@niN|#ZAN(oQ4D{716R2ywOJT^$nF>`&C#m1FWivRVa({f
zNJn{I-bs?jnwqz{w`FpEWAV(2V7oG*Tp-GO$q$5tA^UZ@^;U*y+WyhBAfV}c^v^z4
z)v5bkIqy87+9Is7pHgk%IrQe=%(^2-iu6e5Zsiv#ZqQ{nk>ust!}CGu`sc8cUU-<s
z;;So2%5tR|$o>_}!>#sOGHCdFCk=MmPNq#{&=7L63US=Ys=yu9oU(}w8tR<%R+v)_
z&}oMa#nt>y8#dUq)*%xW{BWAyJr>G2tQT~7c*XKf2UAlo=8ytWEd4noNm+t(fvn1^
z<+0ifwZr|?fK5a>uiBm{q5Ayo1OTT>GjOWY?qQ`uD&d}9O_F|lElA2`?<Gp7-Q!Y5
zs978?<v2w~X{XY8g1SdkZOcmlbvUW&9{mn=o_pJaIp39SBFbfY+Y!Z({Tx8PSN-hU
zEC1UqG&5!rGD%7$AgT2ws%<V)s;z_!wvDT{m#l!2CaY-MRKnV+^<}&d+HWf(srBPz
z=#ogBZDqvSHcp&F<gm&vfZRMp4m+o&BG%R+GH8&f3Tz|y{uwf8xaV^$%R07ZXdb3P
zRYH;t6>|V2jH+#iRm(Cg>z*bl%d0f&tL67wS?*3*esCKw`mvEZ-!OC=keP(Z%az$*
z(;AvI*|Wdm4V@;3j(yw6f@-Nm6n!~A#1PY%fz*x2rOxy?v3|$0`!*o)n`)l(4+>-N
zpXT)<8|S=**_ZXe*p1l-jes(eeUhW~)#<UqY|0266c{Vzah}LF2rT(O#pUH>J;q8x
zf-=p`#(1YN8=yt!@-+VJ14babVM^%Ky&0snMz)t}H|SNG%q|dRG<({>s=~bFheBcw
zOC3acl_<liZJU*@x6{5^aoIbxJ2yzvx6E>}=pH>viwvFj2_{4?At}r58t#eFAJANU
zl1n#aziZGOq^<M6YyHvZ47vTA^<_f~&G;w2N4;rn&FnTfX`<g=0A&BfFlm9(Y?OD3
zoF}r90T_FCPiC^Rb6Ncj6ZB-EoKN&5uL?W9nEj=mX;?XMF<~bu%P*Wj*2a~iTE9#C
z2EK}_>hzei+Zr+aayHd*MExi0V}|eWByq$E(C!i5%{YPMhLjT!n8n2hGlvbdn0x?j
z-%#dKh7PUY0(7r74E$786FZ5|a_Fb3N>a821qCM`U)|9LB;1FJb(E~REYaz@<*4<Q
z`$|djXc;MZ-TF$ik)&qzyHc}GlEG4Yd)@1DnezEruDYR^S-I0xFyyLB$4n%7v~uii
z=UFmvmfI=$h#h}ITjqnpn6WxNrek4Rmf<$qb3Xf80j-MzX}NgU#Y7=_!gi!Ow@J#`
z@!Qq3gr1l6yUr$NWv>*ldiswAT8MF*la%3nHIPY`AEwmo{BPPsQZL$@K2%lm_+`35
zQO;|b`X|Nw4p2_Ly5evFwbn6JRh?&Ps%SoRhF0$f*!FGxxN3X6m<HiDv-I9eJ#|jc
zYD1edt=inhJPX$6vS8{G8)ZaOnJ`0AsjQyYi%OP_23>ZM7MgiX^uP!mOwkY@9H7%s
zMHsUA&_0$`XssC7&GuQkDUQKbyJxu7-eCiphFk5O0$bY!GmxARXqD-pBuymMHg0_~
zL)(N-`c*TZtx2_g#mvHQ)~<^QQ;HO1|Blu1Z`jY!TjTL#)Mi^Vr>C7QQ;QY0U2E87
z1IFeOrGT#AsM=mCW@ly-se3y%I{nl%o!8BIH_zbR`3by70XFwk+9+|RohPi%wkkty
z&Wo+e+2+T`!?F}?e*CwAu+-kFoKnV}Cz?|&LR;|}>$A;|zjv1uP7LbpZN;w-K4jM`
zS82r_?6l8HJV=t3zgz*R<>PBrD;YLCv4TISZ%7*j$dwHqqYm=YhA0IK3<t0NK}}AG
zJM84J0D+ZXV*S=oytGv@takv-$q}J-&~T>%7%Oa5467Z$A-bn)O_2}l#vffy)gIK_
zTNS#2(dX2#9{Go&xVf!(sCCd_bkO2HQOS#Y>!9WLm4NlguS>1TuX4ntO5l4&0E3Iq
z^Rb2TKI@TRFN(*VC#=F5GV}|P6rUl3opzCKBgAEyHJQW%is6MyAUR?hHvD-d*ju+j
z!@f$O`ASBVYm+15u;KAaz`zC`t7I?Z3eL3Ne6F?bT%wFgvR|sdl&~Z%o=Tu;aPj?>
zygXLYeK9|QmAEsk1ZGa3cBWSwTvWlQ(v!z3wfxUb)Y`k)@0Z!{Ire*!{eGYQ{tx!M
zpZ$Jq8vS+?&1DCL%xPyjqn1Blns&0AeodXH)Jy-uc)6|!XxhYgeedpB&+5t6QU8ak
zdU_gK%x?HlRrj*N%+vrU{@bfLVh6=3f>Ofnaq0k9%0hmtsxGB1s%+{d%6d=scN1Ka
zgG*u@&J&N<8i2I*$suKEYv%NSmiIqLv^QVtG+3#@SsI*Z=J014JgLD&E!uld4Zf?<
zpV44ggU@Mjj|R8Qc++;j#=l*IjT+q2I^%t$)}N=r4>Y=S8vHvAzNo>!(BRiv^5vY=
zUTpVk@TVHQtica7Xx7$QrorVJT&KY;8k9BoB@OP=-~kQ3tjYU}886iB%lUib9Q0Ij
z*gpg2uDTihf9=(DAD4IOzI?grj4R}gJ)DTfz1<S9p0zoh+ubXNf^Ii$OL3n!s=Y1W
zAVq^-pCrn?lIZL8#=JgRip52bXSv67tLX96bI`~^1qI%)U-WpEc|2ku%=qGRED-Jy
zcLd~Kk#w$it)$b7ap{i|QrIWOtHe!lIzb>V2D-(*NJ0!tl3$b~qCXIi2EBcvEbWv<
zxz{U;p+HZsEczm0*&7Ip@r18;x>kWOlV4>vw|BFdBVAvVe6rZ<jf>u}=<(!M>G6mm
zN$!pKZxsWw7>J8LZ!jqNnd+1;Cdr9dSlsRnCL}uSjmHxqu9G(ylf3>uu}c!!GP)zN
z+@x!w-k3Ke#@C3=;oQ`6gi`t<;q6jP)+FQ%LTBT)_E(wL@Hy9r&Egtg&>N4h@o@im
z^6W>o(|DL!s?6L^9OsS)f>KzX=6_e<VM$!moe2BZcsPwm>`KU@9Fx2<_2WH}u;lTG
z-Z&Q>ipqW3gv>A9i6Eai5|smyus6t!62FylMC4v6wj&UinAdtFdAhqjo(d|v!s8Kl
z^h!JuCJmaKx5{j8Y;4q4R7r6w%zW9EoO{Kzacy-o$SPJ)6T~CkvO6xvX5JSq-15}@
zQy!W0K%krZKU^W_99t!7AH7I%DYjjTi{4N2N6br?PvbJ2b1;)Bi(Ovd!+f4DZ#>}B
z7;Y8g5jwgf5DbcOnf`W3BE2DL<i&Y7(U{l~q55=9IojLf4TLpQaT7M=Ot!3kQ(TIP
zs~VTBm>Qn6&GMjJ$H$lV$aQ(ftc=UCN=Ch6%9hK$p=jL{5A9vcr&;=1=9!aG`%mSY
zDtA08N&ZAMo|m_T|2uWi)N%d%x^orB?_Tu@`B(UVTd(_TudheHrr%x-?$h9Y4IY@L
zf9~5R3xLf!;GJ6Fo#p?3_8(;cbp5*ieYL=?0FKqN?~3q`OMr)O0{U+PRxJhYS_;g!
z1Lks|z8rY40`OD-e_f${pHvJu76R#6Kusk;_xxY31il8~u9i+0rRgZszH73F!t5Ka
zO8#k44rg~bCV4n+=j3-%RRO<O_S$dLVgj|4#^LaF_W%c10VdjS+0bd<+`=mVp?usH
zic9C=+8NzQK913y$-{Lpx^wwBMt3O>*U9Lz`8Y;5z6#iD1ajYM_1E%m%6Q+tJra~d
zv`^#UA>AbYkw+f!clFSFu1=E~lYRE~=4Sq$WIApOo2O$su9MSk&cks!PaSZH&a;#2
zll#`KO5*+J8u=$;n$4>z&+i(6(kYyi-Lq@+d{dL#*S%9PiQ`|6bpQ@Zr+tIwxDPN<
zdvwKlZqdG}%YA!>DF5_~ePd>KtYRclVBZw3`qRd@U@^i{V}_-=XuL3L>{x2h!SGHI
zi`lP~a9b<|y$NUFD4pMgV<o_F39yUNA&*8d8(_ZEIIfQtbm$x!&pUdQ%muzO7x+Hq
zG3jCQ7Xvf#v-Oz$rUiy$v+&)yz?HecC2fwG{X9NRe@`j!v(kM1^KhE}MK)lT4QQ?B
zvZm7rMjedRI)`A^!(3y8x!M?AO51WF41OcdlmX*qz@v;;56FeUHF)IpX^xv?Gr=Yo
z!R9Z7t;Psj^_)xN75rV+p@l%jBAy%AxnvRW)U>{)Q^y>plL_Vx#wg|019)u_@S8=z
zH#OR0ivZ(d;AO3ET?{N(JT*@H3#W|>dI9=7fuaRQEU2+!L2TZo(&!ByDxd0o-(uj7
zCBVr_4w)_+bRB}#2&=yk)*2(M)x}YvNI+2+AW+}N^w9#3&LLRzJkB;4JBsK$%YdBR
z$j!jjn*prgP|yj`bpS%C38j7$N;?ZtT4O|MbxBmP8DOh90-JCMMoPoxHo{tCfOT$h
zRJcyr<4^E`SR=>h{(2jMU?UK11okfg_BOJUL$0h>`J&EMt5)s^gx%hd|Mr@yXrCV)
zeeL0Z?9QwG6KkjD`hGJo?%?<S<fp7H{M*yr({TMQK)(YxI1N|Z3LJ2Jb`JjcbPj&0
zprdb7IN*!;C3kyRmSW*`u}Ekm+W-UmgpR)UP&5*g-5jis_!B`1kLWu3?q%C^_g#|Q
zEYp3w+34=*bJM;4Mmd)7$-v=hvhR_0U=}+1?u<l&?#{lbgf9pked~e|ugtsnvCz@y
ziiCT3_kw{+Yn8mgV8n-QQ}eZWgTZx)u#cW@?(O<wbF3#06zMwpxN7bedQg(8fj_=R
z$K0y^1|5BEv6#ChD0yS(%9qWX*f)jUNLP1=>XTc{272%SqJ462B<x(Zs>&Y>;`jOu
za<Ii4l@l?kB@$-eZ+}E_u1MtJL^P*!TUd_u0eZs*Ie32{CMUeXP2nAZupju9VN<x*
z8}<h!f7?!<#13%l0zp}d0nZsWO7bTTSL^PQ<d#G%CWYmWSi~pA<2YvMlwzSk*egpp
z6b=-$$F)u*wodX=T|4N>DJ&zZzb_%h`Z}aocO(|_hJ8{?Btatr&TFN&`*FuKY-cY$
zi?#a!bHQDbys<AXOQFs{NNSF+3j`(FLXFTGh<m$&5+`;Ax?<i~A2oR#dkSdQ33!8n
zN2HCeKwKu0*N^=L?eSKrE78*<#d2ES-L~PLHkY%SnH(m#-7Pd%`2yVmpPO4J29(3?
zj>~?x+!vMHfpB-k?U&+mEYjx=2I4Z%h>#SDOESIhH*C76vweNrsu~BEc{|*Ja6p!&
zSO|AawcQfd!X1}--QCRQZc1DRw=WXz4)i2qk~{2;#UeZ0-dN9ez{xrJl5#^*czYlg
z35VE`zb20&5|(xbWVcKW1T2GF+9~-G@{ECbaQkQ%@J0hGLvfnCSNdY|%2*;S2SU=y
z;Hs6YR`P|^(>3~{efaG9cYM9NRXp4MrmE)N^5<%~p#7@^-@R-9zH*)8Zfi9^S9Z+j
zFh|{?;U}CNo+-;8FR9VSH5gqmWBj&H_q_Ad9>4eAe*Nd1O&$NX&sG1!UDM7J6w>oX
zv<`Xa4hpZ%0ru5#XqgMVSeJh;ppc#$PS@q1A1JIW1t#h^>?j3F>N%um0kJ;+Oh6$$
zGdSvzcXpug&3VA)dJePmfM7i^K99v7+xt^U&jP#Z^Unkn-g+ajx1Pfl3xEUl9B$Cs
z6!t6t()E0=sxIKXB@2P7g}|A5{(PZ-ArNff@aaXsoAtoHMZluPKv@Ha>z4p>1OFef
z)Dqyi24L?J;Mfu_lftKO0$yqW_T2;&iNN<8fLS7NNCZY2IJ_wGxlBueo0syoeJQY2
zYkQUgPik!n|4M7WxD<F(Yg0I?wJ$FPT+4tzG;sLnGLENkuhypU{4%cRPnQ8bH}iHc
zJwMoiHyb##+c}=X^;+9w2VN)#N*aL|%Yke;_XUOa<-A?F9C)(=5F6P$4|G)mjz;#r
zgPp-@8#$zBsFDT_U)I_bp48eD((}wW8aOOl0sOAvvwZ%qy9D+;u8jYuTpnJ>k672>
zi}V1|o{xO>Iuh&G?hFOR?NTfrh=dy|R#iDFL@Dfx_yggdhKfy{>sHoQh;i8)_Irbo
zu+&h|C&eq)Hd@T}-gsOJbp`vxouObj-cXT<h1bM=y;8^<Ul|JcVv%^HTVCmlgw}ZD
zp{nhxD#VaC9O#zf^8M3iqoO{SlhtT3f9B-;%fX+!?tG^IncdIqeP-V?2cDUD2G5$F
z7oV?u{^0W?&!2hz-1C>7&pyweqlo~T_LKda_j~sD?%%n;fB)|N`}Sw|<C)J)`5*E6
W-v9sr|Nj910RR6ALa-_TJ^%oNoriG%

diff --git a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
index ca41f9cbc..d793538fd 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
+++ b/lib/go-jinja2/internal/data/windows-amd64/markupsafe/_speedups.pyi
@@ -1,9 +1 @@
-from typing import Any
-from typing import Optional
-
-from . import Markup
-
-def escape(s: Any) -> Markup: ...
-def escape_silent(s: Optional[Any]) -> Markup: ...
-def soft_str(s: Any) -> str: ...
-def soft_unicode(s: Any) -> str: ...
+def _escape_inner(s: str, /) -> str: ...
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py b/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
index 824936194..2ec4f203c 100644
--- a/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
+++ b/lib/go-jinja2/internal/data/windows-amd64/yaml/__init__.py
@@ -8,7 +8,7 @@
 from .loader import *
 from .dumper import *
 
-__version__ = '6.0.1'
+__version__ = '6.0.2'
 try:
     from .cyaml import *
     __with_libyaml__ = True
diff --git a/lib/go-jinja2/internal/data/windows-amd64/yaml/_yaml.cp311-win_amd64.pyd.gz b/lib/go-jinja2/internal/data/windows-amd64/yaml/_yaml.cp311-win_amd64.pyd.gz
index d212bc274a46887a8aaf2a0b91f6b4ebdb57f2d0..6f5c1b88878fd61de36a49121aa3c530e8114bb1 100644
GIT binary patch
literal 118881
zcmV*DKy1GsiwFP!00002|Kz=Sd=u5z2Yi!hpe!L}34~1o1}v6Bp;lTEX`m@LIFTwK
zRauGx7TKz#SY@%$7MR~9fC7q$iaRPQiVKvbMYbYaRW`*1lqDe`C{hXv^M1~`Gn1LL
zJkO8kegAv?e59F~Gk5u(<(_-)xp#aIFCqdVB!&<o%Y>{W{J(VazyIej5z?q#X(RG^
zy}j+%nZ&*A2j`BP;>>$$^5aj9n&^CN)TBw1{mw_nIG@U&<QzB2nK5vXbK>ODW4c<c
z^<7FC+x~v~tHPx%PpJP(=l*kI-qMyQ`Zaf)oV~Q=iQVV;-+s+coS21wTb(S%zim%)
zx;7{0FKv0^d^5+%A}qskB4cUG6H6PnJvj&eHa<BE|F%^Ao;tz*w#MrR#yyq`^+xwC
z%R|WMIdw?SlF!Df_b!kQ&Iaa2@uXPLfXbUA5E6$!3r+AZ{5BI(M|ns6OBTg&knwSj
zNqtHEQ}detyzq}eh7m%<e+4ohD~uu4*uWUl(5`E6VGQ}(L`dZ?0%`L<@NCh~0!cUN
zZmbkYq2<Q(UHxMU{DhGBBBh_u_ZTCMlaQRQPmLbsA4SOYJYFVwiV!kSFwmtFlHQe*
zk@N(3F@}(4gpjK>=*qk1aYF24RtzD{2_cPQYL@rZl&2megkzEygV+;SZFFNMOn!_Y
zMt~L4b*e$vm;C?iKPnA##Zt-diW^F2on1r-VSgrnM+4SDZwtiDuE_SkUJwXnM`%g8
zt+)c-V8t%b{0z3AN-JFR2qB*2aw-+O3JD>}-?3s>oQV*&Ps(r=0CB7ds>yKW!9Tfh
zhbVV);G&xFi)^^Kpj>3ZMNqk*aB)nzNQa9f%0((%R4Nxqtk?w&lrmiLJ2PBP=$>rf
zy+|OmD8WQob$&g{cFXoHaEI*_11nt6UoU$k&da7ayzKXpTldhC@AB(X*+kivtyJzf
zaj`)5=>MZdXXAr&2b&3H6|#LQU{g|_?-ZGJzy^WPfOY&^0x5OG5#nA~mk<)%-N#Il
z%W2WJ_^tRp$9sY+?!lq%2WipSBr%ZTawZ?8fx)g^8W3GM!PvoO!bDe&Z2twZzW`M<
zp)B!qsX*MD$Hfs60@#`8%9ZV<NK*|ovF^>|;|K{SG129e?JG6T!IO#br1^RQQAtr6
zp5xv;ISzQ5$VvgHt|kC!pKM>T5C~+yjTUvod;4YkJiK=l?j@KMF#QV!BC@?SV14sV
zfw<Q-B!sxxq2PggpxfbwRLXNuslZ94?0CwC0b?h)vT4z_B=?AsBew2IA2R5{q3*%%
z2i-$yV1nxhI_vBj6f(=B))+#Qw^7N{PGrx<*@l+Wot_pbv+PgGtPeY4h;8UDAG>hT
z_MGP{8kn`p0)pT<O#`#C_|Nk+Fsp$7yi5bLf&%`O;V%DKmj-6V)xn>(i?-){JE5$@
zK9qHV5O0xO$2NDHK!_OV`0ZI)?#GHZPH+(76}HL8DC?U}CC{&v^-ZOc=P+e`lc?m`
zPg&o1DtUHN*4IfTPZ?#;I;b?`t8ffuGrsZyysx4R9`P2*7Teq=CPJX#d69xG(_6$4
zFWX1iBIuRK`Z{F01MrtTUvX~Rira!3$-61D+^11zY1C&HAaxm%Hqc0K)kq68(lSoE
z6G{7Oq}9z;QUH#VF5#s6k@OjjbgxEQpplN_q=%7ojYj&WMhd`l(t9}RuSj}YAuTy-
zTd>&-&|5~V6iD)SA}Bcxc)k*)>8^M&;5iNDNEt3?aC;*&DJi!}Rx=@`bs7^A`oj!z
zehx*p+*S<szH~om&Ov-|fIslpFFg!5%grEG)=tolfaU2A1VVRaxRPM75Chhca1CZf
z3|PK@9Z2lM6cT406v%qAz5aZGl>PvPO~D$T(rP#kH%IUqwgs>TyIO;p*KqCqNDWW&
z8m_({UBfCSkka3wu*O(JoK`~^ZvJb+8Xn~}tW{o55_k=-=xVU>8kW_lAropi2ZeoN
zf*L+vpw@5+ZZ79F5MIOmY7H^GhBRFbAH9Y(+*zZB6aNuN>18O)hc$>=4KmzJ<u$xE
zA8R<jN~yuZYdE|rQp3Hxh6AgjYnTl+m_P)=cx%R2;c1}9elKNK4=?z|RRRGaN)iLs
z*}6ijUd2M6t5Iko6xtdJeGzZ<b#kQ!<<^v4ReseND8|887R>BzMoU~&E$26p?Lz~+
z({)RmHYOyTNtthFutRS%5!nTmCRw9t1~eTg^X(5_zZ+<(ktRvD+Z39PrS`_4O4c2p
z;~3QERWQXK7=FYwGg&9gvK)Sl%5^EbFOC*<Hs#lm?WGc!AkSec&5Wbc2!|+5b&Ar=
zcq$Xh?n_e17HedgNtAhh<&RU<$A13!S1M(uCYMv@Ye$p!1W!F75ISocSaSDB_Xzi}
zks}@%zI9SlLPj?wWLQ%|1~(-{Y)VK*Q$p@;O32ctglug}$RAA!Y1xdBjAn#PZbk?#
zI!k>e<ufxWv(EbuGVh0Xfq5CoyzTEsm^W?(GVkkm73L9@d3o~$J_OUPzLH)3R^Fm#
z;)uT~$ma@yc-gMtSSy$h|BqlFnLwbAKy4VW!AWvZX}Zga<F=Es5M^E`mAA<DssAyI
z(|y*$IBjV{Na$m1gfAY+2L4AsRM%}nNVugkAiw<|ZLIF%-dwK<j>(rlGmOcx^Z1xN
z9LMCLl<g0TlzHMP`<^oEfW|S{aJV7$b5LoDlS<R#DU;GIP{VJMR(UE6;O@=McrDL=
zCJ<#be|N4rns<2xL}-vQn%C)xqq$2r@K2iyIMvm;2jk|VUj?Il5{&Yxl=;D3o9?2t
zXq(eL0`N>9M2pU*Q}zQewLfLnweygvG4Di}dg1K|Q`@|POg;B@G*e%hqcAo7k!Y?4
zmvgQzYJgn*fwJ957qSsz^yc>LNgo2tOa(S)Cm#j&<|NCaG}@IbN)ud3qU3kQdy=cb
zSU5#?g)(nE+{=>fv*!U;LBO+x$a)X@R3MwcPPsR-ri6qxTfns(=#cFX&C`S<*1a*%
zl#p<Wmko5v_CE7;^009sJZZfNY!2Hi+h3TcNko!+<MW^|toOM!N-f@^iNus&&kK|n
zN<c2EY{eZcgoGMl#r>0ffya|XcG1iBQ<->Kj0>bfl*T(n7N*jacq&ax^0NMM__ROB
zOsbdlPvw`XRO**bndMTW7(!V}BW%l}xEQp3v6l;1DKk`m$KVGhv(gD$$sUyDf_Z$<
zE!jjA4Up|8<_a3sCcM)D%d{5F<=tc^%I?jfy(;`&Xvr@Bt(0ZOUY@Pg6GK_0zix1{
zY$9PxaM@kJ*Zi1dIs7oZlw2;d$8sr~mPe(2IaKPGOQn8!P)bA9OzkZeh_B>?Kh9g!
z#f7--k?re>Yx=lv!#%kUW!C{eS|aB+5n1o4p9sXg@e|<dDFMCHf9F86&x62Z(O%X5
z=hmCBS3k|sxCT<u`xAj|ibbi|4sWl5x4{m7kFHCBL$+Tn(u4rsXb^eh8+hY!cq5{A
zF~uO;`$TpbyOto^|0)tl_*O4#=1Sg0dsXIJy=-V4{D|?U^-r}e-BPm4R{SC#S36l_
zh{)=BncG3rEEnQqNd73wECb_Xa2&Cr{pg(@A45VbQPEze;2bk=EM?yZ%Vm?s!&%td
z1#|c`Vk%`;a|vqdKPy2kwxW(+o-Ghy5tia*yD0l!Wc?hn{k~$}XJ%Q_5CkliLW?BJ
z2xy4ZyX>|YWQ>K%b;GS>`)#}$KXAMOWxIn95=G`@#O&}#0@-9m%xujF3H3D-qS#fj
z#K4b_B9x7R@{$RaB^IeEvs)UX5rtc5MA_{0Si;RJ|0VTvQf9ec%m)c(`5S&o{o-Z&
zZ^fFLLrwi6HMN177|wYM98}77dgVHzloucRl5=HI13gzB?yPX-{my!>q%7}TJ6CSM
zZc^%1xl&ym;mU*}<jR=WBU~9Z>jqp|H=Fl>S+3XDbEN{glF|~}Qw3b916+B&SmjC;
z=SsQSk}5>Ny;>lfY=}T_Kwve|xbkI@#+CZXvU_8nW`u-AM4ee@)sN!AER6^FYrUCp
zMtEfp5vB3*vVCkshbFi;4rqq9a?6KG{kkD^dtptL|Fp2?wD#3Pf%w>d8nCWiB9IKW
z-OUaJNfJoi1Xosam9M1A-zMAuXSeJE@)Rq<$z4t%fQ<u&-xV)17)RJ>S1t^NIWRnC
z(~@)kILb{p1rweKZD2cS(YDkP!?)_=4XXd)0RO`|6er3>XS0%z-WRyzYcJG2%vB&V
z%f0nrS{3rnDo?G$!#Whk({zzt@qq<cj*_zj80ery)h1iX0=#4PvS;F8v@Hm?^D*LO
zhwuj58@wOX9fLR}<$jUM`)P@6TTq6sxMka7utSHGDH#yKNGS#|K(m)m%92cAr=O`?
z`Z2I~EM*z4g3xm)07GVT*|C<s56=eBqU$FAXv(Z_7ot0G@Oe-xKe_|QS47+a-(nQ!
zUsfpYfJt=+=Fb#J>3U?mwc>sBg3}g*3lj%kaAsHVUqUbN9*c~|ioLAkW(vgLgZ8o{
z%@T;eGiBD>fN=qfYcVk2>!1O<2POnieitbJH)yM!vPv)8ADo?H;<2C7-+8t7^J>3-
z0jg~b)$UI;lW<#F6pw7KknNc>p}4kX&`DXawM!?IZ50E<Tv=ZBh||l)CwbYFR4@A-
zyylSx|I?wwi?S%QjI0X=<4?+-ic8)_Epc^$;Ue%L!<Fu3LAan8#3+q$y*=kTcSs+0
zcv%ICj%;s?vR57MiION3DyDfaWtOTsF*xqmRVV68X9|i;p!WLjRmGx$i^Ug<bQAU3
zrJ|K=;!@GYPDpq%=tDtBLaFFes7l3c@N5uD#YD=i3udBJlr4-%#qQ-1spzu^rJ`ba
zv{X!;E|Aimc0$J5+7+WGAu{V5?;)QCJP&*lOoRk)>!MDQYyb@(orCSMlwqzs%2s1+
zlNN2u;!!KTehzlUDKV@esGRI9EjpV`WwR$)cC%kaX-1H;KdCf4n-*<xP-*xvk)08x
z895$yT9jrS@vzHoCI|avpi^^;Y=3A5a3JOCy8>}<s$(L=U6yYrB=n6kzqiDY3~6&U
zUd>9?Oe6l1JQcFN0;SCU5c0}HDWe6HwFDDqp}l?tQS`>rl3n>{;8t7O>qozX$^v-F
zY+5Xp>&o`#&w&Ly78bnhSIR8sW5BlTrEF0y4jG<Ukrgf?g!oFz{T8=e8LlJS%`+9R
z?*oi<SnhgPAnQM{W1}kFo9deYd}xh5wOtJHvGg3V*Vq0O6jO;$s$;#ZLh~(S{B?sf
zFQLQtUJ^R;lPL34Vv+1ykyX%ub<RS8c-Z#f*xO-VJduh4-w`j{D+WBrXkbV%c#DaL
zg?J>ubIiR717XZ}#9g)%n#NKV!^DH-2dU)Arjjow+=Q|V8SF~9K4tlp?lSBFwmZE5
zhD6C>a4h}L)*MiBo~^~%y!TnCXG{fU!?P)ykpm-$O*d#HJX>=VYEet!0+zFn2CUKo
z?7W*D4vy_?Chjtj;Lr?o4eWOdpt-&Z%4R2N9t{2}>TCirfyRIJ3<!!ZXz0<K{N^zf
zT>S%yKRDuLJ2_aMV}|GBo`E4@KY&OjAoJ7)Sifg#_Nm)5wE))Y8R+Q5EC9{T4rfT4
zmziNUx?k+o@zApZakHJaC0~oZI=){Z5ZjV1Vy}*mPlI3O4JsOZlivUf8S|__SY^p~
z&pb(4%Br_OqZ*+`nVJ(4%DXPhI_tcupk~vS6x3u(VF5PRRy<0UWo)vo<U#leH9l4#
zkPww+*;f3AnGo<%C|i(Y=EwsA?gE(Vew>3byf)KNS3i0db@jskL06xc#&xxxm;LHx
zvX7mn%+lMWYV0b@4K+6FS#<_$D|r?5!cy|4K-R}MSCzK0i4e(0MFuUi7q*V*Z8GZZ
ze{P_+JN`tyJ>LcOb}HyC^HEi6D;d|?HJw0f^Dl@2Ul8UrTx*X6bFbkDk;OH(iKeml
zHb;#;{)SFtp=FXUCp7$DS>}ohw?g;fWqxG_n?dnLZ@gjeNI)%SuZvMsVnMFT7^`ew
zH5GYbLK@!@l}?(2M0z2fIaSk<9K(Y#{6SEZW@H;4h*Lp1GHcU_?o(@uUE8T#BXUr@
z{8{0l`nJ}Q?f>SZ5b>57-#wmRQ)Kt%*EatJLT2e+piE{K%+poy3V+zF0EgBg%fWi@
zpwb+q3EbxprOk`XgakiKH=|t(P2v*t7<4qv6PrI1V-tT*6)>t<Ql9UiET!X0P{CHH
zf*U~v&s_x-io`NpyxJMp;m^E9;MvHgsJ;_U^U!s0)BX^p{49lZ=NvE*F#3mkP-aQx
zh0GIbD`bP8_fJP7aRO!;n$P<HBaZ#AYZ#{pw*jemAv>0kVE=zj`c7rN4xMshr_3z~
z2|2FHa`JcJL+t(6M07?z6Dv(=_d2xvvb(HK3!=OkI&npoYcUqh{F<@w28K9&%o7Lb
z2Q&J>T*Q(;Rpnit?xkO+VBfOgp)@CtcWQt}TA(BSoRcPU(gL(e%lrnOJ^31RuOoJE
z0CX?y3h2^;LR~Qvr$95mgj+Sl?0&4mm!;XiDQLWD(Y9<14i8tt!|M8~7Vm|2(10bh
zC=wbxxG3WFy+0R4^SedSp~1qZZWQmGI+sTVr(QOx@!sV8sCaK=s-=2#v(8rXCCU94
z1imE67n+mLQFeuS9U1H#ycVCquEAet20ICVli;7!qL9f}Tu~pyYXvTa<Bf#6_`^S`
z=!(fdjxziFe^AQWwnQn*0Vz9v#iWHUC`&xELLg-WfD4;9v?L_-VLd{Uzk_*q?p2dM
zM0ET~C@QfuLSF{-)9PU#`uP<xNKAuY&~6IzXqM6$Ma}PWifNB$*@`LZ^T2G`zHEx1
zZ^$Sp_%1BC*g;6B0~S0mN48I%5($A&mY52Jy^wGL5Z;2W$-rFMo;d}_ES1m(gm)w1
zG9bKUA!L0WoD$4O%4(JJ<SPOxOGC;xfpWJ6iku62>t%;2vu0dXy2tNH{T*Iuq|+-s
z9q*GKPlEnWQA0OrQv@JLrOeV*yXoRL(<$?&21iz#^v%qTRQ@GYZiywti+0zG@$Wq7
z{a#TT?TYupEP#vq19<`w(<VD@#aSHDRN0>Sl(GL%a33uA5ENWl7YWm4d)ucB-9NQl
zAZ6)Dcnk<%;)GPT|NW!^`b|LSM#3{d_;6hf(Yu~9aC0$G-h-5X17+R18lrq%;jd~v
zqCANFnA4MdLX@V(dy-`;O#xiPPpS~2{7L-)*F)OPJ^UueweDq;zOiwUCd7iIRvAN{
zjVB9eLow`m3UxETfo#7zNg!dt$4*gZnWWY;FiT`9IZtvyPJ&@JO}1C&@pu^2_4dmG
zDa*jRdO%%ca6*Ht$Vs^R#+ml&BmilkQ?@VGz5F=5?7^4&!^`n?2q}8bAz;wVy6ZBx
zO{q#O&sMS&7@lT{ZLCD}`Zw1{^xCF2*CKlB)6Hr`?{F~tjH>u*M6c76k%->%$!PW#
zGmwm(Xz&(J<PkkA1tWTgMb_UT+fPkWg6ozp&^RrkH#IJXP^s-#_87ulO<4%HlI>-A
zYDDj7xB+GRgMX+kIm-LLOdw_bvHv5m|EPTyI#D3Wa`JaHtzT^Z?UYS(fJ@SzvVL*k
zsLFMr2sz^aP83Kf4ASiDj6mNQy5*Qa1A|>zG@+78(_NIZ-MGX8wkaFforCK!!B17G
zF}gc{O%Mo(VM$efoYJ_bpmFHY7A2T$CGX*~#ctWYbAmuZFUKHLUQwCyT{8nywl<3}
zh3J^FH5kp5=O;&)Vwr?Yxh_SRa&^4I6cWXh`zNYQdFhg#DfJp7Q~EYDGUfKkQA~L#
zWMIm7FAAj0i~XJt{a(x$DAta@DW<F*Un^4z6sF`UOevs}5(|+&$J8%TdK<H-f=#Px
z<<8*oDtBxpldj9M($bYJap|%7i}3UWEjel{K5AC^^_*GZSBvoi2|dXZC&vFR=z`?$
z*c9%)Z8HSPm)c@T=nWnucbFqVa?9yRkbE|B@B4|Idrwnl?LPszmp(5NB)|I!frKAX
zO3??&7mrti<Ud^0bFZllgXGO@x*&OL**<|+<F`<DiATwopN>SyDNAg+R3K$N5R`Uc
ze-H3MB3`z)pAcDKgz<lgM%W$*N0<m<1CwO?`U!?H;%lHwM!E!`yOS5_l<gJc4WrJ>
z5yC_uv~maj*>TXVpV>j0mWh%x!U5vgp0dn1%J$*x^MX!to*Jh}jxs`I1o~RQL*hDQ
zS^JlOuFo<QmesCR_;;g=XL-##W(JX?fhC+C#7>&;S_i)qDk<9s@>LG<wf3U2_+*^e
z{GBTp)<RF<bvKj9&MCw4cX+3Z%OtXEibq<O3qYKtC9<ugCH6XT{$dT?3<p6L+H~s%
zfn1nBodd@<Qda@ql>IiH6EHfrmWkHDTy<If+H`?ru$^vpDEL_mzM2r9TqQC;Um|eU
zSQuzlTY2*1aMKt+3O^2P%W$P~ZHPoQzI&W6EimqWQZ^r*SDL&h*vBgnF|YzND7|ca
zx|dC%O7I!I@~t`q7#6cL{1s)EK755Hymrr?^dWTC*>cY6H77OqcoE(Ssh<44T=eAI
zl|(%G1|_<Dr0J-Cu_e)-{Fh_FlMlt4U|M1D<bRsRJ^9sP#gms-aH)|#=b|NTL{UqY
zlaGqh=O|qmZx0N1rPF}V5i~z+ChUT2|7ILF1d~gu{CCoT=t@tU?n?L9leY$KcbQ3e
zZ!q>QGXYu48mD<qQ%hfOMTmRdBPK$^={yNzuN()DtfeA88Vrv*f`?u~S#@yhA0|@z
z5Iz|KPa2fE@nR6hMXe2=$Dp)*nm~ff>}HaDG}@BZ9}7bCxuREFfuGo6#yd)x(s4GQ
zqo2GdII=&c;Q)KoMI|Z?Q&L%AUQ@^!clmdPaT#Ffe*lb}v}lVXSq}b`%~5(gR}IY{
z!e)<zJ`7eylai|Zu4?Cx<KrB7oT7Dp$2k)z{R5wjf+wx93OOrIf%DE%(i$E<%E6Eq
zA{g<{3M9yynQKHi<k27&;da0+XK-AqnSfP_7=>R)3mhWRl?ONs&E#@k$kTltUN*(a
z(|r*S#}HlkKCs%AbX}HV(#Pk`KmMkGQ&MgsFqYxU%K#^a@29(*9(G>DEC6;D{-(k|
z6#mKP8D`RSS2`vv%JzX{H35n%%f$)x(AMCD-m2RC#IgEC<dmuf0x27Zgrk6PQU@eV
zlI<~LBeq;*DSLtN2_zg3gq{wXzdvBCK2Ig(EuegyuPOj#>kfd)96p0ONSW1qPT<S0
z{GQ}-c%|V^uaqC}lg5CjZyKvQ^_R!MWXS`b{@F3=&ENP<?&-G;n{><XDV-vfOHlc*
z?Twi%ogPEC8`E)|vc26Ht&?$O6Y;ed;kA?w>ip>1XhY|A1O!qx2?<vM;n?=-{OG`F
z1F)|G;bbKI00?`x*YIjJMxQZ|G6g6nAm!&kDLXa1`26U*upTdUe&hq`7$5Ir=au=<
z?$IhhTSja1qc63at4HhRN2fz3ePb`o*P2iPO~`c`=0|^y5(s^)uE?%~US}m&6;<19
zbGHIfz}}`@mf8H-cRWf66~2*=Q<mZ$t)#e!E~l6MMA<(g3ybVx=s`rw(w;Yp4U838
zVlx0(iDURP;GYgfS4{bnDYO4@M&L2#+2t6fBO?0%eudqX**9trE47F4E9`QoeYwm`
zNPZW}>@R9mM>Hz@Rn*ypwSt4ucoc@Ho;VY6x6&+PofwiIPnqRb3wHn;a`(NNC5D72
zQD*Ih<WixTknn?)SrYJi9R{sbPkiSn)f2a#(fe}eE$E3?#27vCm5)Vv;`@KrJn^`)
z>Byjm+7J?2+75wC$^q}TDp}?}xX7kBe7F$Ht)>@vp!dP!a|BYxJ*f<rlLnUJI4zaH
zpNv3%0VWo^(M3wA6s0f9(UaO#iGMyi0#4EboUdJo_6_!rgod2sQzYKbiO|lbw-^Lz
z)kpwAbU8&f!Ii3t#>LP**d1#qsQ19vnqo+Pd&(?lVhs#98XH5xk5MM&0rC$}wmvU<
z{*$B4e}a0{N0|`y<*`xopGTwTKR@YEpNYMh3%zM~3!+{+;^t8QY=jZ@!F(OPAS2M<
zY((7e$`hp-g~9kxttgKhfoXVJqh5hVt!bmqYUbk##BSN{9wCs>OuVu#J*~%dp+&*;
z7Gl8EMifl5VeouFWS?eZ-qJ2FJLF@T4%vQfgo<gu(|SyMb4lJO3kFON<>)Z=vVB3z
zQ5~j**!(Y``McY|BqLU~56&?d+TrsAQZ@_e%7E@*YoKc=+q>i##-$XXn~ik4fbOH#
zO8$;)|7>Jr+9I-)29XlK2g;(>AlA7KOuo!<g7`AaFT-F``(HBlhhZ9HEs3YVqgYB!
zs7W!R^hLS}wTH*#=B+WS{Fh3yP5gHjl}d6jYb(HGp}W~mMHYe`PuD5}V~62<RyQ9Q
zJWLe|j%pS3?Uhyry-OO#^M$fPxmQ6d0Pi*<xK|oiR)X)@+QKN+8i%tukzK%jQL_Eg
zaFuKhlC=i1=168uJIOOSqzqSfM8+=0#E|^XpeHc~8T&9MhJ^DJ84F%Ig7Od^N!fZu
z)-?TnewZq2hfnBb?d2GhwMV0@<`W~L^!H_6Hf7UY*<9e}V%y`P?GLxo1myYQ1_3!!
zA`pf0cA$K;B_TYK4rGMNb*WU~OqMCLtb14>|D}w4@o+>&>YYFt$&1KHE|-x4E+g}F
zGE%6Mk$GH3@}gzLbh1_%>HDytj~XXGtO^M4n-BW-tivE6wucn~@v@&`nn)@8M={hF
zLp+pXz4v#$CCUF+;FhG=WZ-hXNwFjaCdE1zL~(cR!zy>L{HEvbt^b09()JFMk-PJU
zMR9k-A)O`p4|eHs=+Z0)g52hzo3qZ%9x__zA&aQwSya<D=g$+R8Owr!-)qHuUpCK>
zE_w2*EGw;=2CZt`0>Nwan;yJHDtM=jX84F|hI3W$a-+bT`j86V#^ZYM?&09QM2z4K
zd?X6InFn>?&Btagg=S`8GcCUky*cm>4~+tE6_q@zY5{MhD9u<C%=)cX@SY#4fOp3g
zSyo#0KD6oprp8#mJ!bF=t|;Iwzb@#(W7h=^-aMj!H;)*>OUqWld+wOQFSvr>4Y+O`
z!<sxC1)lqW4!i}}%&pMOx|lX#dGo=W18@0*QQ(zR$x~hnc<V%IMn$mc@mj$f{GbBf
z<;$|HwCXUl>ZN7~-jZMS;2l!I>v+WgUh^voc!er>g;C)B`=AP5-(U6M6?5<oRvW=P
zm>mUP%=bF*7GX30gl2w&&9saea&zDf9})%L5h{6()B;|mD9tz)JoIa=;I$Z{fLB^2
z%Sx*(x4<aT6u}$%iypkrR|S%P3uTtdYX<PPToXumIAz|v@IcC*$<xEOeTWKMgJ1Np
z{mfyTbIl0bYeS=8+xx8!wimF0;D&}4V*@Q+2j3iQod!q2c7aNs3$?%&6r~x}!PkGO
z6}Dr86xfO`$+FU_WN6i`xZ%g@{8<m%U#iR<H_F_1s?4oYt=+09Yd3GO3f{h-^x&=J
z;5~oE2;Qg%qrh8KsRM5bAN`=24`MSde?D+?;DsKD0xy<Ip4eKzBce1TF8JurwSxE7
z0}6PVf6KDcs!`CYQ@Bss`ukDCI9sKFx3Ss)-bd96cq>)#Rz`t$?;sVt=Z_l3*(wBY
zLX^U~hD3okXul4;7x{<=&1~5i!TbFFn*(q4{ZZgKspN6i0-i&ZX2b_O{#3jFd%pr+
zy^FG}v}z%=>U|r6_wJ8+@M5bK@Lu}c0N%X674Vj+;4O;+uh9c4c!Ph`gZCva!M5%H
zw-LP4gQCD|zE20<GCra~Gk?NnTAt3jIq)WDMS+(}B~NNC;3bLDjPzje$6CSboTY%b
z=TBKyTD1vUHK7rLH|_^Lc*!bwFI+T$S9DPUZ;=Y#qA2jb%~HW@@q-?`;~c!c7meV3
z@IVxJKkU(gx15h?(9G8x@x0%GHwRvifl=UPQOT243wTtNW@HCH{GnFx&fcehxA1~2
zE3FDctGZbcye>!d;B~sJ3>D}8G=TTZpUO~CfI~%r9=7EJRoIRl*2DHASJ=1yG{QFJ
z{wUbq+^vIc1s}`W5faM923mysZVtA8d{MCFQpuBB3v4-}G$SwQKT<1fU-%T*vd_!1
z(yErws_F&^+oeN#*mhn}WG?eB18hD2QhhsB=H^Ao-0=HU@ZLJ42QU8uf>#v<-kn)d
z;Enl42i|LZM1y7~G(_-rh&Kn`W-%(##+S593VEb08o~lm+63Neu<PMkQJgF)C^q>+
zmX+r9hvt1&A5r||pdQ8b=M@y=jVQKMQCz2@xGoCC7Csfl;Rp37K7JliJQ9WCh5MpV
zY`05?;z~ZWK{HQcGcASp-W-Yr_eP<(jH9@$RusQj#N(AK0mzdFYX!2?y$X=K&dRdV
z!hC4qILtA#jy<3Ua@9oz$o=OGK$f3VJr^|uxhg6Ix$j;T$YuxhKt6a8fqd?q5y<y^
zQ9vHrsRQy&KFmQgSMVIWo&#<U$Zi9ofaEKfC2ML2k}sieS_eR`I8ZB)KYJA*3&XOk
zwD2uxp)(dkNU^fL^j<Y|^fph&g~vznvGw|Qe6@sUMX7ktJFi&H*NuX^=r6@;W~0^2
z)+0T7fQs}7-|3OQn~Us_zl=!t7Nd}!utSIRJ3NpG4efyqwd|!ghxB$Dg)~27sN_QJ
zA$ES~&=)}tcr^f?@O`a-PoQcThd1(PXyn>DhA<8V8aCaPq%OTE>n^|4Re92BfXb8i
zc(f2o>5q@CPkdV&PkuV9@Z{bz2A<q~M&U^g@+3#klS-=cr1`gco-8_xJTaXy^5p#i
zQ9L=aO~;c}*igYqNa!`p@3f@#zd4?C?;phzeqdBdoT*lx@WZ3Nh~=?4hl!BjOW)SY
zlOvgm5)@pQWu>7lprNfTD&SvG74Q%6aS}W}WQh*5F3`w6M6$bq>=TQYI+#vbb#NBn
zwh&jg8fhrdFbg619VxTyp}21wm$*{Opg3IO^1CQN&@~gYf9LMko3|}Nfk$c=8O_@)
zFmHL_;h6~u-n%stsa+Ih=1ym-j85Ed7%zgz=+r1PS5BiCeg11LQk%}X{V@;dLD$yA
zXp!2}{SA@Y^gMwml;ePMop7T_Z6nWr9jR^LiIS3dE+t8dl<;UQ+fAjCR1+au7*>?N
zaB@+B7lIS^*D5L>Wf+38uVtv(%)3zx-8gABX!Elfk)SLpG_ID7c2SY}UFo5Em~=Qa
zP7GM4V^k2t?Y{o19Ie4}Uv;WG{6VWdh{>Co%JQoNyDKuwqD-DP6Q8i(Rt%$P!hZk6
zg#G>j3H$xG_1bSM`G9X;r+cBE*{OoEx#b1?B@K4Phi6b`@5~>^Ymei#$0I1S*XNHN
z+GB_IxDRFa@E&{|t38g@9y=+s@7W`e3?@@HyV|U7H^X1hZg1yQFT)*Yo_@HN``RA;
zT5fts;A^?>oiqsgvXcT|%bkqmQmVR^J8};|za|yMU0DJ9r=Ke8?mc>0|DDUac+x2A
z2Ru<LU_!ahsFfjiQrZ&|+GWB`XThfbnDjC}Y@$FEvYtS8fUhC+?#pf8E|ls{s#LeF
zA=RDJ0FFER3WV)PiOvYPEqrhYEM3M$dzEgHVU6-To=PR)7P2iy-wNN@w2VtSI8MRY
zduo;Rt!{&)f9~dzK1u1!;PxPLDKjS2+(RUBQbS%`zPpz6v>d#7&Q`ocJ*dQ1B4NC8
zuWaw<7D#xeuGk)KMUPO4eC#Y`!(8z`_IGFp7wad#LE~t~#o`xoV+jfFs4zuNwkw<1
zo{(@mz87NHF2i1kgXscsmp$2@kg~5aw<zVU@jOp1od&GuG5Y6sW&7AZtTlt}L=|>}
z1)bnZRcw2PD+v`;VFnr+TnEB`{I2Za$@3<@be>$L^kq7X(tfa;x~*QB=`}M3d!*Nr
zTG%$d7F=V~dDF9_Q~b{NskwvfXrG!nf;;=v<m%c!N_t?R+{ClSI=6>AD_l-c@LAg`
z&B`H8xKC&J*0GB&^dTfJosjsxgiP;8$O|4qcJwDi@Dh?ffRGvY5>hG>@~4lGt^)}f
zpGC;3`w2Pu03mG#6Y}T~LOy(ukiUl#GVdWmt~^Z0@ZtPu9^CIfl%ElF#aB{3a{y)5
zh3S|+cx+fCeQ?h(fg~SQ6A14cEZ~s`PRi=hfW2&(KxF$f_uw`lJan*VTl&c8%|I;&
z^Ay5yTQP<30A;V^R;gZX+qnhe&%#VsOH;R!qO(xH!)nGoXveCcVbWZ_!>R$58qktm
z3a*dbqvW7z)l=3#4p@^FtBCF%ky)FK!&J9d2MMIq(t!~7IxslFrRPjhZ>#4O>9O%p
zW}VUpvDx-W1e-OFL{ck94?++E_75MylMGO1W&7~n>gh=}VCgZ4!}7q_CVqO7gr_#D
z*a+zY$sbyyF9{;EQq1zSnxHQQ*q43KmtAK~xQ{+dtuPA9?!BS8ynKLMfit@2hVwA+
zywakxPA{vb>_^J}^p%wRlf9q}efubfqS1i;MT`^f56;;FeaUaa#UTlFK9v@2bB^4K
zHGWUozF-eRq7DjOcDFzj`klI0YP2U#J)dDHKNk!$UXrUQvm8Pp_>r;@?Ny!s2xaa#
zgbas~xY96!^u39Y&`W6R0(x9pLiN%nW&0k3qIy;5H>b?<RWCJd?4w=+3E>Xev?+1;
zY(sDL*{8h)5~@=2AGRY9lr5^j?E(F3+Yg+6kLJd8D(!nKwCxB_$ec75IXm=zfdsE&
zj?s?L3Zn4q4{&4Cp#d|~#lRGYtzCNLyag}2#}}9yi;3ggDZ32bpWY(g(Mup=FWEnu
z_8K2I{ac-3YSjx>Z1-JCe|m4ZOHJ+eyV4codFig2W76@vv~$QP9@m1WkBuBTVk>2q
z6?dz}y>K@_7&iYytnS0R1QK4!^O=uv(2lLs@|o8d^O>*rLZus+9Z|Yo*%751n1%Vw
zsoBx_%%{?Bl+WBIi)-Can<M$mN0fZ#N+qAULYL26UL&9RFUB)<uikybeCAL7HIeY%
z;HrO3n9p2zw=SP~vJ3cquC{#UHu&h2F`xP3785D$j89JUeCEb@ags~S-J?-rh71%)
zup(%xC7=1OG@j2~9?54uqU1AIDEZ8lN<Q-%C7*d=E6is;cEfyTWzWHFUqvON8&aBg
z{f7hfZ7(&Y`CV-JpEpWr{uCeoWlU+lSZ*SvoAJp-eM+-aOKGmehktWCx;%z>jJZ!B
zK>#cojV`JBl;%4Bn4(ge8>TA5NhG^_R!g4Mys~Civ(Y|9=QmgK{N^NXSgwAd<~KV{
z{3vJ4Z%*~F3pnZUupr8~hgFOGnC7eSHy8fNfq$IvPagb}CF1rsDZ^F3&mQ8l=j=3H
z+VelS$D&(DLP8T-scF1-rs;R4q{yQLQuZ$rrUBu*E!8w$YnpyfOv)i3yoQARfN(}j
zEsb|jntoSI%4(pzij+Q}9E3&AiEJEgP_7t;Ir@#GKI!pzpENm%GE4n5)v%H@ZR6;r
zRP|;!Rkv}p(`NnF-IQ*T%11%v%~~2ZjwaoS^TRCQRlIEPoT~LPu8e^9wRsY})w`v-
zA-8U-p>LI#H;RM>K)BMOZpi(mrvcaZfY6MDvw`qwhX$7`Rlh4VWd=~nd{Y@vraCmZ
zc-HezoAq$1M+<tA&nde?Md>jB?O;z8pWQvRtmks==9fKnS<ioN)bF-UxjIs7!b)hu
z8!Zge?|<&#S<ljFm^hy(s;+OFySD}AJjXA_oac>ml$>Xgb@cTF^ZGN4;z>Ss4P5nj
z%Kq`nF|N=Yo|$xe&q&&H@3uYp0kPS}wCATNv;MXTkea3BJbPiruwG4jwr=MSEA<a~
z+H*$QyO{RejWX-&oa%_4il;rto3PgWIP~jV+<`NnyiNMB&|OCazV)r~&w_sAqWNb*
z+qhVu+qhVNP4vdaBX>qNE{Z8QRC(@?Y+Q6FD;pOJqQXhb?og-LziiY`u~!|&DfX<N
zj8p6<?~Dp3tz4s<V%ty*yLTcaG@2*qn38eFV%2}SWASPafoxU-Lh&>(<QSDa$1(z$
z0-vz4-Bj`f*$!orOr;q|L}|u_;1in^F*6$A4}0K7MPJDYt#KY`+%0y4*cJESQ^q7E
z>H|{bW7k4%?1Odt2E%&UA%#^h9yG9O?!gGFa&@d4`EfL>5>q0qdLtQGwR~WNRWEi|
zSd|;as&hS5RwZxHvnu5fvZ~HOBdd1Y5yh%YAM04v7||FBXsqYyKo54mDOL^a9>uC<
zRPrp#2xOXdtXipO)uQ0m4Yjf<raM1-rzH2fEGsRW0xg@`l#q<H$DNc}a*_q&wk_Gg
zcZA1MmU3S*KR7Ixmh7?>zd#7Vb0U&;+e;i+)OIN9KvV7_Ga4h?A4xVC#?g-mq^u><
z?g!d-O|>ZK@g4@Nd>2siQhxx-<4p(=r5p#i!cw*q99H}w0>*!n(ARyhhrl;M^nSGm
zw?8>z+T=J}@i$lj>8?f(+hDP=w-FM$ttsKBF2QKbs#VB;>INl_jHA6qI`}y~A{*_>
zLEG0rwr}dLoQwW7(O!3A<8{9IGA!fXSlPayySjVER$Qp?F%JOE18)c;c17{{&ggCc
z!VWJxj3En8l0Ztz3;NKat=N?OSw8kJW!6{M>Gh=Nw*tu@Oqu1*16&UKa6P&0fIvcv
z2_a?evBPfY@SRNvDRbg=3S4)B>vnkE8LpdS_K=jPE~4f|EuwzcO;ruYI=yOqR*9;y
z_IsmheAqooHGce1ry93ny(6IB*BTSzX8VF?PHDqfE6P%m9}-BJ3(0bC!~J8S!<b2A
zY25Xul&F5!C?!g#k|#YQkZI8=5ryBmRPto&wJBAU#$<`ojGW-abxIV|s8t^)Dtly=
zNYiVHn8)rbk+nX~fIc>kGZ@3C6QhiwkDd0hYd&^KWD_tT9_ozgNY;<O6i9Ma+S9S=
zwk10vjPJT%F_7;ZFc`=e4@3+krr;|E@}Bpj4P?Wlh=DBZiU#tT0TBb4-$gNyIZ;xu
zCsCDxCSU5MV8uR^0{a1@6ui?dN(v6Vuakn#h|oqrXqk-=wl8?{gu$2TI#eJE)n=eN
z$Wvu(U2aMOV!K310HKnHM2&c{dd63a(wMkl!I!l%eSLzF>F+1#n9dvfJv6pWBLmZC
zC)8xRG6>#nQ`gmoC#t3@0Sh_{1x@F9OmBS7j~BuTgC+`#4=4+nkA81h1Q_(avXGgD
z3z=DZCf4nuGST<Bo{9YrAQK%?s(dUliix&WIwp3(hF*b&e$P{K@@~H=_Kdqdiaky$
zdE%qklcZ;lLzMEJ!5==al|8L)$5^qgq!30r-a2bMA))y^=jGWh>X|38l(n7Eg-1ZM
zz=C&^?LQ@`3`oK^?}9h~X{d&{b|d=G>b0G5=;@-B7DrjzTa?mLmC_byr6pr&k3nf4
z8B4>xdSkG(p-wSinS-&ffezW8-9>%-4n9eNw<k9wr0BVL6Gx06DQbB)0Y~m_X-{{_
zuw_)CJDwym3)GJ@%7lH&3fMmX#DsnR0SWv3xAod*D|wGE6=Z&PgB7s!@UxWJZ~N>9
zD`4s2M<}z$es+Tuu=McVl-Wa{-e3hRJ=~Tu`#1b?&E>CjZ|5Xs`71LX!G8Ty{qooP
zN@e*gZ=XT(N9|LVzw(e=idUDva`1XxynZX=zwuiB_osSQ7{*66`@X3B@7tsEzu(cR
zLVsiv?Mz6hqCSjjdxFi584TL+2Lw_^k?a8=i>c2CzjMEu^z-vOBV>bt?B{x#w*+!0
zYG(kYG>lL_2$XB<ac>D`lDSS#@(Ic;$2ti_U0GALv26`)?A#swpH2c{`*6V~BjBz}
z*<cVbzblDKB|$|;Q<cOIbzLo1Sz}A5Qi(%bW0RI*#(|P5qU!FZW0({21^;^07jY&+
zf^nbLs>t_u!rhm;b(lV#P_;FrpMf5K5o<8Btvdleepi-{ofg@2S1Ov@>8^CNxuI`)
zrcr*pW&}jm`|)`0HKGydA=?k%rYfEf>v<RIsfyJ+zAT-?_+dvBO;^0$4m6K9+JQM*
zfmz%Ih63M-t!W2_^U@C8rkKREryZI?x1r3w2?~-1yJ*5be}`WC^83R45ALyVuy*_3
zodjSd(uCVkX4&eBJhglY7oB@xb_P`U2R^j+|5)!;)~is`!zy<f_XF%w(!;XV^swxx
z+0!Q-Rb{&LkzSd;+KI|kxXY+a^KOe$rmx=6DbquURR7xv2~DfZwPfc{+WCRtBE}6A
zh(hMQox6yi^HiEYZp9Jkzm)mlt*XqYW(3@IxVQ&~<Wb2}pvw3>Mc%2Br>9>>rqYaD
zQJRq_N?-7NNKDxarhQziSU-EKpg-Dh{H>}?^PY@_4j;D|WV-*YicDi{J|fsW9uvC8
zJN-sSy-Y9eXq0K8qbh<Uu%5+GPlr0S%Jkt5D1})a^)lVJqfw?mbEyT6;%*!i_^qX;
zOiR2pbH^LVbjVdxrW18iYj?V$Wcqx2olO7M-YC<pusZ9M5A`zLcBdlK6Sf;<diZul
zrYqHHPi2(Dd$fZp)9pXh%k=IYDAR4W8)f=)SCmZu{+dpvpFpJUNFXHiUJRG%i$54-
z`fgDm3fY|rT&9olgQ;4zzZscs*1k5GUb-rhAgM}rxlXbxYe+Vxor=;Xo;&#kKPu*n
z3Xt!IKCD%~mpcve&76um*5#TkD?J+o09@neQ|*3V&!>Z5D-)Z+I}H;X&(6rihUy|e
zV^%~@Y?5z{Ol;n3j}x1fy(1Hw744LX4UMv07o94f@q1hvpZk4{eBQRh$mcyBqWJvJ
z3LT#(VmBv3H_P~H!LW8W<r5ES7v&SLp^|4!RODx!-X~ra-1UB~{HWhfVL;wRSyoy$
z3tBdvpNl?Vm7W2sw<rvFWxIg^^S4JBP_CO<o>(5ufX~`T7|_Xy3}|<EgaNH@Q5aAj
zrD#vJQyH-CJv{?jZ9xV!h*GqB+eb0r*;jN7n2g<g1-f|;Kc4Go+nZv*fwoZ$sGyRk
zB8mZ(dIppS>8e^8AhlH(aQ;tOR$BH+0v^eHAFY{K@^IT)Qdm4~Ye{xV;syK1;+jYf
zu8Fj1E0FLI%Is6#MKc()4YPmpVhIUWysgXr*<6tj$^IGfjv@Q!a2tWRH}6Rxq>P^;
zm-0^kNcPVajMt5J<%&G}hhp~6bXTgI9pdo|HT$PPnV;yhfAW;mk}_O5%BM^-T-nNZ
zO!fIf@qAGjPcSUo&9j8!(VzA6452I~y;2u=YuBdcs&<1mH%R{Zt2KX+8~xx1<v~vL
zgYwq3FyTXmIxm{~h1N9_iDtI0naA{mQb0j;0r$7AnVr<Tbxnck+*%-BwvDoYQ^`bn
z{a-U?BH^Jev$iEgWg?xJKuFz*gou*~*_%hmXg?wMPbK85rwQ3OjgZV)ge;m#$j;f3
z&wkaKU(~G)F6S4fMwas@r0VmFs*()(MI%!MBHLTG`k(WQwj}W-{d%u!`9%dhho-De
zB)@2F8#TX3e=Kv`R_JTI*aq{93TnwO`lsa$^NSq1{G!h@aNXIHB#_e4T?lcngTjI-
zyZ+n!qNc48o6$WZ*ktvLq&hTAQu2%L?WxZ%y5_iHe$kKJI4pm?YRoTEuz9PsA-~9>
z%P$J{!@j)VO(3O*u`e^AFXJj|<`?O){MLc_MFm=ZQNjPK{G#7lMe>X8>BjSmI=%XT
z$uCNE{2%j+3e^0fsjX_sFLG%4MFSE6q}k?3evuxR^(`>Jh@)XiXcfsX8rni#p!Kzg
z&M$hTrTXmtmXZ9Ty(|BV{Gwwmb@@eaVB6-JF*~ABU*xQuD3IXt9sghE7aeGRqx_=M
z=BQ%ho2v;yqng*uFIw8XrX`-${C~(Vy4#@^*TZ4RFS@rm&o7GBueB}s_Yd#Teg807
zr(cPReub0u`t_>)#`@KT>(>j*75(C>glZ;dWno6keO&?k1u*~ZT2xkTBE*#Mp@D_)
zD=6VsK}G+7KB4ppq<@|>YZPW<T4#3=NbuaYDBa_wnf)-mNopY|dWQ1S9xfFHwfx;o
z6{9oFgd1vO)b}C*ucGFN*MS}pyvlp%@am%AwV{U|uZhiW__fF%6F6RvzKnR?uXs`_
zRF|;pF9B4y7H#02OVMcJ@$-zO^|}Gk%N!p!W@K7lNDxSH?^csmFJ+b;&DF!^(;wMd
zvw!_5v%Y1={{7uO(!XQfBmEnefS%~j-J?^>SkoK!Fkb0l;WE?z`aMjM{p22uhNgfr
z%P-Gs2Sa9qaq%R}Ug?oI4?FFZ#yi~XSFbe1>6NAhL7=7a$2{!3PnvSX!!F~|h#bS_
zl%*uzBapHcW<oYi?M6uGEsUsfacgxbO5A|{T5o}ry$1C2fPM=1edpQ{K1IevmNL~Y
z5PwhYZR7^Lz8PMB173dzUcUof^nJSXy*D)xYF0WA-g*<>DuuVM6QWjSE3QPdwlE1l
zkTAEI!Vu+<K6v?Fc=;W8c`v-Y1^Kct73qgI(-xW=mc0u!hr1CH?n~LibR@X5nU?a?
zu<Sh`I1U8umE;_(Pd7O!dmBi?-O#1|?rwf+TfEx0<Be-^y!SM&#pnA9ZnD$hh&9t$
z#+8k^W9;PL8M+dWXV$WVLAl&SLVL_n2gHB7Jo<omDot^U(qr+WG(L$kOJ!44*LO74
zl7Kd7H$QEvO9DE(Op7xEs+W2RN^fOAb*L=Mx`tkkgN9nNmV>U0b~(LTOnu0g0?8jv
zndQJ*!}M?aT7jPr?PcpIN(IH~-^uyfl;Szr{#8>x_489^O=yA&=js}n`Z?nS63$ji
z(B^&5B5IbcFY_<EGeQ}4P|5nu7dY>`cdc&T*Fm-qYN{Lz?Pb66iQlXMwn1c;=Uzry
zMBw6G0x5eR5NMc0NNC)3S@yEbSTEb>Ws3-Yn61V@`*aiSuuCXn4HWSK6ww@tXmVYa
zDYLv_1FImr+2Q|kDk<5tgPyHFFB1r!6E01MxsKnJ4h+bmY}T?EzUq-m*{niT8jPS(
z_B9O*cBQI^W1V;zIvb3h7j(24zIfamE=$f~FV3W?KqNpf`d>4M!r4Xwehp)9@ZpzW
z4j4H>`MXB=&6N+e*So{(?XStQSFYn@*I}xMpJvRX>~rNP-POt|yZqSd=-E$UBOb=g
zsi9?K8v&*}K^?PU0`tpxGZ^~<_el4!tx^6Q|HugU=>ANW>8veaYS^#Adbpd>zB~@v
zy^pfYIFWrVXC?7u)S@I9YCeJSs2_$IkU|};7UI)2@U$ZhEI<RhzS2Zw`&NVjO-#qq
zH<0WzK3+YaisRK?9R(6>yUB!-*CE_3>I*N-3S#^*KR@#yV{+<bD<8sB(Jh()lV(5v
z=yQ$nTx35D!cVI3MHtI;7L{YI3^L=Ll>Ok9rUaAEd8KK`lB;~uV@Ev6Cw$WQN>B1R
zpERX{e`Qb_>`KS4nCM2F7L+A!=qZp5Ut*9V3=CgxCWMdQ7F)@0D42|(@%^+><O>fa
z@YXtf>pHwO8oSGQuPa3sl<j{t5=cq;GeA8QsMjNP{qBT>?lco(E9uV*=R?J?Mv<@k
zQkK{e-q?U|G=n!{c=>#oNNQv_$o<Nl0@<(;X>S4A?{Swt<0D2)Bg0wldx3Tn(#8Yr
zd-Wsd|28sw8RRXXEJey5Ksf_TE#l_<5M@^LQpGUyds3!@N;C1x@S-#p&;M<to&Sq6
zk%{O3TD9|k`Ay~g-^GS+*mR0io(Yw^>l?n#dRqfDp@mDJ#bHc`jhOVi)+i>u-luw#
zo^o}K64CRrWf7D9eXz+~?GW9Wvi*dWGkFSS*6fC8((jLt9QW_5FOcw1r3CG)|Mz%%
zE-V0jK!U$U1S2N>lTV<FDTQl<$XWmGWqYAD>VvqS@Fs}N^3h_x%`Ta;#P%ry*-*v<
z$lZzhrP#eRU_IR)M%t}zb||=Hy@@0r4ZX~l`A*dnNb*rnauuG*-$Ol<zjLi;@>^y5
zFZHnDJr@hatwjGU1F+YFUAdTbM)}6&JTEJ(j3LAm$c(`tms=MK9OlYVKlc#4V@a*Y
z@8{RU*bXw+dxzGq$AP(z#2T18pdPo-`-AJA2Mev){O<MedqwpluTO;6Prxu0U}(as
zFmQ%y=w%0khhK~YYp3Hu0Ev5&1+rlazAeGqAM!zNNCTeKTU3o{_=%nd0x7DllkZM0
zr)fo?|F)&&CFQo_Q!zS=@OpjaQ<kqIbcvIp@a<UmZYcb|>#|%_T{pjXbSW$Kr98w-
z0hvuqgc2&S1fd5Zp@vvOJzL477(${;d01ac)A|wXbh?K?HtfbydO;~WU=U+_!E;os
z^vSv~-Ax=(Um&*PCNV^Znru(4uUW2Fp`^W7(j!pP^lQ)_lda?zz43azp25iE!b|({
zr7=C!Ay_qDQ|cMa%-ukXTL(8!2HJb-=!{qYdIm!m2ejYvm2jYKQb#jhfqDk>d8)fW
zHta*nBA`5A(HXD9lvzECjK-_KLzEuJ^a1JV_~a^4dJZgDpL(jXN`YTImH&3_rjy^~
z7VMD)CVg8+M_TX__6rvZHCY~02cy-S7lI#v=fYz$ytXXy>S|?KqWBZN5$m1*iMA~9
zDb<!G4h4O)qd&Rcx?W^iVqsl0Wb<%Ybq5-<VhdlE_>`*45{E?GAAPir`pNb73-!wq
z4OT;Ed;k5hVEE+v=dp%QuI~%}uC_$ZZ$(++uq1(O_#Sb1y9XgY_HQWl9~1{wNqa0d
zeB>zsUO0d+d<?)@P&h417ARg0`m&T|))qK=udYE3k9E_ES_4Iu3I;=SJO%?hpT%f4
zvwv)U0%ar7W_D2HAz(ABb?)s4F%e^Fy%qpum*8F-ZW~u<pS$6w+^kky#aR{T@TxnF
zX01X&->-fFC1Ov5f2xvXG@(79omF}-(isy;#8WWdf$DBH$l4VF462vy4?aHMq~A|+
zOhALWzN^NfJw3qsT@NkAFZWs6LGRdZ$`-{U7y8u(dJhzs3Z3@lLV*Xdz|*MzyfiPi
zLxC>M9h={QvT+Vta?an9vS;F`>>*UHEAsW+3_&1n@G~-8=^25(W@SBPzqV+S%_j<3
z+9))^MT1`k6zI<RZDQwqqPX^#%}UOJ(yD);RV%^LckZcxbO1=;3X$1i76`*3r6^R#
zpXW~4=T9lRVphL}-Y*V6fv{W7qR{6|$`bvF0@-jBOTQ<XgP2tf-Hy<vD{J0~6lj0o
zPMAXLs+MJupTX<|mpbxRD!g@qvcx9v)?s|BiSpJTm*K7Jlv(nb%Bfu8hMbxgV=$6i
zx(H;$PgvlPWB}wcvgu6|*rcC)Y#S=X1FAxJDVrPz+8}#$xUDb=#K(4k6OaV_NP_uY
zD$K8LpKl^!=Va&=yO!S(Wq6WFAmLVgf`@Og{YW3Y#*lHqq&%ff<C1YqZQZ5js?cqw
zn#)Q}O|?Wbt`mN;OL18h%mTZbY$ad7FHryAh(JQ`RmpOsGy92N2(}RA^Zd}N6z~TH
z{OtQE2U^n~oysTQ(+H~3Qwaju@H003X@K+oDwsLe^|D`U#8Vz8d<iUG-Pb6x)wr2a
zWN#~*88<4M96xs*Q)ZeDF!xbQX19=<K-4GN4nTE3<a5W(gwEOqQz`dI9#GWgSJm9>
zYco@uUqOTT+{ytHE8ONMCE;ebX~$rCg>x&6;8l3oWtdq-zFvZ#HOayO4JTUgPcH6I
zknIH~P5xk_?!H|h8;-+FdlTSw5FNAy+)MD81buj?IgtJaq&tE1E>6mwgbpSxCI+P8
z&H~x+JCJ@0q_$YiM;K?)G6{k3Yal!Zghzq!R9)RhKbYTim}lJRm+A0IGo3zZY`jmJ
z1l~b=lj;bx0F~kMn}*s=Gr!5bgWhwr`3=;asnvZR>Rwfs=u=4Obu)Ai^FE|uu5{Uc
z57GMAhO(5p@cJou{oiC5Q!o42`Os4Az=A9U#Yzl)JrpmH4X5FSI(HBfx|Ne=Bk6Cl
zSr7GxKpF(nI3TT#_*k8Zfqk=q@FWnn0>aWdx}AUEV*NJ9xbqKOtjSIvcsozW``BfX
ze`oWkY*qmK7JhLbYln7oBfrT}yj*Mu`Vp-KU7-c8I)-7-d<{^1(P1W_v`!3lEr^3F
zusE{)43u0_p5KzPlrL`+$c8geQm;Dz&`Y8IbqFci>@*W%a<gA4TM&yK3)+@!#i6KZ
zvx`65>0_s*VJ>Q0QjXE@l3jjxVOslqtDEgib(?HU%1g@gyUF$`*Liiozy46&WvK2t
zR`<7$oedqdfc^(VAMtgzw@OrpXIY&aIy_&Zqy!bNK+$JA31q`1D0)kz=x5RWwPuy*
zGheR0s<@cnz7cUTMV9jQ8v+Tv!#|Cer2919nWxpnE%noQ>y$1%O_{X|pdGMxY#Es=
zxBth?KaH0Z^=Z6<f6Z7DvurNbyO_DJ3PhAr+;8wi0*jY_8t;Byjo;#9m-&48xdLno
zCI^;Op)CB}QSJ9ukOfB!A#8VW&RUb+Htg4kwgb^cfe<FTvV$YnnuwB|p{eLw8tqP?
z-6?1p$?c)5e5Ip8rOwx=cLDXw0{<w5n;oW7HV8fVKUdAf%YLP4p4j|E%7){p>Y{80
zA64t}U}PioSUgwF7_84$0;v;RSs8)80{3|e)X(3|Q$K%)t9E&Y4=)BkP?g2#MuxAL
z(bk|%Rt(PJD@tuXc3E|Ew_Y*Bc$#nH-8u=~`qJoFt^^WxR>W@uGfU%tQEAzNc#IdO
zn1Ica-{r(F8P6yDOU6&YKNSAyRCL8;E8&wF`{%Ryxo28ZzQ{g<U*V@Hv%jQ0jMpB*
zFHHP-R(t5s9>TA1DrNTJ+QV4wA^Zxrrp%tMJyeqMMfO>>nP^9@Ir017)%XGJX0!FF
z_+3GFaw)THf7LKO`|?$RgjVyZ!EdvKXcc<TADN}iL0QWGhpW&u%B-O)s6xNlBP#UE
zWittnq|CAu3tPquQ`D$Cat&r`PtVe;(eo>Crgr<Qx|v#Q*<Sx2v$~KVb2UoM*QRP9
z!=H8#$Ob_mWK&5BAt4W6OIv&yrPj^%qdR!J>JGNQ(fsH?m(66onn{+9$5lzid=eB`
z!Y4&Mr=CZ0*%l~7b>dgJ7AfC<RA)~-AM<nkhF$Q`tXgHd#bq<!?0J?D-UXEIO)sZ_
z2|N!{%~HN=&+!<mli**f%r%|HU3fFfW&0d&8sqybtIV}0PR*?X12+NuJHN}xldb~R
zhZ^zKK%PgI;mXQjd@KP^KZ744m8$G3$Z(|x*W*@;3?3y<<rxHQ80K&B-Id|Vx~?=;
z8k6K@Kha*6Vh~$tm@C(xs08RyrYdFocbCnir2HA+c$rfm8!W)_Pl4luWLZ`h16Hpy
z5w9HM64^hxHblDk_9ZiVtH%^?6~pvV2@r*s%;>@5-ihcBRz8LgSG$~e#z_>~nOOR2
z^ns&Mza5_`hkir}LZeG&zOFK#9~Y9mCs=d{ecx)G@2mK~L)}B@tg}ZH|96V!|6+_-
zdc@&LKIfIj2PwOv_`h!Uvsap;xWH2?J?xTCnpOe+uM=z_g@4lFpCtSy8QMkJKD)}`
zU)|eIAY}~!^A>j!5=yA2U;jl?9LsHGR-kDQG@qlpt1JO0SD97M&Q{h4XcB;CQN+)k
zg_3ZDQ#1gI6rh+C8?_$mo>AKeyG3bQyvRRAmtLiMVRynWz8;&P-E7Zqa@TCwG?RWQ
zam+0O;dOhV?mLZpRvy1-CPii7i<vy^BxMW1x$?0~ZrhS=RPwthcu~C+FKWByMRk_#
ziI=#&ggQ)62Uz+|zd#+wagDP&bO-mJ9-FRa8gc)r)=Z<RmlXd=8}?VX6-ZfgDD*=p
zbUr^*wfS_t=al-2;yLwsMejNFPI^U9KPvobmN^ofTQf-w4XU2g%u5l^>931u_QSSF
zaPIV<+;hTG^uf7%E^+~3mf~r8lm9NRZ1?_TIiC(%yxiosxTJYb*LZZ!Gg+HwWBx-M
zwYMKZZx`0#o45vkVDPh-X;hy8m78zBc=k`wwM%Zc7d@JI%JLmx0oqYEJdVnBaOp3i
z?^FKNh6T&%i)NA$a0}e$3Ji8-8<X(;d<L1#vtf@<Q<i{@)};f~ubcnlWyFdLf10%=
z;lr)f4s3@Gyk*>N^1}rH^%_oLDYFc?$laKQ&A1zL*G2BeB!SP;y6B22zZYee>3^9c
z=d@1#%S^(}D6?c<(A`bDVAfoTBp4a<E|^L3F4-Qu5E0_Lp=q~3(>nJgB-Dm`>hC_o
z7h!c@iKl6n^p_O5Tlj(@S)uTS+T|{FLS*@a%Uzv|5xE2Y(SUu5H6nMD&)-1qc3dzk
zx#|s{(aYV(FJjJu{Jbt_p|xy({V&bc_?gSy-U(W=I?jJv38btYnkMLVCm!RCKOd1O
zo@p=zB`T6>5OvmTyYo6%gQ~6udd27_Gs_I<q!M(Ema#nGxaKc|j{!bM@Tq5%d5%%s
z*8YJG05*SaOSSo4X#OC<AWzaCd?a@I*eTk}a`gh2pLiIF7Z#$W+kqo7y`YW6DNtg2
zC~*{&Xa^T2fH_58wjTp2!B(GY`A=?kDUywJ)gh2F7rJfm>W?r`74?a=6{B~xPquHl
zppF=};(F-R^^fzh9bR?-vzn3=5h*@Q3{i-$&%tY+I5)T_9w+^_TI^NsX4`GAe=VkY
zoVM4?ODg?#bpJe#0aBZCZy?=7B~M(qF^(^LWqY?j%%rGV_CKLRXZ$&{mQl3>d*M&P
z_LgLU`@t4c9OlIH+8{QGvJ^XX@^<Lt2I%A^>_&>*LLg=F=)b_-U-{h--0cK+UxT})
z{O<SK-B;l5B7S$1cK2nt`zqdD$YUtG{xIufC@%nM0vZt@eT<Xx7|LsZ7{>U=fwT*d
z?gvtrNgJC_{-KTV^*8+h55J3i5uG0}^+CRVSXK|1^0J?O7&p1(<8hO>{!qu^m;W%U
z$4o8IZWi;Kd~hzCqS^DNl%-TO7f4xWXx_P=goOP%E4nv~vz<=)0>L9drn};OY#Sd(
zb7RzTbRN%k*#+b1w=j<0c^)L$CcQ%l*>s^N;l)#yGQ7F*?0|`3bB%!IL*bgPwFlY}
z<=k}-o7LSZ))YZWi5A&D%)?brWMv1Hgge!t4nBoDb|!!a4ZSHj;dh6->D%<f89w`U
z2EY2qgi8=GT_2{L%ZjDy$v-#)EaV@i2M@ShiPKip;;YU)!+q6twfL%!p5dDoaMy6O
zckDUCy<_g=8l&Hx&w!cS4o>b$#mRkbH#)iC%eseSE{*2jD)}>a=Nj^7(6@cW!TsAG
zH2?P6|K#7IR~xT6x#;d@X`XJjY+n{OXu+sv0@;uZV&+RFB=mkgT?)&@aKzKya0k!~
z1)3i9bgRGKuvv{a+BT%1Z3LP|^)zjIDID>IH}n9C@j!7lR$J}mq1>TQ=~sKbQl`Tv
zjdl8@nekp}CMeT`VO4L$uvrb|y0x1<`Ax1&Pvx2PVbEz!1;XooE>-c>bpkLWXeLD)
zBAzabMW;gMp6+y*tz83WH@$|l+f}xwpNaSh&7hh-P))NmLPEo02|^9B9=eNryiY!<
zt^sk6x7IbFVic?kI=fcdL?9b_L&?XX17`kZ2iKE&kM}jEcpe7>29I|~K=VA_uh5pG
z4+b|s7VYuQKNImhNC-WTD=|>TcJw?ho#LJcmV%zgL6LbJvRw?S9`6fzde5UFLyy-J
zFnYWl&lo-4y}?1F4Ib~F#%gbWhu&K1a*ucT>n1hp4XEDLs7?aaSKQ;BcgjrAImwL8
zzm2k)m<D-^$fm|oxvp2Pqw^L@PDQ-kE5V4jn}?Y-YzsJvswXntm4mA!RGQ!_2wu!n
zCQ?SFzvGm_+wFMDY)D?T!?og_gyPi3{{xM0TgM=g;ge=u)k+fCDe!{gDYFa>a+jAi
z<GbJb!?omhr5jvc>9iRm(wI#({j}op4mzp3n|YGEy!bMne|(a=yq8W!MA-}N^FaGX
zf+#=FUEZ~mG?$k~1kbJtUPH+cq`o#!6TI~my6u^sQPDx_roo8d%{_&JS7?sp=uSVu
z1#f*t)b`BpPpU!cmXq{?SM(nYQcs^}3{tN?tqI;G<@_h!6xC-OWE04SOtewZ>sPqT
zn{ond`87A&>jkO0-K$7ddoRn3!<j@~F_N)WN49r45fQAFr%<pgYS4lPmZ0-%6t9hn
zd;2zbjHT5|h;5@1V&l22!D*9fmAj3<M+9q8Bee_9K^L|O2Elsacg^j+M0;6;Q(T6!
z!0lx`0L9(j`%h|a?>$f=g%V$a66c`XyTRc0-ukYI7`9r#dv)Nw0r1{u@ZNm_`n>gR
z#WoYT*C)p=;;$SMndMm&(B0_hqD3lx^8caj-Q%Jxz6aph2UbyAcfG9A#Y9~bGmApL
zqNuR~I;)GKX?Z~<uUMLBkeD|JNw#SX{i;!RvAcG)v?NHyyXFPVQp-}iXiHdXrD>(l
z`#I;#b3^Rc_w&B*KgvGmGBamp&YUxI<_r!PzqaFMz6P}KI|WO_;c-Zk0Zj+2(_Z;V
z@(FAHv+oq`Y`}g}TeF-Cj%iz+U_q;R0){(kfk{z*Oq}}<Ms<BMs(V<B>ccqIzxs}h
z>M5pPY9Xtw2`Rf9ilguXMz;wvsV{x6*R5~?)-7)1bz!W05XkXQkYhcX{;S~YK=^tV
zzMdshc?o<4NpCm>U)R&uIr`UQI40=pMEIHtUq6Gd@6y*a`09tRJK!t6ULXV++v(q1
zjP3S-Iv7yHyE9hZk5I|jzVmyFnek_%FjfvO*oMY{+S)L-bH6tk+mQg=$4r(17~4G`
zuv!LSY|oGKiOW`F`#;}nroe6A>&A8){bS4TO~&@%OpCES5~`O5)w``bV>Q!EN<8BP
z8rvUFMq?Z8?ESi(-KQ=)d;j-jXKw{N`;P96ICBwqzM<95wx77#&OUcsxyqLO=J?gN
z_wM70d`=?hxcrBLPZ151c6NNS*a{YLBH7t#GLZuOqu*gR?lp%lETS#!7<@GWtZ>fp
zDsy2)cE6f#<{IB~T(iROd>O3pdVcYXB*o&hJ@HsDaWXcdZ#+)sctss1wt9?AY!~h^
z*V^X)?wDf4Thz9{w;v<>`$Qev+N+Pzwsu{c)4^k8@b9X_Zl8Wkx7)SAj8mJ8z>HCr
z82DQEOJk4n;Npuo3odoL!CClUyd=6gGUSP&B-OWltH>nPPjqL@TRI|)v6`-h7jmX(
z&bCZay$r!40URllR38Zqm}p~VFC!#941@h&jlf|4&KDFGiV51T678$sD6EcKtnj;(
zmM7~yRbFtKYgy4lAi$u#+h2-)b*=qhihgx%5N%Agg-@2NYgJz>bajo_zPWZY?nUkn
z?YJLruElfV9ybvqEYtBAeMxCO#zL7BU}icFU^JxT(enx`YmxwM2HhR%_oPkZPX3cG
zFfu|0!QlOiwAkJKg12q)iHp8Kf0tj_*~BpB6X$&S74cwW1^S;&4J3t93wJvgynuDy
z2}7VI$AH--_(k!F;Vxew$yL)jRWL5TfZtr~4_%i|N6>gXzdu*^@WP|cMei~UUYL*D
zZ(q<wh9D+xoCBi5a~X`!jtbR`!dIo{myN?Fg)zpem!cYMa-4=nv$D}TsAdi?P;J?R
zxNwa4275#N0zEJXd*kU#MsI|j#okzYN%n?K>y6$=6;}380%OkB$vWHiT)3;pqvXFU
zFeLxWI2$W_8cPpHx7p#Zhn>*scZG$jo}kO288D!xc(P#Z<nn@TX{H&$#WsI{NAW<K
z>t62=UT}ICS8W)tJ1o*Ge&>NqbYug$C%E_+U*J#ZnfDD0u*@U=Kvq?%IOh-K?(&OI
zQ^iGRVG6lSy|Ai*4E$A`iDtgHF1IQ58+q0$(`}Cfi(}KV1jeeLBWp!<Kl8Ps=QQ(+
zxUu#yCh<-H-fA-1lD<+{s`%Y2_TqVJv|r4`r+->=G0g=|gqmVLWAE{mwD-j3<e=Av
zR$Xw2CmNsg!NbLU=$41d$D><XTOs}ZrNYc7Yp1`&MIfiEU&K{lJm7X&$@2+}QoZ7i
z6uri?6YIQBb$|G!!m2;k08&Y={1Vr%XTE~}{=nvRrTDy~WOF+<O+eO;9*ot@gjV5B
z(pfN?#(k-<odqS}8Ixcd0-J7qBC@A(;eKr_j-eOuV0%e!1Y@B;GjzW@!n-N1hnCHw
zGE{uO<(@!;FBRt9)U5|&n=(<E#T^cV6?Q)lI=(okuw=2*D-MT76xmqyr+9h19v7m>
zbcbo@5z^w61nY`l_&vEiuoh5~1FtMq7!!S5fr4WA1OM$*03W>xJLiV^$APbz-HEI9
zQ^ig`?!QarUV6cnC?0k=l(b7RS2q2K!cqghl5OS47WpI~&zw$N*f)G7Z468OIvhd4
zuLNMA03hB^Y%*<tUwcs~-cL8I=E&RUTKvahnJc4?m96qHIJnz*!M0)E^wE|pS&2jM
z!N&pcX@Du7DxQBjh5`h>8!C5}Qlk9gQJ3?+iiytoDS3YJEf<b&GC)OMgfA<d_wAnO
zoS*E;NQtfZ%{kBh?UxF3wy5C2d{=#NL{i|-63msDvWo}vxgGzk;=%lg2>kO159X&4
z!U-PC&m)8o59SZU;OdmKJea?R{=CS8`K#zp#)J81>oYddIp6Qen&_OLTFe6}5j>cm
zK?S?~fs{yRlVndO{FCc!l2YVsl2YPqlCp{ys?G&H!okx~8#xy`pvYj{FI`l%w^*?8
zlPbn|*bems7ririAY}~~y)$?qWfd2_hw(tlN-lb*@jyxm7ri+Tq!e?}JCO%cin!<<
z&jTrWT=b5SNn?6P%S<u7qhyr8j7XT`88vpiM2N#Bh&_MASD-d@F6^r?)>}Ne@if+A
zzX}4MG6rVMVw9+;^o!n+sypH^sq+l&6ksrhyU-GIgtBdQ8KWPU;+z4xszVBCganzP
zGE*aZg^1MA8WFc^L@P9+){-boBYKF4KGlgLA~d3j8c~>{CHa&@-H2$JPL!rs?@o>A
zM|{*QB~PQV6V3fPO`cx6%U?*Ey+l)_(Hx)!p|ef{BZ_EtYc%f@O|eGvJkeYlrO~X>
zX_jd;%Za8$qnS)J+jW{%I?eqW&1|AssnNs{&0?MAY<-QUvqqCaG^;ck8_|r?X)<)0
zOP@=c6rx$9(d@IKwQ>EA3XA<rH#RaTm^YYG!DasM(EOn`bVFL%7%O|fCu7y==$XBt
z^~fmzOawp@0v2h2otIU$Y$^b5ML>=Q_#Ob+0BAz~paxI@FdG11{;KXI4RFI1RV{n0
zr#$yj-M4ChH~<6yumb^2G(Z{viUIHr0xoL8dk_Fm17Ilvj%$F&0q_C<W+PyS26zbo
zuK{2z0^ZR8p8()(0Qm4G8O+~YU$C#r>E#LBriptuMpeav$0HB?|EoT@NLk|(hhY86
z@`=5E%K43viz%z5|CX{+x^F2ZGLKbCv5Z7YDU#W#Qu1`iE|*3?Pa9*^g?M17Vklt@
z58C+;3M*@bEp()xQ5bjnclm>kJK@iOAFas^KY;#nocc^*=q5N*x9}jI<NBScpVC8l
zL3al{{A-}Pk5wtG?CYLrF*f}h3{gkyPYUyv2ErH%mE_r2sfwqDsZrogJ^cZ?Q?M{$
z{-^XYqeqU~T0D0TV>9+JHhB+Y8G9JJZx3Sw_b}FX4`X-lVXW&O#_rg|Scg4~wcf+n
zYkL^`d=Fy{_A=IMFJlkyW$cZ;j2+#}m~$UvN&6U^xsS28_A&N;C1a~98GEskvE`MF
zEvjVf@k++#RWkNSC1Vd&GB&Z2vC);*6dKaMo1#5RgbOR)@%}PZoCDX+Cqi8O8X8xO
zDT7+5?#TxfR(4}AFrtHDj8zW|(`*;q0oC3=tpeG(#}CJ6DtKTmZIA9x4wN(02}?4<
z84F#PVPgds)f`t@5^^jKlPL-dE3zBz#9M}%8<$IkM3@Ya*DDo_Ckw2_uR-^yIq+Zq
z$WWIhHpUY=k2(OB#9^<f^opI%rCWGH=UXck=3Kg&Cv*-SfWIml?P~OCP9wA=PgN;Q
zR26<U%T<<x)maMFc}QU_yD>$;0`FCeZOoq#xB7s>vg3SWf9Q|LY)qVmX56T{Z~cti
z99P*2Wbrhx=mbX9A*6nEF(p;Y;0cb2z~ZjZdNch`2Q>Opq<;qJYiw81XND>Y=>gxe
zJ&5=$Aa1c)>)HdcvprcnA?{+8!ki0apzEIdWL)=>3Wc#ybHC(u4tYHfydD8w^^sT2
zcrM%}I>{~|`L@3#X?!=3ya*&oL;{X%&7EAhC+H+qK=Q6e(g{gk0umS1I83W?_hK79
zq6LQG&Vni%4S>+W1(I|GlD-P0Uoa>wIZ$3@qldSOkmhrZ=0%NWKGM7aG%sm1pW7&6
z5bwdM^|=s7OvBf|50pju5s6fyBb_iIbs(e@sCt|3*N+JuWglXJZ-p^d6U&7NnTUSf
zi$ozL`evU_)V^#R61`0uA8-AEYG&_Ag@wA#kqV~fb}qzO6SLQd*;#z_b!Tz__pEmo
z{0+=eA*F*R)wjDa@soG7$)8Oe3e!Da42q0Z#hHSiY|aHG^1jC~&<Gh|`r*Zyn1Vm+
zWl!e9y%=91b+mmLeWE<@iB8>PT$}fcxHA_Nw(%2mxeg>UR{fKWF-mwib%-V5;i)|e
zzAtUyf03w%O8BBw_x63{!2#E20ILkKmM6+Jk_(4|)d?AAHNJ=CSxxD5OL)@i=|*@`
zp6Sl&Gkt4^Cr#RKoYfrNi~A0r<M|(jCslna!;|uA-C6ChR|`*?I>eHPc?O0jMNhYe
zC$atVtcFucmHnaHxgMSbEq>#?!Zwy;i(i2jzf2x#(WmI>ipqZ(o|O0LHGOwZzWW}`
zND)$p)ERP=_$h@PjrNPU=0=s)CtkhN=>}BvaAUs*4|fN6xVf`z7y^gxV5UqSmjPpQ
z7<!4kU|al{QCm%H_U~4hPh24<e>bY;^4$un*~o=`#uP0l6%gV5u^~MFbci0<|GKXc
zUqD~J8;rM8DMiOuzQDsFUtsnLJ@Z>q1jQKqjt|1624?T_i%W9ng^NA@z^n3{>Q#Au
zH6G@~cnS){EHWJa$<+?F%)2!&!tf5f?Ww|=geX3sGK{f}?Y)duKiD3h%k~Zq(~rZ9
z^bsqvWcr9Vr&&V#S4`700<ED3uQ-n4gUR}~#C+BL+8#yE2z33YID(s=GDdLYT?%Fd
zT0_b7<nYbh4H)+K2jTrHBYlJ`3j_JvOfv=Yw^iNVJ$iKA-!y!urC=TW!aj8n<yml+
zS3z^{gyzoi$Xgq@4eb7DCzh5pD2#bG;ChvC##xBUM<hjXvB#%5KUeL7_5D;a<oOvC
z&=(50(Ss}7xiqN%K3H?=GZyNeVq@ZBVZ|(o>H}0T5B(jdY8P`y?^IZ!N>|pou)mk4
zMKBDz_I=|myK7e>4LC1vhn1M3S7H}b;=^QXB?bd(oV5~P?tn^UH{1lPXLTdm)$shA
zs&qA1<#XUa1Nb+hs(d?8t4ak_<yNT5S*!}8W&`S*4J}m}09Cn=GnWhdD+B*U1wPtU
zy8^R;>l1CU0vUP*N}&R)ldKh(3#c8f71*~OD&Q5DaXZ(Ua*+%B_5Y?Ox9y^V?<_wA
zyq^c&VNi_(`=y-<KGxyy7%k6iCT&+(O5qRL^-}`xfu)(!?LD$h{hl<hGx@SO9J+3~
z4Kz{p)+qDjy!RnFIp3LNnVc_7GA3uHX>$I@Yo44DyNt;>X9rHsobQauIenX)oSEjy
zxo100m*xX%P0l@2adLVlStsYKJ8MtQ&%D~?tV-1;=TVSR4an$t6v+P$IX4Gv!@}MG
z#Dp_BO;IADl}kYue^;+>ZI(s%DN+`jr&wh1!4yLlSvEr!w<elp@%Iix7FpX-7L&g<
zWHDi@ltq@!B#TW{y@=FWvUu-7ltug$t1L=()Rx7LL`@dk{F*Gj0a-Na%~<up)@E7s
z-in2-@Q0CxDvdB}DBJ=GU{dC*#^TEDrde?u*tY@p*{yLiJ7jxQ*9i!02f#M<E%RXe
z7F0|NW|1~%;n$|X+4|R<0v*l8o&e6b1Lw;(GnNv&o05)wIKXB^tRYSe;Ji}LQhMJl
z7)Bmy`3Te${F570cfai<O-UCEbi;3EEVbk9a<AXD1-FGK_s7ZxK9R}E{;AG6+e{I3
z-vZxWz}H80_K7c`8f<{gXc!_T0@By5%!U7VGZelrRs0^x$T3y>zuUBGBV`g$uCrU3
zI}AvJ6vGnu#PcfCb{mEL`F>%{Cw|Ar;P%K}tZOvo&8;T!pG0L0Wu3HBuQ$rodmVw<
z0PJL~NM!}}dOp(FqxxyR{tv~*nu|RJoaY1QhwSp?WW^TpG(a2@As-NMuh1xZNQJ_9
zz6z$!ykT6pU-hA}A2$h&{UR{-FX{Gjj<ftnU=##K&)=jO`9<8u{2e<<TTZD^7@;i&
zv`20NKaavzV|Q~I{^OTlRQEj<ngag`Xg&m*-ZxRo5_-yS4;OX^R_mYS(Qb<_kA@pJ
z1DDabYNSN)1p5mW3d<hI6YTCy3d`;Ti_^{>;4rD~P8Ft+SOZnq1;ha~784`<V$}&O
z>F1p53H&L5AHY436y_J_Q^jfX;Z)crg{1~3Mmk$V?UAr6CPYkl#N`YYhT+oGxI$q$
z&3&RzB%pE;j-giSj+z^NBK&vxx6>!~d(|&+d+(MoCN~i%Sx1H?5a_9mH~~X_|HZiZ
zt3s2LbHO(4()_NF$FE-zT~MG{&)Z@)%4@njFo$lM>m|E4g7mOn_6D02=IiE-a2DQ7
zev;~5zR3tn8X%*eGW=o}H34`uP~8VM0FO$)Sc)AU`?L5WRrGfGL~j|Vgkegl-FlnC
zlzgJM9;W0A^mf%ma&g!vK2_bZ8!=4Dxu6mcd@C`GgA04Rjau#cL+ygzC|{sH7xsIg
zaozexI16dCRjTe28;x3j#F*ChWX~|I**9aAY0m;`>vj2r*IHYztnE!$Td%3MURO<I
z?9bJi=&v6}InCQZu~j{|us^ziDwLDTgMFiXfxZ#Gf}O7FwU<@3{0t1h4oQqvKW<~J
z{1^CnBmA5RKhML@T=<y@KYxdxQ{d-t6uo;_3eN4#c=)`e1m<?DWYgUK0|=G^LA36`
zznyGx;M;$qFv2SVJVuPC5#vl^Tnvo2C7BqXLk$cB&?&_D9xLO$<q9LbzJT`zW32o%
z{0vW$gOQ7#3r{Ibi)h%Vx=YFxR=q&SRFW90nXbB@*+`oICNA91f1*&5pr#>ZI>u=9
zQQZ-rDCPjdLFE)zQ-bm7KX74xF<F~PE3dXZJus2lZ~V14W2g|g=y~QOI?T=m#Vr}D
zPHG8y?Y|pLdgU*u-w|loq?VZKH}v~-8xu!xSwP@d090C9A{$G~pkhNjnO?CCEwaL+
zsW4A=P|k;_(0e&}9#Yt(1(diMM5qF@2FbAgw=i36dq+#FZO>?n)%M9~!)nVgS#8<>
zF<WhYHW*f0Svgv5YY!V%+j}2Nt1ZK9wKXV5LuznREvwBt8m+e8qpeokcc0X@+FV^V
ztF3X8X0@?!@TQ@Cty-9^wkJQv!cO*<R$BoxTWu@r_AAenoBBur&I!PItDE{LElcks
z1oi~rXt&w=aDPmyG0i8o6&`gitq@hAj~^zpIj_07171lFV>u(Zu+JE2>40$~!&vnS
z?0~E^P5KwQ=+d8~x_6b6^rv&-=uw8!k2_>Y|ISi{)eHr4UG$4c8i&2LM1ONSivG+9
ztLP_{*B1S<I8F5b^=hKGgAAsE3|?+-7JZXaEbIZV6n%4>#ib9cQ}o$o#%1C1`oOsW
zICFZxd1I-9SzH6@o<!XAilz6tKGtl720-x)P_)3hbdu|0qEshy*W-$KdnxJCY%pzh
zC!&_xf+x;PR)Utg`EHYzY6Lt>f#;THnwEO!ZnJ6AVZFi#?Gr#-(M<Y|Ja}JJXv;L3
zjDe;w8M~A!th_Oxeha8s&CFxrjuCP)UKwE-3(zmxWQ;bslRw^No{S%VY)r<^r8pdJ
z`P>)|Z9kHeG1}}-&RLJ0wEgZ{BjVNJI3jXtjfkNi*B%iCvD%2pzgrs-PH5j{XkT$t
z^N3JC#KMN%Ek}f_{#7GF=BcY=WQ-^^UB77pB{WN6tort*7+d8*XeAH$J&Dc*Yia-H
zsgLB68K=72t=Gm#bD)g{+FzSs?Kl}8i8+n2mcu`!xtqv^-Hsf*G*DLJ%b<>DMi~R;
zd=Jw=X#tD}1LJ3!Xai+IPxC;zvQA-yb}yjKXaY8{HwtXp5_vBQ%h-diBp1ce*EZPt
ztvAWzdYmc1^X4WfkLK%jd2qUV$%TFXhlV_weWc0bCZK%<Xuorr<-w&qeCtRaoD2K;
zbtZWf_e6OF(or6(KprO(O!BxH7;gc_0hcC^>>g%${IXVIgti0F#=10lkhgV5Pi?(D
zacw#D{>UVUDB$%I@M=MiRX@2-mqV`B^vDmjrnd!j)`zj`AD!l==gOuJSW8XM<--2w
zT2s@PVe)#%qLJA2HPG~*x|^Er0miL?@gk?z^jQh!rvLVV!U(M$piROji0wUlgfV~c
z{-|Uz*%hlM3sw9<0*J9+QvhDQIURxBa9|hdB!A*Vg(W(d?KH(F&;EdX%13D@VQ+#a
z;(sXN_&U>icq<e#5eiw`SnediqWEAhlT(g3nSj%`vBh+`{62c+p?wo<ESY@rma1D_
zM_T1NB7Cq9V>LNuPh$s?*<1gc%HFlk<N$X9evd#!>QQB7{-S-M@}Bz6$E}2x+sCjd
z<Gu!q@=J%bDEqvxu<AVytNU~3`?M=!o1mTA-k`d>tkbp^kmqbDI>}*?!KF3Wn8Dq(
z#zb9va8FokS`Kdmj!yx{Zdft5Q?igrKDk)J!Wavs-Hykd&hp!V;8h@qa4?qBkqh_N
z-DIiw3UH`Bp*A7ZHv#pV>*&y(wx2y@$-kzPxq$4K&a#9UAlnUOuU{uicvMG?1k|ma
zWeJE{38=HR5-=!u3!OtJ>10tr_M}$AT|o8=kR@v+MCz!~fO@}H0;2v7sMk{o^*4nx
zhVM(de~8y;Vt}Tz#=Z+KBz+mHKG{gJ|5!(j2UNv^dVODcYEW3Q35L?gcHEb~gt08C
zVlNk3P9eW1EilIuAISE^BnRerqLTwtJW-+K*<=ko(h#hHTh=J7JRbP=1HNM$nXQ4z
zL!>p3HP~Ve+&|c`28NlefiG`0TLW*sZ&(AZ*Pt~Jx!14;n!hWpfnjEA;Gy?$fnMLW
zmNjtf9<&C29Avcy`o3S=8p!FSSpyGu)vSSTs4$>?k2N$~1Lxks!uoZU)<Cp&4k!MW
z)&MMoSI>z-YfK710hrGL=ItBe!gu2uvmx*nEqsr^Yb<;>yr-$lUO@XC&{j97%MeI=
z$1nu`e#fN!pZ*VO|Kg#BA#l2jN&6=P<8okJ+(6U*v*XO#|NPquBeYF`HW|tf&Whr~
zp75VA<`bt$GyKEy-~T<66q10`Y2ehl0ZPIBo_YC~QpkJ9kOK5S(e?q_>o{Z8-$&H7
z{P%m?SpF}(ZIZ&`IF!N@LyYDBRIEt~92j>3#!p0OQpo9Imcp606h>%w0NS_+SpFx2
z6yoCkg{J54nwF*hz$P8o+!R4>+Ul|T4l4pj18{wPvzzwNTd0b6b_rvJs#pBZ#hygx
zvK?F$S6usO>A*XtVg~@{1;F{W`c&*)V|DKkfsX?)(NgRmZ%Xgb3*KR}*zXtHed4fl
zS%pdt{D4`cCDQ7FmS8Yg1_Q4Tfme_EW-SpmKx&D8RxOcW(h^lB2Y&4>W-U?pj-e$k
zy@guh*PVuz_+_=!5>;jgp1*|?cX4bjEs>jwT4Hl8Ez#zk+FD{@2Te<)#%fyP9%$bI
zXkU6gvzFMi8VmEp{*PLs)7z%`F%+2p2+UPG&X4nN)uAOa-ZbXN?{8}JV;IoZ_ksU!
zuS-kZy4uhZhgO^B$8>zj%kjV<Lrd(4G0l$=!1xwm{D57XA4Bgn&yUJg3L~^z0WHa{
zYYF#V|4vJ^f6F9=QNZaw;B+Y*rEuoWI<&-y)rJ(H|A{sOXlDZLhVZ(yglCnZC8}1L
zr10RKD24H9hL)(f!z6{Vz<4<@9v`krVPK3|3cKG>7@<82Xg$MqE#bWLUucQ8Z<?m-
z1Yolh*jxys=~^&a*AfWa4Zy`==IP4cKrQi7%>SY#-db%cHWN6X0nYPfvDb~(wFCms
z0q_P(u?JrNKePmYkhBDaE`J4LngYC{`houwX4VqH{!&XU^;@(=q2JIF++<4x+nTk+
znAL`sIQRx?iM?A5EwSr0sU^7CmT3D1PTU9YsHG*8{-`Ay`K?;wuT{0RM8|fTmgsPY
zrX{9A`+D?~Z`K%E;<eYXuq(G)4yxafJ8q3_W?5Y7CuOl}fJGM13@~I-VbYlSZOpQ`
zXO$s~ov))TDz+H1_~cb7iwd*GZ1Fl)Z_MqrWbsfxltt?SR#}{RqqZzswbf*C<L#O(
zrs0YQvbfb|mc=u#Vqw2_CRwDAEXp%c7BzNywpUE?WR%-*r)3=lG|_oTwuk$LyqYg4
zPZb^$_(V|#s!m7Q>k7;Ez^MNtZxy~}$z0hDc!IsnYYNM0#Kl3?ef#SQt7(9LHhM#!
z2lY43?Z;Tnqg*(K`sq=ZEFXqlGsg1h^gNL5$qLQCT~`oo%V$6{=l8=6^%wTb9s1rl
zL*9EuVKrTi8S~;Riqs&E+sqnd;VTN;xS$_n$c&4g_hO8umYU14{u2csj?2a4ra7Kr
z$zm%?2>Or2qbKsRTrf_QA?orK1)10j<G?~s47TA_<;2(u6stI*;pqadm8SE=%amoZ
zD&p#kyxU%u7kMM<xE=h)%XB+9vH`p5mbG|U-baqO`Udbcr2E8kB;xA3SNFWE$Y+to
zI?suSt807L%XQ=`ZS}IkWUluJx>Ee#0=iNh!I(GQ$ak4|&(M1*$Xrhe)G<mA*{foV
z#i|2>J+}D7S&q5fg}qIuFqVqfTZ`}>73Ouvj;O{vuFoQy9ng?Sy5qXYxZ{c)g_m4?
z;xJx%75hUS+R!D}L};5|yLPgTF1dbM2JZb~{oY9;W+(9nlRez0U2?704t>M=WoKbv
zKZrvDPo7kFr&qNL&@})X$P2F6vL|!lc=Tnw-}=^C%10674?5OwH14<FLmT<)HrBr1
zI(DVP%Kqvn@3;DeWAPr048FBYVcyc5aK=I{(`+oZqIxSe+b>dGP~8kJsxa*8xK|w%
zfnmwF_GipnIy0QHnlU_>8VOS|BUE}D-QCW5MXP!&;^l_RyW8m;^F-{^?r!%&@T_pl
z-R&jOHdfXjA&=tmiX()9hmQP@6&A`KNO!ke;~C%eI6XrzDy*h47d^*-Xw>@7)`|2`
z?UQsFK6Y;?HQ)4NfOqtm(W6Fgz4m*neYtQndkMuneuHtTJ8gp@X4l6k=F|<fFLnR*
zf^x0*NWU(nTis{d{on7ATHZgtm*=0Rv|RS&R+hY1BL8n2V=1v0xcCxJr;G4d#2yzN
z#tJUl<f7$V@CH6*Y;Vy=E?wVvEg{YOz4}{Xr5TFxJmiiWbVWK(b(g%P=x>Q#w-VcL
zN6km6XKXJh_?B2HT|bt2XGXq=tI4Y!YCR7rQZSZzh}RU$+(vbGp)#_=V~<kWnQ=F2
zuS4G7fnJAnZdww~*oMu1#;Sj%t8p8jS6HkXdjZdM?$lm%jIQ%VM~CWO|2)>o)gg@G
z>n%Q!S5=RaEK<sc<X|5gEXaFINsXdH(b09Ll$rcIrIeBN`U2|pvdxl0vCs3gu<Q@5
zYi~2Z+0*%Xg%R0NAZr(f-PHAN*-eL1EZwv-rS5KOeZ9Gx&b?@K(}WkWn?{!z-8AC4
zy1Ho{iR5zoTHW+^FYKn&6l*sHU#!(lpIonXQ(1ehn~I@bOQBu;>GodB=l-W|ay^H2
zn%v&#rX#YODAi3}-4qkbzopJ@+OmSW=`O0*DnBL~c@ks#jye~-Cwt6U_!?SXdsKJv
z3WZfaZSBc9E3}^cshy=K$E{EpaemitghssM!3+8H*aF27{~AgAft&IGxuQQ~)wkIg
z%jwL8dmf?-iH;G!TP^520R1v!B#^=i?T$<)7jCbG7-MuF*N7hj;*&rOdIZaAYC*?{
z+WRc%HGsYtixG!Druf+dT-Yx?2kuz`5a!eitYr#g-SA%?1aCO`P^k5THoSuaJ(U=G
z=@x~Fi>iD0^KzGdlK}Sj`5CK;D^zpFYngsr^bYWo038d^mbfVR#o5r@wl=mY2!LtS
zZ=YkJ-+mr+ELp3_XL^VEY**Pmd!GSyT+<{uu=Z~{vFQGsyn=3|ExBX1!u-MKFz1R-
zjEwe)2V;EVdsrv7UTb~$?O9wOlGhvSL(F<(eTZC(6R-37+Uvv7l54IHKYT#zLshGP
zw?0IH@gtAsZfj}D_f6}9wkZ6Fo#-sY)iCJy#DrQ+HhL%~q<W}_)~}!*YVQ}0hqvOQ
zoBn~q%I2ryy)ZBle(!5zv1;`yg|R|4C)emYQa?c1jVRj!<r7G`0w~Lf@*zd@(pN`e
z`jUo({@eQsD|;Hzp96G(=rkiKA>ba>edTF|Ro|v)SCh!L>6!T~F8kHZFe#V4TbnST
z3{XmS!*AQ2Ahl|!mqn|7*~=8FV)9{kH#5JDyy98IZ*x9_og49?;kSi9t%a(Xeb~_@
z6#pDmORM%uK&?8am-TJruFuxK$TOk2rdG#Aky>r%7mmXiVCtw?qp&g`itK3+*|0t~
zR$Y%q`P<92yFCGVib>PCbjK&U&O1I1)&1OZtnvBQVRY5UC-P3zS{l8!+L?!=LXI|d
z=CmHLoRU_z=OV7{=Brbn-j1d1FB_E#y1;z@XSpJuH7>Z>`mFI^%Yel3d4<Bt#_4V6
zLB|L0DJ(P;Z;r?oYf1IV6x4Ey_MS-zBQQ~Z{x+CDW40RiSIOQgIGyGb7yAWo+u|4Y
z(9L1YFV4m8_T^VpVU7mBC)X#=`O)+b_&wa@KVXiWy8VaT+DUSLY;Kd;0nGlxX7V4D
z_pC{Ba_dNvv!jLdA6x@8{~@=U-b<``S~J2M4IuwPwPjD_!qI&>Dy|3LF!JNf{J>CL
z;$0lu*&o#QAKETeSlNvO4F6%!CLDziybJ!ri!cBWCxQO}rntgI6?jPPkviRz1)YL^
zaKW}TvtBj5UoaHy+<1EVHNB~>&sYPKo$CvXjP#0M<U?NC3tlPW6g}egOKM>Dt`u<v
zpGQXBx32*MOW3*Kx(J4;8@n&n_9Wkg^<={U#;P+LL5m(gg4Z7p`4j9@mnqCE_WQ*N
z+);2Y-QpEH{0a8B|Kg=ze}etDWu{BNK5%HyEtQvko#k%>=g)w1<3@}*7kq(YSaifD
z54=NjTic9%)pr2<YrsB%j}ljge(7Ul;)pyFZnIoF5=O*hfH=nb{N|}8iitm-Q3ujJ
zX`vS8V%`PnYM`Dai&<zcrfiv33?kM5;>B=FG4r9AV6rDIknR~Gujem1fxA0beBxMW
zrq8BjLhQ0ZVdWnHqZ<Y?R^6l_h+#bLo@~UcucDHx^;NfjDIHK#IQd#2xCIF2SxdG<
z$@za_IQeic+(U1~UEx#lMmYJK*PC{Q*8!uufKgCCLF;ydB{KAb#R?<5{{Y^E21eb2
z3n+^*hLHqiO5*^&^W8UsC)nRuBE!CKUQA)%m3-%R3j6M|#I#|)9=MMI?)4i`*f$q>
zC**a2VSwY_a6f<rhJDxfi5&z94vYl7lEK9RR5lZf0l6y`Kh5O~Ucrn|_M4X|ET=h4
zx4;m<zA1!HFKw@B#l=n4^6w@f!742)`t!KL?emKoOThK3#W;efYYv8{g4PA}F$(3b
zgeIBLa}eGB&|-xamRwB6q%PK?4V(-5+GIKU8@=9Qg{6vQkIO3#`9!iu&lb4@1DlgQ
zGP1cPSHl3VCt>#ml0B{(Hx~zSk7#wVjKro{Wq+wyVZLrD5zfNlS|UteFeQoyY+Ts)
zBCu~n&Me%`8fB{CR;D*i*6_ur{$JIwiB`k<RKx6{l$BH1uRJAdaX%MBJh{GL-zXmN
zM(~2oF3{P-pp)Y<h`qYm6;&-Shk;WzP~M#{FGIHieolg)o8f1pG{&lj!Osf#sScDW
zI=FDhN8;qTv#Sx09c*Em99w~)1JFn6@z^)Dv`mg=ixft9odEAF#aJ9~iHwi@$B4)7
zVrIMn2o6C_HtF%$TU%Hd_W;I-_Z8qh%@`{$g`Xwxvj~^2n8ik*b(g2~K<j6c&@3LM
zx?fym$vG7YQc}lEpZEoz;}?(Pd1LTN`8e$mPnKWo@r#|fXdd90fufh{{t+s(8%ocH
zR*tnZwxMVsV>ofSh?`bQ<v0rm*kug=oS?$06YWfYC6@;WM20qAPX_cO#hMQN6u3SP
zT(3h?e6PGv&FMy7j<b9ZAS?!i8hLKDi;Ih)rEVMMzg(}d^1Xoa0-$_`^}&7j!)lrf
z8SDe-8i2lu+hq3pQB;SatW;pOUrmcd%>97*F<^oZDVBe35>9AbUz@cpzeXxd98ukG
zKBcv#3h4I$ePTFcg-3G|WqY)?9Ke1Dgx2P^>_X!;t|PPsTCm}JK&clFeSBNc6qs}n
zfad{t9QSh;ne!Ypd=iY47bwrc`6o?ep95L=AjYa!5t%uo!9js!@F_X)5j}$**K3i&
zd}_Vw7igEv=?*jb2j1JIe-L?x<y@!19lC!|V)zFKL#ykX&vj-mGW>%xPofPKTBYbO
zpZ)Lz`3EH#<|og3J&D%#!sfNkbw28h=Q>Z_Zavp&xkx|Pxk68#r9^1wI!Vp7bDh;7
zmZxC(UQF9AE1v+r@|aib$8*^`wI|P_>wNOep}L=b0;_elnc)Oz8!vQrp*aDSrZ@8w
zLlJJd@nSXdeNV{!F{;@sP_uP5%kqB96WXrI(x#SO6~_|_BeK;%R)O7Uzpt6O-|oCi
z_S@OcmVW!TbKU)R&Tj6vtxp>L)>UA?#k^tk+iiim`t5NNP-W9v{r38u*l&|MTl;Oy
zlePOTSWoLW(UkhF;fAr$!Y^q}`?=_U?6Mz<utq(b*7n<$>c>y;e_b7y8yeWG&W<ZC
zqK><<{0-=VM+Tr$9I=+t?)Iww_D@wcb>jU+S|?VzES<=U6t-c`0LG9H7jZ4uVp;~;
zzq$2gg(Zuv;)_rT-pe?1)uB*C5oNZGYCuU;q8pHN7lZ#l=gDYL$CGOZ7t&!^U1wVB
z7t)!Qt3e%yVb3mv%IyG`5j+oY8J&~y^Z;BF@90rmW&Tbc;1S-Tyx??JO6<=(FwDgR
znP<J?XCBB3aq%k;<eu<~%l<&dkrZ*#AIPergq@eT2!K}d>zT`^(0dfo@=*$UD^PXk
z2QaUAOTUOa^}fP39tmg6yJ;xsyL%c!4?jhjtPfE>RvTlXkDA-`G$$Vb&6h|s254Gi
ze49NX0G`b^&ZS#TXK}ATuCT(R&IP56F|WGtBKkp3QG&9;0mYn?WhAgYifnU$?Jn#D
z$2MmeJ;N4=wgc6aBHa!Ks`dueOrTnAeL(G&#}%zTl&M^G|FuwWeQ1qN{3sA#jIbz=
z>Ov^$G9`cT3q0(@W9adoG?^h}iYF5WN>LqIjNdAhY2N8VU#&yRV4?O#OD#aQ1jN(^
zj4TBCZs!Htvb>|V`i1?|g$k^9Msu!*=6r+ADS_rZG<|hk8_oB1ad&sO65NWr6qn)}
z+>29OgKKejDN@|ENT9eDcXuf6Z~A@S-yfOmOm_E^**$ya-kp2TC_hS*+f@lCC?H86
z`%-!?NxX8C>YN3r07>GhD$@crp)DyJJsn8Hu9<6pYH=n&k(E@uP%qcRHPZ;hX!gh>
zpxEqRQ&_G;GwWKHkDQQ~UFW4K9f+dHX{MIyP6Qwyy$q?@q1fATI|e-#RqLA=;_Kxt
zSD?l=+31@Pq1&gX&hPhjAg_EQC3#2Z?$-9>FLjcgdDVr&U;T{*enINtN8wwPt1vjd
zp9TdA?2_EKS}cmdN@w>{kK{*${5=xRH3_f?>Z>1u%<-YYA&+(w_=$Pl@>vF1fZe#$
z?cwRyj%~C96^@W=GiN8*wsBz`n9)%>6!F|w879i2MoT%Khs=sGInJpcoQfNGT#lkV
zf!O38{2{GNDJDJYVsAio+I;8f9e~pp&$-o29AVbs9un8Op-S>nORIZu@!q#hi>n7@
z@(`xXQ|HG4quTN!-)+u}LKI&A=%zOm+gB<*PYgU_{FfN$wP4XzJeCLjFZX=$On)2U
zB!B1kEQ^#LdNo#DJm_ndu-n4_7F+<c=N6;w?2!TbzX1{a2HDmuxWekZGcv*;E5d@=
zm6>{ht0&TCgr1XW{pr}_zk!{&(vI(?z-r(N51N@Q!U=nBdp<-F#~Jh+_@XGe{2Nra
z^-Uj0($nuDgKk+xyrU4qvHFQZA!klCZmSFUZi=eHR*Txhx1qiWzNm}1Qw`MsXJ5fS
zU-^P8;t!DSe6Dd*g}+A&KN04B|C)h_gG%25m1HYT(r>4{Nes!AQ(@^$z&RsuUPE17
zf%1g0v_jk2X3P5&f5BW5bxpsw!GZB)VnRDLG;^AH<N}W|g)b}7-6uxuN7L4N1aP!D
zEpN++&YJk$ljWjzq={i;^xE&eP2suj3%UwrnSiUAwf~e=#(ofNl}_puB(wv5y8ffl
zy(h+`PR$NAV8JS%pLi^OmYZUnt%S$G#Ls~K-OmVhUmIga5@`aCZ`SIT(h}wwnY3Ep
zkkCQf4U5n%yOK`+kUP&F%lAVI1Hr3d=jQiqKupv0>OPXb%kkr2YkB6=k8RN(rlwLA
z5AiD12O9mtrNr;-7^Mf3>|RAz?jobRYaH<sP!NB}Zii#rO{YsyhdEK!I8BB0FGPOM
z8T+8cRUB!8u~rZx_z{+(!OB#A|9F?V;`oA)ZK0b(Cx(WbfMLFk05>C={9xYG6%u31
zO(8SD!h52Wj{fCQ)sMk@A4^1y=;K#=vvnmDs8@_IkA4%dZJ51KB+QBQ!yAm5{SL;1
z5C6+sHV1DF4?*1LFF^o1xbwWq+RU&{C(ob4+{kV5WT<G*L<o=&;=OA1o3hNhfOr7{
zK(bA_#;;Hs)d?ELD<W64(@f`z=V>9ygYm4glg^6^iJS#3ckRihQ@vH5h2o3zH%ZN|
ztaGxlF+6t7vt1JH9(QL)bhv_)IV|M6!EAxx%8&bu+F2c6$2ls*i55hRep(q+dS=CH
z)^z7rG>VGO5%@B@No#t&*$D792RxKXtlWS)ZnPIAAn`v8?9$7pG$PKtJnTQCq7{Aw
zg?pAnBnbsh*5@V3IN6$bz+s?X6+gmgT#NCUKf!1$^imML_0DNRKI#D`wsoTH5Lu~o
zz2J*RPzCW~x^HDS9f5O)v9`{m7a=@J)*56QGWv{t!ioLv7ZkbNxB?uPZxq95n+ac=
zHpO@W;!bvMMaPCg25~}kt5@$acKtC_RhY?s<(v@YrI9d;Vsco8&%V8hFn2sk2Lk_X
zTyIQR7CTf|QDY8P-I~zYu=TLC0W;$!8^DAX_flWqA<teq-6F4wA0O-f+D_n&uy<n_
zzp<}K?X8zo1)o3#WZk3Xj*+2o2l<l}Fyj`*Odm4KmS>RUww_~hBauqALQ4m>zu1+u
z_Y{3c4wRR!C=0UvrXQx4fe@}08aH1gT(C!5Y0qfMj>#^FSp^?_*o^8M(dT|f*w8r*
zHGBrO6gGVF;jxBy(XqX(jrk@xSWx=75}8>W(~ir;ZyMf*nM)C6_K*76eBJSQZjopl
z4BSr`t*zl>!dmY_G(GTWZ5=|%?n_Xc-Ix3ArS`*ps1&jv{(Wy{$S>uGOx^u8k9U9b
z8uqdmPB39skEvQV0`-Nr|Cr-jcYN*KMj;I*XALX*8bCwPV9;7VzrgLXql?@>OIk<A
zzo=gj6D_$j?M#6eQgF|I^(Llldic9m!0^GZ4Ot*Pa&u^-S9;a8=Fq)D6xQ<P$W}Xf
zFvpu$n?vw|nm{Rm!hWA6O+#(wgPnWB;0HV32CRHsv%fU^uM>(;@-_{zA4(h=R5icq
zSQ460OeRCgb6AQNE&-}!+pANdcsY^LYD=oCpybOas`2vOcD%;l+SlpN*jTrNA(A(p
zB2h(;nBa<`rshTCXiL)qQO??)Hy3;ld#Rxe8<Dd=1G#pnL$eJrLtG{=lKg0O**c5|
z+vA^b@$1+hNwKUu-><zc%B;4`!b_=|FX%uid=lNBFdHd+JM8ZmT=!Z7w?M#wIP0lr
zOX<3;a{R<#Bf8`$3zl);W#o6lS=Oao<D>MCYCis~fmzrJR%#pLJAGJ*(SBC?w)Sa;
z6KXo+I=|&NSUcheTGi<e@LGw<9>i!x#O_DNOA!tQ%FmS>is5pweS+@B!rsGD3H~gy
zorY+Fo}f=<5(f8E+5w%E(Ye)QOHe<70EUC(_^(j$ZSe85o6bk{U{mG+EVV(9pALH0
zVd891^z<i-uluICA{MtyFyH>>*1n!GBP*caq3;B#tx^nszDA%&-6<^RhTiAKKv(ML
zCzBfw<Y)OPx$;HEc1$4tj2}6=`Vw!|u}Fanch!wv{}-3D&W;+ur9d>hy7r4Rvadw?
zb*0f936H_VW0qt6*yBP2j{=fLF(j^pd@1a8QhF6OWRNjo^e0Ki<0CjS!jQ<jIH@xQ
zn%k3@+bnQDhlIsqJ%yz~)N3%VuSmpsu&oMOV_?OV4Ms{iR3NWL_a?&kR-<OKnE+So
zyti*(45+dZfm3j8G02V8zD~>a)V<R8@?`o<pdVUyyik)1BRI*<|A{d=>DcHF5$&Cn
zl@!gz>47;qb}PUltj{)Vf&8t%-ua>Dh7X;`Y`3NzOUD11m!)q?OEQT(dnjG@riDOd
zdWymipBeh;;w$%Q?YQRTi9;@eLtIyo&1W<7z7PQrAERud+DRCirgiNIj8?&k^Nn&g
zRZ9WJR%?$E$^F?2_qm_TDj(Q6k3(|Zd=~!QC%`5|lqU^A#^MPEr@oc3VhTP0AMK6u
zT-CDzx*=d?BL-|(eI+W{9fr}LJqq;qXa}%qX3uDi)s)Si>_$TTFX!L%EaCJ#t?QiT
z3(9<GULzVDYo_93-;@b{H;BC}6k9xq2$4x?9N}n7cukk8<(VW1Bbc*E=|!D!7y?1E
z8UuJWu1m@R5(h05@OfV{ORBA=K6^~8wSu}V!+;rYwGzNRrNlETlMeDF)A}Hq^jkm~
z$Bb`INo^*3-a{CQ&$OFBj_gX~THaySnp>B1JnKC*7i7*&Rmv5xEriQKtKOhAAB}(U
zi4TPZEDrxh*LyEjI7AG0cT0!4hf5gwY<`E9C-=jS-7%{m{lw`}7nIT>mRlXhsbx5i
z4X1(8vF}4p*o54VhJEO3+D?_{AV&BZ1%N5CrtTwh2#Zl%^_^$q6IwrhsYOtBk}z!s
ze3~k!d~ss5*$oB$Z$;>RKFaG~y`4S^N}LSuwQ`o+f8$SVH#blo(0<@Cv-Kq`9pEjI
zrzx&Dq5bF-T%%5*$WzntV&1)Hykxcu8oII}z?0u#ulS;{R(r}lYrljMSk8kj3?~I*
zAslT>Lb<>Fu2||ss6e~mip94<sS8gVqOV#AmrYM--wS%K6vcJ@815kx87a0N7UN6#
zwKU}+OgWf|Y~s%$odD{0PD=i*R60}Ja1C6Kgda&}w&C}7H`w=Sj8&av-vf|#+1e~3
zodu9ezolCxxAsx;qtjxjMc!UPUc6-(w6Ynhj{P9_USOy9_zf)!<?d754L!%9Y62iQ
zcM!m$_j5{*EJQ23^!fE@GoiEP*x9Njb41Z>5+h+dbrIQDCLjC*kJ`ebVlk04eJ2u$
z)~AqTr2Z@4xXsB6CVJzm3WOzTT;gCR*m%l51pzmkg6{GE8q^mY+}(2byD~#n=qFaN
zsR}P<3$=udpIokz!|p0`-$Au$yG9?}!RXyNGX=VnRNn^T+5A>({#~+HVr%J4Fu~2W
z3U^)C-<z;xXw5b5M3Aa9$m6Nj>qL<IO|=~*)hwK%bTf11vD4I@puKg<aM;Guoq$*9
z%c$WevYAy-p1-!6C-BAvl;R1toCve@uz{QtEEEAsefycv;Z*R}1KC@VXTrTTqN7$3
zxaVoYA6<~$rKA=V^Jti<_z?F;G)oRcx%!N`6IRhI;pn>8%~FFqk@(G#H*v;rM*E>U
za!LE}MKX!qg|>2ZSXrKH=`&mIj33;pGK(*CY{}S<Ip^y(C*M~}k5vK`G_#{#bI^QD
zQk9$851ilZ&wPLLs=E7R80HGE{gnDHds}i<lz^K6gN#B!6w#zXx0U#*R?Mz*w$rnK
z*&Glg|3V?{xbGWQ=$7qYwro(U24F%W^VbgDDP5WyzK1jLg8OlUA0@C%IPi4{W_k1&
zbn|vwZ|dvt%h%}L7wf#GM^bjECWRd=q4KI#HmjQQSs6wLDRZF~k|37-V^f(dLqo%@
zW~)T;l2|!-A@FW8;Py{-_#aKd>N}NEpeUKdY^iwZphfFwJ{!W5g>p0%Zq{d3Np-uV
zD>sWs<pwBg@}|@u%G5hY^(xs6&rFUZFeajEtu3$L=&Mfrs9n4Ze3E&VYB7x9CY*;K
zF=DyeH8?L=(p8={@2``FecSs$YiUeLFF}cyFe19g4`7>gm9+_-n9y}q32i{ZpdTj)
zp9l%h3LqoV^0~Yti}-=>gMT^4&4VI)o@H(d-~BBvl)Lg(;cxt)uSQk1f6t5m1Z~a6
zGL77?Xwf5yT2VgMrpB^h`}<Ruz>f#h4Kp`~G;(m2=W=hhur3ofW-d=-e7ci}YwP8x
za6aR)-m7VZN6WIW5+8@Ch!uN7m;1YznCre*{>jTU1*I^2SAvenB1^rsdSPpQvqu21
znRcP-Fth(kdA;L8R=_&o(R~ZinCln#<{D^>jV86Zuu(wq(#@|%{?eS0Px0bdBH8d0
zhlN}!=9f7MyVrAjrHiPnGuA?{*b0=j#?Sr`;~v#tF?>&8UU6Xe=9pYePugSNv&;iF
zxHbD%kz3#VH|o8Ba}uNogPTvmR-O8Gj+=!;9FLx6dF3}1#>3a^Z3e~o*S)KzqiR$2
zSA_3B+rt%ScE9IHDPY7P_}VyFa}XF2z!O=vaL>DbnyL`22(PTr%Z)iR?I)~cwH-)*
z@q=5=SV7$A$ucL+y2;6>$m;YHCeK1uTce249`oL*ajs1$)(RzFx2WWq*q)sEBq*4u
z<FQG7ekP5~d=U*=hfYbyNTCG2L#I4cQ!R<)@l^ERWxx-RCSJg9ug3z+*uI3AO(N)s
z3>?Gh@afh&ty!lvtE`0KuaxOZ_TO>jX>Pc#+CMkuSucuA#thN9ea;0w1BjU&C`NVN
ztw~u6Jad0qJmZEJon0%!RGu|>NwBOOoH~!+J(hrL{lM^eTI(2D{Lq<18&jswF(lC-
ze{~v%JUX=ZYRJBwgLjYDpFt_lb=d&MvMAQjn99fd=E=sZCWpL*K%0*a7*MlIXj6AK
z24>BE+ax1r1wYXME0WV_eLA=L=68gK?vPavvzAvR<74=m!~Kb)*KS{h`nUOWsanFz
zJBkNqV`=XfRhpW^wfK6^3ixPj9WZ!^YDfe{6Y5;=IUIb-4^-N7Bz>g5qI7Lt=Wk78
zz4uMDnPr<cA0$kF3Q;3x7ckl|KfM`w@C2i8+JKe&>)Puy#K9Apm9aUR=6h9CS!K8}
zIcWhEvx|@ZF@2`-g=+mUM^EI_>l}Z(ta~1e8Un!iuOX%J&C+@gq3i8?{npVp>cXQV
zI_#y*U9PW$qu-}jOs)WkhfUu2J`6UfOM>@}?A72{w9JFReI&b#2@dTgLDzG>B|$5&
z&S_33YX7<}fvV1<$uir_rv>0eC)aYVXIMPPl3>q!#NEW?EvnCu=ZNVAY8ZCdlm}K^
zm3L;BhC8I;L8d5Y>Q8SE>;u7BdsoAyEL<MG(lzi!9}fO`j_f@ZnE3cc4NBRNUG{^7
zBh@VLz5dvzr>fyiD1`dab$dRSRrJP|#86Rf`PWxUsSV>(oK)OB)X>D;GX13Bd?T*X
zFgs)+F|m}mFG)ei@t1b#LIeaKt9)^(En&9boJQ-pUTIkc^Pv7%4~!rHd`a~dag>2t
zYJLmV${gsm=xd-}Th#g|wpwDmpZbD%G2f{q>W*-!&2<F3)$r}gT7K>7n$&YBcKmG&
z`zd7MQ~zxXlx@wrtw-2833Xn@p7c9J_EyAseNOgv=GP4oA<|7<*nC5pL@2c^6JThs
zACqcr+h$NYo^5YK$poH!Cf6uE?0ml$k#)65_G1i#@3FzuP#6cy^DNNAz2WyLdD6^h
z3>TKF11`J8r^ZBF9D*$zAHQvvk2;x)I=7f2dtbi|pq!^^C$$oMJ+BPsPBjpz90iJy
z_ciSzm$&sejgIKfjaYtud%8#D*F5A<PShKKaTQvH_`K#En<5lY!r6L-OacKW5|MDg
zGsL#s(kL?jt;-mRgZStI>2}QngUg0Hc{u74d}ofvfe!@A-Gvo<_hx(oGVEHf?MlRI
za0GY^GNG3y8*;gqHp;?1>A0F2c_{k?L|Fb<Xt{zQc1XA^mjtlR*1fT!qEs$bMn`36
zW~((*<h`7(*lOAd<i+<E)397hr_E{29KK`dbNFjYUzCGLzfqKXpJ7f95)K$5s?wJy
zd-UeWzyAZ8_yX)?t%+x5Z^TW2PB6daZAV6IN>&lruO2n<J2uef$%-dw!*0Lw{Kl<+
zY@Dzlt8Im(C__-u{esAm!!-*d&C*f5a@q1cKdD%sxOkK=(}pKv#UQ`-uk#`ane1?f
z=6dW(m_`JD*{yQ+fY*@p>UZe9irxo;u<35$1CXtUtHuWI@dv6|vW%iwdbCQKWovf-
zD!h~pSHkKpLhEEf7@GI4ZPmlaCtj@_tD*{eeDZN3>*=WRwut9*4p2(`(7rp-FCC>H
zpXuU6f|QnF8F3C_2~|@|qGowK%K7#Kp0wh=<uOj6CaJfD!7X`({-pdRl#Up~FmrW)
z7&Bh+b{19P0#xb7Alb#+D2_P$roCfy_EV<9c&u2m-kbh2{VGDy5IxLgJ$oe494!I-
ze%x1^z1{696@%Y4@h4Ux&$wEyFqHe)k>ygssz@fIsskwe4z&TbskLth{pHyr61)xV
zvv{M1u^1OkuwI@1HHE^tjOu@1ws9u0NJ=~efknP%RF8oyhWt7QZPrB{1nKuhf1C(C
z*apE?f8bYR1Cx20dOQ<giJG8dBTY2VE(pT5?`M`b;-~Momp448?hBVUHcBq&ntIqM
z<i%g8TNNzPT7NPdK}D((UdItPxwEl-8rMK!-oM@I!)hn^I_K%LC<iz52HcT(&Hr7_
zyDVZLh$lCXnSmU-FahgwZ9W29zoQ_O9dXbnd`@`$%T0*Hcw3zi#iH<i>k~W0#TG_x
zX>C0YP5PWtf&Uh7tl(PBJ)Dfp12l%r6EueG+7OCz+2Hv(L8n8siop%sQ^!l+M4b4K
z|AY-#;QtdgU~l<_BI6j6n!I8XnYhwRAm=i#?BKL^u>5+|7j^okXB*<l)b#5`(attx
zOhBDv&NoPw_j>f47)hz`I=|%5oTn}Ri%moQ#6RJJeLlhgklBFhDH_N0@Yl;5w<5ki
z&N{wS<(iz0{Ci<!<`aJPeZB<y71ynwZ^U%(YsO)_0sJF6OHu$~(w!i(H?KvcgR+l+
zFQ94rquiK9WY*H&(DA$fNfxBuf4|s+E8A(ajeaGvbk8*QjhZxxyk1+kYHcy15?=e*
z^C=vI;d$UZdqwm9lFED^;~Hg1B*x9XQ$!PJK>_qDT_Qq3Q?<YO-Xm(=!~Pjq;d7x%
zZ3~G>z^2YbmwHaH7Qi&bkjim3%7cVUpQsU{MGtGTct{(}t~8^ij1slOE4}nhyZ`JP
ziHl3VU~vZac(EHzb5O5a0{6>E_+#*Er~9}Yc1wTlN3`gDMV(CiifZLkD9PNN>X^^N
zcy}V+TCrE`H0?T0s@lYL`e3BJl#zHd=EUr#q*rL`=b2F0kC=o&)?da5aLXA7+b(Bx
zrU#3s-tzk-^r-@a9b{@SG@!@aR5I`0W+^%6Ic=?^BPoj6JE?Hl*pi5@XXR|=YQmPn
zzl?lXF;{Usg&VUb{PrzPCG@2)_YRV?daqd=<=Vr4z~F=J7Zk4j80<Cu$ty|T@0U>K
z&}Y1E6E$k3Bc4w=0Yl1b6DR=_-AM$Y_Dc?z8>QS$Ju-)=1eZI7o}r4`UNGx_tLk>l
zHbpo_>G-*2mIZ@&eXNz@j2GFZx8GEy@MfWv7<u2t+q-rDmh`piWqd5J2=#4L*E5Xp
zBDG3+r6S{6@AWk{Ed_R(N#9}q)cPwi-*%`*d`Thdq`5uFRBRY_6iE<*pxVI=@L|lE
zRxAh~FR+>S-0EuKLrBWB(cwjM@}6ei3Meb^_?#nuOd}&6yC0EdYn|?hkssEkP$&hm
zA>JSO07_AUw>(fybnXgOyS%a+a1~OZn^R1rTPzO^(TKrDpN&%IDe*wM&JX42J!JxH
z%~7%-jZL|MZTJ5Mj{=u!%?H(};%R1?%4x0Ak-vo^r+a8ZRp$q`9o>8kxIiStH4Rfh
z$Lt9YZ)aTA&&bidr`7dcsb6)Q``%*GShf@QI};7p`<AmmnZv(MRQGgu+vJe-$aS}`
zzT*^K{!c^L_uE~fN0Jt!91N7}`&M=;H5bYy9Irgj2v0`kvfx<`raIAYgOGp?0qK`B
zyntt^CgYci_J&#O%Gz4$Ax-i){Ob<N9{OFScVEQb@K#2M+As90SH1)Z3VLKGygA1T
zcbjbKw&qA505q+YcD$Zq`>{XHd`}fDct|A(ts^5MGglcC?L*UK3<WoeE;VNcxH;u0
z%_we>XT>{0t^UL+aFO$a-D*o`x7FA^U`t!)RtA(2+d1x!>fZ(xU3n9&iQB)y*T>LZ
zE?K=HpsJFh_AN8aa_<8u>=%kZT=py+bFCk%y>ZF02$z^Q?T!30>wJ!Yn4R|>D(fnn
zFI8F;9n~1WpM9VQ9K*9CYX5RcyC_+{1492(t%Cc-xytim7|siVFUK12p{{2zQ+OuN
zqq@U+>l<szc63>wPX`&Zs6p`8&BE(?SzLNh8&A&NEB=lY1|&X$91+Gw;dNuf#fPS&
zr!RCPsiggaIKKn==U?yP;}18EbWAZVB5Arr&~~cTt7fQSsRnM2=y;SBA!74m?fsjF
zY(pElQ$+|YU61;rIhTl-GdNy%<T|AB2ZgP3{^N8$Vio*aYnnzBk1xrr8o^G$ycvw-
z!v&+O$9JM)k+uy{z|v8zx%PH!vFf3#mUfKykiXlwP+0WD9VzJdvccz}(e?>Aaj-dl
z9P}C8IEn~pem8U1ZKjMpcgm}g0z84&zPm^81M3ZTs7M54u`vSbUoj5aD_F25MDCU&
zcZ>g>ywets(OH6DL|AF_3rKp7QB7$q!tlGJZjTW>LSnL%Gh_xh5FvLHVmG=siZ`y>
zfqpWf(4}Uv6QZ9iMELTh`hcKJ5iEs3akgyrFu?1jn*jh5s(P%et>19y-y2D8*gTGy
zehc<NjZ3X*ZB3rdK#|oGC4JtAOR6?UJb#?&M`rGc<7jrCVFXuL9mgZ=+P-Qe&IU*4
zHn?^E4&=iOpY0{AUa@l0VY38ZhH8o4X|R_S@1)27L8~5+eytr4bW`REOj?_0d^i*?
zU<Ys);}QQXf+X8&Z`~}<?1}!ct*vcTTZ?_3?Ssb68&_Qf%jQQ1R<+ZvdbilC7*|<x
zt5~O$Yc?=zx-RJGj#H?;2}fI6TTGJEU1X;+)n^_du*{Q|KxUNZAiw%l&u7m~mRmBE
z@B4OT9`ses->CA?cu7=R`POF+l2$IsR9aGNUauVKEurL}-U4G%K)-GMA2LcZDUQnH
zVUCl4U&ilQbt`nYxGLIA+WUC%kLFLcD>Gf6O?ZmFNmLrQRav?lSM3+wkJ^g#*JZBV
z)`zGzqf`*FRxUkojmo(mm#aV>e_qaax1nJPMs~jn)pBi;X!xPpp;aD^yp~(y{1Hl-
z8JEZu0VLwutA5xZaNH1>DGdVKf!_GwP+|{|s;L_#=0$X@ZNdOIUEMm?#7-_B%J_n2
zS%#4=oGWzHW6%RgHg9pm;vP%9CkUAL*M5V1w*0+iB>~PLE`0fyV2(rL{8ztBnGSqw
z(Wb4Rm%$3fB?#7`gFo$z72A7i{JW7!jp5^BgLdFI(-pG&?(K%)D}VagPt~)rxO4X|
z|B8yqZaqB8E3J*qlHu3~bi&2U-S5bo>NWZ>ghV-NuFE1{hv4GU=S1_Uu9-dOv-jT|
zJA@pcS;nNyCkcORotX)dC7)6C{P6KiZBbNCUFURqajlhzpxOc4v~NmWt<SW7dz(Y+
zMajg=fY9Y$ZTLLA*69$C<9wu%1V|k^r0p!tm_-5i7<CjC9m{cHXNCS`z!1QXFNI|c
zmr!|+0y{zE<cnyd*RDLja&Nn+n`5uIIq8*t<8-QH-_zWMD=T^*F1yDw0F(hwt&UBd
z=xiN#`_^1)`qWLCTWeLs3NYfnMDIA0Zh}4tvMu6wrJ!`+90V@F?MO0Dy;*Vk$87ca
z)9XHe`z``@1-{Eaw-PO-UmwT>@%Ig;b>=rBhUSu0w=dkmYj7S|3MHcph-ho3c<ylU
zqmRI3hE9cF$-+5>MQXMRc0f|Ncl&a<`Hg$-so7;<!0ADPh=eszJLA3chyygvMzt)q
zwA$MAg?P;@BXZbm3oG{VCnC1PX(H)}A_N3I&<pS)Y9-_!tA-<IKTZcm_dk^6Xt~fX
z2MOlSnwo&(!>Peex3F%Yy%jA(BM+!ow(fyK=+9Gl4d3N@_h++{B0m9~Uc?`RXb<y(
z+)Yw(EYoP262-9H^qvLS2^dDsK4Zc_UX0vTEHr777#lz`WA9_u8yj%<2;z(g_l{IA
z)O2*kHNc%Eo*_vsN2oSJW}hHgpB2xnIInnaIb=gY{$w)@(629cGqRQE#$E8QGKCwk
zHw=mEC^w!9;%uE9bGd{WlS3pbJv%LLdDjP*tPXGat3QPUy5|ojdCM&*^Xlc6ME~02
z95_7Xe%>&i>R~InX#BWDvCuPFaM5=2O7;5u?I~Aw<6^$&`N#*$?_#go&e6!nf4#Il
zYb}<m*5T}N3AW4}T_OkMz-T3qD_wD(YE;|k{A>}yKt3B>c|PRLlnzh5D9SnaX%+lU
z)u53B-`2K)L)3BxOOg@Elv<nQ$GNCaur-_<KnoPK6oW9L=I`R0O9P9W18bGpn}_vj
z6n26$XaW1v0_+4&P#X59N!SUlAXh{Kb7+E$-ut^b%_zN?5vj2&rv{m}FcGAw4|NsE
zvP#u+O(U=xD>v~rrT9k_IErUeqU)v=ukVFvw($f$N^C#!%8!Gf`3ErW+VzT7*I?XL
zY}kr+py6B&d(;uSlP;sZiG+z56EwEB1TNzlDBo(0WES9&cfWkDfO!}0i$AxxanBc1
zF0gdpgy>O6mrh{d4*$6Io2<M-pik$vW_dr$yBQsG$n;-YKY?tm4Y|K^b~8-4E?2i~
ztZ3xD-@GFFU6ce|NNg}|RKDWBJ}cei#66$J-d=1$Hr`JOysbA>?t3pd$p-4k-y8gO
zS6=gOq9Ic6(JO_<f9}gAdm7Ii57WE?Y6aX!PS$D<#N@-2mn=qzABCv$TWKF6kc8rU
z85B2h=r19{7>XvY^rKSHc|1YmM9eFgpZbb5s1*gIkM2|i_Vk`Y;RoiQr0fc$^RjE_
z3sfYU1#W)p>XSXuZoi}W)faY@s?`3wRK+Om#=<=lZiA2MOKXRXVnL+G_j5r#k(WCi
zBwd7%OO<a(_Mn30FXdUJ4+H07`|{_^_Jt!fU|?<%a<oPBpP&GQtr|{uU&wVUdH)ks
z^LDWO6#5hpH^h^SuyJQjrZzvbZ4H(f7hsI>6xcd#ok$`WPjA>^$gQ#lf6pN!_{Mn{
z&me4bGo-FU{d$$n5cc+M9!EN$^UQgg;zTIs?P0*R8RpN;tGgb0I!?=GsudG`Sc_+N
zX>H_$jdNCmYL=3shjKK`yKkXu<}=CD1_w|ee?lI{gt=2&{;{U3pOMXf>P<Lzr*!u!
zpDzSKUF&bYFf)#5^|ts|dW_=JZSm*5tA`&^2wl2D2`;G!XA1P2Wzj;1<9iT!Eb>NA
zIwLiqbd}E>8rWV_BG$zIdqU~PQpQ}6%6H`7+rNChv#Jv~cbD;MIbcBP?hNTF8Og{B
zNFK;AR!q4(>_bTq=`GQfBo1e*dWPsF4_Y6~#fORHLK(vGOm!h=D|w`bGdZt6yc|pX
zqE_PrIZSw$J}4$+&e(q<BLy`iE^irDqz+yR?6)Uy30~}x<)&FBqB2^!=*YW05Q^s-
zA^UJ{9_WaT#7fbks^zveU@i~a3tq<I<G;MfLsumRVr+_b<LtCJ($0MB`xH!wlQVnz
z&6qVkKKb{AO-?{*_c>{JJwQl&`<pZ14LPw~E3urK{kirvWg5|StLB9VHkvA(3kG-v
z%S^Y(9?X*!Q;Qm$Sd4Ows1;e1UmIc4f!G{n0{3N|I9L-aW=3koDo%V6E0~OGQ94*y
zZg2XT_YwEE4q=I^@Q;onBz$T@hQ(#ngy9znRW{1Hzu}mCu}+hmU=I@`_S0a`iSL0|
z(l{$|5`!{^m^NlHU~ynF8b=`=xSIDg^6`Rp=AQe}ueNxsk>gJ~V*?_MwyDrZrZl|S
z`;@=Wqu=Z2z&c!oRg^J?*gG1<tGeH`-rh9T1HtV<j0VW+QXfN|LnJKlz*F~9k6kSi
z$^E$COdJb%pt*bu0xtG=WA4ZoQoS?LoWe~VSKnxalyAM@kUKn@D{a=_x74@dNWc7x
z{S7~}k8B(3h}VXE>Ot|u0tA~-1&@=0Y8zl(vBvPiYA<9d0oVb1ve<xJlO*dZT5Ld+
z2@!0E6?Pvd624L`bue17v%X?2VQ@9o;@2-}>cN9Jr-%?)WG@E9R5|vr$%4hvADt0S
z*#*~pyNSNhCBA9H<T@5Ny~KTtDTEgF7e<wZ7Yw`i7qolQpt@42-+h=g)G_SDVZZB$
zq&LiV?>qV;zK3(ryQ>oeQIiO1`gTJREwLz7pvjYp>3~n02A>HlX~9{<M`6g&Uq1I*
zedoq4UAPAT4U!21<Y#Qo-b0=d9#>^-$GfxL{J0~ziM5ma2wzh2WVV%Q7FUXq!?5fL
zf4LxON%ynIL;9uvxt6sb3v&B2U{|DTxrqxkVMnPKb#=+Z=n0Hyby$B<a|8}feD;%p
z;7BM~ZNmHcq8}5Cq$O3W7+hUUl_Xtj8jOc?%8k~K9h{P{p7kEbObSPYryOigqFfk<
zv5=xd4Rnf}W-~yKMSaSp>zPbQmfmXbW2TS6j=ZXZj0xS^!x#Frdx=iqOw2u`KE%&4
zd3{ZZzfKXImXN0Al#8c5{8R@qWjY5A9n*?yO0Xy;p~3Pq1|3ElLVb+i3016%LCi?C
zGSDIkfi{l0k(uNEsZVXmw0_L7smR}N<c~o(uqV>OB-D!^gQZP!zxwn<Hs=2+f=e;s
zfQ2OB(!afLohkJeG0wbS<@WYEp>mPJ^kWg4^fFRUBf?X&2f^B!P;bR$WARf*$tbc@
zwg#DVOX9>LIu0-!*>%!DNF_`XaTx0=YSXq8f!fXl51RZn;P~~+{TBxF9^ZfszqiQ-
z<|FU;r<>;=6)hFs?I`u~!<>{p=${2}>e<a76NIC*v|x$ocYnDIH=9yc1y&Jrk``H$
zMXU$LgUzmpka@-a><G}#{gEqA@X~`}fWQ7U%)W)rIh@+hnqz#1q@{~jQkkAj+08@U
zEql}Z^=G)44c&KJ=EN`hO!9n?lIjO?tb$&o+n%JCKuQ@dTv=nGe1jg7JW1l0f<y*@
zHqvOBf~pbyNFJuUR<nBY9rX{1B6;gmyAlkqCd@gMUraz-yXs31g{3B*dON#BL;a$e
z?QhA?Qjh6>s5_dqlFyM#DJltOhr@V2vy)Ky!Mhd;g?2#Is}F+<`_sf_X7g0pQFU8v
zhI0~tYuGVjf6&KU$T=CzZ%%%ho*d*aI7ps{0<h{GxDo}auEkQ3mdtuH;B-mNr4#&6
zb&<@k5;VnlVRb%IDTG$R*RPb)cuMSt#59Z^P)As$MjWVP9S~fr8Bve$MSV(Z;T^6H
zlqs3|*3m?He`||q3)<8NE@Sd&+RGL4CQ3OJvUsbKf5maQLMCaFw&ViL79>&utdK?t
z8q{*xMi!Q&&|~#d#fuEAg%|+F7)70W$rSjhiRBi;+{B?^ew}sf6_C+n6MAmYk}OFS
ztEAge$Lrvq208Jogc8YAbX{Wj6jaEa9Su1pgzxbku3aGngj5mQr%Hz944Obz5^hYe
z9j=WgtO~b(!Yx)Ct~DccYk^a~`Jkc?sre>!vCc4>FCw8@ir)czEhV*}A-xZX;$FsY
zs4vTLNDy0zfL)fMo#K_@ycQ2ZibZm`iAhEhZ^i@=luA3qm}^1Dsu$Fi#1a;LR3*pX
z6AZObBB4o}m!P5MjzbxhO>UOUcaVm5V8*uAhjA3*#s+~SnhRM<i-a_i*)UVR9Pmm?
zhV!Nvx3Mieo&5C8ypY8~>}$wrEsOEvWmK_~w*-QYL|%>}{yv;UpKr?#pCfz#*t&$-
z$w5hazZSmGY7UQ3H8jy=kQrs4C48ZZ4hImOeZ=|?>gL$rKbixF|59~e&=_KwYbK;f
zHs2FN4ymB33_GPgwWX{Ks)EvPYW>?NyFGwc#C#HcNOE+R_-W;1wzPaUqJ1plDb}y~
zlUqjZ<;cz@<=t_QsF{D|aF)c*caK`%h48;O9-B^4wPUtca~Wu{Lclh89sIQX&Z->3
zy<BTqYvvUu`IzCXsqz_~yC#j=UKy`0BmXG<Fka?XLw%qApa$W3E1yK+6<4Q%ap$w&
zD$YU!B1TokxNt*_viqITXUF3ouo*!fu9`l(YErG}W4lyOXc7KQ=AQ5gvQ#_FbnEEO
z7X6yA+R6s}XTx!=@&hRd+8M1;{hC-mx1BYEnDwH<co&jX7S<u_077nc+u2QgJhEZ<
z^e*nxON2WyntfJ7zB+WupH@+Q1Y{c-?&6FH-Bj|166(}PMmDU1^+hAvk-JX~DGc(~
zUyf71qKw)mFEkU_`=bz(6uN)(*!|p5Yi}1`g0OexA*`~T$Z!^BA;8V)HmcjlNwW9Y
zz9*oQD#J3Gul7@4B>eIVG6FE7(j6h3>L(~qZcarQm&8r<V3YFjRLsHQaGPHzpjm9T
z!w=nKJ}kn9gHa&zjdTMFlJ-<4X^HoUQ;$0QmvR&?`Z2*mLJNLLbumRU6;2n=e4&IY
zKq3`QSJ<2;5rG8q6pWowE<rW=#=|_~a8j7Zn~Yf`;EAWgEg22hQ!xis!Pa-DYbQ%+
zMY(sDg&<mqa!(DQgTW;=F!g0WIf9^HTgEdOC(kLrTOlM02{QT`O8mwlE|D-(K;ZbK
zl`mA~vl=8|C%_n`L91dd6}oqY4*okEbb5rjG)q-q)?dy|P8=y=7AiRgHLI3;gqgzX
zq*~&IZkCgS5ld}o)&;|S!<np&7_U!e3UiNvsU2C%Dx=enXh$SrgtCOIXhjWysHLl^
zUj!&{Hu45hSIE3l%#7MRCBZ_hc`zQ*Kv?fP++5g(C$0sj%WuvGWd&zGpP(82#2yF9
zpn%bZG4CP*x5mk(CU^;$DhZS4pwuIpqt@TzBnSvny9*TlzyVfc0fo1x4jykYRrNR9
zW|>^dxH1KEhI1r#u*)2eLnsXqOA%)QWz$0S5SHfF;+MW=6!*$t43N;#5<u$&T7N-`
z^;0&RMiTGB%*HNljspW`mauFZisZ7$24h&s_e9i0N{e*dJh(S4sf$fpSfX*ghGgvT
zfl<i_CGZ1Xxb<07%poxz+>*c8%`3scE2IoG$bTeb-<^}(4;@>IG(VVvU(HD{f)MYi
zY$FtfIr%Ur)k?%&-hbr$N&^?IGQ3Sy8EB8UtW0MfnJ_QL3-!s4>RKEOGZ9t&wU~Oz
zLo0dhR|(mzu9HZgA$4DuT4+b7ncEpstbD;$v+@_75j*L}mcIIeA`TmE0jd%YY=uc>
z?-FvvZO~?vvMEeUl0?==p)v^?N$as=+Dvoak!!)oD{DiB-8p4s;{$bNkW5>x??gE_
zs(2G7DSnEK0MRq$?UXep@qy|Q3+r+kqtPhl<fo`IyAvI~MEv6E>vYeY91b~mnY&P1
z0f_*t!?8dBOudkS#dZa%wr*=h@LCq3cLmjGSQUA__B1N-KM=2h%&$4-yxJ)xA>+>J
z@4DfH|4_VOEwYr5BBlksH1`|QmLj2rw6sw=pxS*3(8|ggv~6e*kE-GNTQZeCr7Ofd
zBIV^_C4S%%1z9h0V!&3-%FMV5HmaoWSL#H%d739U_&yPNxId>(Vv&k+PD*$V!rDTl
z1eiu&+9`cJu$CI4hjR^Mnh7ytr3yF-qebdVB@>unQ9^Bu2tX?IOnwqYa@JKB)aM<j
zdw7Mub_9tcDkdp5@3_<GG|Ltd9xR1^S5maf{}{TBU8O&8$BoKa0v}_k$r>**K~o|X
zYRRqcXD9$wSHzsa%mffzg<S74oC;L^0kK8uZHME4CRIU@!54nmB}n5aY5*ytjQMm*
zf15H|4BSrak(^<W{+m@Yd!~ar(L*gcTAErq(5^iq%)L0;n(-Esku_1ykUFs)bwY@h
zR=vPEQo&yRK{c0kqzrKspv@gGK{HAB(GYaP3A_reEq5bg?}xB7%U#>RHqPFy_ahU5
zR*oTF_e{~v65dfm<<#M{CV)@v{N&?|m3E>?2Qe8HPEhsGY)sWp?<c9yntLigi62nY
zY@o5ABTXXnD7+&a&ZitVMjg2S!TTa)+Iu)VfxiQ2Km@v3LOa5#ml_t4Mfoef9|XXu
zcPwW^ssA(_Mae8y2?zp^*CP)*lE&U3=~A2XB*el`=s~!f$?^NGtbx6we4gQ8s<ud>
zA$4Jwnp8)p9k-7}k-Bv!3n02u&4_uV2QL*(O`(LO-ij|#xZ~*B4+Hi}!b$pHg-GcW
z88MNBnHC?%sd<r*adHh#YROs*y#ajeU&p7Y#;ij=AYujR2nZxTvQ!j1DVV0@o^Z!8
zTfVeQ5U!rHKmZJ~<A&EN_lsd($Sg|@&r;dN2Qk3>kC}Z4x%VZ*R8C+=DHVE%qm_s2
zDJz3fd-Tz@B>zXwMCCP5^+Lm|YoG6y<%;Ld<$feQQbxy!$%Cp8>jA^dMP63_nI2g(
zX6&x*9O?6BCTwSM^JV%~PtR?2Pi`c%kE_F_j)_WZPyH&%R?&a=9RIbBwqaW*Bge8h
z`kmnK0b9DCq;h!FM)m%2volb)>O*xyNA2lc4q&I9q@m)QHLVB1QA0=fgOpb(qw$oX
z`Q$lRE(OBP1$9O`-8x}^k=43W0MQFGlDopcKC1Ct>>;|TaM!cTF~T4<C3MAe&_hFL
zx0#%fc}gc+I6(<wZ&aa+;80bDLLTTE4lQ#D{4fATJ%gI@f9A$r3&(J2f~KSv+R`g^
zmc;)UnytwBqi~`U)%8@$?U<7r-!OFo$FRS|j^agRa%B0Rh;s7jBExu>CnogCbYUs*
zDUkj2C@6-BoAszbrOgks808l(Fmt{?ozPN}M#Z}7xIpwm%1akxx+?cD$Zv%l>>)=;
ztl19kCQtsbQ7!G&b@@$x&gR5s>>yh>QNSlE#Y&}alr-KYkC9?lqj(~BI)$N74kM5(
z07dIwYRCc2u^wxlGAvK%ke711BmvJDgo;drFt9>rK1oj%B4HT<fL^jp6sK~P*gpjw
ze7-z7hwK2ssq3#=3{DL5j0E9`Kag?xpB=qt`i<rPgIPMd;-9fiJRF8D2@e`W$iR+1
zz$vmxNucZNXe@iX!2z;i?U6_?j`|R1lt2@wNbH>DK6L3+x4voVa7#t1dsBJdVYfA;
zy-nflT@}7W8Bx36asJPa=C-`$^yh~a@5ZdcDJ|)WDbu%@Vk97*JStTQrz*z}?(gHC
zVSZY~Ax4wf$!71exJ)yhCyz$RMYJY`&Ws1rlh?Zq&zS9XCPC@Kn|mdAiTR2^I*}rN
zhcwI*4nV2@IGigl1@RO}>b-~mvcvL-r6Oc>@ckaynw=$S`)6Q~OnoDQbk;&#3px8g
zW+qx!Kund;T1IY2CdjE9&Z#q{BWBhrtOM6f`%alim`PNnuUQoe=_j)hq)OL;jkJ-t
z<w4+79lzwtKuQ3tV5p5!6^GcL|5?z{@_fu)i9$ZnO;%s)?oJ)JUm+Mqj>YP_-A_js
zFU164mU?v+>9<TVViTXZ&n}EomSYB2cin>T_+mIy5U-er{ehvas9QClQ@$8ytbbH|
zOSN=aFr4X^zym?=Dc&&lf9P#O8qQ1rQH_S5x|=ZlN5$W#0nC(@VGzequw4!fLPb1c
z`{9aLly(yP1<WVZn=ueD5QU7n(3Lvec5ys;4#mm0BQ(UX%Q#lbWZOw)$KQZ!OKz|t
z8{_4Q{bDFEy`Lx(@38pKzKaaoh$NSxj576cR>l{`;CSH@d-)9%JL3VO|G9*KJj~P-
zzZiV{FqxF8#Rb{-Gba|<TY+>9zgqZP#>Q{^k#iwZ$I}b><hz3qkMQO%2cl9K0!s2=
zoW7|({Z1VNbyn<fZX0O^j@sA2D%^VQUvfm|H_SB<hj2++o7(k16n{a*y-nb!a=oKl
zQfxH!G&WcMcPaXNcSFWtbm`46hG<+R@DX&e%#jGcDNsTlbm;nMRpb9G4iDVhdC0h|
zcoc4fu${4ol`&iN4$Dpvj7_z8i1lOEOtFADUyX@-{VrnbC-GiW;fp?SX_Le9v%GQf
zR5vx~4$mwVVlzX4{IA0E*92lTKSecvs$|P0vVah?&QAz2`^9e9CjZYXTv&KGV}YHQ
zaMDSac_MbGBmW0xQX5=-0`yX2&v%E01`2Swzg%&|R|C<pykAyA=0_0EkQYDOLM#<Z
zm)!h1oH9`&6-k%KoT8{J^*^(Dt=FB$d?{gG(gVwv_kW-k{p}y5q7p!>4jF9LqNkI@
zwP1De&DU5ZsX-8<8GBd&MuEw^<bgk<EN?jPRqE}u?2-s?Z_*!9xnanAP4MQkl1QjV
zNxknUcbsd4B`#?Pr}`7F{qqV_&M{N|+(e(R{SVXkv-ghAGy!)6j}1MLgJUB#|8oo9
z3h~PR&n<i{I>I5Ae!Yd980l=*g0W_5wB>F{Jqh|SGf7Sb&Zslk|2*MnkR7y{N_E+U
z_~L@<@jq~TT`3-67pt<VGeSIg_dZ;~|G9!rcwkMDpA}A;ah0|PnmZNn+Gv-LM8v6_
zAAVqRVi@XLp~`#={fFh#28AQu=;7#5q`9N1Dgx2+v#&x|l`^}wH^XE{Z0l6z;bK?F
z;xTE8Yer^T=U3Dm-h;@ql`7T$(Q?gj%=#f)NPgnMJXevnxlD4}QHqGTfx}O+wG=f3
zAfwh1`ki>4%)<{*tI@qHGP*rX;mJ6ZToTL;H~)tnpwNgP%z(FRpw3rxc7NGyq*%b3
z%h3l#esV(cqED9Rdw#@HLcv%7jDoKpK9?j2$E_Q~6Xj)J(jzTV$M9+<EJ5s|J5y4~
zD-Px1Y?wNDsU3F=sr`SnTgE00F|GfBx{lDHo-#TFGUP^wn;4~tim8!u_4`Ip|04Y=
zFzHM!Pa>T>f<V|%iY)a5Vp0f;y%ZPzAAB(_WQZb2`BZmXgPu?zQi=q7+Nikvj`<u#
zD&aC=Q|WX7ir+F`-HgTz00jgY?Z_!c3dYP?R~QbP3PMKzoBnqtB)Ce1kJ*3wVFnLI
z$Tzvlu)`bHn8IDFhPJYgh4v29w{Q8^<*w*kl&+re1s$LJn$!8uSF^Y{1DZTzzMIV&
zTrhITugyo3wVZB#?}vQNFQzwtt=n+6`ouywVUw0wtL=LBHd{F7K5qcS6Ro}w#GTQs
z;u`xrT3D-UhmU%&$z?W}DGfX(bFMP6B9+DK{5;zj%B~T8L^dA!npj)|kk5Yre*K(X
z_%Oeu+~XZCxP;}Y?^jQA9=H5Oc6IR>QVcj%&^X#kLkbVw3Yzn$?~u0G#~*R6+6_EP
z3ho0AqjTKjHU0~`J~4IytbIqZlW?(IqP$Ofj8Xd)uSp@UYXrLv_J(0fzhq%3P89_-
zwRZX=ze;eRL}j#_^5Q<Sv*2C?ZCf*19!2dG=n!ifzz+UY9s7glBbnI5j$0G99Vwwc
zHj5Wf6!O3uRzxT$=}dro?Jk|Y*iy%+cY7r&cSXgBe-x!6ktmJVBI(SJtKc@MsX7+%
zF;!w3V^H1DnG=_*h|d)TS6CG=i?@@XPJa6dJ<1AMuFgPv?$D_-HnH3kz_g6<eR~<%
z@Twv1W=U&^Kl(3zclQ4Ad${zp0fRrot89VskCS(pr{xQ^*Z4`7SI^HI?p%SP?yq>o
zJ-JJ`do14Fr9Tx~3M{4%_%DK&G}$X>#${jv9B|)PH(2DwnmidJ)Lsgj=G#pd;ySq$
zJ<5LkChsA3(ZhQx^jy!yW$XGeAOZC?)fnvxii0Rt0Qb_8{?wwtW*zk{&&?NwhkN{F
z=lyeW&D8nlE3k8GVn^yr3CH~Hy?bc9|Mf(r-`M9C&9AZR_zwP+BnnleXQKy*4*LQU
z`b9<KE}2uy=8X=S`3_e-GWreaQ{?*5{uM>SN0ioh)iKrrfoz?rm-ELD6{PgOXe@NT
z3*3FO!%|XZUR>&PUGH4oQk&N>#-)(;R<`tqtjxY{ovfa$u`rc4Zo|4fq1Nta`llwe
zK>v-1>kJ|C@@GbBla`oBEByWSh()sRT{NV}3@d0OA)ZPBq2~t-mD27n>3GW4%#%lW
z2?2(@gg+;81Rm^E)oF<WBvf$V^mok|QQe0$eAQ~vmsstryy|`-V3}F%sz1-#j`sCc
zWw}kcM}oBPQx1y#gWzn<{sM9)*F(UK9!%$-K)z{2L*J<Og>pZz1oF)H9w6=?yB?78
zj{Z=`uD%v~Hey(vjKUR|!=3Eaer(|GI~T4b-`dzRyl@zK2UA#v3o1-1_;vW{z0c$7
z){Q29JrYo`F)X@_V@sT_Xy4<LnXvB5K&9#Sig%_Yhu1cAVH?c7{|<NLi4t*XynwkS
z?L8jQ$b}WhKplMf3YirpV9EbftrN0Zw&2f@Gtu(1Ub<1?V0zl(<glfP{`<nKOo2i^
ziH_Z@A#D>E=w~4aw>>^H^gLjt<nb?qx<6S^fE~}@I-~2m=J6)27vie6KTm&Z+-MZE
zXJbFPdycMTI?_ryRvW*1>YXfP%)uXD<nyYQF04+$JA7bKXbjbBJK4Z@eM=QXdkAnu
zf)Dii;Dqua`Q(G+S2NqtZ{`dY-8B0>e-P~saN-%XvEuQ(&#WAjh=Km2mc(0mWf2`|
zT3DWrYl9@bIGz?RGy^D>?*}rA0V1Gt`3n9X^_oZ9EGD-Hq83EMs{l4PmC2&z4V}+T
z;kU~hb`BN7)GZkZZ$3@N-0=|#29Za3Mji2CQMV;CHy^u8xED+FXzKy6-qo^vcC*Xb
zdV5Esk{sj8HE(=m4ub~B3u|7uKW)4Aee^T>QrIw>FXNor^xyOP=Gnt-zlJQ^-7E`c
z+SR1leVtZ3yM3>_OTV7)MsBKX(Ku`JKD*b?%G2#!-tPJH<t<%FY0zJgCnW;1LJcul
z<*ihRh|!$6@A(@FPnI8Z`O?4<D|!nz4@usty^B8Y#*i6n=TZ#(!wnv6w^2=of2}=y
z9u*xi&IAAZ_NJi+bPwx#YXG$9AexEIF=4#1p)s=xmzL~T;Hww?`8(HxdjsOjYa490
zc+F!0K5Tk#v~nhc=gfhM$y=7fwDR0IelxpthZeaSU(-vC+f4jVy55a_Op}u8^2cwA
z+{<T5O8<|is}5`GefuaXDkvb0go?C)#ORa~*nk1jCCw=5k`R#&r5Qb7FuFSggaI;g
zbPJ5`&i(d%|9G!!+qGTioM-pBpU)l7bMDC3r+by$hjw=)JtBga9qUGaSD8qx8IBbL
zPj=S}4l3y-v)!p$Y>8%Fh-D(SX;;HbOL^1IZ-DkOgRcese7^J`H|*<Tt7wu~iDEO7
zQCNA+uUy}K4hibPJawBLBBqyE%LgwNYG;v)A?$I+*KY}FAI?A4@6jLY|47?2p-f_<
z$DAZj^<_ViAMts|NcCA)>Es<LXchP8aTwpy!q0zdBjP@`AA*IhU~l&%29=_WYSR~i
z_r{bA6>$w>K+!^=jIEBm!SaQnjU*sAqsM8}e{NL3i3OQPn$4n!)Ex~^XmNiC94j@k
zI(S*h>BeNY`Qw})Akk$Fso|*e(D?;p6XOJc#!d)VuA3+DPi_T$_r)FiUNAKle}Sxd
zY|)h^H|S>k?0vcb`(EeL%scMmogx3ZYqJ>ASgIFx_qfpfMQRi2;$C$ucQ{yJlGB~?
zC{d+thp;zUinr?QIhvP>(GKcDTt0hc5%#ks>H9wM>Ro>2PxmPaxBSxlVlP9zryE-@
z3|p^W7<oINcKmf4f2p(5p3Ny#7Q&cQtlFRv04qLg(07d}(_e;+X1V2uUCr3sY#H+U
z?d-q4>ZL!HXDRvPARZ|D>uHs_SL|Wxhw&}1F?F1dwjy<7k}CTa%l^i3n*5E4#X<%f
zqs&@aWZ@h`BWno33=$nZUgN~SDg0)R1{2}9pjdGsCb^<rtPw1wuSR-zM%h&CA+b^B
zfp9x@<Z1FD)-f5%Emk&kX#ZALSJV)2^?}a(*Awr5cg|?d4lXyffv;HPpf7f1Qda0_
z1+vHF^hk5p-0AhfyQ)C5IH3?k*=sGUavu1#6>whn!@0yUb^CscB(S!A67{H5D<QbG
zqhh6Fx4VzluZ`S+fsxO$`^>!M9t8jF)&_jGe-1*PbHv(~nUh9#YGKfZGio(|Q=K)V
zJ}_eU|9+SVzj<TpJGcg{<!0}ZA^e`IkVTc%9MAk|?WR}j+DS^ETziMsij=V{>n>in
zC3ZU)<F%q!X;=M1wqS#0RB==1I5U0463Th<U4CS!&ZvN~<rsZVd1WuIY4<02#q%I;
zX(avO$>;Igo2LakQJ=fZA`$=aq1%uyy}^?}TC46d>KF8AL!^K3U-DXGDeReVWE`z{
zE8nN9H+MVxPa2z`1^oBLaPdC`a}mwpUHLiE_P?o%W19uDfXQ$Bn|F)a527a9g-rk8
z_uNJVR%Snm>h*lk1x_fo)i-j2&k$?@ZqDdy4?3sa%no0mUE+=Z=CRb~ZPnf!%C6{7
zY}N{&=yytm>F-h0-kedDcL(WTZPwCV55nH2lbjNnD^2t>zEh4Nq__hTL!LvpPYEJn
z3VA%Yp8r(UN_GNvctvf|lJe!H<%PSBMZ0(VUWbF`+t^WoOW$VxxPr=BDgHzH#qB?=
zqJ*2jW#RhmhK#v+EMK#}(C+fu`Z{h0A5`+J4@-Z!CUzr`hZZ^yom2i0?W%Mzl&P*5
z?lS&byz`K!P30_RQn8@E4Fk#xSUmj4?{PLeaa{RzuYL;K{!8dHAz_H?EOWcHULG6L
zI6d0DJYrYKhEj5f2?c?mE~}rYPDEdjL)fN!B6c-Dmi|N+eRP<!r<IA@Tsbb|rK|1P
zrTritf0b@qGz4!H)G#-g=Dw8REcax)tUJ4!fIWy%?150qyBCQ)VvB%BYbAJaxj1Th
zK8Pq4aWG5RC1r)j#0VAXR=T^SQUAa&ci(fmI$Lp+<n?M+9$@>2pEJJDAi-{|CPoX9
zyj*}Wp6iRF(lT-G@4Pjhv&$=<fq(e1n3)f9GyB<UgUrqHQB7YGhu?|93a0LQ+AmwJ
zU!}z7Y?4B`%S22j=cJ(lGRJRhdY+)l+_2Rf6<sO@UwlIR%t;l4g`WmABt7=V@}*y%
z-o#PM-x|7tZf9VO<Cc~)1n#A&q8AIyyu!!F*%-)Sw7e8|35hirRKq*IPIIT+2xBXr
ztuWJZ2S#bETPRIjs+c9D%alx=mQ&MaXXR`;i%#Nda=8iHn%L!--$t9u`LohZ*q&^5
zMR`$*Z?VyNm%`)*6YXf}Q~XN9Soi!$*vq0Pg?zF7?->kMaoutSUbsi|H1?!_DmD|C
zB(k}YW3(~Y9s?|3Xr1yh?Q$B+f_n&tO`8<hCmXJZDn7Zo2ld1ce-vV{v}Ef)$myWq
zRX!4<d;T0mSm?zg-x|AMroOAQfV#Xy)}t*bS=xo7T<iJ1TeLaJVcot)lP;Unl1>~w
zra&_2{V~7J!8AP|g-v2dYXX}zS?%YA*!&ZSd7!74^1S_(pw;Xf&J5)ReT4&B1MA_#
z$klzWJt^wJT`Kj`wEYO){_}~g-7ARWQ6Dh(_Wh||I@L}+@9Ee_K_{PsfJ6-K@v}Lj
zey!`559Uvg_D9YRZlt)L5_a$P$AaS)RWLF8OEI#Q2FIJ!_37ro+SpuW$KFx94b!5W
zIzjy|0rXFn@g>D)1{1UZH^pc2cHpjgU~NEq$|MO#G&tcS;GCh#pPam4o(pXgxbQrY
zuk7fJRu9F~L<`W^8(am~58i=2NBYJY9g}M9Tb5DD5`y0q@+l%Oqw+^VX&#{hlY2a;
zgX?T1NIIJ>vs<>-5bcN;o9?A%ZtbBt&W$<0KCj&}$&L(-H*>tE`$$WB)ejRE{6Y4d
zATH$j1r*!L^x5f^?Zzt4<>KtDAG%Ecq|wpD*~-=ETjX`5W9l{Yev)m+n21iEk+^!H
zrGGe$LRO*iOfn_&m%}&A=d{W{a@%Uy+|2=#I&M-}iz2@+7&VDA<E`+I;}J|2I;Kq3
ze_tQsGv;lw`$HjlOxaapa9eUmhgg2kIApBs_X%g;K5F$*bpdA~8NtSmSU;lf%tWqw
zQi>A!(^*pD>l%KYNjG$$9OG;M^+)19`L>&y#nillm`htMK4ba%ryG%H>#w<2mpu7S
zCHa<@@J(KL8Tpb<X1<TcAC=|1@3m+0SX}6_I1Os0lE&-KIXSrC+4vX2^3OB}QGy3k
zZsPlN6kgeWoRj{(MN#XGOaj?;OI}(pHRI>)8vve0QE_SATH9Ly-hW@6GBwPTOT)o2
z60rjZq!~wNPrX)d_o{pG`J=R{iAJfL53)9Vi&G%wBFcXIOg>NR)0XHjI$>y(c~R}p
z^iRL1t?#*~8@PJMn9*sJMwZ705$f4(d~@0nDjtz21=@ipWnD9FUx4x~J4c#4fD+W<
zY3##vDEGGg?CbXLi`WeWx=%E2j5t;QgVRp2`H<&o;<-wsvq!-}WyrNIuYAn%KOVM_
z{V^p60^BJk_+r@C`k}G3xpqSE=Z=$n3ZyZ|jVr~yxc1%I2^n;=R6MWD$W-}HB^w-b
z8`~~Fs1t7Acf38dpqa>_4Wg)*hI?Fc(EYZ|_{v)7Kny|7(d43^Sr^^D%Ro^6(~|Q~
zDPwc@yS(tEr_ZETK^iu58&G`O6jF<*iq9r@WitW7*`xw8NY}Jc3YV=+8VSoQ#(Q11
zP4o}zU3cAm66R5gmvAQBIrL<?kC87MS7Jxk*rbj{<n<c4X)Ws+*2Exk37=b2kDQu_
zwjWj1?e!+)-W+UEGYiEm2DGvF6R#uL+=ckZ{R7~nolP{rT1pGST|7U?$@2;}%{{!_
z%_rveK5dQo0$)c8@eKt)FgVk4K-3CjqAFUL-yPBqEr4UGUH}dbh0lM9DaCZahS(nM
zqb3oD05y~%fCYl9|4zPq!M^7;^)?lHwmQ{j<DWpAr3%`$4x-hS>MCt-QV4NB&<t`P
z`I-vl*&{(Gl<|Ve^qC56Q>@`EeC6zbA6c8|oitX>>Z|84t5sTlfU6xXxcYO19Ei0O
z`xJ>?1;~N+#4~7p$WCt1<bK>>9F|=e6-QU8cdmoYh66HHqesO7U6Mjz*GMaH@QP5w
zO6aHs#E}_!=I5G=W)lS<vYtXrZz<~;?1B>UbYEin(diSusH{d7$Xz05VXD|95HvFf
zN7G%)6<GBera}ou>@s@+n$;`S3g~oTa^YrF^*0fJ16r`FMT{!QFVYGja)^+7_VueY
zg7p>Bv=>SK9VQ|Q&@IbKhK5Q4z{h=Al=8x5|6&pYfhg<HaOi7S82Y#SOVsHc633N*
z-qOFU{T0f6Gd?bLKoouP1Aw`9YN3)YbKx}aED$v@4MH?x%rl^%YD=6l$UU3N(uN`$
zH^vmu11WF8V?Pc8l#jE*<xm^bqJU>8P5w2qaN3KD^lL9j5Z!kWBbZ2aU=*R`lu5fr
zMh57@R<Ly*lJ0qpJV=GUb+KO*;8X@RsYb6<WIvj~u1<K6l}HsonTXQk159&101TD9
z2WvKcP<I`9#}Amd0_0=HW8ENw#+;gCsSJEQkF-+|(+AE>kh**&bi-q;8Xfkt6!;ij
zD+(yN?3+jnWri%RP@j+V@F16VUPp8!*ttWF(h96bK9d1rGpliw49y)%vS?~5#Ozx0
z!_ceS=v6I3-0Tq68xLCO65`nzgaD%fI_hJbNV#YUMfK{}T|m@U6dc`9><+<L_M#KU
z$oi&s>r)XTmtZD{_`PswSupk;2tWfKW05U@7hT#)m&d-vQQ^6_f;n^{!qDeYw}@yK
zuvA|fR+rDnfg-DMlXDj-#=vI`?@^A~J+@Ln^r2l*R0IzJ6?N~l6U?(><3I0;NLPsS
zTS77$<kgRtT*v_1$%GKq!S|ZSC>${*B88gOt|34Whs0VKeeE0&6}6>+e!%(>?Z$Mo
zD|{D<T>grr5d|=#G^@{k;-E6s7#pj(M!hqq#=8NKE$A5&2gp88E$kCD2M3$8dbY5C
zf?KhR)a|D;<oD!i@^1y=CMToubeu&u`M&m-CLro2?ID1m8ia1i;wnt#od=>CHbIC>
zk9JkioLefCS~QIHtj?YvF#B8(h7pc0+*G|V7x7o&7!*o}Ys&7QXJkPci9e!$D>Cje
z;S`|ETqybX+Oep6rQQ%h`uAYhC85YSbmuEELota6k($`T@HCcZHlhGEf40JJr+ALH
z7rHbPeijZAlAqw1_1Oo2>g3eIC-2D6_Gu6}<`Mxy&|q^^L5EtYP+un|NP?vmM4W&Y
z%x~Kw2O{p23SKc0PbySO_qm4#&hg*`IN6mkHtLtTdP}m|!3uc>bO(bFxy}iPa{AZe
zAd)zD*uu*P(1|nmJxpK&;80%Yhm#wV?oxwP(~Pn=y7BN{^obEmA$Xt_v&t1jJ4DV8
z7-R<_yg!$#q7Z$2faZ<i{HX#bUQM!_3Q|CMzB2mc?M)vYHndL;#T3sI2#xT==``M?
z>oBDx^DhwMZqt7j8PF(9!M)?N)WXYab{sciS7JP`EFcVTk!PBlU<lud?e8iMnP(-p
zb5{ykM0SFvtx4RP{7#5$t33@ez~nm$^n)=JdKE5|4>wO#MGd&6(h^F{hv&O)zJ<i>
zJIH~~$-|+>!2ujd#(gG;*(gsS?W8eIa8m~T-qCO&O)-uUGTm=8pe-20w4Nml6YGN`
z!uku+IoA?$cNJKeD#ES|%2Y)y&*OM8gqax6wb1=sRp*gqp+C8SE-^5JVd|KJpevIp
z2oV>MCPaH@0^z+*JJ$3FZCLXMh{`KcK+lONz*s27kaSoKSPm6u#~ld$<ckv)^C#z(
z0eN)aJw3oghPcrz0BWE)2HaiUn&C8R{+#pS$5iNcU*&B^4I4mD6rkhx3Wp0mM+x);
zJ3Q0*R2I#6=iF?o7Lm!fTa8v4&{XJ%EeIjfq*4HPf&x+d*_idT0dz}UGbv#4@-4)N
z>~2=%&Q*sDaE(tTjhbY{Arq;*w{ldxMtw4`#H&j&jOZXtSkH%F;FAHG)pW_1y#StH
zIh5dV2myFZh$R0}*{n@jsONurUC6POSt+D8v!rwplz_N&sLZyi^_Dh(6Wf%71T>G)
zf8gi~k1g~Z01SsGs8&Vn&e}+C-^nmRrfkBYlEG4c4u{m<K)AEK?xFK`;tIbJCtiD*
z2Gf0SuG1uH%QPJrh8AGZs$_ug{&hHPO3WP&kn#b(<9Jc_WRwV0&{HL=j=z1~P%CH{
za;lPITKNQid;3lXWe^EMi`VO_kNE|qLIug78pkId8Bo!7V02`r8FJ9T9*!Bzh%WSY
z&XbD{J-|`1PpgU+UuwsLWX`|FiAd}h#&*_z-a_9jv!DN{(0SHEU4KjHS&a9j9Kpep
ze0!(2a;eFv)$uzXs{=lfw2zJK?>>IpjGuEuJQ;q6=abl%2Q+#0aoUu{GFnynHGh0u
z7c}l4(RSW|DIfbYH$MHHwdju`b*-fAd&SHeS1<0UMDAXP%SHS!!eck8Q_1^{{3~$U
zrX14|b<XyPCwB5$#rs&#N^$DX-+fXXE}hn5c$$<kYeSyl$uujuxA}%ce2lHEI8bcQ
zT@AmdnYgxaaF0z!OjmtWuXbq*hvpwY1R#4-5tn9$nh=-8F~qc>D%|QVJq^vQZ(AzV
zt~0t&kN*P<&bS<ql{C{82JK$KfirPm1&0g|s1I?XdBrY$giNxtC?FrD={j=F0^tj&
z!c7SGo>!N8D)b@F_22?1gAl5y3QwFOU+5|=7w9;;KLN$*r1Ekyv^dljhFJj0pa2Lf
zh(f+#KBiYp6p)EK>b?Om=SQJiu8f%=ZJ>n0O|=UtSpHd}94eF@hfbY+WgHDi95*y#
zzFEKQHnogU1?e55?Y$=DPy|vqY+ms1U04JGQJMAOv}(!;P`(UkXx$SWG#}Rczn2N2
zcw@I+Z*B=W8zMymTNmU&{ii`t9V8Tyvp+2avpNyXfG+8#LJc-*%BDgdT0!Ra1z}b<
zpI!irJF)a!wPaz?i%J|FQ=b1>H3F!Q$!p}R3(D@LV&4BVFs?3X;ZT*fdbUpIV6jZ+
zA3#+8>J$SVSw38@K*8Gp2ToDP+sQS)l7LSyN)F8}ARnq90OTiA3-!D+vU?<YfYA;>
zO-QDXN&&{J3U{%ay86!2_5iwMdLj%;6{3tLdUex2qH*m4vvNIpsIGZehqGttIS9`d
zy6-Da8bm!TFWXyfGNCk1X@!mF1~_nJt;E!K|3%L!#_S^fMxA)vAe5i}lT_CFwuJ|F
z9Hy;H@rca~_CjZrAb1Q?mu(e21Vr(fXhLSRw$Q+%KD2#7^_JOUrX?IRTTcrfJ5&yb
zehY3tebI)FVTBAvx8Xr{oRo0J?B$;M9f`=J_=RlhgjhlNJ=A`tL$Lt(*sfHbG-lQn
znfaOzP+-CeVTn$H-@DqIZWDR{sPOo*UG&#NH_^gjS6CkoH^u$`$~!W^LmXEYWB4>(
zy|gqTj{dR*m|8F&0Dlv&e5x2{$=a$&0i0z&3md}@Jl8KGd6*!W*d{zkQad|NRwWu^
zjlQo@x17;-|CUtF5?lv#sbGabEd!S`u*c=CjgznrKAz*=;#<_O5nES=UwkL-GEafm
zE@KbKvhVO}eDZ+(`1}vq8B>(JWm%aW@=_CiF{Q;Fb=!%u`ziG25fvN{n<WdrvD|(c
z{qd5;_ziQ+0r9_!m)y)6XGVVa@@|gZ!^tnG2mFW{wPIwlbl4wx>%0`hLlIkUZL=7A
z+>XH>BM;}CZ(pS*&l`j%OX{eI;a#cMt$o5-GqMKv%~v$qq<RMJN^ywBJAD~YdnyY=
zbch^n58~52mebILD6|%7YNou^9E(tukDcf50)px%UxN7^!{kui!2xfPQl2DW{<oX=
z3u%s_IBY~=Bn6G$AhQoBB08iLH*T48X^ih~i^7vt+H2T4x2g94D=$)$|KixOM>=vB
zCzGdJ|5U>i+7B{F!Mkk^!h5LDn<rire{>>1#!d_*%li}aKHiLRBq71tWJKxGvH_^f
z_c8T73fSMI^YYhGziD`a%46(X+F%|QjXI)sJPqSHj$ii~;~R;&25Yc~d}mT2+j$m(
z_1O0D7Hq&D+=PrZOlCO4Z?Vah*eq&h=J=0&Wh8mO-B^TLrytlb;I*c*#q){C{?y=|
zmg`@Mf5<K$Zl!VbA}ww-{{yR~HVoKbPW=b2CK&JXFHs@yq)F?ICCPGo%p+WX!EUJ6
zy}SmKUmw54Za2o}Q>C6s8F$_xKlNxeUgotocm9dg#yNZ|-E)W8kru}9R;MJlIc$qc
zSZ~!#UZ8(pJ#xG~lpZ_Yr#ig3=17H7#6JMYqR>QWgb42d5G54~$hTTk5e4iM$0Ksq
ziE^fxHmx9VEdiL-F7pdO@{7A!8xn?(=y&uU_s}KYday^5E{(CW_`qvM9#gD&iYmzL
z7)|6eEr;qH;)?i^j-*c}`iam3#_aABM{C3vYV!Y+$01^WX(F6O*Ez7(qY#L45Cvqw
zp@p`*pVav+3sa%IvS}K}<AkDsg&aPBkqjzL6KB>hHJBj&QT&Cr$v4J7Wn*ciOTN0~
zAO4NP1Pq;wMLy!(jazI^ON%|~_w=7Wc3bx}u@z^t%lyg3LmTX7wzU*1Rm;}5U%D=7
z;A6=hBd%!p){tF-X{^y})BBbp!_4tQIe=zh#ll7+`PJCLE%~kIz`f)B6#SqNVzL1N
z``m5i;RA1J`uzz*{;Ww`ueUPr<vsQbde`4T*_%if+UN2ZleecoU!$Y$1`o?O)C?<v
z375>y2sMbm#S%2eQeF4)dade3bZl})A<a=_qZnM#Lz?4ooC0Bl4-BhWG5?^OWo-Q5
zBMz_r=dXG~qAS%?+6*<Vy<c*v(~E8afYnzrZD4SeoDArO0_XPX2;^fjtlc4IWj_(A
zvetCnZDJij6lVP;xY{mI4kW%DkhCH-lU(S1ctn`Za+8h|81W%Lw=GWOD|ouu`)ik#
z0&0|6jFbPM9Ev{_H%~V&EFZ-JQPo2v0N!L3sqSG`q+LJG!ukI&SX}<~dH&<XgwY`%
zu4wS~afREl_&X!@YLNvX=zSYI!0)d+B<aszbo!qqKn~bg<lLSK!hNQUHdMW+cfOG%
z29L4d;iUGU1V=>6U%xqABdd<M0Cl2H*{G~r+yWoDhFjnVSl|%*-ZDgz4?y2r>DNcH
zX&oR6SiJks?a7#Hs;eg|zOoH+KO{+o5+ez57L*@+><rDu%;6RRF(wlU(B``w&1x)P
zDl~1g0x{J*Hh>=Bagswx+`fgBy}BU~zANx01Js-R2igDy9B7|AGn(}D^G;#OyG?&v
zUXhEm(iq2O@*c*y_Tq#$v~jXZH#M1Jb==?Pi(5pxYF?fM7tZr3m~(?YQGbEwK>IHK
zC|NS0RdPYDU#f>tgYubRJfGheO$}Aa{CJmf)6@hcZvu+eiN$hJiuRYw1k<lL>5F#E
zMMkAue|@qs9(%h47fydHeqmhk?c;6OQi_o2%l8Qgx0C!UepwTq%tQR2$@krxnoz;4
z6|;sV7js9SB@0XZwfED&u_UX(U0#hwn?}!I=y@E%d!c+kGPN4`Ez|Ps8BU#^Wy8?}
zUK$0MWf|O*T~zW2jsQ_V3vk-BJXQ{s7>s?3%$kiaq><XVUzmEDfSZ?_v}>=NP`dA-
zj0My;9^r?@RTxC2ge8o{yB&v7HCN<cpI&qnZnGnl=a>H{xaQdI6Pyqax!5H?NusF0
z7`@SqFC(_h)dZpc6g-857@EQ1L(Cw=^jU*y^xBJ5Xu#O($jZe6+_L_}f(hc$gR}R{
zH(XWZYg51W<WPiECU}5-ss9{O?Y&%cPmxDSd=VWbk<s;*&;qMzGTatQ<q*!i2<}}}
z7{K8-ys#dZ%9FY%Rn!(Aj*MC7?N5$06B@XEsi=5_w?#>|)v_=dU<~;LBG{dZV2`p>
zjxHGR!U9y`J&FW0-E}mR8@H3lmte9<6_^$EvZwP+?mX`B-u=Qu$^UkK<{M%u=7Ia|
zk`d=7JfjGNqyPOc4FflK+r~J*<9sQme9OuQdkSvB`hXLl5Wo8es9fA?3F)$3-V9v`
z@O!Y|Zv0l0U#0-V<y!8ox(~1>fFeW$E7$=YitZ3eIyOyLGa`S+cnI9eSdR%3;rkJ7
zD1X88?;>j};v7q0j0ea;{^y06?X485#B_ubYZA5KyF)s09_hF_3#97&KWJ#|U3^Xk
zqFh|;v0tPUpcSg921T6T!O&T%39Kl4Q1b5{AHZ56TqmCAIJIzdg{+)q=p~8YzSjrO
zLr7HsUMmzhR2pGauE01Zx3|YB?=37tGnf<QvV1#v&nLkS8qimT&Bg5#GKF9F?waB5
z_H_$(Ydn_@%ZR(dKR8x6;#d*;FDBHTw-tLuvJh~pkW1&(g1!0~##a*Gc&d{D+HZI4
zxGpyq>37hOBj{zci#RGZKRq|O7V^Q?28=ydzxa80XBW_j-x649`+G_O$L`TWeESU+
zFn`d2+UiBtP89BB95CdGaqhVyZGNUI{M>}`&vp52w9w^U*L68@+G4=GB~EX+?Oo*j
z|G_+=OWcL^k0GWKi3YKN4rRQOXSWs*h3L^NPv%tIdvm}2%<kmQt{t}-=R53$t<3_W
zgqRLnI1wYbF##}4o(ha5{9tJ9!Xe|}&Tf$~8}o<qza_L9q9Awkc2c7SJEKzo-;!#<
zHg)4T@f^nqo~4+?7#w-n7#z(C2n63k02c-Nw-0GOw<it~w_<)dD|w-9!_F-xQ6Ef>
z)uqmhFH=zg@Z1Gh09^JZlOKGA_AC6mPW7x3qZRvU*pM6Wqs5kjXp_;i>30#Z#vM^%
z-TD5~nbhC6cX;zN0>o`0g^g`o%r)lU&SKkm@u1`4!}|CeQEci|ngolj^RTzY0dL#u
zBPM4FY+}!Ujf^IXyVo3JRc#t=rG<=8pmi~eUZS6j`?<0V_j{TB9v^+jf3UiPd96s)
ztH#0!_aLd;VDxB+oNP&W9`NNE;9FU;jMO>aH~6|Vc;yY`5j}8U%Asdp%4fUcc$m9w
z15{CPLRoPP4K1av2sl#$nf?5s<1JNwH2yqTXvzS&ZNAkb+^Cd3TOu{{su(p_)WMA(
zZT}{_4{vMCFqGj{_8}f^1cmf*8o?HSU`*n-M}_@-#+C-Su4>wkpzH)5RnN(_)xH!f
zv1I4os}ay95G9e`k73T9zI`|h!+i50$~I6?k@f^9@*HuL=XSj|e8Q3)@#(&Pn-boS
z@xODpRF(IEl3%3m-R37hcSBj-zxu>;{|YE|uO`ns`|#0leD2%qYeav&cVgo1lZ`85
zmTVWf+Utkvx~*NMclNCK5|zIKWB3F8tHJ}HKO9az5!9a%AATfH&~K5=2u}3%N_>uY
z3ojt5f&F;k7J{SHw{cv6Y?vI+FR$P^u1$^OhLSYF3AyxNC;`+)?xgb9i{bLZel@Se
z$jy|;I<O};A#@{DLQk_RuA&Si7PTK;4f{PfnPd<hc0VT@-uEFH4)uMUy@p-(1w9%b
z(@~Ljip<%4WxUqx_BMEXfq`#Wzj3l2{jGCL%#p(UzE4qbpsGNi|9>Ro4ewt)&Za=&
zNAm~5`=s}?Ik4TuJNL7tJd(c&_GZ|g`Q2wL*=iiGb+E|x$Mb_VKNnz--rrW0KHo&^
z+=VVL+T^M+D@h+C`WL+uh3Z~sGl8W4t_n8Q%Hi0WHCNPWHG^%U+Q&A#XL~LxN;5g$
zZ_+N1ykW%PJsMtA{3soXP@a7j;bKn!8aGUv;~RFNv3W_)Rx;yKJi(G}z4tnM^U-j*
z^5YE~Jj<&<lT*evXDf9n`A1iHpEmz}@*o&)a^xEhn^WN5r;z?U9&LcK<HB!!B%QSh
z$ESaqP3*>$y?_2fx)_HU!9Ynd!~0hxpQdAVl&tRx%XnF`Px*$0_DQ8budQj9*T;R6
zGy+Ovw~FxRzwq3X7)cED7-!NS6CbAi?qk_ttL^TcpF;Z#bGnzm+}nmIzC#EO6wcU`
z#hg=DBia|pS!5fO6v@!8FCR~9y=v~``Z<0VdYSpn-Wg_lbaF1l)ql-pa~I#sNlRq^
zjGNw|HHNExDn)=Rj5c~np<d6@%{6e(ohs*Ahw2;msCd&;e53JCFFMNWmH>GNw0rr7
zJ?<IL?e5!&D_+@ue?_gm(lE}-Wog)~^+tH&$B=|w*?Qy?8(%!XrZhbLMe$)}d>cj@
z8%LEZ_ZQ_yik+)PJ8$q$`=klBr9T4_4W9Ac+kKKPV&s<1i|6A<b^l6L=Uz>YclKxe
zjfl@LhR3zm#EsWJ;<={;PV{&A<ZuLba>N^y+P%g%YGb&T%5cw~47#cpBO9)qf2c0{
ze)&fF@3U-z5M^m0aH7x=htSCH4gI<42U-kVv1L@!pKGHG{79Mb=U=|bz9q`0;JCN@
zI2$SUB)bmtO`Ar#m2VhX*e`BuNiXSzb!4Tn(arQR%)$RL&f!SmbbssKaAJmAcIiEV
zVzPUF@=m#fm~Tn6()$gg0*_k{im1U)y;|8X^4fAW<7I4Qd#Qu9w^(Ext2*AuqPX5z
z5Qv#cmUy~)9{2VWSuDOyd6c7CPP@`4(ekEc$g;iEJYJ@-4R_65<M?}yWd*E;g<IBQ
z^eOQ${q{S_%1v7adOORKfEPgLztbE+>ixyG#P(TY?)E^W;Ik=FUiU9mj#X=q<Pm8!
zKh~OOJ7;Bn-MG)QHqKff%Ame>anZ{T&fj?pHPS<G7RH3w`mcqV91qsZb@Q4fJd))<
z;~vfa#it@3FbcViZGNXbAN0HXmR=@Z;V=g?<D4unQb%@O8A+bM#{t(D6E-KO?2l3N
zA3{a80Bi5|!f+3-?Ha?7-$k}X`NnB;V3b-3j$<-F?`~K{(65&~k>G@MJk8Qsdfum;
zAGKV3@*cGhIX^_>mrULD#ZxlN&&QYeQ+nI64LUcxQ~2D`Dxy@fWJWk^-WnpNPR@M(
z0yUntvRBZ^O}Jc~GoJ#HauM<aX!&V;-SK+RJv4L7$MEhj^^hNMkHUn(nxjo_fqy{j
zYuXL)ndV`wOKAk+<-xrZTnI3!%Dblq&5?&cey4j!$CS?xeQ<3Nq-^Tjw#cC?Py3<m
zE78ZV+cA_G*fiG{k=(3F)(O0Q!{s&OJmjEt=$N$XK~AYp-d+AfPi879sm9lxUQ?0d
zb!6O^H`#SZtmDE@%j-=iOS0pL10r%8@Co#!sUrTllHbV}_+HpUNO=hNjHa0`fo<G_
zmHek&ANNTkTz07I{jbv)VuEhn_&$d4e|FM8C|t=bos+2?0(liW*v^VD1dN6jZ)=d9
z!6^!wZy^S77Dbu461M)-S_Ljb-BGHTPRl=T_xx_(P!DcWsrwBEciDCvWSHy9Orb(%
zT}D&t@Y{-Yuo^;P2r(+LtKm?VipyU$63D^Sn;*>dF7{6+^)?MQI=(nkwb#v?RCFaJ
zo#dEzq1;5Bjfh`NxSth|qb;14(Zx(%=qD}&{JZ$t6|)$%t7P*om4IdO6_Eum_`)j4
z0unQcM2`zwz4BgAZMf=RiXY@un((B=SDIMgt72<3`VwKskx@&6thrZA$n~^90=(e6
z<C=VUxwe!h5VPjx2j%=8vFr4(auVTT!SUBZ>Dq-G2ZET+H|cg}kyVp?1@5bTQh?Gy
z+Ucy`+@ICKh)D~UVCO&IMS0R@Xf*c+%yOJ>u&M6^xYN#)&RXhM>qZUR%U6tK|2ltE
ze0cNcua+Z?c>lwm$uZ)%z^|HKlF}t#^5n<PB+0Dx(=E3Yfwfuoir&4HPsZ*&5HRbu
zEsK^pK{4P0#W?cX5E4DeSqZd6fQiaFY4${rQRb!CGwg;kEY1~p8^pZpN^WL8G1LAV
z7y4w?g`7cu-?EMY%}yU23L@e39kFyjB)B46d`eiQ>Y3(0dEaX@^at=T#Qu|oZcBp2
z1D|W9ZV|o3@jHlrWPT2qv5F}j>3d3BlU`S{RDyXNQ^BSjAvzIXqMcuOEYY`xYXEIl
zr)c)H&DKbLRus`s`sZkc#p$LQ2u`Tqv^Fj1%A~VC+N|J_pHKexQG~?i@Uzk1K+#{!
zSqqzem8`f=^OyuRy~v?$eLi=V6`5EbVY@zu_${xle_l-RGS`l2YX4Js_n{Rq1MsP~
zke6NQv*OQl?SKxE$lL>pAF{K1I_Gc^;|0=b7tVH(Eb}o(ccIu)n*;KtK!}l+DHuKf
z_3JeG^Sxf9RW-;`Q%8JbbsQ(J=?c>>;c@iNO6Mg@bo$})nx$kr7qtcW<;gzdssZ_6
zxgN#ski9rEEo|&L?8o{`HER|%mCQ_WCT|u6bmE}&Vd-9Qg^9!C!bLc4mt3NJj7F7!
z-tQ@5yCQEHhB&BnZ$@R+Si2i_hFie8M-&f>TlGfwV>*$;P)Srh+mldvGUchiX^G}z
zXG@Zb%QW3+8%&9OE{(OL83N|@xHdm^P<m9WfNAPidaNhEyV+RXNimFV>#bTulTpSN
z*z>JZ>_Jk3q59vn7r%T{bXw=*$2LzqOpXj%*z>{LB7Y2q-g@|ivKFjt(zm5+mv}+G
z8X0JdCmuc$NMxoG&~=%8tGQxpFv;AQ{W`?tXkx5x5L%*-u2Y(I)yZBK|KM-3u&i^g
zK)KK<Mll1LPY8t2H%`Fb2Hz?@Yss)5qW_Dfbii=5=6nTyQ)<$5ViWnEs!!o<Q)okW
zdUb<UjeH@VflDZ3ys*`}>#qF#gO{V=SRt#!K!)X6?{WM(^AISLKfron(!X|X$XzjY
z#zk?ypyz_@@xvAdN+`x%HA|FfMiiZ;*D(|h1ff)M38d;&mJiY9eOn#UY(n3EjHZ~B
zs&Tf7(mh^NxPcT!Bi7Lxk`raOF|l<yjj6U<GOM{YOAG0P{*obehsC~tNjtlX-F)7o
zx3T5KrIl>o)VUdz2;Kt#|J0P-MI*4FQs)^0M@ncWsk*`5XMM<95@kzw{QKQ>$Zyil
zkVl-E47d~oofUx)2ef{J565xw^Y*4t9kj|Sa+#j~$Lk28>ca>9LB6iB{9HZd{wTCo
zj{tKv-11`FBJG!CI`xxVh~3pdKqZVVGWsrO<_1y~|4hvT^ZcZk(YB1&Q=h!{HMQ~P
zu%XFqbdSB_fxuc`O;mOgf0Wt>-44~4jD(%;nkkUnnnWbQ51D56_p>kcFUG%%kJ{!W
zHOI8dg};g(xoBg_cs2u~%{gmMnF$ga7l03<@*)Ip@@?<(_(fLe{f@qsQ-r3}2w5k5
zt7crDtLlLj0y+-*J)m~fUofh#qZD05UoU3$J*zgGoZ+I(F9UFTG;V^kZ?y*#pb=C=
zg!>h2?h>hxtkw{X(R_oq%W-01_WUCT;9lU5*tyrLO$e38g^fTVm#rg!=a>4%cU)eg
z$k!RlRU6NpjWuB-qwA>5=CO2>41t-$J7-n8?eibP_toDtTB_=3SBxTrpK^wAwx@YU
zUo@p6p7`Q-&lPz=lWn=(DKaty2EuqmECkJ8tPiBx@a3qAWt6x`JuSTFB)(5J`F@<C
z9{OS8yu*f)vFT}nFe+#Ie)Nt9A^Lf;!nmlwC;k`GZac|6SUS=N@XWkQ$!QdtDaEnG
z?)6|>Q;M0r$-)~2B~39nf^6=ax)|lZXvqS831TWTT5thoRC|TggVkIih3uhQ1$d+~
z##+E3K>Bu+5xRR4>gYC<qC|G>1!u8lNk0hfnYg&L=N92C^(sLz(i*%}SK|eU%$kVT
zCjD^iWtnm8Jt?-<+X#6VaQKHdz@`M`TDry-vY4{@xQ*$t(t7s46xxFx-dcTE5$)H-
z;_v=CxT&~tyk)%q-Pd&oSiN+=d#uIzotJO{*_atERj59{yM3k<`rD5tzH!tC)vm}9
z_&Me<gkh;xDZd=ET=Cqy=|Y#Gp!)g8o1DMY*hP}~X~^=sL9M2XmQQ)>;e&r@dY7Jj
zTMxQe^*&zTwI5}Ob1+ja)E=h#8C2lfTp+j{Z;O9b`VTeSwtKHF#ov$lH0YQ_txjP5
zG715JZZ8&Z_`6=)mTi3+8D9%YL>ERfk`({txdaSy@uNP!95N|nwF64@#Tk-TiF^n(
z71n6eMi7WDl<oQ%JdOS0tGxrg4wM&}2z}A1GZ)4>{T;du{s0qs+WZCFK@!O{m6Y(@
zwoJ9&Ai+Ff*sPEAiq#}@p2CQUA)ACAm5M^Ybg&NUX>xd_a;2ln1NT=@%!(Sy-Eezn
zGyFcsV$12B*BhZM;@i<MS*eGI?@!I0-;ZvHM`~EBOcghla7OD%KbO~98ti%v8c2D~
zZTQWy4{*;tE*fFNsz?<dlTA;s8thb{yI8L$ie;LF(b;u$cbDyYEwrt9$aJrYn;*Kw
z+a`H09KM~##hw)SsS;~eJDiv&B>`I}P!YT54*$61TU#5G%pfe+$5B>C_Qo}-@9v*;
zr#+~fbdn0-w{>heE`Ao(6a=>oF#jrk8FcE@OW&n6dDU)H9dX4(pUcNA=`z$^Bia&<
zFwZFP8%z=*#MLKuavWfqrpb&Y6j0gIg*Wy59*VBYaz0q0@V6I{NSQemkNG(zg*GfR
zB)n~4#ra!()dY;|Qg)*Rc6#c6cX8u)NHt!OdzuHdVux!mD1wu|TDItkEJ^d-RDtQn
zuY8*4BT!w})0TPN3gKSOAo$)$c$XGHvfkP5W=Al0le&qWv9Y@{GQHsV)Ed{EYvoqh
zc4LpuF<=7h6_msv8#-?Vb_wNoN6se9)F~=Zp$#;?`_i+EZHNoFTN~Lyg19`Y@+=B+
zvniQwJkBe%(OFJ|R$CG8D8+xp|9Ltwm5|Q)WWA6=;k+pkF@EC+pB<<ljd8Rbs@$a}
zr~e_NT;|!7m@cM?lZBqDrIEzki<5|<M>P;!Vx7AM7bL|e48dr}KZo4w+50!K2HW+o
zPRHPJk#)M)+ms<zv+j#@841NA#L}9Pv6m969#xc#WQxuYoZQP~)Hnx$Mm!mbT=jYh
z=7;EG?<6NZdeA(m`S@<*QCciw{r=ambbG==^Qu%)7EWBQ-{vp)mHka@4BAA;w_3M@
z+vG^RUHfk%a9v;&UHyeTI^Wx|8=Mk2zQkWYy6_>a{9{OL{o2AHT1hptD5>I~1)=Ym
z8feVreu=5CiuRWYkLyHST=H6u6rlEt-`X1QQ@cvp;!o@6{|MW67f-ErAzO}oMpgWZ
z+g2kIQp&q<IQQ=#9j%<R>4?vhljvwI&*OlQUxNv2S5_L1FYByXL4wyKUo!e|sj%!<
zIT-{3$+z0ZC(TJ>damw69q+8^G>xPzRxV^~<1t6;!@Yt@h!qDQ>Wf`j`@AxfZJ!Hm
zO=iAznOOLBqlIU@P_84dM_bBOrHKT!$RWWxf&mu(&}nR{70#n+<Zj*A-Lpj*@xuGq
z+MKDkps{HY0v<&>3u^D^e^b0M(F`8~eae8<7U&Z0^(enro>d)0LY!b(ERhkgRoDBr
zaA+@@m}x(KMfT<X<I~33gFBNtc|>sv9b@hRHkJ~*g^f+Vi`hGm{zZwaJdg@u^yd6w
zVH&<c$m%#=!1l2DpNI0x;G?rFYmpb<j9j1fQXbzlWR$#$!GJzN?fSSV<+DyAG5|OZ
zcSe*>xQn07;&-2AdUdv7t?rwyr3-5mrObrb;-AgUxryhsTA@z2OU+z=S&nYK3#*<t
z3rDK{%1##4oZUQMO07Q@7mEnTIx8Mdr={(&IkwT@enuCB6+2NfajF&o&QPdJ?o5me
zD?n$9s|OF6wwvpAGMN)dyAc2H)O6nEC$006HeGkW-IhGS9R{@-3s;S^{JIxL5%P7O
zEg-B*VDRY4@t;82BVBTJGIiGGRMC#UxT3w5Ac~!X2WV<PYe5At-49bgC&#p!W%)Ud
zbNv~}%x80@Ssg|NaaoZCIn*b=NO?V99=*}{UfHkz4zBqktIlYQ3vUs&5WfSqAM6E*
zn4+ONwvBru-Do=-g2=sPiIB!IG(DPOv6X#>A*b*|<zESn$*X3);={XLQg~CDIB34E
zvxtp!je5V%?WV+FW)(4ND8xf%=hTdWRt&)2(mBkL2+mo62Zg$Mj|$QVy3J>X%!{^9
z7kg8Ev`baM*bJCI5_>GBDb!T@HArO7YT^0DdoT_+o>&FH+z{GG_0524`9oH}rN{oE
z{3Yd~gLcF05c&3419-DD`SZ@)#$u)2wl_Z9LVc9#-Kis?tIs7iF&oYWSZ#7N|AW(;
zJI--3X$fzwp~ZY3k2h)lA0X#z;XWx~;@bq;ak(UUHHW!Ch>H*Z_@}F4>XyyPnqRB!
z8%v{|1S7RNzfOK~(_hEKAENbLTprQVw7Up@hA*hJ3ygvN-Iy{U5`l=a&#SUj>+u(H
zX}@ckwB+M&{QkZ#I<+XeEwe=T?!j3vRz`ZubRpn6FcV>Bud{~n3ng|ZguHFby{e!6
zZ9~pigxseZ%l;^UEqf+Vl$!nD%}Wh*!y(D2SY9Kyend$^cv8|}vvQL6>~NM_Cs;UB
z)p@T0Xm7<ly4tyht!JosOsreL_^Ur?*)R>$uLl8dc@1C3PskkFE%n|>k(~IFY7{Sj
z&m#y}k||(t<-&<|288_JvAlpQd(tt5fUk#x6f;3<rk1e@N04z|+~{kRdv`SD+EnCC
z#1O`1<Igx)DBM6l&#rb|-&1kOE$RCFxsRM?B9uf`xTLXe&Vs0tDP>C;5(UTzZ1KRK
zgisMx|Fekxp<l8S{p7KPT3_76CM-=cf4dsU)W&N<=;fd}vfCZju3b62+_m-nikc3(
zg2FVUN2>femUbY(MSy*|t^c~yyJD_r7)bnzEMgXGn(Hy`6fUpiPbKStKb!l-^xLwK
zDE;}sx??1(kJr4OxNA{aO+4i-6=hH9S?g<`7tSy5A(UM+^kJSpZ4I;S0!<B^`pTu)
z(w`~h=s8o-AmN%|Xmc*ftSHZzL#8UB|9-=|h<yi~Ey85iJ%k0~4RmkS8<L<%Q%C4s
z>8&(=b%u6==|>G+lc<l^{h@X#!CUBO!A0#ckb!5yzYK{6u*UYdRAFQ58()pVDX*v-
zC6l!V@1{Yst;my|PqVvfSL2n-qGld|EdPfsdVMnlzzhru9?CWu5U9%%?JO!Nt_X78
zc|kas?&nCFwe<i^R~~wf6kd=yw!vCSy7x_g1+AfQ$x<#?ydNWk#sY5d9p;_~(iXbl
zLcUF(jA}!-kcCHUZ<hW4z40qJ{XB!!X+H^ti{9ph*KP7!v8Y);l(K$+rfRV~d4EH_
z+q?UbF!KxfUM|-GKvl9byZ}X(xp<p1z4xShm)`zbi0efR{KsD5sG<BH;U6s-7}5GE
z7+o&wX$P5z-|g0GY&Jje7Cj~9;4MO^r(3z$^EAf5B_QWjJ?^1_`KELs<FYDuF4>@K
z%RBX!Z+MR)G+P)JW>zk40E6WWA358Os8FY4AH<({K{+lsNc1;A=fqbWpxZ;gnZf-P
zP1yDMy>jGEY_l?_@kZ^Tt!;ph`j9}RiNtU82Mw~9p$q|R`N^6*C!rcG&!F2ZMWXfM
z+1w{^f^h7G!wEm3<N~ollxxyHrNcI|n^L~Cc)Jh%Y~kycHv#?@f&ZziLp)VhMC?ad
zuZ0iL_Y0e6#k=jJ*1sl?KRB?eT=}>Mf2jRR8Y`JqfWQ(J7GLH$uxc`%C7EWX{}T7S
zYiSg-O<ux>`&*IomL?6Y!y_Crh~WMmD^hd@;!)+rE`~T?H}c(6!f4b|m9FIb!!w(V
zW?i~F$BcgL2i|suv~PrC`}cxEQ<=Kmd8hxV8|C!T2=5AtHkt&q@~$PXuZv2u9GsdJ
zEh=@0H>UjL)hGK)lJel&B%^x$u`MLXJ0or^>-R;fRDz?waE{!s_v39}Upr6jad&)f
zmyb^3+tjjixf&!a=9y<y7TRA-diQfXQpQj0JFKmgaP2C}>q1W45E^Nu_U!=hBzS1x
z2aSoNiS`a|6Lja?kcUIX$fiwX^O1O?gKnjr>@W;X|2yO2CdVynQ`N&{GDQ}*Zh0e_
z8Ws!LZB};@o2S%IP>}j*y0!Wau8&;}^r}{x?-0;aY{&A{To>jReHy6YUMU@0x5^39
zXkB6P)h(3X@40X7L~otDA&|Owd<xprg7+-Qkya5u6p_LWW^s7a8jWcR+bevix!=8i
zpD{OJ^><4OLhAR(v433g^(iIuy0>PO0Y>tVR&!M#N2(#)M}+Pxt4GljZ(PJDG!kuI
zBv&uju&0j+xddWbI32D~eB+O!77~THE9A=4+OZECu-i{&A{5R8TK%yXr_1J+puK=Q
z@4Wz-`0MkfyYgJ+Hum9tY!hJvw(58hn+4iyFFCw5v2McJVChkDhK-YY3F)7s-=A3)
z`KhvezR^NX-HB=<N6fa&E(VyiWDu}Cn6orPrf1uTYExFk#%%*&5_XwVu`w^ErT%(R
zfyq}=sYGDMH62Z?u2I41e>ON)69%))k5zj{GjzBa(>ZTpj=JfCg@KBX-s!(x5LX)-
zGW!hAKbq@qrj;nIAinFv8B#&Pmmi#g&n)Y+7oQzVQy9YcYZ%amu|wUGz0~hEBqjEt
zWrRY66nNFRHc<nhPYEtCz$ByV;e5vBRm!Mqn|zLmW+pV3N**KUXB#4+fdO3r3`Fmn
z-}rB_m=|9~29p6#tyebPHhOlju}$sYVqs0R$ivim`>H3w&4hCQe9@nNXT!@Tf*(x(
zFlu0`CVB86a^hr!qs>%vI`P%3$TY5~$x2;^O0`m+Sci^LNU31Ur>O^)Wa?oy5A7)O
z>h_xS-*CJoO~I~b^7D(Oy$h-v!d~B8e4W}^sBd)L6Isu!_bsao+&_?+&U=~*>nybC
zdYT1Z=HHdlm5F`|ISME#6yn&5j=0q2{act~sr8kLlQt^iQSO^C3fHIz5ruBHl0ta@
z?zl*p@B@yNj>-^q%V%FFi>0!jjjQPwWz}e59~NUx5qID7n;sTV>J{N$Iv-9uSz?~W
z|K{#%E7a?HnCq(uJ$loZx(BM3mzh;ISF+wEZ0UfVv!$W)66bke(#wC+YHWSdvO>qR
zkBgI8-($3Naz%%8(Y+1^V;d+#rZTrgo~qJjzbncJShg=7`MIJff+UtuPOPeDPWngv
zrusYXG4tDr&B=v-${4R<6%zSJ;4`XLFLKK3EAr&eyt|rTi2?(AKeOMFL|UJ+@BR4~
zBH6uN>7|<W58Lr?OR}3N0+hhU3wc9I$YP=5R8jJ!PV0jhzrMV4IL`?~(Kq?#`VS@(
z_O3dEu)UQ?Wb=1ha;{&VDX$CsR)6>mmXD7bsR*}bwPR-JUOM?>;}@ALB}~OY1iGz}
zRSE@Cby*kYjNy5gu|cnJU#34E^Bkm6XJTScDT9Y#B`0h9c#Fi`BbRr>)9JAVLNIWA
zxqqm($C>@=#CgAcoJvrbTt7Uq;2R2I>6#Sw!OE-7d(yMwl6*m&d_Rob%hS>^2Qpp3
zOk%i#8*Ig{F{ofs=RIL3LD|zv?fEAs+Ezr2WluwVpN0}<5gLtG{dzw+x~Q)(B|xU|
zg?7HZ-^Ajf5rrkez4-#|&ALTbOTlU8VzQqs8tpd;W6w=EC>7v7U6dC43<M@mO^jqL
zDhF5^hA$s_3zVZ~K3ya=%5oYAlHGHu>=ylU4fKj6wz_viwMa-Q01TOMf7XJsNo{>}
zm#o_F0pCFqAr(AVfz+Q@f#6;uxIIKfU=BLtNxoYPKNRy^p!B}f*O@4OmzDh3$CHNV
zlMYGa#|Zbx;|2i<BC|_nziQ#UT`%KhTGy=eF0o^G7p2OF+=CwIDgw&L4_3bK+c?F0
z8Mi5zs5G_T*zTs@@6S6TnQ>4d9tckM;Kr=fy_7v4cprMU_b=e>uEP2xbe}77BmlrK
zwrGO7*t)!P_{F=}@!o{Tl38E^Bd|U|5ULd0qr_vFz`yyMD6))yD#hL8b~O((r0i*e
zAM51;_PApN?(+voj#po5b;)B~MS?q4O!1<X)@}>TeigV_%T3pgA9+7X*BEXlv~uSi
z*fQ)_z7;Nh@wbEpSBehmkUC-eo~r;nLKR0+L}RwgXP3M4tX&Xg`<R_|)yW3QZgg43
z_JxJ@ldWZei8<}>h*nw^cxYHqcF9Wl(s<#hKoAEgS}S!0)?ebnZ__{cki}9w_yY>o
z|AFxnrA85jhUHiMPndB{%hx<*6QH-xk|bRdqDf5i>>vCMsj3L)cnOx834?Shh$q*P
zs<Ak(`aULXOlrfLr@i_!dUgP+tf9`NP@xJgkI3JDGRd_|Y9B;WmRI8TKLCqBbid3D
zfbpgUIvZAJ<d_n#oCZFv%%xNvGy0gOWlp8)n5T|vTE<1yF?)_^TBeAqW6nN;JH4{7
zN-O)X>6U={e5_E%hZ*Sde4Bm5^`XD<=Pqywkz&@yQRsRuob!IlA`b;al+12yl$Ee&
zmdxfg(B$|A5Nnd-8~I;ZS>&mZ*}^$AIerexJCaK)Yng7y+u`eE=A^7N&?5>`jZ_{P
zNZFVVdqg3P_9Dj%?}&oLIw)JQ#}4Np%C)j7(@Yy^p;q?x)gpw2Dr24lA2ThdO6lj_
zqL87KmCkzy94ve6`0P~e4#TV;o(guEtDyUsEz?9Ho}eT+=I2vUqSwXwT~kq<A4zM+
z+&fhi!l%&MF+ZIq3gK#y*-Nelw|S-algx0fOoq`)kNy>p>Nw=7Igi)M&YPi&wrt)U
z$`&@t%De`daquY%=g5qMOS!QT%xyV>;iRekeIQp%74-o5KHj#orlQ-GvRCv)%b};B
z_nm-xwMN<7ezqkT-__&_-MB4e@0d^<=x{Ef!T7FwFV*E!KWp<>Zuxm-+w0wa`xbg*
zJGFNNY6IJyiyZ;hnJK*YjDR{z4A%a2(O>9|?P|Sf)RW1boUX6)ICBUZh(4eMJmqNg
zr?HQ#{cI2GmD&4R+2m>9Ad73^a<-eY_SD>?n#Q{0iLf)k68^(`GWG!5!r4Ish+i_=
z{TF#Eg7E}bxGw+rGX&GOS=rm@sYw-UnpW%B{+TE&K7&3=?TJ85V5>9YqU?;VT&s`2
zL*h5t1c6=WX$-N&4c<c`7MUZlHzhW=QBooek`kFCDUrswMw)*M$0>Hos^cE8Vw6ss
zFA7>&S-pwS69KD^Ou;SQ4a?<)<yt;P6fzLT*%W|%Tq}F`YD0V6W88l_1p~)s_H}Mu
zHKo6|?Ay@z6Vj|ftjb(LB=OHd&VDWZPZ6!b{8?IA_-c$O`IW>%4I%dZITDLBhLpt(
zA$YmDxvu>8Cg<_ObxiJ$fq$AT3ITSLr!lUD3l8ti*!}DXWtZQ4P!u?{28$ShIcB|3
zz?J1I>(M{e+#?8r(&VH{IbQ+Aarr?}NIHfe6a}9k2ua7O2StHzBWW)1vx^2Dgwuaq
zm)?=8IjU*$jopFTql-sMY&W&<s#)}wlM6uu-=fMHZ}FEP@s;2NDw`|{=?C~2jvb$h
zLTxH?u{y^`*$#T+Uuf(80<CP}6m#WnQ7(GsQ&C_SJ@F}5s2xx8KR0rjORC*@??}pC
z=Uu4%t($K)<K>BKTo=_ksCso5agTFJwL6!5ti2+!B(*1$i>~=p6qH3<ow8D}Rnmlv
z17IaH$GdNdLeSd*Q8TZFn4p!tP;c<Ga4BW&0i|JtRyLu&e{k)%Q2#KCi$k1lfYpMB
zC5$Y-0RqX<$<pWinrZG4Bhw)!AvLbRJh1A<O(L1FSW34;WL4_VT2}1D`TS9~#K^(n
zG3+qaMdQ1g0^wT9rGSelYomwvP(s^iEM*H1(9g*onJfy-e+Cy&TKAnr2ed+O<}XLN
z&$JrX$*>`QF;CwR7ja~?Oz_p?zh6DR-+$SK+yKCJ{oihr{&wce{biE=a(Uh@d;wL*
z8Bt%x`+Pi!zfU=h?^^Jy!+WeRf%6Nob~vr}82ItqN%O<7%`G*~MvjtMy({QVgyOsI
zJrfQ`GAFIw7XE=$+Y!FaJP_Kp=tFN}3*`!uem=4-JPyuB%B*b9WR6@3sdks2CCDR*
zcp`E^)<2~1_I$L#G~N+85USl~v<erZ&C|~kc<gb@tFKD6?U6$KVVUJfnNgQ_7uyz!
zciije)0At3@E-GgXvd-htZfT9+n0S_dw3{3&$~;mb$olWD3C|mSQ`cjvbHU`@^PEY
zI%w^-NJ%ytD(93b6|JXCNi&|<9hW`oT7LLGGnRQE7aw9TkANUTJm`v<bryLlI0@e4
z$_C}oxJDj?Q~K(6$|>8jLaud^=GU`lUuo^mMH$L24~IC6-$7y5!Vf4LV43OSM$1{)
zo8;P#@Lf_CiWg+h!BP%GfLDz(JUQnq>_rl5wT|EKJnRngNP;uows;~kMAEj<*cPW;
zyO%uBsA*b|tDK8G6@I=Mhtb$jWl<k8@9WT^+WAxlyrH$FEmw&g3;e8;Ji>oZo&@Vf
zYfBeVQSg&T68-_513Du`R6Bp%RaPg5X<x76VDM^eZ<Z3nZa9$8irT0ih2_IwOE?az
z--jIEMVeP}_Pxt+zhg*?&q-??=TT9>Z8$qHm-)iql39nWI%YRwUb{)6u)#Fo|7;?7
zF^wo|<KYVUN=uJmms=%KkX6UO8iCVnY}7f;T@!Oe?=2H8;bbt3R+hXf>ux_!g6_XF
zy1yZrVz)0R(hUE_IUO=bP%@0UwUWq5%`s%6QBpk70^r>EIG^_rWq*apDTtHc%s<%%
ze2t4o<ZOXzZNBQuhC~iiwmr23P632(;#<lMm~V6f+ES*HnF-=9BJPPU;+|MR+!L#a
zd!jE{<N)1ezK<&NDRF^&dZH7k@*r`^9^R_{AaPG=FavI8(b&sAjIXOlGnZb{Xa1c2
z%BfoCmf7pHb|;B(nP5`^=Rc&y)|_Y>fRUxKeM>TTl9tZs{(aHjM8xS|Z{v7-9%*Th
zzTXw?*~g3QyvP;wc0g%&w5KaT0z01X3Xqn>x$V54Bew7C%$dBoBesuZhLD!d*uEmx
z9^K#VO+<UUNT4-noVE_Kw<oD*4577q$+9LsA$Z|X?Us2J<4Ma<7irlReLoTHiAJuE
z?H}8^uh8BmX^Bwnmb>=(V?AQ{0)MQ>7AYFTu{kr$AM3G4ipB^|LCBN@YIj6Nj1dG;
zxa%C5y}=)G-#|^%bY~L>4&%UKi#+83Lnp#eF9H5YW+sB(1aXV9Qs9A(#O-&<O2FeJ
zZhr;;;v#N;6><B0NwEObFuzY${FJx~JjzrjEFEvcmriQP@n<U6dCK)el(Gk6D6$cG
zKJO<X_C8p`LM+Aqj({_0cks>sQ>y$9oc!$F06Q9BU%(c*9)odyI-W~Z%@_p0DY~2s
z+(dD*DFq5G2-SW}nn#L)upWYY%5EN?^~Wq01wmGy1g^*SNNlknv!gQm!a#J6;G>3d
z1mBr@{3u3aNf6r+a^|#gM-HbJ>kS}dSzHSb1o7#H@etqvJ>nhVVy!F$C0!vd#2x`F
z(IF$m?{AUWa^*jzrAIVP8%xyp1VNaj)_J&OJdDOQ!|+E*aJN?W>v3R{i)-j_BEg+n
znKDk){ko(X3<Z^2Wz|C<*8Wpjsg+`{xMXFXlg75V<l5hP9_0%hhr=!GUzEKFkrl)>
z-BaOBFbwq2X>n$PCJXI=4--7fgv%(?A+Aht>UeTZHC66(5%)FqRQYcCLE@fF`A35?
zxxx}u;me*rync&0N<0z9P=?)pQJ}S-g-6}Ig0e|nG?sBuwh&-fsFkhvqkxK{=^AMJ
zUgRwfAXFM2^<(HB>NWTKQLjObW|1H4&3x;!#4iJOfru$pLskX-QIq-LZ1ODcCseu9
zN0mD%Rqiw@zXg>K!Ye6vHc;ixIaIlGmR>sqY9GfON6(_&=2^7cJPTcFALnuasw$jU
z`S850I(`mSe#E=60kO0_JS~>Cg=s7;hR^07#jze6i9djj2Y^UeD_i9gh0GmBL7`Um
zGancMT>8&t__I7C^ER0YmX>!w)j}7oU05C-$>B}(nyaB^iqUX9{~1d{!^qo~!7ucQ
z0-2fM48u;`<6Xo(zJj>NR}uGkA90Vb2UC|02>qSor|6+xKFS_6d|!oH+1{}L(N2UC
z=COJfa~eIX1Jcs^d29_i_t=jxJ>;{P-RxORCH5?gRNEe&n3Zp0i7u*OYv!bEmhpZ!
zjzv`nci|cR$F6OUw4ro^9WKQtaCf-!EGE=@R-Xm-%i>YtSW)oq@~``Yh_oAfx#GL&
zmo5>7zWFAyjowcE@)A*4&-GQUtmR6GP^ku*M&WWiU2luRmwM{pt*A2Ir<FZ$r5SES
zn%{%jjGwdKhhG}0L+{g|mHijAjIA&@CY-y&NRRc9W+|5N>2V-h+2z>y4@To=Y|Ph2
zA3O#N<ba;&E7r=iG0>}1C+@4M0tb$O3G2h}frf8k!<61|BvoPnNe3pTjdAFjJDAn5
zn6!(A4-R$-1oz4@==bGhd%F)@#k$+JP%FC!DjAaP?G51MRc<%P_PQ}yhpg_&)jhV#
zniW~xyBwP#rlL<)S%a9m1~GMw1yhT#HD-rggDAQNQFKjbw%NWq-Q4C)P-P8b)EdO7
zH3mjiSq?FC{-r$h04h@YKW`$wi~Ka9_!nWBI_?;T(#N`s{A6OM@=!FVJyoW<WW`^;
zrBDB*%duH}7pSpBYEzar=k)C34`#*3<yMbaxYZ)9tfy8KGGPl3O4a6YtG8=)ZZ#da
z)nsUiL6pe<Yb`8mc$Q&3Rhz@Geo~vuu=oJkhlFcSf@|fAZ;E$>xmI#nEeg#^I2M$&
zaS;2Hf}<~psOqTkS><ciid!|<g4?Nf{$EGu_{UNH^6nyTkt##8;ulq>qxc2MC$i#K
z3E;<6A62G;`1KXC*9r2Q_=4U~g6w^ni(eA!l2QEnNJjCiC&<1CvZMM*FfMytNZA`J
zsMZ#!9(5rXk6ueH`J78X;RcAlziqS;#~hx*_vXpCziC?n)uYbh?cbnmM@q&nZnQU#
zHUnWR_?A5kw(O1?>vq1e2Aq}CSThI{$I~l{K`Q-$PgZ__dWACaj6Q0Gtju?UY9T92
zTmj`4I33!E;lsKVlq0I-KhN8v2Px@zbw&*Y*K_Le9-_)xWDRSPC#<zJ{H&Tcd;;_K
ztVM3L7WvIukcMiXs1OAqd@tA9E&932adR2(#^r;8@M*F1pfKUYR>D69#CpVt2MA|~
zg~a03IV5&>wTO`Ghx^8q@ad5iMtnZ@yAp=^F=jYki@90XVyf%4`kPo<yRh{vtiaUW
zYbpMz&NfS50nHk*q5=QR!9TOI&DyZp3an_tKT-VCm~Hk8Y=+tSmaW5j+@#k&sRLU?
zsld<mSC9v=U5-33?Fy?r5bQrH$OG7R_!YRl@53|keNP#`IXp|@dG`B#`hNfW;pTq7
z_1n4I?R?SPV%G}^bL%xWeto-LfxS!}$dA1qg<cMGcc%`0h!xQ5JJ<`?EkT+GU@yL^
z#?}r?>(GaAfd=KlUe!jgzhFzgy6dAhb9?te<HMIj<5@;y^jpT}n2&Hk7bVsJ&D*hg
zqi)7pOqEy^#?6WiP0;WOY`8*iIGw+sq2y6VRDXSF8pfup#jJ#}PP9lEe-KX~Vdx@3
zR>-*Ya@f>?(m%-x0sVLXVr+<F8wwGoWU)NkZ2x7@3~6f(($*TJtu;tnYb><&BDO}_
zT7$H;25D=Jg|<{|hP1T?X=@GA)*1_K-HgqUw$>nRtwH#$vC!67Y_=LJkf_!?slQjY
zS@~sFIpz;okCeCuDX703W06N@$%-EAjQi*MBHmMKpo)LiRce8aD*i^QOr1lOsZCq@
z*n2Rj41$wBm6;e~pHkK<v39xE7P(PkBCWAUW=oX`YEOjXiSSSwPi)XN=T5C`rWdv8
zgrQBhYh|@wLz@myrmU4#7E-au_+pn>A^)Nl_$8%~DuZNZ57ib%&ZcabRNEPL%9U-Y
zo#*ip2GL4F#R2?_LQG84*#xLU{e!bkuwQ#M{(j0LzFnvI-w~7@1W8F|=>YpMz%<Kt
z?WOFEn^%CTqV5#F|L#cb{1~kjb)p_i)N-leBqGhj^&=?X;yX3p<vsc?|8u?9-{2iy
z)5@Zk@@*TB{w2BM`XX%2@k0wrS5R$Bu(}TR`_Jf&?@4S2WpAXe`8a!&P@N#I$6Sl_
z#!gCt+qAOew+uNTe2>hwNbD`j+EYu<711og9srw#H-UTkxUB`Xf|Lvjg<J+xf|sF_
zK?#k}trvbJG>SdoSq-K?_l#=45~|`~>Lq2d^Pr!&Lliz6Ldy4DA!Tv7q+DN-8I`p$
zO#BwQE74C`^DV19Qu!?-GW$fL!#9)fod1X9yC*)f$anWwos4{U$43_VZe~?J`7V8l
z6`t>0a#HeL(f@zsJBdLMI4hP|H?3^t^fgA)w6Tl7N9_sD?)q?$vP=4Nke-Xt27WPT
zBb5WFIEd>kl>?|ckWz(E#om`4m?^5N&^T-1lQiBDv3nC+sCIra*blxgKH0t|K7DO_
zu=us@!F}Ve0O&mc^ezDUNBM!h`l9~8e&8ZA8nQ}eh2C9qWs#%~EKf~23!;+|)SMNE
z45q9OoJ5sDR5|+up-X+^IkU&e@9;E)SQjJ#>w%;>Ju(Xlq1sN}!I*v%&Z?D2tX*P-
zQsp+vIw6`<s(hW+zD|Dp6Z3o~phj!{_gy!t|NA~RDtn0ZK1i=?zO#^;eJ1*bDvPLC
z2wPPVRSU+$R&}<-3i&K4>y+6biM5B=Fsbr&KDpZ0$%A1{(?XSP65A!Qj#MEG6ci*F
z$wb%OkWV-TeZ!W_Kl1Efmi$MJ65pD)!5%%e2{P$)Mv7^Yb8jJY2IUX!ptXA_nYc%0
zTT=I*AqrHyp@}MIp<CTZ+gY7&fpY8-C#xOZQkkP2&8j@EcGS-z;G0I5ejLS6vijeO
z0`<O3m4K%)z_xLje(_n57Yp)W1zBq{HeF96Le=S>3d**pCRJdIHE^Diq1^Xp*x*23
z0YN-6nW_(i5U7G2DXUPNI(CS2*GLsrWlsf4s;OQ*w<V52ne1t#-d9tf4TLn(e5!Da
zhxaEV0-g%u7RU%-nbgG#e8lam;3f6MO{;iG19AI&GzMMjF<<eM-bChCeb;yC$6V@-
zf%q*@b^SihDMr5N(T^69_;RQQ5D-_<LE@U?iUhs8lA;|tIG($N3+Yp<IU}KpAGizW
z7{E5Fya`!-%mW94*ld@?=9T-&h<RNS`}+-$ejUaLc&hwdV8krx5=L;4kpWNDLE@G@
zzSPFkz(@H<4*RkA{WrvQg?AU#*lOHArnsn9L^ZHF%6Q-l7fwXyp|iQ8sR-fVB`vL<
zeRYXQ(K^Fx*y`!3+ZQQX2QI@Q(f7M4Ym4@D`PUclnUg@PWKSF<ZalyWPt%v3%uMLo
zn#9DL$r617bQN(9KAnGDN8E<PWxD4kWxD5%WWZBD2*z=vP-Gy?$ovTN8kk!m0}xlz
z&%iN$W+orut6k66zJa(!GNKt>L2k)KMm&JCasRLaS-oUpMEd*L<NrDI;9HfY2Tlx~
z<%sIrAjYjNxzvCu5JT$Ie}@u2|ExbHbbXnZ64J#vl#u)O74YIf4w69*euEq&gB<+k
z%V#OU;@_O9!+`aYkzr4x;U#2mr$Y1b9gE>&gYBu8hT-oXIE&7}I&K5BdzfRNq_xWI
z7pvi08*#m`558^Jk@6sMF|-o@4i@L70{HPFO2>zk7pB7ja2QoqU_e><1&YBfuI60^
z5?7LzHb7zrWv!Vr`7a9!mqzz@Q?@nQ+eJy>71^HPlhW~2Ytx74lll)nLG_EeuRv1A
ziMj(oQpamtg@=d0^NokVewevHe@Hkx{(8&!J8=BhC_`vTYJoFLayOGD0Z)TLi7tFL
z6M<>eX8|4dc=*RC{&ATS_SA7n5*(=RfM*t0#h}L=16%9zW9x)Z0b9>PMCCa87;s54
zf};!K<_&pp6A@EHG6e($QteNZncwHe%OE}iHU?N5$Hehvh<QUqLBNz4@kH3AwbR(r
zIieu!QJ{>tp5KQ-`czYN_NV|Tw59v-5By>eaUcYghd9cSmXfc>A*DVXlG@vH0e>70
z$!QUnN>-+OJp5x6ECl~{SwNZYsSEIJ;H1{%j|cj%$%_B@n&j@6=AuBR#nhBja7}K)
zX*EEU0cYuaMIxtD741Fh!~Az@>Sw4#!_5*5+628Fvf`8#%Ky7$g_g?-t)MZe9Km9I
zNxA;Agf#cU-U1v&OJw&x#B&W31L77)*~1*<3iQrygx_G5Tlp%l(^ok`?QOCmdpu-j
zg8v=WXF+AYg0iR1+zO0^&qWO+yl~$|_8n*c`veyGTw{@8ak*F#wTKnEMDfiR`kDOl
zVbzoU<iqQSo=84i=>0c##rHn$zbpRr^Sry_8@B)Z@?rA)|BQU-{0jN-7p|;)c(%(T
zA7(e*DK6Gl^DwZ-M-o|4Q70k=*6{zHnCSW%V&ZQ;$`KR)=RYDQewT}hrhaCgPlj4r
z15So;JqLT!TmXB$ait3ben)HD!e^|ARSV%#$`}M#)lg^nEE-FUptWt0e<Wj7I%_f$
zd(VbzBFgb5mq+qttf1^=s?2gxrLmkUO%*e!I_D|6^kd*GBO6m>WYZqX9CtsaQ*LlL
zjjdmeF`;kI8w|>MiXK7|ome6Wv5nmjLL9#|%fpkgdQpJ<P!?`}K_6}&L(W9J8Umdq
z(>=u|WA|!g<{_$7Q#jPn<f2Lw%$H$sh0frKJF+YpT*kXA!5?Q?brPZ}kgQM|L{vIR
zTqs#Fk+^z@JF=FzBguor9bC&lb`p1Jvw<m<`7vct3Z`9ZPC8I*E-D!jT*kSFyU|75
zO%-HBaP4M9pHPyxeVn71*uj$Nl46vJl?DW7w-bNgdOQA3!S9E0OWK~Y-GRlgJN2+m
zTJr*5nR$cRTfF{{pJV;=&<)deFx)b@)EK$OtKqqA4dYIfjWDtyt8Y&|r9bz3`fv9@
z{5_R(jG2d&jU2o{&m8Vba9R5CW11$d7cS7Xns^6^*NB1;?LD8wcjOKpfWh^ngf9I}
zpBune+6+imXDq{qq~7x2qwmYEorU>dmVas9|0gWXDO3$D(|P}U|I+yLo-8ugNM8_K
zs1c!+$mN5pkjaPEB99Lytt_4;;rdL<+M~S}MXs-|7bCN(>ur%~q@~^-?X8$!D3PaM
zzv~kH41Bb=Em9a=P!P|QMSJ&021geZL?Z*E3mmJ%{PUS`VRV6Ah?H$`=qtPKpr)md
z6k>Lo7%Ynrsf^ZK9JwI6K)g6o5nW)rIC2_knQD2OpFieo{+RH$NsCxFJL2C^q7S(2
zkfx>A6!NJU&;MJ$=Wp9ks5h_X&tFt12z3i1gEtJ+OULm+Zsw)eM+R>gpqD=Oxu&J-
zdFkTF;0>jE>5q8nXkI#s#7`Ho@bzM2b;(gp(`B!dk-Uy0b6wPDQ#rHGrcw%<N;2BR
z)t;>=Q-{``K%@>Pbpebjiy2iGKTO=g%~V<Z3uW=s$>1`An@DJ<fqUoX$Gz`=fU@a7
zzU1hh<pzLZ0w9^Yu_B%RQq$@#id;Ziriy$iOZZZf`x1yXB>ofrWq~bDntv|{LfzPi
zH?|Q00rb?T+eV|CYIftWts8CW*3rLPi_vYl+3jiG?Lq?i>NgD57uEf-rlr4MfLL@&
zbb&2O;<sv=7F}Rp9d<<**q;fPL>GtxiBHpsd@t|e&Fyh#-X62`9<OmE6LWja%iH66
zy~lt8K}hek3qsumk--~==yUykM$^(<`>i{N#Q&rhc9{tHV6UcS*$c1x;40)W;a*KU
zX%4ewe?Jbh=p*1TSK9ww4s*mN2z84hr|T;hxj_$n-k$pTCz_UimsejIDL1Npka#||
znAf%Py5W(*W{>%t9M|yDb0Y*B-o%R@<wX^EMyjruG&BCUlr+cq-;(f>y0*xG=mIew
zj*ynl%<#JXku#zT#3(Gx>Ttv81ZQJnlyf)RGvRvD(%GB{OX|3H>qgIaN$bSIC>OdM
z5_vjt*QL?kh2e{$y^F&mNQ*n#dqKED9k;h`?0gqpKg}jQ38|&Y)2(+EM|&5Mcr2Sk
zgmbftB7=0S4LhQ}#gSV~g#M|>2_x*R8%^R0DBqG8?Lp-3AotxZn!8`Lhx6ekTRd}K
zv}b?hv}ltp8aXT4WM561r|@m6$^Hy!4#GE4AkDQPchtaxB4zYOkYZ?UHW)K(W62u8
zpm0PN4{0SU2eZM$`#=a`blojC<G+K%^$TEXhtrg8*Todt+UuaKjkc!7QhO)0Ka5v>
z&-iib=>kN^zaIt;G6zQGNaWi?-1Vu0#67E<sxx+HQTU-+eZxPT4~4&#ABF$C7f^Tz
zRYSXV6kh)!N8!x9eeicT;_rt#{vOuxw@Am|VY&F58Ef!S)zMfk3Q4;?$6`0WnyQZB
z<)Q#?1!cUGxW{u{W)jzBCV}5CG@R>YwO{bbKITC=ZFafD=2b{+;Rw)e{A9$!eG>co
z^;>e~StnH*K}M97MpLGR$P~7I4u%^U(rs+X9)UF9fYRW^Zdp~(0=6W@rNWtqh&wWj
zxFf@fJMv*N_@N5~<H%ty9}Xk##b@&`m(ZG}`fjka)dF1|<f)nO;cn1i11skUyq;{I
zjx$natBy9ZIy9O^7<xD@weByF?YM3^m?EiH)ziwE`y~78vRd#HiS3eF_Z6gW;z}%=
zxKCH{Dq|yX<N1(`2o0y|z$j%H%w+E%?t*q)ws5<PxEHlo5O<)xin!%=a~Y}1x5J4k
z%C^gF;y$j0byGI8n~V%{DLJ$ouVS5JL&W14?d_l{*j<$=dsr(~H*y?EKVsE;p9h3R
z^*7QOyE3cmR#DY4WSA(R!t3qO@xn)yN!8v&E{3EL?RB*_n9Qfu>a$EGMV#P2VbmJN
zC&F6EBMGIDxUTq0$49Om*K62uvwCb>t{%I;o3hquZ$CXYH0-N%*x+!`UqczHggztg
z;Mr6OeW`@($>4`>UE;XJAmkDG3Hh^kfRIZJ%TDHsT#XfQ;4tW`e9^hC8XBHYPvyjx
z$gu`3tO&7r$00b%z+4(@+9QOg#G3vlgeBslse{Dj>!zyXrJ<a{B_CD%oZufEDw-D5
zgT(ExCoVLjDt@Oofy-_fHLA8GeR~9h*B;Mbt~;R{b?geVPeZJmvX3b1A@Mgjm~LE(
ze7lXPTL4~5eY#yy#U%7KODTuzS#)VDM2@K|`R~+0AlmS7s;<O5$v@`BY#INdh%~m0
z|16+Ok7}B><lfR`5yCx<_r{_jhRjST7g7~NL|LJ%{usG(F>wtbZm^?)`6%G22%rtm
zHQsd)YT$DYam$`rQcTk#Q)q2#<TR?T1V+KOQWXMIQ(wLf(~MG9NM?4J7Auz>`83!l
zIHQJ#q0X6J3-T{Utm3FJmdv(F?5)%@ZzH$5P}4M-EgJzdPEs~Vs!T|ggJjM|a+%co
z1tI&Oz6?sLmnwHl_D<wauLFO2`KTbsm79Sp&Fqj^A<TD@I&ibWk@&pjc4Oj!c4OvQ
z)>MclHd(#S(<rgo6%xCBgv91mN$l_FfPb}5zS3DbZpf@PGR#B=u-iv;y0&=}y4@|j
zh~i}gQswe;uw%Jaz*Zjccr1IlpST{?H*<-#Cj)R>abF&7UxB;%bkB&?n~=vm;-ImY
zXKj(#a@@~hvHW|8dn(`1ukAJrH?y|%&nL=x2J0nm8{fR#<6Oi&u7bG7RT1|%Uu^vm
z!PE+3H3Esh0vxvrWW!r>&QDwIO{iCJ;h|tQvdG_Ct`g4Lolfs(c52FFcA`udenjFf
zA}+~A+*4e{<*$IyC6`o1+*7KE%kLxZiJaY(!yco-CWWK$f3dN)NJ%nwM6lYjEQvqa
z_S8hM6_NNQMlSSh%JV+)kg{@<r^0eYWdrQ|VNZR~tC5k5JU%eKFYa9Lf^+$YKO;+m
zi6HButT#1vr>0RQn1I-lVO*eBsf#MXPO603AwGhGXm!?)K(%dIBk9IG>a6nc>Tl#h
zmq3fn*;0%QwXt4tUYRNAZ`zNm_ycgShB~D`_nh6OX=4j4`Kx0nQ@hl0Z`551#)Fsd
z8W{cPd(qxg$+BW#fPM$94YuEPrmP0rsXC*Rs-Z;c>UWSWl<H$=M{3^HRIuEgSz>IC
z{Ks@-XXHOd@*mxGU6DJNyD6K|Nwqer=@u#cqs-_eEzad7|6XmVlWMI-t-^ohfFJjH
z8iTx1;=EH$uq}HZ!G>uLLY>;y^qa>t?I3Z1wM{n~#t-S43JkTx&6Q}Ew9YViN#yCy
zyKaj18d}q}q@_4Bg=?}|HEDHtJY}t<rI@QA1EWo1G;)5l$@WZmRJ4cdLNKQam(Wbf
z)7$PE7VWt{JUH63I9y6voY5X%*b(h%h)fPBOA2IViAz?NloR)SzF#ik)Kz_uxMxy-
z?AVaVP|AV{s!VkH*;YlzwVNpmCDwsHuS{_orS-f$%I8!q{fvlQW*_Jh1xf;~x}^SV
z!uRocx}-jdKX4)6qNY`43XKTyP$Ko-c1=U4Qa$I-4alG8jgZ*Fst~)env7WF@#&2E
z`Yn0n^%-WoCd%xcXom)J8`-puvbVhnGP487l`6qiR0(bluzges?q*#|a7lo51zAdF
zy_}F&@{i{}BTGWbRP%Nq=9Qa8<8;7nqDj%Ks1kaD%uK+r#4V(*!Pd`Zj}fT#yy0dL
z+-9sb8(xGBlX&JjJK}Dtgm&ieh|Tt|ViZW*U&Stp!O72BGne#X7^fKw!$DaxGtisB
z^ZA@lK$pJE0&el#o_hE_a5CJAPtHoaPSyXH)kjJ5zeGV${hf8iWZ57)SDvd#{1>Rt
zJxWAFgS(#Ng<&uo@60+S$5(K40ZAQjMX9AMv@-Ql2i#2i9GRK$zQdR2394MbGW8oQ
zPLi1kUbvPj*FTqfsDmRD7e_l$9IcYrylROp^yP@6M*QmaTXaaPKg<&Tw*OUFo~FZc
z;=9N{PKEslo@4-YgO~%>c)Q49SxMD#n*Yz3NCF}{f+Vm%clq_X4)(LQ>|@i*!Nh@+
z9txATRNk&v@;4YvS<+I)g`Vj9-QGmBrwdj*XB$a>3-|lgU?!==ndylJ`%R2PH3ysy
zKWocec=DjkK3A&UHSbi3fkn#pHw5CFM~z48=3mlMq9Y;`5D}Z_AJsH{Qn=a{{*E?c
zBC$4VZ_}T{w<DaL8}C)h){HjhNhnKN%Fpc!ElXXYK0jk8IZc0svG3q3xQ}X@>EAPL
zSQTMsT`^|Im04_cmfj_;-B3Ca8Ayw}c~?`hp1Y@?)_In(w*qKgMuv?II8puXLwl<M
z<5;&yVqx7}`q*D#it(E?O-tW;MAPcdBk{d3(bqAb(6+h~^vBn=MGB+$i1EyMb^9Zy
zMeh-#k)hFhY^zE0b9^1{u{~qln6a%nL7M;jWZtX9N_~ArpR;mM#?^NLFzVM_1<02<
zM5n-4-bTo;1baKC9%ip|sF#xX2u;)QD_S^9!gcU&3&eQl)H?8ph|!1}cIR`!lzE1K
z^w#h&sycpOVzRp4LQzP&zSOk3((uH(lJI!bI$D!HO%#N>{Ukn^Q`rJBO5#rVW?LOT
zV|0SVdj+Gs3vKMrkoZ5d7-XAQw!x;$B46&&BO-duH-WiFE{!e_OCrN*3}9=cs^4a~
z?qX|T6j^zJ51+=n=U&f@r0n&&lJL28Z4oC-v^*28+aGC!*S!s92bSB&ce4bZ$`X=3
zobGdhjgw1q`jTyiB|BALvarjmA%U;M)#|2d!7zQLj9uX%afc4*y9IFv_r?!}2?MKY
zJkeyccPWu2R1NMWBO`}pHFOwkIkE~yoW(^{ow0<&=X8gzsPt$WZss)`b+_kkUcYfS
z)~h|5#)3;~0RKq*W4j<Ae(O@Jv$=ybzXdy6MR-88r#M{bJ;b(V3Ru#6C>Z}FGKKF`
z(VCLTgkbzo#2-&Y#!wba2CAzfw@?;ZrHjc=fSCLQRcEZCYG`GuvJ=JR0X?v#t=cM9
zP%XGBa|u=Xz83I|kk!z0R1I#1ZVKEWqxXG6@4K@bcS)HA*Lru!m910>ZBD8G0!!CU
zV~`|OgS-0=@*RDU`*Dz@cbCk9J8_WRDf%x9U$xa$go^^~P+f7v9$<$#flNgacok;?
zLD9klDoiGD1~P%+qQL~t6a|5EfU>Oe&=)FYJ8@E997d?*C=W%;-RULp>*Vx@Rrz#)
zRfdM}Z`6iX<>(KqzFL16h8Gg2q`x4>oo>FH3Eol?e*yAH_apP6dZ&LLf=-)txUB`a
zt)=RW%~TCNmwNX#gxgC-GZSvn-qOhB(I&Bk#GeraVXIg|wcutNgL<3EB@7M${P$S;
zDe(1`gcoovWmvRHjAMEN-d*pSxh2}WpTzGKzz-57@i08lXDgUhC(gfZxw{Ye*o@5_
zrpk=X28=i7gE7`->@ZRN5|QBMyo`q;<2f-eAi7=msV}Uw-duh})BLd`S~z?XG*_uZ
zc=i_@!olabl<$un5hGWe1g-t+RqT8gc2081-}{b~EGmOzcQ>3tS#TxC3E~RvrIqcH
zGLg&3!2|xo?@G!P*XbRxR)=4iQqHN}&owzeXmNh7&+*TRG<E-`JhE|Q6Sx`oex8jy
z&pBUxho}4+>s603TjXgBdOy+at&nAEk*8i_T{7d(DS}+JpP05;J`I;2BnlJXJ*K`q
za~HzB+|DK30zABf_60v1L{(Ua0PBc%gq<}`qCN$y2~;67n?G7zLE=AyA1p^)=%AV)
zE6gHV4qa!8-8L!KBc|_$y}Y0Ni<Q^vm7H%31@noevQE=9u%*0$VrZMCt^#g0hY4ov
ze%29SLZJ2)Kbew>cZ3H9YFif%(W@!5MXQTR^P9jYZAge=FQ=)CG0>w)jAzaS5?U-8
zBs34c*;a>3xUNs)U?c9&6tqr+YXSzJ;F8q|P8v%%s5;pt)e3i&Q}r4bWjj(^I}q<C
z0LPu|%4G}H$QCvTILcO`glgi6IK%VE8PNI5-{ef>4j7y$<_?niA-rI-&LblCn*1Tm
zpSavbwFxfst{_uqVv}8@MOZGLxHeOqeWt-J@`@;H&_Dxq9FGlIBVBV;)8ZYG3cqqO
z${1RrHnrH{R|;7wc2rzk<WClw_QlLJG-6~VKXDa!sOor8FnyMO{q!FADY+!LPUxfb
zf=?=|`I;WgMV@-fuJg<?a>bhWWPUftzU#7PfkQK;PNzZdCw=42S+5a#&feCe&x7o!
z9)KQX|B#iriA`{XLYeEsU}IUCTTfa_xcD`TxP$Fk<71^kN)F1l<_(}R$t6MUZDeF{
zA5~}U(^pJZgW%fg;<!7+!Ra}Y;Ar`30oT`GqiR{?OBB1Z{DHI-45C`==s<}Uxsk?t
z9FdQSE7&fpp?b=;A0)2OELjcu_+$9vVEoiI<B%}s6_~zt)0Lbovg27;m#qAtoCST#
zL?;W@D-#E%V}db{FM9br0=ds8@ptWl03f2Z?U4^G^Wal3-j*}$SqF(b*p<5SBAmxB
z?D^(_u>L{0%oh7(_WgQUS>lwHTU>lx;+|Pe+!HH|!6sH6B<?BHWUg5oZtttQH`Oi(
zn?abi!mqzRdEd$ElX=dfY|VQXg|9iB6-nl5k@M~|CpiNr8K0{eu_)(}_#3Eq=qltZ
zU#UW_GF8Z5W>v_aoU97@HPIJeB}Z}0!u$U12=8IG?5#DX>R6Rk9ap02SZk_|<)-TB
z0$u7HP#sTiPJrgPrrQj2NOTKAx|s{prQzvyCE@zIwn#ZBWD_K|BlS#+o}M!Otgc30
zWU7(p<*1QmX88coP$NY#8~HheV(91EZTLz7F$ZBvBLUDMYp953$gBz}u^n{e3wmCX
zN3)zYHPD=#TSTq02DQpd&6gO#U*dy58ST;>PWvNw0Ay~qXqn&nN*0dmy2&`n)M}h$
z(wB6TWl6ulB|S{-Z&Br8^rG)b{g*L=%xwk%W+qV8aqeMrAr2pcAe#0*rb?d~oC2gd
zzTVVPbzUy9S5x*sX_~}#roMcU|J{-L>_t3A@R$dcf|nbtIUVzy|JD6bVNb;jWb$wW
zV=@Tgordw5OL+Sv^gq4+BG{Jq$$BnJOkxu3A~O>-mT*xenDP_1n1_X|ZO8S$OcVrZ
zli>oQEY!6kpZ{lT*8lVEtO}O`RU}2#8C_Hj?Mq$Vs)sb9vA^q^`+vIf=?7hg_V91i
zhPra}x2~_$-$<<Mn5LO9izShxy>(2}WER?&DdC?e7D%ikWq$$J+swkt7J1-ei8(a(
zvhVsWytQ205t&F;$8(>XDEIm2a5lljuqiGx;0ci|zx0rK;H$k%ll7otF`l`wuY>8*
zz78f3I>V<ocK~A=oSoc~&jlg<T}{(uWe^hY8CoBOBI}=lczdeUyZZWQ^gstPvaub!
zt4-_3%nq6iCOKlGrzROBf{xv5gKVG7KH^_BnhfsM%R@V9GI-c%^kM4F=K=ZG0_NX3
z#B{7AsS?_3b=9oFh8i^VWg8Nzgo>;U@56>W(VaWQ^y%zHpU!Tx;kDTCLumM~!RCmE
zsS-M%`*aYMaC=6dj(@W)YqHMo|IOLEOnbRQV#&-IefBQXUaoIln}%muvyQ+8S(KP}
zrf!PZ^fD6um4gK#TW!RUllYJNMpc$n`^Ct-YQHT!sP5v(ZT#2wtNpe}gArU_!qJV~
zceBeH$6m)#ZWzRoyN%$=CdX>hJl2(sw(Q*>aYdU7_>SM?c!o5e=YkMRfi$0LX;m$d
z=6P;Gkaa8G5DDMp^DTNjuG^e((0d5P9@6~7Vm|-Qx?<9Nb1@egf=RwZf45jyVP+JY
zvlZi+Q~6X*0|FV!34}CXUaaq)&6UNvbVQmfiUlDU|9~`4gCh&WN&G5N5UQt&B<|;Y
zRP}MLxEZ+OW~$CeQZ=+TRrhD)id$Vc5C2wSIRC33W|p)>zN5@Kn!u^yU^4F!<!_EG
zohLj#tnZrm2vo7N;!*lFN7ltOSh6}r(tmVh9ZaZTTPlC*5QIKxYgFCi0NAcOmp?VQ
zb#y0be!d979e>in!F?TxuY|$<VqIx?a9v4wP+eQ(E(k}DFUw-Recq`X>^jTtY(*TY
zCkT5T<}&)RB-jcN^xJfRXCZBZm@F?T)V09$g@quxoE}|Zi$=;I=6pHCoZkl%JX9bE
z-b2Sh1n&mjQa1=EV{VUBjI|z)_56S=W2J&XZ)~M%*##4iYNVyv7HGE#?1B5bk~V?b
zw`uSDmsjz=9BY(dGX3A8Ao#ZmMb@$(VVTofb{CcvTg$$SWhK_KtFUZ<wd~tiHqcsj
zE|!&A%LZZD>DIDd0m>?@W&gyobFF2&u<R0R*(NNz&RX_cENcT(nwH?~eyb3-wpgC8
z#gmp6nOpr^h5b3z(VSnat&QtW(D)f^V<NG`nG(tlXB?ZHf|;-2MD+c?M%y8El7{q+
zmMKNoli0ua2!m*8{19pWGsM8lwL9hw({+p4n~><<8Gv{m^mah@D;ZyTJZTw-?%KNt
ztNzV(j=Kk_{wL}jWZ4xZf}r|0v)Ah!^Bt<cBQq$P{+>GSnP`vWZo4|Jv-QIQNo%!t
z%e6c1TEA4&b_>GYZgrVZp=o2Zvt0s?5Yv{-cleiAXTkx}vXkxfN8caYnlAK5Tcb-g
ztw<2&JELizf4MUgjJ`jX?QZ>OAXaHm^-+a?xhr#K>w&@1{bPO611|saYJJ6{ZBf4H
z%Uu=>Snjm^2rRb}9f0T2EE@P<D##*(jtPb*;B226e<f+HlGgU0L=1@pUZM6*0}EpR
z5+naDv$;P2;RNIcV{aX%@2!viSvTL77_2I5Q^1=8aC42X>ejTh({|j=Z|t9t=XDhK
z;d##HjwYvnxifvAkljlhd{wS7eZ2e^ydqZ&e&FYzo{`Ka-6sv%{~Oop%cj@D>gCf6
z(r+Bg8kbLkRMdess#vsZA86ON8Y(r{uFYNen6dS$e#1}e2W8jTBA-I@LS<cB#0_fo
zIam)YuWo;&2?UtCEc*1#*#}v+`)rC3-Fs^>{ak38e)N}X>-%#1yZc#wa2lBcSm6G#
zbCWh8GHow1Z~*Wy82^Bxb>G<Zt8JwDmylPzN1Rt~_8*}4XGNS)vR<WjFlJYT$3%OJ
z!_~((vR4-vM)r#fa*ga~6__~vxD5|D{mj;1(!75?PM`z?l0zhpu`r<z!Et&39jAv=
z<aO|M5vq>kq)-H;P()Q;64Fwa{SirFQ=#6>B!y^CX~c^b`Nsu8*lH`GT9C*h++`_?
z8?7c0!x)dpl}f^m(Vn)*DQJlQF?QBFW^Um6-MygSHJR4;JC~RA^Ue|U&Jlx7NIp6t
zhIh_p@y?O_-nk^uj9{WhS_R8la4)zjYJ<D)I#pJKyQw;3FI7W3Q>Q+Upn2M12|op}
zj6<*-7O+3q`-6MG5;T^lr^{>rCDPoYpYA#fA$3&DH(ut>XwQBU-)A~y-V(EZO|q<A
z@3h?64}yCUf_n`J?#%~5y;ckE{VIorb^6z2r<q9t=6!;IIIIKm008m;Rc9QgYUsmM
z=W__i?-U3*aSTlZc&FvgG_!D9CzfTdGgz2WaFM}tZ^r`4W*pA<LWhml{pPh=@Nhq1
zSom#bX5Qj|pJioDJiq_aV&Zx7PiW$K^h-@kpKeET$M8-T)S}fTB#y@D;Ld2Z5V?%9
zP*OLB_1*b`&+3sH7z~}nD34?&NIB-~PUD?a4eo_*y3-i@uGjlMjD2?kpV^IkW^ZcM
zt5B*zX%Uu^)I+ZdLfYP?X_PY^eSH3d^dJ9PeS9yHr3N!m^p?i-uyv4A=vq9*b*|p+
zh?s8zu2=I-ws*TAr0+NY(>h>G>qDvr5BHx|+wXDw$MUk*Kk$*xg^?VIf0!03^&f(e
z8BA5jz<-)$=ls+3_~o7|B<}GQ7@%y8JjK{X)v+x*YSBLhA@gUdI$E-2j6Z3$fsm?S
zGb2YWeg~%?!=Q#625K{8&FSBa7V4l82qlw%ru&GlQVT|Bk3OOkA{i7QNFW(J1N}O|
zwH)elWkOPdPXFP*`H4GHae5-81YNO&{h*(?7gy=&dxPbewKsL=;}9FLQ;!WOqRF7f
zM@!AXiVyXQ-83282^DpZ8&>jLsp`1q1M~fF|3DDZzdojEW;plS6v0t6Gg@~uRjyx~
z>i%V)rz+QLslWfS&l8pFccymy(g@-GLpFrhC$WX}I3c_%My|IBPp!8Je_C%7I@a5S
zf333#mu|2LpRTtFH*By8Kigmv-d%4KhHS72;(D7<w%#VF>utjK*V}|K>uth<^)}(5
z4K`uwdYkaT2AeQ@t4$Dw=KUuQwON1K3x*#5pJQm@&?5fDiNA}74lNlvVBpZ9rGxYq
zWa!YLuAzc^@X#Uo?Wf0$Zx68N>mhg5C%KXCWM)TzjP$Jr!(@Prq>sw1S61e(g4lLh
znR~#`zTn^Y%F5i`er+p6y35Mk%@FsVdgw6>c?Ub@k^#q$cAtX{_d>&KvJDSV1=iDS
zIQB71wEIN^OcUyEG@<S^8=mr*C4RmjJ0ix<ht?9eKvme4b?d2NFbxpb)&Lo?6O&|d
z&Rs7ELcJxaNDYwVyo*>T<O_ICFh=5!dZI)SvTd{d<r;J{#ql;!q8}-*_KPGQ6$HUB
zfX=V>i;=sk{kF(ls{!<Na^EewNpVPYK|!1}&nh;zyG-@*tfAiG<6A?A6$?V3dXAkm
zmlm6^K-sVWX|egE-RF_!FPs>O=Z|(*kmmo<;}`v^@9^s0NQpn%J&42~unU4e+HH7Q
zPxD8+`}kRJvm1Wa20I6Di!IokAkEYGkD4_cOyTqW(eBZaM$$4)tQ$p|g<?S%HMZ``
z`K6>KA(5xs$bFwU;W48llLEXIpV9o15P7<l+*e|mfi0f#7&CyQ_4n9Uljanc((bW8
zLz>^S@pryWB+YNyvX3t#EjIq#giR1e&0hU3X>PFzLi|u<7G=TBv?ll*X?_q`_z7dV
zZdip|%uf(>&%qY6)`*`By&?!{pDuL4ZvQwk-ejP9L}cu7A{S@>2FJWoUk<+0v(R3u
z1y{)|_#st72h#5eCl#5Q(1-f02!)2+$joP7hSI&}sLOHG4~<dx@=dn?sJH2({;~+)
z44$v(EsaTGYc7<BR^oQ=)w|t{li3TC`4A^_AaxE-CdntrXD3&-dUvG;yetTQ_Qh93
zzh3lf9My%RuA;0c>ma<v>L3hQ9fao?4#KM~0iH#a74;9@JgHJWkhADSL7cWe>}TGo
zW-QjcHONxrLgP(_<>M?my;hL;e;t9tACL!9FP!hncH!i5SCxfW&*G#);)5NWJRoEo
zzJdPA2{ztcU=21krP#mz7AN+CLlACW@wN5kW>a6jr;omTTUK9Qt?SEA+VaM!&D5t*
z<$zOh@met-y}jEC+S37DWBw3O<wL6SlF;6i?P=YgT%b40Q4Rg58vY)YUbK{G!2>6V
zV$*{O((~=8KmU+xg?gCl1G@5Ugs_1EeGe$mVM};xe+Bvgs(%Lzj60A|<2jH|fj;n6
z5f7+4zlK8kZe8Wu2`b-Cs?Ok~noPa>6apz>@2fle5I|ob3)_vl?(UO>&&<A>a}~m9
ztS$d&IEvAG0QBBZ;x3zkONBP8F5Qhxc6T0KdN%@dw*k!E`GC3GP#<?^)ko_D?ibBz
zX5QvH++&>RYQW&N*vS!hk?lA-Cn}eQ&&yC4(-XvO`1w%%h>%%1Qm?dnz0Asiq9B+t
zQy4Hy0&SKC8C;>w`U<aw70yO@fB6Ki@Oxq&rG9fBrG9f?rG9f?rG7Ig^<NQ%{cqJ`
z)b^uR$j0{N3$OT|RrmJ%26b<l>)zdhx&4#4`;eyTYe&?ALq-gJa3!s5*CVN=<iv7d
zyUIkTq)c%IA(Adg+*7zlG#}%oY5Y*QB%3OX?`f&Y59P#8e<&++_oiwdGS49L!kw}*
zH<|K0WW+E18V@;E?lDy(=bjTNoB`q<uWOtE;+|BWIgP50k9L~_XuAa=^OC7ptxUD7
zfGO<Nr|^WV%w3s!YDJ#OKCmLsWaqCq@yW;_88N;yNJdOb<erf<;!XR-ntC+|8#Mw=
zWk|_OmBo~}gPl}a%wI56MQff1`MaFGm8$<0ZUeu@+(exRi7QlPO2A?riC<t71UR;p
zDuDOEn{^_hAZ!%`|7QK<DSFXZm+3Dz+_#1oZJVs<NpUfCo5g+G-&sQ0)~|Gypcl=T
zHJSUf9`bQ{J>*~i5gZ!S-WK$B08D~jBgh%)!3Zt|$&78MsvhTxlG)oOa5DF5{q>`x
zuME$ns^gElOnh3l3jy8_8-03YTd*o`92;djQ?(BQLitjcK4=86J!%PHgA0lCGfobQ
zGTe#Pf=dndR+BxD8otngN!ccQpJszaLGT_jA#~VUcL-vMLzKfrHei8i%1Xgzycp2t
zN=?(EW6z0PA6+5};h7Y({6rTOi2_x9V&seHqH67&$dv$mHRua^I{?B#ZvsPkgAmGF
z1tUW|FT(rQVnpNjj%iwEuF+d&J5Q>2rQZ8V$Pv3U_09wQ?~c?EHH+}g#}MW>Cxvr_
zXpImlg4^VSzC5veUp}b^H5{{?|H~T#HZ7ZJfRdKt%vpMNM==`d!ay(xNF7C5ikmya
z=j$2M!j5RqC<p}mUZ;srKieq?>EA+DMle_zHwht4CJTqcp9$p<MZ^KbLOwrnUsEk9
z_d5N=J)uHUCc6;v_)qwpOw*4a?RP#Un{U?0-P2&Cl$F@0A=X8cKBu5Zx+i_>@T-|?
z_HR!hc>Y^37)Z`(Hi(G+{nrd59@Xa@>It|<P8{)4bK%C}%;I;zNn6ZYoO<nk{zLXu
zrMBFUJR7qj<YufPt|D2*9vj4Ly5oSyN7;5VGT`xH&hOMQOjG})i8pTZ@mn5;s<>53
ztO(afdy2!8sOos+HFL4Q_u4lKNlXvdG;KwHXvhAaK>N*KA|CwYn5Ly~(KzN7L3Zmb
z01f&Nur^-f13+?iYo^4nPtDa&lTON>(z6odo%&Noosbx>%*LCYmZig-GsV#w0qCyy
zRdXrMdQ}k8jmNSGgU6keL4Y$<8I<1Mhk{O!-{!b6#Ua)sv916+n7U^<h7|*6y0pNw
z&2^z|E=Alz9!T8u7($|`z!JN6PIy)@eu%22lV1gyiM$HeG61wdOTV=eSE2rbWv{|w
zOm=0%tWS7yCjGP>BaCGg#Y`g}*^?8G-1Z0x&OhkWy6?%-pZ7Ugdbc6Ue|xzbZrTcU
zQ7s`U0@b+Q+J$G3Sg4CvYON6b5$ci@0V*;fi>X4=Adi?HmE0#vS+6`%Da0&G8pbQ@
zWTaaIjcvF+*A+oIC1f4&+x{C@W-hvux~w^Wd;%I^ths&$sN<ffJC!WU2*(ZezU5&A
z?NFN$>itcuI9*oDOrHSmlPcB2xr<IBl)Fr`=o;&Oju4rRW{Ix!;bWQ>?L7yNQyk}=
z=lulVxkAhn-p=vpB?}($-wy~`t?=8+-KL5Q=mfZA#-W=iWgdFtXqEY{0k1oF_ncY<
zM^W@S<m(P?zE*>;aK%y<+Nbj#lKECJeklA2Wx;*X>T|$&B!u6is$+S(AfzjfSX@N=
zQXj{Ru=oZF!SHO6r%`4%d76y71+U-Imw%P#>K_vOG|0LGpl^iY9pQ4COhW!fyiYOd
zkJi-)kwY1qSA%R_zk(F|z}jTxcObn&+Af+5c7l)V(U>K1m;E@2yMpbMg%Y%~mDVQb
zUuvGO%1L>3!wSTS&1e>}^tgLBjcMZDXUghCjjGp(sSlpjvtnr-)V`A{q0USJ{O%ty
zbLz_6Bwdt6>ZL!&k7>P{w!|sD1bNV+HbK7+FMD3&Z*{dg4c7t<-+fuM_x$i>(cW{y
z7e;&U4WF-$d%Mnl_gUc9j*5byj(fB2TVxs6w<PlPD<pP1W@C@cGIM;Ln)AYU{up0)
z2WWJKvKmVG*=}IqTrdY|#5j|;U*9@c>q)cHdxhiX4m(93_ipk3<GI7Mq{Y5rJw6in
zX;v-;XpHB(dR&WyO^}r3fW-bF<ZZl#@0Dul+*br47}o&ORCV0@imuL)U~Au96Xb?h
z@<?gMj#`x|r)<Wobw*Y$s+45hmLy#@QIJF#l8(%fo{TG)tcqa&e4B9FE?zRsB@J~w
zT($Lyf0J=g(b&TH9(A4xoeLhxanpSlZC%KCI;r8Di^6n@{L$(Ik@@~;lejU`=#Mtp
zHb-vNa}!zeI-w0fkEiK>G2O`}hu6=xZar>7y}1wLjDKg@meGA!5k3PgSdoD>Yv9(W
z_^&XHcKorgc_Q<oKKXs}-w*amv=`<Iro|%6>eFc5_F8{}3dn5DV9D0YJlP@-)vs8t
zJCDTQ!efpr^uwCTuRN^zjCok|iR@v`N4}=q|MgbnxW_f$c?ehJG%Zi2pNoy-n&GOt
zlJF?=sOA}U`$_y<^Ymo7ajLQe&rmw^AIERhAN3pv=vL$VMbW05Ts(bZ)M5!6)lJn5
zaXi{n8Xg(#DG7U`J#7(Zv`LJIPt7z%d-g}>feT_Tcw!2pO}1wu-#boLj5S^VDVQ3z
z*U5Y{H%+GLu}2Ie=q5w$I8MIZ3W=prpP=k*ujV%oDx1eN%FJULBUd08-?Ev?dUW*p
zBt8#(2IEAPc1C-O?;fhs&Cwpm-2+wnM6}02mQ92Dt8MC4di_;;{Z&}+wFv_DnO`vK
zicAUin{OL66I;%AL_fMB<HF|r$IOg9`cYM4UxBSHu0?KXP8eB@yriW)`u@IXkD1r#
z94P6E_UwxkVPFsOYEZ^CQ$Go4aV>HgDnHL}#`vPmsQl<G`m@b~kp2T0$J(RsC!#%3
z62AerKNpw9g0BCN<@0Om)14BR4E5n#_2J<`|G6i86YJ_XGz-KIh$O!3s1ejOAD85;
zO|T?aY|2@Z<(mW{Q-LjxyaX-Ea$E3z#8qgTMkb$}X#}}#-rInWM?c;}Ud^z3g;*D4
ztTv5YhaW(Sxm?UKZ&i`|-Zjl$dVaaO8nW!yhGe1@lVz*2Y+1dm#YmEOcgj2q)lOOx
zS^lhE*7%<>&15Z6H8A_|!kn4M;7*XZ7Cy_bd>fy39aSCIZ!l$=dp78yep0sV!3|(<
zG;&LZ`kN8H_JX|HKVMFs_3>rb=2MBK;8JUId1f(Op8pX90oaAHB7uC?$dzAnpR~Fe
zl3!~HV&)RG+>fHboti~EyMt?IVNau>nBA}iWY6iI3Yoovk|$al(KuF>@*M>cb(6`o
zFAiS?T^zqzXK{s1w&q5;Zr#aPc;;wk{>FS>2AwURZ}=6mK-jDUK{J7%!Hfou4zaDe
z^gP{Dp&!fW^FED7Pz(9!n6b_6Ki1zqy%cj_zfNl*vwe7M(AyEHafUCX?0(peYiRjh
zLn)&!y0ld&5CmF#KYx*V#eo`H5IH5FI59W&eQ?j&%b32NxTxzOarr8!>RA0J4vVXN
zR2j!Xw%|_y#{2aYdE@Gd>pq0vIHxy}v|&>Gar`Z=syY$=>bET#mn{HWA#t$vWE0^(
z_>Otsx}MvZvY37^ftiuMk$+Sr1D>klEV;oQlaR08xH}E<)HlFqlW|4C`F*b_fJ+aI
zn+l|bfL2Y$y-1j~z6!F|Lqc@STi<Bpt#7d0l}1HDIAUH;!QeN&(Wx+ewb#gxD>Z#_
zb8of0UB5Ww?>B5QZ%BCec>2xsY}%}cK)qFez7F!^!yk$D_<>`~?9))~8{zRXD>3Z{
zA!d_UYpAkS=g*|YHIB3l6e?ej6j3b^?}&U7-xXdY#oAn<+BYJdlKS{MlnR7Y#S(B6
zIVtN(4PBzUj}C?Jq47jG5>kKk2fVjHs`=46xUfJ{e+KhWALNrv`R@g|PSS^z7&N0w
z6<nGZv%8SL1mcGxUx2mTG3?KR;7=A77#4HglQY2y?whL2Fg-^SWjj*#yU@S&<qr*(
zVr8#vk!O~f;OIIFl9HJTZ-TgOeKXc`Jg3UIhMJ{E1VM<nYs5%tZ2fXk5QdR>(b?v$
z569!r-a}M{^!76ArR?osT-Qiyu80gst$a|^*uUb5a1mu|@M4wNqvmC@PwMw}u@!hl
z3;&%eSgdC^hq8@T=+dsB44M<S0FK;)968xmJ<&alL1np~!d|%|R%0WNBoxS9PgQ?C
zRUpTG%@q;OT2sP<_>3|XgkgyIF4F9<2?Ddlx?LoG1W1jug>m(qd+C%mj%J@R+J?mD
zBadv=AE3Oz`=y>#ar{4_dX3}j{(0t9{avwc@$NaXp5pM0vKnhL0TML;(ue?w!hIqO
zbFRSr9*)VY{Oj?ijaEEBl@v-*_u+K~sf{i{NMCN;ZXl}xPlW^~B-zts@Z)5RFLWt#
z56+qIK0^@FoMXkhi&2l($2$VI9>7=T^d@L*4M1FB%i(SY_rwDJF_eFJ_{U}ZBfvkV
z`<00|`IAK@2+;~&R(+7Tt^(iW6w0B@%lPhe6@{_}1863!t8D<~Si)FJz)A#nW}1#1
zG?qwF1@Xl7oeJXOqKeN&RmT%+fv~Qw(l^H+tmUXQNzbA_yCP{v(sPf;T<Tx3Ri8*+
z`AT|N#=bT^e7*p2spNl=9=h(wXAJH`4>p}129bErze5iz^zr}LhaUciW0Mf;9u%Gv
z>pm%B_-E7ch#~0h@T1{eCx&7xF+5v(vcyoFC5Bs1{a+&n=l?@uxa!4RVi^45zfBC*
zc!D|QRB5a*=%F4CQ|!UR6zxIQP4#f5InK|>65qO-XE;VjN>g_%M;xgHs(7Is@Zd@s
z*D#%bFs_mKm3%G67Lxd=EIimN${M_Qe0yxH70V~qOG;s?Ods}5Av<0>Ty9breo220
z@7MfO8wb?<3R#sQ7U&>xEvW)T;eu>q>c|lNcq~|LVA2CQ?Yy`QHv4MIHX>eY;Zd=%
z4$^!lKz<6BGxt4@mzq@(_aqB=`2slM-s{xGxA9Fq?5W@z_y}5iID8gmQ@W^nLsx1r
z)J^G56~mV=Y3+NF{ah00xz)Jj!6&QNdFnBo;dY2YBO?}hvT+R@dd+2;rm><}$`<Rk
zlOGjnnilkS1ic9i@HqqCFZ|qzY4E=yIW%|=*#Dp@nVCom1s1wPl5*e;=k5sw#64js
zaZm6N_k_!cdqRM?Crno++ywZWEJST`Vg+$e;50FXbG6A-FR3?68mMxolPY(*sB&j{
zaspiVlRk7z(@s3~RpFeeN00TNIwxoA<Z)6nVM3JZlXOq;C=)KDEZ}LR$^<9>QbCmo
zF8*Z%RVI`Z_ubXXofX7=4X2@dDb72WkO7I1m|y8f%xgFjrz?(W8ct)Fp4-Vip#VUc
z4~)q|+wmY+Z9oubBC*2b%|cQNtuuK1IQGX}`P}FIMBnuwsnkJZ<KrrK%_Wh6sRx@i
zEx?ZQolizWIq}Zddl!=K_iX0Q=jShH+4}tYJ5m>W<v4raCCA(QF2TL;^B6wmT6i+>
z1IkW;?QepJ+g~YZ9s(BzCWG-0BGY2sgv9?QSUJ!oocoNnK8Fj{g{hVL;83QI%5^nn
zlU2B9$$a8AiFJeE8OUM?AH}bXz_F=P$d?G0C3U4f@Y68xAR6yLU^BNm?z3llG)==h
zV`IHT&{u$1R0ir8*X>;X3W>dSkhr9(KFayL!Ge&f*TI<Ldxs8i*fT8q$X}l|%|ol6
z{kmHSTa<N7`>)&5pLB=yA>EG~fzQs&ZudcNLV{E%Nq8@FuWxe*LgvS@(WT*r6LW;0
zHs)}IX<25L`-D^ef870hd{b4{I1cY5O&bd3q(HG=IcgZnaIp||T3V!`3G7G;jDX^`
zgf^ueO43QrfubnEG{SLD1jo5Q&N$CF7k#`x%&&^hXiBvgL`CMAXS_Vm3^2}2LPXIS
zv1O3+e)ih?BqwQFnQ{JjzYibn$~kB4wbx#I?X}ll`=-xfof)CzmnrHf{s5C*+8<a#
z{edOaA6P>DfhE)*SVH}QC956El4eJLq0Tv8lJN(YYyQBJj6XolNMS~~_2wh1;gYkX
ztyh8u%daGJXdSX#k~kh_I`!Mk4Pu~IuONh?s&oxgp(%P5!ueIG(#mcM;|KIbUao8G
zjZ~M)zvg_~;|gg1h^9$i<*hSuD=;H@GK@%d#1Ki8Jo*_`?yi8E&)#2=Q@hXlp?1r)
zNJB1DSyhdBRZr1Xbxwk0iwU8FpKlLEY7d{`_7G<V0$>m4$`cZIZU4vZ;qgtZex`yw
z-1|@3!?~l`!@0~JzIPYDB318)G0WA!?csQ#Yd;vR*E9C;k6HF`ZXSC`y|JB~xJgI#
zQ?Q3PMk+HoV)9XX6s~~ULEpC&`o5)8s9#OpYU))}r&?LcU5KJ_yd7oSYR#)oJJnbT
zSg;bX(l6`yeun;~7a21JP-eQx#7H%7Sv@P=%0$+v&dDs^@o3sC;z!TLERGSri7Xf|
z-853or{$>mp^c#C7Jhd2BROi##zTVMg8hi%-F+_Ri%NYInP-MEV~88Xtn)YKj_zxG
zs5e<o#bXnliqlrUN;{Mr?|6R~KZ~2ZgUPT*c^ocCb&*dzO1rJnMgHXE<B4&Ji?)FQ
znScqqUNd@1o@|ff9WTSlW&C{Dn|n!NWM~pwsf;5#Gt$_pNkiGqq)=ZVl-5rXO6zSx
zY5kQ#X}wb@tzWIwH}{*&AcZBOP+Cu=u$)R^85XQds#r~1ms2S$TZhRK3v>B*GCvTm
z^mHmuaTm;yw&Xk0j-XR{3K~!@-&lFvHUJYBzk=W@%in2R`>|kMQV9d`D(xN4ysL-|
zO%|dP3@m|%++}f4OYsIJ69>;W8=Vz`lf^k4Ut{F?d@HW(WX*hu#(d(z+gVdL!?sPW
z4uq~x%rxZ`A^I9WTOX4*7%!VGSaI4a9pn|ban-}`VdbpU{qwApa#n6PXS4D(Gv78A
z8JZ$Q7yje?i2piqZQ@~`-xOr?*jqqTPL^9id4RPltaL$TanAnn%n;A)X+w5q5H}zm
zn+W}W0qhdLREV+*rJ8M(iJdpADl|1Wc@5JB+7NwDh(2#XsDXR}>*bu)kK5jY%RgQN
zHYN(umqFXEho*u1chcrm3@e6AML?Kq-VJcCv^_3Zoi>b>`bwd6)k<Y!Ic-(_^%wEg
z<W5@!wV$j(CFg>)o_YkrZMz}ZUXzrn+4?6J@{k_StT>-v$s7M~X2p%XVs+Of<yRqZ
z4~)ZO=HO3s+?6h^!^%=>)N6jCV`S+{`m2>4Iggd47Jjrm+bOWLGFb?VqFokuf1j$V
zY6CgT=Of%||B@<OmHa6kGgh|jajShxs%(|=r|#GagWL3a;^v!F)kBV8>c0R>>|$e$
zqvYcdtXpGgApLG~F!6qrKCZS^E{jc=(LnkV??!oLE{hdhvt-w7F)?_fwg=*+8&y@S
zLRMVGW2<yk&9(_$SDjT=2RQ+6l5^k?=8s??N=;>%5d8}sR@_x?aFE{$*5y?$n6kVc
z%S8>*_oT9vnSu)(;ac0J@<d0~YMVhWg6YuI_=f0va-oA?t($9WwQ>;)v$(k5RLG_(
zsRmSdlshb}c9bToP`Yd-H?}%`Sfv@*a%jd%y{N3Ja4Pk)$&zxVzVaNcE;qQzcfl?c
z%Qxq!?!<pwb&dH{Hw5%2$QR|%pUmh}M<(?n@(tKn7#)-xk)a~FJO`I{zsX;oQPs$h
zMV^-PaeRhQ^1EkfH8O4+qN;p7t%|P-*6T$aD?9uU%>g<t95cW75DSuGEV%Zk^_nXF
z-4CVPfrS-ED7``anDz9fD=JeLvmJ&%xq+(LA*#6Zn9in54djfQypdRX13R;Q(G8j=
zUIlLsCg$9rs`hwl6J+h&RiP<Jx+hNe!&O`}bP}b%*5dy9N_LLlDk}Ju9%UnIiB%M5
zowBjQscf80)raa5UzEu^QNlXW5xuN#{8YDQmF{woSi9{g-tqo(K*W5+YCzcjGFDtg
zIA*@?N3>gRcqn}yi|Y@V4C9!2@FD8Fz>(H4D~x027ayXycYYTut`8eX!b6U^*xkqQ
zXJ_L2>tO};P6(I#jBxJ!cd;3<6X<t4tDgmThjv<tFNc^_cY<Mfh*|Y_g{~`&2(|1X
zrpS;<=(?M>-k|~^Du7k47cmK0Jh6snJ>(86j;;B{$AWbk?2{yK2s2&Jek_zW^kYT-
zg-5ybsl*M(SQbawzVGki8rN?5Vo%Jq8^_js7sncQCY)Y|@|=dER8ru9sZZB;tuDKo
zTHFvlB}BhYTfiL_gAiRzYq)-bIuIE$2s^JdAhgc{>pRv^wLJ-iZ>2cPEQ*CJo1owV
z-kKfcjdX*4i8pBBTRpTrE4x|L<qfUZE9UVen;}a+(PL*-H7T(A_|AhA$iKtUxU@X$
zz7HxZDkq1wC2v_J6&IBebjyVxDPgAT7m0aCSw=5_q3g5a$TdiQiQ2`22IWdyL-d3+
z0~6OyOd1}-HLmZ<6Ff>aCIb!1ohVi6R$N?ghEy3Q4LcL1t5vq({?46LD|XYyYoX0(
zXqC2p;zz*YGTLoD{6k=m8le>;YrxPI(Po>P#gT3s3#pK`TAIUmR>4g8PFC3iQf7TV
zjwGz0jKqS;T1%pR6}#86IXi{?yTo;?*hF<h5w;&p{H+7p8ErY4dm3)OwKqFHA!67j
z#crA;?<AH}s?oSSm9fUx)JnE0cHOvOEwm5z@kKE39t?$2Uk>7-<{)h~N|$kOJZ&$Q
zS+KIqij`#|?ys-Nx#m3QJ}=3ZncDEgV4mDVK6W=1Ve)olXsWPtb1~JRve(`}qmpmj
z{i};j>_F+r3+xJbm@^0mw6Tdc7bcIhpCWz9nqq|Pry^Ab>C1u@Q}b0vZF1-LVH^ny
z%Sj(h9k8KfvbY!_2a}0#LmWa)_Q5fNP0O44N&>-Jmku`Jbg+rNTbX&cj?`Hk5aG@W
zUGL2VjbR>&%{^(ys8USQm-LTANSl&_6N}&eld2}yj-y79$JG*j^p$HILYjOa2C>f1
z8qk`;?D<GnAp{^2#>h~?<_mQ*en9KMN2*FrCO@@g=IPR-T8AR+GiZa=nSAb&Iqe;Z
zk5;Ox{S>W*5;lS+eaUAm2niJ)o5-|kwXK7Sqspypw$L9d-O6UGTiGl^nW?C*hv?k(
z>)ic?g=~{<CELccq}<)Vq=J*Z$&xPWiy3|B*re%$7VP5sFpHvB7qYAS8P^WZwf3%3
zd)EbBm|QDZ9aS`OIswkEwQ3_LkS7R)Nd)Y6b%eUq(t?&2U3-t8#0vXNn|!Awv2_Jo
ziSl)T`jqmUj{YKJS}6;uR<T7buqm1TsdFfsEibY<p`$Fe`i1mqO38`?o0y@0Piv;r
z)&XzVB}<C3rhP#PUinZ}lYcAJ7Du?rf4fKz{qQ*b@NQvtTsQF@`u3H=97Pq6sA}@5
zLcOAv&{q!@W)u}F?%9o6#c4{)D=tVe7ffXL0}0l}RrXVuyvi!2GHc$PRmy^qm9ki?
zl*CszvgR;1XZrjSQ0>TY=@!RxXt4<i4-bUC0@C!voOF!#-!Q@5!K1U4EPz|AO>oyG
zcAbV6^NJb5k2ygmTTYN^<Bbqx$~2Mt%=sqYSq!yUA8eZU0c3NVIo||2r~t9p;|@hQ
zr%<_N^iX+PN3PYZS6?zwkW;z#cU3icxIkaIB7OBzK~Ckq(>6-0{5Hj`E)}9lU?tPs
zD$lvOWdhw&8>`#{D7$i>N4m8_?UCVe(uU8kqy8Im>gc#B-)bRNM-%jQ6nh`)=y?-w
zk4#r4FjvQ8>quE0{Y4X4c}0l%gN}h-fud1`qEfqZh!P@w$$%+G@COpAn!M4Z7yPsI
z)e=)$@NUvCPo^JkYvr>&G2lZt3*aQBk<+D8$U}xArv+(a<n(x{Wu#=jlp~oZt_R5o
zd?tWa<LgGf{_5s>O7((~QXrUrH~vFa?dUHmh1j)L<NI`dV<LR5%C5<Y4XY{@Z)M%C
z%H+3)RW+*{ym13ljpb~IO?pD+8kP1}pn*^5!tQ-(Hb&Dm3nv&F&L-G2tg6HiNsNE=
z@2aXwH;)wOg*oE9Z4IMzaA=hIvPpUwRvrf#-fGb1At!M~0`-9oY@b0}!rGDWy197#
zL#j$UVGz&ep&aonXkk2D!DjK(Eoa(URdw_i30XeTi)?4w*p5;0IXOn8j~SO_4CQF}
zTSrtib$dp=2k7(HGS8jwscPz`tU|~>R*0{CmR*ROK7&GNvu%}>1x5vU;DQ4yzW;Aj
zx+x=@P3Xkrm$qGO|KLit`eV<c$tHC56ch4HF`>pOCUk9?34M2}2|Yd4ga)UY&>yCn
z&?i$($a0<u{i@uA4wswIpUO?>stZhL*##za+XW`na-j)DFEXL?E;gYrUu;4PE;gZS
zFE*jHe;j$=;v#Q($N>*|GkqkCQ9BaG6DzPb)C|a9az)?mHxz+xmUKP<gRc7@V0%B@
zu+ADsUbe8)k?;$u=`7qOft6YtTiV|ZcUpXTOCc5>?hTg491qo=zqvR(+$en|JUmDK
zTG!y#xjCCBF3(xHKUsfwK+4QdAUou)IVAs>O3>Ocs|S->8+>R`?yfRWa4*c}DL;U7
zD}hCdien{z{U$XdwKg0xiw_{=ioWaUH$nlki<Gloyl$2LveC%<<@R^6az7pAUK=Yg
zD!15Lm0N5Dn4DH_p*{FV$}P5aB&FP9>vWR8D;L?EB!v~H&Eh0~^e8)M+jNq@I@rd8
znnUshSowY@42$oF=$dkWmjR(<q8MaIMO9pNtwBDo>RO{Dgoo$KCG^o!b*)i0ImmIR
z&^_oP?>NFok8}-onj6Ue)O<&HI4)ZpOsKZZdCOd?LU)gc^xB4M+0FAF!5MdiYptTt
z^%WCBUy#Z;q3a{#7p77obUpUPsT8wF%on7xUtao!C~UJDqC(gI7``wg$Asv;=nGQW
zW;KMraCwZ62wfBYCFQy2Us9g>FIt{Qr8-K&P4=he010l8#2kZU4Idq{$HT)X_koFX
z_EcSDmCP=CJY{l`{p5dz?qc`8Eyd`^2%&G`n$z;qnBxz%i?)no=K}Wxi(-ywt#M1C
zgS_J)$HT*mBy)Ipfn4m0#_21;bv!&ghi&V2MdQ*P3@_CQ2T;WvJ+;?tne5(|KI2(<
zxF=+Ckas8ztAo5l(=2t6<H?udkjl&D1+M73(p6e+$Asu%q@A5Q-;jNFD%@a2_A5?X
zYw~G+nMQNWaisRP&9{b!_scWGw;O&Ox-LBYfz%*$7Yp4z;o%SE>){OK7v#&rw;Nv)
zx_cy7>MJqF!rGaeE5gGk<Tq)e;Kf3>F*UpPC3%Wd=w56Tx_cbqp%<kK9O0ptq$yzK
zwr`#id2tup{?Q{_oXTojfzUk=9xf5OT4)C~Tr70m3P1J>(RuX8?X+24tEy_sN1V3S
z@USS~;Dm*KHK(1#V_WAU$6SIFN_1_kV3JdD+B!VMX|uR%;>2m|bP3J_uIMSJ;<2rB
z2(JAu`zeLKChv3&3cH5ETiBnxl*(ziM7oj+<O(VYw&lAlJbX-^1be<GfE*`NIZ7pv
zgUkM&%YG`=ifc~01m|f@Kd(xkN;#H_y6o|^iaG^noOUxV@^PB=0-H;49(P6GV@$uN
z6xd>pPaiogj|&e^6r#0EN}SCZluZ%Xyo_y4zerWp1%s4nLs*_jnNAtI28FHySZDff
zQq^7QbFS@x^~yq5ke`_CVB3RTU2$6Q11URem-~R)mmETOoR@kZ(3?Wvxa@=aVh=11
z*A|OH*Liew0{H+nH#v}+1x=I@o0cY4#Ar>l55lXV+LLa<IT)@j9w&4iHl~yBPtBv>
zDTn8}akD2}Yb+7EVn#SJVStxvf2uOKI;Z7U=R}u1&d(Wb5S%@W!?ng@7Wdce%|Eh%
zl=87(u4g;`{)yDAC+ah3n+E^+LL8H~|I;jlzfcLN1{eHGN^r*)D8ZsHQi4aNCI58t
zS|gGyE_*zA|FEjM$o`~4$D-S89SFzn*#^GlEw)x1yDtpCJ+^f?_MI+pFRf0c)TvBz
zDnDZG=6C4$P8M8ImG(b_ve^|qAywE_rAn!GMF*v6%8M|fXLLD9PAz4$(_A}|R7la4
z1(8}C@{qVZF|y58fTYPDmWq93glJb(Kwm`Pl}rw$DtbaHR9+0TZU;wRF4x@#t)I}t
zO1rHb;`y0Xd$|7<I&6WRJD+&SM_BC(*Um@sr=FN?YD3K#xeUk5ckD!nk6;vs#U4*>
zp@Wq=tZcJkO!mRf)S7)m2q9^qK7LA8STOlttoDX$&qwm7xaRjEtB3Tu$?w#%H)L3R
zzZggQt?rr^X=3^H2IWPz1NIhMUBj%uz`-GWO!D(}@S#1kHc?wKhDniIxd(P*k|M0W
z60WU4@~79v3ToWSlPl?<Ub%--_00NX>SyP$|624A1&S2={t(QR-aiB@PflWT8n#^?
zkZL{Tf|flE#NZ~q4YPX3+;4e@JJMrqs5t=pEr-}4E{SJcu)zVgTmH<I-fp=8N8{4^
zhS)u@T^_buf?zIj$G$TJ=NQ~aIZGUNvK<(lqMHEPi0zj1qNn6faLoMb-LTiPhy~{@
zS$ivgQN<$K4^`#cTbZ?W-9vW7*^ws>Vu>WpEP@wF8icNIupg2qGHev0PXpH712n%`
zalG&l70x%{*vv?0Ycab|43m4;!NOQ<x)*lPn(n2;PP}6n7I%Fo-kVEe+s!n&MPB{+
zNh8m9Lcn1rCiiw|sOuPN{uFkaAH1~3b+2>vMZEq7b_9_prm(5-cihC_i9Is_8uJVj
z(6GC@P`(oH=y@8p<@RCn--*|+fpFX<n7qnnuM)LaYa(ard|Tsfy@J)`CWTZf>pV)c
z4ZDB!%JTPLrvG`AZMK!3*us`K&#16pd6^ZqD_iSD*sW|`Rw<O?O2JxRCzRIJ3D#vR
zg;KooW5HU#?qi{}Zk;<)*lItK)jlUW$tw+Hs=MZZ(6tRAL=2H3lXOXBs7NY>9bgKr
zGwu#>r=w7tW;pC7FXLHn;!ls`p3`Pb_T!$!BJf|{+`d|vR)>f|9f%B#+j1WMo`ZaA
z=hKxY<Tm|IJ?2p3DU(ATpicHI9O-Fw*Bp=!vyIcFnW`QwJ=sQ^x?VPzT!Pse7OXr~
z#Q<htB?D_2SjRvs1GN6hc+l4$a5Y^@|BM4&Ww&mvvf$`pX);>`khuH<7NPnn`(~xz
zI;#WQWOMb#a@kK&o<6OrsdZXHfhRnE0@`IjOLQSkR9wBWLN2Y|I9r}TaW<c3Tctgu
zUc}@LOjeaAj(wo2sY#R?Un@l3Nc@P=x*U_K^s(`Lu$NOXnTTVKR;&~z&e&Bo`IWO&
ziITl%RdwwZCUol+CZxf2{Qund`Pau+Vr>(P)Z&Tlcnk4pC>+o&Ux;_~90C=GLwXY{
z>-bI;7OG|!S3Q7WxwK;7hZ7Z$;^^Skaa1-36k}>CiO^<c>S2#XICej5HN2)+Uc^(J
z!R%lfV!@HfkNFD<m14pcuqgb@K(JF1oGVq?*bDdZ%wyZt{)-<((eQT=pu`X7<jc$v
z5AE(@9Mk7SWDzUOx7dWlk732_V87D_bC_(Me81Bs@*^(N3yUdYLE>k^NPbvyNWg0}
zR(Aefj4#)GsL9Had|i>lSL&LPYx%QFt>+cx=hdp`b$H@PUPnLAL9Y}-*ID3f;q`Y?
zFlQwNq#m=Y1?ua95ZfKMoYlb<;8+S>gPoHo(k=^D>oHdQlRwnmC~!&UlhD1?fXOnv
z%K(Uxeq(C0=Dy7y4Nd4?YRpPxN;$N<2&&F4k<h)=ltrRIja&rBIeaEWFIH6*_rrM)
z2u{38eC-OTy4Crr_nK|2dRr<-tKKVfs&~RdsNRcns#n+fo@*UX)YoxY2|}s8W3}(u
zk$qM;kGnLo&j$S@w>v2lY>rI)q?DhpNbTh{7P($)p4>V?dncutHcFt4vi4ufkH^c?
zM87<Dbom+Y;OF&SajwndV9hx-57u9elpfNgH$gAG-;E!&g~0itw0(#W#-`pPJMjb)
z^PwbS>*1WX4q|kXA=nZ)92qhR(evS;WAmIXFgrt0>gXSgW9COYX&2?Rt;8|&&-m}P
zm@KyZRoL#dt)uSX983@<1GpzCMurTsCFW2gLx#;$am>8xc7*ziiugL*<i)Tw_$I6U
z1g^QMT<E%hD)Nikgo5K&1v&RYV=|u4T6oAROUs_Rs&<2c&0XNw6pNdEbF1<Cs@X>Q
z(+1OiOdW+oMufuEmkQBm;C3zbQcvt!Rfxh(tg){e+%<28+WGopBb=|srY>F&PJvU>
z&fh$twozJGJ4cAlrNj65)_J-k(DrH3ob(ZB%=?&R8^Yu@h(sJrnc38$=}mXdo5All
z)EpAJhGEeGRbL!iZL5T(d`??sqWo{nv>Qycj(e@{n%l~SsFAkp*e$lYob_%dO&j$j
ze*0H`y{?gwz}2(l|8kJcqARLO=IX#U$w)qNSNkn;v70O@cULd5O10Hb(Y`~v(q$i{
z3X|6IA8%p3d);i-!rF}N**c3o-)KZgfwYvOv@th*GfPiCNu1>=W*BKBSz^JlvK3pv
zQ0NknH=NaV1yT`?m0i6Bp~N6h^s#|u`~5Go=VLJUc^eZC3kys`xp@z5W{J8uktcx2
zWUePId)#V#F=z@!nzo1`vAOJ3I&ES&j(wV=^V=Hz$((N_%$%p?27Q$UR8>s{am@Vt
zEm=y>c8!`*XV%+E?Cm$RaoPN^`IhXre`asLl>HVKA)k`nl%vp0#?h}38X=UF%(xD4
zuHlHoz%~iir!L?LBh&!xgu@B7gVtFkr~Hv2qkMh!4*DR^v!B4RvODFRToRLkwp547
z8!TDkXa&5POEdZQ68L=?%b--tAT=4s%wLtWNA9ro9@`Hl*5RyEit5~CBi1f!xux;8
z-h*SEzgp?CpMq_a$2H$zXWGs>70D*LNDq#ci84Zo8@LEAF~W+Qv|AZDqIqI^w{rL@
zeoR)ztt1iJt0)FSpm%v7%&ax|m(jskL8;(A#CjezLKQc1Cn{#=plY3#N($IABIa2t
zK*(7g+9q8cRpt3E`ygYQ+K#d&iFHE{RWQC=*g*@4zzp_$J)8H}rC7*QY~m@dG^D$e
zbbt9{l<63gWd?+zs(e{Cnd2ee|8X)W5MxrFNFvleRfA)47r0r+zQk|_HJl)Qd&^01
zcw0W-;r-^7Ow5td9p2w&IT+*gUF0td5K67mxKFo)YF+@}jL|yq1vzYt2R7u(M{|Jq
z*1$@~Z8|rIW?GSl#bP~+rIf{|KkvLUaEj78%&f!0%|QyT>ImlZZ)ess!7uuM-oHJ|
z{9F4etn8&iOf8CR-G=0eWCtkQ4p6pniB2245XgQC$I5R0I<rifS|_h2HcvlSfA^yK
z|B$~sN<CZj^*qyvQ0m!(W9(1<2kcdI2SSNo*jNqUZa5cv<(|hH(vmM^uPj3J`~R%H
z+8bci@Zsf*@BO@5Ub>7u|0l||S5cng*F41@G`77;Nl{h4B**4)8e4&ev@(yOf(3=u
zmz}FEP_Ot$Z9%5~xS9Zepd*EP9Wf(r3qU_0!b_;fP2N^^SV7RIiPN@L*)av8`8zBC
zlnJ!<iXm)ttAU3(7i&NMgAR;_jnXAJW^V8!#CAtvrQV{Qehn+>sR*XRS@qIi=<ok1
zgx~K*UMPTJ*RseR+mP&vY`@4TEy9Gb=wSq6iL-im)N_2KdYoJs+1gqxUHDuHEU|k;
z>*RHLJy$g9Cz|!{0#@6%sBF{1v_gKzsH&>}C_6>Kjzzlgx$&d3V;+m0%u{kRSJ)3s
zjG-6KQii6$`1FdA7Wfwn8QQmC30ytyLn1Y8+^l5>jYfowvNt&7=?_Fq-nO42*H-?T
zUHH5gQ@`vQT)lTK{c)9(yiy&kkSnW$v*lShX1>2YU)^U;K8Ng_q|ZqREm3sP0Y_5{
z&ey6#+Z=-HfGavES*rJTQtF*GugPu#Mj;xPimUf-qeF<|R7v$-SdnOk!4a<B+d-cu
zM&q)XCTFkdxPAiVjSr#Bkzu1;T)nr8;$E7%DCRg*^U9X;>b=w<mrAPl763^~z~mqY
zX!1*Fsm`x?O)A4N^Y&Ia_L~J(;jBxAe1rQ!^+r|)6Syw@hF9Ggb|O)Z&AcSXW|qx{
zmR_XHO1{eOHu}fRCILQXy(V<sk0_K{XT2sZn)RA=dChA=v=g>(MmiX)m^{!*{bfTr
zLdhsQ4L9dgi-=HaQ}x~{>~$IezSarf>T{CU6GtZ?l)|5b<e7<3>hjM)`YyM+hd#>`
z{S_SPIfE7UFiulqX7_WQ#~)-aWy+_&4w4`r^YASuZ|fqs({duX_kB6*1cmEz>LDG%
z1umk4TQ7>9k|weUt^zoz3+!?J%Nji)PcRYq2Kc%rpVJt!)&qhE#?NKJ<ZXF8-zocY
z<;}g3eRT#tUTXvY@<s|23ASk-V*ZEy6n94wCoiI6mB*)}HaGXeBnl>vv6%vxO@L*n
z*z_T;`HY=Plr{bzX>1l$v&woC{a*=ZGG~u%TO!+RD@h-d7-@$Js?44*=KW<QCik=X
z)wgl<u)Gyl-%rh<(Dfs@yA#LCdNweZZCiTG+IV5+@Hh{NtYgC_OdeRvjmYmIiXi!U
zGUiv@xq*GW6jIj--|i><%o70T&_m!H;lzFxN1U&biyoGy>N9yY5oXk_X+^Bl+{;^R
zb+A0OGVgiZ`k_J7jz{=ifaLASP^qx<B{L}Ed;cG7bW5z@8{O=ul)V*jsGdQHo~CVR
zS!Z-mo=R3&6!<lvzaFL|!C_%dC^BT+W{wPvyG!VYXKJ%y*#dchDr59;=Ok0S=Fs-3
z{oqrrq)oJ#{Z>_Vd-dLL&^BG%ANdAP+z%~LWp!K*%g#l9w?co!#(zbI4N^^(nuC|N
z>S_?yD%PKV2)YA5U&#D?iT-?%k$Z$+dqS1xmTd1mX8w7zzDpd5qKzDW$K3$kx8x6w
zt7`iEmfVkb9*5o~$B&$s<3~O_9n9JV_EXx9kP$pG=fHl7d5(M=5Az+_xiJNL_p$F2
zYN)eGL>3i*brGT_BU9Lw=TVAO;R}oiRd2BfQJ95{Eqt;Gp=xM#avpc)tt(kGdELP5
zPqsS~n-gk6XmtDZ1D<-%|C#9)@+vn`tVtz?%D}GA1Oqj)E~^2Hwu6fF-OH~gB6iT{
zJ28n2r4^R>PH?M<bR|14pY88sYckmWzVDyMRzutmkbPol<TrtZ7f03miR-gm!BeAf
zJeK;`d^CpoU-FTvj+J=%`(q@Y_x{+4kA5&l;+H=dJMp*vG)Cere;PaSmZM`NzUk=L
ziLd?R7>VcnQB`rw{6V9>UI2-vNLNV9o{DQt==x<Qw0W5cJ+RD#F7TMpn&l=WFE^oY
zE;ph7Ty8>dEH|MKmz&Up6(%%$g$cP=m{8ja6S`-G3H^M93H8#>V6^x{9UWDiz~ox1
zhkWc5x($x-khsN)pGP*Pv>xH%{lTjo;UVo(-I>W74G1~HL&t>ZiuBz<uAIAr;B?<^
z=s$4GW2-EvtlQOYo43nptK<_qSdG_J%{IuN;+SNs#HN!tw#`-vmzCn0KB4P<b{PMt
z{!b;dFMmP*N5WlLc}#?<j^!5RF*eIGQ9cjH%DQetDETZz9+C&Nd9v=WsvgpV)j^?q
zzb#%HmQI9Emq;_hr;DY_;LcS?xGI_|3!gqF|H=`r3d`M4JB74%<o|G2Pn2%Z&$lsp
zgC5c&bnnONAdoyxNmf#lvoa*lqa>#|!qs7Uq9fdCctis5sKoE-n8oa!kp*7Sy7Ytr
zG=^6b$4a^T^a^=}pXb+ZTT7LG9rgNJ;TX!>KIc9MIF3xeU#D_;Y_`!sk{)u*6I*ys
zBlt%4Q*QD*78n}Tn(EsLFP}gTk3+~!o$Xc&LhPnCPps_W$Iqz3G^$bI;bO_h*2do!
z9^Nm1CA{76<It+`@CVZJ@bHK7L|WUmFUa=rcH>KOjnMs3*PyWLZj%=MiTrtc^0Wyd
zwo?AW@bC$_my!rtQ@^QwNiL@9QLwnyu=$n93$Q3&Hiw6|Z+Vu|o)F${ctLKal%=1C
zhfAb?r`$Y9*;o<YZiq_vQ>F97bd6#P74GyotZYBE(85rq6DU(PM&5$dex|5Q^^&&~
zAru}yCSMTVZV1bdhqoIa5xVTEs)n~49~HW0!Xop_gf0<&+#+<H2R}r4NA!fy^$tu!
zvF!%>@S1R6occjEXN0b2VPT+4#Wh1LFh!Y+Ph?E0H23WWF`w^o3!j60w@C9nZprY?
zn!CWaiVcyI$!`~C+WI8$RbS*ElehCvw0%#4)wbzRjfJ#Lv4yuUvMY<7ee}bULYC`D
z0l&=W7we030`9z+3m1rFN%)L8!x&f>9ST^BNWacT@I?LQ49g4hCCWB2k$%$%5?!1G
zHBgmqf_7QlDxzuK#Ino4ej9baP1^5_VS-GPHM#=K$gy<!cps<Z{i-o7V?MTDE%?H0
zCwCSgR3~)5&Zq6Q4GEXl3Eh2J8xjPUeGpy_)t+<-&etinIr8Uesms%-=E$Fg)D%iB
z^5-Jb7d|><KNTK6DL79$BEyEwm*Ch923O3X?h(3+aqK!n<mjTFKNp%laz_#dIprWd
zIJOaE(~yUJf{6>Ib?HLbf6AvHKP{lT6vCcZ+4M)ws1%W^J6VHx4*{1bqa9}}M1+K$
zTa0vg>og*?<18Hp2s^*d_AGSG7jHEo2Oa+1VnS{@{KK)ux<*yRGrXrjYgCm~_DL7q
z1*^yWUp~=yOB&M)m=}(~+{-cNr!m(9=10a{Ood}w(wGup_K(19<e0xVX_$V%{NV`9
zt2pK_)0mq9Gc*EoJjc8@joAX2?h%+r`E2UCG-ePmr;WgTmSbL>#`FQ^Cx%?i7{{ED
z#=HzLUmbzj#4(Q<vkYJI-$!6pbIj+`n9Bik%Lq(?W8Rm>Yy`{(J?3OgUUicX((|`o
zcDXO=LmsTUP?Gv4JI>CeD%kZA3_|ytcbrubLR;qInpNCB{*<S_+{kp=O$z%^r&}#_
zlc}taP2Gw~ecg_;s*2DS8?HITc-+Vn9_NEi$BPpXLVZY1U6#gK%5nPAI2QrV8cbGU
zXeFz-A=yJdpapY~*MD;&@+To9iULj|Vn8VJS@Cm~2%&vnp{;1~03}&xd`)k^9gz<T
zDDkaNrDkT!^o8k+&;oGT3j5GXw_3;&k#<`rE35sKCsy{=pPo^vpAmiJQ|k0DJbpbw
zdq(znU*iOm?9SF4ht{q3Cm+^1w9_)59ND(jO+DH>G!r~`R6Iwvd+Me>ty8nTHRqbl
zk?q#H(`MLHqYBZf*{c*;hpk(+Xv}w+MP+)6NN>xY8EZ}Gt7}c@j<qKAv$ZDl##$2^
zUTZ>^-)KS&H=59v8%^lnZ#1D-Z#1D#ZZx53H<{4gH<=JBfqw?0slZ%VRHFZ9VPIUz
zKl`uvToK2Q{%OMJ-M5!<ZC5Uj*^IyDM{l|8C!FLJC-bKVajfhw*TMPBPV!k|7oRqp
zXV#X9DG=m--J>+ys$g48;%^`E`<&pkm?ap;?&5m51X}RxiDP_nHU%pK@51DsZy<zf
zUXjO9{618Yx+pSal&p~<lRTBb!s-&teiqZ8>OJh}#wV#FC{NnpFN|$!{zvE{1)94p
zben2Rgs$Hh5UMQ}x~MUPt7-2rL{sH(+3p>1+3p?GEq#IxFz=vl>B9zuq9>#clv{~U
z9WE?j<U|SAj+2}&@);&Y>4I4)>NsAoNq{<@`o)hTzA>lQK~7M0FH-LTAL1?Q#k1S?
zo~;$-y;b!F=}B@A__%;^*N-X5Q+#siB@-vv$%48Lasr#)N`BLnX|PuCO8JMari_zh
z1)r3EpnXpG=#U%krge}L%prX%iFK5|gh`RcuFzd?z(k;puLwtajhy}Sb@b<tf-ZE|
z8+A!dJn8R^84v6VOp3-#Cv?}FwBK&i?->aPIg$LHkyeoqy-m9-W(}+3XagYpb`Nek
zAaoauuPu?TtSy!*Yxm0~;ce#|qHHvgnpS&E-auc3<#o7ee|THD@e!$*|9VvR;HLdT
z_k{AU!On3YaMPjG6PkR+fuv1`QvarjU>u0pbSR~Sj}AGQYz1eZ=}=Op28z)N4~s(A
zldvaxoY3_%__1H+c^aar8ahy#!XLxh2je5sooNF4?-Mm<Q^u}A>BbS-c*iuRI$gBG
zfF=ejXfY|GP3(Ny#3s@vHi^BVl|+9OgO2K&*9gLwal*4;pfo-_TrA(JN18y9KDz{>
zkhNbZXSFx^7~9%!)f9!kyI0puU64<MsG_DeXqEG&&r>q0oT;jRUMF=dgB4{4iJGG5
z9e>v@$TiyI+NC{}ZnCk;O+t0rnnUP{K7YNINS<NGi0+{D?I$pKJ9<jMpHx>!=i%5s
z@C<~S*S8nTQZ+<+<gbnN0-7)8P92P?waOXCytW+EThC0dHVabB+!l7h<O^VWufQ>w
zUm>s6yng33+3TxwCt8kQ#5X<aBK<|xU)lCsPNN^9f$U)a^z=>MX;gbW^_TqfzezS>
zh1u!L>HVD8^r<Tvm#&KJ1J8gClpUNqM_sTavEm}WoH*}9M9tZAnlCNpM2`Jmi5Es*
zu(8wnsnDcJk!`k>NMf_psX}`^Rbr1TP;=)p;XUU487r5^YK@qj{xx4sd4&fdm;F5_
zc?DKpHQPi?K1z%`%Up{YrnLL9jk_P)sQa<aR+o^I{Kg5B=6>9k<9;+<z^dsejJ9t3
zBJRh}N4g)X(6s~3-xa!xsOvGGyB=TGT#xN(*JC@l9^18JP*_CF$XpLFw8MXAW%&vW
zluX%H_`&n}b^Jz6+s>yrYQKZLPwQUmZr?Lxb?heXb0)qro+^Nb{{I=WI`(XIj+zOs
zWF@`bpbM>FV#=Q`^E;g$RFC)U?<ehsJf(fIoRxMq3(oOA$CTaYDCK$j9MgzC#{?B>
zf*-}ezOFWDJAFLe=dd!+cO<*d8Cf`Jx2?K9XYBGri>>|w;?nV))#<20bjN3TIvvqX
zHdeSvsM1aDs7fz(?>(3Cf#|ZIU=8$b7deV|^oVTXpo@IsASax>ueq)v8kem&MnqV!
z`B(up8VkWpvUh1~c^<Wv|1*`<=y(`QFoayo3(e_8@TQBvpRW~#=w9&n-V?h14HkZ#
z5~AN65graB7WkEJr&&ES#M;r13$&(U)grr2ax&Rakg3|q%!y71aOV|dn!{w~N2kA)
z73f`Q_L_%xPn$*y@BXQb6?;m7KD>Jg5AQlg#&@66Ip%X%OyV2@yn6q?CU2_G50zeJ
z`of`7mTNL)M2H&0N^T4*#x#b-X=8}e#_-j|`=?kXzH1y!wD(S7qTOfIi#DeZ{`NWd
z!Tx`y53c@#0&|g1oXTT1KFHY%<(Hdki{-{V>mT?Hm4k*a;>kIc$1dV+5641~g@^QI
zq<SUKrOA+%Dz(0FE1AZQ0Fk|u3Cm<|fFn8sTsXo27XmMZ@S_;3h1rbg46r7{5e7J)
zaB~ds=gI#ISC@|G%o-yw#bAWpe^*t_7%DUQ-9C@m4C$NF(sPp9VID9Fu*Xw>_&j@D
zNsX}!rXn#p4cn$ZUOZy++uJVtsl<Qt9e~Ts+?onzgm`GAh+5N^!J3{Bx*pf8>BA$e
z>HXSd+b)=FTdLxkA!$3<*R51VzRLFq{yD#Wy=x5nx_%7%x}+d8d6sQnXBUiS1Maah
zZN2$i&Fj&B%Dg`IFEFng{$=L%ViPm3H*)j()iKShJ#AiR>db45hwUyiArxLTgPH<r
z_zJU4&J2OCbp|6`*oS6dEhddgA+;M>wK2r!VPDI#$W}}WsiX??_*Lu!li)-uuEG(1
z)kqX(htuf)0xN7kWk10hHT{?T6|=)FwZ-!Kk#=|zFXdmpkR9%aoYN!Ae5Ux(5|+_j
z*`~NDpDDf*aHU26lquHnqV^}B`hUe5XV}g$$YAimDi_ir)d>mW5kG)~P9!_ukFV{I
zkCpvwAzMc9{SN_QQtkx9=gumOI^Iot)XQU68nt^O2S<-fJUgD%_^Zae-tk$X>uw`L
z&qvL5lia^H*U@4YAop_u@VXK?UaDlV2zK&a%yFo8+~(4l<0W>6t~ZFo!?$l~%5O?*
zc-||FSt~tm<IY0Hr8-ItN^(wkc>b0`xA5?5!KZ|7A?Em>+KaYWgzmWT@c!Tr!^3w;
z--Fk0*Iun1WEl@ey9PUpz=)+5r4KNB5oXh`NFQMKBFv>vv!CK!f#Cc|i0&}tiN~m~
z3*A>hDb)T<`wSNIN$K<uW4hJ?wT(0S=3LLwZ-A>UVd}0YQ4kp_b_k2#Fb?R-J_-RN
zConZbAaX>gErxzVSo}s^_)kL4EFkT7YgAQD{@ee5yQdk|VmeoIR*3%avpiF9V_kE3
zD|K@IchvQQA|@X}^GJ^~Bh^U08iG06aQ{3y-2Z`vPmZ&5<rwl3)<%|K7EpjTl0q;a
zs!I<sg`0T#Q~G$_5)kE*eDON%6O;0Ckn56>@w)tItTJ?ovg38<l8D6sbR-HgWn}C7
zm=Nr7#h~0XYFv(NgFPam<2G6kN6%&akIAry93x5?R<J!AXIGS2G1&=6lvNiBUC+Ut
z5-&Z15NfENAw(WABNTb*5Ul)*_Co^ss_ghMOFXL(M}|yyo{z~Ji2*aK5jP};W96jZ
zVX~8L#oNuc;tk-)uyI>;%Z@7btURHA=OMnlIaS)Sqw1_GPh+o4><$wnj_iDkVqgWx
zq$+V_*tAV-*-`c33-bBlPUB1RWE_c`IG%~)F(R-$m6eK@8<X8|*m~@tAG1Py56=G^
z2+hXCj%)ftHazPjCWkzvFR@}OU;w_t5KVnpF{P&B8k1a#mEGUV(8tPn5ZwJREBX{I
z>x=5!DlFD<{JMb2nO*$#?|e$~vI2w}sN2<m8ftokE~`nmp4CYnIs_{^9ppDI`{9OJ
z1Ciqfc1Km@xIr2hIc;D!Il3dmM&a(gMuhCA9Fe~p>x6IjQ7C*XzF6p<P`Fs=E<im;
zET$eZu;VB?gV2s)^gpmj!wA3MLP);BMSj~*b3nNJdP--IrSDlRbgwoT7Yp5<LSxS{
zi|I{rAd5mYYD8$dYC>qoG5P?XKw!T&60d_Y_Z%rU?N44zJ>2Jwnjn%TZ~<~R61oqC
zj~(fXcUsu-=P7&mbX>MD)YO+Ur>9uhe#6vcct!gTm*D)Z5FIemf%ZEMHE#<$-!LH5
z74I}hj%-iOrgY4aBhylsWr&y~M}*X*GzI!xL>&Og+Eeq+=GhHoqA-neHlfr>dcsHJ
z;o-0l{a;wzab!`?kwS+lj@A9{n%@N9aYRlVq`8jBX`@`UkSciULPzAZNiJH5EO5eT
z&2NS1K?6bysqzVT_t2l}?-1HNDYgrVs=8xXon}SC&Swk=#de_zRV9aZ468*5ZJrs!
zJ0ip47OVTYmsC|{%MBkM2$n{Mrfo3`5BCL&7M@iR3Q|%CNT~u6b}A5UIN&x+#D?8(
zfw#DQOA#ifUDi~P9Oy|FE~NCglw)EFC+ot;7O|)(F@^VscUe=*J!HI7=-%%LA6e9M
zd_wr>B1bqL4)=r?!U`Nq__*lURhpXGlb94fwrIB1!J?QvIs2(mbnZe}HM!LyonA-h
zeWt3Zt2Ki#2gl69Rdnb^hp0R0OX++ZGrw>pLdn-q+Hwfdefo!C%`&lT_%jVG`REx~
zD*wkT5mIg_$I4O*CSVJw`C!)?VP&b+9#6i-t}*!fl?bI4V6vM%o8Pw6mVE$HDl4q^
zI7{SImX;@f#!&v-PW2SWN<N{u$_filtt>6K$7v##B()XCN^Ym*-^DSr*UpY((bxed
z`j?igs;Y8)H;$EDU`I$}GfkM%6uJkL73KDL>T*nWQ*+g4KyD&nbtl*^wFfJ^v$iOY
z8kNvE*r&38+i^`#Z~(_jPVwR-8`bRV=X3Uxi7+YWv{f?GudqWh9{`IQdjSl4%>ioN
zB5<x`b&=5Zb6R^Z@Y?%6!w6YDq{v-!C}i=>+MoCkuAL`OgAw)6PVPKB3ut;c9n+gw
zfsNdrS^F_rwhk-jsjJpT<MLHFW<ER*p?;Gwy*DDl<W^6GTn|E~GSSaw!4;O+AmHer
zT+FtvX`-v*LQLbr{!Y<D{dw{>CXOnP;#i3l2X@!QrJ2Ot85uTEcVSt%XI31OL+UCk
zwdvnvPHGia>Q`c=9&39-#hZIw_IIf~D<i{3>Md2lsKz0DtJkhZhN;=^7rLn}o5)v(
zAK9M#26!-ssP#H_gjq?pR`qgb-GuIe^kP+O_~?+!J{TT8DRd8b1n27%MKg#Or%mBx
zq5DweND&zb9~-jA!>3OQ&K?$WYN#35e2Isw!mz)nUg(};bgS{mF=_%$`x|O{f+>$-
z8OCH)2UxezC1ju{X>shDFd36&9lHty52^2PN8(10Qs0rf#!QVAMVS;%R!}T*h~o7e
zFWxmp(0*IO$8C;XtH&FGgi|nLL#Tt&fl+i#{YoMFXV_=GYAuuXe(C^0rB;H-rOWl=
z#-x5NR_Z&jQs1f*J&u`epe==&&F=6aXVU(l?tIajl6?=ttuH-2)|O9uR8=<g;+{ck
z(pZ2H+@DerJuFqz&bWg9nM%8cVlC5(-o)`jgi_|j3$VOA4)5IL5QRwr?sbg|-|m4&
zn2}GPcbDZ#f9xS2*#{Fh713@^=%Otxany{^y>IPu+Un|_HAEKn{1TejE7a>TKl4kb
z(}~%IG=;PxF{2ovM2i`rM2zhK{m)Cm3O;-(LWz4z*bcSCpc&9b94ot<eGk#^%_WrR
zEx%+gTHSp0-d7WIEeO?hsq&(PWTDFb7LHUQ$%e^5;tpU_D)*2+=*`{abxceiQgT*A
z$f3Ten&l^R2I2f#NS#-^uZZ$rVL@n5);`|4dxwenswXMK+e@@FHeeT&I-r;@dJ>^T
ze*u?_7+Lrqdl53q_Qboi=$i`=O58XOp~&=a?nMaQ`)XoC5kmIEb@#rJ*il4l=q->d
z=}rBdG4P8bg!b$?h{?-XSu1*!x^iWu6)V`n57Di2lap|!a`dn)RF^&Y1VY=3?D6EE
z=tzCB8W}Qdsl&wltGVpLNONqhA!Sj^{x%IE@|JRotup#9TTbL5edKp;@_ORY&s3GX
zr8sSs)RH`)|8%zrQaNpv5!E1H9gWNLJ*3Zmn0{+9vFpIU-II6&nu-~-Jf(>mj#_r-
zG=!q6WR9pNxi(GqE4mz|>6n-&>bbRQcxu@-X|7X+_ID{Hz3lcP*o@P7Tkd_JZZbsP
z!Q`XJX@hJ|oM)tE=_kLzR3WnN0!{wgS?GCadukw#DohTz$(xCibiYR14eYmfk#bDl
zaYX(&<ROEOQ>eg0-jpUgNS&pjX=TBuZ+T2_;-&%5<!`#1daor@teDhW3ASKTZ#m^O
zm;`CO(CsvsB1cYoOamVK0XG@EIazi_RoPyCI6Y%fElZU{^hhmxryL=*>^*oKcz#>~
zVm1S-)8C@+6pzh<Bkx!3I}cI3gKYAe9boa=OdKm&@Hj#Vwt&!StHO%;(kE!cqQ4_?
z3s%g}JPxNX7Sq>?`HsgJW*t_{+aIURZp~u|(QNz8D<0#Uq0Kk)U(dlwLL1|>rGAyB
z>@P4Fv)+@E;qL;Q1)}!SfJuq%d;BGil~l||D50KJ)jc@!a#ioax>eWTz<2zqWxeN7
ze)bN*E_r@5;W|u};hFQ8dR5~{v#knt@3msG+P2O^2H+ZU59y;XJLp4&eGrbGR?F@_
z4<WTbq8hh7L$!wA*9_-UuEFGewpHKkq)fjs|0jQ#^Zi-W3irwqj`*wy#~Q3^*<HYt
z%Ze4(Nwuu?JcLLb&!fLrv){3Xa`t>?Dni6nj$;icanBJE+g;_@?mCI>J(?GU5Wc(z
z@3UvJ!h*90E9Rc>XztXfhp=M)_&e-Whg*B8j#7oT;>f~3ei<Po7pi4{otmYoI95{n
z6!p%gADasOM6AT{6hg@<7H}lZPa)KshLQIx5`UqNO2lGI{F(hQays<e3q_z*m-;X%
zm|h90ge@sEt{IS~*yAU$@Jz|UClQiAn9ur`rwyr3d0R?sXK9NPKPf;cbw1cTGLZNw
zdtER;o+?WGun3{24Um+ku@5HZz<5gdc3f+BKx;SHb(tobl(?Hc6eYG6A(VPwmmcy+
ztj`b~WgVOwE(@miA(?m!)+EbQBY!u@rC_fxc@2|(wd}wJ?1ucc#KR8L&Rw09JX}bn
z{(eQ`0d_Qz6~{^rKEY}t`C1`DiFX)vbK;dkUO~K^zvj=$Uve7JLAj{U9DM>IL!!fk
zP~zVT(`BBLxQ{)IvkxXBv|B%(E+DfV;f0<j5JKc_c|&B_u;ptB1LLS7`mSulv68Ew
zKqzq)V}^2h4Sk-@aOTdBr|d04!2D<hWo1D9tFYZ{W=3J+6A01AiR|&bClKm0AAKAl
z127=o+`G?AJFC-(`y}Na((_!yO$fDAn}<VZRJjv3mCTmTs5n-Z44qN2>A;Tal`e$j
z#^=TxDVn2PUhSE+UwHPbQ*dN|IX1m1JnJaLu?b;MY{CJoOtHCZ-jvG8wG%uwJ;7qK
z*kbDO)Wm}p9NAxy`h)#2jvi)Girj8PchX<QPa9H&^W!NasAW0#rSE+^kt(2lZZs~9
z?|N4*!aK_*KCZcFnjB4!)9(3gsi5nyJOR$1y7$$DVCE{tTs9mtuXz!n-pKS4ip~0-
zH8}RTt?uutig&ypr#<=G+%nH+v)TpZ)z@Z%tDJaQRaN_8Y8o8R9ipDWMhMz8oK(wR
zn?#lFhwKW4Z@&c-m9M(&akcD)NzCfiYF00H1ik`N#`5*zSS(S%`iBazK8nXC(vIbB
zARQejU>lxSVkJtmp^U&w$8+CfgH{VxqPr-c|7FUgP@J}P{Z8A;GKA{-own5mDBC@g
zXuoV9q}|F&b~ta$brKHfRm(1&#B!=r%O*|&)hmho-5^<F*p%o2PvJq^Av0X>O$Em9
z^k&1o*u`WOoB+|a3Zc{_OiZ-wg=*QA=fT0I7F_d(U{ZfBmOgDGOS?8F?a<WxY4;<f
z8*i?m{uT5GR(sq&DE!1pdYt62W5>sBexKX1<D_5mwL8hHPIA&d$nFdOiEI2J#dXrL
z<D;cMzpUK)H`n+#m4+cQtgJaB-;5(AYwkx#oqlqWD&T(e!ut_IVT2aO3k^uBSh%jx
zh@?vwc2IDE`RU;^YGg><V#E6k$iN1O!oxkGDNbVk#iIy0A_E4eVt(*Zgi=LLVt(LJ
zcAqZ!$VJ|EkvAQYvqjr{j+mo}@~*f}l8=>J|K=pGDh)%*nlr-le;gMY?}!W-or?K}
zM`3Pn+xc+*Sqz`1g?&eHom6i98$*B2h7fYroZL2<N#Zy9kC>Q!dk}hoofvoIY`^)Y
zJ({DidJo@Xt(YBq5E7pM%aqWCICA8}e)CnCPhZ-DkaF>ChH#+}nPou8J}4Lt;htk6
z9)AccYeeDszg#3lPC@VE5-;mr&?|uA67%17BlMp~A_JCw^U>WbWUH9}up1%AsUA_f
zH8LRfn+J9y1gEK)`*tI=4<XYbOw3R2M#y>jAdVdQ3@hdz)2Et2c|K&Yf5CqFQcTSE
z?nWq5vU@i|bvSb5UFG5(yMgE6ZYp_9%x$|V+kZYUGyx0GpDf3U`39P|@cbVqhptVN
zs&kM74zeHjB(2j`RDdE!ixl%azo2SASb>lMfBGiAyyRk_T{3kyRLJJ>ICAtQtdtZo
zg2&22Qz$_!Jbz?zXdD)vzbbVfLPZccU<WeLF3IY+t?}00g9kw=dk-G8$E(fn-G`9y
z?Rc*`{q#htgJ<CHS@>%a=wJ5!O89*>{H=n&3*c`p{JjSL*1=z+KyCfghTenrc<<=r
z*U0-;k21yPq3yE4{;nss+E(tFb*MpD{2QN#Tr}MZL;l}{rnWeC9787?V*iFts;Z;U
zMBmCMJ!Fc_LulU}dD+^lPM<vyp@RoUA1|v%4jvry`}EV35UN|lJniH6Hb5VKYx2l2
zb-**P#l-8w%pnzT?ah2($cu(FWOnwcfmp%LDywaxCsxvWQdK>~)j`&@V$!fK5&o1>
zs$`TPg?(^Gl^LP9@U0%wb8GKG^ndi<q=^LpuPb4&g~Kq1-{SCT4qxZ+7>B1goXzPh
z=5Q^CK@RWZ@TVMV|AJQb+{fP^;_w{~-{Y`QVDN*S^mY9GwH#In+22p|=i4~^8i$=6
z-pk=nIqc)`SPq>6&gbf!_br9&`F0NP<M2TaALsC84*!e8KXZ77!%0O9R&ZFw;Svt7
z=dhi_T^xRg!$&yW&*6V__-780g~4(TzszA3hnU0l90obOhr=In_&A3zb9k7;_c=6<
z<K^LSHirv1yq3e8INZ$Py&PW0<<ZTb-{J6Y92OQcIEBM6ad<6<EgW`ocn^mUa`+z{
z{))r@;xNJC84j)EIsY79!{K!twsLqohxc;$Acs$KIKbgs9KO%t84j%zc)fF2%i(ek
z*K@d;!+SY=ki%bcIKbgM9DcyzSq>*^?UchhF6Y@CPT{bC!&7Dkf6w6nhtG5P2#4R`
zu#>}P4l##wIlO?wVh;aSz}p#z0~|ib;ZHd1;;@6m>p86Bu!6%$93l?iGcg$F@DUEb
z!C@zdU*qsP4i|H1<8Ts(h{N}c+)i;A=kRe3@8j@x4%<2WIoIE{#%%lX_<g3ZK?gg&
z$>5$GsQue>fA;ei{Z~16{@kl*y9vntX0fT&8}v3wzMv?zdL^;R>-PsFF(i3|lIZns
z6{WyNpC8g~X>Duwi6M&7=HDQ;1ZWbU==XI>IxK{m0&;t^NU5~6`I|*wXNRvz@->Sy
z7R<;;$18@~Hg&Z7#ErhKO#j;hO&i6K@9VP9-{cd0eks`I3yI#K4~Tl(+XGvC&0?Eh
zlv>+DVpG5``8p+pHhDWbD8Y@st>=K9!Qbp{m(PX%jgAHn^aqZm%<h2vWdBBgV2fXD
zZVURFq_)jI(eK^l%UjMg3X@ZFTRtf@1vYK+`6V$B6x-YUK5>1}=iNA_Tyt~Q_(~)A
z1O7SQ_KsHXdY{zR<ZaK?`51gOw{2(xE@sS~k)2>fxu#Re<d#n3!`CSVeVcskTgCPO
z6}B%JY76*9zr1PvnE8)H%#XLFwN3JcI=oHkd`I%P+Obr}-sjQD6@7mEj6f;AU*6;k
zwl!r5Dwhwx==C?X27;sU=@-52ZQf9Jezb*UTF^B!@|92WZWvuYGcKJmnp`CB27Rru
z?;YM?DDUS{=u@mU*SXQi^f_YBM}K7fuer`G`a(_K4qvkvXp(%Arbk}C*ye8v1SvVO
z-REtlMAoccGN)<`JSpgHYtKd0;WhjGl2@W?*5+?+Yw}8gpy>O$>}?mNfLJ-2+_-^i
z^0s?}X+5XqS+BFETUvcVUv4f;zuH1+@#*bIrs)NmWUv8grt<UgbvZ!MHAY6z@%fv@
zK#LfXf<Eu2TzkcYtXJ6F`pF?bO8vL`I-7k>ZJWI9T2p2DwD~uC+uNGOHU74yK(j8R
zbk2chAIe*P-cgJwZ%4bg&Hs6FhhA)RTcF)5`9gZ(kHUW~6VDvz@va%Y9o435MZ?ti
zZuYgb`FTrd_4=FJeR{pg$kWdYd?^~s{`)~#w9oNN`ROqA)2NO7-qIe}qWe6WU6?Z?
zuYTp`(-dfLr!6?3b?>9l(|YgG=<wclbbe;ffZpcT83>J0F3m0YTsn7-O((++x|COl
z<lV4ft9MiT+(2-{?D>_I^B3s*v1YlWoeIl0qPx@dy(zG%!z;C|Z}*7|gDXsSf2gCA
zV;@KV!v5)0L~4biv`~d#wfZ`jqhXF~xic4!e_6HKaouX_m(QJxrgJA|-rRX;-rV_U
zI(KH~%$bu(=Uh?0ropv*HA_jQnU%*#Jof%(I<`Ov-HH&p10i%LLTC{k2U7Z3eAPQV
zj_YQNt6X1Q<62(tV)@J#8yqWFx|c829s@zq;c+`wY329(+N4(6!o3?re;_DQud%JE
zO%hw$y&IVS7V7XdwY9V{yZU81R;2Y?ix6$tSv8c$XUVi*ag!X9K)2TWMBk<kX=}dk
z%tzkRCbhCoHupO<znQNiztcue4H|e7+=0+LXCX1*Z{Nz&bp(AaZJqh~0<VF2v3U`g
z*D*T6i1g>k*hsqPTB3A&8<i<4u*(oavk*etIDVVILzYBeFv#td*2Cm=2GaH2?vs4_
zPZ<lMrO)dmWYPC;kXmU^>g6apBc#I{(bJ{*&f;U<)j1fto)0XX91I3FP&42S`n-A5
zXHYu4ZNU-tAukm=e(+1dKvs3+jCu5OZVQQ0AOKFgW=Df<l20dp?Vo5bfbnUZLpA50
zhDUAdEsbDdo6^txMaR}oM0?^k|AtUN4mSC&L1=?dYUHDUM)oN~XD&;Y7e)7S419zd
z8{7PCQe&f@KaSVn4Q`y9`<*5Z`P(`=xPFbq4@tqs#u4wS57Ifev5}^4%#)6eHFTdx
zd~XW0%bWZejK;>GuUT&LH8yRPS_A$xgCqILkJs23@<}1dE9HF2Q=SoclH8%WH+uZ~
zmEK^;7t9t}b6cn*5c1{4>j2o8rA$HZmPYFBq0#AQq2!~heWc3JB#q7|#48%5Kx1J2
z*L)n2idP@U$dfJ$rNigjs85gwKMSR))z_p?kOw~tg%%d%G`2j_D5J`GjQa9z_W7ke
za)9?^%OQ;dh14Y&O%56gD`Y0YsB+*a>>=aOj*8DwD04dZcQpRfDA2Ck{2SVR?A<8%
zdX!P+NiB6C<ZIOXep-sL@IQy&G#(rLjLK&QkM~e|!eilccldMp0DWro`#N>?pVtoL
zF+F+l@|YqW9&|;G%xMbd<IA<FO_Fj9Pu}l7_Cs%R^5U^}KwCt*d^G83_}aHXhtEG2
zf7<t^_CVhDsNw0qhkU^{Z+qMAW8v#@@|K4=X`|L_8ZS*KgPLE?BP%vP-pGp8;RR%A
zWW_c%c5Llzl>HrTO&i;NjkFKS<s&c3jO78pZ}rv=-wct}9`#)yh%K)VH3i!`B=36K
zY4MMN7E#*T;S+VqTD>#@b@VD`eqMf1vPLKxZQDH73w=C7i1y{o*P?wkLhI$07Oj9C
zfi^$&`EvT%JndrCdP4A+6VG>3svSWe9Sk<Ldi@)GVzW<TuHYON!`>8VmfL+|lh+R(
zIQ6sJ1Kwtca!Ua*;P;7bIw~FX|6riW7Yfa#^#ZumwL$EcR$nb`?LOA#0>QQoZT@sU
zdYd+SH_%TV-e9_4pzo#Dj6W5U*E7BvLq2b?skN~^&;*g1P<Htm81plr?5wi9?LnWn
znU=%nr{lmtQ1Ug;6|eKnp=N+8a)^iZG)?H>IEdCsTf5Yj$%QLuQ1(l0v^E<XHH=()
zqWQ;dlBj!0bwHdkea#FlHy#ku=zAev8Ip9*n*t#T`8vH#Qu|h<F*1Gb{L0Eu#Y|E1
zZuEu3>2s?>;`G~_#g0IzjTXk+E_#C-pj(+fcV0-WpdUB1ZT9(Rvh+0VhJYk)lG~-W
zj&`3mv(XX=iW_}fw*-RCX$rt_PQDx`#KvRmeIj?rHU2dEUcWwCH!5Y9hA}-f8`80i
zkjMfuP2To)7LZv96(DLZ$nrHFj~MiY<aRc?4rrr3vCS{8+`58U=z4E^x;{dZ7iNk&
zn|vKm?VG$?p(a|rn|-2J4EZ{|K{^%!f#lAIX^c$2P7Jle91A21`Xo8%_wh(E&mzzw
zF7}3eE-k0okj?b#nE%=q@-5JD(bVn@WrXRa_K3a8rK0iSXW=X=LJ-vq);xI-xpPja
z?RM5=eH(m1ltvoU>d`h!2jQE&!8ZCvoH0E#Lk#*_d_n3UG>hwfErFm<^oBxh8~pls
zRjW7Tm84+B%mpHaZR=%;O)=%@M|wOT2#A}!{;itYNdZyzQ&S*Tq?Kj*?aebY@f=^X
zxQXU1wR-)a>W~tYJDoT!7uL)f1JhU0cI*xLxQsLMVlwcGtv+uD*m*iGmVADgOJa6k
z!{t`Lv9Y<WNos5qL+t@+wzyuFM4&tZd4b3SP~PTdaYj?KuSKLO(*$NvrrCT=R)ztd
zqOp<Y5Nd1`7m7E}ojdo|bb@q#AeS|Ms3$2PYR2q#p9npWHtotA63UK0Y=#;aS(vef
z1<1hYanfnCK(h-mCFg0H0{)ivwkByorodi*bNYeXZ*C~<jg^h_<{`AI)f@CRi}kGa
zLQxrhrWRQFdAlARpVkDG!<Jyczd@v0K3kN6Tg9M{`lk?_K?r@0c|whiR5uzMGv9p@
zm7<p;YK$~CeqHvqpBpa3ZDl{izh{J?zNsY+ZcUq*^|ZHb_emLhAM!~O)KuPdkcmIw
zpVO=jP#YVYeJx(O9aLikKQQ9fvx8V44^5<LtCq>!EGk>t+S`G<COJqu;P$Pex1|MU
z#9Gtcf*fMA+!_h6$RWzl#w}xU1WK=CXf%GZsC*%gwE6`@z+8lLV2o0s1F=l{=0H<p
zBYUqoZaTfm;AQk9Lnj?hKw5iG$Mxy=4ef#TUdC&q_P|l#J9X^kppSj$4_V(c4tgUz
z<j~hdnWHZZUoYtqazc%5p~j{_Fd$3JIc;p@Zdaq0ANT3`^I~r^2%g8)sU@l3x`bB=
zLZ~)V%i{DkqE`~9cU&{lfAI&>E<v`hl7q+HAaFv{KExRK{=f*ABgEsV>%sJG@=2|M
zW@cMfRm>D=KNEuKb&j6vZ;gVGZSUstC#~p>fnX!c38nobv0{2?!E~*MYx4SMKumnI
zkM>)>4PIEJ!9w0r0PI|&giv$9$L!@Muhi5^#}3ry`9$iCYQB-S8e)3$-03i>%RTxT
z)920ub3HvIatAgW7qK`e?cdT44YfXPRLD9TJaeunu5R^--t}$mZ4#I%hM(*HFbmlv
zWqC7{T3bkL_H_h(O<u{@JRABCY9rTEPij+OGi%viu|<~TV1~&+3oqha)Yv$E?v<fj
zM(Mk3PFbHPAz%z#A)0s4_jS1~NUbm(gEjKC8#8oqNXfgQF+JfEYE1irveYtX-qmx`
zam~CzqV)Kbjr`<}W*7kK$LlPa3jz$qIy(B`)RwkpsZ|$G&KKYI`I`dGI=?D6zUJhy
zC6~Y1r3=%g{Qy7}r>E^EA3M6V$j6P229HY@cx?iKwfP&Rpts4l9(*p4LrzelDIh~;
zK0os;S?myWARQy2|5m|-y360Zn#D1-ac{n$g+6Yw>z8bu+xIvONn4>#(tf4nh0Z?Y
zYj2qgfv9FC7H!emdY{(XsLvC~9a(@S)BGsiIxcM<k@aQ&Kla`Qx~=NW7yq5T6<d~H
z@+*-Y$C2|O1`?wrf(G)y!6A=nNL5Fn`BPd+v5sRETT-Rt#0L7WfdEdEa!p7(>Fqr1
zU?+wq!R;_5)1j@V^`z-sI@i;ct_hvassIBf1Q3a#fuwNPejMo>#d%CSy))}Bw3gTJ
zeBXYay}$i^-#KT0+mVp|T_^jc-(>GJZpFpl=Y+2>Ce-*oc_V*!=S_3;hkgB>!K5!&
zjq{)jviupoof(@<e=jriSJ(+@!<=j(&YByaHD7FVnj4(&6z?mXQeU(OLh_xRzDSJk
zG2&`-Bph@`nuRHER!!?eJh)Bvz0=r9<35Q%yjcwgS;0u#HYO*Nygb+6r<m-O;T;r{
z3FCJf<G5$r>rN?OzO;KS<YCg6&&Ky~G2O9cQk(Jjn$$qhu)MG_onP?u^}10D#5B2L
zV`?B>ej^iKLk0Z1vag-L+tS}U%mQ#Hn+ut%J@BRU`knOS!6e@&?hx;IH|Q$uvM=l8
zd+Ycl-vciDGH{Z84&oK$QfEsj7T2=GCMrzcq~Cuo^${!EUs<U?oXWAu-glAh|FpD4
zw)=GDBGyS%ZO+KY>bA&sIaV1Z#@2$=)!7>}gwBZLvM;rnU)2_AzQ<6b+9~voPYnmf
zScrFj`VK8Vb(zOPgB+UXGi?U4zk3GNtc8_c58}a)b&IzlEyYFmCrza6w-)OXJzu4#
z%Ny|t8{pfjY9UQ+H+_#ZeBQ-I`As6*Zmnz!1>&-<dM0npS#l<gM0)2M*ZE>xf|0Ol
zT=!;s9agvdd=R=>w@Z8#rYAKNoa<T~G~GY+PXwlQD@zz28`3|I{%9`t+I2K*&UUqZ
ziyDhN;~mYd&OqGBO_uxwkyeKK{I_*+=S7Y4ZKxrw)!7i}&>}wZ(z(tX>rlDRll^_%
zAg89Al4deJ-ui;i-mfNhn*xQI{TN37h^rw!KYaaW)`8ITT-(Gu+NBIhKY;HM(ATfp
z9*K2{MHy2w?~S=U>76t5T+}PxNH8HPv>EM6W*vkhPO((vUW6F)I^$|s-%l~=M@PA?
z4KkR%q2@?fOq<lGTRJqSzDG2|U-+0ciqEI1af3aP-_T;l?*M$hwsdLwONtfpI}+<-
zwtdm%Aia-+`&F6eSgr@NHy^P2JLHCwOcO#+2zvs(h3uk@nfo=mfe6KgXBSMbpRFeU
zVTIgNmHrr!wtwmIH`T}2g_>b?@b8kE{^<l_Z>I3Sm&p6f_(>TRk$xv59G<M*vj#mO
zozQGMc&YD7OgFacM7rIydBi0*L74oV?7L*+E961vW!@>p<X&87dW%iwsRg*~$5Q~G
zR=d0gw+54KN@xx=w`S~;`MY`A-pG}$?+f;JMNR!T=t+~FPW$zeo24(L6-z%)ZBf&E
z&jjBa*lOy(QFj>|nryR&ah`&qIDY`i-XEct)7@lU(8RnOzn2;I0qSZj?yPfl&h2z=
z;}?rQ75G%(#^(7>SLcn*u9o1EPqE9zEdlq9TW-46x!hSN9Ae#Zo-ba|3x|3>e@8vv
zDW7|;y*B-wAsh*ZngjaxyFk1v+#HJ3r+t$+Ch<4*PhA<G^HQ4<E`E<C<w)(6KC-c1
z{!qv3Th<b4WA=pk>lZ&wNPQIN>6q+$*rc0Lknsyx+wGxnTE3(|l8&e0_TL}?Cev`c
zS$`Yc5M~E-lWN*W#5c3~q;fRuzc4&Eo8&P2JG;?N7!51;zYQhj{>O`kjN7+K409%Q
z#3`oDxY3`#2Gv)j`A4#7nnh2^qI0t7+$`FfMdxMFwk$e7i!R8b3$y5=EV?+0wr9~L
z+40F)bXgW%o<&z=(NnYNX<4)*i>}O~r)SaCS@eu7x+aUBn?+|kjIk`bLHQE}dOIzX
z#tn84$~eQpOT-l_|Ca;Oe>-_UdSw6hN$it2Byrf#|4%*qy%t>-Hxr=kw-jwZqmwqr
z=AU-cZpUva+yK`9mcj{O*P|4<JrvbF6u;O>@ybq$CwEhP^XnAHzfQ5bm%`gi@wdGc
zc%0(1k5ewpt~iDNAqrO!kbInS`Tph}iah|<G<w%FhW|l|dQI)r=7_f#{yh{o0cqYG
zmn&UH@H&A$itZ^ueJB{v0&{MZa|h-t)w^8HEn9)3gOso5`o<>joXw3Zd3>swcNdSf
zHSyN*e4}O_&v(+q^YDC0GmqyRH}SkYUusa?yX4&^f?z3dGf*F6_rT{G%xnmH&bCOK
z*3OI&o3Fb`nt$)T_Xf8xYjgZ1*-lJrp0jSH=(mY?m*}^V=N0*qCZ5PQ&UjToeW&P8
z>O95WERQPa^%p3Z|1QUT5s!PnK)KG5yv4k|3#Peo>v6twiqgEB<Qjy%45*j4Z(nSI
z%K_AHi3@A*v7n#=sE^7FQ49RM&+%CE9M?iFD^UyfWq6COc3CN<xhM@*pwwNCQl%96
zQ9!XMu-wMdtSI&7qttCfX;V?MAe!&5oSTPf%2ed1@{+lUDN&1`x`+oDeuQEOvh0I^
zQe{JxmWQgK6;<9`RJn6dwP<Qm$sx#z5tounk-LTZS=rjT1(-Ww!HlsfaGc0N*+?M@
zv;s_V=W|7yJ00-9OhrtTfmR$gID#c`c<pewi{RK(o+?e+qoUt-l)8&hx<~X|apb|V
zza&+hEF8^G<VCIiTvv_<sGOgVs^Dx?d1s+YsX|$*Bw0LKm|)|;?&&yyS}TFoT?_jS
zz?W_S#${j3Gy$^mR8FVJQykF8r<c_=$BH>)<#1>fum`8Y>Yj#%TY%%Y0IOaR^&08Q
z+8mSy%TeksL+P3PD61#R?2#)UGu=VVRPKU3Rg^3kwI!_4Tz`&iD?tFoW`WIZgDsX5
zmE#_*okB3hZNqRgFe?a*zM}Wt%u|YUP#nxfu{#IFi}K}|+ED7wL+PTT6dO}s*O(Oz
zDzK^ru#d_9n`i=L<q_jjogSCr^td?S&?;dMR>A6?4*OPM-&WvmS+9|<oWtbSfl~K0
zlq%)W=c_k8HXh7WR!=%MP6FuTVDAAQ>@kmni6`%|ZznMDwah)5X>pGxo~%E*3wUFf
zxqc(BvWg=A<=oVigy`F5J{AR-Ggg2ZCkioDE8^=j-&+ogyA1ZnfQ63%t*`3s7G&{Y
zqLp$h%7b|*_gYcz&PDkmd$e+<1%=8C<fJUF^!T$iIOagjiAqcxsX~c19r?j(SiG|l
z-3xqkFYp^#zmXPo%}m#oV0BptEZ#X7?FY{E19h)a!3)-K`u%=j8RL~%Q8reEf)mqW
z9jS&zo59m8`vDJ2hXoj`0!~c7B;Qn@fp2P?k5g3^4<=gN$8_Y3TKF34WA~A7LB6*N
z7Pk|lhk$nu0V%!T6H`$zHVxJh2Q0x#o|bzUu)MCfH!X{Yi}QG^%=NN98R+yp$v*LU
zs<okZtP(Rus!$o64y(5s7WXU+KL`BsIbg@@a;zsDoPPf~V4rN?Ok07mN?@c42u=sQ
z)#f_b69P-0G|iGuGxG`On|UzNLLQ4z?kz&Oy8z{Tn7*bc-CvX_@Jrco+tGat*mn$Q
z8>gtPv!QMx2eo6lm~q02d@T<auZ^ew^)aAxT(px-8|x5u>zYaJ7XN3%+?Lqj@aDnc
zw!*PU+7e->qTEigzE9+!c&re%ps-J#UjbWx1z6vZV>-dctq=$n02ighM9cYAauRYK
zT7g=oceUwCez01xcxNm2lfca<fgmeyx4=H(P%LAW3gc}&33M_(vri|g6h?pdB(PVu
zWu^%*;V_qDb3EZtpiNg0tTwmB=6F&*!NoklNLS9X!mi9fUMe@qN7_U9{f#o+JTDIw
z-WpW6XP`oHKv?ID9jKf+1%>YEC{(5*N9y!G-3AA%kgzIvDNjM?DS6-CN>0CFQ_y=#
z^d*}%mJwq<PsvGIJgjc^V9WLG#4KgTiP_53kvU4KHdo0HUZYst^OfF01xE`NoIEAR
zWMY<r6SK4Ug!9cjz(^~F1ckrM8?CJ?Lfr(jb$OUEV#8D|AH~4}SiOa?xJ%GbrNG1f
z-jwxf`B^+<(M7-nTg!RCh>hpxvga)Xvg)gxYeBiPlIatE@5dFOc5wj~Pb|fZv1OP#
zvK+<Q3Rr`;!s2d#Yp#OLa}}JB?V9L1D_@f{#tKlV<#Suty+Oh54T|*Dgl#hOV4^GM
zSW)4gii$Huse+^}n&-Fjelg!#sVzWluo$)8Le#noP}?*kH9c85IxSHleUSo_U&{TP
zMa0GJu9gRTvw}OD6%3!2@@b@Hp6FHu-`|?aW27s0PDkgtuad}kH)%Qf0Qti42Z{IS
zL*&y#JIHPO9ws;UJVIQZkCM999^%w0ra0Z@Q=CfalzgdElJfv1mmpUuf$W>7w#JH@
zu{>02R+I#DF~yyOhUXQ0=XnL|-_mt*9-vu)U@nlAUOB^peC1kL62!0TEukB)fpcsg
z99kXh-g;Qw3y}Pgf)zhju=g!-Z$?^KNU_kH%YA%47C|dgGYFQ~5d7vX-FM01^kX#y
z<2p~XaQe?{2rkHavuRTq_Pl4PSNNkjur11o3jflIVs|e0FM0jm97Jal%y$y_-<ES?
zpq1(ZR0j)C?afEE+lJ~zj?~m-`Dkgv9#v-KVaArJsq$p$s69~>E%X<-*j$J<b48oX
zZhH$*=FUf1Q*p8|THqJ<$cl1rF3R0G+&_}@71hU~cLBlv1q2t~)_u5a9!#{t{06NM
z`LWz&Eo-0K3LAQFAb8;hf@SZ>@$}|%`s@t^Yv0j*f@~hLXp6Kh=K5rx{d%AK77-*D
z5e(~XX}O$!V-dkoS#LINEF<P855;aPiktGI;y#4TjxHu}xeenH%+2D#M2mSVM76iz
z;(7BFz%ypSr-M_l+FOj0rovSIXkH>Wn&VQ+r=WbleU#58v%jSllulS-ahIZZDZ%Jc
zf*mQ{N6+JQ!!m-sI&Z|rX>A$7p_J5}S+uDPn@2;v%2F$qYBt;y%)>&j6**1B#mB{)
zCAYyG46h=%ZZ(19UFq`}XvLlbyEhMZw-xq91wtmYTwZQ;HNl5#2-eGTMq2S$;bG$+
zw4vCW$LE31bCZ02zKvN{K-8DV*YW5Eg0mY4`dEGQaxibgf}*i}J{FAs`waw#WLsvM
z*_u34d4<c80%da{Hcwcvacl}U1aq*?TY&N{_R*q5K{Vfmw7wYj5{!5WF1*BSvjtYo
z!q<w4&&I|`>uYQi!N8_W9usY-%fzq9K}9eZc6ScfO`gvY{NQtX9XS9iBlV~`4JKOX
z2rFz&IZ>s?h8lM%YGPF>M{??Dd7?C0;<tOmddNqy+lJy;epJY`9o61qRJ)5%9m~kH
zSZ_J#3lik2ByC?zwA6Q_A%e&5k@`;Zk^zEin<cNvf+DY2cYYs1$Y)&BR!+a>Bj`CR
z+Az~hpX8d$0VbO3#Gnmj-aM2oDozz9rA)i6=#3M+7$+E)b(?9X2hDku3M(o!E1#1J
zcMd8Rl_dGNX%x1gkfq9ng_zx0h?%WLn6Ayn^x!N^ch_RNQUkmG?m~Z$v|snj%i-{r
z!Qn22<CoGepJv6hU^%9F%P`GdifL!;QKdWw<*m6WbeE&>Oir}6!h(um8LZw?40jRC
zxtHMC2`PgHn%C8ui_%~jO5LUWJ&RJBgHm2sDX&YZ%R^nO4W+?Kl)4=#Ri=t}Webb3
zu+xSGt@)TaHUl%YYRn8y$4qw>W-1Ppdw@y@LEahR14ngVRx3ka2f;)K!TR^4e3)pq
z9<%bua>JbjA9ZHRnQ2kZ#FOO`UnMB-&XhCLqMVVZOtWE{y8_d`XMT&KRNGKJR)}hi
ztpRC^V-+4TS4D7m3*m4Vz!8&k#cgaU%H1U>7j;DymmRK73+h^@z&TO|r&bDQumn!G
z9nSAnrlut;JX|*2WhnbzLCThtZ95C#94UrVD}pmv2&cOM&X~-9X94a!QHFIRr6_Zk
zo6FUgpuRI7^I8iqTbqU1!CK6AJ26|SLVD#gf1$nr^_mUSyakx%&d0Px={JIY<;D`+
z*qMj=RvYGNGchk%gL&?1%u}YKI#rc)j809k`Bv_zz#aSY(AZ<clFocAyi%Kd4VIwH
zU5v6lVht*Di!is7qNdeic*j|sdB<60MU_&5vSi6<ae{d=`7ZH%Xy?yF(Hx5ZkxS9{
zI|`+y05w`ZYJxV@c=J%>wxVVc*KY}tR*afp5o)}JsBstQx-U^V&xT568VXbS$-L3b
zQ?vd|rWEF&(4CLMMS02GXpX<OG6$6tHrPh;FvV+yy`JLUdWt#c^k+>QFp>vkr3u|?
zL$O=fIH3ovNUfuov7VysoUY5Vc`(tHbv9IbD^clopz=&<%AVvF%CE0G@lHA)RY4o7
zym_c{TT#_CH7VrNhH`Hn%H39!H%T2H%!7Xo#S?2N_Awh-l7kY>#`}h>G_J1*P+Mj}
znFdU86F6%q!Zj4G5A^4009ky|c0S6zHs*V>wUJ2MbGH?v*HKKro}%>w=^vPA3%A+G
z%BPg%p=6e6*0`T=895jg_N)li-a=Hn3sBu;@X`3QSkdIqVth;sQ57sel{X(%ZX2p%
zQ<I{t64V6ksPPt~#$AM(JyPa)TcxP>mY~{gNA(_q?JTsQQ2Is<4^VvL0h+d-Mp^+-
z!tG6-$=>XLobqqs;}21MZU^Px%lP@UJ1G9qK$jS7J}YAZ@bM0cnujS4%RCc1C>A|T
zaZJ)nAEsDsNN4mKLwa6S4yxS6{Qk?MWqwvK>*rS<rnu`7ieK*$D1A7OLKN_M$y1QG
z1yGou6SG9ApSTn@4sII?n{qsPOtxkLdVS}2Q9Qhx!v2InUJuhF6;n{*{sAhKqsZYj
zv&HNgI~NtD{5jd9WPQHnaw|Wk>*w&yx**!o{~Q-6sxMGDFHpFiSFr2?yI*-oPjvCZ
zg$uTa!oEOz@FsVCv?~Zt*E)XAg1-C1@loa*>#9Nv8u}^!Hm3iM7Fqar%+0^g@UAJg
zpu3M^pMh6ow;<6+0YiQDb_?qIDUKTQdF&P>`{*a<ntyVx`6uU^e{!z*C+C{~H#*nc
z22a;*fw(FUXz+GLRot(5y4E!MZWkeAdrA8EhK;JWQqy9<v((ciPtNo4lT5;^W0Cfa
za`)jvc)A+(*i%s@KErC+=!=J=u~1lRK|b|#d0S&@Ah?n5(_N!#XjD91>Ejg`$D4_5
zI|)zM?Xei^g6IrB%UWR_*r0B|ou5DW1DR({Xqy^NS9C`}Yi?EJ_;;E5xj-y@dna(c
zXwBCoA}|@7_r6u}bghmB+IhtoQ9NDiBjK&SmGO;w>}Q@Vxk^S(h9co~X`98<<y)@?
zwy8~Ob4M&5+NSbDFaD?E=~^cuI0T3TQr4^6)HZoT_>t`4hDfZP?`<@kHSuGa_8Ae0
z69oQQ?-?I@y>H((%*-m4!6xtOCBRL@)3t#g_3LX=+XJC6-`THa=5~!5R%4;&HFAm<
zvH4-ce_NpW9^YCurUG|P@tG%WQ<(3>RfBByt}~CP+?@Q8;_14BN8Iw^#5XRICS7X&
zm+^ks1!9KYHTpJ%S%2=q0~zkxK)e+X8}7I<5^fG?z>Tsmn?!W+`bcx2O?2o0n}^J)
zIcecrw~DP9!)QoJw-Zm7m@3BGz#~bHWn^MgI3C&>R)dV>eYWNJJYBvGk+8avZ`TKI
zVI$cQZ4>hJW8&%3_o=e(YJpHVjv;uuR)xfvtkcx=N_r~I58bQcKCv!W$*t7*J;YsR
z$5P##ZgGvOZEWMQkuPS}kF5OvH{I<z9vkqIVU4V2Qm6sT<X9Rb*#`A~ZBRQkd|#H*
zOY~-HZVENGHb&Z`0VY2y()|)T;S`f6-|9eHTpz3_GOJ{bDwhZ_Gb6j}!k)H3v$`@E
zM0sXrHmKY6H3X8DH{Qsv^ts~HG1=25HLgWsDrU=j`^+{q*3uT)E^e>Mpjkc_(po){
z_-DdxT`OZ-<M=i2^C~sa))r~T65~j-iNoGW?qC%U;Vd*slHj#xMrw6TRq?Fs-$lv`
zx3E41qH$T=Bg1nMHm#9WY8(DmpAA)OZpDu?vdZOiYbJkVn;M9HP7U1Cq_)I?-I<gP
z5e>N4u&!3dg%%ky@YpidXM8TxdUxt!Y(J--t~=FcEfQ-Ew6*!trx1Lf^(7S7geHiX
zdcH2cIuzzgFNjAoW4JOH)TLkp8|$v9>T6O1!7kvwi&m??YQ85&fZrg#tGBu`8dbwV
zT*oY4m!`(06h1zwwB8npv;jLW(x$*_la<<NvQo<pv&3$47L%4q6)cl0Ap_sew4WI?
zo^&uvD*ywTb+;WjX6T)`m%EASs3m<!V{EQ;neDdtWF=B&eV-0TwuiYcoo`%eJSgfE
z*Wc|zJh4EomyKE^$~1;Jqy2e(gn1`^n6_dfmJIkSm>bmR=_}b9s2xz!t7Mhh;$zRP
zz?V&uBCNo?^ekpPkCovd*OTAY+gqi!iCP~r*$API9?jIcF1}HoivYL0!%Te5yK)4Y
z<oNX%%XwoRDrU+u%sPlN_g}Pj^m|^K))*cxF-Mt%=vk#?pO!7&AsWOqSwEi=sexaj
zo-W_*Ob3|#jB-6MUq2#q1-D78tGZ2c>GRkX*VJ~A>zgLaEXHl7QGOeR)ZL-4!#g5D
zacuYDEUlp5>n}_mif~XK<URx|zCIGUry~j+FqW43<j)O#VKaJ{S*~$p(iZjkzs9uc
zxT^IqTOQ@1S&J7gtPi%e;XO-}*47w^Y8^4PQU1G_-!q=*n69;W@Csm=(xkQB8H#Bg
zfwoQI?V)fGcx}q2u!xBdrWL~KP#f3F15-At+9i`0ku|E;C=S)}h%@^zGR3RL+C$-h
zrs^yV(RFc2L}IJe0PCwq#O)z!`D}+8>+-0v7B*_(X0<WW!HvS=i)&vO#HS2g;l!;A
z0yfHg1TF^NP`kP^zB<&VvMab1>1c?|>qA>&fml}~KiubQbY1$CtBq{wuT=v<^wD+k
zRqB?Gty|TY-pfzl-n8NN^@|trA;(I@wOFjVHHKwqSKFJTT})@TtL^QPZ7No<tGKEG
zR``64K6x;FbLPm&x$yboT9C(;`a<EBh%czdwOFLf*A|Lvz@3dvn>KjY-EsRuw@b9>
zKnvGgm1vi%sR}W<k{@He2{*S#ag#V#KvQGw_*CZFr{Y%l;%cj}h0mLhRq24QITCIO
zZS9DuzHlHGi){A=Vq3QXiw&m}q?6R}wooi0&uDX-azw&vXGrtOGv8*xr*^8%9a>hx
zRQQ@130w<bT#E%eq6kDo3)<rgwuizCnq%66Ry7b^(6(^F!UgiKv(iP3)8%r=V`z+7
zmhu^DkK&Wxe}kX?AJqTQ-!H!4{AJ6D%-QbxIqyn3R?TV(UAri@=eUU5(c{#df8_n>
z^*21PbSs8<x#W+ON#lxIzc1sT>cR2B?EjDU_aZ&<@#N`VnQkY_r0Ms|beDDV^dY@`
z!Q|<QzZK~X>nBf#?0@P~=~wtIk@fdEaM|{wRk&>XeYN<5+PBO3Pp%-{${!GJw*H55
zd;`j5|1X|b=4-e@zPn|<?knUA%6y3{<ZF}pu;udkI%Pil74rQ@e^-+4eKNh_mdVo{
z&&l#zCQn~0(}$ZUPw&*zgCafqYt4{Mw{M-iyz{7(??)z2_sDd6&*bUddiu`E+aH$c
z(Or|5Ps;SZ-IJ%=|4z!w*Dt?*8b&U^eo`ZU*!meiCi}NstRKjAl>Iw*mHF^9*<YF7
zeTjVbtIX&8nR$JuE|JeA^LcI+>Akm3p0D95^Lb=GG?2@#C;wIEi^_cVE9C3G%6z>t
zpX&<w`mQqHu*~OQDe?_pB7fp4^Ns5HZj<>|PM$BR_pedryKVA(DVZ<YNd8mwo6*mh
z>{s`5sh_jQeYI%cb%px<Yp<@KiFH?bKkLnr`=hcS!>i2Y>n<f%vqb!Mw~XUX%$+=*
z+g<__zu~{gul!@}&Xvmlv3BE1ewXuR%VqtMA>CeQ9mo*f`k!mRull#j{QYgTRrI4b
zbd~+7wfu4Y{wK5Cb+`O!$KgtL`$~T6kUaO#CD)7PKj;@<$!=fC@3_))!<GD|D?OL&
zdtR;|&mZ^PaJ6&z{0}ETw_$CgkgHMW)ydbT^7P93`?A)Xz4^b#dg~5~el)08*PrC<
zKW@GC%{H$$=axV1IQ*yi!IzM?q+E~DORUE$Jx5>ZIp9jqDOY;Vxzcm)75)4x$alB?
ze46cd`u;TY>a4`&>&=pHmtXXw&wrKunPrym#H|0AymyzH`<MLUf6+SsfBk0%ic7><
zD6SHqtpq$)CRze~wG^<tOxav8I|#?il;ey_V9Cpr$q?GBfQFYTv$J@&3fTNIHJ#nT
z@V;80?PbdG8@0e*R!=SPm$QKZc0C)oaW3%u%M=ZBfnD{$=*yJ(eki;_v}HVRgW<b3
z0|l>8jy1Oc&Q~bMMYjO1S1897l5ad`gW<m{1vbAzIi6YybiP87S_*u$4Cr}<0?UEj
zTY$b-DANacsu>u0g__RIV5kLwldn*YPX>Y0EKd+vtn!Uorn4{@{-6bzGe$YS)dDOT
zqa2I30&B;p>D&v3{jETBjB@-zE6_Vek!S@@gn+&=iev~Fe*}1bj50qLc|D?^#&azg
zp6CIRW0WJ^2~4oIb^=fA6#X=wXTh*)7hrvra=c>~Q2i?97}*8Pf0dffwP5Jk4K%z;
zId<#@ysuJ@kIU=6-N1cc7qZd)bwGJcTpQ1?V0i5l!2PdMj<-Dl47^G?-tz=-l(qW=
z5ZDVGXV-?aDH!hR2U4$6jxY2Bj@PK^+y~?N5ymqn7+!k_2);%+-hK$!@fzj0<q+@}
zuThR)Jp?@a8s+%yL%<8KQI5wC0ZG=D;XDW9`40@Qe-5aAopN0B9I)(l%CY%5!1Frg
z*!>*ff1PqX{2ZXYPEF@27|(QI`1DVJ=U=BBkNpG~eVuZA<tIS$b;=Px1u#xIR<plx
z%5lk00rxoNsQwgKJ5CY(DX?@z%Iyg7)`(blsS#lNF<|pJHJ!6yJcEJZ$j^b@<CNpC
ze+~?fQ;riq2NJ9g{{*c17hrUp!t*b{nqL7ac5OH(f#JXXD^UIh<@oWx0`4~`NBc>@
z`vx_gKVUrLz<34%!&g574!uD+Djx%hHz>!NkAcxQD92kq2FBi?9Pj)Xz$wac`^SLe
z6y<pIV_^O%%KU6lqF~u6%6xV_P82S~eMG^vRt1|+QRbWAyH>$Bo<(3hr-0!r`3eS3
zQI2osD>!<Jax5-TaGcd&px}W*h3iA(*#ZoIRjJ_gDa!ForGoM|DaWEJ1@qse9G6uo
zXn2#F&IDli(R2ly-=rL?s}<~clXBcztzh4ql;aI^6%4&eO=kcw{OqR{jK4`a-nw3a
z{WN919Nt>52sv4=VEYC|$cZ8LpWzoh3Y@1Y$1i&nG@Pa!cX||fPgC}cf}d<u5IjvW
zx>3P*H!J8qO_A8F;KeU0_>0q&*?)w5im**S1$BNAzwh!Z_-nr+^q6144FSP#2q@?b
zi2U6F1xMv|BB0=$ymoF;Fr`^s8_x}3s09@qJxw{@8&vSZY07+jd`eZMZddT-7LmWZ
zMS;3i_RVm%0K?<03Vw5%a{T931u1rqtqL9uiF$fN3jX0sBLC=@6f_Mgz*`jlK?TeI
zPQj|TC>s7wLH+Zhe&aa-47+})!21^E_^Tf&(B1(63jg(@rZWH-zCWE{=q<{zq?+J`
zw<w&|1miOZx826rePdj|G3KA)zts@f-=-YjsUev2Hsv@`L*Ra!a#Us#ta_WmK9k^{
znFQXqsVTOf;Wj5h^li%Vo?3z(EKe=Lqq7P2zD?0Po1o<yf?>wLhG6SFg5&IZ9>K@+
z2p>1p5p-WmaN=#s@rLUJ-*p|q^VbuMzfF<2p5V^;g72SC@W29bZH(b(II@7i@($&g
zT0r1<hjRRA0m1xtC{RzZ>jqJ$F&5t#ug{PyB=EmOInG!}puIymKCqCW=N-!NHwy{&
zy+e^)NbvbZA}-k&k8h0CXSiT7!3*zDjw=@vB;TPN*DWSUy+h$yOz`u?1V~X+EIz|8
zxe4qk%JD01g1Qvt_=1~Y8O!e`xcNpgM-4X;Jhg;ieTrgu3Bl5vCI4oE-Af5tQ`8hQ
zZ;Yom#@aJHzl<P}q8!7^2~MOa$DZW`V=2n<FP9Tcq$v896P#NvVx_Ty;KmhVOd3`Y
z+_ysTyH^k-B|o)-z;mm(X1L>4k*D`of)8|l1Ht|V!5?lQ*t}BQi+?4-Gb<&3CBf#~
zB>y&oXKs`H+X!Yiih5j)1TBq%A8jN!vWmd+E;YscGwfJRQ1>q7_~>eaW$#k-t|mCP
zT9h@$`ZH`?OK|tQl%sbof%Yy%_gaF#Unk{u9l_uK8NrTsDH4B15dF0155sHL%f78A
z_^!N8tS8ub2jTIF{yPYcZ4mVsWBiS005A-A2u9we9CvvLlJ8QELmq+@yGIYfoX-+i
z&QQ2MOYoGJpx_KO#q=|L-Age44CUz9M9^@Ca_reeu=xx%#ql#tY$9kqLplEACW8CV
zP>vIu2zH;L9Iv}m@Qtzi41chhVBiep_>;{9i8GYr=w^c7oT0G)e*}x~A~=19B6=6W
z^`9rOpQUhpo*;5J!P*Im=-mWAzgyHfdN;x6eFW#uP*beDF}9xJZ~X*)XDP>h0fJ}G
zQjR0+?=0o`+W^7Iv(yyR&#*d3pq-_rGXWUhp%N@ROF2HM5_ry1q*Q|2TcixP5bWMc
z;5<vwyOrR0Na!x(IRXsF+6eq-DV*&D@3s@TCnyjm_*q1h9gPsojY^q`6106;@S|TQ
zD2RzVoiT!rn8?!|BY06>Cu0N;#HHRd#Q!t=D~;g7S<3Ny8i9R+a(q@Ja86JpG=f<j
zQYUv1?ClWuZj5th*szV@?)NCiJGT);-=iG&Z6oM@k8=DA$?w}nFw{w4e~+5t-WmQ`
z7s1~5C`W%6!O(k@<Nhv!qwi6U2PEHkCIG|4eFP({&-W4Bd_Tc&CMX*2C-}uz2=E@o
z=vN57|5bw1ERP{>o}s^+;04xJH^H`Ug5-OY<I!${)O(cU^OB$FCiveEivEv2NZ@@)
zjEVmtg1W~DHcwEv9wYeH;{<i@QP}qoEZ$4d!}_zA;M`t<ZZ^N)AgKSQ&|R)?68z>{
z1pfCalHVejb&z26eG1n>f|E}ZoMZf_37#7!u)I%^7$%7S4MFw$6y1MA@a%Dd^50P;
zjuUu(MX>C5l;clcB-rsj#psI!mVYN$|2~EN-w8%uBG||HFA;p@Rf1<(J+Bhn_lEE#
zy5As3oF?42XZYE-#kK!!f-NZm_xlvicL~05hM;eP!heR~`)3JW_#Fi%2&}&odF;O<
zsQ6Ik|B&GP?+LnDo{tEgRVc<;pA`xlrF@OsDaF<t%Ih)4#4~)ah~imRwwS_SN?|!C
z@LVYszC;;?qlTjGchnTK&9G!9#gY#MuAE8X`GCSRlj7KQ6wiM^P4U<a_gqhL{|5pO
zUQe<21A!;5rx^HvB6&SU!2-(1#26dTu=fTE_c?(lT@;>k6iFAw>x(G2@2N!;KXg-^
zK1Y#oQ{>$w`1YG9F5E)#>^TZ7rTB;C6erG6j4r2m>Q<3|_*RNvtd#tf6fZVXE<ede
zif^r^e2w?5rr5MbTpMHF8UA<;1wIh?{#uIi4=AvX;-z(z>sw=dKEo&Ppt%2>!0R_q
z^qv#ANnSH_c_;?X34E!EqV7YAR1?KNe1W3iLyFNaP<*+W;_eSAx|^8}mHiA-tZot4
zo)(JNLlh0HY>48%2<1LxcZ6bD2Sw@wiiQpfe<#I>4+M^PQQ`M?Q7rBj`5U?^k2`02
z)fj)y@YI78ogWIk<{^sS4=EZRqWI!N6n!6x^PYzvqFiS(Jhp>k;6sYzJ1EvZOp*Lh
zVDu3R_j!Sb9}%)Q{0PM_9uZ|nAECJZQHtPsiusRH_#YL0V7R!4qU}6|yN6=1heA6~
zG1Noh-AU1XUf}kfqMm`B6hD^NiJcT5$m<I`DO_I@*9>o$*K5B<5tY{rAC}iWU!xfR
zniyw>j$MM!aK5}|*dni6cTt?(CHg$Ei(>a~irwc04(}FxhA+zN)4M6$k5N2(USRYw
zA(IRb$?M_ADDHinV&psp_E2otLov?Aa1TXn55>vz6uo;yynph%z{7hee?DS(OkOkm
zwY+9%e}dxf^8)Lhpg44%e)29D3O^6s0d!~ciP$r75kJoYtd-|dKR!u~%Wmy#Z`1$5
z<MMe6>s|Al`u{XsK5vtE^@1hyoN+A>4hGsHVRiYuE;T;y))j@eWr28HZQs(?<?L*4
z3&)qw>xhMKi8r^Z?Sc4$_E2*y5|6ZK3z{SCw*=zt_1hNCbG8S<p%yi+-Dzx%Rds`2
z*NQ^hCzG7@AyJ%X-aXhe*gLpyuy1g95W|%JUkA^?<^d$cIqv%o^&P@907fbQ9|+@z
zam0G0_sGzZ;Uh<nB#s<EBF;AtDnNJN$-ePE^jrI#{dN5f{cHRE{jL4o{XPAC{X_kU
z{^R}FZ{6?QU$?(u|JwcC`+N2$_8;FrzCX3!{-oo{B~Lay>3_2I$(|>BpG-bE{v-yh
z1I~fEfrf##1O9>5f$o8xfxdyEfyBV^f#ksW00ymt&cV9DhQYOi{=wEkb|;C!<AbAv
z<AbTebA$E+jswmEOAa&~SbM;Kp!GoXK+l2R1N#mPA2@m-ap2^E<N+MC9;`d)I_NpL
z`C#Y4?t^^?hYlV;IC}8p!PLQX2QlOrat_rEH4LpC@(i^OMTbrfrG^|&H9Xb%RQFRu
zPYpkH^r_LOHb3ouy7TGor}sVG_w>=H6HlLfI{Eaur|})fcb0s|^PQ95Nq)zAXziiR
zhmIaf96EU@dFb3B9CjRb9$s>|;qd0e{==PzyASU>+;{ls;l$yShm(iT9mbKhNBl=x
zj|?4299jE}=b6rDjy`kz8MrK11)#3a)wj0K)7RP;?d$35?HlSF?mON$+Be>p>a+IS
y`|J8${cHO@e9X`F*X?)h-@Lzd|Gxc0`_0q;e*gdg|Nj910RR7q>d5;5C<FjZj;Wgf

literal 101282
zcmV)zK#{*6iwFP!00002|K$C7bX3LjKMwcYVUn=K3Ch5*$)E!U5D1KsV2orWOApLI
zWQ~CAU__QE6A2PoOd?*JASx;-2r8&30tzY+AYljDK?FnrWpTz3R@vSv_c>MFcT0e;
ze$MmXk8?<J`&L)qTd%6>>b}+8fj%>cl@L;e5TYoAtR(zjGWmc1i?I-LSEJQ;krh>U
zHC}1)?`qs5>zT2x?B~Zk{rsR&t|5a)j~)|r4IbutK4-M+nbEG4uH9Xu#ta?SDmuEF
zTkv?HO4Gcy!)R;ue`3R<tsfaiTMvx!wTc@?TaRzZfA^^NO=}O92U@kq-~Lvdu5+t4
z!)WXO)%D@;w!?g_=MJN-uf+IUJ%qoLTY2y|6~Di0&3|{o>u%2s$%1y(cgjd5Waujq
zr1k!9hN@*3$bGKr(p?S71&NTa1>K(#Au;&pWD5#|5F!y0A?m2V$q6eLF5Vt!Q7fsx
zDqr(I=cijqKSIdg=~glg3QMizI{cn*B?$&vve!zgR3YT=)>hKs4p_P3tR%r=EU}X7
zRc=q;DmW}RNC<iLym(J|_X_kbLI$>ae(0d!AVMDL!+GLEgKP}{k_ky}#mUHwL_)|w
zD<QEUL~BL5(pK4=5Z`gWm5{p$A-UGd{GK2C{18I8OiHaNd-B??=!T6PGlZawKvoFM
zv`Tc3lmCzY^Ru6Qa^IL#xua9|yQ6yc>h0~}?dk31?M?H~#!+S)B3ntIsADdb3*7Sw
zA-<ySD=D)zD6kS=QRhr3o<#^r^^|)`Q$45P`ZK&%Qax8aS3TvPql)9PixN>BdoN0a
zvg@?4)LsA(FuyxnalCn1B2WuF58hfT!DE%uB1dbhl~A@van!ynk-}1Y;Y^7T&vwPp
zU)1?btusNZQ(dj|+a+FSps3UQvPAqWgyepW{7*@cFBjx(BtqCU_hj&gj;oiT&IzpJ
z)ao2o>r4`L{;}{Twjw!y!LUUoU!{^~2=d()LW;Ur700`mB>wnoG~zib@%@7ML%hXh
zPm3JW)caO(e~P$2i{B5b_fKBr_XnBp4^{7P6!*R2{xW{QhkE~Galf&-eu{cOU);Bt
z??0s8A0qDmN=(o1R_}Kd_t!%?o95m|2=VOa?W#(JvY9Uk_6mZRFAAYeC4{7~0{3Ag
z*b6kX5H+r6hiPGHa5yb;thYdu+Y|>m5Aa-o@+5$3?**U(jR>~%v#pfv^|9TG;|VNA
zvf4Dig(asdWjho{pL0-r%yYG@rlB<DoJ2fFX?|-g*rPZ+NT#WC&`$GX@!mGYQAgbS
z>=yU_Dwjy0usj&!%O6E7IaPgZm*O~sg{PqKK{poeR2=)TPzl<7*s2d&U5jN`p{x~_
z?N%I%%0W<9p_NwH%5KH+HkOqKV<>NhLMxM@kWF)!;$v+O-UE1@K&kd{yA($T-rq=B
zKX)$8-xTK^;O*~y%G+;1|ED(6{Ijv4Pd8Y&gwLHrY;x}Pv*^cbT1iS#a^&jkk$`;k
zYs5-INncusr<CSziru&q|53T0JBrF9-7&p-dwYS;@fW4IU7n+~sE0d?7Wv%+L$Mny
z;420yj^P@DIW;MZKOSQxYty3$2^SJ{Cs~T4<9XG|<V3FZMG;cgiuvI!nx9v-A}4Zf
zXSm^5Wkr42CZ4+g+CUV%bo|s9D=`Ri;90n@fFL!P{aAJs$~0X_I15j=n-)dyRwUwG
zSpy#GV92)^-np!XU(R+?IoCzy%vg|R24y4NnJCcy1Ns}};WBz*c9u>#I~l>S_3mUP
z)U%1osTU}FKE~d=)ZTl0fSsW1e|~o3vVBr&>1F$*z+U+4L;!50v6T>-e>1{9wV{;|
ze^JXCe<+HV6?`+Z9w9#KX5|EBk0(<(HALCt2~<vn>o_W>9;WQ^SSqLPrR;GRl~cF*
z+4D}noKsp>#m{m|Q4w>?xkU4C+U!$9gb-l7OlR!)bi9@L*iJut+^IPJC<DVzE#>&x
z3$DUDDLW{0OwKisZRBLzkmjgHllOvwW*(>6i!@a%Doxx31I+|Za~Nq_YBV**8EATQ
z8t&hFX*9V;8V{%8{l+9gQ+U)q-3$Fek?pU4BqWwo+_C<m0Qm5gqpXC=LANWkZl(pC
zoIKM)$m&g?s5ufKIW8t#1gu!}qrkq%)-%dV=++c>9E528qUa>J<}7Wq{{a%mBZ9;g
zfyz)-ag>%xWc6pjwGncSKK}<Yi&B|MoY{p)otd9AE03(mY%DNa0?hXFC;NyqD;AV-
zR?h5W12g4sWH!GNv!=jo1sW!2){`?Etum{^ne{R-`<gTBUWwU}KP0kxH84xy%%V86
z#ws%#XI9m~Y#3)2QHj|!U{(su%CKX~DJ`1-1`_m97QHl#jJHK_{NnsY(JLZ!rZJr9
zR}mGNwgaX|fayC}^tcPG1+`eWBGsx?D-%{1*cQrKY~glvUCFsyacuts-BB=d^*-=Y
zX_N)_hEkB`x=OQ9quCEM_fZx&9C9Je1*C~n98&~Mlhp^J;8mlSRkwm8e)2DHPN{^D
z(2`FrWTm1gO4$&f65(TAV`zReOHPF182LNccIt_MJTAs34{-YANiLr}E|x09$GXO;
zWT}G8C#T0zmKx%>6V%&H`R$NTPEYWZQWm&CJv&3QeuUCFyyKp-37ng;OPS%RO-Qra
zgfy;ANZs0m)T~WN)!KwuY7^3@HX&1L6SA;2A=_&cQV#d)5VBMJqs(Rj6cw_uLjMAY
zI;ouJc40r`qU<7NJ{MKiD~`uPrha8=H7i;BZdF3U3lPsPu}I|%8M>C)RS79`iXP;Z
zkk+@fSo?le>_i@~X6i)hpW&TIPwYgxQnsfog|f65$_`M4;9qh_r(YiHqVj}T%A!Bd
zu@c3x;&-jhhoP%k`w8cMs;ZTUZfE^zwcD9@1CZ^`yPf?DvD;~C=%C&`4b1FRw$sAx
zq9e=4vaQe|#X*OZKv~e8Oj(|r()>*>ui7z*f8pvx7xvDbJCnP6d(!-~2_WLkR8Kib
zd7$Sg$T`cS_~oJQxKz(6zZ`VO`cdGqet<x6>;QSlDbNd|-0vzHYx9;|twu=rWEDbu
ztcz1|d~!yO&~l=@CD*GFQuc_Cb#W<<X=gNvM|n&B2X|cSz#u`^*Uo4{dk9`9!&~xq
zH86qrZ@@L`;m|9mB(lziVNbce;E+T}c!LCur^Wf%?>@F0^*Jq$%IQwZ;9=!-7nR4v
zQh7j}4=}^~F;q@Z@UgT6ewje!^km8$p&$gF4WGlOc|7Xc<j=(TKIrhVv?xEDJcAGt
zC@c-yyvp9P2*uIs439)wQWkwTR;#KwZk)tOxnPSGRITGF&~7WlV}(cU1z%awB}Sj&
zgPX+l_JYp|A*(E?m*-Avg1D<FJIY(qraB?vd@CV7C6!Qi2z#z9r{YLCsmasfXYoam
zR)Q5Ch6;5tiqK-8jFY^}V<%NRe++9!e>V<Z*z2V2Z9lwVCH6vs{gUm07px+d$Nm$9
zQtJgP3CDx1+joh}+30KEB_?OBuYH$<obM=$9<4L-jJJ}UXDPG&FUKl^W?;~=EXPX1
z3(-8I_e?-R$Bl+x2PpI2O1A$yrRma(ltmvsiOzfuu@XPTwpA5J_9=;!^`xxf@1u~B
zpLKL9j<zRxJ!U%$ufeF3%F%Okp<8G<9G|H?7(ta(Qg*-Mh(65+CxxHjlkEukr&)Nb
z<@SO%0T}KudY;mNspdKAEm>Nfkg~@>D^^Ju^MD>jakaB0L%RwA-Sa6`+<y7#SjBPA
zDGjhVZ^`QFsNO%?tYn=X7#PC)4}Zl_)m{*=5E5<=5Xe~=iH7G`2&ea!d<j55!#mhX
zFT#r^ofrwf4&6qcpX(Ykp0a568_LtKfFf>1dAd$Yq^t*JN$+w-ewOZ39KZd_>oMD_
zIhs5df~m+2Z;rKMRBfY*6~wvjq!8y?6z87MKd<qw5?*JKF3yOPnmD7pB~w6{6oqN6
zB+Sb}O_-F~4*n)_g|zK}zvT2-#j)x)ZiMZ;CDXWACsnbMb<rqR&6jpQ!TotM8pb1N
z80}6-q^vcSGoA2^a;|`DU~E|%tnMwD1dkTsEvd&DH?3kN0d(E{{**`x+u~)1LUrd`
zi05dfVc$>3L9%&nm!F|C9SZ(B&z%JhZXgaNDh(e$J<bPi`I{2FPxVDd4&yaH>lEcr
zjP@RvNU$wUbnN|ABEe=5|D2E@r2X@<L;}p`q(zP^mxUAR@vB5uEAaI8(8^c~3aH6y
zQUe2v0agqwLYJZYsR@Ba&w1K7&p7_Y=dlg^l?xs3n)+u~Z!z<fOxcSu(2ewSX9w5?
z%Kq@P8#to*6g6Qhh`uk)zizP?zK<n+oIbV<=@rNE6Ji8^)js_+28XsDm%wN37Gb*I
zolT1z7rdZ!d2UyzwhVFl`1I9DH3$h$C(s4#RvhoDe3YE!lsN{DwjvK47t}w_`>$*<
z(_o{@?y@4vUWzG;hR!s*Y&6YREWx3aMfX0AapkeUBy11j%6@-KT3osEBAU*VPy}(M
zMU5+uAD75#%4K}nf-+uw31n=w5E8mLR}J3m@cNV;@UcCi`dGOiR|!-O7_%osfHh#_
z&Yj6Ud*PTe|7<o@B##0T%cATO^wa|>JK~3aJcXTy9y<fNYU(c<@AR=fRDP+H$}h!H
z`K4GYzvQCwODn1TQbK6;w;;QmI*KFim_)qmA}oY>*W`jAZ`x4HF9fZ`UzF;Si?4%!
zDe4(Zivn?eIcJ+siBKG09Rn$+MNzh!GRN`};E*eMn@5iePw)?h?MbJIm3Y@x!?wPx
zfnH0_1~^|@rZ~3#3_WJh8(@2AQS|tW5=jNq`XRJ#js>11ffn^#Ns9u@LP;F>hy5(+
zP2^Y|r?W;Sc-MT7a!++p)-#r}K%C-u^%r>1z&0ueO2aj9Ixv347%P^+(AcL$s2yU<
zpOJJKE!-Zgp%yxM;Yw4Xl@}(M3eO#tDzshW7ck8U&a(and)j&w>&BVte$5MG5iH}4
z+5CnJ5j5VI3^(MLT<{KZ@hpiDcF3O?f8%F~usv+6edY##VtoCh60y%*?@x^X@E7>2
zwEDK{-{(|EJDCcUdkgoEujyTP7eZ1cnvk$!CB$AZ7-9e=f-*J`{t|80fHy2kjid5%
zEapn#QXC)uY}AHf&)iZQTK%HN>-NI#h*;8ro1lC(vGo?ws1UiMxk9L_syLSXWK@iS
z=QYJx_#P_8GNBj=A@@{Nj0t|0G#)wMttm#AXjF_i0gg*?j6un!E~_}F_rOnBzOrJu
z{U@C3vlpC#00<nmz3>Reox2prr6Upv@8E&c)nUA|Vl2xbyS+z*$}rnOAdvI%t`X8N
zkK97lW*xbOQsy6#D!k2yKS`u)ScNwG@wzU*yu4Cl$wxGebD3^Da75^5MUA`b2x?p$
zWw!1|MGwqgH8fX#7<-C`kD_Pn{XW4UP0mM}qRvh#7tfFg2_=1FA>juwYO#$6rtQ<B
zat2{+Fa5;3@tWRs^-wEHKqsF?+TA!z=1slKo0^byD^U;QH~VK<$<}<Z4DiimZpv&&
zhun%jp3|=zqQk;$^AGa}3-+MQaT$Zu=%2H#B%~Bt)DWtscbyBL(smai;msm?oc@Z%
z7;_vt1e(a{ssi0yax2?fb_k>^?5dZ`&(dO`XK1_vTC@FjL=||pp-$c*eDKW(Onx?h
z@b5IzTm$J7ob)|T3U?I8l|$M9y0v#*6MVwJU1*q(`~}ej*xQ9N&EDeQwU83*yXsNK
zCL6e4{!t=+c{vub)KZ9eC`3FNeh6_O>=_8%TUJGzD*jP2j_elyC=s@m=5NX#(ElmJ
z5H`7IZ|(EeKu;-UH$2<5FG;fB?edi4D0VS^uwY%C{6iLW)p6KgtKTN_!xno%{pwJw
zpF5NC?sBM`VtHC55(Ina->?L`QReuEqyEV#D+yIC&`^&l>4c)P)FdSAt;Rv0U0?$J
zw}TQ9WHunHhh(<;hY=e;YgzNKB!+V>BcM<`yTARo40{2eGV7YDIQkrt^kyGHelzTZ
zgullLg{}h?N5UcX!$(dX%34mjA(4_qBzzAD+eIK@mg2DMXaiv;5I%~83xM#h2trmx
zU|>G#korXoDO&+$d!$?fl&5UKa%vX(zC)Bn+nyCx#mnS$r%xV$6Hfto9JmYjAvIvH
zcSr&P@Pc-&(8ddsLknKE7$5PQ>srGbpkaR$I9~1Z$;2NZI@}dt=d}5+A3&WZxrn_W
zg^Msjan$)yd+(T%4#@2{;5HRM8+1)p99IsS-uE$RHW>-e0-=o)QpK_Jph?yaAoL>P
zRUlj(sfn=pj~Z@3S$0h#C66H`i6JEXXrv}W9Q#IZc*ZC~zdY8J>bdHdC&Z>gwAax|
z<*^{hqX$))?SsGMjv&Y_THzXAm>lXm#bSKWk$UsBp!xf%m_|kM2P8iBq-+<JSD+$-
zI2#^7pD|qJ-!+4>hMCyL9Pv49d$6tI`0@wtv|~zAu#Lx{jo3)u24y=`Qw5&e_XE$a
zF2ylUtCfnix<jo?sIJlXKW!zRtND|hR&K-0>$Df{1xVZ5wq}XBg?F-ya|;cpW?9v#
zzv!{g;#j!WfIE$aKls5k7M^qfyRGC4`dGNu4`M95qrYJ+{NsLgESxu78w<C|!m+TF
zWgZKE{ey^rtrk8OzBoZ23!mp7h^Ft8NUBHilzSA~zGGC*gMK!_87NeO_fys}hO!+#
zB@(JAn!7F7Cy}+#sj+`(QP(PpqxgV9$J0@qGKjO8MDVL)q+iYjr>K6%^syhsSab&r
zwB?kWPH;v6dE`wT{s!csH)APV!#@Bkkv=)^TwKUDNz*E|mG_{PjTT~@G(EFdLgej*
zUC~qQP#g#LN+j&H5hALMfNBvo#PiTFf#>jHCOmr&)A9WH8N{<n|2yHid%p?KrTY-i
z>~lJvDf<PU#ZMXVjM%5*xp=6Crx#<ihWm$_@%(MSz_Y5rv+;{Mo>w@Y>-GSiSB-d%
zbp{Hr8t{xT<GEr_1w704X&x!cyXJ=&LdyC9he*Gi?S!69!|{+AM@7X^QE^l%;CMbR
zl=PB@qsP1EbPORSK75^)9WRSnr*|YGFq|d{4DEX)5}qh=7i=%AcT-V(Y)`nxO+~@#
z-ZkF<s&Ra7bI=fNGH}Td0q{3Ni~z@fGDHV>!_zn!Sl0helY!-XHTMeu@7{v|zm6Yp
z`DEaby&T|%AN4m(1~%El>oMDo!5Y9$jP~Li<1<|afFl54%RT|{Q~bR{$+;GFTB5**
zWnE(x$A&$8Ccve-*s7N#QqmU1P!0NmJ{AZ>;uJ^LUNL8&QXao3krEGg#y}azdn%XW
z7`DgM4}Gf>)&{~z3n89T&rvPWg4w$764CQRlyz}Zd78+;*bcgu7DE+_2%B|Xqq|gH
z`-K*DwkeKDdo<rs-Mc0cTAGI3wRDbP4WFFm^vjDyv!d(&kutyAW$gG<j^TuRtWWkI
zb9uHyK`dpqD^FT^m_~7Ko-*6XC#^^x=P3=ydFK+amrHTShCWiwsnlNh0fATVYDdjn
zbV10sVsb?8P5_r9VTvsWh#RpLZ=~(4oQlzQr(}9#BYo|iJWXRD`nW#m<D{JuDeG!*
zdKY(?BH7<|i0q4?I|CwLjDac5-!zbaG#l{LMxiZH{Qb6LlEf}r6g}^RL{ivR2)H*f
zkOsG2&sDVaO4Eh8J1XZn4Bc`2loh(;7TGBttgt2QR}_UZ+sLP^Vy;hrT;um7h@NAp
zJksst^M87>!-!@g*#YO+E_#mI8>PU2ria@_i@G>NZFgD-yRJCi+a=5lY`jnjwxdOU
zx2t`M+ZC)DdTObKC>zVRhk7iv5O6(imHK5u$m;KF65?Ii*Fs3yK>jgqw-O^9fAs2c
zc((`KeH`qUjE9&q`k8a!ETTsom&ob@B<X1(BsBOn5w<r&AJ^i0iIm;DdL$C?Ig04k
zyk^{SiG)0_;S4GByR)fhXQ*J6MEpf_Fz?LA`Z|5=S(lHEjrFmU12+CEc|8(ql-Cgy
zlt-cY>z(Xc$hN~mSV(b<+R48ON3XWr4G%T|Uap(yObW|$9#mrZyVt<m1L3xZvTc-I
z4_R_8WOZFE9|Yy~u?ZzZ6<E8~E%4@G{<4pk<I4^?CXrB@Y^kJK)wZLelr=`YLd(Ad
z1+7ly>f+nv4#n~NHlg}LNCQ^>KZQiuCT|Zq<?IX`&t*nYIqL$IvqMzQ#WWc?>#$$W
z-izNNJGuOF?lu_UvGaa8&z%fEV!iw#!OO1k`A?j&mGk&?sLL;}!Q3vzQT2PnfGP_t
zu;k^t2?>85tGf2zx2x%cId%LjKJKhUN}fT&X+XH>0VIr59P74g-==^t5(q~i;X6P$
z`2lS-(BON0+~8;Nzm!R&<Y}aw50t$g0Li?<M*}}n7QKSopIRoTIjP*=<(G%YQh79t
z0}gCgL;mgXmz)OUfOT5o3SO8T>Yk&GTA|^gdc!NA;rj3{y3=a86=U-RKPyulC$?#C
z7gI6{>#T=5Qyx%<P3yLq-YOE9k4C~BD5$3Du<7k>CW#*VLn0+(knkW1s;MTZ%iAR5
z^R58Okw|$QD7{S$f`VZa>t_}eXx4cugK}NtU*?B^xE5?vCG*}kZP@g>R#>=A44d3R
zi}69@_2w@_^GlkThD|p&ON0)I46wib@=$kjs^?Vxb%%Xw{ic{RnYl?(*tC~jLkOYP
z@0DNutVzRdFy^n~4i7@n*rNFpu&z;*IS4*P4|i;S*b>Zy9}ni=u;fgn%(k!_L@nRr
z#6kQlxX5pA!LRc<gB8cP%@Qf=Lz(T9o(8hnJ&k0EiX#KaJl^)-&XNepd4Mw8F(cc3
zCbrcThYRSfes+nn=$TJy!Q92ZBA5&HGezr1`su;k6^yQvBD&ovT6b+VMeCL=7|d<>
zO^?>!*&?F#wNDtL^~}v`w0<*F3+DRv#b~`pKXbJH&{olJ92Z|A$Bx#c^&Q*;$83^_
z2-KTXHr5I8MPuPxX~jUj`X-5#K=4%5)v7pBw-`($5B22Zdk6`?cs~zQBB-40^jziB
zJO|;ecKGFyo1H!-(l6(2cKMVDzZ~2g8(RFFrgti%uYggT`^_JPr)^Y6R*l>uDj&a5
zBH@~DLPWg+sQ1hLh{G?vHQ0W7Qoz>cNfT`MJ*mU?SU-d<@`*da_RMAzY@IeCY}J3&
zVLQG_z_u>K0NaNfRoK#dYp|tYVAybOrWv-EHVfD`2-wz))L~n~VS93e23rfto^{f~
z^5A_MY^lVITlWnbZj$0C+9c`Y*oi2%G7#H_#zZ6r$XQNLImhis6}K${w=J&F-(w7T
zaRyg`!IZ|_pV|w1-Go4DcbLNHh*RtYijMc8s5|!3kjd;Vkg3zlgiKT~9hn7vfINO7
zBJ<;IklC}*gv_!Hh|F{N0eTA}le&>36W@<B^0PFj;)vX!BJ*WW4VewS5Sjd*W@Juo
z6v&L=GxDMPp4E}*g+rbw#gVho)G?epC6SUTD1-X72nj#!0=gQCBe2obfo=i1myxas
z&~<PTf{7K1<LCy{aswoPS7+NA$YWfXBLU$Pm|Zz#wuee#c=Yd7B(79bkt&K~#0G<k
zOvXm~LnHGVnN)-_+ui`mlI`Jr$@&1M9`1H(>Ev?CZkMMNl*uoT+#So6Xm^~L7Xy;e
z;!&zT*$dbFqbQ=qG0<YmMudp#ns9A#VYeEkI38ZFPM{UyZ5eL=)(CIMz=%#xaVIDa
zyGHg3lD!RN#Yh%i+?^*%QlX3+dkST2o?%kP`Wd=1)<L(M<m`GUH}Uv-lQQ04ipqHE
zXWdP#EER5IPZxumc(FuPMpt)D8C&*5WqhZrSs8n+7s?nb=3?H?(v`86MN^&+N=@oG
z;5UhsOhr*F08t!nNQh5~@F?2cN(#h}D>!-z1X3>O@74-kYU^iXo$CF7p|_|st@F!T
zqe|5&HS`v|{R7axzaeLH7qssw)zqBXM)|GSaR}Aw??<q9!60Ini}x#jdE_pkQoBH<
zLW7>wRcZYVMG-BXLfvRU)HnYKuD@-FfPVXg=8WF&F7W@TiwXa?x)|_B-<1^C>5ll9
znDJl7@&Czy|2l#H?>-~`Yc>3z(D1jRmNvYrO9lK(1pX^TH}Upx9e=(6#nyJsf9WP3
zTx0AehOaaDfY(rL_c{m(zhD1fb`uAm(XluUSa2rIfJv|VgotYeuxQ=@g^PB_v1rso
zU=d-);#xq*g7rWw9=szK->x-b@$MSLBJ+rj#e-`F7AK8ZoGVtbnAugsLgrXJA24I_
z{aS&=a)CwFVLBG`I2NC*{tuDXhpUZH99?6uooOhwAt1$=djBrc3U$iTq4@l&q6j9V
zfys`#gox`DxSm%JWjn8n2E~J&1r!rHo1hrkS%-q4ze<wnouFv3#so!;VuWJXAsvbj
ziv<+P)Bweh)hZNKyJ%3n(+Q#Yy^|S=4r?ly#l#_%%%c9P|6&%7RYokj78}fBI*RQx
z5L<!sUz)|b;W`$(0SnG#IWXzqBt%@xaD7i*6z)9%4U4Q!0*h;%Ojv|E=~x8OcO;!o
zxf2%iR-3Sxyb7`K{-|T&SS_%alVZT)&`K4Hm;4$Q`+bPTkP28VUtPg0E)A+=7O#Kz
zAI##l?~G7vT4gYc87Q@KklKyf|I#cx!*nR#x~wRI$#r0|qBbGodN*9ZS_ftOYG)0K
zBA<X_f!Ra7ZRjn+=sJ?>rQZpPTB}S@T=@>6`1S`Kiq}>ODE6fppzwdELUE~+2E{ds
zP{dT|En-(yFpH-LRx*n!-~Jb~xcQ9{i-eU1vv?E5*0wew;Zcr%X%?Rj(Xsdru;5IR
zfJv-_5OIAET>tGr;r{K@uy}?FEOOIKSUi)aWAPOFj-<4-J7MwacP1>J`4+Kgen7|K
z=C=Zie^L!tlzyXPG2EwNaUdPBIF)L~V$OFJ%;ISON@kI};y;+h*cC=7zWml;7Bf+5
z<3MV^-SaQaqQPJtio6SoBAC1kOy=H0h`7##>*s2rY@eeV6s=MP6mOe*i&qT2#eQ@h
zNe4RI35tKdF+p)`1wt`zpAN;?Zv+&tbud5?ze0uLXu1Z)tQ3U8(%B3}&2KB1MaEN=
z%%c43|6&%ue{IB~@izvucn8I{2E^9u?tf_(GY0Bd%m*wuldZs{=G}yd>$z}!`fe2N
z=`;<C*U|(QPo$c#csy0dA`LxS((jMo35(}en6T)!9I?1(ua3p<%LNu6JZ`{Z(bp;#
zUDGry{!B$I)~1-TC|ps&EH?G6WEO+I`VVH&?<*q|?<_Z%#VnMXr4GbDG5^vmYy)&C
zhLtOdU{V8^yb?o*xc&{G=u;DA+b30nVqCg_qN&+K)iHReVssrzGatJX6lcCRL9z8K
zgyPlRIu!lB7EpA4%mBr`U#U=RO3|SBH4UM7vx0~E-`5q)qJ5uAX7S_F|6&$<mm0CC
z_O-z*-b1maffzg3|D{=se@e$f1}r#}CxFTS?jl57KLFRe@e^b8?v5H3-Ms>fwmuUU
z_xp4#TBAox%D$tE>hqNei^OG!#os%1EcPxFSUg~KQEx6)u}J8sVX-zDvG{<Ru^9bT
z1+(}vvyxeKTJj&vB6W!oib=~1W-$k)#z1N-qW`5?oa?JY(d7?C5lr3zCS#%r5!WN(
zy5n7Z{_k-Oifq+Gjq6~7BCCU8{tsP8Qgr(}L9u74dH!z+pa0vTLy@{vK(Q&o07c{y
zZT`=zLGcs!P$wU&F#or-f?3?xyOLRyEdDQMv1+jqi_1$4X7K@vZ7+x|w#L6Si@|+#
zES?7}IFqBm<YaY1#PwHj{T*L{@LjToMUTe>7GIdLm}9`gi5@NK$w%&lMaLy3EZkor
z7N@uCSgiU|U=j0(0gDNXRV*4OYgnvHLM-ZZFk{hsNd>cbr)MRz@O<$f%%as7Mkunr
zG?>MFl$yf{@lUmXX%>evbtu~Xt|)?u3z%e9BSc(Z1t=b@j<S8Qg9gREjsl9<WD^v1
zlXWPHI`Z#KiFblx<zf>Qv%f$n`fSsoXth}V&SZq*!sjX!?>weKk=PNTm{|deor^1&
zMfDz)%;K{}|HUjmT4coH=PwLq@ezux4~Vg5)qiOgoqOw8^aU(9lVQMQXA~jgIuWkt
zS5+sN4}PxB952Azli>Cgyd6Cy$x6f=bDV%|i)ua5kD4I6nW#hd6S|lr_VAq`vwdNL
z?93vB?9(keWD`CYkUjpe0kWh;Dr6@g)gX&|3?UnzXojrr7Xq?k0a<1@9WuUL&35I}
z|6n~AJ~e(CZ2q~ydKRMez5wYBh^$~e5xVgNH#^0Y?q-*;qS(+IJ$2+Ro>UaUY!xuO
zJCYD_Jq@nUM5@TuU!)@UDW7PD+gtH=^wz{m$UT}YkQ-|@wxI@NbD={@vUu)<T<1k5
z<R1Kt?_04+M{fOR0=boK4antxsv_4cQA6&N4v5_G3dS~Ikw9*ZK<<MK9l6gqa*3b(
z7h{Y6#0cG(&kV-)8K0pA@hz}bFt!NY)`DA9=(Y&xw#0^h?5;z12B722qU#b8?rkGP
zT%Q2uEh1Ft27anS_c@Q?fV@UT#jiT;HL@>|%mZYnZMX&!SLlbH9)*jcVoDYxK?fk%
zWFsV}31zl7KgE@m{M&ya@XBw7-~JOoAnt{@GJI}(%^g4APH4!7?Mxc-W;<O&ZYJ?@
zRGT|#NV88(8dB{O)Q}w;bPbvJi8_vIW6+R63snt?Y_Dm^&kv)9M7J|*NYbZ5Lu!i;
zLwQ|v4UzN@LxrE1J`AO8lSs)D6xKixR*BW{VTf-epnVPc>EnO@W%0+4jp`NiiQ!Ww
z+r}~EtxknjldL8+1EK7ra&Wy<`{1))sMz{g%65dZpD=uj=6v1;K3627Z)ueuYq1w@
zIIbv^Z40kBt|)@CKTs~kjNRTb{vz8{oWue(3@=pmYZ+251<FDze$RBrVJf*Tuu$Z$
zI7|5IS4ZMPp2Xs6vBzF8g%HwWPjEzwJwe)HPq1m?9(&<TZl6P1tEnfHIeNiGv-Vi8
zY&2!IgKZ3Vx3w|c&7jO?H{O+uciX}^zqMFMVM}jqC1tfJv#pD>k`$)!(y!v6!Xv;y
zPI0>cpNBs}ZD0DZrtJj@Lfh{*YkMt&w#T3wjrX;-@>JMcYJ1`WleRbb7`6SE5{U%F
zH~FtV25tAVc)}S4@SFVDk5p~1`>>|%=h~sRzy7dU+q*6h+Wxi$tv@uqv##y<eVpwH
zeLupYX`Py4>}T=aH%p|X1OfKdgIIvW^Y?trU`GXiK<)YNt<>{1YY*bPHeVts?3%Zz
zi%oH~{n)to$Mf|FDH~zv?<n&_r*qKDwot`FW&dU;6eWvv7~c8Cid%6azZfrYCmQ{W
z`HNk2-}(wJ(to8M;jiLn@p+pn@AH*0{}y?#iSuu<vs%;nmA7EKd%kIdIIi57RXYK*
zYA?-`NLe;*_7V|Hew`-~+AJ~r#LtQ%B%BV?NTtlN5c|;RF72!&^i{xO*b-$vkTe9d
z_H{9>Cwp_AM7$*n;2k&ccbv6R61xx_TOksL4~5<uU?HiVQ<aj0yU*jf(8+$5=N{;1
zL3fs)jdW*Imgml;Y=xVrqb_#8iofUZ^#T<#hwqwqn}q5sAMhIq6>t13ZqSN1Hi{c@
z6>oelZe&!v@x}+YN%PMA0D7`bbjl_$K5xH`_C{nyA|aa+32{G0$hr;$cM9#CLdc<1
zLI$T3a*h%*z7rufKOr*$gf!?%$fp^Ec)Ag?t~()}dJ=N57a@Z(38~+QkRSUJ(yhN?
zzaqJxJE}L|k7zbuc6oy)HcXl?kzfYy^I~f=Ut|}`#s!-@=HiN~T5waI%4?dlXBW-Y
zw(X0f`I}q=Hd5w|Q8J>0lI-!b=(+1LN%yYh5?Ot3eL}n|w_6Aay@NBi{oHZ5hl9(I
zfoy!<RlL<BG%=}Yo<wqbX#CMDwD7a&B+h^L*AiJh4*Bl}{trLJlb;PwW?GGUZVtRv
zF%~J2l!*nY8o4<iI*Q6ccMLw1k6owiC(15@>-6{l)%_o!Q=8a?7CDCFT-lybnjiNp
zxLbV&7IY_w2LX{Eplo-jEm2pUT^9n)gs0;4TMboq-a4OM>}ROT2|Si<II7-Hl!a;H
z^_;$DdBv>$4JCBILP!|%msycfC`aB0p{x~abL#`E#Opb=DYH#_U(G+wd0!%730Jp`
zjlp}Kx$3=Ub0rc!gM8DYDBDAs<J)GpTwcFtuC|V&>FP%sz(XD8N!_DL5YJX$NhI_f
zPAP8*zlF&yR?5y{5;e3uv7NtYg45n8nfO?TK+z;z&97{x>>9vnTnS#~eTn!JuLXzF
z#Ajpj_8I)tAMc@pfBc?!{-oLONw_u)98a=XE3x^#$`1Cc_p}|YC}ktv8GIkB0sS{p
zW^>O`+0~oFGaz%mz~&~rCy}!Gx5}><qwb%sOFX~6z|FzA=s7xkhQ1!5+jYJkq1xO#
ztVd`$TC7KKkLK$UX3jCLM@Vf5vM#^PdW1`e#2IZpLN>+q2uIc;Caaf9WVM1Mzk`kK
zf6}xb;r-dT9^rQ+IL*<V$7@brDv{8~PjZu-#^27fGj#D)o^3z>PD>JQFR#z9RghPO
zB?<Rk<4Y2LdS6|VkcV%7@pelRrsC~O#w7`((=BB6Of0`_T$13@mLz<FH~-}CyA<<P
za6U7%JhSqWgmJS>OA;oJth^+l$1LGgbvbRHdIvdCw#f@ZSypj90=wwhPUYMaetF<w
zzA#~L3j5VBXKzbk;S_d}$`Iek)A%lVvfoYNM+W@JgdYRpM;2cTCHvj6@FN?3B*Tvc
z$~q+|j^VSlpwV9PmxYkEwtEQ)zgu5Tyic92trM$FS^V^3iIn^ebatToqMn*}-*C3(
z5rA$u(ES5+b%8Fwo|bl>H(T9h83~hs@P9yfKM?johOh8NUk53RcC-{RHZPM?oj&;~
zS3rI#HX!H3QD%E+w(7o`&z687fihbot<b>>lS3;~wBQHY-Mm_Dw;i;5Z#}Wkh6rM&
zzaxo7$Yr3waf;*7S=tNQONd0s+7zfbs-C)hzWyxJiw(u3BB1L6bc^b$i|8-EYm(@r
zKqmoRCeTf(t4XTcEXnx9_W+>+Pdpe1Q|fAx;_DO2S{NmzE$e<Z7Pl+t==94IKwed5
zsiOJcyW0AM^Y5yKr{5Lp6AC(7jF0*DDz)_&p!KhvrsW9(-p1t#et8XQW2#5Vzh2Eg
zHM%Y?PgwO9E>DP?sx41Qn)t3nd`e_^Aijld%)5rw34`C|13Q`@wgexAAMX4cmYjhw
z9>32p9{XQoD|UTITh^X3TTBymKo-%&O3Lb`wEqNGAT*)O*6%*`Ubp-B@&hq0qtMHI
zFcZgRb((48vVN_^xNP|Yrg7PV2lR1SZcChnSakoLW+6U)$22Z0cpJxMsbA}}5Ov=X
zvk(LCH_SpDovDt?ro?LFvMnufT-N9T^SJE0cSI*qCg!QGCh6m{L)_iI^_E1$IID%9
zJ?jh@CK7y=CK8I?lE^xoNa$i!99!QuD8C()wP_<l!t-kr+>$!dFK0PH&6HGittO?6
z>jK;2lSgiG@&&<LV2I_D{abK4p|Mv}F~RjA;M%FSX^FS>Ep;J+r;b>NaN$jfgqzeM
zgx89MTBmCBePkcd5bV@cAox{N6M`Q#)e-!*1tPe#@tqL-b*2fy4R0ZW`O9<!d(RXI
z4sUEgu<lzbf+bBg1Xnac1RFLrBY0(|Kyar(@S#U_1VxVSzBd5Df4$QC`!@uH>?Xyj
zealSEL)lAeg5*Yn<bJBflY+Gc--zNtDv!MGgmJI{5&|<h?}95dqJsf8WHTPvyj4rv
zswjZ#wReR(+*A}!(G@7Xm`P-N85FU+{TNrWedcC_1ftFOXF*zW5Qk&-g4f}>qZG&6
zZ%KM%PGGeYSY55fqf|z#D30geGC9gWR!F3zE|C5Rr1fiQlW^oMlZ##tgvj#*5FWb+
z+-9y5LQy%>1py<@Zh|Z)&cIl6>znGHDr?`A2yTVuZ~t_Ry<i>kk9mVnWZ6p^09U(<
zkg&fNZrcQ$GNEmC|1V@XAciImaM}wdfyS}FAs(izy5iXShS<XXI}922K<$Aj218{0
z$LqkNbClwk^@g?~{fl6HSwNp<B3}DCuFdeVL)gFdpCOUL(%dAPzY!lH=T*w0>$)}D
z0X?=Cik0898*}@4l-tj1jjbfSj}TJQ7~Yb?TMoa6kP;VMJ_?t;;j$52#=#}M2aU~#
zek|#uhIcZy;2S1m>p26Bt@f9?vHdYa7~7K#4aT<kb=BCq-LDzjJQo_<VVBw1UKQdk
zY#}CXw<hSuR>wjJ+ZC#kscCs#=>NW!NQoQXXp9RFvj{K6tP|U#(>1r+Ts6ttX6d(^
zu6b3P;&^U`wpQ`(lKX-848c3SW(AXEes_kC{Q#qtINh_NrOG2W3Gcee6_E2b;WjSl
zWjDnM*B+2ZZb}G!ooLa`ADdeM;2ezsyVd8Z-YSxeU3)>1L;~!e@V7My;kAZAtsI_n
zbEdJCc&@e|7nN+ExkczsHJ9+a-X<o$+qQ{e{TDjKq;U=Ixc=*P^ZKvpeEruKhV@_5
zg(|daU|j!Iq^<vItf@k<5vszM?h5O_UKgrxMP2{(u&xTf;&#EI8`^g<bQ`ZNlSoN3
zki;2~#HX0?VtZ(sQ4jd0DvfWqsY>f<#@_Xr>4x4F8AmoIB>cF&!iFkp?<)K;+fku!
z4ah^c#HM;qg|@XfAdL(i!0_T-ykoT&Hb4ixJA4;7Xe2lVuQK1Rei=$DQaxD<xZ4`4
zzsys6E;q7@?I<|hWA7JmKW>KGV}QFWdX}WU_3s4ti$x~5`%Xi+8!Xb{zA#O|J+;08
z?ys2&cV;6E?qBXhxR+FbdwP+8d#iwZ*F!qo%f-F|ul)y$9`>3M$$8T>i?)|M2$Jgy
zlFN;*XwE%Ad^?PmEcxUfo19?d!l+%ssAEGn+Np5b3%mWTD4g>%!1>;2LipvQaCsc}
zHMF^=sk<me`B{^@;i2TAZrpmWwc;4TRBYp*;=54slW5@td~B!ou|k%y)7#HfZZVWK
z+yqy0KR52z*Gh3T(71VkTPbkMj5h4Yl;VyBW{)DX-Y$QUtq3Q%x;hodd9Ct8Q28KK
zt{)9P@Dy%SkUuHbvW|c6v2|t=@!Dr@@|3q9_n<xH9F7;_D08%Be7um{Vz>AZv^zMW
z#qJ<&u{+o_akstj4bGsC!!URVz(un*Sg#DUcV`{L-I6+ny8#$a81LSwZMfT-G8=WM
zV~fWeR#H}zGTS$`)uJzux~&*(B;)$OS8=qlsDaks-fSq0=%u<QBN|;-H==6j%#vEv
zxswsazh*L`+A<o^p@q5;eIW}Y`mMIXh(^7t8qqxsG$YDth(;84nvKZ!nlPdlMECh>
z8{LQo<5!@ap-mYkr`huhiIh+PdFg$GgrBd5o$R~}i*eQ<P9ypXhyvBL$SqAa4Voi0
z!sS5dt_G1?w#%dV<$>J5YztlyUrn2;Hr%k14L56p`7f_XgxxIa8mTyrziP1Gbm0FR
z@LyTAqWuQlF6@r|?riLn*;f2i#m(6#2RAu^CYCA@a8bEm#_^WloeYMaAPhZO+@&x!
zvOT2ReE;i;!k^}Ec$(%_3E`Iu;j#>qWNZ(<YP9)#Up3hLLyF^tsj8s`pknj;VGLhY
zw|Qs^&Az(gc(YI<W!3;YOPTG*sYcu1Hq~tVE{$sjaP1CU`&F%M`^kmqNaU#y_@h0y
zALmp}xB+F3F;lq-C$!idtdqDqryXUs_g_)xB;I&M;zqTyKrLDVe`!XAi3CRr(5QOU
z)r@L(eRcnU2Il<(8t6v#4aSg3wePu;QJr|jWK`=5(WqYjNH?lpuLz^sb+^H&oQ0}U
zt#fKdWv$Qm4`^UEsy|;5Ms>e1Do-ojsO&r@%?@Zb1u?1RGl`Tu36kG+KaU&hNAmoy
zd@UuVsTzwktQ3oI?O%}3wI9a0g<2ePH|Kj*@ck~r9E$k#fqty2|3di#JR-qSKJ;;F
zP$IguEpZ}RNuVsxEmVI?a>&uf5VBy~(QZP*k3|sTYxc013b_6<pza9|x}qqYXa}fV
z7&BIE%?k|{(6T`xAE2QHv{4+v0##T0L&ZekzAQo;o4E{Qvo~Hwb^WQpsQWt$%)0N^
z_zePnLxJDGh|0R3!kHBn+)nq$7F5>#dHJfMznw31f6WxN=<6w!bpQAi)cwrbn(hy)
zEp*@QFzLR-q3iytdZ_z<*zctKr}9m@zxid<{a5Dcy5A>X=>CUxgYGwYS=Idw4o&y>
zI8gUz)H3V-^?afGi9+|=wa|6{0j~SOPFhz1x^G)3k&+Q0`D1Rbqm8Pd7A&3&f>sl<
z{A`FbP<YBP(N)E5QvZdM;W5uqoFj=)9KXD*bu@Q#{*g^M|K(PKAN3=7A9IS^z#+dj
zO_Jh{6&vHZ@OyJW4l1!YpMr&PR6UB0UnlU-*m!Y1IaI5a!2qz~dz*+99bdC{V(YML
zlh6Rf&@2pBV0|z?t6hZ%f&2`rc#v<6msU&Dh`(ZlM*LC7q!CB!=o;}Ux~Zi3chrde
zQ%oAMd@^c8aIUTqbc)c3-bRh6Hd)n(W%p<rF)Ri(qE{WWMx2=<G-9=g)0;HYHG&_V
zVcRhAKa9B6PSoObNpW18Y#4Ek!pV0K_Fl_>9C3yEKd5)pA6`-v&TI%U%eN51FWbXq
z3O|ACo4YkY9;qn+u{ceDTrvPs8-u;1r>oux5btCYAooo|Ku*4|1M=M@0m!{o4S<ZF
zr~=aHZViwH9FS2J0O>hd0Mb&J=*$OnK<e`SwcEV(pXMi<zf@s<a?m8r_9EBLZ9+&{
zQssHcL;Ad=(VVWiLi?L*7BqhCXH5tx8G|y9KQg~^iq4mLl{e;_omcsc#KOE=oVu8u
z$Mbt$<ntzDao(hFo<z#B_=c5h&hZT^mz+}+e2TRb;dMGv=9q@wFnaAhRuXbGx9BGh
zZUBk~5c{oaZpz1z@+7i$3%t*B{C%p<S2J3QqMN+Q&vuei+;J&vD?1qaE78Ke0w{3B
ze4}qC@Z6%qn486Oar`0|$Iljs53y^+=8JrLUdk5p-Tl}caRQ_{D`xP7+hpGOCfp{$
zCQjVQtaSdRxG}Kejhip>8<lqTKK<fta&>mTc$*BO<>E$m#T)O58_5-KOnLD(IY(J9
zO2o&u(kYvk;SpsU?TtwHk%SB$Nyy^Sgmld&q<)Z)3ps>*HI9&l69_4uLdd5R3GwIi
z93NADPp+2V^HiRm-}6MCn%`sGWxZ@X1{M$HVSZ2UE%JM|kH2+(kJFIfvvw|i@s5}w
zk<}?p3GuE3PN8qx|Ev6-TrI!n%L#gZkJFIf^AzX5<#mayo{Rin0{*?)SI+M-zT92o
zF~28Q%kRnkzvuT{dQs2s>Hj*<?-?HZf64F3&HX>-_vEViJ+HiYi~Js^mfsWg07&R%
zNzd;w3gyN)%<ti%uqD2z=l9GTr^SooD(3feAFtl?jjxp7^P}yS`90^y8}fSw;zLcv
z<4mH9-bXx}PM1jNjduTk$nSBFyIp=ywQ;E68(&Zpa#p=iIlt%h3zhSG_Pub2{GOCt
zmE9w`ru?4wU(oV<RQ>kGP<BJf$iVE9G8DsfiIB2Z`6bsagjjM?Y0>NOSLlUKAd2)D
z%Jy*j7ONv;f&L9HwqEa{*z83T3H5ong6?x}Qm_GKwuKs!?~jv+$v|wYa@2cEbEI2a
z!_J+_-SuZbqCWcz_$=?jv)`Xz%v*~W{j!pQ+Xct1ehrCc^9Noy8y|S$G>L>3#f!6=
zTz%m&HjGnGXL9x3Sn0e!adZNOC%|(N`nhvc*-fyBWG_1gmYRTP98q?|FAsIcrm{0Q
zPD=&#3AzWuk1YP+wJD2lFk2!ebD#@78cRrcF+}-7=oViEp#%NdSrRGv0O-qsK97$I
z?&8lZB<*J{|9L?o!FF2hSaoLUOQ`-KRIk<y!f!ljaF=0l7z|348yyF=K7v|}pjKoR
zqBdnOxF4V3^*B5R<7$p%{HoLe>MewNZJUAE{|fKKxc&76q~4aJ9U-NCw5$PDKEWAZ
zXsRWrPe%G#f<BAtb80`oE0K~<fj$lB|B<x(l1n+J&!)?PZ~+iz0O1c(g<}I)RpYS%
zBBR7b<!58XfdQXu>N!70%Pe_YD`Yt$v!r=rQ)Wq`*6vVf_an)aSz;TDBio6QRszn2
zYljG+pQ|ncXlH~efUX*$2hazrV*q{brgVn@n&g-Q=wHWT0R7PnJ%D~8C<5q(oDmP8
z6UM3m^sxvnfIeCc1Ly*qIe@N}BLZlC<l&xB_Xc_ZeHPQ{Q=@!r7iEqQEw^;aeS(#>
z;pW>CDft|PHvxn<j0fVMJtvU>yXj>&|K;dt-gCy?!;XyAW<jg1odbNoC5C}ffZc?+
z1CKTSf$afAvN^;qD3eomI(_oUoi5639W3fBc)SI7;ocd`!#j-Gcj7K$^&44Kr4^z7
zm(2(%OEZ3xRI<6N4zM#qFUqsABlodmq1S+co}+glTOz0>YgaVGaQUa15-C|EPA4$N
z`-`$~6A8}9zD=|_F1zwbVo3HalKs16^RxH{@^e>vPsOx(b};l*oQ0Itqbxo}eX6z3
z!RsEv@3icSpAB`#QkJL2By6NR8P8R(Gzcjh15J!{yDGlc{xN{e7Mj0_dIwZIp0(n6
zx1y)J=uzmD_29AC@zA1<pqY-Jo|E`VNNF*Cwn52=<5`xG&7qrED)I5mVL_qxH22`$
zWpK9%Et-yg`pJ$KqBt&((Uxm8S=|K5zUF;RdrYW_?(>R7LP@PHAmN<*%34!4-FWWL
zU!y_&m+*6c{(^Wz$Kd#AV_>G8QCm4W!~LKAa<Y@k88O{^()_boRL%~0%K7%sNBr`@
z!=9^tIcqN-N}Ihc)l=@5b4xv?I7x_Wk-RZfY){W$x(;P6UwBg@#otPVc-M_-PDr?U
z4MKQFYqJ;LKp)Kr`slM`w38^IViHtbi4|XliWhNpGC%ML+|2J(UW21F#qmfs9`pL@
zTUJ6m+Y3wWGuIbxw-=;w?!13_XN+dL^(bq3{0)f|7bExC%|X_`hiC8xcn9;e{xC7c
zYmn|^c#0}`m<Hp$%Hw0SJ}ahpEfReRM8~UWUCF0o^mUBItC8e8AX$TbU%tNEbedH-
zgnV_kX}>(&MdgXHet9BvBE!b0{YBp~+HTVsT4CB4vD@_NdKTlMH&<s!L^Qku8g5+8
zwA*yaNbE%tELM`rk2F-jUbmD)A2QQoIxwQpqW2+h*zmxJ&#y~&I51+(Xw!iab4Otx
z(*HI6z=*b^#eornI3s>w#GfP810&ueS|9SR1rLlM7W07-dq<n*Nq2<owe<rd#35&k
zpOuJ5@f^jY8Xlx<qLcFDT`*Z32UEr)8WuilJffkB;`n)#ra>{qB`DErAkp`u2&O|v
zP&wC$OY&Ba!X7|7XyNlw=>30oQfB*Ll#19)Q3~Bb+zqv~=?z{Q%g6569h{8|+3Q+#
zRpX6EwIC!Ml*~CQ=SP@MKsYf1o@9^bYG`6zi}Bc|tt0Tb8^OvBtPbEOl9rpNOGFeO
zhSz%zUayFuzgqN|#bAS><_-08A|~PaOf9EE?e$o@1u#wI#o1823X7)$Q#Tgd-WVye
z#+pnWDG`<rjripSXx91HBXS-V&VhnC|5^nMYRj_%X&F_pWo_WR899%F2EUJls*yQu
zja5Ivs*G37=?3;+B$486SOAwmXuoYCRC^1nRkasRsG_+ftokfg%@9?=q832a9a!}j
zsG1oGA<9lF7l=ut6RHXgeg;NxO}=<mBKCs&s%ZYp$9_;8h0k)Qbs3#j{&kD+TK_Y8
zEx^xk7)di|dJi^T^+7_yzeE^Z)`}6PbFu!JCXwR3NP7>^)`~EAu2)Cso554oav#v{
zL)wNw8?tE*?92$w5w<AajU*2|h?1W(P2#F&FPw)<o_8va>@10d->?~c+ab!LN8FSQ
zzRfRB!tO#I7Yn1Hbf;f_8XR1~2-OB&9DxT4gM%BR6%ONt$)PH>P3Mz2;Mw_uCBm~i
zZKe~qk3EeJuJ_+O_EEjtr+-V_yY;^z8N6Fk*Bg@N-Ik-<iQkC_`QC1E>9J=t`G9vT
z$wKcoxlrHmxyLhN!{>a?h;R5@JB!z2wl#lAs&}i2N82WSf1RHuVxvkVc(+T>2%TRh
zHhgYV)5057>;-eMY^GQ|i24<Jqps=Xu}iN>r1%FEQ8y6L6;!cgaZsrLs&uQM+V+e|
z^_J*7dH@eRJzaM+<A&pu1Rc)5Jf!1h4dc|!8gNjEc>vc99=79f;bDscRTRfdSy~Ee
zOz{D1=mlu#QLAaQ2Fh%IT?MChknQ4%arP>D%w5iaoVSYyBDR>Ts@g<|yRkkcA|MBM
z#lZ+;{XP0Qf}*Xd(AHkbyx8HxVc;dp4eIpzFbVsY*0oGC(YaXMQkEqm_)Q0XOVI>c
zKCc&3D83iv-?A?h@517n;7IIP+%XEL@EzrsZwbrjr%h2(9pG^gc`O3f;`Gzfp<?ZD
zdQ?s;KO2KN?M(y_Jg41=#HyhJi4=Clhu?wD4>yE1oc}i9zr<1@v7Hs*6gi$jxQ8mF
zvz&4bx80theStXd3T51F(RShx><$3C0T$C?f^CLMM%%q_sASrC|L&m@Vb~Mpha-Yr
z^23(k1Nk?koY63P!wz?cl0l)79>qtokvc8Gx1)vV6v;r*w)hBASb*ZW3KR+aK@TBC
z89ZoLJo{Ze@=3)=K7UJ$z8_`?9)CtAt)Q7|JP^5mh(r*XG|I-{wgpL;@C@=x)k1iV
zOe3IW2SMc)J1yz~frnv;yGwCchDfBWI%sqUCu%f)**Kb$AzFR3B`VsbS1O-Qv}JJR
z&pclb=2M0v(XfZ3VSg}KB4vFI6^jO&vS25|B@>5I6_x`Q(Z3DF!_aq(M_;(<WpNOC
z=b;iQ{skY*#~<v;S8nkQ>A}GgesSTQ=`LCn{n~gKByRMwA4Bc#vuMqEj+RAoiTzS(
znECr4@%017nhAaw^uUmi!YDEWMv<BP@b?PC*kyxmu@wFNLF!rXS>h;ob-V;)CF7Yn
z7cf09D@555%H%i<<g-suIrp$f;X|i#K6JXO51sI9lw9EE%iL1j$=bdY{LGx8?gX3-
zR2&BeYifn_e}xh${uPs>LAma!YKR3s8!Q=f%q|v4r1&==eXpgq2aN~?UK(slAlm|@
zCou;aNayIMY5qLew2*Bs5S{?SB|tbfQtR~b!*F!YRb!{`lhd3&d7>*I504G-0nN<8
zs*iqcF!*R3&`i<_b9iBLsMcK;<7+q3+T8%{&W$v!i8((2WW=Z><fl014l=#pnS6;9
zpMmOop!zRd6d5Rr=LebIuoy^x2ht-z+K7{8B5C>{lYnOcX$VM90_mUnF|MBsGJ*Cq
z5T3?KSRi~NqC%+D;mR#SCBHll(<Ss+DRYo2rY?iDSgE5{*nW_Rl@8Z1<r;=xR$I5U
zA|za54waVohev(ODdDmI7M#vyG58om-3f}L?;suo1E+bw=?~y^7jSxq2bWP2A)a!P
zqZ*fA?2-tvB->|h_LSxqyWzq<vs5k+8yjp7K0LX7<D7_;gh7^I3&l}3K<D29_+LXg
z0sn_1xN*dWKbDLRIP2Uk9k6epN$8iRNTm1*Fq;X?!Wf@Mr(BZMgo7jJMKtKVphts#
z7GL#(M8ey6G`JA-nZ-YR_D<2@-T|5h^`I>JtN!Q#pP!&dgJ}aKQkF|ue0iB68jR}C
z>oMDsi&`|;5qcLnzTiCn_zn>a+Z8Hos*MEwl*QN9-fb4V+gU3p-Fhy`pe@yNwG2kL
zAteHX=0M@qoMOu2PfS*8y#uwrwGzUnAuORLO)ZA4aWrFCqSbg0Y7|(t4Af2iO>2h=
zHNrVS*cW%J$#&svk<)Y4bhbj>exfIQh_bGDa^gz;<ivD-a^fCysB%|7by$9dVrF@2
ze|;SkZ+A1ad&s!+4nI8+tY?8}I>jC5V}}BA5Q3FGS}xKxS3n+lJ~q`;9-3QKGabSA
z0Pvk8nIe`+eN7Qdc3+-d8cUgN#Z!FgCX2<%y!ZuA!Mzpe=pl5;h95oQ$0P8gQT`2!
zy-=J;x9xYs&QRck%6d^|d;AYWY5X4&DNBZNQ`k^CE-aC<=9JlX8#$~84z(z=B^YU2
zgw-9V_(Oqsm-fNoQtWxnHilgmwz1%xX{7Y_Ienxg<H#nyUieP7v7(=8r1W-Qw2fZ5
zx@|P?Cq_#9LI&G7+eaNKy?IWvjXjreq!e?`JW|@$PmGjG#Yic#iat_W%)_q*PpT*V
z^7!~cKbxeU^ef`yNVCqp_oPwhY>H!FUrpt!t$nLCrsbCnG@tRC;*Q0I+IzTWU2*cn
z6n^0{%<f!?HRQWpiR0sx@`O->NKFAdto;-lxms++F+#lSrOFZApP78RJ%`6ZqcILT
zo+**CA;$1(S7yaAO>w5-pvpws-+j0aCkK0q@nnE)qHM3?Xxm33g{9*k1OJ~Vkz$*b
zkhSailU0l*hi7uH)df3eik)*ec$g%0GO6E#7Q(X*amh@cI~HQKI0(}c!hB^yd;&BB
z@4PmM&6FEW+8DT9>wSwz^0(e<-bzvQXq>C%itdMTZ=O3gg>A$p*+FcSM_>3fa*Ep(
z+EK^CV@T-GDzrBhSqI&@5R6V1IY6%xQu!gC>dn7KWL1<<N^kxpB(oxrEs%GfJG)}a
z)!n_d4TNqHyZ+g$!X7-8=l8XEbutl4Nir`$yy|5?W1z||YGG^cVGLN=Sqxa&pAfKO
z-aNWDaHOCvT6h`<CG)XAcreoxaOJ!xk&+q!;RA7mglpj${L^`uYRTl=u<?`*v6eL&
zXxjj7RSapT^EmZjZ$oC{T|kovG^eAqP%AOhuw_GaphyLZjZqc$12|eH8TJFvzt>KP
z_4Dtw|Ld&=QWtt_-)m26g-3gf@3k*lE&5|)gHJ+(e?*x+)b{Hsk^FTKM_Ih=EM?Q9
z(4_vvMZOTDR*r;z?WIRT@#7^@;soZ^+7J@{Axe#ep2rtT6SFw|Pv0^U>d@QtDLa%a
zk&@cLtT;|PeLwn<u;%T1hb3Y!oXUHlOQ*TVuftdOoP<kxCZeTAMX#4b)uijE?(`LT
zbuS~#d(lC^A?o+UULfOn{fn|2s2OjjY$#<(@1HV!Sw7Z7LLM4BTV6=(6=uVqvf~ka
z?)}g!NM$V)$Jf0?uaFig&VT=hn3xpqw-+>z#BA!O4Nc$RzZ<6ttONx19#5zr)E!Li
ztdISzsy%*Aeu%Qp7{$!jqnM67irHcQtW3Kb&l<NXj!8WYE6}mM-=Mw72p+}E*Q1zJ
zr`D#JW%03tJ~`zdp89D^>Z$6frzcK*{o@MAdF8R8oy0Vb`sD@n%`QMoCvE1buTQ#}
zhWYQprJRR>&Cwn_u$f*9HL&3hxR&RjLx4!enSaBQlL-3LU44{Lcaf}b@1_>nL<3?&
zxz9uZ(yE(8Jlhq==xzp`5lJD<;gRo!NAB4MOz3R*Z63;xKf@CM64doAe~6f6)@ftR
z(ojCF$1Df`K+S#Zw>#!P^f2c?bmRFCV+{EZ-9`Sxm0ykd58br<htryNTA@X`VU^R8
zIsc)D(9Soji2R4Yh?f5_k!R^#$dKTDxz3@kwN!ViaNl;Pijx^eC9^4xdfiQ)`Djog
zC5=Fwlfkq6YBfyl;UXstVGbFNwKvb}DaI&90nJ#iq5EAoNzd*7OrHu&2&LX6x*x~Z
zXF}@^t0}I2Aj717&J6uza34EH6K%b^@l_{r!It84IBw>+S8+^x0;3do!y98IQqmaO
zSORT44Z)N6^nUDqum=3}=VgEE2}@g`iW{ozhbj+Q3CUjvHKObVYeANK6i2;oYFES;
zAORn2{QzaVm5ey?O|0M-Vw#)i-W93^-3eayLx82l_*j~Y?z`?!EcLQY_IVou?bBTL
zd8LJWgAS@#eJst{Np4W;D@wNb<g^$tp99DzzpF&@uPedl4FbB>MN(f!*@|xyOcKwH
zpa1QJ9r0B0>6Cx}$<XxrX^6L<mq<x-c<HFNgoHcrZ0cetjfK*iAc|%ZAtg=WvJ5V(
zaH4mB2unjyT7=?=pRARhfzoqWI-Sq5)W|S&<Sl^aZfJA`r{U8pp{^!PZ3FBc1kwgT
z8f($|{PYY%B;FKm^7YGxjgrouluR2XJ>~MTp96AEY=Hd<?ld631f9MuL)G2Cx@y}c
zUFfP7p6M#KODg<}7$5DO=Oj|n3?A(fXuXQX>_!I!cq|u(2IWZj1?+e$j%w4R{Or|P
z=y0}!!`TN8XHo_#?|`*QZ3*WK-k$e#@y(x;j5cBo=p7|=cXpcJ9QEOQ#qqnpa>o7v
zKX*Js%DNf2tc6lx6x&@ELX}8A`yKSu6)xoMex0p4ib34(mbrM(u{I9xznN_^)@S{a
zsnaqBsa^fIh|?eObHi}aqUdu&Fm0db1o>)MD!oOtU!<=?>`b9r287p{AmxD&l4nuA
zsb)WSZpGI3b-w+P{NHrGO)mSK&bQenGrzMMa8JHfz^%sHJ;lauxZ4zuw=2&Nd)YsJ
zdEj0iY+vEQ_DBe}M?$c@*u4#d?UC+e_(9=E9Q;Utd!=}9F%E4M$CrMS>0BKxkzx;k
z^*-olQ8mLX@ymXFQExGLy0r^|W^z@-^l*Q_HfpyQ#{<pMwqh}>Fu_fJ-JXlv0>vtz
zc%*8D3E`n9DozLo#DuVqPYCDxRbw0P*CvEVYlTDoVnWz@T^}v*26sV&L#mp*?P;Gx
z@{2{-T`ndkwV2z-{?Wtk<b?4Uc8}<+hu!N&Nu;;~FrVllB;2#A8g^6D1my2WZW(rO
z>uj1yeh!!=0khV?EQ;^mzws9>?4JCq2v~X_H%>q{p~oc>UdRI$H%2P)FCDzoBum%M
z8l*2$79H0K1D1=!^+}e^og`A$ld|}S4jLv|ruuk2W^4J27O?zrLLz>-$;M-RVj%)X
z>kzRF?kpk}zSsTk(1({W?;%il%3iRa$I-`Xn&Rj&BUK4_KmrMTIc{AF7F6y7jpuso
zYo8XC^N^2q!8p29jiY_gwJ8=K+wC_c=@43BHn3eM9yTr$VWXWl+6x-}41;N%YYi$>
zr*1$)FF1WLl(PNh;~$`wVX*Oo@c%vxX#Rv?`fO}y(iLJ1re{2>zTQx1sW8HvmGfk}
zWK_*g>3T3d-6v)Vc`%(c5w7JmXz-?BdLh;F->C?uH>9aWE7SNiBy=ot0aga_{F=st
z>Bi|iKF&}h=@TO)Qk)9UyWImG{dBlv1V3-+s3g8ZamB3ji%`sCM@%#0dyeRlG&_!w
z^r`)Kilo1#nnmFGr|JCs)1ij*PpOEc-`{VDq|c?PGvhOV(iC&b&p0#Q=?L%SY(Aa^
z_B|DPnP3y=pI#th*4tj-w(;{%Q=tbwEmV#}{10kfe1HwdvDGrd*R#5P7^Lk6wKuDs
zoN8R4XHy)d=_aQ;<r#?-r-69?1a)|!3TJ5d%LAPOc3N#&jj;KQtcbAr4)?bVuLq~A
zcxR>?!s~7NTEB$QnM(%eh>sBU5Fz13=J0x3ib)|?rRW=L2iO&wXuAdq#m<A4Qi!l|
z9uSe*t2mmcX%Y6jSrRFx(9C_%%s*B=Su77fNsE;fYIyxL(02m*B%t4ARkJ~>*$e99
zR-<|D<l**4DMZvg=x4SO_%J&#vc8Uy^*9U`ahp%<m<`Kj$~#I}6(9DXs0MXfiaH5=
zq-d<Os-vWS&A6JX_ILJz)9R-JFFS~*4x~HPsah(hy8<jd#>djN7=AOx@acLCAL(Q1
z&Q9{9B8E@L82%6fP|}gd@M8?~ejf4Us=$Jes-h{pfG62A9=z{J(H^m|fJbOCPfMiu
z2@q=`i1h^?oBwaPM2fpY=>#Yp$V*Q_X%{Gc4oWxhh<&$K`V5pl#A#PTX#h%}g3^0=
z=|@oNhtemYG)gjjLv58}>iNb2X*VE!9Y}jx4Bt?#DJG-w18H|4oeiYT^&o$6itg04
z^!txde~2N-_<^!$<&ZhZ;9Y${4!UCl?21oLaXSNijg75VifT>OQqY>*5O3V<sFwcO
zk(VZi-aKy#`9B^ek>U(^(C^?Gs#?s>exw)RNsYod-;uTtu6C&=e~XZRS_)cI-?ghB
zBAjo4ou(}Q(P5@&-{HMQHa+oH{tj?9S?|8UJB}>tZeX)JS<)=@r&<v1rxHKJM|o~n
zxQJ`hhM}taI>>v6vRK}^wefKLhnl>{1Ve-1MQ*hews-O^p8oM<J~)E7ziFn3`!}+K
zp(jY?9flprhPXcq;{I$u8|u!bY>k+JUm-TmUo6H;b3{^#`AK$l;J$9#E$)5Q;Wi6h
zXLY#EO5RBwZZkL--r+XGi9iR4c{bB2n_y7jeQM)v)@yo>(xNx6qrKc{Ur$V!=C5~#
z+;c62T~Hi9d)3{aYsVAfUD?M<NLhU0)tnLPDlD=4b7Q>S7jD<a-JcJKvdals-3rV5
zS^s~u{d;&!*Y`M%?{kuoM2tyr2o-{HzcfVLB4o&Lrk%7XN>PfoT3T9(OR3T%t?BNd
zs;aaut)jFpMUhCvEf+!5{npY_W{kVmo%4Iv+WVY2CmBAk=ly%W{*XE6ti9ISYwx}G
z+Iz3P7G5>jKNPPTl=Kye=ip;f<}%0JP9h0#ClsDHvp7_xZ+)uw?W9}B@J!KqOeCJ}
zmx*?<J8N3Jda?WLWy6+v<4z*U%8W<G5*cH!_7#b3Gw5hf++(8Mx(jf>PdbH$t$D*y
zk$8^zbo91p^u`$JZAlbKRt}@L?=_@X73l>7y`7H&(!=`_atyBV)T@1pfPNbNLh)iB
zTj;sQoOMtSEb<)mhD^6i$C-4GoRB!XGng^3>KjpL$$SRYsEcW7>B1gd90W3@Mt1h!
zDaa|;1{!f#5Fy?S>@52fX=NvE5fCZU#9Ko|k`vm75HC;s@_k2<pclNuN#Dgy#3Y$c
ziIBn6u@in3l~0WeJA%EmiydWpj^E_l8#29{Rvj1bA9fUpuOf4I_k=R*LqEs|bwm}F
z)>)>BZviLOG>*|b{|I4@r0kU?b2sw1Uy-aGMYU$@h{4&kd`EWwwIfth!9&~*s3RPS
z+G5q5(*o(d4&DA82Q2{wuEu{&5J^G$JXjhsfwb?){18%Kld0740Cu0W!y@s_^J>;q
zNKW52toxLBT3#|Z&U}y{lAKqN+z33MO`M8;ASJTfeETJl&?BCY9;jy~N{CG9blvrx
zjtTrI(a8doX2Zv1*ZMgkA+&phD}9zoh|f%?!QW)M4&K|E<|pj_Fi0Neku$HPHpM-g
z-SV(6=io$GB&Y9)k%NwTwzM^PCmiem^JoiU6{1du{}T{<T2q;tf)n}7XW(vO2bA?i
zkdP~VI`f(2_rLLyRiJxWd{_<bz%CyRDSh<m=pYhX>5Eu+`J_+Zmu<ameQ-dzM_EtE
z(=H!iZS>VV9u(hRO{VWhSYFP1!}5{+nC0an_<JXXUWdP%WP1OWWs0dS_6@J4DnO+a
zz<(Fz0(%G{gjgc&+bogx5=*50j3v^3%@S!>Qo!Epg+9%X!!4iAMIWfd>g^Q8Ml&{%
zy@WV|3Y4=l?J`1k*+XR7Wr*yuD>CiUPj=bw$h1oj*=4^b(=M{?vR{;Gmn7L`KO@sF
z?PQnzm`uCG$}W3}OuICaUG@T*c8QT)_H9l&G|K6EeUmTPNnhWDv+1A&wl$mnxV+`l
z{TMUu^G&hHK#B5~Or<JC=)>WpU7{4Jq&>8YeG^Z^lW_ucfKn`Hp0doi$27^VT{`$h
z?b)Oe0n}B%0}L=-k9eF8us{V|&HxYY)&ZvI083QBDGbnCr~|a>0FSAFeHdW7d>!C}
zc7DJ!Dqu4Pct%h9pbqe&3K+xyyXkBFlMe8j3V0ILr4+5lI8_IDM+IER0Bh<2U)BLC
zD&TYmn6Og^*g^*wq5=*U(8ccla}3Z0R*gGllkAo@Eo8BtV>~&35t5l_acv@mWNmFr
zh;O7!$4AKNj|BjTmEESo-Xh5ghvDHiztBe{vc*~GberqJPnQ#Ln!bJxm03hPk>E6K
zN!cO0rN}-aaavMX_AS{hRqw-HbXT+!N!G=-I1z4r1t-EjFM=9&1rg%Ox=qMt1<w&u
zs>yMCJz)(*w6hvP#i#8$fU!Poui6IL1`d98&`#*nzHzd<n<8V>`y@qCobJS(t#MR+
zI`IF?Q6*D*h=U$>(v$+crf%Pcfu?0@SJ+Mnwco)Y_cFC#<2xSqi~JDLeugJzv>(Gw
zKbhJ~m`}*p1Xj6^73GatFBB4zTu4aALPA;>64I=Y5U?t177|jWkdO+6gaj87^00uA
ze+vjnD<tIGLPB;I5^}YWkZMJQBoz_zRuLhyiwMasBIJA#A?7`V%r7Qnb}=EJ6%+Dt
zF(Drm6Y_pBA#WEGGPIbGSBeSgRZPfp#ijBg>F%#`qa;SACsODQFde}Rp*KBU%VCI*
zs*1EFUL;x7+rh-;hIuv)6rfU0rnFG-PXP;BLw{Niuk3M3vMZZi)ZQ;ssW49@o|k+C
z*0O04SvEv93s8AP=)S4t3(|=;&!$=@Fzlha2_~^My9nr7k8j;l>s0vje3a)wh(P3o
z=0C^7WO2+!OKh~jGG~XJ(7Y&4B$heb<%H%hwt-)H;f3LQ(!$aBiH{cvJ&<{DVnkLd
zvNH$R=`RwJS}_ax0NkTP1maAHk7y&3)OZKo?|FQe5PBV|@r)u(Yr_X^)&fNFHK3>p
zljcz@Z3E7z(>g>>Fz<^ONop%kuD-lYE58NHe*@)@3T4WV@N|DbFh6A0UId&EfWHVv
zUV{)i)jCE_h#wp;5=#bUiT>tq$9u@0UY9tMTZrU4Kr#Z5gdh@MUzti%av5v`6*i(h
zz%ByVjtmxzYhM$YN;~ox?0qkXZH}-@05*a#7o;**wVZ&Ps;~qrNIxL3w)Tv^&x;Pk
zqD!GDSbC`;$*$}J0^5k4j%5z3WfIgf)3D5PD6>Q@b68;Umu6`;)Nx%Gz1tF_;v5%r
zL7EWgtPbc91A<qIG^Lf_RLt6h1Xl&I{5aI3E3}Xm@?ar{zfk?Gd@S@cTRt&A7IUNL
zMB@4K23M257BZ#Rb;x=$WY=+4FGzOb_D(_iLqLvdbs(srQJ|Dkd2p7&wpaOzip9*K
zJ)`V#x6>~PmW<c%{0J6gF7#eYwI<<yUHbiUsXb&WJ+m8i|ENNdcuM{xe&49Au$Euj
zfe>#Azb-rEjA1?WQ>;iB)CPe1385S@iX^wvuBuzMK_|$W3;=B6GvCA%v;Xm}W1!3O
zHx?M2Fsc;zw~l)h;ns2WZBN@ep47_VgfXxsZXHLz;NLpF(UNZ+AIQ~h9j}j7oiO_E
z(zcF|7N8Tx%zUF0#>`fw@_6q*K}zTG9{DT}oZDT^#@I=wleBD%XLPHk5zhj1yYZZ+
z#Pj_>Z25wVCS1YD&%&aKU+g(_o-Z<#w1zT`Pku=x+p<BnUw2^Z@HlLm=GZh9p=4cr
z(H37kY9SI|GgiRW0rzLbmssdCw|R4SHN3*(tAxZUr4Li{TClZ85{3tu%%TFd(*o$&
zFfh=$JT0t^K4^lIp6(-0yL^^i<-Ps6ma}RxzUdO`aE-n0a82^a^uA1`%&j6xaSc10
z;u?9}9(N_hHTD3WbfP;WYjfA6LMOfFbg3SdB~I5U>ll_y!Zpg;Lp%E%0{=~L@?Zmo
z^RHOuixe70{70K5L4@Q6C%~*^MP?m4MD3n2_KWuB3%f;<HbADP_}zxy+F-XxyeC<2
z{XQR0;0|ql+6mmgXGQH&^!K>qm+wtyca`U3L31&x?ITWVk5Z(HE!11?8@6kmv_J6R
zieI^l-Ny>W{`IGCs3Ki_miN;tSQE1)pWhD)9RE<`C9MW_M|15KIC#!J#|^$sNd6Xf
z^X>HvN?>U-ezxXJxM0crMC5rz{*$THKMP}w1j>Kc!ml8*4}#nqg51Z{!wJiU0@&wS
za*hysJTq@1hiMEjuZI&NH%?P?ch+wvlFU<<%;ADQEZ3PW0nc0el_47oDDTxpvY%~X
zWSf*C+X`T=mN$@H-IS5NVu%JdA~4y%n(N3O29&)3<;RTd*v*XW`oA@@2-6#2#v94D
zMY3sQ{Ura}9Qgic8Il74orRIS{u?8iREp#vfC)B|+|>j~rdG&>x!h;U6%92W7nuCD
zW<0oW_EEt5A>jS84*HGnYKCFxckA{#Uu(j<ke#Jea$1w<5u0lbn1u8{&vSS?iN#v<
zj;}+AEgchx327p9Gk`wosjmm>RR_nfD_2y<?XsPGmU)zI7`IomMdDq}#_gpYIBw5v
ze%iQ|nrUO@1DTp{H^G6jsk{H=oHiAS?^T&b&qqY&pj=(Fif&ERaeO&P8^>WgaU2iL
zHjd*4id4H9AIC{CYzBVy5SwrKSZoZh8#m=cv3g?>Mqyet6pH89@;Z@pMg*pDIhsfk
zwsVn`-(e8RgYABi97AOjAG_&kA`zP!L~^b%iezawzepxD;Uc++9nXAyt4<_wja8AH
z*s6(SVIGQP^!73$snC>*q)u%nlIIT^L{h%CUL@rjiA*t#3e|Vp@f%ri>k$E}6W2sH
zbk5+M(2)@D;aa$D>e+ft8#DN^9DF>0fvf#@L1#8Z^^h^fpp}G;0SC*D#yWy$0cRxO
z999b!QblnGfohxMes@R)QyF0Tm7-g%A#N3TUcL-W!ZM?VBAsl^+m{ur3I%P^1}~U1
zxI$O??7u-Iu5Wov(=zN<Zme_U`3o@C0gM}>kzEJfZ*%t)JekLczfuTQ51@)_8tA@>
zboZsu|2#{5I+h!1EMw6IP;`{ZSl6ad*3IsfyS}x4&M(G}fO^>D&dXFfu}&m*`Y`Ym
z<ZPsq`aeLW4^X*MlQr{^E4-O2v5zlz#4~U2g<vBWKh|e09c$9J^x$;?Tl#oI9nA}X
zb|}!CSd;I_$2R1fdUutyN(^8)r~7Uxy3Om0M4t8l#`YAj;=jVl%e-u>NIYSO{8oJS
zMZhu!$W*Gy2F(0Jh6((fRU`~56`(FZLr7ea)BQ6#<~iM4`F)Mx`l?F51hDe}HV@NW
zO7E@3d7j5s>mD%vMFU;UeSlyoAovIo*hA$6le4}^QeTu4OyO3Mq;`|(KDi(tmOF~n
zzk#mDVd0h7`FVT_CtZA&`C_D1XP<wD&+T!S!VXIf2mMzsyBqcJlrgQfgLVsbB#eu&
zxCaN}<Wyi4Nm_)1c8ii}FuHOm`M#PCntVHoKUkoHD~E9xmEE#(TKj>paob4mEkNt(
z$5hIifIT9=zA6_>#tQZ7NulS?5w!&^8E=ZlmXAZcn5lH2wTFRZR6QVq44L-U6N#g}
zE!2`(1%u-iDN;|XW^-mFb2o>6PFl!#2OMFFbhs|yD0b4`)-iEc=#doKCBi|waQ6l7
zz0k$rf!sysf!rm+7lj_kdlX5ihu#a840KDR#js%LAyd<hx+-f4z?$0@<8Xz@)KtA5
zUpak<9rOEoes<Y<3oD%rOI}vrMs-<z#{iqQ2nV$p*|c#sYa*LA9h<fYUsT)`?`T|3
zA42K8RG0Z$bd;&-#k!o66xrQ1#^LH7>PRn$@D@B$l<aHJ!ya|y(E_ut!s88i><f?o
z!Q%^wgm}Bd<G=9O1s>b6UEhstoOa3*iRZNv-8j7ikZ%KIMZVg;Sz;Kc33Wumpxy;2
z58K?a<J4@vx<w?ONIkwA09hR%b6Mzh&-X@rz8H}(sAzzKB~tcfcs$vW-=Rx9o6I9?
zSTfn#WS=5!h!Kfz0)sr>kq}sJOsL1ybxoN{m$B6fWm?G-c@a1F+A7ku7=tUom>3c7
zm1(16(a(m_(FR6GTQ-&pJK|AUpJcp`SZZyDE?c&0U>8;eB{jaTPE$O9;;W%<QPl`e
zi^QYN-S}}Wd~9P(mwC80@ZZ}yB1hnTE{X2WJe5LAQs{1*#l8zSc$fKb+dXr<gmFVb
zlnP)x0~mk8RGOyp8#G&M^agHgHTczFYgPNzZ)=T2b1{DD>ZjRSbL$vvt?@BvYqd-C
z+gcUsa9e8tA~I*J*V$SHSUK~U_1xs@86~@<gYe`s(RGZqP-N{m*jkJ0a9isqiFKhf
zg$7$|wxqYU=GWr3)+dG~!p@ZeHQ(MCT~mp{gydH0M2Pnti8WQ93tCg*$13oVRw2aE
zxCL*iCbgI%Ov*e(kJv2sBc8Qhe^hpF3d@$6@vGJf)7J1-*u2Tm3O{Y~x57VYp~k=Q
z)K-XyF|@*sTG$G|Ciq+7liIu$qFF0EUZ-mX8!~Rbv`*g&=T~DZL~kn73N>PQD^#n(
zTA_b|p%q9KeJfOn=B*HJusz+Y0=7c8+WyOs*&!h40U+p$m~hfGJ(?~1T?4H$s>3)W
z5mrlAC=3d{2ZerxLXBI<ESf&11^%=q9t)FbrcP5|l&N$I8^qjkqewi1_vkcMIAEFu
zm_}4)6}`SkU$YK1MZ$pQ08rP;e0a+4mts7-|6v32LL>~xkZ6%)R|L>402;-rGjXlf
z751;^T_JvraUW-mzbl-?@f-hO<<q)?sg|KDT&Rg%VR?IhSC|ydyTY%C$b4&!t}C=b
z0h!ON(RYQGY(UOmU8XBoYN<hRD=`VZu-niTypei=g+0T&!t8STuJG|sB3=ZT71+Ly
zi`KPnB*^eG$nY?rPKY+?x`ZWzr8O`Od4^Aytbcf)(P5|p7|fjs@y?Dc(?8y<f&Jrb
z4PF1p##S=dTrUz&=R#fos0x^x0VX+;)&4-CzPdGPh=c*f0#H2wa(9jK-vLzx@Y?bx
zum0j|>UggX$OZwjqY+s9keXWUhgdS0$GvH24MXjHHFOwi0){DoVNQg;_CuidZ&k<I
z|6N^IdlRdDtzSjru@&fQUkfmO2bi9VV6{J3ps#(+>LOu4O8}^Tgj##PBw|&cu`KZY
zUww<k0FvE+<Sa|gISu*5MD7!?qVX)RhQ6Y8q0lKPw8}!%092S6Y69l}jl!zliQ-j-
zCCmFiV^!nUiNw=4UsqKt;JOdE23uHFFXkIem)IzgFsR1>)!xEd*XbS>lT1fOu&O@)
zqe$XTCDRAg7of%|HPq!yW5CloiRbr}6HIk$h{W>MPTdAoUNyGJd)J^+FD(ry%UjiT
z6I&BN-UX1)smPb}FuT23s9PN)OftZ%G8;@0M>V!h=Q>SDGQA6{!fJ{X&Nxr4zzTLx
zBE&bw5dW;2e&LZEn9G#vx&>KNK-3F3xN0WMW!)ZE1Uhe@XKR7B^U#C=_D<3oI5D?_
zNGzG#%-lHqx~fRL>&%7?#Pq6cPh#gOLa2u?@Vix47x;+sWuW~_1(vHU0xR#VDiWWG
zC$Cg1WBEQ{Wu`{ydSWv`I1&)nLAIp(%g`@eb}>&+&vX0m0MU}&0wAXX<edtHSTduT
ziJtX63*J}P0QU*Nl^`5Tbt`?$@Otj=<#4e8_ane9N4R_jSAHpjJ7|Dg1#llB+(M3z
z!>v@|S^?Z1fP1+DA!%b}D!svBJ~6-?0GK#{0Tm)HVK75gnAQMu4PYz)V+B3HVLBOL
z{sS0aI3cMua!rH~U*+6j_+!}ob<$+(h!nb4yHf~ruq)Nt&Na#!o9vowZItX9WsUJv
zzR70f7t6zpoF<7RyB!c|U?ar)2}V&iU0k8f$Xi$O8F}X~h8cOoFa8->{sm{`pT2+E
zj6AlgVMgvP;fyS`^3TX#iO<MG5Rv({6}lODX%&2zvO+&2*ItD)a-(0$%*Y>B<umfo
z@=R52%`wc#&zILL>G75Mj9fm5b!+tDmaZ>((m}~GN!POzKz#i{eBI0AbTmQI6tir}
z_<>DFhbr^wh-vA8Rdg6S0fr9%gQ>hxOXGBWyb@~Zo|Sc4y4g=C53nCSYx8tkItg%n
z1Gu(?v8vm)8?^Lil|;gzz5}Q)!w3Nl&8q!KrqYQ;PpbABJ=0xr7yybMVOZ^HRkUgk
z(W-sAlA+qKSJq+Z1{i#Rp<<Y^+BgsY6^Ye;rIN1NA7cBP=dKiqXUjHSwPnCnz6&AV
z9ign+&*d4a{bi&`7*s`o`Zg4*Jt@Yo#C}~EP>E$%*3BEwL-_<KKQNRnh>}le3nKiO
z2p>N%hP8`|WST$oluV_ri$r3hSGWc(vDmK$vj6o&UjV$r0Pn>RMzrL(Mif834j)Y+
z`kazWBls$e=4YNl1(8hmrO*P4J>NkO<6^n}b*2gI<v<gR1o`wrGaj%_W_SGlSgL7)
zp+9m>(DEmPCaC+9UlVk~UKu}n;nOt1Ta^r&;JHYa|Gb4?6P$_UnxMf#7XNptP7}<>
znwh&U)oX&?OHmWdT~S68jIG2qfwLUz7r$;XXoC21dQI?-C7>p_@ZFP!#J7>U4&4XD
zR{-KmEQdql-N*o%pvYnv61^gH82SMQ4`6s;3ZM!0SHvOF-J%;3b$>*8q%RkVXW3TW
zkaz`fg>)svyT-(--ZsZDB&Jpr34;m;D3__UCMa3(q-y`DXL=BzXa^{|nXua9BLZlG
zgB1<c9$?X77=kLas~V!ev?e%a#%lMdsH^r^Y=86T%S7T?ldY@vP{1_-aBU7|)lS-K
zsJ6>25(YIHpk@b`)&wi&2h;@XEV@DYI+Xtj%J&LpgR;XBZBXLJRq%04kU<kvH0v}$
z`vw1lCg`XqIs)+i4tW0vVnlZz)`;TAL-6r|sMiGZEBrq-!RWu4CP=`WU9W+BMgcZ4
znGo;$L2Uk7tZ9P93%Mp}yU?Hs8ZGo|g4Wn8<C}l`G)*wLqCpcRnNbr6P5heRh?#4G
z^9$JgzgVXUW?{|D?HB7cK@j@jn!f$6j3#)iBG&|MMAk1>Y&2+s+M-?)3=21$+Wve=
zw}<88ahextB02IM7s=%%29f-+#4nOM*kj}0pZheCIL!u;G_Qanx!TAtk{uPeNE#y|
zbB9Gbk$f1A?;0%9i=^FmD3YE_%7~<|S>40po7-P)Fz#UqdXe-f&qUIgiR8o?ok+$B
zg!`MQZ<y<cxp<yP<OK8Z3L;6hLf^kLbp^qH5vgHvf+@SaNYcV(dQ6e>!bRc>!=FD^
z&~^Lwp)bA$eUW8(Gk^U(tX+<JUiMo6jTzK1yn33L+njA|TQalpj_`g(`Z7!;-d~7*
zr*di-v$kV4>udRTm`E715y^!3#$}I&-<{$2+u85H?^^Kt)$Etx_u4Lm_<Cix#|5R0
z5MQ@!3;aIPi4b3hY!fab;dhH{0>2+565^|y4dXZWN&+Fis@bRD_g?s2KKlUtj!3{t
z+-oLk(v;oigLUv$N;2I^k9w{Y5)yZ%v_sgMP@eh6Nw-?phO)-k9LjQG=7q9cn1!Lt
z&GJAfyLNXxlwG&OxCW)JyS*Cvgp8K<&?n@;Y!>>2yLOdBpO6FdehB+eCf>(iA^xyI
zrN8YC5eeNb)6bc|THIbw!X1Ig({`N=C1lV}=1(1kzW6Wm2p%#uS>Djx+}IMy7U6Vb
z{K9*2r<5L{=uVoQOo(ms_+UbOgJk!MQL?+YHO4dWdv<TnT3)@kw+rDW1oL})154f8
zE5XkbgLU`zHg6;(>omUqAQ&A_t2RZ))7mj2@zf|NdvEX0aw3V#^OcvWsa_br;PW}-
zJ#Mc@zAX@^`&&E-cF+Ma4m!4xgPuc=)6)6tO670VMDlRBK_qnALv$3sEz=WtMmUHi
zTs|^iB<XhrncAW(85okiy{YB5YTVs#3_36D8^4Qab5ul$Exvr3i)g=4gNtbU5Y&11
z>-k+o_lIy7(SK&^TtsJ;Q(Z*c%-3907A!y)(TsUU7tv9nT+<bB7tvK~{4S#G7}F%1
zxP|h(>LS|ZNiL#x6EJ7GI*aS_63?V;znf?@x{1~?iNse)rc&W7re{`UX|AG{ZD4lf
zBz7ajJ3}y-Czpa*F3-=_8?LDx3Kj_~)CCHGeaar6?Z&5kxxK0HT;3%AeP?JAuwT_C
znUA(?;({-p)+D>j8Jc9737h22y8b3fD94+m*B81bc@(TR$q)0iCdvB>o8-0cj7@T)
z9B-0Kyh)-~`<vt_Ym$vY|8tZ48iY;q%uKCGJX=aP$&4W0B>&A|O(Jd4nxxgXSs>18
z-OvknazkX+lCgrfjwN#;n<EuT4ibrXma)}Z2eDQ=yw1>S(Lo|%cxys4^%e+!41-5I
z+u4f6(cuae3GpOnv7Mi7Qvs^Aoe*zrfe`idPMVB;3GZNdq71Md0QMFkB<)q1N*iYS
z;jVAta32F)e}F3nxMu<13_o0<0d6qBf$g5gFCtXPV%tqw%-7KL1+;bhbSRou!GBZ4
z7nYvQ`~Xe-7KGCp<EeR`T{&RdwBmOHp?4MOXfWS2-9~}rUOOSaxJ)H&s2WKDm1%`-
zpTpN<@Kus&p_5+sj9N>`HaEOJZ^s5JuCKaH->9LwO&4q@Wg<{f0aa>bvTOZA7E-t<
zsElU4dflK|8#(C6SO-0a$yS*@4WwVAbW_dJ!2$HDs#J3cv$vOP;`#1xy?CxIVB*;n
zq~1i?(G4${1oPkynM&GlzlhW{yZaDm0RUNeHb(mzoM%>Bah|zTT_jm25$fAuLOjd!
zSZB?~i<OzzSPpbWdXtF6`<HgRfh|y?mxv&zAa5Zv>~_r20w6s*N5uV0)BdjwYG>Qm
zBJqBMr4yUFMdEYFG_kH*r!V#qRbPyqqv?yYU!uO4_O(u53|6F{M6NGbN-*>9^PZ-`
zf<#S&)sw0DJV6ciW3*p`O%(VLKgOEOp$J5FZD0|K|2Lh}NfAKj%%qymN!?gl=hRRH
zrgPq+Oy?}wz;q7fq%xJXrZP<|U$1Nu#y=ke{*tUE*k)gYG0|D~dD~+FTY2y=2Bov&
zu|Tqxb;GgxrB>2O&CBazH@IF+B%W2dgv6b~Jlg(#fBTBy&xg)p9Ps-qrTe>+p2k?j
zF=0$k57fFlSYWCdao*t?5an=<ye`vA4%b+ZOm8?`lh`c+dYRoK_&3EhsnAXz%C6ql
zei)J%$4E*T0gJ<uu`GmO7^E6dSzHgSgkit1J0aez@=&i&j^mY_!_EX#q9PC*-Rq<t
zz%;}%XNQgMaweGiJQ9dy&UR;l>69Y)@0?*G?d^{RcIV8J{WD-*515CPC&ZF*7<<Ny
z;{rb<^4M4F0`&X>&^Z9zsyrKR<96u0CGRN$KTJWuZ2(xsn6%;XLqUh%HPD)bUYciq
z(NS3qh4(<=y<v<>gr3Tm8WjZG3xKPG4OHd<6?d{V$u-cLjGHPlopBc3&mKDHY0uPM
z{Iua$!0-StycP!4x8ep$?pdZ6WF<tAtd9lF7t)fw9twoWgm@E-B<ll7ogbtdr!Dis
zFGb=JR_b<ZHUNgofZ;0Nx1GJxFtMI`AP@#s4WQWSg|Xz$u%6}ar9EW#xBLNPTyzhW
z6HK!n3e0!$#RmfVE|$mzyP5CecaQwRpR+ds_RfI)?NBwh)>IWUW+dvFV}s8<(RVS#
zL3iO72fYj*TQhQ_BP{MCA|6#%dnk~!2$^<|l4(tktOUu*ZeJ~#4!jn{A0k0Y2UIt@
z@p$pS#7Q3*{07h7$KJujf5<cO7hDHfGTI|J22<06uS0Ot+Ybb$zQ*Eh{aX*TG=CX!
z0;i(|Q~2<{KvJkZ!bT4}sJ&D`Q@g>P(5~~-vq!*0d<a8G{CZzt?u6`I&9w5qKpgG6
zhgvdiYMdvByL*i65@c%HhabCzrlsO!+*ilk2BOtUt^d9MD|3-5a}r}N^?4R=ikd2@
z47}`ccZ-o-woo~Jdjwmtx}4TnZ<EK0lAR4bVg@w%FoBTlEO`7_<_28$c6dA^a|13r
z4;~M}V;g4AjX;aoeB%p|c&aSdb@rV&z5ucU-*5SGxuLUPy(<s~rO4WLhjbThH1iU`
zw`-XWUk*U71jw!2nXr!$-$KBLP^$rIE+Hg)Gdzxh$4}9NxYq+g^AgO*_CPN|UoLtH
z4pgL~yM{!>&%vV_v$F@@Hlv^5rBJuiI!30wtwYdJwE(vktDtU4>!e8K?+GNk2#CuL
zLc9w68YmNj!%wF1<!iEV7nV$4Ft<a_+!2WP4@`~T+d4*ezYyg)Je!$D-`-c%-X1{o
zibGAJ&cf(|J<p6sOLj2;ybb^q0no9wou|n%LbCV5xA)=OX#93W=@Eg2_Q8h?_|O;U
zPSX$f1a?=eTSN*-Xur}U3L*Ccq#Gcc1rtK&9#%!+*}Ox~c@5zFxFY?1Pv!golw1TQ
zZw3*Pc`B{F8U&bg{yVlW0Q?@L<9y7Igk&FtZ=2xTM$8&B@{Zu|7>D3v5qzA71!w3l
z#ky{TowJZ#ifyegb{L8shhnd>V*2Z^y;w1LmF!xE$v$a)_g$6-!rO!G6a4a-W)$|C
z&ex(RrW;a^?3wOgi&n%{O0*^YX(?#i-xc(!M`{4aZs}BIe+t?)cLbJ#HvePYUg&$b
z1)h4O+Gm<=x%E>_Jz}43Og)lvSI}<{6nj2jM6}c+e0!kre*(*Q^SqiIv5S`Zt(-CO
zTZ8|YT{xB7g~gtMt5m!2IJXPM|5UqhDqA|b)Oqn#nkD-uXo}44+V+4p{EGh-kin5Z
z7)JVre+9w{eFlY=fMUYO@$fjCS<Duf);cxa++_dK*g6^0HIqGh!Zc>GM~|MS6KjqC
zRI%nw*TlN-a};Ygy;uh;((T(^tRaknTJEPcbdTFwLxaiQ@;_|oo00y8&i@ZXi&-)@
zu_l>&>wj*NFK=O!oc~B`lA@nVH_7N*yh(CDVoh>;h1Mj`WG}~6ad%W!gQ~HLcJ(?Q
zD2lFmn%!c}vv-N1d8Atc$r;`qO!Azb-3dWtGL4t2sjJpW6);U6J>rR6A0QFQ;hO^P
z;*v17d&{EGZm>p#v7l*DVQd#SDXeTl_<2}%tMz(l+2!!$n=DOAJ15;>y&GC~r**(h
z0pldo&(X4nRl<S4aH|zee=Tk@#!Hq%`@AftU+yQn`bEgDF&>%Tbh?I|b-G3zce=(L
zaMBxbMNZd*LX2-h@4=s#WcruvV$lSW;S~!;kW9S}rhXKu`o990r`2TI{DLHs+~dK7
z*m9dZM~Jse7}yL5$Nj>OChWFkUPphTr9{j6yBf-!z;f|Wu6!6SeiBUkZoz6`r`)&^
zukNTD0{WCGp@i6!PwwK%0^@5d(%D;v<lOxM=_y3&1f&~TK8_t9Vjowe8#lG?9KqpU
z0Jt?F`s0QN*9El-xG+7cNYig>75=Y^Mx!T`eTZeB<(+LCmVM~$g<Jb3a!VkJ^qjx+
zCMf*}mL3hID~IZnj;xy!IRE8ME!!vH7z;T5L>v<UM+rIxn0IBsfFEUT#PvyVCfD}q
z8HO!@)C~UtSPZJ4MAy`(t=pf!sR?<kOwG-1pc1%Z_OIKw-w=rJWtm1NP1UKT^y^U0
z+$@9Vo3cg8F4McnW#YATHd;e5ti%~#b440>lWV3eAxz;f_=cZ+nY}n0J;1Gj1tEMG
z<5r9G!ZjpP01ye+ESYl!y+8{m2NdYU8(Kf8A=Bn{D~lxeEDCh?bGQccPEs9#6HKSC
z2_&_joM2jT6&EkCX5sg(yw?rg?_?zn&pc?Dzf9`dWyM*Z&a(#pJ|DhgSY0I~?snW2
znV!+9tch2_%zg+3T4QYNgs~A8_ctt`l=B)}%5;sAX~*jzKPBH+L#C5&MezqSNahHu
zU}|RvEn%rIsbW~1RJjUWwOa%Wm>Z`sJB#N2g$(8cgI{B^?w!~D=4jg+nmIaf1Dc~z
ziqzq%z&B)b*!jM9O)ya<@f#p|0pDY{?DHw_mZ<mr-SWssBJnQg`OiMVZu$4br*+E>
z*9_hAtE<>8`-c0wWs_^XTYfW9*DWt!QD@89)3n)g+b7s9dwgW<mJJkX_ch)vL%GXF
z@YlRsvi^7@*f6c+UKUtK{54455j%enup?f-s?`BH;x`c@$vuZ+yTLo+O*M&eg6X9z
z0!i&ICzvW-7D#F*nHFmuamZDzLx<aP?|{gUit44mwd~U0?X;@4+<WjT8$KyPakueQ
z>4A=Wav3__WsDaLCHO*me1ye)h%Kb|U)C+8ujAS|-&b3v1Mfufhe|Rnu_;H@MP#ZL
z-(7me2eR2=$w(3q*T<Iy!j`~De8Clg=bo@+6dCvONBE$x+Cv?5AB>fGP$T7#Jx)>M
zw7re%=zTW#XhAvT<nf04u$RgqY`;jHF>pUEGcUE4OwDhj)WQ_0jt>;HC8Iimj09qh
z-ywXSzkG?!^DHg%KBsFbOH4*D8-~;FOa8z;_PFy-7Yn26pw|pw3lVIfbqq#;EXLG!
zT_bSpSu#!$Ele{8EryqwsgD&U_aE#OuRf0#&b*URWY0&)>GwoS=4L$OpA;o0>_`hs
zp%<NWQj9Mog*Hr~ABDnFz@db&;hBiH_=*)N>XJab&%%>7&6<!gbGgenj0(!D;XzSA
zXMF;(<#u|W5bpzG%*e6ND*#WPlpk<e87k9#9^nVzwi|%&CGfM&^Mv@i=bpz}^x?Jm
zjSw=WwoJ{leMs{qBh67hf%wYHnMD&!p0(dY!8)uUju4qPA8BT3GHkHaCU*KT?Ok^N
z&npn$FhvT#?AKc#UDov0(lw~J8Y<GqUc)jv2p)O#TeMxgpR=~K$0_!>E4Ezec|ug;
zS1Xi_6uiSDlnu)J3%)d(f8XG{Qubtq$4{Q+X|5rH0h({4M?EuF5CT0vS<C8|3I^gR
zYm$==SK}K6O3~56!;|in{vhE8b}PK}w|f`M#tZ)EqCn_wIek~Z!Gm_nwE2~Ak>vi3
z4SJ62s&3f5njeBMXYfk~|I$oRl%$vR!6>I)mf2a4xtq369V?&>=yF<z$Y6MW%Y6b|
zxWZ+(NhT!I2WoOG2le9BUI)Fd`m8(Y-|&+qe`YuH0b~q3EangW*flLzZ|exprf=9P
zo`<523KvQCf3T`J2%Y!574($3gBLV_7cAjf95FPKC1V>~^Lz&4YHtfoOHib$9zn}_
zv8TL9vhM-5hk$La6%~kj00pW}UH@OeeM0e~KpgGup{cLRRQh8wyZ`!;NIb92A^NOy
z?*rZkfcF_EA>K|_HZl3;7|%ZuX}nznt_{GEz=V5Hj9Lkq&h(&~Jgi7vJc1gB-U6i_
zL8-1#>Qp^KY&a%tV9m4T_aWKMl0SIf!y%PcQ;{|?q6fl6l8yUG{h;`_^$1~(8*^BJ
z#Z%eN%Lpc|R3P~+lp!WUa^8kABkB<h95Wt6-RK-S0Co((3ILl1upR4ZdodF{=fA{t
zTnd1Q0P-<_RIdk>OtywP=w6vh-Ny!;kB3|oR41qEGK~)d9KnENkrOoj9q+-qXxERp
zAg}=GC_JZY1NKKn8gc<82xa$$iX__vWmoaCbL;AFXbcL>!JikjnH;cu3RubkmJJ+B
z55!_>ab6&Cr<|_I)+B${ReS_xQ>%39RcGVI(9vSf3&ckMa6d09(!dMqbemQM(*!U&
zhd^2t>aaCy7*D_IGa-bmlylG{u<|c)xKejV$%>sgT%&f!c(#3^+XO{Ce*&IeF~-Sa
z@j0PXveX&p1bwId=p2rOyW=%KJ|tabSX)ig#@#89;I75pr9g2gP@p&jcXx*t3+`T|
zXn_`rYk>xr;!YvOHN}E|`JVSz&NX|IlbxNNbI<JTy_cBl=2Ft5mb_;Le=Q(a!{5^b
z4to$sWCLHYf@FJ_rlA#cau;ifx6`;2Del;e0)4XP_9AXlRryJ%5NA7RZoGrYDr*)$
zmHp%3Bm^QwKiNBtZwLAU7_@x4a*q@vJu?!x9H+WJ%=?WTJi2#zG-?u<>ihAPLU%CV
z1TL#<I(c6sdj0_{Mvl~R-*=yTJAwu0n+<|h0`9rmJ71{3iPQ_b&t#d@PN9hRr*Mvd
z(*0@JHUSm4=DqSUKlTW<aguov73oh2upAf3U@az%<9%QGn;+zpt_?59DzEID6&jWO
zv<-E7{uhw_GIkWvaFAm%+J(`<f`m&$c6cT(ulYCh7bdQXHdR8t7|W%aaj^!pE>Cfw
z;vH%Q@jG1QYj2$dbOXscf{D7HoR*WXChY!5(@pMhmVD$1lRRsk%W^uU@W**;Uzm}c
zGC;wR*QR&uT;5#B&;Rd7GYT%3dgC0l>EVuE>HgGR*<=r!6t1H*RuuVbscZ$2nV1u1
z<>X0uYb)H6$4)XaB7LNhsiCfGIygPlKLQHWqzvSonsKXpZ@sLm+aDM7Hz`h}LZrh>
zx!>V*8fRj^2!9P^kJkOT72U<V4_#bHZ^qbdVN=O^*Z4}uJf-_^8c^8SCpM@x-e)uw
zT3I?zU9azMe$<@*>1h$!KH!HAdAHr5L)s8WUKQLggIj3D`h{%<{xbe~tpF7$m>Nh(
zbx|ftG1!~Sma@<pMssjaYU89vIoKISc5)xjJuJ6h;F7hV;x|0p{QNSd_wZr?sibDt
zyUY_5!y=cxB8-}EMuCM*+ys|z{vHmO7}S;f&fZlyc<vl+#YpgJ=&oF8e%0Xubm7gp
zoAR3Uwpa3ki7Wm5H5H!K*QF5|Yz)PxL&fs+^qPt%*0}(AeOqC2+b;plwS)Z*fd)Fw
zRAjYY(u~#L978N8s;B;qJtGT}7hef$Y<vE5cI1dWiK#-fCS8EbqM=;sr!u;V4aQw%
z;AfDf=VCH_Ht;no(+plGGk!hCq_y;SfITM0f?q%wKRiX8tRwwaIAPrTVtiqwH&*8~
zz#=6K_<4)m7LUvOUI-8C;MWM*`Pf|*Isikgt(-edKh5r?^t#>NhO$Jn-6mCGic_w)
zva{4#TN>Z**R$9!LE9QP6%9T0y~lKva!r_DoB$s4oe(<>y6@Y)8k@u?p4X?OJ5|rv
zTrR!B;b%YkXJ0Y@S-h{7eav>kBdSJ2lj>i1JbF#fUm){iZmUmw`>#|4R9?^*=SJaj
zsfH0|(}8E_^qn#Fgfl|uFS<ha&5;YE#`6T<We2h2qXNDdbwqhB>5fmzpw!+>QWmj`
z0<Kif(^c$ewsl;O_voh6C=EUDjGiu44zfFS`%&+-UN<~DzJZPDNZ}-`m9|T&NoOt-
zRz64-<DQJDzJlOZEw9MnlpmPAg4lzUcJ6FD<pCWj=;>ytsRWo6r)BUbx*XUuA!E{u
z0xB(X|Mt6e51*8z-)^p=;Rr&9Z!<<YXAvBfe4zxnt%ifp<B_ygB?}`C*Fle;sD1Rc
z*L2uloZi&1=p-004W+Ln(tJ4&i@wtkzKwo)QbD&M_=8H^O^f>S*A?SAARD8Xw*MF@
zKqf-;tp_=sE)MW#zxv}JASK)!DcqE-|3fvcBMPR)3FbNKpKGLb%s(txQzR=Y(&F&o
zunP=II6jhvX;$hFd4Vh*Jp0cZkDm!?ahSVgB9yyT;za8?)vxH2LW&|~pqSF1BMs1J
z_G=OKvLLE1j_#z5SDO%1(YEhT$>NV%$R;`+tb;pY;Z3-tMSE;rpG>H>-&;*9`<7l0
zV4rZfqm)AAswIi;)pcFvdS|2F=Tt2iwXSxC&-Sf4A)^<_{e0H(_&8)>@}>^W$Tc2m
z?bQQMzgD(SUA<??AE)C9)JPlA!If8X_syvS+;1K29#7w`C;0R^^Fgb+k42&U=Ny_L
z7khIP@Iq1y!LV)5LODz*j7Ja()$$O0HdM4R7uFSxH<$jjW@?f0H<l!Trs{>gJK6iP
zNMOkm2XRj?FCmAXTmDb*x#=&yu*+mG!Dp?wpWqZqT90p=Vh#DQ>8OM3sDr3lB3fJ;
z4fDeTDyQ0?{X0gXruL9wl<bxW7EIKR+@;?76#<K+zX*`kcHOGcedqd(Mz{W{o6U$z
zACT0lu}Y=gY`aRkpCM4P)t_Axf>*F}!QIE*ypt=}J(tT33VpML=T2*@$JA!<W^2(U
zk84ExvAxZRXCR2c$lEEZTX3F!#Kv;CL4|)9zfwciZmjzs@$a|_n@z1X<~g{?E!x1}
zE3T2l6*bG@Zr`t8Bi$E~M7u{$a_R9{K&u{redAVm_WR3X?%to)vw61+%9qa%gDBeG
za5lo_2#l%H@-GxSDmQ?O9NJOx9Wqb#K!waX;dRbIrx3B+w2XSyZ?wFAow~T?`jYnN
z#F6%<Yo3Zo&U6zry?~S9iK3AdVW@>RjP5f4=xEwxA+8@Z8g`T_=VIzk^L-BGhg>#|
zNbWO>zy6_FP#O?6$BmI_d&XdQKW+B8*}M0*n%UkLJ7vI0IYTVkgv&b9nc5yl;*-<5
ztG&Ww6q5wgK8)c^GdsdYM*2k5iv%fH%F=x~n&><W>&k8L=NE6!U>~CWYeWI#)bUpL
z$ArI2X^b%HJg3|x-gR;nKNGoC{M0EZgFS|};K4_-IH9maj7Msu6f}Z$sCD7%@uo~+
zG}H(&hc>x4ZaEeMa&Q_%fv!gqrl~MvE}K)^okXC7P;R_*u9Tz+-aoKhFE}H`NpUt*
zE8o3&Id5rs!1rjvJ9lAsEF5L@46WS|>FF+8S1@Jn>0M@Yc7RB-b;fjT>{G_H1p69r
z%uasAko&-Sp=V+Uiqg&;v4-#A`nofI|My!lST{1g2$DD!eO77CZ?{s<DjUwzz$~_8
z4yJMJSiGjMs4AT(>0A*u;Yz0$w-e_msx+)@x#YA&Do0#Fu?ypv_{XEN&+k3gcba5u
z3{t|EnxI>2j@LGnee$S}DX6`AkwvH$@m;4C{yvkJo5;wCFnGbaveCM^AJ#gefHJXf
z<#+UcZ&zpwwa>o=_GcpOr<dydpbXn~c%gfo`)=2Br+1APCK`&gFGT*mK#hRb8!h9g
zNR7`08vBM<GrxISYLn-pNFv!Kdw4k!IY&I-x}}T-S7R}T6HS_DJ0G#?b$`NpLi=Z#
zYMQB-iC=?xG6`4O@t>C{+%vI^39rAJ;BRDI3m$-^x9mc{O1xcFsf2N~p`~xoU`Ym%
z?DSYfdepr2lHtj=XPsW#UhM^b<z;-_Xq5V#>dA(p<5K(iI80Aw=*%BhDc3}U^p7%P
zqNe{}3I5zkaYv(P*M5o>Mwk5yU*Cox-D&2KNu$*D^Ad9OMl;?nLr>s}`z<r|AHQie
zgr|_z7v0|6O!1p8D-G(}-z54G+=<5py3ItiYd3mS&Twk+ElXo>V>}tOr>sfiC#~i1
zqoS-z->T_%4P%!TpqAkhE}hUGHp**@2DN4$fQw(reFx~gDx2;Te-NHL`0#*{^W0MU
zsb{?T%~NoW@RsF`)=Slj<c2z4a8A-q`BhKOW2M$qSg-%e*FLQix>LPdp5wmCJTc+T
z{+@B<H>l@k24O6JHf@K~XM=O-z=9`c1noRTtV!qcls$u%g_Fw`i$5H{AoHA#Y7{7+
zOpV0vygY2~p6v((=iJ_+uXibqq4)2kl-l0%cn*{J^Td|K|739N?90iccbGR_;kw|S
z*k?Ox<s&{!D|W#ZWSRf=aRsf;mv)|PRom45J<ncn?nLf8?!38Q80ruoO|nH*eQLs<
zj$OR$iB0K=^c6`H(aUVp_v%G^U;JVLcAFi+Xe9n0cb~_lJ|c&^I?Rk<{|>&1l5b7}
z3QZ>7?M4!a&4zK^PzkxCrkTrC81otd1^YN;Jd!1;+G6}1lTY%pPq!aleQW2YjKbMD
zFJ*+~vI0)>Y9pFO|G1!v8G2cK%_GI~M3gNLJ}DCCBjq$yBNpTQaQZukA=M@+y*VYh
zUYBm)t)9(L;><A=-BHTmM0VpL7az6C=$!c6udPXFOb7y;#?hU4Ii1Ir9m0Tbl#MGW
z1-9Aq0=VdDBf8?{LcBW!K1~$7Bj{Z64g?g~h<qbgL9dj`K~I+^8f!TD^{-d^b!@9f
z!q05v8EPaNw9kmOHQZgFOVvb}SV;)JP9w@Z0l`8wwfZ$WNl$Fx?#*~4{t(>_K%#+E
z2OmQ}R=ieLBj1cvcjz?#F>2ONGfNty3sO-kzLKa}NEr2gx@>ZySw*#ZOz8Os;-uqA
z<UX7oKYWR!1N?$O^n+KWqAm^mFJ=C?r~r|c>ra|2c(21WT3qZ(!+$513S^z_<0@(`
zgGK@1XQjQ)k9^5NHU8|R36IZ8FO+8OZ*UP8YU{3(gK_S}Rn{0F#O@RVr85}H!_a0W
za2=dqPWXF*v9I9W4DFd+X4dpNc!!u7;9z|vYie)1hwCH>TIB5RK*rTrvN;As*ND)U
z1X6Od=DyA0Fe=&G{*2&`x8GELQz*2hI(bfpGcmw!r}g$-|D@TOPs}It-smpcpH&mj
zhzyC=XxL;-nCPhf==Yu>(psw*tv)Ve0d=E4KiS2t2vxj2z#6!r3<CIBj(s{Gh-aV=
zALRYS>zi1bY477Q*=G&A(08(C&^fZZibA@nTr;mw3QaS3v4Z?R%cG-gi8Z218KFZ3
zTGrh5K4r=(`My~_zq3r}T-pRAtjoF6vQ*ux(~F+d(aW#|$Mt!gA{`+y*r>h9%ct98
zq7r`rEQ{syrWRTvJtl}xX<%hJmJSPiyjaqkA-1%O-0H^XoS#@zel@ukmZ0y}_OtuR
zCugd=UdY0I^X$4?HrKJ3fZ9<u57Ku`ta8H#aE&%sU}I@yBue*gqgdqUA>30x0E#i%
zQf^_JCA*mjtYXJtT01ga$i3e6#~z|$iqOxkBh8+W$`bkZ)eMhwdrv9ShH&`QQA^Tn
zrl!g2oat8&h3DdA7|nE)oKQ5{JZ`NZvgplTH+;x(=XOIv@*Kba68(?(xE-WY^6q`K
z&2_E(Kt=<l5Q>i9uq71jg(kW-fQY15kG|I<*Mr)H2a(6odH4kWTbA=pB87*qq}pG{
zwL3l(eoKP_!=FD)>!!hQ|KuwP_xqTHxs&HY12t2|8Vw`h3tuKJpA?GSI-}rU)xdHK
z6H8<4(OL9%xkyGT22C>neNb_U0F`-Tiom5GYLd&Tl!IrI)DkQg4+Oq4dy%Js`q{bw
zZ8r*(;n<blqPxs`ES-blQ-!=b0t*kg9L#1G-qwQLd%g8+v(++mYWrm|caWC=$$b;S
zWrb@>%JpsS6<y=6wO37+Dt%5W1`X3G=3u|%K&|k!0Fj=$@szMj7Gc?-l;59rXGH^1
zMmwKKHj!S?pL8blv}&ComxJ?F`yko*lHG93ppEOR{Hw)(eSOXoF9cV{S9W(>z#b75
z!prZ&(vh3vxeVXa@?%2jzcSp6G`urdQKoC#Qn;9MrkzNZwmCu{?<|QX7dOkO=NFJp
zH84y|_?P=V|8GUS_&!>?B!Ugk^*D1gCICIV`F7SSl3h222Jc&b2I~}Z|1Hr47m}0~
zd^bcC*PFgRd^;Wo1oP{A)0@F6fwb@tcZ4aoYnK4E;}Natl02+nKX_eaBSD_6-){TB
zR!!I-*08&Czlxl(7p4srYHdh8y#8^t+^pt>t|1kGcUz!`t<D@S$^BcEH1TDzy7Aad
zBz>mPG_t}{>oR&6eQ!T-xj6)fL8gx2$n4KTNo}Y{!)F$}@K`LqAbwDQ>?EpCJe}U~
zev^8sm*d;1{0NkckD{|)R!(<r4_EIm*9p>U4tw&~MM?b+x01g#XIT-Bj|XzhFy6X<
zkWp)8wQ4#ybt&BN+RK_36W?H}Sp4<EHIArWQQs5j*0>B~VmszGvu>vtd;k!0j@l1=
zjc1=NY5Oi>)6U75ZPcHBUv@5?r`A=-*d?&RqL${g??j8W^c&zjO6sRqGlnbCE-4=6
z=U@2X$~dDT-4sn-jVTzeXQ6Yc?r#@*-2p;DX?~mq=vX*q47qI#1z_~X4~OqI4?Ga<
zxF(Z9#wv|7x>MRquyi~M+zMaCnWnlV{o?!Sb{U@m_F$@7yPAH7Acycu&81)X2gv10
z{YupTB>6@e*z|={Ad=z1G}eXo%^qj;1j-1STy|um@>}@W=wV8fZrAAidICcjEpbv4
zL}FvFRieTSIJ;<@YPXBUT&GN@5K{jw{_x@5%wBg*k--WyuNI=}(4fNPohPm*s(ut*
zdl>BViC<O>r51a-VqX(w;cs28!Y$iek%07(quji{0%Bh&n?chbfSBr+bIPa{GYgs@
zf*#Ly3)f;#USR37?j-WnLtDwvgU{wvJ!ci7WQU2=nxXn>jv-$JQ9QM=rVi1(I!7Aj
zc#eOar>lxPOlVt>q8(4fs%DF$cUpCEsMF^qu#|sM86ij392ozA@t5ia?QbPD8~qDd
z$!C2w=~SLWv2yzD==={9^LDhnd`WS|9mm4j(}3Jk7j5=6o{`VTq|Fz`+SRCw@xR^u
zpat)2pI%y>THkBu<(s(dCceTJn^v!9(7VK3S)R$#zVq)$wiRq9n{KkD3_m4|{Cjm4
zE#LhC4~<vDS}SOBrI*1_tgaQHvEkl^h4yURM)?;8rK3;r5`R;wMfay{>M?ub;|77)
zZ%%U_dod(ma(puFO~!A`zwB+Cnq0P9twi&ZlTnn?<629t*+QfT^6J`^EIq0DeZNW>
zC;BGT*xqu?W=(1gf?nrgpEq@kG^XCVD>w5^Hq}!jOHu&3RPn&|s}mw|#o=?`_6nmL
zq2c1(L<Tpg?2=h#<4>>l#T>IAhicr)zf1ObQVvn1Uy9SKS~gtoisHT?iZ)Xx`GC8Z
zPOF>TMV7Zatf^7ac{AsI2!_bo9&R+Fk}b^OL5nIh@;<giqNq;|GB1a$8nR*N=nWOU
z=M@~KQ)tbh8FIQ%Tc^#=4@fLrC+J$#@0v_VZvV;Lt&+c57_LHV;>J68!cnWF6ETjr
zmu^0qMZ8U9;jiKtUfW9}{aDBg#22wT_n1xWrI<lwVvC2ZKW6^434bi;Z+xkI=DGO%
zJ_~}`{v7<bt;uiiW^3823)6g>=9k?rgVUzt4<_}=wy>ud|0^RcCvkbs{wYu0%G=re
z@%iom(qzSLf1XrqxHzmQ17);94r>(uOg+y3^{1vg`Y15&VBUL<{lr8r-HL~TmWT46
zo^7Emch`(H7?!p@PZDjEnMo%@H3=G|TqUpK9u{yqc9HyrO_h5Ab$+?!NC%X3Tx^Q6
z%^&DTcAvIV$B{9`axg_1a(=Pt^KeHvTJSNv#shNS=m)<UKSyGwC?SgLviP{Jf@DfL
zA%I7lKQh6YD{{oHdpx-+Z@rUCiZWWip2PRJS^CB6rNu@=B%QQu*mXza#!BPaU?9(B
zD%a&RKM?%~6><in{lBLrd<_|~sobx~5o$!BrjKc(c?FLe<a87&ZkkD>h4f4rCGK*p
z<$q%iw!)zr4I6P9%C#C=!^v4<r|n}lG@pxT6|u&twG*WuK2hbKjOTsDjA-;=H6z8-
zFu$Liwn4RQ>V??obFlI@yk!L;e#MS6V;emB?m;|bUxYEEDy2q41bH<)A;t#Xo0STm
zt(F#(b%_R~A%fbU<if<OaB5Wpwuvbu>ak^F6L&{V?`})UpdM7|{gMX8)L@FNh|gFT
zn~-ZFWm_Rf>f%d3)lWxZTG7&qJF86pI<3-RpenN(!R$^)rqT*j@x#>ce-i!os>1uK
zT5kP`Yfs|Ov1(-fx3jF~*JA~<x|OrzW*@|&MYkAZ$Q6R+N?CNOEq<-j>Kwd%o%zA$
zj+4-3G4xX==Rzljl#xld{8|@!h_rYwazx6;r@x;fh1&Gw(4s{hYRd>FR?fo6Z1Vwr
z`t%*q_XDrptqPReL*_J((2o(E32$A9RE(MO@*AHLbdO7&E~2j4Te_K0Mrm-?AJwo%
zIfvKSy{h-Zs1OtvcSyqBynPXDdKviN+S;Is*_B#0(Tp~oglqyOZdFxt5@GZSf(tRC
zPX*F0jCCzqCf`mkAFnV>q#xL9ZMml`9nIulXoyw(lpJ=xhr(|BYGYFFJ>NBv5B?l=
zyM$P`27AqWyWvsRCtZ7tFHzd%1v<lY_8Kh^{Nl<Z0~)Yg$*`vPJVi8N=jKL<TX_&h
z;kT(j{&`|%@%HcCzR##}ybFq4hW@kR%<D=}%v;c!Icv$Y{L-dZS@~UV(l#-*#xX{1
z`HC|b$fY-@zN(HHyrNZEsdY4d8pqln7Q?My$>s*aa%5;pF6<4IV85MrN?>k4*AtkW
z*nv04euopG8d<g5kbf~q!|hZi+97lnbi@w>zn6s^$@Y%PwCc&W&V~Qj9&RYL+^#rJ
z0Mc_M!fN^5TrciK7ARo?pvM^0#c#=2d7Ef1Rs=zE;`w<wi*hW<k&P)$--p<p+!a%W
zTa9a5X#UW3>t)4qPzP~IM^>Ae$*<oo3NReC?e!Tanf;k=>27Lhn89E{rhh9ig6|wS
zX=YYx6^4i8Xu=Km_p)(H?9XmiI?;bf(V%&k;NykA=328`v4??)o_?ZrR7m!L7Gx}o
zKyKPa{&&f#y*~r*0806dT;bdPh}H6}p|Kb2-It*K(OoKzS+351<3@odiw*`d6l1*D
zM#ZbvA40AD|LyyobZkt$?8D(c^%61-K4G))>LpeE;aEKC&Psf%ce|2b-(f1h4wjAT
zX{_r>u|6OEcDvhh8`D$Lzqw^v-+TKNa;vxUkg@uJdh+CR6E=Lrmej+R+;_hU4^~c-
zc?QOsG81%g!7WF>GF|BHj2e7M>ovz$MwGZ2_}#X)W^8CVr!y|VKlHy(f4F1Uj`ndN
z$GI%ne}4PA=G|8fWPlzH=XOG73r-L#y5lb^aQs*k7nSYs!>%?S(l3Z?%1r1pIFz>h
zK}z{HkoiGM{x&e`tT`jJxb{Kn{cVT%gOu5AVCR|lulM<5I(DT^IxX&pPn&E9gcQfj
z%47n%h9;W!R|^a8f*t1;G=f(&4Czj7h0VB&D`VAe3Fj(GI%KTBcFqR2(cXA}z%P4@
z=~RAR*|Kc#+1!Al^yl!wt4p4^57hPt>DiGU88Oa(3)gTJ5vIJU8yiTmyD0E=JwdeX
z#Ucnzfsa0B<z2IP9+Xr_oBuM19L^tJYP46MzaC|rlN48Io2$)Vjc#O#HLPH?9?q)y
zc9+<mr!?PUw%mR^kxmqJ9Gl&2v^|$TdAePF2t0Z6y?GWqebT>?$;AHil=bp*m|?)>
zbN{!COrt~vBXl;@7AdsJzQdvfOhsW73pPpS#vu83oT^~<t!oL0l#mcE)9|pK6e?5q
z5MprK!SHbMJ9H8A53X%V<FU*!>S<sOwv&q6wRg2v?8%3lzJpY@L&8Olu_MBkN{lB@
z1FX-oQVK{<o@R&(g%{p?CaaINvZ?P4CC(w&2AMS4Yhgn$iq3&8BZQuM+_`yiWix)#
zEwvPL75P6DA^*V?gp+md`Fy$DzOY4t+XElb%pN*t@A!b^Nai2LuC~0wqY;X_h{r{;
zXu2A`2d&zMojN#hz1u)Dh@i`HR6xNkEb_!K+#_+Umw)_8f6wX_M~#t2S0!&F7`J#T
zHiUwawjB%qBp*__lRH9h_rL%Vj3eV58ppE+)0GiM!}WHBisesk-wg4`MRL+*0f%hD
zU73JGTdv|m_^&E_MpK}xx-s;e$s`zQuj=GaKtv@!_KEuV;$%%6i0S}}pT;<BiC*p*
zO!0OE$%akv$`+a_hYIkl>v4V;$rrlT$S(tjK8jG6$+&qJ*oE+>a=VnP9JT1vC+KG&
zyXmh4#<9s)!oP&|KX0M_si!0IXiR_+Np4b~<xHL9?YL&u`Qnu&(plq2kLbluDq8Q6
z(I_^tV3`qU>_a`c#G8{;UL7)Fgd6-4%e68+$r+-@;Ma0(R%~VH>C95WNv~(}V2f39
z;J5#k0PnIeB`*HS(&ZY(7Iq3!^2@uaYYB=m%^hyJ@}B=f=5_TM-NR=$xWZ6<*MUxQ
zeJnitH}2f;;D*;d^wVd;D!grEywlSGYjT7F{Ht6benKT8rUK&e!bGY_+U-8jt3zMN
zFoHE@fkE%^)UMFp63zd$S<i3V-FkAy=d+xX*7y@OO*ROG#=JYkv{=fO0{l``K&JF=
z9<wLRqo9X1ZA9(qP93eu-(8nZs=$d^uaS{E*5I>O4C51W$UDbERpuKpC9S^33gMi&
zbCmC;tZB;!{Nsj_v%J`jo&v($c2M>f7KyzxCmSj$hpIvk`s;3uNm<^X+<8ey^4iDe
z9Y@wW4UqxGcWNSW3=5o~*0#~bFfBvQxc!g6p4(?myn;#@xjzi~3EKo2CWZIK1&-qV
z+Q>XjoCg)m^E8<lf2z3UNdL^B9=f7>Y14K^9Jbo1(#LJZp0Sec^PMrtn3*Ve?=*hH
zcTMPtoZ;L@V9h!Q_Ge91ub$sHv^ub##C(n?@j}J9fN|0|Mj*}*nD<Qu#GK8q`_8r^
z5U4!Gt*HEZZkRJ+r;bJMvgcRfz{<yo=0@2d9T6*i9y@Q&tTCO@@jZPU@|?<lrE0&v
z>fY&o`G;KPb<D4`(n3@dQl)zrSgQP`sL*oE^mXcdEqL98vm-1KJzeAc$ghl(QQX#A
z`rJQ-OsR73p0fp~(3n;CIB^-bdyb9^r;YG_Y>sERsYXAHy;{DIak-$D@A(k_Pi05p
zH)(EWp6M<Urj~qCawaHQlX&U-M6{^rq2r^eGA=6z_ND1XT9mH(Su7gXL<;Po%H-i(
z52;fTvq{?)Kgs%2m$TwB#xFb=bKN6{tCmV7t<jb#t==LV9COwMyKR4TRyL#<O)T4r
z1^?-;wUEwsj*a=*VgewV{$q#!(QI@{2!u<JsKa6-JKk*SGGJr}M8$$Ze3=w!TL=G{
ze5|h7T&}qtfSjj{CvthQn1HI-OiacdP(-EOYKjzJw+MRRN7{WCbm*G=XOdN2b8AwO
z)n-rrMTupO#3HV1JTln|$~7|Pw|0dk{$zgfcZ*obfFUI?<r(9&&`qzy)Q_ER(DhiG
z{QHxZzq>QZ#Usj%Z(?0}8GGw`P5&{1mp|%6B)GNz$K1W-*R1*c-D`rjT|1O{XU=(o
znEMR*1-CEqp(r}oehMDbzI`VN?hBN!;D_i~jwuWDhA1`_MZY)_exXs6!#uLtXI(LR
z*0rDPBV=+kW?H=p9_a5#F#Oh2e1s!hH6hr4>lbq+Do|;0^9_H+<K2#)^WE#VbNh26
zO`{ba#%Dz<D!c~rT;ZlP0GQK7`Fcxt+Zq<e{SlRMi0o@khEwXij#4@W&JYFHT#iD~
z59gS#C#s_p>iBKZmUHA-Lu?$gXYS}bf~av{Pu^AF;(8dK@f6Sc_i)YWh&PX<TWLYy
z0D496&`UMfMN@NHq0AwV>Nrx20qgeL$-5!nCN750Yn<P1{d^VHerKg}qsqeN^ed>g
zcB<4S;Z?gAhoTQp^hy$AGTcr-WkU%{WI{9Tbt_zM9Fr3+dKzLX*q-q)G@MA;gzMeo
zF0H+oe7LCQaVT55SjRN!$No0x6sd1Hyq(%^U3Y=c{NQ3Z^4yuab1`Xb$jGnVHXYwA
zG5NeR7Rl(}^_d(_%&;RV9B6#@3l&!=VbaFQT$E0D_@Mxe`_@|Yg#EW*LBddW7wW|{
z6ix*i%lFh&+Bw8F?bHy>Th~n)n-6K}RgpSHU>EL{2h+TK@9j{Un`hACgKkcs^~?KL
z1|QAj7<+MVzT62bk#{t~L?<YQX3>M!(;d=Me>fOnDkUOli+V6LjMFurJ~Z~m?^ayh
zOMzQgsBi^je?(YuG=0}g)8n<$Dmyg!v*Jp5{o3Gw=7+QfloHxrdjl}@U37bUJcvy1
zHaGJGpU;y1lKn@IF<9arP_o*@mJ+4Sy)x&W^eVt<tXM(>QgwfFxF7=8FOVjtl6k*>
zRS4J5leWDYWV>wEVH=k+sCwZe3)`tmLFdV<OF`=%7AsM$ybKZ9<j0P?!aq(hqs1M%
zd~d<}@mkfPrlEl?YPB&bVy{KT<~c;!#(>0)0aKbJ&fW^K9Z#TFFiYr7&F=S;FpKrK
zH5=hH;$~ZTcg0dDC1F<D9qKSg@nALMXl?a;<c^p|V28w4twGvq-&JqAW1$-=gQ~PG
z%OVj=5~9(~SI7Ftk#bUN4}5!5J`jnX$)hWzOJJ^c`G>;kuKC3&qbk8$w4If?3^J3*
zUlVml@yutRtJDa~sIrDj!^3`Egc)d`T5{zhO+|YzL<W$2&h}webSvz~N1ihUL!M1&
zGE;XW`~MxY&u(|D0=^y;6S<5_6MkG1Ah8hDQC&_Oa!_VOF?;ROL4oumBXY{$f}w~4
zP~=P~EK!c<GvLy(RO+G1R?)0lH%6BfsTHTjhIhD*HdBrrBmuM7Rtxh5opRa*p{7+N
zW!KawlMcS0xL{?3HCT-ksN>G7Ngv5*a{0oIn?DMEz*F*W>8Q?2emPpwkew!rbC1w~
zMjr`;oBjP;o#B_LTOr!Fqm|6+4LUXdvvutmqwVA}F}8H=97b^&tB5xay=%{q<=UE1
zETaj0S7TNbQPtVdk^i8tbc>eAeak=M`~maL!!)rEEJ3!Gg6Lg(Y0~RfQ!9Fg&CHvK
zYSP=d)q9qkTgCcc`65x|$AYnKx#%XZ0XW9^)D<B4xxr7yiBFs0w&hjjPvj=EBU{$d
z`BsVC;6UR<&6iq@#2%U0UoR&6?g&oFfW&LC73_ub$k+v%<CKW+P~Bqmx;E=zL>WT<
zu*0=!y-#YCNON%D{v8$jo}7w;RA***@4)2sKsFWfzx%c#b93Iw#Wo|mjfgnAiQjET
zG2Cqe^u{v=Th_b8Y4a@&tJb7ca*0oT1#L!Xtw!(J;k}X3TYdfH!3~j%*6t$2s>U=k
z=lFrN@{88?lnFzkrj>hZEs8tAs+BN9r&2JN$joT_zRP=v|B<sm!z`NZquHBsaKZGp
z0PR}jXn=l{1tePX!1nROpLhH>>OEj4*ACy(PtB`G&H=93=8!E#OvU-X|C3)MzgrUt
z0`k65oE`sN3;uFX51q2`0KP2)Q_25Kz#!QC8C8jEpb0rX_6EL~4bwy4__l-X-+BYP
z%HBb^>Lq{{d0)oh>UFG8293**cf;(^vK3Q^bucS*h9C@R;aZggql$d^Zrf@O$#Uta
zFa0#Rdf=>Le`Nb;F&Po}uWx3&J)OIan_gnxm>0?ur($fOmj&w#qKE1Uc7VA`!IE-6
zvtU641K&O$LWA<bZ%sPDT?@h^?XG4#P;%i8@Nqf6{h5I_8)!-6J!E=u&c<{uLEyPD
z6KwGkH4aZ~)qtq4-Pt}`ne>27q)Byz>g*0}O;@tl@STj7jV%U030?{K&11zm9K7xU
zbFF#NL^${qnnS`n-$59J^?_CM=)jbcpSGqz+mo264Ls_{ICRaHBPW5dnTYZBPYd)2
z7@7ksrZk1DIe&W?^YsyEkbRTo=}Dsr;iCKuPCNqIzMj|-NOl~wDV$&Ah2pqg3ApJ<
ze|G4co*!>d;BKRv_XsHL{Uj;7G#=n@36w1^&G95NIYW|rwW-DnB_vAAY#3dpLKSE@
z*%N4p5(p#1dEQW)j>N~!Z?YBw_EjGx*h0b{TUJxHs;6wFswKt()WBMhHCaR3M>{Yp
zH1;dqZH;p#%wMn_y!69PK!)Z#2Nty$1l%Hg4fS^G0kfE#t?9h6uHLq+&G8)X7breo
z95-s(?M02t9zL=)B_mc{s;v{4`id`L{-y)Wk_iK_i+%Z094#yJ26$UvKbpI^C*Y<#
zO%Js{@&qQnGlksNmV%w<7e@n#-rG{^n`C%)t+GQ&zu2sAPTH<>B##CtIQM}Ih7N7J
zzd6bM4!P<uhrD;~$SD1^1vzqt_kYRxUSlk$=qj@`-hT9w(%~QJUaLaaH|>}&!kwA%
z3T4-vUZK=9;T=bX1EH%WBlfGb#4*ixLy`)NyR<4y)WhuNe!h*J$L@wcyq$HjM9bWc
zTovdab+g8sx){6E6o@!qf2r>el)aoN%uuD`?Rw}ve>vZ0I-JPM6TB?4FAm)Evip04
z&s^HXF9nrVP+06Nri99)VnJ)P`61GgFjkW9+PVY=@`})p&)8jMydbH13lgZwJwK$P
zyC05;xZ~!T8Y-d$dQ^LfG5bvcusAK4fRj!D!o{)$&aAZgHpR2;Ll}hfdvopA)f>V-
zWqu35vlz%}y#U+){i0EQ$WiRc+i@?RK2ud50GXp_sLQP4fA*FgfM1bA+9~+L(iGQa
z@~0!o7%58*s|1TBBKT?7CF4DBH^DG8E|AnB4%q#8nE&}FdD8dtlBxC<Sw5M<oC!Fr
z3ILT%V28F1vjQX&10d5zdSxr67vSLWg~oJ}FsTII(on(a<vAu>g%nOH=%&}TGjpjh
zQy|2?7!6_;<N!WDPzPX&2ts-yVU4OoYw2DWm~jr&zYXmlYgmVyADH=zXJh$gW{dcr
zze)1REX9JP{F)(f2f8BIoPKgrXgYA89Sqwq=K%S?i-K+cmVy%3{GM1J5Ikctd`Zjn
zSW)SXiH(wiTKH(^>D-VPd(w5>hpQ^|-~>Xn5u@;Nl_p9&Cx{e+T4Do!K!V<?40(SH
zA&?^a-QMUw&@l72-A|4L>W{$(8TST4F})50>wCl@bQr=At{}FP1mu1=40#m1wLAfk
zl}QjtPS)ZpmQAql<`rehztsK*ei&Og&mi&B<lKJqUJ7J!G<JWTAqDOA@{M7>n(`=y
zS*naUE$zZPqy_@~$w2EAfO9tD63U<Z^yEm8+rNk4X=g8uRkq=P=q&y-J1cM!xuuj)
z3g}TT3t}`j2YksKgDE--fc7)Mumy#&b|?KP&#$TWAt@{@l+=HLw;6RQsU&VxQ#pKs
z{erY^T6r@S^waGnrlEz*LOl`orajnzl58PJc@Qzg8wKnsYx!tM;_0AE5JmJmpuTEq
zc_xFuI5lUeoiBwyOwSq|&VUSEEv5#6<Uo%F#S+lA`hKxRt~{9id+>LGD1j-uJj)ZR
zpMt%tUlawuCfKiAG$f~!WK&$Qgt&szWwa*Y=g7sL;T;lMBngDOz^#t7BTzG>{ihnh
zVtoW~iwW6R8CtapA;3V)fs}d)XwJREjc1cgnCjecMi)PXv<n%EZjcP)6>$Pr8TmqX
zL#spA<>?x6`5=qinXnRNW<cU#AVl^on?!SiwHSuf(OHyv@mHrerVSnliPdBK5kxv2
z5Mdgc#r)$=qS$jB!}8HZGzk_ejRm!T0>h9jUr$iPEJsyPKLQyk-H%EI&(_p4pf+aj
zst*(N%z#j+S)^yMe=<z54+5v#@P%AU*HGW8*sTYXf*upCGGXi6*pN~yDQJP0Zum=6
zn!S`x!<m{|`;A0z4BO%**xpw)PiHzw3L5FvqDVq%4F$>)Vt?rJ{|!joz=jUsgJE)(
zh3bs0YjEmyWa1>v4hd*n9=~~d!BBt}52(8r7j$xr0uIj|=a=a<2X!+T+Mfucf}Gt1
zpfA^gkn&HukQd5q%k^OP>2?m`{6^6W@a66iaz#v_DvN1Hvi)Q1eAe|az7#a1BZx@V
zVcN17=AbfiZ<Gvy+mjE7H6`;;VM0VmV6kuD)TYL`V7eCO6P$Sd=W_9Qn6n+EU0Vd?
zGKv9NG7*FH`cguBvt!H<=Fl}c3buEdX&CtN4q_6^3V0cV2!;tsvgGF=dW<=`pi~ia
zPOzuG9O^nN#w!eUJPw3J|8<g7J!p`Zf<8GPh&9$h0=o0~%)7JsX%){Sn1~y-$9{Sf
z{myk=1k#;096}pL@7uW$MBGDwmnk$bp&B)4+&BqFplWZrP;`W71^1Z_10-X0AWV(w
ze6*4=_Ju`RBuSw((*fU1rQ<WdSrb_dv>9B2&s8?)r@rn23A5{pm`le|10m}449>h}
zh9R>_d<KSskmyK$Mq<LfOL0I;e(}qaroEINsIchuuwri{%ry`Eor@G8yPO1i>{_6N
z=56>uP;9&P)a<@~wFMIrmVu9BnE@|>MAPu4JdWSg#)E>ijD}lUY5{)q76UbP=~v(R
zZ56Z|wt<9cb^EC?=74@dEfb~d@9#j50R&c$h?9X}M3y0J@o-CB0!q$ESOs+v?3i3L
z`HPMCBA`T208&B~>8VUGyxgJ&3hAwzg8SiSK?%T(CWC<K=_>F!O`+w<*gjBuOeKD=
zbU_MKVA>Ot=`oJf8&hTY4@{+t;HJ;Fcgd)uqsLA<oECf*XSUh+DmZnh21u#10lW6Y
ztw{KpI52PPE4Idce*@`8?7-8^f-<H2VVp($o4Eww@Rg6C$2+wo{<AW{h6xOa>`{Na
z9T|w4N)Ct{O#+q$_6t4-2dN3=)dfJ7Mi;UwVp^Y7k4v;Kz_J=eI=(E^aEXo}eANRv
zi((j>%1FYTFvQ(v@Hw3g06mU?1(CpVp5WAR2(K$4X=UgTy7_a084@f2gqC7J+WR6m
z4Ra^?H{mgm03*MFhR>m!of9^YOD-VDB76*9g-QxOKbsabcSUr*B})og>UFJG5wqPJ
zf{l5fzQ?6I4lCjcguK~3B2qngmXU%onM+udj(-=#y^)0jpr!o*T=4<kx&&bu#7WZ4
zJ`iUC0F-W@nI9q!_N*TPoWF{MS!hs0pJkFfix6g)iVQXr9|f-!TY`UuWqQIQ(4f2z
z|G>eOUlhH^Nu{7xUf0^H*!$Pp>g~Zw>1Juh$tEHHNx7IA-nbXT{*lc$@Hv2G$C<%h
z0YIo#KRkzd$07(}cZ9@A;S=+~I%Np_w~e@Y^(YJ_lE0V*3CboQ4v{o;08`i<fy15A
zAWxDbFv1Y9XEmYiqh}u)^nGXmB>a_bnfUfDkYZ$^kB!A;5~?m{ADAxF%UP**5Xd{-
zF4ypks(O%RE(LWPuaW5;n}Uyi$dL#1^%nB;AVJR4<FuJ~|6~jwKD`A>K)dk3Fjf!=
zluQ}Y{*<o*4EM$Nli0QM0NZmf0m5D9fdzQ|0blv^U`D*4^#XH!GP6a|pUcYy_EMUf
z@pij7#W0T!2@N&4HE(YWMGg!c?$2$jP;PhujvZg{WoCG*T?{KoO}#F4ri5-P544|n
zLITA2Hs3PtvF`ryjB}96Xb_~$83o)5vG7j`@k3<0#{jVh1RYyd-rzptO8zhoGy6yF
zTCN+vR48GNAf)d|3Fv>CVfkpvTMWya-&qP3pALvI-B46Bn$O_fZcc%L4MU3rN}p0L
z!EZ+vN>XEzZ~g$aKgE27_AUZm8YB6hulOMWXnZotjL(~6`}CLy5F~T}4$r8pSFd7g
zRId_*ELm8AV=a&&ZIoh=(qSQpU-VRf8>Lx}2(w_=AH@H6(H;vhF^}?mDVBn=HC8BI
zE(#QTmYP0k>kbeGU9h|k$+TaW6^62m2S7f0T|1`FB%Db>^-_?aq^FcnpkoXy|1A)z
zU>WjBv0In}(_Kyx`bVe;CMRDYE5bZYM+JaJpMqiL%QAVFA4m9UpQ|D8)M~+JxsOHt
zq>_9hJRtDPdb9w~d6wm)GGQ_7&%8sW3`CHY!>}!tgy$520RHh!i`7ZnDmWsP@pf#%
zm6?Gf$G)4Eq)B;I2x5T~<JtHY08Q(M<HW<2cuG*&6om|MC7=xXX5UR!th<dY!E`Pl
z@Oh=AwkS3=w1?0cOh@7aN%}EO#mp@D{Hq-Ny-w0LWH#S21ms@~yPpSZ%MJ+AavK(q
zV=26ru8B#c+X2437KWDmPwdZt{REj1JVV9)a6Y?h^iD~>rT3BuBt;4EXCfB;0H+SQ
zq37$>BNK)UDnj6+h}lpx>Z!~H3b_{Gqeb!rLc8c@0rpO+oZ@u2{cs3@mlTW`0w=|_
z?QVS=<(c%+ew|G?zkg5)%J1b%r#oOc8G^ll833_18H-_+nh>OAGQ4HO)=Ue4tT8Yg
z7aJtOe3!7GhlBzUP=u#Uycj(P<}rQQ_ubm5<uFZ~d$AA6T@GH4<Kz(dTkigVrT59O
z1xz7GquBzmq#LKROr9(QKo=gz-@B#(-1pVyyU7iNteNPQ0pUc`?J5nls%l1zFqX$r
z-D226b|yAWV5+?-vtbHC2TZZ{Ayf!oyivxFIPM-WoFf2H>W2rBcp8ezVD>PS!S1-Q
z#d`+;jfP6aFi@=ua4RI9zZXWrR~(A)$K_urp(YK?f8oxSQnjd{t!OYTXM-K;&y5Wk
z?t+2cy9!Ar&k)@P?H(1VVyEn0uu%JlBV1BG?B9P<r#$8#rCihSbrL7T1Mq&hCcwS7
zgr61{Jgz#lqACuzKmhTlmMJ)$D;Rb;3Pz=b_L<s%2`$hd6szJ8(alDFncoe9o2wY$
zT>>ySAs?j9iyeyN9R&*&mx6ld=$7R*XWEDKn3~C}9h{EkT$DcqKrZzJ&szVJN@p<7
zx8Y91IaEeg4ei$#l>vkw1^^a>VEc?Xip~r1Tm%YwSo482I(tbyIFUd(41rKK9zIBl
zDH3G*hbNeDtBT)zrBbl>35QR_T+{Bc>j4M?8IHkS+R&hloy@1Q&xUG36gd~*Q?G03
zikQ6$5*a`D*=J}X2WgNu_VhB3;nrJ{)wExNv_ZTZ;a|<BaxbF|1_Gvgz~5;Ayez~e
zqkG;LyVjQ72uj%XClb)(UKTS%wqpRWANC7iABqls`@;)N*I@`+?|E-e{Y=5v3sn;U
zEs?moyNK9!v&61Z6%_q&7ZlF7KZgRh=naEavBL{~<$N38sdyr@_@d$PFH{Oj_4g=?
zxipWp*z;7{C;XQoCG>j^HnfXe5F&~MU0~jctDt5_z#%{J(v+89074bJ*N))u@M8Yw
zg+R;h#*d)F79-H3fw}@6VpQnDiYDNf!9eKqhs^Kw&QYEQ<kRgU!ubQife_KL1?_Ya
zMpBD`rSm;tUz$XzUgCdJ9MyvmjOhSmW}6-h`^RmT0r<ZSFf6Gb?nvTk!CDfHm<X`_
z93M!R2@qPDs0u#j5rDK6gTTAq{qSOSYN*9VJ%4eKs(tqlGJtz`?nD688Ujz!7!xZj
zvV4rzD27GtWjZk4UVz=x>nvDV9_=wK2AY(lpuYRMtUsP<i(#6G7p98B@`#|D1s0fQ
zUkF0@n8+7qMGOid<$D&74?u*)PV{A-1ARUaTw(Dr);t(S5{$wg2<<CEhb-}Ufp?WC
zp>q_z5VM+w+~r8mmtX*tN{}5I_yHRdEs%agSEbwxcPoa8b=+&}D)goCZdc(3K%mnV
z8r9PqQczE?>vI)_!C6G;5EJt?2Sf>iDh&ioC_n<J`N9emyR)bEEoBsiXgfX&J|9G}
z4s(xstq%a)69gf3JN@us3Nc8y$!C57(;46cua3Bzs$I7?F~~GS3)p6dz{5P!s>yog
z?<oF(hsPJf8Cgzp^aq4510jpe9HgtgsrFLl4V!OBYSp1Y3q&*^o8Sx%hml!@SjvE;
zXaP&<ak3&8;tmCv;GFQRnPKjH8JUu=Dbs=w)G0*NBiIkGY!rjk?Ky)n!w}6m)iN?U
z69J0~kY&(ku*HN5AFaDeI@Cc;NcKa&U@^TR9WzS^ZxXLnW1tj>MHsq9egS41S%_6t
z@UQ_-!T*@`2aJ74f(_XXz@GyVQNQIQe|&%*0vI6?CvD{WLSWutSe^}pO$gFe28Pj<
z^|v2N4KGV*gSsEOr{Mo@4{!G~fZ@U={4zYc5G4p2w1;sT9$STQgrX((C#iJ^1Ki~K
z#}cwX#VoE>G}93%0Yy<cpu_#a<os5;#r##ppJ9Ch{o@@;C5G1N{<+2oLnHsN(%)O&
z$ulV%qX&`)hV42p3c62Q*cRK1;RK>QBf(dV9)0b4)7m@(<rUXu^oAu&*zJcft!9~}
zO<~f_mgHV_g@E}QUuKU>6#2NV;(!JBbNZj;>!T$!GZ-|I(xAg%bH-7Qsee@R|6q08
zAEQV0pXJfEgwaT|E8+AK{wAni%=3>^aFHbA<XGP7?^cg%vmrt=xbMsGcU2`tV@;$Z
z@@Mg!yXi}8&mj?A=va#j=JA{hJBziPBob}mu8r%;ZLg7TD{RM&D_EULjFU`hKWw+9
z^el)gNG4M!|8`ln0uMp+d>dad7613ALpDOA`WT)|q@qO+4@)7s1w)$qCfdZeB0H7d
z>q$dT0-kfeADxUQ+1xs_FHLqDnB6+VZa}${h)=tYkL~*;qGoJiQSHQ@b1iql@rY+1
zhQ+PLbw#uv(q`%|Pb#hZY)w1th!BfzI4=+yG^5E|KCCsxORBB=Xj>gi`5h9j4d0=M
zOe(MYoSzI|<_a}GjkSC$$U%G^))xO@yHok_FI;QgB(5L~7j`8jAJ=F_SMrrL`R&S*
zjCwrO?Iv)+Wv9I;blO0RT5lOMW{Gqd?dF%Aj3?N-WW<jtIppT!WmXp&!=_n-8+{+p
z>zeLdP33Z}E?!96MTQM0s*M_*)oy6i!a($y=%bfN;PxIekS@L#EfGoldPY?!fQFsV
zRFN3k#au>@)k|EvAZ_w$C;Gi}pX4%)8rFWye*f?!wC5y_Mu;NwRGBa2phN87AAii@
zZwaiqa=-ge#Feq<rZSa_Opij+6T{E)K6#{WL!2b&^0FC}Q-U^cfvpUMmoRadNdxax
zZe81p4Ay>OF+Om;mC-X4W}I$chPk(rkgm;G@zMdaFdH*tP0`KHY5!6^LVFW4_Rm!9
zLosGsN2WkCo6y3E?${A=Z-fU~55cS9^-?M)v(mil+LjmUps&On--N#D8<iDJLkEB!
zAKKSi!Di<x2ec*J?`a}m+2!hdhQvf^_6qWx2y|R*wKU74H|q<(ub@brG;UJVCbY^J
z|4skiHTs9GASG`>=%6Y5n^S!r3r>5MgXTie7WE<p{>SpQ^;TQ?g)S0_&vHfa7prGp
zKLXr05<EU-|2;0s2+3p)1heMVvD~G7W(gd4K*Ko^?4aiErD3<3G-1Gj#S*O_n*|Up
z`~aG&-Iv1Uj-m-Yim|Bv%;#p+)^@(}Xg-cT)9G*p;%vB$8`jfJmF-77-{sfN4l+}e
z_CF}CzL#RRDe5dNcJ`F4arSehs_~FYEP9w1Cz-l?I;E%A%l3~G3MTLRoeufS#8TAw
z;V)yWoaBH-+Qbw~9=9BW=;(J4t8}^0=w;%EigR(1#I!Z$8IamO31WCoTFKfy%AL%_
zGcsGf;-4q}>N?7iu$KJzO<j>tNXUAQB@*bJmJjKUCzR6bWcZR}!e6~eBX}5T=W$&{
zK|siDY=l{QVpU;7&qB)asiK_Cy-zcyAQdM)#NDpfJ0k?wt$bb$=>CMi<=6Y&1tnsb
zIBaeDtnvKx#K)Xnw=vk8)rgoPhd72bGF7zg@@E;*E&E}43Vn!13x->j{VAbAeWIK8
zK?7}SzVEp}Wmj>rDz7s4*=K5r-L}av6ssKUH(i;2MbzI0kP+LcnV?c_&0UUu-<%yQ
z{+u6NqZZ-L8z8fe)Q%T?AmzQ5v3A#~AGAN(UkNM~N=m&dXp6t+MxEygZj7QVoLdj5
z#okV_G5e6I_Vev$950z%<lP@U>ec=4+u{{mh(jMG@8Nd%Z&Ke|)s`D)TzjTTYy6^W
zn=4pTdGk?^py&o8CZ%q1vrV2Rsq|LK+D7d_;9S3|N8X+0&hlMR9`gP(Eo-e!1KaYS
zqE8-L1e04o-;%Cu2{SPaX@q(AR!3M;wOjJ~5GXTem^<YVjp_Eddrt82mPB5J=?*Y1
z7zY$=W~s;xHSA!aqfoTd>DGTCqakFamM|NxishCqd^@d*mRa=o(35l^Tt1mfTW(&Y
z<_I_a&2SR01}S=pH(Sp@CHaD)JGM~blx4L3{{fUhYrkHD@N{!9jBu?l9fi^@$WbE&
zjzhTeNM7Qm2fYFjeqt#Kwn$a)LgClv2~yP?f*?494c>()cw*I^MC%8`-rLkh6bx4m
zM22H<0mw%PZb<GRxF-?Lxp5j3822=&wG<6ewQhkxA3;*7(qV<G>rl7@q-;~nq;Or$
z$Wgz1Hn9D1MdB(dsEbaeq_y(qw2rm1)dQyrc8)NG&lFCt=jtgT@7je)MQ*CA-1sXO
zE`{E^mm4D!5!G(=kVw)`EO4oxxp3)Hdeo)zFumEi0(!SeaN2Vv;XjTZVEBn!6znZ%
z{3MeUq}Pz#YDTyQ{Rr7>QDH3#w2B)FiITPADS7x9x_kl!+EgStkHv`XgZCx*#W$cp
zO*#s+nO5F_LRRzCYbvgKO4u$6$WW`E#0&e8BG>$50P1oqJ~PRQE}w|Y!0#Rq#A9(g
zxJG*Pt6DNpXs#L`497rDoUUK$bc|g-GQv%~zE*uM)!H(Rj;(J-*qZIuE+$s31EzyY
zxKp)0>?TchiV20R!yl&eo*q%~;L<!0t4}<l5Vy-rLOycggVEY6L}N9_`y-sw;)eDf
zd5DYhOAnxg%P8@_#7&i4)zmH7+W&t=f&AZv{c8VTc{lO*x1Pr@n-OkrDK+OKyv*cH
zx1WfoBYa053gz7KAnBQ2bAMCMl+-Pq_2}JFgD24~t)m4S{UB>zm)xnlrOx-Y#y#47
zASUG4@6A@N8*hc2^hUVM+)`>z_e%CA?aq>z4fMa&`8QF}{T8*VDqqwK(5qRWgOv4T
zN6=&kk~Z2>YBqVT^gg#lNn?>~s!FSl>e4xG{uVh+mvUs(45lZPWqHx#mx;;6H{e4q
zPOT<)OdaoE)DJyxX2&3(QLV?OYL^gtWw@IUHzH+e9=oAVS(cAfLv%5`b&PgP*&)?>
zhb!qeom(Lj`#N5u(@|f**}9WVm;G8_=Np7@j`LQi*Iz%t>b3t=%_^nG_@^Ar6i=ms
zk)v8Cy0l|->$vOYb|6vEdbEPN)ba|pm1DnDwUcU`G8ff2WhQ(OACX?HLF1>Gq!(+0
zho!2nq9C-C<@?#;`(YP79c~oyo<hA3sn$1`cTX5f%rv_lbIei@(Fv_Qgs0~rM~&Bv
z0<Eeyo2Vu!SSShto|<2d8_MyNd>M!3npj#*G))eCmKiviS?;Kpf|;Tq>?#rjAv7tk
zr6%8-(^6B4_e<sV$Z&wPv8hOI3Fmur<d$$LlFA#A;VAK*gXBP)=*yC}i{;Yxw0I9W
z(3a-Ql6HvY(vGya5sT$GO?HH(;IGMeCeSWQRlg^lAFlC8Z`DSBSx!n*D!sT*uUlQf
z+}QX(E>XbyT#jSXi{W6c?>?8Km4pp`<-1e6ul*=p-$S~LTlMiqa`QhB?IuyHP?zjW
zlSQF(&y-4c%(E5Is_r2Ffi@9^j4SRX>a@lk%J~}B$#VV&fx!LXeo=4}hBynU*KI(_
z%8kjZYMtz&`kD-yce$91K0X;5dX8${Gg+6ugwQ7RqnWh7yxDWuSXs5V5F7c78@G{>
zY%gNd&YG+>L8%H(o5fLtbLRYA6yUC2)q2IL-6`f>uUdaNSwCfX*{;!WrfN>@VxnH(
zFQ+*zapMmo<uJz}xN)5eAA!3OLr9-79fxqvfGMmjzj8uZhN#wy@FIvSB*&dW<I?+d
zJ6vb%af+R;Rvz!9T4^q5g@?7l<-!GZsqE#%P{&&OQOZeL*A%_bd7Nz3tJXPAHj>X#
zt#+pfcUL6m<#**wLuz*CH{Ac2bU!V^)?a;0QY*)5IX+#EFXQw0GT83dO(t0+-M+U!
z!q)X4gHXLbg;YV-WKnQA_DaEP^jP;S`tT`uc-E;!l&U=Rx;hiW*3Y5H8@JN2P}2Di
z@TQXxp`R$wl;_Zt&o@EJMUe9IT*?;(J>>&U-;{D2M4&QPD?rNLUI<(7hWifdqjz6Z
zRq~8Zy=YVMWry_2aXXATlSRSTgW4fZdswxeEdx1?U!S!8uM4kl2*NqY$)s*f8Ax4*
zYF$?b_tHyMF?u$?wTaz?icN6p^v@t<<p6}OwFl{~5a55QjMluQ)Wf;?KXcM9p)bNY
zcQ~PmUsz0DUPg_epOuTk9@0cRUK;xJB$9y+SM#r&)cLmj#gjz1h0e@hEH@22TZqW%
zchXLn#I7MF`YZJ<q#nmrscH(GR{qa&Hs?_cs!^jIJeaa6++40(ohH><I!T24aIA;m
z&d(2{uV0}x_d!z4{h^VsxtZl1YVLZ-Z-<)uq)gWr0};-7ri|5`Pu6O#PNqelim>(Q
zhwK<fRy(I<+7sRjhnic98o8QtOky>+WimWHpjzLaBnq*m#1;Hfsu}|)o_|oL9U7*E
zdWwXaq#c0H>yKKn$LgK-u)RsO-YM(qVhqC8yC832&{osoQI}vCg=7^ehE)Sd0onIo
zrQCcNGba;I?<-|`gkCqYkj{5G?I+4Zx2XspmvNml*i@P4S-jt4XqfCMZ!oPlk&Ml=
znaGp%g)**{3+sMVSbMltHq@cT^~lgr?kGQCT4yZBjq!~2dF7$GqSNu0wV!Yg*Qcpr
zn#cz!@54%^zZQ9L%!yBu5m}pRJuwOF8l~J;5mcorFh|DUc=cmZkgDt=Js7<h4lqX{
zw+*S*AKwDX<;2HCxy+aK?&ns7iT_7OL;;OQdA_a)_aAyx6k-Z(x(~t~o%QrGcVj87
z1jT58Yuhu}lHd=H&_h0R)`D`h-UyLWT6wq0nyh<o18r}CjP-x8ln57+oc*`nEGAtC
z8NQizM#GV#zxQTQ@b*NG{*F>n@ZJEG*myGt?=XBVK18*q-2#hnQ*Rapd<|jin{ZoZ
z&ObgP<=zYBCS))ngMmy1iLZK1<v1c=J{C7P@%v6V?;nr){4muHBeAvVFl~%~xvHuT
z<NJq2VO>x3GBSkA$CvLl`LYq7w^xXzrBU?x`ZQ>fY8^;lP+pD?xkJX@GYGk(D3mjO
zA<5IAoAvoG4*)UUtSNGz1r*Rtpn!Hx6oq)96Tk1mN8z&MdR7@76xDMR=}^l>idU30
zWBJ6yRI{6lm~TEDvi>r=qDcxqBML$+AksP8e0_$sNVN`_2n9;N{At`E<0}Z?_@_pC
zHM>!ybD9%&3h6{GcyFfdz3MCskBl!iibBNrWTPmQ3W5+ZRyK+PQCUi*2`PE8Ix@%~
zb$=tfBpTs^(Fd=ns(W#Bx#QBh;Vygx8JfngJ!10pN4V<|r1U#N^BRKg;)f-o5Zgr3
zFb-=J1xM63I<&MD;e%-LC#dFBx@vuQq7Hk$GAgZ66!56lLvW;Y8~IuMiHDfKN7ff0
zydTwkmW~VuU4=*V^#{o;H=~fNS+dAx6gVUL&Up-Bb+0n&okOB9Nm;wkbgR;DA5sl&
zY~0ca3&4a~1zfnU-mDMIauBXBR~8kh)~9anY-$~J&<j6!lWdnm6x^YCwnZ*{SCI=p
zRP4elN?rIL$(LZ$@tB+#kBQ!g5uRZt+BDeYy#ocJqIW9%Ye&JRRiyu(>wu2+@I3AQ
zU&1I7P7K!q?-wBTIwDtC?uT7@sOIDV)P>%6hUGl?)kbS%1RR}h&`;0qhC*e!?j=J%
zxYR5^I#ca9>ODSzAN8)Kw~nN`KdwXhoG?id2&bb!t7+v(6tZTHzoz1<O_dQg5ybL_
z<-E(sk}}Oowwb&cGXAqPJ>xm4^Sy@UThI332?<kF&-K;;5mC_o?-~&WV?-2sa(?80
zQXZG1-j@LbojQa!&SfiJ!`&E}?M-;UC)luFMuBjid%WO1hSVAq2%B7vhPCH$ZJji*
zR6tk}z>2K*_CUb~-+6nJ+hIIcA_~%rwYatp?gYoRbv!>eu65%E<k;`aPK>4r)WCZH
zRSG#oLEt9Ws|vwBon*pWh+nW_Ro>-I`Xqi=7j7U)#EMi^m3DpBM+$tc&4oDaO{5<y
zmhpbThwy4M3aZjGwJ^w;l;?Jsq$)UcnwAYY4y}zNeB;OxB9nLKdGKG7))Nu#LULL@
zek*zZx+RHRdhc{Q8oc+r5)_BJajDsbn>@kr`iTUhG*Cd}P2Mu3)>4j*YtP4rxNr@>
zzUU`B$%wumk%IHcanPIVQtMEl&g6D{Dm}egRn>Tg%r0ABYs;63JpfZyny@e+NWHGV
zqr(W)X%8bu&ie79Amgx%8>JVCd-MdTFXYI1ahxc~(u-laOJkQtUnWwo%N{QZbt%>(
z2nM@~Kjm721*sy!HA#yArHerQ?t<KIrAtmtQq`M8Up8rX5B(ILmYR^mXdg!`h~Ei<
zkVu$x^4=TVxWOGV7Ty8fscnL&-8Y}5T1StES#bx#U$coj?fr_|mhTSbG|*V1i-`_1
z?!E&Q&Xzlv!Z});H1pJWlRkgVl2NTMj!#S)M#n+)Ra*3LvA)J#+HnCc*x=1Y*qBqS
zUEXLY7D-bx7T%=!47!N}oIIaYYHvaKFT@E;CW_ZqfFiY^7!|Lrh{%&#TUvZWci&}%
z4@5VR#u4`3OVs&7dOq)sbof3)niG~RnUZCSS+Y#Ymn>6?B+Hc2NG4pUuB<FY%1R`e
zNjIxZF+r=mAer4Z5~|{YWSPDQh8{%D=Ayv+rF4d*!XD;)I^>_Uw>%UovAFSJ<TxY+
z$WW{rZV-^RXIC{;=HMDSTnL=p5Whp(USm61683>_8u$*3mr2_XOWSMwr<!f8{`QkT
z6TK-Yp5?SRlr)!1<p+sxCawvbl;Sxh&GgUAc$z)zB(?;GiKpXJL;boV$EVWfHRSD3
zI*+4n#Sm$rP$q5fVV1V<_kR}lxA}eZ1E+4OIhkRob*W*Gqi*?0InXA0hr%3J=0qaB
z@m_ME&EU(ND3}Bxo?Y%Z=qs2g2%@ljkQ;wQ-m<Bms;X@6h`_)E23~8+17;@5jQM~*
zl;(t;_ON6T-AcNRbnI@W+-8zPrJ`h!^NGVOS>z(gB9}%)0?@6<rEWz=k~!U`%rHSs
zkszd|T#J&rErj1k%G^A+g7T4qOtWV57JY@&-hv{f(9G;7P^9#2P(hK>_dpHL38P4r
z?Pb~s1s9HaaFnjTUz9eKzD)XaTWG3DwI02m^j|b6wCCH>1OZEm2~ST~P`cakrBpRt
z6oj1u4Ar(>uNnVR)oY;HkGVsyl4nb{y0A~Mf9bTVnw%5)9@&$~_rd5ZSLryk60WOX
zXG#jwi-b88UBklM&J4j!H_`iXE8U-ay$BJBb*m6z530UQGTJGK)45jP^>lEcl-mkC
z#GcH7WWJQD(xI38tM4vP;TNurS5#HKMGBo41Yv5Z#6|}7y--jEjpV`yk>ot8TI<J(
zLOd4*+1$M3JfvEGJ62>@%1Tv#Ab|__xkEMy8IHN}SI_`mfxTvFPJ?7Ipg^7ZqO^f%
zFvo9gu>KwVD-2uTwQU7k@OCnA#82Da*4k?+R9XgUB$8#aO__WH!mM7D$+TTdmf6K_
z<q5N7nO%XD1$h@F%QQs(S)@$MNBF0<S811Ap&NFvcjIAOfg8*Vtk<)b&Wgv1M8WO2
z=)DQ<#WI&Qqd?re1WD^_BuhEnJwe9xMV#rMp<3T55(Ssz@4kbC9i0k!wMY~^LDfrV
zP@XTMLmxT@t11!&dpI^v)h;UgK)<gH`l7Gs`X6=`(=|Z)l4<bLX>;vgBIVIiq&$j{
z@@O%8I2Im012b95ql=L8=u)ISI+s1|4o`m`hNr)$1b_c3{edWspVt$bRR*}uY^|*V
z?w>-TvZY9Ql0?H@0x^SkULcm{oe_wM-U9MZR-i3S3jR==PowX8eN5uw{PpoCxF;d*
zNrq}&Pn~)3Pe_>fAui-%c(lfh9BcBtg$PT`e=7J-*MgN0XCMN>e8(XIAr8WyKSm^t
zo~R;&WGORCma=@wQdT5c%1R|mSp`zc7HLRW>4RNiW@9bs8lHKZsk~D5uEx;-xRFA8
zkN(iR&wkIiLKGVMmo#(~5_z(fK0ii(PSPJp$x-jE;OwP9xEU!BTrvxtq|P%sS?VTs
zeu<;rw~IX;NT0$8RQY`~eJRTcjgk<pi=#xr-Xy>GHr;GY`uzp5)rB1={ONjOBH;1p
z>_So4Nk*Tl^_5XXZ<ZB<HfV?Ul%btze)yvT8A&Lll$EMh9}PJdLQ<e*OLvyiKb9dQ
zi?c|zPKA(xt(q!+4Z;M7<nHum0I*V|1YU;m>Hr$}ZPuPwBPBrUhb0_<N-{z$CGZ}^
zI6D$zG_n{7DFISBpxIf{#~@%G4H#ts2O=c^B#i>Qu2&HBwY2=Z>PQPJiWq3GIaO<-
z&x{0lpKDi<vZfR%YY<Y_Xb&HUhnTkCHH(n4W+_tEXzh0<eF{ZWcGLE|o3`KGTN6?@
zk_MwlcT*YNO=Wa9mC@atj9x3GHx$zcR5*82;oRMr2zHbNQ+AUg+QUfMO+{#Tlv(UW
z+|9zub5AGTAZiZ>o1`Cv6?rZ73r)I4*Cqn3nX)vcQF+dv6doxv%x*=_tLqSdBfFS1
z*aVZ0lB-tPSk>XKQhq)AIL;#4Y6H<$4-iFlV?tZ)OV(CxBXpg_?0D-JBSazgN^-EK
z5lO16jym&*vr@IbJ3<uV%e3J4tJc?u$3pNRqM+%&5u8>VP3&D=u`M5wq}UdZ_-4g6
z1%j@%6@906>vZKaNu7*>(nnAuJpx;FBWa{c<cMJGh!lm44~*vRd0az#f0$aVN9uKN
z4(D|Qv;XW(l0`&H4>13ba=XnGngrG#`J1!;vO$t&lp<vYSbyJU`hC}YZmHA$r4xVV
zRvxzHyKpo4EkO7T`7J`Y%@vxjI`JhZzDf+eQ3!to<9)TZym;gYVrzXEmEZzB?;_}-
zCk)r8bf=?Wi+39B57oNz;*kSL_>bWJh>H-#0_IreaDAdNA517P1AbJ%n*q3hbo}v|
zxQg05-!P8J0<-wBQn&IL9mgnB`gIt_xRsSA7|OVn4d!y?e%Oq(jOg@AVo~|2E-LLX
zpOw7-6jlTjP9vNhMnvmb(%S4TNZCO($PTJHc5ngfAmA%`p#64GrL}{qr5&&j*6~Wd
zC<xy5Fx`;o-$Fz(H<M_@o=Erh3B<a2CDJ&v$v<5JZKBTx)<Acz@y!~R)c7V36Dhe)
zlCNcnzTLMK;b%>vp6PD1bj38&X8My)e^^Pl&?kpN=(+SkDgB|hzV0Ya1lvi2Eu#+>
z(VwOCXKo_c^EB92`k<2j`03BGM6icwux-%0ZhntGr#<+NR~c-Pnhh?ZKfqpqaH;Ht
z{zH@Pg`Cc*bN0gd>!=MtueLwbVWV&C;US`s=>Jb@{r`|e|9>6d{Yq7jh<dlXQwY;r
z`Dve7%5}jH&{$ivSmS7{mm!u>@9mM1C9##>>rP|Q>IzF$B8^2VQ|s=bMvW{9GYr+P
z+8|c37V7{FNh)=xKTYrQOCfM04Lny1{Bs(3ss0M1pI*Jc2!j8D24BWz%T^#I;D>Y*
zrbHzKtfT?AvVgae0&1g4Wc0J*Lr@P5x=l=29q);p)j^D~Z?ZZt*IKPM=;)zYs|mxP
zvqf-rh`t7?85X*=u_X~~FAYW;(r((2cGHHmn>M7~Ttj+^hNcZ^H*H9}X+zr0HKb)U
z7;Q+qX+zpg8`5sBA-QNU+K_hBhP0bf+s!qk!8F)5`hd2e-LJB8C4zlD7;GB?5^NjV
z;&#&(l5E>B`(&<Lkr&k^`p2D_B!+7dQslX}hSJlJA}>SAjHO7KQCZhv{s?x0=DV>4
z;WiKc3by}WaN+%KN3L(N3yZGtg6}R@VJ$L*J;5e#4-^dVVuS5Q)jDM`9e{_m0eHP?
zEgY;3z`b|E)zFzp%+UTYxNrvfBa|+?lnkUu2pe3E3|}F_J&~i)+XEHWx^X!A^gt0T
z5!@4D10t`lL5hL+DBbj#A8nuOTDogZhJ7mE)*std4;ja<CEan9{1za50Yub|V<@zc
z?HeK8@lDVjL;qS^T3o{BM>d?La~~xl`?&DegA&_-hS8Y}?^x0klV04$dT|$v^;gLE
zhpKhipu|Rw2pP!I>4sp-s+_Gzt#cOJpg+He7XRIa4<h_gG=nAaBS8>ClSRNC45P)3
zNOJC1t)$DKdrrKo=>{N#>!b1j5vDNm@zXG)U=P#2deXl1A%ZL76f%g7r8sW@qO#&C
zz)!>EgsgZ*;-_IkM3yYGie<%9ME<C7DeFuZWXa+|@b4mzvd-*L?#pv2^Yh~)6ZYV^
zeBQzso=>-G&^;P`^R<2K-(?#7C-$4^|0?@!`WeoCTRrgm*l+#LaQ54jfvN1b;{$lQ
z2L^mE`z`bT7yB*Wh3Tf<EEjG?g*BvoO;lC&mUVX{Lzrl|4jRNbptA;v^`~>{qlp?R
z?1IE@q~RBKL7}dQs0_u>Q3WKn6w=9Gem`Nb!Dq0C>yUa~TYpjbcjYPV-<GF;cfMKt
zH|LvE><<R$Z2-L)pr1(%`{jO}VXy6{@46{+;|zO~yD-xg>Y5jo`oK<Vin>rjqDMfu
z8~H2Lbt-&=HSjyO4zv6wnwGvz?_t{_4{r8gi-%+zJ~zWo!Q*IT3zo5uVJBm@3)j1F
zhO2Nt>~NlED|HnfMvlYMv(H2Q4<PntVI36qgtwPoSbTt%cU#}i<$b!Zey45KCP5H9
zw9FZ<P*)+^w>MpAD$GD)CUjL9D3o3XUDW^=&LFu&xY3Oz7q0i<UarE!By*0#(lcIF
zRXv5ZF5Kk84bgphBq68ZBAs5QF0Q3)H^0|bp=~T%SQr2N+xO=$a}hlINrS>ODq;6?
zqc00Zi1rrZ{SbL+19G$?X-cabN20fqcZ+K(k#h4l?y~)c`HAm4`kB)wY4n5oeB<b+
z(|EshCfazGeqL%st3(0W-$zQhZCN?qPmK5Zec`h1st@Uo=1Aan`pK@KeODDN>`z1d
zhKNWAQ&aCx(80N|h{l7(?VE-|FM!<_0@KkQ0`KUx7NT8!Mez9|wM(Pz>=R6y27)hH
z?H@$n$%2n}NmlQwLm1*q1?9GU$s$MvpfZt}c$7+((tP4mAz4rn@mVBUN=s1yqErC>
z_^bAC{C_%?zcNvNQuuH$TD1LwAe7_U$VO6lQ7e4(@WB6~<mo9&E~GB`PE%6JalU5L
zv*L@a_%5yZvQ~VTR(x46exl?F`Ocfe7|_l9bdf1~y_XhG73oF(f9y%!=V2%bv!HH_
z>CX$zq|j=O8~+486jp05NM=ku54drF4iJ88qvM5lsrl2QyhDJx6`F_wiMSO=Av8Np
zmbRNhkEX+DwW^`g7@91`3$;~KBf_=u{>0T>a?+Ri9;}k)_&;k!c%Q$m8A;`P-G(s9
z5gjPH)LQl)lA)wmk@r+JR8p<*Z@(cVi)>2R6`CZnd0tnjOeLc-cnQ2;dkHAS_)zu|
zZzBC&T>3|7`kye$2vcybP`X){vj7vb3zEfcTcpt@is}aPPYL;_T=Cl6#8e<*iCIlp
zE`=DCns|;&EuQzmw3V+nl}vkBUniq-xUiEP77>vvCBkS1p(MiSwk@N=NM(?Ss4j<{
z5=`E2LFKU=*OGQv+=EJ9H&GDqM$!U<VXs-OM}duG^mj}FKgqoDB<#g)LaMTjT2cx?
zQQ-knH-Za4M{txY&k^AR>7vW?8FFZn7`JQnp9!<j@gW@~pu7LGRu``Iw>8T<(@7Ob
z<uzJ88ERSebgUGuvfRq;wj0PlCFGy-a^-fLyId*%cPi$CuR2%E*8jIFW^0OyNzorN
zrE!7O(G6BwM+<3Q7r~0PfX2gYh_5dS(b0YA1>%m*zC_1Qbe|K1aoQW)ipi}Y^1s=w
zAi9PhfQJP*K&qISt{bGPOM<R})G$&pt85BerFEeOXl1_uvJbIo=S7!<`C6C1Z>`sm
zT7Qq#dYG$q#Z9W!O{&#Rs?}|Ce@8=w-7K9e-I2P|kDiB0@2^$5JM>d9|6TYlvkR}t
zbK!sd_Z1(1qho(q{CFpOz|;M^?18U~{)=Am+_}!Z;+d9|z2a-)|5x?^wZEi+e!4#m
zf}!y+Tj;GIMO^wYXrKy&>D(U%p+=5cZ@;a9V!@k(FoqLJ#v_w=01AW)kfYZ3c_dK8
z<d2_`!v~^yFni#8k?x7_upUGD=UKDopwPp%ooM6PFs+)OJ;tiWISvJOZljyVj<3jt
z{w2EdGOdG4S%MIN)i^;4-jZmUkwAqg2&9+i+UU>@ZS;>+(@1ueRs@d3UeD5-t6fD(
zF@jyhm1d+=<{_mrAJcVG)@Bvw`9zb8z-lOzJK{VoCR(s$hHhE1ICor-%+P8tNET-=
z^3NE_;u)w5(YlL7fRuG#E9(rJ92KUPqhG`Pj4wye`IjcWD)-O^;yf)CcrFuRF*|oq
zS@8^`qT=i&SxSlg=t6=cvEP`e8T6Zll<kk0`>qG6TLJeARO=jw{)>4pH?d7%X#6{*
znpWiEBjowVm+14`AR4Bk4W*a1TdJCTGwmuF19n4dfUUkl%4`D=J`jC@z2I)<?w&*4
zGgMUtC8q2q>=ox}q^yg_p1G!~uARbARtLeb6eNH7+pm*?Fv%UNfMiM_Sznf2#gW*K
zOj?*7T}g#&6J97Z>oiR~`ga?B>83<u=NkD9sVgTd4wcgrg*>NO8_&3?lJ`x?Oi@du
zIg^SaHRQ~sHRS0<+p=>Q-;{AAX3QjI8s!^SJVW#iE}oI*>t8NymkqMNHGgG>M|!Ph
zd8O=ct@X|FuSySkA7-YjUG)T;q#&svfBR@D_=+G1#WO@H7)>XCq)EX~(*>bpN)JLx
z6CkApu|KB^g6wZS<;(T2O85JI<zHpo=I!ENWqc$4lCvu8dvTYM$;Os{scP)53>LgE
z2`&ZKrwal^=|Q4+yTu+!7X)WjSPI^oE(p6aSX?)WJ1~Rf^DbZRu59LgU#qIdOyIr7
zm%FPg^PWb$zcLc<`M%s;U6}VvEvg#(3wW>d<?hO1-hSd;2i_y4;BMwi-a+cP^@^%$
zect!zbNSxZxr27L%*Gzop|?$KWk;wLyf5NBEhW?iGSm`zz93mVy|njB7Uw|L(GveL
zv4*cz)!#l!3Wh{lYa&-`4yd&*{#9u~@0eJoAyEx!ekpi4jZ}jHs=+|2;fpj@4S!1$
zgz>w<(hP1+WJt@zcxVy6o1qAb0fmfTNumIQZl%nGBU=8IHN_Vs%hZZQ=F9SlM^Vg`
zPMV5yhcw)|L*AJQfy-_AF8XBvDOtpYo1p%(XqDXeHEsL7n0waO|8*5vpo${S)7=C?
zh;6>6s#;}Ppt7_lkFY1C+AL6J?a9n*s_Or&l{rZz;s~k7*aY&R{T3<sfS4djGWqQ_
zbf1`9L$kyVHB>IL8ghu=R4d&RwemtYQHb4lO;r=9P2Ylgq=}+!Z=<Mxn@Qbg+H};k
zC^(|CrgWtj!yTy8Dp7#Cv^|?Z=ZTvMJ?qsJ#No-;S5gp%C!bx>h?|p%*OLeB6MQRZ
z7JUmklJ)@U5kOk@x8E!UYlTGJTp^kfC>%Mbs<Ai3gn~=+`x>DVx{ykU*AfM{hlK2B
z5QNwU=vhYia(Cr2CGvwWRTYls^S2N6<?iavyw?-&8Q?w0H;nk4WxR{pNeyWo4SAA_
z1R?fp8!6FRDL7qKRaUB8ZI&@QhGa7hk{iZ(7hF=+SR8cwU>`lCBHDxa9R<Jql^HJS
zwZqHj`P)J2#GrQu9PQ_CKjrJ`UnTmbV2n6drET+$^RG&K!#mdBKFZrKH0f_86IYsD
z?->Puu^<TfF6p)Ka;v|6Z9JQRF3I<rO0uNjZ*``=0)P80UL&cK0n+vvV&dfzdHDmR
zBBWqdLc2gc>w^X&zxFO{4_(OEnw?NEni{D9T|(?-&p2WxuWca=erju`LpowUE?h9b
zjufp2RAV2g#;wqno{D#^YVuaGyjsv=uoGR5S`blh8jiS?cWqJV?BB@~wdUo0oQ*wP
zh213c3nbr)b2obL{w4Ik3zGRK@czp&gbzfVJD_4}+KuesA!KMoh8MtMR%Y#q5<N&n
z;5|XNHmQwPdQ7rZL@!8|xvj~fv3Wd=@nlLfq?p+sE__5YL7qGXCddHJ1PPo`RX3)k
z!;#pZVBhh7Y>IFxEx*QZ;q9>A>sGwB{8_}fe*<ki3lk#v4@>FJiNN|}f>bpRia$AO
zSKT4S432407ZxQ8Saw}5Nao3{#8@6j{+W)Hb={G&uCKCgNW__G2Hozt1&!YbC<dd@
zb6}Betl=%Pm7me!_!9UU3v4zw8^YkpC-us$L52I>p&tH3&AMt%rMnGH=yJ>zy0xN1
zl@`uE=`tL4hti*S;U-tj$@HjGgtKH%GL>5xD1bqmGm~IMp{{;}>81=rgJemsm&}B@
zyPlZlQzT1yJ+aNlkw1!vcVfyS<UCCfA$-7%C!f3^nWwcPJiApI?mSI&`DIY<(Yw=_
zln}Fc{V^PgJue7C0Jc>KzO{j!x6@(C#*^ISk#8(CLA$DmC}e!nL>ixLvWH<#RasR`
zhSL`$iwl;9iee7{v*$qCL(bEk`xZS<(I$~*=Q1RZBjaI`LV7XGI*9Mzj}uWyGO)hS
zbOtrBQch>+lUSZ{o#(KK%q0t%g=XOv5@EX5=n7KX{yCpQ!^_rYGUATpX$vX}Flj;R
z-o>h3W;LHYW8n_bImE;?$eMf)UQyt}|Cq1OCt{c*3{)Nyywd}fe-*qg$&8{GBy(vi
z3K>Ub5EbewMT$%`>NTUN*Zc*^B3CeJpmiP*>30US#*6AArN;zqG+&o`Juq>+*D@w(
zGLCt0Gd=uB3Z5W{7H_Pe^9NGs0I=Fvs!gA5L<D9pw6O;E!GvBS?r1MiU*3F#pCxX*
znZ#E_6xd9h>1g9MRaG~v&xvGG%CS`<?FC*11^FyhkXiPyvIE{6Vtd@mZMF-Nxy(%d
z8cF`SK`FPDAe^B*Y$IhZw^hKuOC@s`$>O%nbp@`ezFEjoLsaQYRB!A<A=pwE9rQP<
zRi1zmY6hL0p))grWHwMW>W0}En31Z`M%}R**dLfO(GUJg6CI=yb-lR&O0o}O2<Ivc
z!<y)RH_;`WmijE+ZP*W5%GE(jxeAZC42@Jt9R?-!>J>q77w(|i4>lquay~WGb-S*d
z3`{pc5kNUX84}tlgHA5FL-TCQsEj_8=fW%UU3d+VQP?1Z0%zwk$#CNuUoTx4V6xiB
z8g!aH%+!;2Ey4;_$6H9=WXZf0I^1%bjq7n`$^0_wa$UGyJIJO((G6Q^pL@HlAo?*J
zdEqmn!25ISTzCuZbzwS9J|<aakZ$*mR&C;HZe8c|XQVk{gxe)c8p6jV%Ota8nUpVC
zCKXARNu`0ESLh_vL85WT3sP_|sNNz_z4s@bH_Okr(GMeGK4mV|mek#G-mPz^X}8K0
z({2c3NYpG!mQ2a)GE0`}X2~q)!`2M5t4Oj;FOtl1sbrZ#luRCUE-Lg=G!^n+;FdIB
zb|i2`;OFwVvo7#~=oGp=C^$wt217gTB1QjyuPvW$aKUF$;Oru&U6qEz(Q?P7;cMah
zCbzP#(MeQByBwNsmht6_(gtTZ`h1hBBE=borSnVBjFA~B&PJqo>S6hp5Q49$%<s@n
zV?SGpyC9i&r|3<T7r6DX3^_FA`%a8Ul9oeUhA`_cP@r90Vb$&Mlc#7Mwn6228eM;C
z8`!L>x1@9Xe_0M?X}dWz>7$bC!90F{d6&?nS4w(Io1IWj*@zs@`sMxIA!j`b&1ys;
zPdK{#?^H9u`Igwzh-gaEc5_uzW%?FNe1o*T7Ro{#w-W~`2yqN2j@FW9-=kYB2+wLn
zYAsR&Y)+1@UCwHhwwtzO|94M4jYzH0o+`wZVtj}KyJ0?eMQ<J4>z`3@VOBJCU+iPB
zPn}_HGiQBtQlqNc!%~6QR-qkRkne)ta7~d1FD{k}*4ni53+C5dkjyai#in0_E#Bc|
zFwz4h<_M+N4ojQ1!Z@hbH$(PUib1K$Pbw#Ht$V~^pvPu?L~Oc{@htg~%4^urBq)-8
zbp;!mOeLMi8q#;nEFzhXxm7ZZJLR*IRQ<l+%l^u=ZQfzz=M8UuRTCLoohWgvG^3px
zh5W99AY>sjUN!pL*ZKVA%7%2evcc?DHsnc`l_c>Er0o`8kSuc$$(^q!c@0vgm}I<9
z$&^Er&&5swF;DnC7?Uc~O$t@6u?F5ir{9m7kg^PBwP)%3&q7Oofi|9PB*=y@gZ4GN
z@;!u)+r!eF1}Bap#re7$w<E>5hqTX^Xk$D|{(h?*pTx}<r462l;@nV<o1;e#Lfd_5
zk2V=w<uvFG_;sXsUXkX6L(?V6B1GS$Vc&va10Yxh3ATqQTxHe{7A!!6MIhMaG(EMW
zNbwv>QU`ks-$N&qho*}u^+Ff=CBBSn<3$~mLmy2!7!i)dyV}G4&szO$%|s{ANF6jo
zZ#KtL|92|hWod#y)re-;ZqE+MpKQA-Rgrcdk{e61q|KYt1i{}{BvqXN%K%o{Lyv21
z$)(n_Y`f_KJT;87V9OD%iI4gId8WIR47Hl=8)y|*bVv9w$+DGYd8?>rmKIUZa`1DJ
z<g-xz6EXXpQu(Qrt(|5s*M(~nZ;HJM6GSwhJ?KeoiH9NfkYqX+;RyF=IeF!0t@g0L
ztr<9y2AOy~GXYG`7|nI(?77tXB!EUz;Um63yu@ogj@lJgR?~m~E3BN&*G_Xt)G}1<
z9|c;q!JmL`G2WsI+FVDvnivu(WhQ?1l;|0l^#CQKI1u){6usd9wDz~8Ibr(=(g<Hc
z%KVq2{i%0EniD3TJCHK}t*Ge$(VS#7(MU%VMJ~Le*oD`W%2L6KW?3p&bCNswWqw`g
z@y6KbYZ^RVVRvVxY&}7RV+Gi#T7M>J(?QSDqHp6n;QcAvnl7~+yWs&z;LRQDd}rsz
zCIyy*F#^&%hh{LiP*v5~hu2iKWQY_z3T3Z%<C>Cesj5K`gpyichJTe9j1MU}<?G{L
zCHi5`Xd7MJ^{+~ML#p}(HC(I0Qq>OyUA(@zF<PpcDzn%jDWq7n9g0=U7wZ%$R(ta<
zTC7@1+fc(dNHfg;{DlHf0~L>{P>CfuQgF1Ys_{ola=Z_gWP6vC)cUfZAM*{2-%+A>
zKe@E~8BDvMzExpwFBCG?UeSe5Y7>Om`m3s1a!LxelKLU>q~MqI&$MmcE)Z7=o=C_;
z+6wEgG}eKCahxsIT}{rQZ-jr9nC-h21%Ou?3dw2OieCVTU2`k%5P<P@CE4D=CAB^i
zOi<><y(Oo7%b-pkgo()vQXjqriB=p<C>fRprJo6%4z+oJJzVDz@6FhI&34s)s@31#
z{2s;LibCn*_2m`X?8s36ytaUAaef+X@%F$lSr`mgW*YV>&JA&c;@f~i&QGP`zRT_q
zn}l(PoRJHXWnCr;&Duc7bTv{kQ?95g?G4B8X6vL!VZQwseLn1ps$%Dc@pOqac*-CM
zbicM{<(aA)q^bi3qCoP!UHolX-VA#S-WN~D5qpa>_@!?;Q3w9<*}lonV2e)<hJ6ze
zc1FsJi+uMZ?0KD;m9KzV`3efndL4y4FGc%)OwG#wfwdOT>-)rfq&i=Zk3k`#KFVzc
z?vUp#6msr?XmHAc7WY{ecPWkgmK!^F*qhviHAwO7iB3ERlSGHKL?S5UJlZ*tTUjDQ
zXd)4NlN&n^(L|0$TfgM=Xj)0WH?thKlw|n~<@j<*j#M>`+S;#^Ha$sXZF;pBjORm}
zUM>24{rsy*o3@e8V>M~heMCVZ4LUbrY<Hw${D@}inRZI$KR32tPh~K_u9?&S#Z%Ag
zNyhf;-)?O8qUY>JOO8-^+tH>KOlO-T1-BCg)46$PvPhd~q&*DU4uG};g=XzRA<tXU
z#={ia9a=CQn!i2AccZ^j%$9;gq3#p2k?P!o0`NRd*AB^=A@(D%&9l9a69c^$*ynJ_
zJBiMs#upMZdo`#zue7~1Eq!i@xbnd*mJZnPtUZLKGHZ{<c26p{^l97x8Kj;hpQ&^X
zqB`fhH9$6-2X(gcExc;T6;+i3S5&X}do;A6jI4SYMn!KC^H>gC5q;ynM+1vB(#W+m
za)cPo_7kp1Cfui_EbND{^Ccn+lG*bqDy(-YQ;7ZHJTG7Vn@gE)?%NQkG0MvHJkrEv
zG9Zy*Fd~y-3Hf&livFrLh262W7Ir-ZF7xA$#Cga3QMzut*0#)pKV$Qe9^4E^aKJR;
zaapot+P{?lEOPVK<h|3))S7mW{|%_r-Y)zJAwKsbO8kOuZ{u#k25;B#)T9diI$@jn
zC*;%9JHE4HXJ+hP-tgNS$C}~NtAiQqaqNvfq$XB0d%=7{^7E-GvCC51lzU^NR8^(B
zHyoefT4~x|91S*j(;bJ`nVG=)i?gJv_eHLgAPvoHCv9dlX)_t5&BXir+fPZs$BFub
zUj2UfD{Y%MoA&8&Sa9b?pW8$!{uZVnC!0N?$tDyC8(j`zc@I};w%LUbM*sF9m96o7
zE=>Nm9N&1_+}{>x?0rJEOPy@~t|m`y_iXQ4e_O3@AZ_xmq)sCKpug>u6x=A#a{1QK
z<}Xj!yK)%`zQqKglbW~-Pcuu~g)QQ@Jc?)XFVnO@Dh&_;2@w*jnM6=E6C!r!RaFf(
z`1&iOspX)C9np2^N(PSNZnEP`S#p1<bd&MkctyEV7<b8%Io*ar#=?t&KqntA$n3iu
zSOFz=+L((S1_`P5S=htu{1!M_`{Cp>g%_kcAJ)vDB1Na^^v%X!cHC@?+qM11_&D2g
z?8H~uu46gmOLHragq<O0x?6dq)QLZLE00u2+p~#9HCM7Y>*-c^HEARIzLZ;JTzD^S
z7-3|nm4-V{qR_09tbw>g&M--`8OGP?r2YEBL=ZQmldAj>g{)`36oe&PWodhQH>B1~
zD9=`Xi&3D>=sPQ!o%QaJrvl*v7bLT1t~=x`C25m)K%&vvGL`+Y=>+%-{EiD0$u!V!
z+stm|u{`W7Ri>D*vqG8DH5L%Gm;1hC_8b3xDfknEAb{D49QD3`a`_-x(27WO@7xQL
z#n~KvbR^Bk9fnl-pht&2mgmOnO5OOr3b(Ss<W}xClXNA^oMOo`C0|Qy3K>04N4h<b
zn6(^nko8XnLD&N(aq{_yob3g}yG`F$Tc-Hp;M*!1N#&6avk{y0Oa?!sBf3Y(i0&t8
zf<Q)eP4I9(!iS0V_x`tz=zgt_=;+ymhlv6B-1i;PC5lp;RFvA}qMU-Fw6mfljpGu$
zcYQ#4e<JETBiUfiP6l)Lm*jXCmt=bv!dPgv81(gv&n!9R%LQB3Ol(>2AY#Yr1G%wr
zeIPeE&TfGu134=gyhP)7p{6g<_{0DXe$DOI?2hP$%^@sXH+RUEuM~!G%aBMX)Dj~&
z7e1)zZLL)*zai+NFYRIn=EaEdQ<CkyzNFTd2LrnT(rc{LpPwO>cFOk%RMq|5K<}<^
z80h_m8|YPQADh%_ADgiHsOIY960MKRDAZ#tQeL2{{$TW9J6RUu4{FUPJ{g6K|BUG{
zcgA32Mtz6*m{O*lS;H!;(8q~P0lV-A(I4zoRTn-K4Z-ihXmBUp<o#0{waVXL#Gl6Y
z!FTPS0Hs_CA1^tZ*;#%&&4M5hW9y^~7Ehvg?}QoBlWuk#-Lk}*Ni)o)dZLm=NTC4=
z_S34rk@WP{+L{Hzp5`T6Q?6I+)7L9*N(`Z*FdB%W(5z+@@|=v;?xm)|=X6rP`9B{*
zHK#Jwn>9oJzj*3tP8vcrf9nuR3N&9+RUO*Jda98=xu&Xa>^T|FCjZjq3KwpOzOX~P
zX_1|>iPzc|xv|%_6b0TdonJ>nyB!U_DJW!o?6fX)@17<?m#NFxbhEw#O56FDs?(1@
z?QhRtX-;0<SS}MIFcW5k;{CYwh>jCNO`u0&U+B4*eOeG=K2=rS?EHh6ogLJdSU-Rr
z@kpsKcU(hwn|&5Od|5rL@>RYk&1papXM_kYNG*yuC4our4kte8#%IW%DvCHiW&WN+
zDB`@V1v(wA+780K10?&V?z&`0kmA{+wFb!|MDL;jRS1}q2q+=NlgS6Xo(4Pw0son+
zuRDB7*By@P0kdep(-3fXuAbs$q<GG=l?N&+wEJW$547X#wCu3q8WS%z?;M(PH8JmO
zbm2(6UxzMIpLb?GWc9Gbh7~59>8|&*ieJ&6jr4EZM_aX&D+r0lC;-_JeD`xoev~h}
zSQdTv7RzbgZY86AQ;BPKv7F|cA#I;wAflD+l3r_+Hf5XXa#@CdRXQD6_<F*2@I3!2
z<2I@4j0C&9--xGGHAz)}mGoBUFBYV#TP$R-M(4k}yJ$9lvzKObsYUO1oc0zsc1EP_
z7JqxbROQSPgwUkR+uD6u{`PKC@Ww1X4`MJrh~$BG_5Em9Z_U!W`Yu_5K=NV85(H=P
zpHkH<x_43vx<$4DzKrO+P$^Mhdq9EhL7`a@6!PqdiZxV$)tiZx;Ec%ogkj_t;TNc>
z5O!m>X{pvt=ey}AqV$8z{ce!X7wE^InA#ND?01)hee`cszAMz#fZ#Js`ay;EVWup4
zLbs~y<4m`L6NXEV_mbz7WA|i`M^x|Tx-e&^#HO%E<n2A!a8-XeB0~`DVLEY|Y~IAA
z450hoVDeVyz6p&|)$^GYcrXKY+s~7NSBWLPT_$!;Rc;0`3Z$y+49#Lo3&!)P#g+yZ
zn_-(&b=C;`px=<HP8kKk-trB#bk`nQOM@j^OL{kh#6ZpEK-*)|=Gq)VK#OZo$a?dM
ztE#lUDsAfxX##$FQ^^f!0y6AZKa;l<k+`Hv6=x*&V^I*~eL^Ph_ayZ*@qWvxUl#AT
zfcj<gez#J;F1+7O)UPY=H<<e6@P6H>Utiv@T>!s)-tP<QH<<TpqJCp|ziR3?kN10%
z`qjehkQydxb)OLALu^SE;#Dq0`~i8Na4PAsKgqR?4_xvcf#2W*OD=plo{jM3xUt$q
zH7ol#`&$~{|LKO8ct>s0J8C<=BSnjXyGCo_BQ&?;;EG<%Lf;r>7J64I=}vnC3buG3
zanqh=35++(r0rela^n-ZA$d=U@rf=W`IQo*w0TLkAcW*S_;87Fr7<Ko#Jl-pcZVju
z;cqiOVF*oXtT~<TQfmyYZpXppJ2$H8Q9*dZ651@}tLj8`pjn_P1k?>Hjq;Y_xVK!|
zeh43u{h!@Z6U&hOHU5pNnkfh?P5xM^yu}oE`ain`AFVmll|EA8(V2XCi#guE=6tUI
z)Gej{^JaNVF{^oht)Eo>7BeRaTTGmzd<)<B0Mg5ej#mD2dZ#b;+2{Ijj<I%sxLV^<
zYvCjL6rbfM4P3vce7L0Yy~xnW#ug}WPW1iQjURaoi~;DYp>2MH`ugcEs=gLycTiuZ
zs)kCFyu}39kLWoeU}x)#qr?TdB)0NnGNCmqlFHzXXy)*L{FISrPoV-*8Ov@AKOV=S
z6}?yozyHrvY&U0VC1iF7^zOmIt*RQkCou(SSkW8K3LsIRWl`NMYNB>od)F89_cJL-
z)arj)ozN6RUDH@or(<9{jDcrr179)*)(=Iv#!f;YBV)D@84C(9?B&-p*Or{}Rf3ta
zoEzpYNhHagvyeDkfnV4BFEol=EvDXiHR@07bDvDDasZ<<_)kP@QtQ==)1<2B;JD#7
zaYY|J{+GLH{5Lc8^~%J2kyO=`CI}^2Qq_L)o8v7i$@Y%aSLphcoRWgqrE8NEebbXC
zDY~S0HWt^j*EztxXpw?r>GI!cSTsCO7Y#2*>kh+`kAy;#NSn)qHkXM)#K)sX3wF>p
zcRqs!OPaX0(~0Y!3xcpOEgPv$$t}VOfNpU&KO><{S-;Gtte5%QYJENFl=ZVTGK&~r
z=x;maTMt98N_~;)(Jk4X7O5n<NF`|vQcBezC2f%^ja#IWzH5q_ia;y`pFlW2MS(Cu
zb98xccgT4Zg=T$<LY_m>ob43N$HtEH`I9J?27$)kClEBBek&U8?J+CtYWjb;`xp48
zinMVYpPVFZT3RNB7K=BE1}zI}HM+L6NJ5h`ffTEtvWkkUvZ$=`LJpu72%bcG9FO9n
z>)yTXyW*>^`o*oXtdJIHsDNB{UlDZ$Szk?z$i)>}gr5Iro|%(dQ!cXK|M&MUA8pQM
zX3oqr&ph)y&pekx9BKh@wae#nNF6ifYA-Plbo;xLXBO{+Q4oh5Ua~<{YO(c#;4Tiq
zT?Pbq<$@r8o5)Z5@JTBA<BcYPd3!k^4hul;13>O0+I5GC*7!wi-J2Yc)RK9IKffQV
z)MAU%G_r2v&k|D&qGUX{$RO_b@CSrmcR1I84jaS${%>{f;a)IEBkYMAj$_{SJt%Ba
z(VJ4Qw0)PRUU~8@u3mZNJ6(_a%^c_<H=lStSY3$2zvVNqC0LE*%L#3a3Pn`*7F)A|
zPX&S`QjJk=;Sf!D3B!DGcDjXV-d#{loSpKzuZp_sVA(Wo0XnmT)0thdn>NE!9iHa%
zr#R-_j8Odc{osL_Z?w;DaPRgTMf-Q~WvN3?R8i9C9xv@>EA%by>N7}GyGY8_fpwd5
zb@q>&5Q=Zw2i@9dbn6SEc@OvQR_p)a?QhOWUhiNnJp?UTEjyD+qir7`6u%b~g4V{=
z;~(!#9$F=}T1n*<x1UY7Z;Ri`Tj-Z+f$T&m@fV_54}Xw+wuyZVV%`e0)ZBW~#w_g+
z!sh1YKo=SziIS#eHuoB?CiXgYj+lPz(Zwmtc+D~@+czlcMQ~ys^`6a7M!at^*!xFB
ze5%*xKK!v8m&g@oMH*GFU5S_vx^c;ZDiP4qTh8NH#+qM%gYqrnpgf;My*g_xb~}IZ
zg?O=pM7>+!#rPKtW%(1_YVe62Nhthb$0@-!k!P4wH@+1+_&j`2Pg)SJA?nR<#XfpI
ztApyzdaUF5tj?)7Z;8F}ykS=OddjTO<)aUhKFkVBhDk^rCZXRBlh7N(B=o*RLT6qe
zp`F7dH0}ZkExbTN>xW6`yI~TFJ0x_>At8B~gc^rQXxK0b-8M`@_g^5Pnqd+OTp*zb
zE|U-{&H2w%Dy83=Ev0?`vzF$S=CcbMzb_~)EiCO<R9afxUzEV5rKR>#R5GA+;7Qm|
z(>IzR-jAMXNR4mk^x)yH<!<e2y9W;^zwpz8es#f%U`_2;7wmIWon7zps|$AM9biuF
zR~LY_^=q-vbKIgDl#n;}>t#&MTE!(OHkFs#1?4VFmD@*Dm_DQ2<<F&=Qy2D2YCm^y
z?dKMwT+wrB*4cXslkIWq?8diniIBW}e=$^yLILVqX+o$8A=KnsWkm==>l@lo54LxB
zaOIZiOAXtN3x(~*Z{FY>-hx7eQuR`8`D>toT<Xio8S2Z1YPTf2)76)M!w)@DaD4UU
z-396D%c%t!{u;p}=i?A5;Pz&qnY3CmHIv_(dGkW$?qKbo!&UC*g329-wwt+0<x4me
zHFNDGBSRj#3;}1cJ#c66$S7_%;l`~lQ{Bh_9yzA&s(IJq)`$<k&^E_MH0y%DC27Eo
ze>(vU@ZgeqK?FRwWI|JXC_rJ9{8KM(B_?;UyJB8pBYt5Me&}-OT{j<r6i%GyW}NF_
zb`zA(atG&|m*WuTLomOTFndFtIHXIw<L3sCjKrY>jM4k@rr?qD<`v`Cb{~FWEq>@@
z38AnqPa)L1hSYdp!=cAaJQ&0Y44*D~MOYX@7@5Y`U?Y0VurT~+JwkDpU<QFF_#G$A
zQBQTXJf;uZzTq$PHcNS%VDU&BcM;wDqMv%dAZp{j_$TP3Y!@FBO?BpT)*{n(v2Hy)
z-IZ*$MYzoxt?pu5aqm{EMXPi2`N-h=swio6ikD`rd*jobDKLp@b-XjXpfg|a&g_f5
zwvKm^b&&PWKcdaKJ@(6W2)U_#9Q)AkUJ`Ccc^m+IK!d+p8OM0}EhX_qD5X*UUttU>
z2?Avhqd9|<Hc#iiDq=!f`C!HB&qathMX12x@4#*qq+Snhm6FjX*3GVh=o4JnJ=Y!V
z+JnQzRzuu1TQkMoZ!9?l^haOeJ^HDY>#;KB>yL$e{kJ~l>wA*&^=(=5^);59W?yHC
z4<5C!CCh`3^j>+lwS%;^Pe|Bb0MdLxH1?!%SFGbjjx=vrM6nD}(#=K5SGkbPt)g}B
zz7yDn`FV(__<xwWy!{`HPNiFgO6gXi-MOqndkftAxVX5_K(c+gkZfNrfqP#c1`5zg
z7*jmTnfe_<MBD-*;ufM^#};ig_S_#hkRCN>%i1mupl>-b+rdTD9VZE&YYa)dRY=-Z
z97Z)#?$&rKMr|w9-h;!1k|BE|DP8tH$jR-F9J2Qg4$K_}Fn8nv<_<&L+>sJD(>o9{
zCA*o}8P>VmMGfe|7T6fBH%NVmsGQ+9PP~#{LGI%@8#&UPjY_jjG~@Z)-H7{tay4)A
zU4qZe8ZozT!Q7@yq1XSO&+Y4`9OD0)9OD0)Z1I0hw)npW#Q)=%EuYp~Zsz=pbfBik
zXGlru52j1$U%$wu^yy4Wf42`x=`rH%*bnJCpGmA)4jK06-lxfk4Zdhz8OT@-<zPUe
zHrRaXM7tN4G*le);*yC>keUlN#|ueV4-}?iJF%@UHtgpa_QzlN)djm^_Mazxq}anP
zesw`K_T5v4;m=QqX1!u#l8+j{5ux~sL%N=nk)Dpd_Y}0SOSJHeUtREYY~@oqzV-X3
za(wIYr%vp6<;9itTfMk)LL@_0>SdqV%Qn-gua?pbGyPyHP1FShmw2}lbpd1f8mman
z8^B+e)AwVpKXB6i0*^Se^&qx4RvG8>^G$U)?2r%w=c-sKjECopm}5ey10nYse!`-p
zoxZ^#cv2hB_a->{R(hYlB?FRXSUeEgaon?&C^2vKX)aURnOianaZ*t(4qy7vMxF2z
z3>d`R?sawoNW9LZXBpi{49iT$bh))_Ohgk_qMYkm1>xfY*Cq|huL}H>Xx4wOPa;<5
zdJgVh+__6wmU*jk+K~~uCDynM(8?9_EHezqevxKC2B|#zriEo(?XOubGsxDc6fq3^
zzyL|vYI9bxfhL5Uhmrs~oc``GnBO)M1{A*m3m$YzhwXj=Ak9^}t_Q~qm2U|yGNHf}
zk^g;ZusPp^h~_fM-v*nj^`Y`r0DR5s@;W;K#$IQHTf%z561EDO26I>r@bMxT+~0e2
zJ@Hecwx4b}soF)N_A}s0w<Y$~6YTfBnB!+Dd{?+9wQG754Mo8kB<Dl2X0I!U?c7(-
z^Y*UpNpgX>wUCKa_LR|$55KTs_5`*UbIxoqV^7izIxhi(&f%fXz%T`fB??%B-6O#)
z>%Z0}F=<yjLh(0_>4uidNT|V=Vl=N*kWg-t?%m1;;l?G`SNqh3HaDZCjHq&qW4G{k
zB8mU!v80Cv*KgQ~IxCq#VVV(v)khCB()}drvLRs!E;0+Jg=YQuIS!9sA%kG_wjh4>
z6fKBHW_gF6fLvsl5HC*7)L7oL@J#R%eG~!=$M!zXZv2j_*gqcUw3<g2sPxe}Re~Vj
zx)$5>{Ti?FXOm%<=hr+A7oi*RaF4?UVUC+(Jv?^zvq?lLNq&Cqv+ydM&goSInu6U0
zfeA#jeilj2@*9!wWdaz#kgc!Y&{qDRK>Kgcq@W$wdKk*)6V2nON&(PV@E+RE-name
zjN-C|Dgb)3aG#uza!gBKefRROghr-2#+HC7WX9^-I(u}=Vr+2m2*mh<)ptLbQ{SIv
z26^L}<V@VRhRGW}DSUaGGbjB4Wr*58zUf$2{^BhA-87$yKFxO_4^|gF7<*RZ2E5!N
zQ97>mZVIvP{v9CJElESWp@EwK*u~4&AQV0XuqK-I$7{r<gS~A;E52t<FSSt?Rxu#(
zjYyrqIMUtm>m^~zo7>`d>n}OeJ50)9@tfaL0{V}1Rl$wvs)CV*s$gDANm^}?>my*D
ztBU4Oi|Jof;N-1;(?s&_-*BXh^KD|kZ;fFx4f#xsF{jL>qe*k=>b}jTm;HhRFZOR^
zE`1=~TzcKFIndrb#(@_9D-ZCpI~CyNwnq$$>1hP)q-nEbmXQJK=C#2iL&d490l>i-
z0KE2T2pabCX<**W|Nmg#agJFTM0{!<Kks1x3?B+4*u!A;P;lo%f!%y@Csw8DdyOq(
zLN(EfpIDXVB{rcCFR}O|JSvP4e?3jU@X-Ta+T{UxqA}bVC@0Y<g!be4!=mnBT@8{C
zB_yW~(VKn``4oVj`PEl|KZOWRB<kG?Cs-R=(jqw(n{!8U@@^osF+xVPk=p3I%Tn=@
z(nBEK_Y_|v>$xf;t;XCPMA1!i&+%*HbfR5vioN-oh?1mt67v?KHf~K=;J){I9{x*?
znm0&BU?sW9_fEJ+Kcef4Y`(uhT&$p!<&SUI#(rE^3+sFR>^fNAbFT;<85WosJTf#e
zB6wtB-~w&z&N}nlA#im4kO`sSmm`BmF2zgcnqXJ@8&+oa9q;L(C;4DMFy)B%bZbiq
zM0ZWr9h_0OLDc;XNP2mGtuf-JI}T#|L_1^Ifom~*-5wEJ>=f~x_#aL|q5J<hl$62N
zM2XU6!pg1b6zAHf`M822s8rm|C{9?H=O=+ymI1VqWk5jg!S+0&6>oeSA#Yd*m=VqT
z@!P50lP|lJBPL@Nn%~a7gW7~B=Zz%JCiJ=~BAi-dgs6py(#!}~)55@lQoe@#lrOAg
zCYdyuuh0BlPMy%5+B{2IKK))yQ_asgU?6mYI8K`@xTj#vKKbt8{iap&9l`shHEHoS
z(k)?3*+yv>Wd%CP<r+t5l-s3sq*=Ney(>@l?$=N8-hmg%kaSnHion?-a&Hlj%gaqb
z7?1nZDLV3f-~Rdl&1UFnXqI@AGrE&>WA{o=5?FUW4*!FPkm2^ZKDwc<5QnyKXGL*P
zIJ|C;T*1!?2a9vUKZ?*RFZt*O9O6+xH-sWM^wdd5*ZE%2==%(AXXfJ!mFr1X+fUns
z=i&vru4kM-+;5ye41#FprXUU%nM8=`LU7K2=-WBYAAY?|%zsv_8~Gxz!E8KEC>fDN
zA|C8*eL1ggk30uh{-35<U*6V7WQSGz|5XTMs6OSRx}H*5#-|?@ffIWr%gY&Gb#f|9
z!V}9u_2;8;AKlOQXy0FS^FoBsLgdjFS$xV7^PIAz39bKU9Gn}aw3r9OaCinN^~aht
zvNhOUFt=1AYl7X@xkVazCfIGoO9;HbR?^0A4R-$!FR7Mb%i4sMizS43>3NosS0)O1
zjd{|@8?^E8)EfNq%7k4T|BSe~Az==FSryrBk=nz$d}k<Pgy^{ow{8f2x;xmN4AOH0
zJlP-Y-Yw^I>m09Bhi6RSbYqVmxZE2)M6}|OE5H`Uy8;p|8e#eFU4c;iRnT#52!0v~
zb_a2ID&N=ajPdf?Pgi~U{e<MLKE?)$=G#Q`@S%U*7t(a3`nz0Bx=c7L{ENO}i2BMt
z6AnLlOxLw>ro=oxAHR76=HpLqWXwn2|3N5G!Am^AODxMQ!RldqUXqiYcyh`PPHEHg
zTheC7lw_oXseR@zHCB@IkW)AGS`e@JOG0<fu`||j@Z)^RTx`lvURB|T-cKsE>T2+k
z|1?++y#OzHF|`9}m$wSKqRow^!p-5<NJ`zJT|Vnyqj5>;0e<`#=m8$g=(57LB@)&H
z=epG&@~=%Ln)UrxlZ?wZuOgHfKs0N6>RJ9DL4RmOqHDCL+@4QyR+3pqPcR>@)Lb0!
z(HM{WV(1iGG(I8EBZPoXc(g@QGJjRJzU%2z)OV$y6GTr5_DT}=pFhf(fP3{c5q2gM
zVFM`<_SUt)Sx$CT`00AiS90wkS9Vp!nvMYjx;jaxFAj`{D%J~LNfY)ariTRi_~nxb
z2@+=<%kk`YIXxa`oD8IZutoquPXa-Q9u<vhq#c4cp6sYF{Gu|)6FkbLkS}`-3&uS?
zS?aP)gf8ZS$2L+6k<0^Qyv~TH1_gdV=p(Qz*O2nrrGyeYS=@#!2$9-H*g)nKcxqf0
zd5}j%JQngpkmhS04_A)u#C{OlT@^&LR=&hwG2TVgu?%G0%K?m!h(K>+o3Q;M4!^NB
zXCx}|An0S+D8^UiikFfj{yEPnCjwn_V!{(pr3F8Kj33iMrUI|?5a$PtOrvVRak+?9
z%dYDng&(`}q-72BIHtkh`H=ZC>Ty&RKwtfi8U9+u&W1lcJ1#xMx;Mhp-y7sJqNXBI
zr>D|0B4QIGm7dE;rI$<>Mob7D^@||Z6mES=q{*-HC%4;F%E!AIKVG4WdC$z}mmMTL
z87u#TzUf01<9uKsZ?F~{>ACoZh>v!=8Ljw`&;#G#MIJ{*W9?r9qy4ln6>qtbN<P}w
zIHFC^3*2fSi(8A(h;4E{(Ieqbd2e`oV5U!Lw>Q@QRo+TyzgTsMac2{3gm&>mqYK#s
zFuI~2Fk*Tq2}c6c{My5>Lu@3wuV#=u&_~}V+GDJfu^SXv$XEGjo`5LwDS38IZ(QNM
z^0%PFu`YQHp=h2ZrNe2cAZi0!#1pF$g9zOc%>x2BZXQq0GiF{|Oo5q>DU7^KBg(p}
z6ph6<M4S;^B4tM?XLwH3vD0c6Grn6csWHjL%E}fKLTBLcTSJmj{!{S3{sxHa?{ez=
zXxSSU(nk%1HJAIvUVmKI>Ar9zkWc8#<s8j^kxY#FtdSUVDNnk`?qj1L;s`i^A3;|T
z3gvJKf|J*S4EJbM1TrTIyet<X%GFiuyGo4&IV6s9?MD+)6`rXDItAe}%OB?-IWv{+
zgM_!^P@#knm6R?!Uz*s?$idhqMzu<SYT3t<%x{g7_<D2UC!^v+>MHi-*qe{>Z?y7t
zz`qf}p+A@qqBhOFU+FT<ouPCW1a9|h%KRi$f+9@`<<U8ovHRGCiy=6DKfV&UHynkc
zZa9ti(l#IXfJRX<mv`7ZOYAi}Lf}XYSmxI}jtU=rAJVzcH)wHGVUt{pMAp`-*bmMT
zmh(zi0nbk*+B*sn?%|T!oDl*2m`Yn94u465h5adIe;n-3<?N4#{h91m8}4vN^9q4M
z7+b-fRUgFm@#27yL7F{dJJWaq&!!nb%Yb*a1dvuD#<T)fa*!vQj2>b8jRxWz#P(~e
zu$^%!E<4ez=e(R`Vh;Wn!>b7*ME6Y<Q8Qm?CG|W|cg8-=w&+`Kz2y|~|It&&|3w^a
z@c&i(f0TcuEDQgw0{{E-2tcQY|5RA`W#RvG4118$)ju#@=_&}^c4FlJ!NLsWpO!*?
zud~xYd$!McnM`A#{+q=oi~0pA)W77+|7)mk`+tu5AHJAG{TE;SKB%7^pONE#lXEW~
z9)Ls*czCm;$}5t)>|}*z@ol%}B|yI7*zZ(ff^14=qad`KggbF)ID>5oZ3pMMtJsK-
z<jL186+oct)t7T(H{B?}5gRMo-i>;-y%`}yO-ff@;B}=-!lC67n~ZrCe$CJJ?2QMp
zeNh$Q2;){~#de4+zp$F&yK)g*IJ;V4->xQf6-Q`2Fj5&~#i7N3Xje04^1=TE(2uLa
zB@@yBTg6}v$$MkJypQeH&5jBN<VsTeU7(UEYrCe4^MeUpv3XFUU+g~itKGDpX!SNy
z8<qDEx+Qkwea0p~pU_u;Z^D&q0xFv!2S*dkmU6_5Ls-{!<%k7`^5DXXL&tj9g@i-@
z?9p|vv(xL0aMPU627q+<hZC>IUp<hq9{&UMeNYtN5Q!p7+6KfIm=(A;wn*3-VM~Oq
z5Vk<r`cND0;0XZpxcE4(LadOh8MR{z1fDb{pG+g_y*8rWYbWZx<<SO6>=NJGqw6Q`
z`mXyky8hFi-d%^qoz{8YsT-g}gosX-G&t0T%L(;3W-)$@T`<PX&Mqp6+E9*5=2ols
zR^XEB*@9X~4(3?aFQ=CE`d-WWWrpDKGkSELcjF8ZGpVG(0-($V#%P|@7X+&f2!7w5
zXoej_U-G$A_tGxX$42;K_>?!o%jfgee6#d_aU;ZG{*kHa<Y*g^44;XUjA9(Jga3*y
zPgc4x4(~xpz|m+QUrG_BS3~>@M^LXXd?ARE9fy6X$zb)9t)?1cv|sG3H;N`-Oly+0
z_cUv-L>v3fOWnGz<M8uL;5;&r=Pc$}R0gsZ6FBVd3If}quPRF@A2Bd<KlxGGesWFv
ze)8kzll#df&!576lBx3Oy=c$K-v8$U(Y+zH>3dmweBUoiXLlo3gc46FUByiHIuR}S
ztDHd#ev~3(nO_)`{)Jnt2*s;d(Uaf{jzjTMtZ<4QFt~vfGw{85f%p@B<XePgDpF3l
zjkPKl#|nkW_1{_ev>qW8)&o~@)G0j))Y)(6nV>{KJ7t~g*0oAaiTsY}y)&XJCs;2F
zK+*~LQymGos7Z+xzjTZtb?81l7oEQ(Yi<wEfw?U=GzZz8$~n=cX%n4QAwJ!V(24ZL
zK>v<p(7!hf`WMu7`t_;Nzd3wX?8l>j9evQh70080E7ItnQ1{$s$`k~yF>yhl9}Y!K
zocLV>#P7>A;@81HL+D0jRQi|38efXNE`%8=tNDW{DQB}+Dj*o_ZsTBg8&`@;#yN1w
zxXW?LI1ervH(4Dgn1uX-<hmJ`TsK#Xbu*5y8=}s$5p|xOy_psr2Mz<#ac4_u_?-nO
z7k;vXC~Zwdh1cqelV+;Rew!qMdwz2=L@=lFTj}Z-xUn}{56MF7ivIw#wsEvh{4ooS
zcK{mWbb9qiR<7mbh}AetACQmc+fEF00CpC!T9G1F9leMZz&IYyR`_~UzoWvVdK~4G
zjG)tG@mDPn_3txK<#qej-#a3p_4ub>y~9!IrC)h!o&&5dh}A6s0#ZciTO8jG$pf7c
zvUnXtC=(G?Z(2+9l&%5X(wHbqQqWmqKu3L?L#5t=OX^E;NxcJ?)L)KE>OHumezIDB
zN7QTus5DgIl6nS}i3}<e2(~v=^EtOqWKfwfjnD=g=l+*)=s?y+kNTnjj~hR^j)P}O
z5<DLD#iKl9ab~}X`if%%=z#yiIe+-R$1&v~wl`FPFkWpuBdKQ<O4mSs!p>g$=|Y>E
zt|N2{YbF95ZDw&k2+=Ib>hV>Q_|B6NbqQbd4Myi<e|eCv`M-mQq%j9LwAspPmg4Xk
z;LXN(<t@A~b8Xypg06$qntnCls7iIk_5HhYsp!hJSzQ^+Ht`~m@=I}eiFC^Ssrc7{
zOM8I#@nuV9AAfCOH3!Nw0C}Km)kF=!WQm@g`o}87$2i$eeT?hs{f;Ww_vf(Ys)x!I
zemc`p8B0vlby#MN^q-C4y*PBeNoZCGeGOFZ^zpYLOLjbP<@BY5dXb;D`A0;=`9)5B
z`W^gp%6hx6HZE_(c8`PjX~0oMH0wh@XKfmIInG7Yag4l9_&HEt&TWiqVplVGh;yQj
zvx!jV+|qtrRs0sfGOx`S?a*~yZ=^j!zwgtd4b_fn`7p?8)0g`6j)rPSm3-KzU2XE2
z-;33<@zNM!`~!4}Cy_OJ6t_Uj*V!6r)JHeRW-ej3lO2^4w4zHIX-Dj)B?6ceG|N>D
zEso0AOSf_#g38!4x3aDXs#Sd_3KYBPS8$iG`RM^jVBx9xz2gIfP+*#JRe$*=Y`-3e
z3yCga1gQ{=tjzgoJ%Ww1zQP#+C=#{43YSc3Qtv5ebSYYYwy>w?fUD;uDZWlZh|$0@
z9R8fi2@A_jZu&QDpIGgs>keZ3^+e8Z4DSt;CammdusgT_4V8=C)z_Kid^pxj^lJ?7
zmGj&pC2BSeHF`&FoRX5LIgcMXvVK+i)dy{S*42CLxMV_;Afjo#oMaHra#)^feT6!y
z(xcXoqz&b2ebq@)Q$a}MAHjMr>;=&Nrw&jl7eMDg`$h8ES?v$x?K8F|@jLn`IQoS<
z18$`&UoOuo%eLA0xjnkBblKz~Sugvg8j71BrZn$uV_283XH#(vwqIXCw6aH*u`j@e
zL^SJfmT?s*A=ulVTrX@vjarsmU$%qd80rSTxY%Z1l{klc`u*T$hQ3?bg1D5gg@n10
z9`(^Ju`N@1^z!Ib1H<2eC!1q`nyTy0NaCmPX-`Xqfgs5pHo3o63(QD^D7%_MqV*uE
z5Oop*e3M_jov-j}R%V)dPo+n_eI!F4hD*XuN^FjlZ;rio&rO>)xvra(mdrw%>G+f^
z{)*ewTgm?*M4ao0>OBmG%igDnX8rXtuseMmQb}r89DM?;R5W-hN4ewIF0WH3s=Nh`
zcl~O!qpFd{z4Qxk|Kuvr*gtOKXM`1?2EWkE^G#O~D-x-vD?K%94Ay*0ED+$dnv<Jn
zIIaE&hyKYHu370a<Ip2);dWVY_zc+B>njMIWAkf`FZ$^mICgg(#P$i`tw^`v;ocVy
z;*!R<nAqZCn;MC|zK4I~S=a(uXKFo;N_i-g^D0>bRYdbUDq_p0^K!G3<<u(p^{caN
zMDaMP?1{0B;m>e*goKdtpv{ECN7*db7wH?6E)!nzwFx1&=6Bd)AK%DOm%Ff>$Hp?j
zrrPL)B9&Ogigwd2$wj?JENc8@8(Y)r<FKXCEyj*EQAkOjm@=Rg{;)^a<DEQE)cB=L
z-deyT+3Wx@_AQ1k(?$Lbd%mAOz1%o7?qq->wDHAn@FKs%)mZ!2z?k&-ppCSUu<fl=
z>?a=FipJvBQk!Q)JKy29%L#8d68N!kWV|_Mo6dcI2?ZxZSM2be92W?j7at1DC*eq7
zj$d2C&x>uon*QRv_;ENdzVJ?9YOfLJ#V&DP>{Ft4pE3sF@DD+IAwSL<GyByG{8WCr
zF?=XMxN5T2<EWA^c78<Y2A_H}@~P*>N`Iv5i7N<wk1y$%<wyJo`REi~k3SAxOnETJ
zKGlm7XR_5@5!*FI*PS1Mx6xEb1t4}M<FIW$x+&H^#jxU71&ry03ZhwmyA)P7BcWGU
zaPk8iG$T5R5u(tP;}y!|9b{jaHieU!3W2N}0*!e1n?O?2?3rVbzP$?DtELmY@IdSb
zQ*?bgp7V)~-=3A-h`b3`@<w9%4P3R}c$hdh#oV)jgfQZeO2%;0&1?Jc=K?hVq1`^Z
zpJz^`AI84ELDw1K9K;8aZT*YwdCtxbVYCC!fgq~&<(k{Xh+dL5mP`<`M3O2_un~2F
zov0HkNVL8(D+za2{vL5uGmYH781`aN{U}|7@RF;G*cvHo2p-evqYsroD&k!$t9WK|
zIQ59%XNXkBF`iuJ)M=E^-#A(f!}D8iy=ARaSE@~cA7VRUl-k9%AMc|e6oaKZjlw|)
zmy3H<=4vKWnx4Ber}Av#9o*;v+g*n8j2Ox@mvK_SpG>1J8>r`xt3u;yGahAx3#d7U
zCfFQM6=lDS$3D~bq#~);+jl?H^$d9a@?Ha;hDxLlcv4A;NlKSx?l7;jleg~G+@{zE
z`*odm^(t<N`AHd{OZF>GhV(vM9O5$Igt&ie<8`|31QZ?2wF)`9fh+xv3XY{ua-p+i
zVl|02z>sjs#3mBW6IgmZ!_w=g5p|)Bs0-~xZ73(|!U_^?01REz#}@>6)}&x0|I~ny
zp$F^(MoLW{&tT8T=1z^xc<f3&Udq}ZgYE8W)>g6($v!towUI-CMyT>O&(P0kb6^sr
zLrSAR@OHl_h3$xuoi_HZs@OA=be$3Ks_A&n2SAV7VssKHp3|C?SMjwV8EYXAmo$L!
z4=!n_!X*tZb)jtypH+{;#SMhma9}a;Q69u44MZ??up;<)*yCxvV3>hjz3}($uXWum
zDBAm8+LjB)8@@J96Z=>M!&oE7TSLG9<alf7;ZL&G&~^8m<Qh^&^~YhSu;y{HEsjsT
zt1oMYUK5|vXYRh6a~tEcY#K(vYE!yP<~6;I#+ng+VZ)pTm>b~({{BI1=MKV#KRBP^
zLc{c+DfVV}&NbazDOi=I6zq31C<Xgoz9}uCq3JHnHkMfO)o}?*N^i&)u+14ci4zW6
zUnd*}N{$yq`V^_{13Qn0DN}c*Fa>nnBktmp)*)pcZ?rO2wWfq8ze*<wu2UfisgsMf
zGx&GDLYc_%F-jSH;fEQKP`V2Oi%vYTm)&%76Pq*vGp4sFT?72empP}FQw~7FA})M!
z{7ei?J!AwFj(PlP-uLfwd}WX|9cE3R>h!Jp{CLy%+t0J6Z{|-pSo2Mp(|1^$c77{P
zJKuuS&SLHub!yYeM_hssN=>YGwaJ*+A57GFvY<H-rNHlSxmv0-_d<1{4fa9U@)lOC
zF=g(Ce0wx@OxP5~h8SO+({90$ZU6TpK!sv)o~6f^^z?CBS&}~Yug7xEeFl7sglzX9
zB!5l8_nyOyF@Oc~>M5Oguewthmvv<}XzkK<YEokTUiwbg^}tQNM}1b-s4tx&QXd@d
zW3U6#2fOwQHrV*@4jU#D0}LKuxWNOg6!Ri@pKJVLVx_~n4i?U?mg@MR!&w;k<sBkx
zF+`+FEo|Q*<4gFYnAXCRWLo3zA3DKaIsdqO<&DRE`_-pe!|Nx8_rSNA!@K)iV|d2V
zuM5oOp;_o{dSH`p4+8Wn07m?i&Pa;d3_%@>B(x(ap{}5W1}&D*6%R@1O+`ZQD-t@Q
zNa(DPgz7>Px-ldn@52(B{;-5X4@=0>BB5a|5~^>J&<m=B);}Vlaa2MxsDvJ-68b%r
zP`W(kn&hS*_~~{(-RX<A>AJ4_^tQ3Vx<Vu$YSb(xjkR0l^THoRP5FSj#mym55<C^+
zUPnH)-sX(lv=$_~)m&TF>?kK|baM}+FTt&lJ>>`U@(6w*I=e)3KT|h&Zeg(d*1(m)
z?u+C*L!I|uoaL``ewNS3z_du`9SN%lNVnBjyH$RcNr84T`OS{<Ms*pRt45VpGg7bq
z+GRrMrnOLtXvIB>C`UBw4?+lqKXP+jX8Kq*Wx^*tnXB?ux$_WFpO|5Skk*nKaLiHz
zj%j{+Pz^Zd6WXm_?(k?6O=`el@z5SM;Fv+bX7aU-e&Sabv*qfcUwi21e!891Zk5j@
z>KpSxb)$k7SXDzNgyIwXiLgf($%WP9P4XGl<D~!&c3&(Pvs+vBcu6*UX}6c|{4)c3
zsB^xxk+vnOk|FTi9F#*+(YZM+`{UL&KkaaI)$R9VPdjei7TmMDK3G>(fkQRsR7;lz
zkEB|0WVbRf)e59v^<z(jHB!J8Zl~8sF%G?U+Km+A(A~U|ez<j8BW(-r+5J76YL^>M
zr!UP_rZ5iu-E_Jm+JnO_==2(Ct}+ErcQDd&9J2o_21EH^3UO;&BW-i+PF#M<E#cO7
zF(`L(1=M|?F})OUu?Bp!EpajHg&;)dWf7tQ;M(00?A{Mq&<Xamd1%Mj>a(lZYHV}U
z!(`>WLi8*`=t-gPbmP_mjkO1H_}2&_ZS1bPG4l#=YlPqz+Ggi#W5adQygWBO;HBNc
zBVz*A;E_>sp*I|1kFd8pc;q6vpEn!{h%&hKT?j>bn+YM!y}Rxf{IJ&qQAu%lAR~Ce
z2Tadm<%jU>YaF@=F81N@MPPT`I@VOTiW`x*gAYh+aHz~=#N|9PGH`}Awyo}}c>_r@
z)FkWX9J8AqfEe0O!C~qFui^1zbO@a7AtvsHqUGg*er_HWw+uAYar#%fKG<D>!=Erd
z)Z>`dSbNaJZQLe1Y;NpnQ$3DZK5eXt)V6z6zhefqIK0@i(;NQGqfT{9b7OCt*ZG-h
zad_#@P$zErPhf`H;+w%c`Q6}=^Kp20kFI;e9|gP|TJhU-UDw>B>xR$0Fxb5phhsgu
z4j`I+M&jJMHF609iDVh;9@RFtf3SPe+#+R73uJRFbJLx{?qVEr>ADUezY;Fmakxn5
zjf8RNd|lVs$Y2m&=V$RhLx|YoKtr&*FaUwS%b{rC3i=_9C5tVCVvs)c0aH-!&p}oK
zAPW>4#S-^5)*kd?Pn@IXw#22$eG<I;6GM~e3GV5M65QJ6+@8d4?AgjdJm05T2JklN
zr=+%>dK?x8S*6)A12NdnXRuX04vXeK9Q8P6FaSUZ_U`^T{8$eRTh51ZBpj^U=kRWy
z3*E+{dpK03mvCrWkFJM0acBxyOMeuf)Wb9Or)};PS!>E3{Its%F_skewE4|j{k7Y1
zXucUxw(vAYk6YW^!QH#v!MXtzICQqy-dJN7yMtY)&=PB*0Ea%5POF7t9QwuSwNQvd
z*Yg&N+2DM18ynyEX{lYV|DOFA8*CoHkbkr3w1%>WXFfljP6SVD3=DM(PJ0aD)Gp?u
z+Z?+Smz`oWxHTdMGur6M$huP<%1eQ<#{P8?|NcoXHg~X2LIJDS8A+HyB{JDz^Ve=q
z+s4A9x^-P?cFaQ5@0g~(#<|tUoB2<W|AhEY3mnIK!+Yg^;Z8Z<Q!~>sKQP$2-A&uV
zokV?_Rl?qO6%ObVl5@LK=RkoH5?#`4;`yM|r&&`<v%`X9OZcO}ptN@+x+Ekn!+Qh$
z(%w+G3LnDWc5hf$;f^1i!`DFTL)(b5t~@PEIA`?1HHS$rX;DE)bUhP<{PYN+-}>nR
zqIU%AE<^HRzvdX!SbJ11Bbs%@e1wElq`Ga+NFqSgsSXzte+Z!~;fTC;WfwvyFnW5L
zzMEccBlPb?UmL6&jO4?l_LDhwKV9piJM^+4KLMwbF+_>leYLAuW%<2Eb@dds*Qu@C
zm20ZQm6Ue~p)*s4w??c6Li2s<!vsp_6McQKu99_r#6NuMADftTG~$c#nx(c;{lhe9
z_+i$5;y?S$mu`3rt1u|-jV`bm7=&+#fL-*5{*=4$yMe3x^vvn${=z07UE4Tf?TP$_
z+w6_C?{a@(8_Dt)K0GedU-&u_js%(-wTB@T1htczLGnOC-}h;cu`b3g90%I&i%H5~
zm?Zs$FAeMRw?wl(Fb5%bG%sI-$4;C<=oYtd5Wb+6pYEPpYxoYi7?25rd6Qp&yUKm*
z+D(4CnA@1yl`pM0^gD!*@}(&-oBbKB9FcJNS1?zLH?Z%Fh>+1+85AC6&~YpCXB5f{
z2we;_Yv!Kq=EY2OP27@Qr+G3fZ<8Bym%mt9IUlqX7ZD0_CNbwKmQN^LkkM>9=9-<6
zwZc<5=lQH(Q{U#XX?@g0=uT1toszF2+7l5l8EJbR)Ex?Y9J|F0inj_vw{YEC>@U^1
z!Z;BM<q6%0?fKv*f3+Rl<iQ!oRe|kSSK$&;h3(^9xWwhc_N$w4328cr?c=5$#3in2
zM1dA&#8#cbLq$x05X(ymT?PFT#@6bJYW_p`PZR%{!hfdmpBemz0gYlMZpEQLuxX5&
z0u$Ju0;O9LT0MG$jfA%c27<n5V{FaWTo-f}m=oM!2WxFMvo&*?Woym6a`^#P>=)nZ
zdSXU)<%dM&PkNG-14CHF!kT%Na#_v1kzC<)<9EU{8jP66Re+Z2hVs~t_vw0K0BhAy
zer=3hEZTg8M^BE3$8Qbh{&{nF45$d#Le3zn!Y*UwS8{BhHHa5`yQi;cO4;~PmGoc=
z+~(I7e}II75(28rXOYEiTj5&}T{*V2p7(At*G;o$R6!<$RFjB8WucVahdb}LI3o!g
zRTz?*+f*o}TvaI7i-Jc9k2^$dL{Xj<57@5?4Nz|2q>89^$>po8t76EvF(zNehq^^T
z=n4p}5eWD-9*%@N8X&{bfDeM*$2N}TgLs^uTRaPv)}2w00~FL;kr?$jD#Vl|4a`|V
zOH9MP`@^gA3R>A)_wmD~*g@!GpsIJ5F3IXr_1NC-8<_)6?<UIKO?!GbKkwhWo4Nft
zGLQg=dZ1gQ58catF51t2Xg%Rc9qL`P0ig#^<gmX8BsU!DoIijSYOxW$o)A46|7}_>
zhjUY}aO*e|p%X}p2?{DvDKXdJZ$|c247ZMxGAfx9ZX*js^~qJjt>erYO;~j0Y>3Hm
z42REQOFs(1I@rI&h}fA`Jb-=Xw0`zefHTZ&`K5i$?B!WAdy5NZ_MEJlP4kF2+3D?{
zKE3(H2qjkJp!aF(d8D$^4uR84l$8$HSOlF(n867)_D~6*Mxd2f*-}eWPz}DmOH%8T
z!uo`~T(pEo&&stlKfE{>{Fcv5!S91hPIhISJLaTT20s$)4LxK)uP7aQo&EY+97g<C
zwmvFAZOk}I9?OPMYx!S<y`;x6i%MSF1%VK{l`b<554M0_ee(=B8UeF6Zt<pBeRp$%
z$0nj#z2bTbp<`{pbWLNt&=5kA(q)qSk+xU`*bvSwBAWH^JqX2zfT{eAcIRGFdt*5c
zoykylwV|K)Xm?uD?e(zTEK&>L;T{K=gtfV<XPQhr$AF(sc2xT{i%lFBEcNMa_0=N_
z<-?8UcYU=RaA<&pP_Skw4u1o>p!xbx9NrG6RM(h%`UYR^);T}HtrEn^<EH}e%`SzQ
zcZ25^)!iBxU3U=<%S<kd+<$3WK)aQON-r7EZY9^rIl2hlT({qcJ)06%Zg*kc=BwR0
z`<IQi+i=JQ$6yf{4Y$#xTVjL0<wP8U=PGOMzS>*LaTu|+tW9;e()d?wH;e66)P;s(
z|NT$iz$S?|Kx#(Fe{<8h72dEOu-4qy9FXX@zM6Y&a-okll>2HL?151=udzKMaGBTH
z$q<BSW!K*Y=9z%i(nWkd-46%vTVmTs@cX+YgjA@>+QXp)U+bcUa^3>{7TQ=nlGnLH
zV#}hzW|ZTf@YJ|0IJ|@}s4r$96nl)9hi7pF5z?(=??xz^pD!E*;$L#B&^t1p{*6C9
zbXUgH)%<BB^XYQ_^pVV`KZB=bcd%~ci*7G8@uBbd0l&W&bbPn)=?OiF5L%iV`NcC*
zu<H=88VwB$^a%_e;zB+>GPZi8Bp+t&;xW9~ASgD;Cdwtt7-l<LV%9od@+)!g6+QYG
zr6bIJx~?ZI;Y0E`R%WOu^LEArJ^qtaH;0IBLJFq)ngd|D{N-@|a4{o6OCV*t5gDIP
zdt#>2CCQU(7FUArrgN`HbLpuM4EPB`vGwrnfQ!&Ayi#l#G|Ob5EwL9H;QBn?e2LL~
zVj$71-%RHcESF^&>GL~g5$C4ZY?2XZ%H^Z?5F@3|)QtERIpTLIUsZXXhd@01(%=o2
zBq^<jNtIsOMzpfXbT<D2a%W2*N+j7xWw*hBrL&Q~8WGvOHyg>>N4hM?={2yF;ZDs`
zh<#i6&Z8?9#!4<gg*g11RH>snwQwsX&Q)?Y(o-|1Iq<`<F0&=eJMD}Rt;{@~bB$Mv
zsk?*wb;gEN^83mB=sm5*-|yrl&Ji^(GbJ~a<bL@qN^OjgF($0b=VdnYh-l`0@u39b
zos|1i1>_E3Ocny0^|K3knW#}_HpDMI0F3VR6EnJduH;}|+&829-x(}MLHZ{7dkaE|
zYmD9#t!&pFsSW&$%Dy)6QCXe189E`K-xmWUqEuG7Z%Jc=*e5G<bg(eJgJ#yj*ZbgS
zlQ_!_Hb!5-I<H+(aYrtG)>oe*KL5M<*&fc%Iu8+b1p`}Rv~qtllKa!efLx0Kxe8*{
z!(jTFoQH^3*6(&s?bs~SjUKJR6sx}AWck~LSDX@m+sC}x(&u%AgizwG6U7%iY5G+9
zV}xQq8OCS$0n^FQr<X403#Z}a=~GE>`eei5Uw&Wubo*_bOuXjc{caah?xOSg{r^GP
z^yvywV}Yo#6dj*FB?4hxJ~y+Cz0*WIbO%R|9E1sMQM=DO+0}om^Hf)VYW@VGcm!fb
zQC>QhSP`s#fghmiqKw0)JJrQ@0Q3>+aZFJcmx5+{v5nhk6tUSW1QpROCQuRKP`z>S
zGT16gfgx|Rom4e5{^(X7M%2)N3FX(u*ndNkfWQ~*`bYV2{gJZD0&>;_<-ukodzD3J
zOMx+lx<)9>MzjfKU_Yg%K+aR{pHUb%>+NE&#anLd>uKNOUCH^1eR`tERWMcO8ld;`
z_`P4(^;7LmK6J+xIP2|xeRs!tyzZp#;<CWlS1r6lt9n?6N<kpKq&Erf7|n}437V^V
z(t#=%Z4-1YQ$y5CH<aN6l4C!pAatkm5FKBo-D@H>ph=XkA~m2yl&|p6^)<6A<*J(5
zBjpi9v)12&kgzFAn|M0YQO$7H#lPjD9Ue+cLDl7klO62YTr;QHjlJ)B!<_+J&5HS~
z_4&1%Wgi8S5RL>2YgRNf0irNbT(bg90IeVuks8ol%KgI;*~+T($4rVZVto^`lU3=K
z<ieU2Ay#&1;%v=*w08Zx@|qPbtkL3{6&7fcHDGqrcUkpw*{BBBZVr?Y&3fsLY)mh6
z6)Hq3Rq3OG^Rb%w1QZEG3X6F=%I!4`im9!FXk#_`@|gzFq&s5sFM(yAua1asf(gXA
z>1BQvt)%ez5u0)73B-N_Ge&F<j2W>xaDMG(99|6iQe_tJA)(7=fWLh?Lh&#UX`J=y
z(xC_?ep<7lls`@ufVVFEWQT{o7dyK@LJ4w$LX4kHoPUBs4+&Dc^O&v^CI2X0&jx;c
zeM$U}edNc=z*jeo(St%AOX$utjqH#tjcm_F84)tBJ&{)S?C_yLf3B6~I@!dT&WO0O
zhxf`wW*ST?VbfN47W$|4U!0$Kot=LA1fwa9we4Jo?xslTG6%|)uKYkhrK>=m@6~=}
zPV{%L0&LE6ui}1g?~=FIPyA{f`_DIG134TgZAYwxwv)El7_buj>!PcOR<>;XF&z(K
zt?C<;u7Y`k$S>%l4=w+b@ZfUmZ3(km?_}7IeM)3TV{N;<oga-jBWsto{7FLEpCn}b
zE*1Z0KX*+64pPJoB6O$RPk4N<tGa2eveLzM30D7&ApZJbO$ET+c&qb}V5ESHI(Rn2
z54m4b%XHIPHqS0XU*=~T&1}B{(^O*KM{1AZ&_7Tv{`944j%eG^zl*+=bEm6~Q_v>b
zAx`IJ0)|zk*>H;apil7Q(48c_UA~vpJi&-J4lQHII++1{tchr4Yo-7u#^#*`^!6%0
zRi+uPAj_r*QuieY@qwX2KWS(TwX*OO!T&&Qc@!A*R^7DLPvHbE_5@dK#*DVY+XI8r
zzpyd(IB&Wm4P!+7NU^kC<o3mU+u|OHC3s074-o0iao~}-X|=#-r>?H5ghLY(4)?G%
zJz;*hQ!b?wZ7N(9M(g3cP`ld17qrqPHCvUgf`vE=_iUAc6#-qwmScGP`~l`j?bbzu
zqQKELu|-(OuXSBtRI}<)Mqvu0%A=xk6zGBu69(}gxtbhQt%^fjDcz=kI|FBdNBs5*
zfW(jZX1)&!=n<l_yHy!?YZ#KO;f*dAxpZihk)32XXV<N3iDun?UHZn{yGW)9dB(f=
z1z%>^h-bbm_!9QGEME4~EM9h5C6L-PoqEbaC998|KXK}6Gvi)634LE}7R;*!qV$h5
zB^g-Hx7=4Dvk9lpNJNuzl?8|2ln|mX1L59_$-bIZ4CH}w3Tvr${i6QzyqZ-Iu{`|8
zoOI(qF6VTknKcBns&tv;0zM_hiD62YB<Hca#2HGLSspB2WXw(>XT!LcXzhA+75n%C
zm~aulGvkvzPX5UPiFYWIkE8XZ=4E!(+?flNY8KjXcqph9uQ)ad4xqXx<r>&8oN0NR
zTl;4d#E!lRVnYT&?C6UiHe}GYh75w((HBANyAp0~$RLOvNrL#TAc%A$QDH9mqL2N&
z3`o#$Fc0aCX*E!at<}n8((jG2#o|o#QO@9ZC6^TEF(IW-z)KW(vtN|RblCiQaBqjr
z4+n#zL|3X2c@^|)O`l73$+hWAwU0p@Z@uR2KhAoM@5}ZV$$URNah%FUiQ`v(W$$q+
zKfd?)mGArPIF+yc?D&;`y!$wny}OTJdDx!gRJQHWb)s4CYRa6Isg5bEMsh-yPI+5G
zkF1o?f31{IbfttQ{#in!-jUFa??`CgI}&>O9SObpj)ea9j)V@pBcYPj61sS`geI<*
z&^@aqL|02_`RYvnlq7#^#80kb(%4=?$J_n%pa-{_+`+Djd3N$=<lw06$1k+czQP^s
zYM1*#wyNRr+u$gwYYz_JkW8P|n3X<@Ywuv^Bbwha#Zu*Jnd$gZ3xrmQq~&XjxT;5*
z<ikV@IHnNuexfxyrVx!4tL?y{eUN4?b)MFn`kZ-*P|Ezfs0)euas?dJOtdx9JoRNp
zQ~b4Uaw*Zu4opNS-VQJk=V`6i=tS?tt?iCTT`;gec%(Q`6+BWH7?DaST$V~GTm(~u
zA)#;q(aN5ih)_cI*R}<2HR5Gmqx)%FT9bQOlWx{z9c%Jjcd$AfxHKt@K&A(t<l&ZE
zZ&}Me^$&NjIw=3$9h`4k9)J{bFUeatZIt+7*^ir&M>@iKXEL0A%gddS#7oDK#~?gk
zy8lqsL~W$xJmjWv#_0R$9=|r4@lu2y@j5#h<L{$82;CX`#?H~iR)CO?G51H|w05q=
zua!kdGg(I1)8SxuVc<dV2ACTNcDKuy1s9o~opV>P`|H3R!R~!>e>S^yt7Knrk+ep>
zCe%6qJbHjD%9PI+#dnzz;zsg640i98H?Z2XM+gMO;i+bXSaAu84~ai&MyPI$T*#2b
zGPce%_cdh|x0$yFyBE!Sj(xExxX83hzL9+|ur%0R9H6X^53|mBgNsaI9Ga(dMNQ_?
z(8c*!sZA^m+;XYl1X9c6<2-IWe`auzDJcIrxJX)#Ll^409$X~7ghS_mo&I?^R0<bU
zai||$RLGBq_u|m|2n<ET?}3<`QcdE={=)dT+M_tMf?a4{oz!-5>ju^}Pk(Vbn~zX%
zk*Pw?p@njZ?q8R0a4%C++zVgoSU9hB(f#qW@>1*E4xBbIcWJZqxFlY%m2C&ZU3k$G
zk6RHkeBoB}RNS5pV(yA>wdSHUuZv@~^?AnU&*98j6e@F&^4`TCv!*%&)FiD4PzNQN
zMiWG(A6Zi!9hIw6CP`7E=3Y$<5>5OI2oiiezTT1=$k5|a&-gM+s`r<iJOPd0WJz`z
zhbLOn@$=NW9WQ~Fw&B*c;GX@CuHcc~vdzuS8VbD5&bs|x?0Jtp&8G*H&vBx-Za=@w
zPcRyyberZnh<1a?tGQG3ppa<Snv_q+w0)juKHyVgCOP4zZN%J_fgopqyeW<me{Vs^
zua(WJIi?$UOD7pzx86?FNn~+PWd%ZbNu9*xX1j#Y;vOc6;3Yqlz)vG|S!kn#-1O0h
z{2L|YV=^ew#-?H8dE#SNT8!0E6)%G1#p$Jvic`yyWU1TYpG(=L-WR13W~0=P<B?va
zUKgd-Crbt5zv@-$5mD-yWT|`OfnKHV5T))<mYN%%*sIi4qST~hsp;{`UZu)Ksf&`O
zX2+#or4C-eOXVj^-5LMblwE3*DD`PlVmdG0+N;zbM5$HDQd8qgdzA``QcopIO^n~&
ztJIC6)P2cPx5hoaN?k5W`I4pl@pDZKYlbsC3LW6Qk&7tp*2O(KLTKK(q;@N>d{~^f
z6(uXrPfT3gqw5IGb0kY`6Qw>EvY~r*5kjZ~$%*rlWnLYYVzzjhv!Tp&nPO$i-iLne
zrtkfAFIy+d|KPOw7Y*HSLP$AQ_;wXSXyuh`0gT<iT5w65)9I;O`P#xB-~Sq&>6q^Z
z&*;R6Oc0fbCND4<qijkw;5_8l%646GOlNz4cu*JPz(;>DE*F{a6pG|exVvE%N9og}
z@fXrK$|0#&?o4v!V=U!^21UHM&vNcey5?g{rN^M*wS87&S5P(C%GG8@W?BkGD}s#s
zYjqqRlxbGU%~hmaaq+8?E*)z>?vRial~83=LKCAB3PdIJtEhw`Q3-t>l~B<J30<~9
zLQ^(KXyFD4{eFXlj&6_;Du#b1$!xLa<rk;_v+<vT;_v&f@MH`2>-$yFiSp$co-0ig
zwaX=;7Cqv1>K@wRVFkR-PNJ3lPd#Wr>DRHR#W7!l)v#+*n;lhzZuF}GM>V@~#gv2m
z6#KlKti^Tb@fIvrLpN00kx~tvt#nBNyV7Nr2N_BsK!7ZbkcX>-)D;f+3qnL~4-PH2
zAmsiFTQbv^;@14SVjTLygiu`}4(&2Qp65KqMJCGY3@)&gbAfG4rUNeUE${~l+{OB;
zinFLGu-oR>RRku~6$Hk)>Av3MS}>HC9cf8&p#Nn^aeCBE4`(n<`^^YJ5Zc6_>MG<n
zs>hiEuVkEe|Bkg;Ain>B*<i!CCyJXMX1v?W=4>`ly!e?pn++5%*d7%8w95xcrrq?g
z4|~?J=eMP`^aG%FMt}R{;4V)4Ms@EhC+6SwN-6&B%J0Jn`OHTJ$)tzl&q$m*AJ4Ux
z;jw($!=vE+4m<>r+uLz#Q9ctY7BQjX0VY(G2AlIuVH|$bP+6O|Cf;W<!VLBzDBl)r
z&X<-4E*;e=U(cUh&7Qm@lThdV)dt84jH<sjAW{HOH*Za-!B4x~9NgHm&b&1)8>tx0
zTjO_e`GOlL2D=Mzh%%J9y&XKGgU!{ZpnOiSxmsEtkVkdO{rQuA?8!@k+e4j!TYKZ-
zx91AZ%#>62dTI--ck@3N&3jFT1S#L%TM0i4N(J1f-vK=uU&9?GvveK5IcZ&o{C#vC
zuG2@&v|+5~f%qMQPKBp^Cy;>cOnz;uqsd2as_@Z!Dt&ZLm5)AHowS!++eiFM3L$Wv
zhr&9cJ2C00c|&OF!Pcrax~RW=Pt6-#OV2aHy2T{9U9*d0@132p!T<iVL_2Du>I%@z
zU)dWA?uKs!8glF70Wi&*Q~LO~GnMkaJ-?<ps<_&)y4PWFpXb?eo+*Uz=;TR%OkzIl
z4Mzf3C@X<cV5pG+p4ZOe;JMJ0>o|dJHT#9SZhGJPy1PXqd(gj$zD|LYAjGwHfdNXh
zqX`B0DRm;x8A%j7BPz__$sFMKX<yegUK=S9dStb5;5dIYWa;(Lj-*j2-5D$H;ao<e
zIg1lvO$tt=JI>1tH|Lt3jl#FBpZT;nkrmmT2pp)tCUKUb7>C9Q4rI)6Igp`A4&)5Z
zfj}SgMdIe4NV!H(FgPVDaRfUn$!{FW;5SO7UK{+O6KwFGn0jsShfZmO|E=j?rl4`t
zL-C0@_oKXW!H^zzKiYl9>F-A?jQuE*b3giDu$I%tk+va$al|#p(l(@QQHeG?=JRxi
zYmY;3(^S<JUgu{_pzzXePJZ3=D>wb8r{+1fKIBo2;fP$|sd>)A$VfKny<GT`eq+f&
zdV$M-opJf^KpX<bl;iMoJarNdJ%%{<_i&bucH#WsB2z^G?AYJz;!A3orMGG|7N20r
zrCOb#$1k(wQmxMDi4V32o_bxdd;dE^x4NEj)p|~{Gr5e9Z=fYxxB5;m-Re8$EZyom
zC!t$yF=y#k-#KO7s@Htly!kQS6ns1Wt%MLGg_j6Yc;RtLVL_4<>L^7Dj~?Rl_EAn!
z*dr2&z9aRq*ZzN;Up!_Iy01Ly3l6yYCwN7L56QRJ70Nj{{eEJ|@17>7|3Yp~|CIr}
z`FoB_Ssxy7`jqvB|J9uSv5aA)_*Z_+!dR#4zteTU`a(rIW0aXTz9OZHaz+xnPDEd;
zyw1IxzJBUaXF4h%-pCQItBE@i@@ifaP~E+5`fcnV!sF0w74);nYUoEQaCjBa&d+$3
zOGZ1N>2<!P!9a9wT<OyqbW+<Dcn~P6%y8hx--vv`IVozmFN!*|FN!+Jps4H9<E62e
zcO8rW(2@&Tb<C0V=93_*|NK5gb<OD$)n@a*j344ub%dEy)jI@LoqAlVdR3CDUY^Ea
z{^0<hJBJye;Ft?@9ZtR=4lqs0<Ae({MY+u40a1Lr^uJr`anrpX^<_?qzm2asE-4Nc
z3q|^AlH!+hgLJ59e$jDB@pnb1Pl{juH(_#L?u!=ZeW&Z;LjeHTe?iQXz(^1)XBy5(
z%P;2V_OI*!_&^80gSY+tT--gmgM<_5+mjqJBi}|6)6Ty25Eu62Gar=tVur7j5Q0dq
zzITr4`Vn2%3q9HcBN=_in)~Cr+IfXO{K9(t&;=0r@tL~8_~El4xZ^?`8o;BN<*(-P
zjgoQlR%e9}Tg^j=IS+9Q0_-`6!+#Q}nzGNiM1POy(M;5xUdRWqCaFjnW}u$oW0PL|
zN>O|%WTJ;-vbLB-=_+*Nv0J1KY1r6D1BVKD16QXSP<G?GLJ(l_*e$N$|KO|>H})!g
z2#0HRU5|g5Q<L+oXtn!)xh97r3R?%C9P52d)`ydvU``lk^7p>;@dykapTz54xO|h1
z1JTi^PVK9V{6f9$-$Vod_;=B#IU__>DzfxtC#&#0p8QSdPCq?J)gThQLbx+fYPjCj
zK<p+QdeMrIzh=d9cBA~tijcBuD=g&jpP`04Doej9JolhFQM$|v2D4cS2~R)|v;d|g
zfxi;UOHs<}Y#>Uv)O_po#npO`TohHd3gh5J$@In5J-R%EKLRFDiAY2N$1h35nM#Z#
zO1HVWV*29heXHcb!THh}c_2|DW>L;8%Be4N$1n<k*tHeU@@|9ryLQ8zk%V4FYNK-;
zWJDLCTm3W|JEsgvwD6QfP|zGDYF+}9+B~_Cs1%;5{gZ&Y)QpgO4JWv3bX|w@xWDK-
zbv?Y7u~g|W=3%&Q7pHjVTfldWy>RaJbI3H-w&BoviSgqex@;@>s=DcRuk)kE5gU{*
zO*r(1hznPs95LbWpBdR#x+VP3rxHR=-K`vvT==Od`^8U2#^TnZ{IR&zg4%Z5%x!eT
z;!n|0gcf(BkJ*f$X@=_$5R$L;(p`<U8}UOetes9?ziljTootfE;#PmY)V9ZF-bUZe
zXd(PZ387&+Yi1Aot3+IFy9>?j@$(p)1nyPwGkCyY8xIg3>YQ)m{#J=gc$DT<nE{e*
z?p4Y7lx%T%v1b<!e;^^`rGIU#-G-Ogc-+!_+NSJYB%&;{>mg}Tmf1Z{3@{cb+~>31
z8Zv15Yq!t+p`SaTCh^&gTZ>9Ov@Q5)B-kCq;XDZ;x3YUo+wMHKIYRVyU+wnUAG($A
zOo5Bt%6F2S4}tFzXStQ{%yRx{WJ4&?-&?y2hYy+%8qGKj{LmNdQs05l+yPn(s?hbt
z-TDwa!b?76+iwf1geUn3&8^VLVx_xcUY-xXuzB_XrEAE%JU4z}-R%6)Jvu_OS$zbh
zb&T+mcOcbge>dGoOx%;!L_YvNZ_zxfyTz2a&4XJbbb~v%drVtA&mD{eN3-wDvjyWW
zcS}K{I{4`ry0z`gqF`HaG#JF#f?rm+TS^jx+F}EOd&Z2kyBVd*BQ!7A9&EAmOGf6{
zucrmE3mxqG1sbOzad`AGU9Wi=5_Nz@w6S0w`k$j<#SbopD|P;F5vgtC90}2iS6sle
ztR?Dr{lGe+Suef-p+rRuSXBpB5Y77cVF)F#DDgbete#<pIXQ1zt+zWP(fV@Me$))8
z_%8RDE4%<9by9hHVI?B*GQ3*+S)QZd7wjXW2nEOz&5GDJ%<n=?bpmT2DtXlU^299h
zJ`NVCTJhP#M6x(uTdgl=<b8sjS4p^uR{R`m{v)DUXE+c_em{K#>V$G<BvD3ae^<-!
z6ueKYHW2=56>!$&aa3`Nt-cOFJe*(cyE5AY-sbda1MC5RLP?^H!+d79`)MbseRs}z
zeoo7LwOi*5@{eeb9l-4MGBNS5b2NAxe3#k?oiNQeqMevTbjD>obv7WXe?+@q^E;~a
zNmIfR@O1vs`F#vOIe~0&H?8Hli%onF0nanQhvZ=)FO}}ESK((o2i@sc-A#o0s);&*
z_-Z!<hSU1_Od=ZTAJInWHbN(q>yzvdQHOIQ)kLjtB5FNJYnW}WRerjY?XT6KZ+0Gn
zgC(U4GOasxxOgfm?8!?)+vnS9yBlbZvU^c{G4LbpT=n6GxV*I8OW$R*Yn%tSw&T`z
zcX0Q9N0&R;#Yo|w4GYfgkYwS%8|l07CZD!5`o^s|+XZR!Dcz>IL%DAT9)jv|YpL0%
zN0dE`gqhnLYujcgd~_qBlV<rC4o@IJqvi~v8`|QwmZHlDoiMA#f{9W;OG;E*8MR@r
z1_a}kEk&2nt?Yf<mxV2**toU@zjU-r?k_=250;4Oo>`2;@iTs-eio^n(1gR^fG75(
zDGbQ|5$*aUJL4o>oR6V19aZ5-;QVxu6IwrosP(gmT0bKl{F?Rk^BAJ!rCj3ECmjBz
z#mB8JK5#GWxovIs>4)2NT{f*HZJqY`01HB!HWB5k%JB9;4ckmB*`Gnm5mTVh_+aJQ
z*pWPh64uy8FnW%_Gauc`e&ZPO|3>grZEy>@TQcI^@}tWNLJ#`s0cU6I?tFwo5gdZx
zrU$GDJ@P?|$Ki6lWl~0O`xPv=^$4M;we43Np<{J<tVZDK*n~oaVsots#eNG`R%PP{
z0&%Jxh*0d2BJQ6R+i8X36+|mLlfUoB-rrHg8lCwo&R)4L(;wLwn`lGG71HG~u_tW|
z**_pkH3~Qg-4OdVbTd%yryYQvKKdS^W<M?d!vKWb`ZnDfelkn;6)Y;m5N0IkmbEMM
zS^tR*p{40@F{)gTbW^MMN!H;-#YPMc2+X2yP^}}ML@2hyA|O+tjQ;a45t8I9V+l6&
zhb;)j78D?)414~U2%$$d#+KwG<lOFhWJ~P1e1r~taMnl4KTNT`R)px<#PhrpYx5CW
zx^xqv>xep~!mql@)h0VpiB0$bxqNg#J>sVa!rNtBQ?`5=LW}a9k@(k;V?kHCO!K^i
zT1f@ZzFEjfDGa_;FI!fE5dA>)Fa+k2Q2exm?(os~V$UAa_0+4U(_g7(qn4tZ<R6A3
z@@0P7;oQ#N{nX6!!avm(>wraL-7*9|9O!S9(aX**K`5*Ttcq@yUCCxIPWxhDIHA_3
zcul!Ln_^O@I;s+-Mp?aVr`_m7BG35|drLvOm`{{-E^ub)EzkLA7yXdX1IiJTY>k~E
zu^~n2UkO8y3^^tKcn?GtVC$=qx~mC&*GIR-iqnX6CFFyi<fY|=e&|;I(dDO|?nB7p
zr`rMp-PC1kyuHbC_yfOr8@YXh|NL#f+t-e#rFKH=?UdLEt+yTWn9MlP54U<uW@Yz&
zzj=e-`L2(4-W0bU)%Dcg=j_zW`azV%je6OULWJ}(3*2t_bAbhM`a$$zU4?A@`W-f+
zd{w>j48+QP1*(St4|%b9IMIqn{S2YlONggpt|qE==rXp@*tHU|5!L#}&mcNuA*86b
zKKKML=_0Ci(a+d2yzU8v*k_~GtDg`)r`8{dtG6Nc&^-~ha<5@EqZX5t@thV9g_w<g
zONH^!L};<acu2J3<>w$2(|cgQtOg$7dhYB^cj{&TC}90r(FLBtpxc`4m_`^rY%Abc
zRzs9K9M#~pHiOW~j%j|nfq|vUPdnJdS?s3L*$GLA^|I#+5YnTHE;YXaetSI6H@v)#
z(69IuSZCga5LtEE^Sdtk<p@TV*UAB++*yu@)>y8W{SG?iEhnniu9vkGAVeeNQg$8S
z*IHu*zdxJZdn<_6XeVvED~Qv}{<jlno54mRM9yy`E1juN!8w6yjnClR5+R4T64knW
z2H#R{UdwQlA+((+qi;W(NoaX`*}#GfOeI=z$x{dseV9}L`-WC*dJ3VqB_CKq>r)7=
zP5vrhRmQ#me#Pd9ea<f=(GGj}Vjg$-zmrhQuqr?$VoO*_?S??9GqRuHH;OksiIDvD
zWqiMR-IO>i)>7;qUN=A1YC$M5I5sH{A-W;<B!6tVERx8NX?X~}Zi1?;j<Yj18UkSA
zry|C>gSHmI<|4C717frJO@8byw&8u1RzG$_9zwBeQ;qgvSLK7`%Zxt6W9vZvmj@}|
zndA~6TZC>VG^&^VxQLB+vSSK`Jchlkf#U6KgM<F@s77|86>nO`XCnR%+Xvp|ty^P%
zvWf{3<9t=z$A51{Ja$F}ZnZ9fl>8uXV$a$Z>%3)bFEz8h#F~UaX>1n1DR6ei?zAG5
z`0|mpN!Eh56&zi+jInDw<)0|srg?YA{ti-npfdcC>>yh41+3vR-Z|Fmi`l)EkK*FX
zA_?boe4lmjnXHc+^l$JY>$g7xBGL0RgxGBlzs+BUP=|Hf&k!;J#4B!EyVA-wvLi_F
zEaiUM_IBfq2u-iC7UUh%<@x0H;<~(JI?>9yt;cj?es^(AlNTZR*0=jfteCr8p6nmd
zj^A>Z678CDV&01Xf9$;vcvHujH~Ks0*hc<`g)v|oLyn1!4FN}h0EfRe*kD?qiV+FP
zCMzFH$4HATX{95u)3obu($<8~I=N{t+wFFRF<^`VH&2@QrukZ@unBGHcioh2-EI2S
z-O|);a~n0KElIQCKJ({DN3tYmzrB0E@A<y!dEj?u=ACzD-g)Ppcjn9)ztEV|a=f5t
z_wj;nwHz&}+O_e!TIsP573|*laxm}MHk0)7?u}zXQ_ExDsQvX%*1Xp8$=8^i9($w;
zA0tnBBf_t9R*(H!q-t7vnaSvhA5Oh0kvaL3V_N>>KMK!k`SiT^pVHkoU5>wdicH@>
z)UqCbEnG152Z_$*Z%JImn9N&_XMZIETz;(j-v~9myTY`;<@j(_!=G;7Zu!KUV`P^9
zA-B}qn3%JUefvAh=r>POS8m_Fz2>!+<9niwqvOPL_%J;cwkLXf-jC_~!hc|YfZ%fz
zS?n&sHDkBueLIU;!A-gqJU&TNDN)=KUT!&ld@7607qx^Zd63CO^E4&@<kc+p;jgXb
z=qE`rq#`u3ar6XRYnob)(!anp^_&>bakQzb?bW6#+dQD*)ut-DK->2DEc)t(%rZ81
zm+$fBXwfs5>6N~u(3QNjhTHSXsY-?m9{*9;bi75H`r7;KZvxV9`aW@m$n4?EhI`6d
zjxTz3J-wB1Y(4Pn;+A6)X@Ab`d1QWRdF-;OW#dnRzcgO0Wz75cEblW(c^^%a_Zz^q
z#5+jLYsS`mv#7u6*vrjpe$;gA+l`-y`ZU$s_=(@{RDI#5W3L^HuK8x;@$Eu${?(%X
z#!tNM@u|CxW>q!kf9vQ&RawX0Av5+-dsRW$*78{4LML#$I=c0C(dMxn0b1?mwj2>!
z<>ml^^6Zg!-n;$SE%``Q%l{=nU`I-ePQ4r|X*!lY_*tOwv8zJU(d>WtEb!}DO~<mI
z`7A&$J!?AN@~4f_N0*Yi9?hz1Iz~LEEWPZa7k`!;%4^Plx#?)O@>w#Yf4ZH`=uJlp
zA8!YWUi?K#(PK}s2!A{9RkD6Ly2#Da7KXZuUi?KxD75CAMZ$Q?%l|63<d3%;wX;8y
zFE6>g;d1!?W7!+pfyb_zUd>+C&bCF5X4kX>jeoc-YxR#^m0!&^w*&N2wCvgKz$hS%
zH{ChWv~eO_N;y?cZkh}iK34da0yG?5^mB#HiM4D;nRJqw?kMYj#9__YJ=qfqQ1rPm
zy283$y<8*`UP1q_qyJmz|EuZ$F8Y55{ohUh|10{xm;Udg{|939*RG8Sm#?iEyL`L)
zvH+x5zulg^mf~kfuP)938ul|c<5y4Yp>xQ?zYP3|IDqkJdFn6!bo+K6oABcajQH#C
z=)~-<PT`oDj%y<S-Ny?jetY}&?qkh?WBc7L$M&>M;T^`w!Z^_!YrgpjvQ{1|dgkS0
zFF$<w8vY0U#_yLXnmJZ++`_SyqmSd093vc`<M=C%IKXf|M+?W@9NRhSKg)wG{5X&Q
z49623`#BDCypojveI7PF!0-=A>7zWpf@3YmbsSqbwsU-(W8{HEKHuQs;-vTo?`7e?
z;`k`Xr#TLC9Od{5$A97YD~@PoIGbZF$4wmX<LKh3aeSQP363Kizs7Nb<8L^=&#`nL
z!=)V8aooYNo#SDSPjl?&_zK4fj&E?h#j(Q9u%6>K-p)224siT9$3BjO9ADx%&hbr-
z?{h5P&+E^zo?{Eg2RV8<ev0GgISz4rk>h{m_y)&!ITqZ<Q08dmxP#+^9D^J`#qk8k
zVU90xyvFfY99MI>RB<$Oe9y*kisSb=evRV@#}gd?mZQe8o#PIUt2r*=n8WeSk1%|l
z<0~AW<M;)Rk8=!gypQ81j!QYt=6Gu_mnX+>aXiEEGaQ2)|B|DPV*|$}9L*fx-^1m{
z@n1N;!f}w}GaNs}^`&P|;<$~xC-w*i9Dko-GztHsKTF-}y0rj0{9&I<cDj|I;?&fj
zthp6Ub}BxfUz0<c64YeH*DY)QL#mJFJL2|uRXIc`Jidc+ho59oWuMxm8K?lKKkRkM
zgiD9V=aSW~fa=s#mt3=<CKVq=4tY8QUR6G%b~8Qk`kja5kownQ)#p@Y)u#nLYDiXs
zDrKs8z5XMrOZNC=&Fu-vPQOo6yELFv2?PkkLu&U2ppMfYR=nX4!vBHBJ-bOhd*e=8
zPbR;x?~u=b#3#EvLDi{w4y&?H=~Pp;Ge*MX<npAFlGESWsroe8AC$cwpDMQpRpn4d
zxh9va*DFTg^ZQmR-hf+aS2d4Q@y7c+Lp@xcgC1Ion!1|A4Aa_GO(c`tI=vohmljkz
zRd2WK^%G&M!H~!AlYQaN_Kf9ECrnLu#O=}4P(X3U%AH<6d*e<+^=9IeEc(>+ae)$g
zU$|2ZdYlP@O0I`bR(wvkKbWqbK3Va4lu%-MWQ4^>(3YB1?bDQl>E%;XS(8pKnsU(C
zYb-sW1Vbs4)9@!$`&)Nmdj2G_r{X`o|M$1<lGTt?38*gF@6=RH*CWLzdwfoRkg$`z
zs^TI{_S<)?tj|EF1r?7snb1JzQhl1D5jFGpTpp*Q`Gd0h*I~sgYkt|1PHx;lITf!G
zjOjUPPrJdI9&xKdHMta~U!G7*d`3GGA9{XgnA(6?rBc`9ufu*qu2*ClAJylQ{T*^h
z3#v+Ivb|zLHY#j#|0J<b)BkR@%cVL!or+f<s;nH3@37+axa9plkJIlm6cj7j?^2Pn
z{d}UB*4}_u@%UzvJDtT2d;DHSQ$t4Kr>XxYCZ3ga#@mv99BqpAicYE5+og7Re0(Ih
z6`#wi8ucbFPakh^B{JE69~Bmvb9`EAK1}^|Zqw5{y#6DG<aBmnWlc)`N-oFg_j<_)
z_UqGo8h-lhosJKmZPV9hMGc*89<Bj0v`cpjX5{m+%zWb2K_%}HO*y!sTj})H`GW^n
zthQKIZ!pedu5iFhgr!cK?sR>3`a1)P=4tn;GNa%MlQ<t5_$1lK^eOCTP!Y{do6<oP
zexJRyxpB|R=DkhHbUbCBy|L8}psubC)!d0$RksSO>Q<wgJ2NX+u8ikv`pEYEdz$y!
zSxzF&gfgbnvG~6LumZrt06q%fV*s`SAYxpZP_ONcyBk|q$orb_-QT=-dowF%g}kTH
zX4|!QryleN<;LB+8u#h#_o*JuO-8tKQ1<zQGVvNcPLC#cc$I_9e+vavr>Dci?CNr|
z1|a>r2_OSIp@&lVEb;LxcZNe6)vb0_RyzY)cdB&eBOmc-ZZ^p#rxWuVPo17l201Zk
z)RW*2gwZ(*$$p==o8=1x)ecWr>UvSHfqAhh37FTBo?u%34_LA3d_QQ5V&g4srHH_m
z0JsalqnzI33xqXU4F<Wr(r1{I&Oofcy{e`flj0Uc&!5ssNZ{`~sJY2Zs&Ep65i-zC
zo9SZpPN>JKbx9P4nU7kya4_gUNX&o|RF#zZ<0Jva6P#urQgR{d2cH)7Cv->Bn#U+-
zPe|7Me(JRAb~NbGRD=9uzfVhS-OBNH($DF4D8YkHf0&y>r{59qhlnO5M3eYKN2W)U
zc%RqrRJ@^BIHW1gLm|&2Di2c&fH*z%EhzdzTFAgh=~Rt$hm~MFitq`l>R}}q3p-V>
z*BB<t0!?XWGkj1Dc*(MZ%oz_k=*;0H@rH1qy9)?uL67fX$R7?ejX9`l4!*i^uryX5
znuFy_Nn(i1Ko2+^9-l{ZIP`WJ==LbVLv=H!hqR!>F)g0>QeAZp2Pw>vA|DZsA$eN5
z)9(#;`r;JR%MGfouv2w7yEV7pN115hfbLGAS=aCCx>f5!E98TIO|Gt6ZLx&XwnNoI
znxZ9eOrYCtQ-UEim?)A|=>dw41m#ab7gUZoh{KwekDf?6)v2ZB<DmN~4$bfIxBr#O
z2~*G!NyfHbQltk|^-zq!=~kWbP)hm)k~Hn3qR1$x^zw12hgF~U!P-ShGqp=6V3m%M
zr*9W0Nt@1n<}~$*dDLmriFfH$<76q@Pb|4Vq&kegp`IfXy}_N&NXHgOj65S9pTUfb
zGtqN*dB%Fs{&)D)uFU<HYN)5COEH8Ebabk6FsCZzxNPq9Xj;+$PnoW=2jd7&Nyqe-
zXmHB*>2!o$ruz5;vF*~7=}xad<v7yQLu$~Yc-aJ)vYyO2OWR*Dx)`I>`W=_w^bSi+
zH@(9QbpEh5y~7-iKzElT><f6DhrFtT*zV+dq$H`?>-VYl?toe&vtA)S3*Ed9w}+fT
zPk_(VJkj4FYuy1=He_=vBm;5qYM0Ga9&MR}HjUSt4tk#_5a9l1N~Nap(`BOX5z{#p
z0GT_Pk3r^0pgr8tp$jPB_xOmfm^8n^<q46oiG)dq*UPvcpD+m!zr|?8IepxEa(Y8V
zf^p>ZM!iZle$&S>ppOS#?~VFx)a5k#2O8w*yNEObL6t0ioo>Z<P?cS(#$1DyY|p;a
z?+SZW*{S&Gii4~xyne++cl9;D?Dwg%$G{~({ssL`H595N{Y7bs3k3G0_hX00tFmtO
z2R#QpzL@?h&O^#Uk`z#aF}aa=%^ml%Lg98+FGomKf=;)CIJKI`?+Ycm(|cIuYiOI9
zk}BSys<=oyR3BOQ`h%M4s*_vQmBg$O>4o?<ral4!oCZXfJYLNcFNG^%FznMjL<=1b
zog&#j>gxfICL1D&?#eaQ`)l;l_y(BHU!nW6A<Yo(^oKO4U5Zolc0;cS^WAEf$(nLV
z4awDY^&z?X5tkhBhdiV)idR;G2kA6fUAHPE*OJ78p2Mnd8Ou-d5+|@T?A1I0ud2Vv
z>F@{TLu&UCf6x`<Kr5V7E~g2x^=G>(b5C8bpUz+L8Fwesa+cXflT-0}*+!F%3R>1(
zoxS^a@0NpVDC}js27Y}tD|>vht@|TvX4$TIy@~puGpufvLvH#G$gLb!<)EsCgFcn-
zWQR1x=TwQ2+opun<}RliATnG*JE*#qjeAc>-5{%an(Xu{p?KpJVmDb-G8a~l8YZ|I
ztSzapk8R5l(eNyE*zwKqu9alvMu(z$Pz{2v?c~Es&_g)LHPxXSIjDB1LE@me<aV{g
zA5>)}6!IMO8TZrNN=VVPVC}LEGC@y!SYxlilKL~Y-{AMlor<qpR};-Ihkaz|%C)i1
zt$xI{EWY2Qy5vq$w&qrRR5fW%s*JJBvG%fI$tqC255RsOZI9-c^+EcGD$^N7e|=gV
zVtOXmR);oJ>m@rCUk%+$Ijj<X>OqCR++$lMnqMZ;b7(-dtFGEb=ZwyP$E%XT9D8e4
zO*@gB!J6v2RkRmeewFoEr=mICGPeMROx$jHe44`%S1_O7x6<R&<XSp^vMya#C(CxX
zDl6?CuSe@9^<wnN>Zr(Ut&^Z#gqtTMyVO8Xbt;<bS|KYwm)xmPQyo-0{fF5bSVis#
zYvEwLj{Xiltm@!!RM%NU$rUAWi8W<5OarYLRXI|2Q2pz$CrGRonR^}lT^||9VXb53
zs&y-=GKT{$I^o+JcXB_4c>r4hu(_?7I*dm=F3rvNs!}c9mjF<GPQQ!mV@T_!{PlUh
z5I_@O6Eyo=&HC(1JKf+HY%%ON(J7jDTBq_?)NKv$`8JQNm)YFetb4Q%H16502dFy`
z0t)lUTucPu@j0}h;#AwIPHW0R?4vJ6ntd)i^Br_QWUPek^Ne$hjVq09!h}?BM;)z*
zi@6c{p@Mc**J{;86eh_+(jlRb57JJ)zpJm22yc(8+Oo!#-mlX46^;9)%(lf%!9Kc1
zvd0`E-AU1XFvFf?LRLe0v>=%%=#uKtk`?TAakXoO%=$^D<I>^iR6IVz{I5FwK9}rw
zI>W(WeEX2=6`L4R?Gq>0UkN!?pNnMhdk+)eD6QY=@;D9qJR`inV*XZ8H{rx9i_hP!
zD)D(@YJ+_-dKRba={`*fYFtx^d!pyxN4nd<fbNq!I;qcYaN}?vk#oEl>|txny@~Gy
z<8MXSl4hga;R%McBryhvL5sDU%Y(PPQJ)-mSsh;g5r;ki0qpSlkMOeN$_`+g*Y7-J
zh*7(kJ~~vNi|yO8H>q?i(X~aAKbzRD*sxCC$8)Jk9U5x~n^N?4@cL-MZdRiv{pE!{
zzF%Y9cihL<_(pp|<>B=xp?EW6?O<ay-VTSuryg-QxE-LqZO8@aZP1s@33|aP^>vQE
z=VjanHOM`IxlNxU*}LnoQ<FQ@&UQ5zl0#vqTUJ6cH8Fh29vdWj|9HEpaaTk1ScgY*
z%MD6c^E=pLuGSt5tIPN}3o-p>a?%wq`MoYXl>szT{fmo$ja#}p3WYoQ{y6DxwbLK$
zX37>+<Ld|7e|lkt7BfDFssBX!nuX*2;PcDOtn<D1Ael8os!xA^K;&rX>sSTp<~I=^
zA7JfaVq)3Z2S0t2miUI!;n38O!CvsapP+G_O3&A|cWb(DMdl;k53%u~=ie0OFGS*`
zOb?iS!1j3knvMIabc5JnXJd=Nn0<=1KOrC08$QU{dw({U*V8e`Hx**`KRzUM<H|j(
zq|+Jc_b14h?VQFpX1;hnW3AY4JC~~-7c1W%<YzVH*ejU0mjZlP?M@hfF?&P}EFE9;
zoQJ(TkWijs{3h6e*!<38x!=>S#@-n+I=gZ(p<Lsb)fqC`=<9RCdscmTgydRFS9O<s
zm_DrOP^@d)*R7B(U8~nC>y@=m^0?M%>2TGrUnXysYnfxDPpB){!hub+E2xjXLgxO+
zvSqP#lF#q+I2CX5z5<=+^d)qBu5-}WL2-SL%^PYLjZDl>cPwbWO&uPux`oZtsU~P@
zM?=%s(GCaoe<|-yk1y6g-0sKD7gGCd=&1ygVTdQ=-Y^{yJE5Dzg!dHm<(`8N#za3e
zp<j)5#AuM|JZ+%l?|r8=o!Yk)20eacPG;Lg#sg0DfSazl?05HTU!ig)KJft&h^&$j
zsg9qOtrz}tzB@3rNh#0Q-pXR}rtH+|5dQ!DKB8w;ntJg1nK_nnoP1LHcbyw91t9i_
zJ$m@WDhVcf;2FSAMeN*e-%Xy!ej}nzQ@gaPPO2GW?~7Om#Nw(f7X0CT5l_eBy68<v
zx3Yjbk4w>%s<m9cs3kNOi?ib(AZN4k>bAGqs}5{$q~9JS#yv>SF(<_BqIC6%ag?qh
zA<jnWS`y<Zoh>2GPU#LL#!<SqYzguTpe{(-K>GtS^l;T-zgO!d3QY8t=r50d<dH{Q
z?ZiObTElq;HD}eX#zuCC-x&8GEyrYxvokt#LL8$jwMyun3)FS7`b2h0c!<!bEd1V1
z2}JT-=Bugi(;}fH9=C?X^|mDRja5IR{$fEaZXNqzLPB&YP{-IK`Y8#K5}>X<#5NEj
z66(!BU4RpeNob>W4h5Z6mQ|F+n1mDYxYZv-FNMW<SZpoA;@0wL>E!(JlCk2zoHnyf
z$P$pX4G@Y=D7NRL*qVpp*4dK<f&8|z+B}q77oz-ab9DA(!Fb-7DKM)o$JTdKM1b%t
z&qKMEi*lC<<@Q-9x8|UH_54Y}B*E04H7;6!%DW42_suNac_SMOujHUaD@38I0NM6@
zG*kdB6~N<GiJt2-hK15Rl)8#gYA-~owE(5Tl4$XyIUwX`A^)|kfYc`1DwpJ8$<16W
zx{-%@*Yi<$r2yI1LPYNbPz6kKzQ(Xnn1jM+bEC5+v&W@?XsayBLD7|5<hk;YZOun?
zIk4?6KweAo<^Wf60aqR{Ee#3bvZW?0aLvO4dkGd;=VHOz=0HqN1riE`Vq}j2l}l%1
z>CFNxyite+*Js156`{aohRHq$S=JJa*8{KD1JCd>jA0=!3whQY<gLyL2&CSwStzpR
zplEe|fc0M<imkaQUd{TiGFwFUO%rS?u%`pK#d#)%MIec$Y*{WAxXQ4=UWx_Q1y~@I
zz#ITbd-`JSnUCx!P+2n@H8;$Vug^i*m14}(=Ayt=0+W3nvaF?O^8j8C;9AGZP6+e*
zS&jlLpNQ8lG0f^`j1zK1<g6AgRL}l4D=JO`mCFmT{CXCaT**ecmV<e&StzudkZmo3
z<w;=clfawnIKS&zNpVOB3neC$xJ)Rq&q9ec2PLb`0b!1WIo~L>6%d`SE<p9oSy+6-
zgay}gG3QDi^0a(pxe74;H1N}>fdlJ#{~5x9S%O(8MlR8VRkN|`W<HkRD8QZ93$aL>
zjWSme^6h41S?2%|z#IX-Ncot6oB6<v0^oWfpv_K7&xxl`OUp_VFS7WAI3$Dxvk3Fs
zxnq@g&&J(1b5VOE50%&Ru}CXGk*g3U`)p)ci!d?-Tpj{;*E1f*Fl%!Oa>s$n6|=G8
zW+AF?%tqyvB9v=p%y-R!$zF^s>s-js18bfK`ZynBSePqe?%x(g3rSyRiO8}R09Syr
zE5HPyuggQ-^(-vEl8s_52l=j9$g-Pgx_kw=!FeW!jXcVh=cB?}jS8V0i58FP{ut4H
zYM1g*YR^Tf)r8X3+%7SloUA0eqvfK=WkQ~P7P7552#f=t90$7YVPzV_Ws4-_3l%~Z
zFC$_CDtl(5$66^^Z_XDgZ!8eXua^q*uapTUtz5`*EfnxQpz?db2<K-EmsQO|v8xQl
z)>0G;CCE37+p?Nm%(Itcp0y0~gc2|-VMxCt8-><V6bdECG32W>i7>eqzy<*eL;;&N
za64iMmn|kXp-Lb&j^vvp?WmoN+MA1o${TkG<=16lzE&v|xt0hf`<+6TwN_}51RRtE
zbZy{zdULUW8+Rnd6Fp6i1B_vzP(opUZop&%D&+#mH*>Jy#w^UeZlbo`<jSLZYAX`(
zaFKwUdi@i^1;EW5;KnTAy2)Vo6Z4fV%|nT>429AB$=vZ-W7&bMHpwPhNSiGJKyA{t
ztVuBdrjs|bu=Gkk7Q6CLXwOBq)r7uA0bgnq(6f=Z&z_qUhlFt19VVEq#V|ix5Y3y6
z&%p<XK2{W<!c~9@JJH=dRIDzI&Yvt9FCH@osD0IPVc9Rhw_m^w-PReyoTldi0bhF{
zPGbxUvqa1i=ICvUibT$fO;~&*3uRh9=D1k9pa}T5BH*D-+-BX#0<?U<l?x=Lmo1c#
zD=dY`_0KE-l{OP>H>yyoRl{sw4wH2mMw|j>xdaSu;<m*Q7Ur8U-&%nAt;JFE<m^CU
zTY-(ui@7MWno!i5A7FE)33;tK`WR($vF5=1tbirY3aHr3`(auf62jE?(DISrI%|^p
z4X!-o@jkUYC&2TZfQNWKW0=;#HH*&MdfD;|0(>tBc*an+F^<jW1t_-W6Mrlko6m3L
z!S+=FPkmLuRbG}cEKvRe*NYNV*yp0cT8xTklk~!xgXljA2)rV|Li{9C7ED?etw%yU
zryYMqz_M4T(<a1|`OX-gmxFm)77AU=4w|nDc;srF));2~X$clTo#dZVIp?Fununrb
zet@;hj0$@ZDy*|n5lq(i97O(Ez?$#JbvYr-Y49TfUwS<$?t21iuXCLzy3#7PRnE@B
zY~IIh;{rV60$R4}dGcuZjd20Ct*orXFdN$m`G^l>2n%yfnCr^JTzf9&t|s$aKJOnB
zA~yv5@`ivBo-Z*h(lKR>6XuyPPcu>9XPz|&^H$H9r1H}w<hht$lr14X&0>@Yr7+HI
zBf6cxu?V)PfS<f8KyJ|OZ(<x>GxY2J|6G*2icxN#gL11G<*&`36c*)Skv0#DTqRg!
zpNmD-Vk~-l{-jWtg+gly3g6BNRGPD3cFm=8|Hzbp@?Q%0Vgn!JhOkhagJRcQ6kCf?
z{C0kT@hGM|gvxwW-Y7$*R*Fj30#sV(qf#irJR49}DkAr7W|sqc+qAhDc|$<fF9etx
zd07cz5lE)d^Zi1=`^J0;VV=(z$McQ-MnK71@qCG4md_X`EXczG>pU!YHqiqSD)LZq
zqYxDu(SL61gY#_6ADKOUokV@uVw70tpoH-X2o^IeU0JAgXG6X+7qV6i*)<2U)eQOB
zvgm@zc{Zw#*14E#m}`WEd042;#zI#i7Fr9ikd<K*?km83*XLr_m14}bmL%p`T!6(I
zoA(ymbFtWJ!s69*Y>x?bb5Pfnj~aIY?$nmxPFE%Fw92?sC`W8G+W?`i0Cid(7T620
zz?zQ*tLH}NOcsq7j^(!rYv*8XS1#(@d8pCuK#glLYOEEg5$2;JT0U7iK7Xu)@c8gN
zeE38zw)N&=eOEp#GnGl!ht@e{jW{_gkkckq7ND|ALYX@Y#db4_twkt)nt4t_xe4XM
z9L$}ZGhQ@S7$|7Vw@|&lN!D{^Xb6gMghY6^>-M}5#nu882l@KCCJ$x8qC{W9BHDCc
zlj@MW5Rpej_&+XUcssWPhA`{@0+ibGQEJUYX)Eu4GB$7Iqg=~FxhogtRujrw=SP`6
zEkKbqpW0JuYwUTDM@86P6d^b1b}Km!3E{HZJe1kXP-ZPf+1qsf9V2Z@+#AS8xhoIl
z_E`CoOfU0LV$Vg1)r68(?mM@N7FriqF2=tiLV8}rbEMokIhdp6A=_@EeuObi5CzaZ
zhN3KL<FZ{MdY%;V>XRbgY~ntpCILzDtPc4ovFDMs9T^*Am1K_An4RzWI}zXhI}ugQ
z+!sm+6Q0bUF~$pXaxrH~vR4RX7zg8QE}M-Cdm$>U1*m9^&t+8aT(ePWFGQua0F|wa
zq6;U>#utpu3&eec_+AZ@cM-~6vr%p@M7gy9<xkI_WaZDnVwV|<?L}B@ovqKYW0hq&
zDAP=Aezxbp{FaFJx5U`IX$%Vh=Fs^iH(`DWzAw@{MMr-tqULRp?pc!G6K{+7oFUA8
zFWVf0KSuIq0r<b)7V(?6MHJp<v{&91k@GtdOL@5HcOuGv7f&bQg@*Lp@*I>~i%=e%
zKUor(+eY}3`ri9H5$kV?*l?R6*E5@tD<HR>`080O1?gUrh0QCuC|sRm%O&&M5<utk
z>vu$i-xU$K&5-IHu@&>OG0*xU<_V)9^C%lzIViGbqo|myyyDy2#yw<qOCj*uP9|6V
z-_@NGuI-dCzEeW9O~9KwB>?>6n82D<t5zQI_#8^7Yn`<&(Cvb)dlx;It-mF?x+}iV
zFWxVqL6GRaWbB<Yy-P=e$v}7GfP@}MXfecHdqBb%B#ap1-h4nptsuc|h@1VOgh@z$
zzK7_~_YnR09-=?rL-gl+hydil*1b&$sr*2)y*r@d88LQ1d7r8^YFZF@PO^3LZ(ber
zOulbN(BHX_zXx9hTle-IVIRFZfHA>G2$y}1kS`GQ__Pk>OSW#iJE$tIee}4;PF2GM
zY~9VlASs3wh<gbqQpjHQNHhI9_(e{$({ot$#ZD>jQ8cGp4dKT;^?oJjYwiNvf~|W;
zQ0b%$a7D0n@Amr+IvPX!^pmu?f~~u`%jsz1=TSX=AIVJHk(XubcI;M_!)mMQ3<pD=
z!zw+Z{RP3+y^EdCV!)2=?^X}1US4s0jn`zaKiEl65*SWYf1Rg&gq>q^0smF685N^m
zx4$<?xk)9k-@c<BSSQ-L_tFbD9Ia}n;_=aQMq0d|cB(!#=yC4k-StrepT-d3(dcvS
z^E{$rHR*+*;#9XO&O?qCHK+p1xkOso5n+Cu<a5)sK=18u8|zLU5H!?eyJNqPlyC^2
zh{v`lAvf0Ya`yY${b8SLx8JFFSz%|0eB<9}#1v##6Y#EN>n6|l@e^o|7+cM?^Obl%
z@Ari~2YsrG1ZmxJa~!sA$6mir-A4}~0UL-6!T~SSk*|xkZv7;LV>|n(J%mBnx|=+#
z?YlHJrs?Nm@kE;c2G*kFQ-?o{>ow2#@q}9Mq9>ewYS7&sL~Ar)6PJ<kyyR)U%)M%t
zhUa-MJx5=hbF0Vc-tO-VD5O`n#9GP5<1e#`9Cj$)kS>Tj;##%KXY(pfwbA85iD>I)
z>P^I>Yd1)&s=56x#_peWiPO+-QdW0Bb?gf53%9e=Y_ITowyGh`A5?KCZ`nr<tHBPh
z{|IZ`4{5EMRK@G{JMm0>ob6QkAZw!E&KAaNwNuqt+;hByX+{BG(PgA+PB*?D*AA)?
zPsSy-*RKJOOdBo0pdpT^xi0PJ2`^7bqpAacg5K{6?eO^M(0Ad}@s>2YT&(86UR_SD
zs^aPfJ~~a8bv=8Qw_v+hRf71kUTR|?p!!@`PONsfriOUmK9y1jw)y>D;OI1)0_<RY
z!K6mC)E++#zL{8HB@p5YfJ)LsDb39N9?i{q;%w4r0S4kadjxpJPzP4yhs1=BV06I+
ziL7;P=*e<$CTz%bIzH_4AMsIJvcjml^tj?mu3!5!e}IfHb`Q{M(i*O~q$)4zlBCu6
zFEN|V&T#@?LSm76e|#)?{B{CDOedSv4hLD=05!3miO-L^?frY5ca!R693C^sMIX4|
zj@yprF6S;^haa%=w#85T{Z=63v6Cngl~r%Ne!D{UU|7W+JkMT5H|dW~({sIb8)LS@
zMs?r?(&suU*VQ+9iF;UqSit#H@pDV{Q(~)|i6Kv%KTC94IwBZx3AM|ls=8ga=snmS
z($r2y_4$NZh)HdaK8p7EUF-swQQb!{$m~MW2-e&BorIZ}O}w8V?WHVt`~8Q)0pN@=
zHy``|r=c#SKOaogVO&gEqTc(}3FC;GFdLb>0`wsNnpLanTwX7JpVg{)w<`fH98|aS
z%LxCC#IcI$J{CO+2xMiqYTo-iK`pF!_xp}`d@kUP?EOCWMS&|e#CLeSbjBIT-luA5
zlUIv7Rc$*xXs_AW7m~P=ZC8Vx9-pGAdK3nwT_GOu2Y09nsjH2h(nTQa-mn_%wyD7m
zA~l~=-R=+5)5~k7bKm8{dP6Mp4tKeLJZYz@F*UGzI@QL|4v$wQPp}G2o{-Y+RT=Sa
zPkT@ab`$Z3@PxE0_U+X^GRRw0#f6BpE7YX6hYuc9gL*AL+}ygidH0&tRODztNDDgM
zL0}U))lO%in^?h4wX@TISj86d6jC+71czh0gI_!3jDOf%4TmG7x#%fwhsW39cevD$
z7W8*Jyq=H-+_$}T|6cp9J<Y4E7FJ>@I)bVSl%bQ4rg8-NNd63|jnCN`z&g+m*)=uT
ziS_Ykhl;ImgjBbqgZ7()uq=hc>GySb4u*rO!>0s;{v!@0c<?Z=hUL^h{ANk2@31H6
z=U>=a6Da&XwacS9_!oXl;843%XIM*0m=A}O1c7C6gtVY59Dow=tn3V}JmT@KbOyDR
zZdD1a^sZXDY9()VQaU?Hnu&scvt}gONPDO=fIt8Km-v0>VfnR=>$h*~e`!VEYZUmO
z*1TKR59X#mej5ubLXVyY?7e%+bFj6G`1fq(pqQ1Eex0XJzQfW@N$Ica>F=h_e}ktt
zKuDP$<>?klNXdV+f~Ai%q|QIi)8)q0`DgkKR%C9!UcRLQ8Ox7W;=il>8$7>lpOEpK
z@|&ElZ3eoVoGvm0-FuvFat69A-aoQEGo4xQ#~JAUy}z0C)56nx)}>Bw(9@l%(`|aa
zU8&O#EMVzlJUw~0yp88KA55J;z|-44ojSco&)=J-eWkoVdsCO+$MZ*@NS!~z(?^b_
zP9M?x_sPuqFJI2A|9zML`}Du>sl@a7X?15Ymy?(zzX$%m)wd7)Yf6;F<b$jpeSh)6
z>Jw;_{zLV)y^4hVeFy$?<)GhZH_5-FZ74~t57C8uylod!>gxxsW69#w@~P$e((nQ0
zmyTwP>wP3ipDg?T=g_CfeXJg~`#)HH%+CLqKJ_d~)Tajff36%#=W#trqesd1A#j}G
zfv5R=@EL9oc)0hoJe}hdr=Qa4^z`G2a*}y|+|4k5ngTIu8_(aiEHhmX=YL{3!-6z)
zw|Kj3wG4~W(2aAtUQRbV4c#QCE9Lbwr=c@*d5rS*E=WUH+sD!;csokd(7AQ_u3(s(
zhHiq(C9qUVJx_4DQBF6xB6E9B=>2>b!#Qc_B3v%D%QDM(g17fpRc3w-oUZNe%yhSS
z{US9C=ca3~-XF^{)46%ME!7MQ)6ki?{A%yc+}<u;zW~>(l639m<70}~Z+<#C^Kvb`
zKjx*O>*f5qX3)PL-rlj541;M5`y_8i>B`Ld7v<jpj@M=$AGdfrZq;NSzvFuU@^XvQ
z$(i@Bo$GUU8oGKem$4b_26(xHRhj9=csuG>WTp$~_K%mVrjheiK8|{3kc*Ae$tyCC
zk1>55%}_rJryE_7+3rqoIkzp%%&&pdjn!lxM<;kYT9##Qhl$HCuskzA@OGH*&OFW|
zyncN(nf3Gp=jUFTd7QhszVuelFwby)ww0ONJEGTb2Du#I{GQ=@nl(+WxINJM%`kr3
zI9&s$%S%Jo!s(`JGV4nz@3+1g=KVG<zgu;w$FJTFGuM{`)tT!jbGh8)auL&vHwz!X
zP1Tv{BD{WHPA8?I8{~2sNK>xv6Gb_{k8-+n`%67sevi)3j=*O!)9L)$IKS&N@H6*i
zrqlV2aJrXf;5Rx0ozAa|_eaGH{Zadw%yc@x1}^6)w`<ku%GLc}PPZ@(o$d$Q?#}Et
zmGbsJ&d1TLbmNG(H*$As|4%QskJHIB*eh_kyjhjG+#Y=#-Ick$rF#ADO5I+aPG2|F
z*JU1;qr5*RW}q9<{if>7b{xDvN~$xr_W+km?_HVg-w1C<%Uv_fzr25=wVCa63$I^G
zP3Cf^czZ|g%Ivr6>#m8a%>2fWXQtEbX@Kj&;0)`E9xlHTJ|E?zn+G|+vAWFtVdM21
z=X$>^jb2^lbfYu$o4)=$QJdL6(ATTAGtB2FbiGg04!wS3`g*lC^ZeGu^}tk{xxGD{
zU(fQ?>j0f@g40db&Y-8dzgsoK`bgg&T#;FRvTk>mW|qrUPG?%0x!=Zgx*68{ExMj^
zev8x03;MoA(~8XcXX5gE=B~{8T+he3T%CHH>+P-O`qH&D^ZG;IKM7Q2Zm)&YU7bOG
zQ7%7gb>?<hxLj`3Wu`On_Fh|-xgA$|{oHk#>o=(Ht1QcG*IIbF^>=5MGdMr<U8(0m
zozBALQnEC2duzE|HqA7D@N%uSnfbNxc04!3yx*tWtLn^hk$JgSS7cuQx_LVWmuI$X
zz52YhbcX#6Uhat**1u8C4|iqOXYldSw<7aCNIjQJbcS}caQ%C(CbOOfINi17nfoKc
z+tDzC9e3;dFEyF_qm9e2t1h#jIH=o~8T^eX=NGNZtS?iXZgK`cVuaI8EKS`GeH`7=
z_lLNi?nq;Iqg*ayGsv%A_pf+67Nskf?<4irrQYY#=_Wb9Hr^j)>HJuIyv?BZeZ0N3
zOEc?fDVN{)4C`NgU%h??dr+$Tb<5J#kFVc&dv8=_wnMjgdmpb(y)O{+4>%ooJ1Wx1
zZ;+QeI75G!IbFlj%>4BC1McOS$8R5(OV<qk-yo-R&0xnTcz=vkXI{_r>UQ_8%=6Jz
zt}lT!`^q}q6sH@k%}i(F{qf`s>$hIr-$=Vp!{EecGSlhh*6V&}Rc3x;Pi3Zy`9qxF
z?iH!^RHu_UUBL|gOBa`4&(hTU*)jdo_ibnJH}v;f&&@E7CiQ*M<ulN6ey`6kA2slP
zyIPmoZUl6HDDC@{f8TpReV*3+1XI#^0NwA?{bJpp)z{bhzJl(ze9-EY#?B=rork#h
zKj*#YWH~bPO?v;^*2?NJ*7^a@6DW!8k1GGZ_rZPh66+`5`#<PC`2X%dGd){D?=>X&
zND1iuDm^8@6Z3$2t3>(=SIdFjR*C2p?yLa3gx+xf9>MQc0)1AA;+vJgs8vF=lD_L_
zJeL5!xf8fb;thA~5&YV6;7zMU@r~txd99RiUmn4KS_@d#N)#Vn2kc%eQPkD}?zIwn
z)&Zy216^w+jI0N~RnMM{cj6H|)DA?}N))@Cz%`QB3DmfN*Vjt0xPa&R^Oy_Rt^!kQ
zrGz{02)@_>6s(gd{y!anyiTH6bP%wtlVCmw)VqPEbrKrf>@GX<Y`oKs;DS#9fprqa
zhdvE_k<fe^nAOYbVD1Gz&z~c`z@0}~eT;Y95&Xgv!0<YW;&+|^#@0y`-+BTVUne2@
z1Tb)n@fkS=-0>vnxBAAr><Auz3b?gSqImWxKwd9V{Kiv&b-je~r+}BA2AasT;l4V8
z-~30wwO*q5$A1K#TrVZu5l3+05HPr2qPTVlxV~PZxOWJ+xn81pa0oEhOB6pj1k~0`
z6i*HTo9d;6JL3oreg&}COB9Qr2YTwIg!|wK4!;b1v0kFs@(ti>y#(7gfU?U>p7Lej
zlb4xH`Yr>%=g$duz8UU=Be>{Q;8wjv(ef%#agRjt!><A>?vY@773jSNY`RB6-!<US
zIM8;FlyIjT!8cw5dhU@Z{_!;+a*vd7PaDC7?*LcsktqJRcYx?U5+>gPe*7+g4HBa7
z0vjNpVuO@$*BZgkiURB#B#L)Q0^A#<ggem){&cp0CpSnG|82H_(G3#C#YF<fH%Jse
zR3zXA;cvL(jNpgM1Yn~?akxxC?M8{>WSM~ajS|KF1_5mwC5$u(nAgbeO_Cc0e3CyK
z?=U0yq3r^m+$d3ec)Ng+jS|Hp+XY<ND4}P&fDi8waDAf$+YSN0_>h3;MhVdm37B`U
zKy8$KuYl9{vOA+j?iI*9N6R8O)+*3`C-{+lJbs^m&+lXOk$nQb&z~pv37BtZ&kc3~
zmHXMV@oqGNPu?e>V3S1g>H7r8n<PZ;6VP%$E6aAjfKMFY?L8piuODE1jQ6Jz9Dh)N
zWs^kl`wt3e+9YA}K>@vg!T9w3g@BhIV)Ww=3HW)N0Q)8>;m$OId)o!LH%SzSoC10`
zNeOqN5$roJ;H6Cx#dGHcyiRD&3n(5IsI8EP1vFd~@a86oV)&8(Y?jb-Nx<DBtUi_z
z0c*a@o*TX_An#cL=FL*VeP{%mo)u8FS)v$tRzUq`iQ>nf6|kG|d{)5H=QvNpooEE{
zya4xRiDK3B0v_Ki!ScL-SDt6|<IfB9PBf}lhP%-Se(nVUk<AjtYcB|RZnK2(7X;il
zDo{JtHY(spqr9(21zdZP@ic!`z=yud;*IyF5nS<-fY&!m6xEjmL`hp-5-{}=lUwv9
z0q4h<PL7NTu)NIT37&je0JcaNd0D`l|0KY)MM}6wjbPs^0;;x16kmQtK>Zde;l4D2
zEw2i&ZILK;y(+-9MWXn{R|Pz}MM}6cjbQkj0-oF=QGD#10tN}sZwmOsw^)B!zAfO_
z-xe@V>ho;@cYH^Hxj};b9RXe6;kx=A0sF=UjBb$<?j|$dWk&Fq-xc8ADp7p*y8<5F
zDpCBwYXY9!Dp7p<H35;WQo>zo1Q-6Z0P9vM;Vw3UpZUIk_qIqBpZmT5^HvG+4+MmM
z!0Yw{0WVDmnA{>^Y(k*-wh>)5-rq*>k3SY5Z<S#AZvqN`BH+EP63jml@PkQ~cXCp|
znxFFV{!;;u{ws^``BwoIKjZrOGXanNjM4OwIQ|^{nSiHmFugL~w?^>d&jnoBDpCB#
z&jn0ul_*~Mxqzvy62^ZnVD%e(9K9i6;0;!1;~irJZNCsu+9*-%_=SKKjS|JdUkKRL
zC{Y~d@y2_`2!3cvfUQxY*fu4=)hJQypAw)oN)*rVc;nq_1i$<%0fP+^#e04&V5~tx
z!><Lr_NIWz1__gI3V7)^0>&GpgnP;ew!I~wmz4FEfWvPI_+q0(ar7+#!;KQfmw5cx
zTLPM*tnJ3T<Op8-lYmVP62<xN39u3Ud{4m9+XCKfkmy_RI#GnTL4rjTF(ry{HAskx
zA{J+f0ka28_{^qdiFjd_h>C3z#%76FUm{{)8}Wffyu3ifwQUl{7l_!uNW>Va^CA)N
z-63M4Q37NUSSw;`n?%vwD8js5LZDH^51U0aY?CnAEMo315vFYt<Xs}ZvqyxT@Z2Nf
zQ}>GSZj;b=uL#F}k@j`lei4HQMD%WxFmgad{evR)6B-^AvF#xdQBv;1A|C!r5sx=W
zX!}bMUv!9wZkI6W5b=|C5huuVyNG{L`LinGM;;M2^6U}usZPeHuT#Xo_(VF!Cw(H;
z1bJD8`^O0W!y_Vkwo3{3hY@_~<07tYmni=1<02-vONf44#Hap-wWaTGL}*WnXxJ_#
z+@nRX<G6^MO%lcb<G6@|W(kqwA|Cxa5natv!W~%zw|+rHeX~T-{sj@XW{KjlFNkPs
zmeBVF5num%5vC>yeP0xD;Y+LzBVQ6R6cOpzABl+gXupU^lZ2jr5wD(N@#CjNyf`Sr
z-6UabP{iMy7tu>-&WpJJ0;6xcAmU?}c>E<1Pkfo_Pv4hCta(nPW4z%x5x?ip#{0$y
zu6$m^OHC5R`(F?-PI$f`(!0?Jjq#2&g5j4$Sehh?#s5V_Q<Fq-1Aiu1@^ujhNZzlD
zxbm`y8_g2NUlvh)O~ln^36^UjroJn}yhB3tyCTHzF`1aZC*t|*te#`nMT93r+#)ic
z5b>iQi*%lv{IQ77{Y=C#>6f302)`kskI=j!;&;Dbd@v<q_HP)y`8OhR`JG?J`@aZ&
zEh=Kg4vFHsQ4uXWB$$6IqVBgM4(yO%`K^ea--^s`|5n83-xl%E4hbjT7E$p#5s@7d
z#XUDg+}t6-c2mUhn_S0kinwr-<sG>xBLDYH#|nNgqT%<f4g`z;Afjrggpxmq_~ai%
ztk@}`_YWehe-u%_Q=)kP9~qy=|0v=g`E%rtB7Vr9U;m>B^DXvFu$n*D-V$Ns&jeNe
z?7k)9>MbT`g12})!Gd?#Gr|4uuzDVNN5s$g^Nn{zJo>JPrkxVS$h$0_;5Yg6>+g!F
zc~69Qr-a(~M7Z8#I!Q3Xp9kI((fq!MM|VmXe_zCF?~CZ$DIxkkyJPLdPKjdSZ4oDS
zNEDayXM!8}Gr_=Z5fwWnioLf*xOPf^-Z%MQ@+Z)9SEWEta=Zw@k|I7g3uxhgW8$e4
z95-$4>h$V=P;zt4sya)Jtp9Ds%{BY&J66`$$RSPfxfHM8r*5w4Rzo#gw-n}WQbHlM
zv)$V*cXfJwq0Kenpl?IS=~g?H(8^AaGw2WbJG7Nff9D1z)LD0URgK)K_&gnINWZCu
zl}1?It@GManD^&SPWrLGO>%1hr%k8Lr%O)*FiZ6P>&U6mQ;;QkwjgqP@brPR^ut-I
zBVCcc$cc!2vi@Yl$(ED0lW3Em2|!EaKqL@hsUwlm$arKT5{=x7m`|3Tw4AIz893Q>
zvhU=HlOrcbPexDPI$7E;_c!#n^t<~5{eAr>`bYc6`pu_GPgzdYpR%1ga4K-B>r~&V
z6Q@XB#!pS0ik`Z4$~;gyU>T?%unim-2n=)$^bMRC7#SEHhz^vVwwxY4J$8EPbnTh?
zGm$fcXU5K4J!3j6pRGOXKHGEFG-w{IAM6_J9h@4B4w}!Eo|Dhjp0k{*Ki6=s<(%!@
zfpcx=0_VEUoj4acH+Jsoxv6u}bLOGaq57eQp|&CSQ14LR(8$o}(8SQ>5YC&<*PgeW
zx1B$5zUzF?`N;Xf^H<N0pO2oub-r|19&Q+J8Fmi`hWmz3437?v4NneF4Vx~QFIX<r
zUpR1~?LyCm-V1{lMlOtBn7DB30xrrIYcIB3v|S8b?7Dd3V&vl3#j6*mE=Dh!FO^=Z
zztnK4?UMUa@1?#=BbP=mO<bD11Rx+`fF8~=MQS6Kh%Is;(iQ26L?VNctC4Xk_tKLx
z?IHKc0G0db$+44@C#O!D`px~8{`&p{{cZg{{k{Ez{UiP3{S*DS`f*A=ReP%Cl#R;%
z#Hq-su~S!1O`VETxz`Ug473fn2YLtksLUq@CaLDsp0=E}oj!27>vYd)qAOQVkDrd7
zzID3vjC`iyOv@SfnZTL8GbhfBo*6qcd1mU2>8$yz<!t@g183XL_MGiKJ9u{F?D*M<
zv$xJ-P#&xuY#Fo-1_rwZPYgx|#|E#)`it~b+d22S-gABDM$V0%n>aUl4nwA)+9Au3
zZRo&I*HF(;WN2{c>d^R5bm-Pl>3R8l!}*r;?(>23edkY{A3Z;Ie)9a(dDF0Y*fLx{
zd|<e3xM#R`cyM@Rczk$b_|`Bk$QNoav|O-V2wdp8aN<Jb!q|nY7p5*mFPJZuUaY^^
zaIx*8`(p3KzKbIlM=wrXoV<ujrc1S#ESGGT4qWQG)N?6vY4Fn3OXHWKmu_7`kAwkY
zQzLSuA<`0YM*?(gj7G*HlaZ;2>7<#CivuUyPWGJaJvn%C<mC9tiIcZZqF?T>?QiL~
z^#}U9`cL#n`p5dO_D}Uk>G-HW)o`lql>1cgsXjV3CQePB!hmU@cECc%Mb|*jKxANW
zAUZ%sHW}A4?W6kB?$bS|Cr+Ern9tOoX*tt%ruWRBZQ%dDzyB8i0RR6100960|3%)6
H0Fna$bE`H>

diff --git a/lib/go-jinja2/internal/requirements.txt b/lib/go-jinja2/internal/requirements.txt
index f5f0389af..32e2b851b 100644
--- a/lib/go-jinja2/internal/requirements.txt
+++ b/lib/go-jinja2/internal/requirements.txt
@@ -1,6 +1,6 @@
 jinja2==3.1.4
 click==8.1.7
-jsonpath-ng==1.6.1
-pyyaml==6.0.1
+jsonpath-ng==1.7.0
+pyyaml==6.0.2
 python-slugify==8.0.4
-MarkupSafe==2.1.5
\ No newline at end of file
+MarkupSafe==3.0.2

From 3d9ebb30486d48d85dacf98c1df305e4bd57007e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Dec 2024 16:38:42 +0100
Subject: [PATCH 2234/2268] chore(deps): Bump github.com/onsi/gomega from
 1.35.1 to 1.36.1 (#1249)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.35.1 to 1.36.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.35.1...v1.36.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f34aa4eb9..c8ea98fb9 100644
--- a/go.mod
+++ b/go.mod
@@ -56,7 +56,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/ohler55/ojg v1.25.0
-	github.com/onsi/gomega v1.35.1
+	github.com/onsi/gomega v1.36.1
 	github.com/otiai10/copy v1.14.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
diff --git a/go.sum b/go.sum
index 3daca28e6..c2f585ead 100644
--- a/go.sum
+++ b/go.sum
@@ -539,8 +539,8 @@ github.com/ohler55/ojg v1.25.0 h1:sDwc4u4zex65Uz5Nm7O1QwDKTT+YRcpeZQTy1pffRkw=
 github.com/ohler55/ojg v1.25.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
 github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
 github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
-github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
-github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
+github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=

From 328aa2edac275919d9c11b692437de7ad08bd0cf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 17 Dec 2024 16:48:19 +0100
Subject: [PATCH 2235/2268] chore: Update lib dependencies (#1250)

* chore: Fix go-jinja2 dependency

* chore: Update lib dependencies

* chore: Use dummy version fo kluctl/lib dependency
---
 go.mod                        |   2 +-
 lib/go-jinja2/example/main.go |   2 +-
 lib/go.mod                    |  51 ++++++------
 lib/go.sum                    | 147 +++++++++++++---------------------
 4 files changed, 80 insertions(+), 122 deletions(-)

diff --git a/go.mod b/go.mod
index c8ea98fb9..ffa9e4467 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
-	github.com/kluctl/kluctl/lib v0.0.0-20241216101058-0040b94148ed
+	github.com/kluctl/kluctl/lib v0.0.0
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16 // indirect
diff --git a/lib/go-jinja2/example/main.go b/lib/go-jinja2/example/main.go
index b62196951..c8e3f334e 100644
--- a/lib/go-jinja2/example/main.go
+++ b/lib/go-jinja2/example/main.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"fmt"
-	"github.com/kluctl/go-jinja2"
+	"github.com/kluctl/kluctl/lib/go-jinja2"
 )
 
 func main() {
diff --git a/lib/go.mod b/lib/go.mod
index 2f63cf116..07d6148be 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -3,62 +3,59 @@ module github.com/kluctl/kluctl/lib
 go 1.22.0
 
 require (
-	github.com/Masterminds/semver/v3 v3.2.1
+	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/go-errors/errors v1.5.1
 	github.com/go-git/go-git/v5 v5.12.0
-	github.com/go-playground/validator/v10 v10.22.0
+	github.com/go-playground/validator/v10 v10.23.0
 	github.com/gobwas/glob v0.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1
-	github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f
+	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-runewidth v0.0.15
+	github.com/mattn/go-runewidth v0.0.16
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/otiai10/copy v1.14.0
-	github.com/rogpeppe/go-internal v1.12.0
+	github.com/rogpeppe/go-internal v1.13.1
 	github.com/stretchr/testify v1.9.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.25.0
-	golang.org/x/net v0.27.0
-	golang.org/x/sys v0.22.0
-	golang.org/x/text v0.16.0
+	golang.org/x/crypto v0.31.0
+	golang.org/x/net v0.32.0
+	golang.org/x/sys v0.28.0
+	golang.org/x/text v0.21.0
 	gotest.tools v2.2.0+incompatible
-	k8s.io/apimachinery v0.30.2
-	k8s.io/client-go v0.30.2
+	k8s.io/apimachinery v0.31.4
+	k8s.io/client-go v0.31.4
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v1.0.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/cloudflare/circl v1.5.0 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.6.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.2.2 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/lib/go.sum b/lib/go.sum
index a9f502871..83e7b4dcc 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -1,41 +1,40 @@
-dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
-dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
-github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
+dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
+github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
-github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
+github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
-github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
-github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
+github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
+github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
 github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
 github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
-github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
+github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
+github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
@@ -46,12 +45,12 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
+github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -66,10 +65,8 @@ github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1 h1:WIKCwheVCfZsDmhtfVyaG5BZPxshHY/+cv5kLlmfq5Y=
-github.com/kluctl/go-embed-python v0.0.0-3.11.9-20240415-1/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
-github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f h1:DXcOryOSs9LG2xd7LlllWOL8fPA8i4OTXJzHOPtz6hA=
-github.com/kluctl/go-jinja2 v0.0.0-20240708212116-03ee7eefba4f/go.mod h1:O6CJS5+wwnQE4OorQi/fV3eGFye5ian11tjHIYLJzIY=
+github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2 h1:JcYhVgX7jFN8QcoBxx8/kLxUyeUzE/JnGf5ntulNPPM=
+github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -81,12 +78,12 @@ github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
-github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
+github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
 github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
@@ -95,19 +92,21 @@ github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=
-github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
+github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -116,70 +115,32 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
@@ -193,10 +154,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
-k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
-k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
+k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM=
+k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.4 h1:t4QEXt4jgHIkKKlx06+W3+1JOwAFU/2OPiOo7H92eRQ=
+k8s.io/client-go v0.31.4/go.mod h1:kvuMro4sFYIa8sulL5Gi5GFqUPvfH2O/dXuKstbaaeg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

From f789f3f53952712d7738b5da2b106f1054921a4a Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Dec 2024 10:27:01 +0100
Subject: [PATCH 2236/2268] build: Preparing release v2.26.0

---
 docs/gitops/installation.md                      | 2 +-
 docs/kluctl/installation.md                      | 2 +-
 docs/webui/installation.md                       | 8 ++++----
 docs/webui/oidc-azure-ad.md                      | 2 +-
 install/controller/.kluctl-library.yaml          | 2 +-
 install/controller/controller/kustomization.yaml | 2 +-
 install/controller/files.json                    | 2 +-
 install/webui/.kluctl-library.yaml               | 2 +-
 install/webui/webui/kustomization.yaml           | 2 +-
 9 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/gitops/installation.md b/docs/gitops/installation.md
index 0d8b3f694..c37dd400f 100644
--- a/docs/gitops/installation.md
+++ b/docs/gitops/installation.md
@@ -28,5 +28,5 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.25.1
+        tag: v2.26.0
 ```
diff --git a/docs/kluctl/installation.md b/docs/kluctl/installation.md
index 22c4ab618..b57b75fcc 100644
--- a/docs/kluctl/installation.md
+++ b/docs/kluctl/installation.md
@@ -114,7 +114,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/controller
       ref:
-        tag: v2.25.1
+        tag: v2.26.0
 ```
 
 ## Installing the Kluctl Webui
diff --git a/docs/webui/installation.md b/docs/webui/installation.md
index 68a67b3f6..8c5c0085a 100644
--- a/docs/webui/installation.md
+++ b/docs/webui/installation.md
@@ -19,7 +19,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.1
+        tag: v2.26.0
 ```
 
 ## Login
@@ -61,7 +61,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.1
+        tag: v2.26.0
     vars:
       - values:
           webui_args:
@@ -82,7 +82,7 @@ deployments:
     vars:
       - values:
           args:
-            kluctl_version: v2.25.1
+            kluctl_version: v2.26.0
 ```
 
 ### Passing arguments
@@ -95,7 +95,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-        tag: v2.25.1
+        tag: v2.26.0
     vars:
       - values:
           webui_args:
diff --git a/docs/webui/oidc-azure-ad.md b/docs/webui/oidc-azure-ad.md
index 843212059..ecad76f2b 100644
--- a/docs/webui/oidc-azure-ad.md
+++ b/docs/webui/oidc-azure-ad.md
@@ -59,7 +59,7 @@ deployments:
       url: https://github.com/kluctl/kluctl.git
       subDir: install/webui
       ref:
-         tag: v2.25.1
+         tag: v2.26.0
     vars:
       - values:
           args:
diff --git a/install/controller/.kluctl-library.yaml b/install/controller/.kluctl-library.yaml
index 90e987e2d..bf0becc12 100644
--- a/install/controller/.kluctl-library.yaml
+++ b/install/controller/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.25.1
+    default: v2.26.0
   - name: controller_args
     default: []
   - name: controller_envs
diff --git a/install/controller/controller/kustomization.yaml b/install/controller/controller/kustomization.yaml
index 1b01973d9..e2fae6614 100644
--- a/install/controller/controller/kustomization.yaml
+++ b/install/controller/controller/kustomization.yaml
@@ -1,6 +1,6 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
 # TODO remove controller_version
-{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.25.1") %}
+{% set kluctl_version = get_var(["args.kluctl_version", "args.controller_version"], "v2.26.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:
diff --git a/install/controller/files.json b/install/controller/files.json
index a33427ebd..18375ef86 100644
--- a/install/controller/files.json
+++ b/install/controller/files.json
@@ -1,5 +1,5 @@
 {
-  "contentHash": "6addace030e764b304a624c725ea3f002320caa5cc8b62fc1c6394ab9221ff89",
+  "contentHash": "d25aab2e585a7cb9b3b36e439b6aa1edf73e816c1b87d0461c703f4efb2ebffa",
   "files": [
     {
       "name": ".kluctl-library.yaml",
diff --git a/install/webui/.kluctl-library.yaml b/install/webui/.kluctl-library.yaml
index 395b54dd1..fc4c8fd94 100644
--- a/install/webui/.kluctl-library.yaml
+++ b/install/webui/.kluctl-library.yaml
@@ -2,7 +2,7 @@ args:
   - name: kluctl_image
     default: ghcr.io/kluctl/kluctl
   - name: kluctl_version
-    default: v2.25.1
+    default: v2.26.0
   - name: webui_args
     default: []
   - name: webui_envs
diff --git a/install/webui/webui/kustomization.yaml b/install/webui/webui/kustomization.yaml
index 2704b5cff..6f3c4537b 100644
--- a/install/webui/webui/kustomization.yaml
+++ b/install/webui/webui/kustomization.yaml
@@ -1,5 +1,5 @@
 {% set kluctl_image = get_var("args.kluctl_image", "ghcr.io/kluctl/kluctl") %}
-{% set kluctl_version = get_var("args.kluctl_version", "v2.25.1") %}
+{% set kluctl_version = get_var("args.kluctl_version", "v2.26.0") %}
 {% set pull_policy = "Always" if ("-devel" in kluctl_version or "-snapshot" in kluctl_version) else "IfNotPresent" %}
 
 resources:

From 638c896f523b21b5bcc8b4c36921845f854948c3 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Dec 2024 11:36:37 +0100
Subject: [PATCH 2237/2268] docs: Improve docs about args via environment
 variables (#1252)

* docs: Move --only-names into misc category

* docs: Improve docs about args via environment variables
---
 cmd/kluctl/commands/cmd_list_targets.go       |  2 +-
 docs/kluctl/commands/common-arguments.md      | 48 ++++++++++++++++++-
 docs/kluctl/commands/environment-variables.md |  5 +-
 docs/kluctl/commands/list-targets.md          |  1 +
 4 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_list_targets.go b/cmd/kluctl/commands/cmd_list_targets.go
index 560e10081..909530679 100644
--- a/cmd/kluctl/commands/cmd_list_targets.go
+++ b/cmd/kluctl/commands/cmd_list_targets.go
@@ -13,7 +13,7 @@ type listTargetsCmd struct {
 	args.ProjectFlags
 	args.OutputFlags
 
-	OnlyNames bool `group:"list-targets" help:"If provided --only-names will only output "`
+	OnlyNames bool `group:"misc" help:"If provided --only-names will only output "`
 }
 
 func (cmd *listTargetsCmd) Help() string {
diff --git a/docs/kluctl/commands/common-arguments.md b/docs/kluctl/commands/common-arguments.md
index 92e13ef7e..7c0f1b1a9 100644
--- a/docs/kluctl/commands/common-arguments.md
+++ b/docs/kluctl/commands/common-arguments.md
@@ -174,6 +174,26 @@ Git arguments:
 ```
 <!-- END SECTION -->
 
+All the arguments from above can also be passed via [environment variables](./environment-variables.md). For example:
+
+```shell
+# for http(s) username/password auth
+export KLUCTL_GIT_0_HOST="github.com"
+export KLUCTL_GIT_0_USERNAME="my-user"
+export KLUCTL_GIT_0_PASSWORD="my-password"
+# in case you have self-signed certs or other non-standard CAs
+export KLUCTL_GIT_0_CA_BUNDLE="/path/to/ca/bundle"
+
+# for ssh auth
+export KLUCTL_GIT_1_HOST="gitlab.com"
+export KLUCTL_GIT_1_SSH_KEY="/path/to/ssh/key"
+# optionally specify path glob to limit this credentials set to only a defined set of repos (can also be used with http auth)
+export KLUCTL_GIT_1_PATH="my-org/*"
+```
+
+In addition to the provided credentials, Kluctl will also try to use default Git authentication mechanisms like git
+credentials helpers, default SSH keys and SSH agents.
+
 ## Helm arguments
 
 These arguments mainly control authentication to Helm repositories.
@@ -221,6 +241,19 @@ Helm arguments:
 ```
 <!-- END SECTION -->
 
+All the arguments from above can also be passed via [environment variables](./environment-variables.md). For example:
+
+```shell
+# for http(s) username/password auth
+export KLUCTL_HELM_0_HOST="gitlab.com"
+export KLUCTL_HELM_0_USERNAME="my-user"
+export KLUCTL_HELM_0_PASSWORD="my-password"
+export KLUCTL_HELM_0_PATH="api/v4/projects/1111111/packages/helm/stable"
+# in case you have self-signed certs or other non-standard CAs
+export KLUCTL_HELM_0_CA_FILE="/path/to/ca/bundle"
+...
+```
+
 ## Registry arguments
 
 These arguments mainly control authentication to OCI based registries. This is used by the Helm integration and
@@ -260,4 +293,17 @@ Registry arguments:
                                                         the form --registry-username=<registry>/<repo>=<username>.
 
 ```
-<!-- END SECTION -->
\ No newline at end of file
+<!-- END SECTION -->
+
+All the arguments from above can also be passed via [environment variables](./environment-variables.md). For example:
+
+```shell
+# for http(s) username/password auth
+export KLUCTL_REGISTRY_0_HOST="docker.io"
+export KLUCTL_REGISTRY_0_USERNAME="my-user"
+export KLUCTL_REGISTRY_0_PASSWORD="my-password"
+export KLUCTL_REGISTRY_0_PATH="my-org/*"
+# in case you have self-signed certs or other non-standard CAs
+export KLUCTL_REGISTRY_0_CA_FILE="/path/to/ca/bundle"
+...
+```
diff --git a/docs/kluctl/commands/environment-variables.md b/docs/kluctl/commands/environment-variables.md
index d6a020765..4b8db5184 100644
--- a/docs/kluctl/commands/environment-variables.md
+++ b/docs/kluctl/commands/environment-variables.md
@@ -23,7 +23,4 @@ names of the environment variables, e.g. `KLUCTL_ARG_0=name1=value1` and `KLUCTL
 ## Additional environment variables
 A few additional environment variables are supported which do not belong to an option/argument. These are:
 
-1. `KLUCTL_REGISTRY_<idx>_HOST`, `KLUCTL_REGISTRY_<idx>_USERNAME`, and so on. See [OCI authentication](../deployments/oci.md#authentication) for details.
-2. `KLUCTL_HELM_<idx>_HOST`, `KLUCTL_HELM_<idx>_USERNAME`, and so on. See [Helm private repositories](../deployments/helm.md#private-repositories) for details.
-3. `KLUCTL_GIT_<idx>_HOST`, `KLUCTL_GIT_<idx>_USERNAME`, and so on.
-4. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
+1. `KLUCTL_SSH_DISABLE_STRICT_HOST_KEY_CHECKING`. Disable ssh host key checking when accessing git repositories.
diff --git a/docs/kluctl/commands/list-targets.md b/docs/kluctl/commands/list-targets.md
index 52d882321..551d483c8 100644
--- a/docs/kluctl/commands/list-targets.md
+++ b/docs/kluctl/commands/list-targets.md
@@ -25,6 +25,7 @@ The following arguments are available:
 Misc arguments:
   Command specific arguments.
 
+      --only-names           If provided --only-names will only output 
   -o, --output stringArray   Specify output target file. Can be specified multiple times
 
 ```

From 3de358dbc4dfde460b79fbfc0f0059179c34560c Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Dec 2024 11:07:27 +0100
Subject: [PATCH 2238/2268] chore: Don't count python files from jinja2 in
 linguist (#1259)

---
 lib/go-jinja2/.gitattributes | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 lib/go-jinja2/.gitattributes

diff --git a/lib/go-jinja2/.gitattributes b/lib/go-jinja2/.gitattributes
new file mode 100644
index 000000000..eb1b98a73
--- /dev/null
+++ b/lib/go-jinja2/.gitattributes
@@ -0,0 +1 @@
+internal/data/** linguist-vendored

From 1d10c64d6521946e9eb1844bc8ef53e4a69a402d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 19 Dec 2024 14:48:08 +0100
Subject: [PATCH 2239/2268] fix: Use ReadBytes instead of ReadLine

---
 lib/go-jinja2/jinja2_renderer.go | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/lib/go-jinja2/jinja2_renderer.go b/lib/go-jinja2/jinja2_renderer.go
index 623c14b94..c2dc9050d 100644
--- a/lib/go-jinja2/jinja2_renderer.go
+++ b/lib/go-jinja2/jinja2_renderer.go
@@ -246,26 +246,19 @@ func (j *pythonJinja2Renderer) runCmd(jargs *jinja2Cmd) (*jinja2CmdResult, error
 		return nil, fmt.Errorf("failed to write jinja2 cmd args: %w", err)
 	}
 
-	line := bytes.NewBuffer(nil)
-	for true {
-		l, p, err := j.stdoutReader.ReadLine()
-		if err != nil {
-			return nil, fmt.Errorf("failed to read jinja2 cmd result: %w", err)
-		}
-		line.Write(l)
-		if !p {
-			break
-		}
+	line, err := j.stdoutReader.ReadBytes('\n')
+	if err != nil && err != io.EOF {
+		return nil, fmt.Errorf("failed to read jinja2 cmd result: %w", err)
 	}
 
 	if jargs.Opts != nil && jargs.Opts.traceJsonReceive != nil {
 		var m map[string]any
-		_ = json.Unmarshal(line.Bytes(), &m)
+		_ = json.Unmarshal(line, &m)
 		jargs.Opts.traceJsonReceive(m)
 	}
 
 	var result jinja2CmdResult
-	err = json.Unmarshal(line.Bytes(), &result)
+	err = json.Unmarshal(line, &result)
 	if err != nil {
 		return nil, fmt.Errorf("failed to unmarshal jinja2 cmd result: %w", err)
 	}

From de03e0ecd57c42a8884ccd8987666207f8c7f9ea Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 18 Dec 2024 13:44:16 +0100
Subject: [PATCH 2240/2268] chore: Upgrade go-embed-python version

---
 go.mod     |  3 ++-
 go.sum     |  6 ++++--
 lib/go.mod |  5 +++--
 lib/go.sum | 10 ++++++----
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index ffa9e4467..54ada5d22 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	github.com/huandu/xstrings v1.5.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
+	github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1
 	github.com/kluctl/kluctl/lib v0.0.0
 	github.com/mattn/go-colorable v0.1.13
 	github.com/mattn/go-isatty v0.0.20
@@ -193,6 +193,7 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
diff --git a/go.sum b/go.sum
index c2f585ead..7a3c4450a 100644
--- a/go.sum
+++ b/go.sum
@@ -332,6 +332,8 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA
 github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
 github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -459,8 +461,8 @@ github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
 github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
-github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2 h1:JcYhVgX7jFN8QcoBxx8/kLxUyeUzE/JnGf5ntulNPPM=
-github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1 h1:yVXFTxa6cvhLC6TwkDEHmNaiWlDyaFEGiXd1DQdoeOU=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
diff --git a/lib/go.mod b/lib/go.mod
index 07d6148be..7f6c2e6a8 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -12,13 +12,13 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2
+	github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16
 	github.com/mitchellh/reflectwalk v1.0.2
 	github.com/otiai10/copy v1.14.0
 	github.com/rogpeppe/go-internal v1.13.1
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/xanzy/ssh-agent v0.3.3
 	golang.org/x/crypto v0.31.0
 	golang.org/x/net v0.32.0
@@ -43,6 +43,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.6.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
diff --git a/lib/go.sum b/lib/go.sum
index 83e7b4dcc..3d617d97d 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -49,6 +49,8 @@ github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL
 github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -65,8 +67,8 @@ github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2 h1:JcYhVgX7jFN8QcoBxx8/kLxUyeUzE/JnGf5ntulNPPM=
-github.com/kluctl/go-embed-python v0.0.0-3.12.3-20240415-2/go.mod h1:9kqX8IjRCNh4ppXxlKGtLN+QFuvsdSsNGKsTLgdSNRw=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1 h1:yVXFTxa6cvhLC6TwkDEHmNaiWlDyaFEGiXd1DQdoeOU=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -111,8 +113,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=

From f74850976e9c093fde1ae3adfdb8e2886baab5e8 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 10:06:46 +0200
Subject: [PATCH 2241/2268] ci: Ignore gnu.org link in link checking (#1299)

---
 lychee.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lychee.toml b/lychee.toml
index 137061a6a..03ee730f5 100644
--- a/lychee.toml
+++ b/lychee.toml
@@ -99,6 +99,7 @@ headers = []
 exclude = [
     '^https://kubernetes\.io/docs/reference/generated/kubernetes-api/v1\.18/',
     '.*#getvarfieldpath-default', # lychee seems to not understand this one
+    'https://www.gnu.org/software/bash/', # this times out very often, no idea why
 ]
 
 # Exclude these filesystem paths from getting checked.

From 0812685aee39ee0d8170efed520ed05d4b162a35 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 10:25:13 +0200
Subject: [PATCH 2242/2268] chore(deps): Bump filippo.io/age from 1.2.0 to
 1.2.1 (#1256)

Bumps [filippo.io/age](https://github.com/FiloSottile/age) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/FiloSottile/age/releases)
- [Commits](https://github.com/FiloSottile/age/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: filippo.io/age
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 54ada5d22..f4d05eca1 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ replace github.com/kluctl/kluctl/lib => ./lib
 require (
 	cloud.google.com/go/secretmanager v1.14.2
 	dario.cat/mergo v1.0.1
-	filippo.io/age v1.2.0
+	filippo.io/age v1.2.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0
diff --git a/go.sum b/go.sum
index 7a3c4450a..150f042f1 100644
--- a/go.sum
+++ b/go.sum
@@ -28,8 +28,8 @@ cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI
 cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-filippo.io/age v1.2.0 h1:vRDp7pUMaAJzXNIWJVAZnEf/Dyi4Vu4wI8S1LBzufhE=
-filippo.io/age v1.2.0/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
+filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o=
+filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=

From a5fb3562b9502bc715cd972694b07cdbb7370a10 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 10:48:30 +0200
Subject: [PATCH 2243/2268] chore: Upgrade go versiom to 1.24

---
 .github/workflows/nightly.yml       | 2 +-
 .github/workflows/preview-proxy.yml | 2 +-
 .github/workflows/preview-run.yml   | 2 +-
 .github/workflows/release.yml       | 2 +-
 .github/workflows/tests.yml         | 6 +++---
 go.mod                              | 4 ++--
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 1232d1ada..68367793d 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/preview-proxy.yml b/.github/workflows/preview-proxy.yml
index 405c3d2e3..b3a529a52 100644
--- a/.github/workflows/preview-proxy.yml
+++ b/.github/workflows/preview-proxy.yml
@@ -37,7 +37,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - name: Install some tools
         run: |
diff --git a/.github/workflows/preview-run.yml b/.github/workflows/preview-run.yml
index 74da142c3..141e22970 100644
--- a/.github/workflows/preview-run.yml
+++ b/.github/workflows/preview-run.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ba42d14f5..6236ed100 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 31329696e..d758ebd07 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - uses: actions/setup-node@v4
         with:
@@ -115,7 +115,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v3
@@ -173,7 +173,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.24'
           cache-dependency-path: "**/*.sum"
       - uses: actions/setup-python@v5
         with:
diff --git a/go.mod b/go.mod
index f4d05eca1..cec7c5f79 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
 module github.com/kluctl/kluctl/v2
 
-go 1.22.7
+go 1.24
 
-toolchain go1.22.9
+toolchain go1.24.2
 
 replace github.com/kluctl/kluctl/lib => ./lib
 

From d764e41a0b8aee279db9d7c0fffa7b300b152ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1nos=20Gr=C3=A1sl?= <janos.grasl@gmail.com>
Date: Fri, 11 Apr 2025 10:50:57 +0200
Subject: [PATCH 2244/2268] feat(metrics): add last deploy start time metric
 (#1296)

* feat(metrics): add last deploy start time metric

* fix(metrics): fix metric name with _timestamp_seconds

* fix(metrics): use *time.Time instead of int64 and only create start time metric value if last deploy result exists

* fix(metrics): only set start time metrics if parsing last deploy result was successful

* feat(deployment-controller-md): Added description for last deployment start time.
---
 .../v1beta1/kluctldeployment_controller.md    | 35 ++++++++++---------
 .../kluctldeployment_controller.go            | 18 ++++++----
 .../kluctldeployment_controller_status.go     | 12 +++++++
 .../metrics/kluctldeployment_controller.go    | 28 ++++++++++-----
 4 files changed, 61 insertions(+), 32 deletions(-)

diff --git a/docs/gitops/metrics/v1beta1/kluctldeployment_controller.md b/docs/gitops/metrics/v1beta1/kluctldeployment_controller.md
index 9c5163f5f..a54633b3b 100644
--- a/docs/gitops/metrics/v1beta1/kluctldeployment_controller.md
+++ b/docs/gitops/metrics/v1beta1/kluctldeployment_controller.md
@@ -10,20 +10,21 @@ weight: 20
 
 # Exported Metrics References
 
-| Metrics name                | Type      | Description                                                                          |
-|-----------------------------|-----------|--------------------------------------------------------------------------------------|
-| deployment_duration_seconds | Histogram | How long a single deployment takes in seconds.                                       |
-| number_of_changed_objects   | Gauge     | How many objects have been changed by a single deployment.                           |
-| number_of_deleted_objects   | Gauge     | How many objects have been deleted by a single deployment.                           |
-| number_of_errors            | Gauge     | How many errors are related to a single deployment.                                  |
-| number_of_images            | Gauge     | Number of images of a single deployment.                                             |
-| number_of_orphan_objects    | Gauge     | How many orphans are related to a single deployment.                                 |
-| number_of_warnings          | Gauge     | How many warnings are related to a single deployment.                                |
-| prune_duration_seconds      | Histogram | How long a single prune takes in seconds.                                            |
-| validate_duration_seconds   | Histogram | How long a single validate takes in seconds.                                         |
-| deployment_interval_seconds | Gauge     | The configured deployment interval of a single deployment.                           |
-| dry_run_enabled             | Gauge     | Is dry-run enabled for a single deployment.                                          |
-| last_object_status          | Gauge     | Last object status of a single deployment. Zero means failure and one means success. |
-| prune_enabled               | Gauge     | Is pruning enabled for a single deployment.                                          |
-| delete_enabled              | Gauge     | Is deletion enabled for a single deployment.                                         |
-| source_spec                 | Gauge     | The configured source spec of a single deployment exported via labels.               |
+| Metrics name                         | Type      | Description                                                                          |
+|--------------------------------------|-----------|--------------------------------------------------------------------------------------|
+| deployment_duration_seconds          | Histogram | How long a single deployment takes in seconds.                                       |
+| number_of_changed_objects            | Gauge     | How many objects have been changed by a single deployment.                           |
+| number_of_deleted_objects            | Gauge     | How many objects have been deleted by a single deployment.                           |
+| number_of_errors                     | Gauge     | How many errors are related to a single deployment.                                  |
+| number_of_images                     | Gauge     | Number of images of a single deployment.                                             |
+| number_of_orphan_objects             | Gauge     | How many orphans are related to a single deployment.                                 |
+| number_of_warnings                   | Gauge     | How many warnings are related to a single deployment.                                |
+| prune_duration_seconds               | Histogram | How long a single prune takes in seconds.                                            |
+| validate_duration_seconds            | Histogram | How long a single validate takes in seconds.                                         |
+| deployment_interval_seconds          | Gauge     | The configured deployment interval of a single deployment.                           |
+| dry_run_enabled                      | Gauge     | Is dry-run enabled for a single deployment.                                          |
+| last_object_status                   | Gauge     | Last object status of a single deployment. Zero means failure and one means success. |
+| last_deploy_start_timestamp_seconds  | Gauge     | Start time of the last deployment.                                                   |
+| prune_enabled                        | Gauge     | Is pruning enabled for a single deployment.                                          |
+| delete_enabled                       | Gauge     | Is deletion enabled for a single deployment.                                         |
+| source_spec                          | Gauge     | The configured source spec of a single deployment exported via labels.               |
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 711cc2bd3..d417e9a77 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -196,7 +196,10 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 		ctrlResult.Requeue = true
 	}
 
-	finalStatus, reason := r.buildFinalStatus(ctx, obj)
+	finalStatus, reason, startTime := r.buildFinalStatus(ctx, obj)
+	if startTime != nil {
+		internal_metrics.NewKluctlLastDeployStartTime(obj.Namespace, obj.Name).Set(float64(startTime.Unix()))
+	}
 	if reason != kluctlv1.ReconciliationSucceededReason {
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 		err = fmt.Errorf(finalStatus)
@@ -299,7 +302,7 @@ func (r *KluctlDeploymentReconciler) buildResultMessage(summary *result.CommandR
 	return msg
 }
 
-func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (string, string) {
+func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *kluctlv1.KluctlDeployment) (string, string, *time.Time) {
 	log := ctrl.LoggerFrom(ctx)
 
 	var lastDeployResult *result.CommandResultSummary
@@ -318,25 +321,26 @@ func (r *KluctlDeploymentReconciler) buildFinalStatus(ctx context.Context, obj *
 	}
 
 	if lastDeployResult == nil {
-		return "deployment status unknown", kluctlv1.DeployFailedReason
+		return "deployment status unknown", kluctlv1.DeployFailedReason, nil
 	}
+	startTime := &lastDeployResult.Command.StartTime.Time
 
 	msg := r.buildResultMessage(lastDeployResult, "deploy")
 	if obj.Spec.Validate {
 		if lastValidateResult == nil {
-			return msg + " Validation status unknown.", kluctlv1.ValidateFailedReason
+			return msg + " Validation status unknown.", kluctlv1.ValidateFailedReason, startTime
 		}
 		msg += " " + r.buildBaseResultMessage(lastValidateResult.Errors, lastDeployResult.Warnings, "validate")
 	}
 
 	if len(lastDeployResult.Errors) != 0 {
-		return msg, kluctlv1.DeployFailedReason
+		return msg, kluctlv1.DeployFailedReason, startTime
 	}
 	if lastValidateResult != nil && len(lastValidateResult.Errors) != 0 {
-		return msg, kluctlv1.ValidateFailedReason
+		return msg, kluctlv1.ValidateFailedReason, startTime
 	}
 
-	return msg, kluctlv1.ReconciliationSucceededReason
+	return msg, kluctlv1.ReconciliationSucceededReason, startTime
 }
 
 func (r *KluctlDeploymentReconciler) calcTimeout(obj *kluctlv1.KluctlDeployment) time.Duration {
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index b6299dac5..99d6f7596 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -6,11 +6,13 @@ import (
 	"fmt"
 	"github.com/hashicorp/go-multierror"
 	gittypes "github.com/kluctl/kluctl/lib/git/types"
+	"github.com/kluctl/kluctl/lib/yaml"
 	kluctlv1 "github.com/kluctl/kluctl/v2/api/v1beta1"
 	internal_metrics "github.com/kluctl/kluctl/v2/pkg/controllers/metrics"
 	"github.com/kluctl/kluctl/v2/pkg/kluctl_project/target-context"
 	"github.com/kluctl/kluctl/v2/pkg/types/result"
 	"github.com/kluctl/kluctl/v2/pkg/utils/flux_utils/meta"
+	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -35,6 +37,16 @@ func (r *KluctlDeploymentReconciler) patchReadyCondition(ctx context.Context, ob
 
 // patchFail returns the original error + patchErr if required
 func (r *KluctlDeploymentReconciler) patchFail(ctx context.Context, obj *kluctlv1.KluctlDeployment, reason string, err error) error {
+	var lastDeployResult *result.CommandResultSummary
+	if obj.Status.LastDeployResult != nil {
+		parseErr := yaml.ReadYamlBytes(obj.Status.LastDeployResult.Raw, &lastDeployResult)
+		if parseErr != nil {
+			log.Info(fmt.Sprintf("Failed to parse last deploy result: %s", parseErr.Error()))
+		} else {
+			internal_metrics.NewKluctlLastDeployStartTime(obj.Namespace, obj.Name).Set(float64(lastDeployResult.Command.StartTime.Unix()))
+		}
+	}
+
 	internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
 	patchErr := r.patchReadyCondition(ctx, obj, metav1.ConditionFalse, reason, err.Error())
 	if patchErr != nil {
diff --git a/pkg/controllers/metrics/kluctldeployment_controller.go b/pkg/controllers/metrics/kluctldeployment_controller.go
index c0793796f..078486fbb 100644
--- a/pkg/controllers/metrics/kluctldeployment_controller.go
+++ b/pkg/controllers/metrics/kluctldeployment_controller.go
@@ -9,14 +9,15 @@ import (
 const (
 	KluctlDeploymentControllerSubsystem = "kluctldeployments"
 
-	DeploymentIntervalKey = "deployment_interval_seconds"
-	DryRunEnabledKey      = "dry_run_enabled"
-	LastObjectStatusKey   = "last_object_status"
-	PruneEnabledKey       = "prune_enabled"
-	DeleteEnabledKey      = "delete_enabled"
-	SourceSpecKey         = "source_spec"
-	GitSourceSpecKey      = "git_source_spec"
-	OciSourceSpecKey      = "oci_source_spec"
+	DeploymentIntervalKey  = "deployment_interval_seconds"
+	DryRunEnabledKey       = "dry_run_enabled"
+	LastObjectStatusKey    = "last_object_status"
+	LastDeployStartTimeKey = "last_deploy_start_timestamp_seconds"
+	PruneEnabledKey        = "prune_enabled"
+	DeleteEnabledKey       = "delete_enabled"
+	SourceSpecKey          = "source_spec"
+	GitSourceSpecKey       = "git_source_spec"
+	OciSourceSpecKey       = "oci_source_spec"
 )
 
 var (
@@ -38,6 +39,12 @@ var (
 		Help:      "Last object status of a single deployment.",
 	}, []string{"namespace", "name"})
 
+	lastDeployStartTime = prometheus.NewGaugeVec(prometheus.GaugeOpts{
+		Subsystem: KluctlDeploymentControllerSubsystem,
+		Name:      LastDeployStartTimeKey,
+		Help:      "Last start time of a single deployment.",
+	}, []string{"namespace", "name"})
+
 	pruneEnabled = prometheus.NewGaugeVec(prometheus.GaugeOpts{
 		Subsystem: KluctlDeploymentControllerSubsystem,
 		Name:      PruneEnabledKey,
@@ -73,6 +80,7 @@ func init() {
 	metrics.Registry.MustRegister(deploymentInterval)
 	metrics.Registry.MustRegister(dryRunEnabled)
 	metrics.Registry.MustRegister(lastObjectStatus)
+	metrics.Registry.MustRegister(lastDeployStartTime)
 	metrics.Registry.MustRegister(pruneEnabled)
 	metrics.Registry.MustRegister(deleteEnabled)
 	metrics.Registry.MustRegister(sourceSpec)
@@ -90,6 +98,10 @@ func NewKluctlLastObjectStatus(namespace string, name string) prometheus.Gauge {
 	return lastObjectStatus.WithLabelValues(namespace, name)
 }
 
+func NewKluctlLastDeployStartTime(namespace string, name string) prometheus.Gauge {
+	return lastDeployStartTime.WithLabelValues(namespace, name)
+}
+
 func NewKluctlPruneEnabled(namespace string, name string) prometheus.Gauge {
 	return pruneEnabled.WithLabelValues(namespace, name)
 }

From b24fc2eb2b2394dde29d57e2c775ca401793a9d1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 11:09:35 +0200
Subject: [PATCH 2245/2268] fix: Fix errors about non-constant format strings

---
 cmd/kluctl/commands/cmd_helm_update.go         | 2 +-
 pkg/clouds/gcp/fake_clientfactory.go           | 2 +-
 pkg/controllers/kluctldeployment_controller.go | 2 +-
 pkg/deployment/utils/errors_holder.go          | 2 +-
 pkg/sops/decryptor/decryptor.go                | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cmd/kluctl/commands/cmd_helm_update.go b/cmd/kluctl/commands/cmd_helm_update.go
index a3ec3ccdf..3726e4f9c 100644
--- a/cmd/kluctl/commands/cmd_helm_update.go
+++ b/cmd/kluctl/commands/cmd_helm_update.go
@@ -161,7 +161,7 @@ func (cmd *helmUpdateCmd) Run(ctx context.Context) error {
 				out = fmt.Sprintf("%s: Downloading Chart with branch, tag or commit %s into cache", chart.GetChartName(), version.String())
 			}
 			g.RunE(func() error {
-				s := status.Startf(ctx, out)
+				s := status.Start(ctx, out)
 				defer s.Failed()
 				_, err := chart.PullCached(ctx, version)
 				if err != nil {
diff --git a/pkg/clouds/gcp/fake_clientfactory.go b/pkg/clouds/gcp/fake_clientfactory.go
index 6432a7f00..cda437c8b 100644
--- a/pkg/clouds/gcp/fake_clientfactory.go
+++ b/pkg/clouds/gcp/fake_clientfactory.go
@@ -25,7 +25,7 @@ func (f *FakeClientFactory) AccessSecretVersion(ctx context.Context, req *secret
 	}
 
 	errMsg := fmt.Sprintf("secret not found: failed to access secret version: rpc error: code = NotFound desc = secret %s not found", req.Name)
-	return nil, status.Errorf(codes.NotFound, errMsg)
+	return nil, status.Error(codes.NotFound, errMsg)
 }
 
 func (f *FakeClientFactory) SecretManagerClient(ctx context.Context) (AccessSecretVersionInterface, error) {
diff --git a/pkg/controllers/kluctldeployment_controller.go b/pkg/controllers/kluctldeployment_controller.go
index 711cc2bd3..19d07f1c4 100644
--- a/pkg/controllers/kluctldeployment_controller.go
+++ b/pkg/controllers/kluctldeployment_controller.go
@@ -199,7 +199,7 @@ func (r *KluctlDeploymentReconciler) doReconcile(
 	finalStatus, reason := r.buildFinalStatus(ctx, obj)
 	if reason != kluctlv1.ReconciliationSucceededReason {
 		internal_metrics.NewKluctlLastObjectStatus(obj.Namespace, obj.Name).Set(0.0)
-		err = fmt.Errorf(finalStatus)
+		err = fmt.Errorf("%s", finalStatus)
 
 		patchErr = r.patchReadyCondition(ctx, obj, metav1.ConditionFalse, reason, finalStatus)
 		if patchErr != nil {
diff --git a/pkg/deployment/utils/errors_holder.go b/pkg/deployment/utils/errors_holder.go
index df09fb0e5..d1c02f880 100644
--- a/pkg/deployment/utils/errors_holder.go
+++ b/pkg/deployment/utils/errors_holder.go
@@ -76,7 +76,7 @@ func (dew *DeploymentErrorsAndWarnings) AddError(ref k8s.ObjectRef, err error) {
 
 func (dew *DeploymentErrorsAndWarnings) AddApiWarnings(ref k8s.ObjectRef, warnings []k8s2.ApiWarning) {
 	for _, w := range warnings {
-		dew.AddWarning(ref, fmt.Errorf(w.Text))
+		dew.AddWarning(ref, fmt.Errorf("%s", w.Text))
 	}
 }
 
diff --git a/pkg/sops/decryptor/decryptor.go b/pkg/sops/decryptor/decryptor.go
index afb233481..57992694f 100644
--- a/pkg/sops/decryptor/decryptor.go
+++ b/pkg/sops/decryptor/decryptor.go
@@ -618,7 +618,7 @@ func stripRoot(root, path string) string {
 
 func sopsUserErr(msg string, err error) error {
 	if userErr, ok := err.(sops.UserError); ok {
-		err = fmt.Errorf(userErr.UserError())
+		err = fmt.Errorf("%s", userErr.UserError())
 	}
 	return fmt.Errorf("%s: %w", msg, err)
 }

From 61e924f80d2cf057ca51e69f9f64dcc95d831ccc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 15:44:22 +0200
Subject: [PATCH 2246/2268] chore(deps): Bump the k8s-io group across 1
 directory with 4 updates (#1279)

Bumps the k8s-io group with 2 updates in the / directory: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver).


Updates `k8s.io/api` from 0.31.4 to 0.32.2
- [Commits](https://github.com/kubernetes/api/compare/v0.31.4...v0.32.2)

Updates `k8s.io/apiextensions-apiserver` from 0.31.4 to 0.32.2
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.31.4...v0.32.2)

Updates `k8s.io/apimachinery` from 0.31.4 to 0.32.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.31.4...v0.32.2)

Updates `k8s.io/client-go` from 0.31.4 to 0.32.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.31.4...v0.32.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 15 +++++++--------
 go.sum | 38 ++++++++++++++++++--------------------
 2 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/go.mod b/go.mod
index cec7c5f79..5af0d73ae 100644
--- a/go.mod
+++ b/go.mod
@@ -82,10 +82,10 @@ require (
 	google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96
 	google.golang.org/protobuf v1.36.0
 	helm.sh/helm/v3 v3.16.4
-	k8s.io/api v0.31.4
-	k8s.io/apiextensions-apiserver v0.31.4
-	k8s.io/apimachinery v0.31.4
-	k8s.io/client-go v0.31.4
+	k8s.io/api v0.32.3
+	k8s.io/apiextensions-apiserver v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.32.3
 	k8s.io/klog/v2 v2.130.1
 	sigs.k8s.io/cli-utils v0.37.2
 	sigs.k8s.io/controller-runtime v0.19.3
@@ -225,7 +225,6 @@ require (
 	github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -331,12 +330,12 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiserver v0.31.4 // indirect
+	k8s.io/apiserver v0.32.3 // indirect
 	k8s.io/cli-runtime v0.31.4 // indirect
-	k8s.io/component-base v0.31.4 // indirect
+	k8s.io/component-base v0.32.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	k8s.io/kubectl v0.31.4 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	oras.land/oras-go v1.2.6 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 )
diff --git a/go.sum b/go.sum
index 150f042f1..76c1839b2 100644
--- a/go.sum
+++ b/go.sum
@@ -366,8 +366,8 @@ github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
 github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
 github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -429,8 +429,6 @@ github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUq
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
@@ -539,8 +537,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ohler55/ojg v1.25.0 h1:sDwc4u4zex65Uz5Nm7O1QwDKTT+YRcpeZQTy1pffRkw=
 github.com/ohler55/ojg v1.25.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo=
-github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
 github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -877,20 +875,20 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
 helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0=
 helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA=
-k8s.io/api v0.31.4 h1:I2QNzitPVsPeLQvexMEsj945QumYraqv9m74isPDKhM=
-k8s.io/api v0.31.4/go.mod h1:d+7vgXLvmcdT1BCo79VEgJxHHryww3V5np2OYTr6jdw=
-k8s.io/apiextensions-apiserver v0.31.4 h1:FxbqzSvy92Ca9DIs5jqot883G0Ln/PGXfm/07t39LS0=
-k8s.io/apiextensions-apiserver v0.31.4/go.mod h1:hIW9YU8UsqZqIWGG99/gsdIU0Ar45Qd3A12QOe/rvpg=
-k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM=
-k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.4 h1:JbtnTaXVYEAYIHJil6Wd74Wif9sd8jVcBw84kwEmp7o=
-k8s.io/apiserver v0.31.4/go.mod h1:JJjoTjZ9PTMLdIFq7mmcJy2B9xLN3HeAUebW6xZyIP0=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/apiextensions-apiserver v0.32.3 h1:4D8vy+9GWerlErCwVIbcQjsWunF9SUGNu7O7hiQTyPY=
+k8s.io/apiextensions-apiserver v0.32.3/go.mod h1:8YwcvVRMVzw0r1Stc7XfGAzB/SIVLunqApySV5V7Dss=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apiserver v0.32.3 h1:kOw2KBuHOA+wetX1MkmrxgBr648ksz653j26ESuWNY8=
+k8s.io/apiserver v0.32.3/go.mod h1:q1x9B8E/WzShF49wh3ADOh6muSfpmFL0I2t+TG0Zdgc=
 k8s.io/cli-runtime v0.31.4 h1:iczCWiyXaotW+hyF5cWP8RnEYBCzZfJUF6otJ2m9mw0=
 k8s.io/cli-runtime v0.31.4/go.mod h1:0/pRzAH7qc0hWx40ut1R4jLqiy2w/KnbqdaAI2eFG8U=
-k8s.io/client-go v0.31.4 h1:t4QEXt4jgHIkKKlx06+W3+1JOwAFU/2OPiOo7H92eRQ=
-k8s.io/client-go v0.31.4/go.mod h1:kvuMro4sFYIa8sulL5Gi5GFqUPvfH2O/dXuKstbaaeg=
-k8s.io/component-base v0.31.4 h1:wCquJh4ul9O8nNBSB8N/o8+gbfu3BVQkVw9jAUY/Qtw=
-k8s.io/component-base v0.31.4/go.mod h1:G4dgtf5BccwiDT9DdejK0qM6zTK0jwDGEKnCmb9+u/s=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/component-base v0.32.3 h1:98WJvvMs3QZ2LYHBzvltFSeJjEx7t5+8s71P7M74u8k=
+k8s.io/component-base v0.32.3/go.mod h1:LWi9cR+yPAv7cu2X9rZanTiFKB2kHA+JjmhkKjCZRpI=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
@@ -906,8 +904,8 @@ sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg=
 sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco=
 sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
 sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
 sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
 sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=

From 062ec2d1be6980246f9328aa23dd8b88b0f30cf8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 15:44:40 +0200
Subject: [PATCH 2247/2268] chore(deps): Bump
 github.com/distribution/distribution/v3 (#1293)

Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-rc.1 to 3.0.0-rc.4.
- [Release notes](https://github.com/distribution/distribution/releases)
- [Commits](https://github.com/distribution/distribution/compare/v3.0.0-rc.1...v3.0.0-rc.4)

---
updated-dependencies:
- dependency-name: github.com/distribution/distribution/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  59 ++++++++++++++--------------
 go.sum | 122 +++++++++++++++++++++++++++++----------------------------
 2 files changed, 92 insertions(+), 89 deletions(-)

diff --git a/go.mod b/go.mod
index 5af0d73ae..e3d85fd4a 100644
--- a/go.mod
+++ b/go.mod
@@ -10,8 +10,8 @@ require (
 	cloud.google.com/go/secretmanager v1.14.2
 	dario.cat/mergo v1.0.1
 	filippo.io/age v1.2.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.3.1
@@ -27,7 +27,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cyphar/filepath-securejoin v0.3.6
 	github.com/dimchansky/utfbom v1.1.1
-	github.com/distribution/distribution/v3 v3.0.0-rc.1
+	github.com/distribution/distribution/v3 v3.0.0
 	github.com/docker/cli v27.4.0+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
@@ -71,13 +71,13 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/tkrajina/typescriptify-golang-structs v0.2.0
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/net v0.32.0
-	golang.org/x/oauth2 v0.24.0
-	golang.org/x/sync v0.10.0
-	golang.org/x/sys v0.28.0
-	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/net v0.37.0
+	golang.org/x/oauth2 v0.28.0
+	golang.org/x/sync v0.12.0
+	golang.org/x/sys v0.31.0
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484
 	google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96
 	google.golang.org/protobuf v1.36.0
@@ -111,7 +111,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
@@ -184,7 +184,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
@@ -195,7 +195,7 @@ require (
 	github.com/goccy/go-json v0.10.4 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
@@ -214,7 +214,7 @@ require (
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
@@ -266,7 +266,7 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
-	github.com/redis/go-redis/v9 v9.6.1 // indirect
+	github.com/redis/go-redis/v9 v9.7.3 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rubenv/sql-migrate v1.7.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
@@ -291,26 +291,27 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/bridges/prometheus v0.54.0 // indirect
+	go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 // indirect
 	go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect
-	go.opentelemetry.io/contrib/exporters/autoexport v0.54.0 // indirect
+	go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
 	go.opentelemetry.io/otel v1.33.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/prometheus v0.51.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0 // indirect
-	go.opentelemetry.io/otel/log v0.5.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.54.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 // indirect
+	go.opentelemetry.io/otel/log v0.8.0 // indirect
 	go.opentelemetry.io/otel/metric v1.33.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk/log v0.5.0 // indirect
+	go.opentelemetry.io/otel/sdk/log v0.8.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect
 	go.opentelemetry.io/otel/trace v1.33.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
diff --git a/go.sum b/go.sum
index 76c1839b2..485b7ae65 100644
--- a/go.sum
+++ b/go.sum
@@ -34,12 +34,12 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1 h1:DSDNVxqkoXJiko6x8a90zidoYqnYYa6c1MTzDKzKkTo=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1/go.mod h1:zGqV2R4Cr/k8Uye5w+dgQ06WJtEcbQG/8J7BB6hnCr4=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E=
@@ -54,8 +54,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
@@ -216,8 +216,8 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/distribution/distribution/v3 v3.0.0-rc.1 h1:6M4ewmPBUhF7wtQ8URLOQ1W/PQuVKiD1u8ymwLDUGqQ=
-github.com/distribution/distribution/v3 v3.0.0-rc.1/go.mod h1:tFjaPDeHCrLg28e4feBIy27cP+qmrc/mvkl6MFIfVi4=
+github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM=
+github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc=
@@ -292,8 +292,8 @@ github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwR
 github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -337,8 +337,8 @@ github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeH
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -396,8 +396,8 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -598,8 +598,8 @@ github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJu
 github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
 github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
 github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
-github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
-github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
+github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM=
+github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -693,46 +693,48 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/bridges/prometheus v0.54.0 h1:WWL67oxtknNVMb70lJXxXruf8UyK/a9hmIE1XO3Uedg=
-go.opentelemetry.io/contrib/bridges/prometheus v0.54.0/go.mod h1:LqNcnXmyULp8ertk4hUTVtSUvKXj4h1Mx7gUCSSr/q0=
+go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w=
+go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk=
 go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4=
 go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI=
-go.opentelemetry.io/contrib/exporters/autoexport v0.54.0 h1:dTmcmVm4J54IRPGm5oVjLci1uYat4UDea84E2tyBaAk=
-go.opentelemetry.io/contrib/exporters/autoexport v0.54.0/go.mod h1:zPp5Fwpq2Hc7xMtVttg6GhZMcfTESjVbY9ONw2o/Dc4=
+go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4=
+go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
 go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
 go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0 h1:4d++HQ+Ihdl+53zSjtsCUFDmNMju2FC9qFkUlTxPLqo=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.5.0/go.mod h1:mQX5dTO3Mh5ZF7bPKDkt5c/7C41u/SiDr9XgTpzXXn8=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0 h1:k6fQVDQexDE+3jG2SfCQjnHS7OamcP73YMoxEVq5B6k=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.29.0/go.mod h1:t4BrYLHU450Zo9fnydWlIuswB1bm7rM8havDpWOJeDo=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0 h1:xvhQxJ/C9+RTnAj5DpTg7LSM1vbbMTiXt7e9hsfqHNw=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.29.0/go.mod h1:Fcvs2Bz1jkDM+Wf5/ozBGmi3tQ/c9zPKLnsipnfhGAo=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 h1:dIIDULZJpgdiHz5tXrTgKIMLkus6jEFa7x5SOKcyR7E=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0/go.mod h1:jlRVBe7+Z1wyxFSUs48L6OBQZ5JwH2Hg/Vbl+t9rAgI=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 h1:nSiV3s7wiCam610XcLbYOmMfJxB9gO4uK3Xgv5gmTgg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0/go.mod h1:hKn/e/Nmd19/x1gvIHwtOwVWM+VhuITSWip3JUDghj0=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 h1:JAv0Jwtl01UFiyWZEMiJZBiTlv5A50zNs8lsthXqIio=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0/go.mod h1:QNKLmUEAq2QUbPQUfvw4fmv0bgbK7UlOSFCnXyfvSNc=
-go.opentelemetry.io/otel/exporters/prometheus v0.51.0 h1:G7uexXb/K3T+T9fNLCCKncweEtNEBMTO+46hKX5EdKw=
-go.opentelemetry.io/otel/exporters/prometheus v0.51.0/go.mod h1:v0mFe5Kk7woIh938mrZBJBmENYquyA0IICrlYm4Y0t4=
-go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0 h1:ThVXnEsdwNcxdBO+r96ci1xbF+PgNjwlk457VNuJODo=
-go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.5.0/go.mod h1:rHWcSmC4q2h3gje/yOq6sAOaq8+UHxN/Ru3BbmDXOfY=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0 h1:X3ZjNp36/WlkSYx0ul2jw4PtbNEDDeLskw3VPsrpYM0=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.29.0/go.mod h1:2uL/xnOXh0CHOBFCWXz5u1A4GXLiW+0IQIzVbeOEQ0U=
-go.opentelemetry.io/otel/log v0.5.0 h1:x1Pr6Y3gnXgl1iFBwtGy1W/mnzENoK0w0ZoaeOI3i30=
-go.opentelemetry.io/otel/log v0.5.0/go.mod h1:NU/ozXeGuOR5/mjCRXYbTC00NFJ3NYuraV/7O78F0rE=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI=
+go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU=
+go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s=
+go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk=
+go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8=
 go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
 go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
 go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
 go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/sdk/log v0.5.0 h1:A+9lSjlZGxkQOr7QSBJcuyyYBw79CufQ69saiJLey7o=
-go.opentelemetry.io/otel/sdk/log v0.5.0/go.mod h1:zjxIW7sw1IHolZL2KlSAtrUi8JHttoeiQy43Yl3WuVQ=
+go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs=
+go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo=
 go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU=
 go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q=
 go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
@@ -753,8 +755,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
 golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -772,18 +774,18 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
-golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
-golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -802,20 +804,20 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
 golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

From 4dc8f58cff33b19014827aa57eb8f5e4bd3be259 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 16:51:22 +0200
Subject: [PATCH 2248/2268] chore(deps): Bump the golang-x group across 1
 directory with 4 updates (#1291)

Bumps the golang-x group with 2 updates in the / directory: [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/net` from 0.32.0 to 0.37.0
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.37.0)

Updates `golang.org/x/oauth2` from 0.24.0 to 0.28.0
- [Commits](https://github.com/golang/oauth2/compare/v0.24.0...v0.28.0)

Updates `golang.org/x/sync` from 0.10.0 to 0.12.0
- [Commits](https://github.com/golang/sync/compare/v0.10.0...v0.12.0)

Updates `golang.org/x/sys` from 0.28.0 to 0.31.0
- [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 14 +++++++-------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index e3d85fd4a..650711f54 100644
--- a/go.mod
+++ b/go.mod
@@ -71,13 +71,13 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/tkrajina/typescriptify-golang-structs v0.2.0
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.37.0
-	golang.org/x/oauth2 v0.28.0
-	golang.org/x/sync v0.12.0
-	golang.org/x/sys v0.31.0
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/net v0.39.0
+	golang.org/x/oauth2 v0.29.0
+	golang.org/x/sync v0.13.0
+	golang.org/x/sys v0.32.0
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484
 	google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96
 	google.golang.org/protobuf v1.36.0
diff --git a/go.sum b/go.sum
index 485b7ae65..f2685b3a2 100644
--- a/go.sum
+++ b/go.sum
@@ -755,8 +755,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
 golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -774,18 +774,18 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -804,20 +804,20 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
 golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

From 53504089d67402eebae3527f9869a5a498a78c51 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 16:51:44 +0200
Subject: [PATCH 2249/2268] chore(deps): Bump github.com/docker/cli (#1297)

Bumps [github.com/docker/cli](https://github.com/docker/cli) from 27.4.0+incompatible to 28.0.4+incompatible.
- [Commits](https://github.com/docker/cli/compare/v27.4.0...v28.0.4)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 650711f54..8a35c768e 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.3.6
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0
-	github.com/docker/cli v27.4.0+incompatible
+	github.com/docker/cli v28.0.4+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/evanphx/json-patch/v5 v5.9.0
 	github.com/getsops/sops/v3 v3.9.2
diff --git a/go.sum b/go.sum
index f2685b3a2..9c77cb7f0 100644
--- a/go.sum
+++ b/go.sum
@@ -220,8 +220,8 @@ github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN
 github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc=
-github.com/docker/cli v27.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v28.0.4+incompatible h1:pBJSJeNd9QeIWPjRcV91RVJihd/TXB77q1ef64XEu4A=
+github.com/docker/cli v28.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v27.4.0+incompatible h1:I9z7sQ5qyzO0BfAb9IMOawRkAGxhYsidKiTMcm0DU+A=

From c8424c0664fe0e0f04e15e8bec31c4eca87b003b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Apr 2025 13:46:40 +0000
Subject: [PATCH 2250/2268] chore(deps): Bump the all group across 1 directory
 with 11 updates

Bumps the all group with 6 updates in the /lib directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.12.0` | `5.14.0` |
| [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.23.0` | `10.25.0` |
| [github.com/kluctl/go-embed-python](https://github.com/kluctl/go-embed-python) | `0.0.0-3.11.11-20241219-1` | `0.0.0-3.13.1-20241219-1` |
| [github.com/otiai10/copy](https://github.com/otiai10/copy) | `1.14.0` | `1.14.1` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.31.4` | `0.32.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.31.4` | `0.32.2` |



Updates `github.com/go-git/go-git/v5` from 5.12.0 to 5.14.0
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.12.0...v5.14.0)

Updates `github.com/go-playground/validator/v10` from 10.23.0 to 10.25.0
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.23.0...v10.25.0)

Updates `github.com/kluctl/go-embed-python` from 0.0.0-3.11.11-20241219-1 to 0.0.0-3.13.1-20241219-1
- [Commits](https://github.com/kluctl/go-embed-python/compare/v0.0.0-3.11.11-20241219-1...v0.0.0-3.13.1-20241219-1)

Updates `github.com/otiai10/copy` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](https://github.com/otiai10/copy/compare/v1.14.0...v1.14.1)

Updates `github.com/rogpeppe/go-internal` from 1.13.1 to 1.14.1
- [Release notes](https://github.com/rogpeppe/go-internal/releases)
- [Commits](https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1)

Updates `golang.org/x/crypto` from 0.31.0 to 0.35.0
- [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.35.0)

Updates `golang.org/x/net` from 0.32.0 to 0.35.0
- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.35.0)

Updates `golang.org/x/sys` from 0.28.0 to 0.30.0
- [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.30.0)

Updates `golang.org/x/text` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.21.0...v0.22.0)

Updates `k8s.io/apimachinery` from 0.31.4 to 0.32.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.31.4...v0.32.2)

Updates `k8s.io/client-go` from 0.31.4 to 0.32.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.31.4...v0.32.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/kluctl/go-embed-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/rogpeppe/go-internal
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 lib/go.mod |  44 +++++++++++-----------
 lib/go.sum | 106 ++++++++++++++++++++++++++---------------------------
 2 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/lib/go.mod b/lib/go.mod
index 7f6c2e6a8..da754a13c 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -1,63 +1,65 @@
 module github.com/kluctl/kluctl/lib
 
 go 1.22.0
+toolchain go1.24.1
 
 require (
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/go-errors/errors v1.5.1
-	github.com/go-git/go-git/v5 v5.12.0
-	github.com/go-playground/validator/v10 v10.23.0
+	github.com/go-git/go-git/v5 v5.15.0
+	github.com/go-playground/validator/v10 v10.26.0
 	github.com/gobwas/glob v0.2.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1
+	github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16
 	github.com/mitchellh/reflectwalk v1.0.2
-	github.com/otiai10/copy v1.14.0
-	github.com/rogpeppe/go-internal v1.13.1
+	github.com/otiai10/copy v1.14.1
+	github.com/rogpeppe/go-internal v1.14.1
 	github.com/stretchr/testify v1.10.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.31.0
-	golang.org/x/net v0.32.0
-	golang.org/x/sys v0.28.0
-	golang.org/x/text v0.21.0
+	golang.org/x/crypto v0.37.0
+	golang.org/x/net v0.39.0
+	golang.org/x/sys v0.32.0
+	golang.org/x/text v0.24.0
 	gotest.tools v2.2.0+incompatible
-	k8s.io/apimachinery v0.31.4
-	k8s.io/client-go v0.31.4
+	k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.32.3
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
-	github.com/cloudflare/circl v1.5.0 // indirect
-	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
+	github.com/ProtonMail/go-crypto v1.1.6 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/otiai10/mint v1.6.3 // indirect
+	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
+	github.com/skeema/knownhosts v1.3.1 // indirect
+	golang.org/x/sync v0.13.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 )
diff --git a/lib/go.sum b/lib/go.sum
index 3d617d97d..092cdc701 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -5,48 +5,48 @@ github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
-github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
+github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
-github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
-github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
-github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
+github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
+github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
+github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
-github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
-github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
-github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
+github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
-github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
+github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
+github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
-github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-git/go-git/v5 v5.15.0 h1:f5Qn0W0F7ry1iN0ZwIU5m/n7/BKB4hiZfc+zlZx7ly0=
+github.com/go-git/go-git/v5 v5.15.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
-github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
+github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
@@ -54,8 +54,8 @@ github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeH
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -67,8 +67,8 @@ github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1 h1:yVXFTxa6cvhLC6TwkDEHmNaiWlDyaFEGiXd1DQdoeOU=
-github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
+github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1 h1:x1cSEj4Ug5mpuZgUHLvUmlc5r//KHFn6iYiRSrRcVy4=
+github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -84,14 +84,14 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
-github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
-github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
-github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
-github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
-github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8=
+github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I=
+github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs=
+github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
+github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -100,15 +100,15 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
-github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
+github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -118,15 +118,13 @@ github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -134,14 +132,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -156,11 +154,11 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-k8s.io/apimachinery v0.31.4 h1:8xjE2C4CzhYVm9DGf60yohpNUh5AEBnPxCryPBECmlM=
-k8s.io/apimachinery v0.31.4/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/client-go v0.31.4 h1:t4QEXt4jgHIkKKlx06+W3+1JOwAFU/2OPiOo7H92eRQ=
-k8s.io/client-go v0.31.4/go.mod h1:kvuMro4sFYIa8sulL5Gi5GFqUPvfH2O/dXuKstbaaeg=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From 7be2286791a67e7f6c698efb22d7cc7a3a3084d1 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 16:57:35 +0200
Subject: [PATCH 2251/2268] chore: Update go to 1.24 for kluctl/lib

---
 lib/go.mod | 5 +++--
 lib/go.sum | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/go.mod b/lib/go.mod
index da754a13c..c9bc0d24b 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -1,6 +1,7 @@
 module github.com/kluctl/kluctl/lib
 
-go 1.22.0
+go 1.24
+
 toolchain go1.24.1
 
 require (
@@ -13,7 +14,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0
-	github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1
+	github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16
 	github.com/mitchellh/reflectwalk v1.0.2
diff --git a/lib/go.sum b/lib/go.sum
index 092cdc701..28a8f355f 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -67,8 +67,8 @@ github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1 h1:x1cSEj4Ug5mpuZgUHLvUmlc5r//KHFn6iYiRSrRcVy4=
-github.com/kluctl/go-embed-python v0.0.0-3.13.1-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1 h1:yVXFTxa6cvhLC6TwkDEHmNaiWlDyaFEGiXd1DQdoeOU=
+github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=

From 3c1440d2912ba267595e041be58b28e9c921a092 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 16:58:34 +0200
Subject: [PATCH 2252/2268] chore: Run go mod tidy on root project

---
 go.mod | 25 ++++++++++++------------
 go.sum | 60 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 43 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index 8a35c768e..0fda76604 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/aws/smithy-go v1.22.1
 	github.com/coder/websocket v1.8.12
 	github.com/coreos/go-oidc/v3 v3.11.0
-	github.com/cyphar/filepath-securejoin v0.3.6
+	github.com/cyphar/filepath-securejoin v0.4.1
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0
 	github.com/docker/cli v28.0.4+incompatible
@@ -35,9 +35,9 @@ require (
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1 // indirect
-	github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665
+	github.com/go-git/go-git/v5 v5.15.0
 	github.com/go-logr/logr v1.4.2
-	github.com/go-playground/validator/v10 v10.23.0
+	github.com/go-playground/validator/v10 v10.26.0
 	github.com/gobwas/glob v0.2.3
 	github.com/google/go-containerregistry v0.20.2
 	github.com/google/gops v0.3.28
@@ -57,12 +57,12 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/ohler55/ojg v1.25.0
 	github.com/onsi/gomega v1.36.1
-	github.com/otiai10/copy v1.14.0
+	github.com/otiai10/copy v1.14.1
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.20.5
 	github.com/r3labs/diff/v2 v2.15.1
-	github.com/rogpeppe/go-internal v1.13.1
+	github.com/rogpeppe/go-internal v1.14.1
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
@@ -122,7 +122,7 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
@@ -149,7 +149,7 @@ require (
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
-	github.com/cloudflare/circl v1.5.0 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57 // indirect
@@ -178,11 +178,11 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -200,7 +200,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -255,9 +255,10 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/otiai10/mint v1.6.3 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -274,7 +275,7 @@ require (
 	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
+	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
diff --git a/go.sum b/go.sum
index 9c77cb7f0..169580930 100644
--- a/go.sum
+++ b/go.sum
@@ -85,8 +85,8 @@ github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/
 github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk=
-github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
+github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -171,8 +171,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
 github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
-github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
-github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
@@ -206,8 +206,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
-github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
+github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -238,8 +238,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
+github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
+github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
 github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@@ -266,8 +266,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA=
-github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.9.2 h1:Cuuahc/UGu7W3+NXd+mrl+2oXGxxj/jIPsw6Ah2CbxA=
@@ -278,18 +278,18 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
 github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
-github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
+github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
 github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
-github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
+github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
+github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665 h1:+M6D6MplKwRqmw8b41MArUGFsGTnl24+/S40I0yrhKs=
-github.com/go-git/go-git/v5 v5.12.1-0.20240409060936-cd6633c3c665/go.mod h1:QZbSbsaXQD7v0yvddAhVE2UfW5wGmeqHQ0UnOSr6JYQ=
+github.com/go-git/go-git/v5 v5.15.0 h1:f5Qn0W0F7ry1iN0ZwIU5m/n7/BKB4hiZfc+zlZx7ly0=
+github.com/go-git/go-git/v5 v5.15.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
@@ -316,8 +316,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o=
-github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
+github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -355,8 +355,8 @@ github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcb
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo=
 github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -549,18 +549,18 @@ github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2
 github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA=
 github.com/ory/dockertest/v3 v3.11.0 h1:OiHcxKAvSDUwsEVh2BjxQQc/5EHz9n0va9awCtNGuyA=
 github.com/ory/dockertest/v3 v3.11.0/go.mod h1:VIPxS1gwT9NpPOrfD3rACs8Y9Z7yhzO4SB194iUDnUI=
-github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
-github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
-github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
-github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
+github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8=
+github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I=
+github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs=
+github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
+github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -603,8 +603,8 @@ github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRl
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
 github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
@@ -623,8 +623,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
-github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
+github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
+github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=

From 7e363bafaa1b81c1611438a1ebabcaee758c44af Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 17:26:59 +0200
Subject: [PATCH 2253/2268] fix: Fix non-constant format strings

---
 e2e/test_project/project.go           | 2 +-
 lib/git/auth/env_auth_provider.go     | 7 +++----
 lib/git/messages/message_callbacks.go | 2 +-
 lib/status/status.go                  | 2 +-
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/e2e/test_project/project.go b/e2e/test_project/project.go
index 2b7c90963..27b02f7a8 100644
--- a/e2e/test_project/project.go
+++ b/e2e/test_project/project.go
@@ -557,7 +557,7 @@ func (p *TestProject) KluctlProcess(t *testing.T, argsIn ...string) (string, str
 func (p *TestProject) KluctlProcessMust(t *testing.T, argsIn ...string) (string, string) {
 	stdout, stderr, err := p.KluctlProcess(t, argsIn...)
 	if err != nil {
-		t.Logf(stderr)
+		t.Log(stderr)
 		t.Fatal(fmt.Errorf("kluctl failed: %w", err))
 	}
 	return stdout, stderr
diff --git a/lib/git/auth/env_auth_provider.go b/lib/git/auth/env_auth_provider.go
index 2b0f34199..a0a36be28 100644
--- a/lib/git/auth/env_auth_provider.go
+++ b/lib/git/auth/env_auth_provider.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"context"
-	"fmt"
 	"github.com/gobwas/glob"
 	"github.com/kluctl/kluctl/lib/envutils"
 	"github.com/kluctl/kluctl/lib/git/messages"
@@ -68,13 +67,13 @@ func (a *GitEnvAuthProvider) doBuildList(ctx context.Context) error {
 
 		ssh_key_path, _ := m["SSH_KEY"]
 
-		a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: adding entry host=%s, path=%s, username=%s, ssh_key=%s", e.Host, e.PathStr, e.Username, ssh_key_path))
+		a.MessageCallbacks.Trace("GitEnvAuthProvider: adding entry host=%s, path=%s, username=%s, ssh_key=%s", e.Host, e.PathStr, e.Username, ssh_key_path)
 
 		if ssh_key_path != "" {
 			ssh_key_path = expandHomeDir(ssh_key_path)
 			b, err := os.ReadFile(ssh_key_path)
 			if err != nil {
-				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err))
+				a.MessageCallbacks.Trace("GitEnvAuthProvider: failed to read key %s: %v", ssh_key_path, err)
 			} else {
 				e.SshKey = b
 			}
@@ -84,7 +83,7 @@ func (a *GitEnvAuthProvider) doBuildList(ctx context.Context) error {
 			ca_bundle_path = expandHomeDir(ca_bundle_path)
 			b, err := os.ReadFile(ca_bundle_path)
 			if err != nil {
-				a.MessageCallbacks.Trace(fmt.Sprintf("GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err))
+				a.MessageCallbacks.Trace("GitEnvAuthProvider: failed to read ca bundle %s: %v", ca_bundle_path, err)
 			} else {
 				e.CABundle = b
 			}
diff --git a/lib/git/messages/message_callbacks.go b/lib/git/messages/message_callbacks.go
index e9d8715c4..0ec2839bc 100644
--- a/lib/git/messages/message_callbacks.go
+++ b/lib/git/messages/message_callbacks.go
@@ -26,7 +26,7 @@ func (l MessageCallbacks) AskForPassword(prompt string) (string, error) {
 		return l.AskForPasswordFn(prompt)
 	}
 	err := fmt.Errorf("AskForPasswordFn not provided, skipping prompt: %s", prompt)
-	l.Warning(err.Error())
+	l.Warning("%s", err.Error())
 	return "", err
 }
 
diff --git a/lib/status/status.go b/lib/status/status.go
index 4991464f4..173a62ee9 100644
--- a/lib/status/status.go
+++ b/lib/status/status.go
@@ -108,7 +108,7 @@ func WithStatus(message string) Option {
 }
 
 func WithStatusf(message string, args ...any) Option {
-	return WithStatusf(fmt.Sprintf(message, args...))
+	return WithStatus(fmt.Sprintf(message, args...))
 }
 
 func WithTotal(t int) Option {

From 21c32a338f89d718470b774f47868423f38dcc52 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 11 Apr 2025 18:53:30 +0200
Subject: [PATCH 2254/2268] tests: Don't try commit unchanged files and
 return/check proper authentication errors

Verify changes on the marshalled map and not via reflect.DeepEqual
---
 e2e/gitops_git_include_test.go    |  4 ++--
 e2e/test-utils/test_git_server.go | 27 ++++++++++++---------------
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/e2e/gitops_git_include_test.go b/e2e/gitops_git_include_test.go
index 67a11ebe1..905b2f23d 100644
--- a/e2e/gitops_git_include_test.go
+++ b/e2e/gitops_git_include_test.go
@@ -45,7 +45,7 @@ func (suite *GitOpsIncludesSuite) TestGitOpsGitIncludeDeprecatedSecret() {
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required"))
+		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required: invalid credentials"))
 	})
 
 	secret := corev1.Secret{
@@ -102,7 +102,7 @@ func (suite *GitOpsIncludesSuite) testGitOpsGitIncludeCredentials(legacyGitSourc
 		g.Expect(readinessCondition).ToNot(BeNil())
 		g.Expect(readinessCondition.Status).To(Equal(v1.ConditionFalse))
 		g.Expect(readinessCondition.Reason).To(Equal("PrepareFailed"))
-		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required"))
+		g.Expect(kd.Status.LastPrepareError).To(Equal("failed to clone git source: authentication required: invalid credentials"))
 	})
 
 	createSecret := func(username string, password string) string {
diff --git a/e2e/test-utils/test_git_server.go b/e2e/test-utils/test_git_server.go
index 8a9297eff..23ff128d3 100644
--- a/e2e/test-utils/test_git_server.go
+++ b/e2e/test-utils/test_git_server.go
@@ -1,6 +1,7 @@
 package test_utils
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	config2 "github.com/go-git/go-git/v5/config"
@@ -12,14 +13,12 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"reflect"
 	"sigs.k8s.io/yaml"
 	"strings"
 	"sync"
 	"testing"
 
 	"github.com/go-git/go-git/v5"
-	"github.com/jinzhu/copier"
 )
 
 type TestGitServer struct {
@@ -90,11 +89,13 @@ func (p *TestGitServer) initGitServer() {
 		if p.failWhenAuth {
 			if ok {
 				writer.WriteHeader(http.StatusUnauthorized)
+				_, _ = writer.Write([]byte("forcing test failure"))
 				return
 			}
 		} else if p.authUsername != "" {
 			if p.authUsername != username || p.authPassword != password {
 				writer.WriteHeader(http.StatusUnauthorized)
+				_, _ = writer.Write([]byte("invalid credentials"))
 				return
 			}
 		}
@@ -220,7 +221,7 @@ func (p *TestGitServer) CommitFiles(repo string, add []string, all bool, message
 	return hash
 }
 
-func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o map[string]any) {
+func (p *TestGitServer) CommitFile(repo string, pth string, message string, content []byte) {
 	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 
 	dir, _ := filepath.Split(fullPath)
@@ -231,11 +232,7 @@ func (p *TestGitServer) CommitYaml(repo string, pth string, message string, o ma
 		}
 	}
 
-	b, err := yaml.Marshal(o)
-	if err != nil {
-		p.t.Fatal(err)
-	}
-	err = os.WriteFile(fullPath, b, 0o600)
+	err := os.WriteFile(fullPath, content, 0o600)
 	if err != nil {
 		p.t.Fatal(err)
 	}
@@ -279,13 +276,14 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 	fullPath := filepath.Join(p.LocalWorkDir(repo), pth)
 
 	var o map[string]any
+	var origBytes []byte
 	isNew := false
 	if _, err := os.Stat(fullPath); err == nil {
-		b, err := os.ReadFile(fullPath)
+		origBytes, err = os.ReadFile(fullPath)
 		if err != nil {
 			p.t.Fatal(err)
 		}
-		err = yaml.Unmarshal(b, &o)
+		err = yaml.Unmarshal(origBytes, &o)
 		if err != nil {
 			p.t.Fatal(err)
 		}
@@ -294,20 +292,19 @@ func (p *TestGitServer) UpdateYaml(repo string, pth string, update func(o map[st
 		isNew = true
 	}
 
-	var orig map[string]any
-	err := copier.CopyWithOption(&orig, &o, copier.Option{DeepCopy: true})
+	err := update(o)
 	if err != nil {
 		p.t.Fatal(err)
 	}
 
-	err = update(o)
+	newBytes, err := yaml.Marshal(o)
 	if err != nil {
 		p.t.Fatal(err)
 	}
-	if !isNew && reflect.DeepEqual(o, orig) {
+	if !isNew && bytes.Equal(origBytes, newBytes) {
 		return
 	}
-	p.CommitYaml(repo, pth, message, o)
+	p.CommitFile(repo, pth, message, newBytes)
 }
 
 func (p *TestGitServer) DeleteFile(repo string, pth string, message string) {

From f82049f1dc979befa97e798fbdd46c3d97e4d670 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Apr 2025 14:07:11 +0200
Subject: [PATCH 2255/2268] chore(deps): Bump the aws-sdk group with 6 updates
 (#1301)

Bumps the aws-sdk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.6` | `1.36.3` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.6` | `1.29.14` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.47` | `1.17.67` |
| [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.36.7` | `1.43.3` |
| [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) | `1.34.7` | `1.35.3` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.33.2` | `1.33.19` |


Updates `github.com/aws/aws-sdk-go-v2` from 1.32.6 to 1.36.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.36.3)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.6 to 1.29.14
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.29.14)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.47 to 1.17.67
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.47...credentials/v1.17.67)

Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.36.7 to 1.43.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.36.7...service/ssm/v1.43.3)

Updates `github.com/aws/aws-sdk-go-v2/service/secretsmanager` from 1.34.7 to 1.35.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/sfn/v1.34.7...service/ivs/v1.35.3)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.33.2 to 1.33.19
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/sfn/v1.33.2...service/sns/v1.33.19)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.36.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.29.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.17.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-version: 1.43.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-version: 1.35.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-version: 1.33.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 31 ++++++++++++++--------------
 go.sum | 65 +++++++++++++++++++++++++++-------------------------------
 2 files changed, 45 insertions(+), 51 deletions(-)

diff --git a/go.mod b/go.mod
index 0fda76604..526ae4e8f 100644
--- a/go.mod
+++ b/go.mod
@@ -16,13 +16,13 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
-	github.com/aws/aws-sdk-go-v2 v1.32.6
-	github.com/aws/aws-sdk-go-v2/config v1.28.6
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2
-	github.com/aws/smithy-go v1.22.1
+	github.com/aws/aws-sdk-go-v2 v1.36.3
+	github.com/aws/aws-sdk-go-v2/config v1.29.14
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.67
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19
+	github.com/aws/smithy-go v1.22.2
 	github.com/coder/websocket v1.8.12
 	github.com/coreos/go-oidc/v3 v3.11.0
 	github.com/cyphar/filepath-securejoin v0.4.1
@@ -125,20 +125,20 @@ require (
 	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -227,7 +227,6 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
diff --git a/go.sum b/go.sum
index 169580930..e6091bf8e 100644
--- a/go.sum
+++ b/go.sum
@@ -97,50 +97,50 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
-github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
+github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
-github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
-github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
+github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM=
+github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 h1:iLdpkYZ4cXIQMO7ud+cqMWR1xK5ESbt1rvN77tRi1BY=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43/go.mod h1:OgbsKPAswXDd5kxnR4vZov69p3oYjbvUyIRBAAV0y9o=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 h1:r67ps7oHCYnflpgDy2LZU0MAQtQbYIOqNNnqGO6xQkE=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25/go.mod h1:GrGY+Q4fIokYLtjCVB/aFfCVL6hhGUFl8inD18fDalE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7 h1:R+5XKIJga2K9Dkj0/iQ6fD/MBGo02oxGGFTc512lK/Q=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.36.7/go.mod h1:fDPQV/6ONOQOjvtKhtypIy1wcGLcKYtoK/lvZ9fyDGQ=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3 h1:YyH8Hk73bYzdbvf6S8NF5z/fb/1stpiMnFSfL6jSfRA=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3/go.mod h1:iQ1skgw1XRK+6Lgkb0I9ODatAP72WoTILh0zXQ5DtbU=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 h1:HCpPsWqmYQieU7SS6E9HXfdAMSud0pteVXieJmcpIRI=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6/go.mod h1:ngUiVRCco++u+soRRVBIvBZxSMMvOVMXA4PJ36JLfSw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 h1:BbGDtTi0T1DYlmjBiCr/le3wzhA37O8QTC5/Ab8+EXk=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6/go.mod h1:hLMJt7Q8ePgViKupeymbqI0la+t9/iYFBjxQCFwuAwI=
 github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 h1:dZmNIRtPUvtvUIIDVNpvtnJQ8N8Iqm7SQAxf18htZYw=
 github.com/aws/aws-sdk-go-v2/service/kms v1.37.7/go.mod h1:vj8PlfJH9mnGeIzd6uMLPi5VgiqzGG7AZoe1kf1uTXM=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7 h1:Nyfbgei75bohfmZNxgN27i528dGYVzqWJGlAO6lzXy8=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7/go.mod h1:FG4p/DciRxPgjA+BEOlwRHN0iA8hX2h9g5buSy3cTDA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8=
-github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
-github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3 h1:9bxA21Y62N32bAo4tVYXBhJU+VtCVKPpXEIEsScM0kc=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3/go.mod h1:yGhDiLKguA3iFJYxbrQkQiNzuy+ddxesSZYWVeeEH5Q=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
+github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
+github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -435,10 +435,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -865,7 +861,6 @@ gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

From 09d4fff8340660867201fd6bbb004b9dd541775e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Apr 2025 14:07:24 +0200
Subject: [PATCH 2256/2268] chore(deps): Bump the azure-sdk group with 3
 updates (#1302)

Bumps the azure-sdk group with 3 updates: [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go), [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) and [github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets](https://github.com/Azure/azure-sdk-for-go).


Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.17.1 to 1.18.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.17.1...sdk/azcore/v1.18.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.8.2 to 1.9.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azidentity/v1.8.2...sdk/azcore/v1.9.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.0...sdk/azcore/v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure-sdk
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: azure-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 12 ++++++------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index 526ae4e8f..652f0c2a6 100644
--- a/go.mod
+++ b/go.mod
@@ -10,9 +10,9 @@ require (
 	cloud.google.com/go/secretmanager v1.14.2
 	dario.cat/mergo v1.0.1
 	filippo.io/age v1.2.1
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
@@ -107,11 +107,11 @@ require (
 	cloud.google.com/go/monitoring v1.22.0 // indirect
 	cloud.google.com/go/storage v1.48.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
diff --git a/go.sum b/go.sum
index e6091bf8e..8f9ae37c8 100644
--- a/go.sum
+++ b/go.sum
@@ -34,28 +34,28 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1 h1:DSDNVxqkoXJiko6x8a90zidoYqnYYa6c1MTzDKzKkTo=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1/go.mod h1:zGqV2R4Cr/k8Uye5w+dgQ06WJtEcbQG/8J7BB6hnCr4=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 h1:OVoM452qUFBrX+URdH3VpR299ma4kfom0yB0URYky9g=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0/go.mod h1:kUjrAo8bgEwLeZ/CmHqNl3Z/kPm7y6FKfxxK0izYUg4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0/go.mod h1:Wjo+24QJVhhl/L7jy6w9yzFF2yDOf3cKECAa8ecf9vE=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 h1:WLUIpeyv04H0RCcQHaA4TNoyrQ39Ox7V+re+iaqzTe0=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0/go.mod h1:hd8hTTIY3VmUVPRHNH7GVCHO3SHgXkJKZHReby/bnUQ=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 h1:mrkDCdkMsD4l9wjFGhofFHFrV43Y3c53RSLKOCJ5+Ow=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1/go.mod h1:hPv41DbqMmnxcGralanA/kVlfdH5jv3T4LxGku2E1BY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1/go.mod h1:Vih/3yc6yac2JzU4hzpaDupBJP0Flaia9rXXrU8xyww=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
@@ -446,8 +446,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
-github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
+github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
+github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=

From d1cff30fef27c22edc9c644b66bf2760bd066bda Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Apr 2025 14:07:45 +0200
Subject: [PATCH 2257/2268] chore(deps): Bump sigs.k8s.io/kustomize/api from
 0.18.0 to 0.19.0 (#1305)

Bumps [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) from 0.18.0 to 0.19.0.
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](https://github.com/kubernetes-sigs/kustomize/compare/api/v0.18.0...api/v0.19.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 652f0c2a6..43ae29831 100644
--- a/go.mod
+++ b/go.mod
@@ -89,8 +89,8 @@ require (
 	k8s.io/klog/v2 v2.130.1
 	sigs.k8s.io/cli-utils v0.37.2
 	sigs.k8s.io/controller-runtime v0.19.3
-	sigs.k8s.io/kustomize/api v0.18.0
-	sigs.k8s.io/kustomize/kyaml v0.18.1
+	sigs.k8s.io/kustomize/api v0.19.0
+	sigs.k8s.io/kustomize/kyaml v0.19.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 8f9ae37c8..e9f974310 100644
--- a/go.sum
+++ b/go.sum
@@ -903,10 +903,10 @@ sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8b
 sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
-sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo=
-sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U=
-sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E=
-sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo=
+sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
+sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
+sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
+sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

From dd476f526e5470b4e5f397ab50ed2cc97435aa2e Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Thu, 17 Apr 2025 15:04:17 +0200
Subject: [PATCH 2258/2268] tests: Try to fix flakiness in
 TestDeployCRDUnordered by using fresh clusters in each try

---
 e2e/crds_test.go | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/e2e/crds_test.go b/e2e/crds_test.go
index a329a1aee..854048fe1 100644
--- a/e2e/crds_test.go
+++ b/e2e/crds_test.go
@@ -55,16 +55,23 @@ func prepareCRDsTest(t *testing.T, k *test_utils.EnvTestCluster, crds bool, barr
 func TestDeployCRDUnordered(t *testing.T) {
 	t.Parallel()
 
-	k := createTestCluster(t, "cluster1")
-	p := prepareCRDsTest(t, k, true, false)
-
 	for i := 0; i < 100; i++ {
-		stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test1")
-		if err != nil && strings.Contains(err.Error(), "command failed") && strings.Contains(stdout, `no matches for kind "CronTab" in version`) {
-			// success
+		success := func() bool {
+			k := createTestCluster(t, "cluster1")
+			defer k.Stop()
+
+			p := prepareCRDsTest(t, k, true, false)
+
+			stdout, _, err := p.Kluctl(t, "deploy", "--yes", "-t", "test1")
+			if err != nil && strings.Contains(err.Error(), "command failed") && strings.Contains(stdout, `no matches for kind "CronTab" in version`) {
+				// success
+				return true
+			}
+			return false
+		}()
+		if success {
 			return
 		}
-		p.KluctlMust(t, "delete", "--yes", "-t", "test1")
 	}
 
 	t.Errorf("could not cause missing CRD error")

From a9710255b5d9503589fe04a979def968c1a91efd Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 18 Apr 2025 00:37:05 +0200
Subject: [PATCH 2259/2268] tests: Add more logging to testWaitReadiness

---
 e2e/readiness_test.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/e2e/readiness_test.go b/e2e/readiness_test.go
index c518dbfcc..ce9bd49e2 100644
--- a/e2e/readiness_test.go
+++ b/e2e/readiness_test.go
@@ -49,13 +49,19 @@ func testWaitReadiness(t *testing.T, fn func(p *test_project.TestProject)) {
 	assertConfigMapExists(t, k, p.TestSlug(), "cm2")
 	assertConfigMapNotExists(t, k, p.TestSlug(), "cm3")
 
+	tt := time.Now()
+	t.Logf("testReadiness: starting background goroutine startTime=%s", tt.String())
+
 	// we run a goroutine in the background that will wait for a few seconds and then annotate kluctl.io/is-ready=true,
 	// which will then cause the hook to get ready
 	go func() {
+		t.Logf("testReadiness (goroutine): begin elapsed=%s", time.Now().Sub(tt).String())
 		time.Sleep(3 * time.Second)
+		t.Logf("testReadiness (goroutine): patching elapsed=%s", time.Now().Sub(tt).String())
 		patchConfigMap(t, k, p.TestSlug(), "cm2", func(o *uo.UnstructuredObject) {
 			o.SetK8sAnnotation("kluctl.io/is-ready", "true")
 		})
+		t.Logf("testReadiness (goroutine): done elapsed=%s", time.Now().Sub(tt).String())
 	}()
 
 	p.KluctlMust(t, "deploy", "--yes", "-t", "test")

From 72805eb1e7548732809c0b1c0cb499acddda3bf7 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 13:14:27 +0200
Subject: [PATCH 2260/2268] fix: Return error instead of nil when command
 result can't be found (#1309)

---
 pkg/results/result-store-secrets.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 80f45eade..817d4b717 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -631,7 +631,7 @@ func (s *ResultStoreSecrets) GetCommandResult(options GetCommandResultOptions) (
 		return nil, err
 	}
 	if len(l.Items) == 0 {
-		return nil, nil
+		return nil, fmt.Errorf("command result with id %s not found", options.Id)
 	}
 
 	secret := l.Items[0]

From bfa83764bc98ea2547de4dcd1e4774a4e7989fd0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 13:14:49 +0200
Subject: [PATCH 2261/2268] fix: Store deployment name/namespace for results in
 annotations instead of labels (#1310)

---
 pkg/results/result-store-secrets.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/results/result-store-secrets.go b/pkg/results/result-store-secrets.go
index 817d4b717..3d4a48ab7 100644
--- a/pkg/results/result-store-secrets.go
+++ b/pkg/results/result-store-secrets.go
@@ -202,8 +202,8 @@ func (s *ResultStoreSecrets) WriteCommandResult(cr *result.CommandResult) error
 		secret.Annotations["kluctl.io/result-project-subdir"] = cr.ProjectKey.SubDir
 	}
 	if cr.KluctlDeployment != nil {
-		secret.Labels["kluctl.io/result-deployment-name"] = cr.KluctlDeployment.Name
-		secret.Labels["kluctl.io/result-deployment-namespace"] = cr.KluctlDeployment.Namespace
+		secret.Annotations["kluctl.io/result-deployment-name"] = cr.KluctlDeployment.Name
+		secret.Annotations["kluctl.io/result-deployment-namespace"] = cr.KluctlDeployment.Namespace
 	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))
@@ -291,8 +291,8 @@ func (s *ResultStoreSecrets) WriteValidateResult(vr *result.ValidateResult) erro
 		secret.Annotations["kluctl.io/result-project-subdir"] = vr.ProjectKey.SubDir
 	}
 	if vr.KluctlDeployment != nil {
-		secret.Labels["kluctl.io/result-deployment-name"] = vr.KluctlDeployment.Name
-		secret.Labels["kluctl.io/result-deployment-namespace"] = vr.KluctlDeployment.Namespace
+		secret.Annotations["kluctl.io/result-deployment-name"] = vr.KluctlDeployment.Name
+		secret.Annotations["kluctl.io/result-deployment-namespace"] = vr.KluctlDeployment.Namespace
 	}
 
 	err = s.client.Patch(s.ctx, &secret, client.Apply, client.FieldOwner("kluctl-results"))

From f56ba0f0bd4d10198026e41d47065503cc7187ac Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 18:14:19 +0200
Subject: [PATCH 2262/2268] fix: Immediately patch lastPrepareError instead of
 doing it at the end of the reconciliation (#1315)

---
 .../kluctldeployment_controller_reconcile.go  |  7 ++++--
 .../kluctldeployment_controller_status.go     | 23 +++++++++++++++----
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/pkg/controllers/kluctldeployment_controller_reconcile.go b/pkg/controllers/kluctldeployment_controller_reconcile.go
index cccd5267e..3f1c42ea8 100644
--- a/pkg/controllers/kluctldeployment_controller_reconcile.go
+++ b/pkg/controllers/kluctldeployment_controller_reconcile.go
@@ -182,8 +182,6 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		return false, nil
 	}
 
-	obj.Status.LastPrepareError = ""
-
 	doError := func(resultId string, err error) (bool, error) {
 		err2 := r.patchFailPrepare(ctx, obj, err)
 		if err2 != nil {
@@ -205,6 +203,11 @@ func (r *KluctlDeploymentReconciler) reconcileManualRequest(ctx context.Context,
 		return doError("", err)
 	}
 
+	err = r.patchStatus(ctx, client.ObjectKeyFromObject(obj), func(status *kluctlv1.KluctlDeploymentStatus) error {
+		status.LastPrepareError = ""
+		return nil
+	})
+
 	objectsHash, err := targetContext.DeploymentCollection.CalcObjectsHash()
 	if err != nil {
 		return doError("", err)
diff --git a/pkg/controllers/kluctldeployment_controller_status.go b/pkg/controllers/kluctldeployment_controller_status.go
index 99d6f7596..962ba231e 100644
--- a/pkg/controllers/kluctldeployment_controller_status.go
+++ b/pkg/controllers/kluctldeployment_controller_status.go
@@ -56,15 +56,30 @@ func (r *KluctlDeploymentReconciler) patchFail(ctx context.Context, obj *kluctlv
 }
 
 func (r *KluctlDeploymentReconciler) patchFailPrepare(ctx context.Context, obj *kluctlv1.KluctlDeployment, err error) error {
-	obj.Status.LastPrepareError = err.Error()
+	patchErr1 := r.patchStatus(ctx, client.ObjectKeyFromObject(obj), func(status *kluctlv1.KluctlDeploymentStatus) error {
+		status.LastPrepareError = err.Error()
+		return nil
+	})
+
 	var err2 *multierror.Error
+	var statusErr error
 	if errors2.As(err, &err2) {
 		// prepare errors tend to be extremely long, which makes tools like k9s unusable
-		err = fmt.Errorf("prepare failed with %d errors. Check status.lastPrepareError for details", len(err2.Errors))
+		statusErr = fmt.Errorf("prepare failed with %d errors. Check status.lastPrepareError for details", len(err2.Errors))
 	} else {
-		err = fmt.Errorf("prepare failed. Check status.lastPrepareError for details")
+		statusErr = fmt.Errorf("prepare failed. Check status.lastPrepareError for details")
 	}
-	return r.patchFail(ctx, obj, kluctlv1.PrepareFailedReason, err)
+
+	patchErr2 := r.patchFail(ctx, obj, kluctlv1.PrepareFailedReason, statusErr)
+
+	if patchErr1 != nil {
+		err = multierror.Append(err, patchErr1)
+	}
+	if patchErr2 != nil {
+		err = multierror.Append(err, patchErr2)
+	}
+
+	return err
 }
 
 func (r *KluctlDeploymentReconciler) patchProgressingCondition(ctx context.Context, obj *kluctlv1.KluctlDeployment, message string, keepOldReadyStatus bool) error {

From 3ee3e3625fd30f154f9e8c631a74762f9138e339 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 18:30:49 +0200
Subject: [PATCH 2263/2268] chore: Run go get -u on ./lib

---
 go.mod     |  8 ++++----
 go.sum     | 16 ++++++++--------
 lib/go.mod |  8 ++++----
 lib/go.sum | 16 ++++++++--------
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/go.mod b/go.mod
index 43ae29831..4825f1afa 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1 // indirect
-	github.com/go-git/go-git/v5 v5.15.0
+	github.com/go-git/go-git/v5 v5.16.0
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.26.0
 	github.com/gobwas/glob v0.2.3
@@ -122,7 +122,7 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.4 // indirect
-	github.com/ProtonMail/go-crypto v1.1.6 // indirect
+	github.com/ProtonMail/go-crypto v1.2.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
@@ -178,7 +178,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
 	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
@@ -338,5 +338,5 @@ require (
 	k8s.io/kubectl v0.31.4 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	oras.land/oras-go v1.2.6 // indirect
-	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 )
diff --git a/go.sum b/go.sum
index e9f974310..b19e09d99 100644
--- a/go.sum
+++ b/go.sum
@@ -85,8 +85,8 @@ github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/
 github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
-github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
+github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -266,8 +266,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
+github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
 github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
 github.com/getsops/sops/v3 v3.9.2 h1:Cuuahc/UGu7W3+NXd+mrl+2oXGxxj/jIPsw6Ah2CbxA=
@@ -288,8 +288,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.15.0 h1:f5Qn0W0F7ry1iN0ZwIU5m/n7/BKB4hiZfc+zlZx7ly0=
-github.com/go-git/go-git/v5 v5.15.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9AQ=
+github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
 github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
@@ -901,8 +901,8 @@ sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg=
 sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco=
 sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
 sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
-sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
-sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
 sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
 sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
diff --git a/lib/go.mod b/lib/go.mod
index c9bc0d24b..b81f470fc 100644
--- a/lib/go.mod
+++ b/lib/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
 	github.com/go-errors/errors v1.5.1
-	github.com/go-git/go-git/v5 v5.15.0
+	github.com/go-git/go-git/v5 v5.16.0
 	github.com/go-playground/validator/v10 v10.26.0
 	github.com/gobwas/glob v0.2.3
 	github.com/hashicorp/go-multierror v1.1.1
@@ -35,12 +35,12 @@ require (
 require (
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.6 // indirect
+	github.com/ProtonMail/go-crypto v1.2.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -62,5 +62,5 @@ require (
 	golang.org/x/sync v0.13.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 )
diff --git a/lib/go.sum b/lib/go.sum
index 28a8f355f..3800e46cb 100644
--- a/lib/go.sum
+++ b/lib/go.sum
@@ -5,8 +5,8 @@ github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
-github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
+github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
@@ -25,8 +25,8 @@ github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o
 github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
-github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
+github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
@@ -37,8 +37,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.15.0 h1:f5Qn0W0F7ry1iN0ZwIU5m/n7/BKB4hiZfc+zlZx7ly0=
-github.com/go-git/go-git/v5 v5.15.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9AQ=
+github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -158,7 +158,7 @@ k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
 k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
 k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
-sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
-sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From 7b2136e86251b1ee7ff42217fdc9ebfaad714ebf Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 18:42:16 +0200
Subject: [PATCH 2264/2268] chore: Upgrade multiple packages

---
 go.mod | 260 +++++++++++++-------------
 go.sum | 574 +++++++++++++++++++++++++++++----------------------------
 2 files changed, 419 insertions(+), 415 deletions(-)

diff --git a/go.mod b/go.mod
index 4825f1afa..29dbb0cc7 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.24.2
 replace github.com/kluctl/kluctl/lib => ./lib
 
 require (
-	cloud.google.com/go/secretmanager v1.14.2
+	cloud.google.com/go/secretmanager v1.14.7
 	dario.cat/mergo v1.0.1
 	filippo.io/age v1.2.1
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
@@ -20,54 +20,54 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.29.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.67
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.4
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19
-	github.com/aws/smithy-go v1.22.2
-	github.com/coder/websocket v1.8.12
-	github.com/coreos/go-oidc/v3 v3.11.0
+	github.com/aws/smithy-go v1.22.3
+	github.com/coder/websocket v1.8.13
+	github.com/coreos/go-oidc/v3 v3.14.1
 	github.com/cyphar/filepath-securejoin v0.4.1
 	github.com/dimchansky/utfbom v1.1.1
 	github.com/distribution/distribution/v3 v3.0.0
-	github.com/docker/cli v28.0.4+incompatible
+	github.com/docker/cli v28.1.1+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/evanphx/json-patch/v5 v5.9.0
-	github.com/getsops/sops/v3 v3.9.2
-	github.com/gin-contrib/sessions v1.0.1
+	github.com/evanphx/json-patch/v5 v5.9.11
+	github.com/getsops/sops/v3 v3.10.2
+	github.com/gin-contrib/sessions v1.0.3
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-git/go-git/v5 v5.16.0
 	github.com/go-logr/logr v1.4.2
 	github.com/go-playground/validator/v10 v10.26.0
 	github.com/gobwas/glob v0.2.3
-	github.com/google/go-containerregistry v0.20.2
+	github.com/google/go-containerregistry v0.20.3
 	github.com/google/gops v0.3.28
 	github.com/google/uuid v1.6.0
-	github.com/googleapis/gax-go/v2 v2.14.0
+	github.com/googleapis/gax-go/v2 v2.14.1
 	github.com/hashicorp/go-multierror v1.1.1
-	github.com/hashicorp/vault/api v1.15.0
+	github.com/hashicorp/vault/api v1.16.0
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/huandu/xstrings v1.5.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1
 	github.com/kluctl/kluctl/lib v0.0.0
-	github.com/mattn/go-colorable v0.1.13
+	github.com/mattn/go-colorable v0.1.14
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/ohler55/ojg v1.25.0
-	github.com/onsi/gomega v1.36.1
+	github.com/ohler55/ojg v1.26.3
+	github.com/onsi/gomega v1.37.0
 	github.com/otiai10/copy v1.14.1
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.20.5
+	github.com/prometheus/client_golang v1.22.0
 	github.com/r3labs/diff/v2 v2.15.1
 	github.com/rogpeppe/go-internal v1.14.1
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.8.1
-	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.19.0
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/pflag v1.0.6
+	github.com/spf13/viper v1.20.1
 	github.com/stretchr/testify v1.10.0
 	github.com/tkrajina/typescriptify-golang-structs v0.2.0
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
@@ -78,82 +78,81 @@ require (
 	golang.org/x/sys v0.32.0
 	golang.org/x/term v0.31.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
-	google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484
-	google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96
-	google.golang.org/protobuf v1.36.0
-	helm.sh/helm/v3 v3.16.4
+	google.golang.org/genproto v0.0.0-20250422160041-2d3770c4ea7f
+	google.golang.org/grpc v1.72.0
+	google.golang.org/protobuf v1.36.6
+	helm.sh/helm/v3 v3.17.3
 	k8s.io/api v0.32.3
 	k8s.io/apiextensions-apiserver v0.32.3
 	k8s.io/apimachinery v0.32.3
 	k8s.io/client-go v0.32.3
 	k8s.io/klog/v2 v2.130.1
 	sigs.k8s.io/cli-utils v0.37.2
-	sigs.k8s.io/controller-runtime v0.19.3
+	sigs.k8s.io/controller-runtime v0.20.4
 	sigs.k8s.io/kustomize/api v0.19.0
 	sigs.k8s.io/kustomize/kyaml v0.19.0
-	sigs.k8s.io/structured-merge-diff/v4 v4.5.0
+	sigs.k8s.io/structured-merge-diff/v4 v4.7.0
 	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
-	cel.dev/expr v0.19.1 // indirect
-	cloud.google.com/go v0.117.0 // indirect
-	cloud.google.com/go/auth v0.13.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
+	cel.dev/expr v0.23.1 // indirect
+	cloud.google.com/go v0.120.1 // indirect
+	cloud.google.com/go/auth v0.16.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	cloud.google.com/go/iam v1.3.0 // indirect
-	cloud.google.com/go/kms v1.20.2 // indirect
-	cloud.google.com/go/longrunning v0.6.3 // indirect
-	cloud.google.com/go/monitoring v1.22.0 // indirect
-	cloud.google.com/go/storage v1.48.0 // indirect
+	cloud.google.com/go/iam v1.5.2 // indirect
+	cloud.google.com/go/kms v1.21.2 // indirect
+	cloud.google.com/go/longrunning v0.6.7 // indirect
+	cloud.google.com/go/monitoring v1.24.2 // indirect
+	cloud.google.com/go/storage v1.51.0 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 // indirect
-	github.com/BurntSushi/toml v1.4.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
+	github.com/BurntSushi/toml v1.5.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/hcsshim v0.12.4 // indirect
+	github.com/Microsoft/hcsshim v0.12.9 // indirect
 	github.com/ProtonMail/go-crypto v1.2.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.72 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
-	github.com/bytedance/sonic v1.12.6 // indirect
-	github.com/bytedance/sonic/loader v0.2.1 // indirect
+	github.com/bshuster-repo/logrus-logstash-hook v1.1.0 // indirect
+	github.com/bytedance/sonic v1.13.2 // indirect
+	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
-	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57 // indirect
-	github.com/containerd/containerd v1.7.24 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f // indirect
+	github.com/containerd/containerd v1.7.27 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
@@ -163,36 +162,37 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v27.4.0+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.8.2 // indirect
+	github.com/docker/docker v28.1.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.9.3 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
-	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
+	github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
-	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
+	github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
+	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
-	github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/goccy/go-json v0.10.4 // indirect
+	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
@@ -202,43 +202,42 @@ require (
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.3.0 // indirect
+	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/goware/prefixer v0.0.0-20160118172347-395022866408 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.7 // indirect
-	github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
-	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
+	github.com/hashicorp/golang-lru/arc/v2 v2.0.7 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/magiconair/properties v1.8.9 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -246,85 +245,85 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
-	github.com/moby/term v0.5.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/otiai10/mint v1.6.3 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.61.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect
-	github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.63.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/redis/go-redis/extra/rediscmd/v9 v9.7.3 // indirect
+	github.com/redis/go-redis/extra/redisotel/v9 v9.7.3 // indirect
 	github.com/redis/go-redis/v9 v9.7.3 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/rubenv/sql-migrate v1.7.1 // indirect
+	github.com/rubenv/sql-migrate v1.8.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/sagikazarmark/locafero v0.6.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.9.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.7.0 // indirect
+	github.com/spf13/afero v1.14.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tkrajina/go-reflector v0.5.8 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/urfave/cli v1.22.16 // indirect
-	github.com/vbatts/tar-split v0.11.6 // indirect
+	github.com/vbatts/tar-split v0.12.1 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/zeebo/errs v1.4.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.33.0 // indirect
-	go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.33.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/prometheus v0.54.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 // indirect
-	go.opentelemetry.io/otel/log v0.8.0 // indirect
-	go.opentelemetry.io/otel/metric v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk/log v0.8.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.33.0 // indirect
-	go.opentelemetry.io/otel/trace v1.33.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+	go.opentelemetry.io/contrib/bridges/prometheus v0.60.0 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect
+	go.opentelemetry.io/contrib/exporters/autoexport v0.60.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.11.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.11.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.57.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.11.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0 // indirect
+	go.opentelemetry.io/otel/log v0.11.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
+	go.opentelemetry.io/otel/sdk/log v0.11.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/arch v0.12.0 // indirect
-	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect
-	golang.org/x/time v0.8.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/api v0.212.0 // indirect
+	golang.org/x/arch v0.16.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
+	google.golang.org/api v0.229.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250422160041-2d3770c4ea7f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250422160041-2d3770c4ea7f // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -332,11 +331,12 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.32.3 // indirect
-	k8s.io/cli-runtime v0.31.4 // indirect
+	k8s.io/cli-runtime v0.32.3 // indirect
 	k8s.io/component-base v0.32.3 // indirect
-	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
-	k8s.io/kubectl v0.31.4 // indirect
-	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	k8s.io/kubectl v0.32.3 // indirect
+	k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e // indirect
 	oras.land/oras-go v1.2.6 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
 )
diff --git a/go.sum b/go.sum
index b19e09d99..e0311145d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,31 +1,31 @@
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
 c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
-cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4=
-cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
-cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s=
-cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc=
-cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs=
-cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q=
-cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
-cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
+cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg=
+cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
+cloud.google.com/go v0.120.1 h1:Z+5V7yd383+9617XDCyszmK5E4wJRJL+tquMfDj9hLM=
+cloud.google.com/go v0.120.1/go.mod h1:56Vs7sf/i2jYM6ZL9NYlC82r04PThNcPS5YgFmb0rp8=
+cloud.google.com/go/auth v0.16.0 h1:Pd8P1s9WkcrBE2n/PhAwKsdrR35V3Sg2II9B+ndM3CU=
+cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI=
+cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
+cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU=
-cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY=
-cloud.google.com/go/kms v1.20.2 h1:NGTHOxAyhDVUGVU5KngeyGScrg2D39X76Aphe6NC7S0=
-cloud.google.com/go/kms v1.20.2/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc=
-cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk=
-cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM=
-cloud.google.com/go/longrunning v0.6.3 h1:A2q2vuyXysRcwzqDpMMLSI6mb6o39miS52UEG/Rd2ng=
-cloud.google.com/go/longrunning v0.6.3/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI=
-cloud.google.com/go/monitoring v1.22.0 h1:mQ0040B7dpuRq1+4YiQD43M2vW9HgoVxY98xhqGT+YI=
-cloud.google.com/go/monitoring v1.22.0/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU=
-cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8=
-cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw=
-cloud.google.com/go/storage v1.48.0 h1:FhBDHACbVtdPx7S/AbcKujPWiHvfO6F8OXGgCEbB2+o=
-cloud.google.com/go/storage v1.48.0/go.mod h1:aFoDYNMAjv67lp+xcuZqjUKv/ctmplzQ3wJgodA7b+M=
-cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI=
-cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io=
+cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8=
+cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE=
+cloud.google.com/go/kms v1.21.2 h1:c/PRUSMNQ8zXrc1sdAUnsenWWaNXN+PzTXfXOcSFdoE=
+cloud.google.com/go/kms v1.21.2/go.mod h1:8wkMtHV/9Z8mLXEXr1GK7xPSBdi6knuLXIhqjuWcI6w=
+cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
+cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
+cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
+cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
+cloud.google.com/go/monitoring v1.24.2 h1:5OTsoJ1dXYIiMiuL+sYscLc9BumrL3CarVLL7dd7lHM=
+cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U=
+cloud.google.com/go/secretmanager v1.14.7 h1:VkscIRzj7GcmZyO4z9y1EH7Xf81PcoiAo7MtlD+0O80=
+cloud.google.com/go/secretmanager v1.14.7/go.mod h1:uRuB4F6NTFbg0vLQ6HsT7PSsfbY7FqHbtJP1J94qxGc=
+cloud.google.com/go/storage v1.51.0 h1:ZVZ11zCiD7b3k+cH5lQs/qcNaoSz3U9I0jgwVzqDlCw=
+cloud.google.com/go/storage v1.51.0/go.mod h1:YEJfu/Ki3i5oHC/7jyTgsGZwdQ8P9hqMqvpi5kRKGgc=
+cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4=
+cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o=
@@ -42,32 +42,33 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0/go.mod h1:Wjo+24QJVhhl/L7jy6w9yzFF2yDOf3cKECAa8ecf9vE=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 h1:Wgf5rZba3YZqeTNJPtvqZoBu1sBN/L4sry+u2U3Y75w=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1/go.mod h1:xxCBG/f/4Vbmh2XQJBsOmNdxWUY5j/s27jujKPbQf14=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 h1:mrkDCdkMsD4l9wjFGhofFHFrV43Y3c53RSLKOCJ5+Ow=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1/go.mod h1:hPv41DbqMmnxcGralanA/kVlfdH5jv3T4LxGku2E1BY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1/go.mod h1:Vih/3yc6yac2JzU4hzpaDupBJP0Flaia9rXXrU8xyww=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
-github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
+github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
-github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 h1:o90wcURuxekmXrtxmYWTyNla0+ZEHhud6DI1ZTxd1vI=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0/go.mod h1:6fTWu4m3jocfUZLYF5KsZC1TUfRvEjs7lM4crme/irw=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0 h1:jJKWl98inONJAr/IZrdFQUWcwUO95DLY1XMD1ZIut+g=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.49.0/go.mod h1:l2fIqmwB+FKSfvn3bAD/0i+AXAxhIZjTK2svT/mgUXs=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 h1:GYUJLfvd++4DMuMhCFLgLXvFwofIxh/qOwoGuS/LTew=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0/go.mod h1:wRbFgBQUVm1YXrvWKofAEmq9HNJTDphbAaJSSX01KUI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 h1:ErKg/3iS1AKcTkf3yixlZ54f9U1rljCkQyEXWUnIUxc=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 h1:fYE9p3esPxA/C0rQ0AHhP0drtPXDRhaWiwg1DPqO7IU=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0 h1:OqVGm6Ei3x5+yZmSJG1Mh2NwHvpVmZ08CB5qJhT9Nuk=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 h1:6/0iUd0xrnX7qt+mLNRwg5c0PGv8wpE8K90ryANQwMI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -81,8 +82,8 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.12.4 h1:Ev7YUMHAHoWNm+aDSPzc5W9s6E2jyL1szpVDJeZ/Rr4=
-github.com/Microsoft/hcsshim v0.12.4/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
+github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg=
+github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
 github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
@@ -99,48 +100,48 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
 github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 h1:zAybnyUQXIZ5mok5Jqwlf58/TFE7uvd3IAsa1aF9cXs=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10/go.mod h1:qqvMj6gHLR/EXWZw4ZbqlPbQUyenf4h82UQUlKc+l14=
 github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM=
 github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43 h1:iLdpkYZ4cXIQMO7ud+cqMWR1xK5ESbt1rvN77tRi1BY=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.43/go.mod h1:OgbsKPAswXDd5kxnR4vZov69p3oYjbvUyIRBAAV0y9o=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.72 h1:PcKMOZfp+kNtJTw2HF2op6SjDvwPBYRvz0Y24PQLUR4=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.72/go.mod h1:vq7/m7dahFXcdzWVOvvjasDI9RcsD3RsTfHmDundJYg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25 h1:r67ps7oHCYnflpgDy2LZU0MAQtQbYIOqNNnqGO6xQkE=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.25/go.mod h1:GrGY+Q4fIokYLtjCVB/aFfCVL6hhGUFl8inD18fDalE=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 h1:ZNTqv4nIdE/DiBfUUfXcLZ/Spcuz+RjeziUtNJackkM=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34/go.mod h1:zf7Vcd1ViW7cPqYWEHLHJkS50X0JS2IKz9Cgaj6ugrs=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3 h1:YyH8Hk73bYzdbvf6S8NF5z/fb/1stpiMnFSfL6jSfRA=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3/go.mod h1:iQ1skgw1XRK+6Lgkb0I9ODatAP72WoTILh0zXQ5DtbU=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6 h1:HCpPsWqmYQieU7SS6E9HXfdAMSud0pteVXieJmcpIRI=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.6/go.mod h1:ngUiVRCco++u+soRRVBIvBZxSMMvOVMXA4PJ36JLfSw=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 h1:lguz0bmOoGzozP9XfRJR1QIayEYo+2vP/No3OfLF0pU=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0/go.mod h1:iu6FSzgt+M2/x3Dk8zhycdIcHjEFb36IS8HVUVFoMg0=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6 h1:BbGDtTi0T1DYlmjBiCr/le3wzhA37O8QTC5/Ab8+EXk=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.6/go.mod h1:hLMJt7Q8ePgViKupeymbqI0la+t9/iYFBjxQCFwuAwI=
-github.com/aws/aws-sdk-go-v2/service/kms v1.37.7 h1:dZmNIRtPUvtvUIIDVNpvtnJQ8N8Iqm7SQAxf18htZYw=
-github.com/aws/aws-sdk-go-v2/service/kms v1.37.7/go.mod h1:vj8PlfJH9mnGeIzd6uMLPi5VgiqzGG7AZoe1kf1uTXM=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0 h1:nyuzXooUNJexRT0Oy0UQY6AhOzxPxhtt4DcBIHyCnmw=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.71.0/go.mod h1:sT/iQz8JK3u/5gZkT+Hmr7GzVZehUMkRZpOaAwYXeGY=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3 h1:9bxA21Y62N32bAo4tVYXBhJU+VtCVKPpXEIEsScM0kc=
-github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.3/go.mod h1:yGhDiLKguA3iFJYxbrQkQiNzuy+ddxesSZYWVeeEH5Q=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 h1:moLQUoVq91LiqT1nbvzDukyqAlCv89ZmwaHw/ZFlFZg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15/go.mod h1:ZH34PJUc8ApjBIfgQCFvkWcUDBtl/WTD+uiYHjd8igA=
+github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 h1:RivOtUH3eEu6SWnUMFHKAW4MqDOzWn1vGQ3S38Y5QMg=
+github.com/aws/aws-sdk-go-v2/service/kms v1.38.3/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2 h1:tWUG+4wZqdMl/znThEk9tcCy8tTMxq8dW0JTgamohrY=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.79.2/go.mod h1:U5SNqwhXB3Xe6F47kXvWihPl/ilGaEDe8HD/50Z9wxc=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.4 h1:EKXYJ8kgz4fiqef8xApu7eH0eae2SrVG+oHCLFybMRI=
+github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.4/go.mod h1:yGhDiLKguA3iFJYxbrQkQiNzuy+ddxesSZYWVeeEH5Q=
 github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
-github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
-github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
+github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -149,58 +150,56 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
+github.com/bshuster-repo/logrus-logstash-hook v1.1.0 h1:o2FzZifLg+z/DN1OFmzTWzZZx/roaqt8IPZCIVco8r4=
+github.com/bshuster-repo/logrus-logstash-hook v1.1.0/go.mod h1:Q2aXOe7rNuPgbBtPCOzYyWDvKX7+FpxE5sRdvcPoui0=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
 github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
-github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
-github.com/bytedance/sonic v1.12.6 h1:/isNmCUF2x3Sh8RAp/4mh4ZGkcFAX/hLrzrK3AvpRzk=
-github.com/bytedance/sonic v1.12.6/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
+github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
+github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E=
-github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
+github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
-github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
 github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
-github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
-github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57 h1:put7Je9ZyxbHtwr7IqGrW4LLVUupJQ2gbsDshKISSgU=
-github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
-github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
-github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
+github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f h1:C5bqEmzEPLsHm9Mv73lSE9e9bKV23aB1vxOsmZrkl3k=
+github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
+github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
-github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
-github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA=
-github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
-github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
-github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
+github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
+github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII=
+github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
+github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=
+github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
 github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
-github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
-github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
+github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
+github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
+github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
+github.com/coreos/go-oidc/v3 v3.14.1 h1:9ePWwfdwC4QKRlCXsJGou56adA/owXczOzwKdOumLqk=
+github.com/coreos/go-oidc/v3 v3.14.1/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@@ -220,18 +219,18 @@ github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN
 github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v28.0.4+incompatible h1:pBJSJeNd9QeIWPjRcV91RVJihd/TXB77q1ef64XEu4A=
-github.com/docker/cli v28.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v28.1.1+incompatible h1:eyUemzeI45DY7eDPuwUcmDyDj1pM98oD5MdSpiItp8k=
+github.com/docker/cli v28.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.4.0+incompatible h1:I9z7sQ5qyzO0BfAb9IMOawRkAGxhYsidKiTMcm0DU+A=
-github.com/docker/docker v27.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
-github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/docker/docker v28.1.1+incompatible h1:49M11BFLsVO1gxY9UX9p/zwkE/rswggs8AdFmXQw51I=
+github.com/docker/docker v28.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
+github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
+github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 h1:EHZfspsnLAz8Hzccd67D5abwLiqoqym2jz/jOS39mCk=
+github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
 github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
@@ -240,18 +239,22 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
 github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
-github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
-github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
+github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/envoyproxy/go-control-plane v0.13.1 h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE=
-github.com/envoyproxy/go-control-plane v0.13.1/go.mod h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw=
-github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
-github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
-github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
-github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
+github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M=
+github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
+github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI=
+github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
+github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
+github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
+github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8=
+github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
+github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
@@ -262,20 +265,20 @@ github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7Dlme
 github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
 github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
-github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe h1:QKe/kmAYbndxwu91TcjHERsnMh5SgOB1x/qicvOdUJ8=
-github.com/getsops/gopgagent v0.0.0-20240527072608-0c14999532fe/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
-github.com/getsops/sops/v3 v3.9.2 h1:Cuuahc/UGu7W3+NXd+mrl+2oXGxxj/jIPsw6Ah2CbxA=
-github.com/getsops/sops/v3 v3.9.2/go.mod h1:J8CMEdmPWT8gxFaNmPBSrc5NFd4uNndf8aFQwhD/ZR8=
-github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
-github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
-github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
-github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e h1:y/1nzrdF+RPds4lfoEpNhjfmzlgZtPqyO3jMzrqDQws=
+github.com/getsops/gopgagent v0.0.0-20241224165529-7044f28e491e/go.mod h1:awFzISqLJoZLm+i9QQ4SgMNHDqljH6jWV0B36V5MrUM=
+github.com/getsops/sops/v3 v3.10.2 h1:7t7lBXFcXJPsDMrpYoI36r8xIhjWUmEc8Qdjuwyo+WY=
+github.com/getsops/sops/v3 v3.10.2/go.mod h1:Dmtg1qKzFsAl+yqvMgjtnLGTC0l7RnSM6DDtFG7TEsk=
+github.com/gin-contrib/sessions v1.0.3 h1:AZ4j0AalLsGqdrKNbbrKcXx9OJZqViirvNGsJTxcQps=
+github.com/gin-contrib/sessions v1.0.3/go.mod h1:5i4XMx4KPtQihnzxEqG9u1K446lO3G19jAi2GtbfsAI=
+github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
+github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
 github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
@@ -292,8 +295,8 @@ github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9
 github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
 github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
-github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
-github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
+github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY=
+github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@@ -304,12 +307,12 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
+github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
 github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
 github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
+github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -329,8 +332,8 @@ github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIx
 github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM=
-github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
 github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
@@ -357,8 +360,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo=
-github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
+github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI=
+github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -366,18 +369,18 @@ github.com/google/gops v0.3.28 h1:2Xr57tqKAmQYRAfG12E+yLcoa2Y42UJo2lOrUFL9ark=
 github.com/google/gops v0.3.28/go.mod h1:6f6+Nl8LcHrzJwi8+p0ii+vmBFSlB4f8cOOkTJ7sk4c=
 github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
 github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
-github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
-github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
-github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
+github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
-github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
-github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
-github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
+github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
+github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q=
+github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
@@ -386,8 +389,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
-github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
@@ -396,8 +399,8 @@ github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce
 github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 h1:e9Rjr40Z98/clHv5Yg79Is0NtosR5LXRvdr7o/6NwbA=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1/go.mod h1:tIxuGz/9mpox++sgp9fJjHO0+q1X9/UOWd798aAm22M=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -411,20 +414,20 @@ github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISH
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc=
-github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 h1:U+kC2dOhMFQctRfhK0gRctKAPTloZdMU5ZJxaesJ/VM=
+github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0/go.mod h1:Ll013mhdmsVDuoIXVfBtvgGJsXDYkTw1kooNcoCXuE0=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
 github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw=
 github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw=
-github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw=
-github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU=
-github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
-github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.7 h1:QxkVTxwColcduO+LP7eJO56r2hFiG8zEbfAAzRv52KQ=
+github.com/hashicorp/golang-lru/arc/v2 v2.0.7/go.mod h1:Pe7gBlGdc8clY5LJ0LpJXMt5AmgmWNH1g+oFFVUHOEc=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
-github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
+github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
+github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
@@ -450,11 +453,11 @@ github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRt
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
-github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1 h1:yVXFTxa6cvhLC6TwkDEHmNaiWlDyaFEGiXd1DQdoeOU=
 github.com/kluctl/go-embed-python v0.0.0-3.11.11-20241219-1/go.mod h1:3ebNU9QBrNpUO+Hj6bHaGpkh5pymDHQ+wwVPHTE4mCE=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
@@ -479,13 +482,10 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
-github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
-github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
@@ -513,10 +513,12 @@ github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU
 github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
+github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
+github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
 github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
 github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
-github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
-github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
+github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -531,26 +533,26 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.25.0 h1:sDwc4u4zex65Uz5Nm7O1QwDKTT+YRcpeZQTy1pffRkw=
-github.com/ohler55/ojg v1.25.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o=
-github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
-github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
-github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/ohler55/ojg v1.26.3 h1:FwnRP1xj3VdqRVNLoqVVBIzL1D7IjaSbYt2nzJ4lras=
+github.com/ohler55/ojg v1.26.3/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
+github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
+github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
+github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w=
-github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA=
-github.com/ory/dockertest/v3 v3.11.0 h1:OiHcxKAvSDUwsEVh2BjxQQc/5EHz9n0va9awCtNGuyA=
-github.com/ory/dockertest/v3 v3.11.0/go.mod h1:VIPxS1gwT9NpPOrfD3rACs8Y9Z7yhzO4SB194iUDnUI=
+github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
+github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
+github.com/opencontainers/runc v1.2.6 h1:P7Hqg40bsMvQGCS4S7DJYhUZOISMLJOB2iGX5COWiPk=
+github.com/opencontainers/runc v1.2.6/go.mod h1:dOQeFo29xZKBNeRBI0B19mJtfHv68YgCTh1X+YphA+4=
+github.com/ory/dockertest/v3 v3.12.0 h1:3oV9d0sDzlSQfHtIaB5k6ghUCVMVLpAY8hwrqoCyRCw=
+github.com/ory/dockertest/v3 v3.12.0/go.mod h1:aKNDTva3cp8dwOWwb9cWuX84aH5akkxXRvO7KCwWVjE=
 github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8=
 github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I=
 github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs=
 github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
-github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
-github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -572,28 +574,27 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
-github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ=
-github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s=
+github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=
+github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
 github.com/r3labs/diff/v2 v2.15.1 h1:EOrVqPUzi+njlumoqJwiS/TgGgmZo83619FNDB9xQUg=
 github.com/r3labs/diff/v2 v2.15.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc=
-github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho=
-github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U=
-github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc=
-github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ=
-github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.7.3 h1:1AXQZkJkFxGV3f78mSnUI70l0orO6FHnYoSmBos8SZM=
+github.com/redis/go-redis/extra/rediscmd/v9 v9.7.3/go.mod h1:OgkpkwJYex1oyVAabK+VhVUKhUXw8uZUfewJYH1wG90=
+github.com/redis/go-redis/extra/redisotel/v9 v9.7.3 h1:ICBA9xYh+SmZqMfBtjKpp1ohi/V5R1TEZglLZc8IxTc=
+github.com/redis/go-redis/extra/redisotel/v9 v9.7.3/go.mod h1:DMzxd0CDyZ9VFw9sEPIVpIgKTAaubfGuaPQSUaS7/fo=
 github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM=
 github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -601,38 +602,39 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
-github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4=
-github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4=
+github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o=
+github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
-github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk=
-github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0=
-github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
-github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sagikazarmark/locafero v0.9.0 h1:GbgQGNtTrEmddYDSAH9QLRyfAHY12md+8YFTqyMTC9k=
+github.com/sagikazarmark/locafero v0.9.0/go.mod h1:UBUyz37V+EdMS3hDF3QWIiVr/2dPrx49OMO0Bn0hJqk=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
 github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
 github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
-github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
-github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
+github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
+github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
+github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
+github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
+github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
+github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE=
+github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -665,8 +667,8 @@ github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65E
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
 github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
-github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs=
-github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI=
+github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
+github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -685,66 +687,68 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM=
+github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w=
-go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk=
-go.opentelemetry.io/contrib/detectors/gcp v1.33.0 h1:FVPoXEoILwgbZUu4X7YSgsESsAmGRgoYcnXkzgQPhP4=
-go.opentelemetry.io/contrib/detectors/gcp v1.33.0/go.mod h1:ZHrLmr4ikK2AwRj9QL+c9s2SOlgoSRyMpNVzUj2fZqI=
-go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4=
-go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
-go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
-go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8=
-go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI=
-go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU=
-go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU=
-go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU=
-go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s=
-go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk=
-go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8=
-go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
-go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
-go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
-go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs=
-go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo=
-go.opentelemetry.io/otel/sdk/metric v1.33.0 h1:Gs5VK9/WUJhNXZgn8MR6ITatvAmKeIuCtNbsP3JkNqU=
-go.opentelemetry.io/otel/sdk/metric v1.33.0/go.mod h1:dL5ykHZmm1B1nVRk9dDjChwDmt81MjVp3gLkQRwKf/Q=
-go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
-go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
-go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
-go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+go.opentelemetry.io/contrib/bridges/prometheus v0.60.0 h1:x7sPooQCwSg27SjtQee8GyIIRTQcF4s7eSkac6F2+VA=
+go.opentelemetry.io/contrib/bridges/prometheus v0.60.0/go.mod h1:4K5UXgiHxV484efGs42ejD7E2J/sIlepYgdGoPXe7hE=
+go.opentelemetry.io/contrib/detectors/gcp v1.35.0 h1:bGvFt68+KTiAKFlacHW6AhA56GF2rS0bdD3aJYEnmzA=
+go.opentelemetry.io/contrib/detectors/gcp v1.35.0/go.mod h1:qGWP8/+ILwMRIUf9uIVLloR1uo5ZYAslM4O6OqUi1DA=
+go.opentelemetry.io/contrib/exporters/autoexport v0.60.0 h1:GuQXpvSXNjpswpweIem84U9BNauqHHi2w1GtNAalvpM=
+go.opentelemetry.io/contrib/exporters/autoexport v0.60.0/go.mod h1:CkmxekdHco4d7thFJNPQ7Mby4jMBgZUclnrxT4e+ryk=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.11.0 h1:HMUytBT3uGhPKYY/u/G5MR9itrlSO2SMOsSD3Tk3k7A=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.11.0/go.mod h1:hdDXsiNLmdW/9BF2jQpnHHlhFajpWCEYfM6e5m2OAZg=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.11.0 h1:C/Wi2F8wEmbxJ9Kuzw/nhP+Z9XaHYMkyDmXy6yR2cjw=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.11.0/go.mod h1:0Lr9vmGKzadCTgsiBydxr6GEZ8SsZ7Ks53LzjWG5Ar4=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0 h1:QcFwRrZLc82r8wODjvyCbP7Ifp3UANaBSmhDSFjnqSc=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.35.0/go.mod h1:CXIWhUomyWBG/oY2/r/kLp6K/cmx9e/7DLpBuuGdLCA=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.35.0 h1:0NIXxOCFx+SKbhCVxwl3ETG8ClLPAa0KuKV6p3yhxP8=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.35.0/go.mod h1:ChZSJbbfbl/DcRZNc9Gqh6DYGlfjw4PvO1pEOZH1ZsE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk=
+go.opentelemetry.io/otel/exporters/prometheus v0.57.0 h1:AHh/lAP1BHrY5gBwk8ncc25FXWm/gmmY3BX258z5nuk=
+go.opentelemetry.io/otel/exporters/prometheus v0.57.0/go.mod h1:QpFWz1QxqevfjwzYdbMb4Y1NnlJvqSGwyuU0B4iuc9c=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.11.0 h1:k6KdfZk72tVW/QVZf60xlDziDvYAePj5QHwoQvrB2m8=
+go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.11.0/go.mod h1:5Y3ZJLqzi/x/kYtrSrPSx7TFI/SGsL7q2kME027tH6I=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0 h1:PB3Zrjs1sG1GBX51SXyTSoOTqcDglmsk7nT6tkKPb/k=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0 h1:T0Ec2E+3YZf5bgTNQVet8iTDW7oIk03tXHq+wkwIDnE=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0/go.mod h1:30v2gqH+vYGJsesLWFov8u47EpYTcIQcBjKpI6pJThg=
+go.opentelemetry.io/otel/log v0.11.0 h1:c24Hrlk5WJ8JWcwbQxdBqxZdOK7PcP/LFtOtwpDTe3Y=
+go.opentelemetry.io/otel/log v0.11.0/go.mod h1:U/sxQ83FPmT29trrifhQg+Zj2lo1/IPN1PF6RTFqdwc=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
+go.opentelemetry.io/otel/sdk/log v0.11.0 h1:7bAOpjpGglWhdEzP8z0VXc4jObOiDEwr3IYbhBnjk2c=
+go.opentelemetry.io/otel/sdk/log v0.11.0/go.mod h1:dndLTxZbwBstZoqsJB3kGsRPkpAgaJrWfQg3lhlHFFY=
+go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
+go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
+go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
+go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
-golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.16.0 h1:foMtLTdyOmIniqWCHjY6+JxuC54XP1fDwx4N0ASyW+U=
+golang.org/x/arch v0.16.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -753,8 +757,6 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
 golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
-golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
-golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -797,7 +799,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
@@ -814,38 +815,38 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
 golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
-gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg=
-google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI=
+gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0=
+gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/api v0.229.0 h1:p98ymMtqeJ5i3lIBMj5MpR9kzIIgzpHHh8vQ+vgAzx8=
+google.golang.org/api v0.229.0/go.mod h1:wyDfmq5g1wYJWn29O22FDWN48P7Xcz0xz+LBpptYvB0=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
 google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484 h1:a/U5otbGrI6mYIO598WriFB1172i6Ktr6FGcatZD3Yw=
-google.golang.org/genproto v0.0.0-20241216192217-9240e9c98484/go.mod h1:Gmd/M/W9fEyf6VSu/mWLnl+9Be51B9CLdxdsKokYq7Y=
-google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484 h1:ChAdCYNQFDk5fYvFZMywKLIijG7TC2m1C2CMEu11G3o=
-google.golang.org/genproto/googleapis/api v0.0.0-20241216192217-9240e9c98484/go.mod h1:KRUmxRI4JmbpAm8gcZM4Jsffi859fo5LQjILwuqj9z8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484 h1:Z7FRVJPSMaHQxD0uXU8WdgFh8PseLM8Q8NzhnpMrBhQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241216192217-9240e9c98484/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA=
-google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96 h1:BKPMqkDBseC6O6UiJQSibhqWnQgYtiApbOsxXYIGsPA=
-google.golang.org/grpc v1.70.0-dev.0.20241217033058-e8055ea11f96/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/genproto v0.0.0-20250422160041-2d3770c4ea7f h1:iZiXS7qm4saaCcdK7S/i1Qx9ZHO2oa16HQqwYc1tPKY=
+google.golang.org/genproto v0.0.0-20250422160041-2d3770c4ea7f/go.mod h1:Cej/8iHf9mPl71o/a+R1rrvSFrAAVCUFX9s/sbNttBc=
+google.golang.org/genproto/googleapis/api v0.0.0-20250422160041-2d3770c4ea7f h1:tjZsroqekhC63+WMqzmWyW5Twj/ZfR5HAlpd5YQ1Vs0=
+google.golang.org/genproto/googleapis/api v0.0.0-20250422160041-2d3770c4ea7f/go.mod h1:Cd8IzgPo5Akum2c9R6FsXNaZbH3Jpa2gpHlW89FqlyQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250422160041-2d3770c4ea7f h1:N/PrbTw4kdkqNRzVfWPrBekzLuarFREcbFOiOLkXon4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250422160041-2d3770c4ea7f/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
+google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
-google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -870,8 +871,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0=
-helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA=
+helm.sh/helm/v3 v3.17.3 h1:3n5rW3D0ArjFl0p4/oWO8IbY/HKaNNwJtOQFdH2AZHg=
+helm.sh/helm/v3 v3.17.3/go.mod h1:+uJKMH/UiMzZQOALR3XUf3BLIoczI2RKKD6bMhPh4G8=
 k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
 k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
 k8s.io/apiextensions-apiserver v0.32.3 h1:4D8vy+9GWerlErCwVIbcQjsWunF9SUGNu7O7hiQTyPY=
@@ -880,34 +881,37 @@ k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
 k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/apiserver v0.32.3 h1:kOw2KBuHOA+wetX1MkmrxgBr648ksz653j26ESuWNY8=
 k8s.io/apiserver v0.32.3/go.mod h1:q1x9B8E/WzShF49wh3ADOh6muSfpmFL0I2t+TG0Zdgc=
-k8s.io/cli-runtime v0.31.4 h1:iczCWiyXaotW+hyF5cWP8RnEYBCzZfJUF6otJ2m9mw0=
-k8s.io/cli-runtime v0.31.4/go.mod h1:0/pRzAH7qc0hWx40ut1R4jLqiy2w/KnbqdaAI2eFG8U=
+k8s.io/cli-runtime v0.32.3 h1:khLF2ivU2T6Q77H97atx3REY9tXiA3OLOjWJxUrdvss=
+k8s.io/cli-runtime v0.32.3/go.mod h1:vZT6dZq7mZAca53rwUfdFSZjdtLyfF61mkf/8q+Xjak=
 k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
 k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
 k8s.io/component-base v0.32.3 h1:98WJvvMs3QZ2LYHBzvltFSeJjEx7t5+8s71P7M74u8k=
 k8s.io/component-base v0.32.3/go.mod h1:LWi9cR+yPAv7cu2X9rZanTiFKB2kHA+JjmhkKjCZRpI=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
-k8s.io/kubectl v0.31.4 h1:c8Af8xd1VjyoKyWMW0xHv2+tYxEjne8s6OOziMmaD10=
-k8s.io/kubectl v0.31.4/go.mod h1:0E0rpXg40Q57wRE6LB9su+4tmwx1IzZrmIEvhQPk0i4=
-k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
-k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/kubectl v0.32.3 h1:VMi584rbboso+yjfv0d8uBHwwxbC438LKq+dXd5tOAI=
+k8s.io/kubectl v0.32.3/go.mod h1:6Euv2aso5GKzo/UVMacV6C7miuyevpfI91SvBvV9Zdg=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e h1:KqK5c/ghOm8xkHYhlodbp6i6+r+ChV2vuAuVRdFbLro=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
 oras.land/oras-go v1.2.6 h1:z8cmxQXBU8yZ4mkytWqXfo6tZcamPwjsuxYU81xJ8Lk=
 oras.land/oras-go v1.2.6/go.mod h1:OVPc1PegSEe/K8YiLfosrlqlqTN9PUyFvOw5Y9gwrT8=
 sigs.k8s.io/cli-utils v0.37.2 h1:GOfKw5RV2HDQZDJlru5KkfLO1tbxqMoyn1IYUxqBpNg=
 sigs.k8s.io/cli-utils v0.37.2/go.mod h1:V+IZZr4UoGj7gMJXklWBg6t5xbdThFBcpj4MrZuCYco=
-sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw=
-sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM=
+sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU=
+sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
 sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
 sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
 sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
+sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From 2f1a851df9e93a38a373b3e46171d565c11c9296 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Tue, 22 Apr 2025 16:56:21 +0200
Subject: [PATCH 2265/2268] tests: Fix TestDecryptor_DecryptResource

---
 pkg/sops/decryptor/decryptor_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/sops/decryptor/decryptor_test.go b/pkg/sops/decryptor/decryptor_test.go
index acf7de350..0ec12bc74 100644
--- a/pkg/sops/decryptor/decryptor_test.go
+++ b/pkg/sops/decryptor/decryptor_test.go
@@ -323,7 +323,8 @@ func TestDecryptor_DecryptResource(t *testing.T) {
 			"auth": "dGlnZXI6cGFzczEyMzQ="
 		}
 	}
-}`)
+}
+`)
 		encData, err := d.sopsEncryptWithFormat(sops.Metadata{
 			KeyGroups: []sops.KeyGroup{
 				{&sopsage.MasterKey{Recipient: ageID.Recipient().String()}},

From 79401cdbbbd6cc62ec6e83fe4865cad19beb60f0 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 23 Apr 2025 03:32:06 +0200
Subject: [PATCH 2266/2268] tests: Add some logging to allow fixing of flakes
 (#1320)

---
 e2e/validate_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/e2e/validate_test.go b/e2e/validate_test.go
index 472eeac6b..ca082783d 100644
--- a/e2e/validate_test.go
+++ b/e2e/validate_test.go
@@ -250,14 +250,21 @@ func TestValidateWithoutPermissions(t *testing.T) {
 		err = k.Client.Delete(context.TODO(), cronTab2.ToUnstructured())
 		assert.NoError(t, err)
 
+		startTime := time.Now()
+
+		t.Logf("testSucces: startTime=%s", startTime.String())
+
 		// this should succeed without any warning
 		go func() {
+			t.Logf("testSuccess: in goroutine start d=%s", time.Now().Sub(startTime).String())
 			// set the status sub-resource after a few seconds so that the wait finishes
 			time.Sleep(3 * time.Second)
 			x := cronTab2.Clone()
 			_ = x.SetNestedField("test", "status", "x")
+			t.Logf("testSuccess: in goroutine applying status d=%s", time.Now().Sub(startTime).String())
 			k.MustApplyStatus(t, x)
 		}()
+
 		stdout, _, err = p.Kluctl(t, "deploy", "--yes", "--timeout=10s")
 		assert.NoError(t, err)
 		assert.NotContains(t, stdout, "CronTab/crontab: unable to determine if a status is expected")

From 854de09718e6424ce2ed373c7a5328b281baecc0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 May 2025 10:12:01 +0200
Subject: [PATCH 2267/2268] chore(deps): Bump
 github.com/aws/aws-sdk-go-v2/service/ecr (#1325)

Bumps the aws-sdk group with 1 update: [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.43.3 to 1.44.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ssm/v1.43.3...service/s3/v1.44.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 29dbb0cc7..d41b4ae44 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.36.3
 	github.com/aws/aws-sdk-go-v2/config v1.29.14
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.67
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0
 	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.4
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19
 	github.com/aws/smithy-go v1.22.3
diff --git a/go.sum b/go.sum
index e0311145d..41cf679ce 100644
--- a/go.sum
+++ b/go.sum
@@ -118,8 +118,8 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 h1:ZNTqv4nIdE/DiBfUUfXcLZ/Spcuz+RjeziUtNJackkM=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34/go.mod h1:zf7Vcd1ViW7cPqYWEHLHJkS50X0JS2IKz9Cgaj6ugrs=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3 h1:YyH8Hk73bYzdbvf6S8NF5z/fb/1stpiMnFSfL6jSfRA=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.43.3/go.mod h1:iQ1skgw1XRK+6Lgkb0I9ODatAP72WoTILh0zXQ5DtbU=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0 h1:E+UTVTDH6XTSjqxHWRuY8nB6s+05UllneWxnycplHFk=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0/go.mod h1:iQ1skgw1XRK+6Lgkb0I9ODatAP72WoTILh0zXQ5DtbU=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 h1:lguz0bmOoGzozP9XfRJR1QIayEYo+2vP/No3OfLF0pU=

From e617ff5d9078603a22334b63e3d1467bfdc32b7f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 May 2025 10:12:19 +0200
Subject: [PATCH 2268/2268] chore(deps): Bump github.com/ohler55/ojg from
 1.26.3 to 1.26.4 (#1323)

Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.26.3 to 1.26.4.
- [Release notes](https://github.com/ohler55/ojg/releases)
- [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/ojg/compare/v1.26.3...v1.26.4)

---
updated-dependencies:
- dependency-name: github.com/ohler55/ojg
  dependency-version: 1.26.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d41b4ae44..e2597e8ab 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/ohler55/ojg v1.26.3
+	github.com/ohler55/ojg v1.26.4
 	github.com/onsi/gomega v1.37.0
 	github.com/otiai10/copy v1.14.1
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
diff --git a/go.sum b/go.sum
index 41cf679ce..fb6d2d0b2 100644
--- a/go.sum
+++ b/go.sum
@@ -533,8 +533,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/ohler55/ojg v1.26.3 h1:FwnRP1xj3VdqRVNLoqVVBIzL1D7IjaSbYt2nzJ4lras=
-github.com/ohler55/ojg v1.26.3/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
+github.com/ohler55/ojg v1.26.4 h1:DTatWge/oPYVw7p7movCviCbVqe+s+iNkaGwo1HN6Jc=
+github.com/ohler55/ojg v1.26.4/go.mod h1:/Y5dGWkekv9ocnUixuETqiL58f+5pAsUfg5P8e7Pa2o=
 github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
 github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
 github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=